bool InputDesktopSelected() { DWORD dummy; char threadname[256]; char inputname[256]; HDESK threaddesktop = GetThreadDesktop(GetCurrentThreadId()); HDESK inputdesktop = OpenInputDesktop(0, FALSE, DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | DESKTOP_HOOKCONTROL | DESKTOP_WRITEOBJECTS | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | GENERIC_WRITE); if (inputdesktop == NULL) return FALSE; if (!GetUserObjectInformation(threaddesktop, UOI_NAME, &threadname, 256, &dummy)) { CloseDesktop(inputdesktop); return FALSE; } if (!GetUserObjectInformation(inputdesktop, UOI_NAME, &inputname, 256, &dummy)) { CloseDesktop(inputdesktop); return FALSE; } CloseDesktop(inputdesktop); if (strcmp(threadname, inputname) != 0) { //if (strcmp(inputname, "Screen-saver") == 0) { return SelectDesktop(); } return FALSE; } return TRUE; }
BOOL vncService::SelectHDESK(HDESK new_desktop) { // Are we running on NT? if (IsWinNT()) { HDESK old_desktop = GetThreadDesktop(GetCurrentThreadId()); DWORD dummy; char new_name[256]; if (!GetUserObjectInformation(new_desktop, UOI_NAME, &new_name, 256, &dummy)) { return FALSE; } // Switch the desktop if(!SetThreadDesktop(new_desktop)) { return FALSE; } // Switched successfully - destroy the old desktop CloseDesktop(old_desktop); return TRUE; } return TRUE; }
BOOL vncService::SelectHDESK(HDESK new_desktop) { // Are we running on NT? if (IsWinNT()) { HDESK old_desktop = GetThreadDesktop(GetCurrentThreadId()); DWORD dummy; char new_name[256]; if (!GetUserObjectInformation(new_desktop, UOI_NAME, &new_name, 256, &dummy)) { vnclog.Print(LL_INTERR, VNCLOG("!GetUserObjectInformation \n")); return FALSE; } vnclog.Print(LL_INTERR, VNCLOG("SelectHDESK to %s (%x) from %x\n"), new_name, new_desktop, old_desktop); // Switch the desktop if(!SetThreadDesktop(new_desktop)) { vnclog.Print(LL_INTERR, VNCLOG("SelectHDESK:!SetThreadDesktop \n")); return FALSE; } return TRUE; } return TRUE; }
bool SwitchInputDesktop() { BOOL bRet = false; DWORD dwLengthNeeded; HDESK hOldDesktop, hNewDesktop; char strCurrentDesktop[256], strInputDesktop[256]; hOldDesktop = GetThreadDesktop(GetCurrentThreadId()); memset(strCurrentDesktop, 0, sizeof(strCurrentDesktop)); GetUserObjectInformation(hOldDesktop, UOI_NAME, &strCurrentDesktop, sizeof(strCurrentDesktop), &dwLengthNeeded); hNewDesktop = OpenInputDesktop(0, FALSE, MAXIMUM_ALLOWED); memset(strInputDesktop, 0, sizeof(strInputDesktop)); GetUserObjectInformation(hNewDesktop, UOI_NAME, &strInputDesktop, sizeof(strInputDesktop), &dwLengthNeeded); if (lstrcmpi(strInputDesktop, strCurrentDesktop) != 0) { SetThreadDesktop(hNewDesktop); bRet = true; } CloseDesktop(hOldDesktop); CloseDesktop(hNewDesktop); return bRet; }
// get the current input desktop name and compare with // the desktop the call thread attached ,if not equal, // then switch to the input desktop BOOL SwitchInputDesktop() { HDESK threaddesk = GetThreadDesktop(GetCurrentThreadId()); HDESK inputdesk = OpenInputDesktop(0, DF_ALLOWOTHERACCOUNTHOOK,GENERIC_ALL); if (inputdesk == NULL) { DebugOutF(filelog::log_error,("OpenInputDesktop failed with %d"),GetLastError()); return FALSE; } DWORD len=0; TCHAR szThread[MAX_PATH]; TCHAR szInput[MAX_PATH]; szThread[0] = _T('\0'); szInput[0] = _T('\0'); BOOL res = FALSE; try { // get desktop name if(!GetUserObjectInformation(threaddesk, UOI_NAME, szThread, MAX_PATH, &len)){ DebugOutF(filelog::log_error,("GetUserObjectInformation failed with %d"),GetLastError()); throw FALSE; } if (!GetUserObjectInformation(inputdesk, UOI_NAME, szInput, MAX_PATH, &len)) { DebugOutF(filelog::log_error,("GetUserObjectInformation failed with %d"),GetLastError()); throw FALSE; } //compare,if not equal,then switch to the input desktop if (_tcsicmp(szThread, szInput) != 0) { if(!SetThreadDesktop(inputdesk)){ DebugOutF(filelog::log_error,("SetThreadDesktop %s failed with %d"),szInput,GetLastError()); throw FALSE; } DebugOutF(filelog::log_info,("switch input desktop %s"),szInput); res = TRUE; } } catch(BOOL b1) { res = b1; } if(threaddesk)CloseDesktop(threaddesk); if(inputdesk)CloseDesktop(inputdesk); return res; }
static PPH_STRING GetCurrentWinStaName( VOID ) { PPH_STRING string; string = PhCreateStringEx(NULL, 0x200); if (GetUserObjectInformation( GetProcessWindowStation(), UOI_NAME, string->Buffer, (ULONG)string->Length + 2, NULL )) { PhTrimToNullTerminatorString(string); return string; } else { PhDereferenceObject(string); return PhCreateString(L"WinSta0"); // assume the current window station is WinSta0 } }
BOOL vncService::SelectHDESK(HDESK new_desktop) { // Are we running on NT? if (IsWinNT()) { HDESK old_desktop = GetThreadDesktop(GetCurrentThreadId()); //You do not need to call the CloseDesktop function to close the returned handle. DWORD dummy; char new_name[256]; if (!GetUserObjectInformation(new_desktop, UOI_NAME, &new_name, 256, &dummy)) { return FALSE; } //vnclog.Print(LL_INTERR, VNCLOG("SelectHDESK to %s (%x) from %x\n"), new_name, new_desktop, old_desktop); // Switch the desktop if(!SetThreadDesktop(new_desktop)) { return FALSE; } return TRUE; } return TRUE; }
BOOL vncService::SelectHDESK(HDESK new_desktop) { // Are we running on NT? if (IsWinNT()) { HDESK old_desktop = GetThreadDesktop(GetCurrentThreadId()); DWORD dummy; char new_name[256]; if (!GetUserObjectInformation(new_desktop, UOI_NAME, &new_name, 256, &dummy)) { vnclog.Print(LL_INTERR, VNCLOG("GetUserObjectInformation() failed\n")); return FALSE; } vnclog.Print(LL_INTINFO, VNCLOG("SelectHDESK() to %s (%x) from %x\n"), new_name, new_desktop, old_desktop); // Switch the desktop if(!SetThreadDesktop(new_desktop)) { vnclog.Print(LL_INTERR, VNCLOG("unable to SetThreadDesktop(), error=%d\n"), GetLastError()); return FALSE; } // Switched successfully - destroy the old desktop if (!CloseDesktop(old_desktop)) vnclog.Print(LL_INTERR, VNCLOG("SelectHDESK failed to close old desktop %x, error=%d\n"), old_desktop, GetLastError()); return TRUE; } return TRUE; }
