VirtualBox

source: vbox/trunk/src/VBox/Additions/WINNT/Installer/Loader/VBoxWindowsAdditions.cpp@ 106265

Last change on this file since 106265 was 106265, checked in by vboxsync, 7 weeks ago

Additions/NT/Installer: Just use IPRT verify the stupid file signatures, that'll work on all windows versions and with all types of certificates we use. bugref:10771
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 47.9 KB
Line 
1/* $Id: VBoxWindowsAdditions.cpp 106265 2024-10-09 20:52:03Z vboxsync $ */
2/** @file
3 * VBoxWindowsAdditions - The Windows Guest Additions Loader.
4 *
5 * This is STUB which select whether to install 32-bit or 64-bit additions.
6 */
7
8/*
9 * Copyright (C) 2006-2024 Oracle and/or its affiliates.
10 *
11 * This file is part of VirtualBox base platform packages, as
12 * available from https://www.virtualbox.org.
13 *
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation, in version 3 of the
17 * License.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 * General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, see <https://www.gnu.org/licenses>.
26 *
27 * SPDX-License-Identifier: GPL-3.0-only
28 */
29
30
31/*********************************************************************************************************************************
32* Header Files *
33*********************************************************************************************************************************/
34#define UNICODE /* For resource related macros. */
35#include <iprt/cdefs.h>
36#include <iprt/win/windows.h>
37#include <Wintrust.h>
38#include <Softpub.h>
39#ifndef ERROR_ELEVATION_REQUIRED /* Windows Vista and later. */
40# define ERROR_ELEVATION_REQUIRED 740
41#endif
42
43#include <iprt/string.h>
44#include <iprt/utf16.h>
45
46#include "NoCrtOutput.h"
47
48#ifdef VBOX_SIGNING_MODE
49# include "BuildCerts.h"
50# include "TimestampRootCerts.h"
51#endif
52
53
54#ifdef VBOX_SIGNING_MODE
55# if 1 /* Whether to use IPRT or Windows to verify the executable signatures. */
56/* This section is borrowed from RTSignTool.cpp */
57
58# include <iprt/err.h>
59# include <iprt/initterm.h>
60# include <iprt/ldr.h>
61# include <iprt/message.h>
62# include <iprt/stream.h>
63# include <iprt/crypto/pkcs7.h>
64# include <iprt/crypto/store.h>
65
66class CryptoStore
67{
68public:
69 RTCRSTORE m_hStore;
70
71 CryptoStore()
72 : m_hStore(NIL_RTCRSTORE)
73 {
74 }
75
76 ~CryptoStore()
77 {
78 if (m_hStore != NIL_RTCRSTORE)
79 {
80 uint32_t cRefs = RTCrStoreRelease(m_hStore);
81 Assert(cRefs == 0); RT_NOREF(cRefs);
82 m_hStore = NIL_RTCRSTORE;
83 }
84 }
85
86 /**
87 * Adds one or more certificates from the given file.
88 *
89 * @returns boolean success indicator.
90 */
91 bool addFromFile(const char *pszFilename, PRTERRINFOSTATIC pStaticErrInfo)
92 {
93 int rc = RTCrStoreCertAddFromFile(this->m_hStore, RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR,
94 pszFilename, RTErrInfoInitStatic(pStaticErrInfo));
95 if (RT_SUCCESS(rc))
96 {
97 if (RTErrInfoIsSet(&pStaticErrInfo->Core))
98 RTMsgWarning("Warnings loading certificate '%s': %s", pszFilename, pStaticErrInfo->Core.pszMsg);
99 return true;
100 }
101 RTMsgError("Error loading certificate '%s': %Rrc%#RTeim", pszFilename, rc, &pStaticErrInfo->Core);
102 return false;
103 }
104
105 /**
106 * Adds trusted self-signed certificates from the system.
107 *
108 * @returns boolean success indicator.
109 * @note The selection is self-signed rather than CAs here so that test signing
110 * certificates will be included.
111 */
112 bool addSelfSignedRootsFromSystem(PRTERRINFOSTATIC pStaticErrInfo)
113 {
114 CryptoStore Tmp;
115 int rc = RTCrStoreCreateSnapshotOfUserAndSystemTrustedCAsAndCerts(&Tmp.m_hStore, RTErrInfoInitStatic(pStaticErrInfo));
116 if (RT_SUCCESS(rc))
117 {
118 RTCRSTORECERTSEARCH Search;
119 rc = RTCrStoreCertFindAll(Tmp.m_hStore, &Search);
120 if (RT_SUCCESS(rc))
121 {
122 PCRTCRCERTCTX pCertCtx;
123 while ((pCertCtx = RTCrStoreCertSearchNext(Tmp.m_hStore, &Search)) != NULL)
124 {
125 /* Add it if it's a full fledged self-signed certificate, otherwise just skip: */
126 if ( pCertCtx->pCert
127 && RTCrX509Certificate_IsSelfSigned(pCertCtx->pCert))
128 {
129 int rc2 = RTCrStoreCertAddEncoded(this->m_hStore,
130 pCertCtx->fFlags | RTCRCERTCTX_F_ADD_IF_NOT_FOUND,
131 pCertCtx->pabEncoded, pCertCtx->cbEncoded, NULL);
132 if (RT_FAILURE(rc2))
133 RTMsgWarning("RTCrStoreCertAddEncoded failed for a certificate: %Rrc", rc2);
134 }
135 RTCrCertCtxRelease(pCertCtx);
136 }
137
138 int rc2 = RTCrStoreCertSearchDestroy(Tmp.m_hStore, &Search);
139 AssertRC(rc2);
140 return true;
141 }
142 RTMsgError("RTCrStoreCertFindAll failed: %Rrc", rc);
143 }
144 else
145 RTMsgError("RTCrStoreCreateSnapshotOfUserAndSystemTrustedCAsAndCerts failed: %Rrc%#RTeim", rc, &pStaticErrInfo->Core);
146 return false;
147 }
148
149 /**
150 * Adds trusted self-signed certificates from the system.
151 *
152 * @returns boolean success indicator.
