VBoxServiceVMInfo-win.cpp revision aaa2d8be4f9e54279d4c4799f8a474e3dd4320ef
/* $Id$ */
/** @file
* VBoxService - Virtual Machine Information for the Host, Windows specifics.
*/
/*
* Copyright (C) 2009-2010 Oracle Corporation
*
* This file is part of VirtualBox Open Source Edition (OSE), as
* available from http://www.virtualbox.org. This file is free software;
* General Public License (GPL) as published by the Free Software
* Foundation, in version 2 as it comes in the "COPYING" file of the
* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
*/
/*******************************************************************************
* Header Files *
*******************************************************************************/
#endif
#include <Windows.h>
#include <wtsapi32.h> /* For WTS* calls. */
#include <psapi.h> /* EnumProcesses. */
#include <Ntsecapi.h> /* Needed for process security information. */
#include <iprt/semaphore.h>
#include <VBox/VBoxGuestLib.h>
#include "VBoxServiceInternal.h"
#include "VBoxServiceUtils.h"
/*******************************************************************************
* Structures and Typedefs *
*******************************************************************************/
/** Structure for storing the looked up user information. */
typedef struct
{
/** Number of assigned user processes. */
/** Last (highest) session number. This
* is needed for distinguishing old session
* process counts from new (current) session
* ones. */
/** Structure for the file information lookup. */
typedef struct
{
char *pszFilePath;
char *pszFileName;
/** Structure for process information lookup. */
typedef struct
{
/** The PID. */
/** The LUID. */
/** Interactive process. */
bool fInteractive;
/*******************************************************************************
* Prototypes
*******************************************************************************/
uint32_t VBoxServiceVMInfoWinSessionHasProcesses(PLUID pSession, PVBOXSERVICEVMINFOPROC const paProcs, DWORD cProcs);
#ifndef TARGET_NT4
/**
* Retrieves the module name of a given process.
*
* @return IPRT status code.
* @param pProc
* @param pszBuf
* @param cbBuf
*/
{
{
/* Platform other than NT (e.g. Win9x) not supported. */
return VERR_NOT_SUPPORTED;
}
int rc = VINF_SUCCESS;
if (h == NULL)
{
if (g_cVerbosity)
VBoxServiceError("Unable to open process with PID=%ld, error=%ld\n",
}
else
{
/* Since GetModuleFileNameEx has trouble with cross-bitness stuff (32-bit apps cannot query 64-bit
apps and vice verse) we have to use a different code path for Vista and up. */
/* Note: For 2000 + NT4 we might just use GetModuleFileName() instead. */
{
/* Loading the module and getting the symbol for each and every process is expensive
* -- since this function (at the moment) only is used for debugging purposes it's okay. */
if (RT_SUCCESS(rc))
{
if (RT_SUCCESS(rc))
{
}
}
}
else
{
}
CloseHandle(h);
}
return rc;
}
/**
* Fills in more data for a process.
*
* @returns VBox status code.
* @param pProc The process structure to fill data into.
* @param tkClass The kind of token information to get.
