d0/dbc/vmhorizon_8c_source.html

 /*
  * PROJECT:     ReactOS 'Layers' Shim library
  * LICENSE:     GPL-2.0+ (https://spdx.org/licenses/GPL-2.0+)
  * PURPOSE:     Shim for VMWare Horizon setup
  * COPYRIGHT:   Copyright 2017 Thomas Faber (thomas.faber@reactos.org)
  *              Copyright 2017 Mark Jansen (mark.jansen@reactos.org)
  */

 #define WIN32_NO_STATUS
 #include <windef.h>
 #include <winbase.h>
 #include <shimlib.h>
 #include "ntndk.h"

 static BOOL Write(PBYTE Address, PBYTE Data, SIZE_T Size)
 {
     PVOID BaseAddress = Address;
     SIZE_T RegionSize = Size;
     ULONG OldProtection;
     NTSTATUS Status = NtProtectVirtualMemory(NtCurrentProcess(), &BaseAddress, &RegionSize, PAGE_EXECUTE_READWRITE, &OldProtection);
     if (NT_SUCCESS(Status))
     {
         SIZE_T Bytes;
         Status = NtWriteVirtualMemory(NtCurrentProcess(), Address, Data, Size, &Bytes);
         if (NT_SUCCESS(Status) && Bytes != Size)
             Status = STATUS_MEMORY_NOT_ALLOCATED;
         NtProtectVirtualMemory(NtCurrentProcess(), &BaseAddress, &RegionSize, OldProtection, &OldProtection);
     }
     return NT_SUCCESS(Status);
 }

 static void FixupDll(PLDR_DATA_TABLE_ENTRY LdrEntry)
 {
     static const UCHAR Match1[5] = { 0x0C, 0x8B, 0xFC, 0xF3, 0xA5 };
     static const UCHAR Match2[5] = { 0x0C, 0x8B, 0xFC, 0xF3, 0xA5 };
     static const UCHAR Match3[5] = { 0xB0, 0x8B, 0xFC, 0xF3, 0xA5 };
     UCHAR Replacement1[5] = { 0x10, 0x89, 0x34, 0x24, 0x90 };
     UCHAR Replacement2[5] = { 0x10, 0x89, 0x34, 0x24, 0x90 };
     UCHAR Replacement3[5] = { 0xB4, 0x89, 0x34, 0x24, 0x90 };
 #define OFFSET_1    0x21A6E
 #define OFFSET_2    0x21B04
 #define OFFSET_3    0x21C3C


     UCHAR Buffer[5];
     PBYTE Base = LdrEntry->DllBase;
     SIZE_T Bytes;

     /*
     00020E6E: 0C 8B FC F3 A5 --> 10 89 34 24 90     F11A6E - ef0000 = 21A6E
     00020F04: 0C 8B FC F3 A5 --> 10 89 34 24 90     F11B04 - ef0000 = 21B04
     00021C3C: B0 8B FC F3 A5 --> B4 89 34 24 90     F11C3C - ef0000 = 21C3C
     */
     do {
         DbgPrint("Module %wZ Loaded at 0x%p, we should patch!\n", &LdrEntry->BaseDllName, LdrEntry->DllBase);
         if (!NT_SUCCESS(NtReadVirtualMemory(NtCurrentProcess(), Base + OFFSET_1, Buffer, 5, &Bytes)) || Bytes != 5)
             break;
         if (memcmp(Buffer, Match1, sizeof(Match1)))
             break;

         if (!NT_SUCCESS(NtReadVirtualMemory(NtCurrentProcess(), Base + OFFSET_2, Buffer, 5, &Bytes)) || Bytes != 5)
             break;
         if (memcmp(Buffer, Match2, sizeof(Match2)))
             break;

         if (!NT_SUCCESS(NtReadVirtualMemory(NtCurrentProcess(), Base + OFFSET_3, Buffer, 5, &Bytes)) || Bytes != 5)
             break;
         if (memcmp(Buffer, Match3, sizeof(Match3)))
             break;

         DbgPrint("Module %wZ Loaded at 0x%p, OK to patch!\n", &LdrEntry->BaseDllName, LdrEntry->DllBase);
         if (!Write(Base + OFFSET_1, Replacement1, sizeof(Replacement1)))
             break;
         if (!Write(Base + OFFSET_2, Replacement2, sizeof(Replacement2)))
             break;
         if (!Write(Base + OFFSET_3, Replacement3, sizeof(Replacement3)))
             break;

         NtFlushInstructionCache(NtCurrentProcess(), Base, 0x22000);

         DbgPrint("Module %wZ Loaded at 0x%p, patched!\n", &LdrEntry->BaseDllName, LdrEntry->DllBase);
     } while (0);
 }

 static BOOLEAN PostfixUnicodeString(const UNICODE_STRING* String1, const UNICODE_STRING* String2)
 {
     PWCHAR pc1;
     PWCHAR pc2;
     ULONG  NumChars;

     if (String2->Length < String1->Length)
         return FALSE;

     if (!String1->Buffer || !String2->Buffer)
         return FALSE;

     NumChars = String1->Length / sizeof(WCHAR);
     pc1 = String1->Buffer;
     pc2 = String2->Buffer + (String2->Length / sizeof(WCHAR)) - NumChars;

     while (NumChars--)
     {
         if (RtlUpcaseUnicodeChar(*pc1++) != RtlUpcaseUnicodeChar(*pc2++))
             return FALSE;
     }

     return TRUE;
 }

 #define SHIM_NS         VMHorizonSetup
 #include <setup_shim.inl>

 #define SHIM_NUM_HOOKS  0
 #define SHIM_NOTIFY_FN SHIM_OBJ_NAME(Notify)

 BOOL WINAPI SHIM_OBJ_NAME(Notify)(DWORD fdwReason, PVOID ptr)
 {
     if (fdwReason == SHIM_REASON_DLL_LOAD)
     {
         static const UNICODE_STRING DllPrefix = RTL_CONSTANT_STRING(L"msi");
         static const UNICODE_STRING DllPostfix = RTL_CONSTANT_STRING(L".tmp");
         PLDR_DATA_TABLE_ENTRY LdrEntry = ptr;

         BOOLEAN Prefix = RtlPrefixUnicodeString(&DllPrefix, &LdrEntry->BaseDllName, TRUE);
         BOOLEAN Postfix = PostfixUnicodeString(&DllPostfix, &LdrEntry->BaseDllName);
         ULONG ExtraChars = (LdrEntry->BaseDllName.Length - DllPrefix.Length - DllPostfix.Length) / sizeof(WCHAR);

         /* msiN[N].tmp */
         if (Prefix && Postfix && ExtraChars <= 2)
         {
             PIMAGE_NT_HEADERS ImageNtHeader = RtlImageNtHeader(LdrEntry->DllBase);
             if (ImageNtHeader && ImageNtHeader->OptionalHeader.CheckSum == 0x176241)
             {
                 SHIM_MSG("Module %wZ is a match, applying fixups\n", &LdrEntry->BaseDllName);
                 FixupDll(LdrEntry);
             }
         }
     }
     return TRUE;
 }

 #include <implement_shim.inl>
pc2
static const unsigned char pc2[48]
Definition: des.c:68

ntndk.h

Match2
Definition: vbregexp.c:92

Prefix
_In_ __drv_aliasesMem PSTRING Prefix
Definition: rtlfuncs.h:1631

pc1
static const unsigned char pc1[56]
Definition: des.c:54

memcmp
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112

DbgPrint
#define DbgPrint
Definition: loader.c:25

TRUE
#define TRUE
Definition: types.h:120

Data
Definition: sort_test.cpp:77

winbase.h

NtProtectVirtualMemory
NTSTATUS NTAPI NtProtectVirtualMemory(IN HANDLE ProcessHandle, IN OUT PVOID *UnsafeBaseAddress, IN OUT SIZE_T *UnsafeNumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG UnsafeOldAccessProtection)
Definition: virtual.c:3024

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369

OFFSET_1
#define OFFSET_1

Base
_In_opt_ ULONG Base
Definition: rtlfuncs.h:2373

Bytes
_In_ UINT Bytes
Definition: mmcopy.h:9

Size
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361

FixupDll
static void FixupDll(PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: vmhorizon.c:32

