Changeset 52092 in vbox
- Timestamp:
- Jul 18, 2014 7:14:33 AM (11 years ago)
- svn:sync-xref-src-repo-rev:
- 95099
- Location:
- trunk
- Files:
-
- 3 edited
-
include/iprt/nt/nt.h (modified) (5 diffs)
-
src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp (modified) (2 diffs)
-
src/VBox/Runtime/r3/win/ntdll-mini-implib.def (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/iprt/nt/nt.h
r52040 r52092 83 83 # define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination 84 84 85 # define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS 86 # define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS 87 # define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS 88 85 89 # define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread 86 90 # define NtSetInformationThread IncompleteWinternl_NtSetInformationThread … … 129 133 # undef ProcessImageFileName 130 134 # undef ProcessBreakOnTermination 135 136 # undef RTL_USER_PROCESS_PARAMETERS 137 # undef PRTL_USER_PROCESS_PARAMETERS 138 # undef _RTL_USER_PROCESS_PARAMETERS 131 139 132 140 # undef NtQueryInformationThread … … 629 637 NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG); 630 638 639 NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE); 640 NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE); 641 /** @name ProcessDefaultHardErrorMode bit definitions. 642 * @{ */ 643 #define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */ 644 #define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002) 645 #define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004) 646 #define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000) 647 /** @} */ 648 NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG); 649 631 650 /** Retured by ProcessImageInformation as well as NtQuerySection. */ 632 651 typedef struct _SECTION_IMAGE_INFORMATION … … 678 697 679 698 NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG); 699 NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG); 700 NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG); 680 701 681 702 #ifndef SEC_FILE … … 907 928 NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID); 908 929 930 931 typedef struct _CURDIR 932 { 933 UNICODE_STRING DosPath; 934 HANDLE Handle; 935 } CURDIR; 936 typedef CURDIR *PCURDIR; 937 938 typedef struct _RTL_DRIVE_LETTER_CURDIR 939 { 940 USHORT Flags; 941 USHORT Length; 942 ULONG TimeStamp; 943 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */ 944 } RTL_DRIVE_LETTER_CURDIR; 945 typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR; 946 947 typedef struct _RTL_USER_PROCESS_PARAMETERS 948 { 949 ULONG MaximumLength; 950 ULONG Length; 951 ULONG Flags; 952 ULONG DebugFlags; 953 HANDLE ConsoleHandle; 954 ULONG ConsoleFlags; 955 HANDLE StandardInput; 956 HANDLE StandardOutput; 957 HANDLE StandardError; 958 CURDIR CurrentDirectory; 959 UNICODE_STRING DllPath; 960 UNICODE_STRING ImagePathName; 961 UNICODE_STRING CommandLine; 962 PWSTR Environment; 963 ULONG StartingX; 964 ULONG StartingY; 965 ULONG CountX; 966 ULONG CountY; 967 ULONG CountCharsX; 968 ULONG CountCharsY; 969 ULONG FillAttribute; 970 ULONG WindowFlags; 971 ULONG ShowWindowFlags; 972 UNICODE_STRING WindowTitle; 973 UNICODE_STRING DesktopInfo; 974 UNICODE_STRING ShellInfo; 975 UNICODE_STRING RuntimeInfo; 976 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; 977 SIZE_T EnvironmentSize; /**< Added in Vista */ 978 SIZE_T EnvironmentVersion; /**< Added in Windows 7. */ 979 PVOID PackageDependencyData; /**< Added Windows 8? */ 980 ULONG ProcessGroupId; /**< Added Windows 8? */ 981 } RTL_USER_PROCESS_PARAMETERS; 982 typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS; 983 #define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1 