Merge pull request #6 from TogDu/master

FEATURE/EXPERIMENTAL : Add /f flag to force runtime loading
2018-02-26 18:30:06 +01:00 · 2018-02-26 18:30:06 +01:00 · 13b5819f56
parent 707aa7947c b5d86817fc
commit 13b5819f56
10 changed files with 91 additions and 29 deletions
--- a/RpcCore/RpcCore.c
+++ b/RpcCore/RpcCore.c
@ -52,7 +52,7 @@ typedef BOOL (WINAPI* EnumSimpleDictCallbackFn_T)(HANDLE hProcess, UINT Index, V
 BOOL	WINAPI EnumSimpleDict(HANDLE hProcess, SIMPLE_DICT_T* pSimpleDict, EnumSimpleDictCallbackFn_T EnumSimpleDictCallbackFn, VOID* pContext);

 // RpcCore
-VOID*				__fastcall RpcCoreInit();						//returns a private context for the RpcCoreEngine
+VOID*				__fastcall RpcCoreInit(BOOL bForce);						//returns a private context for the RpcCoreEngine
 VOID				__fastcall RpcCoreUninit(VOID* pRpcCoreCtxt);
 RpcProcessInfo_T*	__fastcall RpcCoreGetProcessInfo(void* pRpcCoreCtxt,DWORD Pid,DWORD Ppid,ULONG ProcessInfoMask);
 VOID				__fastcall RpcCoreFreeProcessInfo(void* pRpcCoreCtxt,RpcProcessInfo_T* pRpcProcessInfo);
@ -73,6 +73,7 @@ RpcCore_T	RpcCoreHelper =
 {
 	RPC_CORE_RUNTIME_VERSION,
 	RPC_CORE_IS_WOW64,
+	FALSE,
 	&RpcCoreInit,
 	&RpcCoreUninit,
 	&RpcCoreGetProcessInfo,
@ -270,7 +271,7 @@ End:


 //------------------------------------------------------------------------------
-VOID* __fastcall RpcCoreInit()
+VOID* __fastcall RpcCoreInit(BOOL bForce)
 {
 	UINT64					RuntimVersion;
 	RpcCoreInternalCtxt_T*	pRpcCoreInternalCtxt=NULL;
@ -290,6 +291,11 @@ VOID* __fastcall RpcCoreInit()
 	RuntimVersion=GetModuleVersion(RpcRuntimePath);
 	for (i = 0; i < sizeof(RPC_CORE_RUNTIME_VERSION); i++)
 	{
+		if (bForce && ((RuntimVersion & 0xFFFFFFFF00000000) == (RPC_CORE_RUNTIME_VERSION[i] & 0xFFFFFFFF00000000)))
+		{
+			bFound = TRUE;
+			break;
+		}
 		if (RuntimVersion == RPC_CORE_RUNTIME_VERSION[i])
 		{
 			bFound = TRUE;
--- a/RpcCore/RpcCore.h
+++ b/RpcCore/RpcCore.h
@ -178,7 +178,7 @@ typedef BOOL (__fastcall* RpcCoreEnumProcessAuthInfoCallbackFn_T)(DWORD Pid, Rpc
 // Type definitions
 ////////////////////////////////////////////////////////////////////////////////

-typedef VOID*				(__fastcall* RpcCoreInitFn_T)();
+typedef VOID*				(__fastcall* RpcCoreInitFn_T)(BOOL bForce);
 typedef VOID				(__fastcall* RpcCoreUninitFn_T)(VOID* pRpcCoreCtxt);
 typedef RpcProcessInfo_T*	(__fastcall* RpcCoreGetProcessInfoFn_T)(void* pRpcCoreCtxt, DWORD Pid, DWORD Ppid,ULONG ProcessInfoMask);
 typedef VOID				(__fastcall* RpcCoreFreeProcessInfoFn_T)(void* pRpcCoreCtxt, RpcProcessInfo_T* pRpcProcessInfo);
@ -193,6 +193,7 @@ typedef struct _RpcCore_T{
 	UINT64*								RuntimeVersion;		//the supported version (forx example 0x600011DB04001LL (6.1.7600.16385) for Windows 7 64bits )
 	//const char*							pDescription;
 	BOOL								bWow64Helper;
+	BOOL								bForceLoading;
 	RpcCoreInitFn_T						RpcCoreInitFn;
 	RpcCoreUninitFn_T					RpcCoreUninitFn;
 	RpcCoreGetProcessInfoFn_T			RpcCoreGetProcessInfoFn;
--- a/RpcCore/RpcCore2_32bits/RpcInternals.h
+++ b/RpcCore/RpcCore2_32bits/RpcInternals.h
@ -16,6 +16,7 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = {
 	0x600011DB14ABFLL,	//6.1.7601.19135
 	0x600011DB15B7BLL,	//6.1.7601.23419
 	0x600011DB15CA2LL,	//6.1.7601.23714
+    0x600011DB15D08LL,	//6.1.7601.23816
    0x600011DB15D6BLL,	//6.1.7601.23915
 };

--- a/RpcCore/RpcCore2_64bits/RpcInternals.h
+++ b/RpcCore/RpcCore2_64bits/RpcInternals.h
@ -15,6 +15,7 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = {
 	0x600011DB14ABFLL,	//6.1.7601.19135
 	0x600011DB15B7BLL,	//6.1.7601.23419
 	0x600011DB15CA2LL,	//6.1.7601.23714
+	0x600011DB15D08LL,	//6.1.7601.23816
    0x600011DB15D6BLL,	//6.1.7601.23915
 };

--- a/RpcCore/RpcCore4_32bits/RpcInternals.h
+++ b/RpcCore/RpcCore4_32bits/RpcInternals.h
@ -28,6 +28,8 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = {
 	0xA00003FAB000FLL,  //10.0.16299.15
 	0xA00003FAB00C0LL,  //10.0.16299.192
    0xA0000427903E8LL,  //10.0.17017.1000
+	0xA0000428103E8LL,  //10.0.17025.1000
+	0xA000042B203EALL,  //10.0.17074.1002
 };

 #ifdef _WIN64
--- a/RpcCore/RpcCore4_64bits/RpcInternals.h
+++ b/RpcCore/RpcCore4_64bits/RpcInternals.h
@ -28,6 +28,8 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = {
 	0xA00003FAB000FLL,  //10.0.16299.15
 	0xA00003FAB00C0LL,  //10.0.16299.192
    0xA0000427903E8LL,  //10.0.17017.1000
+	0xA0000428103E8LL,  //10.0.17025.1000
+	0xA000042B203EALL,  //10.0.17074.1002
 };

 #define RPC_CORE_DESCRIPTION					"Windows 10 64bits runtime core"
--- a/RpcView/InitViewsVisitor.cpp
+++ b/RpcView/InitViewsVisitor.cpp
@ -34,7 +34,7 @@ InitViewsVisitor_C::InitViewsVisitor_C(RpcCore_T* pRpcCore,void** ppRpcCoreCtxt)
 	this->pRpcCore= pRpcCore;

 	this->NbOfInterfaces = 0;
-	this->pRpcCoreCtxt = pRpcCore->RpcCoreInitFn();
+	this->pRpcCoreCtxt = pRpcCore->RpcCoreInitFn(pRpcCore->bForceLoading);
 	if (this->pRpcCoreCtxt==NULL) goto End;
 	*ppRpcCoreCtxt = this->pRpcCoreCtxt;

--- a/RpcView/MainWindow.cpp
+++ b/RpcView/MainWindow.cpp
@ -22,6 +22,15 @@
 #define MANUAL_REFRESH_SPEED		0
 #define SHELL_EXECUTE_SUCCESS		((HINSTANCE)42)		// According to the doc, welcome the 16-bit compatibilty

+#ifdef __cplusplus
+extern "C" {
+#endif
+
+	extern    RpcCore_T	gRpcCoreManager;
+
+#ifdef __cplusplus
+}
+#endif

 extern ULONG	NTAPI DecompilerExceptionFilter(EXCEPTION_POINTERS* pExceptionPointers);
 extern HMODULE	NTAPI LoadDecompilerEngine(RpcDecompilerHelper_T** ppRpcDecompilerHelper);
@ -300,7 +309,10 @@ void MainWindow_C::ViewDetailsForAllProcesses()
 	UCHAR		FilePath[MAX_PATH];
 	
 	GetModuleFileNameA(NULL,(LPSTR)FilePath,_countof(FilePath));
-	hInstance = ShellExecuteA(NULL, "runas", (LPCSTR)FilePath, 0, 0, SW_SHOWNORMAL);
+	if (gRpcCoreManager.bForceLoading)
+		hInstance = ShellExecuteA(NULL, "runas", (LPCSTR)FilePath, "/f", 0, SW_SHOWNORMAL);
+	else
+		hInstance = ShellExecuteA(NULL, "runas", (LPCSTR)FilePath, 0, 0, SW_SHOWNORMAL);
 	if ( hInstance == SHELL_EXECUTE_SUCCESS)
 	{
 		Exit();
--- a/RpcView/RpcCoreManager.c
+++ b/RpcView/RpcCoreManager.c
@ -13,7 +13,7 @@ typedef struct _RpcCoreManager_T{
 }RpcCoreManager_T; 

