win: Only resume process if successfully suspended

R=mark@chromium.org BUG=crashpad:110 Change-Id: I9c8ad6e1dfc53fdf93ed6316b0efa55a880b77f9 Reviewed-on: https://chromium-review.googlesource.com/345668 Reviewed-by: Mark Mentovai <mark@chromium.org>
2025-03-08 21:26:04 +00:00 · 2016-05-18 16:23:26 -07:00 · 2016-05-18 16:23:26 -07:00 · 6c39959a97
commit 6c39959a97
parent b22cca6c3b
3 changed files with 36 additions and 14 deletions
--- a/util/win/nt_internals.cc
+++ b/util/win/nt_internals.cc
@ -38,6 +38,10 @@ NTSTATUS NTAPI NtOpenThread(HANDLE* ThreadHandle,
                            OBJECT_ATTRIBUTES* ObjectAttributes,
                            CLIENT_ID* ClientId);

+NTSTATUS NTAPI NtSuspendProcess(HANDLE);
+
+NTSTATUS NTAPI NtResumeProcess(HANDLE);
+
 void* NTAPI RtlGetUnloadEventTrace();

 namespace crashpad {
@ -129,6 +133,18 @@ NTSTATUS NtQueryObject(HANDLE handle,
                         return_length);
 }

+NTSTATUS NtSuspendProcess(HANDLE handle) {
+  static const auto nt_suspend_process =
+      GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtSuspendProcess);
+  return nt_suspend_process(handle);
+}
+
+NTSTATUS NtResumeProcess(HANDLE handle) {
+  static const auto nt_resume_process =
+      GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtResumeProcess);
+  return nt_resume_process(handle);
+}
+
 template <class Traits>
 RTL_UNLOAD_EVENT_TRACE<Traits>* RtlGetUnloadEventTrace() {
  static const auto rtl_get_unload_event_trace =
--- a/util/win/nt_internals.h
+++ b/util/win/nt_internals.h
@ -71,6 +71,10 @@ NTSTATUS NtQueryObject(HANDLE handle,
                       ULONG object_information_length,
                       ULONG* return_length);

+NTSTATUS NtSuspendProcess(HANDLE handle);
+
+NTSTATUS NtResumeProcess(HANDLE handle);
+
 // From https://msdn.microsoft.com/en-us/library/bb432428(VS.85).aspx and
 // http://processhacker.sourceforge.net/doc/struct___r_t_l___u_n_l_o_a_d___e_v_e_n_t___t_r_a_c_e.html
 #define RTL_UNLOAD_EVENT_TRACE_NUMBER 64
--- a/util/win/scoped_process_suspend.cc
+++ b/util/win/scoped_process_suspend.cc
@ -16,26 +16,28 @@

 #include <winternl.h>

-#include "base/logging.h"
+#include "util/win/nt_internals.h"
+#include "util/win/ntstatus_logging.h"

 namespace crashpad {

-ScopedProcessSuspend::ScopedProcessSuspend(HANDLE process) : process_(process) {
-  typedef NTSTATUS(__stdcall * NtSuspendProcessFunc)(HANDLE);
-  static NtSuspendProcessFunc func = reinterpret_cast<NtSuspendProcessFunc>(
-      GetProcAddress(GetModuleHandle(L"ntdll.dll"), "NtSuspendProcess"));
-  NTSTATUS status = func(process_);
-  if (status)
-    LOG(ERROR) << "NtSuspendProcess, ntstatus=" << status;
+ScopedProcessSuspend::ScopedProcessSuspend(HANDLE process) {
+  NTSTATUS status = NtSuspendProcess(process);
+  if (NT_SUCCESS(status)) {
+    process_ = process;
+  } else {
+    process_ = nullptr;
+    NTSTATUS_LOG(ERROR, status) << "NtSuspendProcess";
+  }
 }

 ScopedProcessSuspend::~ScopedProcessSuspend() {
-  typedef NTSTATUS(__stdcall * NtResumeProcessFunc)(HANDLE);
-  static NtResumeProcessFunc func = reinterpret_cast<NtResumeProcessFunc>(
-      GetProcAddress(GetModuleHandle(L"ntdll.dll"), "NtResumeProcess"));
-  NTSTATUS status = func(process_);
-  if (status)
-    LOG(ERROR) << "NtResumeProcess, ntstatus=" << status;
+  if (process_) {
+    NTSTATUS status = NtResumeProcess(process_);
+    if (!NT_SUCCESS(status)) {
+      NTSTATUS_LOG(ERROR, status) << "NtResumeProcess";
+    }
+  }
 }

 }  // namespace crashpad