153 */
154 bool addIntermediateCertsFromSystem(PRTERRINFOSTATIC pStaticErrInfo)
155 {
156 bool fRc = true;
157 RTCRSTOREID const s_aenmStoreIds[] = { RTCRSTOREID_SYSTEM_INTERMEDIATE_CAS, RTCRSTOREID_USER_INTERMEDIATE_CAS };
158 for (size_t i = 0; i < RT_ELEMENTS(s_aenmStoreIds); i++)
159 {
160 CryptoStore Tmp;
161 int rc = RTCrStoreCreateSnapshotById(&Tmp.m_hStore, s_aenmStoreIds[i], RTErrInfoInitStatic(pStaticErrInfo));
162 if (RT_SUCCESS(rc))
163 {
164 RTCRSTORECERTSEARCH Search;
165 rc = RTCrStoreCertFindAll(Tmp.m_hStore, &Search);
166 if (RT_SUCCESS(rc))
167 {
168 PCRTCRCERTCTX pCertCtx;
169 while ((pCertCtx = RTCrStoreCertSearchNext(Tmp.m_hStore, &Search)) != NULL)
170 {
171 /* Skip selfsigned certs as they're useless as intermediate certs (IIRC). */
172 if ( pCertCtx->pCert
173 && !RTCrX509Certificate_IsSelfSigned(pCertCtx->pCert))
174 {
175 int rc2 = RTCrStoreCertAddEncoded(this->m_hStore,
176 pCertCtx->fFlags | RTCRCERTCTX_F_ADD_IF_NOT_FOUND,
177 pCertCtx->pabEncoded, pCertCtx->cbEncoded, NULL);
178 if (RT_FAILURE(rc2))
179 RTMsgWarning("RTCrStoreCertAddEncoded failed for a certificate: %Rrc", rc2);
180 }
181 RTCrCertCtxRelease(pCertCtx);
182 }
183
184 int rc2 = RTCrStoreCertSearchDestroy(Tmp.m_hStore, &Search);
185 AssertRC(rc2);
186 }
187 else
188 {
189 RTMsgError("RTCrStoreCertFindAll/%d failed: %Rrc", s_aenmStoreIds[i], rc);
190 fRc = false;
191 }
192 }
193 else
194 {
195 RTMsgError("RTCrStoreCreateSnapshotById/%d failed: %Rrc%#RTeim", s_aenmStoreIds[i], rc, &pStaticErrInfo->Core);
196 fRc = false;
197 }
198 }
199 return fRc;
200 }
201
202};
203
204typedef struct VERIFYEXESTATE
205{
206 CryptoStore RootStore;
207 CryptoStore KernelRootStore;
208 CryptoStore AdditionalStore;
209 bool fKernel;
210 int cVerbose;
211 enum { kSignType_Windows, kSignType_OSX } enmSignType;
212 RTLDRARCH enmLdrArch;
213 uint32_t cBad;
214 uint32_t cOkay;
215 uint32_t cTrustedCerts;
216 const char *pszFilename;
217 RTTIMESPEC ValidationTime;
218
219 VERIFYEXESTATE()
220 : fKernel(false)
221 , cVerbose(0)
222 , enmSignType(kSignType_Windows)
223 , enmLdrArch(RTLDRARCH_WHATEVER)
224 , cBad(0)
225 , cOkay(0)
226 , cTrustedCerts(0)
227 , pszFilename(NULL)
228 {
229 RTTimeSpecSetSeconds(&ValidationTime, 0);
230 }
231} VERIFYEXESTATE;
232
233/**
234 * @callback_method_impl{FNRTCRPKCS7VERIFYCERTCALLBACK,
235 * Standard code signing. Use this for Microsoft SPC.}
236 */
237static DECLCALLBACK(int) VerifyExecCertVerifyCallback(PCRTCRX509CERTIFICATE pCert, RTCRX509CERTPATHS hCertPaths, uint32_t fFlags,
238 void *pvUser, PRTERRINFO pErrInfo)
239{
240 VERIFYEXESTATE * const pState = (VERIFYEXESTATE *)pvUser;
241
242 /* We don't set RTCRPKCS7VERIFY_SD_F_TRUST_ALL_CERTS, so it won't be NIL! */
243 Assert(hCertPaths != NIL_RTCRX509CERTPATHS);
244
245# if 0 /* for debugging */
246 uint32_t const cPaths = RTCrX509CertPathsGetPathCount(hCertPaths);
247 RTMsgInfo("%s Path%s (pCert=%p hCertPaths=%p fFlags=%#x cPath=%d):",
248 fFlags & RTCRPKCS7VCC_F_TIMESTAMP ? "Timestamp" : "Signature", cPaths == 1 ? "" : "s",
249 pCert, hCertPaths, fFlags, cPaths);
250 for (uint32_t iPath = 0; iPath < cPaths; iPath++)
251 {
252 RTCrX509CertPathsDumpOne(hCertPaths, iPath, pState->cVerbose, RTStrmDumpPrintfV, g_pStdOut);
253 *pErrInfo->pszMsg = '\0';
254 }
255# endif
256
257 /*
258 * Standard code signing capabilites required.
259 *
260 * Note! You may have to fix your test signing cert / releax this one to pass this.
261 */
262 int rc = RTCrPkcs7VerifyCertCallbackCodeSigning(pCert, hCertPaths, fFlags, NULL, pErrInfo);
263 if (RT_SUCCESS(rc))
264 {
265 /*
266 * Check if the signing certificate is a trusted one, i.e. one of the
267 * build certificates.
268 */
269 if (!(fFlags & RTCRPKCS7VCC_F_TIMESTAMP))
270 if (RTCrX509CertPathsGetPathCount(hCertPaths) == 1)
271 if (RTCrX509CertPathsGetPathLength(hCertPaths, 0) == 1)
272 {
273 RTMsgInfo("Signed by trusted certificate.\n");
274 pState->cTrustedCerts++;
275 }
276 }
277 else
278 RTMsgError("RTCrPkcs7VerifyCertCallbackCodeSigning(,,%#x,,) failed: %Rrc%#RTeim", fFlags, pErrInfo);
279 return rc;
280}
281
282/** @callback_method_impl{FNRTLDRVALIDATESIGNEDDATA} */
283static DECLCALLBACK(int) VerifyExeCallback(RTLDRMOD hLdrMod, PCRTLDRSIGNATUREINFO pInfo, PRTERRINFO pErrInfo, void *pvUser)
284{
285 VERIFYEXESTATE * const pState = (VERIFYEXESTATE *)pvUser;
286 RT_NOREF_PV(hLdrMod);
287
288 switch (pInfo->enmType)
289 {
290 case RTLDRSIGNATURETYPE_PKCS7_SIGNED_DATA:
291 {
292 PCRTCRPKCS7CONTENTINFO pContentInfo = (PCRTCRPKCS7CONTENTINFO)pInfo->pvSignature;
293
294 if (pState->cVerbose > 0)
295 RTMsgInfo("Verifying '%s' signature #%u ...\n", pState->pszFilename, pInfo->iSignature + 1);
296
297# if 0
298 /*
299 * Dump the signed data if so requested and it's the first one, assuming that
300 * additional signatures in contained wihtin the same ContentInfo structure.
301 */
302 if (pState->cVerbose > 1 && pInfo->iSignature == 0)
303 RTAsn1Dump(&pContentInfo->SeqCore.Asn1Core, 0, 0, RTStrmDumpPrintfV, g_pStdOut);
304# endif
305
306 /*
307 * We'll try different alternative timestamps here.
308 */
309 struct { RTTIMESPEC TimeSpec; const char *pszDesc; } aTimes[3];
310 unsigned cTimes = 0;
311
312 /* The specified timestamp. */
313 if (RTTimeSpecGetSeconds(&pState->ValidationTime) != 0)
314 {
315 aTimes[cTimes].TimeSpec = pState->ValidationTime;
316 aTimes[cTimes].pszDesc = "validation time";
317 cTimes++;
318 }
319
320 /* Linking timestamp: */
321 uint64_t uLinkingTime = 0;
322 int rc = RTLdrQueryProp(hLdrMod, RTLDRPROP_TIMESTAMP_SECONDS, &uLinkingTime, sizeof(uLinkingTime));
323 if (RT_SUCCESS(rc))
324 {
325 RTTimeSpecSetSeconds(&aTimes[cTimes].TimeSpec, uLinkingTime);
326 aTimes[cTimes].pszDesc = "at link time";
327 cTimes++;
328 }
329 else if (rc != VERR_NOT_FOUND)
330 RTMsgError("RTLdrQueryProp/RTLDRPROP_TIMESTAMP_SECONDS failed on '%s': %Rrc\n", pState->pszFilename, rc);
331
332 /* Now: */
333 RTTimeNow(&aTimes[cTimes].TimeSpec);
334 aTimes[cTimes].pszDesc = "now";
335 cTimes++;
336
337 /*
338 * Do the actual verification.
