Skip to content

Commit

Permalink
Merge pull request #445 from processhacker/master
Browse files Browse the repository at this point in the history 
[pull] master from processhacker:master
  • Loading branch information
@pull
pull[bot] authored Mar 23, 2022
2 parents 412b460 + c8c49e3 commit b5dffcf
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 34 deletions.
2 changes: 1 addition & 1 deletion ProcessHacker/appsup.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2460,7 +2460,7 @@ HRESULT PhCreateAdminTask(
ITaskSettings_put_DisallowStartIfOnBatteries(taskSettings, VARIANT_FALSE);
ITaskSettings_put_StopIfGoingOnBatteries(taskSettings, VARIANT_FALSE);
ITaskSettings_put_ExecutionTimeLimit(taskSettings, taskTimeLimitString);
//ITaskSettings_put_Priority(taskSettings, 1);
ITaskSettings_put_Priority(taskSettings, 1);

if (SUCCEEDED(ITaskSettings_QueryInterface(
taskSettings,
Expand Down
24 changes: 12 additions & 12 deletions ProcessHacker/thrdlist.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1351,10 +1351,10 @@ BOOLEAN NTAPI PhpThreadTreeNewCallback(
{
HANDLE processHandle;

if (NT_SUCCESS(PhOpenThreadProcess(
threadItem->ThreadHandle,
if (NT_SUCCESS(PhOpenProcess(
&processHandle,
PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ,
&processHandle
context->ProcessId
)))
{
node->ThreadReadVmHandle = processHandle;
Expand Down Expand Up @@ -1438,10 +1438,10 @@ BOOLEAN NTAPI PhpThreadTreeNewCallback(
{
HANDLE processHandle;

if (NT_SUCCESS(PhOpenThreadProcess(
threadItem->ThreadHandle,
if (NT_SUCCESS(PhOpenProcess(
&processHandle,
PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ,
&processHandle
context->ProcessId
)))
{
node->ThreadReadVmHandle = processHandle;
Expand Down Expand Up @@ -1504,10 +1504,10 @@ BOOLEAN NTAPI PhpThreadTreeNewCallback(
{
HANDLE processHandle;

if (NT_SUCCESS(PhOpenThreadProcess(
threadItem->ThreadHandle,
if (NT_SUCCESS(PhOpenProcess(
&processHandle,
PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ,
&processHandle
context->ProcessId
)))
{
node->ThreadReadVmHandle = processHandle;
Expand Down Expand Up @@ -1646,10 +1646,10 @@ BOOLEAN NTAPI PhpThreadTreeNewCallback(
{
HANDLE processHandle;

if (NT_SUCCESS(PhOpenThreadProcess(
threadItem->ThreadHandle,
if (NT_SUCCESS(PhOpenProcess(
&processHandle,
PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_VM_READ,
&processHandle
context->ProcessId
)))
{
node->ThreadReadVmHandle = processHandle;
Expand Down
38 changes: 17 additions & 21 deletions phlib/imgcoherency.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* Image Coherency
*
* Copyright (C) 2020 jxy-s
* Copyright (C) 2021 dmex
* Copyright (C) 2021-2022 dmex
*
* This file is part of Process Hacker.
*
Expand Down Expand Up @@ -118,9 +118,9 @@ ULONG PhpGetSectionScanSize(
*
* \return TRUE if the section should be scanned for the given scan type, FALSE otherwise.
*/
ULONG PhpShouldScanSection(
PH_IMAGE_COHERENCY_SCAN_TYPE Type,
PIMAGE_SECTION_HEADER SectionHeader
BOOLEAN PhpShouldScanSection(
_In_ PH_IMAGE_COHERENCY_SCAN_TYPE Type,
_In_ PIMAGE_SECTION_HEADER SectionHeader
)
{
switch (Type)
Expand Down Expand Up @@ -296,7 +296,7 @@ PPH_IMAGE_COHERENCY_CONTEXT PhpCreateImageCoherencyContext(
* for each inspected byte, the callback may return any number of bytes to skip.
* \param[in] SkipCallbackContext - Optional, callback context passed to the skip callback.
*/
VOID PhpAnalyzeImageCoherencyInsepct(
VOID PhpAnalyzeImageCoherencyInspect(
_In_opt_ PBYTE LeftBuffer,
_In_ ULONG LeftCount,
_In_opt_ PBYTE RightBuffer,
Expand Down Expand Up @@ -433,7 +433,7 @@ VOID PhpAnalyzeImageCoherencyCommonByRva(
//
// Do the inspection, clamp the bytes to the minimum
//
PhpAnalyzeImageCoherencyInsepct(fileBytes,
PhpAnalyzeImageCoherencyInspect(fileBytes,
(ULONG)bytes,
buffer,
(ULONG)bytes,
Expand All @@ -457,7 +457,7 @@ VOID PhpAnalyzeImageCoherencyCommonByRva(
* \param[in] Context - Image coherency context.
* \param[in] ExpectedByte - Expected byte in the entire range.
*/
VOID PhpAnalyzeImageCoherencyCommonByRvaExepctBytes(
VOID PhpAnalyzeImageCoherencyCommonByRvaExpectBytes(
_In_ HANDLE ProcessHandle,
_In_ ULONG Rva,
_In_ ULONG Size,
Expand Down Expand Up @@ -500,7 +500,7 @@ VOID PhpAnalyzeImageCoherencyCommonByRvaExepctBytes(
//
// Do the inspection
//
PhpAnalyzeImageCoherencyInsepct(expected,
PhpAnalyzeImageCoherencyInspect(expected,
(ULONG)bytesRead,
buffer,
(ULONG)bytesRead,
Expand Down Expand Up @@ -569,13 +569,9 @@ VOID PhpAnalyzeImageCoherencyCommonAsNative(
_In_ PPH_IMAGE_COHERENCY_CONTEXT Context
)
{
BOOL inspectedEntry;
DWORD addressOfEntry;
ULONG addressOfEntry = 0;
PIMAGE_SECTION_HEADER entrySection;

