VirtualBox

Changeset 52423 in vbox


Ignore:
Timestamp:
Aug 20, 2014 3:24:00 AM (10 years ago)
Author:
vboxsync
Message:

SUPDrv: Worked around a -104 supR3HardenedWinReSpawn issue. Someone opened the new process before we got notified about it and NtCreateUserProcess could create its own handles.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostDrivers/Support/win/SUPDrv-win.cpp

    r52387 r52423  
    25892589        && pNtStub->u.pChild       == pNtVm)
    25902590    {
    2591         /* Fine, nothing to do. */
     2591        /* Fine, reset the CSRSS hack (fixes ViRobot APT Shield 2.0 issue). */
     2592        pNtVm->fFirstProcessCreateHandle = true;
    25922593        return;
    25932594    }
     
    27722773                pNtProtect->fFirstProcessCreateHandle = false;
    27732774
    2774                 Log(("vboxdrv/ProcessHandlePre: ctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] %s\n",
    2775                      PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
     2775                Log(("vboxdrv/ProcessHandlePre: %sctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] %s\n",
     2776                     pOpInfo->KernelHandle ? "k" : "", PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
    27762777                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess,
    27772778                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind,
     
    27852786                pNtProtect->fFirstProcessCreateHandle = false;
    27862787
    2787                 Log(("vboxdrv/ProcessHandlePre: ctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] %s [debugger]\n",
    2788                      PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
     2788                Log(("vboxdrv/ProcessHandlePre: %sctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] %s [debugger]\n",
     2789                     pOpInfo->KernelHandle ? "k" : "", PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
    27892790                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess,
    27902791                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind,
     
    28672868                }
    28682869
    2869                 Log(("vboxdrv/ProcessHandlePre: ctx=%04zx/%p wants %#x to %p/pid=%04zx [%d], allow %#x => %#x; %s\n",
    2870                      PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
     2870                Log(("vboxdrv/ProcessHandlePre: %sctx=%04zx/%p wants %#x to %p/pid=%04zx [%d], allow %#x => %#x; %s\n",
     2871                     pOpInfo->KernelHandle ? "k" : "", PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
    28712872                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess,
    28722873                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind, fAllowedRights,
     
    29212922                }
    29222923
    2923                 Log(("vboxdrv/ProcessHandlePre: ctx=%04zx/%p[%p] dup from %04zx/%p with %#x to %p in pid=%04zx [%d] %s\n",
    2924                      PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
     2924                Log(("vboxdrv/ProcessHandlePre: %sctx=%04zx/%p[%p] dup from %04zx/%p with %#x to %p in pid=%04zx [%d] %s\n",
     2925                     pOpInfo->KernelHandle ? "k" : "", PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
    29252926                     pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess,
    29262927                     PsGetProcessId((PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess),
     
    30223023            if (pProcess == PsGetCurrentProcess())
    30233024            {
    3024                 Log(("vboxdrv/ThreadHandlePre: ctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] self\n",
    3025                      PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
     3025                Log(("vboxdrv/ThreadHandlePre: %sctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] self\n",
     3026                     pOpInfo->KernelHandle ? "k" : "", PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
    30263027                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess,
    30273028                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind));
     
    30333034            else if (supdrvNtProtectIsWhitelistedDebugger(PsGetCurrentProcess()))
    30343035            {
    3035                 Log(("vboxdrv/ThreadHandlePre: ctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] %s [debugger]\n",
    3036                      PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
     3036                Log(("vboxdrv/ThreadHandlePre: %sctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] %s [debugger]\n",
     3037                     pOpInfo->KernelHandle ? "k" : "", PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
    30373038                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess,
    30383039                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind,
     
    30823083                }
    30833084
    3084                 Log(("vboxdrv/ThreadHandlePre: ctx=%04zx/%p wants %#x to %p in pid=%04zx [%d], allow %#x => %#x; %s\n",
    3085                      PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
     3085                Log(("vboxdrv/ThreadHandlePre: %sctx=%04zx/%p wants %#x to %p in pid=%04zx [%d], allow %#x => %#x; %s\n",
     3086                     pOpInfo->KernelHandle ? "k" : "", PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
    30863087                     pOpInfo->Parameters->CreateHandleInformation.DesiredAccess,
    30873088                     pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind, fAllowedRights,
     
    30983099                && (PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess == pProcess)
    30993100            {
    3100                 Log(("vboxdrv/ThreadHandlePre: ctx=%04zx/%p[%p] dup from %04zx/%p with %#x to %p in pid=%04zx [%d] self\n",
    3101                      PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
     3101                Log(("vboxdrv/ThreadHandlePre: %sctx=%04zx/%p[%p] dup from %04zx/%p with %#x to %p in pid=%04zx [%d] self\n",
     3102                     pOpInfo->KernelHandle ? "k" : "", PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
    31023103                     pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess,
    31033104                     PsGetProcessId((PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess),
     
    31263127                }
    31273128
    3128                 Log(("vboxdrv/ThreadHandlePre: ctx=%04zx/%p[%p] dup from %04zx/%p with %#x to %p in pid=%04zx [%d], allow %#x => %#x; %s\n",
    3129                      PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
     3129                Log(("vboxdrv/ThreadHandlePre: %sctx=%04zx/%p[%p] dup from %04zx/%p with %#x to %p in pid=%04zx [%d], allow %#x => %#x; %s\n",
     3130                     pOpInfo->KernelHandle ? "k" : "", PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(),
    31303131                     pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess,
    31313132                     PsGetProcessId((PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess),
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette