ReactOS  0.4.13-dev-79-gcd489d8
toolhelp.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS system libraries
4  * FILE: dll/win32/kernel32/client/toolhelp.c
5  * PURPOSE: Toolhelp functions
6  * PROGRAMMER: Thomas Weidenmueller <w3seek@reactos.com>
7  * Robert Dickenson (robd@mok.lvcm.com)
8  *
9  * NOTES: Do NOT use the heap functions in here because they
10  * adulterate the heap statistics!
11  *
12  * UPDATE HISTORY:
13  * 10/30/2004 Implemented some parts (w3)
14  * Inspired by the book "Windows NT Native API"
15  * Created 05 January 2003 (robd)
16  */
17 
18 #include <k32.h>
19 
20 #define NDEBUG
21 #include <debug.h>
22 
23 /* INTERNAL DEFINITIONS *******************************************************/
24 
25 typedef struct _RTLP_HEAP_ENTRY
26 {
29  USHORT Unknown1; /* FIXME */
30  ULONG Unknown2; /* FIXME */
33 
34 #define CHECK_PARAM_SIZE(ptr, siz) \
35  if((ptr) == NULL || (ptr)->dwSize != (siz)) \
36  { \
37  SetLastError(ERROR_INVALID_PARAMETER); \
38  return FALSE; \
39  }
40 
41 /*
42  * Tests in win showed that the dwSize field can be greater than the actual size
43  * of the structure for the ansi functions. I found this out by accidently
44  * forgetting to set the dwSize field in a test application and it just didn't
45  * work in ros but in win.
46  */
47 
48 #define CHECK_PARAM_SIZEA(ptr, siz) \
49  if((ptr) == NULL || (ptr)->dwSize < (siz)) \
50  { \
51  SetLastError(ERROR_INVALID_PARAMETER); \
52  return FALSE; \
53  }
54 
55 #define OffsetToPtr(Snapshot, Offset) \
56  ((ULONG_PTR)((Snapshot) + 1) + (ULONG_PTR)(Offset))
57 
58 typedef struct _TH32SNAPSHOT
59 {
60  /* Heap list */
64  /* Module list */
68  /* Process list */
72  /* Thread list */
77 
78 /* INTERNAL FUNCTIONS *********************************************************/
79 
80 static VOID
82  PRTL_DEBUG_INFORMATION ModuleDebug,
83  PVOID ProcThrdInfo,
84  SIZE_T ProcThrdInfoSize)
85 {
86  if(HeapDebug != NULL)
87  {
88  RtlDestroyQueryDebugBuffer(HeapDebug);
89  }
90  if(ModuleDebug != NULL)
91  {
92  RtlDestroyQueryDebugBuffer(ModuleDebug);
93  }
94 
95  if(ProcThrdInfo != NULL)
96  {
98  &ProcThrdInfo,
99  &ProcThrdInfoSize,
100  MEM_RELEASE);
101  }
102 }
103 
104 static NTSTATUS
106  DWORD th32ProcessID,
107  PRTL_DEBUG_INFORMATION *HeapDebug,
108  PRTL_DEBUG_INFORMATION *ModuleDebug,
109  PVOID *ProcThrdInfo,
110  SIZE_T *ProcThrdInfoSize)
111 {
113 
114  *HeapDebug = NULL;
115  *ModuleDebug = NULL;
116  *ProcThrdInfo = NULL;
117  *ProcThrdInfoSize = 0;
118 
119  /*
120  * Allocate the debug information for a heap snapshot
121  */
123  {
124  *HeapDebug = RtlCreateQueryDebugBuffer(0, FALSE);
125  if(*HeapDebug != NULL)
126  {
127  Status = RtlQueryProcessDebugInformation(th32ProcessID,
129  *HeapDebug);
130  }
131  else
133  }
134 
135  /*
136  * Allocate the debug information for a module snapshot
137  */
138  if(dwFlags & TH32CS_SNAPMODULE &&
140  {
141  *ModuleDebug = RtlCreateQueryDebugBuffer(0, FALSE);
142  if(*ModuleDebug != NULL)
143  {
144  Status = RtlQueryProcessDebugInformation(th32ProcessID,
146  *ModuleDebug);
147  }
148  else
150  }
151 
152  /*
153  * Allocate enough memory for the system's process list
154  */
155 
158  {
159  for(;;)
160  {
161  (*ProcThrdInfoSize) += 0x10000;
163  ProcThrdInfo,
164  0,
165  ProcThrdInfoSize,
166  MEM_COMMIT,
168  if(!NT_SUCCESS(Status))
169  {
170  break;
171  }
172 
174  *ProcThrdInfo,
175  *ProcThrdInfoSize,
176  NULL);
178  {
180  ProcThrdInfo,
181  ProcThrdInfoSize,
182  MEM_RELEASE);
183  *ProcThrdInfo = NULL;
184  }
185  else
186  {
187  break;
188  }
189  }
190  }
191 
192  /*
193  * Free resources in case of failure!
