RETVAL AdvancedOpenProcess(DWORD dwPid, HANDLE *phRemoteProc) {
RETVAL rv, rv2;
#define NEEDEDACCESS PROCESS_QUERY_INFORMATION | \
PROCESS_VM_WRITE | PROCESS_VM_READ | PROCESS_VM_OPERATION | PROCESS_CREATE_THREAD
// must be cleaned up
HANDLE hThisProcToken = NULL;
// initialize out params
*phRemoteProc = NULL;
bool bDebugPriv = false;
// get a process handle with the needed access
*phRemoteProc = OpenProcess(NEEDEDACCESS, false, dwPid);
if (NULL == *phRemoteProc) {
rv = GetLastError();
if (rv != ERROR_ACCESS_DENIED) {
_HandleError(rv, __T("OpenProcess"));
}
_tprintf(__T("Access denied; retrying with increased privileges.\n"));
// give ourselves god-like access over process handles
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hThisProcToken)) {
_HandleLastError(rv, __T("OpenProcessToken"));
}
rv = SetPrivilege(hThisProcToken, SE_DEBUG_NAME, true);
if (rv != EXIT_OK) {
_HandleError1(rv, __T("SetPrivilege"), SE_DEBUG_NAME);
} else {
bDebugPriv = true;
}
// get a process handle with the needed access
*phRemoteProc = OpenProcess(NEEDEDACCESS, false, dwPid);
if (*phRemoteProc == NULL) {
_HandleLastError(rv, __T("OpenProcess"));
}
}
// success
rv = EXIT_OK;
error:
if (rv == ERROR_ACCESS_DENIED && bDebugPriv == false) {
_tprintf(__T("You need administrative access (debug privilege) to access this process.\n"));
}
if (bDebugPriv == true) {
rv2 = SetPrivilege(hThisProcToken, SE_DEBUG_NAME, false);
_TeardownIfError(rv, rv2, __T("SetPrivilege"));
}
if (hThisProcToken != NULL) {
if (!CloseHandle(hThisProcToken)) {
rv2 = GetLastError();
_TeardownIfError(rv, rv2, __T("CloseHandle"));
}
}
return rv;
}
RETVAL SetPrivilege(HANDLE hToken, LPCWSTR szPrivilege, bool bEnablePrivilege) {
RETVAL rv;
TOKEN_PRIVILEGES tp;
LUID luid;
if (!LookupPrivilegeValue(NULL, szPrivilege, &luid)) {
_HandleLastError(rv, __T("LookupPrivilegeValue"));
goto error;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege) {
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
} else {
tp.Privileges[0].Attributes = 0;
}
AdjustTokenPrivileges(hToken, false, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL); // may return true though it failed
if ((rv = GetLastError()) != EXIT_OK) {
_HandleError(rv, __T("AdjustTokenPrivileges"));
}
error:
return rv;
}
RETVAL StartRemoteThread(HANDLE hRemoteProc, LPTHREAD_START_ROUTINE dwEntryPoint){
RETVAL rv;
// must be cleaned up
HANDLE hRemoteThread = NULL;
// inject the thread
hRemoteThread = CreateRemoteThread(hRemoteProc, NULL, 0,
dwEntryPoint, (void *) CTRL_BREAK_EVENT,
CREATE_SUSPENDED, NULL);
if (hRemoteThread == NULL) {
_HandleLastError(rv, __T("CreateRemoteThread"));
}
// wake up the thread
if (ResumeThread(hRemoteThread) == (DWORD) -1) {
_HandleLastError(rv, __T("ResumeThread"))
}
// wait for the thread to finish
if (WaitForSingleObject(hRemoteThread, INFINITE) != WAIT_OBJECT_0) {
_HandleLastError(rv, __T("WaitForSingleObject"));
}
// find out what happened
if (!GetExitCodeThread(hRemoteThread, (LPDWORD) &rv)) {
_HandleLastError(rv, __T("GetExitCodeThread"));
}
if (rv == STATUS_CONTROL_C_EXIT) {
_tprintf(__T("Target process was killed.\n"));
rv = EXIT_OK;
goto error;
}
if (rv != EXIT_OK) {
_HandleError(rv, __T("(remote function)"));
//if (ERROR_INVALID_HANDLE==rv) {
// printf("Are you sure this is a console application?\n");
//}
}
error:
if (hRemoteThread != NULL) {
if (!CloseHandle(hRemoteThread)) {
RETVAL rv2 = GetLastError();
_TeardownIfError(rv, rv2, __T("CloseHandle"));
}
}
return rv;
}
bool MySQLDatabase::_SendQuery(DatabaseConnection* con, const char* Sql, bool Self)
{
//dunno what it does ...leaving untouched
int result = mysql_query(static_cast<MySQLDatabaseConnection*>(con)->MySql, Sql);
if(result > 0)
{
if(Self == false && _HandleError(static_cast<MySQLDatabaseConnection*>(con), mysql_errno(static_cast<MySQLDatabaseConnection*>(con)->MySql)))
{
// Re-send the query, the connection was successful.
// The true on the end will prevent an endless loop here, as it will
// stop after sending the query twice.
result = _SendQuery(con, Sql, true);
}
else
LogError("Sql query failed due to [%s], Query: [%s]", mysql_error(static_cast<MySQLDatabaseConnection*>(con)->MySql), Sql);
}
return (result == 0 ? true : false);
}
bool Database::_SendQuery(DatabaseConnection &con, const char* Sql, bool Self)
{
//dunno what it does ...leaving untouched
int result = mysql_query(con.conn, Sql);
if(result > 0)
{
if( Self == false && _HandleError(con, mysql_errno( con.conn ) ) )
{
// Re-send the query, the connection was successful.
// The true on the end will prevent an endless loop here, as it will
// stop after sending the query twice.
result = _SendQuery(con, Sql, true);
}
else
ERROR_LOG(format("Sql query failed due to [%1%], Query: [%2%]\n") % mysql_error( con.conn ) % Sql);
}
return (result == 0 ? true : false);
}
int _tmain(int nArgs, TCHAR *argv[]) {
RETVAL rv;
HANDLE hRemoteProc = NULL;
HANDLE hRemoteProcToken = NULL;
bool bSignalThisProcessGroup = false;
if (nArgs != 2
|| ((argv[1][0] == '/' || argv[1][0] == '-')
&& (argv[1][1] == 'H' || argv[1][1] == 'h'|| argv[1][1] == '?') )) {
PrintHelp();
exit(1);
}
// check for the special parameter
TCHAR *szPid = argv[1];
bSignalThisProcessGroup = ('-' == szPid[0]);
TCHAR *szEnd;
DWORD dwPid = wcstoul(szPid, &szEnd, 0);
if (bSignalThisProcessGroup == false && (szPid == szEnd || dwPid == 0)) {
_tprintf(__T("\"%ls\" is not a valid PID.\n"), szPid);
rv = ERROR_INVALID_PARAMETER;
goto error;
}
//_tprintf(__T("Determining address of kernel32!CtrlRoutine...\n");
rv = GetCtrlRoutineAddress();
if (rv != EXIT_OK) {
_HandleError(rv, __T("GetCtrlRoutineAddress"));
}
//_tprintf(__T("Address is 0x%08X.\n", g_dwCtrlRoutineAddr);
// open the process
if (argv[1][0] == '-') {
_tprintf(__T("Sending signal to self...\n"));
hRemoteProc = GetCurrentProcess();
} else {
_tprintf(__T("Sending signal to process %d...\n"), dwPid);
rv = AdvancedOpenProcess(dwPid, &hRemoteProc);
if (rv != EXIT_OK) {
_HandleError1(rv, __T("AdvancedOpenProcess"), argv[1]);
}
}
rv = StartRemoteThread(hRemoteProc, g_dwCtrlRoutineAddr);
if (rv != EXIT_OK) {
_HandleError(rv, __T("StartRemoteThread"));
}
//done:
rv = EXIT_OK;
error:
if (hRemoteProc != NULL && hRemoteProc != GetCurrentProcess()) {
if (!CloseHandle(hRemoteProc)) {
RETVAL rv2 = GetLastError();
_TeardownIfError(rv, rv2, __T("CloseHandle"));
}
}
if (rv != EXIT_OK) {
_tprintf(__T("0x%08X == "), rv);
PrintError(rv);
}
return rv;
}
