archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/win32/verifier/settings.c

484 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  5. Module Name:
  7. settings.c
  9. Abstract:
  11. This module implements interfaces for enabling application
  12. verifier flags persistently (registry).
  14. Author:
  16. Silviu Calinoiu (SilviuC) 17-Apr-2001
  18. Revision History:
  20. --*/
  22. //
  23. // IMPORTANT NOTE.
  24. //
  25. // This dll cannot contain non-ntdll dependencies. This way it allows
  26. // verifier to be run system wide including for processes like smss and csrss.
  27. //
  28. // This explains why we load dynamically advapi32 dll and pick up the functions
  29. // for registry manipulation. It is safe to do that for interfaces that set
  30. // flags because they are called only in contexts where it is safe to load
  31. // additional dlls.
  32. //
  34. #include "pch.h"
  36. #include "verifier.h"
  37. #include "settings.h"
  38. #include "support.h"
  40. //
  41. // Handy functions exported by ntdll.dll
  42. //
  43. int __cdecl sscanf(const char *, const char *, ...);
  44. int __cdecl swprintf(wchar_t *, const wchar_t *, ...);
  46. //
  47. // Signatures for registry functions
  48. //
  50. typedef LONG (APIENTRY * PFN_REG_CREATE_KEY) (HKEY, LPCWSTR, DWORD, LPWSTR, DWORD, REGSAM, LPSECURITY_ATTRIBUTES, PHKEY, LPDWORD);
  51. typedef LONG (APIENTRY * PFN_REG_CLOSE_KEY)(HKEY);
  52. typedef LONG (APIENTRY * PFN_REG_QUERY_VALUE) (HKEY, LPCWSTR, LPDWORD, LPDWORD, LPBYTE, LPDWORD);
  53. typedef LONG (APIENTRY * PFN_REG_SET_VALUE) (HKEY, LPCWSTR, DWORD, DWORD, CONST BYTE *, DWORD);
  54. typedef LONG (APIENTRY * PFN_REG_DELETE_VALUE) (HKEY, LPCWSTR);
  56. //
  57. // Dynamically detected registry functions
  58. //
  60. PFN_REG_CREATE_KEY FnRegCreateKey;
  61. PFN_REG_CLOSE_KEY FnRegCloseKey;
  62. PFN_REG_QUERY_VALUE FnRegQueryValue;
  63. PFN_REG_SET_VALUE FnRegSetValue;
  64. PFN_REG_DELETE_VALUE FnRegDeleteValue;
  66. //
  67. // Registry path to `image file execution options' key
  68. //
  70. #define EXECUTION_OPTIONS_KEY L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\"
  72. //
  73. // Internal functions
  74. //
  76. NTSTATUS
  77. AVrfpGetRegistryInterfaces (
  78. PVOID DllHandle
  79. );
  81. HKEY
  82. AVrfpOpenImageKey (
  83. PWSTR Name
  84. );
  86. VOID
  87. AVrfpCloseImageKey (
  88. HKEY Key
  89. );
  91. BOOL
  92. AVrfpReadGlobalFlags (
  93. HKEY Key,
  94. PDWORD Value
  95. );
  97. BOOL
  98. AVrfpWriteGlobalFlags (
  99. HKEY Key,
  100. DWORD Value
  101. );
  103. BOOL
  104. AVrfpDeleteGlobalFlags (
  105. HKEY Key
  106. );
  108. BOOL
  109. AVrfpReadVerifierFlags (
  110. HKEY Key,
  111. PDWORD Value
  112. );
  114. BOOL
  115. AVrfpWriteVerifierFlags (
  116. HKEY Key,
  117. DWORD Value
  118. );
  120. BOOL
  121. AVrfpDeleteVerifierFlags (
  122. HKEY Key
  123. );
  126. NTSTATUS
  127. VerifierSetFlags (
  128. PUNICODE_STRING ApplicationName,
  129. ULONG VerifierFlags,
  130. PVOID Details
  131. )
  132. /*++
  134. Routine Description:
  136. This routine enables persistently (through registry) application
  137. verifier flags for a specified application.
  139. Arguments:
  141. ApplicationName - name of the application to be verifier. The path should
  142. not be included. The extension should be included. Some examples of
  143. correct names are: `services.exe', `logon.scr'. Incorrect examples are:
  144. `c:\winnt\system32\notepad.exe' or just `notepad'. If we persist a setting
  145. for `xxx.exe' then every time a process whose binary is xxx.exe is launched
  146. application verifier will kick in no matter in what user context or from what
  147. disk location this happens.
  149. VerifierFlags - bit field with verifier flags to be enabled. The legal bits are
  150. declared in sdk\inc\nturtl.h (and winnt.h) as constants names RTL_VRF_FLG_XXX.
  151. For example RTL_VRF_FLG_FULL_PAGE_HEAP. If a zero value is used then all
  152. registry values related to verifier will b e deleted from registry.