*/
{
if (h == NULL)
{
dwErr = GetLastError();
if (g_cVerbosity > 4)
VBoxServiceError("Unable to open process with PID=%ld, error=%ld\n",
return RTErrConvertFromWin32(dwErr);
}
int rc = VINF_SUCCESS;
{
void *pvTokenInfo = NULL;
switch (tkClass)
{
case TokenStatistics:
dwTokenInfoSize = sizeof(TOKEN_STATISTICS);
break;
case TokenGroups:
dwTokenInfoSize = 0;
/* Allocating will follow in a second step. */
break;
/** @todo Implement more token classes here. */
default:
break;
}
if (RT_SUCCESS(rc))
{
{
dwErr = GetLastError();
if (dwErr == ERROR_INSUFFICIENT_BUFFER)
{
switch (tkClass)
{
case TokenGroups:
if (!pvTokenInfo)
dwErr = GetLastError();
break;
default:
AssertMsgFailed(("Re-allocating of token information for token class not implemented\n"));
break;
}
if (dwErr == ERROR_SUCCESS)
{
dwErr = GetLastError();
}
}
}
if (dwErr == ERROR_SUCCESS)
{
rc = VINF_SUCCESS;
switch (tkClass)
{
case TokenStatistics:
{
/** @todo Add more information of TOKEN_STATISTICS as needed. */
break;
}
case TokenGroups:
{
pProc->fInteractive = false;
dwErr = GetLastError();
if (dwErr == ERROR_SUCCESS)
{
dwErr = GetLastError();
}
if (dwErr == ERROR_SUCCESS)
{
{
{
pProc->fInteractive = true;
break;
}
}
}
if (pSidInteractive)
if (pSidLocal)
break;
}
default:
AssertMsgFailed(("Unhandled token information class\n"));
break;
}
}
if (pvTokenInfo)
}
}
else
dwErr = GetLastError();
if (dwErr != ERROR_SUCCESS)
{
if (g_cVerbosity)
VBoxServiceError("Unable to query token information for PID=%ld, error=%ld\n",
}
CloseHandle(h);
return rc;
}
/**
* Enumerate all the processes in the system and get the logon user IDs for
* them.
*
* @returns VBox status code.
* @param ppaProcs Where to return the process snapshot. This must be
* freed by calling VBoxServiceVMInfoWinProcessesFree.
*
* @param pcProcs Where to store the returned process count.
*/
{
/*
* Call EnumProcesses with an increasingly larger buffer until it all fits
* or we think something is screwed up.
*/
int rc = VINF_SUCCESS;
do
{
/* Allocate / grow the buffer first. */
cProcesses *= 2;
if (!pvNew)
{
rc = VERR_NO_MEMORY;
break;
}
/* Query the processes. Not the cbRet == buffer size means there could be more work to be done. */
{
break;
}
{
break;
}
} while (cProcesses <= _32K); /* Should be enough; see: http://blogs.technet.com/markrussinovich/archive/2009/07/08/3261309.aspx */
if (RT_SUCCESS(rc))
{
/*
* Allocate out process structures and fill data into them.
* We currently only try lookup their LUID's.
*/
if (paProcs)
{
for (DWORD i = 0; i < cProcesses; i++)
{
if (RT_FAILURE(rc))
{
Windows, we should not consider to be this an error here. */
rc = VINF_SUCCESS;
}
else
{
if (RT_FAILURE(rc))
{
Windows, we should not consider to be this an error here. */
rc = VINF_SUCCESS;
}
}
}
/* Save number of processes */
if (RT_SUCCESS(rc))
{
*pcProcs = cProcesses;
}
else
}
else
rc = VERR_NO_MEMORY;
}
return rc;
}
/**
* Frees the process structures returned by
* VBoxServiceVMInfoWinProcessesEnumerate() before.
*
* @param paProcs What
*/
{
}
/**
* Determines whether the specified session has processes on the system.
*
* @returns Number of processes found for a specified session.
* @param pSession The session.
* @param paProcs The process snapshot.
* @param cProcs The number of processes in the snaphot.
* @param puSession Looked up session number. Optional.
*/
{
if (!pSession)
{
return 0;
}
if (rcNt != STATUS_SUCCESS)
{
return 0;
}
/*
* session. So check if we have some processes bound to it by comparing the
* session <-> process LUIDs.
*/
{
if (g_cVerbosity)
{
if (RT_SUCCESS(rc2))
}
if ( paProcs[i].fInteractive
{
cNumProcs++;
if (!g_cVerbosity) /* We want a bit more info on higher verbosity. */
break;
}
}
if (g_cVerbosity)
else
if (puSession)
return cNumProcs;
}
/**
* Save and noisy string copy.
*
* @param pwszDst Destination buffer.
* @param cbDst Size in bytes - not WCHAR count!
* @param pSrc Source string.
* @param pszWhat What this is. For the log.
