Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

800 lines
21 KiB

#include "acFileAttr.h"
#include "attr.h"
#include "version.h"
#include <assert.h>
#include <imagehlp.h>
#include <stdio.h>
// the global array with all the file attributes
FILEATTR g_arrFileAttr[] =
{
{VTID_FILESIZE, "File Size", "SIZE", QueryFileSize, BlobToStringLong, DumpDWORD},
{VTID_EXETYPE, "Module Type", "MODULETYPE*", QueryModuleType, BlobToStringDWORD, DumpDWORD},
{VTID_BINFILEVER, "Binary File Version", "BIN_FILE_VERSION", QueryBinFileVer, BlobToStringBinVer, DumpBinVer},
{VTID_BINPRODUCTVER, "Binary Product Version", "BIN_PRODUCT_VERSION", QueryBinProductVer, BlobToStringBinVer, DumpBinVer},
{VTID_FILEDATEHI, "File Date (HI)", "VERFILEDATEHI", QueryFileDateHi, BlobToStringDWORD, DumpDWORD},
{VTID_FILEDATELO, "File Date (LO)", "VERFILEDATELO", QueryFileDateLo, BlobToStringDWORD, DumpDWORD},
{VTID_FILEVEROS, "File OS Version", "VERFILEOS", QueryFileVerOs, BlobToStringDWORD, DumpDWORD},
{VTID_FILEVERTYPE, "File Type", "VERFILETYPE", QueryFileVerType, BlobToStringDWORD, DumpDWORD},
{VTID_CHECKSUM, "File CheckSum", "CHECKSUM", QueryFileCheckSum, BlobToStringDWORD, DumpDWORD},
{VTID_PECHECKSUM, "File Header CheckSum", "PECHECKSUM", QueryFilePECheckSum, BlobToStringDWORD, DumpDWORD},
{VTID_COMPANYNAME, "Company Name", "COMPANY_NAME", QueryCompanyName, BlobToStringString, DumpString},
{VTID_PRODUCTVERSION, "Product Version", "PRODUCT_VERSION", QueryProductVersion, BlobToStringString, DumpString},
{VTID_PRODUCTNAME, "Product Name", "PRODUCT_NAME", QueryProductName, BlobToStringString, DumpString},
{VTID_FILEDESCRIPTION, "File Description", "FILE_DESCRIPTION", QueryFileDescription, BlobToStringString, DumpString},
{VTID_FILEVERSION, "File Version", "FILEVERSION", QueryFileVersion, BlobToStringString, DumpString},
{VTID_ORIGINALFILENAME, "Original File Name", "ORIGINALFILENAME", QueryOriginalFileName, BlobToStringString, DumpString},
{VTID_INTERNALNAME, "Internal Name", "INTERNALNAME", QueryInternalName, BlobToStringString, DumpString},
{VTID_LEGALCOPYRIGHT, "Legal Copyright", "LEGALCOPYRIGHT", QueryLegalCopyright, BlobToStringString, DumpString},
{VTID_16BITDESCRIPTION, "16 Bit Description", "S16BITDESCRIPTION", Query16BitDescription, BlobToStringString, DumpString},
{VTID_UPTOBINPRODUCTVER,"Up To Binary Product Version", "UPTO_BIN_PRODUCT_VERSION", QueryBinProductVer, BlobToStringUpToBinVer, DumpUpToBinVer}
};
#define FAIL_IF_NO_VERSION() \
{ \
if (pMgr->ver.FixedInfoSize < sizeof(VS_FIXEDFILEINFO)) { \
LogMsg("No version info\n"); \
return FALSE; \
} \
}
#define ALLOC_VALUE_AND_RETURN() \
{ \
pFileAttr->pszValue = (PSTR)Alloc(lstrlen(szBuffer) + 1); \
\
if (pFileAttr->pszValue == NULL) { \
LogMsg("QueryAttr: memory allocation error\n"); \
return FALSE; \
} \
\
lstrcpy(pFileAttr->pszValue, szBuffer); \
\
pFileAttr->dwFlags = ATTR_FLAG_AVAILABLE; \
\
return TRUE; \
}
#define QUERYENTRY(szEntryName) \
{ \
pFileAttr->pszValue = QueryVersionEntry(&pMgr->ver, szEntryName); \
\
if (pFileAttr->pszValue == NULL) { \
LogMsg("QueryEntry: attribute %s N/A\n", szEntryName); \
return FALSE; \
} \
pFileAttr->dwFlags = ATTR_FLAG_AVAILABLE; \
\
return TRUE; \
}
#if DBG
void LogMsgDbg(
LPSTR pszFmt, ... )
{
CHAR gszT[1024];
va_list arglist;
va_start(arglist, pszFmt);
_vsnprintf(gszT, 1023, pszFmt, arglist);
gszT[1023] = 0;
va_end(arglist);
OutputDebugString(gszT);
}
#endif // DBG
// dump to blob functions
int
DumpDWORD(
DWORD dwId,
PFILEATTRVALUE pFileAttr,
BYTE* pBlob)
{
*(DWORD*)pBlob = dwId;
pBlob += sizeof(DWORD);
*(DWORD*)pBlob = sizeof(DWORD);
pBlob += sizeof(DWORD);
*(DWORD*)pBlob = pFileAttr->dwValue;
return (3 * sizeof(DWORD));
}
int
DumpString(
DWORD dwId,
PFILEATTRVALUE pFileAttr,
BYTE* pBlob)
{
int strLen, nWideChars;
WCHAR wszOut[256];
strLen = lstrlen(pFileAttr->pszValue);
nWideChars = MultiByteToWideChar(
CP_ACP,
0,
pFileAttr->pszValue,
strLen,
wszOut,
256);
wszOut[nWideChars] = 0;
*(DWORD*)pBlob = dwId;
pBlob += sizeof(DWORD);
*(DWORD*)pBlob = (nWideChars + 1) * sizeof(WCHAR);
pBlob += sizeof(DWORD);
CopyMemory(pBlob, wszOut, (nWideChars + 1) * sizeof(WCHAR));
return (2 * sizeof(DWORD) + (nWideChars + 1) * sizeof(WCHAR));
}
int
DumpBinVer(
DWORD dwId,
PFILEATTRVALUE pFileAttr,
BYTE* pBlob)
{
*(DWORD*)pBlob = dwId;
pBlob += sizeof(DWORD);
*(DWORD*)pBlob = 8 * sizeof(WORD);
pBlob += sizeof(DWORD);
CopyMemory(pBlob, pFileAttr->wValue, 4 * sizeof(WORD));
pBlob += (4 * sizeof(WORD));
CopyMemory(pBlob, pFileAttr->wMask, 4 * sizeof(WORD));
return (8 * sizeof(WORD) + 2 * sizeof(DWORD));
}
int
DumpUpToBinVer(
DWORD dwId,
PFILEATTRVALUE pFileAttr,
BYTE* pBlob)
{
*(DWORD*)pBlob = dwId;
pBlob += sizeof(DWORD);
*(DWORD*)pBlob = 4 * sizeof(WORD);
pBlob += sizeof(DWORD);
CopyMemory(pBlob, pFileAttr->wValue, 4 * sizeof(WORD));
return (4 * sizeof(WORD) + 2 * sizeof(DWORD));
}
// blob to string functions
int
BlobToStringBinVer(
BYTE* pBlob,
char* pszOut)
{
DWORD dwSize;
// read the size first
dwSize = *(DWORD*)pBlob;
if (dwSize != 8 * sizeof(WORD)) {
LogMsg("BlobToStringBinVer: invalid blob\n");
return -1;
}
pBlob += sizeof(DWORD);
wsprintf(pszOut, "Ver %d.%d.%d.%d Mask %04X.%04X.%04X.%04X\r\n",
*((WORD*)pBlob + 3),
*((WORD*)pBlob + 2),
*((WORD*)pBlob + 1),
*((WORD*)pBlob + 0),
*((WORD*)pBlob + 7),
*((WORD*)pBlob + 6),
*((WORD*)pBlob + 5),
*((WORD*)pBlob + 4));
return sizeof(DWORD) + 8 * sizeof(WORD);
}
int
BlobToStringUpToBinVer(
BYTE* pBlob,
char* pszOut)
{
DWORD dwSize;
// read the size first
dwSize = *(DWORD*)pBlob;
if (dwSize != 4 * sizeof(WORD)) {
LogMsg("BlobToStringUpToBinVer: invalid blob\n");
return -1;
}
pBlob += sizeof(DWORD);
wsprintf(pszOut, "Ver %d.%d.%d.%d\r\n",
*((WORD*)pBlob + 3),
*((WORD*)pBlob + 2),
*((WORD*)pBlob + 1),
*((WORD*)pBlob + 0));
return sizeof(DWORD) + 4 * sizeof(WORD);
}
int
BlobToStringDWORD(
BYTE* pBlob,
char* pszOut)
{
DWORD dwSize;
// read the size first
dwSize = *(DWORD*)pBlob;
if (dwSize != sizeof(DWORD)) {
LogMsg("BlobToStringDWORD: invalid blob\n");
return -1;
}
pBlob += sizeof(DWORD);
wsprintf(pszOut, "0x%X\r\n", *(DWORD*)pBlob);
return 2 * sizeof(DWORD);
}
int
BlobToStringLong(
BYTE* pBlob,
char* pszOut)
{
DWORD dwSize;
// read the size first
dwSize = *(DWORD*)pBlob;
if (dwSize != sizeof(DWORD)) {
LogMsg("BlobToStringLong: invalid blob\n");
return -1;
}
pBlob += sizeof(DWORD);
wsprintf(pszOut, "%d\r\n", *(ULONG*)pBlob);
