archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/windows/appcompat/shims/layer/win2kpropagatelayer_wowtask...

1006 lines
26 KiB
Raw Permalink Blame History

/*++
Copyright (c) 2000 Microsoft Corporation
Module Name:
WoWTask.cpp
Abstract:
Functions that retrieve process-history related information from
16-bit environment. This includes the retrieval of the correct
__PROCESS_HISTORY that was passed in from the parent (32-bit)process
and tracing the process history through WOW
Notes:
History:
10/26/00 VadimB Created
--*/
#include "precomp.h"
IMPLEMENT_SHIM_BEGIN(Win2kPropagateLayer)
#include "ShimHookMacro.h"
#include "Win2kPropagateLayer.h"
typedef struct tagFINDWOWTASKDATA {
BOOL bFound;
DWORD dwProcessId;
DWORD dwThreadId;
WORD hMod16;
WORD hTask16;
} FINDWOWTASKDATA, *PFINDWOWTASKDATA;
//
// Dynamically Linked apis
//
// from WOW32.dll
//
typedef LPVOID (WINAPI *PFNWOWGetVDMPointer)(DWORD vp,
DWORD dwBytes,
BOOL fProtectedMode);
//
// from vdmdbg.dll - defined in the header file
//
//
typedef INT (WINAPI *PFNVDMEnumTaskWOW)(DWORD dwProcessId,
TASKENUMPROC fp,
LPARAM lparam);
//
// Api importing -- modules
//
WCHAR g_wszWOW32ModName[] = L"wow32.dll";
WCHAR g_wszVdmDbgModName[] = L"VdmDbg.dll";
//
// Api importing - module handles and function pointers
//
HMODULE g_hWow32;
HMODULE g_hVdmDbg;
BOOL g_bInitialized; // set to true when imports are initialized
PFNWOWGetVDMPointer g_pfnWOWGetVDMPointer;
PFNVDMEnumTaskWOW g_pfnVDMEnumTaskWOW;
extern BOOL* g_pSeparateWow;
//
// function in this module to import apis
//
BOOL ImportWowApis(VOID);
//
// Marcro to access 16-bit memory
//
#define SEGPTR(seg,off) ((g_pfnWOWGetVDMPointer)((((ULONG)seg) << 16) | (off), 0, TRUE))
//
// task enum proc, called back from vdmdbg
//
BOOL WINAPI MyTaskEnumProc(
DWORD dwThreadId,
WORD hMod16,
WORD hTask16,
LPARAM lParam
)
{
PFINDWOWTASKDATA pFindData = (PFINDWOWTASKDATA)lParam;
if (dwThreadId == pFindData->dwThreadId) {
pFindData->hMod16 = hMod16;
pFindData->hTask16 = hTask16;
pFindData->bFound = TRUE;
return TRUE;
}
return FALSE;
}
BOOL FindWowTask(
DWORD dwProcessId,
DWORD dwThreadId,
PFINDWOWTASKDATA pFindData
)
{
RtlZeroMemory(pFindData, sizeof(*pFindData));
pFindData->dwProcessId = dwProcessId;
pFindData->dwThreadId = dwThreadId;
g_pfnVDMEnumTaskWOW(dwProcessId, (TASKENUMPROC)MyTaskEnumProc, (LPARAM)pFindData);
return pFindData->bFound;
}
//
// get the pointer to task database block from hTask
//
PTDB
GetTDB(
WORD wTDB
)
{
PTDB pTDB;
pTDB = (PTDB)SEGPTR(wTDB, 0);
if (NULL == pTDB || TDB_SIGNATURE != pTDB->TDB_sig) {
LOGN(
eDbgLevelError,
