archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/windows/appcompat/shims/specific/netmanageviewnow.cpp

203 lines
4.5 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name:
  7. NetManageViewNow.cpp
  9. Abstract:
  12. The app doesnt follow stdcall conventions for the ServiceMain function
  13. it registers with SCM. This is resulting in an AV as the ServiceMain
  14. is not cleaning up the stack on return, after being called by SCM.
  15. We clean up the stack for the app registered ServiceMain by hooking
  16. StartServiceCtrlDispatcher and registering our own ServiceMain routine,
  17. which makes the actual call to the app registered servicemain and then
  18. pop 8 bytes of the stack before returning.
  21. Notes:
  23. This is an app specific shim.
  25. History:
  27. 03/08/2001 a-leelat Created
  29. --*/
  31. #include "precomp.h"
  33. IMPLEMENT_SHIM_BEGIN(NetManageViewNow)
  34. #include "ShimHookMacro.h"
  36. APIHOOK_ENUM_BEGIN
  37. APIHOOK_ENUM_ENTRY(StartServiceCtrlDispatcherA)
  38. APIHOOK_ENUM_ENTRY(StartServiceCtrlDispatcherW)
  39. APIHOOK_ENUM_END
  43. //last entry of the service table are supposed to be NULL entries
  44. SERVICE_TABLE_ENTRYA g_SvcTableA[] = { {NULL,NULL},{NULL,NULL} };
  45. SERVICE_TABLE_ENTRYW g_SvcTableW[] = { {NULL,NULL},{NULL,NULL} };
  47. LPSERVICE_MAIN_FUNCTIONA g_pfnActualMainA = NULL;
  48. LPSERVICE_MAIN_FUNCTIONW g_pfnActualMainW = NULL;
  53. VOID WINAPI ServiceMainA(
  54. DWORD dwArgc, // number of arguments
  55. LPSTR *lpszArgv // array of arguments
  56. )
  57. {
  59. //call the actual routine
  60. (g_pfnActualMainA)(dwArgc,lpszArgv);
  62. //pop 8 bytes of stack to compensate for
  63. //the app not following stdcall convention
  64. __asm
  65. {
  66. add esp,8
  67. }
  68. }
  71. VOID WINAPI ServiceMainW(
  72. DWORD dwArgc, // number of arguments
  73. LPWSTR *lpszArgv // array of arguments
  74. )
  75. {
  77. //call the actual routine
  78. (g_pfnActualMainW)(dwArgc,lpszArgv);
  80. //pop 8 bytes of stack to compensate for
  81. //the app not following stdcall convention
  82. __asm
  83. {
  84. add esp, 8
  85. }
  87. }
  92. BOOL APIHOOK(StartServiceCtrlDispatcherA)(
  93. CONST LPSERVICE_TABLE_ENTRYA lpServiceTable // service table
  94. )
  95. {
  97. BOOL bRet = false;
  99. LPSERVICE_TABLE_ENTRYA lpSvcTblToPass = lpServiceTable;
  101. //Allocate buffer to copy the actual service name
  102. g_SvcTableA[0].lpServiceName =
  103. (LPSTR) malloc(_tcslenBytes(lpServiceTable->lpServiceName)+1);
  105. if (!g_SvcTableA[0].lpServiceName)
  106. {
  107. DPFN( eDbgLevelError,
  108. "[StartServiceCtrlDispatcherA] Buffer allocation failure");
  109. }
  110. else
  111. {
  112. //Setup our service table to register with SCM
  114. //Copy the service name as defined by the app
  115. _tcscpy(g_SvcTableA[0].lpServiceName,lpServiceTable->lpServiceName);
  117. //Now put our service routine
  118. g_SvcTableA[0].lpServiceProc = ServiceMainA;
  120. //Save the old servicemain func ptr
  121. g_pfnActualMainA = lpServiceTable->lpServiceProc;
  123. //Set the service table to our table
  124. lpSvcTblToPass = &g_SvcTableA[0];
  126. DPFN( eDbgLevelInfo,
  127. "[StartServiceCtrlDispatcherA] Hooked ServiceMainA");
  128. }
  131. //Call the Original API
  132. bRet = StartServiceCtrlDispatcherA(lpSvcTblToPass);
  134. return bRet;
  136. }
  141. BOOL APIHOOK(StartServiceCtrlDispatcherW)(
  142. CONST LPSERVICE_TABLE_ENTRYW lpServiceTable // service table
  143. )
  144. {
  145. BOOL bRet = false;
  147. LPSERVICE_TABLE_ENTRYW lpSvcTblToPass = lpServiceTable;
  149. //Allocate buffer to copy the actual service name
  150. g_SvcTableW[0].lpServiceName =
  151. (LPWSTR) malloc(wcslen(lpServiceTable->lpServiceName)+1);
  153. if (!g_SvcTableW[0].lpServiceName)
  154. {
  156. DPFN( eDbgLevelError,
  157. "[StartServiceCtrlDispatcherW] Buffer allocation failure");
  158. }
  159. else
  160. {
  161. //Setup our service table to register with SCM
  163. //Copy the service name as defined by the app
  164. wcscpy(g_SvcTableW[0].lpServiceName,lpServiceTable->lpServiceName);
  166. //Now put our service routine
  167. g_SvcTableW[0].lpServiceProc = ServiceMainW;
  169. //Save the old servicemain func ptr
  170. g_pfnActualMainW = lpServiceTable->lpServiceProc;
  172. //Set the service table to our table
  173. lpSvcTblToPass = &g_SvcTableW[0];
  175. DPFN( eDbgLevelInfo,
  176. "[StartServiceCtrlDispatcherW] Hooked ServiceMainW");
  177. }
  180. //Call the Original API
  181. bRet = StartServiceCtrlDispatcherW(lpSvcTblToPass);
  183. return bRet;
  184. }
  188. /*++
  190. Register hooked functions
  192. --*/
  194. HOOK_BEGIN
  196. APIHOOK_ENTRY(ADVAPI32.DLL, StartServiceCtrlDispatcherA)
  197. APIHOOK_ENTRY(ADVAPI32.DLL, StartServiceCtrlDispatcherW)
  199. HOOK_END
  202. IMPLEMENT_SHIM_END