Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

445 lines
13 KiB

  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1996 - 1999
  6. //
  7. // File: peimage2.cpp
  8. //
  9. // Contents: Microsoft SIP Provider
  10. //
  11. // History: 14-Mar-1997 pberkman created
  12. //
  13. //--------------------------------------------------------------------------
  14. #include "global.hxx"
  15. __inline DWORD AlignIt (DWORD Value, DWORD Alignment) { return (Value + (Alignment - 1)) & ~(Alignment -1); }
  16. #define InitializeListHead(ListHead) (\
  17. (ListHead)->Flink = (ListHead)->Blink = (ListHead))
  18. #define MAP_READONLY TRUE
  19. #define MAP_READWRITE FALSE
  20. BOOL
  21. CalculateImagePtrs(
  22. PLOADED_IMAGE LoadedImage
  23. )
  24. {
  25. PIMAGE_DOS_HEADER DosHeader;
  26. BOOL fRC = FALSE;
  27. // Everything is mapped. Now check the image and find nt image headers
  28. __try {
  29. DosHeader = (PIMAGE_DOS_HEADER)LoadedImage->MappedAddress;
  30. if ((DosHeader->e_magic != IMAGE_DOS_SIGNATURE) &&
  31. (DosHeader->e_magic != IMAGE_NT_SIGNATURE)) {
  32. __leave;
  33. }
  34. if (DosHeader->e_magic == IMAGE_DOS_SIGNATURE) {
  35. if (DosHeader->e_lfanew == 0) {
  36. __leave;
  37. }
  38. LoadedImage->FileHeader = (PIMAGE_NT_HEADERS)((ULONG_PTR)DosHeader + DosHeader->e_lfanew);
  39. if (
  40. // If IMAGE_NT_HEADERS would extend past the end of file...
  41. (PBYTE)LoadedImage->FileHeader + sizeof(IMAGE_NT_HEADERS) >
  42. (PBYTE)LoadedImage->MappedAddress + LoadedImage->SizeOfImage ||
  43. // ..or if it would begin in, or before the IMAGE_DOS_HEADER...
  44. (PBYTE)LoadedImage->FileHeader <
  45. (PBYTE)LoadedImage->MappedAddress + sizeof(IMAGE_DOS_HEADER) )
  46. {
  47. // ...then e_lfanew is not as expected.
  48. // (Several Win95 files are in this category.)
  49. __leave;
  50. }
  51. } else {
  52. // No DOS header indicates an image built w/o a dos stub
  53. LoadedImage->FileHeader = (PIMAGE_NT_HEADERS)DosHeader;
  54. }
  55. if ( LoadedImage->FileHeader->Signature != IMAGE_NT_SIGNATURE ) {
  56. __leave;
  57. }
  58. // No optional header indicates an object...
