func CreateContesterDesktop() (winsta win32.Hwinsta, desk win32.Hdesk, name string, err error) { var origWinsta win32.Hwinsta if origWinsta, err = win32.GetProcessWindowStation(); err != nil { return } runtime.LockOSThread() defer runtime.UnlockOSThread() var origDesktop win32.Hdesk if origDesktop, err = win32.GetThreadDesktop(win32.GetCurrentThreadId()); err != nil { return } if winsta, err = win32.CreateWindowStation( syscall.StringToUTF16Ptr(threadIdName("w")), 0, win32.MAXIMUM_ALLOWED, win32.MakeInheritSa()); err != nil { return } if err = win32.SetProcessWindowStation(winsta); err != nil { win32.CloseWindowStation(winsta) return } var winstaName string if winstaName, err = win32.GetUserObjectName(syscall.Handle(winsta)); err == nil { shortName := threadIdName("c") desk, err = win32.CreateDesktop( syscall.StringToUTF16Ptr(shortName), nil, 0, 0, syscall.GENERIC_ALL, win32.MakeInheritSa()) if err == nil { name = winstaName + "\\" + shortName } } win32.SetProcessWindowStation(origWinsta) win32.SetThreadDesktop(origDesktop) if err != nil { return } everyone, err := syscall.StringToSid("S-1-1-0") if err == nil { if err = win32.AddAceToWindowStation(winsta, everyone); err != nil { log.Error(err) } if err = win32.AddAceToDesktop(desk, everyone); err != nil { log.Error(err) } } else { err = os.NewSyscallError("StringToSid", err) } return }
func InjectDll(d *SubprocessData, loadLibraryW uintptr, dll string) error { if int(loadLibraryW) == 0 { return nil } ec := tools.ErrorContext("InjectDll") log.Debug("InjectDll: Injecting library %s with call to %d", dll, loadLibraryW) name, err := syscall.UTF16FromString(dll) if err != nil { return ec.NewError(err, ERR_USER, "UTF16FromString") } nameLen := uint32((len(name) + 1) * 2) remoteName, err := win32.VirtualAllocEx(d.platformData.hProcess, 0, nameLen, win32.MEM_COMMIT, win32.PAGE_READWRITE) if err != nil { return ec.NewError(err) } defer win32.VirtualFreeEx(d.platformData.hProcess, remoteName, 0, win32.MEM_RELEASE) _, err = win32.WriteProcessMemory(d.platformData.hProcess, remoteName, unsafe.Pointer(&name[0]), nameLen) if err != nil { return ec.NewError(err) } thread, _, err := win32.CreateRemoteThread(d.platformData.hProcess, win32.MakeInheritSa(), 0, loadLibraryW, remoteName, 0) if err != nil { return ec.NewError(err) } defer syscall.CloseHandle(thread) wr, err := syscall.WaitForSingleObject(thread, syscall.INFINITE) if err != nil { return ec.NewError(os.NewSyscallError("WaitForSingleObject", err)) } if wr != syscall.WAIT_OBJECT_0 { return ec.NewError(fmt.Errorf("Unexpected wait result %s", wr)) } return nil }