From d8e4c27956e037188d5d628c63654a6bd537e435 Mon Sep 17 00:00:00 2001 From: Adrian Date: Wed, 27 Aug 2025 19:58:14 +0200 Subject: [PATCH] poprawka do logiki odczytywania danych sesji rdp, usuniecie zbednych funkcji --- SSP_DLL/interprocessSSP.cpp | 395 ++++++------------------------------ SSP_DLL/interprocessSSP.h | 9 - 2 files changed, 60 insertions(+), 344 deletions(-) diff --git a/SSP_DLL/interprocessSSP.cpp b/SSP_DLL/interprocessSSP.cpp index 3df446d..aa5b9a1 100644 --- a/SSP_DLL/interprocessSSP.cpp +++ b/SSP_DLL/interprocessSSP.cpp @@ -27,7 +27,7 @@ void get_LUID_string(const PLUID luid, PWSTR out, size_t out_len) { StringCchPrintfW(out, out_len, L"%08x-%08x", luid->HighPart, luid->LowPart); } -BOOL get_PIDs_from_sessionID(DWORD in_session_id, RELATED_PROCESSES *session_processes, BOOL update_flag) { +BOOL get_PIDs_from_sessionID(DWORD in_session_id, RELATED_PROCESSES* session_processes, BOOL update_flag) { WCHAR function_name[40] = { 0 }; MultiByteToWideChar(CP_ACP, 0, __FUNCTION__, -1, function_name, ARRAYSIZE(function_name)); @@ -71,296 +71,59 @@ BOOL get_PIDs_from_sessionID(DWORD in_session_id, RELATED_PROCESSES *session_pro { continue; } + + bool already_exists = FALSE; if (update_flag) { for (DWORD i = 0; i < session_processes->count; i++) { - if (CompareStringOrdinal(pe.szExeFile, -1, - session_processes->process[session_processes->count].process_name, - -1, TRUE) == CSTR_EQUAL && - session_processes->process[session_processes->count].pid == pe.th32ProcessID) + if (CompareStringOrdinal(pe.szExeFile, -1, + session_processes->process[i].process_name, -1, TRUE) == CSTR_EQUAL && + session_processes->process[i].pid == pe.th32ProcessID) { log_line(LOG_TYPE_DEBUG, - L"[%s] Dla sesji ID = %lu, proces = %s, PID = %lu. juz istnieje...", + L"[%s] Dla sesji ID = %lu, proces = %s, PID = %lu juz istnieje...", function_name, - session_processes->process[session_processes->count].process_name, - session_processes->process[session_processes->count].pid + in_session_id, + session_processes->process[i].process_name, + session_processes->process[i].pid ); - continue; - } - session_processes->process[session_processes->count].pid = pe.th32ProcessID; - session_processes->process[session_processes->count].pid; - StringCchCopyW(session_processes->process[session_processes->count].process_name, - ARRAYSIZE(session_processes->process[session_processes->count].process_name), - pe.szExeFile); - log_line(LOG_TYPE_DEBUG, - L"[%s] Wykryto dodatkowy proces dla sesji = %s, PID = %lu.", - function_name, - session_processes->process[session_processes->count].process_name, - session_processes->process[session_processes->count].pid - ); - session_processes->count++; - } - - } - else { - session_processes->process[session_processes->count].pid = pe.th32ProcessID; - session_processes->process[session_processes->count].pid; - StringCchCopyW(session_processes->process[session_processes->count].process_name, - ARRAYSIZE(session_processes->process[session_processes->count].process_name), - pe.szExeFile); - log_line(LOG_TYPE_DEBUG, - L"[%s] Wykryto proces dla sesji = %s, PID = %lu.", - function_name, - session_processes->process[session_processes->count].process_name, - session_processes->process[session_processes->count].pid - ); - session_processes->count++; - } - } - } - } while (Process32NextW(hSnap, &pe)); - } - - return TRUE; -} - -BOOL get_PID_from_SessionID(DWORD