2 * Misc Toolhelp functions
4 * Copyright 1996 Marcus Meissner
5 * Copyright 2005 Eric Pouech
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
33 #define WIN32_NO_STATUS
41 #include "wine/debug.h"
43 WINE_DEFAULT_DEBUG_CHANNEL(toolhelp
);
59 static WCHAR
*fetch_string( HANDLE hProcess
, UNICODE_STRING
* us
)
63 local
= HeapAlloc( GetProcessHeap(), 0, us
->Length
);
66 if (!ReadProcessMemory( hProcess
, us
->Buffer
, local
, us
->Length
, NULL
))
68 HeapFree( GetProcessHeap(), 0, local
);
76 static BOOL
fetch_module( DWORD process
, DWORD flags
, LDR_MODULE
** ldr_mod
, ULONG
* num
)
79 PROCESS_BASIC_INFORMATION pbi
;
80 PPEB_LDR_DATA pLdrData
;
82 PLIST_ENTRY head
, curr
;
87 if (!(flags
& TH32CS_SNAPMODULE
)) return TRUE
;
91 hProcess
= OpenProcess( PROCESS_VM_READ
| PROCESS_QUERY_INFORMATION
, FALSE
, process
);
92 if (!hProcess
) return FALSE
;
95 hProcess
= GetCurrentProcess();
97 status
= NtQueryInformationProcess( hProcess
, ProcessBasicInformation
,
98 &pbi
, sizeof(pbi
), NULL
);
101 if (ReadProcessMemory( hProcess
, &((PEB
*)pbi
.PebBaseAddress
)->LdrData
,
102 &pLdrData
, sizeof(pLdrData
), NULL
) &&
103 ReadProcessMemory( hProcess
,
104 &pLdrData
->InLoadOrderModuleList
.Flink
,
105 &curr
, sizeof(curr
), NULL
))
107 head
= &pLdrData
->InLoadOrderModuleList
;
112 *ldr_mod
= HeapAlloc( GetProcessHeap(), 0, sizeof(LDR_MODULE
) );
114 *ldr_mod
= HeapReAlloc( GetProcessHeap(), 0, *ldr_mod
,
115 (*num
+ 1) * sizeof(LDR_MODULE
) );
116 if (!*ldr_mod
) break;
117 if (!ReadProcessMemory( hProcess
,
118 CONTAINING_RECORD(curr
, LDR_MODULE
,
119 InLoadOrderModuleList
),
121 sizeof(LDR_MODULE
), NULL
))
123 curr
= (*ldr_mod
)[*num
].InLoadOrderModuleList
.Flink
;
124 /* if we cannot fetch the strings, then just ignore this LDR_MODULE
125 * and continue loading the other ones in the list
127 if (!fetch_string( hProcess
, &(*ldr_mod
)[*num
].BaseDllName
)) continue;
128 if (fetch_string( hProcess
, &(*ldr_mod
)[*num
].FullDllName
))
131 HeapFree( GetProcessHeap(), 0, (*ldr_mod
)[*num
].BaseDllName
.Buffer
);
136 else SetLastError( RtlNtStatusToDosError( status
) );
138 if (process
) CloseHandle( hProcess
);
142 static void fill_module( struct snapshot
* snap
, ULONG
* offset
, ULONG process
,
143 LDR_MODULE
* ldr_mod
, ULONG num
)
149 snap
->module_count
= num
;
150 snap
->module_pos
= 0;
152 snap
->module_offset
= *offset
;
154 mod
= (MODULEENTRY32W
*)&snap
->data
[*offset
];
156 for (i
= 0; i
< num
; i
++)
158 mod
->dwSize
= sizeof(MODULEENTRY32W
);
159 mod
->th32ModuleID
= 1; /* toolhelp internal id, never used */
160 mod
->th32ProcessID
= process
? process
: GetCurrentProcessId();
161 mod
->GlblcntUsage
= 0xFFFF; /* FIXME */
162 mod
->ProccntUsage
= 0xFFFF; /* FIXME */
163 mod
->modBaseAddr
= (BYTE
*)ldr_mod
[i
].BaseAddress
;
164 mod
->modBaseSize
= ldr_mod
[i
].SizeOfImage
;
165 mod
->hModule
= (HMODULE
)ldr_mod
[i
].BaseAddress
;
167 l
= min(ldr_mod
[i
].BaseDllName
.Length
, sizeof(mod
->szModule
) - sizeof(WCHAR
));
168 memcpy(mod
->szModule
, ldr_mod
[i
].BaseDllName
.Buffer
, l
);
169 mod
->szModule
[l
/ sizeof(WCHAR
)] = '\0';
170 l
= min(ldr_mod
[i
].FullDllName
.Length
, sizeof(mod
->szExePath
) - sizeof(WCHAR
));
171 memcpy(mod
->szExePath
, ldr_mod
[i
].FullDllName
.Buffer
, l
);
172 mod
->szExePath
[l
/ sizeof(WCHAR
)] = '\0';
177 *offset
+= num
