Changeset 56733 in vbox for trunk/src/VBox/HostDrivers

Timestamp:

Jul 1, 2015 2:01:43 PM (10 years ago)

Author:

vboxsync

Message:

SUPHardNt: Allow hardened exectuable binaries in the 'testcase' subdirectory.

Location:

trunk/src/VBox/HostDrivers/Support

Files:

• SUPLibInternal.h (modified) (5 diffs)
• SUPR3HardenedIPRT.cpp (modified) (2 diffs)
• SUPR3HardenedMain.cpp (modified) (15 diffs)
• SUPR3HardenedMainTemplateTestcase.cpp (copied) (copied from trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMainTemplate.cpp ) (2 diffs)
• SUPR3HardenedVerify.cpp (modified) (11 diffs)
• win/SUPHardenedVerify-win.h (modified) (1 diff)
• win/SUPHardenedVerifyImage-win.cpp (modified) (1 diff)
• win/SUPR3HardenedMain-win.cpp (modified) (12 diffs)

trunk/src/VBox/HostDrivers/Support/SUPLibInternal.h

@@ -79 +79 @@
 # define supR3HardenedPathAppPrivateNoArch supR3HardenedStaticPathAppPrivateNoArch
 # define supR3HardenedPathAppPrivateArch   supR3HardenedStaticPathAppPrivateArch
-# define supR3HardenedPathSharedLibs       supR3HardenedStaticPathSharedLibs
+# define supR3HardenedPathAppSharedLibs    supR3HardenedStaticPathAppSharedLibs
 # define supR3HardenedPathAppDocs          supR3HardenedStaticPathAppDocs
-# define supR3HardenedPathExecDir          supR3HardenedStaticPathExecDir
+# define supR3HardenedPathAppBin           supR3HardenedStaticPathAppBin
 # define supR3HardenedPathFilename         supR3HardenedStaticPathFilename
 # define supR3HardenedFatalV               supR3HardenedStaticFatalV
@@ -176 +176 @@
 {
     kSupID_Invalid = 0,
-    kSupID_Bin,
     kSupID_AppBin,
-    kSupID_SharedLib,
+    kSupID_AppSharedLib,
     kSupID_AppPrivArch,
     kSupID_AppPrivArchComp,
@@ -382 +381 @@
 DECLHIDDEN(int)    supR3HardenedPathAppPrivateArch(char *pszPath, size_t cchPath);
 /** @copydoc RTPathSharedLibs */
-DECLHIDDEN(int)    supR3HardenedPathSharedLibs(char *pszPath, size_t cchPath);
+DECLHIDDEN(int)    supR3HardenedPathAppSharedLibs(char *pszPath, size_t cchPath);
 /** @copydoc RTPathAppDocs */
 DECLHIDDEN(int)    supR3HardenedPathAppDocs(char *pszPath, size_t cchPath);
 /** @copydoc RTPathExecDir */
-DECLHIDDEN(int)    supR3HardenedPathExecDir(char *pszPath, size_t cchPath);
+DECLHIDDEN(int)    supR3HardenedPathAppBin(char *pszPath, size_t cchPath);
 /** @copydoc RTPathFilename */
 DECLHIDDEN(char *) supR3HardenedPathFilename(const char *pszPath);
@@ -441 +440 @@
 
 
-DECLHIDDEN(int)     supR3HardenedVerifyAll(bool fFatal, const char *pszProgName);
+DECLHIDDEN(int)     supR3HardenedVerifyAll(bool fFatal, const char *pszProgName, const char *pszExePath);
 DECLHIDDEN(int)     supR3HardenedVerifyFixedDir(SUPINSTDIR enmDir, bool fFatal);
 DECLHIDDEN(int)     supR3HardenedVerifyFixedFile(const char *pszFilename, bool fFatal);
@@ -452 +451 @@
 #ifdef RT_OS_WINDOWS
 DECLHIDDEN(void)    supR3HardenedWinInit(uint32_t fFlags, bool fAvastKludge);
+DECLHIDDEN(void)    supR3HardenedWinInitAppBin(uint32_t fFlags);
 DECLHIDDEN(void)    supR3HardenedWinInitVersion(void);
 DECLHIDDEN(void)    supR3HardenedWinInitImports(void);
+DECLHIDDEN(void)    supR3HardenedWinModifyDllSearchPath(uint32_t fFlags, const char *pszAppBinPath);
 # ifdef ___iprt_nt_nt_h___
 DECLHIDDEN(void)    supR3HardenedWinGetVeryEarlyImports(uintptr_t uNtDllAddr,

