Duplicate Windows Handle of a local process - c++

Use Case
I have a 64 bit server process which through IPC (COM+ RPC) gains access to the PID of a 32 bit Client Process. The Server Process Creates a new Window with a parent Window Handler. I need to display the New Window inside the Client's Window instead of a standalone popup on top of the Desktop Window.
Process Adopted
In order to Display the New Window on the parent Window, I first tried to
Get the Handle to the Top Window
Duplicate the Window Handle using DuplicateHandle
Create the new Window with the new Duplicate Window Handle
Code
In Order to Duplicate the Window Handle I adopted the following Code. Note this is not the actual code, but for brevity changed the non relevant parts. Also Note, the SetPriviledge Function was adopted from Enabling and Disabling Privileges in C++
bool Duplicate(HWND hWnd)
{
HANDLE pToken = NULL;
HANDLE hProcess = NULL;
HANDLE hDuplicateHandle = NULL;
DWORD pid = 0;
bool bReturn = true;
GetWindowThreadProcessId(hWnd, &pid);
if(!(hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid)))
{
std::cout<<"Cannot Open Process:"<<GetLastError()<<std::endl;
bReturn = false;
}
if(bReturn && !OpenProcessToken(
hProcess,
TOKEN_ALL_ACCESS,
&pToken ))
{
std::cout<<"Cannot Open Token:"<<GetLastError()<<std::endl;
bReturn = false;
}
//The SetPriviledge function was adopted from
//http://msdn.microsoft.com/en-us/library/windows/desktop/aa446619(v=vs.85).aspx
if (bReturn && !SetPrivilege(
pToken,
SE_DEBUG_NAME,
true ))
{
std::cout<<"Error Setting Priveledge:error"<<GetLastError()<<std::endl;
bReturn = false;
}
if(bReturn && !DuplicateHandle(
hProcess,
hWnd,
GetCurrentProcess(),
&hDuplicateHandle,
NULL,
NULL,
DUPLICATE_SAME_ACCESS))
{
std::cout<<"Error Duplicating Handle: "<<GetLastError()<<std::endl;
std::cout<<"Source Handle is "<<hWnd<<" And the Duplicate Handle is "<<hDuplicateHandle<<std::endl;
bReturn = false;
}
if (hProcess)
{
CloseHandle(hProcess);
}
return bReturn;
}
O/P From the Above Code
Error Duplicating Handle: 6
Source Handle is 00150C1C And the Duplicate Handle is 00000000
Press any key to continue . . .
i.e. The Code fails with Error Code 6: ERROR_INVALID_HANDLE
Goal
To Make the above code work so that I can Duplicate a Remote Windows handle of a Local Process. Alternatively, determine if the above is the correct process.

Related

How can I show a wait cursor from the moment I invoke the popup dialog until the dialog is visible to the user?

So, I want to display a CDialog to the user:
void CMeetingScheduleAssistantDlg::OnOptionsOutlookCalendarOptions()
{
COutlookCalendarSettingsDlg dlgSettings(this);
dlgSettings.DoModal();
}
Now, the popup dialogue (in OnInitDialog) runs a console application behind the scenes. This console application is communicating with Microsoft Graph.
As a result, it can take a few seconds for the dialog to display.
I execute the console application with this method:
bool CMeetingScheduleAssistantApp::ExecuteProgram(CString strCommand, DWORD& rExitCode)
{
PROCESS_INFORMATION processInformation = { nullptr };
STARTUPINFO startupInfo = { 0 };
int nStrBuffer;
BOOL bProcessResult, bExitCodeProcess;
bool bOK = false;
CWaitCursor wait;
SetProgramExecuting(true);
rExitCode = -1;
startupInfo.cb = sizeof(startupInfo);
nStrBuffer = strCommand.GetLength() + 50;
bProcessResult = CreateProcess(nullptr, strCommand.GetBuffer(nStrBuffer),
nullptr, nullptr, FALSE,
NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW,
nullptr, nullptr, &startupInfo, &processInformation);
strCommand.ReleaseBuffer();
if (!bProcessResult)
{
// CreateProcess() failed
// Get the error from the system
LPVOID lpMsgBuf;
DWORD dw = GetLastError();
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
nullptr, dw, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&lpMsgBuf, 0, nullptr);
// Display the error
CString strError = (LPTSTR)lpMsgBuf;
TRACE(_T("Authenticate failed at CreateProcess()\nCommand=%s\nMessage=%s\n\n"), strCommand, strError);
// Free resources created by the system
LocalFree(lpMsgBuf);
SetProgramExecuting(false);
// We failed.
return false;
}
else
{
// Successfully created the process. Wait for it to finish.
DWORD WaitResult;
do
{
WaitResult = MsgWaitForMultipleObjects(1,
// only 1 wait object
&processInformation.hProcess, // worker thread
FALSE, // stop if any
INFINITE, // no timeout
QS_ALLINPUT);
if (WaitResult == WAIT_OBJECT_0 + 1)
{
// Handle windows message
MSG Msg;
while (PeekMessage(&Msg, nullptr, 0, (UINT)-1, PM_REMOVE))
{
TRACE3("%d %d %d\n", Msg.message, Msg.wParam, Msg.lParam);
TranslateMessage(&Msg);
DispatchMessage(&Msg);
}
}
} while (WaitResult != WAIT_OBJECT_0);
ASSERT(WaitResult == WAIT_OBJECT_0);
// Get the exit code.
bExitCodeProcess = GetExitCodeProcess(processInformation.hProcess, &rExitCode);
// Close the handles.
CloseHandle(processInformation.hProcess);
CloseHandle(processInformation.hThread);
if (!bExitCodeProcess)
{
// Could not get exit code.
TRACE(_T("Executed command but couldn't get exit code.\nCommand=%s\n"), strCommand);
SetProgramExecuting(false);
return false;
}
SetProgramExecuting(false);
return true;
}
}
Inside OnInitDialog, just before the ExecuteProgram is called, I tried using:
CWaitCursor wait;
But it makes no difference. So how can I show a wait cursor from the moment I invoke the popup dialog until the dialog is visible to the user?
One solution could be to use Modeless Dialog. You can create a dialog which looks similar to wait cursor dialog.
You show that Modeless Dialog just before dlgSettings.DoModal(); statement in your code. Please use TOP_MOST while showing Modeless Dialog.
Finally, hide/close Modeless Dialog from OnInitDialog() once processing is over.
Another approach could be:
Add a public member of asCWaitCursor* m_pWaitCursor in COutlookCalendarSettingsDlg class. Now modify code as
void CMeetingScheduleAssistantDlg::OnOptionsOutlookCalendarOptions()
{
COutlookCalendarSettingsDlg dlgSettings(this);
dlgSettings->m_pWaitCursor = new CWaitCursor();
dlgSettings.DoModal();
}
Then modify OnInitDialog of COutlookCalendarSettingsDlg to delete instance of CWaitCursor before returning from it.
delete m_pWaitCursor;
Update
I thought I would add an update to this answer that applies in other situations. What you do is use a CPersistantWaitCursor instead. The article provides a little example:
#include "PersistentWaitCursor.h"
void CMyWnd::DoSomeLengthyOperation()
{
// Create and show the wait cursor
CPersistentWaitCursor waitCursor;
// Do some lengthy operation
...
// waitCursor goes out of scope and cursor is restored
}
BOOL CMyWnd::OnSetCursor(CWnd* pWnd, UINT nHitTest, UINT message)
{
if (CPersistentWaitCursor::WaitCursorShown())
{
// We are showing the wait cursor
RestoreWaitCursor();
return TRUE;
}
// Let the base class deal with this one
return CWnd::OnSetCursor(pWnd, nHitTest, message);
}
Look at the article for full details about how it works. But I can confirm that for some of my other lengthy actions this enhanced CPersistantWaitCursor did the trick.

C++ | Windows - Is there a way to find out which process has ownership of the locked file?

What I want to know is it possible to try an open a file (and when it fails because it's opened with another process with sharing off) to figure out which process is using said file?
The reason I am wanting to know this information is because I am making a little application that will "fix" malicious files.
For example, some malicious/adware etc set the file security descriptor so the user can't delete the file, etc. My application just resets the security descriptor allowing the user to regain control.
I have also seen a file open up its child process with for example (CreateFile) and have Shared Mode turned off so the file can't be touched, then the application would execute the childprocess from memory.
Yes, you can in general just use the openfiles command, after having enabled collection of this information via, it appears, openfiles /local on.
In Windows NT up to and including (it seems) Windows XP there was a similar Resource Kit command named oh, short for open handles.
An alternative to both is to use SysInternal's Process Explorer.
Note: In some cases openfiles will fail to list some handle. This happens for me when Windows refuses to unmount an USB disk, claiming that some process is using a file on that disk. No such process ever shows up.
I have developed a function to locate such process, kill it and delete the locked file.
bool ForceDeleteFile(LPWSTR FileName);
Here is the full source code:
bool KillFileProcess(LPWSTR FileName)
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
bool result = false;
// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
//printError(TEXT("CreateToolhelp32Snapshot (of processes)"));
return(FALSE);
}
// Set the size of the structure before using it.
pe32.dwSize = sizeof(PROCESSENTRY32);
// Retrieve information about the first process,
// and exit if unsuccessful
if (!Process32First(hProcessSnap, &pe32))
{
//printError(TEXT("Process32First")); // show cause of failure
CloseHandle(hProcessSnap); // clean the snapshot object
return(FALSE);
}
// Now walk the snapshot of processes, and
// display information about each process in turn
do
{
// Retrieve the priority class.
dwPriorityClass = 0;
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
if (hProcess == NULL)
{
//printError(TEXT("OpenProcess"));
}
else
{
dwPriorityClass = GetPriorityClass(hProcess);
if (!dwPriorityClass)
{
//printError(TEXT("GetPriorityClass"));
}
CloseHandle(hProcess);
if (HANDLE hProcess = ::OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pe32.th32ProcessID))
{
WCHAR filename[MAX_PATH] = {};
if (GetModuleFileNameEx(hProcess, NULL, filename, MAX_PATH))
{
if (_wcsicmp((const wchar_t *)FileName, (const wchar_t *)filename) == NULL)
{
if (TerminateProcess(pe32.th32ProcessID, 0))
{
_tprintf(L"Found: Process full killed\nKILLED!\n");
result = true;
}
else
{
_tprintf(L"Found: Process full \nFailed to terminate\n");
DoRun(((CString)L"taskkill /F /IM " + (CString)pe32.szExeFile).GetBuffer());
result = false;
}
}
}
else
{
// handle error
}
CloseHandle(hProcess);
}
}
} while (Process32Next(hProcessSnap, &pe32));
CloseHandle(hProcessSnap);
return(result);
}
bool ForceDeleteFile(LPWSTR FileName)
{
bool result = DeleteFile(FileName);
if (!result)
{
_tprintf(L"Can't delete file. using DeleteFile(). Trying to locate process and kill it\n");
result = KillFileProcess(FileName);
if (!result)
_tprintf(L"Couldn't find the process\n");
else
{
Sleep(1000);
result = DeleteFile(FileName);
if (result)
_tprintf(L"DeleteFile success");
else
_tprintf(L"DeleteFile ============== failed ===============");
}
}
return result;
}
BOOL TerminateProcess(DWORD dwProcessId, UINT uExitCode)
{
DWORD dwDesiredAccess = PROCESS_TERMINATE;
BOOL bInheritHandle = FALSE;
HANDLE hProcess = OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
if (hProcess == NULL)
return FALSE;
BOOL result = TerminateProcess(hProcess, uExitCode);
CloseHandle(hProcess);
return result;
}

