int _tmain(int argc, _TCHAR* argv[])
{

	PWTS_SESSION_INFO pSessionInfo;
	DWORD dwSessionInfo=0;
	WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE,0,1,&pSessionInfo,&dwSessionInfo);
	
	printf("[*] Windows DACL Enumeration Project - https://github.com/nccgroup/WindowsDACLEnumProject - WinStationsAndDesktopsPerms\n");
	printf("[*] NCC Group Plc - http://www.nccgroup.com/ \n");
	printf("[*] -h for help \n");

	SetPrivilege(GetCurrentProcess(),SE_DEBUG_NAME);
	
	DWORD dwSessID = 0;
	ProcessIdToSessionId(GetCurrentProcessId(),&dwSessID);
	fprintf(stdout,"[i] Running in session %d\n",dwSessID);

	EnumWindowStations(&EnumWindowStationProc,NULL);

	
	return 0;
}
예제 #2
0
static DWORD
find_process(const char *targetExeName, DWORD targetSession)
{
	PROCESSENTRY32 pe32 = {0};

	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (hSnap == INVALID_HANDLE_VALUE) {
		return 0;
	}

	pe32.dwSize = sizeof(PROCESSENTRY32);
	if (!Process32First(hSnap, &pe32)) {
		CloseHandle(hSnap);
		return 0;
	}

	do
	{
		if (_stricmp(pe32.szExeFile, targetExeName) == 0) {
			DWORD sessId = 0;
			if (ProcessIdToSessionId(pe32.th32ProcessID, &sessId)
				&& sessId == targetSession)
			{
				/* found target process */
				CloseHandle(hSnap);
				return pe32.th32ProcessID;
			}
		}
	} while (Process32Next(hSnap, &pe32));

	CloseHandle(hSnap);
	return 0;
}
예제 #3
0
static
BOOL
IsRemote(DWORD pid, DWORD *exitTag, DWORD *lastErrorCode) {
    DWORD sessionId;
    if (FALSE == ProcessIdToSessionId(pid, &sessionId)) {
        *exitTag = 1;
        *lastErrorCode = GetLastError();
        return FALSE;
    }

    OSVERSIONINFOW osvi;
    ZeroMemory(&osvi, sizeof(OSVERSIONINFOW));
    osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOW);

    GetVersionExW(&osvi);
    if (osvi.dwMajorVersion > 5) {
        // The case of Vista/Server 2008: 0 and 1 means local, greater than 1 - remote.
        return (0 != sessionId) && (1 != sessionId);
    } else if ((osvi.dwMajorVersion == 5) && (osvi.dwMinorVersion >= 1)) {
        // The case of XP/Server 2003: 0 is local, another value means remote.
        return (0 != sessionId);
    } else {
        *exitTag = 2;
        return FALSE;
    }
}
예제 #4
0
int Temp_CalcSelfClientID(unsigned __int32 a1, unsigned __int32 *a2)
{
	int result; // eax@2
	char v3; // [sp+Ch] [bp-DCh]@1
	unsigned __int32 v4; // [sp+D0h] [bp-18h]@3
	DWORD pSessionId; // [sp+D4h] [bp-14h]@3
	DWORD dwProcessId; // [sp+D8h] [bp-10h]@3
	int v7; // [sp+DCh] [bp-Ch]@3
	unsigned int v8; // [sp+E4h] [bp-4h]@1
	int savedregs; // [sp+E8h] [bp+0h]@1

	if ( a2 )
	{
		pSessionId = 0;
		dwProcessId = 0;
		v7 = 0;
		v4 = a1;
		dwProcessId = GetCurrentProcessId();
		ProcessIdToSessionId(dwProcessId, &pSessionId);
		v7 = 0;
		CalcClientID((PCLIENTINFO)&v4);
		*a2 = v4;
		result = 0;
	}
	else
	{
		result = -536863742;
	}
	return result;
}
SessionChangesWatcher::SessionChangesWatcher(AnEventListener *extSessionChangesListener,
                                             LogWriter *log)
: m_extSessionChangesListener(extSessionChangesListener),
  m_log(log)
{
  ProcessIdToSessionId(GetCurrentProcessId(), &m_baseSessionId);
  resume();
}
예제 #6
0
파일: util.cpp 프로젝트: gphysics/displaz
std::string currentUserUid()
{
#   ifdef _WIN32
    DWORD sessId = 0;
    ProcessIdToSessionId(GetCurrentProcessId(), &sessId);
    return tfm::format("%d", sessId);
#   else
    return tfm::format("%d", ::getuid());
#   endif
}
예제 #7
0
bstr_t GetSessionPath()
{
	std::wstringstream ss;

	WCHAR objPath[MAX_PATH + 1] = { 0 };
	ULONG length = MAX_PATH;
	DWORD dwSessionId;

	if (ProcessIdToSessionId(GetCurrentProcessId(), &dwSessionId))
	{
		ss << L"\\Sessions\\" << dwSessionId;

		return ss.str().c_str();
	}

	return L"";
}
예제 #8
0
파일: shellole.c 프로젝트: Moteesh/reactos
static void test_SHCreateSessionKey(void)
{
    static const WCHAR session_format[] = {
                'S','o','f','t','w','a','r','e','\\','M','i','c','r','o','s','o','f','t','\\',
                'W','i','n','d','o','w','s','\\','C','u','r','r','e','n','t','V','e','r','s','i','o','n','\\',
                'E','x','p','l','o','r','e','r','\\','S','e','s','s','i','o','n','I','n','f','o','\\','%','u',0};
    HKEY hkey, hkey2;
    HRESULT hr;
    DWORD session;
    WCHAR sessionW[ARRAY_SIZE(session_format) + 16];
    LONG ret;

    if (!pSHCreateSessionKey)
    {
        win_skip("SHCreateSessionKey is not implemented\n");
        return;
    }

    if (0) /* crashes on native */
        hr = pSHCreateSessionKey(KEY_READ, NULL);

    hkey = (HKEY)0xdeadbeef;
    hr = pSHCreateSessionKey(0, &hkey);
    ok(hr == E_ACCESSDENIED, "got 0x%08x\n", hr);
    ok(hkey == NULL, "got %p\n", hkey);

    hr = pSHCreateSessionKey(KEY_READ, &hkey);
    ok(hr == S_OK, "got 0x%08x\n", hr);

    hr = pSHCreateSessionKey(KEY_READ, &hkey2);
    ok(hr == S_OK, "got 0x%08x\n", hr);
    ok(hkey != hkey2, "got %p, %p\n", hkey, hkey2);

