Skip to content

Commit b409e6d

Browse files
bb107bb107
committed
MmpTls
1 parent 54cacf2 commit b409e6d

File tree

1 file changed

+39
-6
lines changed

1 file changed

+39
-6
lines changed

MemoryModule/MmpTls.cpp

Lines changed: 39 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -109,11 +109,33 @@ DWORD NTAPI MmpGetThreadCount() {
109109

110110
PMMP_TLSP_RECORD MmpFindTlspRecordLockHeld() {
111111
PLIST_ENTRY entry = MmpGlobalDataPtr->MmpTls->MmpThreadLocalStoragePointer.Flink;
112+
PTEB teb = NtCurrentTeb();
113+
112114
while (entry != &MmpGlobalDataPtr->MmpTls->MmpThreadLocalStoragePointer) {
113115

114116
auto p = CONTAINING_RECORD(entry, MMP_TLSP_RECORD, InMmpThreadLocalStoragePointer);
115-
if (p->UniqueThread == NtCurrentThreadId()) {
116-
assert(p->TlspMmpBlock == NtCurrentTeb()->ThreadLocalStoragePointer);
117+
118+
if (p->UniqueThread == NtCurrentProcess() && p->TlspLdrBlock == teb->ThreadLocalStoragePointer) {
119+
PVOID cookie;
120+
LdrLockLoaderLock(LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, nullptr, &cookie);
121+
122+
auto size = CONTAINING_RECORD(p->TlspLdrBlock, TLS_VECTOR, ModuleTlsData)->Length;
123+
if ((HANDLE)(ULONG_PTR)size != NtCurrentThreadId()) {
124+
RtlCopyMemory(
125+
p->TlspMmpBlock,
126+
p->TlspLdrBlock,
127+
size * sizeof(PVOID)
128+
);
129+
}
130+
131+
teb->ThreadLocalStoragePointer = p->TlspMmpBlock;
132+
p->UniqueThread = NtCurrentThreadId();
133+
134+
LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, cookie);
135+
return p;
136+
}
137+
else if (p->UniqueThread == NtCurrentThreadId()) {
138+
assert(p->TlspMmpBlock == teb->ThreadLocalStoragePointer);
117139
return p;
118140
}
119141

@@ -520,11 +542,22 @@ NTSTATUS NTAPI HookNtSetInformationProcess(
520542
entry = entry->Flink;
521543
}
522544

523-
//assert(found);
524-
if (found) {
525-
ProcessTlsInformation->ThreadData[i].Flags = Tls->ThreadData[i].Flags;
526-
ProcessTlsInformation->ThreadData[i].ThreadId = Tls->ThreadData[i].ThreadId;
545+
ProcessTlsInformation->ThreadData[i].Flags = Tls->ThreadData[i].Flags;
546+
ProcessTlsInformation->ThreadData[i].ThreadId = Tls->ThreadData[i].ThreadId;
547+
548+
if (!found && Tls->ThreadData[i].Flags == 2) {
549+
auto const& LdrTls = Tls->ThreadData[i];
550+
auto record = PMMP_TLSP_RECORD(RtlAllocateHeap(RtlProcessHeap(), 0, sizeof(MMP_TLSP_RECORD)));
551+
assert(record);
552+
553+
record->TlspLdrBlock = LdrTls.TlsVector;
554+
record->TlspMmpBlock = (PVOID*)MmpAllocateTlsp();
555+
record->UniqueThread = NtCurrentProcess();
556+
557+
assert(record->TlspMmpBlock);
558+
InsertTailList(&MmpGlobalDataPtr->MmpTls->MmpThreadLocalStoragePointer, &record->InMmpThreadLocalStoragePointer);
527559
}
560+
528561
}
529562
LeaveCriticalSection(&MmpGlobalDataPtr->MmpTls->MmpTlspLock);
530563

0 commit comments

Comments
 (0)