* PURPOSE: Process functions
* PROGRAMMER: Alex Ionescu (alex@relsoft.net)
* Ariadne (ariadne@xs4all.nl)
+ * Eric Kohl
*/
/* INCLUDES ****************************************************************/
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to read image file from disk\n");
- return(Status);
+ return Status;
}
/* Now create a section for this image */
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to reserve 1MB of space \n");
- return(Status);
+ return Status;
}
}
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to allocate Environment Block\n");
- return(Status);
+ return Status;
}
/* Write the Environment Block */
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to allocate Parameter Block\n");
- return(Status);
+ return Status;
}
/* Write the Parameter Block */
{
DPRINT1("Could not create Kernel Process Object\n");
ZwClose(hSection);
- return(Status);
+ return Status;
}
/* Get some information on the image */
DPRINT1("Could not query Section Info\n");
ZwClose(ProcessInfo->ProcessHandle);
ZwClose(hSection);
- return(Status);
+ return Status;
}
/* Get some information about the process */
DPRINT1("Could not query Process Info\n");
ZwClose(ProcessInfo->ProcessHandle);
ZwClose(hSection);
- return(Status);
+ return Status;
}
/* Create Process Environment */
NTAPI
RtlEncodePointer(IN PVOID Pointer)
{
- ULONG Cookie;
- NTSTATUS Status;
-
- Status = ZwQueryInformationProcess(NtCurrentProcess(),
- ProcessCookie,
- &Cookie,
- sizeof(Cookie),
- NULL);
-
- if(!NT_SUCCESS(Status))
- {
- DPRINT1("Failed to receive the process cookie! Status: 0x%lx\n", Status);
- return Pointer;
- }
-
- return (PVOID)((ULONG_PTR)Pointer ^ Cookie);
+ ULONG Cookie;
+ NTSTATUS Status;
+
+ Status = ZwQueryInformationProcess(NtCurrentProcess(),
+ ProcessCookie,
+ &Cookie,
+ sizeof(Cookie),
+ NULL);
+ if(!NT_SUCCESS(Status))
+ {
+ DPRINT1("Failed to receive the process cookie! Status: 0x%lx\n", Status);
+ return Pointer;
+ }
+
+ return (PVOID)((ULONG_PTR)Pointer ^ Cookie);
}
/*
NTAPI
RtlDecodePointer(IN PVOID Pointer)
{
- return RtlEncodePointer(Pointer);
+ return RtlEncodePointer(Pointer);
}
/*
}
/*
- * @unimplemented
+ * @implemented
+ *
+ * NOTES:
+ * Implementation based on the documentation from:
+ * http://www.geoffchappell.com/studies/windows/win32/ntdll/api/rtl/peb/setprocessiscritical.htm
*/
-NTSYSAPI
-VOID
+NTSTATUS
NTAPI
-RtlSetProcessIsCritical(
- IN BOOLEAN NewValue,
- OUT PBOOLEAN OldValue OPTIONAL,
- IN BOOLEAN IsWinlogon)
+RtlSetProcessIsCritical(IN BOOLEAN NewValue,
+ OUT PBOOLEAN OldValue OPTIONAL,
+ IN BOOLEAN NeedBreaks)
{
- //TODO
- UNIMPLEMENTED;
+ ULONG BreakOnTermination = FALSE;
+
+ if (OldValue)
+ *OldValue = FALSE;
+
+ /* Fail, if the critical breaks flag is required but is not set */
+ if (NeedBreaks == TRUE &&
+ !(NtCurrentPeb()->NtGlobalFlag & FLG_ENABLE_SYSTEM_CRIT_BREAKS))
+ return STATUS_UNSUCCESSFUL;
+
+ if (OldValue)
+ {
+ /* Query and return the old break on termination flag for the process */
+ ZwQueryInformationProcess(NtCurrentProcess(),
+ ProcessBreakOnTermination,
+ &BreakOnTermination,
+ sizeof(ULONG),
+ NULL);
+ *OldValue = (BOOLEAN)BreakOnTermination;
+ }
+
+ /* Set the break on termination flag for the process */
+ BreakOnTermination = NewValue;
+ return ZwSetInformationProcess(NtCurrentProcess(),
+ ProcessBreakOnTermination,
+ &BreakOnTermination,
+ sizeof(ULONG));
}
ULONG