mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2386 lines
78 KiB
2386 lines
78 KiB
/*++
|
|
|
|
Copyright (c) 1992 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
handler.c
|
|
|
|
Abstract:
|
|
|
|
This module contains the individual API handler routines for the INSTALER program
|
|
|
|
Author:
|
|
|
|
Steve Wood (stevewo) 10-Aug-1994
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#include "instaler.h"
|
|
#include <ntstatus.dbg>
|
|
|
|
|
|
BOOLEAN
|
|
HandleBreakpoint(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PBREAKPOINT_INFO Breakpoint
|
|
)
|
|
{
|
|
BOOLEAN Result;
|
|
API_SAVED_PARAMETERS SavedParameters;
|
|
UCHAR ApiIndex;
|
|
PBREAKPOINT_INFO ReturnBreakpoint;
|
|
|
|
Result = FALSE;
|
|
ApiIndex = Breakpoint->ApiIndex;
|
|
if (ApiInfo[ ApiIndex ].ModuleIndex < Thread->ModuleIndexCurrentlyIn) {
|
|
return TRUE;
|
|
}
|
|
|
|
DbgEvent( DBGEVENT, ( "Processing Breakpoint at %ws!%s\n",
|
|
Breakpoint->ModuleName,
|
|
Breakpoint->ProcedureName
|
|
)
|
|
);
|
|
|
|
if (!Breakpoint->SavedParametersValid) {
|
|
memset( &SavedParameters, 0, sizeof( SavedParameters ) );
|
|
|
|
Result = TRUE;
|
|
if (ExtractProcedureParameters( Process,
|
|
Thread,
|
|
(PVOID)&SavedParameters.ReturnAddress,
|
|
ApiInfo[ ApiIndex ].SizeOfParameters,
|
|
(PULONG)&SavedParameters.InputParameters
|
|
)
|
|
) {
|
|
if (ApiInfo[ ApiIndex ].EntryPointHandler == NULL ||
|
|
(ApiInfo[ ApiIndex ].EntryPointHandler)( Process,
|
|
Thread,
|
|
&SavedParameters
|
|
)
|
|
) {
|
|
if (SavedParameters.ReturnAddress == NULL) {
|
|
Result = FALSE;
|
|
}
|
|
else
|
|
if (CreateBreakpoint( SavedParameters.ReturnAddress,
|
|
Process,
|
|
Thread, // thread specific
|
|
ApiIndex,
|
|
&SavedParameters,
|
|
&ReturnBreakpoint
|
|
)
|
|
) {
|
|
ReturnBreakpoint->ModuleName = L"Return from";
|
|
ReturnBreakpoint->ProcedureName = Breakpoint->ProcedureName;
|
|
Thread->ModuleIndexCurrentlyIn = ApiInfo[ ApiIndex ].ModuleIndex;
|
|
SuspendAllButThisThread( Process, Thread );
|
|
}
|
|
}
|
|
}
|
|
|
|
#if DBG
|
|
TrimTemporaryBuffer();
|
|
#endif
|
|
}
|
|
else {
|
|
if (UndoReturnAddressBreakpoint( Process, Thread ) &&
|
|
ExtractProcedureReturnValue( Process,
|
|
Thread,
|
|
&Breakpoint->SavedParameters.ReturnValue,
|
|
ApiInfo[ ApiIndex ].SizeOfReturnValue
|
|
)
|
|
) {
|
|
Breakpoint->SavedParameters.ReturnValueValid = TRUE;
|
|
if (ApiInfo[ ApiIndex ].EntryPointHandler != NULL) {
|
|
(ApiInfo[ ApiIndex ].EntryPointHandler)( Process,
|
|
Thread,
|
|
&Breakpoint->SavedParameters
|
|
);
|
|
}
|
|
}
|
|
|
|
Thread->ModuleIndexCurrentlyIn = 0;
|
|
FreeSavedCallState( &Breakpoint->SavedParameters.SavedCallState );
|
|
DestroyBreakpoint( Breakpoint->Address, Process, Thread );
|
|
ResumeAllButThisThread( Process, Thread );
|
|
#if DBG
|
|
TrimTemporaryBuffer();
|
|
#endif
|
|
Result = FALSE;
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
CreateSavedCallState(
|
|
PPROCESS_INFO Process,
|
|
PAPI_SAVED_CALL_STATE SavedCallState,
|
|
API_ACTION Action,
|
|
ULONG Type,
|
|
PWSTR FullName,
|
|
...
|
|
)
|
|
{
|
|
va_list arglist;
|
|
|
|
va_start( arglist, FullName );
|
|
SavedCallState->Action = Action;
|
|
SavedCallState->Type = Type;
|
|
SavedCallState->FullName = FullName;
|
|
switch (Action) {
|
|
case OpenPath:
|
|
SavedCallState->PathOpen.InheritHandle = va_arg( arglist, BOOLEAN );
|
|
SavedCallState->PathOpen.WriteAccessRequested = va_arg( arglist, BOOLEAN );
|
|
SavedCallState->PathOpen.ResultHandleAddress = va_arg( arglist, PHANDLE );
|
|
break;
|
|
|
|
case RenamePath:
|
|
SavedCallState->PathRename.NewName = va_arg( arglist, PWSTR );
|
|
SavedCallState->PathRename.ReplaceIfExists = va_arg( arglist, BOOLEAN );
|
|
break;
|
|
|
|
case DeletePath:
|
|
case QueryPath:
|
|
case SetValue:
|
|
case DeleteValue:
|
|
break;
|
|
|
|
case WriteIniValue:
|
|
SavedCallState->SetIniValue.SectionName = va_arg( arglist, PWSTR );
|
|
SavedCallState->SetIniValue.VariableName = va_arg( arglist, PWSTR );
|
|
SavedCallState->SetIniValue.VariableValue = va_arg( arglist, PWSTR );
|
|
break;
|
|
|
|
case WriteIniSection:
|
|
SavedCallState->SetIniSection.SectionName = va_arg( arglist, PWSTR );
|
|
SavedCallState->SetIniSection.SectionValue = va_arg( arglist, PWSTR );
|
|
break;
|
|
|
|
default:
|
|
return FALSE;
|
|
}
|
|
va_end( arglist );
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
VOID
|
|
FreeSavedCallState(
|
|
PAPI_SAVED_CALL_STATE CallState
|
|
)
|
|
{
|
|
switch (CallState->Action) {
|
|
case WriteIniValue:
|
|
FreeMem( &CallState->SetIniValue.VariableValue );
|
|
break;
|
|
|
|
case WriteIniSection:
|
|
FreeMem( &CallState->SetIniSection.SectionValue );
|
|
break;
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
|
|
|
|
BOOLEAN
|
|
CaptureObjectAttributes(
|
|
PPROCESS_INFO Process,
|
|
POBJECT_ATTRIBUTES ObjectAttributesAddress,
|
|
POBJECT_ATTRIBUTES ObjectAttributes,
|
|
PUNICODE_STRING ObjectName
|
|
)
|
|
{
|
|
if (ObjectAttributesAddress != NULL &&
|
|
ReadMemory( Process,
|
|
ObjectAttributesAddress,
|
|
ObjectAttributes,
|
|
sizeof( *ObjectAttributes ),
|
|
"object attributes"
|
|
) &&
|
|
ObjectAttributes->ObjectName != NULL &&
|
|
ReadMemory( Process,
|
|
ObjectAttributes->ObjectName,
|
|
ObjectName,
|
|
sizeof( *ObjectName ),
|
|
"object name string"
|
|
)
|
|
) {
|
|
return TRUE;
|
|
}
|
|
else {
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
BOOLEAN
|
|
CaptureFullName(
|
|
PPROCESS_INFO Process,
|
|
ULONG Type,
|
|
HANDLE RootDirectory,
|
|
PWSTR Name,
|
|
ULONG Length,
|
|
PWSTR *ReturnedFullName
|
|
)
|
|
{
|
|
POPENHANDLE_INFO HandleInfo;
|
|
UNICODE_STRING FullName;
|
|
ULONG LengthOfName;
|
|
PWSTR s;
|
|
BOOLEAN Result;
|
|
|
|
*ReturnedFullName = NULL;
|
|
if (RootDirectory != NULL) {
|
|
HandleInfo = FindOpenHandle( Process,
|
|
RootDirectory,
|
|
Type
|
|
);
|
|
if (HandleInfo == NULL) {
|
|
//
|
|
// If handle not found then we dont care about this open
|
|
// as it is relative to a device that is not local.
