diff --git a/RpcCore/RpcCore.c b/RpcCore/RpcCore.c index 1790c89..76825f7 100644 --- a/RpcCore/RpcCore.c +++ b/RpcCore/RpcCore.c @@ -52,7 +52,7 @@ typedef BOOL (WINAPI* EnumSimpleDictCallbackFn_T)(HANDLE hProcess, UINT Index, V BOOL WINAPI EnumSimpleDict(HANDLE hProcess, SIMPLE_DICT_T* pSimpleDict, EnumSimpleDictCallbackFn_T EnumSimpleDictCallbackFn, VOID* pContext); // RpcCore -VOID* __fastcall RpcCoreInit(); //returns a private context for the RpcCoreEngine +VOID* __fastcall RpcCoreInit(BOOL bForce); //returns a private context for the RpcCoreEngine VOID __fastcall RpcCoreUninit(VOID* pRpcCoreCtxt); RpcProcessInfo_T* __fastcall RpcCoreGetProcessInfo(void* pRpcCoreCtxt,DWORD Pid,DWORD Ppid,ULONG ProcessInfoMask); VOID __fastcall RpcCoreFreeProcessInfo(void* pRpcCoreCtxt,RpcProcessInfo_T* pRpcProcessInfo); @@ -73,6 +73,7 @@ RpcCore_T RpcCoreHelper = { RPC_CORE_RUNTIME_VERSION, RPC_CORE_IS_WOW64, + FALSE, &RpcCoreInit, &RpcCoreUninit, &RpcCoreGetProcessInfo, @@ -270,7 +271,7 @@ End: //------------------------------------------------------------------------------ -VOID* __fastcall RpcCoreInit() +VOID* __fastcall RpcCoreInit(BOOL bForce) { UINT64 RuntimVersion; RpcCoreInternalCtxt_T* pRpcCoreInternalCtxt=NULL; @@ -290,6 +291,11 @@ VOID* __fastcall RpcCoreInit() RuntimVersion=GetModuleVersion(RpcRuntimePath); for (i = 0; i < sizeof(RPC_CORE_RUNTIME_VERSION); i++) { + if (bForce && ((RuntimVersion & 0xFFFFFFFF00000000) == (RPC_CORE_RUNTIME_VERSION[i] & 0xFFFFFFFF00000000))) + { + bFound = TRUE; + break; + } if (RuntimVersion == RPC_CORE_RUNTIME_VERSION[i]) { bFound = TRUE; diff --git a/RpcCore/RpcCore.h b/RpcCore/RpcCore.h index a4ad1dc..a883b18 100644 --- a/RpcCore/RpcCore.h +++ b/RpcCore/RpcCore.h @@ -178,7 +178,7 @@ typedef BOOL (__fastcall* RpcCoreEnumProcessAuthInfoCallbackFn_T)(DWORD Pid, Rpc // Type definitions //////////////////////////////////////////////////////////////////////////////// -typedef VOID* (__fastcall* RpcCoreInitFn_T)(); +typedef VOID* (__fastcall* RpcCoreInitFn_T)(BOOL bForce); typedef VOID (__fastcall* RpcCoreUninitFn_T)(VOID* pRpcCoreCtxt); typedef RpcProcessInfo_T* (__fastcall* RpcCoreGetProcessInfoFn_T)(void* pRpcCoreCtxt, DWORD Pid, DWORD Ppid,ULONG ProcessInfoMask); typedef VOID (__fastcall* RpcCoreFreeProcessInfoFn_T)(void* pRpcCoreCtxt, RpcProcessInfo_T* pRpcProcessInfo); @@ -193,6 +193,7 @@ typedef struct _RpcCore_T{ UINT64* RuntimeVersion; //the supported version (forx example 0x600011DB04001LL (6.1.7600.16385) for Windows 7 64bits ) //const char* pDescription; BOOL bWow64Helper; + BOOL bForceLoading; RpcCoreInitFn_T RpcCoreInitFn; RpcCoreUninitFn_T RpcCoreUninitFn; RpcCoreGetProcessInfoFn_T RpcCoreGetProcessInfoFn; diff --git a/RpcCore/RpcCore2_32bits/RpcInternals.h b/RpcCore/RpcCore2_32bits/RpcInternals.h index 8bb56f5..4ec3c3b 100644 --- a/RpcCore/RpcCore2_32bits/RpcInternals.h +++ b/RpcCore/RpcCore2_32bits/RpcInternals.h @@ -16,6 +16,7 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = { 0x600011DB14ABFLL, //6.1.7601.19135 0x600011DB15B7BLL, //6.1.7601.23419 0x600011DB15CA2LL, //6.1.7601.23714 + 0x600011DB15D08LL, //6.1.7601.23816 0x600011DB15D6BLL, //6.1.7601.23915 }; diff --git a/RpcCore/RpcCore2_64bits/RpcInternals.h b/RpcCore/RpcCore2_64bits/RpcInternals.h index a295334..431e032 100644 --- a/RpcCore/RpcCore2_64bits/RpcInternals.h +++ b/RpcCore/RpcCore2_64bits/RpcInternals.h @@ -15,6 +15,7 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = { 0x600011DB14ABFLL, //6.1.7601.19135 0x600011DB15B7BLL, //6.1.7601.23419 0x600011DB15CA2LL, //6.1.7601.23714 + 0x600011DB15D08LL, //6.1.7601.23816 0x600011DB15D6BLL, //6.1.7601.23915 }; diff --git a/RpcCore/RpcCore4_32bits/RpcInternals.h b/RpcCore/RpcCore4_32bits/RpcInternals.h index e9b2048..3dd3a19 100644 --- a/RpcCore/RpcCore4_32bits/RpcInternals.h +++ b/RpcCore/RpcCore4_32bits/RpcInternals.h @@ -28,6 +28,8 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = { 0xA00003FAB000FLL, //10.0.16299.15 0xA00003FAB00C0LL, //10.0.16299.192 0xA0000427903E8LL, //10.0.17017.1000 + 0xA0000428103E8LL, //10.0.17025.1000 + 0xA000042B203EALL, //10.0.17074.1002 }; #ifdef _WIN64 diff --git a/RpcCore/RpcCore4_64bits/RpcInternals.h b/RpcCore/RpcCore4_64bits/RpcInternals.h index 3eee857..e04a5f1 100644 --- a/RpcCore/RpcCore4_64bits/RpcInternals.h +++ b/RpcCore/RpcCore4_64bits/RpcInternals.h @@ -28,6 +28,8 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = { 0xA00003FAB000FLL, //10.0.16299.15 0xA00003FAB00C0LL, //10.0.16299.192 0xA0000427903E8LL, //10.0.17017.1000 + 0xA0000428103E8LL, //10.0.17025.1000 + 0xA000042B203EALL, //10.0.17074.1002 }; #define RPC_CORE_DESCRIPTION "Windows 10 64bits runtime core" diff --git a/RpcView/InitViewsVisitor.cpp b/RpcView/InitViewsVisitor.cpp index 28b94cc..4a2d3cc 100644 --- a/RpcView/InitViewsVisitor.cpp +++ b/RpcView/InitViewsVisitor.cpp @@ -34,7 +34,7 @@ InitViewsVisitor_C::InitViewsVisitor_C(RpcCore_T* pRpcCore,void** ppRpcCoreCtxt) this->pRpcCore= pRpcCore; this->NbOfInterfaces = 0; - this->pRpcCoreCtxt = pRpcCore->RpcCoreInitFn(); + this->pRpcCoreCtxt = pRpcCore->RpcCoreInitFn(pRpcCore->bForceLoading); if (this->pRpcCoreCtxt==NULL) goto End; *ppRpcCoreCtxt = this->pRpcCoreCtxt; diff --git a/RpcView/MainWindow.cpp b/RpcView/MainWindow.cpp index 4eac5de..bb740f5 100644 --- a/RpcView/MainWindow.cpp +++ b/RpcView/MainWindow.cpp @@ -22,6 +22,15 @@ #define MANUAL_REFRESH_SPEED 0 #define SHELL_EXECUTE_SUCCESS ((HINSTANCE)42) // According to the doc, welcome the 16-bit compatibilty +#ifdef __cplusplus +extern "C" { +#endif + + extern RpcCore_T gRpcCoreManager; + +#ifdef __cplusplus +} +#endif extern ULONG NTAPI DecompilerExceptionFilter(EXCEPTION_POINTERS* pExceptionPointers); extern HMODULE NTAPI LoadDecompilerEngine(RpcDecompilerHelper_T** ppRpcDecompilerHelper); @@ -300,7 +309,10 @@ void MainWindow_C::ViewDetailsForAllProcesses() UCHAR FilePath[MAX_PATH]; GetModuleFileNameA(NULL,(LPSTR)FilePath,_countof(FilePath)); - hInstance = ShellExecuteA(NULL, "runas", (LPCSTR)FilePath, 