Windows api does not have any guarantee that ntstatus will remain unc…

…hanged after a successful call, neither it have any guarantee of its value in this case. Though it is working most of the time, correct way is to check call return value.
muse117 · Jun 5, 2020 · 273a44c · 273a44c
1 parent 99b9d97
commit 273a44c
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 47 deletions.
diff --git a/src/BlackBone/Process/Threads/Thread.cpp b/src/BlackBone/Process/Threads/Thread.cpp
@@ -185,9 +185,8 @@ NTSTATUS Thread::SetContext( _CONTEXT64& ctx, bool dontSuspend /*= false*/ )
 /// <returns>Status code</returns>
 NTSTATUS Thread::Terminate( DWORD code /*= 0*/ )
 {
-    SetLastNtStatus( STATUS_SUCCESS );
-    TerminateThread( _handle, code );
-    return LastNtStatus();
+    auto r = TerminateThread(_handle, code);
+    return r != 0 ? STATUS_SUCCESS : LastNtStatus();
 }
 
 /// <summary>

diff --git a/src/BlackBone/Subsystem/NativeSubsystem.cpp b/src/BlackBone/Subsystem/NativeSubsystem.cpp
@@ -67,9 +67,8 @@ Native::~Native()
 /// <returns>Status code</returns>
 NTSTATUS Native::VirtualAllocExT( ptr_t& lpAddress, size_t dwSize, DWORD flAllocationType, DWORD flProtect )
 {
-    SetLastNtStatus( STATUS_SUCCESS );
     lpAddress = reinterpret_cast<ptr_t>(VirtualAllocEx( _hProcess, reinterpret_cast<LPVOID>(lpAddress), dwSize, flAllocationType, flProtect ));
-    return LastNtStatus();
+    return lpAddress != 0 ? STATUS_SUCCESS : LastNtStatus();
 }
 
 
@@ -82,9 +81,8 @@ NTSTATUS Native::VirtualAllocExT( ptr_t& lpAddress, size_t dwSize, DWORD flAlloc
 /// <returns>Status code</returns>
 NTSTATUS Native::VirtualFreeExT( ptr_t lpAddress, size_t dwSize, DWORD dwFreeType )
 {
-    SetLastNtStatus( STATUS_SUCCESS );
-    VirtualFreeEx( _hProcess, reinterpret_cast<LPVOID>(lpAddress), dwSize, dwFreeType );
-    return LastNtStatus();
+    auto r = VirtualFreeEx( _hProcess, reinterpret_cast<LPVOID>(lpAddress), dwSize, dwFreeType );
+    return r != 0 ? STATUS_SUCCESS : LastNtStatus();
 }
 
 /// <summary>
@@ -95,14 +93,13 @@ NTSTATUS Native::VirtualFreeExT( ptr_t lpAddress, size_t dwSize, DWORD dwFreeTyp
 /// <returns>Status code</returns>
 NTSTATUS Native::VirtualQueryExT( ptr_t lpAddress, PMEMORY_BASIC_INFORMATION64 lpBuffer )
 {
-    SetLastNtStatus( STATUS_SUCCESS );
-    VirtualQueryEx(
+    auto r = VirtualQueryEx(
         _hProcess, reinterpret_cast<LPCVOID>(lpAddress),
         reinterpret_cast<PMEMORY_BASIC_INFORMATION>(lpBuffer),
         sizeof( MEMORY_BASIC_INFORMATION )
         );
 
-    return LastNtStatus();
+    return r != 0 ? STATUS_SUCCESS : LastNtStatus();
 }
 
 /// <summary>
@@ -115,7 +112,6 @@ NTSTATUS Native::VirtualQueryExT( ptr_t lpAddress, MEMORY_INFORMATION_CLASS info
 {
     SIZE_T retLen = 0;
 
-    SetLastNtStatus( STATUS_SUCCESS );   
     return SAFE_NATIVE_CALL(
         NtQueryVirtualMemory, _hProcess, reinterpret_cast<LPVOID>(lpAddress),
         infoClass, lpBuffer, bufSize, &retLen
@@ -136,10 +132,9 @@ NTSTATUS Native::VirtualProtectExT( ptr_t lpAddress, DWORD64 dwSize, DWORD flPro
     if (!flOld)
         flOld = &junk;
 
-    SetLastNtStatus( STATUS_SUCCESS );
-    VirtualProtectEx( _hProcess, reinterpret_cast<LPVOID>(lpAddress), static_cast<SIZE_T>(dwSize), flProtect, flOld );
+    auto r = VirtualProtectEx( _hProcess, reinterpret_cast<LPVOID>(lpAddress), static_cast<SIZE_T>(dwSize), flProtect, flOld );
 
-    return LastNtStatus();
+    return r != 0 ? STATUS_SUCCESS : LastNtStatus();
 }
 
 /// <summary>
@@ -152,9 +147,8 @@ NTSTATUS Native::VirtualProtectExT( ptr_t lpAddress, DWORD64 dwSize, DWORD flPro
 /// <returns>Status code</returns>
 NTSTATUS Native::ReadProcessMemoryT( ptr_t lpBaseAddress, LPVOID lpBuffer, size_t nSize, DWORD64 *lpBytes /*= nullptr */ )
 {
-    SetLastNtStatus( STATUS_SUCCESS );
-    ReadProcessMemory( _hProcess, reinterpret_cast<LPVOID>(lpBaseAddress), lpBuffer, nSize, reinterpret_cast<SIZE_T*>(lpBytes) );
-    return LastNtStatus();
+    auto r = ReadProcessMemory( _hProcess, reinterpret_cast<LPVOID>(lpBaseAddress), lpBuffer, nSize, reinterpret_cast<SIZE_T*>(lpBytes) );
+    return r != 0 ? STATUS_SUCCESS : LastNtStatus();
 }
 
 /// <summary>
@@ -167,9 +161,8 @@ NTSTATUS Native::ReadProcessMemoryT( ptr_t lpBaseAddress, LPVOID lpBuffer, size_
 /// <returns>Status code</returns>
 NTSTATUS Native::WriteProcessMemoryT( ptr_t lpBaseAddress, LPCVOID lpBuffer, size_t nSize, DWORD64 *lpBytes /*= nullptr */ )
 {
-    SetLastNtStatus( STATUS_SUCCESS );
-    WriteProcessMemory( _hProcess, reinterpret_cast<LPVOID>(lpBaseAddress), lpBuffer, nSize, reinterpret_cast<SIZE_T*>(lpBytes) );
-    return LastNtStatus();
+    auto r = WriteProcessMemory( _hProcess, reinterpret_cast<LPVOID>(lpBaseAddress), lpBuffer, nSize, reinterpret_cast<SIZE_T*>(lpBytes) );
+    return r != 0 ? STATUS_SUCCESS : LastNtStatus();
 }
 
 /// <summary>
@@ -208,7 +201,6 @@ NTSTATUS Native::SetProcessInfoT( PROCESSINFOCLASS infoClass, LPVOID lpBuffer, u
 /// <returns>Status code</returns>
 NTSTATUS Native::CreateRemoteThreadT( HANDLE& hThread, ptr_t entry, ptr_t arg, CreateThreadFlags flags, DWORD access /*= THREAD_ALL_ACCESS*/ )
 {
-    SetLastNtStatus( STATUS_SUCCESS );
     NTSTATUS status = 0; 
     auto pCreateThread = GET_IMPORT( NtCreateThreadEx );
 
@@ -236,7 +228,7 @@ NTSTATUS Native::CreateRemoteThreadT( HANDLE& hThread, ptr_t entry, ptr_t arg, C
             reinterpret_cast<LPVOID>(arg), win32Flags, NULL
             );
 
-        status = LastNtStatus();
+        status = hThread != NULL ? STATUS_SUCCESS : LastNtStatus();
     }
 
     return status;
@@ -250,9 +242,8 @@ NTSTATUS Native::CreateRemoteThreadT( HANDLE& hThread, ptr_t entry, ptr_t arg, C
 /// <returns>Status code</returns>
 NTSTATUS Native::GetThreadContextT( HANDLE hThread, _CONTEXT64& ctx )
 {
-    SetLastNtStatus( STATUS_SUCCESS );
-    GetThreadContext( hThread, reinterpret_cast<PCONTEXT>(&ctx) );
-    return LastNtStatus();
+    auto r = GetThreadContext(hThread, reinterpret_cast<PCONTEXT>(&ctx));
+    return r != 0 ? STATUS_SUCCESS : LastNtStatus();
 }
 
 /// <summary>
@@ -270,9 +261,8 @@ NTSTATUS Native::GetThreadContextT( HANDLE hThread, _CONTEXT32& ctx )
     }
     else
     {
-        SetLastNtStatus( STATUS_SUCCESS );
-        SAFE_CALL( Wow64GetThreadContext, hThread, reinterpret_cast<PWOW64_CONTEXT>(&ctx) );
-        return LastNtStatus();
+        auto r = SAFE_CALL(Wow64GetThreadContext, hThread, reinterpret_cast<PWOW64_CONTEXT>(&ctx));
+        return r != 0 ? STATUS_SUCCESS : LastNtStatus();
     }
 }
 
