Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

587 lines
16 KiB

#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windows.h>
#include <ole2.h>
#include <stdio.h>
#include <stdlib.h>
#include "wmium.h"
#define OffsetToPtr(Base, Offset) ((PBYTE)((PBYTE)Base + Offset))
//
// The routines below were blantenly stolen without remorse from the ole
// sources in \nt\private\ole32\com\class\compapi.cxx. They are copied here
// so that WMI doesn't need to load in ole32 only to convert a guid string
// into its binary representation.
//
//+-------------------------------------------------------------------------
//
// Function: HexStringToDword (private)
//
// Synopsis: scan lpsz for a number of hex digits (at most 8); update lpsz
// return value in Value; check for chDelim;
//
// Arguments: [lpsz] - the hex string to convert
// [Value] - the returned value
// [cDigits] - count of digits
//
// Returns: TRUE for success
//
//--------------------------------------------------------------------------
BOOL HexStringToDword(LPCSTR lpsz, DWORD * RetValue,
int cDigits, WCHAR chDelim)
{
int Count;
DWORD Value;
Value = 0;
for (Count = 0; Count < cDigits; Count++, lpsz++)
{
if (*lpsz >= '0' && *lpsz <= '9')
Value = (Value << 4) + *lpsz - '0';
else if (*lpsz >= 'A' && *lpsz <= 'F')
Value = (Value << 4) + *lpsz - 'A' + 10;
else if (*lpsz >= 'a' && *lpsz <= 'f')
Value = (Value << 4) + *lpsz - 'a' + 10;
else
return(FALSE);
}
*RetValue = Value;
if (chDelim != 0)
return *lpsz++ == chDelim;
else
return TRUE;
}
//+-------------------------------------------------------------------------
//
// Function: wUUIDFromString (internal)
//
// Synopsis: Parse UUID such as 00000000-0000-0000-0000-000000000000
//
// Arguments: [lpsz] - Supplies the UUID string to convert
// [pguid] - Returns the GUID.
//
// Returns: TRUE if successful
//
//--------------------------------------------------------------------------
BOOL wUUIDFromString(LPCSTR lpsz, LPGUID pguid)
{
DWORD dw;
if (!HexStringToDword(lpsz, &pguid->Data1, sizeof(DWORD)*2, '-'))
return FALSE;
lpsz += sizeof(DWORD)*2 + 1;
if (!HexStringToDword(lpsz, &dw, sizeof(WORD)*2, '-'))
return FALSE;
lpsz += sizeof(WORD)*2 + 1;
pguid->Data2 = (WORD)dw;
if (!HexStringToDword(lpsz, &dw, sizeof(WORD)*2, '-'))
return FALSE;
lpsz += sizeof(WORD)*2 + 1;
pguid->Data3 = (WORD)dw;
if (!HexStringToDword(lpsz, &dw, sizeof(BYTE)*2, 0))
return FALSE;
lpsz += sizeof(BYTE)*2;
pguid->Data4[0] = (BYTE)dw;
if (!HexStringToDword(lpsz, &dw, sizeof(BYTE)*2, '-'))
return FALSE;
lpsz += sizeof(BYTE)*2+1;
pguid->Data4[1] = (BYTE)dw;
if (!HexStringToDword(lpsz, &dw, sizeof(BYTE)*2, 0))
return FALSE;
lpsz += sizeof(BYTE)*2;
pguid->Data4[2] = (BYTE)dw;
if (!HexStringToDword(lpsz, &dw, sizeof(BYTE)*2, 0))
return FALSE;
lpsz += sizeof(BYTE)*2;
pguid->Data4[3] = (BYTE)dw;
if (!HexStringToDword(lpsz, &dw, sizeof(BYTE)*2, 0))
return FALSE;
lpsz += sizeof(BYTE)*2;
pguid->Data4[4] = (BYTE)dw;
if (!HexStringToDword(lpsz, &dw, sizeof(BYTE)*2, 0))
