// // SIGVERIF.C // #define SIGVERIF_DOT_C #include "sigverif.h" // Allocate our global data structure GAPPDATA g_App; // // Load a resource string into a buffer that is assumed to be MAX_PATH bytes. // void MyLoadString( LPTSTR lpString, ULONG CchStringSize, UINT uId ) { LoadString(g_App.hInstance, uId, lpString, CchStringSize); } // // Pop an OK messagebox with a specific string // void MyMessageBox( LPTSTR lpString ) { TCHAR szBuffer[MAX_PATH]; MyLoadString(szBuffer, cA(szBuffer), IDS_MSGBOX); MessageBox(g_App.hDlg, lpString, szBuffer, MB_OK); } // // Pop an OK messagebox with a resource string ID // void MyMessageBoxId( UINT uId ) { TCHAR szBuffer[MAX_PATH]; MyLoadString(szBuffer, cA(szBuffer), uId); MyMessageBox(szBuffer); } // // Pop an error messagebox with a specific string // void MyErrorBox( LPTSTR lpString ) { TCHAR szBuffer[MAX_PATH]; MyLoadString(szBuffer, cA(szBuffer), IDS_ERRORBOX); MessageBox(g_App.hDlg, lpString, szBuffer, MB_OK); } // // Pop an error messagebox with a resource string ID // void MyErrorBoxId( UINT uId ) { TCHAR szBuffer[MAX_PATH]; MyLoadString(szBuffer, cA(szBuffer), uId); MyErrorBox(szBuffer); } void MyErrorBoxIdWithErrorCode( UINT uId, DWORD ErrorCode ) { TCHAR szBuffer[MAX_PATH]; ULONG cchSize; HRESULT hr; PTSTR errorMessage = NULL; LPVOID lpLastError = NULL; // // Get the error text for the error code. // if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, ErrorCode, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&lpLastError, 0, NULL) != 0) { if (lpLastError) { MyLoadString(szBuffer, cA(szBuffer), uId); cchSize = lstrlen(szBuffer) + lstrlen(lpLastError) + 1; errorMessage = MALLOC(cchSize * sizeof(TCHAR)); if (errorMessage) { hr = StringCchCopy(errorMessage, cchSize, szBuffer); if (SUCCEEDED(hr)) { hr = StringCchCat(errorMessage, cchSize, lpLastError); } // // We want to show the error message, even if the // buffer was truncated. // if (SUCCEEDED(hr) || (hr == STRSAFE_E_INSUFFICIENT_BUFFER)) { MyMessageBox(errorMessage); } FREE(errorMessage); } LocalFree(lpLastError); } } } // // Since Multi-User Windows will give me back a Profile directory, I need to get the real Windows directory // Dlg_OnInitDialog initializes g_App.szWinDir with the real Windows directory, so I just use that. // UINT MyGetWindowsDirectory( LPTSTR lpDirName, UINT DirNameCchSize ) { UINT uRet = 0; if (lpDirName) { if (SUCCEEDED(StringCchCopy(lpDirName, DirNameCchSize, g_App.szWinDir))) { uRet = lstrlen(lpDirName); } else { // // If the directory name can't fit in the buffer that the caller // provided, then set it to 0 (if they provided a buffer of at // least size 1) since we don't want to return a truncated // directory to the caller. // if (DirNameCchSize > 0) { *lpDirName = 0; } uRet = 0; } } return uRet; } // // Initialization of main dialog. // BOOL Dlg_OnInitDialog( HWND hwnd ) { DWORD Err = ERROR_SUCCESS; HKEY hKey; LONG lRes; DWORD dwType, dwFlags, cbData; TCHAR szBuffer[MAX_PATH]; LPTSTR lpCommandLine, lpStart, lpEnd; ULONG cchSize; // // Initialize global hDlg to current hwnd. // g_App.hDlg = hwnd; // // Set the window class to have the icon in the resource file // if (g_App.hIcon) { SetClassLongPtr(hwnd, GCLP_HICON, (LONG_PTR) g_App.hIcon); } // // Make sure the IDC_STATUS control is hidden until something happens. // ShowWindow(GetDlgItem(g_App.hDlg, IDC_STATUS), SW_HIDE); // // Set the range for the custom progress bar to 0-100. // SendMessage(GetDlgItem(g_App.hDlg, IDC_PROGRESS), PBM_SETRANGE, (WPARAM) 0, (LPARAM) MAKELPARAM(0, 100)); // // Set the global lpLogName to the one that's given in the resource