GetModuleFileNameEx linker Error with DDK

Hi comrades .
I have been using DDK for building an application, but there's a serious error which I can't solve it till now .
i'm using GetModuleFileNameEx in my application .

Код (Text):

1. #pragma comment(lib, "psapi.lib")
2. #pragma comment(lib, "shlwapi.lib")
3. #include <windows.h>
4. #include <stdio.h>
5. #include <conio.h>
6. #include <stdlib.h>
7. #include <tchar.h>
8. #include "ex.h"
9. #include <Shlwapi.h>
10. #include <psapi.h>
11.  
12. #define OBJ_CASE_INSENSITIVE 0x00000040L
13. typedef struct _UUNICODE_STRING {
14.     USHORT Length;
15.     USHORT MaximumLength;
16.     PWSTR  Buffer;
17. } UUNICODE_STRING;
18.  
19. typedef VOID *POBJECT;
20. typedef struct _SYSTEM_HANDLE {
21.     ULONG       uIdProcess;
22.     UCHAR       ObjectType;    // OB_TYPE_* (OB_TYPE_TYPE, etc.)
23.     UCHAR       Flags;         // HANDLE_FLAG_* (HANDLE_FLAG_INHERIT, etc.)
24.     USHORT      Handle;
25.     POBJECT     pObject;
26.     ACCESS_MASK GrantedAccess;
27. } SYSTEM_HANDLE, *PSYSTEM_HANDLE;
28.  
29. typedef UNICODE_STRING *PUNICODE_STRING;
30. typedef const UNICODE_STRING *PCUNICODE_STRING;
31.  
32. #define STATUS_INFO_LENGTH_MISMATCH     ((NTSTATUS)0xC0000004L)
33. #define STATUS_BUFFER_OVERFLOW          ((NTSTATUS)0x80000005L)
34.  
35. typedef UUNICODE_STRING OBJECT_NAME_INFORMATION;
36. typedef UUNICODE_STRING *POBJECT_NAME_INFORMATION;
37.  
38.  
39. NTSTATUS RtlAdjustPrivilege(ULONG Privilege, BOOLEAN Enable, BOOLEAN Client)
40. {
41.     NTSTATUS Status;
42.     HANDLE Token;
43.     LUID LuidPrivilege;
44.     TOKEN_PRIVILEGES NewPrivileges, OldPrivileges;
45.     ULONG Length;
46.  
47.     if (Client)
48.         Status = NtOpenThreadToken(NtCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &Token);
49.     else
50.         Status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &Token);
51.     if (STATUS_SUCCESS != Status) return Status;
52.     LuidPrivilege.LowPart = Privilege;
53.     LuidPrivilege.HighPart = 0;
54.     NewPrivileges.PrivilegeCount = 1;
55.     NewPrivileges.Privileges[0].Luid = LuidPrivilege;
56.     if (Enable)
57.         NewPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
58.     else
59.         NewPrivileges.Privileges[0].Attributes = 0;
60.     Status = NtAdjustPrivilegesToken(Token, FALSE, &NewPrivileges, sizeof(TOKEN_PRIVILEGES), &OldPrivileges, &Length);
61.     NtClose(Token);
62.     if (Status == STATUS_NOT_ALL_ASSIGNED) return STATUS_PRIVILEGE_NOT_HELD;
63.     return Status;
64. };
65.  
66. LPWSTR  GetObjectInfo(HANDLE hObject, OBJECT_INFORMATION_CLASS objInfoClass)
67. {
68.     LPWSTR returnObj = NULL;
69.     NTSTATUS NtStatus = STATUS_UNSUCCESSFUL;
70.     DWORD dwSize = sizeof(OBJECT_NAME_INFORMATION);
71.     POBJECT_NAME_INFORMATION pObjectInfo ;
72.     pObjectInfo = (POBJECT_NAME_INFORMATION) malloc(sizeof(dwSize));
73.    
