|
|
/*++
Copyright (c) 1998 Microsoft Corporation
Module Name:
sfcp.h
Abstract:
Implementation of protected DLLs.
This works by caching a set of dlls in a system directory and then synchronizing the cache with the target file locations. The process is driven by a list of protected dlls which is retrieved from a dll at runtime. Each entry contains a full path to the target file.
Author:
Wesley Witt (wesw) 18-Dec-1998
Revision History: Andrew Ritz (andrewr) 2-Jul-1999 : added comments
--*/
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <ntsm.h>
#include <ntlsa.h>
#include <ntrpcp.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <nturtl.h>
#include <windows.h>
#include <setupapi.h>
#include <spapip.h>
#include <elfkrnl.h>
#include <newexe.h>
#include <wincrypt.h>
#include <mscat.h>
#include <softpub.h>
#include <wintrust.h>
#include <sfcapip.h>
#include <sfcapi.h>
#include "sxsapi.h"
#include "resource.h"
#include "btree.h"
#include "msg.h"
#include "sfcfiles.h"
#pragma warning(3:4101) // Unreferenced local variable
//
// public definitions
//
#define SFC_SHOW_REGISTRY_DATA 1
#define SFC_PROT_VERBOSE_DEBUG 1
#define FILE_NOTIFY_FLAGS (FILE_NOTIFY_CHANGE_NAME | \
FILE_NOTIFY_CHANGE_SIZE | \ FILE_NOTIFY_CHANGE_LAST_WRITE | \ FILE_NOTIFY_CHANGE_CREATION | \ FILE_NOTIFY_CHANGE_STREAM_SIZE | \ FILE_NOTIFY_CHANGE_STREAM_WRITE)
#if DBG
#define MYASSERT( exp ) \
if (!(exp)) \ RtlAssert( #exp, __FILE__, __LINE__, NULL )
#else
#define MYASSERT( exp )
#endif // DBG
//
// this is a free space buffer of 150 MB
//
#define SFC_REQUIRED_FREE_SPACE (600)
#define ONE_MEG (1024*1024)
#define WATCH_BUFFER_SIZE 4096
#define VALUE_BUFFER_SIZE (sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 256 * sizeof(WCHAR))
#define SHARE_ALL (FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE)
//
// macros
//
#define SecToNano(_sec) (DWORDLONG)((_sec) * 1000 * 1000 * 10)
#define MinToNano(_min) SecToNano((_min)*60)
#define UnicodeChars(_var) (sizeof(_var)/sizeof(WCHAR))
#define UnicodeLen(_var) (wcslen(_var)*sizeof(WCHAR))
#define ARRAY_LENGTH(arr) (sizeof(arr) / sizeof((arr)[0])) // count of elements in an array
#define LODWORD(l) ((ULONG)((DWORD_PTR)(l) & 0xffffffff))
#define HIDWORD(l) ((ULONG)((DWORD_PTR)(l) >> 32))
#define MIN(_first,_second) ((_first < _second) ? _first : _second)
#define HideWindow(_hwnd) SetWindowLong((_hwnd),GWL_STYLE,GetWindowLong((_hwnd),GWL_STYLE)&~WS_VISIBLE)
#define FileNameOnMedia(_RegVal) ( _RegVal->OriginalFileName[0] \
? _RegVal->OriginalFileName \ : _RegVal->SourceFileName.Buffer \ ? _RegVal->SourceFileName.Buffer \ : _RegVal->FileName.Buffer )
#define SpecialFileNameOnMedia(_RegVal) ( _RegVal->SourceFileName.Buffer \
? _RegVal->SourceFileName.Buffer \ : _RegVal->FileName.Buffer )
#define TAGFILE(_si) ((_si->Flags & SI_FLAG_USEDRIVER_CACHE) ? _si->DriverCabName : _si->TagFile)
#if defined(_AMD64_)
#define PLATFORM_DIR L"\\amd64"
#define PLATFORM_NAME L"amd64"
#elif defined(_X86_)
#define PLATFORM_NAME (IsNEC_98 ? L"nec98" : L"i386")
#define PLATFORM_DIR (IsNEC_98 ? L"\\nec98" : L"\\i386")
#elif defined(_IA64_)
#define PLATFORM_DIR L"\\ia64"
#define PLATFORM_NAME L"ia64"
#endif
#define SFC_INCLUDE_SUBDIRECTORY TRUE
