archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/cryptoapi/mincrypt/lib/imagehack.cpp

523 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. // Microsoft Windows
  3. //
  4. // Copyright (C) Microsoft Corporation, 2001 - 2001
  5. //
  6. // File: imagehack.cpp
  7. //
  8. // Contents: "Hacked" version of the imagehlp APIs
  9. //
  10. // Contains a "stripped" down subset of the imagehlp functionality
  11. // necessary to hash a PE file and to extract the
  12. // PKCS #7 Signed Data message.
  13. //
  14. // Most of this file is derived from the following 2 files:
  15. // \nt\ds\security\cryptoapi\pkitrust\mssip32\peimage2.cpp
  16. // \nt\sdktools\debuggers\imagehlp\dice.cxx
  17. //
  18. // Functions: imagehack_ImageGetDigestStream
  19. // imagehack_ImageGetCertificateData
  20. //
  21. // History: 20-Jan-01 philh created
  22. //--------------------------------------------------------------------------
  24. #include "global.hxx"
  26. //+=========================================================================
  27. // The following was taken from the following file:
  28. // \nt\ds\security\cryptoapi\pkitrust\mssip32\peimage2.cpp
  29. //-=========================================================================
  31. __inline DWORD AlignIt (DWORD Value, DWORD Alignment) { return (Value + (Alignment - 1)) & ~(Alignment -1); }
  33. #define InitializeListHead(ListHead) (\
  34. (ListHead)->Flink = (ListHead)->Blink = (ListHead))
  36. BOOL
  37. I_CalculateImagePtrs(
  38. PLOADED_IMAGE LoadedImage
  39. )
  40. {
  41. PIMAGE_DOS_HEADER DosHeader;
  42. BOOL fRC = FALSE;
  44. // Everything is mapped. Now check the image and find nt image headers
  46. __try {
  47. DosHeader = (PIMAGE_DOS_HEADER)LoadedImage->MappedAddress;
  49. if ((DosHeader->e_magic != IMAGE_DOS_SIGNATURE) &&
  50. (DosHeader->e_magic != IMAGE_NT_SIGNATURE)) {
  51. __leave;
  52. }
  54. if (DosHeader->e_magic == IMAGE_DOS_SIGNATURE) {
  55. if (DosHeader->e_lfanew == 0) {
  56. __leave;
  57. }
  58. LoadedImage->FileHeader = (PIMAGE_NT_HEADERS)((ULONG_PTR)DosHeader + DosHeader->e_lfanew);
  60. if (
  61. // If IMAGE_NT_HEADERS would extend past the end of file...
  62. (PBYTE)LoadedImage->FileHeader + sizeof(IMAGE_NT_HEADERS) >
  63. (PBYTE)LoadedImage->MappedAddress + LoadedImage->SizeOfImage ||
  65. // ..or if it would begin in, or before the IMAGE_DOS_HEADER...
  66. (PBYTE)LoadedImage->FileHeader <
  67. (PBYTE)LoadedImage->MappedAddress + sizeof(IMAGE_DOS_HEADER) )
  68. {
  69. // ...then e_lfanew is not as expected.
  70. // (Several Win95 files are in this category.)
  71. __leave;
  72. }
  73. } else {
  75. // No DOS header indicates an image built w/o a dos stub
  77. LoadedImage->FileHeader = (PIMAGE_NT_HEADERS)DosHeader;
  78. }
  80. if ( LoadedImage->FileHeader->Signature != IMAGE_NT_SIGNATURE ) {
  81. __leave;
  82. } else {
  83. LoadedImage->fDOSImage = FALSE;
  84. }
  86. // No optional header indicates an object...
  88. if ( !LoadedImage->FileHeader->FileHeader.SizeOfOptionalHeader ) {
  89. __leave;
  90. }
  92. // Check for versions < 2.50
  94. if ( LoadedImage->FileHeader->OptionalHeader.MajorLinkerVersion < 3 &&
  95. LoadedImage->FileHeader->OptionalHeader.MinorLinkerVersion < 5 ) {
  96. __leave;
  97. }
  99. InitializeListHead( &LoadedImage->Links );
  100. LoadedImage->NumberOfSections = LoadedImage->FileHeader->FileHeader.NumberOfSections;
  101. LoadedImage->Sections = IMAGE_FIRST_SECTION(LoadedImage->FileHeader);
  102. fRC = TRUE;
  104. } __except ( EXCEPTION_EXECUTE_HANDLER ) { }
  106. return fRC;
  107. }
  109. BOOL
  110. I_MapIt(
  111. PCRYPT_DATA_BLOB pFileBlob,
  112. PLOADED_IMAGE LoadedImage
  113. )
  114. {
  116. LoadedImage->hFile = INVALID_HANDLE_VALUE;
  117. LoadedImage->MappedAddress = pFileBlob->pbData;
  118. LoadedImage->SizeOfImage = pFileBlob->cbData;
  120. if (!LoadedImage->MappedAddress) {
  121. return (FALSE);
  122. }
  124. if (!I_CalculateImagePtrs(LoadedImage)) {
  125. return(FALSE);
  126. }
  129. return(TRUE);
  130. }
  132. typedef struct _EXCLUDE_RANGE {
  133. PBYTE Offset;
  134. DWORD Size;
  135. struct _EXCLUDE_RANGE *Next;
  136. } EXCLUDE_RANGE;
  138. class EXCLUDE_LIST
  139. {
  140. public:
  141. EXCLUDE_LIST() {
  142. m_Image = NULL;
  143. m_ExRange = (EXCLUDE_RANGE *)I_MemAlloc(sizeof(EXCLUDE_RANGE));
  145. if(m_ExRange)
  146. memset(m_ExRange, 0x00, sizeof(EXCLUDE_RANGE));
  147. }
  149. ~EXCLUDE_LIST() {
  150. EXCLUDE_RANGE *pTmp;
  151. pTmp = m_ExRange->Next;
  152. while (pTmp)
  153. {
  154. I_MemFree(m_ExRange);
  155. m_ExRange = pTmp;
  156. pTmp = m_ExRange->Next;
  157. }
  158. I_MemFree(m_ExRange);
  159. }
  161. void Init(LOADED_IMAGE * Image, DIGEST_FUNCTION pFunc, DIGEST_HANDLE dh) {
  162. m_Image = Image;
  163. m_ExRange->Offset = NULL;
  164. m_ExRange->Size = 0;
  165. m_pFunc = pFunc;
  166. m_dh = dh;
  167. return;
  168. }
  170. void Add(DWORD_PTR Offset, DWORD Size);
  172. BOOL Emit(PBYTE Offset, DWORD Size);
  174. private:
  175. LOADED_IMAGE * m_Image;
  176. EXCLUDE_RANGE * m_ExRange;
  177. DIGEST_FUNCTION m_pFunc;
  178. DIGEST_HANDLE m_dh;
  179. };
  181. void
  182. EXCLUDE_LIST::Add(
  183. DWORD_PTR Offset,
  184. DWORD Size
  185. )
  186. {
  187. EXCLUDE_RANGE *pTmp, *pExRange;
  189. pExRange = m_ExRange;
  191. while (pExRange->Next && (pExRange->Next->Offset < (PBYTE)Offset)) {
  192. pExRange = pExRange->Next;
  193. }
  195. pTmp = (EXCLUDE_RANGE *) I_MemAlloc(sizeof(EXCLUDE_RANGE));
  197. if(pTmp)
  198. {
  199. pTmp->Next = pExRange->Next;
  200. pTmp->Offset = (PBYTE)Offset;
  201. pTmp->Size = Size;
  202. pExRange->Next = pTmp;
  203. }
  205. return;
  206. }
  209. BOOL
  210. EXCLUDE_LIST::Emit(
  211. PBYTE Offset,
  212. DWORD Size
  213. )
  214. {
  215. BOOL rc = FALSE;
  217. EXCLUDE_RANGE *pExRange;
  218. DWORD EmitSize, ExcludeSize;
  220. pExRange = m_ExRange->Next;
  222. while (pExRange && (Size > 0)) {
  223. if (pExRange->Offset >= Offset) {
  224. // Emit what's before the exclude list.
  225. EmitSize = min((DWORD)(pExRange->Offset - Offset), Size);
  226. if (EmitSize) {
  227. rc = (*m_pFunc)(m_dh, Offset, EmitSize);
  228. Size -= EmitSize;
  229. Offset += EmitSize;
  230. }
  231. }
  233. if (Size) {
  234. if (pExRange->Offset + pExRange->Size >= Offset) {
  235. // Skip over what's in the exclude list.
  236. ExcludeSize = min(Size, (DWORD)(pExRange->Offset + pExRange->Size - Offset));
  237. Size -= ExcludeSize;
  238. Offset += ExcludeSize;
  239. }
  240. }
  242. pExRange = pExRange->Next;
  243. }
  245. // Emit what's left.
  246. if (Size) {
  247. rc = (*m_pFunc)(m_dh, Offset, Size);
  248. }
  249. return rc;
  250. }
  253. #pragma warning (push)
  254. // error C4509: nonstandard extension used: 'imagehack_ImageGetDigestStream'
  255. // uses SEH and 'ExList' has destructor
  256. #pragma warning (disable: 4509)
  259. BOOL
  260. WINAPI
  261. imagehack_ImageGetDigestStream(
  262. IN PCRYPT_DATA_BLOB pFileBlob,
  263. IN DWORD DigestLevel,
  264. IN DIGEST_FUNCTION DigestFunction,
  265. IN DIGEST_HANDLE DigestHandle
  266. )
  268. /*++
  270. Routine Description:
  271. Given an image, return the bytes necessary to construct a certificate.
  272. Only PE images are supported at this time.
  274. Arguments:
  276. FileHandle - Handle to the file in question. The file should be opened
  277. with at least GENERIC_READ access.
