extern "C"
{

#include "debug.h"
#include "undocnt.h"

int compat_init_offsets(void);
ULONG compat_offset_find_eprocess_pid(void);
ULONG compat_get_pid_from_process_handle(HANDLE proc);
ULONG compat_get_pid_from_eprocess(PEPROCESS eproc);
} //extern "C"

ULONG offset_eprocess_pid=0xFFFFFFFF;
int offsets_initialized=FALSE;


/*
 finds offset of UniqueProcessId in EPROCESS
 at first we need 3 pids of running processes with higher pid (pid>16)
 then we go through their EPROCESS structures looking for their pids
 when all 3 process have the value of their pid on the same offset 
 we can be sure about the offset in EPROCESS structure
*/

ULONG compat_offset_find_eprocess_pid(void)
{
  DbgMsg("compat.cpp: compat_offset_find_eprocess_pid()");
  ULONG pid_ofs=0xFFFFFFFF;

  //find 3 process pids and get their EPROCESS 
  int idx=0;
  ULONG pids[3];
  PEPROCESS eprocs[3];
  for (int i=16;idx<3;i+=4)
  {
    if (NT_SUCCESS(PsLookupProcessByProcessId((PVOID)i,&eprocs[idx])))
    {
      pids[idx]=i;
      idx++;
    }
  }

  DbgMsg("compat.cpp: 0) pid = %d; eproc=0x%.8X",pids[0],eprocs[0]);
  DbgMsg("compat.cpp: 1) pid = %d; eproc=0x%.8X",pids[1],eprocs[1]);
  DbgMsg("compat.cpp: 2) pid = %d; eproc=0x%.8X",pids[2],eprocs[2]);

  /*
   now go through EPROCESS structure and look for the pid
   we can start at 0x20 because UniqueProcessId should 
   not be in first 0x20 bytes, 
   also we should stop after 0x200 bytes with no success
   but this should never occur on the system with unpatched EPROCESS pids
  */

  for (int i=0x20;i<0x200;i+=4)
  {
    if ((*(ULONG *)((UCHAR *)eprocs[0]+i)==pids[0]) 
     && (*(ULONG *)((UCHAR *)eprocs[1]+i)==pids[1]) 
     && (*(ULONG *)((UCHAR *)eprocs[2]+i)==pids[2]))
    {
      pid_ofs=i;
      break;
    } 
  }

  ObDereferenceObject(eprocs[0]);
  ObDereferenceObject(eprocs[1]);
  ObDereferenceObject(eprocs[2]);

  DbgMsg("compat.cpp: compat_offset_find_eprocess_pid(-):0x%.8X",pid_ofs);
  return pid_ofs;
}


/*
 initializes offsets for items in undocumented or variable structures for 
 the current system
*/

int compat_init_offsets(void)
{
  DbgMsg("compat.cpp: compat_init_offsets()");

  offset_eprocess_pid=compat_offset_find_eprocess_pid();

  offsets_initialized=offset_eprocess_pid<0x200;

  DbgMsg("compat.cpp: compat_init_offsets(-):%d",offsets_initialized);
  return offsets_initialized;
}


/*
 returns process id from EPROCESS structure
*/

ULONG compat_get_pid_from_eprocess(PEPROCESS eproc)
{
  DbgMsg("compat.cpp: compat_get_pid_from_eprocess(eproc:0x%.8X)",eproc);

  if (!offsets_initialized || !eproc) return 0xFFFFFFFF;
  ULONG pid=*(ULONG *)((UCHAR *)eproc+offset_eprocess_pid);

  DbgMsg("compat.cpp: compat_get_pid_from_eprocess(-):%d)",pid);
  return pid;
}


/*
 returns process id from process handle
*/

ULONG compat_get_pid_from_process_handle(HANDLE proc)
{
  DbgMsg("compat.cpp: compat_get_pid_from_process_handle(proc:0x%.8X)",proc);
  if (!offsets_initialized) return 0xFFFFFFFF;

  PVOID obj;
  NTSTATUS status=ObReferenceObjectByHandle(proc,0,0,KernelMode,&obj,NULL);
  if (NT_SUCCESS(status))
  {
    ULONG pid=compat_get_pid_from_eprocess((PEPROCESS)obj);
    ObDereferenceObject(obj);

    DbgMsg("compat.cpp: compat_get_pid_from_process_handle(-)",pid);
    return pid;
  } else DbgMsg("compat.cpp: compat_get_pid_from_process_handle error: ObReferenceObjectByHandle failed with status 0x%.8X",status);

  DbgMsg("compat.cpp: compat_get_pid_from_process_handle(-):0xFFFFFFFF");
  return 0xFFFFFFFF;
}