mirror of
https://github.com/pbatard/rufus.git
synced 2025-05-21 02:15:11 -04:00
[process] print access rights
* Also clean up the code
This commit is contained in:
Pete Batard
parent
7b86943266
commit
7b37208820
3 changed files with 36 additions and 40 deletions
|
|
@ -345,6 +345,7 @@ ULONG PhGetObjectTypeNumber(PUNICODE_STRING TypeName)
|
||||||
*/
|
*/
|
||||||
BOOL SearchProcess(char* HandleName, BOOL bPartialMatch, BOOL bIgnoreSelf)
|
BOOL SearchProcess(char* HandleName, BOOL bPartialMatch, BOOL bIgnoreSelf)
|
||||||
{
|
{
|
||||||
|
const char *access_rights_str[4] = { "n", "r", "w", "rw" };
|
||||||
NTSTATUS status = STATUS_SUCCESS;
|
NTSTATUS status = STATUS_SUCCESS;
|
||||||
PSYSTEM_HANDLE_INFORMATION_EX handles = NULL;
|
PSYSTEM_HANDLE_INFORMATION_EX handles = NULL;
|
||||||
POBJECT_NAME_INFORMATION buffer = NULL;
|
POBJECT_NAME_INFORMATION buffer = NULL;
|
||||||
|
|
@ -361,14 +362,15 @@ BOOL SearchProcess(char* HandleName, BOOL bPartialMatch, BOOL bIgnoreSelf)
|
||||||
HANDLE dupHandle = NULL;
|
HANDLE dupHandle = NULL;
|
||||||
HANDLE processHandle = NULL;
|
HANDLE processHandle = NULL;
|
||||||
BOOLEAN bFound = FALSE;
|
BOOLEAN bFound = FALSE;
|
||||||
char exe[2][MAX_PATH];
|
ULONG access_rights = 0;
|
||||||
int cur_exe, cur_pid;
|
char exe_path[MAX_PATH];
|
||||||
|
int cur_pid;
|
||||||
|
|
||||||
PF_INIT_OR_SET_STATUS(NtQueryObject, Ntdll);
|
PF_INIT_OR_SET_STATUS(NtQueryObject, Ntdll);
|
||||||
PF_INIT_OR_SET_STATUS(NtDuplicateObject, NtDll);
|
PF_INIT_OR_SET_STATUS(NtDuplicateObject, NtDll);
|
||||||
PF_INIT_OR_SET_STATUS(NtClose, NtDll);
|
PF_INIT_OR_SET_STATUS(NtClose, NtDll);
|
||||||
#ifdef USE_OBJECT_TYPES
|
#ifdef USE_OBJECT_TYPES
|
||||||
PF_INIT(RtlInitUnicodeString, NtDll);
|
PF_INIT_OR_SET_STATUS(RtlInitUnicodeString, NtDll);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (NT_SUCCESS(status))
|
if (NT_SUCCESS(status))
|
||||||
|
|
@ -382,10 +384,9 @@ BOOL SearchProcess(char* HandleName, BOOL bPartialMatch, BOOL bIgnoreSelf)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
pid[0] = (ULONG_PTR)NULL;
|
exe_path[0] = 0;
|
||||||
|
pid[0] = (ULONG_PTR)0;
|
||||||
cur_pid = 1;
|
cur_pid = 1;
|
||||||
exe[0][0] = 0;
|
|
||||||
cur_exe = 1;
|
|
||||||
|
|
||||||
wHandleName = utf8_to_wchar(HandleName);
|
wHandleName = utf8_to_wchar(HandleName);
|
||||||
wHandleNameLen = (USHORT)wcslen(wHandleName);
|
wHandleNameLen = (USHORT)wcslen(wHandleName);
|
||||||
|
|
@ -400,7 +401,6 @@ BOOL SearchProcess(char* HandleName, BOOL bPartialMatch, BOOL bIgnoreSelf)
|
||||||
fileObjectTypeIndex = PhGetObjectTypeNumber(&fileTypeName);
|
fileObjectTypeIndex = PhGetObjectTypeNumber(&fileTypeName);
|
||||||
if (fileObjectTypeIndex < 0)
|
if (fileObjectTypeIndex < 0)
|
||||||
uprintf("Warning: Could not get Object Index for file types");
|
uprintf("Warning: Could not get Object Index for file types");
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
for (i = 0; ; i++) {
|
for (i = 0; ; i++) {
|
||||||
|
|
@ -426,6 +426,14 @@ BOOL SearchProcess(char* HandleName, BOOL bPartialMatch, BOOL bIgnoreSelf)
|
||||||
|
|
||||||
if (pid[0] != pid[1]) {
|
if (pid[0] != pid[1]) {
|
||||||
cur_pid = (cur_pid + 1) % 2;
|
cur_pid = (cur_pid + 1) % 2;
|
||||||
|
|
||||||
|
// If we're switching process and found a match, print it
|
||||||
|
if (bFound) {
|
||||||
|
uprintf("o '%s' (pid: %ld, access: %s)", exe_path, pid[cur_pid], access_rights_str[access_rights & 0x3]);
|
||||||
|
bFound = FALSE;
|
||||||
|
access_rights = 0;
|
||||||
|
}
|
||||||
|
|
||||||
// Close the previous handle
|
// Close the previous handle
|
||||||
if (processHandle != NULL) {
|
if (processHandle != NULL) {
|
||||||
if (processHandle != NtCurrentProcess())
|
if (processHandle != NtCurrentProcess())
|
||||||
|
|
@ -483,7 +491,7 @@ BOOL SearchProcess(char* HandleName, BOOL bPartialMatch, BOOL bIgnoreSelf)
|
||||||
// A loop is needed because the I/O subsystem likes to give us the wrong return lengths...
