Blob Blame History Raw
/********************************************************/
/*  ntapi: Native API core library                      */
/*  Copyright (C) 2013--2017  Z. Gilboa                 */
/*  Released under GPLv2 and GPLv3; see COPYING.NTAPI.  */
/********************************************************/

#include <psxtypes/psxtypes.h>
#include <pemagine/pemagine.h>
#include <ntapi/nt_status.h>
#include <ntapi/nt_object.h>
#include <ntapi/nt_thread.h>
#include <ntapi/nt_process.h>
#include <ntapi/nt_string.h>
#include <ntapi/ntapi.h>
#include "ntapi_impl.h"


typedef int32_t win32_create_process_utf16(
	__in_opt	wchar16_t *			appname,
	__in_out_opt	wchar16_t *			cmdline,
	__in_opt	nt_sa *				process_sa_attr,
	__in_opt	nt_sa *				thread_sa_attr,
	__in		int32_t				inherit_handles,
	__in		uint32_t			creation_flags,
	__in		wchar16_t *			environment,
	__in_opt	wchar16_t *			cwd,
	__in		nt_process_startup_info *	startup_info,
	__out		nt_process_info *		process_info);


static int32_t __stdcall __tt_spawn_return(
	nt_runtime_data_block *	rtblock,
	void *			hprocess,
	void *			hthread,
	int32_t			status)
{
	if (hprocess) {
		__ntapi->zw_terminate_process(
			hprocess,status);

		__ntapi->zw_close(hprocess);
		__ntapi->zw_close(hthread);
	}

	__ntapi->zw_free_virtual_memory(
		NT_CURRENT_PROCESS_HANDLE,
		&rtblock->addr,
		&rtblock->size,
		NT_MEM_RELEASE);

	return status;
}

int32_t __stdcall __ntapi_tt_spawn_foreign_process(nt_spawn_process_params * sparams)
{
	int32_t				status;
	nt_process_info			processinfo;
	nt_create_process_params	cparams;
	nt_runtime_data_block		rtblock;
	nt_unicode_string *		imgname;
	nt_peb * 			peb;
	char *				patharg;
	void *				hkernel32;
	void *				hat;
	void *				hfile;
	uint32_t			written;
	wchar16_t *			imgbuf;
	char **				parg;
	char *				mark;
	char *				ch;
	char *				ch_arg;
	char *				ch_cap;
	int				fquote;
	uint32_t			finherit;
	uint32_t			fsuspended;
	wchar16_t *			cmdline;
	nt_strconv_mbtonative		uparams;
	nt_unicode_string		nt_image;
	nt_unicode_string		nt_cmd_line;
	win32_create_process_utf16 *	create_process_fn;
	char				create_process_fn_name[]
					= "CreateProcessW";

	/* validation */
	if (!sparams->argv)
		return NT_STATUS_INVALID_PARAMETER;

	if (!sparams->himage && !sparams->patharg)
		return NT_STATUS_OBJECT_PATH_INVALID;

	if (!(peb = (nt_peb *)pe_get_peb_address()))
		return NT_STATUS_INTERNAL_ERROR;

	if (!peb->process_params)
		return NT_STATUS_INTERNAL_ERROR;

	if (sparams->rtctx || sparams->hsession || sparams->hready)
		return NT_STATUS_INVALID_PARAMETER;

	/* hkernel32 */
	if (!(hkernel32 = pe_get_kernel32_module_handle()))
		return NT_STATUS_DLL_NOT_FOUND;

	if (!(create_process_fn = (win32_create_process_utf16 *)
			(pe_get_procedure_address(
				hkernel32,create_process_fn_name))))
		return NT_STATUS_PROCEDURE_NOT_FOUND;

	/* hat */
	hat = (sparams->hroot && (sparams->argv[0][0] == '/'))
		? sparams->hroot
		: sparams->hcwd
			? sparams->hcwd
			: peb->process_params->cwd_handle;

	/* patharg */
	patharg = sparams->patharg
		? (sparams->patharg[0] == '/')
			? (sparams->patharg[1] == '?')
				? &sparams->patharg[0]
				: &sparams->patharg[1]
			: &sparams->patharg[0]
		: 0;

	/* rtblock, rdata */
	rtblock.addr		= 0;
	rtblock.size		= 0x40000;
	rtblock.remote_addr	= 0;
	rtblock.remote_size	= 0;
	rtblock.flags		= 0;

	if ((status = __ntapi->zw_allocate_virtual_memory(
			NT_CURRENT_PROCESS_HANDLE,
			&rtblock.addr,0,
			&rtblock.size,
			NT_MEM_COMMIT,
			NT_PAGE_READWRITE)))
		return status;

