mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1472 lines
35 KiB
1472 lines
35 KiB
/*++
|
|
|
|
Copyright (c) 1998 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
registry.c
|
|
|
|
Abstract:
|
|
|
|
Implementation of registry code.
|
|
|
|
Author:
|
|
|
|
Wesley Witt (wesw) 18-Dec-1998
|
|
|
|
Revision History:
|
|
|
|
Andrew Ritz (andrewr) 7-Jul-1999 : added comments
|
|
--*/
|
|
|
|
#include "sfcp.h"
|
|
#pragma hdrstop
|
|
|
|
|
|
//
|
|
// this is a list of all of the files that we protect on the system. note that
|
|
// there is no such thing as a tier 1 file anymore, only tier 2 files.
|
|
//
|
|
PPROTECT_FILE_ENTRY Tier2Files;
|
|
|
|
//
|
|
// this is the total number of files we're protecting
|
|
//
|
|
ULONG CountTier2Files;
|
|
|
|
//
|
|
// used to signal the watcher that the next change
|
|
// type is expected to the this type and if so the
|
|
// change should be ignored
|
|
//
|
|
ULONG* IgnoreNextChange = NULL;
|
|
ULARGE_INTEGER LastExemptionTime;
|
|
|
|
|
|
NTSTATUS
|
|
InitializeUnicodeString(
|
|
IN PWSTR StrVal,
|
|
IN ULONG StrLen, OPTIONAL
|
|
OUT PUNICODE_STRING String
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Initialize a unicode_string given a unicode string pointer. this function
|
|
handles NULL strings and initializes the unicode string buffer to NULL in
|
|
this case
|
|
|
|
Arguments:
|
|
|
|
StrVal - pointer to null terminated unicode string
|
|
StrLen - length in characters of unicode string. if not specified,
|
|
we use the length of the string.
|
|
String - pointer to a UNICODE_STRING structure that is filled in by
|
|
this function.
|
|
Return Value:
|
|
|
|
NTSTATUS code indicating outcome.
|
|
|
|
--*/
|
|
{
|
|
|
|
ASSERT(String != NULL);
|
|
|
|
if (StrVal == NULL) {
|
|
String->Length = 0;
|
|
String->MaximumLength = 0;
|
|
String->Buffer = NULL;
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
//
|
|
// if the length was specified by the user, use that, otherwise use the
|
|
// string length
|
|
//
|
|
String->Length = StrLen ? (USHORT)StrLen : (USHORT)UnicodeLen(StrVal);
|
|
//
|
|
// just say that the length is twice what we calculated as the current
|
|
// length.
|
|
//
|
|
String->MaximumLength = String->Length + (sizeof(WCHAR)*2);
|
|
String->Buffer = (PWSTR) MemAlloc( String->MaximumLength );
|
|
if (String->Buffer == NULL) {
|
|
return STATUS_NO_MEMORY;
|
|
}
|
|
|
|
RtlMoveMemory( String->Buffer, StrVal, String->Length );
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
|
|
ULONG
|
|
SfcQueryRegDword(
|
|
PCWSTR KeyNameStr,
|
|
PCWSTR ValueNameStr,
|
|
ULONG DefaultValue
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
retrieve a DWORD from the registry. if the value is not present or cannot
|
|
be retrieved, we use a default value. calls registry api's using NT apis
|
|
instead of win32 apis.
|
|
|
|
|
|
Arguments:
|
|
|
|
KeyNameStr - contains registry keyname to look for value under.
|
|
ValueNameStr - contains registry value to retreive.
|
|
DefaultValue - if we have problems retreiving the registry key or it is
|
|
not set, use this default value.
|
|
Return Value:
|
|
|
|
registry DWORD value or default value if registry cannot be retreived.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
NTSTATUS Status;
|
|
UNICODE_STRING KeyName;
|
|
UNICODE_STRING ValueName;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
HANDLE Key;
|
|
WCHAR ValueBuffer[VALUE_BUFFER_SIZE];
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInfo;
|
|
ULONG ValueLength;
|
|
|
|
//
|
|
// Open the registry key.
|
|
//
|
|
|
|
ASSERT((KeyNameStr != NULL) && (ValueNameStr != NULL));
|
|
|
|
KeyValueInfo = (PKEY_VALUE_PARTIAL_INFORMATION)ValueBuffer;
|
|
RtlInitUnicodeString( &KeyName, KeyNameStr );
|
|
|
|
InitializeObjectAttributes(
|
|
&ObjectAttributes,
|
|
&KeyName,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
Status = NtOpenKey(&Key, KEY_READ, &ObjectAttributes);
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't open %ws key: 0x%x", KeyNameStr, Status );
|
|
return DefaultValue;
|
|
}
|
|
|
|
//
|
|
// Query the key value.
|
|
//
|
|
|
|
RtlInitUnicodeString( &ValueName, ValueNameStr );
|
|
Status = NtQueryValueKey(
|
|
Key,
|
|
&ValueName,
|
|
KeyValuePartialInformation,
|
|
(PVOID)KeyValueInfo,
|
|
VALUE_BUFFER_SIZE,
|
|
&ValueLength
|
|
);
|
|
|
|
//
|
|
// cleanup
|
|
//
|
|
NtClose(Key);
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't query value key (%ws): 0x%x", ValueNameStr, Status );
|
|
return DefaultValue;
|
|
}
|
|
|
|
ASSERT(KeyValueInfo->Type == REG_DWORD);
|
|
|
|
//
|
|
// return value
|
|
//
|
|
return *((PULONG)&KeyValueInfo->Data);
|
|
}
|
|
|
|
|
|
ULONG
|
|
SfcQueryRegDwordWithAlternate(
|
|
IN PCWSTR FirstKey,
|
|
IN PCWSTR SecondKey,
|
|
IN PCWSTR ValueNameStr,
|
|
IN ULONG DefaultValue
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
retrieve a DWORD from the registry. if the value is not present in the
|
|
first key location, we look in the second key location. If the key cannot
|
|
be retrieved, we use a default value. calls registry api's using NT apis
|
|
instead of win32 apis.
