From 365987ac7436574fe47040cd67602b71112d76ce Mon Sep 17 00:00:00 2001 From: midipix Date: Thu, 19 Jan 2017 03:42:10 +0000 Subject: __ntapi_tt_get_runtime_data(): simplify logic, check align. at page boundary. --- src/process/ntapi_tt_get_runtime_data.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/src/process/ntapi_tt_get_runtime_data.c b/src/process/ntapi_tt_get_runtime_data.c index 60cdf17..bda6f7e 100644 --- a/src/process/ntapi_tt_get_runtime_data.c +++ b/src/process/ntapi_tt_get_runtime_data.c @@ -28,7 +28,8 @@ int32_t __stdcall __ntapi_tt_get_runtime_data( int32_t status; nt_process_parameters * process_params; wchar16_t * addrarg; - nt_runtime_data buffer; + uintptr_t address; + uintptr_t buffer; nt_runtime_data * prtdata; ntapi_internals * __internals; @@ -42,34 +43,39 @@ int32_t __stdcall __ntapi_tt_get_runtime_data( } if (!(wargv = wargv ? wargv : __internals->ntapi_img_sec_bss->argv_envp_array)) - return NT_STATUS_INVALID_PARAMETER_2; + return NT_STATUS_INVALID_PARAMETER; if (!wargv[1] || !wargv[2]) return NT_STATUS_MORE_PROCESSING_REQUIRED; /* integral process? */ - if ((wargv[1][0] == '-') && (wargv[1][1] == 'r') && (wargv[1][2] == 0)) - addrarg = wargv[2]; - else - return NT_STATUS_INVALID_PARAMETER; + addrarg = ((wargv[1][0] == '-') && (wargv[1][1] == 'r') && (wargv[1][2] == 0)) + ? wargv[2] : 0; + /* top-level framework process? */ if (!addrarg || wargv[3]) - status = NT_STATUS_INVALID_PARAMETER_MIX; + return NT_STATUS_MORE_PROCESSING_REQUIRED; /* obtain pointer to data block */ if ((status = __ntapi->tt_hex_utf16_to_uintptr( - addrarg, - (uintptr_t *)&prtdata))) + addrarg,&address))) return status; + /* invalid pointer? */ + if (address & 0xFFF) + return NT_STATUS_MORE_PROCESSING_REQUIRED; + + /* address is aligned at page boundary */ if ((status = __ntapi->zw_read_virtual_memory( NT_CURRENT_PROCESS_HANDLE, - prtdata, + (void *)address, (char *)&buffer, - sizeof(buffer),0))) + sizeof(buffer), + 0))) return status; /* update state */ + prtdata = (nt_runtime_data *)address; prtdata->flags |= NT_RUNTIME_DATA_INTEGRAL_PROCESS; /* avoid confusion :-) */ -- cgit v1.2.3