lee/renderdoc
1
0
Fork 0
mirror of https://github.com/baldurk/renderdoc.git synced 2026-05-06 01:50:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add hooking for CreateProcessAsUser and CreateProcessWithLogonW

Browse Source
This commit is contained in:
baldurk
2017-11-20 16:16:38 +00:00
parent b8777b3f82
commit 3d4ee2a946
1 changed files with 307 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files
renderdoc/os/win32/sys_win32_hooks.cpp
+307 -204
View File
@@ -34,19 +34,41 @@
typedef int(WSAAPI *PFN_WSASTARTUP)(__in WORD wVersionRequested, __out LPWSADATA lpWSAData);
typedef int(WSAAPI *PFN_WSACLEANUP)();
typedef BOOL(WINAPI *PFN_CREATE_PROCESS_A)(
__in_opt LPCSTR lpApplicationName, __inout_opt LPSTR lpCommandLine,
__in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes,
__in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes, __in BOOL bInheritHandles,
__in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCSTR lpCurrentDirectory,
__in LPSTARTUPINFOA lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation);
typedef BOOL(WINAPI *PFN_CREATE_PROCESS_A)(LPCSTR lpApplicationName, LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles, DWORD dwCreationFlags,
LPVOID lpEnvironment, LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation);
typedef BOOL(WINAPI *PFN_CREATE_PROCESS_W)(
__in_opt LPCWSTR lpApplicationName, __inout_opt LPWSTR lpCommandLine,
__in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes,
__in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes, __in BOOL bInheritHandles,
__in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCWSTR lpCurrentDirectory,
__in LPSTARTUPINFOW lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation);
typedef BOOL(WINAPI *PFN_CREATE_PROCESS_W)(LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles, DWORD dwCreationFlags,
LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation);
typedef BOOL(WINAPI *PFN_CREATE_PROCESS_AS_USER_A)(
HANDLE hToken, LPCSTR lpApplicationName, LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation);
typedef BOOL(WINAPI *PFN_CREATE_PROCESS_AS_USER_W)(
HANDLE hToken, LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation);
typedef BOOL(WINAPI *PFN_CREATE_PROCESS_WITH_LOGON_W)(LPCWSTR lpUsername, LPCWSTR lpDomain,
LPCWSTR lpPassword, DWORD dwLogonFlags,
LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
DWORD dwCreationFlags, LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation);
class SysHook : LibraryHook
{
@@ -67,6 +89,14 @@ public:
success &= CreateProcessA.Initialize("CreateProcessA", "kernel32.dll", CreateProcessA_hook);
success &= CreateProcessW.Initialize("CreateProcessW", "kernel32.dll", CreateProcessW_hook);
success &= CreateProcessAsUserA.Initialize("CreateProcessAsUserA", "advapi32.dll",
CreateProcessAsUserA_hook);
success &= CreateProcessAsUserW.Initialize("CreateProcessAsUserW", "advapi32.dll",
CreateProcessAsUserW_hook);
success &= CreateProcessWithLogonW.Initialize("CreateProcessWithLogonW", "advapi32.dll",
CreateProcessWithLogonW_hook);
// handle API set exports if they exist. These don't really exist so we don't have to worry
// about
// double hooking, and also they call into the 'real' implementation in kernelbase.dll
@@ -74,16 +104,25 @@ public:
API110CreateProcessA_hook);
