This graph shows which files directly or indirectly include this file:

Classes
struct	tagHEAPLIST32

struct	tagHEAPENTRY32

struct	tagPROCESSENTRY32W

struct	tagPROCESSENTRY32

struct	tagTHREADENTRY32

struct	tagMODULEENTRY32W

struct	tagMODULEENTRY32

Macros
#define	HF32_DEFAULT 1

#define	HF32_SHARED 2

#define	LF32_FIXED 0x1

#define	LF32_FREE 0x2

#define	LF32_MOVEABLE 0x4

#define	MAX_MODULE_NAME32 255

#define	TH32CS_SNAPHEAPLIST 0x1

#define	TH32CS_SNAPPROCESS 0x2

#define	TH32CS_SNAPTHREAD 0x4

#define	TH32CS_SNAPMODULE 0x8

#define	TH32CS_SNAPALL (TH32CS_SNAPHEAPLIST\|TH32CS_SNAPPROCESS\|TH32CS_SNAPTHREAD\|TH32CS_SNAPMODULE)

#define	TH32CS_INHERIT 0x80000000

Typedefs
typedef struct tagHEAPLIST32	HEAPLIST32

typedef struct tagHEAPLIST32 *	PHEAPLIST32

typedef struct tagHEAPLIST32 *	LPHEAPLIST32

typedef struct tagHEAPENTRY32	HEAPENTRY32

typedef struct tagHEAPENTRY32 *	PHEAPENTRY32

typedef struct tagHEAPENTRY32 *	LPHEAPENTRY32

typedef struct tagPROCESSENTRY32W	PROCESSENTRY32W

typedef struct tagPROCESSENTRY32W *	PPROCESSENTRY32W

typedef struct tagPROCESSENTRY32W *	LPPROCESSENTRY32W

typedef struct tagPROCESSENTRY32	PROCESSENTRY32

typedef struct tagPROCESSENTRY32 *	PPROCESSENTRY32

typedef struct tagPROCESSENTRY32 *	LPPROCESSENTRY32

typedef struct tagTHREADENTRY32	THREADENTRY32

typedef struct tagTHREADENTRY32 *	PTHREADENTRY32

typedef struct tagTHREADENTRY32 *	LPTHREADENTRY32

typedef struct tagMODULEENTRY32W	MODULEENTRY32W

typedef struct tagMODULEENTRY32W *	PMODULEENTRY32W

typedef struct tagMODULEENTRY32W *	LPMODULEENTRY32W

typedef struct tagMODULEENTRY32	MODULEENTRY32

typedef struct tagMODULEENTRY32 *	PMODULEENTRY32

typedef struct tagMODULEENTRY32 *	LPMODULEENTRY32

Functions
BOOL WINAPI	Heap32First (LPHEAPENTRY32, DWORD, DWORD)

BOOL WINAPI	Heap32ListFirst (HANDLE, LPHEAPLIST32)

BOOL WINAPI	Heap32ListNext (HANDLE, LPHEAPLIST32)

BOOL WINAPI	Heap32Next (LPHEAPENTRY32)

BOOL WINAPI	Module32First (HANDLE, LPMODULEENTRY32)

BOOL WINAPI	Module32FirstW (HANDLE, LPMODULEENTRY32W)

BOOL WINAPI	Module32Next (HANDLE, LPMODULEENTRY32)

BOOL WINAPI	Module32NextW (HANDLE, LPMODULEENTRY32W)

BOOL WINAPI	Process32First (HANDLE, LPPROCESSENTRY32)

BOOL WINAPI	Process32FirstW (HANDLE, LPPROCESSENTRY32W)

BOOL WINAPI	Process32Next (HANDLE, LPPROCESSENTRY32)

BOOL WINAPI	Process32NextW (HANDLE, LPPROCESSENTRY32W)

BOOL WINAPI	Thread32First (HANDLE, LPTHREADENTRY32)

BOOL WINAPI	Thread32Next (HANDLE, LPTHREADENTRY32)

BOOL WINAPI	Toolhelp32ReadProcessMemory (DWORD, LPCVOID, LPVOID, SIZE_T, SIZE_T *)

HANDLE WINAPI	CreateToolhelp32Snapshot (DWORD, DWORD)

Macro Definition Documentation

◆ HF32_DEFAULT

#define HF32_DEFAULT 1

Definition at line 19 of file tlhelp32.h.

◆ HF32_SHARED

#define HF32_SHARED 2

Definition at line 20 of file tlhelp32.h.

◆ LF32_FIXED

#define LF32_FIXED 0x1

Definition at line 21 of file tlhelp32.h.

◆ LF32_FREE

#define LF32_FREE 0x2

Definition at line 22 of file tlhelp32.h.

◆ LF32_MOVEABLE

#define LF32_MOVEABLE 0x4

Definition at line 23 of file tlhelp32.h.

◆ MAX_MODULE_NAME32

#define MAX_MODULE_NAME32 255

Definition at line 24 of file tlhelp32.h.

◆ TH32CS_INHERIT

#define TH32CS_INHERIT 0x80000000

Definition at line 30 of file tlhelp32.h.

◆ TH32CS_SNAPALL

#define TH32CS_SNAPALL (TH32CS_SNAPHEAPLIST|TH32CS_SNAPPROCESS|TH32CS_SNAPTHREAD|TH32CS_SNAPMODULE)

Definition at line 29 of file tlhelp32.h.

◆ TH32CS_SNAPHEAPLIST

#define TH32CS_SNAPHEAPLIST 0x1

Definition at line 25 of file tlhelp32.h.

◆ TH32CS_SNAPMODULE

#define TH32CS_SNAPMODULE 0x8

Definition at line 28 of file tlhelp32.h.

◆ TH32CS_SNAPPROCESS

#define TH32CS_SNAPPROCESS 0x2

Definition at line 26 of file tlhelp32.h.

◆ TH32CS_SNAPTHREAD

#define TH32CS_SNAPTHREAD 0x4

Definition at line 27 of file tlhelp32.h.

Typedef Documentation

◆ HEAPENTRY32

typedef struct tagHEAPENTRY32 HEAPENTRY32

◆ HEAPLIST32

typedef struct tagHEAPLIST32 HEAPLIST32

◆ LPHEAPENTRY32

typedef struct tagHEAPENTRY32* LPHEAPENTRY32

◆ LPHEAPLIST32

typedef struct tagHEAPLIST32* LPHEAPLIST32

◆ LPMODULEENTRY32

static LPMODULEENTRY32

Definition at line 36 of file toolhelp.c.

◆ LPMODULEENTRY32W

typedef struct tagMODULEENTRY32W* LPMODULEENTRY32W

◆ LPPROCESSENTRY32

static LPPROCESSENTRY32

Definition at line 38 of file toolhelp.c.

◆ LPPROCESSENTRY32W

typedef struct tagPROCESSENTRY32W* LPPROCESSENTRY32W

◆ LPTHREADENTRY32

static LPTHREADENTRY32

Definition at line 40 of file toolhelp.c.

◆ MODULEENTRY32

typedef struct tagMODULEENTRY32 MODULEENTRY32

◆ MODULEENTRY32W

typedef struct tagMODULEENTRY32W MODULEENTRY32W

◆ PHEAPENTRY32

typedef struct tagHEAPENTRY32* PHEAPENTRY32

◆ PHEAPLIST32

typedef struct tagHEAPLIST32* PHEAPLIST32

◆ PMODULEENTRY32

typedef struct tagMODULEENTRY32* PMODULEENTRY32

◆ PMODULEENTRY32W

typedef struct tagMODULEENTRY32W* PMODULEENTRY32W

◆ PPROCESSENTRY32

typedef struct tagPROCESSENTRY32* PPROCESSENTRY32

◆ PPROCESSENTRY32W

typedef struct tagPROCESSENTRY32W* PPROCESSENTRY32W

◆ PROCESSENTRY32

typedef struct tagPROCESSENTRY32 PROCESSENTRY32

◆ PROCESSENTRY32W

typedef struct tagPROCESSENTRY32W PROCESSENTRY32W

◆ PTHREADENTRY32

typedef struct tagTHREADENTRY32* PTHREADENTRY32

◆ THREADENTRY32

typedef struct tagTHREADENTRY32 THREADENTRY32

Function Documentation

◆ CreateToolhelp32Snapshot()

HANDLE WINAPI CreateToolhelp32Snapshot	(	DWORD	,
		DWORD
	)

Definition at line 1255 of file toolhelp.c.

