Changeset 59810 in vbox for trunk/src/VBox/HostDrivers

Timestamp:

Feb 25, 2016 2:48:09 AM (9 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

105692

Message:

supR3HardenedWinInitVersion: Don't call RtlGetVersion during early init, it may touch NTDLL BSS data and cause VERR_SUP_VP_MEMORY_VS_FILE_MISMATCH when opening our kernel driver. Problem started with windows 10 build 14267.

Location:

trunk/src/VBox/HostDrivers/Support

Files:

• SUPLibInternal.h (modified) (1 diff)
• win/SUPHardenedVerifyImage-win.cpp (modified) (4 diffs)
• win/SUPLib-win.cpp (modified) (1 diff)
• win/SUPR3HardenedMain-win.cpp (modified) (3 diffs)

trunk/src/VBox/HostDrivers/Support/SUPLibInternal.h

@@ -452 +452 @@
 DECLHIDDEN(void)    supR3HardenedWinInit(uint32_t fFlags, bool fAvastKludge);
 DECLHIDDEN(void)    supR3HardenedWinInitAppBin(uint32_t fFlags);
-DECLHIDDEN(void)    supR3HardenedWinInitVersion(void);
+DECLHIDDEN(void)    supR3HardenedWinInitVersion(bool fEarlyInit);
 DECLHIDDEN(void)    supR3HardenedWinInitImports(void);
 DECLHIDDEN(void)    supR3HardenedWinModifyDllSearchPath(uint32_t fFlags, const char *pszAppBinPath);

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp

@@ -2772 +2772 @@
  * Called from suplibHardenedWindowsMain and suplibOsInit.
  */
-DECLHIDDEN(void) supR3HardenedWinInitVersion(void)
+DECLHIDDEN(void) supR3HardenedWinInitVersion(bool fEarly)
 {
     /*
@@ -2778 +2778 @@
      * GetVersion might not be telling the whole truth (8.0 on 8.1 depending on
      * the application manifest).
+     *
+     * Note! Windows 10 build 14267+ touches BSS when calling RtlGetVersion, so we
+     *       have to use the fallback for the call from the early init code.
      */
     OSVERSIONINFOEXW NtVerInfo;
@@ -2783 +2786 @@
     RT_ZERO(NtVerInfo);
     NtVerInfo.dwOSVersionInfoSize = sizeof(RTL_OSVERSIONINFOEXW);
-    if (!NT_SUCCESS(RtlGetVersion((PRTL_OSVERSIONINFOW)&NtVerInfo)))
+    if (   fEarly
+        || !NT_SUCCESS(RtlGetVersion((PRTL_OSVERSIONINFOW)&NtVerInfo)))
     {
         RT_ZERO(NtVerInfo);
@@ -2789 +2793 @@
         NtVerInfo.dwMajorVersion = pPeb->OSMajorVersion;
         NtVerInfo.dwMinorVersion = pPeb->OSMinorVersion;
-        NtVerInfo.dwBuildNumber  = pPeb->OSPlatformId;
+        NtVerInfo.dwBuildNumber  = pPeb->OSBuildNumber;
     }
 

trunk/src/VBox/HostDrivers/Support/win/SUPLib-win.cpp

@@ -93 +93 @@
     {
 #if defined(VBOX_WITH_HARDENING) && !defined(IN_SUP_HARDENED_R3) && !defined(IN_SUP_R3_STATIC)
-        supR3HardenedWinInitVersion();
+        supR3HardenedWinInitVersion(false /*fEarly*/);
         int rc = supHardenedWinInitImageVerifier(NULL);
         if (RT_FAILURE(rc))

trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp

@@ -5480 +5480 @@
      * SUPHardenedVerfiyImage-win.cpp.)
      */
-    supR3HardenedWinInitVersion();
+    supR3HardenedWinInitVersion(false /*fEarly*/);
     g_enmSupR3HardenedMainState = SUPR3HARDENEDMAINSTATE_WIN_VERSION_INITIALIZED;
 
@@ -5704 +5704 @@
      * Init g_uNtVerCombined as well as we can at this point.
      */
-    supR3HardenedWinInitVersion();
+    supR3HardenedWinInitVersion(true /*fEarly*/);
 
     /*
@@ -5719 +5719 @@
     char **papszArgs = suplibCommandLineToArgvWStub(CmdLineStr.Buffer, CmdLineStr.Length / sizeof(WCHAR), &cArgs);
     supR3HardenedOpenLog(&cArgs, papszArgs);
-    SUP_DPRINTF(("supR3HardenedVmProcessInit: uNtDllAddr=%p\n", uNtDllAddr));
+    SUP_DPRINTF(("supR3HardenedVmProcessInit: uNtDllAddr=%p g_uNtVerCombined=%#x\n", uNtDllAddr, g_uNtVerCombined));
 
     /*