I made a program that captures every keystroke and prints it in the terminal. The problem is it is all in upper case and I can't figure how to do it properly. I can post the code if it is gonna help.
Main:
#include <stdio.h>
#include <stdlib.h>
#include <Windows.h>
#include <TestLibrary.h>
#pragma comment( lib, "user32" )
int main()
{
fun();
printf("Loading library\n");
HMODULE libHandle = LoadLibraryA("TestLibrary");
if (libHandle == NULL) printf("***ERROR*** loading library\n");
printf("Getting address of hook procedure\n");
HOOKPROC procAddress = (HOOKPROC)GetProcAddress(libHandle, "KeyboardProc");
if (procAddress == NULL) printf("***ERROR*** getting address\n");
printf("Installing hook\n");
HHOOK hook = SetWindowsHookEx(WH_KEYBOARD_LL, procAddress, libHandle, 0);
if (hook == NULL) printf("***ERROR*** installing hook\n");
printf("Entering message loop\n");
while (GetMessage(NULL, NULL, 0, 0));
}
DLL:
#include "pch.h"
#include <stdio.h>
#include <stdlib.h>
#include "TestLibrary.h"
void fun()
{
printf("Program started\n");
}
LRESULT CALLBACK KeyboardProc(_In_ int code, _In_ WPARAM wParam, _In_ LPARAM lParam)
{
if (wParam == WM_KEYDOWN)
{
PKBDLLHOOKSTRUCT tmp = (PKBDLLHOOKSTRUCT)lParam;
char c = MapVirtualKeyA(tmp->vkCode, 2);
if (tmp->vkCode == VK_RETURN)
printf("\n");
else if (tmp->vkCode == VK_BACK)
printf("\b \b");
else
printf("%c", c);
}
return CallNextHookEx(NULL, code, wParam, lParam);
MapVirtualKey[A]/[W]/[ExA]/[ExW] has a known broken behaviour.
The docs are lying you about MAPVK_VK_TO_CHAR or 2 mode. It is said:
The uCode parameter is a virtual-key code and is translated into an
unshifted character value in the low order word of the return value.
Dead keys (diacritics) are indicated by setting the top bit of the
return value. If there is no translation, the function returns 0.
But according to experiments and leaked Windows XP source code (in \windows\core\ntuser\kernel\xlate.c file) it contains different behaviour for 'A'..'Z' VKs (that are specifically not defined in Win32 API WinUser.h header and are equivalent to 'A'..'Z' ASCII chars):
case 2:
/*
* Bogus Win3.1 functionality: despite SDK documenation, return uppercase for
* VK_A through VK_Z
*/
if ((wCode >= (WORD)'A') && (wCode <= (WORD)'Z')) {
return wCode;
}
For other buttons it works as described. And this behavior is even more annoying considering that, for example for US English keyboard layout it returns:
VK_Q (0x51) -> `Q` (U+0051 Latin Capital Letter Q)
VK_OEM_PERIOD (0xbe) -> `.` (U+002E Full Stop)
But for Russian keyboard layout it returns:
VK_Q (0x51) -> `Q` (U+0051 Latin Capital Letter Q) <- here it should return `й` (U+0439 Cyrillic Small Letter Short I) according to docs
VK_OEM_PERIOD (0xbe) -> `ю` (U+044E Cyrillic Small Letter Yu)
Not sure why MS decided to pull this bug from Win 3.1 but current situation on my Windows 10 is like this.
As a workaround I can recommend you to use ToUnicode[Ex] API that can do this mapping for you:
wchar_t VkToChar(uint16_t vk, bool isShift = false)
{
uint16_t sc = MapVirtualKeyW(vk, MAPVK_VK_TO_VSC);
const uint32_t flags = 1 << 2; // Do not change keyboard state of this thread
static uint8_t state[256] = { 0 };
state[VK_SHIFT] = isShift << 7; // Modifiers set the high-order bit when pressed
wchar_t unicodeChar;
if (ToUnicode(vk, sc, state, &unicodeChar, 1, flags) != 1)
return L'\0';
if (!std::iswprint(unicodeChar))
return L'\0';
return unicodeChar;
}
Or even better: if you have Win32 message loop - just use TranslateMessage() (that calls ToUnicode() inside its code) and then process WM_CHAR message.
Related
On windows you can capturing the stack trace using CaptureStackBackTrace as
void* frames[USHRT_MAX];
USHORT framesCount = CaptureStackBackTrace(0, USHRT_MAX, frames, NULL);
However, capturing it by smaller chunks in a loop to avoid allocating a USHRT_MAX buffer doesn't provide the same result.
