/
modules.c
148 lines (124 loc) · 4.44 KB
/
modules.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
/*
* COPYRIGHT: See COPYING in the top level directory
* LICENSE: See LGPL.txt in the top level directory
* PROJECT: ReactOS system libraries
* FILE: reactos/lib/epsapi/enum/module.c
* PURPOSE: Enumerate process modules
* PROGRAMMER: KJK::Hyperion <noog@libero.it>
* UPDATE HISTORY:
* 10/06/2002: Created
* 29/08/2002: Generalized the interface to improve reusability,
* more efficient use of memory operations
* 12/02/2003: malloc and free renamed to PsaiMalloc and PsaiFree,
* for better reusability
* 02/04/2003: System modules enumeration moved into its own file
* 12/04/2003: internal PSAPI renamed EPSAPI (Extended PSAPI) and
* isolated in its own library to clear the confusion
* and improve reusability
*/
#include "precomp.h"
#include <ndk/mmfuncs.h>
#include <ndk/psfuncs.h>
#include <ndk/rtlfuncs.h>
#define NDEBUG
#include <debug.h>
NTSTATUS NTAPI
PsaEnumerateProcessModules(IN HANDLE ProcessHandle,
IN PPROCMOD_ENUM_ROUTINE Callback,
IN OUT PVOID CallbackContext)
{
NTSTATUS Status;
/* current process - use direct memory copy */
/* FIXME - compare process id instead of a handle */
if(ProcessHandle == NtCurrentProcess())
{
PLIST_ENTRY ListHead, Current;
#if 0
__try
{
#endif
ListHead = &(NtCurrentPeb()->Ldr->InLoadOrderModuleList);
Current = ListHead->Flink;
while(Current != ListHead)
{
PLDR_DATA_TABLE_ENTRY LoaderModule = CONTAINING_RECORD(Current, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
/* return the current module to the callback */
Status = Callback(ProcessHandle, LoaderModule, CallbackContext);
if(!NT_SUCCESS(Status))
{
goto Failure;
}
Current = LoaderModule->InLoadOrderLinks.Flink;
}
#if 0
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return GetExceptionCode();
}
#endif
}
else
{
PROCESS_BASIC_INFORMATION BasicInformation;
PPEB_LDR_DATA LoaderData;
LDR_DATA_TABLE_ENTRY LoaderModule;
PLIST_ENTRY ListHead, Current;
/* query the process basic information (includes the PEB address) */
Status = NtQueryInformationProcess(ProcessHandle,
ProcessBasicInformation,
&BasicInformation,
sizeof(BasicInformation),
NULL);
if(!NT_SUCCESS(Status))
{
DPRINT(FAILED_WITH_STATUS, "NtQueryInformationProcess", Status);
goto Failure;
}
/* get the address of the PE Loader data */
Status = NtReadVirtualMemory(ProcessHandle,
&(BasicInformation.PebBaseAddress->Ldr),
&LoaderData,
sizeof(LoaderData),
NULL);
if(!NT_SUCCESS(Status))
{
DPRINT(FAILED_WITH_STATUS, "NtReadVirtualMemory", Status);
goto Failure;
}
/* head of the module list: the last element in the list will point to this */
ListHead = &LoaderData->InLoadOrderModuleList;
/* get the address of the first element in the list */
Status = NtReadVirtualMemory(ProcessHandle,
&(LoaderData->InLoadOrderModuleList.Flink),
&Current,
sizeof(Current),
NULL);
while(Current != ListHead)
{
/* read the current module */
Status = NtReadVirtualMemory(ProcessHandle,
CONTAINING_RECORD(Current, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks),
&LoaderModule,
sizeof(LoaderModule),
NULL);
if(!NT_SUCCESS(Status))
{
DPRINT(FAILED_WITH_STATUS, "NtReadVirtualMemory", Status);
goto Failure;
}
/* return the current module to the callback */
Status = Callback(ProcessHandle, &LoaderModule, CallbackContext);
if(!NT_SUCCESS(Status))
{
goto Failure;
}
/* address of the next module in the list */
Current = LoaderModule.InLoadOrderLinks.Flink;
}
}
return STATUS_SUCCESS;
Failure:
return Status;
}
/* EOF */