NTSTATUS kuhl_m_standard_version(int argc, wchar_t * argv[]) { BOOL isWow64; #ifdef _M_X64 isWow64 = TRUE; #else if(IsWow64Process(GetCurrentProcess(), &isWow64)) #endif { kprintf( L"\n" MIMIKATZ L" " MIMIKATZ_VERSION L" (arch " MIMIKATZ_ARCH L")\n" L"NT - Windows NT %u.%u build %u (arch x%s)\n", MIMIKATZ_NT_MAJOR_VERSION, MIMIKATZ_NT_MINOR_VERSION, MIMIKATZ_NT_BUILD_NUMBER, isWow64 ? L"64" : L"86" ); } return STATUS_SUCCESS; }
/****************************************************************** * DllMain */ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { switch (fdwReason) { case DLL_PROCESS_ATTACH: msi_hInstance = hinstDLL; DisableThreadLibraryCalls(hinstDLL); IsWow64Process( GetCurrentProcess(), &is_wow64 ); break; case DLL_PROCESS_DETACH: msi_dialog_unregister_class(); msi_free_handle_table(); msi_free( gszLogFile ); break; } return TRUE; }
// convert process name to id DWORD name2pid (char name[], int cpu_mode) { HANDLE hSnap, hProc; PROCESSENTRY32 pe32; DWORD dwId=0; BOOL bWow64; // get snapshot of all process running hSnap = CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, 0); if (hSnap != INVALID_HANDLE_VALUE) { pe32.dwSize = sizeof (PROCESSENTRY32); if (Process32First (hSnap, &pe32)) { do { // is this what we're looking for? if (!lstrcmpi (pe32.szExeFile, name)) { if (cpu_mode!=0) { hProc=OpenProcess (PROCESS_QUERY_INFORMATION, FALSE, pe32.th32ProcessID); if (hProc!=NULL) { bWow64=FALSE; IsWow64Process (hProc, &bWow64); CloseHandle (hProc); // if wow64 and excluding 32, continue if (bWow64 && cpu_mode==32) continue; // if wow64 and excluding 64, save it if (bWow64 && cpu_mode==64) continue; dwId = pe32.th32ProcessID; break; } } else { dwId = pe32.th32ProcessID; break; } } } while (Process32Next (hSnap, &pe32)); } CloseHandle (hSnap); } return dwId; }
std::string get_sysinfo() { #ifdef _WIN32 std::ostringstream oss; LPSTR filePath = new char[MAX_PATH]; UINT blockSize; VS_FIXEDFILEINFO *fixedFileInfo; GetSystemDirectoryA(filePath, MAX_PATH); PathAppendA(filePath, "kernel32.dll"); DWORD dwVersionSize = GetFileVersionInfoSizeA(filePath, NULL); LPBYTE lpVersionInfo = new BYTE[dwVersionSize]; GetFileVersionInfoA(filePath, 0, dwVersionSize, lpVersionInfo); VerQueryValueA(lpVersionInfo, "\\", (LPVOID *)&fixedFileInfo, &blockSize); oss << "Windows/" << HIWORD(fixedFileInfo->dwProductVersionMS) << '.' // Major << LOWORD(fixedFileInfo->dwProductVersionMS) << '.' // Minor << HIWORD(fixedFileInfo->dwProductVersionLS) << ' '; // Build #ifdef _WIN64 oss << "x86_64"; #else BOOL is64 = FALSE; if (IsWow64Process(GetCurrentProcess(), &is64) && is64) oss << "x86_64"; // 32-bit app on 64-bit OS else oss << "x86"; #endif delete[] lpVersionInfo; delete[] filePath; return oss.str(); #else struct utsname osinfo; uname(&osinfo); return std::string(osinfo.sysname) + "/" + osinfo.release + " " + osinfo.machine; #endif }
void LoadDrivers() { if (!gCAProfAPISharedMapFile) { InitializeProfAPISharedObj(); } if (!gPwrProfSharedMapFile) { InitializePwrProfSharedObj(); } if (!gDriverHandlePcore) { wchar_t drivername[nBufferSize + 1]; wchar_t systemDir[MAX_PATH]; systemDir[0] = '\0'; GetSystemDirectory(systemDir, MAX_PATH); PVOID oldValue = nullptr; BOOL isSys64; IsWow64Process(GetCurrentProcess(), &isSys64); if (isSys64) { isSys64 = Wow64DisableWow64FsRedirection(&oldValue); } swprintf(drivername, nBufferSize, L"%s%s", systemDir, L"\\drivers\\PCORE"); OpenAmdDriver((LPCTSTR)drivername, &gDriverHandlePcore); swprintf(drivername, nBufferSize, L"%s%s", systemDir, L"\\drivers\\CpuProf"); OpenAmdDriver((LPCTSTR)drivername, &gDriverHandleCAProf); // Install the Power Profiler driver only on AMD supported platforms swprintf(drivername, nBufferSize, L"%s%s", systemDir, L"\\drivers\\AMDTPwrProf"); OpenAmdDriver((LPCTSTR)drivername, &gDriverHandlePwrProf); if (isSys64) { Wow64RevertWow64FsRedirection(oldValue); } } }
int main(int argc, char *argv[]) { #ifndef __WIN64__ if (library_loader loader = {L"kernel32.dll"}) if (auto IsWow64Process = loader.symbol< BOOL WINAPI (HANDLE, BOOL*) >("IsWow64Process")) { BOOL runningOn64 = false; if (IsWow64Process(GetCurrentProcess(), &runningOn64) && runningOn64) { MessageBox(0, L"The 32-bit version of kiosh will not work on a 64-bit OS. Please use the 64-bit version instead.", L"kiosh", MB_ICONERROR); return EXIT_FAILURE; } } #endif if (argc < 2) { MessageBox(0, L"Usage: kiosh <command to run>", L"kiosh", MB_ICONERROR); return EXIT_FAILURE; } runInstallUninstallStubs(); event(os_version().major() >= 6 ? L"ShellDesktopSwitchEvent" : L"msgina: ShellReadyEvent").set(); // FIXME: As Windows lacks anything that even remotely resembles sane quote handling wrt command line arguments, // we don't pretend to really get it right. We just remove what looks like being the first word (i.e. argv[0]) // and pass the rest untouched. std::wstring cmd = {GetCommandLine()}; if (cmd.empty()) { MessageBox(0, L"Internal error", L"kiosh", MB_ICONERROR); return EXIT_FAILURE; } std::size_t p = cmd.find(cmd[0] == L'"' ? L'"' : L' ', 1); if (p == cmd.npos) { MessageBox(0, L"Invalid command line", L"kiosh", MB_ICONERROR); return EXIT_FAILURE; } cmd.erase(0, p + 1); // FIXME: Get this ugliness out of the main application code STARTUPINFO si = {cb: sizeof(si)}; PROCESS_INFORMATION pi; CreateProcess(0, const_cast< wchar_t* >(cmd.c_str()), 0, 0, FALSE, 0, 0, 0, &si, &pi); return EXIT_SUCCESS; }