74.     /*NtStatus = NtQueryObject(hObject,objInfoClass,pObjectInfo,dwSize,&dwSize);*/
75.     NtStatus = NtQueryObject(hObject,objInfoClass,pObjectInfo,dwSize,&dwSize);
76.     if((NtStatus == STATUS_BUFFER_OVERFLOW) || (NtStatus == STATUS_INFO_LENGTH_MISMATCH))
77.     {
78.         pObjectInfo = NULL;
79.         pObjectInfo = (POBJECT_NAME_INFORMATION) malloc(sizeof(dwSize));
80.         NtStatus = NtQueryObject(hObject,objInfoClass,pObjectInfo,dwSize,&dwSize);
81.     }
82.     if((NtStatus == STATUS_SUCCESS) && (pObjectInfo->Buffer !=NULL))
83.     {  
84.        
85.         ZeroMemory(returnObj,pObjectInfo->Length + sizeof(WCHAR));
86.         CopyMemory(returnObj,pObjectInfo->Buffer,pObjectInfo->Length);
87.     }
88.     pObjectInfo = NULL;
89.     return returnObj;
90. }
91.  
92.  
93. int __cdecl main(int argc, char **argv)
94. {
95.     DWORD dwSize = sizeof(SYSTEM_HANDLE_INFORMATION_EX);
96.     DWORD dwIndex ;
97.     PSYSTEM_HANDLE_INFORMATION_EX pHandleInfo= (PSYSTEM_HANDLE_INFORMATION_EX)malloc(sizeof(dwSize));
98.     NTSTATUS NtStatus = STATUS_UNSUCCESSFUL;
99.     printf("\nEnumeration of processes handles\n");
100.     printf("\n====================================\n");
101.     if (STATUS_SUCCESS != RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE))
102.     {
103.         wprintf(L" [ - ] Enabling Debug Privilege : Failed");
104.         _wsystem(L"pause");
105.     }
106.     NtStatus = NtQuerySystemInformation(SystemHandleInformation,pHandleInfo,dwSize,&dwSize);
107.     if(NtStatus == STATUS_INFO_LENGTH_MISMATCH)
108.     {
109.         pHandleInfo = NULL;
110.         pHandleInfo= (PSYSTEM_HANDLE_INFORMATION_EX)malloc(sizeof(dwSize));
111.         NtStatus = NtQuerySystemInformation(SystemHandleInformation,pHandleInfo,dwSize,&dwSize);       
112.     }
113.     for(dwIndex = 0;dwIndex<=pHandleInfo->HandleCount;dwIndex++)
114.     {
115.         HANDLE hProcess = OpenProcess(PROCESS_DUP_HANDLE|PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,pHandleInfo->Handles[dwIndex].ProcessId);
116.         if(hProcess!=INVALID_HANDLE_VALUE)
117.         {
118.             HANDLE hObject = NULL;
119.             if(DuplicateHandle(hProcess,(HANDLE)pHandleInfo->Handles[dwIndex].Handle,GetCurrentProcess(),&hObject,STANDARD_RIGHTS_REQUIRED,FALSE,0)!=FALSE)
120.             {
121.                 LPWSTR lpwsName = GetObjectInfo(hObject,ObjectNameInformation);
122.                 if(lpwsName!=NULL)
123.                 {
124.                     LPWSTR lpwsType = GetObjectInfo(hObject,ObjectTypeInformation);
125.                     LPWSTR lpszProcess ;
126.                     lpszProcess = (LPWSTR)malloc(sizeof(MAX_PATH));
127.  
128.                     ZeroMemory(lpszProcess,MAX_PATH);
129.                     GetModuleFileNameExW(hProcess,NULL,(LPWSTR)lpszProcess,MAX_PATH);
130.                 }
131.             }
132.         }
133.  
134.     }
135.     _getch();
136.     return 0;
137. }

