From 804edfafcbd5066873a1d6a77b6e6bacba783c14 Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Thu, 19 Jan 2017 04:50:09 +0000
Subject: __ntapi_tt_get_runtime_data(): integral process: guard against false
 positives.

---
 src/process/ntapi_tt_get_runtime_data.c     | 7 ++++++-
 src/process/ntapi_tt_spawn_native_process.c | 6 ++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/process/ntapi_tt_get_runtime_data.c b/src/process/ntapi_tt_get_runtime_data.c
index bda6f7e..71662b4 100644
--- a/src/process/ntapi_tt_get_runtime_data.c
+++ b/src/process/ntapi_tt_get_runtime_data.c
@@ -74,8 +74,13 @@ int32_t __stdcall __ntapi_tt_get_runtime_data(
 			0)))
 		return status;
 
-	/* update state */
+	/* abi */
 	prtdata = (nt_runtime_data *)address;
+
+	if (__ntapi->tt_guid_compare(&prtdata->abi,&(nt_guid)NT_PROCESS_GUID_RTDATA))
+		return NT_STATUS_MORE_PROCESSING_REQUIRED;
+
+	/* update state */
 	prtdata->flags |= NT_RUNTIME_DATA_INTEGRAL_PROCESS;
 
 	/* avoid confusion :-) */
diff --git a/src/process/ntapi_tt_spawn_native_process.c b/src/process/ntapi_tt_spawn_native_process.c
index c741cf8..2c61012 100644
--- a/src/process/ntapi_tt_spawn_native_process.c
+++ b/src/process/ntapi_tt_spawn_native_process.c
@@ -124,6 +124,12 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar
 		(const uintptr_t *)rtctx,
 		sizeof(*rtctx));
 
+	/* abi */
+	if (!(__ntapi->tt_guid_compare(&rdata->abi,&(nt_guid)NT_PROCESS_GUID_UNSPEC)))
+		__ntapi->tt_guid_copy(
+			&rdata->abi,
+			&(nt_guid)NT_PROCESS_GUID_RTDATA);
+
 	/* imgbuf */
 	imgbuf  = (wchar16_t *)rtblock.addr;
 	imgbuf += 0x10000 / sizeof(*imgbuf);
-- 
cgit v1.2.3