// // system warnings // void logCommonStartupWarnings() { // each message adds a leading and a trailing newline bool warned = false; { const char * foo = strchr(versionString , '.') + 1; int bar = atoi(foo); if ((2 * (bar / 2)) != bar) { log() << startupWarningsLog; log() << "** NOTE: This is a development version (" << versionString << ") of MongoDB." << startupWarningsLog; log() << "** Not recommended for production." << startupWarningsLog; warned = true; } } #if defined(_WIN32) && !defined(_WIN64) // Warn user that they are running a 32-bit app on 64-bit Windows BOOL wow64Process; BOOL retWow64 = IsWow64Process(GetCurrentProcess(), &wow64Process); if (retWow64 && wow64Process) { log() << "** NOTE: This is a 32-bit MongoDB binary running on a 64-bit operating" << startupWarningsLog; log() << "** system. Switch to a 64-bit build of MongoDB to" << startupWarningsLog; log() << "** support larger databases." << startupWarningsLog; warned = true; } #endif #if !defined(_WIN32) if (getuid() == 0) { log() << "** WARNING: You are running this process as the root user, " << "which is not recommended." << startupWarningsLog; warned = true; } #endif if (warned) { log() << startupWarningsLog; } }
void ProcessInfo::getExtraInfo(BSONObjBuilder& info) { MEMORYSTATUSEX mse; mse.dwLength = sizeof(mse); PROCESS_MEMORY_COUNTERS pmc; if (GetProcessMemoryInfo(GetCurrentProcess(), &pmc, sizeof(pmc))) { info.append("page_faults", static_cast<int>(pmc.PageFaultCount)); info.append("usagePageFileMB", static_cast<int>(pmc.PagefileUsage / 1024 / 1024)); } if (GlobalMemoryStatusEx(&mse)) { info.append("totalPageFileMB", static_cast<int>(mse.ullTotalPageFile / 1024 / 1024)); info.append("availPageFileMB", static_cast<int>(mse.ullAvailPageFile / 1024 / 1024)); info.append("ramMB", static_cast<int>(mse.ullTotalPhys / 1024 / 1024)); } #ifndef _WIN64 BOOL wow64Process; BOOL retWow64 = IsWow64Process(GetCurrentProcess(), &wow64Process); info.append("wow64Process", static_cast<bool>(retWow64 && wow64Process)); #endif }
//------------------------------------------------------------------------------ // Returns TRUE if we are running on a 64-bit OS in WoW, FALSE otherwise. BOOL RunningInWow64() { #ifdef PLATFORM_UNIX return FALSE; #else static int s_Wow64Process; if (s_Wow64Process == 0) { BOOL fWow64Process = FALSE; if (!IsWow64Process(GetCurrentProcess(), &fWow64Process)) fWow64Process = FALSE; s_Wow64Process = fWow64Process ? 1 : -1; } return (s_Wow64Process == 1) ? TRUE : FALSE; #endif }
DWORD64 WoW64dm::LoadLibrary64( const wchar_t* path ) { BOOL isWOW = FALSE; IsWow64Process(_hProcess, &isWOW); // Inject into x64 if(isWOW == FALSE) { DWORD64 memptr = 0; VirtualAllocEx64(memptr, 0x1000, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE); if(memptr != 0) { DWORD size = 0; DWORD64 hKernel32 = GetModuleHandle64(L"Kernel32.dll", &size); DWORD64 pLoadLib = GetProcAddress64(hKernel32, size, "LoadLibraryW"); if(pLoadLib != 0 && WriteProcessMemory64(memptr, (LPVOID)path, (wcslen(path) + 1)*sizeof(wchar_t), 0) == STATUS_SUCCESS) { DWORD64 status = 0; if(CreateRemoteThread64(pLoadLib, memptr, status, true) != FALSE && status == STATUS_SUCCESS) { VirtualFreeEx64(memptr, 0x1000, MEM_RELEASE); return status; } } VirtualFreeEx64(memptr, 0x1000, MEM_FREE); } return FALSE; } // Inject into WOW64 else { return LoadLibraryRemoteWOW64(path); } }
BOOL CBiosDlg::OnInitDialog() { CDialog::OnInitDialog(); // TODO: Add extra initialization here _tcscpy(m_szTempDir,_tgetenv(TEXT("SystemRoot"))); _tcscat(m_szTempDir,TEXT("\\Temp")); GetCurrentDirectory(2048,m_curPath); typedef BOOL (WINAPI* ChangeWindowMessageFilterFn)( UINT, DWORD ); HMODULE hUserMod = NULL; BOOL bResult = FALSE; hUserMod = LoadLibrary(TEXT("user32.dll")); if (hUserMod) { ChangeWindowMessageFilterFn pfnChangeWindowMessageFilter = (ChangeWindowMessageFilterFn)GetProcAddress( hUserMod, "ChangeWindowMessageFilter" ); if (pfnChangeWindowMessageFilter) { pfnChangeWindowMessageFilter(WM_DROPFILES, 1); // 1-MSGFLT_ADD, 2-MSGFLT_REMOVE pfnChangeWindowMessageFilter(0x0049, 1); // 1-MSGFLT_ADD, 2-MSGFLT_REMOVE } FreeLibrary(hUserMod); } m_nBiosSize = 0; m_bExistKey = FALSE; m_strSSN = TEXT(""); CCpuInfo ci; mbstowcs(m_wszCpuInfo,ci.GetBrand(),49); IsWow64Process(GetCurrentProcess(),&m_bIsx64); CBiosInfo* pInfo = ((CHWToolApp*)AfxGetApp())->m_BiosInfo; SetDlgItemText(IDC_IBV,pInfo->m_BiosInfoW.m_wszIVN); SetDlgItemText(IDC_BIOSVER,pInfo->m_BiosInfoW.m_wszIV); SetDlgItemText(IDC_BIOSDATE,pInfo->m_BiosInfoW.m_wszID); SetDlgItemText(IDC_BIOSHASH,pInfo->m_BiosInfoW.m_wszSK); SetDlgItemText(IDC_PID,pInfo->m_BiosInfoW.m_wszSM); SetDlgItemText(IDC_MODEL,pInfo->m_BiosInfoW.m_wszSP); SetDlgItemText(IDC_SERIALNUM,pInfo->m_BiosInfoW.m_wszSS); SetDlgItemText(IDC_MBPID,pInfo->m_BiosInfoW.m_wszBM); return TRUE; // return TRUE unless you set the focus to a control // EXCEPTION: OCX Property Pages should return FALSE }
int CSysInfo::GetKernelBitness(void) { static int kernelBitness = -1; if (kernelBitness == -1) { #ifdef TARGET_WINDOWS SYSTEM_INFO si; GetNativeSystemInfo(&si); if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL || si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_ARM) kernelBitness = 32; else if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) kernelBitness = 64; else { BOOL isWow64 = FALSE; if (IsWow64Process(GetCurrentProcess(), &isWow64) && isWow64) // fallback kernelBitness = 64; } #elif defined(TARGET_DARWIN_IOS) // Note: OS X return x86 CPU type without CPU_ARCH_ABI64 flag const NXArchInfo* archInfo = NXGetLocalArchInfo(); if (archInfo) kernelBitness = ((archInfo->cputype & CPU_ARCH_ABI64) != 0) ? 64 : 32; #elif defined(TARGET_POSIX) struct utsname un; if (uname(&un) == 0) { std::string machine(un.machine); if (machine == "x86_64" || machine == "amd64" || machine == "arm64" || machine == "aarch64" || machine == "ppc64" || machine == "ia64" || machine == "mips64") kernelBitness = 64; else kernelBitness = 32; } #endif if (kernelBitness == -1) kernelBitness = 0; // can't detect } return kernelBitness; }
BOOL unicorn::IPluginInfo::isWow64() { BOOL bIsWow64 = FALSE; //IsWow64Process is not available on all supported versions of Windows. //Use GetModuleHandle to get a handle to the DLL that contains the function //and GetProcAddress to get a pointer to the function if available. void* fnIsWow64Process = GetProcAddress( GetModuleHandle(TEXT("kernel32")),"IsWow64Process"); if(NULL != fnIsWow64Process) { if (!IsWow64Process(GetCurrentProcess(),&bIsWow64)) { //handle error } } return bIsWow64; }
/** * Makes sure a library named "Subversion" exists and has our template * set to it. * If the library already exists, the template is set. * If the library doesn't exist, it is created. */ void EnsureSVNLibrary(bool bCreate /* = true*/) { // when running the 32-bit version of TortoiseProc on x64 OS, // we must not create the library! This would break // the library in the x64 explorer. BOOL bIsWow64 = FALSE; IsWow64Process(GetCurrentProcess(), &bIsWow64); if (bIsWow64) return; CComPtr<IShellLibrary> pLibrary = NULL; if (FAILED(OpenShellLibrary(L"Subversion", &pLibrary))) { if (!bCreate) return; if (FAILED(SHCreateLibrary(IID_PPV_ARGS(&pLibrary)))) return; // Save the new library under the user's Libraries folder. CComPtr<IShellItem> pSavedTo = NULL; if (FAILED(pLibrary->SaveInKnownFolder(FOLDERID_UsersLibraries, L"Subversion", LSF_OVERRIDEEXISTING, &pSavedTo))) return; } if (SUCCEEDED(pLibrary->SetFolderType(IsWindows8OrGreater() ? FOLDERTYPEID_Documents : FOLDERTYPEID_SVNWC))) { // create the path for the icon CString path; CString appDir = CPathUtils::GetAppDirectory(); if (appDir.GetLength() < MAX_PATH) { TCHAR buf[MAX_PATH] = {0}; PathCanonicalize(buf, (LPCTSTR)appDir); appDir = buf; } path.Format(L"%s%s,-%d", (LPCTSTR)appDir, L"TortoiseProc.exe", IsWin10OrLater() ? IDI_LIBRARY_WIN10 : IDI_LIBRARY); pLibrary->SetIcon((LPCTSTR)path); pLibrary->Commit(); } }
/// <summary> /// Initialize some internal data /// </summary> /// <returns>Status code</returns> NTSTATUS ProcessCore::Init() { // Detect x86 OS SYSTEM_INFO info = { { 0 } }; GetNativeSystemInfo( &info ); if (info.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL) { _native.reset( new x86Native( _hProcess ) ); } else { // Detect wow64 barrier BOOL wowSrc = FALSE; IsWow64Process( GetCurrentProcess(), &wowSrc ); if (wowSrc == TRUE) _native.reset( new NativeWow64( _hProcess ) ); else _native.reset( new Native( _hProcess ) ); } // Get DEP info // For native x64 processes DEP is always enabled if (_native->GetWow64Barrier().targetWow64 == false) { _dep = true; } else { DWORD flags = 0; BOOL perm = 0; if (SAFE_CALL( GetProcessDEPPolicy, _hProcess, &flags, &perm )) _dep = (flags & PROCESS_DEP_ENABLE) != 0; } return STATUS_SUCCESS; }
/*********************************************************************** * GetNativeSystemInfo [KERNEL32.@] */ VOID WINAPI GetNativeSystemInfo( LPSYSTEM_INFO si /* [out] Destination for system information, may not be NULL */) { BOOL is_wow64; GetSystemInfo(si); IsWow64Process(GetCurrentProcess(), &is_wow64); if (is_wow64) { if (si->u.s.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL) { si->u.s.wProcessorArchitecture = PROCESSOR_ARCHITECTURE_AMD64; si->dwProcessorType = PROCESSOR_AMD_X8664; } else { FIXME("Add the proper information for %d in wow64 mode\n", si->u.s.wProcessorArchitecture); } } }
int wmain() { BOOL isWow64 = FALSE; IsWow64Process(GetCurrentProcess(), &isWow64); std::cout << "IsWow64" << " : " << isWow64 << std::endl; if (init_ntdll_func(isWow64) == false) { printf("Cannot load functions!\n"); return -1; } wchar_t calcPath[MAX_PATH] = { 0 }; ExpandEnvironmentStringsW(L"%SystemRoot%\\system32\\calc.exe", calcPath, MAX_PATH); wchar_t *targetPath = calcPath; wchar_t my_name[MAX_PATH] = { 0 }; GetModuleFileNameW(NULL, my_name, MAX_PATH); PTEB myTeb = NtCurrentTeb(); PPEB myPeb = myTeb->ProcessEnvironmentBlock; //> if (RtlEnterCriticalSection(myPeb->FastPebLock) != STATUS_SUCCESS) { return -2; } bool is_ok = update_params_in_peb(isWow64, myPeb, targetPath); RtlLeaveCriticalSection(myPeb->FastPebLock); //< if (!is_ok) { return -1; } MessageBoxW(GetDesktopWindow(), L"My momma calls me calc :D", L"Hello", MB_OK); //read the real path: wchar_t real_path[MAX_PATH] = { 0 }; GetProcessImageFileNameW(NtCurrentProcess(), real_path, MAX_PATH); //display the real path: MessageBoxW(GetDesktopWindow(), real_path, L"Real path:", MB_OK); return 0; }
