|
 |
dd89bb |
/********************************************************/
|
|
|
dd89bb |
/* ntapi: Native API core library */
|
|
|
4256e2 |
/* Copyright (C) 2013--2016 Z. Gilboa */
|
|
|
dd89bb |
/* Released under GPLv2 and GPLv3; see COPYING.NTAPI. */
|
|
|
dd89bb |
/********************************************************/
|
|
|
dd89bb |
|
|
|
dd89bb |
#include <psxtypes/psxtypes.h>
|
|
|
dd89bb |
#include <pemagine/pemagine.h>
|
|
|
dd89bb |
#include <ntapi/nt_status.h>
|
|
|
dd89bb |
#include <ntapi/nt_object.h>
|
|
|
dd89bb |
#include <ntapi/nt_thread.h>
|
|
|
dd89bb |
#include <ntapi/nt_process.h>
|
|
|
dd89bb |
#include <ntapi/nt_string.h>
|
|
|
dd89bb |
#include <ntapi/ntapi.h>
|
|
|
dd89bb |
#include "ntapi_impl.h"
|
|
|
dd89bb |
|
|
|
dd89bb |
static int32_t __tt_create_process_cancel(nt_create_process_params * params, int32_t status)
|
|
|
dd89bb |
{
|
|
|
dd89bb |
if (params->hprocess) {
|
|
|
dd89bb |
__ntapi->zw_terminate_process(params->hprocess,NT_STATUS_INTERNAL_ERROR);
|
|
|
dd89bb |
__ntapi->zw_close(params->hprocess);
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
if (params->hthread)
|
|
|
dd89bb |
__ntapi->zw_close(params->hthread);
|
|
|
dd89bb |
|
|
|
dd89bb |
return status;
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
int32_t __stdcall __ntapi_tt_create_native_process_v2(
|
|
|
dd89bb |
__in_out nt_create_process_params * params)
|
|
|
dd89bb |
{
|
|
|
dd89bb |
int32_t status;
|
|
|
dd89bb |
|
|
|
dd89bb |
nt_object_attributes oa_process;
|
|
|
dd89bb |
nt_object_attributes oa_thread;
|
|
|
dd89bb |
|
|
|
dd89bb |
nt_unicode_string nt_image;
|
|
|
dd89bb |
nt_unicode_string nt_cmd_line;
|
|
|
dd89bb |
wchar16_t * cmd_line_runtime_buffer;
|
|
|
dd89bb |
size_t cmd_line_runtime_buffer_size;
|
|
|
dd89bb |
|
|
|
dd89bb |
nt_create_process_info nt_process_info;
|
|
|
dd89bb |
int fresume_thread;
|
|
|
dd89bb |
|
|
|
dd89bb |
struct {
|
|
|
dd89bb |
size_t size_in_bytes;
|
|
|
dd89bb |
nt_create_process_ext_param file_info;
|
|
|
dd89bb |
} ext_params;
|
|
|
dd89bb |
|
|
|
dd89bb |
#if defined (__NT32)
|
|
|
dd89bb |
wchar16_t runtime_arg[12] = {
|
|
|
dd89bb |
' ','-','r',' ',
|
|
|
dd89bb |
'i','n','t','e','g','r','a','l'};
|
|
|
dd89bb |
#elif defined (__NT64)
|
|
|
dd89bb |
wchar16_t runtime_arg[20] = {
|
|
|
dd89bb |
' ','-','r',' ',
|
|
|
dd89bb |
'i','n','t','e','g','r','a','l',
|
|
|
dd89bb |
'-','r','u','n','t','i','m','e'};
|
|
|
dd89bb |
#endif
|
|
|
dd89bb |
|
|
|
dd89bb |
/* validation */
|
|
|
dd89bb |
if (params->cmd_line && params->process_params)
|
|
|
dd89bb |
return NT_STATUS_INVALID_PARAMETER_MIX;
|
|
|
dd89bb |
else if (params->cmd_line && params->rtblock)
|
|
|
dd89bb |
return NT_STATUS_INVALID_PARAMETER_MIX;
|
|
|
dd89bb |
else if (params->environment && params->process_params)
|
|
|
dd89bb |
return NT_STATUS_INVALID_PARAMETER_MIX;
|
|
|
dd89bb |
|
|
|
dd89bb |
/* image_name */
|
|
|
dd89bb |
__ntapi->rtl_init_unicode_string(
|
|
|
dd89bb |
&nt_image,
|
|
|
dd89bb |
params->image_name);
|
|
|
dd89bb |
|
|
|
dd89bb |
/* oa_process */
|
|
|
dd89bb |
if (!params->obj_attr_process) {
|
|
|
dd89bb |
__ntapi->tt_aligned_block_memset(
|
|
|
dd89bb |
&oa_process,0,sizeof(oa_process));
|
|
|
dd89bb |
|
|
|
dd89bb |
