Changeset 60480 in vbox for trunk/src/VBox/HostDrivers/Support
- Timestamp:
- Apr 13, 2016 8:13:17 PM (9 years ago)
- Location:
- trunk/src/VBox/HostDrivers/Support
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/HostDrivers/Support/Makefile.kmk
r60043 r60480 308 308 $(VBOX_PATH_RUNTIME_SRC)/common/path/RTPathChangeToUnixSlashes.cpp \ 309 309 $(VBOX_PATH_RUNTIME_SRC)/common/path/RTPathExt.cpp \ 310 $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrPrintHexBytes.cpp \311 310 $(VBOX_PATH_RUNTIME_SRC)/common/string/RTUtf16PrintHexBytes.cpp \ 312 311 $(VBOX_PATH_RUNTIME_SRC)/common/string/RTUtf16ICmpAscii.cpp \ … … 375 374 win/SUPR3HardenedNoCrt-win.cpp \ 376 375 $(VBOX_PATH_RUNTIME_SRC)/nt/RTErrConvertFromNtStatus.cpp \ 376 $(VBOX_PATH_RUNTIME_SRC)/nt/RTNtPathFindPossible8dot3Name.cpp \ 377 $(VBOX_PATH_RUNTIME_SRC)/nt/RTNtPathExpand8dot3Path.cpp \ 377 378 $(VBOX_PATH_RUNTIME_SRC)/r3/nt/pathint-nt.cpp \ 378 379 $(VBOX_PATH_RUNTIME_SRC)/win/RTErrConvertFromWin32.cpp \ -
trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h
r56733 r60480 76 76 DECLHIDDEN(int) supHardNtVpThread(HANDLE hProcess, HANDLE hThread, PRTERRINFO pErrInfo); 77 77 DECLHIDDEN(int) supHardNtVpDebugger(HANDLE hProcess, PRTERRINFO pErrInfo); 78 DECLHIDDEN(PRTUTF16) supHardNtVpIsPossible8dot3Path(PCRTUTF16 pwszPath);79 DECLHIDDEN(void) supHardNtVpFix8dot3Path(PUNICODE_STRING pUniStr, bool fPathOnly);80 78 81 79 DECLHIDDEN(bool) supHardViUtf16PathIsEqualEx(PCRTUTF16 pawcLeft, size_t cwcLeft, const char *pszRight); -
trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyProcess-win.cpp
r60193 r60480 1090 1090 1091 1091 /** 1092 * Checks whether the path could be containing alternative 8.3 names generated1093 * by NTFS, FAT, or other similar file systems.1094 *1095 * @returns Pointer to the first component that might be an 8.3 name, NULL if1096 * not 8.3 path.1097 * @param pwszPath The path to check.1098 *1099 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,1100 * however, non-tilde 8.3 aliases are probably rare enough to not be1101 * worth all the extra code necessary to open each path component and1102 * check if we've got the short name or not.1103 */1104 DECLHIDDEN(PRTUTF16) supHardNtVpIsPossible8dot3Path(PCRTUTF16 pwszPath)1105 {1106 PCRTUTF16 pwszName = pwszPath;1107 for (;;)1108 {1109 RTUTF16 wc = *pwszPath++;1110 if (wc == '~')1111 {1112 /* Could check more here before jumping to conclusions... */1113 if (pwszPath - pwszName <= 8+1+3)1114 return (PRTUTF16)pwszName;1115 }1116 else if (wc == '\\' || wc == '/' || wc == ':')1117 pwszName = pwszPath;1118 else if (wc == 0)1119 break;1120 }1121 return NULL;1122 }1123 1124 1125 /**1126 * Fixes up a path possibly containing one or more alternative 8-dot-3 style1127 * components.1128 *1129 * The path is fixed up in place. Errors are ignored.1130 *1131 * @param pUniStr The path to fix up. MaximumLength is the max buffer1132 * length.1133 * @param fPathOnly Whether to only process the path and leave the filename1134 * as passed in.1135 */1136 DECLHIDDEN(void) supHardNtVpFix8dot3Path(PUNICODE_STRING pUniStr, bool fPathOnly)1137 {1138 /*1139 * We could use FileNormalizedNameInformation here and slap the volume device1140 * path in front of the result, but it's only supported since windows 8.01141 * according to some docs... So we expand all supicious names.1142 */1143 union fix8dot3tmp1144 {1145 FILE_BOTH_DIR_INFORMATION Info;1146 uint8_t abBuffer[sizeof(FILE_BOTH_DIR_INFORMATION) + 2048 * sizeof(WCHAR)];1147 } *puBuf = NULL;1148 1149 1150 PRTUTF16 pwszFix = pUniStr->Buffer;1151 while (*pwszFix)1152 {1153 pwszFix = supHardNtVpIsPossible8dot3Path(pwszFix);1154 if (pwszFix == NULL)1155 break;1156 1157 RTUTF16 wc;1158 PRTUTF16 pwszFixEnd = pwszFix;1159 while ((wc = *pwszFixEnd) != '\0' && wc != '\\' && wc != '/')1160 pwszFixEnd++;1161 if (wc == '\0' && fPathOnly)1162 break;1163 1164 if (!puBuf)1165 {1166 puBuf = (union fix8dot3tmp *)RTMemAlloc(sizeof(*puBuf));1167 if (!puBuf)1168 break;1169 }1170 1171 RTUTF16 const wcSaved = *pwszFix;1172 *pwszFix = '\0'; /* paranoia. */1173 1174 UNICODE_STRING NtDir;1175 NtDir.Buffer = pUniStr->Buffer;1176 NtDir.Length = NtDir.MaximumLength = (USHORT)((pwszFix - pUniStr->Buffer) * sizeof(WCHAR));1177 1178 HANDLE hDir = RTNT_INVALID_HANDLE_VALUE;1179 IO_STATUS_BLOCK Ios = RTNT_IO_STATUS_BLOCK_INITIALIZER;1180 1181 OBJECT_ATTRIBUTES ObjAttr;1182 InitializeObjectAttributes(&ObjAttr, &NtDir, OBJ_CASE_INSENSITIVE, NULL /*hRootDir*/, NULL /*pSecDesc*/);1183 #ifdef IN_RING01184 ObjAttr.Attributes |= OBJ_KERNEL_HANDLE;1185 #endif1186 1187 NTSTATUS rcNt = NtCreateFile(&hDir,1188 FILE_READ_DATA | SYNCHRONIZE,1189 &ObjAttr,1190 &Ios,1191 NULL /* Allocation Size*/,1192 FILE_ATTRIBUTE_NORMAL,1193 FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,1194 FILE_OPEN,1195 FILE_DIRECTORY_FILE | FILE_OPEN_FOR_BACKUP_INTENT | FILE_SYNCHRONOUS_IO_NONALERT,1196 NULL /*EaBuffer*/,1197 0 /*EaLength*/);1198 *pwszFix = wcSaved;1199 if (NT_SUCCESS(rcNt))1200 {1201 RT_ZERO(*puBuf);1202 1203 IO_STATUS_BLOCK Ios = RTNT_IO_STATUS_BLOCK_INITIALIZER;1204 UNICODE_STRING NtFilterStr;1205 NtFilterStr.Buffer = pwszFix;1206 NtFilterStr.Length = (USHORT)((uintptr_t)pwszFixEnd - (uintptr_t)pwszFix);1207 NtFilterStr.MaximumLength = NtFilterStr.Length;1208 rcNt = NtQueryDirectoryFile(hDir,1209 NULL /* Event */,1210 NULL /* ApcRoutine */,1211 NULL /* ApcContext */,1212 &Ios,1213 puBuf,1214 sizeof(*puBuf) - sizeof(WCHAR),1215 FileBothDirectoryInformation,1216 FALSE /*ReturnSingleEntry*/,1217 &NtFilterStr,1218 FALSE /*RestartScan */);1219 if (NT_SUCCESS(rcNt) && puBuf->Info.NextEntryOffset == 0) /* There shall only be one entry matching... */1220 {1221 uint32_t offName = puBuf->Info.FileNameLength / sizeof(WCHAR);1222 while (offName > 0 && puBuf->Info.FileName[offName - 1] != '\\' && puBuf->Info.FileName[offName - 1] != '/')1223 offName--;1224 uint32_t cwcNameNew = (puBuf->Info.FileNameLength / sizeof(WCHAR)) - offName;1225 uint32_t cwcNameOld = (uint32_t)(pwszFixEnd - pwszFix);1226 1227 if (cwcNameOld == cwcNameNew)1228 memcpy(pwszFix, &puBuf->Info.FileName[offName], cwcNameNew * sizeof(WCHAR));1229 else if ( pUniStr->Length + cwcNameNew * sizeof(WCHAR) - cwcNameOld * sizeof(WCHAR) + sizeof(WCHAR)1230 <= pUniStr->MaximumLength)1231 {1232 size_t cwcLeft = pUniStr->Length - (pwszFixEnd - pUniStr->Buffer) * sizeof(WCHAR) + sizeof(WCHAR);1233 memmove(&pwszFix[cwcNameNew], pwszFixEnd, cwcLeft * sizeof(WCHAR));1234 pUniStr->Length -= (USHORT)(cwcNameOld * sizeof(WCHAR));1235 pUniStr->Length += (USHORT)(cwcNameNew * sizeof(WCHAR));1236 pwszFixEnd -= cwcNameOld;1237 pwszFixEnd -= cwcNameNew;1238 memcpy(pwszFix, &puBuf->Info.FileName[offName], cwcNameNew * sizeof(WCHAR));1239 }1240 /* else: ignore overflow. */1241 }1242 /* else: ignore failure. */1243 1244 NtClose(hDir);1245 }1246 1247 /* Advance */1248 pwszFix = pwszFixEnd;1249 }1250 1251 if (puBuf)1252 RTMemFree(puBuf);1253 }1254 1255 1256 1257 /**1258 1092 * Matches two UNICODE_STRING structures in a case sensitive fashion. 1259 1093 * … … 1316 1150 */ 1317 1151 PUNICODE_STRING pLongName = &pImage->Name.UniStr; 1318 if ( supHardNtVpIsPossible8dot3Path(pLongName->Buffer))1152 if (RTNtPathFindPossible8dot3Name(pLongName->Buffer)) 1319 1153 { 1320 1154 AssertCompile(sizeof(pThis->abMemory) > sizeof(pImage->Name)); … … 1325 1159 memcpy(pTmp->Buffer, pLongName->Buffer, pLongName->Length + sizeof(RTUTF16)); 1326 1160 1327 supHardNtVpFix8dot3Path(pTmp, false /*fPathOnly*/);1161 RTNtPathExpand8dot3Path(pTmp, false /*fPathOnly*/); 1328 1162 Assert(pTmp->Buffer[pTmp->Length / sizeof(RTUTF16)] == '\0'); 1329 1163 -
trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp
r59811 r60480 1225 1225 } 1226 1226 1227 if (supHardNtVpIsPossible8dot3Path(uBuf.UniStr.Buffer)) 1227 if (!RTNtPathFindPossible8dot3Name(uBuf.UniStr.Buffer)) 1228 cbNameBuf += sizeof(WCHAR); 1229 else 1228 1230 { 1229 1231 uBuf.UniStr.MaximumLength = sizeof(uBuf) - 128; 1230 supHardNtVpFix8dot3Path(&uBuf.UniStr, true /*fPathOnly*/); 1232 RTNtPathExpand8dot3Path(&uBuf.UniStr, true /*fPathOnly*/); 1233 cbNameBuf = (uintptr_t)uBuf.UniStr.Buffer + uBuf.UniStr.Length + sizeof(WCHAR) - (uintptr_t)&uBuf.abBuffer[0]; 1231 1234 } 1232 1235
Note:
See TracChangeset
for help on using the changeset viewer.