Changeset 52905 in vbox for trunk

Timestamp:

Sep 30, 2014 7:13:19 PM (10 years ago)

Author:

vboxsync

Message:

SUPDrv-win.cpp: 32-bit + CSRSS hack for working around ZoneAlarm -104 respawn issue.

File:

• trunk/src/VBox/HostDrivers/Support/win/SUPDrv-win.cpp (modified) (9 diffs)

trunk/src/VBox/HostDrivers/Support/win/SUPDrv-win.cpp

@@ -167 +167 @@
     /** The kind of process we're protecting. */
     SUPDRVNTPROTECTKIND volatile enmProcessKind;
+    /** 7,: Hack to allow the supid themes service duplicate handle privileges to
+     *  our process. */
+    bool                fThemesFirstProcessCreateHandle : 1;
     /** Vista, 7 & 8: Hack to allow more rights to the handle returned by
      *  NtCreateUserProcess. Only applicable to VmProcessUnconfirmed. */
@@ -176 +179 @@
      *  NtCreateUserProcess. Only applicable to VmProcessUnconfirmed. */
     bool                fCsrssFirstProcessCreateHandle : 1;
-    /** Vista, 7 & 8: Hack to allow more rights to the handle duplicated by CSR
-     *  during process creation. Only applicable to VmProcessUnconfirmed. */
-    bool                fCsrssFirstProcessDuplicateHandle : 1;
-    /** 7,: Hack to allow the supid themes service duplicate handle privileges to
-     *  our process. */
-    bool                fThemesFirstProcessCreateHandle : 1;
+    /** Vista, 7 & 8: Hack to allow more rights to the handle duplicated by CSRSS
+     * during process creation. Only applicable to VmProcessUnconfirmed.  On
+     * 32-bit systems we allow two as ZoneAlarm's system call hooks has been
+     * observed to do some seemingly unnecessary duplication work. */
+    int32_t volatile    cCsrssFirstProcessDuplicateHandle;
 
     /** The parent PID for VM processes, otherwise NULL. */
@@ -2650 +2652 @@
         pNtChild->fFirstThreadCreateHandle = true;
         pNtChild->fCsrssFirstProcessCreateHandle = true;
-        pNtChild->fCsrssFirstProcessDuplicateHandle = true;
+        pNtChild->cCsrssFirstProcessDuplicateHandle = ARCH_BITS == 32 ? 2 : 1;
         pNtChild->fThemesFirstProcessCreateHandle = true;
         pNtChild->hParentPid = pNtParent->AvlCore.Key;
@@ -3031 +3033 @@
                     && pNtProtect->fCsrssFirstProcessCreateHandle
                     && pOpInfo->KernelHandle == 0
+                    && ExGetPreviousMode() == UserMode
                     && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()) )
                 {
@@ -3057 +3060 @@
                     && pNtProtect->fThemesFirstProcessCreateHandle
                     && pOpInfo->KernelHandle == 0
+                    && ExGetPreviousMode() == UserMode
                     && supdrvNtProtectIsFrigginThemesService(pNtProtect, PsGetCurrentProcess()) )
                 {
@@ -3097 +3101 @@
                 if (   g_uNtVerCombined < SUP_MAKE_NT_VER_SIMPLE(6, 3)
                     && pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed
-                    && pNtProtect->fCsrssFirstProcessDuplicateHandle
+                    && pNtProtect->cCsrssFirstProcessDuplicateHandle > 0
                     && pOpInfo->KernelHandle == 0
+                    && pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess == s_fCsrssStupidDesires
                     &&    pNtProtect->hParentPid
                        == PsGetProcessId((PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess)
                     && pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess == PsGetCurrentProcess()
-                    && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()) )
+                    && ExGetPreviousMode() == UserMode
+                    && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()))
                 {
-                    pNtProtect->fCsrssFirstProcessDuplicateHandle = false;
-                    if (pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess == s_fCsrssStupidDesires)
+                    if (ASMAtomicDecS32(&pNtProtect->cCsrssFirstProcessDuplicateHandle) >= 0)
                     {
                         /* Not needed: PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID,
@@ -3249 +3254 @@
                     && pNtProtect->fFirstThreadCreateHandle
                     && pOpInfo->KernelHandle == 0
+                    && ExGetPreviousMode() == UserMode
                     && pNtProtect->hParentPid == PsGetProcessId(PsGetCurrentProcess()) )
                 {
@@ -3271 +3277 @@
                         || enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed)
                     && pOpInfo->KernelHandle == 0
+                    && ExGetPreviousMode() == UserMode
                     && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()) )
                 {
@@ -3315 +3322 @@
                     && pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess == PsGetCurrentProcess()
                     && pOpInfo->KernelHandle == 0
+                    && ExGetPreviousMode() == UserMode
                     && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()) )
                 {