|
|
//
|
|
return FALSE;
|
|
}
|
|
}
|
|
else {
|
|
HandleInfo = NULL;
|
|
}
|
|
|
|
LengthOfName = Length + sizeof( UNICODE_NULL );
|
|
if (HandleInfo != NULL) {
|
|
LengthOfName += HandleInfo->LengthOfName +
|
|
sizeof( OBJ_NAME_PATH_SEPARATOR );
|
|
}
|
|
|
|
FullName.Buffer = AllocMem( LengthOfName );
|
|
if (FullName.Buffer == NULL) {
|
|
return FALSE;
|
|
}
|
|
|
|
s = FullName.Buffer;
|
|
if (HandleInfo != NULL) {
|
|
RtlMoveMemory( s,
|
|
HandleInfo->Name,
|
|
HandleInfo->LengthOfName
|
|
);
|
|
s = &FullName.Buffer[ HandleInfo->LengthOfName / sizeof( WCHAR ) ];
|
|
if (s[-1] != OBJ_NAME_PATH_SEPARATOR) {
|
|
*s++ = OBJ_NAME_PATH_SEPARATOR;
|
|
}
|
|
}
|
|
|
|
if (!ReadMemory( Process,
|
|
Name,
|
|
s,
|
|
Length,
|
|
"object name buffer"
|
|
)
|
|
) {
|
|
FreeMem( &FullName.Buffer );
|
|
return FALSE;
|
|
}
|
|
|
|
s = &s[ Length / sizeof( WCHAR ) ];
|
|
*s = UNICODE_NULL;
|
|
FullName.Length = (PCHAR)s - (PCHAR)FullName.Buffer;
|
|
FullName.MaximumLength = (USHORT)(FullName.Length + sizeof( UNICODE_NULL ));
|
|
if (HandleInfo == NULL && Type == HANDLE_TYPE_FILE) {
|
|
Result = IsDriveLetterPath( &FullName );
|
|
}
|
|
else {
|
|
Result = TRUE;
|
|
}
|
|
*ReturnedFullName = AddName( &FullName );
|
|
FreeMem( &FullName.Buffer );
|
|
return Result;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
CaptureOpenState(
|
|
PPROCESS_INFO Process,
|
|
PAPI_SAVED_PARAMETERS Parameters,
|
|
POBJECT_ATTRIBUTES ObjectAttributesAddress,
|
|
BOOLEAN WriteAccess,
|
|
PHANDLE ResultHandleAddress,
|
|
ULONG Type
|
|
)
|
|
{
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
UNICODE_STRING ObjectName;
|
|
PWSTR FullName;
|
|
BOOLEAN Result;
|
|
|
|
Result = FALSE;
|
|
if (CaptureObjectAttributes( Process,
|
|
ObjectAttributesAddress,
|
|
&ObjectAttributes,
|
|
&ObjectName
|
|
) &&
|
|
CaptureFullName( Process,
|
|
Type,
|
|
ObjectAttributes.RootDirectory,
|
|
ObjectName.Buffer,
|
|
ObjectName.Length,
|
|
&FullName
|
|
) &&
|
|
CreateSavedCallState( Process,
|
|
&Parameters->SavedCallState,
|
|
OpenPath,
|
|
Type,
|
|
FullName,
|
|
(BOOLEAN)((ObjectAttributes.Attributes & OBJ_INHERIT) != 0),
|
|
WriteAccess,
|
|
ResultHandleAddress
|
|
)
|
|
) {
|
|
if (Type == HANDLE_TYPE_FILE) {
|
|
Result = CreateFileReference( FullName,
|
|
Parameters->SavedCallState.PathOpen.WriteAccessRequested,
|
|
(PFILE_REFERENCE *)&Parameters->SavedCallState.Reference
|
|
);
|
|
}
|
|
else {
|
|
Result = CreateKeyReference( FullName,
|
|
Parameters->SavedCallState.PathOpen.WriteAccessRequested,
|
|
(PKEY_REFERENCE *)&Parameters->SavedCallState.Reference
|
|
);
|
|
}
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
CompleteOpenState(
|
|
PPROCESS_INFO Process,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PAPI_SAVED_CALL_STATE p = &Parameters->SavedCallState;
|
|
HANDLE Handle;
|
|
BOOLEAN CallSuccessful;
|
|
PFILE_REFERENCE FileReference;
|
|
PKEY_REFERENCE KeyReference;
|
|
|
|
if (NT_SUCCESS( Parameters->ReturnValue.ReturnedLong ) &&
|
|
ReadMemory( Process,
|
|
p->PathOpen.ResultHandleAddress,
|
|
&Handle,
|
|
sizeof( Handle ),
|
|
"result handle"
|
|
) &&
|
|
AddOpenHandle( Process,
|
|
Handle,
|
|
p->Type,
|
|
p->FullName,
|
|
p->PathOpen.InheritHandle
|
|
)
|
|
) {
|
|
CallSuccessful = TRUE;
|
|
}
|
|
else {
|
|
CallSuccessful = FALSE;
|
|
}
|
|
IncrementOpenCount( p->FullName, CallSuccessful );
|
|
|
|
if (p->Type == HANDLE_TYPE_FILE) {
|
|
FileReference = (PFILE_REFERENCE)p->Reference;
|
|
CompleteFileReference( FileReference,
|
|
CallSuccessful,
|
|
FALSE,
|
|
NULL
|
|
);
|
|
}
|
|
else
|
|
if (p->Type == HANDLE_TYPE_KEY) {
|
|
KeyReference = (PKEY_REFERENCE)p->Reference;
|
|
CompleteKeyReference( (PKEY_REFERENCE)p->Reference,
|
|
CallSuccessful,
|
|
FALSE
|
|
);
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
#if TRACE_ENABLED
|
|
|
|
|
|
ENUM_TYPE_NAMES FileAccessNames[] = {
|
|
FILE_READ_DATA, "FILE_READ_DATA",
|
|
FILE_READ_DATA, "FILE_READ_DATA",
|
|
FILE_WRITE_DATA, "FILE_WRITE_DATA",
|
|
FILE_APPEND_DATA, "FILE_APPEND_DATA",
|
|
FILE_READ_EA, "FILE_READ_EA",
|
|
FILE_WRITE_EA, "FILE_WRITE_EA",
|
|
FILE_EXECUTE, "FILE_EXECUTE",
|
|
FILE_DELETE_CHILD, "FILE_DELETE_CHILD",
|
|
FILE_READ_ATTRIBUTES, "FILE_READ_ATTRIBUTES",
|
|
FILE_WRITE_ATTRIBUTES, "FILE_WRITE_ATTRIBUTES",
|
|
DELETE, "DELETE",
|
|
READ_CONTROL, "READ_CONTROL",
|
|
WRITE_DAC, "WRITE_DAC",
|
|
WRITE_OWNER, "WRITE_OWNER",
|
|
SYNCHRONIZE, "SYNCHRONIZE",
|
|
GENERIC_READ, "GENERIC_READ",
|
|
GENERIC_WRITE, "GENERIC_WRITE",
|
|
GENERIC_EXECUTE, "GENERIC_EXECUTE",
|
|
GENERIC_ALL, "GENERIC_ALL",
|
|
0xFFFFFFFF, "%x"
|
|
};
|
|
|
|
|
|
ENUM_TYPE_NAMES FileShareNames[] = {
|
|
FILE_SHARE_READ, "FILE_SHARE_READ",
|
|
FILE_SHARE_WRITE, "FILE_SHARE_WRITE",
|
|
FILE_SHARE_DELETE, "FILE_SHARE_DELETE",
|
|
0xFFFFFFFF, "FILE_SHARE_NONE"
|
|
};
|
|
|
|
ENUM_TYPE_NAMES FileCreateDispositionNames[] = {
|
|
FILE_SUPERSEDE, "FILE_SUPERSEDE",
|
|
FILE_OPEN, "FILE_OPEN",
|
|
FILE_CREATE, "FILE_CREATE",
|
|
FILE_OPEN_IF, "FILE_OPEN_IF",
|
|
FILE_OVERWRITE, "FILE_OVERWRITE",
|
|
FILE_OVERWRITE_IF, "FILE_OVERWRITE_IF",
|
|
0xFFFFFFFF, "%x"
|
|
};
|
|
|
|
ENUM_TYPE_NAMES FileCreateOptionNames[] = {
|
|
FILE_DIRECTORY_FILE, "FILE_DIRECTORY_FILE",
|
|
FILE_WRITE_THROUGH, "FILE_WRITE_THROUGH",
|
|
FILE_SEQUENTIAL_ONLY, "FILE_SEQUENTIAL_ONLY",
|
|
FILE_NO_INTERMEDIATE_BUFFERING, "FILE_NO_INTERMEDIATE_BUFFERING",
|
|
FILE_SYNCHRONOUS_IO_ALERT, "FILE_SYNCHRONOUS_IO_ALERT",
|
|
FILE_SYNCHRONOUS_IO_NONALERT, "FILE_SYNCHRONOUS_IO_NONALERT",
|
|
FILE_NON_DIRECTORY_FILE, "FILE_NON_DIRECTORY_FILE",
|
|
FILE_CREATE_TREE_CONNECTION, "FILE_CREATE_TREE_CONNECTION",
|
|
FILE_COMPLETE_IF_OPLOCKED, "FILE_COMPLETE_IF_OPLOCKED",
|
|
FILE_NO_EA_KNOWLEDGE, "FILE_NO_EA_KNOWLEDGE",
|
|
FILE_RANDOM_ACCESS, "FILE_RANDOM_ACCESS",
|
|
FILE_DELETE_ON_CLOSE, "FILE_DELETE_ON_CLOSE",
|
|
FILE_OPEN_BY_FILE_ID, "FILE_OPEN_BY_FILE_ID",
|
|
FILE_OPEN_FOR_BACKUP_INTENT, "FILE_OPEN_FOR_BACKUP_INTENT",
|
|
FILE_NO_COMPRESSION, "FILE_NO_COMPRESSION",
|
|
0xFFFFFFFF, "%x"
|
|
};
|
|
|
|
|
|
ENUM_TYPE_NAMES FileIoStatusInfoNames[] = {
|
|
FILE_SUPERSEDED, "FILE_SUPERSEDED",
|
|
FILE_OPENED, "FILE_OPENED",
|
|
FILE_CREATED, "FILE_CREATED",
|
|
FILE_OVERWRITTEN, "FILE_OVERWRITTEN",
|
|
FILE_EXISTS, "FILE_EXISTS",
|
|
FILE_DOES_NOT_EXIST, "FILE_DOES_NOT_EXIST",
|
|
0xFFFFFFFF, "%x"
|
|
};
|
|
|
|
|
|
ENUM_TYPE_NAMES SetFileInfoClassNames[] = {
|
|
FileDirectoryInformation, "FileDirectoryInformation",
|
|
FileFullDirectoryInformation, "FileFullDirectoryInformation",
|
|
FileBothDirectoryInformation, "FileBothDirectoryInformation",
|
|
FileBasicInformation, "FileBasicInformation",
|
|
FileStandardInformation, "FileStandardInformation",
|
|
FileInternalInformation, "FileInternalInformation",
|
|
FileEaInformation, "FileEaInformation",
|
|
FileAccessInformation, "FileAccessInformation",
|
|
FileNameInformation, "FileNameInformation",
|
|
FileRenameInformation, "FileRenameInformation",
|
|
FileLinkInformation, "FileLinkInformation",
|
|
FileNamesInformation, "FileNamesInformation",
|
|
FileDispositionInformation, "FileDispositionInformation",
|
|
FilePositionInformation, "FilePositionInformation",
|
|
FileFullEaInformation, "FileFullEaInformation",
|
|
FileModeInformation, "FileModeInformation",
|
|
FileAlignmentInformation, "FileAlignmentInformation",
|
|
FileAllInformation, "FileAllInformation",
