mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
295 lines
5.4 KiB
295 lines
5.4 KiB
//
|
|
// Driver Verifier Control Applet
|
|
// Copyright (c) Microsoft Corporation, 1999
|
|
//
|
|
|
|
//
|
|
// module: image.cxx
|
|
// author: silviuc
|
|
// created: Thu Jan 07 20:05:09 1999
|
|
//
|
|
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <stdarg.h>
|
|
#include <tchar.h>
|
|
#include <windows.h>
|
|
|
|
#include "image.hxx"
|
|
#include "verify.hxx"
|
|
|
|
|
|
//
|
|
// Function:
|
|
//
|
|
// ImgInitializeBrowseInfo
|
|
//
|
|
// Description:
|
|
//
|
|
// This functions fills oout the `Info' structure with
|
|
// various pointers to PE data from the mapped image file.
|
|
//
|
|
// Note. Even if the function returned false the destructor
|
|
// `ImgDeleteBrowseInfo' should be called because it does some
|
|
// cleanup.
|
|
//
|
|
// Return:
|
|
//
|
|
// True if all the PE data pointers have been obtained.
|
|
//
|
|
|
|
BOOL
|
|
ImgInitializeBrowseInfo (
|
|
|
|
LPCTSTR FilePath,
|
|
PIMAGE_BROWSE_INFO Info)
|
|
{
|
|
DWORD Index;
|
|
|
|
if (Info == NULL) {
|
|
return FALSE;
|
|
}
|
|
|
|
ZeroMemory (Info, sizeof *Info);
|
|
|
|
Info->File = CreateFile (
|
|
|
|
FilePath,
|
|
GENERIC_READ,
|
|
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
|
NULL,
|
|
OPEN_EXISTING,
|
|
0,
|
|
NULL);
|
|
|
|
if (Info->File == INVALID_HANDLE_VALUE) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
Info->Section = CreateFileMapping (
|
|
|
|
Info->File,
|
|
NULL,
|
|
PAGE_READONLY,
|
|
0,
|
|
0,
|
|
NULL);
|
|
|
|
if (Info->Section == NULL) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
Info->ImageBase = (LPBYTE) MapViewOfFile (
|
|
|
|
Info->Section,
|
|
FILE_MAP_READ,
|
|
0,
|
|
0,
|
|
0);
|
|
|
|
if (Info->ImageBase == NULL) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Check the signature
|
|
//
|
|
|
|
Info->DosHeader = (PIMAGE_DOS_HEADER)Info->ImageBase;
|
|
|
|
if (Info->DosHeader->e_magic != 'ZM') {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
Info->FileHeader = (PIMAGE_FILE_HEADER)
|
|
(Info->ImageBase + Info->DosHeader->e_lfanew + sizeof(DWORD));
|
|
|
|
Info->FileSignature = *((DWORD *)Info->FileHeader - 1);
|
|
|
|
if (Info->FileSignature != IMAGE_NT_SIGNATURE) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
Info->OptionalHeader = (PIMAGE_OPTIONAL_HEADER)(Info->FileHeader + 1);
|
|
Info->ImportDirectory = & (Info->OptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]);
|
|
Info->SectionHeader = (PIMAGE_SECTION_HEADER)(Info->OptionalHeader + 1);
|
|
Info->ImportSection = NULL;
|
|
|
|
//
|
|
// Find the section containing the import table
|
|
//
|
|
|
|
for (Index = 0; Index < Info->FileHeader->NumberOfSections; Index++) {
|
|
|
|
DWORD Start = (Info->SectionHeader + Index)->VirtualAddress;
|
|
DWORD Size = (Info->SectionHeader + Index)->SizeOfRawData;
|
|
DWORD Import = Info->ImportDirectory->VirtualAddress;
|
|
|
|
if (Start <= Import && Start + Size > Import) {
|
|
|
|
Info->ImportSection = &(Info->SectionHeader[Index]);
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (Info->ImportSection == NULL) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Find the address of import data in the section body.
|
|
//
|
|
|
|
Info->AddressCorrection = (DWORD_PTR)Info->ImageBase
|
|
+ Info->ImportSection->PointerToRawData
|
|
- Info->ImportSection->VirtualAddress;
|
|
|
|
Info->ImportDescriptor = (PIMAGE_IMPORT_DESCRIPTOR)(Info->AddressCorrection
|
|
+ Info->ImportDirectory->VirtualAddress);
|
|
|
|
//
|
|
// Finish
|
|
//
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
//
|
|
// Function:
|
|
//
|
|
// ImgDeleteBrowseInfo
|
|
//
|
|
// Description:
|
|
//
|
|
// This function cleans up the `Info' structure, unmaps views,
|
|
// closes handles, etc.
|
|
//
|
|
|
|
BOOL
|
|
ImgDeleteBrowseInfo (
|
|
|
|
PIMAGE_BROWSE_INFO Info)
|
|
{
|
|
if (Info == NULL)
|
|
return FALSE;
|
|
|
|
UnmapViewOfFile (Info->ImageBase);
|
|
CloseHandle (Info->Section);
|
|
CloseHandle (Info->File);
|
|
|
|
ZeroMemory (Info, sizeof *Info);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
//
|
|
// Function:
|
|
//
|
|
// ImgSearchDriverName
|
|
//
|
|
// Description:
|
|
//
|
|
// This function checks if a driver is in `system32' or
|
|
// `drivers\system32' directory. If it is then the full
|
|
// path to the driver is written in `DriverPath'.
|
|
//
|
|
// Return:
|
|
//
|
|
// True if driver found in system 32 or system32\drivers.
|
|
//
|
|
|
|
BOOL
|
|
ImgSearchDriverImage (
|
|
|
|
LPCTSTR DriverName,
|
|
LPTSTR DriverPath,
|
|
UINT DriverPathBufferLength )
|
|
{
|
|
HANDLE File;
|
|
UINT SysDirPathLength;
|
|
|
|
if (DriverName == NULL)
|
|
return FALSE;
|
|
|
|
//
|
|
// Search in `system32\drivers'
|
|
//
|
|
|
|
SysDirPathLength = GetSystemDirectory (DriverPath, DriverPathBufferLength );
|
|
|
|
if( 0 == SysDirPathLength || SysDirPathLength > DriverPathBufferLength ) {
|
|
|
|
//
|
|
// Bad luck - we couldn't read the %windir%\system32 value
|
|
//
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
_tcscat (DriverPath, TEXT("\\drivers\\"));
|
|
_tcscat (DriverPath, DriverName);
|
|
|
|
File = CreateFile (
|
|
|
|
DriverPath,
|
|
GENERIC_READ,
|
|
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
|
NULL,
|
|
OPEN_EXISTING,
|
|
0,
|
|
NULL);
|
|
|
|
if (File != INVALID_HANDLE_VALUE) {
|
|
|
|
CloseHandle (File);
|
|
return TRUE;
|
|
}
|
|
|
|
//
|
|
// Search in `system32'
|
|
//
|
|
|
|
GetSystemDirectory (DriverPath, MAX_PATH);
|
|
_tcscat (DriverPath, TEXT("\\"));
|
|
_tcscat (DriverPath, DriverName);
|
|
|
|
File = CreateFile (
|
|
|
|
DriverPath,
|
|
GENERIC_READ,
|
|
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
|
NULL,
|
|
OPEN_EXISTING,
|
|
0,
|
|
NULL);
|
|
|
|
if (File != INVALID_HANDLE_VALUE) {
|
|
|
|
CloseHandle (File);
|
|
return TRUE;
|
|
}
|
|
|
|
//
|
|
// Nothing found.
|
|
//
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
|
|
//
|
|
// end of module: image.cxx
|
|
//
|