Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #ifdef linux
- #include <stdio.h>
- #include <unistd.h>
- #include <linux/unistd.h>
- int main() {
- int pidSyscall = (int) syscall(__NR_gettid);
- int pidUsermode = (int) getpid();
- printf("linux");
- // check for invalid return value
- if (0 > pidSyscall) {
- perror("syscall(__NR_gettid)");
- fprintf(stderr, "%d\n", pidSyscall);
- return 1;
- }
- // check for invalid return value
- // (even if getpid() should not be able to produce an error because it is always succesfull, we are just too careful :P)
- if (0 > pidUsermode) {
- perror("getpid()");
- fprintf(stderr, "%d\n", pidUsermode);
- return 1;
- }
- printf("syscall: %d\nusermode-API: %d\n", pidSyscall, pidUsermode);
- return 0;
- }
- /* EndIf linux */
- #elif _WIN32
- #include <windows.h>
- #include <winternl.h>
- #include <stdio.h>
- #include <process.h>
- __declspec(noinline)
- __declspec(naked)
- NTSTATUS CallNtQueryInformationProcess(
- HANDLE ProcessHandle,
- PROCESSINFOCLASS ProcessInformationClass,
- PVOID ProcessInformation,
- ULONG ProcessInformationLength,
- PULONG ReturnLength)
- {
- __asm {
- mov eax, 0x000000a1 // OS: Windows Server 2003 SP1 x86
- mov edx, 0x7FFE0300 /* KUSER_SHARED_DATA syscall stub */
- call dword ptr [edx] /* call the stub code */
- ret
- }
- }
- int printError(const char *msg, DWORD err) {
- LPSTR lpMsgBuf;
- if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|
- FORMAT_MESSAGE_FROM_SYSTEM |
- FORMAT_MESSAGE_IGNORE_INSERTS,
- NULL,
- err, // Usually you put in GetLastError() directly here, we just use the parameter err (more flexible in case you would want to get the error from somewhere else)
- MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
- (LPTSTR) &lpMsgBuf,
- 0,
- NULL ))
- {
- fprintf(stderr,"%s : %s\n",msg,lpMsgBuf);
- LocalFree(lpMsgBuf);
- }
- else { // just in case FormatMessage fails with an error
- fprintf(stderr,"Error at FormatMessage: %d\n", err=GetLastError());
- }
- return err;
- }
- int main(int argc, char *argv[])
- {
- NTSTATUS status;
- unsigned long pidSyscall = 0;
- unsigned long pidUsermode = 0;
- PROCESS_BASIC_INFORMATION outInfo;
- PULONG outLength;
- //GetCurrentProcess() returns a pseudo-handle, which is valid only in the context of the process who creates it
- //It's interpreted as the current process handle
- //Using DuplicateHandle creates a "real" handle of the current process (which is valid in context of other processes)
- HANDLE inHandle;
- status = DuplicateHandle(GetCurrentProcess(),
- GetCurrentProcess(),
- GetCurrentProcess(),
- &inHandle,
- 0,
- FALSE,
- DUPLICATE_SAME_ACCESS);
- printf("windows");
- /* Error handling */
- if(!status) {
- return printError("DuplicateHandle", GetLastError());
- } /* EndOf Error Handling */
- status = CallNtQueryInformationProcess(inHandle,
- 0,
- &outInfo,
- sizeof(outInfo),
- outLength);
- /* Error handling */
- if(status != 0) {
- return printError("CallNtQueryInformationProcess", GetLastError());
- } /* EndOf Error Handling */
- pidSyscall = outInfo.UniqueProcessId;
- pidUsermode = GetCurrentProcessId(); //User-mode function
- //pidUsermode = _getpid(); //also works, but also just calls GetCurrentProcessId()
- printf("syscall: %lu\n usermode-API: %lu\n", pidSyscall, pidUsermode);
- return 0;
- }
- #endif /* _WIN32 */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement