|
Thanks
It's important because we want to support multi user, and access can not do it.
We test it with a computer that nobody use it (in a local network)
www.logicsims.ir
|
|
|
|
|
Hadi Dayvary wrote: It's important because we want to support multi user, and access can not do
it.
That is why you want to use MySQL.
That is not why you think that a specific performance metric is relevant.
Hadi Dayvary wrote: We test it with a computer that nobody use it (in a local network)
Naturally when I said "network" in my previous response I meant exactly that.
Your answer suggests that you did not confirm traffic from other sources on the network when you ran your test.
|
|
|
|
|
hi, this code can work,
but have some Question:
example:
when i put "www.csdn.net" in the IE brower
IE will go to the "www.51.com/history.php"
the HOOK is work,
but the page have some problem
"www.51.com/history?page=2" change "www.csdn.net/?page=2"
others is normal.
why?
src code http://u.115.com/file/bh5viw1o#src.rar>
click "电信下载" download it
#include "stdafx.h"
#include "hook.h"
#include <Ws2tcpip.h>
#include <stdio.h>
HINSTANCE g_hMod = NULL;
DWORD dwIsHook = 0;
void __stdcall UnHook();
int nCount = 0;
BOOL WINAPI DllMain(
HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved ) {
switch( fdwReason )
{
case DLL_PROCESS_ATTACH:
{
g_hMod = hinstDLL;
HookOn();
}
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
{
}
break;
}
return TRUE; }
void __stdcall InstallHook()
{
if ( g_hMod != NULL )
{
hHook = SetWindowsHookEx(WH_DEBUG, DebugProc, g_hMod, 0);
}
else
{
MessageBox(NULL,"InstallHook","InstallHook",MB_OK);
}
}
void __stdcall UnHook()
{
UnhookWindowsHookEx(hHook);
}
char *g_szGlo_A = "www.csdn.net";
char *g_Change_A = "www.51.com";
char *g_argc_A = "/history.php";
bool isEqual_A(const char * str1,const char * str2)
{
__asm
{
push [ebp+0x8]
call strlen
add esp,4
mov ebx,eax
push [ebp+0xc]
call strlen
add esp,4
cmp eax,ebx
jne exit2
}
__asm
{
push [ebp+8]
call strlen
add esp,4
mov esi,[ebp+8]
mov edx,esi
mov edi,[ebp+0xc]
imul eax,type char
add edx,eax
beginfor:
cmp esi,edx
jnl endfor
mov bl,byte ptr [esi]
mov cl,byte ptr [edi]
cmp bl,cl
jne exit2
add esi,type char
add edi,type char
jmp beginfor
endfor:
}
__asm
{
exit1:
mov eax,1
jmp exit3
exit2:
mov eax,0
exit3:
}
}
bool isEqual_W(const wchar_t * str1,const wchar_t * str2)
{
__asm
{
push [ebp+0x8]
call wcslen
add esp,4
mov ebx,eax
push [ebp+0xc]
call wcslen
add esp,4
cmp eax,ebx
jne exit2
}
__asm
{
push [ebp+8]
call wcslen
add esp,4
mov esi,[ebp+8]
mov edx,esi
mov edi,[ebp+0xc]
imul eax,type wchar_t
add edx,eax
beginfor:
cmp esi,edx
jnl endfor
mov bl,byte ptr [esi]
mov cl,byte ptr [edi]
cmp bl,cl
jne exit2
add esi,type wchar_t
add edi,type wchar_t
jmp beginfor
endfor:
}
__asm
{
exit1:
mov eax,1
jmp exit3
exit2:
mov eax,0
exit3:
}
}
__declspec(naked) HINTERNET __stdcall my_InternetConnect_A(
HINTERNET hInternet,
LPCTSTR lpszServerName,
INTERNET_PORT nServerPort,
LPCTSTR lpszUsername,
LPCTSTR lpszPassword,
DWORD dwService,
DWORD dwFlags,
DWORD_PTR dwContext
)
{
__asm
{
pushad
push g_szGlo_A
push [esp+44]
call isEqual_A
add esp,8
test eax,eax
jne equal
popad
jmp lpAddr_A
}
equal:
__asm
{
popad
push eax
mov eax,g_Change_A
mov [esp+12],eax
add dwIsHook,1
pop eax
jmp lpAddr_A
}
}
__declspec(naked) HINTERNET my_HttpOpenRequest_A(
HINTERNET hConnect,
LPCTSTR lpszVerb,
LPCTSTR lpszObjectName,
LPCTSTR lpszVersion,
