From c590a9542564459e5d989a5ca51745d08756a4e5 Mon Sep 17 00:00:00 2001 From: hugy <504650082@qq.com> Date: Wed, 29 Mar 2023 09:30:03 +0800 Subject: [PATCH] =?UTF-8?q?=E5=90=88=E5=B9=B6=E6=B3=A8=E5=85=A5=E5=B7=A5?= =?UTF-8?q?=E5=85=B7=E5=92=8C=E8=A7=A3=E5=AF=86=E5=B7=A5=E5=85=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CMakeLists.txt | 2 +- python/client.py | 595 ++++++++++++++++++++++ python/decrypt.py | 51 ++ source/CMakeLists.txt | 20 + source/ConsoleApplication.cc | 962 +++++++++++++++++++++++++++++++++++ source/getopt.h | 659 ++++++++++++++++++++++++ 6 files changed, 2288 insertions(+), 1 deletion(-) create mode 100644 python/client.py create mode 100644 python/decrypt.py create mode 100644 source/CMakeLists.txt create mode 100644 source/ConsoleApplication.cc create mode 100644 source/getopt.h diff --git a/CMakeLists.txt b/CMakeLists.txt index 1191974..adcb78d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,7 +14,7 @@ file(GLOB CPP_FILES ${PROJECT_SOURCE_DIR}/src/*.cc ${PROJECT_SOURCE_DIR}/src/* include_directories(${VCPKG_INSTALLED_DIR}/x86-windows/include) # add_subdirectory(3rd) - +add_subdirectory(source) find_package(nlohmann_json CONFIG REQUIRED) find_package(unofficial-mongoose CONFIG REQUIRED) diff --git a/python/client.py b/python/client.py new file mode 100644 index 0000000..9188e10 --- /dev/null +++ b/python/client.py @@ -0,0 +1,595 @@ +import requests +import json + + +def check_login(): + """ + 0.检查是否登录 + :return: + """ + url = "127.0.0.1:19088/api/?type=0" + payload = {} + headers = {} + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def user_info(): + """ + 登录用户信息 + :return: + """ + url = "127.0.0.1:19088/api/?type=8" + payload = {} + headers = {} + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def send_text(): + """ + 发送文本 + :return: + """ + url = "127.0.0.1:19088/api/?type=2" + payload = json.dumps({ + "wxid": "filehelper", + "msg": "123" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def send_at(): + """ + 发送@消息 + :return: + """ + url = "127.0.0.1:19088/api/?type=3" + payload = json.dumps({ + "chatRoomId": "12333@chatroom", + "wxids": "notify@all", + "msg": "12333" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def send_img(): + """ + 发送图片 + :return: + """ + url = "127.0.0.1:19088/api/?type=5" + payload = json.dumps({ + "wxid": "filehelper", + "imagePath": "C:/123.png" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def send_file(): + """ + 发送文件 + :return: + """ + url = "127.0.0.1:19088/api/?type=6" + payload = json.dumps({ + "wxid": "filehelper", + "filePath": "C:/test.txt" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def hook_msg(): + """ + hook 消息 + :return: + """ + url = "127.0.0.1:19088/api/?type=9" + payload = json.dumps({ + "port": "19099", + "ip": "127.0.0.1" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def unhook_msg(): + """ + 取消消息hook + :return: + """ + url = "127.0.0.1:19088/api/?type=10" + payload = {} + headers = {} + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def hook_img(): + """ + hook 图片 + :return: + """ + url = "127.0.0.1:19088/api/?type=11" + payload = json.dumps({ + "imgDir": "C:\\img" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def unhook_img(): + """ + 取消hook 图片 + :return: + """ + url = "127.0.0.1:19088/api/?type=12" + payload = json.dumps({ + "imgDir": "C:\\img" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def hook_voice(): + """ + hook 语音 + :return: + """ + url = "127.0.0.1:19088/api/?type=56" + payload = json.dumps({ + "msgId": 322456091115784000 + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def unhook_voice(): + """ + 取消hook 语音 + :return: + """ + url = "127.0.0.1:19088/api/?type=14" + payload = {} + headers = {} + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def del_friend(): + """ + 删除好友 + :return: + """ + url = "127.0.0.1:19088/api/?type=17" + payload = json.dumps({ + "wxid": "wxid_1124423322" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def search_friend(): + """ + 网络搜素用户 + :return: + """ + url = "127.0.0.1:19088/api/?type=19" + payload = json.dumps({ + "keyword": "13812345678" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def add_friend(): + """ + 添加好友 + :return: + """ + url = "127.0.0.1:19088/api/?type=20" + payload = json.dumps({ + "wxid": "wxid_o11222334422" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def fetch_chat_room_members(): + """ + 群成员 + :return: + """ + url = "127.0.0.1:19088/api/?type=25" + payload = json.dumps({ + "chatRoomId": "2112222004@chatroom" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def get_member_nickname(): + """ + 群成员昵称 + :return: + """ + url = "127.0.0.1:19088/api/?type=26" + payload = json.dumps({ + "chatRoomId": "322333384@chatroom", + "memberId": "wxid_4m1112222u22" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def del_member(): + """ + 删除群成员 + :return: + """ + url = "127.0.0.1:19088/api/?type=27" + payload = json.dumps({ + "chatRoomId": "31122263384@chatroom", + "memberIds": "wxid_12223334422" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def add_member(): + """ + 增加群成员 + :return: + """ + url = "127.0.0.1:19088/api/?type=28" + payload = json.dumps({ + "chatRoomId": "1111163384@chatroom", + "memberIds": "wxid_o12222222" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def modify_room_name(): + """ + 修改群昵称 + :return: + """ + url = "127.0.0.1:19088/api/?type=31" + payload = json.dumps({ + "chatRoomId": "222285428@chatroom", + "wxid": "wxid_222222512", + "nickName": "qqq" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def get_db_handlers(): + """ + 获取sqlite3的操作句柄 + :return: + """ + url = "127.0.0.1:19088/api/?type=32" + payload = {} + headers = {} + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def query_db_by_sql(): + """ + 查询数据库 + :return: + """ + url = "127.0.0.1:19088/api/?type=34" + payload = json.dumps({ + "dbHandle": 116201928, + "sql": "select localId from MSG where MsgSvrID= 7533111101686156" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def hook_log(): + """ + hook 日志 + :return: + """ + url = "127.0.0.1:19088/api/?type=36" + payload = {} + headers = {} + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def unhook_log(): + """ + 取消hook日志 + :return: + """ + url = "127.0.0.1:19088/api/?type=37" + payload = {} + headers = {} + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def forward(): + """ + 转发消息 + :return: + """ + url = "127.0.0.1:19088/api/?type=40" + payload = json.dumps({ + "wxid": "filehelper", + "msgid": "705117679011122708" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def logout(): + """ + 退出登录 + :return: + """ + url = "127.0.0.1:19088/api/?type=44" + payload = {} + headers = {} + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def confirm_receipt(): + """ + 确认收款 + :return: + """ + url = "127.0.0.1:19088/api/?type=45" + payload = json.dumps({ + "wxid": "wxid_1111112622", + "transcationId": "10000500012312222212243388865912", + "transferId": "100005000120212222173123036" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def contact_list(): + """ + 好友列表 + :return: + """ + url = "127.0.0.1:19088/api/?type=46" + payload = {} + headers = {} + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def room_detail(): + """ + 群详情 + :return: + """ + url = "127.0.0.1:19088/api/?type=47" + payload = json.dumps({ + "chatRoomId": "199134446111@chatroom" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def ocr(): + """ + ocr提取文字 + :return: + """ + url = "127.0.0.1:19088/api/?type=49" + payload = json.dumps({ + "imagePath": "C:\\WeChat Files\\b23e84997144dd12f21554b0.dat" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def pat(): + """ + 拍一拍 + :return: + """ + url = "127.0.0.1:19088/api/?type=50" + payload = json.dumps({ + "chatRoomId": "211111121004@chatroom", + "wxid": "wxid_111111111422" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def top_msg(): + """ + 消息置顶 + :return: + """ + url = "127.0.0.1:19088/api/?type=51" + payload = json.dumps({ + "wxid": "wxid_o11114422", + "msgid": 3728307145189195000 + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def close_top_msg(): + """ + 取消置顶 + :return: + """ + url = "127.0.0.1:19088/api/?type=52" + payload = json.dumps({ + "chatRoomId": "213222231004@chatroom", + "msgid": 3728307145189195000 + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def sns_first(): + """ + 朋友圈首页 + :return: + """ + url = "127.0.0.1:19088/api/?type=53" + payload = {} + headers = {} + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def sns_next(): + """ + 朋友圈下一页 + :return: + """ + url = "127.0.0.1:19088/api/?type=54" + payload = json.dumps({ + "snsId": "14091988153735844377" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def query_nickname(): + """ + 查询联系人或群名称 + :return: + """ + url = "127.0.0.1:19088/api/?type=55" + + payload = json.dumps({ + "id": "wxid_1112p4422" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def download_msg_attach(): + """ + 下载消息附件 + :return: + """ + url = "127.0.0.1:19088/api/?type=56" + payload = json.dumps({ + "msgId": 6080100336053626000 + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +def get_member_info(): + """ + 获取群/群成员信息 + :return: + """ + url = "127.0.0.1:19088/api/?type=57" + payload = json.dumps({ + "wxid": "wxid_tx8k6tu21112" + }) + headers = { + 'Content-Type': 'application/json' + } + response = requests.request("POST", url, headers=headers, data=payload) + print(response.text) + + +if __name__ == '__main__': + check_login() + user_info() + send_text() \ No newline at end of file diff --git a/python/decrypt.py b/python/decrypt.py new file mode 100644 index 0000000..eae7a97 --- /dev/null +++ b/python/decrypt.py @@ -0,0 +1,51 @@ +import ctypes +import hashlib +import hmac + +# pip install pycryptodome +from Crypto.Cipher import AES + + +def decrypt(password, input_file, out_file): + password = bytes.fromhex(password.replace(' ', '')) + with open(input_file, 'rb') as (f): + blist = f.read() + print(len(blist)) + salt = blist[:16] + key = hashlib.pbkdf2_hmac('sha1', password, salt, DEFAULT_ITER, KEY_SIZE) + first = blist[16:DEFAULT_PAGESIZE] + mac_salt = bytes([x ^ 58 for x in salt]) + mac_key = hashlib.pbkdf2_hmac('sha1', key, mac_salt, 2, KEY_SIZE) + hash_mac = hmac.new(mac_key, digestmod='sha1') + hash_mac.update(first[:-32]) + hash_mac.update(bytes(ctypes.c_int(1))) + if hash_mac.digest() == first[-32:-12]: + print('decrypt success') + else: + print('password error') + return + blist = [blist[i:i + DEFAULT_PAGESIZE] for i in range(DEFAULT_PAGESIZE, len(blist), DEFAULT_PAGESIZE)] + with open(out_file, 'wb') as (f): + f.write(SQLITE_FILE_HEADER) + t = AES.new(key, AES.MODE_CBC, first[-48:-32]) + f.write(t.decrypt(first[:-48])) + f.write(first[-48:]) + for i in blist: + t = AES.new(key, AES.MODE_CBC, i[-48:-32]) + f.write(t.decrypt(i[:-48])) + f.write(i[-48:]) + + +def main(): + password = '565735E30E474DA09250CB5AA047E3940FFA1C6F767C4263B13ABB512933DA49' + input_file = 'C:/var/Applet.db' + out_file = 'c:/var/out/Applet.db' + decrypt(password, input_file, out_file) + + +if __name__ == '__main__': + SQLITE_FILE_HEADER = bytes('SQLite format 3', encoding='ASCII') + bytes(1) + KEY_SIZE = 32 + DEFAULT_PAGESIZE = 4096 + DEFAULT_ITER = 64000 + main() \ No newline at end of file diff --git a/source/CMakeLists.txt b/source/CMakeLists.txt new file mode 100644 index 0000000..9e36448 --- /dev/null +++ b/source/CMakeLists.txt @@ -0,0 +1,20 @@ +cmake_minimum_required(VERSION 3.0.0) +project(ConsoleApplication VERSION 1.0.0) + + +set(CMAKE_CXX_STANDARD 17) +set(CMAKE_CXX_STANDARD_REQUIRED True) + +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /D '_UNICODE' /D 'UNICODE'") + +file(GLOB INJECT_CPP_FILES ${PROJECT_SOURCE_DIR}/*.cc ${PROJECT_SOURCE_DIR}/*.cpp) + +add_executable (ConsoleApplication ${INJECT_CPP_FILES}) + +SET_TARGET_PROPERTIES(ConsoleApplication PROPERTIES LINKER_LANGUAGE C + ARCHIVE_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/bin + LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/bin + RUNTIME_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/bin + OUTPUT_NAME "ConsoleApplication" + PREFIX "") + \ No newline at end of file diff --git a/source/ConsoleApplication.cc b/source/ConsoleApplication.cc new file mode 100644 index 0000000..f746b94 --- /dev/null +++ b/source/ConsoleApplication.cc @@ -0,0 +1,962 @@ +// ConsoleApplication.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。 +// https://github.com/yihleego/handle-tools + +#include +#include +#include +#include "getopt.h" +#include + +#include "ntstatus.h" + + +#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) + +bool endsWith(const std::string& str, const std::string suffix) { + if (suffix.length() > str.length()) { return false; } + return (str.rfind(suffix) == (str.length() - suffix.length())); +} + +typedef struct _UNICODE_STRING { + USHORT Length; + USHORT MaximumLength; + PWSTR Buffer; +} UNICODE_STRING, * PUNICODE_STRING; + +typedef struct _SYSTEM_HANDLE { + PVOID Object; + HANDLE UniqueProcessId; + HANDLE HandleValue; + ULONG GrantedAccess; + USHORT CreatorBackTraceIndex; + USHORT ObjectTypeIndex; + ULONG HandleAttributes; + ULONG Reserved; +} SYSTEM_HANDLE, * PSYSTEM_HANDLE; + +typedef struct _SYSTEM_HANDLE_INFORMATION_EX { + ULONG_PTR HandleCount; + ULONG_PTR Reserved; + SYSTEM_HANDLE Handles[1]; +} SYSTEM_HANDLE_INFORMATION_EX, * PSYSTEM_HANDLE_INFORMATION_EX; + +typedef struct _OBJECT_BASIC_INFORMATION { + ULONG Attributes; + ACCESS_MASK GrantedAccess; + ULONG HandleCount; + ULONG PointerCount; + ULONG PagedPoolCharge; + ULONG NonPagedPoolCharge; + ULONG Reserved[3]; + ULONG NameInfoSize; + ULONG TypeInfoSize; + ULONG SecurityDescriptorSize; + LARGE_INTEGER CreationTime; +} OBJECT_BASIC_INFORMATION, * POBJECT_BASIC_INFORMATION; + +typedef struct _OBJECT_NAME_INFORMATION { + UNICODE_STRING Name; +} OBJECT_NAME_INFORMATION, * POBJECT_NAME_INFORMATION; + +typedef struct _OBJECT_TYPE_INFORMATION { + UNICODE_STRING TypeName; + ULONG Reserved[22]; // reserved for internal use +} OBJECT_TYPE_INFORMATION, * POBJECT_TYPE_INFORMATION; + +typedef enum _SYSTEM_INFORMATION_CLASS { + SystemBasicInformation, // q: SYSTEM_BASIC_INFORMATION + SystemProcessorInformation, // q: SYSTEM_PROCESSOR_INFORMATION + SystemPerformanceInformation, // q: SYSTEM_PERFORMANCE_INFORMATION + SystemTimeOfDayInformation, // q: SYSTEM_TIMEOFDAY_INFORMATION + SystemPathInformation, // not implemented + SystemProcessInformation, // q: SYSTEM_PROCESS_INFORMATION + SystemCallCountInformation, // q: SYSTEM_CALL_COUNT_INFORMATION + SystemDeviceInformation, // q: SYSTEM_DEVICE_INFORMATION + SystemProcessorPerformanceInformation, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION + SystemFlagsInformation, // q: SYSTEM_FLAGS_INFORMATION + SystemCallTimeInformation, // not implemented // SYSTEM_CALL_TIME_INFORMATION // 10 + SystemModuleInformation, // q: RTL_PROCESS_MODULES + SystemLocksInformation, // q: RTL_PROCESS_LOCKS + SystemStackTraceInformation, // q: RTL_PROCESS_BACKTRACES + SystemPagedPoolInformation, // not implemented + SystemNonPagedPoolInformation, // not implemented + SystemHandleInformation, // q: SYSTEM_HANDLE_INFORMATION + SystemObjectInformation, // q: SYSTEM_OBJECTTYPE_INFORMATION mixed with SYSTEM_OBJECT_INFORMATION + SystemPageFileInformation, // q: SYSTEM_PAGEFILE_INFORMATION + SystemVdmInstemulInformation, // q: SYSTEM_VDM_INSTEMUL_INFO + SystemVdmBopInformation, // not implemented // 20 + SystemFileCacheInformation, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemCache) + SystemPoolTagInformation, // q: SYSTEM_POOLTAG_INFORMATION + SystemInterruptInformation, // q: SYSTEM_INTERRUPT_INFORMATION + SystemDpcBehaviorInformation, // q: SYSTEM_DPC_BEHAVIOR_INFORMATION; s: SYSTEM_DPC_BEHAVIOR_INFORMATION (requires SeLoadDriverPrivilege) + SystemFullMemoryInformation, // not implemented // SYSTEM_MEMORY_USAGE_INFORMATION + SystemLoadGdiDriverInformation, // s (kernel-mode only) + SystemUnloadGdiDriverInformation, // s (kernel-mode only) + SystemTimeAdjustmentInformation, // q: SYSTEM_QUERY_TIME_ADJUST_INFORMATION; s: SYSTEM_SET_TIME_ADJUST_INFORMATION (requires SeSystemtimePrivilege) + SystemSummaryMemoryInformation, // not implemented // SYSTEM_MEMORY_USAGE_INFORMATION + SystemMirrorMemoryInformation, // s (requires license value "Kernel-MemoryMirroringSupported") (requires SeShutdownPrivilege) // 30 + SystemPerformanceTraceInformation, // q; s: (type depends on EVENT_TRACE_INFORMATION_CLASS) + SystemObsolete0, // not implemented + SystemExceptionInformation, // q: SYSTEM_EXCEPTION_INFORMATION + SystemCrashDumpStateInformation, // s: SYSTEM_CRASH_DUMP_STATE_INFORMATION (requires SeDebugPrivilege) + SystemKernelDebuggerInformation, // q: SYSTEM_KERNEL_DEBUGGER_INFORMATION + SystemContextSwitchInformation, // q: SYSTEM_CONTEXT_SWITCH_INFORMATION + SystemRegistryQuotaInformation, // q: SYSTEM_REGISTRY_QUOTA_INFORMATION; s (requires SeIncreaseQuotaPrivilege) + SystemExtendServiceTableInformation, // s (requires SeLoadDriverPrivilege) // loads win32k only + SystemPrioritySeperation, // s (requires SeTcbPrivilege) + SystemVerifierAddDriverInformation, // s (requires SeDebugPrivilege) // 40 + SystemVerifierRemoveDriverInformation, // s (requires