From fb5cfacce5c6450a4b0b0edafc9e9cc21d73552e Mon Sep 17 00:00:00 2001 From: Alexandre Julliard Date: Tue, 11 Jul 2023 13:43:26 +0200 Subject: [PATCH] ntdll: Return the 32-bit PEB for NtQueryInformationProcess(ProcessWow64Information). --- dlls/ntdll/tests/info.c | 5 ++++- dlls/ntdll/tests/wow64.c | 7 +++++++ dlls/ntdll/unix/process.c | 11 ++++++----- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c index fafbd1ac997..877978b6b3c 100644 --- a/dlls/ntdll/tests/info.c +++ b/dlls/ntdll/tests/info.c @@ -1735,7 +1735,8 @@ static void test_query_process_wow64(void) status = NtQueryInformationProcess(GetCurrentProcess(), ProcessWow64Information, pbi, sizeof(ULONG_PTR), NULL); ok( status == STATUS_SUCCESS, "Expected STATUS_SUCCESS, got %08lx\n", status); ok( is_wow64 == (pbi[0] != 0), "is_wow64 %x, pbi[0] %Ix\n", is_wow64, pbi[0]); - ok( pbi[0] != dummy, "pbi[0] %Ix\n", pbi[0]); + if (is_wow64) + ok( (void *)pbi[0] == NtCurrentTeb()->Peb, "pbi[0] %Ix / %p\n", pbi[0], NtCurrentTeb()->Peb); ok( pbi[1] == dummy, "pbi[1] changed to %Ix\n", pbi[1]); /* Test written size on 64 bit by checking high 32 bit buffer */ if (sizeof(ULONG_PTR) > sizeof(DWORD)) @@ -1750,6 +1751,8 @@ static void test_query_process_wow64(void) status = NtQueryInformationProcess(GetCurrentProcess(), ProcessWow64Information, pbi, sizeof(ULONG_PTR), &ReturnLength); ok( status == STATUS_SUCCESS, "Expected STATUS_SUCCESS, got %08lx\n", status); ok( is_wow64 == (pbi[0] != 0), "is_wow64 %x, pbi[0] %Ix\n", is_wow64, pbi[0]); + if (is_wow64) + ok( (void *)pbi[0] == NtCurrentTeb()->Peb, "pbi[0] %Ix / %p\n", pbi[0], NtCurrentTeb()->Peb); ok( pbi[1] == dummy, "pbi[1] changed to %Ix\n", pbi[1]); ok( ReturnLength == sizeof(ULONG_PTR), "Inconsistent length %ld\n", ReturnLength); diff --git a/dlls/ntdll/tests/wow64.c b/dlls/ntdll/tests/wow64.c index b99b22fb1af..46523d47c46 100644 --- a/dlls/ntdll/tests/wow64.c +++ b/dlls/ntdll/tests/wow64.c @@ -277,6 +277,7 @@ static void test_peb_teb(void) PEB32 peb32; RTL_USER_PROCESS_PARAMETERS params; RTL_USER_PROCESS_PARAMETERS32 params32; + ULONG_PTR peb_ptr; Wow64DisableWow64FsRedirection( &redir ); @@ -317,6 +318,12 @@ static void test_peb_teb(void) ok( !status, "ProcessBasicInformation failed %lx\n", status ); ok( proc_info.PebBaseAddress == teb.Peb, "wrong peb %p / %p\n", proc_info.PebBaseAddress, teb.Peb ); + status = NtQueryInformationProcess( pi.hProcess, ProcessWow64Information, + &peb_ptr, sizeof(peb_ptr), NULL ); + ok( !status, "ProcessWow64Information failed %lx\n", status ); + ok( (void *)peb_ptr == (is_wow64 ? teb.Peb : ULongToPtr(teb32.Peb)), + "wrong peb %p\n", (void *)peb_ptr ); + if (!ReadProcessMemory( pi.hProcess, proc_info.PebBaseAddress, &peb, sizeof(peb), &res )) res = 0; ok( res == sizeof(peb), "wrong len %Ix\n", res ); ok( !peb.BeingDebugged, "BeingDebugged is %u\n", peb.BeingDebugged ); diff --git a/dlls/ntdll/unix/process.c b/dlls/ntdll/unix/process.c index 140a93583b4..30bd6f083bd 100644 --- a/dlls/ntdll/unix/process.c +++ b/dlls/ntdll/unix/process.c @@ -1430,9 +1430,8 @@ NTSTATUS WINAPI NtQueryInformationProcess( HANDLE handle, PROCESSINFOCLASS class case ProcessWow64Information: len = sizeof(ULONG_PTR); if (size != len) return STATUS_INFO_LENGTH_MISMATCH; - else if (!info) ret = STATUS_ACCESS_VIOLATION; - else if (!handle) ret = STATUS_INVALID_HANDLE; - else if (handle == GetCurrentProcess()) *(ULONG_PTR *)info = is_wow64(); + if (handle == GetCurrentProcess()) + *(ULONG_PTR *)info = is_old_wow64() ? (ULONG_PTR)peb : (ULONG_PTR)wow_peb; else { ULONG_PTR val = 0; @@ -1440,10 +1439,12 @@ NTSTATUS WINAPI NtQueryInformationProcess( HANDLE handle, PROCESSINFOCLASS class SERVER_START_REQ( get_process_info ) { req->handle = wine_server_obj_handle( handle ); - if (!(ret = wine_server_call( req ))) val = (reply->machine != native_machine); + ret = wine_server_call( req ); + if (!ret && !is_machine_64bit( reply->machine ) && is_machine_64bit( native_machine )) + val = reply->peb + 0x1000; } SERVER_END_REQ; - *(ULONG_PTR *)info = val; + if (!ret) *(ULONG_PTR *)info = val; } break;