 {
   PRTL_DEBUG_INFORMATION HeapDebug, ModuleDebug;
   PVOID ProcThrdInfo;
   SIZE_T ProcThrdInfoSize;
   NTSTATUS Status;
   HANDLE hSnapShotSection = NULL;
 
   if(th32ProcessID == 0)
   {
     th32ProcessID = GetCurrentProcessId();
   }
 
   /*
    * Get all information required for the snapshot
    */
   Status = TH32CreateSnapshot(dwFlags,
                               th32ProcessID,
                               &HeapDebug,
                               &ModuleDebug,
                               &ProcThrdInfo,
                               &ProcThrdInfoSize);
   if(!NT_SUCCESS(Status))
   {
     BaseSetLastNTError(Status);
     return NULL;
   }
 
   /*
    * Create a section handle and initialize the collected information
    */
   Status = TH32CreateSnapshotSectionInitialize(dwFlags,
                                                th32ProcessID,
                                                HeapDebug,
                                                ModuleDebug,
                                                ProcThrdInfo,
                                                &hSnapShotSection);
 
   /*
    * Free the temporarily allocated memory which is no longer needed
    */
   TH32FreeAllocatedResources(HeapDebug,
                              ModuleDebug,
                              ProcThrdInfo,
                              ProcThrdInfoSize);
 
   if(!NT_SUCCESS(Status))
   {
     BaseSetLastNTError(Status);
     return NULL;
   }
 
   return hSnapShotSection;
 }

Referenced by _DoDLLInjection(), fill_process(), GetProcessID(), IntGetImageBase(), IsBlockFromHeap(), PrintBugreport(), and ShutdownProcessTree().

◆ Heap32First()

BOOL WINAPI Heap32First	(	LPHEAPENTRY32	,
		DWORD	,
		DWORD
	)

Definition at line 489 of file toolhelp.c.

 {
   PRTL_DEBUG_INFORMATION DebugInfo;
   PRTL_HEAP_INFORMATION Heap;
   PRTLP_HEAP_ENTRY Block, LastBlock;
   ULONG i;
   NTSTATUS Status;
 
   CHECK_PARAM_SIZE(lphe, sizeof(HEAPENTRY32));
 
   DebugInfo = RtlCreateQueryDebugBuffer(0,
                                         FALSE);
   if (DebugInfo == NULL)
   {
     SetLastError(ERROR_NOT_ENOUGH_MEMORY);
     return FALSE;
   }
 
   Status = RtlQueryProcessDebugInformation(th32ProcessID,
                                            RTL_DEBUG_QUERY_HEAPS | RTL_DEBUG_QUERY_HEAP_BLOCKS,
                                            DebugInfo);
 
   if (NT_SUCCESS(Status))
   {
     Status = STATUS_NO_MORE_FILES;
 
     for (i = 0;
          i != DebugInfo->Heaps->NumberOfHeaps;
          i++)
     {
       Heap = &DebugInfo->Heaps->Heaps[i];
 
       if ((ULONG_PTR)Heap->BaseAddress == th32HeapID)
       {
         lphe->hHandle = (HANDLE)Heap->BaseAddress;
         lphe->dwAddress = 0;
         lphe->dwBlockSize = 0;
         lphe->dwFlags = 0;
         lphe->dwLockCount = 0;
         lphe->dwResvd = 0;
         lphe->th32ProcessID = th32ProcessID;
         lphe->th32HeapID = (ULONG_PTR)Heap->BaseAddress;
 
         Block = (PRTLP_HEAP_ENTRY)Heap->Entries;
         LastBlock = Block + Heap->NumberOfEntries;
 
         while (Block != LastBlock && (Block->Flags & PROCESS_HEAP_UNCOMMITTED_RANGE))
         {
           lphe->dwResvd++;
           lphe->dwAddress = (ULONG_PTR)((ULONG_PTR)Block->Address + Heap->EntryOverhead);
           Block++;
         }
 
         if (Block != LastBlock && lphe->dwResvd != 0)
         {
           lphe->dwBlockSize =  Block->Size;
 
           if (Block->Flags & 0x2F1) /* FIXME */
             lphe->dwFlags = LF32_FIXED;
           else if (Block->Flags & 0x20) /* FIXME */
             lphe->dwFlags = LF32_MOVEABLE;
           else if (Block->Flags & 0x100) /* FIXME */
             lphe->dwFlags = LF32_FREE;
 