"[GetTDB] TDB is invalid for task 0x%x",
(DWORD)wTDB);
return NULL;
}
return pTDB;
}
//
// GetModName
// wTDB - TDB entry
// szModName - pointer to the buffer that receives module name
// buffer should be at least 9 characters long
//
// returns FALSE if the entry is invalid
BOOL
GetModName(
WORD wTDB,
PCH szModName
)
{
PTDB pTDB;
PCH pch;
pTDB = GetTDB(wTDB);
if (NULL == pTDB) {
return FALSE;
}
RtlCopyMemory(szModName, pTDB->TDB_ModName, 8 * sizeof(CHAR)); // we have modname now
szModName[8] = '\0';
pch = &szModName[8];
while (--pch >= szModName && *pch == ' ') {
*pch = 0;
}
if( pch < szModName ) {
return FALSE;
}
return TRUE;
}
//
// ShimGetTaskFileName
// IN wTask - 16-bit task handle
// Returns:
// Fully qualified exe that is running in this task's context
//
PSZ
ShimGetTaskFileName(
WORD wTask
)
{
PSZ pszFileName = NULL;
PTDB pTDB;
pTDB = GetTDB(wTask);
if (NULL == pTDB) {
// this is really bad -- the module is invalid, debug output is generated by GetTDB
return pszFileName;
}
if (NULL == pTDB->TDB_pModule) {
LOGN(
eDbgLevelError,
"[ShimGetTaskFileName] module pointer is NULL for 0x%x",
(DWORD)wTask);
return pszFileName;
}
pszFileName = (PSZ)SEGPTR(pTDB->TDB_pModule, (*(WORD *)SEGPTR(pTDB->TDB_pModule, 10)) + 8);
return pszFileName;
}
PSZ
ShimGetTaskEnvptr(
WORD hTask16
)
{
PTDB pTDB = GetTDB(hTask16);
PSZ pszEnv = NULL;
PDOSPDB pPSP;
if (NULL == pTDB) {
LOGN( eDbgLevelError,
"[ShimGetTaskEnvptr] Bad TDB entry 0x%x", hTask16);
return NULL;
}
//
// Prepare environment data - this buffer is used when we're starting a new task from the
// root of the chain (as opposed to spawning from an existing 16-bit task)
//
pPSP = (PDOSPDB)SEGPTR(pTDB->TDB_PDB, 0); // psp
if (pPSP != NULL) {
pszEnv = (PCH)SEGPTR(pPSP->PDB_environ, 0);
}
return pszEnv;
}
// IsWowExec
// IN wTDB - entry into the task database
// Returns:
// TRUE if this particular entry points to WOWEXEC
//
// Note:
// WOWEXEC is a special stub module that always runs on NTVDM
// new tasks are spawned by wowexec (in the most typical case)
// it is therefore the "root" module and it's environment's contents
// should not be counted, since we don't know what was ntvdm's parent process
//
BOOL
IsWOWExec(
WORD wTDB
)
{
PTDB pTDB;
CHAR szModName[9];
pTDB = GetTDB(wTDB);
if (NULL == pTDB) {
LOGN(
eDbgLevelError,
"[IsWOWExec] Bad TDB entry 0x%x",
(DWORD)wTDB);
return FALSE;
}
if (!GetModName(wTDB, szModName)) { // can we get modname ?
LOGN(
eDbgLevelError,
"[IsWOWExec] GetModName failed.");
return FALSE;
}
return (0 == _strcmpi(szModName, "wowexec")); // is the module named WOWEXEC ?
}
//
// ImportWowApis
// Function imports necessary apis from wow32.dll and vdmdbg.dll
//
//
BOOL
ImportWowApis(
VOID
)
{
g_hWow32 = LoadLibraryW(g_wszWOW32ModName);
if (g_hWow32 == NULL) {
LOGN(
eDbgLevelError,
"[ImportWowApis] Failed to load wow32.dll Error 0x%x",
GetLastError());
goto Fail;
}
g_pfnWOWGetVDMPointer = (PFNWOWGetVDMPointer)GetProcAddress(g_hWow32, "WOWGetVDMPointer");
if (g_pfnWOWGetVDMPointer == NULL) {
LOGN(
eDbgLevelError,
"[ImportWowApis] Failed to get address of WOWGetVDMPointer Error 0x%x",
GetLastError());
goto Fail;
}
g_hVdmDbg = LoadLibraryW(g_wszVdmDbgModName);
if (g_hVdmDbg == NULL) {
LOGN(
eDbgLevelError,
"[ImportWowApis] Failed to load vdmdbg.dll Error 0x%x",
GetLastError());
goto Fail;
}
g_pfnVDMEnumTaskWOW = (PFNVDMEnumTaskWOW)GetProcAddress(g_hVdmDbg, "VDMEnumTaskWOW");
if (g_pfnVDMEnumTaskWOW == NULL) {
LOGN(
eDbgLevelError,
"[ImportWowApis] Failed to get address of VDMEnumTaskWOW Error 0x%x",
GetLastError());
goto Fail;
}
g_bInitialized = TRUE;
return TRUE;
Fail:
if (g_hWow32) {
FreeLibrary(g_hWow32);
g_hWow32 = NULL;
}
if (g_hVdmDbg) {
FreeLibrary(g_hVdmDbg);
g_hVdmDbg = NULL;
}
g_pfnWOWGetVDMPointer = NULL;
g_pfnVDMEnumTaskWOW = NULL;
return FALSE;
}
/////////////////////////////////////////////////////////////////////////////////////////////
//
//
// WOWTaskList
//
// We maintain a shadow list of running wow tasks complete with respective process history and
// inherited process history
//
//
typedef struct tagWOWTASKLISTITEM* PWOWTASKLISTITEM;
typedef struct tagWOWTASKLISTITEM {
WORD hTask16; // 16-bit tdb entry
DWORD dwThreadId; // thread id of the task
WOWENVDATA EnvData; // environment data (process history, compat layer, etc)
PWOWTASKLISTITEM pTaskNext;
} WOWTASKLISTITEM;
PWOWTASKLISTITEM g_pWowTaskList;
/*++
FindWowTaskInfo
IN hTask16 16-bit task's handle
IN dwThreadId OPTIONAL 32-bit thread id of the task, might be 0
Returns: pointer to the task information structure
--*/
PWOWTASKLISTITEM
FindWowTaskInfo(
WORD hTask16,
DWORD dwThreadId
)
{
PWOWTASKLISTITEM pTask = g_pWowTaskList;
while (NULL != pTask) {
if (hTask16 == pTask->hTask16) {
if (dwThreadId == 0 || dwThreadId == pTask->dwThreadId) {
break;
}
}
pTask = pTask->pTaskNext;
}
return pTask;
}
/*++
UpdateWowTaskList
IN hTask16 16-bit task's handle
Returns: True if the task was added successfully
Note: wowexec is not among the "legitimate" tasks
--*/
BOOL
UpdateWowTaskList(
WORD hTask16
)
{
PTDB pTDB;
WORD wTaskParent;
PWOWTASKLISTITEM pTaskParent = NULL;
LPSTR lpszFileName;
PSZ pszEnv;
WOWENVDATA EnvData;
PWOWENVDATA pData = NULL;
DWORD dwLength;
PWOWTASKLISTITEM pTaskNew;
PCH pBuffer;
PDOSPDB pPSP;
BOOL bSuccess;
//
// see that we are initialized, import apis
//
if (!g_bInitialized) { // first call, link apis
bSuccess = ImportWowApis();
if (!bSuccess) {
LOGN(
eDbgLevelError,
"[UpdateWowTaskList] Failed to import apis.");
return FALSE;
}
}
//
