Changeset 51770 – Oracle VirtualBox

trunk

Property svn:mergeinfo changed
/branches/bird/hardenedwindows (added) merged: 92692-94610

trunk/Config.kmk

-              r51533
+              r51770
 # Most developers will want to disable this in their LocalConfig.kmk.
 ifn1of ($(KBUILD_TARGET), win)
  VBOX_WITH_HARDENING = 1
+VBOX_WITH_HARDENING = 1
 endif
 # Where the application files are (going to be) installed.
 …
 endif
 # Enable the system wide support service/daemon.
 # Work in progress, but required for hardening on Windows.
+# Very sketchy work in progress.
 #VBOX_WITH_SUPSVC = 1
-ifdef VBOX_WITH_HARDENING
- if1of ($(KBUILD_TARGET), win)
-  VBOX_WITH_SUPSVC = 1
- endif
-endif
 ## @}
 …
 VBOX_RTMANIFEST ?= $(PATH_OBJ)/bldRTManifest/bldRTManifest$(HOSTSUFF_EXE)
+# RTSignTool (certificate extraction tool)
+VBOX_RTSIGNTOOL ?= $(PATH_OBJ)/bldRTSignTool/bldRTSignTool$(HOSTSUFF_EXE)
 # VBoxCmp (simple /bin/cmp with more sensible output)
 VBOX_VBOXCMP    ?= $(PATH_OBJ)/VBoxCmp/VBoxCmp$(HOSTSUFF_EXE)
 …
 # VBoxPeSetVersion (changes the minimum OS version of an image)
 VBOX_PE_SET_VERSION ?= $(PATH_OBJ)/VBoxPeSetVersion/VBoxPeSetVersion$(HOSTSUFF_EXE)
+# Visual C++ EditBin.exe.
+VBOX_VCC_EDITBIN = $(if $(PATH_TOOL_$(VBOX_VCC_TOOL)_BIN),$(PATH_TOOL_$(VBOX_VCC_TOOL)_BIN)/,)editbin.exe /NoLogo
 # filesplitter (splits java files)
 …
   ## Commands for signing a driver image after link.
   VBOX_SIGN_DRIVER_CMDS ?= $(if $(eq $(tool_do),LINK_LIBRARY),,$(call VBOX_SIGN_FILE_FN,$(out)))
   ## Sign a file.
+  VBOX_SIGN_DRIVER_CMDS ?= $(if $(eq $(tool_do),LINK_LIBRARY),,$(call VBOX_SIGN_IMAGE_FN,$(out)))
+  ## Sign a file (generic).
   # @param 1  The file to sign.
   # @param 2  File description. Optional.
+  # @param 3  Additional parameters. Optional.
   VBOX_SIGN_FILE_FN     ?= $(VBOX_SIGNTOOL) sign \
         $(VBOX_CROSS_CERTIFICATE_FILE_ARGS) \
 …
         $(VBOX_TSA_URL_ARGS) \
         $(if $(strip $(2)),/d "$(strip $(2))",) \
+       $(3) \
         $(1)
+  ## Sign an executable image.
+  # @param 1  The file to sign.
+  # @param 2  File description. Optional.
+  VBOX_SIGN_IMAGE_FN     ?= $(call VBOX_SIGN_FILE_FN,$(1),$(2),/ph)
   ## Create a security catalog file.
   # @param 1  The directory containing the stuff to sign.
 …
   # Go nuts, sign everything.
   ifeq ($(strip $(VBOX_SIGNING_MODE)),release)
+  if "$(strip $(VBOX_SIGNING_MODE))" == "release" || defined(VBOX_WITH_HARDENING)
    ## Commands for signing an executable or a dll image after link.
    VBOX_SIGN_IMAGE_CMDS  ?= $(if $(eq $(tool_do),LINK_LIBRARY),,$(call VBOX_SIGN_FILE_FN,$(out)))
+   VBOX_SIGN_IMAGE_CMDS  ?= $(if $(eq $(tool_do),LINK_LIBRARY),,$(call VBOX_SIGN_IMAGE_FN,$(out)))
   endif
   ## Enable signing of the additions.
 …
         $(1)
+##
+# Helper macro for re-signing DLL images from tools that we ship so they won't
+# cause trouble for the hardened build requirements.
+#
+# Invoke via $(call VBOX_RE_SIGN_DLL_FN) inside the SOURCES list.  Necessary
+# _CLEAN entry will be added to the target.  If hardening is not enabled or
+# we're not on windows, the source will be returned.
+#
+# @returns  Name of the output file name.  May have leading space, but no trailing.
+# @param    1   Target name.
+# @param    2   The source name.
+#
+if defined(VBOX_SIGNING_MODE) && "$(KBUILD_TARGET)" == "win"
+ VBOX_RE_SIGN_DLL_FN = $(if-expr !defined($(1)_VBOX_RE_SIGNED_$(notdir $(2))),\
+        $(evalcall VBOX_RE_SIGN_DLL_INTERNAL_FN,$1,$2)\
+        ,)$($(1)_0_OUTDIR)/$(notdir $2)
+define VBOX_RE_SIGN_DLL_INTERNAL_FN
+local n = $(notdir $2)
+ifndef $(1)_VBOX_RE_SIGNED_$(n)
+ $(1)_VBOX_RE_SIGNED_$(n) := 1
+ $(eval $(1)_CLEAN += $$($(1)_0_OUTDIR)/$(n))
+ $$($(1)_0_OUTDIR)/$(n): $(2) $(VBOX_VERSION_STAMP) | $$(dir $$@)
+        $(call MSG_TOOL,SIGNTOOL,,$<,$@)
+        $(RM) -f -- "$@"
+        $(CP) -- "$<" "$@"
+        $(VBOX_VCC_EDITBIN) /LargeAddressAware /DynamicBase /NxCompat /Release /IntegrityCheck \
+                /Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
+                "$@"
+        $(call VBOX_SIGN_IMAGE_FN,$@)
+endif
+endef # VBOX_RESIGN_DLL_FN
+else
+ VBOX_RE_SIGN_DLL_FN = $(2)
+endif
+##
+# @param
+VBOX_RESIGN_DLL_FN =
+#
 # Adjust kBuild defaults.
 …
         $(PATH_STAGE_LIB)/VBoxExtPack-libssl$(VBOX_SUFF_LIB) \
         $(PATH_STAGE_LIB)/VBoxExtPack-libcrypto$(VBOX_SUFF_LIB)
+if "$(KBUILD_TARGET)" == "win" && defined(VBOX_WITH_HARDENING)
+ SDK_VBoxOpenSslHardened                = Only for VBoxDrv and Hardened Stub EXEs on windows.
+ SDK_VBoxOpenSslHardened_INCS           = $(SDK_VBOX_OPENSSL_VBOX_DEFAULT_INCS)
+ SDK_VBoxOpenSslHardened_ORDERDEPS      = $(crypto-headers_1_TARGET)
+ SDK_VBoxOpenSslHardened_LIBS           = \
+        $(PATH_STAGE_LIB)/VBoxHardened-libcrypto$(VBOX_SUFF_LIB)
+endif
 SDK_VBOX_BLD_OPENSSL      = .
 …
   endif
   TEMPLATE_VBoxRc_CFLAGS             = $(TEMPLATE_VBoxRc_CXXFLAGS)
+  TEMPLATE_VBoxRc_LDFLAGS            = -Driver -Subsystem:NATIVE -Incremental:NO -Align:64 -MapInfo:Exports -NoD $(VBOX_VCC_LD_WERR) -Debug
+  TEMPLATE_VBoxRc_LDFLAGS            = -Driver -Subsystem:NATIVE -Incremental:NO -Align:64 -MapInfo:Exports -NoD $(VBOX_VCC_LD_WERR) -Release -Debug
+  ifdef VBOX_SIGNING_MODE
+   TEMPLATE_VBoxRc_LDFLAGS          += -IntegrityCheck
+  endif
   TEMPLATE_VBoxRc_LIBS               = \
         $(PATH_SDK_$(VBOX_WINDDK)_LIB.x86)/int64.lib
 …
  endif
 TEMPLATE_VBoxR0_CFLAGS              = $(TEMPLATE_VBoxR0_CXXFLAGS)
 TEMPLATE_VBoxR0_LDFLAGS             = -Driver -Subsystem:NATIVE -Incremental:NO -Align:4096 -MapInfo:Exports -NoD $(VBOX_VCC_LD_WERR) -Debug
+TEMPLATE_VBoxR0_LDFLAGS             = -Driver -Subsystem:NATIVE -Incremental:NO -Align:4096 -MapInfo:Exports -NoD $(VBOX_VCC_LD_WERR) -Release -Debug
  ifdef VBOX_WITH_DTRACE_R0
 TEMPLATE_VBoxR0_LDFLAGS            += -Merge:VTGPrLc.Data=VTGPrLc.Begin -Merge:VTGPrLc.End=VTGPrLc.Begin -Merge:VTGPrLc.Begin=VTGObj
+ endif
+ ifdef VBOX_SIGNING_MODE
+  TEMPLATE_VBoxR0_LDFLAGS          += -IntegrityCheck
  endif
 TEMPLATE_VBoxR0_LIBS                = \
 …
  TEMPLATE_VBOXR0DRV_DEFS.x86          += WIN9X_COMPAT_SPINLOCK     # Avoid multiply defined _KeInitializeSpinLock@4
  TEMPLATE_VBOXR0DRV_DEFS.amd64         = _AMD64_
  TEMPLATE_VBOXR0DRV_CXXFLAGS           = -Zi -Zl -GR- -EHs- -GF -Gz -W3 -GS- -wd4996 -Zc:wchar_t- $(VBOX_VCC_OPT) $(VBOX_VCC_FP)
+ TEMPLATE_VBOXR0DRV_CXXFLAGS           = -Zi -Zl -GR- -EHs- -GF -Gz -W3 -GS- -wd4996 -Zc:wchar_t- -Gs4096 $(VBOX_VCC_OPT) $(VBOX_VCC_FP)
  TEMPLATE_VBOXR0DRV_CFLAGS             = $(TEMPLATE_VBOXR0DRV_CXXFLAGS)
  TEMPLATE_VBOXR0DRV_LDFLAGS            = -Driver -Subsystem:NATIVE -Incremental:NO -Align:4096 -MapInfo:Exports -NoD -Debug
+ TEMPLATE_VBOXR0DRV_LDFLAGS            = -Driver -Subsystem:NATIVE -Incremental:NO -Align:4096 -MapInfo:Exports -NoD -Release -Debug
  ifdef VBOX_WITH_DTRACE_R0DRV
   TEMPLATE_VBOXR0DRV_LDFLAGS          += -Merge:VTGPrLc.Data=VTGPrLc.Begin -Merge:VTGPrLc.End=VTGPrLc.Begin -Merge:VTGPrLc.Begin=VTGObj
+ endif
+ ifdef VBOX_SIGNING_MODE
+  TEMPLATE_VBOXR0DRV_LDFLAGS          += -IntegrityCheck
  endif
  TEMPLATE_VBOXR0DRV_POST_CMDS          = $(VBOX_SIGN_DRIVER_CMDS)
 …
  TEMPLATE_VBOXR3EXE_CFLAGS.kprofile    = $(TEMPLATE_VBOXR3EXE_CXXFLAGS.kprofile)
  TEMPLATE_VBOXR3EXE_LDFLAGS            = \
+        /NOD /INCREMENTAL:NO /MAPINFO:EXPORTS /LARGEADDRESSAWARE /DEBUG \
+        /NOD /INCREMENTAL:NO /MAPINFO:EXPORTS /LargeAddressAware /DynamicBase /NxCompat /Release /Debug \
+        /Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
         /DISALLOWLIB:libc.lib \
         /DISALLOWLIB:libcd.lib \
 …
  ifdef VBOX_WITH_DTRACE_R3
   TEMPLATE_VBOXR3EXE_LDFLAGS          += -Merge:VTGPrLc.Data=VTGPrLc.Begin -Merge:VTGPrLc.End=VTGPrLc.Begin -Merge:VTGPrLc.Begin=VTGObj
+ endif
+ if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING)
+   TEMPLATE_VBOXR3EXE_LDFLAGS         += -IntegrityCheck
  endif
 …
 TEMPLATE_VBOXR3HARDENEDEXE = Hardened VBox Ring-3 EXE
 TEMPLATE_VBOXR3HARDENEDEXE_EXTENDS = VBOXR3EXE
+TEMPLATE_VBOXR3HARDENEDEXE_DEBUG_INST.win = $(INST_DEBUG)hardened-exes/
 TEMPLATE_VBOXR3HARDENEDEXE_LIBS = $(VBOX_LIB_SUPHARDENED) $(TEMPLATE_VBOXR3EXE_LIBS)
 TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS.darwin = $(TEMPLATE_VBOXR3EXE_LDFLAGS.darwin) -framework IOKit
 …
 endif
 ifeq ($(KBUILD_TARGET),win) # No CRT!
+ TEMPLATE_VBOXR3HARDENEDEXE_SDKS          = VBOX_NTDLL $(TEMPLATE_VBOXR3EXE_SDKS) VBoxOpenSslHardened
  TEMPLATE_VBOXR3HARDENEDEXE_LIBS.x86      = \
+        $(PATH_SDK_$(VBOX_WINDDK)_LIB.x86)/int64.lib \
         $(PATH_TOOL_$(TEMPLATE_VBOXR3HARDENEDEXE_TOOL.win.x86)_LIB)/chkstk.obj
- TEMPLATE_VBOXR3HARDENEDEXE_LIBS.amd64    = \
-        $(PATH_TOOL_$(TEMPLATE_VBOXR3HARDENEDEXE_TOOL.win.amd64)_LIB)/chkstk.obj
  TEMPLATE_VBOXR3HARDENEDEXE_CXXFLAGS      = $(filter-out -RTC% -GZ -GS,$(TEMPLATE_VBOXR3EXE_CXXFLAGS)) -GS-
  TEMPLATE_VBOXR3HARDENEDEXE_CXXFLAGS.debug= $(filter-out -RTC% -GZ -GS,$(TEMPLATE_VBOXR3EXE_CXXFLAGS.debug)) -GS-
 …
 if "$(KBUILD_TARGET)" == "win" && defined(VBOX_SIGNING_MODE)
  TEMPLATE_VBOXR3AUTOTST_POST_CMDS = $(NO_SUCH_VARIABLE)
+ TEMPLATE_VBOXR3AUTOTST_LDFLAGS = $(filter-out -IntegrityCheck, $(TEMPLATE_VBoxR3Static_LDFLAGS))
 endif
 …
 if "$(KBUILD_TARGET)" == "win" && defined(VBOX_SIGNING_MODE)
  TEMPLATE_VBOXR3TSTEXE_POST_CMDS =
+ TEMPLATE_VBOXR3TSTEXE_LDFLAGS = $(filter-out -IntegrityCheck, $(TEMPLATE_VBOXR3EXE_LDFLAGS))
 endif
 …
  TEMPLATE_VBOXMAINEXE_CFLAGS.kprofile    = $(TEMPLATE_VBOXMAINEXE_CXXFLAGS.kprofile)
  TEMPLATE_VBOXMAINEXE_LDFLAGS            = \
+        /NOD /INCREMENTAL:NO /MAPINFO:EXPORTS /LARGEADDRESSAWARE /DEBUG\
+        /NOD /INCREMENTAL:NO /MAPINFO:EXPORTS /LargeAddressAware /DynamicBase /NxCompat /Release /Debug \
+        /Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
         /DISALLOWLIB:libc.lib \
         /DISALLOWLIB:libcd.lib \
 …
         /DISALLOWLIB:msvcrt$(VBOX_VCC_CRT_TYPE_N).lib \
         /DISALLOWLIB:msvcprt$(VBOX_VCC_CRT_TYPE_N).lib
+ if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING)
+  TEMPLATE_VBOXMAINEXE_LDFLAGS          += -IntegrityCheck
+ endif
  TEMPLATE_VBOXMAINEXE_LIBS               = \
         $(LIB_RUNTIME)
 …
         $(PATH_TOOL_$(VBOX_VCC_TOOL)_ATLMFC_INC)
   TEMPLATE_VBOXQT4GUIEXE_LDFLAGS = \
+        /NOD /NOLOGO /INCREMENTAL:NO /MAPINFO:EXPORTS /DEBUG
+        /NOD /INCREMENTAL:NO /MAPINFO:EXPORTS /LargeAddressAware /DynamicBase /NxCompat /Release /Debug \
+        /Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD)
+  if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING)
+   TEMPLATE_VBOXQT4GUIEXE_LDFLAGS += -IntegrityCheck
+  endif
   TEMPLATE_VBOXQT4GUIEXE_SDKS += $(VBOX_WINPSDK)
   TEMPLATE_VBOXQT4GUIEXE_LIBS = \
 …
   endif
   TEMPLATE_VBOXQT4GUIEXE_POST_CMDS = $(VBOX_SIGN_IMAGE_CMDS)
-  TEMPLATE_VBOXQT4GUIEXE_LDFLAGS.win.x86 += /LARGEADDRESSAWARE
  else # the gcc guys:
 …
  TEMPLATE_VBoxBldProg_CFLAGS.kprofile    = $(TEMPLATE_VBoxBldProg_CXXFLAGS.kprofile)
  TEMPLATE_VBoxBldProg_LDFLAGS            = \
+        /NOD /INCREMENTAL:NO /MAPINFO:EXPORTS /LARGEADDRESSAWARE /DEBUG \
+        /NOD /INCREMENTAL:NO /MAPINFO:EXPORTS /LargeAddressAware /DynamicBase /NxCompat /Release /Debug \
+        /Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
         /DISALLOWLIB:libc$(VBOX_VCC_CRT_TYPE_N).lib \
         /DISALLOWLIB:libcmt$(VBOX_VCC_CRT_TYPE_N).lib \

trunk/Makefile.kmk

-              r51368
+              r51770
 # Sub-makefiles / Sub-directories.
+#
+if defined(VBOX_WITH_DOCS) && (!defined(VBOX_ONLY_BUILD) || defined(VBOX_ONLY_DOCS) || defined(VBOX_ONLY_SDK))
+ include $(PATH_SUB_CURRENT)/doc/manual/Makefile.kmk
+endif
+include $(PATH_SUB_CURRENT)/src/Makefile.kmk
+ifndef VBOX_ONLY_ROOT_MAKEFILE
+ if defined(VBOX_WITH_DOCS) && (!defined(VBOX_ONLY_BUILD) || defined(VBOX_ONLY_DOCS) || defined(VBOX_ONLY_SDK))
+  include $(PATH_SUB_CURRENT)/doc/manual/Makefile.kmk
+ endif
+ include $(PATH_SUB_CURRENT)/src/Makefile.kmk
+endif
+#
 …
   include $(KBUILD_PATH)/sdks/LIBSDL.kmk
   InstallExternalLibs_SOURCES += \
         $(DLL_SDK_LIBSDL_SDL)
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(DLL_SDK_LIBSDL_SDL))
   ifdef VBOX_WITH_SECURELABEL
    InstallExternalLibs_SOURCES += \
         $(DLL_SDK_LIBSDL_SDLTTF)
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(DLL_SDK_LIBSDL_SDLTTF))
   endif
   ifeq ($(KBUILD_TARGET),os2)
 …
 # The compiler runtime DLLs.
 ifeq ($(KBUILD_TARGET).$(VBOX_WITHOUT_COMPILER_REDIST),win.)
+  VBOX_PATH_VCC_REDIST         = $(PATH_TOOL_$(VBOX_VCC_TOOL))/redist/
+  VBOX_PATH_VCC_REDIST_CRT     = $(VBOX_PATH_VCC_REDIST)/$(subst amd64,x64,$(KBUILD_TARGET_ARCH))/Microsoft.VC100.CRT
+  VBOX_PATH_VCC_REDIST_CRT_DBG = $(VBOX_PATH_VCC_REDIST)/Debug_NonRedist/$(subst amd64,x64,$(KBUILD_TARGET_ARCH))/Microsoft.VC100.DebugCRT
+ include $(KBUILD_PATH)/tools/$(VBOX_VCC_TOOL).kmk
+ include $(KBUILD_PATH)/tools/$(VBOX_VCC_TOOL_STEM)X86.kmk
+ VBOX_PATH_VCC_REDIST             = $(PATH_TOOL_$(VBOX_VCC_TOOL))/redist/
+ VBOX_PATH_VCC_REDIST_CRT         = $(VBOX_PATH_VCC_REDIST)/$(subst amd64,x64,$(KBUILD_TARGET_ARCH))/Microsoft.VC100.CRT
+ VBOX_PATH_VCC_REDIST_CRT_DBG     = $(VBOX_PATH_VCC_REDIST)/Debug_NonRedist/$(subst amd64,x64,$(KBUILD_TARGET_ARCH))/Microsoft.VC100.DebugCRT
+ VBOX_PATH_VCC_REDIST_CRT_X86     = $(VBOX_PATH_VCC_REDIST)/x86/Microsoft.VC100.CRT
+ VBOX_PATH_VCC_REDIST_CRT_DBG_X86 = $(VBOX_PATH_VCC_REDIST)/Debug_NonRedist/x86/Microsoft.VC100.DebugCRT
+ InstallExternalLibs_SOURCES += \
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll) \
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll) \
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll)=>testcase/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll)=>testcase/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll
+ ifdef VBOX_WITH_32_ON_64_MAIN_API
   InstallExternalLibs_SOURCES += \
+        $(VBOX_PATH_VCC_REDIST_CRT)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
+        $(VBOX_PATH_VCC_REDIST_CRT)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
+        $(VBOX_PATH_VCC_REDIST_CRT)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll=>testcase/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
+        $(VBOX_PATH_VCC_REDIST_CRT)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll=>testcase/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll
+ ifdef VBOX_WITH_32_ON_64_MAIN_API
+  VBOX_PATH_VCC_REDIST_CRT_X86 = $(VBOX_PATH_VCC_REDIST)/x86/Microsoft.VC100.CRT
+  VBOX_PATH_VCC_REDIST_CRT_DBG_X86 = $(VBOX_PATH_VCC_REDIST)/Debug_NonRedist/x86/Microsoft.VC100.DebugCRT
+  InstallExternalLibs_SOURCES += \
+        $(VBOX_PATH_VCC_REDIST_CRT_X86)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll=>x86/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
+        $(VBOX_PATH_VCC_REDIST_CRT_X86)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll=>x86/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT_X86)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll)=>x86/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT_X86)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll)=>x86/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll
  endif
  ifeq ($(VBOX_VCC_CRT_TYPE),d)
   InstallExternalLibs_SOURCES += \
         $(VBOX_PATH_VCC_REDIST_CRT_DBG)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
         $(VBOX_PATH_VCC_REDIST_CRT_DBG)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
         $(VBOX_PATH_VCC_REDIST_CRT_DBG)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll=>testcase/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
         $(VBOX_PATH_VCC_REDIST_CRT_DBG)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll=>testcase/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT_DBG)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll) \
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT_DBG)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll) \
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT_DBG)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll)=>testcase/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT_DBG)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll)=>testcase/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll
   ifdef VBOX_WITH_32_ON_64_MAIN_API
   InstallExternalLibs_SOURCES += \
         $(VBOX_PATH_VCC_REDIST_CRT_DBG_X86)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll=>x86/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
         $(VBOX_PATH_VCC_REDIST_CRT_DBG_X86)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll=>x86/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT_DBG_X86)/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll)=>x86/msvcr$(substr $(VBOX_VCC_TOOL_STEM),4).dll \
+        $(call VBOX_RE_SIGN_DLL_FN,InstallExternalLibs,$(VBOX_PATH_VCC_REDIST_CRT_DBG_X86)/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll)=>x86/msvcp$(substr $(VBOX_VCC_TOOL_STEM),4).dll
   endif
  endif
 …
    qt4-bin_INST = $(INST_BIN)
    qt4-bin_SOURCES = \
         $(foreach qtmod,$(VBOX_QT4_MOD_NAMES),$(VBOX_PATH_QT4_LIB)/$(qtmod)4$(SUFF_DLL)) \
         $(VBOX_PATH_QT4)/plugins/accessible/qtaccessiblewidgets4$(SUFF_DLL)=>accessible/qtaccessiblewidgets4$(SUFF_DLL)
+        $(foreach qtmod,$(VBOX_QT4_MOD_NAMES),$(call VBOX_RE_SIGN_DLL_FN,qt4-bin,$(VBOX_PATH_QT4_LIB)/$(qtmod)4$(SUFF_DLL))) \
+        $(call VBOX_RE_SIGN_DLL_FN,qt4-bin,$(VBOX_PATH_QT4)/plugins/accessible/qtaccessiblewidgets4$(SUFF_DLL))=>accessible/qtaccessiblewidgets4$(SUFF_DLL)
   else
    INSTALLS += qt4-bin

trunk/include/Makefile.kmk

r43387	r51770
95	95	iprt/thread.h \
96	96	iprt/mem.h \
	97	iprt/memsafer.h \
97	98	iprt/alloc.h \
98	99	$(r3_cpp_hdrs) \

trunk/include/VBox/err.h

-              r51757
+              r51770
 /** The user mode tracepoint provider string table offset is bad. */
 #define VERR_SUPDRV_TRACER_UMOD_STRTAB_OFF_BAD      (-3737)
+/** The VM process was denied access to vboxdrv because someone have managed to
+ * open the process or its main thread with too broad access rights. */
+#define VERR_SUPDRV_HARDENING_EVIL_HANDLE           (-3738)
+/** Error opening the ApiPort LPC object. */
+#define VERR_SUPDRV_APIPORT_OPEN_ERROR              (-3739)
+/** Error enumerating all processes in the session. */
+#define VERR_SUPDRV_SESSION_PROCESS_ENUM_ERROR      (-3740)
+/** The CSRSS instance associated with the client process could not be
+ * located. */
+#define VERR_SUPDRV_CSRSS_NOT_FOUND                 (-3741)
 /** @} */
 …
 /** The internal application does not reside in the correct place (hardening). */
 #define VERR_SUPLIB_INVALID_INTERNAL_APP_DIR        (-3769)
+/** Unable to establish trusted of VM process (0). */
+#define VERR_SUPLIB_NT_PROCESS_UNTRUSTED_0          (-3770)
+/** Unable to establish trusted of VM process (1). */
+#define VERR_SUPLIB_NT_PROCESS_UNTRUSTED_1          (-3771)
+/** Unable to establish trusted of VM process (2). */
+#define VERR_SUPLIB_NT_PROCESS_UNTRUSTED_2          (-3772)
+/** Unable to establish trusted of VM process (3). */
+#define VERR_SUPLIB_NT_PROCESS_UNTRUSTED_3          (-3773)
+/** Unable to establish trusted of VM process (4). */
+#define VERR_SUPLIB_NT_PROCESS_UNTRUSTED_4          (-3774)
+/** Unable to establish trusted of VM process (5). */
+#define VERR_SUPLIB_NT_PROCESS_UNTRUSTED_5          (-3775)
 /** @} */
 …
+/** @name Support driver/library shared verfication status codes.
+ * @{  */
+/** Process Verficiation Failure: The memory content does not match the image
+ *  file. */
+#define VERR_SUP_VP_MEMORY_VS_FILE_MISMATCH          (-5600)
+/** Process Verficiation Failure: The memory protection of a image file section
+ *  does not match what the section header prescribes. */
+#define VERR_SUP_VP_SECTION_PROTECTION_MISMATCH      (-5601)
+/** Process Verficiation Failure: One of the section in the image file is not
+ *  mapped into memory. */
+#define VERR_SUP_VP_SECTION_NOT_MAPPED               (-5602)
+/** Process Verficiation Failure: One of the section in the image file is not
+ *  fully mapped into memory. */
+#define VERR_SUP_VP_SECTION_NOT_FULLY_MAPPED         (-5603)
+/** Process Verficiation Failure: Bad file alignment value in image header. */
+#define VERR_SUP_VP_BAD_FILE_ALIGNMENT_VALUE         (-5604)
+/** Process Verficiation Failure: Bad image base in header. */
+#define VERR_SUP_VP_BAD_IMAGE_BASE                   (-5605)
+/** Process Verficiation Failure: Bad image signature. */
+#define VERR_SUP_VP_BAD_IMAGE_SIGNATURE              (-5606)
+/** Process Verficiation Failure: Bad image size. */
+#define VERR_SUP_VP_BAD_IMAGE_SIZE                   (-5607)
+/** Process Verficiation Failure: Bad new-header offset in the MZ header. */
+#define VERR_SUP_VP_BAD_MZ_OFFSET                    (-5608)
+/** Process Verficiation Failure: Bad optional header field. */
+#define VERR_SUP_VP_BAD_OPTIONAL_HEADER              (-5609)
+/** Process Verficiation Failure: Bad section alignment value in image
+ *  header. */
+#define VERR_SUP_VP_BAD_SECTION_ALIGNMENT_VALUE      (-5610)
+/** Process Verficiation Failure: Bad section raw data size. */
+#define VERR_SUP_VP_BAD_SECTION_FILE_SIZE            (-5611)
+/** Process Verficiation Failure: Bad virtual section address. */
+#define VERR_SUP_VP_BAD_SECTION_RVA                  (-5612)
+/** Process Verficiation Failure: Bad virtual section size. */
+#define VERR_SUP_VP_BAD_SECTION_VIRTUAL_SIZE         (-5613)
+/** Process Verficiation Failure: Bad size of image header. */
+#define VERR_SUP_VP_BAD_SIZE_OF_HEADERS              (-5614)
+/** Process Verficiation Failure: The process is being debugged. */
+#define VERR_SUP_VP_DEBUGGED                         (-5615)
+/** Process Verficiation Failure: A DLL was found more than once. */
+#define VERR_SUP_VP_DUPLICATE_DLL_MAPPING            (-5616)
+/** Process Verficiation Failure: Image section region is too large. */
+#define VERR_SUP_VP_EMPTY_REGION_TOO_LARGE           (-5617)
+/** Process Verficiation Failure: Exectuable file name and process image name
+ *  does not match up. */
+#define VERR_SUP_VP_EXE_VS_PROC_NAME_MISMATCH        (-5618)
+/** Process Verficiation Failure: Found executable memory allocated in the
+ *  process.  There is only supposed be executable memory associated with
+ *  image file mappings (DLLs & EXE). */
+#define VERR_SUP_VP_FOUND_EXEC_MEMORY                (-5619)
+/** Process Verficiation Failure: There is more than one known executable mapped
+ *  into the process. */
+#define VERR_SUP_VP_FOUND_MORE_THAN_ONE_EXE_MAPPING  (-5620)
+/** Process Verficiation Failure: Error closing image file handle. */
+#define VERR_SUP_VP_IMAGE_FILE_CLOSE_ERROR           (-5621)
+/** Process Verficiation Failure: Error opening image file. */
+#define VERR_SUP_VP_IMAGE_FILE_OPEN_ERROR            (-5622)
+/** Process Verficiation Failure: Error reading image file header. */
+#define VERR_SUP_VP_IMAGE_HDR_READ_ERROR             (-5623)
+/** Process Verficiation Failure: Image mapping is bogus as the first region
+ *  has different AllocationBase and BaseAddress values, indicating that a
+ *  section was unmapped or otherwise tampered with. */
+#define VERR_SUP_VP_IMAGE_MAPPING_BASE_ERROR         (-5624)
+/** Process Verficiation Failure: Error reading process memory for comparing
+ *  with disk data. */
+#define VERR_SUP_VP_MEMORY_READ_ERROR                (-5625)
+/** Process Verficiation Failure: Found no executable mapped into the process
+ *  address space. */
+#define VERR_SUP_VP_NO_FOUND_NO_EXE_MAPPING          (-5626)
+/** Process Verficiation Failure: An image mapping failed to report a name. */
+#define VERR_SUP_VP_NO_IMAGE_MAPPING_NAME            (-5627)
+/** Process Verficiation Failure: No KERNE32.DLL mapping found.  This is
+ *  impossible. */
+#define VERR_SUP_VP_NO_KERNEL32_MAPPING              (-5628)
+/** Process Verficiation Failure: Error allocating memory. */
+#define VERR_SUP_VP_NO_MEMORY                        (-5629)
+/** Process Verficiation Failure: Erorr allocating state memory or querying
+ *  the system32 path. */
+#define VERR_SUP_VP_NO_MEMORY_STATE                  (-5630)
+/** Process Verficiation Failure: No NTDLL.DLL mapping found.  This is
+ *  impossible. */
+#define VERR_SUP_VP_NO_NTDLL_MAPPING                 (-5631)
+/** Process Verficiation Failure: A DLL residing outside System32 was found
+ *  in the process. */
+#define VERR_SUP_VP_NON_SYSTEM32_DLL                 (-5632)
+/** Process Verficiation Failure: An unknown and unwanted DLL was found loaded
+ *  into the process. */
+#define VERR_SUP_VP_NOT_KNOWN_DLL_OR_EXE             (-5633)
+/** Process Verficiation Failure: The name of an image file changes between
+ *  mapping regions. */
+#define VERR_SUP_VP_NT_MAPPING_NAME_CHANGED          (-5634)
+/** Process Verficiation Failure: Error querying process name. */
+#define VERR_SUP_VP_NT_QI_PROCESS_NM_ERROR           (-5635)
+/** Process Verficiation Failure: Error querying thread information. */
+#define VERR_SUP_VP_NT_QI_THREAD_ERROR               (-5636)
+/** Process Verficiation Failure: Error query virtual memory information. */
+#define VERR_SUP_VP_NT_QI_VIRTUAL_MEMORY_ERROR       (-5637)
+/** Process Verficiation Failure: Error query virtual memory mapping name. */
+#define VERR_SUP_VP_NT_QI_VIRTUAL_MEMORY_NM_ERROR    (-5638)
+/** Process Verficiation Failure: Error determining the full path of
+ *  System32. */
+#define VERR_SUP_VP_SYSTEM32_PATH                    (-5639)
+/** Process Verficiation Failure: The process has more than one thread. */
+#define VERR_SUP_VP_THREAD_NOT_ALONE                 (-5640)
+/** Process Verficiation Failure: The image mapping is too large (>= 2GB). */
+#define VERR_SUP_VP_TOO_HIGH_REGION_RVA              (-5641)
+/** Process Verficiation Failure: The memory region is too large (>= 2GB). */
+#define VERR_SUP_VP_TOO_LARGE_REGION                 (-5642)
+/** Process Verficiation Failure: There are too many DLLs loaded. */
+#define VERR_SUP_VP_TOO_MANY_DLLS_LOADED             (-5643)
+/** Process Verficiation Failure: An image has too many regions. */
+#define VERR_SUP_VP_TOO_MANY_IMAGE_REGIONS           (-5644)
+/** Process Verficiation Failure: The process has too many virtual memory
+ *  regions. */
+#define VERR_SUP_VP_TOO_MANY_MEMORY_REGIONS          (-5645)
+/** Process Verficiation Failure: An image has too many sections. */
+#define VERR_SUP_VP_TOO_MANY_SECTIONS                (-5646)
+/** Process Verficiation Failure: An image is targetting an unexpected
+ *  machine/CPU. */
+#define VERR_SUP_VP_UNEXPECTED_IMAGE_MACHINE         (-5647)
+/** Process Verficiation Failure: Unexpected section protection flag
+ *  combination. */
+#define VERR_SUP_VP_UNEXPECTED_SECTION_FLAGS         (-5648)
+/** Process Verficiation Failure: Expected the process and exe to have forced
+ * integrity checking enabled (verifying signatures). */
+#define VERR_SUP_VP_EXE_MISSING_FORCE_INTEGRITY     (-5649)
+/** Process Verficiation Failure: Expected the process and exe to have dynamic
+ * base enabled. */
+#define VERR_SUP_VP_EXE_MISSING_DYNAMIC_BASE        (-5650)
+/** Process Verficiation Failure: Expected the process and exe to advertise
+ * NX compatibility. */
+#define VERR_SUP_VP_EXE_MISSING_NX_COMPAT           (-5651)
+/** Process Verficiation Failure: The DllCharacteristics of the process
+ * does not match the value in the optional header in the exe file. */
+#define VERR_SUP_VP_DLL_CHARECTERISTICS_MISMATCH    (-5652)
+/** Process Verficiation Failure: The ImageCharacteristics of the process
+ * does not match the value in the file header in the exe file. */
+#define VERR_SUP_VP_IMAGE_CHARECTERISTICS_MISMATCH  (-5653)
+/** Process Verficiation Failure: Error querying image information. */
+#define VERR_SUP_VP_NT_QI_PROCESS_IMG_INFO_ERROR    (-5654)
+/** Process Verficiation Failure: Error querying debug port. */
+#define VERR_SUP_VP_NT_QI_PROCESS_DBG_PORT_ERROR    (-5655)
+/** WinVerifyTrust failed with an unexpected status code when using the
+ * catalog-file approach. */
+#define VERR_SUP_VP_WINTRUST_CAT_FAILURE            (-5656)
+/** The image is required to be signed with the same certificate as the rest
+ * of VirtualBox. */
+#define VERR_SUP_VP_NOT_SIGNED_WITH_BUILD_CERT      (-5657)
+/** Internal processing error: Not build certificate. */
+#define VERR_SUP_VP_NOT_BUILD_CERT_IPE              (-5658)
+/** The image requires to be signed using the kernel-code signing process. */
+#define VERR_SUP_VP_NOT_VALID_KERNEL_CODE_SIGNATURE (-5659)
+/** Unexpected number of valid paths. */
+#define VERR_SUP_VP_UNEXPECTED_VALID_PATH_COUNT     (-5660)
+/** The image is required to force integrity checks. */
+#define VERR_SUP_VP_SIGNATURE_CHECKS_NOT_ENFORCED   (-5661)
+/** @} */
 /** @name VBox Extension Pack Status Codes
  * @{

trunk/include/VBox/sup.h

-              r49965
+              r51770
     /** IPRT init related. */
     kSupInitOp_IPRT,
+    /** Miscellaneous. */
+    kSupInitOp_Misc,
     /** Place holder. */
     kSupInitOp_End
 …
+/** @name Trust Anchors and Certificates
+ * @{ */
+/**
+ * Trust anchor table entry (in generated Certificates.cpp).
+ */
+typedef struct SUPTAENTRY
+{
+    /** Pointer to the raw bytes. */
+    const unsigned char    *pch;
+    /** Number of bytes. */
+    unsigned                cb;
+} SUPTAENTRY;
+/** Pointer to a trust anchor table entry. */
+typedef SUPTAENTRY const *PCSUPTAENTRY;
+/** Macro for simplifying generating the trust anchor tables. */
+#define SUPTAENTRY_GEN(a_abTA)      { &a_abTA[0], sizeof(a_abTA) }
+/** All certificates we know. */
+extern SUPTAENTRY const             g_aSUPAllTAs[];
+/** Number of entries in g_aSUPAllTAs. */
+extern unsigned const               g_cSUPAllTAs;
+/** Software publisher certificate roots (Authenticode). */
+extern SUPTAENTRY const             g_aSUPSpcRootTAs[];
+/** Number of entries in g_aSUPSpcRootTAs. */
+extern unsigned const               g_cSUPSpcRootTAs;
+/** Kernel root certificates used by Windows. */
+extern SUPTAENTRY const             g_aSUPNtKernelRootTAs[];
+/** Number of entries in g_aSUPNtKernelRootTAs. */
+extern unsigned const               g_cSUPNtKernelRootTAs;
+/** Timestamp root certificates trusted by Windows. */
+extern SUPTAENTRY const             g_aSUPTimestampTAs[];
+/** Number of entries in g_aSUPTimestampTAs. */
+extern unsigned const               g_cSUPTimestampTAs;
+/** TAs we trust (the build certificate, Oracle VirtualBox). */
+extern SUPTAENTRY const             g_aSUPTrustedTAs[];
+/** Number of entries in g_aSUPTrustedTAs. */
+extern unsigned const               g_cSUPTrustedTAs;
+/** Supplemental certificates, like cross signing certificates. */
+extern SUPTAENTRY const             g_aSUPSupplementalTAs[];
+/** Number of entries in g_aSUPTrustedTAs. */
+extern unsigned const               g_cSUPSupplementalTAs;
+/** The build certificate. */
+extern const unsigned char          g_abSUPBuildCert[];
+/** The size of the build certificate. */
+extern const unsigned               g_cbSUPBuildCert;
 /** @} */
+/** @} */
 RT_C_DECLS_END

trunk/include/iprt/asm-math.h

-              r29257
+              r51770
 #include <iprt/types.h>
+#if defined(_MSC_VER) && RT_INLINE_ASM_USES_INTRIN
+# include <intrin.h>
+  /* Emit the intrinsics at all optimization levels. */
+# pragma intrinsic(__emul)
+# pragma intrinsic(__emulu)
+# ifdef RT_ARCH_AMD64
+#  pragma intrinsic(_mul128)
+#  pragma intrinsic(_umul128)
+# endif
+#endif
 /** @defgroup grp_rt_asm_math   Interger Math Optimizations
 …
  * @returns u32F1 * u32F2.
  */
+#if RT_INLINE_ASM_EXTERNAL && defined(RT_ARCH_X86)
+#if RT_INLINE_ASM_EXTERNAL && !RT_INLINE_ASM_USES_INTRIN && defined(RT_ARCH_X86)
 DECLASM(uint64_t) ASMMult2xU32RetU64(uint32_t u32F1, uint32_t u32F2);
 #else
 …
                          : "=A" (u64)
                          : "a" (u32F2), "d" (u32F1));
+#  elif RT_INLINE_ASM_USES_INTRIN
+    u64 = __emulu(u32F1, u32F2);
 #  else
     __asm
 …
  * @returns u32F1 * u32F2.
  */
 #if RT_INLINE_ASM_EXTERNAL && defined(RT_ARCH_X86)
+#if RT_INLINE_ASM_EXTERNAL && !RT_INLINE_ASM_USES_INTRIN && defined(RT_ARCH_X86)
 DECLASM(int64_t) ASMMult2xS32RetS64(int32_t i32F1, int32_t i32F2);
 #else
 …
                          : "=A" (i64)
                          : "a" (i32F2), "d" (i32F1));
+#  elif RT_INLINE_ASM_USES_INTRIN
+    i64 = __emul(i32F1, i32F2);
 #  else
     __asm
 …
+}
 #endif
+#if ARCH_BITS == 64
+DECLINLINE(uint64_t) ASMMult2xU64Ret2xU64(uint64_t u64F1, uint64_t u64F2, uint64_t *pu64ProdHi)
+{
+# if defined(RT_ARCH_AMD64) && (RT_INLINE_ASM_GNU_STYLE || RT_INLINE_ASM_USES_INTRIN)
+#  if RT_INLINE_ASM_GNU_STYLE
+    uint64_t u64Low, u64High;
+    __asm__ __volatile__("mull %%rdx"
+                         : "=a" (u64Low), "=d" (u64High)
+                         : "0" (u64F1), "1" (u64F2));
+    *pu64ProdHi = u64High;
+    return u64Low;
+#  elif RT_INLINE_ASM_USES_INTRIN
+    return _umul128(u64F1, u64F2, pu64ProdHi);
+#  else
+#   error "hmm"
+#  endif
+# else  /* generic: */
+    /*
+     *   F1 * F2 = Prod
+     *   --   --
+     *   ab * cd =  b*d + a*d*10  +  b*c*10 + a*c*100
+     *
+     * Where a, b, c and d are 'digits', and 10 is max digit + 1.
+     *
+     * Our digits are 32-bit wide, so instead of 10 we multiply by 4G.
+     *  Prod = F1.s.Lo*F2.s.Lo    + F1.s.Hi*F2.s.Lo*4G
+     *       + F1.s.Lo*F2.s.Hi*4G + F1.s.Hi*F2.s.Hi*4G*4G
+     */
+    RTUINT128U Prod;
+    RTUINT64U  Tmp1;
+    uint64_t   u64Tmp;
+    RTUINT64U  F1, F2;
+    F1.u = u64F1;
+    F2.u = u64F2;
+    Prod.s.Lo = ASMMult2xU32RetU64(F1.s.Lo, F2.s.Lo);
+    Tmp1.u = ASMMult2xU32RetU64(F1.s.Hi, F2.s.Lo);
+    u64Tmp = (uint64_t)Prod.DWords.dw1 + Tmp1.s.Lo;
+    Prod.DWords.dw1 = (uint32_t)u64Tmp;
+    Prod.s.Hi = Tmp1.s.Hi;
+    Prod.s.Hi += u64Tmp >> 32; /* carry */
+    Tmp1.u = ASMMult2xU32RetU64(F1.s.Lo, F2.s.Hi);
+    u64Tmp = (uint64_t)Prod.DWords.dw1 + Tmp1.s.Lo;
+    Prod.DWords.dw1 = (uint32_t)u64Tmp;
+    u64Tmp >>= 32;      /* carry */
+    u64Tmp += Prod.DWords.dw2;
+    u64Tmp += Tmp1.s.Hi;
+    Prod.DWords.dw2 = (uint32_t)u64Tmp;
+    Prod.DWords.dw3 += u64Tmp >> 32; /* carry */
+    Prod.s.Hi += ASMMult2xU32RetU64(F1.s.Hi, F2.s.Hi);
+    *pu64ProdHi  = Prod.s.Hi;
+    return Prod.s.Lo;
+# endif
+}
+#endif

trunk/include/iprt/base64.h

-              r44529
+              r51770
  * @returns The length in bytes. -1 if the encoding is bad.
+ *
  * @param   pszString           The Base64 encoded string.
  * @param   ppszEnd             If not NULL, this will point to the first char
  *                              following the Base64 encoded text block. If
  *                              NULL the entire string is assumed to be Base64.
+ * @param   pszString       The Base64 encoded string.
+ * @param   ppszEnd         If not NULL, this will point to the first char
+ *                          following the Base64 encoded text block. If
+ *                          NULL the entire string is assumed to be Base64.
  */
 RTDECL(ssize_t) RTBase64DecodedSize(const char *pszString, char **ppszEnd);
+/**
+ * Calculates the decoded data size for a Base64 encoded string.
+ *
+ * @returns The length in bytes. -1 if the encoding is bad.
+ *
+ * @param   pszString       The Base64 encoded string.
+ * @param   cchStringMax    The max length to decode, use RTSTR_MAX if the
+ *                          length of @a pszString is not known and it is
+ *                          really zero terminated.
+ * @param   ppszEnd         If not NULL, this will point to the first char
+ *                          following the Base64 encoded text block. If
+ *                          NULL the entire string is assumed to be Base64.
+ */
+RTDECL(ssize_t) RTBase64DecodedSizeEx(const char *pszString, size_t cchStringMax, char **ppszEnd);
 /**
 …
  */
 RTDECL(int) RTBase64Decode(const char *pszString, void *pvData, size_t cbData, size_t *pcbActual, char **ppszEnd);
+/**
+ * Decodes a Base64 encoded string into the buffer supplied by the caller.
+ *
+ * @returns IPRT status code.
+ * @retval  VERR_BUFFER_OVERFLOW if the buffer is too small. pcbActual will not
+ *          be set, nor will ppszEnd.
+ * @retval  VERR_INVALID_BASE64_ENCODING if the encoding is wrong.
+ *
+ * @param   pszString       The Base64 string. Whether the entire string or
+ *                          just the start of the string is in Base64 depends
+ *                          on whether ppszEnd is specified or not.
+ * @param   cchStringMax    The max length to decode, use RTSTR_MAX if the
+ *                          length of @a pszString is not known and it is
+ *                          really zero terminated.
+ * @param   pvData          Where to store the decoded data.
+ * @param   cbData          The size of the output buffer that pvData points to.
+ * @param   pcbActual       Where to store the actual number of bytes returned.
+ *                          Optional.
+ * @param   ppszEnd         Indicates that the string may contain other stuff
+ *                          after the Base64 encoded data when not NULL. Will
+ *                          be set to point to the first char that's not part of
+ *                          the encoding. If NULL the entire string must be part
+ *                          of the Base64 encoded data.
+ */
+RTDECL(int) RTBase64DecodeEx(const char *pszString, size_t cchStringMax, void *pvData, size_t cbData,
+                             size_t *pcbActual, char **ppszEnd);
 /**

trunk/include/iprt/cdefs.h

-              r49766
+              r51770
  * Runtime Library export or import declaration.
  * Data declared using this macro exists in all contexts.
+ * @param   type    The return type of the function declaration.
+ * @param   type    The data type.
+ */
+/** @def RT_DECL_DATA_CONST(type)
+ * Definition of a const variable. See DECL_HIDDEN_CONST.
+ * @param   type    The const data type.
  */
 #if defined(IN_RT_R3) || defined(IN_RT_RC) || defined(IN_RT_R0)
 # ifdef IN_RT_STATIC
+#  define RTDATADECL(type)  DECLHIDDEN(type)
+#  define RTDATADECL(type)          DECLHIDDEN(type)
+#  define RT_DECL_DATA_CONST(type)  DECL_HIDDEN_CONST(type)
 # else
+#  define RTDATADECL(type)  DECLEXPORT(type)
+# endif
+#else
+# define RTDATADECL(type)   DECLIMPORT(type)
+#  define RTDATADECL(type)          DECLEXPORT(type)
+#  if defined(__cplusplus) && defined(__GNUC__)
+#   define RT_DECL_DATA_CONST(type) type
+#  else
+#   define RT_DECL_DATA_CONST(type) DECLEXPORT(type)
+#  endif
+# endif
+#else
+# define RTDATADECL(type)           DECLIMPORT(type)
+# define RT_DECL_DATA_CONST(type)   DECLIMPORT(type)
 #endif

trunk/include/iprt/err.h

-              r51766
+              r51770
  * Initialize a static error info structure.
+ *
+ * @returns Pointer to the core error info structure.
  * @param   pStaticErrInfo      The static error info structure to init.
  */
 DECLINLINE(void) RTErrInfoInitStatic(PRTERRINFOSTATIC pStaticErrInfo)
+DECLINLINE(PRTERRINFO) RTErrInfoInitStatic(PRTERRINFOSTATIC pStaticErrInfo)
+{
     RTErrInfoInit(&pStaticErrInfo->Core, pStaticErrInfo->szMsg, sizeof(pStaticErrInfo->szMsg));
     pStaticErrInfo->Core.fFlags = RTERRINFO_FLAGS_T_STATIC | RTERRINFO_FLAGS_MAGIC;
+    return &pStaticErrInfo->Core;
+}
 …
  */
 RTDECL(int)         RTErrInfoSetV(PRTERRINFO pErrInfo, int rc, const char *pszFormat, va_list va);
+/**
+ * Adds more error info details.
+ *
+ * @returns @a rc.
+ *
+ * @param   pErrInfo            The error info structure to fill in.
+ * @param   rc                  The status code to return.
+ * @param   pszMsg              The error message string to add.
+ */
+RTDECL(int)         RTErrInfoAdd(PRTERRINFO pErrInfo, int rc, const char *pszMsg);
+/**
+ * Adds more error info details, with a sprintf style message.
+ *
+ * @returns @a rc.
+ *
+ * @param   pErrInfo            The error info structure to fill in.
+ * @param   rc                  The status code to return.
+ * @param   pszFormat           The format string to add.
+ * @param   ...                 The format arguments.
+ */
+RTDECL(int)         RTErrInfoAddF(PRTERRINFO pErrInfo, int rc, const char *pszFormat, ...);
+/**
+ * Adds more error info details, with a vsprintf style message.
+ *
+ * @returns @a rc.
+ *
+ * @param   pErrInfo            The error info structure to fill in.
+ * @param   rc                  The status code to return.
+ * @param   pszFormat           The format string to add.
+ * @param   va                  The format arguments.
+ */
+RTDECL(int)         RTErrInfoAddV(PRTERRINFO pErrInfo, int rc, const char *pszFormat, va_list va);
 /**
 …
 /** @} */
+/** @name RTAsn1 status codes
+ * @{ */
+/** Temporary place holder.  */
+#define VERR_ASN1_ERROR                             (-22800)
+/** Encountered an ASN.1 string type that is not supported. */
+#define VERR_ASN1_STRING_TYPE_NOT_IMPLEMENTED       (-22801)
+/** Invalid ASN.1 UTF-8 STRING encoding. */
+#define VERR_ASN1_INVALID_UTF8_STRING_ENCODING      (-22802)
+/** Invalid ASN.1 NUMERIC STRING encoding. */
+#define VERR_ASN1_INVALID_NUMERIC_STRING_ENCODING   (-22803)
+/** Invalid ASN.1 PRINTABLE STRING encoding. */
+#define VERR_ASN1_INVALID_PRINTABLE_STRING_ENCODING (-22804)
+/** Invalid ASN.1 T61/TELETEX STRING encoding. */
+#define VERR_ASN1_INVALID_T61_STRING_ENCODING       (-22805)
+/** Invalid ASN.1 VIDEOTEX STRING encoding. */
+#define VERR_ASN1_INVALID_VIDEOTEX_STRING_ENCODING  (-22806)
+/** Invalid ASN.1 IA5 STRING encoding. */
+#define VERR_ASN1_INVALID_IA5_STRING_ENCODING       (-22807)
+/** Invalid ASN.1 GRAPHIC STRING encoding. */
+#define VERR_ASN1_INVALID_GRAPHIC_STRING_ENCODING   (-22808)
+/** Invalid ASN.1 ISO-646/VISIBLE STRING encoding. */
+#define VERR_ASN1_INVALID_VISIBLE_STRING_ENCODING   (-22809)
+/** Invalid ASN.1 GENERAL STRING encoding. */
+#define VERR_ASN1_INVALID_GENERAL_STRING_ENCODING   (-22810)
+/** Invalid ASN.1 UNIVERSAL STRING encoding. */
+#define VERR_ASN1_INVALID_UNIVERSAL_STRING_ENCODING (-22811)
+/** Invalid ASN.1 BMP STRING encoding. */
+#define VERR_ASN1_INVALID_BMP_STRING_ENCODING       (-22812)
+/** Invalid ASN.1 OBJECT IDENTIFIER encoding. */
+#define VERR_ASN1_INVALID_OBJID_ENCODING            (-22813)
+/** A component value of an ASN.1 OBJECT IDENTIFIER is too big for our
+ * internal representation (32-bits). */
+#define VERR_ASN1_OBJID_COMPONENT_TOO_BIG           (-22814)
+/** Too many components in an ASN.1 OBJECT IDENTIFIER for our internal
+ * representation. */
+#define VERR_ASN1_OBJID_TOO_MANY_COMPONENTS         (-22815)
+/** The dotted-string representation of an ASN.1 OBJECT IDENTIFIER would be too
+ * long for our internal representation. */
+#define VERR_ASN1_OBJID_TOO_LONG_STRING_FORM        (-22816)
+/** Invalid dotted string. */
+#define VERR_ASN1_OBJID_INVALID_DOTTED_STRING       (-22817)
+/** Constructed string type not implemented. */
+#define VERR_ASN1_CONSTRUCTED_STRING_NOT_IMPL       (-22818)
+/** Expected a different string tag. */
+#define VERR_ASN1_STRING_TAG_MISMATCH               (-22819)
+/** Expected a different time tag. */
+#define VERR_ASN1_TIME_TAG_MISMATCH                 (-22820)
+/** More unconsumed data available. */
+#define VINF_ASN1_MORE_DATA                         (22821)
+/** RTAsnEncodeWriteHeader return code indicating that nothing was written
+ *  and the content should be skipped as well. */
+#define VINF_ASN1_NOT_ENCODED                       (22822)
+/** Unknown escape sequence encountered in TeletexString. */
+#define VERR_ASN1_TELETEX_UNKNOWN_ESC_SEQ           (-22823)
+/** Unsupported escape sequence encountered in TeletexString. */
+#define VERR_ASN1_TELETEX_UNSUPPORTED_ESC_SEQ       (-22824)
+/** Unsupported character set. */
+#define VERR_ASN1_TELETEX_UNSUPPORTED_CHARSET       (-22825)
+/** ASN.1 object has no virtual method table. */
+#define VERR_ASN1_NO_VTABLE                         (-22826)
+/** ASN.1 object has no pfnCheckSanity method.  */
+#define VERR_ASN1_NO_CHECK_SANITY_METHOD            (-22827)
+/** ASN.1 object is not present */
+#define VERR_ASN1_NOT_PRESENT                       (-22828)
+/** There are unconsumed bytes after decoding an ASN.1 object. */
+#define VERR_ASN1_CURSOR_NOT_AT_END                 (-22829)
+/** Long ASN.1 tag form is not implemented. */
+#define VERR_ASN1_CURSOR_LONG_TAG                   (-22830)
+/** Bad ASN.1 object length encoding. */
+#define VERR_ASN1_CURSOR_BAD_LENGTH_ENCODING        (-22831)
+/** Indefinite length form is against the rules. */
+#define VERR_ASN1_CURSOR_ILLEGAL_IDEFINITE_LENGTH   (-22832)
+/** Indefinite length form is not implemented. */
+#define VERR_ASN1_CURSOR_IDEFINITE_LENGTH_NOT_SUP   (-22833)
+/** ASN.1 object length goes beyond the end of the byte stream being decoded. */
+#define VERR_ASN1_CURSOR_BAD_LENGTH                 (-22834)
+/** Not more data in ASN.1 byte stream. */
+#define VERR_ASN1_CURSOR_NO_MORE_DATA               (-22835)
+/** Too little data in ASN.1 byte stream. */
+#define VERR_ASN1_CURSOR_TOO_LITTLE_DATA_LEFT       (-22836)
+/** Constructed string is not according to the encoding rules. */
+#define VERR_ASN1_CURSOR_ILLEGAL_CONSTRUCTED_STRING (-22837)
+/** Unexpected ASN.1 tag encountered while decoding. */
+#define VERR_ASN1_CURSOR_TAG_MISMATCH               (-22838)
+/** Unexpected ASN.1 tag class/flag encountered while decoding. */
+#define VERR_ASN1_CURSOR_TAG_FLAG_CLASS_MISMATCH    (-22839)
+/** ASN.1 bit string object is out of bounds. */
+#define VERR_ASN1_BITSTRING_OUT_OF_BOUNDS           (-22840)
+/** Bad ASN.1 time object. */
+#define VERR_ASN1_TIME_BAD_NORMALIZE_INPUT          (-22841)
+/** Failed to normalize ASN.1 time object. */
+#define VERR_ASN1_TIME_NORMALIZE_ERROR              (-22842)
+/** Normalization of ASN.1 time object didn't work out. */
+#define VERR_ASN1_TIME_NORMALIZE_MISMATCH           (-22843)
+/** Invalid ASN.1 UTC TIME encoding. */
+#define VERR_ASN1_INVALID_UTC_TIME_ENCODING         (-22844)
+/** Invalid ASN.1 GENERALIZED TIME encoding. */
+#define VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING (-22845)
+/** Invalid ASN.1 BOOLEAN encoding. */
+#define VERR_ASN1_INVALID_BOOLEAN_ENCODING          (-22846)
+/** Invalid ASN.1 NULL encoding. */
+#define VERR_ASN1_INVALID_NULL_ENCODING             (-22847)
+/** Invalid ASN.1 BIT STRING encoding. */
+#define VERR_ASN1_INVALID_BITSTRING_ENCODING        (-22848)
+/** Unimplemented ASN.1 tag reached the RTAsn1DynType code. */
+#define VERR_ASN1_DYNTYPE_TAG_NOT_IMPL              (-22849)
+/** ASN.1 tag and flags/class mismatch in RTAsn1DynType code. */
+#define VERR_ASN1_DYNTYPE_BAD_TAG                   (-22850)
+/** Unexpected ASN.1 fake/dummy object. */
+#define VERR_ASN1_DUMMY_OBJECT                      (-22851)
+/** ASN.1 object is too long. */
+#define VERR_ASN1_TOO_LONG                          (-22852)
+/** Expected primitive ASN.1 object. */
+#define VERR_ASN1_EXPECTED_PRIMITIVE                (-22853)
+/** Expected valid data pointer for ASN.1 object. */
+#define VERR_ASN1_INVALID_DATA_POINTER              (-22854)
+/** ANS.1 internal error 1. */
+#define VERR_ASN1_INTERNAL_ERROR_1                  (-22895)
+/** ANS.1 internal error 2. */
+#define VERR_ASN1_INTERNAL_ERROR_2                  (-22896)
+/** ANS.1 internal error 3. */
+#define VERR_ASN1_INTERNAL_ERROR_3                  (-22897)
+/** ANS.1 internal error 4. */
+#define VERR_ASN1_INTERNAL_ERROR_4                  (-22898)
+/** ANS.1 internal error 5. */
+#define VERR_ASN1_INTERNAL_ERROR_5                  (-22899)
+/** @} */
+/** @name More RTLdr status codes.
+ * @{ */
+/** Image Verficiation Failure: No Authenticode Signature. */
+#define VERR_LDRVI_NOT_SIGNED                       (-22900)
+/** Image Verficiation Warning: No Authenticode Signature, but on whitelist. */
+#define VINF_LDRVI_NOT_SIGNED                       (22900)
+/** Image Verficiation Failure: Error reading image headers.  */
+#define VERR_LDRVI_READ_ERROR_HDR                   (-22901)
+/** Image Verficiation Failure: Error reading section headers. */
+#define VERR_LDRVI_READ_ERROR_SHDRS                 (-22902)
+/** Image Verficiation Failure: Error reading authenticode signature data. */
+#define VERR_LDRVI_READ_ERROR_SIGNATURE             (-22903)
+/** Image Verficiation Failure: Error reading file for hashing. */
+#define VERR_LDRVI_READ_ERROR_HASH                  (-22904)
+/** Image Verficiation Failure: Error determining the file length. */
+#define VERR_LDRVI_FILE_LENGTH_ERROR                (-22905)
+/** Image Verficiation Failure: Error allocating memory for state data. */
+#define VERR_LDRVI_NO_MEMORY_STATE                  (-22906)
+/** Image Verficiation Failure: Error allocating memory for authenticode
+ *  signature data. */
+#define VERR_LDRVI_NO_MEMORY_SIGNATURE              (-22907)
+/** Image Verficiation Failure: Error allocating memory for section headers. */
+#define VERR_LDRVI_NO_MEMORY_SHDRS                  (-22908)
+/** Image Verficiation Failure: Authenticode parsing output. */
+#define VERR_LDRVI_NO_MEMORY_PARSE_OUTPUT           (-22909)
+/** Image Verficiation Failure: Invalid security directory entry. */
+#define VERR_LDRVI_INVALID_SECURITY_DIR_ENTRY       (-22910)
+/** Image Verficiation Failure:  */
+#define VERR_LDRVI_BAD_CERT_HDR_LENGTH              (-22911)
+/** Image Verficiation Failure:  */
+#define VERR_LDRVI_BAD_CERT_HDR_REVISION            (-22912)
+/** Image Verficiation Failure:  */
+#define VERR_LDRVI_BAD_CERT_HDR_TYPE                (-22913)
+/** Image Verficiation Failure: More than one certificate table entry.  */
+#define VERR_LDRVI_BAD_CERT_MULTIPLE                (-22914)
+/** Image Verficiation Failure:  */
+#define VERR_LDRVI_BAD_MZ_OFFSET                    (-22915)
+/** Image Verficiation Failure: Invalid section count. */
+#define VERR_LDRVI_INVALID_SECTION_COUNT            (-22916)
+/** Image Verficiation Failure: Raw data offsets and sizes are out of range. */
+#define VERR_LDRVI_SECTION_RAW_DATA_VALUES          (-22917)
+/** Optional header magic and target machine does not match. */
+#define VERR_LDRVI_MACHINE_OPT_HDR_MAGIC_MISMATCH   (-22918)
+/** Unsupported image target architecture. */
+#define VERR_LDRVI_UNSUPPORTED_ARCH                 (-22919)
+/** Image Verification Failure: Internal error in signature parser. */
+#define VERR_LDRVI_PARSE_IPE                        (-22921)
+/** Generic BER parse error. Will be refined later. */
+#define VERR_LDRVI_PARSE_BER_ERROR                  (-22922)
+/** Expected the signed data content to be the object ID of
+ * SpcIndirectDataContent, found something else instead. */
+#define VERR_LDRVI_EXPECTED_INDIRECT_DATA_CONTENT_OID (-22923)
+/** Page hash table size overflow. */
+#define VERR_LDRVI_PAGE_HASH_TAB_SIZE_OVERFLOW      (-22924)
+/** Page hash table is too long (covers signature data, i.e. itself). */
+#define VERR_LDRVI_PAGE_HASH_TAB_TOO_LONG           (-22925)
+/** The page hash table is not strictly ordered by offset. */
+#define VERR_LDRVI_PAGE_HASH_TAB_NOT_STRICTLY_SORTED (-22926)
+/** The page hash table hashes data outside the defined and implict sections. */
+#define VERR_PAGE_HASH_TAB_HASHES_NON_SECTION_DATA  (-22927)
+/** Page hash mismatch. */
+#define VERR_LDRVI_PAGE_HASH_MISMATCH               (-22928)
+/** Image hash mismatch. */
+#define VERR_LDRVI_IMAGE_HASH_MISMATCH              (-22929)
+/** @} */
+/** @name RTCrX509 status codes.
+ * @{ */
+/** Generic X.509 error. */
+#define VERR_CR_X509_GENERIC_ERROR                  (-23000)
+/** Internal error in the X.509 code. */
+#define VERR_CR_X509_INTERNAL_ERROR                 (-23001)
+/** Internal error in the X.509 certificate path building and verification
+ * code. */
+#define VERR_CR_X509_CERTPATHS_INTERNAL_ERROR       (-23002)
+/** Path not verified yet. */
+#define VERR_CR_X509_NOT_VERIFIED                   (-23003)
+/** The certificate path has no trust anchor. */
+#define VERR_CR_X509_NO_TRUST_ANCHOR                (-23004)
+/** Unknown X.509 certificate signature algorithm. */
+#define VERR_CR_X509_UNKNOWN_CERT_SIGN_ALGO         (-23005)
+/** Certificate signature algorithm mismatch. */
+#define VERR_CR_X509_CERT_SIGN_ALGO_MISMATCH        (-23006)
+/** The signature algorithm in the to-be-signed certifcate part does not match
+ * the one assoicated with the signature. */
+#define VERR_CR_X509_CERT_TBS_SIGN_ALGO_MISMATCH    (-23007)
+/** Certificate extensions requires certificate version 3 or later.  */
+#define VERR_CR_X509_TBSCERT_EXTS_REQ_V3            (-23008)
+/** Unique issuer and subject IDs require version certificate 2. */
+#define VERR_CR_X509_TBSCERT_UNIQUE_IDS_REQ_V2      (-23009)
+/** Certificate serial number length is out of bounds. */
+#define VERR_CR_X509_TBSCERT_SERIAL_NUMBER_OUT_OF_BOUNDS (-23010)
+/** Unsupported X.509 certificate version. */
+#define VERR_CR_X509_TBSCERT_UNSUPPORTED_VERSION    (-23011)
+/** Public key is too small. */
+#define VERR_CR_X509_PUBLIC_KEY_TOO_SMALL           (-23012)
+/** Invalid strnig tag for a X.509 name object. */
+#define VERR_CR_X509_INVALID_NAME_STRING_TAG        (-23013)
+/** Empty string in X.509 name object. */
+#define VERR_CR_X509_NAME_EMPTY_STRING              (-23014)
+/** Non-string object inside X.509 name object. */
+#define VERR_CR_X509_NAME_NOT_STRING                (-23015)
+/** Empty set inside X.509 name. */
+#define VERR_CR_X509_NAME_EMPTY_SET                 (-23016)
+/** Empty sub-string set inside X.509 name. */
+#define VERR_CR_X509_NAME_EMPTY_SUB_SET             (-23017)
+/** The NotBefore and NotAfter values of an X.509 Validity object seems to
+ * have been swapped around. */
+#define VERR_CR_X509_VALIDITY_SWAPPED               (-23018)
+/** Duplicate certificate extension. */
+#define VERR_CR_X509_TBSCERT_DUPLICATE_EXTENSION    (-23019)
+/** Missing relative distinguished name map entry. */
+#define VERR_CR_X509_NAME_MISSING_RDN_MAP_ENTRY     (-23020)
+/** Certificate path validator: No trusted certificate paths. */
+#define VERR_CR_X509_CPV_NO_TRUSTED_PATHS           (-23021)
+/** Certificate path validator: No valid certificate policy. */
+#define VERR_CR_X509_CPV_NO_VALID_POLICY            (-23022)
+/** Certificate path validator: Unknown critical certificate extension. */
+#define VERR_CR_X509_CPV_UNKNOWN_CRITICAL_EXTENSION (-23023)
+/** Certificate path validator: Intermediate certificate is missing the
+ *  KeyCertSign usage flag. */
+#define VERR_CR_X509_CPV_MISSING_KEY_CERT_SIGN      (-23024)
+/** Certificate path validator: Hit the max certificate path length before
+ *  reaching trust anchor. */
+#define VERR_CR_X509_CPV_MAX_PATH_LENGTH            (-23025)
+/** Certificate path validator: Intermediate certificate is not marked as a
+ *  certificate authority (CA). */
+#define VERR_CR_X509_CPV_NOT_CA_CERT                (-23026)
+/** Certificate path validator: Intermeidate certificate is not a version 3
+ *  certificate. */
+#define VERR_CR_X509_CPV_NOT_V3_CERT                (-23027)
+/** Certificate path validator: Invalid policy mapping (to/from anyPolicy). */
+#define VERR_CR_X509_CPV_INVALID_POLICY_MAPPING     (-23028)
+/** Certificate path validator: Name constraints permits no names. */
+#define VERR_CR_X509_CPV_NO_PERMITTED_NAMES         (-23029)
+/** Certificate path validator: Name constraints does not permits the
+ *  certificate name. */
+#define VERR_CR_X509_CPV_NAME_NOT_PERMITTED         (-23030)
+/** Certificate path validator: Name constraints does not permits the
+ *  alternative certificate name. */
+#define VERR_CR_X509_CPV_ALT_NAME_NOT_PERMITTED     (-23031)
+/** Certificate path validator: Intermediate certificate subject does not
+ *  match child issuer property. */
+#define VERR_CR_X509_CPV_ISSUER_MISMATCH            (-23032)
+/** Certificate path validator: The certificate is not valid at the
+ *  specificed time. */
+#define VERR_CR_X509_CPV_NOT_VALID_AT_TIME          (-23033)
+/** Certificate path validator: Unexpected choice found in general subtree
+ *  object (name constraints). */
+#define VERR_CR_X509_CPV_UNEXP_GENERAL_SUBTREE_CHOICE (-23034)
+/** Certificate path validator: Unexpected minimum value found in general
+ *  subtree object (name constraints). */
+#define VERR_CR_X509_CPV_UNEXP_GENERAL_SUBTREE_MIN  (-23035)
+/** Certificate path validator: Unexpected maximum value found in
+ *  general subtree object (name constraints). */
+#define VERR_CR_X509_CPV_UNEXP_GENERAL_SUBTREE_MAX  (-23036)
+/** Certificate path builder: Encountered bad certificate context. */
+#define VERR_CR_X509_CPB_BAD_CERT_CTX               (-23037)
+/** OpenSSL d2i_X509 failed. */
+#define VERR_CR_X509_OSSL_D2I_FAILED                (-23090)
+/** @} */
+/** @name RTCrPkcs7 status codes.
+ * @{ */
+/** Generic PKCS \#7 error. */
+#define VERR_CR_PKCS7_GENERIC_ERROR                             (-23300)
+/** Signed data verfication failed because there are zero signer infos. */
+#define VERR_CR_PKCS7_NO_SIGNER_INFOS                           (-23301)
+/** Signed data certificate not found. */
+#define VERR_CR_PKCS7_SIGNED_DATA_CERT_NOT_FOUND                (-23302)
+/** Signed data verification failed due to key usage issues. */
+#define VERR_CR_PKCS7_KEY_USAGE_MISMATCH                        (-23303)
+/** Signed data verification failed because of missing (or duplicate)
+ * authenticated content-type attribute. */
+#define VERR_CR_PKCS7_MISSING_CONTENT_TYPE_ATTRIB               (-23304)
+/** Signed data verification failed because of the authenticated content-type
+ *  attribute did not match. */
+#define VERR_CR_PKCS7_CONTENT_TYPE_ATTRIB_MISMATCH              (-23305)
+/** Signed data verification failed because of a malformed authenticated
+ *  content-type attribute. */
+#define VERR_CR_PKCS7_BAD_CONTENT_TYPE_ATTRIB                   (-23306)
+/** Signed data verification failed because of missing (or duplicate)
+ * authenticated message-digest attribute. */
+#define VERR_CR_PKCS7_MISSING_MESSAGE_DIGEST_ATTRIB             (-23307)
+/** Signed data verification failed because the authenticated message-digest
+ *  attribute did not match. */
+#define VERR_CR_PKCS7_MESSAGE_DIGEST_ATTRIB_MISMATCH            (-23308)
+/** Signed data verification failed because of a malformed authenticated
+ *  message-digest attribute. */
+#define VERR_CR_PKCS7_BAD_MESSAGE_DIGEST_ATTRIB                 (-23309)
+/** Signature verification failed. */
+#define VERR_CR_PKCS7_SIGNATURE_VERIFICATION_FAILED             (-23310)
+/** Internal PKCS \#7 error. */
+#define VERR_CR_PKCS7_INTERNAL_ERROR                            (-22311)
+/** OpenSSL d2i_PKCS7 failed. */
+#define VERR_CR_PKCS7_OSSL_D2I_FAILED                           (-22312)
+/** OpenSSL PKCS \#7 verification failed. */
+#define VERR_CR_PKCS7_OSSL_VERIFY_FAILED                        (-22313)
+/** Digest algorithm parameters are not supported by the PKCS \#7 code. */
+#define VERR_CR_PKCS7_DIGEST_PARAMS_NOT_IMPL                    (-22314)
+/** The digest algorithm of a signer info entry was not found in the list of
+ *  digest algorithms in the signed data. */
+#define VERR_CR_PKCS7_DIGEST_ALGO_NOT_FOUND_IN_LIST             (-22315)
+/** The PKCS \#7 content is not signed data. */
+#define VERR_CR_PKCS7_NOT_SIGNED_DATA                           (-22316)
+/** No digest algorithms listed in PKCS \#7 signed data. */
+#define VERR_CR_PKCS7_NO_DIGEST_ALGORITHMS                      (-22317)
+/** Too many digest algorithms used by PKCS \#7 signed data.  This is an
+ * internal limitation of the code that aims at saving kernel stack space. */
+#define VERR_CR_PKCS7_TOO_MANY_DIGEST_ALGORITHMS                (-22318)
+/** Error creating digest algorithm calculator. */
+#define VERR_CR_PKCS7_DIGEST_CREATE_ERROR                       (-22319)
+/** Error while calculating a digest for a PKCS \#7 verficiation operation. */
+#define VERR_CR_PKCS7_DIGEST_CALC_ERROR                         (-22320)
+/** Unsupported PKCS \#7 signed data version. */
+#define VERR_CR_PKCS7_SIGNED_DATA_VERSION                       (-22350)
+/** PKCS \#7 signed data has no digest algorithms listed. */
+#define VERR_CR_PKCS7_SIGNED_DATA_NO_DIGEST_ALGOS               (-22351)
+/** Unknown digest algorithm used by PKCS \#7 object. */
+#define VERR_CR_PKCS7_UNKNOWN_DIGEST_ALGORITHM                  (-22352)
+/** Expected PKCS \#7 object to ship at least one certificate. */
+#define VERR_CR_PKCS7_NO_CERTIFICATES                           (-22353)
+/** Expected PKCS \#7 object to not contain any CRLs. */
+#define VERR_CR_PKCS7_EXPECTED_NO_CRLS                          (-22354)
+/** Expected PKCS \#7 object to contain exactly on signer info entry. */
+#define VERR_CR_PKCS7_EXPECTED_ONE_SIGNER_INFO                  (-22355)
+/** Unsupported PKCS \#7 signer info version. */
+#define VERR_CR_PKCS7_SIGNER_INFO_VERSION                       (-22356)
+/** PKCS \#7 singer info contains no issuer serial number. */
+#define VERR_CR_PKCS7_SIGNER_INFO_NO_ISSUER_SERIAL_NO           (-22357)
+/** Expected PKCS \#7 object to ship the signer certificate(s). */
+#define VERR_CR_PKCS7_SIGNER_CERT_NOT_SHIPPED                   (-22358)
+/** The encrypted digest algorithm does not match the one in the certificate. */
+#define VERR_CR_PKCS7_SIGNER_INFO_DIGEST_ENCRYPT_MISMATCH       (-22359)
+/** @} */
+/** @name RTCrSpc status codes.
+ * @{ */
+/** Generic SPC error. */
+#define VERR_CR_SPC_GENERIC_ERROR                               (-23400)
+/** SPC requires there to be exactly one SignerInfo entry. */
+#define VERR_CR_SPC_NOT_EXACTLY_ONE_SIGNER_INFOS                (-23401)
+/** There shall be exactly one digest algorithm to go with the single
+ *  SingerInfo entry required by SPC. */
+#define VERR_CR_SPC_NOT_EXACTLY_ONE_DIGEST_ALGO                 (-23402)
+/** The digest algorithm in the SignerInfo does not match the one in the
+ *  indirect data. */
+#define VERR_CR_SPC_SIGNED_IND_DATA_DIGEST_ALGO_MISMATCH        (-23403)
+/** The digest algorithm in the indirect data was not found in the list of
+ * digest algorithms in the signed data structure. */
+#define VERR_CR_SPC_IND_DATA_DIGEST_ALGO_NOT_IN_DIGEST_ALGOS    (-23404)
+/** The digest algorithm is not known to us. */
+#define VERR_CR_SPC_UNKNOWN_DIGEST_ALGO                         (-23405)
+/** The indirect data digest size does not match the digest algorithm. */
+#define VERR_CR_SPC_IND_DATA_DIGEST_SIZE_MISMATCH               (-23406)
+/** Exptected PE image data inside indirect data object. */
+#define VERR_CR_SPC_EXPECTED_PE_IMAGE_DATA                      (-23407)
+/** Internal SPC error: The PE image data is missing.  */
+#define VERR_CR_SPC_PEIMAGE_DATA_NOT_PRESENT                    (-23408)
+/** Bad SPC object moniker UUID field. */
+#define VERR_CR_SPC_BAD_MONIKER_UUID                            (-23409)
+/** Unknown SPC object moniker UUID. */
+#define VERR_CR_SPC_UNKNOWN_MONIKER_UUID                        (-23410)
+/** Internal SPC error: Bad object monker choice value. */
+#define VERR_CR_SPC_BAD_MONIKER_CHOICE                          (-23411)
+/** Internal SPC error: Bad object moniker data pointer. */
+#define VERR_CR_SPC_MONIKER_BAD_DATA                            (-23412)
+/** Multiple v2 PE image page hash tables. */
+#define VERR_CR_SPC_PEIMAGE_MULTIPLE_V2_HASH_TABS               (-23413)
+/** Version 1 PE image page hash tables has not been implemented/tested. */
+#define VERR_CR_SPC_PEIMAGE_V1_HASH_TABS_NOT_IMPL               (-23414)
+/** Unknown SPC PE image attribute. */
+#define VERR_CR_SPC_PEIMAGE_UNKNOWN_ATTRIBUTE                   (-23415)
+/** URL not expected in SPC PE image data. */
+#define VERR_CR_SPC_PEIMAGE_URL_UNEXPECTED                      (-23416)
+/** PE image data without any valid content was not expected. */
+#define VERR_CR_SPC_PEIMAGE_NO_CONTENT                          (-23417)
+/** @} */
+/** @name RTCrPkix status codes.
+ * @{ */
+/** Generic PKCS \#7 error. */
+#define VERR_CR_PKIX_GENERIC_ERROR                  (-23500)
+/** Parameters was presented to a signature schema that does not take any. */
+#define VERR_CR_PKIX_SIGNATURE_TAKES_NO_PARAMETERS  (-23501)
+/** Unknown hash digest type. */
+#define VERR_CR_PKIX_UNKNOWN_DIGEST_TYPE            (-23502)
+/** Internal error. */
+#define VERR_CR_PKIX_INTERNAL_ERROR                 (-23503)
+/** The hash is too long for the key used when signing/verifying. */
+#define VERR_CR_PKIX_HASH_TOO_LONG_FOR_KEY          (-23504)
+/** The signature is too long for the scratch buffer. */
+#define VERR_CR_PKIX_SIGNATURE_TOO_LONG             (-23505)
+/** The signature is greater than or equal to the key. */
+#define VERR_CR_PKIX_SIGNATURE_GE_KEY               (-23506)
+/** The signature is negative. */
+#define VERR_CR_PKIX_SIGNATURE_NEGATIVE             (-23507)
+/** Invalid signature length. */
+#define VERR_CR_PKIX_INVALID_SIGNATURE_LENGTH       (-23508)
+/** PKIX signature no does not match up to the current data. */
+#define VERR_CR_PKIX_SIGNATURE_MISMATCH             (-23509)
+/** PKIX cipher algorithm parameters are not implemented. */
+#define VERR_CR_PKIX_CIPHER_ALGO_PARAMS_NOT_IMPL    (-23510)
+/** ipher algorithm is not known to us. */
+#define VERR_CR_PKIX_CIPHER_ALGO_NOT_KNOWN          (-23511)
+/** PKIX cipher algorithm is not known to OpenSSL. */
+#define VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN     (-23512)
+/** PKIX cipher algorithm is not known to OpenSSL EVP API. */
+#define VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP (-23513)
+/** OpenSSL failed to init PKIX cipher algorithm context. */
+#define VERR_CR_PKIX_OSSL_CIPHER_ALOG_INIT_FAILED   (-23514)
+/** Final OpenSSL PKIX verification failed. */
+#define VERR_CR_PKIX_OSSL_VERIFY_FINAL_FAILED       (-23515)
+/** OpenSSL failed to decode the public key. */
+#define VERR_CR_PKIX_OSSL_D2I_PUBLIC_KEY_FAILED     (-23516)
+/** The EVP_PKEY_type API in OpenSSL failed.  */
+#define VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR       (-23517)
+/** @} */
+/** @name RTCrStore status codes.
+ * @{ */
+/** Generic store error. */
+#define VERR_CR_STORE_GENERIC_ERROR                 (-23700)
+/** @} */
+/** @name RTCrRsa status codes.
+ * @{ */
+/** Generic RSA error. */
+#define VERR_CR_RSA_GENERIC_ERROR                   (-23900)
+/** @} */
+/** @name RTBigNum status codes.
+ * @{ */
+/** Sensitive input requires the result(s) to be initialized as sensitive. */
+#define VERR_BIGNUM_SENSITIVE_INPUT                 (-24000)
+/** Attempt to divide by zero. */
+#define VERR_BIGNUM_DIV_BY_ZERO                     (-24001)
+/** Negative exponent makes no sense to integer math. */
+#define VERR_BIGNUM_NEGATIVE_EXPONENT               (-24002)
+/** @} */
+/** @name RTCrDigest status codes.
+ * @{ */
+/** OpenSSL failed to initialize the digest algorithm contextn. */
+#define VERR_CR_DIGEST_OSSL_DIGEST_INIT_ERROR       (-24201)
+/** OpenSSL failed to clone the digest algorithm contextn. */
+#define VERR_CR_DIGEST_OSSL_DIGEST_CTX_COPY_ERROR   (-24201)
+/** @} */
 /* SED-END */

trunk/include/iprt/ldr.h

-              r49044
+              r51770
 /*
  * Copyright (C) 2006-2011 Oracle Corporation
+ * Copyright (C) 2006-2014 Oracle Corporation
+ *
  * This file is part of VirtualBox Open Source Edition (OSE), as
 …
+/** Pointer to a loader reader instance. */
+typedef struct RTLDRREADER *PRTLDRREADER;
+/**
+ * Loader image reader instance.
+ *
+ * @remarks The reader will typically have a larger structure wrapping this one
+ *          for storing necessary instance variables.
+ *
+ *          The loader ASSUMES the caller serializes all access to the
+ *          individual loader module handlers, thus no serialization is required
+ *          when implementing this interface.
+ */
+typedef struct RTLDRREADER
+{
+    /** Magic value (RTLDRREADER_MAGIC). */
+    uintptr_t           uMagic;
+    /**
+     * Reads bytes at a give place in the raw image.
+     *
+     * @returns iprt status code.
+     * @param   pReader     Pointer to the reader instance.
+     * @param   pvBuf       Where to store the bits.
+     * @param   cb          Number of bytes to read.
+     * @param   off         Where to start reading relative to the start of the raw image.
+     */
+    DECLCALLBACKMEMBER(int, pfnRead)(PRTLDRREADER pReader, void *pvBuf, size_t cb, RTFOFF off);
+    /**
+     * Tells end position of last read.
+     *
+     * @returns position relative to start of the raw image.
+     * @param   pReader     Pointer to the reader instance.
+     */
+    DECLCALLBACKMEMBER(RTFOFF, pfnTell)(PRTLDRREADER pReader);
+    /**
+     * Gets the size of the raw image bits.
+     *
+     * @returns size of raw image bits in bytes.
+     * @param   pReader     Pointer to the reader instance.
+     */
+    DECLCALLBACKMEMBER(RTFOFF, pfnSize)(PRTLDRREADER pReader);
+    /**
+     * Map the bits into memory.
+     *
+     * The mapping will be freed upon calling pfnDestroy() if not pfnUnmap()
+     * is called before that. The mapping is read only.
+     *
+     * @returns iprt status code.
+     * @param   pReader     Pointer to the reader instance.
+     * @param   ppvBits     Where to store the address of the memory mapping on success.
+     *                      The size of the mapping can be obtained by calling pfnSize().
+     */
+    DECLCALLBACKMEMBER(int, pfnMap)(PRTLDRREADER pReader, const void **ppvBits);
+    /**
+     * Unmap bits.
+     *
+     * @returns iprt status code.
+     * @param   pReader     Pointer to the reader instance.
+     * @param   pvBits      Memory pointer returned by pfnMap().
+     */
+    DECLCALLBACKMEMBER(int, pfnUnmap)(PRTLDRREADER pReader, const void *pvBits);
+    /**
+     * Gets the most appropriate log name.
+     *
+     * @returns Pointer to readonly log name.
+     * @param   pReader     Pointer to the reader instance.
+     */
+    DECLCALLBACKMEMBER(const char *, pfnLogName)(PRTLDRREADER pReader);
+    /**
+     * Releases all resources associated with the reader instance.
+     * The instance is invalid after this call returns.
+     *
+     * @returns iprt status code.
+     * @param   pReader     Pointer to the reader instance.
+     */
+    DECLCALLBACKMEMBER(int, pfnDestroy)(PRTLDRREADER pReader);
+} RTLDRREADER;
+/** Magic value for RTLDRREADER (Gordon Matthew Thomas Sumner / Sting). */
+#define RTLDRREADER_MAGIC   UINT32_C(0x19511002)
 /**
  * Gets the default file suffix for DLL/SO/DYLIB/whatever.
 …
  * This will skip a few of the stricter validations when loading images. */
 #define RTLDR_O_FOR_DEBUG       RT_BIT_32(0)
+/** Open for signature validation. */
+#define RTLDR_O_FOR_VALIDATION  RT_BIT_32(1)
 /** Mask of valid flags. */
 #define RTLDR_O_VALID_MASK      UINT32_C(0x00000001)
+#define RTLDR_O_VALID_MASK      UINT32_C(0x00000003)
 /** @} */
 …
 RTDECL(int) RTLdrOpenkLdr(const char *pszFilename, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod);
+/**
+ * Open part with reader.
+ *
+ * @returns iprt status code.
+ * @param   pReader     The loader reader instance which will provide the raw
+ *                      image bits.  The reader instance will be consumed on
+ *                      success.  On failure, the caller has to do the cleaning
+ *                      up.
+ * @param   fFlags      Valid RTLDR_O_XXX combination.
+ * @param   enmArch     Architecture specifier.
+ * @param   phMod       Where to store the handle.
+ * @param   pErrInfo    Where to return extended error information. Optional.
+ */
+RTDECL(int) RTLdrOpenWithReader(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phMod, PRTERRINFO pErrInfo);
 /**
 …
      * Returns a 32-bit or 64-bit signed integer value in the buffer. */
     RTLDRPROP_TIMESTAMP_SECONDS,
+    /** Checks if the image is signed.
+     * Returns a bool.  */
+    RTLDRPROP_IS_SIGNED,
+    /** Retrives the PKCS \#7 SignedData blob that signs the image.
+     * Returns variable sized buffer containing the ASN.1 BER encoding.
+     *
+     * @remarks This generally starts with a PKCS \#7 Content structure, the
+     *          SignedData bit is found a few levels down into this as per RFC. */
+    RTLDRPROP_PKCS7_SIGNED_DATA,
+    /** Query whether code signature checks are enabled.  */
+    RTLDRPROP_SIGNATURE_CHECKS_ENFORCED,
     /** End of valid properties.  */
     RTLDRPROP_END,
 …
  * @retval  VERR_INVALID_FUNCTION if the function value is wrong.
  * @retval  VERR_INVALID_PARAMETER if the buffer size is wrong.
+ * @retval  VERR_BUFFER_OVERFLOW if the function doesn't have a fixed size
+ *          buffer and the buffer isn't big enough.  Use RTLdrQueryPropEx.
  * @retval  VERR_INVALID_HANDLE if the handle is invalid.
+ *
 …
 RTDECL(int) RTLdrQueryProp(RTLDRMOD hLdrMod, RTLDRPROP enmProp, void *pvBuf, size_t cbBuf);
+/**
+ * Generic method for querying image properties, extended version.
+ *
+ * @returns IPRT status code.
+ * @retval  VERR_NOT_SUPPORTED if the property query isn't supported (either all
+ *          or that specific property).  The caller must handle this result.
+ * @retval  VERR_NOT_FOUND the property was not found in the module.  The caller
+ *          must also normally deal with this.
+ * @retval  VERR_INVALID_FUNCTION if the function value is wrong.
+ * @retval  VERR_INVALID_PARAMETER if the fixed buffer size is wrong. Correct
+ *          size in @a *pcbRet.
+ * @retval  VERR_BUFFER_OVERFLOW if the function doesn't have a fixed size
+ *          buffer and the buffer isn't big enough. Correct size in @a *pcbRet.
+ * @retval  VERR_INVALID_HANDLE if the handle is invalid.
+ *
+ * @param   hLdrMod         The module handle.
+ * @param   enmLdrProp      The property to query.
+ * @param   pvBuf           Pointer to the return buffer.
+ * @param   cbBuf           The size of the return buffer.
+ * @param   pcbRet          Where to return the amount of data returned.  On
+ *                          buffer size errors, this is set to the correct size.
+ *                          Optional.
+ */
+RTDECL(int) RTLdrQueryPropEx(RTLDRMOD hLdrMod, RTLDRPROP enmProp, void *pvBuf, size_t cbBuf, size_t *pcbBuf);
+/**
+ * Signature type, see FNRTLDRVALIDATESIGNEDDATA.
+ */
+typedef enum RTLDRSIGNATURETYPE
+{
+    /** Invalid value. */
+    RTLDRSIGNATURETYPE_INVALID = 0,
+    /** A RTPKCS7CONTENTINFO structure w/ RTPKCS7SIGNEDDATA inside.
+     * It's parsed, so the whole binary ASN.1 representation can be found by
+     * using RTASN1CORE_GET_RAW_ASN1_PTR() and RTASN1CORE_GET_RAW_ASN1_SIZE(). */
+    RTLDRSIGNATURETYPE_PKCS7_SIGNED_DATA,
+    /** End of valid values. */
+    RTLDRSIGNATURETYPE_END,
+    /** Make sure the size is 32-bit. */
+    RTLDRSIGNATURETYPE_32BIT_HACK = 0x7fffffff
+} RTLDRSIGNATURETYPE;
+/**
+ * Callback used by RTLdrVerifySignature to verify the signature and associated
+ * certificates.
+ *
+ * @returns IPRT status code.
+ * @param   hLdrMod         The module handle.
+ * @param   enmSignature    The signature format.
+ * @param   pvSignature     The signature data. Format given by @a enmSignature.
+ * @param   cbSignature     The size of the buffer @a pvSignature points to.
+ * @param   pErrInfo        Pointer to an error info buffer, optional.
+ * @param   pvUser          User argument.
+ *
+ */
+typedef DECLCALLBACK(int) FNRTLDRVALIDATESIGNEDDATA(RTLDRMOD hLdrMod, RTLDRSIGNATURETYPE enmSignature, void const *pvSignature, size_t cbSignature,
+                                                    PRTERRINFO pErrInfo, void *pvUser);
+/** Pointer to a signature verification callback. */
+typedef FNRTLDRVALIDATESIGNEDDATA *PFNRTLDRVALIDATESIGNEDDATA;
+/**
+ * Verify the image signature.
+ *
+ * This may permform additional integrity checks on the image structures that
+ * was not done when opening the image.
+ *
+ * @returns IPRT status code.
+ * @retval  VERR_LDRVI_NOT_SIGNED if not signed.
+ *
+ * @param   hLdrMod         The module handle.
+ * @param   pfnCallback     Callback that does the signature and certificate
+ *                          verficiation.
+ * @param   pvUser          User argument for the callback.
+ * @param   pErrInfo        Pointer to an error info buffer. Optional.
+ */
+RTDECL(int) RTLdrVerifySignature(RTLDRMOD hLdrMod, PFNRTLDRVALIDATESIGNEDDATA pfnCallback, void *pvUser, PRTERRINFO pErrInfo);
+/**
+ * Calculate the image hash according the image signing rules.
+ *
+ * @returns IPRT status code.
+ * @param   hLdrMod         The module handle.
+ * @param   enmDigest       Which kind of digest.
+ * @param   pszDigest       Where to store the image digest.
+ * @param   cbDigest        Size of the buffer @a pszDigest points at.
+ */
+RTDECL(int) RTLdrHashImage(RTLDRMOD hLdrMod, RTDIGESTTYPE enmDigest, char *pszDigest, size_t cbDigest);
 RT_C_DECLS_END

