Changeset 52356 in vbox for trunk/src/VBox/HostDrivers

Timestamp:

Aug 11, 2014 7:24:00 PM (10 years ago)

Author:

vboxsync

Message:

SUP: Manual imports.

Location:

trunk/src/VBox/HostDrivers/Support

Files:

• Makefile.kmk (modified) (2 diffs)
• SUPLibInternal.h (modified) (1 diff)
• SUPR3HardenedMain.cpp (modified) (2 diffs)
• win/SUPHardenedVerify-win.h (modified) (3 diffs)
• win/SUPHardenedVerifyImage-win.cpp (modified) (13 diffs)
• win/SUPLib-win.cpp (modified) (1 diff)
• win/SUPR3HardenedMain-win.cpp (modified) (7 diffs)
• win/SUPR3HardenedMainA-win.asm (modified) (1 diff)
• win/SUPR3HardenedMainImports-win.cpp (added)
• win/import-template-kernel32.h (added)
• win/import-template-ntdll.h (added)

trunk/src/VBox/HostDrivers/Support/Makefile.kmk

@@ -198 +198 @@
         win/SUPR3HardenedMain-win.cpp \
         win/SUPR3HardenedMainA-win.asm \
+        win/SUPR3HardenedMainImports-win.cpp \
        win/SUPHardenedVerifyProcess-win.cpp \
        win/SUPHardenedVerifyImage-win.cpp \
@@ -381 +382 @@
         $(KBUILD_TARGET)/VBoxSupLib-$(KBUILD_TARGET).cpp
 VBoxSupLib_LIBS.win = \
+        kernel32.lib \
         $(SUPR3HardenedStatic_1_TARGET)
 

trunk/src/VBox/HostDrivers/Support/SUPLibInternal.h

@@ -436 +436 @@
 DECLHIDDEN(void)    supR3HardenedWinInit(uint32_t fFlags);
 DECLHIDDEN(void)    supR3HardenedWinInitVersion(void);
+DECLHIDDEN(void)    supR3HardenedWinInitImports(void);
 DECLHIDDEN(void)    supR3HardenedWinVerifyProcess(void);
-DECLHIDDEN(void)    supR3HardenedWinResolveVerifyTrustApiAndHookThreadCreation(void);
+DECLHIDDEN(void)    supR3HardenedWinResolveVerifyTrustApiAndHookThreadCreation(const char *pszProgName);
 DECLHIDDEN(bool)    supR3HardenedWinIsReSpawnNeeded(int iWhich, int cArgs, char **papszArgs);
 DECLHIDDEN(int)     supR3HardenedWinReSpawn(int iWhich);

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp

@@ -1031 +1031 @@
 static void suplibHardenedPrintPrefix(void)
 {
-    if (!g_pszSupLibHardenedProgName)
+    if (g_pszSupLibHardenedProgName)
         suplibHardenedPrintStr(g_pszSupLibHardenedProgName);
     suplibHardenedPrintStr(": ");
@@ -1738 +1738 @@
      * Windows: Enable the use of windows APIs to verify images at load time.
      */
-    supR3HardenedWinResolveVerifyTrustApiAndHookThreadCreation();
+    supR3HardenedWinResolveVerifyTrustApiAndHookThreadCreation(g_pszSupLibHardenedProgName);
     g_enmSupR3HardenedMainState = SUPR3HARDENEDMAINSTATE_VERIFY_TRUST_READY;
 #endif

