archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/gina/uenvext/uenvext.cpp

663 lines
26 KiB
Raw Normal View History

Add source files
4 years ago
  2. #include<nt.h>
  3. #include<ntrtl.h>
  4. #include<nturtl.h>
  5. #include<stdio.h>
  6. #include<string.h>
  7. #include<memory.h>
  8. #include<malloc.h>
  9. #include<stdlib.h>
  11. #ifndef WIN32_LEAN_AND_MEAN
  12. #define WIN32_LEAN_AND_MEAN
  13. #endif
  15. #include <windows.h>
  16. #include <dbghelp.h>
  17. #include <ntsdexts.h>
  18. #include <wdbgexts.h>
  19. #include <ntverp.h>
  21. #define private public
  22. #define protected public
  24. #include "uenv.h"
  25. #include "reghash.h"
  27. //
  28. // forwards
  29. //
  31. BOOL
  32. ReadMemoryUserMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead );
  34. BOOL
  35. ReadMemoryKernelMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead );
  37. BOOL
  38. WriteMemoryUserMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead );
  40. BOOL
  41. WriteMemoryKernelMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead );
  43. //
  44. // types
  45. //
  47. typedef BOOL (*UEnvReadMemory)( HANDLE, const void*, void*, DWORD, DWORD* );
  48. typedef BOOL (*UEnvWriteMemory)( HANDLE, void*, void*, DWORD, DWORD* );
  50. //
  51. // globals
  52. //
  53. EXT_API_VERSION ApiVersion = { (VER_PRODUCTVERSION_W >> 8), (VER_PRODUCTVERSION_W & 0xff), EXT_API_VERSION_NUMBER, 0 };
  54. WINDBG_EXTENSION_APIS ExtensionApis;
  55. USHORT SavedMajorVersion = 0;
  56. USHORT SavedMinorVersion = 0;
  57. BOOL fKernelDebug = FALSE;
  58. UEnvReadMemory ReadMemoryExt = ReadMemoryUserMode;
  59. UEnvReadMemory WriteMemoryExt = ReadMemoryUserMode;
  61. //
  62. // macros
  63. //
  64. #define ExtensionRoutinePrologue() if (!fKernelDebug) \
  65. { \
  66. ExtensionApis = *lpExtensionApis; \
  67. ReadMemoryExt = ReadMemoryUserMode; \
  68. WriteMemoryExt = WriteMemoryUserMode; \
  69. } \
  70. ULONG_PTR dwAddr = GetExpression(lpArgumentString); \
  72. #define PRINT_SIZE(_x_) {dprintf(#_x_" - 0x%X\n", sizeof(_x_));}
  74. #define Boolean( x ) ( x ) ? "True" : "False"
  76. //
  77. // routines
  78. //
  80. BOOL
  81. DllInit(HANDLE hModule,
  82. DWORD dwReason,
  83. DWORD dwReserved )
  84. {
  85. switch (dwReason) {
  86. case DLL_THREAD_ATTACH:
  87. break;
  89. case DLL_THREAD_DETACH:
  90. break;
  92. case DLL_PROCESS_DETACH:
  93. break;
  95. case DLL_PROCESS_ATTACH:
  96. break;
  97. }
  99. return TRUE;
  100. }
  102. void
  103. WinDbgExtensionDllInit(
  104. PWINDBG_EXTENSION_APIS lpExtensionApis,
  105. USHORT MajorVersion,
  106. USHORT MinorVersion
  107. )
  108. {
  109. fKernelDebug = TRUE;
  110. ReadMemoryExt = ReadMemoryKernelMode;
  111. WriteMemoryExt = WriteMemoryKernelMode;
  113. ExtensionApis = *lpExtensionApis;
  115. SavedMajorVersion = MajorVersion;
  116. SavedMinorVersion = MinorVersion;
  118. return;
  119. }
  121. //
  122. // define our own operators new and delete, so that we do not have to include the crt
  123. //
  124. void* __cdecl
  125. ::operator new(size_t dwBytes)
  126. {
  127. void *p;
  128. p = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwBytes);
  129. return (p);
  130. }
  133. void __cdecl
  134. ::operator delete (void* p)
  135. {
  136. HeapFree(GetProcessHeap(), 0, p);
  137. }
  139. BOOL
  140. ReadMemoryUserMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead )
  141. {
  142. return ReadProcessMemory( hProcess, pAddress, pBuffer, dwSize, pdwRead );
  143. }
  145. BOOL
  146. ReadMemoryKernelMode( HANDLE, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead )
  147. {
  148. return ReadMemory( (ULONG) pAddress, pBuffer, dwSize, pdwRead );
  149. }
  151. BOOL
  152. WriteMemoryUserMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead )
  153. {
  154. return WriteProcessMemory( hProcess, (void*) pAddress, pBuffer, dwSize, pdwRead );
  155. }
  157. BOOL
  158. WriteMemoryKernelMode( HANDLE, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead )
  159. {
  160. return WriteMemory( (ULONG) pAddress, pBuffer, dwSize, pdwRead );
  161. }
  163. void
  164. PrintUuid( UUID x )
  165. {
  166. dprintf("%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
  167. x.Data1, x.Data2, x.Data3, x.Data4[0], x.Data4[1],
  168. x.Data4[2], x.Data4[3], x.Data4[4], x.Data4[5],
  169. x.Data4[6], x.Data4[7] );
  170. }
  172. void
  173. version(HANDLE hCurrentProcess,
  174. HANDLE hCurrentThread,
  175. DWORD dwCurrentPc,
  176. PWINDBG_EXTENSION_APIS lpExtensionApis,
  177. LPSTR lpArgumentString )
  178. {
  179. ExtensionRoutinePrologue();
  181. #if DBG
  182. PCHAR DebuggerType = "Checked";
  183. #else
  184. PCHAR DebuggerType = "Free";
  185. #endif
  187. if ( fKernelDebug )
  188. {
  189. dprintf( "%s UserEnv Extension dll for Build %d debugging %s kernel for Build %d\n",
  190. DebuggerType,
  191. VER_PRODUCTBUILD,
  192. SavedMajorVersion == 0x0c ? "Checked" : "Free",
  193. SavedMinorVersion
  194. );
  195. }
  196. else
  197. {
  198. dprintf(
  199. "%s UserEnv Extension dll for Build %d\n",
  200. DebuggerType,
  201. VER_PRODUCTBUILD
  202. );
  203. }
  204. }
  206. LPEXT_API_VERSION
  207. ExtensionApiVersion( void )
  208. {
  209. return &ApiVersion;
  210. }
  212. void help( HANDLE hCurrentProcess,
  213. HANDLE hCurrentThread,
  214. DWORD dwCurrentPc,
  215. PWINDBG_EXTENSION_APIS lpExtensionApis,
  216. LPSTR lpArgumentString )
  218. {
  219. ExtensionRoutinePrologue();
  220. dprintf("!version\n");
  221. dprintf("!gpo <address>\n");
  222. dprintf("!gpext <address>\n");
  223. dprintf("!container <address>\n");
  224. dprintf("!som <address>\n");
  225. dprintf("!profile <address>\n");
  226. dprintf("!debuglevel <address>\n");
  227. dprintf("!dmpregtable <address>\n");
  229. // dprintf("!globals\n");
  230. dprintf("!sizes\n");
  231. }
  233. void gpo( HANDLE hCurrentProcess,
  234. HANDLE hCurrentThread,
  235. DWORD dwCurrentPc,
  236. PWINDBG_EXTENSION_APIS lpExtensionApis,
  237. LPSTR lpArgumentString )
  239. {
  240. ExtensionRoutinePrologue();
  241. unsigned char buffer[sizeof(GPOINFO)];
  242. LPGPOINFO lpGPOInfo = (LPGPOINFO) buffer;
  243. DWORD dwBytesRead = 0;
  245. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(GPOINFO), &dwBytesRead );
  247. if ( bOk && dwBytesRead == sizeof(GPOINFO) )
  248. {
  249. dprintf("dwFlags - 0x%08X\n", lpGPOInfo->dwFlags );
  250. dprintf("iMachineRole - %d\n", lpGPOInfo->iMachineRole );
  251. dprintf("hToken - 0x%08X\n", lpGPOInfo->hToken );
  252. dprintf("pRsopToken - 0x%08X\n", lpGPOInfo->pRsopToken );
  254. WCHAR sz[128];
  255. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPOInfo->lpDNName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  256. sz[127] = 0;
  258. dprintf("lpDNName - 0x%08X\t: \"%S\"\n", lpGPOInfo->lpDNName, bOk ? sz : L"" );
  259. dprintf("hEvent - 0x%08X\n", lpGPOInfo->hEvent );
  260. dprintf("hKeyRoot - 0x%08X\n", lpGPOInfo->hKeyRoot );
  261. dprintf("bXferToExtList - %s\n", Boolean( lpGPOInfo->bXferToExtList ) );
  262. dprintf("lpExtFilterList - 0x%08X\n", lpGPOInfo->lpExtFilterList );
  263. dprintf("lpGPOList - 0x%08X\n", lpGPOInfo->lpGPOList );
  265. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPOInfo->lpwszSidUser, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  266. sz[127] = 0;
  268. dprintf("lpwszSidUser - 0x%08X\t: \"%S\"\n", lpGPOInfo->lpwszSidUser, bOk ? sz : L"" );
  269. dprintf("hTriggerEvent - 0x%08X\n", lpGPOInfo->hTriggerEvent );
  270. dprintf("hNotifyEvent - 0x%08X\n", lpGPOInfo->hNotifyEvent );
  271. dprintf("hCritSection - 0x%08X\n", lpGPOInfo->hCritSection );
  272. dprintf("lpExtensions - 0x%08X\n", lpGPOInfo->lpExtensions );
  273. dprintf("bMemChanged - %s\n", Boolean( lpGPOInfo->bMemChanged ) );
  274. dprintf("bUserLocalMemChanged - %s\n", Boolean( lpGPOInfo->bUserLocalMemChanged ) );
  275. dprintf("pStatusCallback - 0x%08X\n", lpGPOInfo->pStatusCallback );
  276. dprintf("lpSOMList - 0x%08X\n", lpGPOInfo->lpSOMList );
  277. dprintf("lpGpContainerList - 0x%08X\n", lpGPOInfo->lpGpContainerList );
  278. dprintf("lpLoopbackSOMList - 0x%08X\n", lpGPOInfo->lpLoopbackSOMList );
  279. dprintf("lpLoopbackGpContainer - 0x%08X\n", lpGPOInfo->lpLoopbackGpContainerList );
  280. }
  281. }
  283. void gpext( HANDLE hCurrentProcess,
  284. HANDLE hCurrentThread,
  285. DWORD dwCurrentPc,
  286. PWINDBG_EXTENSION_APIS lpExtensionApis,
  287. LPSTR lpArgumentString )
  288. {
  289. ExtensionRoutinePrologue();
  290. unsigned char buffer[sizeof(GPEXT)];
  291. LPGPEXT lpGPExt = (LPGPEXT) buffer;
  292. DWORD dwBytesRead = 0;
  294. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(GPEXT), &dwBytesRead );
  296. if ( bOk && dwBytesRead == sizeof(GPEXT) )
  297. {
  298. WCHAR sz[256];
  299. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPExt->lpDisplayName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  300. sz[127] = 0;
  301. dprintf("lpDisplayName - 0x%08X\t: \"%S\"\n", lpGPExt->lpDisplayName, bOk ? sz : L"" );
  302. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPExt->lpKeyName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  303. sz[127] = 0;
  304. dprintf("lpKeyName - 0x%08X\t: \"%S\"\n", lpGPExt->lpKeyName, bOk ? sz : L"" );
  305. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPExt->lpDllName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  306. sz[127] = 0;
  307. dprintf("lpDllName - 0x%08X\t: \"%S\"\n", lpGPExt->lpDllName, bOk ? sz : L"" );
  308. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPExt->lpFunctionName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  309. sz[127] = 0;
  310. dprintf("lpFunctionName - 0x%08X\t: \"%S\"\n", lpGPExt->lpFunctionName, bOk ? sz : L"" );
  311. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPExt->lpRsopFunctionName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  312. sz[127] = 0;
  313. dprintf("lpRsopFunctionName - 0x%08X\t: \"%S\"\n", lpGPExt->lpRsopFunctionName, bOk ? sz : L"" );
  315. dprintf("hInstance - 0x%08X\n", lpGPExt->hInstance );
  317. DWORD dwDisplacement = 0;
  318. GetSymbol((void*)lpGPExt->pEntryPoint, (UCHAR *)sz, &dwDisplacement);
  319. sz[64] = 0;
  320. dprintf("pEntryPoint - 0x%08X\t: %s\n", lpGPExt->pEntryPoint, sz );
