Mercurial > minori
annotate dep/animia/src/win32.cpp @ 56:6ff7aabeb9d7
deps: add animia for open files detection
author | Paper <mrpapersonic@gmail.com> |
---|---|
date | Thu, 28 Sep 2023 12:35:21 -0400 (15 months ago) |
parents | |
children | 4c6dd5999b39 |
rev | line source |
---|---|
56
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
1 #include "win32.h" |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
2 #include <windows.h> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
3 #include <winternl.h> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
4 #include <libloaderapi.h> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
5 #include <ntdef.h> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
6 #include <psapi.h> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
7 #include <tlhelp32.h> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
8 #include <fileapi.h> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
9 #include <handleapi.h> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
10 #include <vector> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
11 #include <iostream> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
12 #include <string> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
13 #include <unordered_map> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
14 #include <stdexcept> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
15 #include <locale> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
16 #include <codecvt> |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
17 /* This file is noticably more complex than Unix and Linux, and that's because |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
18 there is no "simple" way to get the paths of a file. */ |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
19 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
20 #define SystemExtendedHandleInformation ((SYSTEM_INFORMATION_CLASS)0x40) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
21 constexpr NTSTATUS STATUS_INFO_LENGTH_MISMATCH = 0xC0000004UL; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
22 constexpr NTSTATUS STATUS_SUCCESS = 0x00000000UL; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
23 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
24 static unsigned short file_type_index = 0; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
25 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
26 struct SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
27 PVOID Object; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
28 ULONG_PTR UniqueProcessId; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
29 HANDLE HandleValue; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
30 ACCESS_MASK GrantedAccess; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
31 USHORT CreatorBackTraceIndex; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
32 USHORT ObjectTypeIndex; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
33 ULONG HandleAttributes; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
34 ULONG Reserved; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
35 }; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
36 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
37 struct SYSTEM_HANDLE_INFORMATION_EX { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
38 ULONG_PTR NumberOfHandles; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
39 ULONG_PTR Reserved; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
40 SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[1]; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
41 }; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
42 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
43 namespace Animia::Windows { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
44 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
45 std::vector<int> get_all_pids() { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
46 std::vector<int> ret; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
47 HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
48 PROCESSENTRY32 pe32; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
49 pe32.dwSize = sizeof(PROCESSENTRY32); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
50 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
51 if (hProcessSnap == INVALID_HANDLE_VALUE) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
52 return std::vector<int>(); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
53 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
54 if (!Process32First(hProcessSnap, &pe32)) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
55 return std::vector<int>(); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
56 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
57 ret.push_back(pe32.th32ProcessID); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
58 while (Process32Next(hProcessSnap, &pe32)) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
59 ret.push_back(pe32.th32ProcessID); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
60 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
61 // clean the snapshot object |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
62 CloseHandle(hProcessSnap); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
63 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
64 return ret; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
65 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
66 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
67 std::string get_process_name(int pid) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
68 HANDLE handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
69 if (!handle) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
70 return ""; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
71 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
72 std::string ret(MAX_PATH, '\0'); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
73 if (!GetModuleBaseNameA(handle, 0, &ret.front(), ret.size())) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
74 throw std::runtime_error("GetModuleBaseNameA failed: " + std::to_string(GetLastError())); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
75 CloseHandle(handle); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
76 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
77 return ret; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
78 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
79 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
80 /* All of this BS is required on Windows. Why? */ |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
81 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
82 HANDLE DuplicateHandle(HANDLE process_handle, HANDLE handle) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
83 HANDLE dup_handle = nullptr; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
84 const bool result = ::DuplicateHandle(process_handle, handle, |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
85 ::GetCurrentProcess(), &dup_handle, 0, false, DUPLICATE_SAME_ACCESS); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
86 return result ? dup_handle : nullptr; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
87 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
88 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
89 PVOID GetNTDLLAddress(LPCSTR proc_name) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
90 return reinterpret_cast<PVOID>(GetProcAddress(GetModuleHandleA("ntdll.dll"), proc_name)); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
91 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
92 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
93 NTSTATUS QuerySystemInformation(SYSTEM_INFORMATION_CLASS cls, PVOID sysinfo, ULONG len, PULONG retlen) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
94 static const auto func = reinterpret_cast<decltype(::NtQuerySystemInformation)*>(GetNTDLLAddress("NtQuerySystemInformation")); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
95 return func(cls, sysinfo, len, retlen); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
96 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
97 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
98 NTSTATUS QueryObject(HANDLE handle, OBJECT_INFORMATION_CLASS cls, PVOID objinf, ULONG objinflen, PULONG retlen) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
99 static const auto func = reinterpret_cast<decltype(::NtQueryObject)*>(GetNTDLLAddress("NtQueryObject")); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
100 return func(handle, cls, objinf, objinflen, retlen); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
101 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
102 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
103 std::vector<SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> GetSystemHandleInformation() { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
104 std::vector<SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> res; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
105 ULONG cb = 1 << 19; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
106 NTSTATUS status = STATUS_SUCCESS; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
107 SYSTEM_HANDLE_INFORMATION_EX* info; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
108 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
109 do { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
110 status = STATUS_NO_MEMORY; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
111 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
112 if (!(info = (SYSTEM_HANDLE_INFORMATION_EX*)malloc(cb *= 2))) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
113 continue; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
114 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
115 if (0 <= (status = QuerySystemInformation(SystemExtendedHandleInformation, info, cb, &cb))) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
116 if (ULONG_PTR handles = info->NumberOfHandles) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
117 SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX* entry = info->Handles; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
118 do { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
119 if (entry) res.push_back(*entry); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
120 } while (entry++, --handles); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
121 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
122 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
123 free(info); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
124 } while (status == STATUS_INFO_LENGTH_MISMATCH); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
125 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
126 return res; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
127 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
128 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
129 OBJECT_TYPE_INFORMATION QueryObjectTypeInfo(HANDLE handle) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
