CryptUnprotectData returns FALSE - c++

CryptUnprotectData returns FALSE, please help me. I try with wstring also, but it returns FALSE too. In which direction to look the error in C++?
#include <wtypes.h>
#include <string>
#include <cstdint>
#include "dpapi.h"
#pragma comment(lib, "Crypt32")
int main()
{
string in = "fdggddgsgds";
LPWSTR pDescrOut = NULL;
DATA_BLOB inData, outData;
inData.pbData = (BYTE*)in.data();
inData.cbData = (DWORD)in.size();
BOOL ok = CryptUnprotectData(&inData, NULL, NULL, NULL, NULL, 0, &outData);
if (inData.pbData != NULL)
LocalFree(inData.pbData);
if (pDescrOut != NULL)
LocalFree(pDescrOut);
if (!ok)
return NULL;
char* str = (char*)malloc(outData.cbData + 1);
memcpy(str, outData.pbData, outData.cbData);
str[outData.cbData] = '\0';
if (outData.pbData != NULL)
LocalFree(outData.pbData);
return 0;
}

(BYTE*)&in
This does not do what you think it does. in is a std::string. This results in a pointer to a std::string. Which has nothing to do, whatsoever, with the contents of this std::string.
The clear intent here is to obtain a pointer to the contents of the std::string, rather than the std::string itself.
To do that, use (BYTE *)in.data(), instead. This may or may not be the only problem with the shown code, since it fails to meet Stackoverflow's requirements for minimal reproducible example, however it is an obvious error.

Related

How to get information about a file for programming on windows

In Linux, we can use the function stat() to get a file info, and use the type st.mode to judge the rights of the file before we can do some operation on it. In windows, I make a lot of attempts, but little help.
At first, I want to use the function GetSecurityInfo, but I can't get the handle argument. I did find some solutions, but they all need use fopen function which is exactly what I want to avoid. Becasue I want to not do anything substantial with the file until I can determine what permissions it has.
Then I try the GetFileSecurityA function, but useless. The following is my code, and I get an error code 998 from getlasterror
void GetFilesInfo(std::string& path)
{
char *path1 = new char[1024];
strcpy(path1, path.c_str());
SECURITY_INFORMATION FLAGS = ATTRIBUTE_SECURITY_INFORMATION;
PSECURITY_DESCRIPTOR file_security_descriptor = new char[1024];
LPDWORD minNeedWords = 0;
if(GetFileSecurityA(path1, FLAGS, file_security_descriptor, 1024, minNeedWords) == 0)
error_die("GetFileInfo");
else
std::cout << file_security_descriptor << std::endl;
}
The answer is as previous comments said. I answered the question for completion.
#include <Windows.h>
void main()
{
TCHAR FileName[] = {L"C:\\Users\\Path\\To\\FileName.extension" };
DWORD LengthNeeded = 0;
SECURITY_DESCRIPTOR* sp = (SECURITY_DESCRIPTOR*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,100);
BOOL rs = GetFileSecurity(FileName, ATTRIBUTE_SECURITY_INFORMATION, sp,100,&LengthNeeded);
if (!rs)
{
DWORD e = GetLastError();
//return;
}
HeapFree(GetProcessHeap(), 0,sp);
}

Stackbased buffer overrun

When running my code I get the following error:
Unhandled exception at 0x00BA16A0 in GameLauncher.exe: Stack cookie instrumentation code detected a stack-based buffer overrun.
I have no idea what could be causing this. It is caused with the following code:
#include "stdafx.h"
#include <Windows.h>
#include <TlHelp32.h>
#include <iostream>
int main()
{
std::cout << "Which process would you like to close? (Include .exe)" << std::endl;
wchar_t userProcessToFind;
std::wcin.getline(&userProcessToFind, 20);
HANDLE processSnapshot;
DWORD processID = 0;
PROCESSENTRY32 processEntery;
processEntery.dwSize = sizeof(PROCESSENTRY32);
processSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, processID);
if(Process32First(processSnapshot, &processEntery) == TRUE)
{
while (Process32Next(processSnapshot, &processEntery) == TRUE)
{
if (_wcsicmp(processEntery.szExeFile, &userProcessToFind) == 0)
{
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, processEntery.th32ProcessID);
TerminateProcess(hProcess, 0);
CloseHandle(hProcess);
}
}
CloseHandle(processSnapshot);
}
return 0;
}
In
wchar_t userProcessToFind;
std::wcin.getline(&userProcessToFind, 20);
You have allocated space for a single wchar_t but you are trying to read in up to 20 characters and place it in the memory at the address of userProcessToFind. This will cause stack corruption as you are going to try to write into memory that does not belong to &userProcessToFind. What you need to do is create an array like
wchar_t userProcessToFind[20];
std::wcin.getline(userProcessToFind, 20);
Or you could use a std::wstring and your code would become
std::wstring userProcessToFind;
std::getline(std::wcin, userProcessToFind);
This gives the benefit of not having to use an arbitrary size for the process name as std::wstring will scale to fit the input. If you need to pass the underlying wchar_t* to a function you can use std::wstring::c_str() to get it.

