// // ============================================================================ // FREQUENTLY USED REGISTRY KEYS // ============================================================================ // // // registry keys and hive names. // #define REG_SAM_KEY "\\REGISTRY\\MACHINE\\SAM" #define REG_SECURITY_KEY "\\REGISTRY\\MACHINE\\SECURITY" #define REG_SOFTWARE_KEY "\\REGISTRY\\MACHINE\\SOFTWARE" #define REG_SYSTEM_KEY "\\REGISTRY\\MACHINE\\SYSTEM" #define REG_SAM_HIVE "\\SYSTEMROOT\\SYSTEM32\\CONFIG\\SAM" #define REG_SECURITY_HIVE "\\SYSTEMROOT\\SYSTEM32\\CONFIG\\SECURITY" #define REG_SOFTWARE_HIVE "\\SYSTEMROOT\\SYSTEM32\\CONFIG\\SOFTWARE" #define REG_SYSTEM_HIVE "\\SYSTEMROOT\\SYSTEM32\\CONFIG\\SYSTEM" #define REG_SAM_DOMAINS "\\REGISTRY\\MACHINE\\SAM\\SAM\\DOMAINS" #define REG_SECURITY_POLICY "\\REGISTRY\\MACHINE\\SECURITY\\POLICY" #define REG_SECURITY_POLACDMS "\\REGISTRY\\MACHINE\\SECURITY\\POLICY\\POLACDMS" #define REG_SOFTWARE_PROFILELIST "\\REGISTRY\\MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\PROFILELIST" #define REG_SOFTWARE_SECEDIT "\\REGISTRY\\MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SECEDIT" #define REG_SOFTWARE_EFS "\\REGISTRY\\MACHINE\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\EFS" #define REG_SYSTEM_SERVICES "\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\SERVICES" #define REG_SYSTEM_CONTROL "\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL" #define REG_SYSTEM_CONTROL_PRINT "\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\PRINT" #define REG_SYSTEM_SETUP "\\REGISTRY\\MACHINE\\SYSTEM\\SETUP" #define REG_SYSTEM_SESSIONMANAGER "\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\SESSION MANAGER" #define REG_SYSTEM_HIVELIST "\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\HIVELIST" // // Repair hives // #define REPAIR_SAM_KEY "\\REGISTRY\\MACHINE\\RSAM" #define REPAIR_SECURITY_KEY "\\REGISTRY\\MACHINE\\RSECURITY" #define REPAIR_SOFTWARE_KEY "\\REGISTRY\\MACHINE\\RSOFTWARE" #define REPAIR_SYSTEM_KEY "\\REGISTRY\\MACHINE\\RSYSTEM" #define REPAIR_SAM_HIVE "\\SYSTEMROOT\\REPAIR\\SAM" #define REPAIR_SECURITY_HIVE "\\SYSTEMROOT\\REPAIR\\SECURITY" #define REPAIR_SOFTWARE_HIVE "\\SYSTEMROOT\\REPAIR\\SOFTWARE" #define REPAIR_SYSTEM_HIVE "\\SYSTEMROOT\\REPAIR\\SYSTEM" #define R_REG_SAM_DOMAINS "\\REGISTRY\\MACHINE\\RSAM\\SAM\\DOMAINS" #define R_REG_SECURITY_POLICY "\\REGISTRY\\MACHINE\\RSECURITY\\POLICY" #define R_REG_SOFTWARE_PROFILELIST "\\REGISTRY\\MACHINE\\RSOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\PROFILELIST" #define R_REG_SOFTWARE_SECEDIT "\\REGISTRY\\MACHINE\\RSOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SECEDIT" #define R_REG_SOFTWARE_EFS "\\REGISTRY\\MACHINE\\RSOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\EFS" #define R_REG_SYSTEM_CONTROL_PRINT "\\REGISTRY\\MACHINE\\RSYSTEM\\CURRENTCONTROLSET\\CONTROL\\PRINT" #define R_REG_SYSTEM_SERVICES "\\REGISTRY\\MACHINE\\RSYSTEM\\CURRENTCONTROLSET\\SERVICES" #define R_REG_SETUP_KEYNAME "\\REGISTRY\\MACHINE\\RSYSTEM\\SETUP" #define BACKUP_REPAIR_SAM_HIVE "\\SYSTEMROOT\\REPAIR\\DS_SAM" #define BACKUP_REPAIR_SECURITY_HIVE "\\SYSTEMROOT\\REPAIR\\DS_SECURITY" #define BACKUP_REPAIR_SOFTWARE_HIVE "\\SYSTEMROOT\\REPAIR\\DS_SOFTWARE" #define BACKUP_REPAIR_SYSTEM_HIVE "\\SYSTEMROOT\\REPAIR\\DS_SYSTEM" #define REG_CLONETAG_VALUENAME "CLONETAG" #define EXECUTE "SETUPEXECUTE" #define REG_SIZE_LIMIT "REGISTRYSIZELIMIT" #define PROFILEIMAGEPATH "PROFILEIMAGEPATH" #define TMP_HIVE_NAME "\\REGISTRY\\MACHINE\\TMPHIVE" // // ============================================================================ // CONSTANTS // ============================================================================ // #define BASIC_INFO_BUFFER_SIZE (sizeof(KEY_VALUE_BASIC_INFORMATION) + 2048) // #define PARTIAL_INFO_BUFFER_SIZE (sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 1536) #define FULL_INFO_BUFFER_SIZE (sizeof(KEY_VALUE_FULL_INFORMATION) + 4096) #define SID_SIZE (0x18) #define REGISTRY_QUOTA_BUMP (10 * (1024 * 1024)) #define PROGRAM_NAME "setupcl.exe" // // ============================================================================ // USEFUL MACROS // ============================================================================ // #define AS(x) ( sizeof(x) / sizeof(x[0]) ) // // Helper macro to make object attribute initialization a little cleaner. // #define INIT_OBJA(Obja,UnicodeString,UnicodeText) \ \ RtlInitUnicodeString((UnicodeString),(UnicodeText)); \ \ InitializeObjectAttributes( \ (Obja), \ (UnicodeString), \ OBJ_CASE_INSENSITIVE, \ NULL, \ NULL \ ) #define PRINT_BLOCK( Block, BlockSize ) \ { \ ULONG idx1, idx2, idx3; \ idx1 = 0; \ while( idx1 < BlockSize ) { \ DbgPrint( "\t" ); \ for( idx3 = 0; idx3 < 4; idx3++ ) { \ idx2 = 0; \ while( ( idx1 < BlockSize ) && ( idx2 < 4 ) ) { \ DbgPrint( "%02lx", *(PUCHAR)((PUCHAR)Block + idx1) ); \ idx1++; idx2++; \ } \ DbgPrint( " " ); \ } \ DbgPrint( "\n" ); \ } \ } // // Helper macro to test the the Status variable. Print // a message if it's not NT_SUCCESS // #define TEST_STATUS( a ) \ if( !NT_SUCCESS( Status ) ) { \ DbgPrint( "%s (%lx)\n", a, Status ); \ } // // Helper macro to test the the Status variable. Print // a message if it's not NT_SUCCESS, then retun Status to // our caller. // #define TEST_STATUS_RETURN( a ) \ if( !NT_SUCCESS( Status ) ) { \ DbgPrint( "%s (%lx)\n", a, Status ); \ return Status; \ } // // Helper macro to print the the Status variable. Print // a message and the Status // #define PRINT_STATUS( a ) \ { \ DbgPrint( "%s (%lx)\n", a, Status ); \ } // // ============================================================================ // FUNCTION DECLARATIONS // ============================================================================ // extern NTSTATUS DeleteKey( PWSTR Key ); extern NTSTATUS DeleteKeyRecursive( HANDLE hKeyRoot, PWSTR Key ); extern NTSTATUS FileDelete( IN WCHAR *FileName ); extern NTSTATUS FileCopy( IN