2015-08-18 12:25:19 -07:00
|
|
|
|
// Copyright 2015 The Crashpad Authors. All rights reserved.
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
|
|
#include "util/win/nt_internals.h"
|
|
|
|
|
|
|
|
|
|
#include "base/logging.h"
|
2015-10-19 14:32:07 -04:00
|
|
|
|
#include "util/win/get_function.h"
|
|
|
|
|
|
|
|
|
|
// Declarations that the system headers should provide but don’t.
|
|
|
|
|
|
|
|
|
|
struct CLIENT_ID;
|
|
|
|
|
|
2016-04-22 10:03:59 -07:00
|
|
|
|
NTSTATUS NTAPI NtCreateThreadEx(PHANDLE ThreadHandle,
|
|
|
|
|
ACCESS_MASK DesiredAccess,
|
|
|
|
|
POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
HANDLE ProcessHandle,
|
|
|
|
|
PVOID StartRoutine,
|
|
|
|
|
PVOID Argument,
|
|
|
|
|
ULONG CreateFlags,
|
|
|
|
|
SIZE_T ZeroBits,
|
|
|
|
|
SIZE_T StackSize,
|
|
|
|
|
SIZE_T MaximumStackSize,
|
|
|
|
|
PVOID /*PPS_ATTRIBUTE_LIST*/ AttributeList);
|
|
|
|
|
|
2015-10-19 14:32:07 -04:00
|
|
|
|
NTSTATUS NTAPI NtOpenThread(HANDLE* ThreadHandle,
|
|
|
|
|
ACCESS_MASK DesiredAccess,
|
|
|
|
|
OBJECT_ATTRIBUTES* ObjectAttributes,
|
|
|
|
|
CLIENT_ID* ClientId);
|
2015-08-18 12:25:19 -07:00
|
|
|
|
|
2016-05-18 16:23:26 -07:00
|
|
|
|
NTSTATUS NTAPI NtSuspendProcess(HANDLE);
|
|
|
|
|
|
|
|
|
|
NTSTATUS NTAPI NtResumeProcess(HANDLE);
|
|
|
|
|
|
2016-12-16 10:04:18 -08:00
|
|
|
|
VOID NTAPI RtlGetUnloadEventTraceEx(PULONG* ElementSize,
|
|
|
|
|
PULONG* ElementCount,
|
|
|
|
|
PVOID* EventTrace);
|
2016-02-11 17:19:30 -08:00
|
|
|
|
|
2015-08-18 12:25:19 -07:00
|
|
|
|
namespace crashpad {
|
|
|
|
|
|
2016-04-22 10:03:59 -07:00
|
|
|
|
NTSTATUS NtClose(HANDLE handle) {
|
|
|
|
|
static const auto nt_close = GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtClose);
|
|
|
|
|
return nt_close(handle);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NtCreateThreadEx(PHANDLE thread_handle,
|
|
|
|
|
ACCESS_MASK desired_access,
|
|
|
|
|
POBJECT_ATTRIBUTES object_attributes,
|
|
|
|
|
HANDLE process_handle,
|
|
|
|
|
PVOID start_routine,
|
|
|
|
|
PVOID argument,
|
|
|
|
|
ULONG create_flags,
|
|
|
|
|
SIZE_T zero_bits,
|
|
|
|
|
SIZE_T stack_size,
|
|
|
|
|
SIZE_T maximum_stack_size,
|
|
|
|
|
PVOID attribute_list) {
|
|
|
|
|
static const auto nt_create_thread_ex =
|
|
|
|
|
GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtCreateThreadEx);
|
|
|
|
|
return nt_create_thread_ex(thread_handle,
|
|
|
|
|
desired_access,
|
|
|
|
|
object_attributes,
|
|
|
|
|
process_handle,
|
|
|
|
|
start_routine,
|
|
|
|
|
argument,
|
|
|
|
|
create_flags,
|
|
|
|
|
zero_bits,
|
|
|
|
|
stack_size,
|
|
|
|
|
maximum_stack_size,
|
|
|
|
|
attribute_list);
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-18 12:25:19 -07:00
|
|
|
|
NTSTATUS NtQuerySystemInformation(
|
|
|
|
|
SYSTEM_INFORMATION_CLASS system_information_class,
|
|
|
|
|
PVOID system_information,
|
|
|
|
|
ULONG system_information_length,
|
|
|
|
|
PULONG return_length) {
|
2015-10-19 14:32:07 -04:00
|
|
|
|
static const auto nt_query_system_information =
|
|
|
|
|
GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtQuerySystemInformation);
|
2015-08-18 12:25:19 -07:00
|
|
|
|
return nt_query_system_information(system_information_class,
|
|
|
|
|
system_information,
|
|
|
|
|
system_information_length,
|
|
|
|
|
return_length);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
NTSTATUS NtQueryInformationThread(HANDLE thread_handle,
|
|
|
|
|
THREADINFOCLASS thread_information_class,
|
|
|
|
|
PVOID thread_information,
|
|
|
|
|
ULONG thread_information_length,
|
|
|
|
|
PULONG return_length) {
|
2015-10-19 14:32:07 -04:00
|
|
|
|
static const auto nt_query_information_thread =
|
|
|
|
|
GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtQueryInformationThread);
|
2015-08-18 12:25:19 -07:00
|
|
|
|
return nt_query_information_thread(thread_handle,
|
|
|
|
|
thread_information_class,
|
|
|
|
|
thread_information,
|
|
|
|
|
thread_information_length,
|
|
|
|
|
return_length);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template <class Traits>
|
|
|
|
|
NTSTATUS NtOpenThread(PHANDLE thread_handle,
|
|
|
|
|
ACCESS_MASK desired_access,
|
|
|
|
|
POBJECT_ATTRIBUTES object_attributes,
|
|
|
|
|
const process_types::CLIENT_ID<Traits>* client_id) {
|
2015-10-19 14:32:07 -04:00
|
|
|
|
static const auto nt_open_thread =
|
|
|
|
|
GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtOpenThread);
|
|
|
|
|
return nt_open_thread(
|
|
|
|
|
thread_handle,
|
|
|
|
|
desired_access,
|
|
|
|
|
object_attributes,
|
|
|
|
|
const_cast<CLIENT_ID*>(reinterpret_cast<const CLIENT_ID*>(client_id)));
|
2015-08-18 12:25:19 -07:00
|
|
|
|
}
|
|
|
|
|
|
2015-10-16 15:31:32 -07:00
|
|
|
|
NTSTATUS NtQueryObject(HANDLE handle,
|
|
|
|
|
OBJECT_INFORMATION_CLASS object_information_class,
|
|
|
|
|
void* object_information,
|
|
|
|
|
ULONG object_information_length,
|
|
|
|
|
ULONG* return_length) {
|
2015-10-19 14:32:07 -04:00
|
|
|
|
static const auto nt_query_object =
|
|
|
|
|
GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtQueryObject);
|
2015-10-16 15:31:32 -07:00
|
|
|
|
return nt_query_object(handle,
|
|
|
|
|
object_information_class,
|
|
|
|
|
object_information,
|
|
|
|
|
object_information_length,
|
|
|
|
|
return_length);
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-18 16:23:26 -07:00
|
|
|
|
NTSTATUS NtSuspendProcess(HANDLE handle) {
|
|
|
|
|
static const auto nt_suspend_process =
|
|
|
|
|
GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtSuspendProcess);
|
|
|
|
|
return nt_suspend_process(handle);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
NTSTATUS NtResumeProcess(HANDLE handle) {
|
|
|
|
|
static const auto nt_resume_process =
|
|
|
|
|
GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtResumeProcess);
|
|
|
|
|
return nt_resume_process(handle);
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-16 10:04:18 -08:00
|
|
|
|
void RtlGetUnloadEventTraceEx(ULONG** element_size,
|
|
|
|
|
ULONG** element_count,
|
|
|
|
|
void** event_trace) {
|
|
|
|
|
static const auto rtl_get_unload_event_trace_ex =
|
|
|
|
|
GET_FUNCTION_REQUIRED(L"ntdll.dll", ::RtlGetUnloadEventTraceEx);
|
|
|
|
|
rtl_get_unload_event_trace_ex(element_size, element_count, event_trace);
|
2016-02-11 17:19:30 -08:00
|
|
|
|
}
|
|
|
|
|
|
2015-08-18 12:25:19 -07:00
|
|
|
|
// Explicit instantiations with the only 2 valid template arguments to avoid
|
|
|
|
|
// putting the body of the function in the header.
|
|
|
|
|
template NTSTATUS NtOpenThread<process_types::internal::Traits32>(
|
|
|
|
|
PHANDLE thread_handle,
|
|
|
|
|
ACCESS_MASK desired_access,
|
|
|
|
|
POBJECT_ATTRIBUTES object_attributes,
|
|
|
|
|
const process_types::CLIENT_ID<process_types::internal::Traits32>*
|
|
|
|
|
client_id);
|
|
|
|
|
|
|
|
|
|
template NTSTATUS NtOpenThread<process_types::internal::Traits64>(
|
|
|
|
|
PHANDLE thread_handle,
|
|
|
|
|
ACCESS_MASK desired_access,
|
|
|
|
|
POBJECT_ATTRIBUTES object_attributes,
|
|
|
|
|
const process_types::CLIENT_ID<process_types::internal::Traits64>*
|
|
|
|
|
client_id);
|
|
|
|
|
|
|
|
|
|
} // namespace crashpad
|