You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
413 lines
11 KiB
413 lines
11 KiB
|
|
|
|
|
|
|
|
#define INITGUID 1
|
|
|
|
#include <nt.h>
|
|
#include <ntdef.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
#include <windows.h>
|
|
#include <partmgrp.h>
|
|
#include <stdio.h>
|
|
#include <stddef.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
|
|
#define PROGRAM_TITLE L"SigCheck - Signature Check Program V0.1"
|
|
|
|
|
|
#define HandleInvalid(_Handle) ((NULL == (_Handle)) || (INVALID_HANDLE_VALUE == (_Handle)))
|
|
|
|
#define GET_STATUS_FROM_BOOL(_bSucceeded) ((_bSucceeded) ? NOERROR : HRESULT_FROM_WIN32 (GetLastError()))
|
|
#define GET_STATUS_FROM_HANDLE(_handle) ((!HandleInvalid(_handle)) ? NOERROR : HRESULT_FROM_WIN32 (GetLastError()))
|
|
#define GET_STATUS_FROM_POINTER(_ptr) ((NULL != (_ptr)) ? NOERROR : E_OUTOFMEMORY)
|
|
|
|
|
|
void PrintResults (PPARTMGR_SIGNATURE_CHECK_DISKS pSignatureCheckBufferDisks);
|
|
|
|
|
|
|
|
PSTR PartitionName = "\\Device\\Harddisk%d\\Partition%d";
|
|
PSTR DeviceName = "Harddisk0";
|
|
|
|
|
|
|
|
VOID PrintError (IN DWORD ErrorCode)
|
|
{
|
|
LPVOID lpMsgBuf;
|
|
ULONG count;
|
|
|
|
count = FormatMessage (FORMAT_MESSAGE_ALLOCATE_BUFFER |
|
|
FORMAT_MESSAGE_FROM_SYSTEM |
|
|
FORMAT_MESSAGE_IGNORE_INSERTS,
|
|
NULL,
|
|
ErrorCode,
|
|
0,
|
|
(LPTSTR) &lpMsgBuf,
|
|
0,
|
|
NULL);
|
|
|
|
if (count != 0)
|
|
{
|
|
printf (" (%d) %s\n", ErrorCode, (LPCTSTR) lpMsgBuf);
|
|
LocalFree (lpMsgBuf);
|
|
}
|
|
else
|
|
{
|
|
printf ("Format message failed. Error: %d\n", GetLastError());
|
|
}
|
|
} // PrintError
|
|
|
|
|
|
|
|
extern "C" __cdecl wmain (int argc, WCHAR *argv [])
|
|
{
|
|
NTSTATUS ntStatus;
|
|
HANDLE fileHandle;
|
|
DWORD accessMode;
|
|
DWORD shareMode;
|
|
DWORD errorCode;
|
|
BOOL failed = FALSE;
|
|
CHAR deviceNameString [128];
|
|
DWORD bytesReturned;
|
|
ULONG bufferLength;
|
|
|
|
|
|
ANSI_STRING objName;
|
|
UNICODE_STRING unicodeName;
|
|
OBJECT_ATTRIBUTES objAttributes;
|
|
IO_STATUS_BLOCK ioStatusBlock;
|
|
|
|
PARTMGR_SIGNATURE_CHECK_EPOCH SignatureCheckBufferEpoch;
|
|
PPARTMGR_SIGNATURE_CHECK_DISKS pSignatureCheckBufferDisks;
|
|
|
|
|
|
|
|
UNREFERENCED_PARAMETER (argc);
|
|
UNREFERENCED_PARAMETER (argv);
|
|
|
|
|
|
//
|
|
// Note it is important to access the device with 0 access mode so that
|
|
// the file open code won't do extra I/O to the device
|
|
//
|
|
shareMode = FILE_SHARE_READ | FILE_SHARE_WRITE;
|
|
accessMode = GENERIC_READ | GENERIC_WRITE;
|
|
|
|
strcpy (deviceNameString, "\\\\.\\");
|
|
strcat (deviceNameString, DeviceName);
|
|
|
|
fileHandle = CreateFileA (deviceNameString,
|
|
accessMode,
|
|
shareMode,
|
|
NULL,
|
|
OPEN_EXISTING,
|
|
0,
|
|
NULL);
|
|
|
|
if (fileHandle == INVALID_HANDLE_VALUE)
|
|
{
|
|
errorCode = GetLastError ();
|
|
if ((errorCode == ERROR_PATH_NOT_FOUND) ||
|
|
(errorCode == ERROR_FILE_NOT_FOUND))
|
|
{
|
|
strcpy (deviceNameString, "\\Device\\");
|
|
strcat (deviceNameString, DeviceName);
|
|
RtlInitString (&objName, deviceNameString);
|
|
|
|
ntStatus = RtlAnsiStringToUnicodeString (&unicodeName,
|
|
&objName,
|
|
TRUE);
|
|
|
|
if (!NT_SUCCESS(ntStatus))
|
|
{
|
|
printf ("Error converting device name %s to unicode. Error: %lx\n",
|
|
