I am writing a CLR profiler using the ICorProfilerInfo interface.
When using SetEnterLeaveFunctionHooks, the callback methods are passed a FunctionID.
How do I get the metadata (I am after the name in particular), of a function given this FunctionID?
An MSDN article suggests that the first call should be to GetFunctionInfo. The documentation for this function states:
The profiler code can call ICorProfilerInfo::GetModuleMetaData to obtain a metadata interface for a given module. The metadata token that is returned to the location referenced by pToken can then be used to access the metadata for the function.
It does not elaborate on the last sentence ('the metadata token ... can be used to access metadata for the function').
How does this work?
So far, I am doing the following:
void MyProfiler::EnterMethod(FunctionID functionID)
{
ClassID classId = 0;
ModuleID moduleId = 0;
mdToken metaDataToken = 0;
IMetaDataImport* metaDataImport = NULL;
// (m_info is ICorProfilerInfo3)
m_info->GetFunctionInfo(functionID, &classId, &moduleId, &metaDataToken);
m_info->GetModuleMetaData(moduleId, ofRead, IID_IMetaDataImport, (IUnknown**)&metaDataImport);
// What goes here?
}
I have tried to call GetTypeRefProps like this:
mdToken ptkResolutionScope;
WCHAR szName[1024];
ULONG cchName = 1024;
ULONG pchName;
HRESULT result = MetaDataImport->GetTypeRefProps(pToken, &ptkResolutionScope, szName, cchName, &pchName);
The final call returns S_FALSE, and does not populate szName.
GetTypeRefProps is only applicable when your token is a TypeRef token, GetFunctionInfo will give you a MethodDef token which requires you to use the GetMethodProps method.
metaDataImport->GetMethodProps(metaDataToken, NULL, szName, cchName, &pchName, NULL, NULL, NULL, NULL, NULL);
Related
I am writing FIDO2 C++ based application using WebAuthn.dll for "YUBIKEY 5 NFC" (External authenticator) using the following WebAuthN APIs of Microsoft from the
https://github.com/microsoft/webauthn/blob/master/webauthn.h
I'm trying to Authenticate with the api WebAuthNAuthenticatorGetAssertion(). I get the error "The parameter is incorrect"
HWND hWnd = GetForegroundWindow();
LPCWSTR pwszRpId = nullptr;
std::string sClientData64 = {"type":"webauthn.get","challenge":"<< base64 Encoded
challenge","crossOrigin":true};
WEBAUTHN_CLIENT_DATA oClientData_in = { WEBAUTHN_CLIENT_DATA_CURRENT_VERSION,
static_cast<DWORD>(sClientData64.length()),
(PBYTE)(sClientData64.data()),
WEBAUTHN_HASH_ALGORITHM_SHA_256
};
WEBAUTHN_CREDENTIAL_EX webCredEx = { WEBAUTHN_CREDENTIAL_EX_CURRENT_VERSION,
static_cast<DWORD>(CredentialId.length()),
((BYTE*)(CredentialId.c_str())),
WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY,
WEBAUTHN_CTAP_TRANSPORT_USB
};
WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS webAuthNGetAssertionOptions = {
WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION, // version
timeOut, // time in milliseconds
{0, NULL}, //WEBAUTHN_CREDENTIALS
{0, NULL}, //WEBAUTHN_EXTENSIONS
WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY, // for Platform (Windows Hello) vs
Cross platform authenticator (Yubikey)
WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY, // user Verification
Required (preferred)
0, // dwFlags
NULL, // as json data received it is null
nullptr, //(FALSE) this is a pointer
NULL, // pCancellationId
pAllowCredentialList // dwversion = 4) allowlist is not null
};
WEBAUTHN_ASSERTION* pWebAuthNAssertion = nullptr; // this is an output parameter,
// on calling, I get a dialog popup saying " The parameter is incorrect."
hResult = WebAuthNAuthenticatorGetAssertion(hWnd, pwszRpId &oClientData_in,
&webAuthNAssertionOptions, &pWebAuthNAssertion);
Please let me know, if any thing has to added in my code.
My guess is pAllowCredentialList in the webAuthNGetAssertionOptions is the culprit. Does it work with NULL instead?
I have a similar very simple sample at https://github.com/aseigler/HelloSample/blob/master/hello/hello.cpp that worked last time I checked.
I'm trying to get service name from display name using winapi function GetServiceKeyName in C++ with the following code:
SC_HANDLE hSCManager = OpenSCManager(NULL,
NULL, // service control manager database
SC_MANAGER_CONNECT | SC_MANAGER_ENUMERATE_SERVICE |SC_MANAGER_QUERY_LOCK_STATUS | STANDARD_RIGHTS_READ);
LPTSTR lpServiceName;
LPCTSTR lpDisplayName = L"My service";
DWORD dwSizeNeeded = sizeof(lpDisplayName);
GetServiceKeyName(hSCManager, lpDisplayName, lpServiceName, &dwSizeNeeded);
After finish, dwSizeNeeded have 15 as value and lpServiceName have "". Where I'm wrong calling to this function? Need any special right here? The inconvenience here is that this app doesn't have admin rights so I cannot (I guess) set SC_MANAGER_ALL_ACCESS. Of course, My service is up and running in system, so I have not bad display name.