return 2 * sizeof(DWORD);
}
int
BlobToStringString(
BYTE* pBlob,
char* pszOut)
{
DWORD dwSize;
// read the size first
dwSize = *(DWORD*)pBlob;
pBlob += sizeof(DWORD);
WideCharToMultiByte(
CP_ACP,
0,
(LPCWSTR)pBlob,
(int)dwSize,
pszOut,
(int)dwSize,
NULL,
NULL);
lstrcat(pszOut, "\r\n");
return sizeof(DWORD) + (int)dwSize;
}
// query functions
BOOL
QueryFileSize(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
char szBuffer[64];
HANDLE findHandle;
WIN32_FIND_DATA findData;
findHandle = FindFirstFile(pMgr->ver.pszFile, &findData);
if (findHandle == INVALID_HANDLE_VALUE) {
LogMsg("QueryFileSize: file not found\n");
return FALSE;
}
pFileAttr->dwValue = findData.nFileSizeLow;
FindClose(findHandle);
wsprintf(szBuffer, "%d", pFileAttr->dwValue);
ALLOC_VALUE_AND_RETURN();
}
BOOL
QueryModuleType(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
// not implemented
return FALSE;
}
BOOL
QueryBinFileVer(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
ULONGLONG binFileVer;
char szBuffer[64];
FAIL_IF_NO_VERSION();
*((PDWORD)(&binFileVer)) = pMgr->ver.FixedInfo->dwFileVersionLS;
*(((PDWORD)(&binFileVer)) + 1) = pMgr->ver.FixedInfo->dwFileVersionMS;
CopyMemory(pFileAttr->wValue, &binFileVer, 4 * sizeof(WORD));
wsprintf(szBuffer, "%d.%d.%d.%d",
pFileAttr->wValue[3],
pFileAttr->wValue[2],
pFileAttr->wValue[1],
pFileAttr->wValue[0]);
pFileAttr->wMask[0] = pFileAttr->wMask[1] = pFileAttr->wMask[2] = pFileAttr->wMask[3] = 0xFFFF;
ALLOC_VALUE_AND_RETURN();
}
BOOL
QueryBinProductVer(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
ULONGLONG binProdVer;
char szBuffer[64];
FAIL_IF_NO_VERSION();
*((PDWORD)(&binProdVer)) = pMgr->ver.FixedInfo->dwProductVersionLS;
*(((PDWORD)(&binProdVer)) + 1) = pMgr->ver.FixedInfo->dwProductVersionMS;
CopyMemory(pFileAttr->wValue, &binProdVer, 4 * sizeof(WORD));
wsprintf(szBuffer, "%d.%d.%d.%d",
pFileAttr->wValue[3],
pFileAttr->wValue[2],
pFileAttr->wValue[1],
pFileAttr->wValue[0]);
pFileAttr->wMask[0] = pFileAttr->wMask[1] = pFileAttr->wMask[2] = pFileAttr->wMask[3] = 0xFFFF;
ALLOC_VALUE_AND_RETURN();
}
BOOL
QueryFileDateHi(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
char szBuffer[64];
FAIL_IF_NO_VERSION();
pFileAttr->dwValue = pMgr->ver.FixedInfo->dwFileDateMS;
wsprintf(szBuffer, "0x%X", pFileAttr->dwValue);
ALLOC_VALUE_AND_RETURN();
}
BOOL
QueryFileDateLo(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
char szBuffer[64];
FAIL_IF_NO_VERSION();
pFileAttr->dwValue = pMgr->ver.FixedInfo->dwFileDateLS;
wsprintf(szBuffer, "0x%X", pFileAttr->dwValue);
ALLOC_VALUE_AND_RETURN();
}
BOOL
QueryFileVerOs(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
char szBuffer[64];
FAIL_IF_NO_VERSION();
pFileAttr->dwValue = pMgr->ver.FixedInfo->dwFileOS;
wsprintf(szBuffer, "0x%X", pFileAttr->dwValue);
ALLOC_VALUE_AND_RETURN();
}
BOOL QueryFileVerType(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
char szBuffer[64];
FAIL_IF_NO_VERSION();
pFileAttr->dwValue = pMgr->ver.FixedInfo->dwFileType;
wsprintf(szBuffer, "0x%X", pFileAttr->dwValue);
ALLOC_VALUE_AND_RETURN();
}
// ComputeFileCheckSum
//
// computes the check sum for 4096 bytes starting at offset 512.
// The offset and the size of the chunk are modified if the
// file size is too small.
DWORD
ComputeFileCheckSum(
PSTR pszFile,
WIN32_FIND_DATA* pFindData)
{
INT i,size = 4096;
DWORD startAddr = 512;
HANDLE fileHandle = INVALID_HANDLE_VALUE;
PCHAR buffer = NULL;
DWORD checkSum = 0;
DWORD dontCare;
if (pFindData->nFileSizeLow < (ULONG)size) {
//
// File size is less than 4096. We set the start address to 0 and set the size for the checksum
// to the actual file size.
//
startAddr = 0;
size = pFindData->nFileSizeLow;
} else if (startAddr + size > pFindData->nFileSizeLow) {
//
// File size is too small. We set the start address so that size of checksum can be 4096 bytes
//
startAddr = pFindData->nFileSizeLow - size;
}
if (size <= 3) {
//
// we need at least 3 bytes to be able to do something here.
//
return 0;
}
__try {
buffer = (PCHAR)HeapAlloc(GetProcessHeap(), 0, size);
if (buffer == NULL) {
__leave;
}
fileHandle = CreateFile(pszFile,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
0,
NULL);
if (fileHandle == INVALID_HANDLE_VALUE) {
__leave;
}
if (SetFilePointer(fileHandle, startAddr, NULL, FILE_BEGIN) != startAddr) {
__leave;
}
if (!ReadFile(fileHandle, buffer, size, &dontCare, NULL)) {
__leave;
}
for (i = 0; i<(size - 3); i+=4) {
checkSum += *((PDWORD) (buffer + i));
checkSum = _rotr(checkSum ,1);
}
}
__finally {
if (fileHandle != INVALID_HANDLE_VALUE) {
CloseHandle (fileHandle);
}
if (buffer != NULL) {
HeapFree(GetProcessHeap(), 0, buffer);
}
}
return checkSum;
}
BOOL QueryFileCheckSum(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
WIN32_FIND_DATA findData;
HANDLE findHandle;
char szBuffer[64];
findHandle = FindFirstFile(pMgr->ver.pszFile, &findData);
if (findHandle == INVALID_HANDLE_VALUE) {
LogMsg("QueryFileCheckSum: Cannot find file %s\n",
pMgr->ver.pszFile);
return FALSE;
}
pFileAttr->dwValue = ComputeFileCheckSum(pMgr->ver.pszFile, &findData);
FindClose(findHandle);
wsprintf(szBuffer, "0x%X", pFileAttr->dwValue);
ALLOC_VALUE_AND_RETURN();
}
// GetImageNtHeader
//
// This function returns the address of the NT Header.
// Returns the address of the NT Header.
