archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
3.8 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/windows/appcompat/shims/layer/addwritepermissionstodevice...

252 lines
5.9 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  7. AddWritePermissionsToDeviceFiles.cpp
  9. Abstract:
  11. Add write permissions for IOCTL_SCSI_PASS_THROUGH under SECUROM.
  13. SecuRom can be debugged under a user-mode debugger but the following must
  14. be done before hitting 'g' after attach:
  16. 1. sxi av <- ignore access violations
  17. 2. sxi sse <- ignore single step exception
  18. 3. sxi ssec <- ignore single step exception continue
  19. 4. sxi dz <- ignore divide by zero
  21. It checksums it's executable, so breakpoints in certain places don't work.
  23. Notes:
  25. This is a general purpose shim.
  27. History:
  29. 09/03/1999 v-johnwh Created
  30. 03/09/2001 linstev Rewrote DeviceIoControl to handle bad buffers and added
  31. debugging comments
  33. --*/
  35. #include "precomp.h"
  36. #include "CharVector.h"
  38. IMPLEMENT_SHIM_BEGIN(AddWritePermissionsToDeviceFiles)
  39. #include "ShimHookMacro.h"
  41. APIHOOK_ENUM_BEGIN
  42. APIHOOK_ENUM_ENTRY(CreateFileA)
  43. APIHOOK_ENUM_ENTRY(DeviceIoControl)
  44. APIHOOK_ENUM_ENTRY(CloseHandle)
  45. APIHOOK_ENUM_END
  47. VectorT<HANDLE> * g_hDevices;
  49. /*++
  51. We need to add write permission to all CD-ROM devices
  53. --*/
  55. HANDLE
  56. APIHOOK(CreateFileA)(
  57. LPCSTR lpFileName,
  58. DWORD dwDesiredAccess,
  59. DWORD dwShareMode,
  60. LPSECURITY_ATTRIBUTES lpSecurityAttributes,
  61. DWORD dwCreationDisposition,
  62. DWORD dwFlagsAndAttributes,
  63. HANDLE hTemplateFile
  64. )
  65. {
  66. DWORD dwAccessMode = dwDesiredAccess;
  68. if ((lpFileName[0] == '\\') &&
  69. (lpFileName[1] == '\\') &&
  70. (lpFileName[2] == '.') &&
  71. (lpFileName[3] == '\\')) {
  72. //
  73. // This file starts with \\.\ so it must be a device file.
  74. //
  76. if (!(dwAccessMode & GENERIC_WRITE)) {
  77. //
  78. // Make sure this device is a CD-ROM
  79. //
  80. char diskRootName[4];
  81. diskRootName[0] = lpFileName[4];
  82. diskRootName[1] = ':';
  83. diskRootName[2] = '\\';
  84. diskRootName[3] = 0;
  86. DWORD dwDriveType = GetDriveTypeA(diskRootName);
  87. if (DRIVE_CDROM == dwDriveType) {
  88. //
  89. // Add write permissions to give us NT4 behavior for device
  90. // files
  91. //
  92. dwAccessMode |= GENERIC_WRITE;
  93. }
  94. }
  95. }
  97. HANDLE hRet = ORIGINAL_API(CreateFileA)(lpFileName, dwAccessMode,
  98. dwShareMode, lpSecurityAttributes, dwCreationDisposition,
  99. dwFlagsAndAttributes, hTemplateFile);
  101. if ((hRet != INVALID_HANDLE_VALUE) && (dwAccessMode != dwDesiredAccess)) {
  102. //
  103. // Add the handle to our list so we can clean it up later.
  104. //
  105. g_hDevices->Append(hRet);
  106. LOGN( eDbgLevelError, "[CreateFileA] Added GENERIC_WRITE permission on device(%s)", lpFileName);
  107. }
  109. return hRet;
  110. }
  112. /*++
  114. Since we added write permission to CD-ROM devices for IOCTL_SCSI_PASS_THROUGH,
  115. we need to remove the write permission for all other IOCTLs passed to that device.