  59. if ( !LoadedImage->FileHeader->FileHeader.SizeOfOptionalHeader ) {
  60. __leave;
  61. }
  62. // Check for versions < 2.50
  63. if ( LoadedImage->FileHeader->OptionalHeader.MajorLinkerVersion < 3 &&
  64. LoadedImage->FileHeader->OptionalHeader.MinorLinkerVersion < 5 ) {
  65. __leave;
  66. }
  67. InitializeListHead( &LoadedImage->Links );
  68. LoadedImage->NumberOfSections = LoadedImage->FileHeader->FileHeader.NumberOfSections;
  69. LoadedImage->Sections = IMAGE_FIRST_SECTION(LoadedImage->FileHeader);
  70. fRC = TRUE;
  71. } __except ( EXCEPTION_EXECUTE_HANDLER ) { }
  72. return fRC;
  73. }
  74. BOOL
  75. MapIt(
  76. HANDLE hFile,
  77. PLOADED_IMAGE LoadedImage
  78. )
  79. {
  80. HANDLE hMappedFile;
  81. hMappedFile = CreateFileMapping(
  82. hFile,
  83. NULL,
  84. PAGE_READONLY,
  85. 0,
  86. 0,
  87. NULL
  88. );
  89. if ( !hMappedFile ) {
  90. return FALSE;
  91. }
  92. LoadedImage->MappedAddress = (PUCHAR) MapViewOfFile(
  93. hMappedFile,
  94. FILE_MAP_READ,
  95. 0,
  96. 0,
  97. 0
  98. );
  99. CloseHandle(hMappedFile);
  100. LoadedImage->SizeOfImage = GetFileSize(hFile, NULL);
  101. if (!LoadedImage->MappedAddress) {
  102. return (FALSE);
  103. }
  104. if (!CalculateImagePtrs(LoadedImage)) {
  105. UnmapViewOfFile(LoadedImage->MappedAddress);
  106. return(FALSE);
  107. }
  108. LoadedImage->hFile = INVALID_HANDLE_VALUE;
  109. return(TRUE);
  110. }
  111. typedef struct _EXCLUDE_RANGE {
  112. PBYTE Offset;
  113. DWORD Size;
  114. struct _EXCLUDE_RANGE *Next;
  115. } EXCLUDE_RANGE;
  116. class EXCLUDE_LIST
  117. {
  118. public:
  119. EXCLUDE_LIST() {
  120. m_Image = NULL;
  121. m_ExRange = new EXCLUDE_RANGE;
  122. if(m_ExRange)
  123. memset(m_ExRange, 0x00, sizeof(EXCLUDE_RANGE));
  124. }
  125. ~EXCLUDE_LIST() {
  126. EXCLUDE_RANGE *pTmp;
  127. pTmp = m_ExRange->Next;
  128. while (pTmp)
  129. {
  130. DELETE_OBJECT(m_ExRange);
  131. m_ExRange = pTmp;
  132. pTmp = m_ExRange->Next;
  133. }
  134. DELETE_OBJECT(m_ExRange);
  135. }
  136. void Init(LOADED_IMAGE * Image, DIGEST_FUNCTION pFunc, DIGEST_HANDLE dh) {
  137. m_Image = Image;
  138. m_ExRange->Offset = NULL;
  139. m_ExRange->Size = 0;
  140. m_pFunc = pFunc;
  141. m_dh = dh;
  142. return;
  143. }
  144. void Add(DWORD_PTR Offset, DWORD Size);
  145. BOOL Emit(PBYTE Offset, DWORD Size);
  146. private:
  147. LOADED_IMAGE * m_Image;
  148. EXCLUDE_RANGE * m_ExRange;
  149. DIGEST_FUNCTION m_pFunc;
  150. DIGEST_HANDLE m_dh;
  151. };
  152. void
  153. EXCLUDE_LIST::Add(
  154. DWORD_PTR Offset,
  155. DWORD Size
  156. )
  157. {
  158. EXCLUDE_RANGE *pTmp, *pExRange;
  159. pExRange = m_ExRange;
  160. while (pExRange->Next && (pExRange->Next->Offset < (PBYTE)Offset)) {
  161. pExRange = pExRange->Next;
  162. }
  163. pTmp = new EXCLUDE_RANGE;
  164. if(pTmp)
  165. {
  166. pTmp->Next = pExRange->Next;
  167. pTmp->Offset = (PBYTE)Offset;
  168. pTmp->Size = Size;
  169. pExRange->Next = pTmp;
  170. }
  171. return;
  172. }
  173. BOOL
  174. EXCLUDE_LIST::Emit(
  175. PBYTE Offset,
  176. DWORD Size
  177. )
  178. {
  179. BOOL rc;
  180. EXCLUDE_RANGE *pExRange;
  181. DWORD EmitSize, ExcludeSize;
  182. pExRange = m_ExRange->Next;
  183. while (pExRange && (Size > 0)) {
  184. if (pExRange->Offset >= Offset) {
  185. // Emit what's before the exclude list.
  186. EmitSize = min((DWORD)(pExRange->Offset - Offset), Size);
  187. if (EmitSize) {
  188. rc = (*m_pFunc)(m_dh, Offset, EmitSize);
  189. Size -= EmitSize;
  190. Offset += EmitSize;
  191. }
  192. }
  193. if (Size) {
  194. if (pExRange->Offset + pExRange->Size >= Offset) {
  195. // Skip over what's in the exclude list.
  196. ExcludeSize = min(Size, (DWORD)(pExRange->Offset + pExRange->Size - Offset));
  197. Size -= ExcludeSize;
  198. Offset += ExcludeSize;
  199. }
  200. }
  201. pExRange = pExRange->Next;
  202. }
  203. // Emit what's left.
  204. if (Size) {
  205. rc = (*m_pFunc)(m_dh, Offset, Size);
  206. }
  207. return rc;
  208. }
  209. BOOL
  210. imagehack_IsImagePEOnly(
  211. IN HANDLE FileHandle
  212. )
  213. /*
  214. What we're looking for here is if there's data outside the exe.
  215. To do so, find the highest section header offset. To that, find the
  216. highest debug directory offset. Finally, round up to the file alignment
  217. size, add in the cert size, and compare to the reported image size...
  218. */
  219. {
  220. LOADED_IMAGE LoadedImage;
  221. DWORD HighOffset;
  222. DWORD i, Offset, Size;
  223. LONG DebugDirectorySize, CertSize;
  224. PIMAGE_DEBUG_DIRECTORY DebugDirectory;
  225. PVOID CertDir;
  226. BOOL rc;
  227. DWORD FileAlignment;
  228. DWORD NumberOfSections;
  229. if (MapIt(FileHandle, &LoadedImage) == FALSE) {
  230. return(FALSE);
  231. }
  232. rc = FALSE;
  233. __try {
  234. if (LoadedImage.FileHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
  235. FileAlignment = ((PIMAGE_NT_HEADERS32)LoadedImage.FileHeader)->OptionalHeader.FileAlignment;
  236. } else if (LoadedImage.FileHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
  237. FileAlignment = ((PIMAGE_NT_HEADERS64)LoadedImage.FileHeader)->OptionalHeader.FileAlignment;
  238. } else {
  239. __leave;
  240. }
  241. NumberOfSections = LoadedImage.FileHeader->FileHeader.NumberOfSections;
  242. HighOffset = 0;
  243. for (i = 0; i < NumberOfSections; i++) {
  244. Offset = LoadedImage.Sections[i].PointerToRawData;
  245. Size = LoadedImage.Sections[i].SizeOfRawData;
  246. HighOffset = max(HighOffset, (Offset + Size));
  247. }
  248. DebugDirectory = (PIMAGE_DEBUG_DIRECTORY)
  249. ImageDirectoryEntryToData(
  250. LoadedImage.MappedAddress,
  251. FALSE,
  252. IMAGE_DIRECTORY_ENTRY_DEBUG,
  253. (ULONG *) &DebugDirectorySize
  254. );
  255. while (DebugDirectorySize > 0) {
  256. Offset = DebugDirectory->PointerToRawData;
  257. Size = DebugDirectory->SizeOfData;
  258. HighOffset = max(HighOffset, (Offset + Size));
  259. DebugDirectorySize -= sizeof(IMAGE_DEBUG_DIRECTORY);
  260. DebugDirectory++;
  261. }
  262. HighOffset = AlignIt(HighOffset, FileAlignment);
  263. CertDir = (PVOID) ImageDirectoryEntryToData(
  264. LoadedImage.MappedAddress,
  265. FALSE,
  266. IMAGE_DIRECTORY_ENTRY_SECURITY,
  267. (ULONG *) &CertSize
  268. );
  269. if (LoadedImage.SizeOfImage <= (HighOffset + CertSize)) {
  270. rc = TRUE;
  271. }
  272. } __except(EXCEPTION_EXECUTE_HANDLER) { }
  273. UnmapViewOfFile(LoadedImage.MappedAddress);
  274. return(rc);
  275. }
  276. BOOL
  277. imagehack_AuImageGetDigestStream(
  278. IN HANDLE FileHandle,
  279. IN DWORD DigestLevel,
  280. IN DIGEST_FUNCTION DigestFunction,
  281. IN DIGEST_HANDLE DigestHandle
  282. )
  283. /*++
  284. Routine Description:
  285. Given an image, return the bytes necessary to construct a certificate.
  286. Only PE images are supported at this time.
  287. Arguments:
  288. FileHandle - Handle to the file in question. The file should be opened
  289. with at least GENERIC_READ access.
  290. DigestLevel - Indicates what data will be included in the returned buffer.
  291. Valid values are:
  292. CERT_PE_IMAGE_DIGEST_ALL_BUT_CERTS - Include data outside the PE image itself
  293. (may include non-mapped debug symbolic)
  294. DigestFunction - User supplied routine that will process the data.
  295. DigestHandle - User supplied handle to identify the digest. Passed as the first
  296. argument to the DigestFunction.
  297. Return Value:
  298. TRUE - Success.
  299. FALSE - There was some error. Call GetLastError for more information. Possible
  300. values are ERROR_INVALID_PARAMETER or ERROR_OPERATION_ABORTED.
  301. --*/
  302. {
  303. LOADED_IMAGE LoadedImage;
  304. BOOL rc;
  305. EXCLUDE_LIST ExList;
  306. if (MapIt(FileHandle, &LoadedImage) == FALSE) {
  307. // Unable to map the image or invalid digest level.
  308. SetLastError(ERROR_INVALID_PARAMETER);
  309. return(FALSE);
  310. }
  311. rc = ERROR_INVALID_PARAMETER;
  312. __try {
  313. if ((LoadedImage.FileHeader->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC) &&
  314. (LoadedImage.FileHeader->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC))
  315. {
  316. __leave;
  317. }
  318. ExList.Init(&LoadedImage, DigestFunction, DigestHandle);
  319. if (LoadedImage.FileHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
  320. PIMAGE_NT_HEADERS32 NtHeader32 = (PIMAGE_NT_HEADERS32)(LoadedImage.FileHeader);
  321. // Exclude the checksum.
  322. ExList.Add(((DWORD_PTR) &NtHeader32->OptionalHeader.CheckSum),
  323. sizeof(NtHeader32->OptionalHeader.CheckSum));
  324. // Exclude the Security directory.
  325. ExList.Add(((DWORD_PTR) &NtHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]),
  326. sizeof(NtHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]));
  327. // Exclude the certs.
  328. ExList.Add((DWORD_PTR)NtHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress +
  329. (DWORD_PTR)LoadedImage.MappedAddress,
  330. NtHeader32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].Size);
  331. } else {
  332. PIMAGE_NT_HEADERS64 NtHeader64 = (PIMAGE_NT_HEADERS64)(LoadedImage.FileHeader);
  333. // Exclude the checksum.
  334. ExList.Add(((DWORD_PTR) &NtHeader64->OptionalHeader.CheckSum),
  335. sizeof(NtHeader64->OptionalHeader.CheckSum));
  336. // Exclude the Security directory.
  337. ExList.Add(((DWORD_PTR) &NtHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]),
  338. sizeof(NtHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]));
  339. // Exclude the certs.
  340. ExList.Add((DWORD_PTR)NtHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress +
  341. (DWORD_PTR)LoadedImage.MappedAddress,
  342. NtHeader64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].Size);
  343. }
  344. ExList.Emit((PBYTE) (LoadedImage.MappedAddress), LoadedImage.SizeOfImage);
  345. rc = ERROR_SUCCESS;
  346. } __except(EXCEPTION_EXECUTE_HANDLER) { }
  347. UnmapViewOfFile(LoadedImage.MappedAddress);
  348. SetLastError(rc);
  349. return(rc == ERROR_SUCCESS ? TRUE : FALSE);
  350. }