PIMAGE_NT_HEADERS
GetImageNtHeader(
IN PVOID Base)
{
PIMAGE_NT_HEADERS NtHeaders;
if (Base != NULL && Base != (PVOID)-1) {
if (((PIMAGE_DOS_HEADER)Base)->e_magic == IMAGE_DOS_SIGNATURE) {
NtHeaders = (PIMAGE_NT_HEADERS)((PCHAR)Base + ((PIMAGE_DOS_HEADER)Base)->e_lfanew);
if (NtHeaders->Signature == IMAGE_NT_SIGNATURE) {
return NtHeaders;
}
}
}
return NULL;
}
BOOL
GetHeaderCheckSum(
PFILEATTRMGR pMgr,
DWORD* pdwCheckSum)
{
HANDLE fileHandle;
DWORD bytesRead;
IMAGE_DOS_HEADER dh;
LOADED_IMAGE image;
DWORD sign;
PWORD signNE = (PWORD)&sign;
BOOL result = FALSE;
*pdwCheckSum = 0;
fileHandle = CreateFile(pMgr->ver.pszFile,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
0,
NULL);
if (fileHandle == INVALID_HANDLE_VALUE) {
return FALSE;
}
__try {
__try {
if (!ReadFile(fileHandle, &dh, sizeof(IMAGE_DOS_HEADER), &bytesRead, NULL) ||
bytesRead != sizeof (IMAGE_DOS_HEADER)) {
__leave;
}
if (dh.e_magic != IMAGE_DOS_SIGNATURE) {
__leave;
}
if (SetFilePointer(fileHandle, dh.e_lfanew, NULL, FILE_BEGIN) != (DWORD)dh.e_lfanew) {
__leave;
}
if (!ReadFile(fileHandle, &sign, sizeof(DWORD), &bytesRead, NULL) ||
bytesRead != sizeof (DWORD)) {
__leave;
}
CloseHandle(fileHandle);
fileHandle = INVALID_HANDLE_VALUE;
if (sign == IMAGE_NT_SIGNATURE) {
if (MapAndLoad(pMgr->ver.pszFile, NULL, &image, FALSE, TRUE)) {
PIMAGE_NT_HEADERS NtHeaders;
__try {
NtHeaders = GetImageNtHeader(image.MappedAddress);
if (NtHeaders != NULL) {
if (NtHeaders->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
*pdwCheckSum = ((PIMAGE_NT_HEADERS32)NtHeaders)->OptionalHeader.CheckSum;
} else if (NtHeaders->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
*pdwCheckSum = ((PIMAGE_NT_HEADERS64)NtHeaders)->OptionalHeader.CheckSum;
}
result = TRUE;
}
}
__except (1) {
LogMsg("Access violation while examining %s\n", pMgr->ver.pszFile);
}
UnMapAndLoad(&image);
}
}
}
__finally {
if (fileHandle != INVALID_HANDLE_VALUE) {
CloseHandle(fileHandle);
}
}
}
__except (EXCEPTION_EXECUTE_HANDLER) {
CloseHandle(fileHandle);
result = FALSE;
}
return result;
}
BOOL
QueryFilePECheckSum(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
char szBuffer[64];
if (!GetHeaderCheckSum(pMgr, &pFileAttr->dwValue) || pFileAttr->dwValue == 0) {
LogMsg("QueryFilePECheckSum: Cannot get the header check sum for %s\n",
pMgr->ver.pszFile);
return FALSE;
}
wsprintf(szBuffer, "0x%X", pFileAttr->dwValue);
ALLOC_VALUE_AND_RETURN();
}
BOOL
QueryCompanyName(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
FAIL_IF_NO_VERSION();
QUERYENTRY("COMPANYNAME");
}
BOOL
QueryProductVersion(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
FAIL_IF_NO_VERSION();
QUERYENTRY("PRODUCTVERSION");
}
BOOL
QueryProductName(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
FAIL_IF_NO_VERSION();
QUERYENTRY("PRODUCTNAME");
}
BOOL
QueryFileDescription(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
FAIL_IF_NO_VERSION();
QUERYENTRY("FILEDESCRIPTION");
}
BOOL
QueryFileVersion(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
FAIL_IF_NO_VERSION();
QUERYENTRY("FILEVERSION");
}
BOOL
QueryOriginalFileName(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
FAIL_IF_NO_VERSION();
QUERYENTRY("ORIGINALFILENAME");
}
BOOL
QueryInternalName(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
FAIL_IF_NO_VERSION();
QUERYENTRY("INTERNALNAME");
}
BOOL
QueryLegalCopyright(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
FAIL_IF_NO_VERSION();
QUERYENTRY("LEGALCOPYRIGHT");
}
BOOL
Query16BitDescription(
PFILEATTRMGR pMgr,
PFILEATTRVALUE pFileAttr)
{
//char szBuffer[64];
pFileAttr->dwValue = 0;
//wsprintf(szBuffer, "0x%X", pFileAttr->dwValue);
return FALSE;
//ALLOC_VALUE_AND_RETURN();
}