Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1426 lines
32 KiB

g// EmExtn.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
#include <Psapi.h>
#include <winsvc.h>
#include <comsvcs.h>
#include "Processes.h"
#define SUCCESS 0
DWORD
InvalidCallback
(
/* [in] */ ENUMPROCSANDSERVICES lpEnumSrvcsProc,
/* [in] */ LPARAM lParam,
/* [in] */ LONG nItemNum
)
{
return( lpEnumSrvcsProc( INVALID_PID, NULL, NULL, NULL, lParam, nItemNum ) );
}
DWORD
GetNumberOfRunningApps
(
/* [out] */ DWORD *pdwNumbApps
)
{
DWORD dwLastRet = 0L;
DWORD *pdwPIDs = NULL;
DWORD dwBuffSize = 256L;
UINT nIdx = 0;
bool bIsService = false;
do
{
//
// This loop is used to get all the running PIDs
// in the system. Because we do not know how many
// processes are running, we dynamically increase
// the array size. Limit = 256 DWORDs * 5
//
do {
if(pdwPIDs != NULL){
delete[] pdwPIDs;
pdwPIDs = NULL;
}
dwBuffSize *= (nIdx + 1);
pdwPIDs = new DWORD[dwBuffSize];
if(pdwPIDs == NULL){
dwLastRet = GetLastError();
break;
}
dwLastRet = GetAllPids(
pdwPIDs,
dwBuffSize,
&dwBuffSize
);
}
while(dwLastRet == E_TOOMANY_PROCESSES);
if( dwLastRet == 0 ){
*pdwNumbApps = 0L;
for(UINT i = 0; i < dwBuffSize; ++i)
{
IsService( pdwPIDs[i], &bIsService );
if( bIsService != true ) *pdwNumbApps += 1;
}
}
}
while ( false );
if(pdwPIDs != NULL) {
delete[] pdwPIDs;
pdwPIDs = NULL;
}
return dwLastRet;
}
DWORD
GetAllPids
(
/* [out] */ DWORD adwProcIDs[],
/* [in] */ DWORD dwBuffSize,
/* [out] */ DWORD *pdwNumbProcs
)
{
DWORD dwLastRet = 0L;
_ASSERT(adwProcIDs != NULL);
_ASSERT(dwBuffSize != 0L);
_ASSERT(pdwNumbProcs != NULL);
do
{
if( (adwProcIDs == NULL) ||
(dwBuffSize == 0L) ||
(pdwNumbProcs == 0L)) {
dwLastRet = E_INVALIDARG;
break;
}
//
// Get the list of process identifiers.
//
dwLastRet = (DWORD)EnumProcesses(
adwProcIDs,
dwBuffSize,
pdwNumbProcs);
if(dwLastRet == 0L){
dwLastRet = GetLastError();
break;
}
//
// If both of them are same, it means that
// there may be more PIDs for which there
// is no space..
//
if(dwBuffSize == *pdwNumbProcs){
dwLastRet = ERROR_NOT_ENOUGH_MEMORY;
break;
}
//
// This will give us the number of PIDs
//
(*pdwNumbProcs) = ((*pdwNumbProcs) / sizeof(DWORD));
dwLastRet = 0L;
}
while(FALSE);
return dwLastRet;
}
DWORD
GetNumberOfServices
(
/* [out] */ DWORD *pdwNumbSrvcs,
/* [in] */ DWORD dwServiceType, /* = SERVICE_WIN32 */
/* [in] */ DWORD dwServiceState /* = SERVICE_ACTIVE */
)
{
_ASSERTE( pdwNumbSrvcs != NULL );
DWORD dwLastRet = 0L;
SC_HANDLE scm = NULL;
LPENUM_SERVICE_STATUS status = NULL;
DWORD cbBytesNeeded = 0L,
dwNumbSvcs = 0L,
dwResume = 0L;
ENUM_SERVICE_STATUS aServices[1]; // a-mando, bug ID: 296023
__try {
if( pdwNumbSrvcs == NULL ) { dwLastRet = -1L; goto qGetNumberOfServices; }
scm = OpenSCManager(
NULL,
NULL,
SC_MANAGER_ENUMERATE_SERVICE
);
if( !scm ) { dwLastRet = GetLastError(); goto qGetNumberOfServices; }
*pdwNumbSrvcs = 0L;
if( EnumServicesStatus(
scm,
dwServiceType,
dwServiceState,
aServices, // a-mando, bug ID: 296023
0,
&cbBytesNeeded,
&dwNumbSvcs,
&dwResume
) == false ) {
dwLastRet = GetLastError();
}
if( dwLastRet != ERROR_MORE_DATA ) { goto qGetNumberOfServices;}
//
// Allocate space
//
status = (LPENUM_SERVICE_STATUS)LocalAlloc(
LPTR,
cbBytesNeeded
);
if( !status ) { dwLastRet = GetLastError(); goto qGetNumberOfServices; }
//
// Get the status records.
//
dwResume = 0;
dwLastRet = EnumServicesStatus(
scm,
dwServiceType,
dwServiceState,
status,
cbBytesNeeded,
&cbBytesNeeded,
&dwNumbSvcs,
&dwResume
);
if (dwLastRet == 0) { dwLastRet = GetLastError(); goto qGetNumberOfServices; }
*pdwNumbSrvcs = dwNumbSvcs;
dwLastRet = SUCCESS;
qGetNumberOfServices:
if( scm ) CloseServiceHandle( scm );
if( status ) LocalFree( status );
}
__except ( EXCEPTION_EXECUTE_HANDLER, 1 ) {
dwLastRet = GetLastError();
if( scm ) CloseServiceHandle( scm );
if( status ) LocalFree( status );
_ASSERTE( false );
}
return dwLastRet;
}
DWORD
GetNumberOfActiveServices
(
/* [out] */ DWORD *pdwNumbActiveSrvcs
)
{
return GetNumberOfServices( pdwNumbActiveSrvcs );
}
DWORD
GetNumberOfInactiveServices
(
/* [out] */ DWORD *pdwNumbInactiveSrvcs
)
{
return GetNumberOfServices( pdwNumbInactiveSrvcs, SERVICE_WIN32, SERVICE_INACTIVE );
}
DWORD
IsService
(
/* [in] */ UINT nPid,
/* [out] */ bool *pbIsService,
/* [out] */ LPTSTR lpszImagePath,
/* [out] */ ULONG cchImagePath,
/* [out] */ LPTSTR lpszServiceShortName,
/* [in] */ ULONG cchServiceShortName,
/* [out] */ LPTSTR lpszServiceDescription,
/* [in] */ ULONG cchServiceDescription
)
{
DWORD dwRet = 0L;
OSVERSIONINFO osvi;
ZeroMemory( (void *)&osvi, sizeof(OSVERSIONINFO) );
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
if( !GetVersionEx (&osvi) ) {
return (dwRet = GetLastError());
}
if( osvi.dwPlatformId & VER_PLATFORM_WIN32_NT ) {
if( osvi.dwMajorVersion == 4 ) {
// && osvi.dwMinorVersion == 0 ) { // we will not look for the minor version.
IsService_NT4( nPid, pbIsService );
}
else if( osvi.dwMajorVersion == 5 ) {
// && osvi.dwMinorVersion == 0 ) {
IsService_NT5(
nPid,
pbIsService,
lpszImagePath,
cchImagePath,
lpszServiceShortName,
cchServiceShortName,
lpszServiceDescription,
cchServiceDescription
);
}
}
return dwRet;
}
DWORD
IsService_NT5
(
/* [in] */ UINT nPid,
/* [out] */ bool *pbIsService,
/* [out] */ LPTSTR lpszImagePath,
/* [out] */ ULONG cchImagePath,
/* [out] */ LPTSTR lpszServiceShortName,
/* [in] */ ULONG cchServiceShortName,
/* [out] */ LPTSTR lpszServiceDescription,
/* [in] */ ULONG cchServiceDescription
)
{
_ASSERTE ( pbIsService != NULL );
bool bIsService = false;
DWORD dwLastRet = 0L;
int i = 0;
SC_HANDLE scm = NULL;
ENUM_SERVICE_STATUS_PROCESS *status = NULL;
DWORD numServices = 0L,
sizeNeeded = 0L,
resume = 0L;
__try
{
if( pbIsService == NULL ) { dwLastRet = -1L; goto qIsService; }
//
// Open a connection to the SCM
//
scm = OpenSCManager(0, 0, SC_MANAGER_ENUMERATE_SERVICE);
if ( !scm ){ dwLastRet = GetLastError(); goto qIsService; }
//
// Get the number of bytes to allocate
//
resume = 0;
if( EnumServicesStatusEx(
scm,
SC_ENUM_PROCESS_INFO,
SERVICE_WIN32, // We won't debug drivers
SERVICE_ACTIVE,
0,
0,
&sizeNeeded,
&numServices,
&resume,
NULL
) == 0 ) {
dwLastRet = GetLastError();
//
// If it is any error other than this,
// we won't continue..
//
if(dwLastRet != ERROR_MORE_DATA) goto qIsService;
}
//
// Allocate space
//
status = (ENUM_SERVICE_STATUS_PROCESS *)LocalAlloc(
LPTR,
sizeNeeded
);
if( status == NULL ){ dwLastRet = GetLastError(); goto qIsService; }
//
// Get the status records.
//
resume = 0;
if( EnumServicesStatusEx(
scm,
SC_ENUM_PROCESS_INFO,
SERVICE_WIN32, // We won't debug drivers
SERVICE_ACTIVE,
(LPBYTE)status,
sizeNeeded,
&sizeNeeded,
&numServices,
&resume,
NULL
) == 0 ) {
dwLastRet = GetLastError(); goto qIsService;
}
*pbIsService = false;
for (i = 0; i < (int)numServices; i++)
{
if( status[i].ServiceStatusProcess.dwProcessId == nPid ) {
*pbIsService = true;
if(lpszImagePath)
{ _tcsncpy( lpszImagePath, _T(""), cchImagePath ); }
if(lpszServiceShortName)
{ _tcsncpy( lpszServiceShortName, status[i].lpServiceName, cchServiceShortName ); }
if(lpszServiceDescription)
{ _tcsncpy( lpszServiceDescription, status[i].lpDisplayName, cchServiceDescription ); }
break;
}
}
dwLastRet = SUCCESS;
qIsService:
if( scm ) { CloseServiceHandle(scm); scm = NULL; }
if( status ){ LocalFree(status); status = NULL; }
}
__except ( EXCEPTION_EXECUTE_HANDLER, 1 ) {
dwLastRet = GetLastError();
if( scm ) { CloseServiceHandle( scm ); scm = NULL; }
if( status ){ LocalFree(status); status = NULL; }
_ASSERTE( false );
}
return dwLastRet;
}
DWORD
GetServiceInfo
(
/* [in] */ UINT nPid,
/* [out] */ LPTSTR lpszImagePath,
/* [out] */ ULONG cchImagePath,
/* [out] */ LPTSTR lpszServiceShortName,
/* [in] */ ULONG cchServiceShortName,
/* [out] */ LPTSTR lpszServiceDescription,
/* [in] */ ULONG cchServiceDescription
)
{
bool bIsService = false;
return IsService(
nPid,
&bIsService,
lpszImagePath,
cchImagePath,
lpszServiceShortName,
cchServiceShortName,
lpszServiceDescription,
cchServiceDescription
);
}
DWORD
EnumRunningProcesses
(
/* [in] */ ENUMPROCSANDSERVICES lpEnumRunProc,
/* [in] */ LPARAM lParam,
/* [in] */ UINT nStartIndex
)
{
// Nothing to do if this is NULL..
_ASSERT(lpEnumRunProc != NULL);
DWORD dwLastRet = 0L;
DWORD dwBuffSize = 256L;
DWORD *pdwPIDs = NULL;
UINT nIdx = 0;
UINT nItemNum = nStartIndex;
bool bService = FALSE;
TCHAR szShortName[_MAX_PATH] = _T("");
TCHAR szImagePath[_MAX_PATH] = _T("");
__try
{
if( !lpEnumRunProc ){ dwLastRet = E_INVALIDARG; goto qEnumRunningProcesses; }
//
// This loop is used to get all the running PIDs
// in the system. Because we do not know how many
// processes are running, we dynamically increase
// the array size. Limit = 256 DWORDs * 5
//
do{
if(pdwPIDs != NULL){
delete[] pdwPIDs;
pdwPIDs = NULL;
}
dwBuffSize *= (nIdx + 1);
pdwPIDs = new DWORD[dwBuffSize];
if(pdwPIDs == NULL){
dwLastRet = GetLastError();
break;
}
dwLastRet = GetAllPids(
pdwPIDs,
dwBuffSize,
&dwBuffSize
);
}
while(dwLastRet == E_TOOMANY_PROCESSES);
//
// There are more processes than we
// can handle..