CreateProcessAsUser generating error 5

I've tried mixing the code here and here to run an GUI exe from a service that was initialized through QtService, but whenever I run the code bellow I get an error 5 from the CreateProcessAsUser.
Also, I saw the answer to a similar question here on StackOverflow but couldn't figure out how the DACL is related with the problem, and can't use the answer by Harry Johnson because I wouldn't have the logon info from the users.
So, can someone help me understand why am I receiving the error 5 (Acess Denied) from the code below?
if(initUiWin())
log->write("InitUiWin executed.");
else {
QString errorNumber = QString::number(GetLastError());
log->write("InitUiWin error: " + errorNumber);
}
-
bool initUiWin()
{
// obtain the currently active session id; every logged on
// User in the system has a unique session id
uint dwSessionId = WTSGetActiveConsoleSessionId();
// obtain the process id of the winlogon process that
// is running within the currently active session
QString processName("winlogon.exe");
DWORD winlogonPID = FindProcessId(processName.toStdWString(),dwSessionId);
if( winlogonPID != 0 ) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, winlogonPID);
HANDLE hToken;
OpenProcessToken(hProcess,TOKEN_READ,&hToken);
// Security attibute structure used in DuplicateTokenEx and CreateProcessAsUser
SECURITY_ATTRIBUTES sa;
sa.nLength = static_cast<DWORD>(sizeof(SECURITY_ATTRIBUTES));
// copy the access token of the winlogon process;
// the newly created token will be a primary token
HANDLE hUserTokenDup;
if (!DuplicateTokenEx(hToken,MAXIMUM_ALLOWED,&sa,
SecurityIdentification,TokenPrimary,&hUserTokenDup)) {
CloseHandle(hProcess);
CloseHandle(hToken);
return false;
}
// Get Handle to the interactive window station
HWINSTA hwinsta = NULL;
hwinsta = OpenWindowStation(
_T(L"winsta0"), // the interactive window station
FALSE, // handle is not inheritable
READ_CONTROL | WRITE_DAC); // rights to read/write the DACL
if(hwinsta == NULL)
return false;
// To get the correct default desktop, set the caller's
// window station to the interactive window station.
if (!SetProcessWindowStation(hwinsta))
return false;
// Get a handle to the interactive desktop.
HDESK hdesk = NULL;
hdesk = OpenDesktop(
_T(L"default"), // the interactive window station
0, // no interaction with other desktop processes
FALSE, // handle is not inheritable
READ_CONTROL | // request the rights to read and write the DACL
WRITE_DAC |
DESKTOP_WRITEOBJECTS |
DESKTOP_READOBJECTS);
if(hdesk == NULL)
return false;
// Get the SID for the client's logon session.
PSID pSid = NULL;
if (!GetLogonSID(hUserTokenDup, &pSid))
return false;
// Allow logon SID full access to interactive window station.
if (!AddAceToWindowStation(hwinsta, pSid) )
return false;
// Allow logon SID full access to interactive desktop.
if (!AddAceToDesktop(hdesk, pSid) )
return false;
// Impersonate client to ensure access to executable file.
if (!ImpersonateLoggedOnUser(hUserTokenDup) )
return false;
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(STARTUPINFO));
si.cb = static_cast<DWORD>(sizeof(STARTUPINFO));
// interactive window station parameter; basically this indicates
// that the process created can display a GUI on the desktop
wchar_t auxBuffer[16] = L"winsta0\\default";
si.lpDesktop = auxBuffer;
// flags that specify the priority and creation method of the process
int dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE | CREATE_BREAKAWAY_FROM_JOB;
// create a new process in the current User's logon session
bool result = CreateProcessAsUser(hUserTokenDup, // client's access token
L"test-ui-systray.exe", // file to execute
NULL, // command line
&sa, // pointer to process SECURITY_ATTRIBUTES
&sa, // pointer to thread SECURITY_ATTRIBUTES
false, // handles are not inheritable
dwCreationFlags, // creation flags
NULL, // pointer to new environment block
NULL, // name of current directory
&si, // pointer to STARTUPINFO structure
&pi // receives information about new process
);
if (pSid)
FreeLogonSID(&pSid);
if (hdesk)
CloseDesktop(hdesk);
if (hwinsta)
CloseWindowStation(hwinsta);
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
return result;
}
return false;
}
Putting it here for visibility. HarryJohnston answered in the comments. The problem was the flags in the OpenProcessToken, I just changed
OpenProcessToken(hProcess,TOKEN_READ,&hToken)
to
OpenProcessToken(hProcess,TOKEN_READ|TOKEN_QUERY|TOKEN_DUPLICATE|TOKEN_ASSIGN_PRIMARY,&hToken)

Get all processes opened in a certain Desktop

I'm working on an application that creates a new desktop when launched and using a key combo I can move back and forth between the original and the new desktop. At creation time, in the new desktop a new explorer.exe process is started, so the user can start whatever applications he desires.
When the key combo that sends the exit command is detected, the new desktop is closed, and we return to the original one, but all the applications that the user started in the new desktop are still running.
Is there a way to get a handle on all of this processes opened in the new desktop, having a HANDLE for the Window Station and a HDESK handle for the new Desktop?
Thanks to David Heffernan's idea, I was able to find the following solution. Having a HDESK handle for the desktop, I compare it using GetThreadDesktop function with every thread from the system. I'm not sure that it's the most performant solution, I'm open towards suggestions for improvements, but this works just fine:
int main(void)
{
// Desktop handles
HDESK currentDesktop = GetsecondDesktop(GetCurrentThreadId());
HDESK secondDesktop = CreateDesktop(L"secondDesktop", NULL, NULL, 0, GENERIC_ALL, NULL);
// Start processes in secondDesktop ...
// Process enumeration
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded);
cProcesses = cbNeeded / sizeof(DWORD);
for (i = 0; i < cProcesses; i++)
{
if (aProcesses[i] != 0)
{
DWORD pThreadId = ListProcessThreads(aProcesses[i]);
if (GetsecondDesktop(pThreadId) == secondDesktop)
{
TerminateProcess(aProcesses[i]);
}
}
}
return 0;
}
DWORD ListProcessThreads(DWORD dwOwnerPID)
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
// Take a snapshot of all running threads
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap == INVALID_HANDLE_VALUE)
return(FALSE);
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32);
// Retrieve information about the first thread,
// and exit if unsuccessful
if (!Thread32First(hThreadSnap, &te32))
{
CloseHandle(hThreadSnap); // Must clean up the snapshot object!
return(FALSE);
}
// Now walk the thread list of the system,
// and display information about each thread
// associated with the specified process
do
{
if (te32.th32OwnerProcessID == dwOwnerPID)
{
return te32.th32ThreadID;
}
} while (Thread32Next(hThreadSnap, &te32));
// Don't forget to clean up the snapshot object.
CloseHandle(hThreadSnap);
return 0;
}
BOOL TerminateProcess(DWORD dwProcessId)
{
DWORD dwDesiredAccess = PROCESS_TERMINATE;
BOOL bInheritHandle = FALSE;
HANDLE hProcess = OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
if (hProcess == NULL)
return FALSE;
UINT uExitCode = 0;
BOOL result = TerminateProcess(hProcess, uExitCode);
CloseHandle(hProcess);
return result;
}

Get active processname in vc++

Am working on a background appliation in vc++
How can i get the Process Name of the current Application for example "Iexplore" for Using Internet Explorer, "Skype" for window with tile "Skype - username", "Explorer" for using windows explorer ?
i referred this link but am getting Null error : http://www.codeproject.com/Articles/14843/Finding-module-name-from-the-window-handle
This can be done using the following code:
bool GetActiveProcessName(TCHAR *buffer, DWORD cchLen)
{
HWND fg = GetForegroundWindow();
if (fg)
{
DWORD pid;
GetWindowThreadProcessId(fg, &pid);
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);
if (hProcess)
{
BOOL ret = QueryFullProcessImageName(hProcess, 0, buffer, &cchLen);
//here you can trim process name if necessary
CloseHandle(hProcess);
return (ret != FALSE);
}
}
return false;
}
and then
TCHAR buffer[MAX_PATH];
if(GetActiveProcessName(buffer, MAX_PATH))
{
_tprintf(_T("Active process: %s\n"), buffer);
}
else
{
_tprintf(_T("Cannot obtain active process name.\n"));
}
Note though that QueryFullProcessImageName function is only available since Windows Vista, on earlier systems you could use GetProcessImageFileName (it is similar, but requires linkage with psapi.dll and returns device path instead of usual win32 path)
I used this code in my QT5/C++ project to get the currently active process name and window title successfully, based on some research (thanks #dsi). Just wanted to share the code so that someone else would benefit from it.
# Put this two declarations in the top of the CPP file
#include <windows.h>
#pragma comment(lib, "user32.lib")
And put the following into a method:
// get handle of currently active window
HWND hwnd = GetForegroundWindow();
if (hwnd) {
// Get active app name
DWORD maxPath = MAX_PATH;
wchar_t app_path[MAX_PATH];
DWORD pid;
GetWindowThreadProcessId(hwnd, &pid);
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);
if (hProcess) {
QueryFullProcessImageName(hProcess, 0, app_path, &maxPath);
// here you can trim process name if necessary
CloseHandle(hProcess);
QString appPath = QString::fromWCharArray(app_path).trimmed();
QFileInfo appFileInfo(appPath);
windowInfo.appName = appFileInfo.fileName();
}
// Get active window title
wchar_t wnd_title[256];
GetWindowText(hwnd, wnd_title, sizeof(wnd_title));
windowInfo.windowTitle = QString::fromWCharArray(wnd_title);
}
This code may not be compiled directly, because windowInfo is a parameter in my program. Please feel free to let me know in case you encountered any issues when trying this code.