|
|
FileAllocationInformation, "FileAllocationInformation",
|
|
FileEndOfFileInformation, "FileEndOfFileInformation",
|
|
FileAlternateNameInformation, "FileAlternateNameInformation",
|
|
FileStreamInformation, "FileStreamInformation",
|
|
FilePipeInformation, "FilePipeInformation",
|
|
FilePipeLocalInformation, "FilePipeLocalInformation",
|
|
FilePipeRemoteInformation, "FilePipeRemoteInformation",
|
|
FileMailslotQueryInformation, "FileMailslotQueryInformation",
|
|
FileMailslotSetInformation, "FileMailslotSetInformation",
|
|
FileCompressionInformation, "FileCompressionInformation",
|
|
FileCompletionInformation, "FileCompletionInformation",
|
|
FileMoveClusterInformation, "FileMoveClusterInformation",
|
|
0xFFFFFFFF, "%x"
|
|
};
|
|
|
|
ENUM_TYPE_NAMES KeyCreateOptionNames[] = {
|
|
REG_OPTION_VOLATILE, "REG_OPTION_VOLATILE",
|
|
REG_OPTION_CREATE_LINK, "REG_OPTION_CREATE_LINK",
|
|
REG_OPTION_BACKUP_RESTORE, "REG_OPTION_BACKUP_RESTORE",
|
|
0xFFFFFFFF, "%x"
|
|
};
|
|
|
|
ENUM_TYPE_NAMES KeyDispositionNames[] = {
|
|
REG_CREATED_NEW_KEY, "REG_CREATED_NEW_KEY",
|
|
REG_OPENED_EXISTING_KEY, "REG_OPENED_EXISTING_KEY",
|
|
0xFFFFFFFF, "%x"
|
|
};
|
|
|
|
|
|
#endif // TRACE_ENABLED
|
|
|
|
BOOLEAN
|
|
IsFileWriteAccessRequested(
|
|
ACCESS_MASK DesiredAccess,
|
|
ULONG CreateDisposition
|
|
)
|
|
{
|
|
if (DesiredAccess & (GENERIC_WRITE |
|
|
GENERIC_ALL |
|
|
DELETE |
|
|
FILE_WRITE_DATA |
|
|
FILE_APPEND_DATA
|
|
)
|
|
) {
|
|
return TRUE;
|
|
}
|
|
|
|
if (CreateDisposition != FILE_OPEN && CreateDisposition != FILE_OPEN_IF) {
|
|
return TRUE;
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
BOOLEAN
|
|
NtCreateFileHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PCREATEFILE_PARAMETERS p = &Parameters->InputParameters.CreateFile;
|
|
BOOLEAN Result;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
Result = CaptureOpenState( Process,
|
|
Parameters,
|
|
p->ObjectAttributes,
|
|
IsFileWriteAccessRequested( p->DesiredAccess, p->CreateDisposition ),
|
|
p->FileHandle,
|
|
HANDLE_TYPE_FILE
|
|
);
|
|
|
|
|
|
if (Result
|
|
// && Parameters->SavedCallState.PathOpen.WriteAccessRequested
|
|
) {
|
|
DbgEvent( CREATEEVENT, ( "NtCreateFile called:\n"
|
|
" Name: %ws\n"
|
|
" Access: %s\n"
|
|
" Share: %s\n"
|
|
" Create: %s\n"
|
|
" Options:%s\n",
|
|
Parameters->SavedCallState.FullName,
|
|
FormatEnumType( 0,
|
|
FileAccessNames,
|
|
p->DesiredAccess,
|
|
TRUE
|
|
),
|
|
FormatEnumType( 1,
|
|
FileShareNames,
|
|
p->ShareAccess,
|
|
TRUE
|
|
),
|
|
FormatEnumType( 2,
|
|
FileCreateDispositionNames,
|
|
p->CreateDisposition,
|
|
FALSE
|
|
),
|
|
FormatEnumType( 3,
|
|
FileCreateOptionNames,
|
|
p->CreateOptions,
|
|
TRUE
|
|
)
|
|
)
|
|
);
|
|
}
|
|
}
|
|
else {
|
|
Result = CompleteOpenState( Process,
|
|
Parameters
|
|
);
|
|
if (Result
|
|
// && Parameters->SavedCallState.PathOpen.WriteAccessRequested
|
|
) {
|
|
IO_STATUS_BLOCK IoStatusBlock;
|
|
|
|
ReadMemory( Process,
|
|
p->IoStatusBlock,
|
|
&IoStatusBlock,
|
|
sizeof( IoStatusBlock ),
|
|
"IoStatusBlock"
|
|
);
|
|
DbgEvent( CREATEEVENT, ( "*** Returned %s [%s %s]\n",
|
|
FormatEnumType( 0,
|
|
(PENUM_TYPE_NAMES)ntstatusSymbolicNames,
|
|
Parameters->ReturnValue.ReturnedLong,
|
|
FALSE
|
|
),
|
|
FormatEnumType( 1,
|
|
(PENUM_TYPE_NAMES)ntstatusSymbolicNames,
|
|
IoStatusBlock.Status,
|
|
FALSE
|
|
),
|
|
FormatEnumType( 2,
|
|
FileIoStatusInfoNames,
|
|
IoStatusBlock.Information,
|
|
FALSE
|
|
)
|
|
)
|
|
);
|
|
}
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
|
|
BOOLEAN
|
|
NtOpenFileHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
POPENFILE_PARAMETERS p = &Parameters->InputParameters.OpenFile;
|
|
BOOLEAN Result;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
Result = CaptureOpenState( Process,
|
|
Parameters,
|
|
p->ObjectAttributes,
|
|
IsFileWriteAccessRequested( p->DesiredAccess, FILE_OPEN ),
|
|
p->FileHandle,
|
|
HANDLE_TYPE_FILE
|
|
);
|
|
if (Result
|
|
// && Parameters->SavedCallState.PathOpen.WriteAccessRequested
|
|
) {
|
|
DbgEvent( CREATEEVENT, ( "NtOpenFile called:\n"
|
|
" Name: %ws\n"
|
|
" Access: %s\n"
|
|
" Share: %s\n"
|
|
" Options:%s\n",
|
|
Parameters->SavedCallState.FullName,
|
|
FormatEnumType( 0,
|
|
FileAccessNames,
|
|
p->DesiredAccess,
|
|
TRUE
|
|
),
|
|
FormatEnumType( 1,
|
|
FileShareNames,
|
|
p->ShareAccess,
|
|
TRUE
|
|
),
|
|
FormatEnumType( 2,
|
|
FileCreateOptionNames,
|
|
p->OpenOptions,
|
|
TRUE
|
|
)
|
|
)
|
|
);
|
|
}
|
|
}
|
|
else {
|
|
Result = CompleteOpenState( Process,
|
|
Parameters
|
|
);
|
|
if (Result
|
|
// && Parameters->SavedCallState.PathOpen.WriteAccessRequested
|
|
) {
|
|
IO_STATUS_BLOCK IoStatusBlock;
|
|
|
|
ReadMemory( Process,
|
|
p->IoStatusBlock,
|
|
&IoStatusBlock,
|
|
sizeof( IoStatusBlock ),
|
|
"IoStatusBlock"
|
|
);
|
|
DbgEvent( CREATEEVENT, ( "*** Returned %s [%s %s]\n",
|
|
FormatEnumType( 0,
|
|
(PENUM_TYPE_NAMES)ntstatusSymbolicNames,
|
|
Parameters->ReturnValue.ReturnedLong,
|
|
FALSE
|
|
),
|
|
FormatEnumType( 1,
|
|
(PENUM_TYPE_NAMES)ntstatusSymbolicNames,
|
|
IoStatusBlock.Status,
|
|
FALSE
|
|
),
|
|
FormatEnumType( 2,
|
|
FileIoStatusInfoNames,
|
|
IoStatusBlock.Information,
|
|
FALSE
|
|
)
|
|
)
|
|
);
|
|
}
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
|
|
BOOLEAN
|
|
NtDeleteFileHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PDELETEFILE_PARAMETERS p = &Parameters->InputParameters.DeleteFile;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
UNICODE_STRING ObjectName;
|
|
PWSTR FullName;
|
|
BOOLEAN Result, CallSuccessful;
|
|
PFILE_REFERENCE FileReference;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
if (CaptureObjectAttributes( Process,
|
|
p->ObjectAttributes,
|
|
&ObjectAttributes,
|
|
&ObjectName
|
|
) &&
|
|
CaptureFullName( Process,
|
|
HANDLE_TYPE_FILE,
|
|
ObjectAttributes.RootDirectory,
|
|
ObjectName.Buffer,
|
|
ObjectName.Length,
|
|
&FullName
|
|
) &&
|
|
CreateSavedCallState( Process,
|
|
&Parameters->SavedCallState,
|
|
DeletePath,
|
|
HANDLE_TYPE_FILE,
|
|
FullName
|
|
)
|
|
) {
|
|
Result = CreateFileReference( FullName,
|
|
TRUE,
|
|
(PFILE_REFERENCE *)&Parameters->SavedCallState.Reference
|
|
);
|
|
}
|
|
else {
|
|
Result = FALSE;
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
else {
|
|
if (NT_SUCCESS( Parameters->ReturnValue.ReturnedLong )) {
|
|
CallSuccessful = TRUE;
|
|
}
|
|
else {
|
|
CallSuccessful = FALSE;
|
|
}
|
|
|
|
FileReference = (PFILE_REFERENCE)Parameters->SavedCallState.Reference;
|
|
CompleteFileReference( FileReference,
|
|
CallSuccessful,
|
|
TRUE,
|
|
NULL
|
|
);
|
|
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
#undef DeleteFile
|
|
|
|
|
|
BOOLEAN
|
|
NtSetInformationFileHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PSETINFORMATIONFILE_PARAMETERS p = &Parameters->InputParameters.SetInformationFile;
|
|
POPENHANDLE_INFO HandleInfo;
|
|
FILE_RENAME_INFORMATION RenameInformation;
|
|
FILE_DISPOSITION_INFORMATION DispositionInformation;
|
|
PWSTR NewName, OldName;
|
|
PFILE_REFERENCE OldFileReference;
|
|
PFILE_REFERENCE NewFileReference;
|
|
BOOLEAN Result, CallSuccessful;
|
|
|
|
HandleInfo = FindOpenHandle( Process,
|
|
p->FileHandle,
|
|
HANDLE_TYPE_FILE
|
|
);
|
|
if (HandleInfo == NULL) {
|
|
Result = FALSE;
|
|
}
|
|
else
|
|
if (p->FileInformationClass == FileRenameInformation) {
|
|
//
|
|
// Renaming an open file.
