ReactOS  0.4.15-dev-2155-g06f57e1
apphelp.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: BSD - See COPYING.ARM in the top level directory
4  * FILE: ntoskrnl/ps/apphelp.c
5  * PURPOSE: SHIM engine caching.
6  * This caching speeds up checks for the apphelp compatibility layer.
7  * PROGRAMMERS: Mark Jansen
8  */
9 
10 /*
11 Useful references:
12 https://github.com/mandiant/ShimCacheParser/blob/master/ShimCacheParser.py
13 http://technet.microsoft.com/en-us/library/dd837644(v=ws.10).aspx
14 http://msdn.microsoft.com/en-us/library/bb432182(v=vs.85).aspx
15 http://www.alex-ionescu.com/?p=43
16 http://recxltd.blogspot.nl/2012/04/windows-appcompat-research-notes-part-1.html
17 http://journeyintoir.blogspot.ch/2013/12/revealing-recentfilecachebcf-file.html
18 https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf
19 */
20 
21 /* INCLUDES ******************************************************************/
22 
23 #include <ntoskrnl.h>
24 #define NDEBUG
25 #include <debug.h>
26 
27 /* GLOBALS *******************************************************************/
28 
29 static BOOLEAN ApphelpCacheEnabled = FALSE;
30 static ERESOURCE ApphelpCacheLock;
31 static RTL_AVL_TABLE ApphelpShimCache;
32 static LIST_ENTRY ApphelpShimCacheAge;
33 
34 extern ULONG InitSafeBootMode;
35 
36 static UNICODE_STRING AppCompatCacheKey = RTL_CONSTANT_STRING(L"\\Registry\\MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\AppCompatCache");
37 static OBJECT_ATTRIBUTES AppCompatKeyAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES(&AppCompatCacheKey, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE);
38 static UNICODE_STRING AppCompatCacheValue = RTL_CONSTANT_STRING(L"AppCompatCache");
39 
40 #define EMPTY_SHIM_ENTRY { { 0 }, { { 0 } }, 0 }
41 #define MAX_SHIM_ENTRIES 0x200
42 #define TAG_SHIM 'MIHS'
43 
44 #ifndef INVALID_HANDLE_VALUE
45 #define INVALID_HANDLE_VALUE (HANDLE)(-1)
46 #endif
47 
48 #include <pshpack1.h>
49 
50 typedef struct SHIM_PERSISTENT_CACHE_HEADER_52
51 {
52  ULONG Magic;
53  ULONG NumEntries;
54 } SHIM_PERSISTENT_CACHE_HEADER_52, *PSHIM_PERSISTENT_CACHE_HEADER_52;
55 
56 /* The data that is present in the registry (Win2k3 version) */
57 typedef struct SHIM_PERSISTENT_CACHE_ENTRY_52
58 {
59  UNICODE_STRING ImageName;
60  LARGE_INTEGER DateTime;
61  LARGE_INTEGER FileSize;
62 } SHIM_PERSISTENT_CACHE_ENTRY_52, *PSHIM_PERSISTENT_CACHE_ENTRY_52;
63 
64 #include <poppack.h>
65 
66 #define CACHE_MAGIC_NT_52 0xbadc0ffe
67 #define CACHE_HEADER_SIZE_NT_52 0x8
68 #define NT52_PERSISTENT_ENTRY_SIZE32 0x18
69 #define NT52_PERSISTENT_ENTRY_SIZE64 0x20
70 
71 //#define CACHE_MAGIC_NT_61 0xbadc0fee
72 //#define CACHE_HEADER_SIZE_NT_61 0x80
73 //#define NT61_PERSISTENT_ENTRY_SIZE32 0x20
74 //#define NT61_PERSISTENT_ENTRY_SIZE64 0x30
75 
76 #define SHIM_CACHE_MAGIC CACHE_MAGIC_NT_52