*/
static void VBoxServiceVMInfoWinSafeCopy(PWCHAR pwszDst, size_t cbDst, LSA_UNICODE_STRING const *pSrc, const char *pszWhat)
{
{
VBoxServiceVerbose(0, "%s is too long - %u bytes, buffer %u bytes! It will be truncated.\n",
}
if (cbCopy)
}
/**
* Detects whether a user is logged on.
*
* @returns true if logged in, false if not (or error).
* @param pUserInfo Where to return the user information.
* @param pSession The session to check.
*/
{
AssertPtrReturn(pUserInfo, false);
if (!pSession)
return false;
if (rcNt != STATUS_SUCCESS)
{
switch (ulError)
{
case ERROR_NOT_ENOUGH_MEMORY:
/* If we don't have enough memory it's hard to judge whether the specified user
break;
/* Skip session data which is not valid anymore because it may have been
* already terminated. */
break;
default:
break;
}
if (pSessionData)
return false;
}
if (!pSessionData)
{
VBoxServiceError("Invalid logon session data!\n");
return false;
}
/*
* Only handle users which can login interactively or logged in
* remotely over native RDP.
*/
bool fFoundUser = false;
{
/*
* Copy out relevant data.
*/
VBoxServiceVMInfoWinSafeCopy(pUserInfo->wszAuthenticationPackage, sizeof(pUserInfo->wszAuthenticationPackage),
if (!LookupAccountSid(NULL,
&enmOwnerType))
{
/*
* If a network time-out prevents the function from finding the name or
* if a SID that does not have a corresponding account name (such as a
* logon SID that identifies a logon session), we get ERROR_NONE_MAPPED
* here that we just skip.
*/
if (dwErr != ERROR_NONE_MAPPED)
VBoxServiceError("Failed looking up account info for user=%ls, error=$ld!\n",
}
else
{
{
/* Detect RDP sessions as well. */
int iState = -1;
&pBuffer,
&cbRet))
{
if (cbRet)
{
/** @todo On Vista and W2K, always "old" user name are still
* there. Filter out the old one! */
fFoundUser = true;
}
if (pBuffer)
}
else
{
switch (dwLastErr)
{
/*
* Terminal services don't run (for example in W2K,
* nothing to worry about ...). ... or is on the Vista
* fast user switching page!
*/
break;
default:
break;
}
fFoundUser = true;
}
}
}
}
return fFoundUser;
}
/**
* Retrieves the currently logged in users and stores their names along with the
* user count.
*
* @returns VBox status code.
* @param ppszUserList Where to store the user list (separated by commas).
* Must be freed with RTStrFree().
* @param pcUsersInList Where to store the number of users in the list.
*/
{
/* This function can report stale or orphaned interactive logon sessions
of already logged off users (especially in Windows 2000). */
if (rcNt != STATUS_SUCCESS)
{
switch (ulError)
{
case ERROR_NOT_ENOUGH_MEMORY:
VBoxServiceError("Not enough memory to enumerate logon sessions!\n");
break;
/* If we're about to shutdown when we were in the middle of enumerating the logon
* sessions, skip the error to not confuse the user with an unnecessary log message. */
break;
default:
break;
}
return RTErrConvertFromWin32(ulError);
}
if (RT_FAILURE(rc))
{
if (rc == VERR_NO_MEMORY)
VBoxServiceError("Not enough memory to enumerate processes\n");
else
}
else
{
if (!pUserInfo)
VBoxServiceError("Not enough memory to store enumerated users!\n");
else
{
ULONG cUniqueUsers = 0;
{
{
/* Retrieve assigned processes of current session. */
uint32_t cSessionProcs = VBoxServiceVMInfoWinSessionHasProcesses(&paSessions[i], paProcs, cProcs, &ulSession);
/* Don't return here when current session does not have assigned processes
* anymore -- in that case we have to search through the unique users list below
bool fFoundUser = false;
for (ULONG i = 0; i < cUniqueUsers; i++)
{
&& cSessionProcs)
{
/*
* Only respect the highest session for the current user.
*/
{
if (!cSessionProcs)
}
/* There can be multiple session objects using the same session ID for the
* current user -- so when we got the same session again just add the found
* processes to it. */
{
}
fFoundUser = true;
break;
}
}
if (!fFoundUser)
{
cUniqueUsers++;
}
}
}
*pcUsersInList = 0;
for (ULONG i = 0; i < cUniqueUsers; i++)
{
if (pUserInfo[i].ulNumProcs)
{
if (*pcUsersInList > 0)
{
}
*pcUsersInList += 1;
char *pszTemp;
if (RT_SUCCESS(rc2))
{
}
else
}
}
}
}
return rc;
}
#endif /* TARGET_NT4 */
{
int rc;
/* ASSUME: szSysDir and szWinDir and derivatives are always ASCII compatible. */
#ifdef RT_ARCH_AMD64
#endif
/* The file information table. */
#ifndef TARGET_NT4
const VBOXSERVICEVMINFOFILE aVBoxFiles[] =
{
{ szSysDir, "VBoxControl.exe" },
{ szSysDir, "VBoxHook.dll" },
{ szSysDir, "VBoxDisp.dll" },
{ szSysDir, "VBoxMRXNP.dll" },
{ szSysDir, "VBoxService.exe" },
{ szSysDir, "VBoxTray.exe" },
{ szSysDir, "VBoxGINA.dll" },
{ szSysDir, "VBoxCredProv.dll" },
/* On 64-bit we don't yet have the OpenGL DLLs in native format.
So just enumerate the 32-bit files in the SYSWOW directory. */
# ifdef RT_ARCH_AMD64
{ szSysWowDir, "VBoxOGLarrayspu.dll" },
{ szSysWowDir, "VBoxOGLcrutil.dll" },
{ szSysWowDir, "VBoxOGLerrorspu.dll" },
{ szSysWowDir, "VBoxOGLpackspu.dll" },
{ szSysWowDir, "VBoxOGLpassthroughspu.dll" },
{ szSysWowDir, "VBoxOGLfeedbackspu.dll" },
{ szSysWowDir, "VBoxOGL.dll" },
# else /* !RT_ARCH_AMD64 */
{ szSysDir, "VBoxOGLarrayspu.dll" },
{ szSysDir, "VBoxOGLcrutil.dll" },
{ szSysDir, "VBoxOGLerrorspu.dll" },
{ szSysDir, "VBoxOGLpackspu.dll" },
{ szSysDir, "VBoxOGLpassthroughspu.dll" },
{ szSysDir, "VBoxOGLfeedbackspu.dll" },
{ szSysDir, "VBoxOGL.dll" },
# endif /* !RT_ARCH_AMD64 */
{ szDriversDir, "VBoxGuest.sys" },
{ szDriversDir, "VBoxMouse.sys" },
{ szDriversDir, "VBoxSF.sys" },
{ szDriversDir, "VBoxVideo.sys" },
};
#else /* TARGET_NT4 */
const VBOXSERVICEVMINFOFILE aVBoxFiles[] =
{
{ szSysDir, "VBoxControl.exe" },
{ szSysDir, "VBoxHook.dll" },
{ szSysDir, "VBoxDisp.dll" },
{ szSysDir, "VBoxServiceNT.exe" },
{ szSysDir, "VBoxTray.exe" },
{ szDriversDir, "VBoxGuestNT.sys" },
{ szDriversDir, "VBoxMouseNT.sys" },
{ szDriversDir, "VBoxVideo.sys" },
};
#endif /* TARGET_NT4 */
for (unsigned i = 0; i < RT_ELEMENTS(aVBoxFiles); i++)
{
char szVer[128];
VBoxServiceGetFileVersionString(aVBoxFiles[i].pszFilePath, aVBoxFiles[i].pszFileName, szVer, sizeof(szVer));
char szPropPath[256];
RTStrPrintf(szPropPath, sizeof(szPropPath), "/VirtualBox/GuestAdd/Components/%s", aVBoxFiles[i].pszFileName);
}
return VINF_SUCCESS;
}