ReactOS 0.4.16-dev-1946-g52006dd
Classes | Macros | Typedefs | Functions
toolhelp.c File Reference
#include <k32.h>
#include <debug.h>
Include dependency graph for toolhelp.c:

Go to the source code of this file.

Classes

struct  _RTLP_HEAP_ENTRY
 
struct  _TH32SNAPSHOT
 

Macros

#define NDEBUG
 
#define CHECK_PARAM_SIZE(ptr, siz)
 
#define CHECK_PARAM_SIZEA(ptr, siz)
 
#define OffsetToPtr(Snapshot, Offset)    ((ULONG_PTR)((Snapshot) + 1) + (ULONG_PTR)(Offset))
 

Typedefs

typedef struct _RTLP_HEAP_ENTRY RTLP_HEAP_ENTRY
 
typedef struct _RTLP_HEAP_ENTRYPRTLP_HEAP_ENTRY
 
typedef struct _TH32SNAPSHOT TH32SNAPSHOT
 
typedef struct _TH32SNAPSHOTPTH32SNAPSHOT
 

Functions

static VOID TH32FreeAllocatedResources (PRTL_DEBUG_INFORMATION HeapDebug, PRTL_DEBUG_INFORMATION ModuleDebug, PVOID ProcThrdInfo, SIZE_T ProcThrdInfoSize)
 
static NTSTATUS TH32CreateSnapshot (DWORD dwFlags, DWORD th32ProcessID, PRTL_DEBUG_INFORMATION *HeapDebug, PRTL_DEBUG_INFORMATION *ModuleDebug, PVOID *ProcThrdInfo, SIZE_T *ProcThrdInfoSize)
 
static NTSTATUS TH32CreateSnapshotSectionInitialize (DWORD dwFlags, DWORD th32ProcessID, PRTL_DEBUG_INFORMATION HeapDebug, PRTL_DEBUG_INFORMATION ModuleDebug, PVOID ProcThrdInfo, HANDLE *SectionHandle)
 
BOOL WINAPI Heap32First (LPHEAPENTRY32 lphe, DWORD th32ProcessID, DWORD th32HeapID)
 
BOOL WINAPI Heap32Next (LPHEAPENTRY32 lphe)
 
BOOL WINAPI Heap32ListFirst (HANDLE hSnapshot, LPHEAPLIST32 lphl)
 
BOOL WINAPI Heap32ListNext (HANDLE hSnapshot, LPHEAPLIST32 lphl)
 
BOOL WINAPI Module32First (HANDLE hSnapshot, LPMODULEENTRY32 lpme)
 
BOOL WINAPI Module32FirstW (HANDLE hSnapshot, LPMODULEENTRY32W lpme)
 
BOOL WINAPI Module32Next (HANDLE hSnapshot, LPMODULEENTRY32 lpme)
 
BOOL WINAPI Module32NextW (HANDLE hSnapshot, LPMODULEENTRY32W lpme)
 
BOOL WINAPI Process32First (HANDLE hSnapshot, LPPROCESSENTRY32 lppe)
 
BOOL WINAPI Process32FirstW (HANDLE hSnapshot, LPPROCESSENTRY32W lppe)
 
BOOL WINAPI Process32Next (HANDLE hSnapshot, LPPROCESSENTRY32 lppe)
 
BOOL WINAPI Process32NextW (HANDLE hSnapshot, LPPROCESSENTRY32W lppe)
 
BOOL WINAPI Thread32First (HANDLE hSnapshot, LPTHREADENTRY32 lpte)
 
BOOL WINAPI Thread32Next (HANDLE hSnapshot, LPTHREADENTRY32 lpte)
 
BOOL WINAPI Toolhelp32ReadProcessMemory (DWORD th32ProcessID, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T cbRead, SIZE_T *lpNumberOfBytesRead)
 
HANDLE WINAPI CreateToolhelp32Snapshot (DWORD dwFlags, DWORD th32ProcessID)
 

Macro Definition Documentation

◆ CHECK_PARAM_SIZE

#define CHECK_PARAM_SIZE (   ptr,
  siz 
)
Value:
if((ptr) == NULL || (ptr)->dwSize != (siz)) \
{ \
SetLastError(ERROR_INVALID_PARAMETER); \
return FALSE; \
}
NULL
#define NULL
Definition: types.h:112
FALSE
#define FALSE
Definition: types.h:117
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
dwSize
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
ptr
static PVOID ptr
Definition: dispmode.c:27

Definition at line 34 of file toolhelp.c.

◆ CHECK_PARAM_SIZEA

#define CHECK_PARAM_SIZEA (   ptr,
  siz 
)
Value:
if((ptr) == NULL || (ptr)->dwSize < (siz)) \
{ \
SetLastError(ERROR_INVALID_PARAMETER); \
return FALSE; \
}

Definition at line 48 of file toolhelp.c.

◆ NDEBUG

#define NDEBUG

Definition at line 20 of file toolhelp.c.

◆ OffsetToPtr

#define OffsetToPtr (   Snapshot,
  Offset 
)     ((ULONG_PTR)((Snapshot) + 1) + (ULONG_PTR)(Offset))

Definition at line 55 of file toolhelp.c.

Typedef Documentation

◆ PRTLP_HEAP_ENTRY

typedef struct _RTLP_HEAP_ENTRY * PRTLP_HEAP_ENTRY

◆ PTH32SNAPSHOT

typedef struct _TH32SNAPSHOT * PTH32SNAPSHOT

◆ RTLP_HEAP_ENTRY

typedef struct _RTLP_HEAP_ENTRY RTLP_HEAP_ENTRY

◆ TH32SNAPSHOT

typedef struct _TH32SNAPSHOT TH32SNAPSHOT

Function Documentation

◆ CreateToolhelp32Snapshot()

HANDLE WINAPI CreateToolhelp32Snapshot ( DWORD  dwFlags,
DWORD  th32ProcessID 
)

Definition at line 1255 of file toolhelp.c.

1256{
1257 PRTL_DEBUG_INFORMATION HeapDebug, ModuleDebug;
1258 PVOID ProcThrdInfo;
1259 SIZE_T ProcThrdInfoSize;
1260 NTSTATUS Status;
1261 HANDLE hSnapShotSection = NULL;
1262
1263 if(th32ProcessID == 0)
1264 {
1265 th32ProcessID = GetCurrentProcessId();
1266 }
1267
1268 /*
1269 * Get all information required for the snapshot
1270 */
1271 Status = TH32CreateSnapshot(dwFlags,
1272 th32ProcessID,
1273 &HeapDebug,
1274 &ModuleDebug,
1275 &ProcThrdInfo,
1276 &ProcThrdInfoSize);
1277 if(!NT_SUCCESS(Status))
1278 {
1279 BaseSetLastNTError(Status);
1280 return NULL;
1281 }
1282
1283 /*
1284 * Create a section handle and initialize the collected information
1285 */
1286 Status = TH32CreateSnapshotSectionInitialize(dwFlags,
1287 th32ProcessID,
1288 HeapDebug,
1289 ModuleDebug,
1290 ProcThrdInfo,
1291 &hSnapShotSection);
1292
1293 /*
1294 * Free the temporarily allocated memory which is no longer needed
1295 */
1296 TH32FreeAllocatedResources(HeapDebug,
1297 ModuleDebug,
1298 ProcThrdInfo,
1299 ProcThrdInfoSize);
1300
1301 if(!NT_SUCCESS(Status))
1302 {
1303 BaseSetLastNTError(Status);
1304 return NULL;
1305 }
1306
1307 return hSnapShotSection;
1308}
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
TH32CreateSnapshot
static NTSTATUS TH32CreateSnapshot(DWORD dwFlags, DWORD th32ProcessID, PRTL_DEBUG_INFORMATION *HeapDebug, PRTL_DEBUG_INFORMATION *ModuleDebug, PVOID *ProcThrdInfo, SIZE_T *ProcThrdInfoSize)
Definition: toolhelp.c:105
TH32CreateSnapshotSectionInitialize
static NTSTATUS TH32CreateSnapshotSectionInitialize(DWORD dwFlags, DWORD th32ProcessID, PRTL_DEBUG_INFORMATION HeapDebug, PRTL_DEBUG_INFORMATION ModuleDebug, PVOID ProcThrdInfo, HANDLE *SectionHandle)
Definition: toolhelp.c:208
TH32FreeAllocatedResources
static VOID TH32FreeAllocatedResources(PRTL_DEBUG_INFORMATION HeapDebug, PRTL_DEBUG_INFORMATION ModuleDebug, PVOID ProcThrdInfo, SIZE_T ProcThrdInfoSize)
Definition: toolhelp.c:81
Status
Status
Definition: gdiplustypes.h:25
dwFlags
_In_ LPWSTR _In_ DWORD _In_ DWORD _In_ DWORD dwFlags
Definition: netsh.h:141
BaseSetLastNTError
DWORD BaseSetLastNTError(IN NTSTATUS Status)
Definition: reactos.cpp:167
_RTL_DEBUG_INFORMATION
Definition: rtltypes.h:1181
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
GetCurrentProcessId
DWORD WINAPI GetCurrentProcessId(void)
Definition: proc.c:1158

Referenced by _DoDLLInjection(), enumerate_processes(), fill_process(), GetProcessID(), IntGetImageBase(), IsBlockFromHeap(), PrintBugreport(), and ShutdownProcessTree().