    RegCloseKey(hkey);
    RegCloseKey(hkey2);

    /* check the registry */
    ProcessIdToSessionId( GetCurrentProcessId(), &session);
    if (session)
    {
        wsprintfW(sessionW, session_format, session);
        ret = RegOpenKeyW(HKEY_CURRENT_USER, sessionW, &hkey);
        ok(!ret, "key not found\n");
        RegCloseKey(hkey);
    }
}
예제 #9
0
std::wstring SYS_get_base_named_objects_path()
{
	std::wstring base_name_objects_path;

	// get our terminal services session id
	DWORD session_id;
	ProcessIdToSessionId(GetCurrentProcessId(), &session_id);
	// create a path to the kernel BaseNamedObjects
	if( session_id == 0 ) {
		// there is no 0 session, this just means an OS without terminal services
		base_name_objects_path = L"\\BaseNamedObjects";
	}
	else {
		wchar_t path_buffer[MAX_PATH];
		wsprintf(path_buffer, L"\\Sessions\\%d\\BaseNamedObjects", session_id);
		base_name_objects_path = path_buffer;
	}

	return base_name_objects_path;
}
예제 #10
0
BOOL CHooks::IsInRemoteDesktop()
{
	BOOL bRet = FALSE;

	DWORD dwSectionId = 0, dwBytesReturned = 0;

	DWORD dwProcessId = GetCurrentProcessId();

	ProcessIdToSessionId(dwProcessId, &dwSectionId);

	LPTSTR pBuffer = NULL;

	DWORD dwRet = WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, 
		dwSectionId, WTSClientName, &pBuffer, &dwBytesReturned);

	if (dwRet != 0 && dwBytesReturned != 0 && pBuffer != NULL)
	{
		bRet = lstrlen(pBuffer) > 0;

		WTSFreeMemory(pBuffer);
	}

	return bRet;
}
예제 #11
0
// Open a window station and a desktop in another session, grant access to those handles
DWORD GrantRemoteSessionDesktopAccess(
    IN DWORD sessionId,
    IN const WCHAR *accountName,
    IN WCHAR *systemName
    )
{
    DWORD status = ERROR_UNIDENTIFIED_ERROR;
    HRESULT hresult;
    HANDLE token = NULL;
    HANDLE tokenDuplicate = NULL;
    WCHAR fullPath[MAX_PATH + 1] = { 0 };
    WCHAR arguments[UNLEN + 1];
    PROCESS_INFORMATION pi = { 0 };
    STARTUPINFO si = { 0 };
    DWORD currentSessionId;

    if (!accountName)
        return ERROR_INVALID_PARAMETER;

    if (!ProcessIdToSessionId(GetCurrentProcessId(), &currentSessionId))
    {
        return perror("ProcessIdToSessionId");
    }

    if (currentSessionId == sessionId)
    {
        // We're in the same session, no need to run an additional process.
        LogInfo("Already running in the specified session");
        status = GrantDesktopAccess(accountName, systemName);
        if (ERROR_SUCCESS != status)
            perror2(status, "GrantDesktopAccess");

        return status;
    }

    if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &token))
    {
        if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &token))
        {
            return perror("OpenProcessToken");
        }
    }

    if (!DuplicateTokenEx(
        token,
        MAXIMUM_ALLOWED,
        NULL,
        SecurityIdentification,
        TokenPrimary,
        &tokenDuplicate))
    {
        status = perror("DuplicateTokenEx");
        goto cleanup;
    }

    CloseHandle(token);
    token = tokenDuplicate;

    if (!SetTokenInformation(token, TokenSessionId, &sessionId, sizeof(sessionId)))
    {
        status = perror("SetTokenInformation");
        goto cleanup;
    }

    if (!GetModuleFileName(NULL, fullPath, RTL_NUMBER_OF(fullPath) - 1))
    {
        status = perror("GetModuleFileName");
        goto cleanup;
    }

    hresult = StringCchPrintf(arguments, RTL_NUMBER_OF(arguments), L"\"%s\" -a %s", fullPath, accountName);
    if (FAILED(hresult))
    {
        LogError("StringCchPrintf failed");
        goto cleanup;
    }

    si.cb = sizeof(si);

    LogDebug("CreateProcessAsUser(%s)", arguments);

    if (!CreateProcessAsUser(
        token,
        fullPath,
        arguments,
        NULL,
        NULL,
        TRUE, // handles are inherited
        0,
        NULL,
        NULL,
        &si,
        &pi))
    {
        status = perror("CreateProcessAsUser");
        goto cleanup;
    }

    status = WaitForSingleObject(pi.hProcess, 1000);

    if (WAIT_OBJECT_0 != status)
    {
        if (WAIT_TIMEOUT == status)
        {
            status = ERROR_ACCESS_DENIED;
            LogInfo("WaitForSingleObject timed out");
        }
        else
        {
            status = perror("WaitForSingleObject");
        }
    }

cleanup:
    if (pi.hThread)
        CloseHandle(pi.hThread);
    if (pi.hProcess)
        CloseHandle(pi.hProcess);
    if (token)
        CloseHandle(token);
    return status;
}
예제 #12
0
int WINAPI
WinMain(HINSTANCE instance, HINSTANCE prev_instance, LPSTR cmdline, int cmdshow)
{
	int success = 0;
	HANDLE helper = NULL;
	HMODULE hookdll = NULL;
	SYSTEM_INFO si;

	set_hooks_proc_t set_hooks_fn;
	remove_hooks_proc_t remove_hooks_fn;
	get_instance_count_proc_t instance_count_fn;

	int check_counter;

	if (strlen(cmdline) == 0) {
		message("No command line specified.");
		return -1;
	}

	if (vchannel_open()) {
		message("Unable to set up the virtual channel.");
		return -1;
	}