|
|
|
|
Arguments:
|
|
|
|
FirstKey - contains first registry keyname to look for value under.
|
|
SecondKey - contains registry keyname to look for value under.
|
|
ValueNameStr - contains registry value to retreive.
|
|
DefaultValue - if we have problems retreiving the registry key or it is
|
|
not set, use this default value.
|
|
Return Value:
|
|
|
|
registry DWORD value or default value if registry cannot be retreived.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
NTSTATUS Status;
|
|
UNICODE_STRING KeyName;
|
|
UNICODE_STRING ValueName;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
HANDLE Key;
|
|
WCHAR ValueBuffer[VALUE_BUFFER_SIZE];
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInfo;
|
|
ULONG ValueLength;
|
|
BOOL FirstTime;
|
|
PCWSTR p;
|
|
|
|
|
|
//
|
|
// Open the registry key.
|
|
//
|
|
FirstTime = TRUE;
|
|
ASSERT((FirstKey != NULL) && (ValueNameStr != NULL) && (SecondKey != NULL));
|
|
|
|
TryAgain:
|
|
p = FirstTime ? FirstKey : SecondKey;
|
|
|
|
KeyValueInfo = (PKEY_VALUE_PARTIAL_INFORMATION)ValueBuffer;
|
|
RtlInitUnicodeString( &KeyName, p );
|
|
|
|
InitializeObjectAttributes(
|
|
&ObjectAttributes,
|
|
&KeyName,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
Status = NtOpenKey(&Key, KEY_READ, &ObjectAttributes);
|
|
if (!NT_SUCCESS(Status) && !FirstTime) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't open %ws key: 0x%x", p, Status );
|
|
return DefaultValue;
|
|
}
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
ASSERT( FirstTime == TRUE );
|
|
FirstTime = FALSE;
|
|
goto TryAgain;
|
|
}
|
|
|
|
//
|
|
// Query the key value.
|
|
//
|
|
|
|
RtlInitUnicodeString( &ValueName, ValueNameStr );
|
|
Status = NtQueryValueKey(
|
|
Key,
|
|
&ValueName,
|
|
KeyValuePartialInformation,
|
|
(PVOID)KeyValueInfo,
|
|
VALUE_BUFFER_SIZE,
|
|
&ValueLength
|
|
);
|
|
|
|
//
|
|
// cleanup
|
|
//
|
|
NtClose(Key);
|
|
if (!NT_SUCCESS(Status) && !FirstTime) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't query value key (%ws): 0x%x", ValueNameStr, Status );
|
|
return DefaultValue;
|
|
}
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
ASSERT( FirstTime == TRUE );
|
|
FirstTime = FALSE;
|
|
goto TryAgain;
|
|
}
|
|
|
|
ASSERT(KeyValueInfo->Type == REG_DWORD);
|
|
|
|
//
|
|
// return value
|
|
//
|
|
return *((PULONG)&KeyValueInfo->Data);
|
|
}
|
|
|
|
|
|
PWSTR
|
|
SfcQueryRegString(
|
|
PCWSTR KeyNameStr,
|
|
PCWSTR ValueNameStr
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
retrieve a string from the registry. if the value is not present or cannot
|
|
be retrieved, we return NULL. calls registry api's using NT apis
|
|
instead of win32 apis.
|
|
|
|
Arguments:
|
|
|
|
KeyNameStr - contains registry keyname to look for value under.
|
|
ValueNameStr - contains registry value to retreive.
|
|
|
|
Return Value:
|
|
|
|
unicode string pointer or NULL if registry cannot be retreived.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS Status;
|
|
UNICODE_STRING KeyName;
|
|
UNICODE_STRING ValueName;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
HANDLE Key;
|
|
WCHAR ValueBuffer[VALUE_BUFFER_SIZE];
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInfo;
|
|
ULONG ValueLength;
|
|
PWSTR s;
|
|
|
|
ASSERT((KeyNameStr != NULL) && (ValueNameStr != NULL));
|
|
|
|
//
|
|
// Open the registry key.
|
|
//
|
|
|
|
RtlZeroMemory( (PVOID)ValueBuffer, VALUE_BUFFER_SIZE );
|
|
KeyValueInfo = (PKEY_VALUE_PARTIAL_INFORMATION)ValueBuffer;
|
|
RtlInitUnicodeString( &KeyName, KeyNameStr );
|
|
|
|
InitializeObjectAttributes(
|
|
&ObjectAttributes,
|
|
&KeyName,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
Status = NtOpenKey(&Key, KEY_READ, &ObjectAttributes);
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't open %ws key: 0x%x", KeyNameStr, Status );
|
|
return NULL;
|
|
}
|
|
|
|
//
|
|
// Query the key value.
