diff --git a/checkin_notes b/checkin_notes index 006b5f6686..a163835591 100755 --- a/checkin_notes +++ b/checkin_notes @@ -11990,3 +11990,15 @@ David 1 Nov 2006 client/ acct_mgr.C + +Rom 1 Nov 2006 + - CC: Somebody kernel side is fooling around with return values from + NtQuerySystemInformation, this caused us to get stuck in a loop. + + Cache the buffer size and restore it if the API zeros it out. That + way we'll be able to double it correctly before the next call. + - CC: Set the initial buffer size for NtQuerySystemInformation to + 128k from the original 32k. + + lib/ + procinfo_win.C diff --git a/lib/procinfo_win.C b/lib/procinfo_win.C index 0cee0ed590..5b9e0213aa 100644 --- a/lib/procinfo_win.C +++ b/lib/procinfo_win.C @@ -15,13 +15,15 @@ typedef NTSTATUS (WINAPI *tNTQSI)( static int get_process_information(PVOID* ppBuffer, PULONG pcbBuffer) { NTSTATUS Status = STATUS_INFO_LENGTH_MISMATCH; HANDLE hHeap = GetProcessHeap(); - HMODULE hNTDllLib = NULL; - tNTQSI pNTQSI = NULL; - - hNTDllLib = GetModuleHandle("ntdll.dll"); - pNTQSI = (tNTQSI)GetProcAddress(hNTDllLib, "NtQuerySystemInformation"); + HMODULE hNTDllLib = GetModuleHandle("ntdll.dll"); + tNTQSI pNTQSI = (tNTQSI)GetProcAddress(hNTDllLib, "NtQuerySystemInformation"); + ULONG cbBuffer = 0; while (1) { + // Store the buffer size since it appears that somebody is monkeying around + // with the return values on some systems. + cbBuffer = *pcbBuffer; + *ppBuffer = HeapAlloc(hHeap, HEAP_ZERO_MEMORY, *pcbBuffer); if (ppBuffer == NULL) { return ERR_MALLOC; @@ -34,6 +36,12 @@ static int get_process_information(PVOID* ppBuffer, PULONG pcbBuffer) { pcbBuffer ); + if (*pcbBuffer < cbBuffer) { + // Somebody is trying to screw us up, so set the value back to the cached + // size so we can do something smart like increase the buffer size. + *pcbBuffer = cbBuffer; + } + if (Status == STATUS_INFO_LENGTH_MISMATCH) { HeapFree(hHeap, NULL, *ppBuffer); *pcbBuffer *= 2; @@ -51,7 +59,7 @@ static int get_process_information(PVOID* ppBuffer, PULONG pcbBuffer) { // because the NT process structure differs only at the end // int get_procinfo_XP(vector& pi) { - ULONG cbBuffer = 32*1024; // 32k initial buffer + ULONG cbBuffer = 128*1024; // 128k initial buffer PVOID pBuffer = NULL; PSYSTEM_PROCESSES pProcesses = NULL;