00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
#include "precomp.h"
00013
00014
#include <imagehlp.h>
00015
#include <wdbgexts.h>
00016
#include <ntsdexts.h>
00017
00018
#include <stdexts.h>
00019
00020 #define GETOUTPUTDATA(pEProcess, field, pvData, cbData) \
00021
pvData = (PBYTE)pEProcess + FIELD_OFFSET(EPROCESS, field); \
00022
cbData = sizeof(((PEPROCESS)0)->field);
00023
00024 PVOID
GetEProcessData(
00025
PEPROCESS pEProcess,
00026 UINT iData,
00027 PVOID pBuffer)
00028 {
00029 PVOID pvData;
00030 ULONG cbData;
00031
00032
switch (iData) {
00033
case PROCESS_PROCESSLINK:
00034
GETOUTPUTDATA(pEProcess, ActiveProcessLinks, pvData, cbData);
00035
break;
00036
case PROCESS_WIN32PROCESS:
00037
GETOUTPUTDATA(pEProcess, Win32Process, pvData, cbData);
00038
break;
00039
case PROCESS_IMAGEFILENAME:
00040
GETOUTPUTDATA(pEProcess, ImageFileName, pvData, cbData);
00041
break;
00042
case PROCESS_THREADLIST:
00043
GETOUTPUTDATA(pEProcess, Pcb.
ThreadListHead, pvData, cbData);
00044
break;
00045
case PROCESS_PRIORITYCLASS:
00046
GETOUTPUTDATA(pEProcess, PriorityClass, pvData, cbData);
00047
break;
00048
case PROCESS_PROCESSHEAD:
00049
return CONTAINING_RECORD(pEProcess,
EPROCESS, ActiveProcessLinks);
00050
case PROCESS_PROCESSID:
00051
GETOUTPUTDATA(pEProcess, UniqueProcessId, pvData, cbData);
00052
break;
00053
default:
00054
return NULL;
00055 }
00056
if (!tryMoveBlock(pBuffer, pvData, cbData))
00057
return NULL;
00058
return pvData;
00059 }