This code
#include <Windows.h>
#include <assert.h>
#include <stdio.h>
__declspec(noinline) void CheckStack(void)
{
printf("Checking stack...\n");
void* entireStack[USHRT_MAX];
USHORT frameCount = CaptureStackBackTrace(0, USHRT_MAX, entireStack, NULL);
printf("Stack size is: %u\n", frameCount);
ULONG frameOffset = 1;
for (;;)
{
void* chunk[64];
USHORT framesFound = CaptureStackBackTrace(frameOffset, 64, chunk, NULL);
if (framesFound)
{
if (memcmp(entireStack + frameOffset, chunk, sizeof(chunk)) != 0)
{
printf("Incorrect content\n");
}
frameOffset += (ULONG)framesFound;
}
else
{
break;
}
}
if (frameCount != frameOffset)
{
printf("Incorrect count (%u != %u)\n", frameCount, frameOffset);
}
printf("Done\n");
}
__declspec(noinline) void Test(int i)
{
if (i != 500)
Test(++i);
else
CheckStack();
}
int main()
{
Test(0);
}
produces the following output
Checking stack...
Stack size is: 507
Incorrect count (507 != 257)
Done
when building as cl /Od main.c /link /OUT:main.exe.
Am I using the FramesToSkip parameter incorrectly or why are the counts not equal?
If you are using Windows Server 2003 and Windows XP,
The sum of the FramesToSkip and FramesToCapture parameters must be
less than 63.
That's in document.
Else, as #RbMm says, In the API source code, there is the following logic:
if(FramesToSkip>0xfe)
{
return 0; //There are too many stack structures skipped, returning directly to 0.
}
However, this is not metioned on msdn both in the CaptureStackBackTrace and RtlCaptureStackBackTrace.
I am not going to post the source code here, but prove it in debugging:
1.Create a sample:
#include <Windows.h>
#include <assert.h>
#include <stdio.h>
__declspec(noinline) void CheckStack(void)
{
void* entireStack[USHRT_MAX];
USHORT frameCount = CaptureStackBackTrace(255, USHRT_MAX, entireStack, NULL);
}
__declspec(noinline) void Test(int i)
{
if (i != 500)
Test(++i);
else
CheckStack();
}
int main()
{
Test(0);
}
2. Step into CaptureStackBackTrace in Disassembly:
You can see that dword ptr[ebp+8](the first parameter of CaptureStackBackTrace pushed in stack) will be compared with 0feh(254). If true, return 0.
I have an already written script for C that I want to use to go along with Texmod. There was post about it a long time ago but I can't access it. Basically it lets you use TexMod with arguments for the .exe like -log. I have downloaded Visual Studios 2017 and have tried compiling it using the developers console by cd to the folder than cl 'script.c' to compile it. It makes an .exe and .obj but does nothing past that, even when I double click the .exe The problem is I know java and have never done anything in the C language. Here is the code:
#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>
UINT WINAPI EzGetPid(LPCSTR procName, UINT *pid, UINT size);
int main(int argc, char *argv[])
{
if (argc < 1) {
puts("You must specifie the arguments");
return 1;
}
UINT pid = 0;
if (!EzGetPid("Texmod.exe", &pid, 1)) {
puts("You must open Texmod first.");
return 1;
}
BYTE shellcode_tramp[] = "\x58\x6A\x00\x6A\x00\x68\x00\x00\x00\x00\xFF\xE0";
UINT size_tramp = 12;
char arguments[0x500] = {0};
strcpy(arguments, argv[1]);
HANDLE proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
LPVOID remote_tramp = VirtualAllocEx(proc, NULL, 0x1000, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
LPVOID remote_args = (LPVOID)((DWORD)remote_tramp + size_tramp);
*(DWORD*)(&shellcode_tramp[6]) = (DWORD)remote_args;
WriteProcessMemory(proc, remote_tramp, shellcode_tramp, size_tramp, NULL); // Write the trampoline
WriteProcessMemory(proc, remote_args, arguments, strlen(arguments), NULL); // Write the arguments
BYTE firstCall[] = "\xE8\x00\x00\x00\x00\x90";
BYTE secondCall[] = "\xE8\x00\x00\x00\x00\x90";
*(DWORD*)(&firstCall[1]) = (DWORD)remote_tramp - 0x4012E1 - 5;
*(DWORD*)(&secondCall[1]) = (DWORD)remote_tramp - 0x40145B - 5;
WriteProcessMemory(proc, (LPVOID)0x4012E1, firstCall, 6, NULL); // Write first detour call
WriteProcessMemory(proc, (LPVOID)0x40145B, secondCall, 6, NULL); // Write second detour call
CloseHandle(proc);
return 0;
}
UINT WINAPI EzGetPid(LPCSTR procName, UINT *pid, UINT size)
{
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 buffer = {0};
buffer.dwSize = sizeof(PROCESSENTRY32);
UINT count = 0;
while (Process32Next(hSnap, &buffer) && count < size) {
if (!strcmp(buffer.szExeFile, procName))
pid[count++] = buffer.th32ProcessID;
}
CloseHandle(hSnap);
return count;
}
p.s. I added the last closed bracket as I thought I may have copied it wrong when I copied it long ago.
