mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1242 lines
45 KiB
1242 lines
45 KiB
// --------------------------------------------------------------------------
|
|
// Module Name: BadApplicationManager.cpp
|
|
//
|
|
// Copyright (c) 2000, Microsoft Corporation
|
|
//
|
|
// Classes to manage bad applications in the fast user switching environment.
|
|
//
|
|
// History: 2000-08-25 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
#ifdef _X86_
|
|
|
|
#include "StandardHeader.h"
|
|
#include "BadApplicationManager.h"
|
|
|
|
#include <wtsapi32.h>
|
|
#include <winsta.h>
|
|
|
|
#include "GracefulTerminateApplication.h"
|
|
#include "RestoreApplication.h"
|
|
#include "SingleThreadedExecution.h"
|
|
#include "StatusCode.h"
|
|
#include "TokenInformation.h"
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::INDEX_EVENT
|
|
// CBadApplicationManager::INDEX_HANDLES
|
|
// CBadApplicationManager::INDEX_RESERVED
|
|
// CBadApplicationManager::s_szDefaultDesktop
|
|
//
|
|
// Purpose: Constant indicies into a HANDLE array passed to
|
|
// user32!MsgWaitForMultipleObjects. The first handle is always
|
|
// the synchronization event. Subsequent HANDLEs are built into
|
|
// a static ARRAY passed with the dynamic amount.
|
|
//
|
|
// History: 2000-08-25 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
const int CBadApplicationManager::INDEX_EVENT = 0;
|
|
const int CBadApplicationManager::INDEX_HANDLES = INDEX_EVENT + 1;
|
|
const int CBadApplicationManager::INDEX_RESERVED = 2;
|
|
const WCHAR CBadApplicationManager::s_szDefaultDesktop[] = L"WinSta0\\Default";
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::CBadApplicationManager
|
|
//
|
|
// Arguments: <none>
|
|
//
|
|
// Returns: <none>
|
|
//
|
|
// Purpose: Constructor for CBadApplicationManager. This creates a thread
|
|
// that watches HANDLEs in the bad application list. The watcher
|
|
// knows when the offending process dies. It also creates a
|
|
// synchronization event that is signalled when the array of
|
|
// bad applications changes (is incremented). The thread
|
|
// maintains removal cases.
|
|
//
|
|
// History: 2000-08-25 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
CBadApplicationManager::CBadApplicationManager (HINSTANCE hInstance) :
|
|
CThread(),
|
|
_hInstance(hInstance),
|
|
_hModule(NULL),
|
|
_atom(NULL),
|
|
_hwnd(NULL),
|
|
_fTerminateWatcherThread(false),
|
|
_fRegisteredNotification(false),
|
|
_dwSessionIDLastConnect(static_cast<DWORD>(-1)),
|
|
_hTokenLastUser(NULL),
|
|
_hEvent(NULL),
|
|
_badApplications(sizeof(BAD_APPLICATION_INFO)),
|
|
_restoreApplications()
|
|
|
|
{
|
|
Resume();
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::~CBadApplicationManager
|
|
//
|
|
// Arguments: <none>
|
|
//
|
|
// Returns: <none>
|
|
//
|
|
// Purpose: Destructor for CBadApplicationManager. Releases any resources
|
|
// used.
|
|
//
|
|
// History: 2000-08-25 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
CBadApplicationManager::~CBadApplicationManager (void)
|
|
|
|
{
|
|
|
|
// In case the token hasn't been released yet - release it.
|
|
|
|
ReleaseHandle(_hTokenLastUser);
|
|
Cleanup();
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::Terminate
|
|
//
|
|
// Arguments: <none>
|
|
//
|
|
// Returns: NTSTATUS
|
|
//
|
|
// Purpose: Forces the watcher thread to terminate. Acquire the lock. Walk
|
|
// the list of entries and release the HANDLE on the process
|
|
// objects so they don't leak. Set the bool to terminate the
|
|
// thread. Set the event to wake the thread up. Release the lock.
|
|
//
|
|
// History: 2000-08-25 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
NTSTATUS CBadApplicationManager::Terminate (void)
|
|
|
|
{
|
|
int i;
|
|
CSingleThreadedExecution listLock(_lock);
|
|
|
|
for (i = _badApplications.GetCount() - 1; i >= 0; --i)
|
|
{
|
|
BAD_APPLICATION_INFO badApplicationInfo;
|
|
|
|
if (NT_SUCCESS(_badApplications.Get(&badApplicationInfo, i)))
|
|
{
|
|
TBOOL(CloseHandle(badApplicationInfo.hProcess));
|
|
}
|
|
_badApplications.Remove(i);
|
|
}
|
|
_fTerminateWatcherThread = true;
|
|
return(_hEvent.Set());
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::QueryRunning
|
|
//
|
|
// Arguments: badApplication = Bad application identifier to query.
|
|
// dwSessionID = Session ID of the request.
|
|
//
|
|
// Returns: bool
|
|
//
|
|
// Purpose: Queries the current running known bad applications list
|
|
// looking for a match. Again because this typically runs on a
|
|
// different thread to the watcher thread access to the list is
|
|
// protected by a critical section.
|
|
//
|
|
// History: 2000-08-25 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
bool CBadApplicationManager::QueryRunning (const CBadApplication& badApplication, DWORD dwSessionID)
|
|
|
|
{
|
|
bool fResult;
|
|
NTSTATUS status;
|
|
int i;
|
|
CSingleThreadedExecution listLock(_lock);
|
|
|
|
status = STATUS_SUCCESS;
|
|
fResult = false;
|
|
|
|
// Loop looking for a match. This uses the overloaded operator ==.
|
|
|
|
for (i = _badApplications.GetCount() - 1; !fResult && (i >= 0); --i)
|
|
{
|
|
BAD_APPLICATION_INFO badApplicationInfo;
|
|
|
|
status = _badApplications.Get(&badApplicationInfo, i);
|
|
if (NT_SUCCESS(status))
|
|
{
|
|
|
|
// Make sure the client is not in the same session as the running
|
|
// bad application. This API exists to prevent cross session instances.
|
|
// It's assumed that applications have their own mechanisms for multiple
|
|
// instances in the same session (or object name space).
|
|
|
|
fResult = ((badApplicationInfo.dwSessionID != dwSessionID) &&
|
|
(badApplicationInfo.badApplication == badApplication));
|
|
}
|
|
}
|
|
TSTATUS(status);
|
|
return(fResult);
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::RegisterRunning
|
|
//
|
|
// Arguments: badApplication = Bad application identifier to add.
|
|
// hProcess = HANDLE to the process.
|
|
//
|
|
// Returns: NTSTATUS
|
|
//
|
|
// Purpose: Adds the given bad application to the known running list. The
|
|
// process object is added as well so that when the process
|
|
// terminates it can be cleaned up out of the list.
|
|
//
|
|
// Access to the bad application list is serialized with a
|
|
// critical section. This is important because the thread
|
|
// watching for termination always run on a different thread to
|
|
// the thread on which this function executes. Because they both
|
|
// access the same member variables this must be protected with
|
|
// a critical section.
|
|
//
|
|
// History: 2000-08-25 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
NTSTATUS CBadApplicationManager::RegisterRunning (const CBadApplication& badApplication, HANDLE hProcess, BAM_TYPE bamType)
|
|
|
|
{
|
|
NTSTATUS status;
|
|
CSingleThreadedExecution listLock(_lock);
|
|
|
|
ASSERTMSG((bamType > BAM_TYPE_MINIMUM) && (bamType < BAM_TYPE_MAXIMUM), "Invalid BAM_TYPE value passed to CBadApplicationManager::AddRunning");
|
|
|
|
// Have we reached the maximum number of wait object allowed? If not
|
|
// then proceed to add this. Otherwise reject the call. This is a
|
|
// hard coded limit in the kernel so we abide by it.
|
|
|
|
if (_badApplications.GetCount() < (MAXIMUM_WAIT_OBJECTS - INDEX_RESERVED))
|
|
{
|
|
BOOL fResult;
|
|
BAD_APPLICATION_INFO badApplicationInfo;
|
|
|
|
// Duplicate the HANDLE with SYNCHRONIZE access. That's
|
|
// all we need to call the wait function.
|
|
|
|
fResult = DuplicateHandle(GetCurrentProcess(),
|
|
hProcess,
|
|
GetCurrentProcess(),
|
|
&badApplicationInfo.hProcess,
|
|
SYNCHRONIZE | PROCESS_QUERY_INFORMATION,
|
|
FALSE,
|
|
0);
|
|
if (fResult != FALSE)
|
|
{
|
|
PROCESS_SESSION_INFORMATION processSessionInformation;
|
|
ULONG ulReturnLength;
|
|
|
|
// Add the information to the list.
|
|
|
|
badApplicationInfo.bamType = bamType;
|
|
badApplicationInfo.badApplication = badApplication;
|
|
status = NtQueryInformationProcess(badApplicationInfo.hProcess,
|
|
ProcessSessionInformation,
|
|
&processSessionInformation,
|
|
sizeof(processSessionInformation),
|
|
&ulReturnLength);
|
|
if (NT_SUCCESS(status))
|
|
{
|
|
badApplicationInfo.dwSessionID = processSessionInformation.SessionId;
|
|
status = _badApplications.Add(&badApplicationInfo);
|
|
if (NT_SUCCESS(status))
|
|
{
|
|
status = _hEvent.Set();
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
status = CStatusCode::StatusCodeOfLastError();
|
|
}
|
|
}
|
|
else
|
|
{
|
|
status = STATUS_UNSUCCESSFUL;
|
|
}
|
|
return(status);
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::QueryInformation
|
|
//
|
|
// Arguments: badApplication = Bad application identifier to query.
|
|
// hProcess = Handle to running process.
|
|
//
|
|
// Returns: NTSTATUS
|
|
//
|
|
// Purpose: Finds the given application in the running bad application
|
|
// list and returns a duplicated handle to the caller.
|
|
//
|
|
// History: 2000-08-25 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
NTSTATUS CBadApplicationManager::QueryInformation (const CBadApplication& badApplication, HANDLE& hProcess)
|
|
|
|
{
|
|
NTSTATUS status;
|
|
bool fResult;
|
|
int i;
|
|
CSingleThreadedExecution listLock(_lock);
|
|
|
|
// Assume failure
|
|
|
|
hProcess = NULL;
|
|
status = STATUS_OBJECT_NAME_NOT_FOUND;
|
|
|
|
fResult = false;
|
|
|
|
// Loop looking for a match. This uses the overloaded operator ==.
|
|
|
|
for (i = _badApplications.GetCount() - 1; !fResult && (i >= 0); --i)
|
|
{
|
|
BAD_APPLICATION_INFO badApplicationInfo;
|
|
|
|
if (NT_SUCCESS(_badApplications.Get(&badApplicationInfo, i)))
|
|
{
|
|
|
|
// Make sure the client is not in the same session as the running
|
|
// bad application. This API exists to prevent cross session instances.
|
|
// It's assumed that applications have their own mechanisms for multiple
|
|
// instances in the same session (or object name space).
|
|
|
|
fResult = (badApplicationInfo.badApplication == badApplication);
|
|
if (fResult)
|
|
{
|
|
if (DuplicateHandle(GetCurrentProcess(),
|
|
badApplicationInfo.hProcess,
|
|
GetCurrentProcess(),
|
|
&hProcess,
|
|
0,
|
|
FALSE,
|
|
DUPLICATE_SAME_ACCESS) != FALSE)
|
|
{
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
else
|
|
{
|
|
status = CStatusCode::StatusCodeOfLastError();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return(status);
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::RequestSwitchUser
|
|
//
|
|
// Arguments: <none>
|
|
//
|
|
// Returns: NTSTATUS
|
|
//
|
|
// Purpose: Execute terminate of BAM_TYPE_SWITCH_USER. These appications
|
|
// are really poorly behaved. A good example is a DVD player
|
|
// which bypasses GDI and draws directly into the VGA stream.
|
|
//
|
|
// Try to kill these and reject the request if it fails.
|
|
//
|
|
// History: 2000-11-02 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
NTSTATUS CBadApplicationManager::RequestSwitchUser (void)
|
|
|
|
{
|
|
NTSTATUS status;
|
|
int i;
|
|
|
|
// Walk the _badApplications list.
|
|
|
|
status = STATUS_SUCCESS;
|
|
_lock.Acquire();
|
|
i = _badApplications.GetCount() - 1;
|
|
while (NT_SUCCESS(status) && (i >= 0))
|
|
{
|
|
BAD_APPLICATION_INFO badApplicationInfo;
|
|
|
|
if (NT_SUCCESS(_badApplications.Get(&badApplicationInfo, i)))
|
|
{
|
|
|
|
// Look for BAM_TYPE_SWITCH_USER processes. It doesn't matter
|
|
// what session ID is tagged. This process is getting terminated.
|
|
|
|
if (badApplicationInfo.bamType == BAM_TYPE_SWITCH_USER)
|
|
{
|
|
|
|
// In any case release the lock, kill the process
|
|
// remove it from the watch list. Then reset the
|
|
// index back to the end of the list. Make sure to
|
|
// account for the "--i;" instruction below by not
|
|
// decrementing by 1.
|
|
|
|
_lock.Release();
|
|
status = PerformTermination(badApplicationInfo.hProcess, false);
|
|
_lock.Acquire();
|
|
i = _badApplications.GetCount();
|
|
}
|
|
}
|
|
--i;
|
|
}
|
|
_lock.Release();
|
|
return(status);
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::PerformTermination
|
|
//
|
|
// Arguments: hProcess = Handle to running process.
|
|
//
|
|
// Returns: NTSTATUS
|
|
//
|
|
// Purpose: Terminates the given process. This is a common routine used
|
|
// by both the internal wait thread of this class as well as
|
|
// externally by bad application server itself.
|
|
//
|
|
// History: 2000-10-23 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
NTSTATUS CBadApplicationManager::PerformTermination (HANDLE hProcess, bool fAllowForceTerminate)
|
|
|
|
{
|
|
NTSTATUS status;
|
|
|
|
status = TerminateGracefully(hProcess);
|
|
if (!NT_SUCCESS(status) && fAllowForceTerminate)
|
|
{
|
|
status = TerminateForcibly(hProcess);
|
|
}
|
|
return(status);
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::Entry
|
|
//
|
|
// Arguments: <none>
|
|
//
|
|
// Returns: DWORD
|
|
//
|
|
// Purpose: Watcher thread for process objects. This thread builds the
|
|
// array of proces handles to wait on as well as including the
|
|
// synchronization event that gets signaled by the Add member
|
|
// function. When that event is signaled the wait is re-executed
|
|
// with the new array of objects to wait on.
|
|
//
|
|
// When a process object is signaled it is cleared out of the
|
|
// known list to allow further creates to succeed.
|
|
//
|
|
// Acquisition of the critical section is carefully placed in
|
|
// this function so that the critical section is not held when
|
|
// the wait call is made.
|
|
//
|
|
// Added to this is a window and a message pump to enable
|
|
// listening for session notifications from terminal server.
|
|
//
|
|
// History: 2000-08-25 vtan created
|
|
// 2000-10-23 vtan added HWND message pump mechanism
|
|
// --------------------------------------------------------------------------
|
|
|
|
DWORD CBadApplicationManager::Entry (void)
|
|
|
|
{
|
|
WNDCLASSEX wndClassEx;
|
|
|
|
// Register this window class.
|
|
|
|
ZeroMemory(&wndClassEx, sizeof(wndClassEx));
|
|
wndClassEx.cbSize = sizeof(WNDCLASSEX);
|
|
wndClassEx.lpfnWndProc = NotificationWindowProc;
|
|
wndClassEx.hInstance = _hInstance;
|
|
wndClassEx.lpszClassName = TEXT("BadApplicationNotificationWindowClass");
|
|
_atom = RegisterClassEx(&wndClassEx);
|
|
|
|
// Create the notification window
|
|
|
|
_hwnd = CreateWindow(MAKEINTRESOURCE(_atom),
|
|
TEXT("BadApplicationNotificationWindow"),
|
|
WS_OVERLAPPED,
|
|
0, 0,
|
|
0, 0,
|
|
NULL,
|
|
NULL,
|
|
_hInstance,
|
|
this);
|
|
|
|
if (_hwnd != NULL)
|
|
{
|
|
_fRegisteredNotification = (WinStationRegisterConsoleNotification(SERVERNAME_CURRENT, _hwnd, NOTIFY_FOR_ALL_SESSIONS) != FALSE);
|
|
if (!_fRegisteredNotification)
|
|
{
|
|
_hModule = LoadLibrary(TEXT("shsvcs.dll"));
|
|
if (_hModule != NULL)
|
|
{
|
|
DWORD dwThreadID;
|
|
HANDLE hThread;
|
|
|
|
// If the register fails then create a thread to wait on the event
|
|
// and then register onces it's available. If the thread cannot be
|
|
// created it's no biggy. The notification mechanism fails and the
|
|
// welcome screen isn't updated.