           Status = STATUS_SUCCESS;
         }
 
         break;
       }
     }
   }
 
   RtlDestroyQueryDebugBuffer(DebugInfo);
 
   if (!NT_SUCCESS(Status))
   {
     BaseSetLastNTError(Status);
     return FALSE;
   }
 
   return TRUE;
 }

Referenced by IsBlockFromHeap().

◆ Heap32ListFirst()

BOOL WINAPI Heap32ListFirst	(	HANDLE	,
		LPHEAPLIST32
	)

Definition at line 669 of file toolhelp.c.

 {
   PTH32SNAPSHOT Snapshot;
   LARGE_INTEGER SOffset;
   SIZE_T ViewSize;
   NTSTATUS Status;
 
   CHECK_PARAM_SIZE(lphl, sizeof(HEAPLIST32));
 
   SOffset.QuadPart = 0;
   ViewSize = 0;
   Snapshot = NULL;
 
   Status = NtMapViewOfSection(hSnapshot,
                               NtCurrentProcess(),
                               (PVOID*)&Snapshot,
                               0,
                               0,
                               &SOffset,
                               &ViewSize,
                               ViewShare,
                               0,
                               PAGE_READWRITE);
   if(NT_SUCCESS(Status))
   {
     BOOL Ret;
 
     if(Snapshot->HeapListCount > 0)
     {
       LPHEAPLIST32 Entries = (LPHEAPLIST32)OffsetToPtr(Snapshot, Snapshot->HeapListOffset);
       Snapshot->HeapListIndex = 1;
       RtlCopyMemory(lphl, &Entries[0], sizeof(HEAPLIST32));
       Ret = TRUE;
     }
     else
     {
       SetLastError(ERROR_NO_MORE_FILES);
       Ret = FALSE;
     }
 
     NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
     return Ret;
   }
 
   BaseSetLastNTError(Status);
   return FALSE;
 }

◆ Heap32ListNext()

BOOL WINAPI Heap32ListNext	(	HANDLE	,
		LPHEAPLIST32
	)

Definition at line 723 of file toolhelp.c.

 {
   PTH32SNAPSHOT Snapshot;
   LARGE_INTEGER SOffset;
   SIZE_T ViewSize;
   NTSTATUS Status;
 
   CHECK_PARAM_SIZE(lphl, sizeof(HEAPLIST32));
 
   SOffset.QuadPart = 0;
   ViewSize = 0;
   Snapshot = NULL;
 
   Status = NtMapViewOfSection(hSnapshot,
                               NtCurrentProcess(),
                               (PVOID*)&Snapshot,
                               0,
                               0,
                               &SOffset,
                               &ViewSize,
                               ViewShare,
                               0,
                               PAGE_READWRITE);
   if(NT_SUCCESS(Status))
   {
     BOOL Ret;
 
     if(Snapshot->HeapListCount > 0 &&
        Snapshot->HeapListIndex < Snapshot->HeapListCount)
     {
       LPHEAPLIST32 Entries = (LPHEAPLIST32)OffsetToPtr(Snapshot, Snapshot->HeapListOffset);
       RtlCopyMemory(lphl, &Entries[Snapshot->HeapListIndex++], sizeof(HEAPLIST32));
       Ret = TRUE;
     }
     else
     {
       SetLastError(ERROR_NO_MORE_FILES);
       Ret = FALSE;
     }
 
     NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
     return Ret;
   }
 
   BaseSetLastNTError(Status);
   return FALSE;
 }

◆ Heap32Next()

BOOL WINAPI Heap32Next ( LPHEAPENTRY32 )

Definition at line 578 of file toolhelp.c.

