34#define CHECK_PARAM_SIZE(ptr, siz) \
35 if((ptr) == NULL || (ptr)->dwSize != (siz)) \
37 SetLastError(ERROR_INVALID_PARAMETER); \
48#define CHECK_PARAM_SIZEA(ptr, siz) \
49 if((ptr) == NULL || (ptr)->dwSize < (siz)) \
51 SetLastError(ERROR_INVALID_PARAMETER); \
55#define OffsetToPtr(Snapshot, Offset) \
56 ((ULONG_PTR)((Snapshot) + 1) + (ULONG_PTR)(Offset))
90 if(ModuleDebug !=
NULL)
95 if(ProcThrdInfo !=
NULL)
116 *ProcThrdInfo =
NULL;
117 *ProcThrdInfoSize = 0;
125 if(*HeapDebug !=
NULL)
142 if(*ModuleDebug !=
NULL)
161 (*ProcThrdInfoSize) += 0x10000;
183 *ProcThrdInfo =
NULL;
226 ULONG i, nProcesses = 0, nThreads = 0, nHeaps = 0, nModules = 0;
239 RequiredSnapshotSize += nHeaps *
sizeof(
HEAPLIST32);
248 nModules =
mi->NumberOfModules;
257 ULONG ProcOffset = 0;
266 }
while(ProcOffset != 0);
282 SSize.
QuadPart = RequiredSnapshotSize;
335 for(
i = 0;
i < nHeaps;
i++)
354 for(
i = 0;
i < nModules;
i++)
367 &
mi->Modules[
i].FullPathName[
mi->Modules[
i].OffsetToFileName],
374 mi->Modules[
i].FullPathName,
388 ULONG ProcOffset = 0;
424 }
while(ProcOffset != 0);
432 ULONG ProcOffset = 0;
461 }
while(ProcOffset != 0);
501 if (DebugInfo ==
NULL)
542 if (Block != LastBlock && lphe->
dwResvd != 0)
546 if (Block->
Flags & 0x2F1)
548 else if (Block->
Flags & 0x20)
550 else if (Block->
Flags & 0x100)
591 if (DebugInfo ==
NULL)
624 FoundUncommitted =
TRUE;
628 if (Block < LastBlock)
630 if (!FoundUncommitted)
635 if (Block->
Flags & 0x2F1)
637 else if (Block->
Flags & 0x20)
639 else if (Block->
Flags & 0x100)
1263 if(th32ProcessID == 0)
1307 return hSnapShotSection;
NTSTATUS NTAPI NtUnmapViewOfSection(IN HANDLE ProcessHandle, IN PVOID BaseAddress)
NTSTATUS NTAPI NtCreateSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
NTSTATUS NTAPI NtMapViewOfSection(IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
static const ENTRY Entries[]
while(CdLookupNextInitialFileDirent(IrpContext, Fcb, FileContext))
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
static TAGREF LPCWSTR LPDWORD LPVOID lpBuffer
#define ERROR_NOT_ENOUGH_MEMORY
#define NT_SUCCESS(StatCode)
#define ReadProcessMemory(a, b, c, d, e)
#define WideCharToMultiByte
#define MultiByteToWideChar
HANDLE WINAPI OpenProcess(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwProcessId)
@ SystemProcessInformation
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
_In_ BOOL _In_ HANDLE hProcess
struct _ThreadInfo ThreadInfo
#define InitializeObjectAttributes(p, n, a, r, s)
struct _SYSTEM_THREAD_INFORMATION * PSYSTEM_THREAD_INFORMATION
struct _SYSTEM_PROCESS_INFORMATION * PSYSTEM_PROCESS_INFORMATION
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
NTSYSAPI NTSTATUS NTAPI RtlDestroyQueryDebugBuffer(IN PRTL_DEBUG_INFORMATION DebugBuffer)
NTSYSAPI NTSTATUS NTAPI RtlQueryProcessDebugInformation(_In_ ULONG ProcessId, _In_ ULONG DebugInfoClassMask, _Inout_ PRTL_DEBUG_INFORMATION DebugBuffer)
NTSYSAPI PRTL_DEBUG_INFORMATION NTAPI RtlCreateQueryDebugBuffer(_In_ ULONG Size, _In_ BOOLEAN EventPair)
#define RTL_DEBUG_QUERY_HEAPS
struct _RTL_PROCESS_MODULES * PRTL_PROCESS_MODULES
#define RTL_DEBUG_QUERY_MODULES
struct _RTL_PROCESS_HEAPS * PRTL_PROCESS_HEAPS
#define RTL_DEBUG_QUERY_HEAP_BLOCKS
#define SECTION_ALL_ACCESS
#define NtCurrentProcess()
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
NTSTATUS NTAPI NtFreeVirtualMemory(IN HANDLE ProcessHandle, IN PVOID *UBaseAddress, IN PSIZE_T URegionSize, IN ULONG FreeType)
NTSTATUS NTAPI NtAllocateVirtualMemory(IN HANDLE ProcessHandle, IN OUT PVOID *UBaseAddress, IN ULONG_PTR ZeroBits, IN OUT PSIZE_T URegionSize, IN ULONG AllocationType, IN ULONG Protect)
DWORD BaseSetLastNTError(IN NTSTATUS Status)
NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInfoClass, OUT PVOID SystemInfoBuffer, IN ULONG SystemInfoBufferSize, OUT PULONG BytesReturned OPTIONAL)
RTL_HEAP_INFORMATION Heaps[1]
ULONG_PTR ThreadListOffset
ULONG_PTR ModuleListOffset
ULONG_PTR ProcessListOffset
WCHAR szModule[MAX_MODULE_NAME32+1]
WCHAR szExePath[MAX_PATH]
char szModule[MAX_MODULE_NAME32+1]
DWORD th32ParentProcessID
WCHAR szExeFile[MAX_PATH]
DWORD th32ParentProcessID
#define TH32CS_SNAPPROCESS
struct tagTHREADENTRY32 * LPTHREADENTRY32
struct tagMODULEENTRY32W MODULEENTRY32W
#define TH32CS_SNAPTHREAD
#define TH32CS_SNAPMODULE
struct tagHEAPLIST32 * LPHEAPLIST32
struct tagPROCESSENTRY32W * LPPROCESSENTRY32W
#define TH32CS_SNAPHEAPLIST
struct tagMODULEENTRY32W * LPMODULEENTRY32W
struct tagHEAPLIST32 HEAPLIST32
struct tagTHREADENTRY32 THREADENTRY32
struct tagPROCESSENTRY32W PROCESSENTRY32W
#define RtlCopyMemory(Destination, Source, Length)
#define RtlZeroMemory(Destination, Length)
#define STATUS_UNSUCCESSFUL
#define STATUS_INFO_LENGTH_MISMATCH
#define STATUS_NO_MORE_FILES
#define PROCESS_HEAP_UNCOMMITTED_RANGE
DWORD WINAPI GetCurrentProcessId(void)
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
#define ERROR_NO_MORE_FILES
_In_ const BITMAPINFO _In_ UINT _In_opt_ HANDLE hSection