SP_DEVINSTALL_PARAMS,
SP_DRVINFO_DATA,
SPDIT_COMPATDRIVER,
SPDRP_HARDWAREID,
)
from eg.WinApi.IsAdmin import IsAdmin
from eg.WinApi.PipedProcess import ExecAs
DI_FLAGSEX_INSTALLEDDRIVER = 0x04000000
PUBYTE = POINTER(c_ubyte)
DRIVER_VERSION = "1.0.2.0"
DRIVER_PROVIDER = "EventGhost"
DRIVER_CLASS_GUID = "{FE050E98-31CD-47EA-AC39-CB143EF208B2}"
PLATFORM = "x64" if IsWin64() else "x86"
DOWNLOAD_ROOT = "http://www.eventghost.org/downloads/winusb/%s/" % PLATFORM
INSTALLATION_ROOT = join(eg.folderPath.ProgramData, "eventghost", "drivers",
"winusb", PLATFORM)
if PLATFORM == "x64":
NEEDED_FILES = [
("DPInst.exe", "aa0a91227631a09cd075d315646fb7a9"),
("WdfCoInstaller01009.dll", "4da5da193e0e4f86f6f8fd43ef25329a"),
("WinUSBCoInstaller2.dll", "246900ce6474718730ecd4f873234cf5"),
("WUDFUpdate_01009.dll", "ebf9ee8a7671f3b260ed9b08fcee0cc5"),
]
else:
NEEDED_FILES = [
("DPInst.exe", "e6213cec602f332bf8e868b7b8bf2bb1"),
("WdfCoInstaller01009.dll", "a9970042be512c7981b36e689c5f3f9f"),
def __call__(
self,
command='',
waitForCompletion=True,
triggerEvent=False,
additionalSuffix="",
disableParsingCommand=True,
disableParsingAdditionalSuffix=True,
payload=False,
disableWOW64=False,
runAsAdmin=False,
):
if eg.config.refreshEnv:
eg.Environment.Refresh()
prefix = self.plugin.info.eventPrefix
suffix = self.text.eventSuffix
if additionalSuffix != "":
suffix = "%s.%s" % (suffix, additionalSuffix)
if not disableParsingCommand:
command = eg.ParseString(command)
if not disableParsingAdditionalSuffix:
additionalSuffix = eg.ParseString(additionalSuffix)
processInformation = self.processInformation = SHELLEXECUTEINFO()
processInformation.cbSize = sizeof(processInformation)
processInformation.hwnd = 0
processInformation.lpFile = 'cmd.exe'
if waitForCompletion or triggerEvent:
si = STARTUPINFO()
si.dwFlags |= STARTF_USESHOWWINDOW
proc = popen("chcp", si) # DOS console codepage
data = proc.communicate()[0]
if not proc.returncode:
cp = "cp" + data.split()[-1].replace(".", "")
proc.stdout.close()
filename = join(eg.folderPath.TemporaryFiles,
"EventGhost-output-%s.txt" % ttime())
processInformation.lpParameters = '/S/C "%s" > %s' % (command,
filename)
processInformation.fMask = SEE_MASK_NOCLOSEPROCESS
else:
processInformation.lpParameters = '/S/C "%s"' % command
if runAsAdmin:
processInformation.lpVerb = "runas"
processInformation.nShow = 0
processInformation.hInstApp = 0
disableWOW64 = disableWOW64 and IsWin64()
if disableWOW64:
prevVal = Wow64DisableWow64FsRedirection()
if not windll.shell32.ShellExecuteExW(byref(processInformation)):
raise self.Exception(FormatError())
if disableWOW64:
Wow64RevertWow64FsRedirection(prevVal)
if waitForCompletion:
WaitForSingleObject(processInformation.hProcess, INFINITE)
exitCode = DWORD()
if not GetExitCodeProcess(processInformation.hProcess,
byref(exitCode)):
raise self.Exception(FormatError())
try:
data = code_open(filename, 'r', cp)
lines = data.readlines()
returnValue = "".join(lines)
data.close()
remove(filename)
except:
returnValue = ""
if triggerEvent:
if payload:
eg.TriggerEvent(suffix,
prefix=prefix,
payload=returnValue.rstrip())
