/inc/win_structs.h

https://code.google.com/p/dwarftherapist/ · C Header · 67 lines · 39 code · 6 blank · 22 comment · 0 complexity · 68a7ed3a662482679387fecf14e271d1 MD5 · raw file 

    

  1. /*

    2. 

  2. Dwarf Therapist

    3. 

  3. Copyright (c) 2009 Trey Stout (chmod)

    4. 

  4. 

    5. 

  5. Permission is hereby granted, free of charge, to any person obtaining a copy

    6. 

  6. of this software and associated documentation files (the "Software"), to deal

    7. 

  7. in the Software without restriction, including without limitation the rights

    8. 

  8. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

    9. 

  9. copies of the Software, and to permit persons to whom the Software is

    10. 

  10. furnished to do so, subject to the following conditions:

    11. 

  11. 

    12. 

  12. The above copyright notice and this permission notice shall be included in

    13. 

  13. all copies or substantial portions of the Software.

    14. 

  14. 

    15. 

  15. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

    16. 

  16. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

    17. 

  17. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

    18. 

  18. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

    19. 

  19. LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

    20. 

  20. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

    21. 

  21. THE SOFTWARE.

    22. 

  22. */

    23. 

  23. #ifndef WIN_STRUCTS_H

    24. 

  24. #define WIN_STRUCTS_H

    25. 

  25. #include <windows.h>

    26. 

  26. #include <ntsecapi.h>

    27. 

  27. #include <stdio.h>

    28. 

  28. 

    29. 

  29. 

    30. 

  30. typedef struct _PEB {

    31. 

  31.     bool InheritedAddressSpace;

    32. 

  32.     bool ReadImageFileExecOptions;

    33. 

  33.     bool BeingDebugged;

    34. 

  34.     bool Spare;

    35. 

  35.     HANDLE Mutant;

    36. 

  36.     PVOID ImageBaseAddress;

    37. 

  37. } PEB, *PPEB;

    38. 

  38. 

    39. 

  39. typedef NTSTATUS (NTAPI *_NtQueryInformationProcess)(

    40. 

  40.     HANDLE ProcessHandle,

    41. 

  41.     DWORD ProcessInformationClass,

    42. 

  42.     PVOID ProcessInformation,

    43. 

  43.     DWORD ProcessInformationLength,

    44. 

  44.     PDWORD ReturnLength

    45. 

  45.     );

    46. 

  46. 

    47. 

  47. typedef struct _PROCESS_BASIC_INFORMATION

    48. 

  48. {

    49. 

  49.     DWORD ExitStatus;

    50. 

  50.     PVOID PebBaseAddress;

    51. 

  51.     DWORD AffinityMask;

    52. 

  52.     DWORD BasePriority;

    53. 

  53.     DWORD UniqueProcessId;

    54. 

  54.     DWORD ParentProcessId;

    55. 

  55. } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;

    56. 

  56. 

    57. 

  57. PVOID GetPebAddress(HANDLE ProcessHandle)

    58. 

  58. {

    59. 

  59.     _NtQueryInformationProcess NtQueryInformationProcess =

    60. 

  60.         (_NtQueryInformationProcess)GetProcAddress(

    61. 

  61.         GetModuleHandleA("ntdll.dll"), "NtQueryInformationProcess");

    62. 

  62.     PROCESS_BASIC_INFORMATION pbi;

    63. 

  63. 

    64. 

  64.     NtQueryInformationProcess(ProcessHandle, 0, &pbi, sizeof(pbi), NULL);

    65. 

  65.     return pbi.PebBaseAddress;

    66. 

  66. }

    67. 

  67. #endif // WIN_STRUCTS_H
    68.