Hi comrades . I have been using DDK for building an application, but there's a serious error which I can't solve it till now . i'm using GetModuleFileNameEx in my application . Код (Text): #pragma comment(lib, "psapi.lib") #pragma comment(lib, "shlwapi.lib") #include <windows.h> #include <stdio.h> #include <conio.h> #include <stdlib.h> #include <tchar.h> #include "ex.h" #include <Shlwapi.h> #include <psapi.h> #define OBJ_CASE_INSENSITIVE 0x00000040L typedef struct _UUNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; } UUNICODE_STRING; typedef VOID *POBJECT; typedef struct _SYSTEM_HANDLE { ULONG uIdProcess; UCHAR ObjectType; // OB_TYPE_* (OB_TYPE_TYPE, etc.) UCHAR Flags; // HANDLE_FLAG_* (HANDLE_FLAG_INHERIT, etc.) USHORT Handle; POBJECT pObject; ACCESS_MASK GrantedAccess; } SYSTEM_HANDLE, *PSYSTEM_HANDLE; typedef UNICODE_STRING *PUNICODE_STRING; typedef const UNICODE_STRING *PCUNICODE_STRING; #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) #define STATUS_BUFFER_OVERFLOW ((NTSTATUS)0x80000005L) typedef UUNICODE_STRING OBJECT_NAME_INFORMATION; typedef UUNICODE_STRING *POBJECT_NAME_INFORMATION; NTSTATUS RtlAdjustPrivilege(ULONG Privilege, BOOLEAN Enable, BOOLEAN Client) { NTSTATUS Status; HANDLE Token; LUID LuidPrivilege; TOKEN_PRIVILEGES NewPrivileges, OldPrivileges; ULONG Length; if (Client) Status = NtOpenThreadToken(NtCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &Token); else Status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &Token); if (STATUS_SUCCESS != Status) return Status; LuidPrivilege.LowPart = Privilege; LuidPrivilege.HighPart = 0; NewPrivileges.PrivilegeCount = 1; NewPrivileges.Privileges[0].Luid = LuidPrivilege; if (Enable) NewPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; else NewPrivileges.Privileges[0].Attributes = 0; Status = NtAdjustPrivilegesToken(Token, FALSE, &NewPrivileges, sizeof(TOKEN_PRIVILEGES), &OldPrivileges, &Length); NtClose(Token); if (Status == STATUS_NOT_ALL_ASSIGNED) return STATUS_PRIVILEGE_NOT_HELD; return Status; }; LPWSTR GetObjectInfo(HANDLE hObject, OBJECT_INFORMATION_CLASS objInfoClass) { LPWSTR returnObj = NULL; NTSTATUS NtStatus = STATUS_UNSUCCESSFUL; DWORD dwSize = sizeof(OBJECT_NAME_INFORMATION); POBJECT_NAME_INFORMATION pObjectInfo ; pObjectInfo = (POBJECT_NAME_INFORMATION) malloc(sizeof(dwSize)); /*NtStatus = NtQueryObject(hObject,objInfoClass,pObjectInfo,dwSize,&dwSize);*/ NtStatus = NtQueryObject(hObject,objInfoClass,pObjectInfo,dwSize,&dwSize); if((NtStatus == STATUS_BUFFER_OVERFLOW) || (NtStatus == STATUS_INFO_LENGTH_MISMATCH)) { pObjectInfo = NULL; pObjectInfo = (POBJECT_NAME_INFORMATION) malloc(sizeof(dwSize)); NtStatus = NtQueryObject(hObject,objInfoClass,pObjectInfo,dwSize,&dwSize); } if((NtStatus == STATUS_SUCCESS) && (pObjectInfo->Buffer !=NULL)) { ZeroMemory(returnObj,pObjectInfo->Length + sizeof(WCHAR)); CopyMemory(returnObj,pObjectInfo->Buffer,pObjectInfo->Length); } pObjectInfo = NULL; return returnObj; } int __cdecl main(int argc, char **argv) { DWORD dwSize = sizeof(SYSTEM_HANDLE_INFORMATION_EX); DWORD dwIndex ; PSYSTEM_HANDLE_INFORMATION_EX pHandleInfo= (PSYSTEM_HANDLE_INFORMATION_EX)malloc(sizeof(dwSize)); NTSTATUS NtStatus = STATUS_UNSUCCESSFUL; printf("\nEnumeration of processes handles\n"); printf("\n====================================\n"); if (STATUS_SUCCESS != RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE)) { wprintf(L" [ - ] Enabling Debug Privilege : Failed"); _wsystem(L"pause"); } NtStatus = NtQuerySystemInformation(SystemHandleInformation,pHandleInfo,dwSize,&dwSize); if(NtStatus == STATUS_INFO_LENGTH_MISMATCH) { pHandleInfo = NULL; pHandleInfo= (PSYSTEM_HANDLE_INFORMATION_EX)malloc(sizeof(dwSize)); NtStatus = NtQuerySystemInformation(SystemHandleInformation,pHandleInfo,dwSize,&dwSize); } for(dwIndex = 0;dwIndex<=pHandleInfo->HandleCount;dwIndex++) { HANDLE hProcess = OpenProcess(PROCESS_DUP_HANDLE|PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,pHandleInfo->Handles[dwIndex].ProcessId); if(hProcess!=INVALID_HANDLE_VALUE) { HANDLE hObject = NULL; if(DuplicateHandle(hProcess,(HANDLE)pHandleInfo->Handles[dwIndex].Handle,GetCurrentProcess(),&hObject,STANDARD_RIGHTS_REQUIRED,FALSE,0)!=FALSE) { LPWSTR lpwsName = GetObjectInfo(hObject,ObjectNameInformation); if(lpwsName!=NULL) { LPWSTR lpwsType = GetObjectInfo(hObject,ObjectTypeInformation); LPWSTR lpszProcess ; lpszProcess = (LPWSTR)malloc(sizeof(MAX_PATH)); ZeroMemory(lpszProcess,MAX_PATH); GetModuleFileNameExW(hProcess,NULL,(LPWSTR)lpszProcess,MAX_PATH); } } } } _getch(); return 0; } This is the output of ddk : Код (Text): BUILD: Saving C:\WINDDK\3790~1.183\build.dat... BUILD: Compiling (NoSync) g:\projects\device_driver_programming\native\handle_in formation_enumeration directory 1>Compiling - handles.c for i386 BUILD: Compiling g:\projects\device_driver_programming\native\handle_informatio n_enumeration directory BUILD: Linking g:\projects\device_driver_programming\native\handle_information_e numeration directory 1>Linking Executable - objchk_wxp_x86\i386\ehandles.exe for i386 1>errors in directory g:\projects\device_driver_programming\native\handle_inform ation_enumeration 1>handles.obj : error LNK2019: unresolved external symbol _GetModuleFileNameExW@ 16 referenced in function _main 1>objchk_wxp_x86\i386\ehandles.exe : error LNK1120: 1 unresolved externals BUILD: Done 2 files compiled 1 executable built - 2 Errors Could anyone help with this !? I linked psapi.lib with #pragma comment directive but I don't know where's the problem . If anyone could help, it would be fine . thank you . (however the code is partial)
Thanks for quick reply, I'm using visual Studio 2008 as IDE, running windows Xp service pack 3 & using DDK 3.X (old windows ddk) as my builder . I did it at linker dependencies but the same error as always .
#pragma comment(lib, "psapi.lib") should be enough. There is something wrong with psapi.lib, I guess. It needs at least NT 4.0 libs. Perhaps you will solve the problem by replacing DDK's psapi.lib with VS' one.
Could you please upload it for me? Thank you, there's many files named psapi.lib & surely I might put the wrong one . thank you .
The correct one contains the string `_GetModuleFileNameExW@16`. Anyway there is psapi.lib from DDK 3790.1830 attached
Damn, I don't know where's the problem JOE . but I attached the complete project for you . if you could build it's worth . kind regads.
Here is fixed sources file Код (Text): C_DEFINES=-DUNICODE -D_UNICODE TARGETNAME=eHandles TARGETPATH=obj TARGETTYPE=PROGRAM SOURCES=handles.c UMTYPE=console UMBASE=0x00400000 TARGETLIBS=$(DDK_LIB_PATH)\ntdll.lib $(DDK_LIB_PATH)\psapi.lib $(DDK_LIB_PATH)\shlwapi.lib Also I fixed line 137 by removing all casts (they are always evil), so it became ((lstrlenW(lpszProcess) > 0)?PathFindFileName(lpszProcess):L"[System]"), lpwsName); This worked for me. Your DDK is 3790.1830 and is fine, no libs needed in the project root.
Another hi to comrades. as dear JOE help alot at compiling phase & the problem has been solved, now there's some issue with the code. I have been cut the most part of the code for better revealing. on the previous posts I have been uploaded the whole source code, so if anyone put the following source code, things going fine at compile & build, but I don't know what's the problem with dwSize size mismatch : Код (Text): #define _WIN32_WINNT 0x0501 #include <windows.h> #include <stdio.h> #include <conio.h> #include <stdlib.h> #include <tchar.h> #include "ex.h" #include <Shlwapi.h> #include <Psapi.h> #define OBJ_CASE_INSENSITIVE 0x00000040L typedef struct _UUNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; } UUNICODE_STRING; typedef VOID *POBJECT; typedef UNICODE_STRING *PUNICODE_STRING; typedef const UNICODE_STRING *PCUNICODE_STRING; #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) #define STATUS_BUFFER_OVERFLOW ((NTSTATUS)0x80000005L) typedef UUNICODE_STRING OBJECT_NAME_INFORMATION; typedef UUNICODE_STRING *POBJECT_NAME_INFORMATION; typedef struct _SYSTEM_HANDLE { ULONG uIdProcess; UCHAR ObjectType; // OB_TYPE_* (OB_TYPE_TYPE, etc.) UCHAR Flags; // HANDLE_FLAG_* (HANDLE_FLAG_INHERIT, etc.) USHORT Handle; POBJECT pObject; ACCESS_MASK GrantedAccess; } SYSTEM_HANDLE, *PSYSTEM_HANDLE; typedef struct _SSYSTEM_HANDLE_INFORMATION { ULONG uCount; SYSTEM_HANDLE Handles[1]; } SSYSTEM_HANDLE_INFORMATION, *PSSYSTEM_HANDLE_INFORMATION; NTSTATUS RtlAdjustPrivilege(ULONG Privilege, BOOLEAN Enable, BOOLEAN Client) { NTSTATUS Status; HANDLE Token; LUID LuidPrivilege; TOKEN_PRIVILEGES NewPrivileges, OldPrivileges; ULONG Length; if (Client) Status = NtOpenThreadToken(NtCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &Token); else Status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &Token); if (STATUS_SUCCESS != Status) return Status; LuidPrivilege.LowPart = Privilege; LuidPrivilege.HighPart = 0; NewPrivileges.PrivilegeCount = 1; NewPrivileges.Privileges[0].Luid = LuidPrivilege; if (Enable) NewPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; else NewPrivileges.Privileges[0].Attributes = 0; Status = NtAdjustPrivilegesToken(Token, FALSE, &NewPrivileges, sizeof(TOKEN_PRIVILEGES), &OldPrivileges, &Length); NtClose(Token); if (Status == STATUS_NOT_ALL_ASSIGNED) return STATUS_PRIVILEGE_NOT_HELD; return Status; }; int __cdecl main(int argc, char **argv) { DWORD dwSize = sizeof(SSYSTEM_HANDLE_INFORMATION); NTSTATUS NtStatus; PSSYSTEM_HANDLE_INFORMATION pHandleInfo = (PSSYSTEM_HANDLE_INFORMATION)malloc(sizeof(dwSize)); if(RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE)==STATUS_SUCCESS){ printf("\nDebug Privilege ok "); } NtStatus = NtQuerySystemInformation(SystemHandleInformation, &pHandleInfo, dwSize, &dwSize); if(NtStatus == STATUS_SUCCESS) { printf("\nNtQuery is ok ..."); } else if(NtStatus == STATUS_INFO_LENGTH_MISMATCH){ printf("\nLength mismatch !"); pHandleInfo=NULL; NtStatus = NtQuerySystemInformation(SystemHandleInformation, pHandleInfo, dwSize, &dwSize); if(NtStatus == STATUS_SUCCESS){ printf(" Found %d Handles.\n\n", pHandleInfo->uCount); } } _getch(); return 0; } well, the enumeration has some few problem I think due to wrong allocation for some variables . if anyone could solve & guide at this case, it would be helpful . thanks . Genius
Well, I suggest you to check every undocumented stuff at least twice. The problem is with SYSTEM_INFORMATION_CLASS enum, actually SystemProcessInformation and SystemProcessesAndThreadsInformation are the same thing (and last one is to be removed as an unofficial name). SystemHandleInformation shall equall to 16 (now it is 17 like SystemObjectInformation and wants OS to have FLG_MAINTAIN_OBJECT_TYPELIST flag set, this causes STATUS_UNSUCCESSFUL). Also note new handles may be opened between NtQuerySystemInformation calls, it is a good idea to malloc extra storage or even better to call NtQuerySystemInformatio in a loop. Oh, and of course malloc(sizeof(dwSize)) is wrong as &pHandleInfo!
