Re: CreateRemoteThread and related stuff (patch)

[Robert Shearman]

Alexander Yaworsky wrote:
Hello
This is a basic framework. Not finished, not really tested -- just stable point. It does no harm for applications I'm using. I would
be glad to get some comments and suggestions.
 

Looks good so far, apart from a few comments below.
@@ -168,16 +137,68 @@
 *   Success: Handle to the new thread.
 *   Failure: NULL. Use GetLastError() to find the error cause.
 *
- * BUGS
- *   Unimplemented
 */
HANDLE WINAPI CreateRemoteThread( HANDLE hProcess, SECURITY_ATTRIBUTES *sa, SIZE_T stack,
                                  LPTHREAD_START_ROUTINE start, LPVOID param,
                                  DWORD flags, LPDWORD id )
{
-    FIXME("(): stub, Write Me.\n");
+    extern BOOL __wine_is_current_process( HANDLE hProcess );
+
+    HANDLE handle;
+    CLIENT_ID client_id;
+    NTSTATUS status;
+    SIZE_T stack_reserve = 0, stack_commit = 0;
+    struct new_thread_info *info;
+    PRTL_THREAD_START_ROUTINE start_addr;
+
+    if (!(info = VirtualAllocEx( hProcess, NULL, sizeof(*info),
+                                 MEM_COMMIT, PAGE_READWRITE )))
+        return 0;
+
+    if( __wine_is_current_process( hProcess ) )
 

There is no need to export __wine_is_current_process from ntdll and use 
it here when standard win32 apis will suffice.

+    {
+        info->func = start;
+        info->arg  = param;
+        start_addr = (void*) THREAD_Start;
+    }
+    else
+    {
+        struct new_thread_info local_info;
+        DWORD written;
+
+        local_info.func = start;
+        local_info.arg = param;
+        if( ! WriteProcessMemory( hProcess, &info, &local_info,
This looks wrong. &info? Don't you mean just info?
/***********************************************************************
+ *           remote_op
+ *
+ */
+NTSTATUS remote_op( HANDLE process, int type,
+                    void* params, int params_size, void* result, int* result_size )
+{
+    HANDLE event;
+    NTSTATUS status, remote_status;
+
+    /* send params */
+    SERVER_START_REQ( remote_operation )
+    {
+        req->handle = process;
+        req->type   = type;
+        if (params) wine_server_add_data( req, params, params_size );
+        if (!(status = wine_server_call( req )))
+            event = reply->event;
+    }
+    SERVER_END_REQ;
+    if (status)
+        return status;
+
+    /* wait for completion */
+    status = NtWaitForMultipleObjects( 1, &event, FALSE, FALSE, NULL );
+    NtClose( event );
+    if (HIWORD(status))
+        return status;
+
+    /* get result */
+    remote_status = 0; /* make compiler happy */
+    SERVER_START_REQ( remote_operation_result )
+    {
+        wine_server_set_reply( req, result, *result_size );
+        if (!(status = wine_server_call( req )))
+        {
+            remote_status = reply->status;
+            if (result)
+                *result_size = wine_server_reply_size( reply );
+        }
+    }
+    SERVER_END_REQ;
+
+    return status? status : remote_status;
+}
 

I don't really like the idea of a multiplexer like this, but I guess 
otherwise we would end up with duplicated code.

+
+/* return address of internal thread start function in kernel32 */
+DECL_HANDLER(get_kernel_thread_start)
+{
+    struct process *process;
+
+    /* because this is used for CreateRemoteThread,
+       required access rights must be the same
+     */
+    if ((process = get_process_from_handle( req->handle,
+                                            PROCESS_CREATE_THREAD
+                                            | PROCESS_QUERY_INFORMATION
+                                            | PROCESS_VM_OPERATION
+                                            | PROCESS_VM_READ | PROCESS_VM_WRITE )))
 

I would argue that it is perfectly alright for the access rights to be 
just PROCESS_QUERY_INFORMATION here.