//
if( dwLastRet != E_TOOMANY_PROCESSES && dwLastRet != 0){ goto qEnumRunningProcesses; }
//
// If everything goes alright, call the Callback procedure
// once for each PID (or till the procedure returns FALSE)
// with the PID and the corresponding Image path..
//
nIdx = -1;
while(++nIdx < dwBuffSize){
dwLastRet = SUCCESS;
IsService( pdwPIDs[nIdx], &bService );
if( bService == true ) continue; // we won't add services into the list..
// This may fail for some procs like the system process.
if( GetImageNameFromPID( pdwPIDs[nIdx], szImagePath, _MAX_PATH )) {
if(lpEnumRunProc(INVALID_PID, NULL, NULL, NULL, lParam, nItemNum++) == FALSE){
dwLastRet = FALSE;
goto qEnumRunningProcesses; // Stop when the Callback procedure returns FALSE.
}
}
else {
BSTR bstrDesc = _T("");
if( IsPackage( szImagePath ) ) {
GetPackageDescription( pdwPIDs[nIdx], bstrDesc );
}
if(lpEnumRunProc(pdwPIDs[nIdx], szImagePath, _T(""), bstrDesc, lParam, nItemNum++ ) == FALSE) {
dwLastRet = FALSE;
goto qEnumRunningProcesses; // Stop when the Callback procedure returns FALSE.
}
}
}
dwLastRet = SUCCESS;
qEnumRunningProcesses:
//
// Clean up memory allocated for PIDs array.
//
if( pdwPIDs ) { delete[] pdwPIDs; pdwPIDs = NULL; }
}
__except ( EXCEPTION_EXECUTE_HANDLER, 1 ) {
dwLastRet = GetLastError();
if( pdwPIDs ) { delete[] pdwPIDs; pdwPIDs = NULL; }
_ASSERTE( false );
}
return dwLastRet;
}
BOOL
IsPackage
(
IN LPTSTR lpszImageName
)
{
_ASSERTE( lpszImageName != NULL );
BOOL bRet = false;
const DWORD cTemplates = 2;
LPCTSTR szTemplate [cTemplates];
__try
{
if( !lpszImageName ) { return (bRet = false); }
_tcslwr( lpszImageName );
szTemplate[0] = _T("dllhost.exe");
szTemplate[1] = _T("mts.exe");
for( int i = 0; i < cTemplates; i++ ) {
if( _tcsstr( lpszImageName, szTemplate[i] ) != NULL ) {
bRet = true;
break;
}
}
}
__except ( EXCEPTION_EXECUTE_HANDLER, 1 ) {
bRet = false;
_ASSERTE( false );
}
return bRet;
}
DWORD
EnumRunningServices
(
/* [in] */ ENUMPROCSANDSERVICES lpEnumSrvcsProc,
/* [in] */ LPARAM lParam,
/* [in] */ UINT nStartIndex
)
{
return EnumServices( lpEnumSrvcsProc, lParam, SERVICE_ACTIVE, nStartIndex );
}
DWORD
EnumStoppedServices
(
/* [in] */ ENUMPROCSANDSERVICES lpEnumSrvcsProc,
/* [in] */ LPARAM lParam,
/* [in] */ UINT nStartIndex
)
{
return EnumServices( lpEnumSrvcsProc, lParam, SERVICE_INACTIVE, nStartIndex );
}
DWORD
EnumServices
(
/* [in] */ ENUMPROCSANDSERVICES lpEnumSrvcsProc,
/* [in] */ LPARAM lParam,
/* [in] */ DWORD dwSrvcState,
/* [in] */ UINT nStartIndex
)
{
_ASSERTE ( lpEnumSrvcsProc != NULL );
bool bIsService = false;
DWORD dwLastRet = 0L;
int i = 0;
SC_HANDLE scm = NULL,
service = NULL;
LPQUERY_SERVICE_CONFIG buffer = NULL;
ENUM_SERVICE_STATUS_PROCESS *status = NULL;
DWORD numServices = 0L,
sizeNeeded = 0L,
resume = 0L;
UINT nItemNum = nStartIndex;
__try
{
if( lpEnumSrvcsProc == NULL ) { dwLastRet = -1L; goto qEnumServices; }
//
// Open a connection to the SCM
//
scm = OpenSCManager(0, 0, SC_MANAGER_ENUMERATE_SERVICE);
if ( !scm ){ dwLastRet = GetLastError(); goto qEnumServices; }
//
// Get the number of bytes to allocate
//
resume = 0;
if( EnumServicesStatusEx(
scm,
SC_ENUM_PROCESS_INFO,
SERVICE_WIN32, // We won't debug drivers
dwSrvcState,
0,
0,
&sizeNeeded,
&numServices,
&resume,
NULL
) == 0 ) {
dwLastRet = GetLastError();
//
// If it is any error other than this,
// we won't continue..
