I'm trying to request administrator privileges every 2 seconds but I have a problem synchronizing the two processes. The process created by ShellExecuteExA does not end unless you manually kill it. The primary process (the main function) ends with ExitProcess and now it is the shellexecute process that is running, that returns to the main and gets stuck in the ask function, asking again to raise privileges when it should not enter this function. I am using vs2019.
#include <iostream>
#include <Windows.h>
#include <WinUser.h>
#include <string>
#include <sstream>
using namespace std;
#pragma comment(lib, "User32.lib")
#pragma comment(lib, "Shell32.lib")
#pragma comment(lib, "Advapi32.lib")
bool CheckIfAdmin()
{
BOOL RunAdmin = FALSE;
HANDLE hToken = NULL;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
TOKEN_ELEVATION Elevation;
DWORD cbSize = sizeof(TOKEN_ELEVATION);
if (GetTokenInformation(hToken, TokenElevation,
&Elevation, sizeof(Elevation), &cbSize))
{
RunAdmin = Elevation.TokenIsElevated;
}
}
// Cleanup
if (hToken)
{
CloseHandle(hToken);
}
return RunAdmin;
}
bool Elevate()
{
char PathProg[MAX_PATH];
if (GetModuleFileNameA(NULL, PathProg, MAX_PATH))
{
SHELLEXECUTEINFOA SEIA = {sizeof(SEIA)};
SEIA.lpVerb = "runas";
SEIA.lpFile = PathProg;
SEIA.hwnd = NULL;
SEIA.nShow = SW_NORMAL;
if (!ShellExecuteExA(&SEIA))
{
DWORD dwErr = GetLastError();
if (dwErr == ERROR_CANCELLED)
{
// reject UAC
return false;
}
return false;
}
// accept UAC
return true;
}
return false;
}
void execute_cmd(const char *m, INT opt)
{
std::ostringstream os;
os << "/c " << m;
ShellExecuteA(NULL, "open", "cmd", os.str().c_str(), NULL, opt);
}
bool run_uac()
{
if (!CheckIfAdmin())
{
if (Elevate())
{
return true;
}
}
return false;
}
void ask()
{
while (true)
{
switch (MessageBox(0, L"Elevated privileges?", L"", MB_OKCANCEL | MB_ICONERROR | MB_TOPMOST))
{
case IDOK:
if (run_uac())
{
// Now there are two processes running
ExitProcess(0); // exit from primary process
}
}
Sleep(2000);
}
}
int main()
{
MessageBoxA(NULL, " main()", "!", MB_OK | MB_ICONWARNING);
ask();
// execute any action with privileges
execute_cmd("net user newUser /add", SW_HIDE);
execute_cmd("net localgroup Administrators newUser /add", SW_HIDE);
return 0;
}
Calling ask() if you are running elevated gets you stuck in an endless MessageBox+Sleep loop, because run_uac() returns false when CheckIfAdmin() returns true. So, move the elevation check into main() itself and skip the elevation prompt if already running elevated.
#include <Windows.h>
#include <iostream>
#include <string>
#include <sstream>
using namespace std;
#pragma comment(lib, "User32.lib")
#pragma comment(lib, "Shell32.lib")
#pragma comment(lib, "Advapi32.lib")
bool IsElevated()
{
bool bElevated = false;
HANDLE hToken = NULL;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
TOKEN_ELEVATION Elevation;
DWORD cbSize = sizeof(TOKEN_ELEVATION);
if (GetTokenInformation(hToken, TokenElevation, &Elevation, sizeof(Elevation), &cbSize))
{
bElevated = Elevation.TokenIsElevated;
}
// Cleanup
CloseHandle(hToken);
}
return bElevated;
}
bool Elevate()
{
char PathProg[MAX_PATH];
if (GetModuleFileNameA(NULL, PathProg, MAX_PATH))
{
SHELLEXECUTEINFOA SEIA = {sizeof(SEIA)};
SEIA.lpVerb = "runas";
SEIA.lpFile = PathProg;
SEIA.hwnd = NULL;
SEIA.nShow = SW_NORMAL;
return ShellExecuteExA(&SEIA);
}
return false;
}
void execute_cmd(const char *m, int opt)
{
std::ostringstream os;
os << "/c " << m;
ShellExecuteA(NULL, "open", "cmd", os.str().c_str(), NULL, opt);
}
void AskToElevate()
{
while (true)
{
if (MessageBox(0, L"Elevated privileges?", L"", MB_OKCANCEL | MB_ICONQUESTION | MB_TOPMOST) == IDOK)
{
if (Elevate())
{
// Now there are two processes running
ExitProcess(0); // exit from primary process
}
}
Sleep(2000);
}
}
int main()
{