bool SelectDesktop() { HDESK desktop; HDESK old_desktop; DWORD dummy; char new_name[256]; desktop = OpenInputDesktop(0, FALSE, DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | DESKTOP_HOOKCONTROL | DESKTOP_WRITEOBJECTS | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | GENERIC_WRITE); if (desktop == NULL) return FALSE; old_desktop = GetThreadDesktop(GetCurrentThreadId()); if (!GetUserObjectInformation(desktop, UOI_NAME, &new_name, 256, &dummy)) { CloseDesktop(desktop); return FALSE; } if(!SetThreadDesktop(desktop)) { CloseDesktop(desktop); return FALSE; } CloseDesktop(old_desktop); return TRUE; }
/* * Create the Metasploit Courtesy Shell */ VOID vncdll_courtesyshell( HDESK desk ) { DWORD dwResult = ERROR_SUCCESS; HWND hShell = NULL; STARTUPINFOA si = {0}; PROCESS_INFORMATION pi = {0}; char name_win[256] = {0}; char name_des[256] = {0}; char name_all[1024] = {0}; do { dprintf( "[VNCDLL] vncdll_courtesyshell. desk=0x%08X", desk ); memset(name_all, 0, sizeof(name_all)); GetUserObjectInformation( GetProcessWindowStation(), UOI_NAME, &name_win, 256, NULL ); GetUserObjectInformation( desk, UOI_NAME, &name_des, 256, NULL ); _snprintf( name_all, sizeof(name_all)-1, "%s\\%s", name_win, name_des ); memset( &pi, 0, sizeof(PROCESS_INFORMATION) ); memset( &si, 0, sizeof(STARTUPINFOA) ); si.cb = sizeof(STARTUPINFOA); si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USEFILLATTRIBUTE; si.wShowWindow = SW_NORMAL; si.lpDesktop = name_all; si.lpTitle = "Metasploit Courtesy Shell (TM)"; si.dwFillAttribute = FOREGROUND_RED|FOREGROUND_BLUE|FOREGROUND_GREEN|BACKGROUND_BLUE; if( !CreateProcess( NULL, "cmd.exe", 0, 0, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi ) ) BREAK_ON_ERROR( "[VNCDLL] vncdll_courtesyshell. CreateProcess failed" ); CloseHandle( pi.hThread ); CloseHandle( pi.hProcess ); Sleep( 1000 ); hShell = FindWindow( NULL, "Metasploit Courtesy Shell (TM)" ); if( !hShell ) break; SetWindowPos( hShell, HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE|SWP_NOSIZE ); } while( 0 ); }
BOOL kull_m_handle_GetUserObjectInformation(HANDLE hObj, int nIndex, PVOID *pvInfo, PDWORD nLength) { BOOL status = FALSE; DWORD szNeeded; if(!GetUserObjectInformation(hObj, nIndex, NULL, 0, &szNeeded) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) && szNeeded) { if(*pvInfo = LocalAlloc(LPTR, szNeeded)) { if(nLength) *nLength = szNeeded; if(!(status = GetUserObjectInformation(hObj, nIndex, *pvInfo, szNeeded, &szNeeded))) LocalFree(*pvInfo); } } return status; }
BOOL vncService::InputDesktopSelected() { // Are we running on NT? if (IsWinNT()) { // Get the input and thread desktops HDESK threaddesktop = GetThreadDesktop(GetCurrentThreadId()); HDESK inputdesktop = OpenInputDesktop(0, FALSE, DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | DESKTOP_HOOKCONTROL | DESKTOP_WRITEOBJECTS | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | GENERIC_WRITE); if (inputdesktop == NULL) { // Returning TRUE on ERROR_BUSY fixes the bug #1109102. // FIXME: Probably this is not the most correct way to do it. return (GetLastError() == ERROR_BUSY) ? TRUE : FALSE; } DWORD dummy; char threadname[256]; char inputname[256]; if (!GetUserObjectInformation(threaddesktop, UOI_NAME, &threadname, 256, &dummy)) { if (!CloseDesktop(inputdesktop)) vnclog.Print(LL_INTWARN, VNCLOG("failed to close input desktop\n")); return FALSE; } _ASSERT(dummy <= 256); if (!GetUserObjectInformation(inputdesktop, UOI_NAME, &inputname, 256, &dummy)) { if (!CloseDesktop(inputdesktop)) vnclog.Print(LL_INTWARN, VNCLOG("failed to close input desktop\n")); return FALSE; } _ASSERT(dummy <= 256); if (!CloseDesktop(inputdesktop)) vnclog.Print(LL_INTWARN, VNCLOG("failed to close input desktop\n")); if (strcmp(threadname, inputname) != 0) return FALSE; } return TRUE; }
void TitleWindow (HWND hWnd) { TCHAR *szTitle, *szName; UINT nBytes = 0; // // How long is the desktop name? // GetUserObjectInformation (GetThreadDesktop(GetCurrentThreadId()), UOI_NAME, (LPVOID)&nBytes, // not used since cbInfo is 0 0, &nBytes); szName = (LPTSTR)GlobalAlloc (GPTR, nBytes); if (!szName) { return; } // // Now get the desktop name // GetUserObjectInformation (GetThreadDesktop(GetCurrentThreadId()), UOI_NAME, (LPVOID)szName, nBytes, &nBytes); // // Now make the window title // szTitle = (LPTSTR)GlobalAlloc ( GPTR, (lstrlen(szAppName)+lstrlen(TEXT(" - "))) * sizeof(TCHAR) + nBytes); if (!szTitle) { GlobalFree (szName); return; } wsprintf (szTitle, TEXT("%s - %s"), szAppName, szName); SetWindowText (hWnd, szTitle); // // Cleanup // GlobalFree (szName); GlobalFree (szTitle); }
BOOL COpenDesktop::_OpenDesktop(LPCWSTR szName) { WCHAR pvInfo[128] = {0}; if(szName != NULL) { lstrcpy((LPSTR)pvInfo, (LPCSTR)szName); } else { HDESK hActiveDesktop; DWORD dwLen; hActiveDesktop = OpenInputDesktop(DF_ALLOWOTHERACCOUNTHOOK, FALSE, MAXIMUM_ALLOWED); GetUserObjectInformation(hActiveDesktop, UOI_NAME, pvInfo, sizeof(pvInfo), &dwLen); CloseDesktop(hActiveDesktop); } m_hwinstaCurrent = GetProcessWindowStation(); CheckPointer(m_hwinstaCurrent,FALSE); m_hdeskCurrent = GetThreadDesktop(GetCurrentThreadId()); CheckPointer(m_hdeskCurrent,FALSE); // ´ò¿ªwinsta0 m_hwinsta = OpenWindowStation(_T("winsta0"), FALSE, WINSTA_ACCESSCLIPBOARD | WINSTA_ACCESSGLOBALATOMS | WINSTA_CREATEDESKTOP | WINSTA_ENUMDESKTOPS | WINSTA_ENUMERATE | WINSTA_EXITWINDOWS | WINSTA_READATTRIBUTES | WINSTA_READSCREEN | WINSTA_WRITEATTRIBUTES); CheckPointer(m_hwinsta,FALSE); if (!SetProcessWindowStation(m_hwinsta)) { return FALSE; } // ´ò¿ªdesktop m_hdesk = OpenDesktop((LPSTR)pvInfo, 0, FALSE, DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | DESKTOP_HOOKCONTROL | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS); CheckPointer(m_hdesk,FALSE); SetThreadDesktop(m_hdesk); return TRUE; }
bool Opc_client_ae_DriverThread::StartProcess(char* pCommandLine, char* pWorkingDir) { STARTUPINFO startUpInfo = { sizeof(STARTUPINFO),NULL,"",NULL,0,0,0,0,0,0,0,STARTF_USESHOWWINDOW,0,0,NULL,0,0,0}; nIndex = 1; if(strlen(pCommandLine) > 4) { char pUserInterface[nBufferSize+1]; //printf("%s\n", pCommandLine); strcpy(pUserInterface, "Y"); BOOL bUserInterface = (pUserInterface[0]=='y'||pUserInterface[0]=='Y'||pUserInterface[0]=='1')?TRUE:FALSE; char CurrentDesktopName[512]; // set the correct desktop for the process to be started if(bUserInterface) { //startUpInfo.wShowWindow = SW_SHOW; startUpInfo.wShowWindow = SW_SHOWMINIMIZED; startUpInfo.lpDesktop = NULL; } else { HDESK hCurrentDesktop = GetThreadDesktop(GetCurrentThreadId()); DWORD len; GetUserObjectInformation(hCurrentDesktop,UOI_NAME,CurrentDesktopName,MAX_PATH,&len); startUpInfo.wShowWindow = SW_HIDE; startUpInfo.lpDesktop = CurrentDesktopName; } // create the process DWORD dwCreateFlg = 0; dwCreateFlg |= CREATE_NEW_CONSOLE; memset(pProcInfo + nIndex, 0, sizeof(PROCESS_INFORMATION)); if(CreateProcess(NULL,pCommandLine,NULL,NULL,TRUE,dwCreateFlg,NULL,strlen(pWorkingDir)==0?NULL:pWorkingDir,&startUpInfo,pProcInfo + nIndex)) { Sleep(100); return TRUE; } else { fprintf(stderr,"Failed to start program '%s', error code = %d\n", pCommandLine, GetLastError()); fflush(stderr); return FALSE; } } else { return FALSE; } }
bool DesktopSelector::getDesktopName(HDESK desktop, StringStorage *desktopName) { DWORD nameLength; GetUserObjectInformation(desktop, UOI_NAME, 0, 0, &nameLength); TCHAR *name = new TCHAR[nameLength]; bool result = GetUserObjectInformation(desktop, UOI_NAME, name, nameLength, 0) != 0; if (result) { desktopName->setString(name); } delete[] name; return result; }
static void KillWallpaper() { //only kill wallpaper if desktop is user desktop HDESK desktop = GetThreadDesktop(GetCurrentThreadId()); DWORD dummy; char new_name[256]; if (GetUserObjectInformation(desktop, UOI_NAME, &new_name, 256, &dummy)) { if (strcmp(new_name,"Default")==NULL) HideDesktop(); } }
void vncDesktop::StartInitWindowthread() { // Check if the input desktop == Default desktop // Hooking the winlogon is not needed, no clipboard // see if the threaddesktop== Default HDESK desktop = GetThreadDesktop(GetCurrentThreadId()); DWORD dummy; char new_name[256]; can_be_hooked=false; vnclog.Print(LL_INTINFO, VNCLOG("StartInitWindowthread \n")); if (GetUserObjectInformation(desktop, UOI_NAME, &new_name, 256, &dummy)) { if (strcmp(new_name,"Default")==0) { vnclog.Print(LL_INTINFO, VNCLOG("StartInitWindowthread default desk\n")); if (InitWindowThreadh==NULL) { ResetEvent(restart_event); InitWindowThreadh=CreateThread(NULL,0,InitWindowThread,this,0,&pumpID); DWORD status=WaitForSingleObject(restart_event,10000); if (status==WAIT_TIMEOUT) { vnclog.Print(LL_INTINFO, VNCLOG("ERROR: initwindowthread failed to start \n")); if (InitWindowThreadh!=NULL) { TerminateThread(InitWindowThreadh,0); CloseHandle(InitWindowThreadh); m_hwnd=NULL; InitWindowThreadh=NULL; } can_be_hooked=false; } else { vnclog.Print(LL_INTINFO, VNCLOG("StartInitWindowthread started\n")); can_be_hooked=true; } } else { // initwindowthread is still running // make it back active vnclog.Print(LL_INTINFO, VNCLOG("StartInitWindowthread reactivate\n")); can_be_hooked=true; } } else { vnclog.Print(LL_INTINFO, VNCLOG("StartInitWindowthread no default desk\n")); } } }
String MSWindowsSession::getActiveDesktopName() { String result; try { HDESK hd = OpenInputDesktop(0, TRUE, GENERIC_READ); if (hd != NULL) { DWORD size; GetUserObjectInformation(hd, UOI_NAME, NULL, 0, &size); TCHAR* name = (TCHAR*)alloca(size + sizeof(TCHAR)); GetUserObjectInformation(hd, UOI_NAME, name, size, &size); result = name; CloseDesktop(hd); } } catch (std::exception error) { LOG((CLOG_ERR "failed to get active desktop name: %s", error.what())); } return result; }
DWORD WINAPI BlackWindow(LPVOID lpParam) { // TODO: Place code here. HDESK desktop; desktop = OpenInputDesktop(0, FALSE, DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | DESKTOP_HOOKCONTROL | DESKTOP_WRITEOBJECTS | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | GENERIC_WRITE ); if (desktop == NULL) vnclog.Print(LL_INTERR, VNCLOG("OpenInputdesktop Error \n")); else vnclog.Print(LL_INTERR, VNCLOG("OpenInputdesktop OK\n")); HDESK old_desktop = GetThreadDesktop(GetCurrentThreadId()); DWORD dummy; char new_name[256]; if (desktop) { if (!GetUserObjectInformation(desktop, UOI_NAME, &new_name, 256, &dummy)) { vnclog.Print(LL_INTERR, VNCLOG("!GetUserObjectInformation \n")); } vnclog.Print(LL_INTERR, VNCLOG("SelectHDESK to %s (%x) from %x\n"), new_name, desktop, old_desktop); if (!SetThreadDesktop(desktop)) { vnclog.Print(LL_INTERR, VNCLOG("SelectHDESK:!SetThreadDesktop \n")); } } create_window(); MSG msg; while (GetMessage(&msg,0,0,0) != 0) { TranslateMessage(&msg); DispatchMessage(&msg); } vnclog.Print(LL_INTERR, VNCLOG("end BlackWindow \n")); SetThreadDesktop(old_desktop); if (desktop) CloseDesktop(desktop); return 0; }