in_session_id, DWORD *pid, WCHAR *pid_exe_name) { - WCHAR function_name[40] = { 0 }; - MultiByteToWideChar(CP_ACP, 0, __FUNCTION__, -1, function_name, ARRAYSIZE(function_name)); - - DWORD processes_count = 0; - - HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); - if (hSnap == INVALID_HANDLE_VALUE) { - log_line(LOG_TYPE_ERROR, L"[%s] Blad CreateToolhelp32Snapshot", function_name); - return FALSE; - } - - PROCESSENTRY32W pe; - pe.dwSize = sizeof(pe); - - if (Process32FirstW(hSnap, &pe)) { - do { - DWORD procSessionId = 0; - if (ProcessIdToSessionId(pe.th32ProcessID, &procSessionId)) { - if (procSessionId == in_session_id) { - // jesli PID jest jednym z istotnych procesow systemowych - NIE UBIJAJ - if (CompareStringOrdinal(pe.szExeFile, -1, L"services.exe", -1, TRUE) == CSTR_EQUAL || - CompareStringOrdinal(pe.szExeFile, -1, L"smss.exe", -1, TRUE) == CSTR_EQUAL || - CompareStringOrdinal(pe.szExeFile, -1, L"wininit.exe", -1, TRUE) == CSTR_EQUAL || - CompareStringOrdinal(pe.szExeFile, -1, L"lsass.exe", -1, TRUE) == CSTR_EQUAL || - CompareStringOrdinal(pe.szExeFile, -1, L"csrss.exe", -1, TRUE) == CSTR_EQUAL) - { - continue; - } - *pid = pe.th32ProcessID; - StringCchCopyW(pid_exe_name, 64, pe.szExeFile); - processes_count++; - break; - } - } - } while (Process32NextW(hSnap, &pe)); - } - if (processes_count > 1) { - log_line(LOG_TYPE_DEBUG, - L"[%s] Odnaleziono %lu procesow.", - function_name, - processes_count - ); - } - log_line(LOG_TYPE_DEBUG, - L"[%s] Skorelowano sesje RDP z procesem: %s, PID: %lu, ID sesji RDP: %lu", - function_name, - pid_exe_name, - *pid, - in_session_id - ); - return TRUE; -} -/* -FIND_SESSION_STATUS find_remote_domain_user_session(PSID user_sid, PUNICODE_STRING domain_username, DWORD *out_session_id) { - PWTS_SESSION_INFO session_info = NULL; - DWORD session_count = 0; - - WCHAR function_name[64] = { 0 }; - MultiByteToWideChar(CP_ACP, 0, __FUNCTION__, -1, function_name, ARRAYSIZE(function_name)); - - if (!WTSEnumerateSessionsW(WTS_CURRENT_SERVER_HANDLE, 0, 1, &session_info, &session_count)) { - log_line(LOG_TYPE_ERROR, L"[%s] Blad pobierania sesji WTSEnumerateSessions", function_name); - return FIND_SESSION_ERROR; - } - - BOOL is_rdp_session_empty = TRUE; - for (int i = 0; i < MAX_RDP_SESSIONS; i++) { - if (remote_interactive_sessions[i].active) { - is_rdp_session_empty = FALSE; - } - } - WCHAR sid_string[128] = { 0 }; - check_SID(user_sid, sid_string, ARRAYSIZE(sid_string)); - - if (!is_rdp_session_empty) { - log_line(LOG_TYPE_DEBUG, - L"[%s] Wykryto istniejace sesje RDP...", function_name); - for (int i = 0; i < MAX_RDP_SESSIONS; i++) { - if (compare_unicode_with_wchar(domain_username, remote_interactive_sessions[i].domain_username) - && wcscmp(sid_string, remote_interactive_sessions[i].user_sid) == 0) - { - - for (DWORD j = 0; j < session_count; j++) { - DWORD session_Id = session_info[j].SessionId; - USHORT* protocol = NULL; - DWORD bytesReturned = 0; - - if (WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, session_Id, WTSClientProtocolType, (LPWSTR*)&protocol, &bytesReturned)) { - if (*protocol == WTS_PROTOCOL_RDP) { - - WTS_CLIENT_ADDRESS* address_ptr = NULL; - if (WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, session_Id, WTSClientAddress, (LPWSTR*)&address_ptr, &bytesReturned)) { - - WCHAR client_ip[INET_ADDRSTRLEN] = { 0 }; - - struct sockaddr_in sa; - ZeroMemory(&sa, sizeof(sa)); - sa.sin_family = AF_INET; - CopyMemory(&sa.sin_addr, &address_ptr->Address[2], 4); - - if (!InetNtopW(AF_INET, &sa.sin_addr, client_ip, INET_ADDRSTRLEN)) { - log_line(LOG_TYPE_ERROR, L"[%s] Blad konwersji IP w InetNtopW", function_name); - WTSFreeMemory(address_ptr); - WTSFreeMemory(protocol); - return FIND_SESSION_ERROR; - } - /* - log_line(LOG_TYPE_DEBUG, - L"[%s] Przed konwersja IP...", function_name); - - - if (wcscmp(client_ip, remote_interactive_sessions[i].ip_address) != 0) { - WTSFreeMemory(address_ptr); - WTSFreeMemory(protocol); - return FIND_SESSION_ERROR; - } - /*log_line(LOG_TYPE_DEBUG, - L"[%s] Po konwersji IP...", function_name); - - WCHAR user_name[64] = { 0 }; - PWTSCLIENTW pClient = NULL; - DWORD bytes = 0; - - if (WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, session_Id, WTSClientInfo, (LPWSTR*)&pClient, &bytes) && pClient) { - log_line(LOG_TYPE_DEBUG, - L"[%s] Dla konta: %s, z IP: %s, SID: %s juz istnieje zapoczatkowana sesja RDP!", - function_name, - pClient->UserName, - client_ip, - sid_string); - WTSFreeMemory(pClient); - } - WTSFreeMemory(address_ptr); - WTSFreeMemory(protocol); - - return FIND_SESSION_FOUND; + already_exists = TRUE; + break; } } - WTSFreeMemory(protocol); - } - } - } - } - } - for (DWORD i = 0; i < session_count; i++) { - DWORD session_Id = session_info[i].SessionId; - - USHORT* protocol = NULL; - DWORD bytesReturned = 0; - - if (WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, session_Id, WTSClientProtocolType, (LPWSTR*)&protocol, &bytesReturned)) { - if (*protocol == WTS_PROTOCOL_RDP) { - LPWSTR data_buffer = NULL; - - WCHAR user_name[64] = { 0 }; - WCHAR domain_name[64] = { 0 }; - WCHAR client_name[64] = { 0 }; - WCHAR protocol_type[16] = { 0 }; - WCHAR client_ip[INET_ADDRSTRLEN] = { 0 }; - - WTS_CLIENT_ADDRESS* address_ptr = NULL; - - copy_lpwstr_string(remote_protocol_type_to_string(*protocol), protocol_type, ARRAYSIZE(protocol_type)); - - retrieve_session_data(session_Id, WTSUserName, user_name, ARRAYSIZE(user_name)); - retrieve_session_data(session_Id, WTSDomainName, domain_name, ARRAYSIZE(domain_name)); - retrieve_session_data(session_Id, WTSClientName, client_name, ARRAYSIZE(client_name)); - - if (WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, session_Id, WTSClientAddress, (LPWSTR*)&address_ptr, &bytesReturned)) { - if (address_ptr->AddressFamily == AF_INET) { - struct sockaddr_in sa; - ZeroMemory(&sa, sizeof(sa)); - sa.sin_family = AF_INET; - CopyMemory(&sa.sin_addr, &address_ptr->Address[2], 4); - - if (!InetNtopW(AF_INET, &sa.sin_addr, client_ip, INET_ADDRSTRLEN)) { - log_line(LOG_TYPE_ERROR, L"[%s] Blad konwersji IP w InetNtopW", function_name); - WTSFreeMemory(protocol); - WTSFreeMemory(address_ptr); - return FIND_SESSION_ERROR; + if (already_exists) { + continue; } } - WTSFreeMemory(address_ptr); - } - PWTSCLIENTW pClient = NULL; - DWORD bytes = 0; - - if (WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, session_Id, WTSClientInfo, (LPWSTR*)&pClient, &bytes) && pClient) { + session_processes->process[session_processes->count].pid = pe.th32ProcessID; + session_processes->process[session_processes->count].pid; + StringCchCopyW(session_processes->process[session_processes->count].process_name, + ARRAYSIZE(session_processes->process[session_processes->count].process_name), + pe.szExeFile); log_line(LOG_TYPE_DEBUG, - L"[%s] Przechwycono sesje