Ejemplo n.º 1
0
void CDrop::QueryFileNames(UStringVector &fileNames)
{
  fileNames.Clear();
  UINT numFiles = QueryCountOfFiles();
  fileNames.Reserve(numFiles);
  for(UINT i = 0; i < numFiles; i++)
    fileNames.Add(QueryFileName(i));
}
Ejemplo n.º 2
0
void GetHandleInfo(ULONG pid, ULONG index, HANDLE_INFO* info)
{
#ifdef XP_SP3

    POBJECT_HEADER_XP_SP3 objHeader;
    POBJECT_NAME_INFORMATION_XP_SP3 ObjNameInfo;
    POBJECT_HEADER_NAME_INFO_XP_SP3 NameInfo;
    ULONG dwReturn;
    BOOL handleCanFound;
    PVOID foundHandle;
    ULONG strLen = 0;
    ULONG handleValue = 0;
    BYTE secondParam = 0;
    BOOL isFetched;
    char tmpTypeName[56];
    ULONG i;



    ULONG EProcess;
    //handleCanFound = FindObjectByIndex(pid, index, &((ULONG)foundHandle), &handleValue);
    handleCanFound = FindObjectByHandle(pid, index*4, &((ULONG)foundHandle));
    handleValue = index*4;
    info->canFound = handleCanFound;

    //DbgPrint("[ring0] handleCanFound 0x%x", handleCanFound);
    __try {
        if( handleCanFound ) {

            objHeader = (POBJECT_HEADER_XP_SP3)foundHandle;
            info->handle = handleValue;
            info->handles = objHeader->HandleCount;
            info->refrenced = objHeader->PointerCount;
            info->objAddress = (ULONG)(&(objHeader->Body));
            if( objHeader->Type->Name.Length > 1024 )
                strLen = 1022;
            else
                strLen = objHeader->Type->Name.Length;
            //memset(info->typeName, 0, 1024*sizeof(wchar_t));
            if( MmIsAddressValid(objHeader->Type->Name.Buffer) )
                memcpy(info->typeName, objHeader->Type->Name.Buffer, strLen);
            //info->typeName = objHeader->Type->Name;
            if( objHeader->NameInfoOffset == 0 )
            {
                NameInfo = NULL;
            }
            else
            {
                NameInfo = (POBJECT_HEADER_NAME_INFO_XP_SP3)((ULONG)objHeader-objHeader->NameInfoOffset);
            }

            memset(tmpTypeName, 0, 56);
            i = 0;
            while( info->typeName[i] != 0 ) {
                tmpTypeName[i] = (char)info->typeName[i];
                i++;
            }

            //第一轮
            isFetched = FALSE;
            if( strcmp(tmpTypeName, "File") == 0 )
            {
                QueryFileName(index*4, (PVOID)&objHeader->Body, info->objName);
                if( info->objName[0] != 0 )
                    isFetched = TRUE;
            }
            else if( strcmp(tmpTypeName, "Key") == 0 )
            {
                FindProcessByID(pid, &EProcess);
                //DbgPrint("[ring0] EProcess 0x%x",EProcess);
                QueryKeyName(index*4,EProcess,(PVOID)&objHeader->Body, info->objName);
                if( info->objName[0] != 0 )
                    isFetched = TRUE;
            }

            //第二轮
            if( isFetched )
            {

            }
            else
            {
                if( NameInfo == NULL )
                {
                    //memset(info->objName, 0, 1024*sizeof(wchar_t));
                }
                else
                {
                    if( NameInfo->Name.Length > 1024 )
                        strLen = 1022;
                    else
                        strLen = NameInfo->Name.Length;
                    //memset(info->objName, 0, 1024*sizeof(wchar_t));
                    if( MmIsAddressValid(NameInfo->Name.Buffer) ) {
                        memcpy(info->objName, NameInfo->Name.Buffer, strLen );
                        isFetched = TRUE;
                    }
                }
            }

            //第三轮
            if( !isFetched && objHeader->Type->TypeInfo.QueryNameProcedure != NULL )
            {
                //ObjNameInfo.Name.Buffer = info->objName;
                //ObjNameInfo.Name.MaximumLength = 1024;
                ObjNameInfo = (POBJECT_NAME_INFORMATION_XP_SP3)ExAllocatePoolWithTag(PagedPool, 2048, 1001);
                if( NameInfo == NULL ) {
                    secondParam = FALSE;
                } else if( NameInfo->Name.Length == 0 ) {
                    secondParam = FALSE;
                } else {
                    secondParam = TRUE;
                }
                __try {
                    (*objHeader->Type->TypeInfo.QueryNameProcedure)(
                        (PVOID)&objHeader->Body,
                        secondParam,
                        ObjNameInfo,
                        2048,
                        &dwReturn
                    );
                } __except(EXCEPTION_EXECUTE_HANDLER) {
                    memset(info->objName, 0, 1024*sizeof(wchar_t));
                }
                if( ObjNameInfo->Name.Length > 1024 )
                    strLen = 1022;
                else
                    strLen = ObjNameInfo->Name.Length;
                //memset(info->objName, 0, 1024*sizeof(wchar_t));
                if( MmIsAddressValid(ObjNameInfo->Name.Buffer) )
                    memcpy(info->objName, ObjNameInfo->Name.Buffer, strLen );
                ExFreePool(ObjNameInfo);



            }



        }
    } __except(EXCEPTION_EXECUTE_HANDLER) {