 // RpcCore
-VOID*				__fastcall RpcCoreInit();						//returns a private context for the RpcCoreEngine
+VOID*				__fastcall RpcCoreInit(BOOL bForce);						//returns a private context for the RpcCoreEngine
 VOID				__fastcall RpcCoreUninit(VOID* pRpcCoreCtxt);
 RpcProcessInfo_T*	__fastcall RpcCoreGetProcessInfo(void* pRpcCoreCtxt, DWORD Pid, DWORD Ppid, ULONG ProcessInfoMask);
 VOID				__fastcall RpcCoreFreeProcessInfo(void* pRpcCoreCtxt, RpcProcessInfo_T* pRpcProcessInfo);
@ -29,6 +29,7 @@ RpcCore_T	gRpcCoreManager =
    0,
    //"Generic RpcCore Manager",
    FALSE,
+	FALSE,
    &RpcCoreInit,
    &RpcCoreUninit,
    &RpcCoreGetProcessInfo,
@ -41,7 +42,7 @@ RpcCore_T	gRpcCoreManager =
 };

 //------------------------------------------------------------------------------
-BOOL NTAPI LoadCoreEngine(RpcCore_T** ppRpcCoreHelper, void** ppRpcCoreCtxt, BOOL bWow64Helper)
+BOOL NTAPI LoadCoreEngine(RpcCore_T** ppRpcCoreHelper, void** ppRpcCoreCtxt, BOOL bWow64Helper, BOOL bForce)
 {
    WIN32_FIND_DATAA	Win32FindData;
    HMODULE				hLib;
@ -60,7 +61,7 @@ BOOL NTAPI LoadCoreEngine(RpcCore_T** ppRpcCoreHelper, void** ppRpcCoreCtxt, BOO
            pRpcCoreHelper = (RpcCore_T*)(ULONG_PTR)GetProcAddress(hLib, RPC_CORE_EXPORT_SYMBOL);
            if (pRpcCoreHelper != NULL)
            {
-                *ppRpcCoreCtxt = pRpcCoreHelper->RpcCoreInitFn();
+                *ppRpcCoreCtxt = pRpcCoreHelper->RpcCoreInitFn(bForce);
                if (*ppRpcCoreCtxt != NULL)
                {
                    pRpcCoreHelper->RpcCoreUninitFn(*ppRpcCoreCtxt);
@ -86,13 +87,13 @@ End:


 //-----------------------------------------------------------------------------
-VOID* __fastcall RpcCoreInit()
+VOID* __fastcall RpcCoreInit(BOOL bForce)
 {
    RpcCoreManager_T*   pRpcCoreManager;

    pRpcCoreManager = (RpcCoreManager_T*)OS_ALLOC(sizeof(RpcCoreManager_T));

-    if (!LoadCoreEngine(&pRpcCoreManager->pNativeCore, &pRpcCoreManager->pNativeCoreCtxt, FALSE))
+    if (!LoadCoreEngine(&pRpcCoreManager->pNativeCore, &pRpcCoreManager->pNativeCoreCtxt, FALSE, bForce))
    {
 		const char Caption[]	= "Unsupported runtime version";
 #ifdef _WIN64
@ -107,14 +108,14 @@ VOID* __fastcall RpcCoreInit()
 #endif
 		ExitProcess(0);
    }
-    pRpcCoreManager->pNativeCoreCtxt = pRpcCoreManager->pNativeCore->RpcCoreInitFn();
+	pRpcCoreManager->pNativeCoreCtxt = pRpcCoreManager->pNativeCore->RpcCoreInitFn(bForce);
 #ifdef _WIN64
-    if (!LoadCoreEngine(&pRpcCoreManager->pWow64Core, &pRpcCoreManager->pWow64CoreCtxt, TRUE))
+    if (!LoadCoreEngine(&pRpcCoreManager->pWow64Core, &pRpcCoreManager->pWow64CoreCtxt, TRUE,bForce))
    {
        OS_FREE(pRpcCoreManager);
        return NULL;
    }
-    pRpcCoreManager->pWow64CoreCtxt = pRpcCoreManager->pWow64Core->RpcCoreInitFn();
+	pRpcCoreManager->pWow64CoreCtxt = pRpcCoreManager->pWow64Core->RpcCoreInitFn(bForce);
 #endif
    return (pRpcCoreManager);
 }
--- a/RpcView/RpcView.cpp
+++ b/RpcView/RpcView.cpp
@ -302,7 +302,7 @@ int DecompileAllInterfaces(RpcCore_T* pRpcCore)