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h

@@ -41 +41 @@
 #ifndef SUP_CERTIFICATES_ONLY
 # ifdef RT_OS_WINDOWS
-DECLHIDDEN(int)      supHardenedWinInitImageVerifier(PRTERRINFO pErrInfo);
-DECLHIDDEN(void)     supHardenedWinTermImageVerifier(void);
+DECLHIDDEN(int)     supHardenedWinInitImageVerifier(PRTERRINFO pErrInfo);
+DECLHIDDEN(void)    supHardenedWinTermImageVerifier(void);
 
 typedef enum SUPHARDNTVPKIND
@@ -51 +51 @@
     SUPHARDNTVPKIND_32BIT_HACK = 0x7fffffff
 } SUPHARDNTVPKIND;
-DECLHIDDEN(int)      supHardenedWinVerifyProcess(HANDLE hProcess, HANDLE hThread, SUPHARDNTVPKIND enmKind, PRTERRINFO pErrInfo);
+DECLHIDDEN(int)     supHardenedWinVerifyProcess(HANDLE hProcess, HANDLE hThread, SUPHARDNTVPKIND enmKind, PRTERRINFO pErrInfo);
 
-DECLHIDDEN(bool)     supHardViIsAppPatchDir(PCRTUTF16 pwszPath, uint32_t cwcName);
+DECLHIDDEN(bool)    supHardViUniStrPathStartsWithUniStr(UNICODE_STRING const *pUniStrLeft,
+                                                        UNICODE_STRING const *pUniStrRight, bool fCheckSlash);
+DECLHIDDEN(bool)    supHardViUtf16PathStartsWithEx(PCRTUTF16 pwszLeft, uint32_t cwcLeft,
+                                                PCRTUTF16 pwszRight, uint32_t cwcRight, bool fCheckSlash);
+DECLHIDDEN(bool)    supHardViIsAppPatchDir(PCRTUTF16 pwszPath, uint32_t cwcName);
 
 /**
@@ -121 +125 @@
 extern uint32_t         g_offSupLibHardenedExeNtName;
 
+#   ifdef IN_RING0
 /** Pointer to NtQueryVirtualMemory. */
 typedef NTSTATUS (NTAPI *PFNNTQUERYVIRTUALMEMORY)(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
 extern PFNNTQUERYVIRTUALMEMORY g_pfnNtQueryVirtualMemory;
+#   endif
 
 #  endif /* SUPHNTVI_NO_NT_STUFF */

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp

@@ -440 +440 @@
  * @param   pszPrefix           The ascii prefix string.
  */
-static bool supHardViUtf16PathStartsWith(PCRTUTF16 pwszLeft, const char *pszRight)
+static bool supHardViUtf16PathStartsWithAscii(PCRTUTF16 pwszLeft, const char *pszRight)
 {
     for (;;)
@@ -472 +472 @@
 
 /**
+ * Simple case insensitive UNICODE_STRING starts-with path predicate.
+ *
+ * @returns true if starts with given string, false if not.
+ * @param   pwszLeft            The path to check.
+ * @param   cwcLeft             The length of @a pwszLeft
+ * @param   pwszRight           The starts-with path.
+ * @param   cwcRight            The length of @a pwszRight.
+ * @param   fCheckSlash         Check for a slash following the prefix.
+ */
+DECLHIDDEN(bool) supHardViUtf16PathStartsWithEx(PCRTUTF16 pwszLeft, uint32_t cwcLeft,
+                                                PCRTUTF16 pwszRight, uint32_t cwcRight, bool fCheckSlash)
+{
+    if (cwcLeft < cwcRight)
+        return false;
+
+    /* See if we can get away with a case sensitive compare first. */
+    if (memcmp(pwszLeft, pwszRight, cwcRight) == 0)
+        pwszLeft += cwcRight;
+    else
+    {
+        /* No luck, do a slow case insensitive comapre.  */
+        uint32_t cLeft = cwcRight;
+        while (cLeft-- > 0)
+        {
+            RTUTF16 wcLeft  = *pwszLeft++;
+            RTUTF16 wcRight = *pwszRight++;
+            if (wcLeft != wcRight)
+            {
+                wcLeft  = wcLeft < 0x80  ? wcLeft  == '/' ? '\\' : RT_C_TO_LOWER(wcLeft)  : wcLeft;
+                wcRight = wcRight < 0x80 ? wcRight == '/' ? '\\' : RT_C_TO_LOWER(wcRight) : wcRight;
+                if (wcLeft != wcRight)
+                    return false;
+            }
+        }
+    }
+
+    /* Check for slash following the prefix, if request. */
+    if (   !fCheckSlash
+        || *pwszLeft == '\\'
+        || *pwszLeft == '/')
+        return true;
+    return false;
+}
+
+
+/**
+ * Simple case insensitive UNICODE_STRING starts-with path predicate.
+ *
+ * @returns true if starts with given string, false if not.
+ * @param   pUniStrLeft         The path to check.
+ * @param   pUniStrRight        The starts-with path.
+ * @param   fCheckSlash         Check for a slash following the prefix.
+ */
+DECLHIDDEN(bool) supHardViUniStrPathStartsWithUniStr(UNICODE_STRING const *pUniStrLeft, UNICODE_STRING const *pUniStrRight,
+                                                     bool fCheckSlash)
+{
+    return supHardViUtf16PathStartsWithEx(pUniStrLeft->Buffer, pUniStrLeft->Length / sizeof(WCHAR),
+                                          pUniStrRight->Buffer, pUniStrRight->Length / sizeof(WCHAR), fCheckSlash);
+}
+
+
+
+/**
  * Counts slashes in the given UTF-8 path string.
  *
@@ -505 +568 @@
         return false;
 
-    if (!supHardViUtf16PathStartsWith(&pwszPath[cwcWinDir], "\\AppPatch\\"))
+    if (!supHardViUtf16PathStartsWithAscii(&pwszPath[cwcWinDir], "\\AppPatch\\"))
         return false;
 
@@ -559 +622 @@
     uint32_t cwcName = (uint32_t)RTUtf16Len(pwszName);
     uint32_t cwcOther = g_System32NtPath.UniStr.Length / sizeof(WCHAR);
-    if (   cwcName > cwcOther
-        && RTPATH_IS_SLASH(pwszName[cwcOther])
-        && memcmp(pwszName, g_System32NtPath.UniStr.Buffer, g_System32NtPath.UniStr.Length) == 0)
+    if (supHardViUtf16PathStartsWithEx(pwszName, cwcName, g_System32NtPath.UniStr.Buffer, cwcOther, true /*fCheckSlash*/))
     {
         pwsz = pwszName + cwcOther + 1;
@@ -596 +657 @@
         {
             if (   cSlashes == 1
-                && supHardViUtf16PathStartsWith(pwsz, "drivers\\ati")
+                && supHardViUtf16PathStartsWithAscii(pwsz, "drivers\\ati")
                 && (   supHardViUtf16PathEndsWith(pwsz, ".sys")
                     || supHardViUtf16PathEndsWith(pwsz, ".dll") ) )
@@ -626 +687 @@
      */
     cwcOther = g_WinSxSNtPath.UniStr.Length / sizeof(WCHAR);
-    if (   cwcName > cwcOther
-        && RTPATH_IS_SLASH(pwszName[cwcOther])
-        && memcmp(pwszName, g_WinSxSNtPath.UniStr.Buffer, g_WinSxSNtPath.UniStr.Length) == 0)
+    if (supHardViUtf16PathStartsWithEx(pwszName, cwcName, g_WinSxSNtPath.UniStr.Buffer, cwcOther, true /*fCheckSlash*/))
     {
         pwsz = pwszName + cwcOther + 1;
@@ -641 +700 @@
         /* The common controls mess. */
 # ifdef RT_ARCH_AMD64
-        if (supHardViUtf16PathStartsWith(pwsz, "amd64_microsoft.windows.common-controls_"))
+        if (supHardViUtf16PathStartsWithAscii(pwsz, "amd64_microsoft.windows.common-controls_"))
 # elif defined(RT_ARCH_X86)
-        if (supHardViUtf16PathStartsWith(pwsz, "x86_microsoft.windows.common-controls_"))
+        if (supHardViUtf16PathStartsWithAscii(pwsz, "x86_microsoft.windows.common-controls_"))
 # else
 #  error "Unsupported architecture"
@@ -655 +714 @@
         /* Allow anything slightly microsoftish from WinSxS. W2K3 wanted winhttp.dll early on... */
 # ifdef RT_ARCH_AMD64
-        if (supHardViUtf16PathStartsWith(pwsz, "amd64_microsoft."))
+        if (supHardViUtf16PathStartsWithAscii(pwsz, "amd64_microsoft."))
 # elif defined(RT_ARCH_X86)
-        if (supHardViUtf16PathStartsWith(pwsz, "x86_microsoft."))
+        if (supHardViUtf16PathStartsWithAscii(pwsz, "x86_microsoft."))
 # else
 #  error "Unsupported architecture"
@@ -941 +1000 @@
 #ifdef IN_RING3
      /*
-      * Call the windows verify trust API if we've resolved it.
+      * Call the windows verify trust API if we've resolved it and aren't in
+      * some obvious recursion.  Assumes the loader semaphore will reduce the
+      * risk of concurrency here, so no TLS, only a single static variable.
       */
-     if (   g_pfnWinVerifyTrust
-         && supR3HardNtViCanCallWinVerifyTrust(pNtViRdr->hFile, pwszName))
-     {
-         if (pfCacheable)
-             *pfCacheable = g_pfnWinVerifyTrust != NULL;
-         if (rc != VERR_LDRVI_NOT_SIGNED)
-         {
-             if (rc == VINF_LDRVI_NOT_SIGNED)
-             {
-                 if (pNtViRdr->fFlags & SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION)
-                 {
-                     int rc2 = supR3HardNtViCallWinVerifyTrustCatFile(pNtViRdr->hFile, pwszName, pNtViRdr->fFlags, pErrInfo,
