/*
* cuiPrintTextA
*
* Purpose:
*
* Output text to the console or file.
* ANSI version.
*
*/
VOID cuiPrintTextA(
_In_ LPSTR lpText,
_In_ BOOL UseReturn
)
{
SIZE_T consoleIO;
DWORD bytesIO;
LPSTR Buffer;
if (lpText == NULL)
return;
consoleIO = _strlen_a(lpText);
if ((consoleIO == 0) || (consoleIO > MAX_PATH * 4))
return;
consoleIO = 5 + consoleIO;
Buffer = (LPSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, consoleIO);
if (Buffer) {
_strcpy_a(Buffer, lpText);
if (UseReturn) _strcat_a(Buffer, "\r\n");
consoleIO = _strlen_a(Buffer);
if (g_ConsoleOutput != FALSE) {
WriteConsoleA(g_ConOut, Buffer, (DWORD)consoleIO, &bytesIO, NULL);
}
else {
WriteFile(g_ConOut, Buffer, (DWORD)consoleIO, &bytesIO, NULL);
}
HeapFree(GetProcessHeap(), 0, Buffer);
}
}
/*
* cuiPrintTextA
*
* Purpose:
*
* Output text to the console or file.
*
* ANSI variant
*
*/
VOID cuiPrintTextA(
_In_ HANDLE hOutConsole,
_In_ LPSTR lpText,
_In_ BOOL ConsoleOutputEnabled,
_In_ BOOL UseReturn
)
{
SIZE_T consoleIO;
DWORD bytesIO;
LPSTR Buffer;
if (lpText == NULL)
return;
consoleIO = _strlen_a(lpText);
if ((consoleIO == 0) || (consoleIO > MAX_PATH * 4))
return;
consoleIO = consoleIO * sizeof(CHAR) + 4 + sizeof(UNICODE_NULL);
Buffer = (LPSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, consoleIO);
if (Buffer) {
_strcpy_a(Buffer, lpText);
if (UseReturn) _strcat_a(Buffer, "\r\n");
consoleIO = _strlen_a(Buffer);
if (ConsoleOutputEnabled != FALSE) {
WriteConsoleA(hOutConsole, Buffer, (DWORD)consoleIO, &bytesIO, NULL);
}
else {
WriteFile(hOutConsole, Buffer, (DWORD)(consoleIO * sizeof(CHAR)), &bytesIO, NULL);
}
HeapFree(GetProcessHeap(), 0, Buffer);
}
}
VOID ShowServiceMessage(
LPSTR lpMsg
)
{
CHAR szBuffer[MAX_PATH * 2];
//
// Validate input parameter.
//
if (lpMsg == NULL) {
return;
}
if (_strlen_a(lpMsg) > MAX_PATH) {
return;
}
//
// Combine and output ODS message.
//
RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
_strcpy_a(szBuffer, "[DF] ");
_strcat_a(szBuffer, lpMsg);
OutputDebugStringA(szBuffer);
}
/*
* SdtListTable
*
* Purpose:
*
* KiServiceTable query and list routine.