SeDebugPrivilege) + SystemProcessorIdleInformation, // q: SYSTEM_PROCESSOR_IDLE_INFORMATION + SystemLegacyDriverInformation, // q: SYSTEM_LEGACY_DRIVER_INFORMATION + SystemCurrentTimeZoneInformation, // q; s: RTL_TIME_ZONE_INFORMATION + SystemLookasideInformation, // q: SYSTEM_LOOKASIDE_INFORMATION + SystemTimeSlipNotification, // s: HANDLE (NtCreateEvent) (requires SeSystemtimePrivilege) + SystemSessionCreate, // not implemented + SystemSessionDetach, // not implemented + SystemSessionInformation, // not implemented (SYSTEM_SESSION_INFORMATION) + SystemRangeStartInformation, // q: SYSTEM_RANGE_START_INFORMATION // 50 + SystemVerifierInformation, // q: SYSTEM_VERIFIER_INFORMATION; s (requires SeDebugPrivilege) + SystemVerifierThunkExtend, // s (kernel-mode only) + SystemSessionProcessInformation, // q: SYSTEM_SESSION_PROCESS_INFORMATION + SystemLoadGdiDriverInSystemSpace, // s: SYSTEM_GDI_DRIVER_INFORMATION (kernel-mode only) (same as SystemLoadGdiDriverInformation) + SystemNumaProcessorMap, // q: SYSTEM_NUMA_INFORMATION + SystemPrefetcherInformation, // q; s: PREFETCHER_INFORMATION // PfSnQueryPrefetcherInformation + SystemExtendedProcessInformation, // q: SYSTEM_PROCESS_INFORMATION + SystemRecommendedSharedDataAlignment, // q: ULONG // KeGetRecommendedSharedDataAlignment + SystemComPlusPackage, // q; s: ULONG + SystemNumaAvailableMemory, // q: SYSTEM_NUMA_INFORMATION // 60 + SystemProcessorPowerInformation, // q: SYSTEM_PROCESSOR_POWER_INFORMATION + SystemEmulationBasicInformation, // q: SYSTEM_BASIC_INFORMATION + SystemEmulationProcessorInformation, // q: SYSTEM_PROCESSOR_INFORMATION + SystemExtendedHandleInformation, // q: SYSTEM_HANDLE_INFORMATION_EX + SystemLostDelayedWriteInformation, // q: ULONG + SystemBigPoolInformation, // q: SYSTEM_BIGPOOL_INFORMATION + SystemSessionPoolTagInformation, // q: SYSTEM_SESSION_POOLTAG_INFORMATION + SystemSessionMappedViewInformation, // q: SYSTEM_SESSION_MAPPED_VIEW_INFORMATION + SystemHotpatchInformation, // q; s: SYSTEM_HOTPATCH_CODE_INFORMATION + SystemObjectSecurityMode, // q: ULONG // 70 + SystemWatchdogTimerHandler, // s: SYSTEM_WATCHDOG_HANDLER_INFORMATION // (kernel-mode only) + SystemWatchdogTimerInformation, // q: SYSTEM_WATCHDOG_TIMER_INFORMATION // (kernel-mode only) + SystemLogicalProcessorInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION + SystemWow64SharedInformationObsolete, // not implemented + SystemRegisterFirmwareTableInformationHandler, // s: SYSTEM_FIRMWARE_TABLE_HANDLER // (kernel-mode only) + SystemFirmwareTableInformation, // SYSTEM_FIRMWARE_TABLE_INFORMATION + SystemModuleInformationEx, // q: RTL_PROCESS_MODULE_INFORMATION_EX + SystemVerifierTriageInformation, // not implemented + SystemSuperfetchInformation, // q; s: SUPERFETCH_INFORMATION // PfQuerySuperfetchInformation + SystemMemoryListInformation, // q: SYSTEM_MEMORY_LIST_INFORMATION; s: SYSTEM_MEMORY_LIST_COMMAND (requires SeProfileSingleProcessPrivilege) // 80 + SystemFileCacheInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (same as SystemFileCacheInformation) + SystemThreadPriorityClientIdInformation, // s: SYSTEM_THREAD_CID_PRIORITY_INFORMATION (requires SeIncreaseBasePriorityPrivilege) + SystemProcessorIdleCycleTimeInformation, // q: SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION[] + SystemVerifierCancellationInformation, // SYSTEM_VERIFIER_CANCELLATION_INFORMATION // name:wow64:whNT32QuerySystemVerifierCancellationInformation + SystemProcessorPowerInformationEx, // not implemented + SystemRefTraceInformation, // q; s: SYSTEM_REF_TRACE_INFORMATION // ObQueryRefTraceInformation + SystemSpecialPoolInformation, // q; s: SYSTEM_SPECIAL_POOL_INFORMATION (requires SeDebugPrivilege) // MmSpecialPoolTag, then MmSpecialPoolCatchOverruns != 0 + SystemProcessIdInformation, // q: SYSTEM_PROCESS_ID_INFORMATION + SystemErrorPortInformation, // s (requires SeTcbPrivilege) + SystemBootEnvironmentInformation, // q: SYSTEM_BOOT_ENVIRONMENT_INFORMATION // 90 + SystemHypervisorInformation, // q: SYSTEM_HYPERVISOR_QUERY_INFORMATION + SystemVerifierInformationEx, // q; s: SYSTEM_VERIFIER_INFORMATION_EX + SystemTimeZoneInformation, // q; s: RTL_TIME_ZONE_INFORMATION (requires SeTimeZonePrivilege) + SystemImageFileExecutionOptionsInformation, // s: SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION (requires SeTcbPrivilege) + SystemCoverageInformation, // q: COVERAGE_MODULES s: COVERAGE_MODULE_REQUEST // ExpCovQueryInformation (requires SeDebugPrivilege) + SystemPrefetchPatchInformation, // SYSTEM_PREFETCH_PATCH_INFORMATION + SystemVerifierFaultsInformation, // s: SYSTEM_VERIFIER_FAULTS_INFORMATION (requires SeDebugPrivilege) + SystemSystemPartitionInformation, // q: SYSTEM_SYSTEM_PARTITION_INFORMATION + SystemSystemDiskInformation, // q: SYSTEM_SYSTEM_DISK_INFORMATION + SystemProcessorPerformanceDistribution, // q: SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION // 100 + SystemNumaProximityNodeInformation, // q; s: SYSTEM_NUMA_PROXIMITY_MAP + SystemDynamicTimeZoneInformation, // q; s: RTL_DYNAMIC_TIME_ZONE_INFORMATION (requires SeTimeZonePrivilege) + SystemCodeIntegrityInformation, // q: SYSTEM_CODEINTEGRITY_INFORMATION // SeCodeIntegrityQueryInformation + SystemProcessorMicrocodeUpdateInformation, // s: SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION + SystemProcessorBrandString, // q: CHAR[] // HaliQuerySystemInformation -> HalpGetProcessorBrandString, info class 23 + SystemVirtualAddressInformation, // q: SYSTEM_VA_LIST_INFORMATION[]; s: SYSTEM_VA_LIST_INFORMATION[] (requires SeIncreaseQuotaPrivilege) // MmQuerySystemVaInformation + SystemLogicalProcessorAndGroupInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX // since WIN7 // KeQueryLogicalProcessorRelationship + SystemProcessorCycleTimeInformation, // q: SYSTEM_PROCESSOR_CYCLE_TIME_INFORMATION[] + SystemStoreInformation, // q; s: SYSTEM_STORE_INFORMATION (requires SeProfileSingleProcessPrivilege) // SmQueryStoreInformation + SystemRegistryAppendString, // s: SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS // 110 + SystemAitSamplingValue, // s: ULONG (requires SeProfileSingleProcessPrivilege) + SystemVhdBootInformation, // q: SYSTEM_VHD_BOOT_INFORMATION + SystemCpuQuotaInformation, // q; s: PS_CPU_QUOTA_QUERY_INFORMATION + SystemNativeBasicInformation, // q: SYSTEM_BASIC_INFORMATION + SystemErrorPortTimeouts, // SYSTEM_ERROR_PORT_TIMEOUTS + SystemLowPriorityIoInformation, // q: SYSTEM_LOW_PRIORITY_IO_INFORMATION + SystemTpmBootEntropyInformation, // q: TPM_BOOT_ENTROPY_NT_RESULT // ExQueryTpmBootEntropyInformation + SystemVerifierCountersInformation, // q: SYSTEM_VERIFIER_COUNTERS_INFORMATION + SystemPagedPoolInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypePagedPool) + SystemSystemPtesInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemPtes) // 120 + SystemNodeDistanceInformation, + SystemAcpiAuditInformation, // q: SYSTEM_ACPI_AUDIT_INFORMATION // HaliQuerySystemInformation -> HalpAuditQueryResults, info class 26 + SystemBasicPerformanceInformation, // q: SYSTEM_BASIC_PERFORMANCE_INFORMATION // name:wow64:whNtQuerySystemInformation_SystemBasicPerformanceInformation + SystemQueryPerformanceCounterInformation, // q: SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION // since WIN7 SP1 + SystemSessionBigPoolInformation, // q: SYSTEM_SESSION_POOLTAG_INFORMATION // since WIN8 + SystemBootGraphicsInformation, // q; s: SYSTEM_BOOT_GRAPHICS_INFORMATION (kernel-mode only) + SystemScrubPhysicalMemoryInformation, // q; s: MEMORY_SCRUB_INFORMATION + SystemBadPageInformation, + SystemProcessorProfileControlArea, // q; s: SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA + SystemCombinePhysicalMemoryInformation, // s: MEMORY_COMBINE_INFORMATION, MEMORY_COMBINE_INFORMATION_EX, MEMORY_COMBINE_INFORMATION_EX2 // 130 + SystemEntropyInterruptTimingInformation, // q; s: SYSTEM_ENTROPY_TIMING_INFORMATION + SystemConsoleInformation, // q: SYSTEM_CONSOLE_INFORMATION + SystemPlatformBinaryInformation, // q: SYSTEM_PLATFORM_BINARY_INFORMATION (requires SeTcbPrivilege) + SystemPolicyInformation, // q: SYSTEM_POLICY_INFORMATION + SystemHypervisorProcessorCountInformation, // q: SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION + SystemDeviceDataInformation, // q: SYSTEM_DEVICE_DATA_INFORMATION + SystemDeviceDataEnumerationInformation, // q: SYSTEM_DEVICE_DATA_INFORMATION + SystemMemoryTopologyInformation, // q: SYSTEM_MEMORY_TOPOLOGY_INFORMATION + SystemMemoryChannelInformation, // q: SYSTEM_MEMORY_CHANNEL_INFORMATION + SystemBootLogoInformation, // q: SYSTEM_BOOT_LOGO_INFORMATION // 140 + SystemProcessorPerformanceInformationEx, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX // since WINBLUE + SystemCriticalProcessErrorLogInformation, + SystemSecureBootPolicyInformation, // q: SYSTEM_SECUREBOOT_POLICY_INFORMATION + SystemPageFileInformationEx, // q: SYSTEM_PAGEFILE_INFORMATION_EX + SystemSecureBootInformation, // q: SYSTEM_SECUREBOOT_INFORMATION + SystemEntropyInterruptTimingRawInformation, + SystemPortableWorkspaceEfiLauncherInformation, // q: SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION + SystemFullProcessInformation, // q: SYSTEM_PROCESS_INFORMATION with SYSTEM_PROCESS_INFORMATION_EXTENSION (requires admin) + SystemKernelDebuggerInformationEx, // q: SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX + SystemBootMetadataInformation, // 150 + SystemSoftRebootInformation, // q: ULONG + SystemElamCertificateInformation, // s: SYSTEM_ELAM_CERTIFICATE_INFORMATION + SystemOfflineDumpConfigInformation, // q: OFFLINE_CRASHDUMP_CONFIGURATION_TABLE_V2 + SystemProcessorFeaturesInformation, // q: SYSTEM_PROCESSOR_FEATURES_INFORMATION + SystemRegistryReconciliationInformation, // s: NULL (requires admin) (flushes registry hives) + SystemEdidInformation, // q: SYSTEM_EDID_INFORMATION + SystemManufacturingInformation, // q: SYSTEM_MANUFACTURING_INFORMATION // since THRESHOLD + SystemEnergyEstimationConfigInformation, // q: SYSTEM_ENERGY_ESTIMATION_CONFIG_INFORMATION + SystemHypervisorDetailInformation, // q: SYSTEM_HYPERVISOR_DETAIL_INFORMATION + SystemProcessorCycleStatsInformation, // q: SYSTEM_PROCESSOR_CYCLE_STATS_INFORMATION // 160 + SystemVmGenerationCountInformation, + SystemTrustedPlatformModuleInformation, // q: SYSTEM_TPM_INFORMATION + SystemKernelDebuggerFlags, // SYSTEM_KERNEL_DEBUGGER_FLAGS + SystemCodeIntegrityPolicyInformation, // q: SYSTEM_CODEINTEGRITYPOLICY_INFORMATION + SystemIsolatedUserModeInformation, // q: SYSTEM_ISOLATED_USER_MODE_INFORMATION + SystemHardwareSecurityTestInterfaceResultsInformation, + SystemSingleModuleInformation, // q: SYSTEM_SINGLE_MODULE_INFORMATION + SystemAllowedCpuSetsInformation, + SystemVsmProtectionInformation, // q: SYSTEM_VSM_PROTECTION_INFORMATION (previously SystemDmaProtectionInformation) + SystemInterruptCpuSetsInformation, // q: SYSTEM_INTERRUPT_CPU_SET_INFORMATION // 170 + SystemSecureBootPolicyFullInformation, // q: SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION + SystemCodeIntegrityPolicyFullInformation, + SystemAffinitizedInterruptProcessorInformation, // (requires SeIncreaseBasePriorityPrivilege) + SystemRootSiloInformation, // q: SYSTEM_ROOT_SILO_INFORMATION + SystemCpuSetInformation, // q: SYSTEM_CPU_SET_INFORMATION // since THRESHOLD2 + SystemCpuSetTagInformation, // q: SYSTEM_CPU_SET_TAG_INFORMATION + SystemWin32WerStartCallout, + SystemSecureKernelProfileInformation, // q: SYSTEM_SECURE_KERNEL_HYPERGUARD_PROFILE_INFORMATION + SystemCodeIntegrityPlatformManifestInformation, // q: SYSTEM_SECUREBOOT_PLATFORM_MANIFEST_INFORMATION // since REDSTONE + SystemInterruptSteeringInformation, // SYSTEM_INTERRUPT_STEERING_INFORMATION_INPUT // 180 + SystemSupportedProcessorArchitectures, // in: HANDLE, out: SYSTEM_SUPPORTED_PROCESSOR_ARCHITECTURES_INFORMATION[] (Max 5 structs) // NtQuerySystemInformationEx + SystemMemoryUsageInformation, // q: SYSTEM_MEMORY_USAGE_INFORMATION + SystemCodeIntegrityCertificateInformation, // q: SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION + SystemPhysicalMemoryInformation, // q: SYSTEM_PHYSICAL_MEMORY_INFORMATION // since REDSTONE2 + SystemControlFlowTransition, + SystemKernelDebuggingAllowed, // s: ULONG + SystemActivityModerationExeState, // SYSTEM_ACTIVITY_MODERATION_EXE_STATE + SystemActivityModerationUserSettings, // SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS + SystemCodeIntegrityPoliciesFullInformation, + SystemCodeIntegrityUnlockInformation, // SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION // 190 + SystemIntegrityQuotaInformation, + SystemFlushInformation, // q: SYSTEM_FLUSH_INFORMATION + SystemProcessorIdleMaskInformation, // q: ULONG_PTR // since REDSTONE3 + SystemSecureDumpEncryptionInformation, + SystemWriteConstraintInformation, // SYSTEM_WRITE_CONSTRAINT_INFORMATION + SystemKernelVaShadowInformation, // SYSTEM_KERNEL_VA_SHADOW_INFORMATION + SystemHypervisorSharedPageInformation, // SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION // since REDSTONE4 + SystemFirmwareBootPerformanceInformation, + SystemCodeIntegrityVerificationInformation, // SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION + SystemFirmwarePartitionInformation, // SYSTEM_FIRMWARE_PARTITION_INFORMATION // 200 + SystemSpeculationControlInformation, // SYSTEM_SPECULATION_CONTROL_INFORMATION // (CVE-2017-5715) REDSTONE3 and above. + SystemDmaGuardPolicyInformation, // SYSTEM_DMA_GUARD_POLICY_INFORMATION + SystemEnclaveLaunchControlInformation, // SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION + SystemWorkloadAllowedCpuSetsInformation, // SYSTEM_WORKLOAD_ALLOWED_CPU_SET_INFORMATION // since REDSTONE5 + SystemCodeIntegrityUnlockModeInformation, + SystemLeapSecondInformation, // SYSTEM_LEAP_SECOND_INFORMATION + SystemFlags2Information, // q: SYSTEM_FLAGS_INFORMATION + SystemSecurityModelInformation, // SYSTEM_SECURITY_MODEL_INFORMATION // since 19H1 + SystemCodeIntegritySyntheticCacheInformation, + SystemFeatureConfigurationInformation, // SYSTEM_FEATURE_CONFIGURATION_INFORMATION // since 20H1 // 210 + SystemFeatureConfigurationSectionInformation, // SYSTEM_FEATURE_CONFIGURATION_SECTIONS_INFORMATION + SystemFeatureUsageSubscriptionInformation, // SYSTEM_FEATURE_USAGE_SUBSCRIPTION_DETAILS + SystemSecureSpeculationControlInformation, // SECURE_SPECULATION_CONTROL_INFORMATION + SystemSpacesBootInformation, // since 20H2 + SystemFwRamdiskInformation, // SYSTEM_FIRMWARE_RAMDISK_INFORMATION + SystemWheaIpmiHardwareInformation, + SystemDifSetRuleClassInformation, + SystemDifClearRuleClassInformation, + SystemDifApplyPluginVerificationOnDriver, + SystemDifRemovePluginVerificationOnDriver, // 220 + SystemShadowStackInformation, // SYSTEM_SHADOW_STACK_INFORMATION + SystemBuildVersionInformation, // SYSTEM_BUILD_VERSION_INFORMATION + SystemPoolLimitInformation, // SYSTEM_POOL_LIMIT_INFORMATION + SystemCodeIntegrityAddDynamicStore, + SystemCodeIntegrityClearDynamicStores, + SystemDifPoolTrackingInformation, + SystemPoolZeroingInformation, // SYSTEM_POOL_ZEROING_INFORMATION + MaxSystemInfoClass +} SYSTEM_INFORMATION_CLASS; + +typedef enum _OBJECT_INFORMATION_CLASS { + ObjectBasicInformation = 0, // q: OBJECT_BASIC_INFORMATION + ObjectNameInformation = 1, // q: OBJECT_NAME_INFORMATION + ObjectTypeInformation = 2, // q: OBJECT_TYPE_INFORMATION + ObjectTypesInformation, // q: OBJECT_TYPES_INFORMATION + ObjectHandleFlagInformation, // qs: OBJECT_HANDLE_FLAG_INFORMATION + ObjectSessionInformation, // s: void // change object session // (requires SeTcbPrivilege) + ObjectSessionObjectInformation, // s: void // change object session // (requires SeTcbPrivilege) + MaxObjectInfoClass +} OBJECT_INFORMATION_CLASS; + +typedef NTSTATUS(WINAPI* PNtQuerySystemInformation)( + _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, + _Inout_ PVOID SystemInformation, + _In_ ULONG SystemInformationLength, + _Out_opt_ PULONG ReturnLength + ); + +typedef NTSTATUS(WINAPI* PNtQueryObject)( + _In_opt_ HANDLE Handle, + _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, + _Out_opt_ PVOID ObjectInformation, + _In_ ULONG ObjectInformationLength, + _Out_opt_ PULONG ReturnLength); + +typedef NTSTATUS(WINAPI* PNtDuplicateObject)( + _In_ HANDLE SourceProcessHandle, + _In_ HANDLE SourceHandle, + _In_opt_ HANDLE TargetProcessHandle, + _Out_opt_ PHANDLE TargetHandle, + _In_ ACCESS_MASK DesiredAccess, + _In_ ULONG HandleAttributes, + _In_ ULONG Options + ); + +int FindHandles(ULONG pid, LPSTR handleName, BOOL closeHandle, BOOL suffix) { + HMODULE ntdll = GetModuleHandle(TEXT("ntdll.dll")); + if (NULL == ntdll) { + printf("Failed to load 'ntdll.dll'\n"); + return 0; + } + PNtQuerySystemInformation pQuerySystemInformation = (PNtQuerySystemInformation)GetProcAddress(ntdll, "NtQuerySystemInformation"); + PNtQueryObject pQueryObject = (PNtQueryObject)GetProcAddress(ntdll, "NtQueryObject"); + PNtDuplicateObject pDuplicateObject = (PNtDuplicateObject)GetProcAddress(ntdll, "NtDuplicateObject"); + if (NULL == pQuerySystemInformation || NULL == pQueryObject || NULL == pDuplicateObject) { + printf("Failed to call 'GetProcAddress()'\n"); + return 0; + } + + ULONG len = 0x10000; + NTSTATUS status; + PSYSTEM_HANDLE_INFORMATION_EX pHandleInfo = NULL; + do { + if (len > 0x4000000) { + return 