return FALSE;
lpsz += sizeof(BYTE)*2;
pguid->Data4[5] = (BYTE)dw;
if (!HexStringToDword(lpsz, &dw, sizeof(BYTE)*2, 0))
return FALSE;
lpsz += sizeof(BYTE)*2;
pguid->Data4[6] = (BYTE)dw;
if (!HexStringToDword(lpsz, &dw, sizeof(BYTE)*2, 0))
return FALSE;
lpsz += sizeof(BYTE)*2;
pguid->Data4[7] = (BYTE)dw;
return TRUE;
}
//+-------------------------------------------------------------------------
//
// Function: wGUIDFromString (internal)
//
// Synopsis: Parse GUID such as {00000000-0000-0000-0000-000000000000}
//
// Arguments: [lpsz] - the guid string to convert
// [pguid] - guid to return
//
// Returns: TRUE if successful
//
//--------------------------------------------------------------------------
BOOL wGUIDFromString(LPCSTR lpsz, LPGUID pguid)
{
DWORD dw;
if (*lpsz == '{' )
lpsz++;
if(wUUIDFromString(lpsz, pguid) != TRUE)
return FALSE;
lpsz +=36;
if (*lpsz == '}' )
lpsz++;
if (*lpsz != '\0') // check for zero terminated string - test bug #18307
{
return FALSE;
}
return TRUE;
}
PTCHAR GuidToString(
PTCHAR s,
LPGUID piid
)
{
wsprintf(s, TEXT("%x-%x-%x-%x%x%x%x%x%x%x%x"),
piid->Data1, piid->Data2,
piid->Data3,
piid->Data4[0], piid->Data4[1],
piid->Data4[2], piid->Data4[3],
piid->Data4[4], piid->Data4[5],
piid->Data4[6], piid->Data4[7]);
return(s);
}
#if 0
void WackOnFile(void)
{
ULONG Status;
HANDLE FH;
FH = CreateFile("e:\\foo.baz",
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (FH != INVALID_HANDLE_VALUE)
{
Status = ERROR_SUCCESS;
CloseHandle(FH);
} else {
Status = GetLastError();
}
printf("CreateFile --> %d\n", Status);
}
void CheckOwnPriv(
void
)
{
UCHAR Buffer[4096];
HANDLE TokenHandle;
ULONG SizeNeeded;
BOOL b;
ULONG i;
PTOKEN_PRIVILEGES TokenPrivInfo;
if (! ImpersonateSelf(SecurityImpersonation))
{
printf("Impersonatself -> %d\n", GetLastError());
return;
}
b = OpenThreadToken(GetCurrentThread(),
TOKEN_QUERY,
TRUE,
&TokenHandle);
if (! b)
{
printf("OpenThreadToken failed %d\n", GetLastError());
return;
}
printf("OpenThreadToken succeeded\n");
TokenPrivInfo = (PTOKEN_PRIVILEGES)Buffer;
b = GetTokenInformation(TokenHandle,
TokenPrivileges,
TokenPrivInfo,
sizeof(Buffer),
&SizeNeeded);
printf("GetTokenInformation(YokenPriv) -> %s (%d), sizeNeeded = %d\n",
b ? "TRUE" : "FALSE", GetLastError(),
SizeNeeded);
RevertToSelf();
if (b)
{
printf("Priv count is %d\n", TokenPrivInfo->PrivilegeCount);
for (i = 0; i < TokenPrivInfo->PrivilegeCount; i++)
{
UCHAR PrivName[1024];
ULONG SizePrivName = sizeof(PrivName);
if ( ! LookupPrivilegeName(NULL,
&TokenPrivInfo->Privileges[i].Luid,
PrivName,
&SizePrivName))
{
sprintf(PrivName, "[Error %d]", GetLastError());
}
printf("Priv %s %x%x has attr %x\n",
PrivName,
TokenPrivInfo->Privileges[i].Luid.HighPart,
TokenPrivInfo->Privileges[i].Luid.LowPart,
TokenPrivInfo->Privileges[i].Attributes);
}
printf("\n");
}
}
PCHAR SidUsage[] =
{
"SidTypeZero",
"SidTypeUser",
"SidTypeGroup",
"SidTypeDomain",
"SidTypeAlias",
"SidTypeWellKnownGroup",
"SidTypeDeletedAccount",
"SidTypeInvalid",
"SidTypeUnknown",
"SidTypeComputer",
};
void GetCallerInfo(BOOLEAN Impersonating)
{
UCHAR Buffer[4096];
PTOKEN_USER TokenUserInfo = (PTOKEN_USER)Buffer;
PSID_AND_ATTRIBUTES SidAndAttributes = &TokenUserInfo->User;
PSID Sid;
HANDLE TokenHandle;
ULONG SizeNeeded;
BOOLEAN b;
CHAR Name[MAX_PATH];
CHAR Domain[MAX_PATH];
ULONG NameSize = sizeof(Name);
ULONG DomainSize = sizeof(Domain);
SID_NAME_USE SidNameUse;
ULONG i;
PUCHAR SidBuffer;
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
PTOKEN_PRIVILEGES TokenPrivInfo;
SidBuffer = malloc(RtlLengthRequiredSid( 1 ));
RtlInitializeSid( SidBuffer, &NtAuthority, 1);
*(RtlSubAuthoritySid( SidBuffer, 0 )) = SECURITY_LOCAL_SYSTEM_RID;
b = OpenThreadToken(GetCurrentThread(),
TOKEN_QUERY,
TRUE,
&TokenHandle);
if (! b)
{
printf("OpenThreadToken failed %d\n", GetLastError());
return;
}
printf("OpenThreadToken succeeded\n");
TokenPrivInfo = (PTOKEN_PRIVILEGES)Buffer;
b = GetTokenInformation(TokenHandle,
TokenPrivileges,
TokenPrivInfo,
sizeof(Buffer),
&SizeNeeded);
printf("GetTokenInformation(YokenPriv) -> %s (%d), sizeNeeded = %d\n",
b ? "TRUE" : "FALSE", GetLastError(),
SizeNeeded);
if (b)
{
RpcRevertToSelf();
printf("Priv count is %d\n", TokenPrivInfo->PrivilegeCount);
for (i = 0; i < TokenPrivInfo->PrivilegeCount; i++)
{
UCHAR PrivName[1024];
ULONG SizePrivName = sizeof(PrivName);
if ( ! LookupPrivilegeName(NULL,
&TokenPrivInfo->Privileges[i].Luid,
PrivName,
&SizePrivName))
{
sprintf(PrivName, "[Error %d]", GetLastError());
}
printf("Priv %s %x%x has attr %x\n",
PrivName,
TokenPrivInfo->Privileges[i].Luid.HighPart,
TokenPrivInfo->Privileges[i].Luid.LowPart,
TokenPrivInfo->Privileges[i].Attributes);
}
printf("\n");
RpcImpersonateClient(0);
}
b = GetTokenInformation(TokenHandle,
TokenUser,
TokenUserInfo,
sizeof(Buffer),
&SizeNeeded);
printf("GetTokenInformation -> %s (%d), sizeNeeded = %d\n",
b ? "TRUE" : "FALSE", GetLastError(),
SizeNeeded);
if (b)
{
if (Impersonating)
{
RpcRevertToSelf();
}
Sid = SidAndAttributes->Sid;
if (EqualSid(Sid, (PSID)SidBuffer) && GetLastError() == ERROR_SUCCESS)
{
printf("Called by LocalSystem !!\n");
} else {
printf("EqualSid %d\n", GetLastError());
}
b = LookupAccountSid(NULL,
Sid,
Name,
&NameSize,
Domain,
&DomainSize,
&SidNameUse);
if (Impersonating)
{
RpcImpersonateClient(0);
}
if (b)
{
printf("Account: %s\\%s Type %s\n", Domain, Name, SidUsage[SidNameUse]);
} else {
printf("LookupAccountSid %d\n", GetLastError());
}
}
CloseHandle(TokenHandle);
}
#endif
void EventCallbackRoutine(PWNODE_HEADER WnodeHeader, ULONG Context);
#define DATA_PROVIDER_PNPID_GUID \
{ 0xc7bf35d2,0xaadb,0x11d1, { 0xbf,0x4a,0x00,0xa0,0xc9,0x06,0x29,0x10 } }
GUID GuidXYZ = DATA_PROVIDER_PNPID_GUID;
ULONG EventsReceived;
void EventCallbackRoutine(PWNODE_HEADER WnodeHeader, ULONG Context)
{
PWNODE_SINGLE_INSTANCE WnodeSI = (PWNODE_SINGLE_INSTANCE)WnodeHeader;
PWNODE_HEADER Wnode = WnodeHeader;
LPGUID EventGuid = &WnodeHeader->Guid;
CHAR s[MAX_PATH];
ULONG Status;
WMIHANDLE Handle;
