/*++ Copyright (c) 1989-2000 Microsoft Corporation Module Name: attributes.c Abstract: This file contains complete implementation of attribute retrieval and caching. Author: vadimb created sometime in 2000 Revision History: several people contributed (clupu, dmunsil...) --*/ // // Obtain tag information // #define _WANT_TAG_INFO #include "sdbp.h" #include #include #if defined(KERNEL_MODE) && defined(ALLOC_DATA_PRAGMA) #pragma data_seg() #endif // KERNEL_MODE && ALLOC_DATA_PRAGMA // // Attribute tags // The attributes are checked in the order they are listed below. // TAG g_rgAttributeTags[] = { TAG_SIZE, TAG_CHECKSUM, TAG_BIN_FILE_VERSION, TAG_BIN_PRODUCT_VERSION, TAG_PRODUCT_VERSION, TAG_FILE_DESCRIPTION, TAG_COMPANY_NAME, TAG_PRODUCT_NAME, TAG_FILE_VERSION, TAG_ORIGINAL_FILENAME, TAG_INTERNAL_NAME, TAG_LEGAL_COPYRIGHT, TAG_VERDATEHI, TAG_VERDATELO, TAG_VERFILEOS, TAG_VERFILETYPE, TAG_MODULE_TYPE, TAG_PE_CHECKSUM, TAG_LINKER_VERSION, #ifndef KERNEL_MODE TAG_16BIT_DESCRIPTION, TAG_16BIT_MODULE_NAME, #endif TAG_UPTO_BIN_FILE_VERSION, TAG_UPTO_BIN_PRODUCT_VERSION, TAG_LINK_DATE, TAG_UPTO_LINK_DATE, TAG_VER_LANGUAGE }; #define ATTRIBUTE_COUNT ARRAYSIZE(g_rgAttributeTags) static TAG_INFO gaTagInfo[] = { {TAG_DATABASE ,TEXT("DATABASE")}, {TAG_LIBRARY ,TEXT("LIBRARY")}, {TAG_INEXCLUDE ,TEXT("INEXCLUDE")}, {TAG_SHIM ,TEXT("SHIM")}, {TAG_PATCH ,TEXT("PATCH")}, {TAG_FLAG ,TEXT("FLAG")}, {TAG_APP ,TEXT("APP")}, {TAG_EXE ,TEXT("EXE")}, {TAG_MATCHING_FILE ,TEXT("MATCHING_FILE")}, {TAG_SHIM_REF ,TEXT("SHIM_REF")}, {TAG_PATCH_REF ,TEXT("PATCH_REF")}, {TAG_FLAG_REF ,TEXT("FLAG_REF")}, {TAG_LAYER ,TEXT("LAYER")}, {TAG_FILE ,TEXT("FILE")}, {TAG_APPHELP ,TEXT("APPHELP")}, {TAG_LINK ,TEXT("LINK")}, {TAG_DATA ,TEXT("DATA")}, {TAG_ACTION ,TEXT("ACTION")}, {TAG_MSI_TRANSFORM ,TEXT("MSI TRANSFORM")}, {TAG_MSI_TRANSFORM_REF ,TEXT("MSI TRANSFORM REF")}, {TAG_MSI_PACKAGE ,TEXT("MSI PACKAGE")}, {TAG_MSI_CUSTOM_ACTION ,TEXT("MSI CUSTOM ACTION")}, {TAG_NAME ,TEXT("NAME")}, {TAG_DESCRIPTION ,TEXT("DESCRIPTION")}, {TAG_MODULE ,TEXT("MODULE")}, {TAG_API ,TEXT("API")}, {TAG_VENDOR ,TEXT("VENDOR")}, {TAG_APP_NAME ,TEXT("APP_NAME")}, {TAG_DLLFILE ,TEXT("DLLFILE")}, {TAG_COMMAND_LINE ,TEXT("COMMAND_LINE")}, {TAG_ACTION_TYPE ,TEXT("ACTION_TYPE")}, {TAG_COMPANY_NAME ,TEXT("COMPANY_NAME")}, {TAG_WILDCARD_NAME ,TEXT("WILDCARD_NAME")}, {TAG_PRODUCT_NAME ,TEXT("PRODUCT_NAME")}, {TAG_PRODUCT_VERSION ,TEXT("PRODUCT_VERSION")}, {TAG_FILE_DESCRIPTION ,TEXT("FILE_DESCRIPTION")}, {TAG_FILE_VERSION ,TEXT("FILE_VERSION")}, {TAG_ORIGINAL_FILENAME ,TEXT("ORIGINAL_FILENAME")}, {TAG_INTERNAL_NAME ,TEXT("INTERNAL_NAME")}, {TAG_LEGAL_COPYRIGHT ,TEXT("LEGAL_COPYRIGHT")}, {TAG_16BIT_DESCRIPTION ,TEXT("S16BIT_DESCRIPTION")}, {TAG_APPHELP_DETAILS ,TEXT("PROBLEM_DETAILS")}, {TAG_LINK_URL ,TEXT("LINK_URL")}, {TAG_LINK_TEXT ,TEXT("LINK_TEXT")}, {TAG_APPHELP_TITLE ,TEXT("APPHELP_TITLE")}, {TAG_APPHELP_CONTACT ,TEXT("APPHELP_CONTACT")}, {TAG_SXS_MANIFEST ,TEXT("SXS_MANIFEST")}, {TAG_DATA_STRING ,TEXT("DATA_STRING")}, {TAG_MSI_TRANSFORM_FILE ,TEXT("MSI_TRANSFORM_FILE")}, {TAG_16BIT_MODULE_NAME ,TEXT("S16BIT_MODULE_NAME")}, {TAG_LAYER_DISPLAYNAME ,TEXT("LAYER_DISPLAYNAME")}, {TAG_COMPILER_VERSION ,TEXT("COMPILER_VERSION")}, {TAG_SIZE ,TEXT("SIZE")}, {TAG_OFFSET ,TEXT("OFFSET")}, {TAG_CHECKSUM ,TEXT("CHECKSUM")}, {TAG_SHIM_TAGID ,TEXT("SHIM_TAGID")}, {TAG_PATCH_TAGID ,TEXT("PATCH_TAGID")}, {TAG_LAYER_TAGID ,TEXT("LAYER_TAGID")}, {TAG_FLAG_TAGID ,TEXT("FLAG_TAGID")}, {TAG_MODULE_TYPE ,TEXT("MODULE_TYPE")}, {TAG_VERDATEHI ,TEXT("VERFILEDATEHI")}, {TAG_VERDATELO ,TEXT("VERFILEDATELO")}, {TAG_VERFILEOS ,TEXT("VERFILEOS")}, {TAG_VERFILETYPE ,TEXT("VERFILETYPE")}, {TAG_PE_CHECKSUM ,TEXT("PE_CHECKSUM")}, {TAG_LINKER_VERSION ,TEXT("LINKER_VERSION")}, {TAG_LINK_DATE ,TEXT("LINK_DATE")}, {TAG_UPTO_LINK_DATE ,TEXT("UPTO_LINK_DATE")}, {TAG_OS_SERVICE_PACK ,TEXT("OS_SERVICE_PACK")}, {TAG_VER_LANGUAGE ,TEXT("VER_LANGUAGE")}, {TAG_PREVOSMAJORVER ,TEXT("PREVOSMAJORVERSION")}, {TAG_PREVOSMINORVER ,TEXT("PREVOSMINORVERSION")}, {TAG_PREVOSPLATFORMID ,TEXT("PREVOSPLATFORMID")}, {TAG_PREVOSBUILDNO ,TEXT("PREVOSBUILDNO")}, {TAG_PROBLEMSEVERITY ,TEXT("PROBLEM_SEVERITY")}, {TAG_HTMLHELPID ,TEXT("HTMLHELPID")}, {TAG_INDEX_FLAGS ,TEXT("INDEXFLAGS")}, {TAG_LANGID ,TEXT("APPHELP_LANGID")}, {TAG_ENGINE ,TEXT("ENGINE")}, {TAG_FLAGS ,TEXT("FLAGS") }, {TAG_DATA_VALUETYPE ,TEXT("VALUETYPE")}, {TAG_DATA_DWORD ,TEXT("DATA_DWORD")}, {TAG_MSI_TRANSFORM_TAGID,TEXT("MSI_TRANSFORM_TAGID")}, {TAG_RUNTIME_PLATFORM, TEXT("RUNTIME_PLATFORM")}, {TAG_OS_SKU, TEXT("OS_SKU")}, {TAG_INCLUDE ,TEXT("INCLUDE")}, {TAG_GENERAL ,TEXT("GENERAL")}, {TAG_MATCH_LOGIC_NOT ,TEXT("MATCH_LOGIC_NOT")}, {TAG_APPLY_ALL_SHIMS ,TEXT("APPLY_ALL_SHIMS")}, {TAG_USE_SERVICE_PACK_FILES ,TEXT("USE_SERVICE_PACK_FILES")}, {TAG_TIME ,TEXT("TIME")}, {TAG_BIN_FILE_VERSION ,TEXT("BIN_FILE_VERSION")}, {TAG_BIN_PRODUCT_VERSION,TEXT("BIN_PRODUCT_VERSION")}, {TAG_MODTIME ,TEXT("MODTIME")}, {TAG_FLAG_MASK_KERNEL ,TEXT("FLAG_MASK_KERNEL")}, {TAG_FLAG_MASK_USER ,TEXT("FLAG_MASK_USER")}, {TAG_FLAG_MASK_SHELL ,TEXT("FLAG_MASK_SHELL")}, {TAG_UPTO_BIN_PRODUCT_VERSION, TEXT("UPTO_BIN_PRODUCT_VERSION")}, {TAG_UPTO_BIN_FILE_VERSION, TEXT("UPTO_BIN_FILE_VERSION")}, {TAG_DATA_QWORD ,TEXT("DATA_QWORD")}, {TAG_FLAGS_NTVDM1 ,TEXT("FLAGS_NTVDM1")}, {TAG_FLAGS_NTVDM2 ,TEXT("FLAGS_NTVDM2")}, {TAG_FLAGS_NTVDM3 ,TEXT("FLAGS_NTVDM3")}, {TAG_PATCH_BITS ,TEXT("PATCH_BITS")}, {TAG_FILE_BITS ,TEXT("FILE_BITS")}, {TAG_EXE_ID ,TEXT("EXE_ID(GUID)")}, {TAG_DATA_BITS ,TEXT("DATA_BITS")}, {TAG_MSI_PACKAGE_ID ,TEXT("MSI_PACKAGE_ID(GUID)")}, {TAG_DATABASE_ID ,TEXT("DATABASE_ID(GUID)")}, {TAG_MATCH_MODE ,TEXT("MATCH_MODE")}, // // Internal types defined in shimdb.h // {TAG_STRINGTABLE ,TEXT("STRINGTABLE")}, {TAG_INDEXES ,TEXT("INDEXES")}, {TAG_INDEX ,TEXT("INDEX")}, {TAG_INDEX_TAG ,TEXT("INDEX_TAG")}, {TAG_INDEX_KEY ,TEXT("INDEX_KEY")}, {TAG_INDEX_BITS ,TEXT("INDEX_BITS")}, {TAG_STRINGTABLE_ITEM ,TEXT("STRTAB_ITEM")}, {TAG_TAG ,TEXT("TAG")}, {TAG_TAGID ,TEXT("TAGID")}, {TAG_NULL ,TEXT("")} // always needs to be last item }; static MOD_TYPE_STRINGS