VirtualBox

source: vbox/trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h@ 54346

Last change on this file since 54346 was 53220, checked in by vboxsync, 10 years ago

SUP: Relax image architecture restrictions so 32-bit resource DLLs won't cause unnecessary trouble in 64-bit processes. (untested)

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 11.7 KB
Line 
1/* $Id: SUPHardenedVerify-win.h 53220 2014-11-05 08:51:38Z vboxsync $ */
2/** @file
3 * VirtualBox Support Library/Driver - Hardened Verification, Windows.
4 */
5
6/*
7 * Copyright (C) 2006-2014 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___win_SUPHardenedVerify_win_h
28#define ___win_SUPHardenedVerify_win_h
29
30#include <iprt/types.h>
31#include <iprt/crypto/x509.h>
32#ifndef SUP_CERTIFICATES_ONLY
33# ifdef RT_OS_WINDOWS
34# include <iprt/ldr.h>
35# endif
36#endif
37
38
39RT_C_DECLS_BEGIN
40
41#ifndef SUP_CERTIFICATES_ONLY
42# ifdef RT_OS_WINDOWS
43DECLHIDDEN(int) supHardenedWinInitImageVerifier(PRTERRINFO pErrInfo);
44DECLHIDDEN(void) supHardenedWinTermImageVerifier(void);
45DECLHIDDEN(void) supR3HardenedWinVerifyCacheScheduleImports(RTLDRMOD hLdrMod, PCRTUTF16 pwszName);
46DECLHIDDEN(void) supR3HardenedWinVerifyCachePreload(PCRTUTF16 pwszName);
47
48
49typedef enum SUPHARDNTVPKIND
50{
51 SUPHARDNTVPKIND_VERIFY_ONLY = 1,
52 SUPHARDNTVPKIND_CHILD_PURIFICATION,
53 SUPHARDNTVPKIND_SELF_PURIFICATION,
54 SUPHARDNTVPKIND_32BIT_HACK = 0x7fffffff
55} SUPHARDNTVPKIND;
56/** @name SUPHARDNTVP_F_XXX - Flags for supHardenedWinVerifyProcess
57 * @{ */
58/** Replace unwanted executable memory allocations with a new one that's filled
59 * with a safe read-write copy (default is just to free it).
60 *
61 * This is one way we attempt to work around buggy protection software that
62 * either result in host BSOD or VBox application malfunction. Here the current
63 * shit list:
64 * - Trend Micro's data protection software includes a buggy driver called
65 * sakfile.sys that has been observed crashing accessing user memory that we
66 * probably freed. I'd love to report this to Trend Micro, but unfortunately
67 * they doesn't advertise (or have?) an email address for reporting security
68 * vulnerabilities in the their software. Having wasted time looking and not
69 * very sorry for having to disclosing the bug here.
70 * - Maybe one more.
71 */
72#define SUPHARDNTVP_F_EXEC_ALLOC_REPLACE_WITH_RW RT_BIT_32(0)
73/** @} */
74DECLHIDDEN(int) supHardenedWinVerifyProcess(HANDLE hProcess, HANDLE hThread, SUPHARDNTVPKIND enmKind, uint32_t fFlags,
75 uint32_t *pcFixes, PRTERRINFO pErrInfo);
76DECLHIDDEN(int) supHardNtVpThread(HANDLE hProcess, HANDLE hThread, PRTERRINFO pErrInfo);
77DECLHIDDEN(int) supHardNtVpDebugger(HANDLE hProcess, PRTERRINFO pErrInfo);
78
79
80DECLHIDDEN(bool) supHardViUtf16PathIsEqualEx(PCRTUTF16 pawcLeft, size_t cwcLeft, const char *pszRight);
81DECLHIDDEN(bool) supHardViUniStrPathStartsWithUniStr(UNICODE_STRING const *pUniStrLeft,
82 UNICODE_STRING const *pUniStrRight, bool fCheckSlash);
83DECLHIDDEN(bool) supHardViUtf16PathStartsWithEx(PCRTUTF16 pwszLeft, uint32_t cwcLeft,
84 PCRTUTF16 pwszRight, uint32_t cwcRight, bool fCheckSlash);
85DECLHIDDEN(bool) supHardViIsAppPatchDir(PCRTUTF16 pwszPath, uint32_t cwcName);
86
87
88/**
89 * SUP image verifier loader reader instance.
