Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2176 lines
61 KiB

/*++
Copyright (c) 1989-2000 Microsoft Corporation
Module Name:
attributes.c
Abstract:
This file contains complete implementation of attribute retrieval and
caching.
Author:
vadimb created sometime in 2000
Revision History:
several people contributed (clupu, dmunsil...)
--*/
//
// Obtain tag information
//
#define _WANT_TAG_INFO
#include "sdbp.h"
#include <stddef.h>
#include <time.h>
#if defined(KERNEL_MODE) && defined(ALLOC_DATA_PRAGMA)
#pragma data_seg()
#endif // KERNEL_MODE && ALLOC_DATA_PRAGMA
//
// Attribute tags
// The attributes are checked in the order they are listed below.
//
TAG g_rgAttributeTags[] = {
TAG_SIZE,
TAG_CHECKSUM,
TAG_BIN_FILE_VERSION,
TAG_BIN_PRODUCT_VERSION,
TAG_PRODUCT_VERSION,
TAG_FILE_DESCRIPTION,
TAG_COMPANY_NAME,
TAG_PRODUCT_NAME,
TAG_FILE_VERSION,
TAG_ORIGINAL_FILENAME,
TAG_INTERNAL_NAME,
TAG_LEGAL_COPYRIGHT,
TAG_VERDATEHI,
TAG_VERDATELO,
TAG_VERFILEOS,
TAG_VERFILETYPE,
TAG_MODULE_TYPE,
TAG_PE_CHECKSUM,
TAG_LINKER_VERSION,
#ifndef KERNEL_MODE
TAG_16BIT_DESCRIPTION,
TAG_16BIT_MODULE_NAME,
#endif
TAG_UPTO_BIN_FILE_VERSION,
TAG_UPTO_BIN_PRODUCT_VERSION,
TAG_LINK_DATE,
TAG_UPTO_LINK_DATE,
TAG_VER_LANGUAGE
};
#define ATTRIBUTE_COUNT ARRAYSIZE(g_rgAttributeTags)
static TAG_INFO gaTagInfo[] = {
{TAG_DATABASE ,TEXT("DATABASE")},
{TAG_LIBRARY ,TEXT("LIBRARY")},
{TAG_INEXCLUDE ,TEXT("INEXCLUDE")},
{TAG_SHIM ,TEXT("SHIM")},
{TAG_PATCH ,TEXT("PATCH")},
{TAG_FLAG ,TEXT("FLAG")},
{TAG_APP ,TEXT("APP")},
{TAG_EXE ,TEXT("EXE")},
{TAG_MATCHING_FILE ,TEXT("MATCHING_FILE")},
{TAG_SHIM_REF ,TEXT("SHIM_REF")},
{TAG_PATCH_REF ,TEXT("PATCH_REF")},
{TAG_FLAG_REF ,TEXT("FLAG_REF")},
{TAG_LAYER ,TEXT("LAYER")},
{TAG_FILE ,TEXT("FILE")},
{TAG_APPHELP ,TEXT("APPHELP")},
{TAG_LINK ,TEXT("LINK")},
{TAG_DATA ,TEXT("DATA")},
{TAG_ACTION ,TEXT("ACTION")},
{TAG_MSI_TRANSFORM ,TEXT("MSI TRANSFORM")},
{TAG_MSI_TRANSFORM_REF ,TEXT("MSI TRANSFORM REF")},
{TAG_MSI_PACKAGE ,TEXT("MSI PACKAGE")},
{TAG_MSI_CUSTOM_ACTION ,TEXT("MSI CUSTOM ACTION")},
{TAG_NAME ,TEXT("NAME")},
{TAG_DESCRIPTION ,TEXT("DESCRIPTION")},
{TAG_MODULE ,TEXT("MODULE")},
{TAG_API ,TEXT("API")},
{TAG_VENDOR ,TEXT("VENDOR")},
{TAG_APP_NAME ,TEXT("APP_NAME")},
{TAG_DLLFILE ,TEXT("DLLFILE")},
{TAG_COMMAND_LINE ,TEXT("COMMAND_LINE")},
{TAG_ACTION_TYPE ,TEXT("ACTION_TYPE")},
{TAG_COMPANY_NAME ,TEXT("COMPANY_NAME")},
{TAG_WILDCARD_NAME ,TEXT("WILDCARD_NAME")},
{TAG_PRODUCT_NAME ,TEXT("PRODUCT_NAME")},
{TAG_PRODUCT_VERSION ,TEXT("PRODUCT_VERSION")},
{TAG_FILE_DESCRIPTION ,TEXT("FILE_DESCRIPTION")},
{TAG_FILE_VERSION ,TEXT("FILE_VERSION")},
{TAG_ORIGINAL_FILENAME ,TEXT("ORIGINAL_FILENAME")},
{TAG_INTERNAL_NAME ,TEXT("INTERNAL_NAME")},
{TAG_LEGAL_COPYRIGHT ,TEXT("LEGAL_COPYRIGHT")},
{TAG_16BIT_DESCRIPTION ,TEXT("S16BIT_DESCRIPTION")},
{TAG_APPHELP_DETAILS ,TEXT("PROBLEM_DETAILS")},
{TAG_LINK_URL ,TEXT("LINK_URL")},
{TAG_LINK_TEXT ,TEXT("LINK_TEXT")},
{TAG_APPHELP_TITLE ,TEXT("APPHELP_TITLE")},
{TAG_APPHELP_CONTACT ,TEXT("APPHELP_CONTACT")},
{TAG_SXS_MANIFEST ,TEXT("SXS_MANIFEST")},
{TAG_DATA_STRING ,TEXT("DATA_STRING")},
{TAG_MSI_TRANSFORM_FILE ,TEXT("MSI_TRANSFORM_FILE")},
{TAG_16BIT_MODULE_NAME ,TEXT("S16BIT_MODULE_NAME")},
{TAG_LAYER_DISPLAYNAME ,TEXT("LAYER_DISPLAYNAME")},
{TAG_COMPILER_VERSION ,TEXT("COMPILER_VERSION")},
{TAG_SIZE ,TEXT("SIZE")},
{TAG_OFFSET ,TEXT("OFFSET")},
{TAG_CHECKSUM ,TEXT("CHECKSUM")},
{TAG_SHIM_TAGID ,TEXT("SHIM_TAGID")},
{TAG_PATCH_TAGID ,TEXT("PATCH_TAGID")},
{TAG_LAYER_TAGID ,TEXT("LAYER_TAGID")},
{TAG_FLAG_TAGID ,TEXT("FLAG_TAGID")},
{TAG_MODULE_TYPE ,TEXT("MODULE_TYPE")},
{TAG_VERDATEHI ,TEXT("VERFILEDATEHI")},
{TAG_VERDATELO ,TEXT("VERFILEDATELO")},
{TAG_VERFILEOS ,TEXT("VERFILEOS")},
{TAG_VERFILETYPE ,TEXT("VERFILETYPE")},
{TAG_PE_CHECKSUM ,TEXT("PE_CHECKSUM")},
{TAG_LINKER_VERSION ,TEXT("LINKER_VERSION")},
{TAG_LINK_DATE ,TEXT("LINK_DATE")},
{TAG_UPTO_LINK_DATE ,TEXT("UPTO_LINK_DATE")},
{TAG_OS_SERVICE_PACK ,TEXT("OS_SERVICE_PACK")},
{TAG_VER_LANGUAGE ,TEXT("VER_LANGUAGE")},
{TAG_PREVOSMAJORVER ,TEXT("PREVOSMAJORVERSION")},
{TAG_PREVOSMINORVER ,TEXT("PREVOSMINORVERSION")},
{TAG_PREVOSPLATFORMID ,TEXT("PREVOSPLATFORMID")},
{TAG_PREVOSBUILDNO ,TEXT("PREVOSBUILDNO")},
{TAG_PROBLEMSEVERITY ,TEXT("PROBLEM_SEVERITY")},
{TAG_HTMLHELPID ,TEXT("HTMLHELPID")},
{TAG_INDEX_FLAGS ,TEXT("INDEXFLAGS")},
{TAG_LANGID ,TEXT("APPHELP_LANGID")},
{TAG_ENGINE ,TEXT("ENGINE")},
{TAG_FLAGS ,TEXT("FLAGS") },
{TAG_DATA_VALUETYPE ,TEXT("VALUETYPE")},
{TAG_DATA_DWORD ,TEXT("DATA_DWORD")},
{TAG_MSI_TRANSFORM_TAGID,TEXT("MSI_TRANSFORM_TAGID")},
{TAG_RUNTIME_PLATFORM, TEXT("RUNTIME_PLATFORM")},
{TAG_OS_SKU, TEXT("OS_SKU")},
{TAG_INCLUDE ,TEXT("INCLUDE")},
{TAG_GENERAL ,TEXT("GENERAL")},
{TAG_MATCH_LOGIC_NOT ,TEXT("MATCH_LOGIC_NOT")},
{TAG_APPLY_ALL_SHIMS ,TEXT("APPLY_ALL_SHIMS")},
{TAG_USE_SERVICE_PACK_FILES
,TEXT("USE_SERVICE_PACK_FILES")},
{TAG_TIME ,TEXT("TIME")},
{TAG_BIN_FILE_VERSION ,TEXT("BIN_FILE_VERSION")},
{TAG_BIN_PRODUCT_VERSION,TEXT("BIN_PRODUCT_VERSION")},
{TAG_MODTIME ,TEXT("MODTIME")},
{TAG_FLAG_MASK_KERNEL ,TEXT("FLAG_MASK_KERNEL")},
{TAG_FLAG_MASK_USER ,TEXT("FLAG_MASK_USER")},