0; + } + len *= 2; + pHandleInfo = (PSYSTEM_HANDLE_INFORMATION_EX)GlobalAlloc(GMEM_ZEROINIT, len); + status = pQuerySystemInformation(SystemExtendedHandleInformation, pHandleInfo, len, &len); + } while (status == STATUS_INFO_LENGTH_MISMATCH); + + if (!NT_SUCCESS(status)) { + printf("Failed to call 'NtQuerySystemInformation()' with error code 0x%X\n", status); + return 0; + } + + HANDLE currentProcess = GetCurrentProcess(); + for (int i = 0; i < pHandleInfo->HandleCount; i++) { + SYSTEM_HANDLE handle = pHandleInfo->Handles[i]; + PVOID object = handle.Object; + HANDLE handleValue = handle.HandleValue; + HANDLE uniqueProcessId = handle.UniqueProcessId; + if (NULL != pid && HandleToLong(uniqueProcessId) != pid) { + continue; + } + LPSTR pName = NULL; + LPSTR pType = NULL; + HANDLE sourceProcess = OpenProcess(PROCESS_ALL_ACCESS | PROCESS_DUP_HANDLE | PROCESS_SUSPEND_RESUME, FALSE, HandleToULong(uniqueProcessId)); + HANDLE targetHandle = NULL; + NTSTATUS status = pDuplicateObject(sourceProcess, handleValue, currentProcess, &targetHandle, 0, FALSE, DUPLICATE_SAME_ACCESS); + if (NT_SUCCESS(status)) { + //printf("Failed to call 'NtDuplicateObject()' with error code 0x%X\n", status); + POBJECT_NAME_INFORMATION pNameInfo = (POBJECT_NAME_INFORMATION)GlobalAlloc(GMEM_ZEROINIT, len); + POBJECT_TYPE_INFORMATION pTypeInfo = (POBJECT_TYPE_INFORMATION)GlobalAlloc(GMEM_ZEROINIT, len); + if (NT_SUCCESS(pQueryObject(targetHandle, ObjectNameInformation, pNameInfo, len, NULL))) { + pName = (LPSTR)GlobalAlloc(GMEM_ZEROINIT, pNameInfo->Name.Length); + WideCharToMultiByte(CP_ACP, 0, pNameInfo->Name.Buffer, -1, pName, pNameInfo->Name.Length, NULL, NULL); + } + if (NT_SUCCESS(pQueryObject(targetHandle, ObjectTypeInformation, pTypeInfo, len, NULL))) { + pType = (LPSTR)GlobalAlloc(GMEM_ZEROINIT, pTypeInfo->TypeName.Length); + WideCharToMultiByte(CP_ACP, 0, pTypeInfo->TypeName.Buffer, -1, pType, pTypeInfo->TypeName.Length, NULL, NULL); + } + } + if (NULL != handleName) { + if (suffix) { + if (NULL == pName || !endsWith(std::string(pName), std::string(handleName))) { + continue; + } + } + else { + if (NULL == pName || 0 != strcmp(pName, handleName)) { + continue; + } + } + + if (TRUE == closeHandle) { + HANDLE hProcess = OpenProcess(PROCESS_DUP_HANDLE, FALSE, HandleToLong(uniqueProcessId)); + DuplicateHandle(hProcess, handleValue, 0, 0, 0, 0, DUPLICATE_CLOSE_SOURCE); + CloseHandle(hProcess); + } + } + printf("PID: %-6d\t", uniqueProcessId); + printf("Handle: 0x%-3x\t", handleValue); + printf("Object: 0x%-8X\t", object); + printf("Type: %-20s\t", NULL != pType ? pType : ""); + printf("Name: %-30s\t", NULL != pName ? pName : ""); + printf("\n"); + } + return 1; +} + +int DisplayHandles() { + return FindHandles(NULL, NULL, FALSE, FALSE); +} + +int DisplayHandles(ULONG pid) { + return FindHandles(pid, NULL, FALSE, FALSE); +} + +int FindHandle(ULONG pid, LPSTR handleName) { + return FindHandles(pid, handleName, FALSE, FALSE); +} + +int CloseHandle(ULONG pid, LPSTR handleName) { + return FindHandles(pid, handleName, TRUE, FALSE); +} + +HANDLE FindHandleByName(ULONG pid, LPSTR handleName) { + HMODULE ntdll = GetModuleHandle(TEXT("ntdll.dll")); + if (NULL == ntdll) { + printf("Failed to load 'ntdll.dll'\n"); + return 0; + } + PNtQuerySystemInformation pQuerySystemInformation = (PNtQuerySystemInformation)GetProcAddress(ntdll, "NtQuerySystemInformation"); + PNtQueryObject pQueryObject = (PNtQueryObject)GetProcAddress(ntdll, "NtQueryObject"); + PNtDuplicateObject pDuplicateObject = (PNtDuplicateObject)GetProcAddress(ntdll, "NtDuplicateObject"); + if (NULL == pQuerySystemInformation || NULL == pQueryObject || NULL == pDuplicateObject) { + printf("Failed to call 'GetProcAddress()'\n"); + return 0; + } + + ULONG len = 0x10000; + NTSTATUS status; + PSYSTEM_HANDLE_INFORMATION_EX pHandleInfo = NULL; + do { + if (len > 0x4000000) { + return 0; + } + len *= 2; + pHandleInfo = (PSYSTEM_HANDLE_INFORMATION_EX)GlobalAlloc(GMEM_ZEROINIT, len); + status = pQuerySystemInformation(SystemExtendedHandleInformation, pHandleInfo, len, &len); + } while (status == STATUS_INFO_LENGTH_MISMATCH); + + if (!NT_SUCCESS(status)) { + printf("Failed to call 'NtQuerySystemInformation()' with error code 0x%X\n", status); + return 0; + } + + HANDLE currentProcess = GetCurrentProcess(); + for (int i = 0; i < pHandleInfo->HandleCount; i++) { + SYSTEM_HANDLE handle = pHandleInfo->Handles[i]; + PVOID object = handle.Object; + HANDLE handleValue = handle.HandleValue; + HANDLE uniqueProcessId = handle.UniqueProcessId; + if (NULL != pid && HandleToLong(uniqueProcessId) != pid) { + continue; + } + LPSTR pName = NULL; + LPSTR pType = NULL; + HANDLE sourceProcess = OpenProcess(PROCESS_ALL_ACCESS | PROCESS_DUP_HANDLE | PROCESS_SUSPEND_RESUME, FALSE, HandleToULong(uniqueProcessId)); + HANDLE targetHandle = NULL; + NTSTATUS status = pDuplicateObject(sourceProcess, handleValue, currentProcess, &targetHandle, 0, FALSE, DUPLICATE_SAME_ACCESS); + if (NT_SUCCESS(status)) { + //printf("Failed to call 'NtDuplicateObject()' with error code 0x%X\n", status); + POBJECT_NAME_INFORMATION pNameInfo = (POBJECT_NAME_INFORMATION)GlobalAlloc(GMEM_ZEROINIT, len); + POBJECT_TYPE_INFORMATION pTypeInfo = (POBJECT_TYPE_INFORMATION)GlobalAlloc(GMEM_ZEROINIT, len); + if (NT_SUCCESS(pQueryObject(targetHandle, ObjectNameInformation, pNameInfo, len, NULL))) { + pName = (LPSTR)GlobalAlloc(GMEM_ZEROINIT, pNameInfo->Name.Length); + WideCharToMultiByte(CP_ACP, 0, pNameInfo->Name.Buffer, -1, pName, pNameInfo->Name.Length, NULL, NULL); + } + if (NT_SUCCESS(pQueryObject(targetHandle, ObjectTypeInformation, pTypeInfo, len, NULL))) { + pType = (LPSTR)GlobalAlloc(GMEM_ZEROINIT, pTypeInfo->TypeName.Length); + WideCharToMultiByte(CP_ACP, 0, pTypeInfo->TypeName.Buffer, -1, pType, pTypeInfo->TypeName.Length, NULL, NULL); + } + } + if (NULL != handleName) { + + if (NULL == pName || 0 != strcmp(pName, handleName)) { + continue; + } + return handleValue; + } + + } +} + + +std::wstring Utf8ToUnicode(const char* buffer) { + int c_size = MultiByteToWideChar(CP_UTF8, 0, buffer, -1, NULL, 0); + if (c_size > 0) { + wchar_t* temp = new wchar_t[c_size + 1]; + MultiByteToWideChar(CP_UTF8, 0, buffer, -1, temp, c_size); + temp[c_size] = L'\0'; + std::wstring ret(temp); + delete[] temp; + temp = NULL; + return ret; + } + return std::wstring(); +} + +DWORD GetPIDForProcess(wchar_t* process) +{ + HANDLE hSnapshot; + DWORD dPid = 0; + PROCESSENTRY32W pe32; + int working; + hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); + if (!hSnapshot) { + return 0; + } + pe32.dwSize = sizeof(PROCESSENTRY32); + for (working = Process32FirstW(hSnapshot, &pe32); working; working = Process32NextW(hSnapshot, &pe32)) + { + if (!wcscmp(pe32.szExeFile, process)) + { + dPid = pe32.th32ProcessID; + break; + } + } + CloseHandle(hSnapshot); + return dPid; +} + +HMODULE GetDLLHandle(wchar_t* wDllName, DWORD dPid) +{ + HMODULE result; + tagMODULEENTRY32W me32; + void* snapMod; + + if (!dPid) { + return 0; + } + + snapMod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dPid); + me32.dwSize = sizeof(tagMODULEENTRY32W); + if (Module32FirstW(snapMod, &me32)) + { + while (wcscmp(wDllName, me32.szModule)) + { + if (!Module32NextW(snapMod, &me32)) + goto error; + } + CloseHandle(snapMod); + result = me32.hModule; + } + else + { + error: + CloseHandle(snapMod); + result = 0; + } + return result; +} + +BOOL EnableDebugPrivilege() +{ + HANDLE TokenHandle = NULL; + TOKEN_PRIVILEGES TokenPrivilege; + + LUID uID; + if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &TokenHandle)) { + if (LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &uID)) { + TokenPrivilege.PrivilegeCount = 1; + TokenPrivilege.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; + TokenPrivilege.Privileges[0].Luid = uID; + if (AdjustTokenPrivileges(TokenHandle, FALSE, &TokenPrivilege, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) { + CloseHandle(TokenHandle); + TokenHandle = INVALID_HANDLE_VALUE; + return TRUE; + } + else + goto fail; + + } + else + goto fail; + } + else + goto fail; + +fail: + CloseHandle(TokenHandle); + TokenHandle = INVALID_HANDLE_VALUE; + return FALSE; +} + + +static unsigned char GetProcAddressAsmCode[] = { + 0x55, // push ebp; + 0x8B, 0xEC, // mov ebp, esp; + 0x83, 0xEC, 0x40, // sub esp, 0x40; + 0x57, // push edi; + 0x51, // push ecx; + 0x8B, 0x7D, 0x08, // mov edi, dword ptr[ebp + 0x8]; + 0x8B, 0x07, // mov eax,dword ptr[edi]; + 0x50, // push eax; + 0xE8, 0x00, 0x00, 0x00, 0x00, // call GetModuleHandleW; + 0x83, 0xC4, 0x04, // add esp,0x4; + 0x83, 0xC7, 0x04, // add edi,0x4; + 0x8B, 0x0F, // mov ecx, dword ptr[edi]; + 0x51, // push ecx; + 0x50, // push eax; + 0xE8, 0x00, 0x00, 0x00, 0x00, // call GetProcAddress; + 0x83, 0xC4, 0x08, // add esp, 0x8; + 0x59, // pop ecx; + 0x5F, // pop edi; + 0x8B, 0xE5, // mov esp, ebp; + 0x5D, // pop ebp; + 0xC3 // retn; +}; + +LPVOID FillAsmCode(HANDLE handle) { + DWORD pGetModuleHandleW = (DWORD)GetModuleHandleW; + DWORD pGetProcAddress = (DWORD)GetProcAddress; + PVOID fillCall1 = (PVOID)&GetProcAddressAsmCode[15]; + PVOID fillCall2 = (PVOID)&GetProcAddressAsmCode[30]; + LPVOID pAsmFuncAddr = VirtualAllocEx(handle, NULL, 1, MEM_COMMIT, PAGE_EXECUTE); + if (!pAsmFuncAddr) { + return 0; + } + *(DWORD*)fillCall1 = pGetModuleHandleW - (DWORD)pAsmFuncAddr - 14 - 5; + *(DWORD*)fillCall2 = pGetProcAddress - (DWORD)pAsmFuncAddr - 29 - 5; + //*(DWORD*)fillCall1 = pGetModuleHandleW ; + //*(DWORD*)fillCall2 = pGetProcAddress; + SIZE_T dwWriteSize; + WriteProcessMemory(handle, pAsmFuncAddr, GetProcAddressAsmCode, sizeof(GetProcAddressAsmCode), &dwWriteSize); + return pAsmFuncAddr; + +} + + +int InjectDllAndStartHttp(wchar_t* szPName, wchar_t* szDllPath, DWORD port) +{ + if(!EnableDebugPrivilege()){ + return 0; + } + int result = 0; + HANDLE hRemoteThread = NULL; + LPTHREAD_START_ROUTINE lpSysLibAddr = NULL; + HINSTANCE__* hKernelModule = NULL; + LPVOID lpRemoteDllBase = NULL; + HANDLE hProcess; + unsigned int dwPid; + size_t ulDllLength; + wchar_t* dllName = (wchar_t*)L"wxhelper.dll"; + size_t dllNameLen = wcslen(dllName) * 2 + 2; + char* funcName = (char* )"http_start"; + size_t funcNameLen = strlen(funcName) + 1; + + HANDLE hStartHttp = NULL; + LPVOID portAddr = NULL; + HANDLE getProcThread = NULL; + + LPVOID paramsAddr = NULL; + LPVOID param1Addr = NULL; + LPVOID param2Addr = NULL; + LPVOID GetProcFuncAddr = NULL; + + DWORD params[2] = { 0 }; + + dwPid = GetPIDForProcess(szPName); + ulDllLength = (wcslen(szDllPath) + 1) * sizeof(wchar_t); + hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, dwPid); + if (!hProcess) { + goto error; + } + + lpRemoteDllBase = VirtualAllocEx(hProcess, NULL, ulDllLength, MEM_COMMIT, PAGE_READWRITE); + if (lpRemoteDllBase) + { + if (WriteProcessMemory(hProcess, lpRemoteDllBase, szDllPath, ulDllLength, NULL) + && (hKernelModule = GetModuleHandleW(L"kernel32.dll")) != 0 + && (lpSysLibAddr = (LPTHREAD_START_ROUTINE)GetProcAddress(hKernelModule, "LoadLibraryW")) != 0 + && (hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, lpSysLibAddr, lpRemoteDllBase, 0, NULL)) != 0) + { + WaitForSingleObject(hRemoteThread, INFINITE); + GetProcFuncAddr = FillAsmCode(hProcess); + param1Addr = VirtualAllocEx(hProcess, NULL, dllNameLen, MEM_COMMIT, PAGE_READWRITE); + if (param1Addr) { + SIZE_T dwWriteSize; + BOOL bRet = WriteProcessMemory(hProcess, (LPVOID)param1Addr, dllName, dllNameLen, &dwWriteSize); + if (!bRet) { + goto error; + } + } + param2Addr = VirtualAllocEx(hProcess, NULL, funcNameLen, MEM_COMMIT, PAGE_READWRITE); + if (param2Addr) { + SIZE_T dwWriteSize; + BOOL bRet = WriteProcessMemory(hProcess, (LPVOID)param2Addr, funcName, funcNameLen, &dwWriteSize); + if (!bRet) { + goto error; + } + } + + params[0] = (DWORD)param1Addr; + params[1] = (DWORD)param2Addr; + + paramsAddr = VirtualAllocEx(hProcess, NULL, sizeof(params), MEM_COMMIT, PAGE_READWRITE); + if (paramsAddr) { + SIZE_T dwWriteSize; + BOOL bRet = WriteProcessMemory(hProcess, (LPVOID)paramsAddr, ¶ms[0], sizeof(params), &dwWriteSize); + if (!bRet) { + goto error; + } + } + + DWORD dwRet = 0; + getProcThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcFuncAddr, paramsAddr, 0, NULL); + + if (getProcThread) + { + WaitForSingleObject(getProcThread, INFINITE); + GetExitCodeThread(getProcThread, &dwRet); + if (dwRet) { + hStartHttp = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)dwRet, (LPVOID)port, 0, NULL); + WaitForSingleObject(hStartHttp, INFINITE); + result = 1; + } + } + } + } +error: + if (hRemoteThread) { + CloseHandle(hRemoteThread); + } + if (getProcThread) { + CloseHandle(getProcThread); + } + if (hStartHttp) { + CloseHandle(hStartHttp); + } + + if (lpRemoteDllBase) { + VirtualFreeEx(hProcess, lpRemoteDllBase, ulDllLength, MEM_DECOMMIT | MEM_RELEASE); + } + if (param1Addr) { + VirtualFreeEx(hProcess, param1Addr, dllNameLen, MEM_DECOMMIT | MEM_RELEASE); + } + + if (param2Addr) { + VirtualFreeEx(hProcess, param1Addr, funcNameLen, MEM_DECOMMIT | MEM_RELEASE); + } + + if (paramsAddr) { + VirtualFreeEx(hProcess, param1Addr, sizeof(params), MEM_DECOMMIT | MEM_RELEASE); + } + + if (GetProcFuncAddr) { + VirtualFreeEx(hProcess, GetProcFuncAddr, sizeof(GetProcAddressAsmCode), MEM_DECOMMIT | MEM_RELEASE); + } + + CloseHandle(hProcess); + return result; +} + +int InjectDll(wchar_t* szPName, wchar_t* szDllPath) +{ + if(!EnableDebugPrivilege()){ + return 0; + } + int result = 0; + HANDLE hRemoteThread; + LPTHREAD_START_ROUTINE lpSysLibAddr; + HINSTANCE__* hKernelModule; + LPVOID lpRemoteDllBase; + HANDLE hProcess; + unsigned int dwPid; + size_t ulDllLength; + + dwPid = GetPIDForProcess(szPName); + ulDllLength = (wcslen(szDllPath) + 1) * sizeof(wchar_t); + hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, dwPid); + if (!hProcess) { + return 0; + } + + lpRemoteDllBase = VirtualAllocEx(hProcess, NULL, ulDllLength, MEM_COMMIT, PAGE_READWRITE); + if (lpRemoteDllBase) + { + if (WriteProcessMemory(hProcess, lpRemoteDllBase, szDllPath, ulDllLength, NULL) + && (hKernelModule = GetModuleHandleW(L"kernel32.dll")) != 0 + && (lpSysLibAddr = (LPTHREAD_START_ROUTINE)GetProcAddress(hKernelModule, "LoadLibraryW")) != 0 + && (hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, lpSysLibAddr, lpRemoteDllBase, 0, NULL)) != 0) + { + WaitForSingleObject(hRemoteThread, INFINITE); + VirtualFreeEx(hProcess, lpRemoteDllBase, ulDllLength, MEM_DECOMMIT | MEM_RELEASE); + CloseHandle(hRemoteThread); + CloseHandle(hProcess); + OutputDebugStringA("[DBG] dll inject success"); + printf("dll inject success"); + printf("dll path : %s ", szDllPath); + printf("dll path : %d ", dwPid); + result = 1; + } + else + { + VirtualFreeEx(hProcess, lpRemoteDllBase, ulDllLength, MEM_DECOMMIT | MEM_RELEASE); + CloseHandle(hProcess); + result = 0; + } + } + else + { + CloseHandle(hProcess); + result = 0; + } + return result; +} + +int UnInjectDll(wchar_t* szPName, wchar_t* szDName) +{ + HMODULE hDll; + HANDLE lpFreeLibAddr; + HINSTANCE__* hK32; + HANDLE hProcess; + unsigned int dwPID; + + dwPID = GetPIDForProcess(szPName); + hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, dwPID); + if (!hProcess) { + return 0; + } + + hK32 = GetModuleHandleW(L"Kernel32.dll"); + if (!hK32) { + return 0; + } + + lpFreeLibAddr = GetProcAddress(hK32, "FreeLibraryAndExitThread"); + //lpFreeLibAddr = (LPTHREAD_START_ROUTINE)GetProcAddress(hK32, "FreeLibrary"); + hDll = GetDLLHandle(szDName, dwPID); + if (hDll) { + HANDLE hThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)lpFreeLibAddr, hDll, NULL, NULL); + if (hThread == NULL) { + int errorCode = GetLastError(); + return 0; + } + WaitForSingleObject(hThread, INFINITE); + CloseHandle(hThread); + CloseHandle(hProcess); + return 1; + } + + CloseHandle(hProcess); + return 0; +} + +FARPROC ShellCode(DWORD param[]) { + return GetProcAddress(GetModuleHandleW((LPCWSTR)param[0]), (LPCSTR)param[1]); +} + + +int main(int argc, char** argv) +{ + int param; + char cInjectprogram[MAX_PATH] = { 0 }; + char cUnInjectprogram[MAX_PATH] = { 0 }; + char cDllPath[MAX_PATH] = { 0 }; + char cDllName[MAX_PATH] = { 0 }; + int port = 0; + + ULONG pid = 0; + + while ((param = getopt(argc, argv, "i:p:u:d:m:P:h")) != -1) + { + switch (param) + { + case 'i': + strcpy(cInjectprogram, optarg); + break; + case 'p': + strcpy(cDllPath, optarg); + break; + case 'u': + strcpy(cUnInjectprogram, optarg); + case 'd': + strcpy(cDllName, optarg); + break; + case 'h': + printf("Usage: %s [-i/u] [-p/d] [-m]\n", argv[0]); + printf("Options:\n"); + printf(" -h Print this help message.\n"); + printf(" -i Name of the running program to be injected.\n"); + printf(" -u Name of the running program to be uninstalled.\n"); + printf(" -p Full path of injection file.\n"); + printf(" -d Name of injection file.\n"); + printf(" -m WeChat.exe pid.