//
if(dwLastRet != ERROR_MORE_DATA) goto qEnumServices;
}
//
// Allocate space
//
status = (ENUM_SERVICE_STATUS_PROCESS *)LocalAlloc(
LPTR,
sizeNeeded
);
if( status == NULL ){ dwLastRet = GetLastError(); goto qEnumServices; }
//
// Get the status records.
//
resume = 0;
if( EnumServicesStatusEx(
scm,
SC_ENUM_PROCESS_INFO,
SERVICE_WIN32, // We won't debug drivers
dwSrvcState,
(LPBYTE)status,
sizeNeeded,
&sizeNeeded,
&numServices,
&resume,
NULL
) == 0 ) {
dwLastRet = GetLastError(); goto qEnumServices;
}
for (i = 0; i < (int)numServices; i++)
{
if(service){
CloseServiceHandle(service);
service = NULL;
}
service = OpenService( scm,
status[i].lpServiceName,
SERVICE_QUERY_CONFIG
);
if (!service) {
dwLastRet = GetLastError();
InvalidCallback( lpEnumSrvcsProc, lParam, nItemNum++ );
continue;
} //goto qEnumServices; }
//
// Find out how big the buffer needs to be
//
dwLastRet = QueryServiceConfig(
service,
0,
0,
&sizeNeeded
);
if(dwLastRet == 0){
dwLastRet = GetLastError();
//
// If it is any error other than
// this, we won't continue..
//
if(dwLastRet != ERROR_INSUFFICIENT_BUFFER) {
InvalidCallback( lpEnumSrvcsProc, lParam, nItemNum++ );
continue;
}
}
//
// Allocate space for the buffer
//
buffer = (LPQUERY_SERVICE_CONFIG)
LocalAlloc(
LPTR,
sizeNeeded
);
//
// Get Buffer
//
dwLastRet = QueryServiceConfig(
service,
buffer,
sizeNeeded,
&sizeNeeded
);
if (dwLastRet == 0){
dwLastRet = GetLastError();
InvalidCallback( lpEnumSrvcsProc, lParam, nItemNum++ );
continue;
}
_tcslwr(buffer->lpBinaryPathName);
if(lpEnumSrvcsProc(
status[i].ServiceStatusProcess.dwProcessId,
buffer->lpBinaryPathName,
status[i].lpServiceName,
status[i].lpDisplayName,
lParam,
nItemNum++
) == FALSE) {
dwLastRet = FALSE;
goto qEnumServices; // Stop when the Callback procedure returns FALSE.
}
//
// CleanUp
//
if(buffer != NULL){
LocalFree(buffer);
buffer = NULL;
}
}
dwLastRet = SUCCESS;
qEnumServices:
if( scm ) { CloseServiceHandle(scm); scm = NULL; }
if( status ){ LocalFree(status); status = NULL; }
}
__except ( EXCEPTION_EXECUTE_HANDLER, 1 ) {
dwLastRet = GetLastError();
if( scm ) { CloseServiceHandle( scm ); scm = NULL; }
if( status ){ LocalFree(status); status = NULL; }
_ASSERTE( false );
}
return dwLastRet;
}
DWORD
StartServiceAndGetPid
(
IN LPCTSTR lpszServiceShortName,
OUT UINT *pnPid
)
{
_ASSERTE(lpszServiceShortName != NULL);
DWORD dwLastRet = 0L;
DWORD dwBytesNeeded = 0L;
SC_HANDLE scm = NULL,
service = NULL;
SERVICE_STATUS_PROCESS stInfo;
do
{
//
// Open a connection to the SCM
//
scm = OpenSCManager(0, 0, GENERIC_EXECUTE | STANDARD_RIGHTS_REQUIRED | SC_MANAGER_ENUMERATE_SERVICE);
if (!scm){
dwLastRet = GetLastError();
break;
}
service = OpenService( scm, lpszServiceShortName, GENERIC_EXECUTE | STANDARD_RIGHTS_REQUIRED | SC_MANAGER_ENUMERATE_SERVICE );
if (!service){
dwLastRet = GetLastError();
break;
}
if( StartService( service, 0L, NULL ) == 0 ) {
dwLastRet = GetLastError();
break;
}
if( QueryServiceStatusEx(
service,
SC_STATUS_PROCESS_INFO,
(LPBYTE) &stInfo,
sizeof stInfo,
&dwBytesNeeded
) == 0 ) {
dwLastRet = GetLastError();
break;
}
//
// Successful..
