You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
671 lines
13 KiB
671 lines
13 KiB
/*++
|
|
|
|
Copyright (c) 1999-2000 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
wow64ipc.c
|
|
|
|
Abstract:
|
|
|
|
This module will do the communication machanism among different processes that need
|
|
to interact with the wow64 services, like winlogon will notify wow64svc.
|
|
|
|
Author:
|
|
|
|
ATM Shafiqul Khalid (askhalid) 22-Mar-2000
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
|
|
#include <windows.h>
|
|
#include <memory.h>
|
|
#include <wow64reg.h>
|
|
#include <stdio.h>
|
|
#include "reflectr.h"
|
|
|
|
#define SHMEMSIZE 4096
|
|
|
|
LPVOID lpvMem = NULL; // pointer to shared memory
|
|
HANDLE hMapObject = NULL;
|
|
|
|
HANDLE hWow64Event = NULL;
|
|
HANDLE hWow64Mutex = NULL;
|
|
|
|
LIST_OBJECT *pList = NULL;
|
|
|
|
//SECURITY_DESCRIPTOR sdWow64SharedMemory;
|
|
//SECURITY_ATTRIBUTES saWow64SharedMemory;
|
|
|
|
BOOL
|
|
Wow64CreateLock (
|
|
DWORD dwOption
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Create or open Event wow64 service need to check.
|
|
|
|
Arguments:
|
|
|
|
dwOption -
|
|
OPEN_EXISTING_SHARED_MEMORY -- shouldn't be the first process to create this.
|
|
|
|
Return Value:
|
|
|
|
TRUE if the function has successfully created/opened the memory.
|
|
FALSE otherwise.
|
|
|
|
--*/
|
|
|
|
{
|
|
hWow64Mutex = CreateMutex(
|
|
NULL, // SD
|
|
FALSE,// initial owner
|
|
WOW64_SVC_REFLECTOR_MUTEX_NAME // object name
|
|
);
|
|
if ( hWow64Mutex == NULL )
|
|
return FALSE;
|
|
|
|
if ( GetLastError() != ERROR_ALREADY_EXISTS && dwOption == OPEN_EXISTING_SHARED_RESOURCES) {
|
|
|
|
Wow64CloseLock ();
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
VOID
|
|
Wow64CloseLock ()
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Close wow64 service event.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
{
|
|
if ( NULL != hWow64Mutex )
|
|
CloseHandle ( hWow64Mutex );
|
|
hWow64Mutex = NULL;
|
|
}
|
|
|
|
Wow64CreateEvent (
|
|
DWORD dwOption,
|
|
HANDLE *hEvent
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Create or open Event wow64 service need to check.
|
|
|
|
Arguments:
|
|
|
|
dwOption -
|
|
OPEN_EXISTING_SHARED_MEMORY -- shouldn't be the first process to create this.
|
|
|
|
Return Value:
|
|
|
|
TRUE if the function has successfully created/opened the memory.
|
|
FALSE otherwise.
|
|
|
|
--*/
|
|
|
|
{
|
|
*hEvent = NULL;
|
|
|
|
hWow64Event = CreateEvent(
|
|
NULL, // SD
|
|
TRUE, // reset type
|
|
FALSE,// initial state
|
|
WOW64_SVC_REFLECTOR_EVENT_NAME // object name
|
|
);
|
|
if ( hWow64Event == NULL )
|
|
return FALSE;
|
|
|
|
if ( GetLastError() != ERROR_ALREADY_EXISTS && dwOption == OPEN_EXISTING_SHARED_RESOURCES) {
|
|
|
|
Wow64CloseEvent ();
|
|
return FALSE;
|
|
}
|
|
|
|
*hEvent = hWow64Event;
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
VOID
|
|
Wow64CloseEvent ()
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Close wow64 service event.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
{
|
|
if ( NULL != hWow64Event )
|
|
CloseHandle ( hWow64Event );
|
|
hWow64Event = NULL;
|
|
}
|
|
|
|
BOOL
|
|
LockSharedMemory ()
|
|
{
|
|
DWORD Ret;
|
|
Ret = WaitForSingleObject( hWow64Mutex, 1000*5*60); // 5 min is good enough
|
|
|
|
//
|
|
// now you can access shared memory
|
|
//
|
|
//Log information if error occur
|
|
|
|
if ( Ret == WAIT_OBJECT_0 || Ret == WAIT_ABANDONED )
|
|
return TRUE;
|
|
|
|
//
|
|
// check for abandaned case
|
|
//
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
BOOL
|
|
UnLockSharedMemory ()
|
|
{
|
|
if ( ReleaseMutex ( hWow64Mutex ) )
|
|
return TRUE;
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
BOOL
|
|
CreateSharedMemory (
|
|
DWORD dwOption
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Create or open shared memory, used by different process.