339 */
340 Assert(!pInfo->pvExternalData);
341 for (unsigned iTime = 0; iTime < cTimes; iTime++)
342 {
343 RTTIMESPEC TimeSpec = aTimes[iTime].TimeSpec;
344 rc = RTCrPkcs7VerifySignedData(pContentInfo,
345 RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE_SIGNING_TIME_ONLY
346 | RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_SIGNING_TIME_IF_PRESENT
347 | RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_MS_TIMESTAMP_IF_PRESENT
348 | RTCRPKCS7VERIFY_SD_F_CHECK_TRUST_ANCHORS
349 | RTCRPKCS7VERIFY_SD_F_UPDATE_VALIDATION_TIME,
350 pState->AdditionalStore.m_hStore, pState->RootStore.m_hStore,
351 &TimeSpec, VerifyExecCertVerifyCallback, pState, pErrInfo);
352 if (RT_SUCCESS(rc))
353 {
354 Assert(rc == VINF_SUCCESS || rc == VINF_CR_DIGEST_DEPRECATED);
355 const char * const pszNote = rc == VINF_CR_DIGEST_DEPRECATED ? " (deprecated digest)" : "";
356 const char * const pszTime = iTime == 0
357 && RTTimeSpecCompare(&TimeSpec, &aTimes[iTime].TimeSpec) != 0
358 ? "at signing time" : aTimes[iTime].pszDesc;
359 if (pInfo->cSignatures == 1)
360 RTMsgInfo("'%s' is valid %s%s.\n", pState->pszFilename, pszTime, pszNote);
361 else
362 RTMsgInfo("'%s' signature #%u is valid %s%s.\n",
363 pState->pszFilename, pInfo->iSignature + 1, pszTime, pszNote);
364 pState->cOkay++;
365 return VINF_SUCCESS;
366 }
367 if (rc != VERR_CR_X509_CPV_NOT_VALID_AT_TIME)
368 {
369 if (pInfo->cSignatures == 1)
370 RTMsgError("%s: Failed to verify signature: %Rrc%#RTeim\n", pState->pszFilename, rc, pErrInfo);
371 else
372 RTMsgError("%s: Failed to verify signature #%u: %Rrc%#RTeim\n",
373 pState->pszFilename, pInfo->iSignature + 1, rc, pErrInfo);
374 pState->cBad++;
375 return VINF_SUCCESS;
376 }
377 }
378
379 if (pInfo->cSignatures == 1)
380 RTMsgError("%s: Signature is not valid at present or link time.\n", pState->pszFilename);
381 else
382 RTMsgError("%s: Signature #%u is not valid at present or link time.\n",
383 pState->pszFilename, pInfo->iSignature + 1);
384 pState->cBad++;
385 return VINF_SUCCESS;
386 }
387
388 default:
389 return RTErrInfoSetF(pErrInfo, VERR_NOT_SUPPORTED, "Unsupported signature type: %d", pInfo->enmType);
390 }
391}
392
393/**
394 * Uses IPRT functionality to check that the executable is signed with a
395 * certiicate known to us.
396 *
397 * @returns 0 on success, non-zero exit code on failure.
398 */
399static int CheckFileSignatureIprt(wchar_t const *pwszExePath)
400{
401 RTR3InitExeNoArguments(RTR3INIT_FLAGS_STANDALONE_APP);
402 RTMsgInfo("Signing checking of '%ls'...\n", pwszExePath);
403
404 /* Initialize the state. */
405 VERIFYEXESTATE State;
406 int rc = RTCrStoreCreateInMem(&State.RootStore.m_hStore, 0);
407 if (RT_SUCCESS(rc))
408 rc = RTCrStoreCreateInMem(&State.KernelRootStore.m_hStore, 0);
409 if (RT_SUCCESS(rc))
410 rc = RTCrStoreCreateInMem(&State.AdditionalStore.m_hStore, 0);
411 if (RT_FAILURE(rc))
412 return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error creating in-memory certificate store: %Rrc", rc);
413
414 /* Add the build certificates to the root store. */
415 RTERRINFOSTATIC StaticErrInfo;
416 for (uint32_t i = 0; i < g_cBuildCerts; i++)
417 {
418 rc = RTCrStoreCertAddEncoded(State.RootStore.m_hStore, RTCRCERTCTX_F_ENC_X509_DER,
419 g_aBuildCerts[i].pbCert, g_aBuildCerts[i].cbCert, RTErrInfoInitStatic(&StaticErrInfo));
420 if (RT_FAILURE(rc))
421 return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to add build cert #%u to root store: %Rrc%#RTeim",
422 i, rc, &StaticErrInfo.Core);
423 }
424 uint32_t i = g_cTimestampRootCerts; /* avoids warning if g_cTimestampRootCerts is 0. */
425 while (i-- > 0)
426 {
427 rc = RTCrStoreCertAddEncoded(State.RootStore.m_hStore, RTCRCERTCTX_F_ENC_X509_DER,
428 g_aTimestampRootCerts[i].pbCert, g_aTimestampRootCerts[i].cbCert,
429 RTErrInfoInitStatic(&StaticErrInfo));
430 if (RT_FAILURE(rc))
431 return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to add build timestamp root cert #%u to root store: %Rrc%#RTeim",
432 i, rc, &StaticErrInfo.Core);
433 }
434
435 /*
436 * Open the executable image and verify it.
437 */
438 char *pszExePath = NULL;
439 rc = RTUtf16ToUtf8(pwszExePath, &pszExePath);
440 AssertRCReturn(rc, RTEXITCODE_FAILURE);
441 RTLDRMOD hLdrMod;
442 rc = RTLdrOpen(pszExePath, RTLDR_O_FOR_VALIDATION, RTLDRARCH_WHATEVER, &hLdrMod);
443 if (RT_SUCCESS(rc))
444 {
445 State.pszFilename = pszExePath;
446
447 rc = RTLdrVerifySignature(hLdrMod, VerifyExeCallback, &State, RTErrInfoInitStatic(&StaticErrInfo));
448 if (RT_FAILURE(rc))
449 RTMsgError("RTLdrVerifySignature failed on '%s': %Rrc%#RTeim\n", pszExePath, rc, &StaticErrInfo.Core);
450
451 RTStrFree(pszExePath);
452 RTLdrClose(hLdrMod);
453
454 if (RT_FAILURE(rc))
455 return rc != VERR_LDRVI_NOT_SIGNED ? RTEXITCODE_FAILURE : RTEXITCODE_SKIPPED;
456 if (State.cOkay > 0)
457 {
458 if (State.cTrustedCerts > 0)
459 return RTEXITCODE_SUCCESS;
460 RTMsgError("None of the build certificates were used for signing '%ls'!", pwszExePath);
461 }
462 return RTEXITCODE_FAILURE;
463 }
464 RTStrFree(pszExePath);
465 return RTEXITCODE_FAILURE;
466}
467
468# else /* Using Windows APIs */
469
470/**
471 * Checks the file signatures of both this stub program and the actual installer
472 * binary, making sure they use the same certificate as at build time and that
473 * the signature verifies correctly.
474 *
475 * @returns 0 on success, non-zero exit code on failure.
476 */
477static int CheckFileSignatures(wchar_t const *pwszExePath, HANDLE hFileExe, wchar_t const *pwszSelfPath, HANDLE hFileSelf)
478{
479 /*
480 * Check the OS version (bypassing shims).
