DWORD apiGetConsoleSessionID()
{
DWORD nSessionId = 0;
DWORD (WINAPI* wtsGetActiveConsoleSessionId)(void) = NULL;
MModule kernel32(L"kernel32.dll");
if (kernel32.GetProcAddress("WTSGetActiveConsoleSessionId", wtsGetActiveConsoleSessionId))
{
nSessionId = wtsGetActiveConsoleSessionId();
}
return nSessionId;
}
BOOL apiQuerySessionID(DWORD nPID, DWORD& nSessionID)
{
BOOL bSucceeded = FALSE;
typedef BOOL (WINAPI* ProcessIdToSessionId_t)(DWORD dwProcessId, DWORD *pSessionId);
ProcessIdToSessionId_t processIdToSessionId = NULL;
MModule kernel32(L"kernel32.dll");
if (kernel32.GetProcAddress("ProcessIdToSessionId", processIdToSessionId))
{
bSucceeded = processIdToSessionId(GetCurrentProcessId(), &nSessionID);
}
return bSucceeded;
}
/////////////////////////////////////////////////////////////////////////////
// MimimumWindowsPlatform
//
// Returns TRUE if running on a platform whose major version, minor version
// and service pack major are greater than or equal to the ones specifed
// while making this function call
//
BOOL
MinimumWindowsPlatform(
DWORD dwMajorVersion,
DWORD dwMinorVersion,
WORD wServicePackMajor)
{
XTL::AutoModuleHandle hModule = LoadLibrary(KERNEL32_DLL);
if (hModule.IsInvalid())
{
ATLTRACE("kernel32.dll not available, assumed platform does not meet the requirement\n");
return FALSE;
}
Kernel32Dll kernel32(hModule);
if (!(kernel32.IsProcAvailable("VerSetConditionMask") &&
kernel32.IsProcAvailable("VerifyVersionInfoA")))
{
ATLTRACE("Proc not available, assumed platform does not meet the requirement\n");
return FALSE;
}
// Initialize the condition mask.
DWORDLONG dwlConditionMask = 0;
dwlConditionMask = kernel32.VerSetConditionMask(
dwlConditionMask, VER_MAJORVERSION, VER_GREATER_EQUAL);
dwlConditionMask = kernel32.VerSetConditionMask(
dwlConditionMask, VER_MINORVERSION, VER_GREATER_EQUAL);
dwlConditionMask = kernel32.VerSetConditionMask(
dwlConditionMask, VER_SERVICEPACKMAJOR, VER_GREATER_EQUAL);
// Initialize the OSVERSIONINFOEX structure.
OSVERSIONINFOEXA osvi = {0};
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEXA);
osvi.dwMajorVersion = dwMajorVersion;
osvi.dwMinorVersion = dwMinorVersion;
osvi.wServicePackMajor = wServicePackMajor;
// Perform the test.
return kernel32.VerifyVersionInfoA(
&osvi,
VER_MAJORVERSION | VER_MINORVERSION | VER_SERVICEPACKMAJOR,
dwlConditionMask);
}
static void resolveLibs()
{
static volatile bool done = false;
if (done)
return;
// try to get GetTickCount64 from the system
QSystemLibrary kernel32(QLatin1String("kernel32"));
if (!kernel32.load())
return;
// does this function exist on WinCE, or will ever exist?
ptrGetTickCount64 = (PtrGetTickCount64)kernel32.resolve("GetTickCount64");
// Retrieve the number of high-resolution performance counter ticks per second
LARGE_INTEGER frequency;
if (!QueryPerformanceFrequency(&frequency)) {
counterFrequency = 0;
} else {
counterFrequency = frequency.QuadPart;
}
done = true;
}
QList<ProcessInfo> runningProcesses()
{
EnumWindowsProcParam param;
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (!snapshot)
return param.processes;
QStringList deviceList;
const DWORD bufferSize = 1024;
char buffer[bufferSize + 1] = { 0 };
if (QSysInfo::windowsVersion() <= QSysInfo::WV_5_2) {
const DWORD size = GetLogicalDriveStringsA(bufferSize, buffer);
deviceList = QString::fromLatin1(buffer, size).split(QLatin1Char(char(0)), QString::SkipEmptyParts);
}
QLibrary kernel32(QLatin1String("Kernel32.dll"));
kernel32.load();
QueryFullProcessImageNamePtr pQueryFullProcessImageNamePtr = (QueryFullProcessImageNamePtr) kernel32
.resolve("QueryFullProcessImageNameA");
QLibrary psapi(QLatin1String("Psapi.dll"));
psapi.load();
GetProcessImageFileNamePtr pGetProcessImageFileNamePtr = (GetProcessImageFileNamePtr) psapi
.resolve("GetProcessImageFileNameA");
PROCESSENTRY32 processStruct;