194  */
195 
196  if(!NT_SUCCESS(Status))
197  {
198  TH32FreeAllocatedResources(*HeapDebug,
199  *ModuleDebug,
200  *ProcThrdInfo,
201  *ProcThrdInfoSize);
202  }
203 
204  return Status;
205 }
206 
207 static NTSTATUS
209  DWORD th32ProcessID,
210  PRTL_DEBUG_INFORMATION HeapDebug,
211  PRTL_DEBUG_INFORMATION ModuleDebug,
212  PVOID ProcThrdInfo,
213  HANDLE *SectionHandle)
214 {
215  PSYSTEM_PROCESS_INFORMATION ProcessInfo;
216  LPHEAPLIST32 HeapListEntry;
217  LPMODULEENTRY32W ModuleListEntry;
218  LPPROCESSENTRY32W ProcessListEntry;
219  LPTHREADENTRY32 ThreadListEntry;
221  LARGE_INTEGER SSize, SOffset;
223  PTH32SNAPSHOT Snapshot;
224  ULONG_PTR DataOffset;
226  ULONG i, nProcesses = 0, nThreads = 0, nHeaps = 0, nModules = 0;
227  ULONG RequiredSnapshotSize = sizeof(TH32SNAPSHOT);
231 
232  /*
233  * Determine the required size for the heap snapshot
234  */
236  {
237  hi = (PRTL_PROCESS_HEAPS)HeapDebug->Heaps;
238  nHeaps = hi->NumberOfHeaps;
239  RequiredSnapshotSize += nHeaps * sizeof(HEAPLIST32);
240  }
241 
242  /*
243  * Determine the required size for the module snapshot
244  */
246  {
247  mi = (PRTL_PROCESS_MODULES)ModuleDebug->Modules;
248  nModules = mi->NumberOfModules;
249  RequiredSnapshotSize += nModules * sizeof(MODULEENTRY32W);
250  }
251 
252  /*
253  * Determine the required size for the processes and threads snapshot
254  */
256  {
257  ULONG ProcOffset = 0;
258 
259  ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)ProcThrdInfo;
260  do
261  {
262  ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)((ULONG_PTR)ProcessInfo + ProcOffset);
263  nProcesses++;
264  nThreads += ProcessInfo->NumberOfThreads;
265  ProcOffset = ProcessInfo->NextEntryOffset;
266  } while(ProcOffset != 0);
267 
269  {
270  RequiredSnapshotSize += nProcesses * sizeof(PROCESSENTRY32W);
271  }
273  {
274  RequiredSnapshotSize += nThreads * sizeof(THREADENTRY32);
275  }
276  }
277 
278  /*
279  * Create and map the section
280  */
281 
282  SSize.QuadPart = RequiredSnapshotSize;
283 
285  NULL,
286  ((dwFlags & TH32CS_INHERIT) ? OBJ_INHERIT : 0),
287  NULL,
288  NULL);
289 
293  &SSize,
295  SEC_COMMIT,
296  NULL);
297  if(!NT_SUCCESS(Status))
298  {
299  return Status;
300  }
301 
302  SOffset.QuadPart = 0;
303  ViewSize = 0;
304  Snapshot = NULL;
305 
308  (PVOID*)&Snapshot,
309  0,
310  0,
311  &SOffset,
312  &ViewSize,
313  ViewShare,
314  0,
316  if(!NT_SUCCESS(Status))
317  {
318  NtClose(hSection);
319  return Status;
320  }
321 
322  RtlZeroMemory(Snapshot, sizeof(TH32SNAPSHOT));
323  DataOffset = 0;
324 
325  /*
326  * Initialize the section data and fill it with all the data we collected
327  */
328 
329  /* initialize the heap list */
331  {
332  Snapshot->HeapListCount = nHeaps;
333  Snapshot->HeapListOffset = DataOffset;
334  HeapListEntry = (LPHEAPLIST32)OffsetToPtr(Snapshot, DataOffset);
335  for(i = 0; i < nHeaps; i++)
336  {
337  HeapListEntry->dwSize = sizeof(HEAPLIST32);
338  HeapListEntry->th32ProcessID = th32ProcessID;
339  HeapListEntry->th32HeapID = (ULONG_PTR)hi->Heaps[i].BaseAddress;
340  HeapListEntry->dwFlags = hi->Heaps[i].Flags;
341 
342  HeapListEntry++;
343  }
344 
345  DataOffset += hi->NumberOfHeaps * sizeof(HEAPLIST32);
346  }
347 
348  /* initialize the module list */
350  {
351  Snapshot->ModuleListCount = nModules;
352  Snapshot->ModuleListOffset = DataOffset;
353  ModuleListEntry = (LPMODULEENTRY32W)OffsetToPtr(Snapshot, DataOffset);
354  for(i = 0; i < nModules; i++)
355  {
356  ModuleListEntry->dwSize = sizeof(MODULEENTRY32W);
357  ModuleListEntry->th32ModuleID = 1; /* no longer used, always set to one! */
358  ModuleListEntry->th32ProcessID = th32ProcessID;
359  ModuleListEntry->GlblcntUsage = mi->Modules[i].LoadCount;
360  ModuleListEntry->ProccntUsage = mi->Modules[i].LoadCount;
361  ModuleListEntry->modBaseAddr = (BYTE*)mi->Modules[i].ImageBase;
362  ModuleListEntry->modBaseSize = mi->Modules[i].ImageSize;
363  ModuleListEntry->hModule = (HMODULE)mi->Modules[i].ImageBase;
364 
366  0,
367  &mi->Modules[i].FullPathName[mi->Modules[i].OffsetToFileName],
368  -1,
369  ModuleListEntry->szModule,
370  sizeof(ModuleListEntry->szModule) / sizeof(ModuleListEntry->szModule[0]));
371 
373  0,
374  mi->Modules[i].FullPathName,
375  -1,
376  ModuleListEntry->szExePath,
377  sizeof(ModuleListEntry->szExePath) / sizeof(ModuleListEntry->szExePath[0]));
378 
379  ModuleListEntry++;
380  }
381 
382  DataOffset += mi->NumberOfModules * sizeof(MODULEENTRY32W);
383  }
384 
385  /* initialize the process list */
387  {
388  ULONG ProcOffset = 0;
389 
390  Snapshot->ProcessListCount = nProcesses;
391  Snapshot->ProcessListOffset = DataOffset;
392  ProcessListEntry = (LPPROCESSENTRY32W)OffsetToPtr(Snapshot, DataOffset);
393  ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)ProcThrdInfo;
394  do
395  {
396  ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)((ULONG_PTR)ProcessInfo + ProcOffset);