file // MyLoadString(g_App.szLogFile, cA(g_App.szLogFile), IDS_LOGNAME); // // Figure out what the real Windows directory is and store it in g_App.szWinDir // This is required because Hydra makes GetWindowsDirectory return a PROFILE directory // // We store the original CurrentDirectory in szBuffer so we can restore it after this hack. // Next we switch into the SYSTEM/SYSTEM32 directory and then into its parent directory. // This is what we want to store in g_App.szWinDir. // GetCurrentDirectory(cA(szBuffer), szBuffer); GetSystemDirectory(g_App.szWinDir, cA(g_App.szWinDir)); SetCurrentDirectory(g_App.szWinDir); SetCurrentDirectory(TEXT("..")); GetCurrentDirectory(cA(g_App.szWinDir), g_App.szWinDir); SetCurrentDirectory(szBuffer); // // Set the global search folder to %WinDir% // MyGetWindowsDirectory(g_App.szScanPath, cA(g_App.szScanPath)); // // Set the global search pattern to "*.*" // MyLoadString(g_App.szScanPattern, cA(g_App.szScanPattern), IDS_ALL); // // Reset the progress bar back to zero percent // SendMessage(GetDlgItem(g_App.hDlg, IDC_PROGRESS), PBM_SETPOS, (WPARAM) 0, (LPARAM) 0); // // By default, we want to turn logging and set the logging mode to OVERWRITE // g_App.bLoggingEnabled = TRUE; g_App.bOverwrite = TRUE; // // Look in the registry for any settings from the last SigVerif session // lRes = RegOpenKeyEx(HKEY_CURRENT_USER, SIGVERIF_KEY, 0, KEY_READ, &hKey); if (lRes == ERROR_SUCCESS) { cbData = sizeof(DWORD); lRes = RegQueryValueEx( hKey, SIGVERIF_FLAGS, NULL, &dwType, (LPBYTE) &dwFlags, &cbData); if (lRes == ERROR_SUCCESS) { g_App.bLoggingEnabled = (dwFlags & 0x1); g_App.bOverwrite = (dwFlags & 0x2); } cbData = sizeof(szBuffer); lRes = RegQueryValueEx( hKey, SIGVERIF_LOGNAME, NULL, &dwType, (LPBYTE) szBuffer, &cbData); if (lRes == ERROR_SUCCESS && dwType == REG_SZ) { // // This should never happen unless the code is changed // so that szBuffer is larger then g_App.szLogFile, but // for safety if we can't copy szBuffer fully into // g_App.szLogFile, then set g_App.szLogFile to 0 so we // don't log to a truncated location. // if (FAILED(StringCchCopy(g_App.szLogFile, cA(g_App.szLogFile), szBuffer))) { g_App.szLogFile[0] = 0; } } RegCloseKey(hKey); } // // If the user specified the LOGDIR flag, we want to create the log // file in that directory. // // // SECURITY: Verify that LOGDIR exists and the user has the correct access // to it, and if they don't then fail up front. // MyLoadString(szBuffer, cA(szBuffer), IDS_LOGDIR); if (SUCCEEDED(StringCchCat(szBuffer, cA(szBuffer), TEXT(":"))) && ((lpStart = MyStrStr(GetCommandLine(), szBuffer)) != NULL)) { lpStart += lstrlen(szBuffer); if (lpStart && *lpStart) { // // The string in lpStart is the directory that we want to log // into. // cchSize = lstrlen(lpStart) + 1; lpCommandLine = MALLOC(cchSize * sizeof(TCHAR)); if (lpCommandLine) { if (SUCCEEDED(StringCchCopy(lpCommandLine, cchSize, lpStart))) { lpStart = lpCommandLine; // // First skip any white space. // while (*lpStart && (isspace(*lpStart))) { lpStart++; } // // We will deal with two cases, one where the path // starts with a quote, and the other where it does // not. // if (*lpStart) { if (*lpStart == TEXT('\"')) { // // The log path starts with a quote. This means that // we will use all of the string until we either hit // the end of the string, or we find another quote. // lpStart++; lpEnd = lpStart; while (*lpEnd && (*lpEnd != TEXT('\"'))) { lpEnd++; } } else { // // The log path does NOT start with a quote, so // use the characters until we come to the end // of the string or a space. // lpEnd = lpStart; while (*lpEnd && (isspace(*lpEnd))) { lpEnd++; } } *lpEnd = TEXT('\0'); if (FAILED(StringCchCopy(g_App.szLogDir, cA(g_App.szLogDir), lpStart))) { // // The user probably typed in too many characters for // the log dir. // Err = ERROR_DIRECTORY; } else { // // Verify that the log dir exists and is a directory. // DWORD attributes; attributes = GetFileAttributes(g_App.szLogDir); if (attributes == INVALID_FILE_ATTRIBUTES) { Err = ERROR_DIRECTORY; } else if (!(attributes & FILE_ATTRIBUTE_DIRECTORY)) { Err = ERROR_DIRECTORY; } } } } FREE(lpCommandLine); } } if (Err != ERROR_SUCCESS) { MyMessageBoxId(IDS_LOGDIRERROR); } } // // By default we will consider Authenticode signed drivers as valid, but // if the user specifies the /NOAUTHENTICODE switch then Authenticode // signed drivers will not be valid. // MyLoadString(szBuffer, cA(szBuffer), IDS_NOAUTHENTICODE); if (MyStrStr(GetCommandLine(), szBuffer)) { g_App.bNoAuthenticode = TRUE; } // // If the user specified the DEFSCAN flag, we want to automatically do a // default scan and log the results. // MyLoadString(szBuffer, cA(szBuffer), IDS_DEFSCAN); if (MyStrStr(GetCommandLine(), szBuffer)) { g_App.bAutomatedScan = TRUE; g_App.bLoggingEnabled = TRUE; // // Now that everything is set up, simulate a click to the START button... // PostMessage(hwnd, WM_COMMAND, MAKEWPARAM(ID_START, 0), (LPARAM) 0); } if (Err == ERROR_SUCCESS) { return TRUE; } else { g_App.LastError = Err; return FALSE; } } // // Build file list according to dialog settings, then verify the files in the list // void WINAPI ProcessFileList(void) { DWORD Err = ERROR_SUCCESS; TCHAR szBuffer[MAX_PATH]; ULONG cchSize; HRESULT hr; // // Set the scanning flag to TRUE, so we don't double-scan // g_App.bScanning = TRUE; // Assume a successfull scan. g_App.LastError = ERROR_SUCCESS; // // Change the "Start" to "Stop" // MyLoadString(szBuffer, cA(szBuffer), IDS_STOP); SetDlgItemText(g_App.hDlg, ID_START, szBuffer); EnableWindow(GetDlgItem(g_App.hDlg, ID_ADVANCED), FALSE); EnableWindow(GetDlgItem(g_App.hDlg, IDCANCEL), FALSE); // // Display the text that says "Building file list..." // MyLoadString(szBuffer, cA(szBuffer), IDS_STATUS_BUILD); SetDlgItemText(g_App.hDlg, IDC_STATUS, szBuffer); // // Make sure the IDC_STATUS text item visible // ShowWindow(GetDlgItem(g_App.hDlg, IDC_STATUS), SW_SHOW); // // Free any memory that we may have allocated for the g_App.lpFileList // DestroyFileList(TRUE); // // Now actually build the g_App.lpFileList list given the dialog settings // if (g_App.bUserScan) { Err = BuildFileList(g_App.szScanPath); } else { if (!g_App.bStopScan && (Err == ERROR_SUCCESS)) { Err = BuildDriverFileList(); } if (!g_App.bStopScan && (Err == ERROR_SUCCESS)) { Err = BuildPrinterFileList(); } if (!g_App.bStopScan && (Err == ERROR_SUCCESS)) { Err = BuildCoreFileList(); } } if (!g_App.bAutomatedScan && (Err != ERROR_SUCCESS) && (Err != ERROR_CANCELLED)) { g_App.LastError = Err; MyErrorBoxIdWithErrorCode(IDS_BUILDLISTERROR, Err); } // // If we encountered an error building the file list then don't bother // scanning the files. // if (Err == ERROR_SUCCESS) { // // Check if there is even a file list to verify. // if (g_App.lpFileList) { if (!g_App.bStopScan) { // // Display the "Scanning File List..." text // MyLoadString(szBuffer, cA(szBuffer), IDS_STATUS_SCAN); SetDlgItemText(g_App.hDlg, IDC_STATUS, szBuffer); // // Reset the progress bar back to zero percent while it's invisible. // SendMessage(GetDlgItem(g_App.hDlg, IDC_PROGRESS), PBM_SETPOS, (WPARAM) 0, (LPARAM) 0); // // WooHoo! Let's display the progress bar and start cranking on the file list! // ShowWindow(GetDlgItem(g_App.hDlg, IDC_PROGRESS), SW_SHOW); VerifyFileList(); ShowWindow(GetDlgItem(g_App.hDlg, IDC_PROGRESS), SW_HIDE); } } else { // // The IDC_NOTMS code displays it's own error message, so only display // an error dialog if we are doing a System Integrity Scan // if (!g_App.bStopScan && !g_App.bUserScan) { MyMessageBoxId(IDS_NOSYSTEMFILES); } } // // Disable the start button while we clean up the g_App.lpFileList // EnableWindow(GetDlgItem(g_App.hDlg, ID_START), FALSE); // // Log the results. Note that sigverif will do this even if we encountered // an error building or scanning the list, since the logfile may help // figure out which file is causing the problem. Only log the results // if we found any files to scan. // if (!g_App.bStopScan) { // // Display the text that says "Writing Log File..." // MyLoadString(szBuffer, cA(szBuffer), IDS_STATUS_LOG); SetDlgItemText(g_App.hDlg, IDC_STATUS, szBuffer); // // Write the results to the log file // if (!PrintFileList()) { // // We failed while logging for some reason, probably permissions // or out of disk space. Let the user know that we could not finish // logging all of the files. // Err = GetLastError(); if (Err != ERROR_SUCCESS) { MyErrorBoxIdWithErrorCode(IDS_LOGERROR, Err); } } } else { // // If the user clicked STOP, let them know about it. // MyMessageBoxId(IDS_SCANSTOPPED); } } // // Display the text that says "Freeing File List..." // MyLoadString(szBuffer, cA(szBuffer), IDS_STATUS_FREE); SetDlgItemText(g_App.hDlg, IDC_STATUS, szBuffer); // // Hide the IDC_STATUS text item so it doesn't cover IDC_STATUS // ShowWindow(GetDlgItem(g_App.hDlg, IDC_STATUS), SW_HIDE); // // Change the "Stop" button back to "Start" // MyLoadString(szBuffer, cA(szBuffer), IDS_START); SetDlgItemText(g_App.hDlg, ID_START, szBuffer); EnableWindow(GetDlgItem(g_App.hDlg, ID_START), TRUE); EnableWindow(GetDlgItem(g_App.hDlg, ID_ADVANCED), TRUE); EnableWindow(GetDlgItem(g_App.hDlg, IDCANCEL), TRUE); // // Free all the memory that we allocated for the g_App.lpFileList // DestroyFileList(FALSE); // // Clear the scanning flag // g_App.bScanning = FALSE; g_App.bStopScan = FALSE; // // If the user started SigVerif with the /DEFSCAN flag, then we exit. // if (g_App.bAutomatedScan) { PostMessage(g_App.hDlg, WM_CLOSE, (WPARAM) 0, (LPARAM) 0); } } // // Spawns a thread to do the scan so the GUI remains responsive. // void Dlg_OnPushStartButton( HWND hwnd ) { HANDLE hThread; DWORD dwThreadId; UNREFERENCED_PARAMETER(hwnd); // // Check if we are already scanning... if so, bail. // if (g_App.bScanning) { return; } // // Create a thread where Search_ProcessFileList can go without tying up the GUI thread. // hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE) ProcessFileList, 0, 0, &dwThreadId); CloseHandle(hThread); } // // Handle any WM_COMMAND messages sent to the search dialog // void Dlg_OnCommand( HWND hwnd, int id, HWND hwndCtl, UINT codeNotify ) { UNREFERENCED_PARAMETER(hwndCtl); UNREFERENCED_PARAMETER(codeNotify); switch(id) { // // The user clicked ID_START, so if we aren't scanning start scanning. // If we are scanning, then stop the tests because the button actually says "Stop" // case ID_START: if (!g_App.bScanning) { Dlg_OnPushStartButton(hwnd); } else if (!g_App.bStopScan) { g_App.bStopScan = TRUE; g_App.LastError = ERROR_CANCELLED; } break; // // The user clicked IDCANCEL, so if the tests are running try to stop them before exiting. // case IDCANCEL: if (g_App.bScanning) { g_App.bStopScan = TRUE; g_App.LastError = ERROR_CANCELLED; } else { SendMessage(hwnd, WM_CLOSE, 0, 0); } break; // Pop up the IDD_SETTINGS dialog so the user can change their log settings. case ID_ADVANCED: if (!g_App.bScanning) { AdvancedPropertySheet(hwnd); } break; } } void SigVerif_Help( HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam, BOOL bContext ) { static DWORD SigVerif_HelpIDs[] = { IDC_SCAN, IDH_SIGVERIF_SEARCH_CHECK_SYSTEM, IDC_NOTMS, IDH_SIGVERIF_SEARCH_LOOK_FOR, IDC_TYPE, IDH_SIGVERIF_SEARCH_SCAN_FILES, IDC_FOLDER, IDH_SIGVERIF_SEARCH_LOOK_IN_FOLDER, IDC_SUBFOLDERS, IDH_SIGVERIF_SEARCH_INCLUDE_SUBFOLDERS, IDC_ENABLELOG, IDH_SIGVERIF_LOGGING_ENABLE_LOGGING, IDC_APPEND, IDH_SIGVERIF_LOGGING_APPEND, IDC_OVERWRITE, IDH_SIGVERIF_LOGGING_OVERWRITE, IDC_LOGNAME, IDH_SIGVERIF_LOGGING_FILENAME, IDC_VIEWLOG, IDH_SIGVERIF_LOGGING_VIEW_LOG, 0,0 }; static DWORD Windows_HelpIDs[] = { ID_BROWSE, IDH_BROWSE, 0,0 }; HWND hItem = NULL; LPHELPINFO lphi = NULL; POINT point; switch (uMsg) { case WM_HELP: lphi = (LPHELPINFO) lParam; if (lphi && (lphi->iContextType == HELPINFO_WINDOW)) { hItem = (HWND) lphi->hItemHandle; } break; case WM_CONTEXTMENU: hItem = (HWND) wParam; point.x = GET_X_LPARAM(lParam); point.y = GET_Y_LPARAM(lParam); if (ScreenToClient(hwnd, &point)) { hItem = ChildWindowFromPoint(hwnd, point); } break; } if (hItem) { if (GetWindowLong(hItem, GWL_ID) == ID_BROWSE) { WinHelp(hItem, (LPCTSTR) WINDOWS_HELPFILE, (bContext ? HELP_CONTEXTMENU : HELP_WM_HELP), (ULONG_PTR) Windows_HelpIDs); } else { WinHelp(hItem, (LPCTSTR) SIGVERIF_HELPFILE, (bContext ? HELP_CONTEXTMENU : HELP_WM_HELP), (ULONG_PTR) SigVerif_HelpIDs); } } } // // The main dialog procedure. Needs to handle WM_INITDIALOG, WM_COMMAND, and WM_CLOSE/WM_DESTROY. // INT_PTR CALLBACK DlgProc( HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam ) { BOOL fProcessed = TRUE; switch (uMsg) { HANDLE_MSG(hwnd, WM_COMMAND, Dlg_OnCommand); case WM_INITDIALOG: fProcessed = Dlg_OnInitDialog(hwnd); break; case WM_CLOSE: if (g_App.bScanning) { g_App.bStopScan = TRUE; g_App.LastError = ERROR_CANCELLED; } else { EndDialog(hwnd, IDCANCEL); } break; default: fProcessed = FALSE; } return fProcessed; } // // Program entry point. Set up for creation of IDD_DIALOG. // WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdParam, int nCmdShow ) { HWND hwnd; TCHAR szAppName[MAX_PATH]; UNREFERENCED_PARAMETER(hPrevInstance); UNREFERENCED_PARAMETER(lpszCmdParam); UNREFERENCED_PARAMETER(nCmdShow); ZeroMemory(&g_App, sizeof(GAPPDATA)); g_App.hInstance = hInstance; // // Look for any existing instances of SigVerif... // MyLoadString(szAppName, cA(szAppName), IDS_SIGVERIF); hwnd = FindWindow(NULL, szAppName); if (!hwnd) { // // We definitely need this for the progress bar, and maybe other stuff too. // InitCommonControls(); // // Register the custom control we use for the progress bar // Progress_InitRegisterClass(); // // Load the icon from the resource file that we will use everywhere // g_App.hIcon = LoadIcon(g_App.hInstance, MAKEINTRESOURCE(IDI_ICON1)); // // Create the IDD_DIALOG and use DlgProc as the main procedure // DialogBox(hInstance, MAKEINTRESOURCE(IDD_DIALOG), NULL, DlgProc); if (g_App.hIcon) { DestroyIcon(g_App.hIcon); g_App.hIcon = NULL; } } else { // // If there is already an instance of SigVerif running, make that one // foreground and we exit. // SetForegroundWindow(hwnd); } // // If we encountered any errors during our scan, then return the error code, // otherwise return 0 if all the files are signed or 1 if we found any // unsigned files. // if (g_App.LastError != ERROR_SUCCESS) { return g_App.LastError; } else { return ((g_App.dwUnsigned > 0) ? 1 : 0); } }