RemoteInteractive: Nazwa konta: %s, Domena: %s, Nazwa maszyny: %s, IP: %s, Protokol: %s", + L"[%s] Wykryto dodatkowy proces dla sesji = %s, PID = %lu.", function_name, - pClient->UserName, - pClient->Domain, - pClient->ClientName, - client_ip, - protocol_type); + session_processes->process[session_processes->count].process_name, + session_processes->process[session_processes->count].pid + ); + session_processes->count++; } - - for (int i = 0; i < MAX_RDP_SESSIONS; i++) { - if (!remote_interactive_sessions[i].active) { - remote_interactive_sessions[i].active = TRUE; - StringCchCopyW(remote_interactive_sessions[i].user_sid, ARRAYSIZE(remote_interactive_sessions[i].user_sid), sid_string); - StringCchCopyW(remote_interactive_sessions[i].domain_username, ARRAYSIZE(remote_interactive_sessions[i].domain_username), pClient->UserName); - StringCchCopyW(remote_interactive_sessions[i].ip_address, ARRAYSIZE(remote_interactive_sessions[i].ip_address), client_ip); - - log_line(LOG_TYPE_DEBUG, L"[%s] Dodano sesje RDP do kolejki... Dane sesji: User SID: %s, Nazwa konta: %s, IP: %s", - function_name, - remote_interactive_sessions[i].user_sid, - remote_interactive_sessions[i].domain_username, - remote_interactive_sessions[i].ip_address); - WTSFreeMemory(pClient); - WTSFreeMemory(protocol); - WTSFreeMemory(session_info); - - *out_session_id = session_Id; - - return FIND_SESSION_NOT_FOUND; - } - } - WTSFreeMemory(pClient); } - WTSFreeMemory(protocol); - } + } while (Process32NextW(hSnap, &pe)); } - WTSFreeMemory(session_info); - return FIND_SESSION_ERROR; + CloseHandle(hSnap); + + return TRUE; } -*/ + BOOL retrieve_session_data(DWORD session_id, WTS_INFO_CLASS info, WCHAR* out_buff, size_t out_size) { LPWSTR data_buffer = NULL; DWORD bytes_returned = 0; if (!WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, session_id, info, &data_buffer, &bytes_returned)) { - log_line(LOG_TYPE_ERROR, L"[%s] Blad przy pozyskiwaniu WTS_INFO_CLASS, kod: %lu...", - L"retrieve_session_data", + log_line(LOG_TYPE_ERROR, L"[%s] Blad przy pozyskiwaniu WTS_INFO_CLASS, kod: %lu...", + L"retrieve_session_data", DWORD(info)); return FALSE; } @@ -375,12 +138,12 @@ BOOL retrieve_session_data(DWORD session_id, WTS_INFO_CLASS info, WCHAR* out_buf WTSFreeMemory(data_buffer); return TRUE; } - + copy_lpwstr_string((LPWSTR)NULL, out_buff, out_size); return TRUE; } -BOOL convert_ip_addr_to_string(WTS_CLIENT_ADDRESS *ip, WCHAR *ip_data) { +BOOL convert_ip_addr_to_string(WTS_CLIENT_ADDRESS* ip, WCHAR* ip_data) { if (ip->AddressFamily == AF_INET) { struct sockaddr_in sa; ZeroMemory(&sa, sizeof(sa)); @@ -401,8 +164,8 @@ BOOL convert_ip_addr_to_string(WTS_CLIENT_ADDRESS *ip, WCHAR *ip_data) { StringCchCatW(buffer, ARRAYSIZE(buffer), temp); } - log_line(LOG_TYPE_WARNING, L"[%s] Nieobslugiwany format adresu, kod: %lu, zawartosc addressFamily: %s...", - L"convert_ip_addr_to_string", + log_line(LOG_TYPE_WARNING, L"[%s] Nieobslugiwany format adresu, kod: %lu, zawartosc addressFamily: %s...", + L"convert_ip_addr_to_string", ip->AddressFamily, buffer); return FALSE; @@ -422,7 +185,7 @@ void print_kerberos_module_functions(HMODULE kerberos_module) { return; IMAGE_NT_HEADERS* ntHeaders = (IMAGE_NT_HEADERS*)(base_address + dos_header->e_lfanew); - if (ntHeaders->Signature != IMAGE_NT_SIGNATURE) + if (ntHeaders->Signature != IMAGE_NT_SIGNATURE) return; IMAGE_DATA_DIRECTORY exportDir = ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; @@ -542,7 +305,7 @@ void free_rdp_sessions_array() { ZeroMemory(&rdp_sessions, sizeof(rdp_sessions)); } -MATCH_SESSION_STATUS match_existing_rdp_sessions(DWORD in_session_id, DWORD *out_session_id) { +MATCH_SESSION_STATUS match_existing_rdp_sessions(DWORD in_session_id, DWORD* out_session_id) { WCHAR function_name[40] = { 0 }; MultiByteToWideChar(CP_ACP, 0, __FUNCTION__, -1, function_name, ARRAYSIZE(function_name)); @@ -553,8 +316,8 @@ MATCH_SESSION_STATUS match_existing_rdp_sessions(DWORD in_session_id, DWORD *out if (rdp_sessions.session_count == 0) { //utworz nowa sesje - log_line(LOG_TYPE_INFO, - L"[%s] Wykryto nowa sesje RDP - Brak aktywnych sesji RDP uzytkownikow domenowych, dodawanie nowej...", + log_line(LOG_TYPE_INFO, + L"[%s] Wykryto nowa sesje RDP - Brak aktywnych sesji RDP uzytkownikow domenowych, dodawanie nowej...", function_name); *out_session_id = in_session_id; @@ -564,9 +327,9 @@ MATCH_SESSION_STATUS match_existing_rdp_sessions(DWORD in_session_id, DWORD *out for (DWORD i = 0; i < rdp_sessions.session_count; i++) { RDP_SESSION_DATA* sess = &rdp_sessions.session_data[i]; - /* + /* * w przypadku gdy id sesji zgadza sie z juz istniejaca : - * sprawdz czy jest valid - jesli jest valid, to znaczy ze MFA + * sprawdz czy jest valid - jesli jest valid, to znaczy ze MFA * zostalo we wczesniejszej zaakceptowane i zaktualizuj proces wazny dla sesji RDP * jesli nie zostalo zaakceptowane - ubij procesy */ @@ -580,55 +343,7 @@ MATCH_SESSION_STATUS match_existing_rdp_sessions(DWORD in_session_id, DWORD *out in_session_id); return SESSION_UPDATE_EXISTING; } - else { - /* - DWORD pid = 0; - WCHAR proc_name[128] = { 0 }; - - DWORD processes_count = 0; - - HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); - if (hSnap == INVALID_HANDLE_VALUE) { - log_line(LOG_TYPE_ERROR, L"[%s] Blad CreateToolhelp32Snapshot", function_name); - //return FALSE; - } - - PROCESSENTRY32W pe; - pe.dwSize = sizeof(pe); - - if (Process32FirstW(hSnap, &pe)) { - do { - DWORD procSessionId = 0; - if (ProcessIdToSessionId(pe.th32ProcessID, &procSessionId)) { - if (procSessionId == in_session_id) { - // jesli PID jest jednym z istotnych procesow systemowych - NIE UBIJAJ - if (CompareStringOrdinal(pe.szExeFile, -1, L"services.exe", -1, TRUE) == CSTR_EQUAL || - CompareStringOrdinal(pe.szExeFile, -1, L"smss.exe", -1, TRUE) == CSTR_EQUAL || - CompareStringOrdinal(pe.szExeFile, -1, L"wininit.exe", -1, TRUE) == CSTR_EQUAL || - CompareStringOrdinal(pe.szExeFile, -1, L"lsass.exe", -1, TRUE) == CSTR_EQUAL || - CompareStringOrdinal(pe.szExeFile, -1, L"csrss.exe", -1, TRUE) == CSTR_EQUAL) - { - continue; - } - //processes_count++; - log_line(LOG_TYPE_DEBUG, - L"[%s] Odnaleziono proces: %s, PID: %lu", - function_name, - pe.szExeFile, - pe.th32ProcessID - ); - } - } - } while (Process32NextW(hSnap, &pe)); - } - if (processes_count > 1) { - log_line(LOG_TYPE_DEBUG, - L"[%s] Odnaleziono %lu procesow.", - function_name, - processes_count - ); - } - */ + else { log_line(LOG_TYPE_INFO, L"[%s] Sesja RDP ID = %lu juz istnieje i zostala odrzucona...", function_name, @@ -636,6 +351,15 @@ MATCH_SESSION_STATUS match_existing_rdp_sessions(DWORD in_session_id, DWORD *out return SESSION_TERMINATE_EXISTING; } } + else { + log_line(LOG_TYPE_INFO, + L"[%s] Wykryto juz istniejace sesje RDP, dodawanie nowej sesji o ID = %lu...", + function_name, + in_session_id); + *out_session_id = in_session_id; + + return SESSION_CREATE_NEW; + } } } log_line(LOG_TYPE_ERROR, @@ -725,11 +449,12 @@ BOOL create_new_rdp_session(PSID user_psid, DWORD session_id) { if (get_PIDs_from_sessionID(session_id, new_session.processes, FALSE)) { //terminate_remaining_processes(new_session.processes, session_id); }*/ - } else { + } + else { log_line(LOG_TYPE_ERROR, L"[%s] MFA zaakceptowane, procedowanie polaczenia...", function_name); - new_session.valid = TRUE; + new_session.valid = TRUE; } if (get_PIDs_from_sessionID(session_id, new_session.processes, FALSE)) { @@ -825,7 +550,7 @@ BOOL terminate_remaining_processes(RELATED_PROCESSES* session_processes, DWORD s return TRUE; } -BOOL add_session_to_list(const RDP_SESSION_DATA *session) { +BOOL add_session_to_list(const RDP_SESSION_DATA* session) { WCHAR function_name[40] = { 0 }; MultiByteToWideChar(CP_ACP, 0, __FUNCTION__, -1, function_name, ARRAYSIZE(function_name)); @@ -853,7 +578,7 @@ BOOL add_session_to_list(const RDP_SESSION_DATA *session) { rdp_sessions.capacity = new_capacity; } - rdp_sessions.session_data[rdp_sessions.session_count++] = *session; + rdp_sessions.session_data[rdp_sessions.session_count - 1] = *session; return TRUE; } @@ -866,7 +591,7 @@ BOOL remove_session_from_list(DWORD sess_id) { RDP_SESSION_DATA* sess = &rdp_sessions.session_data[i]; if (sess->session_id == sess_id) { log_line(LOG_TYPE_DEBUG, - L"[%s] Usuwanie sesji RDP: %lu z listy --> PSID: %s, IP: %s, Nazwa konta: %s...", + L"[%s] Usuwanie sesji RDP ID = %lu z listy --> PSID: %s, IP: %s, Nazwa konta: %s...", function_name, sess_id, sess->user_sid, @@ -896,7 +621,7 @@ BOOL remove_session_from_list(DWORD sess_id) { return TRUE; } -BOOL retrieve_rdp_session_info(DWORD session_id, RDP_SESSION_DATA *session_data, PSID user_psid) { +BOOL retrieve_rdp_session_info(DWORD session_id, RDP_SESSION_DATA* session_data, PSID user_psid) { WCHAR function_name[40] = { 0 }; MultiByteToWideChar(CP_ACP, 0, __FUNCTION__, -1, function_name, ARRAYSIZE(function_name)); @@ -938,7 +663,7 @@ BOOL retrieve_rdp_session_info(DWORD session_id, RDP_SESSION_DATA *session_data, return TRUE; } -void format_data_for_connection(DWORD session_id, char *buffer) { +void format_data_for_connection(DWORD session_id, char* buffer) { char dns[64] = { 0 }; char user[64] = { 0 }; for (DWORD i = 0; i < rdp_sessions.session_count; i++) { @@ -949,4 +674,4 @@ void format_data_for_connection(DWORD session_id, char *buffer) { } } StringCchPrintfA(buffer, 192, "{\"Domena\":\"%s\",\"Nazwa konta\":\"%s\"}", dns, user); -} \ No newline at end of file +} diff --git a/SSP_DLL/interprocessSSP.h b/SSP_DLL/interprocessSSP.h index ee2a029..bc97352 100644 --- a/SSP_DLL/interprocessSSP.h +++ b/SSP_DLL/interprocessSSP.h @@ -78,16 +78,7 @@ void get_LUID_string(const PLUID luid, PWSTR out, size_t out_len); BOOL get_PIDs_from_sessionID(DWORD in_session_id, RELATED_PROCESSES* session_processes, BOOL update_flag); -BOOL get_PID_from_SessionID(DWORD in_session_id, DWORD* pid, WCHAR* pid_exe_name); - -/* RDP SESSIONS */ - -// do celow testowych -//FIND_SESSION_STATUS find_remote_domain_user_session(PSID user_sid, PUNICODE_STRING domain_username, DWORD* out_session_id); - BOOL retrieve_session_data(DWORD session_id, WTS_INFO_CLASS info, WCHAR* out_buff, size_t out_size); -//RDP SESSIONS - void print_kerberos_module_functions(HMODULE kerberos_module);