481 *
482 * The RtlGetVersion API was added in windows 2000, so it's precense is a
483 * provides a minimum OS version indicator already.
484 */
485 LONG (__stdcall *pfnRtlGetVersion)(OSVERSIONINFOEXW *);
486 *(FARPROC *)&pfnRtlGetVersion = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "RtlGetVersion");
487 if (!pfnRtlGetVersion)
488 {
489 /* double check it. */
490 DWORD const dwVersion = GetVersion();
491 if ((dwVersion & 0xff) < 5)
492 return 0;
493 return ErrorMsgRcSUS(40, "RtlGetVersion not present while Windows version is 5.0 or higher (", dwVersion, ")");
494 }
495 OSVERSIONINFOEXW WinOsInfoEx = { sizeof(WinOsInfoEx) };
496 NTSTATUS const rcNt = pfnRtlGetVersion(&WinOsInfoEx);
497 if (!RT_SUCCESS(rcNt))
498 return ErrorMsgRcSU(41, "RtlGetVersion failed: ", rcNt);
499
500 /* Skip both of these checks if pre-XP. */
501 if ( (WinOsInfoEx.dwMajorVersion == 5 && WinOsInfoEx.dwMinorVersion < 1)
502 || WinOsInfoEx.dwMajorVersion < 4)
503 return 0;
504
505 /*
506 * We need to find the system32 directory to load the WinVerifyTrust API.
507 */
508 static wchar_t const s_wszSlashWinTrustDll[] = L"\\Wintrust.dll";
509
510 /* Call GetSystemWindowsDirectoryW/GetSystemDirectoryW. */
511 wchar_t wszSysDll[MAX_PATH + sizeof(s_wszSlashWinTrustDll)] = { 0 };
512 UINT const cwcSystem32 = GetSystemDirectoryW(wszSysDll, MAX_PATH);
513 if (!cwcSystem32 || cwcSystem32 >= MAX_PATH)
514 return ErrorMsgRc(42, "GetSystemDirectoryW failed");
515
516 /* Load it: */
517 memcpy(&wszSysDll[cwcSystem32], s_wszSlashWinTrustDll, sizeof(s_wszSlashWinTrustDll));
518 DWORD fLoadFlags = LOAD_LIBRARY_SEARCH_SYSTEM32;
519 HMODULE hModWinTrustDll = LoadLibraryExW(wszSysDll, NULL, fLoadFlags);
520 if (!hModWinTrustDll && GetLastError() == ERROR_INVALID_PARAMETER)
521 {
522 fLoadFlags = 0;
523 hModWinTrustDll = LoadLibraryExW(wszSysDll, NULL, fLoadFlags);
524 }
525 if (!hModWinTrustDll)
526 return ErrorMsgRcSWSU(43, "Failed to load '", wszSysDll, "': ", GetLastError());
527
528 /* Resolve API: */
529 decltype(WinVerifyTrust) * const pfnWinVerifyTrust
530 = (decltype(WinVerifyTrust) *)GetProcAddress(hModWinTrustDll, "WinVerifyTrust");
531 if (!pfnWinVerifyTrust)
532 return ErrorMsgRc(44, "WinVerifyTrust not found");
533
534 /*
535 * We also need the Crypt32.dll for CryptQueryObject and CryptMsgGetParam.
536 */
537 /* Load it: */
538 static wchar_t const s_wszSlashCrypt32Dll[] = L"\\Crypt32.dll";
539 AssertCompile(sizeof(s_wszSlashCrypt32Dll) <= sizeof(s_wszSlashWinTrustDll));
540 memcpy(&wszSysDll[cwcSystem32], s_wszSlashCrypt32Dll, sizeof(s_wszSlashCrypt32Dll));
541 HMODULE const hModCrypt32Dll = LoadLibraryExW(wszSysDll, NULL, fLoadFlags);
542 if (!hModCrypt32Dll)
543 return ErrorMsgRcSWSU(45, "Failed to load '", wszSysDll, "': ", GetLastError());
544
545 /* Resolve APIs: */
546 decltype(CryptQueryObject) * const pfnCryptQueryObject
547 = (decltype(CryptQueryObject) *)GetProcAddress(hModCrypt32Dll, "CryptQueryObject");
548 if (!pfnCryptQueryObject)
549 return ErrorMsgRc(46, "CryptQueryObject not found");
550
551 decltype(CryptMsgClose) * const pfnCryptMsgClose
552 = (decltype(CryptMsgClose) *)GetProcAddress(hModCrypt32Dll, "CryptMsgClose");
553 if (!pfnCryptQueryObject)
554 return ErrorMsgRc(47, "CryptMsgClose not found");
555
556 decltype(CryptMsgGetParam) * const pfnCryptMsgGetParam
557 = (decltype(CryptMsgGetParam) *)GetProcAddress(hModCrypt32Dll, "CryptMsgGetParam");
558 if (!pfnCryptQueryObject)
559 return ErrorMsgRc(48, "CryptMsgGetParam not found");
560
561 /*
562 * We'll verify the primary signer certificate first as that's something that
563 * should work even if SHA-256 isn't supported by the Windows crypto code.
564 */
565 struct
566 {
567 HANDLE hFile;
568 wchar_t const *pwszFile;
569
570 DWORD fEncoding;
571 DWORD dwContentType;
572 DWORD dwFormatType;
573 HCERTSTORE hCertStore;
574 HCRYPTMSG hMsg;
575
576 DWORD cbCert;
577 uint8_t *pbCert;
578 } aExes[] =
579 {
580 { hFileSelf, pwszSelfPath, 0, 0, 0, NULL, NULL, 0, NULL },
581 { hFileExe, pwszExePath, 0, 0, 0, NULL, NULL, 0, NULL },
582 };
583
584 HANDLE const hHeap = GetProcessHeap();
585 int rcExit = 0;
586 for (unsigned i = 0; i < RT_ELEMENTS(aExes) && rcExit == 0; i++)
587 {
588 if (!pfnCryptQueryObject(CERT_QUERY_OBJECT_FILE,
589 aExes[i].pwszFile,
590 CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
591 CERT_QUERY_FORMAT_FLAG_BINARY,
592 0 /*fFlags*/,
593 &aExes[i].fEncoding,
594 &aExes[i].dwContentType,
595 &aExes[i].dwFormatType,
596 &aExes[i].hCertStore,
597 &aExes[i].hMsg,
598 NULL /*ppvContext*/))
599 rcExit = ErrorMsgRcSWSU(50 + i*4, "CryptQueryObject/FILE on '", aExes[i].pwszFile, "': ", GetLastError());
600/** @todo this isn't getting us what we want. It's just accessing the
601 * certificates shipped with the signature. Sigh. */
602 else if (!pfnCryptMsgGetParam(aExes[i].hMsg, CMSG_CERT_PARAM, 0, NULL, &aExes[i].cbCert))
603 rcExit = ErrorMsgRcSWSU(51 + i*4, "CryptMsgGetParam/CMSG_CERT_PARAM/size failed on '",
604 aExes[i].pwszFile, "': ", GetLastError());
605 else
606 {
607 DWORD const cbCert = aExes[i].cbCert;
608 aExes[i].pbCert = (uint8_t *)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, cbCert);
609 if (!aExes[i].pbCert)
610 rcExit = ErrorMsgRcSUS(52 + i*4, "Out of memory (", cbCert, " bytes) for signing certificate information");
611 else if (!pfnCryptMsgGetParam(aExes[i].hMsg, CMSG_CERT_PARAM, 0, aExes[i].pbCert, &aExes[i].cbCert))
612 rcExit = ErrorMsgRcSWSU(53 + i*4, "CryptMsgGetParam/CMSG_CERT_PARAM failed on '", aExes[i].pwszFile, "': ",
613 GetLastError());
614 }
615 }
616
617 if (rcExit == 0)
618 {
619 /* Do the two match? */
620 if ( aExes[0].cbCert != aExes[1].cbCert
621 || memcmp(aExes[0].pbCert, aExes[1].pbCert, aExes[0].cbCert) != 0)
622 rcExit = ErrorMsgRcSWS(58, "The certificate used to sign '", pwszExePath, "' does not match.");
623 /* The two match, now do they match the one we're expecting to use? */
624 else if ( aExes[0].cbCert != g_cbBuildCert
625 || memcmp(aExes[0].pbCert, g_abBuildCert, g_cbBuildCert) != 0)
626 rcExit = ErrorMsgRcSWS(59, "The signing certificate of '", pwszExePath, "' differs from the build certificate");
627 /* else: it all looks fine */
628 }
629
630 /* cleanup */
631 for (unsigned i = 0; i < RT_ELEMENTS(aExes); i++)
632 {
633 if (aExes[i].pbCert)
634 {
635 HeapFree(hHeap, 0, aExes[i].pbCert);
636 aExes[i].pbCert = NULL;
637 }
638 if (aExes[i].hMsg)
639 {
640 pfnCryptMsgClose(aExes[i].hMsg);
641 aExes[i].hMsg = NULL;
642 }
643 }
644 if (rcExit != 0)
645 return rcExit;
646
647 /*
648 * ASSUMING we're using SHA-256 for signing, we do a windows OS cutoff at Windows 7.
