ReactOS 0.4.16-dev-1040-g85afe48
Classes | Macros | Typedefs | Functions | Variables
apphelp.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
#include <pshpack1.h>
#include <poppack.h>
Include dependency graph for apphelp.c:

Go to the source code of this file.

Classes

struct  SHIM_PERSISTENT_CACHE_HEADER_52
 
struct  SHIM_PERSISTENT_CACHE_ENTRY_52
 
struct  SHIM_CACHE_ENTRY
 

Macros

#define NDEBUG
 
#define EMPTY_SHIM_ENTRY   { { 0 }, { { 0 } }, 0 }
 
#define MAX_SHIM_ENTRIES   0x200
 
#define INVALID_HANDLE_VALUE   (HANDLE)(-1)
 
#define CACHE_MAGIC_NT_52   0xbadc0ffe
 
#define CACHE_HEADER_SIZE_NT_52   0x8
 
#define NT52_PERSISTENT_ENTRY_SIZE32   0x18
 
#define NT52_PERSISTENT_ENTRY_SIZE64   0x20
 
#define SHIM_CACHE_MAGIC   CACHE_MAGIC_NT_52
 
#define SHIM_CACHE_HEADER_SIZE   CACHE_HEADER_SIZE_NT_52
 
#define SHIM_PERSISTENT_CACHE_ENTRY_SIZE   NT52_PERSISTENT_ENTRY_SIZE32
 
#define SHIM_PERSISTENT_CACHE_HEADER   SHIM_PERSISTENT_CACHE_HEADER_52
 
#define PSHIM_PERSISTENT_CACHE_HEADER   PSHIM_PERSISTENT_CACHE_HEADER_52
 
#define SHIM_PERSISTENT_CACHE_ENTRY   SHIM_PERSISTENT_CACHE_ENTRY_52
 
#define PSHIM_PERSISTENT_CACHE_ENTRY   PSHIM_PERSISTENT_CACHE_ENTRY_52
 

Typedefs

typedef struct SHIM_PERSISTENT_CACHE_HEADER_52 SHIM_PERSISTENT_CACHE_HEADER_52
 
typedef struct SHIM_PERSISTENT_CACHE_HEADER_52PSHIM_PERSISTENT_CACHE_HEADER_52
 
typedef struct SHIM_PERSISTENT_CACHE_ENTRY_52 SHIM_PERSISTENT_CACHE_ENTRY_52
 
typedef struct SHIM_PERSISTENT_CACHE_ENTRY_52PSHIM_PERSISTENT_CACHE_ENTRY_52
 
typedef struct SHIM_CACHE_ENTRY SHIM_CACHE_ENTRY
 
typedef struct SHIM_CACHE_ENTRYPSHIM_CACHE_ENTRY
 

Functions

 C_ASSERT (sizeof(SHIM_PERSISTENT_CACHE_ENTRY)==SHIM_PERSISTENT_CACHE_ENTRY_SIZE)
 
 C_ASSERT (sizeof(SHIM_PERSISTENT_CACHE_HEADER)==SHIM_CACHE_HEADER_SIZE)
 
PVOID ApphelpAlloc (_In_ ULONG ByteSize)
 
VOID ApphelpFree (_In_ PVOID Data)
 
VOID ApphelpCacheAcquireLock (VOID)
 
BOOLEAN ApphelpCacheTryAcquireLock (VOID)
 
VOID ApphelpCacheReleaseLock (VOID)
 
VOID ApphelpDuplicateUnicodeString (_Out_ PUNICODE_STRING Destination, _In_ PCUNICODE_STRING Source)
 
VOID ApphelpFreeUnicodeString (_Inout_ PUNICODE_STRING String)
 
NTSTATUS ApphelpCacheQueryInfo (_In_ HANDLE ImageHandle, _Out_ PSHIM_CACHE_ENTRY Entry)
 
RTL_GENERIC_COMPARE_RESULTS NTAPI ApphelpShimCacheCompareRoutine (_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID FirstStruct, _In_ PVOID SecondStruct)
 
PVOID NTAPI ApphelpShimCacheAllocateRoutine (_In_ struct _RTL_AVL_TABLE *Table, _In_ CLONG ByteSize)
 
VOID NTAPI ApphelpShimCacheFreeRoutine (_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID Buffer)
 
NTSTATUS ApphelpCacheParse (_In_reads_(DataLength) PUCHAR Data, _In_ ULONG DataLength)
 
BOOLEAN ApphelpCacheRead (VOID)
 
BOOLEAN ApphelpCacheWrite (VOID)
 
NTSTATUS NTAPI ApphelpCacheInitialize (VOID)
 
VOID NTAPI ApphelpCacheShutdown (VOID)
 
NTSTATUS ApphelpValidateData (_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData, _Out_ PUNICODE_STRING ImageName, _Out_ PHANDLE ImageHandle)
 
NTSTATUS ApphelpCacheRemoveEntryNolock (_In_ PSHIM_CACHE_ENTRY Entry)
 
NTSTATUS ApphelpCacheLookupEntry (_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
 
NTSTATUS ApphelpCacheRemoveEntry (_In_ PUNICODE_STRING ImageName)
 
NTSTATUS ApphelpCacheAccessCheck (VOID)
 
NTSTATUS ApphelpCacheUpdateEntry (_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
 
NTSTATUS ApphelpCacheFlush (VOID)
 
NTSTATUS ApphelpCacheDump (VOID)
 
NTSTATUS NTAPI NtApphelpCacheControl (_In_ APPHELPCACHESERVICECLASS Service, _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData)
 

Variables

static BOOLEAN ApphelpCacheEnabled = FALSE
 
static ERESOURCE ApphelpCacheLock
 
static RTL_AVL_TABLE ApphelpShimCache
 
static LIST_ENTRY ApphelpShimCacheAge
 
ULONG InitSafeBootMode
 
static UNICODE_STRING AppCompatCacheKey = RTL_CONSTANT_STRING(L"\\Registry\\MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\AppCompatCache")
 
static OBJECT_ATTRIBUTES AppCompatKeyAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES(&AppCompatCacheKey, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE)
 
static UNICODE_STRING AppCompatCacheValue = RTL_CONSTANT_STRING(L"AppCompatCache")
 

Macro Definition Documentation

◆ CACHE_HEADER_SIZE_NT_52

#define CACHE_HEADER_SIZE_NT_52   0x8

Definition at line 66 of file apphelp.c.

◆ CACHE_MAGIC_NT_52

#define CACHE_MAGIC_NT_52   0xbadc0ffe

Definition at line 65 of file apphelp.c.

◆ EMPTY_SHIM_ENTRY

#define EMPTY_SHIM_ENTRY   { { 0 }, { { 0 } }, 0 }

Definition at line 40 of file apphelp.c.

◆ INVALID_HANDLE_VALUE

#define INVALID_HANDLE_VALUE   (HANDLE)(-1)

Definition at line 44 of file apphelp.c.

◆ MAX_SHIM_ENTRIES

#define MAX_SHIM_ENTRIES   0x200

Definition at line 41 of file apphelp.c.

◆ NDEBUG

#define NDEBUG

Definition at line 24 of file apphelp.c.

◆ NT52_PERSISTENT_ENTRY_SIZE32

#define NT52_PERSISTENT_ENTRY_SIZE32   0x18

Definition at line 67 of file apphelp.c.

◆ NT52_PERSISTENT_ENTRY_SIZE64

#define NT52_PERSISTENT_ENTRY_SIZE64   0x20

Definition at line 68 of file apphelp.c.

◆ PSHIM_PERSISTENT_CACHE_ENTRY

#define PSHIM_PERSISTENT_CACHE_ENTRY   PSHIM_PERSISTENT_CACHE_ENTRY_52

Definition at line 85 of file apphelp.c.

◆ PSHIM_PERSISTENT_CACHE_HEADER

#define PSHIM_PERSISTENT_CACHE_HEADER   PSHIM_PERSISTENT_CACHE_HEADER_52

Definition at line 83 of file apphelp.c.

◆ SHIM_CACHE_HEADER_SIZE

#define SHIM_CACHE_HEADER_SIZE   CACHE_HEADER_SIZE_NT_52

Definition at line 76 of file apphelp.c.

◆ SHIM_CACHE_MAGIC

#define SHIM_CACHE_MAGIC   CACHE_MAGIC_NT_52

Definition at line 75 of file apphelp.c.

◆ SHIM_PERSISTENT_CACHE_ENTRY

#define SHIM_PERSISTENT_CACHE_ENTRY   SHIM_PERSISTENT_CACHE_ENTRY_52

Definition at line 84 of file apphelp.c.

◆ SHIM_PERSISTENT_CACHE_ENTRY_SIZE

#define SHIM_PERSISTENT_CACHE_ENTRY_SIZE   NT52_PERSISTENT_ENTRY_SIZE32

Definition at line 80 of file apphelp.c.

◆ SHIM_PERSISTENT_CACHE_HEADER

#define SHIM_PERSISTENT_CACHE_HEADER   SHIM_PERSISTENT_CACHE_HEADER_52

Definition at line 82 of file apphelp.c.

Typedef Documentation

◆ PSHIM_CACHE_ENTRY

typedef struct SHIM_CACHE_ENTRY * PSHIM_CACHE_ENTRY

◆ PSHIM_PERSISTENT_CACHE_ENTRY_52

typedef struct SHIM_PERSISTENT_CACHE_ENTRY_52 * PSHIM_PERSISTENT_CACHE_ENTRY_52

◆ PSHIM_PERSISTENT_CACHE_HEADER_52

typedef struct SHIM_PERSISTENT_CACHE_HEADER_52 * PSHIM_PERSISTENT_CACHE_HEADER_52

◆ SHIM_CACHE_ENTRY

typedef struct SHIM_CACHE_ENTRY SHIM_CACHE_ENTRY

◆ SHIM_PERSISTENT_CACHE_ENTRY_52

typedef struct SHIM_PERSISTENT_CACHE_ENTRY_52 SHIM_PERSISTENT_CACHE_ENTRY_52

◆ SHIM_PERSISTENT_CACHE_HEADER_52

typedef struct SHIM_PERSISTENT_CACHE_HEADER_52 SHIM_PERSISTENT_CACHE_HEADER_52

Function Documentation

◆ ApphelpAlloc()

PVOID ApphelpAlloc ( _In_ ULONG  ByteSize)

Definition at line 101 of file apphelp.c.

103{
104 return ExAllocatePoolWithTag(PagedPool, ByteSize, TAG_SHIM);
105}
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PagedPool
#define PagedPool
Definition: env_spec_w32.h:308
TAG_SHIM
#define TAG_SHIM
Definition: tag.h:137
ByteSize
_IRQL_requires_same_ _In_ CLONG ByteSize
Definition: rtltypes.h:412

Referenced by ApphelpCacheRead(), ApphelpCacheWrite(), ApphelpDuplicateUnicodeString(), and ApphelpShimCacheAllocateRoutine().

◆ ApphelpCacheAccessCheck()

NTSTATUS ApphelpCacheAccessCheck ( VOID  )

Definition at line 602 of file apphelp.c.

603{
604 if (ExGetPreviousMode() != KernelMode)
605 {
606 if (!SeSinglePrivilegeCheck(SeTcbPrivilege, UserMode))
607 {
608 DPRINT1("SHIMS: ApphelpCacheAccessCheck failed\n");
609 return STATUS_ACCESS_DENIED;
610 }
611 }
612 return STATUS_SUCCESS;
613}
DPRINT1
#define DPRINT1
Definition: precomp.h:8
ExGetPreviousMode
#define ExGetPreviousMode
Definition: ex.h:143
KernelMode
#define KernelMode
Definition: asm.h:38
UserMode
#define UserMode
Definition: asm.h:39
SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:26
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145

Referenced by NtApphelpCacheControl().

◆ ApphelpCacheAcquireLock()

VOID ApphelpCacheAcquireLock ( VOID  )

Definition at line 115 of file apphelp.c.

116{
117 KeEnterCriticalRegion();
118 ExAcquireResourceExclusiveLite(&ApphelpCacheLock, TRUE);
119}
TRUE
#define TRUE
Definition: types.h:120
ExAcquireResourceExclusiveLite
#define ExAcquireResourceExclusiveLite(res, wait)
Definition: env_spec_w32.h:615
KeEnterCriticalRegion
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
ApphelpCacheLock
static ERESOURCE ApphelpCacheLock
Definition: apphelp.c:30

Referenced by ApphelpCacheDump(), ApphelpCacheFlush(), ApphelpCacheRemoveEntry(), ApphelpCacheUpdateEntry(), and ApphelpCacheWrite().

◆ ApphelpCacheDump()

NTSTATUS ApphelpCacheDump ( VOID  )

Definition at line 703 of file apphelp.c.

704{
705 PLIST_ENTRY ListEntry;
706 PSHIM_CACHE_ENTRY Entry;
707
708 DPRINT1("SHIMS: NtApphelpCacheControl( Dumping entries, newest to oldest )\n");
709 ApphelpCacheAcquireLock();
710 ListEntry = ApphelpShimCacheAge.Flink;
711 while (ListEntry != &ApphelpShimCacheAge)
712 {
713 Entry = CONTAINING_RECORD(ListEntry, SHIM_CACHE_ENTRY, List);
714 DPRINT1("Entry: %wZ\n", &Entry->Persistent.ImageName);
715 DPRINT1("DateTime: 0x%I64x\n", Entry->Persistent.DateTime.QuadPart);
716 DPRINT1("FileSize: 0x%I64x\n", Entry->Persistent.FileSize.QuadPart);
717 DPRINT1("Flags: 0x%x\n", Entry->CompatFlags);
718 ListEntry = ListEntry->Flink;
719 }
720 ApphelpCacheReleaseLock();
721 return STATUS_SUCCESS;
722}
ApphelpShimCacheAge
static LIST_ENTRY ApphelpShimCacheAge
Definition: apphelp.c:32
ApphelpCacheAcquireLock
VOID ApphelpCacheAcquireLock(VOID)
Definition: apphelp.c:115
ApphelpCacheReleaseLock
VOID ApphelpCacheReleaseLock(VOID)
Definition: apphelp.c:134
Entry
base of all file and directory entries
Definition: entries.h:83
SHIM_CACHE_ENTRY
Definition: apphelp.c:92
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260
List
_Must_inspect_result_ _In_ WDFCMRESLIST List
Definition: wdfresource.h:550

Referenced by NtApphelpCacheControl().

◆ ApphelpCacheFlush()

NTSTATUS ApphelpCacheFlush ( VOID  )

Definition at line 688 of file apphelp.c.

689{
690 PVOID p;
691
692 DPRINT1("SHIMS: ApphelpCacheFlush\n");
693 ApphelpCacheAcquireLock();
694 while ((p = RtlEnumerateGenericTableAvl(&ApphelpShimCache, TRUE)))
695 {
696 ApphelpCacheRemoveEntryNolock((PSHIM_CACHE_ENTRY)p);
697 }
698 ApphelpCacheReleaseLock();
699 return STATUS_SUCCESS;
700}
p
GLfloat GLfloat p
Definition: glext.h:8902
ApphelpCacheRemoveEntryNolock
NTSTATUS ApphelpCacheRemoveEntryNolock(_In_ PSHIM_CACHE_ENTRY Entry)
Definition: apphelp.c:514
ApphelpShimCache
static RTL_AVL_TABLE ApphelpShimCache
Definition: apphelp.c:31
RtlEnumerateGenericTableAvl
_Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlEnumerateGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_ BOOLEAN Restart)

Referenced by NtApphelpCacheControl().

◆ ApphelpCacheInitialize()

NTSTATUS NTAPI ApphelpCacheInitialize ( VOID  )

Definition at line 439 of file apphelp.c.

440{
441 DPRINT("SHIMS: ApphelpCacheInitialize\n");
442 /* If we are booting in safemode we do not want to use the apphelp cache */
443 if (InitSafeBootMode)
444 {
445 DPRINT1("SHIMS: Safe mode detected, disabling cache.\n");
446 ApphelpCacheEnabled = FALSE;
447 }
448 else
449 {
450 ExInitializeResourceLite(&ApphelpCacheLock);
451 RtlInitializeGenericTableAvl(&ApphelpShimCache,
452 ApphelpShimCacheCompareRoutine,
453 ApphelpShimCacheAllocateRoutine,
454 ApphelpShimCacheFreeRoutine,
455 NULL);
456 InitializeListHead(&ApphelpShimCacheAge);
457 ApphelpCacheEnabled = ApphelpCacheRead();
458 }
459 DPRINT("SHIMS: ApphelpCacheInitialize: %d\n", ApphelpCacheEnabled);
460 return STATUS_SUCCESS;
461}
RtlInitializeGenericTableAvl
VOID NTAPI RtlInitializeGenericTableAvl(IN OUT PRTL_AVL_TABLE Table, IN PRTL_AVL_COMPARE_ROUTINE CompareRoutine, IN PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine, IN PRTL_AVL_FREE_ROUTINE FreeRoutine, IN PVOID TableContext)
Definition: avltable.c:26
NULL
#define NULL
Definition: types.h:112
FALSE
#define FALSE
Definition: types.h:117
ExInitializeResourceLite
NTSTATUS ExInitializeResourceLite(PULONG res)
Definition: env_spec_w32.h:641
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
ApphelpShimCacheCompareRoutine
RTL_GENERIC_COMPARE_RESULTS NTAPI ApphelpShimCacheCompareRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID FirstStruct, _In_ PVOID SecondStruct)
Definition: apphelp.c:209
ApphelpCacheEnabled
static BOOLEAN ApphelpCacheEnabled
Definition: apphelp.c:29
ApphelpShimCacheAllocateRoutine
PVOID NTAPI ApphelpShimCacheAllocateRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ CLONG ByteSize)
Definition: apphelp.c:234
ApphelpCacheRead
BOOLEAN ApphelpCacheRead(VOID)
Definition: apphelp.c:306
InitSafeBootMode
ULONG InitSafeBootMode
Definition: init.c:71
ApphelpShimCacheFreeRoutine
VOID NTAPI ApphelpShimCacheFreeRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID Buffer)
Definition: apphelp.c:243
DPRINT
#define DPRINT
Definition: sndvol32.h:73

Referenced by IoInitSystem().

◆ ApphelpCacheLookupEntry()

NTSTATUS ApphelpCacheLookupEntry ( _In_ PUNICODE_STRING  ImageName,
_In_ HANDLE  ImageHandle 
)

Definition at line 531 of file apphelp.c.

534{
535 NTSTATUS Status = STATUS_NOT_FOUND;
536 SHIM_CACHE_ENTRY Lookup = EMPTY_SHIM_ENTRY;
537 PSHIM_CACHE_ENTRY Entry;
538
539 if (!ApphelpCacheTryAcquireLock())
540 {
541 return Status;
542 }
543
544 Lookup.Persistent.ImageName = *ImageName;
545 Entry = RtlLookupElementGenericTableAvl(&ApphelpShimCache, &Lookup);
546 if (Entry == NULL)
547 {
548 DPRINT("SHIMS: ApphelpCacheLookupEntry: could not find %wZ\n", ImageName);
549 goto Cleanup;
550 }
551
552 DPRINT("SHIMS: ApphelpCacheLookupEntry: found %wZ\n", ImageName);
553 if (ImageHandle == INVALID_HANDLE_VALUE)
554 {
555 DPRINT("SHIMS: ApphelpCacheLookupEntry: ok\n");
556 /* just return if we know it, do not query file info */
557 Status = STATUS_SUCCESS;
558 }
559 else
560 {
561 Status = ApphelpCacheQueryInfo(ImageHandle, &Lookup);
562 if (NT_SUCCESS(Status) &&
563 Lookup.Persistent.DateTime.QuadPart == Entry->Persistent.DateTime.QuadPart &&
564 Lookup.Persistent.FileSize.QuadPart == Entry->Persistent.FileSize.QuadPart)
565 {
566 DPRINT("SHIMS: ApphelpCacheLookupEntry: found & validated\n");
567 Status = STATUS_SUCCESS;
568 /* move it to the front to keep it alive */
569 RemoveEntryList(&Entry->List);
570 InsertHeadList(&ApphelpShimCacheAge, &Entry->List);
571 }
572 else
573 {
574 DPRINT1("SHIMS: ApphelpCacheLookupEntry: file info mismatch (%lx)\n", Status);
575 Status = STATUS_NOT_FOUND;
576 /* Could not read file info, or it did not match, drop it from the cache */
577 ApphelpCacheRemoveEntryNolock(Entry);
578 }
579 }
580
581Cleanup:
582 ApphelpCacheReleaseLock();
583 return Status;
584}
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
Lookup
static void Lookup(RTF_Info *, char *)
Definition: reader.c:2228
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
RemoveEntryList
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
InsertHeadList
#define InsertHeadList(ListHead, Entry)
Definition: env_spec_w32.h:1022
Status
Status
Definition: gdiplustypes.h:25
ImageName
static const char * ImageName
Definition: image.c:34
ApphelpCacheQueryInfo
NTSTATUS ApphelpCacheQueryInfo(_In_ HANDLE ImageHandle, _Out_ PSHIM_CACHE_ENTRY Entry)
Definition: apphelp.c:175
EMPTY_SHIM_ENTRY
#define EMPTY_SHIM_ENTRY
Definition: apphelp.c:40
ApphelpCacheTryAcquireLock
BOOLEAN ApphelpCacheTryAcquireLock(VOID)
Definition: apphelp.c:122
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
RtlLookupElementGenericTableAvl
_Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlLookupElementGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer)

Referenced by NtApphelpCacheControl().

◆ ApphelpCacheParse()

NTSTATUS ApphelpCacheParse ( _In_reads_(DataLength) PUCHAR  Data,
_In_ ULONG  DataLength 
)

Definition at line 251 of file apphelp.c.

254{
255 PSHIM_PERSISTENT_CACHE_HEADER Header = (PSHIM_PERSISTENT_CACHE_HEADER)Data;
256 ULONG Cur;
257 ULONG NumEntries;
258 UNICODE_STRING String;
259 SHIM_CACHE_ENTRY Entry = EMPTY_SHIM_ENTRY;
260 PSHIM_CACHE_ENTRY Result;
261 PSHIM_PERSISTENT_CACHE_ENTRY Persistent;
262
263 if (DataLength < CACHE_HEADER_SIZE_NT_52)
264 {
265 DPRINT1("SHIMS: ApphelpCacheParse not enough data for a minimal header (0x%x)\n", DataLength);
266 return STATUS_INVALID_PARAMETER;
267 }
268
269 if (Header->Magic != SHIM_CACHE_MAGIC)
270 {
271 DPRINT1("SHIMS: ApphelpCacheParse found invalid magic (0x%x)\n", Header->Magic);
272 return STATUS_INVALID_PARAMETER;
273 }
274
275 NumEntries = Header->NumEntries;
276 DPRINT("SHIMS: ApphelpCacheParse walking %d entries\n", NumEntries);
277 for (Cur = 0; Cur < NumEntries; ++Cur)
278 {
279 Persistent = (PSHIM_PERSISTENT_CACHE_ENTRY)(Data + SHIM_CACHE_HEADER_SIZE +
280 (Cur * SHIM_PERSISTENT_CACHE_ENTRY_SIZE));
281 /* The entry in the Persistent storage is not really a UNICODE_STRING,
282 so we have to convert the offset into a real pointer before using it. */
283 String.Length = Persistent->ImageName.Length;
284 String.MaximumLength = Persistent->ImageName.MaximumLength;
285 String.Buffer = (PWCHAR)((ULONG_PTR)Persistent->ImageName.Buffer + Data);
286
287 /* Now we copy all data to a local buffer, that can be safely duplicated by RtlInsert */
288 Entry.Persistent = *Persistent;
289 ApphelpDuplicateUnicodeString(&Entry.Persistent.ImageName, &String);
290 Result = RtlInsertElementGenericTableAvl(&ApphelpShimCache,
291 &Entry,
292 sizeof(Entry),
293 NULL);
294 if (!Result)
295 {
296 DPRINT1("SHIMS: ApphelpCacheParse insert failed\n");
297 ApphelpFreeUnicodeString(&Entry.Persistent.ImageName);
298 return STATUS_INVALID_PARAMETER;
299 }
300 InsertTailList(&ApphelpShimCacheAge, &Result->List);
301 }
302 return STATUS_SUCCESS;
303}
DataLength
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1444
Header
Definition: Header.h:9
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
SHIM_CACHE_HEADER_SIZE
#define SHIM_CACHE_HEADER_SIZE
Definition: apphelp.c:76
ApphelpDuplicateUnicodeString
VOID ApphelpDuplicateUnicodeString(_Out_ PUNICODE_STRING Destination, _In_ PCUNICODE_STRING Source)
Definition: apphelp.c:141
SHIM_CACHE_MAGIC
#define SHIM_CACHE_MAGIC
Definition: apphelp.c:75
ApphelpFreeUnicodeString
VOID ApphelpFreeUnicodeString(_Inout_ PUNICODE_STRING String)
Definition: apphelp.c:161
PSHIM_PERSISTENT_CACHE_HEADER
#define PSHIM_PERSISTENT_CACHE_HEADER
Definition: apphelp.c:83
CACHE_HEADER_SIZE_NT_52
#define CACHE_HEADER_SIZE_NT_52
Definition: apphelp.c:66
SHIM_PERSISTENT_CACHE_ENTRY_SIZE
#define SHIM_PERSISTENT_CACHE_ENTRY_SIZE
Definition: apphelp.c:80
PSHIM_PERSISTENT_CACHE_ENTRY
#define PSHIM_PERSISTENT_CACHE_ENTRY
Definition: apphelp.c:85
_UNICODE_STRING
Definition: env_spec_w32.h:368
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56
ULONG
uint32_t ULONG
Definition: typedefs.h:59
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
String
_Must_inspect_result_ _In_ WDFDEVICE _In_ WDFSTRING String
Definition: wdfdevice.h:2433
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
RtlInsertElementGenericTableAvl
NTSYSAPI PVOID NTAPI RtlInsertElementGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement)

Referenced by ApphelpCacheRead().

◆ ApphelpCacheQueryInfo()

NTSTATUS ApphelpCacheQueryInfo ( _In_ HANDLE  ImageHandle,
_Out_ PSHIM_CACHE_ENTRY  Entry 
)

Definition at line 175 of file apphelp.c.

178{
179 IO_STATUS_BLOCK IoStatusBlock;
180 FILE_BASIC_INFORMATION FileBasic;
181 FILE_STANDARD_INFORMATION FileStandard;
182 NTSTATUS Status;
183
184 Status = ZwQueryInformationFile(ImageHandle,
185 &IoStatusBlock,
186 &FileBasic,
187 sizeof(FileBasic),
188 FileBasicInformation);
189 if (!NT_SUCCESS(Status))
190 {
191 return Status;
192 }
193
194 Status = ZwQueryInformationFile(ImageHandle,
195 &IoStatusBlock,
196 &FileStandard,
197 sizeof(FileStandard),
198 FileStandardInformation);
199 if (NT_SUCCESS(Status))
200 {
201 Entry->Persistent.DateTime = FileBasic.LastWriteTime;
202 Entry->Persistent.FileSize = FileStandard.EndOfFile;
203 }
204 return Status;
205}
FileBasicInformation
@ FileBasicInformation
Definition: from_kernel.h:65
IoStatusBlock
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
FileStandardInformation
#define FileStandardInformation
Definition: propsheet.cpp:61
_FILE_BASIC_INFORMATION
Definition: nt_native.h:938
_FILE_BASIC_INFORMATION::LastWriteTime
LARGE_INTEGER LastWriteTime
Definition: nt_native.h:941
_FILE_STANDARD_INFORMATION
Definition: propsheet.cpp:53
_FILE_STANDARD_INFORMATION::EndOfFile
LARGE_INTEGER EndOfFile
Definition: propsheet.cpp:55
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870

Referenced by ApphelpCacheLookupEntry(), and ApphelpCacheUpdateEntry().

◆ ApphelpCacheRead()

BOOLEAN ApphelpCacheRead ( VOID  )

Definition at line 306 of file apphelp.c.

