diff options
-rw-r--r-- | src/process/ntapi_tt_create_remote_runtime_data.c | 114 |
1 files changed, 55 insertions, 59 deletions
diff --git a/src/process/ntapi_tt_create_remote_runtime_data.c b/src/process/ntapi_tt_create_remote_runtime_data.c index 4bde549..b3809b0 100644 --- a/src/process/ntapi_tt_create_remote_runtime_data.c +++ b/src/process/ntapi_tt_create_remote_runtime_data.c @@ -51,59 +51,51 @@ int32_t __stdcall __ntapi_tt_create_remote_runtime_data( sizeof(runtime_arg)); /* obtain process information */ - status = __ntapi->zw_query_information_process( - hprocess, - NT_PROCESS_BASIC_INFORMATION, - (void *)&rpbi, - sizeof(nt_process_basic_information), - 0); - - if (status != NT_STATUS_SUCCESS) + if ((status = __ntapi->zw_query_information_process( + hprocess, + NT_PROCESS_BASIC_INFORMATION, + (void *)&rpbi, + sizeof(nt_process_basic_information), + 0))) return status; - status = __ntapi->zw_read_virtual_memory( - hprocess, - pe_va_from_rva( - rpbi.peb_base_address, - (uintptr_t)&(((nt_peb *)0)->process_params)), - (char *)&rprocess_params, - sizeof(uintptr_t), - &bytes_written); - - if (status != NT_STATUS_SUCCESS) + if ((status = __ntapi->zw_read_virtual_memory( + hprocess, + pe_va_from_rva( + rpbi.peb_base_address, + (uintptr_t)&(((nt_peb *)0)->process_params)), + (char *)&rprocess_params, + sizeof(uintptr_t), + &bytes_written))) return status; - status = __ntapi->zw_read_virtual_memory( - hprocess, - &rprocess_params->command_line, - (char *)&rcmd_line, - sizeof(nt_unicode_string), - &bytes_written); - - if (status != NT_STATUS_SUCCESS) + if ((status = __ntapi->zw_read_virtual_memory( + hprocess, + &rprocess_params->command_line, + (char *)&rcmd_line, + sizeof(nt_unicode_string), + &bytes_written))) return status; if (rcmd_line.buffer == 0) return NT_STATUS_BUFFER_TOO_SMALL; - else if (rcmd_line.strlen < sizeof(runtime_arg) + 4*sizeof(wchar16_t)) - return NT_STATUS_INVALID_USER_BUFFER; - status = __ntapi->zw_read_virtual_memory( - hprocess, - pe_va_from_rva( - rcmd_line.buffer, - rcmd_line.strlen - sizeof(runtime_arg)), - (char *)&runtime_arg, - sizeof(runtime_arg), - &bytes_written); + if (rcmd_line.strlen < sizeof(runtime_arg) + 4*sizeof(wchar16_t)) + return NT_STATUS_INVALID_USER_BUFFER; - if (status != NT_STATUS_SUCCESS) + if ((status = __ntapi->zw_read_virtual_memory( + hprocess, + pe_va_from_rva( + rcmd_line.buffer, + rcmd_line.strlen - sizeof(runtime_arg)), + (char *)&runtime_arg, + sizeof(runtime_arg), + &bytes_written))) return status; /* verify remote process compatibility */ runtime_arg_hash ^= __ntapi->tt_buffer_crc32( - 0, - (char *)runtime_arg, + 0,(char *)runtime_arg, sizeof(runtime_arg)); if (runtime_arg_hash) @@ -111,31 +103,34 @@ int32_t __stdcall __ntapi_tt_create_remote_runtime_data( /* remote block */ rtblock->remote_size = rtblock->size; - status = __ntapi->zw_allocate_virtual_memory( - hprocess, - &rtblock->remote_addr, - 0, - &rtblock->remote_size, - NT_MEM_RESERVE | NT_MEM_COMMIT, - NT_PAGE_READWRITE); - if (status != NT_STATUS_SUCCESS) + if ((status = __ntapi->zw_allocate_virtual_memory( + hprocess, + &rtblock->remote_addr, + 0, + &rtblock->remote_size, + NT_MEM_RESERVE | NT_MEM_COMMIT, + NT_PAGE_READWRITE))) return status; /* session handles */ + rtdata = 0; + srv_ready = 0; + if (rtblock->flags & NT_RUNTIME_DATA_DUPLICATE_SESSION_HANDLES) { - rtdata = (nt_runtime_data *)rtblock->addr; + rtdata = (nt_runtime_data *)rtblock->addr; srv_ready = rtdata->srv_ready; - status = __ntapi->zw_duplicate_object( - NT_CURRENT_PROCESS_HANDLE, - srv_ready, - hprocess, - &rtdata->srv_ready, - 0,0,NT_DUPLICATE_SAME_ATTRIBUTES | NT_DUPLICATE_SAME_ACCESS); - if (status) return status; - } else - srv_ready = 0; + if ((status = __ntapi->zw_duplicate_object( + NT_CURRENT_PROCESS_HANDLE, + srv_ready, + hprocess, + &rtdata->srv_ready, + 0,0, + NT_DUPLICATE_SAME_ATTRIBUTES + |NT_DUPLICATE_SAME_ACCESS))) + return status; + } /* copy local block to remote process */ status = __ntapi->zw_write_virtual_memory( @@ -146,10 +141,11 @@ int32_t __stdcall __ntapi_tt_create_remote_runtime_data( &bytes_written); /* restore rtdata */ - if (srv_ready) + if (rtdata) rtdata->srv_ready = srv_ready; - if (status != NT_STATUS_SUCCESS) + /* verify above remote write */ + if (status) return status; /* runtime_arg */ |