  279. DigestLevel - Indicates what data will be included in the returned buffer.
  280. Valid values are:
  282. CERT_PE_IMAGE_DIGEST_ALL_BUT_CERTS - Include data outside the PE image itself
  283. (may include non-mapped debug symbolic)
  285. DigestFunction - User supplied routine that will process the data.
  287. DigestHandle - User supplied handle to identify the digest. Passed as the first
  288. argument to the DigestFunction.
  290. Return Value:
  292. TRUE - Success.
  294. FALSE - There was some error. Call GetLastError for more information. Possible
  295. values are ERROR_INVALID_PARAMETER or ERROR_OPERATION_ABORTED.
  297. --*/
  299. {
  300. LOADED_IMAGE LoadedImage;
  301. DWORD ErrorCode;
  302. EXCLUDE_LIST ExList;
  304. if (I_MapIt(pFileBlob, &LoadedImage) == FALSE) {
  305. // Unable to map the image or invalid digest level.
  306. SetLastError(ERROR_INVALID_PARAMETER);
  307. return(FALSE);
  308. }
  310. ErrorCode = ERROR_INVALID_PARAMETER;
  311. __try {
  312. PIMAGE_DATA_DIRECTORY CertDirectory;
  313. DWORD HeaderEndOffset = 0;
  315. if ((LoadedImage.FileHeader->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC) &&
  316. (LoadedImage.FileHeader->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC))
  317. {
  318. __leave;
  319. }
  321. ExList.Init(&LoadedImage, DigestFunction, DigestHandle);
  323. if (LoadedImage.FileHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
  324. PIMAGE_NT_HEADERS32 NtHeader32 = (PIMAGE_NT_HEADERS32)(LoadedImage.FileHeader);
  325. // Exclude the checksum.
  326. ExList.Add(((DWORD_PTR) &NtHeader32->OptionalHeader.CheckSum),
  327. sizeof(NtHeader32->OptionalHeader.CheckSum));
  329. CertDirectory = &NtHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
  330. HeaderEndOffset = NtHeader32->OptionalHeader.SizeOfHeaders;
  331. } else {
  332. PIMAGE_NT_HEADERS64 NtHeader64 = (PIMAGE_NT_HEADERS64)(LoadedImage.FileHeader);
  333. // Exclude the checksum.
  334. ExList.Add(((DWORD_PTR) &NtHeader64->OptionalHeader.CheckSum),
  335. sizeof(NtHeader64->OptionalHeader.CheckSum));
  337. CertDirectory = &NtHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
  338. HeaderEndOffset = NtHeader64->OptionalHeader.SizeOfHeaders;
  339. }
  341. DWORD CertFileOffset = CertDirectory->VirtualAddress;
  342. DWORD CertFileSize = CertDirectory->Size;
  344. if (CertFileOffset && CertFileSize) {
  345. DWORD i;
  347. if (CertFileOffset > LoadedImage.SizeOfImage) {
  348. __leave; // Start of certs is past end of image
  349. }
  350. if ((CertFileOffset + CertFileSize) != LoadedImage.SizeOfImage) {
  351. __leave; // Certs not at end of image
  352. }
  353. if ((CertFileOffset + CertFileSize) < CertFileOffset) {
  354. __leave; // cert end is before cert start (start + size wraps)
  355. }
  356. if (CertFileOffset < HeaderEndOffset) {
  357. __leave; // Certs are in the header space
  358. }
  360. // See if the certs are in the section data
  361. for (i = 0; i < LoadedImage.NumberOfSections; i++) {
  362. DWORD SectionFileOffsetStart = LoadedImage.Sections[i].PointerToRawData;
  363. DWORD SectionFileOffsetEnd = SectionFileOffsetStart + LoadedImage.Sections[i].SizeOfRawData;
  365. if (SectionFileOffsetStart && (CertFileOffset < SectionFileOffsetEnd)) {
  366. __leave; // CertData starts before this section - not allowed
  367. }
  368. }
  369. }
  371. // Exclude the Security directory.
  372. ExList.Add((DWORD_PTR) CertDirectory, sizeof(IMAGE_DATA_DIRECTORY));
  374. // Exclude the certs.
