diff options
| author | midipix <writeonce@midipix.org> | 2017-01-19 04:50:09 +0000 |
|---|---|---|
| committer | midipix <writeonce@midipix.org> | 2017-01-19 00:44:33 -0500 |
| commit | 804edfafcbd5066873a1d6a77b6e6bacba783c14 (patch) | |
| tree | e48eaaa320b2354113656d0deae9ce6fba32752d | |
| parent | 365987ac7436574fe47040cd67602b71112d76ce (diff) | |
| download | ntapi-804edfafcbd5066873a1d6a77b6e6bacba783c14.tar.bz2 ntapi-804edfafcbd5066873a1d6a77b6e6bacba783c14.tar.xz | |
__ntapi_tt_get_runtime_data(): integral process: guard against false positives.
| -rw-r--r-- | include/ntapi/nt_process.h | 6 | ||||
| -rw-r--r-- | src/process/ntapi_tt_get_runtime_data.c | 7 | ||||
| -rw-r--r-- | src/process/ntapi_tt_spawn_native_process.c | 6 |
3 files changed, 17 insertions, 2 deletions
diff --git a/include/ntapi/nt_process.h b/include/ntapi/nt_process.h index 6f991f6..af22d02 100644 --- a/include/ntapi/nt_process.h +++ b/include/ntapi/nt_process.h @@ -195,6 +195,10 @@ typedef enum _nt_process_opcode_idx { #define NT_RUNTIME_DATA_USER_INT32_SLOTS (0x10) #define NT_RUNTIME_DATA_USER_INT64_SLOTS (0x10) +/* friendly process abi guid */ +#define NT_PROCESS_GUID_UNSPEC {0x00000000,0x0000,0x0000,{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}} +#define NT_PROCESS_GUID_RTDATA {0x3e43ec84,0x1af1,0x4ede,{0xac,0xd8,0xc3,0xd9,0x20,0xaf,0xc8,0x68}} + /* friendly process guids */ #define NT_PROCESS_GUID_NTPGRP {0xfa383cc0,0xa25b,0x4448,{0x83,0x45,0x51,0x45,0x4d,0xa8,0x2f,0x30}} #define NT_PROCESS_GUID_PIDMAP {0xba054c90,0x8b4f,0x4989,{0xa0,0x52,0x32,0xce,0x41,0x9e,0xbf,0x97}} @@ -454,7 +458,7 @@ typedef struct _nt_runtime_data { void * hroot; void * hcwd; void * hdrive; - nt_guid ldso; + nt_guid abi; nt_cid cid_self; nt_cid cid_parent; nt_alt_cid alt_cid_self; diff --git a/src/process/ntapi_tt_get_runtime_data.c b/src/process/ntapi_tt_get_runtime_data.c index bda6f7e..71662b4 100644 --- a/src/process/ntapi_tt_get_runtime_data.c +++ b/src/process/ntapi_tt_get_runtime_data.c @@ -74,8 +74,13 @@ int32_t __stdcall __ntapi_tt_get_runtime_data( 0))) return status; - /* update state */ + /* abi */ prtdata = (nt_runtime_data *)address; + + if (__ntapi->tt_guid_compare(&prtdata->abi,&(nt_guid)NT_PROCESS_GUID_RTDATA)) + return NT_STATUS_MORE_PROCESSING_REQUIRED; + + /* update state */ prtdata->flags |= NT_RUNTIME_DATA_INTEGRAL_PROCESS; /* avoid confusion :-) */ diff --git a/src/process/ntapi_tt_spawn_native_process.c b/src/process/ntapi_tt_spawn_native_process.c index c741cf8..2c61012 100644 --- a/src/process/ntapi_tt_spawn_native_process.c +++ b/src/process/ntapi_tt_spawn_native_process.c @@ -124,6 +124,12 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar (const uintptr_t *)rtctx, sizeof(*rtctx)); + /* abi */ + if (!(__ntapi->tt_guid_compare(&rdata->abi,&(nt_guid)NT_PROCESS_GUID_UNSPEC))) + __ntapi->tt_guid_copy( + &rdata->abi, + &(nt_guid)NT_PROCESS_GUID_RTDATA); + /* imgbuf */ imgbuf = (wchar16_t *)rtblock.addr; imgbuf += 0x10000 / sizeof(*imgbuf); |