397 
398  ProcessListEntry->dwSize = sizeof(PROCESSENTRY32W);
399  ProcessListEntry->cntUsage = 0; /* no longer used */
400  ProcessListEntry->th32ProcessID = (ULONG_PTR)ProcessInfo->UniqueProcessId;
401  ProcessListEntry->th32DefaultHeapID = 0; /* no longer used */
402  ProcessListEntry->th32ModuleID = 0; /* no longer used */
403  ProcessListEntry->cntThreads = ProcessInfo->NumberOfThreads;
404  ProcessListEntry->th32ParentProcessID = (ULONG_PTR)ProcessInfo->InheritedFromUniqueProcessId;
405  ProcessListEntry->pcPriClassBase = ProcessInfo->BasePriority;
406  ProcessListEntry->dwFlags = 0; /* no longer used */
407  if(ProcessInfo->ImageName.Buffer != NULL)
408  {
409  ULONG ExeFileLength = min(ProcessInfo->ImageName.Length,
410  sizeof(ProcessListEntry->szExeFile) - sizeof(WCHAR));
411  RtlCopyMemory(ProcessListEntry->szExeFile,
412  ProcessInfo->ImageName.Buffer,
413  ExeFileLength);
414  ProcessListEntry->szExeFile[ExeFileLength / sizeof(WCHAR)] = UNICODE_NULL;
415  }
416  else
417  {
418  lstrcpyW(ProcessListEntry->szExeFile, L"[System Process]");
419  }
420 
421  ProcessListEntry++;
422 
423  ProcOffset = ProcessInfo->NextEntryOffset;
424  } while(ProcOffset != 0);
425 
426  DataOffset += nProcesses * sizeof(PROCESSENTRY32W);
427  }
428 
429  /* initialize the thread list */
431  {
432  ULONG ProcOffset = 0;
433 
434  Snapshot->ThreadListCount = nThreads;
435  Snapshot->ThreadListOffset = DataOffset;
436  ThreadListEntry = (LPTHREADENTRY32)OffsetToPtr(Snapshot, DataOffset);
437  ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)ProcThrdInfo;
438  do
439  {
441  ULONG n;
442 
443  ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)((ULONG_PTR)ProcessInfo + ProcOffset);
444  ThreadInfo = (PSYSTEM_THREAD_INFORMATION)(ProcessInfo + 1);
445 
446  for(n = 0; n < ProcessInfo->NumberOfThreads; n++)
447  {
448  ThreadListEntry->dwSize = sizeof(THREADENTRY32);
449  ThreadListEntry->cntUsage = 0; /* no longer used */
450  ThreadListEntry->th32ThreadID = (ULONG_PTR)ThreadInfo->ClientId.UniqueThread;
451  ThreadListEntry->th32OwnerProcessID = (ULONG_PTR)ThreadInfo->ClientId.UniqueProcess;
452  ThreadListEntry->tpBasePri = ThreadInfo->BasePriority;
453  ThreadListEntry->tpDeltaPri = 0; /* no longer used */
454  ThreadListEntry->dwFlags = 0; /* no longer used */
455 
456  ThreadInfo++;
457  ThreadListEntry++;
458  }
459 
460  ProcOffset = ProcessInfo->NextEntryOffset;
461  } while(ProcOffset != 0);
462  }
463 
464  /*
465  * We're done, unmap the view and return the section handle
466  */
467 
469 
470  if(NT_SUCCESS(Status))
471  {
472  *SectionHandle = hSection;
473  }
474  else
475  {
476  NtClose(hSection);
477  }
478 
479  return Status;
480 }
481 
482 /* PUBLIC FUNCTIONS ***********************************************************/
483 
484 /*
485  * @implemented
486  */
487 BOOL
488 WINAPI
489 Heap32First(LPHEAPENTRY32 lphe, DWORD th32ProcessID, DWORD th32HeapID)
490 {
491  PRTL_DEBUG_INFORMATION DebugInfo;
493  PRTLP_HEAP_ENTRY Block, LastBlock;
494  ULONG i;
496 
497  CHECK_PARAM_SIZE(lphe, sizeof(HEAPENTRY32));
498 
499  DebugInfo = RtlCreateQueryDebugBuffer(0,
500  FALSE);
501  if (DebugInfo == NULL)
502  {
504  return FALSE;
505  }
506 
507  Status = RtlQueryProcessDebugInformation(th32ProcessID,
509  DebugInfo);
510 
511  if (NT_SUCCESS(Status))
512  {
514 
515  for (i = 0;
516  i != DebugInfo->Heaps->NumberOfHeaps;
517  i++)
518  {
519  Heap = &DebugInfo->Heaps->Heaps[i];
520 
521  if ((ULONG_PTR)Heap->BaseAddress == th32HeapID)
522  {
523  lphe->hHandle = (HANDLE)Heap->BaseAddress;
524  lphe->dwAddress = 0;
525  lphe->dwBlockSize = 0;
526  lphe->dwFlags = 0;
527  lphe->dwLockCount = 0;
528  lphe->dwResvd = 0;
529  lphe->th32ProcessID = th32ProcessID;
530  lphe->th32HeapID = (ULONG_PTR)Heap->BaseAddress;
531 
532  Block = (PRTLP_HEAP_ENTRY)Heap->Entries;
533  LastBlock = Block + Heap->NumberOfEntries;
534 
535  while (Block != LastBlock && (Block->Flags & PROCESS_HEAP_UNCOMMITTED_RANGE))
536  {
537  lphe->dwResvd++;
538  lphe->dwAddress = (ULONG_PTR)((ULONG_PTR)Block->Address + Heap->EntryOverhead);
539  Block++;
540  }
541 
542  if (Block != LastBlock && lphe->dwResvd != 0)
543  {
544  lphe->dwBlockSize = Block->Size;
545 
546  if (Block->Flags & 0x2F1) /* FIXME */
547  lphe->dwFlags = LF32_FIXED;
548  else if (Block->Flags & 0x20) /* FIXME */
549  lphe->dwFlags = LF32_MOVEABLE;
550  else if (Block->Flags & 0x100) /* FIXME */
551  lphe->dwFlags = LF32_FREE;
552 
554  }
555 
556  break;
557  }
558  }
559  }
560 
561  RtlDestroyQueryDebugBuffer(DebugInfo);
562 
563  if (!NT_SUCCESS(Status))
564  {
566  return FALSE;
567  }
568 
569  return TRUE;
570 }
571 
572 
573 /*
574  * @implemented
575  */
576 BOOL
577 WINAPI
579 {
580  PRTL_DEBUG_INFORMATION DebugInfo;
582  PRTLP_HEAP_ENTRY Block, LastBlock;
583  BOOLEAN FoundUncommitted = FALSE;
584  ULONG i;
586 
587  CHECK_PARAM_SIZE(lphe, sizeof(HEAPENTRY32));
588 