 	EnumCtxt.pRpcDecompilerHelper	= pRpcDecompilerHelper;
    EnumCtxt.pRpcCore               = pRpcCore;
-    EnumCtxt.pRpcCoreCtxt           = pRpcCore->RpcCoreInitFn();
+    EnumCtxt.pRpcCoreCtxt           = pRpcCore->RpcCoreInitFn(FALSE);
    if (EnumCtxt.pRpcCoreCtxt==NULL) goto End;

 	_cprintf("Start scanning...\n");
@ -328,20 +328,28 @@ End:
 	HICON			hMainIcon;
 	UCHAR			CurrentDirectory[MAX_PATH];
 	UCHAR*			pSeparator;
-
+	int ret = 0;
 #ifdef _DEBUG
 	_CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE);
 	_CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDOUT);
 #else
-	int				argc		= 1;
-	char*			pCmdLineA	= NULL;
-	char**			argv		= &pCmdLineA;
-
-    UNREFERENCED_PARAMETER(pCmdLine);
+	int				argc		= 0;
+	
    UNREFERENCED_PARAMETER(hInstance);
    UNREFERENCED_PARAMETER(hPrevInstance);
    UNREFERENCED_PARAMETER(nCmdShow);
-	pCmdLineA = GetCommandLineA();
+	pCmdLine = GetCommandLineW();
+
+	LPWSTR* argvw = CommandLineToArgvW(pCmdLine, &argc);
+
+	char** argv = (char**)malloc(argc*sizeof(char*));
+	for (int i = 0; i < argc; i++)
+	{
+		size_t tmpSize = lstrlenW(argvw[i]) * 2 + 2;
+		argv[i] = (char*)malloc(tmpSize);
+		wcstombs_s(&tmpSize, argv[i], tmpSize, argvw[i], tmpSize);
+	}
+		
 #endif
 	QApplication app(argc, argv);
    QSettings   Settings(RPC_VIEW_ORGANIZATION_NAME, RPC_VIEW_APPLICATION_NAME);
@ -359,20 +367,41 @@ End:
 #ifdef _DEBUG
 	if (argc>1)
 	{
-		if (!_stricmp(argv[1],"/DA"))
+		for (int curArg = 1; curArg < argc; curArg++)
 		{
-            DecompileAllInterfaces(&gRpcCoreManager);
+			if (!_stricmp(argv[1], "/DA"))
+			{
+				DecompileAllInterfaces(&gRpcCoreManager);
+				_CrtDumpMemoryLeaks();
+			}
+			else if (!_stricmp(argv[1], "/f"))
+			{
+				gRpcCoreManager.bForceLoading = TRUE;
+			}
+			else
+			{
+				_cprintf("Usage %s: [/f] [/DA]\n", argv[0]);
+				_cprintf("  /f : force loading for unsupported runtime versions \n");
+				_cprintf("  /DA : decompile all interfaces\n");
+			}
+		}
+		//
+		//return 0;
+	}
+#else
+	if (argc>1)
+	{
+		if (argvw[1] && !wcsncmp(argvw[1], L"/f", 2))
+		{
+			gRpcCoreManager.bForceLoading = TRUE;
 		}
 		else
 		{
-			_cprintf("Usage %s: [/DA]\n",argv[0]);
-			_cprintf("  /DA : decompile all interfaces\n");
+			_cprintf("Usage %s: [/f]\n", argv[0]);
+			_cprintf("  /f : force loading for unsupported runtime versions \n");
 		}
-		_CrtDumpMemoryLeaks();
-		return 0;
 	}
 #endif
-
    pMainWindow = new MainWindow_C(&gRpcCoreManager);

 	hMainIcon = LoadIcon(GetModuleHandle(NULL), MAKEINTRESOURCE(ID_MAIN_ICON));
@ -381,5 +410,12 @@ End:
 		pMainWindow->setWindowIcon(QtWin::fromHICON(hMainIcon));
 		DestroyIcon(hMainIcon);
 	}
-	return app.exec();
+	ret =  app.exec();
+
+#ifndef _DEBUG
+	for (int i = 0; i < argc; i++)
+		free(argv[i]);
+	free(argv);
+#endif
+	return ret;
 }