int main( int argc, const char * argv[] ) /*********************************/ { int contok; int retcode; TRMemOpen(); contok = ScanParams( argc, argv ); if (CmdLineParms.PrintHelp) { PrintUsageMessage( argv[0] ); } if (contok) { retcode = DumpFile(); } else { retcode = 1; } FreeParams(); switch (retcode) { case 1: /* reading parameters */ break; case 2: /* reading input file */ puts( "Error reading input file" ); break; } TRMemClose(); return( retcode ); }
void Decrypt(char *str, char *out) { DWORD dwSize; PBYTE data = GetFile(str, &dwSize); Decrypt_NA_00000000(data); DumpFile(out, data, dwSize); }
int main(int argc, char* argv[]) { if(6 != argc) { printf("Syntax: %s dest embedsource pattern symbol define\n", argv[0]); return 1; } const char* pDestArg = argv[1]; const char* pEmbedSourceArg = argv[2]; const char* pPatternArg = argv[3]; const char* pSymbolArg = argv[4]; const char* pDefineArg = argv[5]; char* pEmbedSrc = ReadFile(pEmbedSourceArg); if(!pEmbedSrc) { return 1; } char* pEmbedStart = pEmbedSrc; char* pEmbedStartEnd = strstr(pEmbedStart, pPatternArg); char* pEmbedEnd = 0; if(pEmbedStartEnd) { pEmbedEnd = pEmbedStartEnd + strlen(pPatternArg); *pEmbedStartEnd = '\0'; } FILE* pOut = fopen(pDestArg, "a"); if(!pOut) { free(pEmbedSrc); return 1; } fprintf(pOut, "///start file generated from %s\n", pEmbedSourceArg); fprintf(pOut, "#ifdef %s\n", pDefineArg); DumpFile(pOut, pEmbedStart, pSymbolArg, "_begin"); DumpFile(pOut, pEmbedEnd, pSymbolArg, "_end"); fprintf(pOut, "#endif //%s\n", pDefineArg); fprintf(pOut, "\n///end file generated from %s\n", pEmbedSourceArg); fclose(pOut); free(pEmbedSrc); return 0; }
int main(int argc, char *argv[]) { DumpFile("dxgi.pdb"); PSTR filename; if ( argc == 1 ) { printf( HelpText ); return 1; } filename = ProcessCommandLine(argc, argv); if ( filename ) DumpFile( filename ); return 0; }
int main( int argc, char **argv ) { char *dips[16] = { 0 }; int next_dip = 0; int c; // char *s; /* Process command line options */ if( argc < 2 ) { return( PrintUsage() ); } while( (c = getopt( argc, argv, ":hd:" )) != EOF ) { switch( c ) { case 'd': { char *dip = optarg; if( next_dip >= sizeof( dips ) / sizeof( dips[0] ) ) { return( ErrorMsg( "too many DIPs!\n" ) ); } dips[next_dip++] = dip; break; } case 'h': default: return( PrintUsage() ); } } #if 0 /* Add default DIPs at end of list. */ s = DIPDefaults; while( *s ) { if( next_dip >= sizeof( dips ) / sizeof( dips[0] ) ) { return( ErrorMsg( "too many DIPs!\n" ) ); } dips[next_dip++] = s; s += strlen( s ) + 1; } #endif /* Try to dump debug info for all remaining arguments */ while( argv[optind] ) { int rc = DumpFile( argv[optind], dips ); if( rc ) { return( rc ); } ++optind; } return( 0 ); }
INT_PTR CALLBACK DialogProc(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { ULONG_PTR i; char text[MAX_PATH]; switch (uMsg) { case WM_CLOSE: EndDialog(hwndDlg, 0); return 1; case WM_INITDIALOG: hCombo = GetDlgItem(hwndDlg, IDC_COMBO1); hList = GetDlgItem(hwndDlg, IDC_LIST1); hLogList = GetDlgItem(hwndDlg, IDC_LIST2); InitColumn(hwndDlg); ListProcesses(); return 1; case WM_COMMAND: switch (LOWORD(wParam)) { case IDC_COMBO1: if (HIWORD(wParam) == CBN_SELENDOK) { i = SendMessageA(hCombo, CB_GETCURSEL, 0, 0); SendMessageA(hCombo, CB_GETLBTEXT, i, (LPARAM)&text); SendMessageA(hList, LVM_DELETEALLITEMS, 0, 0); SendMessageA(hLogList, LB_RESETCONTENT, 0, 0); dwPid = strtol(text, NULL, 16); AnalyzeImports(dwPid); } return 0; case ID_DUMP: if (dwPid == 0) { MessageBoxA(hwndDlg, "[-] Plz select a process", "DaF", MB_ICONERROR); } else { DumpFile(hwndDlg); } return 0; } return 0; default: return 0; } return 0; }