0, 0, SW_SHOWNORMAL); + if (gRpcCoreManager.bForceLoading) + hInstance = ShellExecuteA(NULL, "runas", (LPCSTR)FilePath, "/f", 0, SW_SHOWNORMAL); + else + hInstance = ShellExecuteA(NULL, "runas", (LPCSTR)FilePath, 0, 0, SW_SHOWNORMAL); if ( hInstance == SHELL_EXECUTE_SUCCESS) { Exit(); diff --git a/RpcView/RpcCoreManager.c b/RpcView/RpcCoreManager.c index fdd48da..b60e538 100644 --- a/RpcView/RpcCoreManager.c +++ b/RpcView/RpcCoreManager.c @@ -13,7 +13,7 @@ typedef struct _RpcCoreManager_T{ }RpcCoreManager_T; // RpcCore -VOID* __fastcall RpcCoreInit(); //returns a private context for the RpcCoreEngine +VOID* __fastcall RpcCoreInit(BOOL bForce); //returns a private context for the RpcCoreEngine VOID __fastcall RpcCoreUninit(VOID* pRpcCoreCtxt); RpcProcessInfo_T* __fastcall RpcCoreGetProcessInfo(void* pRpcCoreCtxt, DWORD Pid, DWORD Ppid, ULONG ProcessInfoMask); VOID __fastcall RpcCoreFreeProcessInfo(void* pRpcCoreCtxt, RpcProcessInfo_T* pRpcProcessInfo); @@ -29,6 +29,7 @@ RpcCore_T gRpcCoreManager = 0, //"Generic RpcCore Manager", FALSE, + FALSE, &RpcCoreInit, &RpcCoreUninit, &RpcCoreGetProcessInfo, @@ -41,7 +42,7 @@ RpcCore_T gRpcCoreManager = }; //------------------------------------------------------------------------------ -BOOL NTAPI LoadCoreEngine(RpcCore_T** ppRpcCoreHelper, void** ppRpcCoreCtxt, BOOL bWow64Helper) +BOOL NTAPI LoadCoreEngine(RpcCore_T** ppRpcCoreHelper, void** ppRpcCoreCtxt, BOOL bWow64Helper, BOOL bForce) { WIN32_FIND_DATAA Win32FindData; HMODULE hLib; @@ -60,7 +61,7 @@ BOOL NTAPI LoadCoreEngine(RpcCore_T** ppRpcCoreHelper, void** ppRpcCoreCtxt, BOO pRpcCoreHelper = (RpcCore_T*)(ULONG_PTR)GetProcAddress(hLib, RPC_CORE_EXPORT_SYMBOL); if (pRpcCoreHelper != NULL) { - *ppRpcCoreCtxt = pRpcCoreHelper->RpcCoreInitFn(); + *ppRpcCoreCtxt = pRpcCoreHelper->RpcCoreInitFn(bForce); if (*ppRpcCoreCtxt != NULL) { pRpcCoreHelper->RpcCoreUninitFn(*ppRpcCoreCtxt); @@ -86,13 +87,13 @@ End: //----------------------------------------------------------------------------- -VOID* __fastcall RpcCoreInit() +VOID* __fastcall RpcCoreInit(BOOL bForce) { RpcCoreManager_T* pRpcCoreManager; pRpcCoreManager = (RpcCoreManager_T*)OS_ALLOC(sizeof(RpcCoreManager_T)); - if (!LoadCoreEngine(&pRpcCoreManager->pNativeCore, &pRpcCoreManager->pNativeCoreCtxt, FALSE)) + if (!LoadCoreEngine(&pRpcCoreManager->pNativeCore, &pRpcCoreManager->pNativeCoreCtxt, FALSE, bForce)) { const char Caption[] = "Unsupported runtime version"; #ifdef _WIN64 @@ -107,14 +108,14 @@ VOID* __fastcall RpcCoreInit() #endif ExitProcess(0); } - pRpcCoreManager->pNativeCoreCtxt = pRpcCoreManager->pNativeCore->RpcCoreInitFn(); + pRpcCoreManager->pNativeCoreCtxt = pRpcCoreManager->pNativeCore->RpcCoreInitFn(bForce); #ifdef _WIN64 - if (!LoadCoreEngine(&pRpcCoreManager->pWow64Core, &pRpcCoreManager->pWow64CoreCtxt, TRUE)) + if (!LoadCoreEngine(&pRpcCoreManager->pWow64Core, &pRpcCoreManager->pWow64CoreCtxt, TRUE,bForce)) { OS_FREE(pRpcCoreManager); return NULL; } - pRpcCoreManager->pWow64CoreCtxt = pRpcCoreManager->pWow64Core->RpcCoreInitFn(); + pRpcCoreManager->pWow64CoreCtxt = pRpcCoreManager->pWow64Core->RpcCoreInitFn(bForce); #endif return (pRpcCoreManager); } diff --git a/RpcView/RpcView.cpp b/RpcView/RpcView.cpp index 7b834ec..cfa1b9e 100644 --- a/RpcView/RpcView.cpp +++ b/RpcView/RpcView.cpp @@ -302,7 +302,7 @@ int DecompileAllInterfaces(RpcCore_T* pRpcCore) EnumCtxt.pRpcDecompilerHelper = pRpcDecompilerHelper; EnumCtxt.pRpcCore = pRpcCore; - EnumCtxt.pRpcCoreCtxt = pRpcCore->RpcCoreInitFn(); + EnumCtxt.pRpcCoreCtxt = pRpcCore->RpcCoreInitFn(FALSE); if (EnumCtxt.pRpcCoreCtxt==NULL) goto End; _cprintf("Start scanning...\n"); @@ -328,20 +328,28 @@ End: HICON hMainIcon; UCHAR CurrentDirectory[MAX_PATH]; UCHAR* pSeparator; - + int ret = 0; #ifdef _DEBUG _CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE); _CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDOUT); #else - int argc = 1; - char* pCmdLineA = NULL; - char** argv = &pCmdLineA; - - UNREFERENCED_PARAMETER(pCmdLine); + int argc = 0; + UNREFERENCED_PARAMETER(hInstance); UNREFERENCED_PARAMETER(hPrevInstance); UNREFERENCED_PARAMETER(nCmdShow); - pCmdLineA = GetCommandLineA(); + pCmdLine = GetCommandLineW(); + + LPWSTR* argvw = CommandLineToArgvW(pCmdLine, &argc); + + char** argv = (char**)malloc(argc*sizeof(char*)); + for (int i = 0; i < argc; i++) + { + size_t tmpSize = lstrlenW(argvw[i]) * 2 + 2; + argv[i] = (char*)malloc(tmpSize); + wcstombs_s(&tmpSize, argv[i], tmpSize, argvw[i], tmpSize); + } + #endif QApplication app(argc, argv); QSettings Settings(RPC_VIEW_ORGANIZATION_NAME, RPC_VIEW_APPLICATION_NAME); @@ -359,20 +367,41 @@ End: #ifdef _DEBUG if (argc>1) { - if (!_stricmp(argv[1],"/DA")) + for (int curArg = 1; curArg < argc; curArg++) { - DecompileAllInterfaces(&gRpcCoreManager); + if (!_stricmp(argv[1], "/DA")) + { + DecompileAllInterfaces(&gRpcCoreManager); + _CrtDumpMemoryLeaks(); + } + else if (!_stricmp(argv[1], "/f")) + { + gRpcCoreManager.bForceLoading = TRUE; + } + else + { + _cprintf("Usage %s: [/f] [/DA]\n", argv[0]); + _cprintf(" /f : force loading for unsupported runtime versions \n"); + _cprintf(" /DA : decompile all interfaces\n"); + } + } + // + //return 0; + } +#else + if (argc>1) + { + if (argvw[1] && !wcsncmp(argvw[1], L"/f", 2)) + { + gRpcCoreManager.bForceLoading = TRUE; } else { - _cprintf("Usage %s: [/DA]\n",argv[0]); - _cprintf(" /DA : decompile all interfaces\n"); + _cprintf("Usage %s: [/f]\n", argv[0]); + _cprintf(" /f : force loading for unsupported runtime versions \n"); } - _CrtDumpMemoryLeaks(); - return 0; } #endif - pMainWindow = new MainWindow_C(&gRpcCoreManager); hMainIcon = LoadIcon(GetModuleHandle(NULL), MAKEINTRESOURCE(ID_MAIN_ICON)); @@ -381,5 +410,12 @@ End: pMainWindow->setWindowIcon(QtWin::fromHICON(hMainIcon)); DestroyIcon(hMainIcon); } - return app.exec(); + ret = app.exec(); + +#ifndef _DEBUG + for (int i = 0; i < argc; i++) + free(argv[i]); + free(argv); +#endif + return ret; } \ No newline at end of file