|
|
//
|
|
|
|
RtlInitUnicodeString( &ValueName, ValueNameStr );
|
|
Status = NtQueryValueKey(
|
|
Key,
|
|
&ValueName,
|
|
KeyValuePartialInformation,
|
|
(PVOID)KeyValueInfo,
|
|
VALUE_BUFFER_SIZE,
|
|
&ValueLength
|
|
);
|
|
|
|
//
|
|
// cleanup
|
|
//
|
|
NtClose(Key);
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't query value key (%ws): 0x%x", ValueNameStr, Status );
|
|
return 0;
|
|
}
|
|
|
|
if (KeyValueInfo->Type == REG_MULTI_SZ) {
|
|
DebugPrint1( LVL_VERBOSE,
|
|
L"Warning: value key %ws is REG_MULTI_SZ, we will only return first string in list",
|
|
ValueNameStr );
|
|
} else {
|
|
ASSERT(KeyValueInfo->Type == REG_SZ || KeyValueInfo->Type == REG_EXPAND_SZ);
|
|
}
|
|
|
|
//
|
|
// string length + 16 for slop
|
|
//
|
|
s = (PWSTR) MemAlloc( KeyValueInfo->DataLength + 16 );
|
|
if (s == NULL) {
|
|
return NULL;
|
|
}
|
|
|
|
CopyMemory( s, KeyValueInfo->Data, KeyValueInfo->DataLength );
|
|
|
|
return s;
|
|
}
|
|
|
|
ULONG
|
|
SfcQueryRegPath(
|
|
IN PCWSTR KeyNameStr,
|
|
IN PCWSTR ValueNameStr,
|
|
IN PCWSTR DefaultValue OPTIONAL,
|
|
OUT PWSTR Buffer OPTIONAL,
|
|
IN ULONG BufferSize OPTIONAL
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
retrieves a path from the registry. if the value is not present or cannot be retrieved,
|
|
it returns the passed-in default string. The function writes up to BufferSize - 1 characters and appends
|
|
a null. calls registry api's using NT apis instead of win32 apis.
|
|
|
|
Arguments:
|
|
|
|
KeyNameStr - contains registry keyname to look for value under.
|
|
ValueNameStr - contains registry value to retreive.
|
|
DefaultValue - the value returned in case of an error
|
|
Buffer - the buffer that receives the string
|
|
BufferSize - the size of Buffer in chars
|
|
|
|
Return Value:
|
|
|
|
the length of the value data in chars, including the null
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS Status;
|
|
UNICODE_STRING KeyName;
|
|
UNICODE_STRING ValueName;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
HANDLE Key;
|
|
WCHAR ValueBuffer[VALUE_BUFFER_SIZE];
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInfo = (PKEY_VALUE_PARTIAL_INFORMATION) ValueBuffer;
|
|
ULONG ValueLength;
|
|
ULONG RequiredSize = 1; // for null
|
|
PCWSTR retval = NULL;
|
|
|
|
ASSERT(KeyNameStr != NULL && ValueNameStr != NULL);
|
|
ASSERT(0 == BufferSize || Buffer != NULL);
|
|
|
|
if(BufferSize != 0)
|
|
Buffer[0] = 0;
|
|
|
|
//
|
|
// Open the registry key.
|
|
//
|
|
RtlInitUnicodeString( &KeyName, KeyNameStr );
|
|
|
|
InitializeObjectAttributes(
|
|
&ObjectAttributes,
|
|
&KeyName,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
Status = NtOpenKey(&Key, KEY_READ, &ObjectAttributes);
|
|
|
|
if(NT_SUCCESS(Status))
|
|
{
|
|
//
|
|
// Query the key value.
|
|
//
|
|
RtlInitUnicodeString( &ValueName, ValueNameStr );
|
|
|
|
Status = NtQueryValueKey(
|
|
Key,
|
|
&ValueName,
|
|
KeyValuePartialInformation,
|
|
(PVOID) KeyValueInfo,
|
|
VALUE_BUFFER_SIZE,
|
|
&ValueLength
|
|
);
|
|
|
|
NtClose(Key);
|
|
|
|
if(NT_SUCCESS(Status))
|
|
{
|
|
ASSERT(KeyValueInfo->Type == REG_SZ || KeyValueInfo->Type == REG_EXPAND_SZ);
|
|
retval = (PCWSTR) KeyValueInfo->Data;
|
|
}
|
|
}
|
|
|
|
if(NULL == retval || 0 == retval[0])
|
|
retval = DefaultValue;
|
|
|
|
if(retval != NULL)
|
|
{
|
|
RequiredSize = ExpandEnvironmentStrings(retval, Buffer, BufferSize);
|
|
|
|
if(BufferSize != 0 && BufferSize < RequiredSize)
|
|
Buffer[BufferSize - 1] = 0;
|
|
}
|
|
|
|
return RequiredSize;
|
|
}
|
|
|
|
PWSTR
|
|
SfcQueryRegStringWithAlternate(
|
|
IN PCWSTR FirstKey,
|
|
IN PCWSTR SecondKey,
|
|
IN PCWSTR ValueNameStr
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
retrieve a string from the registry. if the value is not present or cannot
|
|
be retrieved, we try the second key, then we return NULL.
|
|
|
|
This calls registry api's using NT apis instead of win32 apis.
|
|
|
|
|
|
Arguments:
|
|
|
|
FirstKey - contains registry keyname to look for value under.
|
|
SecondKey - 2nd key to look for value under
|
|
ValueNameStr - contains registry value to retreive.
|
|
|
|
Return Value:
|
|
|
|
unicode string pointer or NULL if registry cannot be retreived.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS Status;
|
|
UNICODE_STRING KeyName;
|
|
UNICODE_STRING ValueName;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
HANDLE Key;
|
|
WCHAR ValueBuffer[VALUE_BUFFER_SIZE];
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInfo;
|
|
ULONG ValueLength;
|
|
PWSTR s;
|
|
BOOL FirstTime;
|
|
PCWSTR p;
|
|
|
|
ASSERT((FirstKey != NULL) && (ValueNameStr != NULL) && (SecondKey != NULL));
|
|
FirstTime = TRUE;
|
|
|
|
TryAgain:
|
|
p = FirstTime ? FirstKey : SecondKey;
|
|
|
|
|
|
//
|
|
// Open the registry key.
|
|
//
|
|
|
|
RtlZeroMemory( (PVOID)ValueBuffer, VALUE_BUFFER_SIZE );
|
|
KeyValueInfo = (PKEY_VALUE_PARTIAL_INFORMATION)ValueBuffer;
|
|
RtlInitUnicodeString( &KeyName, p );
|
|
|
|
InitializeObjectAttributes(
|
|
&ObjectAttributes,
|
|
&KeyName,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
Status = NtOpenKey(&Key, KEY_READ, &ObjectAttributes);
|
|
if (!NT_SUCCESS(Status) && !FirstTime) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't open %ws key: 0x%x", p, Status );
|
|
return NULL;
|
|
}
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
ASSERT( FirstTime == TRUE );
|
|
FirstTime = FALSE;
|
|
goto TryAgain;
|
|
}
|
|
|
|
//
|
|
// Query the key value.
|
|
//
|
|
|
|
RtlInitUnicodeString( &ValueName, ValueNameStr );
|
|
Status = NtQueryValueKey(
|
|
Key,
|
|
&ValueName,
|
|
KeyValuePartialInformation,
|
|
(PVOID)KeyValueInfo,
|
|
VALUE_BUFFER_SIZE,
|
|
&ValueLength
|
|
);
|
|
|
|
//
|
|
// cleanup
|
|
//
|
|
NtClose(Key);
|
|
if (!NT_SUCCESS(Status) && !FirstTime) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't query value key (%ws): 0x%x", ValueNameStr, Status );
|
|
return 0;
|
|
}
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
ASSERT( FirstTime == TRUE );
|
|
FirstTime = FALSE;
|
|
goto TryAgain;
|
|
}
|
|
|
|
if (KeyValueInfo->Type == REG_MULTI_SZ) {
|
|
DebugPrint1( LVL_VERBOSE,
|
|
L"Warning: value key %ws is REG_MULTI_SZ, we will only return first string in list",
|
|
ValueNameStr );
|
|
} else {
|
|
ASSERT(KeyValueInfo->Type == REG_SZ || KeyValueInfo->Type == REG_EXPAND_SZ);
|
|
}
|
|
|
|
//
|
|
// string length + 16 for slop
|
|
//
|
|
s = (PWSTR) MemAlloc( KeyValueInfo->DataLength + 16 );
|
|
if (s == NULL) {
|
|
return NULL;
|
|
}
|
|
|
|
CopyMemory( s, KeyValueInfo->Data, KeyValueInfo->DataLength );
|
|
|
|
return s;
|
|
}
|
|
|
|
|
|
ULONG
|
|
SfcWriteRegDword(
|
|
PCWSTR KeyNameStr,
|
|
PCWSTR ValueNameStr,
|
|
ULONG Value
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
set a REG_DWORD value in the registry. Calls registry api's using NT apis
|
|
instead of win32 apis.
|
|
|
|
Arguments:
|
|
|
|
KeyNameStr - contains registry keyname to look for value under.
|
|
ValueNameStr - contains registry value to set.
|
|
Value - actual value to be set
|
|
|
|
Return Value:
|
|
|
|
win32 error code indicating outcome.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS Status;
|
|
UNICODE_STRING KeyName;
|
|
UNICODE_STRING ValueName;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
HANDLE Key;
|
|
|
|
ASSERT((KeyNameStr != NULL) && (ValueNameStr != NULL));
|
|
|
|
//
|
|
// Open the registry key.
|
|
//
|
|
|
|
RtlInitUnicodeString( &KeyName, KeyNameStr );
|
|
|
|
InitializeObjectAttributes(
|
|
&ObjectAttributes,
|
|
&KeyName,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
Status = NtOpenKey(&Key, KEY_SET_VALUE, &ObjectAttributes);
|
|
if (Status == STATUS_OBJECT_NAME_NOT_FOUND) {
|
|
//
|
|
// key doesn't exist, let's try to create one
|
|
//
|
|
Status = NtCreateKey( &Key,
|
|
KEY_SET_VALUE,
|
|
&ObjectAttributes,
|
|
0,
|
|
NULL,
|
|
0,
|
|
NULL
|
|
);
|
|
|
|
}
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't open %ws key: 0x%x", KeyNameStr, Status );
|
|
return(RtlNtStatusToDosError(Status));
|
|
}
|
|
|
|
//
|
|
// set the key value.
|
|
//
|
|
|
|
RtlInitUnicodeString( &ValueName, ValueNameStr );
|
|
|
|
|
|
Status = NtSetValueKey(
|
|
Key,
|
|
&ValueName,
|
|
0,
|
|
REG_DWORD,
|
|
&Value,
|
|
sizeof(ULONG)
|
|
);
|
|
|
|
//
|
|
// cleanup and leave
|
|
//
|
|
NtClose(Key);
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't set value key (%ws): 0x%x", ValueNameStr, Status );
|
|
|
|
}
|
|
|
|
return(RtlNtStatusToDosError(Status));
|
|
}
|
|
|
|
|
|
DWORD
|
|
SfcWriteRegString(
|
|
PCWSTR KeyNameStr,
|
|
PCWSTR ValueNameStr,
|
|
PCWSTR Value
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
set a REG_SZ value in the registry. Calls registry api's using NT apis
|
|
instead of win32 apis.
|
|
|
|
|
|
Arguments:
|
|
|
|
KeyNameStr - contains registry keyname to look for value under.
|
|
ValueNameStr - contains registry value to set.
|
|
Value - actual value to be set
|
|
|
|
Return Value:
|
|
|
|
Win32 error code indicating outcome.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS Status;
|
|
UNICODE_STRING KeyName;
|
|
UNICODE_STRING ValueName;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
HANDLE Key;
|
|
|
|
ASSERT((KeyNameStr != NULL) && (ValueNameStr != NULL));
|
|
|
|
//
|
|
// Open the registry key.
|
|
//
|
|
|
|
RtlInitUnicodeString( &KeyName, KeyNameStr );
|
|
|
|
InitializeObjectAttributes(
|
|
&ObjectAttributes,
|
|
&KeyName,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
Status = NtOpenKey(&Key, KEY_SET_VALUE, &ObjectAttributes);
|
|
if (Status == STATUS_OBJECT_NAME_NOT_FOUND) {
|
|
//
|
|
// key doesn't exist, let's try to create one
|
|
//
|
|
Status = NtCreateKey( &Key,
|
|
KEY_SET_VALUE,
|
|
&ObjectAttributes,
|
|
0,
|
|
NULL,
|
|
0,
|
|
NULL
|
|
);
|
|
|
|
}
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't open %ws key: 0x%x", KeyNameStr, Status );
|
|
return(RtlNtStatusToDosError(Status));
|
|
}
|
|
|
|
//
|
|
// set the key value.
|
|
//
|
|
|
|
RtlInitUnicodeString( &ValueName, ValueNameStr );
|
|
|
|
Status = NtSetValueKey(
|
|
Key,
|
|
&ValueName,
|
|
0,
|
|
REG_SZ,
|
|
(PWSTR)Value,
|
|
UnicodeLen(Value)
|
|
);
|
|
|
|
//
|
|
// cleanup
|
|
//
|
|
NtClose(Key);
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_VERBOSE, L"can't set value key (%ws): 0x%x", ValueNameStr, Status );
|
|
return(RtlNtStatusToDosError(Status)) ;
|
|
}
|
|
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
|
|
#if 0
|
|
DWORD
|
|
WsInAWorkgroup(
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function determines whether we are a member of a domain, or of
|
|
a workgroup. First it checks to make sure we're running on a Windows NT
|
|
system (otherwise we're obviously in a domain) and if so, queries LSA
|
|
to get the Primary domain SID, if this is NULL, we're in a workgroup.
|
|
|
|
If we fail for some random unexpected reason, we'll pretend we're in a
|
|
domain (it's more restrictive).
|
|
|
|
Arguments:
|
|
None
|
|
|
|
Return Value:
|
|
|
|
TRUE - We're in a workgroup
|
|
FALSE - We're in a domain
|
|
|
|
--*/
|
|
{
|
|
NT_PRODUCT_TYPE ProductType;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
LSA_HANDLE Handle;
|
|
NTSTATUS Status;
|
|
PPOLICY_PRIMARY_DOMAIN_INFO PolicyPrimaryDomainInfo = NULL;
|
|
DWORD Result = FALSE;
|
|
|
|
|
|
Status = RtlGetNtProductType( &ProductType );
|
|
|
|
if (!NT_SUCCESS( Status )) {
|
|
DebugPrint( LVL_MINIMAL, L"Could not get Product type" );
|
|
return FALSE;
|
|
}
|
|
|
|
if (ProductType == NtProductLanManNt) {
|
|
return FALSE;
|
|
}
|
|
|
|
InitializeObjectAttributes( &ObjectAttributes, NULL, 0, 0, NULL );
|
|
|
|
Status = LsaOpenPolicy( NULL, &ObjectAttributes, POLICY_VIEW_LOCAL_INFORMATION, &Handle );
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint( LVL_MINIMAL, L"Could not open LSA Policy Database" );
|
|
return FALSE;
|
|
}
|
|
|
|
Status = LsaQueryInformationPolicy( Handle, PolicyPrimaryDomainInformation, (LPVOID)&PolicyPrimaryDomainInfo );
|
|
if (NT_SUCCESS(Status)) {
|
|
if (PolicyPrimaryDomainInfo->Sid == NULL) {
|
|
Result = TRUE;
|
|
} else {
|
|
Result = FALSE;
|
|
}
|
|
}
|
|
|
|
if (PolicyPrimaryDomainInfo) {
|
|
LsaFreeMemory( (PVOID)PolicyPrimaryDomainInfo );
|
|
}
|
|
|
|
LsaClose( Handle );
|
|
|
|
return Result;
|
|
}
|
|
|
|
|
|
BOOL
|
|
WaitForMUP(
|
|
DWORD dwMaxWait
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Waits for MUP to initialize by looking for the event that is signalled
|
|
when MUP is ready
|
|
|
|
|
|
Arguments:
|
|
dwMaxWait - amount of time we'll wait for MUP to initialize
|
|
|
|
Return Value:
|
|
|
|
TRUE - MUP is initialized
|
|
FALSE - could not confirm MUP is initialized
|
|
|
|
--*/
|
|
|
|
{
|
|
HANDLE hEvent;
|
|
BOOL bResult;
|
|
INT i = 0;
|
|
|
|
|
|
if (WsInAWorkgroup()) {
|
|
return TRUE;
|
|
}
|
|
|
|
DebugPrint(LVL_MINIMAL, L"waiting for mup...");
|
|
//
|
|
// Try to open the event
|
|
//
|
|
|
|
do {
|
|
hEvent = OpenEvent(
|
|
SYNCHRONIZE,
|
|
FALSE,
|
|
L"wkssvc: MUP finished initializing event"
|
|
);
|
|
if (hEvent) {
|
|
DebugPrint(LVL_MINIMAL, L"opened the mup event");
|
|
break;
|
|
}
|
|
|
|
if (GetLastError() != ERROR_FILE_NOT_FOUND) {
|
|
break;
|
|
}
|
|
|
|
DebugPrint(LVL_MINIMAL, L"mup event does not yet exist, waiting...");
|
|
Sleep(2000);
|
|
|
|
i++;
|
|
|
|
} while (i < 30);
|
|
|
|
|
|
if (!hEvent) {
|
|
DebugPrint1(LVL_MINIMAL, L"Failed to open MUP event, ec=%d\n", GetLastError());
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
//
|
|
// Wait for the event to be signalled
|
|
//
|
|
|
|
bResult = (WaitForSingleObject (hEvent, dwMaxWait) == WAIT_OBJECT_0);
|
|
|
|
|
|
//
|
|
// Clean up
|
|
//
|
|
|
|
CloseHandle (hEvent);
|
|
|
|
return bResult;
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
NTSTATUS
|
|
ExpandPathString(
|
|
IN PWSTR PathString,
|
|
IN ULONG PathStringLength,
|
|
OUT PUNICODE_STRING FileName, OPTIONAL
|
|
OUT PUNICODE_STRING PathName,
|
|
OUT PUNICODE_STRING FullPathName OPTIONAL
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Routine takes a source string containing environment variables, expand this
|
|
into the full path. Then it either copies this into a path, file, and full
|
|
path, as requested.