OFFSET_3
#define OFFSET_3

PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56

Notify
BOOL WINAPI SHIM_OBJ_NAME() Notify(DWORD fdwReason, PVOID ptr)
Definition: vmhorizon.c:116

Write
static BOOL Write(PBYTE Address, PBYTE Data, SIZE_T Size)
Definition: vmhorizon.c:15

RtlUpcaseUnicodeChar
NTSYSAPI WCHAR NTAPI RtlUpcaseUnicodeChar(WCHAR Source)

_LDR_DATA_TABLE_ENTRY::DllBase
PVOID DllBase
Definition: btrfs_drv.h:1926

FALSE
#define FALSE
Definition: types.h:117

BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94

_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371

_IMAGE_NT_HEADERS
Definition: ntddk_ex.h:181

NtFlushInstructionCache
NTSTATUS NTAPI NtFlushInstructionCache(_In_ HANDLE ProcessHandle, _In_opt_ PVOID BaseAddress, _In_ SIZE_T FlushSize)
Definition: virtual.c:2957

ptr
static PVOID ptr
Definition: dispmode.c:27

shimlib.h

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

Address
static WCHAR Address[46]
Definition: ping.c:68

Buffer
Definition: bufpool.h:45

NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657

Status
Status
Definition: gdiplustypes.h:24

BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404

WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32

SHIM_MSG
#define SHIM_MSG(fmt,...)
Definition: shimlib.h:75

WINAPI
#define WINAPI
Definition: msvc.h:6

DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95

NtReadVirtualMemory
NTSTATUS NTAPI NtReadVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN SIZE_T NumberOfBytesToRead, OUT PSIZE_T NumberOfBytesRead OPTIONAL)
Definition: virtual.c:2729

windef.h

UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181

L
static const WCHAR L[]
Definition: oid.c:1250

_LDR_DATA_TABLE_ENTRY
Definition: btrfs_drv.h:1922

_IMAGE_NT_HEADERS::OptionalHeader
IMAGE_OPTIONAL_HEADER32 OptionalHeader
Definition: ntddk_ex.h:184

SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80

_UNICODE_STRING
Definition: env_spec_w32.h:368

STATUS_MEMORY_NOT_ALLOCATED
#define STATUS_MEMORY_NOT_ALLOCATED
Definition: ntstatus.h:396

PostfixUnicodeString
static BOOLEAN PostfixUnicodeString(const UNICODE_STRING *String1, const UNICODE_STRING *String2)
Definition: vmhorizon.c:85

RegionSize
__kernel_entry _Inout_ _Inout_ PSIZE_T RegionSize
Definition: mmfuncs.h:172

_LDR_DATA_TABLE_ENTRY::BaseDllName
UNICODE_STRING BaseDllName
Definition: ldrtypes.h:145

OFFSET_2
#define OFFSET_2

RtlPrefixUnicodeString
NTSYSAPI BOOLEAN NTAPI RtlPrefixUnicodeString(IN PUNICODE_STRING String1, IN PUNICODE_STRING String2, IN BOOLEAN CaseInSensitive)

RtlImageNtHeader
#define RtlImageNtHeader
Definition: compat.h:665

String2
_In_ const STRING * String2
Definition: rtlfuncs.h:2291

SHIM_REASON_DLL_LOAD
#define SHIM_REASON_DLL_LOAD
Definition: shimlib.h:47

ULONG
unsigned int ULONG
Definition: retypes.h:1

ImageNtHeader
PIMAGE_NT_HEADERS WINAPI ImageNtHeader(_In_ PVOID)

PAGE_EXECUTE_READWRITE
#define PAGE_EXECUTE_READWRITE
Definition: nt_native.h:1308

void
Definition: nsiface.idl:2306

NtWriteVirtualMemory
NTSTATUS NTAPI NtWriteVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN SIZE_T NumberOfBytesToWrite, OUT PSIZE_T NumberOfBytesWritten OPTIONAL)
Definition: virtual.c:2843

_IMAGE_OPTIONAL_HEADER::CheckSum
DWORD CheckSum
Definition: ntddk_ex.h:169

PBYTE
BYTE * PBYTE
Definition: pedump.c:66

RTL_CONSTANT_STRING
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14