Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2707 lines
83 KiB

/******************************************************************************
Copyright (c) 2000 Microsoft Corporation
Module Name:
faultrep.cpp
Abstract:
Implements utility functions for fault reporting
Revision History:
created derekm 07/07/00
******************************************************************************/
#include "stdafx.h"
#include "dbghelp.h"
#include "wtsapi32.h"
#include "userenv.h"
#include "frmc.h"
#include "tlhelp32.h"
#include "shimdb.h"
///////////////////////////////////////////////////////////////////////////////
// typedefs
typedef BOOL (STDAPICALLTYPE *DUMPWRITE_FN)(HANDLE, DWORD, HANDLE,
MINIDUMP_TYPE,
PMINIDUMP_EXCEPTION_INFORMATION,
PMINIDUMP_USER_STREAM_INFORMATION,
PMINIDUMP_CALLBACK_INFORMATION);
typedef DWORD (WINAPI *pfn_GETMODULEFILENAMEEXW)(HANDLE, HMODULE, LPWSTR, DWORD);
///////////////////////////////////////////////////////////////////////////////
// globals
///////////////////////////////////////////////////////////////////////////////
// useful structs
struct SLangCodepage
{
WORD wLanguage;
WORD wCodePage;
};
///////////////////////////////////////////////////////////////////////////////
// misc utility functions
// **************************************************************************
HMODULE MySafeLoadLibrary(LPCWSTR wszModule)
{
HMODULE hmod = NULL;
PVOID pvLdrLockCookie = NULL;
ULONG ulLockState = 0;
// make sure that no one else owns the loader lock because we
// could otherwise deadlock
LdrLockLoaderLock(LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY, &ulLockState,
&pvLdrLockCookie);
if (ulLockState == LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED)
{
__try { hmod = LoadLibraryExW(wszModule, NULL, 0); }
__except(EXCEPTION_EXECUTE_HANDLER) { hmod = NULL; }
LdrUnlockLoaderLock(0, pvLdrLockCookie);
}
return hmod;
}
// **************************************************************************
static inline WCHAR itox(DWORD dw)
{
dw &= 0xf;
return (WCHAR)((dw < 10) ? (L'0' + dw) : (L'A' + (dw - 10)));
}
// **************************************************************************
BOOL IsASCII(LPCWSTR wszSrc)
{
const WCHAR *pwsz;
// check and see if we need to hexify the string. This is determined
// by whether the string contains all ASCII characters or not. Since
// an ASCII character is defined as being in the range of 00 -> 7f, just
// 'and' the wchar's value with ~0x7f and see if the result is 0. If it
// is, then the whcar is an ASCII value.
for (pwsz = wszSrc; *pwsz != L'\0'; pwsz++)
{
if ((*pwsz & ~0x7f) != 0)
return FALSE;
}
return TRUE;
}
// **************************************************************************
BOOL IsValidField(LPWSTR wsz)
{
WCHAR *pwsz;
if (wsz == NULL)
return FALSE;
for(pwsz = wsz; *pwsz != L'\0'; pwsz++)
{
if (iswspace(*pwsz) == FALSE)
return TRUE;
}
return FALSE;
}
// **************************************************************************
BOOL TransformForWire(LPCWSTR wszSrc, LPWSTR wszDest, DWORD cchDest)
{
HRESULT hr = NOERROR;
DWORD cch;
USE_TRACING("TransformForWire");
VALIDATEPARM(hr, (wszSrc == NULL || wszDest == NULL || cchDest < 5));
if (FAILED(hr))
goto done;
if (cchDest > 5)
{
// darn! Gotta convert every character to a 4 char hex value cuz this
// is what DW does and we have to match them
for (cch = 0; *wszSrc != L'\0' && cch + 4 < cchDest; cch += 4, wszSrc++)
{
*wszDest++ = itox((*wszSrc & 0xf000) > 12);
*wszDest++ = itox((*wszSrc & 0x0f00) > 8);
*wszDest++ = itox((*wszSrc & 0x00f0) > 4);
*wszDest++ = itox((*wszSrc & 0x000f));
}
// if we don't see this, then we've got too small of a buffer
if (*wszSrc != L'\0' || cch >= cchDest)
{
hr = E_FAIL;
goto done;
}
*wszDest = L'\0';
}
else
{
hr = E_FAIL;
}
done:
return (SUCCEEDED(hr));
}
// ***************************************************************************
LPWSTR MarshallString(LPCWSTR wszSrc, PBYTE pBase, ULONG cbMaxBuf,
PBYTE *ppToWrite, DWORD *pcbWritten)
{
DWORD cb;
PBYTE pwszNormalized;
cb = (wcslen(wszSrc) + 1) * sizeof(WCHAR);
if ((*pcbWritten + cb) > cbMaxBuf)
return NULL;
RtlMoveMemory(*ppToWrite, wszSrc, cb);
// the normalized ptr is the current count
pwszNormalized = (PBYTE)(*ppToWrite - pBase);
// cb is always a mutliple of sizeof(WHCAR) so the pointer addition below
// always produces a result that is 2byte aligned (assuming the input was
// 2byte aligned of course)
*ppToWrite += cb;
*pcbWritten += cb;
return (LPWSTR)pwszNormalized;
}
// **************************************************************************
HRESULT GetVerName(LPWSTR wszModule, LPWSTR wszName, DWORD cchName,
LPWSTR wszVer, DWORD cchVer,
LPWSTR wszCompany, DWORD cchCompany,
BOOL fAcceptUnicodeCP, BOOL fWantActualName)
{
USE_TRACING("GetVerName");
VS_FIXEDFILEINFO *pffi;
SLangCodepage *plc;
HRESULT hr = NOERROR;
WCHAR wszQuery[128], *pwszProp = NULL;
WCHAR *pwszPropVal;
DWORD cbFVI, dwJunk, dwMSWin = 0;
PBYTE pbFVI = NULL;
UINT cb, cbVerInfo, i;
SLangCodepage rglc[] = { { 0, 0 }, // UI language if one exists
{ 0x409, 0x4B0 }, // unicode English
{ 0x409, 0x4E4 }, // English
{ 0x409, 0 }, // English, null codepage
{ 0 , 0x4E4 } }; // language neutral.
VALIDATEPARM(hr, (wszModule == NULL || wszName == NULL || cchName == 0));
if (FAILED(hr))
goto done;
if (wszCompany != NULL)
*wszCompany = L'\0';
if (wszVer != NULL)
wcsncpy(wszVer, L"0.0.0.0", cchVer);
if (fWantActualName)
{
*wszName = L'\0';
}
else
{
for(pwszPropVal = wszModule + wcslen(wszModule);
pwszPropVal >= wszModule && *pwszPropVal != L'\\';
pwszPropVal--);
if (*pwszPropVal == L'\\')
pwszPropVal++;
wcsncpy(wszName, pwszPropVal, cchName);
wszName[cchName - 1] = L'\0';
}
// dwJunk is a useful parameter. Gotta pass it in so the function call
// set it to 0. Gee this would make a great (tho non-efficient)
// way to set DWORDs to 0. Much better than saying dwJunk = 0 by itself.
cbFVI = GetFileVersionInfoSizeW(wszModule, &dwJunk);
TESTBOOL(hr, (cbFVI != 0));
if (FAILED(hr))
{
// if it fails, assume the file doesn't have any version info &
// return S_FALSE
hr = S_FALSE;
goto done;
}
// alloca only throws exceptions so gotta catch 'em here...
__try
{
__try{ pbFVI = (PBYTE)_alloca(cbFVI); }
__except(EXCEPTION_STACK_OVERFLOW) { pbFVI = NULL; }
_ASSERT(pbFVI != NULL);
hr = NOERROR;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
pbFVI = NULL;
}
VALIDATEEXPR(hr, (pbFVI == NULL), E_OUTOFMEMORY);
if (FAILED(hr))
goto done;
cb = cbFVI;
TESTBOOL(hr, GetFileVersionInfoW(wszModule, 0, cbFVI, (LPVOID *)pbFVI));
if (FAILED(hr))
{
// if it fails, assume the file doesn't have any version info &
// return S_FALSE
hr = S_FALSE;
goto done;
}
// determine if it's a MS app or windows componenet
dwMSWin = IsMicrosoftApp(NULL, pbFVI, cbFVI);
// get the real version info- apparently, the string can occasionally
// be out of sync (so says the explorer.exe code that extracts ver info)
if (wszVer != NULL &&
VerQueryValueW(pbFVI, L"\\", (LPVOID *)&pffi, &cb) && cb != 0)
{
WCHAR wszVerTemp[64];
swprintf(wszVerTemp, L"%d.%d.%d.%d", HIWORD(pffi->dwFileVersionMS),
LOWORD(pffi->dwFileVersionMS), HIWORD(pffi->dwFileVersionLS),
LOWORD(pffi->dwFileVersionLS));
wcsncpy(wszVer, wszVerTemp, cchVer);
wszVer[cchVer - 1] = L'\0';
}
// try to figure out what the appropriate langage...
TESTBOOL(hr, VerQueryValueW(pbFVI, L"\\VarFileInfo\\Translation",
(LPVOID *)&plc, &cbVerInfo));
if (SUCCEEDED(hr))
{
LANGID langid;
DWORD cLangs, iUni = (DWORD)-1;
UINT uiACP;
langid = GetUserDefaultUILanguage();
cLangs = cbVerInfo / sizeof(SLangCodepage);
uiACP = GetACP();
// see if there's a language that matches the default
for(i = 0; i < cLangs; i++)
{
// not sure what to do if there are multiple code pages for a
// particular language. Just take the first, I guess...
if (langid == plc[i].wLanguage && uiACP == plc[i].wCodePage)
break;
// if we can accept the unicode code page & we encounter a
// launguage with it, then remember it. Note that we only
// remember the first such instance we see or one that matches
// the target language
if (fAcceptUnicodeCP && plc[i].wCodePage == 1200 &&
(iUni == (DWORD)-1 || langid == plc[i].wLanguage))
iUni = i;
}
if (i >= cLangs && iUni != (DWORD)-1)
i = iUni;
if (i < cLangs)
{
rglc[0].wLanguage = plc[i].wLanguage;
rglc[0].wCodePage = plc[i].wCodePage;
}
}
for(i = 0; i < 5; i++)
{
if (rglc[i].wLanguage == 0 && rglc[i].wCodePage == 0)
continue;
swprintf(wszQuery, L"\\StringFileInfo\\%04x%04x\\FileVersion",
rglc[i].wLanguage, rglc[i].wCodePage);
// Retrieve file description for language and code page 'i'.