g_rgModTypeStrings[] = { {MT_UNKNOWN_MODULE, TEXT("NONE")}, {MT_W16_MODULE, TEXT("WIN16")}, {MT_W32_MODULE, TEXT("WIN32")}, {MT_DOS_MODULE, TEXT("DOS")} }; // // Version Strings for stringref attributes // typedef struct _VER_STRINGS { TAG tTag; LPTSTR szName; } VER_STRINGS; static VER_STRINGS g_rgVerStrings[] = { {TAG_PRODUCT_VERSION, TEXT("ProductVersion") }, {TAG_FILE_DESCRIPTION, TEXT("FileDescription") }, {TAG_COMPANY_NAME, TEXT("CompanyName") }, {TAG_PRODUCT_NAME, TEXT("ProductName") }, {TAG_FILE_VERSION, TEXT("FileVersion") }, {TAG_ORIGINAL_FILENAME, TEXT("OriginalFilename") }, {TAG_INTERNAL_NAME, TEXT("InternalName") }, {TAG_LEGAL_COPYRIGHT, TEXT("LegalCopyright") } }; // // Binary version tags (DWORDs and QWORDs) // // static TAG g_rgBinVerTags[] = { TAG_VERDATEHI, TAG_VERDATELO, TAG_VERFILEOS, TAG_VERFILETYPE, TAG_BIN_PRODUCT_VERSION, TAG_BIN_FILE_VERSION, TAG_UPTO_BIN_PRODUCT_VERSION, TAG_UPTO_BIN_FILE_VERSION }; // // Binary header tags (retrieval requires opening a file). // static TAG g_rgHeaderTags[] = { TAG_MODULE_TYPE, TAG_PE_CHECKSUM, TAG_LINKER_VERSION, TAG_CHECKSUM, TAG_16BIT_DESCRIPTION, TAG_16BIT_MODULE_NAME, TAG_LINK_DATE, TAG_UPTO_LINK_DATE }; // // Basic information tags (size). // TAG g_rgDirectoryTags[] = { TAG_SIZE, 0 }; // // Invalid tag token // static TCHAR s_szInvalidTag[] = _T("InvalidTag"); #if defined(KERNEL_MODE) && defined(ALLOC_PRAGMA) #pragma alloc_text(PAGE, TagToIndex) #pragma alloc_text(PAGE, SdbTagToString) #pragma alloc_text(PAGE, SdbpModuleTypeToString) #pragma alloc_text(PAGE, SdbpSetAttribute) #pragma alloc_text(PAGE, SdbpQueryStringVersionInformation) #pragma alloc_text(PAGE, SdbpQueryBinVersionInformation) #pragma alloc_text(PAGE, SdbpGetVersionAttributesNT) #pragma alloc_text(PAGE, SdbpGetHeaderAttributes) #pragma alloc_text(PAGE, SdbpGetAttribute) #pragma alloc_text(PAGE, SdbpCheckAttribute) #pragma alloc_text(PAGE, FindFileInfo) #pragma alloc_text(PAGE, CreateFileInfo) #pragma alloc_text(PAGE, SdbFreeFileInfo) #pragma alloc_text(PAGE, SdbpCleanupAttributeMgr) #pragma alloc_text(PAGE, SdbpCheckAllAttributes) #pragma alloc_text(PAGE, SdbpQueryVersionString) #pragma alloc_text(PAGE, SdbpGetModuleType) #pragma alloc_text(PAGE, SdbpGetModulePECheckSum) #pragma alloc_text(PAGE, SdbpGetImageNTHeader) #pragma alloc_text(PAGE, SdbpGetFileChecksum) #pragma alloc_text(PAGE, SdbpCheckVersion) #pragma alloc_text(PAGE, SdbpCheckUptoVersion) #endif // KERNEL_MODE && ALLOC_PRAGMA int TagToIndex( IN TAG tag // the tag ) /*++ Return: The index in the attribute info array (g_rgAttributeTags). Desc: Self explanatory. --*/ { int i; for (i = 0; i < ATTRIBUTE_COUNT; i++) { if (tag == g_rgAttributeTags[i]) { return i; } } DBGPRINT((sdlError, "TagToIndex", "Invalid attribute 0x%x.\n", tag)); return -1; } LPCTSTR SdbTagToString( TAG tag ) /*++ Return: The pointer to the string name for the specified tag. Desc: Self explanatory. --*/ { int i; for (i = 0; i < ARRAYSIZE(gaTagInfo); ++i) { if (gaTagInfo[i].tWhich == tag) { return gaTagInfo[i].szName; } } return s_szInvalidTag; } LPCTSTR SdbpModuleTypeToString( DWORD dwModuleType ) { int i; for (i = 0; i < ARRAYSIZE(g_rgModTypeStrings); ++i) { if (g_rgModTypeStrings[i].dwModuleType == dwModuleType) { return g_rgModTypeStrings[i].szModuleType; } } // // The first element is the "UNKNOWN" type -- NONE // return g_rgModTypeStrings[0].szModuleType; } BOOL SdbpSetAttribute( OUT PFILEINFO pFileInfo, // pointer to the FILEINFO structure. IN TAG AttrID, // Attribute ID (tag, as in TAG_SIZE IN PVOID pValue // value ) /*++ Return: TRUE on success, FALSE otherwise. Desc: This function sets the value for the specified attribute. If pValue is NULL it means that the specified attribute is not available for the file. --*/ { int nAttrInd; PATTRINFO pAttrInfo; nAttrInd = TagToIndex(AttrID); if (nAttrInd < 0) { DBGPRINT((sdlError, "SdbpSetAttribute", "Invalid attribute %d.\n", nAttrInd)); return FALSE; } pAttrInfo = &pFileInfo->Attributes[nAttrInd]; if (pValue == NULL) { // // No value. Mark and exit. // pAttrInfo->dwFlags = (pAttrInfo->dwFlags & ~ATTRIBUTE_AVAILABLE) | ATTRIBUTE_FAILED; return TRUE; } switch (GETTAGTYPE(AttrID)) { case TAG_TYPE_DWORD: pAttrInfo->dwAttr = *(DWORD*)pValue; break; case TAG_TYPE_QWORD: pAttrInfo->ullAttr = *(ULONGLONG*)pValue; break; case TAG_TYPE_STRINGREF: pAttrInfo->lpAttr = (LPTSTR)pValue; break; } pAttrInfo->tAttrID = AttrID; pAttrInfo->dwFlags |= ATTRIBUTE_AVAILABLE; return TRUE; } // // This is a guard against bad code in version.dll that stomps over the // buffer size for Unicode apis on 16-bit exes. // #define VERSIONINFO_BUFFER_PAD 16 void SdbpQueryStringVersionInformation( IN PSDBCONTEXT pContext, IN PFILEINFO pFileInfo, OUT LPVOID pVersionInfo ) /*++ Return: void. Desc: Sets all the version string info available for the specified file. --*/ { int i; LPTSTR szVerString; PLANGANDCODEPAGE pLangCodePage = NULL; DWORD cbLangCP = 0; int nTranslations = 0; if (!pContext->pfnVerQueryValue(pVersionInfo, TEXT("\\VarFileInfo\\Translation"), (LPVOID)&pLangCodePage, &cbLangCP)) { DBGPRINT((sdlError, "SdbpQueryStringVersionInformation", "VerQueryValue failed for translation\n")); pLangCodePage = NULL; } nTranslations = cbLangCP / sizeof(*pLangCodePage); for (i = 0; i < ARRAYSIZE(g_rgVerStrings); ++i) { szVerString = SdbpQueryVersionString(pContext, pVersionInfo, pLangCodePage, nTranslations, g_rgVerStrings[i].szName); SdbpSetAttribute(pFileInfo, g_rgVerStrings[i].tTag, szVerString); } #ifndef KERNEL_MODE // // Set the attribute for Language // if (pLangCodePage != NULL && nTranslations == 1) { DWORD dwLanguage = (DWORD)pLangCodePage->wLanguage; SdbpSetAttribute(pFileInfo, TAG_VER_LANGUAGE, &dwLanguage); } else { SdbpSetAttribute(pFileInfo, TAG_VER_LANGUAGE, NULL); } #endif // KERNEL_MODE } VOID SdbpQueryBinVersionInformation( IN PSDBCONTEXT pContext, IN PFILEINFO pFileInfo, OUT VS_FIXEDFILEINFO* pFixedInfo ) /*++ Return: void. Desc: Sets all the version string info available for the specified file from the fixed size resources. --*/ { LARGE_INTEGER