taynpg/ansicon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
ansicon/proctype.c
Jason Hood 790de57763 Exclude modules from being hooked; hook only selected GUI programs. 
Added environment variable ANSICON_EXC to specify modules that should not be
hooked.  This should work around the nvd3d9wrap.dll issue.  Since it helps to
know what the modules are, logging is now always available, controlled by -l
or ANSICON_LOG.  A side-effect caused debugstr.c to move to util.c.

GUI programs are once again not hooked, unless run by "ansicon" directly or in
the ANSICON_GUI environment variable.  Since not hooking still leaves ANSICON in
the environment, created ANSICON_VER as a dynamic-only variable, which can also
serve as a version check.

Due to an email requesting a reverse video option, realised I always take the
current attributes as default.	This means if you turned on reverse and ran a
program, it would take the reverse as its default.  Created ANSICON_DEF variable
to explicitly set the default attribute, using the current if it doesn't exist.
The reverse video option is done via a "negative" attribute (e.g. "-m-f0" is
reversed black on white, meaning you'll get white on black, with foreground
sequences changing the background).  (The difference from "\e[7m" is that it
won't be reset on "\e[m".)

A child program will inherit the parent's modes (but not shift); the parent will
read the child's modes on exit (but not unload).  The exception is "ansicon",
which will always start with the default modes and leave the parent unchanged.

Improved the AutoRun entry, only running "ansicon" if ANSICON_VER doesn't exist.
The "ansicon" command is always first.

Stopped -u implying -p; return the program's exit code; don't restore the
original color when just using -p; output error messages to stderr.
2011-12-14 20:53:51 +10:00

83 lines
2.5 KiB
C
Raw Blame History

/*
Test for a valid process. This may sometimes detect GUI, even for a console
process. I think this is due to a DLL being loaded in the address space
before the main image. Ideally I could just use the base address directly,
but that doesn't seem easy to do for another process - there doesn't seem to
be a GetModuleHandle for another process. The CreateRemoteThread trick won't
work with 64-bit (exit code is DWORD) and setting it up to make it work
hardly seems worth it. There's GetModuleInformation, but passing in NULL just
returns a base of NULL, so that's no help. Since 64/32 is sufficient, let
ansicon.exe handle the difference between console/GUI.
Update: ignore images characterised as DLL.
*/
#include "ansicon.h"
int ProcessType( LPPROCESS_INFORMATION pinfo, BOOL* gui )
{
char* ptr;
MEMORY_BASIC_INFORMATION minfo;
IMAGE_DOS_HEADER dos_header;
IMAGE_NT_HEADERS nt_header;
SIZE_T read;
*gui = FALSE;
for (ptr = NULL;
VirtualQueryEx( pinfo->hProcess, ptr, &minfo, sizeof(minfo) );
ptr += minfo.RegionSize)
{
if (minfo.BaseAddress == minfo.AllocationBase &&
ReadProcessMemory( pinfo->hProcess, minfo.AllocationBase,
&dos_header, sizeof(dos_header), &read ))
{
if (dos_header.e_magic == IMAGE_DOS_SIGNATURE)
{
if (ReadProcessMemory( pinfo->hProcess, (char*)minfo.AllocationBase +
dos_header.e_lfanew, &nt_header,
sizeof(nt_header), &read ))
{
if (nt_header.Signature == IMAGE_NT_SIGNATURE &&
(nt_header.FileHeader.Characteristics &
(IMAGE_FILE_EXECUTABLE_IMAGE | IMAGE_FILE_DLL))
== IMAGE_FILE_EXECUTABLE_IMAGE)
{
*gui = (nt_header.OptionalHeader.Subsystem
== IMAGE_SUBSYSTEM_WINDOWS_GUI);
if (nt_header.OptionalHeader.Subsystem ==
IMAGE_SUBSYSTEM_WINDOWS_CUI || *gui)
{
if (nt_header.FileHeader.Machine == IMAGE_FILE_MACHINE_I386)
{
DEBUGSTR( 1, L" 32-bit %s (base = %p)",
(*gui) ? L"GUI" : L"console", minfo.AllocationBase );
return 32;
}
#ifdef _WIN64
if (nt_header.FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64)
{
DEBUGSTR( 1, L" 64-bit %s (base = %p)",
(*gui) ? L"GUI" : L"console", minfo.AllocationBase );
return 64;
}
#endif
DEBUGSTR( 1, L" Ignoring unsupported machine (0x%X)",
nt_header.FileHeader.Machine );
}
else
{
DEBUGSTR( 1, L" Ignoring unsupported subsystem (%u)",
nt_header.OptionalHeader.Subsystem );
}
return 0;
}
}
}
}
}
DEBUGSTR( 1, L" Ignoring non-Windows process" );
return 0;
}
Reference in New Issue View Git Blame Copy Permalink