#define SFC_INCLUDE_ARCHSUBDIR TRUE
#define SFC_DISABLE_QUIET 0xffffff9d // -99
#define SFC_VRD_SIGNATURE 0x69696969 // signature value
#define SFC_QUEUE_STALL 5 // in seconds
#define SFC_QUEUE_WAIT 5 // in seconds
#define PATH_INVALID 0
#define PATH_LOCAL 1
#define PATH_UNC 2
#define PATH_NETWORK 3
#define PATH_CDROM 4
#define KernelDebuggerEnabled ((USER_SHARED_DATA->KdDebuggerEnabled&3)==3)
#define WM_WFPENDDIALOG WM_APP+69
voiddprintf( IN ULONG Level, IN PCWSTR FileName, IN ULONG LineNumber, IN PCWSTR FormatStr, IN ... );
#define LVL_VERBOSE 10
#define LVL_MEDIUM 5
#define LVL_MINIMAL 1
#define LVL_SILENT 0
//
// must keep the call to dprintf in all builds
//
#define DebugPrint(_lvl_,_fmt_) dprintf(_lvl_,TEXT(__FILE__),__LINE__,_fmt_)
#define DebugPrint1(_lvl_,_fmt_,_arg1_) dprintf(_lvl_,TEXT(__FILE__),__LINE__,_fmt_,_arg1_)
#define DebugPrint2(_lvl_,_fmt_,_arg1_,_arg2_) dprintf(_lvl_,TEXT(__FILE__),__LINE__,_fmt_,_arg1_,_arg2_)
#define DebugPrint3(_lvl_,_fmt_,_arg1_,_arg2_,_arg3_) dprintf(_lvl_,TEXT(__FILE__),__LINE__,_fmt_,_arg1_,_arg2_,_arg3_)
#define DebugPrint4(_lvl_,_fmt_,_arg1_,_arg2_,_arg3,_arg4_) dprintf(_lvl_,TEXT(__FILE__),__LINE__,_fmt_,_arg1_,_arg2_,_arg3, _arg4_)
#define DebugPrint5(_lvl_,_fmt_,_arg1_,_arg2_,_arg3, _arg4, _arg5_) dprintf(_lvl_,TEXT(__FILE__),__LINE__,_fmt_,_arg1_,_arg2_,_arg3, _arg4, _arg5_)
#define DebugPrint6(_lvl_,_fmt_,_arg1_,_arg2_,_arg3, _arg4, _arg5, _arg6_) dprintf(_lvl_,TEXT(__FILE__),__LINE__,_fmt_,_arg1_,_arg2_,_arg3, _arg4, _arg5, _arg6_)
#define DebugPrint7(_lvl_,_fmt_,_arg1_,_arg2_,_arg3, _arg4, _arg5, _arg6, _arg7_) dprintf(_lvl_,TEXT(__FILE__),__LINE__,_fmt_,_arg1_,_arg2_,_arg3, _arg4, _arg5, _arg6, _arg7_)
#define DebugPrint8(_lvl_,_fmt_,_arg1_,_arg2_,_arg3, _arg4, _arg5, _arg6, _arg7_, _arg8_) dprintf(_lvl_,TEXT(__FILE__),__LINE__,_fmt_,_arg1_,_arg2_,_arg3, _arg4, _arg5, _arg6, _arg7_, _arg8_)
//
// this hash function was taken from the ntfs driver
//
#define FILENAME_STRING_CONVERT_CONSTANT 314159269 // default value for "scrambling constant"
#define FILENAME_STRING_PRIME 1000000007 // prime number, also used for scrambling
#define HASH_DYN_CONVERT_KEY(_pustr,_len,_phash) \
{ \ PCWSTR _p = _pustr; \ PCWSTR _ep = _p + _len; \ ULONG _chHolder =0; \ while( _p < _ep ) { \ _chHolder = 37 * _chHolder + (unsigned int) (*_p++); \ } \ *(_phash) = abs(FILENAME_STRING_CONVERT_CONSTANT * _chHolder) % FILENAME_STRING_PRIME; \ }
#define PARENT_WND_CLASS L"SFC Parent Window Class"
#define SFC_RPC_ENDPOINT L"SfcApi"
#define REGKEY_WINLOGON L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
#define REGKEY_WINLOGON_WIN32 L"Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
#define REGKEY_SAFEBOOT L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Safeboot\\Option"
#define REGKEY_POLICY L"\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\Windows File Protection"
#define REGKEY_POLICY_SETUP L"\\Registry\\Machine\\Software\\Policies\\Microsoft\\Windows NT\\Setup"
#define REGKEY_SETUP_FULL L"\\Registry\\Machine\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup"
#define REGKEY_SETUP L"Software\\Microsoft\\Windows\\CurrentVersion\\Setup"
#define REGKEY_WINDOWS L"\\Registry\\Machine\\Software\\Microsoft\\Windows\\CurrentVersion"