void RunApp (HWND hWnd) { TCHAR szDesk[100]; // data holder TCHAR szExec[100]; // Command line STARTUPINFO sui; // Process startup info PROCESS_INFORMATION pi; // info returned from CreateProcess ThreadData *ptd; ptd = (ThreadData*)GetWindowLong (hWnd, GWL_USERDATA); // // Most sui members will be 0 // ZeroMemory ((PVOID)&sui, sizeof(sui)); // //Get the command line to execute // GetDlgItemText (hWnd, IDC_RUNME, szExec, 100*sizeof(TCHAR)); // //Get the current desktop name // GetUserObjectInformation (GetThreadDesktop (GetCurrentThreadId()), UOI_NAME, szDesk, 100*sizeof(TCHAR), NULL); sui.cb = sizeof (sui); // // Need the lpDesktop member so the new process runs on this desktop // The lpDesktop member was reserved in previous versions of NT // sui.lpDesktop = szDesk; CreateProcess (NULL, // image name szExec, // command line NULL, // process security attributes NULL, // thread security attributes TRUE, // inherit handles CREATE_DEFAULT_ERROR_MODE|CREATE_SEPARATE_WOW_VDM, NULL, // environment block NULL, // current directory &sui, // STARTUPINFO &pi); // PROCESS_INFORMATION }
BOOL CALLBACK WinStationEnumProc(LPTSTR name, LPARAM param) { HWINSTA station = OpenWindowStation(name, FALSE, GENERIC_ALL); HWINSTA oldstation = GetProcessWindowStation(); USEROBJECTFLAGS flags; if (!GetUserObjectInformation(station, UOI_FLAGS, &flags, sizeof(flags), NULL)) { return TRUE; } BOOL visible = flags.dwFlags & WSF_VISIBLE; if (visible) { if (SetProcessWindowStation(station)) { if (oldstation != home_window_station) { CloseWindowStation(oldstation); } } else { CloseWindowStation(station); } return FALSE; } return TRUE; }
/* * propBasicQueryWindowStation * * Purpose: * * Set information values for WindowStation object type (managed by win32k services) * * If ExtendedInfoAvailable is FALSE then it calls propSetDefaultInfo to set Basic page properties * */ VOID propBasicQueryWindowStation( _In_ PROP_OBJECT_INFO *Context, _In_ HWND hwndDlg, _In_ BOOL ExtendedInfoAvailable ) { DWORD bytesNeeded; HWINSTA hObject; USEROBJECTFLAGS userFlags; SetDlgItemText(hwndDlg, ID_WINSTATIONVISIBLE, T_CannotQuery); if (Context == NULL) { return; } // // Open Winstation object. // hObject = NULL; if (!propOpenCurrentObject(Context, &hObject, WINSTA_READATTRIBUTES)) { return; } RtlSecureZeroMemory(&userFlags, sizeof(userFlags)); if (GetUserObjectInformation(hObject, UOI_FLAGS, &userFlags, sizeof(USEROBJECTFLAGS), &bytesNeeded)) { SetDlgItemText(hwndDlg, ID_WINSTATIONVISIBLE, (userFlags.dwFlags & WSF_VISIBLE) ? TEXT("Yes") : TEXT("No")); } // // Query object basic and type info if needed. // if (ExtendedInfoAvailable == FALSE) { propSetDefaultInfo(Context, hwndDlg, hObject); } CloseWindowStation(hObject); }
//}} //************************************************************************ int APIENTRY WinMain(HINSTANCE a_hInstance, HINSTANCE, LPSTR a_pszCmd, int a_nCount) { Util::TCommandLineInfo cmdLine(a_pszCmd); switch(cmdLine.m_eCommand) { case Util::TCommandLineInfo::eDebug: return RunAsApplication(a_hInstance); case Util::TCommandLineInfo::eInstall: return Service::Install() ? 0 : -1; case Util::TCommandLineInfo::eUnInstall: return Service::UnInstall() ? 0 : -1; case Util::TCommandLineInfo::eStart: { if(Service::Run()) return 0; if (GetLastError() == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) return RunAsApplication(a_hInstance); } case Util::TCommandLineInfo::eStop: return StopServer(); } char buffer[256] = {0}; DWORD length = 0; GetUserObjectInformation(GetProcessWindowStation(), UOI_NAME, buffer, 256, &length); if (stricmp(buffer, "WinSta0") == 0) { MessageBox(NULL, "No argument", "Error", MB_ICONSTOP); } return 0; }
BOOL vncService::IsWSLocked() { if (!IsWinNT()) return false; bool bLocked = false; HDESK hDesk; BOOL bRes; DWORD dwLen; char sName[200]; hDesk = OpenInputDesktop(0, FALSE, 0); if (hDesk == NULL) { bLocked = true; } else { bRes = GetUserObjectInformation(hDesk, UOI_NAME, sName, sizeof(sName), &dwLen); if (bRes) sName[dwLen]='\0'; else sName[0]='\0'; if (_stricmp(sName,"Default") != 0) bLocked = true; // WS is locked or screen saver active else bLocked = false ; } if (hDesk != NULL) CloseDesktop(hDesk); return bLocked; }
/* * DesktopListEnumProc * * Purpose: * * EnumDesktops callback. * */ BOOL CALLBACK DesktopListEnumProc( _In_ LPWSTR lpszDesktop, _In_ LPARAM lParam ) { PROP_OBJECT_INFO *Context; BOOL bSucc; INT nIndex; DWORD bytesNeeded, dwDesktopHeapSize; LPWSTR lpName; PSID pSID; SIZE_T sz; HDESK hDesktop; LPWSTR StringSid; LVITEMW lvitem; WCHAR szBuffer[MAX_PATH]; Context = (PROP_OBJECT_INFO*)lParam; if (Context == NULL) { return FALSE; } sz = (_strlen(lpszDesktop) * sizeof(WCHAR)) + (_strlen(Context->lpObjectName) * sizeof(WCHAR)) + (2 * sizeof(WCHAR)) + sizeof(UNICODE_NULL); lpName = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sz); //not enough memory? cancel enum if (lpName == NULL) { return 0; } _strcpy(lpName, Context->lpObjectName); _strcat(lpName, L"\\"); _strcat(lpName, lpszDesktop); //Name RtlSecureZeroMemory(&lvitem, sizeof(lvitem)); lvitem.mask = LVIF_TEXT | LVIF_IMAGE; lvitem.iImage = 0; lvitem.iSubItem = 0; lvitem.pszText = lpName; lvitem.iItem = MAXINT; nIndex = ListView_InsertItem(DesktopList, &lvitem); HeapFree(GetProcessHeap(), 0, lpName); //Query desktop objects information bSucc = FALSE; StringSid = NULL; hDesktop = OpenDesktop(lpszDesktop, 0, FALSE, DESKTOP_READOBJECTS); if (hDesktop) { //Query SID bytesNeeded = 0; GetUserObjectInformation(hDesktop, UOI_USER_SID, NULL, 0, &bytesNeeded); //user associated with desktop present, query sid if (bytesNeeded) { //allocate memory for sid pSID = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, bytesNeeded); if (pSID) { if (GetUserObjectInformation(hDesktop, UOI_USER_SID, pSID, bytesNeeded, &bytesNeeded)) { bSucc = ConvertSidToStringSid(pSID, &StringSid); } HeapFree(GetProcessHeap(), 0, pSID); } } //Add SID string to the list if (bSucc && StringSid) { lvitem.mask = LVIF_TEXT; lvitem.iSubItem = 1; lvitem.pszText = StringSid; lvitem.iItem = nIndex; ListView_SetItem(DesktopList, &lvitem); LocalFree(StringSid); } //Add Desktop Heap Size, returned in KBytes dwDesktopHeapSize = 0; if (GetUserObjectInformation(hDesktop, UOI_HEAPSIZE, &dwDesktopHeapSize, sizeof(dwDesktopHeapSize), &bytesNeeded)) { RtlSecureZeroMemory(szBuffer, sizeof(szBuffer)); ultostr(dwDesktopHeapSize / 1024, szBuffer); _strcat(szBuffer, L" Mb"); lvitem.mask = LVIF_TEXT; lvitem.iSubItem = 2; lvitem.pszText = szBuffer; lvitem.iItem = nIndex; ListView_SetItem(DesktopList, &lvitem); } CloseDesktop(hDesktop); } return TRUE; }