Two lines needs to be modified:
...
TCHAR lpServiceName[512];
DWORD dwSizeNeeded = sizeof lpServcieName / sizeof lpServiceName[0]; // Number of elements in buffer
...
You should also see what GetServiceKeyName returns as that is the signal if it has succeeded or not. Checking the string is only valid if GetServiceKeyName returns TRUE.
I was tring to use SymEnumSourceFiles to get the file name within the debugging module.But the file name as a parameter in the callback function seems incomplete. e.g. A file named"c:\program files\test\test.cpp" only showed "c:\program fi" in the FileName part of the PSOURCEFILE type parameter, and that's very wired.
Here is my code:
struct foo
{
static BOOL CALLBACK run( PSOURCEFILE pSourceFile, PVOID UserContext)
{
static TCHAR szFileName[MAX_PATH] = _T("");
if (_tcscmp(szFileName, pSourceFile->FileName))
{
_tcscpy(szFileName, pSourceFile->FileName);
}
return TRUE;
}
};
HANDLE hCurrentProcess = GetCurrentProcess();
SymInitialize(hCurrentProcess, NULL, FALSE);
DWORD64 BaseOfDll = SymLoadModule64(hCurrentProcess,
NULL,
(LPCSTR)_bstr_t(lpszFile),
NULL,0,0);
if(!SymEnumSourceFiles(hCurrentProcess, BaseOfDll, NULL, foo::run, (PVOID)pCallBack))
{
ATLTRACE(_T(__FUNCTION__) _T(" error:0x%x\n"), GetLastError());
}
SymUnloadModule64(hCurrentProcess, BaseOfDll);
SymCleanup(hCurrentProcess);
Can anyone tell me where I go wrong please?
PS. When I simply replace SymEnumSourceFiles with SymEnumLines and change the callback function, the file name I got is correct.
There used to be a bug with SymEnumSymbols where symbol name was not zero terminated, maybe this one is related. Try zeroing out the filename after copying it (pSourceFile->FileName[0] = 0;).
Try ANSI version of SymEnumSourceFiles. There seems to be a bug in SymEnumSourceFilesW function.
The first two lines of this code showing file name excluding device name like /Document/temp but I want
to show also device name like L"\Device\Harddisk0\DR0\Document\temp. I am using this code to call ObQueryNameString routine but it is showing NULL.
Please tell me what is wrong with code. I think memory is not allocating
properly.
PFILE_OBJECT pFileObject = IoGetCurrentIrpStackLocation(Irp)->FileObject;
if (pFileObject)
{
DbgPrint("FileName : %wZ\n", pFileObject->FileName);
}
NTSTATUS status = STATUS_UNSUCCESSFUL;
OBJECT_NAME_INFORMATION objName = {0};
ULONG ReturnLength = 1024;
ObQueryNameString(DeviceObject, objName, sizeof(objName), ReturnLength);
DbgPrint("FileName : %wZ\n", &objName);
Have you considered using GetFullPathName function?
Refer to http://msdn.microsoft.com/en-us/library/aa364963%28VS.85%29.aspx for more accurate explanation what it does.
Ho can i get user account name, that ran the process with specified id. Is there any api function for this?
I am using windows,c++.
There is not an API function that does this directly, however you can combine a few API calls to do this. Of course your program will need to satisfy any ACLs that are applied to the process that you are interested in examining.
First, given the process ID, you'll need to open a handle to the process. You can use OpenProcess for that, requesting the PROCESS_QUERY_INFORMATION access right.
Once you have that handle, you can call OpenProcessToken, requesting the TOKEN_QUERY access right.
Finally, you can then call GetTokenInformation, requesting the TokenUser information class, which will give you the user account of the token. This information is provided to you in the form of a SID. To convert the SID to the actual name of the account, you can call LookupAccountSid.
Don't forget to call CloseHandle on both the process handle and the token handle once you're finished with them.
And this is function using Aaron Klotz algorithm:
public static string GetProcessOwnerByID(int processId)
{
IntPtr processHandle = IntPtr.Zero;
IntPtr tokenHandle = IntPtr.Zero;
try
{
processHandle = OpenProcess(PROCESS_QUERY_INFORMATION, false, processId);
if (processHandle == IntPtr.Zero)
return "NO ACCESS";
OpenProcessToken(processHandle, TOKEN_QUERY, out tokenHandle);
using (WindowsIdentity wi = new WindowsIdentity(tokenHandle))
{
string user = wi.Name;
return user.Contains(#"\") ? user.Substring(user.IndexOf(#"\") + 1) : user;
}
}
finally
{
if (tokenHandle != IntPtr.Zero) CloseHandle(tokenHandle);
if (processHandle != IntPtr.Zero) CloseHandle(processHandle);
}
}
Whole function (with constants) can be found on GitHub gist