mirror of
https://github.com/ttttupup/wxhelper.git
synced 2024-11-22 02:09:24 +08:00
合并注入工具和解密工具
This commit is contained in:
parent
4a3ef64467
commit
c590a95425
@ -14,7 +14,7 @@ file(GLOB CPP_FILES ${PROJECT_SOURCE_DIR}/src/*.cc ${PROJECT_SOURCE_DIR}/src/*
|
||||
include_directories(${VCPKG_INSTALLED_DIR}/x86-windows/include)
|
||||
|
||||
# add_subdirectory(3rd)
|
||||
|
||||
add_subdirectory(source)
|
||||
|
||||
find_package(nlohmann_json CONFIG REQUIRED)
|
||||
find_package(unofficial-mongoose CONFIG REQUIRED)
|
||||
|
595
python/client.py
Normal file
595
python/client.py
Normal file
@ -0,0 +1,595 @@
|
||||
import requests
|
||||
import json
|
||||
|
||||
|
||||
def check_login():
|
||||
"""
|
||||
0.检查是否登录
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=0"
|
||||
payload = {}
|
||||
headers = {}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def user_info():
|
||||
"""
|
||||
登录用户信息
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=8"
|
||||
payload = {}
|
||||
headers = {}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def send_text():
|
||||
"""
|
||||
发送文本
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=2"
|
||||
payload = json.dumps({
|
||||
"wxid": "filehelper",
|
||||
"msg": "123"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def send_at():
|
||||
"""
|
||||
发送@消息
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=3"
|
||||
payload = json.dumps({
|
||||
"chatRoomId": "12333@chatroom",
|
||||
"wxids": "notify@all",
|
||||
"msg": "12333"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def send_img():
|
||||
"""
|
||||
发送图片
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=5"
|
||||
payload = json.dumps({
|
||||
"wxid": "filehelper",
|
||||
"imagePath": "C:/123.png"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def send_file():
|
||||
"""
|
||||
发送文件
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=6"
|
||||
payload = json.dumps({
|
||||
"wxid": "filehelper",
|
||||
"filePath": "C:/test.txt"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def hook_msg():
|
||||
"""
|
||||
hook 消息
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=9"
|
||||
payload = json.dumps({
|
||||
"port": "19099",
|
||||
"ip": "127.0.0.1"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def unhook_msg():
|
||||
"""
|
||||
取消消息hook
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=10"
|
||||
payload = {}
|
||||
headers = {}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def hook_img():
|
||||
"""
|
||||
hook 图片
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=11"
|
||||
payload = json.dumps({
|
||||
"imgDir": "C:\\img"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def unhook_img():
|
||||
"""
|
||||
取消hook 图片
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=12"
|
||||
payload = json.dumps({
|
||||
"imgDir": "C:\\img"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def hook_voice():
|
||||
"""
|
||||
hook 语音
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=56"
|
||||
payload = json.dumps({
|
||||
"msgId": 322456091115784000
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def unhook_voice():
|
||||
"""
|
||||
取消hook 语音
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=14"
|
||||
payload = {}
|
||||
headers = {}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def del_friend():
|
||||
"""
|
||||
删除好友
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=17"
|
||||
payload = json.dumps({
|
||||
"wxid": "wxid_1124423322"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def search_friend():
|
||||
"""
|
||||
网络搜素用户
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=19"
|
||||
payload = json.dumps({
|
||||
"keyword": "13812345678"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def add_friend():
|
||||
"""
|
||||
添加好友
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=20"
|
||||
payload = json.dumps({
|
||||
"wxid": "wxid_o11222334422"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def fetch_chat_room_members():
|
||||
"""
|
||||
群成员
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=25"
|
||||
payload = json.dumps({
|
||||
"chatRoomId": "2112222004@chatroom"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def get_member_nickname():
|
||||
"""
|
||||
群成员昵称
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=26"
|
||||
payload = json.dumps({
|
||||
"chatRoomId": "322333384@chatroom",
|
||||
"memberId": "wxid_4m1112222u22"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def del_member():
|
||||
"""
|
||||
删除群成员
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=27"
|
||||
payload = json.dumps({
|
||||
"chatRoomId": "31122263384@chatroom",
|
||||
"memberIds": "wxid_12223334422"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def add_member():
|
||||
"""
|
||||
增加群成员
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=28"
|
||||
payload = json.dumps({
|
||||
"chatRoomId": "1111163384@chatroom",
|
||||
"memberIds": "wxid_o12222222"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def modify_room_name():
|
||||
"""
|
||||
修改群昵称
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=31"
|
||||
payload = json.dumps({
|
||||
"chatRoomId": "222285428@chatroom",
|
||||
"wxid": "wxid_222222512",
|
||||
"nickName": "qqq"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def get_db_handlers():
|
||||
"""
|
||||
获取sqlite3的操作句柄
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=32"
|
||||
payload = {}
|
||||
headers = {}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def query_db_by_sql():
|
||||
"""
|
||||
查询数据库
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=34"
|
||||
payload = json.dumps({
|
||||
"dbHandle": 116201928,
|
||||
"sql": "select localId from MSG where MsgSvrID= 7533111101686156"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def hook_log():
|
||||
"""
|
||||
hook 日志
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=36"
|
||||
payload = {}
|
||||
headers = {}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def unhook_log():
|
||||
"""
|
||||
取消hook日志
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=37"
|
||||
payload = {}
|
||||
headers = {}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def forward():
|
||||
"""
|
||||
转发消息
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=40"
|
||||
payload = json.dumps({
|
||||
"wxid": "filehelper",
|
||||
"msgid": "705117679011122708"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def logout():
|
||||
"""
|
||||
退出登录
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=44"
|
||||
payload = {}
|
||||
headers = {}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def confirm_receipt():
|
||||
"""
|
||||
确认收款
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=45"
|
||||
payload = json.dumps({
|
||||
"wxid": "wxid_1111112622",
|
||||
"transcationId": "10000500012312222212243388865912",
|
||||
"transferId": "100005000120212222173123036"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def contact_list():
|
||||
"""
|
||||
好友列表
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=46"
|
||||
payload = {}
|
||||
headers = {}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def room_detail():
|
||||
"""
|
||||
群详情
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=47"
|
||||
payload = json.dumps({
|
||||
"chatRoomId": "199134446111@chatroom"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def ocr():
|
||||
"""
|
||||
ocr提取文字
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=49"
|
||||
payload = json.dumps({
|
||||
"imagePath": "C:\\WeChat Files\\b23e84997144dd12f21554b0.dat"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def pat():
|
||||
"""
|
||||
拍一拍
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=50"
|
||||
payload = json.dumps({
|
||||
"chatRoomId": "211111121004@chatroom",
|
||||
"wxid": "wxid_111111111422"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def top_msg():
|
||||
"""
|
||||
消息置顶
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=51"
|
||||
payload = json.dumps({
|
||||
"wxid": "wxid_o11114422",
|
||||
"msgid": 3728307145189195000
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def close_top_msg():
|
||||
"""
|
||||
取消置顶
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=52"
|
||||
payload = json.dumps({
|
||||
"chatRoomId": "213222231004@chatroom",
|
||||
"msgid": 3728307145189195000
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def sns_first():
|
||||
"""
|
||||
朋友圈首页
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=53"
|
||||
payload = {}
|
||||
headers = {}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def sns_next():
|
||||
"""
|
||||
朋友圈下一页
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=54"
|
||||
payload = json.dumps({
|
||||
"snsId": "14091988153735844377"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def query_nickname():
|
||||
"""
|
||||
查询联系人或群名称
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=55"
|
||||
|
||||
payload = json.dumps({
|
||||
"id": "wxid_1112p4422"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def download_msg_attach():
|
||||
"""
|
||||
下载消息附件
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=56"
|
||||
payload = json.dumps({
|
||||
"msgId": 6080100336053626000
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
def get_member_info():
|
||||
"""
|
||||
获取群/群成员信息
|
||||
:return:
|
||||
"""
|
||||
url = "127.0.0.1:19088/api/?type=57"
|
||||
payload = json.dumps({
|
||||
"wxid": "wxid_tx8k6tu21112"
|
||||
})
|
||||
headers = {
|
||||
'Content-Type': 'application/json'
|
||||
}
|
||||
response = requests.request("POST", url, headers=headers, data=payload)
|
||||
print(response.text)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
check_login()
|
||||
user_info()
|
||||
send_text()
|
51
python/decrypt.py
Normal file
51
python/decrypt.py
Normal file
@ -0,0 +1,51 @@
|
||||
import ctypes
|
||||
import hashlib
|
||||
import hmac
|
||||
|
||||
# pip install pycryptodome
|
||||
from Crypto.Cipher import AES
|
||||
|
||||
|
||||
def decrypt(password, input_file, out_file):
|
||||
password = bytes.fromhex(password.replace(' ', ''))
|
||||
with open(input_file, 'rb') as (f):
|
||||
blist = f.read()
|
||||
print(len(blist))
|
||||
salt = blist[:16]
|
||||
key = hashlib.pbkdf2_hmac('sha1', password, salt, DEFAULT_ITER, KEY_SIZE)
|
||||
first = blist[16:DEFAULT_PAGESIZE]
|
||||
mac_salt = bytes([x ^ 58 for x in salt])
|
||||
mac_key = hashlib.pbkdf2_hmac('sha1', key, mac_salt, 2, KEY_SIZE)
|
||||
hash_mac = hmac.new(mac_key, digestmod='sha1')
|
||||
hash_mac.update(first[:-32])
|
||||
hash_mac.update(bytes(ctypes.c_int(1)))
|
||||
if hash_mac.digest() == first[-32:-12]:
|
||||
print('decrypt success')
|
||||
else:
|
||||
print('password error')
|
||||
return
|
||||
blist = [blist[i:i + DEFAULT_PAGESIZE] for i in range(DEFAULT_PAGESIZE, len(blist), DEFAULT_PAGESIZE)]
|
||||
with open(out_file, 'wb') as (f):
|
||||
f.write(SQLITE_FILE_HEADER)
|
||||
t = AES.new(key, AES.MODE_CBC, first[-48:-32])
|
||||
f.write(t.decrypt(first[:-48]))
|
||||
f.write(first[-48:])
|
||||
for i in blist:
|
||||
t = AES.new(key, AES.MODE_CBC, i[-48:-32])
|
||||
f.write(t.decrypt(i[:-48]))
|
||||
f.write(i[-48:])
|
||||
|
||||
|
||||
def main():
|
||||
password = '565735E30E474DA09250CB5AA047E3940FFA1C6F767C4263B13ABB512933DA49'
|
||||
input_file = 'C:/var/Applet.db'
|
||||
out_file = 'c:/var/out/Applet.db'
|
||||
decrypt(password, input_file, out_file)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
SQLITE_FILE_HEADER = bytes('SQLite format 3', encoding='ASCII') + bytes(1)
|
||||
KEY_SIZE = 32
|
||||
DEFAULT_PAGESIZE = 4096
|
||||
DEFAULT_ITER = 64000
|
||||
main()
|
20
source/CMakeLists.txt
Normal file
20
source/CMakeLists.txt
Normal file
@ -0,0 +1,20 @@
|
||||
cmake_minimum_required(VERSION 3.0.0)
|
||||
project(ConsoleApplication VERSION 1.0.0)
|
||||
|
||||
|
||||
set(CMAKE_CXX_STANDARD 17)
|
||||
set(CMAKE_CXX_STANDARD_REQUIRED True)
|
||||
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /D '_UNICODE' /D 'UNICODE'")
|
||||
|
||||
file(GLOB INJECT_CPP_FILES ${PROJECT_SOURCE_DIR}/*.cc ${PROJECT_SOURCE_DIR}/*.cpp)
|
||||
|
||||
add_executable (ConsoleApplication ${INJECT_CPP_FILES})
|
||||
|
||||
SET_TARGET_PROPERTIES(ConsoleApplication PROPERTIES LINKER_LANGUAGE C
|
||||
ARCHIVE_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/bin
|
||||
LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/bin
|
||||
RUNTIME_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/bin
|
||||
OUTPUT_NAME "ConsoleApplication"
|
||||
PREFIX "")
|
||||
|
962
source/ConsoleApplication.cc
Normal file
962
source/ConsoleApplication.cc
Normal file
@ -0,0 +1,962 @@
|
||||
// ConsoleApplication.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。
|
||||
// https://github.com/yihleego/handle-tools
|
||||
|
||||
#include <iostream>
|
||||
#include <Windows.h>
|
||||
#include <tlhelp32.h>
|
||||
#include "getopt.h"
|
||||
#include <string>
|
||||
|
||||
#include "ntstatus.h"
|
||||
|
||||
|
||||
#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
|
||||
|
||||
bool endsWith(const std::string& str, const std::string suffix) {
|
||||
if (suffix.length() > str.length()) { return false; }
|
||||
return (str.rfind(suffix) == (str.length() - suffix.length()));
|
||||
}
|
||||
|
||||
typedef struct _UNICODE_STRING {
|
||||
USHORT Length;
|
||||
USHORT MaximumLength;
|
||||
PWSTR Buffer;
|
||||
} UNICODE_STRING, * PUNICODE_STRING;
|
||||
|
||||
typedef struct _SYSTEM_HANDLE {
|
||||
PVOID Object;
|
||||
HANDLE UniqueProcessId;
|
||||
HANDLE HandleValue;
|
||||
ULONG GrantedAccess;
|
||||
USHORT CreatorBackTraceIndex;
|
||||
USHORT ObjectTypeIndex;
|
||||
ULONG HandleAttributes;
|
||||
ULONG Reserved;
|
||||
} SYSTEM_HANDLE, * PSYSTEM_HANDLE;
|
||||
|
||||
typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
|
||||
ULONG_PTR HandleCount;
|
||||
ULONG_PTR Reserved;
|
||||
SYSTEM_HANDLE Handles[1];
|
||||
} SYSTEM_HANDLE_INFORMATION_EX, * PSYSTEM_HANDLE_INFORMATION_EX;
|
||||
|
||||
typedef struct _OBJECT_BASIC_INFORMATION {
|
||||
ULONG Attributes;
|
||||
ACCESS_MASK GrantedAccess;
|
||||
ULONG HandleCount;
|
||||
ULONG PointerCount;
|
||||
ULONG PagedPoolCharge;
|
||||
ULONG NonPagedPoolCharge;
|
||||
ULONG Reserved[3];
|
||||
ULONG NameInfoSize;
|
||||
ULONG TypeInfoSize;
|
||||
ULONG SecurityDescriptorSize;
|
||||
LARGE_INTEGER CreationTime;
|
||||
} OBJECT_BASIC_INFORMATION, * POBJECT_BASIC_INFORMATION;
|
||||
|
||||
typedef struct _OBJECT_NAME_INFORMATION {
|
||||
UNICODE_STRING Name;
|
||||
} OBJECT_NAME_INFORMATION, * POBJECT_NAME_INFORMATION;
|
||||
|
||||
typedef struct _OBJECT_TYPE_INFORMATION {
|
||||
UNICODE_STRING TypeName;
|
||||
ULONG Reserved[22]; // reserved for internal use
|
||||
} OBJECT_TYPE_INFORMATION, * POBJECT_TYPE_INFORMATION;
|
||||
|
||||
typedef enum _SYSTEM_INFORMATION_CLASS {
|
||||
SystemBasicInformation, // q: SYSTEM_BASIC_INFORMATION
|
||||
SystemProcessorInformation, // q: SYSTEM_PROCESSOR_INFORMATION
|
||||
SystemPerformanceInformation, // q: SYSTEM_PERFORMANCE_INFORMATION
|
||||
SystemTimeOfDayInformation, // q: SYSTEM_TIMEOFDAY_INFORMATION
|
||||
SystemPathInformation, // not implemented
|
||||
SystemProcessInformation, // q: SYSTEM_PROCESS_INFORMATION
|
||||
SystemCallCountInformation, // q: SYSTEM_CALL_COUNT_INFORMATION
|
||||
SystemDeviceInformation, // q: SYSTEM_DEVICE_INFORMATION
|
||||
SystemProcessorPerformanceInformation, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
|
||||
SystemFlagsInformation, // q: SYSTEM_FLAGS_INFORMATION
|
||||
SystemCallTimeInformation, // not implemented // SYSTEM_CALL_TIME_INFORMATION // 10
|
||||
SystemModuleInformation, // q: RTL_PROCESS_MODULES
|
||||
SystemLocksInformation, // q: RTL_PROCESS_LOCKS
|
||||
SystemStackTraceInformation, // q: RTL_PROCESS_BACKTRACES
|
||||
SystemPagedPoolInformation, // not implemented
|
||||
SystemNonPagedPoolInformation, // not implemented
|
||||
SystemHandleInformation, // q: SYSTEM_HANDLE_INFORMATION
|
||||
SystemObjectInformation, // q: SYSTEM_OBJECTTYPE_INFORMATION mixed with SYSTEM_OBJECT_INFORMATION
|
||||
SystemPageFileInformation, // q: SYSTEM_PAGEFILE_INFORMATION
|
||||
SystemVdmInstemulInformation, // q: SYSTEM_VDM_INSTEMUL_INFO
|
||||
SystemVdmBopInformation, // not implemented // 20
|
||||
SystemFileCacheInformation, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemCache)
|
||||
SystemPoolTagInformation, // q: SYSTEM_POOLTAG_INFORMATION
|
||||
SystemInterruptInformation, // q: SYSTEM_INTERRUPT_INFORMATION
|
||||
SystemDpcBehaviorInformation, // q: SYSTEM_DPC_BEHAVIOR_INFORMATION; s: SYSTEM_DPC_BEHAVIOR_INFORMATION (requires SeLoadDriverPrivilege)
|
||||
SystemFullMemoryInformation, // not implemented // SYSTEM_MEMORY_USAGE_INFORMATION
|
||||
SystemLoadGdiDriverInformation, // s (kernel-mode only)
|
||||
SystemUnloadGdiDriverInformation, // s (kernel-mode only)
|
||||
SystemTimeAdjustmentInformation, // q: SYSTEM_QUERY_TIME_ADJUST_INFORMATION; s: SYSTEM_SET_TIME_ADJUST_INFORMATION (requires SeSystemtimePrivilege)
|
||||
SystemSummaryMemoryInformation, // not implemented // SYSTEM_MEMORY_USAGE_INFORMATION
|
||||
SystemMirrorMemoryInformation, // s (requires license value "Kernel-MemoryMirroringSupported") (requires SeShutdownPrivilege) // 30
|
||||
SystemPerformanceTraceInformation, // q; s: (type depends on EVENT_TRACE_INFORMATION_CLASS)
|
||||
SystemObsolete0, // not implemented
|
||||
SystemExceptionInformation, // q: SYSTEM_EXCEPTION_INFORMATION
|
||||
SystemCrashDumpStateInformation, // s: SYSTEM_CRASH_DUMP_STATE_INFORMATION (requires SeDebugPrivilege)
|
||||
SystemKernelDebuggerInformation, // q: SYSTEM_KERNEL_DEBUGGER_INFORMATION
|
||||
SystemContextSwitchInformation, // q: SYSTEM_CONTEXT_SWITCH_INFORMATION
|
||||
SystemRegistryQuotaInformation, // q: SYSTEM_REGISTRY_QUOTA_INFORMATION; s (requires SeIncreaseQuotaPrivilege)
|
||||
SystemExtendServiceTableInformation, // s (requires SeLoadDriverPrivilege) // loads win32k only
|
||||
SystemPrioritySeperation, // s (requires SeTcbPrivilege)
|
||||
SystemVerifierAddDriverInformation, // s (requires SeDebugPrivilege) // 40
|
||||
SystemVerifierRemoveDriverInformation, // s (requires SeDebugPrivilege)
|
||||
SystemProcessorIdleInformation, // q: SYSTEM_PROCESSOR_IDLE_INFORMATION
|
||||
SystemLegacyDriverInformation, // q: SYSTEM_LEGACY_DRIVER_INFORMATION
|
||||
SystemCurrentTimeZoneInformation, // q; s: RTL_TIME_ZONE_INFORMATION
|
||||
SystemLookasideInformation, // q: SYSTEM_LOOKASIDE_INFORMATION
|
||||
SystemTimeSlipNotification, // s: HANDLE (NtCreateEvent) (requires SeSystemtimePrivilege)
|
||||
SystemSessionCreate, // not implemented
|
||||
SystemSessionDetach, // not implemented
|
||||
SystemSessionInformation, // not implemented (SYSTEM_SESSION_INFORMATION)
|
||||
SystemRangeStartInformation, // q: SYSTEM_RANGE_START_INFORMATION // 50
|
||||
SystemVerifierInformation, // q: SYSTEM_VERIFIER_INFORMATION; s (requires SeDebugPrivilege)
|
||||
SystemVerifierThunkExtend, // s (kernel-mode only)
|
||||
SystemSessionProcessInformation, // q: SYSTEM_SESSION_PROCESS_INFORMATION
|
||||
SystemLoadGdiDriverInSystemSpace, // s: SYSTEM_GDI_DRIVER_INFORMATION (kernel-mode only) (same as SystemLoadGdiDriverInformation)
|
||||
SystemNumaProcessorMap, // q: SYSTEM_NUMA_INFORMATION
|
||||
SystemPrefetcherInformation, // q; s: PREFETCHER_INFORMATION // PfSnQueryPrefetcherInformation
|
||||
SystemExtendedProcessInformation, // q: SYSTEM_PROCESS_INFORMATION
|
||||
SystemRecommendedSharedDataAlignment, // q: ULONG // KeGetRecommendedSharedDataAlignment
|
||||
SystemComPlusPackage, // q; s: ULONG
|
||||
SystemNumaAvailableMemory, // q: SYSTEM_NUMA_INFORMATION // 60
|
||||
SystemProcessorPowerInformation, // q: SYSTEM_PROCESSOR_POWER_INFORMATION
|
||||
SystemEmulationBasicInformation, // q: SYSTEM_BASIC_INFORMATION
|
||||
SystemEmulationProcessorInformation, // q: SYSTEM_PROCESSOR_INFORMATION
|
||||
SystemExtendedHandleInformation, // q: SYSTEM_HANDLE_INFORMATION_EX
|
||||
SystemLostDelayedWriteInformation, // q: ULONG
|
||||
SystemBigPoolInformation, // q: SYSTEM_BIGPOOL_INFORMATION
|
||||
SystemSessionPoolTagInformation, // q: SYSTEM_SESSION_POOLTAG_INFORMATION
|
||||
SystemSessionMappedViewInformation, // q: SYSTEM_SESSION_MAPPED_VIEW_INFORMATION
|
||||
SystemHotpatchInformation, // q; s: SYSTEM_HOTPATCH_CODE_INFORMATION
|
||||
SystemObjectSecurityMode, // q: ULONG // 70
|
||||
SystemWatchdogTimerHandler, // s: SYSTEM_WATCHDOG_HANDLER_INFORMATION // (kernel-mode only)
|
||||
SystemWatchdogTimerInformation, // q: SYSTEM_WATCHDOG_TIMER_INFORMATION // (kernel-mode only)
|
||||
SystemLogicalProcessorInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION
|
||||
SystemWow64SharedInformationObsolete, // not implemented
|
||||
SystemRegisterFirmwareTableInformationHandler, // s: SYSTEM_FIRMWARE_TABLE_HANDLER // (kernel-mode only)
|
||||
SystemFirmwareTableInformation, // SYSTEM_FIRMWARE_TABLE_INFORMATION
|
||||
SystemModuleInformationEx, // q: RTL_PROCESS_MODULE_INFORMATION_EX
|
||||
SystemVerifierTriageInformation, // not implemented
|
||||
SystemSuperfetchInformation, // q; s: SUPERFETCH_INFORMATION // PfQuerySuperfetchInformation
|
||||
SystemMemoryListInformation, // q: SYSTEM_MEMORY_LIST_INFORMATION; s: SYSTEM_MEMORY_LIST_COMMAND (requires SeProfileSingleProcessPrivilege) // 80
|
||||
SystemFileCacheInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (same as SystemFileCacheInformation)
|
||||
SystemThreadPriorityClientIdInformation, // s: SYSTEM_THREAD_CID_PRIORITY_INFORMATION (requires SeIncreaseBasePriorityPrivilege)
|
||||
SystemProcessorIdleCycleTimeInformation, // q: SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION[]
