void Backup()
{
HANDLE hSystemToken;
//if (GetSystemToken(&hSystemToken))
{
if (ImpersonateLoggedOnUser(hSystemToken))
{
WINSTATIONUSERTOKEN WinStaUserToken = { 0 };
DWORD ccbInfo = NULL;
WinStationQueryInformationW(SERVERNAME_CURRENT, LOGONID_CURRENT, WinStationUserToken, &WinStaUserToken, sizeof(WINSTATIONUSERTOKEN), &ccbInfo);
HRESULT hr = GetLastError();
STARTUPINFOW StartupInfo = { 0 };
PROCESS_INFORMATION ProcessInfo = { 0 };
StartupInfo.lpDesktop = L"WinSta0\\Default";
wchar_t szCMDLine[] = L"cmd /c start cmd";
if (CreateProcessAsUserW(WinStaUserToken.UserToken, NULL, szCMDLine, NULL, NULL, FALSE, 0, NULL, NULL, &StartupInfo, &ProcessInfo))
{
}
RevertToSelf();
ReturnMessage(L"OK");
}
CloseHandle(hSystemToken);
}
}
int _tmain(int argc, _TCHAR* argv[])
{
if (!(SetCurrentProcessPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME, true)
&& SetCurrentProcessPrivilege(SE_INCREASE_QUOTA_NAME, true)
&& SetCurrentProcessPrivilege(SE_DEBUG_NAME, true)))
{
ReturnMessage(L"进程调试权限获取失败");
return -1;
}
PPEB PEB = NtCurrentTeb()->ProcessEnvironmentBlock;
return 0;
}
int WINAPI wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow)
{
SetProcessDPIAware();
if (!SetCurrentProcessPrivilege(SE_DEBUG_NAME, true))
{
ReturnMessage(L"进程调试权限获取失败");
return -1;
}
GetModuleFileNameW(NULL, szAppPath, 260);
wcsrchr(szAppPath, L'\\')[0] = NULL;
wcscpy_s(szShortCutListPath, 260, szAppPath);
wcscat_s(szShortCutListPath, 260, L"\\ShortCutList.ini");
DialogBoxParamW(hInstance, MAKEINTRESOURCEW(IDD_NSudoDlg), NULL, NSudoDlgCallBack, 0L);
return 0;
}
void MessageRcv::ListenMessage(QTcpSocket *sock, Config *Conf, bool Debug) {
static int state;
static char chr, lastChr;
static int nr;
static qint32 nchar; /* counter for msg buffer (esc's removed) */
static char startCharacter=STX; /* ASCII STX characer */
static char endCharacter=ETX; /* ASCII ETX character */
static char escape=ESC; /* our escape character */
static qint32 inchar; /* counter for raw socket buffer (w/esc) */
QByteArray temp;
// time_t LastBeat; Maybe in the future
emit updatetxtbox(QString("Message Thread Started"));
//NOT WORKING!!
emit LastServerBeat(sock,Conf,Debug); //Beat our Heart Once
state=SEARCHING_FOR_MESSAGE_START; /* we're initializing */
/* Start of New code Section DK 11/20/97 Multi-byte Read
Set inchar to be nr-1, so that when inchar is incremented, they will be
the same and a new read from socket will take place.
Set chr to 0 to indicate a null character, since we haven't read any yet.
Set nchar to 0 to begin building a new MsgBuffer (with escapes removed).
*/
inchar = -1;
nr = 0;
chr = 0;
nchar = 0; /* added 980209:LDD */
/* End of New code Section */
/* Working loop: receive and process messages
********************************************/
/* We are either (0) initializing: searching for message start
(1) expecting a message start: error if not
(2) assembling a message.
The variable "state' determines our mood */
while(1) { /* loop over bytes read from socket */
/* Get next char operation */
if (++inchar == nr) {
temp.clear();
while (temp.size()==0){
/* Read from socket operation */
temp = sock->read(INBUFFERSIZE);
}
nr = temp.size();
inchar=0;
/* End of Read from socket operation */
}
lastChr=chr;
chr=temp[inchar];
/* End of Get next char operation */
/* Initialization */
/******************/
if (state==SEARCHING_FOR_MESSAGE_START) {
/* throw all away until we see a naked start character */
/* Do we have a real start character?
*************************************/
if ( lastChr!=escape && chr==startCharacter) {
state=ASSEMBLING_MESSAGE; /*from now on, assemble message */
continue;
}
}
/* Confirm message start */
/*************************/
if (state==EXPECTING_MESSAGE_START) { /* the next char had better be a start character - naked, that is */
/* Is it a naked start character?
*********************************/
if ( chr==startCharacter && lastChr != escape) { /* This is it: message start!! */
nchar=0; /* start with firsts char position */
state=ASSEMBLING_MESSAGE; /* go into assembly mode */
continue;
}
else{ /* we're eating garbage */
emit updatetxtbox("import_generic: Unexpected character from client. Re-synching");
state=SEARCHING_FOR_MESSAGE_START; /* search for next start sequence */
MsgBuf.clear();
continue;
}
}
/* In the throes of assembling a message */
if (state==ASSEMBLING_MESSAGE) {
/* Is this the end?
*******************/
if (chr==endCharacter){ /* naked end character: end of the message is at hand */
/* We have a complete message */
/*****************************/
MsgBuf[nchar]=0; /* terminate as a string */
if(MsgBuf.contains(Conf->getSendHSQ().toLocal8Bit())){ /* Server's heartbeat */
if(Debug) {
emit updatetxtbox(QString("import_generic: Received heartbeat"));
}
// LastBeattime = time(0); /* note time of heartbeat */
state=EXPECTING_MESSAGE_START; /* reset for next message */
//THIS IS STILL NOT WORKING
emit echo_Heartbeat(sock, Conf, Debug);
}
else {
/* got a non-heartbeat message */
if(Debug) {
emit updatetxtbox(QString("import_generic: Received non-heartbeat"));
}
//LastBeat = time(0); /* note time of heartbeat */
/* This is not a genuine heartbeat, but our major concern is that the
* export module on the other end is still alive, and any message that
* we receive should indicate life on the other side(in a non occult
* kind of way).
* */
emit ReturnMessage(MsgBuf.mid(9)); /* process the message via user-routine */
}
state=EXPECTING_MESSAGE_START;
MsgBuf.clear();
continue;
}
else {
/* process the message byte we just read: we know it's not a naked end character*/
/********************************************************************************/
/* Escape sequence? */
if (chr==escape) {
/* process the escape sequence */
/* Read from buffer
* *******************/
/* Get next char operation */
if (++inchar == nr) {
/* Read from socket operation */
temp.clear();
while (temp.size()==0){
/* Read from socket operation */
temp = sock->read(INBUFFERSIZE);
}
nr = temp.size();
inchar=0;
/* End of Read from socket operation */
}
lastChr=chr;
chr=temp[inchar];
/* End of Get next char operation */
if( chr != startCharacter && chr != endCharacter && chr != escape) {
/* bad news: unknown escape sequence */
emit updatetxtbox(QString("import_generic: Unknown escape sequence in message. Re-synching"));
state=SEARCHING_FOR_MESSAGE_START; /* search for next start sequence */
MsgBuf.clear();
continue;
}
else { /* it's ok: it's a legit escape sequence, and we save the escaped byte */
MsgBuf.append(chr); if(nchar>2100) goto freak; /*save character */
continue;
}
}
/* Naked start character? */
if (chr==startCharacter) {
/* bad news: unescaped start character */
emit updatetxtbox(QString("import_generic: Unescaped start character in message. Re-synching"));
state=SEARCHING_FOR_MESSAGE_START; /* search for next start sequence */
MsgBuf.clear();
continue;
}
/* So it's not a naked start, escape, or a naked end: Hey, it's just a normal byte */
MsgBuf.append(chr); if(nchar>2100) goto freak; /*save character */
continue;
freak: { /* freakout: message won't fit */
emit updatetxtbox(QString("import_generic: receive buffer overflow"));
state=SEARCHING_FOR_MESSAGE_START; /* initialize again */
MsgBuf.clear();
nchar=0;
continue;
}
} /* end of not-an-endCharacter processing */
} /* end of state==ASSEMBLING_MESSAGE processing */
} /* end of loop over characters */
}
INT_PTR CALLBACK NSudoDlgCallBack(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
HWND hUserName = GetDlgItem(hDlg, IDC_UserName);
HWND hTokenPrivilege = GetDlgItem(hDlg, IDC_TokenPrivilege);
HWND hMandatoryLabel = GetDlgItem(hDlg, IDC_MandatoryLabel);
HWND hszPath = GetDlgItem(hDlg, IDC_szPath);
wchar_t szCMDLine[260], szUser[260], szPrivilege[260], szMandatory[260], szBuffer[260];
switch (message)
{
case WM_INITDIALOG:
// Show NSudo Logo
SendMessageW(
GetDlgItem(hDlg, IDC_NSudoLogo),
STM_SETIMAGE,
IMAGE_ICON,
LPARAM(LoadImageW(GetModuleHandleW(NULL), MAKEINTRESOURCE(IDI_NSUDO), IMAGE_ICON, 0, 0, LR_COPYFROMRESOURCE)));
//Show Warning Icon
SendMessageW(
GetDlgItem(hDlg, IDC_Icon),
STM_SETIMAGE,
IMAGE_ICON,
LPARAM(LoadIconW(NULL, IDI_WARNING)));
SendMessageW(hUserName, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_TI);
SendMessageW(hUserName, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_Sys);
SendMessageW(hUserName, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_CP);
SendMessageW(hUserName, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_CU);
SendMessageW(hUserName, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_CPD);
SendMessageW(hUserName, CB_SETCURSEL, 4, 0); //设置默认项"TrustedInstaller"
SendMessageW(hTokenPrivilege, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_Default);
SendMessageW(hTokenPrivilege, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_EnableAll);
SendMessageW(hTokenPrivilege, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_DisableAll);
SendMessageW(hTokenPrivilege, CB_SETCURSEL, 2, 0); //设置默认项"默认"
SendMessageW(hMandatoryLabel, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_Low);
SendMessageW(hMandatoryLabel, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_Medium);
SendMessageW(hMandatoryLabel, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_High);
SendMessageW(hMandatoryLabel, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_System);
SendMessageW(hMandatoryLabel, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_Default);
SendMessageW(hMandatoryLabel, CB_SETCURSEL, 0, 0); //设置默认项"默认"
{
wchar_t szItem[260], szBuffer[32768];
DWORD dwLength = GetPrivateProfileSectionNamesW(szBuffer, 32768, szShortCutListPath);
for (DWORD i = 0, j = 0; i < dwLength; i++,j++)
{
if (szBuffer[i] != NULL)
{
szItem[j] = szBuffer[i];
}
else
{
szItem[j] = NULL;
SendMessageW(hszPath, CB_INSERTSTRING, 0, (LPARAM)szItem);
j=-1;
}
}
}
return (INT_PTR)TRUE;
case WM_COMMAND:
switch (LOWORD(wParam))
{
case IDC_Run:
GetDlgItemTextW(hDlg, IDC_UserName, szUser, sizeof(szUser));
GetDlgItemTextW(hDlg, IDC_TokenPrivilege, szPrivilege, sizeof(szPrivilege));
GetDlgItemTextW(hDlg, IDC_MandatoryLabel, szMandatory, sizeof(szMandatory));
GetDlgItemTextW(hDlg, IDC_szPath, szCMDLine, sizeof(szCMDLine));
NSudo_Run(hDlg,szUser, szPrivilege, szMandatory, szCMDLine);
break;
case IDC_About:
ReturnMessage(
L"NSudo 3.1 Debug (Build 950)\n"
L"\xA9 2015 NSudo Team. All rights reserved.\n\n"
L"捐赠支付宝账号: [email protected]\n\n"
L"感谢cjy__05,mhxkx,NotePad,tangmigoId,wondersnefu,xy137425740,月光光的大力支持(按照英文字母或拼音首字母排序)\n\n");
break;
case IDC_Browse:
wcscpy_s(szBuffer, 260, L"");
NSudoBrowseDialog(hDlg, szBuffer);
SetDlgItemTextW(hDlg, IDC_szPath, szBuffer);
break;
}
break;
case WM_SYSCOMMAND:
switch (LOWORD(wParam))
{
case SC_CLOSE:
PostQuitMessage(0);
break;
}
break;
}
return 0;
}