trunk/include/iprt/log.h

-              r46392
+              r51770
 RTDECL(void) RTLogPrintfV(const char *pszFormat, va_list args);
+/**
+ * Dumper vprintf-like function outputting to a logger.
+ *
+ * @param   pvUser          Pointer to the logger instance to use, NULL for
+ *                          default instance.
+ * @param   pszFormat       Format string.
+ * @param   va              Format arguments.
+ */
+RTDECL(void) RTLogDumpPrintfV(void *pvUser, const char *pszFormat, va_list va);
 #ifndef DECLARED_FNRTSTROUTPUT          /* duplicated in iprt/string.h */

trunk/include/iprt/mangling.h

-              r51767
+              r51770
 # define RTAvlULRemoveBestFit                           RT_MANGLER(RTAvlULRemoveBestFit)
 # define RTBase64Decode                                 RT_MANGLER(RTBase64Decode)
+# define RTBase64DecodeEx                               RT_MANGLER(RTBase64DecodeEx)
 # define RTBase64DecodedSize                            RT_MANGLER(RTBase64DecodedSize)
+# define RTBase64DecodedSizeEx                          RT_MANGLER(RTBase64DecodedSizeEx)
 # define RTBase64Encode                                 RT_MANGLER(RTBase64Encode)
 # define RTBase64EncodedLength                          RT_MANGLER(RTBase64EncodedLength)
 …
 # define RTLogPrintf                                    RT_MANGLER(RTLogPrintf)
 # define RTLogPrintfV                                   RT_MANGLER(RTLogPrintfV)
+# define RTLogDumpPrintfV                               RT_MANGLER(RTLogDumpPrintfV)
 # define RTLogRelDefaultInstance                        RT_MANGLER(RTLogRelDefaultInstance)
 # define RTLogRelLogger                                 RT_MANGLER(RTLogRelLogger)
 …
 # define RTProcGetPriority                              RT_MANGLER(RTProcGetPriority)
 # define RTProcIsRunningByName                          RT_MANGLER(RTProcIsRunningByName)
+# define RTProcQueryParent                              RT_MANGLER(RTProcQueryParent)
 # define RTProcQueryUsername                            RT_MANGLER(RTProcQueryUsername)
 # define RTProcQueryUsernameA                           RT_MANGLER(RTProcQueryUsernameA)
 …
 # define RTStrmPrintf                                   RT_MANGLER(RTStrmPrintf)
 # define RTStrmPrintfV                                  RT_MANGLER(RTStrmPrintfV)
+# define RTStrmDumpPrintfV                              RT_MANGLER(RTStrmDumpPrintfV)
 # define RTStrmPutCh                                    RT_MANGLER(RTStrmPutCh)
 # define RTStrmPutStr                                   RT_MANGLER(RTStrmPutStr)
 …
 # define RTUtf16CalcUtf8LenEx                           RT_MANGLER(RTUtf16CalcUtf8LenEx)
 # define RTUtf16Cmp                                     RT_MANGLER(RTUtf16Cmp)
+# define RTUtf16CmpAscii                                RT_MANGLER(RTUtf16CmpAscii)
 # define RTUtf16DupExTag                                RT_MANGLER(RTUtf16DupExTag)
 # define RTUtf16DupTag                                  RT_MANGLER(RTUtf16DupTag)
 …
 # define RTZipTarFsStreamFromIoStream                   RT_MANGLER(RTZipTarFsStreamFromIoStream)
 # define RTZipXarFsStreamFromIoStream                   RT_MANGLER(RTZipXarFsStreamFromIoStream)
+/* sort/merge into the above later: */
+# define RTAsn1ContentAllocZ                            RT_MANGLER(RTAsn1ContentAllocZ)
+# define RTAsn1ContentDup                               RT_MANGLER(RTAsn1ContentDup)
+# define RTAsn1ContentFree                              RT_MANGLER(RTAsn1ContentFree)
+# define RTAsn1ContentReallocZ                          RT_MANGLER(RTAsn1ContentReallocZ)
+# define RTAsn1ContextTagN_Clone                        RT_MANGLER(RTAsn1ContextTagN_Clone)
+# define RTAsn1ContextTagN_Init                         RT_MANGLER(RTAsn1ContextTagN_Init)
+# define RTAsn1Dummy_InitEx                             RT_MANGLER(RTAsn1Dummy_InitEx)
+# define RTAsn1MemAllocZ                                RT_MANGLER(RTAsn1MemAllocZ)
+# define RTAsn1MemDup                                   RT_MANGLER(RTAsn1MemDup)
+# define RTAsn1MemFree                                  RT_MANGLER(RTAsn1MemFree)
+# define RTAsn1MemGrowArray                             RT_MANGLER(RTAsn1MemGrowArray)
+# define RTAsn1MemInitAllocation                        RT_MANGLER(RTAsn1MemInitAllocation)
+# define RTAsn1SeqOfCore_Clone                          RT_MANGLER(RTAsn1SeqOfCore_Clone)
+# define RTAsn1SeqOfCore_Init                           RT_MANGLER(RTAsn1SeqOfCore_Init)
+# define RTAsn1SequenceCore_Clone                       RT_MANGLER(RTAsn1SequenceCore_Clone)
+# define RTAsn1SequenceCore_Init                        RT_MANGLER(RTAsn1SequenceCore_Init)
+# define RTAsn1SetCore_Clone                            RT_MANGLER(RTAsn1SetCore_Clone)
+# define RTAsn1SetCore_Init                             RT_MANGLER(RTAsn1SetCore_Init)
+# define RTAsn1SetOfCore_Clone                          RT_MANGLER(RTAsn1SetOfCore_Clone)
+# define RTAsn1SetOfCore_Init                           RT_MANGLER(RTAsn1SetOfCore_Init)
+# define RTAsn1VtCheckSanity                            RT_MANGLER(RTAsn1VtCheckSanity)
+# define RTAsn1VtClone                                  RT_MANGLER(RTAsn1VtClone)
+# define RTAsn1VtCompare                                RT_MANGLER(RTAsn1VtCompare)
+# define RTAsn1VtDeepEnum                               RT_MANGLER(RTAsn1VtDeepEnum)
+# define RTAsn1VtDelete                                 RT_MANGLER(RTAsn1VtDelete)
+# define RTAsn1CursorCheckEnd                           RT_MANGLER(RTAsn1CursorCheckEnd)
+# define RTAsn1CursorGetBitString                       RT_MANGLER(RTAsn1CursorGetBitString)
+# define RTAsn1CursorGetBitStringEx                     RT_MANGLER(RTAsn1CursorGetBitStringEx)
+# define RTAsn1CursorGetBmpString                       RT_MANGLER(RTAsn1CursorGetBmpString)
+# define RTAsn1CursorGetBoolean                         RT_MANGLER(RTAsn1CursorGetBoolean)
+# define RTAsn1CursorGetContextTagNCursor               RT_MANGLER(RTAsn1CursorGetContextTagNCursor)
+# define RTAsn1CursorGetCore                            RT_MANGLER(RTAsn1CursorGetCore)
+# define RTAsn1CursorGetDynType                         RT_MANGLER(RTAsn1CursorGetDynType)
+# define RTAsn1CursorGetIa5String                       RT_MANGLER(RTAsn1CursorGetIa5String)
+# define RTAsn1CursorGetInteger                         RT_MANGLER(RTAsn1CursorGetInteger)
+# define RTAsn1CursorGetNull                            RT_MANGLER(RTAsn1CursorGetNull)
+# define RTAsn1CursorGetObjId                           RT_MANGLER(RTAsn1CursorGetObjId)
+# define RTAsn1CursorGetOctetString                     RT_MANGLER(RTAsn1CursorGetOctetString)
+# define RTAsn1CursorGetSequenceCursor                  RT_MANGLER(RTAsn1CursorGetSequenceCursor)
+# define RTAsn1CursorGetSetCursor                       RT_MANGLER(RTAsn1CursorGetSetCursor)
+# define RTAsn1CursorGetString                          RT_MANGLER(RTAsn1CursorGetString)
+# define RTAsn1CursorGetTime                            RT_MANGLER(RTAsn1CursorGetTime)
+# define RTAsn1CursorGetUtf8String                      RT_MANGLER(RTAsn1CursorGetUtf8String)
+# define RTAsn1CursorInitAllocation                     RT_MANGLER(RTAsn1CursorInitAllocation)
+# define RTAsn1CursorInitPrimary                        RT_MANGLER(RTAsn1CursorInitPrimary)
+# define RTAsn1CursorInitSubFromCore                    RT_MANGLER(RTAsn1CursorInitSubFromCore)
+# define RTAsn1CursorIsNextEx                           RT_MANGLER(RTAsn1CursorIsNextEx)
+# define RTAsn1CursorMatchTagClassFlagsEx               RT_MANGLER(RTAsn1CursorMatchTagClassFlagsEx)
+# define RTAsn1CursorPeek                               RT_MANGLER(RTAsn1CursorPeek)
+# define RTAsn1CursorReadHdr                            RT_MANGLER(RTAsn1CursorReadHdr)
+# define RTAsn1CursorSetInfo                            RT_MANGLER(RTAsn1CursorSetInfo)
+# define RTAsn1CursorSetInfoV                           RT_MANGLER(RTAsn1CursorSetInfoV)
+# define RTAsn1Dump                                     RT_MANGLER(RTAsn1Dump)
+# define RTAsn1EncodePrepare                            RT_MANGLER(RTAsn1EncodePrepare)
+# define RTAsn1EncodeRecalcHdrSize                      RT_MANGLER(RTAsn1EncodeRecalcHdrSize)
+# define RTAsn1EncodeWrite                              RT_MANGLER(RTAsn1EncodeWrite)
+# define RTAsnEncodeWriteHeader                         RT_MANGLER(RTAsnEncodeWriteHeader)
+# define RTAsn1BitString_CheckSanity                    RT_MANGLER(RTAsn1BitString_CheckSanity)
+# define RTAsn1BitString_Clone                          RT_MANGLER(RTAsn1BitString_Clone)
+# define RTAsn1BitString_Compare                        RT_MANGLER(RTAsn1BitString_Compare)
+# define RTAsn1BitString_Delete                         RT_MANGLER(RTAsn1BitString_Delete)
+# define RTAsn1BitString_Enum                           RT_MANGLER(RTAsn1BitString_Enum)
+# define RTAsn1BitString_GetAsUInt64                    RT_MANGLER(RTAsn1BitString_GetAsUInt64)
+# define RTAsn1BitString_Init                           RT_MANGLER(RTAsn1BitString_Init)
+# define RTAsn1SeqOfBitStrings_CheckSanity              RT_MANGLER(RTAsn1SeqOfBitStrings_CheckSanity)
+# define RTAsn1SeqOfBitStrings_Clone                    RT_MANGLER(RTAsn1SeqOfBitStrings_Clone)
+# define RTAsn1SeqOfBitStrings_Compare                  RT_MANGLER(RTAsn1SeqOfBitStrings_Compare)
+# define RTAsn1SeqOfBitStrings_Delete                   RT_MANGLER(RTAsn1SeqOfBitStrings_Delete)
+# define RTAsn1SeqOfBitStrings_Enum                     RT_MANGLER(RTAsn1SeqOfBitStrings_Enum)
+# define RTAsn1SeqOfBitStrings_Init                     RT_MANGLER(RTAsn1SeqOfBitStrings_Init)
+# define RTAsn1SetOfBitStrings_CheckSanity              RT_MANGLER(RTAsn1SetOfBitStrings_CheckSanity)
+# define RTAsn1SetOfBitStrings_Clone                    RT_MANGLER(RTAsn1SetOfBitStrings_Clone)
+# define RTAsn1SetOfBitStrings_Compare                  RT_MANGLER(RTAsn1SetOfBitStrings_Compare)
+# define RTAsn1SetOfBitStrings_Delete                   RT_MANGLER(RTAsn1SetOfBitStrings_Delete)
+# define RTAsn1SetOfBitStrings_Enum                     RT_MANGLER(RTAsn1SetOfBitStrings_Enum)
+# define RTAsn1SetOfBitStrings_Init                     RT_MANGLER(RTAsn1SetOfBitStrings_Init)
+# define RTAsn1BitString_DecodeAsn1                     RT_MANGLER(RTAsn1BitString_DecodeAsn1)
+# define RTAsn1BitString_DecodeAsn1Ex                   RT_MANGLER(RTAsn1BitString_DecodeAsn1Ex)
+# define RTAsn1SeqOfBitStrings_DecodeAsn1               RT_MANGLER(RTAsn1SeqOfBitStrings_DecodeAsn1)
+# define RTAsn1SetOfBitStrings_DecodeAsn1               RT_MANGLER(RTAsn1SetOfBitStrings_DecodeAsn1)
+# define RTAsn1Boolean_CheckSanity                      RT_MANGLER(RTAsn1Boolean_CheckSanity)
+# define RTAsn1Boolean_Clone                            RT_MANGLER(RTAsn1Boolean_Clone)
+# define RTAsn1Boolean_Compare                          RT_MANGLER(RTAsn1Boolean_Compare)
+# define RTAsn1Boolean_Delete                           RT_MANGLER(RTAsn1Boolean_Delete)
+# define RTAsn1Boolean_Enum                             RT_MANGLER(RTAsn1Boolean_Enum)
+# define RTAsn1Boolean_Init                             RT_MANGLER(RTAsn1Boolean_Init)
+# define RTAsn1Boolean_InitDefault                      RT_MANGLER(RTAsn1Boolean_InitDefault)
+# define RTAsn1Boolean_Set                              RT_MANGLER(RTAsn1Boolean_Set)
+# define RTAsn1SeqOfBooleans_CheckSanity                RT_MANGLER(RTAsn1SeqOfBooleans_CheckSanity)
+# define RTAsn1SeqOfBooleans_Clone                      RT_MANGLER(RTAsn1SeqOfBooleans_Clone)
+# define RTAsn1SeqOfBooleans_Compare                    RT_MANGLER(RTAsn1SeqOfBooleans_Compare)
+# define RTAsn1SeqOfBooleans_Delete                     RT_MANGLER(RTAsn1SeqOfBooleans_Delete)
+# define RTAsn1SeqOfBooleans_Enum                       RT_MANGLER(RTAsn1SeqOfBooleans_Enum)
+# define RTAsn1SeqOfBooleans_Init                       RT_MANGLER(RTAsn1SeqOfBooleans_Init)
+# define RTAsn1SetOfBooleans_CheckSanity                RT_MANGLER(RTAsn1SetOfBooleans_CheckSanity)
+# define RTAsn1SetOfBooleans_Clone                      RT_MANGLER(RTAsn1SetOfBooleans_Clone)
+# define RTAsn1SetOfBooleans_Compare                    RT_MANGLER(RTAsn1SetOfBooleans_Compare)
+# define RTAsn1SetOfBooleans_Delete                     RT_MANGLER(RTAsn1SetOfBooleans_Delete)
+# define RTAsn1SetOfBooleans_Enum                       RT_MANGLER(RTAsn1SetOfBooleans_Enum)
+# define RTAsn1SetOfBooleans_Init                       RT_MANGLER(RTAsn1SetOfBooleans_Init)
+# define RTAsn1Boolean_DecodeAsn1                       RT_MANGLER(RTAsn1Boolean_DecodeAsn1)
+# define RTAsn1SeqOfBooleans_DecodeAsn1                 RT_MANGLER(RTAsn1SeqOfBooleans_DecodeAsn1)
+# define RTAsn1SetOfBooleans_DecodeAsn1                 RT_MANGLER(RTAsn1SetOfBooleans_DecodeAsn1)
+# define RTAsn1Core_ChangeTag                           RT_MANGLER(RTAsn1Core_ChangeTag)
+# define RTAsn1Core_CheckSanity                         RT_MANGLER(RTAsn1Core_CheckSanity)
+# define RTAsn1Core_Clone                               RT_MANGLER(RTAsn1Core_Clone)
+# define RTAsn1Core_CloneContent                        RT_MANGLER(RTAsn1Core_CloneContent)
+# define RTAsn1Core_CloneNoContent                      RT_MANGLER(RTAsn1Core_CloneNoContent)
+# define RTAsn1Core_Compare                             RT_MANGLER(RTAsn1Core_Compare)
+# define RTAsn1Core_CompareEx                           RT_MANGLER(RTAsn1Core_CompareEx)
+# define RTAsn1Core_Delete                              RT_MANGLER(RTAsn1Core_Delete)
+# define RTAsn1Core_Enum                                RT_MANGLER(RTAsn1Core_Enum)
+# define RTAsn1Core_Init                                RT_MANGLER(RTAsn1Core_Init)
+# define RTAsn1Core_InitDefault                         RT_MANGLER(RTAsn1Core_InitDefault)
+# define RTAsn1Core_InitEx                              RT_MANGLER(RTAsn1Core_InitEx)
+# define RTAsn1Core_ResetImplict                        RT_MANGLER(RTAsn1Core_ResetImplict)
+# define RTAsn1Core_SetTagAndFlags                      RT_MANGLER(RTAsn1Core_SetTagAndFlags)
+# define RTAsn1SeqOfCores_CheckSanity                   RT_MANGLER(RTAsn1SeqOfCores_CheckSanity)
+# define RTAsn1SeqOfCores_Clone                         RT_MANGLER(RTAsn1SeqOfCores_Clone)
+# define RTAsn1SeqOfCores_Compare                       RT_MANGLER(RTAsn1SeqOfCores_Compare)
+# define RTAsn1SeqOfCores_Delete                        RT_MANGLER(RTAsn1SeqOfCores_Delete)
+# define RTAsn1SeqOfCores_Enum                          RT_MANGLER(RTAsn1SeqOfCores_Enum)
+# define RTAsn1SeqOfCores_Init                          RT_MANGLER(RTAsn1SeqOfCores_Init)
+# define RTAsn1SetOfCores_CheckSanity                   RT_MANGLER(RTAsn1SetOfCores_CheckSanity)
+# define RTAsn1SetOfCores_Clone                         RT_MANGLER(RTAsn1SetOfCores_Clone)
+# define RTAsn1SetOfCores_Compare                       RT_MANGLER(RTAsn1SetOfCores_Compare)
+# define RTAsn1SetOfCores_Delete                        RT_MANGLER(RTAsn1SetOfCores_Delete)
+# define RTAsn1SetOfCores_Enum                          RT_MANGLER(RTAsn1SetOfCores_Enum)
+# define RTAsn1SetOfCores_Init                          RT_MANGLER(RTAsn1SetOfCores_Init)
+# define RTAsn1Core_DecodeAsn1                          RT_MANGLER(RTAsn1Core_DecodeAsn1)
+# define RTAsn1SeqOfCores_DecodeAsn1                    RT_MANGLER(RTAsn1SeqOfCores_DecodeAsn1)
+# define RTAsn1SetOfCores_DecodeAsn1                    RT_MANGLER(RTAsn1SetOfCores_DecodeAsn1)
+# define RTAsn1DynType_CheckSanity                      RT_MANGLER(RTAsn1DynType_CheckSanity)
+# define RTAsn1DynType_Clone                            RT_MANGLER(RTAsn1DynType_Clone)
+# define RTAsn1DynType_Compare                          RT_MANGLER(RTAsn1DynType_Compare)
+# define RTAsn1DynType_Delete                           RT_MANGLER(RTAsn1DynType_Delete)
+# define RTAsn1DynType_Enum                             RT_MANGLER(RTAsn1DynType_Enum)
+# define RTAsn1DynType_Init                             RT_MANGLER(RTAsn1DynType_Init)
+# define RTAsn1DynType_DecodeAsn1                       RT_MANGLER(RTAsn1DynType_DecodeAsn1)
+# define RTAsn1Integer_CheckSanity                      RT_MANGLER(RTAsn1Integer_CheckSanity)
+# define RTAsn1Integer_Clone                            RT_MANGLER(RTAsn1Integer_Clone)
+# define RTAsn1Integer_Compare                          RT_MANGLER(RTAsn1Integer_Compare)
+# define RTAsn1Integer_Delete                           RT_MANGLER(RTAsn1Integer_Delete)
+# define RTAsn1Integer_Enum                             RT_MANGLER(RTAsn1Integer_Enum)
+# define RTAsn1Integer_FromBigNum                       RT_MANGLER(RTAsn1Integer_FromBigNum)
+# define RTAsn1Integer_Init                             RT_MANGLER(RTAsn1Integer_Init)
+# define RTAsn1Integer_InitDefault                      RT_MANGLER(RTAsn1Integer_InitDefault)
+# define RTAsn1Integer_InitU64                          RT_MANGLER(RTAsn1Integer_InitU64)
+# define RTAsn1Integer_ToBigNum                         RT_MANGLER(RTAsn1Integer_ToBigNum)
+# define RTAsn1Integer_UnsignedCompare                  RT_MANGLER(RTAsn1Integer_UnsignedCompare)
+# define RTAsn1Integer_UnsignedCompareWithU32           RT_MANGLER(RTAsn1Integer_UnsignedCompareWithU32)
+# define RTAsn1Integer_UnsignedCompareWithU64           RT_MANGLER(RTAsn1Integer_UnsignedCompareWithU64)
+# define RTAsn1Integer_UnsignedLastBit                  RT_MANGLER(RTAsn1Integer_UnsignedLastBit)
+# define RTAsn1SeqOfIntegers_CheckSanity                RT_MANGLER(RTAsn1SeqOfIntegers_CheckSanity)
+# define RTAsn1SeqOfIntegers_Clone                      RT_MANGLER(RTAsn1SeqOfIntegers_Clone)
+# define RTAsn1SeqOfIntegers_Compare                    RT_MANGLER(RTAsn1SeqOfIntegers_Compare)
+# define RTAsn1SeqOfIntegers_Delete                     RT_MANGLER(RTAsn1SeqOfIntegers_Delete)
+# define RTAsn1SeqOfIntegers_Enum                       RT_MANGLER(RTAsn1SeqOfIntegers_Enum)
+# define RTAsn1SeqOfIntegers_Init                       RT_MANGLER(RTAsn1SeqOfIntegers_Init)
+# define RTAsn1SetOfIntegers_CheckSanity                RT_MANGLER(RTAsn1SetOfIntegers_CheckSanity)
+# define RTAsn1SetOfIntegers_Clone                      RT_MANGLER(RTAsn1SetOfIntegers_Clone)
+# define RTAsn1SetOfIntegers_Compare                    RT_MANGLER(RTAsn1SetOfIntegers_Compare)
+# define RTAsn1SetOfIntegers_Delete                     RT_MANGLER(RTAsn1SetOfIntegers_Delete)
+# define RTAsn1SetOfIntegers_Enum                       RT_MANGLER(RTAsn1SetOfIntegers_Enum)
+# define RTAsn1SetOfIntegers_Init                       RT_MANGLER(RTAsn1SetOfIntegers_Init)
+# define RTAsn1Integer_DecodeAsn1                       RT_MANGLER(RTAsn1Integer_DecodeAsn1)
+# define RTAsn1SeqOfIntegers_DecodeAsn1                 RT_MANGLER(RTAsn1SeqOfIntegers_DecodeAsn1)
+# define RTAsn1SetOfIntegers_DecodeAsn1                 RT_MANGLER(RTAsn1SetOfIntegers_DecodeAsn1)
+# define RTAsn1Null_CheckSanity                         RT_MANGLER(RTAsn1Null_CheckSanity)
+# define RTAsn1Null_Clone                               RT_MANGLER(RTAsn1Null_Clone)
+# define RTAsn1Null_Compare                             RT_MANGLER(RTAsn1Null_Compare)
+# define RTAsn1Null_Delete                              RT_MANGLER(RTAsn1Null_Delete)
+# define RTAsn1Null_Enum                                RT_MANGLER(RTAsn1Null_Enum)
+# define RTAsn1Null_Init                                RT_MANGLER(RTAsn1Null_Init)
+# define RTAsn1Null_DecodeAsn1                          RT_MANGLER(RTAsn1Null_DecodeAsn1)
+# define RTAsn1ObjIdCountComponents                     RT_MANGLER(RTAsn1ObjIdCountComponents)
+# define RTAsn1ObjIdGetComponentsAsUInt32               RT_MANGLER(RTAsn1ObjIdGetComponentsAsUInt32)
+# define RTAsn1ObjIdGetLastComponentsAsUInt32           RT_MANGLER(RTAsn1ObjIdGetLastComponentsAsUInt32)
+# define RTAsn1ObjId_CheckSanity                        RT_MANGLER(RTAsn1ObjId_CheckSanity)
+# define RTAsn1ObjId_Clone                              RT_MANGLER(RTAsn1ObjId_Clone)
+# define RTAsn1ObjId_Compare                            RT_MANGLER(RTAsn1ObjId_Compare)
+# define RTAsn1ObjId_CompareWithString                  RT_MANGLER(RTAsn1ObjId_CompareWithString)
+# define RTAsn1ObjId_Delete                             RT_MANGLER(RTAsn1ObjId_Delete)
+# define RTAsn1ObjId_Enum                               RT_MANGLER(RTAsn1ObjId_Enum)
+# define RTAsn1ObjId_Init                               RT_MANGLER(RTAsn1ObjId_Init)
+# define RTAsn1ObjId_InitFromString                     RT_MANGLER(RTAsn1ObjId_InitFromString)
+# define RTAsn1ObjId_StartsWith                         RT_MANGLER(RTAsn1ObjId_StartsWith)
+# define RTAsn1SeqOfObjIds_CheckSanity                  RT_MANGLER(RTAsn1SeqOfObjIds_CheckSanity)
+# define RTAsn1SeqOfObjIds_Clone                        RT_MANGLER(RTAsn1SeqOfObjIds_Clone)
+# define RTAsn1SeqOfObjIds_Compare                      RT_MANGLER(RTAsn1SeqOfObjIds_Compare)
+# define RTAsn1SeqOfObjIds_Delete                       RT_MANGLER(RTAsn1SeqOfObjIds_Delete)
+# define RTAsn1SeqOfObjIds_Enum                         RT_MANGLER(RTAsn1SeqOfObjIds_Enum)
+# define RTAsn1SeqOfObjIds_Init                         RT_MANGLER(RTAsn1SeqOfObjIds_Init)
+# define RTAsn1SetOfObjIds_CheckSanity                  RT_MANGLER(RTAsn1SetOfObjIds_CheckSanity)
+# define RTAsn1SetOfObjIds_Clone                        RT_MANGLER(RTAsn1SetOfObjIds_Clone)
+# define RTAsn1SetOfObjIds_Compare                      RT_MANGLER(RTAsn1SetOfObjIds_Compare)
+# define RTAsn1SetOfObjIds_Delete                       RT_MANGLER(RTAsn1SetOfObjIds_Delete)
+# define RTAsn1SetOfObjIds_Enum                         RT_MANGLER(RTAsn1SetOfObjIds_Enum)
+# define RTAsn1SetOfObjIds_Init                         RT_MANGLER(RTAsn1SetOfObjIds_Init)
+# define RTAsn1ObjId_DecodeAsn1                         RT_MANGLER(RTAsn1ObjId_DecodeAsn1)
+# define RTAsn1SeqOfObjIds_DecodeAsn1                   RT_MANGLER(RTAsn1SeqOfObjIds_DecodeAsn1)
+# define RTAsn1SetOfObjIds_DecodeAsn1                   RT_MANGLER(RTAsn1SetOfObjIds_DecodeAsn1)
+# define RTAsn1OctetString_CheckSanity                  RT_MANGLER(RTAsn1OctetString_CheckSanity)
+# define RTAsn1OctetString_Clone                        RT_MANGLER(RTAsn1OctetString_Clone)
+# define RTAsn1OctetString_Compare                      RT_MANGLER(RTAsn1OctetString_Compare)
+# define RTAsn1OctetString_Delete                       RT_MANGLER(RTAsn1OctetString_Delete)
+# define RTAsn1OctetString_Enum                         RT_MANGLER(RTAsn1OctetString_Enum)
+# define RTAsn1OctetString_Init                         RT_MANGLER(RTAsn1OctetString_Init)
+# define RTAsn1SeqOfOctetStrings_CheckSanity            RT_MANGLER(RTAsn1SeqOfOctetStrings_CheckSanity)
+# define RTAsn1SeqOfOctetStrings_Clone                  RT_MANGLER(RTAsn1SeqOfOctetStrings_Clone)
+# define RTAsn1SeqOfOctetStrings_Compare                RT_MANGLER(RTAsn1SeqOfOctetStrings_Compare)
+# define RTAsn1SeqOfOctetStrings_Delete                 RT_MANGLER(RTAsn1SeqOfOctetStrings_Delete)
+# define RTAsn1SeqOfOctetStrings_Enum                   RT_MANGLER(RTAsn1SeqOfOctetStrings_Enum)
+# define RTAsn1SeqOfOctetStrings_Init                   RT_MANGLER(RTAsn1SeqOfOctetStrings_Init)
+# define RTAsn1SetOfOctetStrings_CheckSanity            RT_MANGLER(RTAsn1SetOfOctetStrings_CheckSanity)
+# define RTAsn1SetOfOctetStrings_Clone                  RT_MANGLER(RTAsn1SetOfOctetStrings_Clone)
+# define RTAsn1SetOfOctetStrings_Compare                RT_MANGLER(RTAsn1SetOfOctetStrings_Compare)
+# define RTAsn1SetOfOctetStrings_Delete                 RT_MANGLER(RTAsn1SetOfOctetStrings_Delete)
+# define RTAsn1SetOfOctetStrings_Enum                   RT_MANGLER(RTAsn1SetOfOctetStrings_Enum)
+# define RTAsn1SetOfOctetStrings_Init                   RT_MANGLER(RTAsn1SetOfOctetStrings_Init)
+# define RTAsn1OctetString_DecodeAsn1                   RT_MANGLER(RTAsn1OctetString_DecodeAsn1)
+# define RTAsn1SeqOfOctetStrings_DecodeAsn1             RT_MANGLER(RTAsn1SeqOfOctetStrings_DecodeAsn1)
+# define RTAsn1SetOfOctetStrings_DecodeAsn1             RT_MANGLER(RTAsn1SetOfOctetStrings_DecodeAsn1)
+# define RTAsn1BmpString_CheckSanity                    RT_MANGLER(RTAsn1BmpString_CheckSanity)
+# define RTAsn1BmpString_Clone                          RT_MANGLER(RTAsn1BmpString_Clone)
+# define RTAsn1BmpString_Compare                        RT_MANGLER(RTAsn1BmpString_Compare)
+# define RTAsn1BmpString_Delete                         RT_MANGLER(RTAsn1BmpString_Delete)
+# define RTAsn1BmpString_Enum                           RT_MANGLER(RTAsn1BmpString_Enum)
+# define RTAsn1BmpString_Init                           RT_MANGLER(RTAsn1BmpString_Init)
+# define RTAsn1GeneralString_CheckSanity                RT_MANGLER(RTAsn1GeneralString_CheckSanity)
+# define RTAsn1GeneralString_Clone                      RT_MANGLER(RTAsn1GeneralString_Clone)
+# define RTAsn1GeneralString_Compare                    RT_MANGLER(RTAsn1GeneralString_Compare)
+# define RTAsn1GeneralString_Delete                     RT_MANGLER(RTAsn1GeneralString_Delete)
+# define RTAsn1GeneralString_Enum                       RT_MANGLER(RTAsn1GeneralString_Enum)
+# define RTAsn1GeneralString_Init                       RT_MANGLER(RTAsn1GeneralString_Init)
+# define RTAsn1GraphicString_CheckSanity                RT_MANGLER(RTAsn1GraphicString_CheckSanity)
+# define RTAsn1GraphicString_Clone                      RT_MANGLER(RTAsn1GraphicString_Clone)
+# define RTAsn1GraphicString_Compare                    RT_MANGLER(RTAsn1GraphicString_Compare)
+# define RTAsn1GraphicString_Delete                     RT_MANGLER(RTAsn1GraphicString_Delete)
+# define RTAsn1GraphicString_Enum                       RT_MANGLER(RTAsn1GraphicString_Enum)
+# define RTAsn1GraphicString_Init                       RT_MANGLER(RTAsn1GraphicString_Init)
+# define RTAsn1Ia5String_CheckSanity                    RT_MANGLER(RTAsn1Ia5String_CheckSanity)
+# define RTAsn1Ia5String_Clone                          RT_MANGLER(RTAsn1Ia5String_Clone)
+# define RTAsn1Ia5String_Compare                        RT_MANGLER(RTAsn1Ia5String_Compare)
+# define RTAsn1Ia5String_Delete                         RT_MANGLER(RTAsn1Ia5String_Delete)
+# define RTAsn1Ia5String_Enum                           RT_MANGLER(RTAsn1Ia5String_Enum)
+# define RTAsn1Ia5String_Init                           RT_MANGLER(RTAsn1Ia5String_Init)
+# define RTAsn1NumericString_CheckSanity                RT_MANGLER(RTAsn1NumericString_CheckSanity)
+# define RTAsn1NumericString_Clone                      RT_MANGLER(RTAsn1NumericString_Clone)
+# define RTAsn1NumericString_Compare                    RT_MANGLER(RTAsn1NumericString_Compare)
+# define RTAsn1NumericString_Delete                     RT_MANGLER(RTAsn1NumericString_Delete)
+# define RTAsn1NumericString_Enum                       RT_MANGLER(RTAsn1NumericString_Enum)
+# define RTAsn1NumericString_Init                       RT_MANGLER(RTAsn1NumericString_Init)
+# define RTAsn1PrintableString_CheckSanity              RT_MANGLER(RTAsn1PrintableString_CheckSanity)
+# define RTAsn1PrintableString_Clone                    RT_MANGLER(RTAsn1PrintableString_Clone)
+# define RTAsn1PrintableString_Compare                  RT_MANGLER(RTAsn1PrintableString_Compare)
+# define RTAsn1PrintableString_Delete                   RT_MANGLER(RTAsn1PrintableString_Delete)
+# define RTAsn1PrintableString_Enum                     RT_MANGLER(RTAsn1PrintableString_Enum)
+# define RTAsn1PrintableString_Init                     RT_MANGLER(RTAsn1PrintableString_Init)
+# define RTAsn1SeqOfStrings_CheckSanity                 RT_MANGLER(RTAsn1SeqOfStrings_CheckSanity)
+# define RTAsn1SeqOfStrings_Clone                       RT_MANGLER(RTAsn1SeqOfStrings_Clone)
+# define RTAsn1SeqOfStrings_Compare                     RT_MANGLER(RTAsn1SeqOfStrings_Compare)
+# define RTAsn1SeqOfStrings_Delete                      RT_MANGLER(RTAsn1SeqOfStrings_Delete)
+# define RTAsn1SeqOfStrings_Enum                        RT_MANGLER(RTAsn1SeqOfStrings_Enum)
+# define RTAsn1SeqOfStrings_Init                        RT_MANGLER(RTAsn1SeqOfStrings_Init)
+# define RTAsn1SetOfStrings_CheckSanity                 RT_MANGLER(RTAsn1SetOfStrings_CheckSanity)
+# define RTAsn1SetOfStrings_Clone                       RT_MANGLER(RTAsn1SetOfStrings_Clone)
+# define RTAsn1SetOfStrings_Compare                     RT_MANGLER(RTAsn1SetOfStrings_Compare)
+# define RTAsn1SetOfStrings_Delete                      RT_MANGLER(RTAsn1SetOfStrings_Delete)
+# define RTAsn1SetOfStrings_Enum                        RT_MANGLER(RTAsn1SetOfStrings_Enum)
+# define RTAsn1SetOfStrings_Init                        RT_MANGLER(RTAsn1SetOfStrings_Init)
+# define RTAsn1String_CheckSanity                       RT_MANGLER(RTAsn1String_CheckSanity)
+# define RTAsn1String_Clone                             RT_MANGLER(RTAsn1String_Clone)
+# define RTAsn1String_Compare                           RT_MANGLER(RTAsn1String_Compare)
+# define RTAsn1String_CompareEx                         RT_MANGLER(RTAsn1String_CompareEx)
+# define RTAsn1String_CompareWithString                 RT_MANGLER(RTAsn1String_CompareWithString)
+# define RTAsn1String_Delete                            RT_MANGLER(RTAsn1String_Delete)
+# define RTAsn1String_Enum                              RT_MANGLER(RTAsn1String_Enum)
+# define RTAsn1String_Init                              RT_MANGLER(RTAsn1String_Init)
+# define RTAsn1String_InitEx                            RT_MANGLER(RTAsn1String_InitEx)
+# define RTAsn1String_InitWithValue                     RT_MANGLER(RTAsn1String_InitWithValue)
+# define RTAsn1String_QueryUtf8                         RT_MANGLER(RTAsn1String_QueryUtf8)
+# define RTAsn1String_QueryUtf8Len                      RT_MANGLER(RTAsn1String_QueryUtf8Len)
+# define RTAsn1String_RecodeAsUtf8                      RT_MANGLER(RTAsn1String_RecodeAsUtf8)
+# define RTAsn1T61String_CheckSanity                    RT_MANGLER(RTAsn1T61String_CheckSanity)
+# define RTAsn1T61String_Clone                          RT_MANGLER(RTAsn1T61String_Clone)
+# define RTAsn1T61String_Compare                        RT_MANGLER(RTAsn1T61String_Compare)
+# define RTAsn1T61String_Delete                         RT_MANGLER(RTAsn1T61String_Delete)
+# define RTAsn1T61String_Enum                           RT_MANGLER(RTAsn1T61String_Enum)
+# define RTAsn1T61String_Init                           RT_MANGLER(RTAsn1T61String_Init)
+# define RTAsn1UniversalString_CheckSanity              RT_MANGLER(RTAsn1UniversalString_CheckSanity)
+# define RTAsn1UniversalString_Clone                    RT_MANGLER(RTAsn1UniversalString_Clone)
+# define RTAsn1UniversalString_Compare                  RT_MANGLER(RTAsn1UniversalString_Compare)
+# define RTAsn1UniversalString_Delete                   RT_MANGLER(RTAsn1UniversalString_Delete)
+# define RTAsn1UniversalString_Enum                     RT_MANGLER(RTAsn1UniversalString_Enum)
+# define RTAsn1UniversalString_Init                     RT_MANGLER(RTAsn1UniversalString_Init)
+# define RTAsn1Utf8String_CheckSanity                   RT_MANGLER(RTAsn1Utf8String_CheckSanity)
+# define RTAsn1Utf8String_Clone                         RT_MANGLER(RTAsn1Utf8String_Clone)
+# define RTAsn1Utf8String_Compare                       RT_MANGLER(RTAsn1Utf8String_Compare)
+# define RTAsn1Utf8String_Delete                        RT_MANGLER(RTAsn1Utf8String_Delete)
+# define RTAsn1Utf8String_Enum                          RT_MANGLER(RTAsn1Utf8String_Enum)
+# define RTAsn1Utf8String_Init                          RT_MANGLER(RTAsn1Utf8String_Init)
+# define RTAsn1VisibleString_CheckSanity                RT_MANGLER(RTAsn1VisibleString_CheckSanity)
+# define RTAsn1VisibleString_Clone                      RT_MANGLER(RTAsn1VisibleString_Clone)
+# define RTAsn1VisibleString_Compare                    RT_MANGLER(RTAsn1VisibleString_Compare)
+# define RTAsn1VisibleString_Delete                     RT_MANGLER(RTAsn1VisibleString_Delete)
+# define RTAsn1VisibleString_Enum                       RT_MANGLER(RTAsn1VisibleString_Enum)
+# define RTAsn1VisibleString_Init                       RT_MANGLER(RTAsn1VisibleString_Init)
+# define RTAsn1BmpString_DecodeAsn1                     RT_MANGLER(RTAsn1BmpString_DecodeAsn1)
+# define RTAsn1GeneralString_DecodeAsn1                 RT_MANGLER(RTAsn1GeneralString_DecodeAsn1)
+# define RTAsn1GraphicString_DecodeAsn1                 RT_MANGLER(RTAsn1GraphicString_DecodeAsn1)
+# define RTAsn1Ia5String_DecodeAsn1                     RT_MANGLER(RTAsn1Ia5String_DecodeAsn1)
+# define RTAsn1NumericString_DecodeAsn1                 RT_MANGLER(RTAsn1NumericString_DecodeAsn1)
+# define RTAsn1PrintableString_DecodeAsn1               RT_MANGLER(RTAsn1PrintableString_DecodeAsn1)
+# define RTAsn1SeqOfStrings_DecodeAsn1                  RT_MANGLER(RTAsn1SeqOfStrings_DecodeAsn1)
+# define RTAsn1SetOfStrings_DecodeAsn1                  RT_MANGLER(RTAsn1SetOfStrings_DecodeAsn1)
+# define RTAsn1String_DecodeAsn1                        RT_MANGLER(RTAsn1String_DecodeAsn1)
+# define RTAsn1T61String_DecodeAsn1                     RT_MANGLER(RTAsn1T61String_DecodeAsn1)
+# define RTAsn1UniversalString_DecodeAsn1               RT_MANGLER(RTAsn1UniversalString_DecodeAsn1)
+# define RTAsn1Utf8String_DecodeAsn1                    RT_MANGLER(RTAsn1Utf8String_DecodeAsn1)
+# define RTAsn1VisibleString_DecodeAsn1                 RT_MANGLER(RTAsn1VisibleString_DecodeAsn1)
+# define RTAsn1GeneralizedTime_CheckSanity              RT_MANGLER(RTAsn1GeneralizedTime_CheckSanity)
+# define RTAsn1GeneralizedTime_Clone                    RT_MANGLER(RTAsn1GeneralizedTime_Clone)
+# define RTAsn1GeneralizedTime_Compare                  RT_MANGLER(RTAsn1GeneralizedTime_Compare)
+# define RTAsn1GeneralizedTime_Delete                   RT_MANGLER(RTAsn1GeneralizedTime_Delete)
+# define RTAsn1GeneralizedTime_Enum                     RT_MANGLER(RTAsn1GeneralizedTime_Enum)
+# define RTAsn1GeneralizedTime_Init                     RT_MANGLER(RTAsn1GeneralizedTime_Init)
+# define RTAsn1SeqOfTimes_CheckSanity                   RT_MANGLER(RTAsn1SeqOfTimes_CheckSanity)
+# define RTAsn1SeqOfTimes_Clone                         RT_MANGLER(RTAsn1SeqOfTimes_Clone)
+# define RTAsn1SeqOfTimes_Compare                       RT_MANGLER(RTAsn1SeqOfTimes_Compare)
+# define RTAsn1SeqOfTimes_Delete                        RT_MANGLER(RTAsn1SeqOfTimes_Delete)
+# define RTAsn1SeqOfTimes_Enum                          RT_MANGLER(RTAsn1SeqOfTimes_Enum)
+# define RTAsn1SeqOfTimes_Init                          RT_MANGLER(RTAsn1SeqOfTimes_Init)
+# define RTAsn1SetOfTimes_CheckSanity                   RT_MANGLER(RTAsn1SetOfTimes_CheckSanity)
+# define RTAsn1SetOfTimes_Clone                         RT_MANGLER(RTAsn1SetOfTimes_Clone)
+# define RTAsn1SetOfTimes_Compare                       RT_MANGLER(RTAsn1SetOfTimes_Compare)
+# define RTAsn1SetOfTimes_Delete                        RT_MANGLER(RTAsn1SetOfTimes_Delete)
+# define RTAsn1SetOfTimes_Enum                          RT_MANGLER(RTAsn1SetOfTimes_Enum)
+# define RTAsn1SetOfTimes_Init                          RT_MANGLER(RTAsn1SetOfTimes_Init)
+# define RTAsn1Time_CheckSanity                         RT_MANGLER(RTAsn1Time_CheckSanity)
+# define RTAsn1Time_Clone                               RT_MANGLER(RTAsn1Time_Clone)
+# define RTAsn1Time_Compare                             RT_MANGLER(RTAsn1Time_Compare)
+# define RTAsn1Time_CompareWithTimeSpec                 RT_MANGLER(RTAsn1Time_CompareWithTimeSpec)
+# define RTAsn1Time_Delete                              RT_MANGLER(RTAsn1Time_Delete)
+# define RTAsn1Time_Enum                                RT_MANGLER(RTAsn1Time_Enum)
+# define RTAsn1Time_Init                                RT_MANGLER(RTAsn1Time_Init)
+# define RTAsn1UtcTime_CheckSanity                      RT_MANGLER(RTAsn1UtcTime_CheckSanity)
+# define RTAsn1UtcTime_Clone                            RT_MANGLER(RTAsn1UtcTime_Clone)
+# define RTAsn1UtcTime_Compare                          RT_MANGLER(RTAsn1UtcTime_Compare)
+# define RTAsn1UtcTime_Delete                           RT_MANGLER(RTAsn1UtcTime_Delete)
+# define RTAsn1UtcTime_Enum                             RT_MANGLER(RTAsn1UtcTime_Enum)
+# define RTAsn1UtcTime_Init                             RT_MANGLER(RTAsn1UtcTime_Init)
+# define RTAsn1GeneralizedTime_DecodeAsn1               RT_MANGLER(RTAsn1GeneralizedTime_DecodeAsn1)
+# define RTAsn1SeqOfTimes_DecodeAsn1                    RT_MANGLER(RTAsn1SeqOfTimes_DecodeAsn1)
+# define RTAsn1SetOfTimes_DecodeAsn1                    RT_MANGLER(RTAsn1SetOfTimes_DecodeAsn1)
+# define RTAsn1Time_DecodeAsn1                          RT_MANGLER(RTAsn1Time_DecodeAsn1)
+# define RTAsn1UtcTime_DecodeAsn1                       RT_MANGLER(RTAsn1UtcTime_DecodeAsn1)
+# define RTMd2                                          RT_MANGLER(RTMd2)
+# define RTMd2Final                                     RT_MANGLER(RTMd2Final)
+# define RTMd2Init                                      RT_MANGLER(RTMd2Init)
+# define RTMd2Update                                    RT_MANGLER(RTMd2Update)
+# define RTMd2FromString                                RT_MANGLER(RTMd2FromString)
+# define RTMd2ToString                                  RT_MANGLER(RTMd2ToString)
+# define RTCrDigestClone                                RT_MANGLER(RTCrDigestClone)
+# define RTCrDigestCreate                               RT_MANGLER(RTCrDigestCreate)
+# define RTCrDigestFinal                                RT_MANGLER(RTCrDigestFinal)
+# define RTCrDigestGetConsumedSize                      RT_MANGLER(RTCrDigestGetConsumedSize)
+# define RTCrDigestGetHash                              RT_MANGLER(RTCrDigestGetHash)
+# define RTCrDigestGetHashSize                          RT_MANGLER(RTCrDigestGetHashSize)
+# define RTCrDigestGetType                              RT_MANGLER(RTCrDigestGetType)
+# define RTCrDigestIsFinalized                          RT_MANGLER(RTCrDigestIsFinalized)
+# define RTCrDigestMatch                                RT_MANGLER(RTCrDigestMatch)
+# define RTCrDigestRelease                              RT_MANGLER(RTCrDigestRelease)
+# define RTCrDigestReset                                RT_MANGLER(RTCrDigestReset)
+# define RTCrDigestRetain                               RT_MANGLER(RTCrDigestRetain)
+# define RTCrDigestUpdate                               RT_MANGLER(RTCrDigestUpdate)
+# define RTCrDigestCreateByObjId                        RT_MANGLER(RTCrDigestCreateByObjId)
+# define RTCrDigestCreateByObjIdString                  RT_MANGLER(RTCrDigestCreateByObjIdString)
+# define RTCrRsaDigestInfo_DecodeAsn1                   RT_MANGLER(RTCrRsaDigestInfo_DecodeAsn1)
+# define RTCrRsaOtherPrimeInfo_DecodeAsn1               RT_MANGLER(RTCrRsaOtherPrimeInfo_DecodeAsn1)
+# define RTCrRsaOtherPrimeInfos_DecodeAsn1              RT_MANGLER(RTCrRsaOtherPrimeInfos_DecodeAsn1)
+# define RTCrRsaPrivateKey_DecodeAsn1                   RT_MANGLER(RTCrRsaPrivateKey_DecodeAsn1)
+# define RTCrRsaPublicKey_DecodeAsn1                    RT_MANGLER(RTCrRsaPublicKey_DecodeAsn1)
+# define RTCrRsaDigestInfo_Compare                      RT_MANGLER(RTCrRsaDigestInfo_Compare)
+# define RTCrRsaDigestInfo_Delete                       RT_MANGLER(RTCrRsaDigestInfo_Delete)
+# define RTCrRsaDigestInfo_Enum                         RT_MANGLER(RTCrRsaDigestInfo_Enum)
+# define RTCrRsaOtherPrimeInfo_Compare                  RT_MANGLER(RTCrRsaOtherPrimeInfo_Compare)
+# define RTCrRsaOtherPrimeInfo_Delete                   RT_MANGLER(RTCrRsaOtherPrimeInfo_Delete)
+# define RTCrRsaOtherPrimeInfo_Enum                     RT_MANGLER(RTCrRsaOtherPrimeInfo_Enum)
+# define RTCrRsaOtherPrimeInfos_Compare                 RT_MANGLER(RTCrRsaOtherPrimeInfos_Compare)
+# define RTCrRsaOtherPrimeInfos_Delete                  RT_MANGLER(RTCrRsaOtherPrimeInfos_Delete)
+# define RTCrRsaOtherPrimeInfos_Enum                    RT_MANGLER(RTCrRsaOtherPrimeInfos_Enum)
+# define RTCrRsaPrivateKey_Compare                      RT_MANGLER(RTCrRsaPrivateKey_Compare)
+# define RTCrRsaPrivateKey_Delete                       RT_MANGLER(RTCrRsaPrivateKey_Delete)
+# define RTCrRsaPrivateKey_Enum                         RT_MANGLER(RTCrRsaPrivateKey_Enum)
+# define RTCrRsaPublicKey_Compare                       RT_MANGLER(RTCrRsaPublicKey_Compare)
+# define RTCrRsaPublicKey_Delete                        RT_MANGLER(RTCrRsaPublicKey_Delete)
+# define RTCrRsaPublicKey_Enum                          RT_MANGLER(RTCrRsaPublicKey_Enum)
+# define RTCrRsaDigestInfo_Clone                        RT_MANGLER(RTCrRsaDigestInfo_Clone)
+# define RTCrRsaDigestInfo_Init                         RT_MANGLER(RTCrRsaDigestInfo_Init)
+# define RTCrRsaOtherPrimeInfo_Clone                    RT_MANGLER(RTCrRsaOtherPrimeInfo_Clone)
+# define RTCrRsaOtherPrimeInfo_Init                     RT_MANGLER(RTCrRsaOtherPrimeInfo_Init)
+# define RTCrRsaOtherPrimeInfos_Clone                   RT_MANGLER(RTCrRsaOtherPrimeInfos_Clone)
+# define RTCrRsaOtherPrimeInfos_Init                    RT_MANGLER(RTCrRsaOtherPrimeInfos_Init)
+# define RTCrRsaPrivateKey_Clone                        RT_MANGLER(RTCrRsaPrivateKey_Clone)
+# define RTCrRsaPrivateKey_Init                         RT_MANGLER(RTCrRsaPrivateKey_Init)
+# define RTCrRsaPublicKey_Clone                         RT_MANGLER(RTCrRsaPublicKey_Clone)
+# define RTCrRsaPublicKey_Init                          RT_MANGLER(RTCrRsaPublicKey_Init)
+# define RTCrRsaDigestInfo_CheckSanity                  RT_MANGLER(RTCrRsaDigestInfo_CheckSanity)
+# define RTCrRsaOtherPrimeInfo_CheckSanity              RT_MANGLER(RTCrRsaOtherPrimeInfo_CheckSanity)
+# define RTCrRsaOtherPrimeInfos_CheckSanity             RT_MANGLER(RTCrRsaOtherPrimeInfos_CheckSanity)
+# define RTCrRsaPrivateKey_CheckSanity                  RT_MANGLER(RTCrRsaPrivateKey_CheckSanity)
+# define RTCrRsaPublicKey_CheckSanity                   RT_MANGLER(RTCrRsaPublicKey_CheckSanity)
+# define RTCrPemFreeSections                            RT_MANGLER(RTCrPemFreeSections)
+# define RTCrPemReadFile                                RT_MANGLER(RTCrPemReadFile)
+# define RTCrPkcs7Attribute_DecodeAsn1                  RT_MANGLER(RTCrPkcs7Attribute_DecodeAsn1)
+# define RTCrPkcs7Attributes_DecodeAsn1                 RT_MANGLER(RTCrPkcs7Attributes_DecodeAsn1)
+# define RTCrPkcs7ContentInfo_DecodeAsn1                RT_MANGLER(RTCrPkcs7ContentInfo_DecodeAsn1)
+# define RTCrPkcs7DigestInfo_DecodeAsn1                 RT_MANGLER(RTCrPkcs7DigestInfo_DecodeAsn1)
+# define RTCrPkcs7IssuerAndSerialNumber_DecodeAsn1      RT_MANGLER(RTCrPkcs7IssuerAndSerialNumber_DecodeAsn1)
+# define RTCrPkcs7SignedData_DecodeAsn1                 RT_MANGLER(RTCrPkcs7SignedData_DecodeAsn1)
+# define RTCrPkcs7SignerInfo_DecodeAsn1                 RT_MANGLER(RTCrPkcs7SignerInfo_DecodeAsn1)
+# define RTCrPkcs7SignerInfos_DecodeAsn1                RT_MANGLER(RTCrPkcs7SignerInfos_DecodeAsn1)
+# define RTCrPkcs7Attribute_Compare                     RT_MANGLER(RTCrPkcs7Attribute_Compare)
+# define RTCrPkcs7Attribute_Delete                      RT_MANGLER(RTCrPkcs7Attribute_Delete)
+# define RTCrPkcs7Attribute_Enum                        RT_MANGLER(RTCrPkcs7Attribute_Enum)
+# define RTCrPkcs7Attributes_Compare                    RT_MANGLER(RTCrPkcs7Attributes_Compare)
+# define RTCrPkcs7Attributes_Delete                     RT_MANGLER(RTCrPkcs7Attributes_Delete)
+# define RTCrPkcs7Attributes_Enum                       RT_MANGLER(RTCrPkcs7Attributes_Enum)
+# define RTCrPkcs7ContentInfo_Compare                   RT_MANGLER(RTCrPkcs7ContentInfo_Compare)
+# define RTCrPkcs7ContentInfo_Delete                    RT_MANGLER(RTCrPkcs7ContentInfo_Delete)
+# define RTCrPkcs7ContentInfo_Enum                      RT_MANGLER(RTCrPkcs7ContentInfo_Enum)
+# define RTCrPkcs7ContentInfo_IsSignedData              RT_MANGLER(RTCrPkcs7ContentInfo_IsSignedData)
+# define RTCrPkcs7DigestInfo_Compare                    RT_MANGLER(RTCrPkcs7DigestInfo_Compare)
+# define RTCrPkcs7DigestInfo_Delete                     RT_MANGLER(RTCrPkcs7DigestInfo_Delete)
+# define RTCrPkcs7DigestInfo_Enum                       RT_MANGLER(RTCrPkcs7DigestInfo_Enum)
+# define RTCrPkcs7IssuerAndSerialNumber_Compare         RT_MANGLER(RTCrPkcs7IssuerAndSerialNumber_Compare)
+# define RTCrPkcs7IssuerAndSerialNumber_Delete          RT_MANGLER(RTCrPkcs7IssuerAndSerialNumber_Delete)
+# define RTCrPkcs7IssuerAndSerialNumber_Enum            RT_MANGLER(RTCrPkcs7IssuerAndSerialNumber_Enum)
+# define RTCrPkcs7SignedData_Compare                    RT_MANGLER(RTCrPkcs7SignedData_Compare)
+# define RTCrPkcs7SignedData_Delete                     RT_MANGLER(RTCrPkcs7SignedData_Delete)
+# define RTCrPkcs7SignedData_Enum                       RT_MANGLER(RTCrPkcs7SignedData_Enum)
+# define RTCrPkcs7SignerInfo_Compare                    RT_MANGLER(RTCrPkcs7SignerInfo_Compare)
+# define RTCrPkcs7SignerInfo_Delete                     RT_MANGLER(RTCrPkcs7SignerInfo_Delete)
+# define RTCrPkcs7SignerInfo_Enum                       RT_MANGLER(RTCrPkcs7SignerInfo_Enum)
+# define RTCrPkcs7SignerInfos_Compare                   RT_MANGLER(RTCrPkcs7SignerInfos_Compare)
+# define RTCrPkcs7SignerInfos_Delete                    RT_MANGLER(RTCrPkcs7SignerInfos_Delete)
+# define RTCrPkcs7SignerInfos_Enum                      RT_MANGLER(RTCrPkcs7SignerInfos_Enum)
+# define RTCrPkcs7Attribute_Clone                       RT_MANGLER(RTCrPkcs7Attribute_Clone)
+# define RTCrPkcs7Attribute_Init                        RT_MANGLER(RTCrPkcs7Attribute_Init)
+# define RTCrPkcs7Attributes_Clone                      RT_MANGLER(RTCrPkcs7Attributes_Clone)
+# define RTCrPkcs7Attributes_Init                       RT_MANGLER(RTCrPkcs7Attributes_Init)
+# define RTCrPkcs7ContentInfo_Clone                     RT_MANGLER(RTCrPkcs7ContentInfo_Clone)
+# define RTCrPkcs7ContentInfo_Init                      RT_MANGLER(RTCrPkcs7ContentInfo_Init)
+# define RTCrPkcs7DigestInfo_Clone                      RT_MANGLER(RTCrPkcs7DigestInfo_Clone)
+# define RTCrPkcs7DigestInfo_Init                       RT_MANGLER(RTCrPkcs7DigestInfo_Init)
+# define RTCrPkcs7IssuerAndSerialNumber_Clone           RT_MANGLER(RTCrPkcs7IssuerAndSerialNumber_Clone)
+# define RTCrPkcs7IssuerAndSerialNumber_Init            RT_MANGLER(RTCrPkcs7IssuerAndSerialNumber_Init)
+# define RTCrPkcs7SignedData_Clone                      RT_MANGLER(RTCrPkcs7SignedData_Clone)
+# define RTCrPkcs7SignedData_Init                       RT_MANGLER(RTCrPkcs7SignedData_Init)
+# define RTCrPkcs7SignerInfo_Clone                      RT_MANGLER(RTCrPkcs7SignerInfo_Clone)
+# define RTCrPkcs7SignerInfo_Init                       RT_MANGLER(RTCrPkcs7SignerInfo_Init)
+# define RTCrPkcs7SignerInfos_Clone                     RT_MANGLER(RTCrPkcs7SignerInfos_Clone)
+# define RTCrPkcs7SignerInfos_Init                      RT_MANGLER(RTCrPkcs7SignerInfos_Init)
+# define RTCrPkcs7Attribute_CheckSanity                 RT_MANGLER(RTCrPkcs7Attribute_CheckSanity)
+# define RTCrPkcs7Attributes_CheckSanity                RT_MANGLER(RTCrPkcs7Attributes_CheckSanity)
+# define RTCrPkcs7ContentInfo_CheckSanity               RT_MANGLER(RTCrPkcs7ContentInfo_CheckSanity)
+# define RTCrPkcs7DigestInfo_CheckSanity                RT_MANGLER(RTCrPkcs7DigestInfo_CheckSanity)
+# define RTCrPkcs7IssuerAndSerialNumber_CheckSanity     RT_MANGLER(RTCrPkcs7IssuerAndSerialNumber_CheckSanity)
+# define RTCrPkcs7SignedData_CheckSanity                RT_MANGLER(RTCrPkcs7SignedData_CheckSanity)
+# define RTCrPkcs7SignerInfo_CheckSanity                RT_MANGLER(RTCrPkcs7SignerInfo_CheckSanity)
+# define RTCrPkcs7SignerInfos_CheckSanity               RT_MANGLER(RTCrPkcs7SignerInfos_CheckSanity)
+# define RTCrPkcs7VerifyCertCallbackCodeSigning         RT_MANGLER(RTCrPkcs7VerifyCertCallbackCodeSigning)
+# define RTCrPkcs7VerifyCertCallbackDefault             RT_MANGLER(RTCrPkcs7VerifyCertCallbackDefault)
+# define RTCrPkcs7VerifySignedData                      RT_MANGLER(RTCrPkcs7VerifySignedData)
+# define RTCrPkixSignatureCreateByObjId                 RT_MANGLER(RTCrPkixSignatureCreateByObjId)
+# define RTCrPkixSignatureCreateByObjIdString           RT_MANGLER(RTCrPkixSignatureCreateByObjIdString)
+# define RTCrPkixSignatureCreate                        RT_MANGLER(RTCrPkixSignatureCreate)
+# define RTCrPkixSignatureRelease                       RT_MANGLER(RTCrPkixSignatureRelease)
+# define RTCrPkixSignatureRetain                        RT_MANGLER(RTCrPkixSignatureRetain)
+# define RTCrPkixSignatureSign                          RT_MANGLER(RTCrPkixSignatureSign)
+# define RTCrPkixSignatureVerify                        RT_MANGLER(RTCrPkixSignatureVerify)
+# define RTCrPkixSignatureVerifyBitString               RT_MANGLER(RTCrPkixSignatureVerifyBitString)
+# define RTCrPkixSignatureVerifyOctetString             RT_MANGLER(RTCrPkixSignatureVerifyOctetString)
+# define RTCrPkixGetCiperOidFromSignatureAlgorithm      RT_MANGLER(RTCrPkixGetCiperOidFromSignatureAlgorithm)
+# define RTCrPkixPubKeyVerifySignature                  RT_MANGLER(RTCrPkixPubKeyVerifySignature)
+# define RTCrSpcAttributeTypeAndOptionalValue_DecodeAsn1 RT_MANGLER(RTCrSpcAttributeTypeAndOptionalValue_DecodeAsn1)
+# define RTCrSpcIndirectDataContent_DecodeAsn1          RT_MANGLER(RTCrSpcIndirectDataContent_DecodeAsn1)
+# define RTCrSpcLink_DecodeAsn1                         RT_MANGLER(RTCrSpcLink_DecodeAsn1)
+# define RTCrSpcPeImageData_DecodeAsn1                  RT_MANGLER(RTCrSpcPeImageData_DecodeAsn1)
+# define RTCrSpcSerializedObjectAttribute_DecodeAsn1    RT_MANGLER(RTCrSpcSerializedObjectAttribute_DecodeAsn1)
+# define RTCrSpcSerializedObjectAttributes_DecodeAsn1   RT_MANGLER(RTCrSpcSerializedObjectAttributes_DecodeAsn1)
+# define RTCrSpcSerializedObject_DecodeAsn1             RT_MANGLER(RTCrSpcSerializedObject_DecodeAsn1)
+# define RTCrSpcSerializedPageHashesV2_DecodeAsn1       RT_MANGLER(RTCrSpcSerializedPageHashesV2_DecodeAsn1)
+# define RTCrSpcString_DecodeAsn1                       RT_MANGLER(RTCrSpcString_DecodeAsn1)
+# define RTCrSpcAttributeTypeAndOptionalValue_Compare   RT_MANGLER(RTCrSpcAttributeTypeAndOptionalValue_Compare)
+# define RTCrSpcAttributeTypeAndOptionalValue_Delete    RT_MANGLER(RTCrSpcAttributeTypeAndOptionalValue_Delete)
+# define RTCrSpcAttributeTypeAndOptionalValue_Enum      RT_MANGLER(RTCrSpcAttributeTypeAndOptionalValue_Enum)
+# define RTCrSpcIndirectDataContent_Compare             RT_MANGLER(RTCrSpcIndirectDataContent_Compare)
+# define RTCrSpcIndirectDataContent_Delete              RT_MANGLER(RTCrSpcIndirectDataContent_Delete)
+# define RTCrSpcIndirectDataContent_Enum                RT_MANGLER(RTCrSpcIndirectDataContent_Enum)
+# define RTCrSpcIndirectDataContent_GetPeImageHashesV2  RT_MANGLER(RTCrSpcIndirectDataContent_GetPeImageHashesV2)
+# define RTCrSpcLink_Compare                            RT_MANGLER(RTCrSpcLink_Compare)
+# define RTCrSpcLink_Delete                             RT_MANGLER(RTCrSpcLink_Delete)
+# define RTCrSpcLink_Enum                               RT_MANGLER(RTCrSpcLink_Enum)
+# define RTCrSpcPeImageData_Compare                     RT_MANGLER(RTCrSpcPeImageData_Compare)
+# define RTCrSpcPeImageData_Delete                      RT_MANGLER(RTCrSpcPeImageData_Delete)
+# define RTCrSpcPeImageData_Enum                        RT_MANGLER(RTCrSpcPeImageData_Enum)
+# define RTCrSpcSerializedObjectAttribute_Compare       RT_MANGLER(RTCrSpcSerializedObjectAttribute_Compare)
+# define RTCrSpcSerializedObjectAttribute_Delete        RT_MANGLER(RTCrSpcSerializedObjectAttribute_Delete)
+# define RTCrSpcSerializedObjectAttribute_Enum          RT_MANGLER(RTCrSpcSerializedObjectAttribute_Enum)
+# define RTCrSpcSerializedObjectAttributes_Compare      RT_MANGLER(RTCrSpcSerializedObjectAttributes_Compare)
+# define RTCrSpcSerializedObjectAttributes_Delete       RT_MANGLER(RTCrSpcSerializedObjectAttributes_Delete)
+# define RTCrSpcSerializedObjectAttributes_Enum         RT_MANGLER(RTCrSpcSerializedObjectAttributes_Enum)
+# define RTCrSpcSerializedObject_Compare                RT_MANGLER(RTCrSpcSerializedObject_Compare)
+# define RTCrSpcSerializedObject_Delete                 RT_MANGLER(RTCrSpcSerializedObject_Delete)
+# define RTCrSpcSerializedObject_Enum                   RT_MANGLER(RTCrSpcSerializedObject_Enum)
+# define RTCrSpcSerializedPageHashesV2_Compare          RT_MANGLER(RTCrSpcSerializedPageHashesV2_Compare)
+# define RTCrSpcSerializedPageHashesV2_Delete           RT_MANGLER(RTCrSpcSerializedPageHashesV2_Delete)
+# define RTCrSpcSerializedPageHashesV2_Enum             RT_MANGLER(RTCrSpcSerializedPageHashesV2_Enum)
+# define RTCrSpcSerializedPageHashesV2_UpdateDerivedData RT_MANGLER(RTCrSpcSerializedPageHashesV2_UpdateDerivedData)
+# define RTCrSpcString_Compare                          RT_MANGLER(RTCrSpcString_Compare)
+# define RTCrSpcString_Delete                           RT_MANGLER(RTCrSpcString_Delete)
+# define RTCrSpcString_Enum                             RT_MANGLER(RTCrSpcString_Enum)
+# define RTCrSpcAttributeTypeAndOptionalValue_Clone     RT_MANGLER(RTCrSpcAttributeTypeAndOptionalValue_Clone)
+# define RTCrSpcAttributeTypeAndOptionalValue_Init      RT_MANGLER(RTCrSpcAttributeTypeAndOptionalValue_Init)
+# define RTCrSpcIndirectDataContent_Clone               RT_MANGLER(RTCrSpcIndirectDataContent_Clone)
+# define RTCrSpcIndirectDataContent_Init                RT_MANGLER(RTCrSpcIndirectDataContent_Init)
+# define RTCrSpcLink_Clone                              RT_MANGLER(RTCrSpcLink_Clone)
+# define RTCrSpcLink_Init                               RT_MANGLER(RTCrSpcLink_Init)
+# define RTCrSpcPeImageData_Clone                       RT_MANGLER(RTCrSpcPeImageData_Clone)
+# define RTCrSpcPeImageData_Init                        RT_MANGLER(RTCrSpcPeImageData_Init)
+# define RTCrSpcSerializedObjectAttribute_Clone         RT_MANGLER(RTCrSpcSerializedObjectAttribute_Clone)
+# define RTCrSpcSerializedObjectAttribute_Init          RT_MANGLER(RTCrSpcSerializedObjectAttribute_Init)
+# define RTCrSpcSerializedObjectAttributes_Clone        RT_MANGLER(RTCrSpcSerializedObjectAttributes_Clone)
+# define RTCrSpcSerializedObjectAttributes_Init         RT_MANGLER(RTCrSpcSerializedObjectAttributes_Init)
+# define RTCrSpcSerializedObject_Clone                  RT_MANGLER(RTCrSpcSerializedObject_Clone)
+# define RTCrSpcSerializedObject_Init                   RT_MANGLER(RTCrSpcSerializedObject_Init)
+# define RTCrSpcSerializedPageHashesV2_Clone            RT_MANGLER(RTCrSpcSerializedPageHashesV2_Clone)
+# define RTCrSpcSerializedPageHashesV2_Init             RT_MANGLER(RTCrSpcSerializedPageHashesV2_Init)
+# define RTCrSpcString_Clone                            RT_MANGLER(RTCrSpcString_Clone)
+# define RTCrSpcString_Init                             RT_MANGLER(RTCrSpcString_Init)
+# define RTCrSpcAttributeTypeAndOptionalValue_CheckSanity RT_MANGLER(RTCrSpcAttributeTypeAndOptionalValue_CheckSanity)
+# define RTCrSpcIndirectDataContent_CheckSanity         RT_MANGLER(RTCrSpcIndirectDataContent_CheckSanity)
+# define RTCrSpcIndirectDataContent_CheckSanityEx       RT_MANGLER(RTCrSpcIndirectDataContent_CheckSanityEx)
+# define RTCrSpcLink_CheckSanity                        RT_MANGLER(RTCrSpcLink_CheckSanity)
+# define RTCrSpcPeImageData_CheckSanity                 RT_MANGLER(RTCrSpcPeImageData_CheckSanity)
+# define RTCrSpcSerializedObjectAttribute_CheckSanity   RT_MANGLER(RTCrSpcSerializedObjectAttribute_CheckSanity)
+# define RTCrSpcSerializedObjectAttributes_CheckSanity  RT_MANGLER(RTCrSpcSerializedObjectAttributes_CheckSanity)
+# define RTCrSpcSerializedObject_CheckSanity            RT_MANGLER(RTCrSpcSerializedObject_CheckSanity)
+# define RTCrSpcSerializedPageHashesV2_CheckSanity      RT_MANGLER(RTCrSpcSerializedPageHashesV2_CheckSanity)
+# define RTCrSpcString_CheckSanity                      RT_MANGLER(RTCrSpcString_CheckSanity)
+# define RTCrX509AlgorithmIdentifier_DecodeAsn1         RT_MANGLER(RTCrX509AlgorithmIdentifier_DecodeAsn1)
+# define RTCrX509AlgorithmIdentifiers_DecodeAsn1        RT_MANGLER(RTCrX509AlgorithmIdentifiers_DecodeAsn1)
+# define RTCrX509AttributeTypeAndValue_DecodeAsn1       RT_MANGLER(RTCrX509AttributeTypeAndValue_DecodeAsn1)
+# define RTCrX509AttributeTypeAndValues_DecodeAsn1      RT_MANGLER(RTCrX509AttributeTypeAndValues_DecodeAsn1)
+# define RTCrX509AuthorityKeyIdentifier_DecodeAsn1      RT_MANGLER(RTCrX509AuthorityKeyIdentifier_DecodeAsn1)
+# define RTCrX509BasicConstraints_DecodeAsn1            RT_MANGLER(RTCrX509BasicConstraints_DecodeAsn1)
+# define RTCrX509CertificatePolicies_DecodeAsn1         RT_MANGLER(RTCrX509CertificatePolicies_DecodeAsn1)
+# define RTCrX509Certificate_DecodeAsn1                 RT_MANGLER(RTCrX509Certificate_DecodeAsn1)
+# define RTCrX509Certificates_DecodeAsn1                RT_MANGLER(RTCrX509Certificates_DecodeAsn1)
+# define RTCrX509Extension_DecodeAsn1                   RT_MANGLER(RTCrX509Extension_DecodeAsn1)
+# define RTCrX509Extension_ExtnValue_DecodeAsn1         RT_MANGLER(RTCrX509Extension_ExtnValue_DecodeAsn1)
+# define RTCrX509Extensions_DecodeAsn1                  RT_MANGLER(RTCrX509Extensions_DecodeAsn1)
+# define RTCrX509GeneralName_DecodeAsn1                 RT_MANGLER(RTCrX509GeneralName_DecodeAsn1)
+# define RTCrX509GeneralNames_DecodeAsn1                RT_MANGLER(RTCrX509GeneralNames_DecodeAsn1)
+# define RTCrX509GeneralSubtree_DecodeAsn1              RT_MANGLER(RTCrX509GeneralSubtree_DecodeAsn1)
+# define RTCrX509GeneralSubtrees_DecodeAsn1             RT_MANGLER(RTCrX509GeneralSubtrees_DecodeAsn1)
+# define RTCrX509NameConstraints_DecodeAsn1             RT_MANGLER(RTCrX509NameConstraints_DecodeAsn1)
+# define RTCrX509Name_DecodeAsn1                        RT_MANGLER(RTCrX509Name_DecodeAsn1)
+# define RTCrX509OldAuthorityKeyIdentifier_DecodeAsn1   RT_MANGLER(RTCrX509OldAuthorityKeyIdentifier_DecodeAsn1)
+# define RTCrX509PolicyConstraints_DecodeAsn1           RT_MANGLER(RTCrX509PolicyConstraints_DecodeAsn1)
+# define RTCrX509PolicyInformation_DecodeAsn1           RT_MANGLER(RTCrX509PolicyInformation_DecodeAsn1)
+# define RTCrX509PolicyMapping_DecodeAsn1               RT_MANGLER(RTCrX509PolicyMapping_DecodeAsn1)
+# define RTCrX509PolicyMappings_DecodeAsn1              RT_MANGLER(RTCrX509PolicyMappings_DecodeAsn1)
+# define RTCrX509PolicyQualifierInfo_DecodeAsn1         RT_MANGLER(RTCrX509PolicyQualifierInfo_DecodeAsn1)
+# define RTCrX509PolicyQualifierInfos_DecodeAsn1        RT_MANGLER(RTCrX509PolicyQualifierInfos_DecodeAsn1)
+# define RTCrX509SubjectPublicKeyInfo_DecodeAsn1        RT_MANGLER(RTCrX509SubjectPublicKeyInfo_DecodeAsn1)
+# define RTCrX509TbsCertificate_DecodeAsn1              RT_MANGLER(RTCrX509TbsCertificate_DecodeAsn1)
+# define RTCrX509Validity_DecodeAsn1                    RT_MANGLER(RTCrX509Validity_DecodeAsn1)
+# define RTCrX509CertPathsBuild                         RT_MANGLER(RTCrX509CertPathsBuild)
+# define RTCrX509CertPathsCreate                        RT_MANGLER(RTCrX509CertPathsCreate)
+# define RTCrX509CertPathsCreateEx                      RT_MANGLER(RTCrX509CertPathsCreateEx)
+# define RTCrX509CertPathsDumpAll                       RT_MANGLER(RTCrX509CertPathsDumpAll)
+# define RTCrX509CertPathsDumpOne                       RT_MANGLER(RTCrX509CertPathsDumpOne)
+# define RTCrX509CertPathsGetPathCount                  RT_MANGLER(RTCrX509CertPathsGetPathCount)
+# define RTCrX509CertPathsGetPathLength                 RT_MANGLER(RTCrX509CertPathsGetPathLength)
+# define RTCrX509CertPathsGetPathNodeCert               RT_MANGLER(RTCrX509CertPathsGetPathNodeCert)
+# define RTCrX509CertPathsGetPathVerifyResult           RT_MANGLER(RTCrX509CertPathsGetPathVerifyResult)
+# define RTCrX509CertPathsQueryPathInfo                 RT_MANGLER(RTCrX509CertPathsQueryPathInfo)
+# define RTCrX509CertPathsRelease                       RT_MANGLER(RTCrX509CertPathsRelease)
+# define RTCrX509CertPathsRetain                        RT_MANGLER(RTCrX509CertPathsRetain)
+# define RTCrX509CertPathsSetTrustedStore               RT_MANGLER(RTCrX509CertPathsSetTrustedStore)
+# define RTCrX509CertPathsSetUntrustedArray             RT_MANGLER(RTCrX509CertPathsSetUntrustedArray)
+# define RTCrX509CertPathsSetUntrustedStore             RT_MANGLER(RTCrX509CertPathsSetUntrustedStore)
+# define RTCrX509CertPathsSetValidTime                  RT_MANGLER(RTCrX509CertPathsSetValidTime)
+# define RTCrX509CertPathsSetValidTimeSpec              RT_MANGLER(RTCrX509CertPathsSetValidTimeSpec)
+# define RTCrX509CertPathsValidateAll                   RT_MANGLER(RTCrX509CertPathsValidateAll)
+# define RTCrX509CertPathsValidateOne                   RT_MANGLER(RTCrX509CertPathsValidateOne)
+# define RTCrX509AlgorithmIdentifier_Compare            RT_MANGLER(RTCrX509AlgorithmIdentifier_Compare)
+# define RTCrX509AlgorithmIdentifier_CompareDigestAndEncryptedDigest RT_MANGLER(RTCrX509AlgorithmIdentifier_CompareDigestAndEncryptedDigest)
+# define RTCrX509AlgorithmIdentifier_CompareWithString  RT_MANGLER(RTCrX509AlgorithmIdentifier_CompareWithString)
+# define RTCrX509AlgorithmIdentifier_Delete             RT_MANGLER(RTCrX509AlgorithmIdentifier_Delete)
+# define RTCrX509AlgorithmIdentifier_Enum               RT_MANGLER(RTCrX509AlgorithmIdentifier_Enum)
+# define RTCrX509AlgorithmIdentifier_QueryDigestSize    RT_MANGLER(RTCrX509AlgorithmIdentifier_QueryDigestSize)
+# define RTCrX509AlgorithmIdentifier_QueryDigestType    RT_MANGLER(RTCrX509AlgorithmIdentifier_QueryDigestType)
+# define RTCrX509AlgorithmIdentifiers_Compare           RT_MANGLER(RTCrX509AlgorithmIdentifiers_Compare)
+# define RTCrX509AlgorithmIdentifiers_Delete            RT_MANGLER(RTCrX509AlgorithmIdentifiers_Delete)
+# define RTCrX509AlgorithmIdentifiers_Enum              RT_MANGLER(RTCrX509AlgorithmIdentifiers_Enum)
+# define RTCrX509AttributeTypeAndValue_Compare          RT_MANGLER(RTCrX509AttributeTypeAndValue_Compare)
+# define RTCrX509AttributeTypeAndValue_Delete           RT_MANGLER(RTCrX509AttributeTypeAndValue_Delete)
+# define RTCrX509AttributeTypeAndValue_Enum             RT_MANGLER(RTCrX509AttributeTypeAndValue_Enum)
+# define RTCrX509AttributeTypeAndValues_Compare         RT_MANGLER(RTCrX509AttributeTypeAndValues_Compare)
+# define RTCrX509AttributeTypeAndValues_Delete          RT_MANGLER(RTCrX509AttributeTypeAndValues_Delete)
+# define RTCrX509AttributeTypeAndValues_Enum            RT_MANGLER(RTCrX509AttributeTypeAndValues_Enum)
+# define RTCrX509AuthorityKeyIdentifier_Compare         RT_MANGLER(RTCrX509AuthorityKeyIdentifier_Compare)
+# define RTCrX509AuthorityKeyIdentifier_Delete          RT_MANGLER(RTCrX509AuthorityKeyIdentifier_Delete)
+# define RTCrX509AuthorityKeyIdentifier_Enum            RT_MANGLER(RTCrX509AuthorityKeyIdentifier_Enum)
+# define RTCrX509BasicConstraints_Compare               RT_MANGLER(RTCrX509BasicConstraints_Compare)
+# define RTCrX509BasicConstraints_Delete                RT_MANGLER(RTCrX509BasicConstraints_Delete)
+# define RTCrX509BasicConstraints_Enum                  RT_MANGLER(RTCrX509BasicConstraints_Enum)
+# define RTCrX509CertificatePolicies_Compare            RT_MANGLER(RTCrX509CertificatePolicies_Compare)
+# define RTCrX509CertificatePolicies_Delete             RT_MANGLER(RTCrX509CertificatePolicies_Delete)
+# define RTCrX509CertificatePolicies_Enum               RT_MANGLER(RTCrX509CertificatePolicies_Enum)
+# define RTCrX509Certificate_Compare                    RT_MANGLER(RTCrX509Certificate_Compare)
+# define RTCrX509Certificate_Delete                     RT_MANGLER(RTCrX509Certificate_Delete)
+# define RTCrX509Certificate_Enum                       RT_MANGLER(RTCrX509Certificate_Enum)
+# define RTCrX509Certificate_IsSelfSigned               RT_MANGLER(RTCrX509Certificate_IsSelfSigned)
+# define RTCrX509Certificate_MatchIssuerAndSerialNumber RT_MANGLER(RTCrX509Certificate_MatchIssuerAndSerialNumber)
+# define RTCrX509Certificate_MatchSubjectOrAltSubjectByRfc5280 RT_MANGLER(RTCrX509Certificate_MatchSubjectOrAltSubjectByRfc5280)
+# define RTCrX509Certificates_Compare                   RT_MANGLER(RTCrX509Certificates_Compare)
+# define RTCrX509Certificates_Delete                    RT_MANGLER(RTCrX509Certificates_Delete)
+# define RTCrX509Certificates_Enum                      RT_MANGLER(RTCrX509Certificates_Enum)
+# define RTCrX509Certificates_FindByIssuerAndSerialNumber RT_MANGLER(RTCrX509Certificates_FindByIssuerAndSerialNumber)
+# define RTCrX509Extension_Compare                      RT_MANGLER(RTCrX509Extension_Compare)
+# define RTCrX509Extension_Delete                       RT_MANGLER(RTCrX509Extension_Delete)
+# define RTCrX509Extension_Enum                         RT_MANGLER(RTCrX509Extension_Enum)
+# define RTCrX509Extensions_Compare                     RT_MANGLER(RTCrX509Extensions_Compare)
+# define RTCrX509Extensions_Delete                      RT_MANGLER(RTCrX509Extensions_Delete)
+# define RTCrX509Extensions_Enum                        RT_MANGLER(RTCrX509Extensions_Enum)
+# define RTCrX509GeneralName_Compare                    RT_MANGLER(RTCrX509GeneralName_Compare)
+# define RTCrX509GeneralName_ConstraintMatch            RT_MANGLER(RTCrX509GeneralName_ConstraintMatch)
+# define RTCrX509GeneralName_Delete                     RT_MANGLER(RTCrX509GeneralName_Delete)
+# define RTCrX509GeneralName_Enum                       RT_MANGLER(RTCrX509GeneralName_Enum)
+# define RTCrX509GeneralNames_Compare                   RT_MANGLER(RTCrX509GeneralNames_Compare)
+# define RTCrX509GeneralNames_Delete                    RT_MANGLER(RTCrX509GeneralNames_Delete)
+# define RTCrX509GeneralNames_Enum                      RT_MANGLER(RTCrX509GeneralNames_Enum)
+# define RTCrX509GeneralSubtree_Compare                 RT_MANGLER(RTCrX509GeneralSubtree_Compare)
+# define RTCrX509GeneralSubtree_ConstraintMatch         RT_MANGLER(RTCrX509GeneralSubtree_ConstraintMatch)
+# define RTCrX509GeneralSubtree_Delete                  RT_MANGLER(RTCrX509GeneralSubtree_Delete)
+# define RTCrX509GeneralSubtree_Enum                    RT_MANGLER(RTCrX509GeneralSubtree_Enum)
+# define RTCrX509GeneralSubtrees_Compare                RT_MANGLER(RTCrX509GeneralSubtrees_Compare)
+# define RTCrX509GeneralSubtrees_Delete                 RT_MANGLER(RTCrX509GeneralSubtrees_Delete)
+# define RTCrX509GeneralSubtrees_Enum                   RT_MANGLER(RTCrX509GeneralSubtrees_Enum)
+# define RTCrX509NameConstraints_Compare                RT_MANGLER(RTCrX509NameConstraints_Compare)
+# define RTCrX509NameConstraints_Delete                 RT_MANGLER(RTCrX509NameConstraints_Delete)
+# define RTCrX509NameConstraints_Enum                   RT_MANGLER(RTCrX509NameConstraints_Enum)
+# define RTCrX509Name_Compare                           RT_MANGLER(RTCrX509Name_Compare)
+# define RTCrX509Name_ConstraintMatch                   RT_MANGLER(RTCrX509Name_ConstraintMatch)
+# define RTCrX509Name_Delete                            RT_MANGLER(RTCrX509Name_Delete)
+# define RTCrX509Name_Enum                              RT_MANGLER(RTCrX509Name_Enum)
+# define RTCrX509Name_FormatAsString                    RT_MANGLER(RTCrX509Name_FormatAsString)
+# define RTCrX509Name_MatchByRfc5280                    RT_MANGLER(RTCrX509Name_MatchByRfc5280)
+# define RTCrX509Name_MatchWithString                   RT_MANGLER(RTCrX509Name_MatchWithString)
+# define RTCrX509OldAuthorityKeyIdentifier_Compare      RT_MANGLER(RTCrX509OldAuthorityKeyIdentifier_Compare)
+# define RTCrX509OldAuthorityKeyIdentifier_Delete       RT_MANGLER(RTCrX509OldAuthorityKeyIdentifier_Delete)
+# define RTCrX509OldAuthorityKeyIdentifier_Enum         RT_MANGLER(RTCrX509OldAuthorityKeyIdentifier_Enum)
+# define RTCrX509PolicyConstraints_Compare              RT_MANGLER(RTCrX509PolicyConstraints_Compare)
+# define RTCrX509PolicyConstraints_Delete               RT_MANGLER(RTCrX509PolicyConstraints_Delete)
+# define RTCrX509PolicyConstraints_Enum                 RT_MANGLER(RTCrX509PolicyConstraints_Enum)
+# define RTCrX509PolicyInformation_Compare              RT_MANGLER(RTCrX509PolicyInformation_Compare)
+# define RTCrX509PolicyInformation_Delete               RT_MANGLER(RTCrX509PolicyInformation_Delete)
+# define RTCrX509PolicyInformation_Enum                 RT_MANGLER(RTCrX509PolicyInformation_Enum)
+# define RTCrX509PolicyMapping_Compare                  RT_MANGLER(RTCrX509PolicyMapping_Compare)
+# define RTCrX509PolicyMapping_Delete                   RT_MANGLER(RTCrX509PolicyMapping_Delete)
+# define RTCrX509PolicyMapping_Enum                     RT_MANGLER(RTCrX509PolicyMapping_Enum)
+# define RTCrX509PolicyMappings_Compare                 RT_MANGLER(RTCrX509PolicyMappings_Compare)
+# define RTCrX509PolicyMappings_Delete                  RT_MANGLER(RTCrX509PolicyMappings_Delete)
+# define RTCrX509PolicyMappings_Enum                    RT_MANGLER(RTCrX509PolicyMappings_Enum)
+# define RTCrX509PolicyQualifierInfo_Compare            RT_MANGLER(RTCrX509PolicyQualifierInfo_Compare)
+# define RTCrX509PolicyQualifierInfo_Delete             RT_MANGLER(RTCrX509PolicyQualifierInfo_Delete)
+# define RTCrX509PolicyQualifierInfo_Enum               RT_MANGLER(RTCrX509PolicyQualifierInfo_Enum)
+# define RTCrX509PolicyQualifierInfos_Compare           RT_MANGLER(RTCrX509PolicyQualifierInfos_Compare)
+# define RTCrX509PolicyQualifierInfos_Delete            RT_MANGLER(RTCrX509PolicyQualifierInfos_Delete)
+# define RTCrX509PolicyQualifierInfos_Enum              RT_MANGLER(RTCrX509PolicyQualifierInfos_Enum)
+# define RTCrX509SubjectPublicKeyInfo_Compare           RT_MANGLER(RTCrX509SubjectPublicKeyInfo_Compare)
+# define RTCrX509SubjectPublicKeyInfo_Delete            RT_MANGLER(RTCrX509SubjectPublicKeyInfo_Delete)
+# define RTCrX509SubjectPublicKeyInfo_Enum              RT_MANGLER(RTCrX509SubjectPublicKeyInfo_Enum)
+# define RTCrX509TbsCertificate_Compare                 RT_MANGLER(RTCrX509TbsCertificate_Compare)
+# define RTCrX509TbsCertificate_Delete                  RT_MANGLER(RTCrX509TbsCertificate_Delete)
+# define RTCrX509TbsCertificate_Enum                    RT_MANGLER(RTCrX509TbsCertificate_Enum)
+# define RTCrX509TbsCertificate_ReprocessExtensions     RT_MANGLER(RTCrX509TbsCertificate_ReprocessExtensions)
+# define RTCrX509Validity_Compare                       RT_MANGLER(RTCrX509Validity_Compare)
+# define RTCrX509Validity_Delete                        RT_MANGLER(RTCrX509Validity_Delete)
+# define RTCrX509Validity_Enum                          RT_MANGLER(RTCrX509Validity_Enum)
+# define RTCrX509Validity_IsValidAtTimeSpec             RT_MANGLER(RTCrX509Validity_IsValidAtTimeSpec)
+# define RTCrX509Certificate_ReadFromFile               RT_MANGLER(RTCrX509Certificate_ReadFromFile)
+# define RTCrX509AlgorithmIdentifier_Clone              RT_MANGLER(RTCrX509AlgorithmIdentifier_Clone)
+# define RTCrX509AlgorithmIdentifier_Init               RT_MANGLER(RTCrX509AlgorithmIdentifier_Init)
+# define RTCrX509AlgorithmIdentifiers_Clone             RT_MANGLER(RTCrX509AlgorithmIdentifiers_Clone)
+# define RTCrX509AlgorithmIdentifiers_Init              RT_MANGLER(RTCrX509AlgorithmIdentifiers_Init)
+# define RTCrX509AttributeTypeAndValue_Clone            RT_MANGLER(RTCrX509AttributeTypeAndValue_Clone)
+# define RTCrX509AttributeTypeAndValue_Init             RT_MANGLER(RTCrX509AttributeTypeAndValue_Init)
+# define RTCrX509AttributeTypeAndValues_Clone           RT_MANGLER(RTCrX509AttributeTypeAndValues_Clone)
+# define RTCrX509AttributeTypeAndValues_Init            RT_MANGLER(RTCrX509AttributeTypeAndValues_Init)
+# define RTCrX509AuthorityKeyIdentifier_Clone           RT_MANGLER(RTCrX509AuthorityKeyIdentifier_Clone)
+# define RTCrX509AuthorityKeyIdentifier_Init            RT_MANGLER(RTCrX509AuthorityKeyIdentifier_Init)
+# define RTCrX509BasicConstraints_Clone                 RT_MANGLER(RTCrX509BasicConstraints_Clone)
+# define RTCrX509BasicConstraints_Init                  RT_MANGLER(RTCrX509BasicConstraints_Init)
+# define RTCrX509CertificatePolicies_Clone              RT_MANGLER(RTCrX509CertificatePolicies_Clone)
+# define RTCrX509CertificatePolicies_Init               RT_MANGLER(RTCrX509CertificatePolicies_Init)
+# define RTCrX509Certificate_Clone                      RT_MANGLER(RTCrX509Certificate_Clone)
+# define RTCrX509Certificate_Init                       RT_MANGLER(RTCrX509Certificate_Init)
+# define RTCrX509Certificates_Clone                     RT_MANGLER(RTCrX509Certificates_Clone)
+# define RTCrX509Certificates_Init                      RT_MANGLER(RTCrX509Certificates_Init)
+# define RTCrX509Extension_Clone                        RT_MANGLER(RTCrX509Extension_Clone)
+# define RTCrX509Extension_Init                         RT_MANGLER(RTCrX509Extension_Init)
+# define RTCrX509Extensions_Clone                       RT_MANGLER(RTCrX509Extensions_Clone)
+# define RTCrX509Extensions_Init                        RT_MANGLER(RTCrX509Extensions_Init)
+# define RTCrX509GeneralName_Clone                      RT_MANGLER(RTCrX509GeneralName_Clone)
+# define RTCrX509GeneralName_Init                       RT_MANGLER(RTCrX509GeneralName_Init)
+# define RTCrX509GeneralNames_Clone                     RT_MANGLER(RTCrX509GeneralNames_Clone)
+# define RTCrX509GeneralNames_Init                      RT_MANGLER(RTCrX509GeneralNames_Init)
+# define RTCrX509GeneralSubtree_Clone                   RT_MANGLER(RTCrX509GeneralSubtree_Clone)
+# define RTCrX509GeneralSubtree_Init                    RT_MANGLER(RTCrX509GeneralSubtree_Init)
+# define RTCrX509GeneralSubtrees_Clone                  RT_MANGLER(RTCrX509GeneralSubtrees_Clone)
+# define RTCrX509GeneralSubtrees_Init                   RT_MANGLER(RTCrX509GeneralSubtrees_Init)
+# define RTCrX509NameConstraints_Clone                  RT_MANGLER(RTCrX509NameConstraints_Clone)
+# define RTCrX509NameConstraints_Init                   RT_MANGLER(RTCrX509NameConstraints_Init)
+# define RTCrX509Name_Clone                             RT_MANGLER(RTCrX509Name_Clone)
+# define RTCrX509Name_Init                              RT_MANGLER(RTCrX509Name_Init)
+# define RTCrX509Name_RecodeAsUtf8                      RT_MANGLER(RTCrX509Name_RecodeAsUtf8)
+# define RTCrX509OldAuthorityKeyIdentifier_Clone        RT_MANGLER(RTCrX509OldAuthorityKeyIdentifier_Clone)
+# define RTCrX509OldAuthorityKeyIdentifier_Init         RT_MANGLER(RTCrX509OldAuthorityKeyIdentifier_Init)
+# define RTCrX509PolicyConstraints_Clone                RT_MANGLER(RTCrX509PolicyConstraints_Clone)
+# define RTCrX509PolicyConstraints_Init                 RT_MANGLER(RTCrX509PolicyConstraints_Init)
+# define RTCrX509PolicyInformation_Clone                RT_MANGLER(RTCrX509PolicyInformation_Clone)
+# define RTCrX509PolicyInformation_Init                 RT_MANGLER(RTCrX509PolicyInformation_Init)
+# define RTCrX509PolicyMapping_Clone                    RT_MANGLER(RTCrX509PolicyMapping_Clone)
+# define RTCrX509PolicyMapping_Init                     RT_MANGLER(RTCrX509PolicyMapping_Init)
+# define RTCrX509PolicyMappings_Clone                   RT_MANGLER(RTCrX509PolicyMappings_Clone)
+# define RTCrX509PolicyMappings_Init                    RT_MANGLER(RTCrX509PolicyMappings_Init)
+# define RTCrX509PolicyQualifierInfo_Clone              RT_MANGLER(RTCrX509PolicyQualifierInfo_Clone)
+# define RTCrX509PolicyQualifierInfo_Init               RT_MANGLER(RTCrX509PolicyQualifierInfo_Init)
+# define RTCrX509PolicyQualifierInfos_Clone             RT_MANGLER(RTCrX509PolicyQualifierInfos_Clone)
+# define RTCrX509PolicyQualifierInfos_Init              RT_MANGLER(RTCrX509PolicyQualifierInfos_Init)
+# define RTCrX509SubjectPublicKeyInfo_Clone             RT_MANGLER(RTCrX509SubjectPublicKeyInfo_Clone)
+# define RTCrX509SubjectPublicKeyInfo_Init              RT_MANGLER(RTCrX509SubjectPublicKeyInfo_Init)
+# define RTCrX509TbsCertificate_Clone                   RT_MANGLER(RTCrX509TbsCertificate_Clone)
+# define RTCrX509TbsCertificate_Init                    RT_MANGLER(RTCrX509TbsCertificate_Init)
+# define RTCrX509Validity_Clone                         RT_MANGLER(RTCrX509Validity_Clone)
+# define RTCrX509Validity_Init                          RT_MANGLER(RTCrX509Validity_Init)
+# define RTCrX509AlgorithmIdentifier_CheckSanity        RT_MANGLER(RTCrX509AlgorithmIdentifier_CheckSanity)
+# define RTCrX509AlgorithmIdentifiers_CheckSanity       RT_MANGLER(RTCrX509AlgorithmIdentifiers_CheckSanity)
+# define RTCrX509AttributeTypeAndValue_CheckSanity      RT_MANGLER(RTCrX509AttributeTypeAndValue_CheckSanity)
+# define RTCrX509AttributeTypeAndValues_CheckSanity     RT_MANGLER(RTCrX509AttributeTypeAndValues_CheckSanity)
+# define RTCrX509AuthorityKeyIdentifier_CheckSanity     RT_MANGLER(RTCrX509AuthorityKeyIdentifier_CheckSanity)
+# define RTCrX509BasicConstraints_CheckSanity           RT_MANGLER(RTCrX509BasicConstraints_CheckSanity)
+# define RTCrX509CertificatePolicies_CheckSanity        RT_MANGLER(RTCrX509CertificatePolicies_CheckSanity)
+# define RTCrX509Certificate_CheckSanity                RT_MANGLER(RTCrX509Certificate_CheckSanity)
+# define RTCrX509Certificates_CheckSanity               RT_MANGLER(RTCrX509Certificates_CheckSanity)
+# define RTCrX509Extension_CheckSanity                  RT_MANGLER(RTCrX509Extension_CheckSanity)
+# define RTCrX509Extensions_CheckSanity                 RT_MANGLER(RTCrX509Extensions_CheckSanity)
+# define RTCrX509GeneralName_CheckSanity                RT_MANGLER(RTCrX509GeneralName_CheckSanity)
+# define RTCrX509GeneralNames_CheckSanity               RT_MANGLER(RTCrX509GeneralNames_CheckSanity)
+# define RTCrX509GeneralSubtree_CheckSanity             RT_MANGLER(RTCrX509GeneralSubtree_CheckSanity)
+# define RTCrX509GeneralSubtrees_CheckSanity            RT_MANGLER(RTCrX509GeneralSubtrees_CheckSanity)
+# define RTCrX509NameConstraints_CheckSanity            RT_MANGLER(RTCrX509NameConstraints_CheckSanity)
+# define RTCrX509Name_CheckSanity                       RT_MANGLER(RTCrX509Name_CheckSanity)
+# define RTCrX509OldAuthorityKeyIdentifier_CheckSanity  RT_MANGLER(RTCrX509OldAuthorityKeyIdentifier_CheckSanity)
+# define RTCrX509PolicyConstraints_CheckSanity          RT_MANGLER(RTCrX509PolicyConstraints_CheckSanity)
+# define RTCrX509PolicyInformation_CheckSanity          RT_MANGLER(RTCrX509PolicyInformation_CheckSanity)
+# define RTCrX509PolicyMapping_CheckSanity              RT_MANGLER(RTCrX509PolicyMapping_CheckSanity)
+# define RTCrX509PolicyMappings_CheckSanity             RT_MANGLER(RTCrX509PolicyMappings_CheckSanity)
+# define RTCrX509PolicyQualifierInfo_CheckSanity        RT_MANGLER(RTCrX509PolicyQualifierInfo_CheckSanity)
+# define RTCrX509PolicyQualifierInfos_CheckSanity       RT_MANGLER(RTCrX509PolicyQualifierInfos_CheckSanity)
+# define RTCrX509SubjectPublicKeyInfo_CheckSanity       RT_MANGLER(RTCrX509SubjectPublicKeyInfo_CheckSanity)
+# define RTCrX509TbsCertificate_CheckSanity             RT_MANGLER(RTCrX509TbsCertificate_CheckSanity)
+# define RTCrX509Validity_CheckSanity                   RT_MANGLER(RTCrX509Validity_CheckSanity)
+# define RTCrX509Certificate_VerifySignature            RT_MANGLER(RTCrX509Certificate_VerifySignature)
+# define RTCrTafCertPathControls_DecodeAsn1             RT_MANGLER(RTCrTafCertPathControls_DecodeAsn1)
+# define RTCrTafTrustAnchorChoice_DecodeAsn1            RT_MANGLER(RTCrTafTrustAnchorChoice_DecodeAsn1)
+# define RTCrTafTrustAnchorInfo_DecodeAsn1              RT_MANGLER(RTCrTafTrustAnchorInfo_DecodeAsn1)
+# define RTCrTafTrustAnchorList_DecodeAsn1              RT_MANGLER(RTCrTafTrustAnchorList_DecodeAsn1)
+# define RTCrTafCertPathControls_Compare                RT_MANGLER(RTCrTafCertPathControls_Compare)
+# define RTCrTafCertPathControls_Delete                 RT_MANGLER(RTCrTafCertPathControls_Delete)
+# define RTCrTafCertPathControls_Enum                   RT_MANGLER(RTCrTafCertPathControls_Enum)
+# define RTCrTafTrustAnchorChoice_Compare               RT_MANGLER(RTCrTafTrustAnchorChoice_Compare)
+# define RTCrTafTrustAnchorChoice_Delete                RT_MANGLER(RTCrTafTrustAnchorChoice_Delete)
+# define RTCrTafTrustAnchorChoice_Enum                  RT_MANGLER(RTCrTafTrustAnchorChoice_Enum)
+# define RTCrTafTrustAnchorInfo_Compare                 RT_MANGLER(RTCrTafTrustAnchorInfo_Compare)
+# define RTCrTafTrustAnchorInfo_Delete                  RT_MANGLER(RTCrTafTrustAnchorInfo_Delete)
+# define RTCrTafTrustAnchorInfo_Enum                    RT_MANGLER(RTCrTafTrustAnchorInfo_Enum)
+# define RTCrTafTrustAnchorList_Compare                 RT_MANGLER(RTCrTafTrustAnchorList_Compare)
+# define RTCrTafTrustAnchorList_Delete                  RT_MANGLER(RTCrTafTrustAnchorList_Delete)
+# define RTCrTafTrustAnchorList_Enum                    RT_MANGLER(RTCrTafTrustAnchorList_Enum)
+# define RTCrTafCertPathControls_Clone                  RT_MANGLER(RTCrTafCertPathControls_Clone)
+# define RTCrTafCertPathControls_Init                   RT_MANGLER(RTCrTafCertPathControls_Init)
+# define RTCrTafTrustAnchorChoice_Clone                 RT_MANGLER(RTCrTafTrustAnchorChoice_Clone)
+# define RTCrTafTrustAnchorChoice_Init                  RT_MANGLER(RTCrTafTrustAnchorChoice_Init)
+# define RTCrTafTrustAnchorInfo_Clone                   RT_MANGLER(RTCrTafTrustAnchorInfo_Clone)
+# define RTCrTafTrustAnchorInfo_Init                    RT_MANGLER(RTCrTafTrustAnchorInfo_Init)
+# define RTCrTafTrustAnchorList_Clone                   RT_MANGLER(RTCrTafTrustAnchorList_Clone)
+# define RTCrTafTrustAnchorList_Init                    RT_MANGLER(RTCrTafTrustAnchorList_Init)
+# define RTCrTafCertPathControls_CheckSanity            RT_MANGLER(RTCrTafCertPathControls_CheckSanity)
+# define RTCrTafTrustAnchorChoice_CheckSanity           RT_MANGLER(RTCrTafTrustAnchorChoice_CheckSanity)
+# define RTCrTafTrustAnchorInfo_CheckSanity             RT_MANGLER(RTCrTafTrustAnchorInfo_CheckSanity)
+# define RTCrTafTrustAnchorList_CheckSanity             RT_MANGLER(RTCrTafTrustAnchorList_CheckSanity)
+# define RTCrCertCtxRelease                             RT_MANGLER(RTCrCertCtxRelease)
+# define RTCrCertCtxRetain                              RT_MANGLER(RTCrCertCtxRetain)
+# define RTCrStoreCertAddEncoded                        RT_MANGLER(RTCrStoreCertAddEncoded)
+# define RTCrStoreCertByIssuerAndSerialNo               RT_MANGLER(RTCrStoreCertByIssuerAndSerialNo)
+# define RTCrStoreCertFindAll                           RT_MANGLER(RTCrStoreCertFindAll)
+# define RTCrStoreCertFindBySubjectOrAltSubjectByRfc5280 RT_MANGLER(RTCrStoreCertFindBySubjectOrAltSubjectByRfc5280)
+# define RTCrStoreCertSearchDestroy                     RT_MANGLER(RTCrStoreCertSearchDestroy)
+# define RTCrStoreCertSearchNext                        RT_MANGLER(RTCrStoreCertSearchNext)
+# define RTCrStoreConvertToOpenSslCertStack             RT_MANGLER(RTCrStoreConvertToOpenSslCertStack)
+# define RTCrStoreConvertToOpenSslCertStore             RT_MANGLER(RTCrStoreConvertToOpenSslCertStore)
+# define RTCrStoreRelease                               RT_MANGLER(RTCrStoreRelease)
+# define RTCrStoreRetain                                RT_MANGLER(RTCrStoreRetain)
+# define RTCrStoreCreateInMem                           RT_MANGLER(RTCrStoreCreateInMem)
+# define RTCrStoreCertAddFromFile                       RT_MANGLER(RTCrStoreCertAddFromFile)
+# define RTErrInfoAdd                                   RT_MANGLER(RTErrInfoAdd)
+# define RTErrInfoAddF                                  RT_MANGLER(RTErrInfoAddF)
+# define RTErrInfoAddV                                  RT_MANGLER(RTErrInfoAddV)
+# define RTLdrHashImage                                 RT_MANGLER(RTLdrHashImage)
+# define RTLdrOpenWithReader                            RT_MANGLER(RTLdrOpenWithReader)
+# define RTLdrQueryPropEx                               RT_MANGLER(RTLdrQueryPropEx)
+# define RTLdrVerifySignature                           RT_MANGLER(RTLdrVerifySignature)
+# define RTBigNumAdd                                    RT_MANGLER(RTBigNumAdd)
+# define RTBigNumAssign                                 RT_MANGLER(RTBigNumAssign)
+# define RTBigNumBitWidth                               RT_MANGLER(RTBigNumBitWidth)
+# define RTBigNumByteWidth                              RT_MANGLER(RTBigNumByteWidth)
+# define RTBigNumClone                                  RT_MANGLER(RTBigNumClone)
+# define RTBigNumCompare                                RT_MANGLER(RTBigNumCompare)
+# define RTBigNumCompareWithS64                         RT_MANGLER(RTBigNumCompareWithS64)
+# define RTBigNumCompareWithU64                         RT_MANGLER(RTBigNumCompareWithU64)
+# define RTBigNumDestroy                                RT_MANGLER(RTBigNumDestroy)
+# define RTBigNumDivide                                 RT_MANGLER(RTBigNumDivide)
+# define RTBigNumExponentiate                           RT_MANGLER(RTBigNumExponentiate)
+# define RTBigNumInit                                   RT_MANGLER(RTBigNumInit)
+# define RTBigNumInitZero                               RT_MANGLER(RTBigNumInitZero)
+# define RTBigNumModExp                                 RT_MANGLER(RTBigNumModExp)
+# define RTBigNumModulo                                 RT_MANGLER(RTBigNumModulo)
+# define RTBigNumMultiply                               RT_MANGLER(RTBigNumMultiply)
+# define RTBigNumNegate                                 RT_MANGLER(RTBigNumNegate)
+# define RTBigNumNegateThis                             RT_MANGLER(RTBigNumNegateThis)
+# define RTBigNumSubtract                               RT_MANGLER(RTBigNumSubtract)
+# define RTBigNumToBytesBigEndian                       RT_MANGLER(RTBigNumToBytesBigEndian)
+# define RTUtf16Copy                                    RT_MANGLER(RTUtf16Copy)
+# define RTUtf16CopyAscii                               RT_MANGLER(RTUtf16CopyAscii)
+# define RTUtf16Cat                                     RT_MANGLER(RTUtf16Cat)
+# define RTUtf16CatAscii                                RT_MANGLER(RTUtf16CatAscii)
+# define RTUtf16End                                     RT_MANGLER(RTUtf16End)
+# define RTUtf16ICmpAscii                               RT_MANGLER(RTUtf16ICmpAscii)
+# define RTUtf16NLen                                    RT_MANGLER(RTUtf16NLen)
+# define RTUtf16NLenEx                                  RT_MANGLER(RTUtf16NLenEx)
+# define RTUtf16PrintHexBytes                           RT_MANGLER(RTUtf16PrintHexBytes)
+# define RTMemSaferAllocZExTag                          RT_MANGLER(RTMemSaferAllocZExTag)
+# define RTMemSaferAllocZTag                            RT_MANGLER(RTMemSaferAllocZTag)
+# define RTMemSaferFree                                 RT_MANGLER(RTMemSaferFree)
+# define RTMemSaferReallocZExTag                        RT_MANGLER(RTMemSaferReallocZExTag)
+# define RTMemSaferReallocZTag                          RT_MANGLER(RTMemSaferReallocZTag)
+# define RTMemSaferScramble                             RT_MANGLER(RTMemSaferScramble)
+# define RTMemSaferUnscramble                           RT_MANGLER(RTMemSaferUnscramble)
+# define RTErrConvertFromDarwin                         RT_MANGLER(RTErrConvertFromDarwin)
+# define RTErrConvertFromDarwinCOM                      RT_MANGLER(RTErrConvertFromDarwinCOM)
+# define RTErrConvertFromDarwinIO                       RT_MANGLER(RTErrConvertFromDarwinIO)
+# define RTErrConvertFromDarwinKern                     RT_MANGLER(RTErrConvertFromDarwinKern)
+# define RTErrConvertFromDarwin                         RT_MANGLER(RTErrConvertFromDarwin)
+# define RTErrConvertFromDarwinIO                       RT_MANGLER(RTErrConvertFromDarwinIO)
+# define RTErrConvertFromDarwinKern                     RT_MANGLER(RTErrConvertFromDarwinKern)
 /*
  * Stable variables (alphabetical order):
 …
 # define g_u32RTAssertLine                              RT_MANGLER(g_u32RTAssertLine)
+/* sort/merge into the above later: */
+# define g_RTAsn1Time_Vtable                            RT_MANGLER(g_RTAsn1Time_Vtable)
+# define g_RTAsn1String_Vtable                          RT_MANGLER(g_RTAsn1String_Vtable)
+# define g_RTAsn1OctetString_Vtable                     RT_MANGLER(g_RTAsn1OctetString_Vtable)
+# define g_RTAsn1ObjId_Vtable                           RT_MANGLER(g_RTAsn1ObjId_Vtable)
+# define g_RTAsn1Null_Vtable                            RT_MANGLER(g_RTAsn1Null_Vtable)
+# define g_RTAsn1Integer_Vtable                         RT_MANGLER(g_RTAsn1Integer_Vtable)
+# define g_RTAsn1Core_Vtable                            RT_MANGLER(g_RTAsn1Core_Vtable)
+# define g_RTAsn1Boolean_Vtable                         RT_MANGLER(g_RTAsn1Boolean_Vtable)
+# define g_RTAsn1BitString_Vtable                       RT_MANGLER(g_RTAsn1BitString_Vtable)
+# define g_RTAsn1DefaultAllocator                       RT_MANGLER(g_RTAsn1DefaultAllocator)