589  DebugInfo = RtlCreateQueryDebugBuffer(0,
590  FALSE);
591  if (DebugInfo == NULL)
592  {
594  return FALSE;
595  }
596 
599  DebugInfo);
600 
601  if (NT_SUCCESS(Status))
602  {
604 
605  for (i = 0;
606  i != DebugInfo->Heaps->NumberOfHeaps;
607  i++)
608  {
609  Heap = &DebugInfo->Heaps->Heaps[i];
610 
611  if ((ULONG_PTR)Heap->BaseAddress == lphe->th32HeapID)
612  {
613  if (++lphe->dwResvd < Heap->NumberOfEntries)
614  {
615  lphe->dwFlags = 0;
616 
617  Block = (PRTLP_HEAP_ENTRY)Heap->Entries + lphe->dwResvd;
618  LastBlock = (PRTLP_HEAP_ENTRY)Heap->Entries + Heap->NumberOfEntries;
619 
620  while (Block < LastBlock && (Block->Flags & PROCESS_HEAP_UNCOMMITTED_RANGE))
621  {
622  lphe->dwResvd++;
623  lphe->dwAddress = (ULONG_PTR)((ULONG_PTR)Block->Address + Heap->EntryOverhead);
624  FoundUncommitted = TRUE;
625  Block++;
626  }
627 
628  if (Block < LastBlock)
629  {
630  if (!FoundUncommitted)
631  lphe->dwAddress += lphe->dwBlockSize;
632 
633  lphe->dwBlockSize = Block->Size;
634 
635  if (Block->Flags & 0x2F1) /* FIXME */
636  lphe->dwFlags = LF32_FIXED;
637  else if (Block->Flags & 0x20) /* FIXME */
638  lphe->dwFlags = LF32_MOVEABLE;
639  else if (Block->Flags & 0x100) /* FIXME */
640  lphe->dwFlags = LF32_FREE;
641 
643  }
644  }
645 
646  break;
647  }
648  }
649  }
650 
651  RtlDestroyQueryDebugBuffer(DebugInfo);
652 
653  if (!NT_SUCCESS(Status))
654  {
656  return FALSE;
657  }
658 
659  return TRUE;
660 
661 }
662 
663 
664 /*
665  * @implemented
666  */
667 BOOL
668 WINAPI
670 {
671  PTH32SNAPSHOT Snapshot;
672  LARGE_INTEGER SOffset;
675 
676  CHECK_PARAM_SIZE(lphl, sizeof(HEAPLIST32));
677 
678  SOffset.QuadPart = 0;
679  ViewSize = 0;
680  Snapshot = NULL;
681 
682  Status = NtMapViewOfSection(hSnapshot,
684  (PVOID*)&Snapshot,
685  0,
686  0,
687  &SOffset,
688  &ViewSize,
689  ViewShare,
690  0,
692  if(NT_SUCCESS(Status))
693  {
694  BOOL Ret;
695 
696  if(Snapshot->HeapListCount > 0)
697  {
698  LPHEAPLIST32 Entries = (LPHEAPLIST32)OffsetToPtr(Snapshot, Snapshot->HeapListOffset);
699  Snapshot->HeapListIndex = 1;
700  RtlCopyMemory(lphl, &Entries[0], sizeof(HEAPLIST32));
701  Ret = TRUE;
702  }
703  else
704  {
706  Ret = FALSE;
707  }
708 
710  return Ret;
711  }
712 
714  return FALSE;
715 }
716 
717 
718 /*
719  * @implemented
720  */
721 BOOL
722 WINAPI
724 {
725  PTH32SNAPSHOT Snapshot;
726  LARGE_INTEGER SOffset;
729 
730  CHECK_PARAM_SIZE(lphl, sizeof(HEAPLIST32));
731 
732  SOffset.QuadPart = 0;
733  ViewSize = 0;
734  Snapshot = NULL;
735 
736  Status = NtMapViewOfSection(hSnapshot,
738  (PVOID*)&Snapshot,
739  0,
740  0,
741  &SOffset,
742  &ViewSize,
743  ViewShare,
744  0,
746  if(NT_SUCCESS(Status))
747  {
748  BOOL Ret;
749 
750  if(Snapshot->HeapListCount > 0 &&
751  Snapshot->HeapListIndex < Snapshot->HeapListCount)
752  {
753  LPHEAPLIST32 Entries = (LPHEAPLIST32)OffsetToPtr(Snapshot, Snapshot->HeapListOffset);
754  RtlCopyMemory(lphl, &Entries[Snapshot->HeapListIndex++], sizeof(HEAPLIST32));
755  Ret = TRUE;
756  }
757  else
758  {
760  Ret = FALSE;
761  }
762 
764  return Ret;
765  }
766 
768  return FALSE;
769 }
770 
771 
772 /*
773  * @implemented
774  */
775 BOOL
776 WINAPI
778 {
779  MODULEENTRY32W me;
780  BOOL Ret;
781 
782  CHECK_PARAM_SIZEA(lpme, sizeof(MODULEENTRY32));
783 
784  me.dwSize = sizeof(MODULEENTRY32W);
785 
786  Ret = Module32FirstW(hSnapshot, &me);
787  if(Ret)
788  {
789  lpme->th32ModuleID = me.th32ModuleID;
790  lpme->th32ProcessID = me.th32ProcessID;
791  lpme->GlblcntUsage = me.GlblcntUsage;
792  lpme->ProccntUsage = me.ProccntUsage;
793  lpme->modBaseAddr = me.modBaseAddr;
794  lpme->modBaseSize = me.modBaseSize;
795  lpme->hModule = me.hModule;
796 
797  WideCharToMultiByte(CP_ACP, 0, me.szModule, -1, lpme->szModule, sizeof(lpme->szModule), 0, 0);
798  WideCharToMultiByte(CP_ACP, 0, me.szExePath, -1, lpme->szExePath, sizeof(lpme->szExePath), 0, 0);
799  }
800 
801  return Ret;
802 }
803 
804 
805 /*
806  * @implemented
807  */
808 BOOL
809 WINAPI
811 {
812  PTH32SNAPSHOT Snapshot;
813  LARGE_INTEGER SOffset;
816 
817  CHECK_PARAM_SIZE(lpme, sizeof(MODULEENTRY32W));
818 
819  SOffset.QuadPart = 0;
820  ViewSize = 0;
821  Snapshot = NULL;
822 
823  Status = NtMapViewOfSection(hSnapshot,
825  (PVOID*)&Snapshot,
826  0,
827  0,
828  &SOffset,
829  &ViewSize,
830  ViewShare,
831  0,
833  if(NT_SUCCESS(Status))
834  {
835  BOOL Ret;
836 
837  if(Snapshot->ModuleListCount > 0)
838  {
839  LPMODULEENTRY32W Entries = (LPMODULEENTRY32W)OffsetToPtr(Snapshot, Snapshot->ModuleListOffset);
840  Snapshot->ModuleListIndex = 1;
841  RtlCopyMemory(lpme, &Entries[0], sizeof(MODULEENTRY32W));
842  Ret = TRUE;
843  }
844  else
845  {
847  Ret = FALSE;
848  }
849 
851  return Ret;
852  }
853 
855  return FALSE;
856 }
857 
858 
859 /*
860  * @implemented
861  */
862 BOOL
863 WINAPI
865 {
866  MODULEENTRY32W me;
867  BOOL Ret;
868 
869  CHECK_PARAM_SIZEA(lpme, sizeof(MODULEENTRY32));
870 
871  me.dwSize = sizeof(MODULEENTRY32W);
872 
873  Ret = Module32NextW(hSnapshot, &me);
874  if(Ret)
875  {
876  lpme->th32ModuleID = me.th32ModuleID;
877  lpme->th32ProcessID = me.th32ProcessID;
878  lpme->GlblcntUsage = me.GlblcntUsage;
879  lpme->ProccntUsage = me.ProccntUsage;
880  lpme->modBaseAddr = me.modBaseAddr;
881  lpme->modBaseSize = me.modBaseSize;
882  lpme->hModule = me.hModule;
883 
884  WideCharToMultiByte(CP_ACP, 0, me.szModule, -1, lpme->szModule, sizeof(lpme->szModule), 0, 0);
885  WideCharToMultiByte(CP_ACP, 0, me.szExePath, -1, lpme->szExePath, sizeof(lpme->szExePath), 0, 0);
886  }
887 
888  return Ret;
889 }
890 
891 
892 /*
893  * @implemented
894  */
895 BOOL
896 WINAPI
898 {
899  PTH32SNAPSHOT Snapshot;
900  LARGE_INTEGER SOffset;
903 
904  CHECK_PARAM_SIZE(lpme, sizeof(MODULEENTRY32W));
905 
906  SOffset.QuadPart = 0;
907  ViewSize = 0;
908  Snapshot = NULL;
909 
910  Status = NtMapViewOfSection(hSnapshot,
912  (PVOID*)&Snapshot,
913  0,
914  0,
915  &SOffset,
916  &ViewSize,
917  ViewShare,
918  0,
920  if(NT_SUCCESS(Status))
921  {
922  BOOL Ret;
923 
924  if((Snapshot->ModuleListCount > 0) &&
925  (Snapshot->ModuleListIndex < Snapshot->ModuleListCount))
926  {
927  LPMODULEENTRY32W Entries = (LPMODULEENTRY32W)OffsetToPtr(Snapshot, Snapshot->ModuleListOffset);
928  RtlCopyMemory(lpme, &Entries[Snapshot->ModuleListIndex++], sizeof(MODULEENTRY32W));
929  Ret = TRUE;
930  }
931  else
932  {
934  Ret = FALSE;
935  }
936 
938  return Ret;
939  }
940 
942  return FALSE;
943 }
944 
945 
946 /*
947  * @implemented
948  */
949 BOOL
950 WINAPI
952 {
953  PROCESSENTRY32W pe;
954  BOOL Ret;
955 
956  CHECK_PARAM_SIZEA(lppe, sizeof(PROCESSENTRY32));
957 
958  pe.dwSize = sizeof(PROCESSENTRY32W);
959 
960  Ret = Process32FirstW(hSnapshot, &pe);
961  if(Ret)
962  {
963  lppe->cntUsage = pe.cntUsage;
964  lppe->th32ProcessID = pe.th32ProcessID;
966  lppe->th32ModuleID = pe.th32ModuleID;
967  lppe->cntThreads = pe.cntThreads;
969  lppe->pcPriClassBase = pe.pcPriClassBase;
970  lppe->dwFlags = pe.dwFlags;
971 
972  WideCharToMultiByte(CP_ACP, 0, pe.szExeFile, -1, lppe->szExeFile, sizeof(lppe->szExeFile), 0, 0);
973  }
974 
975  return Ret;
976 }
977 
978 
979 /*
980  * @implemented
981  */
982 BOOL
983 WINAPI
985 {
986  PTH32SNAPSHOT Snapshot;
987  LARGE_INTEGER SOffset;
990 
991  CHECK_PARAM_SIZE(lppe, sizeof(PROCESSENTRY32W));
992 
993  SOffset.QuadPart = 0;
994  ViewSize = 0;
995  Snapshot = NULL;
996 
997  Status = NtMapViewOfSection(hSnapshot,
999  (PVOID*)&Snapshot,
1000  0,
1001  0,
1002  &SOffset,
1003  &ViewSize,
1004  ViewShare,
1005  0,
1006  PAGE_READWRITE);
1007  if(NT_SUCCESS(Status))
1008  {
1009  BOOL Ret;
1010 
1011  if(Snapshot->ProcessListCount > 0)
1012  {
1013  LPPROCESSENTRY32W Entries = (LPPROCESSENTRY32W)OffsetToPtr(Snapshot, Snapshot->ProcessListOffset);
1014 
1015  Snapshot->ProcessListIndex = 1;
1016  RtlCopyMemory(lppe, &Entries[0], sizeof(PROCESSENTRY32W));
1017  Ret = TRUE;
1018  }
1019  else
1020  {
1021 
1023  Ret = FALSE;
1024  }
1025 
1027  return Ret;
1028  }
1029 
1031  return FALSE;
1032 }
1033 
1034 
1035 /*
1036  * @implemented
1037  */
1038 BOOL
1039 WINAPI
1041 {
1042  PROCESSENTRY32W pe;
1043  BOOL Ret;
1044 
1045  CHECK_PARAM_SIZEA(lppe, sizeof(PROCESSENTRY32));
1046 
1047  pe.dwSize = sizeof(PROCESSENTRY32W);
1048 
1049  Ret = Process32NextW(hSnapshot, &pe);
1050  if(Ret)
1051  {
1052  lppe->cntUsage = pe.cntUsage;
1053  lppe->th32ProcessID = pe.th32ProcessID;
1055  lppe->th32ModuleID = pe.th32ModuleID;
1056  lppe->cntThreads = pe.cntThreads;
1058  lppe->pcPriClassBase = pe.pcPriClassBase;
1059  lppe->dwFlags = pe.dwFlags;
1060 
1061  WideCharToMultiByte(CP_ACP, 0, pe.szExeFile, -1, lppe->szExeFile, sizeof(lppe->szExeFile), 0, 0);
1062  }
1063 
1064  return Ret;
1065 }
1066 
1067 
1068 /*
1069  * @implemented
1070  */
1071 BOOL
1072 WINAPI
1074 {
1075  PTH32SNAPSHOT Snapshot;
1076  LARGE_INTEGER SOffset;
1077  SIZE_T ViewSize;
1078  NTSTATUS Status;
1079 
1080  CHECK_PARAM_SIZE(lppe, sizeof(PROCESSENTRY32W));
1081 
1082  SOffset.QuadPart = 0;
1083  ViewSize = 0;
1084  Snapshot = NULL;
1085 
1086  Status = NtMapViewOfSection(hSnapshot,
1087  NtCurrentProcess(),
1088  (PVOID*)&Snapshot,
1089  0,
1090  0,
1091  &SOffset,
1092  &ViewSize,
1093  ViewShare,
1094  0,
1095  PAGE_READWRITE);
1096  if(NT_SUCCESS(Status))
1097  {
1098  BOOL Ret;
1099 
1100  if(Snapshot->ProcessListCount > 0 &&
1101  Snapshot->ProcessListIndex < Snapshot->ProcessListCount)
1102  {
1103  LPPROCESSENTRY32W Entries = (LPPROCESSENTRY32W)OffsetToPtr(Snapshot, Snapshot->ProcessListOffset);
1104  RtlCopyMemory(lppe, &Entries[Snapshot->ProcessListIndex++], sizeof(PROCESSENTRY32W));
1105  Ret = TRUE;
1106  }
1107  else
1108  {
1110  Ret = FALSE;
1111  }
1112 
1114  return Ret;
1115  }
1116 
1118  return FALSE;
1119 }
1120 
1121 
1122 /*
1123  * @implemented
1124  */
1125 BOOL