77 #define SHIM_CACHE_HEADER_SIZE CACHE_HEADER_SIZE_NT_52
78 #ifdef _WIN64
79 #define SHIM_PERSISTENT_CACHE_ENTRY_SIZE NT52_PERSISTENT_ENTRY_SIZE64
80 #else
81 #define SHIM_PERSISTENT_CACHE_ENTRY_SIZE NT52_PERSISTENT_ENTRY_SIZE32
82 #endif
83 #define SHIM_PERSISTENT_CACHE_HEADER SHIM_PERSISTENT_CACHE_HEADER_52
84 #define PSHIM_PERSISTENT_CACHE_HEADER PSHIM_PERSISTENT_CACHE_HEADER_52
85 #define SHIM_PERSISTENT_CACHE_ENTRY SHIM_PERSISTENT_CACHE_ENTRY_52
86 #define PSHIM_PERSISTENT_CACHE_ENTRY PSHIM_PERSISTENT_CACHE_ENTRY_52
87 
88 C_ASSERT(sizeof(SHIM_PERSISTENT_CACHE_ENTRY) == SHIM_PERSISTENT_CACHE_ENTRY_SIZE);
89 C_ASSERT(sizeof(SHIM_PERSISTENT_CACHE_HEADER) == SHIM_CACHE_HEADER_SIZE);
90 
91 /* The struct we keep in memory */
92 typedef struct SHIM_CACHE_ENTRY
93 {
94  LIST_ENTRY List;
95  SHIM_PERSISTENT_CACHE_ENTRY Persistent;
96  ULONG CompatFlags;
97 } SHIM_CACHE_ENTRY, *PSHIM_CACHE_ENTRY;
98 
99 /* PRIVATE FUNCTIONS *********************************************************/
100 
101 PVOID
102 ApphelpAlloc(
103  _In_ ULONG ByteSize)
104 {
105  return ExAllocatePoolWithTag(PagedPool, ByteSize, TAG_SHIM);
106 }
107 
108 VOID
109 ApphelpFree(
110  _In_ PVOID Data)
111 {
112  ExFreePoolWithTag(Data, TAG_SHIM);
113 }
114 
115 VOID
116 ApphelpCacheAcquireLock(VOID)
117 {
118  KeEnterCriticalRegion();
119  ExAcquireResourceExclusiveLite(&ApphelpCacheLock, TRUE);
120 }
121 
122 BOOLEAN
123 ApphelpCacheTryAcquireLock(VOID)
124 {
125  KeEnterCriticalRegion();
126  if (!ExTryToAcquireResourceExclusiveLite(&ApphelpCacheLock))
127  {
128  KeLeaveCriticalRegion();
129  return FALSE;
130  }
131  return TRUE;
132 }
133 
134 VOID
135 ApphelpCacheReleaseLock(VOID)
136 {
137  ExReleaseResourceLite(&ApphelpCacheLock);
138  KeLeaveCriticalRegion();
139 }
140 
141 VOID
142 ApphelpDuplicateUnicodeString(
143  _Out_ PUNICODE_STRING Destination,
144  _In_ PCUNICODE_STRING Source)
145 {
146  Destination->Length = Source->Length;
147  if (Destination->Length)
148  {
149  Destination->MaximumLength = Destination->Length + sizeof(WCHAR);
150  Destination->Buffer = ApphelpAlloc(Destination->MaximumLength);
151  RtlCopyMemory(Destination->Buffer, Source->Buffer, Destination->Length);
152  Destination->Buffer[Destination->Length / sizeof(WCHAR)] = UNICODE_NULL;
153  }
154  else
155  {
156  Destination->MaximumLength = 0;
157  Destination->Buffer = NULL;
158  }
159 }
160 
161 VOID
162 ApphelpFreeUnicodeString(
163  _Inout_ PUNICODE_STRING String)
164 {
165  if (String->Buffer)
166  {
167  ApphelpFree(String->Buffer);
168  }
169  String->Length = 0;
170  String->MaximumLength = 0;
171  String->Buffer = NULL;
172 }
173 
174 /* Query file info from a handle, storing it in Entry */
175 NTSTATUS
176 ApphelpCacheQueryInfo(
177  _In_ HANDLE ImageHandle,
178  _Out_ PSHIM_CACHE_ENTRY Entry)
179 {
180  IO_STATUS_BLOCK IoStatusBlock;
181  FILE_BASIC_INFORMATION FileBasic;
182  FILE_STANDARD_INFORMATION FileStandard;
183  NTSTATUS Status;
184 
185  Status = ZwQueryInformationFile(ImageHandle,
186  &IoStatusBlock,
187  &FileBasic,
188  sizeof(FileBasic),
189  FileBasicInformation);
190  if (!NT_SUCCESS(Status))
191  {
192  return Status;
193  }
194 
195  Status = ZwQueryInformationFile(ImageHandle,
196  &IoStatusBlock,
197  &FileStandard,
198  sizeof(FileStandard),
199  FileStandardInformation);
200  if (NT_SUCCESS(Status))
201  {
202  Entry->Persistent.DateTime = FileBasic.LastWriteTime;
203  Entry->Persistent.FileSize = FileStandard.EndOfFile;
204  }
205  return Status;
206 }
207 
208 RTL_GENERIC_COMPARE_RESULTS
209 NTAPI
210 ApphelpShimCacheCompareRoutine(
211  _In_ struct _RTL_AVL_TABLE *Table,
212  _In_ PVOID FirstStruct,
213  _In_ PVOID SecondStruct)
214 {
215  PSHIM_CACHE_ENTRY FirstEntry = FirstStruct;
216  PSHIM_CACHE_ENTRY SecondEntry = SecondStruct;
217  LONG Result;
218 
219  Result = RtlCompareUnicodeString(&FirstEntry->Persistent.ImageName,
220  &SecondEntry->Persistent.ImageName,
221  TRUE);
222  if (Result < 0)
223  {
224  return GenericLessThan;
225  }
226  else if (Result == 0)
227  {
228  return GenericEqual;
229  }
230  return GenericGreaterThan;
231 }
232 
233 PVOID
234 NTAPI
235 ApphelpShimCacheAllocateRoutine(
236  _In_ struct _RTL_AVL_TABLE *Table,
237  _In_ CLONG ByteSize)
238 {
239  return ApphelpAlloc(ByteSize);
240 }
241 
242 VOID
243 NTAPI
244 ApphelpShimCacheFreeRoutine(
245  _In_ struct _RTL_AVL_TABLE *Table,
246  _In_ PVOID Buffer)
247 {
248  ApphelpFree(Buffer);
249 }
250 
251 NTSTATUS
252 ApphelpCacheParse(
253  _In_reads_(DataLength) PUCHAR Data,
254  _In_ ULONG DataLength)
255 {
256  PSHIM_PERSISTENT_CACHE_HEADER Header = (PSHIM_PERSISTENT_CACHE_HEADER)Data;
257  ULONG Cur;
258  ULONG NumEntries;
259  UNICODE_STRING String;
260  SHIM_CACHE_ENTRY Entry = EMPTY_SHIM_ENTRY;
261  PSHIM_CACHE_ENTRY Result;
262  PSHIM_PERSISTENT_CACHE_ENTRY Persistent;
263 
264  if (DataLength < CACHE_HEADER_SIZE_NT_52)
265  {
266  DPRINT1("SHIMS: ApphelpCacheParse not enough data for a minimal header (0x%x)\n", DataLength);
267  return STATUS_INVALID_PARAMETER;
268  }
269 
270  if (Header->Magic != SHIM_CACHE_MAGIC)
271  {
272  DPRINT1("SHIMS: ApphelpCacheParse found invalid magic (0x%x)\n", Header->Magic);
273  return STATUS_INVALID_PARAMETER;
274  }
275 
276  NumEntries = Header->NumEntries;
277  DPRINT("SHIMS: ApphelpCacheParse walking %d entries\n", NumEntries);
278  for (Cur = 0; Cur < NumEntries; ++Cur)
279  {
280  Persistent = (PSHIM_PERSISTENT_CACHE_ENTRY)(Data + SHIM_CACHE_HEADER_SIZE +
281  (Cur * SHIM_PERSISTENT_CACHE_ENTRY_SIZE));
282  /* The entry in the Persistent storage is not really a UNICODE_STRING,
283  so we have to convert the offset into a real pointer before using it. */
