Changeset 52528 in vbox for trunk/src/VBox/HostDrivers/Support/win
- Timestamp:
- Aug 29, 2014 9:55:38 AM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp
r52524 r52528 137 137 /** The verification result. */ 138 138 int rc; 139 /** Used for shutting up errors after a while. */ 140 uint32_t volatile cErrorHits; 139 141 /** The validation flags (for WinVerifyTrust retry). */ 140 142 uint32_t fFlags; … … 231 233 *******************************************************************************/ 232 234 static NTSTATUS supR3HardenedScreenImage(HANDLE hFile, bool fImage, PULONG pfAccess, PULONG pfProtect, 233 bool *pfCallRealApi, const char *pszCaller, bool fAvoidWinVerifyTrust); 235 bool *pfCallRealApi, const char *pszCaller, bool fAvoidWinVerifyTrust, 236 bool *pfQuietFailure); 234 237 235 238 #ifdef RT_ARCH_AMD64 … … 514 517 pEntry->pNextTodoWvt = NULL; 515 518 pEntry->hFile = hFile; 519 pEntry->uHash = supR3HardenedWinVerifyCacheHashPath(pUniStr); 516 520 pEntry->rc = rc; 517 pEntry->uHash = supR3HardenedWinVerifyCacheHashPath(pUniStr);518 521 pEntry->fFlags = fFlags; 522 pEntry->cErrorHits = 0; 519 523 pEntry->fWinVerifyTrust = fWinVerifyTrust; 520 524 pEntry->cbPath = pUniStr->Length; … … 874 878 bool fCallRealApi = false; 875 879 rcNt = supR3HardenedScreenImage(hFile, true /*fImage*/, &fAccess, &fProtect, &fCallRealApi, 876 "Imports", false /*fAvoidWinVerifyTrust*/ );880 "Imports", false /*fAvoidWinVerifyTrust*/, NULL /*pfQuietFailure*/); 877 881 NtClose(hFile); 878 882 } … … 1097 1101 1098 1102 static NTSTATUS supR3HardenedScreenImage(HANDLE hFile, bool fImage, PULONG pfAccess, PULONG pfProtect, 1099 bool *pfCallRealApi, const char *pszCaller, bool fAvoidWinVerifyTrust) 1103 bool *pfCallRealApi, const char *pszCaller, bool fAvoidWinVerifyTrust, 1104 bool *pfQuietFailure) 1100 1105 { 1101 1106 *pfCallRealApi = false; 1107 if (pfQuietFailure) 1108 *pfQuietFailure = false; 1102 1109 1103 1110 /* … … 1161 1168 pszCaller, pCacheHit->rc, pCacheHit->wszPath)); 1162 1169 } 1163 else 1170 else if (pCacheHit->cErrorHits < 16) 1164 1171 SUP_DPRINTF(("supR3HardenedScreenImage/%s: cache hit (%Rrc) on %ls%s\n", 1165 1172 pszCaller, pCacheHit->rc, pCacheHit->wszPath, pCacheHit->fWinVerifyTrust ? "" : " [lacks WinVerifyTrust]")); … … 1171 1178 return STATUS_SUCCESS; 1172 1179 } 1173 supR3HardenedError(VINF_SUCCESS, false, 1174 "supR3HardenedScreenImage/%s: cached rc=%Rrc fImage=%d fProtect=%#x fAccess=%#x %ls\n", 1175 pszCaller, pCacheHit->rc, fImage, *pfProtect, *pfAccess, uBuf.UniStr.Buffer); 1180 1181 uint32_t cErrorHits = ASMAtomicIncU32(&pCacheHit->cErrorHits); 1182 if ( cErrorHits < 8 1183 || RT_IS_POWER_OF_TWO(cErrorHits)) 1184 supR3HardenedError(VINF_SUCCESS, false, 1185 "supR3HardenedScreenImage/%s: cached rc=%Rrc fImage=%d fProtect=%#x fAccess=%#x cErrorHits=%u %ls\n", 1186 pszCaller, pCacheHit->rc, fImage, *pfProtect, *pfAccess, cErrorHits, uBuf.UniStr.Buffer); 1187 else if (pfQuietFailure) 1188 *pfQuietFailure = true; 1189 1176 1190 return STATUS_TRUST_FAILURE; 1177 1191 } … … 1421 1435 bool fCallRealApi; 1422 1436 //SUP_DPRINTF(("supR3HardenedWinVerifyCachePreload: scanning %ls\n", pwszName)); 1423 supR3HardenedScreenImage(hFile, false, &fAccess, &fProtect, &fCallRealApi, "preload", false /*fAvoidWinVerifyTrust*/); 1437 supR3HardenedScreenImage(hFile, false, &fAccess, &fProtect, &fCallRealApi, "preload", false /*fAvoidWinVerifyTrust*/, 1438 NULL /*pfQuietFailure*/); 1424 1439 //SUP_DPRINTF(("supR3HardenedWinVerifyCachePreload: done %ls\n", pwszName)); 1425 1440 … … 1459 1474 //SUP_DPRINTF(("supR3HardenedMonitor_NtCreateSection: 1\n")); 1460 1475 NTSTATUS rcNt = supR3HardenedScreenImage(hFile, fImage, &fAccess, &fProtect, &fCallRealApi, 1461 "NtCreateSection", true /*fAvoidWinVerifyTrust*/ );1476 "NtCreateSection", true /*fAvoidWinVerifyTrust*/, NULL /*pfQuietFailure*/); 1462 1477 //SUP_DPRINTF(("supR3HardenedMonitor_NtCreateSection: 2 rcNt=%#x fCallRealApi=%#x\n", rcNt, fCallRealApi)); 1463 1478 … … 1653 1668 ULONG fProtect = 0; 1654 1669 bool fCallRealApi = false; 1670 bool fQuietFailure = false; 1655 1671 rcNt = supR3HardenedScreenImage(hFile, true /*fImage*/, &fAccess, &fProtect, &fCallRealApi, 1656 "LdrLoadDll", false /*fAvoidWinVerifyTrust*/ );1672 "LdrLoadDll", false /*fAvoidWinVerifyTrust*/, &fQuietFailure); 1657 1673 NtClose(hFile); 1658 1674 if (!NT_SUCCESS(rcNt)) 1659 1675 { 1660 supR3HardenedError(VINF_SUCCESS, false, "supR3HardenedMonitor_LdrLoadDll: rejecting '%ls': rcNt=%#x\n", wszPath, rcNt); 1661 SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: returns rcNt=%#x '%ls'\n", rcNt, wszPath)); 1676 if (!fQuietFailure) 1677 { 1678 supR3HardenedError(VINF_SUCCESS, false, "supR3HardenedMonitor_LdrLoadDll: rejecting '%ls': rcNt=%#x\n", 1679 wszPath, rcNt); 1680 SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: returns rcNt=%#x '%ls'\n", rcNt, wszPath)); 1681 } 1662 1682 return rcNt; 1663 1683 }
Note:
See TracChangeset
for help on using the changeset viewer.