*
*/
VOID SdtListTable(
VOID
)
{
BOOL cond = FALSE;
PUTable Dump = NULL;
PRTL_PROCESS_MODULES pModules = NULL;
PVOID Module = NULL;
PIMAGE_EXPORT_DIRECTORY pexp = NULL;
PIMAGE_NT_HEADERS NtHeaders = NULL;
DWORD ETableVA;
PDWORD names, functions;
PWORD ordinals;
LVITEM lvitem;
WCHAR szBuffer[MAX_PATH + 1];
char *name;
void *addr;
ULONG number, i;
INT index;
__try {
do {
pModules = (PRTL_PROCESS_MODULES)supGetSystemInfo(SystemModuleInformation);
if (pModules == NULL)
break;
//if table empty, dump and prepare table
if (g_SdtTable == NULL) {
if (g_NtdllModule == NULL) {
Module = GetModuleHandle(TEXT("ntdll.dll"));
}
else {
Module = g_NtdllModule;
}
if (Module == NULL)
break;
g_SdtTable = (PSERVICETABLEENTRY)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
sizeof(SERVICETABLEENTRY) * g_kdctx.KiServiceLimit);
if (g_SdtTable == NULL)
break;
if (!supDumpSyscallTableConverted(&g_kdctx, &Dump))
break;
NtHeaders = RtlImageNtHeader(Module);
if (NtHeaders == NULL)
break;
ETableVA = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
pexp = (PIMAGE_EXPORT_DIRECTORY)((PBYTE)Module + ETableVA);
names = (PDWORD)((PBYTE)Module + pexp->AddressOfNames),
functions = (PDWORD)((PBYTE)Module + pexp->AddressOfFunctions);
ordinals = (PWORD)((PBYTE)Module + pexp->AddressOfNameOrdinals);
//walk for Nt stubs
g_cSdtTable = 0;
for (i = 0; i < pexp->NumberOfNames; i++) {
name = ((CHAR *)Module + names[i]);
addr = (PVOID *)((CHAR *)Module + functions[ordinals[i]]);
if (*(USHORT*)name == 'tN') {
number = *(ULONG*)((UCHAR*)addr + 4);
if (number < g_kdctx.KiServiceLimit) {
MultiByteToWideChar(CP_ACP, 0, name, (INT)_strlen_a(name),
g_SdtTable[g_cSdtTable].Name, MAX_PATH);
g_SdtTable[g_cSdtTable].ServiceId = number;
g_SdtTable[g_cSdtTable].Address = Dump[number];
g_cSdtTable++;
}
}//tN
}//for
HeapFree(GetProcessHeap(), 0, Dump);
Dump = NULL;
}
//list table
for (i = 0; i < g_cSdtTable; i++) {
//ServiceId
RtlSecureZeroMemory(&lvitem, sizeof(lvitem));
lvitem.mask = LVIF_TEXT | LVIF_IMAGE;
lvitem.iSubItem = 0;
lvitem.iItem = MAXINT;
lvitem.iImage = TYPE_DEVICE; //imagelist id
RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
ultostr(g_SdtTable[i].ServiceId, szBuffer);
lvitem.pszText = szBuffer;
index = ListView_InsertItem(SdtDlgContext.ListView, &lvitem);
//Name
lvitem.mask = LVIF_TEXT;
lvitem.iSubItem = 1;
lvitem.pszText = (LPWSTR)g_SdtTable[i].Name;
lvitem.iItem = index;
ListView_SetItem(SdtDlgContext.ListView, &lvitem);
//Address
lvitem.iSubItem = 2;
RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
szBuffer[0] = L'0';
szBuffer[1] = L'x';
u64tohex(g_SdtTable[i].Address, &szBuffer[2]);
lvitem.pszText = szBuffer;
lvitem.iItem = index;
ListView_SetItem(SdtDlgContext.ListView, &lvitem);
//Module
lvitem.iSubItem = 3;
RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
number = supFindModuleEntryByAddress(pModules, (PVOID)g_SdtTable[i].Address);
if (number == (ULONG)-1) {
_strcpy(szBuffer, TEXT("Unknown Module"));
}
else {
MultiByteToWideChar(CP_ACP, 0,
(LPCSTR)&pModules->Modules[number].FullPathName,
(INT)_strlen_a((char*)pModules->Modules[number].FullPathName),
szBuffer,
MAX_PATH);
}
lvitem.pszText = szBuffer;
lvitem.iItem = index;
ListView_SetItem(SdtDlgContext.ListView, &lvitem);
}
} while (cond);
}
__except (exceptFilter(GetExceptionCode(), GetExceptionInformation())) {
return;
}
if (pModules) {
HeapFree(GetProcessHeap(), 0, pModules);
}
if (Dump) {
HeapFree(GetProcessHeap(), 0, Dump);
}
}
/*
* SfuWhois
*
* Purpose:
*
* Send whois query and return actual result data as unicode string.
*
*/
BOOL SfuWhois(
_In_ UINT_PTR WhoisSocket,
_In_ ZA_PEERINFO *Peer,
_Inout_ UNICODE_STRING *ReturnedInfo
)
{
BYTE* pIP;
int r = 0;
unsigned long p = 0, c, i;
unsigned __int64 ContentLength = 0;
char Buffer[4096];
ANSI_STRING Src;
BOOL bResult = FALSE;
if (
(Peer == NULL) ||
(WhoisSocket == INVALID_SOCKET) ||
(ReturnedInfo == NULL)
)
{
return bResult;
}
pIP = (BYTE*)&Peer->IP;
RtlSecureZeroMemory(&Buffer, sizeof(Buffer));
wsprintfA(Buffer, "GET /csv/%u.%u.%u.%u HTTP/1.1\r\nHost: freegeoip.net\r\nConnection: Keep-Alive\r\n\r\n",
pIP[0], pIP[1], pIP[2], pIP[3]
);
send(WhoisSocket, Buffer, (DWORD)_strlen_a(Buffer), 0);
do {
RtlSecureZeroMemory(Buffer, sizeof(Buffer));
r = recv(WhoisSocket, Buffer, 4096, 0);
if (r <= 0)
break;
if ((_strncmpi_a("HTTP/1.0 200 ", Buffer, 13) != 0) && (_strncmpi_a("HTTP/1.1 200 ", Buffer, 13) != 0))
break;
c = r;
i = 0;
do {
p = i;
while ((Buffer[i] != '\r') && (i < c))
i++;
if (p == i) {
i += 2;
break;
}
i += 2;
if (_strncmpi_a("Content-Length: ", &Buffer[p], 16) == 0)
ContentLength = strtou64_a(&Buffer[p + 16]);
} while (i < c);
if ((ContentLength < 20) || (ContentLength > 1024))
break;
RtlSecureZeroMemory(&Src, sizeof(Src));
RtlInitString(&Src, &Buffer[i]);
if (NT_SUCCESS(RtlAnsiStringToUnicodeString(ReturnedInfo, &Src, TRUE)))
bResult = TRUE;
r = 0;
} while (r > 0);
return bResult;
}
/*
* AboutDialogInit
*
* Purpose:
*
* Displays program version and system information
*
*/
VOID AboutDialogInit(
HWND hwndDlg
)
{
NTSTATUS status;
WCHAR buf[MAX_PATH];
BOOLEAN bSecureBoot = FALSE;
ULONG returnLength;
SYSTEM_BOOT_ENVIRONMENT_INFORMATION sbei;
HANDLE hImage;
SetDlgItemText(hwndDlg, ID_ABOUT_PROGRAM, PROFRAM_NAME_AND_TITLE);
SetDlgItemText(hwndDlg, ID_ABOUT_BUILDINFO, PROGRAM_VERSION);
hImage = LoadImage(g_hInstance, MAKEINTRESOURCE(IDI_ICON_MAIN), IMAGE_ICON, 48, 48, LR_SHARED);
if (hImage) {
SendMessage(GetDlgItem(hwndDlg, ID_ABOUT_ICON), STM_SETIMAGE, IMAGE_ICON, (LPARAM)hImage);
DestroyIcon(hImage);
}
//remove class icon if any
SetClassLongPtr(hwndDlg, GCLP_HICON, (LONG_PTR)NULL);
RtlSecureZeroMemory(buf, sizeof(buf));
#if (_MSC_VER == 1900) //2015
#if (_MSC_FULL_VER == 190023026) //2015 RTM
_strcpy(buf, L"MSVC 2015");
#elif (_MSC_FULL_VER == 190023419) // 2015 Update 1 RC
_strcpy(buf, L"MSVC 2015 Update 1 RC");
#endif
#else
#if (_MSC_VER == 1800) //2013
#if (_MSC_FULL_VER == 180040629)
_strcpy(buf, L"MSVC 2013 Update 5");
#elif (_MSC_FULL_VER == 180031101)
_strcpy(buf, L"MSVC 2013 Update 4");
#elif (_MSC_FULL_VER == 180030723)
_strcpy(buf, L"MSVC 2013 Update 3");
#elif (_MSC_FULL_VER == 180030501)
