/*++ Copyright (c) 2001 Microsoft Corporation Module Name: JavaVM.cpp Abstract: Prevent the installation of cab files via rundll32 so that older versions of JavaVM do not install non-compatible software. Notes: This is an app specific shim. History: 05/24/2001 mnikkel Created --*/ #include "precomp.h" IMPLEMENT_SHIM_BEGIN(JavaVM) #include "ShimHookMacro.h" APIHOOK_ENUM_BEGIN APIHOOK_ENUM_ENTRY(RegSetValueExW) APIHOOK_ENUM_ENTRY(CreateProcessA) APIHOOK_ENUM_END /*++ Check Value for rundll32 JavaPkgMgr_Install string. Typical string we are looking to stop: "rundll32 E:\WINDOWS\System32\msjava.dll,JavaPkgMgr_Install E:\WINDOWS\Java\classes\xmldso.cab,0,0,0,0,4,282" --*/ BOOL JavaPkgMgrInstallCheck( const CString & csInput) { DPFN( eDbgLevelSpew, "[JavaPkgMgrInstallCheck] input value:\n(%S)\n", csInput.Get() ); CSTRING_TRY { CStringToken csValue(csInput, L","); CString csToken; // get the first token if ( csValue.GetToken(csToken) ) { if ( csToken.Find(L"rundll32 ") > -1 ) { // Second token if ( csValue.GetToken(csToken) ) { if ( csToken.Find(L"JavaPkgMgr_Install ") > -1 ) { // Third token if ( csValue.GetToken(csToken) ) { if ( csToken.Find(L"0") == 0 ) { DPFN( eDbgLevelInfo, "[JavaPkgMgrInstallCheck] Match found, returning TRUE.\n" ); return TRUE; } } } } } } } CSTRING_CATCH { // Do Nothing } return FALSE; } /*++ Check RegSetValueExW for JavaPkgMgr_Install of cabs. If found, return successfully without setting value. --*/ LONG APIHOOK(RegSetValueExW)( HKEY hKey, LPWSTR lpValueName, DWORD Reserved, DWORD dwType, CONST BYTE * lpData, DWORD cbData ) { DPFN( eDbgLevelSpew, "[RegSetValueExW] dwType:(%d)\n", dwType ); // Check to see if we are dealing with a string value. if (dwType == REG_SZ || dwType == REG_EXPAND_SZ ) { // Convert to unicode and add null terminator. CSTRING_TRY { CString csDest; int nWChars = cbData/2; WCHAR * lpszDestBuffer = csDest.GetBuffer(nWChars); memcpy(lpszDestBuffer, lpData, cbData); lpszDestBuffer[nWChars] = '\0'; csDest.ReleaseBuffer(nWChars); DPFN( eDbgLevelSpew, "[RegSetValueExW] lpdata:(%S)\n", csDest.Get() ); if ( JavaPkgMgrInstallCheck(csDest) ) return ERROR_SUCCESS; } CSTRING_CATCH { // Do Nothing } } // // Call the original API // return ORIGINAL_API(RegSetValueExW)( hKey, lpValueName, Reserved, dwType, lpData, cbData); } /*++ Check CreateProcessA for JavaPkgMgr_Install of cabs. If found, return successfully without running. --*/ BOOL APIHOOK(CreateProcessA)( LPCSTR lpApplicationName, LPSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCSTR lpCurrentDirectory, LPSTARTUPINFOA lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation ) { DPFN( eDbgLevelSpew, "[CreateProcessA] appname:(%s)\ncommandline:(%s)\n", lpApplicationName, lpCommandLine ); if (lpCommandLine) { CSTRING_TRY { CString csCL(lpCommandLine); if ( JavaPkgMgrInstallCheck(csCL) ) { // find the rundll32 and truncate the commandline at that point int nLoc = csCL.Find(L"rundll32 "); if (nLoc > -1) { csCL.Truncate(nLoc+8); return ORIGINAL_API(CreateProcessA)(lpApplicationName, csCL.GetAnsi(), lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); } } } CSTRING_CATCH { // Do Nothing } } // // Call the original API // return ORIGINAL_API(CreateProcessA)(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation); } /*++ Register hooked functions --*/ HOOK_BEGIN APIHOOK_ENTRY(ADVAPI32.DLL, RegSetValueExW) APIHOOK_ENTRY(KERNEL32.DLL, CreateProcessA) HOOK_END IMPLEMENT_SHIM_END