win32/uwinapi/GetProcessId.cpp

*fc0bc008SAndrew Rist/**************************************************************
cdf0e10cSrcweir *
*fc0bc008SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one
*fc0bc008SAndrew Rist * or more contributor license agreements.  See the NOTICE file
*fc0bc008SAndrew Rist * distributed with this work for additional information
*fc0bc008SAndrew Rist * regarding copyright ownership.  The ASF licenses this file
*fc0bc008SAndrew Rist * to you under the Apache License, Version 2.0 (the
*fc0bc008SAndrew Rist * "License"); you may not use this file except in compliance
*fc0bc008SAndrew Rist * with the License.  You may obtain a copy of the License at
cdf0e10cSrcweir *
*fc0bc008SAndrew Rist *   http://www.apache.org/licenses/LICENSE-2.0
cdf0e10cSrcweir *
*fc0bc008SAndrew Rist * Unless required by applicable law or agreed to in writing,
*fc0bc008SAndrew Rist * software distributed under the License is distributed on an
*fc0bc008SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
*fc0bc008SAndrew Rist * KIND, either express or implied.  See the License for the
*fc0bc008SAndrew Rist * specific language governing permissions and limitations
*fc0bc008SAndrew Rist * under the License.
cdf0e10cSrcweir *
*fc0bc008SAndrew Rist *************************************************************/
*fc0bc008SAndrew Rist
*fc0bc008SAndrew Rist
cdf0e10cSrcweir
cdf0e10cSrcweir#include "macros.h"
cdf0e10cSrcweir#include "win95sys.h"
cdf0e10cSrcweir#include <tlhelp32.h>
cdf0e10cSrcweirstatic FARPROC WINAPI GetRealProcAddress( HMODULE hModule, LPCSTR lpProcName )
cdf0e10cSrcweir{
cdf0e10cSrcweir    FARPROC lpfn = GetProcAddress( hModule, lpProcName );
cdf0e10cSrcweir
cdf0e10cSrcweir    if ( lpfn )
cdf0e10cSrcweir    {
cdf0e10cSrcweir        if ( 0x68 == *(LPBYTE)lpfn )
cdf0e10cSrcweir        {
cdf0e10cSrcweir            /*
cdf0e10cSrcweir            82C9F460 68 36 49 F8 BF       push        0BFF84936h
cdf0e10cSrcweir            82C9F465 E9 41 62 2F 3D       jmp         BFF956AB
cdf0e10cSrcweir            */
cdf0e10cSrcweir
cdf0e10cSrcweir            lpfn = (FARPROC)*(LPDWORD)((LPBYTE)lpfn + 1);
cdf0e10cSrcweir
cdf0e10cSrcweir            /*
cdf0e10cSrcweir            BFF956AB 9C                   pushfd
cdf0e10cSrcweir            BFF956AC FC                   cld
cdf0e10cSrcweir            BFF956AD 50                   push        eax
cdf0e10cSrcweir            BFF956AE 53                   push        ebx
cdf0e10cSrcweir            BFF956AF 52                   push        edx
cdf0e10cSrcweir            BFF956B0 64 8B 15 20 00 00 00 mov         edx,dword ptr fs:[20h]
cdf0e10cSrcweir            BFF956B7 0B D2                or          edx,edx
cdf0e10cSrcweir            BFF956B9 74 09                je          BFF956C4
cdf0e10cSrcweir            BFF956BB 8B 42 04             mov         eax,dword ptr [edx+4]
cdf0e10cSrcweir            BFF956BE 0B C0                or          eax,eax
cdf0e10cSrcweir            BFF956C0 74 07                je          BFF956C9
cdf0e10cSrcweir            BFF956C2 EB 42                jmp         BFF95706
cdf0e10cSrcweir            BFF956C4 5A                   pop         edx
cdf0e10cSrcweir            BFF956C5 5B                   pop         ebx
cdf0e10cSrcweir            BFF956C6 58                   pop         eax
cdf0e10cSrcweir            BFF956C7 9D                   popfd
cdf0e10cSrcweir            BFF956C8 C3                   ret
cdf0e10cSrcweir            */
cdf0e10cSrcweir        }
cdf0e10cSrcweir    }
cdf0e10cSrcweir
cdf0e10cSrcweir    return lpfn;
cdf0e10cSrcweir}
cdf0e10cSrcweir
cdf0e10cSrcweir
cdf0e10cSrcweirtypedef DWORD (WINAPI OBFUSCATE)( DWORD dwPTID );
cdf0e10cSrcweirtypedef OBFUSCATE *LPOBFUSCATE;
cdf0e10cSrcweir
cdf0e10cSrcweirstatic DWORD WINAPI Obfuscate( DWORD dwPTID )
cdf0e10cSrcweir{
cdf0e10cSrcweir    static LPOBFUSCATE lpfnObfuscate = NULL;
cdf0e10cSrcweir
cdf0e10cSrcweir    if ( !lpfnObfuscate )
cdf0e10cSrcweir    {
cdf0e10cSrcweir        LPBYTE lpCode = (LPBYTE)GetRealProcAddress( GetModuleHandleA("KERNEL32"), "GetCurrentThreadId" );
cdf0e10cSrcweir
cdf0e10cSrcweir        if ( lpCode )
cdf0e10cSrcweir        {
cdf0e10cSrcweir            /*
cdf0e10cSrcweir            GetCurrentThreadId:
cdf0e10cSrcweir            lpCode + 00 BFF84936 A1 DC 9C FC BF       mov         eax,[BFFC9CDC]    ; This is the real thread id
cdf0e10cSrcweir            lpcode + 05 BFF8493B FF 30                push        dword ptr [eax]
cdf0e10cSrcweir            lpCode + 07 BFF8493D E8 17 C5 FF FF       call        BFF80E59          ; call Obfuscate function
cdf0e10cSrcweir            lpcode + 0C BFF84942 C3                   ret
cdf0e10cSrcweir            */
cdf0e10cSrcweir
cdf0e10cSrcweir            DWORD   dwOffset = *(LPDWORD)(lpCode + 0x08);
cdf0e10cSrcweir
cdf0e10cSrcweir            lpfnObfuscate = (LPOBFUSCATE)(lpCode + 0x0C + dwOffset);
cdf0e10cSrcweir            /*
cdf0e10cSrcweir            Obfuscate:
cdf0e10cSrcweir            BFF80E59 A1 CC 98 FC BF       mov         eax,[BFFC98CC]
cdf0e10cSrcweir            BFF80E5E 85 C0                test        eax,eax
cdf0e10cSrcweir            BFF80E60 75 04                jne         BFF80E66
cdf0e10cSrcweir            BFF80E62 33 C0                xor         eax,eax
cdf0e10cSrcweir            BFF80E64 EB 04                jmp         BFF80E6A
cdf0e10cSrcweir            BFF80E66 33 44 24 04          xor         eax,dword ptr [esp+4]
cdf0e10cSrcweir            BFF80E6A C2 04 00             ret         4
cdf0e10cSrcweir            */
cdf0e10cSrcweir        }
cdf0e10cSrcweir
cdf0e10cSrcweir    }
cdf0e10cSrcweir
cdf0e10cSrcweir    return lpfnObfuscate ? lpfnObfuscate( dwPTID ) : 0;
cdf0e10cSrcweir}
cdf0e10cSrcweir
cdf0e10cSrcweir
cdf0e10cSrcweirEXTERN_C DWORD WINAPI GetProcessId_WINDOWS( HANDLE hProcess )
cdf0e10cSrcweir{
cdf0e10cSrcweir    if ( GetCurrentProcess() == hProcess )
cdf0e10cSrcweir        return GetCurrentProcessId();
cdf0e10cSrcweir
cdf0e10cSrcweir    DWORD   dwProcessId = 0;
cdf0e10cSrcweir    PPROCESS_DATABASE   pPDB = (PPROCESS_DATABASE)Obfuscate( GetCurrentProcessId() );
cdf0e10cSrcweir
cdf0e10cSrcweir    if ( pPDB && K32OBJ_PROCESS == pPDB->Type )
cdf0e10cSrcweir    {
cdf0e10cSrcweir        DWORD   dwHandleNumber = (DWORD)hProcess >> 2;
cdf0e10cSrcweir
cdf0e10cSrcweir        if ( 0 == ((DWORD)hProcess & 0x03) && dwHandleNumber < pPDB->pHandleTable->cEntries )
cdf0e10cSrcweir        {
cdf0e10cSrcweir            if (
cdf0e10cSrcweir                pPDB->pHandleTable->array[dwHandleNumber].pObject &&
cdf0e10cSrcweir                K32OBJ_PROCESS == pPDB->pHandleTable->array[dwHandleNumber].pObject->Type
cdf0e10cSrcweir                )
cdf0e10cSrcweir            dwProcessId = Obfuscate( (DWORD)pPDB->pHandleTable->array[dwHandleNumber].pObject );
cdf0e10cSrcweir        }
cdf0e10cSrcweir
cdf0e10cSrcweir        SetLastError( ERROR_INVALID_HANDLE );
cdf0e10cSrcweir    }
cdf0e10cSrcweir
cdf0e10cSrcweir    return dwProcessId;
cdf0e10cSrcweir}
cdf0e10cSrcweir
cdf0e10cSrcweir
cdf0e10cSrcweirEXTERN_C DWORD WINAPI GetProcessId_NT( HANDLE hProcess )
cdf0e10cSrcweir{
cdf0e10cSrcweir    SetLastError( ERROR_CALL_NOT_IMPLEMENTED );
cdf0e10cSrcweir    return 0;
cdf0e10cSrcweir}
cdf0e10cSrcweir
cdf0e10cSrcweir
cdf0e10cSrcweirEXTERN_C void WINAPI ResolveThunk_GetProcessId( FARPROC *lppfn, LPCSTR lpLibFileName, LPCSTR lpFuncName )
cdf0e10cSrcweir{
cdf0e10cSrcweir    if ( (LONG)GetVersion() < 0 )
cdf0e10cSrcweir        *lppfn = (FARPROC)GetProcessId_WINDOWS;
cdf0e10cSrcweir    else
cdf0e10cSrcweir    {
cdf0e10cSrcweir        FARPROC lpfnResult = GetProcAddress( LoadLibraryA( lpLibFileName ), lpFuncName );
cdf0e10cSrcweir        if ( !lpfnResult )
cdf0e10cSrcweir            lpfnResult = (FARPROC)GetProcessId_NT;
cdf0e10cSrcweir
cdf0e10cSrcweir        *lppfn = lpfnResult;
cdf0e10cSrcweir    }
cdf0e10cSrcweir}
cdf0e10cSrcweir
cdf0e10cSrcweir
cdf0e10cSrcweirDEFINE_CUSTOM_THUNK( kernel32, GetProcessId, DWORD, WINAPI, GetProcessId, ( HANDLE hProcess ) );