1126 WINAPI
1128 {
1129  PTH32SNAPSHOT Snapshot;
1130  LARGE_INTEGER SOffset;
1131  SIZE_T ViewSize;
1132  NTSTATUS Status;
1133 
1134  CHECK_PARAM_SIZE(lpte, sizeof(THREADENTRY32));
1135 
1136  SOffset.QuadPart = 0;
1137  ViewSize = 0;
1138  Snapshot = NULL;
1139 
1140  Status = NtMapViewOfSection(hSnapshot,
1141  NtCurrentProcess(),
1142  (PVOID*)&Snapshot,
1143  0,
1144  0,
1145  &SOffset,
1146  &ViewSize,
1147  ViewShare,
1148  0,
1149  PAGE_READWRITE);
1150  if(NT_SUCCESS(Status))
1151  {
1152  BOOL Ret;
1153 
1154  if(Snapshot->ThreadListCount > 0)
1155  {
1156  LPTHREADENTRY32 Entries = (LPTHREADENTRY32)OffsetToPtr(Snapshot, Snapshot->ThreadListOffset);
1157  Snapshot->ThreadListIndex = 1;
1158  RtlCopyMemory(lpte, &Entries[0], sizeof(THREADENTRY32));
1159  Ret = TRUE;
1160  }
1161  else
1162  {
1164  Ret = FALSE;
1165  }
1166 
1168  return Ret;
1169  }
1170 
1172  return FALSE;
1173 }
1174 
1175 
1176 /*
1177  * @implemented
1178  */
1179 BOOL
1180 WINAPI
1182 {
1183  PTH32SNAPSHOT Snapshot;
1184  LARGE_INTEGER SOffset;
1185  SIZE_T ViewSize;
1186  NTSTATUS Status;
1187 
1188  CHECK_PARAM_SIZE(lpte, sizeof(THREADENTRY32));
1189 
1190  SOffset.QuadPart = 0;
1191  ViewSize = 0;
1192  Snapshot = NULL;
1193 
1194  Status = NtMapViewOfSection(hSnapshot,
1195  NtCurrentProcess(),
1196  (PVOID*)&Snapshot,
1197  0,
1198  0,
1199  &SOffset,
1200  &ViewSize,
1201  ViewShare,
1202  0,
1203  PAGE_READWRITE);
1204  if(NT_SUCCESS(Status))
1205  {
1206  BOOL Ret;
1207 
1208  if(Snapshot->ThreadListCount > 0 &&
1209  Snapshot->ThreadListIndex < Snapshot->ThreadListCount)
1210  {
1211  LPTHREADENTRY32 Entries = (LPTHREADENTRY32)OffsetToPtr(Snapshot, Snapshot->ThreadListOffset);
1212  RtlCopyMemory(lpte, &Entries[Snapshot->ThreadListIndex++], sizeof(THREADENTRY32));
1213  Ret = TRUE;
1214  }
1215  else
1216  {
1218  Ret = FALSE;
1219  }
1220 
1222  return Ret;
1223  }
1224 
1226  return FALSE;
1227 }
1228 
1229 
1230 /*
1231  * @implemented
1232  */
1233 BOOL
1234 WINAPI
1235 Toolhelp32ReadProcessMemory(DWORD th32ProcessID, LPCVOID lpBaseAddress,
1236  LPVOID lpBuffer, SIZE_T cbRead, SIZE_T* lpNumberOfBytesRead)
1237 {
1238  HANDLE hProcess = OpenProcess(PROCESS_VM_READ, FALSE, th32ProcessID);
1239  if(hProcess != NULL)
1240  {
1241  BOOL Ret = ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, cbRead, lpNumberOfBytesRead);
1243  return Ret;
1244  }
1245 
1246  return FALSE;
1247 }
1248 
1249 
1250 /*
1251  * @implemented
1252  */
1253 HANDLE
1254 WINAPI
1256 {
1257  PRTL_DEBUG_INFORMATION HeapDebug, ModuleDebug;
1258  PVOID ProcThrdInfo;
1259  SIZE_T ProcThrdInfoSize;
1260  NTSTATUS Status;
1261  HANDLE hSnapShotSection = NULL;
1262 
1263  if(th32ProcessID == 0)
1264  {
1265  th32ProcessID = GetCurrentProcessId();
1266  }
1267 
1268  /*
1269  * Get all information required for the snapshot
1270  */
1272  th32ProcessID,
1273  &HeapDebug,
1274  &ModuleDebug,
1275  &ProcThrdInfo,
1276  &ProcThrdInfoSize);
1277  if(!NT_SUCCESS(Status))
1278  {
1280  return NULL;
1281  }
1282 
1283  /*
1284  * Create a section handle and initialize the collected information
1285  */
1287  th32ProcessID,
1288  HeapDebug,
1289  ModuleDebug,
1290  ProcThrdInfo,
1291  &hSnapShotSection);
1292 
1293  /*
1294  * Free the temporarily allocated memory which is no longer needed
1295  */
1296  TH32FreeAllocatedResources(HeapDebug,
1297  ModuleDebug,
1298  ProcThrdInfo,
1299  ProcThrdInfoSize);
1300 
1301  if(!NT_SUCCESS(Status))
1302  {
1304  return NULL;
1305  }
1306 
1307  return hSnapShotSection;
1308 }
1309 
1310 /* EOF */
struct _TH32SNAPSHOT TH32SNAPSHOT
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
BOOL WINAPI Process32First(HANDLE hSnapshot, LPPROCESSENTRY32 lppe)
Definition: toolhelp.c:951
struct tagMODULEENTRY32W * LPMODULEENTRY32W
NTSTATUS NTAPI NtUnmapViewOfSection(IN HANDLE ProcessHandle, IN PVOID BaseAddress)
Definition: section.c:3780
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
DWORD cntThreads
Definition: tlhelp32.h:66
NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInfoClass, OUT PVOID SystemInfoBuffer, IN ULONG SystemInfoBufferSize, OUT PULONG BytesReturned OPTIONAL)
#define CloseHandle
Definition: compat.h:398
PRTL_PROCESS_MODULES Modules
Definition: rtltypes.h:1198
ULONG_PTR ThreadListOffset
Definition: toolhelp.c:75
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
BOOL WINAPI Module32Next(HANDLE hSnapshot, LPMODULEENTRY32 lpme)
Definition: toolhelp.c:864
#define WideCharToMultiByte
Definition: compat.h:101
NTSTATUS NTAPI NtCreateSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
Definition: section.c:3371
DWORD th32ParentProcessID
Definition: tlhelp32.h:67
struct tagHEAPLIST32 * LPHEAPLIST32
#define PROCESS_HEAP_UNCOMMITTED_RANGE
Definition: winbase.h:332
char szExePath[MAX_PATH]
Definition: tlhelp32.h:103
ULONG_PTR ProcessListOffset
Definition: toolhelp.c:71
BYTE * modBaseAddr
Definition: tlhelp32.h:99
