![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to probe.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [WindowsNT SDKs] / mstools / samples / sdktools / walker|
Return to probe.c CVS log | Up to [WindowsNT SDKs] / mstools / samples / sdktools / walker |
1.1 root 1: #include "pwalk.h"
2:
3:
4: /* process globals */
5: HANDLE hMMFile = 0;
6: LPPROBE lpProbe = NULL;
7: CONTEXT gContext;
8: DWORD gReturn;
9: LPVOID gLocation;
10: CRITICAL_SECTION gCS;
11:
12:
13: BOOL WINAPI ProbeProcess (HANDLE);
14: void WINAPI FreeProbe ();
15: void WINAPI GetFuncAddrInChildProc (char *, char *, DBGDLL *, LPVOID *);
16:
17:
18: /* entry point for DLL loading and unloading */
19: BOOL WINAPI DllMain (
20: HANDLE hModule,
21: DWORD dwFunction,
22: LPVOID lpNot)
23: {
24: switch (dwFunction)
25: {
26: case DLL_PROCESS_ATTACH:
27: ProbeProcess (hModule);
28: break;
29:
30: case DLL_PROCESS_DETACH:
31: FreeProbe ();
32: break;
33:
34: default:
35: break;
36: }
37:
38: return TRUE;
39: }
40:
41:
42:
43: /* function initializes port structures */
44: BOOL WINAPI ProbeProcess (
45: HANDLE hDLL)
46: {
47: char szMapFileName[MAX_PATH];
48:
49: /* load name for global file mapping */
50: LoadString (hDLL, IDS_MAPFILENAME, szMapFileName, MAX_PATH);
51:
52: /* ProcessWalker creates file mapping then child process attaches */
53: if ((hMMFile = OpenFileMapping (FILE_MAP_WRITE, FALSE, szMapFileName)))
54: {
55: /* map global view of file for hook function access */
56: lpProbe = (LPPROBE)MapViewOfFile (hMMFile, FILE_MAP_WRITE, 0, 0, 0);
57:
58: /* initialize known process specific information in probe */
59: lpProbe->hProcess = GetCurrentProcess ();
60: lpProbe->hDefHeap = GetProcessHeap ();
61: }
62:
63: else
64: if (!(hMMFile = CreateFileMapping ((HANDLE)0xffffffff,
65: NULL,
66: PAGE_READWRITE,
67: 0,
68: 0x100000,
69: szMapFileName)))
70: return FALSE;
71: else
72: {
73: lpProbe = (LPPROBE)MapViewOfFile (hMMFile, FILE_MAP_WRITE, 0, 0, 0);
74: ResetProbe ();
75: }
76:
77: /* success */
78: return TRUE;
79: }
80:
81:
82:
83:
84: /* release process objects */
85: void WINAPI FreeProbe ()
86: {
87: if (lpProbe != NULL)
88: /* remove child process objects */
89: UnmapViewOfFile ((char *)lpProbe);
90:
91: CloseHandle (hMMFile);
92: }
93:
94:
95:
96:
97: /* function passes pointer to probe info back to ProcessWalker */
98: LPPROBE WINAPI RetrieveProbeData ()
99: {
100: return lpProbe;
101: }
102:
103:
104:
105:
106: /* reset probe data to null */
107: void WINAPI ResetProbe ()
108: {
109: lpProbe->hProcess = NULL;
110: lpProbe->hDefHeap = NULL;
111: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.