157 lines
4.5 KiB
C++
157 lines
4.5 KiB
C++
/*++
|
|
|
|
Copyright (c) 2001 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
WorksSuite2001.cpp
|
|
|
|
Abstract:
|
|
|
|
Added the hook for CreateProcess to prevent IE5Setup.exe from starting
|
|
up if the system has a higher version of IE.
|
|
|
|
Notes:
|
|
|
|
This is an app specific.
|
|
|
|
History:
|
|
|
|
03/28/2001 a-larrsh Created
|
|
07/13/2001 prashkud Added hook for CreateProcess
|
|
01/11/2001 robkenny Removed code that was deleting Shockwave files whenever this shim loaded.
|
|
|
|
--*/
|
|
|
|
#include "precomp.h"
|
|
|
|
IMPLEMENT_SHIM_BEGIN(WorksSuite2001)
|
|
#include "ShimHookMacro.h"
|
|
|
|
#include "userenv.h"
|
|
|
|
APIHOOK_ENUM_BEGIN
|
|
APIHOOK_ENUM_ENTRY(CreateProcessA)
|
|
APIHOOK_ENUM_END
|
|
|
|
|
|
/*++
|
|
|
|
Hooks CreateProcessA and if the process being invoked is "ie5setup.exe",
|
|
determines the IE version on the system and if it is higher than IE 5.5,
|
|
launches an harmless .exe like "rundll32.exe" instead.
|
|
|
|
--*/
|
|
|
|
BOOL
|
|
APIHOOK(CreateProcessA)(
|
|
LPCSTR lpApplicationName,
|
|
LPSTR lpCommandLine,
|
|
LPSECURITY_ATTRIBUTES lpProcessAttributes,
|
|
LPSECURITY_ATTRIBUTES lpThreadAttributes,
|
|
BOOL bInheritHandles,
|
|
DWORD dwCreationFlags,
|
|
LPVOID lpEnvironment,
|
|
LPCSTR lpCurrentDirectory,
|
|
LPSTARTUPINFOA lpStartupInfo,
|
|
LPPROCESS_INFORMATION lpProcessInformation
|
|
)
|
|
{
|
|
DPFN( eDbgLevelSpew, "[CreateProcessA] appname:(%s)\ncommandline:(%s)",
|
|
lpApplicationName, lpCommandLine );
|
|
|
|
CSTRING_TRY
|
|
{
|
|
CString csAppName(lpApplicationName);
|
|
CString csCmdLine(lpCommandLine);
|
|
|
|
if ((csAppName.Find(L"ie5setup.exe") != -1) ||
|
|
(csCmdLine.Find(L"ie5setup.exe") != -1))
|
|
{
|
|
//
|
|
// App has called CreateProcess on ie5setup.exe.
|
|
// Check the version of IE that we have on the machine.
|
|
//
|
|
|
|
HKEY hKey = NULL;
|
|
if ((RegOpenKeyExW(HKEY_LOCAL_MACHINE,
|
|
L"Software\\Microsoft\\Internet Explorer",
|
|
0,
|
|
KEY_QUERY_VALUE,
|
|
&hKey) == ERROR_SUCCESS))
|
|
{
|
|
WCHAR wszBuf[MAX_PATH];
|
|
DWORD dwSize = MAX_PATH;
|
|
|
|
if (RegQueryValueExW(hKey, L"Version", NULL, NULL,
|
|
(LPBYTE)wszBuf, &dwSize) == ERROR_SUCCESS)
|
|
{
|
|
WCHAR *StopString = NULL;
|
|
CStringParser csParser(wszBuf, L".");
|
|
|
|
// We need at least the major and minor version numbers from the version string
|
|
if (csParser.GetCount() >= 2)
|
|
{
|
|
long lVal = wcstol(csParser[0].Get(), &StopString, 10);
|
|
|
|
if (lVal > 5)
|
|
{
|
|
//
|
|
// Call rundll32.exe, which is harmless
|
|
//
|
|
csAppName = "";
|
|
csCmdLine = "rundll32.exe";
|
|
}
|
|
else
|
|
{
|
|
// check the 2nd value
|
|
StopString = NULL;
|
|
lVal = 0;
|
|
lVal = wcstol(csParser[1].Get(), &StopString, 10);
|
|
if (lVal > 5)
|
|
{
|
|
csAppName = "";
|
|
csCmdLine = "rundll32.exe";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
RegCloseKey(hKey);
|
|
}
|
|
}
|
|
|
|
return ORIGINAL_API(CreateProcessA)(
|
|
csAppName.GetAnsiNIE(),csCmdLine.GetAnsiNIE(),
|
|
lpProcessAttributes,lpThreadAttributes, bInheritHandles,
|
|
dwCreationFlags, lpEnvironment,lpCurrentDirectory,
|
|
lpStartupInfo,lpProcessInformation);
|
|
}
|
|
CSTRING_CATCH
|
|
{
|
|
// Do nothing
|
|
}
|
|
|
|
return ORIGINAL_API(CreateProcessA)(lpApplicationName,
|
|
lpCommandLine, lpProcessAttributes,
|
|
lpThreadAttributes, bInheritHandles,
|
|
dwCreationFlags, lpEnvironment,
|
|
lpCurrentDirectory, lpStartupInfo,lpProcessInformation);
|
|
|
|
}
|
|
|
|
/*++
|
|
|
|
Register hooked functions
|
|
|
|
--*/
|
|
|
|
HOOK_BEGIN
|
|
|
|
APIHOOK_ENTRY(KERNEL32.DLL, CreateProcessA)
|
|
|
|
HOOK_END
|
|
|
|
|
|
IMPLEMENT_SHIM_END
|
|
|