예제 #1
0
파일: process.c 프로젝트: bragin/ring3k
void test_open_process_param_size( void )
{
	NTSTATUS r;
	PVOID p = 0;
	PCLIENT_ID id;
	ULONG sz = 0x1000;
	OBJECT_ATTRIBUTES oa;
	HANDLE handle = 0, dummy = (void*) 1;

	r = NtAllocateVirtualMemory(NtCurrentProcess(), &p, 0, &sz, MEM_COMMIT, PAGE_READWRITE);
	ok( r == STATUS_SUCCESS, "wrong return %08lx\n", r );

	memset( &oa, 0, sizeof oa );

	id = (p + sz - 4);
	id->UniqueProcess = dummy;
	r = NtOpenProcess( &handle, 0, &oa, id );
	ok( r == STATUS_ACCESS_VIOLATION, "wrong return %08lx\n", r );

	id = (p + sz - 8);
	id->UniqueProcess = dummy;
	id->UniqueThread = dummy;
	r = NtOpenProcess( &handle, 0, &oa, id );
	ok( r == STATUS_INVALID_CID, "wrong return %08lx\n", r );

	r = NtFreeVirtualMemory(NtCurrentProcess(), &p, &sz, MEM_RELEASE );
	ok( r == STATUS_SUCCESS, "wrong return %08lx\n", r );
}
예제 #2
0
HANDLE
WINAPI
ProcessIdToHandle(IN DWORD dwProcessId)
{
    NTSTATUS Status;
    OBJECT_ATTRIBUTES ObjectAttributes;
    HANDLE Handle;
    CLIENT_ID ClientId;

    /* If we don't have a PID, look it up */
    if (dwProcessId == MAXDWORD) dwProcessId = (DWORD_PTR)CsrGetProcessId();

    /* Open a handle to the process */
    ClientId.UniqueThread = NULL;
    ClientId.UniqueProcess = UlongToHandle(dwProcessId);
    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
    Status = NtOpenProcess(&Handle,
                           PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION |
                           PROCESS_VM_WRITE | PROCESS_VM_READ |
                           PROCESS_SUSPEND_RESUME | PROCESS_QUERY_INFORMATION,
                           &ObjectAttributes,
                           &ClientId);
    if (!NT_SUCCESS(Status))
    {
        /* Fail */
        BaseSetLastNTError(Status);
        return 0;
    }

    /* Return the handle */
    return Handle;
}
예제 #3
0
	void CheckProcessMemory()
	{
		UINT_PTR i,j,flag,addr;
		DWORD len;
		CLIENT_ID id;
		OBJECT_ATTRIBUTES oa={0};
		HANDLE hProc;
		BYTE buffer[8];
		AcquireLock();
		id.UniqueThread=0;
		oa.uLength=sizeof(oa);
		for (i=0;i<count;i++)
		{
			id.UniqueProcess=(proc_record[i]&0xFFF)<<2;
			addr=proc_record[i]&~0xFFF;
			flag=0;
			if (NT_SUCCESS(NtOpenProcess(&hProc,PROCESS_VM_OPERATION|PROCESS_VM_READ,&oa,&id)))	
			{
				if (NT_SUCCESS(NtReadVirtualMemory(hProc,(PVOID)addr,buffer,8,&len)))
					if (memcmp(buffer,normal_routine,4)==0) flag=1;
				NtClose(hProc);
			}
			if (flag==0)
			{
				for (j=i;j<count;j++) proc_record[j]=proc_record[j+1];
				count--; i--;
			}
		}
		ReleaseLock();
	}
예제 #4
0
파일: debugger.c 프로젝트: farp90/nativecmd
HANDLE
WINAPI
ProcessIdToHandle(IN DWORD dwProcessId)
{
    NTSTATUS Status;
    OBJECT_ATTRIBUTES ObjectAttributes;
    HANDLE Handle;
    CLIENT_ID ClientId;

    /* If we don't have a PID, look it up */
    if (dwProcessId == MAXDWORD) dwProcessId = (DWORD_PTR)CsrGetProcessId();

    /* Open a handle to the process */
    ClientId.UniqueThread = NULL;
    ClientId.UniqueProcess = UlongToHandle(dwProcessId);
    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
    Status = NtOpenProcess(&Handle,
                           PROCESS_ALL_ACCESS,
                           &ObjectAttributes,
                           &ClientId);
    if (!NT_SUCCESS(Status))
    {
        /* Fail */
        SetLastErrorByStatus(Status);
        return 0;
    }

    /* Return the handle */
    return Handle;
}
예제 #5
0
파일: proc.c 프로젝트: farp90/nativecmd
/*
 * @implemented
 */
HANDLE
WINAPI
OpenProcess(DWORD dwDesiredAccess,
            BOOL bInheritHandle,
            DWORD dwProcessId)
{
    NTSTATUS errCode;
    HANDLE ProcessHandle;
    OBJECT_ATTRIBUTES ObjectAttributes;
    CLIENT_ID ClientId;

    ClientId.UniqueProcess = UlongToHandle(dwProcessId);
    ClientId.UniqueThread = 0;

    InitializeObjectAttributes(&ObjectAttributes,
                               NULL,
                               (bInheritHandle ? OBJ_INHERIT : 0),
                               NULL,
                               NULL);

    errCode = NtOpenProcess(&ProcessHandle,
                            dwDesiredAccess,
                            &ObjectAttributes,
                            &ClientId);
    if (!NT_SUCCESS(errCode))
    {
        SetLastErrorByStatus(errCode);
        return NULL;
    }

    return ProcessHandle;
}
예제 #6
0
파일: srvnls.c 프로젝트: shuowen/OpenNT
ULONG
BaseSrvNlsPreserveSection(
    IN OUT PCSR_API_MSG m,
    IN OUT PCSR_REPLY_STATUS ReplyStatus)
{
    PBASE_NLS_PRESERVE_SECTION_MSG a =
        (PBASE_NLS_PRESERVE_SECTION_MSG)&m->u.ApiMessageData;

    HANDLE hSection = (HANDLE)0;            /* section handle */
    HANDLE hProcess = (HANDLE)0;            /* process handle */
    OBJECT_ATTRIBUTES ObjA;                 /* object attributes structure */
    NTSTATUS rc = 0L;                       /* return code */


    /*
     *  Duplicate the section handle for the server.
     */
    InitializeObjectAttributes(&ObjA,
                               NULL,
                               0,
                               NULL,
                               NULL);

    rc = NtOpenProcess(&hProcess,
                       PROCESS_DUP_HANDLE,
                       &ObjA,
                       &m->h.ClientId);

    if (!NT_SUCCESS(rc))
    {
        KdPrint(("NLSAPI (BaseSrv): Could NOT Open Process - %lx.\n", rc));
        return (rc);
    }

    /*
     *  The hSection value will not be used for anything.  However,
     *  it must remain open so that the object remains permanent.
     */
    rc = NtDuplicateObject(hProcess,
                           a->hSection,
                           NtCurrentProcess(),
                           &hSection,
                           0L,
                           0L,
                           DUPLICATE_SAME_ACCESS);

    /*
     *  Return the return value from NtDuplicateObject.
     */
    return (rc);

    ReplyStatus;    // get rid of unreferenced parameter warning message
}
예제 #7
0
파일: Just.c 프로젝트: 340211173/Gold
HANDLE GetCsrPid()
{
	HANDLE Process, hObject;
	HANDLE CsrId = (HANDLE)0;
	OBJECT_ATTRIBUTES obj;
	CLIENT_ID cid;
	UCHAR Buff[0x100];
	POBJECT_NAME_INFORMATION ObjName = (PVOID)&Buff;
	PSYSTEM_HANDLE_INFORMATION_EX Handles;
	ULONG r;

	Handles = GetInfoTable(SystemHandleInformation);

	if (!Handles) return CsrId;

	for (r = 0; r < Handles->NumberOfHandles; r++)
	{
		if (Handles->Information[r].ObjectTypeNumber == 21) //Port object
		{
			InitializeObjectAttributes(&obj, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);

			cid.UniqueProcess = (HANDLE)Handles->Information[r].ProcessId;
			cid.UniqueThread = 0;

			if (NT_SUCCESS(NtOpenProcess(&Process, PROCESS_DUP_HANDLE, &obj, &cid)))
			{
				if (NT_SUCCESS(ZwDuplicateObject(Process, (HANDLE)Handles->Information[r].Handle,NtCurrentProcess(), &hObject, 0, 0, DUPLICATE_SAME_ACCESS)))
				{
					if (NT_SUCCESS(ZwQueryObject(hObject, ObjectNameInformation, ObjName, 0x100, NULL)))
					{
						if (ObjName->Name.Buffer && !wcsncmp(L"\\Windows\\ApiPort", ObjName->Name.Buffer, 20))
						{
						  CsrId = (HANDLE)Handles->Information[r].ProcessId;
						} 
					}

					ZwClose(hObject);
				}

				ZwClose(Process);
			}
		}
	}

	ExFreePool(Handles);
	return CsrId;
}
예제 #8
0
파일: authport.c 프로젝트: Moteesh/reactos
static NTSTATUS
LsapCheckLogonProcess(PLSA_API_MSG RequestMsg,
                      PLSAP_LOGON_CONTEXT *LogonContext)
{
    OBJECT_ATTRIBUTES ObjectAttributes;
    HANDLE ProcessHandle = NULL;
    PLSAP_LOGON_CONTEXT Context = NULL;
    NTSTATUS Status;

    TRACE("LsapCheckLogonProcess(%p)\n", RequestMsg);

    TRACE("Client ID: %p %p\n", RequestMsg->h.ClientId.UniqueProcess, RequestMsg->h.ClientId.UniqueThread);

    InitializeObjectAttributes(&ObjectAttributes,
                               NULL,
                               0,
                               NULL,
                               NULL);

    Status = NtOpenProcess(&ProcessHandle,
                           PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION | PROCESS_DUP_HANDLE,
                           &ObjectAttributes,
                           &RequestMsg->h.ClientId);
    if (!NT_SUCCESS(Status))
    {
        TRACE("NtOpenProcess() failed (Status %lx)\n", Status);
        return Status;
    }

    /* Allocate the logon context */
    Context = RtlAllocateHeap(RtlGetProcessHeap(),
                              HEAP_ZERO_MEMORY,
                              sizeof(LSAP_LOGON_CONTEXT));
    if (Context == NULL)
    {
        NtClose(ProcessHandle);
        return STATUS_INSUFFICIENT_RESOURCES;
    }

    TRACE("New LogonContext: %p\n", Context);

    Context->ClientProcessHandle = ProcessHandle;

    *LogonContext = Context;

    return STATUS_SUCCESS;
}
예제 #9
0
파일: safe.c 프로젝트: Artorios/rootkit.com
NTSTATUS WINAPI SafeNtOpenProcess
(
  PHANDLE              ProcessHandle,
  ACCESS_MASK          AccessMask,
  POBJECT_ATTRIBUTES   ObjectAttributes,
  PCLIENT_ID           ClientId 
)
{
	NTSTATUS rc;

	if (CheckOldFunction(&OldNtOpenProcess))
		rc=OldNtOpenProcess(ProcessHandle,AccessMask,ObjectAttributes,ClientId);
	else
		rc=NtOpenProcess(ProcessHandle,AccessMask,ObjectAttributes,ClientId);

	return rc;
}
예제 #10
0
IHFSERVICE DWORD IHFAPI IHF_InjectByPID(DWORD pid, LPWSTR engine)
{
	WCHAR str[0x80];
	DWORD s;
	if (!running) return 0;
	if (pid == current_process_id) 
	{
		ConsoleOutput(SelfAttach);
		return -1;
	}
	if (man->GetProcessRecord(pid))
	{
		ConsoleOutput(AlreadyAttach);
		return -1;
	}
	swprintf(str, L"ITH_HOOKMAN_%d", pid);
	NtClose(IthCreateMutex(str, 0, &s));
	if (s) return -1;
	CLIENT_ID id;
	OBJECT_ATTRIBUTES oa = {};
	HANDLE hProc;
	id.UniqueProcess = pid;
	id.UniqueThread = 0;
	oa.uLength=sizeof(oa);
	if (!NT_SUCCESS(NtOpenProcess(&hProc,
		PROCESS_QUERY_INFORMATION|
		PROCESS_CREATE_THREAD|
		PROCESS_VM_OPERATION|
		PROCESS_VM_READ|
		PROCESS_VM_WRITE,
		&oa, &id)))
	{
		ConsoleOutput(ErrorOpenProcess);
		return -1;
	}
	
	if (engine == 0) engine = EngineName;
	DWORD module = Inject(hProc,engine);
	NtClose(hProc);
	if (module == -1) return -1;
	swprintf(str, FormatInject, pid, module);
	ConsoleOutput(str);
	return module;
}
예제 #11
0
NTSTATUS openProcByName(PHANDLE pProcess, PUNICODE_STRING pProcName, BOOLEAN useDebugPrivilege) {
	SYSTEM_PROCESS_INFORMATION procInfo;
	OBJECT_ATTRIBUTES procAttr;
	OBJECT_BASIC_INFORMATION processHandleInfo;
	CLIENT_ID cid;
	BOOLEAN oldValue;
	HANDLE pid;

	NTSTATUS status = STATUS_CACHE_PAGE_LOCKED;
	ULONG procListSize = 0;
	ULONGLONG memSize = 0;
	ULONG obQueryLen = 0;
	PVOID pProcListHead = NULL;
	PSYSTEM_PROCESS_INFORMATION pProcEntry = NULL;

	do {
		if (!pProcName || !pProcess) {
			status = STATUS_INVALID_PARAMETER;
			break;
		}
		
		*pProcess = NULL;

		///Since we specify a buffer size of 0 the buffer must overflow for sure even if there was running a
		///single process only. If we don't receive the dedicated error, something other has gone wrong
		///and we cannot rely on the return length.
		status = NtQuerySystemInformation(SystemProcessInformation, &procInfo, procListSize, &procListSize);
		if (STATUS_INFO_LENGTH_MISMATCH != status)
			break;

		memSize = PAGE_ROUND_UP(procListSize) + PAGE_SIZE; ///We better allocate one page extra
														   ///since between our "test" call and the real call below
														   ///additional processes might be started. (race condition)
		status = NtAllocateVirtualMemory(INVALID_HANDLE_VALUE, &pProcListHead, 0, &memSize, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
		if (status) {
			pProcListHead = NULL;
			break;
		}

		///By now, we have allocated a buffer large enough for the complete process list,
		///even if some new processes have been started in the mean time.
		///Hence, the next call is entirely expected to succeed.
		procListSize = (ULONG)memSize;
		status = NtQuerySystemInformation(SystemProcessInformation, pProcListHead, procListSize, &procListSize);
		if (status)
			break;

		pid = NULL;
		pProcEntry = pProcListHead;				///The list of all system processes is a so called singly linked list.
		while (pProcEntry->NextEntryOffset) {	///If NextEntryOffset member is NULL, we have reached the list end (tail).
			pProcEntry = (PSYSTEM_PROCESS_INFORMATION)((PUCHAR)pProcEntry + pProcEntry->NextEntryOffset);
			//DebugPrint2A("PID: %d, %wZ", pProcEntry->UniqueProcessId, pProcEntry->ImageName);
			if (0 == RtlCompareUnicodeString(pProcName, &pProcEntry->ImageName, TRUE)) {
				pid = pProcEntry->UniqueProcessId;
				break;
			}
		}

		if (!pid) {
			status = STATUS_OBJECT_NAME_NOT_FOUND;
			break;
		}
			
		if (useDebugPrivilege) {
			status = RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, &oldValue);
			if (status){			///Since we're for some reason supposed to use the SeDebugPrivilege,
				useDebugPrivilege = FALSE;
				break;				///we fail deliberately if we can't enable it.
			}
		}

		InitializeObjectAttributes(&procAttr, NULL, 0, NULL, NULL);
		cid.UniqueThread = (HANDLE)0;
		cid.UniqueProcess = pid;

		///Opening a process for full access might be less suspicious than opening with our real intentions.
		status = NtOpenProcess(pProcess, PROCESS_ALL_ACCESS, &procAttr, &cid);
		if (status) {
			///Most likely STATUS_ACCESS_DENIED if
			///either we didn't specify the useDebugPrivilege flag when opening a cross session process
			///or if we tried to open an elevated process while running non-elevated
			///or if the process being opened is a so-called "Protected Process".