// If this task is WOWEXEC -- just return, it's not an error condition, but we don't need
// wowexec in our list
//
if (IsWOWExec(hTask16)) { // this is ok, we don't want wowexec
return FALSE;
}
//
// next, see what the parent item is, to do so -- access it through TDB
//
pTDB = GetTDB(hTask16);
if (NULL == pTDB) {
LOGN(
eDbgLevelError,
"[UpdateWowTaskList] Bad TDB entry 0x%x",
hTask16);
return FALSE;
}
//
// Prepare environment data - this buffer is used when we're starting a new task from the
// root of the chain (as opposed to spawning from an existing 16-bit task)
//
RtlZeroMemory(&EnvData, sizeof(EnvData));
pData = &EnvData;
wTaskParent = pTDB->TDB_Parent;
if (IsWOWExec(wTaskParent) || GetTDB(wTaskParent) == NULL) {
//
// Root task, extract process history, compat layer, etc
//
pszEnv = NULL;
pPSP = (PDOSPDB)SEGPTR(pTDB->TDB_PDB, 0); // psp
if (pPSP != NULL) {
pszEnv = (PCH)SEGPTR(pPSP->PDB_environ, 0);
}
//
// we have a pointer to the current environment here, pData is initialized
//
if (pszEnv != NULL) {
pData->pszProcessHistory = ShimFindEnvironmentVar(g_szProcessHistoryVar,
pszEnv,
&pData->pszProcessHistoryVal);
pData->pszCompatLayer = ShimFindEnvironmentVar(g_szCompatLayerVar,
pszEnv,
&pData->pszCompatLayerVal);
pData->pszShimFileLog = ShimFindEnvironmentVar(g_szShimFileLogVar,
pszEnv,
&pData->pszShimFileLogVal);
}
} else {
//
// Not a root task, find parent process
//
pTaskParent = FindWowTaskInfo(wTaskParent, 0); // we can't determine which thread owns the task
if (pTaskParent == NULL) {
//
// something is very wrong
// we can't inherit
//
LOGN(
eDbgLevelError,
"[UpdateWowTaskList] Task 0x%x is not root but parent not listed 0x%x",
(DWORD)hTask16,
(DWORD)wTaskParent);
//
// we still allow building up process history. The initial variables will be empty
//
} else {
//
// inherit everything from the parent and add it's module name (later)
//
pData = &pTaskParent->EnvData;
}
}
//
// Get the filename involved
//
//
lpszFileName = ShimGetTaskFileName(hTask16);
//
// now calculate how much space is required to hold all of the data
//
dwLength = sizeof(WOWTASKLISTITEM) +
(NULL == pData->pszProcessHistory ? 0 : (strlen(pData->pszProcessHistory) + 1) * sizeof(CHAR)) +
(NULL == pData->pszCompatLayer ? 0 : (strlen(pData->pszCompatLayer) + 1) * sizeof(CHAR)) +
(NULL == pData->pszShimFileLog ? 0 : (strlen(pData->pszShimFileLog) + 1) * sizeof(CHAR)) +
(NULL == pData->pszCurrentProcessHistory ? 0 : (strlen(pData->pszCurrentProcessHistory) + 2) * sizeof(CHAR)) +
(NULL == lpszFileName ? 0 : (strlen(lpszFileName) + 1) * sizeof(CHAR));
pTaskNew = (PWOWTASKLISTITEM)ShimMalloc(dwLength);
if (pTaskNew == NULL) {
LOGN(
eDbgLevelError,
"[UpdateWowTaskList] failed to allocate 0x%x bytes",
dwLength);
return FALSE;
}
RtlZeroMemory(pTaskNew, dwLength);
//
// now this entry has to be setup
// process history is first
//
pBuffer = (PCH)(pTaskNew + 1);
// Keep track of how much of the buffer is left.