TESTBOOL(hr, VerQueryValueW(pbFVI, wszQuery,
(LPVOID *)&pwszPropVal, &cb));
if (SUCCEEDED(hr) && cb != 0)
{
// want to get size of a normal char string & not a unicode
// string cuz we'd have to / sizeof(WCHAR) otherwise
pwszProp = wszQuery + sizeof("\\StringFileInfo\\%04x%04x\\") - 1;
break;
}
}
// if we still didn't find anything, then assume there's no version
// resource. We've already set the defaults above, so we can bail...
if (pwszProp == NULL)
{
hr = NOERROR;
goto done;
}
if (wszCompany != NULL)
{
wcscpy(pwszProp, L"CompanyName");
TESTBOOL(hr, VerQueryValueW(pbFVI, wszQuery, (LPVOID *)&pwszPropVal,
&cb));
if (SUCCEEDED(hr) && cb != 0)
{
wcsncpy(wszCompany, pwszPropVal, cchCompany);
wszCompany[cchCompany - 1] = L'\0';
}
}
// So to fix the case where Windows components did not properly update
// the product strings, we have to look for the FileDescription first.
// But since the OCA folks want only the description (convieniently
// when the fWantActualName field is set) then we need to only read
// the ProductName field.
if (fWantActualName)
{
wcscpy(pwszProp, L"ProductName");
TESTBOOL(hr, VerQueryValueW(pbFVI, wszQuery, (LPVOID *)&pwszPropVal,
&cb));
if (SUCCEEDED(hr) && cb != 0 && IsValidField(pwszPropVal))
{
wcsncpy(wszName, pwszPropVal, cchName);
wszName[cchName - 1] = L'\0';
goto done;
}
}
else
{
wcscpy(pwszProp, L"FileDescription");
TESTBOOL(hr, VerQueryValueW(pbFVI, wszQuery, (LPVOID *)&pwszPropVal,
&cb));
if (SUCCEEDED(hr) && cb != 0 && IsValidField(pwszPropVal))
{
wcsncpy(wszName, pwszPropVal, cchName);
wszName[cchName - 1] = L'\0';
goto done;
}
if ((dwMSWin & APP_WINCOMP) == 0)
{
wcscpy(pwszProp, L"ProductName");
TESTBOOL(hr, VerQueryValueW(pbFVI, wszQuery,
(LPVOID *)&pwszPropVal, &cb));
if (SUCCEEDED(hr) && cb != 0 && IsValidField(pwszPropVal))
{
wcsncpy(wszName, pwszPropVal, cchName);
wszName[cchName - 1] = L'\0';
goto done;
}
}
wcscpy(pwszProp, L"InternalName");
TESTBOOL(hr, VerQueryValueW(pbFVI, wszQuery,
(LPVOID *)&pwszPropVal, &cb));
if (SUCCEEDED(hr) && cb != 0 && IsValidField(pwszPropVal))
{
wcsncpy(wszName, pwszPropVal, cchName);
wszName[cchName - 1] = L'\0';
goto done;
}
}
// We didn't find a name string but we've defaulted
// the name and we may have other valid data, so
// return success.
hr = S_OK;
done:
return hr;
}
// **************************************************************************
HRESULT BuildManifestURLs(LPWSTR wszAppName, LPWSTR wszModName,
WORD rgAppVer[4], WORD rgModVer[4], UINT64 pvOffset,
BOOL f64Bit, LPWSTR *ppwszS1, LPWSTR *ppwszS2,
LPWSTR *ppwszCP, BYTE **ppb)
{
HRESULT hr = NOERROR;
LPWSTR pwszApp, pwszMod;
LPWSTR wszStage1, wszStage2, wszCorpPath;
DWORD cbNeeded, cch;
WCHAR *pwsz;
BYTE *pbBuf = NULL;
USE_TRACING("BuildManifestURLs");
VALIDATEPARM(hr, (wszAppName == NULL || wszModName == NULL ||
ppwszS1 == NULL || ppwszS2 == NULL || ppwszCP == NULL ||
ppb == NULL));
if (FAILED(hr))
goto done;
*ppb = NULL;
*ppwszS1 = NULL;
*ppwszS2 = NULL;
*ppwszCP = NULL;
// hexify the app name if necessary
if (IsASCII(wszAppName))
{
pwszApp = wszAppName;
}
else
{
cch = (4 * wcslen(wszAppName) + 1);
__try { pwszApp = (LPWSTR)_alloca(cch * sizeof(WCHAR)); }
__except(EXCEPTION_STACK_OVERFLOW) { pwszApp = NULL; }
if (pwszApp != NULL)
{
if (TransformForWire(wszAppName, pwszApp, cch) == FALSE)
*pwszApp = L'\0';
}
else
{
pwszApp = wszAppName;
}
}
// hexify the module name if necessary
if (IsASCII(wszModName))
{
pwszMod = wszModName;
}
else
{
cch = (4 * wcslen(wszModName) + 1);
__try { pwszMod = (LPWSTR)_alloca(cch * sizeof(WCHAR)); }
__except(EXCEPTION_STACK_OVERFLOW) { pwszMod = NULL; }
if (pwszMod != NULL)
{
if (TransformForWire(wszModName, pwszMod, cch) == FALSE)
*pwszMod = L'\0';
}
else
{
pwszMod = wszModName;
}
}
// determine how big of a buffer we need & alloc it
#ifdef _WIN64
if (f64Bit)
cbNeeded = c_cbFaultBlob64 + 3 * (wcslen(pwszMod) + wcslen(pwszApp)) * sizeof(WCHAR);
else
#endif
cbNeeded = c_cbFaultBlob32 + 3 * (wcslen(pwszMod) + wcslen(pwszApp)) * sizeof(WCHAR);
pbBuf = (BYTE *)MyAlloc(cbNeeded);
VALIDATEEXPR(hr, (pbBuf == NULL), E_OUTOFMEMORY);
if (FAILED(hr))
goto done;
// write out the actual strings
#ifdef _WIN64
if (f64Bit)
{
wszStage1 = (WCHAR *)pbBuf;
cch = swprintf(wszStage1, c_wszManFS164,
pwszApp,
rgAppVer[0], rgAppVer[1], rgAppVer[2], rgAppVer[3],
pwszMod,
rgModVer[0], rgModVer[1], rgModVer[2], rgModVer[3],
pvOffset);
wszStage2 = wszStage1 + cch + 1;
cch = swprintf(wszStage2, c_wszManFS264,
pwszApp,
rgAppVer[0], rgAppVer[1], rgAppVer[2], rgAppVer[3],
pwszMod,
rgModVer[0], rgModVer[1], rgModVer[2], rgModVer[3],
pvOffset);
wszCorpPath = wszStage2 + cch + 1;
cch = swprintf(wszCorpPath, c_wszManFCP64,
pwszApp,
rgAppVer[0], rgAppVer[1], rgAppVer[2], rgAppVer[3],
pwszMod,
rgModVer[0], rgModVer[1], rgModVer[2], rgModVer[3],
pvOffset);
}
else
#endif
{
wszStage1 = (WCHAR *)pbBuf;
cch = swprintf(wszStage1, c_wszManFS132,
pwszApp,
rgAppVer[0], rgAppVer[1], rgAppVer[2], rgAppVer[3],
pwszMod,
rgModVer[0], rgModVer[1], rgModVer[2], rgModVer[3],
(LPVOID)pvOffset);
wszStage2 = wszStage1 + cch + 1;
cch = swprintf(wszStage2, c_wszManFS232,
pwszApp,
rgAppVer[0], rgAppVer[1], rgAppVer[2], rgAppVer[3],
pwszMod,
rgModVer[0], rgModVer[1], rgModVer[2], rgModVer[3],
(LPVOID)pvOffset);
wszCorpPath = wszStage2 + cch + 1;
cch = swprintf(wszCorpPath, c_wszManFCP32,
pwszApp,
rgAppVer[0], rgAppVer[1], rgAppVer[2], rgAppVer[3],
pwszMod,
rgModVer[0], rgModVer[1], rgModVer[2], rgModVer[3],
(LPVOID)pvOffset);
}
// need to convert all '.'s to '_'s cuz URLs don't like dots.
for (pwsz = wszStage1; *pwsz != L'\0'; pwsz++)
{
if (*pwsz == L'.')
*pwsz = L'_';
}
// ok, on the end of the stage 1 URL is a .htm, and we really don't want to
// convert that '.' to a '_', so back up and reconvert it back to a '.'
pwsz -= 4;
if (*pwsz == L'_')
*pwsz = L'.';
*ppwszS1 = wszStage1;
*ppwszS2 = wszStage2;
*ppwszCP = wszCorpPath;
*ppb = pbBuf;
pbBuf = NULL;
done:
if (pbBuf != NULL)
MyFree(pbBuf);
return hr;
}
// **************************************************************************
HRESULT GetExePath(HANDLE hProc, LPWSTR wszPath, DWORD cchPath)
{
USE_TRACING("GetExePath");
pfn_GETMODULEFILENAMEEXW pfn;
HRESULT hr = NOERROR;
HMODULE hmod = NULL;
DWORD dw;
VALIDATEPARM(hr, (wszPath == NULL || hProc == NULL || cchPath < MAX_PATH));
if (FAILED(hr))
goto done;
hmod = MySafeLoadLibrary(L"psapi.dll");
TESTBOOL(hr, (hmod != NULL));
if (FAILED(hr))
goto done;
pfn = (pfn_GETMODULEFILENAMEEXW)GetProcAddress(hmod, "GetModuleFileNameExW");
TESTBOOL(hr, (pfn != NULL));
if (FAILED(hr))
goto done;
TESTBOOL(hr, ((*pfn)(hProc, NULL, wszPath, cchPath) != 0));
if (FAILED(hr))
goto done;
done:
dw = GetLastError();
if (hmod != NULL)
FreeLibrary(hmod);
SetLastError(dw);
return hr;
}
// ***************************************************************************
DWORD GetAppCompatFlag(LPCWSTR wszPath, LPCWSTR wszSysDir, LPWSTR wszBuffer)
{
LPWSTR pwszFile, wszSysDirLocal = NULL, pwszDir = NULL;
DWORD dwOpt = (DWORD)-1;
DWORD cchPath, cch;
UINT uiDrive;
if (wszPath == NULL || wszBuffer == NULL || wszSysDir == NULL)
goto done;
// can't be a valid path if it's less than 3 characters long
cchPath = wcslen(wszPath);
if (cchPath < 3)
goto done;
// do we have a UNC path?
if (wszPath[0] == L'\\' && wszPath[1] == L'\\')
{
dwOpt = GRABMI_FILTER_THISFILEONLY;
goto done;
}
// ok, maybe a remote mapped path or system32?
wcscpy(wszBuffer, wszPath);
for(pwszFile = wszBuffer + cchPath;
*pwszFile != L'\\' && pwszFile > wszBuffer;
pwszFile--);
if (*pwszFile == L'\\')
*pwszFile = L'\0';
else
goto done;
cch = wcslen(wszSysDir) + 1;
__try { wszSysDirLocal = (LPWSTR)_alloca(cch * sizeof(WCHAR)); }
__except(EXCEPTION_EXECUTE_HANDLER) { wszSysDirLocal = NULL; }
if (wszSysDirLocal == NULL)
goto done;
// see if it's in system32 or in any parent folder of it.
