DWORD apiGetConsoleSessionID() { DWORD nSessionId = 0; DWORD (WINAPI* wtsGetActiveConsoleSessionId)(void) = NULL; MModule kernel32(L"kernel32.dll"); if (kernel32.GetProcAddress("WTSGetActiveConsoleSessionId", wtsGetActiveConsoleSessionId)) { nSessionId = wtsGetActiveConsoleSessionId(); } return nSessionId; }
BOOL apiQuerySessionID(DWORD nPID, DWORD& nSessionID) { BOOL bSucceeded = FALSE; typedef BOOL (WINAPI* ProcessIdToSessionId_t)(DWORD dwProcessId, DWORD *pSessionId); ProcessIdToSessionId_t processIdToSessionId = NULL; MModule kernel32(L"kernel32.dll"); if (kernel32.GetProcAddress("ProcessIdToSessionId", processIdToSessionId)) { bSucceeded = processIdToSessionId(GetCurrentProcessId(), &nSessionID); } return bSucceeded; }
///////////////////////////////////////////////////////////////////////////// // MimimumWindowsPlatform // // Returns TRUE if running on a platform whose major version, minor version // and service pack major are greater than or equal to the ones specifed // while making this function call // BOOL MinimumWindowsPlatform( DWORD dwMajorVersion, DWORD dwMinorVersion, WORD wServicePackMajor) { XTL::AutoModuleHandle hModule = LoadLibrary(KERNEL32_DLL); if (hModule.IsInvalid()) { ATLTRACE("kernel32.dll not available, assumed platform does not meet the requirement\n"); return FALSE; } Kernel32Dll kernel32(hModule); if (!(kernel32.IsProcAvailable("VerSetConditionMask") && kernel32.IsProcAvailable("VerifyVersionInfoA"))) { ATLTRACE("Proc not available, assumed platform does not meet the requirement\n"); return FALSE; } // Initialize the condition mask. DWORDLONG dwlConditionMask = 0; dwlConditionMask = kernel32.VerSetConditionMask( dwlConditionMask, VER_MAJORVERSION, VER_GREATER_EQUAL); dwlConditionMask = kernel32.VerSetConditionMask( dwlConditionMask, VER_MINORVERSION, VER_GREATER_EQUAL); dwlConditionMask = kernel32.VerSetConditionMask( dwlConditionMask, VER_SERVICEPACKMAJOR, VER_GREATER_EQUAL); // Initialize the OSVERSIONINFOEX structure. OSVERSIONINFOEXA osvi = {0}; osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEXA); osvi.dwMajorVersion = dwMajorVersion; osvi.dwMinorVersion = dwMinorVersion; osvi.wServicePackMajor = wServicePackMajor; // Perform the test. return kernel32.VerifyVersionInfoA( &osvi, VER_MAJORVERSION | VER_MINORVERSION | VER_SERVICEPACKMAJOR, dwlConditionMask); }
static void resolveLibs() { static volatile bool done = false; if (done) return; // try to get GetTickCount64 from the system QSystemLibrary kernel32(QLatin1String("kernel32")); if (!kernel32.load()) return; // does this function exist on WinCE, or will ever exist? ptrGetTickCount64 = (PtrGetTickCount64)kernel32.resolve("GetTickCount64"); // Retrieve the number of high-resolution performance counter ticks per second LARGE_INTEGER frequency; if (!QueryPerformanceFrequency(&frequency)) { counterFrequency = 0; } else { counterFrequency = frequency.QuadPart; } done = true; }
QList<ProcessInfo> runningProcesses() { EnumWindowsProcParam param; HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (!snapshot) return param.processes; QStringList deviceList; const DWORD bufferSize = 1024; char buffer[bufferSize + 1] = { 0 }; if (QSysInfo::windowsVersion() <= QSysInfo::WV_5_2) { const DWORD size = GetLogicalDriveStringsA(bufferSize, buffer); deviceList = QString::fromLatin1(buffer, size).split(QLatin1Char(char(0)), QString::SkipEmptyParts); } QLibrary kernel32(QLatin1String("Kernel32.dll")); kernel32.load(); QueryFullProcessImageNamePtr pQueryFullProcessImageNamePtr = (QueryFullProcessImageNamePtr) kernel32 .resolve("QueryFullProcessImageNameA"); QLibrary psapi(QLatin1String("Psapi.dll")); psapi.load(); GetProcessImageFileNamePtr pGetProcessImageFileNamePtr = (GetProcessImageFileNamePtr) psapi .resolve("GetProcessImageFileNameA"); PROCESSENTRY32 processStruct; processStruct.dwSize = sizeof(PROCESSENTRY32); bool foundProcess = Process32First(snapshot, &processStruct); while (foundProcess) { HANDLE procHandle = OpenProcess(QSysInfo::windowsVersion() > QSysInfo::WV_5_2 ? KDSYSINFO_PROCESS_QUERY_LIMITED_INFORMATION : PROCESS_QUERY_INFORMATION, false, processStruct .th32ProcessID); bool succ = false; QString executablePath; DWORD bufferSize = 1024; if (QSysInfo::windowsVersion() > QSysInfo::WV_5_2) { succ = pQueryFullProcessImageNamePtr(procHandle, 0, buffer, &bufferSize); executablePath = QString::fromLatin1(buffer); } else if (pGetProcessImageFileNamePtr) { succ = pGetProcessImageFileNamePtr(procHandle, buffer, bufferSize); executablePath = QString::fromLatin1(buffer); for (int i = 0; i < deviceList.count(); ++i) { executablePath.replace(QString::fromLatin1( "\\Device\\HarddiskVolume%1\\" ).arg(i + 1), deviceList.at(i)); } } if (succ) { const quint32 pid = processStruct.th32ProcessID; param.seenIDs.append(pid); ProcessInfo info; info.id = pid; info.name = executablePath; param.processes.append(info); } CloseHandle(procHandle); foundProcess = Process32Next(snapshot, &processStruct); } if (snapshot) CloseHandle(snapshot); kernel32.unload(); return param.processes; }
static std::wstring GetProcessStr(std::size_t processId, std::function<UNICODE_STRING&(RTL_USER_PROCESS_PARAMETERS&)> stringTargetSelector) { if (processId == 0) { return L"System Idle Process"; } if (processId == 4) { wchar_t target[MAX_PATH] = L""; UINT len = ::GetWindowsDirectoryW(target, MAX_PATH); if (len == 0) { Win32Exception::ThrowFromLastError(); } --len; if (target[len] == L'\\') { ::wcscat_s(target + len, MAX_PATH - len, L"System32\\Ntoskrnl.exe"); } else { ::wcscat_s(target + len, MAX_PATH - len, L"\\System32\\Ntoskrnl.exe"); } return target; } try { UniqueHandle hProc(OpenProc(processId, PROCESS_VM_READ | PROCESS_QUERY_INFORMATION)); PROCESS_BASIC_INFORMATION basicInfo; NtQueryInformationProcessFunc ntQuery = GetNtDll().GetProcAddress<NtQueryInformationProcessFunc>("NtQueryInformationProcess"); NTSTATUS errorCheck = ntQuery(hProc.Get(), ProcessBasicInformation, &basicInfo, sizeof(basicInfo), nullptr); if (errorCheck != ERROR_SUCCESS) { Win32Exception::ThrowFromNtError(errorCheck); } PEB *pebAddr = basicInfo.PebBaseAddress; PEB peb; if (::ReadProcessMemory(hProc.Get(), pebAddr, &peb, sizeof(peb), nullptr) == 0) { Win32Exception::ThrowFromLastError(); } RTL_USER_PROCESS_PARAMETERS params; if (::ReadProcessMemory(hProc.Get(), peb.ProcessParameters, ¶ms, sizeof(params), nullptr) == 0) { Win32Exception::ThrowFromLastError(); } std::wstring result; UNICODE_STRING &targetString = stringTargetSelector(params); result.resize(targetString.Length / sizeof(wchar_t)); if (::ReadProcessMemory(hProc.Get(), targetString.Buffer, &result[0], result.size() * sizeof(wchar_t), nullptr) == 0) { Win32Exception::ThrowFromLastError(); } return result; } catch (ErrorAccessDeniedException const&) { //This block is vista and later specific; however, this does not matter because the //spurious access denied errors are being injected by Vista+'s media protection //features. UniqueHandle hProc(OpenProc(processId, PROCESS_QUERY_LIMITED_INFORMATION)); RuntimeDynamicLinker kernel32(L"Kernel32.dll"); typedef BOOL (WINAPI *QueryFullProcessImageNameFunc)(HANDLE, DWORD, LPWSTR, PDWORD); QueryFullProcessImageNameFunc queryProcessFile = kernel32.GetProcAddress<QueryFullProcessImageNameFunc>("QueryFullProcessImageNameW"); BOOL boolCheck; std::wstring buffer; DWORD goalSize = MAX_PATH; do { buffer.resize(goalSize); boolCheck = queryProcessFile(hProc.Get(), 0, &buffer[0], &goalSize); } while (boolCheck == 0 && ::GetLastError() == ERROR_INSUFFICIENT_BUFFER); if (boolCheck == 0 && GetLastError() != ERROR_INSUFFICIENT_BUFFER) { Win32Exception::ThrowFromLastError(); } buffer.resize(goalSize); return buffer; } }