Do I need to use the Visual Studios interface to do this? I was wondering if someone that knows C could look at the code I'm trying to compile and help explain anything I am missing or any special instructions as to how to run it.
Thank you very much for all help.
Your program requires arguments in order to run correctly. The reason you're program doesn't do anything is because when double clicking it, you're not passing any arguments. The console is closing before you see the debug message "You must specifie the arguments".
Typically it's much easier to deal with trampoline hooks using an internal injected DLL method rather than this external method. You could start the process in a suspended state then inject your DLL to perform the trampoline hook. Then you can easily modify the function arguments of the function you're hooking.
Here is the code I use for x86 trampoline hooks
bool Detour32(BYTE* src, BYTE* dst, const uintptr_t len)
{
if (len < 5) return false;
DWORD curProtection;
VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &curProtection);
uintptr_t relativeAddress = dst - src - 5;
*src = 0xE9;
*(uintptr_t*)(src + 1) = relativeAddress;
VirtualProtect(src, len, curProtection, &curProtection);
return true;
}
BYTE* TrampHook32(BYTE* src, BYTE* dst, const uintptr_t len)
{
if (len < 5) return 0;
//Create Gateway
BYTE* gateway = (BYTE*)VirtualAlloc(0, len, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
//write the stolen bytes to the gateway
memcpy_s(gateway, len, src, len);
//Get the gateway to destination address
uintptr_t gatewayRelativeAddr = src - gateway - 5;
// add the jmp opcode to the end of the gateway
*(gateway + len) = 0xE9;
//Write the address of the gateway to the jmp
*(uintptr_t*)((uintptr_t)gateway + len + 1) = gatewayRelativeAddr;
//Perform the detour
Detour32(src, dst, len);
return gateway;
}
Here is an example of how I use it to took OpenGL's SwapBuffers function, in this example we will change the hDc argument to 1337.
typedef BOOL(__stdcall* twglSwapBuffers) (HDC hDc);
twglSwapBuffers owglSwapBuffers;
BOOL __stdcall hkwglSwapBuffers(HDC hDc)
{
hDc = 1337;
return owglSwapBuffers(hDc);
}
owglSwapBuffers = (twglSwapBuffers)mem::TrampHook32((BYTE*)owglSwapBuffers, (BYTE*)hkwglSwapBuffers, 5);
I want to extract vía SDK a video in format .hik (Hikvision) to MP4. My code is the next:
#include <stdio.h>
#include <stdlib.h>
#include "../SDK/incEn/HCNetSDK.h"
#include "Windows.h"
using namespace std;
int saveRecordFile(int userId, char * srcfile, char * destfile) {
HINSTANCE hGetProcIDDLL = LoadLibrary("D:\\ExtraccionYConversionArchivos\\c++\\Fuente\\SDK\\HCNetSDK.dll");
int bRes = 1;
int hPlayBack = 0;
if ( (hPlayBack = NET_DVR_GetFileByName(userId, srcfile, destfile)) < 0)
{
printf("Error en GetFileByName. Error[$d]\n",NET_DVR_GetLastError());
bRes = -1;
return bRes;
}
if (!NET_DVR_PlayBackControl(hPlayBack, NET_DVR_PLAYSTART,0,NULL))
{
printf("Control de play back fallido [%d]\n", NET_DVR_GetLastError());
bRes = -1;
return bRes;
}
int nPos = 0;
for (nPos = 0; nPos < 100 && nPos >= 0; nPos = NET_DVR_GetDownloadPos(hPlayBack))
{
Sleep(5000);
}
printf("Se obtuvo %d\n", nPos);
if (!NET_DVR_StopGetFile(hPlayBack))
{
printf("Error al detener descarga de archivo [%d]\n",NET_DVR_GetLastError());
bRes = -1;
return bRes;
}
printf("%s\n",srcfile);
if (nPos < 0 || nPos > 100)
{
printf("Error de descarga [%d]\n", NET_DVR_GetLastError());
bRes = -1;
return bRes;
}
else
{
return 0;
}
}
int main()
{
printf("Hello world!\n");
return 0;
}
It uses the HCNetSDK.h header, which throw me an error in multiple lines: syntax error before string constant. This header file have more than 41K lines, and most of the error are after typedef:
typedef void (CALLBACK *MSGCallBack)(LONG lCommand, NET_DVR_ALARMER *pAlarmer, char *pAlarmInfo, DWORD dwBufLen, void* pUser);
NET_DVR_API BOOL __stdcall NET_DVR_SetDVRMessageCallBack_V30(MSGCallBack fMessageCallBack, void* pUser);
What could be the problem? Before this lines, there are more than 6K typedef struct like this:
typedef struct tagNET_DVR_MATRIX_STATUS_V50
{
DWORD dwSize;
BYTE byMainFrameType;
BYTE bySoltNum;
BYTE byBoardNum;
BYTE byLCDPanelStatus;
NET_DVR_MATRIX_SUBBOARD_V50 struMatrixSubboard[MAX_MATRIX_SUBBOARD_NUM];
DWORD dwFanSequence;
DWORD dwFanConnectStatus;
DWORD dwFanOperationStatus;
BYTE byDeviceModel[32];
BYTE byRes[32];
}NET_DVR_MATRIX_STATUS_V50, *LPNET_DVR_MATRIX_STATUS_V50;
And even that I make comments over each typedef struct to catch the mistake, I couldn't figure out how.
A few things to try:
Look for another file that includes this header. Does it compile? What other headers does it use and which of those come before this header in the list?
Can you copy (duplicate and rename) this code into a C file with a simple hello world main function? It might force the compiler to tell you which line the actual problem is on.
Are you using an old compiler? I used to get problems with an old version of Visual Studio - it wasn’t up to date with C99 so it couldn’t compile certain data types (that were no problem for GNU compilers). C standards are sometimes updated and you need to use a suitable compiler (or code in an old style!).
Finally, is it possible to extract or convert the data with ffmpeg? If you can do it on a command line, there’s no need to compile any code.
I have written a small program which insert the value and its corresponding value into the Windows registry key.
Program is working fine but it is not inserting value and its corresponding value.
And one more thing when I run prog as an administrator RegSetValueEx() fails..but still inssert only the value not its data.
Please help for finding out the issue here.
My code is as follows..
#define WIN32_LEAN_AND_MEAN
#define WIN32_DEFAULT_LIBS
#ifndef _WIN32_WINNT
#define _WIN32_WINNT (0x0601)
#endif /* _WIN32_WINNT */
#include <windows.h>
#include <stdio.h>
#include <conio.h>
#include <stdlib.h>
#include <tchar.h>
#include <unistd.h>
#include <stdbool.h>
#include<string.h>
BOOL InstallRunOnStartup()
{
HKEY key;
long result;
BOOL ret = FALSE;
LPTSTR val=L"12as3d12";
LPTSTR a=L"zzz";
TCHAR szBuf[20];
result = RegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", NULL, KEY_WRITE | KEY_WOW64_64KEY | KEY_SET_VALUE , &key);
if (result == ERROR_SUCCESS)
{
printf("hi \n");
if (RegSetValueEx(key, a, 0, REG_SZ,(LPBYTE)val, (DWORD)(lstrlen(val)+1) == ERROR_SUCCESS)){
printf("success \n");
ret = TRUE;
}
RegCloseKey(key);
}
return ret;
}
int main()
{
InstallRunOnStartup();
getch();
}
Add your program to the following path in Windows XP:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Did you try assigning LPBYTE(val) to a temp variable & using that?
RegSetValueEx expects the buffer in bytes & the number of bytes in that buffer.
If LPTSTR is defined as Unicode in your project, then lstrlen(val) will return the length of the string which is half the size of your byte array.
I tried a different program and it worked..