+    {
+        reply->address = process->kernel_thread_start;
+        release_object( process );
+    }
+}
+
+/* Accept parameters for remote operation and start it */
+DECL_HANDLER(remote_operation)
+{
+    int access;
+    struct process *process;
+    struct event *event;
+
+    /* define required access rights */
+    switch( req->type )
+    {
+        case REMOTE_OP_NEW_THREAD:
+            access = PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION
+                     | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE;
+            break;
+        case REMOTE_OP_VM_ALLOC:   access = PROCESS_VM_OPERATION; break;
+        case REMOTE_OP_VM_FREE:    access = PROCESS_VM_OPERATION; break;
+        case REMOTE_OP_VM_PROTECT: access = PROCESS_VM_OPERATION; break;
+        case REMOTE_OP_VM_QUERY:   access = PROCESS_QUERY_INFORMATION; break;
+        case REMOTE_OP_VM_MAP:     access = PROCESS_VM_OPERATION; break;
+        case REMOTE_OP_VM_UNMAP:   access = PROCESS_VM_OPERATION; break;
+        case REMOTE_OP_VM_FLUSH:   access = PROCESS_VM_OPERATION; break; /* FIXME: is access right? */
+        default:
+            set_error( STATUS_INVALID_PARAMETER );
+            return;
+    }
+
+    /* get process object */
+    if (!(process = get_process_from_handle( req->handle, access ))) return;
+
+    /* dispose result data buffer if allocated */
+    if (current->result_data)
+    {
+        free( current->result_data );
+        current->result_data = NULL;
+    }
+
+    /* create event object */
+    reply->event = NULL;
+    if (current->result_event)
+    {
+        release_object( current->result_event );
+        current->result_event = NULL;
+    }
+    if (!(event = create_event( NULL, 0, 1, 0 )))
+        goto error;
+
+    if (!(reply->event = alloc_handle( current->process, event, EVENT_ALL_ACCESS, FALSE )))
+        goto error;
+
+    /* FIXME: pass somehow operation type, params and originator thread id
+       for some thread in the process and force execution of operation */
+    set_error( STATUS_NOT_IMPLEMENTED );
+
+    /* save event object in thread structure for future set operation;
+       we do not release it here */
+    current->result_event = event;
+    release_object( process );
+    return;
+
+error:
+    if (reply->event) close_handle( current->process, reply->event, NULL );
+    if (event) release_object( event );
+    release_object( process );
+}
 

Is it really necessary to perform the action required for remote 
invocation of some operation asynchronously? It seems to add a lot of 
unneeded complexity.

+/* save result of remote operation and wakeup originator */
+DECL_HANDLER(remote_operation_complete)
+{
+    struct thread *thread = get_thread_from_id( req->originator );
+
+    if (!thread) return;
+
+    /* save status */
+    thread->remote_status = req->status;
+
+    /* allocate buffer for result data, if required */
+    if (thread->result_data)
+    {
+        free( thread->result_data );
+        thread->result_data = NULL;
+    }
+    if ((thread->result_size = get_req_data_size()))
+    {
+        if ((thread->result_data = mem_alloc( thread->result_size )))
+            memcpy( thread->result_data, get_req_data(), thread->result_size );
+        else
+            thread->remote_status = get_error();
+    }
+
+    /* set event */
+    if (thread->result_event)
+    {
+        set_event( thread->result_event );
+        release_object( thread->result_event );
+        thread->result_event = NULL;
+    }
+    release_object( thread );
+}
+
+/* return status and result data from remote opertaion */
+DECL_HANDLER(remote_operation_result)
+{
+    reply->status = current->remote_status;
+
+    if (current->result_data)
+    {
+        void *result = current->result_data;
+        current->result_data = NULL;
+        set_reply_data_ptr( result, current->result_size );
    }
}
 

Rob