// Проверить битность OS bool IsWindows64() { static bool is64bitOs = false, isOsChecked = false; if (isOsChecked) return is64bitOs; #ifdef WIN64 is64bitOs = true; #else // Проверяем, где мы запущены bool isWow64process = false; HMODULE hKernel = GetModuleHandleW(L"kernel32.dll"); if (hKernel) { typedef BOOL (WINAPI* IsWow64Process_t)(HANDLE hProcess, PBOOL Wow64Process); IsWow64Process_t IsWow64Process_f = (IsWow64Process_t)GetProcAddress(hKernel, "IsWow64Process"); if (IsWow64Process_f) { BOOL bWow64 = FALSE; if (IsWow64Process_f(GetCurrentProcess(), &bWow64) && bWow64) { isWow64process = true; } } } is64bitOs = isWow64process; #endif isOsChecked = true; return is64bitOs; }
BOOL IsWindows64() { BOOL is64bitOs = FALSE, isWow64process = FALSE; // Проверяем, где мы запущены isWow64process = FALSE; HMODULE hKernel = GetModuleHandleW(L"kernel32.dll"); if (hKernel) { typedef BOOL (WINAPI* IsWow64Process_t)(HANDLE hProcess, PBOOL Wow64Process); IsWow64Process_t IsWow64Process_f = (IsWow64Process_t)GetProcAddress(hKernel, "IsWow64Process"); if (IsWow64Process_f) { BOOL bWow64 = FALSE; if (IsWow64Process_f(GetCurrentProcess(), &bWow64) && bWow64) { isWow64process = TRUE; } } } is64bitOs = isWow64process; return is64bitOs; }
/// Check running process bitness - 32/64 int GetProcessBits(DWORD nPID, HANDLE hProcess /*= NULL*/) { if (!IsWindows64()) return 32; int ImageBits = WIN3264TEST(32,64); //-V112 static BOOL (WINAPI* IsWow64Process_f)(HANDLE, PBOOL) = NULL; if (!IsWow64Process_f) { // Kernel32.dll is always loaded due to static link MModule kernel(GetModuleHandle(L"kernel32.dll")); kernel.GetProcAddress("IsWow64Process", IsWow64Process_f); // 64-bit OS must have this function _ASSERTE(IsWow64Process_f != NULL); } if (IsWow64Process_f) { BOOL bWow64 = FALSE; HANDLE h = hProcess ? hProcess : OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, nPID); // IsWow64Process would be succeessfull for PROCESS_QUERY_LIMITED_INFORMATION (Vista+) if ((h == NULL) && IsWin6()) { // PROCESS_QUERY_LIMITED_INFORMATION not defined in GCC h = OpenProcess(0x1000/*PROCESS_QUERY_LIMITED_INFORMATION*/, FALSE, nPID); } if (h == NULL) { // If it is blocked due to access rights - try to find alternative ways (by path or PERF COUNTER) ImageBits = 0; } else if (IsWow64Process_f(h, &bWow64) && !bWow64) { ImageBits = 64; } else { ImageBits = 32; } if (h && (h != hProcess)) CloseHandle(h); } return ImageBits; }
int InjectRemote(DWORD nRemotePID, bool abDefTermOnly /*= false */) { int iRc = -1; bool lbWin64 = WIN3264TEST((IsWindows64()!=0),true); bool is32bit; DWORD nWrapperWait = (DWORD)-1, nWrapperResult = (DWORD)-1; HANDLE hProc = NULL; wchar_t szSelf[MAX_PATH+16], szHooks[MAX_PATH+16]; wchar_t *pszNamePtr, szArgs[32]; if (!GetModuleFileName(NULL, szSelf, MAX_PATH)) { iRc = -200; goto wrap; } wcscpy_c(szHooks, szSelf); pszNamePtr = (wchar_t*)PointToName(szHooks); if (!pszNamePtr) { iRc = -200; goto wrap; } hProc = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_VM_READ, FALSE, nRemotePID); if (hProc == NULL) { iRc = -201; goto wrap; } // Определить битность процесса, Если он 32битный, а текущий - ConEmuC64.exe // Перезапустить 32битную версию ConEmuC.exe if (!lbWin64) { is32bit = true; // x86 OS! } else { is32bit = false; // x64 OS! // Проверяем, кто такой nRemotePID HMODULE hKernel = GetModuleHandleW(L"kernel32.dll"); if (hKernel) { typedef BOOL (WINAPI* IsWow64Process_t)(HANDLE hProcess, PBOOL Wow64Process); IsWow64Process_t IsWow64Process_f = (IsWow64Process_t)GetProcAddress(hKernel, "IsWow64Process"); if (IsWow64Process_f) { BOOL bWow64 = FALSE; if (IsWow64Process_f(hProc, &bWow64) && bWow64) { // По идее, такого быть не должно. ConEmu должен был запустить 32битный conemuC.exe #ifdef _WIN64 _ASSERTE(bWow64==FALSE); #endif is32bit = true; } } } } if (is32bit != WIN3264TEST(true,false)) { // По идее, такого быть не должно. ConEmu должен был запустить соответствующий conemuC*.exe _ASSERTE(is32bit == WIN3264TEST(true,false)); PROCESS_INFORMATION pi = {}; STARTUPINFO si = {sizeof(si)}; _wcscpy_c(pszNamePtr, 16, is32bit ? L"ConEmuC.exe" : L"ConEmuC64.exe"); _wsprintf(szArgs, SKIPLEN(countof(szArgs)) L" /INJECT=%u", nRemotePID); if (!CreateProcess(szHooks, szArgs, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi)) { iRc = -202; goto wrap; } nWrapperWait = WaitForSingleObject(pi.hProcess, INFINITE); GetExitCodeProcess(pi.hProcess, &nWrapperResult); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); if ((nWrapperResult != CERR_HOOKS_WAS_SET) && (nWrapperResult != CERR_HOOKS_WAS_ALREADY_SET)) { iRc = -203; SetLastError(nWrapperResult); goto wrap; } // Значит всю работу сделал враппер iRc = 0; goto wrap; } // Поехали _wcscpy_c(pszNamePtr, 16, is32bit ? L"ConEmuHk.dll" : L"ConEmuHk64.dll"); if (!FileExists(szHooks)) { iRc = -250; goto wrap; } if (abDefTermOnly) { int iFRc = PrepareHookModule(szHooks); if (iFRc != 0) { iRc = iFRc; goto wrap; } } iRc = InfiltrateDll(hProc, szHooks); // Если создавали временную копию - запланировать ее удаление if (abDefTermOnly && (lstrcmpi(szHooks, szSelf) != 0)) { MoveFileEx(szHooks, NULL, MOVEFILE_DELAY_UNTIL_REBOOT); } wrap: if (hProc != NULL) CloseHandle(hProc); return iRc; }
bool GetImageSubsystem(PROCESS_INFORMATION pi,DWORD& ImageSubsystem,DWORD& ImageBits/*16/32/64*/) { DWORD nErrCode = 0; DWORD nFlags = TH32CS_SNAPMODULE; ImageBits = 32; //-V112 ImageSubsystem = IMAGE_SUBSYSTEM_WINDOWS_CUI; #ifdef _WIN64 HMODULE hKernel = GetModuleHandle(L"kernel32.dll"); if (hKernel) { typedef BOOL (WINAPI* IsWow64Process_t)(HANDLE, PBOOL); IsWow64Process_t IsWow64Process_f = (IsWow64Process_t)GetProcAddress(hKernel, "IsWow64Process"); if (IsWow64Process_f) { BOOL bWow64 = FALSE; if (IsWow64Process_f(pi.hProcess, &bWow64) && !bWow64) { ImageBits = 64; } else { ImageBits = 32; nFlags = TH32CS_SNAPMODULE32; } } } #endif HANDLE hSnap = CreateToolhelp32Snapshot(nFlags, pi.dwProcessId); if (hSnap == INVALID_HANDLE_VALUE) { nErrCode = GetLastError(); return false; } IMAGE_DOS_HEADER dos; IMAGE_HEADERS hdr; SIZE_T hdrReadSize; MODULEENTRY32 mi = {sizeof(MODULEENTRY32)}; BOOL lbModule = Module32First(hSnap, &mi); CloseHandle(hSnap); if (!lbModule) return false; // Теперь можно считать данные процесса if (!ReadProcessMemory(pi.hProcess, mi.modBaseAddr, &dos, sizeof(dos), &hdrReadSize)) nErrCode = -3; else if (dos.e_magic != IMAGE_DOS_SIGNATURE) nErrCode = -4; // некорректная сигнатура - должно быть 'MZ' else if (!ReadProcessMemory(pi.hProcess, mi.modBaseAddr+dos.e_lfanew, &hdr, sizeof(hdr), &hdrReadSize)) nErrCode = -5; else if (hdr.Signature != IMAGE_NT_SIGNATURE) nErrCode = -6; else if (hdr.OptionalHeader32.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC && hdr.OptionalHeader64.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC) nErrCode = -7; else { nErrCode = 0; switch (hdr.OptionalHeader32.Magic) { case IMAGE_NT_OPTIONAL_HDR32_MAGIC: { _ASSERTE(ImageBits == 32); //-V112 ImageBits = 32; //-V112 ImageSubsystem = hdr.OptionalHeader32.Subsystem; _ASSERTE((ImageSubsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI) || (ImageSubsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI)); } break; case IMAGE_NT_OPTIONAL_HDR64_MAGIC: { _ASSERTE(ImageBits == 64); ImageBits = 64; ImageSubsystem = hdr.OptionalHeader64.Subsystem; _ASSERTE((ImageSubsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI) || (ImageSubsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI)); } break; default: { nErrCode = -8; } } } return (nErrCode == 0); }
RegConfig::RegConfig( #if FAR_UNICODE>=1900 LPCTSTR asModuleName #else LPCTSTR asRootKey, LPCTSTR asModuleName #endif ) { #ifndef FAR_UNICODE size_t nLen = _tcslen(asRootKey); pszPluginKey = (TCHAR*)malloc((nLen+16)*sizeof(TCHAR)); lstrcpy(pszPluginKey, asRootKey); lstrcat(pszPluginKey, _T("\\RegEditor")); #endif sVersionInfo[0] = 0; LoadVersionInfo(asModuleName); mp_Token = NULL; mb_TokenWarnedOnce = FALSE; mn_TokenRef = 0; mb_RestoreAquired = FALSE; mb_SettingsChanged = FALSE; // Значения по умолчанию! bWow64on32_ = 2; // 2-Auto. 1-Отображать 64-битный реестр, 0-32-битный bVirtualize = FALSE; lstrcpy(sCommandPrefix, _T("reg2")); lstrcpy(sRegTitlePrefix, _T("REG2")); lstrcpy(sRegTitleDirty, _T(" (*)")); bAddToDisksMenu = FALSE; cDiskMenuHotkey[0] = 0; cDiskMenuHotkey[1] = 0; bAddToPluginsMenu = TRUE; bBrowseRegFiles = TRUE; bBrowseRegHives = 1; bSkipAccessDeniedMessage = FALSE; // 1-не показывать ошибку, 0-показывать ошибку bUseBackupRestore = TRUE; // пытаться повысить привилегии до BackupRestore при ошибках доступа bSkipPrivilegesDeniedMessage = TRUE; bShowKeysAsDirs = TRUE; bUnsortLargeKeys = TRUE; nLargeKeyCount = 1000; nLargeKeyTimeout = 300; #ifdef _UNICODE bCreateUnicodeFiles = TRUE; #else bCreateUnicodeFiles = FALSE; #endif bEscapeRNonExporting = TRUE; bCheckMacroSequences = bCheckMacrosInVars = FALSE; nAnsiCodePage = 1251; bEditBinaryAsText = TRUE; bRefreshChanges = TRUE; // 0-только по CtrlR, 1-автоматически bLoadDescriptions = TRUE; bExportDefaultValueFirst = FALSE; nRefreshKeyTimeout = 1000; nRefreshSubkeyTimeout = 10000; pszLastRegPath = NULL; nMaxRegPath = 0; bConfirmImport = TRUE; bShowImportResult = TRUE; bRestorePanelMode = FALSE; bSomeValuesMissed = FALSE; bUseInternalBookmarks = TRUE; szBookmarksValueName[0] = 0; cchBookmarksMaxCount = cchBookmarksLen = 0; pszBookmarks = NULL; #ifdef _WIN64 is64bitOs = TRUE; isWow64process = FALSE; #else // Проверяем, где мы запущены isWow64process = FALSE; HMODULE hKernel = GetModuleHandle(_T("kernel32.dll")); if (hKernel) { IsWow64Process_t IsWow64Process_f = (IsWow64Process_t)GetProcAddress(hKernel, "IsWow64Process"); if (IsWow64Process_f) { BOOL bWow64 = FALSE; if (IsWow64Process_f(GetCurrentProcess(), &bWow64) && bWow64) { isWow64process = TRUE; } } } is64bitOs = isWow64process; #endif }