{TAG_FLAG_MASK_SHELL ,TEXT("FLAG_MASK_SHELL")},
{TAG_UPTO_BIN_PRODUCT_VERSION, TEXT("UPTO_BIN_PRODUCT_VERSION")},
{TAG_UPTO_BIN_FILE_VERSION, TEXT("UPTO_BIN_FILE_VERSION")},
{TAG_DATA_QWORD ,TEXT("DATA_QWORD")},
{TAG_FLAGS_NTVDM1 ,TEXT("FLAGS_NTVDM1")},
{TAG_FLAGS_NTVDM2 ,TEXT("FLAGS_NTVDM2")},
{TAG_FLAGS_NTVDM3 ,TEXT("FLAGS_NTVDM3")},
{TAG_PATCH_BITS ,TEXT("PATCH_BITS")},
{TAG_FILE_BITS ,TEXT("FILE_BITS")},
{TAG_EXE_ID ,TEXT("EXE_ID(GUID)")},
{TAG_DATA_BITS ,TEXT("DATA_BITS")},
{TAG_MSI_PACKAGE_ID ,TEXT("MSI_PACKAGE_ID(GUID)")},
{TAG_DATABASE_ID ,TEXT("DATABASE_ID(GUID)")},
{TAG_MATCH_MODE ,TEXT("MATCH_MODE")},
//
// Internal types defined in shimdb.h
//
{TAG_STRINGTABLE ,TEXT("STRINGTABLE")},
{TAG_INDEXES ,TEXT("INDEXES")},
{TAG_INDEX ,TEXT("INDEX")},
{TAG_INDEX_TAG ,TEXT("INDEX_TAG")},
{TAG_INDEX_KEY ,TEXT("INDEX_KEY")},
{TAG_INDEX_BITS ,TEXT("INDEX_BITS")},
{TAG_STRINGTABLE_ITEM ,TEXT("STRTAB_ITEM")},
{TAG_TAG ,TEXT("TAG")},
{TAG_TAGID ,TEXT("TAGID")},
{TAG_NULL ,TEXT("")} // always needs to be last item
};
static MOD_TYPE_STRINGS g_rgModTypeStrings[] = {
{MT_UNKNOWN_MODULE, TEXT("NONE")},
{MT_W16_MODULE, TEXT("WIN16")},
{MT_W32_MODULE, TEXT("WIN32")},
{MT_DOS_MODULE, TEXT("DOS")}
};
//
// Version Strings for stringref attributes
//
typedef struct _VER_STRINGS {
TAG tTag;
LPTSTR szName;
} VER_STRINGS;
static VER_STRINGS g_rgVerStrings[] = {
{TAG_PRODUCT_VERSION, TEXT("ProductVersion") },
{TAG_FILE_DESCRIPTION, TEXT("FileDescription") },
{TAG_COMPANY_NAME, TEXT("CompanyName") },
{TAG_PRODUCT_NAME, TEXT("ProductName") },
{TAG_FILE_VERSION, TEXT("FileVersion") },
{TAG_ORIGINAL_FILENAME, TEXT("OriginalFilename") },
{TAG_INTERNAL_NAME, TEXT("InternalName") },
{TAG_LEGAL_COPYRIGHT, TEXT("LegalCopyright") }
};
//
// Binary version tags (DWORDs and QWORDs)
//
//
static TAG g_rgBinVerTags[] = {
TAG_VERDATEHI,
TAG_VERDATELO,
TAG_VERFILEOS,
TAG_VERFILETYPE,
TAG_BIN_PRODUCT_VERSION,
TAG_BIN_FILE_VERSION,
TAG_UPTO_BIN_PRODUCT_VERSION,
TAG_UPTO_BIN_FILE_VERSION
};
//
// Binary header tags (retrieval requires opening a file).
//
static TAG g_rgHeaderTags[] = {
TAG_MODULE_TYPE,
TAG_PE_CHECKSUM,
TAG_LINKER_VERSION,
TAG_CHECKSUM,
TAG_16BIT_DESCRIPTION,
TAG_16BIT_MODULE_NAME,
TAG_LINK_DATE,
TAG_UPTO_LINK_DATE
};
//
// Basic information tags (size).
//
TAG g_rgDirectoryTags[] = {
TAG_SIZE,
0
};
//
// Invalid tag token
//
static TCHAR s_szInvalidTag[] = _T("InvalidTag");
#if defined(KERNEL_MODE) && defined(ALLOC_PRAGMA)
#pragma alloc_text(PAGE, TagToIndex)
#pragma alloc_text(PAGE, SdbTagToString)
#pragma alloc_text(PAGE, SdbpModuleTypeToString)
#pragma alloc_text(PAGE, SdbpSetAttribute)
#pragma alloc_text(PAGE, SdbpQueryStringVersionInformation)
#pragma alloc_text(PAGE, SdbpQueryBinVersionInformation)
#pragma alloc_text(PAGE, SdbpGetVersionAttributesNT)
#pragma alloc_text(PAGE, SdbpGetHeaderAttributes)
#pragma alloc_text(PAGE, SdbpGetAttribute)
#pragma alloc_text(PAGE, SdbpCheckAttribute)
#pragma alloc_text(PAGE, FindFileInfo)
#pragma alloc_text(PAGE, CreateFileInfo)
#pragma alloc_text(PAGE, SdbFreeFileInfo)
#pragma alloc_text(PAGE, SdbpCleanupAttributeMgr)
#pragma alloc_text(PAGE, SdbpCheckAllAttributes)
#pragma alloc_text(PAGE, SdbpQueryVersionString)
#pragma alloc_text(PAGE, SdbpGetModuleType)
#pragma alloc_text(PAGE, SdbpGetModulePECheckSum)
#pragma alloc_text(PAGE, SdbpGetImageNTHeader)
#pragma alloc_text(PAGE, SdbpGetFileChecksum)
#pragma alloc_text(PAGE, SdbpCheckVersion)
#pragma alloc_text(PAGE, SdbpCheckUptoVersion)
#endif // KERNEL_MODE && ALLOC_PRAGMA
int
TagToIndex(
IN TAG tag // the tag
)
/*++
Return: The index in the attribute info array (g_rgAttributeTags).
Desc: Self explanatory.
--*/
{
int i;
for (i = 0; i < ATTRIBUTE_COUNT; i++) {
if (tag == g_rgAttributeTags[i]) {
return i;
}
}
DBGPRINT((sdlError, "TagToIndex", "Invalid attribute 0x%x.\n", tag));
return -1;
}
LPCTSTR
SdbTagToString(
TAG tag
)
/*++
Return: The pointer to the string name for the specified tag.
Desc: Self explanatory.
--*/
{
int i;
for (i = 0; i < ARRAYSIZE(gaTagInfo); ++i) {
if (gaTagInfo[i].tWhich == tag) {
return gaTagInfo[i].szName;
}
}
return s_szInvalidTag;
}
LPCTSTR
SdbpModuleTypeToString(
DWORD dwModuleType
)
{
int i;
for (i = 0; i < ARRAYSIZE(g_rgModTypeStrings); ++i) {
if (g_rgModTypeStrings[i].dwModuleType == dwModuleType) {
return g_rgModTypeStrings[i].szModuleType;
}
}
//
// The first element is the "UNKNOWN" type -- NONE
//
return g_rgModTypeStrings[0].szModuleType;
}
BOOL
SdbpSetAttribute(
OUT PFILEINFO pFileInfo, // pointer to the FILEINFO structure.
IN TAG AttrID, // Attribute ID (tag, as in TAG_SIZE
IN PVOID pValue // value
)
/*++
Return: TRUE on success, FALSE otherwise.
Desc: This function sets the value for the specified attribute.
If pValue is NULL it means that the specified attribute is not
available for the file.
--*/
{
int nAttrInd;
PATTRINFO pAttrInfo;
nAttrInd = TagToIndex(AttrID);
if (nAttrInd < 0) {
DBGPRINT((sdlError, "SdbpSetAttribute", "Invalid attribute %d.\n", nAttrInd));
return FALSE;
}
pAttrInfo = &pFileInfo->Attributes[nAttrInd];
if (pValue == NULL) {
//
// No value. Mark and exit.