void Encrypt(char *str, char *out) { DWORD dwSize; PBYTE data = GetFile(str, &dwSize); extern unsigned int dword_834A73A4[]; extern unsigned char unk_835C4AA0[]; extern unsigned char unk_83441544[]; // setting up some stuff dword_834A73A4[0] = *(unsigned int*)(data + 0x40); memcpy(unk_835C4AA0, data + 0x44, 0x4CAA4); memcpy(unk_83441544, data + 0x44, 0x4CAA4); Encrypt_NA_00000000(data); DumpFile(out, data, 0x4CAE8); }
//--------------------------------------------------------------------------- void __fastcall TMainForm::b_fhashClick(TObject *Sender) { char* data; FILE* in = fopen(AnsiString(e_fpath->Text).c_str(), "rb"); if (in == 0) {ShowMessage("File not found or can't be accessed for reading."); return;} fseek(in, 0, SEEK_END); unsigned long int size = ftell(in); fclose(in); data = new char[size+1]; DumpFile(data, AnsiString(e_fpath->Text).c_str()); e_fhash->Text = UnicodeString(do_md5(data, size)); delete[] data; }
void GenFiles(char pre, int n, int *ix, int *iy, int *ia, int *ib, FILENODE **bp) /* * Generates all needed files */ { int i; char *nam, *typ; char ln[128]; FILE *fpout; GenMainRout(pre, n, ix, iy, ia, ib, bp); GenMakefile(pre, n, ix, iy, ia, ib, bp); for (i=0; i < n; i++) { nam = GetNam(pre, ia[i], ib[i], ix[i], iy[i]); sprintf(ln, "GEN/%s.c", nam); fpout = fopen(ln, "w"); assert(fpout); fprintf(fpout, "#define ATL_UAXPBY %s\n\n", nam); DumpFile(bp[i]->rout, fpout); fclose(fpout); } }
static int DumpVnode(int dumpfd, struct VnodeDiskObject *v, int volid, int vnodeNumber, int dumpEverything, struct Volume *vp) { int code = 0; IHandle_t *ihP; FdHandle_t *fdP; if (verbose) fprintf(stderr, "dumping vnode %d\n", vnodeNumber); if (!v || v->type == vNull) return code; if (!code) code = DumpDouble(dumpfd, D_VNODE, vnodeNumber, v->uniquifier); if (!dumpEverything) return code; if (!code) code = DumpByte(dumpfd, 't', (byte) v->type); if (!code) code = DumpShort(dumpfd, 'l', v->linkCount); /* May not need this */ if (!code) code = DumpInt32(dumpfd, 'v', v->dataVersion); if (!code) code = DumpInt32(dumpfd, 'm', v->unixModifyTime); if (!code) code = DumpInt32(dumpfd, 'a', v->author); if (!code) code = DumpInt32(dumpfd, 'o', v->owner); if (!code && v->group) code = DumpInt32(dumpfd, 'g', v->group); /* default group is 0 */ if (!code) code = DumpShort(dumpfd, 'b', v->modeBits); if (!code) code = DumpInt32(dumpfd, 'p', v->parent); if (!code) code = DumpInt32(dumpfd, 's', v->serverModifyTime); if (v->type == vDirectory) { acl_HtonACL(VVnodeDiskACL(v)); if (!code) code = DumpByteString(dumpfd, 'A', (byte *) VVnodeDiskACL(v), VAclDiskSize(v)); } if (VNDISK_GET_INO(v)) { IH_INIT(ihP, V_device(vp), V_parentId(vp), VNDISK_GET_INO(v)); fdP = IH_OPEN(ihP); if (fdP == NULL) { fprintf(stderr, "Unable to open inode %s for vnode %u (volume %i); not dumped, error %d\n", PrintInode(NULL, VNDISK_GET_INO(v)), vnodeNumber, volid, errno); } else { if (verbose) fprintf(stderr, "about to dump inode %s for vnode %u\n", PrintInode(NULL, VNDISK_GET_INO(v)), vnodeNumber); code = DumpFile(dumpfd, vnodeNumber, fdP, v); FDH_CLOSE(fdP); } IH_RELEASE(ihP); } if (verbose) fprintf(stderr, "done dumping vnode %d\n", vnodeNumber); return code; }
