NTSTATUS NTAPI hk_NtQueryObject(HANDLE Handle, OBJECT_INFORMATION_CLASS ObjectInformationClass, PVOID ObjectInformation, ULONG ObjectInformationLength, PULONG ReturnLength)
{
NTSTATUS status = Nt::NtQueryObject(Handle, ObjectInformationClass, ObjectInformation, ObjectInformationLength, ReturnLength);
//
// Hide debug information queries
// NOTE: Possible STATUS_INFO_LENGTH_MISMATCH (Short write)
//
if ((ObjectInformation) &&
(NT_SUCCESS(status) || status == STATUS_INFO_LENGTH_MISMATCH))
{
SEH_START()
if (ObjectInformationClass == ObjectTypeInformation)
{
//
// Hide the single debug object info
//
if (ObjectInformationLength >= sizeof(OBJECT_TYPE_INFORMATION))
RemoveSingleDebugObjectInfo((POBJECT_TYPE_INFORMATION)ObjectInformation);
}
else if (ObjectInformationClass == ObjectTypesInformation)
{
//
// Loop all entries and fix the DebugObject entry
//
if (ObjectInformationLength > 0)
RemoveDebugObjectInfo(ObjectInformation, ObjectInformationLength);
}
SEH_END()
SEH_EXCEPT(){ status = GetExceptionCode(); }
}
NTSTATUS NTAPI hk_NtQueryInformationProcess(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength)
{
NTSTATUS status = Nt::NtQueryInformationProcess(ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength);
//
// Did the first call succeed?
//
if (!NT_SUCCESS(status))
return status;
//
// It did, so now modify any return values
//
if (ProcessInformation)
{
SEH_START()
switch (ProcessInformationClass)
{
case ProcessDebugPort: *(PHANDLE)ProcessInformation = 0; break;
case ProcessDebugObjectHandle: *(PHANDLE)ProcessInformation = 0; break;
case ProcessDebugFlags: *(PULONG)ProcessInformation = 0; break;
}
SEH_END()
SEH_EXCEPT(){ status = GetExceptionCode(); }
}
return status;
}
////////////////////////////////////////////////////////////////////
// ConvertBlobToVarVector
//
// Takes a PROPVARIANT BLOB or pclipdata and converts it to VARIANT SAFEARRAY
// which can be treated by VB as vector (1-dim) Byte Array.
//
STDAPI ConvertBinaryToVarVector(PROPVARIANT *pVarBlob, VARIANT *pVarByteArray)
{
HRESULT hr = S_FALSE;
SAFEARRAY* pSA;
DWORD dwSize;
if ( ( pVarBlob == NULL ) || (pVarBlob->vt != VT_BLOB) &&
( pVarBlob->vt != VT_CF ) || ( pVarByteArray == NULL ) )
return E_UNEXPECTED;
// Identify the size
if ( pVarBlob->vt == VT_BLOB )
dwSize = pVarBlob->blob.cbSize;
else
dwSize = pVarBlob->pclipdata->cbSize;
if ((dwSize) && (dwSize < 0x800000))
{
// Create a vector array the size of the blob or clipdata...
pSA = SafeArrayCreateVector(VT_UI1, 0, dwSize);
if ( pSA != NULL )
{
// Copy the data over to the vector
BYTE *pByte = NULL;
hr = SafeArrayAccessData( pSA, (void**)&pByte );
if ( SUCCEEDED(hr) )
{
SEH_TRY
if ( pVarBlob->vt == VT_BLOB )
memcpy( pByte, (BYTE*)(pVarBlob->blob.pBlobData), dwSize );
else
memcpy( pByte, (BYTE*)(pVarBlob->pclipdata->pClipData), dwSize );
SEH_EXCEPT(hr)
SafeArrayUnaccessData( pSA );
}
}