//
pAttrInfo->dwFlags = (pAttrInfo->dwFlags & ~ATTRIBUTE_AVAILABLE) |
ATTRIBUTE_FAILED;
return TRUE;
}
switch (GETTAGTYPE(AttrID)) {
case TAG_TYPE_DWORD:
pAttrInfo->dwAttr = *(DWORD*)pValue;
break;
case TAG_TYPE_QWORD:
pAttrInfo->ullAttr = *(ULONGLONG*)pValue;
break;
case TAG_TYPE_STRINGREF:
pAttrInfo->lpAttr = (LPTSTR)pValue;
break;
}
pAttrInfo->tAttrID = AttrID;
pAttrInfo->dwFlags |= ATTRIBUTE_AVAILABLE;
return TRUE;
}
//
// This is a guard against bad code in version.dll that stomps over the
// buffer size for Unicode apis on 16-bit exes.
//
#define VERSIONINFO_BUFFER_PAD 16
void
SdbpQueryStringVersionInformation(
IN PSDBCONTEXT pContext,
IN PFILEINFO pFileInfo,
OUT LPVOID pVersionInfo
)
/*++
Return: void.
Desc: Sets all the version string info available for the specified file.
--*/
{
int i;
LPTSTR szVerString;
PLANGANDCODEPAGE pLangCodePage = NULL;
DWORD cbLangCP = 0;
int nTranslations = 0;
if (!pContext->pfnVerQueryValue(pVersionInfo,
TEXT("\\VarFileInfo\\Translation"),
(LPVOID)&pLangCodePage,
&cbLangCP)) {
DBGPRINT((sdlError,
"SdbpQueryStringVersionInformation",
"VerQueryValue failed for translation\n"));
pLangCodePage = NULL;
}
nTranslations = cbLangCP / sizeof(*pLangCodePage);
for (i = 0; i < ARRAYSIZE(g_rgVerStrings); ++i) {
szVerString = SdbpQueryVersionString(pContext,
pVersionInfo,
pLangCodePage,
nTranslations,
g_rgVerStrings[i].szName);
SdbpSetAttribute(pFileInfo, g_rgVerStrings[i].tTag, szVerString);
}
#ifndef KERNEL_MODE
//
// Set the attribute for Language
//
if (pLangCodePage != NULL && nTranslations == 1) {
DWORD dwLanguage = (DWORD)pLangCodePage->wLanguage;
SdbpSetAttribute(pFileInfo, TAG_VER_LANGUAGE, &dwLanguage);
} else {
SdbpSetAttribute(pFileInfo, TAG_VER_LANGUAGE, NULL);
}
#endif // KERNEL_MODE
}
VOID
SdbpQueryBinVersionInformation(
IN PSDBCONTEXT pContext,
IN PFILEINFO pFileInfo,
OUT VS_FIXEDFILEINFO* pFixedInfo
)
/*++
Return: void.
Desc: Sets all the version string info available for the specified file
from the fixed size resources.
--*/
{
LARGE_INTEGER liVerData;
SdbpSetAttribute(pFileInfo, TAG_VERDATEHI, &pFixedInfo->dwFileDateMS);
SdbpSetAttribute(pFileInfo, TAG_VERDATELO, &pFixedInfo->dwFileDateLS);
SdbpSetAttribute(pFileInfo, TAG_VERFILEOS, &pFixedInfo->dwFileOS);
SdbpSetAttribute(pFileInfo, TAG_VERFILETYPE, &pFixedInfo->dwFileType);
liVerData.LowPart = pFixedInfo->dwProductVersionLS;
liVerData.HighPart = pFixedInfo->dwProductVersionMS;
SdbpSetAttribute(pFileInfo, TAG_BIN_PRODUCT_VERSION, &liVerData.QuadPart);
SdbpSetAttribute(pFileInfo, TAG_UPTO_BIN_PRODUCT_VERSION, &liVerData.QuadPart);
liVerData.LowPart = pFixedInfo->dwFileVersionLS;
liVerData.HighPart = pFixedInfo->dwFileVersionMS;
SdbpSetAttribute(pFileInfo, TAG_BIN_FILE_VERSION, &liVerData.QuadPart);
SdbpSetAttribute(pFileInfo, TAG_UPTO_BIN_FILE_VERSION, &liVerData.QuadPart);
}
#if defined(NT_MODE) || defined(KERNEL_MODE)
BOOL
SdbpGetVersionAttributesNT(
IN PSDBCONTEXT pContext,
OUT PFILEINFO pFileInfo,
IN PIMAGEFILEDATA pImageData
)
/*++
Return: TRUE on success, FALSE otherwise.
Desc: This function retrieves all of the Version-related attributes
Imports apis from version.dll if called for the first time
--*/
{
BOOL bSuccess;
LPVOID pVersionInfo = NULL;
VS_FIXEDFILEINFO* pFixedInfo = NULL;
int i;
//
// First retrieve the version info.
//
bSuccess = SdbpGetFileVersionInformation(pImageData, &pVersionInfo, &pFixedInfo);
if (!bSuccess) {
DBGPRINT((sdlInfo, "SdbpGetVersionAttributesNT", "No version info.\n"));
goto ErrHandle;
}
//
// Version information available.
//
//
// Set the pointer to our internal function.
//
pContext->pfnVerQueryValue = SdbpVerQueryValue;
for (i = 0; i < ARRAYSIZE(g_rgVerStrings); ++i) {
SdbpSetAttribute(pFileInfo, g_rgVerStrings[i].tTag, NULL);
}
SdbpSetAttribute(pFileInfo, TAG_VER_LANGUAGE, NULL);
//
// Query binary stuff
//
SdbpQueryBinVersionInformation(pContext, pFileInfo, pFixedInfo);
pFileInfo->pVersionInfo = pVersionInfo;
return TRUE;
ErrHandle:
//
// Reset all the string info.
//
for (i = 0; i < ARRAYSIZE(g_rgBinVerTags); ++i) {
SdbpSetAttribute(pFileInfo, g_rgBinVerTags[i], NULL);
}
for (i = 0; i < ARRAYSIZE(g_rgVerStrings); ++i) {
SdbpSetAttribute(pFileInfo, g_rgVerStrings[i].tTag, NULL);
}
return FALSE;
}
#endif // NT_MODE || KERNEL_MODE
BOOL
SdbpGetHeaderAttributes(
IN PSDBCONTEXT pContext,
OUT PFILEINFO pFileInfo
)
/*++
Return: TRUE on success, FALSE otherwise.
Desc: This function retrieves the header attributes for the
specified file.
--*/
{
IMAGEFILEDATA ImageData;
HANDLE hFile;
ULONG ulPEChecksum = 0;
ULONG ulChecksum = 0;
DWORD dwModuleType = 0;
UNICODE_STRING ModuleDescription;
DWORD dwLinkerVer;
DWORD dwLinkDate;
BOOL bReturn = FALSE;
BOOL bSuccess;
int i;
ImageData.dwFlags = 0;
if (pFileInfo->hFile != INVALID_HANDLE_VALUE) {
ImageData.hFile = pFileInfo->hFile;
ImageData.dwFlags |= IMAGEFILEDATA_HANDLEVALID;
}
if (pFileInfo->pImageBase != NULL) {
ImageData.pBase = pFileInfo->pImageBase;
ImageData.ViewSize = (SIZE_T) pFileInfo->dwImageSize;
ImageData.FileSize = (ULONGLONG)pFileInfo->dwImageSize;
ImageData.dwFlags |= IMAGEFILEDATA_PBASEVALID;
}
//
// SdbpOpenAndMapFile uses DOS_PATH type as an argument
// In kernel mode this parameter is ignored.
//
if (SdbpOpenAndMapFile(pFileInfo->FilePath, &ImageData, DOS_PATH)) {
bSuccess = SdbpGetModuleType(&dwModuleType, &ImageData);
SdbpSetAttribute(pFileInfo, TAG_MODULE_TYPE, bSuccess ? (PVOID)&dwModuleType : NULL);
bSuccess = SdbpGetModulePECheckSum(&ulPEChecksum, &dwLinkerVer, &dwLinkDate, &ImageData);
SdbpSetAttribute(pFileInfo, TAG_PE_CHECKSUM, bSuccess ? (PVOID)&ulPEChecksum : NULL);
SdbpSetAttribute(pFileInfo, TAG_LINKER_VERSION, bSuccess ? (PVOID)&dwLinkerVer : NULL);
SdbpSetAttribute(pFileInfo, TAG_LINK_DATE, bSuccess ? (PVOID)&dwLinkDate : NULL);
SdbpSetAttribute(pFileInfo, TAG_UPTO_LINK_DATE, bSuccess ? (PVOID)&dwLinkDate : NULL);
bSuccess = SdbpGetFileChecksum(&ulChecksum, &ImageData);
SdbpSetAttribute(pFileInfo, TAG_CHECKSUM, bSuccess ? (PVOID)&ulChecksum : NULL);
#ifndef KERNEL_MODE
//
// Now retrieve 16-bit description string, it's max size is 256 bytes.
