archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/windows/appcompat/tools/demoapp/exe/extend.cpp

390 lines
7.8 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  5. Module Name:
  7. Extend.cpp
  9. Abstract:
  11. Contains a list of extended bad functions.
  12. These are not compatibility problems, but
  13. can be used for training purposes.
  15. Notes:
  17. ANSI only - must run on Win9x.
  19. History:
  21. 05/16/01 rparsons Created
  22. 01/10/02 rparsons Revised
  24. --*/
  25. #include "demoapp.h"
  27. extern APPINFO g_ai;
  29. /*++
  31. Routine Description:
  33. Performs a simple access violation.
  35. Arguments:
  37. None.
  39. Return Value:
  41. None.
  43. --*/
  44. void
  45. AccessViolation(
  46. void
  47. )
  48. {
  49. // We could perform hundreds of different operations to get an
  50. // access violation. The one below attempts to copy the string
  51. // 'foo' to a NULL address.
  53. memcpy(NULL, "foo", 3);
  55. /* Here's another:
  57. WCHAR szArray[10];
  58. int nCount = 0;
  60. for (nCount = 0; nCount != 12; nCount++)
  61. {
  62. wcscpy((LPWSTR)szArray[nCount], L"A");
  63. }*/
  64. }
  66. /*++
  68. Routine Description:
  70. Throws a EXCEPTION_ARRAY_BOUNDS_EXCEEDED exception.
  72. Arguments:
  74. None.
  76. Return Value:
  78. None.
  80. --*/
  82. //
  83. // Disable the warning: 'frame pointer register 'ebp' modified by
  84. // inline assembly code. We're doing this intentionally.
  85. //
  86. #pragma warning( disable : 4731 )
  88. void
  89. ExceedArrayBounds(
  90. void
  91. )
  92. {
  93. _asm {
  95. push ebp; // Save the base pointer
  96. mov ebp, esp; // Set up the stack frame
  97. sub esp, 8; // Adjust for 8 bytes worth of
  98. // local variables
  99. push ebx; // Save EBX for later
  100. mov dword ptr [ebp-8], 1; // Initialize a DWORD to 1
  101. mov dword ptr [ebp-4], 2; // Initialize a DWORD to 2
  102. mov eax, 0; // Zero out EAX
  103. bound eax, [ebp-8]; // If [ebp-8] is out of EAX bounds,
  104. // an exception will occur
  105. xor eax, eax; // Zero out EAX
  106. pop ebx; // Restore EBX from earlier
  107. mov esp, ebp; // Restore the stack frame
  108. pop ebp; // Restore the base pointer
  109. ret; // We're done
  110. }
  111. }
  113. #pragma warning( default : 4731 )
  115. /*++
  117. Routine Description:
  119. Frees memory allocated from the heap twice.
  121. Arguments:
  123. None.
  125. Return Value:
  127. None.
  129. --*/
  130. void
  131. FreeMemoryTwice(
  132. void
  133. )
  134. {
  135. LPSTR lpMem = NULL;
  137. lpMem = (LPSTR)HeapAlloc(GetProcessHeap(), 0, MAX_PATH);
  139. if (!lpMem) {
  140. return;
  141. }
  143. HeapFree(GetProcessHeap(), 0, lpMem);
  144. HeapFree(GetProcessHeap(), 0, lpMem);
  145. }
  147. /*++
  149. Routine Description:
  151. Allocates memory from the heap, moves the pointer,
  152. then tries to free it.
  154. Arguments:
  156. None.
  158. Return Value:
  160. None.
  162. --*/
  163. void
  164. FreeInvalidMemory(
  165. void
  166. )
  167. {
  168. LPSTR lpMem = NULL;
  170. lpMem = (LPSTR)HeapAlloc(GetProcessHeap(), 0, MAX_PATH);
  172. if (!lpMem) {
  173. return;
  174. }
  176. lpMem++;
  177. lpMem++;
  179. HeapFree(GetProcessHeap(), 0, lpMem);
  180. }
  182. /*++
  184. Routine Description:
  186. Executes a privileged instruction, which causes an exception.
  188. Arguments:
  190. None.
  192. Return Value:
  194. None.
  196. --*/
  197. void
  198. PrivilegedInstruction(
  199. void
  200. )
  201. {
  202. _asm {
  203. cli;
  204. }
  205. }
  207. /*++
  209. Routine Description:
  211. Allocates memory from the heap, then walks all over it.
  213. Arguments:
  215. None.
  217. Return Value:
  219. None.
  221. --*/
  222. void
  223. HeapCorruption(
  224. void
  225. )
  226. {
  227. UINT n, nTotalChars;
  228. char szCorruptChars[] = {'B','A','D','A','P','P','#'};
  229. char* pChar = NULL;
  231. //
  232. // Allocate a small block of heap to contain a string of length STRINGLENGTH.