inspectedEntry = FALSE;
addressOfEntry = 0;

switch (Context->MappedImage.Magic)
{
case IMAGE_NT_OPTIONAL_HDR32_MAGIC:
Expand Down Expand Up @@ -620,8 +616,8 @@ VOID PhpAnalyzeImageCoherencyCommonAsNative(
mappedSection = &Context->MappedImage.Sections[i];
remoteMappedSection = &Context->MappedImage.Sections[i];

if ((PhpShouldScanSection(Context->Type, mappedSection) != FALSE) ||
(PhpShouldScanSection(Context->Type, remoteMappedSection) != FALSE))
if (PhpShouldScanSection(Context->Type, mappedSection) ||
PhpShouldScanSection(Context->Type, remoteMappedSection))
{
ULONG size;
SIZE_T prevTotal;
Expand Down Expand Up @@ -683,7 +679,7 @@ VOID PhpAnalyzeImageCoherencyCommonAsNative(
((mappedSection->Characteristics & IMAGE_SCN_MEM_EXECUTE) != 0) &&
(mappedSection->Misc.VirtualSize > mappedSection->SizeOfRawData))
{
PhpAnalyzeImageCoherencyCommonByRvaExepctBytes(
PhpAnalyzeImageCoherencyCommonByRvaExpectBytes(
ProcessHandle,
mappedSection->VirtualAddress + mappedSection->SizeOfRawData,
mappedSection->Misc.VirtualSize - mappedSection->SizeOfRawData,
Expand Down Expand Up @@ -844,7 +840,7 @@ VOID PhpAnalyzeImageCoherencyCommon(
if ((i < Context->MappedImage.NumberOfSections) &&
(i < Context->RemoteMappedImage.NumberOfSections))
{
PhpAnalyzeImageCoherencyInsepct((PBYTE)&Context->MappedImage.Sections[i],
PhpAnalyzeImageCoherencyInspect((PBYTE)&Context->MappedImage.Sections[i],
sizeof(IMAGE_SECTION_HEADER),
(PBYTE)&Context->RemoteMappedImage.Sections[i],
sizeof(IMAGE_SECTION_HEADER),
Expand Down Expand Up @@ -925,7 +921,7 @@ NTSTATUS PhpAnalyzeImageCoherencyNt32(
//
// Inspect the header
//
PhpAnalyzeImageCoherencyInsepct((PBYTE)Context->MappedImage.NtHeaders32,
PhpAnalyzeImageCoherencyInspect((PBYTE)Context->MappedImage.NtHeaders32,
UFIELD_OFFSET(IMAGE_NT_HEADERS32, OptionalHeader),
(PBYTE)Context->RemoteMappedImage.NtHeaders32,
UFIELD_OFFSET(IMAGE_NT_HEADERS32, OptionalHeader),
Expand All @@ -937,7 +933,7 @@ NTSTATUS PhpAnalyzeImageCoherencyNt32(
//
// Inspect the optional header
//
PhpAnalyzeImageCoherencyInsepct((PBYTE)fileOptHeader,
PhpAnalyzeImageCoherencyInspect((PBYTE)fileOptHeader,
sizeof(IMAGE_OPTIONAL_HEADER32),
(PBYTE)procOptHeader,
sizeof(IMAGE_OPTIONAL_HEADER32),
Expand Down Expand Up @@ -1003,7 +999,7 @@ NTSTATUS PhpAnalyzeImageCoherencyNt64(
//
// Inspect the header
//
PhpAnalyzeImageCoherencyInsepct((PBYTE)Context->MappedImage.NtHeaders,
PhpAnalyzeImageCoherencyInspect((PBYTE)Context->MappedImage.NtHeaders,
UFIELD_OFFSET(IMAGE_NT_HEADERS64, OptionalHeader),
(PBYTE)Context->RemoteMappedImage.NtHeaders,
UFIELD_OFFSET(IMAGE_NT_HEADERS64, OptionalHeader),
Expand All @@ -1014,7 +1010,7 @@ NTSTATUS PhpAnalyzeImageCoherencyNt64(
//
// And the optional header
//
PhpAnalyzeImageCoherencyInsepct((PBYTE)fileOptHeader,
PhpAnalyzeImageCoherencyInspect((PBYTE)fileOptHeader,
sizeof(IMAGE_OPTIONAL_HEADER64),
(PBYTE)procOptHeader,
sizeof(IMAGE_OPTIONAL_HEADER64),
Expand Down

0 comments on commit b5dffcf

Please sign in to comment.