|
|
|
|
Arguments:
|
|
|
|
PathString - source path string
|
|
PathStringLength - source path string length
|
|
FileName - receives filename part of the path if specified. If not
|
|
specified, we only want the path part
|
|
PathName - receives the path part of the expanded source. If
|
|
FileName is not specified, we fill in pathname with the
|
|
entire expanded path
|
|
FullPathName - if FileName is specified, then this is filled in with
|
|
the complete path.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS code indicating outcome.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS Status;
|
|
UNICODE_STRING NewPath;
|
|
UNICODE_STRING SrcPath;
|
|
PWSTR FilePart;
|
|
|
|
|
|
ASSERT((PathString != NULL));
|
|
ASSERT((FileName == NULL)
|
|
? (PathName != NULL)
|
|
: ((FullPathName != NULL) && (PathName != NULL)));
|
|
|
|
//
|
|
// turn the pathstring and length into a UNICODE_STRING
|
|
//
|
|
SrcPath.Length = (USHORT)PathStringLength;
|
|
SrcPath.MaximumLength = SrcPath.Length;
|
|
SrcPath.Buffer = PathString;
|
|
|
|
//
|
|
// create a new scratch UNICODE_STRING
|
|
//
|
|
NewPath.Length = 0;
|
|
NewPath.MaximumLength = (MAX_PATH*2) * sizeof(WCHAR);
|
|
NewPath.Buffer = (PWSTR) MemAlloc( NewPath.MaximumLength );
|
|
if (NewPath.Buffer == NULL) {
|
|
return STATUS_NO_MEMORY;
|
|
}
|
|
|
|
//
|
|
// expand source environment string into scratch string
|
|
//
|
|
Status = RtlExpandEnvironmentStrings_U(
|
|
NULL,
|
|
&SrcPath,
|
|
&NewPath,
|
|
NULL
|
|
);
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_MINIMAL, L"ExpandEnvironmentStrings failed for [%ws], ec=%08x", PathString, Status );
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// convert scratch string to lowercase
|
|
//
|
|
MyLowerString( NewPath.Buffer, NewPath.Length/sizeof(WCHAR) );
|
|
|
|
//
|
|
// if filename isn't specified, then just copy the string into the pathname
|
|
// and exit
|
|
//
|
|
if (FileName == NULL) {
|
|
|
|
PathName->Length = NewPath.Length;
|
|
PathName->MaximumLength = NewPath.MaximumLength;
|
|
PathName->Buffer = NewPath.Buffer;
|
|
return(STATUS_SUCCESS);
|
|
|
|
} else {
|
|
|
|
//
|
|
// copy the full string into the fullpathname
|
|
//
|
|
Status = InitializeUnicodeString( NewPath.Buffer, NewPath.Length, FullPathName );
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_MINIMAL, L"InitializeUnicodeString failed for [%ws], ec=%08x", NewPath.Buffer, Status );
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// separate the path part from the file part
|
|
//
|
|
FilePart = wcsrchr( NewPath.Buffer, L'\\' );
|
|
if (FilePart == NULL) {
|
|
Status = STATUS_NO_MEMORY;
|
|
goto exit;
|
|
}
|
|
|
|
*FilePart = 0;
|
|
FilePart += 1;
|
|
|
|
Status = InitializeUnicodeString( NewPath.Buffer, 0, PathName );
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_MINIMAL, L"InitializeUnicodeString failed for [%ws], ec=%08x", NewPath.Buffer, Status );
|
|
goto exit;
|
|
}
|
|
Status = InitializeUnicodeString( FilePart, 0, FileName );
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint2( LVL_MINIMAL, L"InitializeUnicodeString failed for [%ws], ec=%08x", FilePart, Status );
|
|
}
|
|
|
|
}
|
|
|
|
|
|
FilePart -= 1;
|
|
*FilePart = L'\\';
|
|
exit:
|
|
MemFree( NewPath.Buffer );
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
BOOL
|
|
SfcDisableDllCache(
|
|
BOOL LogMessage
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Routine disables the dllcache functionality.
|
|
|
|
Specifically, we set the dll cache directory to the default and sets the
|
|
cache size to zero. So we will never add files in the cache.
|
|
|
|
We also log an error message if requested.