//
*pnPid = stInfo.dwProcessId;
dwLastRet = 0L;
}
while(FALSE);
if(scm){
CloseServiceHandle(scm);
scm = NULL;
}
if(service){
CloseServiceHandle(service);
service = NULL;
}
return dwLastRet;
}
BOOL
IsImageRunning
(
/* [in] */ ULONG lPID
)
{
bool bRet = FALSE;
HANDLE hProcess = ::OpenProcess(
PROCESS_QUERY_INFORMATION,
FALSE,
lPID
);
if(hProcess != NULL){
CloseHandle(hProcess);
bRet = TRUE;
}
return bRet;
}
DWORD
GetImageNameFromPID
(
/* [in] */ ULONG lPID,
/* [out] */ LPTSTR lpszImagePath,
/* [in] */ DWORD dwBuffSize
)
{
DWORD dwLastRet = S_OK;
HANDLE hProcess = NULL;
HMODULE hMod = NULL;
DWORD cbNeeded = 0L;
//
// 0 is a valid PID..
//
// _ASSERT(lPID != 0L);
_ASSERT(lpszImagePath != NULL);
do
{
if( /*(lPID == 0L) ||*/
(lpszImagePath == NULL) ){
dwLastRet = E_INVALIDARG;
break;
}
//
// Get a handle to the process.
//
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE,
lPID
);
if (hProcess == NULL){
dwLastRet = GetLastError();
break;
}
//
// We do not want to enumerate all the modules in the
// process, but only one..
//
dwLastRet = EnumProcessModules(
hProcess,
&hMod,
sizeof(hMod),
&cbNeeded
);
if(dwLastRet == NULL){
dwLastRet = GetLastError();
break;
}
//
// Get the process name.
//
dwLastRet = GetModuleBaseName(
hProcess,
hMod,
lpszImagePath,
dwBuffSize
);
if(dwLastRet == NULL){
dwLastRet = GetLastError();
break;
}
//
// We will store all the strings in
// lower case..
//
_tcslwr(lpszImagePath);
dwLastRet = SUCCESS;
}while(FALSE);
if(hProcess) CloseHandle(hProcess);
return dwLastRet;
}
DWORD
IsValidImage
(
/* [in] */ ULONG lPID,
/* [in] */ LPCTSTR lpszImageName,
/* [out] */ bool *pbValidImage
)
{
_ASSERTE( lpszImageName != NULL );
DWORD dwLastRet = 0L;
TCHAR szImageName[_MAX_PATH+1] = _T("");
__try
{
if( lpszImageName == NULL ) {
return (dwLastRet = -1L);
}
*pbValidImage = false;
dwLastRet = GetImageNameFromPID( lPID, szImageName, _MAX_PATH );
if( dwLastRet != SUCCESS ) return dwLastRet;
*pbValidImage = (_tcsicmp( szImageName, lpszImageName) == 0);
}
__except ( EXCEPTION_EXECUTE_HANDLER, 1 )
{
dwLastRet = GetLastError();
_ASSERTE(false);
}
return dwLastRet;
}
DWORD
IsValidProcess
(
/* [in] */ ULONG lPID,
/* [in] */ LPCTSTR lpszImageName,
/* [out] */ bool *pbValidImage
)
{
return IsValidImage( lPID, lpszImageName, pbValidImage );
}
DWORD
IsValidService
(
/* [in] */ ULONG lPID,
/* [in] */ LPCTSTR lpszImageName,
/* [out] */ bool *pbValidImage
)
{
_ASSERTE( lpszImageName != NULL );
DWORD dwLastRet = 0L;
TCHAR szImageName[_MAX_PATH+1] = _T("");
LPCTSTR lpszImage = NULL;
__try
{
if( lpszImageName == NULL ) {
return (dwLastRet = -1L);
}
lpszImage = _tcsrchr( lpszImageName, _T('\\') );
if( !lpszImage ) { lpszImage = lpszImageName; }
else { lpszImage += 1; }
dwLastRet = IsValidImage( lPID, lpszImage, pbValidImage );
}
__except ( EXCEPTION_EXECUTE_HANDLER, 1 )
{
dwLastRet = GetLastError();
_ASSERTE(false);
}
return dwLastRet;
}
DWORD
GetProcessHandle
(
IN ULONG lPid,
OUT HANDLE *phProcess
)
{
DWORD dwLastRet = 0L;
__try
{
//
// Get a handle to the process.
//
dwLastRet = SUCCESS;
*phProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE,
lPid
);
if (*phProcess == NULL){
dwLastRet = GetLastError();
}
}
__except ( EXCEPTION_EXECUTE_HANDLER, 1 )
{
dwLastRet = GetLastError();
_ASSERTE(false);
}
return dwLastRet;
}
HRESULT
GetPackageDescription
(
IN const long nPid,
OUT BSTR &bstrDescription
)
{
_ASSERTE( nPid != 0 );
HRESULT hr = E_FAIL;
IMtsGrp* pMtsGrp = NULL;
IUnknown* pUnk = NULL;
IMtsEvents* pEvents = NULL;
long lPackages = 0;
long lPID = 0;
long lLp = 0;
__try
{
if( !nPid ) { return (hr = E_INVALIDARG); }
//Create the MTS Group object
hr = CoInitialize( NULL );
if( FAILED(hr) ) { goto qGetPackageDescription; }
hr = CoCreateInstance (CLSID_MtsGrp, NULL, CLSCTX_ALL, IID_IMtsGrp, (void **)&pMtsGrp);
if( FAILED(hr) ) { goto qGetPackageDescription; }
hr = pMtsGrp->Refresh(); // its important to call this!
if( FAILED(hr) ) { goto qGetPackageDescription; }
hr = pMtsGrp->get_Count( &lPackages );
if( FAILED(hr) ) { goto qGetPackageDescription; }
for (lLp = 0; lLp < lPackages; lLp++)
{
hr = pMtsGrp->Item(lLp, &pUnk);
if( FAILED(hr) ) { goto qGetPackageDescription; }
hr = pUnk->QueryInterface(IID_IMtsEvents, (void **)&pEvents);
if( FAILED(hr) || !pEvents ) { goto qGetPackageDescription; }
if( pUnk ) { pUnk->Release(); pUnk = NULL; }
hr = pEvents->GetProcessID( &lPID );
if( FAILED(hr) ) { goto qGetPackageDescription; }
if( lPID == nPid ) { // This is the package we are looking for..
hr = pEvents->get_PackageName( &bstrDescription );
if( FAILED(hr) ) { goto qGetPackageDescription; }
break; // We got what we were looking for.
}
if( pEvents ) { pEvents->Release(); pEvents = NULL; }
}
hr = S_OK;
qGetPackageDescription:
if( pEvents ) { pEvents->Release(); pEvents = NULL; }
if( pUnk ) { pUnk->Release(); pUnk = NULL; }
if( pMtsGrp ) { pMtsGrp->Release(); pMtsGrp = NULL; }
}
__except ( EXCEPTION_EXECUTE_HANDLER, 1 )
{
if( pEvents ) { pEvents->Release(); pEvents = NULL; }
if( pUnk ) { pUnk->Release(); pUnk = NULL; }
if( pMtsGrp ) { pMtsGrp->Release(); pMtsGrp = NULL; }
hr = E_UNEXPECTED;
_ASSERTE(false);
}
return hr;
}
/*
EnumServicesStatusEx(..) is not supported on NT 4.0.
<http://www.mvps.org/win32/security/is_svc.html>
*/
HRESULT
IsService_NT4
(
IN UINT nPid,
OUT bool *pbIsService
)
{
_ASSERTE( nPid > 0 );
HRESULT hr = E_FAIL;
HANDLE hProcess = NULL;
HANDLE hProcessToken = NULL;
DWORD groupLength = 50;
PTOKEN_GROUPS groupInfo = NULL;
SID_IDENTIFIER_AUTHORITY siaNt = SECURITY_NT_AUTHORITY;
PSID pInteractiveSid = NULL;
PSID pServiceSid = NULL;
DWORD dwRet = NO_ERROR;
DWORD ndx;
bool isInteractive = FALSE,
isService = FALSE;
__try
{
if( nPid <= 0 ) { hr = E_INVALIDARG; goto qIsService; }
hr = GetProcessHandle( nPid, &hProcess );
if( FAILED(hr) ) { goto qIsService; }
// open the token
if( !::OpenProcessToken( hProcess, TOKEN_QUERY, &hProcessToken) ) {
hr = HRESULT_FROM_WIN32(GetLastError());
goto qIsService;
}
// allocate a buffer of default size
groupInfo = (PTOKEN_GROUPS)::LocalAlloc(0, groupLength);
if ( !groupInfo ) {
hr = HRESULT_FROM_WIN32( GetLastError() );
goto qIsService;
}
// try to get the info
if (!::GetTokenInformation(
hProcessToken,
TokenGroups,
groupInfo,
groupLength,
&groupLength
)
) {
// if buffer was too small, allocate to proper size, otherwise error
if (::GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
hr = HRESULT_FROM_WIN32( GetLastError() );
goto qIsService;
}
::LocalFree(groupInfo);
groupInfo = (PTOKEN_GROUPS)::LocalAlloc(0, groupLength);
if (groupInfo == NULL) {
hr = HRESULT_FROM_WIN32( GetLastError() );
goto qIsService;
}
if (!GetTokenInformation(hProcessToken, TokenGroups,
groupInfo, groupLength, &groupLength)) {
hr = HRESULT_FROM_WIN32( GetLastError() );
goto qIsService;
}
}
//
// We now know the groups associated with this token. We want
// to look to see if the interactive group is active in the
// token, and if so, we know that this is an interactive process.
//
// We also look for the "service" SID, and if it's present,
// we know we're a service.
//
// The service SID will be present iff the service is running in a
// user account (and was invoked by the service controller).
//
// create comparison sids
if (!AllocateAndInitializeSid(&siaNt, 1, SECURITY_INTERACTIVE_RID,
0, 0, 0, 0, 0, 0, 0, &pInteractiveSid)) {
hr = HRESULT_FROM_WIN32( GetLastError() );
goto qIsService;
}
if (!AllocateAndInitializeSid(&siaNt, 1, SECURITY_SERVICE_RID,
0, 0, 0, 0, 0, 0, 0, &pServiceSid)) {
hr = HRESULT_FROM_WIN32( GetLastError() );
goto qIsService;
}
// reset flags
isInteractive = FALSE;
isService = FALSE;
// try to match sids
for (ndx = 0; ndx < groupInfo->GroupCount ; ndx += 1)
{
SID_AND_ATTRIBUTES sanda = groupInfo->Groups[ndx];
PSID pSid = sanda.Sid;
//
// Check to see if the group we're looking at is one of
// the two groups we're interested in.
//
if (::EqualSid(pSid, pInteractiveSid))
{
//
// This process has the Interactive SID in its
// token. This means that the process is running as
// a console process
//
isInteractive = TRUE;
isService = FALSE;
break;
}
else if (::EqualSid(pSid, pServiceSid))
{
//
// This process has the Service SID in its
// token. This means that the process is running as
// a service running in a user account ( not local system ).
//
isService = TRUE;
isInteractive = FALSE;
break;
}
}
if ( !( isService || isInteractive ) )
{
//
// Neither Interactive or Service was present in the current
// users token, This implies that the process is running as
// a service, most likely running as LocalSystem.
//
isService = TRUE;
}
qIsService:
if ( pServiceSid )
::FreeSid( pServiceSid );
if ( pInteractiveSid )
::FreeSid( pInteractiveSid );
if ( groupInfo )
::LocalFree( groupInfo );
if ( hProcessToken )
::CloseHandle( hProcessToken );
if( hProcess ) { CloseHandle( hProcess ); }
}
__except( EXCEPTION_EXECUTE_HANDLER, 1 )
{
hr = E_UNEXPECTED;
_ASSERTE(false);
}
//
// BUGBUG: If the function fails, we treat
// the process as an app
//
*pbIsService = isService;
return hr;
}