// Проверить битность OS
bool IsWindows64()
{
static bool is64bitOs = false, isOsChecked = false;
if (isOsChecked)
return is64bitOs;
#ifdef WIN64
is64bitOs = true;
#else
// Проверяем, где мы запущены
bool isWow64process = false;
HMODULE hKernel = GetModuleHandleW(L"kernel32.dll");
if (hKernel)
{
typedef BOOL (WINAPI* IsWow64Process_t)(HANDLE hProcess, PBOOL Wow64Process);
IsWow64Process_t IsWow64Process_f = (IsWow64Process_t)GetProcAddress(hKernel, "IsWow64Process");
if (IsWow64Process_f)
{
BOOL bWow64 = FALSE;
if (IsWow64Process_f(GetCurrentProcess(), &bWow64) && bWow64)
{
isWow64process = true;
}
}
}
is64bitOs = isWow64process;
#endif
isOsChecked = true;
return is64bitOs;
}
BOOL IsWindows64()
{
BOOL is64bitOs = FALSE, isWow64process = FALSE;
// Проверяем, где мы запущены
isWow64process = FALSE;
HMODULE hKernel = GetModuleHandleW(L"kernel32.dll");
if (hKernel)
{
typedef BOOL (WINAPI* IsWow64Process_t)(HANDLE hProcess, PBOOL Wow64Process);
IsWow64Process_t IsWow64Process_f = (IsWow64Process_t)GetProcAddress(hKernel, "IsWow64Process");
if (IsWow64Process_f)
{
BOOL bWow64 = FALSE;
if (IsWow64Process_f(GetCurrentProcess(), &bWow64) && bWow64)
{
isWow64process = TRUE;
}
}
}
is64bitOs = isWow64process;
return is64bitOs;
}
/// Check running process bitness - 32/64
int GetProcessBits(DWORD nPID, HANDLE hProcess /*= NULL*/)
{
if (!IsWindows64())
return 32;
int ImageBits = WIN3264TEST(32,64); //-V112
static BOOL (WINAPI* IsWow64Process_f)(HANDLE, PBOOL) = NULL;
if (!IsWow64Process_f)
{
// Kernel32.dll is always loaded due to static link
MModule kernel(GetModuleHandle(L"kernel32.dll"));
kernel.GetProcAddress("IsWow64Process", IsWow64Process_f);
// 64-bit OS must have this function
_ASSERTE(IsWow64Process_f != NULL);
}
if (IsWow64Process_f)
{
BOOL bWow64 = FALSE;
HANDLE h = hProcess ? hProcess : OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, nPID);
// IsWow64Process would be succeessfull for PROCESS_QUERY_LIMITED_INFORMATION (Vista+)
if ((h == NULL) && IsWin6())
{
// PROCESS_QUERY_LIMITED_INFORMATION not defined in GCC
h = OpenProcess(0x1000/*PROCESS_QUERY_LIMITED_INFORMATION*/, FALSE, nPID);
}
if (h == NULL)
{
// If it is blocked due to access rights - try to find alternative ways (by path or PERF COUNTER)
ImageBits = 0;
}
else if (IsWow64Process_f(h, &bWow64) && !bWow64)
{
ImageBits = 64;
}
else
{
ImageBits = 32;
}
if (h && (h != hProcess))
CloseHandle(h);
}
return ImageBits;
}
int InjectRemote(DWORD nRemotePID, bool abDefTermOnly /*= false */)
{
int iRc = -1;
bool lbWin64 = WIN3264TEST((IsWindows64()!=0),true);
bool is32bit;
DWORD nWrapperWait = (DWORD)-1, nWrapperResult = (DWORD)-1;
HANDLE hProc = NULL;
wchar_t szSelf[MAX_PATH+16], szHooks[MAX_PATH+16];
wchar_t *pszNamePtr, szArgs[32];
if (!GetModuleFileName(NULL, szSelf, MAX_PATH))
{
iRc = -200;
goto wrap;
}
wcscpy_c(szHooks, szSelf);
pszNamePtr = (wchar_t*)PointToName(szHooks);
if (!pszNamePtr)
{
iRc = -200;
goto wrap;
}
hProc = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_VM_READ, FALSE, nRemotePID);
if (hProc == NULL)
{
iRc = -201;
goto wrap;
}
// Определить битность процесса, Если он 32битный, а текущий - ConEmuC64.exe
// Перезапустить 32битную версию ConEmuC.exe
if (!lbWin64)
{
is32bit = true; // x86 OS!
}
else
{
is32bit = false; // x64 OS!
// Проверяем, кто такой nRemotePID
HMODULE hKernel = GetModuleHandleW(L"kernel32.dll");
if (hKernel)
{
typedef BOOL (WINAPI* IsWow64Process_t)(HANDLE hProcess, PBOOL Wow64Process);
IsWow64Process_t IsWow64Process_f = (IsWow64Process_t)GetProcAddress(hKernel, "IsWow64Process");
if (IsWow64Process_f)
{
BOOL bWow64 = FALSE;
if (IsWow64Process_f(hProc, &bWow64) && bWow64)
{
// По идее, такого быть не должно. ConEmu должен был запустить 32битный conemuC.exe
#ifdef _WIN64
_ASSERTE(bWow64==FALSE);
#endif
is32bit = true;
}
}
}
}
if (is32bit != WIN3264TEST(true,false))
{
// По идее, такого быть не должно. ConEmu должен был запустить соответствующий conemuC*.exe
_ASSERTE(is32bit == WIN3264TEST(true,false));
PROCESS_INFORMATION pi = {};
STARTUPINFO si = {sizeof(si)};
_wcscpy_c(pszNamePtr, 16, is32bit ? L"ConEmuC.exe" : L"ConEmuC64.exe");
_wsprintf(szArgs, SKIPLEN(countof(szArgs)) L" /INJECT=%u", nRemotePID);
if (!CreateProcess(szHooks, szArgs, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
{
iRc = -202;
goto wrap;
}
nWrapperWait = WaitForSingleObject(pi.hProcess, INFINITE);
GetExitCodeProcess(pi.hProcess, &nWrapperResult);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
if ((nWrapperResult != CERR_HOOKS_WAS_SET) && (nWrapperResult != CERR_HOOKS_WAS_ALREADY_SET))
{
iRc = -203;
SetLastError(nWrapperResult);
goto wrap;
}
// Значит всю работу сделал враппер
iRc = 0;
goto wrap;
}
// Поехали
_wcscpy_c(pszNamePtr, 16, is32bit ? L"ConEmuHk.dll" : L"ConEmuHk64.dll");
if (!FileExists(szHooks))
{
iRc = -250;
goto wrap;
}
if (abDefTermOnly)
{
int iFRc = PrepareHookModule(szHooks);
if (iFRc != 0)
{
iRc = iFRc;
goto wrap;
}
}
iRc = InfiltrateDll(hProc, szHooks);
// Если создавали временную копию - запланировать ее удаление
if (abDefTermOnly && (lstrcmpi(szHooks, szSelf) != 0))
{
MoveFileEx(szHooks, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
}
wrap:
if (hProc != NULL)
CloseHandle(hProc);
return iRc;
}
bool GetImageSubsystem(PROCESS_INFORMATION pi,DWORD& ImageSubsystem,DWORD& ImageBits/*16/32/64*/)
{
DWORD nErrCode = 0;
DWORD nFlags = TH32CS_SNAPMODULE;
ImageBits = 32; //-V112
ImageSubsystem = IMAGE_SUBSYSTEM_WINDOWS_CUI;
#ifdef _WIN64
HMODULE hKernel = GetModuleHandle(L"kernel32.dll");
if (hKernel)
{
typedef BOOL (WINAPI* IsWow64Process_t)(HANDLE, PBOOL);
IsWow64Process_t IsWow64Process_f = (IsWow64Process_t)GetProcAddress(hKernel, "IsWow64Process");
if (IsWow64Process_f)
{
BOOL bWow64 = FALSE;
if (IsWow64Process_f(pi.hProcess, &bWow64) && !bWow64)
{
ImageBits = 64;
}
else
{
ImageBits = 32;
nFlags = TH32CS_SNAPMODULE32;
}
}
}
#endif
HANDLE hSnap = CreateToolhelp32Snapshot(nFlags, pi.dwProcessId);
if (hSnap == INVALID_HANDLE_VALUE)
{
nErrCode = GetLastError();
return false;
}
IMAGE_DOS_HEADER dos;
IMAGE_HEADERS hdr;
SIZE_T hdrReadSize;
MODULEENTRY32 mi = {sizeof(MODULEENTRY32)};
BOOL lbModule = Module32First(hSnap, &mi);
CloseHandle(hSnap);
if (!lbModule)
return false;
// Теперь можно считать данные процесса
if (!ReadProcessMemory(pi.hProcess, mi.modBaseAddr, &dos, sizeof(dos), &hdrReadSize))
nErrCode = -3;
else if (dos.e_magic != IMAGE_DOS_SIGNATURE)
nErrCode = -4; // некорректная сигнатура - должно быть 'MZ'
else if (!ReadProcessMemory(pi.hProcess, mi.modBaseAddr+dos.e_lfanew, &hdr, sizeof(hdr), &hdrReadSize))
nErrCode = -5;
else if (hdr.Signature != IMAGE_NT_SIGNATURE)
nErrCode = -6;
else if (hdr.OptionalHeader32.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC
&& hdr.OptionalHeader64.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC)
nErrCode = -7;
else
{
nErrCode = 0;
switch (hdr.OptionalHeader32.Magic)
{
case IMAGE_NT_OPTIONAL_HDR32_MAGIC:
{
_ASSERTE(ImageBits == 32); //-V112
ImageBits = 32; //-V112
ImageSubsystem = hdr.OptionalHeader32.Subsystem;
_ASSERTE((ImageSubsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI) || (ImageSubsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI));
}
break;
case IMAGE_NT_OPTIONAL_HDR64_MAGIC:
{
_ASSERTE(ImageBits == 64);
ImageBits = 64;
ImageSubsystem = hdr.OptionalHeader64.Subsystem;
_ASSERTE((ImageSubsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI) || (ImageSubsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI));
}
break;
default:
{
nErrCode = -8;
}
}
}
return (nErrCode == 0);
}
RegConfig::RegConfig(
#if FAR_UNICODE>=1900
LPCTSTR asModuleName
#else
LPCTSTR asRootKey, LPCTSTR asModuleName
#endif
)
{
#ifndef FAR_UNICODE
size_t nLen = _tcslen(asRootKey);
pszPluginKey = (TCHAR*)malloc((nLen+16)*sizeof(TCHAR));
lstrcpy(pszPluginKey, asRootKey);
lstrcat(pszPluginKey, _T("\\RegEditor"));
#endif
sVersionInfo[0] = 0;
LoadVersionInfo(asModuleName);
mp_Token = NULL; mb_TokenWarnedOnce = FALSE; mn_TokenRef = 0; mb_RestoreAquired = FALSE;
mb_SettingsChanged = FALSE;
// Значения по умолчанию!
bWow64on32_ = 2; // 2-Auto. 1-Отображать 64-битный реестр, 0-32-битный
bVirtualize = FALSE;
lstrcpy(sCommandPrefix, _T("reg2"));
lstrcpy(sRegTitlePrefix, _T("REG2"));
lstrcpy(sRegTitleDirty, _T(" (*)"));
bAddToDisksMenu = FALSE;
cDiskMenuHotkey[0] = 0; cDiskMenuHotkey[1] = 0;
bAddToPluginsMenu = TRUE;
bBrowseRegFiles = TRUE;
bBrowseRegHives = 1;
bSkipAccessDeniedMessage = FALSE; // 1-не показывать ошибку, 0-показывать ошибку
bUseBackupRestore = TRUE; // пытаться повысить привилегии до BackupRestore при ошибках доступа
bSkipPrivilegesDeniedMessage = TRUE;
bShowKeysAsDirs = TRUE;
bUnsortLargeKeys = TRUE; nLargeKeyCount = 1000; nLargeKeyTimeout = 300;
#ifdef _UNICODE
bCreateUnicodeFiles = TRUE;
#else
bCreateUnicodeFiles = FALSE;
#endif
bEscapeRNonExporting = TRUE;
bCheckMacroSequences = bCheckMacrosInVars = FALSE;
nAnsiCodePage = 1251;
bEditBinaryAsText = TRUE;
bRefreshChanges = TRUE; // 0-только по CtrlR, 1-автоматически
bLoadDescriptions = TRUE;
bExportDefaultValueFirst = FALSE;
nRefreshKeyTimeout = 1000;
nRefreshSubkeyTimeout = 10000;
pszLastRegPath = NULL; nMaxRegPath = 0;
bConfirmImport = TRUE; bShowImportResult = TRUE;
bRestorePanelMode = FALSE;
bSomeValuesMissed = FALSE;
bUseInternalBookmarks = TRUE;
szBookmarksValueName[0] = 0;
cchBookmarksMaxCount = cchBookmarksLen = 0;
pszBookmarks = NULL;
#ifdef _WIN64
is64bitOs = TRUE; isWow64process = FALSE;
#else
// Проверяем, где мы запущены
isWow64process = FALSE;
HMODULE hKernel = GetModuleHandle(_T("kernel32.dll"));
if (hKernel) {
IsWow64Process_t IsWow64Process_f = (IsWow64Process_t)GetProcAddress(hKernel, "IsWow64Process");
if (IsWow64Process_f) {
BOOL bWow64 = FALSE;
if (IsWow64Process_f(GetCurrentProcess(), &bWow64) && bWow64) {
isWow64process = TRUE;
}
}
}
is64bitOs = isWow64process;
#endif
}