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedIPRT.cpp

@@ -71 +71 @@
  * @copydoc RTPathSharedLibs
  */
-DECLHIDDEN(int) supR3HardenedPathSharedLibs(char *pszPath, size_t cchPath)
+DECLHIDDEN(int) supR3HardenedPathAppSharedLibs(char *pszPath, size_t cchPath)
 {
     return RTPathSharedLibs(pszPath, cchPath);
@@ -89 +89 @@
  * @copydoc RTPathExecDir
  */
-DECLHIDDEN(int) supR3HardenedPathExecDir(char *pszPath, size_t cchPath)
+DECLHIDDEN(int) supR3HardenedPathAppBin(char *pszPath, size_t cchPath)
 {
     return RTPathExecDir(pszPath, cchPath);

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp

@@ -134 +134 @@
 #endif
 char                    g_szSupLibHardenedExePath[RTPATH_MAX];
-/** The program directory path. */
-static char             g_szSupLibHardenedDirPath[RTPATH_MAX];
+/** The application bin directory path. */
+static char             g_szSupLibHardenedAppBinPath[RTPATH_MAX];
 
 /** The program name. */
@@ -781 +781 @@
 
 #else
-    return supR3HardenedPathExecDir(pszPath, cchPath);
+    return supR3HardenedPathAppBin(pszPath, cchPath);
 #endif
 }
@@ -800 +800 @@
 
 #else
-    return supR3HardenedPathExecDir(pszPath, cchPath);
+    return supR3HardenedPathAppBin(pszPath, cchPath);
 #endif
 }
@@ -808 +808 @@
  * @copydoc RTPathSharedLibs
  */
-DECLHIDDEN(int) supR3HardenedPathSharedLibs(char *pszPath, size_t cchPath)
+DECLHIDDEN(int) supR3HardenedPathAppSharedLibs(char *pszPath, size_t cchPath)
 {
 #if !defined(RT_OS_WINDOWS) && defined(RTPATH_SHARED_LIBS)
@@ -814 +814 @@
     size_t cchPathSharedLibs = suplibHardenedStrLen(pszSrcPath);
     if (cchPathSharedLibs >= cchPath)
-        supR3HardenedFatal("supR3HardenedPathSharedLibs: Buffer overflow, %zu >= %zu\n", cchPathSharedLibs, cchPath);
+        supR3HardenedFatal("supR3HardenedPathAppSharedLibs: Buffer overflow, %zu >= %zu\n", cchPathSharedLibs, cchPath);
     suplibHardenedMemCopy(pszPath, pszSrcPath, cchPathSharedLibs + 1);
     return VINF_SUCCESS;
 
 #else
-    return supR3HardenedPathExecDir(pszPath, cchPath);
+    return supR3HardenedPathAppBin(pszPath, cchPath);
 #endif
 }
@@ -838 +838 @@
 
 #else
-    return supR3HardenedPathExecDir(pszPath, cchPath);
+    return supR3HardenedPathAppBin(pszPath, cchPath);
 #endif
 }
@@ -911 +911 @@
 
     /*
-     * Strip off the filename part (RTPathStripFilename()).
-     */
-    suplibHardenedStrCopy(g_szSupLibHardenedDirPath, g_szSupLibHardenedExePath);
-    suplibHardenedPathStripFilename(g_szSupLibHardenedDirPath);
+     * Determine the application binary directory location.
+     */
+    suplibHardenedStrCopy(g_szSupLibHardenedAppBinPath, g_szSupLibHardenedExePath);
+    suplibHardenedPathStripFilename(g_szSupLibHardenedAppBinPath);
+
+    if (g_enmSupR3HardenedMainState < SUPR3HARDENEDMAINSTATE_HARDENED_MAIN_CALLED)
+        supR3HardenedFatal("supR3HardenedExecDir: Called before SUPR3HardenedMain! (%d)\n", g_enmSupR3HardenedMainState);
+    switch (g_fSupHardenedMain & SUPSECMAIN_FLAGS_LOC_MASK)
+    {
+        case SUPSECMAIN_FLAGS_LOC_APP_BIN:
+            break;
+        case SUPSECMAIN_FLAGS_LOC_TESTCASE:
+            suplibHardenedPathStripFilename(g_szSupLibHardenedAppBinPath);
+            break;
+        default:
+            supR3HardenedFatal("supR3HardenedExecDir: Unknown program binary location: %#x\n", g_fSupHardenedMain);
+    }
 }
 
