I am having a really hard time with some API calls to the Wininet dll. I am trying to read cookies client side set by IE 9. Here's the code.
#include "stdafx.h"
#include <Windows.h>
#include <WinInet.h>
#include <iostream>
int _tmain(int argc, _TCHAR* argv[])
{
LPTSTR lpData = NULL;
DWORD dwSz = 500;
std::cout << "Hello Chris" << std::endl;
lpData = new TCHAR[dwSz];
std::wcout << "Arg 0: " << argv[1] << std::endl;
bool val = InternetGetCookieEx(argv[1], argv[2], lpData, &dwSz, INTERNET_COOKIE_THIRD_PARTY | INTERNET_FLAG_RESTRICTED_ZONE, NULL);
if (!val)
{
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
std::cout << "Insufficent Buffer size" << std::endl;
lpData = new TCHAR[dwSz];
val = InternetGetCookieEx(argv[1], argv[2], lpData, &dwSz, INTERNET_COOKIE_THIRD_PARTY | INTERNET_FLAG_RESTRICTED_ZONE, NULL);
if (val)
{
std::cout << "Cookie Data: " << lpData << std::endl;
}
else
{
std::cout << "ERROR Code: " << GetLastError() << std::endl;
}
}
else
{
int err = GetLastError();
std::cout << "ERROR Code: " << err << std::endl;
}
}
else
{
std::cout << "Cookie Data: " << lpData << std::endl;
}
//}
return 0;
}
The problem that I am having is that when I call InternetGetCookeEx I always return false and get an error code of 259, which means no more data available. When you consult the API essentially what that means is that it couldn't find my cookie.
Because I am using IE 9 the names for files that the cookie is being stored in are obviously mangled , which is why I am trying to read my cookie data that way.
I have removed the company name to protect the company. Essentially what I am trying to do is. Find the lUsrCtxPersist cookie value. Therefore I am calling the code as such CookieReader.ext http://[CompanyDomain].com lUsrCtxPersist.
However I always get a false and an error code of 259. Any light you might be able to shed on this would be greatly appreciated.
http://msdn.microsoft.com/en-us/library/ms537312%28v=vs.85%29.aspx
Try to use IEGetProtectedModeCookie
Assuming the cookie name is correct, then try removing the INTERNET_COOKIE_THIRD_PARTY and/or INTERNET_FLAG_RESTRICTED_ZONE flags and see what happens. Or try calling InternetGetCookie() instead, which has no such flags available.
On a separate note, when InternetGetCookieEx() returns ERROR_INSUFFICIENT_BUFFER, you are leaking memory. You need to delete[] your existing buffer before then calling new[] to allocate a new buffer.
Related
i'm trying to make a little program to my university that can change values in the memory of another process. With the exact address value that the Cheat Engine give me i can do this, but not ever the value is the same then my problem is with the memory pointers. In the following image i has the every offset that i found in the pointer scan map:
I already make a program but it not work and ever gives me 299 error code, i Run it as administrator. The code is the following:
#include <iostream>
#include <Windows.h>
#include <Psapi.h>
#include <TlHelp32.h>
#include <queue>
using namespace std;
int main() {
PROCESSENTRY32 pEntry;
pEntry.dwSize = sizeof(PROCESSENTRY32);
// Snapshot to list all process
HANDLE pHandlers = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (pHandlers == NULL) {
cout << "Error 1";
return 1;
}
// Listing process
if (Process32First(pHandlers, &pEntry)) {
while (Process32Next(pHandlers, &pEntry)) {
// Convert value to string
wstring wstr(pEntry.szExeFile);
string str(wstr.begin(), wstr.end());
// Check if is the process that i wan't
if (str == "Playgroundd.exe") {
MODULEENTRY32 mEntry;
mEntry.dwSize = sizeof(MODULEENTRY32);
// Snapshot to list all modules inside process
HANDLE mHandlers = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pEntry.th32ProcessID);
if (mHandlers == NULL) {
cout << "Error 2";
return 1;
}
// Usually the first process is the main module
if (Module32First(mHandlers, &mEntry)) {
// Convert the name to string
wstring wstrr(mEntry.szExePath);
string strr(wstrr.begin(), wstrr.end());
if (strr.find("Playgroundd.exe")) {
// Get the base address of module
DWORD moduleBaseAddress = (DWORD)mEntry.modBaseAddr;
// Append initial value
moduleBaseAddress += (DWORD)0x000000E8;
// Offsets defined
DWORD offsets[] = {0x88,0x98,0x90,0x20,0x10,0x48,0x904};
// Open process with the right process id
cout << "process id: " << pEntry.th32ProcessID << endl << endl;
HANDLE processHandler = OpenProcess(PROCESS_ALL_ACCESS, 0, pEntry.th32ProcessID);
if (processHandler == NULL) {
cout << "Can't open the process";
return 1;
}
// Sum offsets
for (int i = 0; i < 7;i++) {
moduleBaseAddress += offsets[i];
}
int receive = 0;
size_t bytesRead = 0;
bool resultStatus = ReadProcessMemory(processHandler,
(LPCVOID)moduleBaseAddress, &receive, sizeof(receive), &bytesRead);
cout << "result status :" << resultStatus << endl;
cout << "Received : " << receive << endl;
cout << "Bytes read : " << bytesRead << endl;
cout << "Possible error code : " << GetLastError() << endl;
}
else {
cout << "Can't find module";
return 1;
}
}
}
}
}
};
This is the output of the above program, the error code can be ignored if the result status be non-zero
result status :0
Received : 0
Bytes read : 0
Possible error code : 299
What i am doing wrong?