#define REGKEY_SESSIONMANAGERSFC L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Session Manager\\SFC"
#define REGKEY_SESSIONMANAGER L"System\\CurrentControlSet\\Control\\Session Manager"
#define REGVAL_SFCDEBUG L"SfcDebug"
#define REGVAL_SFCDISABLE L"SfcDisable"
#define REGVAL_SFCSCAN L"SfcScan"
#define REGVAL_SFCQUOTA L"SfcQuota"
#define REGVAL_SFCSHOWPROGRESS L"SfcShowProgress"
#ifdef SFCLOGFILE
#define REGVAL_SFCCHANGELOG L"SfcChangeLog"
#endif
#define REGVAL_SFCSTALL L"SfcStall"
#define REGVAL_SFCDLLCACHEDIR L"SfcDllCacheDir"
#define REGVAL_OPTIONVALUE L"OptionValue"
#define REGVAL_SOURCEPATH L"SourcePath"
#define REGVAL_SERVICEPACKSOURCEPATH L"ServicePackSourcePath"
#define REGVAL_DRIVERCACHEPATH L"DriverCachePath"
#define REGVAL_PENDINGFILERENAMES L"PendingFileRenameOperations"
#define REGVAL_WFPPENDINGUPDATES L"SfcPendingUpdates"
// this is used by the system restore
#define REGVAL_SFCRESTORED L"SFCRestored"
// the path to the log file
#define REGVAL_SFCLOGFILE L"SFCLogFile"
#define REGVAL_SFCLOGFILE_DEFAULT L"%systemroot%\\SFCLog.txt"
#define DLLCACHE_DIR_DEFAULT L"%SystemRoot%\\system32\\DllCache"
typedef struct _SOURCE_INFO { WCHAR SourceFileName[MAX_PATH]; WCHAR SourceRootPath[MAX_PATH]; WCHAR SourcePath[MAX_PATH]; WCHAR TagFile[MAX_PATH]; WCHAR Description[MAX_PATH]; ULONG SetupAPIFlags; UINT SourceId; DWORD Flags; WCHAR DriverCabName[MAX_PATH]; struct _VALIDATION_REQUEST_DATA *ValidationRequestData;} SOURCE_INFO, *PSOURCE_INFO;
//
// define valid flags for SOURCE_INFO.Flags
//
#define SI_FLAG_USEDRIVER_CACHE 0x00000001
#define SI_FLAG_USERESTORE_QUEUE 0x00000002
#define SI_FLAG_SILENT_QUEUE 0x00000004
typedef struct _FILE_COPY_INFO { PVOID MsgHandlerContext; BOOL UIShown; BOOL AllowUI; WCHAR NewPath[MAX_PATH*2]; PFILEINSTALL_STATUS CopyStatus; HANDLE hWnd; BOOL CdRomOnly; DWORD Flags; DWORD FileCount; PSOURCE_INFO *si;} FILE_COPY_INFO, *PFILE_COPY_INFO;
//
// define valid flags for FILE_COPY_INFO.Flags
//
#define FCI_FLAG_USERESTORE_QUEUE 0x00000001
#define FCI_FLAG_SILENT_QUEUE 0x00000002
#define FCI_FLAG_COPY_TO_CACHE 0x00000004
#define FCI_FLAG_INSTALL_PROTECTED 0x00000008
#define FCI_FLAG_RESTORE_FILE 0x00000010
//
// This is the timeout when waitiing all WFP threads to shutdown (1 minute)
//
#define SFC_THREAD_SHUTDOWN_TIMEOUT 60000
typedef struct _PROMPT_INFO { PWSTR NewPath; PCWSTR SourceFileName; PCWSTR SourcePath; PSOURCE_INFO si; BOOL NetPrompt; DWORD Flags;} PROMPT_INFO, *PPROMPT_INFO;//
// define valid flags for PROMPT_INFO.Flags
//
#define PI_FLAG_USERESTORE_QUEUE 0x00000001
#define PI_FLAG_SILENT_QUEUE 0x00000002
#define PI_FLAG_COPY_TO_CACHE 0x00000004
#define PI_FLAG_INSTALL_PROTECTED 0x00000008
#define PI_FLAG_RESTORE_FILE 0x00000010
typedef struct _SCAN_PARAMS { HWND ProgressWindow; BOOL AllowUI; BOOL FreeMemory;} SCAN_PARAMS, *PSCAN_PARAMS;
typedef struct _RESTORE_QUEUE { RTL_CRITICAL_SECTION CriticalSection; HSPFILEQ FileQueue; ULONG QueueCount; BOOL RestoreInProgress; BOOL RestoreComplete; BOOL RestoreStatus; DWORD LastErrorCode; HANDLE WorkerThreadHandle; FILE_COPY_INFO FileCopyInfo;} RESTORE_QUEUE, * PRESTORE_QUEUE;
//
// descibes a file's version information for display in the eventlog, etc.