|
|
|
|
AddRef();
|
|
hThread = CreateThread(NULL,
|
|
0,
|
|
RegisterThreadProc,
|
|
this,
|
|
0,
|
|
&dwThreadID);
|
|
if (hThread != NULL)
|
|
{
|
|
TBOOL(CloseHandle(hThread));
|
|
}
|
|
else
|
|
{
|
|
Release();
|
|
TBOOL(FreeLibrary(_hModule));
|
|
_hModule = NULL;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Acquire the lock. This is necessary because to fill the array of
|
|
// handles to wait on requires access to the internal list.
|
|
|
|
_lock.Acquire();
|
|
do
|
|
{
|
|
DWORD dwWaitResult;
|
|
int i, iLimit;
|
|
BAD_APPLICATION_INFO badApplicationInfo;
|
|
HANDLE hArray[MAXIMUM_WAIT_OBJECTS];
|
|
|
|
ZeroMemory(&hArray, sizeof(hArray));
|
|
hArray[INDEX_EVENT] = _hEvent;
|
|
iLimit = _badApplications.GetCount();
|
|
for (i = 0; i < iLimit; ++i)
|
|
{
|
|
if (NT_SUCCESS(_badApplications.Get(&badApplicationInfo, i)))
|
|
{
|
|
hArray[INDEX_HANDLES + i] = badApplicationInfo.hProcess;
|
|
}
|
|
}
|
|
|
|
// Release the lock before we enter the wait state.
|
|
// Wait on ANY of the objects to be signaled.
|
|
|
|
_lock.Release();
|
|
dwWaitResult = MsgWaitForMultipleObjects(INDEX_HANDLES + iLimit,
|
|
hArray,
|
|
FALSE,
|
|
INFINITE,
|
|
QS_ALLINPUT);
|
|
ASSERTMSG(dwWaitResult != WAIT_FAILED, "WaitForMultipleObjects failed in CBadApplicationManager::Entry");
|
|
|
|
// We were woken up by an object being signaled. Is this the
|
|
// synchronization object?
|
|
|
|
dwWaitResult -= WAIT_OBJECT_0;
|
|
if (dwWaitResult == INDEX_EVENT)
|
|
{
|
|
|
|
// Yes. Acquire the lock. Reset the synchronization event. It's
|
|
// important to acquire the lock before resetting the event because
|
|
// the Add function could have the lock and be adding to the list.
|
|
// Once the Add function releases the lock it cannot signal the event.
|
|
// Otherwise we could reset the event during the Add function adding
|
|
// a new object and this would be missed.
|
|
|
|
_lock.Acquire();
|
|
TSTATUS(_hEvent.Reset());
|
|
}
|
|
|
|
// No. Is this a message that requires dispatching as part of the
|
|
// message pump?
|
|
|
|
else if (dwWaitResult == WAIT_OBJECT_0 + INDEX_HANDLES + static_cast<DWORD>(iLimit))
|
|
{
|
|
|
|
// Yes. Remove the message from the message queue and dispatch it.
|
|
|
|
MSG msg;
|
|
|
|
if (PeekMessage(&msg, NULL, 0, 0, PM_REMOVE) != FALSE)
|
|
{
|
|
(BOOL)TranslateMessage(&msg);
|
|
(LRESULT)DispatchMessage(&msg);
|
|
}
|
|
_lock.Acquire();
|
|
}
|
|
else
|
|
{
|
|
|
|
// No. One of the bad applications we are watching has terminated
|
|
// and its proces object is now signaled. Go to the correct index
|
|
// in the array. Acquire the lock. Close the HANDLE. It's not needed
|
|
// anymore. Then remove the entry from the list.
|
|
|
|
dwWaitResult -= INDEX_HANDLES;
|
|
_lock.Acquire();
|
|
if (NT_SUCCESS(_badApplications.Get(&badApplicationInfo, dwWaitResult)))
|
|
{
|
|
TBOOL(CloseHandle(badApplicationInfo.hProcess));
|
|
}
|
|
TSTATUS(_badApplications.Remove(dwWaitResult));
|
|
}
|
|
|
|
// At this point we still hold the lock. This is important because the top
|
|
// of the loop expects the lock to be held to build the HANDLE array.
|
|
|
|
} while (!_fTerminateWatcherThread);
|
|
|
|
// Clean up stuff that happened on this thread.
|
|
|
|
Cleanup();
|
|
|
|
// If we here then the thread is being terminated for some reason.
|
|
// Release the lock. It doesn't matter what happens now anyway.
|
|
|
|
_lock.Release();
|
|
return(0);
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::TerminateForcibly
|
|
//
|
|
// Arguments: hProcess = Process to terminate.
|
|
//
|
|
// Returns: NTSTATUS
|
|
//
|
|
// Purpose: Inject a user mode thread into the process which calls
|
|
// kernel32!ExitProcess. If the thread injection fails then fall
|
|
// back to kernel32!TerminatProcess to force in.
|
|
//
|
|
// History: 2000-10-27 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
NTSTATUS CBadApplicationManager::TerminateForcibly (HANDLE hProcess)
|
|
|
|
{
|
|
NTSTATUS status;
|
|
HANDLE hProcessTerminate;
|
|
|
|
// Duplicate the process handle and request all the access required
|
|
// to create a remote thread in the process.
|
|
|
|
if (DuplicateHandle(GetCurrentProcess(),
|
|
hProcess,
|
|
GetCurrentProcess(),
|
|
&hProcessTerminate,
|
|
SYNCHRONIZE | PROCESS_TERMINATE | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE,
|
|
FALSE,
|
|
0) != FALSE)
|
|
{
|
|
DWORD dwWaitResult;
|
|
HANDLE hThread, hWaitArray[2];
|
|
|
|
// Go and create the remote thread that immediately turns
|
|
// around and calls kernel32!ExitProcess. This allows
|
|
// a clean process shutdown to occur. If this times out
|
|
// then kill the process with terminate process.
|
|
|
|
status = RtlCreateUserThread(hProcessTerminate,
|
|
NULL,
|
|
FALSE,
|
|
0,
|
|
0,
|
|
0,
|
|
reinterpret_cast<PUSER_THREAD_START_ROUTINE>(ExitProcess),
|
|
NULL,
|
|
&hThread,
|
|
NULL);
|
|
if (NT_SUCCESS(status))
|
|
{
|
|
|
|
hWaitArray[0] = hThread;
|
|
hWaitArray[1] = hProcessTerminate;
|
|
dwWaitResult = WaitForMultipleObjects(ARRAYSIZE(hWaitArray),
|
|
hWaitArray,
|
|
TRUE,
|
|
5000);
|
|
TBOOL(CloseHandle(hThread));
|
|
if (dwWaitResult != WAIT_TIMEOUT)
|
|
{
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
else
|
|
{
|
|
status = STATUS_TIMEOUT;
|
|
}
|
|
}
|
|
if (status != STATUS_SUCCESS)
|
|
{
|
|
if (TerminateProcess(hProcessTerminate, 0) != FALSE)
|
|
{
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
else
|
|
{
|
|
status = CStatusCode::StatusCodeOfLastError();
|
|
}
|
|
}
|
|
TBOOL(CloseHandle(hProcessTerminate));
|
|
}
|
|
else
|
|
{
|
|
status = CStatusCode::StatusCodeOfLastError();
|
|
}
|
|
return(status);
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::TerminateGracefully
|
|
//
|
|
// Arguments: hProcess = Process to terminate.
|
|
//
|
|
// Returns: NTSTATUS
|
|
//
|
|
// Purpose: Creates a rundll32 process on the session of the target
|
|
// process in WinSta0\Default which will re-enter this dll and
|
|
// call the "terminate" functionality. This allows the process to
|
|
// walk the window list corresponding to that session and send
|
|
// those windows close messages and wait for graceful
|
|
// termination.
|
|
//
|
|
// History: 2000-10-24 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
NTSTATUS CBadApplicationManager::TerminateGracefully (HANDLE hProcess)
|
|
|
|
{
|
|
NTSTATUS status;
|
|
ULONG ulReturnLength;
|
|
PROCESS_BASIC_INFORMATION processBasicInformation;
|
|
|
|
status = NtQueryInformationProcess(hProcess,
|
|
ProcessBasicInformation,
|
|
&processBasicInformation,
|
|
sizeof(processBasicInformation),
|
|
&ulReturnLength);
|
|
if (NT_SUCCESS(status))
|
|
{
|
|
HANDLE hToken;
|
|
|
|
if (OpenProcessToken(hProcess,
|
|
TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY,
|
|
&hToken) != FALSE)
|
|
{
|
|
STARTUPINFOW startupInfo;
|
|
PROCESS_INFORMATION processInformation;
|
|
WCHAR szCommandLine[MAX_PATH];
|
|
|
|
ZeroMemory(&startupInfo, sizeof(startupInfo));
|
|
ZeroMemory(&processInformation, sizeof(processInformation));
|
|
startupInfo.cb = sizeof(startupInfo);
|
|
startupInfo.lpDesktop = const_cast<WCHAR*>(s_szDefaultDesktop);
|
|
wsprintfW(szCommandLine, L"rundll32 shsvcs.dll,FUSCompatibilityEntry terminate %d", static_cast<DWORD>(processBasicInformation.UniqueProcessId));
|
|
if (CreateProcessAsUserW(hToken,
|
|
NULL,
|
|
szCommandLine,
|
|
NULL,
|
|
NULL,
|
|
FALSE,
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
&startupInfo,
|
|
&processInformation) != FALSE)
|
|
{
|
|
DWORD dwWaitResult;
|
|
HANDLE hArray[2];
|
|
|
|
// Assume that this whole thing failed.
|
|
|
|
status = STATUS_UNSUCCESSFUL;
|
|
TBOOL(CloseHandle(processInformation.hThread));
|
|
|
|
// Wait on both process objects. If the process to be terminated
|
|
// is signaled then the rundll32 stub did its job. If the rundll32
|
|
// stub is signaled then find out what its exit code is and either
|
|
// continue waiting on the process to be terminated or return back
|
|
// a code to the caller indicating success or failure. Failure
|
|
// forces the process to be terminated abruptly.
|
|
|
|
hArray[0] = hProcess;
|
|
hArray[1] = processInformation.hProcess;
|
|
dwWaitResult = WaitForMultipleObjects(ARRAYSIZE(hArray),
|
|
hArray,
|
|
FALSE,
|
|
10000);
|
|
|
|
// If the process to be terminated is signaled then we're done.
|
|
|
|
if (dwWaitResult == WAIT_OBJECT_0)
|
|
{
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
|
|
// If the rundll32 stub is signaled then find out what it found.