|
|
|
|
Arguments:
|
|
|
|
LogMessage - if TRUE, we log a message indicating the cache is disabled
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS code indicating outcome.
|
|
|
|
--*/
|
|
{
|
|
PWSTR CacheDefault = DLLCACHE_DIR_DEFAULT;
|
|
NTSTATUS Status;
|
|
|
|
Status = ExpandPathString(
|
|
CacheDefault,
|
|
UnicodeLen(CacheDefault),
|
|
NULL,
|
|
&SfcProtectedDllPath,
|
|
NULL
|
|
);
|
|
if (NT_SUCCESS(Status)) {
|
|
DebugPrint1(LVL_MINIMAL,
|
|
L"default cache dir name=[%ws]",
|
|
SfcProtectedDllPath.Buffer);
|
|
|
|
SfcProtectedDllFileDirectory = SfcOpenDir(
|
|
TRUE,
|
|
TRUE,
|
|
SfcProtectedDllPath.Buffer );
|
|
if (SfcProtectedDllFileDirectory == NULL) {
|
|
DebugPrint(LVL_MINIMAL,
|
|
L"could not open the cache dir, need to create");
|
|
SfcProtectedDllFileDirectory = SfcCreateDir(
|
|
SfcProtectedDllPath.Buffer,
|
|
TRUE );
|
|
if (SfcProtectedDllFileDirectory == NULL) {
|
|
DebugPrint( LVL_MINIMAL, L"Cannot create ProtectedDllPath" );
|
|
}
|
|
}
|
|
} else {
|
|
//
|
|
// not enough memory...we're toast
|
|
//
|
|
DebugPrint( LVL_MINIMAL, L"Cannot open ProtectedDllPath" );
|
|
return(FALSE);
|
|
}
|
|
|
|
//
|
|
// set the quota to zero
|
|
//
|
|
SFCQuota = 0;
|
|
|
|
if (LogMessage) {
|
|
SfcReportEvent( MSG_DLLCACHE_INVALID, NULL, NULL, 0 );
|
|
}
|
|
|
|
return(TRUE);
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS
|
|
SfcInitializeDllList(
|
|
IN PPROTECT_FILE_ENTRY Files,
|
|
IN ULONG NumFiles,
|
|
OUT PULONG Count
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Routine takes an empty array of SFC_REGISTRY_VALUE structures stored in the
|
|
global SfcProtectedDllsList global and assigns the data from an array of
|
|
PROTECT_FILE_ENTRY structures into these structures.
|
|
|
|
Arguments:
|
|
|
|
Files - pointer to first element in array of PROTECT_FILE_ENTRY
|
|
structures
|
|
NumFiles - number of elements in array of structures
|
|
Count - receives number of files we correctly setup
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS code indicating outcome.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS Status,FinalStatus, LoopStatus;
|
|
ULONG Index;
|
|
PSFC_REGISTRY_VALUE RegVal;
|
|
|
|
ASSERT( (Files != NULL)
|
|
&& (SfcProtectedDllsList != NULL)
|
|
&& (Count != NULL) );
|
|
|
|
LoopStatus = FinalStatus = STATUS_SUCCESS;
|
|
|
|
for (Index=0; Index<NumFiles; Index++) {
|
|
|
|
RegVal = &SfcProtectedDllsList[*Count];
|
|
|
|
//
|
|
// set the directory name, filename and full path members
|
|
//
|
|
Status = ExpandPathString(
|
|
Files[Index].FileName,
|
|
UnicodeLen(Files[Index].FileName),
|
|
&RegVal->FileName,
|
|
&RegVal->DirName,
|
|
&RegVal->FullPathName
|
|
);
|
|
if (!NT_SUCCESS(Status)) {
|
|
//
|
|
// if we have a problem initializing one of the array elements
|
|
// keep going
|
|
//
|
|
DebugPrint1( LVL_MINIMAL,
|
|
L"ExpandPathString failed, ec=%08x",
|
|
Status );
|
|
FinalStatus = Status;
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// set the layout inf name and the source file names if they are present
|
|
//
|
|
Status = InitializeUnicodeString( Files[Index].InfName,
|
|
0,
|
|
&RegVal->InfName );
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint1( LVL_MINIMAL,
|
|
L"InitializeUnicodeString failed, ec=%08x",
|
|
Status );
|
|
LoopStatus = FinalStatus = Status;
|
|
}
|
|
Status = InitializeUnicodeString( Files[Index].SourceFileName,
|
|
0,
|
|
&RegVal->SourceFileName );
|
|
if (!NT_SUCCESS(Status)) {
|
|
DebugPrint1( LVL_MINIMAL,
|
|
L"InitializeUnicodeString failed, ec=%08x",
|
|
Status );
|
|
LoopStatus = FinalStatus = Status;
|
|
}
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
*Count += 1;
|
|
}
|
|
|
|
//
|
|
// WinSxs work (jonwis) This is NULL in all cases, unless this entry is
|
|
// added by WinSxs (see dirwatch.c)
|
|
//
|
|
RegVal->pvWinSxsCookie = NULL;
|
|
|
|
LoopStatus = STATUS_SUCCESS;
|
|
}
|
|
|
|
Status = FinalStatus;
|
|
if (NT_SUCCESS(Status)) {
|
|
ASSERT(*Count == NumFiles);
|
|
}
|
|
|
|
return(Status);
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
SfcInitializeDllLists(
|
|