649 * For Windows Vista and older we skip this step.
650 */
651 if ( (WinOsInfoEx.dwMajorVersion == 6 && WinOsInfoEx.dwMinorVersion == 0)
652 || WinOsInfoEx.dwMajorVersion < 6)
653 return 0;
654
655 /*
656 * Construct input WinVerifyTrust parameters and call it on each of the executables in turn.
657 * This code was borrowed from SUPHardNt.
658 */
659 for (unsigned i = 0; i < RT_ELEMENTS(aExes); i++)
660 {
661 WINTRUST_FILE_INFO FileInfo = { 0 };
662 FileInfo.cbStruct = sizeof(FileInfo);
663 FileInfo.pcwszFilePath = aExes[i].pwszFile;
664 FileInfo.hFile = aExes[i].hFile;
665
666 GUID PolicyActionGuid = WINTRUST_ACTION_GENERIC_VERIFY_V2;
667
668 WINTRUST_DATA TrustData = { 0 };
669 TrustData.cbStruct = sizeof(TrustData);
670 TrustData.fdwRevocationChecks = WTD_REVOKE_NONE; /* Keep simple for now. */
671 TrustData.dwStateAction = WTD_STATEACTION_VERIFY;
672 TrustData.dwUIChoice = WTD_UI_NONE;
673 TrustData.dwProvFlags = 0;
674 if (WinOsInfoEx.dwMajorVersion >= 6)
675 TrustData.dwProvFlags = WTD_CACHE_ONLY_URL_RETRIEVAL;
676 else
677 TrustData.dwProvFlags = WTD_REVOCATION_CHECK_NONE;
678 TrustData.dwUnionChoice = WTD_CHOICE_FILE;
679 TrustData.pFile = &FileInfo;
680
681 HRESULT hrc = pfnWinVerifyTrust(NULL /*hwnd*/, &PolicyActionGuid, &TrustData);
682 if (hrc != S_OK)
683 {
684 /* Translate the eror constant */
685 const char *pszErrConst = NULL;
686 switch (hrc)
687 {
688 case TRUST_E_SYSTEM_ERROR: pszErrConst = "TRUST_E_SYSTEM_ERROR"; break;
689 case TRUST_E_NO_SIGNER_CERT: pszErrConst = "TRUST_E_NO_SIGNER_CERT"; break;
690 case TRUST_E_COUNTER_SIGNER: pszErrConst = "TRUST_E_COUNTER_SIGNER"; break;
691 case TRUST_E_CERT_SIGNATURE: pszErrConst = "TRUST_E_CERT_SIGNATURE"; break;
692 case TRUST_E_TIME_STAMP: pszErrConst = "TRUST_E_TIME_STAMP"; break;
693 case TRUST_E_BAD_DIGEST: pszErrConst = "TRUST_E_BAD_DIGEST"; break;
694 case TRUST_E_BASIC_CONSTRAINTS: pszErrConst = "TRUST_E_BASIC_CONSTRAINTS"; break;
695 case TRUST_E_FINANCIAL_CRITERIA: pszErrConst = "TRUST_E_FINANCIAL_CRITERIA"; break;
696 case TRUST_E_PROVIDER_UNKNOWN: pszErrConst = "TRUST_E_PROVIDER_UNKNOWN"; break;
697 case TRUST_E_ACTION_UNKNOWN: pszErrConst = "TRUST_E_ACTION_UNKNOWN"; break;
698 case TRUST_E_SUBJECT_FORM_UNKNOWN: pszErrConst = "TRUST_E_SUBJECT_FORM_UNKNOWN"; break;
699 case TRUST_E_SUBJECT_NOT_TRUSTED: pszErrConst = "TRUST_E_SUBJECT_NOT_TRUSTED"; break;
700 case TRUST_E_NOSIGNATURE: pszErrConst = "TRUST_E_NOSIGNATURE"; break;
701 case TRUST_E_FAIL: pszErrConst = "TRUST_E_FAIL"; break;
702 case TRUST_E_EXPLICIT_DISTRUST: pszErrConst = "TRUST_E_EXPLICIT_DISTRUST"; break;
703 case CERT_E_EXPIRED: pszErrConst = "CERT_E_EXPIRED"; break;
704 case CERT_E_VALIDITYPERIODNESTING: pszErrConst = "CERT_E_VALIDITYPERIODNESTING"; break;
705 case CERT_E_ROLE: pszErrConst = "CERT_E_ROLE"; break;
706 case CERT_E_PATHLENCONST: pszErrConst = "CERT_E_PATHLENCONST"; break;
707 case CERT_E_CRITICAL: pszErrConst = "CERT_E_CRITICAL"; break;
708 case CERT_E_PURPOSE: pszErrConst = "CERT_E_PURPOSE"; break;
709 case CERT_E_ISSUERCHAINING: pszErrConst = "CERT_E_ISSUERCHAINING"; break;
710 case CERT_E_MALFORMED: pszErrConst = "CERT_E_MALFORMED"; break;
711 case CERT_E_UNTRUSTEDROOT: pszErrConst = "CERT_E_UNTRUSTEDROOT"; break;
712 case CERT_E_CHAINING: pszErrConst = "CERT_E_CHAINING"; break;
713 case CERT_E_REVOKED: pszErrConst = "CERT_E_REVOKED"; break;
714 case CERT_E_UNTRUSTEDTESTROOT: pszErrConst = "CERT_E_UNTRUSTEDTESTROOT"; break;
715 case CERT_E_REVOCATION_FAILURE: pszErrConst = "CERT_E_REVOCATION_FAILURE"; break;
716 case CERT_E_CN_NO_MATCH: pszErrConst = "CERT_E_CN_NO_MATCH"; break;
717 case CERT_E_WRONG_USAGE: pszErrConst = "CERT_E_WRONG_USAGE"; break;
718 case CERT_E_UNTRUSTEDCA: pszErrConst = "CERT_E_UNTRUSTEDCA"; break;
719 case CERT_E_INVALID_POLICY: pszErrConst = "CERT_E_INVALID_POLICY"; break;
720 case CERT_E_INVALID_NAME: pszErrConst = "CERT_E_INVALID_NAME"; break;
721 case CRYPT_E_FILE_ERROR: pszErrConst = "CRYPT_E_FILE_ERROR"; break;
722 case CRYPT_E_REVOKED: pszErrConst = "CRYPT_E_REVOKED"; break;
723 }
724 if (pszErrConst)
725 rcExit = ErrorMsgRcSWSS(60 + i, "WinVerifyTrust failed on '", pwszExePath, "': ", pszErrConst);
726 else
727 rcExit = ErrorMsgRcSWSX(60 + i, "WinVerifyTrust failed on '", pwszExePath, "': ", hrc);
728 }
729
730 /* clean up state data. */
731 TrustData.dwStateAction = WTD_STATEACTION_CLOSE;
732 FileInfo.hFile = NULL;
733 hrc = pfnWinVerifyTrust(NULL /*hwnd*/, &PolicyActionGuid, &TrustData);
734 }
735
736 return rcExit;
737}
738
739# endif /* Using Windows APIs. */
740#endif /* VBOX_SIGNING_MODE */
741
742/**
743 * strstr for haystacks w/o null termination.
