archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pkitrust/mssip32/peimage2.cpp

473 lines
14 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1996 - 1999
  6. //
  7. // File: peimage2.cpp
  8. //
  9. // Contents: Microsoft SIP Provider
  10. //
  11. // History: 14-Mar-1997 pberkman created
  12. //
  13. //--------------------------------------------------------------------------
  16. #include "global.hxx"
  18. __inline DWORD AlignIt (DWORD Value, DWORD Alignment) { return (Value + (Alignment - 1)) & ~(Alignment -1); }
  20. #define InitializeListHead(ListHead) (\
  21. (ListHead)->Flink = (ListHead)->Blink = (ListHead))
  23. #define MAP_READONLY TRUE
  24. #define MAP_READWRITE FALSE
  26. BOOL
  27. CalculateImagePtrs(
  28. PLOADED_IMAGE LoadedImage
  29. )
  30. {
  31. PIMAGE_DOS_HEADER DosHeader;
  32. BOOL fRC = FALSE;
  34. // Everything is mapped. Now check the image and find nt image headers
  36. __try {
  37. DosHeader = (PIMAGE_DOS_HEADER)LoadedImage->MappedAddress;
  39. if ((DosHeader->e_magic != IMAGE_DOS_SIGNATURE) &&
  40. (DosHeader->e_magic != IMAGE_NT_SIGNATURE)) {
  41. __leave;
  42. }
  44. if (DosHeader->e_magic == IMAGE_DOS_SIGNATURE) {
  45. if (DosHeader->e_lfanew == 0) {
  46. __leave;
  47. }
  48. LoadedImage->FileHeader = (PIMAGE_NT_HEADERS)((ULONG_PTR)DosHeader + DosHeader->e_lfanew);
  50. if (
  51. // If IMAGE_NT_HEADERS would extend past the end of file...
  52. (PBYTE)LoadedImage->FileHeader + sizeof(IMAGE_NT_HEADERS) >
  53. (PBYTE)LoadedImage->MappedAddress + LoadedImage->SizeOfImage ||
  55. // ..or if it would begin in, or before the IMAGE_DOS_HEADER...
  56. (PBYTE)LoadedImage->FileHeader <
  57. (PBYTE)LoadedImage->MappedAddress + sizeof(IMAGE_DOS_HEADER) )
  58. {
  59. // ...then e_lfanew is not as expected.
  60. // (Several Win95 files are in this category.)
  61. __leave;
  62. }
  63. } else {
  65. // No DOS header indicates an image built w/o a dos stub
  67. LoadedImage->FileHeader = (PIMAGE_NT_HEADERS)DosHeader;
  68. }
  70. if ( LoadedImage->FileHeader->Signature != IMAGE_NT_SIGNATURE ) {
  71. __leave;
  72. }
  74. // No optional header indicates an object...
  76. if ( !LoadedImage->FileHeader->FileHeader.SizeOfOptionalHeader ) {
  77. __leave;
  78. }
  80. // Check for versions < 2.50
  82. if ( LoadedImage->FileHeader->OptionalHeader.MajorLinkerVersion < 3 &&
  83. LoadedImage->FileHeader->OptionalHeader.MinorLinkerVersion < 5 ) {
  84. __leave;
  85. }
  87. InitializeListHead( &LoadedImage->Links );
  88. LoadedImage->NumberOfSections = LoadedImage->FileHeader->FileHeader.NumberOfSections;
  89. LoadedImage->Sections = IMAGE_FIRST_SECTION(LoadedImage->FileHeader);
  90. fRC = TRUE;
  92. } __except ( EXCEPTION_EXECUTE_HANDLER ) { }
  94. return fRC;
  95. }
  97. BOOL
  98. MapIt(
  99. HANDLE hFile,
  100. PLOADED_IMAGE LoadedImage
  101. )
  102. {
  103. HANDLE hMappedFile;
  105. hMappedFile = CreateFileMapping(
  106. hFile,
  107. NULL,
  108. PAGE_READONLY,
  109. 0,
  110. 0,
  111. NULL
  112. );
  113. if ( !hMappedFile ) {