void main(int argc, char **argv) { char *fargv[1000]; char cmdline[10000]; int i, arg; FILE *fout; int pos, len; int full = 0; char *outfile = NULL; if (argc < 3) { Usage: fprintf(stderr, "Usage: %s ?-o outfile? ?-f(ull)? <dllname> <object filenames> ..\n", argv[0]); exit(1); } arg = 1; while (argv[arg][0] == '-') { if (strcmp(argv[arg], "--") == 0) { arg++; break; } else if (strcmp(argv[arg], "-f") == 0) { full = 1; } else if (strcmp(argv[arg], "-o") == 0) { arg++; if (arg == argc) { goto Usage; } outfile = argv[arg]; } arg++; } if (arg == argc) { goto Usage; } if (outfile) { fout = fopen(outfile, "w+"); if (fout == NULL) { fprintf(stderr, "Unable to open \'%s\' for writing:\n", argv[arg]); perror(""); exit(1); } } else { fout = stdout; } if (! full) { char *dllname = argv[arg]; arg++; if (arg == argc) { goto Usage; } fprintf(fout, "LIBRARY %s\n", dllname); fprintf(fout, "EXPORTS\n"); } for (; arg < argc; arg++) { if (argv[arg][0] == '@') { FILE *fargs = fopen(&argv[arg][1], "r"); if (fargs == NULL) { fprintf(stderr, "Unable to open \'%s\' for reading:\n", argv[arg]); perror(""); exit(1); } pos = 0; for (i = 0; i < arg; i++) { strcpy(&cmdline[pos], argv[i]); pos += strlen(&cmdline[pos]) + 1; fargv[i] = argv[i]; } while (fgets(&cmdline[pos], sizeof(cmdline) - pos, fargs) != 0) { len = strlen(&cmdline[pos]); cmdline[pos + len - 1] = ' '; i += GetArgcArgv(&cmdline[pos], &fargv[i]); pos += len; } fclose(fargs); argc = i; argv = fargv; } DumpFile(argv[arg], fout, full); } exit(0); }
int main(int argc, char **argv) { int rcRet = 0; /* * Parse arguments. */ int fArgsDone = 0; for (int i = 1; i < argc; i++) { const char *psz = argv[i]; if (!fArgsDone && psz[0] == '-' && psz[1]) { /* convert long option to short. */ if (*++psz == '-') { psz++; if (!*psz) /* -- */ { fArgsDone = 1; continue; } if (!strcmp(psz, "line-numbers")) psz = "l"; else if (!strcmp(psz, "no-line-numbers")) psz = "L"; else if (!strcmp(psz, "global-syms") || !strcmp(psz, "public-syms")) psz = "g"; else if (!strcmp(psz, "no-global-syms") || !strcmp(psz, "no-public-syms")) psz = "G"; else if (!strcmp(psz, "privat-syms") || !strcmp(psz, "local-syms")) psz = "p"; else if (!strcmp(psz, "no-privat-syms") || !strcmp(psz, "no-local-syms")) psz = "P"; else if (!strcmp(psz, "version")) psz = "v"; else if (!strcmp(psz, "help")) psz = "h"; else { fprintf(stderr, "%s: syntax error: unknown option '--%s'\n", argv[0], psz); return 1; } } /* eat short options. */ while (*psz) switch (*psz++) { case 'l': g_fLineNumbers = 1; break; case 'L': g_fLineNumbers = 0; break; case 'p': g_fPrivateSyms = 1; break; case 'P': g_fPrivateSyms = 0; break; case 'g': g_fGlobalSyms = 1; break; case 'G': g_fGlobalSyms = 0; break; case '?': case 'H': case 'h': return ShowSyntax(argv[0]); case 'v': return ShowVersion(); default: fprintf(stderr, "%s: syntax error: unknown option '-%c'.\n", argv[0], psz[-1]); return 1; } } else { /* Dump does it's own bitching if something goes wrong. */ int rc = DumpFile(psz); if (rc && !rcRet) rc = rcRet; } } return rcRet; }
int main(int argc, char* argv[]) { try { std::cout << "HadesMem Dumper [" << HADESMEM_VERSION_STRING << "]\n"; TCLAP::CmdLine cmd("PE file format dumper", ' ', HADESMEM_VERSION_STRING); TCLAP::ValueArg<DWORD> pid_arg( "", "pid", "Target process id", false, 0, "DWORD"); TCLAP::ValueArg<std::string> name_arg( "", "name", "Target process name", false, "", "string"); TCLAP::MultiArg<std::string> path_arg( "", "path", "Target path (file or directory)", false, "string"); TCLAP::SwitchArg all_arg("", "all", "No target, dump everything"); std::vector<TCLAP::Arg*> xor_args{&pid_arg, &name_arg, &path_arg, &all_arg}; cmd.xorAdd(xor_args); TCLAP::SwitchArg warned_arg( "", "warned", "Dump list of files which cause warnings", cmd); TCLAP::ValueArg<std::string> warned_file_arg( "", "warned-file", "Dump warned list to file instead of stdout", false, "", "string", cmd); TCLAP::SwitchArg warned_file_dynamic_arg( "", "warned-file-dynamic", "Dump warnings to file on the fly rather than at the end", cmd); TCLAP::SwitchArg quiet_arg( "", "quiet", "Only output status messages (no dumping)", cmd); TCLAP::SwitchArg memonly_arg("", "memonly", "Only do PE memory dumps", cmd); TCLAP::ValueArg<int> warned_type_arg("", "warned-type", "Filter warned file using warned type", false, -1, "int", cmd); TCLAP::ValueArg<DWORD> threads_arg( "", "threads", "Number of threads", false, 0, "size_t", cmd); TCLAP::ValueArg<DWORD> queue_factor_arg( "", "queue-factor", "Thread queue factor", false, 0, "size_t", cmd); TCLAP::SwitchArg strings_arg("", "strings", "Dump strings", cmd); cmd.parse(argc, argv); g_quiet = quiet_arg.isSet(); g_strings = strings_arg.isSet(); SetWarningsEnabled(warned_arg.getValue()); SetDynamicWarningsEnabled(warned_file_dynamic_arg.getValue()); if (warned_file_arg.isSet()) { SetWarnedFilePath( hadesmem::detail::MultiByteToWideChar(warned_file_arg.getValue())); } if (GetDynamicWarningsEnabled() && GetWarnedFilePath().empty()) { HADESMEM_DETAIL_THROW_EXCEPTION( hadesmem::Error() << hadesmem::ErrorString( "Please specify a file path for dynamic warnings.")); } int const warned_type = warned_type_arg.getValue(); switch (warned_type) { case static_cast<int>(WarningType::kSuspicious): SetWarnedType(WarningType::kSuspicious); break; case static_cast<int>(WarningType::kUnsupported): SetWarnedType(WarningType::kUnsupported); break; case static_cast<int>(WarningType::kAll): SetWarnedType(WarningType::kAll); break; default: HADESMEM_DETAIL_THROW_EXCEPTION( hadesmem::Error() << hadesmem::ErrorString("Unknown warned type.")); break; } try { hadesmem::GetSeDebugPrivilege(); std::wcout << "\nAcquired SeDebugPrivilege.\n"; } catch (std::exception const& /*e*/) { std::wcout << "\nFailed to acquire SeDebugPrivilege.