LPCTSTR lpszReferer,
LPCTSTR *lpszAcceptTypes,
DWORD dwFlags,
DWORD_PTR dwContext
)
{
__asm
{
pushad
cmp dwIsHook,1
je one
popad
jmp lpHTTPAddr_A
}
one:
_asm
{
popad
push eax
sub dwIsHook,1
mov eax,g_argc_A
mov [esp+16],eax
pop eax
jmp lpHTTPAddr_A
}
}
void HookOn()
{
char szBuf[MAX_PATH] = {0};
DWORD dwOldProtect = 0;
HMODULE hModule = LoadLibrary("wininet.dll");
char chE9 = (char)0xe9;
if ( !hModule )
{
goto Exit0;
}
my_internetconnectA = (GETADDR_InternetConnectA)GetProcAddress(hModule, "InternetConnectA"); my_HttpOpenRequestA = (GETADDR_HttpOpenRequestA)GetProcAddress(hModule, "HttpOpenRequestA");
if ( !VirtualProtect(my_internetconnectA, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect) )
{
goto Exit0;
}
lpAddr_A = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if ( !lpAddr_A )
{
goto Exit0;
}
RtlMoveMemory(lpAddr_A, my_internetconnectA, 5); dwJmpMe_A = (DWORD)my_InternetConnect_A -(DWORD)my_internetconnectA - 5;
dwJmpOther_A = (DWORD)my_internetconnectA - ((DWORD)lpAddr_A+5) - 5;
__asm
{
pushad
mov eax,my_internetconnectA
mov [eax],0xE9
add eax,1
mov ebx,dwJmpMe_A
mov dword ptr[eax],ebx
popad
}
__asm
{
pushad
mov eax,lpAddr_A
add eax,5
mov [eax],0xE9
add eax,1
mov ebx,dwJmpOther_A
add ebx,5
mov dword ptr[eax],ebx
popad
}
VirtualProtect(my_internetconnectA, 5, dwOldProtect, &dwOldProtect);
if ( !VirtualProtect(my_HttpOpenRequestA, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect) )
{
goto Exit0;
}
lpHTTPAddr_A = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if ( !lpHTTPAddr_A )
{
goto Exit0;
}
RtlMoveMemory(lpHTTPAddr_A, my_HttpOpenRequestA, 5); dwHTTPJmpMe_A = (DWORD)my_HttpOpenRequest_A -(DWORD)my_HttpOpenRequestA - 5;
dwHTTPJmpOther_A = (DWORD)my_HttpOpenRequestA - ((DWORD)lpHTTPAddr_A+5) - 5;
__asm
{
pushad
mov eax,my_HttpOpenRequestA
mov [eax],0xE9
add eax,1
mov ebx,dwHTTPJmpMe_A
mov dword ptr[eax],ebx
popad
}
__asm
{
pushad
mov eax,lpHTTPAddr_A
add eax,5
mov [eax],0xE9
add eax,1
mov ebx,dwHTTPJmpOther_A
add ebx,5
mov dword ptr[eax],ebx
popad
}
VirtualProtect(my_HttpOpenRequestA, 5, dwOldProtect, &dwOldProtect);
Exit0:
return;
}
void HookOf()
{
} i"
|
|
|
|
|
This looks like a problem with the website, if I put that address into my browser it says page does not exist.
|
|
|
|
|
|
|
hi,i'm sorry
it's "http://www.51.com/history.php?page=2"
|
|
|
|
|
OK, that link works fine, but you still have not explained what your problem is.
|
|
|
|
|
First, I intercept InternetConnectA function to modify its parameters
To make its argument into a "www.51.com"
Next, I modify it to intercept HttpOpenRequestA parameters
To make its argument into a "history.php"
After the success of change can jump www.51.com/history.php www.csdn.net
But
www.51.com/history.php inside page is not correct in some places
I give a picture as an example
http://www.12315sh.com/exa.png
|
|
|
|
|
Those are probably <a> href attributes hard coded into the HTML sent by the server. You cannot change hard coded links by simply changing the domain... it will only affect relative links. If you want to change the hard coded links you will need to do something more advanced. A BHO would have access to the document body and you could iterate through an IHTMLElementCollection. Or you could continue your hacktastic approach and directly modify the TCP socket stream.
-Cheongwadae, House of Blues
|
|
|
|
|
first, thank you !fine, and like hooking "recv" function?