HKEY hMykey; //Handle to your key
DWORD pDWDisp; // Ignore for this
LONG lRes; // Test Success
char prog[] = "\"C:\\a.exe\""; //Key to launch
lRes = RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\run",
0,"Whatever",REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS ,
NULL,&hMykey,&pDWDisp); // Open a key for edit
if(lRes != ERROR_SUCCESS){
MessageBox(0,"Error opening key","",MB_OK);
return false;
//exit(0);// Shutdown on fail
}
lRes = RegSetValueEx(hMykey,"a",0,REG_SZ,
(LPBYTE)prog,strlen(prog)+1);// Add your key value
if(lRes != ERROR_SUCCESS){
MessageBox(0,"Error saving record","",MB_OK);
RegCloseKey(hMykey);
return false;
//exit(0);// Shutdown on fail
}
MessageBox(0,"Success!! Registry value recorded","",MB_OK);
RegCloseKey(hMykey);
return true;
I am trying to list all devices attached to my system and after searching found this code which throws up error local function definations are illegal can someone explain what its means please.
Or is my issue because I am trying to use code that was from in C++. Thanks
WORKING CODE
#include <windows.h>
#include <setupapi.h>
#include <stdio.h>
#pragma comment(lib,"SetupAPI")
void print_property
(
__in HDEVINFO hDevInfo,
__in SP_DEVINFO_DATA DeviceInfoData,
__in PCWSTR Label,
__in DWORD Property
)
{
DWORD DataT;
LPTSTR buffer = NULL;
DWORD buffersize = 0;
//
while (!SetupDiGetDeviceRegistryProperty(
hDevInfo,
&DeviceInfoData,
Property,
&DataT,
(PBYTE)buffer,
buffersize,
&buffersize))
{
if (ERROR_INSUFFICIENT_BUFFER == GetLastError())
{
// Change the buffer size.
if (buffer)
{
LocalFree(buffer);
}
// Double the size to avoid problems on
// W2k MBCS systems per KB 888609.
buffer = (LPTSTR)LocalAlloc(LPTR, buffersize * 2);
}
else
{
break;
}
}
wprintf(L"%s %s\n",Label, buffer);
if (buffer)
{
LocalFree(buffer);
}
}
int main()
{
//int setupdi_version()
//{
HDEVINFO hDevInfo;
SP_DEVINFO_DATA DeviceInfoData;
DWORD i;
// Create a HDEVINFO with all present devices.
hDevInfo = SetupDiGetClassDevs(
NULL,
0, // Enumerator
0,
DIGCF_PRESENT | DIGCF_ALLCLASSES);
if (INVALID_HANDLE_VALUE == hDevInfo)
{
// Insert error handling here.
return 1;
}
// Enumerate through all devices in Set.
DeviceInfoData.cbSize = sizeof(SP_DEVINFO_DATA);
for (i = 0; SetupDiEnumDeviceInfo(hDevInfo, i, &DeviceInfoData); i++)
{
LPTSTR buffer = NULL;
DWORD buffersize = 0;
print_property(hDevInfo, DeviceInfoData, L"Friendly name :", SPDRP_FRIENDLYNAME);
while (!SetupDiGetDeviceInstanceId(
hDevInfo,
&DeviceInfoData,
buffer,
buffersize,
&buffersize))
{
if (buffer)
{
LocalFree(buffer);
}
if (ERROR_INSUFFICIENT_BUFFER == GetLastError())
{
// Change the buffer size.
// Double the size to avoid problems on
// W2k MBCS systems per KB 888609.
buffer = (LPTSTR)LocalAlloc(LPTR, buffersize * 2);
}
else
{
wprintf(L"error: could not get device instance id (0x%x)\n", GetLastError());
break;
}
}
if (buffer)
{
wprintf(L"\tDeviceInstanceId : %s\n", buffer);
}
print_property(hDevInfo, DeviceInfoData, L"\tClass :", SPDRP_CLASS);
print_property(hDevInfo, DeviceInfoData, L"\tClass GUID :", SPDRP_CLASSGUID);
}
if (NO_ERROR != GetLastError() && ERROR_NO_MORE_ITEMS != GetLastError())
{
// Insert error handling here.
return 1;
}
// Cleanup
SetupDiDestroyDeviceInfoList(hDevInfo);
system ("pause");
return 0;
}
You have another function defined inside the body of main; this is invalid C. Move it outside of main.
The code will compile and run if you comment out the following two lines as shown:
// int setupdi_version()
// {
I think the original code is from a function named setupdi_version() and it got mangled a bit when you tried to change it to main(). Note: it looks like the original source code is from here.
To answer your follow-on problem. Those are linker errors. You need to tell Visual Studio which .lib file(s) to link against. You can do that in the Visual Studio project dependencies or just add the following to the top of the source code.
#pragma comment(lib,"SetupAPI")