|
|
|
|
Arguments:
|
|
|
|
dwOption -
|
|
OPEN_EXISTING_SHARED_MEMORY -- shouldn't be the first process to create this.
|
|
|
|
Return Value:
|
|
|
|
TRUE if the function has successfully created/opened the memory.
|
|
FALSE otherwise.
|
|
|
|
--*/
|
|
|
|
{
|
|
BOOL fInit;
|
|
|
|
|
|
//if (!InitializeSecurityDescriptor( &sdWow64SharedMemory, SECURITY_DESCRIPTOR_REVISION ))
|
|
// return FALSE;
|
|
|
|
// saWow64SharedMemory.nLength = sizeof ( SECURITY_ATTRIBUTES );
|
|
// saWow64SharedMemory.bInheritHandle = TRUE;
|
|
// saWow64SharedMemory.lpSecurityDescriptor = &sdWow64SharedMemory;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Create a named file mapping object.
|
|
|
|
hMapObject = CreateFileMapping(
|
|
INVALID_HANDLE_VALUE, // use paging file
|
|
NULL, //&saWow64SharedMemory, // no security attributes
|
|
PAGE_READWRITE, // read/write access
|
|
0, // size: high 32-bits
|
|
SHMEMSIZE, // size: low 32-bits
|
|
SHRED_MEMORY_NAME ); // name of map object
|
|
|
|
if (hMapObject == NULL)
|
|
return FALSE;
|
|
|
|
// The first process to attach initializes memory.
|
|
|
|
fInit = (GetLastError() != ERROR_ALREADY_EXISTS);
|
|
|
|
if (fInit && dwOption == OPEN_EXISTING_SHARED_RESOURCES ) {
|
|
|
|
CloseSharedMemory ();
|
|
return FALSE; // no shared memory exist
|
|
}
|
|
|
|
// Get a pointer to the file-mapped shared memory.
|
|
|
|
pList = (LIST_OBJECT *) MapViewOfFile(
|
|
hMapObject, // object to map view of
|
|
FILE_MAP_WRITE, // read/write access
|
|
0, // high offset: map from
|
|
0, // low offset: beginning
|
|
0); // default: map entire file
|
|
if (pList == NULL)
|
|
return FALSE;
|
|
|
|
// Initialize memory if this is the first process.
|
|
|
|
if (fInit) {
|
|
memset( ( PBYTE )pList, '\0', SHMEMSIZE);
|
|
pList->MaxCount = ( SHMEMSIZE - sizeof ( LIST_OBJECT ) ) / (LIST_NAME_LEN*sizeof (WCHAR));
|
|
|
|
}
|
|
|
|
//
|
|
// Also initialize all the locking and synchronization object
|
|
//
|
|
|
|
if ( !Wow64CreateLock ( dwOption ) ) {
|
|
CloseSharedMemory ();
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
VOID
|
|
CloseSharedMemory ()
|
|
{
|
|
|
|
if (pList != NULL )
|
|
UnmapViewOfFile(pList);
|
|
pList = NULL;
|
|
|
|
// Close the process's handle to the file-mapping object.
|
|
|
|
if ( hMapObject!= NULL )
|
|
CloseHandle(hMapObject);
|
|
hMapObject = NULL;
|
|
|
|
Wow64CloseLock ();
|
|
|
|
}
|
|
|
|
// initially try to transfer only one object
|
|
|
|
BOOL
|
|
EnQueueObject (
|
|
PWCHAR pObjName,
|
|
WCHAR Type
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Put an object name in the queue.
|
|
|
|
Arguments:
|
|
|
|
pObjName - Name of the object to put in the quque.
|
|
Type - L: Loading hive
|
|
U: Unloading Hive
|
|
|
|
Return Value:
|
|
|
|
TRUE if the function has successfully created/opened the memory.
