void CDrop::QueryFileNames(UStringVector &fileNames)
{
fileNames.Clear();
UINT numFiles = QueryCountOfFiles();
fileNames.Reserve(numFiles);
for(UINT i = 0; i < numFiles; i++)
fileNames.Add(QueryFileName(i));
}
void GetHandleInfo(ULONG pid, ULONG index, HANDLE_INFO* info)
{
#ifdef XP_SP3
POBJECT_HEADER_XP_SP3 objHeader;
POBJECT_NAME_INFORMATION_XP_SP3 ObjNameInfo;
POBJECT_HEADER_NAME_INFO_XP_SP3 NameInfo;
ULONG dwReturn;
BOOL handleCanFound;
PVOID foundHandle;
ULONG strLen = 0;
ULONG handleValue = 0;
BYTE secondParam = 0;
BOOL isFetched;
char tmpTypeName[56];
ULONG i;
ULONG EProcess;
//handleCanFound = FindObjectByIndex(pid, index, &((ULONG)foundHandle), &handleValue);
handleCanFound = FindObjectByHandle(pid, index*4, &((ULONG)foundHandle));
handleValue = index*4;
info->canFound = handleCanFound;
//DbgPrint("[ring0] handleCanFound 0x%x", handleCanFound);
__try {
if( handleCanFound ) {
objHeader = (POBJECT_HEADER_XP_SP3)foundHandle;
info->handle = handleValue;
info->handles = objHeader->HandleCount;
info->refrenced = objHeader->PointerCount;
info->objAddress = (ULONG)(&(objHeader->Body));
if( objHeader->Type->Name.Length > 1024 )
strLen = 1022;
else
strLen = objHeader->Type->Name.Length;
//memset(info->typeName, 0, 1024*sizeof(wchar_t));
if( MmIsAddressValid(objHeader->Type->Name.Buffer) )
memcpy(info->typeName, objHeader->Type->Name.Buffer, strLen);
//info->typeName = objHeader->Type->Name;
if( objHeader->NameInfoOffset == 0 )
{
NameInfo = NULL;
}
else
{
NameInfo = (POBJECT_HEADER_NAME_INFO_XP_SP3)((ULONG)objHeader-objHeader->NameInfoOffset);
}
memset(tmpTypeName, 0, 56);
i = 0;
while( info->typeName[i] != 0 ) {
tmpTypeName[i] = (char)info->typeName[i];
i++;
}
//第一轮
isFetched = FALSE;
if( strcmp(tmpTypeName, "File") == 0 )
{
QueryFileName(index*4, (PVOID)&objHeader->Body, info->objName);
if( info->objName[0] != 0 )
isFetched = TRUE;
}
else if( strcmp(tmpTypeName, "Key") == 0 )
{
FindProcessByID(pid, &EProcess);
//DbgPrint("[ring0] EProcess 0x%x",EProcess);
QueryKeyName(index*4,EProcess,(PVOID)&objHeader->Body, info->objName);
if( info->objName[0] != 0 )
isFetched = TRUE;
}
//第二轮
if( isFetched )
{
}
else
{
if( NameInfo == NULL )
{
//memset(info->objName, 0, 1024*sizeof(wchar_t));
}
else
{
if( NameInfo->Name.Length > 1024 )
strLen = 1022;
else
strLen = NameInfo->Name.Length;
//memset(info->objName, 0, 1024*sizeof(wchar_t));
if( MmIsAddressValid(NameInfo->Name.Buffer) ) {
memcpy(info->objName, NameInfo->Name.Buffer, strLen );
isFetched = TRUE;
}
}
}
//第三轮
if( !isFetched && objHeader->Type->TypeInfo.QueryNameProcedure != NULL )
{
//ObjNameInfo.Name.Buffer = info->objName;
//ObjNameInfo.Name.MaximumLength = 1024;
ObjNameInfo = (POBJECT_NAME_INFORMATION_XP_SP3)ExAllocatePoolWithTag(PagedPool, 2048, 1001);
if( NameInfo == NULL ) {
secondParam = FALSE;
} else if( NameInfo->Name.Length == 0 ) {
secondParam = FALSE;
} else {
secondParam = TRUE;
}
__try {
(*objHeader->Type->TypeInfo.QueryNameProcedure)(
(PVOID)&objHeader->Body,
secondParam,
ObjNameInfo,
2048,
&dwReturn
);
} __except(EXCEPTION_EXECUTE_HANDLER) {
memset(info->objName, 0, 1024*sizeof(wchar_t));
}
if( ObjNameInfo->Name.Length > 1024 )
strLen = 1022;
else
strLen = ObjNameInfo->Name.Length;
//memset(info->objName, 0, 1024*sizeof(wchar_t));
if( MmIsAddressValid(ObjNameInfo->Name.Buffer) )
memcpy(info->objName, ObjNameInfo->Name.Buffer, strLen );
ExFreePool(ObjNameInfo);
}
}
} __except(EXCEPTION_EXECUTE_HANDLER) {