			///In x64 windows, HIPS or AV drivers have the possibility to legally
			///receive a notification if a process is about to open a handle to another process.
			///In those ObCallback routines they cannot completely deny the opening.
			///However, they are able to modify the access masks, so a handle supposed for VM operations still
			///will be lacking the PROCESS_VM_XXX rights, for example. If we therefore query the handle rights
			///we can still return an appropriate error if wasn't granted the rights we want
			///And are not going to fail at first when performing our process operations.
			*pProcess = NULL;
			break;
		}

		status = NtQueryObject(*pProcess, ObjectBasicInformation, &processHandleInfo, sizeof(OBJECT_BASIC_INFORMATION), &obQueryLen);
		if (status)	///Not sure if this call ever will fail...
			break;

		///Maybe, HIPS just wanted to deny PROCESS_TERMINATE/PROCESS_SUSPEND right?
		///If so, we don't care. We're only interested in VM rights.
		if (MIN_VM_ACCESS_MASK & ~processHandleInfo.GrantedAccess) {
			status = STATUS_UNSUCCESSFUL;
			break;
		}
	} while (status);

	if (status && pProcess) {
		if (*pProcess) {
			NtClose(*pProcess);
			*pProcess = NULL;
		}
	}

	if (pProcListHead) {
		memSize = 0;
		NtFreeVirtualMemory(INVALID_HANDLE_VALUE, &pProcListHead, &memSize, MEM_RELEASE); ///We don't need the list anymore.
	}
		
	if (useDebugPrivilege)
		RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, oldValue, FALSE, &oldValue);		///We don't need the privilege anymore.

	return status;
}
예제 #12
0
파일: resmon.c 프로젝트: mingpen/OpenNT
int
_cdecl
main(
    int argc,
    char *argv[]
    )
{
    BOOL fShowUsage;
    PCHAR s, s1;
    ULONG ProcessId;
    HANDLE Process, ThreadToResume;
    OBJECT_ATTRIBUTES ObjectAttributes;
    UNICODE_STRING Unicode;
    NTSTATUS Status;
    PRTL_EVENT_LOG EventLog;
    PRTL_EVENT Event;
    PRTL_EVENT_ID_INFO EventId;
    STARTUPINFO StartupInfo;
    PROCESS_INFORMATION ProcessInformation;
    PCHAR CommandLine;
    ULONG EventLogFlags;
    ULONG EventClassMask;
    ULONG ProcessCreateFlags;

    InitializeSymbolPathEnvVar();
    VerboseFlag = FALSE;
    EventClassMask = 0xFFFFFFFF;
    CommandLine = NULL;
    ProcessId = 0xFFFFFFFF;
    fShowUsage = FALSE;
    ProcessCreateFlags = CREATE_SUSPENDED;
    while (--argc) {
        s = *++argv;
        if (*s == '-' || *s == '/') {
            while (*++s) {
                switch( toupper( *s ) ) {
                    case 'M':
                        if (--argc) {
                            s1 = *++argv;
                            if (isalpha( *s1 )) {
                                EventClassMask = 0;
                                while (*s1) {
                                    switch( toupper( *s1 ) ) {
                                        case 'H':
                                            if (isdigit( s1[1] )) {
                                                while (isdigit( *++s1 )) {
                                                    switch (*s1) {
                                                        case '0': EventClassMask |= RTL_EVENT_CLASS_PROCESS_HEAP   ;  break;
                                                        case '1': EventClassMask |= RTL_EVENT_CLASS_PRIVATE_HEAP   ;  break;
                                                        case '2': EventClassMask |= RTL_EVENT_CLASS_KERNEL_HEAP    ;  break;
                                                        case '3': EventClassMask |= RTL_EVENT_CLASS_GDI_HEAP       ;  break;
                                                        case '4': EventClassMask |= RTL_EVENT_CLASS_USER_HEAP      ;  break;
                                                        case '5': EventClassMask |= RTL_EVENT_CLASS_CONSOLE_HEAP   ;  break;
                                                        case '6': EventClassMask |= RTL_EVENT_CLASS_DESKTOP_HEAP   ;  break;
                                                        case '7': EventClassMask |= RTL_EVENT_CLASS_CSR_SHARED_HEAP;  break;
                                                        default:
                                                            fprintf( stderr, "RESMON: Invalid heap class digit '%c' flag.\n", *s1 );
                                                            fShowUsage = TRUE;
                                                            break;
                                                        }
                                                    }

                                                s1 -= 1;
                                                }
                                            else {
                                                EventClassMask |= RTL_EVENT_CLASS_HEAP_ALL;
                                                }

                                            break;

                                        case 'O':
                                            EventClassMask |= RTL_EVENT_CLASS_OB;
                                            break;

                                        case 'F':
                                            EventClassMask |= RTL_EVENT_CLASS_IO;
                                            break;

                                        case 'V':
                                            EventClassMask |= RTL_EVENT_CLASS_VM;
                                            break;

                                        case 'P':
                                            EventClassMask |= RTL_EVENT_CLASS_PAGE_FAULT;
                                            break;

                                        case 'T':
                                            EventClassMask |= RTL_EVENT_CLASS_TRANSITION_FAULT;
                                            break;

                                        default:
                                            fprintf( stderr, "RESMON: Invalid event class letter '%c' flag.\n", *s1 );
                                            fShowUsage = TRUE;
                                            break;
                                        }

                                    s1 += 1;
                                    }
                                }
                            else {
                                Status = RtlCharToInteger( s1, 16, &EventClassMask );
                                }
                            }
                        else {
                            fprintf( stderr, "RESMON: Missing process id of -%c flag.\n", *s );
                            fShowUsage = TRUE;
                            }
                        break;

                    case 'P':
                        if (--argc) {
                            s1 = *++argv;
                            ProcessId = atoi( s1 );
                            }
                        else {
                            fprintf( stderr, "RESMON: Missing process id of -%c flag.\n", *s );
                            fShowUsage = TRUE;
                            }
                        break;

                    case 'O':
                        EventLogFlags |= RTL_EVENT_LOG_INHERIT;
                        break;

                    case '2':
                        ProcessCreateFlags |= CREATE_NEW_CONSOLE;
                        break;

                    case 'V':
                        VerboseFlag = TRUE;
                        break;

                    case '?':
                    case 'H':
                        fShowUsage = TRUE;
                        break;

                    default:
                        fprintf( stderr, "RESMON: Invalid flag - '%c'\n", *s );
                        fShowUsage = TRUE;
                        break;
                    }
                }
            }
        else
        if (fShowUsage) {
            break;
            }
        else
        if (CommandLine != NULL) {
            fShowUsage = TRUE;
            break;
            }
        else {
            CommandLine = s;
            }
        }

    if (fShowUsage) {
        fprintf( stderr, "usage: RESMON [-h] [-o] [-m EventMask] [-p ProcessId | Command]\n" );
        fprintf( stderr, "where: -h - displays this help message.\n" );
        fprintf( stderr, "       -o - monitor all sub-processes too.\n" );
        fprintf( stderr, "       -m EventMask - specifies which events to monitor.\n" );
        fprintf( stderr, "                      Default is all events.  EventMask\n" );
        fprintf( stderr, "                      consists of one or more letters\n" );
        fprintf( stderr, "                      which stand for the following:\n" );
        fprintf( stderr, "                      H[n] - heap events.\n" );
        fprintf( stderr, "                          0 - process heap.\n" );
        fprintf( stderr, "                          1 - private heap.\n" );
        fprintf( stderr, "                          2 - CSRSS heap.\n" );
        fprintf( stderr, "                          3 - CSR Port heap.\n" );
        fprintf( stderr, "                      F - file events.\n" );
        fprintf( stderr, "                      O - object events.\n" );
        fprintf( stderr, "                      V - virtual memory events.\n" );
        fprintf( stderr, "                      P - page faults.\n" );
        fprintf( stderr, "       -p ProcessId - specifies which process to monitor.\n" );
        fprintf( stderr, "                      Default is -1 which is the Windows\n" );
        fprintf( stderr, "                      SubSystem process.\n" );
        fprintf( stderr, "       Command - if -p is not specified then a command to\n" );
        fprintf( stderr, "                 execute may be specified in quotes.\n" );
        return 1;
        }