  154. Details - Ignored right now. In the future this structure will support various
  155. extensions of the API (e.g. page heap flags, per dll page heap settings, etc.).
  157. Return Value:
  159. STATUS_SUCCESS if all flags requested have been enabled. It can return
  160. STATUS_NOT_IMPLEMENTED if one of the flags requested is not yet implemented
  161. or we decided to block it internally due to a bug. It can also return
  162. STATUS_INVALID_PARAMETER if the application name or other parameters
  163. are ill-formed.
  165. --*/
  166. {
  167. NTSTATUS Status;
  168. UNICODE_STRING AdvapiName;
  169. PVOID AdvapiHandle;
  170. HKEY Key;
  171. DWORD Flags;
  173. UNREFERENCED_PARAMETER (Details);
  175. if (ApplicationName == NULL || ApplicationName->Buffer == NULL) {
  176. return STATUS_INVALID_PARAMETER;
  177. }
  179. //
  180. // Load advapi32.dll and get registry manipulation functions.
  181. //
  183. RtlInitUnicodeString (&AdvapiName, L"advapi32.dll");
  184. Status = LdrLoadDll (NULL, NULL, &AdvapiName, &AdvapiHandle);
  186. if (!NT_SUCCESS(Status)) {
  187. return Status;
  188. }
  190. Status = AVrfpGetRegistryInterfaces (AdvapiHandle);
  192. if (!NT_SUCCESS(Status)) {
  193. goto Exit;
  194. }
  196. //
  197. // Open `image file execution options\xxx.exe' key. If the key does not
  198. // exist it will be created.
  199. //
  201. Key = AVrfpOpenImageKey (ApplicationName->Buffer);
  203. if (Key == NULL) {
  204. Status = STATUS_INVALID_PARAMETER;
  205. goto Exit;
  206. }
  208. //
  209. // Create verifier settings.
  210. //
  212. if (VerifierFlags == 0) {
  214. Flags = 0;
  215. AVrfpReadGlobalFlags (Key, &Flags);
  216. Flags &= ~FLG_APPLICATION_VERIFIER;
  218. if (Flags == 0) {
  219. AVrfpDeleteGlobalFlags (Key);
  220. }
  221. else {
  222. AVrfpWriteGlobalFlags (Key, Flags);
  223. }
  225. AVrfpDeleteVerifierFlags (Key);
  226. }
  227. else {
  229. Flags = 0;
  230. AVrfpReadGlobalFlags (Key, &Flags);
  231. Flags |= FLG_APPLICATION_VERIFIER;
  232. AVrfpWriteGlobalFlags (Key, Flags);
  234. Flags = VerifierFlags;
  235. AVrfpWriteVerifierFlags (Key, Flags);
  236. }
  238. //
  239. // Cleanup and return.
  240. //
  242. AVrfpCloseImageKey (Key);
  244. Exit:
  246. LdrUnloadDll (AdvapiHandle);
  248. return Status;
  249. }
  251. NTSTATUS
  252. AVrfpGetRegistryInterfaces (
  253. PVOID AdvapiHandle
  254. )
  255. {
  256. NTSTATUS Status;
  257. ANSI_STRING FunctionName;
  258. PVOID FunctionAddress;
  260. RtlInitAnsiString (&FunctionName, "RegCreateKeyExW");
  261. Status = LdrGetProcedureAddress (AdvapiHandle, &FunctionName, 0, &FunctionAddress);
  263. if (!NT_SUCCESS(Status)) {
  264. return Status;
  265. }
  267. FnRegCreateKey = (PFN_REG_CREATE_KEY)FunctionAddress;
  269. RtlInitAnsiString (&FunctionName, "RegCloseKey");
  270. Status = LdrGetProcedureAddress (AdvapiHandle, &FunctionName, 0, &FunctionAddress);
  272. if (!NT_SUCCESS(Status)) {
  273. return Status;
  274. }
  276. FnRegCloseKey = (PFN_REG_CLOSE_KEY)FunctionAddress;
  278. RtlInitAnsiString (&FunctionName, "RegQueryValueExW");
  279. Status = LdrGetProcedureAddress (AdvapiHandle, &FunctionName, 0, &FunctionAddress);
  281. if (!NT_SUCCESS(Status)) {
  282. return Status;
  283. }
  285. FnRegQueryValue = (PFN_REG_QUERY_VALUE)FunctionAddress;
  287. RtlInitAnsiString (&FunctionName, "RegSetValueExW");
  288. Status = LdrGetProcedureAddress (AdvapiHandle, &FunctionName, 0, &FunctionAddress);
  290. if (!NT_SUCCESS(Status)) {
  291. return Status;
  292. }