	__ntapi->tt_aligned_block_memset(
		rtblock.addr,0,rtblock.size);

	/* imgbuf */
	imgbuf  = (wchar16_t *)rtblock.addr;
	imgbuf += 0x30000 / sizeof(*imgbuf);

	/* hfile */
	if (sparams->himage)
		hfile = sparams->himage;

	else if ((status = __ntapi_tt_open_file_utf8(
			&hfile,hat,patharg,1,
			imgbuf,0x2000)))
		return status;

	/* imgname */
	if ((status = __ntapi->zw_query_object(
			hfile,
			NT_OBJECT_NAME_INFORMATION,
			imgbuf,0x10000,&written)))
		return __tt_spawn_return(
			&rtblock,0,0,status);

	imgname = (nt_unicode_string *)imgbuf;

	/* argv --> cmdline (utf8) */
	ch_arg = (char *)rtblock.addr;
	ch_cap = ch_arg + 0x10000;

	for (parg=sparams->argv; *parg; parg++) {
		for (ch=*parg, fquote=0; *ch && !fquote; ch++)
			fquote = ((*ch == ' ')
					|| (*ch == '\t')
					|| (*ch == '"'));

		if (fquote)
			*ch_arg++ = '"';

		for (ch=*parg, fquote=0; *ch && !fquote; ) {
			if (ch[0] == '\\') {
				for (mark=&ch[1]; *mark=='\\'; )
					mark++;

				if ((ch_arg + 2*(mark-ch)) >= ch_cap)
					return __tt_spawn_return(
						&rtblock,0,0,
						NT_STATUS_NAME_TOO_LONG);

				if (!mark[0] && fquote) {
					for (; *ch=='\\'; ch++) {
						*ch_arg++ = '\\';
						*ch_arg++ = '\\';
					}
				} else if (mark[0] == '"') {
					for (; *ch=='\\'; ch++) {
						*ch_arg++ = '\\';
						*ch_arg++ = '\\';
					}
				} else {
					*ch_arg++ = *ch++;
				}

			} else if (ch[0] == '"') {
				*ch_arg++ = '\\';
				*ch_arg++ = *ch++;

			} else {
				*ch_arg++ = *ch++;
			}
		}

		if (fquote)
			*ch_arg++ = '"';

		*ch_arg++ = ' ';

		if (ch_arg >= ch_cap)
			return __tt_spawn_return(
				&rtblock,0,0,
				NT_STATUS_NAME_TOO_LONG);

	}

	ch_arg[-1] = 0;

	/* cmdline (utf8) --> cmdline (utf16) */
	cmdline  = (wchar16_t *)rtblock.addr;
	cmdline += (0x10000 / sizeof(wchar16_t));

	uparams.src                = (unsigned char *)rtblock.addr;
	uparams.src_size_in_bytes  = 0;
	uparams.dst                = cmdline;
	uparams.dst_size_in_bytes  = 0x10000 - sizeof(wchar16_t);
	uparams.code_points        = 0;
	uparams.bytes_written      = 0;

	if ((status = __ntapi->uc_convert_unicode_stream_utf8_to_utf16(&uparams)))
		return __tt_spawn_return(
			&rtblock,0,0,status);

	else if (uparams.leftover_count)
		return __tt_spawn_return(
			&rtblock,0,0,
			NT_STATUS_ILLEGAL_CHARACTER);

	cmdline[uparams.bytes_written / sizeof(wchar16_t)] = 0;

	/* nt_cmd_line */
	nt_cmd_line.strlen = uparams.bytes_written;
	nt_cmd_line.maxlen = uparams.bytes_written + sizeof(wchar16_t);
	nt_cmd_line.buffer = cmdline;

	/* nt_image */
	nt_image.buffer  = (wchar16_t *)rtblock.addr;
	nt_image.buffer += (0x20000 / sizeof(wchar16_t));

	uparams.src                = (unsigned char *)sparams->argv[0];
	uparams.src_size_in_bytes  = 0;
	uparams.dst                = nt_image.buffer;
	uparams.dst_size_in_bytes  = 0x10000 - sizeof(wchar16_t);
	uparams.code_points        = 0;
	uparams.bytes_written      = 0;

	if ((status = __ntapi->uc_convert_unicode_stream_utf8_to_utf16(&uparams)))
		return __tt_spawn_return(
			&rtblock,0,0,status);

	else if (uparams.leftover_count)
		return __tt_spawn_return(
			&rtblock,0,0,
			NT_STATUS_ILLEGAL_CHARACTER);

	nt_image.strlen = uparams.bytes_written;
	nt_image.maxlen = uparams.bytes_written + sizeof(wchar16_t);

	nt_image.buffer[uparams.bytes_written / sizeof(wchar16_t)] = 0;

