archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/windows/appcompat/shims/specific/netzip.cpp

99 lines
2.7 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  7. NetZip.cpp
  9. Abstract:
  11. This App. stops when it is searching for installed browsers. I found that
  12. the App. tries enumerating all processes running using the API call
  13. EnumProcesses(). This is OK and the App. gets the list of PID's. Now, the
  14. App wants to go through each individual Process's modules using
  15. EnumProcessModules. Before that it gets the handle to each process calling
  16. OpenProcess() on each. On the 'System Idle Process', which has a PID of '0',
  17. the call to OpenProcess() returns failure and that is handled. The App then
  18. goes to the next process, which is the 'System' process. The PID is '8'.
  19. The App successfully gets the process handle by a call to OpenProcess() but
  20. when the App. calls EnumProcessModules(), this call returns failure and the
  21. GetLastError( ) returns ERROR_PARTIAL_COPY(0x12b). The App. does not know
  22. how to handle this and it fails.
  24. When I traced into this API, it calls ReadProcessMemory(), which in turn
  25. calls NtReadVirtualMemory(). This is a Kernel call and it returns 8000000d
  26. on Windows 2000. GetLastError() for this translates to
  27. ERROR_PARTIAL_COPY(0x12b). On Windows NT 4.0, the EnumProcessModules() API
  28. calls ReadProcessMemory(), which inturn calls NtReadVirtualMemory() which
  29. returns 0xC0000005. GetLastError() for this translates to
  30. ERROR_NOACCESS(0x3e6) - (Invalid access to a memory location). The App. is
  31. able to handle this. So, the APP should handle both ERROR_NOACCESS and
  32. ERROR_PARTIAL_COPY.
  34. Notes:
  36. This is an app specific shim.
  38. History:
  40. 04/21/2000 prashkud Created
  42. --*/
  44. #include "precomp.h"
  46. IMPLEMENT_SHIM_BEGIN(NetZip)
  47. #include "ShimHookMacro.h"
  49. APIHOOK_ENUM_BEGIN
  50. APIHOOK_ENUM_ENTRY(EnumProcessModules)
  51. APIHOOK_ENUM_END
  53. /*++
  55. This function intercepts EnumProcessModules( ) and and handles the return of
  56. ERROR_PARTIAL_COPY.
  58. --*/
  60. BOOL
  61. APIHOOK(EnumProcessModules)(
  62. HANDLE hProcess, // Handle to process
  63. HMODULE *lphModule, // Array of Handle modules
  64. DWORD cb, // size of array
  65. LPDWORD lpcbNeeded // Number od bytes returned.
  66. )
  67. {
  68. BOOL fRet = FALSE;
  70. fRet = ORIGINAL_API(EnumProcessModules)(
  71. hProcess,
  72. lphModule,
  73. cb,
  74. lpcbNeeded);
  76. if (GetLastError( ) == ERROR_PARTIAL_COPY)
  77. {
  78. SetLastError(ERROR_NOACCESS);
  79. }
  81. return fRet;
  82. }
  84. /*++
  86. Register hooked functions
  88. --*/
  91. HOOK_BEGIN
  93. APIHOOK_ENTRY(PSAPI.DLL, EnumProcessModules )
  95. HOOK_END
  98. IMPLEMENT_SHIM_END