	GetSystemInfo(&si);
	switch (si.wProcessorArchitecture) {
	case PROCESSOR_ARCHITECTURE_INTEL:
		hookdll = LoadLibrary("seamlessrdp32.dll");
		break;
	case PROCESSOR_ARCHITECTURE_AMD64:
		hookdll = LoadLibrary("seamlessrdp64.dll");
		break;
	default:
		message("Unsupported processor architecture.");
		break;

	}

	if (!hookdll) {
		message("Could not load hook DLL. Unable to continue.");
		goto close_vchannel;
	}

	set_hooks_fn = (set_hooks_proc_t) GetProcAddress(hookdll, "SetHooks");
	remove_hooks_fn =
		(remove_hooks_proc_t) GetProcAddress(hookdll, "RemoveHooks");
	instance_count_fn =
		(get_instance_count_proc_t) GetProcAddress(hookdll, "GetInstanceCount");
	g_move_window_fn =
		(move_window_proc_t) GetProcAddress(hookdll, "SafeMoveWindow");
	g_zchange_fn = (zchange_proc_t) GetProcAddress(hookdll, "SafeZChange");
	g_focus_fn = (focus_proc_t) GetProcAddress(hookdll, "SafeFocus");
	g_set_state_fn = (set_state_proc_t) GetProcAddress(hookdll, "SafeSetState");

	if (!set_hooks_fn || !remove_hooks_fn || !instance_count_fn
		|| !g_move_window_fn || !g_zchange_fn || !g_focus_fn
		|| !g_set_state_fn) {
		message
			("Hook DLL doesn't contain the correct functions. Unable to continue.");
		goto close_hookdll;
	}

	/* Check if the DLL is already loaded */
	switch (instance_count_fn()) {
	case 0:
		message("Hook DLL failed to initialize.");
		goto close_hookdll;
		break;
	case 1:
		break;
	default:
		message("Another running instance of Seamless RDP detected.");
		goto close_hookdll;
	}

	helper = launch_helper();

	ProcessIdToSessionId(GetCurrentProcessId(), &g_session_id);

	build_startup_procs();

	g_connected = is_connected();
	g_desktop_hidden = is_desktop_hidden();

	vchannel_write("HELLO", "0x%08x",
		g_desktop_hidden ? SEAMLESS_HELLO_HIDDEN : 0);

	set_hooks_fn();

	/* Since we don't see the entire desktop we must resize windows
	   immediatly. */
	SystemParametersInfo(SPI_SETDRAGFULLWINDOWS, TRUE, NULL, 0);

	/* Disable screen saver since we cannot catch its windows. */
	SystemParametersInfo(SPI_SETSCREENSAVEACTIVE, FALSE, NULL, 0);

	/* We don't want windows denying requests to activate windows. */
	SystemParametersInfo(SPI_SETFOREGROUNDLOCKTIMEOUT, 0, 0, 0);

	if (!launch_app(cmdline)) {
		// CreateProcess failed.
		char msg[256];
		_snprintf(msg, sizeof(msg),
			"Unable to launch the requested application:\n%s", cmdline);
		message(msg);
		goto unhook;
	}

	check_counter = 5;
	while (check_counter-- || !should_terminate()) {
		BOOL connected;
		MSG msg;

		connected = is_connected();
		if (connected && !g_connected) {
			int flags;
			/* These get reset on each reconnect */
			SystemParametersInfo(SPI_SETDRAGFULLWINDOWS, TRUE, NULL, 0);
			SystemParametersInfo(SPI_SETSCREENSAVEACTIVE, FALSE, NULL, 0);
			SystemParametersInfo(SPI_SETFOREGROUNDLOCKTIMEOUT, 0, 0, 0);

			flags = SEAMLESS_HELLO_RECONNECT;
			if (g_desktop_hidden)
				flags |= SEAMLESS_HELLO_HIDDEN;
			vchannel_write("HELLO", "0x%08x", flags);
		}

		g_connected = connected;

		if (check_counter < 0) {
			BOOL hidden;

			hidden = is_desktop_hidden();
			if (hidden && !g_desktop_hidden)
				vchannel_write("HIDE", "0x%08x", 0);
			else if (!hidden && g_desktop_hidden)
				vchannel_write("UNHIDE", "0x%08x", 0);

			g_desktop_hidden = hidden;

			check_counter = 5;
		}

		while (PeekMessage(&msg, NULL, 0, 0, PM_REMOVE)) {
			TranslateMessage(&msg);
			DispatchMessage(&msg);
		}
		process_cmds();
		Sleep(100);
	}

	success = 1;

  unhook:
	remove_hooks_fn();

	free_startup_procs();
	if (helper) {
		// Terminate seamlessrdphook32.exe
		kill_15_9(helper, "SeamlessRDPHook", HELPER_TIMEOUT);
	}

  close_hookdll:
	FreeLibrary(hookdll);

  close_vchannel:
	vchannel_close();