Can not format data in PWSTR variable to use in CopyFileW command

I am very new to this, sorry about the horrible code below. I am trying to get the default path for FOLDERID_Profile and then add "\test.exe" to the end of it. Then i need to use this as the path to copy a file to. I was able to use the pSHGetKnownFolderPath method to store the profiles directory in PWSTR user_dir . Problem is, this is not an acceptable string format for the copy function.
So i used the following code to very crudely attempt to convert it to something the copy function could use.
strcat((char *)user_dir,"\\test.exe");
test7 = (LPCWSTR)user_dir;
MessageBox(NULL,test7,L"WR test file",MB_OK);
i'm using a message box to check the path before using CopyFile(currentpath,test7,false); But this is giving me 㩃瑜獥⹴硥 . I am currently using
CopyFileW(currentpath,L"C:\\Users\\Jenia\\test.exe",false);
as a workaround, but I really need this to work on other computers too...
I know I am messing up my ANSI vs Unicode formatting again, please tell me how to best achieve this goal. Let me know if you would like me to post the entire code block, but until i run that strcat method user_dir has the correct path just no file name for copy method.
more complete code below:
#include <windows.h>
#include <shlwapi.h>
#include <stdio.h>
#include <Shlobj.h>
LPCWSTR test7 = 0;
PWSTR user_dir = 0;
HMODULE hndl_shell32;
lpSHGetKnownFolderPath pSHGetKnownFolderPath;
hndl_shell32 = LoadLibrary(L"shell32");
if (NULL != hndl_shell32)
{
pSHGetKnownFolderPath = (lpSHGetKnownFolderPath)
GetProcAddress(hndl_shell32, "SHGetKnownFolderPath");
if(pSHGetKnownFolderPath != NULL)
{
if (SUCCEEDED(pSHGetKnownFolderPath(
FOLDERID_Profile,
0,
NULL,
&user_dir)))
{
//I think this is the problem here
strcat((char *)user_dir,"\\test.exe");
test7 = (LPCWSTR)user_dir;
MessageBox(NULL,test7,L"WR test file",MB_OK);
}
}
else
{
fprintf(stderr, "Failed to locate function: %d\n",
GetLastError());
}
}
else
{
fprintf(stderr, "Failed to load shell32.dll: %d\n", GetLastError());
}
Too many errors here. You cannot strcat on pointer filled by SHGetKnownFolderPath. Assuming that all variables are Unicode, this should work with project with any character set:
LPWSTR test7 = 0;
WCHAR user_dir[MAX_PATH];
...
SHGetKnownFolderPath(... &test7);
...
wcscpy(user_dir, test7);
wcscat(user_dir, L"\\test.exe");
MessageBoxW(NULL,test7,L"WR test file",MB_OK);
Don't forget to release the pointer test7 filled by SHGetKnownFolderPath.
This shows the basic way to complete your task; you'll need to adapt it for your needs.
#include <ShlObj.h>
#include <strsafe.h>
void ShowTestPath()
{
PWCHAR user_dir = NULL;
WCHAR test_file_path[MAX_PATH];
if (FAILED(SHGetKnownFolderPath(FOLDERID_Profile, 0, NULL, &user_dir)))
return;
if (FAILED(StringCchCopyW(test_file_path, MAX_PATH, user_dir)))
{
CoTaskMemFree(user_dir);
return;
}
CoTaskMemFree(user_dir);
if (FAILED(StringCchCatW(test_file_path, MAX_PATH, L"\\test.exe")))
return;
MessageBoxW(NULL, test_file_path, L"WR test file", MB_OK);
}

Why does my function gives me "Stack around the variable 'url' was corrupted." error?

