ntdll: Implement RtlOpenCrossProcessEmulatorWorkConnection().

2024-07-21 19:34:10 +00:00 · 2023-08-28 11:39:42 +02:00 · 2023-08-28 11:39:42 +02:00 · b521507591
parent f6ccadda8a
commit b521507591
4 changed files with 58 additions and 1 deletions
--- a/dlls/ntdll/ntdll.spec
+++ b/dlls/ntdll/ntdll.spec
@ -901,6 +901,7 @@
@ stdcall RtlOemStringToUnicodeSize(ptr)
@ stdcall RtlOemStringToUnicodeString(ptr ptr long)
@ stdcall RtlOemToUnicodeN(ptr long ptr ptr long)
+@ stdcall -arch=win64 RtlOpenCrossProcessEmulatorWorkConnection(long ptr ptr)
@ stdcall RtlOpenCurrentUser(long ptr)
@ stdcall RtlPcToFileHeader(ptr ptr)
@ stdcall RtlPinAtomInAtomTable(ptr long)
--- a/dlls/ntdll/process.c
+++ b/dlls/ntdll/process.c
@ -303,6 +303,34 @@ done:
 }


+/**********************************************************************
+ *           RtlOpenCrossProcessEmulatorWorkConnection  (NTDLL.@)
+ */
+void WINAPI RtlOpenCrossProcessEmulatorWorkConnection( HANDLE process, HANDLE *section, void **addr )
+{
+    WOW64INFO wow64info;
+    BOOLEAN is_wow64;
+    SIZE_T size = 0;
+
+    *addr = NULL;
+    *section = 0;
+
+    if (RtlWow64GetSharedInfoProcess( process, &is_wow64, &wow64info )) return;
+    if (!is_wow64) return;
+    if (!wow64info.SectionHandle) return;
+
+    if (NtDuplicateObject( process, (HANDLE)(ULONG_PTR)wow64info.SectionHandle,
+                           GetCurrentProcess(), section, 0, 0, DUPLICATE_SAME_ACCESS ))
+        return;
+
+    if (!NtMapViewOfSection( *section, GetCurrentProcess(), addr, 0, 0, NULL,
+                             &size, ViewShare, 0, PAGE_READWRITE )) return;
+
+    NtClose( *section );
+    *section = 0;
+}
+
+
 /**********************************************************************
 *           RtlWow64PopAllCrossProcessWorkFromWorkList  (NTDLL.@)
 */
--- a/dlls/ntdll/tests/wow64.c
+++ b/dlls/ntdll/tests/wow64.c
@ -27,6 +27,7 @@
 static NTSTATUS (WINAPI *pNtQuerySystemInformation)(SYSTEM_INFORMATION_CLASS,void*,ULONG,ULONG*);
 static NTSTATUS (WINAPI *pNtQuerySystemInformationEx)(SYSTEM_INFORMATION_CLASS,void*,ULONG,void*,ULONG,ULONG*);
 static NTSTATUS (WINAPI *pRtlGetNativeSystemInformation)(SYSTEM_INFORMATION_CLASS,void*,ULONG,ULONG*);
+static void     (WINAPI *pRtlOpenCrossProcessEmulatorWorkConnection)(HANDLE,HANDLE*,void**);
 static USHORT   (WINAPI *pRtlWow64GetCurrentMachine)(void);
 static NTSTATUS (WINAPI *pRtlWow64GetProcessMachines)(HANDLE,WORD*,WORD*);
 static NTSTATUS (WINAPI *pRtlWow64GetSharedInfoProcess)(HANDLE,BOOLEAN*,WOW64INFO*);
@ -92,6 +93,7 @@ static void init(void)
    GET_PROC( NtQuerySystemInformation );
    GET_PROC( NtQuerySystemInformationEx );
    GET_PROC( RtlGetNativeSystemInformation );
+    GET_PROC( RtlOpenCrossProcessEmulatorWorkConnection );
    GET_PROC( RtlWow64GetCurrentMachine );
    GET_PROC( RtlWow64GetProcessMachines );
    GET_PROC( RtlWow64GetSharedInfoProcess );
@ -443,8 +445,33 @@ static void test_peb_teb(void)
                ok( ret, "ReadProcessMemory failed %lu\n", GetLastError() );
                ok( !memcmp( data, addr, size ), "wrong data\n" );
                free( data );
-                UnmapViewOfFile( addr );
                CloseHandle( handle );
+
+                if (pRtlOpenCrossProcessEmulatorWorkConnection)
+                {
+                    pRtlOpenCrossProcessEmulatorWorkConnection( pi.hProcess, &handle, &data );
+                    ok( handle != 0, "got 0 handle\n" );
+                    ok( data != NULL, "got NULL data\n" );
+                    ok( !memcmp( data, addr, size ), "wrong data\n" );
+                    UnmapViewOfFile( data );
+                    data = NULL;
+                    size = 0;
+                    status = NtMapViewOfSection( handle, GetCurrentProcess(), &data, 0, 0, NULL,
+                                                 &size, ViewShare, 0, PAGE_READWRITE );
+                    ok( !status, "NtMapViewOfSection failed %lx\n", status );
+                    ok( !memcmp( data, addr, size ), "wrong data\n" );
+                    ok( CloseHandle( handle ), "invalid handle\n" );
+                    UnmapViewOfFile( data );
+
+                    handle = (HANDLE)0xdead;
+                    data = (void *)0xdeadbeef;
+                    pRtlOpenCrossProcessEmulatorWorkConnection( GetCurrentProcess(), &handle, &data );
+                    ok( !handle, "got handle %p\n", handle );
+                    ok( !data, "got data %p\n", data );
+                }
+                else skip( "RtlOpenCrossProcessEmulatorWorkConnection not supported\n" );
+
+                UnmapViewOfFile( addr );
            }
            else trace( "no WOW64INFO section handle\n" );
        }
--- a/include/winternl.h
+++ b/include/winternl.h
@ -5017,6 +5017,7 @@ NTSYSAPI NTSTATUS  WINAPI vDbgPrintExWithPrefix(LPCSTR,ULONG,ULONG,LPCSTR,__ms_v
 /* 32-bit or 64-bit only functions */

 #ifdef _WIN64
+NTSYSAPI void      WINAPI RtlOpenCrossProcessEmulatorWorkConnection(HANDLE,HANDLE*,void**);
 NTSYSAPI NTSTATUS  WINAPI RtlWow64GetCpuAreaInfo(WOW64_CPURESERVED*,ULONG,WOW64_CPU_AREA_INFO*);
 NTSYSAPI NTSTATUS  WINAPI RtlWow64GetCurrentCpuArea(USHORT*,void**,void**);
 NTSYSAPI NTSTATUS  WINAPI RtlWow64GetThreadContext(HANDLE,WOW64_CONTEXT*);