LRESULT CALLBACK VDMInject(HWND hwnd, const GUID* from) { DWORD pid; GetWindowThreadProcessId(hwnd, &pid); auto hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); #ifdef _WIN64 BOOL isWow64; IsWow64Process(hProcess, &isWow64); if(!isWow64) { VDMInject64(hProcess, hwnd, from); }else #endif { VDMInject32(hProcess, (unsigned int)hwnd, from); } CloseHandle(hProcess); return 0; }
bool BuildVariants::HostCan64bits() { #if (MPT_ARCH_BITS == 64) return true; #else #if MPT_OS_WINDOWS #if (_WIN32_WINNT >= 0x0501) BOOL is64 = FALSE; if(IsWow64Process(GetCurrentProcess(), &is64) != 0) { return is64 ? true : false; } else { return false; } #else return false; #endif #else return false; #endif #endif }
/* Check whether this OS version supports VSS providers */ static bool vss_check_os_version(void) { OSVERSIONINFO OSver; OSver.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&OSver); if ((OSver.dwMajorVersion == 5 && OSver.dwMinorVersion >= 2) || OSver.dwMajorVersion > 5) { BOOL wow64 = false; #ifndef _WIN64 /* Provider doesn't work under WOW64 (32bit agent on 64bit OS) */ if (!IsWow64Process(GetCurrentProcess(), &wow64)) { fprintf(stderr, "failed to IsWow64Process (Error: %lx\n)\n", GetLastError()); return false; } if (wow64) { fprintf(stderr, "Warning: Running under WOW64\n"); } #endif return !wow64; } return false; }
static BOOL getThreadContext(HANDLE hProcess, HANDLE hThread, PCONTEXT pContext) { ZeroMemory(pContext, sizeof *pContext); BOOL bWow64 = FALSE; if (HAVE_WIN64) { IsWow64Process(hProcess, &bWow64); } BOOL bSuccess; if (bWow64) { PWOW64_CONTEXT pWow64Context = reinterpret_cast<PWOW64_CONTEXT>(pContext); static_assert(sizeof *pContext >= sizeof *pWow64Context, "WOW64_CONTEXT should fit in CONTEXT"); pWow64Context->ContextFlags = WOW64_CONTEXT_ALL; bSuccess = Wow64GetThreadContext(hThread, pWow64Context); } else { pContext->ContextFlags = CONTEXT_ALL; bSuccess = GetThreadContext(hThread, pContext); } return bSuccess; }
BOOL CDisplayAdapterHelper::AdjustDllforProcess(HANDLE hProcess, LPSTR lpDllPath) { BOOL bIs32Bit = FALSE; //#ifdef _WIN64 // BOOL myselfBitWide = TRUE; //#else // BOOL mySelfBitWide = FALSE; //#endif // BOOL bSelfIsWow64 = FALSE; // IsWow64Process(GetCurrentProcess(), &bSelfIsWow64); IsWow64Process(hProcess, &bIs32Bit); if (!bIs32Bit) { CHAR tempStrBuf[MAX_PATH] = { 0 }; if (ISTRUE(AdjustDllfor64bit(tempStrBuf, MAX_PATH, lpDllPath))) { memcpy(lpDllPath, tempStrBuf, strlen(tempStrBuf) + 1); } } return TRUE; }
int main() { int argc; LPWSTR commandline = GetCommandLine(); LPWSTR *args = CommandLineToArgvW(commandline, &argc); if (!args) { printf("CommandLineToArgvW failed: %x\n", GetLastError()); return 8; } size_t commlen = wcslen(commandline); size_t read_from = wcslen(args[0]) + 2; if (argc < 2 || read_from >= commlen) { printf("Invalid command-line: %S (%S)\n", commandline, args[0]); printf("Usage: executable-name\n"); return 6; } HANDLE us = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION | PROCESS_QUERY_LIMITED_INFORMATION, FALSE, GetCurrentProcessId() ); if (!us) { printf("Couldn't open current process: %x\n", GetLastError()); return 2; } BOOL is64; if (!IsWow64Process(us, &is64)) { printf("Couldn't check for WoW64: %x\n", GetLastError()); return 9; } FARPROC addr = GetProcAddress(GetModuleHandle(L"kernel32"), is64 ? "QueryDosDeviceA" : "GetDriveTypeA"); if (!addr) { printf("Couldn't get reference address: %x\n", GetLastError()); return 1; } const unsigned char x64ref[] = { 0x75, 0x24 }; const unsigned char x32ref[] = { 0x0f, 0x85, 0x70, 0x01, 0x00, 0x00 }; char *target; const unsigned char *ref; int len; if (is64) { target = (char*)(addr)+0x290; len = 2; ref = &x64ref[0]; } else { target = (char*)(addr)+0x11c; len = 6; ref = x32ref; } unsigned char stuffs[6]; if (!ReadProcessMemory(us, target, stuffs, len, NULL)) { printf("Couldn't read us: %x\n", GetLastError()); return 3; } for (int i = 0; i < len; ++i) if (stuffs[i] != ref[i]) { printf("Check byte %i didn't match: %x != %x\n", i, stuffs[i], ref[i]); return 4; } char nops[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 }; if (!WriteProcessMemory(us, target, nops, len, NULL)) { printf("Couldn't patch: %x\n", GetLastError()); return 5; } STARTUPINFO si = {}; si.cb = sizeof(STARTUPINFO); PROCESS_INFORMATION pi; wchar_t *buf = new wchar_t[commlen]; wcscpy(buf, commandline + read_from); if (!CreateProcess(NULL, buf, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) { printf("CreateProcess failed: %x\n", GetLastError()); return 7; } }
void LoadLangDll() { if ((g_langid != g_ShellCache.GetLangID())&&((g_langTimeout == 0)||(g_langTimeout < GetTickCount()))) { g_langid = g_ShellCache.GetLangID(); DWORD langId = g_langid; TCHAR langDll[MAX_PATH*4]; HINSTANCE hInst = NULL; TCHAR langdir[MAX_PATH] = {0}; char langdirA[MAX_PATH] = {0}; if (GetModuleFileName(g_hmodThisDll, langdir, _countof(langdir))==0) return; if (GetModuleFileNameA(g_hmodThisDll, langdirA, _countof(langdirA))==0) return; TCHAR * dirpoint = _tcsrchr(langdir, '\\'); char * dirpointA = strrchr(langdirA, '\\'); if (dirpoint) *dirpoint = 0; if (dirpointA) *dirpointA = 0; dirpoint = _tcsrchr(langdir, '\\'); dirpointA = strrchr(langdirA, '\\'); if (dirpoint) *dirpoint = 0; if (dirpointA) *dirpointA = 0; strcat_s(langdirA, "\\Languages"); // bindtextdomain ("subversion", langdirA); BOOL bIsWow = FALSE; IsWow64Process(GetCurrentProcess(), &bIsWow); do { if (bIsWow) _stprintf_s(langDll, _T("%s\\Languages\\TortoiseProc32%lu.dll"), langdir, langId); else _stprintf_s(langDll, _T("%s\\Languages\\TortoiseProc%lu.dll"), langdir, langId); BOOL versionmatch = TRUE; struct TRANSARRAY { WORD wLanguageID; WORD wCharacterSet; }; DWORD dwReserved,dwBufferSize; dwBufferSize = GetFileVersionInfoSize((LPTSTR)langDll,&dwReserved); if (dwBufferSize > 0) { LPVOID pBuffer = (void*) malloc(dwBufferSize); if (pBuffer != (void*) NULL) { UINT nInfoSize = 0; UINT nFixedLength = 0; LPSTR lpVersion = NULL; VOID* lpFixedPointer; TRANSARRAY* lpTransArray; TCHAR strLangProductVersion[MAX_PATH]; if (GetFileVersionInfo((LPTSTR)langDll, dwReserved, dwBufferSize, pBuffer)) { // Query the current language if (VerQueryValue( pBuffer, _T("\\VarFileInfo\\Translation"), &lpFixedPointer, &nFixedLength)) { lpTransArray = (TRANSARRAY*) lpFixedPointer; _stprintf_s(strLangProductVersion, _T("\\StringFileInfo\\%04x%04x\\ProductVersion"), lpTransArray[0].wLanguageID, lpTransArray[0].wCharacterSet); if (VerQueryValue(pBuffer, (LPTSTR)strLangProductVersion, (LPVOID *)&lpVersion, &nInfoSize)) { versionmatch = (_tcscmp((LPCTSTR)lpVersion, _T(STRPRODUCTVER)) == 0); } } } free(pBuffer); } // if (pBuffer != (void*) NULL) } // if (dwBufferSize > 0) else versionmatch = FALSE; if (versionmatch) hInst = LoadLibrary(langDll); if (hInst != NULL) { if (g_hResInst != g_hmodThisDll) FreeLibrary(g_hResInst); g_hResInst = hInst; } else { DWORD lid = SUBLANGID(langId); lid--; if (lid > 0) { langId = MAKELANGID(PRIMARYLANGID(langId), lid); } else langId = 0; } } while ((hInst == NULL) && (langId != 0)); if (hInst == NULL) { // either the dll for the selected language is not present, or // it is the wrong version. // fall back to English and set a timeout so we don't retry // to load the language dll too often if (g_hResInst != g_hmodThisDll) FreeLibrary(g_hResInst); g_hResInst = g_hmodThisDll; g_langid = 1033; // set a timeout of 10 seconds if (g_ShellCache.GetLangID() != 1033) g_langTimeout = GetTickCount() + 10000; } else g_langTimeout = 0; } // if (g_langid != g_ShellCache.GetLangID()) }
int main( int argc, char *argv[] ) { extern HANDLE CDECL __wine_make_process_system(void); static const WCHAR RunW[] = {'R','u','n',0}; static const WCHAR RunOnceW[] = {'R','u','n','O','n','c','e',0}; static const WCHAR RunServicesW[] = {'R','u','n','S','e','r','v','i','c','e','s',0}; static const WCHAR RunServicesOnceW[] = {'R','u','n','S','e','r','v','i','c','e','s','O','n','c','e',0}; static const WCHAR wineboot_eventW[] = {'_','_','w','i','n','e','b','o','o','t','_','e','v','e','n','t',0}; /* First, set the current directory to SystemRoot */ int optc; int end_session = 0, force = 0, init = 0, kill = 0, restart = 0, shutdown = 0, update = 0; HANDLE event; SECURITY_ATTRIBUTES sa; BOOL is_wow64; GetWindowsDirectoryW( windowsdir, MAX_PATH ); if( !SetCurrentDirectoryW( windowsdir ) ) WINE_ERR("Cannot set the dir to %s (%d)\n", wine_dbgstr_w(windowsdir), GetLastError() ); if (IsWow64Process( GetCurrentProcess(), &is_wow64 ) && is_wow64) { STARTUPINFOW si; PROCESS_INFORMATION pi; WCHAR filename[MAX_PATH]; void *redir; DWORD exit_code; memset( &si, 0, sizeof(si) ); si.cb = sizeof(si); GetModuleFileNameW( 0, filename, MAX_PATH ); Wow64DisableWow64FsRedirection( &redir ); if (CreateProcessW( filename, GetCommandLineW(), NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi )) { WINE_TRACE( "restarting %s\n", wine_dbgstr_w(filename) ); WaitForSingleObject( pi.hProcess, INFINITE ); GetExitCodeProcess( pi.hProcess, &exit_code ); ExitProcess( exit_code ); } else WINE_ERR( "failed to restart 64-bit %s, err %d\n", wine_dbgstr_w(filename), GetLastError() ); Wow64RevertWow64FsRedirection( redir ); } while ((optc = getopt_long(argc, argv, short_options, long_options, NULL )) != -1) { switch(optc) { case 'e': end_session = 1; break; case 'f': force = 1; break; case 'i': init = 1; break; case 'k': kill = 1; break; case 'r': restart = 1; break; case 's': shutdown = 1; break; case 'u': update = 1; break; case 'h': usage(); return 0; case '?': usage(); return 1; } } if (end_session) { if (kill) { if (!shutdown_all_desktops( force )) return 1; } else if (!shutdown_close_windows( force )) return 1; } if (kill) kill_processes( shutdown ); if (shutdown) return 0; sa.nLength = sizeof(sa); sa.lpSecurityDescriptor = NULL; sa.bInheritHandle = TRUE; /* so that services.exe inherits it */ event = CreateEventW( &sa, TRUE, FALSE, wineboot_eventW ); ResetEvent( event ); /* in case this is a restart */ create_hardware_registry_keys(); create_dynamic_registry_keys(); create_environment_registry_keys(); wininit(); pendingRename(); ProcessWindowsFileProtection(); ProcessRunKeys( HKEY_LOCAL_MACHINE, RunServicesOnceW, TRUE, FALSE ); if (init || (kill && !restart)) { ProcessRunKeys( HKEY_LOCAL_MACHINE, RunServicesW, FALSE, FALSE ); start_services_process(); } if (init || update) update_wineprefix( update ); create_volatile_environment_registry_key(); ProcessRunKeys( HKEY_LOCAL_MACHINE, RunOnceW, TRUE, TRUE ); if (!init && !restart) { ProcessRunKeys( HKEY_LOCAL_MACHINE, RunW, FALSE, FALSE ); ProcessRunKeys( HKEY_CURRENT_USER, RunW, FALSE, FALSE ); ProcessStartupItems(); } WINE_TRACE("Operation done\n"); SetEvent( event ); return 0; }
int getOsBits() { if (IsWow64Process(GetCurrentProcess(), &is64) != ERROR_SUCCESS) return is64 ? 64 : 32; return 0; }
void CRemoteGraphForm::OnRefreshClick() { // let's load objects from ROT CComPtr<IRunningObjectTable> rot; HRESULT hr; graphs.RemoveAll(); list_graphs.DeleteAllItems(); sel_graph = RemoteGraph(); hr = GetRunningObjectTable(0, &rot); if (FAILED(hr)) return ; // scan through running objects CComPtr<IEnumMoniker> emon; CComPtr<IMoniker> moniker; CComPtr<IBindCtx> bindctx; ULONG f; hr = CreateBindCtx(0, &bindctx); if (FAILED(hr)) { return ; } CAtlRegExp<> regex; REParseError status = regex.Parse(_T("^\\!FilterGraph {[0-9A-F]+} pid {[0-9A-F]+}(; process\\: {.+?}, time\\: {[0-9]+\\-[0-9]+\\-[0-9]+})?"), FALSE); rot->EnumRunning(&emon); emon->Reset(); while (emon->Next(1, &moniker, &f) == NOERROR) { // is this a graph object ? LPOLESTR displayname; moniker->GetDisplayName(bindctx, NULL, &displayname); CString name(displayname); if (name.Find(_T("!FilterGraph")) == 0 && !GraphStudio::DisplayGraph::IsOwnRotGraph(name)) { RemoteGraph gr = {0}; CAtlREMatchContext<> mc; gr.name = name; gr.moniker = moniker; gr.pid = 0; gr.instance = 0; gr.processIsWOW64 = FALSE; if (regex.Match(name, &mc)) { const CAtlREMatchContext<>::RECHAR* szStart = 0; const CAtlREMatchContext<>::RECHAR* szEnd = 0; mc.GetMatch(0, &szStart, &szEnd); int nLength = (int) (szEnd - szStart); const CString textInstance(szStart, nLength); StrToInt64ExW(CStringW(L"0x") + textInstance, STIF_SUPPORT_HEX, &reinterpret_cast<LONGLONG&>(gr.instance)); mc.GetMatch(1, &szStart, &szEnd); nLength = (int) (szEnd - szStart); const CString textPID(szStart, nLength); CString nameSuffix(szEnd ? szEnd : _T("")); nameSuffix.Trim(); if (StrToIntExW(CStringW(L"0x") + textPID, STIF_SUPPORT_HEX, &reinterpret_cast<INT&>(gr.pid))) { CHandle process; process.Attach(OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, gr.pid)); if (process) { TCHAR pszPath[MAX_PATH] = { 0 }; if (GetModuleFileNameEx(process, NULL, pszPath, sizeof(pszPath))) { gr.processImagePath = pszPath; // Extract filename int fileNamePos = gr.processImagePath.FindFileName(); if (fileNamePos >= 0) gr.processImageFileName = CString(gr.processImagePath).Mid(fileNamePos); } else { // a 32Bit process can't list the modules of a 64Bit process, so try to get the processImageFileName from the ROT-Name (works only for FilterGraphSpy-Entries) mc.GetMatch(2, &szStart, &szEnd); nLength = (int) (szEnd - szStart); if (nLength > 0) { CString textFileName(szStart, nLength); gr.processImageFileName = textFileName; } else if (nameSuffix.GetLength() > 0) { gr.processImageFileName = nameSuffix; // as a last resort add any suffix information from the ROT name rather than leaving blank #ifndef _WIN64 gr.processImageFileName += _T(" *64"); // If we're 32bit, assume that we can't get process name because remote process is 64bit and show this on the dialog #endif } } IsWow64Process(process, &gr.processIsWOW64); } } mc.GetMatch(3, &szStart, &szEnd); nLength = (int) (szEnd - szStart); if (nLength > 0) { CString textTime(szStart, nLength); textTime.Replace(_T("-"), _T(":")); gr.time = textTime; } } graphs.Add(gr); CString entryName = gr.name; if (gr.pid > 0) entryName.Format(_T("%d (0x%08lX)"), gr.pid, gr.pid); int nIndex = list_graphs.InsertItem(list_graphs.GetItemCount(), entryName); if (gr.processIsWOW64) { CString val = gr.processImageFileName; val.Append(_T(" *32")); list_graphs.SetItemText(nIndex, 1, val); } else list_graphs.SetItemText(nIndex, 1, gr.processImageFileName); if (gr.instance > 0) { CString val; val.Format(_T("0x%I64d"), gr.instance); list_graphs.SetItemText(nIndex, 2, val); } list_graphs.SetItemText(nIndex, 3, gr.time); list_graphs.SetItemText(nIndex, 4, gr.processImagePath); if (graphs.GetCount() == 1) { list_graphs.SetItemState(0, LVIS_SELECTED, LVIS_SELECTED); list_graphs.SetSelectionMark(0); } } if (displayname) { CComPtr<IMalloc> alloc; if (SUCCEEDED(CoGetMalloc(0, &alloc))) { alloc->Free(displayname); } } moniker = NULL; } // Set column width automatically to fit contents refreshed above for (int n=0; n<=4; n++) { list_graphs.SetColumnWidth(n, LVSCW_AUTOSIZE_USEHEADER); } }
CStdString CSysInfo::GetKernelVersion() { #if defined (_LINUX) struct utsname un; if (uname(&un)==0) { CStdString strKernel; strKernel.Format("%s %s %s %s", un.sysname, un.release, un.version, un.machine); return strKernel; } return ""; #else OSVERSIONINFOEX osvi; SYSTEM_INFO si; ZeroMemory(&si, sizeof(SYSTEM_INFO)); ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX)); GetSystemInfo(&si); osvi.dwOSVersionInfoSize = sizeof(osvi); CStdString strKernel = "Windows "; if (GetVersionEx((OSVERSIONINFO *)&osvi)) { if ( osvi.dwMajorVersion == 6 ) { if (osvi.dwMinorVersion == 0) { if( osvi.wProductType == VER_NT_WORKSTATION ) strKernel.append("Vista"); else strKernel.append("Server 2008"); } else if (osvi.dwMinorVersion == 1) { if( osvi.wProductType == VER_NT_WORKSTATION ) strKernel.append("7"); else strKernel.append("Server 2008 R2"); } if ( si.wProcessorArchitecture==PROCESSOR_ARCHITECTURE_AMD64 || si.wProcessorArchitecture==PROCESSOR_ARCHITECTURE_IA64) strKernel.append(", 64-bit Native"); else if (si.wProcessorArchitecture==PROCESSOR_ARCHITECTURE_INTEL ) { BOOL bIsWow = FALSE;; if(IsWow64Process(GetCurrentProcess(), &bIsWow)) { if (bIsWow) { GetNativeSystemInfo(&si); if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64 || si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_IA64) strKernel.append(", 64-bit (WoW)"); } else { strKernel.append(", 32-bit"); } } else strKernel.append(", 32-bit"); } } else if ( osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 2 ) { if( osvi.wProductType == VER_NT_WORKSTATION && si.wProcessorArchitecture==PROCESSOR_ARCHITECTURE_AMD64) { strKernel.append("XP Professional x64 Edition"); } } else if ( osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 1 ) { strKernel.append("XP "); if( osvi.wSuiteMask & VER_SUITE_PERSONAL ) strKernel.append("Home Edition" ); else strKernel.append("Professional" ); } else if ( osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 0 ) { strKernel.append("2000"); } if( _tcslen(osvi.szCSDVersion) > 0 ) { strKernel.append(" "); strKernel.append(osvi.szCSDVersion); } CStdString strBuild; strBuild.Format(" build %d",osvi.dwBuildNumber); strKernel += strBuild; } return strKernel; #endif }
std::string CSysInfo::GetUserAgent() { static std::string result; if (!result.empty()) return result; result = GetAppName() + "/" + (std::string)g_infoManager.GetLabel(SYSTEM_BUILD_VERSION_SHORT) + " ("; #if defined(TARGET_WINDOWS) result += GetKernelName() + " " + GetKernelVersion(); BOOL bIsWow = FALSE; if (IsWow64Process(GetCurrentProcess(), &bIsWow) && bIsWow) result.append("; WOW64"); else { SYSTEM_INFO si = {}; GetSystemInfo(&si); if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) result.append("; Win64; x64"); else if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_IA64) result.append("; Win64; IA64"); else if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_ARM) result.append("; ARM"); } #elif defined(TARGET_DARWIN) #if defined(TARGET_DARWIN_IOS) std::string iDevStr(GetModelName()); // device model name with number of model version size_t iDevStrDigit = iDevStr.find_first_of("0123456789"); std::string iDev(iDevStr, 0, iDevStrDigit); // device model name without number if (iDevStrDigit == 0) iDev = "unknown"; result += iDev + "; "; std::string iOSVerison(GetOsVersion()); size_t lastDotPos = iOSVerison.rfind('.'); if (lastDotPos != std::string::npos && iOSVerison.find('.') != lastDotPos && iOSVerison.find_first_not_of('0', lastDotPos + 1) == std::string::npos) iOSVerison.erase(lastDotPos); StringUtils::Replace(iOSVerison, '.', '_'); if (iDev == "iPad" || iDev == "AppleTV") result += "CPU OS "; else result += "CPU iPhone OS "; result += iOSVerison + " like Mac OS X"; #else result += "Macintosh; "; std::string cpuFam(GetBuildTargetCpuFamily()); if (cpuFam == "x86") result += "Intel "; else if (cpuFam == "PowerPC") result += "PPC "; result += "Mac OS X "; std::string OSXVersion(GetOsVersion()); StringUtils::Replace(OSXVersion, '.', '_'); result += OSXVersion; #endif #elif defined(TARGET_ANDROID) result += "Linux; Android "; std::string versionStr(GetOsVersion()); const size_t verLen = versionStr.length(); if (verLen >= 2 && versionStr.compare(verLen - 2, 2, ".0", 2) == 0) versionStr.erase(verLen - 2); // remove last ".0" if any result += versionStr; std::string deviceInfo(GetModelName()); char buildId[PROP_VALUE_MAX]; int propLen = __system_property_get("ro.build.id", buildId); if (propLen > 0 && propLen <= PROP_VALUE_MAX) { if (!deviceInfo.empty()) deviceInfo += " "; deviceInfo += "Build/"; deviceInfo.append(buildId, propLen); } if (!deviceInfo.empty()) result += "; " + deviceInfo; #elif defined(TARGET_POSIX) result += "X11; "; struct utsname un; if (uname(&un) == 0) { std::string cpuStr(un.machine); if (cpuStr == "x86_64" && GetXbmcBitness() == 32) cpuStr = "i686 (x86_64)"; result += un.sysname; result += " "; result += cpuStr; } else result += "Unknown"; #else result += "Unknown"; #endif result += ")"; if (GetAppName() != "Kodi") result += " Kodi_Fork_" + GetAppName() + "/1.0"; // default fork number is '1.0', replace it with actual number if necessary #ifdef TARGET_LINUX // Add