  117. --*/
  119. BOOL
  120. APIHOOK(DeviceIoControl)(
  121. HANDLE hDevice,
  122. DWORD dwIoControlCode,
  123. LPVOID lpInBuffer,
  124. DWORD nInBufferSize,
  125. LPVOID lpOutBuffer,
  126. DWORD nOutBufferSize,
  127. LPDWORD lpBytesReturned,
  128. LPOVERLAPPED lpOverlapped
  129. )
  130. {
  131. LPVOID lpOut = lpOutBuffer;
  132. if (lpOutBuffer && nOutBufferSize && lpBytesReturned) {
  133. //
  134. // Create a new output buffer, if this fails we just keep the original
  135. // buffer.
  136. //
  138. lpOut = malloc(nOutBufferSize);
  139. if (lpOut) {
  140. MoveMemory(lpOut, lpOutBuffer, nOutBufferSize);
  141. } else {
  142. DPFN( eDbgLevelError, "Out of memory");
  143. lpOut = lpOutBuffer;
  144. }
  145. }
  147. BOOL bRet;
  148. if (IOCTL_SCSI_PASS_THROUGH != dwIoControlCode) {
  149. //
  150. // We don't care about IOCTL_SCSI_PASS_THROUGH
  151. //
  153. if (g_hDevices->Find(hDevice) >= 0) {
  154. //
  155. // Check to see if this is a device that we added Write permissions
  156. // If it is, we need to create a handle with only Read permissions
  157. //
  159. HANDLE hDupped;
  161. bRet = DuplicateHandle(GetCurrentProcess(), hDevice,
  162. GetCurrentProcess(), &hDupped, GENERIC_READ, FALSE, 0);
  164. if (bRet) {
  165. //
  166. // Call the IOCTL with the original (Read) permissions
  167. //
  168. bRet = ORIGINAL_API(DeviceIoControl)(hDupped, dwIoControlCode,
  169. lpInBuffer, nInBufferSize, lpOut, nOutBufferSize,
  170. lpBytesReturned, lpOverlapped);
  172. CloseHandle(hDupped);
  174. goto Exit;
  175. }
  176. }
  177. }
  179. bRet = ORIGINAL_API(DeviceIoControl)(hDevice, dwIoControlCode, lpInBuffer,
  180. nInBufferSize, lpOut, nOutBufferSize, lpBytesReturned, lpOverlapped);
  182. Exit:
  184. if (lpOut && (lpOut != lpOutBuffer)) {
  185. //
  186. // Need to copy the output back into the true output buffer
  187. //
  188. if (bRet && lpBytesReturned && *lpBytesReturned) {
  189. __try {
  190. MoveMemory(lpOutBuffer, lpOut, *lpBytesReturned);
  191. } __except(1) {
  192. DPFN( eDbgLevelError, "Failed to copy data into output buffer, perhaps it's read-only");
  193. }
  194. }
  196. free(lpOut);
  197. }
  199. return bRet;
  201. }
  203. /*++
  205. If this handle is in our list, remove it.
  207. --*/
  209. BOOL
  210. APIHOOK(CloseHandle)(
  211. HANDLE hObject
  212. )
  213. {
  214. int index = g_hDevices->Find(hObject);
  216. if (index >= 0) {
  217. g_hDevices->Remove(index);
  218. }
  220. return ORIGINAL_API(CloseHandle)(hObject);
  221. }
  223. /*++
  225. Register hooked functions
  227. --*/
  229. BOOL
  230. NOTIFY_FUNCTION(
  231. DWORD fdwReason)
  232. {
  233. if (fdwReason == DLL_PROCESS_ATTACH) {
  234. g_hDevices = new VectorT<HANDLE>;
  235. }
  237. return g_hDevices != NULL;
  238. }
  241. HOOK_BEGIN
  243. CALL_NOTIFY_FUNCTION
  245. APIHOOK_ENTRY(KERNEL32.DLL, CreateFileA)
  246. APIHOOK_ENTRY(KERNEL32.DLL, DeviceIoControl)
  247. APIHOOK_ENTRY(KERNEL32.DLL, CloseHandle)
  249. HOOK_END
  251. IMPLEMENT_SHIM_END