#include #include #include "events.h" // // This is a simple client side extension that reads its return value from the // registry and exits. The registry value it reads is controlled via the gpext.adm // file in this directory. // #define GPEXT_PATH TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{febf1209-8aff-11d2-a8a1-00c04fbbcfa2}") #define GPEXT_NAME TEXT("Sample CSE") BOOL WINAPI LibMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved) { switch (dwReason) { case DLL_PROCESS_ATTACH: { DisableThreadLibraryCalls (hInstance); } break; } return TRUE; } DWORD ProcessGroupPolicy ( DWORD dwFlags, HANDLE hToken, HKEY hKeyRoot, PGROUP_POLICY_OBJECT pDeletedGPOList, PGROUP_POLICY_OBJECT pChangedGPOList, ASYNCCOMPLETIONHANDLE pHandle, BOOL* pbAbort, PFNSTATUSMESSAGECALLBACK pStatusCallback ) { HKEY hKey; DWORD dwResult = ERROR_SUCCESS, dwSize, dwType; TCHAR szMsg[100] = {0}; TCHAR szMsg2[100] = {0}; HANDLE hEventLog; LPTSTR szStrings[2] = {0,0}; if (RegOpenKeyEx (hKeyRoot, TEXT("Software\\Policies\\Microsoft\\Windows\\SampleCSE"), 0, KEY_READ, &hKey) == ERROR_SUCCESS) { dwSize = sizeof(dwResult); RegQueryValueEx (hKey, TEXT("ReturnValue"), NULL, &dwType, (LPBYTE) &dwResult, &dwSize); if (dwResult != ERROR_SUCCESS) { dwSize = sizeof(szMsg); RegQueryValueEx (hKey, TEXT("EventMsg1"), NULL, &dwType, (LPBYTE) szMsg, &dwSize); dwSize = sizeof(szMsg2); RegQueryValueEx (hKey, TEXT("EventMsg2"), NULL, &dwType, (LPBYTE) szMsg2, &dwSize); } RegCloseKey (hKey); } if (dwResult != ERROR_SUCCESS) { // // Put message in event log // hEventLog = RegisterEventSource(NULL, TEXT("gpext")); if (hEventLog) { szStrings[0] = szMsg; ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, EVENT_ERROR, NULL, 1, 0, szStrings, NULL); szStrings[0] = szMsg2; ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, EVENT_ERROR, NULL, 1, 0, szStrings, NULL); DeregisterEventSource(hEventLog); } } wsprintf (szMsg, TEXT("SampleCSE: returning 0x%x\r\n"), dwResult); OutputDebugString (szMsg); return dwResult; } ///////////////////////////////////////////////////////////////////////////// // DllRegisterServer - Adds entries to the system registry STDAPI DllRegisterServer(void) { HKEY hKey; LONG lResult; DWORD dwDisp, dwValue; lResult = RegCreateKeyEx (HKEY_LOCAL_MACHINE, GPEXT_PATH, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hKey, &dwDisp); if (lResult != ERROR_SUCCESS) { return lResult; } RegSetValueEx (hKey, NULL, 0, REG_SZ, (LPBYTE)GPEXT_NAME, (lstrlen(GPEXT_NAME) + 1) * sizeof(TCHAR)); RegSetValueEx (hKey, TEXT("ProcessGroupPolicy"), 0, REG_SZ, (LPBYTE)TEXT("ProcessGroupPolicy"), (lstrlen(TEXT("ProcessGroupPolicy")) + 1) * sizeof(TCHAR)); RegSetValueEx (hKey, TEXT("DllName"), 0, REG_EXPAND_SZ, (LPBYTE)TEXT("gpext.dll"), (lstrlen(TEXT("gpext.dll")) + 1) * sizeof(TCHAR)); dwValue = 1; RegSetValueEx (hKey, TEXT("NoGPOListChanges"), 0, REG_DWORD, (LPBYTE)&dwValue, sizeof(dwValue)); RegCloseKey (hKey); lResult = RegCreateKeyEx (HKEY_LOCAL_MACHINE, TEXT("SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\gpext"), 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hKey, &dwDisp); if (lResult != ERROR_SUCCESS) { return lResult; } RegSetValueEx (hKey, TEXT("EventMessageFile"), 0, REG_SZ, (LPBYTE)TEXT("gpext.dll"), (lstrlen(TEXT("gpext.dll")) + 1) * sizeof(TCHAR)); dwValue = 7; RegSetValueEx (hKey, TEXT("TypesSupported"), 0, REG_DWORD, (LPBYTE)&dwValue, sizeof(dwValue)); RegCloseKey (hKey); return S_OK; } ///////////////////////////////////////////////////////////////////////////// // DllUnregisterServer - Removes entries from the system registry STDAPI DllUnregisterServer(void) { RegDeleteKey (HKEY_LOCAL_MACHINE, GPEXT_PATH); RegDeleteKey (HKEY_LOCAL_MACHINE, TEXT("SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\gpext")); return S_OK; }