distribution name std::string linuxOSName(GetOsName(true)); if (!linuxOSName.empty()) result += " " + linuxOSName + "/" + GetOsVersion(); #endif #ifdef TARGET_RASPBERRY_PI result += " HW_RaspberryPi/1.0"; #elif defined (TARGET_DARWIN_IOS) std::string iDevVer; if (iDevStrDigit == std::string::npos) iDevVer = "0.0"; else iDevVer.assign(iDevStr, iDevStrDigit, std::string::npos); StringUtils::Replace(iDevVer, ',', '.'); result += " HW_" + iDev + "/" + iDevVer; #endif // add more device IDs here if needed. // keep only one device ID in result! Form: // result += " HW_" + "deviceID" + "/" + "1.0"; // '1.0' if device has no version #if defined(TARGET_ANDROID) // Android has no CPU string by default, so add it as additional parameter struct utsname un1; if (uname(&un1) == 0) { std::string cpuStr(un1.machine); StringUtils::Replace(cpuStr, ' ', '_'); result += " Sys_CPU/" + cpuStr; } #endif result += " App_Bitness/" + StringUtils::Format("%d", GetXbmcBitness()); std::string fullVer(g_infoManager.GetLabel(SYSTEM_BUILD_VERSION)); StringUtils::Replace(fullVer, ' ', '-'); result += " Version/" + fullVer; return result; }
void GraphicsCaptureSource::AttemptCapture() { //Log(TEXT("attempting to capture..")); if (!bUseHotkey) hwndTarget = FindWindow(strWindowClass, NULL); else { hwndTarget = hwndNextTarget; hwndNextTarget = NULL; } if (hwndTarget) { GetWindowThreadProcessId(hwndTarget, &targetProcessID); if(!targetProcessID) { AppWarning(TEXT("GraphicsCaptureSource::BeginScene: GetWindowThreadProcessId failed, GetLastError = %u"), GetLastError()); bErrorAcquiring = true; return; } } else { if (!bUseHotkey && !warningID) warningID = API->AddStreamInfo(Str("Sources.SoftwareCaptureSource.WindowNotFound"), StreamInfoPriority_High); bCapturing = false; return; } if(warningID) { API->RemoveStreamInfo(warningID); warningID = 0; } //------------------------------------------- // see if we already hooked the process. if not, inject DLL char pOPStr[12]; mcpy(pOPStr, "NpflUvhel{x", 12); //OpenProcess obfuscated for (int i=0; i<11; i++) pOPStr[i] ^= i^1; OPPROC pOpenProcess = (OPPROC)GetProcAddress(GetModuleHandle(TEXT("KERNEL32")), pOPStr); HANDLE hProcess = (*pOpenProcess)(PROCESS_ALL_ACCESS, FALSE, targetProcessID); if(hProcess) { //------------------------------------------- // load keepalive event hOBSIsAlive = CreateEvent(NULL, FALSE, FALSE, String() << OBS_KEEPALIVE_EVENT << UINT(targetProcessID)); //------------------------------------------- hwndCapture = hwndTarget; hSignalRestart = OpenEvent(EVENT_ALL_ACCESS, FALSE, String() << RESTART_CAPTURE_EVENT << UINT(targetProcessID)); if(hSignalRestart) { SetEvent(hSignalRestart); bCapturing = true; captureWaitCount = 0; } else { BOOL bSameBit = TRUE; if(Is64BitWindows()) { BOOL bCurrentProcessWow64, bTargetProcessWow64; IsWow64Process(GetCurrentProcess(), &bCurrentProcessWow64); IsWow64Process(hProcess, &bTargetProcessWow64); bSameBit = (bCurrentProcessWow64 == bTargetProcessWow64); } if(bSameBit) { String strDLL; DWORD dwDirSize = GetCurrentDirectory(0, NULL); strDLL.SetLength(dwDirSize); GetCurrentDirectory(dwDirSize, strDLL); strDLL << TEXT("\\plugins\\GraphicsCapture\\GraphicsCaptureHook"); BOOL b32bit = TRUE; if(Is64BitWindows()) IsWow64Process(hProcess, &b32bit); if(!b32bit) strDLL << TEXT("64"); strDLL << TEXT(".dll"); if(InjectLibrary(hProcess, strDLL)) { captureWaitCount = 0; bCapturing = true; } else { AppWarning(TEXT("GraphicsCaptureSource::BeginScene: Failed to inject library, GetLastError = %u"), GetLastError()); CloseHandle(hProcess); hProcess = NULL; bErrorAcquiring = true; } } else { String strDLLPath; DWORD dwDirSize = GetCurrentDirectory(0, NULL); strDLLPath.SetLength(dwDirSize); GetCurrentDirectory(dwDirSize, strDLLPath); strDLLPath << TEXT("\\plugins\\GraphicsCapture"); BOOL b32bit = TRUE; if(Is64BitWindows()) IsWow64Process(hProcess, &b32bit); String strHelper = strDLLPath; strHelper << ((b32bit) ? TEXT("\\injectHelper.exe") : TEXT("\\injectHelper64.exe")); String strCommandLine; strCommandLine << TEXT("\"") << strHelper << TEXT("\" ") << UIntString(targetProcessID); //--------------------------------------- PROCESS_INFORMATION pi; STARTUPINFO si; zero(&pi, sizeof(pi)); zero(&si, sizeof(si)); si.cb = sizeof(si); if(CreateProcess(strHelper, strCommandLine, NULL, NULL, FALSE, 0, NULL, strDLLPath, &si, &pi)) { int exitCode = 0; WaitForSingleObject(pi.hProcess, INFINITE); GetExitCodeProcess(pi.hProcess, (DWORD*)&exitCode); CloseHandle(pi.hThread); CloseHandle(pi.hProcess); if(exitCode == 0) { captureWaitCount = 0; bCapturing = true; } else { AppWarning(TEXT("GraphicsCaptureSource::BeginScene: Failed to inject library, error code = %d"), exitCode); bErrorAcquiring = true; } } else { AppWarning(TEXT("GraphicsCaptureSource::BeginScene: Could not create inject helper, GetLastError = %u"), GetLastError()); bErrorAcquiring = true; } } } CloseHandle(hProcess); hProcess = NULL; if (!bCapturing) { CloseHandle(hOBSIsAlive); hOBSIsAlive = NULL; } } else { AppWarning(TEXT("GraphicsCaptureSource::BeginScene: OpenProcess failed, GetLastError = %u"), GetLastError()); bErrorAcquiring = true; } }