@@ -939 +952 @@
 /**
  * @copydoc RTPathExecDir
- */
-DECLHIDDEN(int) supR3HardenedPathExecDir(char *pszPath, size_t cchPath)
+ * @remarks not quite like RTPathExecDir actually...
+ */
+DECLHIDDEN(int) supR3HardenedPathAppBin(char *pszPath, size_t cchPath)
 {
     /*
      * Lazy init (probably not required).
      */
-    if (!g_szSupLibHardenedDirPath[0])
+    if (!g_szSupLibHardenedAppBinPath[0])
         supR3HardenedGetFullExePath();
 
@@ -951 +965 @@
      * Calc the length and check if there is space before copying.
      */
-    size_t cch = suplibHardenedStrLen(g_szSupLibHardenedDirPath) + 1;
+    size_t cch = suplibHardenedStrLen(g_szSupLibHardenedAppBinPath) + 1;
     if (cch <= cchPath)
     {
-        suplibHardenedMemCopy(pszPath, g_szSupLibHardenedDirPath, cch + 1);
+        suplibHardenedMemCopy(pszPath, g_szSupLibHardenedAppBinPath, cch + 1);
         return VINF_SUCCESS;
     }
 
-    supR3HardenedFatal("supR3HardenedPathExecDir: Buffer too small (%u < %u)\n", cchPath, cch);
+    supR3HardenedFatal("supR3HardenedPathAppBin: Buffer too small (%u < %u)\n", cchPath, cch);
     return VERR_BUFFER_OVERFLOW;
 }
@@ -1628 +1642 @@
      */
     char szPath[RTPATH_MAX];
-    supR3HardenedPathSharedLibs(szPath, sizeof(szPath) - sizeof("/VBoxRT" SUPLIB_DLL_SUFF));
+    supR3HardenedPathAppSharedLibs(szPath, sizeof(szPath) - sizeof("/VBoxRT" SUPLIB_DLL_SUFF));
     suplibHardenedStrCat(szPath, "/VBoxRT" SUPLIB_DLL_SUFF);
 
@@ -1774 +1788 @@
     char szPath[RTPATH_MAX];
     supR3HardenedPathAppPrivateArch(szPath, sizeof(szPath) - 10);
+    const char *pszSubDirSlash;
+    switch (g_fSupHardenedMain & SUPSECMAIN_FLAGS_LOC_MASK)
+    {
+        case SUPSECMAIN_FLAGS_LOC_APP_BIN:
+            pszSubDirSlash = "/";
+            break;
+        case SUPSECMAIN_FLAGS_LOC_TESTCASE:
+            pszSubDirSlash = "/testcase/";
+            break;
+        default:
+            pszSubDirSlash = "/";
+            supR3HardenedFatal("supR3HardenedMainGetTrustedMain: Unknown program binary location: %#x\n", g_fSupHardenedMain);
+    }
     size_t cch = suplibHardenedStrLen(szPath);
-    suplibHardenedStrCopyEx(&szPath[cch], sizeof(szPath) - cch, "/", pszProgName, SUPLIB_DLL_SUFF, NULL);
+    suplibHardenedStrCopyEx(&szPath[cch], sizeof(szPath) - cch, pszSubDirSlash, pszProgName, SUPLIB_DLL_SUFF, NULL);
 
     /*
@@ -1844 +1871 @@
         g_SupPreInitData.Data.hDevice = SUP_HDEVICE_NIL;
 
+    /*
+     * Determine the full exe path as we'll be needing it for the verify all
+     * call(s) below.  (We have to do this early on Linux because we * *might*
+     * not be able to access /proc/self/exe after the seteuid call.)
+     */
+    supR3HardenedGetFullExePath();
+#ifdef RT_OS_WINDOWS
+    supR3HardenedWinInitAppBin(fFlags);
+#endif
+
 #ifdef SUP_HARDENED_SUID
-# ifdef RT_OS_LINUX
-    /*
-     * On linux we have to make sure the path is initialized because we
-     * *might* not be able to access /proc/self/exe after the seteuid call.
-     */
-    supR3HardenedGetFullExePath();
-# endif
-
     /*
      * Grab any options from the environment.
@@ -1881 +1910 @@
         SUP_DPRINTF(("SUPR3HardenedMain: Respawn #1\n"));
         supR3HardenedWinInit(SUPSECMAIN_FLAGS_DONT_OPEN_DEV, false /*fAvastKludge*/);
-        supR3HardenedVerifyAll(true /* fFatal */, pszProgName);
+        supR3HardenedVerifyAll(true /* fFatal */, pszProgName, g_szSupLibHardenedExePath);
         return supR3HardenedWinReSpawn(1 /*iWhich*/);
     }
@@ -1898 +1927 @@
      * Validate the installation.
      */
-    supR3HardenedVerifyAll(true /* fFatal */, pszProgName);
+    supR3HardenedVerifyAll(true /* fFatal */, pszProgName, g_szSupLibHardenedExePath);
 