 {
   PRTL_DEBUG_INFORMATION DebugInfo;
   PRTL_HEAP_INFORMATION Heap;
   PRTLP_HEAP_ENTRY Block, LastBlock;
   BOOLEAN FoundUncommitted = FALSE;
   ULONG i;
   NTSTATUS Status;
 
   CHECK_PARAM_SIZE(lphe, sizeof(HEAPENTRY32));
 
   DebugInfo = RtlCreateQueryDebugBuffer(0,
                                         FALSE);
   if (DebugInfo == NULL)
   {
     SetLastError(ERROR_NOT_ENOUGH_MEMORY);
     return FALSE;
   }
 
   Status = RtlQueryProcessDebugInformation(lphe->th32ProcessID,
                                            RTL_DEBUG_QUERY_HEAPS | RTL_DEBUG_QUERY_HEAP_BLOCKS,
                                            DebugInfo);
 
   if (NT_SUCCESS(Status))
   {
     Status = STATUS_NO_MORE_FILES;
 
     for (i = 0;
          i != DebugInfo->Heaps->NumberOfHeaps;
          i++)
     {
       Heap = &DebugInfo->Heaps->Heaps[i];
 
       if ((ULONG_PTR)Heap->BaseAddress == lphe->th32HeapID)
       {
         if (++lphe->dwResvd < Heap->NumberOfEntries)
         {
           lphe->dwFlags = 0;
 
           Block = (PRTLP_HEAP_ENTRY)Heap->Entries + lphe->dwResvd;
           LastBlock = (PRTLP_HEAP_ENTRY)Heap->Entries + Heap->NumberOfEntries;
 
           while (Block < LastBlock && (Block->Flags & PROCESS_HEAP_UNCOMMITTED_RANGE))
           {
             lphe->dwResvd++;
             lphe->dwAddress = (ULONG_PTR)((ULONG_PTR)Block->Address + Heap->EntryOverhead);
             FoundUncommitted = TRUE;
             Block++;
           }
 
           if (Block < LastBlock)
           {
             if (!FoundUncommitted)
               lphe->dwAddress += lphe->dwBlockSize;
 
             lphe->dwBlockSize =  Block->Size;
 
             if (Block->Flags & 0x2F1) /* FIXME */
               lphe->dwFlags = LF32_FIXED;
             else if (Block->Flags & 0x20) /* FIXME */
               lphe->dwFlags = LF32_MOVEABLE;
             else if (Block->Flags & 0x100) /* FIXME */
               lphe->dwFlags = LF32_FREE;
 
             Status = STATUS_SUCCESS;
           }
         }
 
         break;
       }
     }
   }
 
   RtlDestroyQueryDebugBuffer(DebugInfo);
 
   if (!NT_SUCCESS(Status))
   {
     BaseSetLastNTError(Status);
     return FALSE;
   }
 
   return TRUE;
 
 }

Referenced by IsBlockFromHeap().

◆ Module32First()

BOOL WINAPI Module32First	(	HANDLE	,
		LPMODULEENTRY32
	)

Definition at line 777 of file toolhelp.c.

 {
   MODULEENTRY32W me;
   BOOL Ret;
 
   CHECK_PARAM_SIZEA(lpme, sizeof(MODULEENTRY32));
 
   me.dwSize = sizeof(MODULEENTRY32W);
 
   Ret = Module32FirstW(hSnapshot, &me);
   if(Ret)
   {
     lpme->th32ModuleID = me.th32ModuleID;
     lpme->th32ProcessID = me.th32ProcessID;
     lpme->GlblcntUsage = me.GlblcntUsage;
     lpme->ProccntUsage = me.ProccntUsage;
     lpme->modBaseAddr = me.modBaseAddr;
     lpme->modBaseSize = me.modBaseSize;
     lpme->hModule = me.hModule;
 
     WideCharToMultiByte(CP_ACP, 0, me.szModule, -1, lpme->szModule, sizeof(lpme->szModule), 0, 0);
     WideCharToMultiByte(CP_ACP, 0, me.szExePath, -1, lpme->szExePath, sizeof(lpme->szExePath), 0, 0);
   }
 
   return Ret;
 }

Referenced by IntGetImageBase().

◆ Module32FirstW()

BOOL WINAPI Module32FirstW	(	HANDLE	,
		LPMODULEENTRY32W
	)

Definition at line 810 of file toolhelp.c.