//
typedef struct _FILE_VERSION_INFO { WORD Revision; WORD BuildNumber; WORD VersionLow; WORD VersionHigh;} FILE_VERSION_INFO, *PFILE_VERSION_INFO;
//
// describes a given file on disk
//
typedef struct _IMAGE_VALIDATION_DATA { ULONGLONG DllVersion; ULONG DllCheckSum; BOOL SignatureValid; BOOL FilePresent; // is file present on disk?
WCHAR FileName[32];} IMAGE_VALIDATION_DATA, *PIMAGE_VALIDATION_DATA;
//
// describes a file on disk, in dllcache, etc.
//
typedef struct _COMPLETE_VALIDATION_DATA { IMAGE_VALIDATION_DATA Original; IMAGE_VALIDATION_DATA Cache; IMAGE_VALIDATION_DATA New; BOOL RestoreFromReal; BOOL RestoreFromCache; BOOL RestoreFromMedia; BOOL NotifyUser; BOOL BadCacheEntry; ULONG EventLog;} COMPLETE_VALIDATION_DATA, *PCOMPLETE_VALIDATION_DATA;
//
// describes a given file in the system
//
typedef struct _SFC_REGISTRY_VALUE { LIST_ENTRY Entry; UNICODE_STRING FileName; UNICODE_STRING DirName; UNICODE_STRING FullPathName; UNICODE_STRING InfName; UNICODE_STRING SourceFileName; WCHAR OriginalFileName[128]; HANDLE DirHandle;
//
// This is dropped in here from WinSxs (jonwis) - tally up some
// useful information about the directories they want to watch.
// This should be NULL otherwise.
//
PVOID pvWinSxsCookie;
//
// Other flags used by the SFC/SXS interaction, specifically
// whether or not the directory should be watched recursively
// or not.
//
DWORD dwWinSxsFlags;
} SFC_REGISTRY_VALUE, *PSFC_REGISTRY_VALUE;
//
// describes a given directory that we're watching for changes in
//
typedef struct _DIRECTORY_WATCH_DATA { HANDLE DirHandle; HANDLE DirEvent; IO_STATUS_BLOCK Iosb; PUCHAR WatchBuffer; PSFC_REGISTRY_VALUE WatchDirectory;} DIRECTORY_WATCH_DATA, *PDIRECTORY_WATCH_DATA;
//
// describes a file that needs to be replaced
//
typedef struct _VALIDATION_REQUEST_DATA { LIST_ENTRY Entry; ULONG Signature; COMPLETE_VALIDATION_DATA ImageValData; PSFC_REGISTRY_VALUE RegVal;
//
// records the source information for this
// file
//
SOURCE_INFO SourceInfo;
ULONG ChangeType; //
// indicates that the file has been validated
// and the good file copied back
//
BOOL CopyCompleted;
//
// indicates win32 error code if an error occurs while
// restoring the file
//
DWORD Win32Error;
//
// this flag prevents the validator from logging
// file changes when we have to put a file into the cache
//
BOOL SyncOnly; //
// in case of errors we need to track the
// count so we don't loop on one file forever
//
DWORD RetryCount;
//
// flags for validation request item
//
DWORD Flags;
//
// this value contains a tick count and is
// used to pause the queue for a specific file.
// this is necessary so that rename/copy operations
// can work properly.
//
ULONG NextValidTime;
} VALIDATION_REQUEST_DATA, *PVALIDATION_REQUEST_DATA;
//
// define valid flags for VALIDATION_REQUEST_DATA.Flags
//
#define VRD_FLAG_REQUEST_PROCESSED 0x00000001
#define VRD_FLAG_REQUIRE_UI 0x00000002
#define VRD_FLAG_REQUEST_QUEUED 0x00000004
typedef struct _WATCH_THREAD_PARAMS { PHANDLE HandleList; DWORD HandleCount; PDIRECTORY_WATCH_DATA DirectoryWatchList;} WATCH_THREAD_PARAMS, *PWATCH_THREAD_PARAMS;
//
// Describes a system dialog that may be brought up. We need a structure to keep
// track of the windows so that we can tear them down on logoff or system
// shutdown
//
typedef struct _SFC_WINDOW_DATA { LIST_ENTRY Entry; HWND hWnd; DWORD ThreadId; //HANDLE hEvent;
} SFC_WINDOW_DATA, *PSFC_WINDOW_DATA;
//
// externs
//
extern PSFC_REGISTRY_VALUE SfcProtectedDllsList;extern ULONG SfcProtectedDllCount;extern HMODULE SfcInstanceHandle;extern LIST_ENTRY SfcErrorQueue;extern HANDLE ErrorQueuePort;extern HANDLE hErrorThread;extern HANDLE ErrorQueueEvent;extern ULONG ErrorQueueCount;extern HANDLE SfcProtectedDllFileDirectory;extern RTL_CRITICAL_SECTION ErrorCs;extern ULONG SFCDisable;extern ULONG SFCScan;extern ULONGLONG SFCQuota;extern ULONG SFCNoPopUps;extern ULONG SFCNoPopUpsPolicy;extern WORD SFCDebugDump;extern WORD SFCDebugLog;extern WCHAR g_szLogFile[MAX_PATH];#ifdef SFCLOGFILE
extern ULONG SFCChangeLog;#endif
extern ULONG SFCStall;extern ULONG SFCSafeBootMode;extern HANDLE hEventDeskTop;extern HANDLE hEventLogon;extern HANDLE hEventLogoff;extern UNICODE_STRING SfcProtectedDllPath;extern LIST_ENTRY SfcWatchDirectoryList;extern GUID DriverVerifyGuid;extern HANDLE WatchTermEvent;extern HANDLE ValidateTermEvent;extern HANDLE WatcherThread;#if DBG
extern HANDLE SfcDebugBreakEvent;extern ULONG RunningAsTest;#endif
extern WCHAR LoggedOnUserName[MAX_PATH];extern BOOL UserLoggedOn;extern HANDLE hEventScanCancel;extern HANDLE hEventScanCancelComplete;extern WCHAR OsSourcePath[MAX_PATH*2];extern WCHAR ServicePackSourcePath[MAX_PATH*2];extern WCHAR DriverCacheSourcePath[MAX_PATH*2];extern WCHAR InfDirectory[MAX_PATH];extern BOOL ScanInProgress;extern HANDLE hEventSrc;extern BOOL g_bCryptoInitialized;extern RTL_CRITICAL_SECTION g_GeneralCS;extern DWORD g_dwValidationThreadID;extern DWORD m_gulAfterRestore;extern ULONG* IgnoreNextChange;extern ULARGE_INTEGER LastExemptionTime;
//
// This event is signalled when WFP is idle and no longer processing any
// validation requests. An external process can synchronize on this process
// so that it knows WFP is idle before shutting down the system
//
extern HANDLE hEventIdle;
//
// set to TRUE if SFC prompted the user for credentials
//
extern BOOL SFCLoggedOn;
//
// path to the network share that we established network connection to
//
extern WCHAR SFCNetworkLoginLocation[MAX_PATH];
extern RESTORE_QUEUE SilentRestoreQueue;extern RESTORE_QUEUE UIRestoreQueue;
//
// keeps track of windows that SFC creates in the system.
//
extern LIST_ENTRY SfcWindowList;
//
// handles to user's desktop and token
//
extern HDESK hUserDesktop;extern HANDLE hUserToken;
//
// indicates if WFP can receive anymore validation requests or not.
//
extern BOOL ShuttingDown;
//
// HINSTANCE of a (possibly) loaded Sxs.dll for notification purposes
//
extern HMODULE SxsDllInstance;
//
// This function gets called back when a change is noticed in the SXS
// protected functions.
//
extern PSXS_PROTECT_NOTIFICATION SxsNotification;
//
// This function is called once to let SXS offer a list of protected
// directories.
//
extern PSXS_PROTECT_RETRIEVELISTS SxsGatherLists;
//
// Notification functions for logon/logoff events to let SXS do whatever
// they need to.
//
extern PSXS_PROTECT_LOGIN_EVENT SxsLogonEvent;extern PSXS_PROTECT_LOGIN_EVENT SxsLogoffEvent;
//
// Single-shot scanner function to let SxS do its own scanning routine.
