mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
632 lines
14 KiB
632 lines
14 KiB
/******************************************************************************
|
|
*
|
|
* Copyright (c) 1999 Microsoft Corporation
|
|
*
|
|
* Module Name:
|
|
* verifyBlob.c
|
|
*
|
|
* Abstract:
|
|
* This file contains blob verification code
|
|
*
|
|
* Revision History:
|
|
* Neal Christiansen (nealch) 12/18/2000
|
|
*
|
|
*****************************************************************************/
|
|
|
|
BOOL
|
|
VerifyBlobHeader(
|
|
BlobHeader *BlobHead,
|
|
PCHAR Name,
|
|
DWORD BlobType
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Verify that the given BLOB Header is valid
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
TRUE if OK else FALSE
|
|
|
|
--*/
|
|
{
|
|
BOOL good = TRUE;
|
|
|
|
if (BlobHead->m_dwVersion != BLOB_VERSION_NUM) {
|
|
|
|
printf("Invalid VERSION in %s blob header, was %08x, should be %08x\n",
|
|
Name,
|
|
BlobHead->m_dwVersion,
|
|
BLOB_VERSION_NUM);
|
|
good = FALSE;
|
|
}
|
|
|
|
if (BlobHead->m_dwBlbType != BlobType) {
|
|
|
|
printf("Invalid TYPE in %s blob header, was %08x, should be %08x\n",
|
|
Name,
|
|
BlobHead->m_dwBlbType,
|
|
BlobType);
|
|
good = FALSE;
|
|
}
|
|
|
|
if (BlobHead->m_dwMagicNum != BLOB_MAGIC_NUM) {
|
|
|
|
printf("Invalid MAGIC NUMBER in %s blob header, was %08x, should be %08x\n",
|
|
Name,
|
|
BlobHead->m_dwMagicNum,
|
|
BLOB_MAGIC_NUM);
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((BlobHead->m_dwEntries <= 0) || (BlobHead->m_dwEntries >= 10000)) {
|
|
|
|
printf("Invalid ENTRIES in %s blob header, was %08x, should be > 0 and < 10,000\n",
|
|
Name,
|
|
BlobHead->m_dwEntries);
|
|
good = FALSE;
|
|
}
|
|
|
|
return good;
|
|
}
|
|
|
|
|
|
|
|
BOOL
|
|
VerifyHashHeader(
|
|
ListHeader *HashHead,
|
|
PCHAR Name,
|
|
DWORD Offset
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Verify that the given TREE Header is valid
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
TRUE if OK else FALSE
|
|
|
|
--*/
|
|
{
|
|
BOOL good = TRUE;
|
|
DWORD calculatedSize;
|
|
DWORD numNodes;
|
|
|
|
//
|
|
// Verify BLOB header
|
|
//
|
|
|
|
if (!VerifyBlobHeader(&HashHead->m_BlobHeader,Name,BLOB_TYPE_HASHLIST)) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// paulmcd: jan/2001
|
|
// m_iHashBuckets will not be exact with m_dwEntries as it is the next
|
|
// highest prime number. but it will always be larger than or equalto.