  375. ExList.Add((DWORD_PTR)CertFileOffset + (DWORD_PTR)LoadedImage.MappedAddress, CertFileSize);
  377. ExList.Emit((PBYTE) (LoadedImage.MappedAddress), LoadedImage.SizeOfImage);
  378. ErrorCode = ERROR_SUCCESS;
  380. } __except(EXCEPTION_EXECUTE_HANDLER) { }
  383. SetLastError(ErrorCode);
  385. return(ErrorCode == ERROR_SUCCESS ? TRUE : FALSE);
  386. }
  388. #pragma warning (pop)
  391. //+=========================================================================
  392. // The following was taken from the following file:
  393. // \nt\sdktools\debuggers\imagehlp\dice.cxx
  394. //-=========================================================================
  397. BOOL
  398. I_FindCertificate(
  399. IN PLOADED_IMAGE LoadedImage,
  400. IN DWORD Index,
  401. OUT LPWIN_CERTIFICATE * Certificate
  402. )
  403. {
  404. PIMAGE_DATA_DIRECTORY pDataDir;
  405. DWORD_PTR CurrentCert = NULL;
  406. BOOL rc;
  408. if (LoadedImage->fDOSImage) {
  409. // No way this could have a certificate;
  410. return(FALSE);
  411. }
  413. rc = FALSE;
  415. __try {
  416. if (LoadedImage->FileHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
  417. pDataDir = &((PIMAGE_NT_HEADERS32)(LoadedImage->FileHeader))->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
  418. } else if (LoadedImage->FileHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
  419. pDataDir = &((PIMAGE_NT_HEADERS64)(LoadedImage->FileHeader))->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
  420. } else {
  421. __leave; // Not an interesting file type.
  422. }
  424. // Check if the cert pointer is at least reasonable.
  425. if (!pDataDir->VirtualAddress ||
  426. !pDataDir->Size ||
  427. (pDataDir->VirtualAddress + pDataDir->Size > LoadedImage->SizeOfImage))
  428. {
  429. __leave;
  430. }
  432. // We're not looking at an empty security slot or an invalid (past the image boundary) value.
  433. // Let's see if we can find it.
  435. DWORD CurrentIdx = 0;
  436. DWORD_PTR LastCert;
  438. CurrentCert = (DWORD_PTR)(LoadedImage->MappedAddress) + pDataDir->VirtualAddress;
  439. LastCert = CurrentCert + pDataDir->Size;
  441. while (CurrentCert < LastCert ) {
  442. if (CurrentIdx == Index) {
  443. rc = TRUE;
  444. __leave;
  445. }
  446. CurrentIdx++;
  447. CurrentCert += ((LPWIN_CERTIFICATE)CurrentCert)->dwLength;
  448. CurrentCert = (CurrentCert + 7) & ~7; // align it.
  449. }
  450. } __except(EXCEPTION_EXECUTE_HANDLER) { }
  452. if (rc == TRUE) {
  453. *Certificate = (LPWIN_CERTIFICATE)CurrentCert;
  454. }
  456. return(rc);
  457. }
  459. BOOL
  460. WINAPI
  461. imagehack_ImageGetCertificateData(
  462. IN PCRYPT_DATA_BLOB pFileBlob,
  463. IN DWORD CertificateIndex,
  464. OUT LPWIN_CERTIFICATE * Certificate
  465. )
  467. /*++
  469. Routine Description:
  471. Given a specific certificate index, retrieve the certificate data.
  473. Arguments:
  475. FileHandle - Handle to the file in question. The file should be opened
  476. with at least GENERIC_READ access.
  478. CertificateIndex - Index to retrieve
  480. Certificate - Output buffer where the certificate is to be stored.
  482. RequiredLength - Size of the certificate buffer (input). On return, is
  483. set to the actual certificate length. NULL can be used
  484. to determine the size of a certificate.
  486. Return Value:
  488. TRUE - Successful
  490. FALSE - There was some error. Call GetLastError() for more information.
  492. --*/
  494. {
  495. LOADED_IMAGE LoadedImage;
  496. DWORD ErrorCode;
  498. LPWIN_CERTIFICATE ImageCert;
  500. *Certificate = NULL;
  502. // if (I_MapIt(FileHandle, &LoadedImage, MAP_READONLY) == FALSE) {
  503. if (I_MapIt(pFileBlob, &LoadedImage) == FALSE) {
  504. // Unable to map the image.
  505. SetLastError(ERROR_INVALID_PARAMETER);
  506. return(FALSE);
  507. }
  509. ErrorCode = ERROR_INVALID_PARAMETER;
  510. __try {
  511. if (I_FindCertificate(&LoadedImage, CertificateIndex, &ImageCert) == FALSE) {
  512. __leave;
  513. }
  515. *Certificate = ImageCert;
  516. ErrorCode = ERROR_SUCCESS;
  517. } __except(EXCEPTION_EXECUTE_HANDLER) { }
  519. // I_UnMapIt(&LoadedImage);
  521. SetLastError(ErrorCode);
  522. return(ErrorCode == ERROR_SUCCESS ? TRUE: FALSE);
  523. }