    ThreadToResume = NULL;
    if (CommandLine != NULL) {
        RtlZeroMemory( &StartupInfo, sizeof( StartupInfo ) );
        StartupInfo.cb = sizeof( StartupInfo );
        StartupInfo.lpReserved = NULL;
        StartupInfo.lpReserved2 = NULL;
        StartupInfo.lpDesktop = NULL;
        StartupInfo.lpTitle = CommandLine;
        StartupInfo.dwX = 0;
        StartupInfo.dwY = 1;
        StartupInfo.dwXSize = 100;
        StartupInfo.dwYSize = 100;
        StartupInfo.dwFlags = 0;//STARTF_SHELLOVERRIDE;
        StartupInfo.wShowWindow = SW_SHOWNORMAL;
        if (!CreateProcess( NULL,
                            CommandLine,
                            NULL,
                            NULL,
                            TRUE,
                            ProcessCreateFlags,
                            NULL,
                            NULL,
                            &StartupInfo,
                            &ProcessInformation
                          )
           ) {
            fprintf( stderr, "RESMON: CreateProcess( %s ) failed  - %lu\n", CommandLine, GetLastError() );
            return 1;
            }

        Process = ProcessInformation.hProcess;
        ThreadToResume = ProcessInformation.hThread;
        ProcessId = ProcessInformation.dwProcessId;
        InitializeImageDebugInformation( LoadSymbolsFilter, Process, TRUE, TRUE );
        }
    else
    if (ProcessId == 0xFFFFFFFF) {
        RtlInitUnicodeString( &Unicode, L"\\WindowsSS" );
        InitializeObjectAttributes( &ObjectAttributes,
                                    &Unicode,
                                    0,
                                    NULL,
                                    NULL
                                  );
        Status = NtOpenProcess( &Process,
                                MAXIMUM_ALLOWED,
                                &ObjectAttributes,
                                NULL
                              );
        if (!NT_SUCCESS( Status )) {
            fprintf( stderr, "OpenProcess( %wZ ) failed  - %lx\n", &Unicode, Status );
            return 1;
            }

        InitializeImageDebugInformation( LoadSymbolsFilter, Process, FALSE, TRUE );
        }
    else {
        Process = OpenProcess( PROCESS_ALL_ACCESS, FALSE, ProcessId );
        if (!Process) {
            fprintf( stderr, "OpenProcess( %ld ) failed - %lx\n", ProcessId, GetLastError() );
            return 1;
            }

        InitializeImageDebugInformation( LoadSymbolsFilter, Process, FALSE, TRUE );
        }

    Status = RtlCreateEventLog( Process,
                                EventLogFlags,
                                EventClassMask,
                                &EventLog
                              );
    CloseHandle( Process );

    if (NT_SUCCESS( Status )) {
        if (ThreadToResume != NULL) {
            printf( "Monitoring Command '%s'\n", CommandLine );
            ResumeThread( ThreadToResume );
            CloseHandle( ThreadToResume );
            }
        else
        if (ProcessId == 0xFFFFFFFF) {
            printf( "Monitoring Windows SubSystem Process\n" );
            }
        else {
            printf( "Monitoring Process %d\n", ProcessId );
            }

        printf( "    Events to monitor:" );
        if (EventClassMask & RTL_EVENT_CLASS_HEAP_ALL) {
            printf( " Heap(" );
            if (EventClassMask & RTL_EVENT_CLASS_PROCESS_HEAP) {
                printf( " Process" );
                }
            if (EventClassMask & RTL_EVENT_CLASS_PRIVATE_HEAP) {
                printf( " Private" );
                }

            if (EventClassMask & RTL_EVENT_CLASS_KERNEL_HEAP) {
                printf( " Kernel" );
                }

            if (EventClassMask & RTL_EVENT_CLASS_GDI_HEAP) {
                printf( " GDI" );
                }

            if (EventClassMask & RTL_EVENT_CLASS_USER_HEAP) {
                printf( " User" );
                }

            if (EventClassMask & RTL_EVENT_CLASS_CONSOLE_HEAP) {
                printf( " Console" );
                }

            if (EventClassMask & RTL_EVENT_CLASS_DESKTOP_HEAP) {
                printf( " Desktop" );
                }

            if (EventClassMask & RTL_EVENT_CLASS_CSR_SHARED_HEAP) {
                printf( " CSR Shared" );
                }
            printf( ")" );
            }

        if (EventClassMask & RTL_EVENT_CLASS_OB) {
            printf( " Object" );
            }

        if (EventClassMask & RTL_EVENT_CLASS_IO) {
            printf( " File I/O" );
            }

        if (EventClassMask & RTL_EVENT_CLASS_VM) {
            printf( " Virtual Memory" );
            }
        if (EventClassMask & RTL_EVENT_CLASS_PAGE_FAULT) {
            printf( " Page Faults" );
            }
        if (EventClassMask & RTL_EVENT_CLASS_TRANSITION_FAULT) {
            printf( " Transition Page Faults" );
            }
        printf( "\n" );

        Event = (PRTL_EVENT)EventBuffer;
        while (TRUE) {
            if (EventLog->CountOfClients == 0) {
                break;
                }

            Status = RtlWaitForEvent( EventLog, sizeof( EventBuffer ), Event, &EventId );
            if (!NT_SUCCESS( Status )) {
                fprintf( stderr, "RESMON: RtlWaitForEventFailed - %x\n", Status );
                }

            if (CreateProcessEventId == NULL &&
                !_stricmp( EventId->Name, "CreateProcess" )
               ) {
                CreateProcessEventId = EventId;
                }
            else
            if (ExitProcessEventId == NULL &&
                !_stricmp( EventId->Name, "ExitProcess" )
               ) {
                ExitProcessEventId = EventId;
                }
            else
            if (LoadModuleEventId == NULL &&
                !_stricmp( EventId->Name, "LoadModule" )
               ) {
                LoadModuleEventId = EventId;
                }
            else
            if (UnloadModuleEventId == NULL &&
                !_stricmp( EventId->Name, "UnloadModule" )
               ) {
                UnloadModuleEventId = EventId;
                }
            else
            if (PageFaultEventId == NULL &&
                !_stricmp( EventId->Name, "PageFault" )
               ) {
                PageFaultEventId = EventId;
                }

            if (CreateProcessEventId == EventId ||
                LoadModuleEventId == EventId
               ) {
                LoadSymbolsForEvent( Event, EventId );
                DumpEvent( Event, EventId );
                }
            else
            if (ExitProcessEventId == EventId) {
                EventLog->CountOfClients -= 1;
                DumpEvent( Event, EventId );
                UnloadProcessForEvent( Event, EventId );
                }
            else
            if (UnloadModuleEventId == EventId) {
                DumpEvent( Event, EventId );
                UnloadSymbolsForEvent( Event, EventId );
                }
            else {
                DumpEvent( Event, EventId );
                }
            }