90 */
91typedef struct SUPHNTVIRDR
92{
93 /** The core reader structure. */
94 RTLDRREADER Core;
95 /** The file handle. */
96 HANDLE hFile;
97 /** Handle to event sempahore in case we're force to deal with asynchronous
98 * I/O. */
99 HANDLE hEvent;
100 /** Current file offset. */
101 RTFOFF off;
102 /** The file size. */
103 RTFOFF cbFile;
104 /** Flags for the verification callback, SUPHNTVI_F_XXX. */
105 uint32_t fFlags;
106 /** The executable timstamp in second since unix epoch. */
107 uint64_t uTimestamp;
108 /** Log name. */
109 char szFilename[1];
110} SUPHNTVIRDR;
111/** Pointer to an SUP image verifier loader reader instance. */
112typedef SUPHNTVIRDR *PSUPHNTVIRDR;
113DECLHIDDEN(int) supHardNtViRdrCreate(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, PSUPHNTVIRDR *ppNtViRdr);
114DECLHIDDEN(bool) supHardenedWinIsWinVerifyTrustCallable(void);
115DECLHIDDEN(int) supHardenedWinVerifyImageTrust(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, int rc,
116 bool *pfWinVerifyTrust, PRTERRINFO pErrInfo);
117DECLHIDDEN(int) supHardenedWinVerifyImageByHandle(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, bool fAvoidWinVerifyTrust,
118 bool *pfWinVerifyTrust, PRTERRINFO pErrInfo);
119DECLHIDDEN(int) supHardenedWinVerifyImageByHandleNoName(HANDLE hFile, uint32_t fFlags, PRTERRINFO pErrInfo);
120DECLHIDDEN(int) supHardenedWinVerifyImageByLdrMod(RTLDRMOD hLdrMod, PCRTUTF16 pwszName, PSUPHNTVIRDR pNtViRdr,
121 bool fAvoidWinVerifyTrust, bool *pfWinVerifyTrust, PRTERRINFO pErrInfo);
122/** @name SUPHNTVI_F_XXX - Flags for supHardenedWinVerifyImageByHandle.
123 * @{ */
124/** The signing certificate must be the same as the one the VirtualBox build
125 * was signed with. */
126# define SUPHNTVI_F_REQUIRE_BUILD_CERT RT_BIT(0)
127/** Require kernel code signing level. */
128# define SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING RT_BIT(1)
129/** Require the image to force the memory mapper to do signature checking. */
130# define SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT RT_BIT(2)
131/** Whether to allow image verification by catalog file. */
132# define SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION RT_BIT(3)
133/** The file owner must be TrustedInstaller on Vista+. */
134# define SUPHNTVI_F_TRUSTED_INSTALLER_OWNER RT_BIT(4)
135/** Ignore the image architecture (otherwise it must match the verification
136 * code). Used with resource images and such. */
137# define SUPHNTVI_F_IGNORE_ARCHITECTURE RT_BIT(30)
138/** Raw-mode context image, always 32-bit. */
139# define SUPHNTVI_F_RC_IMAGE RT_BIT(31)
140/** @} */
141
142/**
143 * Loader cache entry.
144 *
145 * This is for avoiding loading and signature checking a file multiple times,
146 * due to multiple passes thru the process validation code (and syscall import
147 * code of NTDLL).
148 */
149typedef struct SUPHNTLDRCACHEENTRY
150{
151 /** The file name (from g_apszSupNtVpAllowedDlls or
152 * g_apszSupNtVpAllowedVmExes). */
153 const char *pszName;
154 /** Load module associated with the image during content verfication. */
155 RTLDRMOD hLdrMod;
156 /** The file reader. */
157 PSUPHNTVIRDR pNtViRdr;
158 /** The module file handle, if we've opened it.
159 * (pNtviRdr does not close the file handle on destruction.) */
160 HANDLE hFile;
161 /** Bits buffer. */
162 uint8_t *pbBits;
163 /** Set if verified. */
164 bool fVerified;
165 /** Whether we've got valid cacheable image bit.s */
166 bool fValidBits;
167 /** The image base address. */
168 uintptr_t uImageBase;
169} SUPHNTLDRCACHEENTRY;
170/** Pointer to a loader cache entry. */
171typedef SUPHNTLDRCACHEENTRY *PSUPHNTLDRCACHEENTRY;
172DECLHIDDEN(int) supHardNtLdrCacheOpen(const char *pszName, PSUPHNTLDRCACHEENTRY *ppEntry);
173DECLHIDDEN(int) supHardNtLdrCacheEntryVerify(PSUPHNTLDRCACHEENTRY pEntry, PCRTUTF16 pwszName, PRTERRINFO pErrInfo);
174DECLHIDDEN(int) supHardNtLdrCacheEntryGetBits(PSUPHNTLDRCACHEENTRY pEntry, uint8_t **ppbBits, RTLDRADDR uBaseAddress,
175 PFNRTLDRIMPORT pfnGetImport, void *pvUser, PRTERRINFO pErrInfo);
176
177
178/** Which directory under the system root to get. */
179typedef enum SUPHARDNTSYSROOTDIR
180{
181 kSupHardNtSysRootDir_System32 = 0,
182 kSupHardNtSysRootDir_WinSxS,
183} SUPHARDNTSYSROOTDIR;
184
185DECLHIDDEN(int) supHardNtGetSystemRootDir(void *pvBuf, uint32_t cbBuf, SUPHARDNTSYSROOTDIR enmDir, PRTERRINFO pErrInfo);
186
187# ifndef SUPHNTVI_NO_NT_STUFF
188
189/** Typical system root directory buffer. */
190typedef struct SUPSYSROOTDIRBUF
191{
192 UNICODE_STRING UniStr;
193 WCHAR awcBuffer[260];
194} SUPSYSROOTDIRBUF;
195extern SUPSYSROOTDIRBUF g_System32NtPath;
196extern SUPSYSROOTDIRBUF g_WinSxSNtPath;
197#if defined(IN_RING3) && !defined(VBOX_PERMIT_EVEN_MORE)
198extern SUPSYSROOTDIRBUF g_ProgramFilesNtPath;
199extern SUPSYSROOTDIRBUF g_CommonFilesNtPath;
200# if ARCH_BITS == 64
201extern SUPSYSROOTDIRBUF g_ProgramFilesX86NtPath;
202extern SUPSYSROOTDIRBUF g_CommonFilesX86NtPath;
203# endif
204#endif /* IN_RING3 && !VBOX_PERMIT_EVEN_MORE */
205extern SUPSYSROOTDIRBUF g_SupLibHardenedExeNtPath;
206extern uint32_t g_offSupLibHardenedExeNtName;
207
208# ifdef IN_RING0
209/** Pointer to NtQueryVirtualMemory. */
210typedef NTSTATUS (NTAPI *PFNNTQUERYVIRTUALMEMORY)(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
211extern PFNNTQUERYVIRTUALMEMORY g_pfnNtQueryVirtualMemory;
212# endif
213
214# endif /* SUPHNTVI_NO_NT_STUFF */
215
216/** Creates a combined NT version number for simple comparisons. */
217#define SUP_MAKE_NT_VER_COMBINED(a_uMajor, a_uMinor, a_uBuild, a_uSpMajor, a_uSpMinor) \
218 ( ((uint32_t)((a_uMajor) & UINT32_C(0xf)) << 28) \
219 | ((uint32_t)((a_uMinor) & UINT32_C(0xf)) << 24) \
220 | ((uint32_t)((a_uBuild) & UINT32_C(0xffff)) << 8) \
221 | ((uint32_t)((a_uSpMajor) & UINT32_C(0xf)) << 4) \
222 | RT_MIN((uint32_t)(a_uSpMinor), UINT32_C(0xf)) )
223/** Simple version of SUP_MAKE_NT_VER_COMBINED. */
224#define SUP_MAKE_NT_VER_SIMPLE(a_uMajor, a_uMinor) SUP_MAKE_NT_VER_COMBINED(a_uMajor, a_uMinor, 0, 0, 0)
225extern uint32_t g_uNtVerCombined;
226
227/** @name NT version constants for less-than checks.
228 * @{ */
229/** Combined NT version number for XP. */
230#define SUP_NT_VER_XP SUP_MAKE_NT_VER_SIMPLE(5,1)
231/** Combined NT version number for Windows server 2003 & XP64. */
232#define SUP_NT_VER_W2K3 SUP_MAKE_NT_VER_SIMPLE(5,2)
233/** Combined NT version number for Vista. */
234#define SUP_NT_VER_VISTA SUP_MAKE_NT_VER_SIMPLE(6,0)
235/** Combined NT version number for Vista with SP1. */
236#define SUP_NT_VER_VISTA_SP1 SUP_MAKE_NT_VER_COMBINED(6,0,6001,1,0)
237/** Combined NT version number for Windows 7. */
238#define SUP_NT_VER_W70 SUP_MAKE_NT_VER_SIMPLE(6,1)
239/** Combined NT version number for Windows 8.0. */
240#define SUP_NT_VER_W80 SUP_MAKE_NT_VER_SIMPLE(6,2)
241/** Combined NT version number for Windows 8.1. */
242#define SUP_NT_VER_W81 SUP_MAKE_NT_VER_SIMPLE(6,3)
243/** @} */
244
245# endif
246
247# ifndef IN_SUP_HARDENED_R3
248# include <iprt/mem.h>
249# include <iprt/string.h>
250
251# define suplibHardenedMemComp memcmp
252# define suplibHardenedMemCopy memcpy
253# define suplibHardenedMemSet memset
254# define suplibHardenedStrCopy strcpy
255# define suplibHardenedStrLen strlen
256# define suplibHardenedStrCat strcat
257# define suplibHardenedStrCmp strcmp
258# define suplibHardenedStrNCmp strncmp
259# else /* IN_SUP_HARDENED_R3 */
260# include <iprt/mem.h>
261# if 0
262# define memcmp suplibHardenedMemComp
263# define memcpy suplibHardenedMemCopy
264# define memset suplibHardenedMemSet
265# define strcpy suplibHardenedStrCopy
266# define strlen suplibHardenedStrLen
267# define strcat suplibHardenedStrCat
268# define strcmp suplibHardenedStrCmp
269# define strncmp suplibHardenedStrNCmp
270# endif
271# endif /* IN_SUP_HARDENED_R3 */
272
273#endif /* SUP_CERTIFICATES_ONLY */
274
275RT_C_DECLS_END
276
277#endif
278
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette