annotate dep/animia/src/win32.cpp @ 56:6ff7aabeb9d7

deps: add animia for open files detection
author Paper <mrpapersonic@gmail.com>
date Thu, 28 Sep 2023 12:35:21 -0400 (15 months ago)
parents
children 4c6dd5999b39
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
56
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
1 #include "win32.h"
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
2 #include <windows.h>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
3 #include <winternl.h>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
4 #include <libloaderapi.h>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
5 #include <ntdef.h>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
6 #include <psapi.h>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
7 #include <tlhelp32.h>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
8 #include <fileapi.h>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
9 #include <handleapi.h>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
10 #include <vector>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
11 #include <iostream>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
12 #include <string>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
13 #include <unordered_map>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
14 #include <stdexcept>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
15 #include <locale>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
16 #include <codecvt>
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
17 /* This file is noticably more complex than Unix and Linux, and that's because
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
18 there is no "simple" way to get the paths of a file. */
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
19
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
20 #define SystemExtendedHandleInformation ((SYSTEM_INFORMATION_CLASS)0x40)
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
21 constexpr NTSTATUS STATUS_INFO_LENGTH_MISMATCH = 0xC0000004UL;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
22 constexpr NTSTATUS STATUS_SUCCESS = 0x00000000UL;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
23
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
24 static unsigned short file_type_index = 0;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
25
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
26 struct SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
27 PVOID Object;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
28 ULONG_PTR UniqueProcessId;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
29 HANDLE HandleValue;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
30 ACCESS_MASK GrantedAccess;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
31 USHORT CreatorBackTraceIndex;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
32 USHORT ObjectTypeIndex;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
33 ULONG HandleAttributes;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
34 ULONG Reserved;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
35 };
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
36
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
37 struct SYSTEM_HANDLE_INFORMATION_EX {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
38 ULONG_PTR NumberOfHandles;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
39 ULONG_PTR Reserved;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
40 SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[1];
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
41 };
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
42
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
43 namespace Animia::Windows {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
44
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
45 std::vector<int> get_all_pids() {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
46 std::vector<int> ret;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
47 HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
48 PROCESSENTRY32 pe32;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
49 pe32.dwSize = sizeof(PROCESSENTRY32);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
50
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
51 if (hProcessSnap == INVALID_HANDLE_VALUE)
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
52 return std::vector<int>();
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
53
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
54 if (!Process32First(hProcessSnap, &pe32))
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
55 return std::vector<int>();
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
56
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
57 ret.push_back(pe32.th32ProcessID);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
58 while (Process32Next(hProcessSnap, &pe32)) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
59 ret.push_back(pe32.th32ProcessID);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
60 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
61 // clean the snapshot object
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
62 CloseHandle(hProcessSnap);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
63
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
64 return ret;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
65 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
66
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
67 std::string get_process_name(int pid) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
68 HANDLE handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
69 if (!handle)
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
70 return "";
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
71
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
72 std::string ret(MAX_PATH, '\0');
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
73 if (!GetModuleBaseNameA(handle, 0, &ret.front(), ret.size()))
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
74 throw std::runtime_error("GetModuleBaseNameA failed: " + std::to_string(GetLastError()));
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
75 CloseHandle(handle);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
76
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
77 return ret;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
78 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
79
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
80 /* All of this BS is required on Windows. Why? */
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
81
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
82 HANDLE DuplicateHandle(HANDLE process_handle, HANDLE handle) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
83 HANDLE dup_handle = nullptr;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
84 const bool result = ::DuplicateHandle(process_handle, handle,
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
85 ::GetCurrentProcess(), &dup_handle, 0, false, DUPLICATE_SAME_ACCESS);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
86 return result ? dup_handle : nullptr;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
87 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
88
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
89 PVOID GetNTDLLAddress(LPCSTR proc_name) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
90 return reinterpret_cast<PVOID>(GetProcAddress(GetModuleHandleA("ntdll.dll"), proc_name));
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
91 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
92
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
93 NTSTATUS QuerySystemInformation(SYSTEM_INFORMATION_CLASS cls, PVOID sysinfo, ULONG len, PULONG retlen) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
94 static const auto func = reinterpret_cast<decltype(::NtQuerySystemInformation)*>(GetNTDLLAddress("NtQuerySystemInformation"));
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
95 return func(cls, sysinfo, len, retlen);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
96 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
97
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
98 NTSTATUS QueryObject(HANDLE handle, OBJECT_INFORMATION_CLASS cls, PVOID objinf, ULONG objinflen, PULONG retlen) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
99 static const auto func = reinterpret_cast<decltype(::NtQueryObject)*>(GetNTDLLAddress("NtQueryObject"));
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
100 return func(handle, cls, objinf, objinflen, retlen);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
101 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
102
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
103 std::vector<SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> GetSystemHandleInformation() {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
104 std::vector<SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> res;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
105 ULONG cb = 1 << 19;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
106 NTSTATUS status = STATUS_SUCCESS;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
107 SYSTEM_HANDLE_INFORMATION_EX* info;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
108
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
109 do {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
110 status = STATUS_NO_MEMORY;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
111
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
112 if (!(info = (SYSTEM_HANDLE_INFORMATION_EX*)malloc(cb *= 2)))
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
113 continue;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
114
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
115 if (0 <= (status = QuerySystemInformation(SystemExtendedHandleInformation, info, cb, &cb))) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
116 if (ULONG_PTR handles = info->NumberOfHandles) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
117 SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX* entry = info->Handles;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
118 do {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
119 if (entry) res.push_back(*entry);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
120 } while (entry++, --handles);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
121 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
122 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
123 free(info);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
124 } while (status == STATUS_INFO_LENGTH_MISMATCH);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
125
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
126 return res;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
127 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
128
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
129 OBJECT_TYPE_INFORMATION QueryObjectTypeInfo(HANDLE handle) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
