Merge pull request #6 from TogDu/master

FEATURE/EXPERIMENTAL : Add /f flag to force runtime loading

RpcCore/RpcCore.c

@@ -52,7 +52,7 @@ typedef BOOL (WINAPI* EnumSimpleDictCallbackFn_T)(HANDLE hProcess, UINT Index, V
 BOOL	WINAPI EnumSimpleDict(HANDLE hProcess, SIMPLE_DICT_T* pSimpleDict, EnumSimpleDictCallbackFn_T EnumSimpleDictCallbackFn, VOID* pContext);
 
 // RpcCore
-VOID*				__fastcall RpcCoreInit();						//returns a private context for the RpcCoreEngine
+VOID*				__fastcall RpcCoreInit(BOOL bForce);						//returns a private context for the RpcCoreEngine
 VOID				__fastcall RpcCoreUninit(VOID* pRpcCoreCtxt);
 RpcProcessInfo_T*	__fastcall RpcCoreGetProcessInfo(void* pRpcCoreCtxt,DWORD Pid,DWORD Ppid,ULONG ProcessInfoMask);
 VOID				__fastcall RpcCoreFreeProcessInfo(void* pRpcCoreCtxt,RpcProcessInfo_T* pRpcProcessInfo);
@@ -73,6 +73,7 @@ RpcCore_T	RpcCoreHelper =
 {
 	RPC_CORE_RUNTIME_VERSION,
 	RPC_CORE_IS_WOW64,
+	FALSE,
 	&RpcCoreInit,
 	&RpcCoreUninit,
 	&RpcCoreGetProcessInfo,
@@ -270,7 +271,7 @@ End:
 
 
 //------------------------------------------------------------------------------
-VOID* __fastcall RpcCoreInit()
+VOID* __fastcall RpcCoreInit(BOOL bForce)
 {
 	UINT64					RuntimVersion;
 	RpcCoreInternalCtxt_T*	pRpcCoreInternalCtxt=NULL;
@@ -290,6 +291,11 @@ VOID* __fastcall RpcCoreInit()
 	RuntimVersion=GetModuleVersion(RpcRuntimePath);
 	for (i = 0; i < sizeof(RPC_CORE_RUNTIME_VERSION); i++)
 	{
+		if (bForce && ((RuntimVersion & 0xFFFFFFFF00000000) == (RPC_CORE_RUNTIME_VERSION[i] & 0xFFFFFFFF00000000)))
+		{
+			bFound = TRUE;
+			break;
+		}
 		if (RuntimVersion == RPC_CORE_RUNTIME_VERSION[i])
 		{
 			bFound = TRUE;

RpcCore/RpcCore.h

@@ -178,7 +178,7 @@ typedef BOOL (__fastcall* RpcCoreEnumProcessAuthInfoCallbackFn_T)(DWORD Pid, Rpc
 // Type definitions
 ////////////////////////////////////////////////////////////////////////////////
 
-typedef VOID*				(__fastcall* RpcCoreInitFn_T)();
+typedef VOID*				(__fastcall* RpcCoreInitFn_T)(BOOL bForce);
 typedef VOID				(__fastcall* RpcCoreUninitFn_T)(VOID* pRpcCoreCtxt);
 typedef RpcProcessInfo_T*	(__fastcall* RpcCoreGetProcessInfoFn_T)(void* pRpcCoreCtxt, DWORD Pid, DWORD Ppid,ULONG ProcessInfoMask);
 typedef VOID				(__fastcall* RpcCoreFreeProcessInfoFn_T)(void* pRpcCoreCtxt, RpcProcessInfo_T* pRpcProcessInfo);
@@ -193,6 +193,7 @@ typedef struct _RpcCore_T{
 	UINT64*								RuntimeVersion;		//the supported version (forx example 0x600011DB04001LL (6.1.7600.16385) for Windows 7 64bits )
 	//const char*							pDescription;
 	BOOL								bWow64Helper;
+	BOOL								bForceLoading;
 	RpcCoreInitFn_T						RpcCoreInitFn;
 	RpcCoreUninitFn_T					RpcCoreUninitFn;
 	RpcCoreGetProcessInfoFn_T			RpcCoreGetProcessInfoFn;