API110CreateProcessW.Initialize("CreateProcessW", "api-ms-win-core-processthreads-l1-1-0.dll",
API110CreateProcessW_hook);
API110CreateProcessAsUserW.Initialize("CreateProcessAsUserW",
"api-ms-win-core-processthreads-l1-1-0.dll",
API110CreateProcessAsUserW_hook);
API111CreateProcessA.Initialize("CreateProcessA", "api-ms-win-core-processthreads-l1-1-1.dll",
API111CreateProcessA_hook);
API111CreateProcessW.Initialize("CreateProcessW", "api-ms-win-core-processthreads-l1-1-1.dll",
API111CreateProcessW_hook);
API111CreateProcessAsUserW.Initialize("CreateProcessAsUserW",
"api-ms-win-core-processthreads-l1-1-0.dll",
API111CreateProcessAsUserW_hook);
API112CreateProcessA.Initialize("CreateProcessA", "api-ms-win-core-processthreads-l1-1-2.dll",
API112CreateProcessA_hook);
API112CreateProcessW.Initialize("CreateProcessW", "api-ms-win-core-processthreads-l1-1-2.dll",
API112CreateProcessW_hook);
API112CreateProcessAsUserW.Initialize("CreateProcessAsUserW",
"api-ms-win-core-processthreads-l1-1-0.dll",
API112CreateProcessAsUserW_hook);
success &= WSAStartup.Initialize("WSAStartup", "ws2_32.dll", WSAStartup_hook);
success &= WSACleanup.Initialize("WSACleanup", "ws2_32.dll", WSACleanup_hook);
@@ -120,6 +159,15 @@ private:
Hook<PFN_CREATE_PROCESS_A> API112CreateProcessA;
Hook<PFN_CREATE_PROCESS_W> API112CreateProcessW;
Hook<PFN_CREATE_PROCESS_AS_USER_A> CreateProcessAsUserA;
Hook<PFN_CREATE_PROCESS_AS_USER_W> CreateProcessAsUserW;
Hook<PFN_CREATE_PROCESS_AS_USER_W> API110CreateProcessAsUserW;
Hook<PFN_CREATE_PROCESS_AS_USER_W> API111CreateProcessAsUserW;
Hook<PFN_CREATE_PROCESS_AS_USER_W> API112CreateProcessAsUserW;
Hook<PFN_CREATE_PROCESS_WITH_LOGON_W> CreateProcessWithLogonW;
Hook<PFN_WSASTARTUP> WSAStartup;
Hook<PFN_WSACLEANUP> WSACleanup;
@@ -149,6 +197,101 @@ private:
return syshooks.WSACleanup()();
}
static BOOL WINAPI Hooked_CreateProcess(
const char *entryPoint,
std::function<BOOL(DWORD dwCreationFlags, LPPROCESS_INFORMATION lpProcessInformation)> realFunc,
DWORD dwCreationFlags, bool inject, LPPROCESS_INFORMATION lpProcessInformation)
{
PROCESS_INFORMATION dummy;
RDCEraseEl(dummy);
// not sure if this is valid, but I need the PID so I'll fill in my own struct to ensure that.
if(lpProcessInformation == NULL)
{
lpProcessInformation = &dummy;
}
else
{
*lpProcessInformation = dummy;
}
bool resume = (dwCreationFlags & CREATE_SUSPENDED) == 0;
dwCreationFlags |= CREATE_SUSPENDED;
BOOL ret = realFunc(dwCreationFlags, lpProcessInformation);
if(ret && inject)
{
RDCDEBUG("Intercepting %s", entryPoint);
rdcarray<EnvironmentModification> env;
// inherit logfile and capture options
uint32_t ident = RENDERDOC_InjectIntoProcess(lpProcessInformation->dwProcessId, env,
RenderDoc::Inst().GetLogFile(),
RenderDoc::Inst().GetCaptureOptions(), false);
RenderDoc::Inst().AddChildProcess((uint32_t)lpProcessInformation->dwProcessId, ident);
}
if(resume)
{
ResumeThread(lpProcessInformation->hThread);
}
// ensure we clean up after ourselves
if(dummy.dwProcessId != 0)
{
CloseHandle(dummy.hProcess);
CloseHandle(dummy.hThread);
}
return ret;
}
static bool ShouldInject(LPCWSTR lpApplicationName, LPCWSTR lpCommandLine)
{
if(!RenderDoc::Inst().GetCaptureOptions().HookIntoChildren)
return false;
bool inject = true;
// sanity check to make sure we're not going to go into an infinity loop injecting into
// ourselves.