else:
eg.TriggerEvent(suffix, prefix=prefix)
CloseHandle(processInformation.hProcess)
return returnValue.rstrip()
elif triggerEvent:
te = self.TriggerEvent(processInformation, suffix, prefix,
filename, cp, payload)
te.start()
else:
CloseHandle(processInformation.hProcess)
def __call__(
self,
pathname='',
arguments='',
winState=0,
waitForCompletion=False,
priority=2,
workingDir="",
triggerEvent=False,
disableWOW64=False,
):
returnValue = None
pathname = eg.ParseString(pathname)
if not workingDir:
workingDir = dirname(abspath(pathname))
arguments = eg.ParseString(arguments)
commandLine = create_unicode_buffer('"%s" %s' % (pathname, arguments))
startupInfo = STARTUPINFO()
startupInfo.cb = sizeof(STARTUPINFO)
startupInfo.dwFlags = STARTF_USESHOWWINDOW
startupInfo.wShowWindow = WINSTATE_FLAGS[winState]
priorityFlag = PRIORITY_FLAGS[priority]
processInformation = self.processInformation = PROCESS_INFORMATION()
disableWOW64 = disableWOW64 and IsWin64()
if disableWOW64:
prevVal = Wow64DisableWow64FsRedirection()
res = CreateProcess(
None, # lpApplicationName
commandLine, # lpCommandLine
None, # lpProcessAttributes
None, # lpThreadAttributes
False, # bInheritHandles
priorityFlag | CREATE_NEW_CONSOLE, # dwCreationFlags
None, # lpEnvironment
workingDir, # lpCurrentDirectory
startupInfo, # lpStartupInfo
processInformation # lpProcessInformation
)
if disableWOW64:
Wow64RevertWow64FsRedirection(prevVal)
suffix = "%s.%s" % (self.text.eventSuffix, splitext(
split(pathname)[1])[0])
prefix = self.plugin.name.replace(' ', '')
if res == 0:
raise self.Exception(FormatError())
if winState != 3 and PluginIsEnabled("Task"):
def callback(dummyHwnd, dummyMesg, wParam, lParam):
pids = GetPids(hwnd=lParam)
pid = pids[0] if pids else False
if pid == processInformation.dwProcessId:
try:
eg.messageReceiver.RemoveHandler(
WM_SHELLHOOKMESSAGE, refCallback)
except:
pass
sleep(0.3) # Wait for windows to appear
hwnds = GetHwnds(pid=processInformation.dwProcessId)
if hwnds:
#print "Focused via GetHwnds"
for hwnd in hwnds:
if IsWindowVisible(hwnd):
BringHwndToFront(hwnd)
break
elif IsWindowVisible(lParam):
#print "Focused via ShellHook"
BringHwndToFront(lParam)
elif not ProcessExists(processInformation.dwProcessId):
try:
eg.messageReceiver.RemoveHandler(
WM_SHELLHOOKMESSAGE, refCallback)
except:
pass
try:
eg.plugins.Window.FindWindow(basename(pathname))
if len(eg.lastFoundWindows):
#print "Focused via FindWindow"
BringHwndToFront(eg.lastFoundWindows[0])
except:
pass
refCallback = callback
WM_SHELLHOOKMESSAGE = RegisterWindowMessage("SHELLHOOK")
eg.messageReceiver.AddHandler(WM_SHELLHOOKMESSAGE, callback)
if waitForCompletion:
WaitForSingleObject(processInformation.hProcess, INFINITE)
exitCode = DWORD()
if not GetExitCodeProcess(processInformation.hProcess,
byref(exitCode)):
raise self.Exception(FormatError())
returnValue = exitCode.value
if triggerEvent:
eg.TriggerEvent(suffix, prefix=prefix)
CloseHandle(processInformation.hProcess)
CloseHandle(processInformation.hThread)
return returnValue
elif triggerEvent:
te = self.TriggerEvent(processInformation, suffix, prefix)