744 */
745static const char *MyStrStrN(const char *pchHaystack, size_t cbHaystack, const char *pszNeedle)
746{
747 size_t const cchNeedle = strlen(pszNeedle);
748 char const chFirst = *pszNeedle;
749 if (cbHaystack >= cchNeedle)
750 {
751 cbHaystack -= cchNeedle - 1;
752 while (cbHaystack > 0)
753 {
754 const char *pchHit = (const char *)memchr(pchHaystack, chFirst, cbHaystack);
755 if (pchHit)
756 {
757 if (memcmp(pchHit, pszNeedle, cchNeedle) == 0)
758 return pchHit;
759 pchHit++;
760 cbHaystack -= pchHit - pchHaystack;
761 pchHaystack = pchHit;
762 }
763 else
764 break;
765 }
766 }
767 return NULL;
768}
769
770/**
771 * Check that the executable file is "related" the one for the current process.
772 */
773static int CheckThatFileIsRelated(wchar_t const *pwszExePath, wchar_t const *pwszSelfPath)
774{
775 /*
776 * Start by checking version info.
777 */
778 /*
779 * Query the version info for the files:
780 */
781 DWORD const cbExeVerInfo = GetFileVersionInfoSizeW(pwszExePath, NULL);
782 if (!cbExeVerInfo)
783 return ErrorMsgRcSWSU(20, "GetFileVersionInfoSizeW failed on '", pwszExePath, "': ", GetLastError());
784
785 DWORD const cbSelfVerInfo = GetFileVersionInfoSizeW(pwszSelfPath, NULL);
786 if (!cbSelfVerInfo)
787 return ErrorMsgRcSWSU(21, "GetFileVersionInfoSizeW failed on '", pwszSelfPath, "': ", GetLastError());
788
789 HANDLE const hHeap = GetProcessHeap();
790 DWORD const cbBothVerInfo = RT_ALIGN_32(cbExeVerInfo, 64) + RT_ALIGN_32(cbSelfVerInfo, 64);
791 void * const pvExeVerInfo = HeapAlloc(hHeap, HEAP_ZERO_MEMORY, cbBothVerInfo);
792 void * const pvSelfVerInfo = (uint8_t *)pvExeVerInfo + RT_ALIGN_32(cbExeVerInfo, 64);
793 if (!pvExeVerInfo)
794 return ErrorMsgRcSUS(22, "Out of memory (", cbBothVerInfo, " bytes) for version info");
795
796 int rcExit = 0;
797 if (!GetFileVersionInfoW(pwszExePath, 0, cbExeVerInfo, pvExeVerInfo))
798 rcExit = ErrorMsgRcSWSU(23, "GetFileVersionInfoW failed on '", pwszExePath, "': ", GetLastError());
799 else if (!GetFileVersionInfoW(pwszSelfPath, 0, cbSelfVerInfo, pvSelfVerInfo))
800 rcExit = ErrorMsgRcSWSU(24, "GetFileVersionInfoW failed on '", pwszSelfPath, "': ", GetLastError());
801
802 /*
803 * Compare the product and company strings, which should be identical.
804 */
805 static struct
806 {
807 wchar_t const *pwszQueryItem;
808 const char *pszQueryErrorMsg1;
809 const char *pszCompareErrorMsg1;
810 } const s_aIdenticalItems[] =
811 {
812 { L"\\StringFileInfo\\040904b0\\ProductName", "VerQueryValueW/ProductName failed on '", "Product string of '" },
813 { L"\\StringFileInfo\\040904b0\\CompanyName", "VerQueryValueW/CompanyName failed on '", "Company string of '" },
814 };
815
816 for (unsigned i = 0; i < RT_ELEMENTS(s_aIdenticalItems) && rcExit == 0; i++)
817 {
818 void *pvExeInfoItem = NULL;
819 UINT cbExeInfoItem = 0;
820 void *pvSelfInfoItem = NULL;
821 UINT cbSelfInfoItem = 0;
822 if (!VerQueryValueW(pvExeVerInfo, s_aIdenticalItems[i].pwszQueryItem, &pvExeInfoItem, &cbExeInfoItem))
823 rcExit = ErrorMsgRcSWSU(25 + i*3, s_aIdenticalItems[i].pszQueryErrorMsg1 , pwszExePath, "': ", GetLastError());
824 else if (!VerQueryValueW(pvSelfVerInfo, s_aIdenticalItems[i].pwszQueryItem, &pvSelfInfoItem, &cbSelfInfoItem))
825 rcExit = ErrorMsgRcSWSU(26 + i*3, s_aIdenticalItems[i].pszQueryErrorMsg1, pwszSelfPath, "': ", GetLastError());
826 else if ( cbExeInfoItem != cbSelfInfoItem
827 || memcmp(pvExeInfoItem, pvSelfInfoItem, cbSelfInfoItem) != 0)
828 rcExit = ErrorMsgRcSWS(27 + i*3, s_aIdenticalItems[i].pszCompareErrorMsg1, pwszExePath, "' does not match");
829 }
830
831 HeapFree(hHeap, 0, pvExeVerInfo);
832
833 /*
834 * Check that the file has a manifest that looks like it may belong to
835 * an NSIS installer.