processStruct.dwSize = sizeof(PROCESSENTRY32);
bool foundProcess = Process32First(snapshot, &processStruct);
while (foundProcess) {
HANDLE procHandle = OpenProcess(QSysInfo::windowsVersion() > QSysInfo::WV_5_2
? KDSYSINFO_PROCESS_QUERY_LIMITED_INFORMATION : PROCESS_QUERY_INFORMATION, false, processStruct
.th32ProcessID);
bool succ = false;
QString executablePath;
DWORD bufferSize = 1024;
if (QSysInfo::windowsVersion() > QSysInfo::WV_5_2) {
succ = pQueryFullProcessImageNamePtr(procHandle, 0, buffer, &bufferSize);
executablePath = QString::fromLatin1(buffer);
} else if (pGetProcessImageFileNamePtr) {
succ = pGetProcessImageFileNamePtr(procHandle, buffer, bufferSize);
executablePath = QString::fromLatin1(buffer);
for (int i = 0; i < deviceList.count(); ++i) {
executablePath.replace(QString::fromLatin1( "\\Device\\HarddiskVolume%1\\" ).arg(i + 1),
deviceList.at(i));
}
}
if (succ) {
const quint32 pid = processStruct.th32ProcessID;
param.seenIDs.append(pid);
ProcessInfo info;
info.id = pid;
info.name = executablePath;
param.processes.append(info);
}
CloseHandle(procHandle);
foundProcess = Process32Next(snapshot, &processStruct);
}
if (snapshot)
CloseHandle(snapshot);
kernel32.unload();
return param.processes;
}
static std::wstring GetProcessStr(std::size_t processId, std::function<UNICODE_STRING&(RTL_USER_PROCESS_PARAMETERS&)> stringTargetSelector)
{
if (processId == 0)
{
return L"System Idle Process";
}
if (processId == 4)
{
wchar_t target[MAX_PATH] = L"";
UINT len = ::GetWindowsDirectoryW(target, MAX_PATH);
if (len == 0)
{
Win32Exception::ThrowFromLastError();
}
--len;
if (target[len] == L'\\')
{
::wcscat_s(target + len, MAX_PATH - len, L"System32\\Ntoskrnl.exe");
}
else
{
::wcscat_s(target + len, MAX_PATH - len, L"\\System32\\Ntoskrnl.exe");
}
return target;
}
try
{
UniqueHandle hProc(OpenProc(processId, PROCESS_VM_READ | PROCESS_QUERY_INFORMATION));
PROCESS_BASIC_INFORMATION basicInfo;
NtQueryInformationProcessFunc ntQuery = GetNtDll().GetProcAddress<NtQueryInformationProcessFunc>("NtQueryInformationProcess");
NTSTATUS errorCheck = ntQuery(hProc.Get(), ProcessBasicInformation, &basicInfo, sizeof(basicInfo), nullptr);
if (errorCheck != ERROR_SUCCESS)
{
Win32Exception::ThrowFromNtError(errorCheck);
}
PEB *pebAddr = basicInfo.PebBaseAddress;
PEB peb;
if (::ReadProcessMemory(hProc.Get(), pebAddr, &peb, sizeof(peb), nullptr) == 0)
{
Win32Exception::ThrowFromLastError();
}
RTL_USER_PROCESS_PARAMETERS params;
if (::ReadProcessMemory(hProc.Get(), peb.ProcessParameters, ¶ms, sizeof(params), nullptr) == 0)
{
Win32Exception::ThrowFromLastError();
}
std::wstring result;
UNICODE_STRING &targetString = stringTargetSelector(params);
result.resize(targetString.Length / sizeof(wchar_t));
if (::ReadProcessMemory(hProc.Get(), targetString.Buffer, &result[0], result.size() * sizeof(wchar_t), nullptr) == 0)
{
Win32Exception::ThrowFromLastError();
}
return result;
}
catch (ErrorAccessDeniedException const&)
{
//This block is vista and later specific; however, this does not matter because the
//spurious access denied errors are being injected by Vista+'s media protection
//features.
UniqueHandle hProc(OpenProc(processId, PROCESS_QUERY_LIMITED_INFORMATION));
RuntimeDynamicLinker kernel32(L"Kernel32.dll");
typedef BOOL (WINAPI *QueryFullProcessImageNameFunc)(HANDLE, DWORD, LPWSTR, PDWORD);
QueryFullProcessImageNameFunc queryProcessFile = kernel32.GetProcAddress<QueryFullProcessImageNameFunc>("QueryFullProcessImageNameW");
BOOL boolCheck;
std::wstring buffer;
DWORD goalSize = MAX_PATH;
do
{
buffer.resize(goalSize);
boolCheck = queryProcessFile(hProc.Get(), 0, &buffer[0], &goalSize);
} while (boolCheck == 0 && ::GetLastError() == ERROR_INSUFFICIENT_BUFFER);
if (boolCheck == 0 && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
Win32Exception::ThrowFromLastError();
}
buffer.resize(goalSize);
return buffer;
}
}