 {
   PTH32SNAPSHOT Snapshot;
   LARGE_INTEGER SOffset;
   SIZE_T ViewSize;
   NTSTATUS Status;
 
   CHECK_PARAM_SIZE(lpme, sizeof(MODULEENTRY32W));
 
   SOffset.QuadPart = 0;
   ViewSize = 0;
   Snapshot = NULL;
 
   Status = NtMapViewOfSection(hSnapshot,
                               NtCurrentProcess(),
                               (PVOID*)&Snapshot,
                               0,
                               0,
                               &SOffset,
                               &ViewSize,
                               ViewShare,
                               0,
                               PAGE_READWRITE);
   if(NT_SUCCESS(Status))
   {
     BOOL Ret;
 
     if(Snapshot->ModuleListCount > 0)
     {
       LPMODULEENTRY32W Entries = (LPMODULEENTRY32W)OffsetToPtr(Snapshot, Snapshot->ModuleListOffset);
       Snapshot->ModuleListIndex = 1;
       RtlCopyMemory(lpme, &Entries[0], sizeof(MODULEENTRY32W));
       Ret = TRUE;
     }
     else
     {
       SetLastError(ERROR_NO_MORE_FILES);
       Ret = FALSE;
     }
 
     NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
     return Ret;
   }
 
   BaseSetLastNTError(Status);
   return FALSE;
 }

Referenced by Module32First().

◆ Module32Next()

BOOL WINAPI Module32Next	(	HANDLE	,
		LPMODULEENTRY32
	)

Definition at line 864 of file toolhelp.c.

 {
   MODULEENTRY32W me;
   BOOL Ret;
 
   CHECK_PARAM_SIZEA(lpme, sizeof(MODULEENTRY32));
 
   me.dwSize = sizeof(MODULEENTRY32W);
 
   Ret = Module32NextW(hSnapshot, &me);
   if(Ret)
   {
     lpme->th32ModuleID = me.th32ModuleID;
     lpme->th32ProcessID = me.th32ProcessID;
     lpme->GlblcntUsage = me.GlblcntUsage;
     lpme->ProccntUsage = me.ProccntUsage;
     lpme->modBaseAddr = me.modBaseAddr;
     lpme->modBaseSize = me.modBaseSize;
     lpme->hModule = me.hModule;
 
     WideCharToMultiByte(CP_ACP, 0, me.szModule, -1, lpme->szModule, sizeof(lpme->szModule), 0, 0);
     WideCharToMultiByte(CP_ACP, 0, me.szExePath, -1, lpme->szExePath, sizeof(lpme->szExePath), 0, 0);
   }
 
   return Ret;
 }

Referenced by IntGetImageBase().

◆ Module32NextW()

BOOL WINAPI Module32NextW	(	HANDLE	,
		LPMODULEENTRY32W
	)

Definition at line 897 of file toolhelp.c.

 {
   PTH32SNAPSHOT Snapshot;
   LARGE_INTEGER SOffset;
   SIZE_T ViewSize;
   NTSTATUS Status;
 
   CHECK_PARAM_SIZE(lpme, sizeof(MODULEENTRY32W));
 
   SOffset.QuadPart = 0;
   ViewSize = 0;
   Snapshot = NULL;
 
   Status = NtMapViewOfSection(hSnapshot,
                               NtCurrentProcess(),
                               (PVOID*)&Snapshot,
                               0,
                               0,
                               &SOffset,
                               &ViewSize,
                               ViewShare,
                               0,
                               PAGE_READWRITE);
   if(NT_SUCCESS(Status))
   {
     BOOL Ret;
 
     if((Snapshot->ModuleListCount > 0) &&
        (Snapshot->ModuleListIndex < Snapshot->ModuleListCount))
     {
       LPMODULEENTRY32W Entries = (LPMODULEENTRY32W)OffsetToPtr(Snapshot, Snapshot->ModuleListOffset);
       RtlCopyMemory(lpme, &Entries[Snapshot->ModuleListIndex++], sizeof(MODULEENTRY32W));
       Ret = TRUE;
     }
     else
     {
       SetLastError(ERROR_NO_MORE_FILES);
       Ret = FALSE;
     }
 
     NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
     return Ret;
   }
 
   BaseSetLastNTError(Status);
   return FALSE;
 }

Referenced by Module32Next().