\n"); + printf("\n"); + printf("Examples:\n"); + printf(" window> %s -i test.exe -p c:/inject.dll \n", argv[0]); + printf(" window> %s -u test.exe -d inject.dll \n", argv[0]); + printf(" window> %s -m 1988 \n", argv[0]); + exit(0); + break; + case 'm': + pid = std::stol(optarg); + break; + case 'P': + port = std::atoi(optarg); + break; + default: + abort(); + break; + } + } + + if (pid) { + FindHandles(pid, (LPSTR)"_WeChat_App_Instance_Identity_Mutex_Name", TRUE, TRUE); + } + + if (cInjectprogram[0] != 0 && cDllPath[0] != 0) + { + if (cInjectprogram[0] != '\0' && cDllPath[0] != '\0') + { + if (port == 0) { + std::wstring wsProgram = Utf8ToUnicode(cInjectprogram); + std::wstring wsPath = Utf8ToUnicode(cDllPath); + int ret = InjectDll((wchar_t*)wsProgram.c_str(), (wchar_t*)wsPath.c_str()); + printf(" 注入结果:%i \n", ret); + } + else + { + std::wstring wsProgram = Utf8ToUnicode(cInjectprogram); + std::wstring wsPath = Utf8ToUnicode(cDllPath); + int ret = InjectDllAndStartHttp((wchar_t*)wsProgram.c_str(), (wchar_t*)wsPath.c_str(), port); + printf(" 注入结果:%i \n", ret); + } + } + } + + if (cUnInjectprogram[0] != 0 && cDllName[0] != 0) + { + if (cUnInjectprogram[0] != '\0' && cDllName[0] != '\0') + { + std::wstring wsUnInjectProgram = Utf8ToUnicode(cUnInjectprogram); + std::wstring wsName = Utf8ToUnicode(cDllName); + int ret = UnInjectDll((wchar_t*)wsUnInjectProgram.c_str(), (wchar_t*)wsName.c_str()); + printf(" 卸载结果:%i \n", ret); + } + + } + + return 0; +} diff --git a/source/getopt.h b/source/getopt.h new file mode 100644 index 0000000..54e9208 --- /dev/null +++ b/source/getopt.h @@ -0,0 +1,659 @@ +#ifndef __GETOPT_H__ +/** + * DISCLAIMER + * This file is part of the mingw-w64 runtime package. + * + * The mingw-w64 runtime package and its code is distributed in the hope that it + * will be useful but WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESSED OR + * IMPLIED ARE HEREBY DISCLAIMED. This includes but is not limited to + * warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + /* + * Copyright (c) 2002 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + /*- + * Copyright (c) 2000 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Dieter Baron and Thomas Klausner. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#pragma warning(disable:4996); + +#define __GETOPT_H__ + + /* All the headers include this file. */ +#include +#include +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define REPLACE_GETOPT /* use this getopt as the system getopt(3) */ + +#ifdef REPLACE_GETOPT + int opterr = 1; /* if error message should be printed */ + int optind = 1; /* index into parent argv vector */ + int optopt = '?'; /* character checked for validity */ +#undef optreset /* see getopt.h */ +#define optreset __mingw_optreset + int optreset; /* reset getopt */ + char* optarg; /* argument associated with option */ +#endif + + //extern int optind; /* index of first non-option in argv */ + //extern int optopt; /* single option character, as parsed */ + //extern int opterr; /* flag to enable built-in diagnostics... */ + // /* (user may set to zero, to suppress) */ + // + //extern char *optarg; /* pointer to argument of current option */ + +#define PRINT_ERROR ((opterr) && (*options != ':')) + +#define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */ +#define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */ +#define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */ + +/* return values */ +#define BADCH (int)'?' +#define BADARG ((*options == ':') ? (int)':' : (int)'?') +#define INORDER (int)1 + +#ifndef __CYGWIN__ +#define __progname __argv[0] +#else + extern char __declspec(dllimport)* __progname; +#endif + +#ifdef __CYGWIN__ + static char EMSG[] = ""; +#else +#define EMSG "" +#endif + + static int getopt_internal(int, char* const*, const char*, + const struct option*, int*, int); + static int parse_long_options(char* const*, const char*, + const struct option*, int*, int); + static int gcd(int, int); + static void permute_args(int, int, int, char* const*); + + static char* place = EMSG; /* option letter processing */ + + /* XXX: set optreset to 1 rather than these two */ + static int nonopt_start = -1; /* first non option argument (for permute) */ + static int nonopt_end = -1; /* first option after non options (for permute) */ + + /* Error messages */ + static const char recargchar[] = "option requires an argument -- %c"; + static const char recargstring[] = "option requires an argument -- %s"; + static const char ambig[] = "ambiguous option -- %.*s"; + static const char noarg[] = "option doesn't take an argument -- %.*s"; + static const char illoptchar[] = "unknown option -- %c"; + static const char illoptstring[] = "unknown option -- %s"; + + static void + _vwarnx(const char* fmt, va_list ap) + { + (void)fprintf(stderr, "%s: ", __progname); + if (fmt != NULL) + (void)vfprintf(stderr, fmt, ap); + (void)fprintf(stderr, "\n"); + } + + static void + warnx(const char* fmt, ...) + { + va_list ap; + va_start(ap, fmt); + _vwarnx(fmt, ap); + va_end(ap); + } + + /* + * Compute the greatest common divisor of a and b. + */ + static int + gcd(int a, int b) + { + int c; + + c = a % b; + while (c != 0) { + a = b; + b = c; + c = a % b; + } + + return (b); + } + + /* + * Exchange the block from nonopt_start to nonopt_end with the block + * from nonopt_end to opt_end (keeping the same order of arguments + * in each block). + */ + static void + permute_args(int panonopt_start, int panonopt_end, int opt_end, + char* const* nargv) + { + int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos; + char* swap; + + /* + * compute lengths of blocks and number and size of cycles + */ + nnonopts = panonopt_end - panonopt_start; + nopts = opt_end - panonopt_end; + ncycle = gcd(nnonopts, nopts); + cyclelen = (opt_end - panonopt_start) / ncycle; + + for (i = 0; i < ncycle; i++) { + cstart = panonopt_end + i; + pos = cstart; + for (j = 0; j < cyclelen; j++) { + if (pos >= panonopt_end) + pos -= nnonopts; + else + pos += nopts; + swap = nargv[pos]; + /* LINTED const cast */ + ((char**)nargv)[pos] = nargv[cstart]; + /* LINTED const cast */ + ((char**)nargv)[cstart] = swap; + } + } + } + +#ifdef REPLACE_GETOPT + /* + * getopt -- + * Parse argc/argv argument vector. + * + * [eventually this will replace the BSD getopt] + */ + int + getopt(int nargc, char* const* nargv, const char* options) + { + + /* + * We don't pass FLAG_PERMUTE to getopt_internal() since + * the BSD getopt(3) (unlike GNU) has never done this. + * + * Furthermore, since many privileged programs call getopt() + * before dropping privileges it makes sense to keep things + * as simple (and bug-free) as possible. + */ + return (getopt_internal(nargc, nargv, options, NULL, NULL, 0)); + } +#endif /* REPLACE_GETOPT */ + + //extern int getopt(int nargc, char * const *nargv, const char *options); + +#ifdef _BSD_SOURCE +/* + * BSD adds the non-standard `optreset' feature, for reinitialisation + * of `getopt' parsing. We support this feature, for applications which + * proclaim their BSD heritage, before including this header; however, + * to maintain portability, developers are advised to avoid it. + */ +# define optreset __mingw_optreset + extern int optreset; +#endif +#ifdef __cplusplus +} +#endif +/* + * POSIX requires the `getopt' API to be specified in `unistd.h'; + * thus, `unistd.h' includes this header. However, we do not want + * to expose the `getopt_long' or `getopt_long_only' APIs, when + * included in this manner. Thus, close the standard __GETOPT_H__ + * declarations block, and open an additional __GETOPT_LONG_H__ + * specific block, only when *not* __UNISTD_H_SOURCED__, in which + * to declare the extended API. + */ +#endif /* !defined(__GETOPT_H__) */ + +#if !defined(__UNISTD_H_SOURCED__) && !defined(__GETOPT_LONG_H__) +#define __GETOPT_LONG_H__ + +#ifdef __cplusplus +extern "C" { +#endif + + struct option /* specification for a long form option... */ + { + const char* name; /* option name, without leading hyphens */ + int has_arg; /* does it take an argument? */ + int* flag; /* where to save its status, or NULL */ + int val; /* its associated status value */ + }; + + enum /* permitted values for its `has_arg' field... */ + { + no_argument = 0, /* option never takes an argument */ + required_argument, /* option always requires an argument */ + optional_argument /* option may take an argument */ + }; + + /* + * parse_long_options -- + * Parse long options in argc/argv argument vector. + * Returns -1 if short_too is set and the option does not match long_options. + */ + static int + parse_long_options(char* const* nargv, const char* options, + const struct option* long_options, int* idx, int short_too) + { + char* current_argv, * has_equal; + size_t current_argv_len; + int i, ambiguous, match; + +#define IDENTICAL_INTERPRETATION(_x, _y) \ + (long_options[(_x)].has_arg == long_options[(_y)].has_arg && \ + long_options[(_x)].flag == long_options[(_y)].flag && \ + long_options[(_x)].val == long_options[(_y)].val) + + current_argv = place; + match = -1; + ambiguous = 0; + + optind++; + + if ((has_equal = strchr(current_argv, '=')) != NULL) { + /* argument found (--option=arg) */ + current_argv_len = has_equal - current_argv; + has_equal++; + } + else + current_argv_len = strlen(current_argv); + + for (i = 0; long_options[i].name; i++) { + /* find matching long option */ + if (strncmp(current_argv, long_options[i].name, + current_argv_len)) + continue; + + if (strlen(long_options[i].name) == current_argv_len) { + /* exact match */ + match = i; + ambiguous = 0; + break; + } + /* + * If this is a known short option, don't allow + * a partial match of a single character. + */ + if (short_too && current_argv_len == 1) + continue; + + if (match == -1) /* partial match */ + match = i; + else if (!IDENTICAL_INTERPRETATION(i, match)) + ambiguous = 1; + } + if (ambiguous) { + /* ambiguous abbreviation */ + if (PRINT_ERROR) + warnx(ambig, (int)current_argv_len, + current_argv); + optopt = 0; + return (BADCH); + } + if (match != -1) { /* option found */ + if (long_options[match].has_arg == no_argument + && has_equal) { + if (PRINT_ERROR) + warnx(noarg, (int)current_argv_len, + current_argv); + /* + * XXX: GNU sets optopt to val regardless of flag + */ + if (long_options[match].flag == NULL) + optopt = long_options[match].val; + else + optopt = 0; + return (BADARG); + } + if (long_options[match].has_arg == required_argument || + long_options[match].has_arg == optional_argument) { + if (has_equal) + optarg = has_equal; + else if (long_options[match].has_arg == + required_argument) { + /* + * optional argument doesn't use next nargv + */ + optarg = nargv[optind++]; + } + } + if ((long_options[match].has_arg == required_argument) + && (optarg == NULL)) { + /* + * Missing argument; leading ':' indicates no error + * should be generated. + */ + if (PRINT_ERROR) + warnx(recargstring, + current_argv); + /* + * XXX: GNU sets optopt to val regardless of flag + */ + if (long_options[match].flag == NULL) + optopt = long_options[match].val; + else + optopt = 0; + --optind; + return (BADARG); + } + } + else { /* unknown option */ + if (short_too) { + --optind; + return (-1); + } + if (PRINT_ERROR) + warnx(illoptstring, current_argv); + optopt = 0; + return (BADCH); + } + if (idx) + *idx = match; + if (long_options[match].flag) { + *long_options[match].flag = long_options[match].val; + return (0); + } + else + return (long_options[match].val); +#undef IDENTICAL_INTERPRETATION + } + + /* + * getopt_internal -- + * Parse argc/argv argument vector. Called by user level routines. + */ + static int + getopt_internal(int nargc, char* const* nargv, const char* options, + const struct option* long_options, int* idx, int flags) + { + char* oli; /* option letter list index */ + int optchar, short_too; + static int posixly_correct = -1; + + if (options == NULL) + return (-1); + + /* + * XXX Some GNU programs (like cvs) set optind to 0 instead of + * XXX using optreset. Work around this braindamage. + */ + if (optind == 0) + optind = optreset = 1; + + /* + * Disable GNU extensions if POSIXLY_CORRECT is set or options + * string begins with a '+'. + * + * CV, 2009-12-14: Check POSIXLY_CORRECT anew if optind == 0 or + * optreset != 0 for GNU compatibility. + */ + if (posixly_correct == -1 || optreset != 0) + posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); + if (*options == '-') + flags |= FLAG_ALLARGS; + else if (posixly_correct || *options == '+') + flags &= ~FLAG_PERMUTE; + if (*options == '+' || *options == '-') + options++; + + optarg = NULL; + if (optreset) + nonopt_start = nonopt_end = -1; + start: + if (optreset || !*place) { /* update scanning pointer */ + optreset = 0; + if (optind >= nargc) { /* end of argument vector */ + place = EMSG; + if (nonopt_end != -1) { + /* do permutation, if we have to */ + permute_args(nonopt_start, nonopt_end, + optind, nargv); + optind -= nonopt_end - nonopt_start; + } + else if (nonopt_start != -1) { + /* + * If we skipped non-options, set optind + * to the first of them. + */ + optind = nonopt_start; + } + nonopt_start = nonopt_end = -1; + return (-1); + } + if (*(place = nargv[optind]) != '-' || + (place[1] == '\0' && strchr(options, '-') == NULL)) { + place = EMSG; /* found non-option */ + if (flags & FLAG_ALLARGS) { + /* + * GNU extension: + * return non-option as argument to option 1 + */ + optarg = nargv[optind++]; + return (INORDER); + } + if (!(flags & FLAG_PERMUTE)) { + /* + * If no permutation wanted, stop parsing + * at first non-option. + */ + return (-1); + } + /* do permutation */ + if (nonopt_start == -1) + nonopt_start = optind; + else if (nonopt_end != -1) { + permute_args(nonopt_start, nonopt_end, + optind, nargv); + nonopt_start = optind - + (nonopt_end - nonopt_start); + nonopt_end = -1; + } + optind++; + /* process next argument */ + goto start; + } + if (nonopt_start != -1 && nonopt_end == -1) + nonopt_end = optind; + + /* + * If we have "-" do nothing, if "--" we are done. + */ + if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { + optind++; + place = EMSG; + /* + * We found an option (--), so if we skipped + * non-options, we have to permute. + */ + if (nonopt_end != -1) { + permute_args(nonopt_start, nonopt_end, + optind, nargv); + optind -= nonopt_end - nonopt_start; + } + nonopt_start = nonopt_end = -1; + return (-1); + } + } + + /* + * Check long options if: + * 1) we were passed some + * 2) the arg is not just "-" + * 3) either the arg starts with -- we are getopt_long_only() + */ + if (long_options != NULL && place != nargv[optind] && + (*place == '-' || (flags & FLAG_LONGONLY))) { + short_too = 0; + if (*place == '-') + place++; /* --foo long option */ + else if (*place != ':' && strchr(options, *place) != NULL) + short_too = 1; /* could be short option too */ + + optchar = parse_long_options(nargv, options, long_options, + idx, short_too); + if (optchar != -1) { + place = EMSG; + return (optchar); + } + } + + if ((optchar = (int)*place++) == (int)':' || + (optchar == (int)'-' && *place != '\0') || + (oli = (char*)strchr(options, optchar)) == NULL) { + /* + * If the user specified "-" and '-' isn't listed in + * options, return -1 (non-option) as per POSIX. + * Otherwise, it is an unknown option character (or ':'). + */ + if (optchar == (int)'-' && *place == '\0') + return (-1); + if (!*place) + ++optind; + if (PRINT_ERROR) + warnx(illoptchar, optchar); + optopt = optchar; + return (BADCH); + } + if (long_options != NULL && optchar == 'W' && oli[1] == ';') { + /* -W long-option */ + if (*place) /* no space */ + /* NOTHING */; + else if (++optind >= nargc) { /* no arg */ + place = EMSG; + if (PRINT_ERROR) + warnx(recargchar, optchar); + optopt = optchar; + return (BADARG); + } + else /* white space */ + place = nargv[optind]; + optchar = parse_long_options(nargv, options, long_options, + idx, 0); + place = EMSG; + return (optchar); + } + if (*++oli != ':') { /* doesn't take argument */ + if (!*place) + ++optind; + } + else { /* takes (optional) argument */ + optarg = NULL; + if (*place) /* no white space */ + optarg = place; + else if (oli[1] != ':') { /* arg not optional */ + if (++optind >= nargc) { /* no arg */ + place = EMSG; + if (PRINT_ERROR) + warnx(recargchar, optchar); + optopt = optchar; + return (BADARG); + } + else + optarg = nargv[optind]; + } + place = EMSG; + ++optind; + } + /* dump back option letter */ + return (optchar); + } + + /* + * getopt_long -- + * Parse argc/argv argument vector. + */ + int + getopt_long(int nargc, char* const* nargv, const char* options, + const struct option* long_options, int* idx) + { + + return (getopt_internal(nargc, nargv, options, long_options, idx, + FLAG_PERMUTE)); + } + + /* + * getopt_long_only -- + * Parse argc/argv argument vector. + */ + int + getopt_long_only(int nargc, char* const* nargv, const char* options, + const struct option* long_options, int* idx) + { + + return (getopt_internal(nargc, nargv, options, long_options, idx, + FLAG_PERMUTE | FLAG_LONGONLY)); + } + + //extern int getopt_long(int nargc, char * const *nargv, const char *options, + // const struct option *long_options, int *idx); + //extern int getopt_long_only(int nargc, char * const *nargv, const char *options, + // const struct option *long_options, int *idx); + /* + * Previous MinGW implementation had... + */ +#ifndef HAVE_DECL_GETOPT + /* + * ...for the long form API only; keep this for compatibility. + */ +# define HAVE_DECL_GETOPT 1 +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* !defined(__UNISTD_H_SOURCED__) && !defined(__GETOPT_LONG_H__) */ \ No newline at end of file