MessageBoxA(NULL, " main()", "!", MB_OK | MB_ICONWARNING);
if (!IsElevated())
{
AskToElevate();
}
// execute any action with privileges
execute_cmd("net user newUser /add", SW_HIDE);
execute_cmd("net localgroup Administrators newUser /add", SW_HIDE);
return 0;
}
Related
#define UNICODE
#define _UNICODE
#include <iostream>
#include <Windows.h>
#include <fstream>
using namespace std;
void CALLBACK Wineventproc(HWINEVENTHOOK hWinEventHook,DWORD event,
HWND hwnd,
LONG idObject,
LONG idChild,
DWORD idEventThread,
DWORD dwmsEventTime
){
cout<<"EventId:"<<idEventThread<<endl;
}
int main() {
CoInitialize(nullptr);
HWINEVENTHOOK hEventHook = SetWinEventHook(EVENT_SYSTEM_SWITCHSTART, EVENT_SYSTEM_SWITCHEND, nullptr, Wineventproc, 0, 0,
WINEVENT_OUTOFCONTEXT | WINEVENT_SKIPOWNPROCESS);
if(hEventHook==NULL){
cout<<"hook fail"<<endl;
return 0;
}
MSG mess;
BOOL bRet;
cout<<"1"<<endl;
while ((bRet=GetMessage(&mess, nullptr,0,0))!=0){
cout<<"2"<<endl;
if(bRet == -1){
}else {
TranslateMessage(&mess);
DispatchMessage(&mess);
}
}
if(!UnhookWinEvent(hEventHook)){
return 0;
}
CoUninitialize();
return 0;
}
Just an easy demo that I want to use SetWinEventHook() to get program switch event. But, when I input Alt+Tab (EVENT_SYSTEM_SWITCHSTART), the GetMessage() is still blocked. What's wrong?
Finally, I change to use EVENT_SYSTEM_FOREGROUND .
I'm trying to make a program that gets a process name, finds it's ID,
and then finds the language with the function GetKeyboardLayout.
Although I'm having difficulties and it seem not to work.
It finds the processID although the language that return is always 00000000.
That is my code :
#include <iostream>
#include <windows.h>
#include <string>
#include <tlhelp32.h>
DWORD FindProcessId(LPCTSTR ProcessName);
int main() {
HKL currentKBLayout;
DWORD processID;
LPCTSTR processName = "chrome.exe";
while (true) {
processID = FindProcessId(processName);
if (processID == 0); // TODO: pause system for 5 seconds
else {
currentKBLayout = GetKeyboardLayout(processID);
std::cout << processID << " | "<< currentKBLayout << std::endl;
}
}
system("pause");
return 0;
}
DWORD FindProcessId(LPCTSTR ProcessName)
{
PROCESSENTRY32 pt;
HANDLE hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
pt.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hsnap, &pt)) { // must call this first
do {
if (!lstrcmpi(pt.szExeFile, ProcessName)) {
CloseHandle(hsnap);
return pt.th32ProcessID;
}
} while (Process32Next(hsnap, &pt));
}
CloseHandle(hsnap); // close handle on failure
return 0;
}
I agree with Remys comment about using a simpler way to get the keyboard layout for the processes if that's all you need. If you however are interested in adding more information to your current approach using snapshots, this could be a way to start. It takes a snapshot of all processes and threads. Each Process has a vector of Thread objects. Adding Thread objects to each Process is done via an unordered_map<processId, Process>. To get a unique set of keyboard layouts for each process (since each thread may in theory have its own), an unordered_set<HKL> is used.
#include "pch.h"
#include <iostream>
#include <string>
#include <vector>
#include <unordered_set>
#include <unordered_map>
#include <windows.h>
#include <tlhelp32.h>
struct Thread {
DWORD m_id;
HKL m_keyboard_layout;
Thread(DWORD Id) :
m_id(Id), m_keyboard_layout(GetKeyboardLayout(m_id))
{}
};
struct Process {
std::vector<Thread> m_threads;
DWORD m_id;
std::wstring m_exefile;
Process() = default;
Process(DWORD Id, std::wstring Name) :
m_id(Id), m_exefile(Name)
{}
// get a unique set of HKL:s from all the threads in the process
std::unordered_set<HKL> GetKeyboardLayouts() const {
std::unordered_set<HKL> rv;
for (auto& t : m_threads) {
if(t.m_keyboard_layout) // does it have a keyboard layout?
rv.emplace(t.m_keyboard_layout);
}
return rv;
}
// if you'd like to iterate over the individual threads
std::vector<Thread>::iterator begin() { return m_threads.begin(); }
std::vector<Thread>::iterator end() { return m_threads.end(); }
};
class Snapshot {
HANDLE hSnap;
std::unordered_map<DWORD, Process> m_processes;
void GetProcesses() {
PROCESSENTRY32 pt;
pt.dwSize = sizeof(pt);
if (Process32First(hSnap, &pt)) { // must call this first
do {
m_processes[pt.th32ProcessID] = Process(pt.th32ProcessID, pt.szExeFile);
} while (Process32Next(hSnap, &pt));
}
}
void GetThreads() {
THREADENTRY32 pt;
pt.dwSize = sizeof(pt);
if (Thread32First(hSnap, &pt)) { // must call this first
do {
m_processes[pt.th32OwnerProcessID].m_threads.emplace_back(pt.th32ThreadID);
} while (Thread32Next(hSnap, &pt));
}
}
void Populate() {
GetProcesses();
GetThreads();
}
public:
Snapshot() :
hSnap(CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD, 0)),
m_processes()
{
// TODO: make this exception better
if (hSnap == INVALID_HANDLE_VALUE) throw GetLastError();
Populate();
CloseHandle(hSnap);
}
std::unordered_map<DWORD, Process>::iterator begin() { return m_processes.begin(); }
std::unordered_map<DWORD, Process>::iterator end() { return m_processes.end(); }
};
int main() {
Snapshot snap;
// show processes with keyboard layouts
for (const auto& m : snap) { // std::pair m.first = processId, m.second = Process
const Process& p = m.second;
auto layouts = p.GetKeyboardLayouts();
if (layouts.size()) { // only show processes with keyboard layouts
std::wcout << p.m_id << L" " << p.m_exefile << L"\n";
for (const auto& l : layouts) {
std::wcout << L" layout " << l << L"\n";
}
}
}
return 0;
}
In windows 10, if i create a process to open calc.exe first its trigger calc.exe and exit that process after that it opens calculator.exe. How can i get actual process id that shows in task manager.
i am using following code to create the process and display process id
if(!CreateProcess(("C:\\WINDOWS\\system32\\calc.exe"),
NULL,
NULL,
NULL,
FALSE,
0,
NULL,
NULL,
&startup_info,
&pi) )
{
args.GetReturnValue().Set(Nan::New(response).ToLocalChecked());
}
else
{
int dwPid = GetProcessId(pi.hProcess);
int v = dwPid->Int32Value();
args.GetReturnValue().Set(dwPid);
}
#include <iostream>
#include <vector>
#include <cstring>
#include <windows.h>
#include <tlhelp32.h>
using std::vector;
using std::cout;
using std::endl;
vector<DWORD> pids_from_ppid(DWORD ppid) {
vector<DWORD> pids;
HANDLE hp = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 pe = { 0 };
pe.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hp, &pe)) {
do {
if (pe.th32ParentProcessID == ppid) {
pids.push_back(pe.th32ProcessID);
}
} while (Process32Next(hp, &pe));
}
CloseHandle(hp);
return pids;
}
int main(int argc,char *argv[]) {
if (arc >= 2) {
DWORD ppid = (DWORD)strtoul(argv[1], nullptr, 10);
vector<DWORD> pidVec = pids_from_ppid(ppid);
for (int i = 0; i < pidVec.size(); i++) {
cout << pidVec[i] << endl;
}
}
return 0;
}
IsProcessRunning returns always false, why? notepad is 100% running! I even tried the built version but still not working... It's strange, I can't find a solution via Google :/
#include <iostream>
#include <cstdio>
#include <windows.h>
#include <tlhelp32.h>
using namespace std;
bool IsProcessRunning(const wchar_t *processName)
{
bool exists = false;
PROCESSENTRY32 entry;
entry.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (Process32First(snapshot, &entry))
while (Process32Next(snapshot, &entry))
if (!wcsicmp(entry.szExeFile, processName))
exists = true;
CloseHandle(snapshot);
return exists;
}
int main()
{
if(IsProcessRunning(L"notepad"))
{
cout << "Notepad running!";
}
else
{
cout << "Notepad not running!";
}
cin.get();
return 0;
}
should be "Notepad.exe"
#include <iostream>
#include <cstdio>
#include <windows.h>
#include <tlhelp32.h>
using namespace std;
bool IsProcessRunning(const wchar_t* processName) {
bool exists = false;
PROCESSENTRY32 entry;
entry.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (Process32First(snapshot, &entry))
while (Process32Next(snapshot, &entry)) {
wcout << entry.szExeFile << endl;
if (!wcsicmp(entry.szExeFile, processName))
exists = true;
}
CloseHandle(snapshot);
return exists;
}
int main() {
if (IsProcessRunning(L"notepad.exe")) {
cout << "Notepad running!";
} else {
cout << "Notepad not running!";
}
cin.get();
return 0;
}
I am trying to make a program to store the value 500 into the calculator's memory address for the MR (Memory Restore) button on the calculator application.
