From 80b89c048ce8168a5dd42fd59ec0432d9adf40d9 Mon Sep 17 00:00:00 2001 From: midipix Date: Jan 20 2018 18:48:59 +0000 Subject: __ntapi_init(), fork: obtain and keep a handle to the running process. --- diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c index 06a70fe..1b06bcc 100644 --- a/src/internal/ntapi.c +++ b/src/internal/ntapi.c @@ -93,6 +93,8 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) int32_t status; void * hntdll; size_t block_size; + nt_oa oa; + nt_cid cid; ntapi_zw_allocate_virtual_memory * pfn_zw_allocate_virtual_memory; char fname_allocate_virtual_memory[] = "ZwAllocateVirtualMemory"; @@ -446,6 +448,23 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) (uintptr_t *)&___ntapi, sizeof(ntapi_vtbl)); + /* process handle */ + oa.len = sizeof(oa); + oa.root_dir = 0; + oa.obj_name = 0; + oa.obj_attr = 0; + oa.sec_desc = 0; + oa.sec_qos = 0; + + cid.process_id = pe_get_current_process_id(); + cid.thread_id = pe_get_current_thread_id(); + + if ((status = __ntapi->zw_open_process( + &internals->hprocess, + NT_PROCESS_ALL_ACCESS, + &oa,&cid))) + return status; + /* process token */ if ((status = __ntapi->zw_open_process_token( NT_CURRENT_PROCESS_HANDLE, diff --git a/src/internal/ntapi_impl.h b/src/internal/ntapi_impl.h index 870e5fd..4c26f55 100644 --- a/src/internal/ntapi_impl.h +++ b/src/internal/ntapi_impl.h @@ -82,6 +82,7 @@ typedef struct __attr_ptr_size_aligned__ _ntapi_internals { nt_port_name * subsystem; nt_security_descriptor seq_desc; nt_security_quality_of_service seq_qos; + void * hprocess; void * htoken; void * hport_tty_session; void * hport_tty_daemon; diff --git a/src/process/ntapi_tt_fork.c b/src/process/ntapi_tt_fork.c index 485d98b..7b1202d 100644 --- a/src/process/ntapi_tt_fork.c +++ b/src/process/ntapi_tt_fork.c @@ -17,13 +17,9 @@ static intptr_t __fork_retry_stats = 0; static intptr_t __fork_resume_stats = 0; -static intptr_t __fastcall __ntapi_tt_fork_finalize( - void ** hprocess, - void ** hthread) +static intptr_t __fastcall __ntapi_tt_fork_finalize(void ** hprocess) { int32_t status; - nt_oa oa; - nt_cid cid; int page; nt_rtdata * rtdata; ntapi_internals * __internals; @@ -31,29 +27,13 @@ static intptr_t __fastcall __ntapi_tt_fork_finalize( __internals = __ntapi_internals(); rtdata = __internals->rtdata; - *hprocess = 0; - *hthread = 0; - - oa.len = sizeof(oa); - oa.root_dir = 0; - oa.obj_name = 0; - oa.obj_attr = 0; - oa.sec_desc = &__internals->seq_desc; - oa.sec_qos = &__internals->seq_qos; - - cid.process_id = pe_get_current_process_id(); - cid.thread_id = pe_get_current_thread_id(); - - if ((status = __ntapi->zw_open_process( - hprocess, - NT_PROCESS_ALL_ACCESS, - &oa,&cid))) - return status; - - if ((status = __ntapi->zw_open_thread( - hthread, - NT_THREAD_ALL_ACCESS, - &oa,&cid))) + if ((status = __ntapi->zw_duplicate_object( + __internals->hprocess, + __internals->hprocess, + __internals->hprocess, + hprocess,0,0, + NT_DUPLICATE_SAME_ATTRIBUTES + |NT_DUPLICATE_SAME_ACCESS))) return status; if ((status = dalist_init_ex( @@ -113,13 +93,49 @@ static int32_t __stdcall __fork_thread(void * ctx) static intptr_t __fastcall __ntapi_tt_fork_child( void * hresumed, - void * hready) + void * hready, + void ** hthread) { int32_t status; nt_thread_params tparams; nt_timeout timeout; nt_timeout zerowait; intptr_t state; + nt_oa oa; + nt_cid cid; + ntapi_internals * __internals; + + oa.len = sizeof(oa); + oa.root_dir = 0; + oa.obj_name = 0; + oa.obj_attr = 0; + oa.sec_desc = &__internals->seq_desc; + oa.sec_qos = &__internals->seq_qos; + + cid.process_id = pe_get_current_process_id(); + cid.thread_id = pe_get_current_thread_id(); + + __internals = __ntapi_internals(); + + status = __ntapi->zw_open_process( + &__internals->hprocess, + NT_PROCESS_ALL_ACCESS, + &oa,&cid); + + if (status == NT_STATUS_SUCCESS) + status = __ntapi->zw_open_thread( + hthread, + NT_THREAD_ALL_ACCESS, + &oa,&cid); + + if (status) { + __ntapi->zw_set_event( + hresumed,0); + + __ntapi->zw_terminate_process( + NT_CURRENT_PROCESS_HANDLE, + status); + } at_store( &state, @@ -282,10 +298,10 @@ intptr_t __fastcall __ntapi_tt_fork( if (pid == 0) { __ntapi_tt_fork_child( - hresumed,hready); + hresumed,hready,hthread); return __ntapi_tt_fork_finalize( - hprocess,hthread); + hprocess); } else if (pid > 0) { if (!(__ntapi_tt_fork_parent(