  294. FnRegSetValue = (PFN_REG_SET_VALUE)FunctionAddress;
  296. RtlInitAnsiString (&FunctionName, "RegDeleteValueW");
  297. Status = LdrGetProcedureAddress (AdvapiHandle, &FunctionName, 0, &FunctionAddress);
  299. if (!NT_SUCCESS(Status)) {
  300. return Status;
  301. }
  303. FnRegDeleteValue = (PFN_REG_DELETE_VALUE)FunctionAddress;
  305. return Status;
  306. }
  308. HKEY
  309. AVrfpOpenImageKey (
  310. PWSTR Name
  311. )
  312. {
  313. HKEY Key;
  314. LONG Result;
  315. WCHAR Buffer [MAX_PATH];
  317. wcscpy (Buffer, EXECUTION_OPTIONS_KEY);
  319. wcsncat (Buffer,
  320. Name,
  321. (sizeof (Buffer) / sizeof (Buffer[0])) - wcslen(Buffer) - 1);
  323. Buffer[(sizeof (Buffer) / sizeof (Buffer[0])) - 1] = 0;
  325. Result = FnRegCreateKey (HKEY_LOCAL_MACHINE,
  326. Buffer,
  327. 0,
  328. 0,
  329. 0,
  330. KEY_ALL_ACCESS,
  331. NULL,
  332. &Key,
  333. NULL);
  335. if (Result != ERROR_SUCCESS) {
  336. return NULL;
  337. }
  338. else {
  339. return Key;
  340. }
  341. }
  343. VOID
  344. AVrfpCloseImageKey (
  345. HKEY Key
  346. )
  347. {
  348. FnRegCloseKey (Key);
  349. }
  351. BOOL
  352. AVrfpReadGlobalFlags (
  353. HKEY Key,
  354. PDWORD Value
  355. )
  356. {
  357. LONG Result;
  358. DWORD Type;
  359. BYTE Buffer[32];
  360. BYTE Buffer2[32];
  361. DWORD BytesRead;
  362. DWORD FlagValue;
  363. DWORD I;
  365. BytesRead = sizeof Buffer;
  367. Result = FnRegQueryValue (Key,
  368. L"GlobalFlag",
  369. 0,
  370. &Type,
  371. (LPBYTE)Buffer,
  372. &BytesRead);
  374. if (Result != ERROR_SUCCESS || Type != REG_SZ) {
  376. DbgPrint ("AVRF: settings: result %u \n",
  377. Result);
  379. return FALSE;
  380. }
  381. else {
  383. for (I = 0; Buffer[2 * I] != L'\0'; I += 1) {
  384. Buffer2[I] = Buffer[2 * I];
  385. }
  387. Buffer2[I] = 0;
  388. FlagValue = 0;
  390. if( sscanf ((const char *)Buffer2, "%x", &FlagValue) == 1 && Value != NULL ) {
  392. *Value = FlagValue;
  393. }
  395. return TRUE;
  396. }
  397. }
  399. BOOL
  400. AVrfpWriteGlobalFlags (
  401. HKEY Key,
  402. DWORD Value
  403. )
  404. {
  405. LONG Result;
  406. WCHAR Buffer[16];
  407. DWORD Length;
  409. swprintf (Buffer, L"0x%08X", Value);
  410. Length = (DWORD)((wcslen(Buffer) + 1) * sizeof (WCHAR));
  412. Result = FnRegSetValue (Key,
  413. L"GlobalFlag",
  414. 0,
  415. REG_SZ,
  416. (LPBYTE)Buffer,
  417. Length);
  419. return (Result == ERROR_SUCCESS);
  420. }
  422. BOOL
  423. AVrfpDeleteGlobalFlags (
  424. HKEY Key
  425. )
  426. {
  427. LONG Result;
  429. Result = FnRegDeleteValue (Key, L"GlobalFlag");
  430. return (Result == ERROR_SUCCESS);
  431. }
  433. BOOL
  434. AVrfpReadVerifierFlags (
  435. HKEY Key,
  436. PDWORD Value
  437. )
  438. {
  439. LONG Result;
  440. DWORD Type;
  441. DWORD BytesRead;
  443. BytesRead = sizeof *Value;
  445. Result = FnRegQueryValue (Key,
  446. L"VerifierValue",
  447. 0,
  448. &Type,
  449. (LPBYTE)Value,
  450. &BytesRead);
  452. return (Result == ERROR_SUCCESS && Type != REG_DWORD);
  453. }
  455. BOOL
  456. AVrfpWriteVerifierFlags (
  457. HKEY Key,
  458. DWORD Value
  459. )
  460. {
  461. LONG Result;
  463. Result = FnRegSetValue (Key,
  464. L"VerifierFlags",
  465. 0,
  466. REG_DWORD,
  467. (LPBYTE)(&Value),
  468. sizeof Value);
  470. return (Result == ERROR_SUCCESS);
  471. }
  473. BOOL
  474. AVrfpDeleteVerifierFlags (
  475. HKEY Key
  476. )
  477. {
  478. LONG Result;
  480. Result = FnRegDeleteValue (Key, L"VerifierFlags");
  481. return (Result == ERROR_SUCCESS);
  482. }