◆ Heap32First()

BOOL WINAPI Heap32First ( LPHEAPENTRY32  lphe,
DWORD  th32ProcessID,
DWORD  th32HeapID 
)

Definition at line 489 of file toolhelp.c.

490{
491 PRTL_DEBUG_INFORMATION DebugInfo;
492 PRTL_HEAP_INFORMATION Heap;
493 PRTLP_HEAP_ENTRY Block, LastBlock;
494 ULONG i;
495 NTSTATUS Status;
496
497 CHECK_PARAM_SIZE(lphe, sizeof(HEAPENTRY32));
498
499 DebugInfo = RtlCreateQueryDebugBuffer(0,
500 FALSE);
501 if (DebugInfo == NULL)
502 {
503 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
504 return FALSE;
505 }
506
507 Status = RtlQueryProcessDebugInformation(th32ProcessID,
508 RTL_DEBUG_QUERY_HEAPS | RTL_DEBUG_QUERY_HEAP_BLOCKS,
509 DebugInfo);
510
511 if (NT_SUCCESS(Status))
512 {
513 Status = STATUS_NO_MORE_FILES;
514
515 for (i = 0;
516 i != DebugInfo->Heaps->NumberOfHeaps;
517 i++)
518 {
519 Heap = &DebugInfo->Heaps->Heaps[i];
520
521 if ((ULONG_PTR)Heap->BaseAddress == th32HeapID)
522 {
523 lphe->hHandle = (HANDLE)Heap->BaseAddress;
524 lphe->dwAddress = 0;
525 lphe->dwBlockSize = 0;
526 lphe->dwFlags = 0;
527 lphe->dwLockCount = 0;
528 lphe->dwResvd = 0;
529 lphe->th32ProcessID = th32ProcessID;
530 lphe->th32HeapID = (ULONG_PTR)Heap->BaseAddress;
531
532 Block = (PRTLP_HEAP_ENTRY)Heap->Entries;
533 LastBlock = Block + Heap->NumberOfEntries;
534
535 while (Block != LastBlock && (Block->Flags & PROCESS_HEAP_UNCOMMITTED_RANGE))
536 {
537 lphe->dwResvd++;
538 lphe->dwAddress = (ULONG_PTR)((ULONG_PTR)Block->Address + Heap->EntryOverhead);
539 Block++;
540 }
541
542 if (Block != LastBlock && lphe->dwResvd != 0)
543 {
544 lphe->dwBlockSize = Block->Size;
545
546 if (Block->Flags & 0x2F1) /* FIXME */
547 lphe->dwFlags = LF32_FIXED;
548 else if (Block->Flags & 0x20) /* FIXME */
549 lphe->dwFlags = LF32_MOVEABLE;
550 else if (Block->Flags & 0x100) /* FIXME */
551 lphe->dwFlags = LF32_FREE;
552
553 Status = STATUS_SUCCESS;
554 }
555
556 break;
557 }
558 }
559 }
560
561 RtlDestroyQueryDebugBuffer(DebugInfo);
562
563 if (!NT_SUCCESS(Status))
564 {
565 BaseSetLastNTError(Status);
566 return FALSE;
567 }
568
569 return TRUE;
570}
while
while(CdLookupNextInitialFileDirent(IrpContext, Fcb, FileContext))
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
TRUE
#define TRUE
Definition: types.h:120
SetLastError
#define SetLastError(x)
Definition: compat.h:752
PRTLP_HEAP_ENTRY
struct _RTLP_HEAP_ENTRY * PRTLP_HEAP_ENTRY
CHECK_PARAM_SIZE
#define CHECK_PARAM_SIZE(ptr, siz)
Definition: toolhelp.c:34
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
PROCESS_HEAP_UNCOMMITTED_RANGE
#define PROCESS_HEAP_UNCOMMITTED_RANGE
Definition: minwinbase.h:76
RtlDestroyQueryDebugBuffer
NTSYSAPI NTSTATUS NTAPI RtlDestroyQueryDebugBuffer(IN PRTL_DEBUG_INFORMATION DebugBuffer)
RtlQueryProcessDebugInformation
NTSYSAPI NTSTATUS NTAPI RtlQueryProcessDebugInformation(_In_ ULONG ProcessId, _In_ ULONG DebugInfoClassMask, _Inout_ PRTL_DEBUG_INFORMATION DebugBuffer)
RtlCreateQueryDebugBuffer
NTSYSAPI PRTL_DEBUG_INFORMATION NTAPI RtlCreateQueryDebugBuffer(_In_ ULONG Size, _In_ BOOLEAN EventPair)
Definition: dbgbuffer.c:66
RTL_DEBUG_QUERY_HEAPS
#define RTL_DEBUG_QUERY_HEAPS
Definition: rtltypes.h:362
RTL_DEBUG_QUERY_HEAP_BLOCKS
#define RTL_DEBUG_QUERY_HEAP_BLOCKS
Definition: rtltypes.h:364
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_RTLP_HEAP_ENTRY
Definition: toolhelp.c:26
_RTLP_HEAP_ENTRY::Address
PVOID Address
Definition: toolhelp.c:31
_RTLP_HEAP_ENTRY::Flags
USHORT Flags
Definition: toolhelp.c:28
_RTLP_HEAP_ENTRY::Size
ULONG Size
Definition: toolhelp.c:27
_RTL_DEBUG_INFORMATION::Heaps
PRTL_PROCESS_HEAPS Heaps
Definition: rtltypes.h:1200
_RTL_HEAP_INFORMATION
Definition: rtltypes.h:1110
_RTL_HEAP_INFORMATION::EntryOverhead
USHORT EntryOverhead
Definition: rtltypes.h:1113
_RTL_HEAP_INFORMATION::Entries
PRTL_HEAP_ENTRY Entries
Definition: rtltypes.h:1123
_RTL_HEAP_INFORMATION::NumberOfEntries
ULONG NumberOfEntries
Definition: rtltypes.h:1118
_RTL_HEAP_INFORMATION::BaseAddress
PVOID BaseAddress
Definition: rtltypes.h:1111
_RTL_PROCESS_HEAPS::NumberOfHeaps
ULONG NumberOfHeaps
Definition: rtltypes.h:1128
_RTL_PROCESS_HEAPS::Heaps
RTL_HEAP_INFORMATION Heaps[1]
Definition: rtltypes.h:1129
tagHEAPENTRY32::th32ProcessID
DWORD th32ProcessID
Definition: tlhelp32.h:45
tagHEAPENTRY32::dwBlockSize
DWORD dwBlockSize
Definition: tlhelp32.h:41
tagHEAPENTRY32::dwAddress
DWORD dwAddress
Definition: tlhelp32.h:40
tagHEAPENTRY32::dwLockCount
DWORD dwLockCount
Definition: tlhelp32.h:43
tagHEAPENTRY32::th32HeapID
DWORD th32HeapID
Definition: tlhelp32.h:46
tagHEAPENTRY32::dwResvd
DWORD dwResvd
Definition: tlhelp32.h:44
tagHEAPENTRY32::dwFlags
DWORD dwFlags
Definition: tlhelp32.h:42
tagHEAPENTRY32::hHandle
HANDLE hHandle
Definition: tlhelp32.h:39
LF32_MOVEABLE
#define LF32_MOVEABLE
Definition: tlhelp32.h:23
LF32_FIXED
#define LF32_FIXED
Definition: tlhelp32.h:21
LF32_FREE
#define LF32_FREE
Definition: tlhelp32.h:22
HANDLE
PVOID HANDLE
Definition: typedefs.h:73
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG
uint32_t ULONG
Definition: typedefs.h:59
STATUS_NO_MORE_FILES
#define STATUS_NO_MORE_FILES
Definition: udferr_usr.h:128

Referenced by IsBlockFromHeap().

◆ Heap32ListFirst()

BOOL WINAPI Heap32ListFirst ( HANDLE  hSnapshot,
LPHEAPLIST32  lphl 
)

Definition at line 669 of file toolhelp.c.

670{
671 PTH32SNAPSHOT Snapshot;
672 LARGE_INTEGER SOffset;
673 SIZE_T ViewSize;
674 NTSTATUS Status;
675
676 CHECK_PARAM_SIZE(lphl, sizeof(HEAPLIST32));
677
678 SOffset.QuadPart = 0;
679 ViewSize = 0;
680 Snapshot = NULL;
681
682 Status = NtMapViewOfSection(hSnapshot,
683 NtCurrentProcess(),
684 (PVOID*)&Snapshot,
685 0,
686 0,
687 &SOffset,
688 &ViewSize,
689 ViewShare,
690 0,
691 PAGE_READWRITE);
692 if(NT_SUCCESS(Status))
693 {
694 BOOL Ret;
695
696 if(Snapshot->HeapListCount > 0)
697 {
698 LPHEAPLIST32 Entries = (LPHEAPLIST32)OffsetToPtr(Snapshot, Snapshot->HeapListOffset);
699 Snapshot->HeapListIndex = 1;
700 RtlCopyMemory(lphl, &Entries[0], sizeof(HEAPLIST32));
701 Ret = TRUE;
702 }
703 else
704 {
705 SetLastError(ERROR_NO_MORE_FILES);
706 Ret = FALSE;
707 }
708
709 NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
710 return Ret;
711 }
712
713 BaseSetLastNTError(Status);
714 return FALSE;
715}
NtUnmapViewOfSection
NTSTATUS NTAPI NtUnmapViewOfSection(IN HANDLE ProcessHandle, IN PVOID BaseAddress)
Definition: section.c:3483
NtMapViewOfSection
NTSTATUS NTAPI NtMapViewOfSection(IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
Definition: section.c:3257
OffsetToPtr
#define OffsetToPtr(Snapshot, Offset)
Definition: toolhelp.c:55
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
Entries
static const ENTRY Entries[]
Definition: MultiByteToWideChar.c:42
ViewSize
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
Definition: mmfuncs.h:408
PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1307
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1660
ViewShare
@ ViewShare
Definition: nt_native.h:1281
_TH32SNAPSHOT
Definition: toolhelp.c:59
_TH32SNAPSHOT::HeapListOffset
ULONG_PTR HeapListOffset
Definition: toolhelp.c:63
_TH32SNAPSHOT::HeapListCount
ULONG HeapListCount
Definition: toolhelp.c:61
_TH32SNAPSHOT::HeapListIndex
ULONG HeapListIndex
Definition: toolhelp.c:62
LPHEAPLIST32
struct tagHEAPLIST32 * LPHEAPLIST32
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_LARGE_INTEGER
Definition: typedefs.h:103
_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114
ERROR_NO_MORE_FILES
#define ERROR_NO_MORE_FILES
Definition: winerror.h:243

◆ Heap32ListNext()

BOOL WINAPI Heap32ListNext ( HANDLE  hSnapshot,
LPHEAPLIST32  lphl 
)

Definition at line 723 of file toolhelp.c.

724{
725 PTH32SNAPSHOT Snapshot;
726 LARGE_INTEGER SOffset;
727 SIZE_T ViewSize;
728 NTSTATUS Status;
729
730 CHECK_PARAM_SIZE(lphl, sizeof(HEAPLIST32));
731
732 SOffset.QuadPart = 0;
733 ViewSize = 0;
734 Snapshot = NULL;
735
736 Status = NtMapViewOfSection(hSnapshot,
737 NtCurrentProcess(),
738 (PVOID*)&Snapshot,
739 0,
740 0,
741 &SOffset,
742 &ViewSize,
743 ViewShare,
744 0,
745 PAGE_READWRITE);
746 if(NT_SUCCESS(Status))
747 {
748 BOOL Ret;
749
750 if(Snapshot->HeapListCount > 0 &&
751 Snapshot->HeapListIndex < Snapshot->HeapListCount)
752 {
753 LPHEAPLIST32 Entries = (LPHEAPLIST32)OffsetToPtr(Snapshot, Snapshot->HeapListOffset);
754 RtlCopyMemory(lphl, &Entries[Snapshot->HeapListIndex++], sizeof(HEAPLIST32));
755 Ret = TRUE;
756 }
757 else
758 {
759 SetLastError(ERROR_NO_MORE_FILES);
760 Ret = FALSE;
761 }
762
763 NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
764 return Ret;
765 }
766
767 BaseSetLastNTError(Status);
768 return FALSE;
769}

◆ Heap32Next()

BOOL WINAPI Heap32Next ( LPHEAPENTRY32  lphe)

Definition at line 578 of file toolhelp.c.

579{
580 PRTL_DEBUG_INFORMATION DebugInfo;
581 PRTL_HEAP_INFORMATION Heap;
582 PRTLP_HEAP_ENTRY Block, LastBlock;
583 BOOLEAN FoundUncommitted = FALSE;
584 ULONG i;
585 NTSTATUS Status;
586
587 CHECK_PARAM_SIZE(lphe, sizeof(HEAPENTRY32));
588
589 DebugInfo = RtlCreateQueryDebugBuffer(0,
590 FALSE);
591 if (DebugInfo == NULL)
592 {
593 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
594 return FALSE;
595 }
596
597 Status = RtlQueryProcessDebugInformation(lphe->th32ProcessID,
598 RTL_DEBUG_QUERY_HEAPS | RTL_DEBUG_QUERY_HEAP_BLOCKS,
599 DebugInfo);
600
601 if (NT_SUCCESS(Status))
602 {
603 Status = STATUS_NO_MORE_FILES;
604
605 for (i = 0;
606 i != DebugInfo->Heaps->NumberOfHeaps;
607 i++)
608 {
609 Heap = &DebugInfo->Heaps->Heaps[i];
610
611 if ((ULONG_PTR)Heap->BaseAddress == lphe->th32HeapID)
612 {
613 if (++lphe->dwResvd < Heap->NumberOfEntries)
614 {
615 lphe->dwFlags = 0;
616
617 Block = (PRTLP_HEAP_ENTRY)Heap->Entries + lphe->dwResvd;
618 LastBlock = (PRTLP_HEAP_ENTRY)Heap->Entries + Heap->NumberOfEntries;
619
620 while (Block < LastBlock && (Block->Flags & PROCESS_HEAP_UNCOMMITTED_RANGE))
621 {
622 lphe->dwResvd++;
623 lphe->dwAddress = (ULONG_PTR)((ULONG_PTR)Block->Address + Heap->EntryOverhead);
624 FoundUncommitted = TRUE;
625 Block++;
626 }
627
628 if (Block < LastBlock)
629 {
630 if (!FoundUncommitted)
631 lphe->dwAddress += lphe->dwBlockSize;
632
633 lphe->dwBlockSize = Block->Size;
634
635 if (Block->Flags & 0x2F1) /* FIXME */
636 lphe->dwFlags = LF32_FIXED;
637 else if (Block->Flags & 0x20) /* FIXME */
638 lphe->dwFlags = LF32_MOVEABLE;
639 else if (Block->Flags & 0x100) /* FIXME */
640 lphe->dwFlags = LF32_FREE;
641
642 Status = STATUS_SUCCESS;
643 }
644 }
645
646 break;
647 }
648 }
649 }
650
651 RtlDestroyQueryDebugBuffer(DebugInfo);
652
653 if (!NT_SUCCESS(Status))
654 {
655 BaseSetLastNTError(Status);
656 return FALSE;
657 }
658
659 return TRUE;
660
661}
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

Referenced by IsBlockFromHeap().

◆ Module32First()

BOOL WINAPI Module32First ( HANDLE  hSnapshot,
LPMODULEENTRY32  lpme 
)

Definition at line 777 of file toolhelp.c.