liVerData; SdbpSetAttribute(pFileInfo, TAG_VERDATEHI, &pFixedInfo->dwFileDateMS); SdbpSetAttribute(pFileInfo, TAG_VERDATELO, &pFixedInfo->dwFileDateLS); SdbpSetAttribute(pFileInfo, TAG_VERFILEOS, &pFixedInfo->dwFileOS); SdbpSetAttribute(pFileInfo, TAG_VERFILETYPE, &pFixedInfo->dwFileType); liVerData.LowPart = pFixedInfo->dwProductVersionLS; liVerData.HighPart = pFixedInfo->dwProductVersionMS; SdbpSetAttribute(pFileInfo, TAG_BIN_PRODUCT_VERSION, &liVerData.QuadPart); SdbpSetAttribute(pFileInfo, TAG_UPTO_BIN_PRODUCT_VERSION, &liVerData.QuadPart); liVerData.LowPart = pFixedInfo->dwFileVersionLS; liVerData.HighPart = pFixedInfo->dwFileVersionMS; SdbpSetAttribute(pFileInfo, TAG_BIN_FILE_VERSION, &liVerData.QuadPart); SdbpSetAttribute(pFileInfo, TAG_UPTO_BIN_FILE_VERSION, &liVerData.QuadPart); } #if defined(NT_MODE) || defined(KERNEL_MODE) BOOL SdbpGetVersionAttributesNT( IN PSDBCONTEXT pContext, OUT PFILEINFO pFileInfo, IN PIMAGEFILEDATA pImageData ) /*++ Return: TRUE on success, FALSE otherwise. Desc: This function retrieves all of the Version-related attributes Imports apis from version.dll if called for the first time --*/ { BOOL bSuccess; LPVOID pVersionInfo = NULL; VS_FIXEDFILEINFO* pFixedInfo = NULL; int i; // // First retrieve the version info. // bSuccess = SdbpGetFileVersionInformation(pImageData, &pVersionInfo, &pFixedInfo); if (!bSuccess) { DBGPRINT((sdlInfo, "SdbpGetVersionAttributesNT", "No version info.\n")); goto ErrHandle; } // // Version information available. // // // Set the pointer to our internal function. // pContext->pfnVerQueryValue = SdbpVerQueryValue; for (i = 0; i < ARRAYSIZE(g_rgVerStrings); ++i) { SdbpSetAttribute(pFileInfo, g_rgVerStrings[i].tTag, NULL); } SdbpSetAttribute(pFileInfo, TAG_VER_LANGUAGE, NULL); // // Query binary stuff // SdbpQueryBinVersionInformation(pContext, pFileInfo, pFixedInfo); pFileInfo->pVersionInfo = pVersionInfo; return TRUE; ErrHandle: // // Reset all the string info. // for (i = 0; i < ARRAYSIZE(g_rgBinVerTags); ++i) { SdbpSetAttribute(pFileInfo, g_rgBinVerTags[i], NULL); } for (i = 0; i < ARRAYSIZE(g_rgVerStrings); ++i) { SdbpSetAttribute(pFileInfo, g_rgVerStrings[i].tTag, NULL); } return FALSE; } #endif // NT_MODE || KERNEL_MODE BOOL SdbpGetHeaderAttributes( IN PSDBCONTEXT pContext, OUT PFILEINFO pFileInfo ) /*++ Return: TRUE on success, FALSE otherwise. Desc: This function retrieves the header attributes for the specified file. --*/ { IMAGEFILEDATA ImageData; HANDLE hFile; ULONG ulPEChecksum = 0; ULONG ulChecksum = 0; DWORD dwModuleType = 0; UNICODE_STRING ModuleDescription; DWORD dwLinkerVer; DWORD dwLinkDate; BOOL bReturn = FALSE; BOOL bSuccess; int i; ImageData.dwFlags = 0; if (pFileInfo->hFile != INVALID_HANDLE_VALUE) { ImageData.hFile = pFileInfo->hFile; ImageData.dwFlags |= IMAGEFILEDATA_HANDLEVALID; } if (pFileInfo->pImageBase != NULL) { ImageData.pBase = pFileInfo->pImageBase; ImageData.ViewSize = (SIZE_T) pFileInfo->dwImageSize; ImageData.FileSize = (ULONGLONG)pFileInfo->dwImageSize; ImageData.dwFlags |= IMAGEFILEDATA_PBASEVALID; } // // SdbpOpenAndMapFile uses DOS_PATH type as an argument // In kernel mode this parameter is ignored. // if (SdbpOpenAndMapFile(pFileInfo->FilePath, &ImageData, DOS_PATH)) { bSuccess = SdbpGetModuleType(&dwModuleType, &ImageData); SdbpSetAttribute(pFileInfo, TAG_MODULE_TYPE, bSuccess ? (PVOID)&dwModuleType : NULL); bSuccess = SdbpGetModulePECheckSum(&ulPEChecksum, &dwLinkerVer, &dwLinkDate, &ImageData); SdbpSetAttribute(pFileInfo, TAG_PE_CHECKSUM, bSuccess ? (PVOID)&ulPEChecksum : NULL); SdbpSetAttribute(pFileInfo, TAG_LINKER_VERSION, bSuccess ? (PVOID)&dwLinkerVer : NULL); SdbpSetAttribute(pFileInfo, TAG_LINK_DATE, bSuccess ? (PVOID)&dwLinkDate : NULL); SdbpSetAttribute(pFileInfo, TAG_UPTO_LINK_DATE, bSuccess ? (PVOID)&dwLinkDate : NULL); bSuccess = SdbpGetFileChecksum(&ulChecksum, &ImageData); SdbpSetAttribute(pFileInfo, TAG_CHECKSUM, bSuccess ? (PVOID)&ulChecksum : NULL); #ifndef KERNEL_MODE // // Now retrieve 16-bit description string, it's max size is 256 bytes. // // This attribute is not available in kernel mode. // bSuccess = SdbpGet16BitDescription(&pFileInfo->pDescription16, &ImageData); SdbpSetAttribute(pFileInfo, TAG_16BIT_DESCRIPTION, pFileInfo->pDescription16); bSuccess = SdbpGet16BitModuleName(&pFileInfo->pModuleName16, &ImageData); SdbpSetAttribute(pFileInfo, TAG_16BIT_MODULE_NAME, pFileInfo->pModuleName16); #if defined(NT_MODE) // // Hit this case only on current platform // if (pFileInfo->hFile != INVALID_HANDLE_VALUE || pFileInfo->pImageBase != NULL) { SdbpGetVersionAttributesNT(pContext, pFileInfo, &ImageData); } #endif // NT_MODE #else // KERNEL_MODE // // When we are running in kernel mode retrieve version-related // data now as well. // SdbpGetVersionAttributesNT(pContext, pFileInfo, &ImageData); // // Retrieve file directory attributes. // SdbpGetFileDirectoryAttributesNT(pFileInfo, &ImageData); #endif // KERNEL_MODE SdbpUnmapAndCloseFile(&ImageData); return TRUE; } for (i = 0; i < ARRAYSIZE(g_rgHeaderTags); ++i) { SdbpSetAttribute(pFileInfo, g_rgHeaderTags[i], NULL); } #ifdef KERNEL_MODE // // Reset all the version attributes here as well. // for (i = 0; i < ARRAYSIZE(g_rgBinVerTags); ++i) { SdbpSetAttribute(pFileInfo, g_rgBinVerTags[i], NULL); } for (i = 0; i < ARRAYSIZE(g_rgVerStrings); ++i) { SdbpSetAttribute(pFileInfo, g_rgVerStrings[i].tTag, NULL); } #endif // KERNEL_MODE return FALSE; } BOOL SdbpGetAttribute( IN PSDBCONTEXT pContext, OUT PFILEINFO pFileInfo, IN TAG AttrID ) /*++ Return: TRUE on success, FALSE otherwise. Desc: Retrieve an attribute for a given file. We retrieve all the attributes of the same class. --*/ { BOOL bReturn = FALSE; switch (AttrID) { // // The tags below require checking the file and making a directory query. // case TAG_SIZE: #ifndef KERNEL_MODE // in kernel mode we fall through to header attributes bReturn = SdbpGetFileDirectoryAttributes(pFileInfo); break; #endif // KERNEL_MODE // // The tags below require retrieving version resources. // case TAG_VERDATEHI: case TAG_VERDATELO: case TAG_VERFILEOS: case TAG_VERFILETYPE: case