836 */
837 if (rcExit == 0)
838 {
839 HMODULE hMod = LoadLibraryExW(pwszExePath, NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE);
840 if (!hMod && GetLastError() == ERROR_INVALID_PARAMETER)
841 hMod = LoadLibraryExW(pwszExePath, NULL, LOAD_LIBRARY_AS_DATAFILE);
842 if (hMod)
843 {
844 HRSRC const hRsrcMt = FindResourceExW(hMod, RT_MANIFEST, MAKEINTRESOURCEW(1),
845 MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL));
846 if (hRsrcMt)
847 {
848 DWORD const cbManifest = SizeofResource(hMod, hRsrcMt);
849 HGLOBAL const hGlobalMt = LoadResource(hMod, hRsrcMt);
850 if (hGlobalMt)
851 {
852 const char * const pchManifest = (const char *)LockResource(hGlobalMt);
853 if (pchManifest)
854 {
855 /* Just look for a few strings we expect to always find the manifest. */
856 if (!MyStrStrN(pchManifest, cbManifest, "Nullsoft.NSIS.exehead"))
857 rcExit = 36;
858 else if (!MyStrStrN(pchManifest, cbManifest, "requestedPrivileges"))
859 rcExit = 37;
860 else if (!MyStrStrN(pchManifest, cbManifest, "highestAvailable"))
861 rcExit = 38;
862 if (rcExit)
863 rcExit = ErrorMsgRcSWSU(rcExit, "Manifest check of '", pwszExePath, "' failed: ", rcExit);
864 }
865 else
866 rcExit = ErrorMsgRc(35, "LockResource/Manifest failed");
867 }
868 else
869 rcExit = ErrorMsgRcSU(34, "LoadResource/Manifest failed: ", GetLastError());
870 }
871 else
872 rcExit = ErrorMsgRcSU(33, "FindResourceExW/Manifest failed: ", GetLastError());
873 }
874 else
875 rcExit = ErrorMsgRcSWSU(32, "LoadLibraryExW of '", pwszExePath, "' as datafile failed: ", GetLastError());
876 }
877
878 return rcExit;
879}
880
881static BOOL IsWow64(void)
882{
883 BOOL fIsWow64 = FALSE;
884 typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS)(HANDLE, PBOOL);
885 LPFN_ISWOW64PROCESS fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandleW(L"kernel32"), "IsWow64Process");
886 if (fnIsWow64Process != NULL)
887 {
888 if (!fnIsWow64Process(GetCurrentProcess(), &fIsWow64))
889 {
890 ErrorMsgLastErr("Unable to determine the process type!");
891
892 /* Error in retrieving process type - assume that we're running on 32bit. */
893 fIsWow64 = FALSE;
894 }
895 }
896 return fIsWow64;
897}
898
899static int WaitForProcess2(HANDLE hProcess)
900{
901 /*
902 * Wait for the process, make sure the deal with messages.
903 */
904 for (;;)
905 {
906 DWORD dwRc = MsgWaitForMultipleObjects(1, &hProcess, FALSE, 5000/*ms*/, QS_ALLEVENTS);
907
908 MSG Msg;
909 while (PeekMessageW(&Msg, NULL, 0, 0, PM_REMOVE))
910 {
911 TranslateMessage(&Msg);
912 DispatchMessageW(&Msg);
913 }
914
915 if (dwRc == WAIT_OBJECT_0)
916 break;
917 if ( dwRc != WAIT_TIMEOUT
918 && dwRc != WAIT_OBJECT_0 + 1)
919 {
920 ErrorMsgLastErrSUR("MsgWaitForMultipleObjects failed: ", dwRc);
921 break;
922 }
923 }
924
925 /*
926 * Collect the process info.
927 */
928 DWORD dwExitCode;
929 if (GetExitCodeProcess(hProcess, &dwExitCode))
930 return (int)dwExitCode;
931 return ErrorMsgRcLastErr(16, "GetExitCodeProcess failed");
932}
933
934static int WaitForProcess(HANDLE hProcess)
935{
936 DWORD WaitRc = WaitForSingleObjectEx(hProcess, INFINITE, TRUE);
937 while ( WaitRc == WAIT_IO_COMPLETION
938 || WaitRc == WAIT_TIMEOUT)
939 WaitRc = WaitForSingleObjectEx(hProcess, INFINITE, TRUE);
940 if (WaitRc == WAIT_OBJECT_0)
941 {
942 DWORD dwExitCode;
943 if (GetExitCodeProcess(hProcess, &dwExitCode))
944 return (int)dwExitCode;
945 return ErrorMsgRcLastErr(16, "GetExitCodeProcess failed");
946 }
947 return ErrorMsgRcLastErrSUR(16, "MsgWaitForMultipleObjects failed: ", WaitRc);
948}
949
950#ifndef IPRT_NO_CRT
951int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
952#else
953int main()
954#endif
955{
956#ifndef IPRT_NO_CRT
957 RT_NOREF(hInstance, hPrevInstance, lpCmdLine, nCmdShow);
958#endif
959
960 /*
961 * Gather the parameters of the real installer program.
962 */
963 SetLastError(NO_ERROR);
964 WCHAR wszCurDir[MAX_PATH] = { 0 };
965 DWORD cwcCurDir = GetCurrentDirectoryW(sizeof(wszCurDir), wszCurDir);
966 if (cwcCurDir == 0 || cwcCurDir >= sizeof(wszCurDir))
967 return ErrorMsgRcLastErrSUR(12, "GetCurrentDirectoryW failed: ", cwcCurDir);
968
969 SetLastError(NO_ERROR);
970 WCHAR wszExePath[MAX_PATH] = { 0 };
971 DWORD cwcExePath = GetModuleFileNameW(NULL, wszExePath, sizeof(wszExePath));
972 if (cwcExePath == 0 || cwcExePath >= sizeof(wszExePath))
973 return ErrorMsgRcLastErrSUR(13, "GetModuleFileNameW failed: ", cwcExePath);
974
975 WCHAR wszSelfPath[MAX_PATH];
976 memcpy(wszSelfPath, wszExePath, sizeof(wszSelfPath));
977
978 /*
979 * Strip the extension off the module name and construct the arch specific
980 * one of the real installer program.
981 */
982 DWORD off = cwcExePath - 1;
983 while ( off > 0
984 && ( wszExePath[off] != '/'
985 && wszExePath[off] != '\\'
986 && wszExePath[off] != ':'))
987 {
988 if (wszExePath[off] == '.')
989 {
990 wszExePath[off] = '\0';
991 cwcExePath = off;
992 break;
993 }
994 off--;
995 }
996
997 WCHAR const *pwszSuff = IsWow64() ? L"-amd64.exe" : L"-x86.exe";
998 int rc = RTUtf16Copy(&wszExePath[cwcExePath], RT_ELEMENTS(wszExePath) - cwcExePath, pwszSuff);
999 if (RT_FAILURE(rc))
1000 return ErrorMsgRc(14, "Real installer name is too long!");
1001 cwcExePath += RTUtf16Len(&wszExePath[cwcExePath]);
1002
1003 /*
1004 * Replace the first argument of the argument list.