This is the output of ddk :

Код (Text):

1. BUILD: Saving C:\WINDDK\3790~1.183\build.dat...
2. BUILD: Compiling (NoSync) g:\projects\device_driver_programming\native\handle_in
3. formation_enumeration directory
4. 1>Compiling - handles.c for i386
5. BUILD: Compiling  g:\projects\device_driver_programming\native\handle_informatio
6. n_enumeration directory
7. BUILD: Linking g:\projects\device_driver_programming\native\handle_information_e
8. numeration directory
9. 1>Linking Executable - objchk_wxp_x86\i386\ehandles.exe for i386
10. 1>errors in directory g:\projects\device_driver_programming\native\handle_inform
11. ation_enumeration
12. 1>handles.obj : error LNK2019: unresolved external symbol _GetModuleFileNameExW@
13. 16 referenced in function _main
14. 1>objchk_wxp_x86\i386\ehandles.exe : error LNK1120: 1 unresolved externals
15. BUILD: Done
16.  
17.     2 files compiled
18.     1 executable built - 2 Errors

Could anyone help with this !?
I linked psapi.lib with #pragma comment directive but I don't know where's the problem .

If anyone could help, it would be fine .
thank you .

(however the code is partial)

 

add psapi.lib import library to linker options

 

Thanks for quick reply, I'm using visual Studio 2008 as IDE, running windows Xp service pack 3 & using DDK 3.X (old windows ddk) as my builder .
I did it at linker dependencies but the same error as always .

 

#pragma comment(lib, "psapi.lib") should be enough. There is something wrong with psapi.lib, I guess. It needs at least NT 4.0 libs. Perhaps you will solve the problem by replacing DDK's psapi.lib with VS' one.

 

Could you please upload it for me? Thank you, there's many files named psapi.lib & surely I might put the wrong one .
thank you .

 

The correct one contains the string `_GetModuleFileNameExW@16`. Anyway there is psapi.lib from DDK 3790.1830 attached

 

Damn, I don't know where's the problem JOE .
but I attached the complete project for you .
if you could build it's worth .

kind regads.

 

sorry, it's the link :
http://rapidshare.com/files/402454143/Handle_Information_Enumeration.rar.html

 

Here is fixed sources file

Код (Text):

1. C_DEFINES=-DUNICODE -D_UNICODE
2. TARGETNAME=eHandles
3. TARGETPATH=obj
4. TARGETTYPE=PROGRAM
5. SOURCES=handles.c
6. UMTYPE=console
7. UMBASE=0x00400000
8. TARGETLIBS=$(DDK_LIB_PATH)\ntdll.lib $(DDK_LIB_PATH)\psapi.lib $(DDK_LIB_PATH)\shlwapi.lib

Also I fixed line 137 by removing all casts (they are always evil), so it became
((lstrlenW(lpszProcess) > 0)?PathFindFileName(lpszProcess):L"[System]"), lpwsName);

This worked for me. Your DDK is 3790.1830 and is fine, no libs needed in the project root.

 

J0E, thank you too much, problem solved with your nice solution .

best regards.

 

Another hi to comrades.
as dear JOE help alot at compiling phase & the problem has been solved, now there's some issue with the code.
I have been cut the most part of the code for better revealing.
on the previous posts I have been uploaded the whole source code, so if anyone put the following source code, things going fine at compile & build, but I don't know what's the problem with dwSize size mismatch :

Код (Text):

1. #define _WIN32_WINNT    0x0501
2.  
3. #include <windows.h>
4. #include <stdio.h>
5. #include <conio.h>
6. #include <stdlib.h>
7. #include <tchar.h>
8. #include "ex.h"
9. #include <Shlwapi.h>
10. #include <Psapi.h>
11.  
12. #define OBJ_CASE_INSENSITIVE 0x00000040L
13. typedef struct _UUNICODE_STRING {
14.     USHORT Length;
15.     USHORT MaximumLength;
16.     PWSTR  Buffer;
17. } UUNICODE_STRING;
18.  
19. typedef VOID *POBJECT;
20.  
21. typedef UNICODE_STRING *PUNICODE_STRING;
22. typedef const UNICODE_STRING *PCUNICODE_STRING;
23.  
24. #define STATUS_INFO_LENGTH_MISMATCH     ((NTSTATUS)0xC0000004L)
25. #define STATUS_BUFFER_OVERFLOW          ((NTSTATUS)0x80000005L)
26.  
27. typedef UUNICODE_STRING OBJECT_NAME_INFORMATION;
28. typedef UUNICODE_STRING *POBJECT_NAME_INFORMATION;
29.  
30.  
31. typedef struct _SYSTEM_HANDLE {
32.     ULONG       uIdProcess;
33.     UCHAR       ObjectType;    // OB_TYPE_* (OB_TYPE_TYPE, etc.)
34.     UCHAR       Flags;         // HANDLE_FLAG_* (HANDLE_FLAG_INHERIT, etc.)
35.     USHORT      Handle;
36.     POBJECT     pObject;
37.     ACCESS_MASK GrantedAccess;
38. } SYSTEM_HANDLE, *PSYSTEM_HANDLE;
39.  
40. typedef struct _SSYSTEM_HANDLE_INFORMATION {
41.     ULONG           uCount;
42.     SYSTEM_HANDLE   Handles[1];
43. } SSYSTEM_HANDLE_INFORMATION, *PSSYSTEM_HANDLE_INFORMATION;
44.  
45. NTSTATUS RtlAdjustPrivilege(ULONG Privilege, BOOLEAN Enable, BOOLEAN Client)
46. {
47.     NTSTATUS Status;
48.     HANDLE Token;
49.     LUID LuidPrivilege;
50.     TOKEN_PRIVILEGES NewPrivileges, OldPrivileges;
51.     ULONG Length;
52.  
53.     if (Client)
54.         Status = NtOpenThreadToken(NtCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &Token);
55.     else
56.         Status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &Token);
57.     if (STATUS_SUCCESS != Status) return Status;
58.     LuidPrivilege.LowPart = Privilege;
59.     LuidPrivilege.HighPart = 0;
60.     NewPrivileges.PrivilegeCount = 1;
61.     NewPrivileges.Privileges[0].Luid = LuidPrivilege;
62.     if (Enable)
63.         NewPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
64.     else
65.         NewPrivileges.Privileges[0].Attributes = 0;
66.     Status = NtAdjustPrivilegesToken(Token, FALSE, &NewPrivileges, sizeof(TOKEN_PRIVILEGES), &OldPrivileges, &Length);
67.     NtClose(Token);
68.     if (Status == STATUS_NOT_ALL_ASSIGNED) return STATUS_PRIVILEGE_NOT_HELD;
69.     return Status;
70. };
71.  
72.  
73. int __cdecl main(int argc, char **argv)
74. {
75.     DWORD dwSize = sizeof(SSYSTEM_HANDLE_INFORMATION);
76.     NTSTATUS NtStatus;
77.     PSSYSTEM_HANDLE_INFORMATION pHandleInfo = (PSSYSTEM_HANDLE_INFORMATION)malloc(sizeof(dwSize));
78.     if(RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE)==STATUS_SUCCESS){   
79.         printf("\nDebug Privilege ok ");
80.     }
81.         NtStatus = NtQuerySystemInformation(SystemHandleInformation, &pHandleInfo, dwSize, &dwSize);
82.         if(NtStatus == STATUS_SUCCESS)
83.         {
84.             printf("\nNtQuery is ok ...");
85.         }
86.         else if(NtStatus == STATUS_INFO_LENGTH_MISMATCH){
87.             printf("\nLength mismatch !");
88.             pHandleInfo=NULL;          
89.             NtStatus = NtQuerySystemInformation(SystemHandleInformation, pHandleInfo, dwSize, &dwSize);
90.                     if(NtStatus == STATUS_SUCCESS){
91.                             printf(" Found %d Handles.\n\n", pHandleInfo->uCount);
92.                     }
93.         }
94.  
95.     _getch();
96.     return 0;
97. }

well, the enumeration has some few problem I think due to wrong allocation for some variables .
if anyone could solve & guide at this case, it would be helpful .

thanks .
Genius

 

Well, I suggest you to check every undocumented stuff at least twice.

The problem is with SYSTEM_INFORMATION_CLASS enum, actually SystemProcessInformation and SystemProcessesAndThreadsInformation are the same thing (and last one is to be removed as an unofficial name). SystemHandleInformation shall equall to 16 (now it is 17 like SystemObjectInformation and wants OS to have FLG_MAINTAIN_OBJECT_TYPELIST flag set, this causes STATUS_UNSUCCESSFUL).

Also note new handles may be opened between NtQuerySystemInformation calls, it is a good idea to malloc extra storage or even better to call NtQuerySystemInformatio in a loop.

Oh, and of course malloc(sizeof(dwSize)) is wrong as &pHandleInfo!

 

Yes, I got you joe, thanks .