1 /*************************************************************************
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5 * Copyright 2008 by Sun Microsystems, Inc.
7 * OpenOffice.org - a multi-platform office productivity suite
9 * $RCSfile: GetProcessId.cpp,v $
12 * This file is part of OpenOffice.org.
14 * OpenOffice.org is free software: you can redistribute it and/or modify
15 * it under the terms of the GNU Lesser General Public License version 3
16 * only, as published by the Free Software Foundation.
18 * OpenOffice.org is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU Lesser General Public License version 3 for more details
22 * (a copy is included in the LICENSE file that accompanied this code).
24 * You should have received a copy of the GNU Lesser General Public License
25 * version 3 along with OpenOffice.org. If not, see
26 * <http://www.openoffice.org/license.html>
27 * for a copy of the LGPLv3 License.
29 ************************************************************************/
34 static FARPROC WINAPI
GetRealProcAddress( HMODULE hModule
, LPCSTR lpProcName
)
36 FARPROC lpfn
= GetProcAddress( hModule
, lpProcName
);
40 if ( 0x68 == *(LPBYTE
)lpfn
)
43 82C9F460 68 36 49 F8 BF push 0BFF84936h
44 82C9F465 E9 41 62 2F 3D jmp BFF956AB
47 lpfn
= (FARPROC
)*(LPDWORD
)((LPBYTE
)lpfn
+ 1);
55 BFF956B0 64 8B 15 20 00 00 00 mov edx,dword ptr fs:[20h]
56 BFF956B7 0B D2 or edx,edx
57 BFF956B9 74 09 je BFF956C4
58 BFF956BB 8B 42 04 mov eax,dword ptr [edx+4]
59 BFF956BE 0B C0 or eax,eax
60 BFF956C0 74 07 je BFF956C9
61 BFF956C2 EB 42 jmp BFF95706
75 typedef DWORD (WINAPI OBFUSCATE
)( DWORD dwPTID
);
76 typedef OBFUSCATE
*LPOBFUSCATE
;
78 static DWORD WINAPI
Obfuscate( DWORD dwPTID
)
80 static LPOBFUSCATE lpfnObfuscate
= NULL
;
84 LPBYTE lpCode
= (LPBYTE
)GetRealProcAddress( GetModuleHandleA("KERNEL32"), "GetCurrentThreadId" );
90 lpCode + 00 BFF84936 A1 DC 9C FC BF mov eax,[BFFC9CDC] ; This is the real thread id
91 lpcode + 05 BFF8493B FF 30 push dword ptr [eax]
92 lpCode + 07 BFF8493D E8 17 C5 FF FF call BFF80E59 ; call Obfuscate function
93 lpcode + 0C BFF84942 C3 ret
96 DWORD dwOffset
= *(LPDWORD
)(lpCode
+ 0x08);
98 lpfnObfuscate
= (LPOBFUSCATE
)(lpCode
+ 0x0C + dwOffset
);
101 BFF80E59 A1 CC 98 FC BF mov eax,[BFFC98CC]
102 BFF80E5E 85 C0 test eax,eax
103 BFF80E60 75 04 jne BFF80E66
104 BFF80E62 33 C0 xor eax,eax
105 BFF80E64 EB 04 jmp BFF80E6A
106 BFF80E66 33 44 24 04 xor eax,dword ptr [esp+4]
107 BFF80E6A C2 04 00 ret 4
113 return lpfnObfuscate
? lpfnObfuscate( dwPTID
) : 0;
117 EXTERN_C DWORD WINAPI
GetProcessId_WINDOWS( HANDLE hProcess
)
119 if ( GetCurrentProcess() == hProcess
)
120 return GetCurrentProcessId();
122 DWORD dwProcessId
= 0;
123 PPROCESS_DATABASE pPDB
= (PPROCESS_DATABASE
)Obfuscate( GetCurrentProcessId() );
125 if ( pPDB
&& K32OBJ_PROCESS
== pPDB
->Type
)
127 DWORD dwHandleNumber
= (DWORD
)hProcess
>> 2;
129 if ( 0 == ((DWORD
)hProcess
& 0x03) && dwHandleNumber
< pPDB
->pHandleTable
->cEntries
)
132 pPDB
->pHandleTable
->array
[dwHandleNumber
].pObject
&&
133 K32OBJ_PROCESS
== pPDB
->pHandleTable
->array
[dwHandleNumber
].pObject
->Type
135 dwProcessId
= Obfuscate( (DWORD
)pPDB
->pHandleTable
->array
[dwHandleNumber
].pObject
);
138 SetLastError( ERROR_INVALID_HANDLE
);
145 EXTERN_C DWORD WINAPI
GetProcessId_NT( HANDLE hProcess
)
147 SetLastError( ERROR_CALL_NOT_IMPLEMENTED
);
152 EXTERN_C
void WINAPI
ResolveThunk_GetProcessId( FARPROC
*lppfn
, LPCSTR lpLibFileName
, LPCSTR lpFuncName
)
154 if ( (LONG
)GetVersion() < 0 )
155 *lppfn
= (FARPROC
)GetProcessId_WINDOWS
;
158 FARPROC lpfnResult
= GetProcAddress( LoadLibraryA( lpLibFileName
), lpFuncName
);
160 lpfnResult
= (FARPROC
)GetProcessId_NT
;
167 DEFINE_CUSTOM_THUNK( kernel32
, GetProcessId
, DWORD
, WINAPI
, GetProcessId
, ( HANDLE hProcess
) );