\n"; } auto const threads = threads_arg.isSet() ? threads_arg.getValue() : 1; auto const queue_factor = queue_factor_arg.isSet() ? queue_factor_arg.getValue() : 1; hadesmem::detail::ThreadPool thread_pool{threads, queue_factor}; if (pid_arg.isSet()) { DWORD const pid = pid_arg.getValue(); hadesmem::ProcessList const processes; auto iter = std::find_if(std::begin(processes), std::end(processes), [pid](hadesmem::ProcessEntry const& process_entry) { return process_entry.GetId() == pid; }); if (iter != std::end(processes)) { DumpProcessEntry(*iter, memonly_arg.isSet()); } else { HADESMEM_DETAIL_THROW_EXCEPTION( hadesmem::Error() << hadesmem::ErrorString("Failed to find requested process.")); } } else if (name_arg.isSet()) { auto const proc_name = hadesmem::detail::MultiByteToWideChar(name_arg.getValue()); auto const proc_entry = hadesmem::GetProcessEntryByName(proc_name, false); DumpProcessEntry(proc_entry, memonly_arg.isSet()); } else if (path_arg.isSet()) { // TODO: Use backup semantics flags and try to get backup privilege in // order to make directory enumeration find more files. auto const path_args = path_arg.getValue(); for (auto const& path : path_args) { auto const path_wide = hadesmem::detail::MultiByteToWideChar(path); if (hadesmem::detail::IsDirectory(path_wide)) { DumpDir(path_wide, thread_pool); } else { DumpFile(path_wide); } } } else { DumpThreads(static_cast<DWORD>(-1)); DumpProcesses(memonly_arg.isSet()); std::wcout << "\nFiles:\n"; // TODO: Enumerate all volumes. std::wstring const self_path = hadesmem::detail::GetSelfPath(); std::wstring const root_path = hadesmem::detail::GetRootPath(self_path); DumpDir(root_path, thread_pool); } thread_pool.WaitForEmpty(); if (GetWarningsEnabled()) { if (!GetWarnedFilePath().empty() && !GetDynamicWarningsEnabled()) { std::unique_ptr<std::wfstream> warned_file_ptr( hadesmem::detail::OpenFile<wchar_t>(GetWarnedFilePath(), std::ios::out)); std::wfstream& warned_file = *warned_file_ptr; if (!warned_file) { HADESMEM_DETAIL_THROW_EXCEPTION( hadesmem::Error() << hadesmem::ErrorString("Failed to open warned file for output.")); } DumpWarned(warned_file); } else { DumpWarned(std::wcout); } } return 0; } catch (...) { std::cerr << "\nError!\n" << boost::current_exception_diagnostic_information() << '\n'; return 1; } }
int main(int argc, char* argv[]) { try { std::cout << "HadesMem Dumper [" << HADESMEM_VERSION_STRING << "]\n"; TCLAP::CmdLine cmd("PE file format dumper", ' ', HADESMEM_VERSION_STRING); TCLAP::ValueArg<DWORD> pid_arg( "", "pid", "Target process id", false, 0, "DWORD"); TCLAP::ValueArg<std::string> name_arg( "", "name", "Target process name", false, "", "string"); TCLAP::ValueArg<std::string> path_arg( "", "path", "Target path (file or directory)", false, "", "string"); TCLAP::SwitchArg all_arg("", "all", "No target, dump everything"); std::vector<TCLAP::Arg*> xor_args{&pid_arg, &name_arg, &path_arg, &all_arg}; cmd.xorAdd(xor_args); TCLAP::SwitchArg warned_arg( "", "warned", "Dump list of files which cause warnings", cmd); TCLAP::ValueArg<std::string> warned_file_arg( "", "warned-file", "Dump warned list to file instead of stdout", false, "", "string", cmd); TCLAP::SwitchArg warned_file_dynamic_arg( "", "warned-file-dynamic", "Dump warnings to file on the fly rather than at the end", cmd); TCLAP::ValueArg<int> warned_type_arg("", "warned-type", "Filter warned file using warned type", false, -1, "int", cmd); cmd.parse(argc, argv); SetWarningsEnabled(warned_arg.getValue()); SetDynamicWarningsEnabled(warned_file_dynamic_arg.getValue()); if (warned_file_arg.isSet()) { SetWarnedFilePath( hadesmem::detail::MultiByteToWideChar(warned_file_arg.getValue())); } if (GetDynamicWarningsEnabled() && GetWarnedFilePath().empty()) { HADESMEM_DETAIL_THROW_EXCEPTION( hadesmem::Error() << hadesmem::ErrorString( "Please specify a file path for dynamic warnings.")); } int const warned_type = warned_type_arg.getValue(); switch (warned_type) { case static_cast<int>(WarningType::kSuspicious): SetWarnedType(WarningType::kSuspicious); break; case static_cast<int>(WarningType::kUnsupported): SetWarnedType(WarningType::kUnsupported); break; case static_cast<int>(WarningType::kAll): SetWarnedType(WarningType::kAll); break; default: HADESMEM_DETAIL_THROW_EXCEPTION( hadesmem::Error() << hadesmem::ErrorString("Unknown warned type.")); break; } try { hadesmem::GetSeDebugPrivilege(); std::wcout << "\nAcquired SeDebugPrivilege.\n"; } catch (std::exception const& /*e*/) { std::wcout << "\nFailed to acquire SeDebugPrivilege.\n"; } if (pid_arg.isSet()) { DWORD const pid = pid_arg.getValue(); hadesmem::ProcessList const processes; auto iter = std::find_if(std::begin(processes), std::end(processes), [pid](hadesmem::ProcessEntry const& process_entry) { return process_entry.GetId() == pid; }); if (iter != std::end(processes)) { DumpProcessEntry(*iter); } else { HADESMEM_DETAIL_THROW_EXCEPTION( hadesmem::Error() << hadesmem::ErrorString("Failed to find requested process.")); } } else if (name_arg.isSet()) { auto const proc_name = hadesmem::detail::MultiByteToWideChar(name_arg.getValue()); auto const proc_entry = hadesmem::GetProcessEntryByName(proc_name, false); DumpProcessEntry(proc_entry); } else if (path_arg.isSet()) { auto const path = hadesmem::detail::MultiByteToWideChar(path_arg.getValue()); if (hadesmem::detail::IsDirectory(path)) { DumpDir(path); } else { DumpFile(path); } } else { DumpThreads(static_cast<DWORD>(-1)); DumpProcesses(); std::wcout << "\nFiles:\n"; std::wstring const self_path = hadesmem::detail::GetSelfPath(); std::wstring const root_path = hadesmem::detail::GetRootPath(self_path); DumpDir(root_path); } if (GetWarningsEnabled()) { if (!GetWarnedFilePath().empty() && !GetDynamicWarningsEnabled()) { std::unique_ptr<std::wfstream> warned_file_ptr( hadesmem::detail::OpenFile<wchar_t>(GetWarnedFilePath(), std::ios::out)); std::wfstream& warned_file = *warned_file_ptr; if (!warned_file) { HADESMEM_DETAIL_THROW_EXCEPTION( hadesmem::Error() << hadesmem::ErrorString("Failed to open warned file for output.")); } DumpWarned(warned_file); } else { DumpWarned(std::wcout); } } return 0; } catch (...) { std::cerr << "\nError!\n" << boost::current_exception_diagnostic_information() << '\n'; if (!g_current_file_path.empty()) { std::wcerr << "\nCurrent file: " << g_current_file_path << "\n"; } return 1; } }