As pointed by the comment above, your calculation of the target address is questionable.
Your use of GetLastError is unsafe - you should call it immediately after FAILED call to ReadProcessMemory. However, in this case, cout << ... doesn't change that code, so you are OK.
According to docs
ERROR_PARTIAL_COPY
299 (0x12B)
Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
And this post states
ReadProcessMemory would return FALSE and GetLastError would return ERROR_PARTIAL_COPY when the copy hits a page fault.
I am trying to implement a C++ application for the first time, so be gentle :).
I installed CLion and set up MinGW.
First, I already fail on using the Windows API LogonUserW(). My Application runs into a error which results in:
My code looks like this:
#include <iostream>
#include <windows.h>
#include <conio.h>
int main() {
std::cout << "Please press Enter to continue... " << std::endl;
getch();
DWORD dwLogonType = LOGON32_LOGON_NETWORK ;
DWORD dwLogonProvider = LOGON32_PROVIDER_WINNT40 ;
PHANDLE hToken = NULL ;
BOOL result = ::LogonUserW(
L"de313e",
L"DOMAIN",
L"PASSWORD",
dwLogonType,
dwLogonProvider,
hToken);
if (result)
std::cout << "It worked" << std::endl ;
else
std::cout << "Not worked" << std::endl ;
return 0;
}
My intention is to either:
Login as an admin user and execute a process with the token
OR
Execute an Application with Administrator privileges
I know that there is an API call named CreateProcessAsUserA(), but with an API Monitor I can retrieve the password.
Therefore I would love to use LogonUserW() as the parameter for password:
lpszPassword A pointer to a null-terminated string that specifies the plaintext password for the user account specified by lpszUsername.
Which I wanted to do.
I hope someone can help me with that.
This should do it. Creating a regular HANDLE and passing it by reference.
#include <iostream>
#include <windows.h>
#include <conio.h>
int main() {
std::cout << "Please press Enter to continue... " << std::endl;
getch();
DWORD dwLogonType = LOGON32_LOGON_NETWORK;
DWORD dwLogonProvider = LOGON32_PROVIDER_WINNT40;
HANDLE hToken;
BOOL result = LogonUserW(
L"USERNAME",
L"DOMAIN",
L"PASSWORD",
dwLogonType,
dwLogonProvider,
&hToken);
if (result)
std::cout << "It worked" << std::endl;
else
std::cout << "Not worked" << std::endl;
return 0;
}
I'm trying to use the following code to change the wall paper on a Windows 7 machine. I'm compiling with Multi Byte Character Set.
if(SystemParametersInfoW(SPI_SETDESKWALLPAPER, 0, L"c:\\temp\\extracted.png", SPIF_SENDCHANGE) != 0)
{
std::cout << "Success !" << std::endl;
}
else
{
std::cout << "Failure :(" << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
system("title :(");
}
I have no idea of why this is not working since it doesn't return an error code (GetLastError gives 0). No need to say that the wall paper remains unchanged.
EDIT: tried to change to this and to put a bmp file instead.
int error(0);
if(SystemParametersInfoW(SPI_SETDESKWALLPAPER, 0, L"c:\\temp\\extracted.bmp", SPIF_SENDCHANGE) != 0)
{
std::cout << "Success !" << std::endl;
}
else
{
error = GetLastError();
std::cout << "Failure :(" << std::endl;
std::cout << "Error: " << error << std::endl;
system("title :(");
}
system("pause");
Output in console is Failure :( followed by Error: 0
From the advice on the comments I abandoned ChangeParametersInfo and implemented this quick function I found. Worked instantly.
void SetWallpaper(LPCWSTR file)
{
CoInitializeEx(0, COINIT_APARTMENTTHREADED);
IActiveDesktop* desktop;
HRESULT status = CoCreateInstance(CLSID_ActiveDesktop, NULL, CLSCTX_INPROC_SERVER, IID_IActiveDesktop, (void**)&desktop);
WALLPAPEROPT wOption;
ZeroMemory(&wOption, sizeof(WALLPAPEROPT));
wOption.dwSize = sizeof(WALLPAPEROPT);
wOption.dwStyle = WPSTYLE_CENTER;
status = desktop->SetWallpaper(file, 0);
status = desktop->SetWallpaperOptions(&wOption, 0);
status = desktop->ApplyChanges(AD_APPLY_ALL);
desktop->Release();
CoUninitialize();
}
Usage
SetWallpaper(L"c:\\temp\\extracted.png");
This is so much easier than bothering with the old one. Still wondering why it wasn't giving an error. Hope this will help someone else.
Thanks for the advices everyone.
I have following piece of code that is working on the following steps:
Open the RegistryKey using RegOpenKeyEx
After opening key, Create a event using CreateEvent.
Using RegNotifyChangeKeyValue for getting Notification.
The above steps only gives me a notification of change occured but not the information on where the change occured. eg consider following code:
#include <Windows.h>
#include <iostream>
#include <string>
int main()
{
DWORD dwFilter = REG_NOTIFY_CHANGE_NAME|
REG_NOTIFY_CHANGE_ATTRIBUTES |
REG_NOTIFY_CHANGE_LAST_SET |
REG_NOTIFY_CHANGE_SECURITY;
HKEY pHresult=0;
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\aaaa",0,KEY_NOTIFY|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS|KEY_QUERY_VALUE|KEY_WOW64_64KEY,&pHresult)!=ERROR_SUCCESS){
std::cout << "FAIL IN OPEN SOFTWARE" << std::endl;
}
std::cout << " OPEN software//aaaa" << std::endl;
while(1)
{
HANDLE hevent = CreateEvent(NULL,FALSE, TRUE, NULL);
if(RegNotifyChangeKeyValue(pHresult,TRUE,dwFilter,hevent,TRUE) != ERROR_SUCCESS)
{
std::cout << "NOTIFICATION FAILED " << std::endl;
}
DWORD dwret = WaitForSingleObject(hevent, 2000);
if(dwret == WAIT_TIMEOUT)
{
std::cout << " TIMEOUT " << std::endl;
}
else if (dwret == WAIT_FAILED)
{
//
}
else
{
std::cout << "Change Occured" << std::endl;
}
//Sleep(2000);
}
RegCloseKey(pHresult);
}
In above code, if change is done in aaaa, i get Change Occured. How do I get the location where the change occured. One way would be using recursion and scanning the whole path. Is there any better way or API for reducing the overhead of recursion way?
GetLastError tells me I'm getting the "The program issued a command but the command length is incorrect." error when calling Process32First() (see code below). I found one post that looked helpful (http://social.msdn.microsoft.com/Forums/is/vcgeneral/thread/6f43716f-fdd3-4c92-bfba-6a23178c32bf), but I'm not sure if this is my problem.
I've tried building a program that includes only "stdafx.h", <iostream>, <Windows.h> and <TlHelp32.h> to test __alignof(PROCESSENTRY32), but I still get a value of 4. Not sure if that's correct or not.
Here is the code that's failing:
HANDLE hProcess;
PROCESSENTRY32 pe32;
cout << "Size of PROCESSENTRY32 is: " << sizeof(PROCESSENTRY32) << "\r\n"; // 556
cout << "Align of PROCESSENTRY32 is: " << __alignof(PROCESSENTRY32) << "\r\n"; // 4
if ( !(hProcess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)) ) {
cout << "CreateToolhelp32Snapshot() failed: " << GetLastError() << "\r\n";
return (HANDLE)NULL;
} else {
cout << "CreateToolhelp32Snapshot() succeeded.\r\n";
}
if (Process32First(hProcess, &pe32)) {
do {
cout << pe32.th32ModuleID;
} while (Process32Next(hProcess, &pe32));
} else {
cout << "Process32First() failed: " << GetLastError() << "\r\n";
}
From the docs on Process32First:
The calling application must set the dwSize member of PROCESSENTRY32 to the size, in bytes, of the structure.
I don't see you doing that in your code, and I suspect it's the problem. Fix it:
pe32.dwSize = sizeof pe32;
if (Process32First(...))
The reasoning behind this mandatory action for many of the winapi structures is for the flexibility to add more onto the structure later on, but let functions know which version is being used by checking against known sizes of previous versions.