static VOID EtpQueueSymbolLookup(
_In_ PWS_WATCH_CONTEXT Context,
_In_ PVOID Address
)
{
PSYMBOL_LOOKUP_RESULT result;
result = PhAllocate(sizeof(SYMBOL_LOOKUP_RESULT));
result->Context = Context;
result->Address = Address;
EtpReferenceWsWatchContext(Context);
PhQueueItemGlobalWorkQueue(EtpSymbolLookupFunction, result);
}
VOID PhpQueueModuleQuery(
__in PPH_MODULE_PROVIDER ModuleProvider,
__in PPH_MODULE_ITEM ModuleItem
)
{
PPH_MODULE_QUERY_DATA data;
if (!PhEnableProcessQueryStage2)
return;
data = PhAllocate(sizeof(PH_MODULE_QUERY_DATA));
memset(data, 0, sizeof(PH_MODULE_QUERY_DATA));
data->ModuleProvider = ModuleProvider;
data->ModuleItem = ModuleItem;
PhReferenceObject(ModuleProvider);
PhReferenceObject(ModuleItem);
PhQueueItemGlobalWorkQueue(PhpModuleQueryWorker, data);
}
BOOL CALLBACK PhpSymbolCallbackFunction(
_In_ HANDLE hProcess,
_In_ ULONG ActionCode,
_In_opt_ ULONG64 CallbackData,
_In_opt_ ULONG64 UserContext
)
{
PPH_SYMBOL_PROVIDER symbolProvider = (PPH_SYMBOL_PROVIDER)UserContext;
PPH_SYMBOL_EVENT_DATA data;
PIMAGEHLP_DEFERRED_SYMBOL_LOADW64 callbackData;
if (!IsListEmpty(&symbolProvider->EventCallback.ListHead))
{
switch (ActionCode)
{
case SymbolDeferredSymbolLoadStart:
case SymbolDeferredSymbolLoadComplete:
case SymbolDeferredSymbolLoadFailure:
case SymbolSymbolsUnloaded:
case SymbolDeferredSymbolLoadCancel:
PhCreateAlloc((PVOID *)&data, sizeof(PH_SYMBOL_EVENT_DATA));
memset(data, 0, sizeof(PH_SYMBOL_EVENT_DATA));
data->SymbolProvider = symbolProvider;
data->Type = ActionCode;
if (ActionCode != SymbolSymbolsUnloaded)
{
callbackData = (PIMAGEHLP_DEFERRED_SYMBOL_LOADW64)CallbackData;
data->BaseAddress = callbackData->BaseOfImage;
data->CheckSum = callbackData->CheckSum;
data->TimeStamp = callbackData->TimeDateStamp;
data->FileName = PhCreateString(callbackData->FileName);
}
PhQueueItemGlobalWorkQueue(PhpSymbolCallbackWorker, data);
break;
}
}
return FALSE;
}
/**
* Queues an object for deletion.
*
* \param ObjectHeader A pointer to the object header of the object
* to delete.
*/
VOID PhpDeferDeleteObject(
__in PPH_OBJECT_HEADER ObjectHeader
)
{
PPH_OBJECT_HEADER nextToFree;
/* Add the object to the list while saving the old value, atomically.
* Note that it is first-in, last-out.
*/
while (TRUE)
{
nextToFree = PhObjectNextToFree;
ObjectHeader->NextToFree = nextToFree;
/* Attempt to set the global next-to-free variable. */
if (_InterlockedCompareExchangePointer(
&PhObjectNextToFree,
ObjectHeader,
nextToFree
) == nextToFree)
{
/* Success. */
break;
}
/* Someone else changed the next-to-free variable.
* Go back and try again.
*/
}
REF_STAT_UP(RefObjectsDeleteDeferred);
/* Was the to-free list empty before? If so, we need to queue
* a work item.
*/
if (!nextToFree)
{
PhQueueItemGlobalWorkQueue(PhpDeferDeleteObjectRoutine, NULL);
}
}
VOID PkUpdateArchiveExtractCallback::StartThread()
{
ThreadStarted = TRUE;
PhQueueItemGlobalWorkQueue((PTHREAD_START_ROUTINE)ThreadStart, this);
}