        RtlDestroyEventLog( EventLog );
        }
    else {
        if (ThreadToResume != NULL) {
            fprintf( stderr, "RESMON: Unable (%x) to monitor Command '%s'\n", Status, CommandLine );
            TerminateThread( ThreadToResume, GetLastError() );
            CloseHandle( ThreadToResume );
            }
        else {
            fprintf( stderr, "RESMON: Unable (%x) to monitor Process %d\n", Status, ProcessId );
            }
        }

    return 0;
}
예제 #13
0
파일: session.c 프로젝트: hoangduit/reactos
NTSTATUS
LsapGetLogonSessionData(IN OUT PLSA_API_MSG RequestMsg)
{
    OBJECT_ATTRIBUTES ObjectAttributes;
    HANDLE ProcessHandle = NULL;
    PLSAP_LOGON_SESSION Session;
    PSECURITY_LOGON_SESSION_DATA LocalSessionData;
    PVOID ClientBaseAddress = NULL;
    ULONG Length, MemSize;
    LPWSTR Ptr;
    NTSTATUS Status;

    TRACE("LsapGetLogonSessionData(%p)\n", RequestMsg);

    TRACE("LogonId: %lx\n", RequestMsg->GetLogonSessionData.Request.LogonId.LowPart);
    Session = LsapGetLogonSession(&RequestMsg->GetLogonSessionData.Request.LogonId);
    if (Session == NULL)
        return STATUS_NO_SUCH_LOGON_SESSION;

    Length = sizeof(SECURITY_LOGON_SESSION_DATA);
/*
             Session->UserName.MaximumLength +
             Session->LogonDomain.MaximumLength +
             Session->AuthenticationPackage.MaximumLength +
             Session->LogonServer.MaximumLength +
             Session->DnsDomainName.MaximumLength +
             Session->Upn.MaximumLength;

    if (Session->Sid != NULL)
        RtlLengthSid(Session->Sid);
*/

    TRACE("Length: %lu\n", Length);

    LocalSessionData = RtlAllocateHeap(RtlGetProcessHeap(),
                                       HEAP_ZERO_MEMORY,
                                       Length);
    if (LocalSessionData == NULL)
        return STATUS_INSUFFICIENT_RESOURCES;

    Ptr = (LPWSTR)((ULONG_PTR)LocalSessionData + sizeof(SECURITY_LOGON_SESSION_DATA));
    TRACE("LocalSessionData: %p  Ptr: %p\n", LocalSessionData, Ptr);

    LocalSessionData->Size = sizeof(SECURITY_LOGON_SESSION_DATA);

    RtlCopyLuid(&LocalSessionData->LogonId,
                &RequestMsg->GetLogonSessionData.Request.LogonId);

    InitializeObjectAttributes(&ObjectAttributes,
                               NULL,
                               0,
                               NULL,
                               NULL);

    Status = NtOpenProcess(&ProcessHandle,
                           PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION,
                           &ObjectAttributes,
                           &RequestMsg->h.ClientId);
    if (!NT_SUCCESS(Status))
    {
        TRACE("NtOpenProcess() failed (Status %lx)\n", Status);
        goto done;
    }

    MemSize = Length;
    Status = NtAllocateVirtualMemory(ProcessHandle,
                                     &ClientBaseAddress,
                                     0,
                                     &MemSize,
                                     MEM_COMMIT,
                                     PAGE_READWRITE);
    if (!NT_SUCCESS(Status))
    {
        TRACE("NtAllocateVirtualMemory() failed (Status %lx)\n", Status);
        goto done;
    }

    TRACE("MemSize: %lu\n", MemSize);
    TRACE("ClientBaseAddress: %p\n", ClientBaseAddress);

    Status = NtWriteVirtualMemory(ProcessHandle,
                                  ClientBaseAddress,
                                  LocalSessionData,
                                  Length,
                                  NULL);
    if (!NT_SUCCESS(Status))
    {
        TRACE("NtWriteVirtualMemory() failed (Status %lx)\n", Status);
        goto done;
    }

    RequestMsg->GetLogonSessionData.Reply.SessionDataBuffer = ClientBaseAddress;

done:
    if (ProcessHandle != NULL)
        NtClose(ProcessHandle);

    if (LocalSessionData != NULL)
        RtlFreeHeap(RtlGetProcessHeap(), 0, LocalSessionData);

    return Status;
}
예제 #14
0
파일: dbgbuffer.c 프로젝트: RPG-7/reactos
/*
* @unimplemented
*/
NTSTATUS
NTAPI
RtlQueryProcessDebugInformation(IN ULONG ProcessId,
                                IN ULONG DebugInfoMask,
                                IN OUT PRTL_DEBUG_INFORMATION Buf)
{
    NTSTATUS Status = STATUS_SUCCESS;
    ULONG Pid = (ULONG)(ULONG_PTR) NtCurrentTeb()->ClientId.UniqueProcess;

    Buf->Flags = DebugInfoMask;
    Buf->OffsetFree = sizeof(RTL_DEBUG_INFORMATION);

    DPRINT("QueryProcessDebugInformation Start\n");

    /*
    Currently ROS can not read-only from kenrel space, and doesn't
    check for boundaries inside kernel space that are page protected
    from every one but the kernel. aka page 0 - 2
    */
    if (ProcessId <= 1)
    {
        Status = STATUS_ACCESS_VIOLATION;
    }
    else
        if (Pid == ProcessId)
        {
            if (DebugInfoMask & RTL_DEBUG_QUERY_MODULES)
            {
                PRTL_PROCESS_MODULES Mp;
                ULONG ReturnSize = 0;
                ULONG MSize;

                Mp = (PRTL_PROCESS_MODULES)((PUCHAR)Buf + Buf->OffsetFree);

                /* I like this better than the do & while loop. */
                Status = LdrQueryProcessModuleInformation(NULL,
                                                          0,
                                                          &ReturnSize);
                Status = LdrQueryProcessModuleInformation(Mp,
                                                          ReturnSize ,
                                                          &ReturnSize);
                if (!NT_SUCCESS(Status))
                {
                    return Status;
                }

                MSize = Mp->NumberOfModules * (sizeof(RTL_PROCESS_MODULES) + 8);
                Buf->Modules = Mp;
                Buf->OffsetFree = Buf->OffsetFree + MSize;
            }

            if (DebugInfoMask & RTL_DEBUG_QUERY_HEAPS)
            {
                PRTL_PROCESS_HEAPS Hp;
                ULONG HSize;

                Hp = (PRTL_PROCESS_HEAPS)((PUCHAR)Buf + Buf->OffsetFree);
                HSize = sizeof(RTL_PROCESS_HEAPS);
                if (DebugInfoMask & RTL_DEBUG_QUERY_HEAP_TAGS)
                {
                    // TODO
                }
                if (DebugInfoMask & RTL_DEBUG_QUERY_HEAP_BLOCKS)
                {
                    // TODO
                }
                Buf->Heaps = Hp;
                Buf->OffsetFree = Buf->OffsetFree + HSize;

            }

            if (DebugInfoMask & RTL_DEBUG_QUERY_LOCKS)
            {
                PRTL_PROCESS_LOCKS Lp;
                ULONG LSize;

                Lp = (PRTL_PROCESS_LOCKS)((PUCHAR)Buf + Buf->OffsetFree);
                LSize = sizeof(RTL_PROCESS_LOCKS);
                Buf->Locks = Lp;
                Buf->OffsetFree = Buf->OffsetFree + LSize;
            }

            DPRINT("QueryProcessDebugInformation end \n");
            DPRINT("QueryDebugInfo : 0x%lx\n", Buf->OffsetFree);
        }
        else
        {
            HANDLE hProcess;
            CLIENT_ID ClientId;
            OBJECT_ATTRIBUTES ObjectAttributes;

