Add ProcessObject.GetWow64Mode() (IsWow64Process2) and use it in Targ…

…etProcess. Part of #30.
vezel-dev · Jul 15, 2022 · d03b3c7 · d03b3c7
1 parent ee171d3
commit d03b3c7
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 27 deletions.
diff --git a/src/injection/AssemblyInjector.cs b/src/injection/AssemblyInjector.cs
@@ -68,7 +68,7 @@ void DisposeCore()
     string GetModulePath()
     {
         var path = Path.Combine(
-            _options.ModuleDirectory, $"ruptura-{_process.Architecture.ToString().ToLowerInvariant()}.dll");
+            _options.ModuleDirectory, $"ruptura-{_process.Machine.ToString().ToLowerInvariant()}.dll");
 
         return File.Exists(path) ? path : throw new InjectionException("Could not locate the Ruptura native module.");
     }

diff --git a/src/injection/NativeMethods.txt b/src/injection/NativeMethods.txt
@@ -1,6 +1,5 @@
 CreateProcessW
 CreateRemoteThreadEx
-IsWow64Process2
 K32GetModuleBaseNameW
 
 WIN32_ERROR

diff --git a/src/injection/TargetProcess.cs b/src/injection/TargetProcess.cs
@@ -1,6 +1,5 @@
 using Vezel.Ruptura.Injection.IO;
 using Windows.Win32.Foundation;
-using Windows.Win32.System.SystemInformation;
 using Windows.Win32.System.Threading;
 using Win32 = Windows.Win32.WindowsPInvoke;
 
@@ -14,11 +13,11 @@ public sealed unsafe class TargetProcess : IDisposable
 
     public ProcessObject Object => !_object.IsDisposed ? _object : throw new ObjectDisposedException(GetType().Name);
 
-    public Architecture Architecture { get; }
+    public ImageMachine Machine { get; }
 
     internal int? MainThreadId { get; }
 
-    internal bool IsSupported => Architecture == Architecture.X64;
+    internal bool IsSupported => Machine == ImageMachine.X64;
 
     readonly ProcessObject _object;
 
@@ -27,26 +26,12 @@ public sealed unsafe class TargetProcess : IDisposable
         Id = id;
         _object = @object;
         MainThreadId = mainThreadId;
-
-        IMAGE_FILE_MACHINE os;
-
-        if (!Win32.IsWow64Process2(@object.SafeHandle, out var proc, &os))
-            throw new Win32Exception();
-
-        Architecture = (os, proc) switch
+        Machine = @object.GetWow64Mode() switch
         {
-            (IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_I386, IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_UNKNOWN) or
-            (_, IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_I386) =>
-                Architecture.X86,
-            (IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_AMD64, IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_UNKNOWN) or
-            (_, IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_AMD64) =>
-                Architecture.X64,
-            (IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_ARM, IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_UNKNOWN) or
-            (_, IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_ARM) =>
-                Architecture.Arm,
-            (IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_ARM64, IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_UNKNOWN) or
-            (_, IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_ARM64) =>
-                Architecture.Arm64,
+            (ImageMachine.X86, ImageMachine.Unknown) or (_, ImageMachine.X86) => ImageMachine.X86,
+            (ImageMachine.X64, ImageMachine.Unknown) or (_, ImageMachine.X64) => ImageMachine.X64,
+            (ImageMachine.Arm, ImageMachine.Unknown) or (_, ImageMachine.Arm) => ImageMachine.Arm,
+            (ImageMachine.Arm64, ImageMachine.Unknown) or (_, ImageMachine.Arm64) => ImageMachine.Arm64,
             _ => throw new UnreachableException(),
         };
     }
@@ -187,10 +172,10 @@ internal void FreeMemory(nuint address)
 
     internal nuint CreateFunction(Action<Assembler> action)
     {
-        var asm = new Assembler(Architecture switch
+        var asm = new Assembler(Machine switch
         {
-            Architecture.X86 => 32,
-            Architecture.X64 => 64,
+            ImageMachine.X86 => 32,
+            ImageMachine.X64 => 64,
             _ => throw new UnreachableException(),
         });
 

diff --git a/src/system/ImageMachine.cs b/src/system/ImageMachine.cs
@@ -0,0 +1,12 @@
+using Windows.Win32.System.SystemInformation;
+
+namespace Vezel.Ruptura.System;
+
+public enum ImageMachine : ushort
+{
+    Unknown = IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_UNKNOWN,
+    X86 = IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_I386,
+    X64 = IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_AMD64,
+    Arm = IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_ARM,
+    Arm64 = IMAGE_FILE_MACHINE.IMAGE_FILE_MACHINE_ARM64,
+}
diff --git a/src/system/NativeMethods.txt b/src/system/NativeMethods.txt
@@ -27,6 +27,7 @@ Heap32First
 Heap32ListFirst
 Heap32ListNext
 Heap32Next
+IsWow64Process2
 LocalFree
 Module32FirstW
 Module32NextW

diff --git a/src/system/ProcessObject.cs b/src/system/ProcessObject.cs
@@ -1,5 +1,6 @@
 using Windows.Win32.Foundation;
 using Windows.Win32.System.Memory;
+using Windows.Win32.System.SystemInformation;
 using Windows.Win32.System.Threading;
 using Win32 = Windows.Win32.WindowsPInvoke;
 
@@ -71,6 +72,15 @@ public static void Exit(int code)
         Win32.ExitProcess((uint)code);
     }
 
+    public (ImageMachine System, ImageMachine Process) GetWow64Mode()
+    {
+        IMAGE_FILE_MACHINE system;
+
+        return Win32.IsWow64Process2(SafeHandle, out var process, &system)
+            ? ((ImageMachine)system, (ImageMachine)process)
+            : throw new Win32Exception();
+    }
+
     public void GetTimes(
         out DateTime creationTime, out DateTime exitTime, out TimeSpan kernelTime, out TimeSpan userTime)
     {