📄 printwinsta.dpr
字号:
//Seems DuplicateHandle can duplicate handles to user objects...
program PrintWinSta;
{$APPTYPE CONSOLE}
uses Windows, SysUtils, ApiHooks, PrcWorks;
type
TRAP = function(Priv : LongWord; Enable : Boolean; EnThread : LongWord; var WasEn : Boolean) : LongWord; stdcall;
TGPWS = function() : LongWord; stdcall;
function GetWinSta(pGetProcessWindowStation : TGPWS) : LongWord; stdcall; begin
GetWinSta := pGetProcessWindowStation();
end;
procedure xxxDummy; begin
end;
var
PID : Integer;
RAP : TRAP;
WasEn : Boolean;
hTarget : LongWord = 0;
AHResult : LongWord;
pGPWS : Pointer;
hTargetWinSta : LongWord = 0;
SizeReq : LongWord;
NameWinSta : array[0..259] of Char;
begin
if ParamCount <> 1 then
WriteLn(Format('Usage: %s <ProcessName>', [ParamStr(0)]))
else begin
PID := ProcessName2PID(PChar(ParamStr(1)));
if (PID = PW_PIDERROR) or (PID = PW_SESERROR) then
WriteLn(Format('''%s'' doesn''t exist!', [ParamStr(1)]))
else
if (PID = PW_MEMERROR) then
WriteLn('Not enough memory!')
else begin
RAP := GetProcAddress(GetModuleHandle('ntdll.dll'), 'RtlAdjustPrivilege');
if @RAP <> nil then
RAP(20, TRUE, 0, WasEn);
hTarget := OpenProcess(PROCESS_DUP_HANDLE, FALSE, PID);
if hTarget <> 0 then begin
pGPWS := GetProcAddress(GetModuleHandle('USER32.dll'), 'GetProcessWindowStation');
AHResult := RemoteExecute(nil, PID, 10000, @GetWinSta,
LongWord(@xxxDummy) - LongWord(@GetWinSta) +sizeof(LongWord)-1,
pGPWS);
if (ErrorAHMin <= AHResult) and (AHResult <= ErrorAHPrepare) then
WriteLn('Can''t prepare remote execution!')
else
if ErrorAHTimeOut = AHResult then
WriteLn('Not enough time to get result!')
else
if ErrorAHRemote = AHResult then
WriteLn('Address of GPWS is not valid in target!') // check RCINFO for RC_PF_NATIVE
else
if 0 = AHResult then
WriteLn('GPWS failed!')
else
if DuplicateHandle(hTarget, AHResult, GetCurrentProcess, @hTargetWinSta,
0, FALSE, DUPLICATE_SAME_ACCESS) then
if GetUserObjectInformation(hTargetWinSta, UOI_NAME, @NameWinSta, 260, SizeReq) then
WriteLn(Format('%s''s WinSta = ''%s''', [ParamStr(1), NameWinSta]))
else
WriteLn('Can''t get WinSta name!')
else
WriteLn('Can''t duplicate handle!');
CloseHandle(hTarget);
end
else
WriteLn(Format('Can''t open ''%s''!', [ParamStr(1)]));
end;
end;
ReadLn;
end.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -