BOOL Utility::IsOS64Bit()
{
BOOL b64Bit = FALSE;
#ifdef _WIN64
// 64-bit applications always run under 64-bit Windows
return TRUE;
#endif
// Check for 32-bit applications
typedef BOOL (WINAPI *PFNISWOW64PROCESS)(HANDLE, PBOOL);
HMODULE hKernel32 = LoadLibrary(_T("kernel32.dll"));
if(hKernel32!=NULL)
{
PFNISWOW64PROCESS pfnIsWow64Process =
(PFNISWOW64PROCESS)GetProcAddress(hKernel32, "IsWow64Process");
if(pfnIsWow64Process==NULL)
{
// If there is no IsWow64Process() API, than Windows is 32-bit for sure
FreeLibrary(hKernel32);
return FALSE;
}
pfnIsWow64Process(GetCurrentProcess(), &b64Bit);
FreeLibrary(hKernel32);
}
return b64Bit;
}
BOOL CBkSafeExamCaller::IsWin64()
{
BOOL bRet = FALSE;
static HMODULE hKernel32 = NULL;
if( !hKernel32 )
hKernel32 = ::LoadLibrary(TEXT("Kernel32.DLL"));
if( !hKernel32 )
return FALSE;
typedef BOOL (WINAPI *FunctionIsWow64Process)(HANDLE hProcess, PBOOL Wow64Process);
FunctionIsWow64Process pfnIsWow64Process = NULL;
pfnIsWow64Process = (FunctionIsWow64Process)GetProcAddress(hKernel32, "IsWow64Process");
if (NULL == pfnIsWow64Process)
return FALSE;
HANDLE hCurrentProcess = GetCurrentProcess();
pfnIsWow64Process(hCurrentProcess, &bRet);
return bRet;
}
bool wxIsPlatform64Bit()
{
#if defined(_WIN64)
return true; // 64-bit programs run only on Win64
#else // Win32
// 32-bit programs run on both 32-bit and 64-bit Windows so check
typedef BOOL (WINAPI *IsWow64Process_t)(HANDLE, BOOL *);
wxDynamicLibrary dllKernel32(_T("kernel32.dll"));
IsWow64Process_t pfnIsWow64Process =
(IsWow64Process_t)dllKernel32.RawGetSymbol(_T("IsWow64Process"));
BOOL wow64 = FALSE;
if ( pfnIsWow64Process )
{
pfnIsWow64Process(::GetCurrentProcess(), &wow64);
}
//else: running under a system without Win64 support
return wow64 != FALSE;
#endif // Win64/Win32
}
int
main(int argc, char *argv[])
{
if (argc < 3) {
fprintf(stderr,
"usage:\n"
" inject <dllname.dll> <command> [args] ...\n"
" inject <dllname.dll> <process-id>\n"
" inject <dllname.dll> !<process-name>\n"
);
return 1;
}
BOOL bAttach = FALSE;
DWORD dwProcessId = ~0;
if (isNumber(argv[2])) {
dwProcessId = atol(argv[2]);
bAttach = TRUE;
} else if (argv[2][0] == '!') {
const char *szProcessName = &argv[2][1];
if (!getProcessIdByName(szProcessName, &dwProcessId)) {
fprintf(stderr, "error: failed to find process %s\n", szProcessName);
return 1;
}
bAttach = TRUE;
fprintf(stderr, "dwProcessId = %lu\n", dwProcessId);
}
HANDLE hSemaphore = NULL;
const char *szDll = argv[1];
if (!USE_SHARED_MEM) {
SetEnvironmentVariableA("INJECT_DLL", szDll);
} else {
hSemaphore = CreateSemaphore(NULL, 1, 1, "inject_semaphore");
if (hSemaphore == NULL) {
fprintf(stderr, "error: failed to create semaphore\n");
return 1;
}
DWORD dwWait = WaitForSingleObject(hSemaphore, 0);
if (dwWait == WAIT_TIMEOUT) {
fprintf(stderr, "info: waiting for another inject instance to finish\n");
dwWait = WaitForSingleObject(hSemaphore, INFINITE);
}
if (dwWait != WAIT_OBJECT_0) {
fprintf(stderr, "error: failed to enter semaphore gate\n");
return 1;
}
SetSharedMem(szDll);
}
BOOL bAttachDwm = FALSE;
PROCESS_INFORMATION processInfo;
HANDLE hProcess;
if (bAttach) {
BOOL bRet;
HANDLE hToken = NULL;
bRet = OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken);
if (!bRet) {
fprintf(stderr, "error: OpenProcessToken returned %u\n", (unsigned)bRet);
return 1;
}
LUID Luid;
bRet = LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &Luid);
if (!bRet) {
fprintf(stderr, "error: LookupPrivilegeValue returned %u\n", (unsigned)bRet);
return 1;
}
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = Luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
bRet = AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof tp, NULL, NULL);
if (!bRet) {
fprintf(stderr, "error: AdjustTokenPrivileges returned %u\n", (unsigned)bRet);
return 1;
}
DWORD dwDesiredAccess =
PROCESS_CREATE_THREAD |
PROCESS_QUERY_INFORMATION |
PROCESS_QUERY_LIMITED_INFORMATION |
PROCESS_VM_OPERATION |
PROCESS_VM_WRITE |
PROCESS_VM_READ |
PROCESS_TERMINATE;
hProcess = OpenProcess(
dwDesiredAccess,
FALSE /* bInheritHandle */,
dwProcessId);
if (!hProcess) {
logLastError("failed to open process");
return 1;
}
char szProcess[MAX_PATH];
DWORD dwRet = GetModuleFileNameEx(hProcess, 0, szProcess, sizeof szProcess);
assert(dwRet);
if (dwRet &&
stricmp(getBaseName(szProcess), "dwm.exe") == 0) {
bAttachDwm = TRUE;
}
} else {
std::string commandLine;
char sep = 0;
for (int i = 2; i < argc; ++i) {
const char *arg = argv[i];
if (sep) {
commandLine.push_back(sep);
}
if (needsQuote(arg)) {
quoteArg(commandLine, arg);
} else {
commandLine.append(arg);
}
sep = ' ';
}
STARTUPINFO startupInfo;
memset(&startupInfo, 0, sizeof startupInfo);
startupInfo.cb = sizeof startupInfo;
// Create the process in suspended state
if (!CreateProcessA(
NULL,
const_cast<char *>(commandLine.c_str()), // only modified by CreateProcessW
0, // process attributes
0, // thread attributes
TRUE, // inherit handles
CREATE_SUSPENDED,
NULL, // environment
NULL, // current directory
&startupInfo,
&processInfo)) {
DWORD dwLastError = GetLastError();
fprintf(stderr, "error: failed to execute %s (%lu)\n",
commandLine.c_str(), dwLastError);
if (dwLastError == ERROR_ELEVATION_REQUIRED) {
fprintf(stderr, "error: target program requires elevated priviledges and must be started from an Administrator Command Prompt, or UAC must be disabled\n");
}
return 1;
}
hProcess = processInfo.hProcess;
}
/*
* XXX: Mixed architecture don't quite work. See also
* http://www.corsix.org/content/dll-injection-and-wow64
*/
{
typedef BOOL (WINAPI *PFNISWOW64PROCESS)(HANDLE, PBOOL);
PFNISWOW64PROCESS pfnIsWow64Process;
pfnIsWow64Process = (PFNISWOW64PROCESS)
GetProcAddress(GetModuleHandleA("kernel32"), "IsWow64Process");
if (pfnIsWow64Process) {
BOOL isParentWow64 = FALSE;
BOOL isChildWow64 = FALSE;
if (pfnIsWow64Process(GetCurrentProcess(), &isParentWow64) &&
pfnIsWow64Process(hProcess, &isChildWow64) &&
isParentWow64 != isChildWow64) {
fprintf(stderr, "error: binaries mismatch: you need to use the "
#ifdef _WIN64
"32-bits"
#else
"64-bits"
#endif
" apitrace binaries to trace this application\n");
TerminateProcess(hProcess, 1);
return 1;
}
}
}
if (bAttachDwm && IsWindows8OrGreater()) {
// Switch to Microsoft Basic Display Driver before injecting, so that
// we don't trace with it.
devconDisable(DEVCON_CLASS_DISPLAY);
Sleep(1000);
}
const char *szDllName;
szDllName = "injectee.dll";
char szDllPath[MAX_PATH];
GetModuleFileNameA(NULL, szDllPath, sizeof szDllPath);
getDirName(szDllPath);
strncat(szDllPath, szDllName, sizeof szDllPath - strlen(szDllPath) - 1);
#if 1
if (!injectDll(hProcess, szDllPath)) {
TerminateProcess(hProcess, 1);
return 1;
}
#endif
DWORD exitCode;
if (bAttach) {
if (bAttachDwm) {
restartDwmComposition(hProcess);
}
exitCode = 0;
} else {
// Start main process thread
ResumeThread(processInfo.hThread);
// Wait for it to finish
WaitForSingleObject(hProcess, INFINITE);
if (pSharedMem && !pSharedMem->bReplaced) {
fprintf(stderr, "warning: %s was never used: application probably does not use this API\n", szDll);
}
exitCode = ~0;
GetExitCodeProcess(hProcess, &exitCode);
CloseHandle(processInfo.hThread);
}
CloseHandle(hProcess);
if (hSemaphore) {
ReleaseSemaphore(hSemaphore, 1, NULL);
CloseHandle(hSemaphore);
}
return (int)exitCode;
}
