archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/base/win32/verifier/settings.c

478 lines
10 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. settings.c
  9. Abstract:
  11. This module implements interfaces for enabling application
  12. verifier flags persistently (registry).
  14. Author:
  16. Silviu Calinoiu (SilviuC) 17-Apr-2001
  18. Revision History:
  20. --*/
  22. //
  23. // IMPORTANT NOTE.
  24. //
  25. // This dll cannot contain non-ntdll dependencies. This way it allows
  26. // verifier to be run system wide including for processes like smss and csrss.
  27. //
  28. // This explains why we load dynamically advapi32 dll and pick up the functions
  29. // for registry manipulation. It is safe to do that for interfaces that set
  30. // flags because they are called only in contexts where it is safe to load
  31. // additional dlls.
  32. //
  34. #include "pch.h"
  36. #include "verifier.h"
  37. #include "settings.h"
  39. //
  40. // Handy functions exported by ntdll.dll
  41. //
  42. int __cdecl sscanf(const char *, const char *, ...);
  43. int __cdecl swprintf(wchar_t *, const wchar_t *, ...);
  45. //
  46. // Signatures for registry functions
  47. //
  49. typedef LONG (APIENTRY * PFN_REG_CREATE_KEY) (HKEY, LPCWSTR, DWORD, LPWSTR, DWORD, REGSAM, LPSECURITY_ATTRIBUTES, PHKEY, LPDWORD);
  50. typedef LONG (APIENTRY * PFN_REG_CLOSE_KEY)(HKEY);
  51. typedef LONG (APIENTRY * PFN_REG_QUERY_VALUE) (HKEY, LPCWSTR, LPDWORD, LPDWORD, LPBYTE, LPDWORD);
  52. typedef LONG (APIENTRY * PFN_REG_SET_VALUE) (HKEY, LPCWSTR, DWORD, DWORD, CONST BYTE *, DWORD);
  53. typedef LONG (APIENTRY * PFN_REG_DELETE_VALUE) (HKEY, LPCWSTR);
  55. //
  56. // Dynamically detected registry functions
  57. //
  59. PFN_REG_CREATE_KEY FnRegCreateKey;
  60. PFN_REG_CLOSE_KEY FnRegCloseKey;
  61. PFN_REG_QUERY_VALUE FnRegQueryValue;
  62. PFN_REG_SET_VALUE FnRegSetValue;
  63. PFN_REG_DELETE_VALUE FnRegDeleteValue;
  65. //
  66. // Registry path to `image file execution options' key
  67. //
  69. #define EXECUTION_OPTIONS_KEY L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\"
  71. //
  72. // Internal functions
  73. //
  75. NTSTATUS
  76. AVrfpGetRegistryInterfaces (
  77. PVOID DllHandle
  78. );
  80. HKEY
  81. AVrfpOpenImageKey (
  82. PWSTR Name
  83. );
  85. VOID
  86. AVrfpCloseImageKey (
  87. HKEY Key
  88. );
  90. BOOL
  91. AVrfpReadGlobalFlags (
  92. HKEY Key,
  93. PDWORD Value
  94. );
  96. BOOL
  97. AVrfpWriteGlobalFlags (
  98. HKEY Key,
  99. DWORD Value
  100. );
  102. BOOL
  103. AVrfpDeleteGlobalFlags (
  104. HKEY Key
  105. );
  107. BOOL
  108. AVrfpReadVerifierFlags (
  109. HKEY Key,
  110. PDWORD Value
  111. );
  113. BOOL
  114. AVrfpWriteVerifierFlags (
  115. HKEY Key,
  116. DWORD Value
  117. );
  119. BOOL
  120. AVrfpDeleteVerifierFlags (
  121. HKEY Key
  122. );
  125. NTSTATUS
  126. VerifierSetFlags (
  127. PUNICODE_STRING ApplicationName,
  128. ULONG VerifierFlags,
  129. PVOID Details
  130. )
  131. /*++
  133. Routine Description:
  135. This routine enables persistently (through registry) application
  136. verifier flags for a specified application.
  138. Arguments:
  140. ApplicationName - name of the application to be verifier. The path should
  141. not be included. The extension should be included. Some examples of
  142. correct names are: `services.exe', `logon.scr'. Incorrect examples are:
  143. `c:\winnt\system32\notepad.exe' or just `notepad'. If we persist a setting
  144. for `xxx.exe' then every time a process whose binary is xxx.exe is launched
  145. application verifier will kick in no matter in what user context or from what
  146. disk location this happens.
  148. VerifierFlags - bit field with verifier flags to be enabled. The legal bits are
  149. declared in sdk\inc\nturtl.h (and winnt.h) as constants names RTL_VRF_FLG_XXX.
  150. For example RTL_VRF_FLG_FULL_PAGE_HEAP. If a zero value is used then all
  151. registry values related to verifier will b e deleted from registry.
  153. Details - Ignored right now. In the future this structure will support various
  154. extensions of the API (e.g. page heap flags, per dll page heap settings, etc.).
  156. Return Value:
  158. STATUS_SUCCESS if all flags requested have been enabled. It can return
  159. STATUS_NOT_IMPLEMENTED if one of the flags requested is not yet implemented
  160. or we decided to block it internally due to a bug. It can also return
  161. STATUS_INVALID_PARAMETER if the application name or other parameters
  162. are ill-formed.
  164. --*/
  165. {
  166. NTSTATUS Status;
  167. UNICODE_STRING AdvapiName;
  168. PVOID AdvapiHandle;
  169. HKEY Key;
  170. DWORD Flags;
  172. if (ApplicationName == NULL || ApplicationName->Buffer == NULL) {
  173. return STATUS_INVALID_PARAMETER;
  174. }
  176. //
  177. // Load advapi32.dll and get registry manipulation functions.
  178. //
  180. RtlInitUnicodeString (&AdvapiName, L"advapi32.dll");
  181. Status = LdrLoadDll (NULL, NULL, &AdvapiName, &AdvapiHandle);
  183. if (!NT_SUCCESS(Status)) {
  184. return Status;
  185. }
  187. Status = AVrfpGetRegistryInterfaces (AdvapiHandle);
  189. if (!NT_SUCCESS(Status)) {
  190. goto Exit;
  191. }
  193. //
  194. // Open `image file execution options\xxx.exe' key. If the key does not
  195. // exist it will be created.
  196. //
  198. Key = AVrfpOpenImageKey (ApplicationName->Buffer);
  200. if (Key == NULL) {
  201. Status = STATUS_INVALID_PARAMETER;
  202. goto Exit;
  203. }
  205. //
  206. // Create verifier settings.
  207. //
  209. if (VerifierFlags == 0) {
  211. Flags = 0;
  212. AVrfpReadGlobalFlags (Key, &Flags);
  213. Flags &= ~FLG_APPLICATION_VERIFIER;
  215. if (Flags == 0) {
  216. AVrfpDeleteGlobalFlags (Key);
  217. }
  218. else {
  219. AVrfpWriteGlobalFlags (Key, Flags);
  220. }
  222. AVrfpDeleteVerifierFlags (Key);
  223. }
  224. else {
  226. Flags = 0;
  227. AVrfpReadGlobalFlags (Key, &Flags);
  228. Flags |= FLG_APPLICATION_VERIFIER;
  229. AVrfpWriteGlobalFlags (Key, Flags);
  231. Flags = VerifierFlags;
  232. AVrfpWriteVerifierFlags (Key, Flags);
  233. }
  235. //
  236. // Cleanup and return.
  237. //
  239. AVrfpCloseImageKey (Key);
  241. Exit:
  243. LdrUnloadDll (AdvapiHandle);
  245. return Status;
  246. }
  248. NTSTATUS
  249. AVrfpGetRegistryInterfaces (
  250. PVOID AdvapiHandle
  251. )
  252. {
  253. NTSTATUS Status;
  254. ANSI_STRING FunctionName;
  255. PVOID FunctionAddress;
  257. RtlInitAnsiString (&FunctionName, "RegCreateKeyExW");
  258. Status = LdrGetProcedureAddress (AdvapiHandle, &FunctionName, 0, &FunctionAddress);
  260. if (!NT_SUCCESS(Status)) {
  261. return Status;
  262. }
  264. FnRegCreateKey = (PFN_REG_CREATE_KEY)FunctionAddress;
  266. RtlInitAnsiString (&FunctionName, "RegCloseKey");
  267. Status = LdrGetProcedureAddress (AdvapiHandle, &FunctionName, 0, &FunctionAddress);
  269. if (!NT_SUCCESS(Status)) {
  270. return Status;
  271. }
  273. FnRegCloseKey = (PFN_REG_CLOSE_KEY)FunctionAddress;
  275. RtlInitAnsiString (&FunctionName, "RegQueryValueExW");
  276. Status = LdrGetProcedureAddress (AdvapiHandle, &FunctionName, 0, &FunctionAddress);
  278. if (!NT_SUCCESS(Status)) {
  279. return Status;
  280. }
  282. FnRegQueryValue = (PFN_REG_QUERY_VALUE)FunctionAddress;
  284. RtlInitAnsiString (&FunctionName, "RegSetValueExW");
  285. Status = LdrGetProcedureAddress (AdvapiHandle, &FunctionName, 0, &FunctionAddress);
  287. if (!NT_SUCCESS(Status)) {
  288. return Status;
  289. }
  291. FnRegSetValue = (PFN_REG_SET_VALUE)FunctionAddress;
  293. RtlInitAnsiString (&FunctionName, "RegDeleteValueW");
  294. Status = LdrGetProcedureAddress (AdvapiHandle, &FunctionName, 0, &FunctionAddress);
  296. if (!NT_SUCCESS(Status)) {
  297. return Status;
  298. }
  300. FnRegDeleteValue = (PFN_REG_DELETE_VALUE)FunctionAddress;
  302. return Status;
  303. }
  305. HKEY
  306. AVrfpOpenImageKey (
  307. PWSTR Name
  308. )
  309. {
  310. HKEY Key;
  311. LONG Result;
  312. WCHAR Buffer [MAX_PATH];
  314. wcscpy (Buffer, EXECUTION_OPTIONS_KEY);
  315. wcscat (Buffer, Name);
  317. Result = FnRegCreateKey (HKEY_LOCAL_MACHINE,
  318. Buffer,
  319. 0,
  320. 0,
  321. 0,
  322. KEY_ALL_ACCESS,
  323. NULL,
  324. &Key,
  325. NULL);
  327. if (Result != ERROR_SUCCESS) {
  328. return NULL;
  329. }
  330. else {
  331. return Key;
  332. }
  333. }
  335. VOID
  336. AVrfpCloseImageKey (
  337. HKEY Key
  338. )
  339. {
  340. FnRegCloseKey (Key);
  341. }
  343. BOOL
  344. AVrfpReadGlobalFlags (
  345. HKEY Key,
  346. PDWORD Value
  347. )
  348. {
  349. LONG Result;
  350. DWORD Type;
  351. BYTE Buffer[32];
  352. BYTE Buffer2[32];
  353. DWORD BytesRead;
  354. DWORD FlagValue;
  355. DWORD I;
  357. BytesRead = sizeof Buffer;
  359. Result = FnRegQueryValue (Key,
  360. L"GlobalFlag",
  361. 0,
  362. &Type,
  363. (LPBYTE)Buffer,
  364. &BytesRead);
  366. if (Result != ERROR_SUCCESS || Type != REG_SZ) {
  368. DbgPrint ("Result %u \n", Result);
  369. return FALSE;
  370. }
  371. else {
  373. for (I = 0; Buffer[2 * I] != L'\0'; I += 1) {
  374. Buffer2[I] = Buffer[2 * I];
  375. }
  377. Buffer2[I] = 0;
  378. FlagValue = 0;
  380. sscanf (Buffer2, "%x", &FlagValue);
  382. if (Value) {
  383. *Value = FlagValue;
  384. }
  386. return TRUE;
  387. }
  388. }
  390. BOOL
  391. AVrfpWriteGlobalFlags (
  392. HKEY Key,
  393. DWORD Value
  394. )
  395. {
  396. LONG Result;
  397. WCHAR Buffer[16];
  398. DWORD Length;
  400. swprintf (Buffer, L"0x%08X", Value);
  401. Length = (wcslen(Buffer) + 1) * sizeof (WCHAR);
  403. Result = FnRegSetValue (Key,
  404. L"GlobalFlag",
  405. 0,
  406. REG_SZ,
  407. (LPBYTE)Buffer,
  408. Length);
  410. return (Result == ERROR_SUCCESS);
  411. }
  413. BOOL
  414. AVrfpDeleteGlobalFlags (
  415. HKEY Key
  416. )
  417. {
  418. LONG Result;
  420. Result = FnRegDeleteValue (Key, L"GlobalFlag");
  421. return (Result == ERROR_SUCCESS);
  422. }
  424. BOOL
  425. AVrfpReadVerifierFlags (
  426. HKEY Key,
  427. PDWORD Value
  428. )
  429. {
  430. LONG Result;
  431. DWORD Type;
  432. DWORD BytesRead;
  434. BytesRead = sizeof *Value;
  436. Result = FnRegQueryValue (Key,
  437. L"VerifierValue",
  438. 0,
  439. &Type,
  440. (LPBYTE)Value,
  441. &BytesRead);
  443. return (Result == ERROR_SUCCESS && Type != REG_DWORD);
  444. }
  446. BOOL
  447. AVrfpWriteVerifierFlags (
  448. HKEY Key,
  449. DWORD Value
  450. )
  451. {
  452. LONG Result;
  454. Result = FnRegSetValue (Key,
  455. L"VerifierFlags",
  456. 0,
  457. REG_DWORD,
  458. (LPBYTE)(&Value),
  459. sizeof Value);
  461. return (Result == ERROR_SUCCESS);
  462. }
  464. BOOL
  465. AVrfpDeleteVerifierFlags (
  466. HKEY Key
  467. )
  468. {
  469. LONG Result;
  471. Result = FnRegDeleteValue (Key, L"VerifierFlags");
  472. return (Result == ERROR_SUCCESS);
  473. }