307{
308 HANDLE KeyHandle;
309 NTSTATUS Status;
310 KEY_VALUE_PARTIAL_INFORMATION KeyValueObject;
311 PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation = &KeyValueObject;
312 ULONG KeyInfoSize, ResultSize;
313
314 Status = ZwOpenKey(&KeyHandle, KEY_QUERY_VALUE, &AppCompatKeyAttributes);
315 if (!NT_SUCCESS(Status))
316 {
317 DPRINT1("SHIMS: ApphelpCacheRead could not even open Session Manager\\AppCompatCache (0x%x)\n", Status);
318 return FALSE;
319 }
320
321 Status = ZwQueryValueKey(KeyHandle,
322 &AppCompatCacheValue,
323 KeyValuePartialInformation,
324 KeyValueInformation,
325 sizeof(KeyValueObject),
326 &ResultSize);
327 if (Status == STATUS_BUFFER_OVERFLOW)
328 {
329 KeyInfoSize = sizeof(KEY_VALUE_PARTIAL_INFORMATION) + KeyValueInformation->DataLength;
330 KeyValueInformation = ApphelpAlloc(KeyInfoSize);
331 if (KeyValueInformation != NULL)
332 {
333 Status = ZwQueryValueKey(KeyHandle,
334 &AppCompatCacheValue,
335 KeyValuePartialInformation,
336 KeyValueInformation,
337 KeyInfoSize,
338 &ResultSize);
339 }
340 }
341
342 if (NT_SUCCESS(Status) && KeyValueInformation->Type == REG_BINARY)
343 {
344 Status = ApphelpCacheParse(KeyValueInformation->Data,
345 KeyValueInformation->DataLength);
346 }
347 else
348 {
349 DPRINT1("SHIMS: ApphelpCacheRead not loaded from registry (0x%x)\n", Status);
350 }
351
352 if (KeyValueInformation != &KeyValueObject && KeyValueInformation != NULL)
353 {
354 ApphelpFree(KeyValueInformation);
355 }
356
357 ZwClose(KeyHandle);
358 return NT_SUCCESS(Status);
359}
KeyHandle
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4715
ZwClose
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
REG_BINARY
#define REG_BINARY
Definition: nt_native.h:1496
KeyValuePartialInformation
@ KeyValuePartialInformation
Definition: nt_native.h:1182
KEY_QUERY_VALUE
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
KEY_VALUE_PARTIAL_INFORMATION
struct _KEY_VALUE_PARTIAL_INFORMATION KEY_VALUE_PARTIAL_INFORMATION
AppCompatCacheValue
static UNICODE_STRING AppCompatCacheValue
Definition: apphelp.c:38
ApphelpAlloc
PVOID ApphelpAlloc(_In_ ULONG ByteSize)
Definition: apphelp.c:101
AppCompatKeyAttributes
static OBJECT_ATTRIBUTES AppCompatKeyAttributes
Definition: apphelp.c:37
ApphelpFree
VOID ApphelpFree(_In_ PVOID Data)
Definition: apphelp.c:108
ApphelpCacheParse
NTSTATUS ApphelpCacheParse(_In_reads_(DataLength) PUCHAR Data, _In_ ULONG DataLength)
Definition: apphelp.c:251
STATUS_BUFFER_OVERFLOW
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
_KEY_VALUE_PARTIAL_INFORMATION
Definition: nt_native.h:1165
_KEY_VALUE_PARTIAL_INFORMATION::Data
UCHAR Data[1]
Definition: nt_native.h:1169
_KEY_VALUE_PARTIAL_INFORMATION::DataLength
ULONG DataLength
Definition: nt_native.h:1168
_KEY_VALUE_PARTIAL_INFORMATION::Type
ULONG Type
Definition: nt_native.h:1167

Referenced by ApphelpCacheInitialize(), and NtApphelpCacheControl().

◆ ApphelpCacheReleaseLock()

VOID ApphelpCacheReleaseLock ( VOID  )

Definition at line 134 of file apphelp.c.

135{
136 ExReleaseResourceLite(&ApphelpCacheLock);
137 KeLeaveCriticalRegion();
138}
KeLeaveCriticalRegion
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
ExReleaseResourceLite
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1822

Referenced by ApphelpCacheDump(), ApphelpCacheFlush(), ApphelpCacheLookupEntry(), ApphelpCacheRemoveEntry(), ApphelpCacheUpdateEntry(), and ApphelpCacheWrite().

◆ ApphelpCacheRemoveEntry()

NTSTATUS ApphelpCacheRemoveEntry ( _In_ PUNICODE_STRING  ImageName)

Definition at line 587 of file apphelp.c.

589{
590 PSHIM_CACHE_ENTRY Entry;
591 NTSTATUS Status;
592
593 ApphelpCacheAcquireLock();
594 Entry = RtlLookupElementGenericTableAvl(&ApphelpShimCache, ImageName);
595 Status = ApphelpCacheRemoveEntryNolock(Entry);
596 ApphelpCacheReleaseLock();
597 return Status;
598}

Referenced by NtApphelpCacheControl().

◆ ApphelpCacheRemoveEntryNolock()

NTSTATUS ApphelpCacheRemoveEntryNolock ( _In_ PSHIM_CACHE_ENTRY  Entry)

Definition at line 514 of file apphelp.c.

516{
517 if (Entry)
518 {
519 PWSTR Buffer = Entry->Persistent.ImageName.Buffer;
520 RemoveEntryList(&Entry->List);
521 if (RtlDeleteElementGenericTableAvl(&ApphelpShimCache, Entry))
522 {
523 ApphelpFree(Buffer);
524 }
525 return STATUS_SUCCESS;
526 }
527 return STATUS_NOT_FOUND;
528}
Buffer
Definition: bufpool.h:45
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
RtlDeleteElementGenericTableAvl
NTSYSAPI BOOLEAN NTAPI RtlDeleteElementGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer)

Referenced by ApphelpCacheFlush(), ApphelpCacheLookupEntry(), ApphelpCacheRemoveEntry(), and ApphelpCacheUpdateEntry().

◆ ApphelpCacheShutdown()

VOID NTAPI ApphelpCacheShutdown ( VOID  )

Definition at line 465 of file apphelp.c.

466{
467 if (ApphelpCacheEnabled)
468 {
469 ApphelpCacheWrite();
470 }
471}
ApphelpCacheWrite
BOOLEAN ApphelpCacheWrite(VOID)
Definition: apphelp.c:362

Referenced by PopGracefulShutdown().

◆ ApphelpCacheTryAcquireLock()

BOOLEAN ApphelpCacheTryAcquireLock ( VOID  )

Definition at line 122 of file apphelp.c.

123{
124 KeEnterCriticalRegion();
125 if (!ExTryToAcquireResourceExclusiveLite(&ApphelpCacheLock))
126 {
127 KeLeaveCriticalRegion();
128 return FALSE;
129 }
130 return TRUE;
131}
ExTryToAcquireResourceExclusiveLite
BOOLEAN NTAPI ExTryToAcquireResourceExclusiveLite(IN PERESOURCE Resource)
Definition: resource.c:2134

Referenced by ApphelpCacheLookupEntry().

◆ ApphelpCacheUpdateEntry()

NTSTATUS ApphelpCacheUpdateEntry ( _In_ PUNICODE_STRING  ImageName,
_In_ HANDLE  ImageHandle 
)

Definition at line 616 of file apphelp.c.

619{
620 NTSTATUS Status = STATUS_SUCCESS;
621 SHIM_CACHE_ENTRY Entry = EMPTY_SHIM_ENTRY;
622 PSHIM_CACHE_ENTRY Lookup;
623 PVOID NodeOrParent;
624 TABLE_SEARCH_RESULT SearchResult;
625
626 ApphelpCacheAcquireLock();
627
628 /* If we got a file handle, query it for info */
629 if (ImageHandle != INVALID_HANDLE_VALUE)
630 {
631 Status = ApphelpCacheQueryInfo(ImageHandle, &Entry);
632 if (!NT_SUCCESS(Status))
633 {
634 goto Cleanup;
635 }
636 }
637
638 /* Use ImageName for the lookup, don't actually duplicate it */
639 Entry.Persistent.ImageName = *ImageName;
640 Lookup = RtlLookupElementGenericTableFullAvl(&ApphelpShimCache,
641 &Entry,
642 &NodeOrParent, &SearchResult);
643 if (Lookup)
644 {
645 DPRINT("SHIMS: ApphelpCacheUpdateEntry: Entry already exists, reusing it\n");
646 /* Unlink the found item, so we can put it back at the front,
647 and copy the earlier obtained file info*/
648 RemoveEntryList(&Lookup->List);
649 Lookup->Persistent.DateTime = Entry.Persistent.DateTime;
650 Lookup->Persistent.FileSize = Entry.Persistent.FileSize;
651 }
652 else
653 {
654 DPRINT("SHIMS: ApphelpCacheUpdateEntry: Inserting new Entry\n");
655 /* Insert a new entry, with its own copy of the ImageName */
656 ApphelpDuplicateUnicodeString(&Entry.Persistent.ImageName, ImageName);
657 Lookup = RtlInsertElementGenericTableFullAvl(&ApphelpShimCache,
658 &Entry,
659 sizeof(Entry),
660 0,
661 NodeOrParent,
662 SearchResult);
663 if (!Lookup)
664 {
665 ApphelpFreeUnicodeString(&Entry.Persistent.ImageName);
666 Status = STATUS_NO_MEMORY;
667 }
668 }
669 if (Lookup)
670 {
671 /* Either we re-used an existing item, or we inserted a new one, keep it alive */
672 InsertHeadList(&ApphelpShimCacheAge, &Lookup->List);
673 if (RtlNumberGenericTableElementsAvl(&ApphelpShimCache) > MAX_SHIM_ENTRIES)
674 {
675 PSHIM_CACHE_ENTRY Remove;
676 DPRINT1("SHIMS: ApphelpCacheUpdateEntry: Cache growing too big, dropping oldest item\n");
677 Remove = CONTAINING_RECORD(ApphelpShimCacheAge.Blink, SHIM_CACHE_ENTRY, List);
678 Status = ApphelpCacheRemoveEntryNolock(Remove);
679 }
680 }
681
682Cleanup:
683 ApphelpCacheReleaseLock();
684 return Status;
685}
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: d3dkmdt.h:51
MAX_SHIM_ENTRIES
#define MAX_SHIM_ENTRIES
Definition: apphelp.c:41
_LIST_ENTRY::Blink
struct _LIST_ENTRY * Blink
Definition: typedefs.h:122
Remove
_In_ BOOLEAN Remove
Definition: psfuncs.h:110
RtlLookupElementGenericTableFullAvl
NTSYSAPI PVOID NTAPI RtlLookupElementGenericTableFullAvl(_In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer, _Out_ PVOID *NodeOrParent, _Out_ TABLE_SEARCH_RESULT *SearchResult)
RtlInsertElementGenericTableFullAvl
NTSYSAPI PVOID NTAPI RtlInsertElementGenericTableFullAvl(_In_ PRTL_AVL_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement, _In_ PVOID NodeOrParent, _In_ TABLE_SEARCH_RESULT SearchResult)
RtlNumberGenericTableElementsAvl
NTSYSAPI ULONG NTAPI RtlNumberGenericTableElementsAvl(_In_ PRTL_AVL_TABLE Table)
TABLE_SEARCH_RESULT
TABLE_SEARCH_RESULT
Definition: rtltypes.h:386

Referenced by NtApphelpCacheControl().

◆ ApphelpCacheWrite()

BOOLEAN ApphelpCacheWrite ( VOID  )

Definition at line 362 of file apphelp.c.

363{
364 ULONG Length = SHIM_CACHE_HEADER_SIZE;
365 ULONG NumEntries = 0;
366 PLIST_ENTRY ListEntry;
367 PUCHAR Buffer, BufferNamePos;
368 PSHIM_PERSISTENT_CACHE_HEADER Header;
369 PSHIM_PERSISTENT_CACHE_ENTRY WriteEntry;
370 HANDLE KeyHandle;
371 NTSTATUS Status;
372
373 /* First we have to calculate the required size. */
374 ApphelpCacheAcquireLock();
375 ListEntry = ApphelpShimCacheAge.Flink;
376 while (ListEntry != &ApphelpShimCacheAge)
377 {
378 PSHIM_CACHE_ENTRY Entry = CONTAINING_RECORD(ListEntry, SHIM_CACHE_ENTRY, List);
379 Length += SHIM_PERSISTENT_CACHE_ENTRY_SIZE;
380 Length += Entry->Persistent.ImageName.MaximumLength;
381 ++NumEntries;
382 ListEntry = ListEntry->Flink;
383 }
384 DPRINT("SHIMS: ApphelpCacheWrite, %d Entries, total size: %d\n", NumEntries, Length);
385 Length = ROUND_UP(Length, sizeof(ULONGLONG));
386 DPRINT("SHIMS: ApphelpCacheWrite, Rounded to: %d\n", Length);
387
388 /* Now we allocate and prepare some helpers */
389 Buffer = ApphelpAlloc(Length);
390 BufferNamePos = Buffer + Length;
391 Header = (PSHIM_PERSISTENT_CACHE_HEADER)Buffer;
392 WriteEntry = (PSHIM_PERSISTENT_CACHE_ENTRY)(Buffer + SHIM_CACHE_HEADER_SIZE);
393
394 Header->Magic = SHIM_CACHE_MAGIC;
395 Header->NumEntries = NumEntries;
396
397 ListEntry = ApphelpShimCacheAge.Flink;
398 while (ListEntry != &ApphelpShimCacheAge)
399 {
400 PSHIM_CACHE_ENTRY Entry = CONTAINING_RECORD(ListEntry, SHIM_CACHE_ENTRY, List);
401 USHORT ImageNameLen = Entry->Persistent.ImageName.MaximumLength;
402 /* Copy the Persistent structure over */
403 *WriteEntry = Entry->Persistent;
404 BufferNamePos -= ImageNameLen;
405 /* Copy the image name over */
406 RtlCopyMemory(BufferNamePos, Entry->Persistent.ImageName.Buffer, ImageNameLen);
407 /* Fix the Persistent structure, so that Buffer is once again an offset */
408 WriteEntry->ImageName.Buffer = (PWCH)(BufferNamePos - Buffer);
409
410 ++WriteEntry;
411 ListEntry = ListEntry->Flink;
412 }
413 ApphelpCacheReleaseLock();
414
415 Status = ZwOpenKey(&KeyHandle, KEY_SET_VALUE, &AppCompatKeyAttributes);
416 if (NT_SUCCESS(Status))
417 {
418 Status = ZwSetValueKey(KeyHandle,
419 &AppCompatCacheValue,
420 0,
421 REG_BINARY,
422 Buffer,
423 Length);
424 ZwClose(KeyHandle);
425 }
426 else
427 {
428 DPRINT1("SHIMS: ApphelpCacheWrite could not even open Session Manager\\AppCompatCache (0x%x)\n", Status);
429 }
430
431 ApphelpFree(Buffer);
432 return NT_SUCCESS(Status);
433}
ROUND_UP
#define ROUND_UP(n, align)
Definition: eventvwr.h:34
KEY_SET_VALUE
#define KEY_SET_VALUE
Definition: nt_native.h:1017
PWCH
WCHAR * PWCH
Definition: ntbasedef.h:418
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
USHORT
unsigned short USHORT
Definition: pedump.c:61
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
PUCHAR
unsigned char * PUCHAR
Definition: typedefs.h:53
ULONGLONG
uint64_t ULONGLONG
Definition: typedefs.h:67

Referenced by ApphelpCacheShutdown(), and NtApphelpCacheControl().

◆ ApphelpDuplicateUnicodeString()

VOID ApphelpDuplicateUnicodeString ( _Out_ PUNICODE_STRING  Destination,
_In_ PCUNICODE_STRING  Source 
)

Definition at line 141 of file apphelp.c.

144{
145 Destination->Length = Source->Length;
146 if (Destination->Length)
147 {
148 Destination->MaximumLength = Destination->Length + sizeof(WCHAR);
149 Destination->Buffer = ApphelpAlloc(Destination->MaximumLength);
150 RtlCopyMemory(Destination->Buffer, Source->Buffer, Destination->Length);
151 Destination->Buffer[Destination->Length / sizeof(WCHAR)] = UNICODE_NULL;
152 }
153 else
154 {
155 Destination->MaximumLength = 0;
156 Destination->Buffer = NULL;
157 }
158}
Source
_In_ UINT _In_ UINT _In_ PNDIS_PACKET Source
Definition: ndis.h:3169
Destination
_In_ PUNICODE_STRING _Inout_ PUNICODE_STRING Destination
Definition: rtlfuncs.h:3043
UNICODE_NULL
#define UNICODE_NULL
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by ApphelpCacheParse(), ApphelpCacheUpdateEntry(), and ApphelpValidateData().

◆ ApphelpFree()

VOID ApphelpFree ( _In_ PVOID  Data)

Definition at line 108 of file apphelp.c.

110{
111 ExFreePoolWithTag(Data, TAG_SHIM);
112}
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109

Referenced by ApphelpCacheRead(), ApphelpCacheRemoveEntryNolock(), ApphelpCacheWrite(), ApphelpFreeUnicodeString(), and ApphelpShimCacheFreeRoutine().

◆ ApphelpFreeUnicodeString()

VOID ApphelpFreeUnicodeString ( _Inout_ PUNICODE_STRING  String)

Definition at line 161 of file apphelp.c.

163{
164 if (String->Buffer)
165 {
166 ApphelpFree(String->Buffer);
167 }
168 String->Length = 0;
169 String->MaximumLength = 0;
170 String->Buffer = NULL;
171}

Referenced by ApphelpCacheParse(), ApphelpCacheUpdateEntry(), and NtApphelpCacheControl().

◆ ApphelpShimCacheAllocateRoutine()

PVOID NTAPI ApphelpShimCacheAllocateRoutine ( _In_ struct _RTL_AVL_TABLE Table,
_In_ CLONG  ByteSize 
)

Definition at line 234 of file apphelp.c.

237{
238 return ApphelpAlloc(ByteSize);
239}

Referenced by ApphelpCacheInitialize().

◆ ApphelpShimCacheCompareRoutine()

RTL_GENERIC_COMPARE_RESULTS NTAPI ApphelpShimCacheCompareRoutine ( _In_ struct _RTL_AVL_TABLE Table,
_In_ PVOID  FirstStruct,
_In_ PVOID  SecondStruct 
)

Definition at line 209 of file apphelp.c.

213{
214 PSHIM_CACHE_ENTRY FirstEntry = FirstStruct;
215 PSHIM_CACHE_ENTRY SecondEntry = SecondStruct;
216 LONG Result;
217
218 Result = RtlCompareUnicodeString(&FirstEntry->Persistent.ImageName,
219 &SecondEntry->Persistent.ImageName,
220 TRUE);
221 if (Result < 0)
222 {
223 return GenericLessThan;
224 }
225 else if (Result == 0)
226 {
227 return GenericEqual;
228 }
229 return GenericGreaterThan;
230}
RtlCompareUnicodeString
ULONG RtlCompareUnicodeString(PUNICODE_STRING s1, PUNICODE_STRING s2, BOOLEAN UpCase)
Definition: string_lib.cpp:31
LONG
long LONG
Definition: pedump.c:60
SHIM_CACHE_ENTRY::Persistent
SHIM_PERSISTENT_CACHE_ENTRY Persistent
Definition: apphelp.c:94
SecondStruct
_IRQL_requires_same_ _In_ PVOID _In_ PVOID SecondStruct
Definition: rtltypes.h:403
FirstStruct
_IRQL_requires_same_ _In_ PVOID FirstStruct
Definition: rtltypes.h:402
GenericLessThan
@ GenericLessThan
Definition: rtltypes.h:389
GenericEqual
@ GenericEqual
Definition: rtltypes.h:391
GenericGreaterThan
@ GenericGreaterThan
Definition: rtltypes.h:390

Referenced by ApphelpCacheInitialize().

◆ ApphelpShimCacheFreeRoutine()

VOID NTAPI ApphelpShimCacheFreeRoutine ( _In_ struct _RTL_AVL_TABLE Table,
_In_ PVOID  Buffer 
)

Definition at line 243 of file apphelp.c.

246{
247 ApphelpFree(Buffer);
248}

Referenced by ApphelpCacheInitialize().

◆ ApphelpValidateData()

NTSTATUS ApphelpValidateData ( _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP  ServiceData,
_Out_ PUNICODE_STRING  ImageName,
_Out_ PHANDLE  ImageHandle 
)

Definition at line 474 of file apphelp.c.

478{
479 NTSTATUS Status = STATUS_INVALID_PARAMETER;
480
481 if (ServiceData)
482 {
483 UNICODE_STRING LocalImageName;
484 _SEH2_TRY
485 {
486 ProbeForRead(ServiceData,
487 sizeof(APPHELP_CACHE_SERVICE_LOOKUP),
488 sizeof(ULONG));
489 LocalImageName = ServiceData->ImageName;
490 *ImageHandle = ServiceData->ImageHandle;
491 if (LocalImageName.Length && LocalImageName.Buffer)
492 {
493 ProbeForRead(LocalImageName.Buffer,
494 LocalImageName.Length * sizeof(WCHAR),
495 1);
496 ApphelpDuplicateUnicodeString(ImageName, &LocalImageName);
497 Status = STATUS_SUCCESS;
498 }
499 }
500 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
501 {
502 _SEH2_YIELD(return _SEH2_GetExceptionCode());
503 }
504 _SEH2_END;
505 }
506 if (!NT_SUCCESS(Status))
507 {
508 DPRINT1("SHIMS: ApphelpValidateData: invalid data passed\n");
509 }
510 return Status;
511}
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:181
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:82
_SEH2_END
#define _SEH2_END
Definition: pseh2_64.h:171
_SEH2_TRY
#define _SEH2_TRY
Definition: pseh2_64.h:71
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:184
_APPHELP_CACHE_SERVICE_LOOKUP
Definition: pstypes.h:986

Referenced by NtApphelpCacheControl().

◆ C_ASSERT() [1/2]

C_ASSERT ( sizeof(SHIM_PERSISTENT_CACHE_ENTRY = =SHIM_PERSISTENT_CACHE_ENTRY_SIZE)

◆ C_ASSERT() [2/2]

C_ASSERT ( sizeof(SHIM_PERSISTENT_CACHE_HEADER = =SHIM_CACHE_HEADER_SIZE)

◆ NtApphelpCacheControl()

NTSTATUS NTAPI NtApphelpCacheControl ( _In_ APPHELPCACHESERVICECLASS  Service,
_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP  ServiceData 
)

Definition at line 728 of file apphelp.c.

731{
732 NTSTATUS Status = STATUS_INVALID_PARAMETER;
733 UNICODE_STRING ImageName = { 0 };
734 HANDLE Handle = INVALID_HANDLE_VALUE;
735
736 if (!ApphelpCacheEnabled)
737 {
738 DPRINT1("NtApphelpCacheControl: ApphelpCacheEnabled == 0\n");
739 return Status;
740 }
741 switch (Service)
742 {
743 case ApphelpCacheServiceLookup:
744 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceLookup )\n");
745 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
746 if (NT_SUCCESS(Status))
747 Status = ApphelpCacheLookupEntry(&ImageName, Handle);
748 break;
749 case ApphelpCacheServiceRemove:
750 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceRemove )\n");
751 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
752 if (NT_SUCCESS(Status))
753 Status = ApphelpCacheRemoveEntry(&ImageName);
754 break;
755 case ApphelpCacheServiceUpdate:
756 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceUpdate )\n");
757 Status = ApphelpCacheAccessCheck();
758 if (NT_SUCCESS(Status))
759 {
760 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
761 if (NT_SUCCESS(Status))
762 Status = ApphelpCacheUpdateEntry(&ImageName, Handle);
763 }
764 break;
765 case ApphelpCacheServiceFlush:
766 /* FIXME: Check for admin or system here. */
767 Status = ApphelpCacheFlush();
768 break;
769 case ApphelpCacheServiceDump:
770 Status = ApphelpCacheDump();
771 break;
772 case ApphelpDBGReadRegistry:
773 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): flushing cache.\n");
774 ApphelpCacheFlush();
775 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): reading cache.\n");
776 Status = ApphelpCacheRead() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
777 break;
778 case ApphelpDBGWriteRegistry:
779 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGWriteRegistry ): writing cache.\n");
780 Status = ApphelpCacheWrite() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
781 break;
782 default:
783 DPRINT1("SHIMS: NtApphelpCacheControl( Invalid service requested )\n");
784 break;
785 }
786 if (ImageName.Buffer)
787 {
788 ApphelpFreeUnicodeString(&ImageName);
789 }
790 return Status;
791}
Handle
ULONG Handle
Definition: gdb_input.c:15
ApphelpDBGReadRegistry
@ ApphelpDBGReadRegistry
Definition: pstypes.h:980
ApphelpCacheServiceLookup
@ ApphelpCacheServiceLookup
Definition: pstypes.h:974
ApphelpCacheServiceRemove
@ ApphelpCacheServiceRemove
Definition: pstypes.h:975
ApphelpCacheServiceUpdate
@ ApphelpCacheServiceUpdate
Definition: pstypes.h:976
ApphelpCacheServiceDump
@ ApphelpCacheServiceDump
Definition: pstypes.h:978
ApphelpDBGWriteRegistry
@ ApphelpDBGWriteRegistry
Definition: pstypes.h:981
ApphelpCacheServiceFlush
@ ApphelpCacheServiceFlush
Definition: pstypes.h:977
ApphelpCacheDump
NTSTATUS ApphelpCacheDump(VOID)
Definition: apphelp.c:703
ApphelpCacheFlush
NTSTATUS ApphelpCacheFlush(VOID)
Definition: apphelp.c:688
ApphelpCacheRemoveEntry
NTSTATUS ApphelpCacheRemoveEntry(_In_ PUNICODE_STRING ImageName)
Definition: apphelp.c:587
ApphelpCacheUpdateEntry
NTSTATUS ApphelpCacheUpdateEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:616
ApphelpValidateData
NTSTATUS ApphelpValidateData(_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData, _Out_ PUNICODE_STRING ImageName, _Out_ PHANDLE ImageHandle)
Definition: apphelp.c:474
ApphelpCacheAccessCheck
NTSTATUS ApphelpCacheAccessCheck(VOID)
Definition: apphelp.c:602
ApphelpCacheLookupEntry
NTSTATUS ApphelpCacheLookupEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:531
Service
@ Service
Definition: ntsecapi.h:292

Referenced by BaseDumpAppcompatCache(), BaseFlushAppcompatCache(), BasepShimCacheRemoveEntry(), BasepShimCacheSearch(), and CallApphelp().

Variable Documentation

◆ AppCompatCacheKey

UNICODE_STRING AppCompatCacheKey = RTL_CONSTANT_STRING(L"\\Registry\\MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\AppCompatCache")
static

Definition at line 36 of file apphelp.c.

◆ AppCompatCacheValue

UNICODE_STRING AppCompatCacheValue = RTL_CONSTANT_STRING(L"AppCompatCache")
static

Definition at line 38 of file apphelp.c.

Referenced by ApphelpCacheRead(), and ApphelpCacheWrite().

◆ AppCompatKeyAttributes

OBJECT_ATTRIBUTES AppCompatKeyAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES(&AppCompatCacheKey, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE)
static

Definition at line 37 of file apphelp.c.

Referenced by ApphelpCacheRead(), and ApphelpCacheWrite().

◆ ApphelpCacheEnabled

BOOLEAN ApphelpCacheEnabled = FALSE
static

Definition at line 29 of file apphelp.c.

Referenced by ApphelpCacheInitialize(), ApphelpCacheShutdown(), and NtApphelpCacheControl().

◆ ApphelpCacheLock

ERESOURCE ApphelpCacheLock
static

Definition at line 30 of file apphelp.c.

Referenced by ApphelpCacheAcquireLock(), ApphelpCacheInitialize(), ApphelpCacheReleaseLock(), and ApphelpCacheTryAcquireLock().

◆ ApphelpShimCache

RTL_AVL_TABLE ApphelpShimCache
static

Definition at line 31 of file apphelp.c.

Referenced by ApphelpCacheFlush(), ApphelpCacheInitialize(), ApphelpCacheLookupEntry(), ApphelpCacheParse(), ApphelpCacheRemoveEntry(), ApphelpCacheRemoveEntryNolock(), and ApphelpCacheUpdateEntry().

◆ ApphelpShimCacheAge

LIST_ENTRY ApphelpShimCacheAge
static

Definition at line 32 of file apphelp.c.

Referenced by ApphelpCacheDump(), ApphelpCacheInitialize(), ApphelpCacheLookupEntry(), ApphelpCacheParse(), ApphelpCacheUpdateEntry(), and ApphelpCacheWrite().

◆ InitSafeBootMode

ULONG InitSafeBootMode
extern

Definition at line 71 of file init.c.

Referenced by ApphelpCacheInitialize(), and Phase1InitializationDiscard().