From c95c0fcc98d83e97b0f84e74bbf0eeb5d0abd94c Mon Sep 17 00:00:00 2001 From: Doug Coleman Date: Fri, 26 Apr 2013 21:14:03 -0700 Subject: [PATCH] windows: Add ntdll and bind to more process listing functions. --- basis/windows/kernel32/kernel32.factor | 36 +++++++++++-- basis/windows/ntdll/authors.txt | 1 + basis/windows/ntdll/ntdll.factor | 73 ++++++++++++++++++++++++++ basis/windows/windows.factor | 1 + 4 files changed, 106 insertions(+), 5 deletions(-) create mode 100644 basis/windows/ntdll/authors.txt create mode 100644 basis/windows/ntdll/ntdll.factor diff --git a/basis/windows/kernel32/kernel32.factor b/basis/windows/kernel32/kernel32.factor index 322b4f40b8..3e963a7777 100644 --- a/basis/windows/kernel32/kernel32.factor +++ b/basis/windows/kernel32/kernel32.factor @@ -1,7 +1,7 @@ ! Copyright (C) 2005, 2006 Doug Coleman. ! See http://factorcode.org/license.txt for BSD license. USING: alien alien.c-types alien.syntax kernel windows.types -math multiline classes.struct alien.data arrays ; +math multiline classes.struct alien.data arrays literals ; QUALIFIED-WITH: alien.c-types c IN: windows.kernel32 @@ -809,6 +809,21 @@ STRUCT: CONSOLE_SCREEN_BUFFER_INFO { srWindow SMALL_RECT } { dwMaximumWindowSize COORD } ; +STRUCT: PROCESSENTRY32 + { dwSize DWORD } + { cntUsage DWORD } + { th32ProcessID DWORD } + { th32DefaultHeapID ULONG_PTR } + { th32ModuleID DWORD } + { cntThreads DWORD } + { th32ParentProcessID DWORD } + { pcPriClassBase LONG } + { dwFlags DWORD } + { szExeFile TCHAR[MAX_PATH] } ; + +TYPEDEF: PROCESSENTRY32* PPROCESSENTRY32 +TYPEDEF: PROCESSENTRY32* LPPROCESSENTRY32 + ! Resource IDs : MAKEINTRESOURCE ( int -- resource ) 0xffff bitand ; inline @@ -1009,7 +1024,16 @@ FUNCTION: HANDLE CreateRemoteThread ( HANDLE hProcess, ! FUNCTION: CreateThread ! FUNCTION: CreateTimerQueue ! FUNCTION: CreateTimerQueueTimer -! FUNCTION: CreateToolhelp32Snapshot + +CONSTANT: TH32CS_INHERIT 0x80000000 +CONSTANT: TH32CS_SNAPHEAPLIST 1 +CONSTANT: TH32CS_SNAPMODULE 8 +CONSTANT: TH32CS_SNAPMODULE32 0x10 +CONSTANT: TH32CS_SNAPPROCESS 2 +CONSTANT: TH32CS_SNAPTHREAD 4 +CONSTANT: TH32CS_SNAPALL flags{ TH32CS_SNAPHEAPLIST TH32CS_SNAPMODULE TH32CS_SNAPPROCESS TH32CS_SNAPTHREAD } + +FUNCTION: HANDLE CreateToolhelp32Snapshot ( DWORD dwFlags, DWORD th32ProcessID ) ; ! FUNCTION: CreateVirtualBuffer ! FUNCTION: CreateWaitableTimerA ! FUNCTION: CreateWaitableTimerW @@ -1642,7 +1666,7 @@ ALIAS: OpenFileMapping OpenFileMappingW ! FUNCTION: OpenJobObjectA ! FUNCTION: OpenJobObjectW ! FUNCTION: OpenMutexA -! FUNCTION: OpenMutexW +! FUNCTION: OpenMutexW FUNCTION: HANDLE OpenProcess ( DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId ) ; ! FUNCTION: OpenProfileUserMapping ! FUNCTION: OpenSemaphoreA @@ -1660,9 +1684,11 @@ FUNCTION: HANDLE OpenProcess ( DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD ! FUNCTION: PrivCopyFileExW ! FUNCTION: PrivMoveFileIdentityW ! FUNCTION: Process32First -! FUNCTION: Process32FirstW +FUNCTION: BOOL Process32FirstW ( HANDLE hSnapshot, LPPROCESSENTRY32 lppe ) ; +ALIAS: Process32First Process32FirstW ! FUNCTION: Process32Next -! FUNCTION: Process32NextW +FUNCTION: BOOL Process32NextW ( HANDLE hSnapshot, LPPROCESSENTRY32 lppe ) ; +ALIAS: Process32Next Process32NextW ! FUNCTION: ProcessIdToSessionId ! FUNCTION: PulseEvent ! FUNCTION: PurgeComm diff --git a/basis/windows/ntdll/authors.txt b/basis/windows/ntdll/authors.txt new file mode 100644 index 0000000000..7c1b2f2279 --- /dev/null +++ b/basis/windows/ntdll/authors.txt @@ -0,0 +1 @@ +Doug Coleman diff --git a/basis/windows/ntdll/ntdll.factor b/basis/windows/ntdll/ntdll.factor new file mode 100644 index 0000000000..aa652e88f4 --- /dev/null +++ b/basis/windows/ntdll/ntdll.factor @@ -0,0 +1,73 @@ +! Copyright (C) 2013 Doug Coleman. +! See http://factorcode.org/license.txt for BSD license. +USING: alien.c-types alien.syntax classes.struct windows.types ; +IN: windows.ntdll + +LIBRARY: ntdll + +TYPEDEF: uint NTSTATUS + +STRUCT: LSA_UNICODE_STRING + { Length USHORT } + { MaximumLength USHORT } + { Buffer void* } ; +TYPEDEF: LSA_UNICODE_STRING* PLSA_UNICODE_STRING +TYPEDEF: LSA_UNICODE_STRING UNICODE_STRING +TYPEDEF: LSA_UNICODE_STRING* PUNICODE_STRING + +STRUCT: RTL_USER_PROCESS_PARAMETERS + { Reserved1 BYTE[16] } + { Reserved2 PVOID[10] } + { ImagePathName UNICODE_STRING } + { CommandLine UNICODE_STRING } ; +TYPEDEF: RTL_USER_PROCESS_PARAMETERS* PRTL_USER_PROCESS_PARAMETERS + +STRUCT: LIST_ENTRY + { Flink LIST_ENTRY* } + { Blink LIST_ENTRY* } ; +TYPEDEF: LIST_ENTRY* PLIST_ENTRY + +STRUCT: PEB_LDR_DATA + { Reserved1 BYTE[8] } + { Reserved2 PVOID[3] } + { InMemoryOrderModuleList LIST_ENTRY } ; +TYPEDEF: PEB_LDR_DATA* PPEB_LDR_DATA + +TYPEDEF: void* PPS_POST_PROCESS_INIT_ROUTINE + +STRUCT: PEB + { Reserved1 BYTE[2] } + { BeingDebugged BYTE } + { Reserved2 BYTE[1] } + { Reserved3 BYTE[2] } + { Ldr PPEB_LDR_DATA } + { ProcessParameters PRTL_USER_PROCESS_PARAMETERS } + { Reserved4 BYTE[104] } + { Reserved5 PVOID[52] } + { PostProcessInitRoutine PPS_POST_PROCESS_INIT_ROUTINE } + { Reserved6 BYTE[128] } + { Reserved7 PVOID[1] } + { SessionId ULONG } ; +TYPEDEF: PEB* PPEB + +! PebBaseAddress is PPEB +STRUCT: PROCESS_BASIC_INFORMATION + { Reserved1 PVOID } + { PebBaseAddress void* } + { Reserved2 PVOID[2] } + { UniqueProcessId ULONG_PTR } + { Reserved3 PVOID } ; + +ENUM: PROCESSINFOCLASS + { ProcessBasicInformation 0 } + { ProcessDebugPort 7 } + { ProcessWow64Information 26 } + { ProcessImageFileName 27 } ; + +FUNCTION: NTSTATUS NtQueryInformationProcess ( + HANDLE ProcessHandle, + PROCESSINFOCLASS ProcessInformationClass, + PVOID ProcessInformation, + ULONG ProcessInformationLength, + PULONG ReturnLength +) ; \ No newline at end of file diff --git a/basis/windows/windows.factor b/basis/windows/windows.factor index fff734b0ff..4f2dcfeca7 100644 --- a/basis/windows/windows.factor +++ b/basis/windows/windows.factor @@ -23,4 +23,5 @@ CONSTANT: MAX_UNICODE_PATH 32768 { "usp10" "usp10.dll" stdcall } { "psapi" "psapi.dll" stdcall } { "winmm" "winmm.dll" stdcall } + { "ntdll" "ntdll.dll" stdcall } } [ first3 add-library ] each -- 2.34.1