|
// A loop is needed because the I/O subsystem likes to give us the wrong return lengths...
|
||||||
do {
|
do {
|
||||||
ULONG returnSize;
|
ULONG returnSize;
|
||||||
// TODO: We might still need a timeout on ObjectName queries, as PH does...
|
// TODO: We might potentially still need a timeout on ObjectName queries, as PH does...
|
||||||
status = pfNtQueryObject(dupHandle, ObjectNameInformation, buffer, bufferSize, &returnSize);
|
status = pfNtQueryObject(dupHandle, ObjectNameInformation, buffer, bufferSize, &returnSize);
|
||||||
if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_INFO_LENGTH_MISMATCH ||
|
if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_INFO_LENGTH_MISMATCH ||
|
||||||
status == STATUS_BUFFER_TOO_SMALL) {
|
status == STATUS_BUFFER_TOO_SMALL) {
|
||||||
|
|
@ -513,28 +521,25 @@ BOOL SearchProcess(char* HandleName, BOOL bPartialMatch, BOOL bIgnoreSelf)
|
||||||
if (wcsncmp(wHandleName, buffer->Name.Buffer, wHandleNameLen) != 0)
|
if (wcsncmp(wHandleName, buffer->Name.Buffer, wHandleNameLen) != 0)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (!bFound) {
|
// If we are here, we have a process accessing our target!
|
||||||
uprintf("\r\nNOTE: The following process(es) are accessing %s:", HandleName);
|
bFound = TRUE;
|
||||||
bFound = TRUE;
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: only list processes with conflicting access rights (ignore "Read attributes" or "Synchronize")
|
// Keep a mask of all the access rights being used
|
||||||
if (GetModuleFileNameExU(processHandle, 0, exe[cur_exe], MAX_PATH - 1)) {
|
access_rights |= handleInfo->GrantedAccess;
|
||||||
// Avoid printing the same path repeatedly
|
|
||||||
if (strcmp(exe[0], exe[1]) != 0) {
|
// If this is the very first process we find, print a header
|
||||||
uprintf("o %s", exe[cur_exe]);
|
if (exe_path[0] == 0)
|
||||||
cur_exe = (cur_exe + 1) % 2;
|
uprintf("\r\nNOTE: The following process(es) or service(s) are accessing %s:", HandleName);
|
||||||
}
|
|
||||||
} else {
|
if (!GetModuleFileNameExU(processHandle, 0, exe_path, MAX_PATH - 1))
|
||||||
uprintf("o Unknown (Process ID %d)", GetProcessId(processHandle));
|
safe_sprintf(exe_path, MAX_PATH, "Unknown_Process_%ld", handleInfo->UniqueProcessId);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
out:
|
out:
|
||||||
if (bFound)
|
if (exe_path[0] != 0)
|
||||||
uprintf("You should try to close these applications before attempting to reformat the drive.");
|
uprintf("You should try to close these applications before attempting to reformat the drive.");
|
||||||
else
|
else
|
||||||
uprintf("NOTE: " APPLICATION_NAME " was not able to identify the process(es) preventing access to %s", HandleName);
|
uprintf(APPLICATION_NAME " was unable to identify the process(es) or service(s) preventing access to %s", HandleName);
|
||||||
|
|
||||||
free(wHandleName);
|
free(wHandleName);
|
||||||
PhFree(buffer);
|
PhFree(buffer);
|
||||||
|
|
|
||||||
|
|
@ -109,18 +109,9 @@ typedef struct _OBJECT_TYPE_INFORMATION