WCHAR *TargetName, IN WCHAR *SourceName ); extern NTSTATUS SetKey( IN WCHAR *KeyName, IN WCHAR *SubKeyName, IN CHAR *Data, IN ULONG DataLength, IN ULONG DATA_TYPE ); extern NTSTATUS ReadSetWriteKey( IN WCHAR *ParentKeyName, OPTIONAL IN HANDLE ParentKeyHandle, OPTIONAL IN WCHAR *SubKeyName, IN CHAR *OldData, IN CHAR *NewData, IN ULONG DataLength, IN ULONG DATA_TYPE ); extern NTSTATUS LoadUnloadHive( IN PWSTR KeyName, IN PWSTR FileName ); extern NTSTATUS BackupRepairHives( VOID ); extern NTSTATUS CleanupRepairHives( NTSTATUS RepairHivesSuccess ); extern NTSTATUS TestSetSecurityObject( HANDLE hKey ); extern NTSTATUS SetKeySecurityRecursive( HANDLE hKey ); extern NTSTATUS CopyKeyRecursive( HANDLE hKeyDst, HANDLE hKeySrc ); extern NTSTATUS CopyRegKey( IN WCHAR *TargetName, IN WCHAR *SourceName, IN HANDLE ParentKeyHandle OPTIONAL ); extern NTSTATUS MoveRegKey( IN WCHAR *TargetName, IN WCHAR *SourceName ); extern NTSTATUS FindAndReplaceBlock( IN PCHAR Block, IN ULONG BlockLength, IN PCHAR OldValue, IN PCHAR NewValue, IN ULONG ValueLength ); extern NTSTATUS StringSwitchString( PWSTR BaseString, DWORD cBaseStringLen, PWSTR OldSubString, PWSTR NewSubString ); extern NTSTATUS SiftKeyRecursive( HANDLE hKey, int indent ); extern NTSTATUS SiftKey( PWSTR KeyName ); extern NTSTATUS ProcessSAMHive( VOID ); extern NTSTATUS ProcessSECURITYHive( VOID ); extern NTSTATUS ProcessSOFTWAREHive( VOID ); extern NTSTATUS ProcessSYSTEMHive( VOID ); extern NTSTATUS ProcessRepairSAMHive( VOID ); extern NTSTATUS ProcessRepairSECURITYHive( VOID ); extern NTSTATUS ProcessRepairSOFTWAREHive( VOID ); extern NTSTATUS ProcessRepairSYSTEMHive( VOID ); extern NTSTATUS RetrieveOldSid( VOID ); extern NTSTATUS GenerateUniqueSid( IN DWORD Seed ); extern NTSTATUS EnumerateDrives( VOID ); extern NTSTATUS DriveLetterToNTPath( IN WCHAR DriveLetter, IN OUT PWSTR NTPath, IN DWORD cNTPathLen ); // ============================================================================ // GLOBAL VARIABLES // ============================================================================ // // These globals hold the OldSid (the one prior to the clone) // and the NewSid (the one we generate and spray into the // registry). // PSID G_OldSid, G_NewSid; // // These guys will hold small strings that contain the text character // versions of the 3 unique numbers that make up the domain SID. // WCHAR G_OldSidSubString[MAX_PATH * 4]; WCHAR G_NewSidSubString[MAX_PATH * 4]; WCHAR TmpBuffer[MAX_PATH * 4]; // // Disable the DbgPrint for non-debug builds // #ifndef DBG #define DbgPrint DbgPrintSub void DbgPrintSub(char *szBuffer, ...); #endif // // UI related constants and functions. // // 14 seconds in 100ns units. (OOBE wanted 15secs, but it seems like it takes ~1-2 sec to initialize setupcl) // #define UITIME 140000000 #define UIDOTTIME 30000000 // 3 seconds in 100ns units extern __inline void DisplayUI(); extern BOOL LoadStringResource( PUNICODE_STRING pUnicodeString, INT MsgId );