size_t cchRemaining = dwLength - sizeof(WOWTASKLISTITEM);
pTaskNew->hTask16 = hTask16;
pTaskNew->dwThreadId = GetCurrentThreadId();
if (pData->pszProcessHistory != NULL) {
//
// Copy process history. The processHistoryVal is a pointer into the buffer
// pointed to by pszProcessHistory: __PROCESS_HISTORY=c:\foo;c:\docs~1\install
// then pszProcessHistoryVal will point here ---------^
//
// we are copying the data and moving the pointer using the calculated offset
pTaskNew->EnvData.pszProcessHistory = pBuffer;
StringCchCopyExA(pTaskNew->EnvData.pszProcessHistory, cchRemaining, pData->pszProcessHistory, NULL, &cchRemaining, 0);
pTaskNew->EnvData.pszProcessHistoryVal = pTaskNew->EnvData.pszProcessHistory +
(INT)(pData->pszProcessHistoryVal - pData->pszProcessHistory);
//
// There is enough space in the buffer to accomodate all the strings, so
// move pointer past current string to point at the "empty" space
//
pBuffer += strlen(pData->pszProcessHistory) + 1;
}
if (pData->pszCompatLayer != NULL) {
pTaskNew->EnvData.pszCompatLayer = pBuffer;
StringCchCopyExA(pTaskNew->EnvData.pszCompatLayer, cchRemaining, pData->pszCompatLayer, NULL, &cchRemaining, 0);
pTaskNew->EnvData.pszCompatLayerVal = pTaskNew->EnvData.pszCompatLayer +
(INT)(pData->pszCompatLayerVal - pData->pszCompatLayer);
pBuffer += strlen(pData->pszCompatLayer) + 1;
}
if (pData->pszShimFileLog != NULL) {
pTaskNew->EnvData.pszShimFileLog = pBuffer;
StringCchCopyExA(pTaskNew->EnvData.pszShimFileLog, cchRemaining, pData->pszShimFileLog, NULL, &cchRemaining, 0);
pTaskNew->EnvData.pszShimFileLogVal = pTaskNew->EnvData.pszShimFileLog +
(INT)(pData->pszShimFileLogVal - pData->pszShimFileLog);
pBuffer += strlen(pData->pszShimFileLog) + 1;
}
if (pData->pszCurrentProcessHistory != NULL || lpszFileName != NULL) {
//
// Now process history
//
pTaskNew->EnvData.pszCurrentProcessHistory = pBuffer;
if (pData->pszCurrentProcessHistory != NULL) {
StringCchCopyExA(pTaskNew->EnvData.pszCurrentProcessHistory, cchRemaining, pData->pszCurrentProcessHistory, NULL, &cchRemaining, 0);
if (lpszFileName != NULL ) {
StringCchCatExA(pTaskNew->EnvData.pszCurrentProcessHistory, cchRemaining, ";", NULL, &cchRemaining, 0);
}
}
if (lpszFileName != NULL) {
StringCchCatA(pTaskNew->EnvData.pszCurrentProcessHistory, cchRemaining, lpszFileName);
}
}
LOGN(
eDbgLevelInfo,
"[UpdateWowTaskList] Running : \"%s\"",
lpszFileName);
LOGN(
eDbgLevelInfo,
"[UpdateWowTaskList] ProcessHistory : \"%s\"",
pTaskNew->EnvData.pszCurrentProcessHistory);
LOGN(
eDbgLevelInfo,
"[UpdateWowTaskList] BaseProcessHistory: \"%s\"",
pTaskNew->EnvData.pszProcessHistory);
LOGN(
eDbgLevelInfo,
"[UpdateWowTaskList] CompatLayer : \"%s\"",
pTaskNew->EnvData.pszCompatLayer);
//
// We are done, link the entry into the list
//
pTaskNew->pTaskNext = g_pWowTaskList;
g_pWowTaskList = pTaskNew;
return TRUE;
}
/*++
CleanupWowTaskList
IN hTask16 16-bit task handle that is to be removed from the list of running tasks
Returns : TRUE if the function succeeds
--*/
BOOL
CleanupWowTaskList(
WORD hTask16
)
{
PWOWTASKLISTITEM pTask = g_pWowTaskList;
PWOWTASKLISTITEM pTaskPrev = NULL;
while (pTask != NULL) {
if (pTask->hTask16 == hTask16) {
// this is the item
break;
}