|
|
//
|
|
if (!Parameters->ReturnValueValid) {
|
|
if (ReadMemory( Process,
|
|
p->FileInformation,
|
|
&RenameInformation,
|
|
FIELD_OFFSET( FILE_RENAME_INFORMATION, FileName ),
|
|
"rename information"
|
|
) &&
|
|
CaptureFullName( Process,
|
|
HANDLE_TYPE_FILE,
|
|
RenameInformation.RootDirectory,
|
|
&((PFILE_RENAME_INFORMATION)(p->FileInformation))->FileName[ 0 ],
|
|
RenameInformation.FileNameLength,
|
|
&NewName
|
|
) &&
|
|
CreateSavedCallState( Process,
|
|
&Parameters->SavedCallState,
|
|
RenamePath,
|
|
HANDLE_TYPE_FILE,
|
|
HandleInfo->Name,
|
|
NewName,
|
|
RenameInformation.ReplaceIfExists
|
|
)
|
|
) {
|
|
Result = CreateFileReference( NewName,
|
|
RenameInformation.ReplaceIfExists,
|
|
(PFILE_REFERENCE *)&Parameters->SavedCallState.Reference
|
|
);
|
|
}
|
|
else {
|
|
Result = FALSE;
|
|
}
|
|
}
|
|
else {
|
|
OldName = NULL;
|
|
if (NT_SUCCESS( Parameters->ReturnValue.ReturnedLong )) {
|
|
CallSuccessful = TRUE;
|
|
OldFileReference = FindFileReference( HandleInfo->Name );
|
|
if (OldFileReference) {
|
|
OldName = OldFileReference->Name;
|
|
}
|
|
}
|
|
else {
|
|
CallSuccessful = FALSE;
|
|
OldFileReference = NULL;
|
|
}
|
|
|
|
NewFileReference = (PFILE_REFERENCE)Parameters->SavedCallState.Reference;
|
|
NewName = NewFileReference->Name;
|
|
CompleteFileReference( NewFileReference,
|
|
CallSuccessful,
|
|
(BOOLEAN)(!NewFileReference->Created),
|
|
OldFileReference
|
|
);
|
|
Result = TRUE;
|
|
}
|
|
}
|
|
else
|
|
if (p->FileInformationClass == FileDispositionInformation) {
|
|
//
|
|
// Marking an open file for delete.
|
|
//
|
|
if (!Parameters->ReturnValueValid) {
|
|
if (ReadMemory( Process,
|
|
p->FileInformation,
|
|
&DispositionInformation,
|
|
sizeof( DispositionInformation ),
|
|
"disposition information"
|
|
) &&
|
|
DispositionInformation.DeleteFile &&
|
|
CreateSavedCallState( Process,
|
|
&Parameters->SavedCallState,
|
|
DeletePath,
|
|
HANDLE_TYPE_FILE,
|
|
HandleInfo->Name
|
|
)
|
|
) {
|
|
Result = TRUE;
|
|
}
|
|
else {
|
|
Result = FALSE;
|
|
}
|
|
}
|
|
else {
|
|
if (NT_SUCCESS( Parameters->ReturnValue.ReturnedLong )) {
|
|
if (OldFileReference = FindFileReference( HandleInfo->Name )) {
|
|
if (OldFileReference->Created) {
|
|
LogEvent( INSTALER_EVENT_DELETE_TEMP_FILE,
|
|
2,
|
|
OldFileReference->DirectoryFile ? L"directory" : L"file",
|
|
OldFileReference->Name
|
|
);
|
|
DestroyFileReference( OldFileReference );
|
|
}
|
|
else {
|
|
OldFileReference->Deleted = TRUE;
|
|
LogEvent( INSTALER_EVENT_DELETE_FILE,
|
|
2,
|
|
OldFileReference->DirectoryFile ? L"directory" : L"file",
|
|
OldFileReference->Name
|
|
);
|
|
}
|
|
}
|
|
}
|
|
|
|
Result = TRUE;
|
|
}
|
|
}
|
|
else {
|
|
Result = FALSE;
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
|
|
|
|
|
|
|
|
BOOLEAN
|
|
CaptureUnicodeString(
|
|
PPROCESS_INFO Process,
|
|
PUNICODE_STRING UnicodeStringAddress,
|
|
PWSTR *ReturnedString
|
|
)
|
|
{
|
|
UNICODE_STRING UnicodeString;
|
|
PWSTR s;
|
|
|
|
s = NULL;
|
|
if (ReadMemory( Process,
|
|
UnicodeStringAddress,
|
|
&UnicodeString,
|
|
sizeof( UnicodeString ),
|
|
"unicode string"
|
|
) &&
|
|
((s = AllocMem( UnicodeString.Length + sizeof( UNICODE_NULL ) )) != NULL) &&
|
|
ReadMemory( Process,
|
|
UnicodeString.Buffer,
|
|
s,
|
|
UnicodeString.Length,
|
|
"unicode string buffer"
|
|
)
|
|
) {
|
|
*ReturnedString = s;
|
|
return TRUE;
|
|
}
|
|
|
|
FreeMem( &s );
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
NtQueryAttributesFileHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PQUERYATTRIBUTESFILE_PARAMETERS p = &Parameters->InputParameters.QueryAttributesFile;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
UNICODE_STRING ObjectName;
|
|
PWSTR FullName;
|
|
NTSTATUS Status;
|
|
BOOLEAN Result;
|
|
CHAR Buffer[ MAX_PATH ];
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
FullName = NULL;
|
|
Result = FALSE;
|
|
if (CaptureObjectAttributes( Process,
|
|
p->ObjectAttributes,
|
|
&ObjectAttributes,
|
|
&ObjectName
|
|
) &&
|
|
CaptureFullName( Process,
|
|
HANDLE_TYPE_FILE,
|
|
ObjectAttributes.RootDirectory,
|
|
ObjectName.Buffer,
|
|
ObjectName.Length,
|
|
&FullName
|
|
) &&
|
|
CreateSavedCallState( Process,
|
|
&Parameters->SavedCallState,
|
|
QueryPath,
|
|
HANDLE_TYPE_FILE,
|
|
FullName
|
|
)
|
|
) {
|
|
Result = CreateFileReference( FullName,
|
|
FALSE,
|
|
(PFILE_REFERENCE *)&Parameters->SavedCallState.Reference
|
|
);
|
|
}
|
|
else {
|
|
Result = FALSE;
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
else {
|
|
FILE_BASIC_INFORMATION FileInformation;
|
|
|
|
ReadMemory( Process,
|
|
p->FileInformation,
|
|
&FileInformation,
|
|
sizeof( FileInformation ),
|
|
"FileInformation"
|
|
);
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
BOOLEAN
|
|
NtQueryDirectoryFileHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PQUERYDIRECTORYFILE_PARAMETERS p = &Parameters->InputParameters.QueryDirectoryFile;
|
|
POPENHANDLE_INFO HandleInfo;
|
|
PWSTR FileName;
|
|
NTSTATUS Status;
|
|
BOOLEAN Result;
|
|
PULONG pNextEntryOffset;
|
|
ULONG NextEntryOffset;
|
|
ULONG EntriesReturned;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
FileName = NULL;
|
|
Result = FALSE;
|
|
if ((HandleInfo = FindOpenHandle( Process,
|
|
p->FileHandle,
|
|
HANDLE_TYPE_FILE
|
|
)
|
|
) != NULL &&
|
|
p->FileName != NULL &&
|
|
CaptureUnicodeString( Process,
|
|
p->FileName,
|
|
&FileName
|
|
)
|
|
) {
|
|
if (HandleInfo->RootDirectory &&
|
|
!wcscmp( FileName, L"*" ) || !wcscmp( FileName, L"*.*" )
|
|
) {
|
|
if (AskUserOnce) {
|
|
AskUserOnce = FALSE;
|
|
if (AskUser( MB_OKCANCEL,
|
|
INSTALER_ASKUSER_ROOTSCAN,
|
|
1,
|
|
HandleInfo->Name
|
|
) == IDCANCEL
|
|
) {
|
|
FailAllScansOfRootDirectories = TRUE;
|
|
}
|
|
}
|
|
|
|
Parameters->AbortCall = FailAllScansOfRootDirectories;
|
|
}
|
|
|
|
if (FileName) {
|
|
HandleInfo->QueryName = FileName;
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
else {
|
|
if (Parameters->AbortCall) {
|
|
//
|
|
// If we get here, then user wanted to fail this call.
|
|
//
|
|
Status = STATUS_NO_MORE_FILES;
|
|
SetProcedureReturnValue( Process,
|
|
Thread,
|
|
&Status,
|
|
sizeof( Status )
|
|
);
|
|
return TRUE;
|
|
}
|
|
else {
|
|
if ((HandleInfo = FindOpenHandle( Process,
|
|
p->FileHandle,
|
|
HANDLE_TYPE_FILE
|
|
)
|
|
) != NULL
|
|
) {
|
|
//
|
|
// If successful, count entries returned
|
|
//
|
|
if (NT_SUCCESS( Parameters->ReturnValue.ReturnedLong )) {
|
|
//
|
|
// Return buffer is a set of records, the first DWORD of each contains
|
|
// the offset to the next one or zero to indicate the end. Count them.
|
|
//
|
|
pNextEntryOffset = (PULONG)p->FileInformation;
|
|
EntriesReturned = 1;
|
|
while (ReadMemory( Process,
|
|
pNextEntryOffset,
|
|
&NextEntryOffset,
|
|
sizeof( NextEntryOffset ),
|
|
"DirectoryInformation"
|
|
) &&
|
|
NextEntryOffset != 0
|
|
) {
|
|
pNextEntryOffset = (PULONG)((PCHAR)pNextEntryOffset + NextEntryOffset);
|
|
EntriesReturned += 1;
|
|
}
|
|
|
|
LogEvent( INSTALER_EVENT_SCAN_DIRECTORY,
|
|
3,
|
|
HandleInfo->Name,
|
|
HandleInfo->QueryName ? HandleInfo->QueryName : L"*",
|
|
EntriesReturned
|
|
);
|
|
|
|
}
|
|
else {
|
|
FreeMem( &HandleInfo->QueryName );
|
|
}
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
IsKeyWriteAccessRequested(
|
|
ACCESS_MASK DesiredAccess
|
|
)
|
|
{
|
|
if (DesiredAccess & (GENERIC_WRITE |
|
|
GENERIC_ALL |
|
|
DELETE |
|
|
KEY_SET_VALUE |
|
|
KEY_CREATE_SUB_KEY |
|
|
KEY_CREATE_LINK
|
|
)
|
|
) {
|
|
return TRUE;
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
BOOLEAN
|
|
NtCreateKeyHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PCREATEKEY_PARAMETERS p = &Parameters->InputParameters.CreateKey;
|
|
BOOLEAN Result;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
Result = CaptureOpenState( Process,
|
|
Parameters,
|
|
p->ObjectAttributes,
|
|
IsKeyWriteAccessRequested( p->DesiredAccess ),
|
|
p->KeyHandle,
|
|
HANDLE_TYPE_KEY
|
|
);
|
|
}
|
|
else {
|
|
Result = CompleteOpenState( Process,
|
|
Parameters
|
|
);
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
|
|
BOOLEAN
|
|
NtOpenKeyHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
POPENKEY_PARAMETERS p = &Parameters->InputParameters.OpenKey;
|
|
BOOLEAN Result;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
Result = CaptureOpenState( Process,
|
|
Parameters,
|
|
p->ObjectAttributes,
|
|
IsKeyWriteAccessRequested( p->DesiredAccess ),
|
|
p->KeyHandle,
|
|
HANDLE_TYPE_KEY
|
|
);
|
|
}
|
|
else {
|
|
Result = CompleteOpenState( Process,
|
|
Parameters
|
|
);
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
|
|
BOOLEAN
|
|
NtDeleteKeyHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PDELETEKEY_PARAMETERS p = &Parameters->InputParameters.DeleteKey;
|
|
POPENHANDLE_INFO HandleInfo;
|
|
PKEY_REFERENCE OldKeyReference;
|
|
BOOLEAN Result;
|
|
|
|
//
|
|
// Marking an open key for delete.
|
|
//
|
|
HandleInfo = FindOpenHandle( Process,
|
|
p->KeyHandle,
|
|
HANDLE_TYPE_KEY
|
|
);
|
|
if (HandleInfo == NULL) {
|
|
Result = FALSE;
|
|
}
|
|
else
|
|
if (!Parameters->ReturnValueValid) {
|
|
if (CreateSavedCallState( Process,
|
|
&Parameters->SavedCallState,
|
|
DeletePath,
|
|
HANDLE_TYPE_KEY,
|
|
HandleInfo->Name
|
|
)
|
|
) {
|
|
Result = TRUE;
|
|
}
|
|
else {
|
|
Result = FALSE;
|
|
}
|
|
}
|
|
else {
|
|
if (NT_SUCCESS( Parameters->ReturnValue.ReturnedLong )) {
|
|
if (OldKeyReference = FindKeyReference( HandleInfo->Name )) {
|
|
if (OldKeyReference->Created) {
|
|
LogEvent( INSTALER_EVENT_DELETE_TEMP_KEY,
|
|
1,
|
|
OldKeyReference->Name
|
|
);
|
|
DestroyKeyReference( OldKeyReference );
|
|
}
|
|
else {
|
|
MarkKeyDeleted( OldKeyReference );
|
|
LogEvent( INSTALER_EVENT_DELETE_KEY,
|
|
1,
|
|
OldKeyReference->Name
|
|
);
|
|
}
|
|
}
|
|
}
|
|
|
|
Result = TRUE;
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
|
|
BOOLEAN
|
|
CaptureValueName(
|
|
PPROCESS_INFO Process,
|
|
PUNICODE_STRING Name,
|
|
PWSTR *ReturnedValueName
|
|
)
|
|
{
|
|
UNICODE_STRING ValueName;
|
|
PWSTR s;
|
|
|
|
*ReturnedValueName = NULL;
|
|
if (Name == NULL ||
|
|
!ReadMemory( Process,
|
|
Name,
|
|
&ValueName,
|
|
sizeof( ValueName ),
|
|
"value name string"
|
|
)
|
|
) {
|
|
return FALSE;
|
|
}
|
|
|
|
s = AllocMem( ValueName.Length + sizeof( UNICODE_NULL ) );
|
|
if (s == NULL) {
|
|
return FALSE;
|
|
}
|
|
|
|
if (!ReadMemory( Process,
|
|
ValueName.Buffer,
|
|
s,
|
|
ValueName.Length,
|
|
"value name buffer"
|
|
)
|
|
) {
|
|
FreeMem( &s );
|
|
return FALSE;
|
|
}
|
|
|
|
s[ ValueName.Length / sizeof( WCHAR ) ] = UNICODE_NULL;
|
|
ValueName.Buffer = s;
|
|
ValueName.MaximumLength = (USHORT)(ValueName.Length + sizeof( UNICODE_NULL ));
|
|
*ReturnedValueName = AddName( &ValueName );
|
|
FreeMem( &ValueName.Buffer );
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
NtSetValueKeyHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PSETVALUEKEY_PARAMETERS p = &Parameters->InputParameters.SetValueKey;
|
|
POPENHANDLE_INFO HandleInfo;
|
|
PWSTR ValueName;
|
|
PKEY_REFERENCE KeyReference;
|
|
PVALUE_REFERENCE ValueReference;
|
|
BOOLEAN Result;
|
|
|
|
//
|
|
// Setting a value
|
|
//
|
|
HandleInfo = FindOpenHandle( Process,
|
|
p->KeyHandle,
|
|
HANDLE_TYPE_KEY
|
|
);
|
|
if (HandleInfo == NULL) {
|
|
Result = FALSE;
|
|
}
|
|
else
|
|
if (!Parameters->ReturnValueValid) {
|
|
if (CaptureValueName( Process,
|
|
p->ValueName,
|
|
&ValueName
|
|
) &&
|
|
CreateSavedCallState( Process,
|
|
&Parameters->SavedCallState,
|
|
SetValue,
|
|
HANDLE_TYPE_KEY,
|
|
ValueName
|
|
)
|
|
) {
|
|
Result = TRUE;
|
|
}
|
|
else {
|
|
Result = FALSE;
|
|
}
|
|
}
|
|
else {
|
|
if (NT_SUCCESS( Parameters->ReturnValue.ReturnedLong ) &&
|
|
(KeyReference = FindKeyReference( HandleInfo->Name ))
|
|
) {
|
|
CreateValueReference( Process,
|
|
KeyReference,
|
|
Parameters->SavedCallState.FullName,
|
|
p->TitleIndex,
|
|
p->Type,
|
|
p->Data,
|
|
p->DataLength,
|
|
&ValueReference
|
|
);
|
|
|
|
if (ValueReference != NULL) {
|
|
LogEvent( INSTALER_EVENT_SET_KEY_VALUE,
|
|
2,
|
|
ValueReference->Name,
|
|
KeyReference->Name
|
|
);
|
|
}
|
|
}
|
|
|
|
Result = TRUE;
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
|
|
BOOLEAN
|
|
NtDeleteValueKeyHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PDELETEVALUEKEY_PARAMETERS p = &Parameters->InputParameters.DeleteValueKey;
|
|
POPENHANDLE_INFO HandleInfo;
|
|
PWSTR ValueName;
|
|
PKEY_REFERENCE KeyReference;
|
|
PVALUE_REFERENCE ValueReference;
|
|
BOOLEAN Result;
|
|
|
|
//
|
|
// Marking a value for delete.