//
extern PSXS_PROTECT_SCAN_ONCE SxsScanForcedFunc;
//
// prototypes
//
BOOLWINAPICryptCATAdminAcquireContext( OUT HCATADMIN *phCatAdmin, IN const GUID *pgSubsystem, IN DWORD dwFlags );
BOOLWINAPICryptCATAdminReleaseContext( IN HCATADMIN hCatAdmin, IN DWORD dwFlags );
BOOLWINAPICryptCATAdminCalcHashFromFileHandle( IN HANDLE hFile, IN OUT DWORD *pcbHash, OUT OPTIONAL BYTE *pbHash, IN DWORD dwFlags );
HCATINFOWINAPICryptCATAdminEnumCatalogFromHash( IN HCATADMIN hCatAdmin, IN BYTE *pbHash, IN DWORD cbHash, IN DWORD dwFlags, IN OUT HCATINFO *phPrevCatInfo );
LONGWINAPIWinVerifyTrust( HWND hwnd, GUID *pgActionID, LPVOID pWVTData );
BOOLWINAPICryptCATCatalogInfoFromContext( IN HCATINFO hCatInfo, IN OUT CATALOG_INFO *psCatInfo, IN DWORD dwFlags );
BOOLWINAPICryptCATAdminReleaseCatalogContext( IN HCATADMIN hCatAdmin, IN HCATINFO hCatInfo, IN DWORD dwFlags );
//
// Imports from sfcfiles.dll (loaded dynamically)
//
typedef NTSTATUS (*PSFC_GET_FILES)( OUT PPROTECT_FILE_ENTRY *Files, OUT PULONG FileCount );
PVOIDSfcGetProcAddress( HMODULE hModule, LPSTR ProcName );
HMODULESfcLoadLibrary( IN PCWSTR LibFileName );
NTSTATUSSfcOpenFile( IN PUNICODE_STRING FileName, IN HANDLE DirHandle, IN ULONG SharingFlags, OUT PHANDLE FileHandle );
HANDLESfcCreateDir( IN PCWSTR DirName, IN BOOL UseCompression );
HANDLESfcOpenDir( BOOL IsDosName, BOOL IsSynchronous, PCWSTR DirName );
BOOLSfcValidateDLL( IN PVALIDATION_REQUEST_DATA vrd, IN HCATADMIN hCatAdmin );
BOOLSfcValidateFileSignature( IN HCATADMIN hCatAdmin, IN HANDLE RealFileHandle, IN PCWSTR BaseFileName, IN PCWSTR CompleteFileName );
#if DBG
VOIDPrintHandleCount( PCWSTR str );#endif
NTSTATUSSfcCopyFile( IN HANDLE SrcDirHandle, IN PCWSTR SrcDirName, IN HANDLE DstDirHandle, IN PCWSTR DstDirName, IN const PUNICODE_STRING FileName, IN const PUNICODE_STRING SourceFileName OPTIONAL );
NTSTATUSSfcMoveFileDelayed( IN PCWSTR OldFileNameDos, IN PCWSTR NewFileNameDos, IN BOOL AllowProtectedRename );
BOOLSfcReportEvent( IN ULONG EventId, IN PCWSTR FileName, IN PCOMPLETE_VALIDATION_DATA ImageValData, IN DWORD LastError OPTIONAL );
//ULONGLONG
//SfcGetFileVersion(
// IN HANDLE FileHandle,
// OUT PULONG CheckSum,
// OUT PWSTR FileName
// );
BOOLSfcGetFileVersion( IN HANDLE FileHandle, OUT PULONGLONG Version, OUT PULONG Checksum, OUT PWSTR FileName );
NTSTATUSSfcMapEntireFile( IN HANDLE hFile, OUT PHANDLE Section, OUT PVOID *ViewBase, OUT PSIZE_T ViewSize );
BOOLSfcUnmapFile( IN HANDLE Section, IN PVOID ViewBase );
NTSTATUSLoadCrypto( VOID );
NTSTATUSSfcScanProtectedDlls( PSCAN_PARAMS ScanParams );
NTSTATUSSfcStartProtectedDirectoryWatch( void );
BOOLSfcBuildDirectoryWatchList( void );
NTSTATUSSfcDeleteFile( HANDLE DirHandle, PUNICODE_STRING FileName );
BOOLSfcRestoreFileFromInstallMedia( IN PVALIDATION_REQUEST_DATA vrd, IN PCWSTR FileName, IN PCWSTR TargetFileName, IN PCWSTR TargetDirectory, IN PCWSTR SourceFileName, IN PCWSTR InfName, IN BOOL ExcepPackFile, IN BOOL TargetIsCache, IN BOOL AllowUI, OUT PDWORD UIShown );
DWORDMyMessageBox( HWND hwndParent, DWORD ResId, DWORD MsgBoxType, ... );
ULONGSfcQueryRegDword( IN PCWSTR KeyNameStr, IN PCWSTR ValueNameStr, IN ULONG DefaultValue );
ULONGSfcQueryRegDwordWithAlternate( IN PCWSTR FirstKey, IN PCWSTR SecondKey, IN PCWSTR ValueNameStr, IN ULONG DefaultValue );
PVOIDMemAlloc( SIZE_T AllocSize );
PVOIDMemReAlloc( SIZE_T AllocSize, PVOID OrigPtr );
VOIDMemFree( PVOID MemPtr );
ULONGSfcWriteRegDword( PCWSTR KeyNameStr, PCWSTR ValueNameStr, ULONG Value );
ULONGSfcWriteRegString( PCWSTR KeyNameStr, PCWSTR ValueNameStr, PCWSTR Value );
BOOLEnablePrivilege( IN PCTSTR PrivilegeName, IN BOOL Enable );
PVOIDSfcFindProtectedFile( IN PCWSTR FileName, IN ULONG FileNameLength // in characters
);
PWSTRSfcQueryRegString( IN PCWSTR KeyNameStr, IN PCWSTR ValueNameStr );
ULONGSfcQueryRegPath( IN PCWSTR KeyNameStr, IN PCWSTR ValueNameStr, IN PCWSTR DefaultValue OPTIONAL, OUT PWSTR Buffer, IN ULONG BufferSize );
PWSTRSfcQueryRegStringWithAlternate( IN PCWSTR FirstKey, IN PCWSTR SecondKey, IN PCWSTR ValueNameStr );
NTSTATUSSfcQueueValidationRequest( IN PSFC_REGISTRY_VALUE RegVal, IN ULONG ChangeType );
voidMyLowerString( IN PWSTR String, IN ULONG StringLength // in characters
);
#ifdef SFCLOGFILE
voidSfcLogFileWrite( IN DWORD StrId, IN ... );#endif
BOOLSfcPopulateCache( IN HWND ProgressWindow, IN BOOL Validate, IN BOOL AllowUI, IN PCWSTR IgnoreFiles OPTIONAL );
NTSTATUSSfcDoForcedSxsScan( IN HWND ProgressWindow, IN BOOL Validate, IN BOOL AllowUI );
BOOLSfcLoadSxsProtection( void );
BOOLSfcAddFileToQueue( IN const HSPFILEQ hFileQ, IN PCWSTR FileName, IN PCWSTR TargetFileName, IN PCWSTR TargetDirectory, IN PCWSTR SourceFileName, OPTIONAL IN PCWSTR SourceRootPath, OPTIONAL IN PCWSTR InfName, IN BOOL ExcepPackFile, IN OUT PSOURCE_INFO SourceInfo OPTIONAL );
UINTSfcQueueCallback( IN PFILE_COPY_INFO fci, IN UINT Notification, IN UINT_PTR Param1, IN UINT_PTR Param2 );
NTSTATUSSfcInitializeDllLists( PSFC_GET_FILES pfGetFiles );
voidRemoveDuplicatesFromQueue( IN PSFC_REGISTRY_VALUE RegVal );
intMyDialogBoxParam( IN DWORD RcId, IN DLGPROC lpDialogFunc, // pointer to dialog box procedure
IN LPARAM dwInitParam // initialization value
);
BOOLSfcGetValidationData( IN PUNICODE_STRING FileName, IN PUNICODE_STRING FullPathName, IN HANDLE DirHandle, IN HCATADMIN hCatAdmin, OUT PIMAGE_VALIDATION_DATA ImageValData );
voidCenterDialog( HWND hwnd );
BOOLMakeDirectory( PCWSTR Dir );
voidClientApiInit( void );
voidClientApiCleanup( void );
BOOLSfcGetSourceInformation( IN PCWSTR SourceFileName, IN PCWSTR InfName, IN BOOL ExcepPackFile, OUT PSOURCE_INFO si );
BOOLSfcGetCdRomDrivePath( IN PWSTR CdRomPath );
BOOLSfcpSetSpecialEnvironmentVariables( VOID );
DWORDSfcGetPathType( IN PCWSTR Path, OUT PWSTR NewPath, IN DWORD NewPathSize );
#if 0
DWORDSfcIsTargetAvailable( IN PCWSTR InfName, IN PCWSTR SourceFileName, IN BOOL TargetIsCache, OUT PWSTR NewSourcePath, IN OUT PSOURCE_INFO si );#endif
BOOLSfcRestoreFromCache( IN PVALIDATION_REQUEST_DATA vrd, IN HCATADMIN hCatAdmin );
BOOLSfcSyncCache( IN PVALIDATION_REQUEST_DATA vrd, IN HCATADMIN hCatAdmin );
PVALIDATION_REQUEST_DATAIsFileInQueue( IN PSFC_REGISTRY_VALUE RegVal );
DWORDSfcQueueLookForFile( IN const PSOURCE_MEDIA sm, IN const PSOURCE_INFO si, IN PCWSTR fname, OUT PWSTR NewPath );
BOOLSfcQueueAddFileToRestoreQueue( IN BOOL RequiresUI, IN PSFC_REGISTRY_VALUE RegVal, IN PCWSTR InfFileName, IN BOOL ExcepPackFile, IN PSOURCE_INFO SourceInfo, IN PCWSTR ActualFileNameOnMedia );
BOOLSfcQueueCommitRestoreQueue( IN BOOL RequiresUI );
BOOLSfcQueueResetQueue( IN BOOL RequiresUI );
PSOURCE_INFOpSfcGetSourceInfoFromSourceName( const PSOURCE_INFO *SourceInfoList, DWORD SourceInfoCount, const PSOURCE_MEDIA SourceMediaInfo );
PVALIDATION_REQUEST_DATApSfcGetValidationRequestFromFilePaths( const PSOURCE_INFO *SourceInfoList, DWORD SourceInfoCount, const PFILEPATHS FilePaths );
BOOLSfcGetConnectionName( IN PCWSTR Path, OUT PWSTR ConnectionName, IN DWORD ConnectionBufferSize, OUT PWSTR RemainingPath OPTIONAL, IN DWORD RemainingPathSize OPTIONAL, IN BOOL KeepImpersonating, OUT PBOOL Impersonating OPTIONAL );
DWORDGetPageFileSize( VOID );
BOOLSfcIsFileOnMedia( IN PCWSTR FileName );
PCWSTRIsFileInDriverCache( IN PCWSTR TargetFilename );
INT_PTRCALLBACKpSfcPromptForMediaDialogProc( HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam );
PSFC_WINDOW_DATApSfcCreateWindowDataEntry( HWND hWnd );
BOOLpSfcRemoveWindowDataEntry( PSFC_WINDOW_DATA WindowData );
DWORDEstablishConnection( IN HWND hWndParent, IN PCWSTR PathName, IN BOOL AllowUI );
BOOLBuildPathForFile( IN PCWSTR SourceRootPath, IN PCWSTR SubDirectoryPath, OPTIONAL IN PCWSTR FileName, IN BOOL IncludeSubDirectory, IN BOOL IncludeArchitectureSpecificSubDirectory, OUT PWSTR PathBuffer, IN DWORD PathBufferSize );
BOOLSfcWaitForValidDesktop( VOID );
PWSTRSfcGetSourcePath( IN BOOL bServicePackSourcePath, IN OUT PWSTR Path );
DWORDSfcRpcPriviledgeCheck( IN HANDLE RpcHandle );
voidSfcFlushCryptoCache( void );
PSFC_GET_FILESSfcLoadSfcFiles( BOOL bLoad );
DWORD CreateSd( PSECURITY_DESCRIPTOR* ppsd );
VOID SfcExceptionInfoInit( VOID );
VOIDSfcRefreshExceptionInfo( VOID );
BOOLSfcGetInfName( IN PSFC_REGISTRY_VALUE RegVal, OUT LPWSTR InfName );
DWORDCreateDialogParent( OUT HWND* phwnd );
NTSTATUSSfcAllocUnicodeStringFromPath( IN PCWSTR szPath, OUT PUNICODE_STRING pString );
#ifndef _WIN64
VOIDSfcInitPathTranslator( VOID );
VOIDSfcCleanupPathTranslator( IN BOOL FinalCleanup );
NTSTATUSSfcRedirectPath( IN PCWSTR szPath, OUT PUNICODE_STRING pPath );
#endif // _WIN64
DWORDSfcCreateSid( IN WELL_KNOWN_SID_TYPE type, OUT PSID* ppSid );
DWORDSfcGetSidName( IN PSID pSid, OUT PWSTR* ppszName );
NTSTATUSSfcRpcStartServer( VOID );
HINFSfcOpenInf( IN PCWSTR InfName OPTIONAL, IN BOOL ExcepPackInf );
FORCEINLINEULONGSfcGetExemptionFlags( IN PSFC_REGISTRY_VALUE RegVal ){ UINT_PTR Index;
ASSERT(RegVal != NULL); Index = RegVal - SfcProtectedDllsList; ASSERT(Index < SfcProtectedDllCount);
return Index < SfcProtectedDllCount ? IgnoreNextChange[Index] : 0;}
FORCEINLINEVOIDSfcSetExemptionFlags( IN PSFC_REGISTRY_VALUE RegVal, IN ULONG Flags ){ UINT_PTR Index;
ASSERT(RegVal != NULL); Index = RegVal - SfcProtectedDllsList; ASSERT(Index < SfcProtectedDllCount);
if(Index < SfcProtectedDllCount) { IgnoreNextChange[Index] |= Flags; }}
FORCEINLINEULARGE_INTEGERSfcGetSystemTime( VOID ){ FILETIME filetime; ULARGE_INTEGER time;
GetSystemTimeAsFileTime(&filetime); time.LowPart = filetime.dwLowDateTime; time.HighPart = filetime.dwHighDateTime; return time;}
FORCEINLINEBOOLSfcAreExemptionFlagsValid( BOOL ResetValidityTimer ){ //
// one minute in 100-nanosecond units
//
const ULARGE_INTEGER ExemptionFlagsTimeout = { 10000000 * 60 };
ULARGE_INTEGER time = SfcGetSystemTime(); BOOL Valid = (time.QuadPart - LastExemptionTime.QuadPart < ExemptionFlagsTimeout.QuadPart);
if(ResetValidityTimer) { LastExemptionTime.QuadPart = time.QuadPart; }
return Valid;}
DWORDSfcCopyRegValue( IN LPCWSTR SourceKeyName, IN LPCWSTR SourceValueName, IN LPCWSTR DestinationKeyName, IN LPCWSTR DestinationValueName );
DWORDProcessDelayRenames( VOID );
|