|
||||
SystemVerifierCancellationInformation, // SYSTEM_VERIFIER_CANCELLATION_INFORMATION // name:wow64:whNT32QuerySystemVerifierCancellationInformation
|
||||
SystemProcessorPowerInformationEx, // not implemented
|
||||
SystemRefTraceInformation, // q; s: SYSTEM_REF_TRACE_INFORMATION // ObQueryRefTraceInformation
|
||||
SystemSpecialPoolInformation, // q; s: SYSTEM_SPECIAL_POOL_INFORMATION (requires SeDebugPrivilege) // MmSpecialPoolTag, then MmSpecialPoolCatchOverruns != 0
|
||||
SystemProcessIdInformation, // q: SYSTEM_PROCESS_ID_INFORMATION
|
||||
SystemErrorPortInformation, // s (requires SeTcbPrivilege)
|
||||
SystemBootEnvironmentInformation, // q: SYSTEM_BOOT_ENVIRONMENT_INFORMATION // 90
|
||||
SystemHypervisorInformation, // q: SYSTEM_HYPERVISOR_QUERY_INFORMATION
|
||||
SystemVerifierInformationEx, // q; s: SYSTEM_VERIFIER_INFORMATION_EX
|
||||
SystemTimeZoneInformation, // q; s: RTL_TIME_ZONE_INFORMATION (requires SeTimeZonePrivilege)
|
||||
SystemImageFileExecutionOptionsInformation, // s: SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION (requires SeTcbPrivilege)
|
||||
SystemCoverageInformation, // q: COVERAGE_MODULES s: COVERAGE_MODULE_REQUEST // ExpCovQueryInformation (requires SeDebugPrivilege)
|
||||
SystemPrefetchPatchInformation, // SYSTEM_PREFETCH_PATCH_INFORMATION
|
||||
SystemVerifierFaultsInformation, // s: SYSTEM_VERIFIER_FAULTS_INFORMATION (requires SeDebugPrivilege)
|
||||
SystemSystemPartitionInformation, // q: SYSTEM_SYSTEM_PARTITION_INFORMATION
|
||||
SystemSystemDiskInformation, // q: SYSTEM_SYSTEM_DISK_INFORMATION
|
||||
SystemProcessorPerformanceDistribution, // q: SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION // 100
|
||||
SystemNumaProximityNodeInformation, // q; s: SYSTEM_NUMA_PROXIMITY_MAP
|
||||
SystemDynamicTimeZoneInformation, // q; s: RTL_DYNAMIC_TIME_ZONE_INFORMATION (requires SeTimeZonePrivilege)
|
||||
SystemCodeIntegrityInformation, // q: SYSTEM_CODEINTEGRITY_INFORMATION // SeCodeIntegrityQueryInformation
|
||||
SystemProcessorMicrocodeUpdateInformation, // s: SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION
|
||||
SystemProcessorBrandString, // q: CHAR[] // HaliQuerySystemInformation -> HalpGetProcessorBrandString, info class 23
|
||||
SystemVirtualAddressInformation, // q: SYSTEM_VA_LIST_INFORMATION[]; s: SYSTEM_VA_LIST_INFORMATION[] (requires SeIncreaseQuotaPrivilege) // MmQuerySystemVaInformation
|
||||
SystemLogicalProcessorAndGroupInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX // since WIN7 // KeQueryLogicalProcessorRelationship
|
||||
SystemProcessorCycleTimeInformation, // q: SYSTEM_PROCESSOR_CYCLE_TIME_INFORMATION[]
|
||||
SystemStoreInformation, // q; s: SYSTEM_STORE_INFORMATION (requires SeProfileSingleProcessPrivilege) // SmQueryStoreInformation
|
||||
SystemRegistryAppendString, // s: SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS // 110
|
||||
SystemAitSamplingValue, // s: ULONG (requires SeProfileSingleProcessPrivilege)
|
||||
SystemVhdBootInformation, // q: SYSTEM_VHD_BOOT_INFORMATION
|
||||
SystemCpuQuotaInformation, // q; s: PS_CPU_QUOTA_QUERY_INFORMATION
|
||||
SystemNativeBasicInformation, // q: SYSTEM_BASIC_INFORMATION
|
||||
SystemErrorPortTimeouts, // SYSTEM_ERROR_PORT_TIMEOUTS
|
||||
SystemLowPriorityIoInformation, // q: SYSTEM_LOW_PRIORITY_IO_INFORMATION
|
||||
SystemTpmBootEntropyInformation, // q: TPM_BOOT_ENTROPY_NT_RESULT // ExQueryTpmBootEntropyInformation
|
||||
SystemVerifierCountersInformation, // q: SYSTEM_VERIFIER_COUNTERS_INFORMATION
|
||||
SystemPagedPoolInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypePagedPool)
|
||||
SystemSystemPtesInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemPtes) // 120
|
||||
SystemNodeDistanceInformation,
|
||||
SystemAcpiAuditInformation, // q: SYSTEM_ACPI_AUDIT_INFORMATION // HaliQuerySystemInformation -> HalpAuditQueryResults, info class 26
|
||||
SystemBasicPerformanceInformation, // q: SYSTEM_BASIC_PERFORMANCE_INFORMATION // name:wow64:whNtQuerySystemInformation_SystemBasicPerformanceInformation
|
||||
SystemQueryPerformanceCounterInformation, // q: SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION // since WIN7 SP1
|
||||
SystemSessionBigPoolInformation, // q: SYSTEM_SESSION_POOLTAG_INFORMATION // since WIN8
|
||||
SystemBootGraphicsInformation, // q; s: SYSTEM_BOOT_GRAPHICS_INFORMATION (kernel-mode only)
|
||||
SystemScrubPhysicalMemoryInformation, // q; s: MEMORY_SCRUB_INFORMATION
|
||||
SystemBadPageInformation,
|
||||
SystemProcessorProfileControlArea, // q; s: SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA
|
||||
SystemCombinePhysicalMemoryInformation, // s: MEMORY_COMBINE_INFORMATION, MEMORY_COMBINE_INFORMATION_EX, MEMORY_COMBINE_INFORMATION_EX2 // 130
|
||||
SystemEntropyInterruptTimingInformation, // q; s: SYSTEM_ENTROPY_TIMING_INFORMATION
|
||||
SystemConsoleInformation, // q: SYSTEM_CONSOLE_INFORMATION
|
||||
SystemPlatformBinaryInformation, // q: SYSTEM_PLATFORM_BINARY_INFORMATION (requires SeTcbPrivilege)
|
||||
SystemPolicyInformation, // q: SYSTEM_POLICY_INFORMATION
|
||||
SystemHypervisorProcessorCountInformation, // q: SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION
|
||||
SystemDeviceDataInformation, // q: SYSTEM_DEVICE_DATA_INFORMATION
|
||||
SystemDeviceDataEnumerationInformation, // q: SYSTEM_DEVICE_DATA_INFORMATION
|
||||
SystemMemoryTopologyInformation, // q: SYSTEM_MEMORY_TOPOLOGY_INFORMATION
|
||||
SystemMemoryChannelInformation, // q: SYSTEM_MEMORY_CHANNEL_INFORMATION
|
||||
SystemBootLogoInformation, // q: SYSTEM_BOOT_LOGO_INFORMATION // 140
|
||||
SystemProcessorPerformanceInformationEx, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX // since WINBLUE
|
||||
SystemCriticalProcessErrorLogInformation,
|
||||
SystemSecureBootPolicyInformation, // q: SYSTEM_SECUREBOOT_POLICY_INFORMATION
|
||||
SystemPageFileInformationEx, // q: SYSTEM_PAGEFILE_INFORMATION_EX
|
||||
SystemSecureBootInformation, // q: SYSTEM_SECUREBOOT_INFORMATION
|
||||
SystemEntropyInterruptTimingRawInformation,
|
||||
SystemPortableWorkspaceEfiLauncherInformation, // q: SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION
|
||||
SystemFullProcessInformation, // q: SYSTEM_PROCESS_INFORMATION with SYSTEM_PROCESS_INFORMATION_EXTENSION (requires admin)
|
||||
SystemKernelDebuggerInformationEx, // q: SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX
|
||||
SystemBootMetadataInformation, // 150
|
||||
SystemSoftRebootInformation, // q: ULONG
|
||||
SystemElamCertificateInformation, // s: SYSTEM_ELAM_CERTIFICATE_INFORMATION
|
||||
SystemOfflineDumpConfigInformation, // q: OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2
|
||||
SystemProcessorFeaturesInformation, // q: SYSTEM_PROCESSOR_FEATURES_INFORMATION
|
||||
SystemRegistryReconciliationInformation, // s: NULL (requires admin) (flushes registry hives)
|
||||
SystemEdidInformation, // q: SYSTEM_EDID_INFORMATION
|
||||
SystemManufacturingInformation, // q: SYSTEM_MANUFACTURING_INFORMATION // since THRESHOLD
|
||||
SystemEnergyEstimationConfigInformation, // q: SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION
|
||||
SystemHypervisorDetailInformation, // q: SYSTEM_HYPERVISOR_DETAIL_INFORMATION
|
||||
SystemProcessorCycleStatsInformation, // q: SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION // 160
|
||||
SystemVmGenerationCountInformation,
|
||||
SystemTrustedPlatformModuleInformation, // q: SYSTEM_TPM_INFORMATION
|
||||
SystemKernelDebuggerFlags, // SYSTEM_KERNEL_DEBUGGER_FLAGS
|
||||
SystemCodeIntegrityPolicyInformation, // q: SYSTEM_CODEINTEGRITYPOLICY_INFORMATION
|
||||
SystemIsolatedUserModeInformation, // q: SYSTEM_ISOLATED_USER_MODE_INFORMATION
|
||||
SystemHardwareSecurityTestInterfaceResultsInformation,
|
||||
SystemSingleModuleInformation, // q: SYSTEM_SINGLE_MODULE_INFORMATION
|
||||
SystemAllowedCpuSetsInformation,
|
||||
SystemVsmProtectionInformation, // q: SYSTEM_VSM_PROTECTION_INFORMATION (previously SystemDmaProtectionInformation)
|
||||
SystemInterruptCpuSetsInformation, // q: SYSTEM_INTERRUPT_CPU_SET_INFORMATION // 170
|
||||
SystemSecureBootPolicyFullInformation, // q: SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION
|
||||
SystemCodeIntegrityPolicyFullInformation,
|
||||
SystemAffinitizedInterruptProcessorInformation, // (requires SeIncreaseBasePriorityPrivilege)
|
||||
SystemRootSiloInformation, // q: SYSTEM_ROOT_SILO_INFORMATION
|
||||
SystemCpuSetInformation, // q: SYSTEM_CPU_SET_INFORMATION // since THRESHOLD2
|
||||
SystemCpuSetTagInformation, // q: SYSTEM_CPU_SET_TAG_INFORMATION
|
||||
SystemWin32WerStartCallout,
|
||||
SystemSecureKernelProfileInformation, // q: SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION
|
||||
SystemCodeIntegrityPlatformManifestInformation, // q: SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION // since REDSTONE
|
||||
SystemInterruptSteeringInformation, // SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT // 180
|
||||
SystemSupportedProcessorArchitectures, // in: HANDLE, out: SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION[] (Max 5 structs) // NtQuerySystemInformationEx
|
||||
SystemMemoryUsageInformation, // q: SYSTEM_MEMORY_USAGE_INFORMATION
|
||||
SystemCodeIntegrityCertificateInformation, // q: SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION
|
||||
SystemPhysicalMemoryInformation, // q: SYSTEM_PHYSICAL_MEMORY_INFORMATION // since REDSTONE2
|
||||
SystemControlFlowTransition,
|
||||
SystemKernelDebuggingAllowed, // s: ULONG
|
||||
SystemActivityModerationExeState, // SYSTEM_ACTIVITY_MODERATION_EXE_STATE
|
||||
SystemActivityModerationUserSettings, // SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS
|
||||
SystemCodeIntegrityPoliciesFullInformation,
|
||||
SystemCodeIntegrityUnlockInformation, // SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION // 190
|
||||
SystemIntegrityQuotaInformation,
|
||||
SystemFlushInformation, // q: SYSTEM_FLUSH_INFORMATION
|
||||
SystemProcessorIdleMaskInformation, // q: ULONG_PTR // since REDSTONE3
|
||||
SystemSecureDumpEncryptionInformation,
|
||||
SystemWriteConstraintInformation, // SYSTEM_WRITE_CONSTRAINT_INFORMATION
|
||||
SystemKernelVaShadowInformation, // SYSTEM_KERNEL_VA_SHADOW_INFORMATION
|
||||
SystemHypervisorSharedPageInformation, // SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION // since REDSTONE4
|
||||
SystemFirmwareBootPerformanceInformation,
|
||||
SystemCodeIntegrityVerificationInformation, // SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION
|
||||
SystemFirmwarePartitionInformation, // SYSTEM_FIRMWARE_PARTITION_INFORMATION // 200
|
||||
SystemSpeculationControlInformation, // SYSTEM_SPECULATION_CONTROL_INFORMATION // (CVE-2017-5715) REDSTONE3 and above.