#define CP_ACP
Definition: compat.h:99
HMODULE hModule
Definition: tlhelp32.h:89
struct _RTL_PROCESS_MODULES * PRTL_PROCESS_MODULES
WCHAR szExeFile[MAX_PATH]
Definition: tlhelp32.h:58
#define RTL_DEBUG_QUERY_HEAP_BLOCKS
Definition: rtltypes.h:366
LONG NTSTATUS
Definition: precomp.h:26
CHAR szExeFile[MAX_PATH]
Definition: tlhelp32.h:70
GLdouble n
Definition: glext.h:7729
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
ULONG ModuleListCount
Definition: toolhelp.c:65
DWORD dwLockCount
Definition: tlhelp32.h:43
static VOID TH32FreeAllocatedResources(PRTL_DEBUG_INFORMATION HeapDebug, PRTL_DEBUG_INFORMATION ModuleDebug, PVOID ProcThrdInfo, SIZE_T ProcThrdInfoSize)
Definition: toolhelp.c:81
_In_ BOOL _In_ HANDLE hProcess
Definition: mapping.h:70
struct _ThreadInfo ThreadInfo
#define ReadProcessMemory(a, b, c, d, e)
Definition: compat.h:415
static MONITORINFO mi
Definition: win.c:7331
ULONG HeapListIndex
Definition: toolhelp.c:62
#define TH32CS_SNAPMODULE
Definition: tlhelp32.h:28
DWORD modBaseSize
Definition: tlhelp32.h:88
NTSYSAPI PRTL_DEBUG_INFORMATION NTAPI RtlCreateQueryDebugBuffer(_In_ ULONG Size, _In_ BOOLEAN EventPair)
#define MEM_COMMIT
Definition: nt_native.h:1313
BOOL WINAPI Process32Next(HANDLE hSnapshot, LPPROCESSENTRY32 lppe)
Definition: toolhelp.c:1040
ULONG_PTR ModuleListOffset
Definition: toolhelp.c:67
ULONG ThreadListIndex
Definition: toolhelp.c:74
DWORD dwFlags
Definition: tlhelp32.h:42
uint32_t ULONG_PTR
Definition: typedefs.h:63
DWORD th32ProcessID
Definition: tlhelp32.h:51
char szModule[MAX_MODULE_NAME32+1]
Definition: tlhelp32.h:102
#define TH32CS_INHERIT
Definition: tlhelp32.h:30
struct tagPROCESSENTRY32W * LPPROCESSENTRY32W
BOOL WINAPI Thread32First(HANDLE hSnapshot, LPTHREADENTRY32 lpte)
Definition: toolhelp.c:1127
while(1)
Definition: macro.lex.yy.c:740
#define SECTION_ALL_ACCESS
Definition: nt_native.h:1293
DWORD th32ModuleID
Definition: tlhelp32.h:95
DWORD th32ProcessID
Definition: tlhelp32.h:33
ULONG ThreadListCount
Definition: toolhelp.c:73
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
DWORD th32ProcessID
Definition: tlhelp32.h:84
#define SEC_COMMIT
Definition: mmtypes.h:99
#define UNICODE_NULL
unsigned int BOOL
Definition: ntddk_ex.h:94
#define OffsetToPtr(Snapshot, Offset)
Definition: toolhelp.c:55
DWORD dwResvd
Definition: tlhelp32.h:44
#define LF32_MOVEABLE
Definition: tlhelp32.h:23
DWORD th32ThreadID
Definition: tlhelp32.h:75
struct _TH32SNAPSHOT * PTH32SNAPSHOT
#define RTL_DEBUG_QUERY_HEAPS
Definition: rtltypes.h:364
static TAGREF LPCWSTR LPDWORD LPVOID lpBuffer
Definition: db.cpp:173
PRTL_HEAP_ENTRY Entries
Definition: rtltypes.h:1125
NTSTATUS NTAPI NtMapViewOfSection(IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
Definition: section.c:3552
BYTE * modBaseAddr
Definition: tlhelp32.h:87
DWORD th32ModuleID
Definition: tlhelp32.h:53
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
DWORD GlblcntUsage
Definition: tlhelp32.h:85
#define RTL_DEBUG_QUERY_MODULES
Definition: rtltypes.h:362
DWORD BaseSetLastNTError(IN NTSTATUS Status)
Definition: reactos.cpp:166
BOOL WINAPI Process32FirstW(HANDLE hSnapshot, LPPROCESSENTRY32W lppe)
Definition: toolhelp.c:984
DWORD dwSize
Definition: tlhelp32.h:32
#define ERROR_NO_MORE_FILES
Definition: winerror.h:121
DWORD ProccntUsage
Definition: tlhelp32.h:86
#define NtCurrentProcess()
Definition: nt_native.h:1657
DWORD ProccntUsage
Definition: tlhelp32.h:98
DWORD cntUsage
Definition: tlhelp32.h:74
DWORD th32ModuleID
Definition: tlhelp32.h:83
struct _SYSTEM_THREAD_INFORMATION * PSYSTEM_THREAD_INFORMATION
Definition: toolhelp.c:25
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DWORD th32HeapID
Definition: tlhelp32.h:46
#define STATUS_NO_MORE_FILES
Definition: udferr_usr.h:128
#define OBJ_INHERIT
Definition: winternl.h:225
#define WINAPI
Definition: msvc.h:8
DWORD dwBlockSize
Definition: tlhelp32.h:41
struct _RTLP_HEAP_ENTRY * PRTLP_HEAP_ENTRY
static HANDLE(WINAPI *pCreateToolhelp32Snapshot)(DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
#define SetLastError(x)
Definition: compat.h:409
#define LF32_FIXED
Definition: tlhelp32.h:21
BOOL WINAPI Module32FirstW(HANDLE hSnapshot, LPMODULEENTRY32W lpme)
Definition: toolhelp.c:810
NTSYSAPI NTSTATUS NTAPI RtlDestroyQueryDebugBuffer(IN PRTL_DEBUG_INFORMATION DebugBuffer)
Definition: dbgbuffer.c:50
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
DWORD th32ProcessID
Definition: tlhelp32.h:63
DWORD th32OwnerProcessID
Definition: tlhelp32.h:76
UNICODE_STRING ImageName
Definition: extypes.h:890
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
struct tagPROCESSENTRY32W PROCESSENTRY32W
DWORD th32DefaultHeapID
Definition: tlhelp32.h:64
static const WCHAR L[]
Definition: oid.c:1250
DWORD th32ModuleID
Definition: tlhelp32.h:65
BOOL WINAPI Heap32ListFirst(HANDLE hSnapshot, LPHEAPLIST32 lphl)
Definition: toolhelp.c:669
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
HANDLE InheritedFromUniqueProcessId