Or HTTP Sessions Functions?
like
HttpQueryInfo Function
|
|
|
|
|
6784746 wrote: first, thank you !fine, and like hooking "recv" function?
Or HTTP Sessions Functions?
like
None of the above. You could probably hook WSARecv and modify the html. But... keep in mind that some web servers will send a gzip stream. You could also hook WSASend and modify the Accept-Encoding header to remove the compress, gzip content-coding. If you do not remove this header... you will need to implement gzip/compress decoding algorithms.
Cheongwadae
|
|
|
|
|
thk,it looks like a big project.
i try.thk again
|
|
|
|
|
|
yeah,i try ,but i can't find the API what is important.
|
|
|
|
|
6784746 wrote: i try ,but i can't find the API what is important.
I don't understand what this has to do with your problem; what API are you referring to?
|
|
|
|
|
Thank you all
and the i hooking the "GetWindowTextW" functions
Solve this problem hahaha!.......
|
|
|
|
|
Here is an application base on a CTabView with 3 CFormView derived class.
I tracked down the size of one of the CFormView derived view (by calling GetWindowRect) and got the following:
CDataView::OnSize cx 938 cy 431 Width 938 Height 431
CDataView::OnSize cx 0 cy 0 Width 0 Height 0
CDataView::OnShowWindow
CDataView::OnShowWindow
CDataView::OnSize cx 972 cy 333 Width 989 Height 333
CDataView::OnSize cx 989 cy 333 Width 989 Height 333
CDataView::OnInitialUpdate Width 989 Height 333
CDataView::OnSize cx 939 cy 333 Width 956 Height 333
CDataView::OnSize cx 955 cy 371 Width 972 Height 371
CDataView::OnSize cx 0 cy 0 Width 0 Height 0
CDataView::OnSize cx 1174 cy 521 Width 1174 Height 521
CDataView::OnSize cx 1157 cy 521 Width 1174 Height 521
Before doing anything with the window, OnSize is called 9 times and the values of cx, cy, width and height changed several times ... How can I get the final and actual values ?
|
|
|
|
|
You can only get the current value, since the window size may change at any time, as the user drags the sizing handle, presses minimize, maximize etc.
|
|
|
|
|
I guess I was not precise enough in my question ... The tracking of OnSize class (shown in the initial message) was the tracking at startup, with no user resizing... I need the size at startup after the initialization of the application window (that is, before user change the size of the application window...) So that I can use these informations for dynamic child controls resizing. When I use existing controls-resizing class, the positioning/resizing of the child controls is not accurate for the application I'm working on now (vs2010 - MDI with a CTabView and three CFormView-derived views)
|
|
|
|
|
I think you are missing the point. Windows are dynamic and can (and do) change throughout their existence. Your application needs to respond to these changes and repaint the contents, including any child windows, every time. There is no way to tell when the final resizing occurs after initialization; however, you can ignore messages when the width or height values are zero.
|
|
|
|
|
You should get the values in the final call.
That will be the current value.
So keep updating the storage variables with the values in OnSize every time it is called.
|
|
|
|
|
Same reply as I have done to Richard ...
I guess I was not precise enough in my question ... The tracking of OnSize class (shown in the initial message) was the tracking at startup, with no user resizing... I need the size at startup after the initialization of the application window (that is, before user change the size of the application window...) So that I can use these informations for dynamic child controls resizing. When I use existing controls-resizing class, the positioning/resizing of the child controls is not accurate for the application I'm working on now (vs2010 - MDI with a CTabView and three CFormView-derived views)
|
|
|
|
|
Hey,
I'm working on an larger project for a while and i've almost tested my application in debug mode, where it works really fine. But later on i've tested it with some brute force methods in release mode, and i've noticed that it almost crashes after some 100 test runs due a heap corruption error. As you may know heap corruption errors are really hard to find, but i've figured out that this error occurs even if I comment out about 99% of my code.
But by checking the remaining lines I find absolutely nothing ... for some moments i thought it could be caused by the reference counter of _variant_t and bstr_t but maybe thats not the error: So at first i will provide the lines to you which already cause the heap corruption:
A simple call in my main:
DDDElements::DDDDocument* pDocument = new DDDElements::DDDDocument();
Which calls this. (CLRObject(...) just sets some local variables.)