778{
779 MODULEENTRY32W me;
780 BOOL Ret;
781
782 CHECK_PARAM_SIZEA(lpme, sizeof(MODULEENTRY32));
783
784 me.dwSize = sizeof(MODULEENTRY32W);
785
786 Ret = Module32FirstW(hSnapshot, &me);
787 if(Ret)
788 {
789 lpme->th32ModuleID = me.th32ModuleID;
790 lpme->th32ProcessID = me.th32ProcessID;
791 lpme->GlblcntUsage = me.GlblcntUsage;
792 lpme->ProccntUsage = me.ProccntUsage;
793 lpme->modBaseAddr = me.modBaseAddr;
794 lpme->modBaseSize = me.modBaseSize;
795 lpme->hModule = me.hModule;
796
797 WideCharToMultiByte(CP_ACP, 0, me.szModule, -1, lpme->szModule, sizeof(lpme->szModule), 0, 0);
798 WideCharToMultiByte(CP_ACP, 0, me.szExePath, -1, lpme->szExePath, sizeof(lpme->szExePath), 0, 0);
799 }
800
801 return Ret;
802}
CP_ACP
#define CP_ACP
Definition: compat.h:109
WideCharToMultiByte
#define WideCharToMultiByte
Definition: compat.h:111
CHECK_PARAM_SIZEA
#define CHECK_PARAM_SIZEA(ptr, siz)
Definition: toolhelp.c:48
Module32FirstW
BOOL WINAPI Module32FirstW(HANDLE hSnapshot, LPMODULEENTRY32W lpme)
Definition: toolhelp.c:810
tagMODULEENTRY32W::th32ProcessID
DWORD th32ProcessID
Definition: tlhelp32.h:84
tagMODULEENTRY32W::szModule
WCHAR szModule[MAX_MODULE_NAME32+1]
Definition: tlhelp32.h:90
tagMODULEENTRY32W::modBaseAddr
BYTE * modBaseAddr
Definition: tlhelp32.h:87
tagMODULEENTRY32W::szExePath
WCHAR szExePath[MAX_PATH]
Definition: tlhelp32.h:91
tagMODULEENTRY32W::th32ModuleID
DWORD th32ModuleID
Definition: tlhelp32.h:83
tagMODULEENTRY32W::ProccntUsage
DWORD ProccntUsage
Definition: tlhelp32.h:86
tagMODULEENTRY32W::hModule
HMODULE hModule
Definition: tlhelp32.h:89
tagMODULEENTRY32W::modBaseSize
DWORD modBaseSize
Definition: tlhelp32.h:88
tagMODULEENTRY32W::GlblcntUsage
DWORD GlblcntUsage
Definition: tlhelp32.h:85
tagMODULEENTRY32::modBaseAddr
BYTE * modBaseAddr
Definition: tlhelp32.h:99
tagMODULEENTRY32::hModule
HMODULE hModule
Definition: tlhelp32.h:101
tagMODULEENTRY32::ProccntUsage
DWORD ProccntUsage
Definition: tlhelp32.h:98
tagMODULEENTRY32::szModule
char szModule[MAX_MODULE_NAME32+1]
Definition: tlhelp32.h:102
tagMODULEENTRY32::th32ModuleID
DWORD th32ModuleID
Definition: tlhelp32.h:95
tagMODULEENTRY32::th32ProcessID
DWORD th32ProcessID
Definition: tlhelp32.h:96
tagMODULEENTRY32::GlblcntUsage
DWORD GlblcntUsage
Definition: tlhelp32.h:97
tagMODULEENTRY32::modBaseSize
DWORD modBaseSize
Definition: tlhelp32.h:100
tagMODULEENTRY32::szExePath
char szExePath[MAX_PATH]
Definition: tlhelp32.h:103
MODULEENTRY32W
struct tagMODULEENTRY32W MODULEENTRY32W

Referenced by IntGetImageBase().

◆ Module32FirstW()

BOOL WINAPI Module32FirstW ( HANDLE  hSnapshot,
LPMODULEENTRY32W  lpme 
)

Definition at line 810 of file toolhelp.c.

811{
812 PTH32SNAPSHOT Snapshot;
813 LARGE_INTEGER SOffset;
814 SIZE_T ViewSize;
815 NTSTATUS Status;
816
817 CHECK_PARAM_SIZE(lpme, sizeof(MODULEENTRY32W));
818
819 SOffset.QuadPart = 0;
820 ViewSize = 0;
821 Snapshot = NULL;
822
823 Status = NtMapViewOfSection(hSnapshot,
824 NtCurrentProcess(),
825 (PVOID*)&Snapshot,
826 0,
827 0,
828 &SOffset,
829 &ViewSize,
830 ViewShare,
831 0,
832 PAGE_READWRITE);
833 if(NT_SUCCESS(Status))
834 {
835 BOOL Ret;
836
837 if(Snapshot->ModuleListCount > 0)
838 {
839 LPMODULEENTRY32W Entries = (LPMODULEENTRY32W)OffsetToPtr(Snapshot, Snapshot->ModuleListOffset);
840 Snapshot->ModuleListIndex = 1;
841 RtlCopyMemory(lpme, &Entries[0], sizeof(MODULEENTRY32W));
842 Ret = TRUE;
843 }
844 else
845 {
846 SetLastError(ERROR_NO_MORE_FILES);
847 Ret = FALSE;
848 }
849
850 NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
851 return Ret;
852 }
853
854 BaseSetLastNTError(Status);
855 return FALSE;
856}
_TH32SNAPSHOT::ModuleListOffset
ULONG_PTR ModuleListOffset
Definition: toolhelp.c:67
_TH32SNAPSHOT::ModuleListIndex
ULONG ModuleListIndex
Definition: toolhelp.c:66
_TH32SNAPSHOT::ModuleListCount
ULONG ModuleListCount
Definition: toolhelp.c:65
LPMODULEENTRY32W
struct tagMODULEENTRY32W * LPMODULEENTRY32W

Referenced by Module32First().

◆ Module32Next()

BOOL WINAPI Module32Next ( HANDLE  hSnapshot,
LPMODULEENTRY32  lpme 
)

Definition at line 864 of file toolhelp.c.

865{
866 MODULEENTRY32W me;
867 BOOL Ret;
868
869 CHECK_PARAM_SIZEA(lpme, sizeof(MODULEENTRY32));
870
871 me.dwSize = sizeof(MODULEENTRY32W);
872
873 Ret = Module32NextW(hSnapshot, &me);
874 if(Ret)
875 {
876 lpme->th32ModuleID = me.th32ModuleID;
877 lpme->th32ProcessID = me.th32ProcessID;
878 lpme->GlblcntUsage = me.GlblcntUsage;
879 lpme->ProccntUsage = me.ProccntUsage;
880 lpme->modBaseAddr = me.modBaseAddr;
881 lpme->modBaseSize = me.modBaseSize;
882 lpme->hModule = me.hModule;
883
884 WideCharToMultiByte(CP_ACP, 0, me.szModule, -1, lpme->szModule, sizeof(lpme->szModule), 0, 0);
885 WideCharToMultiByte(CP_ACP, 0, me.szExePath, -1, lpme->szExePath, sizeof(lpme->szExePath), 0, 0);
886 }
887
888 return Ret;
889}
Module32NextW
BOOL WINAPI Module32NextW(HANDLE hSnapshot, LPMODULEENTRY32W lpme)
Definition: toolhelp.c:897

Referenced by IntGetImageBase().

◆ Module32NextW()

BOOL WINAPI Module32NextW ( HANDLE  hSnapshot,
LPMODULEENTRY32W  lpme 
)

Definition at line 897 of file toolhelp.c.

898{
899 PTH32SNAPSHOT Snapshot;
900 LARGE_INTEGER SOffset;
901 SIZE_T ViewSize;
902 NTSTATUS Status;
903
904 CHECK_PARAM_SIZE(lpme, sizeof(MODULEENTRY32W));
905
906 SOffset.QuadPart = 0;
907 ViewSize = 0;
908 Snapshot = NULL;
909
910 Status = NtMapViewOfSection(hSnapshot,
911 NtCurrentProcess(),
912 (PVOID*)&Snapshot,
913 0,
914 0,
915 &SOffset,
916 &ViewSize,
917 ViewShare,
918 0,
919 PAGE_READWRITE);
920 if(NT_SUCCESS(Status))
921 {
922 BOOL Ret;
923
924 if((Snapshot->ModuleListCount > 0) &&
925 (Snapshot->ModuleListIndex < Snapshot->ModuleListCount))
926 {
927 LPMODULEENTRY32W Entries = (LPMODULEENTRY32W)OffsetToPtr(Snapshot, Snapshot->ModuleListOffset);
928 RtlCopyMemory(lpme, &Entries[Snapshot->ModuleListIndex++], sizeof(MODULEENTRY32W));
929 Ret = TRUE;
930 }
931 else
932 {
933 SetLastError(ERROR_NO_MORE_FILES);
934 Ret = FALSE;
935 }
936
937 NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
938 return Ret;
939 }
940
941 BaseSetLastNTError(Status);
942 return FALSE;
943}

Referenced by Module32Next().

◆ Process32First()

BOOL WINAPI Process32First ( HANDLE  hSnapshot,
LPPROCESSENTRY32  lppe 
)

Definition at line 951 of file toolhelp.c.