984 985 typedef struct _RTL_USER_PROCESS_INFORMATION 986 { 987 ULONG Size; 988 HANDLE ProcessHandle; 989 HANDLE ThreadHandle; 990 CLIENT_ID ClientId; 991 SECTION_IMAGE_INFORMATION ImageInformation; 992 } RTL_USER_PROCESS_INFORMATION; 993 typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION; 994 995 996 NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR, 997 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION); 998 NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName, 999 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory, 1000 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment, 1001 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo, 1002 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo); 1003 NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS); 1004 909 1005 RT_C_DECLS_END 910 1006 /** @} */ -
trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp
r52089 r52092 947 947 DECLHIDDEN(void) supR3HardenedWinInstallHooks(void) 948 948 { 949 NTSTATUS rcNt; 950 949 951 #ifndef VBOX_WITHOUT_DEBUGGER_CHECKS 950 952 /* … … 952 954 * notifications from ending up in the debugger. 953 955 */ 954 NTSTATUSrcNt = NtSetInformationThread(GetCurrentThread(), ThreadHideFromDebugger, NULL, 0);956 rcNt = NtSetInformationThread(GetCurrentThread(), ThreadHideFromDebugger, NULL, 0); 955 957 if (!NT_SUCCESS(rcNt)) 956 supR3HardenedFatalMsg("supR3HardenedWinInstallHooks", kSupInitOp_Misc, VERR_ NO_MEMORY,958 supR3HardenedFatalMsg("supR3HardenedWinInstallHooks", kSupInitOp_Misc, VERR_GENERAL_FAILURE, 957 959 "NtSetInformationThread/ThreadHideFromDebugger failed: %#x\n", rcNt); 958 960 #endif 961 962 /* 963 * Disable hard error popups so we can quietly refuse images to be loaded. 964 */ 965 ULONG fHardErr = 0; 966 rcNt = NtQueryInformationProcess(NtCurrentProcess(), ProcessDefaultHardErrorMode, &fHardErr, sizeof(fHardErr), NULL); 967 if (!NT_SUCCESS(rcNt)) 968 supR3HardenedFatalMsg("supR3HardenedWinInstallHooks", kSupInitOp_Misc, VERR_GENERAL_FAILURE, 969 "NtQueryInformationProcess/ProcessDefaultHardErrorMode failed: %#x\n", rcNt); 970 if (fHardErr & PROCESS_HARDERR_CRITICAL_ERROR) 971 { 972 fHardErr &= ~PROCESS_HARDERR_CRITICAL_ERROR; 973 rcNt = NtSetInformationProcess(NtCurrentProcess(), ProcessDefaultHardErrorMode, &fHardErr, sizeof(fHardErr)); 974 if (!NT_SUCCESS(rcNt)) 975 supR3HardenedFatalMsg("supR3HardenedWinInstallHooks", kSupInitOp_Misc, VERR_GENERAL_FAILURE, 976 "NtSetInformationProcess/ProcessDefaultHardErrorMode failed: %#x\n", rcNt); 977 } 959 978 960 979 /* -
trunk/src/VBox/Runtime/r3/win/ntdll-mini-implib.def
r51770 r52092 51 51 NtReadFile ;;= _NtReadFile@36 52 52 NtReadVirtualMemory ;;= _NtReadVirtualMemory@20 53 NtResumeProcess ;;= _NtResumeProcess@4 54 NtResumeThread ;;= _NtResumeThread@8 53 55 NtSetInformationFile ;;= _NtSetInformationFile@20 54 56 NtSetInformationObject ;;= _NtSetInformationObject@16 57 NtSetInformationProcess ;;= _NtSetInformationProcess@16 55 58 NtSetInformationThread ;;= _NtSetInformationThread@16 56 59 NtSetTimerResolution ;;= _NtSetTimerResolution@12 60 NtSuspendProcess ;;= _NtSuspendProcess@4 61 NtSuspendThread ;;= _NtSuspendThread@8 57 62 NtWriteFile ;;= _NtWriteFile@36 58 63 NtWriteVirtualMemory ;;= _NtWriteVirtualMemory@20 … … 63 68 RtlCopySid ;;= _RtlCopySid@12 64 69 RtlCreateAcl ;;= _RtlCreateAcl@12 70 RtlCreateProcessParameters ;;= _RtlCreateProcessParameters@40 65 71 RtlCreateSecurityDescriptor ;;= _RtlCreateSecurityDescriptor@8 72 RtlCreateUserProcess ;;= _RtlCreateUserProcess@40 73 RtlDestroyProcessParameters ;;= _RtlDestroyProcessParameters@4 66 74 RtlGetVersion ;;= _RtlGetVersion@4 67 75 RtlInitializeSid ;;= _RtlInitializeSid@12
Note:
See TracChangeset
for help on using the changeset viewer.
