archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/windows/appcompat/shims/general/derandomizeexename.cpp

241 lines
5.9 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  7. DerandomizeExeName.cpp
  9. Abstract:
  11. See markder
  13. History:
  15. 10/13/1999 markder created.
  16. 05/16/2000 robkenny Check for memory alloc failure.
  17. 03/12/2001 robkenny Converted to CString
  19. --*/
  21. #include "precomp.h"
  23. IMPLEMENT_SHIM_BEGIN(DeRandomizeExeName)
  24. #include "ShimHookMacro.h"
  26. APIHOOK_ENUM_BEGIN
  27. APIHOOK_ENUM_ENTRY(CreateProcessA)
  28. APIHOOK_ENUM_END
  30. CString * g_csFilePattern = NULL;
  31. CString * g_csNewFileName = NULL;
  33. BOOL
  34. APIHOOK(CreateProcessA)(
  35. LPCSTR lpApplicationName, // name of executable module
  36. LPSTR lpCommandLine, // command line string
  37. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  38. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  39. BOOL bInheritHandles, // handle inheritance flag
  40. DWORD dwCreationFlags, // creation flags
  41. LPVOID lpEnvironment, // new environment block
  42. LPCSTR lpCurrentDirectory, // current directory name
  43. LPSTARTUPINFOA lpStartupInfo,
  44. LPPROCESS_INFORMATION lpProcessInformation
  45. )
  46. {
  48. CSTRING_TRY
  49. {
  50. AppAndCommandLine appAndCommandLine(lpApplicationName, lpCommandLine);
  52. const CString & csOrigAppName = appAndCommandLine.GetApplicationName();
  53. CString fileName;
  55. //
  56. // Grab the filename portion of the string only.
  57. //
  58. csOrigAppName.GetLastPathComponent(fileName);
  60. BOOL bMatchesPattern = fileName.PatternMatch(*g_csFilePattern);
  61. if (bMatchesPattern)
  62. {
  63. //
  64. // Replace the randomized app name with the specified name
  65. //
  66. CString csNewAppName(csOrigAppName);
  67. csNewAppName.Replace(fileName, *g_csNewFileName);
  69. //
  70. // Copy the exe to the specified name.
  71. //
  72. if (CopyFileW(csOrigAppName.Get(), csNewAppName.Get(), FALSE))
  73. {
  75. LOGN(
  76. eDbgLevelInfo,
  77. "[CreateProcessA] Derandomized pathname from (%S) to (%S)",
  78. csOrigAppName.Get(), csNewAppName.Get());
  80. //
  81. // Mark the file for deletion after we reboot,
  82. // otherwise the file will never get removed.
  83. //
  84. MoveFileExW(csNewAppName.Get(), NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
  86. //
  87. // We have successfully copied the exe to a new file with the specified name
  88. // it is now safe to replace the lpApplicationName to our new file.
  89. //
  91. return ORIGINAL_API(CreateProcessA) (
  92. csNewAppName.GetAnsi(),
  93. lpCommandLine,
  94. lpProcessAttributes,
  95. lpThreadAttributes,
  96. bInheritHandles,
  97. dwCreationFlags,
  98. lpEnvironment,
  99. lpCurrentDirectory,
  100. lpStartupInfo,
  101. lpProcessInformation);
  102. }
  103. }
  104. }
  105. CSTRING_CATCH
  106. {
  107. // Fall through
  108. }
  110. return ORIGINAL_API(CreateProcessA) (
  111. lpApplicationName,
  112. lpCommandLine,
  113. lpProcessAttributes,
  114. lpThreadAttributes,
  115. bInheritHandles,
  116. dwCreationFlags,
  117. lpEnvironment,
  118. lpCurrentDirectory,
  119. lpStartupInfo,
  120. lpProcessInformation);
  121. }
  123. #if TEST_MATCH
  124. void
  125. TestMatch(
  126. const char* a,
  127. const char* b
  128. )
  129. {
  130. BOOL bMatch = PatternMatchA(a, b);
  132. if (bMatch)
  133. {
  134. DPFN(
  135. eDbgLevelSpew,
  136. "[TestMatch] (%s) == (%s)\n", a, b);
  137. }
  138. else
  139. {
  140. DPFN(
  141. eDbgLevelSpew,
  142. "[TestMatch] (%s) != (%s)\n", a, b);
  143. }
  144. }
  146. void TestLots()
  147. {
  148. TestMatch("", "");
  149. TestMatch("", "ABC");
  150. TestMatch("*", "");
  151. TestMatch("?", "");
  152. TestMatch("abc", "ABC");
  153. TestMatch("?", "ABC");
  154. TestMatch("?bc", "ABC");
  155. TestMatch("a?c", "ABC");
  156. TestMatch("ab?", "ABC");
  157. TestMatch("a??", "ABC");
  158. TestMatch("?b?", "ABC");
  159. TestMatch("??c", "ABC");
  160. TestMatch("???", "ABC");
  161. TestMatch("*", "ABC");
  162. TestMatch("*.", "ABC");
  163. TestMatch("*.", "ABC.");
  164. TestMatch("*.?", "ABC.");
  165. TestMatch("??*", "ABC");
  166. TestMatch("*??", "ABC");
  167. TestMatch("ABC", "ABC");
  168. TestMatch(".*", "ABC");
  169. TestMatch("?*", "ABC");
  170. TestMatch("???*", "ABC");
  171. TestMatch("*.txt", "ABC.txt");
  172. TestMatch("*.txt", ".txt");
  173. TestMatch("*.txt", ".abc");
  174. TestMatch("*.txt", "txt.abc");
  175. TestMatch("***", "");
  176. TestMatch("***", "a");
  177. TestMatch("***", "ab");
  178. TestMatch("***", "abc");
  179. }
  180. #endif
  183. BOOL
  184. ParseCommandLine(void)
  185. {
  186. CSTRING_TRY
  187. {
  188. CStringToken csTok(COMMAND_LINE, ";");
  190. g_csFilePattern = new CString;
  191. g_csNewFileName = new CString;
  193. if (g_csFilePattern &&
  194. g_csNewFileName &&
  195. csTok.GetToken(*g_csFilePattern) &&
  196. csTok.GetToken(*g_csNewFileName))
  197. {
  198. return TRUE;
  199. }
  200. }
  201. CSTRING_CATCH
  202. {
  203. // Do nothing
  204. }
  206. LOGN(
  207. eDbgLevelError,
  208. "[ParseCommandLine] Illegal command line");
  210. return FALSE;
  211. }
  213. BOOL
  214. NOTIFY_FUNCTION(
  215. DWORD fdwReason
  216. )
  217. {
  218. if (fdwReason == DLL_PROCESS_ATTACH)
  219. {
  220. #if TEST_MATCH
  221. TestLots();
  222. #endif
  224. return ParseCommandLine();
  225. }
  227. return TRUE;
  228. }
  231. HOOK_BEGIN
  233. CALL_NOTIFY_FUNCTION
  235. APIHOOK_ENTRY(KERNEL32.DLL, CreateProcessA)
  237. HOOK_END
  240. IMPLEMENT_SHIM_END