#if 0
GetCallerInfo(FALSE);
RevertToSelf();
GetCallerInfo(FALSE);
WackOnFile();
Status = RpcImpersonateClient(0);
printf("RpcImpersonateClient -> %d\n", Status);
if (Status == ERROR_SUCCESS)
{
WmiOpenBlock(&GuidXYZ, GENERIC_READ, &Handle);
GetCallerInfo(TRUE);
WackOnFile();
RpcRevertToSelf();
}
#endif
EventsReceived++;
printf("Receieved event for guid %s\n", GuidToString(s, EventGuid));
printf("BufferSize = 0x%x\n", Wnode->BufferSize);
printf("ProviderId = %x\n", Wnode->ProviderId); // Provider Id of driver returning this buffer
printf("Version = %x\n", Wnode->Version); // Reserved
printf("Linkage = %x\n", Wnode->Linkage); // Linkage field reserved for WMI
printf("ClientContext = %x\n", Wnode->ClientContext);
printf("Flags = %x\n", Wnode->Flags); // Flags, see below
if (Wnode->Flags & WNODE_FLAG_SINGLE_INSTANCE)
{
printf("WNODE_SINGLE_INSTANCE\n");
printf("OffsetInstanceName = %x\n", WnodeSI->OffsetInstanceName);
printf("InstanceIndex = %x\n", WnodeSI->InstanceIndex); // (Static Instance Names)
printf("DataBlockOffset = %x\n", WnodeSI->DataBlockOffset); // offset from beginning of WNODE to data block
printf("SizeDataBlock = %x\n", WnodeSI->SizeDataBlock); // Size of data block for instance
}
printf("\n%d events received\n", EventsReceived);
}
#if 0
#define WmiRpcProtocolSequence1 TEXT("ncacn_np")
#define WmiRpcProtocolSequence2 TEXT("ncalrpc")
#define MaxRpcCalls RPC_C_PROTSEQ_MAX_REQS_DEFAULT
void
CreateEndpoints(void)
{
ULONG i;
ULONG Status;
CHAR UniqueEndpoint[MAX_PATH];
SECURITY_DESCRIPTOR SD;
InitializeSecurityDescriptor(&SD, SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(&SD, TRUE, NULL, FALSE);
for (i = 0; i < 20; i++)
{
sprintf(UniqueEndpoint, "TESTLRPCEP_%x", i);
Status = RpcServerUseProtseqEp(WmiRpcProtocolSequence2,
MaxRpcCalls,
UniqueEndpoint,
&SD); // Security descriptor
if (Status != ERROR_SUCCESS)
{
printf("RpcServerUseProtseqEp failed %d\n", Status);
}
}
for (i = 0; i < 20; i++)
{
sprintf(UniqueEndpoint, "\\pipe\\TESTEP_%x", i);
Status = RpcServerUseProtseqEp(WmiRpcProtocolSequence1,
MaxRpcCalls,
UniqueEndpoint,
&SD); // Security descriptor
if (Status != ERROR_SUCCESS)
{
printf("RpcServerUseProtseqEp failed %d\n", Status);
}
}
}
#endif
PWNODE_HEADER EventPtrBuffer;
int _cdecl main(int argc, char *argv[])
{
ULONG Status;
GUID Guid;
ULONG c,i;
#if 0
c = 1;
for (i = 0; i < 101; i++)
{
c += i;
}
printf("c = %d\n",c);
#endif
if ((argc != 2) && (argc != 3))
{
printf("getevent <guid>\n");
return(0);
}
#if 0
CheckOwnPriv();
if (argc == 3)
{
printf("Creating endpoints\n");
CreateEndpoints();
}
#endif
//
// Parse the guid parameter
if (! wGUIDFromString(argv[1], &Guid))
{
printf("Bad guid %s\n", argv[1]);
return(0);
}
Status = WmiNotificationRegistration(&Guid,
TRUE,
EventCallbackRoutine,
0,
NOTIFICATION_CALLBACK_DIRECT);
if (Status != ERROR_SUCCESS)
{
printf("WMINotificationRegistration %d\n", Status);
return(1);
}
// Loop forever receiving events
while (1) Sleep(1000*1000);
return(ERROR_SUCCESS);
}