	// Logoff the user. This is necessary because the session may
	// have started processes that are not included in Microsofts
	// list of processes to ignore. Typically ieuser.exe.
	// FIXME: Only do this if WTSQuerySessionInformation indicates
	// that we are the initial program. 
	ExitWindows(0, 0);

	if (success)
		return 1;
	else
		return -1;
}
예제 #13
0
파일: vdservice.cpp 프로젝트: damouse/PCC
BOOL create_process_as_user(IN DWORD session_id, IN LPCWSTR application_name,
                            IN LPWSTR command_line, IN LPSECURITY_ATTRIBUTES process_attributes,
                            IN LPSECURITY_ATTRIBUTES thread_attributes, IN BOOL inherit_handles,
                            IN DWORD creation_flags, IN LPVOID environment,
                            IN LPCWSTR current_directory, IN LPSTARTUPINFOW startup_info,
                            OUT LPPROCESS_INFORMATION process_information)
{
    PROCESSENTRY32 proc_entry;
    DWORD winlogon_pid = 0;
    HANDLE winlogon_proc;
    HANDLE token = NULL;
    HANDLE token_dup;
    BOOL ret = FALSE;

    HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (snap == INVALID_HANDLE_VALUE) {
        vd_printf("CreateToolhelp32Snapshot() failed %lu", GetLastError());
        return false;
    }
    ZeroMemory(&proc_entry, sizeof(proc_entry));
    proc_entry.dwSize = sizeof(PROCESSENTRY32);
    if (!Process32First(snap, &proc_entry)) {
        vd_printf("Process32First() failed %lu", GetLastError());
        CloseHandle(snap);
        return false;
    }
    do {
        if (_tcsicmp(proc_entry.szExeFile, WINLOGON_FILENAME) == 0) {
            DWORD winlogon_session_id = 0;
            if (ProcessIdToSessionId(proc_entry.th32ProcessID, &winlogon_session_id) &&
                                                      winlogon_session_id == session_id) {
                winlogon_pid = proc_entry.th32ProcessID;
                break;
            }
        }
    } while (Process32Next(snap, &proc_entry));
    CloseHandle(snap);
    if (winlogon_pid == 0) {
        vd_printf("Winlogon not found");
        return false;
    }
    winlogon_proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, winlogon_pid);
    if (!winlogon_proc) {
        vd_printf("OpenProcess() failed %lu", GetLastError());
        return false;
    }
    ret = OpenProcessToken(winlogon_proc, TOKEN_DUPLICATE, &token);
    CloseHandle(winlogon_proc);
    if (!ret) {
        vd_printf("OpenProcessToken() failed %lu", GetLastError());
        return false;
    }
    ret = DuplicateTokenEx(token, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary,
                           &token_dup);
    CloseHandle(token);
    if (!ret) {
        vd_printf("DuplicateTokenEx() failed %lu", GetLastError());
        return false;
    }
    ret = CreateProcessAsUser(token_dup, application_name, command_line, process_attributes,
                              thread_attributes, inherit_handles, creation_flags, environment,
                              current_directory, startup_info, process_information);
    CloseHandle(token_dup);
    return ret;
}
bool VDAgent::run()
{
    DWORD session_id;
    DWORD event_thread_id;
    HANDLE event_thread;
    WNDCLASS wcls;

    if (!ProcessIdToSessionId(GetCurrentProcessId(), &session_id)) {
        vd_printf("ProcessIdToSessionId failed %lu", GetLastError());
        return false;
    }
    vd_printf("***Agent started in session %lu***", session_id);
    log_version();
    if (!SetPriorityClass(GetCurrentProcess(), HIGH_PRIORITY_CLASS)) {
        vd_printf("SetPriorityClass failed %lu", GetLastError());
    }
    if (!SetProcessShutdownParameters(0x100, 0)) {
        vd_printf("SetProcessShutdownParameters failed %lu", GetLastError());
    }
    if (_system_version == SYS_VER_WIN_7_CLASS) {
        _user_lib = LoadLibrary(L"User32.dll");
        if (!_user_lib) {
            vd_printf("LoadLibrary failed %lu", GetLastError());
            return false;
        }
        _add_clipboard_listener =
            (PCLIPBOARD_OP)GetProcAddress(_user_lib, "AddClipboardFormatListener");
        _remove_clipboard_listener =
            (PCLIPBOARD_OP)GetProcAddress(_user_lib, "RemoveClipboardFormatListener");
        if (!_add_clipboard_listener || !_remove_clipboard_listener) {
            vd_printf("GetProcAddress failed %lu", GetLastError());
            cleanup();
            return false;
        }
    }
    _control_event = CreateEvent(NULL, FALSE, FALSE, NULL);
    if (!_control_event) {
        vd_printf("CreateEvent() failed: %lu", GetLastError());
        cleanup();
        return false;
    }
    _stop_event = OpenEvent(SYNCHRONIZE, FALSE, VD_AGENT_STOP_EVENT);
    memset(&wcls, 0, sizeof(wcls));
    wcls.lpfnWndProc = &VDAgent::wnd_proc;
    wcls.lpszClassName = VD_AGENT_WINCLASS_NAME;
    if (!RegisterClass(&wcls)) {
        vd_printf("RegisterClass() failed: %lu", GetLastError());
        cleanup();
        return false;
    }
    _desktop_layout = new DesktopLayout();
    if (_desktop_layout->get_display_count() == 0) {
        vd_printf("No QXL devices!");
    }
    if (!init_vio_serial()) {
        cleanup();
        return false;
    }
    if (!ReadFileEx(_vio_serial, _read_buf, sizeof(VDIChunk), &_read_overlapped, read_completion) &&
            GetLastError() != ERROR_IO_PENDING) {
        vd_printf("vio_serial read error %lu", GetLastError());
        cleanup();
        return false;
    }
    _running = true;
    event_thread = CreateThread(NULL, 0, event_thread_proc, NULL, 0, &event_thread_id);
    if (!event_thread) {
        vd_printf("CreateThread() failed: %lu", GetLastError());
        cleanup();
        return false;
    }
    send_announce_capabilities(true);
    vd_printf("Connected to server");

    while (_running) {
        input_desktop_message_loop();
        if (_clipboard_owner == owner_guest) {
            set_clipboard_owner(owner_none);
        }
    }
    vd_printf("Agent stopped");
    CloseHandle(event_thread);
    cleanup();
    return true;
}
예제 #15
0
BOOL
CMSWindowsRelauncher::winlogonInSession(DWORD sessionId, PHANDLE process)
{
	// first we need to take a snapshot of the running processes
	HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (snapshot == INVALID_HANDLE_VALUE) {
		LOG((CLOG_ERR "could not get process snapshot (error: %i)", 
			GetLastError()));
		return 0;
	}