-                                                                      g_pfnWinVerifyTrust);
-                     SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile -> %d (org %d)\n", rc2, rc));
-                     rc = rc2;
-                 }
-                 else
-                 {
-                     AssertFailed();
-                     rc = VERR_LDRVI_NOT_SIGNED;
-                 }
-             }
-             else if (RT_SUCCESS(rc))
-                 rc = supR3HardNtViCallWinVerifyTrust(pNtViRdr->hFile, pwszName, pNtViRdr->fFlags, pErrInfo,
-                                                      g_pfnWinVerifyTrust);
-             else
-             {
-                 int rc2 = supR3HardNtViCallWinVerifyTrust(pNtViRdr->hFile, pwszName, pNtViRdr->fFlags, pErrInfo,
-                                                           g_pfnWinVerifyTrust);
-                 AssertMsg(RT_FAILURE_NP(rc2),
-                           ("rc=%Rrc, rc2=%Rrc %s", rc, rc2, pErrInfo ? pErrInfo->pszMsg : "<no-err-info>"));
-             }
-         }
-     }
+    if (g_pfnWinVerifyTrust)
+    {
+        static uint32_t volatile s_idActiveThread = UINT32_MAX;
+        uint32_t const idCurrentThread = GetCurrentThreadId();
+        if (   s_idActiveThread != idCurrentThread
+            && supR3HardNtViCanCallWinVerifyTrust(pNtViRdr->hFile, pwszName) )
+        {
+            ASMAtomicCmpXchgU32(&s_idActiveThread, idCurrentThread, UINT32_MAX);
+
+            if (pfCacheable)
+                *pfCacheable = g_pfnWinVerifyTrust != NULL;
+            if (rc != VERR_LDRVI_NOT_SIGNED)
+            {
+                if (rc == VINF_LDRVI_NOT_SIGNED)
+                {
+                    if (pNtViRdr->fFlags & SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION)
+                    {
+                        int rc2 = supR3HardNtViCallWinVerifyTrustCatFile(pNtViRdr->hFile, pwszName, pNtViRdr->fFlags, pErrInfo,
+                                                                         g_pfnWinVerifyTrust);
+                        SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile -> %d (org %d)\n", rc2, rc));
+                        rc = rc2;
+                    }
+                    else
+                    {
+                        AssertFailed();
+                        rc = VERR_LDRVI_NOT_SIGNED;
+                    }
+                }
+                else if (RT_SUCCESS(rc))
+                    rc = supR3HardNtViCallWinVerifyTrust(pNtViRdr->hFile, pwszName, pNtViRdr->fFlags, pErrInfo,
+                                                         g_pfnWinVerifyTrust);
+                else
+                {
+                    int rc2 = supR3HardNtViCallWinVerifyTrust(pNtViRdr->hFile, pwszName, pNtViRdr->fFlags, pErrInfo,
+                                                              g_pfnWinVerifyTrust);
+                    AssertMsg(RT_FAILURE_NP(rc2),
+                              ("rc=%Rrc, rc2=%Rrc %s", rc, rc2, pErrInfo ? pErrInfo->pszMsg : "<no-err-info>"));
+                }
+            }
+
+            ASMAtomicCmpXchgU32(&s_idActiveThread, UINT32_MAX, idCurrentThread);
+        }
+        else
+            SUP_DPRINTF(("Detected WinVerifyTrust recursion: rc=%Rrc '%ls'.\n", rc, pwszName));
+    }
 #else  /* !IN_RING3 */
-     if (pfCacheable)
-         *pfCacheable = true;
+    if (pfCacheable)
+        *pfCacheable = true;
 #endif /* !IN_RING3 */
 