PSFC_GET_FILES pfGetFiles
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Initialize the list of files we're going to protect.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS code indicating outcome.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS Status;
|
|
PWSTR s;
|
|
BOOL FreeMem = TRUE;
|
|
|
|
|
|
//
|
|
// make sure we only call this guy once
|
|
//
|
|
if (SfcProtectedDllCount) {
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
DebugPrint(LVL_MINIMAL, L"entering SfcInitializeDllLists()");
|
|
|
|
//
|
|
// get the dllcache directory and store it into to SfcProtectedDllPath
|
|
// global
|
|
//
|
|
s = SfcQueryRegStringWithAlternate( REGKEY_POLICY, REGKEY_WINLOGON, REGVAL_SFCDLLCACHEDIR );
|
|
if (s == NULL) {
|
|
s = DLLCACHE_DIR_DEFAULT;
|
|
FreeMem = FALSE;
|
|
}
|
|
|
|
Status = ExpandPathString(
|
|
s,
|
|
UnicodeLen(s),
|
|
NULL,
|
|
&SfcProtectedDllPath,
|
|
NULL
|
|
);
|
|
if (NT_SUCCESS(Status)) {
|
|
WCHAR DontCare[MAX_PATH];
|
|
DWORD DriveType;
|
|
|
|
DebugPrint1(LVL_MINIMAL,
|
|
L"cache dir name=[%ws]",
|
|
SfcProtectedDllPath.Buffer);
|
|
|
|
DriveType = SfcGetPathType(
|
|
SfcProtectedDllPath.Buffer,
|
|
DontCare,
|
|
UnicodeChars(DontCare));
|
|
if (DriveType != PATH_LOCAL) {
|
|
DebugPrint2(LVL_MINIMAL,
|
|
L"cache dir %ws does not appear to be a local path (type %d), we are disabling cache functionality",
|
|
SfcProtectedDllPath.Buffer,
|
|
DriveType);
|
|
SfcDisableDllCache( SFCDisable != SFC_DISABLE_SETUP );
|
|
goto init;
|
|
}
|
|
|
|
|
|
//
|
|
// get a handle to the dll cache directory
|
|
//
|
|
SfcProtectedDllFileDirectory = SfcOpenDir(
|
|
TRUE,
|
|
TRUE,
|
|
SfcProtectedDllPath.Buffer );
|
|
if (SfcProtectedDllFileDirectory == NULL) {
|
|
DebugPrint(LVL_MINIMAL,
|
|
L"could not open the cache dir, need to create");
|
|
SfcProtectedDllFileDirectory = SfcCreateDir(
|
|
SfcProtectedDllPath.Buffer,
|
|
TRUE );
|
|
if (SfcProtectedDllFileDirectory == NULL) {
|
|
DebugPrint( LVL_MINIMAL, L"Cannot open ProtectedDllPath" );
|
|
SfcDisableDllCache( SFCDisable != SFC_DISABLE_SETUP );
|
|
} else {
|
|
//
|
|
// force a scan if we just created the dll cache
|
|
//
|
|
SFCScan = SFC_SCAN_ALWAYS;
|
|
}
|
|
}
|
|
} else {
|
|
//
|
|
// dll cache path in registry must be bogus...use default path and
|
|
// set the quota to zero so the cache is effectively disabled.
|
|
//
|
|
SfcDisableDllCache( SFCDisable != SFC_DISABLE_SETUP );
|
|
}
|
|
|
|
init:
|
|
|
|
if (FreeMem) {
|
|
MemFree( s );
|
|
}
|
|
|
|
DebugPrint1(LVL_MINIMAL,
|
|
L"cache dir name=[%ws]",
|
|
SfcProtectedDllPath.Buffer);
|
|
ASSERT( SfcProtectedDllFileDirectory != NULL );
|
|
|
|
//
|
|
// now that we have the dll cache initialized, now retrieve the list of
|
|
// files that we will protect. The list of files currently resides in
|
|
// sfcfiles.dll.
|
|
//
|
|
ASSERT(pfGetFiles != NULL);
|
|
Status = pfGetFiles( &Tier2Files, &CountTier2Files );
|
|
if (!NT_SUCCESS(Status)) {
|
|
return Status;
|
|
}
|
|
|
|
//
|
|
// Take the file list (we only have the tier2 list) and build an array of
|
|
// SFC_REGISTRY_VALUE structures and store into the SfcProtectedDllsList
|
|
// global
|
|
//
|
|
|
|
SfcProtectedDllsList = (PSFC_REGISTRY_VALUE) MemAlloc( sizeof(SFC_REGISTRY_VALUE)*CountTier2Files );
|
|
if (SfcProtectedDllsList == NULL) {
|
|
return(STATUS_NO_MEMORY);
|
|
}
|
|
|
|
ASSERT(SfcProtectedDllCount == 0);
|
|
|
|
//
|
|
// now associate the data in our tier2 list with each of these structures
|
|
// in the array
|
|
//
|
|
Status = SfcInitializeDllList( Tier2Files, CountTier2Files, &SfcProtectedDllCount );
|
|
|
|
if (CountTier2Files != SfcProtectedDllCount) {
|
|
DebugPrint2( LVL_MINIMAL,
|
|
L"incorrect number of files in list: required count: %d actual count %d",
|
|
CountTier2Files,
|
|
SfcProtectedDllCount );
|
|
ASSERT(!NT_SUCCESS(Status));
|
|
} else {
|
|
IgnoreNextChange = (ULONG*) MemAlloc(SfcProtectedDllCount * sizeof(ULONG));
|
|
|
|
if(NULL == IgnoreNextChange) {
|
|
Status = STATUS_NO_MEMORY;
|
|
}
|
|
}
|
|
|
|
DebugPrint(LVL_MINIMAL, L"leaving SfcInitializeDllLists()");
|
|
return(Status);
|
|
}
|