952{
953 PROCESSENTRY32W pe;
954 BOOL Ret;
955
956 CHECK_PARAM_SIZEA(lppe, sizeof(PROCESSENTRY32));
957
958 pe.dwSize = sizeof(PROCESSENTRY32W);
959
960 Ret = Process32FirstW(hSnapshot, &pe);
961 if(Ret)
962 {
963 lppe->cntUsage = pe.cntUsage;
964 lppe->th32ProcessID = pe.th32ProcessID;
965 lppe->th32DefaultHeapID = pe.th32DefaultHeapID;
966 lppe->th32ModuleID = pe.th32ModuleID;
967 lppe->cntThreads = pe.cntThreads;
968 lppe->th32ParentProcessID = pe.th32ParentProcessID;
969 lppe->pcPriClassBase = pe.pcPriClassBase;
970 lppe->dwFlags = pe.dwFlags;
971
972 WideCharToMultiByte(CP_ACP, 0, pe.szExeFile, -1, lppe->szExeFile, sizeof(lppe->szExeFile), 0, 0);
973 }
974
975 return Ret;
976}
Process32FirstW
BOOL WINAPI Process32FirstW(HANDLE hSnapshot, LPPROCESSENTRY32W lppe)
Definition: toolhelp.c:984
tagPROCESSENTRY32W::th32ModuleID
DWORD th32ModuleID
Definition: tlhelp32.h:53
tagPROCESSENTRY32W::th32ParentProcessID
DWORD th32ParentProcessID
Definition: tlhelp32.h:55
tagPROCESSENTRY32W::th32DefaultHeapID
DWORD th32DefaultHeapID
Definition: tlhelp32.h:52
tagPROCESSENTRY32W::szExeFile
WCHAR szExeFile[MAX_PATH]
Definition: tlhelp32.h:58
tagPROCESSENTRY32W::th32ProcessID
DWORD th32ProcessID
Definition: tlhelp32.h:51
tagPROCESSENTRY32::th32ParentProcessID
DWORD th32ParentProcessID
Definition: tlhelp32.h:67
tagPROCESSENTRY32::th32DefaultHeapID
DWORD th32DefaultHeapID
Definition: tlhelp32.h:64
tagPROCESSENTRY32::szExeFile
CHAR szExeFile[MAX_PATH]
Definition: tlhelp32.h:70
tagPROCESSENTRY32::th32ModuleID
DWORD th32ModuleID
Definition: tlhelp32.h:65
tagPROCESSENTRY32::pcPriClassBase
LONG pcPriClassBase
Definition: tlhelp32.h:68
tagPROCESSENTRY32::cntThreads
DWORD cntThreads
Definition: tlhelp32.h:66
tagPROCESSENTRY32::th32ProcessID
DWORD th32ProcessID
Definition: tlhelp32.h:63
PROCESSENTRY32W
struct tagPROCESSENTRY32W PROCESSENTRY32W

Referenced by PrintBugreport().

◆ Process32FirstW()

BOOL WINAPI Process32FirstW ( HANDLE  hSnapshot,
LPPROCESSENTRY32W  lppe 
)

Definition at line 984 of file toolhelp.c.

985{
986 PTH32SNAPSHOT Snapshot;
987 LARGE_INTEGER SOffset;
988 SIZE_T ViewSize;
989 NTSTATUS Status;
990
991 CHECK_PARAM_SIZE(lppe, sizeof(PROCESSENTRY32W));
992
993 SOffset.QuadPart = 0;
994 ViewSize = 0;
995 Snapshot = NULL;
996
997 Status = NtMapViewOfSection(hSnapshot,
998 NtCurrentProcess(),
999 (PVOID*)&Snapshot,
1000 0,
1001 0,
1002 &SOffset,
1003 &ViewSize,
1004 ViewShare,
1005 0,
1006 PAGE_READWRITE);
1007 if(NT_SUCCESS(Status))
1008 {
1009 BOOL Ret;
1010
1011 if(Snapshot->ProcessListCount > 0)
1012 {
1013 LPPROCESSENTRY32W Entries = (LPPROCESSENTRY32W)OffsetToPtr(Snapshot, Snapshot->ProcessListOffset);
1014
1015 Snapshot->ProcessListIndex = 1;
1016 RtlCopyMemory(lppe, &Entries[0], sizeof(PROCESSENTRY32W));
1017 Ret = TRUE;
1018 }
1019 else
1020 {
1021
1022 SetLastError(ERROR_NO_MORE_FILES);
1023 Ret = FALSE;
1024 }
1025
1026 NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
1027 return Ret;
1028 }
1029
1030 BaseSetLastNTError(Status);
1031 return FALSE;
1032}
_TH32SNAPSHOT::ProcessListCount
ULONG ProcessListCount
Definition: toolhelp.c:69
_TH32SNAPSHOT::ProcessListOffset
ULONG_PTR ProcessListOffset
Definition: toolhelp.c:71
_TH32SNAPSHOT::ProcessListIndex
ULONG ProcessListIndex
Definition: toolhelp.c:70
LPPROCESSENTRY32W
struct tagPROCESSENTRY32W * LPPROCESSENTRY32W

Referenced by _DoDLLInjection(), enumerate_processes(), fill_process(), GetProcessID(), Process32First(), and ShutdownProcessTreeHelper().

◆ Process32Next()

BOOL WINAPI Process32Next ( HANDLE  hSnapshot,
LPPROCESSENTRY32  lppe 
)

Definition at line 1040 of file toolhelp.c.

1041{
1042 PROCESSENTRY32W pe;
1043 BOOL Ret;
1044
1045 CHECK_PARAM_SIZEA(lppe, sizeof(PROCESSENTRY32));
1046
1047 pe.dwSize = sizeof(PROCESSENTRY32W);
1048
1049 Ret = Process32NextW(hSnapshot, &pe);
1050 if(Ret)
1051 {
1052 lppe->cntUsage = pe.cntUsage;
1053 lppe->th32ProcessID = pe.th32ProcessID;
1054 lppe->th32DefaultHeapID = pe.th32DefaultHeapID;
1055 lppe->th32ModuleID = pe.th32ModuleID;
1056 lppe->cntThreads = pe.cntThreads;
1057 lppe->th32ParentProcessID = pe.th32ParentProcessID;
1058 lppe->pcPriClassBase = pe.pcPriClassBase;
1059 lppe->dwFlags = pe.dwFlags;
1060
1061 WideCharToMultiByte(CP_ACP, 0, pe.szExeFile, -1, lppe->szExeFile, sizeof(lppe->szExeFile), 0, 0);
1062 }
1063
1064 return Ret;
1065}
Process32NextW
BOOL WINAPI Process32NextW(HANDLE hSnapshot, LPPROCESSENTRY32W lppe)
Definition: toolhelp.c:1073

Referenced by PrintBugreport().

◆ Process32NextW()

BOOL WINAPI Process32NextW ( HANDLE  hSnapshot,
LPPROCESSENTRY32W  lppe 
)

Definition at line 1073 of file toolhelp.c.

1074{
1075 PTH32SNAPSHOT Snapshot;
1076 LARGE_INTEGER SOffset;
1077 SIZE_T ViewSize;
1078 NTSTATUS Status;
1079
1080 CHECK_PARAM_SIZE(lppe, sizeof(PROCESSENTRY32W));
1081
1082 SOffset.QuadPart = 0;
1083 ViewSize = 0;
1084 Snapshot = NULL;
1085
1086 Status = NtMapViewOfSection(hSnapshot,
1087 NtCurrentProcess(),
1088 (PVOID*)&Snapshot,
1089 0,
1090 0,
1091 &SOffset,
1092 &ViewSize,
1093 ViewShare,
1094 0,
1095 PAGE_READWRITE);
1096 if(NT_SUCCESS(Status))
1097 {
1098 BOOL Ret;
1099
1100 if(Snapshot->ProcessListCount > 0 &&
1101 Snapshot->ProcessListIndex < Snapshot->ProcessListCount)
1102 {
1103 LPPROCESSENTRY32W Entries = (LPPROCESSENTRY32W)OffsetToPtr(Snapshot, Snapshot->ProcessListOffset);
1104 RtlCopyMemory(lppe, &Entries[Snapshot->ProcessListIndex++], sizeof(PROCESSENTRY32W));
1105 Ret = TRUE;
1106 }
1107 else
1108 {
1109 SetLastError(ERROR_NO_MORE_FILES);
1110 Ret = FALSE;
1111 }
1112
1113 NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
1114 return Ret;
1115 }
1116
1117 BaseSetLastNTError(Status);
1118 return FALSE;
1119}

Referenced by _DoDLLInjection(), enumerate_processes(), fill_process(), GetProcessID(), Process32Next(), and ShutdownProcessTreeHelper().

◆ TH32CreateSnapshot()

static NTSTATUS TH32CreateSnapshot ( DWORD  dwFlags,
DWORD  th32ProcessID,
PRTL_DEBUG_INFORMATION HeapDebug,
PRTL_DEBUG_INFORMATION ModuleDebug,
PVOID ProcThrdInfo,
SIZE_T ProcThrdInfoSize 
)
static

Definition at line 105 of file toolhelp.c.

111{
112 NTSTATUS Status = STATUS_SUCCESS;
113
114 *HeapDebug = NULL;
115 *ModuleDebug = NULL;
116 *ProcThrdInfo = NULL;
117 *ProcThrdInfoSize = 0;
118
119 /*
120 * Allocate the debug information for a heap snapshot
121 */
122 if(dwFlags & TH32CS_SNAPHEAPLIST)
123 {
124 *HeapDebug = RtlCreateQueryDebugBuffer(0, FALSE);
125 if(*HeapDebug != NULL)
126 {
127 Status = RtlQueryProcessDebugInformation(th32ProcessID,
128 RTL_DEBUG_QUERY_HEAPS,
129 *HeapDebug);
130 }
131 else
132 Status = STATUS_UNSUCCESSFUL;
133 }
134
135 /*
136 * Allocate the debug information for a module snapshot
137 */
138 if(dwFlags & TH32CS_SNAPMODULE &&
139 NT_SUCCESS(Status))
140 {
141 *ModuleDebug = RtlCreateQueryDebugBuffer(0, FALSE);
142 if(*ModuleDebug != NULL)
143 {
144 Status = RtlQueryProcessDebugInformation(th32ProcessID,
145 RTL_DEBUG_QUERY_MODULES,
146 *ModuleDebug);
147 }
148 else
149 Status = STATUS_UNSUCCESSFUL;
150 }
151
152 /*
153 * Allocate enough memory for the system's process list
154 */
155
156 if(dwFlags & (TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD) &&
157 NT_SUCCESS(Status))
158 {
159 for(;;)
160 {
161 (*ProcThrdInfoSize) += 0x10000;
162 Status = NtAllocateVirtualMemory(NtCurrentProcess(),
163 ProcThrdInfo,
164 0,
165 ProcThrdInfoSize,
166 MEM_COMMIT,
167 PAGE_READWRITE);
168 if(!NT_SUCCESS(Status))
169 {
170 break;
171 }
172
173 Status = NtQuerySystemInformation(SystemProcessInformation,
174 *ProcThrdInfo,
175 *ProcThrdInfoSize,
176 NULL);
177 if(Status == STATUS_INFO_LENGTH_MISMATCH)
178 {
179 NtFreeVirtualMemory(NtCurrentProcess(),
180 ProcThrdInfo,
181 ProcThrdInfoSize,
182 MEM_RELEASE);
183 *ProcThrdInfo = NULL;
184 }
185 else
186 {
187 break;
188 }
189 }
190 }
191
192 /*
193 * Free resources in case of failure!
194 */
195
196 if(!NT_SUCCESS(Status))
197 {
198 TH32FreeAllocatedResources(*HeapDebug,
199 *ModuleDebug,
200 *ProcThrdInfo,
201 *ProcThrdInfoSize);
202 }
203
204 return Status;
205}
SystemProcessInformation
@ SystemProcessInformation
Definition: ntddk_ex.h:16
RTL_DEBUG_QUERY_MODULES
#define RTL_DEBUG_QUERY_MODULES
Definition: rtltypes.h:360
MEM_RELEASE
#define MEM_RELEASE
Definition: nt_native.h:1319
MEM_COMMIT
#define MEM_COMMIT
Definition: nt_native.h:1316
NtFreeVirtualMemory
NTSTATUS NTAPI NtFreeVirtualMemory(IN HANDLE ProcessHandle, IN PVOID *UBaseAddress, IN PSIZE_T URegionSize, IN ULONG FreeType)
Definition: virtual.c:5192
NtAllocateVirtualMemory
NTSTATUS NTAPI NtAllocateVirtualMemory(IN HANDLE ProcessHandle, IN OUT PVOID *UBaseAddress, IN ULONG_PTR ZeroBits, IN OUT PSIZE_T URegionSize, IN ULONG AllocationType, IN ULONG Protect)
Definition: virtual.c:4457
NtQuerySystemInformation
NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInfoClass, OUT PVOID SystemInfoBuffer, IN ULONG SystemInfoBufferSize, OUT PULONG BytesReturned OPTIONAL)
TH32CS_SNAPPROCESS
#define TH32CS_SNAPPROCESS
Definition: tlhelp32.h:26
TH32CS_SNAPTHREAD
#define TH32CS_SNAPTHREAD
Definition: tlhelp32.h:27
TH32CS_SNAPMODULE
#define TH32CS_SNAPMODULE
Definition: tlhelp32.h:28
TH32CS_SNAPHEAPLIST
#define TH32CS_SNAPHEAPLIST
Definition: tlhelp32.h:25
STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133

Referenced by CreateToolhelp32Snapshot().

◆ TH32CreateSnapshotSectionInitialize()

static NTSTATUS TH32CreateSnapshotSectionInitialize ( DWORD  dwFlags,
DWORD  th32ProcessID,
PRTL_DEBUG_INFORMATION  HeapDebug,
PRTL_DEBUG_INFORMATION  ModuleDebug,
PVOID  ProcThrdInfo,
HANDLE SectionHandle 
)
static

Definition at line 208 of file toolhelp.c.