pTaskPrev = pTask;
pTask = pTask->pTaskNext;
}
if (pTask == NULL) {
LOGN(
eDbgLevelError,
"[CleanupWowTaskList] Failed to locate task information for 0x%x",
(DWORD)hTask16);
return FALSE;
}
if (pTaskPrev == NULL) {
g_pWowTaskList = pTask->pTaskNext;
} else {
pTaskPrev->pTaskNext = pTask->pTaskNext;
}
ShimFree(pTask);
return TRUE;
}
/*++
ShimRetrieveVariablesEx
IN pData Structure that receives pointers to all the relevant environment information
for the calling thread. The threads are scheduled non-preemptively by user and
threadid is used to identify the calling 16-bit task
All the real work on information retrieval is done in UpdateWowTaskList
Returns: TRUE if success
--*/
BOOL
ShimRetrieveVariablesEx(
PWOWENVDATA pData
)
{
DWORD dwProcessId = GetCurrentProcessId();
DWORD dwThreadId = GetCurrentThreadId();
PWOWTASKLISTITEM pTask;
FINDWOWTASKDATA FindData;
WORD hTask;
BOOL bSuccess;
RtlZeroMemory(pData, sizeof(*pData));
if (!g_bInitialized) { // first call, link apis
bSuccess = ImportWowApis();
if (!bSuccess) {
LOGN(
eDbgLevelError,
"[ShimRetrieveVariablesEx] Failed to import apis.");
return FALSE;
}
}
if (!FindWowTask(dwProcessId, dwThreadId, &FindData)) {
LOGN(
eDbgLevelError,
"[ShimRetrieveVariablesEx] Task not found ProcessId 0x%x ThreadId 0x%x",
dwProcessId,
dwThreadId);
return FALSE;
}
hTask = FindData.hTask16;
pTask = FindWowTaskInfo(hTask, dwThreadId);
if (pTask == NULL) {
LOGN(
eDbgLevelError,
"[ShimRetrieveVariablesEx] Failed to locate wow task.");
return FALSE;
}
//
// Found this one. Copy the info.
//
RtlMoveMemory(pData, &pTask->EnvData, sizeof(*pData));
return TRUE;
}
/*++
ShimThisProcess
Function invokes Shim Engine for dynamic shimming of the current process
Which happens to be ntvdm, naturally. This ntvdm is a separate ntvdm
(which is insured through various checks in CheckAndShimNTVDM)
--*/
BOOL
ShimThisProcess(
HMODULE hModShimEngine,
HSDB hSDB,
SDBQUERYRESULT* pQueryResult
)
{
typedef BOOL (WINAPI *PFNDynamicShim)(LPCWSTR , HSDB , SDBQUERYRESULT*, LPCSTR, LPDWORD);
PFNDynamicShim pfnDynamicShim = NULL;
WCHAR wszFileName[MAX_PATH];
DWORD dwLength;
DWORD dwDynamicToken = 0;
pfnDynamicShim = (PFNDynamicShim) GetProcAddress(hModShimEngine, "SE_DynamicShim");
if (NULL == pfnDynamicShim) {
LOGN( eDbgLevelError,
"[ShimThisProcess] failed to obtain dynamic shim proc address\n");
return FALSE;
}
dwLength = GetModuleFileNameW(GetModuleHandle(NULL), wszFileName, CHARCOUNT(wszFileName));
if (!dwLength || dwLength == CHARCOUNT(wszFileName)) {
LOGN( eDbgLevelError,
"[ShimThisProcess] failed to obtain module file name\n");
return FALSE;
}
return pfnDynamicShim(wszFileName, hSDB, pQueryResult, NULL, &dwDynamicToken);
}
/*++
CheckAndShimNTVDM
Procedure checks ntvdm application for having to be shimmed. If an application is located in
appcompat database, this ntvdm would have to be running as a separate ntvdm (explorer is shimmed as
well, as a result it will have checked the binary first and set the separate vdm flag in CreateProcess)
Further, this call comes through InitTask (intercepted between ntvdm and user32) -- as a parameter it
takes hTask16 - which we're able to use to retrieve application's environment and other important
information.
--*/
BOOL
CheckAndShimNTVDM(
WORD hTask16
)
{
HMODULE hModShimEngine;
CString csTaskFileName;
PSZ pszEnv = NULL;
PTDB pTDB = NULL;
PVOID pEnvNew = NULL;
BOOL bSuccess = FALSE;
BOOL bMatch;
BOOL bNewEnv = FALSE;
HSDB hSDB;
NTSTATUS Status;
SDBQUERYRESULT QueryResult;
DWORD dwFlags;
hModShimEngine = GetModuleHandle(TEXT("shim.dll"));
if (hModShimEngine == NULL) {
// impossible -- shim.dll is not injected!!!
return FALSE;
}
if (g_pSeparateWow != NULL && *g_pSeparateWow == FALSE) {
//
// not a separate wow
//
LOGN( eDbgLevelError,
"[CheckAndShimNTVDM] running in shared wow, no shimming\n");
return FALSE;
}
if (!g_bInitialized) { // first call, link apis
bSuccess = ImportWowApis();
if (!bSuccess) {
LOGN( eDbgLevelError,
"[CheckAndShimNTVDM] Failed to import apis.\n");
return FALSE;
}
}
if (IsWOWExec(hTask16)) {
LOGN( eDbgLevelError,
"[CheckAndShimNTVDM] not touching wowexec\n");
return FALSE;
}
csTaskFileName = ShimGetTaskFileName(hTask16);
if (csTaskFileName.IsEmpty()) {
LOGN( eDbgLevelError,
"[CheckAndShimNTVDM] failed to get the filename for task 0x%lx\n", hTask16);
return FALSE;
}
//
// init database
//
hSDB = SdbInitDatabase(0, NULL);
if (hSDB == NULL) {
LOGN( eDbgLevelError,
"[CheckAndShimNTVDM] failed to init shim database\n");
return FALSE;
}
//
// process history please --
// if we end up here, we are a separate ntvdm
// running with a process history in the env, was retrieved in init
//
pTDB = GetTDB(hTask16);
if (NULL == pTDB) {
LOGN( eDbgLevelError, "[UpdateWowTaskList] Bad TDB entry 0x%x", hTask16);
return FALSE;
}
//
// Prepare environment data - this buffer is used when we're starting a new task from the
// root of the chain (as opposed to spawning from an existing 16-bit task)
//
pszEnv = ShimGetTaskEnvptr(hTask16);
if (NULL != pszEnv) {
Status = ShimCloneEnvironment(&pEnvNew, (LPVOID)pszEnv, FALSE);
if (!NT_SUCCESS(Status)) {
LOGN( eDbgLevelError,
"[CheckAndShimNTVDM] cannot clone environment 0x%lx\n", Status);
pEnvNew = NULL;
bNewEnv = TRUE;
}
//
// if this call has come the way of VDM - we need to carry over our environment stuff
// which is stored separately in this shim
//
// should the call to ShimCloneEnvironment fail, we will have pEnvNew == NULL
// and bNewEnv = TRUE, as a result, we shall try again to clone the environment
dwFlags = CREATE_UNICODE_ENVIRONMENT;
pEnvNew = ShimCreateWowEnvironment_U(pEnvNew, &dwFlags, bNewEnv);
}
//
// run detection please
//
bMatch = SdbGetMatchingExe(hSDB,
(LPCWSTR)csTaskFileName,
NULL, // we can give out module name as well -- but WHY?
(LPCWSTR)pEnvNew,
0,
&QueryResult);
if (bMatch) {
bSuccess = ShimThisProcess(hModShimEngine, hSDB, &QueryResult);
}
if (pEnvNew != NULL) {
ShimFreeEnvironment(pEnvNew);
}
return bSuccess;
}
IMPLEMENT_SHIM_END