- Timestamp:
- Oct 10, 2014 10:19:26 AM (10 years ago)
- Location:
- trunk/src/VBox/HostDrivers/Support/win
- Files:
-
- 2 edited
-
SUPHardenedVerify-win.h (modified) (3 diffs)
-
SUPHardenedVerifyImage-win.cpp (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h
r53021 r53022 221 221 extern uint32_t g_uNtVerCombined; 222 222 223 /** @name NT version constants for less-than checks. 224 * @{ */ 223 225 /** Combined NT version number for XP. */ 224 226 #define SUP_NT_VER_XP SUP_MAKE_NT_VER_SIMPLE(5,1) … … 227 229 /** Combined NT version number for Vista. */ 228 230 #define SUP_NT_VER_VISTA SUP_MAKE_NT_VER_SIMPLE(6,0) 231 /** Combined NT version number for Vista with SP1. */ 232 #define SUP_NT_VER_VISTA_SP1 SUP_MAKE_NT_VER_COMBINED(6,0,6001,1,0) 229 233 /** Combined NT version number for Windows 7. */ 230 234 #define SUP_NT_VER_W70 SUP_MAKE_NT_VER_SIMPLE(6,1) … … 233 237 /** Combined NT version number for Windows 8.1. */ 234 238 #define SUP_NT_VER_W81 SUP_MAKE_NT_VER_SIMPLE(6,3) 239 /** @} */ 235 240 236 241 # endif -
trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp
r53011 r53022 2310 2310 * On Windows 8.0 and later there are more than one digest choice. 2311 2311 */ 2312 int fNoSignedCatalogFound = -1; 2312 2313 rc = VERR_LDRVI_NOT_SIGNED; 2313 2314 static struct … … 2402 2403 goto l_fresh_context; 2403 2404 } 2405 ULONG ulErr = RtlGetLastWin32Error(); 2406 fNoSignedCatalogFound = ulErr == ERROR_NOT_FOUND && fNoSignedCatalogFound != 0; 2404 2407 if (iCat == 0) 2405 SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed %u\n", RtlGetLastWin32Error())); 2408 SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (%u)\n", ulErr)); 2409 else if (iCat == 0) 2410 SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed %u\n", ulErr)); 2406 2411 break; 2407 2412 } 2413 fNoSignedCatalogFound = 0; 2408 2414 Assert(hCatInfoPrev == NULL); 2409 2415 hCatInfoPrev = hCatInfo; … … 2514 2520 if (rc == VERR_LDRVI_NOT_SIGNED) 2515 2521 { 2516 PCRTUTF16 pwsz; 2517 uint32_t cwcName = (uint32_t)RTUtf16Len(pwszName); 2518 uint32_t cwcOther = g_System32NtPath.UniStr.Length / sizeof(WCHAR); 2522 bool fCoreSystemDll = false; 2523 PCRTUTF16 pwsz; 2524 uint32_t cwcName = (uint32_t)RTUtf16Len(pwszName); 2525 uint32_t cwcOther = g_System32NtPath.UniStr.Length / sizeof(WCHAR); 2519 2526 if (supHardViUtf16PathStartsWithEx(pwszName, cwcName, g_System32NtPath.UniStr.Buffer, cwcOther, true /*fCheckSlash*/)) 2520 2527 { … … 2523 2530 || supHardViUtf16PathIsEqual(pwsz, "user32.dll") 2524 2531 || supHardViUtf16PathIsEqual(pwsz, "gdi32.dll") 2525 || supHardViUtf16PathIsEqual(pwsz, "kernel32.dll")2526 || supHardViUtf16PathIsEqual(pwsz, "KernelBase.dll")2527 || supHardViUtf16PathIsEqual(pwsz, "ntdll.dll")2528 2532 || supHardViUtf16PathIsEqual(pwsz, "opengl32.dll") 2533 || (fCoreSystemDll = supHardViUtf16PathIsEqual(pwsz, "KernelBase.dll")) 2534 || (fCoreSystemDll = supHardViUtf16PathIsEqual(pwsz, "kernel32.dll")) 2535 || (fCoreSystemDll = supHardViUtf16PathIsEqual(pwsz, "ntdll.dll")) 2529 2536 ) 2530 2537 { … … 2533 2540 RTErrInfoAddF(pErrInfo, rc, "'%ls' is most likely modified.", pwszName); 2534 2541 } 2542 } 2543 2544 /* Kludge for ancient windows versions we don't want to support but 2545 users still wants to use. Keep things as safe as possible without 2546 unnecessary effort. Problem is that 3rd party catalog files cannot 2547 easily be found. Showstopper for ATI users. */ 2548 if ( fNoSignedCatalogFound == 1 2549 && g_uNtVerCombined < SUP_NT_VER_VISTA 2550 && !fCoreSystemDll) 2551 { 2552 rc = VINF_LDRVI_NOT_SIGNED; 2535 2553 } 2536 2554 }
Note:
See TracChangeset
for help on using the changeset viewer.
