mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
168 lines
4.7 KiB
168 lines
4.7 KiB
#include <windows.h>
|
|
#include <userenv.h>
|
|
#include "events.h"
|
|
|
|
//
|
|
// This is a simple client side extension that reads its return value from the
|
|
// registry and exits. The registry value it reads is controlled via the gpext.adm
|
|
// file in this directory.
|
|
//
|
|
|
|
|
|
|
|
#define GPEXT_PATH TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{febf1209-8aff-11d2-a8a1-00c04fbbcfa2}")
|
|
#define GPEXT_NAME TEXT("Sample CSE")
|
|
|
|
|
|
|
|
BOOL WINAPI LibMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
|
|
{
|
|
switch (dwReason)
|
|
{
|
|
case DLL_PROCESS_ATTACH:
|
|
{
|
|
DisableThreadLibraryCalls (hInstance);
|
|
}
|
|
break;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
DWORD ProcessGroupPolicy ( DWORD dwFlags,
|
|
HANDLE hToken,
|
|
HKEY hKeyRoot,
|
|
PGROUP_POLICY_OBJECT pDeletedGPOList,
|
|
PGROUP_POLICY_OBJECT pChangedGPOList,
|
|
ASYNCCOMPLETIONHANDLE pHandle,
|
|
BOOL* pbAbort,
|
|
PFNSTATUSMESSAGECALLBACK pStatusCallback )
|
|
{
|
|
HKEY hKey;
|
|
DWORD dwResult = ERROR_SUCCESS, dwSize, dwType;
|
|
TCHAR szMsg[100] = {0};
|
|
TCHAR szMsg2[100] = {0};
|
|
HANDLE hEventLog;
|
|
LPTSTR szStrings[2] = {0,0};
|
|
|
|
if (RegOpenKeyEx (hKeyRoot, TEXT("Software\\Policies\\Microsoft\\Windows\\SampleCSE"),
|
|
0, KEY_READ, &hKey) == ERROR_SUCCESS)
|
|
{
|
|
dwSize = sizeof(dwResult);
|
|
|
|
RegQueryValueEx (hKey, TEXT("ReturnValue"), NULL, &dwType, (LPBYTE) &dwResult, &dwSize);
|
|
|
|
if (dwResult != ERROR_SUCCESS)
|
|
{
|
|
dwSize = sizeof(szMsg);
|
|
RegQueryValueEx (hKey, TEXT("EventMsg1"), NULL, &dwType, (LPBYTE) szMsg, &dwSize);
|
|
|
|
dwSize = sizeof(szMsg2);
|
|
RegQueryValueEx (hKey, TEXT("EventMsg2"), NULL, &dwType, (LPBYTE) szMsg2, &dwSize);
|
|
}
|
|
|
|
RegCloseKey (hKey);
|
|
}
|
|
|
|
|
|
if (dwResult != ERROR_SUCCESS)
|
|
{
|
|
//
|
|
// Put message in event log
|
|
//
|
|
|
|
hEventLog = RegisterEventSource(NULL, TEXT("gpext"));
|
|
|
|
if (hEventLog)
|
|
{
|
|
|
|
szStrings[0] = szMsg;
|
|
ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, EVENT_ERROR, NULL, 1, 0,
|
|
szStrings, NULL);
|
|
|
|
szStrings[0] = szMsg2;
|
|
ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, EVENT_ERROR, NULL, 1, 0,
|
|
szStrings, NULL);
|
|
|
|
|
|
DeregisterEventSource(hEventLog);
|
|
}
|
|
}
|
|
|
|
wsprintf (szMsg, TEXT("SampleCSE: returning 0x%x\r\n"), dwResult);
|
|
OutputDebugString (szMsg);
|
|
|
|
return dwResult;
|
|
}
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// DllRegisterServer - Adds entries to the system registry
|
|
|
|
STDAPI DllRegisterServer(void)
|
|
{
|
|
HKEY hKey;
|
|
LONG lResult;
|
|
DWORD dwDisp, dwValue;
|
|
|
|
lResult = RegCreateKeyEx (HKEY_LOCAL_MACHINE, GPEXT_PATH, 0, NULL,
|
|
REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL,
|
|
&hKey, &dwDisp);
|
|
|
|
if (lResult != ERROR_SUCCESS)
|
|
{
|
|
return lResult;
|
|
}
|
|
|
|
RegSetValueEx (hKey, NULL, 0, REG_SZ, (LPBYTE)GPEXT_NAME,
|
|
(lstrlen(GPEXT_NAME) + 1) * sizeof(TCHAR));
|
|
|
|
|
|
RegSetValueEx (hKey, TEXT("ProcessGroupPolicy"), 0, REG_SZ, (LPBYTE)TEXT("ProcessGroupPolicy"),
|
|
(lstrlen(TEXT("ProcessGroupPolicy")) + 1) * sizeof(TCHAR));
|
|
|
|
RegSetValueEx (hKey, TEXT("DllName"), 0, REG_EXPAND_SZ, (LPBYTE)TEXT("gpext.dll"),
|
|
(lstrlen(TEXT("gpext.dll")) + 1) * sizeof(TCHAR));
|
|
|
|
dwValue = 1;
|
|
RegSetValueEx (hKey, TEXT("NoGPOListChanges"), 0, REG_DWORD, (LPBYTE)&dwValue,
|
|
sizeof(dwValue));
|
|
|
|
RegCloseKey (hKey);
|
|
|
|
|
|
|
|
lResult = RegCreateKeyEx (HKEY_LOCAL_MACHINE, TEXT("SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\gpext"), 0, NULL,
|
|
REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL,
|
|
&hKey, &dwDisp);
|
|
|
|
if (lResult != ERROR_SUCCESS)
|
|
{
|
|
return lResult;
|
|
}
|
|
|
|
RegSetValueEx (hKey, TEXT("EventMessageFile"), 0, REG_SZ, (LPBYTE)TEXT("gpext.dll"),
|
|
(lstrlen(TEXT("gpext.dll")) + 1) * sizeof(TCHAR));
|
|
|
|
dwValue = 7;
|
|
RegSetValueEx (hKey, TEXT("TypesSupported"), 0, REG_DWORD, (LPBYTE)&dwValue,
|
|
sizeof(dwValue));
|
|
|
|
|
|
RegCloseKey (hKey);
|
|
|
|
|
|
return S_OK;
|
|
}
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// DllUnregisterServer - Removes entries from the system registry
|
|
|
|
STDAPI DllUnregisterServer(void)
|
|
{
|
|
|
|
RegDeleteKey (HKEY_LOCAL_MACHINE, GPEXT_PATH);
|
|
RegDeleteKey (HKEY_LOCAL_MACHINE, TEXT("SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\gpext"));
|
|
|
|
return S_OK;
|
|
}
|