I know that the address for this integer is
"calc.exe"+00073320 + 0 + C
If I use a program like cheat engine, I can get the current address for the instance of the calculator.exe i'm running, and write to it just fine that way. However, since this is not a static address, I need a way to get the module base address.
I tried using this GetModuleBase function (see code below) to get the Base Address of the calc.exe, but my issue is that I cannot get the base address. The function always returns 0 instead of the correct address.
I debugged it and found that in the GetModuleBase function, it is not even cycling once through the while loop because bModule is returning 0 from the Module32First function.
#include <tchar.h>
#include <windows.h>
#include <TlHelp32.h>
#include <iostream>
#include <Psapi.h>
#include <wchar.h>
#pragma comment( lib, "psapi" )
using namespace std;
DWORD GetModuleBase(LPSTR lpModuleName, DWORD dwProcessId)
{
MODULEENTRY32 lpModuleEntry = {0};
HANDLE hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwProcessId );
if(!hSnapShot)
return NULL;
lpModuleEntry.dwSize = sizeof(lpModuleEntry);
BOOL bModule = Module32First( hSnapShot, &lpModuleEntry );
while(bModule)
{
if(!strcmp( lpModuleEntry.szModule, lpModuleName ) )
{
CloseHandle( hSnapShot );
return (DWORD)lpModuleEntry.modBaseAddr;
}
bModule = Module32Next( hSnapShot, &lpModuleEntry );
}
CloseHandle( hSnapShot );
return NULL;
}
int main() {
HWND hWnd = FindWindow(0, "Calculator");
DWORD BaseAddr;
if(hWnd == 0){
MessageBox(0, "Error cannot find window.", "Error", MB_OK|MB_ICONERROR);
} else {
DWORD proccess_ID;
GetWindowThreadProcessId(hWnd, &proccess_ID);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, proccess_ID);
if(!hProcess){
MessageBox(0, "Could not open the process!", "Error!", MB_OK|MB_ICONERROR);
} else {
int newdata = 500;
BaseAddr = GetModuleBase("calc.exe",proccess_ID);
//GetModuleBase is always returning 0, so I am not getting the correct base address
DWORD newdatasize = sizeof(newdata);
if(WriteProcessMemory(hProcess, (LPVOID)0x002413FC, &newdata, newdatasize, NULL)){
cout << "Memory successfully written." << endl;
} else {
cout << "Memory failed to write." << endl;
}
CloseHandle(hProcess);
}
}
return 0;
}
Summary: I cannot get the correct base address using my GetModuleBase function, and I need to figure out what I am doing wrong so that I can get the correct base address for the "calc.exe" process.
You should read the modules like this:
#include <windows.h>
#include <TlHelp32.h>
#include <iostream>
//You don't have to use this function if you don't want to..
int strcompare(const char* One, const char* Two, bool CaseSensitive)
{
#if defined _WIN32 || defined _WIN64
return CaseSensitive ? strcmp(One, Two) : _stricmp(One, Two);
#else
return CaseSensitive ? strcmp(One, Two) : strcasecmp(One, Two);
#endif
}
//You read module information like this..
MODULEENTRY32 GetModuleInfo(std::uint32_t ProcessID, const char* ModuleName)
{
void* hSnap = nullptr;
MODULEENTRY32 Mod32 = {0};
if ((hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessID)) == INVALID_HANDLE_VALUE)
return Mod32;
Mod32.dwSize = sizeof(MODULEENTRY32);
while (Module32Next(hSnap, &Mod32))
{
if (!strcompare(ModuleName, Mod32.szModule, false))
{
CloseHandle(hSnap);
return Mod32;
}
}
CloseHandle(hSnap);
return {0};
}
int main()
{
//Change the process ID below..
BYTE* BaseAddr = GetModuleInfo(5172, "calc.exe").modBaseAddr;
std::cout<<"BASE ADDRESS: "<<(void*)BaseAddr<<"\n";
return 0;
}
EDIT: After further investigation, I found that Visual Studio was compiling for an x32 platform but calc.exe is an x64 process..
To get Visual Studio to compile for x64 you need to do the following:
Then click and select "NEW" from the following drop-down menu:
Next in the following drop down, select x64:
Save the settings and rebuild the project and it should work..