trunk/include/iprt/manifest.h

-              r48934
+              r51770
 /** @} */
-/** @name Digest types. */
-typedef enum RTDIGESTTYPE
+{
-    /** Invalid digest value.  */
-    RTDIGESTTYPE_INVALID = 0,
-    /** CRC32 checksum. */
-    RTDIGESTTYPE_CRC32,
-    /** CRC64 checksum. */
-    RTDIGESTTYPE_CRC64,
-    /** MD5 checksum (unsafe!). */
-    RTDIGESTTYPE_MD5,
-    /** SHA1 checksum (unsafe!). */
-    RTDIGESTTYPE_SHA1,
-    /** SHA256 checksum. */
-    RTDIGESTTYPE_SHA256,
-    /** SHA512 checksum. */
-    RTDIGESTTYPE_SHA512,
-    /** Usual 32-bit type blowup. */
-    RTDIGESTTYPE_32BIT_HACK = 0x7fffffff
-} RTDIGESTTYPE;
-/** @} */
 /**

trunk/include/iprt/nt/nt.h

-              r49150
+              r51770
 /*
  * Copyright (C) 2010-2013 Oracle Corporation
+ * Copyright (C) 2010-2014 Oracle Corporation
+ *
  * This file is part of VirtualBox Open Source Edition (OSE), as
 …
 #define ___iprt_nt_nt_h___
+/** @def IPRT_NT_MAP_TO_ZW
+ * Map Nt calls to Zw calls.  In ring-0 the Zw calls let you pass kernel memory
+ * to the APIs (takes care of the previous context checks).
+ */
+#ifdef DOXYGEN_RUNNING
+# define IPRT_NT_MAP_TO_ZW
+#endif
+#ifdef IPRT_NT_MAP_TO_ZW
+# define NtQueryInformationFile         ZwQueryInformationFile
+# define NtQueryInformationProcess      ZwQueryInformationProcess
+# define NtQueryInformationThread       ZwQueryInformationThread
+# define NtQuerySystemInformation       ZwQuerySystemInformation
+# define NtClose                        ZwClose
+# define NtCreateFile                   ZwCreateFile
+# define NtReadFile                     ZwReadFile
+# define NtWriteFile                    ZwWriteFile
+/** @todo this is very incomplete! */
+#endif
 #include <ntstatus.h>
+/*
+ * Hacks common to both base header sets.
+ */
+#define NtQueryObject              Incomplete_NtQueryObject
+#define ZwQueryObject              Incomplete_ZwQueryObject
+#define NtSetInformationObject     Incomplete_NtSetInformationObject
+#define _OBJECT_INFORMATION_CLASS  Incomplete_OBJECT_INFORMATION_CLASS
+#define OBJECT_INFORMATION_CLASS   Incomplete_OBJECT_INFORMATION_CLASS
+#define ObjectBasicInformation     Incomplete_ObjectBasicInformation
+#define ObjectTypeInformation      Incomplete_ObjectTypeInformation
 #ifdef IPRT_NT_USE_WINTERNL
+/*
+ * Use Winternl.h.
+ */
+# define _FILE_INFORMATION_CLASS                IncompleteWinternl_FILE_INFORMATION_CLASS
+# define FILE_INFORMATION_CLASS                 IncompleteWinternl_FILE_INFORMATION_CLASS
+# define FileDirectoryInformation               IncompleteWinternl_FileDirectoryInformation
+# define NtQueryInformationProcess              IncompleteWinternl_NtQueryInformationProcess
+# define NtSetInformationProcess                IncompleteWinternl_NtSetInformationProcess
+# define PROCESSINFOCLASS                       IncompleteWinternl_PROCESSINFOCLASS
+# define _PROCESSINFOCLASS                      IncompleteWinternl_PROCESSINFOCLASS
+# define PROCESS_BASIC_INFORMATION              IncompleteWinternl_PROCESS_BASIC_INFORMATION
+# define PPROCESS_BASIC_INFORMATION             IncompleteWinternl_PPROCESS_BASIC_INFORMATION
+# define _PROCESS_BASIC_INFORMATION             IncompleteWinternl_PROCESS_BASIC_INFORMATION
+# define ProcessBasicInformation                IncompleteWinternl_ProcessBasicInformation
+# define ProcessDebugPort                       IncompleteWinternl_ProcessDebugPort
+# define ProcessWow64Information                IncompleteWinternl_ProcessWow64Information
+# define ProcessImageFileName                   IncompleteWinternl_ProcessImageFileName
+# define ProcessBreakOnTermination              IncompleteWinternl_ProcessBreakOnTermination
+# define NtQueryInformationThread               IncompleteWinternl_NtQueryInformationThread
+# define NtSetInformationThread                 IncompleteWinternl_NtSetInformationThread
+# define THREADINFOCLASS                        IncompleteWinternl_THREADINFOCLASS
+# define _THREADINFOCLASS                       IncompleteWinternl_THREADINFOCLASS
+# define ThreadIsIoPending                      IncompleteWinternl_ThreadIsIoPending
+# define NtQuerySystemInformation               IncompleteWinternl_NtQuerySystemInformation
+# define NtSetSystemInformation                 IncompleteWinternl_NtSetSystemInformation
+# define SYSTEM_INFORMATION_CLASS               IncompleteWinternl_SYSTEM_INFORMATION_CLASS
+# define _SYSTEM_INFORMATION_CLASS              IncompleteWinternl_SYSTEM_INFORMATION_CLASS
+# define SystemBasicInformation                 IncompleteWinternl_SystemBasicInformation
+# define SystemPerformanceInformation           IncompleteWinternl_SystemPerformanceInformation
+# define SystemTimeOfDayInformation             IncompleteWinternl_SystemTimeOfDayInformation
+# define SystemProcessInformation               IncompleteWinternl_SystemProcessInformation
+# define SystemProcessorPerformanceInformation  IncompleteWinternl_SystemProcessorPerformanceInformation
+# define SystemInterruptInformation             IncompleteWinternl_SystemInterruptInformation
+# define SystemExceptionInformation             IncompleteWinternl_SystemExceptionInformation
+# define SystemRegistryQuotaInformation         IncompleteWinternl_SystemRegistryQuotaInformation
+# define SystemLookasideInformation             IncompleteWinternl_SystemLookasideInformation
+# define SystemPolicyInformation                IncompleteWinternl_SystemPolicyInformation
 # define WIN32_NO_STATUS
 # include <windef.h>
 …
 # undef WIN32_NO_STATUS
 # include <ntstatus.h>
+# define IPRT_NT_NEED_API_GROUP_1
+#elif defined(IPRT_NT_USE_WDM)
+# undef _FILE_INFORMATION_CLASS
+# undef FILE_INFORMATION_CLASS
+# undef FileDirectoryInformation
+# undef NtQueryInformationProcess
+# undef NtSetInformationProcess
+# undef PROCESSINFOCLASS
+# undef _PROCESSINFOCLASS
+# undef PROCESS_BASIC_INFORMATION
+# undef PPROCESS_BASIC_INFORMATION
+# undef _PROCESS_BASIC_INFORMATION
+# undef ProcessBasicInformation
+# undef ProcessDebugPort
+# undef ProcessWow64Information
+# undef ProcessImageFileName
+# undef ProcessBreakOnTermination
+# undef NtQueryInformationThread
+# undef NtSetInformationThread
+# undef THREADINFOCLASS
+# undef _THREADINFOCLASS
+# undef ThreadIsIoPending
+# undef NtQuerySystemInformation
+# undef NtSetSystemInformation
+# undef SYSTEM_INFORMATION_CLASS
+# undef _SYSTEM_INFORMATION_CLASS
+# undef SystemBasicInformation
+# undef SystemPerformanceInformation
+# undef SystemTimeOfDayInformation
+# undef SystemProcessInformation
+# undef SystemProcessorPerformanceInformation
+# undef SystemInterruptInformation
+# undef SystemExceptionInformation
+# undef SystemRegistryQuotaInformation
+# undef SystemLookasideInformation
+# undef SystemPolicyInformation
+#else
+/*
+ * Use ntifs.h and wdm.h.
+ */
+# ifdef RT_ARCH_X86
+#  define _InterlockedAddLargeStatistic  _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
+#  pragma warning(disable : 4163)
+# endif
+# include <ntifs.h>
 # include <wdm.h>
+# define IPRT_NT_NEED_API_GROUP_1
+#else
+# include <ntifs.h>
+#endif
+# ifdef RT_ARCH_X86
+#  pragma warning(default : 4163)
+#  undef _InterlockedAddLargeStatistic
+# endif
+# define IPRT_NT_NEED_API_GROUP_NTIFS
+#endif
+#undef NtQueryObject
+#undef ZwQueryObject
+#undef NtSetInformationObject
+#undef _OBJECT_INFORMATION_CLASS
+#undef OBJECT_INFORMATION_CLASS
+#undef ObjectBasicInformation
+#undef ObjectTypeInformation
 #include <iprt/types.h>
 …
                           PHANDLE phHandle, PULONG_PTR puDisposition);
 RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
                      ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
+                            ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
 RTDECL(int) RTNtPathClose(HANDLE hHandle);
 …
 RT_C_DECLS_BEGIN
+#ifdef IPRT_NT_NEED_API_GROUP_1
+/** @name Process access rights missing in ntddk headers
+ * @{ */
+#ifndef  PROCESS_TERMINATE
+# define PROCESS_TERMINATE                  UINT32_C(0x00000001)
+#endif
+#ifndef  PROCESS_CREATE_THREAD
+# define PROCESS_CREATE_THREAD              UINT32_C(0x00000002)
+#endif
+#ifndef  PROCESS_SET_SESSIONID
+# define PROCESS_SET_SESSIONID              UINT32_C(0x00000004)
+#endif
+#ifndef  PROCESS_VM_OPERATION
+# define PROCESS_VM_OPERATION               UINT32_C(0x00000008)
+#endif
+#ifndef  PROCESS_VM_READ
+# define PROCESS_VM_READ                    UINT32_C(0x00000010)
+#endif
+#ifndef  PROCESS_VM_WRITE
+# define PROCESS_VM_WRITE                   UINT32_C(0x00000020)
+#endif
+#ifndef  PROCESS_DUP_HANDLE
+# define PROCESS_DUP_HANDLE                 UINT32_C(0x00000040)
+#endif
+#ifndef  PROCESS_CREATE_PROCESS
+# define PROCESS_CREATE_PROCESS             UINT32_C(0x00000080)
+#endif
+#ifndef  PROCESS_SET_QUOTA
+# define PROCESS_SET_QUOTA                  UINT32_C(0x00000100)
+#endif
+#ifndef  PROCESS_SET_INFORMATION
+# define PROCESS_SET_INFORMATION            UINT32_C(0x00000200)
+#endif
+#ifndef  PROCESS_QUERY_INFORMATION
+# define PROCESS_QUERY_INFORMATION          UINT32_C(0x00000400)
+#endif
+#ifndef  PROCESS_SUSPEND_RESUME
+# define PROCESS_SUSPEND_RESUME             UINT32_C(0x00000800)
+#endif
+#ifndef  PROCESS_QUERY_LIMITED_INFORMATION
+# define PROCESS_QUERY_LIMITED_INFORMATION  UINT32_C(0x00001000)
+#endif
+#ifndef  PROCESS_SET_LIMITED_INFORMATION
+# define PROCESS_SET_LIMITED_INFORMATION    UINT32_C(0x00002000)
+#endif
+#define PROCESS_UNKNOWN_4000                UINT32_C(0x00004000)
+#define PROCESS_UNKNOWN_6000                UINT32_C(0x00008000)
+#ifndef PROCESS_ALL_ACCESS
+# define PROCESS_ALL_ACCESS                 ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
+#endif
+/** @} */
+/** @name Thread access rights missing in ntddk headers
+ * @{ */
+#ifndef THREAD_QUERY_INFORMATION
+# define THREAD_QUERY_INFORMATION           UINT32_C(0x00000040)
+#endif
+#ifndef THREAD_SET_THREAD_TOKEN
+# define THREAD_SET_THREAD_TOKEN            UINT32_C(0x00000080)
+#endif
+#ifndef THREAD_IMPERSONATE
+# define THREAD_IMPERSONATE                 UINT32_C(0x00000100)
+#endif
+#ifndef THREAD_DIRECT_IMPERSONATION
+# define THREAD_DIRECT_IMPERSONATION        UINT32_C(0x00000200)
+#endif
+#ifndef THREAD_RESUME
+# define THREAD_RESUME                      UINT32_C(0x00001000)
+#endif
+#define THREAD_UNKNOWN_2000                 UINT32_C(0x00002000)
+#define THREAD_UNKNOWN_4000                 UINT32_C(0x00004000)
+#define THREAD_UNKNOWN_8000                 UINT32_C(0x00008000)
+/** @} */
+/** @name Special handle values.
+ * @{ */
+#ifndef NtCurrentProcess
+# define NtCurrentProcess()                 ( (HANDLE)-(intptr_t)1 )
+#endif
+#ifndef NtCurrentThread
+# define NtCurrentThread()                  ( (HANDLE)-(intptr_t)2 )
+#endif
+#ifndef ZwCurrentProcess
+# define ZwCurrentProcess()                 NtCurrentProcess()
+#endif
+#ifndef ZwCurrentThread
+# define ZwCurrentThread()                  NtCurrentThread()
+#endif
+/** @} */
+#ifdef IPRT_NT_USE_WINTERNL
+typedef struct _CLIENT_ID
+{
+    HANDLE UniqueProcess;
+    HANDLE UniqueThread;
+} CLIENT_ID;
+typedef CLIENT_ID *PCLIENT_ID;
+NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
 …
 typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
+typedef enum
+NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
+NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
+typedef enum _FSINFOCLASS
+{
     FileFsVolumeInformation = 1,
 …
     FileFsFullSizeInformation,
     FileFsObjectIdInformation,
+    FileFsDriverPathInformation,
+    FileFsVolumeFlagsInformation,
+    FileFsSectorSizeInformation,
+    FileFsDataCopyInformation,
     FileFsMaximumInformation
 } FS_INFORMATION_CLASS;
 typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
+extern "C" NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
+#endif
+NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
+NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
+typedef struct _FILE_STANDARD_INFORMATION
+{
+    LARGE_INTEGER   AllocationSize;
+    LARGE_INTEGER   EndOfFile;
+    ULONG           NumberOfLinks;
+    BOOLEAN         DeletePending;
+    BOOLEAN         Directory;
+} FILE_STANDARD_INFORMATION;
+typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
+typedef enum _FILE_INFORMATION_CLASS
+{
+    FileDirectoryInformation = 1,
+    FileFullDirectoryInformation,
+    FileBothDirectoryInformation,
+    FileBasicInformation,
+    FileStandardInformation,
+    FileInternalInformation,
+    FileEaInformation,
+    FileAccessInformation,
+    FileNameInformation,
+    FileRenameInformation,
+    FileLinkInformation,
+    FileNamesInformation,
+    FileDispositionInformation,
+    FilePositionInformation,
+    FileFullEaInformation,
+    FileModeInformation,
+    FileAlignmentInformation,
+    FileAllInformation,
+    FileAllocationInformation,
+    FileEndOfFileInformation,
+    FileAlternateNameInformation,
+    FileStreamInformation,
+    FilePipeInformation,
+    FilePipeLocalInformation,
+    FilePipeRemoteInformation,
+    FileMailslotQueryInformation,
+    FileMailslotSetInformation,
+    FileCompressionInformation,
+    FileObjectIdInformation,
+    FileCompletionInformation,
+    FileMoveClusterInformation,
+    FileQuotaInformation,
+    FileReparsePointInformation,
+    FileNetworkOpenInformation,
+    FileAttributeTagInformation,
+    FileTrackingInformation,
+    FileIdBothDirectoryInformation,
+    FileIdFullDirectoryInformation,
+    FileValidDataLengthInformation,
+    FileShortNameInformation,
+    FileIoCompletionNotificationInformation,
+    FileIoStatusBlockRangeInformation,
+    FileIoPriorityHintInformation,
+    FileSfioReserveInformation,
+    FileSfioVolumeInformation,
+    FileHardLinkInformation,
+    FileProcessIdsUsingFileInformation,
+    FileNormalizedNameInformation,
+    FileNetworkPhysicalNameInformation,
+    FileIdGlobalTxDirectoryInformation,
+    FileIsRemoteDeviceInformation,
+    FileUnusedInformation,
+    FileNumaNodeInformation,
+    FileStandardLinkInformation,
+    FileRemoteProtocolInformation,
+    FileRenameInformationBypassAccessCheck,
+    FileLinkInformationBypassAccessCheck,
+    FileVolumeNameInformation,
+    FileIdInformation,
+    FileIdExtdDirectoryInformation,
+    FileReplaceCompletionInformation,
+    FileHardLinkFullIdInformation,
+    FileMaximumInformation
+} FILE_INFORMATION_CLASS;
+typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
+NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
+typedef struct _MEMORY_SECTION_NAME
+{
+    UNICODE_STRING  SectionFileName;
+    WCHAR           NameBuffer[1];
+} MEMORY_SECTION_NAME;
+#ifdef IPRT_NT_USE_WINTERNL
+typedef struct _PROCESS_BASIC_INFORMATION
+{
+    NTSTATUS ExitStatus;
+    PPEB PebBaseAddress;
+    ULONG_PTR AffinityMask;
+    int32_t BasePriority;
+    ULONG_PTR UniqueProcessId;
+    ULONG_PTR InheritedFromUniqueProcessId;
+} PROCESS_BASIC_INFORMATION;
+typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
+#endif
+typedef enum _PROCESSINFOCLASS
+{
+    ProcessBasicInformation = 0,
+    ProcessQuotaLimits,
+    ProcessIoCounters,
+    ProcessVmCounters,
+    ProcessTimes,
+    ProcessBasePriority,
+    ProcessRaisePriority,
+    ProcessDebugPort,
+    ProcessExceptionPort,
+    ProcessAccessToken,
+    ProcessLdtInformation,
+    ProcessLdtSize,
+    ProcessDefaultHardErrorMode,
+    ProcessIoPortHandlers,
+    ProcessPooledUsageAndLimits,
+    ProcessWorkingSetWatch,
+    ProcessUserModeIOPL,
+    ProcessEnableAlignmentFaultFixup,
+    ProcessPriorityClass,
+    ProcessWx86Information,
+    ProcessHandleCount,
+    ProcessAffinityMask,
+    ProcessPriorityBoost,
+    ProcessDeviceMap,
+    ProcessSessionInformation,
+    ProcessForegroundInformation,
+    ProcessWow64Information,
+    ProcessImageFileName,
+    ProcessLUIDDeviceMapsEnabled,
+    ProcessBreakOnTermination,
+    ProcessDebugObjectHandle,
+    ProcessDebugFlags,
+    ProcessHandleTracing,
+    ProcessIoPriority,
+    ProcessExecuteFlags,
+    ProcessTlsInformation,
+    ProcessCookie,
+    ProcessImageInformation,
+    ProcessCycleTime,
+    ProcessPagePriority,
+    ProcessInstrumentationCallbak,
+    ProcessThreadStackAllocation,
+    ProcessWorkingSetWatchEx,
+    ProcessImageFileNameWin32,
+    ProcessImageFileMapping,
+    ProcessAffinityUpdateMode,
+    ProcessMemoryAllocationMode,
+    ProcessGroupInformation,
+    ProcessTokenVirtualizationEnabled,
+    ProcessConsoleHostProcess,
+    ProcessWindowsInformation,
+    MaxProcessInfoClass
+} PROCESSINFOCLASS;
+NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
+typedef enum _THREADINFOCLASS
+{
+    ThreadBasicInformation = 0,
+    ThreadTimes,
+    ThreadPriority,
+    ThreadBasePriority,
+    ThreadAffinityMask,
+    ThreadImpersonationToken,
+    ThreadDescriptorTableEntry,
+    ThreadEnableAlignmentFaultFixup,
+    ThreadEventPair_Reusable,
+    ThreadQuerySetWin32StartAddress,
+    ThreadZeroTlsCell,
+    ThreadPerformanceCount,
+    ThreadAmILastThread,
+    ThreadIdealProcessor,
+    ThreadPriorityBoost,
+    ThreadSetTlsArrayAddress,
+    ThreadIsIoPending,
+    ThreadHideFromDebugger,
+    ThreadBreakOnTermination,
+    ThreadSwitchLegacyState,
+    ThreadIsTerminated,
+    ThreadLastSystemCall,
+    ThreadIoPriority,
+    ThreadCycleTime,
+    ThreadPagePriority,
+    ThreadActualBasePriority,
+    ThreadTebInformation,
+    ThreadCSwitchMon,
+    ThreadCSwitchPmu,
+    ThreadWow64Context,
+    ThreadGroupInformation,
+    ThreadUmsInformation,
+    ThreadCounterProfiling,
+    ThreadIdealProcessorEx,
+    ThreadCpuAccountingInformation,
+    MaxThreadInfoClass
+} THREADINFOCLASS;
+NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
+NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
+NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
+NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
+NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
+NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
+NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
+NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
+NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
+NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
+NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
+NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
+NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
+NTSYSAPI PULONG   NTAPI RtlSubAuthoritySid(PSID, ULONG);
+#endif /* IPRT_NT_USE_WINTERNL */
+typedef enum _OBJECT_INFORMATION_CLASS
+{
+    ObjectBasicInformation = 0,
+    ObjectNameInformation,
+    ObjectTypeInformation,
+    ObjectAllInformation,
+    ObjectDataInformation
+} OBJECT_INFORMATION_CLASS;
+typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
+#ifdef IN_RING0
+# define NtQueryObject ZwQueryObject
+#endif
+NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
+NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
+NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
+NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
 typedef struct _OBJECT_DIRECTORY_INFORMATION
 …
 } OBJECT_DIRECTORY_INFORMATION;
 typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
+NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
+NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
+/** Retured by ProcessImageInformation as well as NtQuerySection. */
+typedef struct _SECTION_IMAGE_INFORMATION
+{
+    PVOID TransferAddress;
+    ULONG ZeroBits;
+    SIZE_T MaximumStackSize;
+    SIZE_T CommittedStackSize;
+    ULONG SubSystemType;
+    union
+    {
+        struct
+        {
+            USHORT SubSystemMinorVersion;
+            USHORT SubSystemMajorVersion;
+        };
+        ULONG SubSystemVersion;
+    };
+    ULONG GpValue;
+    USHORT ImageCharacteristics;
+    USHORT DllCharacteristics;
+    USHORT Machine;
+    BOOLEAN ImageContainsCode;
+    union /**< Since Vista, used to be a spare BOOLEAN. */
+    {
+        struct
+        {
+            UCHAR ComPlusNativeRead : 1;
+            UCHAR ComPlusILOnly : 1;
+            UCHAR ImageDynamicallyRelocated : 1;
+            UCHAR ImageMAppedFlat : 1;
+            UCHAR Reserved : 4;
+        };
+        UCHAR ImageFlags;
+    };
+    ULONG LoaderFlags;
+    ULONG ImageFileSize; /**< Since XP? */
+    ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
+} SECTION_IMAGE_INFORMATION;
+typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
+typedef enum _SECTION_INFORMATION_CLASS
+{
+    SectionBasicInformation = 0,
+    SectionImageInformation,
+    MaxSectionInfoClass
+} SECTION_INFORMATION_CLASS;
+NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
+NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
+#ifndef SEC_FILE
+# define SEC_FILE               UINT32_C(0x00800000)
+#endif
+#ifndef SEC_IMAGE
+# define SEC_IMAGE              UINT32_C(0x01000000)
+#endif
+#ifndef SEC_PROTECTED_IMAGE
+# define SEC_PROTECTED_IMAGE    UINT32_C(0x02000000)
+#endif
+#ifndef SEC_NOCACHE
+# define SEC_NOCACHE            UINT32_C(0x10000000)
+#endif
+#ifndef MEM_ROTATE
+# define MEM_ROTATE             UINT32_C(0x00800000)
+#endif
+typedef enum _MEMORY_INFORMATION_CLASS
+{
+    MemoryBasicInformation = 0,
+    MemoryWorkingSetList,
+    MemorySectionName,
+    MemoryBasicVlmInformation
+} MEMORY_INFORMATION_CLASS;
+#ifdef IN_RING0
+typedef struct _MEMORY_BASIC_INFORMATION
+{
+    PVOID BaseAddress;
+    PVOID AllocationBase;
+    ULONG AllocationProtect;
+    SIZE_T RegionSize;
+    ULONG State;
+    ULONG Protect;
+    ULONG Type;
+} MEMORY_BASIC_INFORMATION;
+typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
+# define NtQueryVirtualMemory ZwQueryVirtualMemory
+#endif
+NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
+typedef enum _SYSTEM_INFORMATION_CLASS
+{
+    SystemBasicInformation = 0,
+    SystemCpuInformation,
+    SystemPerformanceInformation,
+    SystemTimeOfDayInformation,
+    SystemInformation_Unknown_4,
+    SystemProcessInformation,
+    SystemInformation_Unknown_6,
+    SystemInformation_Unknown_7,
+    SystemProcessorPerformanceInformation,
+    SystemInformation_Unknown_9,
+    SystemInformation_Unknown_10,
+    SystemModuleInformation,
+    SystemInformation_Unknown_12,
+    SystemInformation_Unknown_13,
+    SystemInformation_Unknown_14,
+    SystemInformation_Unknown_15,
+    SystemHandleInformation,
+    SystemInformation_Unknown_17,
+    SystemPageFileInformation,
+    SystemInformation_Unknown_19,
+    SystemInformation_Unknown_20,
+    SystemCacheInformation,
+    SystemInformation_Unknown_22,
+    SystemInterruptInformation,
+    SystemDpcBehaviourInformation,
+    SystemFullMemoryInformation,
+    SystemLoadGdiDriverInformation, /* 26 */
+    SystemUnloadGdiDriverInformation, /* 27 */
+    SystemTimeAdjustmentInformation,
+    SystemSummaryMemoryInformation,
+    SystemInformation_Unknown_30,
+    SystemInformation_Unknown_31,
+    SystemInformation_Unknown_32,
+    SystemExceptionInformation,
+    SystemCrashDumpStateInformation,
+    SystemKernelDebuggerInformation,
+    SystemContextSwitchInformation,
+    SystemRegistryQuotaInformation,
+    SystemInformation_Unknown_38,
+    SystemInformation_Unknown_39,
+    SystemInformation_Unknown_40,
+    SystemInformation_Unknown_41,
+    SystemInformation_Unknown_42,
+    SystemInformation_Unknown_43,
+    SystemCurrentTimeZoneInformation,
+    SystemLookasideInformation,
+    SystemSetTimeSlipEvent,
+    SystemCreateSession,
+    SystemDeleteSession,
+    SystemInformation_Unknown_49,
+    SystemRangeStartInformation,
+    SystemVerifierInformation,
+    SystemInformation_Unknown_52,
+    SystemSessionProcessInformation,
+    SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
+    SystemInformation_Unknown_55,
+    SystemInformation_Unknown_56,
+    SystemExtendedProcessInformation,
+    SystemInformation_Unknown_58,
+    SystemInformation_Unknown_59,
+    SystemInformation_Unknown_60,
+    SystemInformation_Unknown_61,
+    SystemInformation_Unknown_62,
+    SystemInformation_Unknown_63,
+    SystemExtendedHandleInformation, /* 64 */
+    /** @todo fill gap. they've added a whole bunch of things  */
+    SystemPolicyInformation = 134,
+    SystemInformationClassMax
+} SYSTEM_INFORMATION_CLASS;
+#ifdef IPRT_NT_USE_WINTERNL
+typedef struct _VM_COUNTERS
+{
+    SIZE_T PeakVirtualSize;
+    SIZE_T VirtualSize;
+    ULONG PageFaultCount;
+    SIZE_T PeakWorkingSetSize;
+    SIZE_T WorkingSetSize;
+    SIZE_T QuotaPeakPagedPoolUsage;
+    SIZE_T QuotaPagedPoolUsage;
+    SIZE_T QuotaPeakNonPagedPoolUsage;
+    SIZE_T QuotaNonPagedPoolUsage;
+    SIZE_T PagefileUsage;
+    SIZE_T PeakPagefileUsage;
+} VM_COUNTERS;
+typedef VM_COUNTERS *PVM_COUNTERS;
+#endif
+#if 0
+typedef struct _IO_COUNTERS
+{
+    ULONGLONG ReadOperationCount;
+    ULONGLONG WriteOperationCount;
+    ULONGLONG OtherOperationCount;
+    ULONGLONG ReadTransferCount;
+    ULONGLONG WriteTransferCount;
+    ULONGLONG OtherTransferCount;
+} IO_COUNTERS;
+typedef IO_COUNTERS *PIO_COUNTERS;
+#endif
+typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
+{
+    ULONG NextEntryOffset;          /**< 0x00 / 0x00 */
+    ULONG NumberOfThreads;          /**< 0x04 / 0x04 */
+    LARGE_INTEGER Reserved1[3];     /**< 0x08 / 0x08 */
+    LARGE_INTEGER CreationTime;     /**< 0x20 / 0x20 */
+    LARGE_INTEGER UserTime;         /**< 0x28 / 0x28 */
+    LARGE_INTEGER KernelTime;       /**< 0x30 / 0x30 */
+    UNICODE_STRING ProcessName;     /**< 0x38 / 0x38 Clean unicode encoding? */
+    int32_t BasePriority;           /**< 0x40 / 0x48 */
+    HANDLE UniqueProcessId;         /**< 0x44 / 0x50 */
+    HANDLE ParentProcessId;         /**< 0x48 / 0x58 */
+    ULONG HandleCount;              /**< 0x4c / 0x60 */
+    ULONG Reserved2;                /**< 0x50 / 0x64 Session ID? */
+    ULONG_PTR Reserved3;            /**< 0x54 / 0x68 */
+    VM_COUNTERS VmCounters;         /**< 0x58 / 0x70 */
+    IO_COUNTERS IoCounters;         /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
+    /* After this follows the threads, then the ProcessName.Buffer. */
+} RTNT_SYSTEM_PROCESS_INFORMATION;
+typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
+#ifndef IPRT_NT_USE_WINTERNL
+typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION ;
+typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
+#endif
+typedef struct _SYSTEM_HANDLE_ENTRY_INFO
+{
+    USHORT UniqueProcessId;
+    USHORT CreatorBackTraceIndex;
+    UCHAR ObjectTypeIndex;
+    UCHAR HandleAttributes;
+    USHORT HandleValue;
+    PVOID Object;
+    ULONG GrantedAccess;
+} SYSTEM_HANDLE_ENTRY_INFO;
+typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
+/** Returned by SystemHandleInformation  */
+typedef struct _SYSTEM_HANDLE_INFORMATION
+{
+    ULONG NumberOfHandles;
+    SYSTEM_HANDLE_ENTRY_INFO Handles[1];
+} SYSTEM_HANDLE_INFORMATION;
+typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
+/** Extended handle information entry.
+ * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit  */
+typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
+{
+    PVOID Object;
+    HANDLE UniqueProcessId;
+    HANDLE HandleValue;
+    ACCESS_MASK GrantedAccess;
+    USHORT CreatorBackTraceIndex;
+    USHORT ObjectTypeIndex;
+    ULONG HandleAttributes;
+    ULONG Reserved;
+} SYSTEM_HANDLE_ENTRY_INFO_EX;
+typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
+/** Returned by SystemExtendedHandleInformation.  */
+typedef struct _SYSTEM_HANDLE_INFORMATION_EX
+{
+    ULONG_PTR NumberOfHandles;
+    ULONG_PTR Reserved;
+    SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
+} SYSTEM_HANDLE_INFORMATION_EX;
+typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
+/** Input to SystemSessionProcessInformation. */
+typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
+{
+    ULONG SessionId;
+    ULONG BufferLength;
+    /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
+    PVOID Buffer;
+} SYSTEM_SESSION_PROCESS_INFORMATION;
+typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
+NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
+NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
+NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
+NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
 RT_C_DECLS_END
 /** @} */
+#endif
+#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
+/** @name NT Kernel APIs
+ * @{ */
+NTSYSAPI BOOLEAN  NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
+                                              PVOID pvOptionalConditions, PHANDLE phFound);
+NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
+                                                ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
+                                                KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
+NTSYSAPI HANDLE   NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
+NTSYSAPI UCHAR *  NTAPI PsGetProcessImageFileName(PEPROCESS);
+NTSYSAPI BOOLEAN  NTAPI PsIsProcessBeingDebugged(PEPROCESS);
+NTSYSAPI ULONG    NTAPI PsGetProcessSessionId(PEPROCESS);
+extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType;            /**< In vista+ this is the ALPC port object type. */
+extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType;    /**< In vista+ this is the ALPC port object type. */
+/** @ */
+#endif /* IN_RING0 */
+#endif

trunk/include/iprt/process.h

-              r44528
+              r51770
 /**
+ * Queries the parent process ID.
+ *
+ * @returns IPRT status code
+ * @param   hProcess     The process to query the parent of.
+ * @param   phParent     Where to return the parent process ID.
+ */
+RTR3DECL(int) RTProcQueryParent(RTPROCESS hProcess, PRTPROCESS phParent);
+/**
  * Query the username of the given process.
+ *

trunk/include/iprt/stream.h

-              r44528
+              r51770
 /**
+ * Dumper vprintf-like function outputting to a stream.
+ *
+ * @param   pvUser          The stream to print to.  NULL means standard output.
+ * @param   pszFormat       Runtime format string.
+ * @param   va              Arguments specified by pszFormat.
+ */
+RTR3DECL(void) RTStrmDumpPrintfV(void *pvUser, const char *pszFormat, va_list va);
+/**
  * Prints a formatted string to the standard output stream (g_pStdOut).
+ *

trunk/include/iprt/string.h

-              r50793
+              r51770
  * @param   pv          Pointer to the bytes to stringify.
  * @param   cb          The number of bytes to stringify.
+ * @param   fFlags      Must be zero, reserved for future use.
+ * @param   fFlags      Combination of RTSTRPRINTHEXBYTES_F_XXX values.
+ * @sa      RTUtf16PrintHexBytes.
  */
 RTDECL(int) RTStrPrintHexBytes(char *pszBuf, size_t cchBuf, void const *pv, size_t cb, uint32_t fFlags);
+/** @name RTSTRPRINTHEXBYTES_F_XXX - flags for RTStrPrintHexBytes and RTUtf16PritnHexBytes.
+ * @{ */
+/** Upper case hex digits, the default is lower case. */
+#define RTSTRPRINTHEXBYTES_F_UPPER      RT_BIT(0)
+/** @} */
 /**
 …
 /**
+ * Find the length of a zero-terminated byte string, given a max string length.
+ *
+ * @returns The string length or cbMax. The returned length does not include
+ *          the zero terminator if it was found.
+ *
+ * @param   pwszString  The string.
+ * @param   cwcMax      The max string length in RTUTF16s.
+ * @sa      RTUtf16NLenEx, RTStrNLen.
+ */
+RTDECL(size_t) RTUtf16NLen(PCRTUTF16 pwszString, size_t cwcMax);
+/**
+ * Find the length of a zero-terminated byte string, given
+ * a max string length.
+ *
+ * @returns IPRT status code.
+ * @retval  VINF_SUCCESS if the string has a length less than cchMax.
+ * @retval  VERR_BUFFER_OVERFLOW if the end of the string wasn't found
+ *          before cwcMax was reached.
+ *
+ * @param   pwszString  The string.
+ * @param   cwcMax      The max string length in RTUTF16s.
+ * @param   pcwc        Where to store the string length excluding the
+ *                      terminator.  This is set to cwcMax if the terminator
+ *                      isn't found.
+ * @sa      RTUtf16NLen, RTStrNLenEx.
+ */
+RTDECL(int) RTUtf16NLenEx(PCRTUTF16 pwszString, size_t cwcMax, size_t *pcwc);
+/**
+ * Find the zero terminator in a string with a limited length.
+ *
+ * @returns Pointer to the zero terminator.
+ * @returns NULL if the zero terminator was not found.
+ *
+ * @param   pwszString  The string.
+ * @param   cwcMax      The max string length.  RTSTR_MAX is fine.
+ */
+RTDECL(PCRTUTF16) RTUtf16End(PCRTUTF16 pwszString, size_t cwcMax);
+/**
+ * Strips blankspaces from both ends of the string.
+ *
+ * @returns Pointer to first non-blank char in the string.
+ * @param   pwsz    The string to strip.
+ */
+RTDECL(PRTUTF16) RTUtf16Strip(PRTUTF16 pwsz);
+/**
+ * Strips blankspaces from the start of the string.
+ *
+ * @returns Pointer to first non-blank char in the string.
+ * @param   pwsz    The string to strip.
+ */
+RTDECL(PRTUTF16) RTUtf16StripL(PCRTUTF16 pwsz);
+/**
+ * Strips blankspaces from the end of the string.
+ *
+ * @returns pwsz.
+ * @param   pwsz    The string to strip.
+ */
+RTDECL(PRTUTF16) RTUtf16StripR(PRTUTF16 pwsz);
+/**
+ * String copy with overflow handling.
+ *
+ * @retval  VINF_SUCCESS on success.
+ * @retval  VERR_BUFFER_OVERFLOW if the destination buffer is too small.  The
+ *          buffer will contain as much of the string as it can hold, fully
+ *          terminated.
+ *
+ * @param   pwszDst             The destination buffer.
+ * @param   cwcDst              The size of the destination buffer in RTUTF16s.
+ * @param   pwszSrc             The source string.  NULL is not OK.
+ */
+RTDECL(int) RTUtf16Copy(PRTUTF16 pwszDst, size_t cwcDst, PCRTUTF16 pwszSrc);
+/**
+ * String copy with overflow handling, ASCII source.
+ *
+ * @retval  VINF_SUCCESS on success.
+ * @retval  VERR_BUFFER_OVERFLOW if the destination buffer is too small.  The
+ *          buffer will contain as much of the string as it can hold, fully
+ *          terminated.
+ *
+ * @param   pwszDst             The destination buffer.
+ * @param   cwcDst              The size of the destination buffer in RTUTF16s.
+ * @param   pszSrc              The source string, pure ASCII.  NULL is not OK.
+ */
+RTDECL(int) RTUtf16CopyAscii(PRTUTF16 pwszDst, size_t cwcDst, const char *pszSrc);
+/**
+ * String copy with overflow handling.
+ *
+ * @retval  VINF_SUCCESS on success.
+ * @retval  VERR_BUFFER_OVERFLOW if the destination buffer is too small.  The
+ *          buffer will contain as much of the string as it can hold, fully
+ *          terminated.
+ *
+ * @param   pwszDst             The destination buffer.
+ * @param   cwcDst              The size of the destination buffer in RTUTF16s.
+ * @param   pwszSrc             The source string.  NULL is not OK.
+ * @param   cwcSrcMax           The maximum number of chars (not code points) to
+ *                              copy from the source string, not counting the
+ *                              terminator as usual.
+ */
+RTDECL(int) RTUtf16CopyEx(PRTUTF16 pwszDst, size_t cwcDst, PCRTUTF16 pwszSrc, size_t cwcSrcMax);
+/**
+ * String concatenation with overflow handling.
+ *
+ * @retval  VINF_SUCCESS on success.
+ * @retval  VERR_BUFFER_OVERFLOW if the destination buffer is too small.  The
+ *          buffer will contain as much of the string as it can hold, fully
+ *          terminated.
+ *
+ * @param   pszDst              The destination buffer.
+ * @param   cwcDst              The size of the destination buffer in RTUTF16s.
+ * @param   pwszSrc             The source string.  NULL is not OK.
+ */
+RTDECL(int) RTUtf16Cat(PRTUTF16 pwszDst, size_t cwcDst, PCRTUTF16 pwszSrc);
+/**
+ * String concatenation with overflow handling, ASCII source.
+ *
+ * @retval  VINF_SUCCESS on success.
+ * @retval  VERR_BUFFER_OVERFLOW if the destination buffer is too small.  The
+ *          buffer will contain as much of the string as it can hold, fully
+ *          terminated.
+ *
+ * @param   pszDst              The destination buffer.
+ * @param   cwcDst              The size of the destination buffer in RTUTF16s.
+ * @param   pszSrc              The source string, pure ASCII.  NULL is not OK.
+ */
+RTDECL(int) RTUtf16CatAscii(PRTUTF16 pwszDst, size_t cwcDst, const char *pwszSrc);
+/**
+ * String concatenation with overflow handling.
+ *
+ * @retval  VINF_SUCCESS on success.
+ * @retval  VERR_BUFFER_OVERFLOW if the destination buffer is too small.  The
+ *          buffer will contain as much of the string as it can hold, fully
+ *          terminated.
+ *
+ * @param   pwszDst             The destination buffer.
+ * @param   cwcDst              The size of the destination buffer in RTUTF16s.
+ * @param   pwszSrc             The source string.  NULL is not OK.
+ * @param   cwcSrcMax           The maximum number of UTF-16 chars (not code
+ *                              points) to copy from the source string, not
+ *                              counting the terminator as usual.
+ */
+RTDECL(int) RTUtf16CatEx(PRTUTF16 pwszDst, size_t cwcDst, PCRTUTF16 pwszSrc, size_t cwcSrcMax);
+/**
  * Performs a case sensitive string compare between two UTF-16 strings.
+ *
 …
  * @remark  This function will not make any attempt to validate the encoding.
  */
+RTDECL(int) RTUtf16Cmp(register PCRTUTF16 pwsz1, register PCRTUTF16 pwsz2);
+RTDECL(int) RTUtf16Cmp(PCRTUTF16 pwsz1, PCRTUTF16 pwsz2);
+/**
+ * Performs a case sensitive string compare between an UTF-16 string and a pure
+ * ASCII string.
+ *
+ * @returns < 0 if the first string less than the second string.s
+ * @returns 0 if the first string identical to the second string.
+ * @returns > 0 if the first string greater than the second string.
+ * @param   pwsz1       First UTF-16 string. Null is allowed.
+ * @param   psz2        Second string, pure ASCII. Null is allowed.
+ * @remark  This function will not make any attempt to validate the encoding.
+ */
+RTDECL(int) RTUtf16CmpAscii(PCRTUTF16 pwsz1, const char *psz2);
 /**
 …
  */
 RTDECL(int) RTUtf16ICmp(PCRTUTF16 pwsz1, PCRTUTF16 pwsz2);
+/**
+ * Performs a case insensitive string compare between an UTF-16 string and an
+ * pure ASCII string.
+ *
+ * Since this compare only takes cares about the first 128 codepoints in
+ * unicode, no tables are needed and there aren't any real complications.
+ *
+ * @returns < 0 if the first string less than the second string.
+ * @returns 0 if the first string identical to the second string.
+ * @returns > 0 if the first string greater than the second string.
+ * @param   pwsz1       First UTF-16 string. Null is allowed.
+ * @param   psz2        Second string, pure ASCII. Null is allowed.
+ */
+RTDECL(int) RTUtf16ICmpAscii(PCRTUTF16 pwsz1, const char *psz2);
 /**
 …
         && RTUtf16IsLowSurrogate(wcLow);
+}
+/**
+ * Formats a buffer stream as hex bytes.
+ *
+ * The default is no separating spaces or line breaks or anything.
+ *
+ * @returns IPRT status code.
+ * @retval  VERR_INVALID_POINTER if any of the pointers are wrong.
+ * @retval  VERR_BUFFER_OVERFLOW if the buffer is insufficent to hold the bytes.
+ *
+ * @param   pwszBuf     Output string buffer.
+ * @param   cwcBuf      The size of the output buffer in RTUTF16 units.
+ * @param   pv          Pointer to the bytes to stringify.
+ * @param   cb          The number of bytes to stringify.
+ * @param   fFlags      Combination of RTSTRPRINTHEXBYTES_F_XXX values.
+ * @sa      RTStrPrintHexBytes.
+ */
+RTDECL(int) RTUtf16PrintHexBytes(PRTUTF16 pwszBuf, size_t cwcBuf, void const *pv, size_t cb, uint32_t fFlags);
 /** @} */
 …
 /** @} */
+#ifndef ___iprt_nocrt_string_h
+# if defined(RT_OS_WINDOWS)
+RTDECL(void *) mempcpy(void *pvDst, const void *pvSrc, size_t cb);
+# endif
+#endif
 RT_C_DECLS_END

trunk/include/iprt/time.h

-              r48835
+              r51770
     return pTime1->i64NanosecondsRelativeToUnixEpoch == pTime2->i64NanosecondsRelativeToUnixEpoch;
+}
+/**
+ * Compare two time specs.
+ *
+ * @returns 0 if equal, -1 if @a pLeft is smaller, 1 if @a pLeft is larger.
+ * @returns false they are not equal.
+ * @param   pLeft       The 1st time spec.
+ * @param   pRight      The 2nd time spec.
+ */
+DECLINLINE(int) RTTimeSpecCompare(PCRTTIMESPEC pLeft, PCRTTIMESPEC pRight)
+{
+    if (pLeft->i64NanosecondsRelativeToUnixEpoch == pRight->i64NanosecondsRelativeToUnixEpoch)
+        return 0;
+    return pLeft->i64NanosecondsRelativeToUnixEpoch < pRight->i64NanosecondsRelativeToUnixEpoch ? -1 : 1;
+}
 /**

trunk/include/iprt/types.h

-              r48932
+              r51770
 #include <iprt/cdefs.h>
 #include <iprt/stdint.h>
+#include <iprt/stdarg.h>
 /*
 …
 typedef const struct RTTIMESPEC *PCRTTIMESPEC;
-/**
- * Generic pointer union.
- */
-typedef union RTPTRUNION
+{
-    /** Pointer into the void... */
-    void                   *pv;
-    /** Pointer to char value. */
-    char                   *pch;
-    /** Pointer to char value. */
-    unsigned char          *puch;
-    /** Pointer to a int value. */
-    int                    *pi;
-    /** Pointer to a unsigned int value. */
-    unsigned int           *pu;
-    /** Pointer to a long value. */
-    long                   *pl;
-    /** Pointer to a long value. */
-    unsigned long          *pul;
-    /** Pointer to a 8-bit unsigned value. */
-    uint8_t                *pu8;
-    /** Pointer to a 16-bit unsigned value. */
-    uint16_t               *pu16;
-    /** Pointer to a 32-bit unsigned value. */
-    uint32_t               *pu32;
-    /** Pointer to a 64-bit unsigned value. */
-    uint64_t               *pu64;
-} RTPTRUNION;
-/** Pointer to a pointer union. */
-typedef RTPTRUNION *PRTPTRUNION;
-/**
- * Generic const pointer union.
- */
-typedef union RTCPTRUNION
+{
-    /** Pointer into the void... */
-    void const             *pv;
-    /** Pointer to char value. */
-    char const             *pch;
-    /** Pointer to char value. */
-    unsigned char const    *puch;
-    /** Pointer to a int value. */
-    int const              *pi;
-    /** Pointer to a unsigned int value. */
-    unsigned int const     *pu;
-    /** Pointer to a long value. */
-    long const             *pl;
-    /** Pointer to a long value. */
-    unsigned long const    *pul;
-    /** Pointer to a 8-bit unsigned value. */
-    uint8_t const          *pu8;
-    /** Pointer to a 16-bit unsigned value. */
-    uint16_t const         *pu16;
-    /** Pointer to a 32-bit unsigned value. */
-    uint32_t const         *pu32;
-    /** Pointer to a 64-bit unsigned value. */
-    uint64_t const         *pu64;
-} RTCPTRUNION;
-/** Pointer to a const pointer union. */
-typedef RTCPTRUNION *PRTCPTRUNION;
-/**
- * Generic volatile pointer union.
- */
-typedef union RTVPTRUNION
+{
-    /** Pointer into the void... */
-    void volatile          *pv;
-    /** Pointer to char value. */
-    char volatile          *pch;
-    /** Pointer to char value. */
-    unsigned char volatile *puch;
-    /** Pointer to a int value. */
-    int volatile           *pi;
-    /** Pointer to a unsigned int value. */
-    unsigned int volatile  *pu;
-    /** Pointer to a long value. */
-    long volatile          *pl;
-    /** Pointer to a long value. */
-    unsigned long volatile *pul;
-    /** Pointer to a 8-bit unsigned value. */
-    uint8_t volatile       *pu8;
-    /** Pointer to a 16-bit unsigned value. */
-    uint16_t volatile      *pu16;
-    /** Pointer to a 32-bit unsigned value. */
-    uint32_t volatile      *pu32;
-    /** Pointer to a 64-bit unsigned value. */
-    uint64_t volatile      *pu64;
-} RTVPTRUNION;
-/** Pointer to a const pointer union. */
-typedef RTVPTRUNION *PRTVPTRUNION;
-/**
- * Generic const volatile pointer union.
- */
-typedef union RTCVPTRUNION
+{
-    /** Pointer into the void... */
-    void const volatile            *pv;
-    /** Pointer to char value. */
-    char const volatile            *pch;
-    /** Pointer to char value. */
-    unsigned char const volatile   *puch;
-    /** Pointer to a int value. */
-    int const volatile             *pi;
-    /** Pointer to a unsigned int value. */
-    unsigned int const volatile    *pu;
-    /** Pointer to a long value. */
-    long const volatile            *pl;
-    /** Pointer to a long value. */
-    unsigned long const volatile   *pul;
-    /** Pointer to a 8-bit unsigned value. */
-    uint8_t const volatile         *pu8;
-    /** Pointer to a 16-bit unsigned value. */
-    uint16_t const volatile        *pu16;
-    /** Pointer to a 32-bit unsigned value. */
-    uint32_t const volatile        *pu32;
-    /** Pointer to a 64-bit unsigned value. */
-    uint64_t const volatile        *pu64;
-} RTCVPTRUNION;
-/** Pointer to a const pointer union. */
-typedef RTCVPTRUNION *PRTCVPTRUNION;
 …
+/** Pointer to a big integer number. */
+typedef struct RTBIGNUM                            *PRTBIGNUM;
+/** Pointer to a const big integer number. */
+typedef struct RTBIGNUM const                      *PCRTBIGNUM;
 /** Pointer to a critical section. */
 typedef struct RTCRITSECT                          *PRTCRITSECT;
 …
 #define NIL_RTCONDVAR                               0
+/** Cryptographic (certificate) store handle. */
+typedef R3R0PTRTYPE(struct RTCRSTOREINT *)          RTCRSTORE;
+/** Pointer to a Cryptographic (certificate) store handle. */
+typedef RTCRSTORE                                  *PRTCRSTORE;
+/** Nil Cryptographic (certificate) store handle. */
+#define NIL_RTCRSTORE                               0
+/** Pointer to a const (store) certificate context. */
+typedef struct RTCRCERTCTX const                   *PCRTCRCERTCTX;
+/** Cryptographic message digest handle. */
+typedef R3R0PTRTYPE(struct RTCRDIGESTINT *)         RTCRDIGEST;
+/** Pointer to a cryptographic message digest handle. */
+typedef RTCRDIGEST                                 *PRTCRDIGEST;
+/** NIL cryptographic message digest handle. */
+#define NIL_RTCRDIGEST                              (0)
+/** Public key encryption schema handle. */
+typedef R3R0PTRTYPE(struct RTCRPKIXENCRYPTIONINT *) RTCRPKIXENCRYPTION;
+/** Pointer to a public key encryption schema handle. */
+typedef RTCRPKIXENCRYPTION                         *PRTCRPKIXENCRYPTION;
+/** NIL publick key encryption schema handle */
+#define NIL_RTCRPKIXENCRYPTION                      (0)
+/** Public key signature schema handle. */
+typedef R3R0PTRTYPE(struct RTCRPKIXSIGNATUREINT *)  RTCRPKIXSIGNATURE;
+/** Pointer to a public key signature schema handle. */
+typedef RTCRPKIXSIGNATURE                          *PRTCRPKIXSIGNATURE;
+/** NIL publick key signature schema handle */
+#define NIL_RTCRPKIXSIGNATURE                       (0)
+/** X.509 certificate paths builder & validator handle. */
+typedef R3R0PTRTYPE(struct RTCRX509CERTPATHSINT *)  RTCRX509CERTPATHS;
+/** Pointer to a certificate paths builder & validator handle. */
+typedef RTCRX509CERTPATHS                          *PRTCRX509CERTPATHS;
+/** Nil certificate paths builder & validator handle. */
+#define NIL_RTCRX509CERTPATHS                       0
 /** File handle. */
 typedef R3R0PTRTYPE(struct RTFILEINT *)             RTFILE;
 …
 /** Loader module handle. */
 typedef R3PTRTYPE(struct RTLDRMODINTERNAL *)        RTLDRMOD;
+typedef R3R0PTRTYPE(struct RTLDRMODINTERNAL *)      RTLDRMOD;
 /** Pointer to a loader module handle. */
 typedef RTLDRMOD                                   *PRTLDRMOD;
 …
 typedef FNRTPROGRESS *PFNRTPROGRESS;
+/**
+ * Generic vprintf-like callback function for dumpers.
+ *
+ * @param   pvUser          User argument.
+ * @param   pszFormat       The format string.
+ * @param   va              Arguments for the format string.
+ */
+typedef DECLCALLBACK(void) FNRTDUMPPRINTFV(void *pvUser, const char *pszFormat, va_list va);
+/** Pointer to a generic printf-like function for dumping. */
+typedef FNRTDUMPPRINTFV *PFNRTDUMPPRINTFV;
 /**
 …
 /**
+ * Digest types.
+ */
+typedef enum RTDIGESTTYPE
+{
+    /** Invalid digest value.  */
+    RTDIGESTTYPE_INVALID = 0,
+    /** Unknown digest type. */
+    RTDIGESTTYPE_UNKNOWN,
+    /** CRC32 checksum. */
+    RTDIGESTTYPE_CRC32,
+    /** CRC64 checksum. */
+    RTDIGESTTYPE_CRC64,
+    /** MD2 checksum (unsafe!). */
+    RTDIGESTTYPE_MD2,
+    /** MD4 checksum (unsafe!!). */
+    RTDIGESTTYPE_MD4,
+    /** MD5 checksum (unsafe!). */
+    RTDIGESTTYPE_MD5,
+    /** SHA-1 checksum (unsafe!). */
+    RTDIGESTTYPE_SHA1,
+    /** SHA-224 checksum. */
+    RTDIGESTTYPE_SHA224,
+    /** SHA-256 checksum. */
+    RTDIGESTTYPE_SHA256,
+    /** SHA-384 checksum. */
+    RTDIGESTTYPE_SHA384,
+    /** SHA-512 checksum. */
+    RTDIGESTTYPE_SHA512,
+    /** End of valid types. */
+    RTDIGESTTYPE_END,
+    /** Usual 32-bit type blowup. */
+    RTDIGESTTYPE_32BIT_HACK = 0x7fffffff
+} RTDIGESTTYPE;
+/**
  * Process exit codes.
  */
 …
 typedef const RTRANGE *PCRTRANGE;
+/**
+ * Generic pointer union.
+ */
+typedef union RTPTRUNION
+{
+    /** Pointer into the void... */
+    void                   *pv;
+    /** As a signed integer. */
+    intptr_t                i;
+    /** As an unsigned integer. */
+    intptr_t                u;
+    /** Pointer to char value. */
+    char                   *pch;
+    /** Pointer to char value. */
+    unsigned char          *puch;
+    /** Pointer to a int value. */
+    int                    *pi;
+    /** Pointer to a unsigned int value. */
+    unsigned int           *pu;
+    /** Pointer to a long value. */
+    long                   *pl;
+    /** Pointer to a long value. */
+    unsigned long          *pul;
+    /** Pointer to a 8-bit unsigned value. */
+    uint8_t                *pu8;
+    /** Pointer to a 16-bit unsigned value. */
+    uint16_t               *pu16;
+    /** Pointer to a 32-bit unsigned value. */
+    uint32_t               *pu32;
+    /** Pointer to a 64-bit unsigned value. */
+    uint64_t               *pu64;
+    /** Pointer to a UTF-16 character. */
+    PRTUTF16                pwc;
+    /** Pointer to a UUID character. */
+    PRTUUID                 pUuid;
+} RTPTRUNION;
+/** Pointer to a pointer union. */
+typedef RTPTRUNION *PRTPTRUNION;
+/**
+ * Generic const pointer union.
+ */
+typedef union RTCPTRUNION
+{
+    /** Pointer into the void... */
+    void const             *pv;
+    /** As a signed integer. */
+    intptr_t                i;
+    /** As an unsigned integer. */
+    intptr_t                u;
+    /** Pointer to char value. */
+    char const             *pch;
+    /** Pointer to char value. */
+    unsigned char const    *puch;
+    /** Pointer to a int value. */
+    int const              *pi;
+    /** Pointer to a unsigned int value. */
+    unsigned int const     *pu;
+    /** Pointer to a long value. */
+    long const             *pl;
+    /** Pointer to a long value. */
+    unsigned long const    *pul;
+    /** Pointer to a 8-bit unsigned value. */
+    uint8_t const          *pu8;
+    /** Pointer to a 16-bit unsigned value. */
+    uint16_t const         *pu16;
+    /** Pointer to a 32-bit unsigned value. */
+    uint32_t const         *pu32;
+    /** Pointer to a 64-bit unsigned value. */
+    uint64_t const         *pu64;
+    /** Pointer to a UTF-16 character. */
+    PCRTUTF16               pwc;
+    /** Pointer to a UUID character. */
+    PCRTUUID                pUuid;
+} RTCPTRUNION;
+/** Pointer to a const pointer union. */
+typedef RTCPTRUNION *PRTCPTRUNION;
+/**
+ * Generic volatile pointer union.
+ */
+typedef union RTVPTRUNION
+{
+    /** Pointer into the void... */
+    void volatile          *pv;
+    /** As a signed integer. */
+    intptr_t                i;
+    /** As an unsigned integer. */
+    intptr_t                u;
+    /** Pointer to char value. */
+    char volatile          *pch;
+    /** Pointer to char value. */
+    unsigned char volatile *puch;
+    /** Pointer to a int value. */
+    int volatile           *pi;
+    /** Pointer to a unsigned int value. */
+    unsigned int volatile  *pu;
+    /** Pointer to a long value. */
+    long volatile          *pl;
+    /** Pointer to a long value. */
+    unsigned long volatile *pul;
+    /** Pointer to a 8-bit unsigned value. */
+    uint8_t volatile       *pu8;
+    /** Pointer to a 16-bit unsigned value. */
+    uint16_t volatile      *pu16;
+    /** Pointer to a 32-bit unsigned value. */
+    uint32_t volatile      *pu32;
+    /** Pointer to a 64-bit unsigned value. */
+    uint64_t volatile      *pu64;
+    /** Pointer to a UTF-16 character. */
+    RTUTF16 volatile       *pwc;
+    /** Pointer to a UUID character. */
+    RTUUID volatile        *pUuid;
+} RTVPTRUNION;
+/** Pointer to a const pointer union. */
+typedef RTVPTRUNION *PRTVPTRUNION;
+/**
+ * Generic const volatile pointer union.
+ */
+typedef union RTCVPTRUNION
+{
+    /** Pointer into the void... */
+    void const volatile            *pv;
+    /** As a signed integer. */
+    intptr_t                        i;
+    /** As an unsigned integer. */
+    intptr_t                        u;
+    /** Pointer to char value. */
+    char const volatile            *pch;
+    /** Pointer to char value. */
+    unsigned char const volatile   *puch;
+    /** Pointer to a int value. */
+    int const volatile             *pi;
+    /** Pointer to a unsigned int value. */
+    unsigned int const volatile    *pu;
+    /** Pointer to a long value. */
+    long const volatile            *pl;
+    /** Pointer to a long value. */
+    unsigned long const volatile   *pul;
+    /** Pointer to a 8-bit unsigned value. */
+    uint8_t const volatile         *pu8;
+    /** Pointer to a 16-bit unsigned value. */
+    uint16_t const volatile        *pu16;
+    /** Pointer to a 32-bit unsigned value. */
+    uint32_t const volatile        *pu32;
+    /** Pointer to a 64-bit unsigned value. */
+    uint64_t const volatile        *pu64;
+    /** Pointer to a UTF-16 character. */
+    RTUTF16 const volatile         *pwc;
+    /** Pointer to a UUID character. */
+    RTUUID const volatile          *pUuid;
+} RTCVPTRUNION;
+/** Pointer to a const pointer union. */
+typedef RTCVPTRUNION *PRTCVPTRUNION;
 #ifdef __cplusplus
 /**

trunk/include/iprt/uni.h

-              r46011
+              r51770
+/**
+ * Checks if a code point valid.
+ *
+ * Any code point (defined or not) within the 17 unicode planes (0 thru 16),
+ * except surrogates will be considered valid code points by this function.
+ *
+ * @returns true if in range, false if not.
+ * @param   CodePoint       The unicode code point to validate.
+ */
+DECLINLINE(bool) RTUniCpIsValid(RTUNICP CodePoint)
+{
+    return CodePoint <= 0x00d7ff
+        || (   CodePoint <= 0x10ffff
+            && CodePoint >= 0x00e000);
+}
+/**
+ * Checks if the given code point is in the BMP range.
+ *
+ * Surrogates are not considered in the BMP range by this function.
+ *
+ * @returns true if in BMP, false if not.
+ * @param   CodePoint       The unicode code point to consider.
+ */
+DECLINLINE(bool) RTUniCpIsBMP(RTUNICP CodePoint)
+{
+    return CodePoint <= 0xd7ff
+        || (   CodePoint <= 0xffff
+            && CodePoint >= 0xe000);
+}
+/**
+ * Folds a unicode code point to lower case.
+ *
+ * @returns Folded code point.
+ * @param   CodePoint       The unicode code point to fold.
+ */
+DECLINLINE(size_t) RTUniCpCalcUtf8Len(RTUNICP CodePoint)
+{
+    if (CodePoint < 0x80)
+        return 1;
+    return 2
+        + (CodePoint >= 0x00000800)
+        + (CodePoint >= 0x00010000)
+        + (CodePoint >= 0x00200000)
+        + (CodePoint >= 0x04000000)
+        + (CodePoint >= 0x80000000) /* illegal */;
+}
 RT_C_DECLS_END
 /** @} */

trunk/src/VBox

Property svn:mergeinfo changed
/branches/bird/hardenedwindows/src/VBox (added) merged: 92692-94610

trunk/src/VBox/Additions/WINNT/Graphics/Video/mp/wddm/VBoxMPVdma.cpp

-              r51330
+              r51770
 NTSTATUS vboxVdmaTexPresentSetAlloc(PVBOXMP_DEVEXT pDevExt, const VBOXWDDM_ALLOC_DATA *pAllocData)
+{
-    VBOXMP_CRPACKER CrPacker;
-    VBoxMpCrPackerInit(&CrPacker);
     uint32_t u32CrConClientID;
     NTSTATUS Status = vboxVdmaCrCtlGetDefaultClientId(pDevExt, &u32CrConClientID);
     if (!NT_SUCCESS(Status))
 …
         return Status;
+    }
+    VBOXMP_CRPACKER *pCrPacker = (VBOXMP_CRPACKER *)RTMemTmpAlloc(sizeof(*pCrPacker));
+    if (!pCrPacker)
+        return STATUS_NO_MEMORY;
+    VBoxMpCrPackerInit(pCrPacker);
     RECT Rect;
 …
     if (pDevExt->fCmdVbvaEnabled)
+        return vboxVdmaTexPresentSubmit(pDevExt, &CrPacker, u32CrConClientID, pAllocData->hostID, pAllocData->SurfDesc.VidPnSourceId, 0, 0, 1, (RTRECT*)&Rect);
+    if (pDevExt->fTexPresentEnabled)
+        Status = vboxVdmaTexPresentSubmit(pDevExt, pCrPacker, u32CrConClientID, pAllocData->hostID, pAllocData->SurfDesc.VidPnSourceId, 0, 0, 1, (RTRECT*)&Rect);
+    else if (pDevExt->fTexPresentEnabled)
+    {
         VBOXVDMAPIPE_RECTS RectInfo;
 …
         RectInfo.UpdateRects.aRects[0] = Rect;
         return vboxVdmaProcessVRegTexPresent(pDevExt, &CrPacker, u32CrConClientID,
+        Status = vboxVdmaProcessVRegTexPresent(pDevExt, pCrPacker, u32CrConClientID,
                 pAllocData, pAllocData,
                 &Rect, &RectInfo);
+    }
+    return STATUS_NOT_IMPLEMENTED;
+    else
+        Status = STATUS_NOT_IMPLEMENTED;
+    RTMemTmpFree(pCrPacker);
+    return Status;
+}