//
// This attribute is not available in kernel mode.
//
bSuccess = SdbpGet16BitDescription(&pFileInfo->pDescription16, &ImageData);
SdbpSetAttribute(pFileInfo, TAG_16BIT_DESCRIPTION, pFileInfo->pDescription16);
bSuccess = SdbpGet16BitModuleName(&pFileInfo->pModuleName16, &ImageData);
SdbpSetAttribute(pFileInfo, TAG_16BIT_MODULE_NAME, pFileInfo->pModuleName16);
#if defined(NT_MODE)
//
// Hit this case only on current platform
//
if (pFileInfo->hFile != INVALID_HANDLE_VALUE || pFileInfo->pImageBase != NULL) {
SdbpGetVersionAttributesNT(pContext, pFileInfo, &ImageData);
}
#endif // NT_MODE
#else // KERNEL_MODE
//
// When we are running in kernel mode retrieve version-related
// data now as well.
//
SdbpGetVersionAttributesNT(pContext, pFileInfo, &ImageData);
//
// Retrieve file directory attributes.
//
SdbpGetFileDirectoryAttributesNT(pFileInfo, &ImageData);
#endif // KERNEL_MODE
SdbpUnmapAndCloseFile(&ImageData);
return TRUE;
}
for (i = 0; i < ARRAYSIZE(g_rgHeaderTags); ++i) {
SdbpSetAttribute(pFileInfo, g_rgHeaderTags[i], NULL);
}
#ifdef KERNEL_MODE
//
// Reset all the version attributes here as well.
//
for (i = 0; i < ARRAYSIZE(g_rgBinVerTags); ++i) {
SdbpSetAttribute(pFileInfo, g_rgBinVerTags[i], NULL);
}
for (i = 0; i < ARRAYSIZE(g_rgVerStrings); ++i) {
SdbpSetAttribute(pFileInfo, g_rgVerStrings[i].tTag, NULL);
}
#endif // KERNEL_MODE
return FALSE;
}
BOOL
SdbpGetAttribute(
IN PSDBCONTEXT pContext,
OUT PFILEINFO pFileInfo,
IN TAG AttrID
)
/*++
Return: TRUE on success, FALSE otherwise.
Desc: Retrieve an attribute for a given file. We retrieve all the
attributes of the same class.
--*/
{
BOOL bReturn = FALSE;
switch (AttrID) {
//
// The tags below require checking the file and making a directory query.
//
case TAG_SIZE:
#ifndef KERNEL_MODE // in kernel mode we fall through to header attributes
bReturn = SdbpGetFileDirectoryAttributes(pFileInfo);
break;
#endif // KERNEL_MODE
//
// The tags below require retrieving version resources.
//
case TAG_VERDATEHI:
case TAG_VERDATELO:
case TAG_VERFILEOS:
case TAG_VERFILETYPE:
case TAG_UPTO_BIN_PRODUCT_VERSION:
case TAG_UPTO_BIN_FILE_VERSION:
case TAG_BIN_FILE_VERSION:
case TAG_BIN_PRODUCT_VERSION:
case TAG_PRODUCT_VERSION:
case TAG_FILE_DESCRIPTION:
case TAG_COMPANY_NAME:
case TAG_PRODUCT_NAME:
case TAG_FILE_VERSION:
case TAG_ORIGINAL_FILENAME:
case TAG_INTERNAL_NAME:
case TAG_LEGAL_COPYRIGHT:
case TAG_VER_LANGUAGE:
//
// In KERNEL_MODE we fall through and do the attributes using the
// header attributes.
//
#ifndef KERNEL_MODE
//
// Version attributes are retrieved through the header attributes if
// caller provided a handle/image base
//
if (pFileInfo->hFile == INVALID_HANDLE_VALUE && pFileInfo->pImageBase == NULL) {
bReturn = SdbpGetVersionAttributes(pContext, pFileInfo);
break;
}
#endif // KERNEL_MODE
//
// The tags below require opening a file and mapping it into memory.
//
case TAG_CHECKSUM:
case TAG_PE_CHECKSUM:
case TAG_LINKER_VERSION:
case TAG_16BIT_DESCRIPTION:
case TAG_16BIT_MODULE_NAME:
case TAG_MODULE_TYPE:
case TAG_UPTO_LINK_DATE:
case TAG_LINK_DATE:
bReturn = SdbpGetHeaderAttributes(pContext, pFileInfo);
break;
}
return bReturn;
}
BOOL
SdbpCheckAttribute(
IN PSDBCONTEXT pContext, // Database Context pointer
IN PVOID pFileData, // pointer returned from CheckFile
IN TAG AttrID, // Attribute ID
IN PVOID pAttribute // attribute value ptr (see above for description)
)
/*++
Return: TRUE if the value for given attribute matches
the file's attribute, FALSE otherwise.
Desc: Check an attribute against a given value. This function
retrieves attributes as necessary.
--*/
{
int nAttrIndex;
PATTRINFO pAttrInfo;
BOOL bReturn = FALSE;
PFILEINFO pFileInfo = (PFILEINFO)pFileData;
if (pAttribute == NULL) {
DBGPRINT((sdlError, "SdbpCheckAttribute", "Invalid parameter.\n"));
return FALSE;
}
nAttrIndex = TagToIndex(AttrID);
if (nAttrIndex < 0) {
DBGPRINT((sdlError, "SdbpCheckAttribute", "Bad Attribute ID 0x%x\n", AttrID));
return FALSE;
}
//
// Now see if this attribute is any good.
//
pAttrInfo = &pFileInfo->Attributes[nAttrIndex];
if (!(pAttrInfo->dwFlags & ATTRIBUTE_AVAILABLE)) {
//
// See if we have tried already
//
if (pAttrInfo->dwFlags & ATTRIBUTE_FAILED) {
DBGPRINT((sdlInfo,
"SdbpCheckAttribute",
"Already tried to get attr ID 0x%x.\n",
AttrID));
return FALSE;
}
//
// The attribute has not been retrieved yet, do it now then.
//
// Try to obtain this attribute from the file.
//
if (!SdbpGetAttribute(pContext, pFileInfo, AttrID)) {
DBGPRINT((sdlWarning,
"SdbpCheckAttribute",
"Failed to get attribute \"%s\" for \"%s\"\n",
SdbTagToString(AttrID),
pFileInfo->FilePath));
//
// ATTRIBUTE_FAILED is set by the SdbpGetAttribute
//
return FALSE;
}
}
//
// Check again here in case we had to retrieve the attribute.
//
if (!(pAttrInfo->dwFlags & ATTRIBUTE_AVAILABLE)) {
return FALSE;
}
switch (AttrID) {
case TAG_BIN_PRODUCT_VERSION:
case TAG_BIN_FILE_VERSION:
bReturn = SdbpCheckVersion(*(ULONGLONG*)pAttribute, pAttrInfo->ullAttr);
if (!bReturn) {
ULONGLONG qwDBFileVer = *(ULONGLONG*)pAttribute;
ULONGLONG qwBinFileVer = pAttrInfo->ullAttr;
DBGPRINT((sdlInfo,
"SdbpCheckAttribute",
"\"%s\" mismatch file: \"%s\". Expected %d.%d.%d.%d, Found %d.%d.%d.%d\n",
SdbTagToString(AttrID),
pFileInfo->FilePath,
(WORD)(qwDBFileVer >> 48),
(WORD)(qwDBFileVer >> 32),
(WORD)(qwDBFileVer >> 16),
(WORD)(qwDBFileVer),
(WORD)(qwBinFileVer >> 48),
(WORD)(qwBinFileVer >> 32),
(WORD)(qwBinFileVer >> 16),
(WORD)(qwBinFileVer)));
}
break;
case TAG_UPTO_BIN_PRODUCT_VERSION:
case TAG_UPTO_BIN_FILE_VERSION:
bReturn = SdbpCheckUptoVersion(*(ULONGLONG*)pAttribute, pAttrInfo->ullAttr);
if (!bReturn) {
ULONGLONG qwDBFileVer = *(ULONGLONG*)pAttribute;
ULONGLONG qwBinFileVer = pAttrInfo->ullAttr;
DBGPRINT((sdlInfo,
"SdbpCheckAttribute",
"\"%s\" mismatch file: \"%s\". Expected %d.%d.%d.%d, Found %d.%d.%d.%d\n",
SdbTagToString(AttrID),
pFileInfo->FilePath,
(WORD)(qwDBFileVer >> 48),
(WORD)(qwDBFileVer >> 32),
(WORD)(qwDBFileVer >> 16),
(WORD)(qwDBFileVer),
(WORD)(qwBinFileVer >> 48),
(WORD)(qwBinFileVer >> 32),
(WORD)(qwBinFileVer >> 16),
(WORD)(qwBinFileVer)));
}
break;
case TAG_UPTO_LINK_DATE:
bReturn = (*(DWORD*)pAttribute >= pAttrInfo->dwAttr);
if (!bReturn) {
DBGPRINT((sdlInfo,
"SdbpCheckAttribute",
"\"%s\" mismatch file \"%s\". Expected less than 0x%x Found 0x%x\n",
SdbTagToString(AttrID),
pFileInfo->FilePath,
*(DWORD*)pAttribute,
pAttrInfo->dwAttr));
}
break;
default:
switch (GETTAGTYPE(AttrID)) {
case TAG_TYPE_DWORD:
//
// This is likely to be hit first.