DDDDocument::DDDDocument(void) : CLRObject(NULL, NULL, NULL)
{
clr = new CLR();
clra = new CLRAssembly(clr, L"DDD");
vtCLRObject = clra->CreateInstance(THISDOTNETTYPE());
}
The CLR instanciation looks like this where all used methods are imported:
CLR::CLR(void)
{
this->pszVersion = L"v4.0.30319";
this->init();
}
void CLR::init() {
HRESULT hr;
BOOL bLoadable = false;
IUnknownPtr spAppDomainThunk = NULL;
hr = CLRCreateInstance(CLSID_CLRMetaHost, IID_ICLRMetaHost, (LPVOID *)&lpMetaHost);
if(FAILED(hr)) throw "CLR instance could not be created!";
hr = lpMetaHost->GetRuntime(pszVersion, IID_ICLRRuntimeInfo, (LPVOID *)&lpRuntimeInfo);
if(FAILED(hr)) throw "Failed getting the reference to CLR interface!";
hr = lpRuntimeInfo->IsLoadable(&bLoadable);
if(FAILED(hr)) throw "Failed loading the CLR!";
if(!bLoadable) throw "CLR is not loadable!";
hr = lpRuntimeInfo->GetInterface(CLSID_CorRuntimeHost, IID_PPV_ARGS(&lpRuntimeHost));
if(FAILED(hr)) throw "Failed loading the CLR!";
hr = lpRuntimeHost->Start();
if(FAILED(hr)) throw "Failed starting the CLR!";
hr = lpRuntimeHost->GetDefaultDomain(&spAppDomainThunk);
if (FAILED(hr)) throw "Failed to get CLR default appdomain!";
hr = spAppDomainThunk->QueryInterface(IID_PPV_ARGS(&spAppDomain));
if (FAILED(hr)) throw "Failed to get CLR default appdomain!";
}
The Assembly is loaded by this few lines:
CLRAssembly::CLRAssembly(CLR* clr, PCWSTR pszAssemblyName)
{
HRESULT hr;
bstr_t bstrAssemblyName(pszAssemblyName);
this->clr = clr;
hr = clr->GetAppDomain()->Load_2(bstrAssemblyName, &spAssembly);
if(FAILED(hr)) throw "Loading of assembly failed.";
}
Then we first run THISDOTNETTYPE to pass its returnvalue to the create instance method:
_TypePtr DDDDocument::THISDOTNETTYPE()
{
return clra->BuildType(L"DDD.DDDDocument");
}
_TypePtr CLRAssembly::BuildType(PCWSTR pszClassName)
{
HRESULT hr = NULL;
bstr_t bstrClassName(pszClassName);
_TypePtr spType = NULL;
hr = spAssembly->GetType_2(bstrClassName, &spType);
if(FAILED(hr)) throw "Failed to get typereferece.";
return spType;
}
Until now just some small easy lines. Finally we run create Instance which looks like this:
_variant_t CLRAssembly::CreateInstance(_TypePtr spType)
{
SAFEARRAY* psaMethodArgs = NULL;
psaMethodArgs = SafeArrayCreateVector(VT_VARIANT, 0, 0);
return this->CreateInstance(spType, psaMethodArgs);
}
_variant_t CLRAssembly::CreateInstance(_TypePtr spType, SAFEARRAY* psaMethodArgs)
{
HRESULT hr;
_variant_t vtResult= NULL;
_variant_t vtEmpty;
if(psaMethodArgs == NULL) psaMethodArgs = SafeArrayCreateVector(VT_VARIANT, 0, 0);
hr = spType->InvokeMember_3(NULL, static_cast<BindingFlags>(
BindingFlags_CreateInstance | BindingFlags_Instance | BindingFlags_Public),
NULL, vtEmpty, psaMethodArgs, &vtResult);
if(FAILED(hr)) throw "Failed to create Instance.";
return vtResult;
}
And done.
This I run some hundred times and in 1 of 200 runs it ends up in a heap corruption error. I've absolutely no idea why. I've guessed a lot of things and googled for them, but none of them helped.
As already told i've especially looked at the reference counter of the COM types like SAFEARRAY, _variant_t and bstr_t. I thought returning them causes the error. But it seems by returning them by value should be the best answer to avoid heap corruptions there. They first make a copy of themselves, after that the free themselves. So this should work. Then i thought passing them by value could cause the error. But there the reference counter adds a reference - so it works. In the and as already told now the third time - i've absolutely no idea what causes the heap corruption. Maybe one of you will find it by first look at it
*Edit + Edit 2*
At the moment there are 2 questions I am asking myself:
1. what happens with a reference when it is copied by value, and the old variant containing this refernece is freed? As I know the garbage collector of the CLR should be inactive. But is it deleted or not? The problem is that there is no possibility to trace that.