@@ -284,9 +274,8 @@ NTSTATUS Native::GetThreadContextT( HANDLE hThread, _CONTEXT32& ctx )
 /// <returns>Status code</returns>
 NTSTATUS Native::SetThreadContextT( HANDLE hThread, _CONTEXT64& ctx )
 {
-    SetLastNtStatus( STATUS_SUCCESS );
-    SetThreadContext( hThread, reinterpret_cast<PCONTEXT>(&ctx) );
-    return LastNtStatus();
+    auto r = SetThreadContext(hThread, reinterpret_cast<PCONTEXT>(&ctx));
+    return r != 0 ? STATUS_SUCCESS : LastNtStatus();
 }
 
 /// <summary>
@@ -304,9 +293,8 @@ NTSTATUS Native::SetThreadContextT( HANDLE hThread, _CONTEXT32& ctx )
     }
     else
     {
-        SetLastNtStatus( STATUS_SUCCESS );
-        SAFE_CALL( Wow64SetThreadContext, hThread, reinterpret_cast<PWOW64_CONTEXT>(&ctx));
-        return LastNtStatus();
+        auto r = SAFE_CALL(Wow64SetThreadContext, hThread, reinterpret_cast<PWOW64_CONTEXT>(&ctx));
+        return r != 0 ? STATUS_SUCCESS : LastNtStatus();
     }
 }
 

diff --git a/src/BlackBone/Subsystem/Wow64Subsystem.cpp b/src/BlackBone/Subsystem/Wow64Subsystem.cpp
@@ -2,6 +2,7 @@
 #include "../Misc/DynImport.h"
 #include "../Include/Macro.h"
 #include <3rd_party/rewolf-wow64ext/src/wow64ext.h>
+#include "../Misc/Trace.hpp"
 
 namespace blackbone
 {
@@ -214,9 +215,8 @@ NTSTATUS NativeWow64::GetThreadContextT( HANDLE hThread, _CONTEXT32& ctx )
     }
     else
     {
-        SetLastNtStatus( STATUS_SUCCESS );
-        GetThreadContext( hThread, reinterpret_cast<PCONTEXT>(&ctx) );
-        return LastNtStatus();
+        auto r = GetThreadContext(hThread, reinterpret_cast<PCONTEXT>(&ctx));
+        return r != 0 ? STATUS_SUCCESS : LastNtStatus();
     }
 }
 
@@ -251,9 +251,8 @@ NTSTATUS NativeWow64::SetThreadContextT( HANDLE hThread, _CONTEXT32& ctx )
     }
     else
     {
-        SetLastNtStatus( STATUS_SUCCESS );
-        SetThreadContext( hThread, reinterpret_cast<const CONTEXT*>(&ctx) );
-        return LastNtStatus();
+        auto r = SetThreadContext(hThread, reinterpret_cast<const CONTEXT*>(&ctx));
+        return r != 0 ? STATUS_SUCCESS : LastNtStatus();
     }
 }
 

diff --git a/src/BlackBone/Subsystem/x86Subsystem.cpp b/src/BlackBone/Subsystem/x86Subsystem.cpp
@@ -52,9 +52,8 @@ NTSTATUS x86Native::VirtualQueryExT( ptr_t lpAddress, PMEMORY_BASIC_INFORMATION6
 /// <returns>Status code</returns>
 NTSTATUS x86Native::GetThreadContextT( HANDLE hThread, _CONTEXT32& ctx )
 {
-    SetLastNtStatus( STATUS_SUCCESS );
-    GetThreadContext( hThread, reinterpret_cast<PCONTEXT>(&ctx) );
-    return LastNtStatus();
+    auto r = GetThreadContext(hThread, reinterpret_cast<PCONTEXT>(&ctx));
+    return r != 0 ? STATUS_SUCCESS : LastNtStatus();
 }
 
 /// <summary>
@@ -77,9 +76,8 @@ NTSTATUS x86Native::GetThreadContextT( HANDLE /*hThread*/, _CONTEXT64& /*ctx*/ )
 /// <returns>Status code</returns>
 NTSTATUS x86Native::SetThreadContextT( HANDLE hThread, _CONTEXT32& ctx )
 {
-    SetLastNtStatus( STATUS_SUCCESS );
-    SetThreadContext( hThread, reinterpret_cast<const CONTEXT*>(&ctx) );
-    return LastNtStatus();
+    auto r = SetThreadContext(hThread, reinterpret_cast<const CONTEXT*>(&ctx));
+    return r != 0 ? STATUS_SUCCESS : LastNtStatus();
 }
 
 /// <summary>