diff options
author | Giampaolo Rodola <g.rodola@gmail.com> | 2020-01-03 16:48:18 -0800 |
---|---|---|
committer | Giampaolo Rodola <g.rodola@gmail.com> | 2020-01-03 16:48:18 -0800 |
commit | f07973461f89987aa827a81d2644498e6abbe0a9 (patch) | |
tree | 193c633df80ac7a299260ca53cd2ee50c9a3f72c /psutil/arch/windows | |
parent | b16778a759124796845d9c3ca2ada147074fda4c (diff) | |
download | psutil-f07973461f89987aa827a81d2644498e6abbe0a9.tar.gz |
move PEB structs into ntextapi.h
Diffstat (limited to 'psutil/arch/windows')
-rw-r--r-- | psutil/arch/windows/cpu.c | 2 | ||||
-rw-r--r-- | psutil/arch/windows/ntextapi.h | 101 | ||||
-rw-r--r-- | psutil/arch/windows/process_info.c | 127 |
3 files changed, 112 insertions, 118 deletions
diff --git a/psutil/arch/windows/cpu.c b/psutil/arch/windows/cpu.c index 59bedb44..479adfeb 100644 --- a/psutil/arch/windows/cpu.c +++ b/psutil/arch/windows/cpu.c @@ -229,7 +229,7 @@ psutil_cpu_count_phys(PyObject *self, PyObject *args) { while (offset < length) { // Advance ptr by the size of the previous // SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX struct. - ptr = (SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX*)\ + ptr = (SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX*) \ (((char*)ptr) + prev_processor_info_size); if (ptr->Relationship == RelationProcessorCore) { diff --git a/psutil/arch/windows/ntextapi.h b/psutil/arch/windows/ntextapi.h index 3c6b76cf..3e7147d1 100644 --- a/psutil/arch/windows/ntextapi.h +++ b/psutil/arch/windows/ntextapi.h @@ -331,7 +331,8 @@ typedef struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX { CACHE_RELATIONSHIP Cache; GROUP_RELATIONSHIP Group; } DUMMYUNIONNAME; -} SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX, *PSYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX; +} SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX, \ + *PSYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX; #endif // memory_uss() @@ -361,6 +362,104 @@ typedef struct _PSUTIL_PROCESS_WS_COUNTERS { SIZE_T NumberOfShareablePages; } PSUTIL_PROCESS_WS_COUNTERS, *PPSUTIL_PROCESS_WS_COUNTERS; +// ==================================================================== +// PEB structs for cmdline(), cwd(), environ() +// ==================================================================== + +#ifdef _WIN64 +typedef struct { + BYTE Reserved1[2]; + BYTE BeingDebugged; + BYTE Reserved2[21]; + PVOID LoaderData; + PRTL_USER_PROCESS_PARAMETERS_ ProcessParameters; + // more fields... +} PEB_; + +// When we are a 64 bit process accessing a 32 bit (WoW64) +// process we need to use the 32 bit structure layout. +typedef struct { + USHORT Length; + USHORT MaxLength; + DWORD Buffer; +} UNICODE_STRING32; + +typedef struct { + BYTE Reserved1[16]; + DWORD Reserved2[5]; + UNICODE_STRING32 CurrentDirectoryPath; + DWORD CurrentDirectoryHandle; + UNICODE_STRING32 DllPath; + UNICODE_STRING32 ImagePathName; + UNICODE_STRING32 CommandLine; + DWORD env; +} RTL_USER_PROCESS_PARAMETERS32; + +typedef struct { + BYTE Reserved1[2]; + BYTE BeingDebugged; + BYTE Reserved2[1]; + DWORD Reserved3[2]; + DWORD Ldr; + DWORD ProcessParameters; + // more fields... +} PEB32; +#else // ! _WIN64 +typedef struct { + BYTE Reserved1[2]; + BYTE BeingDebugged; + BYTE Reserved2[1]; + PVOID Reserved3[2]; + PVOID Ldr; + PRTL_USER_PROCESS_PARAMETERS_ ProcessParameters; + // more fields... +} PEB_; + +// When we are a 32 bit (WoW64) process accessing a 64 bit process +// we need to use the 64 bit structure layout and a special function +// to read its memory. +typedef NTSTATUS (NTAPI *_NtWow64ReadVirtualMemory64)( + HANDLE ProcessHandle, + PVOID64 BaseAddress, + PVOID Buffer, + ULONG64 Size, + PULONG64 NumberOfBytesRead); + +typedef struct { + PVOID Reserved1[2]; + PVOID64 PebBaseAddress; + PVOID Reserved2[4]; + PVOID UniqueProcessId[2]; + PVOID Reserved3[2]; +} PROCESS_BASIC_INFORMATION64; + +typedef struct { + USHORT Length; + USHORT MaxLength; + PVOID64 Buffer; +} UNICODE_STRING64; + +typedef struct { + BYTE Reserved1[16]; + PVOID64 Reserved2[5]; + UNICODE_STRING64 CurrentDirectoryPath; + PVOID64 CurrentDirectoryHandle; + UNICODE_STRING64 DllPath; + UNICODE_STRING64 ImagePathName; + UNICODE_STRING64 CommandLine; + PVOID64 env; +} RTL_USER_PROCESS_PARAMETERS64; + +typedef struct { + BYTE Reserved1[2]; + BYTE BeingDebugged; + BYTE Reserved2[21]; + PVOID64 