|
||||
SystemDmaGuardPolicyInformation, // SYSTEM_DMA_GUARD_POLICY_INFORMATION
|
||||
SystemEnclaveLaunchControlInformation, // SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION
|
||||
SystemWorkloadAllowedCpuSetsInformation, // SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION // since REDSTONE5
|
||||
SystemCodeIntegrityUnlockModeInformation,
|
||||
SystemLeapSecondInformation, // SYSTEM_LEAP_SECOND_INFORMATION
|
||||
SystemFlags2Information, // q: SYSTEM_FLAGS_INFORMATION
|
||||
SystemSecurityModelInformation, // SYSTEM_SECURITY_MODEL_INFORMATION // since 19H1
|
||||
SystemCodeIntegritySyntheticCacheInformation,
|
||||
SystemFeatureConfigurationInformation, // SYSTEM_FEATURE_CONFIGURATION_INFORMATION // since 20H1 // 210
|
||||
SystemFeatureConfigurationSectionInformation, // SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION
|
||||
SystemFeatureUsageSubscriptionInformation, // SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS
|
||||
SystemSecureSpeculationControlInformation, // SECURE_SPECULATION_CONTROL_INFORMATION
|
||||
SystemSpacesBootInformation, // since 20H2
|
||||
SystemFwRamdiskInformation, // SYSTEM_FIRMWARE_RAMDISK_INFORMATION
|
||||
SystemWheaIpmiHardwareInformation,
|
||||
SystemDifSetRuleClassInformation,
|
||||
SystemDifClearRuleClassInformation,
|
||||
SystemDifApplyPluginVerificationOnDriver,
|
||||
SystemDifRemovePluginVerificationOnDriver, // 220
|
||||
SystemShadowStackInformation, // SYSTEM_SHADOW_STACK_INFORMATION
|
||||
SystemBuildVersionInformation, // SYSTEM_BUILD_VERSION_INFORMATION
|
||||
SystemPoolLimitInformation, // SYSTEM_POOL_LIMIT_INFORMATION
|
||||
SystemCodeIntegrityAddDynamicStore,
|
||||
SystemCodeIntegrityClearDynamicStores,
|
||||
SystemDifPoolTrackingInformation,
|
||||
SystemPoolZeroingInformation, // SYSTEM_POOL_ZEROING_INFORMATION
|
||||
MaxSystemInfoClass
|
||||
} SYSTEM_INFORMATION_CLASS;
|
||||
|
||||
typedef enum _OBJECT_INFORMATION_CLASS {
|
||||
ObjectBasicInformation = 0, // q: OBJECT_BASIC_INFORMATION
|
||||
ObjectNameInformation = 1, // q: OBJECT_NAME_INFORMATION
|
||||
ObjectTypeInformation = 2, // q: OBJECT_TYPE_INFORMATION
|
||||
ObjectTypesInformation, // q: OBJECT_TYPES_INFORMATION
|
||||
ObjectHandleFlagInformation, // qs: OBJECT_HANDLE_FLAG_INFORMATION
|
||||
ObjectSessionInformation, // s: void // change object session // (requires SeTcbPrivilege)
|
||||
ObjectSessionObjectInformation, // s: void // change object session // (requires SeTcbPrivilege)
|
||||
MaxObjectInfoClass
|
||||
} OBJECT_INFORMATION_CLASS;
|
||||
|
||||
typedef NTSTATUS(WINAPI* PNtQuerySystemInformation)(
|
||||
_In_ SYSTEM_INFORMATION_CLASS SystemInformationClass,
|
||||
_Inout_ PVOID SystemInformation,
|
||||
_In_ ULONG SystemInformationLength,
|
||||
_Out_opt_ PULONG ReturnLength
|
||||
);
|
||||
|
||||
typedef NTSTATUS(WINAPI* PNtQueryObject)(
|
||||
_In_opt_ HANDLE Handle,
|
||||
_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
|
||||
_Out_opt_ PVOID ObjectInformation,
|
||||
_In_ ULONG ObjectInformationLength,
|
||||
_Out_opt_ PULONG ReturnLength);
|
||||
|
||||
typedef NTSTATUS(WINAPI* PNtDuplicateObject)(
|
||||
_In_ HANDLE SourceProcessHandle,
|
||||
_In_ HANDLE SourceHandle,
|
||||
_In_opt_ HANDLE TargetProcessHandle,
|
||||
_Out_opt_ PHANDLE TargetHandle,
|
||||
_In_ ACCESS_MASK DesiredAccess,
|
||||
_In_ ULONG HandleAttributes,
|
||||
_In_ ULONG Options
|
||||
);
|
||||
|
||||
int FindHandles(ULONG pid, LPSTR handleName, BOOL closeHandle, BOOL suffix) {
|
||||
HMODULE ntdll = GetModuleHandle(TEXT("ntdll.dll"));
|
||||
if (NULL == ntdll) {
|
||||
printf("Failed to load 'ntdll.dll'\n");
|
||||
return 0;
|
||||
}
|
||||
PNtQuerySystemInformation pQuerySystemInformation = (PNtQuerySystemInformation)GetProcAddress(ntdll, "NtQuerySystemInformation");
|
||||
PNtQueryObject pQueryObject = (PNtQueryObject)GetProcAddress(ntdll, "NtQueryObject");
|
||||
PNtDuplicateObject pDuplicateObject = (PNtDuplicateObject)GetProcAddress(ntdll, "NtDuplicateObject");
|
||||
if (NULL == pQuerySystemInformation || NULL == pQueryObject || NULL == pDuplicateObject) {
|
||||
printf("Failed to call 'GetProcAddress()'\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
ULONG len = 0x10000;
|
||||
NTSTATUS status;
|
||||
PSYSTEM_HANDLE_INFORMATION_EX pHandleInfo = NULL;
|
||||
do {
|
||||
if (len > 0x4000000) {
|
||||
return 0;
|
||||
}
|
||||
len *= 2;
|
||||
pHandleInfo = (PSYSTEM_HANDLE_INFORMATION_EX)GlobalAlloc(GMEM_ZEROINIT, len);
|
||||
status = pQuerySystemInformation(SystemExtendedHandleInformation, pHandleInfo, len, &len);
|
||||
} while (status == STATUS_INFO_LENGTH_MISMATCH);
|
||||
|
||||
if (!NT_SUCCESS(status)) {
|
||||
printf("Failed to call 'NtQuerySystemInformation()' with error code 0x%X\n", status);
|
||||
return 0;
|
||||
}
|
||||
|
||||
HANDLE currentProcess = GetCurrentProcess();
|
||||
for (int i = 0; i < pHandleInfo->HandleCount; i++) {
|
||||
SYSTEM_HANDLE handle = pHandleInfo->Handles[i];
|
||||
PVOID object = handle.Object;
|
||||
HANDLE handleValue = handle.HandleValue;
|
||||
HANDLE uniqueProcessId = handle.UniqueProcessId;
|
||||
if (NULL != pid && HandleToLong(uniqueProcessId) != pid) {
|
||||
continue;
|
||||
}
|
||||
LPSTR pName = NULL;
|
||||
LPSTR pType = NULL;
|
||||
HANDLE sourceProcess = OpenProcess(PROCESS_ALL_ACCESS | PROCESS_DUP_HANDLE | PROCESS_SUSPEND_RESUME, FALSE, HandleToULong(uniqueProcessId));
|
||||
HANDLE targetHandle = NULL;
|
||||
NTSTATUS status = pDuplicateObject(sourceProcess, handleValue, currentProcess, &targetHandle, 0, FALSE, DUPLICATE_SAME_ACCESS);
|
||||
if (NT_SUCCESS(status)) {
|
||||
//printf("Failed to call 'NtDuplicateObject()' with error code 0x%X\n", status);
|
||||
POBJECT_NAME_INFORMATION pNameInfo = (POBJECT_NAME_INFORMATION)GlobalAlloc(GMEM_ZEROINIT, len);
|
||||
POBJECT_TYPE_INFORMATION pTypeInfo = (POBJECT_TYPE_INFORMATION)GlobalAlloc(GMEM_ZEROINIT, len);
|
||||
if (NT_SUCCESS(pQueryObject(targetHandle, ObjectNameInformation, pNameInfo, len, NULL))) {
|
||||
pName = (LPSTR)GlobalAlloc(GMEM_ZEROINIT, pNameInfo->Name.Length);
|
||||
WideCharToMultiByte(CP_ACP, 0, pNameInfo->Name.Buffer, -1, pName, pNameInfo->Name.Length, NULL, NULL);
|
||||
}
|
||||
if (NT_SUCCESS(pQueryObject(targetHandle, ObjectTypeInformation, pTypeInfo, len, NULL))) {
|
||||
pType = (LPSTR)GlobalAlloc(GMEM_ZEROINIT, pTypeInfo->TypeName.Length);
|
||||
WideCharToMultiByte(CP_ACP, 0, pTypeInfo->TypeName.Buffer, -1, pType, pTypeInfo->TypeName.Length, NULL, NULL);
|
||||
}
|
||||
}
|
||||
if (NULL != handleName) {
|
||||
if (suffix) {
|
||||
if (NULL == pName || !endsWith(std::string(pName), std::string(handleName))) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (NULL == pName || 0 != strcmp(pName, handleName)) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (TRUE == closeHandle) {
|
||||
HANDLE hProcess = OpenProcess(PROCESS_DUP_HANDLE, FALSE, HandleToLong(uniqueProcessId));
|
||||
DuplicateHandle(hProcess, handleValue, 0, 0, 0, 0, DUPLICATE_CLOSE_SOURCE);
|
||||
CloseHandle(hProcess);
|
||||
}
|
||||
}
|
||||
printf("PID: %-6d\t", uniqueProcessId);
|
||||
printf("Handle: 0x%-3x\t", handleValue);
|
||||
printf("Object: 0x%-8X\t", object);
|
||||
printf("Type: %-20s\t", NULL != pType ? pType : "<Unknown type>");
|
||||
printf("Name: %-30s\t", NULL != pName ? pName : "");
|
||||
printf("\n");
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int DisplayHandles() {
|
||||
return FindHandles(NULL, NULL, FALSE, FALSE);
|
||||
}
|
||||
|
||||
int DisplayHandles(ULONG pid) {
|
||||
return FindHandles(pid, NULL, FALSE, FALSE);
|
||||
}
|
||||
|
||||
int FindHandle(ULONG pid, LPSTR handleName) {
|
||||
return FindHandles(pid, handleName, FALSE, FALSE);
|
||||
}
|
||||
|
||||
int CloseHandle(ULONG pid, LPSTR handleName) {
|
||||
return FindHandles(pid, handleName, TRUE, FALSE);
|
||||
}
|
||||
|
||||
HANDLE FindHandleByName(ULONG pid, LPSTR handleName) {
|
||||
HMODULE ntdll = GetModuleHandle(TEXT("ntdll.dll"));
|
||||
if (NULL == ntdll) {
|
||||
printf("Failed to load 'ntdll.dll'\n");
|
||||
return 0;
|
||||
}
|
||||
PNtQuerySystemInformation pQuerySystemInformation = (PNtQuerySystemInformation)GetProcAddress(ntdll, "NtQuerySystemInformation");
|
||||
PNtQueryObject pQueryObject = (PNtQueryObject)GetProcAddress(ntdll, "NtQueryObject");
|
||||
PNtDuplicateObject pDuplicateObject = (PNtDuplicateObject)GetProcAddress(ntdll, "NtDuplicateObject");
|
||||
if (NULL == pQuerySystemInformation || NULL == pQueryObject || NULL == pDuplicateObject) {
|
||||
printf("Failed to call 'GetProcAddress()'\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
ULONG len = 0x10000;
|
||||
NTSTATUS status;
|
||||
PSYSTEM_HANDLE_INFORMATION_EX pHandleInfo = NULL;