     /*
@@ -1963 +1992 @@
     g_enmSupR3HardenedMainState = SUPR3HARDENEDMAINSTATE_INIT_RUNTIME;
     supR3HardenedMainInitRuntime(fFlags);
+#ifdef RT_OS_WINDOWS
+    supR3HardenedWinModifyDllSearchPath(fFlags, g_szSupLibHardenedAppBinPath);
+#endif
 
     /*

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMainTemplateTestcase.cpp

@@ -1 +1 @@
 /* $Id$ */
 /** @file
- * Hardened main() template.
+ * Hardened main() template for testcases (in testcase subdir).
  */
 
@@ -30 +30 @@
 int main(int argc, char **argv, char **envp)
 {
-    return SUPR3HardenedMain(PROGRAM_NAME_STR, 0, argc, argv, envp);
+    return SUPR3HardenedMain(PROGRAM_NAME_STR, SUPSECMAIN_FLAGS_LOC_TESTCASE, argc, argv, envp);
 }
 

trunk/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp

@@ -105 +105 @@
  *
  * @todo This needs reviewing against the linux packages.
- * @todo The excessive use of kSupID_SharedLib needs to be reviewed at some point. For
+ * @todo The excessive use of kSupID_AppSharedLib needs to be reviewed at some point. For
  *       the time being we're building the linux packages with SharedLib pointing to
  *       AppPrivArch (lazy bird).
@@ -123 +123 @@
 #endif
 
-    {   kSupIFT_Dll,  kSupID_SharedLib,         false, "VBoxRT" SUPLIB_DLL_SUFF },
-    {   kSupIFT_Dll,  kSupID_SharedLib,         false, "VBoxVMM" SUPLIB_DLL_SUFF },
-    {   kSupIFT_Dll,  kSupID_SharedLib,         false, "VBoxREM" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,      false, "VBoxRT" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,      false, "VBoxVMM" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,      false, "VBoxREM" SUPLIB_DLL_SUFF },
 #if HC_ARCH_BITS == 32
-    {   kSupIFT_Dll,  kSupID_SharedLib,          true, "VBoxREM32" SUPLIB_DLL_SUFF },
-    {   kSupIFT_Dll,  kSupID_SharedLib,          true, "VBoxREM64" SUPLIB_DLL_SUFF },
-#endif
-    {   kSupIFT_Dll,  kSupID_SharedLib,         false, "VBoxDD" SUPLIB_DLL_SUFF },
-    {   kSupIFT_Dll,  kSupID_SharedLib,         false, "VBoxDD2" SUPLIB_DLL_SUFF },
-    {   kSupIFT_Dll,  kSupID_SharedLib,         false, "VBoxDDU" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,       true, "VBoxREM32" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,       true, "VBoxREM64" SUPLIB_DLL_SUFF },
+#endif
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,      false, "VBoxDD" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,      false, "VBoxDD2" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,      false, "VBoxDDU" SUPLIB_DLL_SUFF },
 
 //#ifdef VBOX_WITH_DEBUGGER_GUI
-    {   kSupIFT_Dll,  kSupID_SharedLib,          true, "VBoxDbg" SUPLIB_DLL_SUFF },
-    {   kSupIFT_Dll,  kSupID_SharedLib,          true, "VBoxDbg3" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,       true, "VBoxDbg" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,       true, "VBoxDbg3" SUPLIB_DLL_SUFF },
 //#endif
 
@@ -165 +165 @@
     {   kSupIFT_Exe,  kSupID_AppBin,            false, "VBoxSVC" SUPLIB_EXE_SUFF },
  #ifdef RT_OS_WINDOWS
-    {   kSupIFT_Dll,  kSupID_SharedLib,         false, "VBoxC" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,      false, "VBoxC" SUPLIB_DLL_SUFF },
  #else
     {   kSupIFT_Exe,  kSupID_AppPrivArch,       false, "VBoxXPCOMIPCD" SUPLIB_EXE_SUFF },
-    {   kSupIFT_Dll,  kSupID_SharedLib,         false, "VBoxXPCOM" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,      false, "VBoxXPCOM" SUPLIB_DLL_SUFF },
     {   kSupIFT_Dll,  kSupID_AppPrivArchComp,   false, "VBoxXPCOMIPCC" SUPLIB_DLL_SUFF },
     {   kSupIFT_Dll,  kSupID_AppPrivArchComp,   false, "VBoxC" SUPLIB_DLL_SUFF },
@@ -176 +176 @@
 #endif
 
-    {   kSupIFT_Dll,  kSupID_SharedLib,          true, "VRDPAuth" SUPLIB_DLL_SUFF },
-    {   kSupIFT_Dll,  kSupID_SharedLib,          true, "VBoxAuth" SUPLIB_DLL_SUFF },
-    {   kSupIFT_Dll,  kSupID_SharedLib,          true, "VBoxVRDP" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,       true, "VRDPAuth" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,       true, "VBoxAuth" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,       true, "VBoxVRDP" SUPLIB_DLL_SUFF },
 
 //#ifdef VBOX_WITH_HEADLESS
@@ -190 +190 @@
     {   kSupIFT_Dll,  kSupID_AppPrivArch,        true, "VirtualBox" SUPLIB_DLL_SUFF },
 # if !defined(RT_OS_DARWIN) && !defined(RT_OS_WINDOWS) && !defined(RT_OS_OS2)
-    {   kSupIFT_Dll,  kSupID_SharedLib,          true, "VBoxKeyboard" SUPLIB_DLL_SUFF },
+    {   kSupIFT_Dll,  kSupID_AppSharedLib,       true, "VBoxKeyboard" SUPLIB_DLL_SUFF },
 # endif
 //#endif
@@ -263 +263 @@
     switch (enmDir)
     {
-        case kSupID_AppBin: /** @todo fix this AppBin crap (uncertain wtf some binaries actually are installed). */
-        case kSupID_Bin:
-            rc = supR3HardenedPathExecDir(pszDst, cchDst);
+        case kSupID_AppBin:
+            rc = supR3HardenedPathAppBin(pszDst, cchDst);
             break;
-        case kSupID_SharedLib:
-            rc = supR3HardenedPathSharedLibs(pszDst, cchDst);
+        case kSupID_AppSharedLib:
+            rc = supR3HardenedPathAppSharedLibs(pszDst, cchDst);
             break;
         case kSupID_AppPrivArch:
@@ -288 +287 @@
             break;
         case kSupID_Testcase:
-            rc = supR3HardenedPathExecDir(pszDst, cchDst);
+            rc = supR3HardenedPathAppBin(pszDst, cchDst);
             if (RT_SUCCESS(rc))
             {
@@ -850 +849 @@
  * @returns See supR3HardenedVerifyAll.
  * @param   pszProgName         See supR3HardenedVerifyAll.
+ * @param   pszExePath          The path to the executable.
  * @param   fFatal              See supR3HardenedVerifyAll.
  * @param   fLeaveOpen          The leave open setting used by
  *                              supR3HardenedVerifyAll.
  */
-static int supR3HardenedVerifyProgram(const char *pszProgName, bool fFatal, bool fLeaveOpen)
+static int supR3HardenedVerifyProgram(const char *pszProgName, const char *pszExePath, bool fFatal, bool fLeaveOpen)
 {
     /*
@@ -891 +891 @@
                 fExe = true;
 
-                char szFilename[RTPATH_MAX];
-                int rc2 = supR3HardenedPathExecDir(szFilename, sizeof(szFilename) - cchProgName - sizeof(SUPLIB_EXE_SUFF));
-                if (RT_SUCCESS(rc2))
-                {
-                    suplibHardenedStrCat(szFilename, "/");
-                    suplibHardenedStrCat(szFilename, g_aSupInstallFiles[iFile].pszFile);
-                    supR3HardenedVerifySameFile(iFile, szFilename, fFatal);
-                }
-                else
-                    rc = supR3HardenedError(rc2, fFatal,
-                                            "supR3HardenedVerifyProgram: failed to query program path: rc=%d\n", rc2);
+                supR3HardenedVerifySameFile(iFile, pszExePath, fFatal);
             }
         }
@@ -936 +926 @@
  *                              both the executable and corresponding
  *                              DLL/DYLIB/SO are valid.
- */
-DECLHIDDEN(int) supR3HardenedVerifyAll(bool fFatal, const char *pszProgName)
+ * @param   pszExePath          The path to the executable.
+ */
+DECLHIDDEN(int) supR3HardenedVerifyAll(bool fFatal, const char *pszProgName, const char *pszExePath)
 {
     /*
@@ -964 +955 @@
      * sign things.
      */
-    int rc2 = supR3HardenedVerifyProgram(pszProgName, fFatal, fLeaveOpen);
+    int rc2 = supR3HardenedVerifyProgram(pszProgName, pszExePath, fFatal, fLeaveOpen);
     if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
         rc2 = rc;

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h

@@ -205 +205 @@
 #endif /* IN_RING3 && !VBOX_PERMIT_EVEN_MORE */
 extern SUPSYSROOTDIRBUF g_SupLibHardenedExeNtPath;
-extern uint32_t         g_offSupLibHardenedExeNtName;
+extern SUPSYSROOTDIRBUF g_SupLibHardenedAppBinNtPath;
 
 #   ifdef IN_RING0

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp

@@ -2039 +2039 @@
      */
     char szPath[RTPATH_MAX];
-    supR3HardenedPathSharedLibs(szPath, sizeof(szPath) - sizeof("/VBoxSupLib.DLL"));
+    supR3HardenedPathAppSharedLibs(szPath, sizeof(szPath) - sizeof("/VBoxSupLib.DLL"));
     suplibHardenedStrCat(szPath, "/VBoxSupLib.DLL");
     HMODULE hSupLibMod = (HMODULE)supR3HardenedWinLoadLibrary(szPath, true /*fSystem32Only*/);

trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp

@@ -35 +35 @@
 #endif
 #ifndef LOAD_LIBRARY_SEARCH_APPLICATION_DIR
-# define LOAD_LIBRARY_SEARCH_APPLICATION_DIR    0x200
-# define LOAD_LIBRARY_SEARCH_SYSTEM32           0x800
+# define LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR       UINT32_C(0x100)
+# define LOAD_LIBRARY_SEARCH_APPLICATION_DIR    UINT32_C(0x200)
+# define LOAD_LIBRARY_SEARCH_USER_DIRS          UINT32_C(0x400)
+# define LOAD_LIBRARY_SEARCH_SYSTEM32           UINT32_C(0x800)
 #endif
 
@@ -274 +276 @@
 /** The NT path of the executable. */
 SUPSYSROOTDIRBUF            g_SupLibHardenedExeNtPath;
+/** The NT path of the application binary directory. */
+SUPSYSROOTDIRBUF            g_SupLibHardenedAppBinNtPath;
 /** The offset into g_SupLibHardenedExeNtPath of the executable name (WCHAR,
  * not byte). This also gives the length of the exectuable directory path,
  * including a trailing slash. */
-uint32_t                    g_offSupLibHardenedExeNtName;
+static uint32_t             g_offSupLibHardenedExeNtName;
+/** Set if we need to use the LOAD_LIBRARY_SEARCH_USER_DIRS option. */
+bool                        g_fSupLibHardenedDllSearchUserDirs = false;
 /** @} */
 
@@ -464 +470 @@
         if (g_uNtVerCombined >= SUP_MAKE_NT_VER_SIMPLE(6, 0))
         {
-           fFlags |= LOAD_LIBRARY_SEARCH_SYSTEM32;
-           if (!fSystem32Only)
-               fFlags |= LOAD_LIBRARY_SEARCH_APPLICATION_DIR;
+            fFlags |= LOAD_LIBRARY_SEARCH_SYSTEM32;
+            if (!fSystem32Only)
+            {
+                fFlags |= LOAD_LIBRARY_SEARCH_APPLICATION_DIR;
+                if (g_fSupLibHardenedDllSearchUserDirs)
+                    fFlags |= LOAD_LIBRARY_SEARCH_USER_DIRS;
+            }
         }
 
@@ -806 +816 @@
                         continue;
                     }
-                    if (supR3HardenedWinVerifyCacheLookupImport(g_SupLibHardenedExeNtPath.UniStr.Buffer,
-                                                                g_offSupLibHardenedExeNtName,
+                    if (supR3HardenedWinVerifyCacheLookupImport(g_SupLibHardenedAppBinNtPath.UniStr.Buffer,
+                                                                g_SupLibHardenedAppBinNtPath.UniStr.Length / sizeof(CHAR),
                                                                 uBuf.szName) != NULL)
                     {
@@ -889 +899 @@
                                                             g_System32NtPath.UniStr.Length / sizeof(WCHAR),
                                                             pCur->szName)
-                && !supR3HardenedWinVerifyCacheLookupImport(g_SupLibHardenedExeNtPath.UniStr.Buffer,
-                                                            g_offSupLibHardenedExeNtName,
+                && !supR3HardenedWinVerifyCacheLookupImport(g_SupLibHardenedAppBinNtPath.UniStr.Buffer,
+                                                            g_SupLibHardenedAppBinNtPath.UniStr.Length / sizeof(WCHAR),
                                                             pCur->szName)
                 && (   pCur->cwcAltSearchDir == 0
@@ -983 +993 @@
                     {
                         { g_System32NtPath.UniStr.Buffer,           g_System32NtPath.UniStr.Length / sizeof(WCHAR) },
-                        { g_SupLibHardenedExeNtPath.UniStr.Buffer,  g_offSupLibHardenedExeNtName - 1 },
+                        { g_SupLibHardenedExeNtPath.UniStr.Buffer,  g_SupLibHardenedAppBinNtPath.UniStr.Length / sizeof(WCHAR) },
                         { pCur->pwszAltSearchDir,                   pCur->cwcAltSearchDir },
                     };
@@ -1352 +1362 @@
      *      7. x86 variations of 4 & 5 - ditto.
      */
-    Assert(g_SupLibHardenedExeNtPath.UniStr.Buffer[g_offSupLibHardenedExeNtName - 1] == '\\');
     uint32_t fFlags = 0;
     if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_System32NtPath.UniStr, true /*fCheckSlash*/))
@@ -1358 +1367 @@
     else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_WinSxSNtPath.UniStr, true /*fCheckSlash*/))
         fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
-    else if (supHardViUtf16PathStartsWithEx(uBuf.UniStr.Buffer, uBuf.UniStr.Length / sizeof(WCHAR),
-                                            g_SupLibHardenedExeNtPath.UniStr.Buffer,
-                                            g_offSupLibHardenedExeNtName, false /*fCheckSlash*/))
+    else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_SupLibHardenedAppBinNtPath.UniStr, true /*fCheckSlash*/))
         fFlags |= SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING | SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT;
 # ifdef VBOX_PERMIT_MORE
@@ -1404 +1411 @@
      * integrity checks.
      */
-    Assert(g_SupLibHardenedExeNtPath.UniStr.Buffer[g_offSupLibHardenedExeNtName - 1] == '\\');
     uint32_t fFlags = 0;
-    if (supHardViUtf16PathStartsWithEx(uBuf.UniStr.Buffer, uBuf.UniStr.Length / sizeof(WCHAR),
-                                       g_SupLibHardenedExeNtPath.UniStr.Buffer,
-                                       g_offSupLibHardenedExeNtName, false /*fCheckSlash*/))
+    if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_SupLibHardenedAppBinNtPath.UniStr, true /*fCheckSlash*/))
         fFlags |= SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING | SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT;
     else
@@ -4649 +4653 @@
                               "Window Vista without any service pack installed is not supported. Please install the latest service pack.");
 #endif
+}
+
+
+/**
+ * Modifies the DLL search path for testcases.
+ *
+ * This makes sure the application binary path is in the search path.  When
+ * starting a testcase executable in the testcase/ subdirectory this isn't the
+ * case by default.  So, unless we do something about it we won't be able to
+ * import VBox DLLs.
+ *
+ * @param   fFlags          The main flags (giving the location).
+ * @param   pszAppBinPath   The path to the application binary directory
+ *                          (windows style).
+ */
+DECLHIDDEN(void) supR3HardenedWinModifyDllSearchPath(uint32_t fFlags, const char *pszAppBinPath)
+{
+    /*
+     * For the testcases to work, we must add the app bin directory to the
+     * DLL search list before the testcase dll is loaded or it won't be
+     * able to find the VBox DLLs.  This is done _after_ VBoxRT.dll is
+     * initialized and sets its defaults.
+     */
+    switch (fFlags & SUPSECMAIN_FLAGS_LOC_MASK)
+    {
+        case SUPSECMAIN_FLAGS_LOC_TESTCASE:
+            break;
+        default:
+            return;
+    }
+
+    /*