* sizeof(MODULEENTRY32W
);
180 static BOOL
fetch_process_thread( DWORD flags
, SYSTEM_PROCESS_INFORMATION
** pspi
,
181 ULONG
* num_pcs
, ULONG
* num_thd
)
185 PSYSTEM_PROCESS_INFORMATION spi
;
187 *num_pcs
= *num_thd
= 0;
188 if (!(flags
& (TH32CS_SNAPPROCESS
| TH32CS_SNAPTHREAD
))) return TRUE
;
190 *pspi
= HeapAlloc( GetProcessHeap(), 0, size
= 4096 );
193 status
= NtQuerySystemInformation( SystemProcessInformation
, *pspi
,
198 *num_pcs
= *num_thd
= offset
= 0;
202 spi
= (SYSTEM_PROCESS_INFORMATION
*)((char*)spi
+ offset
);
203 if (flags
& TH32CS_SNAPPROCESS
) (*num_pcs
)++;
204 if (flags
& TH32CS_SNAPTHREAD
) *num_thd
+= spi
->dwThreadCount
;
205 } while ((offset
= spi
->dwOffset
));
207 case STATUS_INFO_LENGTH_MISMATCH
:
208 *pspi
= HeapReAlloc( GetProcessHeap(), 0, *pspi
, size
*= 2 );
211 SetLastError( RtlNtStatusToDosError( status
) );
217 static void fill_process( struct snapshot
* snap
, ULONG
* offset
,
218 SYSTEM_PROCESS_INFORMATION
* spi
, ULONG num
)
220 PROCESSENTRY32W
* pcs_entry
;
224 snap
->process_count
= num
;
225 snap
->process_pos
= 0;
227 snap
->process_offset
= *offset
;
229 pcs_entry
= (PROCESSENTRY32W
*)&snap
->data
[*offset
];
233 spi
= (SYSTEM_PROCESS_INFORMATION
*)((char*)spi
+ poff
);
235 pcs_entry
->dwSize
= sizeof(PROCESSENTRY32W
);
236 pcs_entry
->cntUsage
= 0; /* MSDN says no longer used, always 0 */
237 pcs_entry
->th32ProcessID
= spi
->dwProcessID
;
238 pcs_entry
->th32DefaultHeapID
= 0; /* MSDN says no longer used, always 0 */
239 pcs_entry
->th32ModuleID
= 0; /* MSDN says no longer used, always 0 */
240 pcs_entry
->cntThreads
= spi
->dwThreadCount
;
241 pcs_entry
->th32ParentProcessID
= spi
->dwParentProcessID
;
242 pcs_entry
->pcPriClassBase
= spi
->dwBasePriority
;
243 pcs_entry
->dwFlags
= 0; /* MSDN says no longer used, always 0 */
244 l
= min(spi
->ProcessName
.Length
, sizeof(pcs_entry
->szExeFile
) - sizeof(WCHAR
));
245 memcpy(pcs_entry
->szExeFile
, spi
->ProcessName
.Buffer
, l
);
246 pcs_entry
->szExeFile
[l
/ sizeof(WCHAR
)] = '\0';
248 } while ((poff
= spi
->dwOffset
));
250 *offset
+= num
* sizeof(PROCESSENTRY32W
);
253 static void fill_thread( struct snapshot
* snap
, ULONG
* offset
, LPVOID info
, ULONG num
)
255 THREADENTRY32
* thd_entry
;
256 SYSTEM_PROCESS_INFORMATION
* spi
;
257 SYSTEM_THREAD_INFORMATION
* sti
;
260 snap
->thread_count
= num
;
261 snap
->thread_pos
= 0;
263 snap
->thread_offset
= *offset
;
265 thd_entry
= (THREADENTRY32
*)&snap
->data
[*offset
];
267 spi
= (SYSTEM_PROCESS_INFORMATION
*)info
;
270 spi
= (SYSTEM_PROCESS_INFORMATION
*)((char*)spi
+ poff
);
273 for (i
= 0; i
< spi
->dwThreadCount
; i
++)
275 thd_entry
->dwSize
= sizeof(THREADENTRY32
);
276 thd_entry
->cntUsage
= 0; /* MSDN says no longer used, always 0 */
277 thd_entry
->th32ThreadID
= (ULONG
)sti
->dwThreadID
;
278 thd_entry
->th32OwnerProcessID
= (ULONG
)sti
->dwOwningPID
;
279 thd_entry
->tpBasePri
= sti
->dwBasePriority
;
280 thd_entry
->tpDeltaPri
= 0; /* MSDN says no longer used, always 0 */
281 thd_entry
->dwFlags
= 0; /* MSDN says no longer used, always 0" */
286 } while ((poff
= spi
->dwOffset
));
287 *offset
+= num
* sizeof(THREADENTRY32
);
290 /***********************************************************************
291 * CreateToolhelp32Snapshot (KERNEL32.@)
293 HANDLE WINAPI
CreateToolhelp32Snapshot( DWORD flags
, DWORD process
)
295 SYSTEM_PROCESS_INFORMATION
* spi
= NULL
;
296 LDR_MODULE
* mod
= NULL
;
297 ULONG num_pcs
, num_thd
, num_mod
;
298 HANDLE hSnapShot
= 0;
300 TRACE("%lx,%lx\n", flags
, process
);
301 if (!(flags
& (TH32CS_SNAPPROCESS
|TH32CS_SNAPTHREAD
|TH32CS_SNAPMODULE
)))
303 FIXME("flags %lx not implemented\n", flags
);
304 SetLastError( ERROR_CALL_NOT_IMPLEMENTED
);
305 return INVALID_HANDLE_VALUE
;
308 if (fetch_module( process
, flags
, &mod
, &num_mod
) &&
309 fetch_process_thread( flags
, &spi
, &num_pcs
, &num_thd
))
312 struct snapshot
*snap
;
313 SECURITY_ATTRIBUTES sa
;
315 /* create & fill the snapshot section */
316 sect_size
= sizeof(struct snapshot
) - 1; /* for last data[1] */
317 if (flags
& TH32CS_SNAPMODULE
) sect_size
+= num_mod
* sizeof(MODULEENTRY32W
);
318 if (flags
& TH32CS_SNAPPROCESS
) sect_size
+= num_pcs
* sizeof(PROCESSENTRY32W
);
319 if (flags
& TH32CS_SNAPTHREAD
) sect_size
+= num_thd
* sizeof(THREADENTRY32
);
320 if (flags
& TH32CS_SNAPHEAPLIST
)FIXME("Unimplemented: heap list snapshot\n");
322 sa
.bInheritHandle
= (flags
& TH32CS_INHERIT
) ? TRUE
: FALSE
;
323 sa
.lpSecurityDescriptor
= NULL
;
325 hSnapShot
= CreateFileMappingW( INVALID_HANDLE_VALUE
, &sa
,
326 SEC_COMMIT
| PAGE_READWRITE
,
327 0, sect_size
, NULL
);
328 if (hSnapShot
&& (snap
= MapViewOfFile( hSnapShot
, FILE_MAP_ALL_ACCESS
, 0, 0, 0 )))
332 fill_module( snap
, &offset
, process
, mod
, num_mod
);
333 fill_process( snap
, &offset
, spi
, num_pcs
);
334 fill_thread( snap
, &offset
, spi
, num_thd
);
335 UnmapViewOfFile( snap
);
341 HeapFree( GetProcessHeap(), 0, mod
[num_mod
].BaseDllName
.Buffer
);
342 HeapFree( GetProcessHeap(), 0, mod
[num_mod
].FullDllName
.Buffer
);
344 HeapFree( GetProcessHeap(), 0, mod
);
345 HeapFree( GetProcessHeap(), 0, spi
);
347 if (!hSnapShot
) return INVALID_HANDLE_VALUE
;
351 static BOOL
next_thread( HANDLE hSnapShot
, LPTHREADENTRY32 lpte
, BOOL first
)
353 struct snapshot
* snap
;
356 if (lpte
->dwSize
< sizeof(THREADENTRY32
))
358 SetLastError( ERROR_INSUFFICIENT_BUFFER
);
359 WARN("Result buffer too small (%ld)\n", lpte
->dwSize
);
362 if ((snap
= MapViewOfFile( hSnapShot
, FILE_MAP_ALL_ACCESS
, 0, 0, 0 )))
364 if (first
) snap
->thread_pos
= 0;
365 if (snap
->thread_pos
< snap
->thread_count
)
367 LPTHREADENTRY32 te
= (THREADENTRY32
*)&snap
->data
[snap
->thread_offset
];
368 *lpte
= te
[snap
->thread_pos
++];
371 else SetLastError( ERROR_NO_MORE_FILES
);
372 UnmapViewOfFile( snap
);
377 /***********************************************************************
378 * Thread32First (KERNEL32.@)
380 * Return info about the first thread in a toolhelp32 snapshot
382 BOOL WINAPI
Thread32First( HANDLE hSnapShot
, LPTHREADENTRY32 lpte
)
384 return next_thread( hSnapShot
, lpte
, TRUE
);
387 /***********************************************************************
388 * Thread32Next (KERNEL32.@)
390 * Return info about the first thread in a toolhelp32 snapshot
392 BOOL WINAPI
Thread32Next( HANDLE hSnapShot
, LPTHREADENTRY32 lpte
)
394 return next_thread( hSnapShot
, lpte
, FALSE
);
397 /***********************************************************************
400 * Implementation of Process32First/Next. Note that the ANSI / Unicode
401 * version check is a bit of a hack as it relies on the fact that only
402 * the last field is actually different.
