mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
229 lines
6.1 KiB
229 lines
6.1 KiB
/*++
|
|
|
|
Copyright (c) 2001 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
JavaVM.cpp
|
|
|
|
Abstract:
|
|
|
|
Prevent the installation of cab files via rundll32 so that older versions
|
|
of JavaVM do not install non-compatible software.
|
|
|
|
Notes:
|
|
|
|
This is an app specific shim.
|
|
|
|
History:
|
|
|
|
05/24/2001 mnikkel Created
|
|
|
|
--*/
|
|
|
|
#include "precomp.h"
|
|
|
|
IMPLEMENT_SHIM_BEGIN(JavaVM)
|
|
#include "ShimHookMacro.h"
|
|
|
|
APIHOOK_ENUM_BEGIN
|
|
APIHOOK_ENUM_ENTRY(RegSetValueExW)
|
|
APIHOOK_ENUM_ENTRY(CreateProcessA)
|
|
APIHOOK_ENUM_END
|
|
|
|
/*++
|
|
|
|
Check Value for rundll32 JavaPkgMgr_Install string.
|
|
Typical string we are looking to stop:
|
|
"rundll32 E:\WINDOWS\System32\msjava.dll,JavaPkgMgr_Install E:\WINDOWS\Java\classes\xmldso.cab,0,0,0,0,4,282"
|
|
|
|
--*/
|
|
BOOL
|
|
JavaPkgMgrInstallCheck( const CString & csInput)
|
|
{
|
|
DPFN( eDbgLevelSpew, "[JavaPkgMgrInstallCheck] input value:\n(%S)\n", csInput.Get() );
|
|
|
|
CSTRING_TRY
|
|
{
|
|
CStringToken csValue(csInput, L",");
|
|
CString csToken;
|
|
|
|
// get the first token
|
|
if ( csValue.GetToken(csToken) )
|
|
{
|
|
if ( csToken.Find(L"rundll32 ") > -1 )
|
|
{
|
|
// Second token
|
|
if ( csValue.GetToken(csToken) )
|
|
{
|
|
if ( csToken.Find(L"JavaPkgMgr_Install ") > -1 )
|
|
{
|
|
// Third token
|
|
if ( csValue.GetToken(csToken) )
|
|
{
|
|
if ( csToken.Find(L"0") == 0 )
|
|
{
|
|
DPFN( eDbgLevelInfo, "[JavaPkgMgrInstallCheck] Match found, returning TRUE.\n" );
|
|
return TRUE;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
CSTRING_CATCH
|
|
{
|
|
// Do Nothing
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
/*++
|
|
|
|
Check RegSetValueExW for JavaPkgMgr_Install of cabs. If
|
|
found, return successfully without setting value.
|
|
|
|
--*/
|
|
|
|
LONG
|
|
APIHOOK(RegSetValueExW)(
|
|
HKEY hKey,
|
|
LPWSTR lpValueName,
|
|
DWORD Reserved,
|
|
DWORD dwType,
|
|
CONST BYTE * lpData,
|
|
DWORD cbData
|
|
)
|
|
{
|
|
DPFN( eDbgLevelSpew, "[RegSetValueExW] dwType:(%d)\n", dwType );
|
|
|
|
// Check to see if we are dealing with a string value.
|
|
if (dwType == REG_SZ ||
|
|
dwType == REG_EXPAND_SZ )
|
|
{
|
|
// Convert to unicode and add null terminator.
|
|
CSTRING_TRY
|
|
{
|
|
CString csDest;
|
|
int nWChars = cbData/2;
|
|
|
|
WCHAR * lpszDestBuffer = csDest.GetBuffer(nWChars);
|
|
memcpy(lpszDestBuffer, lpData, cbData);
|
|
lpszDestBuffer[nWChars] = '\0';
|
|
csDest.ReleaseBuffer(nWChars);
|
|
|
|
DPFN( eDbgLevelSpew, "[RegSetValueExW] lpdata:(%S)\n", csDest.Get() );
|
|
|
|
if ( JavaPkgMgrInstallCheck(csDest) )
|
|
return ERROR_SUCCESS;
|
|
}
|
|
CSTRING_CATCH
|
|
{
|
|
// Do Nothing
|
|
}
|
|
}
|
|
|
|
//
|
|
// Call the original API
|
|
//
|
|
|
|
return ORIGINAL_API(RegSetValueExW)(
|
|
hKey,
|
|
lpValueName,
|
|
Reserved,
|
|
dwType,
|
|
lpData,
|
|
cbData);
|
|
}
|
|
|
|
/*++
|
|
|
|
Check CreateProcessA for JavaPkgMgr_Install of cabs. If
|
|
found, return successfully without running.
|
|
|
|
--*/
|
|
|
|
BOOL
|
|
APIHOOK(CreateProcessA)(
|
|
LPCSTR lpApplicationName,
|
|
LPSTR lpCommandLine,
|
|
LPSECURITY_ATTRIBUTES lpProcessAttributes,
|
|
LPSECURITY_ATTRIBUTES lpThreadAttributes,
|
|
BOOL bInheritHandles,
|
|
DWORD dwCreationFlags,
|
|
LPVOID lpEnvironment,
|
|
LPCSTR lpCurrentDirectory,
|
|
LPSTARTUPINFOA lpStartupInfo,
|
|
LPPROCESS_INFORMATION lpProcessInformation
|
|
)
|
|
{
|
|
DPFN( eDbgLevelSpew, "[CreateProcessA] appname:(%s)\ncommandline:(%s)\n", lpApplicationName, lpCommandLine );
|
|
|
|
if (lpCommandLine)
|
|
{
|
|
CSTRING_TRY
|
|
{
|
|
CString csCL(lpCommandLine);
|
|
|
|
if ( JavaPkgMgrInstallCheck(csCL) )
|
|
{
|
|
|
|
// find the rundll32 and truncate the commandline at that point
|
|
int nLoc = csCL.Find(L"rundll32 ");
|
|
if (nLoc > -1)
|
|
{
|
|
csCL.Truncate(nLoc+8);
|
|
|
|
return ORIGINAL_API(CreateProcessA)(lpApplicationName,
|
|
csCL.GetAnsi(),
|
|
lpProcessAttributes,
|
|
lpThreadAttributes,
|
|
bInheritHandles,
|
|
dwCreationFlags,
|
|
lpEnvironment,
|
|
lpCurrentDirectory,
|
|
lpStartupInfo,
|
|
lpProcessInformation);
|
|
}
|
|
}
|
|
}
|
|
CSTRING_CATCH
|
|
{
|
|
// Do Nothing
|
|
}
|
|
}
|
|
|
|
//
|
|
// Call the original API
|
|
//
|
|
return ORIGINAL_API(CreateProcessA)(lpApplicationName,
|
|
lpCommandLine,
|
|
lpProcessAttributes,
|
|
lpThreadAttributes,
|
|
bInheritHandles,
|
|
dwCreationFlags,
|
|
lpEnvironment,
|
|
lpCurrentDirectory,
|
|
lpStartupInfo,
|
|
lpProcessInformation);
|
|
}
|
|
|
|
|
|
/*++
|
|
|
|
Register hooked functions
|
|
|
|
--*/
|
|
|
|
HOOK_BEGIN
|
|
|
|
APIHOOK_ENTRY(ADVAPI32.DLL, RegSetValueExW)
|
|
APIHOOK_ENTRY(KERNEL32.DLL, CreateProcessA)
|
|
|
|
HOOK_END
|
|
|
|
IMPLEMENT_SHIM_END
|
|
|