214{
215 PSYSTEM_PROCESS_INFORMATION ProcessInfo;
216 LPHEAPLIST32 HeapListEntry;
217 LPMODULEENTRY32W ModuleListEntry;
218 LPPROCESSENTRY32W ProcessListEntry;
219 LPTHREADENTRY32 ThreadListEntry;
220 OBJECT_ATTRIBUTES ObjectAttributes;
221 LARGE_INTEGER SSize, SOffset;
222 HANDLE hSection;
223 PTH32SNAPSHOT Snapshot;
224 ULONG_PTR DataOffset;
225 SIZE_T ViewSize;
226 ULONG i, nProcesses = 0, nThreads = 0, nHeaps = 0, nModules = 0;
227 ULONG RequiredSnapshotSize = sizeof(TH32SNAPSHOT);
228 PRTL_PROCESS_HEAPS hi = NULL;
229 PRTL_PROCESS_MODULES mi = NULL;
230 NTSTATUS Status = STATUS_SUCCESS;
231
232 /*
233 * Determine the required size for the heap snapshot
234 */
235 if(dwFlags & TH32CS_SNAPHEAPLIST)
236 {
237 hi = (PRTL_PROCESS_HEAPS)HeapDebug->Heaps;
238 nHeaps = hi->NumberOfHeaps;
239 RequiredSnapshotSize += nHeaps * sizeof(HEAPLIST32);
240 }
241
242 /*
243 * Determine the required size for the module snapshot
244 */
245 if(dwFlags & TH32CS_SNAPMODULE)
246 {
247 mi = (PRTL_PROCESS_MODULES)ModuleDebug->Modules;
248 nModules = mi->NumberOfModules;
249 RequiredSnapshotSize += nModules * sizeof(MODULEENTRY32W);
250 }
251
252 /*
253 * Determine the required size for the processes and threads snapshot
254 */
255 if(dwFlags & (TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD))
256 {
257 ULONG ProcOffset = 0;
258
259 ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)ProcThrdInfo;
260 do
261 {
262 ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)((ULONG_PTR)ProcessInfo + ProcOffset);
263 nProcesses++;
264 nThreads += ProcessInfo->NumberOfThreads;
265 ProcOffset = ProcessInfo->NextEntryOffset;
266 } while(ProcOffset != 0);
267
268 if(dwFlags & TH32CS_SNAPPROCESS)
269 {
270 RequiredSnapshotSize += nProcesses * sizeof(PROCESSENTRY32W);
271 }
272 if(dwFlags & TH32CS_SNAPTHREAD)
273 {
274 RequiredSnapshotSize += nThreads * sizeof(THREADENTRY32);
275 }
276 }
277
278 /*
279 * Create and map the section
280 */
281
282 SSize.QuadPart = RequiredSnapshotSize;
283
284 InitializeObjectAttributes(&ObjectAttributes,
285 NULL,
286 ((dwFlags & TH32CS_INHERIT) ? OBJ_INHERIT : 0),
287 NULL,
288 NULL);
289
290 Status = NtCreateSection(&hSection,
291 SECTION_ALL_ACCESS,
292 &ObjectAttributes,
293 &SSize,
294 PAGE_READWRITE,
295 SEC_COMMIT,
296 NULL);
297 if(!NT_SUCCESS(Status))
298 {
299 return Status;
300 }
301
302 SOffset.QuadPart = 0;
303 ViewSize = 0;
304 Snapshot = NULL;
305
306 Status = NtMapViewOfSection(hSection,
307 NtCurrentProcess(),
308 (PVOID*)&Snapshot,
309 0,
310 0,
311 &SOffset,
312 &ViewSize,
313 ViewShare,
314 0,
315 PAGE_READWRITE);
316 if(!NT_SUCCESS(Status))
317 {
318 NtClose(hSection);
319 return Status;
320 }
321
322 RtlZeroMemory(Snapshot, sizeof(TH32SNAPSHOT));
323 DataOffset = 0;
324
325 /*
326 * Initialize the section data and fill it with all the data we collected
327 */
328
329 /* initialize the heap list */
330 if(dwFlags & TH32CS_SNAPHEAPLIST)
331 {
332 Snapshot->HeapListCount = nHeaps;
333 Snapshot->HeapListOffset = DataOffset;
334 HeapListEntry = (LPHEAPLIST32)OffsetToPtr(Snapshot, DataOffset);
335 for(i = 0; i < nHeaps; i++)
336 {
337 HeapListEntry->dwSize = sizeof(HEAPLIST32);
338 HeapListEntry->th32ProcessID = th32ProcessID;
339 HeapListEntry->th32HeapID = (ULONG_PTR)hi->Heaps[i].BaseAddress;
340 HeapListEntry->dwFlags = hi->Heaps[i].Flags;
341
342 HeapListEntry++;
343 }
344
345 DataOffset += hi->NumberOfHeaps * sizeof(HEAPLIST32);
346 }
347
348 /* initialize the module list */
349 if(dwFlags & TH32CS_SNAPMODULE)
350 {
351 Snapshot->ModuleListCount = nModules;
352 Snapshot->ModuleListOffset = DataOffset;
353 ModuleListEntry = (LPMODULEENTRY32W)OffsetToPtr(Snapshot, DataOffset);
354 for(i = 0; i < nModules; i++)
355 {
356 ModuleListEntry->dwSize = sizeof(MODULEENTRY32W);
357 ModuleListEntry->th32ModuleID = 1; /* no longer used, always set to one! */
358 ModuleListEntry->th32ProcessID = th32ProcessID;
359 ModuleListEntry->GlblcntUsage = mi->Modules[i].LoadCount;
360 ModuleListEntry->ProccntUsage = mi->Modules[i].LoadCount;
361 ModuleListEntry->modBaseAddr = (BYTE*)mi->Modules[i].ImageBase;
362 ModuleListEntry->modBaseSize = mi->Modules[i].ImageSize;
363 ModuleListEntry->hModule = (HMODULE)mi->Modules[i].ImageBase;
364
365 MultiByteToWideChar(CP_ACP,
366 0,
367 &mi->Modules[i].FullPathName[mi->Modules[i].OffsetToFileName],
368 -1,
369 ModuleListEntry->szModule,
370 sizeof(ModuleListEntry->szModule) / sizeof(ModuleListEntry->szModule[0]));
371
372 MultiByteToWideChar(CP_ACP,
373 0,
374 mi->Modules[i].FullPathName,
375 -1,
376 ModuleListEntry->szExePath,
377 sizeof(ModuleListEntry->szExePath) / sizeof(ModuleListEntry->szExePath[0]));
378
379 ModuleListEntry++;
380 }
381
382 DataOffset += mi->NumberOfModules * sizeof(MODULEENTRY32W);
383 }
384
385 /* initialize the process list */
386 if(dwFlags & TH32CS_SNAPPROCESS)
387 {
388 ULONG ProcOffset = 0;
389
390 Snapshot->ProcessListCount = nProcesses;
391 Snapshot->ProcessListOffset = DataOffset;
392 ProcessListEntry = (LPPROCESSENTRY32W)OffsetToPtr(Snapshot, DataOffset);
393 ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)ProcThrdInfo;
394 do
395 {
396 ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)((ULONG_PTR)ProcessInfo + ProcOffset);
397
398 ProcessListEntry->dwSize = sizeof(PROCESSENTRY32W);
399 ProcessListEntry->cntUsage = 0; /* no longer used */
400 ProcessListEntry->th32ProcessID = (ULONG_PTR)ProcessInfo->UniqueProcessId;
401 ProcessListEntry->th32DefaultHeapID = 0; /* no longer used */
402 ProcessListEntry->th32ModuleID = 0; /* no longer used */
403 ProcessListEntry->cntThreads = ProcessInfo->NumberOfThreads;
404 ProcessListEntry->th32ParentProcessID = (ULONG_PTR)ProcessInfo->InheritedFromUniqueProcessId;
405 ProcessListEntry->pcPriClassBase = ProcessInfo->BasePriority;
406 ProcessListEntry->dwFlags = 0; /* no longer used */
407 if(ProcessInfo->ImageName.Buffer != NULL)
408 {
409 ULONG ExeFileLength = min(ProcessInfo->ImageName.Length,
410 sizeof(ProcessListEntry->szExeFile) - sizeof(WCHAR));
411 RtlCopyMemory(ProcessListEntry->szExeFile,
412 ProcessInfo->ImageName.Buffer,
413 ExeFileLength);
414 ProcessListEntry->szExeFile[ExeFileLength / sizeof(WCHAR)] = UNICODE_NULL;
415 }
416 else
417 {
418 lstrcpyW(ProcessListEntry->szExeFile, L"[System Process]");
419 }
420
421 ProcessListEntry++;
422
423 ProcOffset = ProcessInfo->NextEntryOffset;
424 } while(ProcOffset != 0);
425
426 DataOffset += nProcesses * sizeof(PROCESSENTRY32W);
427 }
428
429 /* initialize the thread list */
430 if(dwFlags & TH32CS_SNAPTHREAD)
431 {
432 ULONG ProcOffset = 0;
433
434 Snapshot->ThreadListCount = nThreads;
435 Snapshot->ThreadListOffset = DataOffset;
436 ThreadListEntry = (LPTHREADENTRY32)OffsetToPtr(Snapshot, DataOffset);
437 ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)ProcThrdInfo;
438 do
439 {
440 PSYSTEM_THREAD_INFORMATION ThreadInfo;
441 ULONG n;
442
443 ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)((ULONG_PTR)ProcessInfo + ProcOffset);
444 ThreadInfo = (PSYSTEM_THREAD_INFORMATION)(ProcessInfo + 1);
445
446 for(n = 0; n < ProcessInfo->NumberOfThreads; n++)
447 {
448 ThreadListEntry->dwSize = sizeof(THREADENTRY32);
449 ThreadListEntry->cntUsage = 0; /* no longer used */
450 ThreadListEntry->th32ThreadID = (ULONG_PTR)ThreadInfo->ClientId.UniqueThread;
451 ThreadListEntry->th32OwnerProcessID = (ULONG_PTR)ThreadInfo->ClientId.UniqueProcess;
452 ThreadListEntry->tpBasePri = ThreadInfo->BasePriority;
453 ThreadListEntry->tpDeltaPri = 0; /* no longer used */
454 ThreadListEntry->dwFlags = 0; /* no longer used */
455
456 ThreadInfo++;
457 ThreadListEntry++;
458 }
459
460 ProcOffset = ProcessInfo->NextEntryOffset;
461 } while(ProcOffset != 0);
462 }
463
464 /*
465 * We're done, unmap the view and return the section handle
466 */
467
468 Status = NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
469
470 if(NT_SUCCESS(Status))
471 {
472 *SectionHandle = hSection;
473 }
474 else
475 {
476 NtClose(hSection);
477 }
478
479 return Status;
480}
NtCreateSection
NTSTATUS NTAPI NtCreateSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
Definition: section.c:3076
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
lstrcpyW
#define lstrcpyW
Definition: compat.h:749
MultiByteToWideChar
#define MultiByteToWideChar
Definition: compat.h:110
TH32SNAPSHOT
struct _TH32SNAPSHOT TH32SNAPSHOT
L
#define L(x)
Definition: resources.c:13
n
GLdouble n
Definition: glext.h:7729
OBJ_INHERIT
#define OBJ_INHERIT
Definition: winternl.h:225
ThreadInfo
struct _ThreadInfo ThreadInfo
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
mi
static MONITORINFO mi
Definition: win.c:7338
min
#define min(a, b)
Definition: monoChain.cc:55
PSYSTEM_THREAD_INFORMATION
struct _SYSTEM_THREAD_INFORMATION * PSYSTEM_THREAD_INFORMATION
PSYSTEM_PROCESS_INFORMATION
struct _SYSTEM_PROCESS_INFORMATION * PSYSTEM_PROCESS_INFORMATION
SEC_COMMIT
#define SEC_COMMIT
Definition: mmtypes.h:100
PRTL_PROCESS_MODULES
struct _RTL_PROCESS_MODULES * PRTL_PROCESS_MODULES
PRTL_PROCESS_HEAPS
struct _RTL_PROCESS_HEAPS * PRTL_PROCESS_HEAPS
SECTION_ALL_ACCESS
#define SECTION_ALL_ACCESS
Definition: nt_native.h:1296
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
UNICODE_NULL
#define UNICODE_NULL
_OBJECT_ATTRIBUTES
Definition: umtypes.h:184
_RTL_DEBUG_INFORMATION::Modules
PRTL_PROCESS_MODULES Modules
Definition: rtltypes.h:1196
_RTL_HEAP_INFORMATION::Flags
ULONG Flags
Definition: rtltypes.h:1112
_RTL_PROCESS_HEAPS
Definition: rtltypes.h:1127
_RTL_PROCESS_MODULES
Definition: rtltypes.h:1010
_SYSTEM_PROCESS_INFORMATION
Definition: extypes.h:1067
_SYSTEM_PROCESS_INFORMATION::ImageName
UNICODE_STRING ImageName
Definition: extypes.h:1077
_SYSTEM_PROCESS_INFORMATION::UniqueProcessId
HANDLE UniqueProcessId
Definition: extypes.h:1079
_SYSTEM_PROCESS_INFORMATION::NumberOfThreads
ULONG NumberOfThreads
Definition: extypes.h:1069
_SYSTEM_PROCESS_INFORMATION::BasePriority
KPRIORITY BasePriority
Definition: extypes.h:1078
_SYSTEM_PROCESS_INFORMATION::NextEntryOffset
ULONG NextEntryOffset
Definition: extypes.h:1068
_SYSTEM_PROCESS_INFORMATION::InheritedFromUniqueProcessId
HANDLE InheritedFromUniqueProcessId
Definition: extypes.h:1080
_SYSTEM_THREAD_INFORMATION
Definition: extypes.h:1048
_TH32SNAPSHOT::ThreadListOffset
ULONG_PTR ThreadListOffset
Definition: toolhelp.c:75
_TH32SNAPSHOT::ThreadListCount
ULONG ThreadListCount
Definition: toolhelp.c:73
_ThreadInfo
Definition: mmdrv.h:111
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
tagHEAPLIST32::dwFlags
DWORD dwFlags
Definition: tlhelp32.h:35
tagHEAPLIST32::th32HeapID
DWORD th32HeapID
Definition: tlhelp32.h:34
tagHEAPLIST32::dwSize
DWORD dwSize
Definition: tlhelp32.h:32
tagHEAPLIST32::th32ProcessID
DWORD th32ProcessID
Definition: tlhelp32.h:33
tagTHREADENTRY32::th32ThreadID
DWORD th32ThreadID
Definition: tlhelp32.h:75
tagTHREADENTRY32::cntUsage
DWORD cntUsage
Definition: tlhelp32.h:74
tagTHREADENTRY32::th32OwnerProcessID
DWORD th32OwnerProcessID
Definition: tlhelp32.h:76
LPTHREADENTRY32
struct tagTHREADENTRY32 * LPTHREADENTRY32
Definition: toolhelp.c:40
TH32CS_INHERIT
#define TH32CS_INHERIT
Definition: tlhelp32.h:30
HEAPLIST32
struct tagHEAPLIST32 HEAPLIST32
THREADENTRY32
struct tagTHREADENTRY32 THREADENTRY32
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
hSection
_In_ const BITMAPINFO _In_ UINT _In_opt_ HANDLE hSection
Definition: wingdi.h:3685
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
BYTE
unsigned char BYTE
Definition: xxhash.c:193

