From 32495369a6fb38ecd1c52e5bc2afc6f7f5953fb2 Mon Sep 17 00:00:00 2001 From: mingkuang Date: Mon, 13 Mar 2023 00:32:44 +0800 Subject: [PATCH] =?UTF-8?q?Fea=20#29,=20=E6=B7=BB=E5=8A=A0SetProcessInform?= =?UTF-8?q?ation=EF=BC=8CSetThreadInformation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ThunksList.md | 2 + src/Shared/km.h | 7 + src/Thunks/YY_Thunks.cpp | 1 + src/Thunks/api-ms-win-core-processthreads.hpp | 133 +++++++++++++++++- 4 files changed, 140 insertions(+), 3 deletions(-) diff --git a/ThunksList.md b/ThunksList.md index 56e7e48..986ca96 100644 --- a/ThunksList.md +++ b/ThunksList.md @@ -276,6 +276,8 @@ | PrefetchVirtualMemory | 不存在时,返回ERROR_SUCCESS。 | GetProcessMitigationPolicy | 不存在时,调用NtQueryInformationProcess。 | SetProcessMitigationPolicy | 不存在时,调用NtSetInformationProcess。 +| SetProcessInformation | 不存在时,调用NtSetInformationProcess。 +| SetThreadInformation | 不存在时,调用NtSetInformationThread。 ## mfplat.dll | 函数 | Fallback diff --git a/src/Shared/km.h b/src/Shared/km.h index 1719b58..be0e849 100644 --- a/src/Shared/km.h +++ b/src/Shared/km.h @@ -3005,6 +3005,13 @@ NtQueryDirectoryFile ( ULONG ProcessInformationLength ); + EXTERN_C NTSYSAPI NTSTATUS NTAPI NtSetInformationThread( + IN HANDLE ThreadHandle, + IN THREADINFOCLASS ThreadInformationClass, + OUT PVOID ThreadInformation, + IN ULONG ThreadInformationLength + ); + EXTERN_C NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, diff --git a/src/Thunks/YY_Thunks.cpp b/src/Thunks/YY_Thunks.cpp index f264e08..76140fa 100644 --- a/src/Thunks/YY_Thunks.cpp +++ b/src/Thunks/YY_Thunks.cpp @@ -40,6 +40,7 @@ _APPLY(RtlFreeUnicodeString, ntdll ) \ _APPLY(NtQueryObject, ntdll ) \ _APPLY(NtQueryInformationThread, ntdll ) \ + _APPLY(NtSetInformationThread, ntdll ) \ _APPLY(NtQueryInformationProcess, ntdll ) \ _APPLY(NtSetInformationProcess, ntdll ) \ _APPLY(NtOpenKeyedEvent, ntdll ) \ diff --git a/src/Thunks/api-ms-win-core-processthreads.hpp b/src/Thunks/api-ms-win-core-processthreads.hpp index 153f6e9..43bff25 100644 --- a/src/Thunks/api-ms-win-core-processthreads.hpp +++ b/src/Thunks/api-ms-win-core-processthreads.hpp @@ -1,6 +1,6 @@ - - - +#if (YY_Thunks_Support_Version < NTDDI_WIN8) +#include +#endif #ifdef YY_Thunks_Implemented @@ -899,6 +899,133 @@ namespace YY } } #endif + +#if (YY_Thunks_Support_Version < NTDDI_WIN8) + + // 最低受支持的客户端 Windows 8 [桌面应用|UWP 应用] + // 最低受支持的服务器 Windows Server 2012[桌面应用 | UWP 应用] + __DEFINE_THUNK( + kernel32, + 16, + BOOL, + WINAPI, + SetProcessInformation, + _In_ HANDLE _hProcess, + _In_ PROCESS_INFORMATION_CLASS _eProcessInformationClass, + _In_reads_bytes_(_cbProcessInformationSize) LPVOID _pProcessInformation, + _In_ DWORD _cbProcessInformationSize + ) + { + if (const auto _pfnSetProcessInformation = try_get_SetProcessInformation()) + { + return _pfnSetProcessInformation(_hProcess, _eProcessInformationClass, _pProcessInformation, _cbProcessInformationSize); + } + + if (_pProcessInformation == nullptr || (DWORD)_eProcessInformationClass >= (DWORD)ProcessInformationClassMax) + { + SetLastError(ERROR_INVALID_PARAMETER); + return FALSE; + } + + const auto _pfnNtSetInformationProcess = try_get_NtSetInformationProcess(); + if (!