//
bReturn = (*(DWORD*)pAttribute == pAttrInfo->dwAttr);
if (!bReturn) {
DBGPRINT((sdlInfo,
"SdbpCheckAttribute",
"\"%s\" mismatch file \"%s\". Expected 0x%x Found 0x%x\n",
SdbTagToString(AttrID),
pFileInfo->FilePath,
*(DWORD*)pAttribute,
pAttrInfo->dwAttr));
}
break;
case TAG_TYPE_STRINGREF:
bReturn = SdbpPatternMatch((LPCTSTR)pAttribute, (LPCTSTR)pAttrInfo->lpAttr);
if (!bReturn) {
DBGPRINT((sdlInfo,
"SdbpCheckAttribute",
"\"%s\" mismatch file \"%s\". Expected \"%s\" Found \"%s\"\n",
SdbTagToString(AttrID),
pFileInfo->FilePath,
pAttribute,
pAttrInfo->lpAttr));
}
break;
case TAG_TYPE_QWORD:
bReturn = (*(ULONGLONG*)pAttribute == pAttrInfo->ullAttr);
if (!bReturn) {
DBGPRINT((sdlInfo,
"SdbpCheckAttribute",
"\"%s\" mismatch file \"%s\". Expected 0x%I64x Found 0x%I64x\n",
SdbTagToString(AttrID),
pFileInfo->FilePath,
*(ULONGLONG*)pAttribute,
pAttrInfo->ullAttr));
}
break;
}
break;
}
return bReturn;
}
PFILEINFO
FindFileInfo(
IN PSDBCONTEXT pContext,
IN LPCTSTR FilePath
)
/*++
Return: A pointer to the cached FILEINFO structure if one is found
or NULL otherwise.
Desc: This function performs a search in the file cache to determine whether
a given file has already been touched.
--*/
{
PFILEINFO pFileInfo = (PFILEINFO)pContext->pFileAttributeCache; // global cache
while (pFileInfo != NULL) {
if (ISEQUALSTRING(pFileInfo->FilePath, FilePath)) {
DBGPRINT((sdlInfo,
"FindFileInfo",
"FILEINFO for \"%s\" found in the cache.\n",
FilePath));
return pFileInfo;
}
pFileInfo = pFileInfo->pNext;
}
return NULL;
}
PFILEINFO
CreateFileInfo(
IN PSDBCONTEXT pContext,
IN LPCTSTR FullPath,
IN DWORD dwLength OPTIONAL, // length (in characters) of FullPath string
IN HANDLE hFile OPTIONAL, // file handle
IN LPVOID pImageBase OPTIONAL,
IN DWORD dwImageSize OPTIONAL,
IN BOOL bNoCache
)
/*++
Return: A pointer to the allocated FILEINFO structure.
Desc: Allocates the FILEINFO structure for the specified file.
--*/
{
PFILEINFO pFileInfo;
SIZE_T sizeBase;
SIZE_T size;
DWORD nPathLen;
nPathLen = dwLength ? dwLength : (DWORD)_tcslen(FullPath);
sizeBase = sizeof(*pFileInfo) + ATTRIBUTE_COUNT * sizeof(ATTRINFO);
size = sizeBase + (nPathLen + 1) * sizeof(*FullPath);
pFileInfo = (PFILEINFO)SdbAlloc(size);
if (pFileInfo == NULL) {
DBGPRINT((sdlError,
"CreateFileInfo",
"Failed to allocate %d bytes for FILEINFO structure.\n",
size));
return NULL;
}
RtlZeroMemory(pFileInfo, size);
pFileInfo->FilePath = (LPTSTR)((PBYTE)pFileInfo + sizeBase);
RtlCopyMemory(pFileInfo->FilePath, FullPath, nPathLen * sizeof(*FullPath));
pFileInfo->FilePath[nPathLen] = TEXT('\0');
pFileInfo->hFile = hFile;
pFileInfo->pImageBase = pImageBase;
pFileInfo->dwImageSize = dwImageSize;
//
// Now link it in if we use the cache.
//
if (!bNoCache) {
pFileInfo->pNext = (PFILEINFO)pContext->pFileAttributeCache;
pContext->pFileAttributeCache = (PVOID)pFileInfo;
}
return pFileInfo;
}
void
SdbFreeFileInfo(
IN PVOID pFileData // pointer returned from SdbpGetFileAttributes
)
/*++
Return: void.
Desc: Self explanatory. Use this only after calling GetFileInfo
with bNoCache set to TRUE.
--*/
{
PFILEINFO pFileInfo = (PFILEINFO)pFileData;
if (pFileInfo == NULL) {
DBGPRINT((sdlError, "SdbFreeFileInfo", "Invalid parameter.\n"));
return;
}
if (pFileInfo->pVersionInfo != NULL) {
SdbFree(pFileInfo->pVersionInfo);
}
if (pFileInfo->pDescription16 != NULL) {
SdbFree(pFileInfo->pDescription16);
}
if (pFileInfo->pModuleName16 != NULL) {
SdbFree(pFileInfo->pModuleName16);
}
SdbFree(pFileInfo);
}
void
SdbpCleanupAttributeMgr(
IN PSDBCONTEXT pContext // database context
)
/*++
Return: void.
Desc: This function should be called afer we are done checking a given exe
it performs cleanup tasks, such as:
. unload dynamically linked dll (version.dll)
. cleanup file cache
--*/
{
PFILEINFO pFileInfo = (PFILEINFO)pContext->pFileAttributeCache;
PFILEINFO pNext;
while (pFileInfo != NULL) {
pNext = pFileInfo->pNext;
SdbFreeFileInfo(pFileInfo);
pFileInfo = pNext;
}
//
// Reset the cache pointer.
//
pContext->pFileAttributeCache = NULL;
}
BOOL
SdbpCheckAllAttributes(
IN PSDBCONTEXT pContext, // pointer to the database channel
IN PDB pdb, // pointer to the Shim Database that we're checking against
IN TAGID tiMatch, // TAGID for a given file(exe) to be checked
IN PVOID pFileData // pointer returned from CheckFile
)
/*++
Return: TRUE if all the file's attributes match the ones described in the
database for this file, FALSE otherwise.
Desc: TBD
--*/
{
int i;
TAG tAttrID;
PVOID pAttribute;
TAGID tiTemp;
DWORD dwAttribute;
ULONGLONG ullAttribute;
BOOL bReturn = TRUE; // match by default
assert(tiMatch != TAGID_NULL);
if (pFileData == NULL) {
//
// No file was passed in. This can happen if LOGIC="NOT" is used.
//
return FALSE;
}
for (i = 0; i < ATTRIBUTE_COUNT && bReturn; ++i) {
tAttrID = g_rgAttributeTags[i];
tiTemp = SdbFindFirstTag(pdb, tiMatch, tAttrID);
if (tiTemp != TAGID_NULL) {
pAttribute = NULL;
switch (GETTAGTYPE(tAttrID)) {
case TAG_TYPE_DWORD:
dwAttribute = SdbReadDWORDTag(pdb, tiTemp, 0);
pAttribute = &dwAttribute;
break;
case TAG_TYPE_QWORD:
ullAttribute = SdbReadQWORDTag(pdb, tiTemp, 0);
pAttribute = &ullAttribute;
break;
case TAG_TYPE_STRINGREF:
pAttribute = SdbGetStringTagPtr(pdb, tiTemp);
break;
}
//
// Now check the attribute.
//
bReturn = SdbpCheckAttribute(pContext, pFileData, tAttrID, pAttribute);
//
// we bail out if !bReturn via the condition in FOR loop above
//
}
}
return bReturn;
}
//
// VERSION DATA
//
/*--
Search order is:
- Language neutral, Unicode (0x000004B0)
- Language neutral, Windows-multilingual (0x000004e4)
- US English, Unicode (0x040904B0)
- US English, Windows-multilingual (0x040904E4)
If none of those exist, it's not likely we're going to get good
matching info from what does exist.
--*/
LPTSTR
SdbpQueryVersionString(
IN PSDBCONTEXT pContext, // the database channel
IN PVOID pVersionData, // Version data buffer
IN PLANGANDCODEPAGE pTranslations,
IN DWORD TranslationCount,
IN LPCTSTR szString // String to search for; see VerQueryValue in MSDN
)
/*++
Return: The pointer to the string if found, NULL if not.