  233. //
  234. pChar = (char*)GlobalAlloc(GPTR, 13);
  236. if (!pChar) {
  237. return;
  238. } else {
  239. //
  240. // Determine the total number of chars to copy (including Corrupt Bytes)
  241. //
  242. nTotalChars = 12 + 1;
  244. //
  245. // Write a string of STRINGLENGTH length, plus some extra (common mistake).
  246. //
  247. for (n = 0; n < nTotalChars; n++) {
  248. //
  249. // Write the characters of CorruptChars into memory.
  250. //
  251. if (n < (UINT)12) {
  252. pChar[n] = szCorruptChars[n % 6];
  253. } else {
  254. //
  255. // Corruption will be written with a nice pattern of # chars...
  256. //
  257. pChar[n] = szCorruptChars[6];
  258. }
  259. }
  261. //
  262. // Of course, we should NULL terminate the string.
  263. //
  264. pChar[n] = 0;
  266. GlobalFree((HGLOBAL)pChar);
  267. }
  268. }
  270. /*++
  272. Routine Description:
  274. Launches a child process (version.exe) which is embedded
  275. within our DLL.
  277. Arguments:
  279. cchSize - Size of the output buffer in characters.
  280. pszOutputFile - Points to a buffer that will be filled
  281. with the path to the output file.
  283. Return value:
  285. On success, pszOutputFile points to the file.
  286. On failure, pszOutputFile is NULL.
  288. --*/
  289. void
  290. ExtractExeFromLibrary(
  291. IN DWORD cchSize,
  292. OUT LPSTR pszOutputFile
  293. )
  294. {
  295. HRSRC hRes;
  296. HANDLE hFile;
  297. HRESULT hr;
  298. HGLOBAL hLoaded = NULL;
  299. BOOL bResult = FALSE;
  300. HMODULE hModule = NULL;
  301. PVOID pExeData = NULL;
  302. DWORD cbFileSize, cbWritten, cchBufSize;
  304. __try {
  305. //
  306. // Find the temp directory and set up a path to
  307. // the file that we'll be creating.
  308. //
  309. cchBufSize = GetTempPath(cchSize, pszOutputFile);
  311. if (cchBufSize > cchSize || cchBufSize == 0) {
  312. __leave;
  313. }
  315. hr = StringCchCat(pszOutputFile, cchSize, "version.exe");
  317. if (FAILED(hr)) {
  318. __leave;
  319. }
  321. //
  322. // Obtain a handle to the resource and lock it so we can write
  323. // the bits to a file.
  324. //
  325. hModule = LoadLibraryEx("demodll.dll",
  326. NULL,
  327. LOAD_LIBRARY_AS_DATAFILE);
  329. if (!hModule) {
  330. __leave;
  331. }
  333. hRes = FindResource(hModule, (LPCSTR)105, "EXE");
  335. if (!hRes) {
  336. __leave;
  337. }
  339. cbFileSize = SizeofResource(hModule, hRes);
  341. if (cbFileSize == 0) {
  342. __leave;
  343. }
  345. hLoaded = LoadResource(hModule, hRes);
  347. if (!hLoaded) {
  348. __leave;
  349. }
  351. pExeData = LockResource(hLoaded);
  353. if (!pExeData) {
  354. __leave;
  355. }
  357. hFile = CreateFile(pszOutputFile,
  358. GENERIC_WRITE,
  359. 0,
  360. NULL,
  361. CREATE_ALWAYS,
  362. FILE_ATTRIBUTE_NORMAL,
  363. NULL);
  365. if (INVALID_HANDLE_VALUE == hFile) {
  366. __leave;
  367. }
  369. WriteFile(hFile, (LPCVOID)pExeData, cbFileSize, &cbWritten, NULL);
  370. CloseHandle(hFile);
  372. bResult = TRUE;
  374. } // __try
  376. __finally {
  378. if (hModule) {
  379. FreeLibrary(hModule);
  380. }
  382. if (hLoaded) {
  383. UnlockResource(hLoaded);
  384. }
  386. if (!bResult) {
  387. *pszOutputFile = 0;
  388. }
  389. }
  390. }