oa_process.len = sizeof(oa_process);
|
|
|
dd89bb |
params->obj_attr_process = &oa_process;
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
/* oa_thread */
|
|
|
dd89bb |
if (!params->obj_attr_thread) {
|
|
|
dd89bb |
__ntapi->tt_aligned_block_memset(
|
|
|
dd89bb |
&oa_thread,0,sizeof(oa_thread));
|
|
|
dd89bb |
|
|
|
dd89bb |
oa_thread.len = sizeof(oa_thread);
|
|
|
dd89bb |
params->obj_attr_thread = &oa_thread;
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
/* process_params */
|
|
|
dd89bb |
if (!params->process_params) {
|
|
|
dd89bb |
/* cmd_line */
|
|
|
dd89bb |
if (!params->cmd_line) {
|
|
|
dd89bb |
params->cmd_line = params->image_name;
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
__ntapi->rtl_init_unicode_string(
|
|
|
dd89bb |
&nt_cmd_line,
|
|
|
dd89bb |
params->cmd_line);
|
|
|
dd89bb |
|
|
|
dd89bb |
/* rtdata (alternative to cmd_line) */
|
|
|
dd89bb |
if (params->rtblock) {
|
|
|
dd89bb |
cmd_line_runtime_buffer = (wchar16_t *)0;
|
|
|
dd89bb |
cmd_line_runtime_buffer_size = nt_cmd_line.maxlen
|
|
|
dd89bb |
+ sizeof(runtime_arg);
|
|
|
dd89bb |
|
|
|
dd89bb |
if ((status = __ntapi->zw_allocate_virtual_memory(
|
|
|
dd89bb |
NT_CURRENT_PROCESS_HANDLE,
|
|
|
dd89bb |
(void **)&cmd_line_runtime_buffer,
|
|
|
dd89bb |
0,&cmd_line_runtime_buffer_size,
|
|
|
dd89bb |
NT_MEM_RESERVE | NT_MEM_COMMIT,
|
|
|
dd89bb |
NT_PAGE_READWRITE)))
|
|
|
dd89bb |
return status;
|
|
|
dd89bb |
|
|
|
dd89bb |
__ntapi->tt_memcpy_utf16(
|
|
|
dd89bb |
(wchar16_t *)cmd_line_runtime_buffer,
|
|
|
dd89bb |
(wchar16_t *)nt_cmd_line.buffer,
|
|
|
dd89bb |
nt_cmd_line.strlen);
|
|
|
dd89bb |
|
|
|
dd89bb |
__ntapi->tt_memcpy_utf16(
|
|
|
dd89bb |
(wchar16_t *)pe_va_from_rva(
|
|
|
dd89bb |
cmd_line_runtime_buffer,
|
|
|
dd89bb |
nt_cmd_line.strlen),
|
|
|
dd89bb |
(wchar16_t *)runtime_arg,
|
|
|
dd89bb |
sizeof(runtime_arg));
|
|
|
dd89bb |
|
|
|
dd89bb |
nt_cmd_line.strlen += sizeof(runtime_arg);
|
|
|
dd89bb |
nt_cmd_line.maxlen += sizeof(runtime_arg);
|
|
|
dd89bb |
nt_cmd_line.buffer = cmd_line_runtime_buffer;
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* environment */
|
|
|
dd89bb |
if (!params->environment)
|
|
|
dd89bb |
params->environment = __ntapi->tt_get_peb_env_block_utf16();
|
|
|
dd89bb |
|
|
|
dd89bb |
if ((status = __ntapi->rtl_create_process_parameters(
|
|
|
dd89bb |
¶ms->process_params,
|
|
|
dd89bb |
&nt_image,
|
|
|
dd89bb |
(nt_unicode_string *)0,
|
|
|
dd89bb |
(nt_unicode_string *)0,
|
|
|
dd89bb |
&nt_cmd_line,
|
|
|
dd89bb |
params->environment,
|
|
|
dd89bb |
(nt_unicode_string *)0,
|
|
|
dd89bb |
(nt_unicode_string *)0,
|
|
|
dd89bb |
(nt_unicode_string *)0,
|
|
|
dd89bb |
(nt_unicode_string *)0)))
|
|
|
dd89bb |
return status;
|
|
|
dd89bb |
|
|
|
dd89bb |
__ntapi->rtl_normalize_process_params(params->process_params);
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
/* create_process_info */
|
|
|
dd89bb |
if (!params->create_process_info) {
|
|
|
dd89bb |
__ntapi->tt_aligned_block_memset(
|
|
|
dd89bb |
&nt_process_info,0,sizeof(nt_process_info));
|
|
|
dd89bb |
|
|
|
dd89bb |
nt_process_info.size = sizeof(nt_create_process_info);
|
|
|
dd89bb |
nt_process_info.state = NT_PROCESS_CREATE_INITIAL_STATE;
|
|
|
dd89bb |
nt_process_info.init_state.init_flags = NT_PROCESS_CREATE_INFO_OBTAIN_OUTPUT;
|
|
|
dd89bb |
nt_process_info.init_state.file_access_ext = NT_FILE_READ_ATTRIBUTES|NT_FILE_READ_ACCESS;
|
|
|
dd89bb |
|
|
|
dd89bb |
params->create_process_info = &nt_process_info;
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
/* create_process_ext_params */
|
|
|
dd89bb |
if (!params->create_process_ext_params) {
|
|
|
dd89bb |
__ntapi->tt_aligned_block_memset(
|
|
|
dd89bb |
&ext_params,0,sizeof(ext_params));
|
|
|
dd89bb |
|
|
|
dd89bb |
ext_params.size_in_bytes = sizeof(ext_params);
|
|
|
dd89bb |
|
|
|
dd89bb |
/* file_info */
|
|
|
dd89bb |
ext_params.file_info.ext_param_type = NT_CREATE_PROCESS_EXT_PARAM_SET_FILE_NAME;
|
|
|
dd89bb |
ext_params.file_info.ext_param_size = nt_image.strlen;
|
|
|
dd89bb |
ext_params.file_info.ext_param_addr = nt_image.buffer;
|
|
|
dd89bb |
|
|
|
dd89bb |
params->create_process_ext_params = (nt_create_process_ext_params *)&ext_params;
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
params->hprocess = 0;
|
|
|
dd89bb |
params->hthread = 0;
|
|
|
dd89bb |
fresume_thread = 0;
|
|
|
dd89bb |
|
|
|
dd89bb |
if (params->rtblock) {
|
|
|
dd89bb |
fresume_thread = (params->creation_flags_thread ^ 0x01) & 0x01;
|
|
|
dd89bb |
params->creation_flags_thread |= 0x01;
|
|
|
dd89bb |
}
|
|
|
dd89bb |
|
|
|
dd89bb |
if (!params->desired_access_process)
|
|
|
dd89bb |
params->desired_access_process = NT_PROCESS_ALL_ACCESS;
|
|
|
dd89bb |
|
|
|
dd89bb |
if (!params->desired_access_thread)
|
|
|
dd89bb |
params->desired_access_thread = NT_THREAD_ALL_ACCESS;
|
|
|
dd89bb |
|
|
|
dd89bb |
if ((status = __ntapi->zw_create_user_process(
|
|
|
dd89bb |
¶ms->hprocess,
|
|
|
dd89bb |
¶ms->hthread,
|
|
|
dd89bb |
params->desired_access_process,
|
|
|
dd89bb |
params->desired_access_thread,
|
|
|
dd89bb |
params->obj_attr_process,
|
|
|
dd89bb |
params->obj_attr_thread,
|
|
|
dd89bb |
params->creation_flags_process,
|
|
|
dd89bb |
params->creation_flags_thread,
|
|
|
dd89bb |
params->process_params,
|
|
|
dd89bb |
params->create_process_info,
|
|
|
dd89bb |
params->create_process_ext_params)))
|
|
|
dd89bb |
return status;
|
|
|
dd89bb |
|
|
|
ec380f |
/* tidy up */
|
|
|
ec380f |
__ntapi->zw_close(params->create_process_info->success_state.hfile);
|
|
|
ec380f |
__ntapi->zw_close(params->create_process_info->success_state.hsection);
|
|
|
ec380f |
|
|
|
dd89bb |
if ((status = __ntapi->zw_query_information_process(
|
|
|
dd89bb |
params->hprocess,
|
|
|
dd89bb |
NT_PROCESS_BASIC_INFORMATION,
|
|
|
dd89bb |
¶ms->pbi,sizeof(params->pbi),
|
|
|
dd89bb |
0)))
|
|
|
dd89bb |
return __tt_create_process_cancel(params,status);
|
|
|
dd89bb |
|
|
|
dd89bb |
if (!params->rtblock)
|
|
|
dd89bb |
return NT_STATUS_SUCCESS;
|
|
|
dd89bb |
|
|
|
dd89bb |
/* rtdata */
|
|
|
dd89bb |
if ((status = __ntapi_tt_create_remote_runtime_data(params->hprocess,params->rtblock)))
|
|
|
dd89bb |
return __tt_create_process_cancel(params,status);
|
|
|
dd89bb |
|
|
|
dd89bb |
/* conditional resume */
|
|
|
dd89bb |
if (fresume_thread && (status = __ntapi->zw_resume_thread(params->hthread,0)))
|
|
|
dd89bb |
return __tt_create_process_cancel(params,status);
|
|
|
dd89bb |
|
|
|
dd89bb |
return NT_STATUS_SUCCESS;
|
|
|
dd89bb |
}
|