* PURPOSE: Process functions
* PROGRAMMER: Alex Ionescu (alex@relsoft.net)
* Ariadne (ariadne@xs4all.nl)
+ * Eric Kohl
*/
/* INCLUDES ****************************************************************/
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to read image file from disk\n");
- return(Status);
+ return Status;
}
/* Now create a section for this image */
{
NTSTATUS Status;
PVOID BaseAddress = NULL;
- ULONG EnviroSize;
- ULONG Size;
+ SIZE_T EnviroSize;
+ SIZE_T Size;
PWCHAR Environment = 0;
DPRINT("RtlpInitEnvironment (hProcess: %p, Peb: %p Params: %p)\n",
ProcessHandle, Peb, ProcessParameters);
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to reserve 1MB of space \n");
- return(Status);
+ return Status;
}
}
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to allocate Environment Block\n");
- return(Status);
+ return Status;
}
/* Write the Environment Block */
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to allocate Parameter Block\n");
- return(Status);
+ return Status;
}
/* Write the Parameter Block */
HANDLE hSection;
PROCESS_BASIC_INFORMATION ProcessBasicInfo;
OBJECT_ATTRIBUTES ObjectAttributes;
- UNICODE_STRING DebugString = RTL_CONSTANT_STRING(L"\\WindowsSS");;
+ UNICODE_STRING DebugString = RTL_CONSTANT_STRING(L"\\WindowsSS");
DPRINT("RtlCreateUserProcess: %wZ\n", ImageFileName);
/* Map and Load the File */
/* Use us as parent if none other specified */
if (!ParentProcess) ParentProcess = NtCurrentProcess();
-
+
/* Initialize the Object Attributes */
- InitializeObjectAttributes(&ObjectAttributes,
- NULL,
- 0,
+ InitializeObjectAttributes(&ObjectAttributes,
+ NULL,
+ 0,
NULL,
ProcessSecurityDescriptor);
{
DPRINT1("Could not create Kernel Process Object\n");
ZwClose(hSection);
- return(Status);
+ return Status;
}
/* Get some information on the image */
DPRINT1("Could not query Section Info\n");
ZwClose(ProcessInfo->ProcessHandle);
ZwClose(hSection);
- return(Status);
+ return Status;
}
/* Get some information about the process */
DPRINT1("Could not query Process Info\n");
ZwClose(ProcessInfo->ProcessHandle);
ZwClose(hSection);
- return(Status);
+ return Status;
}
/* Create Process Environment */
NTAPI
RtlEncodePointer(IN PVOID Pointer)
{
- ULONG Cookie;
- NTSTATUS Status;
-
- Status = ZwQueryInformationProcess(NtCurrentProcess(),
- ProcessCookie,
- &Cookie,
- sizeof(Cookie),
- NULL);
-
- if(!NT_SUCCESS(Status))
- {
- DPRINT1("Failed to receive the process cookie! Status: 0x%lx\n", Status);
- return Pointer;
- }
-
- return (PVOID)((ULONG_PTR)Pointer ^ Cookie);
+ ULONG Cookie;
+ NTSTATUS Status;
+
+ Status = ZwQueryInformationProcess(NtCurrentProcess(),
+ ProcessCookie,
+ &Cookie,
+ sizeof(Cookie),
+ NULL);
+ if(!NT_SUCCESS(Status))
+ {
+ DPRINT1("Failed to receive the process cookie! Status: 0x%lx\n", Status);
+ return Pointer;
+ }
+
+ return (PVOID)((ULONG_PTR)Pointer ^ Cookie);
+}
+
+/*
+ * @implemented
+ */
+PVOID
+NTAPI
+RtlDecodePointer(IN PVOID Pointer)
+{
+ return RtlEncodePointer(Pointer);
}
/*
* @unimplemented
*/
-NTSYSAPI
-VOID
+PVOID
NTAPI
-RtlSetProcessIsCritical(
- IN BOOLEAN NewValue,
- OUT PBOOLEAN OldValue OPTIONAL,
- IN BOOLEAN IsWinlogon)
+RtlEncodeSystemPointer(IN PVOID Pointer)
{
- //TODO
+ UNIMPLEMENTED;
+ return NULL;
}
-/* EOF */
+/*
+ * @implemented
+ *
+ * NOTES:
+ * Implementation based on the documentation from:
+ * http://www.geoffchappell.com/studies/windows/win32/ntdll/api/rtl/peb/setprocessiscritical.htm
+ */
+NTSTATUS
+NTAPI
+RtlSetProcessIsCritical(IN BOOLEAN NewValue,
+ OUT PBOOLEAN OldValue OPTIONAL,
+ IN BOOLEAN NeedBreaks)
+{
+ ULONG BreakOnTermination = FALSE;
+
+ if (OldValue)
+ *OldValue = FALSE;
+
+ /* Fail, if the critical breaks flag is required but is not set */
+ if (NeedBreaks == TRUE &&
+ !(NtCurrentPeb()->NtGlobalFlag & FLG_ENABLE_SYSTEM_CRIT_BREAKS))
+ return STATUS_UNSUCCESSFUL;
+
+ if (OldValue)
+ {
+ /* Query and return the old break on termination flag for the process */
+ ZwQueryInformationProcess(NtCurrentProcess(),
+ ProcessBreakOnTermination,
+ &BreakOnTermination,
+ sizeof(ULONG),
+ NULL);
+ *OldValue = (BOOLEAN)BreakOnTermination;
+ }
+
+ /* Set the break on termination flag for the process */
+ BreakOnTermination = NewValue;
+ return ZwSetInformationProcess(NtCurrentProcess(),
+ ProcessBreakOnTermination,
+ &BreakOnTermination,
+ sizeof(ULONG));
+}
+
+ULONG
+NTAPI
+RtlGetCurrentProcessorNumber(VOID)
+{
+ /* Forward to kernel */
+ return NtGetCurrentProcessorNumber();
+}