Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

507 lines
11 KiB

//// DelCert - Delete all certificates in Win32 image
//
///// delCert Command line
//
//c delCert Executable
//
//p Executable: Win32 binary to update
//
#pragma warning( disable : 4786 ) // map creates some ridiculously long debug identifiers
#include "stdio.h"
#include "windows.h"
#include "imagehlp.h"
#include "time.h"
#define DBG 1
void __cdecl DebugMsg(char *fmt, ...) {
va_list vargs;
va_start(vargs, fmt);
vfprintf(stderr, fmt, vargs);
}
BOOL g_fError = FALSE;
#define warn DebugMsg
#define MUST(a,b) {HRESULT hr; hr = (a); if (hr!= S_OK) {if (!g_fError) DebugMsg b; g_fError = TRUE; return E_FAIL;};}
#define SHOULD(a,b) {HRESULT hr; hr = (a); if (hr!= S_OK) {DebugMsg b; g_fWarn = TRUE; return S_FALSE;};}
#if DBG
#pragma message("Checked build")
#define OK(a) {HRESULT hr; hr = (a); if (hr!= S_OK) {DebugMsg("%s(%d): error RSRC999 : HRESULT not S_OK: "#a"\n", __FILE__, __LINE__); return hr;};}
#define ASSERT(a) {if (!(a)) {DebugMsg("%s(%d): error RSRC999 : Assertion failed: "#a"\n", __FILE__, __LINE__); return E_UNEXPECTED;};}
#else
#pragma message ("Free build")
#define OK(a) {HRESULT hr; hr = (a); if (hr != S_OK) return hr;}
#define ASSERT(a) {if (!(a)) {return E_UNEXPECTED;};}
#endif
//// Mapped files
//
// File mapping is used to read executable and token files.
//
// File mapping is also used to update in place checksum information
// in executable and symbol files.
class MappedFile {
HANDLE m_hFileMapping;
BOOL fRW; // True when writeable
char m_szFileName[MAX_PATH];
public:
BYTE *m_pStart;
BYTE *m_pLimit;
MappedFile() {m_hFileMapping = NULL;}
HRESULT Open(const char *pcFileName, BOOL fWrite) {
HANDLE hFile;
strcpy(m_szFileName, pcFileName);
hFile = CreateFileA(
pcFileName,
GENERIC_READ | (fWrite ? GENERIC_WRITE : 0),
FILE_SHARE_READ | (fWrite ? FILE_SHARE_WRITE | FILE_SHARE_DELETE : 0 ),
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
ASSERT(hFile != INVALID_HANDLE_VALUE);
m_hFileMapping = CreateFileMapping(
hFile,
NULL,
fWrite ? PAGE_READWRITE : PAGE_WRITECOPY,
0,0, NULL);
ASSERT(m_hFileMapping != NULL);
m_pStart = (BYTE*) MapViewOfFile(
m_hFileMapping,
fWrite ? FILE_MAP_WRITE : FILE_MAP_READ,
0,0, 0);
ASSERT(m_pStart != NULL);
m_pLimit = m_pStart + GetFileSize(hFile, NULL);
CloseHandle(hFile);
fRW = fWrite;
return S_OK;
}
DWORD CalcChecksum() {
DWORD dwHeaderSum;
DWORD dwCheckSum;
if (CheckSumMappedFile((void*)m_pStart, (DWORD)(m_pLimit-m_pStart), &dwHeaderSum, &dwCheckSum) == NULL) {
return 0;
} else {
return dwCheckSum;
}
}
HRESULT Close() {
if (m_pStart) {
UnmapViewOfFile(m_pStart);
CloseHandle(m_hFileMapping);
m_hFileMapping = NULL;
m_pStart = NULL;
}
return S_OK;
}
};
class Win32Executable : public MappedFile {
IMAGE_NT_HEADERS *m_pNtHeader;
IMAGE_SECTION_HEADER *m_pSections;
public:
DWORD GetChecksum() const {return m_pNtHeader->OptionalHeader.CheckSum;}
void SetChecksum(DWORD dwChecksum) {m_pNtHeader->OptionalHeader.CheckSum=dwChecksum;}
void SetCertificateRVA (DWORD rva)
{
m_pNtHeader->OptionalHeader
.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]
.VirtualAddress
= rva;
}
HRESULT Open(const char *pcFileName, BOOL fWrite) {
int i;
OK(MappedFile::Open(pcFileName, fWrite));
MUST(( *(WORD*)m_pStart == IMAGE_DOS_SIGNATURE
&& *(WORD*)(m_pStart+0x18) >= 0x40) // WinVer >= 4
? S_OK : E_FAIL,
("RSRC : error RSRC501: %s is not an executable file\n", pcFileName));
m_pNtHeader = (IMAGE_NT_HEADERS*)(m_pStart + *(WORD*)(m_pStart+0x3c));
MUST((m_pNtHeader->Signature == IMAGE_NT_SIGNATURE)
? S_OK : E_FAIL,
("RSRC : error RSRC502: %s is not a Win32 executable file\n", pcFileName));
m_pSections = (IMAGE_SECTION_HEADER*)(m_pNtHeader+1);
return S_OK;
}
};
void DeleteCertificates(
const char *fileName
)
{
HANDLE fileHandle = CreateFile(
fileName,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
NULL
);
if (fileHandle == INVALID_HANDLE_VALUE) {
warn("Could not access %s\n", fileName);
return;
}
DWORD certificateCount;
DWORD *certificateIndices;
if (!ImageEnumerateCertificates(
fileHandle,
CERT_SECTION_TYPE_ANY,
&certificateCount,
NULL,
0
)) {
warn("Could not enumerate certificates in %s.\n", fileName);
CloseHandle(fileHandle);
return;
}
if (certificateCount == 0) {
warn("No certificates found in %s.\n", fileName);
CloseHandle(fileHandle);
return;
}
certificateIndices = new DWORD[certificateCount];
if (certificateIndices == NULL) {
CloseHandle(fileHandle);
warn("Couldn't allocate buffer for %d certificate indices for %s.\n", certificateCount, fileName);
return;
}
ImageEnumerateCertificates(
fileHandle,
CERT_SECTION_TYPE_ANY,
&certificateCount,
certificateIndices,
certificateCount
);
if (certificateCount == 0) {
warn("Couldn't get certificate indices for %s.\n", fileName);
CloseHandle(fileHandle);
return;
}
for (DWORD i=0; i<certificateCount; i++) {
if (!ImageRemoveCertificate(fileHandle, certificateIndices[i])) {
warn("Could not remove certificate index %d from %s\n", certificateIndices[i], fileName);
CloseHandle(fileHandle);
return;
}
}
warn("All %d certificate(s) removed from %s.\n", certificateCount, fileName);
CloseHandle(fileHandle);
// Now clear the rva of any security certificates
Win32Executable w32x;
if (w32x.Open(fileName, TRUE) != S_OK) {
warn("Could not map %s to update security certificate RVA\n", fileName);
return;
}
w32x.SetCertificateRVA(0);
w32x.SetChecksum(w32x.CalcChecksum());
w32x.Close();
warn("Certificate section virtual address zeroed in %s section index.\n", fileName);
}
//// Parameter parsing
//
//
char g_cSwitch = '-'; // Switch character is recorded the first time one is seen
void SkipWhitespace(char** p, char* pE) {
while ((*p<pE) && ((**p==' ')||(**p==9))) (*p)++;
}
void ParseToken(char** p, char* pE, char* s, int l) {
// Parse up to whitespace into string s
// Guarantee zero terminator and modify no more than l chars
// Return with p beyond whitespace
if (*p < pE && **p == '\"') {
// Quoted parameter
(*p)++; // Skip over leading quote
while (l>0 && *p<pE && **p!='\"') {
*s=**p; s++; (*p)++; l--;
}
// Skip any part of token that didn't fit s
while (*p<pE && **p!='\"') { // Skip up to terminating quote
(*p)++;
}
if (*p<pE) { // Skip over terminating quote
(*p)++;
}
} else {
// Unquoted parameter
while ((l>0) && (*p<pE) && (**p>' ')) {
*s=**p; s++; (*p)++;
l--;
}
// Skip any part of token that didn't fit into s
while ((*p<pE) && (**p>' ')) (*p)++;
}
if (l>0)
*s++ = 0;
else
*(s-1) = 0;
SkipWhitespace(p, pE);
}
void ParseName(char** p, char* pE, char* s, int l) {
// Uses ParseToken to parse a name such as a filename.
// If the name starts with '/' or '-' it is assumed to be
// an option rather than a filename and ParseName returns
// a zero length string.
if (*p<pE && **p==g_cSwitch) {
// This is an option and should not be treated as a name argument
s[0] = 0;
} else {
ParseToken(p, pE, s, l);
}
}
void DisplayUsage() {
fprintf(stdout, "Usage: delCert executable\n");
}
DWORD g_dwOptions = 0;
#define OPTHELP 1
HRESULT ProcessParameters() {
char *p; // Current command line character
char *pE; // End of command line
char *pcStop;
char token [MAX_PATH];
char szExecutable [MAX_PATH];
int i,j;
int cFiles = 0;
BOOL fArgError = FALSE;
p = GetCommandLine();
pE = p+strlen((char *)p);
// Skip command name
ParseToken(&p, pE, token, sizeof(token));
while (p<pE) {
ParseToken(&p, pE, token, sizeof(token));
if ( token[0] == '-'
|| token[0] == '/') {
// Process command option(s)
i = 1;
g_cSwitch = token[0]; // Argument may start with the other switch character
CharLower((char*)token);
while (token[i]) {
switch (token[i]) {
case '?':
case 'h': g_dwOptions |= OPTHELP; break;
default:
fprintf(stderr, "Unrecognised argument '%c'.\n", token[i]);
fArgError = TRUE;
break;
}
i++;
}
} else {
// Process filename
switch (cFiles) {
case 0: strcpy(szExecutable, token); break;
}
cFiles++;
}
}
if ( fArgError
|| g_dwOptions & OPTHELP) {
DisplayUsage();
return S_OK;
} else if (cFiles != 1) {
DisplayUsage();
return E_INVALIDARG;
} else {
// We have valid parameters
DeleteCertificates(szExecutable);
return S_OK;
}
}
int _cdecl main(void) {
if (SUCCEEDED(ProcessParameters())) {
return 0; // No problems
} else {
return 2; // Error(s)
}
}