VirtualBox

Ignore:
Timestamp:
Sep 30, 2014 7:13:19 PM (10 years ago)
Author:
vboxsync
Message:

SUPDrv-win.cpp: 32-bit + CSRSS hack for working around ZoneAlarm -104 respawn issue.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/HostDrivers/Support/win/SUPDrv-win.cpp

    r52738 r52905  
    167167    /** The kind of process we're protecting. */
    168168    SUPDRVNTPROTECTKIND volatile enmProcessKind;
     169    /** 7,: Hack to allow the supid themes service duplicate handle privileges to
     170     *  our process. */
     171    bool                fThemesFirstProcessCreateHandle : 1;
    169172    /** Vista, 7 & 8: Hack to allow more rights to the handle returned by
    170173     *  NtCreateUserProcess. Only applicable to VmProcessUnconfirmed. */
     
    176179     *  NtCreateUserProcess. Only applicable to VmProcessUnconfirmed. */
    177180    bool                fCsrssFirstProcessCreateHandle : 1;
    178     /** Vista, 7 & 8: Hack to allow more rights to the handle duplicated by CSR
    179      *  during process creation. Only applicable to VmProcessUnconfirmed. */
    180     bool                fCsrssFirstProcessDuplicateHandle : 1;
    181     /** 7,: Hack to allow the supid themes service duplicate handle privileges to
    182      *  our process. */
    183     bool                fThemesFirstProcessCreateHandle : 1;
     181    /** Vista, 7 & 8: Hack to allow more rights to the handle duplicated by CSRSS
     182     * during process creation. Only applicable to VmProcessUnconfirmed.  On
     183     * 32-bit systems we allow two as ZoneAlarm's system call hooks has been
     184     * observed to do some seemingly unnecessary duplication work. */
     185    int32_t volatile    cCsrssFirstProcessDuplicateHandle;
    184186
    185187    /** The parent PID for VM processes, otherwise NULL. */
     
    26502652        pNtChild->fFirstThreadCreateHandle = true;
    26512653        pNtChild->fCsrssFirstProcessCreateHandle = true;
    2652         pNtChild->fCsrssFirstProcessDuplicateHandle = true;
     2654        pNtChild->cCsrssFirstProcessDuplicateHandle = ARCH_BITS == 32 ? 2 : 1;
    26532655        pNtChild->fThemesFirstProcessCreateHandle = true;
    26542656        pNtChild->hParentPid = pNtParent->AvlCore.Key;
     
    30313033                    && pNtProtect->fCsrssFirstProcessCreateHandle
    30323034                    && pOpInfo->KernelHandle == 0
     3035                    && ExGetPreviousMode() == UserMode
    30333036                    && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()) )
    30343037                {
     
    30573060                    && pNtProtect->fThemesFirstProcessCreateHandle
    30583061                    && pOpInfo->KernelHandle == 0
     3062                    && ExGetPreviousMode() == UserMode
    30593063                    && supdrvNtProtectIsFrigginThemesService(pNtProtect, PsGetCurrentProcess()) )
    30603064                {
     
    30973101                if (   g_uNtVerCombined < SUP_MAKE_NT_VER_SIMPLE(6, 3)
    30983102                    && pNtProtect->enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed
    3099                     && pNtProtect->fCsrssFirstProcessDuplicateHandle
     3103                    && pNtProtect->cCsrssFirstProcessDuplicateHandle > 0
    31003104                    && pOpInfo->KernelHandle == 0
     3105                    && pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess == s_fCsrssStupidDesires
    31013106                    &&    pNtProtect->hParentPid
    31023107                       == PsGetProcessId((PEPROCESS)pOpInfo->Parameters->DuplicateHandleInformation.SourceProcess)
    31033108                    && pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess == PsGetCurrentProcess()
    3104                     && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()) )
     3109                    && ExGetPreviousMode() == UserMode
     3110                    && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()))
    31053111                {
    3106                     pNtProtect->fCsrssFirstProcessDuplicateHandle = false;
    3107                     if (pOpInfo->Parameters->DuplicateHandleInformation.DesiredAccess == s_fCsrssStupidDesires)
     3112                    if (ASMAtomicDecS32(&pNtProtect->cCsrssFirstProcessDuplicateHandle) >= 0)
    31083113                    {
    31093114                        /* Not needed: PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID,
     
    32493254                    && pNtProtect->fFirstThreadCreateHandle
    32503255                    && pOpInfo->KernelHandle == 0
     3256                    && ExGetPreviousMode() == UserMode
    32513257                    && pNtProtect->hParentPid == PsGetProcessId(PsGetCurrentProcess()) )
    32523258                {
     
    32713277                        || enmProcessKind == kSupDrvNtProtectKind_VmProcessUnconfirmed)
    32723278                    && pOpInfo->KernelHandle == 0
     3279                    && ExGetPreviousMode() == UserMode
    32733280                    && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()) )
    32743281                {
     
    33153322                    && pOpInfo->Parameters->DuplicateHandleInformation.TargetProcess == PsGetCurrentProcess()
    33163323                    && pOpInfo->KernelHandle == 0
     3324                    && ExGetPreviousMode() == UserMode
    33173325                    && supdrvNtProtectIsAssociatedCsrss(pNtProtect, PsGetCurrentProcess()) )
    33183326                {
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette