Skip to content

Commit 00e923f

Browse files
dmexdmex
committed
Update PhCreateProcessSnapshot, PhFreeProcessSnapshot
1 parent deb3c28 commit 00e923f

File tree

2 files changed

+41
-11
lines changed

2 files changed

+41
-11
lines changed

phlib/include/phutil.h

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1599,6 +1599,23 @@ PhApiSetResolveToHost(
15991599
_In_ PPH_STRINGREF ApiSetName
16001600
);
16011601

1602+
PHLIBAPI
1603+
NTSTATUS
1604+
NTAPI
1605+
PhCreateProcessSnapshot(
1606+
_Out_ PHANDLE SnapshotHandle,
1607+
_In_opt_ HANDLE ProcessHandle,
1608+
_In_opt_ HANDLE ProcessId
1609+
);
1610+
1611+
PHLIBAPI
1612+
VOID
1613+
NTAPI
1614+
PhFreeProcessSnapshot(
1615+
_In_ PHANDLE ProcessHandle,
1616+
_In_ HANDLE SnapshotHandle
1617+
);
1618+
16021619
#ifdef __cplusplus
16031620
}
16041621
#endif

phlib/util.c

Lines changed: 24 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -8570,21 +8570,30 @@ NTSTATUS PhCreateProcessReflection(
85708570

85718571
NTSTATUS PhCreateProcessSnapshot(
85728572
_Out_ PHANDLE SnapshotHandle,
8573-
_In_ HANDLE ProcessId
8573+
_In_opt_ HANDLE ProcessHandle,
8574+
_In_opt_ HANDLE ProcessId
85748575
)
85758576
{
85768577
NTSTATUS status;
8577-
HANDLE processHandle;
8578-
HANDLE snapshotHandle;
8578+
HANDLE processHandle = NULL;
8579+
HANDLE snapshotHandle = NULL;
85798580

85808581
if (!PssCaptureSnapshot_Import())
85818582
return STATUS_PROCEDURE_NOT_FOUND;
85828583

8583-
status = PhOpenProcess(
8584-
&processHandle,
8585-
MAXIMUM_ALLOWED,
8586-
ProcessId
8587-
);
8584+
if (ProcessHandle)
8585+
{
8586+
processHandle = ProcessHandle;
8587+
status = STATUS_SUCCESS;
8588+
}
8589+
else
8590+
{
8591+
status = PhOpenProcess(
8592+
&processHandle,
8593+
MAXIMUM_ALLOWED,
8594+
ProcessId
8595+
);
8596+
}
85888597

85898598
if (!NT_SUCCESS(status))
85908599
return status;
@@ -8600,7 +8609,8 @@ NTSTATUS PhCreateProcessSnapshot(
86008609
);
86018610
status = PhDosErrorToNtStatus(status);
86028611

8603-
NtClose(processHandle);
8612+
if (!ProcessHandle && processHandle)
8613+
NtClose(processHandle);
86048614

86058615
if (NT_SUCCESS(status))
86068616
{
@@ -8615,7 +8625,7 @@ VOID PhFreeProcessSnapshot(
86158625
_In_ HANDLE SnapshotHandle
86168626
)
86178627
{
8618-
PSS_VA_CLONE_INFORMATION processInfo;
8628+
PSS_VA_CLONE_INFORMATION processInfo = { 0 };
86198629

86208630
if (PssQuerySnapshot_Import() && PssQuerySnapshot_Import()(
86218631
SnapshotHandle,
@@ -8624,7 +8634,10 @@ VOID PhFreeProcessSnapshot(
86248634
sizeof(PSS_VA_CLONE_INFORMATION)
86258635
) == ERROR_SUCCESS)
86268636
{
8627-
NtClose(processInfo.VaCloneHandle);
8637+
if (processInfo.VaCloneHandle)
8638+
{
8639+
NtClose(processInfo.VaCloneHandle);
8640+
}
86288641
}
86298642

86308643
if (PssFreeSnapshot_Import())

0 commit comments

Comments
 (0)