GETKBLAYOUT_DLL_API BOOL Initialize(int debug)
{
/* TODO: Check that OS version == win7 */
if ( GetConhostInit() ) {
OutputDebugString(TEXT("Can't get pointers to necessary routines from ntdll.dll\n" ));
Init = FALSE;
return Init;
}
if ( debug ) {
EnableSeDebug();
}
Init = TRUE;
OutputDebugString(TEXT("Init getconkbl.dll: OK\n"));
return Init;
}
int _tmain(int argc, _TCHAR* argv[])
{
DWORD console_pid;
NTSTATUS status;
if (argc != 2 || (console_pid = _wtoi(argv[1])) == 0) {
printhelp();
return 0;
}
if ( GetConhostInit() ) {
printf ( "Can't get pointers to necessary routines from ntdll.dll\n" );
return 1;
}
// Is not necessary to have SeDebugPrivilege to open process owned by the same user.
// Normally lack of SeDebugPrivilege is not a problem. For intended use in ahk even if ahk itself is run
// as administrator from nonadmin user account it will still be able to access processes
// of this user account (but not processes run from admin account itself).
// On the other hand on system with default settings it is impossible to get SeDebugPrivilege anyway, even for admin.
status = EnableSeDebug();
if ( status != STATUS_SUCCESS ) {
printf("Can't adjust privileges, code %X\n", status);
}
int conhost_count;
DWORD *conhost = FindConhost(&conhost_count);
if (conhost == NULL) {
printf("Can't enum conhost processes\n");
return 1;
}
if (conhost_count == 0) {
printf("Can't find any conhost processes\n");
return 1;
}
DWORD conhost_pid = GetRelevantPID(conhost, conhost_count, console_pid);
free(conhost);
if (conhost_pid == 0) {
printf("Can't find related conhost process\n");
return 0;
}
DWORD *threads = GetThreads(conhost_pid);
if (threads == NULL) {
printf("Error enumerating threads for conhost\n");
return 0;
}
int i = 0;
while (threads[i] != NULL) {
// it seems that second thread is relevant for GetKeyboardLayout().
// second thread might be with lower TID, but it's always second in enumeration
printf("TID:%04X KeyboardLayout:%04X\n", threads[i], GetKeyboardLayout(threads[i]));
++i;
}
free(threads);
// wait
scanf("%d", &i);
return 0;
}
int main(int argc, char* argv[] )
{
uint pid=0;
char* dll= 0;
int rv = 0;
bool handled = false;
if(argc < 2) usage();
if( argv[1][0] == '-') argv[1][0] = '/'; //standardize
EnableSeDebug();
//HANDLE hWatchDog = startWatchDog(); //still getting hangs once in a while..monitor external :-\
setvbuf(stdout, NULL, _IONBF, 0); //autoflush - allows external apps to read cmdline output in realtime..
// /inject decimal_pid dll_path
if(strstr(argv[1],"/inject") > 0 ){
if(argc!=4) usage(3);
pid = atoi( argv[2] );
dll = strdup(argv[3]);
if(!FileExists(dll)){
printf("Error: dll file not found: %s\n\n",dll);
usage();
}
rv = inject(dll,pid);
handled = true;
}
// /loadlib path
if(strstr(argv[1],"/loadlib") > 0 ){
if(argc!=3) usage(2);
dll = strdup(argv[2]);
if(!FileExists(dll)){
printf("Error: dll file not found: %s\n\n",dll);
usage();
}
printf("loadlib=%x\npress any key to continue...", LoadLibrary(dll));
getch();
handled = true;
}
// /dlls decimal_pid
if(strstr(argv[1],"/dlls") > 0 ){
if(argc!=3) usage(2);
pid = atoi( argv[2] );
rv = PrintModules(pid);
handled = true;
}
// /dumpprocess decimal_pid out_file_path
if(strstr(argv[1],"/dumpproc") > 0 ){
if(argc!=4) usage(3);
pid = atoi( argv[2] );
char* dumpFile = strdup(argv[3]);
if(FileExists(dumpFile)){
printf("Error: dump file already exists aborting: %s\n\n", dumpFile);
}
else{
rv = DumpProcess(pid,dumpFile);
}
handled = true;
}
// /dump decimal_pid, hex_string_base, hex_string_size out_file_path
if(!handled && strstr(argv[1],"/dumpmod") > 0 ){
if(argc!=6) usage(5);
pid = atoi( argv[2] );
__int64 base = _strtoi64(argv[3], NULL, 16);
__int64 sz = _strtoi64(argv[4], NULL, 16);
char* dumpFile = strdup(argv[5]);
if(FileExists(dumpFile)){
printf("Error: dump file already exists aborting: %s\n\n", dumpFile);
}
else{
rv = dump(pid,base,sz,dumpFile);
}
handled = true;
}
// /startwdll exe_path dll_path
if(strstr(argv[1],"/startwdll") > 0 ){
if(argc!=4) usage(3);
char* exe = strdup(argv[2]);
dll = strdup(argv[3]);
if(!FileExists(dll)){
printf("Error: dll file not found: %s\n\n",dll);
usage();
}
rv = startwdll(dll,exe);
handled = true;
}
// /memmap decimal_pid out_path
if(strstr(argv[1],"/memmap") > 0 ){
if(argc!=4) usage(3);
pid = atoi( argv[2] );
dll = strdup(argv[3]);
if(FileExists(dll)){
printf("Error: out file already exists: %s\n\n",dll);
usage();
}
rv = memMap(pid,dll);
handled = true;
}
if(handled==false){
printf("Error: Unknown option %s\n\n", argv[1]);
usage();
}
//TerminateThread(hWatchDog,0);
//CloseHandle(hWatchDog);
if( IsDebuggerPresent() ){
printf("press any key to exit...");
getch();
}
return rv;
}
