diff --git a/include/ntapi/nt_process.h b/include/ntapi/nt_process.h index 6f991f6..af22d02 100644 --- a/include/ntapi/nt_process.h +++ b/include/ntapi/nt_process.h @@ -195,6 +195,10 @@ typedef enum _nt_process_opcode_idx { #define NT_RUNTIME_DATA_USER_INT32_SLOTS (0x10) #define NT_RUNTIME_DATA_USER_INT64_SLOTS (0x10) +/* friendly process abi guid */ +#define NT_PROCESS_GUID_UNSPEC {0x00000000,0x0000,0x0000,{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}} +#define NT_PROCESS_GUID_RTDATA {0x3e43ec84,0x1af1,0x4ede,{0xac,0xd8,0xc3,0xd9,0x20,0xaf,0xc8,0x68}} + /* friendly process guids */ #define NT_PROCESS_GUID_NTPGRP {0xfa383cc0,0xa25b,0x4448,{0x83,0x45,0x51,0x45,0x4d,0xa8,0x2f,0x30}} #define NT_PROCESS_GUID_PIDMAP {0xba054c90,0x8b4f,0x4989,{0xa0,0x52,0x32,0xce,0x41,0x9e,0xbf,0x97}} @@ -454,7 +458,7 @@ typedef struct _nt_runtime_data { void * hroot; void * hcwd; void * hdrive; - nt_guid ldso; + nt_guid abi; nt_cid cid_self; nt_cid cid_parent; nt_alt_cid alt_cid_self; diff --git a/src/process/ntapi_tt_get_runtime_data.c b/src/process/ntapi_tt_get_runtime_data.c index bda6f7e..71662b4 100644 --- a/src/process/ntapi_tt_get_runtime_data.c +++ b/src/process/ntapi_tt_get_runtime_data.c @@ -74,8 +74,13 @@ int32_t __stdcall __ntapi_tt_get_runtime_data( 0))) return status; - /* update state */ + /* abi */ prtdata = (nt_runtime_data *)address; + + if (__ntapi->tt_guid_compare(&prtdata->abi,&(nt_guid)NT_PROCESS_GUID_RTDATA)) + return NT_STATUS_MORE_PROCESSING_REQUIRED; + + /* update state */ prtdata->flags |= NT_RUNTIME_DATA_INTEGRAL_PROCESS; /* avoid confusion :-) */ diff --git a/src/process/ntapi_tt_spawn_native_process.c b/src/process/ntapi_tt_spawn_native_process.c index c741cf8..2c61012 100644 --- a/src/process/ntapi_tt_spawn_native_process.c +++ b/src/process/ntapi_tt_spawn_native_process.c @@ -124,6 +124,12 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar (const uintptr_t *)rtctx, sizeof(*rtctx)); + /* abi */ + if (!(__ntapi->tt_guid_compare(&rdata->abi,&(nt_guid)NT_PROCESS_GUID_UNSPEC))) + __ntapi->tt_guid_copy( + &rdata->abi, + &(nt_guid)NT_PROCESS_GUID_RTDATA); + /* imgbuf */ imgbuf = (wchar16_t *)rtblock.addr; imgbuf += 0x10000 / sizeof(*imgbuf);