◆ Process32First()

BOOL WINAPI Process32First	(	HANDLE	,
		LPPROCESSENTRY32
	)

Definition at line 951 of file toolhelp.c.

 {
   PROCESSENTRY32W pe;
   BOOL Ret;
 
   CHECK_PARAM_SIZEA(lppe, sizeof(PROCESSENTRY32));
 
   pe.dwSize = sizeof(PROCESSENTRY32W);
 
   Ret = Process32FirstW(hSnapshot, &pe);
   if(Ret)
   {
     lppe->cntUsage = pe.cntUsage;
     lppe->th32ProcessID = pe.th32ProcessID;
     lppe->th32DefaultHeapID = pe.th32DefaultHeapID;
     lppe->th32ModuleID = pe.th32ModuleID;
     lppe->cntThreads = pe.cntThreads;
     lppe->th32ParentProcessID = pe.th32ParentProcessID;
     lppe->pcPriClassBase = pe.pcPriClassBase;
     lppe->dwFlags = pe.dwFlags;
 
     WideCharToMultiByte(CP_ACP, 0, pe.szExeFile, -1, lppe->szExeFile, sizeof(lppe->szExeFile), 0, 0);
   }
 
   return Ret;
 }

Referenced by PrintBugreport().

◆ Process32FirstW()

BOOL WINAPI Process32FirstW	(	HANDLE	,
		LPPROCESSENTRY32W
	)

Definition at line 984 of file toolhelp.c.

 {
   PTH32SNAPSHOT Snapshot;
   LARGE_INTEGER SOffset;
   SIZE_T ViewSize;
   NTSTATUS Status;
 
   CHECK_PARAM_SIZE(lppe, sizeof(PROCESSENTRY32W));
 
   SOffset.QuadPart = 0;
   ViewSize = 0;
   Snapshot = NULL;
 
   Status = NtMapViewOfSection(hSnapshot,
                               NtCurrentProcess(),
                               (PVOID*)&Snapshot,
                               0,
                               0,
                               &SOffset,
                               &ViewSize,
                               ViewShare,
                               0,
                               PAGE_READWRITE);
   if(NT_SUCCESS(Status))
   {
     BOOL Ret;
 
     if(Snapshot->ProcessListCount > 0)
     {
       LPPROCESSENTRY32W Entries = (LPPROCESSENTRY32W)OffsetToPtr(Snapshot, Snapshot->ProcessListOffset);
 
       Snapshot->ProcessListIndex = 1;
       RtlCopyMemory(lppe, &Entries[0], sizeof(PROCESSENTRY32W));
       Ret = TRUE;
     }
     else
     {
 
       SetLastError(ERROR_NO_MORE_FILES);
       Ret = FALSE;
     }
 
     NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)Snapshot);
     return Ret;
   }
 
   BaseSetLastNTError(Status);
   return FALSE;
 }

Referenced by _DoDLLInjection(), fill_process(), GetProcessID(), Process32First(), and ShutdownProcessTreeHelper().

◆ Process32Next()

BOOL WINAPI Process32Next	(	HANDLE	,
		LPPROCESSENTRY32
	)

Definition at line 1040 of file toolhelp.c.

 {
   PROCESSENTRY32W pe;
   BOOL Ret;
 
   CHECK_PARAM_SIZEA(lppe, sizeof(PROCESSENTRY32));
 
   pe.dwSize = sizeof(PROCESSENTRY32W);
 
   Ret = Process32NextW(hSnapshot, &pe);
   if(Ret)
   {
     lppe->cntUsage = pe.cntUsage;
     lppe->th32ProcessID = pe.th32ProcessID;
     lppe->th32DefaultHeapID = pe.th32DefaultHeapID;
     lppe->th32ModuleID = pe.th32ModuleID;
     lppe->cntThreads = pe.cntThreads;
     lppe->th32ParentProcessID = pe.th32ParentProcessID;
     lppe->pcPriClassBase = pe.pcPriClassBase;
     lppe->dwFlags = pe.dwFlags;
 
     WideCharToMultiByte(CP_ACP, 0, pe.szExeFile, -1, lppe->szExeFile, sizeof(lppe->szExeFile), 0, 0);
   }
 
   return Ret;
 }