-     return rc;
+    return rc;
 }
 
@@ -1502 +1574 @@
  * and we require all VBox extensions to have it set as well.  In effect, the
  * authenticode signature will be checked two or three times.
- */
-DECLHIDDEN(void) supR3HardenedWinResolveVerifyTrustApiAndHookThreadCreation(void)
+ *
+ * @param   pszProgName     The program name.
+ */
+DECLHIDDEN(void) supR3HardenedWinResolveVerifyTrustApiAndHookThreadCreation(const char *pszProgName)
 {
 # ifdef IN_SUP_HARDENED_R3
@@ -1572 +1646 @@
                                              &ErrInfoStatic.Core, pfnWinVerifyTrust);
     if (RT_FAILURE(rc))
-        supR3HardenedFatal("WinVerifyTrust failed on stub executable: %s", ErrInfoStatic.szMsg);
+        supR3HardenedFatalMsg(pszProgName, kSupInitOp_Integrity, rc,
+                              "WinVerifyTrust failed on stub executable: %s", ErrInfoStatic.szMsg);
 # endif
 
@@ -1580 +1655 @@
 
     g_pfnWinVerifyTrust = pfnWinVerifyTrust;
+    SUP_DPRINTF(("g_pfnWinVerifyTrust=%p\n", pfnWinVerifyTrust));
 
     /*
@@ -1687 +1763 @@
             case TRUST_E_EXPLICIT_DISTRUST:        pszErrConst = "TRUST_E_EXPLICIT_DISTRUST";     break;
             case CERT_E_CHAINING:                  pszErrConst = "CERT_E_CHAINING";               break;
+            case CERT_E_REVOCATION_FAILURE:        pszErrConst = "CERT_E_REVOCATION_FAILURE";     break;
         }
         if (pszErrConst)

trunk/src/VBox/HostDrivers/Support/win/SUPLib-win.cpp

@@ -95 +95 @@
         if (RT_FAILURE(rc))
             return rc;
-        supR3HardenedWinResolveVerifyTrustApiAndHookThreadCreation();
+        supR3HardenedWinResolveVerifyTrustApiAndHookThreadCreation(NULL);
 #endif
         g_fHardenedVerifyInited = true;

trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp

@@ -63 +63 @@
  * This just needs to be unique enough to avoid most confusion with real
  * executable names,  there are other checks in place to make sure we've respanwed. */
-#define SUPR3_RESPAWN_1_ARG0  "0384ad8f-4f0c-d002-e3ae-5597cd55af98-suplib-2ndchild"
+#define SUPR3_RESPAWN_1_ARG0  "5cb9562b-4b8c-d13f-6bc4-3da9b0f37da6-suplib-2ndchild"
 
 /** The first argument of a respawed stub when respawned for the second time.
  * This just needs to be unique enough to avoid most confusion with real
  * executable names,  there are other checks in place to make sure we've respanwed. */
-#define SUPR3_RESPAWN_2_ARG0  "0384ad8f-4f0c-d002-e3ae-5597cd55af98-suplib-3rdchild"
+#define SUPR3_RESPAWN_2_ARG0  "5cb9562b-4b8c-d13f-6bc4-3da9b0f37da6-suplib-3rdchild"
 
 /** Unconditional assertion. */
@@ -616 +616 @@
     }
 }
-
 
 
@@ -771 +770 @@
             Assert(g_SupLibHardenedExeNtPath.UniStr.Buffer[g_offSupLibHardenedExeNtName - 1] == '\\');
             uint32_t fFlags = 0;
-            if (   uBuf.UniStr.Length > g_System32NtPath.UniStr.Length
-                && memcmp(uBuf.UniStr.Buffer, g_System32NtPath.UniStr.Buffer, g_System32NtPath.UniStr.Length) == 0
-                && uBuf.UniStr.Buffer[g_System32NtPath.UniStr.Length / sizeof(WCHAR)] == '\\')
+            if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_System32NtPath.UniStr, true /*fCheckSlash*/))
             {
                 fSystem32 = true;
                 fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION;
             }
-            else if (   uBuf.UniStr.Length > g_WinSxSNtPath.UniStr.Length
-                     && memcmp(uBuf.UniStr.Buffer, g_WinSxSNtPath.UniStr.Buffer, g_WinSxSNtPath.UniStr.Length) == 0
-                     && uBuf.UniStr.Buffer[g_WinSxSNtPath.UniStr.Length / sizeof(WCHAR)] == '\\')
+            else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_WinSxSNtPath.UniStr, true /*fCheckSlash*/))
                 fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION;
-            else if (   uBuf.UniStr.Length > g_offSupLibHardenedExeNtName
-                     && memcmp(uBuf.UniStr.Buffer, g_SupLibHardenedExeNtPath.UniStr.Buffer,
-                               g_offSupLibHardenedExeNtName * sizeof(WCHAR)) == 0)
+            else if (supHardViUtf16PathStartsWithEx(uBuf.UniStr.Buffer, uBuf.UniStr.Length / sizeof(WCHAR),
+                                                    g_SupLibHardenedExeNtPath.UniStr.Buffer,
+                                                    g_offSupLibHardenedExeNtName, false /*fCheckSlash*/))
                 fFlags |= SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING | SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT;
 #ifdef VBOX_PERMIT_MORE
@@ -804 +799 @@
             {
                 supR3HardenedError(VINF_SUCCESS, false,
-                                   "supR3HardenedMonitor_NtCreateSection: Not a trusted location: '%ls' (fImage=%d fExecMap=%d fExecProt=%d)\n",
+                                   "supR3HardenedMonitor_NtCreateSection: Not a trusted location: '%ls' (fImage=%d fExecMap=%d fExecProt=%d)",
                                     uBuf.UniStr.Buffer, fImage, fExecMap, fExecProt);
                 if (hMyFile != hFile)
@@ -1867 +1862 @@
         rc = supR3HardNtPuChSanitizePeb(&This);
     if (RT_SUCCESS(rc))
+    {
         rc = supHardenedWinVerifyProcess(hProcess, hThread, SUPHARDNTVPKIND_CHILD_PURIFICATION, pErrInfo);
+        if (RT_FAILURE(rc))
+            Sleep(300000);
+    }
 
