mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
202 lines
7.3 KiB
202 lines
7.3 KiB
#include <windows.h> /* required for all Windows applications */
|
|
|
|
#define MAX_COMMUNICATION_BLOCK_SIZE 4096
|
|
#define DEAD_VALUE 0xFEFEFEFEL
|
|
|
|
#include <dbginfo.h>
|
|
|
|
extern BOOL FAR PASCAL WowKillRemoteTask( LPSTR lpBuffer );
|
|
|
|
int PASCAL WinMain(HANDLE hInstance,
|
|
HANDLE hPrevInstance, LPSTR lpszCmdLine, int iCmd )
|
|
{
|
|
HANDLE hCommunicationBlock;
|
|
LPSTR lpCommunicationBlock;
|
|
BOOL b;
|
|
LPCOM_HEADER lphead;
|
|
WORD wArgsPassed;
|
|
WORD wArgsSize;
|
|
WORD wSuccess;
|
|
DWORD dwReturnValue;
|
|
LPSTR lpModuleName;
|
|
LPSTR lpEntryName;
|
|
HANDLE hModule;
|
|
DWORD (FAR PASCAL *lpfn)();
|
|
BOOL fFailed;
|
|
LPWORD lpw;
|
|
|
|
// We only want 1 instance of WOWDEB
|
|
if ( hPrevInstance != NULL ) {
|
|
return( FALSE );
|
|
}
|
|
|
|
hCommunicationBlock = GlobalAlloc(GMEM_FIXED, MAX_COMMUNICATION_BLOCK_SIZE);
|
|
if ( hCommunicationBlock == (HANDLE)0 ) {
|
|
OutputDebugString("Failed to allocate memory block\n");
|
|
return( FALSE );
|
|
}
|
|
|
|
lpCommunicationBlock = GlobalLock(hCommunicationBlock);
|
|
if ( lpCommunicationBlock == NULL ) {
|
|
OutputDebugString("Failed to lock memory block\n");
|
|
return( FALSE );
|
|
}
|
|
|
|
/*
|
|
** Just make sure that TOOLHELP is loaded before we remotely kill
|
|
** ourselves.
|
|
*/
|
|
hModule = LoadLibrary( "TOOLHELP.DLL" );
|
|
|
|
dwReturnValue = DEAD_VALUE;
|
|
wSuccess = (WORD)FALSE;
|
|
|
|
do {
|
|
/*
|
|
** Initialize the communications block
|
|
*/
|
|
lphead = (LPCOM_HEADER)lpCommunicationBlock;
|
|
|
|
lphead->dwBlockAddress = (DWORD)lpCommunicationBlock;
|
|
lphead->dwReturnValue = dwReturnValue;
|
|
lphead->wArgsPassed = 0;
|
|
lphead->wArgsSize = 0;
|
|
lphead->wBlockLength = MAX_COMMUNICATION_BLOCK_SIZE;
|
|
lphead->wSuccess = (WORD)wSuccess;
|
|
|
|
b = WowKillRemoteTask( lpCommunicationBlock );
|
|
|
|
if ( !b ) {
|
|
break;
|
|
}
|
|
|
|
wSuccess = (WORD)FALSE;
|
|
dwReturnValue = 0;
|
|
|
|
/*
|
|
** Unpacketize the information and execute it
|
|
** Note: The below statements expect the contents of the structures
|
|
** to change after the above "WowKillRemoteTask" API call. If the
|
|
** compiler attempts to optimize the references below, it will get
|
|
** the wrong values.
|
|
*/
|
|
wArgsPassed = lphead->wArgsPassed;
|
|
wArgsSize = lphead->wArgsSize;
|
|
lpModuleName = lpCommunicationBlock + sizeof(COM_HEADER) + wArgsSize;
|
|
lpEntryName = lpModuleName + lstrlen(lpModuleName) + 1;
|
|
|
|
hModule = LoadLibrary( lpModuleName );
|
|
if ( hModule == 0 ) {
|
|
#ifdef DEBUG
|
|
OutputDebugString("Failed to load library\n");
|
|
#endif
|
|
continue;
|
|
}
|
|
|
|
lpfn = (DWORD (FAR PASCAL *)())GetProcAddress( hModule, lpEntryName );
|
|
if ( lpfn == NULL ) {
|
|
#ifdef DEBUG
|
|
OutputDebugString("Failed to get proc address\n");
|
|
#endif
|
|
continue;
|
|
}
|
|
|
|
// Now copy the right number of bytes onto the stack and call the
|
|
// function.
|
|
lpw = (LPWORD)(lpCommunicationBlock + sizeof(COM_HEADER));
|
|
fFailed = FALSE;
|
|
|
|
// Cheesy way of putting a variable number of arguments on the stack
|
|
// for a pascal call.
|
|
switch( wArgsPassed ) {
|
|
case 0:
|
|
dwReturnValue = (* lpfn)();
|
|
break;
|
|
case 2:
|
|
dwReturnValue = (* lpfn)( lpw[ 0] );
|
|
break;
|
|
case 4:
|
|
dwReturnValue = (* lpfn)( lpw[ 1], lpw[ 0] );
|
|
break;
|
|
case 6:
|
|
dwReturnValue = (* lpfn)( lpw[ 2], lpw[ 1], lpw[ 0] );
|
|
break;
|
|
case 8:
|
|
dwReturnValue = (* lpfn)( lpw[ 3], lpw[ 2], lpw[ 1], lpw[ 0] );
|
|
break;
|
|
case 10:
|
|
dwReturnValue = (* lpfn)( lpw[ 4], lpw[ 3], lpw[ 2], lpw[ 1],
|
|
lpw[ 0] );
|
|
break;
|
|
case 12:
|
|
dwReturnValue = (* lpfn)( lpw[ 5], lpw[ 4], lpw[ 3], lpw[ 2],
|
|
lpw[ 1], lpw[ 0] );
|
|
break;
|
|
case 14:
|
|
dwReturnValue = (* lpfn)( lpw[ 6], lpw[ 5], lpw[ 4], lpw[ 3],
|
|
lpw[ 2], lpw[ 1], lpw[ 0] );
|
|
break;
|
|
case 16:
|
|
dwReturnValue = (* lpfn)( lpw[ 7], lpw[ 6], lpw[ 5], lpw[ 4],
|
|
lpw[ 3], lpw[ 2], lpw[ 1], lpw[ 0] );
|
|
break;
|
|
case 18:
|
|
dwReturnValue = (* lpfn)( lpw[ 8], lpw[ 7], lpw[ 6], lpw[ 5],
|
|
lpw[ 4], lpw[ 3], lpw[ 2], lpw[ 1],
|
|
lpw[ 0] );
|
|
break;
|
|
case 20:
|
|
dwReturnValue = (* lpfn)( lpw[ 9], lpw[ 8], lpw[ 7], lpw[ 6],
|
|
lpw[ 5], lpw[ 4], lpw[ 3], lpw[ 2],
|
|
lpw[ 1], lpw[ 0] );
|
|
case 22:
|
|
dwReturnValue = (* lpfn)( lpw[10], lpw[ 9], lpw[ 8], lpw[ 7],
|
|
lpw[ 6], lpw[ 5], lpw[ 4], lpw[ 3],
|
|
lpw[ 2], lpw[ 1], lpw[ 0] );
|
|
break;
|
|
case 24:
|
|
dwReturnValue = (* lpfn)( lpw[11], lpw[10], lpw[ 9], lpw[ 8],
|
|
lpw[ 7], lpw[ 6], lpw[ 5], lpw[ 4],
|
|
lpw[ 3], lpw[ 2], lpw[ 1], lpw[ 0] );
|
|
break;
|
|
case 26:
|
|
dwReturnValue = (* lpfn)( lpw[12], lpw[11], lpw[10], lpw[ 9],
|
|
lpw[ 8], lpw[ 7], lpw[ 6], lpw[ 5],
|
|
lpw[ 4], lpw[ 3], lpw[ 2], lpw[ 1],
|
|
lpw[ 0] );
|
|
break;
|
|
case 28:
|
|
dwReturnValue = (* lpfn)( lpw[13], lpw[12], lpw[11], lpw[10],
|
|
lpw[ 9], lpw[ 8], lpw[ 7], lpw[ 6],
|
|
lpw[ 5], lpw[ 4], lpw[ 3], lpw[ 2],
|
|
lpw[ 1], lpw[ 0] );
|
|
break;
|
|
case 30:
|
|
dwReturnValue = (* lpfn)( lpw[14], lpw[13], lpw[12], lpw[11],
|
|
lpw[10], lpw[ 9], lpw[ 8], lpw[ 7],
|
|
lpw[ 6], lpw[ 5], lpw[ 4], lpw[ 3],
|
|
lpw[ 2], lpw[ 1], lpw[ 0] );
|
|
break;
|
|
case 32:
|
|
dwReturnValue = (* lpfn)( lpw[15], lpw[14], lpw[13], lpw[12],
|
|
lpw[11], lpw[10], lpw[ 9], lpw[ 8],
|
|
lpw[ 7], lpw[ 6], lpw[ 5], lpw[ 4],
|
|
lpw[ 3], lpw[ 2], lpw[ 1], lpw[ 0] );
|
|
break;
|
|
default:
|
|
#ifdef DEBUG
|
|
OutputDebugString("Wrong number of parameters\n");
|
|
#endif
|
|
fFailed = TRUE;
|
|
break;
|
|
}
|
|
if ( fFailed ) {
|
|
continue;
|
|
}
|
|
|
|
wSuccess = (WORD)TRUE;
|
|
|
|
} while( TRUE );
|
|
|
|
return( 1 );
|
|
}
|