/* * Setup and run the server. This is called from Init via the loader. */ DWORD server_setup( SOCKET fd ) { Remote * remote = NULL; char cStationName[256] = {0}; char cDesktopName[256] = {0}; DWORD res = 0; dprintf("[SERVER] Initializing..."); #ifdef _UNIX int local_error = 0; #endif // if hAppInstance is still == NULL it means that we havent been // reflectivly loaded so we must patch in the hAppInstance value // for use with loading server extensions later. InitAppInstance(); srand( (unsigned int)time(NULL) ); __try { do { dprintf( "[SERVER] module loaded at 0x%08X", hAppInstance ); // Open a THREAD item for the servers main thread, we use this to manage migration later. serverThread = thread_open(); dprintf( "[SERVER] main server thread: handle=0x%08X id=0x%08X sigterm=0x%08X", serverThread->handle, serverThread->id, serverThread->sigterm ); if( !(remote = remote_allocate(fd)) ) { SetLastError( ERROR_NOT_ENOUGH_MEMORY ); break; } remote->url = global_meterpreter_url; if (strcmp(global_meterpreter_transport+12, "TRANSPORT_SSL") == 0) { remote->transport = METERPRETER_TRANSPORT_SSL; dprintf("[SERVER] Using SSL transport..."); } else if (strcmp(global_meterpreter_transport+12, "TRANSPORT_HTTPS") == 0) { remote->transport = METERPRETER_TRANSPORT_HTTPS; dprintf("[SERVER] Using HTTPS transport..."); } else if (strcmp(global_meterpreter_transport+12, "TRANSPORT_HTTP") == 0) { remote->transport = METERPRETER_TRANSPORT_HTTP; dprintf("[SERVER] Using HTTP transport..."); } // Do not allow the file descriptor to be inherited by child processes SetHandleInformation((HANDLE)fd, HANDLE_FLAG_INHERIT, 0); dprintf("[SERVER] Initializing tokens..."); // Store our thread handle remote->hServerThread = serverThread->handle; #ifdef _WIN32 // Store our process token if (!OpenThreadToken(remote->hServerThread, TOKEN_ALL_ACCESS, TRUE, &remote->hServerToken)) OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &remote->hServerToken); // Copy it to the thread token remote->hThreadToken = remote->hServerToken; // Save the initial session/station/desktop names... remote->dwOrigSessionId = server_sessionid(); remote->dwCurrentSessionId = remote->dwOrigSessionId; GetUserObjectInformation( GetProcessWindowStation(), UOI_NAME, &cStationName, 256, NULL ); remote->cpOrigStationName = _strdup( cStationName ); remote->cpCurrentStationName = _strdup( cStationName ); GetUserObjectInformation( GetThreadDesktop( GetCurrentThreadId() ), UOI_NAME, &cDesktopName, 256, NULL ); remote->cpOrigDesktopName = _strdup( cDesktopName ); remote->cpCurrentDesktopName = _strdup( cDesktopName ); #endif // Process our default SSL-over-TCP transport if (remote->transport == METERPRETER_TRANSPORT_SSL) { dprintf("[SERVER] Flushing the socket handle..."); server_socket_flush( remote ); dprintf("[SERVER] Initializing SSL..."); if( !server_initialize_ssl( remote ) ) break; dprintf("[SERVER] Negotiating SSL..."); if( !server_negotiate_ssl( remote ) ) break; dprintf("[SERVER] Registering dispatch routines..."); register_dispatch_routines(); dprintf("[SERVER] Entering the main server dispatch loop for transport %d...", remote->transport); server_dispatch( remote ); dprintf("[SERVER] Deregistering dispatch routines..."); deregister_dispatch_routines( remote ); } if (remote->transport == METERPRETER_TRANSPORT_HTTP || remote->transport == METERPRETER_TRANSPORT_HTTPS) { dprintf("[SERVER] Registering dispatch routines..."); register_dispatch_routines(); dprintf("[SERVER] Entering the main server dispatch loop for transport %d...", remote->transport); #ifdef _WIN32 server_dispatch_http_wininet( remote ); #else // XXX: Handle non-windows HTTP transport #endif dprintf("[SERVER] Deregistering dispatch routines..."); deregister_dispatch_routines( remote ); } } while (0); if (remote->transport == METERPRETER_TRANSPORT_SSL) { dprintf("[SERVER] Closing down SSL..."); server_destroy_ssl( remote ); } if( remote ) remote_deallocate( remote ); } __except( exceptionfilter(GetExceptionCode(), GetExceptionInformation()) ) { dprintf("[SERVER] *** exception triggered!"); thread_kill( serverThread ); } dprintf("[SERVER] Finished."); return res; }
/*! * @brief Setup and run the server. This is called from Init via the loader. * @param fd The original socket descriptor passed in from the stager, or a pointer to stageless extensions. * @return Meterpreter exit code (ignored by the caller). */ DWORD server_setup(MetsrvConfig* config) { THREAD* serverThread = NULL; Remote* remote = NULL; char stationName[256] = { 0 }; char desktopName[256] = { 0 }; DWORD res = 0; dprintf("[SERVER] Initializing from configuration: 0x%p", config); dprintf("[SESSION] Comms Fd: %u", config->session.comms_fd); dprintf("[SESSION] Expiry: %u", config->session.expiry); dprintf("[SERVER] UUID: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", config->session.uuid[0], config->session.uuid[1], config->session.uuid[2], config->session.uuid[3], config->session.uuid[4], config->session.uuid[5], config->session.uuid[6], config->session.uuid[7], config->session.uuid[8], config->session.uuid[9], config->session.uuid[10], config->session.uuid[11], config->session.uuid[12], config->session.uuid[13], config->session.uuid[14], config->session.uuid[15]); // if hAppInstance is still == NULL it means that we havent been // reflectivly loaded so we must patch in the hAppInstance value // for use with loading server extensions later. InitAppInstance(); srand((unsigned int)time(NULL)); __try { do { dprintf("[SERVER] module loaded at 0x%08X", hAppInstance); // Open a THREAD item for the servers main thread, we use this to manage migration later. serverThread = thread_open(); dprintf("[SERVER] main server thread: handle=0x%08X id=0x%08X sigterm=0x%08X", serverThread->handle, serverThread->id, serverThread->sigterm); if (!(remote = remote_allocate())) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); break; } setup_ssl_lib(&remote->ssl); remote->orig_config = config; remote->sess_expiry_time = config->session.expiry; remote->sess_start_time = current_unix_timestamp(); remote->sess_expiry_end = remote->sess_start_time + config->session.expiry; dprintf("[DISPATCH] Session going for %u seconds from %u to %u", remote->sess_expiry_time, remote->sess_start_time, remote->sess_expiry_end); DWORD transportSize = 0; if (!create_transports(remote, config->transports, &transportSize)) { // not good, bail out! SetLastError(ERROR_BAD_ARGUMENTS); break; } // the first transport should match the transport that we initially connected on. // If it's TCP comms, we need to wire that up. if (remote->transport->type == METERPRETER_TRANSPORT_SSL && config->session.comms_fd) { ((TcpTransportContext*)remote->transport->ctx)->fd = (SOCKET)config->session.comms_fd; } // Set up the transport creation function pointer remote->trans_create = create_transport; // Set up the transport removal function pointer remote->trans_remove = remove_transport; // and the config creation pointer remote->config_create = config_create; // Store our thread handle remote->server_thread = serverThread->handle; dprintf("[SERVER] Registering dispatch routines..."); register_dispatch_routines(); // this has to be done after dispatch routine are registered load_stageless_extensions(remote, (MetsrvExtension*)((LPBYTE)config->transports + transportSize)); // Store our process token if (!OpenThreadToken(remote->server_thread, TOKEN_ALL_ACCESS, TRUE, &remote->server_token)) { OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &remote->server_token); } if (scheduler_initialize(remote) != ERROR_SUCCESS) { SetLastError(ERROR_BAD_ENVIRONMENT); break; } // Copy it to the thread token remote->thread_token = remote->server_token; // Save the initial session/station/desktop names... remote->orig_sess_id = server_sessionid(); remote->curr_sess_id = remote->orig_sess_id; GetUserObjectInformation(GetProcessWindowStation(), UOI_NAME, &stationName, 256, NULL); remote->orig_station_name = _strdup(stationName); remote->curr_station_name = _strdup(stationName); GetUserObjectInformation(GetThreadDesktop(GetCurrentThreadId()), UOI_NAME, &desktopName, 256, NULL); remote->orig_desktop_name = _strdup(desktopName); remote->curr_desktop_name = _strdup(desktopName); remote->sess_start_time = current_unix_timestamp(); // loop through the transports, reconnecting each time. while (remote->transport) { if (remote->transport->transport_init) { dprintf("[SERVER] attempting to initialise transport 0x%p", remote->transport); // Each transport has its own set of retry settings and each should honour // them individually. if (!remote->transport->transport_init(remote->transport)) { dprintf("[SERVER] transport initialisation failed, moving to the next transport"); remote->transport = remote->transport->next_transport; // when we have a list of transports, we'll iterate to the next one. continue; } } dprintf("[SERVER] Entering the main server dispatch loop for transport %x, context %x", remote->transport, remote->transport->ctx); DWORD dispatchResult = remote->transport->server_dispatch(remote, serverThread); dprintf("[DISPATCH] dispatch exited with result: %u", dispatchResult); if (remote->transport->transport_deinit) { dprintf("[DISPATCH] deinitialising transport"); remote->transport->transport_deinit(remote->transport); } dprintf("[TRANS] resetting transport"); if (remote->transport->transport_reset) { remote->transport->transport_reset(remote->transport, dispatchResult == ERROR_SUCCESS && remote->next_transport == NULL); } // If the transport mechanism failed, then we should loop until we're able to connect back again. if (dispatchResult == ERROR_SUCCESS) { dprintf("[DISPATCH] Server requested shutdown of dispatch"); // But if it was successful, and this is a valid exit, then we should clean up and leave. if (remote->next_transport == NULL) { dprintf("[DISPATCH] No next transport specified, leaving"); // we weren't asked to switch transports, so we exit. break; } // we need to change transports to the one we've been given. We will assume, for now, // that the transport has been created using the appropriate functions and that it is // part of the transport list. dprintf("[TRANS] Moving transport from 0x%p to 0x%p", remote->transport, remote->next_transport); remote->transport = remote->next_transport; remote->next_transport = NULL; } else { // move to the next one in the list dprintf("[TRANS] Moving transport from 0x%p to 0x%p", remote->transport, remote->transport->next_transport); remote->transport = remote->transport->next_transport; } // transport switching and failover both need to support the waiting