if(lpApplicationName)
{
wstring app = lpApplicationName;
app = strlower(app);
if(app.find(L"renderdoccmd.exe") != wstring::npos || app.find(L"qrenderdoc.exe") != string::npos)
{
inject = false;
}
}
if(lpCommandLine)
{
wstring cmd = lpCommandLine;
cmd = strlower(cmd);
if(cmd.find(L"renderdoccmd.exe") != wstring::npos ||
cmd.find(L"qrenderdoc.exe") != wstring::npos)
{
inject = false;
}
}
return inject;
}
static bool ShouldInject(LPCSTR lpApplicationName, LPCSTR lpCommandLine)
{
if(!RenderDoc::Inst().GetCaptureOptions().HookIntoChildren)
return false;
return ShouldInject(lpApplicationName ? StringFormat::UTF82Wide(lpApplicationName).c_str() : NULL,
lpCommandLine ? StringFormat::UTF82Wide(lpCommandLine).c_str() : NULL);
}
static BOOL WINAPI CreateProcessA_hook(
__in_opt LPCSTR lpApplicationName, __inout_opt LPSTR lpCommandLine,
__in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes,
@@ -156,10 +299,14 @@ private:
__in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCSTR lpCurrentDirectory,
__in LPSTARTUPINFOA lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation)
{
return Hook_CreateProcessA(syshooks.CreateProcessA(), lpApplicationName, lpCommandLine,
lpProcessAttributes, lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo,
lpProcessInformation);
return Hooked_CreateProcess(
"CreateProcessA",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.CreateProcessA()(lpApplicationName, lpCommandLine, lpProcessAttributes,
lpThreadAttributes, bInheritHandles, flags,
lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
static BOOL WINAPI CreateProcessW_hook(__in_opt LPCWSTR lpApplicationName,
@@ -172,10 +319,14 @@ private:
__in LPSTARTUPINFOW lpStartupInfo,
__out LPPROCESS_INFORMATION lpProcessInformation)
{
return Hook_CreateProcessW(syshooks.CreateProcessW(), lpApplicationName, lpCommandLine,
lpProcessAttributes, lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo,
lpProcessInformation);
return Hooked_CreateProcess(
"CreateProcessW",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.CreateProcessW()(lpApplicationName, lpCommandLine, lpProcessAttributes,
lpThreadAttributes, bInheritHandles, flags,
lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
static BOOL WINAPI API110CreateProcessA_hook(
@@ -185,10 +336,14 @@ private:
__in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCSTR lpCurrentDirectory,
__in LPSTARTUPINFOA lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation)
{
return Hook_CreateProcessA(syshooks.API110CreateProcessA(), lpApplicationName, lpCommandLine,
lpProcessAttributes, lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo,
lpProcessInformation);
return Hooked_CreateProcess(
"CreateProcessA",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.API110CreateProcessA()(
lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
static BOOL WINAPI API110CreateProcessW_hook(
@@ -198,10 +353,14 @@ private:
__in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCWSTR lpCurrentDirectory,
__in LPSTARTUPINFOW lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation)
{
return Hook_CreateProcessW(syshooks.API110CreateProcessW(), lpApplicationName, lpCommandLine,
lpProcessAttributes, lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo,
lpProcessInformation);
return Hooked_CreateProcess(
"CreateProcessW",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.API110CreateProcessW()(
lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
static BOOL WINAPI API111CreateProcessA_hook(
@@ -211,10 +370,14 @@ private:
__in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCSTR lpCurrentDirectory,
__in LPSTARTUPINFOA lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation)
{
return Hook_CreateProcessA(syshooks.API111CreateProcessA(), lpApplicationName, lpCommandLine,
lpProcessAttributes, lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo,
lpProcessInformation);
return Hooked_CreateProcess(
"CreateProcessA",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.API111CreateProcessA()(
lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
static BOOL WINAPI API111CreateProcessW_hook(
@@ -224,10 +387,14 @@ private:
__in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCWSTR lpCurrentDirectory,
__in LPSTARTUPINFOW lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation)
{
return Hook_CreateProcessW(syshooks.API111CreateProcessW(), lpApplicationName, lpCommandLine,
lpProcessAttributes, lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo,
lpProcessInformation);
return Hooked_CreateProcess(
"CreateProcessW",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.API111CreateProcessW()(
lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
static BOOL WINAPI API112CreateProcessA_hook(
@@ -237,10 +404,14 @@ private:
__in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCSTR lpCurrentDirectory,
__in LPSTARTUPINFOA lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation)
{
return Hook_CreateProcessA(syshooks.API112CreateProcessA(), lpApplicationName, lpCommandLine,
lpProcessAttributes, lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo,
lpProcessInformation);
return Hooked_CreateProcess(
"CreateProcessA",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.API112CreateProcessA()(
lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
static BOOL WINAPI API112CreateProcessW_hook(
@@ -250,180 +421,112 @@ private:
__in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCWSTR lpCurrentDirectory,
__in LPSTARTUPINFOW lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation)
{
return Hook_CreateProcessW(syshooks.API112CreateProcessW(), lpApplicationName, lpCommandLine,
lpProcessAttributes, lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo,
lpProcessInformation);
return Hooked_CreateProcess(
"CreateProcessW",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.API112CreateProcessW()(
lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
static BOOL WINAPI Hook_CreateProcessA(
PFN_CREATE_PROCESS_A realFunc, __in_opt LPCSTR lpApplicationName,
__inout_opt LPSTR lpCommandLine, __in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes,
__in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes, __in BOOL bInheritHandles,
__in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCSTR lpCurrentDirectory,
__in LPSTARTUPINFOA lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation)
static BOOL WINAPI CreateProcessAsUserA_hook(
HANDLE hToken, LPCSTR lpApplicationName, LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
{
PROCESS_INFORMATION dummy;
RDCEraseEl(dummy);
// not sure if this is valid, but I need the PID so I'll fill in my own struct to ensure that.
if(lpProcessInformation == NULL)
{
lpProcessInformation = &dummy;
}
else
{
*lpProcessInformation = dummy;
}
bool resume = (dwCreationFlags & CREATE_SUSPENDED) == 0;
dwCreationFlags |= CREATE_SUSPENDED;
BOOL ret = realFunc(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory,
lpStartupInfo, lpProcessInformation);
if(ret && RenderDoc::Inst().GetCaptureOptions().HookIntoChildren)
{
RDCDEBUG("Intercepting CreateProcessA");
bool inject = true;
// sanity check to make sure we're not going to go into an infinity loop injecting into
// ourselves.
if(lpApplicationName)
{
string app = lpApplicationName;
app = strlower(app);
if(app.find("renderdoccmd.exe") != string::npos || app.find("qrenderdoc.exe") != string::npos)
{
inject = false;
}
}
if(lpCommandLine)
{
string cmd = lpCommandLine;
cmd = strlower(cmd);
if(cmd.find("renderdoccmd.exe") != string::npos || cmd.find("qrenderdoc.exe") != string::npos)
{
inject = false;
}
}
if(inject)
{
rdcarray<EnvironmentModification> env;
// inherit logfile and capture options
uint32_t ident = RENDERDOC_InjectIntoProcess(lpProcessInformation->dwProcessId, env,
RenderDoc::Inst().GetLogFile(),
RenderDoc::Inst().GetCaptureOptions(), false);
RenderDoc::Inst().AddChildProcess((uint32_t)lpProcessInformation->dwProcessId, ident);
}
}
if(resume)
{
ResumeThread(lpProcessInformation->hThread);
}
// ensure we clean up after ourselves
if(dummy.dwProcessId != 0)
{
CloseHandle(dummy.hProcess);
CloseHandle(dummy.hThread);
}
return ret;
return Hooked_CreateProcess(
"CreateProcessAsUserA",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.CreateProcessAsUserA()(
hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
static BOOL WINAPI Hook_CreateProcessW(
PFN_CREATE_PROCESS_W realFunc, __in_opt LPCWSTR lpApplicationName,
__inout_opt LPWSTR lpCommandLine, __in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes,
__in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes, __in BOOL bInheritHandles,
__in DWORD dwCreationFlags, __in_opt LPVOID lpEnvironment, __in_opt LPCWSTR lpCurrentDirectory,
__in LPSTARTUPINFOW lpStartupInfo, __out LPPROCESS_INFORMATION lpProcessInformation)
static BOOL WINAPI CreateProcessAsUserW_hook(
HANDLE hToken, LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
{
PROCESS_INFORMATION dummy;
RDCEraseEl(dummy);
return Hooked_CreateProcess(
"CreateProcessAsUserW",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.CreateProcessAsUserW()(
hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
// not sure if this is valid, but I need the PID so I'll fill in my own struct to ensure that.
if(lpProcessInformation == NULL)
{
lpProcessInformation = &dummy;
}
else
{
*lpProcessInformation = dummy;
}
static BOOL WINAPI CreateProcessWithLogonW_hook(LPCWSTR lpUsername, LPCWSTR lpDomain,
LPCWSTR lpPassword, DWORD dwLogonFlags,
LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
DWORD dwCreationFlags, LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation)
{
return Hooked_CreateProcess(
"CreateProcessAsUserW",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.CreateProcessWithLogonW()(
lpUsername, lpDomain, lpPassword, dwLogonFlags, lpApplicationName, lpCommandLine,
flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
bool resume = (dwCreationFlags & CREATE_SUSPENDED) == 0;
dwCreationFlags |= CREATE_SUSPENDED;
static BOOL WINAPI API110CreateProcessAsUserW_hook(
HANDLE hToken, LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
{
return Hooked_CreateProcess(
"CreateProcessAsUserW",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.API110CreateProcessAsUserW()(
hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
BOOL ret = realFunc(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory,
lpStartupInfo, lpProcessInformation);
static BOOL WINAPI API111CreateProcessAsUserW_hook(
HANDLE hToken, LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
{
return Hooked_CreateProcess(
"CreateProcessAsUserW",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.API111CreateProcessAsUserW()(
hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
if(ret && RenderDoc::Inst().GetCaptureOptions().HookIntoChildren)
{
RDCDEBUG("Intercepting CreateProcessW");
bool inject = true;
// sanity check to make sure we're not going to go into an infinity loop injecting into
// ourselves.
if(lpApplicationName)
{
wstring app = lpApplicationName;
app = strlower(app);
if(app.find(L"renderdoccmd.exe") != wstring::npos ||
app.find(L"qrenderdoc.exe") != string::npos)
{
inject = false;
}
}
if(lpCommandLine)
{
wstring cmd = lpCommandLine;
cmd = strlower(cmd);
if(cmd.find(L"renderdoccmd.exe") != wstring::npos ||
cmd.find(L"qrenderdoc.exe") != wstring::npos)
{
inject = false;
}
}
if(inject)
{
rdcarray<EnvironmentModification> env;
// inherit logfile and capture options
uint32_t ident = RENDERDOC_InjectIntoProcess(lpProcessInformation->dwProcessId, env,
RenderDoc::Inst().GetLogFile(),
RenderDoc::Inst().GetCaptureOptions(), false);
RenderDoc::Inst().AddChildProcess((uint32_t)lpProcessInformation->dwProcessId, ident);
}
}
if(resume)
{
ResumeThread(lpProcessInformation->hThread);
}
// ensure we clean up after ourselves
if(dummy.dwProcessId != 0)
{
CloseHandle(dummy.hProcess);
CloseHandle(dummy.hThread);
}
return ret;
static BOOL WINAPI API112CreateProcessAsUserW_hook(
HANDLE hToken, LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
{
return Hooked_CreateProcess(
"CreateProcessAsUserW",
[=](DWORD flags, LPPROCESS_INFORMATION pi) {
return syshooks.API112CreateProcessAsUserW()(
hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, flags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, pi);
},
dwCreationFlags, ShouldInject(lpApplicationName, lpCommandLine), lpProcessInformation);
}
};