trunk/src/VBox/Frontends

Property svn:mergeinfo changed
/branches/bird/hardenedwindows/src/VBox/Frontends (added) merged: 92692-94610

trunk/src/VBox/Frontends/VirtualBox/Makefile.kmk

r51649	r51770
57	57	VirtualBoxHardened_NAME = VirtualBox
58	58	VirtualBoxHardened_INST.darwin = $(INST_BIN)VirtualBox $(INST_BIN)VirtualBoxVM
	59	VirtualBoxHardened_LDFLAGS.win = /SUBSYSTEM:$(if-expr "$(KBUILD_TYPE)" != "release",console,windows)
59	60
60	61

trunk/src/VBox/Frontends/VirtualBox/src/main.cpp

-              r51679
+              r51770
     /* Prepare the error-message: */
     QString strTitle = QApplication::tr("VirtualBox - Error In %1").arg(pszWhere);
+    char msgBuf[1024];
+    vsprintf(msgBuf, pszMsgFmt, va);
+    QString strText = QApplication::tr("<html><b>%1 (rc=%2)</b><br/><br/>").arg(msgBuf).arg(rc);
+    char szMsgBuf[1024];
+    RTStrPrintfV(szMsgBuf, sizeof(szMsgBuf), pszMsgFmt, va);
+    QString strText = QApplication::tr("<html><b>%1 (rc=%2)</b><br/><br/>").arg(szMsgBuf).arg(rc);
     switch (enmWhat)
+    {
 …
 # ifdef RT_OS_LINUX
         case kSupInitOp_IPRT:
+        case kSupInitOp_Misc:
             if (rc == VERR_NO_MEMORY)
                 strText += g_QStrHintLinuxNoMemory;
 …
             break;
+    }
     strText += "</html>";

trunk/src/VBox/HostDrivers/Support/Makefile.kmk

-              r51346
+              r51770
 # Targets
+#
+LIBRARIES += SUPR3 SUPR3Static SUPR3HardenedStatic
+LIBRARIES += SUPR3 SUPR3Static
+ifdef VBOX_WITH_HARDENING
+ LIBRARIES += SUPR3HardenedStatic
+endif
+DLLS.win += VBoxSupLib
 ifdef VBOX_WITH_32_ON_64_MAIN_API
  LIBRARIES += SUPR3-x86
 …
 endif # !VBOX_ONLY_DOCS && !VBOX_ONLY_EXTPACKS && !VBOX_ONLY_VALIDATIONKIT
+#
+# Authenticode related trust anchors and certificates -> .cpp
+#
+VBOX_SUP_WIN_CERTS_FILE = $(SUPR3_0_OUTDIR)/TrustAnchorsAndCerts.cpp
+VBOX_SUP_WIN_CERTS := \
+       SpcRootMicrosoft0=SpcRoot-MicrosoftAuthenticodeTmRootAuthority-01.taf \
+       SpcRootMicrosoft1=SpcRoot-MicrosoftRootAuthority-00c1008b3c3c8811d13ef663ecdf40.taf \
+       SpcRootMicrosoft2=SpcRoot-MicrosoftRootCertificateAuthority-79ad16a14aa0a5ad4c7358f407132e65.taf \
+       SpcRootMicrosoft3=SpcRoot-MicrosoftRootCertificateAuthority2010-28cc3a25bfba44ac449a9b586b4339aa.taf \
+       SpcRootMicrosoft4=SpcRoot-MicrosoftRootCertificateAuthority2011-3f8bc8b5fc9fb29643b569d66c42e144.taf \
+       SpcRootMicrosoft5=SpcRoot-MicrosoftDigitalMediaAuthority2005-6eff330eb6e7569740680870104baaba.taf \
+       NtRootMicrosoft6=NtRoot-MicrosoftCodeVerificationRoot-729404101f3e0ca347837fca175a8438.taf \
+       TimeRootMicrosoft0=Timestamp-CopyrightC1997MicrosoftCorp-01.taf \
+       TrustedCertVBox0=Trusted-OracleCorporationVirtualBox-51ca009816fdbd80f120e015ee75823e.taf
+VBOX_SUP_WIN_CERT_NAMES := $(foreach cert,$(VBOX_SUP_WIN_CERTS),$(firstword $(subst =,$(SPACE) ,$(cert))))
+VBOX_PATH_SUPR3_CERTIFICATES := $(PATH_SUB_CURRENT)/win/Certificates
+# 1=name, 2=filter, 3=buildcert?.
+if "$(KBUILD_TARGET)" == "win" && defined(VBOX_WITH_HARDENING)
+ VBOX_SUP_GEN_CERT_MACRO = 'SUPTAENTRY const g_aSUP$(1)TAs[] =' '{' \
+       $(if-expr "$(3)" == "",,'    SUPTAENTRY_GEN(g_abSUPBuildCert),') \
+        $(foreach certnm,$(filter $(2),$(VBOX_SUP_WIN_CERT_NAMES)), '    SUPTAENTRY_GEN(g_abSUP$(certnm)),') \
+        '};' 'unsigned const g_cSUP$(1)TAs = RT_ELEMENTS(g_aSUP$(1)TAs);' '' ''
+else
+ VBOX_SUP_GEN_CERT_MACRO = 'SUPTAENTRY const g_aSUP$(1)TAs[] =' '{' \
+        $(foreach certnm,$(filter $(2),$(VBOX_SUP_WIN_CERT_NAMES)), '    SUPTAENTRY_GEN(g_abSUP$(certnm)),') \
+        '};' 'unsigned const g_cSUP$(1)TAs = RT_ELEMENTS(g_aSUP$(1)TAs);' '' ''
+endif
+$$(VBOX_SUP_WIN_CERTS_FILE): $(MAKEFILE_CURRENT) \
+                $(foreach cert,$(VBOX_SUP_WIN_CERTS),$(VBOX_PATH_SUPR3_CERTIFICATES)/$(lastword $(subst =,$(SPACE) ,$(cert)))) \
+                $(VBOX_BIN2C) \
+                $(if-expr  "$(KBUILD_TARGET)" == "win" && defined(VBOX_WITH_HARDENING),$(VBOX_RTSIGNTOOL)) \
+                | $$(dir $$@)
+        $(QUIET)$(RM) -f -- $@ [email protected]
+        $(QUIET)$(APPEND) -n "$@" \
+        '' \
+        '#include <VBox/sup.h>' \
+               ''
+        $(foreach cert,$(VBOX_SUP_WIN_CERTS), $(NLTAB)$(VBOX_BIN2C) -ascii --append \
+                "SUP$(firstword $(subst =,$(SP) ,$(cert)))" \
+                "$(VBOX_PATH_SUPR3_CERTIFICATES)/$(lastword $(subst =,$(SP) ,$(cert)))" \
+                "$@")
+# The build certificate.
+if "$(KBUILD_TARGET)" == "win" && defined(VBOX_WITH_HARDENING)
+        $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --exe $(VBOX_RTSIGNTOOL) --output "[email protected]" --der
+        $(VBOX_BIN2C) -ascii --append SUPBuildCert "[email protected]" $@
+        $(QUIET)$(RM) -f -- [email protected]
+endif
+# Generate certificate lists.
+        $(QUIET)$(APPEND) -n "$@" '' \
+               $(call VBOX_SUP_GEN_CERT_MACRO,All,%,build) \
+               $(call VBOX_SUP_GEN_CERT_MACRO,SpcRoot,SpcRoot%) \
+               $(call VBOX_SUP_GEN_CERT_MACRO,NtKernelRoot,NtRoot%) \
+               $(call VBOX_SUP_GEN_CERT_MACRO,Timestamp,TimeRoot%) \
+               $(call VBOX_SUP_GEN_CERT_MACRO,Trusted,TrustedCert%,build)
+tst: $(VBOX_SUP_WIN_CERTS_FILE)
+#
 # The Ring-3 Support Library (this is linked into the IPRT dll, VBoxRT).
+#
 SUPR3_TEMPLATE     = VBOXR3NP
+SUPR3_TEMPLATE      = VBOXR3NP
 SUPR3_DEFS          = \
         IN_SUP_R3 IN_RT_R3 \
 …
         SUPR3HardenedIPRT.cpp \
         SUPR3HardenedVerify.cpp \
+        $(KBUILD_TARGET)/SUPLib-$(KBUILD_TARGET).cpp
+        $(KBUILD_TARGET)/SUPLib-$(KBUILD_TARGET).cpp \
+        $(VBOX_SUP_WIN_CERTS_FILE)
+ifdef VBOX_WITH_HARDENING
+ SUPR3_SOURCES.win  = \
+        win/SUPHardenedVerifyImage-win.cpp
+endif
 SUPR3-x86_TEMPLATE = VBoxR3Dll-x86
 …
+#
+# Static version of SUPR3.
+# Static version of SUPR3.  This is more of a stub than anything else in a
+# hardened build, at least on windows.
+#
 SUPR3Static_TEMPLATE = VBOXR3STATIC
 SUPR3Static_EXTENDS = SUPR3
+SUPR3Static_DEFS = $(SUPR3_DEFS) IN_SUP_R3_STATIC
+SUPR3Static_SOURCES.win = $(filter-out win/SUPHardenedVerifyImage-win.cpp, $(SUPR3_SOURCES.win))
+#
 # The static part of the hardened support library (ring-3).
+#
+VBOX_PATH_RUNTIME_SRC ?= $(PATH_ROOT)/src/VBox/Runtime
 SUPR3HardenedStatic_TEMPLATE = VBOXR3HARDENEDLIB
 SUPR3HardenedStatic_DEFS     = IN_SUP_HARDENED_R3
 …
         $(if $(VBOX_WITH_SUPSVC),VBOX_WITH_SUPSVC,) \
         $(if $(VBOX_WITH_MAIN),VBOX_WITH_MAIN,) \
+        $(if $(VBOX_WITH_RAW_MODE),VBOX_WITH_RAW_MODE,)
+        $(if $(VBOX_WITH_RAW_MODE),VBOX_WITH_RAW_MODE,) \
+        $(if $(VBOX_WITHOUT_DEBUGGER_CHECKS),VBOX_WITHOUT_DEBUGGER_CHECKS,)
+ifdef VBOX_WITH_VISTA_NO_SP
+ SUPR3HardenedStatic_DEFS.win += VBOX_WITH_VISTA_NO_SP
+endif
 SUPR3HardenedStatic_INCS     = .
 SUPR3HardenedStatic_SOURCES  = \
         SUPR3HardenedMain.cpp \
         SUPR3HardenedVerify.cpp \
+        SUPR3HardenedNoCrt.cpp \
         $(KBUILD_TARGET)/SUPLib-$(KBUILD_TARGET).cpp
+SUPR3HardenedStatic_SOURCES.win = \
+        win/SUPR3HardenedMain-win.cpp \
+        win/SUPR3HardenedMainA-win.asm \
+       win/SUPHardenedVerifyProcess-win.cpp \
+       win/SUPHardenedVerifyImage-win.cpp \
+        $(VBOX_SUP_WIN_CERTS_FILE)
+if1of ($(KBUILD_TARGET),win) ## @todo some of this move up.
+ SUPR3HardenedStatic_SDKS += VBoxOpenSslHardened
+ SUPR3HardenedStatic_DEFS += IN_RT IN_RT_R3 IN_RT_STATIC IPRT_NO_CRT RT_WITH_NOCRT_ALIASES LOG_DISABLED IPRT_NO_ERROR_DATA
+ SUPR3HardenedStatic_DEFS.win += LDR_ONLY_PE __STRALIGN_H_
+ SUPR3HardenedStatic_INCS += $(PATH_ROOT)/include/iprt/nocrt  $(VBOX_PATH_RUNTIME_SRC)/include
+ SUPR3HardenedStatic_SOURCES += \
+        $(VBOX_PATH_RUNTIME_SRC)/common/ldr/ldr.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/ldr/ldrEx.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/ldr/ldrPE.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-basics.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-cursor.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-default-allocator.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-dump.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-encode.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-bitstring.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-bitstring-decode.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-boolean.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-boolean-decode.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-core.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-core-decode.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-dyntype.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-dyntype-decode.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-integer.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-integer-decode.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-null.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-null-decode.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-objid.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-objid-decode.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-octetstring.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-octetstring-decode.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-string.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-string-decode.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-time.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/asn1/asn1-ut-time-decode.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/digest-core.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/digest-builtin.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/pkcs7-asn1-decoder.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/pkcs7-core.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/pkcs7-init.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/pkcs7-sanity.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/pkcs7-verify.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/pkix-signature-builtin.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/pkix-signature-core.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/pkix-signature-rsa.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/pkix-verify.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/pkix-util.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/rsa-asn1-decoder.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/rsa-core.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/rsa-init.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/rsa-sanity.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/spc-asn1-decoder.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/spc-core.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/spc-init.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/spc-sanity.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/x509-asn1-decoder.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/x509-certpaths.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/x509-core.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/x509-init.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/x509-sanity.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/x509-verify.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/store.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/store-inmem.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/taf-asn1-decoder.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/taf-core.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/taf-init.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/crypto/taf-sanity.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/checksum/md2.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/checksum/md5.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/checksum/sha1.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/checksum/sha256.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/checksum/sha512.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/checksum/md2str.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/checksum/md5str.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/checksum/sha1str.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/checksum/sha256str.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/checksum/sha512str.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/err/errinfo.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/path/RTPathChangeToUnixSlashes.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/path/RTPathExt.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrPrintHexBytes.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/RTUtf16PrintHexBytes.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/RTUtf16ICmpAscii.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strstrip.cpp \
+       \
+        $(VBOX_PATH_RUNTIME_SRC)/common/err/errmsg.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/math/bignum.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/misc/RTAssertMsg1Weak.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/misc/RTAssertMsg2Weak.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/misc/RTAssertMsg2WeakV.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/memchr.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/memcmp.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/memcpy.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/memmove.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/mempcpy.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/memset.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrCat.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrCmp.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrCopy.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrNCmp.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrNLen.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strchr.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strcmp.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strcpy.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strformat.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strformatrt.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strformattype.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/stringalloc.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strlen.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strncmp.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strncpy.asm \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strprintf.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/strtonum.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/utf-16.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/utf-8.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/utf-8-case.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/unidata-upper.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/string/unidata-lower.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/common/time/time.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/generic/RTAssertShouldPanic-generic.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/generic/memsafer-generic.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/generic/uuid-generic.cpp \
+ SUPR3HardenedStatic_SOURCES.win += \
+        win/SUPR3HardenedNoCrt-win.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/nt/RTErrConvertFromNtStatus.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/win/RTErrConvertFromWin32.cpp \
+        $(VBOX_PATH_RUNTIME_SRC)/win/errmsgwin.cpp
+ # Add necessary compiler specific files from libcmt.lib and the lib dir.
+ ifeq ($(KBUILD_TARGET),win)
+   SUPR3HardenedStatic_VBOX_LIBC_OBJS = chkstk.obj
+   ifeq ($(KBUILD_TARGET_ARCH),x86)
+    SUPR3HardenedStatic_VBOX_LIBC_OBJS += alloca16.obj
+   endif
+  SUPR3HardenedStatic_SOURCES.win += $(addprefix $(SUPR3HardenedStatic_0_OUTDIR)/,$(SUPR3HardenedStatic_VBOX_LIBC_OBJS))
+  $(addprefix $$(SUPR3HardenedStatic_0_OUTDIR)/,$(SUPR3HardenedStatic_VBOX_LIBC_OBJS)): \
+                $$(PATH_TOOL_$(TEMPLATE_VBOXR3EXE_TOOL.win.$(KBUILD_TARGET_ARCH))_LIB)/libcmt.lib | $$(dir $$@)
+        $(TOOL_$(TEMPLATE_VBOXR3HARDENEDEXE_TOOL.win.$(KBUILD_TARGET_ARCH))_AR) "$<" \
+                /EXTRACT:`$(TOOL_$(TEMPLATE_VBOXR3HARDENEDEXE_TOOL.win.$(KBUILD_TARGET_ARCH))_AR) "$<" /LIST \
+                          | $(SED_EXT) -n -e '/$(notdir $@)/p'` \
+                "/OUT:$@"
+ endif
+endif
+#
+# VBoxSupLib - Windows DLL for catching thread creation and termination.
+#
+VBoxSupLib_TEMPLATE = $(if "$(KBUILD_TARGET)" == "win",VBOXR3HARDENEDLIB,VBOXR3)
+VBoxSupLib_LDFLAGS.win.amd64 = -Entry:DllMainEntrypoint
+VBoxSupLib_LDFLAGS.win.x86   = -Entry:DllMainEntrypoint
+VBoxSupLib_DEFS = \
+        $(if $(VBOX_WITHOUT_DEBUGGER_CHECKS),VBOX_WITHOUT_DEBUGGER_CHECKS,)
+VBoxSupLib_SOURCES = \
+        $(KBUILD_TARGET)/VBoxSupLib-$(KBUILD_TARGET).cpp
+VBoxSupLib_LIBS.win = \
+        $(SUPR3HardenedStatic_1_INS_TARGET)
+#
 …
  VBoxDrv_DEBUG_INST.darwin= $(patsubst %/,%,$(INST_VBOXDRV))
  VBoxDrv_SDKS.win         = ReorderCompilerIncs $(VBOX_WINDDK) $(VBOX_WINPSDK)INCS
+ ifdef VBOX_WITH_HARDENING
+  VBoxDrv_SDKS.win       += VBoxOpenSslHardened
+ endif
  VBoxDrv_DEFS            := IN_RT_R0 IN_SUP_R0 SUPDRV_WITH_RELEASE_LOGGER VBOX_SVN_REV=$(VBOX_SVN_REV)
  ifdef VBOX_WITH_DTRACE_R0DRV
   VBoxDrv_DEFS           += VBOX_WITH_DTRACE VBOX_WITH_DTRACE_R0DRV
+ endif
+ ifdef VBOX_WITHOUT_DEBUGGER_CHECKS
+  VBoxDrv_DEFS           += VBOX_WITHOUT_DEBUGGER_CHECKS
  endif
  #VBoxDrv_DEFS.debug      += DEBUG_DARWIN_GIP
 …
   VBoxDrv_DEFS.win       += VBOX_WITHOUT_NATIVE_R0_LOADER
  endif
+ ifdef VBOX_WITH_VISTA_NO_SP
+  VBoxDrv_DEFS.win       += VBOX_WITH_VISTA_NO_SP
+ endif
  VBoxDrv_INCS             = . $(VBoxDrv_0_OUTDIR)
 …
  VBoxDrv_LIBS.linux.debug = $(VBoxDrv_LIBS) $(VBOX_GCC_LIBGCC)
  VBoxDrv_LIBS.win         = \
+        $(PATH_STAGE_LIB)/RuntimeR0Drv$(VBOX_SUFF_LIB) \
         $(PATH_SDK_$(VBOX_WINDDK)_LIB)/ntoskrnl.lib \
+        $(PATH_SDK_$(VBOX_WINDDK)_LIB)/hal.lib \
+        $(PATH_STAGE_LIB)/RuntimeR0Drv$(VBOX_SUFF_LIB)
+        $(PATH_SDK_$(VBOX_WINDDK)_LIB)/hal.lib
  #VBoxDrv_LDFLAGS.darwin    = -v -Wl,-whyload -Wl,-v -Wl,-whatsloaded
 …
         win/SUPDrvA-win.asm \
         win/VBoxDrv.rc
+ ifdef VBOX_WITH_HARDENING
+  VBoxDrv_SOURCES.win    += \
+        win/SUPHardenedVerifyImage-win.cpp \
+        win/SUPHardenedVerifyProcess-win.cpp \
+        $(VBOX_SUP_WIN_CERTS_FILE)
+ endif
  VBoxDrv_SOURCES          = \
         SUPDrv.d \

trunk/src/VBox/HostDrivers/Support/SUPDrv.c

-              r51718
+              r51770
      * Initialize it.
      */
+    memset(pDevExt, 0, sizeof(*pDevExt));
+    memset(pDevExt, 0, sizeof(*pDevExt)); /* Does not wipe OS specific tail section of the structure. */
+    pDevExt->Spinlock = NIL_RTSPINLOCK;
+    pDevExt->hGipSpinlock = NIL_RTSPINLOCK;
+    pDevExt->hSessionHashTabSpinlock = NIL_RTSPINLOCK;
     rc = RTSpinlockCreate(&pDevExt->Spinlock, RTSPINLOCK_FLAGS_INTERRUPT_SAFE, "SUPDrvDevExt");
     if (RT_SUCCESS(rc))
+    {
         rc = RTSpinlockCreate(&pDevExt->hGipSpinlock, RTSPINLOCK_FLAGS_INTERRUPT_SAFE, "SUPDrvGip");
+    if (RT_SUCCESS(rc))
+        rc = RTSpinlockCreate(&pDevExt->hSessionHashTabSpinlock, RTSPINLOCK_FLAGS_INTERRUPT_SAFE, "SUPDrvSession");
+    if (RT_SUCCESS(rc))
+#ifdef SUPDRV_USE_MUTEX_FOR_LDR
+        rc = RTSemMutexCreate(&pDevExt->mtxLdr);
+#else
+        rc = RTSemFastMutexCreate(&pDevExt->mtxLdr);
+#endif
+    if (RT_SUCCESS(rc))
+    {
+        rc = RTSemFastMutexCreate(&pDevExt->mtxComponentFactory);
         if (RT_SUCCESS(rc))
+        {
 #ifdef SUPDRV_USE_MUTEX_FOR_LDR
             rc = RTSemMutexCreate(&pDevExt->mtxLdr);
+            rc = RTSemMutexCreate(&pDevExt->mtxGip);
 #else
             rc = RTSemFastMutexCreate(&pDevExt->mtxLdr);
+            rc = RTSemFastMutexCreate(&pDevExt->mtxGip);
 #endif
             if (RT_SUCCESS(rc))
+            {
                 rc = RTSemFastMutexCreate(&pDevExt->mtxComponentFactory);
+                rc = supdrvGipCreate(pDevExt);
                 if (RT_SUCCESS(rc))
+                {
+#ifdef SUPDRV_USE_MUTEX_FOR_LDR
+                    rc = RTSemMutexCreate(&pDevExt->mtxGip);
+#else
+                    rc = RTSemFastMutexCreate(&pDevExt->mtxGip);
+#endif
+                    rc = supdrvTracerInit(pDevExt);
                     if (RT_SUCCESS(rc))
+                    {
+                        rc = supdrvGipCreate(pDevExt);
+                        if (RT_SUCCESS(rc))
+                        {
+                            rc = supdrvTracerInit(pDevExt);
+                            if (RT_SUCCESS(rc))
+                            {
+                                pDevExt->pLdrInitImage  = NULL;
+                                pDevExt->hLdrInitThread = NIL_RTNATIVETHREAD;
+                                pDevExt->u32Cookie      = BIRD;  /** @todo make this random? */
+                                pDevExt->cbSession      = (uint32_t)cbSession;
+                                /*
+                                 * Fixup the absolute symbols.
+                                 *
+                                 * Because of the table indexing assumptions we'll have a little #ifdef orgy
+                                 * here rather than distributing this to OS specific files. At least for now.
+                                 */
+                        pDevExt->pLdrInitImage  = NULL;
+                        pDevExt->hLdrInitThread = NIL_RTNATIVETHREAD;
+                        pDevExt->u32Cookie      = BIRD;  /** @todo make this random? */
+                        pDevExt->cbSession      = (uint32_t)cbSession;
+                        /*
+                         * Fixup the absolute symbols.
+                         *
+                         * Because of the table indexing assumptions we'll have a little #ifdef orgy
+                         * here rather than distributing this to OS specific files. At least for now.
+                         */
 #ifdef RT_OS_DARWIN
 # if ARCH_BITS == 32
                                 if (SUPR0GetPagingMode() >= SUPPAGINGMODE_AMD64)
+                                {
                                     g_aFunctions[0].pfn = (void *)1;                    /* SUPR0AbsIs64bit */
                                     g_aFunctions[1].pfn = (void *)0x80;                 /* SUPR0Abs64bitKernelCS - KERNEL64_CS, seg.h */
                                     g_aFunctions[2].pfn = (void *)0x88;                 /* SUPR0Abs64bitKernelSS - KERNEL64_SS, seg.h */
                                     g_aFunctions[3].pfn = (void *)0x88;                 /* SUPR0Abs64bitKernelDS - KERNEL64_SS, seg.h */
+                                }
                                 else
                                     g_aFunctions[0].pfn = g_aFunctions[1].pfn = g_aFunctions[2].pfn = g_aFunctions[4].pfn = (void *)0;
                                 g_aFunctions[4].pfn = (void *)0x08;                     /* SUPR0AbsKernelCS - KERNEL_CS, seg.h */
                                 g_aFunctions[5].pfn = (void *)0x10;                     /* SUPR0AbsKernelSS - KERNEL_DS, seg.h */
                                 g_aFunctions[6].pfn = (void *)0x10;                     /* SUPR0AbsKernelDS - KERNEL_DS, seg.h */
                                 g_aFunctions[7].pfn = (void *)0x10;                     /* SUPR0AbsKernelES - KERNEL_DS, seg.h */
                                 g_aFunctions[8].pfn = (void *)0x10;                     /* SUPR0AbsKernelFS - KERNEL_DS, seg.h */
                                 g_aFunctions[9].pfn = (void *)0x48;                     /* SUPR0AbsKernelGS - CPU_DATA_GS, seg.h */
+                        if (SUPR0GetPagingMode() >= SUPPAGINGMODE_AMD64)
+                        {
+                            g_aFunctions[0].pfn = (void *)1;                    /* SUPR0AbsIs64bit */
+                            g_aFunctions[1].pfn = (void *)0x80;                 /* SUPR0Abs64bitKernelCS - KERNEL64_CS, seg.h */
+                            g_aFunctions[2].pfn = (void *)0x88;                 /* SUPR0Abs64bitKernelSS - KERNEL64_SS, seg.h */
+                            g_aFunctions[3].pfn = (void *)0x88;                 /* SUPR0Abs64bitKernelDS - KERNEL64_SS, seg.h */
+                        }
+                        else
+                            g_aFunctions[0].pfn = g_aFunctions[1].pfn = g_aFunctions[2].pfn = g_aFunctions[4].pfn = (void *)0;
+                        g_aFunctions[4].pfn = (void *)0x08;                     /* SUPR0AbsKernelCS - KERNEL_CS, seg.h */
+                        g_aFunctions[5].pfn = (void *)0x10;                     /* SUPR0AbsKernelSS - KERNEL_DS, seg.h */
+                        g_aFunctions[6].pfn = (void *)0x10;                     /* SUPR0AbsKernelDS - KERNEL_DS, seg.h */
+                        g_aFunctions[7].pfn = (void *)0x10;                     /* SUPR0AbsKernelES - KERNEL_DS, seg.h */
+                        g_aFunctions[8].pfn = (void *)0x10;                     /* SUPR0AbsKernelFS - KERNEL_DS, seg.h */
+                        g_aFunctions[9].pfn = (void *)0x48;                     /* SUPR0AbsKernelGS - CPU_DATA_GS, seg.h */
 # else /* 64-bit darwin: */
                                 g_aFunctions[0].pfn = (void *)1;                        /* SUPR0AbsIs64bit */
                                 g_aFunctions[1].pfn = (void *)(uintptr_t)ASMGetCS();    /* SUPR0Abs64bitKernelCS */
                                 g_aFunctions[2].pfn = (void *)(uintptr_t)ASMGetSS();    /* SUPR0Abs64bitKernelSS */
                                 g_aFunctions[3].pfn = (void *)0;                        /* SUPR0Abs64bitKernelDS */
                                 g_aFunctions[4].pfn = (void *)(uintptr_t)ASMGetCS();    /* SUPR0AbsKernelCS */
                                 g_aFunctions[5].pfn = (void *)(uintptr_t)ASMGetSS();    /* SUPR0AbsKernelSS */
                                 g_aFunctions[6].pfn = (void *)0;                        /* SUPR0AbsKernelDS */
                                 g_aFunctions[7].pfn = (void *)0;                        /* SUPR0AbsKernelES */
                                 g_aFunctions[8].pfn = (void *)0;                        /* SUPR0AbsKernelFS */
                                 g_aFunctions[9].pfn = (void *)0;                        /* SUPR0AbsKernelGS */
+                        g_aFunctions[0].pfn = (void *)1;                        /* SUPR0AbsIs64bit */
+                        g_aFunctions[1].pfn = (void *)(uintptr_t)ASMGetCS();    /* SUPR0Abs64bitKernelCS */
+                        g_aFunctions[2].pfn = (void *)(uintptr_t)ASMGetSS();    /* SUPR0Abs64bitKernelSS */
+                        g_aFunctions[3].pfn = (void *)0;                        /* SUPR0Abs64bitKernelDS */
+                        g_aFunctions[4].pfn = (void *)(uintptr_t)ASMGetCS();    /* SUPR0AbsKernelCS */
+                        g_aFunctions[5].pfn = (void *)(uintptr_t)ASMGetSS();    /* SUPR0AbsKernelSS */
+                        g_aFunctions[6].pfn = (void *)0;                        /* SUPR0AbsKernelDS */
+                        g_aFunctions[7].pfn = (void *)0;                        /* SUPR0AbsKernelES */
+                        g_aFunctions[8].pfn = (void *)0;                        /* SUPR0AbsKernelFS */
+                        g_aFunctions[9].pfn = (void *)0;                        /* SUPR0AbsKernelGS */
 # endif
 #else  /* !RT_OS_DARWIN */
 # if ARCH_BITS == 64
                                 g_aFunctions[0].pfn = (void *)1;                        /* SUPR0AbsIs64bit */
                                 g_aFunctions[1].pfn = (void *)(uintptr_t)ASMGetCS();    /* SUPR0Abs64bitKernelCS */
                                 g_aFunctions[2].pfn = (void *)(uintptr_t)ASMGetSS();    /* SUPR0Abs64bitKernelSS */
                                 g_aFunctions[3].pfn = (void *)(uintptr_t)ASMGetDS();    /* SUPR0Abs64bitKernelDS */
+                        g_aFunctions[0].pfn = (void *)1;                        /* SUPR0AbsIs64bit */
+                        g_aFunctions[1].pfn = (void *)(uintptr_t)ASMGetCS();    /* SUPR0Abs64bitKernelCS */
+                        g_aFunctions[2].pfn = (void *)(uintptr_t)ASMGetSS();    /* SUPR0Abs64bitKernelSS */
+                        g_aFunctions[3].pfn = (void *)(uintptr_t)ASMGetDS();    /* SUPR0Abs64bitKernelDS */
 # else
                                 g_aFunctions[0].pfn = g_aFunctions[1].pfn = g_aFunctions[2].pfn = g_aFunctions[4].pfn = (void *)0;
+                        g_aFunctions[0].pfn = g_aFunctions[1].pfn = g_aFunctions[2].pfn = g_aFunctions[4].pfn = (void *)0;
 # endif
                                 g_aFunctions[4].pfn = (void *)(uintptr_t)ASMGetCS();    /* SUPR0AbsKernelCS */
                                 g_aFunctions[5].pfn = (void *)(uintptr_t)ASMGetSS();    /* SUPR0AbsKernelSS */
                                 g_aFunctions[6].pfn = (void *)(uintptr_t)ASMGetDS();    /* SUPR0AbsKernelDS */
                                 g_aFunctions[7].pfn = (void *)(uintptr_t)ASMGetES();    /* SUPR0AbsKernelES */
                                 g_aFunctions[8].pfn = (void *)(uintptr_t)ASMGetFS();    /* SUPR0AbsKernelFS */
                                 g_aFunctions[9].pfn = (void *)(uintptr_t)ASMGetGS();    /* SUPR0AbsKernelGS */
+                        g_aFunctions[4].pfn = (void *)(uintptr_t)ASMGetCS();    /* SUPR0AbsKernelCS */
+                        g_aFunctions[5].pfn = (void *)(uintptr_t)ASMGetSS();    /* SUPR0AbsKernelSS */
+                        g_aFunctions[6].pfn = (void *)(uintptr_t)ASMGetDS();    /* SUPR0AbsKernelDS */
+                        g_aFunctions[7].pfn = (void *)(uintptr_t)ASMGetES();    /* SUPR0AbsKernelES */
+                        g_aFunctions[8].pfn = (void *)(uintptr_t)ASMGetFS();    /* SUPR0AbsKernelFS */
+                        g_aFunctions[9].pfn = (void *)(uintptr_t)ASMGetGS();    /* SUPR0AbsKernelGS */
 #endif /* !RT_OS_DARWIN */
                                 return VINF_SUCCESS;
+                            }
                             supdrvGipDestroy(pDevExt);
+                        }
+                        return VINF_SUCCESS;
+                    }
+                    supdrvGipDestroy(pDevExt);
+                }
 #ifdef SUPDRV_USE_MUTEX_FOR_GIP
                         RTSemMutexDestroy(pDevExt->mtxGip);
                         pDevExt->mtxGip = NIL_RTSEMMUTEX;
+                RTSemMutexDestroy(pDevExt->mtxGip);
+                pDevExt->mtxGip = NIL_RTSEMMUTEX;
 #else
+                        RTSemFastMutexDestroy(pDevExt->mtxGip);
+                        pDevExt->mtxGip = NIL_RTSEMFASTMUTEX;
+#endif
+                    }
+                    RTSemFastMutexDestroy(pDevExt->mtxComponentFactory);
+                    pDevExt->mtxComponentFactory = NIL_RTSEMFASTMUTEX;
+                }
+#ifdef SUPDRV_USE_MUTEX_FOR_LDR
+                RTSemMutexDestroy(pDevExt->mtxLdr);
+                pDevExt->mtxLdr = NIL_RTSEMMUTEX;
+#else
+                RTSemFastMutexDestroy(pDevExt->mtxLdr);
+                pDevExt->mtxLdr = NIL_RTSEMFASTMUTEX;
+                RTSemFastMutexDestroy(pDevExt->mtxGip);
+                pDevExt->mtxGip = NIL_RTSEMFASTMUTEX;
 #endif
+            }
+            RTSpinlockDestroy(pDevExt->hGipSpinlock);
+            pDevExt->hGipSpinlock = NIL_RTSPINLOCK;
+        }
+        RTSpinlockDestroy(pDevExt->Spinlock);
+        pDevExt->Spinlock = NIL_RTSPINLOCK;
+    }
+            RTSemFastMutexDestroy(pDevExt->mtxComponentFactory);
+            pDevExt->mtxComponentFactory = NIL_RTSEMFASTMUTEX;
+        }
+#ifdef SUPDRV_USE_MUTEX_FOR_LDR
+        RTSemMutexDestroy(pDevExt->mtxLdr);
+        pDevExt->mtxLdr = NIL_RTSEMMUTEX;
+#else
+        RTSemFastMutexDestroy(pDevExt->mtxLdr);
+        pDevExt->mtxLdr = NIL_RTSEMFASTMUTEX;
+#endif
+    }
+    RTSpinlockDestroy(pDevExt->Spinlock);
+    pDevExt->Spinlock = NIL_RTSPINLOCK;
+    RTSpinlockDestroy(pDevExt->hGipSpinlock);
+    pDevExt->hGipSpinlock = NIL_RTSPINLOCK;
+    RTSpinlockDestroy(pDevExt->hSessionHashTabSpinlock);
+    pDevExt->hSessionHashTabSpinlock = NIL_RTSPINLOCK;
 #ifdef SUPDRV_WITH_RELEASE_LOGGER
     RTLogDestroy(RTLogRelSetDefaultInstance(NULL));
 …
     RTSemFastMutexDestroy(pDevExt->mtxComponentFactory);
     pDevExt->mtxComponentFactory = NIL_RTSEMFASTMUTEX;
+    RTSpinlockDestroy(pDevExt->hSessionHashTabSpinlock);
+    pDevExt->hSessionHashTabSpinlock = NIL_RTSPINLOCK;
     /*
 …
                 pSession->u32Cookie         = BIRD_INV;
                 pSession->fUnrestricted     = fUnrestricted;
+                /*pSession->fInHashTable      = false; */
                 pSession->cRefs             = 1;
+                /*pSession->pLdrUsage         = NULL;
+                pSession->pVM               = NULL;
+                pSession->pUsage            = NULL;
+                pSession->pGip              = NULL;
+                pSession->fGipReferenced    = false;
+                pSession->Bundle.cUsed      = 0; */
+                pSession->Uid               = NIL_RTUID;
+                pSession->Gid               = NIL_RTGID;
+                /*pSession->pCommonNextHash   = NULL;
+                pSession->ppOsSessionPtr    = NULL; */
                 if (fUser)
+                {
 …
                     pSession->R0Process     = NIL_RTR0PROCESS;
+                }
+                /*pSession->pLdrUsage         = NULL;
+                pSession->pVM               = NULL;
+                pSession->pUsage            = NULL;
+                pSession->pGip              = NULL;
+                pSession->fGipReferenced    = false;
+                pSession->Bundle.cUsed      = 0; */
+                pSession->Uid               = NIL_RTUID;
+                pSession->Gid               = NIL_RTGID;
                 /*pSession->uTracerData       = 0;*/
                 pSession->hTracerCaller     = NIL_RTNATIVETHREAD;
 …
 /**
+ * Shared code for cleaning up a session (but not quite freeing it).
+ *
+ * This is primarily intended for MAC OS X where we have to clean up the memory
+ * stuff before the file handle is closed.
+ *
+ * @param   pDevExt     Device extension.
+ * Cleans up the session in the context of the process to which it belongs, the
+ * caller will free the session and the session spinlock.
+ *
+ * This should normally occur when the session is closed or as the process
+ * exits.  Careful reference counting in the OS specfic code makes sure that
+ * there cannot be any races between process/handle cleanup callbacks and
+ * threads doing I/O control calls.
+ *
+ * @param   pDevExt     The device extension.
  * @param   pSession    Session data.
- *                      This data will be freed by this routine.
  */
 static void supdrvCleanupSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
 …
     PSUPDRVBUNDLE       pBundle;
     LogFlow(("supdrvCleanupSession: pSession=%p\n", pSession));
+    Assert(!pSession->fInHashTable);
+    Assert(!pSession->ppOsSessionPtr);
+    AssertReleaseMsg(pSession->R0Process == RTR0ProcHandleSelf() || pSession->R0Process == NIL_RTR0PROCESS,
+                     ("R0Process=%p cur=%p; Process=%u curpid=%u\n", RTR0ProcHandleSelf(), RTProcSelf()));
     /*
 …
 /**
  * Shared code for cleaning up a session.
+ * Common code for freeing a session when the reference count reaches zero.
+ *
  * @param   pDevExt     Device extension.
 …
  *                      This data will be freed by this routine.
  */
 static void supdrvCloseSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
+static void supdrvDestroySession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
+{
     VBOXDRV_SESSION_CLOSE(pSession);
 …
      */
     supdrvCleanupSession(pDevExt, pSession);
+    supdrvOSCleanupSession(pDevExt, pSession);
     /*
 …
     pSession->pDevExt = NULL;
     RTMemFree(pSession);
+    LogFlow(("supdrvCloseSession: returns\n"));
+    LogFlow(("supdrvDestroySession: returns\n"));
+}
+/**
+ * Inserts the session into the global hash table.
+ *
+ * @retval  VINF_SUCCESS on success.
+ * @retval  VERR_WRONG_ORDER if the session was already inserted (asserted).
+ * @retval  VERR_INVALID_PARAMETER if the session handle is invalid or a ring-0
+ *          session (asserted).
+ * @retval  VERR_DUPLICATE if there is already a session for that pid.
+ *
+ * @param   pDevExt         The device extension.
+ * @param   pSession        The session.
+ * @param   ppOsSessionPtr  Pointer to the OS session pointer, if any is
+ *                          available and used.  This will set to point to the
+ *                          session while under the protection of the session
+ *                          hash table spinlock.  It will also be kept in
+ *                          PSUPDRVSESSION::ppOsSessionPtr for lookup and
+ *                          cleanup use.
+ * @param   pvUser          Argument for supdrvOSSessionHashTabInserted.
+ */
+int VBOXCALL supdrvSessionHashTabInsert(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPDRVSESSION *ppOsSessionPtr,
+                                        void *pvUser)
+{
+    PSUPDRVSESSION  pCur;
+    unsigned        iHash;
+    /*
+     * Validate input.
+     */
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    AssertReturn(pSession->R0Process != NIL_RTR0PROCESS, VERR_INVALID_PARAMETER);
+    /*
+     * Calculate the hash table index and acquire the spinlock.
+     */
+    iHash = SUPDRV_SESSION_HASH(pSession->Process);
+    RTSpinlockAcquire(pDevExt->hSessionHashTabSpinlock);
+    /*
+     * If there are a collisions, we need to carefully check if we got a
+     * duplicate.  There can only be one open session per process.
+     */
+    pCur = pDevExt->apSessionHashTab[iHash];
+    if (pCur)
+    {
+        while (pCur && pCur->Process != pSession->Process)
+            pCur = pCur->pCommonNextHash;
+        if (pCur)
+        {
+            RTSpinlockRelease(pDevExt->hSessionHashTabSpinlock);
+            if (pCur == pSession)
+            {
+                Assert(pSession->fInHashTable);
+                AssertFailed();
+                return VERR_WRONG_ORDER;
+            }
+            Assert(!pSession->fInHashTable);
+            if (pCur->R0Process == pSession->R0Process)
+                return VERR_RESOURCE_IN_USE;
+            return VERR_DUPLICATE;
+        }
+    }
+    Assert(!pSession->fInHashTable);
+    Assert(!pSession->ppOsSessionPtr);
+    /*
+     * Insert it, doing a callout to the OS specific code in case it has
+     * anything it wishes to do while we're holding the spinlock.
+     */
+    pSession->pCommonNextHash = pDevExt->apSessionHashTab[iHash];
+    pDevExt->apSessionHashTab[iHash] = pSession;
+    pSession->fInHashTable    = true;
+    ASMAtomicIncS32(&pDevExt->cSessions);
+    pSession->ppOsSessionPtr = ppOsSessionPtr;
+    if (ppOsSessionPtr)
+        ASMAtomicWritePtr(ppOsSessionPtr, pSession);
+    supdrvOSSessionHashTabInserted(pDevExt, pSession, pvUser);
+    /*
+     * Retain a reference for the pointer in the session table.
+     */
+    ASMAtomicIncU32(&pSession->cRefs);
+    RTSpinlockRelease(pDevExt->hSessionHashTabSpinlock);
+    return VINF_SUCCESS;
+}
+/**
+ * Removes the session from the global hash table.
+ *
+ * @retval  VINF_SUCCESS on success.
+ * @retval  VERR_NOT_FOUND if the session was already removed (asserted).
+ * @retval  VERR_INVALID_PARAMETER if the session handle is invalid or a ring-0
+ *          session (asserted).
+ *
+ * @param   pDevExt     The device extension.
+ * @param   pSession    The session. The caller is expected to have a reference
+ *                      to this so it won't croak on us when we release the hash
+ *                      table reference.
+ * @param   pvUser      OS specific context value for the
+ *                      supdrvOSSessionHashTabInserted callback.
+ */
+int VBOXCALL supdrvSessionHashTabRemove(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    PSUPDRVSESSION  pCur;
+    unsigned        iHash;
+    int32_t         cRefs;
+    /*
+     * Validate input.
+     */
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    AssertReturn(pSession->R0Process != NIL_RTR0PROCESS, VERR_INVALID_PARAMETER);
+    /*
+     * Calculate the hash table index and acquire the spinlock.
+     */
+    iHash = SUPDRV_SESSION_HASH(pSession->Process);
+    RTSpinlockAcquire(pDevExt->hSessionHashTabSpinlock);
+    /*
+     * Unlink it.
+     */
+    pCur = pDevExt->apSessionHashTab[iHash];
+    if (pCur == pSession)
+        pDevExt->apSessionHashTab[iHash] = pSession->pCommonNextHash;
+    else
+    {
+        PSUPDRVSESSION pPrev = pCur;
+        while (pCur && pCur != pSession)
+        {
+            pPrev = pCur;
+            pCur  = pCur->pCommonNextHash;
+        }
+        if (pCur)
+            pPrev->pCommonNextHash = pCur->pCommonNextHash;
+        else
+        {
+            Assert(!pSession->fInHashTable);
+            RTSpinlockRelease(pDevExt->hSessionHashTabSpinlock);
+            return VERR_NOT_FOUND;
+        }
+    }
+    pSession->pCommonNextHash = NULL;
+    pSession->fInHashTable    = false;
+    ASMAtomicDecU32(&pDevExt->cSessions);
+    /*
+     * Clear OS specific session pointer if available and do the OS callback.
+     */
+    if (pSession->ppOsSessionPtr)
+    {
+        ASMAtomicCmpXchgPtr(pSession->ppOsSessionPtr, NULL, pSession);
+        pSession->ppOsSessionPtr = NULL;
+    }
+    supdrvOSSessionHashTabRemoved(pDevExt, pSession, pvUser);
+    RTSpinlockRelease(pDevExt->hSessionHashTabSpinlock);
+    /*
+     * Drop the reference the hash table had to the session.  This shouldn't
+     * be the last reference!
+     */
+    cRefs = ASMAtomicDecU32(&pSession->cRefs);
+    Assert(cRefs > 0 && cRefs < _1M);
+    if (cRefs == 0)
+        supdrvDestroySession(pDevExt, pSession);
+    return VINF_SUCCESS;
+}
+/**
+ * Looks up the session for the current process in the global hash table or in
+ * OS specific pointer.
+ *
+ * @returns Pointer to the session with a reference that the caller must
+ *          release.  If no valid session was found, NULL is returned.
+ *
+ * @param   pDevExt         The device extension.
+ * @param   Process         The process ID.
+ * @param   R0Process       The ring-0 process handle.
+ * @param   ppOsSessionPtr  The OS session pointer if available.  If not NULL,
+ *                          this is used instead of the hash table.  For
+ *                          additional safety it must then be equal to the
+ *                          SUPDRVSESSION::ppOsSessionPtr member.
+ *                          This can be NULL even if the OS has a session
+ *                          pointer.
+ */
+PSUPDRVSESSION VBOXCALL supdrvSessionHashTabLookup(PSUPDRVDEVEXT pDevExt, RTPROCESS Process, RTR0PROCESS R0Process,
+                                                   PSUPDRVSESSION *ppOsSessionPtr)
+{
+    PSUPDRVSESSION  pCur;
+    unsigned        iHash;
+    /*
+     * Validate input.
+     */
+    AssertReturn(R0Process != NIL_RTR0PROCESS, NULL);
+    /*
+     * Calculate the hash table index and acquire the spinlock.
+     */
+    iHash = SUPDRV_SESSION_HASH(Process);
+    RTSpinlockAcquire(pDevExt->hSessionHashTabSpinlock);
+    /*
+     * If an OS session pointer is provided, always use it.
+     */
+    if (ppOsSessionPtr)
+    {
+        pCur = *ppOsSessionPtr;
+        if (   pCur
+            && (   pCur->ppOsSessionPtr != ppOsSessionPtr
+                || pCur->Process        != Process
+                || pCur->R0Process      != R0Process) )
+            pCur = NULL;
+    }
+    else
+    {
+        /*
+         * Otherwise, do the hash table lookup.
+         */
+        pCur = pDevExt->apSessionHashTab[iHash];
+        while (   pCur
+               && (   pCur->Process   != Process
+                   || pCur->R0Process != R0Process) )
+            pCur = pCur->pCommonNextHash;
+    }
+    /*
+     * Retain the session.
+     */
+    if (pCur)
+    {
+        uint32_t cRefs = ASMAtomicIncU32(&pCur->cRefs);
+        Assert(cRefs > 1 && cRefs < _1M);
+    }
+    RTSpinlockRelease(pDevExt->hSessionHashTabSpinlock);
+    return pCur;
+}
 …
     AssertMsg(cRefs < _1M, ("%#x %p\n", cRefs, pSession));
     if (cRefs == 0)
         supdrvCloseSession(pSession->pDevExt, pSession);
+        supdrvDestroySession(pSession->pDevExt, pSession);
     return cRefs;
+}

trunk/src/VBox/HostDrivers/Support/SUPDrvInternal.h

-              r49965
+              r51770
 #       define _interlockedbittestandreset64  _interlockedbittestandreset64_StupidDDKVsCompilerCrap
 #       pragma warning(disable : 4163)
 #       include <ntddk.h>
+#       include <iprt/nt/nt.h>
 #       pragma warning(default : 4163)
 #       undef  _InterlockedExchange
 …
 #       undef  _interlockedbittestandreset64
 #   else
 #       include <ntddk.h>
+#       include <iprt/nt/nt.h>
 #   endif
 #   include <memory.h>
 …
  */
 #define OSDBGPRINT(a) SUPR0Printf a
+/** Debug printf macro shared with the ring-3 part. */
+#ifdef DEBUG_bird
+# define SUP_DPRINTF(a) SUPR0Printf a
+#else
+# define SUP_DPRINTF(a) do { } while (0)
+#endif
 …
     /** Set if is an unrestricted session, clear if restricted. */
     bool                            fUnrestricted;
+    /* Reference counter. */
+    /** Set if we're in the hash table, clear if not.  Protected by the hash
+     * table spinlock. */
+    bool                            fInHashTable;
+    /** Reference counter. */
     uint32_t volatile               cRefs;
+    /** Pointer to the next session with the same hash (common hash table).
+     *  Protected by the hash table spinlock. */
+    PSUPDRVSESSION                  pCommonNextHash;
+    /** Pointer to the OS specific session pointer, if available and in use.
+     * This is atomically set and cleared as the session is inserted and removed
+     * from the hash table (protected by the session hash table spinlock). */
+    PSUPDRVSESSION                 *ppOsSessionPtr;
+    /** The process (id) of the session. */
+    RTPROCESS                       Process;
+    /** Which process this session is associated with.
+     * This is NIL_RTR0PROCESS for kernel sessions and valid for user ones. */
+    RTR0PROCESS                     R0Process;
     /** The VM associated with the session. */
 …
     PSUPDRVLDRUSAGE volatile        pLdrUsage;
+    /** Spinlock protecting the bundles and the GIP members. */
+    /** Spinlock protecting the bundles, the GIP members and the
+     * fProcessCleanupDone flag.  It continues to be valid until the last
+     * reference to the session is released. */
     RTSPINLOCK                      Spinlock;
     /** The ring-3 mapping of the GIP (readonly). */
 …
     /** The group id of the session. (Set by the OS part.) */
     RTGID                           Gid;
-    /** The process (id) of the session. */
-    RTPROCESS                       Process;
-    /** Which process this session is associated with.
-     * This is NIL_RTR0PROCESS for kernel sessions and valid for user ones. */
-    RTR0PROCESS                     R0Process;
     /** Per session tracer specfic data. */
     uintptr_t                       uTracerData;
 …
     PSUPDRVSESSION                  pNextHash;
 # endif
+# if defined(RT_OS_WINDOWS) && defined(VBOX_WITH_HARDENING)
+    /** Pointer to the process protection structure for this session. */
+    struct SUPDRVNTPROTECT         *pNtProtect;
+# endif
 #endif /* !SUPDRV_AGNOSTIC */
 } SUPDRVSESSION;
 …
     RTLISTANCHOR                    aTrackerUmodHash[128];
+    /** @name Session Handle Table.
+     * @{ */
+    /** Spinlock protecting apSessionHashTab, cSessions,
+     * SUPDRVSESSION::ppOsSessionPtr, SUPDRVSESSION::pCommonNextHash, and possibly
+     * others depending on the OS. */
+    RTSPINLOCK                      hSessionHashTabSpinlock;
+    /** Session hash table hash table.  The size of this table must make sense in
+     * comparison to GVMM_MAX_HANDLES. */
+    PSUPDRVSESSION                  apSessionHashTab[HC_ARCH_BITS == 64 ? 8191 : 127];
+    /** The number of open sessions. */
+    int32_t                         cSessions;
+    /** @} */
     /*
      * Note! The non-agnostic bits must be a the very end of the structure!
+     * Note! The non-agnostic bits must be at the very end of the structure!
      */
 #ifndef SUPDRV_AGNOSTIC
 …
 } SUPDRVDEVEXT;
+/** Calculates the index into g_apSessionHashTab.*/
+#define SUPDRV_SESSION_HASH(a_pid)     ( (a_pid) % RT_ELEMENTS(((SUPDRVDEVEXT *)NULL)->apSessionHashTab) )
 RT_C_DECLS_BEGIN
 …
 *   OS Specific Functions                                                      *
 *******************************************************************************/
+/**
+ * Called to clean up the session structure before it's freed.
+ *
+ * @param   pDevExt             The device globals.
+ * @param   pSession            The session that's being cleaned up.
+ */
+void VBOXCALL   supdrvOSCleanupSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession);
+/**
+ * Called to let the OS specfic code perform additional insertion work while
+ * still under the protection of the hash table spinlock.
+ *
+ * @param   pDevExt             The device globals.
+ * @param   pSession            The session that was inserted.
+ * @param   pvUser              User context specified to the insert call.
+ */
+void VBOXCALL   supdrvOSSessionHashTabInserted(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser);
+/**
+ * Called to let the OS specfic code perform additional removal work while still
+ * under the protection of the hash table spinlock.
+ *
+ * @param   pDevExt             The device globals.
+ * @param   pSession            The session that was removed.
+ * @param   pvUser              User context specified to the remove call.
+ */
+void VBOXCALL   supdrvOSSessionHashTabRemoved(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser);
 void VBOXCALL   supdrvOSObjInitCreator(PSUPDRVOBJ pObj, PSUPDRVSESSION pSession);
 bool VBOXCALL   supdrvOSObjCanAccess(PSUPDRVOBJ pObj, PSUPDRVSESSION pSession, const char *pszObjName, int *prc);
 …
 void VBOXCALL   supdrvDeleteDevExt(PSUPDRVDEVEXT pDevExt);
 int  VBOXCALL   supdrvCreateSession(PSUPDRVDEVEXT pDevExt, bool fUser, bool fUnrestricted,  PSUPDRVSESSION *ppSession);
+int  VBOXCALL   supdrvSessionHashTabInsert(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPDRVSESSION *ppOsSessionPtr, void *pvUser);
+int  VBOXCALL   supdrvSessionHashTabRemove(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser);
+PSUPDRVSESSION VBOXCALL supdrvSessionHashTabLookup(PSUPDRVDEVEXT pDevExt, RTPROCESS Process, RTR0PROCESS R0Process,
+                                                   PSUPDRVSESSION *ppOsSessionPtr);
 uint32_t VBOXCALL supdrvSessionRetain(PSUPDRVSESSION pSession);
 uint32_t VBOXCALL supdrvSessionRelease(PSUPDRVSESSION pSession);

trunk/src/VBox/HostDrivers/Support/SUPLib.cpp

-              r49965
+              r51770
      * Verify that the image file and parent directories are sane.
      */
     rc = supR3HardenedVerifyFile(szExecPath, RTHCUINTPTR_MAX, pErrInfo);
+    rc = supR3HardenedVerifyFile(szExecPath, RTHCUINTPTR_MAX, false /*fMaybe3rdParty*/, pErrInfo);
     if (RT_FAILURE(rc))
         return rc;
 …
      */
 #ifdef VBOX_WITH_HARDENING
     int rc = supR3HardenedVerifyFile(pszFilename, RTHCUINTPTR_MAX, pErrInfo);
+    int rc = supR3HardenedVerifyFile(pszFilename, RTHCUINTPTR_MAX, true /*fMaybe3rdParty*/, pErrInfo);
     if (RT_FAILURE(rc) && !RTErrInfoIsSet(pErrInfo))
         LogRel(("supR3HardenedVerifyFile: Verification of \"%s\" failed, rc=%Rrc\n", pszFilename, rc));

trunk/src/VBox/HostDrivers/Support/SUPLibInternal.h

-              r49634
+              r51770
  */
 #if defined(IN_SUP_HARDENED_R3) && defined(RT_OS_WINDOWS)
+# define SUP_HARDENED_NEED_CRT_FUNCTIONS
+DECLHIDDEN(int)    suplibHardenedMemComp(void const *pvDst, const void *pvSrc, size_t cbToComp);
 DECLHIDDEN(void *) suplibHardenedMemCopy(void *pvDst, const void *pvSrc, size_t cbToCopy);
+DECLHIDDEN(void *) suplibHardenedMemSet(void *pvDst, int ch, size_t cbToSet);
 DECLHIDDEN(char *) suplibHardenedStrCopy(char *pszDst, const char *pszSrc);
 DECLHIDDEN(size_t) suplibHardenedStrLen(const char *psz);
 …
 DECLHIDDEN(int)    suplibHardenedStrICmp(const char *psz1, const char *psz2);
 #else
+# undef SUP_HARDENED_NEED_CRT_FUNCTIONS
+# define suplibHardenedMemComp memcmp
 # define suplibHardenedMemCopy memcpy
+# define suplibHardenedMemSet  memset
 # define suplibHardenedStrCopy strcpy
 # define suplibHardenedStrLen  strlen
 …
 # define suplibHardenedStrICmp stricmp
 #endif
+DECLNORETURN(void) suplibHardenedExit(RTEXITCODE rcExit);
+DECLNORETURN(void)  suplibHardenedExit(RTEXITCODE rcExit);
+DECLHIDDEN(void)    suplibHardenedPrintF(const char *pszFormat, ...);
+DECLHIDDEN(void)    suplibHardenedPrintFV(const char *pszFormat, va_list va);
 /** @} */
+/** Debug output macro. */
+#ifdef DEBUG_bird
+# ifdef IN_SUP_HARDENED_R3
+#  define SUP_DPRINTF(a)    suplibHardenedPrintF a
+# else
+#  define SUP_DPRINTF(a)    RTLogPrintf a
+# endif
+#else
+# define SUP_DPRINTF(a)     do { } while (0)
+#endif
 …
     kSupIFT_Exe,
     kSupIFT_Dll,
+    kSupIFT_Rc,
     kSupIFT_Sys,
     kSupIFT_Script,
 …
 typedef FNSUPR3PREINIT *PFNSUPR3PREINIT;
+/** The current SUPR3HardenedMain state / location. */
+typedef enum SUPR3HARDENEDMAINSTATE
+{
+    SUPR3HARDENEDMAINSTATE_NOT_YET_CALLED = 0,
+    SUPR3HARDENEDMAINSTATE_VERIFY_TRUST_READY,
+    SUPR3HARDENEDMAINSTATE_INIT_RUNTIME,
+    SUPR3HARDENEDMAINSTATE_GET_TRUSTED_MAIN,
+    SUPR3HARDENEDMAINSTATE_CALLED_TRUSTED_MAIN,
+    SUPR3HARDENEDMAINSTATE_END
+} SUPR3HARDENEDMAINSTATE;
 /*******************************************************************************
 …
 extern DECLHIDDEN(PSUPQUERYFUNCS)       g_pSupFunctions;
 #endif
+extern DECLHIDDEN(SUPR3HARDENEDMAINSTATE) g_enmSupR3HardenedMainState;
 …
  */
 DECLHIDDEN(int)     supR3HardenedError(int rc, bool fFatal, const char *pszFormat, ...);
 DECLHIDDEN(int)     supR3HardenedVerifyAll(bool fFatal, bool fLeaveFilesOpen, const char *pszProgName);
 DECLHIDDEN(int)     supR3HardenedVerifyFixedDir(SUPINSTDIR enmDir, bool fFatal);
 DECLHIDDEN(int)     supR3HardenedVerifyFixedFile(const char *pszFilename, bool fFatal);
 DECLHIDDEN(int)     supR3HardenedVerifyDir(const char *pszDirPath, bool fRecursive, bool fCheckFiles, PRTERRINFO pErrInfo);
+DECLHIDDEN(int)     supR3HardenedVerifyFile(const char *pszFilename, RTHCUINTPTR hNativeFile, PRTERRINFO pErrInfo);
+DECLHIDDEN(int)     supR3HardenedVerifyFile(const char *pszFilename, RTHCUINTPTR hNativeFile, bool fMaybe3rdParty,
+                                            PRTERRINFO pErrInfo);
 DECLHIDDEN(void)    supR3HardenedGetPreInitData(PSUPPREINITDATA pPreInitData);
 DECLHIDDEN(int)     supR3HardenedRecvPreInitData(PCSUPPREINITDATA pPreInitData);
+#ifdef RT_OS_WINDOWS
+DECLHIDDEN(void)    supR3HardenedWinInit(uint32_t fFlags);
+DECLHIDDEN(void)    supR3HardenedWinInitVersion(void);
+DECLHIDDEN(void)    supR3HardenedWinVerifyProcess(void);
+DECLHIDDEN(void)    supR3HardenedWinResolveVerifyTrustApiAndHookThreadCreation(void);
+DECLHIDDEN(bool)    supR3HardenedWinIsReSpawnNeeded(int cArgs, char **papszArgs);
+DECLHIDDEN(int)     supR3HardenedWinReSpawn(void);
+DECLHIDDEN(void *)  supR3HardenedWinLoadLibrary(const char *pszName, bool fSystem32Only);
+extern RTUTF16      g_wszSupLibHardenedExePath[1024];
+# ifdef RTPATH_MAX
+extern char         g_szSupLibHardenedExePath[RTPATH_MAX];
+# endif
+#endif
 SUPR3DECL(int)      supR3PageLock(void *pvStart, size_t cPages, PSUPPAGE paPages);

trunk/src/VBox/HostDrivers/Support/SUPLibLdr.cpp

r49634	r51770
781	781	* Verify the image file.
782	782	*/
783		int rc = supR3HardenedVerifyFile(pszFilename, RTHCUINTPTR_MAX, pErrInfo);
	783	int rc = supR3HardenedVerifyFile(pszFilename, RTHCUINTPTR_MAX, true /fMaybe3rdParty/, pErrInfo);
784	784	if (RT_FAILURE(rc))
785	785	{

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp

-              r49500
+              r51770
 /*
  * Copyright (C) 2006-2013 Oracle Corporation
+ * Copyright (C) 2006-2014 Oracle Corporation
+ *
  * This file is part of VirtualBox Open Source Edition (OSE), as
 …
 *******************************************************************************/
 /** The pre-init data we pass on to SUPR3 (residing in VBoxRT). */
 static SUPPREINITDATA g_SupPreInitData;
+static SUPPREINITDATA   g_SupPreInitData;
 /** The program executable path. */
+static char g_szSupLibHardenedExePath[RTPATH_MAX];
+#ifndef RT_OS_WINDOWS
+static
+#endif
+char                    g_szSupLibHardenedExePath[RTPATH_MAX];
 /** The program directory path. */
 static char g_szSupLibHardenedDirPath[RTPATH_MAX];
+static char             g_szSupLibHardenedDirPath[RTPATH_MAX];
 /** The program name. */
 static const char *g_pszSupLibHardenedProgName;
+static const char      *g_pszSupLibHardenedProgName;
 #ifdef SUP_HARDENED_SUID
 /** The real UID at startup. */
 static uid_t g_uid;
+static uid_t            g_uid;
 /** The real GID at startup. */
 static gid_t g_gid;
+static gid_t            g_gid;
 # ifdef RT_OS_LINUX
 static uint32_t g_uCaps;
+static uint32_t         g_uCaps;
 # endif
 #endif
+/** The current SUPR3HardenedMain state / location. */
+SUPR3HARDENEDMAINSTATE  g_enmSupR3HardenedMainState = SUPR3HARDENEDMAINSTATE_NOT_YET_CALLED;
 …
 #endif
 static PFNSUPTRUSTEDERROR supR3HardenedMainGetTrustedError(const char *pszProgName);
-#ifdef RT_OS_WINDOWS
-/*
- * No CRT here, thank you.
- */
-/** memcpy */
-DECLHIDDEN(void *) suplibHardenedMemCopy(void *pvDst, const void *pvSrc, size_t cbToCopy)
+{
-    size_t         *puDst = (size_t *)pvDst;
-    size_t const   *puSrc = (size_t const *)pvSrc;
-    while (cbToCopy >= sizeof(size_t))
+    {
-        *puDst++ = *puSrc++;
-        cbToCopy -= sizeof(size_t);
+    }
-    uint8_t        *pbDst = (uint8_t *)puDst;
-    uint8_t const  *pbSrc = (uint8_t const *)puSrc;
-    while (cbToCopy > 0)
+    {
-        *pbDst++ = *pbSrc++;
-        cbToCopy--;
+    }
-    return pvDst;
+}
-/** strcpy */
-DECLHIDDEN(char *) suplibHardenedStrCopy(char *pszDst, const char *pszSrc)
+{
-    char *pszRet = pszDst;
-    char ch;
-    do
+    {
-        ch = *pszSrc++;
-        *pszDst++ = ch;
-    } while (ch);
-    return pszRet;
+}
-/** strlen */
-DECLHIDDEN(size_t) suplibHardenedStrLen(const char *psz)
+{
-    const char *pszStart = psz;
-    while (*psz)
-        psz++;
-    return psz - pszStart;
+}
-/** strcat */
-DECLHIDDEN(char *) suplibHardenedStrCat(char *pszDst, const char *pszSrc)
+{
-    char *pszRet = pszDst;
-    while (*pszDst)
-        pszDst++;
-    suplibHardenedStrCopy(pszDst, pszSrc);
-    return pszRet;
+}
-# ifdef RT_OS_WINDOWS
-/** stricmp */
-DECLHIDDEN(int) suplibHardenedStrICmp(const char *psz1, const char *psz2)
+{
-    const char *pszOrg1 = psz1;
-    const char *pszOrg2 = psz2;
-    for (;;)
+    {
-        char ch1 = *psz1++;
-        char ch2 = *psz1++;
-        if (ch1 != ch2)
+        {
-            int rc = CompareStringA(LOCALE_USER_DEFAULT, NORM_IGNORECASE, pszOrg1, -1, pszOrg2, -1);
-#  ifdef VBOX_STRICT
-            if (rc == 0)
-                __debugbreak();
-#  endif
-            return rc - 2;
+        }
-        if (ch1 == 0)
-            return 0;
+    }
+}
-# endif
-/** strcmp */
-DECLHIDDEN(int) suplibHardenedStrCmp(const char *psz1, const char *psz2)
+{
-    for (;;)
+    {
-        char ch1 = *psz1++;
-        char ch2 = *psz1++;
-        if (ch1 != ch2)
-            return ch1 < ch2 ? -1 : 1;
-        if (ch1 == 0)
-            return 0;
+    }
+}
-/** strncmp */
-DECLHIDDEN(int) suplibHardenedStrNCmp(const char *psz1, const char *psz2, size_t cchMax)
+{
-    while (cchMax-- > 0)
+    {
-        char ch1 = *psz1++;
-        char ch2 = *psz1++;
-        if (ch1 != ch2)
-            return ch1 < ch2 ? -1 : 1;
-        if (ch1 == 0)
-            break;
+    }
-    return 0;
+}
-#endif /* RT_OS_WINDOWS */
 …
     do
+    {
         unsigned iDigit = uValue & fDigitMask;
+        *psz-- = pchDigits[uValue & fDigitMask];
         uValue >>= cShift;
-        *psz-- = uValue % 10;
-        uValue /= 10;
     } while (uValue > 0);
     if ((fFlags & RTSTR_F_SPECIAL) && uBase == 16)
+    {
         *psz-- = 'x';
+        *psz-- = !(fFlags & RTSTR_F_CAPITAL) ? 'x' : 'X';
         *psz-- = '0';
+    }
 …
 /**
+ * Writes a wide character string to standard error.
+ *
+ * @param   pwsz                The string.
+ */
+static void suplibHardenedPrintWideStr(PCRTUTF16 pwsz)
+{
+    for (;;)
+    {
+        RTUTF16 wc = *pwsz++;
+        if (!wc)
+            return;
+        if (   (wc < 0x7f && wc >= 0x20)
+            || wc == '\n'
+            || wc == '\r')
+            suplibHardenedPrintChr((char)wc);
+        else
+        {
+            suplibHardenedPrintStrN(RT_STR_TUPLE("\\x"));
+            suplibHardenedPrintHexOctal(wc, 16, 0);
+        }
+    }
+}
+#ifdef IPRT_NO_CRT
+/** Buffer structure used by suplibHardenedOutput. */
+struct SUPLIBHARDENEDOUTPUTBUF
+{
+    size_t off;
+    char   szBuf[2048];
+};
+/** Callback for RTStrFormatV, see FNRTSTROUTPUT. */
+static DECLCALLBACK(size_t) suplibHardenedOutput(void *pvArg, const char *pachChars, size_t cbChars)
+{
+    SUPLIBHARDENEDOUTPUTBUF *pBuf = (SUPLIBHARDENEDOUTPUTBUF *)pvArg;
+    size_t cbTodo = cbChars;
+    for (;;)
+    {
+        size_t cbSpace = sizeof(pBuf->szBuf) - pBuf->off - 1;
+        /* Flush the buffer? */
+        if (   cbSpace == 0
+            || (cbTodo == 0 && pBuf->off))
+        {
+            suplibHardenedPrintStrN(pBuf->szBuf, pBuf->off);
+# ifdef RT_OS_WINDOWS
+            OutputDebugString(pBuf->szBuf);
+# endif
+            pBuf->off = 0;
+            cbSpace = sizeof(pBuf->szBuf) - 1;
+        }
+        /* Copy the string into the buffer. */
+        if (cbTodo == 1)
+        {
+            pBuf->szBuf[pBuf->off++] = *pachChars;
+            break;
+        }
+        if (cbSpace >= cbTodo)
+        {
+            memcpy(&pBuf->szBuf[pBuf->off], pachChars, cbTodo);
+            pBuf->off += cbTodo;
+            break;
+        }
+        memcpy(&pBuf->szBuf[pBuf->off], pachChars, cbSpace);
+        pBuf->off += cbSpace;
+        cbTodo -= cbSpace;
+    }
+    pBuf->szBuf[pBuf->off] = '\0';
+    return cbChars;
+}
+#endif /* IPRT_NO_CRT */
+/**
  * Simple printf to standard error.
+ *
 …
 DECLHIDDEN(void) suplibHardenedPrintFV(const char *pszFormat, va_list va)
+{
+#ifdef IPRT_NO_CRT
+    /*
+     * Use buffered output here to avoid character mixing on the windows
+     * console and to enable us to use OutputDebugString.
+     */
+    SUPLIBHARDENEDOUTPUTBUF Buf;
+    Buf.off = 0;
+    Buf.szBuf[0] = '\0';
+    RTStrFormatV(suplibHardenedOutput, &Buf, NULL, NULL, pszFormat, va);
+#else /* !IPRT_NO_CRT */
     /*
      * Format loop.
 …
                 case 's':
+                {
+                    const char *pszStr = va_arg(va, const char *);
+                    if (!RT_VALID_PTR(pszStr))
+                        pszStr = "<NULL>";
+                    suplibHardenedPrintStr(pszStr);
+                    if (chArgSize == 'l')
+                    {
+                        PCRTUTF16 pwszStr = va_arg(va, PCRTUTF16 );
+                        if (RT_VALID_PTR(pwszStr))
+                            suplibHardenedPrintWideStr(pwszStr);
+                        else
+                            suplibHardenedPrintStr("<NULL>");
+                    }
+                    else
+                    {
+                        const char *pszStr = va_arg(va, const char *);
+                        if (!RT_VALID_PTR(pszStr))
+                            pszStr = "<NULL>";
+                        suplibHardenedPrintStr(pszStr);
+                    }
                     break;
+                }
                 case 'd':
 …
+                }
+                case 'R':
+                    if (pszFormat[0] == 'r' && pszFormat[1] == 'c')
+                    {
+                        int iValue = va_arg(va, int);
+                        if (iValue < 0)
+                        {
+                            suplibHardenedPrintChr('-');
+                            iValue = -iValue;
+                        }
+                        suplibHardenedPrintDecimal(iValue);
+                        pszFormat += 2;
+                        break;
+                    }
+                    /* fall thru */
                 /*
 …
     if (pszLast != pszFormat)
         suplibHardenedPrintStrN(pszLast, pszFormat - pszLast);
+#endif /* !IPRT_NO_CRT */
+}
 …
     va_end(va);
+}
 …
 #elif defined(RT_OS_WINDOWS)
+    HMODULE hExe = GetModuleHandle(NULL);
+    if (!GetModuleFileName(hExe, &g_szSupLibHardenedExePath[0], sizeof(g_szSupLibHardenedExePath)))
+        supR3HardenedFatal("supR3HardenedExecDir: GetModuleFileName failed, rc=%d\n", GetLastError());
+    int cbRet = WideCharToMultiByte(CP_UTF8, 0 /*dwFlags*/,
+                                    g_wszSupLibHardenedExePath, -1,
+                                    g_szSupLibHardenedExePath, sizeof(g_szSupLibHardenedExePath),
+                                    NULL /*pchDefChar*/, NULL /* pfUsedDefChar */);
+    if (!cbRet)
+        supR3HardenedFatal("supR3HardenedExecDir: WideCharToMultiByte failed, rc=%d\n", GetLastError());
 #else
 # error needs porting.
 …
             break;
+        case kSupInitOp_Misc:
         case kSupInitOp_IPRT:
         case kSupInitOp_Integrity:
 …
 #endif
+    {
+        PFNSUPTRUSTEDERROR pfnTrustedError = supR3HardenedMainGetTrustedError(g_pszSupLibHardenedProgName);
+        if (pfnTrustedError)
+            pfnTrustedError(pszWhere, enmWhat, rc, pszMsgFmt, va);
+        static volatile bool s_fRecursive = false; /* Loader hooks may cause recursion. */
+        if (!s_fRecursive)
+        {
+            s_fRecursive = true;
+            PFNSUPTRUSTEDERROR pfnTrustedError = supR3HardenedMainGetTrustedError(g_pszSupLibHardenedProgName);
+            if (pfnTrustedError)
+                pfnTrustedError(pszWhere, enmWhat, rc, pszMsgFmt, va);
+            s_fRecursive = false;
+        }
+    }
 …
             supR3HardenedFatalMsg("suplibOsInit", kSupInitOp_Driver, rc,
                                   "Kernel memory allocation/mapping failed");
+        case VERR_SUPDRV_HARDENING_EVIL_HANDLE:
+            supR3HardenedFatalMsg("suplibOsInit", kSupInitOp_Driver, rc, "VERR_SUPDRV_HARDENING_EVIL_HANDLE");
+        case VERR_SUPLIB_NT_PROCESS_UNTRUSTED_0:
+            supR3HardenedFatalMsg("suplibOsInit", kSupInitOp_Driver, rc, "VERR_SUPLIB_NT_PROCESS_UNTRUSTED_0");
+        case VERR_SUPLIB_NT_PROCESS_UNTRUSTED_1:
+            supR3HardenedFatalMsg("suplibOsInit", kSupInitOp_Driver, rc, "VERR_SUPLIB_NT_PROCESS_UNTRUSTED_1");
+        case VERR_SUPLIB_NT_PROCESS_UNTRUSTED_2:
+            supR3HardenedFatalMsg("suplibOsInit", kSupInitOp_Driver, rc, "VERR_SUPLIB_NT_PROCESS_UNTRUSTED_2");
         default:
             supR3HardenedFatalMsg("suplibOsInit", kSupInitOp_Driver, rc,
 …
      */
 #if defined(RT_OS_WINDOWS)
+    /** @todo consider using LOAD_WITH_ALTERED_SEARCH_PATH here! */
+    HMODULE hMod = LoadLibraryEx(szPath, NULL /*hFile*/, 0 /* dwFlags */);
+    HMODULE hMod = (HMODULE)supR3HardenedWinLoadLibrary(szPath, false /*fSystem32Only*/);
     if (!hMod)
         supR3HardenedFatalMsg("supR3HardenedMainInitRuntime", kSupInitOp_IPRT, VERR_MODULE_NOT_FOUND,
                               "LoadLibraryEx(\"%s\",,) failed (rc=%d)",
+                              "LoadLibrary \"%s\" failed (rc=%d)",
                               szPath, GetLastError());
     PFNRTR3INITEX pfnRTInitEx = (PFNRTR3INITEX)GetProcAddress(hMod, SUP_HARDENED_SYM("RTR3InitEx"));
 …
      */
 #if defined(RT_OS_WINDOWS)
+    /** @todo consider using LOAD_WITH_ALTERED_SEARCH_PATH here! */
+    HMODULE hMod = LoadLibraryEx(szPath, NULL /*hFile*/, 0 /* dwFlags */);
+    HMODULE hMod = (HMODULE)supR3HardenedWinLoadLibrary(szPath, false /*fSystem32Only*/);
     if (!hMod)
         return NULL;
 …
      */
 #if defined(RT_OS_WINDOWS)
+    /** @todo consider using LOAD_WITH_ALTERED_SEARCH_PATH here! */
+    HMODULE hMod = LoadLibraryEx(szPath, NULL /*hFile*/, 0 /* dwFlags */);
+    HMODULE hMod = (HMODULE)supR3HardenedWinLoadLibrary(szPath, false /*fSystem32Only*/);
     if (!hMod)
         supR3HardenedFatal("supR3HardenedMainGetTrustedMain: LoadLibraryEx(\"%s\",,) failed, rc=%d\n",
+        supR3HardenedFatal("supR3HardenedMainGetTrustedMain: LoadLibrary \"%s\" failed, rc=%d\n",
                             szPath, GetLastError());
     FARPROC pfn = GetProcAddress(hMod, SUP_HARDENED_SYM("TrustedMain"));
 …
     /*
+     * Validate the installation.
+     */
+     * Validate the installation.  On Windows we leave the files open so they
+     * cannot be tampered with after they've been verified.  We also check
+     * install loader hooks and check the process integrity.
+     */
+#ifndef RT_OS_WINDOWS
     supR3HardenedVerifyAll(true /* fFatal */, false /* fLeaveFilesOpen */, pszProgName);
+#else
+    supR3HardenedWinInit(fFlags);
+    supR3HardenedVerifyAll(true /* fFatal */, true /* fLeaveFilesOpen */, pszProgName);
+    supR3HardenedWinVerifyProcess();
+#endif
+#ifdef RT_OS_WINDOWS
+    /*
+     * On Windows we'll respawn the process with a special vboxdrv arrangement
+     * in place to monitor access to the process for its inception.
+     */
+    if (   !(fFlags & SUPSECMAIN_FLAGS_DONT_OPEN_DEV)
+        && supR3HardenedWinIsReSpawnNeeded(argc, argv))
+        return supR3HardenedWinReSpawn();
+#endif
     /*
 …
     if (!(fFlags & SUPSECMAIN_FLAGS_DONT_OPEN_DEV))
         supR3HardenedMainOpenDevice();
+#ifdef RT_OS_WINDOWS
+    supR3HardenedWinResolveVerifyTrustApiAndHookThreadCreation();
+    g_enmSupR3HardenedMainState = SUPR3HARDENEDMAINSTATE_VERIFY_TRUST_READY;
+#endif
     /*
 …
      * call RTR3InitEx.
      */
+    g_enmSupR3HardenedMainState = SUPR3HARDENEDMAINSTATE_INIT_RUNTIME;
     supR3HardenedMainInitRuntime(fFlags);
 …
      * and pass control to it.
      */
+    g_enmSupR3HardenedMainState = SUPR3HARDENEDMAINSTATE_GET_TRUSTED_MAIN;
     PFNSUPTRUSTEDMAIN pfnTrustedMain = supR3HardenedMainGetTrustedMain(pszProgName);
+    g_enmSupR3HardenedMainState = SUPR3HARDENEDMAINSTATE_CALLED_TRUSTED_MAIN;
     return pfnTrustedMain(argc, argv, envp);
+}
-#ifdef RT_OS_WINDOWS
-extern "C" int main(int argc, char **argv, char **envp);
-/**
- * The executable entry point.
- */
-extern "C" void __stdcall suplibHardenedWindowsMain(void)
+{
-    RTEXITCODE  rcExit = RTEXITCODE_FAILURE;
-    /*
-     * Convert the arguments to UTF-8.
-     */
-    int    cArgs;
-    PWSTR *papwszArgs = CommandLineToArgvW(GetCommandLineW(), &cArgs); /** @todo fix me! */
-    if (papwszArgs)
+    {
-        char **papszArgs = (char **)HeapAlloc(GetProcessHeap(), 0 /* dwFlags*/, (cArgs + 1) * sizeof(const char **));
-        if (papszArgs)
+        {
-            int iArg;
-            for (iArg = 0; iArg < cArgs; iArg++)
+            {
-                int cbNeeded = WideCharToMultiByte(CP_UTF8, 0 /*dwFlags*/, papwszArgs[iArg], -1, NULL /*pszDst*/, 0 /*cbDst*/,
-                                                   NULL /*pchDefChar*/, NULL /* pfUsedDefChar */);
-                if (!cbNeeded)
+                {
-                    suplibHardenedPrintF("CommandLineToArgvW failed on argument %d: %u\n", iArg, GetLastError());
-                    break;
+                }
-                papszArgs[iArg] = (char *)HeapAlloc(GetProcessHeap(), 0 /*dwFlags*/, cbNeeded);
-                if (!papszArgs[iArg])
+                {
-                    suplibHardenedPrintF("HeapAlloc failed");
-                    break;
+                }
-                int cbRet = WideCharToMultiByte(CP_UTF8, 0 /*dwFlags*/, papwszArgs[iArg], -1, papszArgs[iArg], cbNeeded,
-                                                NULL /*pchDefChar*/, NULL /* pfUsedDefChar */);
-                if (!cbRet)
+                {
-                    suplibHardenedPrintF("CommandLineToArgvW failed on argument %d: %u\n", iArg, GetLastError());
-                    break;
+                }
+            }
-            if (iArg == cArgs)
+            {
-                papszArgs[iArg] = NULL;
-                /*
-                 * Call the main function.
-                 */
-                rcExit = (RTEXITCODE)main(cArgs, papszArgs, NULL);
+            }
+        }
-        else
-            suplibHardenedPrintF("HeapAlloc failed\n");
+    }
-    else
-        suplibHardenedPrintF("CommandLineToArgvW failed\n");
-    /*
-     * Exit the process (never return).
-     */
-    for (;;)
-        ExitProcess(rcExit);
+}
-#endif

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp

-              r49211
+              r51770
 #include "SUPLibInternal.h"
+#if defined(RT_OS_WINDOWS) && defined(VBOX_WITH_HARDENING)
+# define SUPHNTVI_NO_NT_STUFF
+# include "win/SUPHardenedVerify-win.h"
+#endif
 …
 #endif
+/** Compare table file names with externally supplied names. */
+#if defined(RT_OS_WINDOWS) || defined(RT_OS_OS2)
+# define SUP_COMP_FILENAME  suplibHardenedStrICmp
+#else
+# define SUP_COMP_FILENAME  suplibHardenedStrCmp
+#endif
 /*******************************************************************************
 …
 #ifdef VBOX_WITH_RAW_MODE
     {   kSupIFT_Dll,  kSupID_AppPrivArch,       false, "VMMGC.gc" },
     {   kSupIFT_Dll,  kSupID_AppPrivArch,       false, "VBoxDDGC.gc" },
     {   kSupIFT_Dll,  kSupID_AppPrivArch,       false, "VBoxDD2GC.gc" },
+    {   kSupIFT_Rc,   kSupID_AppPrivArch,       false, "VMMGC.gc" },
+    {   kSupIFT_Rc,   kSupID_AppPrivArch,       false, "VBoxDDGC.gc" },
+    {   kSupIFT_Rc,   kSupID_AppPrivArch,       false, "VBoxDD2GC.gc" },
 #endif
 …
     {   kSupIFT_Exe,  kSupID_AppBin,            false, "VBoxSVC" SUPLIB_EXE_SUFF },
  #ifdef RT_OS_WINDOWS
     {   kSupIFT_Dll,  kSupID_AppPrivArchComp,   false, "VBoxC" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_SharedLib,         false, "VBoxC" SUPLIB_DLL_SUFF },
  #else
     {   kSupIFT_Exe,  kSupID_AppPrivArch,       false, "VBoxXPCOMIPCD" SUPLIB_EXE_SUFF },
 …
                                  FILE_SHARE_READ | FILE_SHARE_DELETE | FILE_SHARE_WRITE,
                                  NULL,
                                  OPEN_ALWAYS,
+                                 OPEN_EXISTING,
                                  FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS,
                                  NULL);
 …
         if (RT_SUCCESS(rc))
+        {
 #if defined(RT_OS_WINDOWS)
+#if defined(RT_OS_WINDOWS) /** @todo Need to use WCHAR on windows! */
             HANDLE hFile = CreateFile(szPath,
                                       GENERIC_READ,
                                       FILE_SHARE_READ,
                                       NULL,
                                       OPEN_ALWAYS,
+                                      OPEN_EXISTING,
                                       FILE_ATTRIBUTE_NORMAL,
                                       NULL);
             if (hFile != INVALID_HANDLE_VALUE)
+            {
+                /** @todo Check the type, and verify the signature (separate function so we can skip it). */
+# if defined(VBOX_WITH_HARDENING) && !defined(IN_SUP_R3_STATIC) /* Latter: Not in VBoxCpuReport and friends. */
+                char szErr[1024];
+                RTERRINFO ErrInfo;
+                RTErrInfoInit(&ErrInfo, szErr, sizeof(szErr));
+                uint32_t fFlags = SUPHNTVI_F_REQUIRE_BUILD_CERT;
+                if (pFile->enmType == kSupIFT_Rc)
+                    fFlags |= SUPHNTVI_F_RC_IMAGE;
+                rc = supHardenedWinVerifyImageByHandleNoName(hFile, fFlags, &ErrInfo);
+                if (RT_FAILURE(rc))
+                {
+                    rc = supR3HardenedError(rc, fFatal, "supR3HardenedVerifyFileInternal: '%s': Image verify error rc=%Rrc: %s\n",
+                                            szPath, rc, szErr);
+                    CloseHandle(hFile);
+                }
+                else
+#endif
+                {
                     /* it's valid. */
 …
                 if (!pFile->fOptional || err != ERROR_FILE_NOT_FOUND)
                     rc = supR3HardenedError(VERR_PATH_NOT_FOUND, fFatal,
+                                            "supR3HardenedVerifyFileInternal: Failed to open \"%s\": err=%d\n",
+                                            szPath, err);
+                                            "supR3HardenedVerifyFileInternal: Failed to open '%s': err=%d\n", szPath, err);
+            }
 #else /* UNIXY */
 …
     if (RT_FAILURE(rc))
         return rc;
+#if defined(RT_OS_WINDOWS) || defined(RT_OS_OS2)
+    if (suplibHardenedStrICmp(szName, pszFilename))
+#else
+    if (suplibHardenedStrCmp(szName, pszFilename))
+#endif
+    if (SUP_COMP_FILENAME(szName, pszFilename))
+    {
         /*
 …
         if (    GetFullPathName(szName, RT_ELEMENTS(szName2), &szName2[0], &pszIgnored)
             &&  GetFullPathName(pszFilename, RT_ELEMENTS(szName), &szName[0], &pszIgnored))
             if (!suplibHardenedStrICmp(szName2, szName))
+            if (!SUP_COMP_FILENAME(szName2, szName))
                 rc = VINF_SUCCESS;
 #else
 …
         if (    realpath(szName, szName2) != NULL
             &&  realpath(pszFilename, szName) != NULL)
             if (!suplibHardenedStrCmp(szName2, szName))
+            if (!SUP_COMP_FILENAME(szName2, szName))
                 rc = VINF_SUCCESS;
 #endif
 …
     const char *pszName = supR3HardenedPathFilename(pszFilename);
     for (unsigned iFile = 0; iFile < RT_ELEMENTS(g_aSupInstallFiles); iFile++)
         if (!suplibHardenedStrCmp(pszName, g_aSupInstallFiles[iFile].pszFile))
+        if (!SUP_COMP_FILENAME(pszName, g_aSupInstallFiles[iFile].pszFile))
+        {
             int rc = supR3HardenedVerifySameFile(iFile, pszFilename, fFatal);
 …
      */
 #if defined(RT_OS_WINDOWS) || defined(RT_OS_OS2)
     if (   RT_C_IS_ALPHA(pszSrc[0])
+    if (   !RT_C_IS_ALPHA(pszSrc[0])
         || pszSrc[1] != ':'
         || !RTPATH_IS_SLASH(pszSrc[2]))
 …
  *                              as we ended up with when verifying the path.
  *                              RTHCUINTPTR_MAX means NIL here.
+ * @param   fMaybe3rdParty      Set if the file is could be a supplied by a
+ *                              third party.  Different validation rules may
+ *                              apply to 3rd party code on some platforms.
  * @param   pErrInfo            Where to return extended error information.
  *                              Optional.
  */
+DECLHIDDEN(int) supR3HardenedVerifyFile(const char *pszFilename, RTHCUINTPTR hNativeFile, PRTERRINFO pErrInfo)
+DECLHIDDEN(int) supR3HardenedVerifyFile(const char *pszFilename, RTHCUINTPTR hNativeFile,
+                                        bool fMaybe3rdParty, PRTERRINFO pErrInfo)
+{
     /*
 …
     /*
      * Verify the file.
+     * Verify the file handle against the last component, if specified.
      */
     if (hNativeFile != RTHCUINTPTR_MAX)
+        return supR3HardenedVerifySameFsObject(hNativeFile, &FsObjState, Info.szPath, pErrInfo);
+    {
+        rc = supR3HardenedVerifySameFsObject(hNativeFile, &FsObjState, Info.szPath, pErrInfo);
+        if (RT_FAILURE(rc))
+            return rc;
+    }
+#ifdef RT_OS_WINDOWS
+    /*
+     * The files shall be signed on windows, verify that.
+     */
+    HANDLE hVerify;
+    if (hNativeFile == RTHCUINTPTR_MAX)
+        hVerify = CreateFile(pszFilename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+    else if (!DuplicateHandle(GetCurrentProcess(), (HANDLE)hNativeFile, GetCurrentProcess(), &hVerify,
+                              GENERIC_READ, false /*bInheritHandle*/, 0 /*dwOptions*/))
+        hVerify = INVALID_HANDLE_VALUE;
+    if (hVerify != INVALID_HANDLE_VALUE)
+    {
+        uint32_t fFlags = SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING;
+        if (!fMaybe3rdParty)
+            fFlags = SUPHNTVI_F_REQUIRE_BUILD_CERT;
+        const char *pszSuffix = RTPathSuffix(pszFilename);
+        if (   pszSuffix
+            &&                   pszSuffix[0]  == '.'
+            && (   RT_C_TO_LOWER(pszSuffix[1]) == 'r'
+                || RT_C_TO_LOWER(pszSuffix[1]) == 'g')
+            &&     RT_C_TO_LOWER(pszSuffix[2]) == 'c'
+            &&                   pszSuffix[3]  == '\0' )
+            fFlags |= SUPHNTVI_F_RC_IMAGE;
+# ifndef IN_SUP_R3_STATIC /* Not in VBoxCpuReport and friends. */
+        rc = supHardenedWinVerifyImageByHandleNoName(hVerify, fFlags, pErrInfo);
+# endif
+        CloseHandle(hVerify);
+    }
+    else
+        rc = RTErrInfoSetF(pErrInfo, RTErrConvertFromWin32(GetLastError()),
+                           "Error %u trying to open (or duplicate handle for) '%s'", GetLastError(), pszFilename);
+    if (RT_FAILURE(rc))
+        return rc;
+#endif
     return VINF_SUCCESS;
+}

trunk/src/VBox/HostDrivers/Support/darwin/SUPDrv-darwin.cpp

-              r51769
+              r51770
+void VBOXCALL supdrvOSCleanupSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
+{
+    NOREF(pDevExt);
+    NOREF(pSession);
+}
+void VBOXCALL supdrvOSSessionHashTabInserted(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
+void VBOXCALL supdrvOSSessionHashTabRemoved(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
 /**
  * Initializes any OS specific object creator fields.