  114. return FALSE;
  115. }
  117. LoadedImage->MappedAddress = (PUCHAR) MapViewOfFile(
  118. hMappedFile,
  119. FILE_MAP_READ,
  120. 0,
  121. 0,
  122. 0
  123. );
  125. CloseHandle(hMappedFile);
  127. LoadedImage->SizeOfImage = GetFileSize(hFile, NULL);
  129. if (!LoadedImage->MappedAddress) {
  130. return (FALSE);
  131. }
  133. if (!CalculateImagePtrs(LoadedImage)) {
  134. UnmapViewOfFile(LoadedImage->MappedAddress);
  135. return(FALSE);
  136. }
  138. LoadedImage->hFile = INVALID_HANDLE_VALUE;
  140. return(TRUE);
  141. }
  143. typedef struct _EXCLUDE_RANGE {
  144. PBYTE Offset;
  145. DWORD Size;
  146. struct _EXCLUDE_RANGE *Next;
  147. } EXCLUDE_RANGE;
  149. class EXCLUDE_LIST
  150. {
  151. public:
  152. EXCLUDE_LIST() {
  153. m_Image = NULL;
  154. m_ExRange = new EXCLUDE_RANGE;
  156. if(m_ExRange)
  157. memset(m_ExRange, 0x00, sizeof(EXCLUDE_RANGE));
  158. }
  160. ~EXCLUDE_LIST() {
  161. EXCLUDE_RANGE *pTmp;
  162. pTmp = m_ExRange->Next;
  163. while (pTmp)
  164. {
  165. DELETE_OBJECT(m_ExRange);
  166. m_ExRange = pTmp;
  167. pTmp = m_ExRange->Next;
  168. }
  169. DELETE_OBJECT(m_ExRange);
  170. }
  172. void Init(LOADED_IMAGE * Image, DIGEST_FUNCTION pFunc, DIGEST_HANDLE dh) {
  173. m_Image = Image;
  174. m_ExRange->Offset = NULL;
  175. m_ExRange->Size = 0;
  176. m_pFunc = pFunc;
  177. m_dh = dh;
  178. return;
  179. }
  181. void Add(DWORD_PTR Offset, DWORD Size);
  183. BOOL Emit(PBYTE Offset, DWORD Size);
  185. private:
  186. LOADED_IMAGE * m_Image;
  187. EXCLUDE_RANGE * m_ExRange;
  188. DIGEST_FUNCTION m_pFunc;
  189. DIGEST_HANDLE m_dh;
  190. };
  192. void
  193. EXCLUDE_LIST::Add(
  194. DWORD_PTR Offset,
  195. DWORD Size
  196. )
  197. {
  198. EXCLUDE_RANGE *pTmp, *pExRange;
  200. pExRange = m_ExRange;
  202. while (pExRange->Next && (pExRange->Next->Offset < (PBYTE)Offset)) {
  203. pExRange = pExRange->Next;
  204. }
  206. pTmp = new EXCLUDE_RANGE;
  208. if(pTmp)
  209. {
  210. pTmp->Next = pExRange->Next;
  211. pTmp->Offset = (PBYTE)Offset;
  212. pTmp->Size = Size;
  213. pExRange->Next = pTmp;
  214. }
  216. return;
  217. }
  220. BOOL
  221. EXCLUDE_LIST::Emit(
  222. PBYTE Offset,
  223. DWORD Size
  224. )
  225. {
  226. BOOL rc;
  228. EXCLUDE_RANGE *pExRange;
  229. DWORD EmitSize, ExcludeSize;
  231. pExRange = m_ExRange->Next;
  233. while (pExRange && (Size > 0)) {
  234. if (pExRange->Offset >= Offset) {
  235. // Emit what's before the exclude list.
  236. EmitSize = min((DWORD)(pExRange->Offset - Offset), Size);
  237. if (EmitSize) {
  238. rc = (*m_pFunc)(m_dh, Offset, EmitSize);
  239. if (rc == FALSE)
  240. return rc;
  241. Size -= EmitSize;
  242. Offset += EmitSize;
  243. }
  244. }
  246. if (Size) {
  247. if (pExRange->Offset + pExRange->Size >= Offset) {
  248. // Skip over what's in the exclude list.
  249. ExcludeSize = min(Size, (DWORD)(pExRange->Offset + pExRange->Size - Offset));
  250. Size -= ExcludeSize;
  251. Offset += ExcludeSize;
  252. }
  253. }
  255. pExRange = pExRange->Next;
  256. }
  258. // Emit what's left.