TAG_UPTO_BIN_PRODUCT_VERSION: case TAG_UPTO_BIN_FILE_VERSION: case TAG_BIN_FILE_VERSION: case TAG_BIN_PRODUCT_VERSION: case TAG_PRODUCT_VERSION: case TAG_FILE_DESCRIPTION: case TAG_COMPANY_NAME: case TAG_PRODUCT_NAME: case TAG_FILE_VERSION: case TAG_ORIGINAL_FILENAME: case TAG_INTERNAL_NAME: case TAG_LEGAL_COPYRIGHT: case TAG_VER_LANGUAGE: // // In KERNEL_MODE we fall through and do the attributes using the // header attributes. // #ifndef KERNEL_MODE // // Version attributes are retrieved through the header attributes if // caller provided a handle/image base // if (pFileInfo->hFile == INVALID_HANDLE_VALUE && pFileInfo->pImageBase == NULL) { bReturn = SdbpGetVersionAttributes(pContext, pFileInfo); break; } #endif // KERNEL_MODE // // The tags below require opening a file and mapping it into memory. // case TAG_CHECKSUM: case TAG_PE_CHECKSUM: case TAG_LINKER_VERSION: case TAG_16BIT_DESCRIPTION: case TAG_16BIT_MODULE_NAME: case TAG_MODULE_TYPE: case TAG_UPTO_LINK_DATE: case TAG_LINK_DATE: bReturn = SdbpGetHeaderAttributes(pContext, pFileInfo); break; } return bReturn; } BOOL SdbpCheckAttribute( IN PSDBCONTEXT pContext, // Database Context pointer IN PVOID pFileData, // pointer returned from CheckFile IN TAG AttrID, // Attribute ID IN PVOID pAttribute // attribute value ptr (see above for description) ) /*++ Return: TRUE if the value for given attribute matches the file's attribute, FALSE otherwise. Desc: Check an attribute against a given value. This function retrieves attributes as necessary. --*/ { int nAttrIndex; PATTRINFO pAttrInfo; BOOL bReturn = FALSE; PFILEINFO pFileInfo = (PFILEINFO)pFileData; if (pAttribute == NULL) { DBGPRINT((sdlError, "SdbpCheckAttribute", "Invalid parameter.\n")); return FALSE; } nAttrIndex = TagToIndex(AttrID); if (nAttrIndex < 0) { DBGPRINT((sdlError, "SdbpCheckAttribute", "Bad Attribute ID 0x%x\n", AttrID)); return FALSE; } // // Now see if this attribute is any good. // pAttrInfo = &pFileInfo->Attributes[nAttrIndex]; if (!(pAttrInfo->dwFlags & ATTRIBUTE_AVAILABLE)) { // // See if we have tried already // if (pAttrInfo->dwFlags & ATTRIBUTE_FAILED) { DBGPRINT((sdlInfo, "SdbpCheckAttribute", "Already tried to get attr ID 0x%x.\n", AttrID)); return FALSE; } // // The attribute has not been retrieved yet, do it now then. // // Try to obtain this attribute from the file. // if (!SdbpGetAttribute(pContext, pFileInfo, AttrID)) { DBGPRINT((sdlWarning, "SdbpCheckAttribute", "Failed to get attribute \"%s\" for \"%s\"\n", SdbTagToString(AttrID), pFileInfo->FilePath)); // // ATTRIBUTE_FAILED is set by the SdbpGetAttribute // return FALSE; } } // // Check again here in case we had to retrieve the attribute. // if (!(pAttrInfo->dwFlags & ATTRIBUTE_AVAILABLE)) { return FALSE; } switch (AttrID) { case TAG_BIN_PRODUCT_VERSION: case TAG_BIN_FILE_VERSION: bReturn = SdbpCheckVersion(*(ULONGLONG*)pAttribute, pAttrInfo->ullAttr); if (!bReturn) { ULONGLONG qwDBFileVer = *(ULONGLONG*)pAttribute; ULONGLONG qwBinFileVer = pAttrInfo->ullAttr; DBGPRINT((sdlInfo, "SdbpCheckAttribute", "\"%s\" mismatch file: \"%s\". Expected %d.%d.%d.%d, Found %d.%d.%d.%d\n", SdbTagToString(AttrID), pFileInfo->FilePath, (WORD)(qwDBFileVer >> 48), (WORD)(qwDBFileVer >> 32), (WORD)(qwDBFileVer >> 16), (WORD)(qwDBFileVer), (WORD)(qwBinFileVer >> 48), (WORD)(qwBinFileVer >> 32), (WORD)(qwBinFileVer >> 16), (WORD)(qwBinFileVer))); } break; case TAG_UPTO_BIN_PRODUCT_VERSION: case TAG_UPTO_BIN_FILE_VERSION: bReturn = SdbpCheckUptoVersion(*(ULONGLONG*)pAttribute, pAttrInfo->ullAttr); if (!bReturn) { ULONGLONG qwDBFileVer = *(ULONGLONG*)pAttribute; ULONGLONG qwBinFileVer = pAttrInfo->ullAttr; DBGPRINT((sdlInfo, "SdbpCheckAttribute", "\"%s\" mismatch file: \"%s\". Expected %d.%d.%d.%d, Found %d.%d.%d.%d\n", SdbTagToString(AttrID), pFileInfo->FilePath, (WORD)(qwDBFileVer >> 48), (WORD)(qwDBFileVer >> 32), (WORD)(qwDBFileVer >> 16), (WORD)(qwDBFileVer), (WORD)(qwBinFileVer >> 48), (WORD)(qwBinFileVer >> 32), (WORD)(qwBinFileVer >> 16), (WORD)(qwBinFileVer))); } break; case TAG_UPTO_LINK_DATE: bReturn = (*(DWORD*)pAttribute >= pAttrInfo->dwAttr); if (!bReturn) { DBGPRINT((sdlInfo, "SdbpCheckAttribute", "\"%s\" mismatch file \"%s\". Expected less than 0x%x Found 0x%x\n", SdbTagToString(AttrID), pFileInfo->FilePath, *(DWORD*)pAttribute, pAttrInfo->dwAttr)); } break; default: switch (GETTAGTYPE(AttrID)) { case TAG_TYPE_DWORD: // // This is likely to be hit first. // bReturn = (*(DWORD*)pAttribute == pAttrInfo->dwAttr); if (!bReturn) { DBGPRINT((sdlInfo, "SdbpCheckAttribute", "\"%s\" mismatch file \"%s\". Expected 0x%x Found 0x%x\n", SdbTagToString(AttrID), pFileInfo->FilePath, *(DWORD*)pAttribute, pAttrInfo->dwAttr)); } break; case TAG_TYPE_STRINGREF: bReturn = SdbpPatternMatch((LPCTSTR)pAttribute, (LPCTSTR)pAttrInfo->lpAttr); if (!bReturn) { DBGPRINT((sdlInfo, "SdbpCheckAttribute", "\"%s\" mismatch file \"%s\". Expected \"%s\" Found \"%s\"\n", SdbTagToString(AttrID), pFileInfo->FilePath, pAttribute, pAttrInfo->lpAttr)); } break; case TAG_TYPE_QWORD: bReturn = (*(ULONGLONG*)pAttribute == pAttrInfo->ullAttr); if (!bReturn) { DBGPRINT((sdlInfo, "SdbpCheckAttribute", "\"%s\" mismatch file \"%s\". Expected 0x%I64x Found 0x%I64x\n", SdbTagToString(AttrID), pFileInfo->FilePath, *(ULONGLONG*)pAttribute, pAttrInfo->ullAttr)); } break; } break; } return bReturn; } PFILEINFO FindFileInfo( IN PSDBCONTEXT pContext, IN LPCTSTR FilePath ) /*++ Return: A pointer to the cached FILEINFO structure if one is found or NULL otherwise. Desc: This function performs a search in the file cache to determine whether a given file has already been touched. --*/ { PFILEINFO pFileInfo = (PFILEINFO)pContext->pFileAttributeCache; // global cache while (pFileInfo != NULL) { if (ISEQUALSTRING(pFileInfo->FilePath, FilePath)) { DBGPRINT((sdlInfo, "FindFileInfo", "FILEINFO for \"%s\" found in the cache.\n", FilePath)); return pFileInfo; } pFileInfo = pFileInfo->pNext; } return NULL; } PFILEINFO CreateFileInfo( IN PSDBCONTEXT pContext, IN LPCTSTR FullPath, IN DWORD dwLength OPTIONAL, // length (in characters) of FullPath string IN HANDLE hFile OPTIONAL, // file handle IN LPVOID pImageBase OPTIONAL, IN DWORD dwImageSize OPTIONAL, IN BOOL bNoCache ) /*++ Return: A pointer to the allocated FILEINFO structure. Desc: Allocates the FILEINFO structure for the specified file. --*/ { PFILEINFO pFileInfo; SIZE_T sizeBase; SIZE_T size; DWORD nPathLen; nPathLen = dwLength ? dwLength : (DWORD)_tcslen(FullPath); sizeBase = sizeof(*pFileInfo) + ATTRIBUTE_COUNT * sizeof(ATTRINFO); size = sizeBase + (nPathLen + 1) * sizeof(*FullPath); pFileInfo = (PFILEINFO)SdbAlloc(size); if (pFileInfo == NULL) { DBGPRINT((sdlError, "CreateFileInfo", "Failed to allocate %d bytes for FILEINFO structure.\n", size)); return NULL; } RtlZeroMemory(pFileInfo, size); pFileInfo->FilePath = (LPTSTR)((PBYTE)pFileInfo + sizeBase); RtlCopyMemory(pFileInfo->FilePath, FullPath, nPathLen * sizeof(*FullPath)); pFileInfo->FilePath[nPathLen] = TEXT('\0'); pFileInfo->hFile = hFile; pFileInfo->pImageBase = pImageBase; pFileInfo->dwImageSize = dwImageSize; // // Now link it in if we use the cache. // if (!bNoCache) { pFileInfo->pNext = (PFILEINFO)pContext->pFileAttributeCache; pContext->pFileAttributeCache = (PVOID)pFileInfo; } return pFileInfo; } void SdbFreeFileInfo( IN PVOID pFileData // pointer returned from SdbpGetFileAttributes ) /*++ Return: void. Desc: Self explanatory. Use this only after calling GetFileInfo with bNoCache set to TRUE. --*/ { PFILEINFO pFileInfo = (PFILEINFO)pFileData; if (pFileInfo == NULL) { DBGPRINT((sdlError, "SdbFreeFileInfo", "Invalid parameter.\n")); return; } if (pFileInfo->pVersionInfo != NULL) { SdbFree(pFileInfo->pVersionInfo); } if (pFileInfo->pDescription16 != NULL) { SdbFree(pFileInfo->pDescription16); } if (pFileInfo->pModuleName16 != NULL) { SdbFree(pFileInfo->pModuleName16); } SdbFree(pFileInfo); } void SdbpCleanupAttributeMgr( IN PSDBCONTEXT pContext // database context ) /*++ Return: void. Desc: This function should be called afer we are done checking a given exe it performs cleanup tasks, such as: . unload dynamically linked dll (version.dll) . cleanup file cache --*/ { PFILEINFO pFileInfo = (PFILEINFO)pContext->pFileAttributeCache; PFILEINFO pNext; while (pFileInfo != NULL) { pNext = pFileInfo->pNext; SdbFreeFileInfo(pFileInfo); pFileInfo = pNext; } // // Reset the cache pointer. // pContext->pFileAttributeCache = NULL; } BOOL SdbpCheckAllAttributes( IN PSDBCONTEXT pContext, // pointer to the database channel IN PDB pdb, // pointer to the Shim Database that we're checking against IN TAGID tiMatch, // TAGID for a given file(exe) to be checked IN PVOID pFileData // pointer returned from CheckFile ) /*++ Return: TRUE if all the file's attributes match the ones described in the database for this file, FALSE otherwise. Desc: TBD --*/ { int i; TAG tAttrID; PVOID pAttribute; TAGID tiTemp; DWORD dwAttribute; ULONGLONG ullAttribute; BOOL bReturn = TRUE; // match by default assert(tiMatch != TAGID_NULL); if (pFileData == NULL) { // // No file was passed in. This can happen if LOGIC="NOT" is used. // return FALSE; } for (i = 0; i < ATTRIBUTE_COUNT && bReturn; ++i) { tAttrID = g_rgAttributeTags[i]; tiTemp = SdbFindFirstTag(pdb, tiMatch, tAttrID); if (tiTemp != TAGID_NULL) { pAttribute = NULL; switch (GETTAGTYPE(tAttrID)) { case TAG_TYPE_DWORD: dwAttribute = SdbReadDWORDTag(pdb, tiTemp, 0); pAttribute = &dwAttribute; break; case TAG_TYPE_QWORD: ullAttribute = SdbReadQWORDTag(pdb, tiTemp, 0); pAttribute = &ullAttribute; break; case TAG_TYPE_STRINGREF: pAttribute = SdbGetStringTagPtr(pdb, tiTemp); break; } // // Now check the attribute. // bReturn = SdbpCheckAttribute(pContext, pFileData, tAttrID, pAttribute); // // we bail out if !bReturn via the condition in FOR loop above // } } return bReturn; } // // VERSION DATA // /*-- Search order is: - Language neutral, Unicode (0x000004B0) - Language neutral, Windows-multilingual (0x000004e4) - US English, Unicode (0x040904B0) - US English, Windows-multilingual (0x040904E4) If none of those exist, it's not likely we're going to get good matching info from what does exist. --*/ LPTSTR SdbpQueryVersionString( IN PSDBCONTEXT pContext, // the database channel IN PVOID pVersionData, // Version data buffer IN PLANGANDCODEPAGE pTranslations, IN DWORD TranslationCount, IN LPCTSTR szString // String to search for; see VerQueryValue in MSDN ) /*++ Return: The pointer to the string if found, NULL if not. Desc: Gets a pointer to a particular string in the StringFileInfo section of a version resource. Lookup is performed for known english-language resources followed up by a lookup in the available translations section (if such was found) --*/ { TCHAR szTemp[128]; LPTSTR szReturn = NULL; int i; static DWORD adwLangs[] = {0x000004B0, 0x000004E4, 0x040904B0, 0x040904E4}; assert(pVersionData && szString); for (i = 0; i < ARRAYSIZE(adwLangs); ++i) { UINT unLen; _stprintf(szTemp, _T("\\StringFileInfo\\%08X\\%s"), adwLangs[i], szString); if (pContext->pfnVerQueryValue(pVersionData, szTemp, (PVOID*)&szReturn, &unLen)) { return szReturn; } } if (pTranslations != NULL) { for (i = 0; i < (int)TranslationCount; ++i, ++pTranslations) { UINT unLen; _stprintf(szTemp, _T("\\StringFileInfo\\%04X%04X\\%s"), (DWORD)pTranslations->wLanguage, (DWORD)pTranslations->wCodePage, szString); if (pContext->pfnVerQueryValue(pVersionData, szTemp, (PVOID*)&szReturn, &unLen)) { return szReturn; } } } return NULL; // none found } BOOL SdbpGetModuleType( OUT LPDWORD lpdwModuleType, IN PIMAGEFILEDATA pImageData ) /*++ Return: TRUE on success, FALSE otherwise. Desc: Gets a pointer to a particular string in the StringFileInfo section of a version resource. --*/ { PIMAGE_DOS_HEADER pDosHeader; DWORD dwModuleType = MT_UNKNOWN_MODULE; LPBYTE lpSignature; DWORD OffsetNew; pDosHeader = (PIMAGE_DOS_HEADER)pImageData->pBase; if (pDosHeader == NULL || pDosHeader == (PIMAGE_DOS_HEADER)-1) { return FALSE; } // // Check size and read signature. // if (pImageData->ViewSize < sizeof(*pDosHeader) || pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) { return FALSE; } // // Assume DOS module. // dwModuleType = MT_DOS_MODULE; OffsetNew = (DWORD)pDosHeader->e_lfanew; // // New header signature. Check offset. // if (pImageData->ViewSize < OffsetNew + sizeof(DWORD)) { return FALSE; } lpSignature = ((LPBYTE)pImageData->pBase + OffsetNew); if (IMAGE_NT_SIGNATURE == *(LPDWORD)lpSignature) { dwModuleType = MT_W32_MODULE; } else if (IMAGE_OS2_SIGNATURE == *(PWORD)lpSignature) { dwModuleType = MT_W16_MODULE; } if (lpdwModuleType != NULL) { *lpdwModuleType = dwModuleType; } return TRUE; } BOOL SdbpGetImageNTHeader( OUT PIMAGE_NT_HEADERS* ppHeader, IN PIMAGEFILEDATA pImageData ) /*++ Return: TRUE on success, FALSE otherwise. Desc: Gets a pointer to the IMAGE_NT_HEADERS. --*/ { PIMAGE_DOS_HEADER pDosHeader; PIMAGE_NT_HEADERS pNtHeaders = NULL; DWORD ModuleType; if (!SdbpGetModuleType(&ModuleType, pImageData)) { return FALSE; } if (ModuleType != MT_W32_MODULE) { return FALSE; } // // Header is valid. // pDosHeader = (PIMAGE_DOS_HEADER)pImageData->pBase; pNtHeaders = (PIMAGE_NT_HEADERS)((LPBYTE)pImageData->pBase + pDosHeader->e_lfanew); if (pImageData->ViewSize >= pDosHeader->e_lfanew + sizeof(*pNtHeaders)) { // not too short? *ppHeader = pNtHeaders; return TRUE; } return FALSE; } BOOL SdbpGetModulePECheckSum( OUT PULONG pChecksum, OUT LPDWORD pdwLinkerVersion, OUT LPDWORD pdwLinkDate, IN PIMAGEFILEDATA pImageData ) /*++ Return: TRUE on success, FALSE otherwise. Desc: Gets the checksum from the PE headers. --*/ { PIMAGE_NT_HEADERS pNtHeader; PIMAGE_DOS_HEADER pDosHeader; ULONG ulChecksum = 0; if (!SdbpGetImageNTHeader(&pNtHeader, pImageData)) { DBGPRINT((sdlError, "SdbpGetModulePECheckSum", "Failed to get Image NT header.\n")); return FALSE; } pDosHeader = (PIMAGE_DOS_HEADER)pImageData->pBase; // // Fill in the linker version (as it used to calculated in ntuser). // *pdwLinkerVersion = (pNtHeader->OptionalHeader.MinorImageVersion & 0xFF) + ((pNtHeader->OptionalHeader.MajorImageVersion & 0xFF) << 16); *pdwLinkDate = pNtHeader->FileHeader.TimeDateStamp; switch (pNtHeader->OptionalHeader.Magic) { case IMAGE_NT_OPTIONAL_HDR32_MAGIC: if (pImageData->ViewSize >= pDosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS32)) { ulChecksum = ((PIMAGE_NT_HEADERS32)pNtHeader)->OptionalHeader.CheckSum; *pChecksum = ulChecksum; return TRUE; } break; case IMAGE_NT_OPTIONAL_HDR64_MAGIC: // // Do an additional check. // if (pImageData->ViewSize >= pDosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS64)) { ulChecksum = ((PIMAGE_NT_HEADERS64)pNtHeader)->OptionalHeader.CheckSum; *pChecksum = ulChecksum; return TRUE; } break; default: // // Unknown image type ? // DBGPRINT((sdlError, "SdbpGetModulePECheckSum", "Bad image type 0x%x\n", pNtHeader->OptionalHeader.Magic)); *pChecksum = 0; break; } return FALSE; } #define CHECKSUM_SIZE 4096 #define CHECKSUM_START 512 BOOL SdbpGetFileChecksum( OUT PULONG pChecksum, IN PIMAGEFILEDATA pImageData ) /*++ Return: TRUE on success, FALSE otherwise. Desc: Calculates a checksum for the file. --*/ { ULONG size = CHECKSUM_SIZE; ULONG StartAddress = CHECKSUM_START; ULONG ulChecksum = 0; LPDWORD lpdw; int i; if ((SIZE_T)pImageData->FileSize < (SIZE_T)size) { StartAddress = 0; size = (ULONG)pImageData->FileSize; // this is safe (size is rather small) } else if ((SIZE_T)(size + StartAddress) > (SIZE_T)pImageData->FileSize) { // // The cast here is safe (FileSize is small) // StartAddress = (ULONG)(pImageData->FileSize - size); } if (size >= sizeof(DWORD)) { ULONG ulCarry; lpdw = (LPDWORD)((LPBYTE)pImageData->pBase + StartAddress); for (i = 0; i < (INT)(size/sizeof(DWORD)); ++i) { if (PtrToUlong(lpdw) & 0x3) { // alignment fault fixup ulChecksum += *((DWORD UNALIGNED*)lpdw); lpdw++; } else { ulChecksum += *lpdw++; } ulCarry = ulChecksum & 1; ulChecksum >>= 1; if (ulCarry) { ulChecksum |= 0x80000000; } } } *pChecksum = ulChecksum; return TRUE; } BOOL SdbpCheckVersion( IN ULONGLONG qwDBFileVer, IN ULONGLONG qwBinFileVer ) /*++ Return: TRUE if the versions match, FALSE if they don't. Desc: Checks a binary version from the db against the version from the file, including allowing for wildcards, which are represented in the DB by using FFFF for that word-sized portion of the version. --*/ { WORD wDBSegment, wFileSegment; int i; for (i = 3; i >= 0; --i) { // // Get the appropriate word out of the QWORD // wDBSegment = (WORD)(qwDBFileVer >> (16 * i)); wFileSegment = (WORD)(qwBinFileVer >> (16 * i)); // // The DB segment may be 0xFFFF, in which case it matches on // everything. // if (wDBSegment != wFileSegment && wDBSegment != 0xFFFF) { return FALSE; } } return TRUE; } BOOL SdbpCheckUptoVersion( IN ULONGLONG qwDBFileVer, IN ULONGLONG qwBinFileVer ) /*++ Return: TRUE if the versions match, FALSE if they don't. Desc: Checks a binary version from the db against the version from the file, including allowing for wildcards, which are represented in the DB by using FFFF for that word-sized portion of the version. --*/ { WORD wDBSegment, wFileSegment; BOOL bReturn = TRUE; int i; for (i = 3; i >= 0; --i) { // // Get the appropriate word out of the QWORD // wDBSegment = (WORD)(qwDBFileVer >> (16 * i)); wFileSegment = (WORD)(qwBinFileVer >> (16 * i)); if (wDBSegment == wFileSegment || wDBSegment == 0xFFFF) { continue; } // // At this point we know that the two values don't match // the wFileSegment has to be less than wDBSegment to satisfy this // test - so set bReturn and exit // bReturn = (wDBSegment > wFileSegment); break; } return bReturn; } #ifndef KERNEL_MODE BOOL SdbFormatAttribute( IN PATTRINFO pAttrInfo, // pointer to the attribute information OUT LPTSTR pchBuffer, // receives XML corresponding to the given attribute IN DWORD dwBufferSize // size in wide characters of the buffer pchBuffer ) /*++ Return: FALSE if the buffer is too small or attribute not available. Desc: TBD. --*/ { int nchBuffer = (int)dwBufferSize; int nch; TCHAR lpszAttr[MAX_PATH]; #if defined(WIN32A_MODE) || defined(WIN32U_MODE) struct tm* ptm; time_t tt; #else LARGE_INTEGER liTime; TIME_FIELDS TimeFields; #endif if (!