trunk/src/VBox/HostDrivers/Support/freebsd/SUPDrv-freebsd.c

-              r49718
+              r51770
+void VBOXCALL supdrvOSCleanupSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
+{
+    NOREF(pDevExt);
+    NOREF(pSession);
+}
+void VBOXCALL supdrvOSSessionHashTabInserted(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
+void VBOXCALL supdrvOSSessionHashTabRemoved(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
 void VBOXCALL   supdrvOSObjInitCreator(PSUPDRVOBJ pObj, PSUPDRVSESSION pSession)
+{

trunk/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c

-              r50008
+              r51770
+void VBOXCALL supdrvOSCleanupSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
+{
+    NOREF(pDevExt);
+    NOREF(pSession);
+}
+void VBOXCALL supdrvOSSessionHashTabInserted(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
+void VBOXCALL supdrvOSSessionHashTabRemoved(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
 /**
  * Initializes any OS specific object creator fields.

trunk/src/VBox/HostDrivers/Support/os2/SUPDrv-os2.cpp

-              r49634
+              r51770
+void VBOXCALL supdrvOSCleanupSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
+{
+    NOREF(pDevExt);
+    NOREF(pSession);
+}
+void VBOXCALL supdrvOSSessionHashTabInserted(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
+void VBOXCALL supdrvOSSessionHashTabRemoved(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
 void VBOXCALL   supdrvOSObjInitCreator(PSUPDRVOBJ pObj, PSUPDRVSESSION pSession)
+{

trunk/src/VBox/HostDrivers/Support/solaris/SUPDrv-solaris.c

-              r50664
+              r51770
+void VBOXCALL supdrvOSCleanupSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
+{
+    NOREF(pDevExt);
+    NOREF(pSession);
+}
+void VBOXCALL supdrvOSSessionHashTabInserted(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
+void VBOXCALL supdrvOSSessionHashTabRemoved(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
 /**
  * Initializes any OS specific object creator fields.

trunk/src/VBox/HostDrivers/Support/testcase/Makefile.kmk

r43386	r51770
5	5
6	6	#
7		# Copyright (C) 2006-2012 Oracle Corporation
	7	# Copyright (C) 2006-2014 Oracle Corporation
8	8	#
9	9	# This file is part of VirtualBox Open Source Edition (OSE), as

trunk/src/VBox/HostDrivers/Support/testcase/tstNtQueryStuff.cpp

-              r48952
+              r51770
 /*
  * Copyright (C) 2006-2012 Oracle Corporation
+ * Copyright (C) 2006-2014 Oracle Corporation
+ *
  * This file is part of VirtualBox Open Source Edition (OSE), as
 …
 *   Header Files                                                               *
 *******************************************************************************/
+#include <ntstatus.h>
+#define WIN32_NO_STATUS
+#include <Windows.h>
+#include <winternl.h>
+typedef enum
+{
+    MemoryBasicInformation = 0,
+    MemoryWorkingSetList,
+    MemorySectionName,
+    MemoryBasicVlmInformation
+} MEMORY_INFORMATION_CLASS;
+typedef struct
+{
+    UNICODE_STRING  SectionFileName;
+    WCHAR           NameBuffer[ANYSIZE_ARRAY];
+} MEMORY_SECTION_NAME;
+extern "C"
+NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(IN HANDLE hProcess,
+                                             IN LPCVOID pvWhere,
+                                             IN MEMORY_INFORMATION_CLASS MemoryInfo,
+                                             OUT PVOID pvBuf,
+                                             IN SIZE_T cbBuf,
+                                             OUT PSIZE_T pcbReturned OPTIONAL);
+#define ProcessDebugPort            ((PROCESSINFOCLASS)7 )
+#define ProcessHandleCount          ((PROCESSINFOCLASS)20)
+#define ProcessWow64Information     ((PROCESSINFOCLASS)26)
+#define ProcessImageFileName        ((PROCESSINFOCLASS)27)
+#define ProcessDebugObjectHandle    ((PROCESSINFOCLASS)30)
+#define ProcessExecuteFlags         ((PROCESSINFOCLASS)34)
+#define ProcessImageFileNameWin32   ((PROCESSINFOCLASS)43)
+#define ProcessImageFileMapping     ((PROCESSINFOCLASS)44)
+#include <iprt/nt/nt-and-windows.h>
 #include <iprt/test.h>
 #include <iprt/string.h>
 …
     if (NT_SUCCESS(rcNt))
         RTTestIPrintf(RTTESTLVL_ALWAYS, "BasicInfo:\n"
+                                        "    UniqueProcessId = %#x (%6d)\n"
+                                        "    UniqueProcessId              = %#x (%6d)\n"
+                                        "    InheritedFromUniqueProcessId = %#x (%6d)\n"
+                                        "    ExitStatus      = %#x\n"
                                         "    PebBaseAddress  = %p\n"
+                                        "    Reserved1       = %p          ExitStatus?\n"
+                                        "    Reserved2a      = %p          AffinityMask?\n"
+                                        "    Reserved2b      = %p (%6d) BasePriority?\n"
+                                        "    Reserved3       = %p (%6d) InheritedFromUniqueProcessId?\n"
+                                        "    AffinityMask    = %#zx\n"
+                                        "    BasePriority    = %#zx\n"
+                      ,
                       BasicInfo.UniqueProcessId, BasicInfo.UniqueProcessId,
+                      BasicInfo.InheritedFromUniqueProcessId, BasicInfo.InheritedFromUniqueProcessId,
+                      BasicInfo.ExitStatus,
                       BasicInfo.PebBaseAddress,
+                      BasicInfo.Reserved1,
+                      BasicInfo.Reserved2[0],
+                      BasicInfo.Reserved2[1], BasicInfo.Reserved2[1],
+                      BasicInfo.Reserved3, BasicInfo.Reserved3
+                      BasicInfo.AffinityMask,
+                      BasicInfo.BasePriority
                       );
     /* Debugger present? */
 …
 int main()
+int main(int argc, char **argv)
+{
     RTEXITCODE rcExit = RTTestInitAndCreate("tstNtQueryStuff", &g_hTest);
 …
     g_hProcess = GetCurrentProcess();
+    //tstQueryVirtualMemory();
+    if (argc >= 2 && argv[1][0] != '-')
+    {
+        const char *pszPid = argv[1];
+        uint32_t idPid = RTStrToInt32(pszPid);
+        uint32_t fAccess = PROCESS_QUERY_INFORMATION;
+        if (argc >= 3)
+            fAccess = RTStrToInt32(argv[2]);
+        g_hProcess = OpenProcess(fAccess, FALSE, idPid);
+        if (g_hProcess == NULL)
+        {
+            RTTestIFailed("Error %u opening process %u (%s)\n", GetLastError(), idPid, pszPid);
+            return RTTestSummaryAndDestroy(g_hTest);
+        }
+    }
+    tstQueryVirtualMemory();
     tstQueryInformationProcess();
     return RTTestSummaryAndDestroy(g_hTest);
+}

trunk/src/VBox/HostDrivers/Support/win/SUPDrv-win.cpp

-              r51744
+              r51770
 *   Header Files                                                               *
 *******************************************************************************/
+#define IPRT_NT_MAP_TO_ZW
 #define LOG_GROUP LOG_GROUP_SUP_DRV
 #include "../SUPDrvInternal.h"
 …
 #include <iprt/assert.h>
+#include <iprt/avl.h>
+#include <iprt/ctype.h>
 #include <iprt/initterm.h>
 #include <iprt/mem.h>
 #include <iprt/process.h>
 #include <iprt/power.h>
+#include <iprt/spinlock.h>
 #include <iprt/string.h>
 #include <VBox/log.h>
+#include <VBox/err.h>
 #include <iprt/asm-amd64-x86.h>
+#ifdef VBOX_WITH_HARDENING
+# include "SUPHardenedVerify-win.h"
+#endif
 …
 #define DEVICE_NAME_DOS_USR     L"\\DosDevices\\VBoxDrvU"
+#ifdef VBOX_WITH_HARDENING
+/** Win32 device name for hardened stub access. */
+# define DEVICE_NAME_STUB       "\\\\.\\VBoxDrvStub"
+/** NT device name for hardened stub access. */
+# define DEVICE_NAME_NT_STUB    L"\\Device\\VBoxDrvStub"
+///** Win Symlink name for hardened stub access. */
+//# define DEVICE_NAME_DOS_STUB   L"\\DosDevices\\VBoxDrvStub"
+/** Macro for checking for deflecting calls to the stub device. */
+# define VBOXDRV_COMPLETE_IRP_AND_RETURN_IF_STUB_DEV(a_pDevObj, a_pIrp) \
+    do { if ((a_pDevObj) == g_pDevObjStub) supdrvNtCompleteRequest(STATUS_ACCESS_DENIED, a_pIrp); } while (0)
+#else
+# define VBOXDRV_COMPLETE_IRP_AND_RETURN_IF_STUB_DEV(a_pDevObj, a_pIrp) do {} while (0)
+#endif
 /** Enables the fast I/O control code path. */
 #define VBOXDRV_WITH_FAST_IO
 …
 *   Structures and Typedefs                                                    *
 *******************************************************************************/
-#if 0 //def RT_ARCH_AMD64
-typedef struct SUPDRVEXECMEM
+{
-    PMDL pMdl;
-    void *pvMapping;
-    void *pvAllocation;
-} SUPDRVEXECMEM, *PSUPDRVEXECMEM;
-#endif
 /**
  * Device extension used by VBoxDrvU.
 …
      ? (PSUPDRVDEVEXT)pDevObj->DeviceExtension \
      : ((PSUPDRVDEVEXTUSR)pDevObj->DeviceExtension)->pMainDrvExt )
+#ifdef VBOX_WITH_HARDENING
+/**
+ * Device extension used by VBoxDrvS.
+ */
+typedef struct SUPDRVDEVEXTSTUB
+{
+    /** Common header. */
+    SUPDRVDEVEXTUSR     Common;
+} SUPDRVDEVEXTSTUB;
+/** Pointer to the VBoxDrvS device extension. */
+typedef SUPDRVDEVEXTSTUB *PSUPDRVDEVEXTSTUB;
+/** Value of SUPDRVDEVEXTSTUB::Common.u32Cookie. */
+#define SUPDRVDEVEXTSTUB_COOKIE      UINT32_C(0x90abcdef)
+/**
+ * The kind of process we're protecting.
+ */
+typedef enum SUPDRVNTPROTECTKIND
+{
+    kSupDrvNtProtectKind_Invalid = 0,
+    /** Stub process protection while performing process verification.
+     * Next: StubSpawning (or free)  */
+    kSupDrvNtProtectKind_StubUnverified,
+    /** Stub process protection before it creates the VM process.
+     * Next: StubParent, StubDead. */
+    kSupDrvNtProtectKind_StubSpawning,
+    /** Stub process protection while having a VM process as child.
+     * Next: StubDead  */
+    kSupDrvNtProtectKind_StubParent,
+    /** Dead stub process. */
+    kSupDrvNtProtectKind_StubDead,
+    /** Potential VM process.
+     * Next: VmProcessConfirmed, VmProcessDead. */
+    kSupDrvNtProtectKind_VmProcessUnconfirmed,
+    /** Confirmed VM process.
+     * Next: VmProcessDead. */
+    kSupDrvNtProtectKind_VmProcessConfirmed,
+    /** Dead VM process. */
+    kSupDrvNtProtectKind_VmProcessDead,
+    /** End of valid protection kinds. */
+    kSupDrvNtProtectKind_End
+} SUPDRVNTPROTECTKIND;
+/**
+ * A NT process protection structure.
+ */
+typedef struct SUPDRVNTPROTECT
+{
+    /** The AVL node core structure.  The process ID is the pid. */
+    AVLPVNODECORE       AvlCore;
+    /** Magic value (SUPDRVNTPROTECT_MAGIC). */
+    uint32_t volatile   u32Magic;
+    /** Reference counter. */
+    uint32_t volatile   cRefs;
+    /** The kind of process we're protecting. */
+    SUPDRVNTPROTECTKIND volatile enmProcessKind;
+    /** Vista, 7 & 8: Hack to allow more rights to the handle returned by
+     *  NtCreateUserProcess. Only applicable to VmProcessUnconfirmed. */
+    bool                fFirstProcessCreateHandle : 1;
+    /** Vista, 7 & 8: Hack to allow more rights to the handle returned by
+     *  NtCreateUserProcess. Only applicable to VmProcessUnconfirmed. */
+    bool                fFirstThreadCreateHandle : 1;
+    /** 8.1: Hack to allow more rights to the handle returned by
+     *  NtCreateUserProcess. Only applicable to VmProcessUnconfirmed. */
+    bool                fCsrssFirstProcessCreateHandle : 1;
+    /** Vista, 7 & 8: Hack to allow more rights to the handle duplicated by CSR
+     *  during process creation. Only applicable to VmProcessUnconfirmed. */
+    bool                fCsrssFirstProcessDuplicateHandle : 1;
+    /** 7,: Hack to allow the supid themes service duplicate handle privileges to
+     *  our process. */
+    bool                fThemesFirstProcessCreateHandle : 1;
+    /** The parent PID for VM processes, otherwise NULL. */
+    HANDLE              hParentPid;
+    /** The PID of the CSRSS process associated with this process. */
+    HANDLE              hCsrssPid;
+    /** Pointer to the CSRSS process structure (referenced). */
+    PEPROCESS           pCsrssProcess;
+    /** State dependent data. */
+    union
+    {
+        /** A stub process in the StubParent state will keep a reference to a child
+         * while it's in the VmProcessUnconfirmed state so that it can be cleaned up
+         * correctly if things doesn't work out. */
+        struct SUPDRVNTPROTECT *pChild;
+        /** A process in the VmProcessUnconfirmed state will keep a weak
+         * reference to the parent's protection structure so it can clean up the pChild
+         * refernece the parent has to it. */
+        struct SUPDRVNTPROTECT *pParent;
+    } u;
+} SUPDRVNTPROTECT;
+/** Pointer to a NT process protection record. */
+typedef SUPDRVNTPROTECT *PSUPDRVNTPROTECT;
+/** The SUPDRVNTPROTECT::u32Magic value (Robert A. Heinlein). */
+# define SUPDRVNTPROTECT_MAGIC      UINT32_C(0x19070707)
+/** The SUPDRVNTPROTECT::u32Magic value of a dead structure. */
+# define SUPDRVNTPROTECT_MAGIC_DEAD UINT32_C(0x19880508)
+/** Pointer to ObRegisterCallbacks. */
+typedef NTSTATUS (NTAPI *PFNOBREGISTERCALLBACKS)(POB_CALLBACK_REGISTRATION, PVOID *);
+/** Pointer to ObUnregisterCallbacks. */
+typedef VOID     (NTAPI *PFNOBUNREGISTERCALLBACKS)(PVOID);
+/** Pointer to PsSetCreateProcessNotifyRoutineEx. */
+typedef NTSTATUS (NTAPI *PFNPSSETCREATEPROCESSNOTIFYROUTINEEX)(PCREATE_PROCESS_NOTIFY_ROUTINE_EX, BOOLEAN);
+/** Pointer to PsReferenceProcessFilePointer. */
+typedef NTSTATUS (NTAPI *PFNPSREFERENCEPROCESSFILEPOINTER)(PEPROCESS, PFILE_OBJECT *);
+/** Pointer to PsIsProtectedProcessLight. */
+typedef BOOLEAN  (NTAPI *PFNPSISPROTECTEDPROCESSLIGHT)(PEPROCESS);
+#endif /* VBOX_WITH_HARDENINIG */
 …
 static NTSTATUS _stdcall   VBoxDrvNtNotSupportedStub(PDEVICE_OBJECT pDevObj, PIRP pIrp);
 static NTSTATUS            VBoxDrvNtErr2NtStatus(int rc);
+#ifdef VBOX_WITH_HARDENING
+static NTSTATUS             supdrvNtProtectInit(void);
+static void                 supdrvNtProtectTerm(void);
+static int                  supdrvNtProtectCreate(PSUPDRVNTPROTECT *ppNtProtect, HANDLE hPid,
+                                                  SUPDRVNTPROTECTKIND enmProcessKind, bool fLink);
+static void                 supdrvNtProtectRelease(PSUPDRVNTPROTECT pNtProtect);
+static PSUPDRVNTPROTECT     supdrvNtProtectLookup(HANDLE hPid);
+static int                  supdrvNtProtectFindAssociatedCsrss(PSUPDRVNTPROTECT pNtProtect);
+static int                  supdrvNtProtectVerifyProcess(PSUPDRVNTPROTECT pNtProtect);
+static bool                 supdrvNtIsDebuggerAttached(void);
+#endif
 …
 #endif /* VBOXDRV_WITH_FAST_IO */
+#ifdef VBOX_WITH_HARDENING
+/** Pointer to the stub device instance. */
+static PDEVICE_OBJECT               g_pDevObjStub = NULL;
+/** Spinlock protecting g_NtProtectTree as well as the releasing of protection
+ *  structures. */
+static RTSPINLOCK                   g_hNtProtectLock = NIL_RTSPINLOCK;
+/** AVL tree of SUPDRVNTPROTECT structures. */
+static AVLPVTREE                    g_NtProtectTree  = NULL;
+/** Cookie returned by ObRegisterCallbacks for the callbacks. */
+static PVOID                        g_pvObCallbacksCookie = NULL;
+/** Combined windows NT version number.  See SUP_MAKE_NT_VER_COMBINED. */
+uint32_t                            g_uNtVerCombined = 0;
+/** Pointer to ObRegisterCallbacks if available.. */
+static PFNOBREGISTERCALLBACKS       g_pfnObRegisterCallbacks = NULL;
+/** Pointer to ObUnregisterCallbacks if available.. */
+static PFNOBUNREGISTERCALLBACKS     g_pfnObUnRegisterCallbacks = NULL;
+/** Pointer to PsSetCreateProcessNotifyRoutineEx if available.. */
+static PFNPSSETCREATEPROCESSNOTIFYROUTINEEX g_pfnPsSetCreateProcessNotifyRoutineEx = NULL;
+/** Pointer to PsReferenceProcessFilePointer if available. */
+static PFNPSREFERENCEPROCESSFILEPOINTER g_pfnPsReferenceProcessFilePointer = NULL;
+/** Pointer to PsIsProtectedProcessLight. */
+static PFNPSISPROTECTEDPROCESSLIGHT g_pfnPsIsProtectedProcessLight = NULL;
+# ifdef RT_ARCH_AMD64
+extern "C" {
+/** Pointer to KiServiceLinkage (used to fake missing ZwQueryVirtualMemory on
+ *  XP64 / W2K3-64). */
+PFNRT                               g_pfnKiServiceLinkage  = NULL;
+/** Pointer to KiServiceInternal (used to fake missing ZwQueryVirtualMemory on
+ *  XP64 / W2K3-64) */
+PFNRT                               g_pfnKiServiceInternal = NULL;
+}
+# endif
+#endif
 /**
 …
     if (NT_SUCCESS(rcNt))
+    {
         UNICODE_STRING DosName;
         RtlInitUnicodeString(&DosName, DEVICE_NAME_DOS_SYS);
         rcNt = IoCreateSymbolicLink(&DosName, &DevName);
+        UNICODE_STRING DosNameSys;
+        RtlInitUnicodeString(&DosNameSys, DEVICE_NAME_DOS_SYS);
+        rcNt = IoCreateSymbolicLink(&DosNameSys, &DevName);
         if (NT_SUCCESS(rcNt))
+        {
 …
             if (NT_SUCCESS(rcNt))
+            {
                 UNICODE_STRING DosName;
                 RtlInitUnicodeString(&DosName, DEVICE_NAME_DOS_USR);
                 rcNt = IoCreateSymbolicLink(&DosName, &DevName);
+                UNICODE_STRING DosNameUsr;
+                RtlInitUnicodeString(&DosNameUsr, DEVICE_NAME_DOS_USR);
+                rcNt = IoCreateSymbolicLink(&DosNameUsr, &DevName);
                 if (NT_SUCCESS(rcNt))
+                {
 …
                     pDevExtUsr->u32Cookie   = SUPDRVDEVEXTUSR_COOKIE;
+                    /* Done. */
+                    return rcNt;
+#ifdef VBOX_WITH_HARDENING
+                    /*
+                     * Hardened stub device.
+                     */
+                    RtlInitUnicodeString(&DevName, DEVICE_NAME_NT_STUB);
+                    rcNt = IoCreateDevice(pDrvObj, sizeof(SUPDRVDEVEXTSTUB), &DevName, FILE_DEVICE_UNKNOWN, 0, FALSE, &g_pDevObjStub);
+                    if (NT_SUCCESS(rcNt))
+                    {
+                        //UNICODE_STRING DosNameStub;
+                        //RtlInitUnicodeString(&DosNameStub, DEVICE_NAME_DOS_STUB);
+                        //rcNt = IoCreateSymbolicLink(&DosNameStub, &DevName);
+                        if (NT_SUCCESS(rcNt))
+                        {
+                            PSUPDRVDEVEXTSTUB pDevExtStub = (PSUPDRVDEVEXTSTUB)g_pDevObjStub->DeviceExtension;
+                            pDevExtStub->Common.pMainDrvExt = (PSUPDRVDEVEXT)g_pDevObjSys->DeviceExtension;
+                            pDevExtStub->Common.u32Cookie   = SUPDRVDEVEXTSTUB_COOKIE;
+#endif
+                            /* Done. */
+                            return rcNt;
+#ifdef VBOX_WITH_HARDENING
+                        }
+                        /* Bail out. */
+                        IoDeleteDevice(g_pDevObjStub);
+                        g_pDevObjUsr = NULL;
+                    }
+                    IoDeleteSymbolicLink(&DosNameUsr);
+#endif
+                }
-                /* Bail out. */
                 IoDeleteDevice(g_pDevObjUsr);
                 g_pDevObjUsr = NULL;
+            }
             IoDeleteSymbolicLink(&DosName);
+            IoDeleteSymbolicLink(&DosNameSys);
+        }
         IoDeleteDevice(g_pDevObjSys);
 …
     rcNt = IoDeleteSymbolicLink(&DosName);
+    PSUPDRVDEVEXTUSR pDevExtUsr = (PSUPDRVDEVEXTUSR)g_pDevObjUsr->DeviceExtension;
+    pDevExtUsr->pMainDrvExt = NULL;
+#ifdef VBOX_WITH_HARDENING
+    //RtlInitUnicodeString(&DosName, DEVICE_NAME_DOS_STUB);
+    //rcNt = IoDeleteSymbolicLink(&DosName);
+#endif
+    if (g_pDevObjUsr)
+    {
+        PSUPDRVDEVEXTUSR pDevExtUsr = (PSUPDRVDEVEXTUSR)g_pDevObjUsr->DeviceExtension;
+        pDevExtUsr->pMainDrvExt = NULL;
+    }
+#ifdef VBOX_WITH_HARDENING
+    if (g_pDevObjStub)
+    {
+        PSUPDRVDEVEXTSTUB pDevExtStub = (PSUPDRVDEVEXTSTUB)g_pDevObjStub->DeviceExtension;
+        pDevExtStub->Common.pMainDrvExt = NULL;
+    }
+#endif
+#ifdef VBOX_WITH_HARDENING
+    IoDeleteDevice(g_pDevObjStub);
+    g_pDevObjStub = NULL;
+#endif
     IoDeleteDevice(g_pDevObjUsr);
     g_pDevObjUsr = NULL;
 …
     /*
+     * Create device.
+     * (That means creating a device object and a symbolic link so the DOS
+     * subsystems (OS/2, win32, ++) can access the device.)
+     * Initialize the runtime (IPRT).
      */
+    NTSTATUS rcNt = vboxdrvNtCreateDevices(pDrvObj);
+    if (NT_SUCCESS(rcNt))
+    {
+        int vrc = RTR0Init(0);
+        if (RT_SUCCESS(vrc))
+        {
+            Log(("VBoxDrv::DriverEntry\n"));
+    NTSTATUS rcNt;
+    int vrc = RTR0Init(0);
+    if (RT_SUCCESS(vrc))
+    {
+        Log(("VBoxDrv::DriverEntry\n"));
+#ifdef VBOX_WITH_HARDENING
+        /*
+         * Initialize process protection.
+         */
+        rcNt = supdrvNtProtectInit();
+        if (NT_SUCCESS(rcNt))
+#endif
+        {
             /*
+             * Initialize the device extension.
+             * Create device.
+             * (That means creating a device object and a symbolic link so the DOS
+             * subsystems (OS/2, win32, ++) can access the device.)
              */
+            PSUPDRVDEVEXT pDevExt = (PSUPDRVDEVEXT)g_pDevObjSys->DeviceExtension;
+            memset(pDevExt, 0, sizeof(*pDevExt));
+            vrc = supdrvInitDevExt(pDevExt, sizeof(SUPDRVSESSION));
+            if (!vrc)
+            rcNt = vboxdrvNtCreateDevices(pDrvObj);
+            if (NT_SUCCESS(rcNt))
+            {
                 /*
                  * Setup the driver entry points in pDrvObj.
+                 * Initialize the device extension.
                  */
+                pDrvObj->DriverUnload                                   = VBoxDrvNtUnload;
+                pDrvObj->MajorFunction[IRP_MJ_CREATE]                   = VBoxDrvNtCreate;
+                pDrvObj->MajorFunction[IRP_MJ_CLEANUP]                  = VBoxDrvNtCleanup;
+                pDrvObj->MajorFunction[IRP_MJ_CLOSE]                    = VBoxDrvNtClose;
+                pDrvObj->MajorFunction[IRP_MJ_DEVICE_CONTROL]           = VBoxDrvNtDeviceControl;
+                pDrvObj->MajorFunction[IRP_MJ_INTERNAL_DEVICE_CONTROL]  = VBoxDrvNtInternalDeviceControl;
+                pDrvObj->MajorFunction[IRP_MJ_READ]                     = VBoxDrvNtNotSupportedStub;
+                pDrvObj->MajorFunction[IRP_MJ_WRITE]                    = VBoxDrvNtNotSupportedStub;
+                /* more? */
+                PSUPDRVDEVEXT pDevExt = (PSUPDRVDEVEXT)g_pDevObjSys->DeviceExtension;
+                memset(pDevExt, 0, sizeof(*pDevExt));
+                vrc = supdrvInitDevExt(pDevExt, sizeof(SUPDRVSESSION));
+                if (!vrc)
+                {
+                    /*
+                     * Setup the driver entry points in pDrvObj.
+                     */
+                    pDrvObj->DriverUnload                                   = VBoxDrvNtUnload;
+                    pDrvObj->MajorFunction[IRP_MJ_CREATE]                   = VBoxDrvNtCreate;
+                    pDrvObj->MajorFunction[IRP_MJ_CLEANUP]                  = VBoxDrvNtCleanup;
+                    pDrvObj->MajorFunction[IRP_MJ_CLOSE]                    = VBoxDrvNtClose;
+                    pDrvObj->MajorFunction[IRP_MJ_DEVICE_CONTROL]           = VBoxDrvNtDeviceControl;
+                    pDrvObj->MajorFunction[IRP_MJ_INTERNAL_DEVICE_CONTROL]  = VBoxDrvNtInternalDeviceControl;
+                    pDrvObj->MajorFunction[IRP_MJ_READ]                     = VBoxDrvNtNotSupportedStub;
+                    pDrvObj->MajorFunction[IRP_MJ_WRITE]                    = VBoxDrvNtNotSupportedStub;
 #ifdef VBOXDRV_WITH_FAST_IO
                 /* Fast I/O to speed up guest execution roundtrips. */
                 pDrvObj->FastIoDispatch = (PFAST_IO_DISPATCH)&g_VBoxDrvFastIoDispatch;
+                    /* Fast I/O to speed up guest execution roundtrips. */
+                    pDrvObj->FastIoDispatch = (PFAST_IO_DISPATCH)&g_VBoxDrvFastIoDispatch;
 #endif
+                /* Register ourselves for power state changes. */
+                UNICODE_STRING      CallbackName;
+                OBJECT_ATTRIBUTES   Attr;
+                RtlInitUnicodeString(&CallbackName, L"\\Callback\\PowerState");
+                InitializeObjectAttributes(&Attr, &CallbackName, OBJ_CASE_INSENSITIVE, NULL, NULL);
+                rcNt = ExCreateCallback(&pDevExt->pObjPowerCallback, &Attr, TRUE, TRUE);
+                if (rcNt == STATUS_SUCCESS)
+                    pDevExt->hPowerCallback = ExRegisterCallback(pDevExt->pObjPowerCallback, VBoxPowerDispatchCallback,
+                                                                 g_pDevObjSys);
+                Log(("VBoxDrv::DriverEntry returning STATUS_SUCCESS\n"));
+                return STATUS_SUCCESS;
+            }
+            Log(("supdrvInitDevExit failed with vrc=%d!\n", vrc));
+            rcNt = VBoxDrvNtErr2NtStatus(vrc);
+            RTR0Term();
+        }
+        else
+        {
+            Log(("RTR0Init failed with vrc=%d!\n", vrc));
+            rcNt = VBoxDrvNtErr2NtStatus(vrc);
+        }
+        vboxdrvNtDestroyDevices();
+                    /*
+                     * Register ourselves for power state changes.  We don't
+                     * currently care if this fails.
+                     */
+                    UNICODE_STRING      CallbackName;
+                    RtlInitUnicodeString(&CallbackName, L"\\Callback\\PowerState");
+                    OBJECT_ATTRIBUTES   Attr;
+                    InitializeObjectAttributes(&Attr, &CallbackName, OBJ_CASE_INSENSITIVE, NULL, NULL);
+                    rcNt = ExCreateCallback(&pDevExt->pObjPowerCallback, &Attr, TRUE, TRUE);
+                    if (rcNt == STATUS_SUCCESS)
+                        pDevExt->hPowerCallback = ExRegisterCallback(pDevExt->pObjPowerCallback,
+                                                                     VBoxPowerDispatchCallback,
+                                                                     g_pDevObjSys);
+                    /*
+                     * Done! Returning success!
+                     */
+                    Log(("VBoxDrv::DriverEntry returning STATUS_SUCCESS\n"));
+                    return STATUS_SUCCESS;
+                }
+                Log(("supdrvInitDevExit failed with vrc=%d!\n", vrc));
+                rcNt = VBoxDrvNtErr2NtStatus(vrc);
+                vboxdrvNtDestroyDevices();
+            }
+#ifdef VBOX_WITH_HARDENING
+            supdrvNtProtectTerm();
+#endif
+        }
+        RTR0Term();
+    }
+    else
+    {
+        Log(("RTR0Init failed with vrc=%d!\n", vrc));
+        rcNt = VBoxDrvNtErr2NtStatus(vrc);
+    }
     if (NT_SUCCESS(rcNt))
 …
      */
     supdrvDeleteDevExt(pDevExt);
+#ifdef VBOX_WITH_HARDENING
+    supdrvNtProtectTerm();
+#endif
     RTR0Term();
     vboxdrvNtDestroyDevices();
 …
 /**
+ * For simplifying request completion into a simple return statement, extended
+ * version.
+ *
+ * @returns rcNt
+ * @param   rcNt                The status code.
+ * @param   uInfo               Extra info value.
+ * @param   pIrp                The IRP.
+ */
+DECLINLINE(NTSTATUS) supdrvNtCompleteRequestEx(NTSTATUS rcNt, ULONG_PTR uInfo, PIRP pIrp)
+{
+    pIrp->IoStatus.Status       = rcNt;
+    pIrp->IoStatus.Information  = uInfo;
+    IoCompleteRequest(pIrp, IO_NO_INCREMENT);
+    return rcNt;
+}
+/**
+ * For simplifying request completion into a simple return statement.
+ *
+ * @returns rcNt
+ * @param   rcNt                The status code.
+ * @param   pIrp                The IRP.
+ */
+DECLINLINE(NTSTATUS) supdrvNtCompleteRequest(NTSTATUS rcNt, PIRP pIrp)
+{
+    return supdrvNtCompleteRequestEx(rcNt, 0 /*uInfo*/, pIrp);
+}
+/**
  * Create (i.e. Open) file entry point.
+ *
 …
+{
     Log(("VBoxDrvNtCreate: RequestorMode=%d\n", pIrp->RequestorMode));
+    const bool          fUnrestricted = pDevObj == g_pDevObjSys;
+    PIO_STACK_LOCATION  pStack = IoGetCurrentIrpStackLocation(pIrp);
+    PIO_STACK_LOCATION  pStack   = IoGetCurrentIrpStackLocation(pIrp);
     PFILE_OBJECT        pFileObj = pStack->FileObject;
     PSUPDRVDEVEXT       pDevExt = SUPDRVNT_GET_DEVEXT(pDevObj);
+    PSUPDRVDEVEXT       pDevExt  = SUPDRVNT_GET_DEVEXT(pDevObj);
     /*
 …
      */
     if (pStack->Parameters.Create.Options & FILE_DIRECTORY_FILE)
+    {
+        pIrp->IoStatus.Status       = STATUS_NOT_A_DIRECTORY;
+        pIrp->IoStatus.Information  = 0;
+        IoCompleteRequest(pIrp, IO_NO_INCREMENT);
+        return STATUS_NOT_A_DIRECTORY;
+    }
+        return supdrvNtCompleteRequest(STATUS_NOT_A_DIRECTORY, pIrp);
     /*
      * Don't create a session for kernel clients, they'll close the handle
      * immediately and work with the file object via
      * VBoxDrvNtInternalDeviceControl.  The first request will there be one
      * to create a session.
+     * VBoxDrvNtInternalDeviceControl.  The first request will be one to
+     * create a session.
      */
     NTSTATUS rcNt;
     if (pIrp->RequestorMode == KernelMode)
+        rcNt = STATUS_SUCCESS;
+    {
+        if (pDevObj == g_pDevObjSys)
+            return supdrvNtCompleteRequestEx(STATUS_SUCCESS, FILE_OPENED, pIrp);
+        rcNt = STATUS_ACCESS_DENIED;
+    }
     else
+    {
+#if defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_DEBUGGER_CHECKS)
         /*
          * Call common code for the rest.
+         * Make sure no debuggers are attached to non-user processes.
          */
+        pFileObj->FsContext = NULL;
+        PSUPDRVSESSION pSession;
+        int rc = supdrvCreateSession(pDevExt, true /*fUser*/, fUnrestricted, &pSession);
+        if (!rc)
+            pFileObj->FsContext = pSession;
+        rcNt = pIrp->IoStatus.Status = VBoxDrvNtErr2NtStatus(rc);
+    }
+    pIrp->IoStatus.Information  = 0;
+    IoCompleteRequest(pIrp, IO_NO_INCREMENT);
+    return rcNt;
+        if (   pDevObj != g_pDevObjUsr
+            && supdrvNtIsDebuggerAttached())
+        {
+            LogRel(("vboxdrv: Process %p is being debugged, access to vboxdrv / vboxdrvu declined.\n",
+                    PsGetProcessId(PsGetCurrentProcess())));
+            rcNt = STATUS_TRUST_FAILURE;
+        }
+        else
+#endif
+        {
+            int rc = VINF_SUCCESS;
+#ifdef VBOX_WITH_HARDENING
+            /*
+             * Access to the stub device is only granted to processes which
+             * passes verification.
+             *
+             * Note! The stub device has no need for a SUPDRVSESSION structure,
+             *       so the it uses the SUPDRVNTPROTECT directly instead.
+             */
+            if (pDevObj == g_pDevObjStub)
+            {
+                PSUPDRVNTPROTECT pNtProtect = NULL;
+                rc = supdrvNtProtectCreate(&pNtProtect, PsGetProcessId(PsGetCurrentProcess()),
+                                           kSupDrvNtProtectKind_StubUnverified, true /*fLink*/);
+                if (RT_SUCCESS(rc))
+                {
+                    rc = supdrvNtProtectFindAssociatedCsrss(pNtProtect);
+                    if (RT_SUCCESS(rc))
+                        rc = supdrvNtProtectVerifyProcess(pNtProtect);
+                    if (RT_SUCCESS(rc))
+                    {
+                        pFileObj->FsContext = pNtProtect; /* Keeps reference. */
+                        return supdrvNtCompleteRequestEx(STATUS_SUCCESS, FILE_OPENED, pIrp);
+                    }
+                    supdrvNtProtectRelease(pNtProtect);
+                }
+                LogRel(("vboxdrv: Declined %p access to VBoxDrvStub: rc=%d\n", PsGetProcessId(PsGetCurrentProcess()), rc));
+            }
+            /*
+             * Unrestricted access is only granted to a process in the
+             * VmProcessUnconfirmed state that checks out correctly and is
+             * allowed to transition to VmProcessConfirmed.  Again, only one
+             * session per process.
+             */
+            else if (pDevObj != g_pDevObjUsr)
+            {
+                PSUPDRVNTPROTECT pNtProtect = supdrvNtProtectLookup(PsGetProcessId(PsGetCurrentProcess()));
+                if (pNtProtect)
+                {
+                    if (pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed)
+                    {
+                        rc = supdrvNtProtectVerifyProcess(pNtProtect);
+                        if (RT_SUCCESS(rc))
+                        {
+                            /* Create a session. */
+                            PSUPDRVSESSION pSession;
+                            rc = supdrvCreateSession(pDevExt, true /*fUser*/, pDevObj == g_pDevObjSys /*fUnrestricted*/,
+                                                     &pSession);
+                            if (RT_SUCCESS(rc))
+                            {
+                                rc = supdrvSessionHashTabInsert(pDevExt, pSession, (PSUPDRVSESSION *)&pFileObj->FsContext, NULL);
+                                supdrvSessionRelease(pSession);
+                                if (RT_SUCCESS(rc))
+                                {
+                                    pSession->pNtProtect = pNtProtect; /* Keeps reference. */
+                                    return supdrvNtCompleteRequestEx(STATUS_SUCCESS, FILE_OPENED, pIrp);
+                                }
+                            }
+                            /* No second attempt. */
+                            RTSpinlockAcquire(g_hNtProtectLock);
+                            if (pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessConfirmed)
+                                pNtProtect->enmProcessKind = kSupDrvNtProtectKind_VmProcessDead;
+                            RTSpinlockRelease(g_hNtProtectLock);
+                            LogRel(("vboxdrv: supdrvCreateSession failed for process %p: rc=%d.\n",
+                                    PsGetProcessId(PsGetCurrentProcess()), rc));
+                        }
+                        else
+                            LogRel(("vboxdrv: Process %p failed process verification: rc=%d.\n",
+                                    PsGetProcessId(PsGetCurrentProcess()), rc));
+                    }
+                    else
+                    {
+                        LogRel(("vboxdrv: %p is not a budding VM process (enmProcessKind=%d).\n",
+                                PsGetProcessId(PsGetCurrentProcess()), pNtProtect->enmProcessKind));
+                        rc = VERR_ACCESS_DENIED;
+                    }
+                    supdrvNtProtectRelease(pNtProtect);
+                }
+                else
+                {
+                    LogRel(("vboxdrv: %p is not a budding VM process.\n", PsGetProcessId(PsGetCurrentProcess())));
+                    rc = VERR_ACCESS_DENIED;
+                }
+            }
+            /*
+             * Call common code to create an unprivileged session.
+             */
+            else
+            {
+                PSUPDRVSESSION pSession;
+                rc = supdrvCreateSession(pDevExt, true /*fUser*/, false /*fUnrestricted*/, &pSession);
+                if (RT_SUCCESS(rc))
+                {
+                    rc = supdrvSessionHashTabInsert(pDevExt, pSession, (PSUPDRVSESSION *)&pFileObj->FsContext, NULL);
+                    supdrvSessionRelease(pSession);
+                    if (RT_SUCCESS(rc))
+                    {
+                        pFileObj->FsContext  = pSession; /* Keeps reference. No race. */
+                        pSession->pNtProtect = NULL;
+                        return supdrvNtCompleteRequestEx(STATUS_SUCCESS, FILE_OPENED, pIrp);
+                    }
+                }
+            }
+#else  /* !VBOX_WITH_HARDENING */
+            /*
+             * Call common code to create a session.
+             */
+            pFileObj->FsContext = NULL;
+            PSUPDRVSESSION pSession;
+            rc = supdrvCreateSession(pDevExt, true /*fUser*/, pDevObj == g_pDevObjSys /*fUnrestricted*/, &pSession);
+            if (RT_SUCCESS(rc))
+            {
+                rc = supdrvSessionHashTabInsert(pDevExt, pSession, (PSUPDRVSESSION *)&pFileObj->FsContext, NULL);
+                supdrvSessionRelease(pSession);
+                if (RT_SUCCESS(rc))
+                    return supdrvNtCompleteRequestEx(STATUS_SUCCESS, FILE_OPENED, pIrp);
+            }
+#endif /* !VBOX_WITH_HARDENING */
+            /* bail out */
+            rcNt = VBoxDrvNtErr2NtStatus(rc);
+        }
+    }
+    Assert(!NT_SUCCESS(rcNt));
+    pFileObj->FsContext = NULL;
+    return supdrvNtCompleteRequest(rcNt, pIrp); /* Note. the IoStatus is completely ignored on error. */
+}
 …
     PIO_STACK_LOCATION  pStack   = IoGetCurrentIrpStackLocation(pIrp);
     PFILE_OBJECT        pFileObj = pStack->FileObject;
+    PSUPDRVSESSION      pSession = (PSUPDRVSESSION)pFileObj->FsContext;
+    Log(("VBoxDrvNtCleanup: pDevExt=%p pFileObj=%p pSession=%p\n", pDevExt, pFileObj, pSession));
+    if (pSession)
+    {
+        supdrvSessionRelease(pSession);
+        pFileObj->FsContext = NULL;
+    }
+    pIrp->IoStatus.Information = 0;
+    pIrp->IoStatus.Status = STATUS_SUCCESS;
+    IoCompleteRequest(pIrp, IO_NO_INCREMENT);
+    return STATUS_SUCCESS;
+#ifdef VBOX_WITH_HARDENING
+    if (pDevObj == g_pDevObjStub)
+    {
+        PSUPDRVNTPROTECT pNtProtect = (PSUPDRVNTPROTECT)pFileObj->FsContext;
+        Log(("VBoxDrvNtCleanup: pDevExt=%p pFileObj=%p pNtProtect=%p\n", pDevExt, pFileObj, pNtProtect));
+        if (pNtProtect)
+        {
+            supdrvNtProtectRelease(pNtProtect);
+            pFileObj->FsContext = NULL;
+        }
+    }
+    else
+#endif
+    {
+        PSUPDRVSESSION pSession = supdrvSessionHashTabLookup(pDevExt, RTProcSelf(), RTR0ProcHandleSelf(),
+                                                             (PSUPDRVSESSION *)&pFileObj->FsContext);
+        Log(("VBoxDrvNtCleanup: pDevExt=%p pFileObj=%p pSession=%p\n", pDevExt, pFileObj, pSession));
+        if (pSession)
+        {
+            supdrvSessionHashTabRemove(pDevExt, pSession, NULL);
+            supdrvSessionRelease(pSession); /* Drops the reference from supdrvSessionHashTabLookup. */
+        }
+    }
+    return supdrvNtCompleteRequest(STATUS_SUCCESS, pIrp);
+}
 …
     PIO_STACK_LOCATION  pStack   = IoGetCurrentIrpStackLocation(pIrp);
     PFILE_OBJECT        pFileObj = pStack->FileObject;
+    PSUPDRVSESSION      pSession = (PSUPDRVSESSION)pFileObj->FsContext;
+    Log(("VBoxDrvNtClose: pDevExt=%p pFileObj=%p pSession=%p\n", pDevExt, pFileObj, pSession));
+    if (pSession)
+    {
+        supdrvSessionRelease(pSession);
+        pFileObj->FsContext = NULL;
+    }
+    pIrp->IoStatus.Information = 0;
+    pIrp->IoStatus.Status = STATUS_SUCCESS;
+    IoCompleteRequest(pIrp, IO_NO_INCREMENT);
+    return STATUS_SUCCESS;
+#ifdef VBOX_WITH_HARDENING
+    if (pDevObj == g_pDevObjStub)
+    {
+        PSUPDRVNTPROTECT pNtProtect = (PSUPDRVNTPROTECT)pFileObj->FsContext;
+        Log(("VBoxDrvNtClose: pDevExt=%p pFileObj=%p pNtProtect=%p\n", pDevExt, pFileObj, pNtProtect));
+        if (pNtProtect)
+        {
+            supdrvNtProtectRelease(pNtProtect);
+            pFileObj->FsContext = NULL;
+        }
+    }
+    else
+#endif
+    {
+        PSUPDRVSESSION pSession = supdrvSessionHashTabLookup(pDevExt, RTProcSelf(), RTR0ProcHandleSelf(),
+                                                             (PSUPDRVSESSION *)&pFileObj->FsContext);
+        Log(("VBoxDrvNtCleanup: pDevExt=%p pFileObj=%p pSession=%p\n", pDevExt, pFileObj, pSession));
+        if (pSession)
+        {
+            supdrvSessionHashTabRemove(pDevExt, pSession, NULL);
+            supdrvSessionRelease(pSession); /* Drops the reference from supdrvSessionHashTabLookup. */
+        }
+    }
+    return supdrvNtCompleteRequest(STATUS_SUCCESS, pIrp);
+}
 …
+{
     PSUPDRVDEVEXT   pDevExt  = SUPDRVNT_GET_DEVEXT(pDevObj);
-    PSUPDRVSESSION  pSession = (PSUPDRVSESSION)pFileObj->FsContext;
     /*
      * Check the input a little bit.
+     * Check the input a little bit and get a the session references.
      */
+    PSUPDRVSESSION  pSession = supdrvSessionHashTabLookup(pDevExt, RTProcSelf(), RTR0ProcHandleSelf(),
+                                                          (PSUPDRVSESSION *)&pFileObj->FsContext);
     if (!pSession)
+    {
         pIoStatus->Status      = STATUS_INVALID_PARAMETER;
+        pIoStatus->Status      = STATUS_TRUST_FAILURE;
         pIoStatus->Information = 0;
         return TRUE;
+    }
+    /*
+     * Deal with the 2-3 high-speed IOCtl that takes their arguments from
+     * the session and iCmd, and does not return anything.
+     */
+    if (   (   uCmd == SUP_IOCTL_FAST_DO_RAW_RUN
+    if (pSession->fUnrestricted)
+    {
+#if defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_DEBUGGER_CHECKS)
+        if (supdrvNtIsDebuggerAttached())
+        {
+            pIoStatus->Status      = STATUS_TRUST_FAILURE;
+            pIoStatus->Information = 0;
+            supdrvSessionRelease(pSession);
+            return TRUE;
+        }
+#endif
+        /*
+         * Deal with the 2-3 high-speed IOCtl that takes their arguments from
+         * the session and iCmd, and does not return anything.
+         */
+        if (   uCmd == SUP_IOCTL_FAST_DO_RAW_RUN
             || uCmd == SUP_IOCTL_FAST_DO_HM_RUN
             || uCmd == SUP_IOCTL_FAST_DO_NOP)
+        && pSession->fUnrestricted == true)
+    {
+        int rc = supdrvIOCtlFast(uCmd, (unsigned)(uintptr_t)pvOutput /* VMCPU id */, pDevExt, pSession);
+        pIoStatus->Status      = RT_SUCCESS(rc) ? STATUS_SUCCESS : STATUS_INVALID_PARAMETER;
+        pIoStatus->Information = 0; /* Could be used to pass rc if we liked. */
+        return TRUE;
+        {
+            int rc = supdrvIOCtlFast(uCmd, (unsigned)(uintptr_t)pvOutput/* VMCPU id */, pDevExt, pSession);
+            pIoStatus->Status      = RT_SUCCESS(rc) ? STATUS_SUCCESS : STATUS_INVALID_PARAMETER;
+            pIoStatus->Information = 0; /* Could be used to pass rc if we liked. */
+            supdrvSessionRelease(pSession);
+            return TRUE;
+        }
+    }
 …
           pDevExt, uCmd, pvInput, cbInput, pvOutput, cbOutput, pSession));
 #ifdef RT_ARCH_AMD64
+# ifdef RT_ARCH_AMD64
     /* Don't allow 32-bit processes to do any I/O controls. */
     if (!IoIs32bitProcess(NULL))
 #endif
+# endif
+    {
         /*
 …
+        }
+    }
+# ifdef RT_ARCH_AMD64
+    else
+    {
+        Log(("VBoxDrvNtFastIoDeviceControl: WOW64 req - not supported\n"));
+        rcNt = STATUS_NOT_SUPPORTED;
+    }
+# endif
+    /* complete the request. */
+    pIoStatus->Status = rcNt;
+    pIoStatus->Information = cbOut;
+    supdrvSessionRelease(pSession);
+    return TRUE; /* handled. */
+}
+#endif /* VBOXDRV_WITH_FAST_IO */
+#ifdef VBOXDRV_WITH_FAST_IO
+/**
+ * Fast I/O device control callback.
+ *
+ * This performs no buffering, neither on the way in or out.
+ *
+ * @returns TRUE if handled, FALSE if the normal I/O control routine should be
+ *          called.
+ * @param   pFileObj            The file object.
+ * @param   fWait               Whether it's a blocking call
+ * @param   pvInput             The input buffer as specified by the user.
+ * @param   cbInput             The size of the input buffer.
+ * @param   pvOutput            The output buffer as specfied by the user.
+ * @param   cbOutput            The size of the output buffer.
+ * @param   uFunction           The function.
+ * @param   pIoStatus           Where to return the status of the operation.
+ * @param   pDevObj             The device object..
+ */
+static BOOLEAN _stdcall VBoxDrvNtFastIoDeviceControl(PFILE_OBJECT pFileObj, BOOLEAN fWait, PVOID pvInput, ULONG cbInput,
+                                                     PVOID pvOutput, ULONG cbOutput, ULONG uCmd,
+                                                     PIO_STATUS_BLOCK pIoStatus, PDEVICE_OBJECT pDevObj)
+{
+    PSUPDRVDEVEXT   pDevExt  = SUPDRVNT_GET_DEVEXT(pDevObj);
+    PSUPDRVSESSION  pSession = (PSUPDRVSESSION)pFileObj->FsContext;
+    /*
+     * Check the input a little bit.
+     */
+    if (!pSession)
+    {
+        pIoStatus->Status      = STATUS_INVALID_PARAMETER;
+        pIoStatus->Information = 0;
+        return TRUE;
+    }
+    /*
+     * Deal with the 2-3 high-speed IOCtl that takes their arguments from
+     * the session and iCmd, and does not return anything.
+     */
+    if (   (   uCmd == SUP_IOCTL_FAST_DO_RAW_RUN
+            || uCmd == SUP_IOCTL_FAST_DO_HM_RUN
+            || uCmd == SUP_IOCTL_FAST_DO_NOP)
+        && pSession->fUnrestricted == true)
+    {
+        int rc = supdrvIOCtlFast(uCmd, (unsigned)(uintptr_t)pvOutput /* VMCPU id */, pDevExt, pSession);
+        pIoStatus->Status      = RT_SUCCESS(rc) ? STATUS_SUCCESS : STATUS_INVALID_PARAMETER;
+        pIoStatus->Information = 0; /* Could be used to pass rc if we liked. */
+        return TRUE;
+    }
+    /*
+     * The normal path.
+     */
+    NTSTATUS    rcNt;
+    unsigned    cbOut = 0;
+    int         rc = 0;
+    Log2(("VBoxDrvNtFastIoDeviceControl(%p): ioctl=%#x pvIn=%p cbIn=%#x pvOut=%p cbOut=%#x pSession=%p\n",
+          pDevExt, uCmd, pvInput, cbInput, pvOutput, cbOutput, pSession));
+#ifdef RT_ARCH_AMD64
+    /* Don't allow 32-bit processes to do any I/O controls. */
+    if (!IoIs32bitProcess(NULL))
+#endif
+    {
+        /*
+         * In this fast I/O device control path we have to do our own buffering.
+         */
+        /* Verify that the I/O control function matches our pattern. */
+        if ((uCmd & 0x3) == METHOD_BUFFERED)
+        {
+            /* Get the header so we can validate it a little bit against the
+               parameters before allocating any memory kernel for the reqest. */
+            SUPREQHDR Hdr;
+            if (cbInput >= sizeof(Hdr) && cbOutput >= sizeof(Hdr))
+            {
+                __try
+                {
+                    RtlCopyMemory(&Hdr, pvInput, sizeof(Hdr));
+                    rcNt = STATUS_SUCCESS;
+                }
+                __except(EXCEPTION_EXECUTE_HANDLER)
+                {
+                    rcNt = GetExceptionCode();
+                }
+            }
+            else
+                rcNt = STATUS_INVALID_PARAMETER;
+            if (NT_SUCCESS(rcNt))
+            {
+                /* Verify that the sizes in the request header are correct. */
+                ULONG cbBuf = RT_MAX(cbInput, cbOutput);
+                if (   cbInput  == Hdr.cbIn
+                    && cbOutput == Hdr.cbOut
+                    && cbBuf < _1M*16)
+                {
+                    /* Allocate a buffer and copy all the input into it. */
+                    PSUPREQHDR pHdr = (PSUPREQHDR)ExAllocatePoolWithTag(NonPagedPool, cbBuf, 'VBox');
+                    if (pHdr)
+                    {
+                        __try
+                        {
+                            RtlCopyMemory(pHdr, pvInput, cbInput);
+                            if (cbInput < cbBuf)
+                                RtlZeroMemory((uint8_t *)pHdr + cbInput, cbBuf - cbInput);
+                            rcNt = STATUS_SUCCESS;
+                        }
+                        __except(EXCEPTION_EXECUTE_HANDLER)
+                        {
+                            rcNt = GetExceptionCode();
+                        }
+                    }
+                    else
+                        rcNt = STATUS_NO_MEMORY;
+                    if (NT_SUCCESS(rcNt))
+                    {
+                        /*
+                         * Now call the common code to do the real work.
+                         */
+                        rc = supdrvIOCtl(uCmd, pDevExt, pSession, pHdr);
+                        if (RT_SUCCESS(rc))
+                        {
+                            /*
+                             * Copy back the result.
+                             */
+                            cbOut = pHdr->cbOut;
+                            if (cbOut > cbOutput)
+                            {
+                                cbOut = cbOutput;
+                                OSDBGPRINT(("VBoxDrvNtFastIoDeviceControl: too much output! %#x > %#x; uCmd=%#x!\n",
+                                            pHdr->cbOut, cbOut, uCmd));
+                            }
+                            if (cbOut)
+                            {
+                                __try
+                                {
+                                    RtlCopyMemory(pvOutput, pHdr, cbOut);
+                                    rcNt = STATUS_SUCCESS;
+                                }
+                                __except(EXCEPTION_EXECUTE_HANDLER)
+                                {
+                                    rcNt = GetExceptionCode();
+                                }
+                            }
+                            else
+                                rcNt = STATUS_SUCCESS;
+                        }
+                        else if (rc == VERR_INVALID_PARAMETER)
+                            rcNt = STATUS_INVALID_PARAMETER;
+                        else
+                            rcNt = STATUS_NOT_SUPPORTED;
+                        Log2(("VBoxDrvNtFastIoDeviceControl: returns %#x cbOut=%d rc=%#x\n", rcNt, cbOut, rc));
+                    }
+                    ExFreePoolWithTag(pHdr, 'VBox');
+                }
+                else
+                {
+                    Log(("VBoxDrvNtFastIoDeviceControl: Mismatching sizes (%#x) - Hdr=%#lx/%#lx Irp=%#lx/%#lx!\n",
+                         uCmd, Hdr.cbIn, Hdr.cbOut, cbInput, cbOutput));
+                    rcNt = STATUS_INVALID_PARAMETER;
+                }
+            }
+        }
+        else
+        {
+            Log(("VBoxDrvNtFastIoDeviceControl: not buffered request (%#x) - not supported\n", uCmd));
+            rcNt = STATUS_NOT_SUPPORTED;
+        }
+    }
 #ifdef RT_ARCH_AMD64
     else
 …
 NTSTATUS _stdcall VBoxDrvNtDeviceControl(PDEVICE_OBJECT pDevObj, PIRP pIrp)
+{
+    VBOXDRV_COMPLETE_IRP_AND_RETURN_IF_STUB_DEV(pDevObj, pIrp);
     PSUPDRVDEVEXT       pDevExt  = SUPDRVNT_GET_DEVEXT(pDevObj);
     PIO_STACK_LOCATION  pStack   = IoGetCurrentIrpStackLocation(pIrp);
+    PSUPDRVSESSION      pSession = (PSUPDRVSESSION)pStack->FileObject->FsContext;
+    PSUPDRVSESSION      pSession = supdrvSessionHashTabLookup(pDevExt, RTProcSelf(), RTR0ProcHandleSelf(),
+                                                              (PSUPDRVSESSION *)&pStack->FileObject->FsContext);
+    if (!RT_VALID_PTR(pSession))
+        return supdrvNtCompleteRequest(STATUS_TRUST_FAILURE, pIrp);
     /*
 …
      * the session and iCmd, and does not return anything.
      */
+    ULONG ulCmd = pStack->Parameters.DeviceIoControl.IoControlCode;
+    if (   (   ulCmd == SUP_IOCTL_FAST_DO_RAW_RUN
+    if (pSession->fUnrestricted)
+    {
+#if defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_DEBUGGER_CHECKS)
+        if (supdrvNtIsDebuggerAttached())
+        {
+            supdrvSessionRelease(pSession);
+            return supdrvNtCompleteRequest(STATUS_TRUST_FAILURE, pIrp);
+        }
+#endif
+        ULONG ulCmd = pStack->Parameters.DeviceIoControl.IoControlCode;
+        if (   ulCmd == SUP_IOCTL_FAST_DO_RAW_RUN
             || ulCmd == SUP_IOCTL_FAST_DO_HM_RUN
             || ulCmd == SUP_IOCTL_FAST_DO_NOP)
+        && pSession->fUnrestricted == true)
+    {
+        int rc = supdrvIOCtlFast(ulCmd, (unsigned)(uintptr_t)pIrp->UserBuffer /* VMCPU id */, pDevExt, pSession);
+        /* Complete the I/O request. */
+        NTSTATUS rcNt = pIrp->IoStatus.Status = RT_SUCCESS(rc) ? STATUS_SUCCESS : STATUS_INVALID_PARAMETER;
+        IoCompleteRequest(pIrp, IO_NO_INCREMENT);
+        return rcNt;
+        {
+            int rc = supdrvIOCtlFast(ulCmd, (unsigned)(uintptr_t)pIrp->UserBuffer /* VMCPU id */, pDevExt, pSession);
+            /* Complete the I/O request. */
+            supdrvSessionRelease(pSession);
+            return supdrvNtCompleteRequest(RT_SUCCESS(rc) ? STATUS_SUCCESS : STATUS_INVALID_PARAMETER, pIrp);
+        }
+    }
 …
     pIrp->IoStatus.Status = rcNt;
     pIrp->IoStatus.Information = cbOut;
+    supdrvSessionRelease(pSession);
     IoCompleteRequest(pIrp, IO_NO_INCREMENT);
     return rcNt;
 …
 NTSTATUS _stdcall VBoxDrvNtInternalDeviceControl(PDEVICE_OBJECT pDevObj, PIRP pIrp)
+{
+    VBOXDRV_COMPLETE_IRP_AND_RETURN_IF_STUB_DEV(pDevObj, pIrp);
     PSUPDRVDEVEXT       pDevExt  = SUPDRVNT_GET_DEVEXT(pDevObj);
     PIO_STACK_LOCATION  pStack   = IoGetCurrentIrpStackLocation(pIrp);
 …
         RTPowerSignalEvent(((unsigned)pArgument2 == 0) ? RTPOWEREVENT_SUSPEND : RTPOWEREVENT_RESUME);
+    }
+}
+/**
+ * Called to clean up the session structure before it's freed.
+ *
+ * @param   pDevExt             The device globals.
+ * @param   pSession            The session that's being cleaned up.
+ */
+void VBOXCALL supdrvOSCleanupSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
+{
+#ifdef VBOX_WITH_HARDENING
+    if (pSession->pNtProtect)
+    {
+        supdrvNtProtectRelease(pSession->pNtProtect);
+        pSession->pNtProtect = NULL;
+    }
+#endif
+}
+void VBOXCALL supdrvOSSessionHashTabInserted(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
+void VBOXCALL supdrvOSSessionHashTabRemoved(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, void *pvUser)
+{
+    NOREF(pDevExt); NOREF(pSession); NOREF(pvUser);
+}
 …
                     rc = VERR_LDR_IMPORTED_SYMBOL_NOT_FOUND;
                     break;
                 case    0xC0000428 /* STATUS_INVALID_IMAGE_HASH */ :
+                case /* 0xC0000428 */ STATUS_INVALID_IMAGE_HASH:
                     rc = VERR_LDR_IMAGE_HASH;
                     break;
                 case    0xC000010E /* STATUS_IMAGE_ALREADY_LOADED */ :
+                case /* 0xC000010E */ STATUS_IMAGE_ALREADY_LOADED:
                     Log(("WARNING: see @bugref{4853} for cause of this failure on Windows 7 x64\n"));
                     rc = VERR_ALREADY_LOADED;
 …
+    }
+    if (rc < 0)
+    {
+        if (((uint32_t)rc & UINT32_C(0xffff0000)) == UINT32_C(0xffff0000))
+            return (NTSTATUS)( ((uint32_t)rc & UINT32_C(0xffff))
+                              | UINT32_C(0xe9860000) ); /* STATUS_SEVERITY_ERROR + C-bit + facility 0x986 */
+    }
     return STATUS_UNSUCCESSFUL;
+}
 …
+}
 #endif
+#ifdef VBOX_WITH_HARDENING
+/** @name Identifying Special Processes: CSRSS.EXE
+ * @{ */
+/**
+ * Checks if the process is a system32 process by the given name.
+ *
+ * @returns true / false.
+ * @param   pProcess            The process to check.
+ * @param   pszName             The lower case process name (no path!).
+ */
+static bool supdrvNtProtectIsSystem32ProcessMatch(PEPROCESS pProcess, const char *pszName)
+{
+    Assert(strlen(pszName) < 16); /* see buffer below */
+    /*
+     * This test works on XP+.
+     */
+    const char *pszImageFile = (const char *)PsGetProcessImageFileName(pProcess);
+    if (!pszImageFile)
+        return false;
+    if (RTStrICmp(pszImageFile, pszName) != 0)
+        return false;
+    /*
+     * This test requires a Vista+ API.
+     */
+    if (g_pfnPsReferenceProcessFilePointer)
+    {
+        PFILE_OBJECT pFile = NULL;
+        NTSTATUS rcNt = g_pfnPsReferenceProcessFilePointer(pProcess, &pFile);
+        if (!NT_SUCCESS(rcNt))
+            return false;
+        union
+        {
+            OBJECT_NAME_INFORMATION Info;
+            uint8_t        abBuffer[sizeof(g_System32NtPath) + 16 * sizeof(WCHAR)];
+        } Buf;
+        ULONG cbIgn;
+        rcNt = ObQueryNameString(pFile, &Buf.Info, sizeof(Buf) - sizeof(WCHAR), &cbIgn);
+        ObDereferenceObject(pFile);
+        if (!NT_SUCCESS(rcNt))
+            return false;
+        /* Terminate the name. */
+        PRTUTF16 pwszName = Buf.Info.Name.Buffer;
+        pwszName[Buf.Info.Name.Length / sizeof(RTUTF16)] = '\0';
+        /* Match the name against the system32 directory path. */
+        uint32_t cbSystem32 = g_System32NtPath.UniStr.Length;
+        if (Buf.Info.Name.Length < cbSystem32)
+            return false;
+        if (memcmp(pwszName, g_System32NtPath.UniStr.Buffer, cbSystem32))
+            return false;
+        pwszName += cbSystem32 / sizeof(RTUTF16);
+        if (*pwszName++ != '\\')
+            return false;
+        /* Compare the name. */
+        const char *pszRight = pszName;
+        for (;;)
+        {
+            WCHAR wchLeft = *pwszName++;
+            char  chRight = *pszRight++;
+            Assert(chRight == RT_C_TO_LOWER(chRight));
+            if (   wchLeft != chRight
+                && RT_C_TO_LOWER(wchLeft) != chRight)
+                return false;
+            if (!chRight)
+                break;
+        }
+    }
+    return true;
+}
+/**
+ * Checks if the current process is likely to be CSRSS.
+ *
+ * @returns true/false.
+ * @param   pProcess        The process.
+ */
+static bool supdrvNtProtectIsCsrssByProcess(PEPROCESS pProcess)
+{
+    /*
+     * On Windows 8.1 CSRSS.EXE is a protected process.
+     */
+    if (g_pfnPsIsProtectedProcessLight)
+    {
+        if (!g_pfnPsIsProtectedProcessLight(pProcess))
+            return false;
+    }
+    /*
+     * The name tests.
+     */
+    if (!supdrvNtProtectIsSystem32ProcessMatch(pProcess, "csrss.exe"))
+        return false;
+    /** @todo Could extend the CSRSS.EXE check with that the TokenUser of the
+     *        current process must be "NT AUTHORITY\SYSTEM" (S-1-5-18). */
+    return true;
+}
+/**
+ * Called in the context of VBoxDrvNtCreate to determin the CSRSS for the
+ * current process.
+ *
+ * The Client/Server Runtime Subsystem (CSRSS) process needs to be allowed some
+ * additional access right so we need to make 101% sure we correctly identify
+ * the CSRSS process a process is associated with.
+ *
+ * @returns IPRT status code.
+ * @param   pNtProtect          The NT protected process structure. The
+ *                              hCsrssPid member will be updated on success.
+ */
+static int supdrvNtProtectFindAssociatedCsrss(PSUPDRVNTPROTECT pNtProtect)
+{
+    Assert(pNtProtect->AvlCore.Key == PsGetCurrentProcessId());
+    Assert(pNtProtect->pCsrssProcess == NULL);
+    Assert(pNtProtect->hCsrssPid == NULL);
+    /*
+     * We'll try use the ApiPort LPC object for the session we're in to track
+     * down the CSRSS process. So, we start by constructing a path to it.
+     */
+    int rc;
+    uint32_t    uSessionId = PsGetProcessSessionId(PsGetCurrentProcess());
+    WCHAR       wszApiPort[48];
+    if (uSessionId == 0)
+        rc = RTUtf16CopyAscii(wszApiPort, RT_ELEMENTS(wszApiPort), "\\Windows\\ApiPort");
+    else
+    {
+        char szTmp[64];
+        ssize_t cchTmp = RTStrFormatU32(szTmp, sizeof(szTmp), uSessionId, 10, 0, 0, 0);
+        AssertReturn(cchTmp > 0, (int)cchTmp);
+        rc = RTUtf16CopyAscii(wszApiPort, RT_ELEMENTS(wszApiPort), "\\Sessions\\");
+        if (RT_SUCCESS(rc))
+            rc = RTUtf16CatAscii(wszApiPort, RT_ELEMENTS(wszApiPort), szTmp);
+        if (RT_SUCCESS(rc))
+            rc = RTUtf16CatAscii(wszApiPort, RT_ELEMENTS(wszApiPort), "\\Windows\\ApiPort");
+    }
+    AssertRCReturn(rc, rc);
+    UNICODE_STRING ApiPortStr;
+    ApiPortStr.Buffer = wszApiPort;
+    ApiPortStr.Length = (USHORT)(RTUtf16Len(wszApiPort) * sizeof(RTUTF16));
+    ApiPortStr.MaximumLength = ApiPortStr.Length + sizeof(RTUTF16);
+    /*
+     * The object cannot be opened, but we can reference it by name.
+     */
+    void *pvApiPortObj = NULL;
+    NTSTATUS rcNt = ObReferenceObjectByName(&ApiPortStr,
+,
+                                            NULL /*pAccessState*/,
+                                            STANDARD_RIGHTS_READ,
+                                            *LpcPortObjectType,
+                                            KernelMode,
+                                            NULL /*pvParseContext*/,
+                                            &pvApiPortObj);
+    if (!NT_SUCCESS(rcNt))
+    {
+        SUPR0Printf("vboxdrv: Error opening '%ls': %#x\n", wszApiPort, rcNt);
+        return VERR_SUPDRV_APIPORT_OPEN_ERROR;
+    }
+    /*
+     * Query the processes in the system so we can locate CSRSS.EXE candidates.
+     * Note! Attempts at using SystemSessionProcessInformation failed with
+     *       STATUS_ACCESS_VIOLATION.
+     */
+    ULONG       cbNeeded = _64K;
+    uint32_t    cbBuf;
+    uint8_t    *pbBuf = NULL;
+    do
+    {
+        cbBuf = RT_ALIGN(cbNeeded + _4K, _64K);
+        pbBuf = (uint8_t *)RTMemAlloc(cbBuf);
+        if (!pbBuf)
+            break;
+        cbNeeded = 0;
+#if 0 /* doesn't work. */
+        SYSTEM_SESSION_PROCESS_INFORMATION Req;
+        Req.SessionId    = uSessionId;
+        Req.BufferLength = cbBuf;
+        Req.Buffer       = pbBuf;
+        rcNt = NtQuerySystemInformation(SystemSessionProcessInformation, &Req, sizeof(Req), &cbNeeded);
+#else
+        rcNt = NtQuerySystemInformation(SystemProcessInformation, pbBuf, cbBuf, &cbNeeded);
+#endif
+        if (NT_SUCCESS(rcNt))
+            break;
+        RTMemFree(pbBuf);
+        pbBuf = NULL;
+    } while (   rcNt == STATUS_INFO_LENGTH_MISMATCH
+             && cbNeeded > cbBuf
+             && cbNeeded < 32U*_1M);
+    if (   pbBuf
+        && NT_SUCCESS(rcNt)
+        && cbNeeded >= sizeof(SYSTEM_PROCESS_INFORMATION))
+    {
+        /*
+         * Walk the returned data and look for the process associated with the
+         * ApiPort object.  The ApiPort object keeps the EPROCESS address of
+         * the owner process (i.e. CSRSS) relatively early in the structure. On
+         * 64-bit windows 8.1 it's at offset 0x18.  So, obtain the EPROCESS
+         * pointer to likely CSRSS processes and check for a match in the first
+         * 0x40 bytes of the ApiPort object.
+         */
+        rc = VERR_SUPDRV_CSRSS_NOT_FOUND;
+        for (uint32_t offBuf = 0; offBuf <= cbNeeded - sizeof(SYSTEM_PROCESS_INFORMATION);)
+        {
+            PRTNT_SYSTEM_PROCESS_INFORMATION pProcInfo = (PRTNT_SYSTEM_PROCESS_INFORMATION)&pbBuf[offBuf];
+            if (   pProcInfo->ProcessName.Length == 9 * sizeof(WCHAR)
+                && pProcInfo->NumberOfThreads > 2   /* Very low guess. */
+                && pProcInfo->HandleCount     > 32  /* Very low guess, I hope. */
+                && (uintptr_t)pProcInfo->ProcessName.Buffer - (uintptr_t)pbBuf < cbNeeded
+                && RT_C_TO_LOWER(pProcInfo->ProcessName.Buffer[0]) == 'c'
+                && RT_C_TO_LOWER(pProcInfo->ProcessName.Buffer[1]) == 's'
+                && RT_C_TO_LOWER(pProcInfo->ProcessName.Buffer[2]) == 'r'
+                && RT_C_TO_LOWER(pProcInfo->ProcessName.Buffer[3]) == 's'
+                && RT_C_TO_LOWER(pProcInfo->ProcessName.Buffer[4]) == 's'
+                &&               pProcInfo->ProcessName.Buffer[5]  == '.'
+                && RT_C_TO_LOWER(pProcInfo->ProcessName.Buffer[6]) == 'e'
+                && RT_C_TO_LOWER(pProcInfo->ProcessName.Buffer[7]) == 'x'
+                && RT_C_TO_LOWER(pProcInfo->ProcessName.Buffer[8]) == 'e' )
+            {
+                /* Get the process structure and perform some more thorough
+                   process checks. */
+                PEPROCESS pProcess;
+                rcNt = PsLookupProcessByProcessId(pProcInfo->UniqueProcessId, &pProcess);
+                if (NT_SUCCESS(rcNt))
+                {
+                    if (supdrvNtProtectIsCsrssByProcess(pProcess))
+                    {
+                        if (PsGetProcessSessionId(pProcess) == uSessionId)
+                        {
+                            /* Final test, check the ApiPort.
+                               Note! The old LPC (pre Vista) objects has the PID
+                                     much earlier in the structure.  Might be
+                                     worth looking for it instead. */
+                            bool fThatsIt = false;
+                            __try
+                            {
+                                PEPROCESS *ppPortProc = (PEPROCESS *)pvApiPortObj;
+                                uint32_t   cTests = g_uNtVerCombined >= SUP_NT_VER_VISTA ? 16 : 38; /* ALPC since Vista. */
+                                do
+                                {
+                                    fThatsIt = *ppPortProc == pProcess;
+                                    ppPortProc++;
+                                } while (!fThatsIt && --cTests > 0);
+                            }
+                            __except(EXCEPTION_EXECUTE_HANDLER)
+                            {
+                                fThatsIt = false;
+                            }
+                            if (fThatsIt)
+                            {
+                                /* Ok, we found it!  Keep the process structure
+                                   reference as well as the PID so we can
+                                   safely identify it later on.  */
+                                pNtProtect->hCsrssPid     = pProcInfo->UniqueProcessId;
+                                pNtProtect->pCsrssProcess = pProcess;
+                                rc = VINF_SUCCESS;
+                                break;
+                            }
+                        }
+                    }
+                    ObDereferenceObject(pProcess);
+                }
+            }
+            /* Advance. */
+            if (!pProcInfo->NextEntryOffset)
+                break;
+            offBuf += pProcInfo->NextEntryOffset;
+        }
+    }
+    else
+        rc = VERR_SUPDRV_SESSION_PROCESS_ENUM_ERROR;
+    RTMemFree(pbBuf);
+    ObDereferenceObject(pvApiPortObj);
+    return rc;
+}
+/**
+ * Checks that the given process is the CSRSS process associated with protected
+ * process.
+ *
+ * @returns true / false.
+ * @param   pNtProtect          The NT protection structure.
+ * @param   pCsrss              The process structure of the alleged CSRSS.EXE
+ *                              process.
+ */
+static bool supdrvNtProtectIsAssociatedCsrss(PSUPDRVNTPROTECT pNtProtect, PEPROCESS pCsrss)
+{
+    if (pNtProtect->pCsrssProcess == pCsrss)
+    {
+        if (pNtProtect->hCsrssPid == PsGetProcessId(pCsrss))
+        {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Checks if the given process is the stupid themes service.
+ *
+ * The caller does some screening of access masks and what not. We do the rest.
+ *
+ * @returns true / false.
+ * @param   pNtProtect          The NT protection structure.
+ * @param   pAnnoyingProcess    The process structure of an process that might
+ *                              happen to be the annoying themes process.
+ */
+static bool supdrvNtProtectIsFrigginThemesService(PSUPDRVNTPROTECT pNtProtect, PEPROCESS pAnnoyingProcess)
+{
+    /*
+     * Check the process name.
+     */
+    if (!supdrvNtProtectIsSystem32ProcessMatch(pAnnoyingProcess, "svchost.exe"))
+        return false;
+    /** @todo Come up with more checks. */
+    return true;
+}
+/** @} */
+/** @name Process Creation Callbacks.
+ * @{ */
+/**
+ * Common worker used by the process creation hooks as well as the process
+ * handle creation hooks to check if a VM process is being created.
+ *
+ * @returns true if likely to be a VM process, false if not.
+ * @param   pNtStub             The NT protection structure for the possible
+ *                              stub process.
+ * @param   hParentPid          The parent pid.
+ * @param   hChildPid           The child pid.
+ */
+static bool supdrvNtProtectIsSpawningStubProcess(PSUPDRVNTPROTECT pNtStub, HANDLE hParentPid, HANDLE hChildPid)
+{
+    bool fRc = false;
+    if (pNtStub->AvlCore.Key == hParentPid) /* paranoia */
+    {
+        if (pNtStub->enmProcessKind == kSupDrvNtProtectKind_StubSpawning)
+        {
+            /* Compare short names. */
+            PEPROCESS pStubProcess;
+            NTSTATUS rcNt = PsLookupProcessByProcessId(hParentPid, &pStubProcess);
+            if (NT_SUCCESS(rcNt))
+            {
+                PEPROCESS pChildProcess;
+                rcNt = PsLookupProcessByProcessId(hChildPid, &pChildProcess);
+                if (NT_SUCCESS(rcNt))
+                {
+                    const char *pszStub  = (const char *)PsGetProcessImageFileName(pStubProcess);
+                    const char *pszChild = (const char *)PsGetProcessImageFileName(pChildProcess);
+                    fRc = pszStub != NULL
+                       && pszChild != NULL
+                       && strcmp(pszStub, pszChild) == 0;
+                    /** @todo check that the full image names matches. */
+                    ObDereferenceObject(pChildProcess);
+                }
+                ObDereferenceObject(pStubProcess);
+            }
+        }
+    }
+    return fRc;
+}
+/**
+ * Common code used by the notifies to protect a child process.
+ *
+ * @returns VBox status code.
+ * @param   pNtStub             The NT protect structure for the parent.
+ * @param   hChildPid           The child pid.
+ */
+static int supdrvNtProtectProtectNewStubChild(PSUPDRVNTPROTECT pNtParent, HANDLE hChildPid)
+{
+    /*
+     * Create a child protection struction.
+     */
+    PSUPDRVNTPROTECT pNtChild;
+    int rc = supdrvNtProtectCreate(&pNtChild, hChildPid, kSupDrvNtProtectKind_VmProcessUnconfirmed, false /*fLink*/);
+    if (RT_SUCCESS(rc))
+    {
+        pNtChild->fFirstProcessCreateHandle = true;
+        pNtChild->fFirstThreadCreateHandle = true;
+        pNtChild->fCsrssFirstProcessCreateHandle = true;
+        pNtChild->fCsrssFirstProcessDuplicateHandle = true;
+        pNtChild->fThemesFirstProcessCreateHandle = true;
+        pNtChild->hParentPid = pNtParent->AvlCore.Key;
+        pNtChild->hCsrssPid = pNtParent->hCsrssPid;
+        pNtChild->pCsrssProcess = pNtParent->pCsrssProcess;
+        if (pNtChild->pCsrssProcess)
+            ObReferenceObject(pNtChild->pCsrssProcess);
+        /*
+         * Take the spinlock, recheck parent conditions and link things.
+         */
+        RTSpinlockAcquire(g_hNtProtectLock);
+        if (pNtParent->enmProcessKind == kSupDrvNtProtectKind_StubSpawning)
+        {
+            bool fSuccess = RTAvlPVInsert(&g_NtProtectTree, &pNtChild->AvlCore);
+            if (fSuccess)
+            {
+                pNtParent->u.pChild       = pNtChild; /* Parent keeps the initial reference. */
+                pNtParent->enmProcessKind = kSupDrvNtProtectKind_StubParent;
+                pNtChild->u.pParent       = pNtParent;
+                RTSpinlockRelease(g_hNtProtectLock);
+                return VINF_SUCCESS;
+            }
+            rc = VERR_INTERNAL_ERROR_2;
+        }
+        else
+            rc = VERR_WRONG_ORDER;
+        RTSpinlockRelease(g_hNtProtectLock);
+        supdrvNtProtectRelease(pNtChild);
+    }
+    return rc;
+}
+/**
+ * Common process termination code.
+ *
+ * Transitions protected process to the dead states, protecting against handle
+ * PID reuse (esp. with unconfirmed VM processes) and handle cleanup issues.
+ *
+ * @param   hDeadPid            The PID of the dead process.
+ */
+static void supdrvNtProtectUnprotectDeadProcess(HANDLE hDeadPid)
+{
+    PSUPDRVNTPROTECT pNtProtect = supdrvNtProtectLookup(hDeadPid);
+    if (pNtProtect)
+    {
+        PSUPDRVNTPROTECT pNtChild = NULL;
+        RTSpinlockAcquire(g_hNtProtectLock);
+        /*
+         * If this is an unconfirmed VM process, we must release the reference
+         * the parent structure holds.
+         */
+        if (pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed)
+        {
+            PSUPDRVNTPROTECT pNtParent = pNtProtect->u.pParent;
+            AssertRelease(pNtParent); AssertRelease(pNtParent->u.pChild == pNtProtect);
+            pNtParent->u.pChild   = NULL;
+            pNtProtect->u.pParent = NULL;
+            pNtChild = pNtProtect;
+        }
+        /*
+         * If this is a stub exitting before the VM process gets confirmed,
+         * release the protection of the potential VM process as this is not
+         * the prescribed behavior.
+         */
+        else if (   pNtProtect->enmProcessKind == kSupDrvNtProtectKind_StubParent
+                 && pNtProtect->u.pChild)
+        {
+            pNtChild = pNtProtect->u.pChild;
+            pNtProtect->u.pChild = NULL;
+            pNtChild->u.pParent  = NULL;
+            pNtChild->enmProcessKind = kSupDrvNtProtectKind_VmProcessDead;
+        }
+        /*
+         * Transition it to the dead state to prevent it from opening the
+         * support driver again or be posthumously abused as a vm process parent.
+         */
+        if (   pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed
+            || pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessConfirmed)
+            pNtProtect->enmProcessKind = kSupDrvNtProtectKind_VmProcessDead;
+        else if (   pNtProtect->enmProcessKind == kSupDrvNtProtectKind_StubParent
+                 || pNtProtect->enmProcessKind == kSupDrvNtProtectKind_StubSpawning
+                 || pNtProtect->enmProcessKind == kSupDrvNtProtectKind_StubUnverified)
+            pNtProtect->enmProcessKind = kSupDrvNtProtectKind_StubDead;
+        RTSpinlockRelease(g_hNtProtectLock);
+        supdrvNtProtectRelease(pNtProtect);
+        supdrvNtProtectRelease(pNtChild);
+        /*
+         * Do session cleanups.
+         */
+        AssertReturnVoid((HANDLE)(uintptr_t)RTProcSelf() == hDeadPid);
+        if (g_pDevObjSys)
+        {
+            PSUPDRVDEVEXT  pDevExt  = (PSUPDRVDEVEXT)g_pDevObjSys->DeviceExtension;
+            PSUPDRVSESSION pSession = supdrvSessionHashTabLookup(pDevExt, (RTPROCESS)(uintptr_t)hDeadPid,
+                                                                 RTR0ProcHandleSelf(), NULL);
+            if (pSession)
+            {
+                supdrvSessionHashTabRemove(pDevExt, pSession, NULL);
+                supdrvSessionRelease(pSession); /* Drops the reference from supdrvSessionHashTabLookup. */
+            }
+        }
+    }
+}
+/**
+ * Common worker for the process creation callback that verifies a new child
+ * being created by the handle creation callback code.
+ *
+ * @param   pNtStub         The parent.
+ * @param   pNtVm           The child.
+ * @param   fCallerChecks   The result of any additional tests the caller made.
+ *                          This is in order to avoid duplicating the failure
+ *                          path code.
+ */
+static void supdrvNtProtectVerifyNewChildProtection(PSUPDRVNTPROTECT pNtStub, PSUPDRVNTPROTECT pNtVm, bool fCallerChecks)
+{
+    if (   fCallerChecks
+        && pNtStub->enmProcessKind == kSupDrvNtProtectKind_StubParent
+        && pNtVm->enmProcessKind   == kSupDrvNtProtectKind_VmProcessUnconfirmed
+        && pNtVm->u.pParent        == pNtStub
+        && pNtStub->u.pChild       == pNtVm)
+    {
+        /* Fine, nothing to do. */
+        return;
+    }
+    LogRel(("vboxdrv: Misdetected vm stub; hParentPid=%p hChildPid=%p\n", pNtStub->AvlCore.Key, pNtVm->AvlCore.Key));
+    if (pNtStub->enmProcessKind != kSupDrvNtProtectKind_VmProcessConfirmed)
+        supdrvNtProtectUnprotectDeadProcess(pNtVm->AvlCore.Key);
+}
+/**
+ * Old style callback (since forever).
+ *
+ * @param   hParentPid          The parent PID.
+ * @param   hNewPid             The PID of the new child.
+ * @param   fCreated            TRUE if it's a creation notification,
+ *                              FALSE if termination.
+ * @remarks ASSUMES this arrives before the handle creation callback.
+ */
+static VOID __stdcall
+supdrvNtProtectCallback_ProcessCreateNotify(HANDLE hParentPid, HANDLE hNewPid, BOOLEAN fCreated)
+{
+    /*
+     * Is it a new process that needs protection?
+     */
+    if (fCreated)
+    {
+        PSUPDRVNTPROTECT pNtStub = supdrvNtProtectLookup(hParentPid);
+        if (pNtStub)
+        {
+            PSUPDRVNTPROTECT pNtVm = supdrvNtProtectLookup(hNewPid);
+            if (!pNtVm)
+            {
+                if (supdrvNtProtectIsSpawningStubProcess(pNtStub, hParentPid, hNewPid))
+                    supdrvNtProtectProtectNewStubChild(pNtStub, hNewPid);
+            }
+            else
+            {
+                supdrvNtProtectVerifyNewChildProtection(pNtStub, pNtVm, true);
+                supdrvNtProtectRelease(pNtVm);
+            }
+            supdrvNtProtectRelease(pNtStub);
+        }
+    }
+    /*
+     * Process termination, do clean ups.
+     */
+    else
+        supdrvNtProtectUnprotectDeadProcess(hNewPid);
+}
+/**
+ * New style callback (Vista SP1+ / w2k8).
+ *
+ * @param   pNewProcess         The new process.
+ * @param   hNewPid             The PID of the new process.
+ * @param   pInfo               Process creation details. NULL if process
+ *                              termination notification.
+ * @remarks ASSUMES this arrives before the handle creation callback.
+ */
+static VOID __stdcall
+supdrvNtProtectCallback_ProcessCreateNotifyEx(PEPROCESS pNewProcess, HANDLE hNewPid, PPS_CREATE_NOTIFY_INFO pInfo)
+{
+    /*
+     * Is it a new process that needs protection?
+     */
+    if (pInfo)
+    {
+        PSUPDRVNTPROTECT pNtStub = supdrvNtProtectLookup(pInfo->CreatingThreadId.UniqueProcess);
+        Log(("vboxdrv/NewProcessEx: ctx=%04zx/%p pid=%04zx ppid=%04zx ctor=%04zx/%04zx rcNt=%#x %.*ls\n",
+             PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
+             hNewPid, pInfo->ParentProcessId,
+             pInfo->CreatingThreadId.UniqueProcess, pInfo->CreatingThreadId.UniqueThread, pInfo->CreationStatus,
+             pInfo->FileOpenNameAvailable && pInfo->ImageFileName ? (size_t)pInfo->ImageFileName->Length / 2 : 0,
+             pInfo->FileOpenNameAvailable && pInfo->ImageFileName ? pInfo->ImageFileName->Buffer : NULL));
+        if (pNtStub)
+        {
+            PSUPDRVNTPROTECT pNtVm = supdrvNtProtectLookup(hNewPid);
+            if (!pNtVm)
+            {
+                /* Parent must be creator. */
+                if (pInfo->CreatingThreadId.UniqueProcess == pInfo->ParentProcessId)
+                {
+                    if (supdrvNtProtectIsSpawningStubProcess(pNtStub, pInfo->ParentProcessId, hNewPid))
+                        supdrvNtProtectProtectNewStubChild(pNtStub, hNewPid);
+                }
+            }
+            else
+            {
+                /* Parent must be creator (as above). */
+                supdrvNtProtectVerifyNewChildProtection(pNtStub, pNtVm,
+                                                        pInfo->CreatingThreadId.UniqueProcess == pInfo->ParentProcessId);
+                supdrvNtProtectRelease(pNtVm);
+            }
+            supdrvNtProtectRelease(pNtStub);
+        }
+    }
+    /*
+     * Process termination, do clean ups.
+     */
+    else
+        supdrvNtProtectUnprotectDeadProcess(hNewPid);
+}
+/** @} */
+/** @name Process Handle Callbacks.
+ * @{ */
+/** Process rights that we allow for handles to stub and VM processes. */
+# define SUPDRV_NT_ALLOW_PROCESS_RIGHTS  \
+    (  PROCESS_TERMINATE \
+     | PROCESS_VM_READ \
+     | PROCESS_QUERY_INFORMATION \
+     | PROCESS_QUERY_LIMITED_INFORMATION \
+     | PROCESS_SUSPEND_RESUME \
+     | DELETE \
+     | READ_CONTROL \
+     | SYNCHRONIZE)
+/** Evil process rights. */
+# define SUPDRV_NT_EVIL_PROCESS_RIGHTS  \
+    (  PROCESS_CREATE_THREAD \
+     | PROCESS_SET_SESSIONID /*?*/ \
+     | PROCESS_VM_OPERATION \
+     | PROCESS_VM_WRITE \
+     | PROCESS_DUP_HANDLE \
+     | PROCESS_CREATE_PROCESS /*?*/ \
+     | PROCESS_SET_QUOTA /*?*/ \
+     | PROCESS_SET_INFORMATION \
+     | PROCESS_SET_LIMITED_INFORMATION /*?*/ \
+     | 0)
+AssertCompile((SUPDRV_NT_ALLOW_PROCESS_RIGHTS & SUPDRV_NT_EVIL_PROCESS_RIGHTS) == 0);
+static OB_PREOP_CALLBACK_STATUS __stdcall
+supdrvNtProtectCallback_ProcessHandlePre(PVOID pvUser, POB_PRE_OPERATION_INFORMATION pOpInfo)
+{
+    Assert(pvUser == NULL);
+    Assert(pOpInfo->Operation == OB_OPERATION_HANDLE_CREATE || pOpInfo->Operation == OB_OPERATION_HANDLE_DUPLICATE);
+    Assert(pOpInfo->ObjectType == *PsProcessType);
+    /*
+     * Protected?  Kludge required for NtOpenProcess calls comming in before
+     * the create process hook triggers on Windows 8.1 (possibly others too).
+     */
+    HANDLE           hObjPid    = PsGetProcessId((PEPROCESS)pOpInfo->Object);
+    PSUPDRVNTPROTECT pNtProtect = supdrvNtProtectLookup(hObjPid);
+    if (!pNtProtect)
+    {
+        HANDLE           hParentPid = PsGetProcessInheritedFromUniqueProcessId((PEPROCESS)pOpInfo->Object);
+        PSUPDRVNTPROTECT pNtStub = supdrvNtProtectLookup(hParentPid);
+        if (pNtStub)
+        {
+            if (supdrvNtProtectIsSpawningStubProcess(pNtStub, hParentPid, hObjPid))
+            {
+                supdrvNtProtectProtectNewStubChild(pNtStub, hObjPid);
+                pNtProtect = supdrvNtProtectLookup(hObjPid);
+            }
+            supdrvNtProtectRelease(pNtStub);
+        }
+    }
+    pOpInfo->CallContext = pNtProtect; /* Just for reference. */
+    if (pNtProtect)
+    {
+        /*
+         * Ok, it's a protected process.  Strip rights as required or possible.
+         */
+        static ACCESS_MASK const s_fCsrssStupidDesires = 0x1fffff;
+        ACCESS_MASK fAllowedRights = SUPDRV_NT_ALLOW_PROCESS_RIGHTS;
+        if (pOpInfo->Operation == OB_OPERATION_HANDLE_CREATE)
+        {
+            /* Don't restrict the process accessing itself. */
+            if ((PEPROCESS)pOpInfo->Object == PsGetCurrentProcess())
+            {
+                pOpInfo->CallContext = NULL; /* don't assert */
+                pNtProtect->fFirstProcessCreateHandle = false;
+                Log(("vboxdrv/ProcessHandlePre: ctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] %s\n",
+                     PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
+                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess,
+                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind,
+                     PsGetProcessImageFileName(PsGetCurrentProcess()) ));
+            }
+            else
+            {
+                /* Special case 1 on Vista, 7 & 8:
+                   The CreateProcess code passes the handle over to CSRSS.EXE
+                   and the code inBaseSrvCreateProcess will duplicate the
+                   handle with 0x1fffff as access mask.  NtDuplicateObject will
+                   fail this call before it ever gets down here.
+                   Special case 2 on 8.1:
+                   The CreateProcess code requires additional rights for
+                   something, we'll drop these in the stub code. */
+                if (   pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed
+                    && pNtProtect->fFirstProcessCreateHandle
+                    && pNtProtect->hParentPid == PsGetProcessId(PsGetCurrentProcess()))
+                {
+                    if (   !pOpInfo->KernelHandle
+                        && pOpInfo->Parameters->CreateHandleInformation.DesiredAccess == s_fCsrssStupidDesires)
+                    {
+                        if (g_uNtVerCombined < SUP_MAKE_NT_VER_SIMPLE(6, 3))
+                            fAllowedRights |= s_fCsrssStupidDesires;
+                        else
+                            fAllowedRights = fAllowedRights
+                                           | PROCESS_VM_OPERATION
+                                           | PROCESS_VM_WRITE
+                                           | PROCESS_SET_INFORMATION
+                                           | PROCESS_SET_LIMITED_INFORMATION
+                                           | 0;
+                        pOpInfo->CallContext = NULL; /* don't assert this. */
+                    }
+                    pNtProtect->fFirstProcessCreateHandle = false;
+                }
+                /* Special case 3 on 8.1:
+                   The interaction between the CreateProcess code and CSRSS.EXE
+                   has changed to the better with Windows 8.1.  CSRSS.EXE no
+                   longer duplicates the process (thread too) handle, but opens
+                   it, thus allowing us to do our job. */
+                if (   g_uNtVerCombined >= SUP_MAKE_NT_VER_SIMPLE(6, 3)
+                    && pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed
+                    && pNtProtect->fCsrssFirstProcessCreateHandle
+                    && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess())
+                   )
+                {
+                    pNtProtect->fCsrssFirstProcessCreateHandle = false;
+                    if (pOpInfo->Parameters->CreateHandleInformation.DesiredAccess == s_fCsrssStupidDesires)
+                    {
+                        /* Not needed: PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID,
+                           PROCESS_CREATE_PROCESS */
+                        fAllowedRights = fAllowedRights
+                                       | PROCESS_VM_OPERATION
+                                       | PROCESS_VM_WRITE
+                                       | PROCESS_DUP_HANDLE /* Needed for CreateProcess/VBoxTestOGL. */
+                                       | 0;
+                        pOpInfo->CallContext = NULL; /* don't assert this. */
+                    }
+                }
+                /* Special case 4, Windows 7, Vista, possibly 8, but not 8.1:
+                   The Themes service requires PROCESS_DUP_HANDLE access to our
+                   process or we won't get any menus and dialogs will be half
+                   unreadable.  This is _very_ unfortunate and more work will
+                   go into making this more secure.  */
+                if (   g_uNtVerCombined >= SUP_MAKE_NT_VER_SIMPLE(6, 0)
+                    && g_uNtVerCombined  < SUP_MAKE_NT_VER_SIMPLE(6, 2)
+                    && pOpInfo->Parameters->CreateHandleInformation.DesiredAccess == 0x1478 /* 6.1.7600.16385 (win7_rtm.090713-1255) */
+                    && pNtProtect->fThemesFirstProcessCreateHandle
+                    && supdrvNtProtectIsFrigginThemesService(pNtProtect, PsGetCurrentProcess()))
+                {
+                    pNtProtect->fThemesFirstProcessCreateHandle = true; /* Only once! */
+                    fAllowedRights |= PROCESS_DUP_HANDLE;
+                    pOpInfo->CallContext = NULL; /* don't assert this. */
+                }
+                Log(("vboxdrv/ProcessHandlePre: ctx=%04zx/%p wants %#x to %p/pid=%04zx [%d], allow %#x => %#x; %s\n",
+                     PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
+                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess,
+                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind, fAllowedRights,
+                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess & fAllowedRights,
+                     PsGetProcessImageFileName(PsGetCurrentProcess())));
+                pOpInfo->Parameters->CreateHandleInformation.DesiredAccess &= fAllowedRights;
+            }
+        }
+        else
+        {
+            /* Don't restrict the process accessing itself. */
+            if (   (PEPROCESS)pOpInfo->Object == PsGetCurrentProcess()
+                && pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess == pOpInfo->Object)
+            {
+                Log(("vboxdrv/ProcessHandlePre: ctx=%04zx/%p[%p] dup from %04zx/%p with %#x to %p in pid=%04zx [%d] %s\n",
+                     PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
+                     pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess,
+                     PsGetProcessId((PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess),
+                     pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess,
+                     pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess,
+                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind,
+                     PsGetProcessImageFileName(PsGetCurrentProcess()) ));
+                pOpInfo->CallContext = NULL; /* don't assert */
+            }
+            else
+            {
+                /* Special case 5 on Vista, 7 & 8:
+                   This is the CSRSS.EXE end of special case #1. */
+                if (   g_uNtVerCombined < SUP_MAKE_NT_VER_SIMPLE(6, 3)
+                    && pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed
+                    && pNtProtect->fCsrssFirstProcessDuplicateHandle
+                    &&    pNtProtect->hParentPid
+                       == PsGetProcessId((PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess)
+                    && pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess == PsGetCurrentProcess()
+                    && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess())
+                   )
+                {
+                    pNtProtect->fCsrssFirstProcessDuplicateHandle = false;
+                    if (pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess == s_fCsrssStupidDesires)
+                    {
+                        /* Not needed: PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID,
+                           PROCESS_CREATE_PROCESS, PROCESS_DUP_HANDLE */
+                        fAllowedRights = fAllowedRights
+                                       | PROCESS_VM_OPERATION
+                                       | PROCESS_VM_WRITE
+                                       | PROCESS_DUP_HANDLE /* Needed for launching VBoxTestOGL. */
+                                       | 0;
+                        pOpInfo->CallContext = NULL; /* don't assert this. */
+                    }
+                }
+                Log(("vboxdrv/ProcessHandlePre: ctx=%04zx/%p[%p] dup from %04zx/%p with %#x to %p in pid=%04zx [%d] %s\n",
+                     PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
+                     pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess,
+                     PsGetProcessId((PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess),
+                     pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess,
+                     pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess,
+                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind,
+                     PsGetProcessImageFileName(PsGetCurrentProcess()) ));
+                pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess &= fAllowedRights;
+            }
+        }
+        supdrvNtProtectRelease(pNtProtect);
+    }
+    return OB_PREOP_SUCCESS;
+}
+static VOID __stdcall
+supdrvNtProtectCallback_ProcessHandlePost(PVOID pvUser, POB_POST_OPERATION_INFORMATION pOpInfo)
+{
+    Assert(pvUser == NULL);
+    Assert(pOpInfo->Operation == OB_OPERATION_HANDLE_CREATE || pOpInfo->Operation == OB_OPERATION_HANDLE_DUPLICATE);
+    Assert(pOpInfo->ObjectType == *PsProcessType);
+    if (   pOpInfo->CallContext
+        && NT_SUCCESS(pOpInfo->ReturnStatus))
+    {
+        ACCESS_MASK const fGrantedAccess = pOpInfo->Operation == OB_OPERATION_HANDLE_CREATE
+                                         ? pOpInfo->Parameters->CreateHandleInformation.GrantedAccess
+                                         : pOpInfo->Parameters->DuplicateHandleInformation.GrantedAccess;
+        AssertReleaseMsg(   !(fGrantedAccess & ~(  SUPDRV_NT_ALLOW_PROCESS_RIGHTS
+                                                 | WRITE_OWNER | WRITE_DAC /* these two might be forced upon us */
+                                                 | PROCESS_UNKNOWN_4000 /* Seen set on win 8.1 */
+                                                 /*| PROCESS_UNKNOWN_8000 */ ) )
+                         || pOpInfo->KernelHandle,
+                         ("GrantedAccess=%#x - we allow %#x - we did not allow %#x\n",
+                          fGrantedAccess, SUPDRV_NT_ALLOW_PROCESS_RIGHTS, fGrantedAccess & ~SUPDRV_NT_ALLOW_PROCESS_RIGHTS));
+    }
+}
+# undef SUPDRV_NT_ALLOW_PROCESS_RIGHTS
+/** @} */
+/** @name Thread Handle Callbacks
+ * @{ */
+/* From ntifs.h */
+extern "C" NTKERNELAPI PEPROCESS __stdcall IoThreadToProcess(PETHREAD);
+/** Thread rights that we allow for handles to stub and VM processes. */
+# define SUPDRV_NT_ALLOWED_THREAD_RIGHTS  \
+    (  THREAD_TERMINATE \
+     | THREAD_GET_CONTEXT \
+     | THREAD_QUERY_INFORMATION \
+     | THREAD_QUERY_LIMITED_INFORMATION \
+     | DELETE \
+     | READ_CONTROL \
+     | SYNCHRONIZE)
+/** @todo consider THREAD_SET_LIMITED_INFORMATION & THREAD_RESUME */
+/** Evil thread rights.
+ * @remarks THREAD_RESUME is not included as it seems to be forced upon us by
+ *          Windows 8.1, at least for some processes.  We dont' actively
+ *          allow it though, just tollerate it when forced to. */
+# define SUPDRV_NT_EVIL_THREAD_RIGHTS  \
+    (  THREAD_SUSPEND_RESUME \
+     | THREAD_SET_CONTEXT \
+     | THREAD_SET_INFORMATION \
+     | THREAD_SET_LIMITED_INFORMATION /*?*/ \
+     | THREAD_SET_THREAD_TOKEN /*?*/ \
+     | THREAD_IMPERSONATE /*?*/ \
+     | THREAD_DIRECT_IMPERSONATION /*?*/ \
+     /*| THREAD_RESUME - see remarks. */ \
+     | 0)
+AssertCompile((SUPDRV_NT_EVIL_THREAD_RIGHTS & SUPDRV_NT_ALLOWED_THREAD_RIGHTS) == 0);
+static OB_PREOP_CALLBACK_STATUS __stdcall
+supdrvNtProtectCallback_ThreadHandlePre(PVOID pvUser, POB_PRE_OPERATION_INFORMATION pOpInfo)
+{
+    Assert(pvUser == NULL);
+    Assert(pOpInfo->Operation == OB_OPERATION_HANDLE_CREATE || pOpInfo->Operation == OB_OPERATION_HANDLE_DUPLICATE);
+    Assert(pOpInfo->ObjectType == *PsThreadType);
+    PEPROCESS pProcess = IoThreadToProcess((PETHREAD)pOpInfo->Object);
+    PSUPDRVNTPROTECT pNtProtect = supdrvNtProtectLookup(PsGetProcessId(pProcess));
+    pOpInfo->CallContext = pNtProtect; /* Just for reference. */
+    if (pNtProtect)
+    {
+        static ACCESS_MASK const s_fCsrssStupidDesires = 0x1fffff;
+        ACCESS_MASK fAllowedRights = SUPDRV_NT_ALLOWED_THREAD_RIGHTS;
+        if (pOpInfo->Operation == OB_OPERATION_HANDLE_CREATE)
+        {
+            /* Don't restrict the process accessing its own threads. */
+            if (pProcess == PsGetCurrentProcess())
+            {
+                Log(("vboxdrv/ThreadHandlePre: ctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] self\n",
+                     PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
+                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess,
+                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind));
+                pOpInfo->CallContext = NULL; /* don't assert */
+                pNtProtect->fFirstThreadCreateHandle = false;
+            }
+            else
+            {
+                /* Special case 1 on Vista, 7, 8:
+                   The CreateProcess code passes the handle over to CSRSS.EXE
+                   and the code inBaseSrvCreateProcess will duplicate the
+                   handle with 0x1fffff as access mask.  NtDuplicateObject will
+                   fail this call before it ever gets down here.  */
+                if (   g_uNtVerCombined < SUP_MAKE_NT_VER_SIMPLE(6, 3)
+                    && pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed
+                    && pNtProtect->fFirstThreadCreateHandle
+                    && pNtProtect->hParentPid == PsGetProcessId(PsGetCurrentProcess()))
+                {
+                    if (   !pOpInfo->KernelHandle
+                        && pOpInfo->Parameters->CreateHandleInformation.DesiredAccess == s_fCsrssStupidDesires)
+                    {
+                        fAllowedRights |= s_fCsrssStupidDesires;
+                        pOpInfo->CallContext = NULL; /* don't assert this. */
+                    }
+                    pNtProtect->fFirstThreadCreateHandle = false;
+                }
+                /* Special case 2 on 8.1, possibly also Vista, 7, 8:
+                   When creating a process like VBoxTestOGL from the VM process,
+                   CSRSS.EXE will try talk to the calling thread and, it
+                   appears, impersonate it.  We unfortunately need to allow
+                   this or there will be no 3D support.  Typical DbgPrint:
+                        "SXS: BasepCreateActCtx() Calling csrss server failed. Status = 0xc00000a5" */
+                SUPDRVNTPROTECTKIND enmProcessKind;
+                if (   g_uNtVerCombined >= SUP_MAKE_NT_VER_COMBINED(6, 0, 0, 0, 0)
+                    && (   (enmProcessKind = pNtProtect->enmProcessKind) == kSupDrvNtProtectKind_VmProcessConfirmed
+                        || enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed)
+                    && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()) )
+                {
+                    fAllowedRights |= THREAD_IMPERSONATE;
+                    fAllowedRights |= THREAD_DIRECT_IMPERSONATION;
+                    //fAllowedRights |= THREAD_SET_LIMITED_INFORMATION; - try without this one
+                    pOpInfo->CallContext = NULL; /* don't assert this. */
+                }
+                Log(("vboxdrv/ThreadHandlePre: ctx=%04zx/%p wants %#x to %p in pid=%04zx [%d], allow %#x => %#x; %s\n",
+                     PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
+                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess,
+                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind, fAllowedRights,
+                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess & fAllowedRights,
+                     PsGetProcessImageFileName(PsGetCurrentProcess())));
+                pOpInfo->Parameters->CreateHandleInformation.DesiredAccess &= fAllowedRights;
+            }
+        }
+        else
+        {
+            /* Don't restrict the process accessing its own threads. */
+            if (   pProcess == PsGetCurrentProcess()
+                && (PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess == pProcess)
+            {
+                Log(("vboxdrv/ThreadHandlePre: ctx=%04zx/%p[%p] dup from %04zx/%p with %#x to %p in pid=%04zx [%d] self\n",
+                     PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
+                     pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess,
+                     PsGetProcessId((PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess),
+                     pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess,
+                     pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess,
+                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind,
+                     PsGetProcessImageFileName(PsGetCurrentProcess()) ));
+                pOpInfo->CallContext = NULL; /* don't assert */
+            }
+            else
+            {
+                /* Special case 3 on Vista, 7, 8:
+                   This is the follow up to special case 1. */
+                SUPDRVNTPROTECTKIND enmProcessKind;
+                if (   g_uNtVerCombined >= SUP_MAKE_NT_VER_COMBINED(6, 0, 0, 0, 0)
+                    && (   (enmProcessKind = pNtProtect->enmProcessKind) == kSupDrvNtProtectKind_VmProcessConfirmed
+                        || enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed)
+                    && pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess == PsGetCurrentProcess()
+                    && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()) )
+                {
+                    fAllowedRights |= THREAD_IMPERSONATE;
+                    fAllowedRights |= THREAD_DIRECT_IMPERSONATION;
+                    //fAllowedRights |= THREAD_SET_LIMITED_INFORMATION; - try without this one
+                    pOpInfo->CallContext = NULL; /* don't assert this. */
+                }
+                Log(("vboxdrv/ThreadHandlePre: ctx=%04zx/%p[%p] dup from %04zx/%p with %#x to %p in pid=%04zx [%d], allow %#x => %#x; %s\n",
+                     PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
+                     pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess,
+                     PsGetProcessId((PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess),
+                     pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess,
+                     pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess,
+                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind, fAllowedRights,
+                     pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess & fAllowedRights,
+                     PsGetProcessImageFileName(PsGetCurrentProcess()) ));
+                pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess &= fAllowedRights;
+            }
+        }
+        supdrvNtProtectRelease(pNtProtect);
+    }
+    return OB_PREOP_SUCCESS;
+}
+static VOID __stdcall
+supdrvNtProtectCallback_ThreadHandlePost(PVOID pvUser, POB_POST_OPERATION_INFORMATION pOpInfo)
+{
+    Assert(pvUser == NULL);
+    Assert(pOpInfo->Operation == OB_OPERATION_HANDLE_CREATE || pOpInfo->Operation == OB_OPERATION_HANDLE_DUPLICATE);
+    Assert(pOpInfo->ObjectType == *PsThreadType);
+    if (   pOpInfo->CallContext
+        && NT_SUCCESS(pOpInfo->ReturnStatus))
+    {
+        ACCESS_MASK const fGrantedAccess = pOpInfo->Parameters->CreateHandleInformation.GrantedAccess;
+        AssertReleaseMsg(   !(fGrantedAccess & ~(  SUPDRV_NT_ALLOWED_THREAD_RIGHTS
+                                                 | WRITE_OWNER | WRITE_DAC /* these two might be forced upon us */
+                                                 | THREAD_RESUME /* This seems to be force upon us too with 8.1. */
+                                                 ) )
+                         || pOpInfo->KernelHandle,
+                         ("GrantedAccess=%#x - we allow %#x - we did not allow %#x\n",
+                          fGrantedAccess, SUPDRV_NT_ALLOWED_THREAD_RIGHTS, fGrantedAccess & ~SUPDRV_NT_ALLOWED_THREAD_RIGHTS));
+    }
+}
+# undef SUPDRV_NT_ALLOWED_THREAD_RIGHTS
+/** @} */
+/**
+ * Creates a new process protection structure.
+ *
+ * @returns VBox status code.
+ * @param   ppNtProtect         Where to return the pointer to the structure
+ *                              on success.
+ * @param   hPid                The process ID of the process to protect.
+ * @param   enmProcessKind      The kind of process we're protecting.
+ * @param   fLink               Whether to link the structure into the tree.
+ */
+static int supdrvNtProtectCreate(PSUPDRVNTPROTECT *ppNtProtect, HANDLE hPid, SUPDRVNTPROTECTKIND enmProcessKind, bool fLink)
+{
+    AssertReturn(g_hNtProtectLock != NIL_RTSPINLOCK, VERR_WRONG_ORDER);
+    PSUPDRVNTPROTECT pNtProtect = (PSUPDRVNTPROTECT)RTMemAllocZ(sizeof(*pNtProtect));
+    if (!pNtProtect)
+        return VERR_NO_MEMORY;
+    pNtProtect->AvlCore.Key                  = hPid;
+    pNtProtect->u32Magic                     = SUPDRVNTPROTECT_MAGIC;
+    pNtProtect->cRefs                        = 1;
+    pNtProtect->enmProcessKind               = enmProcessKind;
+    pNtProtect->hParentPid                   = NULL;
+    pNtProtect->hCsrssPid                    = NULL;
+    pNtProtect->pCsrssProcess                = NULL;
+    if (fLink)
+    {
+        RTSpinlockAcquire(g_hNtProtectLock);
+        bool fSuccess = RTAvlPVInsert(&g_NtProtectTree, &pNtProtect->AvlCore);
+        RTSpinlockRelease(g_hNtProtectLock);
+        if (!fSuccess)
+        {
+            /* Duplicate entry, fail. */
+            pNtProtect->u32Magic = SUPDRVNTPROTECT_MAGIC_DEAD;
+            RTMemFree(pNtProtect);
+            return VERR_ACCESS_DENIED;
+        }
+    }
+    *ppNtProtect = pNtProtect;
+    return VINF_SUCCESS;
+}
+/**
+ * Releases a reference to a NT protection structure.
+ *
+ * @param   pNtProtect          The NT protection structure.
+ */
+static void supdrvNtProtectRelease(PSUPDRVNTPROTECT pNtProtect)
+{
+    if (!pNtProtect)
+        return;
+    AssertReturnVoid(pNtProtect->u32Magic == SUPDRVNTPROTECT_MAGIC);
+    RTSpinlockAcquire(g_hNtProtectLock);
+    uint32_t cRefs = ASMAtomicDecU32(&pNtProtect->cRefs);
+    if (cRefs != 0)
+        RTSpinlockRelease(g_hNtProtectLock);
+    else
+    {
+        /*
+         * That was the last reference.  Remove it from the tree, invalidate it
+         * and free the resources associated with it.  Also, release any
+         * child/parent references related to this protection structure.
+         */
+        ASMAtomicWriteU32(&pNtProtect->u32Magic, SUPDRVNTPROTECT_MAGIC_DEAD);
+        PSUPDRVNTPROTECT pRemoved = (PSUPDRVNTPROTECT)RTAvlPVRemove(&g_NtProtectTree, pNtProtect->AvlCore.Key);
+        PSUPDRVNTPROTECT pRemovedChild = NULL;
+        PSUPDRVNTPROTECT pChild = NULL;
+        if (pNtProtect->enmProcessKind == kSupDrvNtProtectKind_StubParent)
+        {
+            pChild = pNtProtect->u.pChild;
+            if (pChild)
+            {
+                pNtProtect->u.pChild   = NULL;
+                pChild->u.pParent      = NULL;
+                pChild->enmProcessKind = kSupDrvNtProtectKind_VmProcessDead;
+                uint32_t cChildRefs = ASMAtomicIncU32(&pChild->cRefs);
+                if (!cChildRefs)
+                    pRemovedChild = (PSUPDRVNTPROTECT)RTAvlPVRemove(&g_NtProtectTree, pChild->AvlCore.Key);
+                else
+                    pChild = NULL;
+            }
+        }
+        else
+            AssertRelease(pNtProtect->enmProcessKind != kSupDrvNtProtectKind_VmProcessUnconfirmed);
+        RTSpinlockRelease(g_hNtProtectLock);
+        Assert(pRemoved == pNtProtect);
+        Assert(pRemovedChild == pChild);
+        if (pNtProtect->pCsrssProcess)
+        {
+            ObDereferenceObject(pNtProtect->pCsrssProcess);
+            pNtProtect->pCsrssProcess = NULL;
+        }
+        RTMemFree(pNtProtect);
+        if (pChild)
+            RTMemFree(pChild);
+    }
+}
+/**
+ * Looks up a PID in the NT protect tree.
+ *
+ * @returns Pointer to a NT protection structure (with a referenced) on success,
+ *          NULL if not found.
+ * @param   hPid                The process ID.
+ */
+static PSUPDRVNTPROTECT supdrvNtProtectLookup(HANDLE hPid)
+{
+    RTSpinlockAcquire(g_hNtProtectLock);
+    PSUPDRVNTPROTECT pFound = (PSUPDRVNTPROTECT)RTAvlPVGet(&g_NtProtectTree, hPid);
+    if (pFound)
+        ASMAtomicIncU32(&pFound->cRefs);
+    RTSpinlockRelease(g_hNtProtectLock);
+    return pFound;
+}
+/**
+ * Worker for supdrvNtProtectVerifyProcess that verifies the handles to a VM
+ * process and its thread.
+ *
+ * @returns VBox status code.
+ * @param   pNtProtect          The NT protect structure for getting information
+ *                              about special processes.
+ */
+static int supdrvNtProtectRestrictHandlesToProcessAndThread(PSUPDRVNTPROTECT pNtProtect)
+{
+    /*
+     * What to protect.
+     */
+    PEPROCESS   pProtectedProcess = PsGetCurrentProcess();
+    HANDLE      hProtectedPid     = PsGetProcessId(pProtectedProcess);
+    PETHREAD    pProtectedThread  = PsGetCurrentThread();
+    AssertReturn(pNtProtect->AvlCore.Key == hProtectedPid, VERR_INTERNAL_ERROR_5);
+    /*
+     * Take a snapshot of all the handles in the system.
+     */
+    uint32_t    cbBuf    = _256K;
+    uint8_t    *pbBuf    = (uint8_t *)RTMemAlloc(cbBuf);
+    ULONG       cbNeeded = cbBuf;
+    NTSTATUS rcNt = NtQuerySystemInformation(SystemExtendedHandleInformation, pbBuf, cbBuf, &cbNeeded);
+    if (!NT_SUCCESS(rcNt))
+    {
+        while (   rcNt == STATUS_INFO_LENGTH_MISMATCH
+               && cbNeeded > cbBuf
+               && cbBuf <= 32U*_1M)
+        {
+            cbBuf = RT_ALIGN_32(cbNeeded + _4K, _64K);
+            RTMemFree(pbBuf);
+            pbBuf = (uint8_t *)RTMemAlloc(cbBuf);
+            if (!pbBuf)
+                return VERR_NO_MEMORY;
+            rcNt = NtQuerySystemInformation(SystemExtendedHandleInformation, pbBuf, cbBuf, &cbNeeded);
+        }
+        if (!NT_SUCCESS(rcNt))
+        {
+            RTMemFree(pbBuf);
+            return RTErrConvertFromNtStatus(rcNt);
+        }
+    }
+    /*
+     * Walk the information and look for handles to the two objects we're protecting.
+     */
+    int rc = VINF_SUCCESS;
+    uint32_t cCsrssProcessHandles  = 0;
+    uint32_t cSystemProcessHandles = 0;
+    uint32_t cEvilProcessHandles   = 0;
+    uint32_t cBenignProcessHandles = 0;
+    uint32_t cCsrssThreadHandles   = 0;
+    uint32_t cEvilThreadHandles    = 0;
+    uint32_t cBenignThreadHandles  = 0;
+    SYSTEM_HANDLE_INFORMATION_EX const *pInfo = (SYSTEM_HANDLE_INFORMATION_EX const *)pbBuf;
+    ULONG_PTR i = pInfo->NumberOfHandles;
+    AssertRelease(RT_OFFSETOF(SYSTEM_HANDLE_INFORMATION_EX, Handles[i]) == cbNeeded);
+    while (i-- > 0)
+    {
+        const char *pszType;
+        SYSTEM_HANDLE_ENTRY_INFO_EX const *pHandleInfo = &pInfo->Handles[i];
+        if (pHandleInfo->Object == pProtectedProcess)
+        {
+            /* Handles within the protected process is fine. */
+            if (   !(pHandleInfo->GrantedAccess & SUPDRV_NT_EVIL_PROCESS_RIGHTS)
+                || pHandleInfo->UniqueProcessId == hProtectedPid)
+            {
+                cBenignProcessHandles++;
+                continue;
+            }
+            /* CSRSS is allowed to have one evil process handle.
+               See the special cases in the hook code. */
+            if (   cCsrssProcessHandles < 1
+                && pHandleInfo->UniqueProcessId == pNtProtect->hCsrssPid)
+            {
+                cCsrssProcessHandles++;
+                continue;
+            }
+            /* The system process is allowed having one open process handle in
+               Windows 8.1 and later. */
+            if (   g_uNtVerCombined >= SUP_MAKE_NT_VER_SIMPLE(6, 3)
+                && cSystemProcessHandles < 1
+                && pHandleInfo->UniqueProcessId == PsGetProcessId(PsInitialSystemProcess))
+            {
+                cSystemProcessHandles++;
+                continue;
+            }
+            cEvilProcessHandles++;
+            pszType = "process";
+        }
+        else if (pHandleInfo->Object == pProtectedThread)
+        {
+            /* Handles within the protected process is fine. */
+            if (   !(pHandleInfo->GrantedAccess & SUPDRV_NT_EVIL_THREAD_RIGHTS)
+                || pHandleInfo->UniqueProcessId == hProtectedPid)
+            {
+                cBenignThreadHandles++;
+                continue;
+            }
+            /* CSRSS is allowed to have one evil handle to the primary thread
+               for LPC purposes.  See the hook for special case. */
+            if (   cCsrssThreadHandles < 1
+                && pHandleInfo->UniqueProcessId == pNtProtect->hCsrssPid)
+            {
+                cCsrssThreadHandles++;
+                continue;
+            }
+            cEvilThreadHandles++;
+            pszType = "thread";
+        }
+        else
+            continue;
+        /* Found evil handle. Currently ignoring on pre-Vista. */
+# ifndef VBOX_WITH_VISTA_NO_SP
+        if (   g_uNtVerCombined >= SUP_NT_VER_VISTA
+# else
+        if (   g_uNtVerCombined >= SUP_MAKE_NT_VER_COMBINED(6, 0, 6001, 0, 0)
+# endif
+            || g_pfnObRegisterCallbacks)
+        {
+            LogRel(("vboxdrv: Found evil handle to budding VM process: pid=%p h=%p acc=%#x attr=%#x type=%s\n",
+                    pHandleInfo->UniqueProcessId, pHandleInfo->HandleValue,
+                    pHandleInfo->GrantedAccess, pHandleInfo->HandleAttributes, pszType));
+            rc = VERR_SUPDRV_HARDENING_EVIL_HANDLE;
+        }
+    }
+    return rc;
+}
+/**
+ * Checks if the current process checks out as a VM process stub.
+ *
+ * @returns VBox status code.
+ * @param   pNtProtect          The NT protect structure.  This is upgraded to a
+ *                              final protection kind (state) on success.
+ */
+static int supdrvNtProtectVerifyProcess(PSUPDRVNTPROTECT pNtProtect)
+{
+    AssertReturn(PsGetProcessId(PsGetCurrentProcess()) == pNtProtect->AvlCore.Key, VERR_INTERNAL_ERROR_3);
+    /*
+     * Do the verification.  The handle restriction checks are only preformed
+     * on VM processes.
+     */
+    int rc = VINF_SUCCESS;
+    if (pNtProtect->enmProcessKind >= kSupDrvNtProtectKind_VmProcessUnconfirmed)
+        rc = supdrvNtProtectRestrictHandlesToProcessAndThread(pNtProtect);
+    if (RT_SUCCESS(rc))
+    {
+        char szErr[256];
+        RT_ZERO(szErr);
+        RTERRINFO ErrInfo;
+        RTErrInfoInit(&ErrInfo, szErr, sizeof(szErr));
+        rc = supHardenedWinVerifyProcess(NtCurrentProcess(), NtCurrentThread(), &ErrInfo);
+        if (RT_FAILURE(rc))
+            RTLogWriteDebugger(szErr, strlen(szErr));
+    }
+    /*
+     * Upgrade and return.
+     */
+    RTSpinlockAcquire(g_hNtProtectLock);
+    /* Stub process verficiation is pretty much straight forward. */
+    if (pNtProtect->enmProcessKind == kSupDrvNtProtectKind_StubUnverified)
+        pNtProtect->enmProcessKind = RT_SUCCESS(rc) ? kSupDrvNtProtectKind_StubSpawning : kSupDrvNtProtectKind_StubDead;
+    /* The VM process verification is a little bit more complicated
+       because we need to drop the parent process reference as well. */
+    else if (pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed)
+    {
+        AssertRelease(pNtProtect->cRefs >= 2); /* Parent + Caller */
+        PSUPDRVNTPROTECT pParent = pNtProtect->u.pParent;
+        AssertRelease(pParent);
+        AssertRelease(pParent->u.pParent == pNtProtect);
+        AssertRelease(pParent->enmProcessKind == kSupDrvNtProtectKind_StubParent);
+        pParent->u.pParent = NULL;
+        pNtProtect->u.pParent = NULL;
+        ASMAtomicDecU32(&pNtProtect->cRefs);
+        if (RT_SUCCESS(rc))
+            pNtProtect->enmProcessKind = kSupDrvNtProtectKind_VmProcessConfirmed;
+        else
+            pNtProtect->enmProcessKind = kSupDrvNtProtectKind_VmProcessDead;
+    }
+    /* Since the stub and VM processes are only supposed to have one thread,
+       we're not supposed to be subject to any races from within the processes.
+       There is a race between VM process verification and the stub process
+       exiting, though.  We require the stub process to be alive until the new
+       VM process has made it thru the validation.  So, when the stub
+       terminates the notification handler will change the state of both stub
+       and VM process to dead.
+       Also, I'm not entirely certain where the process
+       termination notification is triggered from, so that can theorically
+       create a race in both cases.  */
+    else
+    {
+        AssertReleaseMsg(   pNtProtect->enmProcessKind == kSupDrvNtProtectKind_StubDead
+                         || pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessDead,
+                         ("enmProcessKind=%d rc=%Rrc\n", pNtProtect->enmProcessKind, rc));
+        if (RT_SUCCESS(rc))
+            rc = VERR_INVALID_STATE; /* There should be no races here. */
+    }
+    RTSpinlockRelease(g_hNtProtectLock);
+    return rc;
+}
+# ifndef VBOX_WITHOUT_DEBUGGER_CHECKS
+/**
+ * Checks if the current process is being debugged.
+ * @return @c true if debugged, @c false if not.
+ */
+static bool supdrvNtIsDebuggerAttached(void)
+{
+    return PsIsProcessBeingDebugged(PsGetCurrentProcess()) != FALSE;
+}
+# endif /* !VBOX_WITHOUT_DEBUGGER_CHECKS */
+/**
+ * Terminates the hardening bits.
+ */
+static void supdrvNtProtectTerm(void)
+{
+    /*
+     * Stop intercepting process and thread handle creation calls.
+     */
+    if (g_pvObCallbacksCookie)
+    {
+        g_pfnObUnRegisterCallbacks(g_pvObCallbacksCookie);
+        g_pvObCallbacksCookie = NULL;
+    }
+    /*
+     * Stop intercepting process creation and termination notifications.
+     */
+    NTSTATUS rcNt;
+    if (g_pfnPsSetCreateProcessNotifyRoutineEx)
+        rcNt = g_pfnPsSetCreateProcessNotifyRoutineEx(supdrvNtProtectCallback_ProcessCreateNotifyEx, TRUE /*fRemove*/);
+    else
+        rcNt = PsSetCreateProcessNotifyRoutine(supdrvNtProtectCallback_ProcessCreateNotify, TRUE /*fRemove*/);
+    AssertMsg(NT_SUCCESS(rcNt), ("rcNt=%#x\n", rcNt));
+    Assert(g_NtProtectTree == NULL);
+    /*
+     * Clean up globals.
+     */
+    RTSpinlockDestroy(g_hNtProtectLock);
+    g_NtProtectTree = NIL_RTSPINLOCK;
+    supHardenedWinTermImageVerifier();
+}
+# ifdef RT_ARCH_X86
+DECLASM(void) supdrvNtQueryVirtualMemory_0xAF(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xB0(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xB1(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xB2(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xB3(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xB4(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xB5(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xB6(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xB7(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xB8(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xB9(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xBA(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xBB(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xBC(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xBD(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0xBE(void);
+# elif defined(RT_ARCH_AMD64)
+DECLASM(void) supdrvNtQueryVirtualMemory_0x1F(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0x20(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0x21(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0x22(void);
+DECLASM(void) supdrvNtQueryVirtualMemory_0x23(void);
+extern "C" NTSYSAPI NTSTATUS NTAPI ZwRequestWaitReplyPort(HANDLE, PVOID, PVOID);
+# endif
+/**
+ * Initalizes the hardening bits.
+ *
+ * @returns NT status code.
+ */
+static NTSTATUS supdrvNtProtectInit(void)
+{
+    /*
+     * Initialize the globals.
+     */
+    /* The NT version. */
+    ULONG uMajor, uMinor, uBuild;
+    PsGetVersion(&uMajor, &uMinor, &uBuild, NULL);
+    g_uNtVerCombined = SUP_MAKE_NT_VER_COMBINED(uMajor, uMinor, uBuild, 0, 0);
+    /* Resolve methods we want but isn't available everywhere. */
+    UNICODE_STRING RoutineName;
+    RtlInitUnicodeString(&RoutineName, L"ObRegisterCallbacks");
+    g_pfnObRegisterCallbacks   = (PFNOBREGISTERCALLBACKS)MmGetSystemRoutineAddress(&RoutineName);
+    RtlInitUnicodeString(&RoutineName, L"ObUnRegisterCallbacks");
+    g_pfnObUnRegisterCallbacks = (PFNOBUNREGISTERCALLBACKS)MmGetSystemRoutineAddress(&RoutineName);
+    RtlInitUnicodeString(&RoutineName, L"PsSetCreateProcessNotifyRoutineEx");
+    g_pfnPsSetCreateProcessNotifyRoutineEx = (PFNPSSETCREATEPROCESSNOTIFYROUTINEEX)MmGetSystemRoutineAddress(&RoutineName);
+    RtlInitUnicodeString(&RoutineName, L"PsReferenceProcessFilePointer");
+    g_pfnPsReferenceProcessFilePointer = (PFNPSREFERENCEPROCESSFILEPOINTER)MmGetSystemRoutineAddress(&RoutineName);
+    RtlInitUnicodeString(&RoutineName, L"PsIsProtectedProcessLight");
+    g_pfnPsIsProtectedProcessLight = (PFNPSISPROTECTEDPROCESSLIGHT)MmGetSystemRoutineAddress(&RoutineName);
+    RtlInitUnicodeString(&RoutineName, L"ZwQueryVirtualMemory"); /* Yes, using Zw version here. */
+    g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)MmGetSystemRoutineAddress(&RoutineName);
+    if (!g_pfnNtQueryVirtualMemory && g_uNtVerCombined < SUP_NT_VER_VISTA)
+    {
+        /* XP & W2K3 doesn't have this function exported, so we've cooked up a
+           few alternative in the assembly helper file that uses the code in
+           ZwQueryVolumeInformationFile with a different eax value. */
+# ifdef RT_ARCH_X86
+        uint8_t const *pbCode = (uint8_t const *)(uintptr_t)ZwQueryVolumeInformationFile;
+        if (*pbCode == 0xb8) /* mov eax, dword */
+            switch (*(uint32_t const *)&pbCode[1])
+            {
+                case 0xb0: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xAF; break; /* just in case */
+                case 0xb1: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xB0; break; /* just in case */
+                case 0xb2: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xB1; break; /* just in case */
+                case 0xb3: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xB2; break; /* XP SP3 */
+                case 0xb4: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xB2; break; /* just in case */
+                case 0xb5: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xB3; break; /* just in case */
+                case 0xb6: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xB4; break; /* just in case */
+                case 0xb7: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xB5; break; /* just in case */
+                case 0xb8: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xB6; break; /* just in case */
+                case 0xb9: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xB7; break; /* just in case */
+                case 0xba: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xB8; break; /* just in case */
+                case 0xbb: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xBA; break; /* W2K3 R2 SP2 */
+                case 0xbc: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xBB; break; /* just in case */
+                case 0xbd: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xBC; break; /* just in case */
+                case 0xbe: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xBD; break; /* just in case */
+                case 0xbf: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0xBE; break; /* just in case */
+            }
+# elif defined(RT_ARCH_AMD64)
+        uint8_t const *pbCode = (uint8_t const *)(uintptr_t)ZwRequestWaitReplyPort;
+        if (   pbCode[ 0] == 0x48   /* mov rax, rsp */
+            && pbCode[ 1] == 0x8b
+            && pbCode[ 2] == 0xc4
+            && pbCode[ 3] == 0xfa   /* cli */
+            && pbCode[ 4] == 0x48   /* sub rsp, 10h */
+            && pbCode[ 5] == 0x83
+            && pbCode[ 6] == 0xec
+            && pbCode[ 7] == 0x10
+            && pbCode[ 8] == 0x50   /* push rax */
+            && pbCode[ 9] == 0x9c   /* pushfq */
+            && pbCode[10] == 0x6a   /* push 10 */
+            && pbCode[11] == 0x10
+            && pbCode[12] == 0x48   /* lea rax, [nt!KiServiceLinkage] */
+            && pbCode[13] == 0x8d
+            && pbCode[14] == 0x05
+            && pbCode[19] == 0x50   /* push rax */
+            && pbCode[20] == 0xb8   /* mov eax,1fh <- the syscall no. */
+            /*&& pbCode[21] == 0x1f*/
+            && pbCode[22] == 0x00
+            && pbCode[23] == 0x00
+            && pbCode[24] == 0x00
+            && pbCode[25] == 0xe9   /* jmp KiServiceInternal */
+           )
+        {
+            uint8_t const *pbKiServiceInternal = &pbCode[30] + *(int32_t const *)&pbCode[26];
+            uint8_t const *pbKiServiceLinkage  = &pbCode[19] + *(int32_t const *)&pbCode[15];
+            if (*pbKiServiceLinkage == 0xc3)
+            {
+                g_pfnKiServiceInternal = (PFNRT)pbKiServiceInternal;
+                g_pfnKiServiceLinkage  = (PFNRT)pbKiServiceLinkage;
+                switch (pbCode[21])
+                {
+                    case 0x1e: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0x1F; break;
+                    case 0x1f: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0x20; break;
+                    case 0x20: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0x21; break;
+                    case 0x21: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0x22; break;
+                    case 0x22: g_pfnNtQueryVirtualMemory = (PFNNTQUERYVIRTUALMEMORY)supdrvNtQueryVirtualMemory_0x23; break;
+                }
+            }
+        }
+# endif
+    }
+    if (!g_pfnNtQueryVirtualMemory)
+    {
+        LogRel(("vboxdrv: Cannot locate ZwQueryVirtualMemory in ntoskrnl, nor were we able to cook up a replacement.\n"));
+        return STATUS_PROCEDURE_NOT_FOUND;
+    }
+    /* The spinlock protecting our structures. */
+    int rc = RTSpinlockCreate(&g_hNtProtectLock, RTSPINLOCK_FLAGS_INTERRUPT_UNSAFE, "NtProtectLock");
+    if (RT_FAILURE(rc))
+        return VBoxDrvNtErr2NtStatus(rc);
+    g_NtProtectTree = NULL;
+    /* Image stuff + certificates. */
+    NTSTATUS rcNt;
+    rc = supHardenedWinInitImageVerifier(NULL);
+    if (RT_SUCCESS(rc))
+    {
+        /*
+         * Intercept process creation and termination.
+         */
+        if (g_pfnPsSetCreateProcessNotifyRoutineEx)
+            rcNt = g_pfnPsSetCreateProcessNotifyRoutineEx(supdrvNtProtectCallback_ProcessCreateNotifyEx, FALSE /*fRemove*/);
+        else
+            rcNt = PsSetCreateProcessNotifyRoutine(supdrvNtProtectCallback_ProcessCreateNotify, FALSE /*fRemove*/);
+        if (NT_SUCCESS(rcNt))
+        {
+            /*
+             * Intercept process and thread handle creation calls.
+             * The preferred method is only available on Vista SP1+.
+             */
+            if (g_pfnObRegisterCallbacks && g_pfnObUnRegisterCallbacks)
+            {
+                static OB_OPERATION_REGISTRATION s_aObOperations[] =
+                {
+                    {
+                        PsProcessType,
+                        OB_OPERATION_HANDLE_CREATE | OB_OPERATION_HANDLE_DUPLICATE,
+                        supdrvNtProtectCallback_ProcessHandlePre,
+                        supdrvNtProtectCallback_ProcessHandlePost,
+                    },
+                    {
+                        PsThreadType,
+                        OB_OPERATION_HANDLE_CREATE | OB_OPERATION_HANDLE_DUPLICATE,
+                        supdrvNtProtectCallback_ThreadHandlePre,
+                        supdrvNtProtectCallback_ThreadHandlePost,
+                    },
+                };
+                static OB_CALLBACK_REGISTRATION s_ObCallbackReg =
+                {
+                    /* .Version                     = */ OB_FLT_REGISTRATION_VERSION,
+                    /* .OperationRegistrationCount  = */ RT_ELEMENTS(s_aObOperations),
+                    /* .Altitude.Length             = */ 0,
+                    /* .Altitude.MaximumLength      = */ 0,
+                    /* .Altitude.Buffer             = */ NULL,
+                    /* .RegistrationContext         = */ NULL,
+                    /* .OperationRegistration       = */ &s_aObOperations[0]
+                };
+                static WCHAR const *s_apwszAltitudes[] = /** @todo get a valid number */
+                {
+                     L"48596.98940",  L"46935.19485",  L"49739.39704",  L"40334.74976",
+                     L"66667.98940",  L"69888.19485",  L"69889.39704",  L"60364.74976",
+                     L"85780.98940",  L"88978.19485",  L"89939.39704",  L"80320.74976",
+                     L"329879.98940", L"326787.19485", L"328915.39704", L"320314.74976",
+                };
+                rcNt = STATUS_FLT_INSTANCE_ALTITUDE_COLLISION;
+                for (uint32_t i = 0; i < RT_ELEMENTS(s_apwszAltitudes) && rcNt == STATUS_FLT_INSTANCE_ALTITUDE_COLLISION; i++)
+                {
+                    s_ObCallbackReg.Altitude.Buffer = (WCHAR *)s_apwszAltitudes[i];
+                    s_ObCallbackReg.Altitude.Length = (uint16_t)RTUtf16Len(s_apwszAltitudes[i]) * sizeof(WCHAR);
+                    s_ObCallbackReg.Altitude.MaximumLength = s_ObCallbackReg.Altitude.Length + sizeof(WCHAR);
+                    rcNt = g_pfnObRegisterCallbacks(&s_ObCallbackReg, &g_pvObCallbacksCookie);
+                    if (NT_SUCCESS(rcNt))
+                    {
+                        /*
+                         * Happy ending.
+                         */
+                        return STATUS_SUCCESS;
+                    }
+                }
+                LogRel(("vboxdrv: ObRegisterCallbacks failed with rcNt=%#x\n", rcNt));
+                g_pvObCallbacksCookie = NULL;
+            }
+            else
+            {
+                /*
+                 * For the time being, we do not implement extra process
+                 * protection on pre-Vista-SP1 systems as they are lacking
+                 * necessary KPIs.  XP is end of life, we do not wish to
+                 * spend more time on it, so we don't put up a fuss there.
+                 * Vista users without SP1 can install SP1 (or later), darn it,
+                 * so refuse to load.
+                 */
+                /** @todo Hack up an XP solution - will require hooking kernel APIs or doing bad
+                 *        stuff to a couple of object types. */
+# ifndef VBOX_WITH_VISTA_NO_SP
+                if (g_uNtVerCombined >= SUP_NT_VER_VISTA)
+# else
+                if (g_uNtVerCombined >= SUP_MAKE_NT_VER_COMBINED(6, 0, 6001, 0, 0))
+# endif
+                {
+                    DbgPrint("vboxdrv: ObRegisterCallbacks was not found. Please make sure you got the latest updates and service packs installed\n");
+                    rcNt = STATUS_SXS_VERSION_CONFLICT;
+                }
+                else
+                {
+                    Log(("vboxdrv: ObRegisterCallbacks was not found; ignored pre-Vista\n"));
+                    return rcNt = STATUS_SUCCESS;
+                }
+                g_pvObCallbacksCookie = NULL;
+            }
+            /*
+             * Drop process create/term notifications.
+             */
+            if (g_pfnPsSetCreateProcessNotifyRoutineEx)
+                g_pfnPsSetCreateProcessNotifyRoutineEx(supdrvNtProtectCallback_ProcessCreateNotifyEx, TRUE /*fRemove*/);
+            else
+                PsSetCreateProcessNotifyRoutine(supdrvNtProtectCallback_ProcessCreateNotify, TRUE /*fRemove*/);
+        }
+        else
+            LogRel(("vboxdrv: PsSetCreateProcessNotifyRoutine%s failed with rcNt=%#x\n",
+                    g_pfnPsSetCreateProcessNotifyRoutineEx ? "Ex" : "", rcNt));
+        supHardenedWinTermImageVerifier();
+    }
+    else
+        rcNt = VBoxDrvNtErr2NtStatus(rc);
+    RTSpinlockDestroy(g_hNtProtectLock);
+    g_NtProtectTree = NIL_RTSPINLOCK;
+    return rcNt;
+}
+#endif /* VBOX_WITH_HARDENING */