  321. GetSymbol((void*)lpGPExt->pRsopEntryPoint, (UCHAR *)sz, &dwDisplacement);
  322. sz[64] = 0;
  323. dprintf("pRsopEntryPoint - 0x%08X\t: %s\n", lpGPExt->pRsopEntryPoint, sz );
  325. dprintf("dwNoMachPolicy - 0x%08X\n", lpGPExt->dwNoMachPolicy );
  326. dprintf("dwNoUserPolicy - 0x%08X\n", lpGPExt->dwNoUserPolicy );
  327. dprintf("dwNoSlowLink - 0x%08X\n", lpGPExt->dwNoSlowLink );
  328. dprintf("dwNoBackgroundPolicy - 0x%08X\n", lpGPExt->dwNoBackgroundPolicy );
  329. dprintf("dwNoGPOChanges - 0x%08X\n", lpGPExt->dwNoGPOChanges );
  330. dprintf("dwUserLocalSetting - 0x%08X\n", lpGPExt->dwUserLocalSetting );
  331. dprintf("dwRequireRegistry - 0x%08X\n", lpGPExt->dwRequireRegistry );
  332. dprintf("dwEnableAsynch - 0x%08X\n", lpGPExt->dwEnableAsynch );
  333. dprintf("dwLinkTransition - 0x%08X\n", lpGPExt->dwLinkTransition );
  334. dprintf("dwMaxChangesInterval - 0x%08X\n", lpGPExt->dwMaxChangesInterval );
  336. dprintf("bRegistryExt - %s\n", Boolean( lpGPExt->bRegistryExt ) );
  337. dprintf("bSkipped - %s\n", Boolean( lpGPExt->bSkipped ) );
  338. dprintf("bHistoryProcessing - %s\n", Boolean( lpGPExt->bHistoryProcessing ) );
  340. // dprintf("dwSlowLinkPrev - 0x%08X\n", lpGPExt->dwSlowLinkPrev );
  342. dprintf("guid - " );
  343. PrintUuid( lpGPExt->guid );
  344. dprintf("\n" );
  346. dprintf("pNext - 0x%08X\n", lpGPExt->pNext );
  347. }
  348. }
  350. void container(HANDLE hCurrentProcess,
  351. HANDLE hCurrentThread,
  352. DWORD dwCurrentPc,
  353. PWINDBG_EXTENSION_APIS lpExtensionApis,
  354. LPSTR lpArgumentString )
  355. {
  356. ExtensionRoutinePrologue();
  357. unsigned char buffer[sizeof(GPCONTAINER)];
  358. LPGPCONTAINER lpGPCont = (LPGPCONTAINER) buffer;
  359. DWORD dwBytesRead = 0;
  361. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(GPCONTAINER), &dwBytesRead );
  363. if ( bOk && dwBytesRead == sizeof(GPCONTAINER) )
  364. {
  365. WCHAR sz[256];
  366. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPCont->pwszDSPath, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  367. sz[127] = 0;
  368. dprintf("pwszDSPath - 0x%08X\t: \"%S\"\n", lpGPCont->pwszDSPath, bOk ? sz : L"" );
  369. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPCont->pwszGPOName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  370. sz[127] = 0;
  371. dprintf("pwszGPONa - 0x%08X\t: \"%S\"\n", lpGPCont->pwszGPOName, bOk ? sz : L"" );
  372. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPCont->pwszDisplayName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  373. sz[127] = 0;
  374. dprintf("pwszDisplayName - 0x%08X\t: \"%S\"\n", lpGPCont->pwszDisplayName, bOk ? sz : L"" );
  375. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPCont->pwszFileSysPath, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  376. sz[127] = 0;
  377. dprintf("pwszFileSysPath - 0x%08X\t: \"%S\"\n", lpGPCont->pwszFileSysPath, bOk ? sz : L"" );
  379. dprintf("bFound - %s\n", Boolean( lpGPCont->bFound ) );
  380. dprintf("bAccessDenied - %s\n", Boolean( lpGPCont->bAccessDenied ) );
  381. dprintf("bUserDisabled - %s\n", Boolean( lpGPCont->bUserDisabled ) );
  382. dprintf("bMachDisabled - %s\n", Boolean( lpGPCont->bMachDisabled ) );
  384. dprintf("dwUserVersion - 0x%08X\n", lpGPCont->dwUserVersion );
  385. dprintf("dwMachVersion - 0x%08X\n", lpGPCont->dwMachVersion );
  386. dprintf("pSD - 0x%08X\n", lpGPCont->pSD );
  387. dprintf("cbSDLen - 0x%08X\n", lpGPCont->cbSDLen );
  388. dprintf("pNext - 0x%08X\n", lpGPCont->pNext );
  389. }
  390. }
  392. void som( HANDLE hCurrentProcess,
  393. HANDLE hCurrentThread,
  394. DWORD dwCurrentPc,
  395. PWINDBG_EXTENSION_APIS lpExtensionApis,
  396. LPSTR lpArgumentString )
  397. {
  398. ExtensionRoutinePrologue();
  399. unsigned char buffer[sizeof(SCOPEOFMGMT)];
  400. LPSCOPEOFMGMT lpSOM = (LPSCOPEOFMGMT) buffer;
  401. DWORD dwBytesRead = 0;
  403. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(SCOPEOFMGMT), &dwBytesRead );
  405. if ( bOk && dwBytesRead == sizeof(SCOPEOFMGMT) )
  406. {
  407. WCHAR sz[128];
  408. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpSOM->pwszSOMId, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  409. sz[127] = 0;
  410. dprintf("pwszSOMId - 0x%08X\t: \"%S\"\n", lpSOM->pwszSOMId, bOk ? sz : L"" );
  411. dprintf("dwType - 0x%08X\n", lpSOM->dwType );
  412. dprintf("bBlocking - %s\n", Boolean( lpSOM->bBlocking ) );
  413. dprintf("pGpLinkList - 0x%08X\n", lpSOM->pGpLinkList );
  414. }
  415. }
  417. void profile( HANDLE hCurrentProcess,
  418. HANDLE hCurrentThread,
  419. DWORD dwCurrentPc,
  420. PWINDBG_EXTENSION_APIS lpExtensionApis,
  421. LPSTR lpArgumentString )
  422. {
  423. ExtensionRoutinePrologue();
  424. unsigned char buffer[sizeof(USERPROFILE)];
  425. LPPROFILE lpProf = (LPPROFILE) buffer;
  426. DWORD dwBytesRead = 0;
  428. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(USERPROFILE), &dwBytesRead );
  430. if ( bOk && dwBytesRead == sizeof(USERPROFILE) )
  431. {
  432. WCHAR sz[128];
  434. dprintf("dwFlags - 0x%08X\n", lpProf->dwFlags );
  435. dprintf("dwInternalFlags - 0x%08X\n", lpProf->dwInternalFlags );
  436. dprintf("dwUserPreference - 0x%08X\n", lpProf->dwUserPreference );
  437. dprintf("hToken - 0x%08X\n", lpProf->hToken );
  439. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpUserName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  440. sz[127] = 0;
  441. dprintf("lpUserName - 0x%08X\t: \"%S\"\n", lpProf->lpUserName, bOk ? sz : L"" );
  442. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpProfilePath, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  443. sz[127] = 0;
  444. dprintf("lpProfilePath - 0x%08X\t: \"%S\"\n", lpProf->lpProfilePath, bOk ? sz : L"" );
  445. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpRoamingProfile, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  446. sz[127] = 0;
  447. dprintf("lpRoamingProfile - 0x%08X\t: \"%S\"\n", lpProf->lpRoamingProfile, bOk ? sz : L"" );
  448. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpDefaultProfile, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  449. sz[127] = 0;
  450. dprintf("lpDefaultProfile - 0x%08X\t: \"%S\"\n", lpProf->lpDefaultProfile, bOk ? sz : L"" );
  451. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpLocalProfile, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  452. sz[127] = 0;
  453. dprintf("lpLocalProfile - 0x%08X\t: \"%S\"\n", lpProf->lpLocalProfile, bOk ? sz : L"" );
  454. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpPolicyPath, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  455. sz[127] = 0;
  456. dprintf("lpPolicyPath - 0x%08X\t: \"%S\"\n", lpProf->lpPolicyPath, bOk ? sz : L"" );
  457. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpServerName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  458. sz[127] = 0;