_strcpy(buf, L"MSVC 2013 Update 2");
#elif (_MSC_FULL_VER < 180021005)
_strcpy(buf, L"MSVC 2013 Preview/Beta/RC");
#else
_strcpy(buf, L"MSVC 2013");
#endif
#else
_strcpy(buf, L"Unknown Compiler");
#endif
#endif
SetDlgItemText(hwndDlg, ID_ABOUT_COMPILERINFO, buf);
RtlSecureZeroMemory(buf, sizeof(buf));
MultiByteToWideChar(CP_ACP, 0, __DATE__, (INT)_strlen_a(__DATE__), _strend(buf), 40);
_strcat(buf, TEXT(" "));
MultiByteToWideChar(CP_ACP, 0, __TIME__, (INT)_strlen_a(__TIME__), _strend(buf), 40);
SetDlgItemText(hwndDlg, ID_ABOUT_BUILDDATE, buf);
// fill OS name
wsprintfW(buf, L"Windows NT %1u.%1u (build %u",
g_kdctx.osver.dwMajorVersion, g_kdctx.osver.dwMinorVersion, g_kdctx.osver.dwBuildNumber);
if (g_kdctx.osver.szCSDVersion[0]) {
wsprintfW(_strend(buf), L", %ws)", g_kdctx.osver.szCSDVersion);
}
else {
_strcat(buf, L")");
}
SetDlgItemText(hwndDlg, ID_ABOUT_OSNAME, buf);
// fill boot options
RtlSecureZeroMemory(&buf, sizeof(buf));
RtlSecureZeroMemory(&sbei, sizeof(sbei));
status = NtQuerySystemInformation(SystemBootEnvironmentInformation, &sbei, sizeof(sbei), &returnLength);
if (NT_SUCCESS(status)) {
wsprintfW(buf, L"%ws mode",
((sbei.FirmwareType == FirmwareTypeUefi) ? L"UEFI" : ((sbei.FirmwareType == FirmwareTypeBios) ? L"BIOS" : L"Unknown")));
if (sbei.FirmwareType == FirmwareTypeUefi) {
bSecureBoot = FALSE;
if (AboutDialogQuerySecureBootState(&bSecureBoot)) {
wsprintfW(_strend(buf), L" with%ws SecureBoot", (bSecureBoot == TRUE) ? L"" : L"out");
}
}
}
SetDlgItemText(hwndDlg, ID_ABOUT_ADVINFO, buf);
SetFocus(GetDlgItem(hwndDlg, IDOK));
}
/*
* AboutDialogInit
*
* Purpose:
*
* Displays program version and system information
*
*/
VOID AboutDialogInit(
HWND hwndDlg
)
{
BOOLEAN bSecureBoot = FALSE;
ULONG returnLength;
NTSTATUS status;
HANDLE hImage;
WCHAR szBuffer[MAX_PATH];
SYSTEM_BOOT_ENVIRONMENT_INFORMATION sbei;
SetDlgItemText(hwndDlg, ID_ABOUT_PROGRAM, PROFRAM_NAME_AND_TITLE);
SetDlgItemText(hwndDlg, ID_ABOUT_BUILDINFO, PROGRAM_VERSION);
hImage = LoadImage(g_WinObj.hInstance, MAKEINTRESOURCE(IDI_ICON_MAIN), IMAGE_ICON, 48, 48, LR_SHARED);
if (hImage) {
SendMessage(GetDlgItem(hwndDlg, ID_ABOUT_ICON), STM_SETIMAGE, IMAGE_ICON, (LPARAM)hImage);
DestroyIcon(hImage);
}
//remove class icon if any
SetClassLongPtr(hwndDlg, GCLP_HICON, (LONG_PTR)NULL);
RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
#if ((_MSC_VER == 1910) || (_MSC_VER == 1911) || (_MSC_VER == 1912))//2017
#if (_MSC_FULL_VER == 191025017)
_strcpy(szBuffer, L"MSVC 2017");
#else
_strcpy(szBuffer, L"MSVC 2017");
#endif
#else
#if (_MSC_VER == 1900) //2015
#if (_MSC_FULL_VER == 190023026) //2015 RTM
_strcpy(szBuffer, L"MSVC 2015");
#elif (_MSC_FULL_VER == 190023506) // 2015 Update 1
_strcpy(szBuffer, L"MSVC 2015 Update 1");
#elif (_MSC_FULL_VER == 190023918) // 2015 Update 2
_strcpy(szBuffer, L"MSVC 2015 Update 2");
#elif (_MSC_FULL_VER == 190024210) // 2015 Update 3
_strcpy(szBuffer, L"MSVC 2015 Update 3");
#elif (_MSC_FULL_VER == 190024215) // 2015 Update 3 with Cumulative Servicing Release
_strcpy(szBuffer, L"MSVC 2015 Update 3 CSR");
#endif
#else
#if (_MSC_VER == 1800) //2013
#if (_MSC_FULL_VER == 180040629)
_strcpy(szBuffer, L"MSVC 2013 Update 5");
#elif (_MSC_FULL_VER == 180031101)
_strcpy(szBuffer, L"MSVC 2013 Update 4");
#elif (_MSC_FULL_VER == 180030723)
_strcpy(szBuffer, L"MSVC 2013 Update 3");
#elif (_MSC_FULL_VER == 180030501)
_strcpy(szBuffer, L"MSVC 2013 Update 2");
#elif (_MSC_FULL_VER < 180021005)
_strcpy(szBuffer, L"MSVC 2013 Preview/Beta/RC");
#else
_strcpy(szBuffer, L"MSVC 2013");
#endif
#else
_strcpy(szBuffer, L"Unknown Compiler");
#endif
#endif
#endif
if (szBuffer[0] == 0) {
ultostr(_MSC_FULL_VER, szBuffer);
}
SetDlgItemText(hwndDlg, ID_ABOUT_COMPILERINFO, szBuffer);
RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
MultiByteToWideChar(CP_ACP, 0, __DATE__, (INT)_strlen_a(__DATE__), _strend(szBuffer), 40);
_strcat(szBuffer, TEXT(" "));
MultiByteToWideChar(CP_ACP, 0, __TIME__, (INT)_strlen_a(__TIME__), _strend(szBuffer), 40);
SetDlgItemText(hwndDlg, ID_ABOUT_BUILDDATE, szBuffer);
// fill OS name
wsprintf(szBuffer, TEXT("Windows NT %1u.%1u (build %u"),
g_WinObj.osver.dwMajorVersion, g_WinObj.osver.dwMinorVersion, g_WinObj.osver.dwBuildNumber);
if (g_WinObj.osver.szCSDVersion[0]) {
wsprintf(_strend(szBuffer), TEXT(", %ws)"), g_WinObj.osver.szCSDVersion);
}
else {
_strcat(szBuffer, TEXT(")"));
}
SetDlgItemText(hwndDlg, ID_ABOUT_OSNAME, szBuffer);
// fill boot options
RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer));
RtlSecureZeroMemory(&sbei, sizeof(sbei));
status = NtQuerySystemInformation(SystemBootEnvironmentInformation, &sbei, sizeof(sbei), &returnLength);
if (NT_SUCCESS(status)) {
wsprintf(szBuffer, TEXT("%ws mode"),
((sbei.FirmwareType == FirmwareTypeUefi) ? TEXT("UEFI") : ((sbei.FirmwareType == FirmwareTypeBios) ? TEXT("BIOS") : TEXT("Unknown"))));
if (sbei.FirmwareType == FirmwareTypeUefi) {
bSecureBoot = FALSE;
if (supQuerySecureBootState(&bSecureBoot)) {
wsprintf(_strend(szBuffer), TEXT(" with%ws SecureBoot"), (bSecureBoot == TRUE) ? TEXT("") : TEXT("out"));
}
}
}
else {
_strcpy(szBuffer, TEXT("Unknown"));
}
SetDlgItemText(hwndDlg, ID_ABOUT_ADVINFO, szBuffer);
SetFocus(GetDlgItem(hwndDlg, IDOK));
}