Referenced by CreateToolhelp32Snapshot().

◆ TH32FreeAllocatedResources()

static VOID TH32FreeAllocatedResources ( PRTL_DEBUG_INFORMATION  HeapDebug,
PRTL_DEBUG_INFORMATION  ModuleDebug,
PVOID  ProcThrdInfo,
SIZE_T  ProcThrdInfoSize 
)
static

Definition at line 81 of file toolhelp.c.

85{
86 if(HeapDebug != NULL)
87 {
88 RtlDestroyQueryDebugBuffer(HeapDebug);
89 }
90 if(ModuleDebug != NULL)
91 {
92 RtlDestroyQueryDebugBuffer(ModuleDebug);
93 }
94
95 if(ProcThrdInfo != NULL)
96 {
97 NtFreeVirtualMemory(NtCurrentProcess(),
98 &ProcThrdInfo,
99 &ProcThrdInfoSize,
100 MEM_RELEASE);
101 }
102}

Referenced by CreateToolhelp32Snapshot(), and TH32CreateSnapshot().

◆ Thread32First()

BOOL WINAPI Thread32First ( HANDLE  hSnapshot,
LPTHREADENTRY32  lpte 
)

Definition at line 1127 of file toolhelp.c.

1128{
1129 PTH32SNAPSHOT Snapshot;
1130 LARGE_INTEGER SOffset;
1131 SIZE_T ViewSize;
1132 NTSTATUS Status;
1133
1134 CHECK_PARAM_SIZE(lpte, sizeof(THREADENTRY32));
1135
1136 SOffset.QuadPart = 0;
1137 ViewSize = 0;
1138 Snapshot = NULL;
1139
1140 Status = NtMapViewOfSection(hSnapshot,
1141 NtCurrentProcess(),
1142 (PVOID*)&Snapshot,
1143 0,
1144 0,
1145 &SOffset,
1146 &ViewSize,
1147 ViewShare,
1148 0,
1149 PAGE_READWRITE);
1150 if(NT_SUCCESS(Status))
1151 {
1152 BOOL Ret;
1153
1154 if(Snapshot->ThreadListCount > 0)
1155 {
1156 LPTHREADENTRY32 Entries = (LPTHREADENTRY32)OffsetToPtr(Snapshot, Snapshot->ThreadListOffset);
1157 Snapshot->ThreadListIndex = 1;
1158 RtlCopyMemory(lpte, &Entries[0], sizeof(THREADENTRY32));
1159 Ret = TRUE;
1160 }
1161 else
1162 {
1163 SetLastError(ERROR_NO_MORE_FILES);
1164 Ret = FALSE;
1165 }
1166
1167 NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
1168 return Ret;
1169 }
1170
1171 BaseSetLastNTError(Status);
1172 return FALSE;
1173}
_TH32SNAPSHOT::ThreadListIndex
ULONG ThreadListIndex
Definition: toolhelp.c:74

◆ Thread32Next()

BOOL WINAPI Thread32Next ( HANDLE  hSnapshot,
LPTHREADENTRY32  lpte 
)

Definition at line 1181 of file toolhelp.c.

1182{
1183 PTH32SNAPSHOT Snapshot;
1184 LARGE_INTEGER SOffset;
1185 SIZE_T ViewSize;
1186 NTSTATUS Status;
1187
1188 CHECK_PARAM_SIZE(lpte, sizeof(THREADENTRY32));
1189
1190 SOffset.QuadPart = 0;
1191 ViewSize = 0;
1192 Snapshot = NULL;
1193
1194 Status = NtMapViewOfSection(hSnapshot,
1195 NtCurrentProcess(),
1196 (PVOID*)&Snapshot,
1197 0,
1198 0,
1199 &SOffset,
1200 &ViewSize,
1201 ViewShare,
1202 0,
1203 PAGE_READWRITE);
1204 if(NT_SUCCESS(Status))
1205 {
1206 BOOL Ret;
1207
1208 if(Snapshot->ThreadListCount > 0 &&
1209 Snapshot->ThreadListIndex < Snapshot->ThreadListCount)
1210 {
1211 LPTHREADENTRY32 Entries = (LPTHREADENTRY32)OffsetToPtr(Snapshot, Snapshot->ThreadListOffset);
1212 RtlCopyMemory(lpte, &Entries[Snapshot->ThreadListIndex++], sizeof(THREADENTRY32));
1213 Ret = TRUE;
1214 }
1215 else
1216 {
1217 SetLastError(ERROR_NO_MORE_FILES);
1218 Ret = FALSE;
1219 }
1220
1221 NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
1222 return Ret;
1223 }
1224
1225 BaseSetLastNTError(Status);
1226 return FALSE;
1227}

◆ Toolhelp32ReadProcessMemory()

BOOL WINAPI Toolhelp32ReadProcessMemory ( DWORD  th32ProcessID,
LPCVOID  lpBaseAddress,
LPVOID  lpBuffer,
SIZE_T  cbRead,
SIZE_T lpNumberOfBytesRead 
)

Definition at line 1235 of file toolhelp.c.

1237{
1238 HANDLE hProcess = OpenProcess(PROCESS_VM_READ, FALSE, th32ProcessID);
1239 if(hProcess != NULL)
1240 {
1241 BOOL Ret = ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, cbRead, lpNumberOfBytesRead);
1242 CloseHandle(hProcess);
1243 return Ret;
1244 }
1245
1246 return FALSE;
1247}
CloseHandle
#define CloseHandle
Definition: compat.h:739
ReadProcessMemory
#define ReadProcessMemory(a, b, c, d, e)
Definition: compat.h:758
OpenProcess
HANDLE WINAPI OpenProcess(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwProcessId)
Definition: proc.c:1227
PROCESS_VM_READ
#define PROCESS_VM_READ
Definition: pstypes.h:162
hProcess
_In_ BOOL _In_ HANDLE hProcess
Definition: mapping.h:71
lpBuffer
_Out_ LPWSTR lpBuffer
Definition: netsh.h:68