  259. if (Size) {
  260. rc = (*m_pFunc)(m_dh, Offset, Size);
  261. }
  262. return rc;
  263. }
  266. BOOL
  267. imagehack_IsImagePEOnly(
  268. IN HANDLE FileHandle
  269. )
  270. /*
  271. What we're looking for here is if there's data outside the exe.
  272. To do so, find the highest section header offset. To that, find the
  273. highest debug directory offset. Finally, round up to the file alignment
  274. size, add in the cert size, and compare to the reported image size...
  275. */
  276. {
  277. LOADED_IMAGE LoadedImage;
  278. DWORD HighOffset;
  279. DWORD i, Offset, Size;
  280. LONG DebugDirectorySize, CertSize;
  281. PIMAGE_DEBUG_DIRECTORY DebugDirectory;
  282. PVOID CertDir;
  283. BOOL rc;
  284. DWORD FileAlignment;
  285. DWORD NumberOfSections;
  287. if (MapIt(FileHandle, &LoadedImage) == FALSE) {
  288. return(FALSE);
  289. }
  291. rc = FALSE;
  293. __try {
  294. if (LoadedImage.FileHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
  295. FileAlignment = ((PIMAGE_NT_HEADERS32)LoadedImage.FileHeader)->OptionalHeader.FileAlignment;
  296. } else if (LoadedImage.FileHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
  297. FileAlignment = ((PIMAGE_NT_HEADERS64)LoadedImage.FileHeader)->OptionalHeader.FileAlignment;
  298. } else {
  299. __leave;
  300. }
  302. NumberOfSections = LoadedImage.FileHeader->FileHeader.NumberOfSections;
  303. HighOffset = 0;
  305. for (i = 0; i < NumberOfSections; i++) {
  306. Offset = LoadedImage.Sections[i].PointerToRawData;
  307. Size = LoadedImage.Sections[i].SizeOfRawData;
  308. HighOffset = max(HighOffset, (Offset + Size));
  309. }
  311. DebugDirectory = (PIMAGE_DEBUG_DIRECTORY)
  312. ImageDirectoryEntryToData(
  313. LoadedImage.MappedAddress,
  314. FALSE,
  315. IMAGE_DIRECTORY_ENTRY_DEBUG,
  316. (ULONG *) &DebugDirectorySize
  317. );
  319. while (DebugDirectorySize > 0) {
  320. Offset = DebugDirectory->PointerToRawData;
  321. Size = DebugDirectory->SizeOfData;
  322. HighOffset = max(HighOffset, (Offset + Size));
  323. DebugDirectorySize -= sizeof(IMAGE_DEBUG_DIRECTORY);
  324. DebugDirectory++;
  325. }
  327. HighOffset = AlignIt(HighOffset, FileAlignment);
  329. CertDir = (PVOID) ImageDirectoryEntryToData(
  330. LoadedImage.MappedAddress,
  331. FALSE,
  332. IMAGE_DIRECTORY_ENTRY_SECURITY,
  333. (ULONG *) &CertSize
  334. );
  336. if (LoadedImage.SizeOfImage <= (HighOffset + CertSize)) {
  337. rc = TRUE;
  338. }
  339. } __except(EXCEPTION_EXECUTE_HANDLER) { }
  341. UnmapViewOfFile(LoadedImage.MappedAddress);
  343. return(rc);
  344. }
  346. BOOL
  347. imagehack_AuImageGetDigestStream(
  348. IN HANDLE FileHandle,
  349. IN DWORD DigestLevel,
  350. IN DIGEST_FUNCTION DigestFunction,
  351. IN DIGEST_HANDLE DigestHandle
  352. )
  354. /*++
  356. Routine Description:
  357. Given an image, return the bytes necessary to construct a certificate.
  358. Only PE images are supported at this time.
  360. Arguments:
  362. FileHandle - Handle to the file in question. The file should be opened
  363. with at least GENERIC_READ access.
  365. DigestLevel - Indicates what data will be included in the returned buffer.
  366. Valid values are:
  368. CERT_PE_IMAGE_DIGEST_ALL_BUT_CERTS - Include data outside the PE image itself
  369. (may include non-mapped debug symbolic)
  371. DigestFunction - User supplied routine that will process the data.
  373. DigestHandle - User supplied handle to identify the digest. Passed as the first
  374. argument to the DigestFunction.
  376. Return Value:
  378. TRUE - Success.
  380. FALSE - There was some error. Call GetLastError for more information. Possible
  381. values are ERROR_INVALID_PARAMETER or ERROR_OPERATION_ABORTED.
  383. --*/
  385. {
  386. LOADED_IMAGE LoadedImage;
  387. BOOL rc;
  388. EXCLUDE_LIST ExList;
  390. if (MapIt(FileHandle, &LoadedImage) == FALSE) {
  391. // Unable to map the image or invalid digest level.
  392. SetLastError(ERROR_INVALID_PARAMETER);
  393. return(FALSE);
  394. }
  396. rc = ERROR_INVALID_PARAMETER;
  397. __try {
  398. PIMAGE_DATA_DIRECTORY CertDirectory;
  399. DWORD HeaderEndOffset = 0;
  401. if ((LoadedImage.FileHeader->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC) &&
  402. (LoadedImage.FileHeader->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC))
  403. {
  404. __leave;
  405. }
  407. ExList.Init(&LoadedImage, DigestFunction, DigestHandle);
  409. if (LoadedImage.FileHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
  410. PIMAGE_NT_HEADERS32 NtHeader32 = (PIMAGE_NT_HEADERS32)(LoadedImage.FileHeader);
  411. // Exclude the checksum.
  412. ExList.Add(((DWORD_PTR) &NtHeader32->OptionalHeader.CheckSum),
  413. sizeof(NtHeader32->OptionalHeader.CheckSum));
  415. CertDirectory = &NtHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
  416. HeaderEndOffset = NtHeader32->OptionalHeader.SizeOfHeaders;
  417. } else {
  418. PIMAGE_NT_HEADERS64 NtHeader64 = (PIMAGE_NT_HEADERS64)(LoadedImage.FileHeader);
  419. // Exclude the checksum.
  420. ExList.Add(((DWORD_PTR) &NtHeader64->OptionalHeader.CheckSum),
  421. sizeof(NtHeader64->OptionalHeader.CheckSum));
  423. CertDirectory = &NtHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
  424. HeaderEndOffset = NtHeader64->OptionalHeader.SizeOfHeaders;
  425. }
  427. DWORD CertFileOffset = CertDirectory->VirtualAddress;
  428. DWORD CertFileSize = CertDirectory->Size;
  430. if (CertFileOffset && CertFileSize) {
  431. DWORD i;
  433. if (CertFileOffset > LoadedImage.SizeOfImage) {
  434. __leave; // Start of certs is past end of image
  435. }
  436. if ((CertFileOffset + CertFileSize) != LoadedImage.SizeOfImage) {
  437. __leave; // Certs not at end of image
  438. }
  439. if ((CertFileOffset + CertFileSize) < CertFileOffset) {
  440. __leave; // cert end is before cert start (start + size wraps)
  441. }
  442. if (CertFileOffset < HeaderEndOffset) {
  443. __leave; // Certs are in the header space
  444. }
  446. // See if the certs are in the section data
  447. for (i = 0; i < LoadedImage.NumberOfSections; i++) {
  448. DWORD SectionFileOffsetStart = LoadedImage.Sections[i].PointerToRawData;
  449. DWORD SectionFileOffsetEnd = SectionFileOffsetStart + LoadedImage.Sections[i].SizeOfRawData;
  451. if (SectionFileOffsetStart && (CertFileOffset < SectionFileOffsetEnd)) {
  452. __leave; // CertData starts before this section - not allowed
  453. }
  454. }
  455. }
  457. // Exclude the Security directory.
  458. ExList.Add((DWORD_PTR) CertDirectory, sizeof(IMAGE_DATA_DIRECTORY));
  460. // Exclude the certs.
  461. ExList.Add((DWORD_PTR)CertFileOffset + (DWORD_PTR)LoadedImage.MappedAddress, CertFileSize);
  463. ExList.Emit((PBYTE) (LoadedImage.MappedAddress), LoadedImage.SizeOfImage);
  464. rc = ERROR_SUCCESS;
  466. } __except(EXCEPTION_EXECUTE_HANDLER) { }
  468. UnmapViewOfFile(LoadedImage.MappedAddress);
  470. SetLastError(rc);
  472. return(rc == ERROR_SUCCESS ? TRUE : FALSE);
  473. }