|
||||||
ULONG DefaultNonPagedPoolCharge;
|
ULONG DefaultNonPagedPoolCharge;
|
||||||
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
|
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
|
||||||
|
|
||||||
typedef enum _MY_OBJECT_INFORMATION_CLASS
|
#define ObjectNameInformation 1
|
||||||
{
|
|
||||||
_ObjectBasicInformation, // OBJECT_BASIC_INFORMATION
|
|
||||||
ObjectNameInformation, // OBJECT_NAME_INFORMATION
|
|
||||||
_ObjectTypeInformation, // OBJECT_TYPE_INFORMATION
|
|
||||||
ObjectTypesInformation, // OBJECT_TYPES_INFORMATION
|
|
||||||
ObjectHandleFlagInformation, // OBJECT_HANDLE_FLAG_INFORMATION
|
|
||||||
ObjectSessionInformation,
|
|
||||||
ObjectSessionObjectInformation,
|
|
||||||
MaxObjectInfoClass
|
|
||||||
} MY_OBJECT_INFORMATION_CLASS;
|
|
||||||
#endif
|
#endif
|
||||||
|
#define ObjectTypesInformation 3
|
||||||
|
|
||||||
typedef struct _OBJECT_TYPES_INFORMATION
|
typedef struct _OBJECT_TYPES_INFORMATION
|
||||||
{
|
{
|
||||||
|
|
|
||||||
10
src/rufus.rc
10
src/rufus.rc
|
|
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
|
||||||
IDD_DIALOG DIALOGEX 12, 12, 242, 376
|
IDD_DIALOG DIALOGEX 12, 12, 242, 376
|
||||||
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
||||||
EXSTYLE WS_EX_ACCEPTFILES
|
EXSTYLE WS_EX_ACCEPTFILES
|
||||||
CAPTION "Rufus 2.15.1100"
|
CAPTION "Rufus 2.15.1101"
|
||||||
FONT 8, "Segoe UI Symbol", 400, 0, 0x0
|
FONT 8, "Segoe UI Symbol", 400, 0, 0x0
|
||||||
BEGIN
|
BEGIN
|
||||||
LTEXT "Device",IDS_DEVICE_TXT,9,6,200,8
|
LTEXT "Device",IDS_DEVICE_TXT,9,6,200,8
|
||||||
|
|
@ -334,8 +334,8 @@ END
|
||||||
//
|
//
|
||||||
|
|
||||||
VS_VERSION_INFO VERSIONINFO
|
VS_VERSION_INFO VERSIONINFO
|
||||||
FILEVERSION 2,15,1100,0
|
FILEVERSION 2,15,1101,0
|
||||||
PRODUCTVERSION 2,15,1100,0
|
PRODUCTVERSION 2,15,1101,0
|
||||||
FILEFLAGSMASK 0x3fL
|
FILEFLAGSMASK 0x3fL
|
||||||
#ifdef _DEBUG
|
#ifdef _DEBUG
|
||||||
FILEFLAGS 0x1L
|
FILEFLAGS 0x1L
|
||||||
|
|
@ -352,13 +352,13 @@ BEGIN
|
||||||
BEGIN
|
BEGIN
|
||||||
VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)"
|
VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)"
|
||||||
VALUE "FileDescription", "Rufus"
|
VALUE "FileDescription", "Rufus"
|
||||||
VALUE "FileVersion", "2.15.1100"
|
VALUE "FileVersion", "2.15.1101"
|
||||||
VALUE "InternalName", "Rufus"
|
VALUE "InternalName", "Rufus"
|
||||||
VALUE "LegalCopyright", "© 2011-2017 Pete Batard (GPL v3)"
|
VALUE "LegalCopyright", "© 2011-2017 Pete Batard (GPL v3)"
|
||||||
VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html"
|
VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html"
|
||||||
VALUE "OriginalFilename", "rufus.exe"
|
VALUE "OriginalFilename", "rufus.exe"
|
||||||
VALUE "ProductName", "Rufus"
|
VALUE "ProductName", "Rufus"
|
||||||
VALUE "ProductVersion", "2.15.1100"
|
VALUE "ProductVersion", "2.15.1101"
|
||||||
END
|
END
|
||||||
END
|
END
|
||||||
BLOCK "VarFileInfo"
|
BLOCK "VarFileInfo"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue