- Timestamp:
- Oct 13, 2014 1:38:30 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp
r53035 r53042 198 198 #ifdef IN_RING3 199 199 static int supR3HardNtViCallWinVerifyTrust(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, PRTERRINFO pErrInfo, 200 PFNWINVERIFYTRUST pfnWinVerifyTrust );200 PFNWINVERIFYTRUST pfnWinVerifyTrust, HRESULT *phrcWinVerifyTrust); 201 201 static int supR3HardNtViCallWinVerifyTrustCatFile(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, PRTERRINFO pErrInfo, 202 202 PFNWINVERIFYTRUST pfnWinVerifyTrust); … … 2083 2083 RTErrInfoInitStatic(&ErrInfoStatic); 2084 2084 int rc = supR3HardNtViCallWinVerifyTrust(NULL, g_SupLibHardenedExeNtPath.UniStr.Buffer, 0, 2085 &ErrInfoStatic.Core, pfnWinVerifyTrust );2085 &ErrInfoStatic.Core, pfnWinVerifyTrust, NULL); 2086 2086 if (RT_FAILURE(rc)) 2087 2087 supR3HardenedFatalMsg(pszProgName, kSupInitOp_Integrity, rc, … … 2090 2090 2091 2091 if (g_uNtVerCombined >= SUP_MAKE_NT_VER_SIMPLE(6, 0)) /* ntdll isn't signed on XP, assuming this is the case on W2K3 for now. */ 2092 supR3HardNtViCallWinVerifyTrust(NULL, L"\\SystemRoot\\System32\\ntdll.dll", 0, NULL, pfnWinVerifyTrust );2092 supR3HardNtViCallWinVerifyTrust(NULL, L"\\SystemRoot\\System32\\ntdll.dll", 0, NULL, pfnWinVerifyTrust, NULL); 2093 2093 supR3HardNtViCallWinVerifyTrustCatFile(NULL, L"\\SystemRoot\\System32\\ntdll.dll", 0, NULL, pfnWinVerifyTrust); 2094 2094 … … 2142 2142 * @param pErrInfo Pointer to error info structure. Optional. 2143 2143 * @param pfnWinVerifyTrust Pointer to the API. 2144 * @param phrcWinVerifyTrust Where to WinVerifyTrust error status on failure, 2145 * optional. 2144 2146 */ 2145 2147 static int supR3HardNtViCallWinVerifyTrust(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, PRTERRINFO pErrInfo, 2146 PFNWINVERIFYTRUST pfnWinVerifyTrust) 2147 { 2148 PFNWINVERIFYTRUST pfnWinVerifyTrust, HRESULT *phrcWinVerifyTrust) 2149 { 2150 if (phrcWinVerifyTrust) 2151 *phrcWinVerifyTrust = S_OK; 2152 2148 2153 /* 2149 2154 * Convert the name into a Windows name. … … 2223 2228 SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with %#x (%s) on '%ls'\n", 2224 2229 hrc, pszErrConst, pwszName)); 2230 if (phrcWinVerifyTrust) 2231 *phrcWinVerifyTrust = hrc; 2225 2232 } 2226 2233 … … 2611 2618 else if (RT_SUCCESS(rc)) 2612 2619 { 2613 /** @todo having trouble with a 32-bit windows box when letting these calls thru */ 2614 rc = supR3HardNtViCallWinVerifyTrust(hFile, pwszName, fFlags, pErrInfo, g_pfnWinVerifyTrust); 2620 HRESULT hrcWinVerifyTrust; 2621 rc = supR3HardNtViCallWinVerifyTrust(hFile, pwszName, fFlags, pErrInfo, g_pfnWinVerifyTrust, 2622 &hrcWinVerifyTrust); 2623 2624 /* DLLs signed with special roots, like "Microsoft Digital Media Authority 2005", 2625 may fail here because the root cert is not in the normal certificate stores 2626 (if any). Our verification code has the basics of these certificates included 2627 and can verify them, which is why we end up here instead of in the 2628 VINF_LDRVI_NOT_SIGNED case above. Current workaround is to do as above. 2629 (Intel graphics driver DLLs, like igdusc64.dll. */ 2630 if ( RT_FAILURE(rc) 2631 && hrcWinVerifyTrust == CERT_E_CHAINING 2632 && (fFlags & SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION)) 2633 { 2634 rc = supR3HardNtViCallWinVerifyTrustCatFile(hFile, pwszName, fFlags, pErrInfo, g_pfnWinVerifyTrust); 2635 SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile -> %d (was CERT_E_CHAINING)\n", rc)); 2636 } 2615 2637 } 2616 2638 else 2617 2639 { 2618 int rc2 = supR3HardNtViCallWinVerifyTrust(hFile, pwszName, fFlags, pErrInfo, g_pfnWinVerifyTrust );2640 int rc2 = supR3HardNtViCallWinVerifyTrust(hFile, pwszName, fFlags, pErrInfo, g_pfnWinVerifyTrust, NULL); 2619 2641 AssertMsg(RT_FAILURE_NP(rc2), 2620 2642 ("rc=%Rrc, rc2=%Rrc %s", rc, rc2, pErrInfo ? pErrInfo->pszMsg : "<no-err-info>"));
Note:
See TracChangeset
for help on using the changeset viewer.
