Changeset 1763

Show
Ignore:
Timestamp:
08/22/08 11:05:31 (3 months ago)
Author:
xkovah
Message:

BAM! By throwing cmd.exe into a job object, I can make it so that when I terminate the job object, I terminate cmd.exe and whatever child processes it spawned to open the document. While we don't want to terminate it in the malicious case (we will need to query the events buffer which I need to find or make to see if it is empty), in the non-malicious case, we need to clean up so that the VM can be reused without having a bunch of open documents/applications sucking up memory

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • capture-mod/trunk/CaptureSoapServer.cpp

    r1762 r1763  
    1111#include "Visitor.h" 
    1212#include "b64.h" 
     13//#include <winbase.h> //Shouldn't need to include this 
    1314 
    1415CaptureSoapServer::CaptureSoapServer(Visitor* v){ 
     
    196197    //Create the string for the parameters 
    197198    wchar_t * docName = new wchar_t[1024]; 
    198     wsprintf(docName, L"/D %hs", fileName); 
     199    wsprintf(docName, L"/K %hs", fileName); 
     200 
     201    //Create a job object to bind the processes I launch to 
     202    HANDLE myJobObj = CreateJobObject(NULL, NULL); 
     203    if(myJobObj == NULL){ 
     204        printf("CreateJobObject failed with error %d\n", GetLastError()); 
     205    } 
    199206 
    200207    //open with cmd.exe 
    201208    STARTUPINFO myStart; 
    202209    memset(&myStart, 0, sizeof(STARTUPINFO)); 
    203     myStart.dwFlags = 0; 
    204210    PROCESS_INFORMATION procInfo; 
    205     BOOL b = CreateProcess(L"C:\\WINDOWS\\system32\\cmd.exe", L"", NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS,  
     211    BOOL b = CreateProcess(L"C:\\WINDOWS\\system32\\cmd.exe", docName, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS,  
    206212                            NULL, NULL, &myStart, &procInfo); 
    207213    if(!b){ 
     
    209215        return SOAP_ERR; 
    210216    } 
     217     
     218    //Add the process to the job object 
     219    b = AssignProcessToJobObject(myJobObj, procInfo.hProcess); 
     220    if(!b){ 
     221        printf("AssignProcessToJobObject failed with error %d\n", GetLastError()); 
     222        return SOAP_ERR; 
     223    } 
    211224 
    212225    if(debug) printf("dwProcessId = %d, dwThreadId = %d\n", procInfo.dwProcessId, procInfo.dwThreadId); 
    213  
     226    if(debug) printf("Sleeping for 15 seconds\n"); 
     227    Sleep(15000); 
     228    if(debug) printf("\n\nDone sleeping\n\n"); 
     229     
     230    //Nt/ZwQuerySystemInformation? 
     231 
     232    /* 
     233    b = TerminateProcess(procInfo.hProcess, 0); 
     234    if(!b){ 
     235        printf("TerminateProcess failed with error %d\n", GetLastError()); 
     236        return SOAP_ERR; 
     237    } 
     238    */ 
     239    b = TerminateJobObject(myJobObj, 0); 
     240    if(!b){ 
     241        printf("TerminateProcess failed with error %d\n", GetLastError()); 
     242        return SOAP_ERR; 
     243    } 
    214244    CloseHandle(procInfo.hProcess); 
    215245    CloseHandle(procInfo.hThread); 
    216246 
     247    result = 1; 
    217248    return SOAP_OK; 
    218249} 

  • capture-mod/trunk/CaptureSoapServer.h

    r1729 r1763  
    44 
    55#pragma once 
    6 //#include "captureGSOAP.h" 
     6#include "CaptureGlobal.h" 
    77#include "Thread.h" 
    8  
    9 #include "CaptureGlobal.h" 
    108#include <string> 
    119#include <queue>