Desc: Gets a pointer to a particular string in the StringFileInfo section
of a version resource.
Lookup is performed for known english-language resources followed up
by a lookup in the available translations section (if such was found)
--*/
{
TCHAR szTemp[128];
LPTSTR szReturn = NULL;
int i;
static DWORD adwLangs[] = {0x000004B0, 0x000004E4, 0x040904B0, 0x040904E4};
assert(pVersionData && szString);
for (i = 0; i < ARRAYSIZE(adwLangs); ++i) {
UINT unLen;
_stprintf(szTemp, _T("\\StringFileInfo\\%08X\\%s"), adwLangs[i], szString);
if (pContext->pfnVerQueryValue(pVersionData, szTemp, (PVOID*)&szReturn, &unLen)) {
return szReturn;
}
}
if (pTranslations != NULL) {
for (i = 0; i < (int)TranslationCount; ++i, ++pTranslations) {
UINT unLen;
_stprintf(szTemp, _T("\\StringFileInfo\\%04X%04X\\%s"),
(DWORD)pTranslations->wLanguage,
(DWORD)pTranslations->wCodePage,
szString);
if (pContext->pfnVerQueryValue(pVersionData, szTemp, (PVOID*)&szReturn, &unLen)) {
return szReturn;
}
}
}
return NULL; // none found
}
BOOL
SdbpGetModuleType(
OUT LPDWORD lpdwModuleType,
IN PIMAGEFILEDATA pImageData
)
/*++
Return: TRUE on success, FALSE otherwise.
Desc: Gets a pointer to a particular string in the StringFileInfo section
of a version resource.
--*/
{
PIMAGE_DOS_HEADER pDosHeader;
DWORD dwModuleType = MT_UNKNOWN_MODULE;
LPBYTE lpSignature;
DWORD OffsetNew;
pDosHeader = (PIMAGE_DOS_HEADER)pImageData->pBase;
if (pDosHeader == NULL || pDosHeader == (PIMAGE_DOS_HEADER)-1) {
return FALSE;
}
//
// Check size and read signature.
//
if (pImageData->ViewSize < sizeof(*pDosHeader) || pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) {
return FALSE;
}
//
// Assume DOS module.
//
dwModuleType = MT_DOS_MODULE;
OffsetNew = (DWORD)pDosHeader->e_lfanew;
//
// New header signature. Check offset.
//
if (pImageData->ViewSize < OffsetNew + sizeof(DWORD)) {
return FALSE;
}
lpSignature = ((LPBYTE)pImageData->pBase + OffsetNew);
if (IMAGE_NT_SIGNATURE == *(LPDWORD)lpSignature) {
dwModuleType = MT_W32_MODULE;
} else if (IMAGE_OS2_SIGNATURE == *(PWORD)lpSignature) {
dwModuleType = MT_W16_MODULE;
}
if (lpdwModuleType != NULL) {
*lpdwModuleType = dwModuleType;
}
return TRUE;
}
BOOL
SdbpGetImageNTHeader(
OUT PIMAGE_NT_HEADERS* ppHeader,
IN PIMAGEFILEDATA pImageData
)
/*++
Return: TRUE on success, FALSE otherwise.
Desc: Gets a pointer to the IMAGE_NT_HEADERS.
--*/
{
PIMAGE_DOS_HEADER pDosHeader;
PIMAGE_NT_HEADERS pNtHeaders = NULL;
DWORD ModuleType;
if (!SdbpGetModuleType(&ModuleType, pImageData)) {
return FALSE;
}
if (ModuleType != MT_W32_MODULE) {
return FALSE;
}
//
// Header is valid.
//
pDosHeader = (PIMAGE_DOS_HEADER)pImageData->pBase;
pNtHeaders = (PIMAGE_NT_HEADERS)((LPBYTE)pImageData->pBase + pDosHeader->e_lfanew);
if (pImageData->ViewSize >= pDosHeader->e_lfanew + sizeof(*pNtHeaders)) { // not too short?
*ppHeader = pNtHeaders;
return TRUE;
}
return FALSE;
}
BOOL
SdbpGetModulePECheckSum(
OUT PULONG pChecksum,
OUT LPDWORD pdwLinkerVersion,
OUT LPDWORD pdwLinkDate,
IN PIMAGEFILEDATA pImageData
)
/*++
Return: TRUE on success, FALSE otherwise.
Desc: Gets the checksum from the PE headers.
--*/
{
PIMAGE_NT_HEADERS pNtHeader;
PIMAGE_DOS_HEADER pDosHeader;
ULONG ulChecksum = 0;
if (!SdbpGetImageNTHeader(&pNtHeader, pImageData)) {
DBGPRINT((sdlError, "SdbpGetModulePECheckSum", "Failed to get Image NT header.\n"));
return FALSE;
}
pDosHeader = (PIMAGE_DOS_HEADER)pImageData->pBase;
//
// Fill in the linker version (as it used to calculated in ntuser).
//
*pdwLinkerVersion = (pNtHeader->OptionalHeader.MinorImageVersion & 0xFF) +
((pNtHeader->OptionalHeader.MajorImageVersion & 0xFF) << 16);
*pdwLinkDate = pNtHeader->FileHeader.TimeDateStamp;
switch (pNtHeader->OptionalHeader.Magic) {
case IMAGE_NT_OPTIONAL_HDR32_MAGIC:
if (pImageData->ViewSize >= pDosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS32)) {
ulChecksum = ((PIMAGE_NT_HEADERS32)pNtHeader)->OptionalHeader.CheckSum;
*pChecksum = ulChecksum;
return TRUE;
}
break;
case IMAGE_NT_OPTIONAL_HDR64_MAGIC:
//
// Do an additional check.
//
if (pImageData->ViewSize >= pDosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS64)) {
ulChecksum = ((PIMAGE_NT_HEADERS64)pNtHeader)->OptionalHeader.CheckSum;
*pChecksum = ulChecksum;
return TRUE;
}
break;
default:
//
// Unknown image type ?
//
DBGPRINT((sdlError,
"SdbpGetModulePECheckSum",
"Bad image type 0x%x\n",
pNtHeader->OptionalHeader.Magic));
*pChecksum = 0;
break;
}
return FALSE;
}
#define CHECKSUM_SIZE 4096
#define CHECKSUM_START 512
BOOL
SdbpGetFileChecksum(
OUT PULONG pChecksum,
IN PIMAGEFILEDATA pImageData
)
/*++
Return: TRUE on success, FALSE otherwise.
Desc: Calculates a checksum for the file.
--*/
{
ULONG size = CHECKSUM_SIZE;
ULONG StartAddress = CHECKSUM_START;
ULONG ulChecksum = 0;
LPDWORD lpdw;
int i;
if ((SIZE_T)pImageData->FileSize < (SIZE_T)size) {
StartAddress = 0;
size = (ULONG)pImageData->FileSize; // this is safe (size is rather small)
} else if ((SIZE_T)(size + StartAddress) > (SIZE_T)pImageData->FileSize) {
//
// The cast here is safe (FileSize is small)
//
StartAddress = (ULONG)(pImageData->FileSize - size);
}
if (size >= sizeof(DWORD)) {
ULONG ulCarry;
lpdw = (LPDWORD)((LPBYTE)pImageData->pBase + StartAddress);
for (i = 0; i < (INT)(size/sizeof(DWORD)); ++i) {
if (PtrToUlong(lpdw) & 0x3) { // alignment fault fixup
ulChecksum += *((DWORD UNALIGNED*)lpdw);
lpdw++;
} else {
ulChecksum += *lpdw++;
}
ulCarry = ulChecksum & 1;
ulChecksum >>= 1;
if (ulCarry) {
ulChecksum |= 0x80000000;
}
}
}
*pChecksum = ulChecksum;
return TRUE;
}
BOOL
SdbpCheckVersion(
IN ULONGLONG qwDBFileVer,
IN ULONGLONG qwBinFileVer
)
/*++
Return: TRUE if the versions match, FALSE if they don't.
Desc: Checks a binary version from the db against the version from
the file, including allowing for wildcards, which are represented
in the DB by using FFFF for that word-sized portion of the version.
--*/
{
WORD wDBSegment, wFileSegment;
int i;
for (i = 3; i >= 0; --i) {
//
// Get the appropriate word out of the QWORD
//
wDBSegment = (WORD)(qwDBFileVer >> (16 * i));
wFileSegment = (WORD)(qwBinFileVer >> (16 * i));
//
// The DB segment may be 0xFFFF, in which case it matches on
// everything.
//
if (wDBSegment != wFileSegment && wDBSegment != 0xFFFF) {
return FALSE;
}
}
return TRUE;
}
BOOL
SdbpCheckUptoVersion(
IN ULONGLONG qwDBFileVer,
IN ULONGLONG qwBinFileVer
)
/*++
Return: TRUE if the versions match, FALSE if they don't.
Desc: Checks a binary version from the db against the version from
the file, including allowing for wildcards, which are represented
in the DB by using FFFF for that word-sized portion of the version.
--*/
{
WORD wDBSegment, wFileSegment;
BOOL bReturn = TRUE;
int i;
for (i = 3; i >= 0; --i) {
//
// Get the appropriate word out of the QWORD
//
wDBSegment = (WORD)(qwDBFileVer >> (16 * i));
wFileSegment = (WORD)(qwBinFileVer >> (16 * i));
if (wDBSegment == wFileSegment || wDBSegment == 0xFFFF) {
continue;
}
//
// At this point we know that the two values don't match
// the wFileSegment has to be less than wDBSegment to satisfy this
// test - so set bReturn and exit
//
bReturn = (wDBSegment > wFileSegment);
break;
}
return bReturn;
}
#ifndef KERNEL_MODE
BOOL
SdbFormatAttribute(
IN PATTRINFO pAttrInfo, // pointer to the attribute information
OUT LPTSTR pchBuffer, // receives XML corresponding to the given attribute
IN DWORD dwBufferSize // size in wide characters of the buffer pchBuffer
)
/*++
Return: FALSE if the buffer is too small or attribute not available.
Desc: TBD.
--*/
{
int nchBuffer = (int)dwBufferSize;
int nch;
TCHAR lpszAttr[MAX_PATH];
#if defined(WIN32A_MODE) || defined(WIN32U_MODE)
struct tm* ptm;
time_t tt;
#else
LARGE_INTEGER liTime;
TIME_FIELDS TimeFields;
#endif
if (!(pAttrInfo->dwFlags & ATTRIBUTE_AVAILABLE)) {
return FALSE;
}
nch = _sntprintf(pchBuffer, nchBuffer, TEXT("%s="), SdbTagToString(pAttrInfo->tAttrID));
if (nch < 0) {
DBGPRINT((sdlError,
"SdbFormatAttribute",
"Buffer is too small to accomodate \"%s\"\n",
SdbTagToString(pAttrInfo->tAttrID)));
return FALSE;
}
nchBuffer -= nch; // we advance the pointer past the "name="
pchBuffer += nch;
nch = -1;
switch (pAttrInfo->tAttrID) {
case TAG_BIN_PRODUCT_VERSION:
case TAG_BIN_FILE_VERSION:
case TAG_UPTO_BIN_PRODUCT_VERSION:
case TAG_UPTO_BIN_FILE_VERSION:
nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%d.%d.%d.%d\""),
(WORD)(pAttrInfo->ullAttr >> 48),
(WORD)(pAttrInfo->ullAttr >> 32),
(WORD)(pAttrInfo->ullAttr >> 16),
(WORD)(pAttrInfo->ullAttr));
break;
case TAG_MODULE_TYPE:
nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%s\""),
SdbpModuleTypeToString(pAttrInfo->dwAttr));
break;
case TAG_VER_LANGUAGE:
//
// language is a dword attribute that we shall make a string out of
//
{
TCHAR szLanguageName[MAX_PATH];
DWORD dwLength;
szLanguageName[0] = TEXT('\0');
dwLength = VerLanguageName((LANGID)pAttrInfo->dwAttr,
szLanguageName,
CHARCOUNT(szLanguageName));
if (dwLength) {
nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%s [0x%x]\""),
szLanguageName, pAttrInfo->dwAttr);
} else {
nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"0x%x\""),
pAttrInfo->dwAttr);
}
}
break;
case TAG_LINK_DATE:
case TAG_UPTO_LINK_DATE:
#if defined(WIN32A_MODE) || defined(WIN32U_MODE)
tt = (time_t) pAttrInfo->dwAttr;
ptm = gmtime(&tt);
if (ptm) {
nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%02d/%02d/%02d %02d:%02d:%02d\""),
ptm->tm_mon+1,
ptm->tm_mday,
ptm->tm_year+1900,
ptm->tm_hour,
ptm->tm_min,
ptm->tm_sec);
}
#else
RtlSecondsSince1970ToTime((ULONG)pAttrInfo->dwAttr, &liTime);
RtlTimeToTimeFields(&liTime, &TimeFields);
nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%02d/%02d/%02d %02d:%02d:%02d\""),
TimeFields.Month,
TimeFields.Day,
TimeFields.Year,
TimeFields.Hour,
TimeFields.Minute,
TimeFields.Second);
#endif
break;
case TAG_SIZE:
nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%ld\""), pAttrInfo->dwAttr);
break;
default:
switch (GETTAGTYPE(pAttrInfo->tAttrID)) {
case TAG_TYPE_DWORD:
nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"0x%lX\""),
pAttrInfo->dwAttr);
break;
case TAG_TYPE_QWORD:
//
// This is an unidentified QWORD attribute
//
DBGPRINT((sdlError, "SdbFormatAttribute", "Unexpected qword attribute found\n"));
nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"0x%I64X\""), pAttrInfo->ullAttr);
break;
case TAG_TYPE_STRINGREF:
if (nchBuffer < 3) {
return FALSE; // not enough room even for " ?
}
*pchBuffer++ = TEXT('\"');
nchBuffer--;
if (!SdbpSanitizeXML(pchBuffer, nchBuffer, pAttrInfo->lpAttr)) {
// handle error please
return FALSE;
}
//
// Once done with this, sanitize further
//
if (!SafeNCat(pchBuffer, nchBuffer, TEXT("\""), -1)) {
return FALSE;
}
nch = 0;
break;
}
}
return (nch >= 0); // evaluates to TRUE when we successfully printed the value into the buffer
}
BOOL
SdbpGetVersionAttributes(
IN PSDBCONTEXT pContext,
OUT PFILEINFO pFileInfo
)
/*++
Return: TRUE on success, FALSE otherwise.
Desc: This function retrieves all of the Version-related attributes
Imports apis from version.dll if called for the first time
--*/
{
BOOL bSuccess;
DWORD dwNull = 0;
VS_FIXEDFILEINFO* pFixedInfo = NULL; // fixed info ptr
UINT FixedInfoSize = 0;
PVOID pBuffer = NULL; // version data buffer
DWORD dwBufferSize; // version data buffer size
int i;
#ifdef NT_MODE
//
// check to see whether we need to run NT routine
//
if (pFileInfo->hFile != INVALID_HANDLE_VALUE || pFileInfo->pImageBase != NULL) {
//
// not an error -- this case is handled in header attributes
//
goto err;
}
#endif // NT_MODE
if (pContext == NULL) {
//
// Special case when it's called with null context.
// In this case we use an internal structure allocated from the stack.
//
STACK_ALLOC(pContext, sizeof(SDBCONTEXT));
if (pContext == NULL) {
DBGPRINT((sdlError,
"SdbpGetVersionAttributes",
"Failed to allocate %d bytes from stack\n",
sizeof(SDBCONTEXT)));
goto err;
}
RtlZeroMemory(pContext, sizeof(SDBCONTEXT));
}
#ifdef WIN32A_MODE
pContext->pfnGetFileVersionInfoSize = GetFileVersionInfoSizeA;
pContext->pfnGetFileVersionInfo = GetFileVersionInfoA;
pContext->pfnVerQueryValue = VerQueryValueA;
#else
pContext->pfnGetFileVersionInfoSize = GetFileVersionInfoSizeW;
pContext->pfnGetFileVersionInfo = GetFileVersionInfoW;
pContext->pfnVerQueryValue = VerQueryValueW;
#endif
dwBufferSize = pContext->pfnGetFileVersionInfoSize(pFileInfo->FilePath, &dwNull);
if (dwBufferSize == 0) {
DBGPRINT((sdlInfo, "SdbpGetVersionAttributes", "No version info.\n"));
//
// We have failed to obtain version attributes
//
goto err;
}
pBuffer = SdbAlloc(dwBufferSize + VERSIONINFO_BUFFER_PAD);
if (pBuffer == NULL) {
DBGPRINT((sdlError,
"SdbpGetVersionAttributes",
"Failed to allocate %d bytes for version info buffer.\n",
dwBufferSize + VERSIONINFO_BUFFER_PAD));
goto err;
}
if (!pContext->pfnGetFileVersionInfo(pFileInfo->FilePath, 0, dwBufferSize, pBuffer)) {
DBGPRINT((sdlError,
"SdbpGetVersionAttributes",
"Failed to retrieve version info for file \"%s\"",
pFileInfo->FilePath));
goto err;
}
if (!pContext->pfnVerQueryValue(pBuffer,
TEXT("\\"),
(PVOID*)&pFixedInfo,
&FixedInfoSize)) {
DBGPRINT((sdlError,
"SdbpGetVersionAttributes",
"Failed to query for fixed version info size for \"%s\"\n",
pFileInfo->FilePath));
goto err;
}
//
// Retrieve string attributes.
//
SdbpQueryStringVersionInformation(pContext, pFileInfo, pBuffer);
//
// Now retrieve other attributes.
