Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

99 lines
2.7 KiB

/*++
Copyright (c) 2000 Microsoft Corporation
Module Name:
NetZip.cpp
Abstract:
This App. stops when it is searching for installed browsers. I found that
the App. tries enumerating all processes running using the API call
EnumProcesses(). This is OK and the App. gets the list of PID's. Now, the
App wants to go through each individual Process's modules using
EnumProcessModules. Before that it gets the handle to each process calling
OpenProcess() on each. On the 'System Idle Process', which has a PID of '0',
the call to OpenProcess() returns failure and that is handled. The App then
goes to the next process, which is the 'System' process. The PID is '8'.
The App successfully gets the process handle by a call to OpenProcess() but
when the App. calls EnumProcessModules(), this call returns failure and the
GetLastError( ) returns ERROR_PARTIAL_COPY(0x12b). The App. does not know
how to handle this and it fails.
When I traced into this API, it calls ReadProcessMemory(), which in turn
calls NtReadVirtualMemory(). This is a Kernel call and it returns 8000000d
on Windows 2000. GetLastError() for this translates to
ERROR_PARTIAL_COPY(0x12b). On Windows NT 4.0, the EnumProcessModules() API
calls ReadProcessMemory(), which inturn calls NtReadVirtualMemory() which
returns 0xC0000005. GetLastError() for this translates to
ERROR_NOACCESS(0x3e6) - (Invalid access to a memory location). The App. is
able to handle this. So, the APP should handle both ERROR_NOACCESS and
ERROR_PARTIAL_COPY.
Notes:
This is an app specific shim.
History:
04/21/2000 prashkud Created
--*/
#include "precomp.h"
IMPLEMENT_SHIM_BEGIN(NetZip)
#include "ShimHookMacro.h"
APIHOOK_ENUM_BEGIN
APIHOOK_ENUM_ENTRY(EnumProcessModules)
APIHOOK_ENUM_END
/*++
This function intercepts EnumProcessModules( ) and and handles the return of
ERROR_PARTIAL_COPY.
--*/
BOOL
APIHOOK(EnumProcessModules)(
HANDLE hProcess, // Handle to process
HMODULE *lphModule, // Array of Handle modules
DWORD cb, // size of array
LPDWORD lpcbNeeded // Number od bytes returned.
)
{
BOOL fRet = FALSE;
fRet = ORIGINAL_API(EnumProcessModules)(
hProcess,
lphModule,
cb,
lpcbNeeded);
if (GetLastError( ) == ERROR_PARTIAL_COPY)
{
SetLastError(ERROR_NOACCESS);
}
return fRet;
}
/*++
Register hooked functions
--*/
HOOK_BEGIN
APIHOOK_ENTRY(PSAPI.DLL, EnumProcessModules )
HOOK_END
IMPLEMENT_SHIM_END