  459. dprintf("lpServerName - 0x%08X\t: \"%S\"\n", lpProf->lpServerName, bOk ? sz : L"" );
  461. dprintf("hKeyCurrentUser - 0x%08X\n", lpProf->hKeyCurrentUser );
  463. dprintf("ftProfileLoad - 0x%08X:0x%08X\n", lpProf->ftProfileLoad.dwLowDateTime, lpProf->ftProfileLoad.dwHighDateTime );
  464. dprintf("ftProfileUnload - 0x%08X:0x%08X\n", lpProf->ftProfileUnload.dwLowDateTime, lpProf->ftProfileUnload.dwHighDateTime );
  466. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpExclusionList, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  467. sz[127] = 0;
  468. dprintf("lpExclusionList - 0x%08X\t: \"%S\"\n", lpProf->lpExclusionList, bOk ? sz : L"" );
  469. }
  470. }
  472. void
  473. debuglevel( HANDLE hCurrentProcess,
  474. HANDLE hCurrentThread,
  475. DWORD dwCurrentPc,
  476. PWINDBG_EXTENSION_APIS lpExtensionApis,
  477. LPSTR lpArgumentString )
  478. {
  479. ExtensionRoutinePrologue();
  481. DWORD dwDebugLevelPtr = 0;
  483. dwDebugLevelPtr = GetExpression( "userenv!dwDebugLevel" );
  485. if ( dwDebugLevelPtr )
  486. {
  487. unsigned char buffer[sizeof(DWORD)];
  488. LPDWORD lpdw = (LPDWORD) buffer;
  489. DWORD dwBytesRead = 0;
  491. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwDebugLevelPtr, buffer, sizeof(DWORD), &dwBytesRead );
  493. if ( bOk && dwBytesRead == sizeof(DWORD) )
  494. {
  495. dprintf("0x%08X\n", *lpdw );
  496. }
  498. /*
  499. if ( lpArgumentString && isxdigit( *lpArgumentString ) )
  500. {
  501. DWORD dwValue = GetExpression(lpArgumentString);
  502. dprintf("%x, Writing 0x%X at 0x%X\n", ExtensionApis.lpWriteProcessMemoryRoutine, dwValue, dwDebugLevelPtr );
  503. WriteMemoryExt( hCurrentProcess, (void*) dwDebugLevelPtr, (void*) dwValue, sizeof( DWORD ), 0 );
  504. }
  505. */
  506. }
  507. else
  508. {
  509. dprintf("Could not resolve symbol dwDebugLevel in module userenv!\n" );
  510. }
  511. }
  513. void
  514. globals( HANDLE hCurrentProcess,
  515. HANDLE hCurrentThread,
  516. DWORD dwCurrentPc,
  517. PWINDBG_EXTENSION_APIS lpExtensionApis,
  518. LPSTR lpArgumentString )
  519. {
  520. ExtensionRoutinePrologue();
  521. }
  523. void sizes( HANDLE hCurrentProcess,
  524. HANDLE hCurrentThread,
  525. DWORD dwCurrentPc,
  526. PWINDBG_EXTENSION_APIS lpExtensionApis,
  527. LPSTR lpArgumentString )
  528. {
  529. ExtensionRoutinePrologue();
  530. PRINT_SIZE(GPEXT);
  531. PRINT_SIZE(GPLINK);
  532. PRINT_SIZE(SCOPEOFMGMT);
  533. PRINT_SIZE(GPCONTAINER);
  534. PRINT_SIZE(GPOINFO);
  535. PRINT_SIZE(USERPROFILE);
  536. }
  539. void dmpregtable( HANDLE hCurrentProcess,
  540. HANDLE hCurrentThread,
  541. DWORD dwCurrentPc,
  542. PWINDBG_EXTENSION_APIS lpExtensionApis,
  543. LPSTR lpArgumentString )
  544. {
  545. ExtensionRoutinePrologue();
  546. unsigned char buffer[sizeof(REGHASHTABLE)];
  547. LPREGHASHTABLE pHashTable = (LPREGHASHTABLE) buffer;
  548. DWORD dwBytesRead = 0;
  549. int i;
  550. BOOL bError=FALSE;
  552. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(REGHASHTABLE), &dwBytesRead );
  554. if ( bOk && dwBytesRead == sizeof(REGHASHTABLE) )
  555. {
  556. WCHAR sz[128];
  558. dprintf("Dumping Registry HashTable at Location 0x%08X\n", dwAddr );
  559. for ( i=0; i<HASH_TABLE_SIZE; i++ ) {
  561. REGKEYENTRY *pKeyEntry = pHashTable->aHashTable[i];
  562. REGKEYENTRY KeyEntry;
  564. if (pKeyEntry)
  565. dprintf("Hash Bucket 0x%X\n", i);
  567. while ( pKeyEntry ) {
  569. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pKeyEntry, &KeyEntry, sizeof(REGKEYENTRY), &dwBytesRead );
  570. if (!bOk || dwBytesRead != sizeof(REGKEYENTRY) ) {
  571. dprintf(" !!Couldn't read keyEntry at 0x%08X. quitting..\n", pKeyEntry);
  572. bError = TRUE;
  573. break;
  574. }
  575. dprintf(" KeyEntry at 0x%08X\n", pKeyEntry);
  577. pKeyEntry = &KeyEntry;
  578. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pKeyEntry->pwszKeyName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  579. sz[127] = 0;
  580. dprintf(" pwszKeyName - 0x%08X\t: \"%S\"\n", pKeyEntry->pwszKeyName, pKeyEntry->pwszKeyName?sz:L"<NULL>");
  583. REGVALUEENTRY *pValueList=pKeyEntry->pValueList;
  584. REGVALUEENTRY ValueList;
  586. while ( pValueList ) {
  587. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pValueList, &ValueList, sizeof(REGVALUEENTRY), &dwBytesRead );
  588. if (!bOk || dwBytesRead != sizeof(REGVALUEENTRY) ) {
  589. dprintf(" !!Couldn't read ValueEntry at 0x%08X. quitting..\n", pValueList);
  590. bError = TRUE;
  591. break;
  592. }
  593. dprintf(" ValueEntry at 0x%08X\n", pValueList);
  595. pValueList = &ValueList;
  596. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pValueList->pwszValueName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  597. sz[127] = 0;
  598. dprintf(" pwszValueName - 0x%08X\t: \"%S\"\n", pValueList->pwszValueName, pValueList->pwszValueName?sz:L"<NULL>");
  601. REGDATAENTRY *pDataList = pValueList->pDataList;
  602. REGDATAENTRY DataList;
  604. while ( pDataList ) {
  605. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pDataList, &DataList, sizeof(REGDATAENTRY), &dwBytesRead );
  606. if (!bOk || dwBytesRead != sizeof(REGDATAENTRY) ) {
  607. dprintf(" !!Couldn't read DataEntry at 0x%08X. quitting..\n", pDataList);
  608. bError = TRUE;
  609. break;
  610. }
  611. dprintf(" **DataEntry** at 0x%08X\n", pDataList);
  613. pDataList = &DataList;
  616. dprintf(" bDeleted - %s\n", pDataList->bDeleted?"TRUE":"FALSE");
  617. dprintf(" bAdmPolicy - %s\n", pDataList->bAdmPolicy?"TRUE":"FALSE");
  618. dprintf(" dwValueType - 0x%X\n", pDataList->dwValueType);
  619. dprintf(" dwDataLen - 0x%X\n", pDataList->dwDataLen);
  620. dprintf(" pData - 0x%08X\n", pDataList->pData);
  622. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pDataList->pwszGPO, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  623. sz[127] = 0;
  624. dprintf(" pwszGPO - 0x%08X\t: \"%S\"\n", pDataList->pwszGPO, pDataList->pwszGPO?sz:L"<NULL>");
  626. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pDataList->pwszSOM, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  627. sz[127] = 0;
  628. dprintf(" pwszSOM - 0x%08X\t: \"%S\"\n", pDataList->pwszSOM, pDataList->pwszSOM?sz:L"<NULL>");
  631. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pDataList->pwszCommand, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  632. sz[127] = 0;
  633. dprintf(" pwszCommand - 0x%08X\t: \"%S\"\n", pDataList->pwszCommand, pDataList->pwszCommand?sz:L"<NULL>");
  635. if (bError)
  636. break;
  638. pDataList = pDataList->pNext;
  640. } // While pDataList
  642. if (bError)
  643. break;
  645. pValueList = pValueList->pNext;
  646. } // While pValue
  648. if (bError)
  649. break;
  651. pKeyEntry = pKeyEntry->pNext;
  652. dprintf("\n");
  654. } // while pKey
  656. if (bError)
  657. break;
  658. }
  660. } // for
  662. }