1005 */
1006 PWCHAR pwszNewCmdLine = NULL;
1007 LPCWSTR pwszOrgCmdLine = GetCommandLineW();
1008 if (pwszOrgCmdLine) /* Dunno if this can be NULL, but whatever. */
1009 {
1010 /* Skip the first argument in the original. */
1011 /** @todo Is there some ISBLANK or ISSPACE macro/function in Win32 that we could
1012 * use here, if it's correct wrt. command line conventions? */
1013 WCHAR wch;
1014 while ((wch = *pwszOrgCmdLine) == L' ' || wch == L'\t')
1015 pwszOrgCmdLine++;
1016 if (wch == L'"')
1017 {
1018 pwszOrgCmdLine++;
1019 while ((wch = *pwszOrgCmdLine) != L'\0')
1020 {
1021 pwszOrgCmdLine++;
1022 if (wch == L'"')
1023 break;
1024 }
1025 }
1026 else
1027 {
1028 while ((wch = *pwszOrgCmdLine) != L'\0')
1029 {
1030 pwszOrgCmdLine++;
1031 if (wch == L' ' || wch == L'\t')
1032 break;
1033 }
1034 }
1035 while ((wch = *pwszOrgCmdLine) == L' ' || wch == L'\t')
1036 pwszOrgCmdLine++;
1037
1038 /* Join up "wszExePath" with the remainder of the original command line. */
1039 size_t cwcOrgCmdLine = RTUtf16Len(pwszOrgCmdLine);
1040 size_t cwcNewCmdLine = 1 + cwcExePath + 1 + 1 + cwcOrgCmdLine + 1;
1041 PWCHAR pwsz = pwszNewCmdLine = (PWCHAR)LocalAlloc(LPTR, cwcNewCmdLine * sizeof(WCHAR));
1042 if (!pwsz)
1043 return ErrorMsgRcSUS(15, "Out of memory (", cwcNewCmdLine * sizeof(WCHAR), " bytes)");
1044 *pwsz++ = L'"';
1045 memcpy(pwsz, wszExePath, cwcExePath * sizeof(pwsz[0]));
1046 pwsz += cwcExePath;
1047 *pwsz++ = L'"';
1048 if (cwcOrgCmdLine)
1049 {
1050 *pwsz++ = L' ';
1051 memcpy(pwsz, pwszOrgCmdLine, cwcOrgCmdLine * sizeof(pwsz[0]));
1052 }
1053 else
1054 {
1055 *pwsz = L'\0';
1056 pwszOrgCmdLine = NULL;
1057 }
1058 }
1059
1060 /*
1061 * Open the executable for this process.
1062 */
1063 HANDLE hFileSelf = CreateFileW(wszSelfPath, GENERIC_READ, FILE_SHARE_READ, NULL /*pSecAttr*/, OPEN_EXISTING,
1064 FILE_ATTRIBUTE_NORMAL | FILE_FLAG_OPEN_REPARSE_POINT, NULL);
1065 if (hFileSelf == INVALID_HANDLE_VALUE && GetLastError() == ERROR_INVALID_PARAMETER)
1066 hFileSelf = CreateFileW(wszSelfPath, GENERIC_READ, FILE_SHARE_READ, NULL /*pSecAttr*/, OPEN_EXISTING,
1067 FILE_ATTRIBUTE_NORMAL, NULL);
1068 if (hFileSelf == INVALID_HANDLE_VALUE)
1069 {
1070 if (GetLastError() == ERROR_FILE_NOT_FOUND)
1071 return ErrorMsgRcSW(17, "File not found: ", wszSelfPath);
1072 return ErrorMsgRcSWSU(17, "Error opening '", wszSelfPath, "' for reading: ", GetLastError());
1073 }
1074
1075
1076 /*
1077 * Open the file we're about to execute.
1078 */
1079 HANDLE hFileExe = CreateFileW(wszExePath, GENERIC_READ, FILE_SHARE_READ, NULL /*pSecAttr*/, OPEN_EXISTING,
1080 FILE_ATTRIBUTE_NORMAL | FILE_FLAG_OPEN_REPARSE_POINT, NULL);
1081 if (hFileExe == INVALID_HANDLE_VALUE && GetLastError() == ERROR_INVALID_PARAMETER)
1082 hFileExe = CreateFileW(wszExePath, GENERIC_READ, FILE_SHARE_READ, NULL /*pSecAttr*/, OPEN_EXISTING,
1083 FILE_ATTRIBUTE_NORMAL, NULL);
1084 if (hFileExe == INVALID_HANDLE_VALUE)
1085 {
1086 if (GetLastError() == ERROR_FILE_NOT_FOUND)
1087 return ErrorMsgRcSW(18, "File not found: ", wszExePath);
1088 return ErrorMsgRcSWSU(18, "Error opening '", wszExePath, "' for reading: ", GetLastError());
1089 }
1090
1091 /*
1092 * Check that the file we're about to launch is related to us and safe to start.
1093 */
1094 int rcExit = CheckThatFileIsRelated(wszExePath, wszSelfPath);
1095 if (rcExit != 0)
1096 return rcExit;
1097
1098#ifdef VBOX_SIGNING_MODE
1099# if 1 /* Use the IPRT code as it it will work on all windows versions without trouble.
1100 Added some 800KB to the executable, but so what. */
1101 rcExit = CheckFileSignatureIprt(wszExePath);
1102# else
1103 rcExit = CheckFileSignatures(wszExePath, hFileExe, wszSelfPath, hFileSelf);
1104# endif
1105 if (rcExit != 0)
1106 return rcExit;
1107#endif
1108
1109 /*
1110 * Start the process.
1111 */
1112 STARTUPINFOW StartupInfo = { sizeof(StartupInfo), 0 };
1113 PROCESS_INFORMATION ProcInfo = { 0 };
1114 SetLastError(740);
1115 BOOL fOk = CreateProcessW(wszExePath,
1116 pwszNewCmdLine,
1117 NULL /*pProcessAttributes*/,
1118 NULL /*pThreadAttributes*/,
1119 TRUE /*fInheritHandles*/,
1120 0 /*dwCreationFlags*/,
1121 NULL /*pEnvironment*/,
1122 NULL /*pCurrentDirectory*/,
1123 &StartupInfo,
1124 &ProcInfo);
1125 if (fOk)
1126 {
1127 /* Wait for the process to finish. */
1128 CloseHandle(ProcInfo.hThread);
1129 rcExit = WaitForProcess(ProcInfo.hProcess);
1130 CloseHandle(ProcInfo.hProcess);
1131 }
1132 else if (GetLastError() == ERROR_ELEVATION_REQUIRED)
1133 {
1134 /*
1135 * Elevation is required. That can be accomplished via ShellExecuteEx
1136 * and the runas atom.
1137 */
1138 MSG Msg;
1139 PeekMessage(&Msg, NULL, 0, 0, PM_NOREMOVE);
1140 CoInitializeEx(NULL, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE);
1141
1142 SHELLEXECUTEINFOW ShExecInfo = { 0 };
1143 ShExecInfo.cbSize = sizeof(SHELLEXECUTEINFOW);
1144 ShExecInfo.fMask = SEE_MASK_NOCLOSEPROCESS;
1145 ShExecInfo.hwnd = NULL;
1146 ShExecInfo.lpVerb = L"runas" ;
1147 ShExecInfo.lpFile = wszExePath;
1148 ShExecInfo.lpParameters = pwszOrgCmdLine; /* pass only args here!!! */
1149 ShExecInfo.lpDirectory = wszCurDir;
1150 ShExecInfo.nShow = SW_NORMAL;
1151 ShExecInfo.hProcess = INVALID_HANDLE_VALUE;
1152 if (ShellExecuteExW(&ShExecInfo))
1153 {
1154 if (ShExecInfo.hProcess != INVALID_HANDLE_VALUE)
1155 {
1156 rcExit = WaitForProcess2(ShExecInfo.hProcess);
1157 CloseHandle(ShExecInfo.hProcess);
1158 }
1159 else
1160 rcExit = ErrorMsgRc(1, "ShellExecuteExW did not return a valid process handle!");
1161 }
1162 else
1163 rcExit = ErrorMsgRcLastErrSWSR(9, "Failed to execute '", wszExePath, "' via ShellExecuteExW!");
1164 }
1165 else
1166 rcExit = ErrorMsgRcLastErrSWSR(8, "Failed to execute '", wszExePath, "' via CreateProcessW!");
1167
1168 if (pwszNewCmdLine)
1169 LocalFree(pwszNewCmdLine);
1170
1171 return rcExit;
1172}
1173
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette