-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathutil.cpp
59 lines (51 loc) · 1.41 KB
/
util.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#include "util.h"
/////////////////////////////////////////////////////////////////////////////
// NTAPI
EXTERN_C
NTSTATUS
NTAPI
ZwQuerySystemInformation(
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG Length,
OUT PULONG ReturnLength);
/////////////////////////////////////////////////////////////////////////////
// FUNCTION
NTSTATUS
EnumPoolTagTable(OUT PSYSTEM_POOLTAG_INFORMATION *Buffer)
{
NTSTATUS lStatus;
PVOID pBuffer;
ULONG uBufferSize;
ULONG uAttempts;
uBufferSize = 0x100;
pBuffer = ExAllocatePoolWithTag(NonPagedPoolNx, uBufferSize, 'haha');
if (!pBuffer)
{
return STATUS_MEMORY_NOT_ALLOCATED;
}
lStatus = ZwQuerySystemInformation(SystemPoolTagInformation, pBuffer, uBufferSize, &uBufferSize);
uAttempts = 0;
while (lStatus == STATUS_INFO_LENGTH_MISMATCH && uAttempts < 8)
{
if (pBuffer)
{
ExFreePoolWithTag(pBuffer, 'haha');
}
pBuffer = ExAllocatePoolWithTag(NonPagedPoolNx, uBufferSize, 'haha');
lStatus = ZwQuerySystemInformation(SystemPoolTagInformation, pBuffer, uBufferSize, &uBufferSize);
uAttempts++;
}
if (NT_SUCCESS(lStatus))
{
*Buffer = (PSYSTEM_POOLTAG_INFORMATION)pBuffer;
}
else
{
if (pBuffer)
{
ExFreePoolWithTag(pBuffer, 'haha');
}
}
return lStatus;
}