wcscpy(wszSysDirLocal, wszSysDir);
pwszDir = wszSysDirLocal + cch;
do
{
if (_wcsicmp(wszBuffer, wszSysDirLocal) == 0)
{
dwOpt = GRABMI_FILTER_SYSTEM;
goto done;
}
for(;
*pwszDir != L'\\' && pwszDir > wszSysDirLocal;
pwszDir--);
if (*pwszDir == L'\\')
*pwszDir = L'\0';
}
while (pwszDir > wszSysDirLocal);
// is the file sitting in the root of a drive?
if (pwszFile <= &wszBuffer[3])
{
dwOpt = GRABMI_FILTER_THISFILEONLY;
goto done;
}
// well, if we've gotten this far, then the path is in the form of
// X:\<something>, so cut off the <something> and find out if we're on
// a mapped drive or not
*pwszFile = L'\\';
wszBuffer[3] = L'\0';
switch(GetDriveTypeW(wszBuffer))
{
case DRIVE_UNKNOWN:
case DRIVE_NO_ROOT_DIR:
goto done;
case DRIVE_REMOTE:
dwOpt = GRABMI_FILTER_THISFILEONLY;
goto done;
}
dwOpt = GRABMI_FILTER_PRIVACY;
done:
return dwOpt;
}
// ***************************************************************************
typedef BOOL (APIENTRY *pfn_SDBGRABMATCHINGINFOW)(LPCWSTR, DWORD, LPCWSTR);
BOOL GetAppCompatData(LPCWSTR wszAppPath, LPCWSTR wszModPath, LPCWSTR wszFile)
{
pfn_SDBGRABMATCHINGINFOW pfn = NULL;
HMODULE hmod = NULL;
LPWSTR pwszPath = NULL, pwszFile = NULL;
WCHAR *pwsz;
DWORD cchSysDir, cchNeed, cchApp = 0, cchMod = 0;
DWORD dwModOpt = (DWORD)-1, dwAppOpt = (DWORD)-1;
DWORD dwOpt;
BOOL fRet = FALSE;
HRESULT hr;
USE_TRACING("GetAppCompatData");
VALIDATEPARM(hr, (wszAppPath == NULL || wszFile == NULL ||
wszAppPath[0] == L'\0' || wszFile[0] == L'\0'));
if (FAILED(hr))
{
SetLastError(ERROR_INVALID_PARAMETER);
goto done;
}
// load the apphelp dll.
cchNeed = GetSystemDirectoryW(NULL, 0);
if (cchNeed == 0)
goto done;
if (sizeofSTRW(L"\\apphelp.dll") > sizeofSTRW(L"\\kernel32.dll"))
cchNeed += (sizeofSTRW(L"\\apphelp.dll") + 8);
else
cchNeed += (sizeofSTRW(L"\\kernel32.dll") + 8);
__try { pwszPath = (WCHAR *)_alloca(cchNeed * sizeof(WCHAR)); }
__except(EXCEPTION_STACK_OVERFLOW) { pwszPath = NULL; }
if (pwszPath == NULL)
{
SetLastError(ERROR_OUTOFMEMORY);
goto done;
}
cchSysDir = GetSystemDirectoryW(pwszPath, cchNeed);
if (cchSysDir == 0)
goto done;
cchApp = wcslen(wszAppPath);
if (wszModPath != NULL)
cchMod = wcslen(wszModPath);
cchNeed = MyMax(cchApp, cchMod) + 8;
__try { pwszFile = (WCHAR *)_alloca(cchNeed * sizeof(WCHAR)); }
__except(EXCEPTION_STACK_OVERFLOW) { pwszFile = NULL; }
if (pwszFile == NULL)
{
SetLastError(ERROR_OUTOFMEMORY);
goto done;
}
// find out the app & module option flag
dwAppOpt = GetAppCompatFlag(wszAppPath, pwszPath, pwszFile);
if (wszModPath != NULL && wszModPath[0] != L'\0' &&
_wcsicmp(wszModPath, wszAppPath) != 0)
{
#if 0
dwModOpt = GetAppCompatFlag(wszModPath, pwszPath, pwszFile);
// no need to grab system data twice. If we're already grabbing
// it for the app, don't grab it for the module. Yes, we may end
// up grabbing the mod twice if it happens to be one of the system
// modules, but that's ok.
if (dwModOpt == GRABMI_FILTER_SYSTEM &&
dwAppOpt == GRABMI_FILTER_SYSTEM)
dwModOpt = GRABMI_FILTER_THISFILEONLY;
#else
dwModOpt = GRABMI_FILTER_THISFILEONLY;
#endif
}
// load the libarary
wcscpy(&pwszPath[cchSysDir], L"\\apphelp.dll");
hmod = MySafeLoadLibrary(pwszPath);
if (hmod == NULL)
goto done;
// if we don't find the function, then just bail...
pfn = (pfn_SDBGRABMATCHINGINFOW)GetProcAddress(hmod, "SdbGrabMatchingInfo");
if (pfn == NULL)
goto done;
// call the function to get the app data
if (dwAppOpt != (DWORD)-1)
{
dwOpt = dwAppOpt;
if (dwModOpt != (DWORD)-1 ||
(dwModOpt != GRABMI_FILTER_SYSTEM &&
dwAppOpt != GRABMI_FILTER_SYSTEM))
dwOpt |= GRABMI_FILTER_NOCLOSE;
__try { fRet = (*pfn)(wszAppPath, dwOpt, wszFile); }
__except(EXCEPTION_EXECUTE_HANDLER) { fRet = FALSE; DBG_MSG("GrabAppData crashed");}
if (fRet == FALSE)
goto done;
}
// call the function to get the mod data
if (dwModOpt != (DWORD)-1)
{
dwOpt = dwModOpt;
if (dwAppOpt != (DWORD)-1)
dwOpt |= GRABMI_FILTER_APPEND;
if (dwAppOpt != GRABMI_FILTER_SYSTEM &&
dwModOpt != GRABMI_FILTER_SYSTEM)
dwOpt |= GRABMI_FILTER_NOCLOSE;
__try { fRet = (*pfn)(wszModPath, dwOpt, wszFile); }
__except(EXCEPTION_EXECUTE_HANDLER) { fRet = FALSE; DBG_MSG("GrabModData crashed");}
if (fRet == FALSE)
goto done;
}
// call the function to get the data for kernel32
if (dwModOpt != GRABMI_FILTER_SYSTEM &&
dwAppOpt != GRABMI_FILTER_SYSTEM)
{
wcscpy(&pwszPath[cchSysDir], L"\\kernel32.dll");
dwOpt = GRABMI_FILTER_THISFILEONLY;
if (dwModOpt != (DWORD)-1 || dwAppOpt != (DWORD)-1)
dwOpt |= GRABMI_FILTER_APPEND;
__try { fRet = (*pfn)(pwszPath, dwOpt, wszFile); }
__except(EXCEPTION_EXECUTE_HANDLER) { fRet = FALSE; DBG_MSG("GrabKrnlData crashed");}
if (fRet == FALSE)
goto done;
}
done:
if (fRet == FALSE)
DeleteFileW(wszFile);
if (hmod != NULL)
{
__try { FreeLibrary(hmod); }
__except(EXCEPTION_EXECUTE_HANDLER) { }
}
return fRet;
}
//////////////////////////////////////////////////////////////////////////////
// ThreadStuff
// ***************************************************************************
BOOL FreezeAllThreads(DWORD dwpid, DWORD dwtidFilter, SSuspendThreads *pst)
{
THREADENTRY32 te;
HANDLE hTokenImp = NULL;
HANDLE hsnap = (HANDLE)-1, hth = NULL;
HANDLE *rgh = NULL;
DWORD dwtid = GetCurrentThreadId();
DWORD cThreads = 0, cSlots = 0, dw;
BOOL fContinue = FALSE, fRet = FALSE;
if (pst == NULL)
{
SetLastError(ERROR_INVALID_PARAMETER);
goto done;
}
pst->rghThreads = NULL;
pst->cThreads = 0;
// if we have an impersonation token on this thread, revert it back to
// full access cuz otherwise we could fail in the OpenThread API below.
// Even if we fail, we'll still try all the rest of the stuff below.
if (OpenThreadToken(GetCurrentThread(), TOKEN_READ | TOKEN_IMPERSONATE,
TRUE, &hTokenImp))
RevertToSelf();
hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, dwpid);
if (hsnap == (HANDLE)-1)
goto done;
ZeroMemory(&te, sizeof(te));
te.dwSize = sizeof(te);
fContinue = Thread32First(hsnap, &te);
while(fContinue)
{
// only want to freeze threads in my process (not including the
// currently executing one, of course, since that would bring
// everything to a grinding halt.)
if (te.th32OwnerProcessID == dwpid && te.th32ThreadID != dwtidFilter)
{
hth = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te.th32ThreadID);
if (hth != NULL)
{
if (cSlots == cThreads)
{
HANDLE *rghNew = NULL;
DWORD cNew = (cSlots == 0) ? 8 : cSlots * 2;
rghNew = (HANDLE *)MyAlloc(cNew * sizeof(HANDLE));
if (rghNew == NULL)
{
SetLastError(ERROR_OUTOFMEMORY);
goto done;
}
if (rgh != NULL)
CopyMemory(rghNew, rgh, cSlots * sizeof(HANDLE));
MyFree(rgh);
rgh = rghNew;
cSlots = cNew;
}
// if the suspend fails, then just don't add it to the
// list...
if (SuspendThread(hth) == (DWORD)-1)
CloseHandle(hth);
else
rgh[cThreads++] = hth;
hth = NULL;
}
}
fContinue = Thread32Next(hsnap, &te);
}
pst->rghThreads = rgh;
pst->cThreads = cThreads;
SetLastError(0);
fRet = TRUE;
done:
dw = GetLastError();
if (hTokenImp != NULL)
{
SetThreadToken(NULL, hTokenImp);
CloseHandle(hTokenImp);
}
if (fRet == FALSE && rgh != NULL)
{
DWORD i;
for (i = 0; i < cThreads; i++)
{
if (rgh[i] != NULL)
{
ResumeThread(rgh[i]);
CloseHandle(rgh[i]);
}
}
MyFree(rgh);
}
// MSDN says to use CloseToolhelp32Snapshot() to close the snapshot.
// the tlhelp32.h header file says to use CloseHandle & doens't provide
// a CloseToolhelp32Snapshot() function. Hence, I'm using CloseHandle
// for now.
if (hsnap != (HANDLE)-1)
CloseHandle(hsnap);
SetLastError(dw);
return fRet;
}
// ***************************************************************************
BOOL ThawAllThreads(SSuspendThreads *pst)
{
DWORD i;
if (pst == NULL)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
if (pst->rghThreads == NULL)
return TRUE;
for (i = 0; i < pst->cThreads; i++)
{
if (pst->rghThreads[i] != NULL)
{
ResumeThread(pst->rghThreads[i]);
CloseHandle(pst->rghThreads[i]);
}
}
MyFree(pst->rghThreads);
pst->rghThreads = NULL;
pst->cThreads = 0;
SetLastError(0);
return TRUE;
}
//////////////////////////////////////////////////////////////////////////////
// Minidump
// ***************************************************************************
BOOL WINAPI MDCallback(void *pvCallbackParam,
CONST PMINIDUMP_CALLBACK_INPUT pCallbackInput,
PMINIDUMP_CALLBACK_OUTPUT pCallbackOutput)
{
// USE_TRACING("MDCallback");
SMDumpOptions *psmdo = (SMDumpOptions *)pvCallbackParam;
if (pCallbackInput == NULL || pCallbackOutput == NULL || psmdo == NULL)
return TRUE;
// what did we get called back for?
switch(pCallbackInput->CallbackType)
{
case ModuleCallback:
pCallbackOutput->ModuleWriteFlags = psmdo->ulMod;
// only need to do this extra work if we're getting a minidump
if ((psmdo->dfOptions & dfCollectSig) != 0)
{
MINIDUMP_MODULE_CALLBACK *pmmc = &pCallbackInput->Module;
LPWSTR pwsz = NULL;
// err, if we don't have a path, can't do squat, so skip it
if (pmmc->FullPath != NULL && pmmc->FullPath[0] != L'\0')
{
// is it the app?
if (_wcsicmp(pmmc->FullPath, psmdo->wszAppFullPath) == 0)
{
pCallbackOutput->ModuleWriteFlags |= ModuleWriteDataSeg;
psmdo->rgAppVer[0] = HIWORD(pmmc->VersionInfo.dwFileVersionMS);
psmdo->rgAppVer[1] = LOWORD(pmmc->VersionInfo.dwFileVersionMS);
psmdo->rgAppVer[2] = HIWORD(pmmc->VersionInfo.dwFileVersionLS);
psmdo->rgAppVer[3] = LOWORD(pmmc->VersionInfo.dwFileVersionLS);
// get a pointer to the end of the modulename string
for(pwsz = pmmc->FullPath + wcslen(pmmc->FullPath);
*pwsz != L'\\' && pwsz > pmmc->FullPath;
pwsz--);
if (*pwsz == L'\\')
pwsz++;
// get the app name, if we can make it fit
if (wcslen(pwsz) < sizeofSTRW(psmdo->wszApp))
wcscpy(psmdo->wszApp, pwsz);
else
wcscpy(psmdo->wszApp, L"unknown");
}
}
// is it the module?
if (psmdo->pvFaultAddr >= pmmc->BaseOfImage &&
psmdo->pvFaultAddr <= pmmc->BaseOfImage + pmmc->SizeOfImage)
{
pCallbackOutput->ModuleWriteFlags |= ModuleWriteDataSeg;
psmdo->rgModVer[0] = HIWORD(pmmc->VersionInfo.dwFileVersionMS);
psmdo->rgModVer[1] = LOWORD(pmmc->VersionInfo.dwFileVersionMS);
psmdo->rgModVer[2] = HIWORD(pmmc->VersionInfo.dwFileVersionLS);
psmdo->rgModVer[3] = LOWORD(pmmc->VersionInfo.dwFileVersionLS);
if (pwsz == NULL)
{
// get a pointer to the end of the modulename string
for(pwsz = pmmc->FullPath + wcslen(pmmc->FullPath);
*pwsz != L'\\' && pwsz > pmmc->FullPath;
pwsz--);
if (*pwsz == L'\\')
pwsz++;
}
if (pwsz != NULL && wcslen(pwsz) < sizeofSTRW(psmdo->wszMod))
{
// get the full path if we can make it fit
if (wcslen(pmmc->FullPath) < sizeofSTRW(psmdo->wszModFullPath))
wcscpy(psmdo->wszModFullPath, pmmc->FullPath);
else
psmdo->wszModFullPath[0] = L'\0';
// get the module name, if we can make it fit
if (wcslen(pwsz) < sizeofSTRW(psmdo->wszMod))
wcscpy(psmdo->wszMod, pwsz);
else
wcscpy(psmdo->wszMod, L"unknown");
psmdo->pvOffset = psmdo->pvFaultAddr - pmmc->BaseOfImage;
}
}
}
break;
case ThreadCallback:
// are we collecting info for a single thread only?
if ((psmdo->dfOptions & dfFilterThread) != 0)
{
if (psmdo->dwThreadID == pCallbackInput->Thread.ThreadId)
pCallbackOutput->ThreadWriteFlags = psmdo->ulThread;
else
pCallbackOutput->ThreadWriteFlags = 0;
}
// or are we collecting special info for a single thread?
else if ((psmdo->dfOptions & dfFilterThreadEx) != 0)
{
if (psmdo->dwThreadID == pCallbackInput->Thread.ThreadId)
pCallbackOutput->ThreadWriteFlags = psmdo->ulThreadEx;
else
pCallbackOutput->ThreadWriteFlags = psmdo->ulThread;
}
// or maybe we're just getting a generic ol' minidump...
else
{
pCallbackOutput->ThreadWriteFlags = psmdo->ulThread;
}
break;
default:
break;
}
return TRUE;
}
// **************************************************************************
#ifndef MANIFEST_HEAP
BOOL InternalGenerateMinidump(HANDLE hProc, DWORD dwpid, HANDLE hFile,
SMDumpOptions *psmdo, LPCWSTR wszPath)
#else
BOOL InternalGenerateMinidumpEx(HANDLE hProc, DWORD dwpid, HANDLE hFile,
SMDumpOptions *psmdo, LPCWSTR wszPath, BOOL f64bit)
#endif // MANIFEST_HEAP
{
#ifdef _WIN64
USE_TRACING("InternalGenerateMinidumpEx64(handle)");
#else
USE_TRACING("InternalGenerateMinidumpEx(handle)");
#endif
SMDumpOptions smdo;
HRESULT hr = NULL;
LPWSTR wszMod = NULL;
DWORD cch, cchNeed;
BOOL fRet = FALSE;
VALIDATEPARM(hr, (hProc == NULL || hFile == NULL ||
hFile == INVALID_HANDLE_VALUE));
if (FAILED(hr))
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
cchNeed = GetSystemDirectoryW(NULL, 0);
if (cchNeed == 0)
return FALSE;
cchNeed += (sizeofSTRW(c_wszDbgHelpDll) + 8);
__try { wszMod = (LPWSTR)_alloca(cchNeed * sizeof(WCHAR)); }
__except(EXCEPTION_EXECUTE_HANDLER) { wszMod = NULL; }
if (wszMod == NULL)
{
SetLastError(ERROR_OUTOFMEMORY);
goto done;
}
cch = GetSystemDirectoryW(wszMod, cchNeed);
if (cch == 0)
return FALSE;
if (*(wszMod + cch - 1) == L'\\')
*(wszMod + cch - 1) = L'\0';
// default is to write everything for everything
if (psmdo == NULL)
{
ZeroMemory(&smdo, sizeof(smdo));
smdo.ulThread = ThreadWriteThread | ThreadWriteStack | ThreadWriteContext;
smdo.ulMod = ModuleWriteModule | ModuleWriteMiscRecord | ModuleWriteDataSeg;
psmdo = &smdo;
}
// if we're in the same process, we can't call the minidump APIs directly
// cuz we'll hang the process.
if (dwpid == GetCurrentProcessId())
{
PROCESS_INFORMATION pi;
STARTUPINFOW si;
LPWSTR wszCmdLine = NULL;
HANDLE hmem = NULL;
LPVOID pvmem = NULL;
DWORD dw;
if (wszPath == NULL)
{
SetLastError(ERROR_INVALID_PARAMETER);
goto done;
}
// 32 is the max size of a 64 bit decimal # & a 32 bit decimal #
cchNeed = sizeofSTRW(c_wszDRCmdLineMD) + cch + wcslen(wszPath) + 32;
__try { wszCmdLine = (LPWSTR)_alloca(cchNeed * sizeof(WCHAR)); }
__except(EXCEPTION_STACK_OVERFLOW) { wszCmdLine = NULL; }
TESTBOOL(hr, wszCmdLine != NULL);
if (FAILED(hr))
{
SetLastError(ERROR_OUTOFMEMORY);
goto done;
}
hmem = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE,
0, sizeof(smdo), NULL);
TESTBOOL(hr, hmem != NULL);
if (FAILED(hr))
goto done;
ZeroMemory(&pi, sizeof(pi));
ZeroMemory(&si, sizeof(si));
pvmem = MapViewOfFile(hmem, FILE_MAP_WRITE | FILE_MAP_READ, 0, 0, 0);
TESTBOOL(hr, pvmem != NULL);
if (FAILED(hr))
goto doneProcSpawn;
si.cb = sizeof(si);
swprintf(wszCmdLine, c_wszDRCmdLineMD, wszMod, dwpid, wszPath, hmem);
if (CreateProcessW(NULL, wszCmdLine, NULL, NULL, TRUE, 0, NULL,
wszMod, &si, &pi))
{
if (pi.hThread != NULL)
CloseHandle(pi.hThread);
if (!pi.hProcess)
{
DWORD dwAwShit = GetLastError();
ErrorTrace(0, "Spawned process died: \'%S\', err=0x%x", wszCmdLine, dwAwShit);
SetLastError(dwAwShit);
}
// wait 2m for the dump to be complete
if (pi.hProcess != NULL &&
WaitForSingleObject(pi.hProcess, 120000) == WAIT_OBJECT_0)
fRet = TRUE;
}
doneProcSpawn:
dw = GetLastError();
if (pvmem != NULL)
UnmapViewOfFile(pvmem);
if (hmem != NULL)
CloseHandle(hmem);
if (pi.hProcess != NULL)
CloseHandle(pi.hProcess);
SetLastError(dw);
}
else
{
MINIDUMP_EXCEPTION_INFORMATION mei, *pmei = NULL;
MINIDUMP_CALLBACK_INFORMATION mci;
DUMPWRITE_FN pfn;
HMODULE hmod = NULL;
ZeroMemory(&mci, sizeof(mci));
mci.CallbackRoutine = MDCallback;
mci.CallbackParam = psmdo;
// if we got exception paramters in the blob, use 'em...
if (psmdo->pEP != NULL)
{
ZeroMemory(&mei, sizeof(mei));
mei.ExceptionPointers = (PEXCEPTION_POINTERS)(DWORD_PTR)psmdo->pEP;
mei.ClientPointers = psmdo->fEPClient;
mei.ThreadId = psmdo->dwThreadID;
pmei = &mei;
}
wcscat(wszMod, c_wszDbgHelpDll);
hmod = MySafeLoadLibrary(wszMod);
if (hmod != NULL)
{
pfn = (DUMPWRITE_FN)GetProcAddress(hmod, "MiniDumpWriteDump");
if (pfn != NULL)
{
DWORD dwEC;
MINIDUMP_TYPE MiniDumpType = MiniDumpNormal;
#ifdef MANIFEST_HEAP
if (psmdo->fIncludeHeap)
{
MiniDumpType = (MINIDUMP_TYPE) (MiniDumpWithDataSegs |
MiniDumpWithProcessThreadData |
MiniDumpWithHandleData |
MiniDumpWithPrivateReadWriteMemory |
MiniDumpWithUnloadedModules);
} else
{
MiniDumpType = (MINIDUMP_TYPE) (MiniDumpWithDataSegs |
MiniDumpWithUnloadedModules);
}
#endif // MANIFEST_HEAP
fRet = (pfn)(hProc, dwpid, hFile, MiniDumpType,
pmei, NULL, &mci);
if (!fRet)
{
ErrorTrace(0, "MiniDumpWriteDump failed: DumpType=0x%x, err=0x%x", MiniDumpType, GetLastError());
fRet = FALSE;
}
}
FreeLibrary(hmod);
}
}
done:
return fRet;
}
// **************************************************************************
#ifndef MANIFEST_HEAP
BOOL InternalGenerateMinidump(HANDLE hProc, DWORD dwpid, LPCWSTR wszPath,
SMDumpOptions *psmdo)
#else
BOOL InternalGenerateMinidump(HANDLE hProc, DWORD dwpid, LPCWSTR wszPath,
SMDumpOptions *psmdo, BOOL f64bit)
#endif
{
#ifdef _WIN64
USE_TRACING("InternalGenerateMinidump64(path)");
#else
USE_TRACING("InternalGenerateMinidump(path)");
#endif
HRESULT hr = NOERROR;
HANDLE hFile = INVALID_HANDLE_VALUE;
BOOL fRet = FALSE;
VALIDATEPARM(hr, (hProc == NULL || wszPath == NULL));
if (FAILED(hr))
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
hFile = CreateFileW(wszPath, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, 0,
NULL);
TESTBOOL(hr, (hFile != INVALID_HANDLE_VALUE));
if (FAILED(hr))
return FALSE;
#ifdef MANIFEST_HEAP
fRet = InternalGenerateMinidumpEx(hProc, dwpid, hFile, psmdo, wszPath, f64bit);
#else
fRet = InternalGenerateMinidump(hProc, dwpid, hFile, psmdo, wszPath);
#endif
CloseHandle(hFile);
return fRet;
}
#ifdef MANIFEST_HEAP
// This generates a triage minidump on the given wszPath and then generates a
// full minidump on wszPath with c_wszHeapDumpSuffix
BOOL
InternalGenFullAndTriageMinidumps(HANDLE hProc, DWORD dwpid, LPCWSTR wszPath,
HANDLE hFile, SMDumpOptions *psmdo, BOOL f64bit)
{
#ifdef _WIN64
USE_TRACING("InternalGenFullAndTriageMinidumps(path)");
#else
USE_TRACING("InternalGenFullAndTriageMinidumps(path)");
#endif
HRESULT hr = NOERROR;
BOOL fRet = FALSE;
LPWSTR wszFullMinidump = NULL;
DWORD cch;
SMDumpOptions smdoFullMini;
VALIDATEPARM(hr, (hProc == NULL || wszPath == NULL));
if (FAILED(hr))
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
if (hFile)
{
fRet = InternalGenerateMinidumpEx(hProc, dwpid, hFile, psmdo, wszPath, f64bit);
} else
{
fRet = InternalGenerateMinidump(hProc, dwpid, wszPath, psmdo, f64bit);
}
if (!fRet)
{
return fRet;
}
cch = wcslen(wszPath) + sizeofSTRW(c_wszHeapDumpSuffix);
__try { wszFullMinidump = (WCHAR *)_alloca(cch * sizeof(WCHAR)); }
__except(EXCEPTION_STACK_OVERFLOW) { wszFullMinidump = NULL; }
if (wszFullMinidump)
{
LPWSTR wszFileExt = NULL;
ZeroMemory(&smdoFullMini, sizeof(SMDumpOptions));
memcpy(&smdoFullMini, psmdo, sizeof(SMDumpOptions));
// Build Dump-with-heap path
wcsncpy(wszFullMinidump, wszPath, cch);
wszFileExt = wszFullMinidump + wcslen(wszFullMinidump) - sizeofSTRW(c_wszDumpSuffix) + 1;
if (!wcscmp(wszFileExt, c_wszDumpSuffix))
{
*wszFileExt = L'\0';
}
wcsncat(wszFullMinidump, c_wszHeapDumpSuffix, cch);
smdoFullMini.fIncludeHeap = TRUE;
fRet = InternalGenerateMinidump(hProc, dwpid, wszFullMinidump, &smdoFullMini, f64bit);
}
return fRet;
}
BOOL
CopyFullAndTriageMiniDumps(
LPWSTR pwszTriageDumpFrom,
LPWSTR pwszTriageDumpTo
)
{
BOOL fRet;
LPWSTR wszFullMinidumpFrom = NULL, wszFullMinidumpTo = NULL;
DWORD cch;
fRet = CopyFileW(pwszTriageDumpFrom, pwszTriageDumpTo, FALSE);
if (fRet)
{
LPWSTR wszFileExt;
cch = wcslen(pwszTriageDumpFrom) + sizeofSTRW(c_wszHeapDumpSuffix);
__try { wszFullMinidumpFrom = (WCHAR *)_alloca(cch * sizeof(WCHAR)); }
__except(EXCEPTION_STACK_OVERFLOW) { wszFullMinidumpFrom = NULL; }
if (wszFullMinidumpFrom)
{
wcsncpy(wszFullMinidumpFrom, pwszTriageDumpFrom, cch);
wszFileExt = wszFullMinidumpFrom + wcslen(wszFullMinidumpFrom) -
sizeofSTRW(c_wszDumpSuffix) + 1;
if (!wcscmp(wszFileExt, c_wszDumpSuffix))
{
*wszFileExt = L'\0';
}
wcsncat(wszFullMinidumpFrom, c_wszHeapDumpSuffix, cch);
}
cch = wcslen(pwszTriageDumpTo) + sizeofSTRW(c_wszHeapDumpSuffix);
__try { wszFullMinidumpTo = (WCHAR *)_alloca(cch * sizeof(WCHAR)); }
__except(EXCEPTION_STACK_OVERFLOW) { wszFullMinidumpTo = NULL; }
if (wszFullMinidumpTo)
{
wcsncpy(wszFullMinidumpTo, pwszTriageDumpTo, cch);
wszFileExt = wszFullMinidumpTo + wcslen(wszFullMinidumpTo) -
sizeofSTRW(c_wszDumpSuffix) + 1;
if (!wcscmp(wszFileExt, c_wszDumpSuffix))
{
*wszFileExt = L'\0';
}
wcsncat(wszFullMinidumpTo, c_wszHeapDumpSuffix, cch);
if (wszFullMinidumpFrom)
{
fRet = CopyFileW(wszFullMinidumpFrom, wszFullMinidumpTo, FALSE);
}
}
}
return fRet;
}
HRESULT
FindFullMinidump(
LPWSTR pwszDumpFileList,
LPWSTR pwszFullMiniDump,
ULONG cchwszFullMiniDump
)
//
// This Grabs dump file name from pwszDumpFileList and then derives the fullminidump name.
// The full dump is returned in pwszFullMiniDump.
//
{
LPWSTR wszSrch, wszFiles;
LPWSTR wszOriginalDump = NULL;
DWORD cchOriginalDump = 0;
DWORD cchFile, cch;
HRESULT Hr, hr;
HANDLE hFile = INVALID_HANDLE_VALUE;
USE_TRACING("FindFullMinidump");
VALIDATEPARM(hr, (pwszFullMiniDump == NULL ||
pwszDumpFileList == NULL ||
!cchwszFullMiniDump));
if (FAILED(hr))
{
return E_INVALIDARG;
}
pwszFullMiniDump[0] = L'\0';
// Look through file list to find minidump file
wszFiles = pwszDumpFileList;
while (wszFiles && *wszFiles)
{
wszSrch = wcschr(wszFiles, DW_FILESEP);
if (!wszSrch)
{
wszSrch = wszFiles + wcslen(wszFiles);
}
// wszSrch now points after end of first file in wszFiles
if (!wcsncmp(wszSrch - sizeofSTRW(c_wszDumpSuffix) + 1,
c_wszDumpSuffix, sizeofSTRW(c_wszDumpSuffix) - 1))
{
// its the dump file
cchOriginalDump = (DWORD) wcslen(wszFiles) - wcslen(wszSrch);
__try { wszOriginalDump = (WCHAR *)_alloca((cchOriginalDump+1) * sizeof(WCHAR)); }
__except(EXCEPTION_STACK_OVERFLOW) { wszOriginalDump = NULL; DBG_MSG("out of stack");}
if (wszOriginalDump)
wcsncpy(wszOriginalDump, wszFiles, cchOriginalDump);
break;
}
wszFiles = wszSrch;
if (*wszFiles == L'\0')
{
break;
}
wszFiles++;
}
VALIDATEPARM(hr, ((wszOriginalDump == NULL) || (cchOriginalDump == 0)));
if (FAILED(hr))
{
return E_INVALIDARG;
}
// Now build the full dump file name
wcscpy(pwszFullMiniDump, wszOriginalDump);
pwszFullMiniDump[cchOriginalDump - sizeofSTRW(c_wszDumpSuffix) + 1] = L'\0';
wcscat(pwszFullMiniDump, c_wszHeapDumpSuffix);
// check if the dump exists. although we cannot do much if dump doesn't
// exist.
hFile = CreateFileW(pwszFullMiniDump, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0,
NULL);
VALIDATEPARM(hr, (hFile != INVALID_HANDLE_VALUE));
if (FAILED(hr))
{
Hr = S_OK;
CloseHandle( hFile );
hFile = NULL;
} else
{
ErrorTrace(0, "Could not open \'%S\'", pwszFullMiniDump);
Hr = E_FAIL;
}
return Hr;
}
#endif // MANIFEST_HEAP
//////////////////////////////////////////////////////////////////////////////
// DW manifest mode utils
// **************************************************************************
EFaultRepRetVal StartDWManifest(CPFFaultClientCfg &oCfg, SDWManifestBlob &dwmb,
LPWSTR wszManifestIn, BOOL fAllowSend,
DWORD dwTimeout)
{
USE_TRACING("StartDWManifest");
OSVERSIONINFOEXW ovi;
EFaultRepRetVal frrvRet = frrvErrNoDW;
STARTUPINFOW si;
HRESULT hr = NOERROR;
LPCWSTR pwszServer, pwszCorpPath;
LPCWSTR wszBrand;
HANDLE hManifest = INVALID_HANDLE_VALUE;
WCHAR wszManifestTU[MAX_PATH+16], wszDir[MAX_PATH];
WCHAR wszBuffer[1025];
#ifdef MANIFEST_HEAP
LPWSTR pwszMiniDump = NULL;
#endif
DWORD cbToWrite, dw, dwFlags;
VALIDATEPARM(hr, (dwmb.wszStage2 == NULL ||
(dwmb.nidTitle == 0 && dwmb.wszTitle == NULL)));
if (FAILED(hr))
{
SetLastError(ERROR_INVALID_PARAMETER);
goto done;
}
// if we get passed a manifest file & we can use it, then do so.