Definition: extypes.h:893
BOOL WINAPI Process32NextW(HANDLE hSnapshot, LPPROCESSENTRY32W lppe)
Definition: toolhelp.c:1073
unsigned char BYTE
Definition: mem.h:68
BOOL WINAPI Thread32Next(HANDLE hSnapshot, LPTHREADENTRY32 lpte)
Definition: toolhelp.c:1181
struct _RTL_PROCESS_HEAPS * PRTL_PROCESS_HEAPS
static NTSTATUS TH32CreateSnapshotSectionInitialize(DWORD dwFlags, DWORD th32ProcessID, PRTL_DEBUG_INFORMATION HeapDebug, PRTL_DEBUG_INFORMATION ModuleDebug, PVOID ProcThrdInfo, HANDLE *SectionHandle)
Definition: toolhelp.c:208
struct _RTLP_HEAP_ENTRY RTLP_HEAP_ENTRY
BOOL WINAPI Module32First(HANDLE hSnapshot, LPMODULEENTRY32 lpme)
Definition: toolhelp.c:777
Status
Definition: gdiplustypes.h:24
ULONG Unknown2
Definition: toolhelp.c:30
struct _SYSTEM_PROCESS_INFORMATION * PSYSTEM_PROCESS_INFORMATION
DWORD dwFlags
Definition: tlhelp32.h:35
ULONG Size
Definition: toolhelp.c:27
HMODULE hModule
Definition: tlhelp32.h:101
ULONG_PTR SIZE_T
Definition: typedefs.h:78
static NTSTATUS TH32CreateSnapshot(DWORD dwFlags, DWORD th32ProcessID, PRTL_DEBUG_INFORMATION *HeapDebug, PRTL_DEBUG_INFORMATION *ModuleDebug, PVOID *ProcThrdInfo, SIZE_T *ProcThrdInfoSize)
Definition: toolhelp.c:105
DWORD th32DefaultHeapID
Definition: tlhelp32.h:52
HANDLE WINAPI OpenProcess(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwProcessId)
Definition: proc.c:1257
NTSTATUS NTAPI NtAllocateVirtualMemory(IN HANDLE ProcessHandle, IN OUT PVOID *UBaseAddress, IN ULONG_PTR ZeroBits, IN OUT PSIZE_T URegionSize, IN ULONG AllocationType, IN ULONG Protect)
Definition: virtual.c:4367
NTSYSAPI NTSTATUS NTAPI RtlQueryProcessDebugInformation(_In_ ULONG ProcessId, _In_ ULONG DebugInfoClassMask, _Inout_ PRTL_DEBUG_INFORMATION DebugBuffer)
#define lstrcpyW
Definition: compat.h:406
LIST_ENTRY Entries[5]
Definition: ExDoubleList.c:8
unsigned short USHORT
Definition: pedump.c:61
#define LF32_FREE
Definition: tlhelp32.h:22
PRTL_PROCESS_HEAPS Heaps
Definition: rtltypes.h:1202
BOOL WINAPI Module32NextW(HANDLE hSnapshot, LPMODULEENTRY32W lpme)
Definition: toolhelp.c:897
DWORD GlblcntUsage
Definition: tlhelp32.h:97
HANDLE hHandle
Definition: tlhelp32.h:39
#define TH32CS_SNAPTHREAD
Definition: tlhelp32.h:27
ULONG HeapListCount
Definition: toolhelp.c:61
#define TH32CS_SNAPPROCESS
Definition: tlhelp32.h:26
#define min(a, b)
Definition: monoChain.cc:55
#define TH32CS_SNAPHEAPLIST
Definition: tlhelp32.h:25
ULONG ProcessListIndex
Definition: toolhelp.c:70
WCHAR szModule[MAX_MODULE_NAME32+1]
Definition: tlhelp32.h:90
BOOL WINAPI Heap32Next(LPHEAPENTRY32 lphe)
Definition: toolhelp.c:578
#define MultiByteToWideChar
Definition: compat.h:100
USHORT Flags
Definition: toolhelp.c:28
DWORD th32HeapID
Definition: tlhelp32.h:34
HANDLE WINAPI CreateToolhelp32Snapshot(DWORD dwFlags, DWORD th32ProcessID)
Definition: toolhelp.c:1255
DWORD dwAddress
Definition: tlhelp32.h:40
#define PROCESS_VM_READ
Definition: pstypes.h:153
CONST void * LPCVOID
Definition: windef.h:191
LONG pcPriClassBase
Definition: tlhelp32.h:68
#define MEM_RELEASE
Definition: nt_native.h:1316
PVOID Address
Definition: toolhelp.c:31
struct tagMODULEENTRY32W MODULEENTRY32W
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
Definition: mmfuncs.h:404
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
#define ULONG_PTR
Definition: config.h:101
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
struct tagHEAPLIST32 HEAPLIST32
BOOL WINAPI Heap32ListNext(HANDLE hSnapshot, LPHEAPLIST32 lphl)
Definition: toolhelp.c:723
WCHAR szExePath[MAX_PATH]
Definition: tlhelp32.h:91
RTL_HEAP_INFORMATION Heaps[1]
Definition: rtltypes.h:1131
#define CHECK_PARAM_SIZE(ptr, siz)
Definition: toolhelp.c:34
BOOL WINAPI Toolhelp32ReadProcessMemory(DWORD th32ProcessID, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T cbRead, SIZE_T *lpNumberOfBytesRead)
Definition: toolhelp.c:1235
ULONG_PTR HeapListOffset
Definition: toolhelp.c:63
return STATUS_SUCCESS
Definition: btrfs.c:2725
#define CHECK_PARAM_SIZEA(ptr, siz)
Definition: toolhelp.c:48
USHORT Unknown1
Definition: toolhelp.c:29
DWORD th32ParentProcessID
Definition: tlhelp32.h:55
_In_ const BITMAPINFO _In_ UINT _In_opt_ HANDLE hSection
Definition: wingdi.h:3217
DWORD th32ProcessID
Definition: tlhelp32.h:45
ULONG ModuleListIndex
Definition: toolhelp.c:66
DWORD th32ProcessID
Definition: tlhelp32.h:96
DWORD WINAPI GetCurrentProcessId(VOID)
Definition: proc.c:1188
static LPTHREADENTRY32
Definition: toolhelp.c:39
struct tagTHREADENTRY32 THREADENTRY32
LONGLONG QuadPart
Definition: typedefs.h:112
BOOL WINAPI Heap32First(LPHEAPENTRY32 lphe, DWORD th32ProcessID, DWORD th32HeapID)
Definition: toolhelp.c:489
#define PAGE_READWRITE
Definition: nt_native.h:1304
ULONG ProcessListCount
Definition: toolhelp.c:69
DWORD modBaseSize
Definition: tlhelp32.h:100
NTSTATUS NTAPI NtFreeVirtualMemory(IN HANDLE ProcessHandle, IN PVOID *UBaseAddress, IN PSIZE_T URegionSize, IN ULONG FreeType)
Definition: virtual.c:5090