trunk/src/VBox/HostDrivers/Support/win/SUPDrvA-win.asm

-              r44528
+              r51770
+;
 ; Copyright (C) 2006-2010 Oracle Corporation
+; Copyright (C) 2006-2014 Oracle Corporation
+;
 ; This file is part of VirtualBox Open Source Edition (OSE), as
 …
 %endif
+%ifdef RT_ARCH_X86
+;
+; Faking up ZwQueryVirtualMemory on XP and W2K3 where it's not exported.
+; Using ZwQueryVolumeInformationFile as a helper.
+;
+extern  IMPNAME(ZwQueryVolumeInformationFile@20)
+BEGINPROC supdrvNtQueryVirtualMemory_Xxx
+ %macro NtQueryVirtualMemorySyscall 1
+ GLOBALNAME supdrvNtQueryVirtualMemory_ %+ %1
+        mov     eax, %1
+        jmp     supdrvNtQueryVirtualMemory_Jump
+ %endm
+    NtQueryVirtualMemorySyscall 0xAF
+    NtQueryVirtualMemorySyscall 0xB0
+    NtQueryVirtualMemorySyscall 0xB1
+    NtQueryVirtualMemorySyscall 0xB2
+    NtQueryVirtualMemorySyscall 0xB3
+    NtQueryVirtualMemorySyscall 0xB4
+    NtQueryVirtualMemorySyscall 0xB5
+    NtQueryVirtualMemorySyscall 0xB6
+    NtQueryVirtualMemorySyscall 0xB7
+    NtQueryVirtualMemorySyscall 0xB8
+    NtQueryVirtualMemorySyscall 0xB9
+    NtQueryVirtualMemorySyscall 0xBA
+    NtQueryVirtualMemorySyscall 0xBB
+    NtQueryVirtualMemorySyscall 0xBC
+    NtQueryVirtualMemorySyscall 0xBD
+    NtQueryVirtualMemorySyscall 0xBE
+supdrvNtQueryVirtualMemory_Jump:
+        mov     edx, IMP2(ZwQueryVolumeInformationFile@20)
+        lea     edx, [edx + 5]
+        jmp     edx
+ENDPROC   supdrvNtQueryVirtualMemory_Xxx
+%endif
+%ifdef RT_ARCH_AMD64
+;
+; Faking up ZwQueryVirtualMemory on XP64 and W2K3-64 where it's not exported.
+; The C code locates and verifies the essentials in ZwRequestWaitReplyPort.
+;
+extern NAME(g_pfnKiServiceLinkage)
+extern NAME(g_pfnKiServiceInternal)
+BEGINPROC supdrvNtQueryVirtualMemory_Xxx
+ %macro NtQueryVirtualMemorySyscall 1
+ GLOBALNAME supdrvNtQueryVirtualMemory_ %+ %1
+        mov     eax, %1
+        jmp     supdrvNtQueryVirtualMemory_Jump
+ %endm
+    NtQueryVirtualMemorySyscall 0x1F
+    NtQueryVirtualMemorySyscall 0x20
+    NtQueryVirtualMemorySyscall 0x21
+    NtQueryVirtualMemorySyscall 0x22
+    NtQueryVirtualMemorySyscall 0x23
+supdrvNtQueryVirtualMemory_Jump:
+        cli
+        mov     r10, rsp                ; save call frame pointer.
+        mov     r11, [NAME(g_pfnKiServiceLinkage) wrt rip]
+        push    0
+        push    0
+        push    r10                     ; call frame pointer (incoming rsp).
+        pushfq
+        push    10h
+        push    r11                     ; r11 = KiServiceLinkage (ret w/ unwind info)
+        jmp     qword [NAME(g_pfnKiServiceInternal) wrt rip]
+ENDPROC   supdrvNtQueryVirtualMemory_Xxx
+%endif

trunk/src/VBox/HostDrivers/Support/win/SUPLib-win.cpp

-              r49213
+              r51770
 #ifdef IN_SUP_HARDENED_R3
 # undef DEBUG /* Warning: disables RT_STRICT */
+# undef LOG_DISABLED
 # define LOG_DISABLED
   /** @todo RTLOGREL_DISABLED */
 …
 #define USE_NT_DEVICE_IO_CONTROL_FILE
+#ifdef USE_NT_DEVICE_IO_CONTROL_FILE
+# include <iprt/nt/nt-and-windows.h>
+#else
+# include <Windows.h>
+#endif
+#include <iprt/nt/nt-and-windows.h>
 #include <VBox/sup.h>
 …
 #include "../SUPLibInternal.h"
 #include "../SUPDrvIOC.h"
+#ifdef VBOX_WITH_HARDENING
+# include "win/SUPHardenedVerify-win.h"
+#endif
 …
 *   Internal Functions                                                         *
 *******************************************************************************/
+#ifndef IN_SUP_HARDENED_R3
 static int suplibOsCreateService(void);
 //unused: static int suplibOsUpdateService(void);
 …
 static int suplibOsStartService(void);
 static int suplibOsStopService(void);
+#endif
 #ifdef USE_NT_DEVICE_IO_CONTROL_FILE
 static int suplibConvertNtStatus(NTSTATUS rcNt);
 …
 int suplibOsInit(PSUPLIBDATA pThis, bool fPreInited, bool fUnrestricted)
+{
     /*
      * Nothing to do if pre-inited.
+     * Almost nothing to do if pre-inited.
      */
     if (fPreInited)
+    {
+#if defined(VBOX_WITH_HARDENING) && !defined(IN_SUP_HARDENED_R3)
+# ifdef IN_SUP_R3_STATIC
+        return VERR_NOT_SUPPORTED;
+# else
+        supR3HardenedWinInitVersion();
+        return supHardenedWinInitImageVerifier(NULL);
+# endif
+#else
         return VINF_SUCCESS;
+#endif
+    }
     /*
      * Try open the device.
      */
-    HANDLE hDevice = CreateFile(fUnrestricted ? DEVICE_NAME_SYS : DEVICE_NAME_USR,
-                                GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE,
-                                NULL,
-                                OPEN_EXISTING,
-                                FILE_ATTRIBUTE_NORMAL | FILE_FLAG_OVERLAPPED,
-                                NULL);
-    if (hDevice == INVALID_HANDLE_VALUE)
+    {
 #ifndef IN_SUP_HARDENED_R3
+        /*
+         * Try start the service and retry opening it.
+         */
+        suplibOsStartService();
+        hDevice = CreateFile(fUnrestricted ? DEVICE_NAME_SYS : DEVICE_NAME_USR,
+                             GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE,
+                             NULL,
+                             OPEN_EXISTING,
+                             FILE_ATTRIBUTE_NORMAL | FILE_FLAG_OVERLAPPED,
+                             NULL);
+        if (hDevice == INVALID_HANDLE_VALUE)
+#endif /* !IN_SUP_HARDENED_R3 */
+        {
+            int rc = GetLastError();
+            switch (rc)
+    uint32_t cTry = 0;
+#endif
+    HANDLE hDevice;
+    for (;;)
+    {
+        IO_STATUS_BLOCK     Ios   = RTNT_IO_STATUS_BLOCK_INITIALIZER;
+        static const WCHAR  s_wszName[] = L"\\Device\\VBoxDrvU";
+        UNICODE_STRING      NtName;
+        NtName.Buffer        = (PWSTR)s_wszName;
+        NtName.Length        = sizeof(s_wszName) - sizeof(WCHAR) * (fUnrestricted ? 2 : 1);
+        NtName.MaximumLength = NtName.Length;
+        OBJECT_ATTRIBUTES   ObjAttr;
+        InitializeObjectAttributes(&ObjAttr, &NtName, OBJ_CASE_INSENSITIVE, NULL /*hRootDir*/, NULL /*pSecDesc*/);
+        hDevice = RTNT_INVALID_HANDLE_VALUE;
+        NTSTATUS rcNt = NtCreateFile(&hDevice,
+                                     GENERIC_READ | GENERIC_WRITE,
+                                     &ObjAttr,
+                                     &Ios,
+                                     NULL /* Allocation Size*/,
+                                     FILE_ATTRIBUTE_NORMAL,
+                                     FILE_SHARE_READ | FILE_SHARE_WRITE,
+                                     FILE_OPEN,
+                                     FILE_NON_DIRECTORY_FILE,
+                                     NULL /*EaBuffer*/,
+/*EaLength*/);
+        if (NT_SUCCESS(rcNt))
+            rcNt = Ios.Status;
+        if (!NT_SUCCESS(rcNt))
+        {
+#ifndef IN_SUP_HARDENED_R3
+            /*
+             * Failed to open, try starting the service and reopen the device
+             * exactly once.
+             */
+            if (cTry == 0 && !NT_SUCCESS(rcNt))
+            {
+                cTry++;
+                suplibOsStartService();
+                continue;
+            }
+#endif
+            switch (rcNt)
+            {
                 /** @todo someone must test what is actually returned. */
                 case ERROR_DEV_NOT_EXIST:
                 case ERROR_DEVICE_NOT_CONNECTED:
                 case ERROR_BAD_DEVICE:
                 case ERROR_DEVICE_REMOVED:
                 case ERROR_DEVICE_NOT_AVAILABLE:
+                case STATUS_DEVICE_DOES_NOT_EXIST:
+                case STATUS_DEVICE_NOT_CONNECTED:
+                //case ERROR_BAD_DEVICE:
+                case STATUS_DEVICE_REMOVED:
+                //case ERROR_DEVICE_NOT_AVAILABLE:
                     return VERR_VM_DRIVER_LOAD_ERROR;
+                case ERROR_PATH_NOT_FOUND:
+                case ERROR_FILE_NOT_FOUND:
+                case STATUS_OBJECT_PATH_NOT_FOUND:
+                case STATUS_NO_SUCH_DEVICE:
+                case STATUS_NO_SUCH_FILE:
+                case STATUS_OBJECT_NAME_NOT_FOUND:
                     return VERR_VM_DRIVER_NOT_INSTALLED;
                 case ERROR_ACCESS_DENIED:
                 case ERROR_SHARING_VIOLATION:
+                case STATUS_ACCESS_DENIED:
+                case STATUS_SHARING_VIOLATION:
                     return VERR_VM_DRIVER_NOT_ACCESSIBLE;
+                case STATUS_UNSUCCESSFUL:
+                    return VERR_SUPLIB_NT_PROCESS_UNTRUSTED_0;
+                case STATUS_TRUST_FAILURE:
+                    return VERR_SUPLIB_NT_PROCESS_UNTRUSTED_1;
+                case STATUS_TOO_LATE:
+                    return VERR_SUPDRV_HARDENING_EVIL_HANDLE;
                 default:
+                    return rcNt;
                     return VERR_VM_DRIVER_OPEN_ERROR;
+            }
+            return -1 /** @todo define proper error codes for suplibOsInit failure. */;
+        }
+        }
+        break;
+    }
 …
     return VINF_SUCCESS;
+}
 #ifndef IN_SUP_HARDENED_R3
 …
             fRc = StartService(hService, 0, NULL);
             DWORD LastError = GetLastError(); NOREF(LastError);
+#ifndef DEBUG_bird
             AssertMsg(fRc, ("StartService failed with LastError=%Rwa\n", LastError));
+#endif
+        }
 …
+    }
+    /* See VBoxDrvNtErr2NtStatus. */
+    if (((uint32_t)rcNt & 0xffff0000) == UINT32_C(0xe9860000)) /** @todo defines for these? */
+        return (int)((uint32_t)rcNt | UINT32_C(0xffff0000));
     /* Fall back on IPRT for the rest. */
     return RTErrConvertFromNtStatus(rcNt);

trunk/src/VBox/Installer/win/VBoxMergeApp.wxi

r51318	r51770
186	186	Source="$(env.PATH_OUT)\bin\VBoxREM64.dll" />
187	187	<?endif ?>
	188	<File Id="file_VBoxSupLib.dll" Name="VBoxSupLib.dll"
	189	Source="$(env.PATH_OUT)\bin\VBoxSupLib.dll" />
188	190	<File Id="file_VBoxVMM.dll" Name="VBoxVMM.dll"
189	191	Source="$(env.PATH_OUT)\bin\VBoxVMM.dll" />

trunk/src/VBox/Main/src-server/MachineImpl.cpp

-              r51643
+              r51770
             LogFlowThisFunc(("mSession.mPID=%d(0x%x)\n", mData->mSession.mPID, mData->mSession.mPID));
             LogFlowThisFunc(("session.pid=%d(0x%x)\n", pid, pid));
+#if defined(VBOX_WITH_HARDENING) && defined(RT_OS_WINDOWS)
+            /* Hardened windows builds have spawns two processes when a VM is
+               launched, the 2nd one is the one that will end up here.  */
+            RTPROCESS ppid;
+            int rc = RTProcQueryParent(pid, &ppid);
+            if (   (RT_SUCCESS(rc) && mData->mSession.mPID == ppid)
+                || rc == VERR_ACCESS_DENIED)
+            {
+                LogFlowThisFunc(("mSession.mPID => %d(%#x) - windows hardening stub\n", mData->mSession.mPID, pid));
+                mData->mSession.mPID = pid;
+            }
+#endif
             if (mData->mSession.mPID != pid)

trunk/src/VBox/NetworkServices/DHCP/Makefile.kmk

r49824	r51770
36	36	VBoxNetDHCPHardened_SOURCES = VBoxNetDHCPHardened.cpp
37	37	VBoxNetDHCPHardened_NAME = VBoxNetDHCP
	38	VBoxNetDHCPHardened_LDFLAGS.win = /SUBSYSTEM:windows
38	39
39	40

trunk/src/VBox/NetworkServices/NAT/Makefile.kmk

r51156	r51770
36	36	VBoxNetLwipNATHardened_TEMPLATE=VBOXR3HARDENEDEXE
37	37	VBoxNetLwipNATHardened_NAME = VBoxNetNAT
	38	VBoxNetLwipNATHardened_LDFLAGS.win = /SUBSYSTEM:windows
38	39	endif
39	40

trunk/src/VBox/RDP/client/Makefile.in

r38517	r51770
29	29	SCARDOBJ = @SCARDOBJ@
30	30
31		RDPOBJ = tcp.o iso.o mcs.o secure.o licence.o rdp.o orders.o bitmap.o cache.o rdp5.o channels.o rdpdr.o serial.o printer.o disk.o parallel.o printercache.o mppc.o pstcache.o lspci.o seamless.o ssl.o Runtime/common/alloc/alloc.o Runtime/common/err/errmsg.o Runtime/common/err/errmsgxpcom.o Runtime/common/err/RTErrConvertFromErrno.o Runtime/common/err/RTErrConvertToErrno.o Runtime/common/path/RTPathAppend.o Runtime/common/path/RTPathAppendEx.o Runtime/common/path/RTPathCountComponents.o Runtime/common/path/RTPathFilename.o Runtime/common/path/rtPathRootSpecLen.o Runtime/common/path/RTPathStripFilename.o Runtime/common/path/RTPathStripTrailingSlash.o Runtime/common/path/rtPathVolumeSpecLen.o Runtime/common/string/RTStrCmp.o Runtime/common/string/RTStrNCmp.o Runtime/common/string/RTStrCopy.o Runtime/common/string/RTStrNLen.o Runtime/common/string/straprintf.o Runtime/common/string/stringalloc.o Runtime/common/string/strformat.o Runtime/common/string/strformatrt.o Runtime/common/string/strformattype.o Runtime/common/string/strprintf.o Runtime/common/string/strstrip.o Runtime/common/string/strtonum.o Runtime/common/string/unidata.o Runtime/common/string/utf-16.o Runtime/common/string/utf-8.o Runtime/common/string/utf-8-case.o Runtime/common/time/timesysalias.o Runtime/generic/pathhost-generic.o Runtime/r3/alloc.o Runtime/r3/dir.o Runtime/r3/fileio.o Runtime/r3/fs.o Runtime/r3/linux/sysfs.o Runtime/r3/linux/time-linux.o Runtime/r3/posix/dir-posix.o Runtime/r3/posix/env-posix.o Runtime/r3/posix/fileio-posix.o Runtime/r3/posix/fs2-posix.o Runtime/r3/posix/fs3-posix.o Runtime/r3/posix/path-posix.o Runtime/r3/posix/path2-posix.o Runtime/r3/posix/utf8-posix.o Runtime/r3/stream.o vrdp/rdpusb.o vrdp/USBGetDevices.o vrdp/USBLib.o vrdp/linux/USBProxyDevice-linux.o
	31	RDPOBJ = tcp.o iso.o mcs.o secure.o licence.o rdp.o orders.o bitmap.o cache.o rdp5.o channels.o rdpdr.o serial.o printer.o disk.o parallel.o printercache.o mppc.o pstcache.o lspci.o seamless.o ssl.o Runtime/common/alloc/alloc.o Runtime/common/err/errmsg.o Runtime/common/err/errmsgxpcom.o Runtime/common/err/RTErrConvertFromErrno.o Runtime/common/err/RTErrConvertToErrno.o Runtime/common/misc/sg.o Runtime/common/path/RTPathAppend.o Runtime/common/path/RTPathAppendEx.o Runtime/common/path/RTPathCountComponents.o Runtime/common/path/RTPathFilename.o Runtime/common/path/rtPathRootSpecLen.o Runtime/common/path/RTPathStripFilename.o Runtime/common/path/RTPathStripTrailingSlash.o Runtime/common/path/rtPathVolumeSpecLen.o Runtime/common/string/RTStrCmp.o Runtime/common/string/RTStrNCmp.o Runtime/common/string/RTStrCopy.o Runtime/common/string/RTStrNLen.o Runtime/common/string/straprintf.o Runtime/common/string/stringalloc.o Runtime/common/string/strformat.o Runtime/common/string/strformatrt.o Runtime/common/string/strformattype.o Runtime/common/string/strprintf.o Runtime/common/string/strstrip.o Runtime/common/string/strtonum.o Runtime/common/string/unidata-flags.o Runtime/common/string/unidata-upper.o Runtime/common/string/unidata-lower.o Runtime/common/string/utf-16.o Runtime/common/string/utf-8.o Runtime/common/string/utf-8-case.o Runtime/common/time/timesysalias.o Runtime/generic/pathhost-generic.o Runtime/r3/alloc.o Runtime/r3/dir.o Runtime/r3/fileio.o Runtime/r3/fs.o Runtime/r3/linux/sysfs.o Runtime/r3/linux/time-linux.o Runtime/r3/posix/dir-posix.o Runtime/r3/posix/env-posix.o Runtime/r3/posix/fileio-posix.o Runtime/r3/posix/fs2-posix.o Runtime/r3/posix/fs3-posix.o Runtime/r3/posix/path-posix.o Runtime/r3/posix/path2-posix.o Runtime/r3/posix/pipe-posix.o Runtime/r3/posix/thread2-posix.o Runtime/r3/posix/utf8-posix.o Runtime/r3/stream.o vrdp/rdpusb.o vrdp/USBGetDevices.o vrdp/USBLib.o vrdp/linux/USBProxyDevice-linux.o
32	32	X11OBJ = rdesktop.o xwin.o xkeymap.o ewmhints.o xclip.o cliprdr.o
33	33	VNCOBJ = vnc/rdp2vnc.o vnc/vnc.o vnc/xkeymap.o vnc/x11stubs.o

trunk/src/VBox/RDP/client/Makefile.kmk

-              r41477
+              r51770
         $(PATH_ROOT)/include/iprt/cdefs.h=>include/iprt/cdefs.h \
         $(PATH_ROOT)/include/iprt/cpp/autores.h=>include/iprt/cpp/autores.h \
+        $(PATH_ROOT)/include/iprt/critsect.h=>include/iprt/critsect.h \
         $(PATH_ROOT)/include/iprt/ctype.h=>include/iprt/ctype.h \
         $(PATH_ROOT)/include/iprt/dir.h=>include/iprt/dir.h \
         $(PATH_ROOT)/include/iprt/env.h=>include/iprt/env.h \
         $(PATH_ROOT)/include/iprt/err.h=>include/iprt/err.h \
+        $(PATH_ROOT)/include/iprt/errno.h=>include/iprt/errno.h \
         $(PATH_ROOT)/include/iprt/file.h=>include/iprt/file.h \
         $(PATH_ROOT)/include/iprt/fs.h=>include/iprt/fs.h \
 …
         $(PATH_ROOT)/include/iprt/list.h=>include/iprt/list.h \
         $(PATH_ROOT)/include/iprt/log.h=>include/iprt/log.h \
+        $(PATH_ROOT)/include/iprt/lockvalidator.h=>include/iprt/lockvalidator.h \
         $(PATH_ROOT)/include/iprt/mem.h=>include/iprt/mem.h \
         $(PATH_ROOT)/include/iprt/net.h=>include/iprt/net.h \
         $(PATH_ROOT)/include/iprt/param.h=>include/iprt/param.h \
         $(PATH_ROOT)/include/iprt/path.h=>include/iprt/path.h \
+        $(PATH_ROOT)/include/iprt/pipe.h=>include/iprt/pipe.h \
+        $(PATH_ROOT)/include/iprt/poll.h=>include/iprt/poll.h \
         $(PATH_ROOT)/include/iprt/process.h=>include/iprt/process.h \
+        $(PATH_ROOT)/include/iprt/queueatomic.h=>include/iprt/queueatomic.h \
+        $(PATH_ROOT)/include/iprt/sg.h=>include/iprt/sg.h \
         $(PATH_ROOT)/include/iprt/stdarg.h=>include/iprt/stdarg.h \
         $(PATH_ROOT)/include/iprt/stdint.h=>include/iprt/stdint.h \
 …
         $(PATH_ROOT)/src/VBox/Runtime/common/err/RTErrConvertFromErrno.cpp=>Runtime/common/err/RTErrConvertFromErrno.cpp \
         $(PATH_ROOT)/src/VBox/Runtime/common/err/RTErrConvertToErrno.cpp=>Runtime/common/err/RTErrConvertToErrno.cpp \
+        $(PATH_ROOT)/src/VBox/Runtime/common/misc/sg.cpp=>Runtime/common/misc/sg.cpp \
         $(PATH_ROOT)/src/VBox/Runtime/common/path/RTPathAppend.cpp=>Runtime/common/path/RTPathAppend.cpp \
         $(PATH_ROOT)/src/VBox/Runtime/common/path/RTPathAppendEx.cpp=>Runtime/common/path/RTPathAppendEx.cpp \
 …
         $(PATH_ROOT)/src/VBox/Runtime/common/string/strstrip.cpp=>Runtime/common/string/strstrip.cpp \
         $(PATH_ROOT)/src/VBox/Runtime/common/string/strtonum.cpp=>Runtime/common/string/strtonum.cpp \
+        $(PATH_ROOT)/src/VBox/Runtime/common/string/unidata.cpp=>Runtime/common/string/unidata.cpp \
+        $(PATH_ROOT)/src/VBox/Runtime/common/string/unidata-flags.cpp=>Runtime/common/string/unidata-flags.cpp \
+        $(PATH_ROOT)/src/VBox/Runtime/common/string/unidata-upper.cpp=>Runtime/common/string/unidata-upper.cpp \
+        $(PATH_ROOT)/src/VBox/Runtime/common/string/unidata-lower.cpp=>Runtime/common/string/unidata-lower.cpp \
         $(PATH_ROOT)/src/VBox/Runtime/common/string/utf-16.cpp=>Runtime/common/string/utf-16.cpp \
         $(PATH_ROOT)/src/VBox/Runtime/common/string/utf-8.cpp=>Runtime/common/string/utf-8.cpp \
 …
         $(PATH_ROOT)/src/VBox/Runtime/include/internal/fs.h=>include/internal/fs.h \
         $(PATH_ROOT)/src/VBox/Runtime/include/internal/iprt.h=>include/internal/iprt.h \
+        $(PATH_ROOT)/src/VBox/Runtime/include/internal/lockvalidator.h=>include/internal/lockvalidator.h \
         $(PATH_ROOT)/src/VBox/Runtime/include/internal/magics.h=>include/internal/magics.h \
         $(PATH_ROOT)/src/VBox/Runtime/include/internal/mem.h=>include/internal/mem.h \
         $(PATH_ROOT)/src/VBox/Runtime/include/internal/path.h=>include/internal/path.h \
+        $(PATH_ROOT)/src/VBox/Runtime/include/internal/pipe.h=>include/internal/pipe.h \
         $(PATH_ROOT)/src/VBox/Runtime/include/internal/process.h=>include/internal/process.h \
         $(PATH_ROOT)/src/VBox/Runtime/include/internal/string.h=>include/internal/string.h \
+        $(PATH_ROOT)/src/VBox/Runtime/include/internal/thread.h=>include/internal/thread.h \
         $(PATH_ROOT)/src/VBox/Runtime/include/internal/time.h=>include/internal/time.h \
         $(PATH_ROOT)/src/VBox/Runtime/r3/alloc.cpp=>Runtime/r3/alloc.cpp \
 …
         $(PATH_ROOT)/src/VBox/Runtime/r3/posix/path-posix.cpp=>Runtime/r3/posix/path-posix.cpp \
         $(PATH_ROOT)/src/VBox/Runtime/r3/posix/path2-posix.cpp=>Runtime/r3/posix/path2-posix.cpp \
+        $(PATH_ROOT)/src/VBox/Runtime/r3/posix/pipe-posix.cpp=>Runtime/r3/posix/pipe-posix.cpp \
+        $(PATH_ROOT)/src/VBox/Runtime/r3/posix/thread2-posix.cpp=>Runtime/r3/posix/thread2-posix.cpp \
         $(PATH_ROOT)/src/VBox/Runtime/r3/posix/utf8-posix.cpp=>Runtime/r3/posix/utf8-posix.cpp \
         $(PATH_ROOT)/src/VBox/Runtime/r3/stream.cpp=>Runtime/r3/stream.cpp

trunk/src/VBox/Runtime/Makefile.kmk

-              r51714
+              r51770
+#
 # Unicode Specification reader used to regenerate unidata.cpp.
+# Unicode Specification reader used to regenerate unidata-*.cpp.
+#
 uniread_TEMPLATE = VBoxBldProg
 …
 RuntimeR3_SDKS          = VBOX_OPENSSL VBOX_LIBXML2
 RuntimeR3_SDKS.win      = $(VBOX_WINPSDK) $(VBOX_WINDDK)
+RuntimeR3_DEFS          = IN_RT_R3 IN_SUP_R3 LDR_WITH_NATIVE LDR_WITH_ELF32 LDR_WITH_PE RT_WITH_VBOX RT_NO_GIP
+RuntimeR3_DEFS          = \
+        IN_RT_R3 \
+        IN_SUP_R3 \
+        LDR_WITH_NATIVE \
+        LDR_WITH_ELF32 \
+        LDR_WITH_PE \
+        RT_WITH_VBOX \
+        RT_NO_GIP \
+        RT_WITHOUT_NOCRT_WRAPPERS \
+       IPRT_WITH_OPENSSL
 #RuntimeR3_DEFS         += RTMEM_WRAP_TO_EF_APIS
 ifdef IPRT_WITH_KSTUFF
 …
         common/alloc/memcache.cpp \
         common/alloc/memtracker.cpp \
+        common/asn1/asn1-basics.cpp \
+        common/asn1/asn1-cursor.cpp \
+        common/asn1/asn1-default-allocator.cpp \
+        common/asn1/asn1-dump.cpp \
+        common/asn1/asn1-encode.cpp \
+        common/asn1/asn1-ut-bitstring.cpp \
+        common/asn1/asn1-ut-bitstring-decode.cpp \
+        common/asn1/asn1-ut-boolean.cpp \
+        common/asn1/asn1-ut-boolean-decode.cpp \
+        common/asn1/asn1-ut-core.cpp \
+        common/asn1/asn1-ut-core-decode.cpp \
+        common/asn1/asn1-ut-dyntype.cpp \
+        common/asn1/asn1-ut-dyntype-decode.cpp \
+        common/asn1/asn1-ut-integer.cpp \
+        common/asn1/asn1-ut-integer-decode.cpp \
+        common/asn1/asn1-ut-null.cpp \
+        common/asn1/asn1-ut-null-decode.cpp \
+        common/asn1/asn1-ut-objid.cpp \
+        common/asn1/asn1-ut-objid-decode.cpp \
+        common/asn1/asn1-ut-octetstring.cpp \
+        common/asn1/asn1-ut-octetstring-decode.cpp \
+        common/asn1/asn1-ut-string.cpp \
+        common/asn1/asn1-ut-string-decode.cpp \
+        common/asn1/asn1-ut-time.cpp \
+        common/asn1/asn1-ut-time-decode.cpp \
         common/checksum/adler32.cpp \
         common/checksum/crc32.cpp \
         common/checksum/crc32c.cpp \
         common/checksum/crc64.cpp \
+        common/checksum/md2.cpp \
+        common/checksum/md2str.cpp \
         common/checksum/md5.cpp \
         common/checksum/md5str.cpp \
 …
         common/checksum/sha512str.cpp \
         common/checksum/x509.cpp \
+        common/crypto/digest-core.cpp \
+        common/crypto/digest-builtin.cpp \
+        common/crypto/iprt-openssl.cpp \
+        common/crypto/rsa-asn1-decoder.cpp \
+        common/crypto/rsa-core.cpp \
+        common/crypto/rsa-init.cpp \
+        common/crypto/rsa-sanity.cpp \
+        common/crypto/pemfile.cpp \
+        common/crypto/pkcs7-asn1-decoder.cpp \
+        common/crypto/pkcs7-core.cpp \
+        common/crypto/pkcs7-init.cpp \
+        common/crypto/pkcs7-sanity.cpp \
+        common/crypto/pkcs7-verify.cpp \
+        common/crypto/pkix-signature-builtin.cpp \
+        common/crypto/pkix-signature-core.cpp \
+        common/crypto/pkix-signature-rsa.cpp \
+        common/crypto/pkix-util.cpp \
+        common/crypto/pkix-verify.cpp \
+        common/crypto/spc-asn1-decoder.cpp \
+        common/crypto/spc-core.cpp \
+        common/crypto/spc-init.cpp \
+        common/crypto/spc-sanity.cpp \
+        common/crypto/x509-asn1-decoder.cpp \
+        common/crypto/x509-certpaths.cpp \
+        common/crypto/x509-core.cpp \
+        common/crypto/x509-file.cpp \
+        common/crypto/x509-init.cpp \
+        common/crypto/x509-sanity.cpp \
+        common/crypto/x509-verify.cpp \
+        common/crypto/taf-asn1-decoder.cpp \
+        common/crypto/taf-core.cpp \
+        common/crypto/taf-init.cpp \
+        common/crypto/taf-sanity.cpp \
+        common/crypto/store.cpp \
+        common/crypto/store-inmem.cpp \
+        common/crypto/RTCrStoreCertAddFromFile.cpp \
         common/dbg/dbg.cpp \
         common/dbg/dbgas.cpp \
 …
         common/dvm/dvmvfs.cpp \
         common/err/errinfo.cpp \
+        common/err/errinfo-alloc.cpp \
         common/err/errmsg.cpp \
         common/err/RTErrConvertFromErrno.cpp \
 …
         common/log/tracebuf.cpp \
         common/log/tracedefault.cpp \
+        common/math/bignum.cpp \
         common/misc/RTAssertMsg1Weak.cpp \
         common/misc/RTAssertMsg2.cpp \
 …
         common/string/RTStrPrintHexBytes.cpp \
         common/string/RTStrStr.cpp \
+        common/string/RTUtf16Copy.cpp \
+        common/string/RTUtf16CopyAscii.cpp \
+        common/string/RTUtf16Cat.cpp \
+        common/string/RTUtf16CatAscii.cpp \
+        common/string/RTUtf16CmpAscii.cpp \
+        common/string/RTUtf16ICmpAscii.cpp \
+        common/string/RTUtf16End.cpp \
+        common/string/RTUtf16NLen.cpp \
+        common/string/RTUtf16NLenEx.cpp \
+        common/string/RTUtf16PrintHexBytes.cpp \
         common/string/base64.cpp \
         common/string/simplepattern.cpp \
 …
         common/string/strversion.cpp \
         common/string/uni.cpp \
+        common/string/unidata.cpp \
+        common/string/unidata-flags.cpp \
+        common/string/unidata-lower.cpp \
+        common/string/unidata-upper.cpp \
         common/string/utf-16.cpp \
+        common/string/utf-16-case.cpp \
+        common/string/utf-16-latin-1.cpp \
         common/string/utf-8.cpp \
         common/string/utf-8-case.cpp \
+        common/string/utf-8-case2.cpp \
         common/string/ministring.cpp \
         common/table/avlgcptr.cpp \
 …
         generic/RTTimerLRCreate-generic.cpp \
         generic/mempool-generic.cpp \
+        generic/memsafer-generic.cpp \
         generic/semfastmutex-generic.cpp \
         generic/semxroads-generic.cpp \
 …
         r3/nt/fs-nt.cpp \
         r3/nt/pathint-nt.cpp \
+        r3/nt/RTProcQueryParent-r3-nt.cpp \
         r3/win/env-win.cpp \
         r3/win/RTHandleGetStandard-win.cpp \
 …
         r3/win/RTUuidCreate-win.cpp \
         win/errmsgwin.cpp \
+        win/RTErrConvertFromWin32.cpp
+        win/RTErrConvertFromWin32.cpp \
+        common/string/mempcpy.asm
 RuntimeR3_SOURCES.win.amd64 := $(RuntimeWin64ASM_SOURCES)
 …
 #       for build programs.
+#
+RuntimeBldProg_TEMPLATE         := VBoxAdvBldProg
+RuntimeBldProg_EXTENDS          := RuntimeR3
+RuntimeBldProg_BLD_TRG          := $(KBUILD_HOST)
+RuntimeBldProg_BLD_TRG_ARCH     := $(KBUILD_HOST_ARCH)
+RuntimeBldProg_BLD_TRG_CPU      := $(KBUILD_HOST_CPU)
+RuntimeBldProg_TEMPLATE        := VBoxAdvBldProg
+RuntimeBldProg_EXTENDS         := RuntimeR3
+RuntimeBldProg_BLD_TRG         := $(KBUILD_HOST)
+RuntimeBldProg_BLD_TRG_ARCH    := $(KBUILD_HOST_ARCH)
+RuntimeBldProg_BLD_TRG_CPU     := $(KBUILD_HOST_CPU)
+RuntimeBldProg_DEFS            := $(RuntimeR3_DEFS) IPRT_WITHOUT_LDR_VERIFY
 RuntimeBldProg_SOURCES          = $(filter-out \
         r3/xml.cpp \
 …
 ## @todo change this to EXTEND the RuntimeR3 target.
 RuntimeGuestR3_SDKS.win                 := $(RuntimeR3_SDKS.win)
 RuntimeGuestR3_DEFS                     := $(filter-out RTCRITSECT_STRICT RT_NO_GIP, $(RuntimeR3_DEFS))
+RuntimeGuestR3_DEFS                     := $(filter-out RTCRITSECT_STRICT RT_NO_GIP IPRT_WITH_OPENSSL, $(RuntimeR3_DEFS))
 RuntimeGuestR3_DEFS.$(KBUILD_TARGET)    := $(RuntimeR3_DEFS.$(KBUILD_TARGET))
 RuntimeGuestR3_DEFS.$(KBUILD_HOST)      := $(RuntimeR3_DEFS.$(KBUILD_HOST))
 …
         common/checksum/RTSha256Digest.cpp \
         common/checksum/sha% \
+        common/checksum/md2% \
         common/checksum/x509.cpp \
         generic/RTLogWriteUser-generic.cpp \
 …
         common/string/strprintf.cpp \
         common/string/strtonum.cpp \
+        common/string/unidata.cpp \
+        common/string/unidata-flags.cpp \
+        common/string/unidata-lower.cpp \
+        common/string/unidata-upper.cpp \
         common/string/utf-8.cpp \
         common/string/utf-8-case.cpp \
+        common/string/utf-8-case2.cpp \
         common/string/utf-16.cpp \
+        common/string/utf-16-case.cpp \
+        common/string/utf-16-latin-1.cpp \
         common/table/avlpv.cpp \
         generic/critsect-generic.cpp \
 …
 VBoxRT_SDKS                   += VBOX_OPENSSL
 VBoxRT_SDKS.win                = $(VBOX_WINPSDK) $(VBOX_WINDDK) VBOX_NTDLL
 if1of ($(KBUILD_TARGET)$(VBOX_WITH_HARDENING), darwin win)
+if1of ($(KBUILD_TARGET)$(VBOX_WITH_HARDENING), darwin win$(VBOX_WITH_HARDENING))
 VBoxRT_INST                    = $(INST_DLL) $(INST_TESTCASE)
 endif
 …
+#
 RuntimeR0Drv_TEMPLATE   = VBoxR0DrvLib
 RuntimeR0Drv_SDKS.win   = ReorderCompilerIncs $(VBOX_WINDDK) $(VBOX_WINPSDK)INCS
+RuntimeR0Drv_SDKS.win   = ReorderCompilerIncs $(VBOX_WINDDK) $(VBOX_WINPSDK)INCS VBOX_OPENSSL
 RuntimeR0Drv_DEFS       = IN_RT_R0 RT_WITH_VBOX RT_WITHOUT_NOCRT_WRAPPERS RT_NO_EXPORT_SYMBOL
 RuntimeR0Drv_DEFS.win   = IN_SUP_R0
+RuntimeR0Drv_DEFS.win   = IN_SUP_R0 LDR_ONLY_PE
 RuntimeR0Drv_DEFS.linux = MODULE KBUILD_MODNAME=KBUILD_STR\(vboxdrv\) KBUILD_BASENAME=KBUILD_STR\(vboxdrv\) IN_SUP_R0
 …
         common/misc/sanity-cpp.cpp \
         common/misc/term.cpp \
+        common/misc/RTMemWipeThoroughly.cpp \
         common/path/rtPathVolumeSpecLen.cpp \
         common/path/RTPathAbsDup.cpp \
 …
         common/string/strtonum.cpp \
         common/string/stringalloc.cpp \
+        common/string/unidata-flags.cpp \
+        common/string/unidata-lower.cpp \
+        common/string/unidata-upper.cpp \
+        common/string/utf-8.cpp \
+        common/string/utf-8-case.cpp \
+        common/string/utf-8-case2.cpp \
         common/string/utf-16.cpp \
+        common/string/utf-8.cpp \
+        common/string/utf-16-case.cpp \
+        common/string/utf-16-latin-1.cpp \
         common/table/avlpv.cpp \
         common/time/time.cpp \
 …
 RuntimeR0Drv_SOURCES.win = \
+        common/ldr/ldr.cpp \
+        common/ldr/ldrEx.cpp \
+        common/ldr/ldrPE.cpp \
+        common/asn1/asn1-basics.cpp \
+        common/asn1/asn1-dump.cpp \
+        common/asn1/asn1-cursor.cpp \
+        common/asn1/asn1-default-allocator.cpp \
+        common/asn1/asn1-encode.cpp \
+        common/asn1/asn1-ut-bitstring.cpp \
+        common/asn1/asn1-ut-bitstring-decode.cpp \
+        common/asn1/asn1-ut-boolean.cpp \
+        common/asn1/asn1-ut-boolean-decode.cpp \
+        common/asn1/asn1-ut-core.cpp \
+        common/asn1/asn1-ut-core-decode.cpp \
+        common/asn1/asn1-ut-dyntype.cpp \
+        common/asn1/asn1-ut-dyntype-decode.cpp \
+        common/asn1/asn1-ut-integer.cpp \
+        common/asn1/asn1-ut-integer-decode.cpp \
+        common/asn1/asn1-ut-null.cpp \
+        common/asn1/asn1-ut-null-decode.cpp \
+        common/asn1/asn1-ut-objid.cpp \
+        common/asn1/asn1-ut-objid-decode.cpp \
+        common/asn1/asn1-ut-octetstring.cpp \
+        common/asn1/asn1-ut-octetstring-decode.cpp \
+        common/asn1/asn1-ut-string.cpp \
+        common/asn1/asn1-ut-string-decode.cpp \
+        common/asn1/asn1-ut-time.cpp \
+        common/asn1/asn1-ut-time-decode.cpp \
+        common/crypto/digest-core.cpp \
+        common/crypto/digest-builtin.cpp \
+        common/crypto/rsa-asn1-decoder.cpp \
+        common/crypto/rsa-core.cpp \
+        common/crypto/rsa-init.cpp \
+        common/crypto/rsa-sanity.cpp \
+        common/crypto/pkcs7-asn1-decoder.cpp \
+        common/crypto/pkcs7-core.cpp \
+        common/crypto/pkcs7-init.cpp \
+        common/crypto/pkcs7-sanity.cpp \
+        common/crypto/pkcs7-verify.cpp \
+        common/crypto/pkix-signature-builtin.cpp \
+        common/crypto/pkix-signature-core.cpp \
+        common/crypto/pkix-signature-rsa.cpp \
+        common/crypto/pkix-util.cpp \
+        common/crypto/pkix-verify.cpp \
+        common/crypto/spc-asn1-decoder.cpp \
+        common/crypto/spc-core.cpp \
+        common/crypto/spc-init.cpp \
+        common/crypto/spc-sanity.cpp \
+        common/crypto/x509-asn1-decoder.cpp \
+        common/crypto/x509-certpaths.cpp \
+        common/crypto/x509-core.cpp \
+        common/crypto/x509-init.cpp \
+        common/crypto/x509-sanity.cpp \
+        common/crypto/x509-verify.cpp \
+        common/crypto/store.cpp \
+        common/crypto/store-inmem.cpp \
+        common/crypto/taf-asn1-decoder.cpp \
+        common/crypto/taf-core.cpp \
+        common/crypto/taf-init.cpp \
+        common/crypto/taf-sanity.cpp \
+        common/checksum/md2.cpp \
+        common/checksum/sha1.cpp \
+        common/checksum/sha256.cpp \
+        common/checksum/sha512.cpp \
+        common/checksum/md2str.cpp \
+        common/checksum/md5str.cpp \
+        common/checksum/sha1str.cpp \
+        common/checksum/sha256str.cpp \
+        common/checksum/sha512str.cpp \
+        common/err/errinfo.cpp \
+        common/path/RTPathChangeToUnixSlashes.cpp \
+        common/math/bignum.cpp \
+        common/string/RTStrPrintHexBytes.cpp \
+        common/string/RTUtf16Copy.cpp \
+        common/string/RTUtf16CopyAscii.cpp \
+        common/string/RTUtf16Cat.cpp \
+        common/string/RTUtf16CatAscii.cpp \
+        common/string/RTUtf16End.cpp \
+        common/string/RTUtf16NLen.cpp \
+        common/string/RTUtf16NLenEx.cpp \
+        common/string/RTUtf16PrintHexBytes.cpp \
+        common/string/strstrip.cpp \
+        generic/memsafer-generic.cpp \
+       \
         common/misc/thread.cpp \
         common/string/memcmp.asm \
 …
         r0drv/nt/time-r0drv-nt.cpp \
         r0drv/nt/timer-r0drv-nt.cpp \
+        r0drv/nt/toxic-chkstk-r0drv-nt.asm \
         r0drv/nt/RTTimerGetSystemGranularity-r0drv-nt.cpp
 …
 #           images that does not load on older windows versions.
+#
+if1of (win,$(KBUILD_TARGET) $(KBUILD_HOST))
 RuntimeR3NtDll-amd64_TEMPLATE     = VBoxR3Dll
 RuntimeR3NtDll-amd64_BLD_TRG_ARCH = amd64
 RuntimeR3NtDll-amd64_ARFLAGS      = /NODEFAULTLIB /MACHINE:amd64
 RuntimeR3NtDll-amd64_SOURCES      = \
-        r3/win/ntdll-mini-implib.c \
         r3/win/ntdll-mini-implib.def
 RuntimeR3NtDll-x86_EXTENDS        = RuntimeR3NtDll-amd64
+RuntimeR3NtDll-x86_TEMPLATE       = VBoxR3Dll
 RuntimeR3NtDll-x86_BLD_TRG_ARCH   = x86
 RuntimeR3NtDll-x86_ARFLAGS        = /NODEFAULTLIB /MACHINE:x86
+RuntimeR3NtDll-x86_SOURCES        = \
+        r3/win/ntdll-mini-implib.def \
+        $(RuntimeR3NtDll-x86_0_OUTDIR)/ntdll-mini-implib.asm
+RuntimeR3NtDll-x86_CLEAN          = \
+        $(RuntimeR3NtDll-x86_0_OUTDIR)/ntdll-mini-implib.asm
+$$(RuntimeR3NtDll-x86_0_OUTDIR)/ntdll-mini-implib.asm: $(PATH_SUB_CURRENT)/r3/win/ntdll-mini-implib.def | $$(dir $$@)
+        $(call MSG_GENERATE,,$@,$<)
+        $(QUIET)$(APPEND) -nt "$@" \
+                ';Autogenerated, do not edit' \
+                '%include "iprt/asmdefs.mac"' \
+               'BEGINCODE' \
+               '%macro IMPLIB_EXPORT 1' \
+               'global %1:function' \
+               '%1: nop' \
+               '%endm' \
+               ''
+        $(QUIET)$(SED) -e '1,/EXPORTS/d' \
+                -e 's/^.*;;=[[:space:]]*\([^[:space:]]*\)[[:space:]]*$$/IMPLIB_EXPORT \1/' \
+                $< --append $@
+endif
+#
 …
  else
 # Generate a SED script from mangling.h that checks for known symbols.
         @$(SED) \
+        $(QUIET)$(SED) \
                 -e '/# *define.*RT_MANGLER/!d' \
                 -e 's/^.*RT_MANGLER(\([^)][^)]*\)).*$(DOLLAR)/\/^\1$(DOLLAR)\/b ok/' \
                 $(PATH_ROOT)/include/iprt/mangling.h \
                 --output "$@"
         @$(APPEND) -n '$@' \
+        $(QUIET)$(APPEND) -n '$@' \
                 ':bad' \
+                's/^\(.*\)$(DOLLAR)/error: Missing # define \1   RT_MANGLER(\1)/' \
+                's/^\(.*\)$(DOLLAR)/error: Missing # define \1 /' \
+               ':bad-pad' \
+               '/^.\{0,70\}$(DOLLAR)/ { s/$(DOLLAR)/ /; bbad-pad; }' \
+               's/define \([^ ]*\) \([ ]*\)$(DOLLAR)/define \1 \2RT_MANGLER(\1)/' \
                 'p' \
                 'q 1' \
+                $(if-expr !defined(IPRT_IGNORE_TEST_MANGLING),'q 1') \
                 '' \
                 ':ok' \
 …
   if $(intersects $(KBUILD_TARGET), linux) && "$(VBOX_GCC_fvisibility-hidden)"
         $(call MSG_L1,IPRT: Testing mangling and visiblity for newer gcc...)
         @readelf -Ws $^ \
+        $(QUIET)readelf -Ws $^ \
                 | $(SED) \
+                -e 's/[[:space:]]\+/ /g' \
                         -e '/^  *[[:digit:]]\+:/!d' \
                         -e 's/^ \+[[:digit:]]\+: \+[[:xdigit:]]\+ \+[[:digit:]]\+ \+//' \
 …
                         -e '/LOCAL/d' \
                         -e 's/^[[:alpha:]]\+ \+//' \
+                       -e '/^HIDDEN [[:xdigit:]]\+ RT/bkeep-hidden' \
+                       -e '/^HIDDEN [[:xdigit:]]\+ g_[a-z0-9]*RT/bkeep-hidden' \
                         -e '/^HIDDEN/d' \
+                        -e ':keep-hidden' \
                         -e 's/^[[:alpha:]]\+ \+//' \
                         -e '/^UND/d' \
 …
                         -e '/^_Z[[:alpha:]]*[[:digit:]]\+RTC/d' \
                         -e '/^_Z[[:alpha:]]*[[:digit:]]\+RTC/d' \
+                       \
+                        \
                         -e '/^_ZnwjPv/d' \
                         -e '/^_ZnwmPv/d' \
 …
                        -e '/^_ZNSa.*ElementNode.*/d' \
                        -e '/^_ZSt.*ElementNode.*/d' \
+                       \
+                        \
                         -e '/^_Z[[:digit:]]\+dbus/d' \
                         -e '/^_Z13RTDBusLoadLibv/d' \
 …
                 | $(SED) -nf "$@"
   endif
+        $(call MSG_L1,IPRT: Testing mangling for older gcc...)
+        @nm $^  | $(SED) -n \
+        $(call MSG_L1,IPRT: Testing mangling using nm...)
+        $(QUIET)nm $^  2> /dev/null \
+                | $(SED) -n \
                         -e 's/^[0-9a-f][0-9a-f]* //' \
                         -e '/^[TUDB] /!d' \
                         -e 's/^. //' \
+                        $(if-expr "$(KBUILD_TARGET)" == "darwin" || "$(KBUILD_TARGET)" == "os2" || "$(KBUILD_TARGET).$(KBUILD_TARGET_ARCH)" == "win.x86", \
+                       -e 's/^_//',) \
+                        \
                         -e '/^g_cchrt/d'\
 …
                         -e '/^g_enmProcessPriority/d'\
                         -e '/^g_hDbgModStrCache/d'\
+                        -e '/^g_pfnR0Darwin/d'\
+                        -e '/^g_pDarwinLockGroup/d'\
+                        \
                         -e '/^RTDBusLoadLib/d' \
 …
 include $(FILE_KBUILD_SUB_FOOTER)
+#
+# Aliases for code templates.
+#
+rsa-template.o rsa-template.obj: rsa-core.o rsa-asn1-decoder.o rsa-sanity.o rsa-init.o
+taf-template.o taf-template.obj: taf-core.o taf-asn1-decoder.o taf-sanity.o taf-init.o
+x509-template.o x509-template.obj: x509-core.o x509-asn1-decoder.o x509-sanity.o x509-init.o
+pkcs7-template.o pkcs7-template.obj: pkcs7-core.o pkcs7-asn1-decoder.o pkcs7-sanity.o pkcs7-init.o

trunk/src/VBox/Runtime/common/err/errinfo.cpp

-              r44529
+              r51770
 /* $Id$ */
 /** @file
  * IPRT - Error Info.
+ * IPRT - Error Info, Setters.
  */
 /*
  * Copyright (C) 2010-2012 Oracle Corporation
+ * Copyright (C) 2010-2014 Oracle Corporation
+ *
  * This file is part of VirtualBox Open Source Edition (OSE), as
 …
 #include <iprt/assert.h>
-#include <iprt/mem.h>
 #include <iprt/string.h>
+RTDECL(PRTERRINFO)  RTErrInfoAlloc(size_t cbMsg)
+{
+    PRTERRINFO pErrInfo;
+    RTErrInfoAllocEx(cbMsg, &pErrInfo);
+    return pErrInfo;
+}
+RTDECL(int)         RTErrInfoAllocEx(size_t cbMsg, PRTERRINFO *ppErrInfo)
+{
+    if (cbMsg == 0)
+        cbMsg = _4K;
+    else
+        cbMsg = RT_ALIGN_Z(cbMsg, 256);
+    PRTERRINFO pErrInfo;
+    *ppErrInfo = pErrInfo = (PRTERRINFO)RTMemTmpAlloc(sizeof(*pErrInfo) + cbMsg);
+    if (RT_UNLIKELY(!pErrInfo))
+        return VERR_NO_TMP_MEMORY;
+    RTErrInfoInit(pErrInfo, (char *)(pErrInfo + 1), cbMsg);
+    pErrInfo->fFlags = RTERRINFO_FLAGS_T_ALLOC | RTERRINFO_FLAGS_MAGIC;
+    return VINF_SUCCESS;
+}
+RTDECL(void)        RTErrInfoFree(PRTERRINFO pErrInfo)
+{
+    RTMemTmpFree(pErrInfo);
+}
+RTDECL(int)         RTErrInfoSet(PRTERRINFO pErrInfo, int rc, const char *pszMsg)
+RTDECL(int) RTErrInfoSet(PRTERRINFO pErrInfo, int rc, const char *pszMsg)
+{
     if (pErrInfo)
 …
 RTDECL(int)         RTErrInfoSetF(PRTERRINFO pErrInfo, int rc, const char *pszFormat, ...)
+RTDECL(int) RTErrInfoSetF(PRTERRINFO pErrInfo, int rc, const char *pszFormat, ...)
+{
     va_list va;
 …
 RTDECL(int)         RTErrInfoSetV(PRTERRINFO pErrInfo, int rc, const char *pszFormat, va_list va)
+RTDECL(int) RTErrInfoSetV(PRTERRINFO pErrInfo, int rc, const char *pszFormat, va_list va)
+{
     if (pErrInfo)
 …
+}
+RTDECL(int) RTErrInfoAdd(PRTERRINFO pErrInfo, int rc, const char *pszMsg)
+{
+    if (pErrInfo)
+    {
+        AssertPtr(pErrInfo);
+        if (pErrInfo->fFlags & RTERRINFO_FLAGS_SET)
+            RTStrCat(pErrInfo->pszMsg, pErrInfo->cbMsg, pszMsg);
+        else
+        {
+            while (*pszMsg == ' ')
+                pszMsg++;
+            return RTErrInfoSet(pErrInfo, rc, pszMsg);
+        }
+    }
+    return rc;
+}
+RTDECL(int) RTErrInfoAddF(PRTERRINFO pErrInfo, int rc, const char *pszFormat, ...)
+{
+    va_list va;
+    va_start(va, pszFormat);
+    RTErrInfoAddV(pErrInfo, rc, pszFormat, va);
+    va_end(va);
+    return rc;
+}
+RTDECL(int) RTErrInfoAddV(PRTERRINFO pErrInfo, int rc, const char *pszFormat, va_list va)
+{
+    if (pErrInfo)
+    {
+        AssertPtr(pErrInfo);
+        Assert((pErrInfo->fFlags & RTERRINFO_FLAGS_MAGIC_MASK) == RTERRINFO_FLAGS_MAGIC);
+        if (pErrInfo->fFlags & RTERRINFO_FLAGS_SET)
+        {
+            char *pszOut = (char *)memchr(pErrInfo->pszMsg, '\0', pErrInfo->cbMsg - 2);
+            if (pszOut)
+                RTStrPrintfV(pszOut, &pErrInfo->pszMsg[pErrInfo->cbMsg] - pszOut, pszFormat, va);
+        }
+        else
+        {
+            while (*pszFormat == ' ')
+                pszFormat++;
+            return RTErrInfoSetV(pErrInfo, rc, pszFormat, va);
+        }
+    }
+    return rc;
+}

trunk/src/VBox/Runtime/common/err/errmsg.cpp

-              r48935
+              r51770
 static const RTSTATUSMSG  g_aStatusMsgs[] =
+{
+#include "errmsgdata.h"
+#ifndef IPRT_NO_ERROR_DATA
+# include "errmsgdata.h"
+#else
+    { "Success.", "Success.", "VINF_SUCCESS", 0 },
+#endif
     { NULL, NULL, NULL, 0 }
 };
 …
     unsigned iFound = ~0;
     unsigned i;
     for (i = 0; i < RT_ELEMENTS(g_aStatusMsgs); i++)
+    for (i = 0; i < RT_ELEMENTS(g_aStatusMsgs) - 1; i++)
+    {
         if (g_aStatusMsgs[i].iCode == rc)
 …
      */
     int iMsg = ASMAtomicXchgU32(&g_iUnknownMsgs, (g_iUnknownMsgs + 1) % RT_ELEMENTS(g_aUnknownMsgs));
     RTStrPrintf(&g_aszUnknownStr[iMsg][0], sizeof(g_aszUnknownStr[iMsg]), "Unknown Status 0x%X", rc);
+    RTStrPrintf(&g_aszUnknownStr[iMsg][0], sizeof(g_aszUnknownStr[iMsg]), "Unknown Status %d (%#x)", rc, rc);
     return &g_aUnknownMsgs[iMsg];
+}

trunk/src/VBox/Runtime/common/ldr/Makefile.kup

r5430	r51770
	1

trunk/src/VBox/Runtime/common/ldr/ldr.cpp

-              r49044
+              r51770
 #include <iprt/log.h>
 #include "internal/ldr.h"
-RTDECL(bool) RTLdrIsLoadable(const char *pszFilename)
+{
-    /*
-     * Try to load the library.
-     */
-    RTLDRMOD hLib;
-    int rc = RTLdrLoad(pszFilename, &hLib);
-    if (RT_SUCCESS(rc))
+    {
-        RTLdrClose(hLib);
-        return true;
+    }
-    return false;
+}
-RT_EXPORT_SYMBOL(RTLdrIsLoadable);

trunk/src/VBox/Runtime/common/ldr/ldrELF.cpp

-              r48935
+              r51770
  * @param   enmArch     Architecture specifier.
  * @param   phLdrMod    Where to store the handle.
+ * @param   pErrInfo    Where to return extended error information. Optional.
  */
 int rtldrELFOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod)
+int rtldrELFOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod, PRTERRINFO pErrInfo)
+{
     const char *pszLogName = pReader->pfnLogName(pReader); NOREF(pszLogName);

trunk/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h

r49044	r51770
1402	1402	RTLDRELF_NAME(ReadDbgInfo),
1403	1403	NULL /pfnQueryProp/,
	1404	NULL /pfnVerifySignature/,
	1405	NULL /pfnHashImage/,
1404	1406	42
1405	1407	};

trunk/src/VBox/Runtime/common/ldr/ldrEx.cpp

-              r49044
+              r51770
 #include "internal/iprt.h"
-#include <iprt/alloc.h>
 #include <iprt/assert.h>
+#include <iprt/err.h>
 #include <iprt/log.h>
+#include <iprt/md5.h>
+#include <iprt/mem.h>
+#include <iprt/sha.h>
 #include <iprt/string.h>
-#include <iprt/err.h>
 #include "internal/ldr.h"
 #include "internal/ldrMZ.h"
+/**
+ * Open part with reader.
+ *
+ * @returns iprt status code.
+ * @param   pReader     The loader reader instance which will provide the raw image bits.
+ * @param   fFlags      Reserved, MBZ.
+ * @param   enmArch     Architecture specifier.
+ * @param   phMod       Where to store the handle.
+ */
+int rtldrOpenWithReader(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phMod)
+{
+#ifdef LDR_ONLY_PE
+# undef LDR_WITH_PE
+# undef LDR_WITH_KLDR
+# undef LDR_WITH_ELF
+# undef LDR_WITH_LX
+# undef LDR_WITH_LE
+# undef LDR_WITH_NE
+# undef LDR_WITH_MZ
+# undef LDR_WITH_AOUT
+# define LDR_WITH_PE
+#endif
+RTDECL(int) RTLdrOpenWithReader(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phMod, PRTERRINFO pErrInfo)
+{
+    /*
+     * Resolve RTLDRARCH_HOST.
+     */
+    if (enmArch == RTLDRARCH_HOST)
+#if   defined(RT_ARCH_AMD64)
+        enmArch = RTLDRARCH_AMD64;
+#elif defined(RT_ARCH_X86)
+        enmArch = RTLDRARCH_X86_32;
+#else
+        enmArch = RTLDRARCH_WHATEVER;
+#endif
     /*
      * Read and verify the file signature.
 …
     if (uSign.u32 == IMAGE_NT_SIGNATURE)
 #ifdef LDR_WITH_PE
         rc = rtldrPEOpen(pReader, fFlags, enmArch, offHdr, phMod);
+        rc = rtldrPEOpen(pReader, fFlags, enmArch, offHdr, phMod, pErrInfo);
 #else
         rc = VERR_PE_EXE_NOT_SUPPORTED;
 …
     else if (uSign.u32 == IMAGE_ELF_SIGNATURE)
 #if defined(LDR_WITH_ELF)
         rc = rtldrELFOpen(pReader, fFlags, enmArch, phMod);
+        rc = rtldrELFOpen(pReader, fFlags, enmArch, phMod, pErrInfo);
 #else
         rc = VERR_ELF_EXE_NOT_SUPPORTED;
 …
     else if (uSign.au16[0] == IMAGE_LX_SIGNATURE)
 #ifdef LDR_WITH_LX
         rc = rtldrLXOpen(pReader, fFlags, enmArch, offHdr, phMod);
+        rc = rtldrLXOpen(pReader, fFlags, enmArch, offHdr, phMod, pErrInfo);
 #else
         rc = VERR_LX_EXE_NOT_SUPPORTED;
 …
     else if (uSign.au16[0] == IMAGE_LE_SIGNATURE)
 #ifdef LDR_WITH_LE
         rc = rtldrLEOpen(pReader, fFlags, enmArch, phMod);
+        rc = rtldrLEOpen(pReader, fFlags, enmArch, phMod, pErrInfo);
 #else
         rc = VERR_LE_EXE_NOT_SUPPORTED;
 …
     else if (uSign.au16[0] == IMAGE_NE_SIGNATURE)
 #ifdef LDR_WITH_NE
         rc = rtldrNEOpen(pReader, fFlags, enmArch, phMod);
+        rc = rtldrNEOpen(pReader, fFlags, enmArch, phMod, pErrInfo);
 #else
         rc = VERR_NE_EXE_NOT_SUPPORTED;
 …
     else if (uSign.au16[0] == IMAGE_DOS_SIGNATURE)
 #ifdef LDR_WITH_MZ
         rc = rtldrMZOpen(pReader, fFlags, enmArch, phMod);
+        rc = rtldrMZOpen(pReader, fFlags, enmArch, phMod, pErrInfo);
 #else
         rc = VERR_MZ_EXE_NOT_SUPPORTED;
 …
 )
 #ifdef LDR_WITH_AOUT
         rc = rtldrAOUTOpen(pReader, fFlags, enmArch, phMod);
+        rc = rtldrAOUTOpen(pReader, fFlags, enmArch, phMod, pErrInfo);
 #else
         rc = VERR_AOUT_EXE_NOT_SUPPORTED;
 …
     /* Try kLdr if it's a format we don't recognize. */
     if (rc <= VERR_INVALID_EXE_SIGNATURE && rc > VERR_BAD_EXE_FORMAT)
+        rc = rtldrkLdrOpen(pReader, fFlags, enmArch, phMod);
+    {
+        int rc2 = rtldrkLdrOpen(pReader, fFlags, enmArch, phMod, pErrInfo);
+        if (rc2 == VERR_MZ_EXE_NOT_SUPPORTED) /* Quick fix for bad return code. */
+            rc = rc;
+    }
 #endif
 …
 RTDECL(int) RTLdrQueryProp(RTLDRMOD hLdrMod, RTLDRPROP enmProp, void *pvBuf, size_t cbBuf)
+{
+    return RTLdrQueryPropEx(hLdrMod, enmProp, pvBuf, cbBuf, NULL);
+}
+RT_EXPORT_SYMBOL(RTLdrQueryProp);
+RTDECL(int) RTLdrQueryPropEx(RTLDRMOD hLdrMod, RTLDRPROP enmProp, void *pvBuf, size_t cbBuf, size_t *pcbRet)
+{
     AssertMsgReturn(rtldrIsValid(hLdrMod), ("hLdrMod=%p\n", hLdrMod), RTLDRENDIAN_INVALID);
     PRTLDRMODINTERNAL pMod = (PRTLDRMODINTERNAL)hLdrMod;
+    AssertPtrNullReturn(pcbRet, VERR_INVALID_POINTER);
+    size_t cbRet;
+    if (!pcbRet)
+        pcbRet = &cbRet;
     /*
      * Do some pre screening of the input
 …
+    {
         case RTLDRPROP_UUID:
+            *pcbRet = sizeof(RTUUID);
             AssertReturn(cbBuf == sizeof(RTUUID), VERR_INVALID_PARAMETER);
             break;
         case RTLDRPROP_TIMESTAMP_SECONDS:
+            *pcbRet = sizeof(int64_t);
             AssertReturn(cbBuf == sizeof(int32_t) || cbBuf == sizeof(int64_t), VERR_INVALID_PARAMETER);
             break;
+        case RTLDRPROP_IS_SIGNED:
+            *pcbRet = sizeof(bool);
+            AssertReturn(cbBuf == sizeof(bool), VERR_INVALID_PARAMETER);
+            break;
+        case RTLDRPROP_PKCS7_SIGNED_DATA:
+            *pcbRet = 0;
+            break;
+        case RTLDRPROP_SIGNATURE_CHECKS_ENFORCED:
+            *pcbRet = sizeof(bool);
+            AssertReturn(cbBuf == sizeof(bool), VERR_INVALID_PARAMETER);
+            break;
         default:
             AssertFailedReturn(VERR_INVALID_FUNCTION);
 …
     if (!pMod->pOps->pfnQueryProp)
         return VERR_NOT_SUPPORTED;
+    return pMod->pOps->pfnQueryProp(pMod, enmProp, pvBuf, cbBuf);
+}
+RT_EXPORT_SYMBOL(RTLdrQueryProp);
+    return pMod->pOps->pfnQueryProp(pMod, enmProp, pvBuf, cbBuf, pcbRet);
+}
+RT_EXPORT_SYMBOL(RTLdrQueryPropEx);
+RTDECL(int) RTLdrVerifySignature(RTLDRMOD hLdrMod, PFNRTLDRVALIDATESIGNEDDATA pfnCallback, void *pvUser, PRTERRINFO pErrInfo)
+{
+    AssertMsgReturn(rtldrIsValid(hLdrMod), ("hLdrMod=%p\n", hLdrMod), VERR_INVALID_HANDLE);
+    PRTLDRMODINTERNAL pMod = (PRTLDRMODINTERNAL)hLdrMod;
+    AssertPtrReturn(pfnCallback, VERR_INVALID_POINTER);
+    /*
+     * Call the image specific worker, if there is one.
+     */
+    if (!pMod->pOps->pfnVerifySignature)
+        return VERR_NOT_SUPPORTED;
+    return pMod->pOps->pfnVerifySignature(pMod, pfnCallback, pvUser, pErrInfo);
+}
+RT_EXPORT_SYMBOL(RTLdrVerifySignature);
+RTDECL(int) RTLdrHashImage(RTLDRMOD hLdrMod, RTDIGESTTYPE enmDigest, char *pszDigest, size_t cbDigest)
+{
+    AssertMsgReturn(rtldrIsValid(hLdrMod), ("hLdrMod=%p\n", hLdrMod), VERR_INVALID_HANDLE);
+    PRTLDRMODINTERNAL pMod = (PRTLDRMODINTERNAL)hLdrMod;
+    /*
+     * Make sure there is sufficient space for the wanted digest and that
+     * it's supported.
+     */
+    switch (enmDigest)
+    {
+        case RTDIGESTTYPE_MD5:      AssertReturn(cbDigest >= RTMD5_DIGEST_LEN    + 1, VERR_BUFFER_OVERFLOW); break;
+        case RTDIGESTTYPE_SHA1:     AssertReturn(cbDigest >= RTSHA1_DIGEST_LEN   + 1, VERR_BUFFER_OVERFLOW); break;
+        case RTDIGESTTYPE_SHA256:   AssertReturn(cbDigest >= RTSHA256_DIGEST_LEN + 1, VERR_BUFFER_OVERFLOW); break;
+        case RTDIGESTTYPE_SHA512:   AssertReturn(cbDigest >= RTSHA512_DIGEST_LEN + 1, VERR_BUFFER_OVERFLOW); break;
+        default:
+            if (enmDigest > RTDIGESTTYPE_INVALID && enmDigest < RTDIGESTTYPE_END)
+                return VERR_NOT_SUPPORTED;
+            AssertFailedReturn(VERR_INVALID_PARAMETER);
+    }
+    AssertPtrReturn(pszDigest, VERR_INVALID_POINTER);
+    /*
+     * Call the image specific worker, if there is one.
+     */
+    if (!pMod->pOps->pfnHashImage)
+        return VERR_NOT_SUPPORTED;
+    return pMod->pOps->pfnHashImage(pMod, enmDigest, pszDigest, cbDigest);
+}
+RT_EXPORT_SYMBOL(RTLdrHashImage);

trunk/src/VBox/Runtime/common/ldr/ldrFile.cpp

-              r48935
+              r51770
             if (RT_SUCCESS(rc))
+            {
+                pFileReader->Core.uMagic     = RTLDRREADER_MAGIC;
                 pFileReader->Core.pfnRead    = rtldrFileRead;
                 pFileReader->Core.pfnTell    = rtldrFileTell;
 …
     /*
-     * Resolve RTLDRARCH_HOST.
-     */
-    if (enmArch == RTLDRARCH_HOST)
-#if   defined(RT_ARCH_AMD64)
-        enmArch = RTLDRARCH_AMD64;
-#elif defined(RT_ARCH_X86)
-        enmArch = RTLDRARCH_X86_32;
-#else
-        enmArch = RTLDRARCH_WHATEVER;
-#endif
-    /*
      * Create file reader & invoke worker which identifies and calls the image interpreter.
      */
 …
     if (RT_SUCCESS(rc))
+    {
         rc = rtldrOpenWithReader(pReader, fFlags, enmArch, phLdrMod);
+        rc = RTLdrOpenWithReader(pReader, fFlags, enmArch, phLdrMod, NULL);
         if (RT_SUCCESS(rc))
+        {
 …
     /*
-     * Resolve RTLDRARCH_HOST.
-     */
-    if (enmArch == RTLDRARCH_HOST)
-# if   defined(RT_ARCH_AMD64)
-        enmArch = RTLDRARCH_AMD64;
-# elif defined(RT_ARCH_X86)
-        enmArch = RTLDRARCH_X86_32;
-# else
-        enmArch = RTLDRARCH_WHATEVER;
-# endif
-    /*
      * Create file reader & invoke worker which identifies and calls the image interpreter.
      */
 …
     if (RT_SUCCESS(rc))
+    {
         rc = rtldrkLdrOpen(pReader, fFlags, enmArch, phLdrMod);
+        rc = rtldrkLdrOpen(pReader, fFlags, enmArch, phLdrMod, NULL);
         if (RT_SUCCESS(rc))
+        {

trunk/src/VBox/Runtime/common/ldr/ldrMemory.cpp

-              r51519
+              r51770
         pThis->pvMapping    = NULL;
         pThis->cMappings    = 0;
         pThis->Core.pszName    = "rdrmem";
+        pThis->Core.uMagic     = RTLDRREADER_MAGIC;
         pThis->Core.pfnRead    = rtldrRdrMem_Read;
         pThis->Core.pfnTell    = rtldrRdrMem_Tell;
 …
     if (RT_SUCCESS(rc))
+    {
         rc = rtldrOpenWithReader(pReader, fFlags, enmArch, phLdrMod);
+        rc = RTLdrOpenWithReader(pReader, fFlags, enmArch, phLdrMod, NULL);
         if (RT_SUCCESS(rc))
+        {

trunk/src/VBox/Runtime/common/ldr/ldrNative.cpp

-              r49044
+              r51770
     rtldrNativeEnumSymbols,
     /* ext: */
+    NULL,
+    NULL,
     NULL,
     NULL,
 …
 RT_EXPORT_SYMBOL(RTLdrGetNativeHandle);
+RTDECL(bool) RTLdrIsLoadable(const char *pszFilename)
+{
+    /*
+     * Try to load the library.
+     */
+    RTLDRMOD hLib;
+    int rc = RTLdrLoad(pszFilename, &hLib);
+    if (RT_SUCCESS(rc))
+    {
+        RTLdrClose(hLib);
+        return true;
+    }
+    return false;
+}
+RT_EXPORT_SYMBOL(RTLdrIsLoadable);

trunk/src/VBox/Runtime/common/ldr/ldrPE.cpp

-              r49044
+              r51770
 #include "internal/iprt.h"
-#include <iprt/alloc.h>
 #include <iprt/assert.h>
+#include <iprt/asm.h>
+#include <iprt/err.h>
 #include <iprt/log.h>
+#include <iprt/md5.h>
+#include <iprt/mem.h>
 #include <iprt/path.h>
+#include <iprt/sha.h>
 #include <iprt/string.h>
+#include <iprt/err.h>
+#ifndef IPRT_WITHOUT_LDR_VERIFY
+# include <iprt/crypto/pkcs7.h>
+# include <iprt/crypto/spc.h>
+# include <iprt/crypto/x509.h>
+#endif
 #include <iprt/formats/codeview.h>
 #include "internal/ldrPE.h"
 …
  */
 #define PE_RVA2TYPE(pvBits, rva, type)  ((type) ((uintptr_t)pvBits + (uintptr_t)(rva)) )
+/** The max size of the security directory. */
+#ifdef IN_RING3
+# define RTLDRMODPE_MAX_SECURITY_DIR_SIZE   _4M
+#else
+# define RTLDRMODPE_MAX_SECURITY_DIR_SIZE   _1M
+#endif
 …
     /** The image timestamp. */
     uint32_t                uTimestamp;
+    /** Set if the image is 64-bit, clear if 32-bit. */
+    bool                    f64Bit;
     /** The import data directory entry. */
     IMAGE_DATA_DIRECTORY    ImportDir;
 …
     /** The debug directory entry. */
     IMAGE_DATA_DIRECTORY    DebugDir;
+} RTLDRMODPE, *PRTLDRMODPE;
+    /** The security directory entry. */
+    IMAGE_DATA_DIRECTORY    SecurityDir;
+    /** Offset of the first PKCS \#7 SignedData signature if present. */
+    uint32_t                offPkcs7SignedData;
+    /** Size of the first PKCS \#7 SignedData. */
+    uint32_t                cbPkcs7SignedData;
+    /** Copy of the optional header field DllCharacteristics. */
+    uint16_t                fDllCharacteristics;
+} RTLDRMODPE;
+/** Pointer to the instance data for a PE loader module. */
+typedef RTLDRMODPE *PRTLDRMODPE;
 /**
 …
+/**
+ * PE hash context union.
+ */
+typedef union RTLDRPEHASHCTXUNION
+{
+    RTSHA512CONTEXT Sha512;
+    RTSHA256CONTEXT Sha256;
+    RTSHA1CONTEXT   Sha1;
+    RTMD5CONTEXT    Md5;
+} RTLDRPEHASHCTXUNION;
+/** Pointer to a PE hash context union. */
+typedef RTLDRPEHASHCTXUNION *PRTLDRPEHASHCTXUNION;
+/**
+ * PE hash digests
+ */
+typedef union RTLDRPEHASHRESUNION
+{
+    uint8_t abSha512[RTSHA512_HASH_SIZE];
+    uint8_t abSha256[RTSHA256_HASH_SIZE];
+    uint8_t abSha1[RTSHA1_HASH_SIZE];
+    uint8_t abMd5[RTMD5_HASH_SIZE];
+} RTLDRPEHASHRESUNION;
+/** Pointer to a PE hash work set. */
+typedef RTLDRPEHASHRESUNION *PRTLDRPEHASHRESUNION;
+/**
+ * Special places to watch out for when hashing a PE image.
+ */
+typedef struct RTLDRPEHASHSPECIALS
+{
+    uint32_t    cbToHash;
+    uint32_t    offCksum;
+    uint32_t    cbCksum;
+    uint32_t    offSecDir;
+    uint32_t    cbSecDir;
+    uint32_t    offEndSpecial;
+} RTLDRPEHASHSPECIALS;
+/** Pointer to the structure with the special hash places. */
+typedef RTLDRPEHASHSPECIALS *PRTLDRPEHASHSPECIALS;
+#ifndef IPRT_WITHOUT_LDR_VERIFY
+/**
+ * Parsed signature data.
+ */
+typedef struct RTLDRPESIGNATURE
+{
+    /** The outer content info wrapper. */
+    RTCRPKCS7CONTENTINFO        ContentInfo;
+    /** Pointer to the decoded SignedData inside the ContentInfo member. */
+    PRTCRPKCS7SIGNEDDATA        pSignedData;
+    /** Pointer to the indirect data content. */
+    PRTCRSPCINDIRECTDATACONTENT pIndData;
+    /** The digest type employed by the signature. */
+    RTDIGESTTYPE                enmDigest;
+    /** Pointer to the raw signatures.  This is allocated in the continuation of
+     * this structure to keep things simple.  The size is given by  the security
+     * export directory. */
+    WIN_CERTIFICATE const      *pRawData;
+    /** Hash scratch data. */
+    RTLDRPEHASHCTXUNION         HashCtx;
+    /** Hash result. */
+    RTLDRPEHASHRESUNION         HashRes;
+} RTLDRPESIGNATURE;
+/** Pointed to SigneData parsing stat and output. */
+typedef RTLDRPESIGNATURE *PRTLDRPESIGNATURE;
+#endif
 /*******************************************************************************
 *   Internal Functions                                                         *
 …
+        {
             if ((RTFOFF)offFile + cbToRead > cbFile)
                 cbToRead = cbFile - (RTFOFF)offFile;
+                cbToRead = (uint32_t)(cbFile - (RTFOFF)offFile);
             int rc = pThis->Core.pReader->pfnRead(pThis->Core.pReader, pbMem, cbToRead, offFile);
             if (RT_FAILURE(rc))
 …
     if (uRva == NIL_RTLDRADDR || uRva > pThis->cbImage)
+    {
         if (offFile < 0)
+        if (offFile < 0 || offFile >= UINT32_MAX)
             return VERR_INVALID_PARAMETER;
         return rtldrPEReadPartFromFile(pThis, offFile, cbMem, ppvMem);
+    }
     return rtldrPEReadPartByRva(pThis, pvBits, uRva, cbMem, ppvMem);
+        return rtldrPEReadPartFromFile(pThis, (uint32_t)offFile, cbMem, ppvMem);
+    }
+    return rtldrPEReadPartByRva(pThis, pvBits, (uint32_t)uRva, cbMem, ppvMem);
+}
 …
                 rc = VERR_BAD_EXE_FORMAT;
+            }
             pFirstThunk->u1.Function = Value;
+            pFirstThunk->u1.Function = (uint32_t)Value;
             if (pFirstThunk->u1.Function != Value)
+            {
 …
         /* Some bound checking just to be sure it works... */
         if ((uintptr_t)pbr - (uintptr_t)pBaseRelocs + pbr->SizeOfBlock > cbBaseRelocs)
+            cRelocations = (((uintptr_t)pBaseRelocs + cbBaseRelocs) - (uintptr_t)pbr - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(uint16_t);
+            cRelocations = (uint32_t)(  (((uintptr_t)pBaseRelocs + cbBaseRelocs) - (uintptr_t)pbr - sizeof(IMAGE_BASE_RELOCATION))
+                                      / sizeof(uint16_t) );
         /*
 …
+            {
                 case IMAGE_REL_BASED_HIGHLOW:   /* 32-bit, add delta. */
                     *u.pu32 += uDelta;
+                    *u.pu32 += (uint32_t)uDelta;
                     break;
                 case IMAGE_REL_BASED_DIR64:     /* 64-bit, add delta. */
 …
                     pwoffFixup++;
                     int32_t i32 = (uint32_t)(*u.pu16 << 16) | *pwoffFixup;
                     i32 += uDelta;
+                    i32 += (uint32_t)uDelta;
                     i32 += 0x8000; //??
                     *u.pu16 = (uint16_t)(i32 >> 16);
 …
 /** @copydoc RTLDROPS::pfnRelocate. */
+static int rtldrPERelocate(PRTLDRMODINTERNAL pMod, void *pvBits, RTUINTPTR NewBaseAddress, RTUINTPTR OldBaseAddress, PFNRTLDRIMPORT pfnGetImport, void *pvUser)
+static DECLCALLBACK(int) rtldrPERelocate(PRTLDRMODINTERNAL pMod, void *pvBits, RTUINTPTR NewBaseAddress, RTUINTPTR OldBaseAddress,
+                                         PFNRTLDRIMPORT pfnGetImport, void *pvUser)
+{
     PRTLDRMODPE pModPe = (PRTLDRMODPE)pMod;
 …
     if (RT_SUCCESS(rc))
+    {
         uintptr_t   uNamePrev = 0;
+        uint32_t uNamePrev = 0;
         for (uint32_t uOrdinal = 0; uOrdinal < cOrdinals; uOrdinal++)
+        {
 …
     uint32_t   *paRVANames = PE_RVA2TYPE(pvBits, pExpDir->AddressOfNames, uint32_t *);
     uint16_t   *paOrdinals = PE_RVA2TYPE(pvBits, pExpDir->AddressOfNameOrdinals, uint16_t *);
     uintptr_t   uNamePrev = 0;
+    uint32_t    uNamePrev = 0;
     unsigned    cOrdinals = RT_MAX(pExpDir->NumberOfNames, pExpDir->NumberOfFunctions);
     for (unsigned uOrdinal = 0; uOrdinal < cOrdinals; uOrdinal++)
 …
             const char *pszName = NULL;
             /* Search from previous + 1 to the end.  */
             unsigned    uName = uNamePrev + 1;
+            uint32_t uName = uNamePrev + 1;
             while (uName < pExpDir->NumberOfNames)
+            {
 …
     /*
+     * Allocate temporary memory for a path buffer (this code is also compiled
+     * and maybe even used in stack starved environments).
+     */
+    char *pszPath = (char *)RTMemTmpAlloc(RTPATH_MAX);
+    if (!pszPath)
+        return VERR_NO_TMP_MEMORY;
+    /*
      * Get the debug directory.
      */
 …
                                      (void const **)&paDbgDir);
     if (RT_FAILURE(rcRet))
+    {
+        RTMemTmpFree(pszPath);
         return rcRet;
+    }
     /*
 …
         void const     *pvPart = NULL;
-        char            szPath[RTPATH_MAX];
         RTLDRDBGINFO    DbgInfo;
         RT_ZERO(DbgInfo.u);
 …
                 DbgInfo.u.Cv.uMinorVer  = paDbgDir[i].MinorVersion;
                 DbgInfo.u.Cv.uTimestamp = paDbgDir[i].TimeDateStamp;
                 if (   paDbgDir[i].SizeOfData < sizeof(szPath)
+                if (   paDbgDir[i].SizeOfData < RTPATH_MAX
                     && paDbgDir[i].SizeOfData > 16
                     && (   DbgInfo.LinkAddress != NIL_RTLDRADDR
 …
             case IMAGE_DEBUG_TYPE_MISC:
                 DbgInfo.enmType = RTLDRDBGINFOTYPE_UNKNOWN;
                 if (   paDbgDir[i].SizeOfData < sizeof(szPath)
+                if (   paDbgDir[i].SizeOfData < RTPATH_MAX
                     && paDbgDir[i].SizeOfData > RT_UOFFSETOF(IMAGE_DEBUG_MISC, Data))
+                {
 …
                             else
+                            {
-                                char *pszPath = szPath;
                                 rc = RTUtf16ToUtf8Ex((PCRTUTF16)&pMisc->Data[0],
                                                      (pMisc->Length - RT_OFFSETOF(IMAGE_DEBUG_MISC, Data)) / sizeof(RTUTF16),
                                                      &pszPath, sizeof(szPath), NULL);
+                                                     &pszPath, RTPATH_MAX, NULL);
                                 if (RT_SUCCESS(rc))
                                     DbgInfo.pszExtFile = szPath;
+                                    DbgInfo.pszExtFile = pszPath;
                                 else
                                     rcRet = rc; /* continue without a filename. */
 …
            it's probably the current ANSI/Windows code page for the process
            generating the image anyways.) */
+        if (DbgInfo.pszExtFile && DbgInfo.pszExtFile != szPath)
+        {
+            char *pszPath = szPath;
+        if (DbgInfo.pszExtFile && DbgInfo.pszExtFile != pszPath)
+        {
             rc = RTLatin1ToUtf8Ex(DbgInfo.pszExtFile,
                                   paDbgDir[i].SizeOfData - ((uintptr_t)DbgInfo.pszExtFile - (uintptr_t)pvBits),
                                   &pszPath, sizeof(szPath), NULL);
+                                  &pszPath, RTPATH_MAX, NULL);
             if (RT_FAILURE(rc))
+            {
 …
+        }
         if (DbgInfo.pszExtFile)
             RTPathChangeToUnixSlashes(szPath, true /*fForce*/);
+            RTPathChangeToUnixSlashes(pszPath, true /*fForce*/);
         rc = pfnCallback(pMod, &DbgInfo, pvUser);
 …
     rtldrPEFreePart(pModPe, pvBits, paDbgDir);
+    RTMemTmpFree(pszPath);
     return rcRet;
+}
 …
 /** @interface_method_impl{RTLDROPS,pfnQueryProp} */
 static DECLCALLBACK(int) rtldrPE_QueryProp(PRTLDRMODINTERNAL pMod, RTLDRPROP enmProp, void *pvBuf, size_t cbBuf)
+static DECLCALLBACK(int) rtldrPE_QueryProp(PRTLDRMODINTERNAL pMod, RTLDRPROP enmProp, void *pvBuf, size_t cbBuf, size_t *pcbRet)
+{
     PRTLDRMODPE pModPe = (PRTLDRMODPE)pMod;
 …
+    {
         case RTLDRPROP_TIMESTAMP_SECONDS:
+            Assert(*pcbRet == cbBuf);
             if (cbBuf == sizeof(int32_t))
                 *(int32_t *)pvBuf = pModPe->uTimestamp;
 …
                 *(int64_t *)pvBuf = pModPe->uTimestamp;
             else
+                return VERR_INVALID_PARAMETER;
+                AssertFailedReturn(VERR_INTERNAL_ERROR_3);
+            break;
+        case RTLDRPROP_IS_SIGNED:
+            Assert(cbBuf == sizeof(bool));
+            Assert(*pcbRet == cbBuf);
+            *(bool *)pvBuf = pModPe->offPkcs7SignedData != 0;
+            break;
+        case RTLDRPROP_PKCS7_SIGNED_DATA:
+        {
+            if (pModPe->cbPkcs7SignedData == 0)
+                return VERR_NOT_FOUND;
+            Assert(pModPe->offPkcs7SignedData > pModPe->SecurityDir.VirtualAddress);
+            *pcbRet = pModPe->cbPkcs7SignedData;
+            if (cbBuf < pModPe->cbPkcs7SignedData)
+                return VERR_BUFFER_OVERFLOW;
+            return pModPe->Core.pReader->pfnRead(pModPe->Core.pReader, pvBuf, pModPe->cbPkcs7SignedData,
+                                                 pModPe->offPkcs7SignedData);
+        }
+        case RTLDRPROP_SIGNATURE_CHECKS_ENFORCED:
+            Assert(cbBuf == sizeof(bool));
+            Assert(*pcbRet == cbBuf);
+            *(bool *)pvBuf = pModPe->offPkcs7SignedData > 0
+                          && (pModPe->fDllCharacteristics & IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY);
             break;
 …
+/*
+ * Lots of Authenticode fun ahead.
+ */
+/**
+ * Initializes the hash context.
+ *
+ * @returns VINF_SUCCESS or VERR_NOT_SUPPORTED.
+ * @param   pHashCtx            The hash context union.
+ * @param   enmDigest           The hash type we're calculating..
+ */
+static int rtLdrPE_HashInit(PRTLDRPEHASHCTXUNION pHashCtx, RTDIGESTTYPE enmDigest)
+{
+    switch (enmDigest)
+    {
+        case RTDIGESTTYPE_SHA512:  RTSha512Init(&pHashCtx->Sha512); break;
+        case RTDIGESTTYPE_SHA256:  RTSha256Init(&pHashCtx->Sha256); break;
+        case RTDIGESTTYPE_SHA1:    RTSha1Init(&pHashCtx->Sha1); break;
+        case RTDIGESTTYPE_MD5:     RTMd5Init(&pHashCtx->Md5); break;
+        default:                   AssertFailedReturn(VERR_NOT_SUPPORTED);
+    }
+    return VINF_SUCCESS;
+}
+/**
+ * Updates the hash with more data.
+ *
+ * @param   pHashCtx            The hash context union.
+ * @param   enmDigest           The hash type we're calculating..
+ * @param   pvBuf               Pointer to a buffer with bytes to add to thash.
+ * @param   cbBuf               How many bytes to add from @a pvBuf.
+ */
+static void rtLdrPE_HashUpdate(PRTLDRPEHASHCTXUNION pHashCtx, RTDIGESTTYPE enmDigest, void const *pvBuf, size_t cbBuf)
+{
+    switch (enmDigest)
+    {
+        case RTDIGESTTYPE_SHA512:  RTSha512Update(&pHashCtx->Sha512, pvBuf, cbBuf); break;
+        case RTDIGESTTYPE_SHA256:  RTSha256Update(&pHashCtx->Sha256, pvBuf, cbBuf); break;
+        case RTDIGESTTYPE_SHA1:    RTSha1Update(&pHashCtx->Sha1, pvBuf, cbBuf); break;
+        case RTDIGESTTYPE_MD5:     RTMd5Update(&pHashCtx->Md5, pvBuf, cbBuf); break;
+        default:                   AssertReleaseFailed();
+    }
+}
+/**
+ * Finalizes the hash calculations.
+ *
+ * @param   pHashCtx            The hash context union.
+ * @param   enmDigest           The hash type we're calculating..
+ * @param   pHashRes            The hash result union.
+ */
+static void rtLdrPE_HashFinalize(PRTLDRPEHASHCTXUNION pHashCtx, RTDIGESTTYPE enmDigest, PRTLDRPEHASHRESUNION pHashRes)
+{
+    switch (enmDigest)
+    {
+        case RTDIGESTTYPE_SHA512:  RTSha512Final(&pHashCtx->Sha512, pHashRes->abSha512); break;
+        case RTDIGESTTYPE_SHA256:  RTSha256Final(&pHashCtx->Sha256, pHashRes->abSha256); break;
+        case RTDIGESTTYPE_SHA1:    RTSha1Final(&pHashCtx->Sha1, pHashRes->abSha1); break;
+        case RTDIGESTTYPE_MD5:     RTMd5Final(pHashRes->abMd5, &pHashCtx->Md5); break;
+        default:                   AssertReleaseFailed();
+    }
+}
+/**
+ * Returns the digest size for the given digest type.
+ *
+ * @returns Size in bytes.
+ * @param   enmDigest           The hash type in question.
+ */
+static uint32_t rtLdrPE_HashGetHashSize(RTDIGESTTYPE enmDigest)
+{
+    switch (enmDigest)
+    {
+        case RTDIGESTTYPE_SHA512:  return RTSHA512_HASH_SIZE;
+        case RTDIGESTTYPE_SHA256:  return RTSHA256_HASH_SIZE;
+        case RTDIGESTTYPE_SHA1:    return RTSHA1_HASH_SIZE;
+        case RTDIGESTTYPE_MD5:     return RTMD5_HASH_SIZE;
+        default:                   AssertReleaseFailedReturn(0);
+    }
+}
+/**
+ * Calculate the special too watch out for when hashing the image.
+ *
+ * @returns IPRT status code.
+ * @param   pModPe              The PE module.
+ * @param   pPlaces             The structure where to store the special places.
+ * @param   pErrInfo            Optional error info.
+ */
+static int rtldrPe_CalcSpecialHashPlaces(PRTLDRMODPE pModPe, PRTLDRPEHASHSPECIALS pPlaces, PRTERRINFO pErrInfo)
+{
+    /*
+     * If we're here despite a missing signature, we need to get the file size.
+     */
+    pPlaces->cbToHash = pModPe->SecurityDir.VirtualAddress;
+    if (pPlaces->cbToHash == 0)
+    {
+        RTFOFF cbFile = pModPe->Core.pReader->pfnSize(pModPe->Core.pReader);
+        pPlaces->cbToHash = (uint32_t)cbFile;
+        if (pPlaces->cbToHash != (RTFOFF)cbFile)
+            return RTErrInfoSetF(pErrInfo, VERR_LDRVI_FILE_LENGTH_ERROR, "File is too large: %RTfoff", cbFile);
+    }
+    /*
+     * Calculate the special places.
+     */
+    pPlaces->offCksum       = (uint32_t)pModPe->offNtHdrs
+                            + (pModPe->f64Bit
+                               ? RT_OFFSETOF(IMAGE_NT_HEADERS64, OptionalHeader.CheckSum)
+                               : RT_OFFSETOF(IMAGE_NT_HEADERS32, OptionalHeader.CheckSum));
+    pPlaces->cbCksum        = RT_SIZEOFMEMB(IMAGE_NT_HEADERS32, OptionalHeader.CheckSum);
+    pPlaces->offSecDir      = (uint32_t)pModPe->offNtHdrs
+                            + (pModPe->f64Bit
+                               ? RT_OFFSETOF(IMAGE_NT_HEADERS64, OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY])
+                               : RT_OFFSETOF(IMAGE_NT_HEADERS32, OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]));
+    pPlaces->cbSecDir       = sizeof(IMAGE_DATA_DIRECTORY);
+    pPlaces->offEndSpecial  = pPlaces->offSecDir + pPlaces->cbSecDir;
+    return VINF_SUCCESS;
+}
+/**
+ * Calculates the whole image hash.
+ *
+ * The Authenticode_PE.docx version 1.0 explains how the hash is calculated,
+ * points 8 thru 14 are bogus.  If you study them a little carefully, it is
+ * clear that the algorithm will only work if the raw data for the section have
+ * no gaps between them or in front of them.  So, this elaborate section sorting
+ * by PointerToRawData and working them section by section could simply be
+ * replaced by one point:
+ *
+ *      8. Add all the file content between SizeOfHeaders and the
+ *         attribute certificate table to the hash.  Then finalize
+ *         the hash.
+ *
+ * Not sure if Microsoft is screwing with us on purpose here or whether they
+ * assigned some of this work to less talented engineers and tech writers.  I
+ * love fact that they say it's "simplified" and should yield the correct hash
+ * for "almost all" files.  Stupid, Stupid, Microsofties!!
+ *
+ * My simplified implementation that just hashes the entire file up to the
+ * signature or end of the file produces the same SHA1 values as "signtool
+ * verify /v" does both for edited executables with gaps between/before/after
+ * sections raw data and normal executables without any gaps.
+ *
+ * @returns IPRT status code.
+ * @param   pModPe      The PE module.
+ * @param   pvScratch   Scratch buffer.
+ * @param   cbScratch   Size of the scratch buffer.
+ * @param   enmDigest   The hash digest type we're calculating.
+ * @param   pHashCtx    Hash context scratch area.
+ * @param   pHashRes    Hash result buffer.
+ * @param   pErrInfo    Optional error info buffer.
+ */
+static int rtldrPE_HashImageCommon(PRTLDRMODPE pModPe, void *pvScratch, uint32_t cbScratch, RTDIGESTTYPE enmDigest,
+                                   PRTLDRPEHASHCTXUNION pHashCtx, PRTLDRPEHASHRESUNION pHashRes, PRTERRINFO pErrInfo)
+{
+    int rc = rtLdrPE_HashInit(pHashCtx, enmDigest);
+    if (RT_FAILURE(rc))
+        return rc;
+    /*
+     * Calculate the special places.
+     */
+    RTLDRPEHASHSPECIALS SpecialPlaces;
+    rc = rtldrPe_CalcSpecialHashPlaces(pModPe, &SpecialPlaces, pErrInfo);
+    if (RT_FAILURE(rc))
+        return rc;
+    /*
+     * Work our way thru the image data.
+     */
+    uint32_t off = 0;
+    while (off < SpecialPlaces.cbToHash)
+    {
+        uint32_t cbRead = RT_MIN(SpecialPlaces.cbToHash - off, cbScratch);
+        uint8_t *pbCur  = (uint8_t *)pvScratch;
+        rc = pModPe->Core.pReader->pfnRead(pModPe->Core.pReader, pbCur, cbRead, off);
+        if (RT_FAILURE(rc))
+            return RTErrInfoSetF(pErrInfo, VERR_LDRVI_READ_ERROR_HASH, "Hash read error at %#x: %Rrc (cbRead=%#zx)",
+                                 off, rc, cbRead);
+        if (off < SpecialPlaces.offEndSpecial)
+        {
+            if (off < SpecialPlaces.offCksum)
+            {
+                /* Hash everything up to the checksum. */
+                uint32_t cbChunk = RT_MIN(SpecialPlaces.offCksum - off, cbRead);
+                rtLdrPE_HashUpdate(pHashCtx, enmDigest, pbCur, cbChunk);
+                pbCur  += cbChunk;
+                cbRead -= cbChunk;
+                off    += cbChunk;
+            }
+            if (off < SpecialPlaces.offCksum + SpecialPlaces.cbCksum && off >= SpecialPlaces.offCksum)
+            {
+                /* Skip the checksum */
+                uint32_t cbChunk = RT_MIN(SpecialPlaces.offCksum + SpecialPlaces.cbCksum - off, cbRead);
+                pbCur  += cbChunk;
+                cbRead -= cbChunk;
+                off    += cbChunk;
+            }
+            if (off < SpecialPlaces.offSecDir && off >= SpecialPlaces.offCksum + SpecialPlaces.cbCksum)
+            {
+                /* Hash everything between the checksum and the data dir entry. */
+                uint32_t cbChunk = RT_MIN(SpecialPlaces.offSecDir - off, cbRead);
+                rtLdrPE_HashUpdate(pHashCtx, enmDigest,  pbCur, cbChunk);
+                pbCur  += cbChunk;
+                cbRead -= cbChunk;
+                off    += cbChunk;
+            }
+            if (off < SpecialPlaces.offSecDir + SpecialPlaces.cbSecDir && off >= SpecialPlaces.offSecDir)
+            {
+                /* Skip the security data directory entry. */
+                uint32_t cbChunk = RT_MIN(SpecialPlaces.offSecDir + SpecialPlaces.cbSecDir - off, cbRead);
+                pbCur  += cbChunk;
+                cbRead -= cbChunk;
+                off    += cbChunk;
+            }
+        }
+        rtLdrPE_HashUpdate(pHashCtx, enmDigest, pbCur, cbRead);
+        /* Advance */
+        off += cbRead;
+    }
+    /*
+     * If there isn't a signature, experiments with signtool indicates that we
+     * have to zero padd the file size until it's a multiple of 8.  (This is
+     * most likely to give 64-bit values in the certificate a natural alignment
+     * when memory mapped.)
+     */
+    if (   pModPe->SecurityDir.Size != SpecialPlaces.cbToHash
+        && SpecialPlaces.cbToHash != RT_ALIGN_32(SpecialPlaces.cbToHash, WIN_CERTIFICATE_ALIGNMENT))
+    {
+        static const uint8_t s_abZeros[WIN_CERTIFICATE_ALIGNMENT] = { 0,0,0,0, 0,0,0,0 };
+        rtLdrPE_HashUpdate(pHashCtx, enmDigest, s_abZeros,
+                           RT_ALIGN_32(SpecialPlaces.cbToHash, WIN_CERTIFICATE_ALIGNMENT) - SpecialPlaces.cbToHash);
+    }
+    /*
+     * Done. Finalize the hashes.
+     */
+    rtLdrPE_HashFinalize(pHashCtx, enmDigest, pHashRes);
+    return VINF_SUCCESS;
+}
+#ifndef IPRT_WITHOUT_LDR_VERIFY
+/**
+ * Verifies image preconditions not checked by the open validation code.
+ *
+ * @returns IPRT status code.
+ * @param   pModPe              The PE module.
+ * @param   pErrInfo            Optional error info buffer.
+ */
+static int rtldrPE_VerifySignatureImagePrecoditions(PRTLDRMODPE pModPe, PRTERRINFO pErrInfo)
+{
+    /*
+     * Validate the sections.  While doing so, track the amount of section raw
+     * section data in the file so we can use this to validate the signature
+     * table location later.
+     */
+    uint32_t offNext = pModPe->cbHeaders; /* same */
+    for (uint32_t i = 0; i < pModPe->cSections; i++)
+        if (pModPe->paSections[i].SizeOfRawData > 0)
+        {
+            uint64_t offEnd = (uint64_t)pModPe->paSections[i].PointerToRawData + pModPe->paSections[i].SizeOfRawData;
+            if (offEnd > offNext)
+            {
+                if (offEnd >= _2G)
+                    return RTErrInfoSetF(pErrInfo, VERR_LDRVI_SECTION_RAW_DATA_VALUES,
+                                         "Section %#u specifies file data after 2GB: PointerToRawData=%#x SizeOfRawData=%#x",
+                                         i, pModPe->paSections[i].PointerToRawData, pModPe->paSections[i].SizeOfRawData);
+                offNext = (uint32_t)offEnd;
+            }
+        }
+    uint32_t offEndOfSectionData = offNext;
+    /*
+     * Validate the signature.
+     */
+    if (!pModPe->SecurityDir.Size)
+        return RTErrInfoSet(pErrInfo, VERR_LDRVI_NOT_SIGNED, "Not signed.");
+    uint32_t const offSignature = pModPe->SecurityDir.VirtualAddress;
+    uint32_t const cbSignature  = pModPe->SecurityDir.Size;
+    if (   cbSignature  <= sizeof(WIN_CERTIFICATE)
+        || cbSignature  >= RTLDRMODPE_MAX_SECURITY_DIR_SIZE
+        || offSignature >= _2G)
+        return RTErrInfoSetF(pErrInfo, VERR_LDRVI_INVALID_SECURITY_DIR_ENTRY,
+                             "Invalid security data dir entry: cb=%#x off=%#x", cbSignature, offSignature);
+    if (offSignature < offEndOfSectionData)
+        return RTErrInfoSetF(pErrInfo, VERR_LDRVI_INVALID_SECURITY_DIR_ENTRY,
+                             "Invalid security data dir entry offset: %#x offEndOfSectionData=%#x",
+                             offSignature, offEndOfSectionData);
+    if (RT_ALIGN_32(offSignature, WIN_CERTIFICATE_ALIGNMENT) != offSignature)
+        return RTErrInfoSetF(pErrInfo, VERR_LDRVI_INVALID_SECURITY_DIR_ENTRY,
+                             "Misaligned security dir entry offset: %#x (alignment=%#x)",
+                             offSignature, WIN_CERTIFICATE_ALIGNMENT);
+    return VINF_SUCCESS;
+}
+/**
+ * Reads and checks the raw signature data.
+ *
+ * @returns IPRT status code.
+ * @param   pModPe              The PE module.
+ * @param   ppSignature         Where to return the pointer to the parsed
+ *                              signature data.  Pass to
+ *                              rtldrPE_VerifySignatureDestroy when done.
+ * @param   pErrInfo            Optional error info buffer.
+ */
+static int rtldrPE_VerifySignatureRead(PRTLDRMODPE pModPe, PRTLDRPESIGNATURE *ppSignature, PRTERRINFO pErrInfo)
+{
+    *ppSignature = NULL;
+    AssertReturn(pModPe->SecurityDir.Size > 0, VERR_INTERNAL_ERROR_2);
+    /*
+     * Allocate memory for reading and parsing it.
+     */
+    if (pModPe->SecurityDir.Size >= RTLDRMODPE_MAX_SECURITY_DIR_SIZE)
+        return RTErrInfoSetF(pErrInfo, VERR_LDRVI_INVALID_SECURITY_DIR_ENTRY,
+                             "Signature directory is to large: %#x", pModPe->SecurityDir.Size);
+    PRTLDRPESIGNATURE pSignature = (PRTLDRPESIGNATURE)RTMemTmpAllocZ(sizeof(*pSignature) + 64 + pModPe->SecurityDir.Size);
+    if (!pSignature)
+        return RTErrInfoSetF(pErrInfo, VERR_LDRVI_NO_MEMORY_SIGNATURE, "Failed to allocate %zu bytes",
+                             sizeof(*pSignature) + 64 + pModPe->SecurityDir.Size);
+    pSignature->pRawData = RT_ALIGN_PT(pSignature + 1, 64, WIN_CERTIFICATE const *);
+    /*
+     * Read it.
+     */
+    int rc = pModPe->Core.pReader->pfnRead(pModPe->Core.pReader, (void *)pSignature->pRawData,
+                                           pModPe->SecurityDir.Size, pModPe->SecurityDir.VirtualAddress);
+    if (RT_SUCCESS(rc))
+    {
+        /*
+         * Check the table we've read in.
+         */
+        uint32_t               cbLeft = pModPe->SecurityDir.Size;
+        WIN_CERTIFICATE const *pEntry = pSignature->pRawData;
+        for (;;)
+        {
+            if (   cbLeft           < sizeof(*pEntry)
+                || pEntry->dwLength > cbLeft
+                || pEntry->dwLength < sizeof(*pEntry))
+                rc = RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_HDR_LENGTH,
+                                   "Bad WIN_CERTIFICATE length: %#x  (max %#x, signature=%u)",
+                                   pEntry->dwLength, cbLeft, 0);
+            else if (pEntry->wRevision != WIN_CERT_REVISION_2_0)
+                rc = RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_HDR_REVISION,
+                                   "Unsupported WIN_CERTIFICATE revision value: %#x (signature=%u)",
+                                   pEntry->wRevision, 0);
+            else if (pEntry->wCertificateType != WIN_CERT_TYPE_PKCS_SIGNED_DATA)
+                rc = RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_HDR_TYPE,
+                                   "Unsupported WIN_CERTIFICATE certificate type: %#x (signature=%u)",
+                                   pEntry->wCertificateType, 0);
+            else
+            {
+                /* advance */
+                uint32_t cbEntry = RT_ALIGN(pEntry->dwLength, WIN_CERTIFICATE_ALIGNMENT);
+                if (cbEntry >= cbLeft)
+                    break;
+                cbLeft -= cbEntry;
+                pEntry = (WIN_CERTIFICATE *)((uintptr_t)pEntry + cbEntry);
+                /* For now, only one entry is supported. */
+                rc = RTErrInfoSet(pErrInfo, VERR_LDRVI_BAD_CERT_MULTIPLE, "Multiple WIN_CERTIFICATE entries are not supported.");
+            }
+            break;
+        }
+        if (RT_SUCCESS(rc))
+        {
+            *ppSignature = pSignature;
+            return VINF_SUCCESS;
+        }
+    }
+    else
+        rc = RTErrInfoSetF(pErrInfo, VERR_LDRVI_READ_ERROR_SIGNATURE, "Signature read error: %Rrc", rc);
+    RTMemTmpFree(pSignature);
+    return rc;
+}
+/**
+ * Destroys the parsed signature.
+ *
+ * @param   pModPe              The PE module.
+ * @param   pSignature          The signature data to destroy.
+ */
+static void rtldrPE_VerifySignatureDestroy(PRTLDRMODPE pModPe, PRTLDRPESIGNATURE pSignature)
+{
+    RTCrPkcs7ContentInfo_Delete(&pSignature->ContentInfo);
+    RTMemTmpFree(pSignature);
+}
+/**
+ * Decodes the raw signature.
+ *
+ * @returns IPRT status code.
+ * @param   pModPe              The PE module.
+ * @param   pSignature          The signature data.
+ * @param   pErrInfo            Optional error info buffer.
+ */
+static int rtldrPE_VerifySignatureDecode(PRTLDRMODPE pModPe, PRTLDRPESIGNATURE pSignature, PRTERRINFO pErrInfo)
+{
+    WIN_CERTIFICATE const  *pEntry = pSignature->pRawData;
+    AssertReturn(pEntry->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA, VERR_INTERNAL_ERROR_2);
+    AssertReturn(pEntry->wRevision        == WIN_CERT_REVISION_2_0, VERR_INTERNAL_ERROR_2);
+    RTASN1CURSORPRIMARY PrimaryCursor;
+    RTAsn1CursorInitPrimary(&PrimaryCursor,
+                            &pEntry->bCertificate[0],
+                            pEntry->dwLength - RT_OFFSETOF(WIN_CERTIFICATE, bCertificate),
+                            pErrInfo,
+                            &g_RTAsn1DefaultAllocator,
+,
+                            "WinCert");
+    int rc = RTCrPkcs7ContentInfo_DecodeAsn1(&PrimaryCursor.Cursor, 0, &pSignature->ContentInfo, "CI");
+    if (RT_SUCCESS(rc))
+    {
+        if (RTCrPkcs7ContentInfo_IsSignedData(&pSignature->ContentInfo))
+        {
+            pSignature->pSignedData = pSignature->ContentInfo.u.pSignedData;
+            /*
+             * Decode the authenticode bits.
+             */
+            if (!strcmp(pSignature->pSignedData->ContentInfo.ContentType.szObjId, RTCRSPCINDIRECTDATACONTENT_OID))
+            {
+                pSignature->pIndData = pSignature->pSignedData->ContentInfo.u.pIndirectDataContent;
+                Assert(pSignature->pIndData);
+                /*
+                 * Check that things add up.
+                 */
+                if (RT_SUCCESS(rc))
+                    rc = RTCrPkcs7SignedData_CheckSanity(pSignature->pSignedData,
+                                                         RTCRPKCS7SIGNEDDATA_SANITY_F_AUTHENTICODE
+                                                         | RTCRPKCS7SIGNEDDATA_SANITY_F_ONLY_KNOWN_HASH
+                                                         | RTCRPKCS7SIGNEDDATA_SANITY_F_SIGNING_CERT_PRESENT,
+                                                         pErrInfo, "SD");
+                if (RT_SUCCESS(rc))
+                    rc = RTCrSpcIndirectDataContent_CheckSanityEx(pSignature->pIndData,
+                                                                  pSignature->pSignedData,
+                                                                  RTCRSPCINDIRECTDATACONTENT_SANITY_F_ONLY_KNOWN_HASH,
+                                                                  pErrInfo);
+                if (RT_SUCCESS(rc))
+                {
+                    PCRTCRX509ALGORITHMIDENTIFIER pDigestAlgorithm = &pSignature->pIndData->DigestInfo.DigestAlgorithm;
+                    pSignature->enmDigest = RTCrX509AlgorithmIdentifier_QueryDigestType(pDigestAlgorithm);
+                    AssertReturn(pSignature->enmDigest != RTDIGESTTYPE_INVALID, VERR_INTERNAL_ERROR_4); /* Checked above! */
+                }
+            }
+            else
+                rc = RTErrInfoSetF(pErrInfo, VERR_LDRVI_EXPECTED_INDIRECT_DATA_CONTENT_OID,
+                                   "Unknown pSignedData.ContentInfo.ContentType.szObjId value: %s (expected %s)",
+                                   pSignature->pSignedData->ContentInfo.ContentType.szObjId, RTCRSPCINDIRECTDATACONTENT_OID);
+        }
+    }
+    return rc;
+}
+static int rtldrPE_VerifyAllPageHashesV2(PRTLDRMODPE pModPe, PCRTCRSPCSERIALIZEDOBJECTATTRIBUTE pAttrib, RTDIGESTTYPE enmDigest,
+                                         void *pvScratch, size_t cbScratch, PRTERRINFO pErrInfo)
+{
+    AssertReturn(cbScratch >= _4K, VERR_INTERNAL_ERROR_3);
+    /*
+     * Calculate the special places.
+     */
+    RTLDRPEHASHSPECIALS SpecialPlaces;
+    int rc = rtldrPe_CalcSpecialHashPlaces(pModPe, &SpecialPlaces, pErrInfo);
+    if (RT_FAILURE(rc))
+        return rc;
+    uint32_t const cbHash = rtLdrPE_HashGetHashSize(enmDigest);
+    uint32_t const cPages = pAttrib->u.pPageHashesV2->RawData.Asn1Core.cb / (cbHash + 4);
+    if (cPages * (cbHash + 4) != pAttrib->u.pPageHashesV2->RawData.Asn1Core.cb)
+        return RTErrInfoSetF(pErrInfo, VERR_LDRVI_PAGE_HASH_TAB_SIZE_OVERFLOW,
+                             "Page Hashes V2 size issue: cb=%#x cbHash=%#x",
+                             pAttrib->u.pPageHashesV2->RawData.Asn1Core.cb, cbHash);
+    /*
+     * Walk the table.
+     */
+    uint32_t const  cbScratchReadMax = cbScratch & ~(uint32_t)(_4K - 1);
+    uint32_t        cbScratchRead    = 0;
+    uint32_t        offScratchRead   = 0;
+    uint32_t        offPrev    = 0;
+    uint32_t        offSectEnd = pModPe->cbHeaders;
+    uint32_t        iSh        = UINT32_MAX;
+    uint8_t const  *pbHashTab  = pAttrib->u.pPageHashesV2->RawData.Asn1Core.uData.pu8;
+    for (uint32_t iPage = 0; iPage < cPages; iPage++)
+    {
+        /* Decode the page offset. */
+        uint32_t const offFile = RT_MAKE_U32_FROM_U8(pbHashTab[0], pbHashTab[1], pbHashTab[2], pbHashTab[3]);
+        if (offFile >= SpecialPlaces.cbToHash)
+        {
+            /* The last entry is zero. */
+            if (   offFile   == SpecialPlaces.cbToHash
+                && iPage + 1 == cPages
+                && ASMMemIsAll8(pbHashTab + 4, cbHash, 0) == NULL)
+                return VINF_SUCCESS;
+            return RTErrInfoSetF(pErrInfo, VERR_LDRVI_PAGE_HASH_TAB_TOO_LONG,
+                                 "Page hash entry #%u is beyond the signature table start: %#x, %#x",
+                                 iPage, offFile, SpecialPlaces.cbToHash);
+        }
+        if (offFile < offPrev)
+            return RTErrInfoSetF(pErrInfo, VERR_LDRVI_PAGE_HASH_TAB_NOT_STRICTLY_SORTED,
+                                 "Page hash table is not strictly sorted: entry #%u @%#x, previous @%#x\n",
+                                 iPage, offFile, offPrev);
+        /* Figure out how much to read and how much to zero.  Need keep track
+           of the on-disk section boundraries. */
+        if (offFile >= offSectEnd)
+        {
+            iSh++;
+            if (   iSh < pModPe->cSections
+                && offFile - pModPe->paSections[iSh].PointerToRawData < pModPe->paSections[iSh].SizeOfRawData)
+                offSectEnd = pModPe->paSections[iSh].PointerToRawData + pModPe->paSections[iSh].SizeOfRawData;
+            else
+            {
+                iSh = 0;
+                while (   iSh < pModPe->cSections
+                       && offFile - pModPe->paSections[iSh].PointerToRawData >= pModPe->paSections[iSh].SizeOfRawData)
+                    iSh++;
+                if (iSh < pModPe->cSections)
+                    offSectEnd = pModPe->paSections[iSh].PointerToRawData + pModPe->paSections[iSh].SizeOfRawData;
+                else
+                    return RTErrInfoSetF(pErrInfo, VERR_PAGE_HASH_TAB_HASHES_NON_SECTION_DATA,
+                                         "Page hash entry #%u isn't in any section: %#x", iPage, offFile);
+            }
+        }
+        uint32_t cbRead = _4K;
+        if (offFile + cbRead > offSectEnd)
+            cbRead = offSectEnd - offFile;
+        if (offFile + cbRead > SpecialPlaces.cbToHash)
+            cbRead = SpecialPlaces.cbToHash - offFile;
+        /* Did we get a cache hit? */
+        uint8_t *pbCur = (uint8_t *)pvScratch;
+        if (   offFile + cbRead <= offScratchRead + cbScratchRead
+            && offFile          >= offScratchRead)
+            pbCur += offFile - offScratchRead;
+        /* Missed, read more. */
+        else
+        {
+            offScratchRead = offFile;
+            cbScratchRead  = offSectEnd - offFile;
+            if (cbScratchRead > cbScratchReadMax)
+                cbScratchRead = cbScratchReadMax;
+            rc = pModPe->Core.pReader->pfnRead(pModPe->Core.pReader, pbCur, cbScratchRead, offScratchRead);
+            if (RT_FAILURE(rc))
+                return RTErrInfoSetF(pErrInfo, VERR_LDRVI_READ_ERROR_HASH,
+                                     "Page hash read error at %#x: %Rrc (cbScratchRead=%#zx)",
+                                     offScratchRead, rc, cbScratchRead);
+        }
+        /* Zero any additional bytes in the page. */
+        if (cbRead != _4K)
+            memset(pbCur + cbRead, 0, _4K - cbRead);
+        /*
+         * Hash it.
+         */
+        RTLDRPEHASHCTXUNION HashCtx;
+        rc = rtLdrPE_HashInit(&HashCtx, enmDigest);
+        AssertRCReturn(rc, rc);
+        /* Deal with special places. */
+        uint32_t       cbLeft = _4K;
+        if (offFile < SpecialPlaces.offEndSpecial)
+        {
+            uint32_t off = offFile;
+            if (off < SpecialPlaces.offCksum)
+            {
+                /* Hash everything up to the checksum. */
+                uint32_t cbChunk = RT_MIN(SpecialPlaces.offCksum - off, cbLeft);
+                rtLdrPE_HashUpdate(&HashCtx, enmDigest, pbCur, cbChunk);
+                pbCur  += cbChunk;
+                cbLeft -= cbChunk;
+                off    += cbChunk;
+            }
+            if (off < SpecialPlaces.offCksum + SpecialPlaces.cbCksum && off >= SpecialPlaces.offCksum)
+            {
+                /* Skip the checksum */
+                uint32_t cbChunk = RT_MIN(SpecialPlaces.offCksum + SpecialPlaces.cbCksum - off, cbLeft);
+                pbCur  += cbChunk;
+                cbLeft -= cbChunk;
+                off    += cbChunk;
+            }
+            if (off < SpecialPlaces.offSecDir && off >= SpecialPlaces.offCksum + SpecialPlaces.cbCksum)
+            {
+                /* Hash everything between the checksum and the data dir entry. */
+                uint32_t cbChunk = RT_MIN(SpecialPlaces.offSecDir - off, cbLeft);
+                rtLdrPE_HashUpdate(&HashCtx, enmDigest, pbCur, cbChunk);
+                pbCur  += cbChunk;
+                cbLeft -= cbChunk;
+                off    += cbChunk;
+            }
+            if (off < SpecialPlaces.offSecDir + SpecialPlaces.cbSecDir && off >= SpecialPlaces.offSecDir)
+            {
+                /* Skip the security data directory entry. */
+                uint32_t cbChunk = RT_MIN(SpecialPlaces.offSecDir + SpecialPlaces.cbSecDir - off, cbLeft);
+                pbCur  += cbChunk;
+                cbLeft -= cbChunk;
+                off    += cbChunk;
+            }
+        }
+        rtLdrPE_HashUpdate(&HashCtx, enmDigest, pbCur, cbLeft);
+        /*
+         * Finish the hash calculation and compare the result.
+         */
+        RTLDRPEHASHRESUNION HashRes;
+        rtLdrPE_HashFinalize(&HashCtx, enmDigest, &HashRes);
+        pbHashTab += 4;
+        if (memcmp(pbHashTab, &HashRes, cbHash) != 0)
+            return RTErrInfoSetF(pErrInfo, VERR_LDRVI_PAGE_HASH_MISMATCH,
+                                 "Page hash v2 failed for page #%u, @%#x, %#x bytes: %.*Rhxs != %.*Rhxs",
+                                 iPage, offFile, cbRead, (size_t)cbHash, pbHashTab, (size_t)cbHash, &HashRes);
+        pbHashTab += cbHash;
+        offPrev = offFile;
+    }
+    return VINF_SUCCESS;
+}
+/**
+ * Validates the image hash, including page hashes if present.
+ *
+ * @returns IPRT status code.
+ * @param   pModPe              The PE module.
+ * @param   pSignature          The decoded signature data.
+ * @param   pErrInfo            Optional error info buffer.
+ */
+static int rtldrPE_VerifySignatureValidateHash(PRTLDRMODPE pModPe, PRTLDRPESIGNATURE pSignature, PRTERRINFO pErrInfo)
+{
+    AssertReturn(pSignature->enmDigest > RTDIGESTTYPE_INVALID && pSignature->enmDigest < RTDIGESTTYPE_END, VERR_INTERNAL_ERROR_4);
+    AssertPtrReturn(pSignature->pIndData, VERR_INTERNAL_ERROR_5);
+    AssertReturn(RTASN1CORE_IS_PRESENT(&pSignature->pIndData->DigestInfo.Digest.Asn1Core), VERR_INTERNAL_ERROR_5);
+    AssertPtrReturn(pSignature->pIndData->DigestInfo.Digest.Asn1Core.uData.pv, VERR_INTERNAL_ERROR_5);
+    uint32_t const cbHash = rtLdrPE_HashGetHashSize(pSignature->enmDigest);
+    AssertReturn(pSignature->pIndData->DigestInfo.Digest.Asn1Core.cb == cbHash, VERR_INTERNAL_ERROR_5);
+    /*
+     * Allocate a temporary memory buffer.
+     */
+#ifdef IN_RING0
+    uint32_t    cbScratch = _256K;
+#else
+    uint32_t    cbScratch = _1M;
+#endif
+    void       *pvScratch = RTMemTmpAlloc(cbScratch);
+    if (!pvScratch)
+    {
+        cbScratch = _4K;
+        pvScratch = RTMemTmpAlloc(cbScratch);
+        if (!pvScratch)
+            return RTErrInfoSet(pErrInfo, VERR_NO_TMP_MEMORY, "Failed to allocate 4KB of scratch space for hashing image.");
+    }
+    /*
+     * Calculate and compare the full image hash.
+     */
+    int rc = rtldrPE_HashImageCommon(pModPe, pvScratch, cbScratch, pSignature->enmDigest,
+                                     &pSignature->HashCtx, &pSignature->HashRes, pErrInfo);
+    if (RT_SUCCESS(rc))
+    {
+        if (!memcmp(&pSignature->HashRes, pSignature->pIndData->DigestInfo.Digest.Asn1Core.uData.pv, cbHash))
+        {
+            /*
+             * Compare the page hashes if present.
+             */
+            PCRTCRSPCSERIALIZEDOBJECTATTRIBUTE pAttrib = RTCrSpcIndirectDataContent_GetPeImageHashesV2(pSignature->pIndData);
+            if (pAttrib)
+                rc = rtldrPE_VerifyAllPageHashesV2(pModPe, pAttrib, pSignature->enmDigest, pvScratch, cbScratch, pErrInfo);
+            return rc;
+        }
+        rc = RTErrInfoSetF(pErrInfo, VERR_LDRVI_IMAGE_HASH_MISMATCH,
+                           "Full image signature mismatch: %.*Rhxs, expected %.*Rhxs",
+                           cbHash, &pSignature->HashRes,
+                           cbHash, pSignature->pIndData->DigestInfo.Digest.Asn1Core.uData.pv);
+    }
+    RTMemTmpFree(pvScratch);
+    return rc;
+}
+#endif /* !IPRT_WITHOUT_LDR_VERIFY */
+/** @interface_method_impl{RTLDROPS,pfnVerifySignature} */
+static DECLCALLBACK(int) rtldrPE_VerifySignature(PRTLDRMODINTERNAL pMod, PFNRTLDRVALIDATESIGNEDDATA pfnCallback, void *pvUser,
+                                                 PRTERRINFO pErrInfo)
+{
+#ifndef IPRT_WITHOUT_LDR_VERIFY
+    PRTLDRMODPE pModPe = (PRTLDRMODPE)pMod;
+    int rc = rtldrPE_VerifySignatureImagePrecoditions(pModPe, pErrInfo);
+    if (RT_SUCCESS(rc))
+    {
+        PRTLDRPESIGNATURE pSignature = NULL;
+        rc = rtldrPE_VerifySignatureRead(pModPe, &pSignature, pErrInfo);
+        if (RT_SUCCESS(rc))
+        {
+            rc = rtldrPE_VerifySignatureDecode(pModPe, pSignature, pErrInfo);
+            if (RT_SUCCESS(rc))
+                rc = rtldrPE_VerifySignatureValidateHash(pModPe, pSignature, pErrInfo);
+            if (RT_SUCCESS(rc))
+            {
+                rc = pfnCallback(&pModPe->Core, RTLDRSIGNATURETYPE_PKCS7_SIGNED_DATA,
+                                 &pSignature->ContentInfo, sizeof(pSignature->ContentInfo),
+                                 pErrInfo, pvUser);
+            }
+            rtldrPE_VerifySignatureDestroy(pModPe, pSignature);
+        }
+    }
+    return rc;
+#else
+    return VERR_NOT_SUPPORTED;
+#endif
+}
+/**  @interface_method_impl{RTLDROPS,pfnHashImage}  */
+static DECLCALLBACK(int) rtldrPE_HashImage(PRTLDRMODINTERNAL pMod, RTDIGESTTYPE enmDigest, char *pszDigest, size_t cbDigest)
+{
+    PRTLDRMODPE pModPe = (PRTLDRMODPE)pMod;
+    /*
+     * Allocate a temporary memory buffer.
+     */
+    uint32_t    cbScratch = _16K;
+    void       *pvScratch = RTMemTmpAlloc(cbScratch);
+    if (!pvScratch)
+    {
+        cbScratch = _4K;
+        pvScratch = RTMemTmpAlloc(cbScratch);
+        if (!pvScratch)
+            return VERR_NO_TMP_MEMORY;
+    }
+    /*
+     * Do the hashing.
+     */
+    RTLDRPEHASHCTXUNION HashCtx;
+    RTLDRPEHASHRESUNION HashRes;
+    int rc = rtldrPE_HashImageCommon(pModPe, pvScratch, cbScratch, enmDigest, &HashCtx, &HashRes, NULL);
+    if (RT_SUCCESS(rc))
+    {
+        /*
+         * Format the digest into as human readable hash string.
+         */
+        switch (enmDigest)
+        {
+            case RTDIGESTTYPE_SHA512:  rc = RTSha512ToString(HashRes.abSha512, pszDigest, cbDigest); break;
+            case RTDIGESTTYPE_SHA256:  rc = RTSha256ToString(HashRes.abSha256, pszDigest, cbDigest); break;
+            case RTDIGESTTYPE_SHA1:    rc = RTSha1ToString(HashRes.abSha1, pszDigest, cbDigest); break;
+            case RTDIGESTTYPE_MD5:     rc = RTMd5ToString(HashRes.abMd5, pszDigest, cbDigest); break;
+            default:                   AssertFailedReturn(VERR_INTERNAL_ERROR_3);
+        }
+    }
+    return rc;
+}
 /** @copydoc RTLDROPS::pfnDone */
 static DECLCALLBACK(int) rtldrPEDone(PRTLDRMODINTERNAL pMod)
 …
     return VINF_SUCCESS;
+}
 /** @copydoc RTLDROPS::pfnClose */
 …
         NULL,
         rtldrPE_QueryProp,
+        rtldrPE_VerifySignature,
+        rtldrPE_HashImage,
     },
 …
         NULL,
         rtldrPE_QueryProp,
+        rtldrPE_VerifySignature,
+        rtldrPE_HashImage,
     },
 …
      * volatile everywhere! Trying to prevent the compiler being a smarta$$ and reorder stuff.
      */
+    IMAGE_LOAD_CONFIG_DIRECTORY32 volatile *pLoadCfg32 = (IMAGE_LOAD_CONFIG_DIRECTORY32 volatile *)pLoadCfg;
+    IMAGE_LOAD_CONFIG_DIRECTORY64 volatile *pLoadCfg64 = pLoadCfg;
+    pLoadCfg64->SEHandlerCount             = pLoadCfg32->SEHandlerCount;
+    pLoadCfg64->SEHandlerTable             = pLoadCfg32->SEHandlerTable;
+    pLoadCfg64->SecurityCookie             = pLoadCfg32->SecurityCookie;
+    pLoadCfg64->EditList                   = pLoadCfg32->EditList;
+    pLoadCfg64->Reserved1                  = pLoadCfg32->Reserved1;
+    pLoadCfg64->CSDVersion                 = pLoadCfg32->CSDVersion;
+    pLoadCfg64->ProcessHeapFlags           = pLoadCfg32->ProcessHeapFlags; /* switched place with ProcessAffinityMask, but we're more than 16 byte off by now so it doesn't matter. */
+    pLoadCfg64->ProcessAffinityMask        = pLoadCfg32->ProcessAffinityMask;
+    pLoadCfg64->VirtualMemoryThreshold     = pLoadCfg32->VirtualMemoryThreshold;
+    pLoadCfg64->MaximumAllocationSize      = pLoadCfg32->MaximumAllocationSize;
+    pLoadCfg64->LockPrefixTable            = pLoadCfg32->LockPrefixTable;
+    pLoadCfg64->DeCommitTotalFreeThreshold = pLoadCfg32->DeCommitTotalFreeThreshold;
+    uint32_t u32DeCommitFreeBlockThreshold = pLoadCfg32->DeCommitFreeBlockThreshold;
+    pLoadCfg64->DeCommitFreeBlockThreshold = u32DeCommitFreeBlockThreshold;
+    IMAGE_LOAD_CONFIG_DIRECTORY32_V3 volatile *pLoadCfg32 = (IMAGE_LOAD_CONFIG_DIRECTORY32_V3 volatile *)pLoadCfg;
+    IMAGE_LOAD_CONFIG_DIRECTORY64_V3 volatile *pLoadCfg64 = pLoadCfg;
+    pLoadCfg64->GuardFlags                  = pLoadCfg32->GuardFlags;
+    pLoadCfg64->GuardCFFunctionCount        = pLoadCfg32->GuardCFFunctionCount;
+    pLoadCfg64->GuardCFFunctionTable        = pLoadCfg32->GuardCFFunctionTable;
+    pLoadCfg64->Reserved2                   = pLoadCfg32->Reserved2;
+    pLoadCfg64->GuardCFCCheckFunctionPointer= pLoadCfg32->GuardCFCCheckFunctionPointer;
+    pLoadCfg64->SEHandlerCount              = pLoadCfg32->SEHandlerCount;
+    pLoadCfg64->SEHandlerTable              = pLoadCfg32->SEHandlerTable;
+    pLoadCfg64->SecurityCookie              = pLoadCfg32->SecurityCookie;
+    pLoadCfg64->EditList                    = pLoadCfg32->EditList;
+    pLoadCfg64->Reserved1                   = pLoadCfg32->Reserved1;
+    pLoadCfg64->CSDVersion                  = pLoadCfg32->CSDVersion;
+    pLoadCfg64->ProcessHeapFlags            = pLoadCfg32->ProcessHeapFlags; /* switched place with ProcessAffinityMask, but we're more than 16 byte off by now so it doesn't matter. */
+    pLoadCfg64->ProcessAffinityMask         = pLoadCfg32->ProcessAffinityMask;
+    pLoadCfg64->VirtualMemoryThreshold      = pLoadCfg32->VirtualMemoryThreshold;
+    pLoadCfg64->MaximumAllocationSize       = pLoadCfg32->MaximumAllocationSize;
+    pLoadCfg64->LockPrefixTable             = pLoadCfg32->LockPrefixTable;
+    pLoadCfg64->DeCommitTotalFreeThreshold  = pLoadCfg32->DeCommitTotalFreeThreshold;
+    uint32_t u32DeCommitFreeBlockThreshold  = pLoadCfg32->DeCommitFreeBlockThreshold;
+    pLoadCfg64->DeCommitFreeBlockThreshold  = u32DeCommitFreeBlockThreshold;
     /* the rest is equal. */
     Assert(     RT_OFFSETOF(IMAGE_LOAD_CONFIG_DIRECTORY32, DeCommitFreeBlockThreshold)
 …
     /* This restriction needs to be implemented elsewhere. */
     if (   (pFileHdr->Characteristics & IMAGE_FILE_RELOCS_STRIPPED)
         && !(fFlags & RTLDR_O_FOR_DEBUG))
+        && !(fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)))
+    {
         Log(("rtldrPEOpen: %s: IMAGE_FILE_RELOCS_STRIPPED\n", pszLogName));
 …
             case IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT:  // 13
+                if (fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION))
+                    break;
                 Log(("rtldrPEOpen: %s: dir no. %d (DELAY_IMPORT) VirtualAddress=%#x Size=%#x is not supported!!!\n",
                      pszLogName, i, pDir->VirtualAddress, pDir->Size));
 …
                     return VERR_LDRPE_CERT_MALFORMED;
+                }
                 if (pDir->Size >= _1M)
+                if (pDir->Size >= RTLDRMODPE_MAX_SECURITY_DIR_SIZE)
+                {
                     Log(("rtldrPEOpen: %s: Security directory is too large: %#x bytes\n", pszLogName, i, pDir->Size));
 …
             case IMAGE_DIRECTORY_ENTRY_TLS:           // 9
+                if (fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION))
+                    break;
                 Log(("rtldrPEOpen: %s: dir no. %d (TLS) VirtualAddress=%#x Size=%#x is not supported!!!\n",
                      pszLogName, i, pDir->VirtualAddress, pDir->Size));
 …
             case IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR:// 14
+                if (fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION))
+                    break;
                 Log(("rtldrPEOpen: %s: dir no. %d (COM_DESCRIPTOR) VirtualAddress=%#x Size=%#x is not supported!!!\n",
                      pszLogName, i, pDir->VirtualAddress, pDir->Size));
 …
     for (unsigned cSHdrsLeft = cSections;  cSHdrsLeft > 0; cSHdrsLeft--, pSH++)
+    {
         const unsigned iSH = pSH - &paSections[0]; NOREF(iSH);
+        const unsigned iSH = (unsigned)(pSH - &paSections[0]); NOREF(iSH);
         Log3(("RTLdrPE: #%d '%-8.8s'  Characteristics: %08RX32\n"
               "RTLdrPE: VirtAddr: %08RX32  VirtSize: %08RX32\n"
 …
 /**
+ * Validates the data of some selected data directories entries.
+ *
+ * This requires a valid section table and thus has to wait
+ * till after we've read and validated it.
+ * Validates the data of some selected data directories entries and remember
+ * important bits for later.
+ *
+ * This requires a valid section table and thus has to wait till after we've
+ * read and validated it.
+ *
  * @returns iprt status code.
 …
  * @param   fFlags      Loader flags, RTLDR_O_XXX.
  */
 static int rtldrPEValidateDirectories(PRTLDRMODPE pModPe, const IMAGE_OPTIONAL_HEADER64 *pOptHdr, uint32_t fFlags)
+static int rtldrPEValidateDirectoriesAndRememberStuff(PRTLDRMODPE pModPe, const IMAGE_OPTIONAL_HEADER64 *pOptHdr, uint32_t fFlags)
+{
     const char *pszLogName = pModPe->Core.pReader->pfnLogName(pModPe->Core.pReader); NOREF(pszLogName);
 …
     if (Dir.Size)
+    {
+        const size_t cbExpect = pOptHdr->Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC
+            ? sizeof(IMAGE_LOAD_CONFIG_DIRECTORY32)
+            : sizeof(IMAGE_LOAD_CONFIG_DIRECTORY64);
+        if (    Dir.Size != cbExpect
+            && (    cbExpect == sizeof(IMAGE_LOAD_CONFIG_DIRECTORY32)
+                &&  Dir.Size != (uint32_t)RT_OFFSETOF(IMAGE_LOAD_CONFIG_DIRECTORY32, SEHandlerTable))
+           )
+        {
+            Log(("rtldrPEOpen: %s: load cfg dir: unexpected dir size of %d bytes, expected %d.\n",
+                 pszLogName, Dir.Size, cbExpect));
+        const size_t cbExpectV3 = !pModPe->f64Bit
+                                ? sizeof(IMAGE_LOAD_CONFIG_DIRECTORY32_V3)
+                                : sizeof(IMAGE_LOAD_CONFIG_DIRECTORY64_V3);
+        const size_t cbExpectV2 = !pModPe->f64Bit
+                                ? sizeof(IMAGE_LOAD_CONFIG_DIRECTORY32_V2)
+                                : sizeof(IMAGE_LOAD_CONFIG_DIRECTORY64_V2);
+        const size_t cbExpectV1 = !pModPe->f64Bit
+                                ? sizeof(IMAGE_LOAD_CONFIG_DIRECTORY32_V1)
+                                : sizeof(IMAGE_LOAD_CONFIG_DIRECTORY64_V2) /*No V1*/;
+        if (   Dir.Size != cbExpectV3
+            && Dir.Size != cbExpectV2
+            && Dir.Size != cbExpectV1)
+        {
+            Log(("rtldrPEOpen: %s: load cfg dir: unexpected dir size of %d bytes, expected %d, %d, or %d.\n",
+                 pszLogName, Dir.Size, cbExpectV3, cbExpectV2, cbExpectV1));
             return VERR_LDRPE_LOAD_CONFIG_SIZE;
+        }
 …
         rtldrPEConvert32BitLoadConfigTo64Bit(&u.Cfg64);
+        if (u.Cfg64.Size != cbExpect)
+        {
+            Log(("rtldrPEOpen: %s: load cfg dir: unexpected header size of %d bytes, expected %d.\n",
+                 pszLogName, u.Cfg64.Size, cbExpect));
+            return VERR_LDRPE_LOAD_CONFIG_SIZE;
+        }
+        if (u.Cfg64.LockPrefixTable)
+        if (u.Cfg64.Size != Dir.Size)
+        {
+            /* Kludge, seen ati shipping 32-bit DLLs and EXEs with Dir.Size=0x40
+               and Cfg64.Size=0x5c or 0x48.  Windows seems to deal with it, so
+               lets do so as well. */
+            if (   Dir.Size < u.Cfg64.Size
+                && (   u.Cfg64.Size == cbExpectV3
+                    || u.Cfg64.Size == cbExpectV2) )
+            {
+                Log(("rtldrPEOpen: %s: load cfg dir: Header (%d) and directory (%d) size mismatch, applying the ATI kludge\n",
+                     pszLogName, u.Cfg64.Size, Dir.Size));
+                Dir.Size = u.Cfg64.Size;
+                memset(&u.Cfg64, 0, sizeof(u.Cfg64));
+                rc = rtldrPEReadRVA(pModPe, &u.Cfg64, Dir.Size, Dir.VirtualAddress);
+                if (RT_FAILURE(rc))
+                    return rc;
+                rtldrPEConvert32BitLoadConfigTo64Bit(&u.Cfg64);
+            }
+            if (u.Cfg64.Size != Dir.Size)
+            {
+                Log(("rtldrPEOpen: %s: load cfg dir: unexpected header size of %d bytes, expected %d.\n",
+                     pszLogName, u.Cfg64.Size, Dir.Size));
+                return VERR_LDRPE_LOAD_CONFIG_SIZE;
+            }
+        }
+        if (u.Cfg64.LockPrefixTable && !(fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)))
+        {
             Log(("rtldrPEOpen: %s: load cfg dir: lock prefix table at %RX64. We don't support lock prefix tables!\n",
 …
+        }
 #endif
         if (u.Cfg64.EditList)
+        if (u.Cfg64.EditList && !(fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)))
+        {
             Log(("rtldrPEOpen: %s: load cfg dir: EditList=%RX64 is unsupported!\n",
 …
             return VERR_BAD_EXE_FORMAT;
+        }
+        /** @todo GuardCFC? Possibly related to:
+         *         http://research.microsoft.com/pubs/69217/ccs05-cfi.pdf
+         * Not trusting something designed by bakas who don't know how to modify a
+         * structure without messing up its natural alignment. */
+        if (    (   u.Cfg64.GuardCFCCheckFunctionPointer
+                 || u.Cfg64.Reserved2
+                 || u.Cfg64.GuardCFFunctionTable
+                 || u.Cfg64.GuardCFFunctionCount
+                 || u.Cfg64.GuardFlags)
+            && !(fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)))
+        {
+            Log(("rtldrPEOpen: %s: load cfg dir: Guard stuff: %RX64,%RX64,%RX64,%RX64,%RX32!\n",
+                 pszLogName, u.Cfg64.GuardCFCCheckFunctionPointer, u.Cfg64.Reserved2,
+                 u.Cfg64.GuardCFFunctionTable, u.Cfg64.GuardCFFunctionCount, u.Cfg64.GuardFlags));
+            return VERR_BAD_EXE_FORMAT;
+        }
+    }
 …
      */
     Dir = pOptHdr->DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
     if (Dir.Size && !(fFlags & RTLDR_O_FOR_DEBUG))
+    if (Dir.Size)
+    {
         PWIN_CERTIFICATE pFirst = (PWIN_CERTIFICATE)RTMemTmpAlloc(Dir.Size);
 …
         if (RT_SUCCESS(rc))
+        {
+            uint32_t         off  = 0;
+            PWIN_CERTIFICATE pCur = pFirst;
+            uint32_t off  = 0;
             do
+            {
+                PWIN_CERTIFICATE pCur = (PWIN_CERTIFICATE)((uint8_t *)pFirst + off);
                 /* validate the members. */
+                uint32_t const cbCur = RT_ALIGN_32(pCur->dwLength, 8);
+                if (   cbCur < sizeof(WIN_CERTIFICATE)
+                    || cbCur + off > RT_ALIGN_32(Dir.Size, 8))
+                if (   pCur->dwLength < sizeof(WIN_CERTIFICATE)
+                    || pCur->dwLength + off > Dir.Size)
+                {
                     Log(("rtldrPEOpen: %s: cert at %#x/%#x: dwLength=%#x\n", pszLogName, off, Dir.Size, pCur->dwLength));
 …
+                }
+                /** @todo Rainy Day: Implement further verification using openssl. */
+                /* Remember the first signed data certificate. */
+                if (   pCur->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA
+                    && pModPe->offPkcs7SignedData == 0)
+                {
+                    pModPe->offPkcs7SignedData = Dir.VirtualAddress
+                                               + (uint32_t)((uintptr_t)&pCur->bCertificate[0] - (uintptr_t)pFirst);
+                    pModPe->cbPkcs7SignedData  = pCur->dwLength - RT_OFFSETOF(WIN_CERTIFICATE, bCertificate);
+                }
                 /* next */
+                off += cbCur;
+                pCur = (PWIN_CERTIFICATE)((uint8_t *)pCur + cbCur);
+                off += RT_ALIGN(pCur->dwLength, WIN_CERTIFICATE_ALIGNMENT);
             } while (off < Dir.Size);
+        }
 …
  * @param   offNtHdrs   The offset of the NT headers (where you find "PE\0\0").
  * @param   phLdrMod    Where to store the handle.
+ */
+int rtldrPEOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, RTFOFF offNtHdrs, PRTLDRMOD phLdrMod)
+ * @param   pErrInfo    Where to return extended error information. Optional.
+ */
+int rtldrPEOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, RTFOFF offNtHdrs,
+                PRTLDRMOD phLdrMod, PRTERRINFO pErrInfo)
+{
     /*
 …
                 pModPe->cbHeaders     = OptHdr.SizeOfHeaders;
                 pModPe->uTimestamp    = FileHdr.TimeDateStamp;
+                pModPe->f64Bit        = FileHdr.SizeOfOptionalHeader == sizeof(OptHdr);
                 pModPe->ImportDir     = OptHdr.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT];
                 pModPe->RelocDir      = OptHdr.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC];
                 pModPe->ExportDir     = OptHdr.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
                 pModPe->DebugDir      = OptHdr.DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG];
+                pModPe->SecurityDir   = OptHdr.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
+                pModPe->fDllCharacteristics = OptHdr.DllCharacteristics;
                 /*
                  * Perform validation of some selected data directories which requires
+                 * inspection of the actual data.
+                 * inspection of the actual data.  This also saves some certificate
+                 * information.
                  */
                 rc = rtldrPEValidateDirectories(pModPe, &OptHdr, fFlags);
+                rc = rtldrPEValidateDirectoriesAndRememberStuff(pModPe, &OptHdr, fFlags);
                 if (RT_SUCCESS(rc))
+                {