	PROCESSENTRY32 entry;
	entry.dwSize = sizeof(PROCESSENTRY32);

	// get the first process, and if we can't do that then it's 
	// unlikely we can go any further
	BOOL gotEntry = Process32First(snapshot, &entry);
	if (!gotEntry) {
		LOG((CLOG_ERR "could not get first process entry (error: %i)", 
			GetLastError()));
		return 0;
	}

	// used to record process names for debug info
	std::list<std::string> nameList;

	// now just iterate until we can find winlogon.exe pid
	DWORD pid = 0;
	while(gotEntry) {

		// make sure we're not checking the system process
		if (entry.th32ProcessID != 0) {

			DWORD processSessionId;
			BOOL pidToSidRet = ProcessIdToSessionId(
				entry.th32ProcessID, &processSessionId);

			if (!pidToSidRet) {
				LOG((CLOG_ERR "could not get session id for process id %i (error: %i)",
					entry.th32ProcessID, GetLastError()));
				return 0;
			}

			// only pay attention to processes in the active session
			if (processSessionId == sessionId) {

				// store the names so we can record them for debug
				nameList.push_back(entry.szExeFile);

				if (_stricmp(entry.szExeFile, "winlogon.exe") == 0) {
					pid = entry.th32ProcessID;
					break;
				}
			}
		}

		// now move on to the next entry (if we're not at the end)
		gotEntry = Process32Next(snapshot, &entry);
		if (!gotEntry) {

			DWORD err = GetLastError();
			if (err != ERROR_NO_MORE_FILES) {

				// only worry about error if it's not the end of the snapshot
				LOG((CLOG_ERR "could not get subsiquent process entry (error: %i)", 
					GetLastError()));
				return 0;
			}
		}
	}

	std::string nameListJoin;
	for(std::list<std::string>::iterator it = nameList.begin();
		it != nameList.end(); it++) {
			nameListJoin.append(*it);
			nameListJoin.append(", ");
	}

	LOG((CLOG_DEBUG "checked processes while looking for winlogon.exe: %s",
		nameListJoin.c_str()));

	CloseHandle(snapshot);

	if (pid) {
		// now get the process so we can get the process, with which
		// we'll use to get the process token.
		*process = OpenProcess(MAXIMUM_ALLOWED, FALSE, pid);
		return true;
	}
	else {
		LOG((CLOG_DEBUG "could not find winlogon.exe in session %i", sessionId));
		return false;
	}
}
 BOOL GetProcessId(LPCTSTR pProgExe,DWORD sessionId,DWORD *pPid)
{
 
	HANDLE hProcessSnap;
	//HANDLE hProcess;
	PROCESSENTRY32 pe32;
	//DWORD dwPriorityClass;

	// Take a snapshot of all processes in the system.
	hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (hProcessSnap == INVALID_HANDLE_VALUE)
	{
		printError(TEXT("CreateToolhelp32Snapshot (of processes)"));
		return(FALSE);
	}

	// Set the size of the structure before using it.
	pe32.dwSize = sizeof(PROCESSENTRY32);

	// Retrieve information about the first process,
	// and exit if unsuccessful
	if (!Process32First(hProcessSnap, &pe32))
	{
		printError(TEXT("Process32First")); // show cause of failure
		CloseHandle(hProcessSnap);          // clean the snapshot object
		return(FALSE);
	}
	DWORD currentSessionId;
	// Now walk the snapshot of processes, and
	// display information about each process in turn
	do
	{
		_tprintf(TEXT("\n\n====================================================="));
		_tprintf(TEXT("\nPROCESS NAME:  %s"), pe32.szExeFile);
		_tprintf(TEXT("\n-------------------------------------------------------"));
		if (_tcscmp(pe32.szExeFile, pProgExe) != 0)
			continue;

		if (!ProcessIdToSessionId(pe32.th32ProcessID, &currentSessionId))
			continue;

		if (currentSessionId != sessionId)
			continue;

		// Retrieve the priority class.
//		dwPriorityClass = 0;
//		hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
//		if (hProcess == NULL)
//			printError(TEXT("OpenProcess"));
//		else
//		{
//			dwPriorityClass = GetPriorityClass(hProcess);
//			if (!dwPriorityClass)
//				printError(TEXT("GetPriorityClass"));
//			CloseHandle(hProcess);
//		}

		_tprintf(TEXT("\n  Process ID        = 0x%08X"), pe32.th32ProcessID);
		_tprintf(TEXT("\n  Thread count      = %d"), pe32.cntThreads);
		_tprintf(TEXT("\n  Parent process ID = 0x%08X"), pe32.th32ParentProcessID);
		_tprintf(TEXT("\n  Priority base     = %d"), pe32.pcPriClassBase);
//		if (dwPriorityClass)
//			_tprintf(TEXT("\n  Priority class    = %d"), dwPriorityClass);

		// List the modules and threads associated with this process
		//ListProcessModules(pe32.th32ProcessID);
		//ListProcessThreads(pe32.th32ProcessID);

	} while (Process32Next(hProcessSnap, &pe32));

	CloseHandle(hProcessSnap);
	return(TRUE);
}
void _tmain(int argc, TCHAR *argv[])
{