	/* cparams */
	__ntapi->tt_aligned_block_memset(
		&cparams,0,sizeof(cparams));

	cparams.image_name		= imgname->buffer;
	cparams.creation_flags_thread	= NT_PROCESS_CREATE_FLAGS_CREATE_THREAD_SUSPENDED;

	/* process_params */
	if ((status = __ntapi->rtl_create_process_parameters(
			&cparams.process_params,
			&nt_image,
			(nt_unicode_string *)0,
			(nt_unicode_string *)0,
			&nt_cmd_line,
			__ntapi->tt_get_peb_env_block_utf16(),
			(nt_unicode_string *)0,
			(nt_unicode_string *)0,
			(nt_unicode_string *)0,
			(nt_unicode_string *)0)))
		return status;

	__ntapi->rtl_normalize_process_params(cparams.process_params);

	if (sparams->startupinfo) {
		cparams.process_params->hstdin  = sparams->startupinfo->hstdin;
		cparams.process_params->hstdout = sparams->startupinfo->hstdout;
		cparams.process_params->hstderr = sparams->startupinfo->hstderr;
	}

	/* inherit handles? */
	if (cparams.process_params->hstdin
			|| cparams.process_params->hstdout
			|| cparams.process_params->hstderr)
		finherit = 1;

	else if (sparams->processflags & NT_PROCESS_CREATE_FLAGS_INHERIT_HANDLES)
		finherit = 1;

	else
		finherit = 0;

	/* process flags */
	if (sparams->processflags & NT_PROCESS_CREATE_FLAGS_CREATE_THREAD_SUSPENDED)
		fsuspended = NT_CREATE_SUSPENDED;

	else if (sparams->threadflags & NT_CREATE_SUSPENDED)
		fsuspended = NT_CREATE_SUSPENDED;

	else
		fsuspended = 0;

	/* hoppla: try either via kernel32 (sparams->startupinfo), or natively */
	if (sparams->spawnflags & NT_PROCESS_SPAWN_FLAG_DELEGATE_TO_SYSTEM_LIBRARY) {
		processinfo.hprocess   = 0;
		processinfo.hthread    = 0;
		processinfo.process_id = 0;
		processinfo.thread_id  = 0;

		if (!(create_process_fn(
				nt_image.buffer,
				nt_cmd_line.buffer,
				0,
				0,
				finherit,
				fsuspended,
				0,
				0,
				sparams->startupinfo,
				&processinfo)))
			return __tt_spawn_return(
				&rtblock,0,0,status);

		if ((status = __ntapi->zw_query_information_process(
			processinfo.hprocess,
			NT_PROCESS_BASIC_INFORMATION,
			&cparams.pbi,sizeof(cparams.pbi),
			0)))
			return __tt_spawn_return(
				&rtblock,0,0,status);

		cparams.hprocess = processinfo.hprocess;
		cparams.hthread  = processinfo.hthread;

		cparams.cid.process_id = processinfo.process_id;
		cparams.cid.thread_id  = processinfo.thread_id;
	} else {
		cparams.creation_flags_thread = NT_PROCESS_CREATE_FLAGS_CREATE_THREAD_SUSPENDED;

		if (finherit)
			cparams.creation_flags_process |= NT_PROCESS_CREATE_FLAGS_INHERIT_HANDLES;

		if ((status = __ntapi->tt_create_native_process(&cparams)))
			return __tt_spawn_return(
				&rtblock,0,0,status);
	}

	/* tidy up */
	if (!sparams->himage)
		__ntapi->zw_close(hfile);

	/* output */
	sparams->hprocess = cparams.hprocess;
	sparams->hthread  = cparams.hthread;

	sparams->cid.process_id = cparams.pbi.unique_process_id;
	sparams->cid.thread_id  = cparams.cid.thread_id;

	__ntapi->tt_generic_memcpy(
		&sparams->pbi,
		&cparams.pbi,
		sizeof(nt_pbi));

	/* create suspended? */
	if (fsuspended)
		return __tt_spawn_return(
			&rtblock,0,0,NT_STATUS_SUCCESS);

	/* tada */
	if ((status = __ntapi->zw_resume_thread(cparams.hthread,0)))
		return __tt_spawn_return(
			&rtblock,
			cparams.hprocess,
			cparams.hthread,
			status);

	/* all done */
	return __tt_spawn_return(
		&rtblock,0,0,NT_STATUS_SUCCESS);
}