functionality. if (remote->next_transport_wait > 0) { dprintf("[TRANS] Sleeping for %u seconds ...", remote->next_transport_wait); sleep(remote->next_transport_wait); // the wait is a once-off thing, needs to be reset each time remote->next_transport_wait = 0; } } // clean up the transports while (remote->transport) { remove_transport(remote, remote->transport); } dprintf("[SERVER] Deregistering dispatch routines..."); deregister_dispatch_routines(remote); } while (0); dprintf("[DISPATCH] calling scheduler_destroy..."); scheduler_destroy(); dprintf("[DISPATCH] calling command_join_threads..."); command_join_threads(); remote_deallocate(remote); } __except (exceptionfilter(GetExceptionCode(), GetExceptionInformation())) { dprintf("[SERVER] *** exception triggered!"); thread_kill(serverThread); } dprintf("[SERVER] Finished."); return res; }
BOOL vncDesktop::InitWindow() { vnclog.Print(LL_INTERR, VNCLOG("InitWindow called\n")); HDESK desktop; desktop = OpenInputDesktop(0, FALSE, DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | DESKTOP_HOOKCONTROL | DESKTOP_WRITEOBJECTS | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | GENERIC_WRITE ); if (desktop == NULL) vnclog.Print(LL_INTERR, VNCLOG("InitWindow:OpenInputdesktop Error \n")); else vnclog.Print(LL_INTERR, VNCLOG("InitWindow:OpenInputdesktop OK\n")); HDESK old_desktop = GetThreadDesktop(GetCurrentThreadId()); DWORD dummy; char new_name[256]; if (!GetUserObjectInformation(desktop, UOI_NAME, &new_name, 256, &dummy)) { vnclog.Print(LL_INTERR, VNCLOG("InitWindow:!GetUserObjectInformation \n")); } vnclog.Print(LL_INTERR, VNCLOG("InitWindow:SelectHDESK to %s (%x) from %x\n"), new_name, desktop, old_desktop); if (!SetThreadDesktop(desktop)) { vnclog.Print(LL_INTERR, VNCLOG("InitWindow:SelectHDESK:!SetThreadDesktop \n")); } HMODULE hUser32 = LoadLibrary("user32.dll"); CHANGEWINDOWMESSAGEFILTER pfnFilter = NULL; pfnFilter =(CHANGEWINDOWMESSAGEFILTER)GetProcAddress(hUser32,"ChangeWindowMessageFilter"); if (pfnFilter) pfnFilter(RFB_SCREEN_UPDATE, MSGFLT_ADD); if (pfnFilter) pfnFilter(RFB_COPYRECT_UPDATE, MSGFLT_ADD); if (pfnFilter) pfnFilter(RFB_MOUSE_UPDATE, MSGFLT_ADD); if (pfnFilter) pfnFilter(WM_QUIT, MSGFLT_ADD); if (pfnFilter) pfnFilter(WM_SHUTDOWN, MSGFLT_ADD); if (m_wndClass == 0) { // Create the window class WNDCLASSEX wndclass; wndclass.cbSize = sizeof(wndclass); wndclass.style = 0; wndclass.lpfnWndProc = &DesktopWndProc; wndclass.cbClsExtra = 0; wndclass.cbWndExtra = 0; wndclass.hInstance = hAppInstance; wndclass.hIcon = NULL; wndclass.hCursor = NULL; wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH); wndclass.lpszMenuName = (const char *) NULL; wndclass.lpszClassName = szDesktopSink; wndclass.hIconSm = NULL; // Register it m_wndClass = RegisterClassEx(&wndclass); if (!m_wndClass) { vnclog.Print(LL_INTERR, VNCLOG("failed to register window class\n")); SetEvent(restart_event); return FALSE; } } // And create a window m_hwnd = CreateWindow(szDesktopSink, "WinVNC", WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, 400, 200, NULL, NULL, hAppInstance, NULL); if (m_hwnd == NULL) { vnclog.Print(LL_INTERR, VNCLOG("failed to create hook window\n")); SetEvent(restart_event); return FALSE; } SetTimer(m_hwnd,1001,1000,NULL); // Set the "this" pointer for the window helper::SafeSetWindowUserData(m_hwnd, (LONG_PTR)this); // Enable clipboard hooking // adzm - 2010-07 - Fix clipboard hangs m_settingClipboardViewer = true; m_hnextviewer = SetClipboardViewer(m_hwnd); m_settingClipboardViewer = false; StopDriverWatches=false; DrvWatch mywatch; mywatch.stop=&StopDriverWatches; mywatch.hwnd=m_hwnd; if (VideoBuffer()) { DWORD myword; HANDLE T1=NULL; T1=CreateThread(NULL,0,Driverwatch,m_hwnd,0,&myword); if (T1) CloseHandle(T1); } vnclog.Print(LL_INTERR, VNCLOG("OOOOOOOOOOOO load hookdll's\n")); //////////////////////// hModule=NULL; char szCurrentDir[MAX_PATH]; if (GetModuleFileName(NULL, szCurrentDir, MAX_PATH)) { char* p = strrchr(szCurrentDir, '\\'); if (p == NULL) return 0; *p = '\0'; strcat (szCurrentDir,"\\vnchooks.dll"); } hSCModule=NULL; char szCurrentDirSC[MAX_PATH]; if (GetModuleFileName(NULL, szCurrentDirSC, MAX_PATH)) { char* p = strrchr(szCurrentDirSC, '\\'); if (p == NULL) return 0; *p = '\0'; #ifdef _X64 strcat (szCurrentDirSC,"\\schook64.dll"); #else strcat (szCurrentDirSC,"\\schook.dll"); #endif } hW8Module=NULL; char szCurrentDirW8[MAX_PATH]; if (WIN8) { if (GetModuleFileName(NULL, szCurrentDirW8, MAX_PATH)) { char* p = strrchr(szCurrentDirW8, '\\'); if (p == NULL) return 0; *p = '\0'; #ifdef _X64 strcat (szCurrentDirW8,"\\w8hook64.dll"); #else strcat (szCurrentDirW8,"\\w8hook.dll"); #endif } } UnSetHooks=NULL; SetMouseFilterHook=NULL; SetKeyboardFilterHook=NULL; SetMouseFilterHooks=NULL; SetKeyboardFilterHooks=NULL; SetHooks=NULL; UnSetHook=NULL; SetHook=NULL; hModule = LoadLibrary(szCurrentDir); hSCModule = LoadLibrary(szCurrentDirSC);//TOFIX resource leak if (WIN8) hW8Module = LoadLibrary(szCurrentDirW8); if (hModule) { strcpy_s(g_hookstring,"vnchook"); UnSetHooks = (UnSetHooksFn) GetProcAddress( hModule, "UnSetHooks" ); SetMouseFilterHook = (SetMouseFilterHookFn) GetProcAddress( hModule, "SetMouseFilterHook" ); SetKeyboardFilterHook = (SetKeyboardFilterHookFn) GetProcAddress( hModule, "SetKeyboardFilterHook" ); SetHooks = (SetHooksFn) GetProcAddress( hModule, "SetHooks" ); } if (hSCModule) { UnSetHook = (UnSetHookFn) GetProcAddress( hSCModule, "UnSetHook" ); SetHook = (SetHookFn) GetProcAddress( hSCModule, "SetHook" ); SetMouseFilterHooks = (SetMouseFilterHookFn) GetProcAddress( hSCModule, "SetMouseFilterHook" ); SetKeyboardFilterHooks = (SetKeyboardFilterHookFn) GetProcAddress( hSCModule, "SetKeyboardFilterHook" ); } startw8=NULL; stopw8=NULL; capturew8=NULL; if (hW8Module) { startw8=(StartW8)GetProcAddress(hW8Module,"StartW8"); stopw8=(StopW8)GetProcAddress(hW8Module,"StopW8"); capturew8=(CaptureW8)GetProcAddress(hW8Module,"CaptureW8"); } /////////////////////////////////////////////// vnclog.Print(LL_INTERR, VNCLOG("OOOOOOOOOOOO start dispatch\n")); MSG msg; SetEvent(restart_event); while (TRUE) { if (PeekMessage(&msg,NULL,0,0,PM_REMOVE)) { vnclog.Print(LL_INTERR, VNCLOG("OOOOOOOOOOOO %i %i\n"),msg.message,msg.hwnd); if (msg.message==WM_TIMER) { if(msg.wParam==1001) keepalive(); } if (msg.message==WM_QUIT || fShutdownOrdered) { vnclog.Print(LL_INTERR, VNCLOG("OOOOOOOOOOOO called wm_quit\n")); DestroyWindow(m_hwnd); SetEvent(trigger_events[5]); break; } else if (msg.message==WM_SHUTDOWN) { vnclog.Print(LL_INTERR, VNCLOG("OOOOOOOOOOOO called wm_user+4\n")); DestroyWindow(m_hwnd); break; } else if (msg.message==RFB_SCREEN_UPDATE) { if (can_be_hooked) { vnclog.Print(LL_INTERR, VNCLOG("RFB_SCREEN_UPDATE \n")); rfb::Rect rect; rect.tl = rfb::Point((SHORT)LOWORD(msg.wParam), (SHORT)HIWORD(msg.wParam)); rect.br = rfb::Point((SHORT)LOWORD(msg.lParam), (SHORT)HIWORD(msg.lParam)); //Buffer coordinates rect.tl.x-=m_ScreenOffsetx; rect.br.x-=m_ScreenOffsetx; rect.tl.y-=m_ScreenOffsety; rect.br.y-=m_ScreenOffsety; vnclog.Print(LL_INTERR, VNCLOG("REct3 %i %i %i %i \n"),rect.tl.x,rect.br.x,rect.tl.y,rect.br.y); rect = rect.intersect(m_Cliprect); if (!rect.is_empty()) { while (lock_region_add) Sleep(5); rgnpump.assign_union(rect); SetEvent(trigger_events[1]); } } } else if (msg.message==RFB_MOUSE_UPDATE) { if (can_be_hooked) { vnclog.Print(LL_INTERR, VNCLOG("RFB_MOUSE_UPDATE \n")); SetCursor((HCURSOR) msg.wParam); SetEvent(trigger_events[2]); } } else { if (msg.message==WM_USER+3 )vnclog.Print(LL_INTERR, VNCLOG("OOOOOOOOOOOO called wm_user+3\n")); TranslateMessage(&msg); DispatchMessage(&msg); } } else WaitMessage(); } KillTimer(m_hwnd,1001); if (hModule)FreeLibrary(hModule); if (hSCModule)FreeLibrary(hSCModule); if (hW8Module)FreeLibrary(hW8Module); SetThreadDesktop(old_desktop); CloseDesktop(desktop); /////////////////////// vnclog.Print(LL_INTERR, VNCLOG("OOOOOOOOOOOO end dispatch\n")); m_hwnd = NULL; return TRUE; }
DWORD WINAPI imp_desktop_thread(LPVOID lpParam) { vncServer *server = (vncServer *)lpParam; HDESK desktop; //vnclog.Print(LL_INTERR, VNCLOG("SelectDesktop \n")); //vnclog.Print(LL_INTERR, VNCLOG("OpenInputdesktop2 NULL\n")); desktop = OpenInputDesktop(0, FALSE, DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | DESKTOP_HOOKCONTROL | DESKTOP_WRITEOBJECTS | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | GENERIC_WRITE ); if (desktop == NULL) vnclog.Print(LL_INTERR, VNCLOG("OpenInputdesktop Error \n")); else vnclog.Print(LL_INTERR, VNCLOG("OpenInputdesktop OK\n")); HDESK old_desktop = GetThreadDesktop(GetCurrentThreadId()); DWORD dummy; char new_name[256]; if (!GetUserObjectInformation(desktop, UOI_NAME, &new_name, 256, &dummy)) { vnclog.Print(LL_INTERR, VNCLOG("!GetUserObjectInformation \n")); } vnclog.Print(LL_INTERR, VNCLOG("SelectHDESK to %s (%x) from %x\n"), new_name, desktop, old_desktop); if (!SetThreadDesktop(desktop)) { vnclog.Print(LL_INTERR, VNCLOG("SelectHDESK:!SetThreadDesktop \n")); } // ImpersonateCurrentUser_(); char m_username[UNLEN+1]; HWINSTA station = GetProcessWindowStation(); if (station != NULL) { DWORD usersize; GetUserObjectInformation(station, UOI_USER_SID, NULL, 0, &usersize); DWORD dwErrorCode = GetLastError(); SetLastError(0); if (usersize != 0) { DWORD length = sizeof(m_username); if (GetUserName(m_username, &length) == 0) { UINT error = GetLastError(); if (error != ERROR_NOT_LOGGED_ON) { vnclog.Print(LL_INTERR, VNCLOG("getusername error %d\n"), GetLastError()); SetThreadDesktop(old_desktop); CloseDesktop(desktop); Sleep(500); return FALSE; } } } } vnclog.Print(LL_INTERR, VNCLOG("Username %s \n"),m_username); // Create tray icon and menu vncMenu *menu = new vncMenu(server); if (menu == NULL) { vnclog.Print(LL_INTERR, VNCLOG("failed to create tray menu\n")); PostQuitMessage(0); } // This is a good spot to handle the old PostAdd messages if (PostAddAutoConnectClient_bool) vncService::PostAddAutoConnectClient( pszId_char ); if (PostAddAutoConnectClient_bool_null) vncService::PostAddAutoConnectClient( NULL ); if (PostAddConnectClient_bool) vncService::PostAddConnectClient( pszId_char ); if (PostAddConnectClient_bool_null) vncService::PostAddConnectClient( NULL ); if (PostAddNewClient_bool) { PostAddNewClient_bool=false; vnclog.Print(LL_INTERR, VNCLOG("PostAddNewClient IIIII\n")); vncService::PostAddNewClient(address_vcard, port_int); } //adzm 2009-06-20 if (PostAddNewRepeaterClient_bool) { PostAddNewRepeaterClient_bool=false; vnclog.Print(LL_INTERR, VNCLOG("PostAddNewRepeaterClient II\n")); vncService::PostAddNewRepeaterClient(); } bool Runonce=false; MSG msg; while (GetMessage(&msg,0,0,0) != 0) { TranslateMessage(&msg); DispatchMessage(&msg); if (fShutdownOrdered && !Runonce) { Runonce=true; if (menu) menu->Shutdown(true); } if (hShutdownEvent) { // vnclog.Print(LL_INTERR, VNCLOG("****************** SDTimer tic\n")); DWORD result = WaitForSingleObject(hShutdownEvent, 1); if (WAIT_OBJECT_0 == result) { ResetEvent(hShutdownEvent); fShutdownOrdered = true; vnclog.Print(LL_INTERR, VNCLOG("****************** WaitForSingleObject - Shutdown server\n")); } } } // sf@2007 - Close all (vncMenu,tray icon, connections...) if (menu != NULL) delete menu; //vnclog.Print(LL_INTERR, VNCLOG("GetMessage stop \n")); SetThreadDesktop(old_desktop); CloseDesktop(desktop); // RevertToSelf(); return 0; }