Process Hacker
global.c
Go to the documentation of this file.
1 /*
2  * Process Hacker -
3  * global variables and initialization functions
4  *
5  * Copyright (C) 2010-2013 wj32
6  *
7  * This file is part of Process Hacker.
8  *
9  * Process Hacker is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation, either version 3 of the License, or
12  * (at your option) any later version.
13  *
14  * Process Hacker is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
21  */
22 
23 #include <ph.h>
24 #include <phintrnl.h>
25 #include <symprv.h>
26 
27 VOID PhInitializeSecurity(
28  _In_ ULONG Flags
29  );
30 
31 BOOLEAN PhInitializeSystem(
32  _In_ ULONG Flags
33  );
34 
35 VOID PhInitializeSystemInformation(
36  VOID
37  );
38 
39 VOID PhInitializeWindowsVersion(
40  VOID
41  );
42 
43 PHLIBAPI PVOID PhLibImageBase;
44 
45 PHLIBAPI PWSTR PhApplicationName = L"Application";
46 PHLIBAPI ULONG PhCurrentSessionId;
47 PHLIBAPI HANDLE PhCurrentTokenQueryHandle = NULL;
48 PHLIBAPI BOOLEAN PhElevated;
49 PHLIBAPI TOKEN_ELEVATION_TYPE PhElevationType;
50 PHLIBAPI PVOID PhHeapHandle;
51 PHLIBAPI RTL_OSVERSIONINFOEXW PhOsVersion;
52 PHLIBAPI SYSTEM_BASIC_INFORMATION PhSystemBasicInformation;
53 PHLIBAPI ULONG WindowsVersion;
54 
55 PHLIBAPI ACCESS_MASK ProcessQueryAccess;
56 PHLIBAPI ACCESS_MASK ProcessAllAccess;
57 PHLIBAPI ACCESS_MASK ThreadQueryAccess;
58 PHLIBAPI ACCESS_MASK ThreadSetAccess;
59 PHLIBAPI ACCESS_MASK ThreadAllAccess;
60 
61 // Internal data
62 #ifdef DEBUG
63 PHLIB_STATISTICS_BLOCK PhLibStatisticsBlock;
64 #endif
65 
66 NTSTATUS PhInitializePhLib(
67  VOID
68  )
69 {
70  return PhInitializePhLibEx(
71  0xffffffff, // all possible features
72  0,
73  0
74  );
75 }
76 
77 NTSTATUS PhInitializePhLibEx(
78  _In_ ULONG Flags,
79  _In_opt_ SIZE_T HeapReserveSize,
80  _In_opt_ SIZE_T HeapCommitSize
81  )
82 {
83  PhHeapHandle = RtlCreateHeap(
84  HEAP_GROWABLE | HEAP_CLASS_1,
85  NULL,
86  HeapReserveSize ? HeapReserveSize : 2 * 1024 * 1024, // 2 MB
87  HeapCommitSize ? HeapCommitSize : 1024 * 1024, // 1 MB
88  NULL,
89  NULL
90  );
91 
92  if (!PhHeapHandle)
93  return STATUS_INSUFFICIENT_RESOURCES;
94 
95  PhLibImageBase = NtCurrentPeb()->ImageBaseAddress;
96 
97  PhInitializeWindowsVersion();
98  PhInitializeSystemInformation();
99 
100  if (!PhQueuedLockInitialization())
101  return STATUS_UNSUCCESSFUL;
102 
103  if (!NT_SUCCESS(PhInitializeRef()))
104  return STATUS_UNSUCCESSFUL;
105  if (!PhInitializeBase(Flags))
106  return STATUS_UNSUCCESSFUL;
107 
108  PhInitializeSecurity(Flags);
109 
110  if (!PhInitializeSystem(Flags))
111  return STATUS_UNSUCCESSFUL;
112 
113  return STATUS_SUCCESS;
114 }
115 
116 #ifndef _WIN64
117 BOOLEAN PhIsExecutingInWow64(
118  VOID
119  )
120 {
121  static BOOLEAN valid = FALSE;
122  static BOOLEAN isWow64;
123 
124  if (!valid)
125  {
126  PhGetProcessIsWow64(NtCurrentProcess(), &isWow64);
127  MemoryBarrier();
128  valid = TRUE;
129  }
130 
131  return isWow64;
132 }
133 #endif
134 
135 static VOID PhInitializeSecurity(
136  _In_ ULONG Flags
137  )
138 {
139  HANDLE tokenHandle;
140 
141  PhElevated = TRUE;
142  PhElevationType = TokenElevationTypeDefault;
143  PhCurrentSessionId = NtCurrentPeb()->SessionId;
144 
145  if (Flags & PHLIB_INIT_TOKEN_INFO)
146  {
147  if (NT_SUCCESS(PhOpenProcessToken(
148  &tokenHandle,
149  TOKEN_QUERY,
150  NtCurrentProcess()
151  )))
152  {
153  if (WINDOWS_HAS_UAC)
154  {
155  PhGetTokenIsElevated(tokenHandle, &PhElevated);
156  PhGetTokenElevationType(tokenHandle, &PhElevationType);
157  }
158 
159  PhCurrentTokenQueryHandle = tokenHandle;
160  }
161  }
162 }
163 
164 static BOOLEAN PhInitializeSystem(
165  _In_ ULONG Flags
166  )
167 {
168  if (Flags & PHLIB_INIT_MODULE_IO_SUPPORT)
169  {
170  if (!PhIoSupportInitialization())
171  return FALSE;
172  }
173 
174  if (Flags & PHLIB_INIT_MODULE_SYMBOL_PROVIDER)
175  {
176  if (!PhSymbolProviderInitialization())
177  return FALSE;
178  }
179 
180  return TRUE;
181 }
182 
183 static VOID PhInitializeSystemInformation(
184  VOID
185  )
186 {
187  if (!NT_SUCCESS(NtQuerySystemInformation(
188  SystemBasicInformation,
189  &PhSystemBasicInformation,
190  sizeof(SYSTEM_BASIC_INFORMATION),
191  NULL
192  )))
193  {
194  // Disabled message because it's not appropriate at this abstraction layer.
195  //PhShowWarning(
196  // NULL,
197  // L"Unable to query basic system information. "
198  // L"Some functionality may not work as expected."
199  // );
200  }
201 }
202 
203 static VOID PhInitializeWindowsVersion(
204  VOID
205  )
206 {
207  RTL_OSVERSIONINFOEXW versionInfo;
208  ULONG majorVersion;
209  ULONG minorVersion;
210 
211  versionInfo.dwOSVersionInfoSize = sizeof(RTL_OSVERSIONINFOEXW);
212 
213  if (!NT_SUCCESS(RtlGetVersion((PRTL_OSVERSIONINFOW)&versionInfo)))
214  {
215  //PhShowWarning(
216  // NULL,
217  // L"Unable to determine the Windows version. "
218  // L"Some functionality may not work as expected."
219  // );
220  WindowsVersion = WINDOWS_NEW;
221  return;
222  }
223 
224  memcpy(&PhOsVersion, &versionInfo, sizeof(RTL_OSVERSIONINFOEXW));
225  majorVersion = versionInfo.dwMajorVersion;
226  minorVersion = versionInfo.dwMinorVersion;
227 
228  if (majorVersion == 5 && minorVersion < 1 || majorVersion < 5)
229  {
230  WindowsVersion = WINDOWS_ANCIENT;
231  }
232  /* Windows XP */
233  else if (majorVersion == 5 && minorVersion == 1)
234  {
235  WindowsVersion = WINDOWS_XP;
236  }
237  /* Windows Server 2003 */
238  else if (majorVersion == 5 && minorVersion == 2)
239  {
240  WindowsVersion = WINDOWS_SERVER_2003;
241  }
242  /* Windows Vista, Windows Server 2008 */
243  else if (majorVersion == 6 && minorVersion == 0)
244  {
245  WindowsVersion = WINDOWS_VISTA;
246  }
247  /* Windows 7, Windows Server 2008 R2 */
248  else if (majorVersion == 6 && minorVersion == 1)
249  {
250  WindowsVersion = WINDOWS_7;
251  }
252  /* Windows 8 */
253  else if (majorVersion == 6 && minorVersion == 2)
254  {
255  WindowsVersion = WINDOWS_8;
256  }
257  /* Windows 8.1 */
258  else if (majorVersion == 6 && minorVersion == 3)
259  {
260  WindowsVersion = WINDOWS_8_1;
261  }
262  /* Windows 10 */
263  else if (majorVersion == 10 && minorVersion == 0)
264  {
265  WindowsVersion = WINDOWS_10;
266  }
267  else if (majorVersion == 10 && minorVersion > 0 || majorVersion > 10)
268  {
269  WindowsVersion = WINDOWS_NEW;
270  }
271 
272  if (WINDOWS_HAS_LIMITED_ACCESS)
273  {
274  ProcessQueryAccess = PROCESS_QUERY_LIMITED_INFORMATION;
275  ProcessAllAccess = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1fff;
276  ThreadQueryAccess = THREAD_QUERY_LIMITED_INFORMATION;
277  ThreadSetAccess = THREAD_SET_LIMITED_INFORMATION;
278  ThreadAllAccess = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xfff;
279  }
280  else
281  {
282  ProcessQueryAccess = PROCESS_QUERY_INFORMATION;
283  ProcessAllAccess = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xfff;
284  ThreadQueryAccess = THREAD_QUERY_INFORMATION;
285  ThreadSetAccess = THREAD_SET_INFORMATION;
286  ThreadAllAccess = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3ff;
287  }
288 }