130 OBJECT_TYPE_INFORMATION info;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
131 QueryObject(handle, ObjectTypeInformation, &info, sizeof(info), NULL);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
132 return info;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
133 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
134
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
135 std::string UnicodeStringToStdString(UNICODE_STRING string) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
136 ANSI_STRING result;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
137 static const auto uc_to_ansi = reinterpret_cast<decltype(::RtlUnicodeStringToAnsiString)*>(GetNTDLLAddress("RtlUnicodeStringToAnsiString"));
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
138 uc_to_ansi(&result, &string, TRUE);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
139 std::string ret = std::string(result.Buffer, result.Length);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
140 static const auto free_ansi = reinterpret_cast<decltype(::RtlFreeAnsiString)*>(GetNTDLLAddress("RtlFreeAnsiString"));
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
141 free_ansi(&result);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
142 return ret;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
143 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
144
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
145 std::string GetHandleType(HANDLE handle) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
146 OBJECT_TYPE_INFORMATION info = QueryObjectTypeInfo(handle);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
147 return UnicodeStringToStdString(info.TypeName);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
148 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
149
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
150 /* GetFinalPathNameByHandleA literally just doesn't work */
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
151 std::string GetFinalPathNameByHandle(HANDLE handle) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
152 std::wstring buffer;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
153
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
154 int result = ::GetFinalPathNameByHandleW(handle, NULL, 0, FILE_NAME_NORMALIZED | VOLUME_NAME_DOS);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
155 buffer.resize(result);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
156 ::GetFinalPathNameByHandleW(handle, &buffer.front(), buffer.size(), FILE_NAME_NORMALIZED | VOLUME_NAME_DOS);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
157
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
158 std::wstring_convert<std::codecvt_utf8<wchar_t>, wchar_t> converter;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
159
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
160 return converter.to_bytes(buffer);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
161 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
162
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
163 std::string GetSystemDirectory() {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
164 std::string windir = std::string(MAX_PATH, '\0');
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
165 ::GetWindowsDirectoryA(&windir.front(), windir.length());
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
166 return "\\\\?\\" + windir;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
167 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
168
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
169 /* This function is useless. I'm not exactly sure why, but whenever I try to compare the two
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
170 values, they both come up as different. I'm assuming it's just some Unicode BS I can't be bothered
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
171 to deal with. */
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
172 bool IsSystemDirectory(const std::string& path) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
173 std::string path_l = path;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
174 CharUpperBuffA(&path_l.front(), path_l.length());
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
175
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
176 std::string windir = GetSystemDirectory();
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
177 CharUpperBuffA(&windir.front(), windir.length());
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
178
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
179 return path_l.rfind(windir, 0) != std::string::npos;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
180 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
181
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
182 bool IsFileHandle(HANDLE handle, unsigned short object_type_index) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
183 if (file_type_index)
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
184 return object_type_index == file_type_index;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
185 else if (!handle)
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
186 return true;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
187 else if (GetHandleType(handle) == "File") {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
188 file_type_index = object_type_index;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
189 return true;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
190 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
191 return false;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
192 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
193
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
194 bool IsFileMaskOk(ACCESS_MASK access_mask) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
195 /* this filters out any file handles that, legitimately,
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
196 do not make sense (for what we're using it for)
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
197
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
198 shoutout to erengy for having these in Anisthesia */
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
199
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
200 if (!(access_mask & FILE_READ_DATA))
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
201 return false;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
202
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
203 if ((access_mask & FILE_APPEND_DATA) ||
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
204 (access_mask & FILE_WRITE_EA) ||
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
205 (access_mask & FILE_WRITE_ATTRIBUTES))
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
206 return false;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
207
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
208 return true;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
209 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
210
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
211 bool IsFilePathOk(const std::string& path) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
212 if (path.empty() || IsSystemDirectory(path))
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
213 return false;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
214
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
215 const auto file_attributes = GetFileAttributesA(path.c_str());
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
216 if ((file_attributes == INVALID_FILE_ATTRIBUTES) ||
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
217 (file_attributes & FILE_ATTRIBUTE_DIRECTORY))
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
218 return false;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
219
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
220 return true;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
221 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
222
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
223 std::vector<std::string> get_open_files(int pid) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
224 std::unordered_map<int, std::vector<std::string>> map = get_all_open_files();
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
225 return map[pid];
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
226 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
227
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
228 std::unordered_map<int, std::vector<std::string>> get_all_open_files() {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
229 std::unordered_map<int, std::vector<std::string>> map;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
230 std::vector<SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> info = GetSystemHandleInformation();
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
231 for (auto& h : info) {
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
232 int pid = h.UniqueProcessId;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
233
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
234 if (!IsFileHandle(nullptr, h.ObjectTypeIndex))
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
235 continue;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
236 if (!IsFileMaskOk(h.GrantedAccess))
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
237 continue;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
238
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
239 const HANDLE proc = ::OpenProcess(PROCESS_DUP_HANDLE, false, pid);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
240 HANDLE handle = DuplicateHandle(proc, h.HandleValue);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
241 if (!handle)
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
242 continue;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
243
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
244 if (GetFileType(handle) != FILE_TYPE_DISK)
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
245 continue;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
246
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
247 std::string path = GetFinalPathNameByHandle(handle);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
248 if (!IsFilePathOk(path))
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
249 continue;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
250
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
251 if (map.find(pid) == map.end())
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
252 map[pid] = {};
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
253 map[pid].push_back(path);
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
254 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
255 return map;
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
256 }
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
257
6ff7aabeb9d7 deps: add animia for open files detection
Paper <mrpapersonic@gmail.com>
parents:
diff changeset
258 }