|
|
//
|
|
HandleInfo = FindOpenHandle( Process,
|
|
p->KeyHandle,
|
|
HANDLE_TYPE_KEY
|
|
);
|
|
if (HandleInfo == NULL) {
|
|
Result = FALSE;
|
|
}
|
|
else
|
|
if (!Parameters->ReturnValueValid) {
|
|
if (CaptureValueName( Process,
|
|
p->ValueName,
|
|
&ValueName
|
|
) &&
|
|
CreateSavedCallState( Process,
|
|
&Parameters->SavedCallState,
|
|
DeleteValue,
|
|
HANDLE_TYPE_KEY,
|
|
ValueName
|
|
)
|
|
) {
|
|
Result = TRUE;
|
|
}
|
|
else {
|
|
Result = FALSE;
|
|
}
|
|
}
|
|
else {
|
|
if (NT_SUCCESS( Parameters->ReturnValue.ReturnedLong ) &&
|
|
(KeyReference = FindKeyReference( HandleInfo->Name )) &&
|
|
(ValueReference = FindValueReference( KeyReference, Parameters->SavedCallState.FullName ))
|
|
) {
|
|
if (ValueReference->Created) {
|
|
LogEvent( INSTALER_EVENT_DELETE_KEY_TEMP_VALUE,
|
|
2,
|
|
ValueReference->Name,
|
|
KeyReference->Name
|
|
);
|
|
DestroyValueReference( ValueReference );
|
|
}
|
|
else {
|
|
ValueReference->Deleted = TRUE;
|
|
LogEvent( INSTALER_EVENT_DELETE_KEY_VALUE,
|
|
2,
|
|
ValueReference->Name,
|
|
KeyReference->Name
|
|
);
|
|
}
|
|
}
|
|
|
|
Result = TRUE;
|
|
}
|
|
|
|
return Result;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
NtCloseHandleHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PCLOSEHANDLE_PARAMETERS p = &Parameters->InputParameters.CloseHandle;
|
|
POPENHANDLE_INFO HandleInfo;
|
|
PFILE_REFERENCE FileReference;
|
|
|
|
HandleInfo = FindOpenHandle( Process, p->Handle, (ULONG)-1 );
|
|
if (!Parameters->ReturnValueValid) {
|
|
if (HandleInfo != NULL) {
|
|
return TRUE;
|
|
}
|
|
else {
|
|
return FALSE;
|
|
}
|
|
}
|
|
else {
|
|
if (NT_SUCCESS( Parameters->ReturnValue.ReturnedLong )) {
|
|
if (HandleInfo != NULL &&
|
|
HandleInfo->Type == HANDLE_TYPE_FILE &&
|
|
(FileReference = FindFileReference( HandleInfo->Name )) != NULL &&
|
|
FileReference->WriteAccess &&
|
|
!FileReference->Created &&
|
|
!FileReference->DirectoryFile &&
|
|
IsNewFileSameAsBackup( FileReference )
|
|
) {
|
|
DestroyFileReference( FileReference );
|
|
FileReference = NULL;
|
|
}
|
|
|
|
DeleteOpenHandle( Process, p->Handle, (ULONG)-1 );
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
UCHAR AnsiStringBuffer[ MAX_PATH+1 ];
|
|
WCHAR UnicodeStringBuffer[ MAX_PATH+1 ];
|
|
|
|
BOOLEAN
|
|
CaptureAnsiAsUnicode(
|
|
PPROCESS_INFO Process,
|
|
LPCSTR Address,
|
|
BOOLEAN DoubleNullTermination,
|
|
PWSTR *ReturnedName,
|
|
PWSTR *ReturnedData
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
ULONG BytesRead;
|
|
ANSI_STRING AnsiString;
|
|
UNICODE_STRING UnicodeString;
|
|
|
|
if (Address == NULL) {
|
|
if (ReturnedName != NULL) {
|
|
*ReturnedName = NULL;
|
|
}
|
|
else {
|
|
*ReturnedData = NULL;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
BytesRead = FillTemporaryBuffer( Process,
|
|
(PVOID)Address,
|
|
FALSE,
|
|
DoubleNullTermination
|
|
);
|
|
if (BytesRead != 0 && BytesRead < 0x7FFF) {
|
|
AnsiString.Buffer = TemporaryBuffer;
|
|
AnsiString.Length = (USHORT)BytesRead;
|
|
AnsiString.MaximumLength = (USHORT)BytesRead;
|
|
Status = RtlAnsiStringToUnicodeString( &UnicodeString, &AnsiString, TRUE );
|
|
if (NT_SUCCESS( Status )) {
|
|
if (ReturnedName != NULL) {
|
|
*ReturnedName = AddName( &UnicodeString );
|
|
RtlFreeUnicodeString( &UnicodeString );
|
|
return TRUE;
|
|
}
|
|
else {
|
|
*ReturnedData = UnicodeString.Buffer;
|
|
return TRUE;
|
|
}
|
|
}
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
CaptureUnicode(
|
|
PPROCESS_INFO Process,
|
|
LPCWSTR Address,
|
|
BOOLEAN DoubleNullTermination,
|
|
PWSTR *ReturnedName,
|
|
PWSTR *ReturnedData
|
|
)
|
|
{
|
|
ULONG BytesRead;
|
|
UNICODE_STRING UnicodeString;
|
|
|
|
if (Address == NULL) {
|
|
if (ReturnedName != NULL) {
|
|
*ReturnedName = NULL;
|
|
}
|
|
else {
|
|
*ReturnedData = NULL;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
BytesRead = FillTemporaryBuffer( Process,
|
|
(PVOID)Address,
|
|
TRUE,
|
|
DoubleNullTermination
|
|
);
|
|
if (BytesRead != 0 && (BytesRead & 1) == 0 && BytesRead <= 0xFFFC) {
|
|
if (ReturnedName != NULL) {
|
|
RtlInitUnicodeString( &UnicodeString, TemporaryBuffer );
|
|
*ReturnedName = AddName( &UnicodeString );
|
|
return TRUE;
|
|
}
|
|
else {
|
|
*ReturnedData = AllocMem( BytesRead + sizeof( UNICODE_NULL ) );
|
|
if (*ReturnedData != NULL) {
|
|
memmove( *ReturnedData, TemporaryBuffer, BytesRead );
|
|
return TRUE;
|
|
}
|
|
}
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
GetVersionHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
DWORD dwVersion;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
if (AskUserOnce) {
|
|
AskUserOnce = FALSE;
|
|
if (AskUser( MB_OKCANCEL,
|
|
INSTALER_ASKUSER_GETVERSION,
|
|
0
|
|
) == IDCANCEL
|
|
) {
|
|
DefaultGetVersionToWin95 = TRUE;
|
|
}
|
|
else {
|
|
DefaultGetVersionToWin95 = FALSE;
|
|
}
|
|
}
|
|
|
|
LogEvent( INSTALER_EVENT_GETVERSION,
|
|
1,
|
|
DefaultGetVersionToWin95 ? L"Windows 95" : L"Windows NT"
|
|
);
|
|
Parameters->AbortCall = DefaultGetVersionToWin95;
|
|
return Parameters->AbortCall;
|
|
}
|
|
else {
|
|
dwVersion = 0xC0000004; // What Windows 95 returns
|
|
SetProcedureReturnValue( Process,
|
|
Thread,
|
|
&dwVersion,
|
|
sizeof( dwVersion )
|
|
);
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
BOOLEAN
|
|
GetVersionExWHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PGETVERSIONEXW_PARAMETERS p = &Parameters->InputParameters.GetVersionExW;
|
|
OSVERSIONINFOW VersionInformation;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
if (AskUserOnce) {
|
|
AskUserOnce = FALSE;
|
|
if (AskUser( MB_OKCANCEL,
|
|
INSTALER_ASKUSER_GETVERSION,
|
|
0
|
|
) == IDCANCEL
|
|
) {
|
|
DefaultGetVersionToWin95 = TRUE;
|
|
}
|
|
else {
|
|
DefaultGetVersionToWin95 = FALSE;
|
|
}
|
|
}
|
|
|
|
Parameters->AbortCall = DefaultGetVersionToWin95;
|
|
return Parameters->AbortCall;
|
|
}
|
|
else {
|
|
memset( &VersionInformation, 0, sizeof( VersionInformation ) );
|
|
VersionInformation.dwMajorVersion = 4;
|
|
VersionInformation.dwBuildNumber = 0x3B6; // What Windows 95 returns
|
|
VersionInformation.dwPlatformId = VER_PLATFORM_WIN32_WINDOWS;
|
|
WriteMemory( Process,
|
|
p->lpVersionInformation,
|
|
&VersionInformation,
|
|
sizeof( VersionInformation ),
|
|
"GetVersionExW"
|
|
);
|
|
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
BOOLEAN
|
|
SetCurrentDirectoryAHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PSETCURRENTDIRECTORYA_PARAMETERS p = &Parameters->InputParameters.SetCurrentDirectoryA;
|
|
PWSTR PathName;
|
|
WCHAR PathBuffer[ MAX_PATH ];
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
if (CaptureAnsiAsUnicode( Process, p->lpPathName, FALSE, NULL, &PathName ) && PathName != NULL) {
|
|
Parameters->CurrentDirectory = AllocMem( (wcslen( PathName ) + 1) * sizeof( WCHAR ) );
|
|
if (Parameters->CurrentDirectory != NULL) {
|
|
wcscpy( Parameters->CurrentDirectory, PathName );
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
else {
|
|
if (Parameters->ReturnValue.ReturnedBool != 0) {
|
|
if (SetCurrentDirectory( Parameters->CurrentDirectory ) &&
|
|
GetCurrentDirectory( MAX_PATH, PathBuffer )
|
|
) {
|
|
LogEvent( INSTALER_EVENT_SET_DIRECTORY,
|
|
1,
|
|
PathBuffer
|
|
);
|
|
}
|
|
}
|
|
|
|
FreeMem( &Parameters->CurrentDirectory );
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
BOOLEAN
|
|
SetCurrentDirectoryWHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PSETCURRENTDIRECTORYW_PARAMETERS p = &Parameters->InputParameters.SetCurrentDirectoryW;
|
|
PWSTR PathName;
|
|
WCHAR PathBuffer[ MAX_PATH ];
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