130 OBJECT_TYPE_INFORMATION info; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
131 QueryObject(handle, ObjectTypeInformation, &info, sizeof(info), NULL); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
132 return info; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
133 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
134 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
135 std::string UnicodeStringToStdString(UNICODE_STRING string) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
136 ANSI_STRING result; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
137 static const auto uc_to_ansi = reinterpret_cast<decltype(::RtlUnicodeStringToAnsiString)*>(GetNTDLLAddress("RtlUnicodeStringToAnsiString")); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
138 uc_to_ansi(&result, &string, TRUE); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
139 std::string ret = std::string(result.Buffer, result.Length); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
140 static const auto free_ansi = reinterpret_cast<decltype(::RtlFreeAnsiString)*>(GetNTDLLAddress("RtlFreeAnsiString")); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
141 free_ansi(&result); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
142 return ret; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
143 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
144 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
145 std::string GetHandleType(HANDLE handle) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
146 OBJECT_TYPE_INFORMATION info = QueryObjectTypeInfo(handle); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
147 return UnicodeStringToStdString(info.TypeName); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
148 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
149 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
150 /* GetFinalPathNameByHandleA literally just doesn't work */ |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
151 std::string GetFinalPathNameByHandle(HANDLE handle) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
152 std::wstring buffer; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
153 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
154 int result = ::GetFinalPathNameByHandleW(handle, NULL, 0, FILE_NAME_NORMALIZED | VOLUME_NAME_DOS); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
155 buffer.resize(result); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
156 ::GetFinalPathNameByHandleW(handle, &buffer.front(), buffer.size(), FILE_NAME_NORMALIZED | VOLUME_NAME_DOS); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
157 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
158 std::wstring_convert<std::codecvt_utf8<wchar_t>, wchar_t> converter; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
159 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
160 return converter.to_bytes(buffer); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
161 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
162 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
163 std::string GetSystemDirectory() { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
164 std::string windir = std::string(MAX_PATH, '\0'); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
165 ::GetWindowsDirectoryA(&windir.front(), windir.length()); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
166 return "\\\\?\\" + windir; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
167 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
168 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
169 /* This function is useless. I'm not exactly sure why, but whenever I try to compare the two |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
170 values, they both come up as different. I'm assuming it's just some Unicode BS I can't be bothered |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
171 to deal with. */ |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
172 bool IsSystemDirectory(const std::string& path) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
173 std::string path_l = path; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
174 CharUpperBuffA(&path_l.front(), path_l.length()); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
175 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
176 std::string windir = GetSystemDirectory(); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
177 CharUpperBuffA(&windir.front(), windir.length()); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
178 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
179 return path_l.rfind(windir, 0) != std::string::npos; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
180 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
181 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
182 bool IsFileHandle(HANDLE handle, unsigned short object_type_index) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
183 if (file_type_index) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
184 return object_type_index == file_type_index; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
185 else if (!handle) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
186 return true; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
187 else if (GetHandleType(handle) == "File") { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
188 file_type_index = object_type_index; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
189 return true; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
190 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
191 return false; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
192 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
193 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
194 bool IsFileMaskOk(ACCESS_MASK access_mask) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
195 /* this filters out any file handles that, legitimately, |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
196 do not make sense (for what we're using it for) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
197 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
198 shoutout to erengy for having these in Anisthesia */ |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
199 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
200 if (!(access_mask & FILE_READ_DATA)) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
201 return false; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
202 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
203 if ((access_mask & FILE_APPEND_DATA) || |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
204 (access_mask & FILE_WRITE_EA) || |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
205 (access_mask & FILE_WRITE_ATTRIBUTES)) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
206 return false; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
207 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
208 return true; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
209 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
210 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
211 bool IsFilePathOk(const std::string& path) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
212 if (path.empty() || IsSystemDirectory(path)) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
213 return false; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
214 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
215 const auto file_attributes = GetFileAttributesA(path.c_str()); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
216 if ((file_attributes == INVALID_FILE_ATTRIBUTES) || |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
217 (file_attributes & FILE_ATTRIBUTE_DIRECTORY)) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
218 return false; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
219 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
220 return true; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
221 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
222 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
223 std::vector<std::string> get_open_files(int pid) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
224 std::unordered_map<int, std::vector<std::string>> map = get_all_open_files(); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
225 return map[pid]; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
226 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
227 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
228 std::unordered_map<int, std::vector<std::string>> get_all_open_files() { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
229 std::unordered_map<int, std::vector<std::string>> map; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
230 std::vector<SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> info = GetSystemHandleInformation(); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
231 for (auto& h : info) { |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
232 int pid = h.UniqueProcessId; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
233 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
234 if (!IsFileHandle(nullptr, h.ObjectTypeIndex)) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
235 continue; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
236 if (!IsFileMaskOk(h.GrantedAccess)) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
237 continue; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
238 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
239 const HANDLE proc = ::OpenProcess(PROCESS_DUP_HANDLE, false, pid); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
240 HANDLE handle = DuplicateHandle(proc, h.HandleValue); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
241 if (!handle) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
242 continue; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
243 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
244 if (GetFileType(handle) != FILE_TYPE_DISK) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
245 continue; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
246 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
247 std::string path = GetFinalPathNameByHandle(handle); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
248 if (!IsFilePathOk(path)) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
249 continue; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
250 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
251 if (map.find(pid) == map.end()) |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
252 map[pid] = {}; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
253 map[pid].push_back(path); |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
254 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
255 return map; |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
256 } |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
257 |
6ff7aabeb9d7
deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff
changeset
|
258 } |