trunk/src/VBox/Runtime/common/ldr/ldrkStuff.cpp

-              r49045
+              r51770
 /** @interface_method_impl{RTLDROPS,pfnQueryProp} */
 static DECLCALLBACK(int) rtkldr_QueryProp(PRTLDRMODINTERNAL pMod, RTLDRPROP enmProp, void *pvBuf, size_t cbBuf)
+static DECLCALLBACK(int) rtkldr_QueryProp(PRTLDRMODINTERNAL pMod, RTLDRPROP enmProp, void *pvBuf, size_t cbBuf, size_t *pcbRet)
+{
     PRTLDRMODKLDR pThis = (PRTLDRMODKLDR)pMod;
 …
     rtkldr_ReadDbgInfo,
     rtkldr_QueryProp,
+    NULL,
+    NULL,
 };
 …
  * @param   enmArch     CPU architecture specifier for the image to be loaded.
  * @param   phLdrMod    Where to store the handle.
+ * @param   pErrInfo    Where to return extended error information. Optional.
  */
 int rtldrkLdrOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod)
+int rtldrkLdrOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod, PRTERRINFO pErrInfo)
+{
     /* Convert enmArch to k-speak. */

trunk/src/VBox/Runtime/common/log/log.cpp

-              r50915
+              r51770
 RT_EXPORT_SYMBOL(RTLogPrintfV);
+/**
+ * Dumper vprintf-like function outputting to a logger.
+ *
+ * @param   pvUser          Pointer to the logger instance to use, NULL for
+ *                          default instance.
+ * @param   pszFormat       Format string.
+ * @param   va              Format arguments.
+ */
+RTDECL(void) RTLogDumpPrintfV(void *pvUser, const char *pszFormat, va_list va)
+{
+    RTLogLoggerV((PRTLOGGER)pvUser, pszFormat, va);
+}
+RT_EXPORT_SYMBOL(RTLogDumpPrintfV);
 #ifdef IN_RING3

trunk/src/VBox/Runtime/common/misc/sg.cpp

-              r44529
+              r51770
+    }
+#ifndef RDESKTOP
     AssertReleaseMsg(      pSgBuf->cbSegLeft <= 32 * _1M
                      &&    (uintptr_t)pSgBuf->pvSegCur                     >= (uintptr_t)pSgBuf->paSegs[pSgBuf->idxSeg].pvSeg
 …
                       pSgBuf->idxSeg, pSgBuf->cSegs, pSgBuf->pvSegCur, pSgBuf->cbSegLeft,
                       pSgBuf->idxSeg, pSgBuf->paSegs[pSgBuf->idxSeg].pvSeg, pSgBuf->idxSeg, pSgBuf->paSegs[pSgBuf->idxSeg].cbSeg));
+#endif
     cbData = RT_MIN(*pcbData, pSgBuf->cbSegLeft);

trunk/src/VBox/Runtime/common/string/RTStrPrintHexBytes.cpp

-              r44529
+              r51770
 /*
  * Copyright (C) 2009-2010 Oracle Corporation
+ * Copyright (C) 2009-2014 Oracle Corporation
+ *
  * This file is part of VirtualBox Open Source Edition (OSE), as
 …
 RTDECL(int) RTStrPrintHexBytes(char *pszBuf, size_t cchBuf, void const *pv, size_t cb, uint32_t fFlags)
+{
     AssertReturn(!fFlags, VERR_INVALID_PARAMETER);
+    AssertReturn(!(fFlags & ~RTSTRPRINTHEXBYTES_F_UPPER), VERR_INVALID_PARAMETER);
     AssertPtrReturn(pszBuf, VERR_INVALID_POINTER);
     AssertReturn(cb * 2 >= cb, VERR_BUFFER_OVERFLOW);
 …
         AssertPtrReturn(pv, VERR_INVALID_POINTER);
+    static char const s_szHexDigitsLower[17] = "0123456789abcdef";
+    static char const s_szHexDigitsUpper[17] = "0123456789ABCDEF";
+    const char *pszHexDigits = !(fFlags & RTSTRPRINTHEXBYTES_F_UPPER) ? s_szHexDigitsLower : s_szHexDigitsUpper;
     uint8_t const *pb = (uint8_t const *)pv;
     while (cb-- > 0)
+    {
-        static char const s_szHexDigits[17] = "0123456789abcdef";
         uint8_t b = *pb++;
         *pszBuf++ = s_szHexDigits[b >> 4];
         *pszBuf++ = s_szHexDigits[b & 0xf];
+        *pszBuf++ = pszHexDigits[b >> 4];
+        *pszBuf++ = pszHexDigits[b & 0xf];
+    }
     *pszBuf = '\0';

trunk/src/VBox/Runtime/common/string/base64.cpp

-              r44529
+              r51770
 #include <iprt/err.h>
 #include <iprt/ctype.h>
+#include <iprt/string.h>
 #ifdef RT_STRICT
 # include <iprt/asm.h>
 …
+/**
+ * Calculates the decoded data size for a Base64 encoded string.
+ *
+ * @returns The length in bytes. -1 if the encoding is bad.
+ *
+ * @param   pszString           The Base64 encoded string.
+ * @param   ppszEnd             If not NULL, this will point to the first char
+ *                              following the Base64 encoded text block. If
+ *                              NULL the entire string is assumed to be Base64.
+ */
+RTDECL(ssize_t) RTBase64DecodedSize(const char *pszString, char **ppszEnd)
+RTDECL(ssize_t) RTBase64DecodedSizeEx(const char *pszString, size_t cchStringMax, char **ppszEnd)
+{
 #ifdef RT_STRICT
 …
     AssertCompile(sizeof(char) == sizeof(uint8_t));
     while ((ch = *pszString))
+    while (cchStringMax > 0 && (ch = *pszString))
+    {
         u8 = g_au8CharToVal[ch];
 …
         /* advance */
         pszString++;
+        cchStringMax--;
+    }
 …
         c6Bits++;
         pszString++;
+        while ((ch = *pszString))
+        cchStringMax--;
+        while (cchStringMax > 0 && (ch = *pszString))
+        {
             u8 = g_au8CharToVal[ch];
 …
+            }
             pszString++;
+            cchStringMax--;
+        }
         if (cbPad >= 3)
 …
     return cb;
+}
+RT_EXPORT_SYMBOL(RTBase64DecodedSizeEx);
+RTDECL(ssize_t) RTBase64DecodedSize(const char *pszString, char **ppszEnd)
+{
+    return RTBase64DecodedSizeEx(pszString, RTSTR_MAX, ppszEnd);
+}
 RT_EXPORT_SYMBOL(RTBase64DecodedSize);
+/**
+ * Decodes a Base64 encoded string into the buffer supplied by the caller.
+ *
+ * @returns IPRT status code.
+ * @retval  VERR_BUFFER_OVERFLOW if the buffer is too small. pcbActual will not
+ *          be set, nor will ppszEnd.
+ * @retval  VERR_INVALID_BASE64_ENCODING if the encoding is wrong.
+ *
+ * @param   pszString       The Base64 string. Whether the entire string or
+ *                          just the start of the string is in Base64 depends
+ *                          on whether ppszEnd is specified or not.
+ * @param   pvData          Where to store the decoded data.
+ * @param   cbData          The size of the output buffer that pvData points to.
+ * @param   pcbActual       Where to store the actual number of bytes returned.
+ *                          Optional.
+ * @param   ppszEnd         Indicates that the string may contain other stuff
+ *                          after the Base64 encoded data when not NULL. Will
+ *                          be set to point to the first char that's not part of
+ *                          the encoding. If NULL the entire string must be part
+ *                          of the Base64 encoded data.
+ */
+RTDECL(int) RTBase64Decode(const char *pszString, void *pvData, size_t cbData, size_t *pcbActual, char **ppszEnd)
+RTDECL(int) RTBase64DecodeEx(const char *pszString, size_t cchStringMax, void *pvData, size_t cbData,
+                             size_t *pcbActual, char **ppszEnd)
+{
 #ifdef RT_STRICT
 …
     uint8_t     u8Trio[3] = { 0, 0, 0 }; /* shuts up gcc */
     uint8_t    *pbData    = (uint8_t *)pvData;
     uint8_t     u8        = BASE64_INVALID;
+    uint8_t     u8;
     unsigned    c6Bits    = 0;
     unsigned    ch;
 …
+    {
         /* The first 6-bit group. */
         while ((u8 = g_au8CharToVal[ch = *pszString]) == BASE64_SPACE)
             pszString++;
+        while ((u8 = cchStringMax > 0 ? g_au8CharToVal[ch = *pszString] : BASE64_INVALID) == BASE64_SPACE)
+            pszString++, cchStringMax--;
         if (u8 >= 64)
+        {
 …
         u8Trio[0] = u8 << 2;
         pszString++;
+        cchStringMax--;
         /* The second 6-bit group. */
         while ((u8 = g_au8CharToVal[ch = *pszString]) == BASE64_SPACE)
             pszString++;
+        while ((u8 = cchStringMax > 0 ? g_au8CharToVal[ch = *pszString] : BASE64_INVALID) == BASE64_SPACE)
+            pszString++, cchStringMax--;
         if (u8 >= 64)
+        {
 …
         u8Trio[1]  = u8 << 4;
         pszString++;
+        cchStringMax--;
         /* The third 6-bit group. */
+        while ((u8 = g_au8CharToVal[ch = *pszString]) == BASE64_SPACE)
+            pszString++;
+        u8 = BASE64_INVALID;
+        while ((u8 = cchStringMax > 0 ? g_au8CharToVal[ch = *pszString] : BASE64_INVALID) == BASE64_SPACE)
+            pszString++, cchStringMax--;
         if (u8 >= 64)
+        {
 …
         u8Trio[2]  = u8 << 6;
         pszString++;
+        cchStringMax--;
         /* The fourth 6-bit group. */
+        while ((u8 = g_au8CharToVal[ch = *pszString]) == BASE64_SPACE)
+            pszString++;
+        u8 = BASE64_INVALID;
+        while ((u8 = cchStringMax > 0 ? g_au8CharToVal[ch = *pszString] : BASE64_INVALID) == BASE64_SPACE)
+            pszString++, cchStringMax--;
         if (u8 >= 64)
+        {
 …
         u8Trio[2] |= u8;
         pszString++;
+        cchStringMax--;
         /* flush the trio */
 …
         cbPad = 1;
         pszString++;
+        while ((ch = *pszString))
+        cchStringMax--;
+        while (cchStringMax > 0 && (ch = *pszString))
+        {
             u8 = g_au8CharToVal[ch];
 …
+            }
             pszString++;
+            cchStringMax--;
+        }
         if (cbPad >= 3)
 …
         *pcbActual = pbData - (uint8_t *)pvData;
     return VINF_SUCCESS;
+}
+RT_EXPORT_SYMBOL(RTBase64DecodeEx);
+RTDECL(int) RTBase64Decode(const char *pszString, void *pvData, size_t cbData, size_t *pcbActual, char **ppszEnd)
+{
+    return RTBase64DecodeEx(pszString, RTSTR_MAX, pvData, cbData, pcbActual, ppszEnd);
+}
 RT_EXPORT_SYMBOL(RTBase64Decode);

trunk/src/VBox/Runtime/common/string/uniread.cpp

-              r48935
+              r51770
 #include <string.h>
 #include <stdlib.h>
+#ifdef _MSC_VER
+# include <direct.h>
+#else
+# include <unistd.h>
+#endif
 …
 *   Global Variables                                                           *
 *******************************************************************************/
-/** When set, no output is produced.  Very useful when debugging ths code. */
-static bool g_fQuiet = false;
 /** The file we're currently parsing. */
 static const char *g_pszCurFile;
 /** The current line number. */
 static unsigned g_iLine;
+/** The current output file. */
+static FILE *g_pCurOutFile;
 …
     //if (pInfo->???)
     //    AppendFlag(pszFlags, "RTUNI_BSPACE");
+#if 0
     if (pInfo->fInvNFD_QC != 0 || pInfo->fInvNFC_QC != 0)
+    {
 …
     else if (pInfo->paDecompositionMapping && !*pInfo->pszDecompositionType)
         fprintf(stderr, "uniread: U+%05X is not QC_NFX but has canonical mappings.\n", pInfo->CodePoint);
+#endif
     if (!*pszFlags)
 …
 /**
+ * Closes the primary output stream.
+ */
+static int Stream1Close(void)
+{
+    if (g_pCurOutFile && g_pCurOutFile != stdout && g_pCurOutFile != stderr)
+    {
+        if (fclose(g_pCurOutFile) != 0)
+        {
+            fprintf(stderr, "Error closing output file.\n");
+            return -1;
+        }
+    }
+    g_pCurOutFile = NULL;
+    return 0;
+}
+/**
+ * Initializes the 1st stream to output to a given file.
+ */
+static int Stream1Init(const char *pszName)
+{
+    int rc = Stream1Close();
+    if (!rc)
+    {
+        g_pCurOutFile = fopen(pszName, "w");
+        if (!g_pCurOutFile)
+        {
+            fprintf(stderr, "Error opening output file '%s'.\n", pszName);
+            rc = -1;
+        }
+    }
+    return rc;
+}
+/**
  * printf wrapper for the primary output stream.
+ *
 …
     va_list va;
     va_start(va, pszFormat);
+    if (!g_fQuiet)
+        cch = vfprintf(stdout, pszFormat, va);
+    else
+        cch = (int)strlen(pszFormat);
+    cch = vfprintf(g_pCurOutFile, pszFormat, va);
     va_end(va);
     return cch;
 …
  * Print the unidata.cpp file header and include list.
  */
+int PrintHeader(const char *argv0)
+{
+    Stream1Printf("/** @file\n"
+                  " *\n"
+int PrintHeader(const char *argv0, const char *pszBaseDir)
+{
+    char szBuf[1024];
+    if (!pszBaseDir)
+    {
+        memset(szBuf, 0, sizeof(szBuf));
+#ifdef _MSC_VER
+        _getcwd(szBuf, sizeof(szBuf));
+#else
+        getcwd(szBuf, sizeof(szBuf));
+#endif
+        pszBaseDir = szBuf;
+    }
+    Stream1Printf("/* $" "Id" "$ */\n"
+                  "/** @file\n"
                   " * IPRT - Unicode Tables.\n"
                   " *\n"
+                  " * Automatically Generated by %s (" __DATE__ " " __TIME__ ")\n"
+                  " * Automatically Generated from %s\n"
+                  " * by %s (" __DATE__ " " __TIME__ ")\n"
                   " */\n"
                   "\n"
                   "/*\n"
                   " * Copyright (C) 2006-2010 Oracle Corporation\n"
+                  " * Copyright (C) 2006-2014 Oracle Corporation\n"
                   " *\n"
                   " * This file is part of VirtualBox Open Source Edition (OSE), as\n"
 …
                   "#include <iprt/uni.h>\n"
                   "\n",
                   argv0);
+                  pszBaseDir, argv0);
     return 0;
+}
 …
      */
     Stream2Init();
     Stream2Printf("const RTUNIFLAGSRANGE g_aRTUniFlagsRanges[] =\n"
+    Stream2Printf("RT_DECL_DATA_CONST(const RTUNIFLAGSRANGE) g_aRTUniFlagsRanges[] =\n"
                   "{\n");
     RTUNICP i = 0;
 …
             if (iStart < 0)
+            {
                 Stream1Printf("static const uint8_t g_afRTUniFlags0x%06x[] = \n"
+                Stream1Printf("static const uint8_t g_afRTUniFlags0x%06x[] =\n"
                               "{\n", i);
                 iStart = i;
 …
+{
     Stream2Init();
     Stream2Printf("const RTUNICASERANGE g_aRTUniUpperRanges[] =\n"
+    Stream2Printf("RT_DECL_DATA_CONST(const RTUNICASERANGE) g_aRTUniUpperRanges[] =\n"
                   "{\n");
     RTUNICP i = 0;
 …
             if (iStart < 0)
+            {
                 Stream1Printf("static const RTUNICP g_afRTUniUpper0x%06x[] = \n"
+                Stream1Printf("static const RTUNICP g_afRTUniUpper0x%06x[] =\n"
                               "{\n", i);
                 iStart = i;
 …
+{
     Stream2Init();
     Stream2Printf("const RTUNICASERANGE g_aRTUniLowerRanges[] =\n"
+    Stream2Printf("RT_DECL_DATA_CONST(const RTUNICASERANGE) g_aRTUniLowerRanges[] =\n"
                   "{\n");
     RTUNICP i = 0;
 …
             if (iStart < 0)
+            {
                 Stream1Printf("static const RTUNICP g_afRTUniLower0x%06x[] = \n"
+                Stream1Printf("static const RTUNICP g_afRTUniLower0x%06x[] =\n"
                               "{\n", i);
                 iStart = i;
 …
             pszBaseDir = argv[argi];
+        }
-        else if (   !strcmp(argv[argi], "-q")
-                 || !strcmp(argv[argi], "--quiet"))
-            g_fQuiet = true;
         else
+        {
 …
     /*
      * Print stuff.
+     * Produce output files.
      */
+    rc = PrintHeader(argv[0]);
+    if (rc)
+        return rc;
+    rc = PrintFlags();
+    if (rc)
+        return rc;
+    rc = PrintUpper();
+    if (rc)
+        return rc;
+    rc = PrintLower();
+    if (rc)
+        return rc;
+    rc = Stream1Init("unidata-flags.cpp");
+    if (!rc)
+        rc = PrintHeader(argv[0], pszBaseDir);
+    if (!rc)
+        rc = PrintFlags();
+    rc = Stream1Init("unidata-upper.cpp");
+    if (!rc)
+        rc = PrintHeader(argv[0], pszBaseDir);
+    if (!rc)
+        rc = PrintUpper();
+    rc = Stream1Init("unidata-lower.cpp");
+    if (!rc)
+        rc = PrintHeader(argv[0], pszBaseDir);
+    if (!rc)
+        rc = PrintLower();
+    if (!rc)
+        rc = Stream1Close();
     /* done */
-    fflush(stdout);
     return rc;
+}

trunk/src/VBox/Runtime/common/string/utf-16.cpp

-              r50795
+              r51770
-RTDECL(int) RTUtf16ICmp(register PCRTUTF16 pwsz1, register PCRTUTF16 pwsz2)
+{
-    if (pwsz1 == pwsz2)
-        return 0;
-    if (!pwsz1)
-        return -1;
-    if (!pwsz2)
-        return 1;
-    PCRTUTF16 pwsz1Start = pwsz1; /* keep it around in case we have to backtrack on a surrogate pair */
-    for (;;)
+    {
-        register RTUTF16  wc1 = *pwsz1;
-        register RTUTF16  wc2 = *pwsz2;
-        register int     iDiff = wc1 - wc2;
-        if (iDiff)
+        {
-            /* unless they are *both* surrogate pairs, there is no chance they'll be identical. */
-            if (    wc1 < 0xd800
-                ||  wc2 < 0xd800
-                ||  wc1 > 0xdfff
-                ||  wc2 > 0xdfff)
+            {
-                /* simple UCS-2 char */
-                iDiff = RTUniCpToUpper(wc1) - RTUniCpToUpper(wc2);
-                if (iDiff)
-                    iDiff = RTUniCpToLower(wc1) - RTUniCpToLower(wc2);
+            }
-            else
+            {
-                /* a damned pair */
-                RTUNICP uc1;
-                RTUNICP uc2;
-                if (wc1 >= 0xdc00)
+                {
-                    if (pwsz1Start == pwsz1)
-                        return iDiff;
-                    uc1 = pwsz1[-1];
-                    if (uc1 < 0xd800 || uc1 >= 0xdc00)
-                        return iDiff;
-                    uc1 = 0x10000 + (((uc1       & 0x3ff) << 10) | (wc1 & 0x3ff));
-                    uc2 = 0x10000 + (((pwsz2[-1] & 0x3ff) << 10) | (wc2 & 0x3ff));
+                }
-                else
+                {
-                    uc1 = *++pwsz1;
-                    if (uc1 < 0xdc00 || uc1 >= 0xe000)
-                        return iDiff;
-                    uc1 = 0x10000 + (((wc1 & 0x3ff) << 10) | (uc1      & 0x3ff));
-                    uc2 = 0x10000 + (((wc2 & 0x3ff) << 10) | (*++pwsz2 & 0x3ff));
+                }
-                iDiff = RTUniCpToUpper(uc1) - RTUniCpToUpper(uc2);
-                if (iDiff)
-                    iDiff = RTUniCpToLower(uc1) - RTUniCpToLower(uc2); /* serious paranoia! */
+            }
-            if (iDiff)
-                return iDiff;
+        }
-        if (!wc1)
-            return 0;
-        pwsz1++;
-        pwsz2++;
+    }
+}
-RT_EXPORT_SYMBOL(RTUtf16ICmp);
-RTDECL(PRTUTF16) RTUtf16ToLower(PRTUTF16 pwsz)
+{
-    PRTUTF16 pwc = pwsz;
-    for (;;)
+    {
-        RTUTF16 wc = *pwc;
-        if (!wc)
-            break;
-        if (wc < 0xd800 || wc >= 0xdc00)
+        {
-            RTUNICP ucFolded = RTUniCpToLower(wc);
-            if (ucFolded < 0x10000)
-                *pwc++ = RTUniCpToLower(wc);
+        }
-        else
+        {
-            /* surrogate */
-            RTUTF16 wc2 = pwc[1];
-            if (wc2 >= 0xdc00 && wc2 <= 0xdfff)
+            {
-                RTUNICP uc = 0x10000 + (((wc & 0x3ff) << 10) | (wc2 & 0x3ff));
-                RTUNICP ucFolded = RTUniCpToLower(uc);
-                if (uc != ucFolded && ucFolded >= 0x10000) /* we don't support shrinking the string */
+                {
-                    uc -= 0x10000;
-                    *pwc++ = 0xd800 | (uc >> 10);
-                    *pwc++ = 0xdc00 | (uc & 0x3ff);
+                }
+            }
-            else /* invalid encoding. */
-                pwc++;
+        }
+    }
-    return pwsz;
+}
-RT_EXPORT_SYMBOL(RTUtf16ToLower);
-RTDECL(PRTUTF16) RTUtf16ToUpper(PRTUTF16 pwsz)
+{
-    PRTUTF16 pwc = pwsz;
-    for (;;)
+    {
-        RTUTF16 wc = *pwc;
-        if (!wc)
-            break;
-        if (wc < 0xd800 || wc >= 0xdc00)
-            *pwc++ = RTUniCpToUpper(wc);
-        else
+        {
-            /* surrogate */
-            RTUTF16 wc2 = pwc[1];
-            if (wc2 >= 0xdc00 && wc2 <= 0xdfff)
+            {
-                RTUNICP uc = 0x10000 + (((wc & 0x3ff) << 10) | (wc2 & 0x3ff));
-                RTUNICP ucFolded = RTUniCpToUpper(uc);
-                if (uc != ucFolded && ucFolded >= 0x10000) /* we don't support shrinking the string */
+                {
-                    uc -= 0x10000;
-                    *pwc++ = 0xd800 | (uc >> 10);
-                    *pwc++ = 0xdc00 | (uc & 0x3ff);
+                }
+            }
-            else /* invalid encoding. */
-                pwc++;
+        }
+    }
-    return pwsz;
+}
-RT_EXPORT_SYMBOL(RTUtf16ToUpper);
 RTDECL(int) RTUtf16ValidateEncoding(PCRTUTF16 pwsz)
+{
 …
 RT_EXPORT_SYMBOL(RTUtf16PutCpInternal);
-/**
- * Validate the UTF-16 encoding and calculates the length of a Latin1 encoding.
+ *
- * @returns iprt status code.
- * @param   pwsz        The UTF-16 string.
- * @param   cwc         The max length of the UTF-16 string to consider.
- * @param   pcch        Where to store the length (excluding '\\0') of the Latin1 string. (cch == cb, btw)
- */
-static int rtUtf16CalcLatin1Length(PCRTUTF16 pwsz, size_t cwc, size_t *pcch)
+{
-    int     rc = VINF_SUCCESS;
-    size_t  cch = 0;
-    while (cwc > 0)
+    {
-        RTUTF16 wc = *pwsz++; cwc--;
-        if (!wc)
-            break;
-        else if (RT_LIKELY(wc < 0x100))
-            ++cch;
-        else
+        {
-            if (wc < 0xd800 || wc > 0xdfff)
+            {
-                if (wc >= 0xfffe)
+                {
-                    RTStrAssertMsgFailed(("endian indicator! wc=%#x\n", wc));
-                    rc = VERR_CODE_POINT_ENDIAN_INDICATOR;
-                    break;
+                }
+            }
-            else
+            {
-                if (wc >= 0xdc00)
+                {
-                    RTStrAssertMsgFailed(("Wrong 1st char in surrogate! wc=%#x\n", wc));
-                    rc = VERR_INVALID_UTF16_ENCODING;
-                    break;
+                }
-                if (cwc <= 0)
+                {
-                    RTStrAssertMsgFailed(("Invalid length! wc=%#x\n", wc));
-                    rc = VERR_INVALID_UTF16_ENCODING;
-                    break;
+                }
-                wc = *pwsz++; cwc--;
-                if (wc < 0xdc00 || wc > 0xdfff)
+                {
-                    RTStrAssertMsgFailed(("Wrong 2nd char in surrogate! wc=%#x\n", wc));
-                    rc = VERR_INVALID_UTF16_ENCODING;
-                    break;
+                }
+            }
-            rc = VERR_NO_TRANSLATION;
-            break;
+        }
+    }
-    /* done */
-    *pcch = cch;
-    return rc;
+}
-/**
- * Recodes an valid UTF-16 string as Latin1.
+ *
- * @returns iprt status code.
- * @param   pwsz        The UTF-16 string.
- * @param   cwc         The number of RTUTF16 characters to process from pwsz. The recoding
- *                      will stop when cwc or '\\0' is reached.
- * @param   psz         Where to store the Latin1 string.
- * @param   cch         The size of the Latin1 buffer, excluding the terminator.
- */
-static int rtUtf16RecodeAsLatin1(PCRTUTF16 pwsz, size_t cwc, char *psz, size_t cch)
+{
-    unsigned char  *pch = (unsigned char *)psz;
-    int             rc  = VINF_SUCCESS;
-    while (cwc > 0)
+    {
-        RTUTF16 wc = *pwsz++; cwc--;
-        if (!wc)
-            break;
-        if (RT_LIKELY(wc < 0x100))
+        {
-            if (RT_UNLIKELY(cch < 1))
+            {
-                RTStrAssertMsgFailed(("Buffer overflow! 1\n"));
-                rc = VERR_BUFFER_OVERFLOW;
-                break;
+            }
-            cch--;
-            *pch++ = (unsigned char)wc;
+        }
-        else
+        {
-            if (wc < 0xd800 || wc > 0xdfff)
+            {
-                if (wc >= 0xfffe)
+                {
-                    RTStrAssertMsgFailed(("endian indicator! wc=%#x\n", wc));
-                    rc = VERR_CODE_POINT_ENDIAN_INDICATOR;
-                    break;
+                }
+            }
-            else
+            {
-                if (wc >= 0xdc00)
+                {
-                    RTStrAssertMsgFailed(("Wrong 1st char in surrogate! wc=%#x\n", wc));
-                    rc = VERR_INVALID_UTF16_ENCODING;
-                    break;
+                }
-                if (cwc <= 0)
+                {
-                    RTStrAssertMsgFailed(("Invalid length! wc=%#x\n", wc));
-                    rc = VERR_INVALID_UTF16_ENCODING;
-                    break;
+                }
-                RTUTF16 wc2 = *pwsz++; cwc--;
-                if (wc2 < 0xdc00 || wc2 > 0xdfff)
+                {
-                    RTStrAssertMsgFailed(("Wrong 2nd char in surrogate! wc=%#x\n", wc));
-                    rc = VERR_INVALID_UTF16_ENCODING;
-                    break;
+                }
+            }
-            rc = VERR_NO_TRANSLATION;
-            break;
+        }
+    }
-    /* done */
-    *pch = '\0';
-    return rc;
+}
-RTDECL(int)  RTUtf16ToLatin1Tag(PCRTUTF16 pwszString, char **ppszString, const char *pszTag)
+{
-    /*
-     * Validate input.
-     */
-    Assert(VALID_PTR(ppszString));
-    Assert(VALID_PTR(pwszString));
-    *ppszString = NULL;
-    /*
-     * Validate the UTF-16 string and calculate the length of the UTF-8 encoding of it.
-     */
-    size_t cch;
-    int rc = rtUtf16CalcLatin1Length(pwszString, RTSTR_MAX, &cch);
-    if (RT_SUCCESS(rc))
+    {
-        /*
-         * Allocate buffer and recode it.
-         */
-        char *pszResult = (char *)RTMemAllocTag(cch + 1, pszTag);
-        if (pszResult)
+        {
-            rc = rtUtf16RecodeAsLatin1(pwszString, RTSTR_MAX, pszResult, cch);
-            if (RT_SUCCESS(rc))
+            {
-                *ppszString = pszResult;
-                return rc;
+            }
-            RTMemFree(pszResult);
+        }
-        else
-            rc = VERR_NO_STR_MEMORY;
+    }
-    return rc;
+}
-RT_EXPORT_SYMBOL(RTUtf16ToLatin1Tag);
-RTDECL(int)  RTUtf16ToLatin1ExTag(PCRTUTF16 pwszString, size_t cwcString, char **ppsz, size_t cch, size_t *pcch, const char *pszTag)
+{
-    /*
-     * Validate input.
-     */
-    AssertPtr(pwszString);
-    AssertPtr(ppsz);
-    AssertPtrNull(pcch);
-    /*
-     * Validate the UTF-16 string and calculate the length of the Latin1 encoding of it.
-     */
-    size_t cchResult;
-    int rc = rtUtf16CalcLatin1Length(pwszString, cwcString, &cchResult);
-    if (RT_SUCCESS(rc))
+    {
-        if (pcch)
-            *pcch = cchResult;
-        /*
-         * Check buffer size / Allocate buffer and recode it.
-         */
-        bool fShouldFree;
-        char *pszResult;
-        if (cch > 0 && *ppsz)
+        {
-            fShouldFree = false;
-            if (cch <= cchResult)
-                return VERR_BUFFER_OVERFLOW;
-            pszResult = *ppsz;
+        }
-        else
+        {
-            *ppsz = NULL;
-            fShouldFree = true;
-            cch = RT_MAX(cch, cchResult + 1);
-            pszResult = (char *)RTMemAllocTag(cch, pszTag);
+        }
-        if (pszResult)
+        {
-            rc = rtUtf16RecodeAsLatin1(pwszString, cwcString, pszResult, cch - 1);
-            if (RT_SUCCESS(rc))
+            {
-                *ppsz = pszResult;
-                return rc;
+            }
-            if (fShouldFree)
-                RTMemFree(pszResult);
+        }
-        else
-            rc = VERR_NO_STR_MEMORY;
+    }
-    return rc;
+}
-RT_EXPORT_SYMBOL(RTUtf16ToLatin1ExTag);
-RTDECL(size_t) RTUtf16CalcLatin1Len(PCRTUTF16 pwsz)
+{
-    size_t cch;
-    int rc = rtUtf16CalcLatin1Length(pwsz, RTSTR_MAX, &cch);
-    return RT_SUCCESS(rc) ? cch : 0;
+}
-RT_EXPORT_SYMBOL(RTUtf16CalcLatin1Len);
-RTDECL(int) RTUtf16CalcLatin1LenEx(PCRTUTF16 pwsz, size_t cwc, size_t *pcch)
+{
-    size_t cch;
-    int rc = rtUtf16CalcLatin1Length(pwsz, cwc, &cch);
-    if (pcch)
-        *pcch = RT_SUCCESS(rc) ? cch : ~(size_t)0;
-    return rc;
+}
-RT_EXPORT_SYMBOL(RTUtf16CalcLatin1LenEx);
-/**
- * Calculates the UTF-16 length of a Latin1 string.  In fact this is just the
- * original length, but the function saves us nasty comments to that effect
- * all over the place.
+ *
- * @returns IPRT status code.
- * @param   psz     Pointer to the Latin1 string.
- * @param   cch     The max length of the string. (btw cch = cb)
- *                  Use RTSTR_MAX if all of the string is to be examined.s
- * @param   pcwc    Where to store the length of the UTF-16 string as a number of RTUTF16 characters.
- */
-static int rtLatin1CalcUtf16Length(const char *psz, size_t cch, size_t *pcwc)
+{
-    *pcwc = RTStrNLen(psz, cch);
-    return VINF_SUCCESS;
+}
-/**
- * Recodes a Latin1 string as UTF-16.  This is just a case of expanding it to
- * sixteen bits, as Unicode is a superset of Latin1.
+ *
- * Since we know the input is valid, we do *not* perform length checks.
+ *
- * @returns iprt status code.
- * @param   psz     The Latin1 string to recode.
- * @param   cch     The number of chars (the type char, so bytes if you like) to process of the Latin1 string.
- *                  The recoding will stop when cch or '\\0' is reached. Pass RTSTR_MAX to process up to '\\0'.
- * @param   pwsz    Where to store the UTF-16 string.
- * @param   cwc     The number of RTUTF16 items the pwsz buffer can hold, excluding the terminator ('\\0').
- */
-static int rtLatin1RecodeAsUtf16(const char *psz, size_t cch, PRTUTF16 pwsz, size_t cwc)
+{
-    int                     rc   = VINF_SUCCESS;
-    const unsigned char    *puch = (const unsigned char *)psz;
-    PRTUTF16                pwc  = pwsz;
-    while (cch-- > 0)
+    {
-        /* read the next char and check for terminator. */
-        const unsigned char uch = *puch;
-        if (!uch)
-            break;
-        /* check for output overflow */
-        if (RT_UNLIKELY(cwc < 1))
+        {
-            rc = VERR_BUFFER_OVERFLOW;
-            break;
+        }
-        /* expand the code point */
-        *pwc++ = uch;
-        cwc--;
-        puch++;
+    }
-    /* done */
-    *pwc = '\0';
-    return rc;
+}
-RTDECL(int) RTLatin1ToUtf16Tag(const char *pszString, PRTUTF16 *ppwszString, const char *pszTag)
+{
-    /*
-     * Validate input.
-     */
-    Assert(VALID_PTR(ppwszString));
-    Assert(VALID_PTR(pszString));
-    *ppwszString = NULL;
-    /*
-     * Validate the input and calculate the length of the UTF-16 string.
-     */
-    size_t cwc;
-    int rc = rtLatin1CalcUtf16Length(pszString, RTSTR_MAX, &cwc);
-    if (RT_SUCCESS(rc))
+    {
-        /*
-         * Allocate buffer.
-         */
-        PRTUTF16 pwsz = (PRTUTF16)RTMemAllocTag((cwc + 1) * sizeof(RTUTF16), pszTag);
-        if (pwsz)
+        {
-            /*
-             * Encode the UTF-16 string.
-             */
-            rc = rtLatin1RecodeAsUtf16(pszString, RTSTR_MAX, pwsz, cwc);
-            if (RT_SUCCESS(rc))
+            {
-                *ppwszString = pwsz;
-                return rc;
+            }
-            RTMemFree(pwsz);
+        }
-        else
-            rc = VERR_NO_UTF16_MEMORY;
+    }
-    return rc;
+}
-RT_EXPORT_SYMBOL(RTLatin1ToUtf16Tag);
-RTDECL(int)  RTLatin1ToUtf16ExTag(const char *pszString, size_t cchString,
-                                  PRTUTF16 *ppwsz, size_t cwc, size_t *pcwc, const char *pszTag)
+{
-    /*
-     * Validate input.
-     */
-    Assert(VALID_PTR(pszString));
-    Assert(VALID_PTR(ppwsz));
-    Assert(!pcwc || VALID_PTR(pcwc));
-    /*
-     * Validate the input and calculate the length of the UTF-16 string.
-     */
-    size_t cwcResult;
-    int rc = rtLatin1CalcUtf16Length(pszString, cchString, &cwcResult);
-    if (RT_SUCCESS(rc))
+    {
-        if (pcwc)
-            *pcwc = cwcResult;
-        /*
-         * Check buffer size / Allocate buffer.
-         */
-        bool fShouldFree;
-        PRTUTF16 pwszResult;
-        if (cwc > 0 && *ppwsz)
+        {
-            fShouldFree = false;
-            if (cwc <= cwcResult)
-                return VERR_BUFFER_OVERFLOW;
-            pwszResult = *ppwsz;
+        }
-        else
+        {
-            *ppwsz = NULL;
-            fShouldFree = true;
-            cwc = RT_MAX(cwcResult + 1, cwc);
-            pwszResult = (PRTUTF16)RTMemAllocTag(cwc * sizeof(RTUTF16), pszTag);
+        }
-        if (pwszResult)
+        {
-            /*
-             * Encode the UTF-16 string.
-             */
-            rc = rtLatin1RecodeAsUtf16(pszString, cchString, pwszResult, cwc - 1);
-            if (RT_SUCCESS(rc))
+            {
-                *ppwsz = pwszResult;
-                return rc;
+            }
-            if (fShouldFree)
-                RTMemFree(pwszResult);
+        }
-        else
-            rc = VERR_NO_UTF16_MEMORY;
+    }
-    return rc;
+}
-RT_EXPORT_SYMBOL(RTLatin1ToUtf16ExTag);
-RTDECL(size_t) RTLatin1CalcUtf16Len(const char *psz)
+{
-    size_t cwc;
-    int rc = rtLatin1CalcUtf16Length(psz, RTSTR_MAX, &cwc);
-    return RT_SUCCESS(rc) ? cwc : 0;
+}
-RT_EXPORT_SYMBOL(RTLatin1CalcUtf16Len);
-RTDECL(int) RTLatin1CalcUtf16LenEx(const char *psz, size_t cch, size_t *pcwc)
+{
-    size_t cwc;
-    int rc = rtLatin1CalcUtf16Length(psz, cch, &cwc);
-    if (pcwc)
-        *pcwc = RT_SUCCESS(rc) ? cwc : ~(size_t)0;
-    return rc;
+}
-RT_EXPORT_SYMBOL(RTLatin1CalcUtf16LenEx);

trunk/src/VBox/Runtime/common/string/utf-8-case.cpp

-              r48935
+              r51770
 /* $Id$ */
 /** @file
  * IPRT - UTF-8 Case Sensitivity and Folding.
+ * IPRT - UTF-8 Case Sensitivity and Folding, Part 1.
  */
 …
 RT_EXPORT_SYMBOL(RTStrToUpper);
-RTDECL(bool) RTStrIsCaseFoldable(const char *psz)
+{
-    /*
-     * Loop the code points in the string, checking them one by one until we
-     * find something that can be folded.
-     */
-    RTUNICP uc;
-    do
+    {
-        int rc = RTStrGetCpEx(&psz, &uc);
-        if (RT_SUCCESS(rc))
+        {
-            if (RTUniCpIsFoldable(uc))
-                return true;
+        }
-        else
+        {
-            /* bad encoding, just skip it quietly (uc == RTUNICP_INVALID (!= 0)). */
-            AssertRC(rc);
+        }
-    } while (uc != 0);
-    return false;
+}
-RT_EXPORT_SYMBOL(RTStrIsCaseFoldable);
-RTDECL(bool) RTStrIsUpperCased(const char *psz)
+{
-    /*
-     * Check that there are no lower case chars in the string.
-     */
-    RTUNICP uc;
-    do
+    {
-        int rc = RTStrGetCpEx(&psz, &uc);
-        if (RT_SUCCESS(rc))
+        {
-            if (RTUniCpIsLower(uc))
-                return false;
+        }
-        else
+        {
-            /* bad encoding, just skip it quietly (uc == RTUNICP_INVALID (!= 0)). */
-            AssertRC(rc);
+        }
-    } while (uc != 0);
-    return true;
+}
-RT_EXPORT_SYMBOL(RTStrIsUpperCased);
-RTDECL(bool) RTStrIsLowerCased(const char *psz)
+{
-    /*
-     * Check that there are no lower case chars in the string.
-     */
-    RTUNICP uc;
-    do
+    {
-        int rc = RTStrGetCpEx(&psz, &uc);
-        if (RT_SUCCESS(rc))
+        {
-            if (RTUniCpIsUpper(uc))
-                return false;
+        }
-        else
+        {
-            /* bad encoding, just skip it quietly (uc == RTUNICP_INVALID (!= 0)). */
-            AssertRC(rc);
+        }
-    } while (uc != 0);
-    return true;
+}
-RT_EXPORT_SYMBOL(RTStrIsLowerCased);

trunk/src/VBox/Runtime/include/internal/ldr.h

-              r49044
+              r51770
     DECLCALLBACKMEMBER(int, pfnReadDbgInfo)(PRTLDRMODINTERNAL pMod, uint32_t iDbgInfo, RTFOFF off, size_t cb, void *pvBuf);
     /**
      * Generic method for querying image properties.
 …
      * @param   cbBuf           The size of the return buffer (valid as per
      *                          property).
+     */
+    DECLCALLBACKMEMBER(int, pfnQueryProp)(PRTLDRMODINTERNAL pMod, RTLDRPROP enmProp, void *pvBuf, size_t cbBuf);
+     * @param   pcbRet          The number of bytes actually returned.  If
+     *                          VERR_BUFFER_OVERFLOW is returned, this is set to the
+     *                          required buffer size.
+     */
+    DECLCALLBACKMEMBER(int, pfnQueryProp)(PRTLDRMODINTERNAL pMod, RTLDRPROP enmProp, void *pvBuf, size_t cbBuf, size_t *pcbRet);
+    /**
+     * Verify the image signature.
+     *
+     * This may permform additional integrity checks on the image structures that
+     * was not done when opening the image.
+     *
+     * @returns IPRT status code.
+     * @retval  VERR_LDRVI_NOT_SIGNED if not signed.
+     *
+     * @param   pMod            Pointer to the loader module structure.
+     * @param   pfnCallback     Callback that does the signature and certificate
+     *                          verficiation.
+     * @param   pvUser          User argument for the callback.
+     * @param   pErrInfo        Pointer to an error info buffer. Optional.
+     */
+    DECLCALLBACKMEMBER(int, pfnVerifySignature)(PRTLDRMODINTERNAL pMod, PFNRTLDRVALIDATESIGNEDDATA pfnCallback, void *pvUser,
+                                                PRTERRINFO pErrInfo);
+    /**
+     * Calculate the image hash according the image signing rules.
+     *
+     * @returns IPRT status code.
+     * @param   hLdrMod         The module handle.
+     * @param   enmDigest       Which kind of digest.
+     * @param   pszDigest       Where to store the image digest.
+     * @param   cbDigest        Size of the buffer @a pszDigest points at.
+     */
+    DECLCALLBACKMEMBER(int, pfnHashImage)(PRTLDRMODINTERNAL pMod, RTDIGESTTYPE enmDigest, char *pszDigest, size_t cbDigest);
     /** Dummy entry to make sure we've initialized it all. */
 …
 typedef RTLDROPS *PRTLDROPS;
 typedef const RTLDROPS *PCRTLDROPS;
-/** Pointer to a loader reader instance. */
-typedef struct RTLDRREADER *PRTLDRREADER;
-/**
- * Loader image reader instance.
- * The reader will have extra data members following this structure.
- */
-typedef struct RTLDRREADER
+{
-    /** The name of the image provider. */
-    const char *pszName;
-    /**
-     * Reads bytes at a give place in the raw image.
+     *
-     * @returns iprt status code.
-     * @param   pReader     Pointer to the reader instance.
-     * @param   pvBuf       Where to store the bits.
-     * @param   cb          Number of bytes to read.
-     * @param   off         Where to start reading relative to the start of the raw image.
-     */
-    DECLCALLBACKMEMBER(int, pfnRead)(PRTLDRREADER pReader, void *pvBuf, size_t cb, RTFOFF off);
-    /**
-     * Tells end position of last read.
+     *
-     * @returns position relative to start of the raw image.
-     * @param   pReader     Pointer to the reader instance.
-     */
-    DECLCALLBACKMEMBER(RTFOFF, pfnTell)(PRTLDRREADER pReader);
-    /**
-     * Gets the size of the raw image bits.
+     *
-     * @returns size of raw image bits in bytes.
-     * @param   pReader     Pointer to the reader instance.
-     */
-    DECLCALLBACKMEMBER(RTFOFF, pfnSize)(PRTLDRREADER pReader);
-    /**
-     * Map the bits into memory.
+     *
-     * The mapping will be freed upon calling pfnDestroy() if not pfnUnmap()
-     * is called before that. The mapping is read only.
+     *
-     * @returns iprt status code.
-     * @param   pReader     Pointer to the reader instance.
-     * @param   ppvBits     Where to store the address of the memory mapping on success.
-     *                      The size of the mapping can be obtained by calling pfnSize().
-     */
-    DECLCALLBACKMEMBER(int, pfnMap)(PRTLDRREADER pReader, const void **ppvBits);
-    /**
-     * Unmap bits.
+     *
-     * @returns iprt status code.
-     * @param   pReader     Pointer to the reader instance.
-     * @param   pvBits      Memory pointer returned by pfnMap().
-     */
-    DECLCALLBACKMEMBER(int, pfnUnmap)(PRTLDRREADER pReader, const void *pvBits);
-    /**
-     * Gets the most appropriate log name.
+     *
-     * @returns Pointer to readonly log name.
-     * @param   pReader     Pointer to the reader instance.
-     */
-    DECLCALLBACKMEMBER(const char *, pfnLogName)(PRTLDRREADER pReader);
-    /**
-     * Releases all resources associated with the reader instance.
-     * The instance is invalid after this call returns.
+     *
-     * @returns iprt status code.
-     * @param   pReader     Pointer to the reader instance.
-     */
-    DECLCALLBACKMEMBER(int, pfnDestroy)(PRTLDRREADER pReader);
-} RTLDRREADER;
 …
+}
-int rtldrOpenWithReader(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phMod);
 /**
 …
 int rtldrNativeLoadSystem(const char *pszFilename, const char *pszExt, uint32_t fFlags, PRTLDRMOD phLdrMod);
 int rtldrPEOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, RTFOFF offNtHdrs, PRTLDRMOD phLdrMod);
 int rtldrELFOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod);
 int rtldrkLdrOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod);
+int rtldrPEOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, RTFOFF offNtHdrs, PRTLDRMOD phLdrMod, PRTERRINFO pErrInfo);
+int rtldrELFOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod, PRTERRINFO pErrInfo);
+int rtldrkLdrOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod, PRTERRINFO pErrInfo);
 /*int rtldrLXOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, RTFOFF offLX, PRTLDRMOD phLdrMod);
 int rtldrMachoOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, RTFOFF offSomething, PRTLDRMOD phLdrMod);*/

trunk/src/VBox/Runtime/include/internal/ldrPE.h

-              r46278
+              r51770
 #define  IMAGE_SUBSYSTEM_POSIX_CUI  0x7
+#define  IMAGE_LIBRARY_PROCESS_INIT  0x0001
+#define  IMAGE_LIBRARY_PROCESS_TERM  0x0002
+#define  IMAGE_LIBRARY_THREAD_INIT  0x0004
+#define  IMAGE_LIBRARY_THREAD_TERM  0x0008
+#define  IMAGE_DLLCHARACTERISTICS_NO_ISOLATION  0x0200
+#define  IMAGE_DLLCHARACTERISTICS_NO_SEH  0x0400
+#define  IMAGE_DLLCHARACTERISTICS_NO_BIND  0x0800
+#define  IMAGE_DLLCHARACTERISTICS_WDM_DRIVER  0x2000
+#define  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE  0x8000
+#define  IMAGE_LIBRARY_PROCESS_INIT                         0x0001
+#define  IMAGE_LIBRARY_PROCESS_TERM                         0x0002
+#define  IMAGE_LIBRARY_THREAD_INIT                          0x0004
+#define  IMAGE_LIBRARY_THREAD_TERM                          0x0008
+#define  IMAGE_DLLCHARACTERISTICS_RESERVED                  0x0010
+#define  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA           0x0020
+#define  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE              0x0040
+#define  IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY           0x0080
+#define  IMAGE_DLLCHARACTERISTICS_NX_COMPAT                 0x0100
+#define  IMAGE_DLLCHARACTERISTICS_NO_ISOLATION              0x0200
+#define  IMAGE_DLLCHARACTERISTICS_NO_SEH                    0x0400
+#define  IMAGE_DLLCHARACTERISTICS_NO_BIND                   0x0800
+#define  IMAGE_DLLCHARACTERISTICS_APPCONTAINER              0x1000
+#define  IMAGE_DLLCHARACTERISTICS_WDM_DRIVER                0x2000
+#define  IMAGE_DLLCHARACTERISTICS_GUARD_CF                  0x4000
+#define  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE     0x8000
 #define  IMAGE_NUMBEROF_DIRECTORY_ENTRIES  0x10
 …
 #define  WIN_CERT_TYPE_EFI_GUID             UINT16_C(0x0ef1)
+/** The alignment of the certificate table.
+ * @remarks Found thru signtool experiments.  */
+#define  WIN_CERTIFICATE_ALIGNMENT          8
 /* For .DBG files. */
 …
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32
+/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
+/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
+/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
+/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
+/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
+/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
+/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
+/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
+/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
+#pragma pack()
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V1
+{
+    uint32_t  Size;
+    uint32_t  TimeDateStamp;
+    uint16_t  MajorVersion;
+    uint16_t  MinorVersion;
+    uint32_t  GlobalFlagsClear;
+    uint32_t  GlobalFlagsSet;
+    uint32_t  CriticalSectionDefaultTimeout;
+    uint32_t  DeCommitFreeBlockThreshold;
+    uint32_t  DeCommitTotalFreeThreshold;
+    uint32_t  LockPrefixTable;
+    uint32_t  MaximumAllocationSize;
+    uint32_t  VirtualMemoryThreshold;
+    uint32_t  ProcessHeapFlags;
+    uint32_t  ProcessAffinityMask;
+    uint16_t  CSDVersion;
+    uint16_t  Reserved1;
+    uint32_t  EditList;
+    uint32_t  SecurityCookie;
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V1;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V1, 0x40);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V1 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V1;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V1 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V1;
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V2
+{
     uint32_t  Size;
 …
     uint32_t  SEHandlerTable;
     uint32_t  SEHandlerCount;
+} IMAGE_LOAD_CONFIG_DIRECTORY32;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32 *PIMAGE_LOAD_CONFIG_DIRECTORY32;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32;
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V2;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V2, 0x48);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V2 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V2;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V2 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V2;
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V3
+{
+    uint32_t  Size;
+    uint32_t  TimeDateStamp;
+    uint16_t  MajorVersion;
+    uint16_t  MinorVersion;
+    uint32_t  GlobalFlagsClear;
+    uint32_t  GlobalFlagsSet;
+    uint32_t  CriticalSectionDefaultTimeout;
+    uint32_t  DeCommitFreeBlockThreshold;
+    uint32_t  DeCommitTotalFreeThreshold;
+    uint32_t  LockPrefixTable;
+    uint32_t  MaximumAllocationSize;
+    uint32_t  VirtualMemoryThreshold;
+    uint32_t  ProcessHeapFlags;
+    uint32_t  ProcessAffinityMask;
+    uint16_t  CSDVersion;
+    uint16_t  Reserved1;
+    uint32_t  EditList;
+    uint32_t  SecurityCookie;
+    uint32_t  SEHandlerTable;
+    uint32_t  SEHandlerCount;
+    uint32_t  GuardCFCCheckFunctionPointer;
+    uint32_t  Reserved2;
+    uint32_t  GuardCFFunctionTable;
+    uint32_t  GuardCFFunctionCount;
+    uint32_t  GuardFlags;
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V3;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V3, 0x5c);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V3 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V3;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V3 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V3;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V3   IMAGE_LOAD_CONFIG_DIRECTORY32;
+typedef PIMAGE_LOAD_CONFIG_DIRECTORY32_V3  PIMAGE_LOAD_CONFIG_DIRECTORY32;
+typedef PCIMAGE_LOAD_CONFIG_DIRECTORY32_V3 PCIMAGE_LOAD_CONFIG_DIRECTORY32;
+/* No _IMAGE_LOAD_CONFIG_DIRECTORY64_V1 exists. */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V2
+{
     uint32_t  Size;
 …
     uint64_t  SEHandlerTable;
     uint64_t  SEHandlerCount;
+} IMAGE_LOAD_CONFIG_DIRECTORY64;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64 *PIMAGE_LOAD_CONFIG_DIRECTORY64;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64;
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V2;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V2, 0x70);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V2 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V2;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V2 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V2;
+#pragma pack(4) /* Why not 8 byte alignment, baka microsofties?!? */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V3
+{
+    uint32_t  Size;
+    uint32_t  TimeDateStamp;
+    uint16_t  MajorVersion;
+    uint16_t  MinorVersion;
+    uint32_t  GlobalFlagsClear;
+    uint32_t  GlobalFlagsSet;
+    uint32_t  CriticalSectionDefaultTimeout;
+    uint64_t  DeCommitFreeBlockThreshold;
+    uint64_t  DeCommitTotalFreeThreshold;
+    uint64_t  LockPrefixTable;
+    uint64_t  MaximumAllocationSize;
+    uint64_t  VirtualMemoryThreshold;
+    uint64_t  ProcessAffinityMask;
+    uint32_t  ProcessHeapFlags;
+    uint16_t  CSDVersion;
+    uint16_t  Reserved1;
+    uint64_t  EditList;
+    uint64_t  SecurityCookie;
+    uint64_t  SEHandlerTable;
+    uint64_t  SEHandlerCount;
+    uint64_t  GuardCFCCheckFunctionPointer;
+    uint64_t  Reserved2;
+    uint64_t  GuardCFFunctionTable;
+    uint64_t  GuardCFFunctionCount;
+    uint32_t  GuardFlags;
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V3;
+#pragma pack()
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V3, 0x94);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V3 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V3;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V3 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V3;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V3   IMAGE_LOAD_CONFIG_DIRECTORY64;
+typedef PIMAGE_LOAD_CONFIG_DIRECTORY64_V3  PIMAGE_LOAD_CONFIG_DIRECTORY64;
+typedef PCIMAGE_LOAD_CONFIG_DIRECTORY64_V3 PCIMAGE_LOAD_CONFIG_DIRECTORY64;
 typedef struct _IMAGE_DEBUG_DIRECTORY
 …
     uint32_t  PointerToRawData;
 } IMAGE_DEBUG_DIRECTORY;
+AssertCompileSize(IMAGE_DEBUG_DIRECTORY, 28);
 typedef IMAGE_DEBUG_DIRECTORY *PIMAGE_DEBUG_DIRECTORY;
 typedef IMAGE_DEBUG_DIRECTORY const *PCIMAGE_DEBUG_DIRECTORY;
 …
     uint8_t    Data[1];
 } IMAGE_DEBUG_MISC;
+AssertCompileSize(IMAGE_DEBUG_MISC, 16);
 typedef IMAGE_DEBUG_MISC *PIMAGE_DEBUG_MISC;
 typedef IMAGE_DEBUG_MISC const *PCIMAGE_DEBUG_MISC;
 …
     uint8_t     bCertificate[8];
 } WIN_CERTIFICATE;
+AssertCompileSize(WIN_CERTIFICATE, 16);
 typedef WIN_CERTIFICATE *PWIN_CERTIFICATE;
 typedef WIN_CERTIFICATE const *PCWIN_CERTIFICATE;
-/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
-/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
-/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
-/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
-/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
-/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
-/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
-/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
-/* WARNING! NO MORE PRAGMA PACK 4 from here on. Assert size of all new types. */
-#pragma pack()

trunk/src/VBox/Runtime/nt/RTErrConvertFromNtStatus.cpp

-              r51530
+              r51770
         case STATUS_NO_MORE_FILES:          return VERR_NO_MORE_FILES;
         case STATUS_NO_MORE_ENTRIES:        return VERR_NO_MORE_FILES;
+        case STATUS_NO_MEMORY:              return VERR_NO_MEMORY;
         case STATUS_INVALID_HANDLE:         return VERR_INVALID_HANDLE;
 …
         case STATUS_OBJECT_PATH_INVALID:    return VERR_INVALID_NAME;
         case STATUS_OBJECT_PATH_NOT_FOUND:  return VERR_PATH_NOT_FOUND;
+        case STATUS_OBJECT_PATH_SYNTAX_BAD: return VERR_INVALID_NAME;
         case STATUS_BAD_NETWORK_PATH:       return VERR_NET_PATH_NOT_FOUND;
         case STATUS_NOT_A_DIRECTORY:        return VERR_NOT_A_DIRECTORY;

trunk/src/VBox/Runtime/r3/posix/process-posix.cpp

-              r48935
+              r51770
+RTR3DECL(int) RTProcQueryParent(RTPROCESS hProcess, PRTPROCESS phParent)
+{
+    if (hProcess == RTProcSelf())
+    {
+        *phParent = getppid();
+        return VINF_SUCCESS;
+    }
+    return VERR_NOT_SUPPORTED;
+}
 RTR3DECL(int) RTProcQueryUsername(RTPROCESS hProcess, char *pszUser, size_t cbUser,
                                   size_t *pcbUser)

trunk/src/VBox/Runtime/r3/stream.cpp

-              r48935
+              r51770
 /**
+ * Dumper vprintf-like function outputting to a stream.
+ *
+ * @param   pvUser          The stream to print to.  NULL means standard output.
+ * @param   pszFormat       Runtime format string.
+ * @param   va              Arguments specified by pszFormat.
+ */
+RTDECL(void) RTStrmDumpPrintfV(void *pvUser, const char *pszFormat, va_list va)
+{
+    RTStrmPrintfV(pvUser ? (PRTSTREAM)pvUser : g_pStdOut, pszFormat, va);
+}
+/**
  * Prints a formatted string to the standard output stream (g_pStdOut).
+ *

trunk/src/VBox/Runtime/r3/win/ntdll-mini-implib.def

-              r49229
+              r51770
+;
 ; Copyright (C) 2010-2013 Oracle Corporation
+; Copyright (C) 2010-2014 Oracle Corporation
+;
 ; This file is part of VirtualBox Open Source Edition (OSE), as
 …
 LIBRARY ntdll.dll
 EXPORTS
+    RtlNtStatusToDosError
+    NtQueryTimerResolution
+    NtQueryDirectoryFile
+    NtQueryDirectoryObject
+    NtQueryInformationFile
+    NtQueryInformationProcess
+    NtSetInformationFile
+    NtSetTimerResolution
+    NtQueryVolumeInformationFile
+    NtQueryVirtualMemory
+    NtCreateFile
+    NtClose
+    NtOpenDirectoryObject
+    NtDeviceIoControlFile
+  ; Exported name                           - The name x86 name sought by the linker.
+  ;                                         - This needs to be defined as a symbol, we generate assembly.
+    NtClose                               ;;= _NtClose@4
+    NtCreateFile                          ;;= _NtCreateFile@44
+    NtCreateSection                       ;;= _NtCreateSection@28
+    NtDelayExecution                      ;;= _NtDelayExecution@8
+    NtDeviceIoControlFile                 ;;= _NtDeviceIoControlFile@40
+    NtDuplicateObject                     ;;= _NtDuplicateObject@28
+    NtOpenDirectoryObject                 ;;= _NtOpenDirectoryObject@12
+    NtOpenProcess                         ;;= _NtOpenProcess@16
+    NtOpenProcessToken                    ;;= _NtOpenProcessToken@12
+    NtOpenThreadToken                     ;;= _NtOpenThreadToken@16
+    NtQueryDirectoryFile                  ;;= _NtQueryDirectoryFile@44
+    NtQueryDirectoryObject                ;;= _NtQueryDirectoryObject@28
+    NtQueryInformationFile                ;;= _NtQueryInformationFile@20
+    NtQueryInformationProcess             ;;= _NtQueryInformationProcess@20
+    NtQueryInformationThread              ;;= _NtQueryInformationThread@20
+    NtQueryInformationToken               ;;= _NtQueryInformationToken@20
+    NtQueryObject                         ;;= _NtQueryObject@20
+    NtQueryTimerResolution                ;;= _NtQueryTimerResolution@12
+    NtQueryVirtualMemory                  ;;= _NtQueryVirtualMemory@24
+    NtQueryVolumeInformationFile          ;;= _NtQueryVolumeInformationFile@20
+    NtReadFile                            ;;= _NtReadFile@36
+    NtReadVirtualMemory                   ;;= _NtReadVirtualMemory@20
+    NtSetInformationFile                  ;;= _NtSetInformationFile@20
+    NtSetInformationObject                ;;= _NtSetInformationObject@16
+    NtSetInformationThread                ;;= _NtSetInformationThread@16
+    NtSetTimerResolution                  ;;= _NtSetTimerResolution@12
+    NtWriteFile                           ;;= _NtWriteFile@36
+    NtWriteVirtualMemory                  ;;= _NtWriteVirtualMemory@20
+    NtYieldExecution                      ;;= _NtYieldExecution@0
+                                          ;;
+    RtlAddAccessAllowedAce                ;;= _RtlAddAccessAllowedAce@16
+    RtlAddAccessDeniedAce                 ;;= _RtlAddAccessDeniedAce@16
+    RtlCopySid                            ;;= _RtlCopySid@12
+    RtlCreateAcl                          ;;= _RtlCreateAcl@12
+    RtlCreateSecurityDescriptor           ;;= _RtlCreateSecurityDescriptor@8
+    RtlGetVersion                         ;;= _RtlGetVersion@4
+    RtlInitializeSid                      ;;= _RtlInitializeSid@12
+    RtlNtStatusToDosError                 ;;= _RtlNtStatusToDosError@4
+    RtlSetDaclSecurityDescriptor          ;;= _RtlSetDaclSecurityDescriptor@16
+    RtlSubAuthoritySid                    ;;= _RtlSubAuthoritySid@8

trunk/src/VBox/Runtime/testcase/Makefile.kmk

-              r51165
+              r51770
         tstRTBase64 \
         tstRTBitOperations \
+        tstRTBigNum \
         tstRTCidr \
         tstRTCritSect \
 …
         tstLdr \
         tstLdrLoad \
+        tstRTLdrVerifyPeImage \
         tstRTList \
         tstRTLockValidator \
 …
 tstRTBase64_SOURCES = tstRTBase64.cpp
+tstRTBigNum_TEMPLATE = VBOXR3TSTEXE
+tstRTBigNum_SOURCES = tstRTBigNum.cpp
 tstRTBitOperations_TEMPLATE = VBOXR3TSTEXE
 tstRTBitOperations_SOURCES = tstRTBitOperations.cpp
 …
 tstLdrLoad_SOURCES = tstLdrLoad.cpp
+tstRTLdrVerifyPeImage_TEMPLATE = VBOXR3TSTEXE
+tstRTLdrVerifyPeImage_SOURCES = tstRTLdrVerifyPeImage.cpp
 tstRTList_TEMPLATE = VBOXR3TSTEXE
 tstRTList_SOURCES = tstRTList.cpp

trunk/src/VBox/Runtime/tools/Makefile.kmk

-              r51696
+              r51770
+#
 # Copyright (C) 2006-2013 Oracle Corporation
+# Copyright (C) 2006-2014 Oracle Corporation
+#
 # This file is part of VirtualBox Open Source Edition (OSE), as
 …
 bldRTManifest_TEMPLATE = VBoxAdvBldProg
 bldRTManifest_SOURCES  = RTManifest.cpp
+# RTSignTool - Signing utility - build version.  Signed on windows so we can get the certificate from it.
+BLDPROGS += bldRTSignTool
+bldRTSignTool_TEMPLATE = VBoxAdvBldProg
+bldRTSignTool_SOURCES = RTSignTool.cpp
+bldRTSignTool_DEFS = IPRT_IN_BUILD_TOOL
+bldRTSignTool_POST_CMDS.win = $(VBOX_SIGN_IMAGE_CMDS)
 ifndef VBOX_ONLY_EXTPACKS_USE_IMPLIBS
 …
  RTDbgSymCache_SOURCES = RTDbgSymCache.cpp
+ # RTSignTool - Signing utility.
+ PROGRAMS += RTSignTool
+ RTSignTool_TEMPLATE = VBoxR3Tool
+ RTSignTool_SOURCES = RTSignTool.cpp
+ RTSignTool_LIBS = $(PATH_STAGE_LIB)/SUPR3$(VBOX_SUFF_LIB)
 endif # !VBOX_ONLY_EXTPACKS_USE_IMPLIBS

trunk/src/VBox/Runtime/win/RTErrConvertFromWin32.cpp

r51427	r51770
413	413	case ERROR_NOT_A_REPARSE_POINT: return VERR_NOT_SYMLINK;
414	414
	415	case NTE_BAD_ALGID: return VERR_CR_PKIX_UNKNOWN_DIGEST_TYPE;
415	416	}
416	417

trunk/src/VBox/Runtime/win/errmsgwin.cpp

-              r48935
+              r51770
 static const RTWINERRMSG  g_aStatusMsgs[] =
+{
+#include "errmsgcomdata.h"
+#if defined(VBOX) && !defined(IN_GUEST)
+# include "errmsgvboxcomdata.h"
+#ifndef IPRT_NO_ERROR_DATA
+# include "errmsgcomdata.h"
+# if defined(VBOX) && !defined(IN_GUEST)
+#  include "errmsgvboxcomdata.h"
+# endif
+#else
+    { "Success.", "ERROR_SUCCESS", 0 },
 #endif
     { NULL, NULL, 0 }
 …
+{
     unsigned i;
     for (i = 0; i < RT_ELEMENTS(g_aStatusMsgs); i++)
+    for (i = 0; i < RT_ELEMENTS(g_aStatusMsgs) - 1U; i++)
         if (g_aStatusMsgs[i].iCode == rc)
             return &g_aStatusMsgs[i];
 …
      * actual value in case we pick the wrong entry. Better than always using
      * the "Unknown Status" case. */
     for (i = 0; i < RT_ELEMENTS(g_aStatusMsgs); i++)
+    for (i = 0; i < RT_ELEMENTS(g_aStatusMsgs) - 1U; i++)
         if (g_aStatusMsgs[i].iCode == HRESULT_CODE(rc))
+        {

trunk/src/bldprogs/bin2c.c

-              r48959
+              r51770
             "  -width <n>   number of bytes per line (default: 16)\n"
             "  -break <n>   break every <n> lines    (default: -1)\n"
+            "  -ascii       show ASCII representation of binary as comment\n",
+            argv0);
+            "  -ascii       show ASCII representation of binary as comment\n"
+            "  -export      emit DECLEXPORT\n"
+            "  --append     append to the output file (default: truncate)\n"
+            , argv0);
     return 1;
 …
     size_t        uMask = 0;
     int           fAscii = 0;
+    int           fAppend = 0;
     int           fExport = 0;
     long          iBreakEvery = -1;
 …
+        }
         else if (!strcmp(argv[iArg], "-ascii"))
+        {
             fAscii = 1;
+        }
+        else if (!strcmp(argv[iArg], "--append"))
+            fAppend = 1;
         else if (!strcmp(argv[iArg], "-export"))
+        {
             fExport = 1;
+        }
         else if (!strcmp(argv[iArg], "-width"))
+        {
 …
+    }
     pFileOut = fopen(argv[iArg+2], "wb");
+    pFileOut = fopen(argv[iArg+2], fAppend ? "a" : "w"); /* no b! */
     if (!pFileOut)
+    {

trunk/src/recompiler/Makefile.kmk

-              r47423
+              r51770
 VBoxRemPrimary_LDFLAGS.solaris = -mimpure-text
+VBoxRemPrimary_POST_CMDS       = $(VBOX_SIGN_IMAGE_CMDS)
+ifdef VBOX_WITH_HARDENING
+ VBoxRemPrimary_POST_CMDS      = \
+        $(VBOX_VCC_EDITBIN) /LargeAddressAware /DynamicBase /NxCompat /Release /IntegrityCheck \
+                /Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) "$(out)" \
+        $$(NLTAB)$(VBOX_SIGN_IMAGE_CMDS)
+else
+ VBoxRemPrimary_POST_CMDS      = $(VBOX_SIGN_IMAGE_CMDS)
+endif

trunk/tools/bin/gen-slickedit-workspace.sh

-              r51348
+              r51770
 # @param    $1      The output file name base.
 # @param    $2      The wildcard spec.
+# @param    $3      Optional folder override.
 my_wildcard()
+{
+    if test -n "$3"; then
+        MY_FOLDER="$1-$3.lst"
+    else
+        MY_FOLDER="$1-All.lst"
+    fi
     EXCLUDES="*.log;*.kup;*~;*.pyc;*.exe;*.sys;*.dll;*.o;*.obj;*.lib;*.a;*.ko;*.class;*.cvsignore;*.done;*.project;*.actionScriptProperties;*.scm-settings;.svn/*"
     echo '        <F N="'"${2}"'/*" Recurse="1" Excludes="'"${EXCLUDES}"'"/>' >> "$1-All.lst"
+    echo '        <F N="'"${2}"'/*" Recurse="1" Excludes="'"${EXCLUDES}"'"/>' >> "${MY_FOLDER}"
+}
 …
                     case "${f}" in
                         ${MY_ROOT_DIR}/include*)
+                            my_sub_tree "${MY_FILE}" "${f}" "Headers"
+                            #my_sub_tree "${MY_FILE}" "${f}" "Headers"
+                            my_wildcard "${MY_FILE}" "${f}" "Headers"
                             ;;
                         *)  my_wildcard "${MY_FILE}" "${f}"
 …
 #define IEM_MC_ARG(a_Type, a_Name, a_iArg)                 a_Type a_Name
 #define IEM_MC_ARG_CONST(a_Type, a_Name, a_Value, a_iArg)  a_Type const a_Name = a_Value
+#define RTASN1_IMPL_GEN_SEQ_OF_TYPEDEFS_AND_PROTOS(a_SeqOfType, a_ItemType, a_DeclMacro, a_ImplExtNm) typedef struct a_SeqOfType { RTASN1SEQUENCECORE SeqCore; RTASN1ALLOCATION Allocation; uint32_t cItems; RT_CONCAT(P,a_ItemType) paItems; } a_SeqOfType; typedef a_SeqOfType *P##a_SeqOfType, const *PC##a_SeqOfType; int a_ImplExtNm##_DecodeAsn1(struct RTASN1CURSOR *pCursor, uint32_t fFlags, P##a_SeqOfType pThis, const char *pszErrorTag); int a_ImplExtNm##_Compare(PC##a_SeqOfType pLeft, PC##a_SeqOfType pRight)
+#define RTASN1_IMPL_GEN_SET_OF_TYPEDEFS_AND_PROTOS(a_SetOfType, a_ItemType, a_DeclMacro, a_ImplExtNm) typedef struct a_SetOfType { RTASN1SETCORE SetCore; RTASN1ALLOCATION Allocation; uint32_t cItems; RT_CONCAT(P,a_ItemType) paItems; } a_SetOfType; typedef a_SetOfType *P##a_SetOfType, const *PC##a_SetOfType; int a_ImplExtNm##_DecodeAsn1(struct RTASN1CURSOR *pCursor, uint32_t fFlags, P##a_SetOfType pThis, const char *pszErrorTag); int a_ImplExtNm##_Compare(PC##a_SetOfType pLeft, PC##a_SetOfType pRight)
+#define RTASN1TYPE_STANDARD_PROTOTYPES_NO_GET_CORE(a_TypeNm, a_DeclMacro, a_ImplExtNm) int  a_ImplExtNm##_Init(P##a_TypeNm pThis, PCRTASN1ALLOCATORVTABLE pAllocator); int  a_ImplExtNm##_Clone(P##a_TypeNm pThis, PC##a_TypeNm) pSrc, PCRTASN1ALLOCATORVTABLE pAllocator); void a_ImplExtNm##_Delete(P##a_TypeNm pThis); int  a_ImplExtNm##_Enum(P##a_TypeNm pThis, PFNRTASN1ENUMCALLBACK pfnCallback, uint32_t uDepth, void *pvUser); int  a_ImplExtNm##_Compare(PC##a_TypeNm) pLeft, PC##a_TypeNm pRight); int  a_ImplExtNm##_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, P##a_TypeNm pThis, const char *pszErrorTag); int  a_ImplExtNm##_CheckSanity(PC##a_TypeNm pThis, uint32_t fFlags, PRTERRINFO pErrInfo, const char *pszErrorTag)
+#define RTASN1TYPE_STANDARD_PROTOTYPES(a_TypeNm, a_DeclMacro, a_ImplExtNm, a_Asn1CoreNm) inline PRTASN1CORE a_ImplExtNm##_GetAsn1Core(PC##a_TypeNm pThis) { return (PRTASN1CORE)&pThis->a_Asn1CoreNm; } inline bool a_ImplExtNm##_IsPresent(PC##a_TypeNm pThis) { return pThis && RTASN1CORE_IS_PRESENT(&pThis->a_Asn1CoreNm); } RTASN1TYPE_STANDARD_PROTOTYPES_NO_GET_CORE(a_TypeNm, a_DeclMacro, a_ImplExtNm)
 EOF

Changeset 51770 in vbox

Legend:

Download in other formats: