QString FindModuleFile(QWidget* pParent, const QString& originalPath) { QString tryFile = originalPath; QFileInfo fileInfo(originalPath); #if AMDT_BUILD_TARGET == AMDT_WINDOWS_OS PVOID oldValue = nullptr; BOOL doRedirect = false; IsWow64Process(GetCurrentProcess(), &doRedirect); if (doRedirect) { doRedirect = (BOOL) Wow64DisableWow64FsRedirection(&oldValue); } #endif while (!QFile::exists(tryFile)) { // We did not find the file, ask user where it is. // Save the path of the user selected and use it next time. tryFile = QFileDialog::getOpenFileName(pParent, "Locate module file " + fileInfo.fileName(), originalPath, "Module File (*.*)"); if (tryFile.isEmpty()) { #if AMDT_BUILD_TARGET == AMDT_WINDOWS_OS if (doRedirect) { Wow64RevertWow64FsRedirection(oldValue); } #endif return QString::null; } } #if AMDT_BUILD_TARGET == AMDT_WINDOWS_OS if (doRedirect) { Wow64RevertWow64FsRedirection(oldValue); } #endif return tryFile; }
static gpointer count_thread_fun(gpointer data) { struct a6o_on_demand *on_demand = (struct a6o_on_demand *)data; int recurse = on_demand->flags & ARMADITO_SCAN_RECURSE; int count = 0; #ifdef WIN32 void * OldValue = NULL; if (Wow64DisableWow64FsRedirection(&OldValue) == FALSE) { return NULL; } #endif os_dir_map(on_demand->root_path, recurse, count_entry, &count); /* set the counter inside the a6o_scan struct only at the end, so */ /* that the scan function does not see the intermediate values, only the last one */ on_demand->scan->to_scan_count = count; #ifdef WIN32 if (Wow64RevertWow64FsRedirection(OldValue) == FALSE ) { return NULL; } #endif return NULL; }
static BOOL start_rpcss(void) { PROCESS_INFORMATION pi; STARTUPINFOW si; WCHAR cmd[MAX_PATH]; static const WCHAR rpcss[] = {'\\','r','p','c','s','s','.','e','x','e',0}; BOOL rslt; void *redir; TRACE("\n"); ZeroMemory(&si, sizeof(STARTUPINFOA)); si.cb = sizeof(STARTUPINFOA); GetSystemDirectoryW( cmd, MAX_PATH - sizeof(rpcss)/sizeof(WCHAR) ); lstrcatW( cmd, rpcss ); Wow64DisableWow64FsRedirection( &redir ); rslt = CreateProcessW( cmd, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi ); Wow64RevertWow64FsRedirection( redir ); if (rslt) { CloseHandle(pi.hProcess); CloseHandle(pi.hThread); Sleep(100); } return rslt; }
void CSystem::RecoveryRedir() { if (ifRedirFrobid == true && GetSystemBits() == 64) { Wow64RevertWow64FsRedirection(oldValue); ifRedirFrobid = false; } }
/*********************************************************************** * ExitWindowsEx (USER32.@) */ BOOL WINAPI ExitWindowsEx( UINT flags, DWORD reason ) { static const WCHAR winebootW[] = { '\\','w','i','n','e','b','o','o','t','.','e','x','e',0 }; static const WCHAR killW[] = { ' ','-','-','k','i','l','l',0 }; static const WCHAR end_sessionW[] = { ' ','-','-','e','n','d','-','s','e','s','s','i','o','n',0 }; static const WCHAR forceW[] = { ' ','-','-','f','o','r','c','e',0 }; static const WCHAR shutdownW[] = { ' ','-','-','s','h','u','t','d','o','w','n',0 }; WCHAR app[MAX_PATH]; WCHAR cmdline[MAX_PATH + 64]; PROCESS_INFORMATION pi; STARTUPINFOW si; void *redir; GetSystemDirectoryW( app, MAX_PATH - sizeof(winebootW)/sizeof(WCHAR) ); strcatW( app, winebootW ); strcpyW( cmdline, app ); if (flags & EWX_FORCE) lstrcatW( cmdline, killW ); else { lstrcatW( cmdline, end_sessionW ); if (flags & EWX_FORCEIFHUNG) lstrcatW( cmdline, forceW ); } if (!(flags & EWX_REBOOT)) lstrcatW( cmdline, shutdownW ); memset( &si, 0, sizeof si ); si.cb = sizeof si; Wow64DisableWow64FsRedirection( &redir ); if (!CreateProcessW( app, cmdline, NULL, NULL, FALSE, DETACHED_PROCESS, NULL, NULL, &si, &pi )) { Wow64RevertWow64FsRedirection( redir ); ERR( "Failed to run %s\n", debugstr_w(cmdline) ); return FALSE; } Wow64RevertWow64FsRedirection( redir ); CloseHandle( pi.hProcess ); CloseHandle( pi.hThread ); return TRUE; }
//----------------------------------------------- void SJ_Menu_Begin( char lastState ) { g_timeToNextKey = 0.5f;//s_keyTime*0.5f; ZeroMemory( s_availSkins, sizeof(s_availSkins) ); s_curSkin = 0; // -- Retrieve all available skins wchar_t path[MAX_PATH]; GetCurrentDirectory(MAX_PATH-1, path); _swprintf( g_txt, L"%s\\*", path ); #ifdef _WIN64 PVOID OldValue = NULL; Wow64DisableWow64FsRedirection( &OldValue ); #endif WIN32_FIND_DATA ffdata; HANDLE hFind = FindFirstFile( g_txt, &ffdata ); if ( hFind != INVALID_HANDLE_VALUE ) { do { if ( ffdata.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) { static const wchar_t* keypaths[] = { L"config.txt", L"levels", L"levels\\easy", L"levels\\medium", L"levels\\hard", L"levels\\extreme", L"sprites" }; bool validSkin = true; for ( int i = 0; i < 7 && validSkin; ++i ) { _swprintf( g_txt, L"%s\\%s\\%s", path, ffdata.cFileName, keypaths[i] ); validSkin = validSkin && _waccess_s( g_txt, 0 ) == 0; } if ( validSkin && s_curSkin < MAX_AVAILSKINS ) { wcscpy_s( s_availSkins[s_curSkin], ffdata.cFileName ); if ( _wcsicmp( ffdata.cFileName, DEFAULT_SKIN ) == 0 ) s_skinValue = s_curSkin; ++s_curSkin; } }else { } }while ( FindNextFile(hFind,&ffdata)!=0 ); FindClose(hFind); } #ifdef _WIN64 if ( OldValue ) Wow64RevertWow64FsRedirection( OldValue ); #endif Menu_UpdateLabels(); }
void LoadDrivers() { if (!gCAProfAPISharedMapFile) { InitializeProfAPISharedObj(); } if (!gPwrProfSharedMapFile) { InitializePwrProfSharedObj(); } if (!gDriverHandlePcore) { wchar_t drivername[nBufferSize + 1]; wchar_t systemDir[MAX_PATH]; systemDir[0] = '\0'; GetSystemDirectory(systemDir, MAX_PATH); PVOID oldValue = nullptr; BOOL isSys64; IsWow64Process(GetCurrentProcess(), &isSys64); if (isSys64) { isSys64 = Wow64DisableWow64FsRedirection(&oldValue); } swprintf(drivername, nBufferSize, L"%s%s", systemDir, L"\\drivers\\PCORE"); OpenAmdDriver((LPCTSTR)drivername, &gDriverHandlePcore); swprintf(drivername, nBufferSize, L"%s%s", systemDir, L"\\drivers\\CpuProf"); OpenAmdDriver((LPCTSTR)drivername, &gDriverHandleCAProf); // Install the Power Profiler driver only on AMD supported platforms swprintf(drivername, nBufferSize, L"%s%s", systemDir, L"\\drivers\\AMDTPwrProf"); OpenAmdDriver((LPCTSTR)drivername, &gDriverHandlePwrProf); if (isSys64) { Wow64RevertWow64FsRedirection(oldValue); } } }
static BOOL run_winemenubuilder( const WCHAR *args ) { static const WCHAR menubuilder[] = {'\\','w','i','n','e','m','e','n','u','b','u','i','l','d','e','r','.','e','x','e',0}; LONG len; LPWSTR buffer; STARTUPINFOW si; PROCESS_INFORMATION pi; BOOL ret; WCHAR app[MAX_PATH]; void *redir; GetSystemDirectoryW( app, MAX_PATH - sizeof(menubuilder)/sizeof(WCHAR) ); strcatW( app, menubuilder ); len = (strlenW( app ) + strlenW( args ) + 1) * sizeof(WCHAR); buffer = heap_alloc( len ); if( !buffer ) return FALSE; strcpyW( buffer, app ); strcatW( buffer, args ); TRACE("starting %s\n",debugstr_w(buffer)); memset(&si, 0, sizeof(si)); si.cb = sizeof(si); Wow64DisableWow64FsRedirection( &redir ); ret = CreateProcessW( app, buffer, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi ); Wow64RevertWow64FsRedirection( redir ); heap_free( buffer ); if (ret) { CloseHandle( pi.hProcess ); CloseHandle( pi.hThread ); } return ret; }
/* the thread function called by the thread pool, in case of threaded scan */ static void scan_entry_thread_fun(gpointer data, gpointer user_data) { struct a6o_on_demand *on_demand = (struct a6o_on_demand *)user_data; char *path = (char *)data; #ifdef _WIN32 void * OldValue = NULL; if (Wow64DisableWow64FsRedirection(&OldValue) == FALSE) { return; } #endif if(!cancel) scan_file(on_demand, path); /* path was strdup'ed, so free it */ free(path); #ifdef _WIN32 if (Wow64RevertWow64FsRedirection(OldValue) == FALSE ){ return; } #endif }
DWORD RunProcess( __in WORD wExecMode, __in WORD wExecStyle, __in const wchar_t * pwszArg0, __in const wchar_t * pwszParameter, __in const wchar_t * pwszWorkingDirectory, __out volatile DWORD & dwPID, __in DWORD dwWait, LPDWORD lpdwExitCode, BOOL * bIsExist) { DWORD ret = ERROR_SUCCESS; STARTUPINFO si; PROCESS_INFORMATION pi; wchar_t wszCmd[MAX_PATH] = { 0, }; wchar_t wszCommandLine[MAX_PATH] = { 0, }; wchar_t *pwszAppName; wchar_t tmp[TMPBUF]; PVOID oldValue; Wow64DisableWow64FsRedirection(&oldValue); ZeroMemory(&si, sizeof(si)); ZeroMemory(&pi, sizeof(pi)); si.cb = sizeof(si); si.dwFlags = STARTF_USESHOWWINDOW; si.wShowWindow = wExecStyle; if (wExecMode == EXEC_MODE_CMD) { TCHAR