	STARTUPINFO si;
	PROCESS_INFORMATION pi;
	DWORD processId;
	DWORD currentSessionId;

	DWORD currentProcessId = GetCurrentProcessId();
	if (!ProcessIdToSessionId(currentProcessId, &currentSessionId))
		return ;

	Is_Win_Server();

	if (IsWindowsWin10OrGreater())
	{
		MessageBox(NULL, _T("You need at least Windows 10."), _T("Version Not Supported"), MB_OK);
	}

	ZeroMemory(&si, sizeof(si));
	si.cb = sizeof(si);
	ZeroMemory(&pi, sizeof(pi));

	// start the browser process now
 
	si.cb = sizeof(si);
	si.dwFlags = STARTF_FORCEONFEEDBACK | STARTF_USESHOWWINDOW;
	si.wShowWindow = SW_SHOWNORMAL;

	 
	BOOL bStatus = CreateProcess(NULL,
		_T("C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdge.exe www.baidu.com"),
		NULL,
		NULL,
		FALSE,
		NORMAL_PRIORITY_CLASS,
		NULL,
		NULL,
		&si,
		&pi);

	WaitForSingleObject(pi.hProcess, INFINITE);
	CloseHandle(pi.hProcess);
	CloseHandle(pi.hThread);

	ZeroMemory(&si, sizeof(si));
	si.cb = sizeof(si);
	ZeroMemory(&pi, sizeof(pi));

	TCHAR test[] = _T("C:\\windows\\system32\\LaunchWinApp.exe www.baidu.com");
	// Start the child process. 
	BOOL bRet = CreateProcess(NULL,   // No module name (use command line)
		test,        // Command line
		NULL,           // Process handle not inheritable
		NULL,           // Thread handle not inheritable
		FALSE,          // Set handle inheritance to FALSE
		0,              // No creation flags
		NULL,           // Use parent's environment block
		NULL,           // Use parent's starting directory 
		&si,            // Pointer to STARTUPINFO structure
		&pi            // Pointer to PROCESS_INFORMATION structure
		 );
	if(!bRet)
	{
		printf("CreateProcess failed (%d).\n", GetLastError());
		return;
	}
	// Wait until child process exits.
	WaitForSingleObject(pi.hProcess, INFINITE);

	GetProcessId(_T("MicrosoftEdge.exe"), currentSessionId, &processId);
	// Close process and thread handles. 
	CloseHandle(pi.hProcess);
	CloseHandle(pi.hThread);
}
예제 #18
0
bool
MSWindowsSession::isProcessInSession(const char* name, PHANDLE process = NULL)
{
	// first we need to take a snapshot of the running processes
	HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (snapshot == INVALID_HANDLE_VALUE) {
		LOG((CLOG_ERR "could not get process snapshot"));
		throw XArch(new XArchEvalWindows());
	}

	PROCESSENTRY32 entry;
	entry.dwSize = sizeof(PROCESSENTRY32);

	// get the first process, and if we can't do that then it's 
	// unlikely we can go any further
	BOOL gotEntry = Process32First(snapshot, &entry);
	if (!gotEntry) {
		LOG((CLOG_ERR "could not get first process entry"));
		throw XArch(new XArchEvalWindows());
	}

	// used to record process names for debug info
	std::list<std::string> nameList;

	// now just iterate until we can find winlogon.exe pid
	DWORD pid = 0;
	while(gotEntry) {

		// make sure we're not checking the system process
		if (entry.th32ProcessID != 0) {

			DWORD processSessionId;
			BOOL pidToSidRet = ProcessIdToSessionId(
				entry.th32ProcessID, &processSessionId);

			if (!pidToSidRet) {
				// if we can not acquire session associated with a specified process,
				// simply ignore it
				LOG((CLOG_ERR "could not get session id for process id %i", entry.th32ProcessID));
				gotEntry = nextProcessEntry(snapshot, &entry);
				continue;
			}
			else {
				// only pay attention to processes in the active session
				if (processSessionId == m_activeSessionId) {

					// store the names so we can record them for debug
					nameList.push_back(entry.szExeFile);

					if (_stricmp(entry.szExeFile, name) == 0) {
						pid = entry.th32ProcessID;
					}
				}
			}

		}

		// now move on to the next entry (if we're not at the end)
		gotEntry = nextProcessEntry(snapshot, &entry);
	}

	std::string nameListJoin;
	for(std::list<std::string>::iterator it = nameList.begin();
		it != nameList.end(); it++) {
			nameListJoin.append(*it);
			nameListJoin.append(", ");
	}

	LOG((CLOG_DEBUG "processes in session %d: %s",
		m_activeSessionId, nameListJoin.c_str()));

	CloseHandle(snapshot);

	if (pid) {
		if (process != NULL) {
			// now get the process, which we'll use to get the process token.
			LOG((CLOG_DEBUG "found %s in session %i", name, m_activeSessionId));
			*process = OpenProcess(MAXIMUM_ALLOWED, FALSE, pid);
		}
		return true;
	}
	else {
		LOG((CLOG_DEBUG "did not find %s in session %i", name, m_activeSessionId));
		return false;
	}
}
예제 #19
0
int WINAPI
WinMain(HINSTANCE instance, HINSTANCE prev_instance, LPSTR cmdline, int cmdshow)
{
	BOOL use_active_monitoring = DEFAULT_USE_ACTIVE_MONITORING;
	HMODULE hookdll;
	MSG msg;
	int check_counter;

	set_hooks_proc_t set_hooks_fn;
	remove_hooks_proc_t remove_hooks_fn;
	get_instance_count_proc_t instance_count_fn;

	g_instance = instance;

	load_configuration(&use_active_monitoring, &g_is_move_offscreen_forbidden);

	if (! use_active_monitoring) {
		hookdll = LoadLibrary("seamlessrdp.dll");
		if (!hookdll)
		{
			message("Could not load hook DLL. Unable to continue.");
			return -1;
		}

		if (IsWow64())
		{
			STARTUPINFO si;
			PROCESS_INFORMATION pi;

			ZeroMemory( &si, sizeof(si) );
			si.cb = sizeof(si);
			ZeroMemory( &pi, sizeof(pi) );

			// Start the child process.
			if (! CreateProcess(NULL, "hook_launcher_x64.exe", NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) {
				message("CreateProcess failed.\n");
				return -1;
			}
			CloseHandle(pi.hProcess);
			CloseHandle(pi.hThread);
		}

		set_hooks_fn = (set_hooks_proc_t) GetProcAddress(hookdll, "SetHooks");
		remove_hooks_fn = (remove_hooks_proc_t) GetProcAddress(hookdll, "RemoveHooks");
		instance_count_fn = (get_instance_count_proc_t) GetProcAddress(hookdll, "GetInstanceCount");

		if (!set_hooks_fn || !remove_hooks_fn || !instance_count_fn)
		{
			FreeLibrary(hookdll);
			message("Hook DLL doesn't contain the correct functions. Unable to continue.");
			return -1;
		}

		/* Check if the DLL is already loaded */
		if (instance_count_fn() != 1)
		{
			FreeLibrary(hookdll);
			message("Another running instance of Seamless RDP detected.");
			return -1;
		}
	}

	ProcessIdToSessionId(GetCurrentProcessId(), &g_session_id);

	build_startup_procs();

	if (! SeamlessChannel_init())
		return -1;

	g_connected = is_connected();
	g_desktop_hidden = is_desktop_hidden();

	if (InternalWindow_create(instance, use_active_monitoring ? NULL : InternalWindow_processCopyData) == FALSE)
		SeamlessChannel_sendDebug("Failed to create seamless internal window");

	SeamlessChannel_sendHello(g_desktop_hidden ? SEAMLESS_HELLO_HIDDEN : 0);

	if (use_active_monitoring)
		start_windows_monitoring();
	else
		set_hooks_fn();

	/* Since we don't see the entire desktop we must resize windows
	   immediatly. */
	SystemParametersInfo(SPI_SETDRAGFULLWINDOWS, TRUE, NULL, 0);

	/* Disable screen saver since we cannot catch its windows. */
	SystemParametersInfo(SPI_SETSCREENSAVEACTIVE, FALSE, NULL, 0);

	/* We don't want windows denying requests to activate windows. */
	SystemParametersInfo(SPI_SETFOREGROUNDLOCKTIMEOUT, 0, 0, 0);


	check_counter = 5;
	while (1)
	{
		BOOL connected;
		char* line = NULL;
		int size = 0;

		connected = is_connected();
		if (connected && !g_connected)
		{
			int flags;

			// We have to force reopening channel
			SeamlessChannel_uninit();
			SeamlessChannel_init();

			/* These get reset on each reconnect */
			SystemParametersInfo(SPI_SETDRAGFULLWINDOWS, TRUE, NULL, 0);
			SystemParametersInfo(SPI_SETSCREENSAVEACTIVE, FALSE, NULL,
					     0);
			SystemParametersInfo(SPI_SETFOREGROUNDLOCKTIMEOUT, 0, 0, 0);

			flags = SEAMLESS_HELLO_RECONNECT;
			if (g_desktop_hidden)
				flags |= SEAMLESS_HELLO_HIDDEN;
			SeamlessChannel_sendHello(flags);
		}

		g_connected = connected;

		if (check_counter < 0)
		{
			BOOL hidden;

			hidden = is_desktop_hidden();
			if (hidden && !g_desktop_hidden)
				SeamlessChannel_sendHide(0);
			else if (!hidden && g_desktop_hidden)
				SeamlessChannel_sendUnhide(0);

			g_desktop_hidden = hidden;

			check_counter = 5;
		}

		while (PeekMessage(&msg, NULL, 0, 0, PM_REMOVE))
		{
			TranslateMessage(&msg);
			DispatchMessage(&msg);
		}

		while (SeamlessChannel_recv(&line) >= 0) {
			SeamlessChannel_process(line);
		}
		
		Sleep(100);
	}

	if (use_active_monitoring)
		stop_windows_monitoring();
	else {
		remove_hooks_fn();

		FreeLibrary(hookdll);
	}

	SeamlessChannel_uninit();

	free_startup_procs();

	return 1;
}
예제 #20
0
BOOL InjectDll(DWORD dwPID, char *szDllName)  
{  
    HANDLE hProcess2 = NULL;  
    LPVOID pRemoteBuf = NULL;  
    FARPROC pThreadProc = NULL;  

	PROCESS_INFORMATION pi;
	STARTUPINFO si;
	BOOL bResult = FALSE;
	DWORD dwSessionId = -1;
	DWORD winlogonPid = -1;
	HANDLE hUserToken,hUserTokenDup,hPToken,hProcess;
	DWORD dwCreationFlags;
	TCHAR wcQMountPath[256];
	TCHAR wcQMountArgs[256];

	memset(wcQMountPath,0,sizeof(wcQMountPath));
	memset(wcQMountArgs,0,sizeof(wcQMountArgs));

	//dwSessionId = WTSGetActiveConsoleSessionId();

	HMODULE hModuleKern = LoadLibrary( TEXT("KERNEL32.dll") );
	if( hModuleKern != NULL ) 
	{
		DWORD	(__stdcall *funcWTSGetActiveConsoleSessionId) (void);

		funcWTSGetActiveConsoleSessionId = (DWORD  (__stdcall *)(void))GetProcAddress( hModuleKern, "WTSGetActiveConsoleSessionId" );
		if( funcWTSGetActiveConsoleSessionId != NULL ) 
		{
			dwSessionId = funcWTSGetActiveConsoleSessionId();
		}
	}
	if( hModuleKern != NULL ) 
	{
		// ¥í©`¥É¤·¤¿DLL¤ò½â·Å
		FreeLibrary( hModuleKern );
	}
	OutputDebugStringA("LaunchAppIntoDifferentSession is called.\n");

	//
	// Find the winlogon process
	//
	PROCESSENTRY32 procEntry;

	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (hSnap == INVALID_HANDLE_VALUE){
		return FALSE;
	}

	procEntry.dwSize = sizeof(PROCESSENTRY32);
	if (!Process32First(hSnap, &procEntry)){
		return FALSE;
	}

	do
	{
		if (stricmp(procEntry.szExeFile, "winlogon.exe") == 0)
		{
			//
			// We found a winlogon process...make sure it's running in the console session
			//
			DWORD winlogonSessId = 0;
			if (ProcessIdToSessionId(procEntry.th32ProcessID, &winlogonSessId) && winlogonSessId == dwSessionId){
				winlogonPid = procEntry.th32ProcessID;
				break;
			}
		}
	} while (Process32Next(hSnap, &procEntry));

	if (-1 == winlogonPid) {
	}



	//WTSQueryUserToken(dwSessionId,&hUserToken);
    BOOL    (__stdcall *funcWTSQueryUserToken) (ULONG, PHANDLE);
	HMODULE hModuleWTS = LoadLibrary( TEXT("Wtsapi32.dll") );
	if( hModuleWTS != NULL ) 
	{
		BOOL    (__stdcall *funcWTSQueryUserToken) (ULONG, PHANDLE);

		funcWTSQueryUserToken = (BOOL  (__stdcall *)(ULONG, PHANDLE))GetProcAddress( hModuleWTS, "WTSQueryUserToken" );
		if( funcWTSQueryUserToken != NULL ) 
		{
			funcWTSQueryUserToken(dwSessionId,&hUserToken);
		}
	}
	if( hModuleWTS != NULL ) 
	{
		// ¥í©`¥É¤·¤¿DLL¤ò½â·Å
		FreeLibrary( hModuleKern );
	}

	dwCreationFlags = NORMAL_PRIORITY_CLASS|CREATE_NEW_CONSOLE;
	ZeroMemory(&si, sizeof(STARTUPINFO));
	si.cb= sizeof(STARTUPINFO);
	si.lpDesktop = "winsta0\\default";
	ZeroMemory(&pi, sizeof(pi));
	TOKEN_PRIVILEGES tp;
	LUID luid;
	hProcess = OpenProcess(MAXIMUM_ALLOWED,FALSE,winlogonPid);

	if( !::OpenProcessToken(hProcess,
							TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY|TOKEN_DUPLICATE|
							TOKEN_ASSIGN_PRIMARY|TOKEN_ADJUST_SESSIONID|TOKEN_READ|TOKEN_WRITE,
							&hPToken))
	{
		//OutputDebugPrintf("Failed[LaunchAppIntoDifferentSession]: OpenProcessToken(Error=%d)\n",GetLastError());
	}

	if (!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid))
	{
		//OutputDebugPrintf("Failed[LaunchAppIntoDifferentSession]:LookupPrivilegeValue.(Error=%d)\n",GetLastError());
	}

	tp.PrivilegeCount =1;
	tp.Privileges[0].Luid =luid;
	tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED;

	DuplicateTokenEx(hPToken,MAXIMUM_ALLOWED,NULL,SecurityIdentification,TokenPrimary,&hUserTokenDup);
	int dup = GetLastError();

	//
	//Adjust Token privilege
	//
	SetTokenInformation(hUserTokenDup,TokenSessionId,(void*)dwSessionId,sizeof(DWORD));

	if (!AdjustTokenPrivileges(hUserTokenDup,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),(PTOKEN_PRIVILEGES)NULL,NULL))
	{
		//OutputDebugPrintf("Failed[LaunchAppIntoDifferentSession]: AdjustTokenPrivileges.(Error=%d)\n",GetLastError());
	}

	if (GetLastError()== ERROR_NOT_ALL_ASSIGNED)
	{
		//OutputDebugPrintf("Failed[LaunchAppIntoDifferentSession]: Token does not have the provilege\n");
	}

	LPVOID pEnv =NULL;

	if(CreateEnvironmentBlock(&pEnv,hUserTokenDup,TRUE)){
		dwCreationFlags |= CREATE_UNICODE_ENVIRONMENT;
	}
	else
	{
		pEnv=NULL;
	}

    
    DWORD dwBufSize = strlen(szDllName)+1;  
    if ( !(hProcess2 = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID)) )  
    {  
        printf("[´íÎó] OpenProcess(%d) µ÷ÓÃʧ°Ü£¡´íÎó´úÂë: [%d]/n",   
        dwPID, GetLastError());  
        return FALSE;  
    }  
    pRemoteBuf = VirtualAllocEx(hProcess, NULL, dwBufSize,   
                                MEM_COMMIT, PAGE_READWRITE);  
    WriteProcessMemory(hProcess, pRemoteBuf, (LPVOID)szDllName,   
                       dwBufSize, NULL);  
    pThreadProc = GetProcAddress(GetModuleHandle("kernel32.dl"),   
                                 "LoadLibraryA");  
    if( !MyCreateRemoteThread(hProcess, (LPTHREAD_START_ROUTINE)pThreadProc, pRemoteBuf) )  
    {  
        printf("[´íÎó] CreateRemoteThread() µ÷ÓÃʧ°Ü£¡´íÎó´úÂë: [%d]/n", GetLastError());  
        return FALSE;  
    }  
    VirtualFreeEx(hProcess2, pRemoteBuf, 0, MEM_RELEASE);  
    CloseHandle(hProcess2);  

	CloseHandle(hProcess);
	CloseHandle(hUserToken);
	CloseHandle(hUserTokenDup);
	CloseHandle(hPToken);

    return TRUE;  
}