Skip to content

Commit

Permalink
Update PhCreateProcessReflection
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmex
dmex committed Oct 17, 2024
1 parent a14429a commit 1462d72
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 20 deletions.
37 changes: 20 additions & 17 deletions SystemInformer/heapinfo.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -417,38 +417,38 @@ VOID PhpEnumerateProcessHeaps(
status = PhOpenProcess(
&processHandle,
PROCESS_ALL_ACCESS,
Context->ProcessItem->ProcessId
clientProcessId
);
}
else if (WindowsVersion >= WINDOWS_10)
else
{
// Windows 10 and above require SET_LIMITED for PLM execution requests. (dmex)
status = PhOpenProcess(
&processHandle,
PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_SET_LIMITED_INFORMATION,
Context->ProcessItem->ProcessId
PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_SET_LIMITED_INFORMATION | // PLM
PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_DUP_HANDLE, // Reflection
clientProcessId
);
}

if (processHandle)
{
PhCreateExecutionRequiredRequest(processHandle, &powerRequestHandle);
}

if (PhGetIntegerSetting(L"EnableHeapReflection"))
{
// NOTE: RtlQueryProcessDebugInformation injects a thread into the process causing deadlocks and other issues in rare cases.
// We mitigate these problems by reflecting the process and querying heap information from the clone. (dmex)
if (PhGetIntegerSetting(L"EnableHeapReflection"))
{
// NOTE: RtlQueryProcessDebugInformation injects a thread into the process causing deadlocks and other issues in rare cases.
// We mitigate these problems by reflecting the process and querying heap information from the clone. (dmex)

status = PhCreateProcessReflection(
&reflectionInfo,
NULL,
clientProcessId
);
status = PhCreateProcessReflection(
&reflectionInfo,
processHandle
);

if (NT_SUCCESS(status))
{
clientProcessId = reflectionInfo.ReflectionClientId.UniqueProcess;
if (NT_SUCCESS(status))
{
clientProcessId = reflectionInfo.ReflectionClientId.UniqueProcess;
}
}
}

Expand Down Expand Up @@ -637,6 +637,9 @@ VOID PhpEnumerateProcessHeaps(
CleanupExit:
PhFreeProcessReflection(&reflectionInfo);

if (processHandle)
NtClose(processHandle);

if (powerRequestHandle)
PhDestroyExecutionRequiredRequest(powerRequestHandle);

Expand Down
6 changes: 3 additions & 3 deletions SystemInformer/memprv.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -391,7 +391,8 @@ VOID PhpUpdateHeapRegions(

status = PhOpenProcess(
&processHandle,
PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_DUP_HANDLE | PROCESS_SET_LIMITED_INFORMATION,
PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_SET_LIMITED_INFORMATION |
PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_DUP_HANDLE,
List->ProcessId
);

Expand All @@ -404,8 +405,7 @@ VOID PhpUpdateHeapRegions(
{
status = PhCreateProcessReflection(
&reflectionInfo,
processHandle,
List->ProcessId
processHandle
);

if (NT_SUCCESS(status))
Expand Down

0 comments on commit 1462d72

Please sign in to comment.