Signed-off-by: Paul Gofman pgofman@codeweavers.com --- dlls/ntoskrnl.exe/ntoskrnl.c | 30 +++++++++++++++++++++++++++++ dlls/ntoskrnl.exe/ntoskrnl.exe.spec | 2 +- include/ddk/ntddk.h | 1 + 3 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c index fbf6262b3eb..cd2143dbf99 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.c +++ b/dlls/ntoskrnl.exe/ntoskrnl.c @@ -4248,3 +4248,33 @@ void WINAPI KeSignalCallDpcDone(void *barrier) { InterlockedDecrement((LONG *)barrier); } + +void * WINAPI PsGetProcessSectionBaseAddress(PEPROCESS process) +{ + void *image_base; + NTSTATUS status; + SIZE_T size; + HANDLE h; + + TRACE("process %p.\n", process); + + if ((status = ObOpenObjectByPointer(process, 0, NULL, PROCESS_ALL_ACCESS, NULL, KernelMode, &h))) + { + WARN("Error opening process object, status %#x.\n", status); + return NULL; + } + + status = NtReadVirtualMemory(h, &process->info.PebBaseAddress->ImageBaseAddress, + &image_base, sizeof(image_base), &size); + + NtClose(h); + + if (status || size != sizeof(image_base)) + { + WARN("Error reading process memory, status %#x, size %lu.\n", status, size); + return NULL; + } + + TRACE("returning %p.\n", image_base); + return image_base; +} diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec index 2b7f57e895f..21bb4cc2584 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec +++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec @@ -904,7 +904,7 @@ @ stub PsGetProcessJob @ stub PsGetProcessPeb @ stub PsGetProcessPriorityClass -@ stub PsGetProcessSectionBaseAddress +@ stdcall PsGetProcessSectionBaseAddress(ptr) @ stub PsGetProcessSecurityPort @ stub PsGetProcessSessionId @ stub PsGetProcessWin32Process diff --git a/include/ddk/ntddk.h b/include/ddk/ntddk.h index 2b05fda7118..b9f8295db88 100644 --- a/include/ddk/ntddk.h +++ b/include/ddk/ntddk.h @@ -229,6 +229,7 @@ NTSTATUS WINAPI KeExpandKernelStackAndCallout(PEXPAND_STACK_CALLOUT,void*,SIZE_ void WINAPI KeSetTargetProcessorDpc(PRKDPC,CCHAR); BOOLEAN WINAPI MmIsAddressValid(void *); HANDLE WINAPI PsGetProcessId(PEPROCESS); +void * WINAPI PsGetProcessSectionBaseAddress(PEPROCESS); HANDLE WINAPI PsGetThreadId(PETHREAD); HANDLE WINAPI PsGetThreadProcessId(PETHREAD); NTSTATUS WINAPI PsRemoveLoadImageNotifyRoutine(PLOAD_IMAGE_NOTIFY_ROUTINE);