Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

156 lines
4.7 KiB

/*++
Copyright (c) 2001 Microsoft Corporation
Module Name:
WorksSuite2001.cpp
Abstract:
Added the hook for CreateProcess to prevent IE5Setup.exe from starting
up if the system has a higher version of IE.
Notes:
This is an app specific.
History:
03/28/2001 a-larrsh Created
07/13/2001 prashkud Added hook for CreateProcess
01/11/2001 robkenny Removed code that was deleting Shockwave files whenever this shim loaded.
--*/
#include "precomp.h"
IMPLEMENT_SHIM_BEGIN(WorksSuite2001)
#include "ShimHookMacro.h"
#include "userenv.h"
APIHOOK_ENUM_BEGIN
APIHOOK_ENUM_ENTRY(CreateProcessA)
APIHOOK_ENUM_END
/*++
Hooks CreateProcessA and if the process being invoked is "ie5setup.exe",
determines the IE version on the system and if it is higher than IE 5.5,
launches an harmless .exe like "rundll32.exe" instead.
--*/
BOOL
APIHOOK(CreateProcessA)(
LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
)
{
DPFN( eDbgLevelSpew, "[CreateProcessA] appname:(%s)\ncommandline:(%s)",
lpApplicationName, lpCommandLine );
CSTRING_TRY
{
CString csAppName(lpApplicationName);
CString csCmdLine(lpCommandLine);
if ((csAppName.Find(L"ie5setup.exe") != -1) ||
(csCmdLine.Find(L"ie5setup.exe") != -1))
{
//
// App has called CreateProcess on ie5setup.exe.
// Check the version of IE that we have on the machine.
//
HKEY hKey = NULL;
if ((RegOpenKeyExW(HKEY_LOCAL_MACHINE,
L"Software\\Microsoft\\Internet Explorer",
0,
KEY_QUERY_VALUE,
&hKey) == ERROR_SUCCESS))
{
WCHAR wszBuf[MAX_PATH];
DWORD dwSize = MAX_PATH;
if (RegQueryValueExW(hKey, L"Version", NULL, NULL,
(LPBYTE)wszBuf, &dwSize) == ERROR_SUCCESS)
{
WCHAR *StopString = NULL;
CStringParser csParser(wszBuf, L".");
// We need at least the major and minor version numbers from the version string
if (csParser.GetCount() >= 2)
{
long lVal = wcstol(csParser[0].Get(), &StopString, 10);
if (lVal > 5)
{
//
// Call rundll32.exe, which is harmless
//
csAppName = "";
csCmdLine = "rundll32.exe";
}
else
{
// check the 2nd value
StopString = NULL;
lVal = 0;
lVal = wcstol(csParser[1].Get(), &StopString, 10);
if (lVal > 5)
{
csAppName = "";
csCmdLine = "rundll32.exe";
}
}
}
}
RegCloseKey(hKey);
}
}
return ORIGINAL_API(CreateProcessA)(
csAppName.GetAnsiNIE(),csCmdLine.GetAnsiNIE(),
lpProcessAttributes,lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment,lpCurrentDirectory,
lpStartupInfo,lpProcessInformation);
}
CSTRING_CATCH
{
// Do nothing
}
return ORIGINAL_API(CreateProcessA)(lpApplicationName,
lpCommandLine, lpProcessAttributes,
lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment,
lpCurrentDirectory, lpStartupInfo,lpProcessInformation);
}
/*++
Register hooked functions
--*/
HOOK_BEGIN
APIHOOK_ENTRY(KERNEL32.DLL, CreateProcessA)
HOOK_END
IMPLEMENT_SHIM_END