|
||||
do {
|
||||
if (len > 0x4000000) {
|
||||
return 0;
|
||||
}
|
||||
len *= 2;
|
||||
pHandleInfo = (PSYSTEM_HANDLE_INFORMATION_EX)GlobalAlloc(GMEM_ZEROINIT, len);
|
||||
status = pQuerySystemInformation(SystemExtendedHandleInformation, pHandleInfo, len, &len);
|
||||
} while (status == STATUS_INFO_LENGTH_MISMATCH);
|
||||
|
||||
if (!NT_SUCCESS(status)) {
|
||||
printf("Failed to call 'NtQuerySystemInformation()' with error code 0x%X\n", status);
|
||||
return 0;
|
||||
}
|
||||
|
||||
HANDLE currentProcess = GetCurrentProcess();
|
||||
for (int i = 0; i < pHandleInfo->HandleCount; i++) {
|
||||
SYSTEM_HANDLE handle = pHandleInfo->Handles[i];
|
||||
PVOID object = handle.Object;
|
||||
HANDLE handleValue = handle.HandleValue;
|
||||
HANDLE uniqueProcessId = handle.UniqueProcessId;
|
||||
if (NULL != pid && HandleToLong(uniqueProcessId) != pid) {
|
||||
continue;
|
||||
}
|
||||
LPSTR pName = NULL;
|
||||
LPSTR pType = NULL;
|
||||
HANDLE sourceProcess = OpenProcess(PROCESS_ALL_ACCESS | PROCESS_DUP_HANDLE | PROCESS_SUSPEND_RESUME, FALSE, HandleToULong(uniqueProcessId));
|
||||
HANDLE targetHandle = NULL;
|
||||
NTSTATUS status = pDuplicateObject(sourceProcess, handleValue, currentProcess, &targetHandle, 0, FALSE, DUPLICATE_SAME_ACCESS);
|
||||
if (NT_SUCCESS(status)) {
|
||||
//printf("Failed to call 'NtDuplicateObject()' with error code 0x%X\n", status);
|
||||
POBJECT_NAME_INFORMATION pNameInfo = (POBJECT_NAME_INFORMATION)GlobalAlloc(GMEM_ZEROINIT, len);
|
||||
POBJECT_TYPE_INFORMATION pTypeInfo = (POBJECT_TYPE_INFORMATION)GlobalAlloc(GMEM_ZEROINIT, len);
|
||||
if (NT_SUCCESS(pQueryObject(targetHandle, ObjectNameInformation, pNameInfo, len, NULL))) {
|
||||
pName = (LPSTR)GlobalAlloc(GMEM_ZEROINIT, pNameInfo->Name.Length);
|
||||
WideCharToMultiByte(CP_ACP, 0, pNameInfo->Name.Buffer, -1, pName, pNameInfo->Name.Length, NULL, NULL);
|
||||
}
|
||||
if (NT_SUCCESS(pQueryObject(targetHandle, ObjectTypeInformation, pTypeInfo, len, NULL))) {
|
||||
pType = (LPSTR)GlobalAlloc(GMEM_ZEROINIT, pTypeInfo->TypeName.Length);
|
||||
WideCharToMultiByte(CP_ACP, 0, pTypeInfo->TypeName.Buffer, -1, pType, pTypeInfo->TypeName.Length, NULL, NULL);
|
||||
}
|
||||
}
|
||||
if (NULL != handleName) {
|
||||
|
||||
if (NULL == pName || 0 != strcmp(pName, handleName)) {
|
||||
continue;
|
||||
}
|
||||
return handleValue;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
std::wstring Utf8ToUnicode(const char* buffer) {
|
||||
int c_size = MultiByteToWideChar(CP_UTF8, 0, buffer, -1, NULL, 0);
|
||||
if (c_size > 0) {
|
||||
wchar_t* temp = new wchar_t[c_size + 1];
|
||||
MultiByteToWideChar(CP_UTF8, 0, buffer, -1, temp, c_size);
|
||||
temp[c_size] = L'\0';
|
||||
std::wstring ret(temp);
|
||||
delete[] temp;
|
||||
temp = NULL;
|
||||
return ret;
|
||||
}
|
||||
return std::wstring();
|
||||
}
|
||||
|
||||
DWORD GetPIDForProcess(wchar_t* process)
|
||||
{
|
||||
HANDLE hSnapshot;
|
||||
DWORD dPid = 0;
|
||||
PROCESSENTRY32W pe32;
|
||||
int working;
|
||||
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
|
||||
if (!hSnapshot) {
|
||||
return 0;
|
||||
}
|
||||
pe32.dwSize = sizeof(PROCESSENTRY32);
|
||||
for (working = Process32FirstW(hSnapshot, &pe32); working; working = Process32NextW(hSnapshot, &pe32))
|
||||
{
|
||||
if (!wcscmp(pe32.szExeFile, process))
|
||||
{
|
||||
dPid = pe32.th32ProcessID;
|
||||
break;
|
||||
}
|
||||
}
|
||||
CloseHandle(hSnapshot);
|
||||
return dPid;
|
||||
}
|
||||
|
||||
HMODULE GetDLLHandle(wchar_t* wDllName, DWORD dPid)
|
||||
{
|
||||
HMODULE result;
|
||||
tagMODULEENTRY32W me32;
|
||||
void* snapMod;
|
||||
|
||||
if (!dPid) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
snapMod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dPid);
|
||||
me32.dwSize = sizeof(tagMODULEENTRY32W);
|
||||
if (Module32FirstW(snapMod, &me32))
|
||||
{
|
||||
while (wcscmp(wDllName, me32.szModule))
|
||||
{
|
||||
if (!Module32NextW(snapMod, &me32))
|
||||
goto error;
|
||||
}
|
||||
CloseHandle(snapMod);
|
||||
result = me32.hModule;
|
||||
}
|
||||
else
|
||||
{
|
||||
error:
|
||||
CloseHandle(snapMod);
|
||||
result = 0;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
BOOL EnableDebugPrivilege()
|
||||
{
|
||||
HANDLE TokenHandle = NULL;
|
||||
TOKEN_PRIVILEGES TokenPrivilege;
|
||||
|
||||
LUID uID;
|
||||
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &TokenHandle)) {
|
||||
if (LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &uID)) {
|
||||
TokenPrivilege.PrivilegeCount = 1;
|
||||
TokenPrivilege.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
TokenPrivilege.Privileges[0].Luid = uID;
|
||||
if (AdjustTokenPrivileges(TokenHandle, FALSE, &TokenPrivilege, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) {
|
||||
CloseHandle(TokenHandle);
|
||||
TokenHandle = INVALID_HANDLE_VALUE;
|
||||
return TRUE;
|
||||
}
|
||||
else
|
||||
goto fail;
|
||||
|
||||
}
|
||||
else
|
||||
goto fail;
|
||||
}
|
||||
else
|
||||
goto fail;
|
||||
|
||||
fail:
|
||||
CloseHandle(TokenHandle);
|
||||
TokenHandle = INVALID_HANDLE_VALUE;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
static unsigned char GetProcAddressAsmCode[] = {
|
||||
0x55, // push ebp;
|
||||
0x8B, 0xEC, // mov ebp, esp;
|
||||
0x83, 0xEC, 0x40, // sub esp, 0x40;
|
||||
0x57, // push edi;
|
||||
0x51, // push ecx;
|
||||
0x8B, 0x7D, 0x08, // mov edi, dword ptr[ebp + 0x8];
|
||||
0x8B, 0x07, // mov eax,dword ptr[edi];
|
||||
0x50, // push eax;
|
||||
0xE8, 0x00, 0x00, 0x00, 0x00, // call GetModuleHandleW;
|
||||
0x83, 0xC4, 0x04, // add esp,0x4;
|
||||
0x83, 0xC7, 0x04, // add edi,0x4;
|
||||
0x8B, 0x0F, // mov ecx, dword ptr[edi];
|
||||
0x51, // push ecx;
|
||||
0x50, // push eax;
|
||||
0xE8, 0x00, 0x00, 0x00, 0x00, // call GetProcAddress;
|
||||
0x83, 0xC4, 0x08, // add esp, 0x8;
|
||||
0x59, // pop ecx;
|
||||
0x5F, // pop edi;
|
||||
0x8B, 0xE5, // mov esp, ebp;
|
||||
0x5D, // pop ebp;
|
||||
0xC3 // retn;
|
||||
};
|
||||
|
||||
LPVOID FillAsmCode(HANDLE handle) {
|
||||
DWORD pGetModuleHandleW = (DWORD)GetModuleHandleW;
|
||||
DWORD pGetProcAddress = (DWORD)GetProcAddress;
|
||||
PVOID fillCall1 = (PVOID)&GetProcAddressAsmCode[15];
|
||||
PVOID fillCall2 = (PVOID)&GetProcAddressAsmCode[30];
|
||||
LPVOID pAsmFuncAddr = VirtualAllocEx(handle, NULL, 1, MEM_COMMIT, PAGE_EXECUTE);
|
||||
if (!pAsmFuncAddr) {
|
||||
return 0;
|
||||
}
|
||||
*(DWORD*)fillCall1 = pGetModuleHandleW - (DWORD)pAsmFuncAddr - 14 - 5;
|
||||
*(DWORD*)fillCall2 = pGetProcAddress - (DWORD)pAsmFuncAddr - 29 - 5;
|
||||
//*(DWORD*)fillCall1 = pGetModuleHandleW ;
|
||||
//*(DWORD*)fillCall2 = pGetProcAddress;
|
||||
SIZE_T dwWriteSize;
|
||||
WriteProcessMemory(handle, pAsmFuncAddr, GetProcAddressAsmCode, sizeof(GetProcAddressAsmCode), &dwWriteSize);
|
||||
return pAsmFuncAddr;
|
||||
|
||||
}
|
||||
|
||||
|
||||
int InjectDllAndStartHttp(wchar_t* szPName, wchar_t* szDllPath, DWORD port)
|
||||
{
|
||||
if(!EnableDebugPrivilege()){
|
||||
return 0;
|
||||
}
|
||||
int result = 0;
|
||||
HANDLE hRemoteThread = NULL;
|
||||
LPTHREAD_START_ROUTINE lpSysLibAddr = NULL;
|
||||
HINSTANCE__* hKernelModule = NULL;
|
||||
LPVOID lpRemoteDllBase = NULL;
|
||||
HANDLE hProcess;
|
||||
unsigned int dwPid;
|
||||
size_t ulDllLength;
|
||||
wchar_t* dllName = (wchar_t*)L"wxhelper.dll";
|
||||
size_t dllNameLen = wcslen(dllName) * 2 + 2;
|
||||
char* funcName = (char* )"http_start";
|
||||
size_t funcNameLen = strlen(funcName) + 1;
|
||||
|
||||
HANDLE hStartHttp = NULL;
|
||||
LPVOID portAddr = NULL;
|
||||
HANDLE getProcThread = NULL;
|
||||
|
||||
LPVOID paramsAddr = NULL;
|
||||
LPVOID param1Addr = NULL;
|
||||
LPVOID param2Addr = NULL;
|
||||
LPVOID GetProcFuncAddr = NULL;
|
||||
|
||||
DWORD params[2] = { 0 };
|
||||
|
||||
dwPid = GetPIDForProcess(szPName);
|
||||
ulDllLength = (wcslen(szDllPath) + 1) * sizeof(wchar_t);
|
||||
hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, dwPid);
|
||||
if (!hProcess) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
lpRemoteDllBase = VirtualAllocEx(hProcess, NULL, ulDllLength, MEM_COMMIT, PAGE_READWRITE);
|
||||
if (lpRemoteDllBase)
|
||||
{
|
||||
if (WriteProcessMemory(hProcess, lpRemoteDllBase, szDllPath, ulDllLength, NULL)
|
||||
&& (hKernelModule = GetModuleHandleW(L"kernel32.dll")) != 0
|
||||
&& (lpSysLibAddr = (LPTHREAD_START_ROUTINE)GetProcAddress(hKernelModule, "LoadLibraryW")) != 0
|
||||
&& (hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, lpSysLibAddr, lpRemoteDllBase, 0, NULL)) != 0)
|
||||
{
|
||||
WaitForSingleObject(hRemoteThread, INFINITE);
|
||||
GetProcFuncAddr = FillAsmCode(hProcess);
|
||||
param1Addr = VirtualAllocEx(hProcess, NULL, dllNameLen, MEM_COMMIT, PAGE_READWRITE);
|
||||
if (param1Addr) {
|
||||
SIZE_T dwWriteSize;
|
||||
BOOL bRet = WriteProcessMemory(hProcess, (LPVOID)param1Addr, dllName, dllNameLen, &dwWriteSize);
|
||||
if (!bRet) {
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
param2Addr = VirtualAllocEx(hProcess, NULL, funcNameLen, MEM_COMMIT, PAGE_READWRITE);
|
||||
if (param2Addr) {
|
||||
SIZE_T dwWriteSize;
|
||||
BOOL bRet = WriteProcessMemory(hProcess, (LPVOID)param2Addr, funcName, funcNameLen, &dwWriteSize);
|
||||
if (!bRet) {
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
|
||||
params[0] = (DWORD)param1Addr;
|
||||
params[1] = (DWORD)param2Addr;
|
||||
|
||||
paramsAddr = VirtualAllocEx(hProcess, NULL, sizeof(params), MEM_COMMIT, PAGE_READWRITE);
|
||||
if (paramsAddr) {
|
||||
SIZE_T dwWriteSize;
|
||||
BOOL bRet = WriteProcessMemory(hProcess, (LPVOID)paramsAddr, ¶ms[0], sizeof(params), &dwWriteSize);
|
||||
if (!bRet) {
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
|
||||
DWORD dwRet = 0;
|
||||
getProcThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcFuncAddr, paramsAddr, 0, NULL);
|
||||
|
||||
if (getProcThread)
|
||||
{
|
||||
WaitForSingleObject(getProcThread, INFINITE);
|
||||
GetExitCodeThread(getProcThread, &dwRet);
|
||||
if (dwRet) {
|
||||
hStartHttp = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)dwRet, (LPVOID)port, 0, NULL);
|
||||
WaitForSingleObject(hStartHttp, INFINITE);
|
||||
result = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
error:
|
||||
if (hRemoteThread) {
|
||||
CloseHandle(hRemoteThread);
|
||||
}
|
||||
if (getProcThread) {
|
||||
CloseHandle(getProcThread);
|
||||
}
|
||||
if (hStartHttp) {
|
||||
CloseHandle(hStartHttp);
|
||||
}
|
||||
|
||||
if (lpRemoteDllBase) {
|
||||
VirtualFreeEx(hProcess, lpRemoteDllBase, ulDllLength, MEM_DECOMMIT | MEM_RELEASE);
|
||||
}
|
||||
if (param1Addr) {
|
||||
VirtualFreeEx(hProcess, param1Addr, dllNameLen, MEM_DECOMMIT | MEM_RELEASE);
|
||||
}
|
||||
|
||||
if (param2Addr) {
|
||||
VirtualFreeEx(hProcess, param1Addr, funcNameLen, MEM_DECOMMIT | MEM_RELEASE);
|
||||
}
|
||||
|
||||
if (paramsAddr) {
|
||||
VirtualFreeEx(hProcess, param1Addr, sizeof(params), MEM_DECOMMIT | MEM_RELEASE);
|
||||
}
|
||||
|
||||
if (GetProcFuncAddr) {
|
||||
VirtualFreeEx(hProcess, GetProcFuncAddr, sizeof(GetProcAddressAsmCode), MEM_DECOMMIT | MEM_RELEASE);
|
||||
}
|
||||
|
||||
CloseHandle(hProcess);
|
||||
return result;
|
||||
}
|
||||
|
||||
int InjectDll(wchar_t* szPName, wchar_t* szDllPath)
|
||||
{
|
||||
if(!EnableDebugPrivilege()){
|
||||
return 0;
|
||||
}
|
||||
int result = 0;
|
||||
HANDLE hRemoteThread;
|
||||
LPTHREAD_START_ROUTINE lpSysLibAddr;
|
||||
HINSTANCE__* hKernelModule;
|
||||
LPVOID lpRemoteDllBase;
|
||||
HANDLE hProcess;
|
||||
unsigned int dwPid;
|
||||
size_t ulDllLength;
|
||||
|
||||
dwPid = GetPIDForProcess(szPName);
|
||||
ulDllLength = (wcslen(szDllPath) + 1) * sizeof(wchar_t);
|
||||
hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, dwPid);
|
||||
if (!hProcess) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
lpRemoteDllBase = VirtualAllocEx(hProcess, NULL, ulDllLength, MEM_COMMIT, PAGE_READWRITE);
|
||||
if (lpRemoteDllBase)
|
||||
{
|
||||
if (WriteProcessMemory(hProcess, lpRemoteDllBase, szDllPath, ulDllLength, NULL)
|
||||
&& (hKernelModule = GetModuleHandleW(L"kernel32.dll")) != 0
|
||||
&& (lpSysLibAddr = (LPTHREAD_START_ROUTINE)GetProcAddress(hKernelModule, "LoadLibraryW")) != 0
|
||||
&& (hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, lpSysLibAddr, lpRemoteDllBase, 0, NULL)) != 0)
|
||||
{
|
||||
WaitForSingleObject(hRemoteThread, INFINITE);
|
||||
VirtualFreeEx(hProcess, lpRemoteDllBase, ulDllLength, MEM_DECOMMIT | MEM_RELEASE);
|
||||
CloseHandle(hRemoteThread);
|
||||
CloseHandle(hProcess);
|
||||
OutputDebugStringA("[DBG] dll inject success");
|
||||
printf("dll inject success");
|
||||
printf("dll path : %s ", szDllPath);
|
||||
printf("dll path : %d ", dwPid);
|
||||
result = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
VirtualFreeEx(hProcess, lpRemoteDllBase, ulDllLength, MEM_DECOMMIT | MEM_RELEASE);
|
||||
CloseHandle(hProcess);
|
||||
result = 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
CloseHandle(hProcess);
|
||||
result = 0;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
int UnInjectDll(wchar_t* szPName, wchar_t* szDName)
|
||||
{
|
||||
HMODULE hDll;
|
||||
HANDLE lpFreeLibAddr;
|
||||
HINSTANCE__* hK32;
|
||||
HANDLE hProcess;
|
||||
unsigned int dwPID;
|
||||
|
||||
dwPID = GetPIDForProcess(szPName);
|
||||
hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, dwPID);
|
||||
if (!hProcess) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
hK32 = GetModuleHandleW(L"Kernel32.dll");
|
||||
if (!hK32) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
lpFreeLibAddr = GetProcAddress(hK32, "FreeLibraryAndExitThread");
|
||||
//lpFreeLibAddr = (LPTHREAD_START_ROUTINE)GetProcAddress(hK32, "FreeLibrary");
|
||||
hDll = GetDLLHandle(szDName, dwPID);
|
||||
if (hDll) {
|
||||
HANDLE hThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)lpFreeLibAddr, hDll, NULL, NULL);
|
||||
if (hThread == NULL) {
|
||||
int errorCode = GetLastError();
|
||||
return 0;
|
||||
}
|
||||
WaitForSingleObject(hThread, INFINITE);
|
||||
CloseHandle(hThread);
|
||||
CloseHandle(hProcess);
|
||||
return 1;
|
||||
}
|
||||
|
||||
CloseHandle(hProcess);
|
||||
return 0;
|
||||
}
|
||||
|
||||
FARPROC ShellCode(DWORD param[]) {
|
||||
return GetProcAddress(GetModuleHandleW((LPCWSTR)param[0]), (LPCSTR)param[1]);
|
||||
}
|
||||
|
||||
|
||||
int main(int argc, char** argv)
|
||||
{
|
||||
int param;
|
||||
char cInjectprogram[MAX_PATH] = { 0 };
|
||||
char cUnInjectprogram[MAX_PATH] = { 0 };
|
||||
char cDllPath[MAX_PATH] = { 0 };
|
||||
char cDllName[MAX_PATH] = { 0 };
|
||||
int port = 0;
|
||||
|
||||
ULONG pid = 0;
|
||||
|
||||
while ((param = getopt(argc, argv, "i:p:u:d:m:P:h")) != -1)
|
||||
{
|
||||
switch (param)
|
||||
{
|
||||
case 'i':
|
||||
strcpy(cInjectprogram, optarg);
|
||||
break;
|
||||
case 'p':
|
||||
strcpy(cDllPath, optarg);
|
||||
break;
|
||||
case 'u':
|
||||
strcpy(cUnInjectprogram, optarg);
|
||||
case 'd':
|
||||
strcpy(cDllName, optarg);
|
||||
break;
|
||||
case 'h':
|
||||
printf("Usage: %s [-i/u] [-p/d] [-m]\n", argv[0]);
|
||||
printf("Options:\n");
|
||||
printf(" -h Print this help message.\n");
|
||||
printf(" -i <program name> Name of the running program to be injected.\n");
|
||||
printf(" -u <program name> Name of the running program to be uninstalled.\n");
|
||||
printf(" -p <path> Full path of injection file.\n");
|
||||
printf(" -d <file> Name of injection file.\n");
|
||||
printf(" -m <pid> WeChat.exe pid.\n");
|
||||
printf("\n");
|
||||
printf("Examples:\n");
|
||||
printf(" window> %s -i test.exe -p c:/inject.dll \n", argv[0]);
|
||||
printf(" window> %s -u test.exe -d inject.dll \n", argv[0]);
|
||||
printf(" window> %s -m 1988 \n", argv[0]);
|
||||
exit(0);
|
||||
break;
|
||||
case 'm':
|
||||
pid = std::stol(optarg);
|
||||
break;
|
||||
case 'P':
|
||||
port = std::atoi(optarg);
|
||||
break;
|
||||
default:
|
||||
abort();
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (pid) {
|
||||
FindHandles(pid, (LPSTR)"_WeChat_App_Instance_Identity_Mutex_Name", TRUE, TRUE);
|
||||
}
|
||||
|
||||
if (cInjectprogram[0] != 0 && cDllPath[0] != 0)
|
||||
{
|
||||
if (cInjectprogram[0] != '\0' && cDllPath[0] != '\0')
|
||||
{
|
||||
if (port == 0) {
|
||||
std::wstring wsProgram = Utf8ToUnicode(cInjectprogram);
|
||||
std::wstring wsPath = Utf8ToUnicode(cDllPath);
|
||||
int ret = InjectDll((wchar_t*)wsProgram.c_str(), (wchar_t*)wsPath.c_str());
|
||||
printf(" 注入结果:%i \n", ret);
|
||||
}
|
||||
else
|
||||
{
|
||||
std::wstring wsProgram = Utf8ToUnicode(cInjectprogram);
|
||||
std::wstring wsPath = Utf8ToUnicode(cDllPath);
|
||||
int ret = InjectDllAndStartHttp((wchar_t*)wsProgram.c_str(), (wchar_t*)wsPath.c_str(), port);
|
||||
printf(" 注入结果:%i \n", ret);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (cUnInjectprogram[0] != 0 && cDllName[0] != 0)
|
||||
{
|
||||
if (cUnInjectprogram[0] != '\0' && cDllName[0] != '\0')
|
||||
{
|
||||
std::wstring wsUnInjectProgram = Utf8ToUnicode(cUnInjectprogram);
|
||||
std::wstring wsName = Utf8ToUnicode(cDllName);
|
||||
int ret = UnInjectDll((wchar_t*)wsUnInjectProgram.c_str(), (wchar_t*)wsName.c_str());
|
||||
printf(" 卸载结果:%i \n", ret);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
659
source/getopt.h
Normal file
659
source/getopt.h
Normal file
@ -0,0 +1,659 @@
|
||||
#ifndef __GETOPT_H__
|
||||
/**
|
||||
* DISCLAIMER
|
||||
* This file is part of the mingw-w64 runtime package.
|
||||
*
|
||||
* The mingw-w64 runtime package and its code is distributed in the hope that it
|
||||
* will be useful but WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESSED OR
|
||||
* IMPLIED ARE HEREBY DISCLAIMED. This includes but is not limited to
|
||||
* warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 2002 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*
|
||||
* Sponsored in part by the Defense Advanced Research Projects
|
||||
* Agency (DARPA) and Air Force Research Laboratory, Air Force
|
||||
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
|
||||
*/
|
||||
/*-
|
||||
* Copyright (c) 2000 The NetBSD Foundation, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This code is derived from software contributed to The NetBSD Foundation
|
||||
* by Dieter Baron and Thomas Klausner.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
||||
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
||||
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#pragma warning(disable:4996);
|
||||
|
||||
#define __GETOPT_H__
|
||||
|
||||
/* All the headers include this file. */
|
||||
#include <crtdefs.h>
|
||||
#include <errno.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <windows.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define REPLACE_GETOPT /* use this getopt as the system getopt(3) */
|
||||
|
||||
#ifdef REPLACE_GETOPT
|
||||
int opterr = 1; /* if error message should be printed */
|
||||
int optind = 1; /* index into parent argv vector */
|
||||
int optopt = '?'; /* character checked for validity */
|
||||
#undef optreset /* see getopt.h */
|
||||
#define optreset __mingw_optreset
|
||||
int optreset; /* reset getopt */
|
||||
char* optarg; /* argument associated with option */
|
||||
#endif
|
||||
|
||||
//extern int optind; /* index of first non-option in argv */
|
||||
//extern int optopt; /* single option character, as parsed */
|
||||
//extern int opterr; /* flag to enable built-in diagnostics... */
|
||||
// /* (user may set to zero, to suppress) */
|
||||
//
|
||||
//extern char *optarg; /* pointer to argument of current option */
|
||||
|
||||
#define PRINT_ERROR ((opterr) && (*options != ':'))
|
||||
|
||||
#define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */
|
||||
#define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */
|
||||
#define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */
|
||||
|
||||
/* return values */
|
||||
#define BADCH (int)'?'
|
||||
#define BADARG ((*options == ':') ? (int)':' : (int)'?')
|
||||
#define INORDER (int)1
|
||||
|
||||
#ifndef __CYGWIN__
|
||||
#define __progname __argv[0]
|
||||
#else
|
||||
extern char __declspec(dllimport)* __progname;
|
||||
#endif
|
||||
|
||||
#ifdef __CYGWIN__
|
||||
static char EMSG[] = "";
|
||||
#else
|
||||
#define EMSG ""
|
||||
#endif
|
||||
|
||||
static int getopt_internal(int, char* const*, const char*,
|
||||
const struct option*, int*, int);
|
||||
static int parse_long_options(char* const*, const char*,
|
||||
const struct option*, int*, int);
|
||||
static int gcd(int, int);
|
||||
static void permute_args(int, int, int, char* const*);
|
||||
|
||||
static char* place = EMSG; /* option letter processing */
|
||||
|
||||
/* XXX: set optreset to 1 rather than these two */
|
||||
static int nonopt_start = -1; /* first non option argument (for permute) */
|
||||
static int nonopt_end = -1; /* first option after non options (for permute) */
|
||||
|
||||
/* Error messages */
|
||||
static const char recargchar[] = "option requires an argument -- %c";
|
||||
static const char recargstring[] = "option requires an argument -- %s";
|
||||
static const char ambig[] = "ambiguous option -- %.*s";
|
||||
static const char noarg[] = "option doesn't take an argument -- %.*s";
|
||||
static const char illoptchar[] = "unknown option -- %c";
|
||||
static const char illoptstring[] = "unknown option -- %s";
|
||||
|
||||
static void
|
||||
_vwarnx(const char* fmt, va_list ap)
|
||||
{
|
||||
(void)fprintf(stderr, "%s: ", __progname);
|
||||
if (fmt != NULL)
|
||||
(void)vfprintf(stderr, fmt, ap);
|
||||
(void)fprintf(stderr, "\n");
|
||||
}
|
||||
|
||||
static void
|
||||
warnx(const char* fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
va_start(ap, fmt);
|
||||
_vwarnx(fmt, ap);
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
/*
|
||||
* Compute the greatest common divisor of a and b.
|
||||
*/
|
||||
static int
|
||||
gcd(int a, int b)
|
||||
{
|
||||
int c;
|
||||
|
||||
c = a % b;
|
||||
while (c != 0) {
|
||||
a = b;
|
||||
b = c;
|
||||
c = a % b;
|
||||
}
|
||||
|
||||
return (b);
|
||||
}
|
||||
|
||||
/*
|
||||
* Exchange the block from nonopt_start to nonopt_end with the block
|
||||
* from nonopt_end to opt_end (keeping the same order of arguments
|
||||
* in each block).
|
||||
*/
|
||||
static void
|
||||
permute_args(int panonopt_start, int panonopt_end, int opt_end,
|
||||
char* const* nargv)
|
||||
{
|
||||
int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos;
|
||||
char* swap;
|
||||
|
||||
/*
|
||||
* compute lengths of blocks and number and size of cycles
|
||||
*/
|
||||
nnonopts = panonopt_end - panonopt_start;
|
||||
nopts = opt_end - panonopt_end;
|
||||
ncycle = gcd(nnonopts, nopts);
|
||||
cyclelen = (opt_end - panonopt_start) / ncycle;
|
||||
|
||||
for (i = 0; i < ncycle; i++) {
|
||||
cstart = panonopt_end + i;
|
||||
pos = cstart;
|
||||
for (j = 0; j < cyclelen; j++) {
|
||||
if (pos >= panonopt_end)
|
||||
pos -= nnonopts;
|
||||
else
|
||||
pos += nopts;
|
||||
swap = nargv[pos];
|
||||
/* LINTED const cast */
|
||||
((char**)nargv)[pos] = nargv[cstart];
|
||||
/* LINTED const cast */
|
||||
((char**)nargv)[cstart] = swap;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef REPLACE_GETOPT
|
||||
/*
|
||||
* getopt --
|
||||
* Parse argc/argv argument vector.
|
||||
*
|
||||
* [eventually this will replace the BSD getopt]
|
||||
*/
|
||||
int
|
||||
getopt(int nargc, char* const* nargv, const char* options)
|
||||
{
|
||||
|
||||
/*
|
||||
* We don't pass FLAG_PERMUTE to getopt_internal() since
|
||||
* the BSD getopt(3) (unlike GNU) has never done this.
|
||||
*
|
||||
* Furthermore, since many privileged programs call getopt()
|
||||
* before dropping privileges it makes sense to keep things
|
||||
* as simple (and bug-free) as possible.
|
||||
*/
|
||||
return (getopt_internal(nargc, nargv, options, NULL, NULL, 0));
|
||||
}
|
||||
#endif /* REPLACE_GETOPT */
|
||||
|
||||
//extern int getopt(int nargc, char * const *nargv, const char *options);
|
||||
|
||||
#ifdef _BSD_SOURCE
|
||||
/*
|
||||
* BSD adds the non-standard `optreset' feature, for reinitialisation
|
||||
* of `getopt' parsing. We support this feature, for applications which
|
||||
* proclaim their BSD heritage, before including this header; however,
|
||||
* to maintain portability, developers are advised to avoid it.
|
||||
*/
|
||||
# define optreset __mingw_optreset
|
||||
extern int optreset;
|
||||
#endif
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
/*
|
||||
* POSIX requires the `getopt' API to be specified in `unistd.h';
|
||||
* thus, `unistd.h' includes this header. However, we do not want
|
||||
* to expose the `getopt_long' or `getopt_long_only' APIs, when
|
||||
* included in this manner. Thus, close the standard __GETOPT_H__
|
||||
* declarations block, and open an additional __GETOPT_LONG_H__
|
||||
* specific block, only when *not* __UNISTD_H_SOURCED__, in which
|
||||
* to declare the extended API.
|
||||
*/
|
||||
#endif /* !defined(__GETOPT_H__) */
|
||||
|
||||
#if !defined(__UNISTD_H_SOURCED__) && !defined(__GETOPT_LONG_H__)
|
||||
#define __GETOPT_LONG_H__
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
struct option /* specification for a long form option... */
|
||||
{
|
||||
const char* name; /* option name, without leading hyphens */
|
||||
int has_arg; /* does it take an argument? */
|
||||
int* flag; /* where to save its status, or NULL */
|
||||
int val; /* its associated status value */
|
||||
};
|
||||
|
||||
enum /* permitted values for its `has_arg' field... */
|
||||
{
|
||||
no_argument = 0, /* option never takes an argument */
|
||||
required_argument, /* option always requires an argument */
|
||||
optional_argument /* option may take an argument */
|
||||
};
|
||||
|
||||
/*
|
||||
* parse_long_options --
|
||||
* Parse long options in argc/argv argument vector.
|
||||
* Returns -1 if short_too is set and the option does not match long_options.
|
||||
*/
|
||||
static int
|
||||
parse_long_options(char* const* nargv, const char* options,
|
||||
const struct option* long_options, int* idx, int short_too)
|
||||
{
|
||||
char* current_argv, * has_equal;
|
||||
size_t current_argv_len;
|
||||
int i, ambiguous, match;
|
||||
|
||||
#define IDENTICAL_INTERPRETATION(_x, _y) \
|
||||
(long_options[(_x)].has_arg == long_options[(_y)].has_arg && \
|
||||
long_options[(_x)].flag == long_options[(_y)].flag && \
|
||||
long_options[(_x)].val == long_options[(_y)].val)
|
||||
|
||||
current_argv = place;
|
||||
match = -1;
|
||||
ambiguous = 0;
|
||||
|
||||
optind++;
|
||||
|
||||
if ((has_equal = strchr(current_argv, '=')) != NULL) {
|
||||
/* argument found (--option=arg) */
|
||||
current_argv_len = has_equal - current_argv;
|
||||
has_equal++;
|
||||
}
|
||||
else
|
||||
current_argv_len = strlen(current_argv);
|
||||
|
||||
for (i = 0; long_options[i].name; i++) {
|
||||
/* find matching long option */
|
||||
if (strncmp(current_argv, long_options[i].name,
|
||||
current_argv_len))
|
||||
continue;
|
||||
|
||||
if (strlen(long_options[i].name) == current_argv_len) {
|
||||
/* exact match */
|
||||
match = i;
|
||||
ambiguous = 0;
|
||||
break;
|
||||
}
|
||||
/*
|
||||
* If this is a known short option, don't allow
|
||||
* a partial match of a single character.
|
||||
*/
|
||||
if (short_too && current_argv_len == 1)
|
||||
continue;
|
||||
|
||||
if (match == -1) /* partial match */
|
||||
match = i;
|
||||
else if (!IDENTICAL_INTERPRETATION(i, match))
|
||||
ambiguous = 1;
|
||||
}
|
||||
if (ambiguous) {
|
||||
/* ambiguous abbreviation */
|
||||
if (PRINT_ERROR)
|
||||
warnx(ambig, (int)current_argv_len,
|
||||
current_argv);
|
||||
optopt = 0;
|
||||
return (BADCH);
|
||||
}
|
||||
if (match != -1) { /* option found */
|
||||
if (long_options[match].has_arg == no_argument
|
||||
&& has_equal) {
|
||||
if (PRINT_ERROR)
|
||||
warnx(noarg, (int)current_argv_len,
|
||||
current_argv);
|
||||
/*
|
||||
* XXX: GNU sets optopt to val regardless of flag
|
||||
*/
|
||||
if (long_options[match].flag == NULL)
|
||||
optopt = long_options[match].val;
|
||||
else
|
||||
optopt = 0;
|
||||
return (BADARG);
|
||||
}
|
||||
if (long_options[match].has_arg == required_argument ||
|
||||
long_options[match].has_arg == optional_argument) {
|
||||
if (has_equal)
|
||||
optarg = has_equal;
|
||||
else if (long_options[match].has_arg ==
|
||||
required_argument) {
|
||||
/*
|
||||
* optional argument doesn't use next nargv
|
||||
*/
|
||||
optarg = nargv[optind++];
|
||||
}
|
||||
}
|
||||
if ((long_options[match].has_arg == required_argument)
|
||||
&& (optarg == NULL)) {
|
||||
/*
|
||||
* Missing argument; leading ':' indicates no error
|
||||
* should be generated.
|
||||
*/
|
||||
if (PRINT_ERROR)
|
||||
warnx(recargstring,
|
||||
current_argv);
|
||||
/*
|
||||
* XXX: GNU sets optopt to val regardless of flag
|
||||
*/
|
||||
if (long_options[match].flag == NULL)
|
||||
optopt = long_options[match].val;
|
||||
else
|
||||
optopt = 0;
|
||||
--optind;
|
||||
return (BADARG);
|
||||
}
|
||||
}
|
||||
else { /* unknown option */
|
||||
if (short_too) {
|
||||
--optind;
|
||||
return (-1);
|
||||
}
|
||||
if (PRINT_ERROR)
|
||||
warnx(illoptstring, current_argv);
|
||||
optopt = 0;
|
||||
return (BADCH);
|
||||
}
|
||||
if (idx)
|
||||
*idx = match;
|
||||
if (long_options[match].flag) {
|
||||
*long_options[match].flag = long_options[match].val;
|
||||
return (0);
|
||||
}
|
||||
else
|
||||
return (long_options[match].val);
|
||||
#undef IDENTICAL_INTERPRETATION
|
||||
}
|
||||
|
||||
/*
|
||||
* getopt_internal --
|
||||
* Parse argc/argv argument vector. Called by user level routines.
|
||||
*/
|
||||
static int
|
||||
getopt_internal(int nargc, char* const* nargv, const char* options,
|
||||
const struct option* long_options, int* idx, int flags)
|
||||
{
|
||||
char* oli; /* option letter list index */
|
||||
int optchar, short_too;
|
||||
static int posixly_correct = -1;
|
||||
|
||||
if (options == NULL)
|
||||
return (-1);
|
||||
|
||||
/*
|
||||
* XXX Some GNU programs (like cvs) set optind to 0 instead of
|
||||
* XXX using optreset. Work around this braindamage.
|
||||
*/
|
||||
if (optind == 0)
|
||||
optind = optreset = 1;
|
||||
|
||||
/*
|
||||
* Disable GNU extensions if POSIXLY_CORRECT is set or options
|
||||
* string begins with a '+'.
|
||||
*
|
||||
* CV, 2009-12-14: Check POSIXLY_CORRECT anew if optind == 0 or
|
||||
* optreset != 0 for GNU compatibility.
|
||||
*/
|
||||
if (posixly_correct == -1 || optreset != 0)
|
||||
posixly_correct = (getenv("POSIXLY_CORRECT") != NULL);
|
||||
if (*options == '-')
|
||||
flags |= FLAG_ALLARGS;
|
||||
else if (posixly_correct || *options == '+')
|
||||
flags &= ~FLAG_PERMUTE;
|
||||
if (*options == '+' || *options == '-')
|
||||
options++;
|
||||
|
||||
optarg = NULL;
|
||||
if (optreset)
|
||||
nonopt_start = nonopt_end = -1;
|
||||
start:
|
||||
if (optreset || !*place) { /* update scanning pointer */
|
||||
optreset = 0;
|
||||
if (optind >= nargc) { /* end of argument vector */
|
||||
place = EMSG;
|
||||
if (nonopt_end != -1) {
|
||||
/* do permutation, if we have to */
|
||||
permute_args(nonopt_start, nonopt_end,
|
||||
optind, nargv);
|
||||
optind -= nonopt_end - nonopt_start;
|
||||
}
|
||||
else if (nonopt_start != -1) {
|
||||
/*
|
||||
* If we skipped non-options, set optind
|
||||
* to the first of them.
|
||||
*/
|
||||
optind = nonopt_start;
|
||||
}
|
||||
nonopt_start = nonopt_end = -1;
|
||||
return (-1);
|
||||
}
|
||||
if (*(place = nargv[optind]) != '-' ||
|
||||
(place[1] == '\0' && strchr(options, '-') == NULL)) {
|
||||
place = EMSG; /* found non-option */
|
||||
if (flags & FLAG_ALLARGS) {
|
||||
/*
|
||||
* GNU extension:
|
||||
* return non-option as argument to option 1
|
||||
*/
|
||||
optarg = nargv[optind++];
|
||||
return (INORDER);
|
||||
}
|
||||
if (!(flags & FLAG_PERMUTE)) {
|
||||
/*
|
||||
* If no permutation wanted, stop parsing
|
||||
* at first non-option.
|
||||
*/
|
||||
return (-1);
|
||||
}
|
||||
/* do permutation */
|
||||
if (nonopt_start == -1)
|
||||
nonopt_start = optind;
|
||||
else if (nonopt_end != -1) {
|
||||
permute_args(nonopt_start, nonopt_end,
|
||||
optind, nargv);
|
||||
nonopt_start = optind -
|
||||
(nonopt_end - nonopt_start);
|
||||
nonopt_end = -1;
|
||||
}
|
||||
optind++;
|
||||
/* process next argument */
|
||||
goto start;
|
||||
}
|
||||
if (nonopt_start != -1 && nonopt_end == -1)
|
||||
nonopt_end = optind;
|
||||
|
||||
/*
|
||||
* If we have "-" do nothing, if "--" we are done.
|
||||
*/
|
||||
if (place[1] != '\0' && *++place == '-' && place[1] == '\0') {
|
||||
optind++;
|
||||
place = EMSG;
|
||||
/*
|
||||
* We found an option (--), so if we skipped
|
||||
* non-options, we have to permute.
|
||||
*/
|
||||
if (nonopt_end != -1) {
|
||||
permute_args(nonopt_start, nonopt_end,
|
||||
optind, nargv);
|
||||
optind -= nonopt_end - nonopt_start;
|
||||
}
|
||||
nonopt_start = nonopt_end = -1;
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Check long options if:
|
||||
* 1) we were passed some
|
||||
* 2) the arg is not just "-"
|
||||
* 3) either the arg starts with -- we are getopt_long_only()
|
||||
*/
|
||||
if (long_options != NULL && place != nargv[optind] &&
|
||||
(*place == '-' || (flags & FLAG_LONGONLY))) {
|
||||
short_too = 0;
|
||||
if (*place == '-')
|
||||
place++; /* --foo long option */
|
||||
else if (*place != ':' && strchr(options, *place) != NULL)
|
||||
short_too = 1; /* could be short option too */
|
||||
|
||||
optchar = parse_long_options(nargv, options, long_options,
|
||||
idx, short_too);
|
||||
if (optchar != -1) {
|
||||
place = EMSG;
|
||||
return (optchar);
|
||||
}
|
||||
}
|
||||
|
||||
if ((optchar = (int)*place++) == (int)':' ||
|
||||
(optchar == (int)'-' && *place != '\0') ||
|
||||
(oli = (char*)strchr(options, optchar)) == NULL) {
|
||||
/*
|
||||
* If the user specified "-" and '-' isn't listed in
|
||||
* options, return -1 (non-option) as per POSIX.
|
||||
* Otherwise, it is an unknown option character (or ':').
|
||||
*/
|
||||
if (optchar == (int)'-' && *place == '\0')
|
||||
return (-1);
|
||||
if (!*place)
|
||||
++optind;
|
||||
if (PRINT_ERROR)
|
||||
warnx(illoptchar, optchar);
|
||||
optopt = optchar;
|
||||
return (BADCH);
|
||||
}
|
||||
if (long_options != NULL && optchar == 'W' && oli[1] == ';') {
|
||||
/* -W long-option */
|
||||
if (*place) /* no space */
|
||||
/* NOTHING */;
|
||||
else if (++optind >= nargc) { /* no arg */
|
||||
place = EMSG;
|
||||
if (PRINT_ERROR)
|
||||
warnx(recargchar, optchar);
|
||||
optopt = optchar;
|
||||
return (BADARG);
|
||||
}
|
||||
else /* white space */
|
||||
place = nargv[optind];
|
||||
optchar = parse_long_options(nargv, options, long_options,
|
||||
idx, 0);
|
||||
place = EMSG;
|
||||
return (optchar);
|
||||
}
|
||||
if (*++oli != ':') { /* doesn't take argument */
|
||||
if (!*place)
|
||||
++optind;
|
||||
}
|
||||
else { /* takes (optional) argument */
|
||||
optarg = NULL;
|
||||
if (*place) /* no white space */
|
||||
optarg = place;
|
||||
else if (oli[1] != ':') { /* arg not optional */
|
||||
if (++optind >= nargc) { /* no arg */
|
||||
place = EMSG;
|
||||
if (PRINT_ERROR)
|
||||
warnx(recargchar, optchar);
|
||||
optopt = optchar;
|
||||
return (BADARG);
|
||||
}
|
||||
else
|
||||
optarg = nargv[optind];
|
||||
}
|
||||
place = EMSG;
|
||||
++optind;
|
||||
}
|
||||
/* dump back option letter */
|
||||
return (optchar);
|
||||
}
|
||||
|
||||
/*
|
||||
* getopt_long --
|
||||
* Parse argc/argv argument vector.
|
||||
*/
|
||||
int
|
||||
getopt_long(int nargc, char* const* nargv, const char* options,
|
||||
const struct option* long_options, int* idx)
|
||||
{
|
||||
|
||||
return (getopt_internal(nargc, nargv, options, long_options, idx,
|
||||
FLAG_PERMUTE));
|
||||
}
|
||||
|
||||
/*
|
||||
* getopt_long_only --
|
||||
* Parse argc/argv argument vector.
|
||||
*/
|
||||
int
|
||||
getopt_long_only(int nargc, char* const* nargv, const char* options,
|
||||
const struct option* long_options, int* idx)
|
||||
{
|
||||
|
||||
return (getopt_internal(nargc, nargv, options, long_options, idx,
|
||||
FLAG_PERMUTE | FLAG_LONGONLY));
|
||||
}
|
||||
|
||||
//extern int getopt_long(int nargc, char * const *nargv, const char *options,
|
||||
// const struct option *long_options, int *idx);
|
||||
//extern int getopt_long_only(int nargc, char * const *nargv, const char *options,
|
||||
// const struct option *long_options, int *idx);
|
||||
/*
|
||||
* Previous MinGW implementation had...
|
||||
*/
|
||||
#ifndef HAVE_DECL_GETOPT
|
||||
/*
|
||||
* ...for the long form API only; keep this for compatibility.
|
||||
*/
|
||||
# define HAVE_DECL_GETOPT 1
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !defined(__UNISTD_H_SOURCED__) && !defined(__GETOPT_LONG_H__) */
|
Loading…
Reference in New Issue
Block a user