Added KMemDriver GetProcesses to enumerate all processes from kernel space.

* fixed missing NUL termination for converted ASCII strings
author: segfault <toni@impl.cc> 2020-12-12 20:08:22 +0100
committer: segfault <toni@impl.cc> 2020-12-12 20:08:22 +0100
commit: 2c2383838ce791392782aeb5ca3cd0607c92e22e (patch)
tree: 477fa41c75fae922c33f7b63ed07c9a23a826a76 /MemDriverLib
parent: 444b885aa818e7a4a91870181950b260a53b8fc9 (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/MemDriverLib/MemDriverLib.cpp b/MemDriverLib/MemDriverLib.cpp
index 34bbf2c..c79a01a 100644
--- a/MemDriverLib/MemDriverLib.cpp
+++ b/MemDriverLib/MemDriverLib.cpp
@@ -48,6 +48,34 @@ bool KInterface::Ping()
 	return srr == SRR_SIGNALED;
 }
 
+bool KInterface::Processes(std::vector<PROCESS_DATA>& dest)
+{
+	SendRecvReturn srr;
+	PKERNEL_PROCESSES_REQUEST processes = (PKERNEL_PROCESSES_REQUEST)getBuffer();
+	PPROCESS_DATA data = (PPROCESS_DATA)(processes + 1);
+
+	m_last_ntstatus = INVALID_NTSTATUS;
+	srr = SendRecvWait(MEM_PROCESSES);
+	if (srr == SRR_SIGNALED) {
+		m_last_ntstatus = processes->StatusRes;
+		if (validateResponeEx(processes, processes->StatusRes, processes->ProcessCount * sizeof(PROCESS_DATA)) == MEM_PROCESSES)
+		{
+			for (SIZE_T i = 0; i < processes->ProcessCount; ++i, ++data)
+			{
+				dest.push_back(*data);
+			}
+		}
+		else {
+			return false;
+		}
+	}
+	else {
+		return false;
+	}
+
+	return true;
+}
+
 bool KInterface::Pages(HANDLE targetPID,
 	std::vector<MEMORY_BASIC_INFORMATION>& dest,
 	PVOID start_address)
author	segfault <toni@impl.cc>	2020-12-12 20:08:22 +0100
committer	segfault <toni@impl.cc>	2020-12-12 20:08:22 +0100
commit	2c2383838ce791392782aeb5ca3cd0607c92e22e (patch)
tree	477fa41c75fae922c33f7b63ed07c9a23a826a76 /MemDriverLib
parent	444b885aa818e7a4a91870181950b260a53b8fc9 (diff)