archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/windows/appcompat/shims/layer/handleapiexceptions.cpp

393 lines
9.1 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name:
  7. HandleAPIExceptions.cpp
  9. Abstract:
  11. Handle exceptions thrown by APIs that used to simply fail on Win9x. So far
  12. we have:
  14. 1. BackupSeek: AVs if hFile == NULL
  15. 2. CreateEvent passed bad lpEventAttributes and/or lpName
  16. 3. GetFileAttributes
  18. Also emulate the win9x behavior for VirtualProtect, whereby the last
  19. parameter can be NULL.
  21. GetTextExtentPoint32 AV's when a large/uninitialized value is passed for
  22. the string length. This API now emulates Win9x.
  24. Add sanity checks to pointers in the call to GetMenuItemInfo. This is to match 9x, as
  25. some apps to pass bogus pointers and it AV on NT.
  27. When wsprintf receives lpFormat argument as NULL, no AV on 9x.
  28. But it AV on XP.Shim verifies format string, if it is NULL return the call don't forward
  30. Notes:
  32. This is a general purpose shim.
  34. History:
  36. 04/03/2000 linstev Created
  37. 04/01/2001 linstev Munged with other exception handling shims
  38. 07/11/2001 prashkud Added handling for GetTextExtentPoint32
  39. 04/24/2002 v-ramora Added handling for wsprintfA
  41. --*/
  43. #include "precomp.h"
  45. IMPLEMENT_SHIM_BEGIN(HandleAPIExceptions)
  46. #include "ShimHookMacro.h"
  48. APIHOOK_ENUM_BEGIN
  49. APIHOOK_ENUM_ENTRY(BackupSeek)
  50. APIHOOK_ENUM_ENTRY(CreateEventA)
  51. APIHOOK_ENUM_ENTRY(CreateEventW)
  52. APIHOOK_ENUM_ENTRY(GetFileAttributesA)
  53. APIHOOK_ENUM_ENTRY(GetFileAttributesW)
  54. APIHOOK_ENUM_ENTRY(VirtualProtect)
  55. APIHOOK_ENUM_ENTRY(GetTextExtentPoint32A)
  56. APIHOOK_ENUM_ENTRY(GetMenuItemInfoA)
  57. APIHOOK_ENUM_ENTRY(wsprintfA)
  58. APIHOOK_ENUM_END
  60. #define MAX_WIN9X_STRSIZE 8192
  62. /*++
  64. Stub returns for bad parameters.
  66. --*/
  68. BOOL
  69. APIHOOK(BackupSeek)(
  70. HANDLE hFile,
  71. DWORD dwLowBytesToSeek,
  72. DWORD dwHighBytesToSeek,
  73. LPDWORD lpdwLowBytesSeeked,
  74. LPDWORD lpdwHighBytesSeeked,
  75. LPVOID *lpContext
  76. )
  77. {
  78. if (!hFile) {
  79. LOGN(
  80. eDbgLevelError,
  81. "[BackupSeek] Bad parameter, returning NULL");
  83. return NULL;
  84. }
  86. DWORD dwLowSeeked, dwHighSeeked;
  88. if (IsBadWritePtr(lpdwLowBytesSeeked, 4)) {
  89. LOGN(
  90. eDbgLevelError,
  91. "[BackupSeek] Bad parameter, fixing");
  93. lpdwLowBytesSeeked = &dwLowSeeked;
  94. }
  96. if (IsBadWritePtr(lpdwHighBytesSeeked, 4)) {
  97. LOGN(
  98. eDbgLevelError,
  99. "[BackupSeek] Bad parameter, fixing");
  101. lpdwHighBytesSeeked = &dwHighSeeked;
  102. }
  104. return ORIGINAL_API(BackupSeek)(hFile, dwLowBytesToSeek, dwHighBytesToSeek,
  105. lpdwLowBytesSeeked, lpdwHighBytesSeeked, lpContext);
  106. }
  108. /*++
  110. Validate parameters
  112. --*/
  114. HANDLE
  115. APIHOOK(CreateEventA)(
  116. LPSECURITY_ATTRIBUTES lpEventAttributes,
  117. BOOL bManualReset,
  118. BOOL bInitialState,
  119. LPCSTR lpName
  120. )
  121. {
  122. if (lpEventAttributes &&
  123. IsBadReadPtr(lpEventAttributes, sizeof(*lpEventAttributes))) {
  125. LOGN(
  126. eDbgLevelError,