if (CaptureUnicode( Process, p->lpPathName, FALSE, NULL, &PathName ) && PathName != NULL) {
|
|
Parameters->CurrentDirectory = AllocMem( (wcslen( PathName ) + 1) * sizeof( WCHAR ) );
|
|
if (Parameters->CurrentDirectory != NULL) {
|
|
wcscpy( Parameters->CurrentDirectory, PathName );
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
else {
|
|
if (Parameters->ReturnValue.ReturnedBool != 0) {
|
|
if (SetCurrentDirectory( Parameters->CurrentDirectory ) &&
|
|
GetCurrentDirectory( MAX_PATH, PathBuffer )
|
|
) {
|
|
LogEvent( INSTALER_EVENT_SET_DIRECTORY,
|
|
1,
|
|
PathBuffer
|
|
);
|
|
}
|
|
}
|
|
|
|
FreeMem( &Parameters->CurrentDirectory );
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
BOOLEAN
|
|
GetIniFilePath(
|
|
PWSTR IniFileName,
|
|
PWSTR *ReturnedIniFilePath
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
UNICODE_STRING FileName, UnicodeString;
|
|
PWSTR FilePart;
|
|
DWORD n;
|
|
|
|
if (IniFileName == NULL) {
|
|
RtlInitUnicodeString( &FileName, L"win.ini" );
|
|
}
|
|
else {
|
|
RtlInitUnicodeString( &FileName, IniFileName );
|
|
}
|
|
|
|
if ((FileName.Length > sizeof( WCHAR ) &&
|
|
FileName.Buffer[ 1 ] == L':'
|
|
) ||
|
|
(FileName.Length != 0 &&
|
|
wcscspn( FileName.Buffer, L"\\/" ) != (FileName.Length / sizeof( WCHAR ))
|
|
)
|
|
) {
|
|
UnicodeString.MaximumLength = (USHORT)(MAX_PATH * sizeof( WCHAR ));
|
|
UnicodeString.Buffer = AllocMem( UnicodeString.MaximumLength );
|
|
if (UnicodeString.Buffer == NULL) {
|
|
Status = STATUS_NO_MEMORY;
|
|
}
|
|
else {
|
|
UnicodeString.Length = 0;
|
|
n = GetFullPathNameW( FileName.Buffer,
|
|
UnicodeString.MaximumLength / sizeof( WCHAR ),
|
|
UnicodeString.Buffer,
|
|
&FilePart
|
|
);
|
|
if (n > UnicodeString.MaximumLength) {
|
|
Status = STATUS_BUFFER_TOO_SMALL;
|
|
}
|
|
else {
|
|
UnicodeString.Length = (USHORT)(n * sizeof( WCHAR ));
|
|
Status = STATUS_SUCCESS;
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
UnicodeString.Length = 0;
|
|
UnicodeString.MaximumLength = (USHORT)(WindowsDirectory.Length +
|
|
sizeof( WCHAR ) +
|
|
FileName.Length +
|
|
sizeof( UNICODE_NULL )
|
|
);
|
|
UnicodeString.Buffer = AllocMem( UnicodeString.MaximumLength );
|
|
if (UnicodeString.Buffer == NULL) {
|
|
Status = STATUS_NO_MEMORY;
|
|
}
|
|
else {
|
|
RtlCopyUnicodeString( &UnicodeString, &WindowsDirectory );
|
|
Status = RtlAppendUnicodeToString( &UnicodeString,
|
|
L"\\"
|
|
);
|
|
if (NT_SUCCESS( Status )) {
|
|
Status = RtlAppendUnicodeStringToString( &UnicodeString,
|
|
&FileName
|
|
);
|
|
}
|
|
}
|
|
}
|
|
|
|
if (IniFileName != NULL) {
|
|
FreeMem( &IniFileName );
|
|
}
|
|
|
|
if (NT_SUCCESS( Status )) {
|
|
*ReturnedIniFilePath = AddName( &UnicodeString );
|
|
FreeMem( &UnicodeString.Buffer );
|
|
return TRUE;
|
|
}
|
|
else {
|
|
FreeMem( &UnicodeString.Buffer );
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
BOOLEAN
|
|
WritePrivateProfileStringEntry(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters,
|
|
PWSTR IniFilePath,
|
|
PWSTR SectionName,
|
|
PWSTR VariableName,
|
|
PWSTR VariableValue
|
|
)
|
|
{
|
|
if (CreateSavedCallState( Process,
|
|
&Parameters->SavedCallState,
|
|
WriteIniValue,
|
|
HANDLE_TYPE_NONE,
|
|
IniFilePath,
|
|
SectionName,
|
|
VariableName,
|
|
VariableValue
|
|
) &&
|
|
CreateIniFileReference( IniFilePath,
|
|
(PINI_FILE_REFERENCE *)&Parameters->SavedCallState.Reference
|
|
)
|
|
) {
|
|
return TRUE;
|
|
}
|
|
else {
|
|
FreeMem( &VariableValue );
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
WritePrivateProfileStringExit(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PAPI_SAVED_CALL_STATE CallState;
|
|
PINI_FILE_REFERENCE IniFileReference;
|
|
PINI_SECTION_REFERENCE IniSectionReference;
|
|
PINI_VARIABLE_REFERENCE IniVariableReference;
|
|
|
|
if (Parameters->ReturnValue.ReturnedLong != 0) {
|
|
CallState = &Parameters->SavedCallState;
|
|
if (CallState->FullName == NULL &&
|
|
CallState->SetIniValue.SectionName == NULL &&
|
|
CallState->SetIniValue.VariableName == NULL
|
|
) {
|
|
//
|
|
// Ignore calls to flush INI cache
|
|
//
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
IniFileReference = FindIniFileReference( CallState->FullName );
|
|
if (IniFileReference == NULL) {
|
|
return TRUE;
|
|
}
|
|
|
|
IniSectionReference = FindIniSectionReference( IniFileReference,
|
|
CallState->SetIniValue.SectionName,
|
|
(BOOLEAN)(CallState->SetIniValue.VariableName != NULL)
|
|
);
|
|
if (IniSectionReference == NULL) {
|
|
return TRUE;
|
|
}
|
|
|
|
if (CallState->SetIniValue.VariableName == NULL) {
|
|
IniSectionReference->Deleted = TRUE;
|
|
LogEvent( INSTALER_EVENT_INI_DELETE_SECTION,
|
|
2,
|
|
CallState->FullName,
|
|
CallState->SetIniValue.SectionName
|
|
);
|
|
} else {
|
|
IniVariableReference = FindIniVariableReference( IniSectionReference,
|
|
CallState->SetIniValue.VariableName,
|
|
(BOOLEAN)(CallState->SetIniValue.VariableValue != NULL)
|
|
);
|
|
if (IniVariableReference != NULL) {
|
|
if (CallState->SetIniValue.VariableValue != NULL) {
|
|
FreeMem( &IniVariableReference->Value );
|
|
IniVariableReference->Value = CallState->SetIniValue.VariableValue;
|
|
CallState->SetIniValue.VariableValue = NULL;
|
|
if (!IniVariableReference->Created) {
|
|
if (!wcscmp( IniVariableReference->Value,
|
|
IniVariableReference->OriginalValue
|
|
)
|
|
) {
|
|
FreeMem( &IniVariableReference->Value );
|
|
} else {
|
|
IniVariableReference->Modified = TRUE;
|
|
LogEvent( INSTALER_EVENT_INI_CHANGE,
|
|
5,
|
|
CallState->FullName,
|
|
CallState->SetIniValue.SectionName,
|
|
CallState->SetIniValue.VariableName,
|
|
IniVariableReference->Value,
|
|
IniVariableReference->OriginalValue
|
|
);
|
|
}
|
|
} else {
|
|
LogEvent( INSTALER_EVENT_INI_CREATE,
|
|
4,
|
|
CallState->FullName,
|
|
CallState->SetIniValue.SectionName,
|
|
CallState->SetIniValue.VariableName,
|
|
IniVariableReference->Value
|
|
);
|
|
}
|
|
|
|
} else if (!IniVariableReference->Created) {
|
|
IniVariableReference->Deleted = TRUE;
|
|
LogEvent( INSTALER_EVENT_INI_DELETE,
|
|
4,
|
|
CallState->FullName,
|
|
CallState->SetIniValue.SectionName,
|
|
CallState->SetIniValue.VariableName,
|
|
IniVariableReference->OriginalValue
|
|
);
|
|
} else {
|
|
DestroyIniVariableReference( IniVariableReference );
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
WritePrivateProfileStringAHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PWRITEPRIVATEPROFILESTRINGA_PARAMETERS p = &Parameters->InputParameters.WritePrivateProfileStringA;
|
|
PWSTR SectionName, VariableName, FileName, VariableValue;
|
|
PWSTR IniFilePath;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
FileName = NULL;
|
|
VariableValue = NULL;
|
|
if (CaptureAnsiAsUnicode( Process, p->lpFileName, FALSE, NULL, &FileName ) &&
|
|
GetIniFilePath( FileName, &IniFilePath ) &&
|
|
CaptureAnsiAsUnicode( Process, p->lpAppName, FALSE, &SectionName, NULL ) &&
|
|
CaptureAnsiAsUnicode( Process, p->lpKeyName, FALSE, &VariableName, NULL ) &&
|
|
CaptureAnsiAsUnicode( Process, p->lpString, FALSE, NULL, &VariableValue )
|
|
) {
|
|
if (FileName != NULL || SectionName != NULL) {
|
|
return WritePrivateProfileStringEntry( Process,
|
|
Thread,
|
|
Parameters,
|
|
IniFilePath,
|
|
SectionName,
|
|
VariableName,
|
|
VariableValue
|
|
);
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
else {
|
|
return WritePrivateProfileStringExit( Process,
|
|
Thread,
|
|
Parameters
|
|
);
|
|
}
|
|
}
|
|
|
|
BOOLEAN
|
|
WritePrivateProfileStringWHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PWRITEPRIVATEPROFILESTRINGW_PARAMETERS p = &Parameters->InputParameters.WritePrivateProfileStringW;