_pfnNtSetInformationProcess) + { + SetLastError(ERROR_NOT_SUPPORTED); + return FALSE; + } + + NTSTATUS _Status; + if (_eProcessInformationClass == ProcessMemoryPriority) + { + if (_cbProcessInformationSize != sizeof(MEMORY_PRIORITY_INFORMATION)) + { + SetLastError(ERROR_INVALID_PARAMETER); + return FALSE; + } + // PAGE_PRIORITY_INFORMATION + _Status = _pfnNtSetInformationProcess(_hProcess, ProcessPagePriority, _pProcessInformation, sizeof(DWORD)); + } + else + { + SetLastError(ERROR_NOT_SUPPORTED); + return FALSE; + } + + if (_Status >= 0) + return TRUE; + + internal::BaseSetLastNTError(_Status); + return FALSE; + } +#endif + +#if (YY_Thunks_Support_Version < NTDDI_WIN8) + + // 最低受支持的客户端 Windows 8 [桌面应用|UWP 应用] + // 最低受支持的服务器 Windows Server 2012[桌面应用 | UWP 应用] + __DEFINE_THUNK( + kernel32, + 16, + BOOL, + WINAPI, + SetThreadInformation, + _In_ HANDLE _hThread, + _In_ THREAD_INFORMATION_CLASS _eThreadInformationClass, + _In_reads_bytes_(_cbThreadInformationSize) LPVOID _pThreadInformation, + _In_ DWORD _cbThreadInformationSize + ) + { + if (const auto _pfnSetThreadInformation = try_get_SetThreadInformation()) + { + return _pfnSetThreadInformation(_hThread, _eThreadInformationClass, _pThreadInformation, _cbThreadInformationSize); + } + + if (_pThreadInformation == nullptr || (DWORD)_eThreadInformationClass >= (DWORD)ThreadInformationClassMax) + { + SetLastError(ERROR_INVALID_PARAMETER); + return FALSE; + } + + const auto _pfnNtSetInformationThread = try_get_NtSetInformationThread(); + if (!_pfnNtSetInformationThread) + { + SetLastError(ERROR_NOT_SUPPORTED); + return FALSE; + } + + NTSTATUS _Status; + if (_eThreadInformationClass == ThreadMemoryPriority) + { + if (_cbThreadInformationSize != sizeof(MEMORY_PRIORITY_INFORMATION)) + { + SetLastError(ERROR_INVALID_PARAMETER); + return FALSE; + } + _Status = _pfnNtSetInformationThread(_hThread, ThreadPagePriority, _pThreadInformation, sizeof(DWORD)); + } + else if (_eThreadInformationClass == ThreadAbsoluteCpuPriority) + { + if (_cbThreadInformationSize != sizeof(DWORD)) + { + SetLastError(ERROR_INVALID_PARAMETER); + return FALSE; + } + _Status = _pfnNtSetInformationThread(_hThread, ThreadActualBasePriority, _pThreadInformation, sizeof(DWORD)); + } + else + { + SetLastError(ERROR_NOT_SUPPORTED); + return FALSE; + } + + if (_Status >= 0) + return TRUE; + + internal::BaseSetLastNTError(_Status); + return FALSE; + } +#endif + }//namespace Thunks } //namespace YY \ No newline at end of file