2. Could this error may be caused by using this as a static library compiled in debug mode? Answer due testing: No.
Regards BS
modified on Saturday, August 13, 2011 10:13 AM
|
|
|
|
|
Firstly sorry for such a lengthy code.
I found this sample in codeproject. But when i try to run this. cmd.exe is not invoking.
CustomMessageSender is working ok. But LaunchAppIntoDifferentSession()fails in launching the cmd.exe. Have i missed something. I tried a lot but failed.
FileName : ServiceTwo
#pragma comment (lib,"WtsApi32.lib")
#pragma comment (lib,"UserEnv.lib")
#include <iostream>
#include <Windows.h>
#include <WinSvc.h>
#include <WtsApi32.h>
#include <UserEnv.h>
#include <TlHelp32.h>
#define SERVICE_CONTROL_CUSTOM_MESSAGE 0x095
BOOL LaunchAppIntoDifferentSession(LPWSTR appName, LPPROCESS_INFORMATION pi);
SERVICE_STATUS m_ServiceStatus;
SERVICE_STATUS_HANDLE m_ServiceStatusHandle;
BOOL bRunning =TRUE;
VOID WINAPI ServiceControlHandler(DWORD Opcode);
using namespace std;
VOID WINAPI ServiceControlHandler(DWORD Opcode)
{
PROCESS_INFORMATION pi;
LPWSTR appName = L"cmd.exe";
switch(Opcode)
{
case SERVICE_CONTROL_CUSTOM_MESSAGE:
LaunchAppIntoDifferentSession(appName, &pi);
break;
case SERVICE_CONTROL_PAUSE:
m_ServiceStatus.dwCurrentState = SERVICE_PAUSED;
break;
case SERVICE_CONTROL_CONTINUE:
m_ServiceStatus.dwCurrentState = SERVICE_RUNNING;
break;
case SERVICE_CONTROL_STOP:
m_ServiceStatus.dwWin32ExitCode = 0;
m_ServiceStatus.dwCurrentState = SERVICE_STOPPED;
m_ServiceStatus.dwCheckPoint = 0;
m_ServiceStatus.dwWaitHint = 0;
SetServiceStatus(m_ServiceStatusHandle, &m_ServiceStatus);
bRunning = FALSE;
break;
case SERVICE_CONTROL_INTERROGATE:
break;
return;
}
BOOL LaunchAppIntoDifferentSession(LPWSTR appName,LPPROCESS_INFORMATION pi)
{
STARTUPINFO si;
BOOL bResult = FALSE;
DWORD dwSessionID = 0, winLogonPid = 0, winLogonSessionID = 0, dwCreationFlags;
HANDLE hUserTokenDup, hPToken, hProcess;
dwSessionID = WTSGetActiveConsoleSessionId();
PROCESSENTRY32 procEntry;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hSnap == INVALID_HANDLE_VALUE)return 1;
procEntry.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hSnap, &procEntry)) return 1;
do
{
if (wcscmp(procEntry.szExeFile,L"winlogon.exe") == 0)
{
ProcessIdToSessionId(procEntry.th32ProcessID, &winLogonSessionID);
if (winLogonSessionID == dwSessionID)
{
winLogonPid = procEntry.th32ProcessID;
}
}
} while (Process32Next(hSnap, &procEntry));
hProcess = OpenProcess(MAXIMUM_ALLOWED,false,winLogonPid);
if (!OpenProcessToken(hProcess,TOKEN_DUPLICATE,&hPToken))
{
CloseHandle(hProcess);
return false;
}
if (!DuplicateTokenEx(hPToken,MAXIMUM_ALLOWED,NULL,SecurityIdentification,TokenPrimary,&hUserTokenDup))
{
CloseHandle(hProcess);
CloseHandle(hPToken);
}
ZeroMemory(&si,sizeof(STARTUPINFO));
si.cb = sizeof(STARTUPINFO);
si.lpDesktop = L"winsta0\\default";
dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
bResult = CreateProcessAsUser(hUserTokenDup,NULL,appName,NULL,NULL,FALSE,dwCreationFlags,NULL,NULL,&si,pi);
CloseHandle(hProcess);
CloseHandle(hPToken);
CloseHandle(hUserTokenDup);
return bResult;
}
Debuged and found Error is in LaunchAppIntoDifferentSession() only. Now winlogon.exe no more runs in session 0.
Regards,
Vishal
modified on Saturday, August 13, 2011 10:05 PM
|
|
|
|
|