404 static BOOL
process_next( HANDLE hSnapShot
, LPPROCESSENTRY32W lppe
,
405 BOOL first
, BOOL unicode
)
407 struct snapshot
* snap
;
409 DWORD sz
= unicode
? sizeof(PROCESSENTRY32W
) : sizeof(PROCESSENTRY32
);
411 if (lppe
->dwSize
< sz
)
413 SetLastError( ERROR_INSUFFICIENT_BUFFER
);
414 WARN("Result buffer too small (%ld)\n", lppe
->dwSize
);
417 if ((snap
= MapViewOfFile( hSnapShot
, FILE_MAP_ALL_ACCESS
, 0, 0, 0 )))
419 if (first
) snap
->process_pos
= 0;
420 if (snap
->process_pos
< snap
->process_count
)
422 LPPROCESSENTRY32W pe
= (PROCESSENTRY32W
*)&snap
->data
[snap
->process_offset
];
424 *lppe
= pe
[snap
->process_pos
];
427 lppe
->cntUsage
= pe
[snap
->process_pos
].cntUsage
;
428 lppe
->th32ProcessID
= pe
[snap
->process_pos
].th32ProcessID
;
429 lppe
->th32DefaultHeapID
= pe
[snap
->process_pos
].th32DefaultHeapID
;
430 lppe
->th32ModuleID
= pe
[snap
->process_pos
].th32ModuleID
;
431 lppe
->cntThreads
= pe
[snap
->process_pos
].cntThreads
;
432 lppe
->th32ParentProcessID
= pe
[snap
->process_pos
].th32ParentProcessID
;
433 lppe
->pcPriClassBase
= pe
[snap
->process_pos
].pcPriClassBase
;
434 lppe
->dwFlags
= pe
[snap
->process_pos
].dwFlags
;
436 WideCharToMultiByte( CP_ACP
, 0, pe
[snap
->process_pos
].szExeFile
, -1,
437 (char*)lppe
->szExeFile
, sizeof(lppe
->szExeFile
),
443 else SetLastError( ERROR_NO_MORE_FILES
);
444 UnmapViewOfFile( snap
);
451 /***********************************************************************
452 * Process32First (KERNEL32.@)
454 * Return info about the first process in a toolhelp32 snapshot
456 BOOL WINAPI
Process32First(HANDLE hSnapshot
, LPPROCESSENTRY32 lppe
)
458 return process_next( hSnapshot
, (PROCESSENTRY32W
*)lppe
, TRUE
, FALSE
/* ANSI */ );
461 /***********************************************************************
462 * Process32Next (KERNEL32.@)
464 * Return info about the "next" process in a toolhelp32 snapshot
466 BOOL WINAPI
Process32Next(HANDLE hSnapshot
, LPPROCESSENTRY32 lppe
)
468 return process_next( hSnapshot
, (PROCESSENTRY32W
*)lppe
, FALSE
, FALSE
/* ANSI */ );
471 /***********************************************************************
472 * Process32FirstW (KERNEL32.@)
474 * Return info about the first process in a toolhelp32 snapshot
476 BOOL WINAPI
Process32FirstW(HANDLE hSnapshot
, LPPROCESSENTRY32W lppe
)
478 return process_next( hSnapshot
, lppe
, TRUE
, TRUE
/* Unicode */ );
481 /***********************************************************************
482 * Process32NextW (KERNEL32.@)
484 * Return info about the "next" process in a toolhelp32 snapshot
486 BOOL WINAPI
Process32NextW(HANDLE hSnapshot
, LPPROCESSENTRY32W lppe
)
488 return process_next( hSnapshot
, lppe
, FALSE
, TRUE
/* Unicode */ );
491 /***********************************************************************
494 * Implementation of Module32{First|Next}W
496 static BOOL
module_nextW( HANDLE hSnapShot
, LPMODULEENTRY32W lpme
, BOOL first
)
498 struct snapshot
* snap
;
501 if (lpme
->dwSize
< sizeof (MODULEENTRY32W
))
503 SetLastError( ERROR_INSUFFICIENT_BUFFER
);
504 WARN("Result buffer too small (was: %ld)\n", lpme
->dwSize
);
507 if ((snap
= MapViewOfFile( hSnapShot
, FILE_MAP_ALL_ACCESS
, 0, 0, 0 )))
509 if (first
) snap
->module_pos
= 0;
510 if (snap
->module_pos
< snap
->module_count
)
512 LPMODULEENTRY32W pe
= (MODULEENTRY32W
*)&snap
->data
[snap
->module_offset
];
513 *lpme
= pe
[snap
->module_pos
++];
516 else SetLastError( ERROR_NO_MORE_FILES
);
517 UnmapViewOfFile( snap
);
523 /***********************************************************************
524 * Module32FirstW (KERNEL32.@)
526 * Return info about the "first" module in a toolhelp32 snapshot
528 BOOL WINAPI
Module32FirstW(HANDLE hSnapshot
, LPMODULEENTRY32W lpme
)
530 return module_nextW( hSnapshot
, lpme
, TRUE
);
533 /***********************************************************************
534 * Module32NextW (KERNEL32.@)
536 * Return info about the "next" module in a toolhelp32 snapshot
538 BOOL WINAPI
Module32NextW(HANDLE hSnapshot
, LPMODULEENTRY32W lpme
)
540 return module_nextW( hSnapshot
, lpme
, FALSE
);
543 /***********************************************************************
546 * Implementation of Module32{First|Next}A
548 static BOOL
module_nextA( HANDLE handle
, LPMODULEENTRY32 lpme
, BOOL first
)
553 if (lpme
->dwSize
< sizeof(MODULEENTRY32
))
555 SetLastError( ERROR_INSUFFICIENT_BUFFER
);
556 WARN("Result buffer too small (was: %ld)\n", lpme
->dwSize
);
560 mew
.dwSize
= sizeof(mew
);
561 if ((ret
= module_nextW( handle
, &mew
, first
)))
563 lpme
->th32ModuleID
= mew
.th32ModuleID
;
564 lpme
->th32ProcessID
= mew
.th32ProcessID
;
565 lpme
->GlblcntUsage
= mew
.GlblcntUsage
;
566 lpme
->ProccntUsage
= mew
.ProccntUsage
;
567 lpme
->modBaseAddr
= mew
.modBaseAddr
;
568 lpme
->modBaseSize
= mew
.modBaseSize
;
569 lpme
->hModule
= mew
.hModule
;
570 WideCharToMultiByte( CP_ACP
, 0, mew
.szModule
, -1, lpme
->szModule
, sizeof(lpme
->szModule
), NULL
, NULL
);
571 WideCharToMultiByte( CP_ACP
, 0, mew
.szExePath
, -1, lpme
->szExePath
, sizeof(lpme
->szExePath
), NULL
, NULL
);
576 /***********************************************************************
577 * Module32First (KERNEL32.@)
579 * Return info about the "first" module in a toolhelp32 snapshot
581 BOOL WINAPI
Module32First(HANDLE hSnapshot
, LPMODULEENTRY32 lpme
)
583 return module_nextA( hSnapshot
, lpme
, TRUE
);
586 /***********************************************************************
587 * Module32Next (KERNEL32.@)
589 * Return info about the "next" module in a toolhelp32 snapshot
591 BOOL WINAPI
Module32Next(HANDLE hSnapshot
, LPMODULEENTRY32 lpme
)
593 return module_nextA( hSnapshot
, lpme
, FALSE
);
596 /************************************************************************
597 * Heap32ListFirst (KERNEL32.@)
600 BOOL WINAPI
Heap32ListFirst(HANDLE hSnapshot
, LPHEAPLIST32 lphl
)
606 /******************************************************************
607 * Toolhelp32ReadProcessMemory (KERNEL32.@)
611 BOOL WINAPI
Toolhelp32ReadProcessMemory(DWORD pid
, const void* base
,
612 void* buf
, SIZE_T len
, SIZE_T
* r
)
617 h
= (pid
) ? OpenProcess(PROCESS_VM_READ
, FALSE
, pid
) : GetCurrentProcess();
620 ret
= ReadProcessMemory(h
, base
, buf
, len
, r
);
621 if (pid
) CloseHandle(h
);