if (wszManifestIn != NULL && wszManifestIn[0] != L'\0' &&
wcslen(wszManifestIn) < sizeofSTRW(wszManifestTU))
{
wcscpy(wszManifestTU, wszManifestIn);
}
// ok, figure out the temp dir & then generate the filename
else
{
GetTempPathW(sizeofSTRW(wszDir), wszDir);
GetTempFileNameW(wszDir, L"DWM", 0, wszManifestTU);
}
hManifest = CreateFileW(wszManifestTU, GENERIC_WRITE, FILE_SHARE_READ,
NULL, CREATE_ALWAYS, FILE_FLAG_SEQUENTIAL_SCAN,
NULL);
TESTBOOL(hr, (hManifest != INVALID_HANDLE_VALUE));
if (FAILED(hr))
goto done;
// write the leading 0xFFFE out to the file
wszBuffer[0] = 0xFEFF;
TESTBOOL(hr, WriteFile(hManifest, wszBuffer, sizeof(wszBuffer[0]), &dw,
NULL));
if (FAILED(hr))
goto done;
// write out the server, LCID, Brand, Flags, & title
// Server=<server>
// UI LCID=GetSystemDefaultLCID()
// Flags=fDWWhister + fDWUserHKLM + headless if necessary
// Brand=<Brand> ("WINDOWS" by default)
// TitleName=<title>
wszBrand = (dwmb.wszBrand != NULL) ? dwmb.wszBrand : c_wszDWBrand;
// determine what server we're going to send the data to.
pwszServer = oCfg.get_DefaultServer(NULL, 0);
if (pwszServer == NULL || *pwszServer == L'\0')
{
pwszServer = (oCfg.get_UseInternal() == 1) ? c_wszDWDefServerI :
c_wszDWDefServerE;
}
if (oCfg.get_ShowUI() == eedDisabled)
{
DBG_MSG("Headless mode");
dwFlags = fDwWhistler | fDwHeadless | fDwUseHKLM | fDwAllowSuspend | fDwMiniDumpWithUnloadedModules;
}
else
dwFlags = fDwWhistler | fDwUseHKLM | fDwAllowSuspend | fDwMiniDumpWithUnloadedModules;
if (fAllowSend == FALSE)
dwFlags |= fDwNoReporting;
// if it's a MS app, set the flag that says we can have 'please help Microsoft'
// text in DW.
if (dwmb.fIsMSApp == FALSE)
dwFlags |= fDwUseLitePlea;
if ((dwmb.dwOptions & emoUseIEforURLs) == emoUseIEforURLs)
dwFlags |= fDwUseIE;
if ((dwmb.dwOptions & emoSupressBucketLogs) == emoSupressBucketLogs)
dwFlags |= fDwSkipBucketLog;
if ((dwmb.dwOptions & emoNoDefCabLimit) == emoNoDefCabLimit)
dwFlags |= fDwNoDefaultCabLimit;
if ((dwmb.dwOptions & emoShowDebugButton) == emoShowDebugButton)
dwFlags |= fDwManifestDebug;
cbToWrite = swprintf(wszBuffer, c_wszManMisc, pwszServer,
GetUserDefaultUILanguage(), dwFlags, wszBrand);
cbToWrite *= sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, wszBuffer, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
// write out the title text
{
LPCWSTR wszOut;
if (dwmb.wszTitle != NULL)
{
wszOut = dwmb.wszTitle;
cbToWrite = wcslen(wszOut);
}
else
{
wszOut = wszBuffer;
cbToWrite = LoadStringW(g_hInstance, dwmb.nidTitle, wszBuffer,
sizeofSTRW(wszBuffer));
if (cbToWrite == 0)
{
SetLastError(ERROR_INVALID_PARAMETER);
goto done;
}
}
cbToWrite *= sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, wszOut, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
}
// write out dig PID path
// DigPidRegPath=HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\DigitalProductId
TESTBOOL(hr, WriteFile(hManifest, c_wszManPID,
sizeof(c_wszManPID) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
// write out the registry subpath for policy info
// RegSubPath==Microsoft\\PCHealth\\ErrorReporting\\DW
TESTBOOL(hr, WriteFile(hManifest, c_wszManSubPath,
sizeof(c_wszManSubPath) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
// write out the error message if we have one
// ErrorText=<error text read from resource>
if (dwmb.wszErrMsg != NULL || dwmb.nidErrMsg != 0)
{
LPCWSTR wszOut;
TESTBOOL(hr, WriteFile(hManifest, c_wszManErrText,
sizeof(c_wszManErrText) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
if (dwmb.wszErrMsg != NULL)
{
wszOut = dwmb.wszErrMsg;
cbToWrite = wcslen(wszOut);
}
else
{
wszOut = wszBuffer;
cbToWrite = LoadStringW(g_hInstance, dwmb.nidErrMsg, wszBuffer,
sizeofSTRW(wszBuffer));
if (cbToWrite == 0)
{
SetLastError(ERROR_INVALID_PARAMETER);
goto done;
}
}
cbToWrite *= sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, wszOut, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
}
// write out the header text if we have one
// HeaderText=<header text read from resource>
if (dwmb.wszHdr != NULL || dwmb.nidHdr != 0)
{
LPCWSTR wszOut;
TESTBOOL(hr, WriteFile(hManifest, c_wszManHdrText,
sizeof(c_wszManHdrText) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
if (dwmb.wszHdr != NULL)
{
wszOut = dwmb.wszHdr;
cbToWrite = wcslen(wszOut);
}
else
{
wszOut = wszBuffer;
cbToWrite = LoadStringW(g_hInstance, dwmb.nidHdr, wszBuffer,
sizeofSTRW(wszBuffer));
if (cbToWrite == 0)
{
SetLastError(ERROR_INVALID_PARAMETER);
goto done;
}
}
cbToWrite *= sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, wszOut, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
}
// write out the plea text if we have one
// Plea=<plea text>
if (dwmb.wszPlea != NULL)
{
TESTBOOL(hr, WriteFile(hManifest, c_wszManPleaText,
sizeof(c_wszManPleaText) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
cbToWrite = wcslen(dwmb.wszPlea) * sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, dwmb.wszPlea, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
}
// write out the plea text if we have one
// ReportButton=<button text>
if (dwmb.wszSendBtn != NULL && dwmb.wszSendBtn[0] != L'\0')
{
TESTBOOL(hr, WriteFile(hManifest, c_wszManSendText,
sizeof(c_wszManSendText) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
cbToWrite = wcslen(dwmb.wszSendBtn) * sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, dwmb.wszSendBtn, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
}
// write out the plea text if we have one
// NoReportButton=<button text>
if (dwmb.wszNoSendBtn != NULL && dwmb.wszNoSendBtn[0] != L'\0')
{
TESTBOOL(hr, WriteFile(hManifest, c_wszManNSendText,
sizeof(c_wszManNSendText) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
cbToWrite = wcslen(dwmb.wszNoSendBtn) * sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, dwmb.wszNoSendBtn, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
}
// write out the plea text if we have one
// EventLogSource=<button text>
if (dwmb.wszEventSrc != NULL && dwmb.wszEventSrc[0] != L'\0')
{
TESTBOOL(hr, WriteFile(hManifest, c_wszManEventSrc,
sizeof(c_wszManEventSrc) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
cbToWrite = wcslen(dwmb.wszEventSrc) * sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, dwmb.wszEventSrc, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
}
// write out the stage 1 URL if there is one
// Stage1URL=<stage 1 URL>
if (dwmb.wszStage1 != NULL && dwmb.wszStage1[0] != L'\0')
{
TESTBOOL(hr, WriteFile(hManifest, c_wszManStageOne,
sizeof(c_wszManStageOne) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
cbToWrite = wcslen(dwmb.wszStage1) * sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, dwmb.wszStage1, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
}
// write out the stage 2 URL
// Stage2URL=<stage 2 URL>
TESTBOOL(hr, WriteFile(hManifest, c_wszManStageTwo,
sizeof(c_wszManStageTwo) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
cbToWrite = wcslen(dwmb.wszStage2) * sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, dwmb.wszStage2, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
// write out files to collect if we have any
// DataFiles=<list of files to include in cab>
if (dwmb.wszFileList != NULL && dwmb.wszFileList[0] != L'\0')
{
TESTBOOL(hr, WriteFile(hManifest, c_wszManFiles,
sizeof(c_wszManFiles) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
cbToWrite = wcslen(dwmb.wszFileList) * sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, dwmb.wszFileList, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
}
#ifdef MANIFEST_HEAP
// write out dump file with heap info if we have any
// Heap=<dump file which has heap info>
__try { pwszMiniDump = (LPWSTR)_alloca((wcslen(dwmb.wszFileList) + 1) * sizeof(WCHAR)); }
__except(EXCEPTION_STACK_OVERFLOW) { pwszMiniDump = NULL; DBG_MSG("Out of stack");}
if (pwszMiniDump)
{
TESTHR(hr, FindFullMinidump((LPWSTR)dwmb.wszFileList, pwszMiniDump,
wcslen(dwmb.wszFileList) + 1));
if (SUCCEEDED(hr))
{
if (pwszMiniDump != NULL && pwszMiniDump[0] != L'\0')
{
TESTBOOL(hr, WriteFile(hManifest, c_wszManHeapDump,
sizeof(c_wszManHeapDump) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
cbToWrite = wcslen(pwszMiniDump) * sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, pwszMiniDump, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
}
}
}
#endif // MANIFEST_HEAP
// write out corporate mode subpath
// ErrorSubPath=<subpath for the error signature>
pwszCorpPath = oCfg.get_DumpPath(NULL, 0);
if (pwszCorpPath != NULL && pwszCorpPath != L'\0' &&
dwmb.wszCorpPath != NULL && dwmb.wszCorpPath[0] != L'\0')
{
TESTBOOL(hr, WriteFile(hManifest, c_wszManCorpPath,
sizeof(c_wszManCorpPath) - sizeof(WCHAR), &dw,
NULL));
if (FAILED(hr))
goto done;
cbToWrite = wcslen(dwmb.wszCorpPath) * sizeof(WCHAR);
TESTBOOL(hr, WriteFile(hManifest, dwmb.wszCorpPath, cbToWrite, &dw, NULL));
if (FAILED(hr))
goto done;
}
// write out the final "\r\n"
wszBuffer[0] = L'\r';
wszBuffer[1] = L'\n';
TESTBOOL(hr, WriteFile(hManifest, wszBuffer, 2 * sizeof(wszBuffer[0]), &dw,
NULL));
if (FAILED(hr))
goto done;
CloseHandle(hManifest);
hManifest = INVALID_HANDLE_VALUE;
// create the process
GetSystemDirectoryW(wszDir, sizeofSTRW(wszDir));
swprintf(wszBuffer, c_wszDWCmdLineKH, wszDir, wszManifestTU);
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
// check and see if the system is shutting down. If so, CreateProcess is
// gonna pop up some annoying UI that we can't get rid of, so we don't
// want to call it if we know it's gonna happen.
if (GetSystemMetrics(SM_SHUTTINGDOWN))
{
DBG_MSG("shutting down");
goto done;
}
// we're creating the process in the same user context that we're in
if (dwmb.hToken == NULL)
{
ErrorTrace(0, "starting CreateProcessW(\'%S\')", wszBuffer);
si.lpDesktop = L"Winsta0\\Default";
TESTBOOL(hr, CreateProcessW(NULL, wszBuffer, NULL, NULL, TRUE,
CREATE_DEFAULT_ERROR_MODE |
NORMAL_PRIORITY_CLASS,
NULL, wszDir, &si, &dwmb.pi));
if (FAILED(hr))
goto done;
// don't need the thread handle & we gotta close it, so close it now
CloseHandle(dwmb.pi.hThread);
// wait 5 minutes for DW to close. If it doesn't close by then, just
// return.
dw = WaitForSingleObject(dwmb.pi.hProcess, dwTimeout);
CloseHandle(dwmb.pi.hProcess);
switch (dw)
{
case WAIT_FAILED:
ErrorTrace(0, "Wait error: 0x%x", GetLastError());
break;
case WAIT_TIMEOUT:
DBG_MSG("wait timeout");
frrvRet = frrvErrTimeout;
goto done;
break;
case WAIT_OBJECT_0:
DBG_MSG("DW finished OK");
GetExitCodeProcess(dwmb.pi.hProcess, &dw);
ErrorTrace(0, "DW finished OK, exit code=0x%x", dw);
break;
default:
ErrorTrace(0, "Something bad happened, lasterr=0x%x", GetLastError());
break;
}
}
else
{
// we're creating DW in a different user context. Note that we pretty
// much have to be running as local system for this to work.