  127. "[CreateEventA] Bad parameter, returning NULL");
  129. return NULL;
  130. }
  132. if (lpName &&
  133. IsBadStringPtrA(lpName, MAX_PATH)) {
  135. LOGN(
  136. eDbgLevelError,
  137. "[CreateEventA] Bad parameter, returning NULL");
  138. return NULL;
  139. }
  141. return (ORIGINAL_API(CreateEventA)(lpEventAttributes, bManualReset,
  142. bInitialState, lpName));
  143. }
  145. /*++
  147. Validate parameters
  149. --*/
  151. HANDLE
  152. APIHOOK(CreateEventW)(
  153. LPSECURITY_ATTRIBUTES lpEventAttributes,
  154. BOOL bManualReset,
  155. BOOL bInitialState,
  156. LPCWSTR lpName
  157. )
  158. {
  159. if (lpEventAttributes &&
  160. IsBadReadPtr(lpEventAttributes, sizeof(*lpEventAttributes))) {
  162. LOGN(
  163. eDbgLevelError,
  164. "[CreateEventW] Bad parameter, returning NULL");
  166. return NULL;
  167. }
  169. if (lpName &&
  170. IsBadStringPtrW(lpName, MAX_PATH)) {
  172. LOGN(
  173. eDbgLevelError,
  174. "[CreateEventW] Bad parameter, returning NULL");
  175. return NULL;
  176. }
  178. return (ORIGINAL_API(CreateEventW)(lpEventAttributes, bManualReset,
  179. bInitialState, lpName));
  180. }
  182. /*++
  184. This function to emulate Win9x behaviour when getting file attributes.
  186. --*/
  188. DWORD
  189. APIHOOK(GetFileAttributesA)(
  190. LPCSTR lpFileName
  191. )
  192. {
  193. DWORD dwFileAttributes = INVALID_FILE_ATTRIBUTES;
  195. if (!IsBadStringPtrA(lpFileName, MAX_PATH)) {
  196. dwFileAttributes = ORIGINAL_API(GetFileAttributesA)(
  197. lpFileName);
  198. } else {
  199. LOGN(
  200. eDbgLevelError,
  201. "[GetFileAttributesA] Bad parameter - returning INVALID_FILE_ATTRIBUTES.");
  202. }
  204. return dwFileAttributes;
  205. }
  207. /*++
  209. This function is used to emulate Win9x behaviour when getting file attributes.
  211. --*/
  213. DWORD
  214. APIHOOK(GetFileAttributesW)(
  215. LPCWSTR lpFileName
  216. )
  217. {
  218. DWORD dwFileAttributes = INVALID_FILE_ATTRIBUTES;
  220. if (!IsBadStringPtrW(lpFileName, MAX_PATH)) {
  221. dwFileAttributes = ORIGINAL_API(GetFileAttributesW)(
  222. lpFileName);
  223. } else {
  224. LOGN(
  225. eDbgLevelError,
  226. "[GetFileAttributesW] Bad parameter - returning INVALID_FILE_ATTRIBUTES.");
  227. }
  229. return dwFileAttributes;
  230. }
  232. /*++
  234. Win9x allowed the last parameter to be NULL.
  236. --*/
  238. BOOL
  239. APIHOOK(VirtualProtect)(
  240. LPVOID lpAddress,
  241. SIZE_T dwSize,
  242. DWORD flNewProtect,
  243. PDWORD lpflOldProtect
  244. )
  245. {
  246. DWORD dwOldProtect = 0;
  248. if (!lpflOldProtect) {
  249. //
  250. // Detected a bad last parameter, fix it.
  251. //
  252. LOGN(eDbgLevelError, "[VirtualProtect] Bad parameter - fixing");
  253. lpflOldProtect = &dwOldProtect;
  254. }
  256. return ORIGINAL_API(VirtualProtect)(lpAddress, dwSize, flNewProtect, lpflOldProtect);
  257. }
  259. /*++
  261. Win9x only allows 8192 for the size of the string
  263. --*/
  265. BOOL
  266. APIHOOK(GetTextExtentPoint32A)(
  267. HDC hdc,
  268. LPCSTR lpString,
  269. int cbString,
  270. LPSIZE lpSize
  271. )
  272. {
  274. if (cbString > MAX_WIN9X_STRSIZE) {
  275. //
  276. // Detected a bad string size, fix it.