|
|
FALSE otherwise.
|
|
|
|
--*/
|
|
{
|
|
// lpvMem check if this value is NULL
|
|
// wait to get the lock on shared memory
|
|
|
|
DWORD Len;
|
|
DWORD i;
|
|
|
|
if ( pList == NULL )
|
|
return FALSE;
|
|
|
|
Len = wcslen (pObjName);
|
|
if (Len == 0 || Len > 256 )
|
|
return FALSE;
|
|
|
|
if (!LockSharedMemory ())
|
|
return FALSE;
|
|
|
|
if ( pList->Count == pList->MaxCount ) {
|
|
UnLockSharedMemory ();
|
|
return FALSE;
|
|
}
|
|
|
|
for ( i=0; i<pList->MaxCount; i++) {
|
|
if (pList->Name[i][0] == UNICODE_NULL ) break;
|
|
}
|
|
|
|
if ( i == pList->MaxCount ) {
|
|
UnLockSharedMemory ();
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
wcscpy ( pList->Name[i], pObjName);
|
|
pList->Count++;
|
|
pList->Name[i][LIST_NAME_LEN-1] = Type;
|
|
|
|
UnLockSharedMemory ();
|
|
SignalWow64Svc ();
|
|
|
|
// write data
|
|
|
|
// release data
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL
|
|
DeQueueObject (
|
|
PWCHAR pObjName,
|
|
PWCHAR Type
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Get a name of object from the queue.
|
|
|
|
Arguments:
|
|
|
|
pObjName - Name of the object that receive the name.
|
|
Type - L: Loading hive
|
|
U: Unloading Hive
|
|
|
|
Return Value:
|
|
|
|
TRUE if the function has successfully created/opened the memory.
|
|
FALSE otherwise.
|
|
|
|
--*/
|
|
{
|
|
// lpvMem check if this value is NULL
|
|
// wait to get the lock on shared memory
|
|
|
|
DWORD Len;
|
|
DWORD i;
|
|
|
|
if ( pList == NULL )
|
|
return FALSE;
|
|
|
|
|
|
if (!LockSharedMemory ())
|
|
return FALSE;
|
|
|
|
if ( pList->Count == 0 ) {
|
|
UnLockSharedMemory ();
|
|
return FALSE;
|
|
}
|
|
|
|
for ( i=0; i < pList->MaxCount; i++) {
|
|
if (pList->Name[i][0] != UNICODE_NULL ) break;
|
|
}
|
|
|
|
if ( i == pList->MaxCount ) {
|
|
UnLockSharedMemory ();
|
|
return FALSE;
|
|
}
|
|
|
|
wcscpy ( pObjName, pList->Name[i]);
|
|
pList->Name[i][0] = UNICODE_NULL;
|
|
|
|
pList->Count--;
|
|
*Type = pList->Name[i][LIST_NAME_LEN-1];
|
|
|
|
UnLockSharedMemory ();
|
|
//SignalWow64Svc ();
|
|
|
|
// write data
|
|
|
|
// release data
|
|
return TRUE;
|
|
}
|
|
|
|
//signal wowservice to receive the data.
|
|
|
|
BOOL
|
|
SignalWow64Svc ()
|
|
{
|
|
//this might be a simple event trigger or set event
|
|
|
|
if ( SetEvent ( hWow64Event ) )
|
|
return TRUE;
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
BOOL
|
|
CheckAdminPriviledge ()
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Check if the running thread has admin priviledge.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
TRUE if the calling thread has admin proviledge.
|
|
FALSE otherwise.
|
|
|
|
--*/
|
|
{
|
|
|
|
BOOL bRetCode = FALSE;
|
|
/*
|
|
HANDLE TokenHandle;
|
|
BOOL b;
|
|
DWORD ReturnLength;
|
|
|
|
PTOKEN_USER TokenInfo;
|
|
|
|
//
|
|
// If we're impersonating, use the thread token, otherwise
|
|
// use the process token.
|
|
//
|
|
|
|
PTOKEN_USER Result = NULL;
|
|
|
|
b = OpenThreadToken(
|
|
GetCurrentThread(),
|
|
TOKEN_QUERY,
|
|
FALSE,
|
|
&TokenHandle
|
|
);
|
|
|
|
if (!b) {
|
|
|
|
if (GetLastError() == ERROR_NO_TOKEN) {
|
|
|
|
//
|
|
// We're not impersonating, try the process token
|
|
//
|
|
|
|
b = OpenProcessToken(
|
|
GetCurrentProcess(),
|
|
TOKEN_QUERY,
|
|
&TokenHandle
|
|
);
|
|
|
|
if (!b) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// We failed for some unexpected reason, return NULL and
|
|
// let the caller figure it out if he so chooses.
|
|
//
|
|
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
ReturnLength = GetSidLengthRequired( SID_MAX_SUB_AUTHORITIES ) + sizeof( TOKEN_USER );
|
|
|
|
TokenInfo = (PTOKEN_USER)malloc( ReturnLength );
|
|
|
|
if (TokenInfo != NULL) {
|
|
|
|
b = GetTokenInformation (
|
|
TokenHandle,
|
|
TokenGroups,
|
|
TokenInfo,
|
|
ReturnLength,
|
|
&ReturnLength
|
|
);
|
|
|
|
if (b) {
|
|
|
|
Result = TokenInfo;
|
|
|
|
} else {
|
|
|
|
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
|
|
|
|
//
|
|
// Reallocate TokenInfo
|
|
//
|
|
|
|
free( TokenInfo );
|
|
|
|
TokenInfo = (PTOKEN_USER)malloc( ReturnLength );
|
|
|
|
if (TokenInfo != NULL) {
|
|
|
|
b = GetTokenInformation (
|
|
TokenHandle,
|
|
TokenGroups,
|
|
TokenInfo,
|
|
ReturnLength,
|
|
&ReturnLength
|
|
);
|
|
|
|
if (b) {
|
|
|
|
Result = TokenInfo;
|
|
}
|
|
|
|
} else {
|
|
|
|
SetLastError( ERROR_NOT_ENOUGH_MEMORY );
|
|
return FALSE;
|
|
}
|
|
}
|
|
}
|
|
|
|
} else {
|
|
|
|
SetLastError( ERROR_NOT_ENOUGH_MEMORY );
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
DWORD dwSidSize = 0;
|
|
SID_NAME_USE SidType;
|
|
DWORD strSize = 80;
|
|
WCHAR str [80];
|
|
SID_NAME_USE sidType;
|
|
BOOL bProceede = TRUE;
|
|
|
|
DWORD dwRet = LookupAccountName (
|
|
NULL,
|
|
L"Administrators",
|
|
NULL,
|
|
&dwSidSize,
|
|
str,
|
|
&strSize,
|
|
&sidType );
|
|
|
|
if ( dwSidSize == 0)
|
|
if ( !dwRet ) {
|
|
cBase.PrintErrorWin32 ( GetLastError () );
|
|
bProceede = FALSE;
|
|
|
|
}
|
|
|
|
PSID psid = NULL;
|
|
|
|
if ( bProceede )
|
|
if ( dwSidSize ) {
|
|
psid = (PSID) GlobalAlloc ( GPTR, dwSidSize );
|
|
|
|
if ( psid == NULL )
|
|
bProceede = FALSE;
|
|
else {
|
|
strSize = 80;
|
|
dwRet = LookupAccountName (
|
|
NULL,
|
|
L"Administrators",
|
|
psid,
|
|
&dwSidSize,
|
|
str,
|
|
&strSize,
|
|
&sidType );
|
|
if ( ! dwRet )
|
|
bProceede = FALSE;
|
|
}
|
|
}
|
|
|
|
//now check
|
|
|
|
|
|
if ( Result == NULL )
|
|
bProceede = FALSE;
|
|
|
|
|
|
TOKEN_GROUPS *pGroups = ( TOKEN_GROUPS *)Result;
|
|
|
|
|
|
if ( bProceede )
|
|
for ( int i=0; i < pGroups->GroupCount; i++ ) {
|
|
if ( EqualSid ( pGroups->Groups [i].Sid, psid ) ){
|
|
bRetCode = TRUE;
|
|
break;
|
|
}
|
|
};
|
|
|
|
if ( psid != NULL )
|
|
GlobalFree ( psid );
|
|
|
|
if ( Result != NULL )
|
|
free ( Result );
|
|
|
|
*/
|
|
return bRetCode;
|
|
}
|