RpcCore/RpcCore2_32bits/RpcInternals.h

@@ -16,6 +16,7 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = {
 	0x600011DB14ABFLL,	//6.1.7601.19135
 	0x600011DB15B7BLL,	//6.1.7601.23419
 	0x600011DB15CA2LL,	//6.1.7601.23714
+    0x600011DB15D08LL,	//6.1.7601.23816
     0x600011DB15D6BLL,	//6.1.7601.23915
 };
 

RpcCore/RpcCore2_64bits/RpcInternals.h

@@ -15,6 +15,7 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = {
 	0x600011DB14ABFLL,	//6.1.7601.19135
 	0x600011DB15B7BLL,	//6.1.7601.23419
 	0x600011DB15CA2LL,	//6.1.7601.23714
+	0x600011DB15D08LL,	//6.1.7601.23816
     0x600011DB15D6BLL,	//6.1.7601.23915
 };
 

RpcCore/RpcCore4_32bits/RpcInternals.h

@@ -28,6 +28,8 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = {
 	0xA00003FAB000FLL,  //10.0.16299.15
 	0xA00003FAB00C0LL,  //10.0.16299.192
     0xA0000427903E8LL,  //10.0.17017.1000
+	0xA0000428103E8LL,  //10.0.17025.1000
+	0xA000042B203EALL,  //10.0.17074.1002
 };
 
 #ifdef _WIN64

RpcCore/RpcCore4_64bits/RpcInternals.h

@@ -28,6 +28,8 @@ static UINT64 RPC_CORE_RUNTIME_VERSION[] = {
 	0xA00003FAB000FLL,  //10.0.16299.15
 	0xA00003FAB00C0LL,  //10.0.16299.192
     0xA0000427903E8LL,  //10.0.17017.1000
+	0xA0000428103E8LL,  //10.0.17025.1000
+	0xA000042B203EALL,  //10.0.17074.1002
 };
 
 #define RPC_CORE_DESCRIPTION					"Windows 10 64bits runtime core"

RpcView/InitViewsVisitor.cpp

@@ -34,7 +34,7 @@ InitViewsVisitor_C::InitViewsVisitor_C(RpcCore_T* pRpcCore,void** ppRpcCoreCtxt)
 	this->pRpcCore= pRpcCore;
 
 	this->NbOfInterfaces = 0;
-	this->pRpcCoreCtxt = pRpcCore->RpcCoreInitFn();
+	this->pRpcCoreCtxt = pRpcCore->RpcCoreInitFn(pRpcCore->bForceLoading);
 	if (this->pRpcCoreCtxt==NULL) goto End;
 	*ppRpcCoreCtxt = this->pRpcCoreCtxt;
 

RpcView/MainWindow.cpp

@@ -22,6 +22,15 @@
 #define MANUAL_REFRESH_SPEED		0
 #define SHELL_EXECUTE_SUCCESS		((HINSTANCE)42)		// According to the doc, welcome the 16-bit compatibilty
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+	extern    RpcCore_T	gRpcCoreManager;
+
+#ifdef __cplusplus
+}
+#endif
 
 extern ULONG	NTAPI DecompilerExceptionFilter(EXCEPTION_POINTERS* pExceptionPointers);
 extern HMODULE	NTAPI LoadDecompilerEngine(RpcDecompilerHelper_T** ppRpcDecompilerHelper);
@@ -300,7 +309,10 @@ void MainWindow_C::ViewDetailsForAllProcesses()
 	UCHAR		FilePath[MAX_PATH];
 	
 	GetModuleFileNameA(NULL,(LPSTR)FilePath,_countof(FilePath));
-	hInstance = ShellExecuteA(NULL, "runas", (LPCSTR)FilePath, 0, 0, SW_SHOWNORMAL);
+	if (gRpcCoreManager.bForceLoading)
+		hInstance = ShellExecuteA(NULL, "runas", (LPCSTR)FilePath, "/f", 0, SW_SHOWNORMAL);
+	else
+		hInstance = ShellExecuteA(NULL, "runas", (LPCSTR)FilePath, 0, 0, SW_SHOWNORMAL);
 	if ( hInstance == SHELL_EXECUTE_SUCCESS)
 	{
 		Exit();

RpcView/RpcCoreManager.c

@@ -13,7 +13,7 @@ typedef struct _RpcCoreManager_T{
 }RpcCoreManager_T; 
 
