/* * cuiPrintTextA * * Purpose: * * Output text to the console or file. * ANSI version. * */ VOID cuiPrintTextA( _In_ LPSTR lpText, _In_ BOOL UseReturn ) { SIZE_T consoleIO; DWORD bytesIO; LPSTR Buffer; if (lpText == NULL) return; consoleIO = _strlen_a(lpText); if ((consoleIO == 0) || (consoleIO > MAX_PATH * 4)) return; consoleIO = 5 + consoleIO; Buffer = (LPSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, consoleIO); if (Buffer) { _strcpy_a(Buffer, lpText); if (UseReturn) _strcat_a(Buffer, "\r\n"); consoleIO = _strlen_a(Buffer); if (g_ConsoleOutput != FALSE) { WriteConsoleA(g_ConOut, Buffer, (DWORD)consoleIO, &bytesIO, NULL); } else { WriteFile(g_ConOut, Buffer, (DWORD)consoleIO, &bytesIO, NULL); } HeapFree(GetProcessHeap(), 0, Buffer); } }
/* * cuiPrintTextA * * Purpose: * * Output text to the console or file. * * ANSI variant * */ VOID cuiPrintTextA( _In_ HANDLE hOutConsole, _In_ LPSTR lpText, _In_ BOOL ConsoleOutputEnabled, _In_ BOOL UseReturn ) { SIZE_T consoleIO; DWORD bytesIO; LPSTR Buffer; if (lpText == NULL) return; consoleIO = _strlen_a(lpText); if ((consoleIO == 0) || (consoleIO > MAX_PATH * 4)) return; consoleIO = consoleIO * sizeof(CHAR) + 4 + sizeof(UNICODE_NULL); Buffer = (LPSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, consoleIO); if (Buffer) { _strcpy_a(Buffer, lpText); if (UseReturn) _strcat_a(Buffer, "\r\n"); consoleIO = _strlen_a(Buffer); if (ConsoleOutputEnabled != FALSE) { WriteConsoleA(hOutConsole, Buffer, (DWORD)consoleIO, &bytesIO, NULL); } else { WriteFile(hOutConsole, Buffer, (DWORD)(consoleIO * sizeof(CHAR)), &bytesIO, NULL); } HeapFree(GetProcessHeap(), 0, Buffer); } }
VOID ShowServiceMessage( LPSTR lpMsg ) { CHAR szBuffer[MAX_PATH * 2]; // // Validate input parameter. // if (lpMsg == NULL) { return; } if (_strlen_a(lpMsg) > MAX_PATH) { return; } // // Combine and output ODS message. // RtlSecureZeroMemory(szBuffer, sizeof(szBuffer)); _strcpy_a(szBuffer, "[DF] "); _strcat_a(szBuffer, lpMsg); OutputDebugStringA(szBuffer); }
/* * SdtListTable * * Purpose: * * KiServiceTable query and list routine. * */ VOID SdtListTable( VOID ) { BOOL cond = FALSE; PUTable Dump = NULL; PRTL_PROCESS_MODULES pModules = NULL; PVOID Module = NULL; PIMAGE_EXPORT_DIRECTORY pexp = NULL; PIMAGE_NT_HEADERS NtHeaders = NULL; DWORD ETableVA; PDWORD names, functions; PWORD ordinals; LVITEM lvitem; WCHAR szBuffer[MAX_PATH + 1]; char *name; void *addr; ULONG number, i; INT index; __try { do { pModules = (PRTL_PROCESS_MODULES)supGetSystemInfo(SystemModuleInformation); if (pModules == NULL) break; //if table empty, dump and prepare table if (g_SdtTable == NULL) { if (g_NtdllModule == NULL) { Module = GetModuleHandle(TEXT("ntdll.dll")); } else { Module = g_NtdllModule; } if (Module == NULL) break; g_SdtTable = (PSERVICETABLEENTRY)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SERVICETABLEENTRY) * g_kdctx.KiServiceLimit); if (g_SdtTable == NULL) break; if (!supDumpSyscallTableConverted(&g_kdctx, &Dump)) break; NtHeaders = RtlImageNtHeader(Module); if (NtHeaders == NULL) break; ETableVA = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; pexp = (PIMAGE_EXPORT_DIRECTORY)((PBYTE)Module + ETableVA); names = (PDWORD)((PBYTE)Module + pexp->AddressOfNames), functions = (PDWORD)((PBYTE)Module + pexp->AddressOfFunctions); ordinals = (PWORD)((PBYTE)Module + pexp->AddressOfNameOrdinals); //walk for Nt stubs g_cSdtTable = 0; for (i = 0; i < pexp->NumberOfNames; i++) { name = ((CHAR *)Module + names[i]); addr = (PVOID *)((CHAR *)Module + functions[ordinals[i]]); if (*(USHORT*)name == 'tN') { number = *(ULONG*)((UCHAR*)addr + 4); if (number < g_kdctx.KiServiceLimit) { MultiByteToWideChar(CP_ACP, 0, name, (INT)_strlen_a(name), g_SdtTable[g_cSdtTable].Name, MAX_PATH); g_SdtTable[g_cSdtTable].ServiceId = number; g_SdtTable[g_cSdtTable].Address = Dump[number]; g_cSdtTable++; } }//tN }//for HeapFree(GetProcessHeap(), 0, Dump); Dump = NULL; } //list table for (i = 0; i < g_cSdtTable; i++) { //ServiceId RtlSecureZeroMemory(&lvitem, sizeof(lvitem)); lvitem.mask = LVIF_TEXT | LVIF_IMAGE; lvitem.iSubItem = 0; lvitem.iItem = MAXINT; lvitem.iImage = TYPE_DEVICE; //imagelist id RtlSecureZeroMemory(szBuffer, sizeof(szBuffer)); ultostr(g_SdtTable[i].ServiceId, szBuffer); lvitem.pszText = szBuffer; index = ListView_InsertItem(SdtDlgContext.ListView, &lvitem); //Name lvitem.mask = LVIF_TEXT; lvitem.iSubItem = 1; lvitem.pszText = (LPWSTR)g_SdtTable[i].Name; lvitem.iItem = index; ListView_SetItem(SdtDlgContext.ListView, &lvitem); //Address lvitem.iSubItem = 2; RtlSecureZeroMemory(szBuffer, sizeof(szBuffer)); szBuffer[0] = L'0'; szBuffer[1] = L'x'; u64tohex(g_SdtTable[i].Address, &szBuffer[2]); lvitem.pszText = szBuffer; lvitem.iItem = index; ListView_SetItem(SdtDlgContext.ListView, &lvitem); //Module lvitem.iSubItem = 3; RtlSecureZeroMemory(szBuffer, sizeof(szBuffer)); number = supFindModuleEntryByAddress(pModules, (PVOID)g_SdtTable[i].Address); if (number == (ULONG)-1) { _strcpy(szBuffer, TEXT("Unknown Module")); } else { MultiByteToWideChar(CP_ACP, 0, (LPCSTR)&pModules->Modules[number].FullPathName, (INT)_strlen_a((char*)pModules->Modules[number].FullPathName), szBuffer, MAX_PATH); } lvitem.pszText = szBuffer; lvitem.iItem = index; ListView_SetItem(SdtDlgContext.ListView, &lvitem); } } while (cond); } __except (exceptFilter(GetExceptionCode(), GetExceptionInformation())) { return; } if (pModules) { HeapFree(GetProcessHeap(), 0, pModules); } if (Dump) { HeapFree(GetProcessHeap(), 0, Dump); } }
/* * SfuWhois * * Purpose: * * Send whois query and return actual result data as unicode string. * */ BOOL SfuWhois( _In_ UINT_PTR WhoisSocket, _In_ ZA_PEERINFO *Peer, _Inout_ UNICODE_STRING *ReturnedInfo ) { BYTE* pIP; int r = 0; unsigned long p = 0, c, i; unsigned __int64 ContentLength = 0; char Buffer[4096]; ANSI_STRING Src; BOOL bResult = FALSE; if ( (Peer == NULL) || (WhoisSocket == INVALID_SOCKET) || (ReturnedInfo == NULL) ) { return bResult; } pIP = (BYTE*)&Peer->IP; RtlSecureZeroMemory(&Buffer, sizeof(Buffer)); wsprintfA(Buffer, "GET /csv/%u.%u.%u.%u HTTP/1.1\r\nHost: freegeoip.net\r\nConnection: Keep-Alive\r\n\r\n", pIP[0], pIP[1], pIP[2], pIP[3] ); send(WhoisSocket, Buffer, (DWORD)_strlen_a(Buffer), 0); do { RtlSecureZeroMemory(Buffer, sizeof(Buffer)); r = recv(WhoisSocket, Buffer, 4096, 0); if (r <= 0) break; if ((_strncmpi_a("HTTP/1.0 200 ", Buffer, 13) != 0) && (_strncmpi_a("HTTP/1.1 200 ", Buffer, 13) != 0)) break; c = r; i = 0; do { p = i; while ((Buffer[i] != '\r') && (i < c)) i++; if (p == i) { i += 2; break; } i += 2; if (_strncmpi_a("Content-Length: ", &Buffer[p], 16) == 0) ContentLength = strtou64_a(&Buffer[p + 16]); } while (i < c); if ((ContentLength < 20) || (ContentLength > 1024)) break; RtlSecureZeroMemory(&Src, sizeof(Src)); RtlInitString(&Src, &Buffer[i]); if (NT_SUCCESS(RtlAnsiStringToUnicodeString(ReturnedInfo, &Src, TRUE))) bResult = TRUE; r = 0; } while (r > 0); return bResult; }
/* * AboutDialogInit * * Purpose: * * Displays program version and system information * */ VOID AboutDialogInit( HWND hwndDlg ) { NTSTATUS status; WCHAR buf[MAX_PATH]; BOOLEAN bSecureBoot = FALSE; ULONG returnLength; SYSTEM_BOOT_ENVIRONMENT_INFORMATION sbei; HANDLE hImage; SetDlgItemText(hwndDlg, ID_ABOUT_PROGRAM, PROFRAM_NAME_AND_TITLE); SetDlgItemText(hwndDlg, ID_ABOUT_BUILDINFO, PROGRAM_VERSION); hImage = LoadImage(g_hInstance, MAKEINTRESOURCE(IDI_ICON_MAIN), IMAGE_ICON, 48, 48, LR_SHARED); if (hImage) { SendMessage(GetDlgItem(hwndDlg, ID_ABOUT_ICON), STM_SETIMAGE, IMAGE_ICON, (LPARAM)hImage); DestroyIcon(hImage); } //remove class icon if any SetClassLongPtr(hwndDlg, GCLP_HICON, (LONG_PTR)NULL); RtlSecureZeroMemory(buf, sizeof(buf)); #if (_MSC_VER == 1900) //2015 #if (_MSC_FULL_VER == 190023026) //2015 RTM _strcpy(buf, L"MSVC 2015"); #elif (_MSC_FULL_VER == 190023419) // 2015 Update 1 RC _strcpy(buf, L"MSVC 2015 Update 1 RC"); #endif #else #if (_MSC_VER == 1800) //2013 #if (_MSC_FULL_VER == 180040629) _strcpy(buf, L"MSVC 2013 Update 5"); #elif (_MSC_FULL_VER == 