diff --git a/src/process/ntapi_tt_spawn_foreign_process.c b/src/process/ntapi_tt_spawn_foreign_process.c index 9867b1f..03bf83f 100644 --- a/src/process/ntapi_tt_spawn_foreign_process.c +++ b/src/process/ntapi_tt_spawn_foreign_process.c @@ -14,6 +14,10 @@ #include #include "ntapi_impl.h" +#define __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_ALLOC_SIZE (0x50000) +#define __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_BUFFER_SIZE (0x30000) +#define __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_VECTOR_SIZE (0x10000) +#define __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_IMGBUF_SIZE (0x10000) #define NT_PROCESS_SPAWN_FLAG_DEBUG_MASK \ (NT_PROCESS_SPAWN_FLAG_DEBUG_EXECUTION \ @@ -69,7 +73,6 @@ int32_t __stdcall __ntapi_tt_spawn_foreign_process(nt_spawn_process_params * spa void * hfile; uint32_t written; int32_t envc; - size_t buflen; wchar16_t * imgbuf; wchar16_t * wenv; wchar16_t ** wenvp; @@ -133,7 +136,7 @@ int32_t __stdcall __ntapi_tt_spawn_foreign_process(nt_spawn_process_params * spa /* rtblock, rdata */ rtblock.addr = 0; - rtblock.size = 0x50000; + rtblock.size = __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_ALLOC_SIZE; rtblock.remote_addr = 0; rtblock.remote_size = 0; rtblock.flags = 0; @@ -154,22 +157,21 @@ int32_t __stdcall __ntapi_tt_spawn_foreign_process(nt_spawn_process_params * spa envc++; wenvp = rtblock.addr; - wenvp += 0x40000 / sizeof(*wenvp); + wenvp += __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_BUFFER_SIZE / sizeof(*wenvp); wenv = (wchar16_t *)&wenvp[++envc]; - buflen = 0x10000; - buflen -= sizeof(*wenvp) * envc; - if ((status = __ntapi->tt_array_convert_utf8_to_utf16( sparams->envp, wenvp,0,wenv, - buflen,&(size_t){0}))) + __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_VECTOR_SIZE, + &(size_t){0}))) return __tt_spawn_return( &rtblock,0,0,status); /* imgbuf */ - imgbuf = (wchar16_t *)rtblock.addr; - imgbuf += 0x30000 / sizeof(*imgbuf); + imgbuf = rtblock.addr; + imgbuf += __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_BUFFER_SIZE / sizeof(wchar16_t); + imgbuf += __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_VECTOR_SIZE / sizeof(wchar16_t); /* hfile */ if (sparams->himage) @@ -177,22 +179,23 @@ int32_t __stdcall __ntapi_tt_spawn_foreign_process(nt_spawn_process_params * spa else if ((status = __ntapi_tt_open_file_utf8( &hfile,hat,patharg,1, - imgbuf,0x2000))) + imgbuf,__SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_IMGBUF_SIZE))) return status; /* imgname */ if ((status = __ntapi->zw_query_object( hfile, NT_OBJECT_NAME_INFORMATION, - imgbuf,0x10000,&written))) + imgbuf,__SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_VECTOR_SIZE, + &written))) return __tt_spawn_return( &rtblock,0,0,status); imgname = (nt_unicode_string *)imgbuf; /* argv --> cmdline (utf8) */ - ch_arg = (char *)rtblock.addr; - ch_cap = ch_arg + 0x10000; + ch_arg = rtblock.addr; + ch_cap = ch_arg + __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_VECTOR_SIZE; for (parg=sparams->argv; *parg; parg++) { for (ch=*parg, fquote=0; *ch && !fquote; ch++) @@ -251,13 +254,13 @@ int32_t __stdcall __ntapi_tt_spawn_foreign_process(nt_spawn_process_params * spa ch_arg[-1] = 0; /* cmdline (utf8) --> cmdline (utf16) */ - cmdline = (wchar16_t *)rtblock.addr; - cmdline += (0x10000 / sizeof(wchar16_t)); + cmdline = rtblock.addr; + cmdline += __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_VECTOR_SIZE / sizeof(wchar16_t); - uparams.src = (unsigned char *)rtblock.addr; + uparams.src = rtblock.addr; uparams.src_size_in_bytes = 0; uparams.dst = cmdline; - uparams.dst_size_in_bytes = 0x10000 - sizeof(wchar16_t); + uparams.dst_size_in_bytes = __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_VECTOR_SIZE - sizeof(wchar16_t); uparams.code_points = 0; uparams.bytes_written = 0; @@ -278,13 +281,14 @@ int32_t __stdcall __ntapi_tt_spawn_foreign_process(nt_spawn_process_params * spa nt_cmd_line.buffer = cmdline; /* nt_image */ - nt_image.buffer = (wchar16_t *)rtblock.addr; - nt_image.buffer += (0x20000 / sizeof(wchar16_t)); + nt_image.buffer = rtblock.addr; + nt_image.buffer += __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_VECTOR_SIZE / sizeof(wchar16_t); + nt_image.buffer += __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_VECTOR_SIZE / sizeof(wchar16_t); uparams.src = (unsigned char *)sparams->argv[0]; uparams.src_size_in_bytes = 0; uparams.dst = nt_image.buffer; - uparams.dst_size_in_bytes = 0x10000 - sizeof(wchar16_t); + uparams.dst_size_in_bytes = __SPAWN_FOREIGN_PROCESS_RUNTIME_BLOCK_VECTOR_SIZE - sizeof(wchar16_t); uparams.code_points = 0; uparams.bytes_written = 0;