int workerMain(int argc, char* argv[]) {
if (!osquery::compareArguments(argv,
argc,
osquery::kExpectedWorkerArgs,
osquery::kExpectedWorkerArgsCount)) {
return ERROR_COMPARE_ARGUMENT;
}
auto process = osquery::PlatformProcess::getLauncherProcess();
if (process == nullptr) {
return ERROR_LAUNCHER_PROCESS;
}
#ifdef WIN32
CHAR buffer[1024] = {0};
DWORD size = 1024;
if (!QueryFullProcessImageNameA(process->nativeHandle(), 0, buffer, &size)) {
return ERROR_QUERY_PROCESS_IMAGE;
}
PathStripPathA(buffer);
if (strlen(buffer) != strlen(osquery::kOsqueryTestModuleName)) {
return ERROR_IMAGE_NAME_LENGTH;
}
if (strncmp(buffer, osquery::kOsqueryTestModuleName, strlen(buffer)) != 0) {
return ERROR_LAUNCHER_MISMATCH;
}
#else
if (process->nativeHandle() != getppid()) {
return ERROR_LAUNCHER_MISMATCH;
}
#endif
return WORKER_SUCCESS_CODE;
}
/*************************************************************************
* PathStripPath [SHELL32.38]
*/
void WINAPI PathStripPathAW(LPVOID lpszPath)
{
if (SHELL_OsIsUnicode())
PathStripPathW(lpszPath);
else
PathStripPathA(lpszPath);
}
std::string PathRemoveFolder(const std::string& path)
{
char* strBuf = new char[path.size() + 1];
memcpy(strBuf, path.c_str(), path.size());
strBuf[path.size()] = 0;
PathStripPathA(strBuf);
std::string retPath(strBuf);
delete [] strBuf;
return retPath;
}
HRESULT HDMediaSource::GetService(REFGUID guidService,REFIID riid,LPVOID *ppvObject)
{
if (ppvObject == nullptr)
return E_POINTER;
if (guidService == MF_RATE_CONTROL_SERVICE) { //针对Store应用必须提供IMFRateControl接口
return QueryInterface(riid,ppvObject);
}else if (guidService == MF_METADATA_PROVIDER_SERVICE) {
#if !(WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP))
return QueryInterface(riid,ppvObject);
#else
CHAR szBuffer[MAX_PATH] = {};
GetModuleFileNameA(nullptr,szBuffer,ARRAYSIZE(szBuffer));
PathStripPathA(szBuffer);
if (GetModuleHandleA("wmp.dll"))
{
if (_pMetadata)
{
ComPtr<IMFMetadata> pMetadata;
if (SUCCEEDED(GetMFMetadata(_pPresentationDescriptor.Get(),0,0,pMetadata.GetAddressOf())))
return QueryInterface(riid,ppvObject);
}
}else{
return QueryInterface(riid,ppvObject);
}
#endif
}else if (guidService == MFNETSOURCE_STATISTICS_SERVICE) {
if (_network_mode)
return QueryInterface(riid,ppvObject);
}else if (guidService == MF_SCRUBBING_SERVICE) {
if (FAILED(MakeKeyFramesIndex()))
return MF_E_UNSUPPORTED_SERVICE;
return QueryInterface(riid,ppvObject);
}
return MF_E_UNSUPPORTED_SERVICE;
}
VOID OutputDebugStringPlus( DWORD rixError, LPSTR pcFile, INT rdLine, LPSTR pcFunc, LPTSTR ptFormat, ... )
{
va_list argp;
TCHAR atBuf[MAX_PATH], atOut[MAX_PATH], atFiFu[MAX_PATH], atErrMsg[MAX_PATH];
CHAR acFile[MAX_PATH], acFiFu[MAX_PATH];
UINT length;
StringCchCopyA( acFile, MAX_PATH, pcFile );
PathStripPathA( acFile );
StringCchPrintfA( acFiFu, MAX_PATH, ("%s %d %s"), acFile, rdLine, pcFunc );
length = (UINT)strlen( acFiFu );
ZeroMemory( atFiFu, sizeof(atFiFu) );
MultiByteToWideChar( CP_ACP, MB_PRECOMPOSED, acFiFu, length, atFiFu, MAX_PATH );
// コードページ,文字の種類を指定するフラグ,マップ元文字列のアドレス,マップ元文字列のバイト数,
// マップ先ワイド文字列を入れるバッファのアドレス,バッファのサイズ
va_start(argp, ptFormat);
StringCchVPrintf( atBuf, MAX_PATH, ptFormat, argp );
va_end( argp );
StringCchPrintf( atOut, MAX_PATH, TEXT("%s @ %s\r\n"), atBuf, atFiFu );//
OutputDebugString( atOut );
if( rixError )
{
FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, rixError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), atErrMsg, MAX_PATH, NULL );
// メッセージには改行が含まれているようだ
StringCchPrintf( atBuf, MAX_PATH, TEXT("[%d]%s"), rixError, atErrMsg );//
OutputDebugString( atBuf );
SetLastError( 0 );
}
}
HOOKSDLL_API BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID lpReserved) {
if (fdwReason == DLL_PROCESS_ATTACH /*|| fdwReason == DLL_THREAD_ATTACH*/) // When initializing....
{
// __asm__("int $3");
// We don't need thread notifications for what we're doing. Thus, get
// rid of them, thereby eliminating some of the overhead of this DLL
DisableThreadLibraryCalls(hModule);
HMODULE hProc = GetModuleHandle(NULL);
GetModuleFileNameA(hProc, executableName, sizeof (executableName));
PathStripPathA(executableName);
WCHAR *wstrEventSource = getEventSourceName(executableName);
gLog->initLog(wstrEventSource, PRISMATIK_LOG_SEVERITY_INFO);
gLog->reportLogInfo(L"Library initialization...");
free(wstrEventSource);
// void *zctx = zmq_ctx_new();
// void *req_socket = zmq_socket(zctx, ZMQ_REQ);
// zmq_connect(req_socket, "");
if (!gIpcContext)
gIpcContext = new IPCContext(gLog);
if (gIpcContext->init()) {
if (NULL == (g_syncRunMutex = CreateMutex(NULL, false, NULL))) {
}
gLog->setLogLevel(gIpcContext->m_memDesc.logLevel);
if (!d3d9FrameGrabber) {
d3d9FrameGrabber = D3D9FrameGrabber::getInstance(g_syncRunMutex);
d3d9FrameGrabber->setIPCContext(gIpcContext);
}
if (d3d9FrameGrabber->isGAPILoaded()) {
if (!d3d9FrameGrabber->init() || !d3d9FrameGrabber->installHooks()) {
DWORD errorcode = GetLastError();
gLog->reportLogError(L"error occured while hijacking d3d9 0x%x", errorcode);
} else {
gLog->reportLogInfo(L"d3d9 hook has been installed successfully");
}
}
if(!dxgiFrameGrabber) {
dxgiFrameGrabber = DxgiFrameGrabber::getInstance();
dxgiFrameGrabber->setIPCContext(gIpcContext);
}
if(dxgiFrameGrabber->isGAPILoaded()) {
if (!dxgiFrameGrabber->init() || !dxgiFrameGrabber->installHooks()) {
DWORD errorcode = GetLastError();
gLog->reportLogError(L"error occured while hijacking dxgi 0x%x", errorcode);
} else {
gLog->reportLogInfo(L"dxgi hook has been installed successfully");
}
}
}
} else if (fdwReason == DLL_PROCESS_DETACH) {
if (gLog != NULL) {
gLog->reportLogInfo(L"detaching dll...");
if (WAIT_OBJECT_0 == WaitForSingleObject(g_syncRunMutex, INFINITE)) {
if (d3d9FrameGrabber->isHooksInstalled()) {
gLog->reportLogInfo(L"removing d3d9hooks");
d3d9FrameGrabber->removeHooks();
}
if (dxgiFrameGrabber->isHooksInstalled()) {
gLog->reportLogInfo(L"removing dxgihooks");
dxgiFrameGrabber->removeHooks();
}
gLog->reportLogInfo(L"clearing shared memory");
writeBlankFrame(gIpcContext->m_pMemMap);
gLog->reportLogInfo(L"clearing IPC context");
if (gIpcContext) delete gIpcContext;
gLog->reportLogInfo(L"releasing syncRunMutex");
ReleaseMutex(g_syncRunMutex);
} else {
gLog->reportLogError(L"couldn't lock syncRunMutex");
}
gLog->reportLogInfo(L"close syncRunMutex");
CloseHandle(g_syncRunMutex);
gLog->reportLogInfo(L"close log");
gLog->closeLog();
gLog = NULL;
}
}
return TRUE;
}