  277. //
  279. if (!IsBadStringPtrA(lpString, cbString)) {
  280. cbString = strlen(lpString);
  281. LOGN(eDbgLevelError, "[GetTextExtentPoint32A] Bad parameter - fixing");
  282. } else {
  283. LOGN(eDbgLevelError, "[GetTextExtentPoint32A] Bad parameter - returning FALSE");
  284. return FALSE;
  285. }
  286. }
  288. return ORIGINAL_API(GetTextExtentPoint32A)(hdc, lpString, cbString, lpSize);
  289. }
  291. /*++
  293. Emulate Win9x bad pointer protection.
  295. --*/
  297. BOOL
  298. APIHOOK(GetMenuItemInfoA)(
  299. HMENU hMenu, // handle to menu
  300. UINT uItem, // menu item
  301. BOOL fByPosition, // meaning of uItem
  302. LPMENUITEMINFO lpmii // menu item information
  303. )
  304. {
  305. if (IsBadWritePtr(lpmii, sizeof(*lpmii))) {
  306. LOGN(eDbgLevelInfo, "[GetMenuItemInfoA] invalid lpmii pointer, returning FALSE");
  307. return FALSE;
  308. }
  310. if ((lpmii->fMask & MIIM_STRING || lpmii->fMask & MIIM_TYPE) && (lpmii->cch !=0)) {
  311. MENUITEMINFO MyMII={0};
  312. ULONG cch;
  314. MyMII.cbSize = sizeof(MyMII);
  315. MyMII.fMask = MIIM_STRING;
  317. if (ORIGINAL_API(GetMenuItemInfoA)(hMenu, uItem, fByPosition, &MyMII)) {
  318. cch = min(lpmii->cch, MyMII.cch + 1);
  320. if (IsBadWritePtr(lpmii->dwTypeData, cch)) {
  321. LOGN(eDbgLevelInfo, "[GetMenuItemInfoA] invalid pointer for string, clearing it");
  322. lpmii->dwTypeData = 0;
  323. }
  324. } else {
  325. DPFN(eDbgLevelError, "[GetMenuItemInfoA] Internal call to find string size fail (%08X)", GetLastError());
  326. }
  327. }
  329. return ORIGINAL_API(GetMenuItemInfoA)(hMenu, uItem, fByPosition, lpmii);
  330. }
  332. /*++
  334. Make sure format string for wsprintfA is not NULL
  336. --*/
  338. //Avoid wvsprintfA deprecated warning/error
  339. #pragma warning(disable : 4995)
  341. int
  342. APIHOOK(wsprintfA)(
  343. LPSTR lpOut,
  344. LPCSTR lpFmt,
  345. ...)
  346. {
  347. int iRet = 0;
  349. //
  350. // lpFmt can't be NULL, wvsprintfA throw AV
  351. //
  352. if (lpFmt == NULL) {
  353. if (!IsBadWritePtr(lpOut, 1)) {
  354. *lpOut = '\0';
  355. }
  356. DPFN( eDbgLevelInfo, "[wsprintfA] received NULL as format string");
  357. return iRet;
  358. }
  360. va_list arglist;
  362. va_start(arglist, lpFmt);
  363. iRet = wvsprintfA(lpOut, lpFmt, arglist);
  364. va_end(arglist);
  366. return iRet;
  367. }
  369. //Enable back deprecated warning/error
  370. #pragma warning(default : 4995)
  372. /*++
  374. Register hooked functions
  376. --*/
  378. HOOK_BEGIN
  380. APIHOOK_ENTRY(KERNEL32.DLL, BackupSeek)
  381. APIHOOK_ENTRY(KERNEL32.DLL, CreateEventA)
  382. APIHOOK_ENTRY(KERNEL32.DLL, CreateEventW)
  383. APIHOOK_ENTRY(KERNEL32.DLL, GetFileAttributesA)
  384. APIHOOK_ENTRY(KERNEL32.DLL, GetFileAttributesW)
  385. APIHOOK_ENTRY(KERNEL32.DLL, VirtualProtect)
  386. APIHOOK_ENTRY(GDI32.DLL, GetTextExtentPoint32A)
  387. APIHOOK_ENTRY(USER32.DLL, GetMenuItemInfoA)
  388. APIHOOK_ENTRY(USER32.DLL, wsprintfA)
  390. HOOK_END
  392. IMPLEMENT_SHIM_END