int main(int argc, char **argv) { char *lstname = NULL; char *outlstname = NULL; int i=0; if(argc<2) { printf("usage: %s infile (optional: outfolder)\n",argv[0]); return 0; } dat = fopen(argv[1],"rb"); if(!dat) { printf("Could not open %s\n",argv[1]); return -1; } lstname = (char*)calloc(strlen(argv[1])+5,sizeof(char)); strcpy(lstname,argv[1]); strcat(lstname,".lst"); lst = fopen(lstname,"rb"); if(!lst) { printf("Could not open %s\n",lstname); return -1; } outlstname = (char*)calloc(strlen(argv[1])+5,sizeof(char)); strcpy(lstname,argv[1]); strcat(lstname,".txt"); outlst = fopen(lstname,"w"); if(!outlst) { printf("Could not open %s\n",outlstname); return -1; } fread(&fcount,1,4,lst); fcount ^= 0x01010101; if(argc==3) { mkdir(argv[2]); chdir(argv[2]); } Entry = (ENTRY*)calloc(fcount+1,sizeof(ENTRY)); for(i=0; i<fcount; i++) { int x=0; fread(&Entry[i],1,sizeof(ENTRY),lst); Entry[i].size ^= 0x01010101; Entry[i].offset ^= 0x01010101; while(Entry[i].name[x]!='\0') Entry[i].name[x++] ^= 0x01; printf("[+] %-30s offset[%08x] size[%08x] type[%d]\n",Entry[i].name,Entry[i].offset,Entry[i].size,Entry[i].type); DumpFile(Entry[i].name,Entry[i].offset,Entry[i].size,Entry[i].type); } return 0; }
void _tmain(int argc, TCHAR *argv[]) { int u = 0; // // display usage // if (argc != 3){ DisplayUsage(); return; } // // Do validation on the user input to help avoid buffer overruns. // _try{ // // argv[1] should be a null terminated string // of exactly two characters in length (not including the NULL). // if ((_T('-') != argv[1][0]) || (_T('\0') == argv[1][1]) || (_T('\0') != argv[1][2])){ DisplayUsage(); return; } // // argv[2] should have at least one non-NULL character before a NULL character. // if (_T('\0') == argv[2][0]){ DisplayUsage(); return; } // // argv[2] should not be a string of more than MAX_PATH characters. // u = 0; while (_T('\0') != argv[2][u]){ if (MAX_PATH == u){ DisplayUsage(); return; } u++; } } _except(EXCEPTION_EXECUTE_HANDLER){ DisplayUsage(); return; } _tprintf(TEXT(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n")); _tprintf(TEXT(">> SECURITY INFORMATION >>\n")); _tprintf(TEXT(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n\n")); _tprintf(TEXT("object name ........ %s\n"), argv[2]); _tprintf(TEXT("object type ........ ")); switch (argv[1][1]) { case 'a': _tprintf(TEXT("mailslot\n")); DumpKernelObject(argv[2], argv[1][1]); break; case 'e': _tprintf(TEXT("event\n")); DumpKernelObject(argv[2], argv[1][1]); break; case 'f': _tprintf(TEXT("file\n")); DumpFile(argv[2], argv[1][1]); break; case 'd': _tprintf(TEXT("directory\n")); DumpFile(argv[2], argv[1][1]); break; case 'm': _tprintf(TEXT("mutex\n")); DumpKernelObject(argv[2], argv[1][1]); break; case 'r': _tprintf(TEXT("registry\n")); DumpRegistryKey(argv[2]); break; case 's': _tprintf(TEXT("semaphore\n")); DumpKernelObject(argv[2], argv[1][1]); break; case 'p': _tprintf(TEXT("process\n")); DumpKernelObject(argv[2], argv[1][1]); break; case 'i': _tprintf(TEXT("memory mapped file\n")); DumpKernelObject(argv[2], argv[1][1]); break; case 'v': _tprintf(TEXT("service\n")); DumpService(NULL, argv[2]); break; case 'w': _tprintf(TEXT("window station\n")); DumpUserObject(argv[2], argv[1][1]); break; case 'k': _tprintf(TEXT("desktop\n")); DumpUserObject(argv[2], argv[1][1]); break; case 'n': _tprintf(TEXT("named pipe\n")); DumpKernelObject(argv[2], argv[1][1]); break; case 'o': _tprintf(TEXT("process access token\n")); DumpKernelObject(argv[2], argv[1][1]); break; case 'l': _tprintf(TEXT("printer\n")); DumpPrinter(argv[2]); break; case 't': _tprintf(TEXT("network share\n")); DumpNetShare(argv[2]); break; default: DisplayUsage(); } }