deviceNameString,
|
|
ntStatus);
|
|
|
|
return -1;
|
|
}
|
|
|
|
|
|
InitializeObjectAttributes (&objAttributes,
|
|
&unicodeName,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL,
|
|
NULL);
|
|
|
|
ntStatus = NtCreateFile (&fileHandle,
|
|
SYNCHRONIZE | FILE_READ_DATA | FILE_WRITE_DATA,
|
|
&objAttributes,
|
|
&ioStatusBlock,
|
|
NULL,
|
|
FILE_ATTRIBUTE_NORMAL,
|
|
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
|
FILE_OPEN,
|
|
0,
|
|
NULL,
|
|
0);
|
|
|
|
if (!NT_SUCCESS (ntStatus))
|
|
{
|
|
failed = TRUE;
|
|
}
|
|
|
|
RtlFreeUnicodeString (&unicodeName);
|
|
}
|
|
else
|
|
{
|
|
printf ("Error opening %s. Error: %d\n",
|
|
deviceNameString,
|
|
errorCode = GetLastError());
|
|
|
|
PrintError (errorCode);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
|
|
if (failed)
|
|
{
|
|
strcpy (deviceNameString, "\\Device\\");
|
|
strcat (deviceNameString, DeviceName);
|
|
strcat(deviceNameString, "\\Partition0");
|
|
|
|
RtlInitString (&objName, deviceNameString);
|
|
|
|
ntStatus = RtlAnsiStringToUnicodeString (&unicodeName,
|
|
&objName,
|
|
TRUE);
|
|
|
|
if (!NT_SUCCESS(ntStatus))
|
|
{
|
|
printf("Error converting device name %s to unicode. Error: %lx\n",
|
|
deviceNameString, ntStatus);
|
|
return -1;
|
|
}
|
|
|
|
|
|
InitializeObjectAttributes (&objAttributes,
|
|
&unicodeName,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL,
|
|
NULL);
|
|
|
|
ntStatus = NtCreateFile (&fileHandle,
|
|
SYNCHRONIZE | FILE_READ_DATA | FILE_WRITE_DATA,
|
|
&objAttributes,
|
|
&ioStatusBlock,
|
|
NULL,
|
|
FILE_ATTRIBUTE_NORMAL,
|
|
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
|
FILE_OPEN,
|
|
0,
|
|
NULL,
|
|
0);
|
|
|
|
if (!NT_SUCCESS (ntStatus))
|
|
{
|
|
printf("Error opening device %ws. Error: %lx.\n",
|
|
unicodeName.Buffer, ntStatus );
|
|
return -1;
|
|
}
|
|
|
|
|
|
RtlFreeUnicodeString (&unicodeName);
|
|
}
|
|
|
|
|
|
//printf("Accessing %s ... \n", deviceNameString);
|
|
|
|
|
|
bufferLength = sizeof (PARTMGR_SIGNATURE_CHECK_DISKS) + sizeof (ULONG) * 10;
|
|
|
|
pSignatureCheckBufferDisks = (PPARTMGR_SIGNATURE_CHECK_DISKS) malloc (bufferLength);
|
|
|
|
|
|
SignatureCheckBufferEpoch.RequestEpoch = PARTMGR_REQUEST_CURRENT_DISK_EPOCH;
|
|
|
|
failed = !DeviceIoControl (fileHandle,
|
|
IOCTL_PARTMGR_NOTIFY_SIGNATURE_CHECK,
|
|
&SignatureCheckBufferEpoch,
|
|
sizeof (SignatureCheckBufferEpoch),
|
|
pSignatureCheckBufferDisks,
|
|
bufferLength,
|
|
&bytesReturned,
|
|
FALSE);
|
|
|
|
if (failed)
|
|
{
|
|
printf ("Error performing Claim; error was %d\n", errorCode = GetLastError());
|
|
PrintError (errorCode);
|
|
return errorCode;
|
|
}
|
|
else
|
|
{
|
|
PrintResults (pSignatureCheckBufferDisks);
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
SignatureCheckBufferEpoch.RequestEpoch = 9999999;
|
|
|
|
failed = !DeviceIoControl (fileHandle,
|
|
IOCTL_PARTMGR_NOTIFY_SIGNATURE_CHECK,
|
|
&SignatureCheckBufferEpoch,
|
|
sizeof (SignatureCheckBufferEpoch),
|
|
pSignatureCheckBufferDisks,
|
|
bufferLength,
|
|
&bytesReturned,
|
|
FALSE);
|
|
|
|
if (failed)
|
|
{
|
|
printf ("Error performing Claim; error was %d\n", errorCode = GetLastError());
|
|
PrintError (errorCode);
|
|
// return errorCode;
|
|
}
|
|
else
|
|
{
|
|
PrintResults (pSignatureCheckBufferDisks);
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
SignatureCheckBufferEpoch.RequestEpoch = PARTMGR_REQUEST_CURRENT_DISK_EPOCH;
|
|
|
|
failed = !DeviceIoControl (fileHandle,
|
|
IOCTL_PARTMGR_NOTIFY_SIGNATURE_CHECK,
|
|
&SignatureCheckBufferEpoch,
|
|
sizeof (SignatureCheckBufferEpoch),
|
|
pSignatureCheckBufferDisks,
|
|
bufferLength,
|
|
&bytesReturned,
|
|
FALSE);
|
|
|
|
if (failed)
|
|
{
|
|
printf ("Error performing Claim; error was %d\n", errorCode = GetLastError());
|
|
PrintError (errorCode);
|
|
return errorCode;
|
|
}
|
|
else
|
|
{
|
|
PrintResults (pSignatureCheckBufferDisks);
|
|
}
|
|
|
|
|
|
|
|
if (pSignatureCheckBufferDisks->CurrentEpoch > 0)
|
|
{
|
|
SignatureCheckBufferEpoch.RequestEpoch = pSignatureCheckBufferDisks->CurrentEpoch - 1;
|
|
|
|
|
|
failed = !DeviceIoControl (fileHandle,
|
|
IOCTL_PARTMGR_NOTIFY_SIGNATURE_CHECK,
|
|
&SignatureCheckBufferEpoch,
|
|
sizeof (SignatureCheckBufferEpoch),
|
|
pSignatureCheckBufferDisks,
|
|
bufferLength,
|
|
&bytesReturned,
|
|
FALSE);
|
|
|
|
if (failed)
|
|
{
|
|
printf ("Error performing Claim; error was %d\n", errorCode = GetLastError());
|
|
PrintError (errorCode);
|
|
return errorCode;
|
|
}
|
|
else
|
|
{
|
|
PrintResults (pSignatureCheckBufferDisks);
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
SignatureCheckBufferEpoch.RequestEpoch = 0;
|
|
|
|
failed = !DeviceIoControl (fileHandle,
|
|
IOCTL_PARTMGR_NOTIFY_SIGNATURE_CHECK,
|
|
&SignatureCheckBufferEpoch,
|
|
sizeof (SignatureCheckBufferEpoch),
|
|
pSignatureCheckBufferDisks,
|
|
bufferLength,
|
|
&bytesReturned,
|
|
FALSE);
|
|
|
|
if (failed)
|
|
{
|
|
printf ("Error performing Claim; error was %d\n", errorCode = GetLastError());
|
|
PrintError (errorCode);
|
|
return errorCode;
|
|
}
|
|
else
|
|
{
|
|
PrintResults (pSignatureCheckBufferDisks);
|
|
}
|
|
|
|
|
|
|
|
|
|
SignatureCheckBufferEpoch.RequestEpoch = pSignatureCheckBufferDisks->CurrentEpoch;
|
|
|
|
failed = !DeviceIoControl (fileHandle,
|
|
IOCTL_PARTMGR_NOTIFY_SIGNATURE_CHECK,
|
|
&SignatureCheckBufferEpoch,
|
|
sizeof (SignatureCheckBufferEpoch),
|
|
pSignatureCheckBufferDisks,
|
|
bufferLength,
|
|
&bytesReturned,
|
|
FALSE);
|
|
|
|
if (failed)
|
|
{
|
|
printf ("Error performing Claim; error was %d\n", errorCode = GetLastError());
|
|
PrintError (errorCode);
|
|
return errorCode;
|
|
}
|
|
else
|
|
{
|
|
PrintResults (pSignatureCheckBufferDisks);
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ntStatus = NtCancelIoFile (fileHandle, &ioStatusBlock);
|
|
|
|
ntStatus = NtClose (fileHandle);
|
|
|
|
return ERROR_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
void PrintResults (PPARTMGR_SIGNATURE_CHECK_DISKS pSignatureCheckBufferDisks)
|
|
{
|
|
ULONG disk;
|
|
|
|
printf ("Returned Values\n"
|
|
"\tCurrent Epoch: 0x%08x\n"
|
|
"\tHighest Epoch for returned disks: 0x%08x\n"
|
|
"\tNumber of disks returned: 0x%08x\n"
|
|
"\tDisks\n",
|
|
pSignatureCheckBufferDisks->CurrentEpoch,
|
|
pSignatureCheckBufferDisks->HighestDiskEpochReturned,
|
|
pSignatureCheckBufferDisks->DiskNumbersReturned);
|
|
|
|
for (disk = 0; disk < pSignatureCheckBufferDisks->DiskNumbersReturned; disk++)
|
|
{
|
|
printf ("\t\t0x%08x\n", pSignatureCheckBufferDisks->DiskNumber [disk]);
|
|
}
|
|
}
|