LoaderData; + PVOID64 ProcessParameters; + // more fields... +} PEB64; +#endif // _WIN64 + // ================================================================ // Type defs for modules loaded at runtime. // ================================================================ diff --git a/psutil/arch/windows/process_info.c b/psutil/arch/windows/process_info.c index d33008bb..1ee85e08 100644 --- a/psutil/arch/windows/process_info.c +++ b/psutil/arch/windows/process_info.c @@ -16,117 +16,10 @@ #include "../../_psutil_common.h" -// ==================================================================== -// Helper structures to access the memory correctly. -// Some of these might also be defined in the winternl.h header file -// but unfortunately not in a usable way. -// ==================================================================== - -// https://msdn.microsoft.com/en-us/library/aa813706(v=vs.85).aspx -#ifdef _WIN64 -typedef struct { - BYTE Reserved1[2]; - BYTE BeingDebugged; - BYTE Reserved2[21]; - PVOID LoaderData; - PRTL_USER_PROCESS_PARAMETERS_ ProcessParameters; - /* More fields ... */ -} PEB_; -#else -typedef struct { - BYTE Reserved1[2]; - BYTE BeingDebugged; - BYTE Reserved2[1]; - PVOID Reserved3[2]; - PVOID Ldr; - PRTL_USER_PROCESS_PARAMETERS_ ProcessParameters; - /* More fields ... */ -} PEB_; -#endif - -#ifdef _WIN64 -/* When we are a 64 bit process accessing a 32 bit (WoW64) process we need to - use the 32 bit structure layout. */ -typedef struct { - USHORT Length; - USHORT MaxLength; - DWORD Buffer; -} UNICODE_STRING32; - -typedef struct { - BYTE Reserved1[16]; - DWORD Reserved2[5]; - UNICODE_STRING32 CurrentDirectoryPath; - DWORD CurrentDirectoryHandle; - UNICODE_STRING32 DllPath; - UNICODE_STRING32 ImagePathName; - UNICODE_STRING32 CommandLine; - DWORD env; -} RTL_USER_PROCESS_PARAMETERS32; - -typedef struct { - BYTE Reserved1[2]; - BYTE BeingDebugged; - BYTE Reserved2[1]; - DWORD Reserved3[2]; - DWORD Ldr; - DWORD ProcessParameters; - /* More fields ... */ -} PEB32; -#else -/* When we are a 32 bit (WoW64) process accessing a 64 bit process we need to - use the 64 bit structure layout and a special function to read its memory. - */ -typedef NTSTATUS (NTAPI *_NtWow64ReadVirtualMemory64)( - HANDLE ProcessHandle, - PVOID64 BaseAddress, - PVOID Buffer, - ULONG64 Size, - PULONG64 NumberOfBytesRead); - -typedef struct { - PVOID Reserved1[2]; - PVOID64 PebBaseAddress; - PVOID Reserved2[4]; - PVOID UniqueProcessId[2]; - PVOID Reserved3[2]; -} PROCESS_BASIC_INFORMATION64; - -typedef struct { - USHORT Length; - USHORT MaxLength; - PVOID64 Buffer; -} UNICODE_STRING64; - -typedef struct { - BYTE Reserved1[16]; - PVOID64 Reserved2[5]; - UNICODE_STRING64 CurrentDirectoryPath; - PVOID64 CurrentDirectoryHandle; - UNICODE_STRING64 DllPath; - UNICODE_STRING64 ImagePathName; - UNICODE_STRING64 CommandLine; - PVOID64 env; -} RTL_USER_PROCESS_PARAMETERS64; - -typedef struct { - BYTE Reserved1[2]; - BYTE BeingDebugged; - BYTE Reserved2[21]; - PVOID64 LoaderData; - PVOID64 ProcessParameters; - /* More fields ... */ -} PEB64; -#endif - - -// ==================================================================== -// Process / PEB functions. -// ==================================================================== - - -/* Given a pointer into a process's memory, figure out how much data can be - * read from it. */ +/* + * Given a pointer into a process's memory, figure out how much + * data can be read from it. + */ static int psutil_get_process_region_size(HANDLE hProcess, LPCVOID src, SIZE_T *psize) { MEMORY_BASIC_INFORMATION info; @@ -147,12 +40,14 @@ enum psutil_process_data_kind { KIND_ENVIRON, }; -/* Get data from the process with the given pid. The data is returned in the - pdata output member as a nul terminated string which must be freed on - success. - On success 0 is returned. On error the output parameter is not touched, -1 - is returned, and an appropriate Python exception is set. */ +/* + * Get data from the process with the given pid. The data is returned + * in the pdata output member as a nul terminated string which must be + * freed on success. + * On success 0 is returned. On error the output parameter is not touched, + * -1 is returned, and an appropriate Python exception is set. + */ static int psutil_get_process_data(long pid, enum psutil_process_data_kind kind, |