+     * Dynamically resolve the two APIs we need (the latter uses forwarders on w7).
+     */
+    HMODULE hModKernel32 = GetModuleHandleW(L"kernel32.dll");
+
+    typedef BOOL (WINAPI *PFNSETDLLDIRECTORY)(LPCWSTR);
+    PFNSETDLLDIRECTORY pfnSetDllDir;
+    pfnSetDllDir     = (PFNSETDLLDIRECTORY)GetProcAddress(hModKernel32, "SetDllDirectoryW");
+
+    typedef BOOL (WINAPI *PFNSETDEFAULTDLLDIRECTORIES)(DWORD);
+    PFNSETDEFAULTDLLDIRECTORIES pfnSetDefDllDirs;
+    pfnSetDefDllDirs = (PFNSETDEFAULTDLLDIRECTORIES)GetProcAddress(hModKernel32, "SetDefaultDllDirectories");
+
+    if (pfnSetDllDir != NULL)
+    {
+        /*
+         * Convert the path to UTF-16 and try set it.
+         */
+        PRTUTF16 pwszAppBinPath = NULL;
+        int rc = RTStrToUtf16(pszAppBinPath, &pwszAppBinPath);
+        if (RT_SUCCESS(rc))
+        {
+            if (pfnSetDllDir(pwszAppBinPath))
+            {
+                SUP_DPRINTF(("supR3HardenedWinModifyDllSearchPath: Set dll dir to '%ls'\n", pwszAppBinPath));
+                g_fSupLibHardenedDllSearchUserDirs = true;
+
+                /*
+                 * We set it alright, on W7 and later we also must modify the
+                 * default DLL search order.  See @bugref{6861} for details on
+                 * why we don't do this on Vista (also see init-win.cpp in IPRT).
+                 */
+                if (   pfnSetDefDllDirs
+                    && g_uNtVerCombined >= SUP_NT_VER_W70)
+                {
+                    if (pfnSetDefDllDirs(  LOAD_LIBRARY_SEARCH_APPLICATION_DIR
+                                         | LOAD_LIBRARY_SEARCH_SYSTEM32
+                                         | LOAD_LIBRARY_SEARCH_USER_DIRS))
+                        SUP_DPRINTF(("supR3HardenedWinModifyDllSearchPath: Successfully modified search dirs.\n"));
+                    else
+                        supR3HardenedFatal("supR3HardenedWinModifyDllSearchPath: SetDllDirectoryW(%ls) failed: %d\n",
+                                           pwszAppBinPath, RtlGetLastWin32Error());
+                }
+            }
+            else
+                supR3HardenedFatal("supR3HardenedWinModifyDllSearchPath: SetDllDirectoryW(%ls) failed: %d\n",
+                                   pwszAppBinPath, RtlGetLastWin32Error());
+            RTUtf16Free(pwszAppBinPath);
+        }
+        else
+            supR3HardenedFatal("supR3HardenedWinModifyDllSearchPath: RTStrToUtf16(%s) failed: %d\n", pszAppBinPath, rc);
+    }
+}
+
+
+/**
+ * Initializes the application binary directory path.
+ *
+ * This is called once or twice.
+ *
+ * @param   fFlags          The main flags (giving the location).
+ */
+DECLHIDDEN(void) supR3HardenedWinInitAppBin(uint32_t fFlags)
+{
+    USHORT cwc = (USHORT)g_offSupLibHardenedExeNtName - 1;
+    g_SupLibHardenedAppBinNtPath.UniStr.Buffer = g_SupLibHardenedAppBinNtPath.awcBuffer;
+    memcpy(g_SupLibHardenedAppBinNtPath.UniStr.Buffer, g_SupLibHardenedExeNtPath.UniStr.Buffer, cwc * sizeof(WCHAR));
+
+    switch (fFlags & SUPSECMAIN_FLAGS_LOC_MASK)
+    {
+        case SUPSECMAIN_FLAGS_LOC_APP_BIN:
+            break;
+        case SUPSECMAIN_FLAGS_LOC_TESTCASE:
+        {
+            /* Drop one directory level. */
+            USHORT off = cwc;
+            WCHAR  wc;
+            while (   off > 1
+                   && (wc = g_SupLibHardenedAppBinNtPath.UniStr.Buffer[off - 1]) != '\0')
+                if (wc != '\\' && wc != '/')
+                    off--;
+                else
+                {
+                    if (g_SupLibHardenedAppBinNtPath.UniStr.Buffer[off - 2] == ':')
+                        cwc = off;
+                    else
+                        cwc = off - 1;
+                    break;
+                }
+            break;
+        }
+        default:
+            supR3HardenedFatal("supR3HardenedWinInitAppBin: Unknown program binary location: %#x\n", fFlags);
+    }
+
+    g_SupLibHardenedAppBinNtPath.UniStr.Buffer[cwc]   = '\0';
+    g_SupLibHardenedAppBinNtPath.UniStr.Length        = cwc * sizeof(WCHAR);
+    g_SupLibHardenedAppBinNtPath.UniStr.MaximumLength = sizeof(g_SupLibHardenedAppBinNtPath.awcBuffer);
+    SUP_DPRINTF(("supR3HardenedWinInitAppBin(%#x): '%ls'\n", fFlags, g_SupLibHardenedAppBinNtPath.UniStr.Buffer));
 }
 
@@ -5372 +5506 @@
 
     /*
+     * Preliminary app binary path init.  May change when SUPR3HardenedMain is
+     * called (via main below).
+     */
+    supR3HardenedWinInitAppBin(SUPSECMAIN_FLAGS_LOC_APP_BIN);
+
+    /*
      * If we've done early init already, register the DLL load notification
      * callback and reinstall the NtDll patches.
@@ -5566 +5706 @@
 
     /*
+     * Preliminary app binary path init.  May change when SUPR3HardenedMain is called.
+     */
+    supR3HardenedWinInitAppBin(SUPSECMAIN_FLAGS_LOC_APP_BIN);
+
+    /*
      * Initialize the image verification stuff (hooks LdrLoadDll and NtCreateSection).
      */