            Buf->TargetProcessHandle = NtCurrentProcess();

            ClientId.UniqueThread = 0;
            ClientId.UniqueProcess = (HANDLE)(ULONG_PTR)ProcessId;
            InitializeObjectAttributes(&ObjectAttributes,
                                       NULL,
                                       0,
                                       NULL,
                                       NULL);

            Status = NtOpenProcess(&hProcess,
                                   (PROCESS_ALL_ACCESS),
                                   &ObjectAttributes,
                                   &ClientId );
            if (!NT_SUCCESS(Status))
            {
                return Status;
            }

            if (DebugInfoMask & RTL_DEBUG_QUERY_MODULES)
            {
                PRTL_PROCESS_MODULES Mp;
                ULONG ReturnSize = 0;
                ULONG MSize;

                Mp = (PRTL_PROCESS_MODULES)((PUCHAR)Buf + Buf->OffsetFree);

                Status = RtlpQueryRemoteProcessModules(hProcess,
                                                       NULL,
                                                       0,
                                                       &ReturnSize);

                Status = RtlpQueryRemoteProcessModules(hProcess,
                                                       Mp,
                                                       ReturnSize ,
                                                       &ReturnSize);
                if (!NT_SUCCESS(Status))
                {
                    return Status;
                }

                MSize = Mp->NumberOfModules * (sizeof(RTL_PROCESS_MODULES) + 8);
                Buf->Modules = Mp;
                Buf->OffsetFree = Buf->OffsetFree + MSize;
            }

            if (DebugInfoMask & RTL_DEBUG_QUERY_HEAPS)
            {
                PRTL_PROCESS_HEAPS Hp;
                ULONG HSize;

                Hp = (PRTL_PROCESS_HEAPS)((PUCHAR)Buf + Buf->OffsetFree);
                HSize = sizeof(RTL_PROCESS_HEAPS);
                if (DebugInfoMask & RTL_DEBUG_QUERY_HEAP_TAGS)
                {
                    // TODO
                }
                if (DebugInfoMask & RTL_DEBUG_QUERY_HEAP_BLOCKS)
                {
                    // TODO
                }
                Buf->Heaps = Hp;
                Buf->OffsetFree = Buf->OffsetFree + HSize;

            }

            if (DebugInfoMask & RTL_DEBUG_QUERY_LOCKS)
            {
                PRTL_PROCESS_LOCKS Lp;
                ULONG LSize;

                Lp = (PRTL_PROCESS_LOCKS)((PUCHAR)Buf + Buf->OffsetFree);
                LSize = sizeof(RTL_PROCESS_LOCKS);
                Buf->Locks = Lp;
                Buf->OffsetFree = Buf->OffsetFree + LSize;
            }

            DPRINT("QueryProcessDebugInformation end \n");
            DPRINT("QueryDebugInfo : 0x%lx\n", Buf->OffsetFree);
        }

    return Status;
}
예제 #15
0
파일: session.c 프로젝트: hoangduit/reactos
NTSTATUS
LsapEnumLogonSessions(IN OUT PLSA_API_MSG RequestMsg)
{
    OBJECT_ATTRIBUTES ObjectAttributes;
    HANDLE ProcessHandle = NULL;
    PLIST_ENTRY SessionEntry;
    PLSAP_LOGON_SESSION CurrentSession;
    PLUID SessionList;
    ULONG i, Length, MemSize;
    PVOID ClientBaseAddress = NULL;
    NTSTATUS Status;

    TRACE("LsapEnumLogonSessions(%p)\n", RequestMsg);

    Length = SessionCount * sizeof(LUID);
    SessionList = RtlAllocateHeap(RtlGetProcessHeap(),
                                  HEAP_ZERO_MEMORY,
                                  Length);
    if (SessionList == NULL)
        return STATUS_INSUFFICIENT_RESOURCES;

    i = 0;
    SessionEntry = SessionListHead.Flink;
    while (SessionEntry != &SessionListHead)
    {
        CurrentSession = CONTAINING_RECORD(SessionEntry,
                                           LSAP_LOGON_SESSION,
                                           Entry);

        RtlCopyLuid(&SessionList[i],
                    &CurrentSession->LogonId);

        SessionEntry = SessionEntry->Flink;
        i++;
    }

    InitializeObjectAttributes(&ObjectAttributes,
                               NULL,
                               0,
                               NULL,
                               NULL);

    Status = NtOpenProcess(&ProcessHandle,
                           PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION,
                           &ObjectAttributes,
                           &RequestMsg->h.ClientId);
    if (!NT_SUCCESS(Status))
    {
        TRACE("NtOpenProcess() failed (Status %lx)\n", Status);
        goto done;
    }

    TRACE("Length: %lu\n", Length);

    MemSize = Length;
    Status = NtAllocateVirtualMemory(ProcessHandle,
                                     &ClientBaseAddress,
                                     0,
                                     &MemSize,
                                     MEM_COMMIT,
                                     PAGE_READWRITE);
    if (!NT_SUCCESS(Status))
    {
        TRACE("NtAllocateVirtualMemory() failed (Status %lx)\n", Status);
        goto done;
    }

    TRACE("MemSize: %lu\n", MemSize);
    TRACE("ClientBaseAddress: %p\n", ClientBaseAddress);

    Status = NtWriteVirtualMemory(ProcessHandle,
                                  ClientBaseAddress,
                                  SessionList,
                                  Length,
                                  NULL);
    if (!NT_SUCCESS(Status))
    {
        TRACE("NtWriteVirtualMemory() failed (Status %lx)\n", Status);
        goto done;
    }

    RequestMsg->EnumLogonSessions.Reply.LogonSessionCount = SessionCount;
    RequestMsg->EnumLogonSessions.Reply.LogonSessionBuffer = ClientBaseAddress;

done:
    if (ProcessHandle != NULL)
        NtClose(ProcessHandle);

    if (SessionList != NULL)
        RtlFreeHeap(RtlGetProcessHeap(), 0, SessionList);

    return Status;
}
예제 #16
0
파일: smloop.c 프로젝트: Strongc/reactos
NTSTATUS
NTAPI
SmpExecPgm(IN PSM_API_MSG SmApiMsg,
           IN PSMP_CLIENT_CONTEXT ClientContext,
           IN HANDLE SmApiPort)
{
    HANDLE ProcessHandle;
    NTSTATUS Status;
    PSM_EXEC_PGM_MSG SmExecPgm;
    RTL_USER_PROCESS_INFORMATION ProcessInformation;
    OBJECT_ATTRIBUTES ObjectAttributes;

    /* Open the client process */
    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
    Status = NtOpenProcess(&ProcessHandle,
                           PROCESS_DUP_HANDLE,
                           &ObjectAttributes,
                           &SmApiMsg->h.ClientId);
    if (!NT_SUCCESS(Status))
    {
        /* Fail */
        DPRINT1("SmExecPgm: NtOpenProcess Failed %lx\n", Status);
        return Status;
    }

    /* Copy the process information out of the message */
    SmExecPgm = &SmApiMsg->u.ExecPgm;
    ProcessInformation = SmExecPgm->ProcessInformation;

    /* Duplicate the process handle */
    Status = NtDuplicateObject(ProcessHandle,
                               SmExecPgm->ProcessInformation.ProcessHandle,
                               NtCurrentProcess(),
                               &ProcessInformation.ProcessHandle,
                               PROCESS_ALL_ACCESS,
                               0,
                               0);
    if (!NT_SUCCESS(Status))
    {
        /* Close the handle and fail */
        NtClose(ProcessHandle);
        DPRINT1("SmExecPgm: NtDuplicateObject (Process) Failed %lx\n", Status);
        return Status;
    }

    /* Duplicate the thread handle */
    Status = NtDuplicateObject(ProcessHandle,
                               SmExecPgm->ProcessInformation.ThreadHandle,
                               NtCurrentProcess(),
                               &ProcessInformation.ThreadHandle,
                               THREAD_ALL_ACCESS,
                               0,
                               0);
    if (!NT_SUCCESS(Status))
    {
        /* Close both handles and fail */
        NtClose(ProcessInformation.ProcessHandle);
        NtClose(ProcessHandle);
        DPRINT1("SmExecPgm: NtDuplicateObject (Thread) Failed %lx\n", Status);
        return Status;
    }

    /* Close the process handle and call the internal client API */
    NtClose(ProcessHandle);
    return SmpSbCreateSession(NULL,
                              NULL,
                              &ProcessInformation,
                              0,
                              SmExecPgm->DebugFlag ? &SmApiMsg->h.ClientId : NULL);
}
예제 #17
0
파일: smloop.c 프로젝트: Strongc/reactos
NTSTATUS
NTAPI
SmpHandleConnectionRequest(IN HANDLE SmApiPort,
                           IN PSB_API_MSG SbApiMsg)
{
    BOOLEAN Accept = TRUE;
    HANDLE PortHandle, ProcessHandle;
    ULONG SessionId;
    UNICODE_STRING SubsystemPort;
    SMP_CLIENT_CONTEXT *ClientContext;
    NTSTATUS Status;
    OBJECT_ATTRIBUTES ObjectAttributes;
    REMOTE_PORT_VIEW PortView;
    SECURITY_QUALITY_OF_SERVICE SecurityQos;
    PSMP_SUBSYSTEM CidSubsystem, TypeSubsystem;

    /* Initialize QoS data */
    SecurityQos.ImpersonationLevel = SecurityIdentification;
    SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
    SecurityQos.EffectiveOnly = TRUE;

    /* Check if this is SM connecting to itself */
    if (SbApiMsg->h.ClientId.UniqueProcess == SmUniqueProcessId)
    {
        /* No need to get any handle -- assume session 0 */
        ProcessHandle = NULL;
        SessionId = 0;
    }
    else
    {
        /* Reference the foreign process */
        InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
        Status = NtOpenProcess(&ProcessHandle,
                               PROCESS_QUERY_INFORMATION,
                               &ObjectAttributes,
                               &SbApiMsg->h.ClientId);
        if (!NT_SUCCESS(Status)) Accept = FALSE;

        /* Get its session ID */
        SmpGetProcessMuSessionId(ProcessHandle, &SessionId);
    }

    /* See if we already know about the caller's subystem */
    CidSubsystem = SmpLocateKnownSubSysByCid(&SbApiMsg->h.ClientId);
    if ((CidSubsystem) && (Accept))
    {
        /* Check if we already have a subsystem for this kind of image */
        TypeSubsystem = SmpLocateKnownSubSysByType(SessionId,
                                                   SbApiMsg->ConnectionInfo.SubsystemType);
        if (TypeSubsystem == CidSubsystem)
        {
            /* Someone is trying to take control of an existing subsystem, fail */
            Accept = FALSE;
            DPRINT1("SMSS: Connection from SubSystem rejected\n");
            DPRINT1("SMSS: Image type already being served\n");
        }
        else
        {
            /* Set this image type as the type for this subsystem */
            CidSubsystem->ImageType = SbApiMsg->ConnectionInfo.SubsystemType;
        }

        /* Drop the reference we had acquired */
        if (TypeSubsystem) SmpDereferenceSubsystem(TypeSubsystem);
    }

    /* Check if we'll be accepting the connection */
    if (Accept)
    {
        /* We will, so create a client context for it */
        ClientContext = RtlAllocateHeap(SmpHeap, 0, sizeof(SMP_CLIENT_CONTEXT));
        if (ClientContext)
        {
            ClientContext->ProcessHandle = ProcessHandle;
            ClientContext->Subsystem = CidSubsystem;
            ClientContext->dword10 = 0;
            ClientContext->PortHandle = NULL;
        }
        else
        {
            /* Failed to allocate a client context, so reject the connection */
            DPRINT1("Rejecting connectiond due to lack of memory\n");
            Accept = FALSE;
        }
    }
    else
    {
        /* Use a bogus context since we're going to reject the message */
        ClientContext = (PSMP_CLIENT_CONTEXT)SbApiMsg;
    }

    /* Now send the actual accept reply (which could be a rejection) */
    PortView.Length = sizeof(PortView);
    Status = NtAcceptConnectPort(&PortHandle,
                                 ClientContext,
                                 &SbApiMsg->h,
                                 Accept,
                                 NULL,
                                 &PortView);
    if (!(Accept) || !(NT_SUCCESS(Status)))
    {
        /* Close the process handle, reference the subsystem, and exit */
        DPRINT1("Accept failed or rejected: %lx\n", Status);
        if (ClientContext != (PVOID)SbApiMsg) RtlFreeHeap(SmpHeap, 0, ClientContext);
        if (ProcessHandle) NtClose(ProcessHandle);
        if (CidSubsystem) SmpDereferenceSubsystem(CidSubsystem);
        return Status;
    }

    /* Save the port handle now that we've accepted it */
    if (ClientContext) ClientContext->PortHandle = PortHandle;
    if (CidSubsystem) CidSubsystem->PortHandle = PortHandle;

    /* Complete the port connection */
    Status = NtCompleteConnectPort(PortHandle);
    if ((NT_SUCCESS(Status)) && (CidSubsystem))
    {
        /* This was an actual subsystem, so connect back to it */
        SbApiMsg->ConnectionInfo.SbApiPortName[119] = UNICODE_NULL;
        RtlCreateUnicodeString(&SubsystemPort,
                               SbApiMsg->ConnectionInfo.SbApiPortName);
        Status = NtConnectPort(&CidSubsystem->SbApiPort,
                               &SubsystemPort,
                               &SecurityQos,
                               NULL,
                               NULL,
                               NULL,
                               NULL,
                               NULL);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("SMSS: Connect back to Sb %wZ failed %lx\n", &SubsystemPort, Status);
        }
        RtlFreeUnicodeString(&SubsystemPort);

        /* Now that we're connected, signal the event handle */
        NtSetEvent(CidSubsystem->Event, NULL);
    }
    else if (CidSubsystem)
    {
        /* We failed to complete the connection, so clear the port handle */
        DPRINT1("Completing the connection failed: %lx\n", Status);
        CidSubsystem->PortHandle = NULL;
    }

    /* Dereference the subsystem and return the result */
    if (CidSubsystem) SmpDereferenceSubsystem(CidSubsystem);
    return Status;
}
예제 #18
0
파일: srvnls.c 프로젝트: shuowen/OpenNT
ULONG
BaseSrvNlsCreateSortSection(
    IN OUT PCSR_API_MSG m,
    IN OUT PCSR_REPLY_STATUS ReplyStatus)
{
    PBASE_NLS_CREATE_SORT_SECTION_MSG a =
        (PBASE_NLS_CREATE_SORT_SECTION_MSG)&m->u.ApiMessageData;

    HANDLE hNewSec = (HANDLE)0;              /* new section handle */
    HANDLE hProcess = (HANDLE)0;             /* process handle */
    OBJECT_ATTRIBUTES ObjA;                  /* object attributes structure */
    NTSTATUS rc = 0L;                        /* return code */
    ULONG pSecurityDescriptor[MAX_PATH_LEN]; /* security descriptor buffer */
    PSID pWorldSid;                          /* ptr to world SID */


    /*
     *  Set the handles to null.
     */
    a->hNewSection = NULL;

    /*
     *  Create the NEW Section for Read and Write access.
     *  Add a ReadOnly security descriptor so that only the
     *  initial creating process may write to the section.
     */
    if (rc = CreateSecurityDescriptor(pSecurityDescriptor,
                                      &pWorldSid,
                                      GENERIC_READ))
    {
        return (rc);
    }

    InitializeObjectAttributes(&ObjA,
                               &(a->SectionName),
                               OBJ_PERMANENT | OBJ_CASE_INSENSITIVE,
                               NULL,
                               pSecurityDescriptor);

    rc = NtCreateSection(&hNewSec,
                         SECTION_MAP_READ | SECTION_MAP_WRITE,
                         &ObjA,
                         &(a->SectionSize),
                         PAGE_READWRITE,
                         SEC_COMMIT,
                         NULL);

    /*
     *  Check for error from NtCreateSection.
     */
    if (!NT_SUCCESS(rc))
    {
        /*
         *  If the name has already been created, ignore the error.
         */
        if (rc != STATUS_OBJECT_NAME_COLLISION)
        {
            KdPrint(("NLSAPI (BaseSrv): Could NOT Create Section %wZ - %lx.\n",
                     &(a->SectionName), rc));
            return (rc);
        }
    }

    /*
     *  Duplicate the new section handle for the client.
     *  The client will map a view of the section and fill in the data.
     */
    InitializeObjectAttributes(&ObjA,
                               NULL,
                               0,
                               NULL,
                               NULL);

    rc = NtOpenProcess(&hProcess,
                       PROCESS_DUP_HANDLE,
                       &ObjA,
                       &m->h.ClientId);

    if (!NT_SUCCESS(rc))
    {
        KdPrint(("NLSAPI (BaseSrv): Could NOT Open Process - %lx.\n", rc));
        return (rc);
    }

    rc = NtDuplicateObject(NtCurrentProcess(),
                           hNewSec,
                           hProcess,
                           &(a->hNewSection),
                           0L,
                           0L,
                           DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE);

    /*
     *  Return the return value from NtDuplicateObject.
     */
    return (rc);

    ReplyStatus;    // get rid of unreferenced parameter warning message
}
예제 #19
0
파일: process.c 프로젝트: bragin/ring3k
void test_open_process( void )
{
	NTSTATUS r;
	CLIENT_ID id;
	HANDLE handle, dummy = (void*) 0xf0de;
	OBJECT_ATTRIBUTES oa;
	UNICODE_STRING us;

	r = NtOpenProcess( NULL, 0, NULL, NULL );
	ok( r == STATUS_ACCESS_VIOLATION, "wrong return %08lx\n", r );

	r = NtOpenProcess( NULL, 0, NULL, &id );
	ok( r == STATUS_ACCESS_VIOLATION, "wrong return %08lx\n", r );

	id.UniqueProcess = 0;
	id.UniqueThread = 0;
	r = NtOpenProcess( &handle, 0, NULL, &id );
	ok( r == STATUS_ACCESS_VIOLATION, "wrong return %08lx\n", r );

	oa.Length = 0;
	oa.RootDirectory = 0;
	oa.ObjectName = 0;
	oa.Attributes = 0;
	oa.SecurityDescriptor = 0;
	oa.SecurityQualityOfService = 0;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER, "wrong return %08lx\n", r );

	oa.Length = sizeof oa;
	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER, "wrong return %08lx\n", r );

	us.Buffer = NULL;
	us.Length = 0;
	us.MaximumLength = 0;
	oa.ObjectName = &us;

	r = NtOpenProcess( &handle, 0, &oa, NULL );
	ok( r == STATUS_OBJECT_PATH_SYNTAX_BAD, "wrong return %08lx\n", r );

	oa.Length = 0;
	r = NtOpenProcess( &handle, 0, &oa, NULL );
	ok( r == STATUS_INVALID_PARAMETER, "wrong return %08lx\n", r );

	id.UniqueProcess = dummy;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER_MIX, "wrong return %08lx\n", r );

	oa.ObjectName = NULL;
	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER, "wrong return %08lx\n", r );

	r = NtOpenProcess( &handle, 0, NULL, &id );
	ok( r == STATUS_ACCESS_VIOLATION, "wrong return %08lx\n", r );

	oa.ObjectName = &us;
	us.Buffer = L"\\Process\\non-existant";
	us.Length = 21*2;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER_MIX, "wrong return %08lx\n", r );

	id.UniqueProcess = 0;

#if 0
	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER_MIX, "wrong return %08lx\n", r );

	r = NtOpenProcess( &handle, 0, &oa, NULL );
	ok( r == STATUS_OBJECT_PATH_NOT_FOUND, "wrong return %08lx\n", r );
#endif

	id.UniqueProcess = (void*) 0x10000;
	id.UniqueThread = (void*) 0x10000;

	r = NtOpenProcess( &handle, 0, NULL, &id );
	ok( r == STATUS_ACCESS_VIOLATION, "wrong return %08lx\n", r );

	memset( &oa, 0, sizeof oa );
	id.UniqueProcess = dummy;
	id.UniqueThread = dummy;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_CID, "wrong return %08lx\n", r );

	oa.Length = 1;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_CID, "wrong return %08lx\n", r );

	oa.Length = sizeof oa;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_CID, "wrong return %08lx\n", r );

	id.UniqueProcess = 0;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_CID, "wrong return %08lx\n", r );

	oa.ObjectName = &us;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER_MIX, "wrong return %08lx\n", r );

	oa.Length = 0;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER_MIX, "wrong return %08lx\n", r );

	id.UniqueProcess = 0;
	id.UniqueThread = 0;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER_MIX, "wrong return %08lx\n", r );

	oa.ObjectName = NULL;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER, "wrong return %08lx\n", r );

	oa.Length = sizeof oa;

	r = NtOpenProcess( &handle, 0, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER, "wrong return %08lx\n", r );

	r = NtOpenProcess( &handle, PROCESS_DUP_HANDLE, &oa, &id );
	ok( r == STATUS_INVALID_PARAMETER, "wrong return %08lx\n", r );
}
예제 #20
0
파일: harderror.c 프로젝트: RPG-7/reactos
VOID
NTAPI
UserServerHardError(
    IN PCSR_THREAD ThreadData,
    IN PHARDERROR_MSG Message)
{
#if DBG
    PCSR_PROCESS ProcessData = ThreadData->Process;
#endif
    ULONG_PTR Parameters[MAXIMUM_HARDERROR_PARAMETERS];
    OBJECT_ATTRIBUTES ObjectAttributes;
    UNICODE_STRING TextU, CaptionU;
    NTSTATUS Status;
    HANDLE hProcess;
    ULONG Size;

    /* Default to not handled */
    ASSERT(ProcessData != NULL);
    Message->Response = ResponseNotHandled;

    /* Make sure we don't have too many parameters */
    if (Message->NumberOfParameters > MAXIMUM_HARDERROR_PARAMETERS)
        Message->NumberOfParameters = MAXIMUM_HARDERROR_PARAMETERS;

    /* Initialize object attributes */
    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);

    /* Open client process */
    Status = NtOpenProcess(&hProcess,
                           PROCESS_VM_READ | PROCESS_QUERY_INFORMATION,
                           &ObjectAttributes,
                           &Message->h.ClientId);

    if (!NT_SUCCESS(Status))
    {
        DPRINT1("NtOpenProcess failed with code: %lx\n", Status);
        return;
    }

    /* Capture all string parameters from the process memory */
    Status = UserpCaptureStringParameters(Parameters, &Size, Message, hProcess);
    if (!NT_SUCCESS(Status))
    {
        NtClose(hProcess);
        return;
    }

    /* Format the caption and message box text */
    Status = UserpFormatMessages(&TextU,
                                 &CaptionU,
                                 Parameters,
                                 Size,
                                 Message,
                                 hProcess);

    /* Cleanup */
    UserpFreeStringParameters(Parameters, Message);
    NtClose(hProcess);

    if (!NT_SUCCESS(Status))
    {
        return;
    }

    /* Display the message box */
    Message->Response = UserpMessageBox(TextU.Buffer,
                                        CaptionU.Buffer,
                                        Message->ValidResponseOptions,
                                        (ULONG)Message->Status >> 30);

    RtlFreeUnicodeString(&TextU);
    RtlFreeUnicodeString(&CaptionU);

    return;
}