systemDirPath[MAX_PATH] = _T(""); GetSystemDirectory(systemDirPath, sizeof(systemDirPath) / sizeof(_TCHAR)); swprintf_s(wszCmd, MAX_PATH, L"%s", systemDirPath); wcscat_s(wszCmd, MAX_PATH, L"\\cmd.exe"); pwszAppName = wszCmd; } else { pwszAppName = NULL; } if (pwszArg0) { swprintf_s(wszCommandLine, MAX_PATH, L"%s", pwszArg0); } if (pwszParameter) { if (wcslen(pwszParameter) > 0) { if (wcslen(wszCommandLine) > 0) { wcscat_s(wszCommandLine, MAX_PATH, L" "); } if (wExecMode == EXEC_MODE_CMD) { wcscat_s(wszCommandLine, MAX_PATH, L"/C "); } wcscat_s(wszCommandLine, MAX_PATH, pwszParameter); } } if (!CreateProcess(pwszAppName, wszCommandLine, // Command line NULL, // Process handle not inheritable. NULL, // Thread handle not inheritable. FALSE, // Set handle inheritance to FALSE. 0, // No creation flags. NULL, // Use parent's environment block. pwszWorkingDirectory, // Use parent's starting directory. &si, // Pointer to STARTUPINFO structure. &pi) // Pointer to PROCESS_INFORMATION structure. ) { ret = GetLastError(); dwPID = 0; wsprintf(tmp, L"CreateProcess faild: GetLastError %d\n", ret); WriteLog(tmp); Wow64RevertWow64FsRedirection(oldValue); return ret; } dwPID = pi.dwProcessId; if (dwWait > 0) { ret = WaitForSingleObject(pi.hProcess, dwWait); if (ret != WAIT_OBJECT_0) { if (ret == WAIT_FAILED) { ret = GetLastError(); } CloseHandle(pi.hProcess); CloseHandle(pi.hThread); wsprintf(tmp, L"CreateProcess WaitForSingleObject faild: Error %d\n", ret); WriteLog(tmp); Wow64RevertWow64FsRedirection(oldValue); return ret; } } if (lpdwExitCode) { if (!GetExitCodeProcess(pi.hProcess, lpdwExitCode)) { ret = GetLastError(); wsprintf(tmp, L"CreateProcess GetExitCodeProcess faild: GetLastError %d\n", ret); WriteLog(tmp); } } CloseHandle(pi.hProcess); CloseHandle(pi.hThread); Wow64RevertWow64FsRedirection(oldValue); return ERROR_SUCCESS; }
int wmain( int argc, LPTSTR argv[] ) { // Vars declarations int targetDirInd = 0; BOOL flags[ MAX_OPTIONS ] = { 0 }; TCHAR workDir[ MAX_PATH ] = { 0 }; TCHAR targetDir[ MAX_PATH ] = { 0 }; DWORD workLength = 0; List resultsList = { 0 }; Item resultsItem = { 0 }; PVOID oldValueWow64 = NULL; BOOL wow64Disabled = FALSE; TCHAR* ptTchar = NULL; // Get index of first argument after options // Also determine which options are active targetDirInd = Options( argc, argv, TEXT( "h" ), &flags[ FL_HELP ], NULL ); // Get current working dir workLength = GetCurrentDirectory( _countof( workDir ), workDir ); // Validate target dir if ( ( argc > targetDirInd + 1 ) || flags[ FL_HELP ] ) { // More than one target or // target with gaps (no quotes) specified or // asked for help // Print usage wprintf_s( TEXT( "\n Usage: jdots [options] [target dir]\n\n" ) ); wprintf_s( TEXT( " Options:\n\n" ) ); wprintf_s( TEXT( " -h : Print usage\n\n" ) ); wprintf_s( TEXT( " If no target dir is specified, then the current working dir will be used\n" ) ); return 1; } else if ( ( argc < targetDirInd + 1 ) && ( workLength <= MAX_PATH - 3 ) ) { // No target specified --> assume current dir wcscpy_s( targetDir, MAX_PATH, workDir ); } else if ( argc == targetDirInd + 1 ) { // One target specified // Validate target dir starting with '\' if ( argv[ targetDirInd ][ 0 ] == '\\' ) { // Fetch drive letter from working dir wcsncpy_s( targetDir, MAX_PATH, workDir, 2 ); } // Append passed dir to target dir wcscat_s( targetDir, MAX_PATH, argv[ targetDirInd ] ); } // Set up absolute target dir --> resolve '.' and '..' in target dir if ( !SetCurrentDirectory( targetDir ) ) { ReportError( TEXT( "\nTarget directory not found.\n" ), 0, TRUE ); return 1; } // Display absolute target dir GetCurrentDirectory( _countof( targetDir ), targetDir ); wprintf_s( TEXT( "\n Target dir: \"%s\"\n\n" ), targetDir ); // Initialize results list InitializeList( &resultsList ); // Initialize list's name (measurement name) ptTchar = wcsrchr( targetDir, L'\\' ); if ( ptTchar != NULL ) IniListName( &resultsList, ptTchar + 1 ); else IniListName( &resultsList, TEXT( "" ) ); // Check mem availability if ( ListIsFull( &resultsList ) ) { wprintf_s( TEXT( "\nNo memory available!\n" ) ); return 1; } // Disable file system redirection wow64Disabled = Wow64DisableWow64FsRedirection( &oldValueWow64 ); // Scan target dir scanDir( targetDir, &resultsList, &resultsItem ); // Re-enable redirection if ( wow64Disabled ) { if ( !( Wow64RevertWow64FsRedirection( oldValueWow64 ) ) ) ReportError( TEXT( "Re-enable redirection failed." ), 1, TRUE ); } // Display results if ( ListIsEmpty( &resultsList ) ) wprintf_s( TEXT( "\nNo data.\n\n" ) ); else { // Sort by name (a to Z) SortList( &resultsList, cmpItemsName ); // Display sorted results showResults( &resultsList, &resultsItem ); // Generate KML file outputKml( &resultsList ); } // Housekeeping EmptyTheList( &resultsList ); return 0; }
int wmain( int argc, LPTSTR argv[] ) { // Declare vars TCHAR targetDir[ MAX_PATH ] = { 0 }; TCHAR workDir[ MAX_PATH ] = { 0 }; DWORD targetLength = 0; DWORD workLength = 0; Item resultsItem = { 0 }; List resultsList = { 0 }; LARGE_INTEGER freq; LARGE_INTEGER startingT, endingT, elapsedTicks; BOOL flags[ MAX_OPTIONS ] = { 0 }; int targetDirInd = 0; PVOID oldValueWow64 = NULL; BOOL wow64Disabled = FALSE; // Fetch frec & initial ticks count QueryPerformanceFrequency( &freq ); QueryPerformanceCounter( &startingT ); // Get index of first argument after options // Also determine which options are active targetDirInd = Options( argc, argv, TEXT( "sfdmnthb" ), &flags[ FL_SIZE ], &flags[ FL_FILES ], &flags[ FL_DIRS ], &flags[ FL_MODIF ], &flags[ FL_NAME ], &flags[ FL_TYPE ], &flags[ FL_HELP ], &flags[ FL_DBG ], NULL ); // Get current working dir workLength = GetCurrentDirectory( _countof( workDir ), workDir ); // Validate target dir if ( ( argc > targetDirInd + 1 ) || flags[ FL_HELP ] ) { // More than one target or // target with gaps (no quotes) specified or // asked for help // Print usage wprintf_s( TEXT( "\n Usage: dgl [options] [target dir]\n\n" ) ); wprintf_s( TEXT( " Options:\n\n" ) ); wprintf_s( TEXT( " -s : Sort by size [bytes] (default)\n" ) ); wprintf_s( TEXT( " -f : Sort by files count (descending)\n" ) ); wprintf_s( TEXT( " -d : Sort by dirs count (descending)\n" ) ); wprintf_s( TEXT( " -m : Sort by date modified (latest to earliest)\n" ) ); wprintf_s( TEXT( " -n : Soft by name (a to Z)\n" ) ); wprintf_s( TEXT( " -t : Sort by type (<DIR>, <LIN>, file)\n" ) ); wprintf_s( TEXT( " -h : Print usage\n" ) ); wprintf_s( TEXT( " -b : Extended output (debug purposes)\n\n" ) ); wprintf_s( TEXT( " If no option is specidied, then '-s' will be used\n" ) ); wprintf_s( TEXT( " If no target dir is specified, then the current working dir will be used\n" ) ); return 1; } else if ( ( argc < targetDirInd + 1 ) && ( workLength <= MAX_PATH - 3 ) ) { // No target specified --> assume current dir wcscpy_s( targetDir, MAX_PATH, workDir ); } else if ( argc == targetDirInd + 1 ) { // One target specified // Validate target dir starting with '\' if ( argv[ targetDirInd ][ 0 ] == '\\' ) { // Fetch drive letter from working dir wcsncpy_s( targetDir, MAX_PATH, workDir, 2 ); } // Append passed dir to target dir wcscat_s( targetDir, MAX_PATH, argv[ targetDirInd ] ); } // Set up absolute target dir --> resolve '.' and '..' in target dir if ( !SetCurrentDirectory( targetDir ) ) { ReportError( TEXT( "\nTarget directory not found.\n" ), 0, TRUE ); return 1; } // Display absolute target dir GetCurrentDirectory( _countof( targetDir ), targetDir ); wprintf_s( TEXT( "\n Target dir: \"%s\"\n\n" ), targetDir ); // Initialize results list InitializeList( &resultsList ); if ( ListIsFull( &resultsList ) ) { wprintf_s( TEXT( "\nNo memory available!\n" ) ); return 1; } // Debug output if ( flags[ FL_DBG ] ) wprintf_s( TEXT( " %s\n" ), targetDir ); // Disable file system redirection wow64Disabled = Wow64DisableWow64FsRedirection( &oldValueWow64 ); // Scan target dir scanDir( targetDir, &resultsList, &resultsItem, TRUE, flags[ FL_DBG ] ); // Re-enable redirection if ( wow64Disabled ) { if ( !( Wow64RevertWow64FsRedirection( oldValueWow64 ) ) ) ReportError( TEXT( "Re-enable redirection failed." ), 1, TRUE ); } // Display results if ( ListIsEmpty( &resultsList ) ) wprintf_s( TEXT( "\nNo data.\n\n" ) ); else { // Sort results // if-else chain determines sorting priority // one sorting type high prio excludes low prio types if ( flags[ FL_SIZE ] ) // Sort by size (descending) SortList( &resultsList, cmpItemsSizeCount ); else if ( flags[ FL_FILES ] ) // Sort by files count (descending) SortList( &resultsList, cmpItemsFilesCount ); else if ( flags[ FL_DIRS ] ) // Sort by dirs count (descending) SortList( &resultsList, cmpItemsDirsCount ); else if ( flags[ FL_MODIF ] ) // Sort by modification date (latest to earliest) SortList( &resultsList, cmpItemsLastWriteTime ); else if ( flags[ FL_NAME ] ) // Sort by name (a to Z) SortList( &resultsList, cmpItemsName ); else // Default: sort by size (descending) SortList( &resultsList, cmpItemsSizeCount ); // Debug output if ( flags[ FL_DBG ] ) wprintf_s( TEXT( "\n" ) ); // Display sorted results showResults( &resultsList, &resultsItem ); } // Housekeeping EmptyTheList( &resultsList ); // Fetch final ticks count QueryPerformanceCounter( &endingT ); // Calc elapsed ticks elapsedTicks.QuadPart = endingT.QuadPart - startingT.QuadPart; // Calc and display elapsed time calcDispElapTime( &elapsedTicks.QuadPart, &freq.QuadPart ); return 0; }
int main(int argc, char ** argv) { int ret = 0; struct a6o_report report = {0}; PVOID OldValue = NULL; if (argc >= 2 && strncmp(argv[1],"--conf",6) == 0 ) { // TODO :: https://msdn.microsoft.com/fr-fr/library/windows/desktop/ms724072%28v=vs.85%29.aspx //conf_poc_windows( ); return 0; } // Only for test purposes (command line) if (argc >= 2 && strncmp(argv[1], "--disable_rt", 12) == 0) { //disable_onaccess( ); return EXIT_SUCCESS; } if (argc >= 2 && strncmp(argv[1], "--notify", 8) == 0) { a6o_notify_set_handler((a6o_notify_handler_t)send_notif); a6o_notify(NOTIF_INFO,"Service started!"); a6o_notify(NOTIF_WARNING,"Malware detected :: [%s]","TrojanFake"); a6o_notify(NOTIF_ERROR,"An error occured during scan !!"); return EXIT_SUCCESS; } // Only for test purposes (command line) complete test = GUI + driver. if ( argc >=2 && strncmp(argv[1],"--testGUI",9) == 0 ){ DisplayBanner(); a6o_notify_set_handler((a6o_notify_handler_t)send_notif); if (Wow64DisableWow64FsRedirection(&OldValue) == FALSE) { return -1; } /* (FD) added to get all log messages */ a6o_log_set_handler(ARMADITO_LOG_LEVEL_DEBUG, a6o_log_default_handler, NULL); ret = LaunchCmdLineService(GUI_ONLY); if (Wow64RevertWow64FsRedirection(OldValue) == FALSE ){ // Failure to re-enable redirection should be considered // a criticial failure and execution aborted. return -2; } if (ret < 0) { return EXIT_FAILURE; } return EXIT_SUCCESS; } // Only for test purposes (command line) complete test = GUI + driver. if ( argc >=2 && strncmp(argv[1],"--test",6) == 0 ){ DisplayBanner( ); a6o_notify_set_handler((a6o_notify_handler_t)send_notif); ret = LaunchCmdLineService(SVC_MODE); if (ret < 0) { return EXIT_FAILURE; } return EXIT_SUCCESS; } // Only for test purposes (command line) if ( argc >=2 && strncmp(argv[1],"--register",10) == 0 ){ #if 0 ret = register_av( ); if (ret < 0) { return EXIT_FAILURE; } #endif return EXIT_SUCCESS; } // Only for test purposes (command line) if ( argc >=2 && strncmp(argv[1],"--crypt",7) == 0 ){ #if 0 if (argv[2] == NULL) { printf("[-] Error :: --crypt option :: missing parameter [filename]\n"); return EXIT_FAILURE; } ret = verify_file_signature(argv[2],SIGNATURE_FILE); if (ret < 0) { return EXIT_FAILURE; } #endif return EXIT_SUCCESS; } // Only for test purposes (command line) if ( argc >=3 && strncmp(argv[1],"--quarantine",11) == 0 ){ #if 0 ret = MoveFileInQuarantine(argv[2], report); if (ret < 0) { return EXIT_FAILURE; } #endif return EXIT_SUCCESS; } if ( argc >=2 && strncmp(argv[1],"--quarantine",11) == 0 ){ #if 0 ret = EnumQuarantine(); if (ret < 0) { return EXIT_FAILURE; } #endif return EXIT_SUCCESS; } if ( argc >=2 && strncmp(argv[1],"--restore",9) == 0 ){ #if 0 ret = ui_restore_quarantine_file(argv[1]); if (ret < 0) { return EXIT_FAILURE; } #endif return EXIT_SUCCESS; } if ( argc >=3 && strncmp(argv[1],"--restore",9) == 0 ){ #if 0 ret = RestoreFileFromQuarantine(argv[2]); if (ret < 0) { return EXIT_FAILURE; } #endif return EXIT_SUCCESS; } if ( argc >=2 && strncmp(argv[1],"--updatedb",10) == 0 ){ DisplayBanner( ); update_modules_db(NULL); return EXIT_SUCCESS; } if ( argc >=2 && strncmp(argv[1],"--info",6) == 0 ){ if (get_av_info() < 0) { return EXIT_FAILURE; } return EXIT_SUCCESS; } if (argc >= 2 && strncmp(argv[1], "--installboot", 13) == 0){ DisplayBanner(); ret = ServiceInstall(SERVICE_AUTO_START); if (ret < 0) { return EXIT_FAILURE; } return EXIT_SUCCESS; } // command line parameter "--install", install the service. if ( argc >=2 && strncmp(argv[1],"--install",9) == 0 ){ DisplayBanner( ); ret = ServiceInstall(SERVICE_DEMAND_START); if (ret < 0) { return EXIT_FAILURE; } return EXIT_SUCCESS; } // command line parameter "--uninstall", uninstall the service. if ( argc >=2 && strncmp(argv[1],"--uninstall",11) == 0 ){ DisplayBanner( ); ret = ServiceRemove( ); return EXIT_SUCCESS; } // command line parameter "--remove", delete the service. if ( argc >=2 && strncmp(argv[1],"--stop",6) == 0 ){ ServiceStop(); return EXIT_SUCCESS; } if ( argc >=2 && strncmp(argv[1],"--start",7) == 0 ){ ServiceLaunch( ); return EXIT_SUCCESS; } if ( argc >=2 && strncmp(argv[1],"--pause",7) == 0 ){ ServicePause( ); return EXIT_SUCCESS; } if ( argc >=2 && strncmp(argv[1],"--continue",10) == 0 ){ ServiceContinue( ); return EXIT_SUCCESS; } //ServiceLaunchAction( ); // put this part in ServiceLaunchAction function. SERVICE_TABLE_ENTRY DispatchTable[] = { { SVCNAME, (LPSERVICE_MAIN_FUNCTION) ServiceMain }, { NULL, NULL } }; // This call returs when the service has stopped. if (!StartServiceCtrlDispatcher(DispatchTable)) { //SvcReportEvent(TEXT("StartServiceCtrlDispatcher")); //printf("[i] StartServiceCtrlDispatcher :: %d\n",GetLastError()); } return EXIT_SUCCESS; }
//returns true if the caching was successful //filePath is the original path, altSource is the user-specified source for the filePath bool CacheFile(const QString& sessionDir, QString filePath, const QString& altSource, bool symsToo) { CacheFileMap cache; //check for current cache if (!ReadSessionCacheFileMap(sessionDir, cache)) { return false; } #if AMDT_BUILD_TARGET == AMDT_WINDOWS_OS PVOID oldValue = nullptr; BOOL doRedirect = false; IsWow64Process(GetCurrentProcess(), &doRedirect); if (doRedirect) { doRedirect = (BOOL) Wow64DisableWow64FsRedirection(&oldValue); } #endif //if needed, create cache sub-dir QString cachePath = sessionDir + "/cache/"; QDir dir(cachePath); if (!dir.exists()) { dir.mkpath(cachePath); } //determine cache name filePath.remove(QChar('\0')); QFileInfo original(filePath); int additional = 1; QString existTest = cachePath + original.fileName(); while (QFile::exists(existTest)) { existTest = cachePath + original.baseName() + " " + QString::number(additional++) + "." + original.completeSuffix(); } //copy to cache QString base = altSource.isEmpty() ? filePath : altSource; if (!QFile::copy(base, existTest)) { #if AMDT_BUILD_TARGET == AMDT_WINDOWS_OS if (doRedirect) { Wow64RevertWow64FsRedirection(oldValue); } #endif return false; } if (symsToo) { QFileInfo baseInfo(base); QString symBase = baseInfo.absolutePath() + "/" + baseInfo.baseName() + ".pdb"; baseInfo.setFile(existTest); QString symCopy = baseInfo.absolutePath() + "/" + baseInfo.baseName() + ".pdb"; QFile::copy(symBase, symCopy); } #if AMDT_BUILD_TARGET == AMDT_WINDOWS_OS if (doRedirect) { Wow64RevertWow64FsRedirection(oldValue); } #endif //add to cache map cache.insert(filePath, existTest); return WriteSessionCacheFileMap(sessionDir, cache); } //CacheFile
int main( int argc, char *argv[] ) { extern HANDLE CDECL __wine_make_process_system(void); static const WCHAR RunW[] = {'R','u','n',0}; static const WCHAR RunOnceW[] = {'R','u','n','O','n','c','e',0}; static const WCHAR RunServicesW[] = {'R','u','n','S','e','r','v','i','c','e','s',0}; static const WCHAR RunServicesOnceW[] = {'R','u','n','S','e','r','v','i','c','e','s','O','n','c','e',0}; static const WCHAR wineboot_eventW[] = {'_','_','w','i','n','e','b','o','o','t','_','e','v','e','n','t',0}; /* First, set the current directory to SystemRoot */ int optc; int end_session = 0, force = 0, init = 0, kill = 0, restart = 0, shutdown = 0, update = 0; HANDLE event; SECURITY_ATTRIBUTES sa; BOOL is_wow64; GetWindowsDirectoryW( windowsdir, MAX_PATH ); if( !SetCurrentDirectoryW( windowsdir ) ) WINE_ERR("Cannot set the dir to %s (%d)\n", wine_dbgstr_w(windowsdir), GetLastError() ); if (IsWow64Process( GetCurrentProcess(), &is_wow64 ) && is_wow64) { STARTUPINFOW si; PROCESS_INFORMATION pi; WCHAR filename[MAX_PATH]; void *redir; DWORD exit_code; memset( &si, 0, sizeof(si) ); si.cb = sizeof(si); GetModuleFileNameW( 0, filename, MAX_PATH ); Wow64DisableWow64FsRedirection( &redir ); if (CreateProcessW( filename, GetCommandLineW(), NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi )) { WINE_TRACE( "restarting %s\n", wine_dbgstr_w(filename) ); WaitForSingleObject( pi.hProcess, INFINITE ); GetExitCodeProcess( pi.hProcess, &exit_code ); ExitProcess( exit_code ); } else WINE_ERR( "failed to restart 64-bit %s, err %d\n", wine_dbgstr_w(filename), GetLastError() ); Wow64RevertWow64FsRedirection( redir ); } while ((optc = getopt_long(argc, argv, short_options, long_options, NULL )) != -1) { switch(optc) { case 'e': end_session = 1; break; case 'f': force = 1; break; case 'i': init = 1; break; case 'k': kill = 1; break; case 'r': restart = 1; break; case 's': shutdown = 1; break; case 'u': update = 1; break; case 'h': usage(); return 0; case '?': usage(); return 1; } } if (end_session) { if (kill) { if (!shutdown_all_desktops( force )) return 1; } else if (!shutdown_close_windows( force )) return 1; } if (kill) kill_processes( shutdown ); if (shutdown) return 0; sa.nLength = sizeof(sa); sa.lpSecurityDescriptor = NULL; sa.bInheritHandle = TRUE; /* so that services.exe inherits it */ event = CreateEventW( &sa, TRUE, FALSE, wineboot_eventW ); ResetEvent( event ); /* in case this is a restart */ create_hardware_registry_keys(); create_dynamic_registry_keys(); create_environment_registry_keys(); wininit(); pendingRename(); ProcessWindowsFileProtection(); ProcessRunKeys( HKEY_LOCAL_MACHINE, RunServicesOnceW, TRUE, FALSE ); if (init || (kill && !restart)) { ProcessRunKeys( HKEY_LOCAL_MACHINE, RunServicesW, FALSE, FALSE ); start_services_process(); } if (init || update) update_wineprefix( update ); create_volatile_environment_registry_key(); ProcessRunKeys( HKEY_LOCAL_MACHINE, RunOnceW, TRUE, TRUE ); if (!init && !restart) { ProcessRunKeys( HKEY_LOCAL_MACHINE, RunW, FALSE, FALSE ); ProcessRunKeys( HKEY_CURRENT_USER, RunW, FALSE, FALSE ); ProcessStartupItems(); } WINE_TRACE("Operation done\n"); SetEvent( event ); return 0; }
// we don't need any runtime initialization; only use Win32 API! void __cdecl WinMainCRTStartup(void) { // variable for ExitProcess UINT exitCode; // variables for Tokenize LPTSTR infName; // variables for GetFullPathName LPTSTR fullPath; LPTSTR filePart; // variables for lstrcpy, lstrcat DWORD len; LPTSTR fixCmd; LPTSTR argList; // variables for ShellExecuteEx SHELLEXECUTEINFO shExec; // variables for Wow64DisableWow64FsRedirection PVOID OldWow64FsRedirectionValue; // variables for VerifyVersionInfo OSVERSIONINFOEX verInfo; // declare these functions as pointers to load dynamically PW64DW64FR Wow64DisableWow64FsRedirection; PW64RW64FR Wow64RevertWow64FsRedirection; // attempt to load functions and store pointer in variable Wow64DisableWow64FsRedirection = (PW64DW64FR) GetProcAddress( GetModuleHandle(TEXT("kernel32.dll")), "Wow64DisableWow64FsRedirection"); Wow64RevertWow64FsRedirection = (PW64RW64FR) GetProcAddress( GetModuleHandle(TEXT("kernel32.dll")), "Wow64RevertWow64FsRedirection"); // get the command line buffer from the environment infName = Tokenize (GetCommandLine ()); // standard prefix to run an installer. first argument is a tuple of // the library name and the entry point; there must be a comma // between them and no spaces. rest of the command is passed to that // entry point. DefaultInstall is the name of the section, 128 is // flags, and the .inf name must be specified using a path to avoid // having it search for files in default directories. fixCmd = TEXT("setupapi.dll,InstallHinfSection DefaultInstall 128 "); // get canonical path of the argument len = GetFullPathName (infName, 0, NULL, NULL); // file does not exist? if (len == 0) { exitCode = 0xFE; goto cleanupFullPath; } fullPath = (LPTSTR) HeapAlloc (GetProcessHeap (), 0, (len+1) * sizeof(TCHAR)); GetFullPathName (infName, len, fullPath, &filePart); // only directory was specified if (*filePart == '\0') { exitCode = 0xFD; goto cleanupFullPath; } // put all portions together to a total command line. note that the // InstallHinfSection argument list is not a regular command line. there // are always three fields: Section (DefaultInstall), Flags (128) and // Path, which are separated with a space. No quotes should be put around // the path, nor is the short name really necessary (on Windows 7 64-bit // there may not be a short name version available). len = lstrlen (fixCmd) + lstrlen (fullPath); argList = (LPTSTR) HeapAlloc (GetProcessHeap (), 0, (len+1) * sizeof(TCHAR)); lstrcpy (argList, fixCmd); lstrcat (argList, fullPath); //MessageBox(NULL, argList, TEXT("argList"), MB_ICONINFORMATION | MB_OK); ZeroFill (&shExec, sizeof(SHELLEXECUTEINFO)); shExec.cbSize = sizeof(SHELLEXECUTEINFO); shExec.fMask = SEE_MASK_NOCLOSEPROCESS | SEE_MASK_FLAG_DDEWAIT | SEE_MASK_DOENVSUBST; // <http://codefromthe70s.org/vistatutorial.aspx> // <http://www.wintellect.com/cs/blogs/jrobbins/archive/2007/03/27/elevate-a-process-at-the-command-line-in-vista.aspx> ZeroFill (&verInfo, sizeof(OSVERSIONINFOEX)); verInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX); verInfo.dwMajorVersion = 6; // Vista if (VerifyVersionInfo (&verInfo, VER_MAJORVERSION, VerSetConditionMask (0, VER_MAJORVERSION, VER_GREATER_EQUAL))) { shExec.lpVerb = TEXT("runas"); } // instead of calling InstallHinfSection ourself, we need to execute // the external program so that the native version (32- or 64-bits) // is run. it is always in system32, even on Windows x64! (folder // redirection is deactivated, so we'll get the native version). shExec.lpFile = TEXT("%SystemRoot%\\system32\\rundll32.exe"); shExec.lpParameters = argList; shExec.nShow = SW_SHOWDEFAULT; // only call the WoW64 functions if they are available on our system if(NULL != Wow64DisableWow64FsRedirection) Wow64DisableWow64FsRedirection (&OldWow64FsRedirectionValue); // launch process and "inherit" exit code ShellExecuteEx (&shExec); WaitForSingleObject (shExec.hProcess, INFINITE); GetExitCodeProcess (shExec.hProcess, &exitCode); CloseHandle (shExec.hProcess); if (NULL != Wow64RevertWow64FsRedirection) Wow64RevertWow64FsRedirection (OldWow64FsRedirectionValue); // not really necessary, but it's a habit hard to turn HeapFree (GetProcessHeap (), 0, argList); cleanupFullPath: HeapFree (GetProcessHeap (), 0, fullPath); ExitProcess (exitCode); }
BOOL CFileMove::MoveFile(LPCTSTR lpExistingFileName, LPCTSTR lpNewFileName, DWORD dwFlags) { if (lpExistingFileName == NULL) { ::SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } // 去掉只读属性 RemoveReadonlyAttribute(lpExistingFileName); RemoveReadonlyAttribute(lpNewFileName); if (!m_bIsWow64) { return MoveFileEx(lpExistingFileName, lpNewFileName, dwFlags); } TCHAR szSystemWow64[MAX_PATH] = {0}; if (!GetWow64Directory(szSystemWow64, countof(szSystemWow64))) { return FALSE; } TCHAR szSystem32[MAX_PATH] = {0}; if (!GetSystemDirectory(szSystem32, countof(szSystem32))) { return FALSE; } TCHAR szSysNative[MAX_PATH] = {0}; if (!GetWindowsDirectory(szSysNative, countof(szSysNative))) { return FALSE; } StringCchCat(szSysNative, countof(szSysNative), _T("\\Sysnative")); TCHAR szExistingFileName[MAX_PATH] = {0}; TCHAR szNewFileName[MAX_PATH] = {0}; TCHAR * pNewMoveFileName = NULL; RevertFsRedirection(lpExistingFileName, szSystem32, szSystemWow64, szExistingFileName, countof(szExistingFileName)); RevertFsRedirection(szExistingFileName, szSysNative, szSystem32, szExistingFileName, countof(szExistingFileName)); if (lpNewFileName != NULL) { RevertFsRedirection(lpNewFileName, szSystem32, szSystemWow64, szNewFileName, countof(szNewFileName)); RevertFsRedirection(szNewFileName, szSysNative, szSystem32, szNewFileName, countof(szNewFileName)); pNewMoveFileName = szNewFileName; } // 关闭32位程序在64位系统下的自动重定向功能 PVOID pOldValue = NULL; if (!Wow64DisableWow64FsRedirection(&pOldValue)) { return FALSE; } DWORD dwLastError = ERROR_SUCCESS; BOOL bMoveFile = MoveFileEx(szExistingFileName, pNewMoveFileName, dwFlags); if (!bMoveFile) { dwLastError = ::GetLastError(); } // 恢复32位程序在64位系统下的自动重定向功能 if (!Wow64RevertWow64FsRedirection(pOldValue)) { return FALSE; } ::SetLastError(dwLastError); return bMoveFile; }