(pAttrInfo->dwFlags & ATTRIBUTE_AVAILABLE)) { return FALSE; } nch = _sntprintf(pchBuffer, nchBuffer, TEXT("%s="), SdbTagToString(pAttrInfo->tAttrID)); if (nch < 0) { DBGPRINT((sdlError, "SdbFormatAttribute", "Buffer is too small to accomodate \"%s\"\n", SdbTagToString(pAttrInfo->tAttrID))); return FALSE; } nchBuffer -= nch; // we advance the pointer past the "name=" pchBuffer += nch; nch = -1; switch (pAttrInfo->tAttrID) { case TAG_BIN_PRODUCT_VERSION: case TAG_BIN_FILE_VERSION: case TAG_UPTO_BIN_PRODUCT_VERSION: case TAG_UPTO_BIN_FILE_VERSION: nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%d.%d.%d.%d\""), (WORD)(pAttrInfo->ullAttr >> 48), (WORD)(pAttrInfo->ullAttr >> 32), (WORD)(pAttrInfo->ullAttr >> 16), (WORD)(pAttrInfo->ullAttr)); break; case TAG_MODULE_TYPE: nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%s\""), SdbpModuleTypeToString(pAttrInfo->dwAttr)); break; case TAG_VER_LANGUAGE: // // language is a dword attribute that we shall make a string out of // { TCHAR szLanguageName[MAX_PATH]; DWORD dwLength; szLanguageName[0] = TEXT('\0'); dwLength = VerLanguageName((LANGID)pAttrInfo->dwAttr, szLanguageName, CHARCOUNT(szLanguageName)); if (dwLength) { nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%s [0x%x]\""), szLanguageName, pAttrInfo->dwAttr); } else { nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"0x%x\""), pAttrInfo->dwAttr); } } break; case TAG_LINK_DATE: case TAG_UPTO_LINK_DATE: #if defined(WIN32A_MODE) || defined(WIN32U_MODE) tt = (time_t) pAttrInfo->dwAttr; ptm = gmtime(&tt); if (ptm) { nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%02d/%02d/%02d %02d:%02d:%02d\""), ptm->tm_mon+1, ptm->tm_mday, ptm->tm_year+1900, ptm->tm_hour, ptm->tm_min, ptm->tm_sec); } #else RtlSecondsSince1970ToTime((ULONG)pAttrInfo->dwAttr, &liTime); RtlTimeToTimeFields(&liTime, &TimeFields); nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%02d/%02d/%02d %02d:%02d:%02d\""), TimeFields.Month, TimeFields.Day, TimeFields.Year, TimeFields.Hour, TimeFields.Minute, TimeFields.Second); #endif break; case TAG_SIZE: nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"%ld\""), pAttrInfo->dwAttr); break; default: switch (GETTAGTYPE(pAttrInfo->tAttrID)) { case TAG_TYPE_DWORD: nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"0x%lX\""), pAttrInfo->dwAttr); break; case TAG_TYPE_QWORD: // // This is an unidentified QWORD attribute // DBGPRINT((sdlError, "SdbFormatAttribute", "Unexpected qword attribute found\n")); nch = _sntprintf(pchBuffer, nchBuffer, TEXT("\"0x%I64X\""), pAttrInfo->ullAttr); break; case TAG_TYPE_STRINGREF: if (nchBuffer < 3) { return FALSE; // not enough room even for " ? } *pchBuffer++ = TEXT('\"'); nchBuffer--; if (!SdbpSanitizeXML(pchBuffer, nchBuffer, pAttrInfo->lpAttr)) { // handle error please return FALSE; } // // Once done with this, sanitize further // if (!SafeNCat(pchBuffer, nchBuffer, TEXT("\""), -1)) { return FALSE; } nch = 0; break; } } return (nch >= 0); // evaluates to TRUE when we successfully printed the value into the buffer } BOOL SdbpGetVersionAttributes( IN PSDBCONTEXT pContext, OUT PFILEINFO pFileInfo ) /*++ Return: TRUE on success, FALSE otherwise. Desc: This function retrieves all of the Version-related attributes Imports apis from version.dll if called for the first time --*/ { BOOL bSuccess; DWORD dwNull = 0; VS_FIXEDFILEINFO* pFixedInfo = NULL; // fixed info ptr UINT FixedInfoSize = 0; PVOID pBuffer = NULL; // version data buffer DWORD dwBufferSize; // version data buffer size int i; #ifdef NT_MODE // // check to see whether we need to run NT routine // if (pFileInfo->hFile != INVALID_HANDLE_VALUE || pFileInfo->pImageBase != NULL) { // // not an error -- this case is handled in header attributes // goto err; } #endif // NT_MODE if (pContext == NULL) { // // Special case when it's called with null context. // In this case we use an internal structure allocated from the stack. // STACK_ALLOC(pContext, sizeof(SDBCONTEXT)); if (pContext == NULL) { DBGPRINT((sdlError, "SdbpGetVersionAttributes", "Failed to allocate %d bytes from stack\n", sizeof(SDBCONTEXT))); goto err; } RtlZeroMemory(pContext, sizeof(SDBCONTEXT)); } #ifdef WIN32A_MODE pContext->pfnGetFileVersionInfoSize = GetFileVersionInfoSizeA; pContext->pfnGetFileVersionInfo = GetFileVersionInfoA; pContext->pfnVerQueryValue = VerQueryValueA; #else pContext->pfnGetFileVersionInfoSize = GetFileVersionInfoSizeW; pContext->pfnGetFileVersionInfo = GetFileVersionInfoW; pContext->pfnVerQueryValue = VerQueryValueW; #endif dwBufferSize = pContext->pfnGetFileVersionInfoSize(pFileInfo->FilePath, &dwNull); if (dwBufferSize == 0) { DBGPRINT((sdlInfo, "SdbpGetVersionAttributes", "No version info.\n")); // // We have failed to obtain version attributes // goto err; } pBuffer = SdbAlloc(dwBufferSize + VERSIONINFO_BUFFER_PAD); if (pBuffer == NULL) { DBGPRINT((sdlError, "SdbpGetVersionAttributes", "Failed to allocate %d bytes for version info buffer.\n", dwBufferSize + VERSIONINFO_BUFFER_PAD)); goto err; } if (!pContext->pfnGetFileVersionInfo(pFileInfo->FilePath, 0, dwBufferSize, pBuffer)) { DBGPRINT((sdlError, "SdbpGetVersionAttributes", "Failed to retrieve version info for file \"%s\"", pFileInfo->FilePath)); goto err; } if (!pContext->pfnVerQueryValue(pBuffer, TEXT("\\"), (PVOID*)&pFixedInfo, &FixedInfoSize)) { DBGPRINT((sdlError, "SdbpGetVersionAttributes", "Failed to query for fixed version info size for \"%s\"\n", pFileInfo->FilePath)); goto err; } // // Retrieve string attributes. // SdbpQueryStringVersionInformation(pContext, pFileInfo, pBuffer); // // Now retrieve other attributes. // if (FixedInfoSize >= sizeof(VS_FIXEDFILEINFO)) { SdbpQueryBinVersionInformation(pContext, pFileInfo, pFixedInfo); } else { // // No other version attributes are available. Set the rest of the // attributes as being not available. // for (i = 0; i < ARRAYSIZE(g_rgBinVerTags); ++i) { SdbpSetAttribute(pFileInfo, g_rgBinVerTags[i], NULL); } } // // Store the pointer to the version info buffer. // pFileInfo->pVersionInfo = pBuffer; return TRUE; err: // // We are here ONLY when we failed to obtain version info // through apis -- regardless of the state of other value we might have // obtained if (pBuffer != NULL) { SdbFree(pBuffer); } for (i = 0; i < ARRAYSIZE(g_rgBinVerTags); ++i) { SdbpSetAttribute(pFileInfo, g_rgBinVerTags[i], NULL); } for (i = 0; i < ARRAYSIZE(g_rgVerStrings); ++i) { SdbpSetAttribute(pFileInfo, g_rgVerStrings[i].tTag, NULL); } return FALSE; } BOOL SdbpGetFileDirectoryAttributes( OUT PFILEINFO pFileInfo ) /*++ Return: TRUE on success, FALSE otherwise. Desc: This function retrieves the file directory attributes for the specified file. --*/ { BOOL bSuccess = FALSE; FILEDIRECTORYATTRIBUTES fda; int i; bSuccess = SdbpQueryFileDirectoryAttributes(pFileInfo->FilePath, &fda); if (!bSuccess) { DBGPRINT((sdlInfo, "SdbpGetFileDirectoryAttributes", "No file directory attributes available.