PKULL_M_MEMORY_HANDLE kull_m_memory_close(IN PKULL_M_MEMORY_HANDLE hMemory)
{
if(hMemory)
{
switch (hMemory->type)
{
case KULL_M_MEMORY_TYPE_PROCESS:
LocalFree(hMemory->pHandleProcess);
break;
case KULL_M_MEMORY_TYPE_FILE:
LocalFree(hMemory->pHandleFile);
break;
case KULL_M_MEMORY_TYPE_PROCESS_DMP:
if(hMemory->pHandleProcessDmp)
{
kull_m_minidump_close(hMemory->pHandleProcessDmp->hMinidump);
LocalFree(hMemory->pHandleProcessDmp);
}
break;
case KULL_M_MEMORY_TYPE_KERNEL:
LocalFree(hMemory->pHandleDriver);
break;
default:
break;
}
return (PKULL_M_MEMORY_HANDLE) LocalFree(hMemory);
}
else return NULL;
}
BOOL kull_m_minidump_open(IN HANDLE hFile, OUT PKULL_M_MINIDUMP_HANDLE *hMinidump)
{
BOOL status = FALSE;
*hMinidump = (PKULL_M_MINIDUMP_HANDLE) LocalAlloc(LPTR, sizeof(KULL_M_MINIDUMP_HANDLE));
if(*hMinidump)
{
(*hMinidump)->hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if((*hMinidump)->hFileMapping)
{
if((*hMinidump)->pMapViewOfFile = MapViewOfFile((*hMinidump)->hFileMapping, FILE_MAP_READ, 0, 0, 0))
status = (((PMINIDUMP_HEADER) (*hMinidump)->pMapViewOfFile)->Signature == MINIDUMP_SIGNATURE) && ((WORD) (((PMINIDUMP_HEADER) (*hMinidump)->pMapViewOfFile)->Version) == MINIDUMP_VERSION);
}
if(!status)
kull_m_minidump_close(*hMinidump);
}
return status;
}