|
|
//
|
|
|
|
if (HashHead->m_iHashBuckets < HashHead->m_BlobHeader.m_dwEntries) {
|
|
|
|
printf("Invalid HASH BUCKET COUNT in %s header, is %08x, should be %08x or %08x\n",
|
|
Name,
|
|
HashHead->m_iHashBuckets,
|
|
HashHead->m_BlobHeader.m_dwEntries,
|
|
HashHead->m_BlobHeader.m_dwEntries+1);
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((HashHead->m_dwDataOff != HashHead->m_BlobHeader.m_dwMaxSize)) {
|
|
|
|
printf("Invalid DATA OFFSET in %s header, is %08x, should be %08x\n",
|
|
Name,
|
|
HashHead->m_dwDataOff,
|
|
HashHead->m_BlobHeader.m_dwMaxSize);
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((HashHead->m_iFreeNode != 0)) {
|
|
|
|
printf("Invalid FREE NODE in %s header, is %08x, should be 0\n",
|
|
Name,
|
|
HashHead->m_iFreeNode);
|
|
good = FALSE;
|
|
}
|
|
|
|
//
|
|
// Make sure the calucalted size is accurate
|
|
//
|
|
|
|
numNodes = HashHead->m_BlobHeader.m_dwEntries + 1;
|
|
|
|
calculatedSize = sizeof(ListHeader) +
|
|
(HashHead->m_iHashBuckets * sizeof(DWORD)) +
|
|
(numNodes * sizeof(ListEntry));
|
|
|
|
if (calculatedSize >= HashHead->m_BlobHeader.m_dwMaxSize) {
|
|
|
|
printf("Invalid CALCULATED SIZE in %s header, is %08x, should be < %08x\n",
|
|
Name,
|
|
calculatedSize,
|
|
HashHead->m_BlobHeader.m_dwMaxSize);
|
|
good = FALSE;
|
|
}
|
|
|
|
return good;
|
|
}
|
|
|
|
|
|
BOOL
|
|
VerifyHash(
|
|
ListHeader *HashHead,
|
|
PCHAR Name,
|
|
DWORD Offset
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Verify that the given TREE entries are valid
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
TRUE if OK else FALSE
|
|
|
|
--*/
|
|
{
|
|
BOOL good = TRUE;
|
|
UINT i;
|
|
DWORD dataStart;
|
|
DWORD numNodes;
|
|
DWORD numBuckets;
|
|
DWORD *hTable;
|
|
ListEntry *hNode;
|
|
|
|
//
|
|
// Validate the HEADER
|
|
//
|
|
|
|
if (!VerifyHashHeader(HashHead,Name,Offset)) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// paulmcd: we have hash bucket and actual nodes. there is one extra
|
|
// actual node than reported due to offset zero being null. the bucket
|
|
// count is the next largest prime from numNodes
|
|
//
|
|
|
|
numBuckets = HashHead->m_iHashBuckets;
|
|
numNodes = HashHead->m_BlobHeader.m_dwEntries + 1;
|
|
|
|
//
|
|
// Validate Hash table entries
|
|
//
|
|
|
|
hTable = (DWORD *)(HashHead + 1);
|
|
|
|
for (i=0;i < HashHead->m_iHashBuckets;i++,hTable++) {
|
|
|
|
if (*hTable >= numNodes) {
|
|
|
|
printf("Invalid HASH TABLE ENTRY[%d] in %s, is %08x, should be < %08x\n",
|
|
i,
|
|
Name,
|
|
*hTable,
|
|
numNodes);
|
|
good = FALSE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Validate the start of the Hash LIST entries
|
|
//
|
|
|
|
{
|
|
ULONG_PTR actualOffset;
|
|
ULONG_PTR calculatedOffset;
|
|
|
|
actualOffset = (ULONG_PTR)hTable - (ULONG_PTR)HashHead;
|
|
calculatedOffset = sizeof(ListHeader) +
|
|
(HashHead->m_iHashBuckets * sizeof(DWORD));
|
|
|
|
if (calculatedOffset != actualOffset) {
|
|
|
|
printf("Invalid HASH LIST START in %s, offset is %08x, should be %08x\n",
|
|
Name,
|
|
actualOffset,
|
|
calculatedOffset);
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Validate the Hash DATA entries
|
|
//
|
|
|
|
hNode = (ListEntry *)hTable;
|
|
dataStart = sizeof(ListHeader) +
|
|
(HashHead->m_iHashBuckets * sizeof(DWORD)) +
|
|
(numNodes * sizeof(ListEntry));
|
|
|
|
for (i=0;i < numNodes;i++,hNode++) {
|
|
|
|
if ((hNode->m_iNext < 0) ||
|
|
(hNode->m_iNext >= (INT)HashHead->m_iHashBuckets)) {
|
|
|
|
printf("Invalid HASH NODE[%d] NEXT INDEX in %s, is %08x, should be < %08x\n",
|
|
i,
|
|
Name,
|
|
hNode->m_iNext,
|
|
HashHead->m_iHashBuckets);
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((hNode->m_dwData != 0) &&
|
|
((hNode->m_dwData < dataStart) ||
|
|
(hNode->m_dwData >= HashHead->m_BlobHeader.m_dwMaxSize))) {
|
|
|
|
printf("Invalid HASH NODE[%d] DATA INDEX in %s, is %08x, should be >= %08x and < %08x\n",
|
|
i,
|
|
Name,
|
|
hNode->m_dwData,
|
|
dataStart,
|
|
HashHead->m_BlobHeader.m_dwMaxSize);
|
|
good = FALSE;
|
|
|
|
} else if ((hNode->m_dwData != 0) &&
|
|
((WCHAR)hNode->m_dwDataLen != *(PWCHAR)((DWORD_PTR)HashHead + hNode->m_dwData))) {
|
|
|
|
printf("Invalid HASH NODE[%d] DATA LENGTH in %s, is %08x, should be %08x\n",
|
|
i,
|
|
Name,
|
|
hNode->m_dwDataLen,
|
|
*(PWCHAR)((DWORD_PTR)HashHead + hNode->m_dwData));
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((hNode->m_dwType != NODE_TYPE_UNKNOWN) &&
|
|
(hNode->m_dwType != NODE_TYPE_INCLUDE) &&
|
|
(hNode->m_dwType != NODE_TYPE_EXCLUDE))
|
|
{
|
|
printf("Invalid HASH NODE[%d] TYPE in %s, is %08x, should be %08x, %08x or %08x\n",
|
|
i,
|
|
Name,
|
|
hNode->m_dwType,
|
|
NODE_TYPE_UNKNOWN,
|
|
NODE_TYPE_INCLUDE,
|
|
NODE_TYPE_EXCLUDE);
|
|
good = FALSE;
|
|
}
|
|
}
|
|
|
|
return good;
|
|
}
|
|
|
|
|
|
BOOL
|
|
VerifyTreeHeader(
|
|
TreeHeader *TreeHead,
|
|
PCHAR Name
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Verify that the given TREE Header is valid
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
TRUE if OK else FALSE
|
|
|
|
--*/
|
|
{
|
|
BOOL good = TRUE;
|
|
DWORD calculatedSize;
|
|
|
|
//
|
|
// Verify BLOB header
|
|
//
|
|
|
|
if (!VerifyBlobHeader(&TreeHead->m_BlobHeader,Name,BLOB_TYPE_PATHTREE)) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
if ((TreeHead->m_dwMaxNodes != TreeHead->m_BlobHeader.m_dwEntries)) {
|
|
|
|
printf("Invalid MAX NODES in %s header, is %08x, should be %08x\n",
|
|
Name,
|
|
TreeHead->m_dwMaxNodes,
|
|
TreeHead->m_BlobHeader.m_dwEntries);
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((TreeHead->m_dwDataSize >= TreeHead->m_BlobHeader.m_dwMaxSize)) {
|
|
|
|
printf("Invalid DATA SIZE in %s header, is %08x, should be < %08x\n",
|
|
Name,
|
|
TreeHead->m_dwDataSize,
|
|
TreeHead->m_BlobHeader.m_dwMaxSize);
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((TreeHead->m_dwDataOff != TreeHead->m_BlobHeader.m_dwMaxSize)) {
|
|
|
|
printf("Invalid DATA OFFSET in %s header, is %08x, should be %08x\n",
|
|
Name,
|
|
TreeHead->m_dwDataOff,
|
|
TreeHead->m_BlobHeader.m_dwMaxSize);
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((TreeHead->m_iFreeNode != 0)) {
|
|
|
|
printf("Invalid FREE NODE in %s header, is %08x, should be 0\n",
|
|
Name,
|
|
TreeHead->m_iFreeNode);
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((TreeHead->m_dwDefault != NODE_TYPE_EXCLUDE)) {
|
|
|
|
printf("Invalid DEFAULT in %s header, is %08x, should be %08x\n",
|
|
Name,
|
|
TreeHead->m_dwDefault,
|
|
NODE_TYPE_EXCLUDE);
|
|
good = FALSE;
|
|
}
|
|
|
|
//
|
|
// Make sure the calucalted size is accurate
|
|
//
|
|
|
|
calculatedSize = sizeof(TreeHeader) +
|
|
(TreeHead->m_dwMaxNodes * sizeof(TreeNode)) +
|
|
TreeHead->m_dwDataSize;
|
|
|
|
if (calculatedSize != TreeHead->m_BlobHeader.m_dwMaxSize) {
|
|
|
|
printf("Invalid CALCULATED SIZE in %s header, is %08x, should be %08x\n",
|
|
Name,
|
|
calculatedSize,
|
|
TreeHead->m_BlobHeader.m_dwMaxSize);
|
|
good = FALSE;
|
|
}
|
|
|
|
return good;
|
|
}
|
|
|
|
|
|
BOOL
|
|
VerifyTree(
|
|
TreeHeader *TreeHead,
|
|
PCHAR Name,
|
|
DWORD Offset
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Verify that the given TREE entries are valid
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
TRUE if OK else FALSE
|
|
|
|
--*/
|
|
{
|
|
BOOL good = TRUE;
|
|
UINT i;
|
|
DWORD dataStart;
|
|
TreeNode *tn;
|
|
ListHeader *localHashHead;
|
|
char localName[128];
|
|
|
|
//
|
|
// Validate the HEADER
|
|
//
|
|
|
|
if (!VerifyTreeHeader(TreeHead,Name)) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Validate the DATA entries
|
|
//
|
|
|
|
tn = (TreeNode *)(TreeHead + 1);
|
|
dataStart = sizeof(TreeHeader) +
|
|
(TreeHead->m_dwMaxNodes * sizeof(TreeNode));
|
|
|
|
|
|
for (i=0;i < TreeHead->m_dwMaxNodes;i++,tn++) {
|
|
|
|
if ((tn->m_iFather < 0) ||
|
|
(tn->m_iFather >= (INT)TreeHead->m_dwMaxNodes))
|
|
{
|
|
printf("Invalid TREE NODE[%d] FATHER index in %s, is %08x, should be < %08x\n",
|
|
i,
|
|
Name,
|
|
tn->m_iFather,
|
|
TreeHead->m_dwMaxNodes);
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((tn->m_iSon < 0) ||
|
|
(tn->m_iSon >= (INT)TreeHead->m_dwMaxNodes))
|
|
{
|
|
printf("Invalid TREE NODE[%d] SON index in %s, is %08x, should be < %08x\n",
|
|
i,
|
|
Name,
|
|
tn->m_iSon,
|
|
TreeHead->m_dwMaxNodes);
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((tn->m_iSibling < 0) ||
|
|
(tn->m_iSibling >= (INT)TreeHead->m_dwMaxNodes))
|
|
{
|
|
printf("Invalid TREE NODE[%d] SIBLING index in %s, is %08x, should be < %08x\n",
|
|
i,
|
|
Name,
|
|
tn->m_iSibling,
|
|
TreeHead->m_dwMaxNodes);
|
|
good = FALSE;
|
|
}
|
|
|
|
if ((tn->m_dwData < dataStart) ||
|
|
(tn->m_dwData >= TreeHead->m_BlobHeader.m_dwMaxSize))
|
|
{
|
|
printf("Invalid TREE NODE[%d] DATA index in %s, is %08x, should be >= %08x and < %08x\n",
|
|
i,
|
|
Name,
|
|
tn->m_dwData,
|
|
dataStart,
|
|
TreeHead->m_BlobHeader.m_dwMaxSize);
|
|
good = FALSE;
|
|
}
|
|
|
|
if (tn->m_dwFileList != 0) {
|
|
if ((tn->m_dwFileList < dataStart) ||
|
|
(tn->m_dwFileList >= TreeHead->m_BlobHeader.m_dwMaxSize))
|
|
{
|
|
printf("Invalid TREE NODE[%d] FILELIST index in %s, is %08x, should be >= %08x and < %08x\n",
|
|
i,
|
|
Name,
|
|
tn->m_dwData,
|
|
dataStart,
|
|
TreeHead->m_BlobHeader.m_dwMaxSize);
|
|
good = FALSE;
|
|
|
|
} else {
|
|
|
|
localHashHead = (ListHeader *)((DWORD_PTR)TreeHead + tn->m_dwFileList);
|
|
sprintf(localName,"TreeNode[%d]",i);
|
|
|
|
if (!VerifyHash(localHashHead,localName,(Offset+tn->m_dwFileList))) {
|
|
|
|
good = FALSE;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ((tn->m_dwType != NODE_TYPE_UNKNOWN) &&
|
|
(tn->m_dwType != NODE_TYPE_INCLUDE) &&
|
|
(tn->m_dwType != NODE_TYPE_EXCLUDE))
|
|
{
|
|
printf("Invalid TREE NODE[%d] TYPE in %s, is %08x, should be %08x, %08x or %08x\n",
|
|
i,
|
|
Name,
|
|
tn->m_dwType,
|
|
NODE_TYPE_UNKNOWN,
|
|
NODE_TYPE_INCLUDE,
|
|
NODE_TYPE_EXCLUDE);
|
|
good = FALSE;
|
|
}
|
|
}
|
|
|
|
return good;
|
|
}
|
|
|
|
|
|
|
|
BOOL
|
|
VerifyBlob(
|
|
DWORD_PTR Blob
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Verify that the given BLOB is valid
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
TRUE if OK else FALSE
|
|
|
|
--*/
|
|
{
|
|
BlobHeader *blobHead;
|
|
TreeHeader *treeHead;
|
|
ListHeader *hashHead;
|
|
DWORD calculatedSize = 0;
|
|
|
|
//
|
|
// Verify header to entire blob
|
|
//
|
|
|
|
blobHead = (BlobHeader *)Blob;
|
|
|
|
if (!VerifyBlobHeader(blobHead,"PRIMARY",BLOB_TYPE_CONTAINER)) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
calculatedSize += sizeof(BlobHeader);
|
|
|
|
//
|
|
// Verify TreeHeader and Data
|
|
//
|
|
|
|
treeHead = (TreeHeader *)(Blob + calculatedSize);
|
|
|
|
if (!VerifyTree(treeHead,"PRIMARY TREE",calculatedSize)) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
calculatedSize += treeHead->m_BlobHeader.m_dwMaxSize;
|
|
|
|
//
|
|
// Verify HashHeader and DATA
|
|
//
|
|
|
|
hashHead = (ListHeader *)(Blob + calculatedSize);
|
|
|
|
if (!VerifyHash(hashHead,"PRIMARY HASH",calculatedSize)) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
calculatedSize += hashHead->m_BlobHeader.m_dwMaxSize;
|
|
|
|
//
|
|
// Validate total SIZE
|
|
//
|
|
|
|
if (calculatedSize != blobHead->m_dwMaxSize) {
|
|
|
|
printf("Invalid PRIMARY BLOB size, is %08x, calculated to be %08x\n",
|
|
blobHead->m_dwMaxSize,
|
|
calculatedSize);
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
return TRUE;
|
|
}
|