\n")); goto Done; } if (fda.dwFlags & FDA_FILESIZE) { assert(fda.dwFileSizeHigh == 0); SdbpSetAttribute(pFileInfo, TAG_SIZE, &fda.dwFileSizeLow); } Done: if (!bSuccess) { for (i = 0; g_rgDirectoryTags[i] != 0; ++i) { SdbpSetAttribute(pFileInfo, g_rgDirectoryTags[i], NULL); } } return bSuccess; } BOOL SdbGetFileAttributes( IN LPCTSTR lpwszFileName, // the file for which attributes are requested OUT PATTRINFO* ppAttrInfo, // receives allocated pointer to the attribute array OUT LPDWORD lpdwAttrCount // receives the number of entries in an attributes table ) /*++ Return: FALSE if the file does not exist or some other severe error had occured. Note that each attribute has it's own flag ATTRIBUTE_AVAILABLE that allows for checking whether an attribute has been retrieved successfully Not all attributes might be present for all files. Desc: TBD --*/ { PFILEINFO pFileInfo; BOOL bReturn; // // The call below allocates the structure, context is not used // pFileInfo = SdbGetFileInfo(NULL, lpwszFileName, INVALID_HANDLE_VALUE, NULL, 0, TRUE); if (pFileInfo == NULL) { DBGPRINT((sdlError, "SdbGetFileAttributes", "Error retrieving FILEINFO structure\n")); return FALSE; } // // The three calls below, even when fail do not produce a fatal condition // as the exe may not have all the attributes available. // bReturn = SdbpGetFileDirectoryAttributes(pFileInfo); if (!bReturn) { DBGPRINT((sdlInfo, "SdbGetFileAttributes", "Error retrieving directory attributes\n")); } bReturn = SdbpGetVersionAttributes(NULL, pFileInfo); if (!bReturn) { DBGPRINT((sdlInfo, "SdbGetFileAttributes", "Error retrieving version attributes\n")); } bReturn = SdbpGetHeaderAttributes(NULL, pFileInfo); if (!bReturn) { DBGPRINT((sdlInfo, "SdbGetFileAttributes", "Error retrieving header attributes\n")); } pFileInfo->dwMagic = FILEINFO_MAGIC; // // Now that we are done, put the return pointer. // if (lpdwAttrCount != NULL) { *lpdwAttrCount = ATTRIBUTE_COUNT; } if (ppAttrInfo != NULL) { // // Return the pointer to the attribute info itself. // It is the same pointer we expect to get in a complimentary // call to SdbFreeFileInfo. // *ppAttrInfo = &pFileInfo->Attributes[0]; } else { // // Pointer is not needed. Release the memory. // SdbFreeFileInfo(pFileInfo); } return TRUE; } BOOL SdbFreeFileAttributes( IN PATTRINFO pFileAttributes // pointer returned by SdbGetFileAttributes ) /*++ Return: FALSE if a wrong pointer was passed in (not the one from SdbGetFileAttributes). Desc: Self explanatory. --*/ { PFILEINFO pFileInfo; // // We are assuming the pointer that was passed in points inside of a // larger structure FILEINFO. To verify that we step back a pre-determined number // of bytes (calculated below as an offset) and check the "magic" signature. // pFileInfo = (PFILEINFO)((PBYTE)pFileAttributes - OFFSETOF(FILEINFO, Attributes)); if (pFileInfo->dwMagic != FILEINFO_MAGIC) { DBGPRINT((sdlError, "SdbFreeFileAttributes", "Bad pointer to attributes.\n")); return FALSE; } SdbFreeFileInfo(pFileInfo); return TRUE; } BOOL SdbpQuery16BitDescription( OUT LPSTR szBuffer, // min length 256 chars ! IN PIMAGEFILEDATA pImageData ) /*++ Return: TRUE on success, FALSE otherwise. Desc: Gets the 16 bit description for a DOS executable. --*/ { PIMAGE_DOS_HEADER pDosHeader; PIMAGE_OS2_HEADER pNEHeader; PBYTE pSize; DWORD ModuleType; if (!SdbpGetModuleType(&ModuleType, pImageData)) { return FALSE; } if (ModuleType != MT_W16_MODULE) { return FALSE; } pDosHeader = (PIMAGE_DOS_HEADER)pImageData->pBase; pNEHeader = (PIMAGE_OS2_HEADER)((PBYTE)pImageData->pBase + pDosHeader->e_lfanew); // // Now we know that pNEHeader is valid, just have to make sure that // the next offset is valid as well, make a check against file size. // if (pImageData->ViewSize < pDosHeader->e_lfanew + sizeof(*pNEHeader)) { return FALSE; } if (pImageData->ViewSize < pNEHeader->ne_nrestab + sizeof(*pSize)) { return FALSE; } pSize = (PBYTE)((PBYTE)pImageData->pBase + pNEHeader->ne_nrestab); if (*pSize == 0) { return FALSE; } // // Now check for the string size. // if (pImageData->ViewSize < pNEHeader->ne_nrestab + sizeof(*pSize) + *pSize) { return FALSE; } RtlCopyMemory(szBuffer, pSize + 1, *pSize); szBuffer[*pSize] = '\0'; return TRUE; } BOOL SdbpQuery16BitModuleName( OUT LPSTR szBuffer, IN PIMAGEFILEDATA pImageData ) { PIMAGE_DOS_HEADER pDosHeader; PIMAGE_OS2_HEADER pNEHeader; PBYTE pSize; DWORD ModuleType; if (!SdbpGetModuleType(&ModuleType, pImageData)) { return FALSE; } if (ModuleType != MT_W16_MODULE) { return FALSE; } pDosHeader = (PIMAGE_DOS_HEADER)pImageData->pBase; pNEHeader = (PIMAGE_OS2_HEADER)((PBYTE)pImageData->pBase + pDosHeader->e_lfanew); // // Now we know that pNEHeader is valid, just have to make sure that // the next offset is valid as well, make a check against file size. // if (pImageData->ViewSize < pDosHeader->e_lfanew + sizeof(*pNEHeader)) { return FALSE; } if (pImageData->ViewSize < pNEHeader->ne_restab + sizeof(*pSize)) { return FALSE; } pSize = (PBYTE)((PBYTE)pImageData->pBase + pDosHeader->e_lfanew + pNEHeader->ne_restab); if (*pSize == 0) { return FALSE; } // // Now check for the string size. // if (pImageData->ViewSize < pDosHeader->e_lfanew + pNEHeader->ne_restab + sizeof(*pSize) + *pSize) { return FALSE; } RtlCopyMemory(szBuffer, pSize + 1, *pSize); szBuffer[*pSize] = '\0'; return TRUE; } #endif // KERNEL_MODE