RETVAL AdvancedOpenProcess(DWORD dwPid, HANDLE *phRemoteProc) { RETVAL rv, rv2; #define NEEDEDACCESS PROCESS_QUERY_INFORMATION | \ PROCESS_VM_WRITE | PROCESS_VM_READ | PROCESS_VM_OPERATION | PROCESS_CREATE_THREAD // must be cleaned up HANDLE hThisProcToken = NULL; // initialize out params *phRemoteProc = NULL; bool bDebugPriv = false; // get a process handle with the needed access *phRemoteProc = OpenProcess(NEEDEDACCESS, false, dwPid); if (NULL == *phRemoteProc) { rv = GetLastError(); if (rv != ERROR_ACCESS_DENIED) { _HandleError(rv, __T("OpenProcess")); } _tprintf(__T("Access denied; retrying with increased privileges.\n")); // give ourselves god-like access over process handles if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hThisProcToken)) { _HandleLastError(rv, __T("OpenProcessToken")); } rv = SetPrivilege(hThisProcToken, SE_DEBUG_NAME, true); if (rv != EXIT_OK) { _HandleError1(rv, __T("SetPrivilege"), SE_DEBUG_NAME); } else { bDebugPriv = true; } // get a process handle with the needed access *phRemoteProc = OpenProcess(NEEDEDACCESS, false, dwPid); if (*phRemoteProc == NULL) { _HandleLastError(rv, __T("OpenProcess")); } } // success rv = EXIT_OK; error: if (rv == ERROR_ACCESS_DENIED && bDebugPriv == false) { _tprintf(__T("You need administrative access (debug privilege) to access this process.\n")); } if (bDebugPriv == true) { rv2 = SetPrivilege(hThisProcToken, SE_DEBUG_NAME, false); _TeardownIfError(rv, rv2, __T("SetPrivilege")); } if (hThisProcToken != NULL) { if (!CloseHandle(hThisProcToken)) { rv2 = GetLastError(); _TeardownIfError(rv, rv2, __T("CloseHandle")); } } return rv; }
RETVAL SetPrivilege(HANDLE hToken, LPCWSTR szPrivilege, bool bEnablePrivilege) { RETVAL rv; TOKEN_PRIVILEGES tp; LUID luid; if (!LookupPrivilegeValue(NULL, szPrivilege, &luid)) { _HandleLastError(rv, __T("LookupPrivilegeValue")); goto error; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; if (bEnablePrivilege) { tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; } else { tp.Privileges[0].Attributes = 0; } AdjustTokenPrivileges(hToken, false, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL); // may return true though it failed if ((rv = GetLastError()) != EXIT_OK) { _HandleError(rv, __T("AdjustTokenPrivileges")); } error: return rv; }
RETVAL StartRemoteThread(HANDLE hRemoteProc, LPTHREAD_START_ROUTINE dwEntryPoint){ RETVAL rv; // must be cleaned up HANDLE hRemoteThread = NULL; // inject the thread hRemoteThread = CreateRemoteThread(hRemoteProc, NULL, 0, dwEntryPoint, (void *) CTRL_BREAK_EVENT, CREATE_SUSPENDED, NULL); if (hRemoteThread == NULL) { _HandleLastError(rv, __T("CreateRemoteThread")); } // wake up the thread if (ResumeThread(hRemoteThread) == (DWORD) -1) { _HandleLastError(rv, __T("ResumeThread")) } // wait for the thread to finish if (WaitForSingleObject(hRemoteThread, INFINITE) != WAIT_OBJECT_0) { _HandleLastError(rv, __T("WaitForSingleObject")); } // find out what happened if (!GetExitCodeThread(hRemoteThread, (LPDWORD) &rv)) { _HandleLastError(rv, __T("GetExitCodeThread")); } if (rv == STATUS_CONTROL_C_EXIT) { _tprintf(__T("Target process was killed.\n")); rv = EXIT_OK; goto error; } if (rv != EXIT_OK) { _HandleError(rv, __T("(remote function)")); //if (ERROR_INVALID_HANDLE==rv) { // printf("Are you sure this is a console application?\n"); //} } error: if (hRemoteThread != NULL) { if (!CloseHandle(hRemoteThread)) { RETVAL rv2 = GetLastError(); _TeardownIfError(rv, rv2, __T("CloseHandle")); } } return rv; }
bool MySQLDatabase::_SendQuery(DatabaseConnection* con, const char* Sql, bool Self) { //dunno what it does ...leaving untouched int result = mysql_query(static_cast<MySQLDatabaseConnection*>(con)->MySql, Sql); if(result > 0) { if(Self == false && _HandleError(static_cast<MySQLDatabaseConnection*>(con), mysql_errno(static_cast<MySQLDatabaseConnection*>(con)->MySql))) { // Re-send the query, the connection was successful. // The true on the end will prevent an endless loop here, as it will // stop after sending the query twice. result = _SendQuery(con, Sql, true); } else LogError("Sql query failed due to [%s], Query: [%s]", mysql_error(static_cast<MySQLDatabaseConnection*>(con)->MySql), Sql); } return (result == 0 ? true : false); }
bool Database::_SendQuery(DatabaseConnection &con, const char* Sql, bool Self) { //dunno what it does ...leaving untouched int result = mysql_query(con.conn, Sql); if(result > 0) { if( Self == false && _HandleError(con, mysql_errno( con.conn ) ) ) { // Re-send the query, the connection was successful. // The true on the end will prevent an endless loop here, as it will // stop after sending the query twice. result = _SendQuery(con, Sql, true); } else ERROR_LOG(format("Sql query failed due to [%1%], Query: [%2%]\n") % mysql_error( con.conn ) % Sql); } return (result == 0 ? true : false); }
int _tmain(int nArgs, TCHAR *argv[]) { RETVAL rv; HANDLE hRemoteProc = NULL; HANDLE hRemoteProcToken = NULL; bool bSignalThisProcessGroup = false; if (nArgs != 2 || ((argv[1][0] == '/' || argv[1][0] == '-') && (argv[1][1] == 'H' || argv[1][1] == 'h'|| argv[1][1] == '?') )) { PrintHelp(); exit(1); } // check for the special parameter TCHAR *szPid = argv[1]; bSignalThisProcessGroup = ('-' == szPid[0]); TCHAR *szEnd; DWORD dwPid = wcstoul(szPid, &szEnd, 0); if (bSignalThisProcessGroup == false && (szPid == szEnd || dwPid == 0)) { _tprintf(__T("\"%ls\" is not a valid PID.\n"), szPid); rv = ERROR_INVALID_PARAMETER; goto error; } //_tprintf(__T("Determining address of kernel32!CtrlRoutine...\n"); rv = GetCtrlRoutineAddress(); if (rv != EXIT_OK) { _HandleError(rv, __T("GetCtrlRoutineAddress")); } //_tprintf(__T("Address is 0x%08X.\n", g_dwCtrlRoutineAddr); // open the process if (argv[1][0] == '-') { _tprintf(__T("Sending signal to self...\n")); hRemoteProc = GetCurrentProcess(); } else { _tprintf(__T("Sending signal to process %d...\n"), dwPid); rv = AdvancedOpenProcess(dwPid, &hRemoteProc); if (rv != EXIT_OK) { _HandleError1(rv, __T("AdvancedOpenProcess"), argv[1]); } } rv = StartRemoteThread(hRemoteProc, g_dwCtrlRoutineAddr); if (rv != EXIT_OK) { _HandleError(rv, __T("StartRemoteThread")); } //done: rv = EXIT_OK; error: if (hRemoteProc != NULL && hRemoteProc != GetCurrentProcess()) { if (!CloseHandle(hRemoteProc)) { RETVAL rv2 = GetLastError(); _TeardownIfError(rv, rv2, __T("CloseHandle")); } } if (rv != EXIT_OK) { _tprintf(__T("0x%08X == "), rv); PrintError(rv); } return rv; }