|
|
PWSTR SectionName, VariableName, FileName, VariableValue;
|
|
PWSTR IniFilePath;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
FileName = NULL;
|
|
IniFilePath = NULL;
|
|
SectionName = NULL;
|
|
VariableName = NULL;
|
|
VariableValue = NULL;
|
|
if (CaptureUnicode( Process, p->lpFileName, FALSE, NULL, &FileName ) &&
|
|
GetIniFilePath( FileName, &IniFilePath ) &&
|
|
CaptureUnicode( Process, p->lpAppName, FALSE, &SectionName, NULL ) &&
|
|
CaptureUnicode( Process, p->lpKeyName, FALSE, &VariableName, NULL ) &&
|
|
CaptureUnicode( Process, p->lpString, FALSE, NULL, &VariableValue )
|
|
) {
|
|
|
|
if (FileName != NULL || SectionName != NULL) {
|
|
return WritePrivateProfileStringEntry( Process,
|
|
Thread,
|
|
Parameters,
|
|
IniFilePath,
|
|
SectionName,
|
|
VariableName,
|
|
VariableValue );
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
return WritePrivateProfileStringExit( Process,
|
|
Thread,
|
|
Parameters );
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
WritePrivateProfileSectionEntry(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters,
|
|
PWSTR IniFilePath,
|
|
PWSTR SectionName,
|
|
PWSTR SectionValue
|
|
)
|
|
{
|
|
if (CreateSavedCallState( Process,
|
|
&Parameters->SavedCallState,
|
|
WriteIniSection,
|
|
HANDLE_TYPE_NONE,
|
|
IniFilePath,
|
|
SectionName,
|
|
SectionValue )
|
|
&&
|
|
CreateIniFileReference( IniFilePath,
|
|
(PINI_FILE_REFERENCE *)&Parameters->SavedCallState.Reference )
|
|
) {
|
|
return TRUE;
|
|
}
|
|
|
|
FreeMem( &SectionValue );
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
WritePrivateProfileSectionExit(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PAPI_SAVED_CALL_STATE CallState;
|
|
PINI_FILE_REFERENCE IniFileReference;
|
|
PINI_SECTION_REFERENCE IniSectionReference;
|
|
PINI_VARIABLE_REFERENCE IniVariableReference;
|
|
PWSTR VariableName, VariableValue;
|
|
UNICODE_STRING UnicodeString;
|
|
|
|
if (Parameters->ReturnValue.ReturnedLong != 0) {
|
|
CallState = &Parameters->SavedCallState;
|
|
|
|
IniFileReference = FindIniFileReference( CallState->FullName );
|
|
if (IniFileReference == NULL) {
|
|
return TRUE;
|
|
}
|
|
|
|
IniSectionReference = FindIniSectionReference( IniFileReference,
|
|
CallState->SetIniSection.SectionName,
|
|
(BOOLEAN)(CallState->SetIniSection.SectionValue != NULL) );
|
|
if (IniSectionReference == NULL) {
|
|
return TRUE;
|
|
}
|
|
|
|
if (CallState->SetIniSection.SectionValue == NULL) {
|
|
IniSectionReference->Deleted = TRUE;
|
|
|
|
} else {
|
|
VariableName = CallState->SetIniSection.SectionValue;
|
|
while (*VariableName) {
|
|
VariableValue = VariableName;
|
|
while (*VariableValue != UNICODE_NULL && *VariableValue != L'=') {
|
|
VariableValue += 1;
|
|
}
|
|
|
|
if (*VariableValue != L'=') {
|
|
break;
|
|
}
|
|
|
|
*VariableValue++ = UNICODE_NULL;
|
|
|
|
RtlInitUnicodeString( &UnicodeString, VariableName );
|
|
IniVariableReference = FindIniVariableReference( IniSectionReference,
|
|
AddName( &UnicodeString ),
|
|
(BOOLEAN)(*VariableValue != UNICODE_NULL)
|
|
);
|
|
if (IniVariableReference != NULL) {
|
|
if (*VariableValue != UNICODE_NULL) {
|
|
FreeMem( &IniVariableReference->Value );
|
|
IniVariableReference->Value = AllocMem( (wcslen( VariableValue ) + 1) * sizeof( WCHAR ) );
|
|
wcscpy( IniVariableReference->Value, VariableValue );
|
|
if (!IniVariableReference->Created) {
|
|
if (!wcscmp( IniVariableReference->Value,
|
|
IniVariableReference->OriginalValue
|
|
) )
|
|
{
|
|
FreeMem( &IniVariableReference->Value );
|
|
} else {
|
|
IniVariableReference->Modified = TRUE;
|
|
}
|
|
}
|
|
} else
|
|
if (!IniVariableReference->Created) {
|
|
IniVariableReference->Deleted = TRUE;
|
|
} else {
|
|
DestroyIniVariableReference( IniVariableReference );
|
|
}
|
|
}
|
|
|
|
VariableName = VariableValue;
|
|
while (*VariableName++ != UNICODE_NULL) {}
|
|
}
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
WritePrivateProfileSectionAHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PWRITEPRIVATEPROFILESECTIONA_PARAMETERS p = &Parameters->InputParameters.WritePrivateProfileSectionA;
|
|
PWSTR SectionName, FileName, SectionValue;
|
|
PWSTR IniFilePath;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
FileName = NULL;
|
|
SectionValue = NULL;
|
|
if (CaptureAnsiAsUnicode( Process, p->lpFileName, FALSE, NULL, &FileName ) &&
|
|
GetIniFilePath( FileName, &IniFilePath ) &&
|
|
CaptureAnsiAsUnicode( Process, p->lpAppName, FALSE, &SectionName, NULL ) &&
|
|
CaptureAnsiAsUnicode( Process, p->lpString, TRUE, NULL, &SectionValue )
|
|
) {
|
|
return WritePrivateProfileSectionEntry( Process,
|
|
Thread,
|
|
Parameters,
|
|
IniFilePath,
|
|
SectionName,
|
|
SectionValue
|
|
);
|
|
}
|
|
return FALSE;
|
|
}
|
|
else {
|
|
return WritePrivateProfileSectionExit( Process,
|
|
Thread,
|
|
Parameters
|
|
);
|
|
}
|
|
}
|
|
|
|
BOOLEAN
|
|
WritePrivateProfileSectionWHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PWRITEPRIVATEPROFILESECTIONW_PARAMETERS p = &Parameters->InputParameters.WritePrivateProfileSectionW;
|
|
PWSTR SectionName, FileName, SectionValue;
|
|
PWSTR IniFilePath;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
FileName = NULL;
|
|
SectionValue = NULL;
|
|
if (CaptureUnicode( Process, p->lpFileName, FALSE, NULL, &FileName ) &&
|
|
GetIniFilePath( FileName, &IniFilePath ) &&
|
|
CaptureUnicode( Process, p->lpAppName, FALSE, &SectionName, NULL ) &&
|
|
CaptureUnicode( Process, p->lpString, TRUE, NULL, &SectionValue )
|
|
) {
|
|
return WritePrivateProfileSectionEntry( Process,
|
|
Thread,
|
|
Parameters,
|
|
IniFilePath,
|
|
SectionName,
|
|
SectionValue
|
|
);
|
|
}
|
|
return FALSE;
|
|
}
|
|
else {
|
|
return WritePrivateProfileSectionExit( Process,
|
|
Thread,
|
|
Parameters
|
|
);
|
|
}
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
RegConnectRegistryWHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PREGCONNECTREGISTRYW_PARAMETERS p = &Parameters->InputParameters.RegConnectRegistryW;
|
|
PWSTR MachineName;
|
|
LONG ErrorCode;
|
|
HKEY hKey;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
MachineName = NULL;
|
|
if (!CaptureUnicode( Process, p->lpMachineName, FALSE, NULL, &MachineName )) {
|
|
MachineName = L"Unknown";
|
|
}
|
|
|
|
if (AskUser( MB_OKCANCEL,
|
|
INSTALER_ASKUSER_REGCONNECT,
|
|
1,
|
|
MachineName
|
|
) == IDCANCEL
|
|
) {
|
|
FreeMem( &MachineName );
|
|
Parameters->AbortCall = TRUE;
|
|
return TRUE;
|
|
}
|
|
else {
|
|
FreeMem( &MachineName );
|
|
return FALSE;
|
|
}
|
|
}
|
|
else
|
|
if (Parameters->ReturnValue.ReturnedLong == 0) {
|
|
ErrorCode = ERROR_ACCESS_DENIED;
|
|
if (SetProcedureReturnValue( Process,
|
|
Thread,
|
|
&ErrorCode,
|
|
sizeof( ErrorCode )
|
|
)
|
|
) {
|
|
if (ReadMemory( Process,
|
|
p->phkResult,
|
|
&hKey,
|
|
sizeof( hKey ),
|
|
"phkResult"
|
|
)
|
|
) {
|
|
RegCloseKey( hKey );
|
|
hKey = NULL;
|
|
WriteMemory( Process,
|
|
p->phkResult,
|
|
&hKey,
|
|
sizeof( hKey ),
|
|
"phkResult"
|
|
);
|
|
}
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
ExitWindowsExHandler(
|
|
PPROCESS_INFO Process,
|
|
PTHREAD_INFO Thread,
|
|
PAPI_SAVED_PARAMETERS Parameters
|
|
)
|
|
{
|
|
PEXITWINDOWSEX_PARAMETERS p = &Parameters->InputParameters.ExitWindowsEx;
|
|
PWSTR MachineName;
|
|
LONG ErrorCode;
|
|
HKEY hKey;
|
|
|
|
if (!Parameters->ReturnValueValid) {
|
|
//
|
|
// About to shutdown, save .IML file
|
|
//
|
|
return TRUE;
|
|
}
|
|
else
|
|
if (!Parameters->ReturnValue.ReturnedBool) {
|
|
//
|
|
// Shutdown attempt failed, keep going
|
|
//
|
|
}
|
|
|
|
return TRUE;
|
|
}
|