Changeset 58730 in vbox

Timestamp:

Nov 18, 2015 1:32:53 AM (9 years ago)

Author:

vboxsync

Message:

supR3HardenedMonitor_LdrLoadDll: Return STATUS_INVALID_IMAGE_FORMAT for VERR_LDR_ARCH_MISMATCH. That my shut up stupid attempts to load 32-bit hook DLLs into our process.

File:

• trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp (modified) (3 diffs)

trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp

@@ -1155 +1155 @@
 
 /**
+ * Translates VBox status code (from supHardenedWinVerifyImageTrust) to an NT
+ * status.
+ *
+ * @returns NT status.
+ * @param   rc                      VBox status code.
+ */
+static NTSTATUS supR3HardenedScreenImageCalcStatus(int rc)
+{
+    /* This seems to be what LdrLoadDll returns when loading a 32-bit DLL into
+       a 64-bit process.  At least here on windows 10 (2015-11-xx).
+
+       NtCreateSection probably returns something different, possibly a warning,
+       we currently don't distinguish between the too, so we stick with the
+       LdrLoadDll one as it's definitely an error.*/
+    if (rc == VERR_LDR_ARCH_MISMATCH)
+        return STATUS_INVALID_IMAGE_FORMAT;
+
+    return STATUS_TRUST_FAILURE;
+}
+
+
+/**
  * Screens an image file or file mapped with execute access.
  *
@@ -1264 +1286 @@
                                "supR3HardenedScreenImage/%s: cached rc=%Rrc fImage=%d fProtect=%#x fAccess=%#x cHits=%u %ls\n",
                                pszCaller, pCacheHit->rc, fImage, *pfProtect, *pfAccess, cHits, uBuf.UniStr.Buffer);
-        return STATUS_TRUST_FAILURE;
+        return supR3HardenedScreenImageCalcStatus(pCacheHit->rc);
     }
 
@@ -1450 +1472 @@
         if (hMyFile != hFile)
             supR3HardenedWinVerifyCacheInsert(&uBuf.UniStr, hMyFile, rc, fWinVerifyTrust, fFlags);
-        return STATUS_TRUST_FAILURE;
+        return supR3HardenedScreenImageCalcStatus(rc);
     }