d0/dbc/vmhorizon_8c_source.html

/*

 * PROJECT:     ReactOS 'Layers' Shim library

 * LICENSE:     GPL-2.0+ (https://spdx.org/licenses/GPL-2.0+)

 * PURPOSE:     Shim for VMWare Horizon setup

 * COPYRIGHT:   Copyright 2017 Thomas Faber (thomas.faber@reactos.org)

 *              Copyright 2017 Mark Jansen (mark.jansen@reactos.org)

 */


#define WIN32_NO_STATUS

#include <windef.h>

#include <winbase.h>

#include <shimlib.h>

#include "ntndk.h"


static BOOL Write(PBYTE Address, PBYTE Data, SIZE_T Size)

{

    PVOID BaseAddress = Address;

    SIZE_T RegionSize = Size;

    ULONG OldProtection;

    NTSTATUS Status = NtProtectVirtualMemory(NtCurrentProcess(), &BaseAddress, &RegionSize, PAGE_EXECUTE_READWRITE, &OldProtection);

    if (NT_SUCCESS(Status))

    {

        SIZE_T Bytes;

        Status = NtWriteVirtualMemory(NtCurrentProcess(), Address, Data, Size, &Bytes);

        if (NT_SUCCESS(Status) && Bytes != Size)

            Status = STATUS_MEMORY_NOT_ALLOCATED;

        NtProtectVirtualMemory(NtCurrentProcess(), &BaseAddress, &RegionSize, OldProtection, &OldProtection);

    }

    return NT_SUCCESS(Status);

}


static void FixupDll(PLDR_DATA_TABLE_ENTRY LdrEntry)

{

    static const UCHAR Match1[5] = { 0x0C, 0x8B, 0xFC, 0xF3, 0xA5 };

    static const UCHAR Match2[5] = { 0x0C, 0x8B, 0xFC, 0xF3, 0xA5 };

    static const UCHAR Match3[5] = { 0xB0, 0x8B, 0xFC, 0xF3, 0xA5 };

    UCHAR Replacement1[5] = { 0x10, 0x89, 0x34, 0x24, 0x90 };

    UCHAR Replacement2[5] = { 0x10, 0x89, 0x34, 0x24, 0x90 };

    UCHAR Replacement3[5] = { 0xB4, 0x89, 0x34, 0x24, 0x90 };

#define OFFSET_1    0x21A6E

#define OFFSET_2    0x21B04

#define OFFSET_3    0x21C3C


    UCHAR Buffer[5];

    PBYTE Base = LdrEntry->DllBase;

    SIZE_T Bytes;


    /*

    00020E6E: 0C 8B FC F3 A5 --> 10 89 34 24 90     F11A6E - ef0000 = 21A6E

    00020F04: 0C 8B FC F3 A5 --> 10 89 34 24 90     F11B04 - ef0000 = 21B04

    00021C3C: B0 8B FC F3 A5 --> B4 89 34 24 90     F11C3C - ef0000 = 21C3C

    */

    do {

        DbgPrint("Module %wZ Loaded at 0x%p, we should patch!\n", &LdrEntry->BaseDllName, LdrEntry->DllBase);

        if (!NT_SUCCESS(NtReadVirtualMemory(NtCurrentProcess(), Base + OFFSET_1, Buffer, 5, &Bytes)) || Bytes != 5)

            break;

        if (memcmp(Buffer, Match1, sizeof(Match1)))

            break;


        if (!NT_SUCCESS(NtReadVirtualMemory(NtCurrentProcess(), Base + OFFSET_2, Buffer, 5, &Bytes)) || Bytes != 5)

            break;

        if (memcmp(Buffer, Match2, sizeof(Match2)))

            break;


        if (!NT_SUCCESS(NtReadVirtualMemory(NtCurrentProcess(), Base + OFFSET_3, Buffer, 5, &Bytes)) || Bytes != 5)

            break;

        if (memcmp(Buffer, Match3, sizeof(Match3)))

            break;


        DbgPrint("Module %wZ Loaded at 0x%p, OK to patch!\n", &LdrEntry->BaseDllName, LdrEntry->DllBase);

        if (!Write(Base + OFFSET_1, Replacement1, sizeof(Replacement1)))

            break;

        if (!Write(Base + OFFSET_2, Replacement2, sizeof(Replacement2)))

            break;

        if (!Write(Base + OFFSET_3, Replacement3, sizeof(Replacement3)))

            break;


        NtFlushInstructionCache(NtCurrentProcess(), Base, 0x22000);


        DbgPrint("Module %wZ Loaded at 0x%p, patched!\n", &LdrEntry->BaseDllName, LdrEntry->DllBase);

    } while (0);

}


static BOOLEAN PostfixUnicodeString(const UNICODE_STRING* String1, const UNICODE_STRING* String2)

{

    PWCHAR pc1;

    PWCHAR pc2;

    ULONG  NumChars;


    if (String2->Length < String1->Length)

        return FALSE;


    if (!String1->Buffer || !String2->Buffer)

        return FALSE;


    NumChars = String1->Length / sizeof(WCHAR);

    pc1 = String1->Buffer;

    pc2 = String2->Buffer + (String2->Length / sizeof(WCHAR)) - NumChars;


    while (NumChars--)

    {

        if (RtlUpcaseUnicodeChar(*pc1++) != RtlUpcaseUnicodeChar(*pc2++))

            return FALSE;

    }


    return TRUE;

}


#define SHIM_NS         VMHorizonSetup

#include <setup_shim.inl>


#define SHIM_NUM_HOOKS  0

#define SHIM_NOTIFY_FN SHIM_OBJ_NAME(Notify)


BOOL WINAPI SHIM_OBJ_NAME(Notify)(DWORD fdwReason, PVOID ptr)

{

    if (fdwReason == SHIM_REASON_DLL_LOAD)

    {

        static const UNICODE_STRING DllPrefix = RTL_CONSTANT_STRING(L"msi");

        static const UNICODE_STRING DllPostfix = RTL_CONSTANT_STRING(L".tmp");

        PLDR_DATA_TABLE_ENTRY LdrEntry = ptr;


        BOOLEAN Prefix = RtlPrefixUnicodeString(&DllPrefix, &LdrEntry->BaseDllName, TRUE);

        BOOLEAN Postfix = PostfixUnicodeString(&DllPostfix, &LdrEntry->BaseDllName);

        ULONG ExtraChars = (LdrEntry->BaseDllName.Length - DllPrefix.Length - DllPostfix.Length) / sizeof(WCHAR);


        /* msiN[N].tmp */

        if (Prefix && Postfix && ExtraChars <= 2)

        {

            PIMAGE_NT_HEADERS ImageNtHeader = RtlImageNtHeader(LdrEntry->DllBase);

            if (ImageNtHeader && ImageNtHeader->OptionalHeader.CheckSum == 0x176241)

            {

                SHIM_MSG("Module %wZ is a match, applying fixups\n", &LdrEntry->BaseDllName);

                FixupDll(LdrEntry);

            }

        }

    }

    return TRUE;

}


#include <implement_shim.inl>

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

memcmp
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112

fdwReason
static DWORD const fdwReason
Definition: appcrt_dllmain.cpp:57

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

Buffer
Definition: bufpool.h:45

ImageNtHeader
PIMAGE_NT_HEADERS WINAPI ImageNtHeader(_In_ PVOID)

TRUE
#define TRUE
Definition: types.h:120

FALSE
#define FALSE
Definition: types.h:117

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33

RtlImageNtHeader
#define RtlImageNtHeader
Definition: compat.h:806

pc1
static const unsigned char pc1[56]
Definition: des.c:54

pc2
static const unsigned char pc2[48]
Definition: des.c:68

L
#define L(x)
Definition: resources.c:13

BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94

DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95

Status
Status
Definition: gdiplustypes.h:25

DbgPrint
#define DbgPrint
Definition: hal.h:12

void
Definition: nsiface.idl:2307

Bytes
_In_ UINT Bytes
Definition: mmcopy.h:9

ptr
static PVOID ptr
Definition: dispmode.c:27

BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404

RegionSize
__kernel_entry _Inout_ _Inout_ PSIZE_T RegionSize
Definition: mmfuncs.h:172

String2
_In_ const STRING * String2
Definition: rtlfuncs.h:2396

Base
_In_opt_ ULONG Base
Definition: rtlfuncs.h:2478

RtlUpcaseUnicodeChar
WCHAR NTAPI RtlUpcaseUnicodeChar(_In_ WCHAR Source)
Definition: nlsboot.c:176

NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657

RtlPrefixUnicodeString
NTSYSAPI BOOLEAN NTAPI RtlPrefixUnicodeString(IN PUNICODE_STRING String1, IN PUNICODE_STRING String2, IN BOOLEAN CaseInSensitive)

PAGE_EXECUTE_READWRITE
#define PAGE_EXECUTE_READWRITE
Definition: nt_native.h:1308

ntndk.h

NtWriteVirtualMemory
NTSTATUS NTAPI NtWriteVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN SIZE_T NumberOfBytesToWrite, OUT PSIZE_T NumberOfBytesWritten OPTIONAL)
Definition: virtual.c:2890

NtProtectVirtualMemory
NTSTATUS NTAPI NtProtectVirtualMemory(IN HANDLE ProcessHandle, IN OUT PVOID *UnsafeBaseAddress, IN OUT SIZE_T *UnsafeNumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG UnsafeOldAccessProtection)
Definition: virtual.c:3071

NtReadVirtualMemory
NTSTATUS NTAPI NtReadVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN SIZE_T NumberOfBytesToRead, OUT PSIZE_T NumberOfBytesRead OPTIONAL)
Definition: virtual.c:2776

NtFlushInstructionCache
NTSTATUS NTAPI NtFlushInstructionCache(_In_ HANDLE ProcessHandle, _In_opt_ PVOID BaseAddress, _In_ SIZE_T FlushSize)
Definition: virtual.c:3004

STATUS_MEMORY_NOT_ALLOCATED
#define STATUS_MEMORY_NOT_ALLOCATED
Definition: ntstatus.h:396

PBYTE
BYTE * PBYTE
Definition: pedump.c:66

Address
static WCHAR Address[46]
Definition: ping.c:68

shimlib.h

SHIM_REASON_DLL_LOAD
#define SHIM_REASON_DLL_LOAD
Definition: shimlib.h:47

SHIM_MSG
#define SHIM_MSG(fmt,...)
Definition: shimlib.h:75

Data
Definition: sort_test.cpp:77

Match2
Definition: vbregexp.c:92

_IMAGE_NT_HEADERS
Definition: ntddk_ex.h:181

_IMAGE_NT_HEADERS::OptionalHeader
IMAGE_OPTIONAL_HEADER32 OptionalHeader
Definition: ntddk_ex.h:184

_IMAGE_OPTIONAL_HEADER::CheckSum
DWORD CheckSum
Definition: ntddk_ex.h:169

_LDR_DATA_TABLE_ENTRY
Definition: btrfs_drv.h:1876

_LDR_DATA_TABLE_ENTRY::DllBase
PVOID DllBase
Definition: btrfs_drv.h:1880

_LDR_DATA_TABLE_ENTRY::BaseDllName
UNICODE_STRING BaseDllName
Definition: ldrtypes.h:149

_UNICODE_STRING
Definition: env_spec_w32.h:368

_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369

_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371

RTL_CONSTANT_STRING
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14

SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80

PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56

ULONG
uint32_t ULONG
Definition: typedefs.h:59

PostfixUnicodeString
static BOOLEAN PostfixUnicodeString(const UNICODE_STRING *String1, const UNICODE_STRING *String2)
Definition: vmhorizon.c:85

OFFSET_2
#define OFFSET_2

FixupDll
static void FixupDll(PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: vmhorizon.c:32

Write
static BOOL Write(PBYTE Address, PBYTE Data, SIZE_T Size)
Definition: vmhorizon.c:15

OFFSET_3
#define OFFSET_3

OFFSET_1
#define OFFSET_1

Notify
BOOL WINAPI SHIM_OBJ_NAME() Notify(DWORD fdwReason, PVOID ptr)
Definition: vmhorizon.c:116

Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533

winbase.h

windef.h

WINAPI
#define WINAPI
Definition: msvc.h:6

Prefix
_In_ __drv_aliasesMem PSTRING Prefix
Definition: rtlfuncs.h:1647

UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181

WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180