 // RpcCore
-VOID*				__fastcall RpcCoreInit();						//returns a private context for the RpcCoreEngine
+VOID*				__fastcall RpcCoreInit(BOOL bForce);						//returns a private context for the RpcCoreEngine
 VOID				__fastcall RpcCoreUninit(VOID* pRpcCoreCtxt);
 RpcProcessInfo_T*	__fastcall RpcCoreGetProcessInfo(void* pRpcCoreCtxt, DWORD Pid, DWORD Ppid, ULONG ProcessInfoMask);
 VOID				__fastcall RpcCoreFreeProcessInfo(void* pRpcCoreCtxt, RpcProcessInfo_T* pRpcProcessInfo);
@@ -29,6 +29,7 @@ RpcCore_T	gRpcCoreManager =
     0,
     //"Generic RpcCore Manager",
     FALSE,
+	FALSE,
     &RpcCoreInit,
     &RpcCoreUninit,
     &RpcCoreGetProcessInfo,
@@ -41,7 +42,7 @@ RpcCore_T	gRpcCoreManager =
 };
 
 //------------------------------------------------------------------------------
-BOOL NTAPI LoadCoreEngine(RpcCore_T** ppRpcCoreHelper, void** ppRpcCoreCtxt, BOOL bWow64Helper)
+BOOL NTAPI LoadCoreEngine(RpcCore_T** ppRpcCoreHelper, void** ppRpcCoreCtxt, BOOL bWow64Helper, BOOL bForce)
 {
     WIN32_FIND_DATAA	Win32FindData;
     HMODULE				hLib;
@@ -60,7 +61,7 @@ BOOL NTAPI LoadCoreEngine(RpcCore_T** ppRpcCoreHelper, void** ppRpcCoreCtxt, BOO
             pRpcCoreHelper = (RpcCore_T*)(ULONG_PTR)GetProcAddress(hLib, RPC_CORE_EXPORT_SYMBOL);
             if (pRpcCoreHelper != NULL)
             {
-                *ppRpcCoreCtxt = pRpcCoreHelper->RpcCoreInitFn();
+                *ppRpcCoreCtxt = pRpcCoreHelper->RpcCoreInitFn(bForce);
                 if (*ppRpcCoreCtxt != NULL)
                 {
                     pRpcCoreHelper->RpcCoreUninitFn(*ppRpcCoreCtxt);
@@ -86,13 +87,13 @@ End:
 
 
 //-----------------------------------------------------------------------------
-VOID* __fastcall RpcCoreInit()
+VOID* __fastcall RpcCoreInit(BOOL bForce)
 {
     RpcCoreManager_T*   pRpcCoreManager;
 
     pRpcCoreManager = (RpcCoreManager_T*)OS_ALLOC(sizeof(RpcCoreManager_T));
 
-    if (!LoadCoreEngine(&pRpcCoreManager->pNativeCore, &pRpcCoreManager->pNativeCoreCtxt, FALSE))
+    if (!LoadCoreEngine(&pRpcCoreManager->pNativeCore, &pRpcCoreManager->pNativeCoreCtxt, FALSE, bForce))
     {
 		const char Caption[]	= "Unsupported runtime version";
 #ifdef _WIN64
@@ -107,14 +108,14 @@ VOID* __fastcall RpcCoreInit()
 #endif
 		ExitProcess(0);
     }
-    pRpcCoreManager->pNativeCoreCtxt = pRpcCoreManager->pNativeCore->RpcCoreInitFn();
+	pRpcCoreManager->pNativeCoreCtxt = pRpcCoreManager->pNativeCore->RpcCoreInitFn(bForce);
 #ifdef _WIN64
-    if (!LoadCoreEngine(&pRpcCoreManager->pWow64Core, &pRpcCoreManager->pWow64CoreCtxt, TRUE))
+    if (!LoadCoreEngine(&pRpcCoreManager->pWow64Core, &pRpcCoreManager->pWow64CoreCtxt, TRUE,bForce))
     {
         OS_FREE(pRpcCoreManager);
         return NULL;
     }
-    pRpcCoreManager->pWow64CoreCtxt = pRpcCoreManager->pWow64Core->RpcCoreInitFn();
+	pRpcCoreManager->pWow64CoreCtxt = pRpcCoreManager->pWow64Core->RpcCoreInitFn(bForce);
 #endif
     return (pRpcCoreManager);
 }

RpcView/RpcView.cpp

@@ -302,7 +302,7 @@ int DecompileAllInterfaces(RpcCore_T* pRpcCore)
 
 	EnumCtxt.pRpcDecompilerHelper	= pRpcDecompilerHelper;
     EnumCtxt.pRpcCore               = pRpcCore;
-    EnumCtxt.pRpcCoreCtxt           = pRpcCore->RpcCoreInitFn();
+    EnumCtxt.pRpcCoreCtxt           = pRpcCore->RpcCoreInitFn(FALSE);
     if (EnumCtxt.pRpcCoreCtxt==NULL) goto End;
 
 	_cprintf("Start scanning...\n");
@@ -328,20 +328,28 @@ End:
 	HICON			hMainIcon;
 	UCHAR			CurrentDirectory[MAX_PATH];
 	UCHAR*			pSeparator;
-
+	int ret = 0;
 #ifdef _DEBUG
 	_CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE);
 	_CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDOUT);
 #else
-	int				argc		= 1;
+	int				argc		= 0;
-	char*			pCmdLineA	= NULL;
+	
-	char**			argv		= &pCmdLineA;
-
-    UNREFERENCED_PARAMETER(pCmdLine);
     UNREFERENCED_PARAMETER(hInstance);
     UNREFERENCED_PARAMETER(hPrevInstance);
     UNREFERENCED_PARAMETER(nCmdShow);
-	pCmdLineA = GetCommandLineA();
+	pCmdLine = GetCommandLineW();
+
+	LPWSTR* argvw = CommandLineToArgvW(pCmdLine, &argc);
+
+	char** argv = (char**)malloc(argc*sizeof(char*));
+	for (int i = 0; i < argc; i++)
+	{
+		size_t tmpSize = lstrlenW(argvw[i]) * 2 + 2;
+		argv[i] = (char*)malloc(tmpSize);
+		wcstombs_s(&tmpSize, argv[i], tmpSize, argvw[i], tmpSize);
+	}
+		
 #endif
 	QApplication app(argc, argv);
     QSettings   Settings(RPC_VIEW_ORGANIZATION_NAME, RPC_VIEW_APPLICATION_NAME);
@@ -359,20 +367,41 @@ End:
 #ifdef _DEBUG
 	if (argc>1)
 	{
-		if (!_stricmp(argv[1],"/DA"))
+		for (int curArg = 1; curArg < argc; curArg++)
 		{
-            DecompileAllInterfaces(&gRpcCoreManager);
+			if (!_stricmp(argv[1], "/DA"))
+			{
+				DecompileAllInterfaces(&gRpcCoreManager);
+				_CrtDumpMemoryLeaks();
+			}
+			else if (!_stricmp(argv[1], "/f"))
+			{
+				gRpcCoreManager.bForceLoading = TRUE;
+			}
+			else
+			{
+				_cprintf("Usage %s: [/f] [/DA]\n", argv[0]);
+				_cprintf("  /f : force loading for unsupported runtime versions \n");
+				_cprintf("  /DA : decompile all interfaces\n");
+			}
+		}
+		//
+		//return 0;
+	}
+#else
+	if (argc>1)
+	{
+		if (argvw[1] && !wcsncmp(argvw[1], L"/f", 2))
+		{
+			gRpcCoreManager.bForceLoading = TRUE;
 		}
 		else
 		{
-			_cprintf("Usage %s: [/DA]\n",argv[0]);
+			_cprintf("Usage %s: [/f]\n", argv[0]);
-			_cprintf("  /DA : decompile all interfaces\n");
+			_cprintf("  /f : force loading for unsupported runtime versions \n");
 		}
-		_CrtDumpMemoryLeaks();
-		return 0;
 	}
 #endif
-
     pMainWindow = new MainWindow_C(&gRpcCoreManager);
 
 	hMainIcon = LoadIcon(GetModuleHandle(NULL), MAKEINTRESOURCE(ID_MAIN_ICON));
@@ -381,5 +410,12 @@ End:
 		pMainWindow->setWindowIcon(QtWin::fromHICON(hMainIcon));
 		DestroyIcon(hMainIcon);
 	}
-	return app.exec();
+	ret =  app.exec();
+
+#ifndef _DEBUG
+	for (int i = 0; i < argc; i++)
+		free(argv[i]);
+	free(argv);
+#endif
+	return ret;
 }