[PATCH 2/2] ntoskrnl.exe: Implement PsIsProcessBeingDebugged.

Myah Caron qsniyg at protonmail.com
Fri Oct 9 05:04:33 CDT 2020 

Signed-off-by: Myah Caron <qsniyg at protonmail.com>
---
Based on ReactOS's implementation (hence the first patch in this series).

 dlls/ntoskrnl.exe/ntoskrnl.c        | 10 ++++++++++
 dlls/ntoskrnl.exe/ntoskrnl.exe.spec |  2 +-
 dlls/ntoskrnl.exe/tests/driver.c    |  4 ++++
 include/ddk/wdm.h                   |  1 +
 4 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
index 177816a2239..aea80c77fcd 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.c
+++ b/dlls/ntoskrnl.exe/ntoskrnl.c
@@ -2962,6 +2962,16 @@ BOOLEAN WINAPI PsIsSystemThread(PETHREAD thread)
 }


+/***********************************************************************
+ *           PsIsProcessBeingDebugged   (NTOSKRNL.EXE.@)
+ */
+BOOLEAN WINAPI PsIsProcessBeingDebugged(PEPROCESS process)
+{
+    TRACE( "%p\n", process );
+    return !!PsGetProcessDebugPort( process );
+}
+
+
 /***********************************************************************
  *           PsGetVersion   (NTOSKRNL.EXE.@)
  */
diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
index 8ca0f652f1d..6ada30e1f21 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
+++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
@@ -923,7 +923,7 @@
 @ stdcall PsGetVersion(ptr ptr ptr ptr)
 @ stdcall PsImpersonateClient(ptr ptr long long long)
 @ extern PsInitialSystemProcess
-@ stub PsIsProcessBeingDebugged
+@ stdcall PsIsProcessBeingDebugged(ptr)
 @ stdcall PsIsSystemThread(ptr)
 @ stub PsIsThreadImpersonating
 @ stub PsIsThreadTerminating
diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c
index e712ecf2f84..3d76bdf6856 100644
--- a/dlls/ntoskrnl.exe/tests/driver.c
+++ b/dlls/ntoskrnl.exe/tests/driver.c
@@ -2106,9 +2106,13 @@ static void test_permanence(void)
 static void test_debug(void)
 {
     PVOID debug_port;
+    BOOLEAN is_debugged;

     debug_port = PsGetProcessDebugPort( PsGetCurrentProcess() );
     ok(!debug_port, "got %p\n", debug_port);
+
+    is_debugged = PsIsProcessBeingDebugged( PsGetCurrentProcess() );
+    ok(!is_debugged, "got %d\n", is_debugged);
 }

 static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *stack)
diff --git a/include/ddk/wdm.h b/include/ddk/wdm.h
index 40f1d9754c0..8c639b50320 100644
--- a/include/ddk/wdm.h
+++ b/include/ddk/wdm.h
@@ -1835,6 +1835,7 @@ HANDLE    WINAPI PsGetCurrentThreadId(void);
 HANDLE    WINAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
 BOOLEAN   WINAPI PsGetVersion(ULONG*,ULONG*,ULONG*,UNICODE_STRING*);
 PVOID     WINAPI PsGetProcessDebugPort(PEPROCESS process);
+BOOLEAN   WINAPI PsIsProcessBeingDebugged(PEPROCESS process);
 NTSTATUS  WINAPI PsTerminateSystemThread(NTSTATUS);

 #if defined(__x86_64__) || defined(__i386__)
--
2.28.0

More information about the wine-devel mailing list