// Note that the access check that CreateProcessAsUser makes appears to
// use the process token, so we do not need to remove any impersonation
// tokens at this point.
ErrorTrace(0, "starting CreateProcessAsUserW(\'%S\')", wszBuffer);
TESTBOOL(hr, CreateProcessAsUserW(dwmb.hToken, NULL, wszBuffer, NULL,
NULL, FALSE, NORMAL_PRIORITY_CLASS |
CREATE_UNICODE_ENVIRONMENT |
CREATE_DEFAULT_ERROR_MODE,
dwmb.pvEnv, wszDir, &si, &dwmb.pi));
if (FAILED(hr))
goto done;
}
frrvRet = frrvOk;
done:
// preserve the error code so that the following calls don't overwrite it
dw = GetLastError();
if (hManifest != INVALID_HANDLE_VALUE)
CloseHandle(hManifest);
if (FAILED(hr) || wszManifestIn == NULL)
DeleteFileW(wszManifestTU);
SetLastError(dw);
ErrorTrace(0, "LastError=0x%x", GetLastError());
return frrvRet;
}
//////////////////////////////////////////////////////////////////////////////
// Security
// **************************************************************************
#define ER_WINSTA_ALL WINSTA_ACCESSCLIPBOARD | WINSTA_ACCESSGLOBALATOMS | \
WINSTA_CREATEDESKTOP | WINSTA_ENUMDESKTOPS | \
WINSTA_ENUMERATE | WINSTA_EXITWINDOWS | \
WINSTA_READATTRIBUTES | WINSTA_READSCREEN | \
WINSTA_WRITEATTRIBUTES
BOOL CheckAccessToWinSta0(void)
{
HWINSTA hwinsta;
// attempt to open winsta0
hwinsta = OpenWindowStationW(L"winsta0", FALSE, ER_WINSTA_ALL);
if (hwinsta == NULL)
return FALSE;
CloseWindowStation(hwinsta);
return TRUE;
}
// **************************************************************************
BOOL DoUserContextsMatch(void)
{
SID_NAME_USE snu;
TOKEN_USER *ptuProc = NULL;
HRESULT hr = NOERROR;
LPWSTR wszName = NULL, wszDom = NULL;
HANDLE hTokenProc = NULL, hTokenImp = NULL;
WCHAR wszFullName[MAX_PATH], wszSidDom[MAX_PATH];
DWORD cb, cchDom;
PSID psidUser = NULL;
USE_TRACING("DoUserContextsMatch");
// always get the following info in the context of the process & not
// the context of the thread. Also, if we don't do this, then we
// could fail later on when we try to open the process token.
TESTBOOL(hr, OpenThreadToken(GetCurrentThread(),
TOKEN_READ | TOKEN_IMPERSONATE, TRUE,
&hTokenImp));
if (FAILED(hr) && GetLastError() != ERROR_NO_TOKEN)
goto done;
RevertToSelf();
// get the name of the currently logged on user to this session. If this
// fails, then we just assume that we can't report in this context
TESTBOOL(hr, WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE,
WTS_CURRENT_SESSION, WTSUserName,
&wszName, &cb));
if (FAILED(hr))
goto done;
VALIDATEEXPR(hr, (wszName == NULL || *wszName == L'\0'),
Err2HR(ERROR_ACCESS_DENIED));
if (FAILED(hr))
{
SetLastError(ERROR_ACCESS_DENIED);
goto done;
}
// get the domain of the currently logged on user to this session. If this
// fails, then we just assume that we can't report in this context
TESTBOOL(hr, WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE,
WTS_CURRENT_SESSION, WTSDomainName,
&wszDom, &cb));
if (FAILED(hr))
goto done;
VALIDATEEXPR(hr, (wszDom == NULL || *wszDom == L'\0'),
Err2HR(ERROR_ACCESS_DENIED));
if (FAILED(hr))
{
SetLastError(ERROR_ACCESS_DENIED);
goto done;
}
wcscpy(wszFullName, wszDom);
wcscat(wszFullName, L"\\");
wcscat(wszFullName, wszName);
// since a SID is a variable length structure, query for the # of bytes
// we need to store it.
cchDom = sizeofSTRW(wszSidDom);
cb = 0;
LookupAccountNameW(NULL, wszFullName, NULL, &cb, wszSidDom, &cchDom, &snu);
__try { psidUser = (PSID)_alloca(cb); }
__except(EXCEPTION_EXECUTE_HANDLER) { psidUser = NULL; }
VALIDATEEXPR(hr, (psidUser == NULL), E_OUTOFMEMORY);
if (FAILED(hr))
{
SetLastError(ERROR_OUTOFMEMORY);
goto done;
}
// get the SID for the user
TESTBOOL(hr, LookupAccountNameW(NULL, wszFullName, psidUser, &cb, wszSidDom,
&cchDom, &snu));
if (FAILED(hr))
goto done;
// fetch the token for the current process
TESTBOOL(hr, OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hTokenProc));
if (FAILED(hr))
goto done;
// fetch the sid for the user of the current process
GetTokenInformation(hTokenProc, TokenUser, NULL, 0, &cb);
__try { ptuProc = (TOKEN_USER *)_alloca(cb); }
__except(EXCEPTION_STACK_OVERFLOW) { ptuProc = NULL; }
VALIDATEEXPR(hr, (ptuProc == NULL), E_OUTOFMEMORY);
if (FAILED(hr))
{
SetLastError(ERROR_OUTOFMEMORY);
goto done;
}
TESTBOOL(hr, GetTokenInformation(hTokenProc, TokenUser, (LPVOID)ptuProc,
cb, &cb));
if (FAILED(hr))
goto done;
TESTBOOL(hr, IsValidSid(ptuProc->User.Sid));
if (FAILED(hr))
goto done;
// are they equal?
VALIDATEEXPR(hr, (EqualSid(ptuProc->User.Sid, psidUser) == FALSE),
Err2HR(ERROR_ACCESS_DENIED));
if (FAILED(hr))
{
SetLastError(ERROR_ACCESS_DENIED);
goto done;
}
// ok, so if the SIDs matched, then determine if this process has access
// to winsta0 (cuz otherwise it won't be able to launch DW in it)
VALIDATEEXPR(hr, (CheckAccessToWinSta0() == FALSE),
Err2HR(ERROR_ACCESS_DENIED));
if (FAILED(hr))
{
SetLastError(ERROR_ACCESS_DENIED);
goto done;
}
done:
if (hTokenImp != NULL)
{
SetThreadToken(NULL, hTokenImp);
CloseHandle(hTokenImp);
}
if (wszName != NULL)
WTSFreeMemory(wszName);
if (wszDom != NULL)
WTSFreeMemory(wszDom);
if (hTokenProc != NULL)
CloseHandle(hTokenProc);
return SUCCEEDED(hr);
}
// ***************************************************************************
BOOL DoWinstaDesktopMatch(void)
{
HWINSTA hwinsta = NULL;
HRESULT hr = NOERROR;
LPWSTR wszWinsta = NULL;
DWORD cbNeed = 0, cbGot;
BOOL fRet = FALSE;
USE_TRACING("DoWinstaDesktopMatch");
hwinsta = GetProcessWindowStation();
TESTBOOL(hr, (hwinsta != NULL));
if (FAILED(hr))
goto done;
fRet = GetUserObjectInformationW(hwinsta, UOI_NAME, NULL, 0, &cbNeed);
TESTBOOL(hr, (cbNeed != 0));
if (FAILED(hr))
{
fRet = FALSE;
goto done;
}
cbNeed += sizeof(WCHAR);
__try { wszWinsta = (LPWSTR)_alloca(cbNeed); }
__except(EXCEPTION_STACK_OVERFLOW) { wszWinsta = NULL; }
TESTBOOL(hr, (wszWinsta != NULL));
if (FAILED(hr))
{
fRet = FALSE;
goto done;
}
cbGot = 0;
fRet = GetUserObjectInformationW(hwinsta, UOI_NAME, wszWinsta, cbNeed,
&cbGot);
TESTBOOL(hr, (fRet != FALSE));
if (FAILED(hr))
goto done;
ErrorTrace(0, "WinSta = %S", wszWinsta);
// 'Winsta0' should be the interactive window station for a given session
fRet = (_wcsicmp(wszWinsta, L"WinSta0") == 0);
done:
return fRet;
}
// ***************************************************************************
BOOL AmIPrivileged(BOOL fOnlyCheckLS)
{
SID_IDENTIFIER_AUTHORITY siaNT = SECURITY_NT_AUTHORITY;
TOKEN_USER *ptu = NULL, *ptuImp = NULL;
HANDLE hToken = NULL, hTokenImp = NULL;
DWORD cb, cbGot, i;
PSID psid = NULL;
BOOL fRet = FALSE, fThread;
// local system has to be the first RID in this array. Otherwise, the
// loop logic below needs to be changed.
DWORD rgRIDs[3] = { SECURITY_LOCAL_SYSTEM_RID,
SECURITY_LOCAL_SERVICE_RID,
SECURITY_NETWORK_SERVICE_RID };
// gotta have a token to get the SID
fThread = OpenThreadToken(GetCurrentThread(),
TOKEN_READ | TOKEN_IMPERSONATE, TRUE,
&hTokenImp);
if (fThread == FALSE && GetLastError() != ERROR_NO_TOKEN)
goto done;
// revert back to base user acct so we can fetch the process token &
// extract all the nifty stuff out of it.
RevertToSelf();
fRet = OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hToken);
if (fRet == FALSE)
goto done;
// figure out the SID
fRet = GetTokenInformation(hToken, TokenUser, NULL, 0, &cb);
if (fRet != FALSE && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
fRet = FALSE;
goto done;
}
__try { ptu = (TOKEN_USER *)_alloca(cb); }
__except(EXCEPTION_STACK_OVERFLOW) { ptu = NULL; }
if (ptu == NULL)
{
SetLastError(ERROR_OUTOFMEMORY);
fRet = FALSE;
goto done;
}
fRet = GetTokenInformation(hToken, TokenUser, (LPVOID)ptu, cb, &cbGot);
if (fRet == FALSE)
goto done;
fRet = IsValidSid(ptu->User.Sid);
if (fRet == FALSE)
goto done;
if (fThread)
{
// figure out the SID
fRet = GetTokenInformation(hTokenImp, TokenUser, NULL, 0, &cb);
if (fRet != FALSE && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
fRet = FALSE;
goto done;
}
__try { ptuImp = (TOKEN_USER *)_alloca(cb); }
__except(EXCEPTION_STACK_OVERFLOW) { ptuImp = NULL; }
if (ptuImp == NULL)
{
SetLastError(ERROR_OUTOFMEMORY);
fRet = FALSE;
goto done;
}
fRet = GetTokenInformation(hTokenImp, TokenUser, (LPVOID)ptuImp, cb,
&cbGot);
if (fRet == FALSE)
goto done;
fRet = IsValidSid(ptuImp->User.Sid);
if (fRet == FALSE)
goto done;
}
// loop thru & check against the SIDs we are interested in
for (i = 0; i < 3; i++)
{
fRet = AllocateAndInitializeSid(&siaNT, 1, rgRIDs[i], 0, 0, 0, 0, 0, 0,
0, &psid);
if (fRet == FALSE)
goto done;
fRet = IsValidSid(psid);
if (fRet == FALSE)
goto done;
fRet = EqualSid(psid, ptu->User.Sid);
if (fRet)
{
// set this to false so that the code below will correctly change
// it to TRUE
fRet = FALSE;
goto done;
}
if (fThread)
{
fRet = EqualSid(psid, ptuImp->User.Sid);
if (fRet)
{
// set this to false so that the code below will correctly
// change it to TRUE
fRet = FALSE;
goto done;
}
}
FreeSid(psid);
psid = NULL;
// if we only need to check for local system, can bail now (we've
// already done it if we've gone thru this loop once)
if (fOnlyCheckLS)
break;
}
// only way to get here is to fail all the SID checks above. So set the
// result to TRUE so the code below correclty changes it to FALSE
fRet = TRUE;
done:
if (fThread && hTokenImp != NULL)
{
if (SetThreadToken(NULL, hTokenImp) == FALSE)
fRet = FALSE;
}
// if anything failed above, we want to return TRUE (cuz this puts us
// down the most secure code path), so need to negate the result. Since
// we set the fallthru case to TRUE, we'll correctly negate it to FALSE
// here.
fRet = !fRet;
// if we had an impersonation token on the thread, put it back in place.
if (hToken != NULL)
CloseHandle(hToken);
if (hTokenImp != NULL)
CloseHandle(hTokenImp);
if (fRet == TRUE && GetLastError() == ERROR_SUCCESS)
SetLastError(ERROR_ACCESS_DENIED);
if (psid != NULL)
FreeSid(psid);
return fRet;
}
// **************************************************************************
BOOL FindAdminSession(DWORD *pdwSession, HANDLE *phToken)
{
USE_TRACING("FindAdminSession");
WINSTATIONUSERTOKEN wsut;
LOGONIDW *rgSesn = NULL;
HRESULT hr = NOERROR;
DWORD i, cSesn, cb;
ZeroMemory(&wsut, sizeof(wsut));
VALIDATEPARM(hr, (pdwSession == NULL || phToken == NULL));
if (FAILED(hr))
goto done;
*pdwSession = (DWORD)-1;
*phToken = NULL;
TESTBOOL(hr, WinStationEnumerateW(SERVERNAME_CURRENT, &rgSesn, &cSesn));
if (FAILED(hr))
goto done;
wsut.ProcessId = LongToHandle(GetCurrentProcessId());
wsut.ThreadId = LongToHandle(GetCurrentThreadId());
for(i = 0; i < cSesn; i++)
{
if (rgSesn[i].State != State_Active)
continue;
TESTBOOL(hr, WinStationQueryInformationW(SERVERNAME_CURRENT,
rgSesn[i].SessionId,
WinStationUserToken,
&wsut, sizeof(wsut), &cb));
if (FAILED(hr))
continue;
if (wsut.UserToken != NULL)
{
if (IsUserAnAdmin(wsut.UserToken))
break;
CloseHandle(wsut.UserToken);
wsut.UserToken = NULL;
}
}
if (i < cSesn)
{
hr = NOERROR;
*pdwSession = rgSesn[i].SessionId;
*phToken = wsut.UserToken;
}
else
{
hr = E_FAIL;
}
done:
if (rgSesn != NULL)
WinStationFreeMemory(rgSesn);
return SUCCEEDED(hr);
}
//////////////////////////////////////////////////////////////////////////////
// Logging
// **************************************************************************
HRESULT LogEvent(LPCWSTR wszSrc, WORD wCat, DWORD dwEventID, WORD cStrs,
DWORD cbBlob, LPCWSTR *rgwszStrs, LPVOID pvBlob)
{
USE_TRACING("LogEvent");
HRESULT hr = NOERROR;
HANDLE hLog = NULL;
VALIDATEPARM(hr, (wszSrc == NULL));
if (FAILED(hr))
goto done;
hLog = RegisterEventSourceW(NULL, wszSrc);
TESTBOOL(hr, (hLog != NULL));
if (FAILED(hr))
goto done;
TESTBOOL(hr, ReportEventW(hLog, EVENTLOG_ERROR_TYPE, wCat, dwEventID,
NULL, cStrs, cbBlob, rgwszStrs, pvBlob));
if (FAILED(hr))
goto done;
done:
if (hLog != NULL)
DeregisterEventSource(hLog);
return hr;
}
// **************************************************************************
HRESULT LogHang(LPCWSTR wszApp, WORD *rgAppVer, LPCWSTR wszMod, WORD *rgModVer,
ULONG64 ulOffset, BOOL f64bit)
{
USE_TRACING("LogHang");
HRESULT hr = NOERROR;
LPCWSTR rgwsz[5];
WCHAR wszAppVer[32], wszModVer[32], wszOffset[32];
char szBlobLog[1024];
VALIDATEPARM(hr, (wszApp == NULL || rgAppVer == NULL || wszMod == NULL ||
rgModVer == NULL));
if (FAILED(hr))
return hr;
swprintf(wszAppVer, L"%d.%d.%d.%d", rgAppVer[0], rgAppVer[1], rgAppVer[2], rgAppVer[3]);
swprintf(wszModVer, L"%d.%d.%d.%d", rgModVer[0], rgModVer[1], rgModVer[2], rgModVer[3]);
if (f64bit)
swprintf(wszOffset, L"%016I64x", ulOffset);
else
swprintf(wszOffset, L"%08x", (DWORD)ulOffset);
sprintf(szBlobLog, "Application Hang %S %S in %S %S at offset %S",
wszApp, wszAppVer, wszMod, wszModVer, wszOffset);
rgwsz[0] = wszApp;
rgwsz[1] = wszAppVer;
rgwsz[2] = wszMod;
rgwsz[3] = wszModVer;
rgwsz[4] = wszOffset;
return LogEvent(c_wszHangEventSrc, ER_HANG_CATEGORY, ER_HANG_LOG, 5,
strlen(szBlobLog), rgwsz, szBlobLog);
}
// **************************************************************************
HRESULT LogUser(LPCWSTR wszApp, WORD *rgAppVer, LPCWSTR wszMod, WORD *rgModVer,
ULONG64 ulOffset, BOOL f64bit, DWORD dwEventID)
{
USE_TRACING("LogUser");
HRESULT hr = NOERROR;
LPCWSTR rgwsz[5];
WCHAR wszAppVer[32], wszModVer[32], wszOffset[32];
char szBlobLog[1024];
VALIDATEPARM(hr, (wszApp == NULL || rgAppVer == NULL || wszMod == NULL ||
rgModVer == NULL));
if (FAILED(hr))
return hr;
swprintf(wszAppVer, L"%d.%d.%d.%d", rgAppVer[0], rgAppVer[1], rgAppVer[2], rgAppVer[3]);
swprintf(wszModVer, L"%d.%d.%d.%d", rgModVer[0], rgModVer[1], rgModVer[2], rgModVer[3]);
if (f64bit)
swprintf(wszOffset, L"%016I64x", ulOffset);
else
swprintf(wszOffset, L"%08x", (DWORD)ulOffset);
sprintf(szBlobLog, "Application Failure %S %S in %S %S at offset %S",
wszApp, wszAppVer, wszMod, wszModVer, wszOffset);
rgwsz[0] = wszApp;
rgwsz[1] = wszAppVer;
rgwsz[2] = wszMod;
rgwsz[3] = wszModVer;
rgwsz[4] = wszOffset;
return LogEvent(c_wszUserEventSrc, ER_USERFAULT_CATEGORY, dwEventID,
5, strlen(szBlobLog), rgwsz, szBlobLog);
}
// **************************************************************************
#ifndef _WIN64
HRESULT LogKrnl(ULONG ulBCCode, ULONG ulBCP1, ULONG ulBCP2, ULONG ulBCP3,
ULONG ulBCP4)
#else
HRESULT LogKrnl(ULONG ulBCCode, ULONG64 ulBCP1, ULONG64 ulBCP2, ULONG64 ulBCP3,
ULONG64 ulBCP4)
#endif
{
USE_TRACING("LogKrnl");
HRESULT hr = NOERROR;
LPCWSTR rgwsz[5];
WCHAR wszBCC[32], wszBCP1[32], wszBCP2[32], wszBCP3[32], wszBCP4[32];
char szBlobLog[1024];
#ifndef _WIN64
swprintf(wszBCC, L"%08x", ulBCCode);
swprintf(wszBCP1, L"%08x", ulBCP1);
swprintf(wszBCP2, L"%08x", ulBCP2);
swprintf(wszBCP3, L"%08x", ulBCP3);
swprintf(wszBCP4, L"%08x", ulBCP4);
#else
swprintf(wszBCC, L"%016I64x", ulBCCode);
swprintf(wszBCP1, L"%016I64x", ulBCP1);
swprintf(wszBCP2, L"%016I64x", ulBCP2);
swprintf(wszBCP3, L"%016I64x", ulBCP3);
swprintf(wszBCP4, L"%016I64x", ulBCP4);
#endif
sprintf(szBlobLog, "System Error Error code %S Parameters %S, %S, %S, %S",
wszBCC, wszBCP1, wszBCP2, wszBCP3, wszBCP4);
rgwsz[0] = wszBCC;
rgwsz[1] = wszBCP1;
rgwsz[2] = wszBCP2;
rgwsz[3] = wszBCP3;
rgwsz[4] = wszBCP4;
return LogEvent(c_wszKrnlEventSrc, ER_KRNLFAULT_CATEGORY, ER_KRNLCRASH_LOG,
5, strlen(szBlobLog), rgwsz, szBlobLog);
}