//
if (FixedInfoSize >= sizeof(VS_FIXEDFILEINFO)) {
SdbpQueryBinVersionInformation(pContext, pFileInfo, pFixedInfo);
} else {
//
// No other version attributes are available. Set the rest of the
// attributes as being not available.
//
for (i = 0; i < ARRAYSIZE(g_rgBinVerTags); ++i) {
SdbpSetAttribute(pFileInfo, g_rgBinVerTags[i], NULL);
}
}
//
// Store the pointer to the version info buffer.
//
pFileInfo->pVersionInfo = pBuffer;
return TRUE;
err:
//
// We are here ONLY when we failed to obtain version info
// through apis -- regardless of the state of other value we might have
// obtained
if (pBuffer != NULL) {
SdbFree(pBuffer);
}
for (i = 0; i < ARRAYSIZE(g_rgBinVerTags); ++i) {
SdbpSetAttribute(pFileInfo, g_rgBinVerTags[i], NULL);
}
for (i = 0; i < ARRAYSIZE(g_rgVerStrings); ++i) {
SdbpSetAttribute(pFileInfo, g_rgVerStrings[i].tTag, NULL);
}
return FALSE;
}
BOOL
SdbpGetFileDirectoryAttributes(
OUT PFILEINFO pFileInfo
)
/*++
Return: TRUE on success, FALSE otherwise.
Desc: This function retrieves the file directory attributes for the
specified file.
--*/
{
BOOL bSuccess = FALSE;
FILEDIRECTORYATTRIBUTES fda;
int i;
bSuccess = SdbpQueryFileDirectoryAttributes(pFileInfo->FilePath, &fda);
if (!bSuccess) {
DBGPRINT((sdlInfo,
"SdbpGetFileDirectoryAttributes",
"No file directory attributes available.\n"));
goto Done;
}
if (fda.dwFlags & FDA_FILESIZE) {
assert(fda.dwFileSizeHigh == 0);
SdbpSetAttribute(pFileInfo, TAG_SIZE, &fda.dwFileSizeLow);
}
Done:
if (!bSuccess) {
for (i = 0; g_rgDirectoryTags[i] != 0; ++i) {
SdbpSetAttribute(pFileInfo, g_rgDirectoryTags[i], NULL);
}
}
return bSuccess;
}
BOOL
SdbGetFileAttributes(
IN LPCTSTR lpwszFileName, // the file for which attributes are requested
OUT PATTRINFO* ppAttrInfo, // receives allocated pointer to the attribute array
OUT LPDWORD lpdwAttrCount // receives the number of entries in an attributes table
)
/*++
Return: FALSE if the file does not exist or some other severe error had occured.
Note that each attribute has it's own flag ATTRIBUTE_AVAILABLE that allows
for checking whether an attribute has been retrieved successfully
Not all attributes might be present for all files.
Desc: TBD
--*/
{
PFILEINFO pFileInfo;
BOOL bReturn;
//
// The call below allocates the structure, context is not used
//
pFileInfo = SdbGetFileInfo(NULL, lpwszFileName, INVALID_HANDLE_VALUE, NULL, 0, TRUE);
if (pFileInfo == NULL) {
DBGPRINT((sdlError, "SdbGetFileAttributes", "Error retrieving FILEINFO structure\n"));
return FALSE;
}
//
// The three calls below, even when fail do not produce a fatal condition
// as the exe may not have all the attributes available.
//
bReturn = SdbpGetFileDirectoryAttributes(pFileInfo);
if (!bReturn) {
DBGPRINT((sdlInfo, "SdbGetFileAttributes", "Error retrieving directory attributes\n"));
}
bReturn = SdbpGetVersionAttributes(NULL, pFileInfo);
if (!bReturn) {
DBGPRINT((sdlInfo, "SdbGetFileAttributes", "Error retrieving version attributes\n"));
}
bReturn = SdbpGetHeaderAttributes(NULL, pFileInfo);
if (!bReturn) {
DBGPRINT((sdlInfo, "SdbGetFileAttributes", "Error retrieving header attributes\n"));
}
pFileInfo->dwMagic = FILEINFO_MAGIC;
//
// Now that we are done, put the return pointer.
//
if (lpdwAttrCount != NULL) {
*lpdwAttrCount = ATTRIBUTE_COUNT;
}
if (ppAttrInfo != NULL) {
//
// Return the pointer to the attribute info itself.
// It is the same pointer we expect to get in a complimentary
// call to SdbFreeFileInfo.
//
*ppAttrInfo = &pFileInfo->Attributes[0];
} else {
//
// Pointer is not needed. Release the memory.
//
SdbFreeFileInfo(pFileInfo);
}
return TRUE;
}
BOOL
SdbFreeFileAttributes(
IN PATTRINFO pFileAttributes // pointer returned by SdbGetFileAttributes
)
/*++
Return: FALSE if a wrong pointer was passed in (not the one
from SdbGetFileAttributes).
Desc: Self explanatory.
--*/
{
PFILEINFO pFileInfo;
//
// We are assuming the pointer that was passed in points inside of a
// larger structure FILEINFO. To verify that we step back a pre-determined number
// of bytes (calculated below as an offset) and check the "magic" signature.
//
pFileInfo = (PFILEINFO)((PBYTE)pFileAttributes - OFFSETOF(FILEINFO, Attributes));
if (pFileInfo->dwMagic != FILEINFO_MAGIC) {
DBGPRINT((sdlError, "SdbFreeFileAttributes", "Bad pointer to attributes.\n"));
return FALSE;
}
SdbFreeFileInfo(pFileInfo);
return TRUE;
}
BOOL
SdbpQuery16BitDescription(
OUT LPSTR szBuffer, // min length 256 chars !
IN PIMAGEFILEDATA pImageData
)
/*++
Return: TRUE on success, FALSE otherwise.
Desc: Gets the 16 bit description for a DOS executable.
--*/
{
PIMAGE_DOS_HEADER pDosHeader;
PIMAGE_OS2_HEADER pNEHeader;
PBYTE pSize;
DWORD ModuleType;
if (!SdbpGetModuleType(&ModuleType, pImageData)) {
return FALSE;
}
if (ModuleType != MT_W16_MODULE) {
return FALSE;
}
pDosHeader = (PIMAGE_DOS_HEADER)pImageData->pBase;
pNEHeader = (PIMAGE_OS2_HEADER)((PBYTE)pImageData->pBase + pDosHeader->e_lfanew);
//
// Now we know that pNEHeader is valid, just have to make sure that
// the next offset is valid as well, make a check against file size.
//
if (pImageData->ViewSize < pDosHeader->e_lfanew + sizeof(*pNEHeader)) {
return FALSE;
}
if (pImageData->ViewSize < pNEHeader->ne_nrestab + sizeof(*pSize)) {
return FALSE;
}
pSize = (PBYTE)((PBYTE)pImageData->pBase + pNEHeader->ne_nrestab);
if (*pSize == 0) {
return FALSE;
}
//
// Now check for the string size.
//
if (pImageData->ViewSize < pNEHeader->ne_nrestab + sizeof(*pSize) + *pSize) {
return FALSE;
}
RtlCopyMemory(szBuffer, pSize + 1, *pSize);
szBuffer[*pSize] = '\0';
return TRUE;
}
BOOL
SdbpQuery16BitModuleName(
OUT LPSTR szBuffer,
IN PIMAGEFILEDATA pImageData
)
{
PIMAGE_DOS_HEADER pDosHeader;
PIMAGE_OS2_HEADER pNEHeader;
PBYTE pSize;
DWORD ModuleType;
if (!SdbpGetModuleType(&ModuleType, pImageData)) {
return FALSE;
}
if (ModuleType != MT_W16_MODULE) {
return FALSE;
}
pDosHeader = (PIMAGE_DOS_HEADER)pImageData->pBase;
pNEHeader = (PIMAGE_OS2_HEADER)((PBYTE)pImageData->pBase + pDosHeader->e_lfanew);
//
// Now we know that pNEHeader is valid, just have to make sure that
// the next offset is valid as well, make a check against file size.
//
if (pImageData->ViewSize < pDosHeader->e_lfanew + sizeof(*pNEHeader)) {
return FALSE;
}
if (pImageData->ViewSize < pNEHeader->ne_restab + sizeof(*pSize)) {
return FALSE;
}
pSize = (PBYTE)((PBYTE)pImageData->pBase + pDosHeader->e_lfanew + pNEHeader->ne_restab);
if (*pSize == 0) {
return FALSE;
}
//
// Now check for the string size.
//
if (pImageData->ViewSize <
pDosHeader->e_lfanew + pNEHeader->ne_restab + sizeof(*pSize) + *pSize) {
return FALSE;
}
RtlCopyMemory(szBuffer, pSize + 1, *pSize);
szBuffer[*pSize] = '\0';
return TRUE;
}
#endif // KERNEL_MODE