Update versioning for Windows 10, Fix process OS Context on Win10-RS2, Add PEB comments

dmex · dmex · commit c44ca0ae68ce · 2017-06-14T16:20:48.000+10:00
diff --git a/ProcessHacker/appsup.c b/ProcessHacker/appsup.c
@@ -178,7 +178,18 @@ NTSTATUS PhGetProcessSwitchContext(
     if (!data)
         return STATUS_UNSUCCESSFUL; // no compatibility context data
 
-    if (WindowsVersion >= WINDOWS_10)
+    if (WindowsVersion >= WINDOWS_10_RS2)
+    {
+        if (!NT_SUCCESS(status = NtReadVirtualMemory(
+            ProcessHandle,
+            PTR_ADD_OFFSET(data, 1544),
+            Guid,
+            sizeof(GUID),
+            NULL
+            )))
+            return status;
+    }
+    else if (WindowsVersion >= WINDOWS_10)
     {
         if (!NT_SUCCESS(status = NtReadVirtualMemory(
             ProcessHandle,
diff --git a/phlib/global.c b/phlib/global.c
@@ -163,6 +163,7 @@ static VOID PhInitializeWindowsVersion(
     RTL_OSVERSIONINFOEXW versionInfo;
     ULONG majorVersion;
     ULONG minorVersion;
+    ULONG buildVersion;
 
     versionInfo.dwOSVersionInfoSize = sizeof(RTL_OSVERSIONINFOEXW);
 
@@ -175,6 +176,7 @@ static VOID PhInitializeWindowsVersion(
     memcpy(&PhOsVersion, &versionInfo, sizeof(RTL_OSVERSIONINFOEXW));
     majorVersion = versionInfo.dwMajorVersion;
     minorVersion = versionInfo.dwMinorVersion;
+    buildVersion = versionInfo.dwBuildNumber;
 
     if (majorVersion == 6 && minorVersion < 1 || majorVersion < 6)
     {
@@ -198,7 +200,24 @@ static VOID PhInitializeWindowsVersion(
     /* Windows 10 */
     else if (majorVersion == 10 && minorVersion == 0)
     {
-        WindowsVersion = WINDOWS_10;
+        switch (buildVersion)
+        {
+        case 10240:
+            WindowsVersion = WINDOWS_10_TH1;
+            break;
+        case 10586:
+            WindowsVersion = WINDOWS_10_TH2;
+            break;
+        case 14393:
+            WindowsVersion = WINDOWS_10_RS1;
+            break;
+        case 15063:
+            WindowsVersion = WINDOWS_10_RS2;
+            break;
+        default:
+            WindowsVersion = WINDOWS_10;
+            break;
+        }
     }
     else if (majorVersion == 10 && minorVersion > 0 || majorVersion > 10)
     {
diff --git a/phlib/include/phconfig.h b/phlib/include/phconfig.h
@@ -8,7 +8,6 @@ extern "C" {
 #define _User_set_
 
 PHLIBAPI extern _User_set_ PVOID PhLibImageBase;
-
 PHLIBAPI extern _User_set_ PWSTR PhApplicationName;
 PHLIBAPI extern _User_set_ ULONG PhGlobalDpi;
 PHLIBAPI extern PVOID PhHeapHandle;
@@ -29,6 +28,10 @@ PHLIBAPI extern ACCESS_MASK ThreadAllAccess;
 #define WINDOWS_8 62
 #define WINDOWS_8_1 63
 #define WINDOWS_10 100
+#define WINDOWS_10_TH1 101
+#define WINDOWS_10_TH2 102
+#define WINDOWS_10_RS1 103
+#define WINDOWS_10_RS2 104
 #define WINDOWS_NEW MAXLONG
 
 #define WINDOWS_HAS_IMMERSIVE (WindowsVersion >= WINDOWS_8)
diff --git a/phlib/svcsup.c b/phlib/svcsup.c
@@ -93,21 +93,18 @@ PVOID PhEnumServices(
 
     if (!Type)
     {
-        if (WindowsVersion >= WINDOWS_10)
+        if (WindowsVersion >= WINDOWS_10_RS1)
         {
-            if (PhOsVersion.dwBuildNumber >= 14393)
-            {
-                Type = SERVICE_TYPE_ALL;
-            }
-            else
-            {
-                Type = SERVICE_WIN32 |
-                    SERVICE_ADAPTER |
-                    SERVICE_DRIVER |
-                    SERVICE_INTERACTIVE_PROCESS |
-                    SERVICE_USER_SERVICE |
-                    SERVICE_USERSERVICE_INSTANCE;
-            }
+            Type = SERVICE_TYPE_ALL;
+        }
+        else if (WindowsVersion >= WINDOWS_10)
+        {
+            Type = SERVICE_WIN32 |
+                SERVICE_ADAPTER |
+                SERVICE_DRIVER |
+                SERVICE_INTERACTIVE_PROCESS |
+                SERVICE_USER_SERVICE |
+                SERVICE_USERSERVICE_INSTANCE;
         }
         else
         {
diff --git a/phnt/include/ntpebteb.h b/phnt/include/ntpebteb.h
@@ -65,9 +65,9 @@ typedef struct _PEB
     PVOID ReadOnlySharedMemoryBase;
     PVOID HotpatchInformation;
     PVOID *ReadOnlyStaticServerData;
-    PVOID AnsiCodePageData;
-    PVOID OemCodePageData;
-    PVOID UnicodeCaseTableData;
+    PVOID AnsiCodePageData; // PCPTABLEINFO
+    PVOID OemCodePageData; // PCPTABLEINFO
+    PVOID UnicodeCaseTableData; // PNLSTABLEINFO
 
     ULONG NumberOfProcessors;
     ULONG NtGlobalFlag;
@@ -80,7 +80,7 @@ typedef struct _PEB
 
     ULONG NumberOfHeaps;
     ULONG MaximumNumberOfHeaps;
-    PVOID *ProcessHeaps;
+    PVOID *ProcessHeaps; // PHEAP
 
     PVOID GdiSharedHandleTable;
     PVOID ProcessStarterHelper;
@@ -112,10 +112,10 @@ typedef struct _PEB
 
     UNICODE_STRING CSDVersion;
 
-    PVOID ActivationContextData;
-    PVOID ProcessAssemblyStorageMap;
-    PVOID SystemDefaultActivationContextData;
-    PVOID SystemAssemblyStorageMap;
+    PVOID ActivationContextData; // ACTIVATION_CONTEXT_DATA
+    PVOID ProcessAssemblyStorageMap; // ASSEMBLY_STORAGE_MAP
+    PVOID SystemDefaultActivationContextData; // ACTIVATION_CONTEXT_DATA
+    PVOID SystemAssemblyStorageMap; // ASSEMBLY_STORAGE_MAP
 
     SIZE_T MinimumStackCommit;
 