te.start()
else:
CloseHandle(processInformation.hProcess)
CloseHandle(processInformation.hThread)
def __call__(
self,
pathname='',
arguments='',
winState=0,
waitForCompletion=False,
priority=2,
workingDir="",
triggerEvent=False,
disableWOW64=False,
additionalSuffix="",
disableParsingPathname=False,
disableParsingArguments=False,
disableParsingAdditionalSuffix=False,
runAsAdmin=False,
):
if eg.config.refreshEnv:
eg.Environment.Refresh()
returnValue = None
pathname = expandvars(pathname)
arguments = expandvars(arguments)
workingDir = expandvars(workingDir)
if not disableParsingPathname:
pathname = eg.ParseString(pathname)
if not disableParsingArguments:
arguments = eg.ParseString(arguments)
if not disableParsingAdditionalSuffix:
additionalSuffix = eg.ParseString(additionalSuffix)
if not workingDir:
workingDir = dirname(abspath(pathname))
processInformation = self.processInformation = SHELLEXECUTEINFO()
processInformation.cbSize = sizeof(processInformation)
processInformation.hwnd = 0
processInformation.lpFile = pathname
processInformation.lpParameters = arguments
processInformation.lpDirectory = workingDir
processInformation.nShow = WINSTATE_FLAGS[winState]
processInformation.hInstApp = 0
processInformation.fMask = SEE_MASK_NOCLOSEPROCESS
if runAsAdmin:
processInformation.lpVerb = "runas"
disableWOW64 = disableWOW64 and IsWin64()
if disableWOW64:
prevVal = Wow64DisableWow64FsRedirection()
activeThread = GetWindowThreadProcessId(GetForegroundWindow(), None)
currentThread = GetCurrentThreadId()
attached = AttachThreadInput(currentThread, activeThread, True)
if not windll.shell32.ShellExecuteExW(byref(processInformation)):
raise self.Exception(FormatError())
if attached:
AttachThreadInput(currentThread, activeThread, False)
if disableWOW64:
Wow64RevertWow64FsRedirection(prevVal)
if priority != 2:
try:
SetPriorityClass(processInformation.hProcess,
PRIORITY_FLAGS[priority])
priorityClass = GetPriorityClass(processInformation.hProcess)
if priorityClass != PRIORITY_FLAGS[priority]:
raise
except:
pid = windll.kernel32.GetProcessId(processInformation.hProcess)
pi = SHELLEXECUTEINFO()
pi.cbSize = sizeof(pi)
pi.lpFile = r"C:\Windows\System32\wbem\wmic.exe"
pi.lpParameters = (
"process where processid=%d CALL setpriority %d" %
(pid, PRIORITY_FLAGS[priority]))
pi.lpVerb = "runas"
if not windll.shell32.ShellExecuteExW(byref(pi)):
eg.PrintError(self.text.priorityIssue)
suffix = "%s.%s" % (self.text.eventSuffix, splitext(
split(pathname)[1])[0])
if additionalSuffix != "":
suffix = suffix + "." + additionalSuffix
prefix = self.plugin.name.replace(' ', '')
if waitForCompletion:
WaitForSingleObject(processInformation.hProcess, INFINITE)
exitCode = DWORD()
if not GetExitCodeProcess(processInformation.hProcess,
byref(exitCode)):
raise self.Exception(FormatError())
returnValue = exitCode.value
if triggerEvent:
eg.TriggerEvent(suffix, prefix=prefix)
CloseHandle(processInformation.hProcess)
return returnValue
elif triggerEvent:
te = self.TriggerEvent(processInformation, suffix, prefix)
te.start()
else:
CloseHandle(processInformation.hProcess)