|
|
|
|
else if (dwWaitResult == WAIT_OBJECT_0 + 1)
|
|
{
|
|
DWORD dwExitCode;
|
|
|
|
dwExitCode = STILL_ACTIVE;
|
|
if (GetExitCodeProcess(processInformation.hProcess, &dwExitCode) != FALSE)
|
|
{
|
|
ASSERTMSG((dwExitCode == CGracefulTerminateApplication::NO_WINDOWS_FOUND) || (dwExitCode == CGracefulTerminateApplication::WAIT_WINDOWS_FOUND), "Unexpected process exit code in CBadApplicationManager::TerminateGracefully");
|
|
|
|
// If the rundll32 stub says it found some windows then
|
|
// wait for the process to terminate itself.
|
|
|
|
if (dwExitCode == CGracefulTerminateApplication::WAIT_WINDOWS_FOUND)
|
|
{
|
|
|
|
// If the process terminates within the timeout period
|
|
// then we're done.
|
|
|
|
if (WaitForSingleObject(hProcess, 10000) == WAIT_OBJECT_0)
|
|
{
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
TBOOL(CloseHandle(processInformation.hProcess));
|
|
}
|
|
else
|
|
{
|
|
status = CStatusCode::StatusCodeOfLastError();
|
|
}
|
|
TBOOL(CloseHandle(hToken));
|
|
}
|
|
else
|
|
{
|
|
status = CStatusCode::StatusCodeOfLastError();
|
|
}
|
|
}
|
|
return(status);
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::Cleanup
|
|
//
|
|
// Arguments: <none>
|
|
//
|
|
// Returns: <none>
|
|
//
|
|
// Purpose: Releases used resources in the class. Used by both the
|
|
// constructor and the thread - whoever wins.
|
|
//
|
|
// History: 2000-12-12 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
void CBadApplicationManager::Cleanup (void)
|
|
|
|
{
|
|
if (_fRegisteredNotification)
|
|
{
|
|
(BOOL)WinStationUnRegisterConsoleNotification(SERVERNAME_CURRENT, _hwnd);
|
|
_fRegisteredNotification = false;
|
|
}
|
|
if (_hwnd != NULL)
|
|
{
|
|
TBOOL(DestroyWindow(_hwnd));
|
|
_hwnd = NULL;
|
|
}
|
|
if (_atom != 0)
|
|
{
|
|
TBOOL(UnregisterClass(MAKEINTRESOURCE(_atom), _hInstance));
|
|
_atom = 0;
|
|
}
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::Handle_Logon
|
|
//
|
|
// Arguments: <none>
|
|
//
|
|
// Returns: <none>
|
|
//
|
|
// Purpose: Nothing at present.
|
|
//
|
|
// History: 2000-10-24 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
void CBadApplicationManager::Handle_Logon (void)
|
|
|
|
{
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::Handle_Logoff
|
|
//
|
|
// Arguments: dwSessionID = Session ID that is logging off.
|
|
//
|
|
// Returns: <none>
|
|
//
|
|
// Purpose: Remove any restore processes we have in the list. The user
|
|
// is logging off so they shouldn't come back. Releases the last
|
|
// user to actively connect to the machine.
|
|
//
|
|
// History: 2000-10-24 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
void CBadApplicationManager::Handle_Logoff (DWORD dwSessionID)
|
|
|
|
{
|
|
int i;
|
|
CSingleThreadedExecution listLock(_lock);
|
|
|
|
for (i = _restoreApplications.GetCount() - 1; i >= 0; --i)
|
|
{
|
|
CRestoreApplication *pRestoreApplication;
|
|
|
|
pRestoreApplication = static_cast<CRestoreApplication*>(_restoreApplications.Get(i));
|
|
if ((pRestoreApplication != NULL) &&
|
|
pRestoreApplication->IsEqualSessionID(dwSessionID))
|
|
{
|
|
TSTATUS(_restoreApplications.Remove(i));
|
|
}
|
|
}
|
|
ReleaseHandle(_hTokenLastUser);
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::Handle_Connect
|
|
//
|
|
// Arguments: dwSessionID = Session ID connecting.
|
|
// hToken = Handle to token of user connecting.
|
|
//
|
|
// Returns: <none>
|
|
//
|
|
// Purpose: Handles BAM3. This is the save for restoration all processes
|
|
// that use resources that aren't easily shared and restore all
|
|
// processes that were saved which aren't easily shared.
|
|
//
|
|
// It's optimized for not closing the processes of the same user
|
|
// should that user re-connect. This allows the screen saver to
|
|
// kick in and return to welcome without killing the user's
|
|
// processes unnecessarily.
|
|
//
|
|
// Also handles BAM4.
|
|
//
|
|
// History: 2000-10-24 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
void CBadApplicationManager::Handle_Connect (DWORD dwSessionID, HANDLE hToken)
|
|
|
|
{
|
|
if ((_hTokenLastUser != NULL) && (hToken != NULL))
|
|
{
|
|
PSID pSIDLastUser, pSIDCurrentUser;
|
|
CTokenInformation tokenLastUser(_hTokenLastUser);
|
|
CTokenInformation tokenCurrentUser(hToken);
|
|
|
|
pSIDLastUser = tokenLastUser.GetUserSID();
|
|
pSIDCurrentUser = tokenCurrentUser.GetUserSID();
|
|
if ((pSIDLastUser != NULL) && (pSIDCurrentUser != NULL) && !EqualSid(pSIDLastUser, pSIDCurrentUser))
|
|
{
|
|
int i;
|
|
DWORD dwSessionIDMatch;
|
|
ULONG ulReturnLength;
|
|
CRestoreApplication *pRestoreApplication;
|
|
|
|
if (NT_SUCCESS(NtQueryInformationToken(_hTokenLastUser,
|
|
TokenSessionId,
|
|
&dwSessionIDMatch,
|
|
sizeof(dwSessionIDMatch),
|
|
&ulReturnLength)))
|
|
{
|
|
|
|
// Walk the _badApplications list.
|
|
|
|
_lock.Acquire();
|
|
i = _badApplications.GetCount() - 1;
|
|
while (i >= 0)
|
|
{
|
|
BAD_APPLICATION_INFO badApplicationInfo;
|
|
|
|
if (NT_SUCCESS(_badApplications.Get(&badApplicationInfo, i)))
|
|
{
|
|
bool fTerminateProcess;
|
|
|
|
fTerminateProcess = false;
|
|
|
|
// Look for BAM_TYPE_SWITCH_TO_NEW_USER_WITH_RESTORE processes
|
|
// which have token session IDs that match the _hTokenLastUser
|
|
// session ID. These processes must be terminated and added to
|
|
// a list to be restarted on reconnection.
|
|
|
|
if ((badApplicationInfo.bamType == BAM_TYPE_SWITCH_TO_NEW_USER_WITH_RESTORE) &&
|
|
(badApplicationInfo.dwSessionID == dwSessionIDMatch))
|
|
{
|
|
pRestoreApplication = new CRestoreApplication;
|
|
if (pRestoreApplication != NULL)
|
|
{
|
|
if (NT_SUCCESS(pRestoreApplication->GetInformation(badApplicationInfo.hProcess)))
|
|
{
|
|
TSTATUS(_restoreApplications.Add(pRestoreApplication));
|
|
fTerminateProcess = true;
|
|
}
|
|
pRestoreApplication->Release();
|
|
}
|
|
}
|
|
|
|
// Look for BAM_TYPE_SWITCH_TO_NEW_USER (even though this is
|
|
// a connect/reconnect). Always kill these processes.
|
|
|
|
if (badApplicationInfo.bamType == BAM_TYPE_SWITCH_TO_NEW_USER)
|
|
{
|
|
fTerminateProcess = true;
|
|
}
|
|
if (fTerminateProcess)
|
|
{
|
|
|
|
// In any case release the lock, kill the process
|
|
// remove it from the watch list. Then reset the
|
|
// index back to the end of the list. Make sure to
|
|
// account for the "--i;" instruction below by not
|
|
// decrementing by 1.
|
|
|
|
_lock.Release();
|
|
TSTATUS(PerformTermination(badApplicationInfo.hProcess, true));
|
|
_lock.Acquire();
|
|
TBOOL(CloseHandle(badApplicationInfo.hProcess));
|
|
TSTATUS(_badApplications.Remove(i));
|
|
i = _badApplications.GetCount();
|
|
}
|
|
}
|
|
--i;
|
|
}
|
|
_lock.Release();
|
|
}
|
|
|
|
// Now walk the restore list looking for matches against the
|
|
// connecting session ID. Restore these processes.
|
|
|
|
_lock.Acquire();
|
|
i = _restoreApplications.GetCount() - 1;
|
|
while (i >= 0)
|
|
{
|
|
pRestoreApplication = static_cast<CRestoreApplication*>(_restoreApplications.Get(i));
|
|
if ((pRestoreApplication != NULL) &&
|
|
pRestoreApplication->IsEqualSessionID(dwSessionID))
|
|
{
|
|
HANDLE hProcess;
|
|
|
|
_lock.Release();
|
|
if (NT_SUCCESS(pRestoreApplication->Restore(&hProcess)))
|
|
{
|
|
CBadApplication badApplication(pRestoreApplication->GetCommandLine());
|
|
|
|
TBOOL(CloseHandle(hProcess));
|
|
}
|
|
_lock.Acquire();
|
|
TSTATUS(_restoreApplications.Remove(i));
|
|
i = _restoreApplications.GetCount();
|
|
}
|
|
--i;
|
|
}
|
|
_lock.Release();
|
|
}
|
|
}
|
|
if (hToken != NULL)
|
|
{
|
|
_dwSessionIDLastConnect = static_cast<DWORD>(-1);
|
|
}
|
|
else
|
|
{
|
|
_dwSessionIDLastConnect = dwSessionID;
|
|
}
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::Handle_Disconnect
|
|
//
|
|
// Arguments: dwSessionID = Session ID that is disconnecting.
|
|
// hToken = Token of the user disconnecting.
|
|
//
|
|
// Returns: <none>
|
|
//
|
|
// Purpose: If the session isn't the same as the last connected session
|
|
// then release the last user token and save the current one.
|
|
//
|
|
// History: 2000-10-24 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
void CBadApplicationManager::Handle_Disconnect (DWORD dwSessionID, HANDLE hToken)
|
|
|
|
{
|
|
if (_dwSessionIDLastConnect != dwSessionID)
|
|
{
|
|
ReleaseHandle(_hTokenLastUser);
|
|
if (hToken != NULL)
|
|
{
|
|
TBOOL(DuplicateHandle(GetCurrentProcess(),
|
|
hToken,
|
|
GetCurrentProcess(),
|
|
&_hTokenLastUser,
|
|
0,
|
|
FALSE,
|
|
DUPLICATE_SAME_ACCESS));
|
|
}
|
|
}
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::Handle_WM_WTSSESSION_CHANGE
|
|
//
|
|
// Arguments: wParam = Type of session change.
|
|
// lParam = Pointer to WTSSESSION_NOTIFICATION struct.
|
|
//
|
|
// Returns: LRESULT
|
|
//
|
|
// Purpose: Handles WM_WTSSESSION_CHANGE messages.
|
|
//
|
|
// History: 2000-10-23 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
LRESULT CBadApplicationManager::Handle_WM_WTSSESSION_CHANGE (WPARAM wParam, LPARAM lParam)
|
|
|
|
{
|
|
ULONG ulReturnLength;
|
|
WINSTATIONUSERTOKEN winStationUserToken;
|
|
|
|
winStationUserToken.ProcessId = reinterpret_cast<HANDLE>(GetCurrentProcessId());
|
|
winStationUserToken.ThreadId = reinterpret_cast<HANDLE>(GetCurrentThreadId());
|
|
winStationUserToken.UserToken = NULL;
|
|
(BOOLEAN)WinStationQueryInformation(SERVERNAME_CURRENT,
|
|
lParam,
|
|
WinStationUserToken,
|
|
&winStationUserToken,
|
|
sizeof(winStationUserToken),
|
|
&ulReturnLength);
|
|
switch (wParam)
|
|
{
|
|
case WTS_SESSION_LOGOFF:
|
|
Handle_Logoff(lParam);
|
|
break;
|
|
case WTS_SESSION_LOGON:
|
|
Handle_Logon();
|
|
// Fall thru to connect case.
|
|
case WTS_CONSOLE_CONNECT:
|
|
case WTS_REMOTE_CONNECT:
|
|
Handle_Connect(lParam, winStationUserToken.UserToken);
|
|
break;
|
|
case WTS_CONSOLE_DISCONNECT:
|
|
case WTS_REMOTE_DISCONNECT:
|
|
Handle_Disconnect(lParam, winStationUserToken.UserToken);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
if (winStationUserToken.UserToken != NULL)
|
|
{
|
|
TBOOL(CloseHandle(winStationUserToken.UserToken));
|
|
}
|
|
return(1);
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::NotificationWindowProc
|
|
//
|
|
// Arguments: See the platform SDK under WindowProc.
|
|
//
|
|
// Returns: LRESULT
|
|
//
|
|
// Purpose: Handles messages for the Notification window.
|
|
//
|
|
// History: 2000-10-23 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
LRESULT CALLBACK CBadApplicationManager::NotificationWindowProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
|
|
|
|
{
|
|
LRESULT lResult;
|
|
CBadApplicationManager *pThis;
|
|
|
|
pThis = reinterpret_cast<CBadApplicationManager*>(GetWindowLongPtr(hwnd, GWLP_USERDATA));
|
|
switch (uMsg)
|
|
{
|
|
case WM_CREATE:
|
|
{
|
|
CREATESTRUCT *pCreateStruct;
|
|
|
|
pCreateStruct = reinterpret_cast<CREATESTRUCT*>(lParam);
|
|
(LONG_PTR)SetWindowLongPtr(hwnd, GWLP_USERDATA, reinterpret_cast<LONG_PTR>(pCreateStruct->lpCreateParams));
|
|
lResult = 0;
|
|
break;
|
|
}
|
|
case WM_WTSSESSION_CHANGE:
|
|
lResult = pThis->Handle_WM_WTSSESSION_CHANGE(wParam, lParam);
|
|
break;
|
|
default:
|
|
lResult = DefWindowProc(hwnd, uMsg, wParam, lParam);
|
|
break;
|
|
}
|
|
return(lResult);
|
|
}
|
|
|
|
// --------------------------------------------------------------------------
|
|
// CBadApplicationManager::RegisterThreadProc
|
|
//
|
|
// Arguments: pParameter = Object pointer.
|
|
//
|
|
// Returns: DWORD
|
|
//
|
|
// Purpose: Opens the TermSrvReadyEvent and waits on it. Once ready it
|
|
// registers for a notifications.
|
|
//
|
|
// History: 2000-10-23 vtan created
|
|
// --------------------------------------------------------------------------
|
|
|
|
DWORD WINAPI CBadApplicationManager::RegisterThreadProc (void *pParameter)
|
|
|
|
{
|
|
int iCounter;
|
|
HANDLE hTermSrvReadyEvent;
|
|
HMODULE hModule;
|
|
CBadApplicationManager *pThis;
|
|
|
|
pThis = reinterpret_cast<CBadApplicationManager*>(pParameter);
|
|
hModule = pThis->_hModule;
|
|
ASSERTMSG(hModule != NULL, "NULL HMODULE in CBadApplicationManager::RegisterThreadProc");
|
|
iCounter = 0;
|
|
hTermSrvReadyEvent = OpenEvent(SYNCHRONIZE,
|
|
FALSE,
|
|
TEXT("TermSrvReadyEvent"));
|
|
while ((hTermSrvReadyEvent == NULL) && (iCounter < 60))
|
|
{
|
|
++iCounter;
|
|
Sleep(1000);
|
|
hTermSrvReadyEvent = OpenEvent(SYNCHRONIZE,
|
|
FALSE,
|
|
TEXT("TermSrvReadyEvent"));
|
|
}
|
|
if (hTermSrvReadyEvent != NULL)
|
|
{
|
|
if (WaitForSingleObject(hTermSrvReadyEvent, 60000) == WAIT_OBJECT_0)
|
|
{
|
|
pThis->_fRegisteredNotification = (WinStationRegisterConsoleNotification(SERVERNAME_CURRENT, pThis->_hwnd, NOTIFY_FOR_ALL_SESSIONS) != FALSE);
|
|
}
|
|
TBOOL(CloseHandle(hTermSrvReadyEvent));
|
|
}
|
|
pThis->Release();
|
|
FreeLibraryAndExitThread(hModule, 0);
|
|
}
|
|
|
|
#endif /* _X86_ */
|
|
|