180031101) _strcpy(buf, L"MSVC 2013 Update 4"); #elif (_MSC_FULL_VER == 180030723) _strcpy(buf, L"MSVC 2013 Update 3"); #elif (_MSC_FULL_VER == 180030501) _strcpy(buf, L"MSVC 2013 Update 2"); #elif (_MSC_FULL_VER < 180021005) _strcpy(buf, L"MSVC 2013 Preview/Beta/RC"); #else _strcpy(buf, L"MSVC 2013"); #endif #else _strcpy(buf, L"Unknown Compiler"); #endif #endif SetDlgItemText(hwndDlg, ID_ABOUT_COMPILERINFO, buf); RtlSecureZeroMemory(buf, sizeof(buf)); MultiByteToWideChar(CP_ACP, 0, __DATE__, (INT)_strlen_a(__DATE__), _strend(buf), 40); _strcat(buf, TEXT(" ")); MultiByteToWideChar(CP_ACP, 0, __TIME__, (INT)_strlen_a(__TIME__), _strend(buf), 40); SetDlgItemText(hwndDlg, ID_ABOUT_BUILDDATE, buf); // fill OS name wsprintfW(buf, L"Windows NT %1u.%1u (build %u", g_kdctx.osver.dwMajorVersion, g_kdctx.osver.dwMinorVersion, g_kdctx.osver.dwBuildNumber); if (g_kdctx.osver.szCSDVersion[0]) { wsprintfW(_strend(buf), L", %ws)", g_kdctx.osver.szCSDVersion); } else { _strcat(buf, L")"); } SetDlgItemText(hwndDlg, ID_ABOUT_OSNAME, buf); // fill boot options RtlSecureZeroMemory(&buf, sizeof(buf)); RtlSecureZeroMemory(&sbei, sizeof(sbei)); status = NtQuerySystemInformation(SystemBootEnvironmentInformation, &sbei, sizeof(sbei), &returnLength); if (NT_SUCCESS(status)) { wsprintfW(buf, L"%ws mode", ((sbei.FirmwareType == FirmwareTypeUefi) ? L"UEFI" : ((sbei.FirmwareType == FirmwareTypeBios) ? L"BIOS" : L"Unknown"))); if (sbei.FirmwareType == FirmwareTypeUefi) { bSecureBoot = FALSE; if (AboutDialogQuerySecureBootState(&bSecureBoot)) { wsprintfW(_strend(buf), L" with%ws SecureBoot", (bSecureBoot == TRUE) ? L"" : L"out"); } } } SetDlgItemText(hwndDlg, ID_ABOUT_ADVINFO, buf); SetFocus(GetDlgItem(hwndDlg, IDOK)); }
/* * AboutDialogInit * * Purpose: * * Displays program version and system information * */ VOID AboutDialogInit( HWND hwndDlg ) { BOOLEAN bSecureBoot = FALSE; ULONG returnLength; NTSTATUS status; HANDLE hImage; WCHAR szBuffer[MAX_PATH]; SYSTEM_BOOT_ENVIRONMENT_INFORMATION sbei; SetDlgItemText(hwndDlg, ID_ABOUT_PROGRAM, PROFRAM_NAME_AND_TITLE); SetDlgItemText(hwndDlg, ID_ABOUT_BUILDINFO, PROGRAM_VERSION); hImage = LoadImage(g_WinObj.hInstance, MAKEINTRESOURCE(IDI_ICON_MAIN), IMAGE_ICON, 48, 48, LR_SHARED); if (hImage) { SendMessage(GetDlgItem(hwndDlg, ID_ABOUT_ICON), STM_SETIMAGE, IMAGE_ICON, (LPARAM)hImage); DestroyIcon(hImage); } //remove class icon if any SetClassLongPtr(hwndDlg, GCLP_HICON, (LONG_PTR)NULL); RtlSecureZeroMemory(szBuffer, sizeof(szBuffer)); #if ((_MSC_VER == 1910) || (_MSC_VER == 1911) || (_MSC_VER == 1912))//2017 #if (_MSC_FULL_VER == 191025017) _strcpy(szBuffer, L"MSVC 2017"); #else _strcpy(szBuffer, L"MSVC 2017"); #endif #else #if (_MSC_VER == 1900) //2015 #if (_MSC_FULL_VER == 190023026) //2015 RTM _strcpy(szBuffer, L"MSVC 2015"); #elif (_MSC_FULL_VER == 190023506) // 2015 Update 1 _strcpy(szBuffer, L"MSVC 2015 Update 1"); #elif (_MSC_FULL_VER == 190023918) // 2015 Update 2 _strcpy(szBuffer, L"MSVC 2015 Update 2"); #elif (_MSC_FULL_VER == 190024210) // 2015 Update 3 _strcpy(szBuffer, L"MSVC 2015 Update 3"); #elif (_MSC_FULL_VER == 190024215) // 2015 Update 3 with Cumulative Servicing Release _strcpy(szBuffer, L"MSVC 2015 Update 3 CSR"); #endif #else #if (_MSC_VER == 1800) //2013 #if (_MSC_FULL_VER == 180040629) _strcpy(szBuffer, L"MSVC 2013 Update 5"); #elif (_MSC_FULL_VER == 180031101) _strcpy(szBuffer, L"MSVC 2013 Update 4"); #elif (_MSC_FULL_VER == 180030723) _strcpy(szBuffer, L"MSVC 2013 Update 3"); #elif (_MSC_FULL_VER == 180030501) _strcpy(szBuffer, L"MSVC 2013 Update 2"); #elif (_MSC_FULL_VER < 180021005) _strcpy(szBuffer, L"MSVC 2013 Preview/Beta/RC"); #else _strcpy(szBuffer, L"MSVC 2013"); #endif #else _strcpy(szBuffer, L"Unknown Compiler"); #endif #endif #endif if (szBuffer[0] == 0) { ultostr(_MSC_FULL_VER, szBuffer); } SetDlgItemText(hwndDlg, ID_ABOUT_COMPILERINFO, szBuffer); RtlSecureZeroMemory(szBuffer, sizeof(szBuffer)); MultiByteToWideChar(CP_ACP, 0, __DATE__, (INT)_strlen_a(__DATE__), _strend(szBuffer), 40); _strcat(szBuffer, TEXT(" ")); MultiByteToWideChar(CP_ACP, 0, __TIME__, (INT)_strlen_a(__TIME__), _strend(szBuffer), 40); SetDlgItemText(hwndDlg, ID_ABOUT_BUILDDATE, szBuffer); // fill OS name wsprintf(szBuffer, TEXT("Windows NT %1u.%1u (build %u"), g_WinObj.osver.dwMajorVersion, g_WinObj.osver.dwMinorVersion, g_WinObj.osver.dwBuildNumber); if (g_WinObj.osver.szCSDVersion[0]) { wsprintf(_strend(szBuffer), TEXT(", %ws)"), g_WinObj.osver.szCSDVersion); } else { _strcat(szBuffer, TEXT(")")); } SetDlgItemText(hwndDlg, ID_ABOUT_OSNAME, szBuffer); // fill boot options RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer)); RtlSecureZeroMemory(&sbei, sizeof(sbei)); status = NtQuerySystemInformation(SystemBootEnvironmentInformation, &sbei, sizeof(sbei), &returnLength); if (NT_SUCCESS(status)) { wsprintf(szBuffer, TEXT("%ws mode"), ((sbei.FirmwareType == FirmwareTypeUefi) ? TEXT("UEFI") : ((sbei.FirmwareType == FirmwareTypeBios) ? TEXT("BIOS") : TEXT("Unknown")))); if (sbei.FirmwareType == FirmwareTypeUefi) { bSecureBoot = FALSE; if (supQuerySecureBootState(&bSecureBoot)) { wsprintf(_strend(szBuffer), TEXT(" with%ws SecureBoot"), (bSecureBoot == TRUE) ? TEXT("") : TEXT("out")); } } } else { _strcpy(szBuffer, TEXT("Unknown")); } SetDlgItemText(hwndDlg, ID_ABOUT_ADVINFO, szBuffer); SetFocus(GetDlgItem(hwndDlg, IDOK)); }