I have a function which should download me a website from a string given in argument (exacly string is an end of url). It's throwing me failure
Stack around the variable 'url' was corrupted.
My code:
void download_wordnik(string word) {
string s1 = word;
std::wstring w_word_Tmp1(s1.begin(), s1.end());
wstring w_word1 = w_word_Tmp1;
std::wstring stemp1 = std::wstring(s1.begin(), s1.end());
LPCWSTR sw1 = stemp1.c_str();
TCHAR url[] = TEXT("https://www.wordnik.com/words");
wsprintf(url, TEXT("%s\/%s\/"), url, sw1);
LPCWSTR sw2 = stemp1.c_str();
TCHAR path[MAX_PATH];
GetCurrentDirectory(MAX_PATH, path);
wsprintf(path, TEXT("%s\\wordnik\\%s\.txt"), path, sw2);
HRESULT res = URLDownloadToFile(NULL, url, path, 0, NULL);
// Checking download
if(res == S_OK) {
printf("Ok\n");
} else if(res == E_OUTOFMEMORY) {
printf("Buffer length invalid, or insufficient memory\n");
} else if(res == INET_E_DOWNLOAD_FAILURE) {
printf("URL is invalid\n");
} else {
printf("Other error: %d\n", res);
}
}
I'm using this includes
#include <iostream>
#include <fstream>
#include <string>
#include <vector>
#include <Urlmon.h>
#include <regex>
#pragma comment(lib, "urlmon.lib")
using namespace std;
Probably because you're copying on url more than its capacity which leads to undefined behaviour:
TCHAR url[] = TEXT("https://www.wordnik.com/words");// The size is `30` but ...
wsprintf(url, TEXT("%s\/%s\/"), url, sw1);// It copies more than `30` characters.
Use std::wstring ways and don't mess with xprintf methods and fixed sized arrays. I'm not familiar with TCHAR or TEXT (Windows things), but you can do something like this:
std::wstring url;
url = std::wstring(TEXT("https://www.wordnik.com/words/")) + sw1 + TEXT("/");
You're writing outside the bounds of url when you wsprintf into it.
Instead do (for general formatting)
std::wostringstream urlstream;
urlstream << TEXT("https://www.wordnik.com/words/") << sw1 << TEXT("/");
std::wstring url = urlstream.str();
or (simpler)
std::wstring url = std::wstring(TEXT("https://www.wordnik.com/words/")) + sw1 + TEXT("/");
You're copying variables around quite a lot - as far as I can tell, you can cut your code down to this:
std::wstring w_word(word.begin(), word.end());
std::wstring url = std::wstring(TEXT("https://www.wordnik.com/words/")) + w_word + TEXT("/");
TCHAR currentpath[MAX_PATH];
GetCurrentDirectory(MAX_PATH, currentpath);
std::wstring path = std::wstring(currentpath) + TEXT("\\wordnik\\") + w_word + TEXT(".txt");
HRESULT res = URLDownloadToFile(NULL, url.c_str(), path.c_str(), 0, NULL);

MsiViewFetch "SELECT * FROM `Property`" is successful, but returns "Incorrect function." in C++

I want to read the Propery table of an msi-file.
The table is shown correclty.
This is the call and (part of the) output:
>ReadMsiProperties.exe evince-2.32.0.145.msi
(MsiOpenDatabase The operation completed successfully.)
(MsiViewFetch Incorrect function.) WixAppFolder = WixPerUserFolder
(MsiViewFetch Incorrect function.) WixUIRMOption = UseRM
(MsiViewFetch Incorrect function.) WIXUI_INSTALLDIR = APPLICATIONFOLDER
(MsiViewFetch Incorrect function.) ALLUSERS = 2
MsiViewFetch is succesfull but returns "Incorrect function."
This is error code 1 (ERROR_INVALID_FUNCTION) from winerror.h
I assume I miss something and would not like to ignore the error.
I have tried to debug, but it seems I cannot debug into MsiViewFetch.
Does someone have a hint?
Thank you,
Markus
This is the code:
// Requirements: Add Msi.lib to "Resource Files"
#include "stdafx.h"
#include <windows.h>
#include <msi.h>
#include <msiquery.h>
MSIHANDLE hDB;
MSIHANDLE hViewSELECT;
MSIHANDLE hRecord;
TCHAR svPropname[256];
TCHAR svPropvalue[256];
DWORD nBuffer;
UINT errorI;
_TCHAR errorM[256];
void errorCode2char (UINT error, _TCHAR *buf) {
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, 256, NULL);
// chop \r\n
if (buf[_tcslen(buf)-1] = '\n') buf[_tcslen(buf)-1] = '\0';
if (buf[_tcslen(buf)-1] = '\r') buf[_tcslen(buf)-1] = '\0';
}
void _tmain(int argc, _TCHAR* argv[]) {
errorI = MsiOpenDatabase(argv[1], MSIDBOPEN_READONLY, &hDB);
errorCode2char(errorI, errorM);
printf("(MsiOpenDatabase %S)\n", errorM);
if (errorI != ERROR_SUCCESS) return;
MsiDatabaseOpenView(hDB, _T("SELECT `Property`, `Value` FROM `Property`"), &hViewSELECT);
MsiViewExecute(hViewSELECT, NULL);
while (errorI = MsiViewFetch (hViewSELECT, &hRecord) != ERROR_NO_MORE_ITEMS) { // *errorI <-- Incorrect function.
errorCode2char(errorI, errorM);
nBuffer = (DWORD)256; MsiRecordGetString(hRecord, 1, svPropname, &nBuffer);
nBuffer = (DWORD)256; MsiRecordGetString(hRecord, 2, svPropvalue, &nBuffer);
printf("(MsiViewFetch %S) %S = %S\n", errorM, svPropname, svPropvalue);
}
MsiViewClose(hViewSELECT);
MsiDatabaseCommit(hDB);
MsiCloseHandle(hViewSELECT);
MsiCloseHandle(hDB);
}
A coding mistakes distorts the return code of MsiViewFetch, which undistorted is 0 (for ERROR_SUCCESS).
In c++, comparison (!=) has precedence over direct assignment (=).
Therefore, a statement
while (a = b != c)
is interpreted as
while (a = (b != c))
Which is not my intention.
The program is corrected by inserting brackets
while ((a = b) != c)
explicetely
while ((errorI = MsiViewFetch(hView, &hRecord)) != ERROR_NO_MORE_ITEMS)