     return rc;
@@ -2532 +2531 @@
 
     /*
+     * Initialize the NTDLL API wrappers. This aims at bypassing patched NTDLL
+     * in all the processes leading up the VM process.
+     */
+    supR3HardenedWinInitImports();
+
+    /*
      * Init g_uNtVerCombined. (The code is shared with SUPR3.lib and lives in
      * SUPHardenedVerfiyImage-win.cpp.)
@@ -2550 +2555 @@
      * Get the executable name.
      */
-    DWORD cwcExecName = GetModuleFileNameW(GetModuleHandle(NULL), g_wszSupLibHardenedExePath,
+    DWORD cwcExecName = GetModuleFileNameW(GetModuleHandleW(NULL), g_wszSupLibHardenedExePath,
                                            RT_ELEMENTS(g_wszSupLibHardenedExePath));
     if (cwcExecName >= RT_ELEMENTS(g_wszSupLibHardenedExePath))

trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMainA-win.asm

@@ -75 +75 @@
 %endif
 
+;;
+; Composes a standard call name.
+%ifdef RT_ARCH_X86
+ %define SUPHNTIMP_STDCALL_NAME(a,b) _ %+ a %+ @ %+ b
+%else
+ %define SUPHNTIMP_STDCALL_NAME(a,b) NAME(a)
+%endif
+
+
+;;
+; Import data and code for an API call.
+;
+; @param 1  The plain API name.
+; @param 2  The parameter frame size on x86. Multiple of dword.
+; @param 3  Non-zero expression if system call.
+;
+%define SUPHNTIMP_SYSCALL 1
+%macro SupHardNtImport 3
+        ;
+        ; The data.
+        ;
+BEGINDATA
+global __imp_ %+ %1                     ; The import name used via dllimport.
+__imp_ %+ %1:
+GLOBALNAME g_pfn %+ %1                  ; The name we like to refer to.
+        RTCCPTR_DEF 0
+%if %3
+GLOBALNAME g_uApiNo %+ %1                  ; The name we like to refer to.
+        RTCCPTR_DEF 0
+%endif
+
+        ;
+        ; The code: First a call stub.
+        ;
+BEGINCODE
+global SUPHNTIMP_STDCALL_NAME(%1, %2)
+SUPHNTIMP_STDCALL_NAME(%1, %2):
+        jmp     RTCCPTR_PRE [NAME(g_pfn %+ %1) xWrtRIP]
+
+%if %3
+        ;
+        ; Make system calls.
+        ;
+ %ifdef RT_ARCH_AMD64
+BEGINPROC %1 %+ _SyscallType1
+        mov     eax, [NAME(g_uApiNo %+ %1) xWrtRIP]
+        mov     r10, rcx
+        syscall
+        ret
+ENDPROC %1 %+ _SyscallType1
+ %else
+BEGINPROC %1 %+ _SyscallType1
+        mov     edx, 07ffe0300h         ; SharedUserData!SystemCallStub
+        mov     eax, [NAME(g_uApiNo %+ %1) xWrtRIP]
+        call    edx
+        ret     %2
+ENDPROC %1 %+ _SyscallType1
+BEGINPROC %1 %+ _SyscallType2
+        push    .return
+        mov     edx, esp
+        mov     eax, [NAME(g_uApiNo %+ %1) xWrtRIP]
+        sysenter
+        add     esp, 4
+.return:
+        ret     %2
+ENDPROC %1 %+ _SyscallType2
+  %endif
+%endif
+%endmacro
+
+%define SUPHARNT_COMMENT(a_Comment)
+%define SUPHARNT_IMPORT_SYSCALL(a_Name, a_cbParamsX86) SupHardNtImport a_Name, a_cbParamsX86, SUPHNTIMP_SYSCALL
+%define SUPHARNT_IMPORT_STDCALL(a_Name, a_cbParamsX86) SupHardNtImport a_Name, a_cbParamsX86, 0
+%include "import-template-ntdll.h"
+%include "import-template-kernel32.h"
+