GETKBLAYOUT_DLL_API BOOL Initialize(int debug) { /* TODO: Check that OS version == win7 */ if ( GetConhostInit() ) { OutputDebugString(TEXT("Can't get pointers to necessary routines from ntdll.dll\n" )); Init = FALSE; return Init; } if ( debug ) { EnableSeDebug(); } Init = TRUE; OutputDebugString(TEXT("Init getconkbl.dll: OK\n")); return Init; }
int _tmain(int argc, _TCHAR* argv[]) { DWORD console_pid; NTSTATUS status; if (argc != 2 || (console_pid = _wtoi(argv[1])) == 0) { printhelp(); return 0; } if ( GetConhostInit() ) { printf ( "Can't get pointers to necessary routines from ntdll.dll\n" ); return 1; } // Is not necessary to have SeDebugPrivilege to open process owned by the same user. // Normally lack of SeDebugPrivilege is not a problem. For intended use in ahk even if ahk itself is run // as administrator from nonadmin user account it will still be able to access processes // of this user account (but not processes run from admin account itself). // On the other hand on system with default settings it is impossible to get SeDebugPrivilege anyway, even for admin. status = EnableSeDebug(); if ( status != STATUS_SUCCESS ) { printf("Can't adjust privileges, code %X\n", status); } int conhost_count; DWORD *conhost = FindConhost(&conhost_count); if (conhost == NULL) { printf("Can't enum conhost processes\n"); return 1; } if (conhost_count == 0) { printf("Can't find any conhost processes\n"); return 1; } DWORD conhost_pid = GetRelevantPID(conhost, conhost_count, console_pid); free(conhost); if (conhost_pid == 0) { printf("Can't find related conhost process\n"); return 0; } DWORD *threads = GetThreads(conhost_pid); if (threads == NULL) { printf("Error enumerating threads for conhost\n"); return 0; } int i = 0; while (threads[i] != NULL) { // it seems that second thread is relevant for GetKeyboardLayout(). // second thread might be with lower TID, but it's always second in enumeration printf("TID:%04X KeyboardLayout:%04X\n", threads[i], GetKeyboardLayout(threads[i])); ++i; } free(threads); // wait scanf("%d", &i); return 0; }
int main(int argc, char* argv[] ) { uint pid=0; char* dll= 0; int rv = 0; bool handled = false; if(argc < 2) usage(); if( argv[1][0] == '-') argv[1][0] = '/'; //standardize EnableSeDebug(); //HANDLE hWatchDog = startWatchDog(); //still getting hangs once in a while..monitor external :-\ setvbuf(stdout, NULL, _IONBF, 0); //autoflush - allows external apps to read cmdline output in realtime.. // /inject decimal_pid dll_path if(strstr(argv[1],"/inject") > 0 ){ if(argc!=4) usage(3); pid = atoi( argv[2] ); dll = strdup(argv[3]); if(!FileExists(dll)){ printf("Error: dll file not found: %s\n\n",dll); usage(); } rv = inject(dll,pid); handled = true; } // /loadlib path if(strstr(argv[1],"/loadlib") > 0 ){ if(argc!=3) usage(2); dll = strdup(argv[2]); if(!FileExists(dll)){ printf("Error: dll file not found: %s\n\n",dll); usage(); } printf("loadlib=%x\npress any key to continue...", LoadLibrary(dll)); getch(); handled = true; } // /dlls decimal_pid if(strstr(argv[1],"/dlls") > 0 ){ if(argc!=3) usage(2); pid = atoi( argv[2] ); rv = PrintModules(pid); handled = true; } // /dumpprocess decimal_pid out_file_path if(strstr(argv[1],"/dumpproc") > 0 ){ if(argc!=4) usage(3); pid = atoi( argv[2] ); char* dumpFile = strdup(argv[3]); if(FileExists(dumpFile)){ printf("Error: dump file already exists aborting: %s\n\n", dumpFile); } else{ rv = DumpProcess(pid,dumpFile); } handled = true; } // /dump decimal_pid, hex_string_base, hex_string_size out_file_path if(!handled && strstr(argv[1],"/dumpmod") > 0 ){ if(argc!=6) usage(5); pid = atoi( argv[2] ); __int64 base = _strtoi64(argv[3], NULL, 16); __int64 sz = _strtoi64(argv[4], NULL, 16); char* dumpFile = strdup(argv[5]); if(FileExists(dumpFile)){ printf("Error: dump file already exists aborting: %s\n\n", dumpFile); } else{ rv = dump(pid,base,sz,dumpFile); } handled = true; } // /startwdll exe_path dll_path if(strstr(argv[1],"/startwdll") > 0 ){ if(argc!=4) usage(3); char* exe = strdup(argv[2]); dll = strdup(argv[3]); if(!FileExists(dll)){ printf("Error: dll file not found: %s\n\n",dll); usage(); } rv = startwdll(dll,exe); handled = true; } // /memmap decimal_pid out_path if(strstr(argv[1],"/memmap") > 0 ){ if(argc!=4) usage(3); pid = atoi( argv[2] ); dll = strdup(argv[3]); if(FileExists(dll)){ printf("Error: out file already exists: %s\n\n",dll); usage(); } rv = memMap(pid,dll); handled = true; } if(handled==false){ printf("Error: Unknown option %s\n\n", argv[1]); usage(); } //TerminateThread(hWatchDog,0); //CloseHandle(hWatchDog); if( IsDebuggerPresent() ){ printf("press any key to exit..."); getch(); } return rv; }