284  String.Length = Persistent->ImageName.Length;
285  String.MaximumLength = Persistent->ImageName.MaximumLength;
286  String.Buffer = (PWCHAR)((ULONG_PTR)Persistent->ImageName.Buffer + Data);
287 
288  /* Now we copy all data to a local buffer, that can be safely duplicated by RtlInsert */
289  Entry.Persistent = *Persistent;
290  ApphelpDuplicateUnicodeString(&Entry.Persistent.ImageName, &String);
291  Result = RtlInsertElementGenericTableAvl(&ApphelpShimCache,
292  &Entry,
293  sizeof(Entry),
294  NULL);
295  if (!Result)
296  {
297  DPRINT1("SHIMS: ApphelpCacheParse insert failed\n");
298  ApphelpFreeUnicodeString(&Entry.Persistent.ImageName);
299  return STATUS_INVALID_PARAMETER;
300  }
301  InsertTailList(&ApphelpShimCacheAge, &Result->List);
302  }
303  return STATUS_SUCCESS;
304 }
305 
306 BOOLEAN
307 ApphelpCacheRead(VOID)
308 {
309  HANDLE KeyHandle;
310  NTSTATUS Status;
311  KEY_VALUE_PARTIAL_INFORMATION KeyValueObject;
312  PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation = &KeyValueObject;
313  ULONG KeyInfoSize, ResultSize;
314 
315  Status = ZwOpenKey(&KeyHandle, KEY_QUERY_VALUE, &AppCompatKeyAttributes);
316  if (!NT_SUCCESS(Status))
317  {
318  DPRINT1("SHIMS: ApphelpCacheRead could not even open Session Manager\\AppCompatCache (0x%x)\n", Status);
319  return FALSE;
320  }
321 
322  Status = ZwQueryValueKey(KeyHandle,
323  &AppCompatCacheValue,
324  KeyValuePartialInformation,
325  KeyValueInformation,
326  sizeof(KeyValueObject),
327  &ResultSize);
328  if (Status == STATUS_BUFFER_OVERFLOW)
329  {
330  KeyInfoSize = sizeof(KEY_VALUE_PARTIAL_INFORMATION) + KeyValueInformation->DataLength;
331  KeyValueInformation = ApphelpAlloc(KeyInfoSize);
332  if (KeyValueInformation != NULL)
333  {
334  Status = ZwQueryValueKey(KeyHandle,
335  &AppCompatCacheValue,
336  KeyValuePartialInformation,
337  KeyValueInformation,
338  KeyInfoSize,
339  &ResultSize);
340  }
341  }
342 
343  if (NT_SUCCESS(Status) && KeyValueInformation->Type == REG_BINARY)
344  {
345  Status = ApphelpCacheParse(KeyValueInformation->Data,
346  KeyValueInformation->DataLength);
347  }
348  else
349  {
350  DPRINT1("SHIMS: ApphelpCacheRead not loaded from registry (0x%x)\n", Status);
351  }
352 
353  if (KeyValueInformation != &KeyValueObject && KeyValueInformation != NULL)
354  {
355  ApphelpFree(KeyValueInformation);
356  }
357 
358  ZwClose(KeyHandle);
359  return NT_SUCCESS(Status);
360 }
361 
362 BOOLEAN
363 ApphelpCacheWrite(VOID)
364 {
365  ULONG Length = SHIM_CACHE_HEADER_SIZE;
366  ULONG NumEntries = 0;
367  PLIST_ENTRY ListEntry;
368  PUCHAR Buffer, BufferNamePos;
369  PSHIM_PERSISTENT_CACHE_HEADER Header;
370  PSHIM_PERSISTENT_CACHE_ENTRY WriteEntry;
371  HANDLE KeyHandle;
372  NTSTATUS Status;
373 
374  /* First we have to calculate the required size. */
375  ApphelpCacheAcquireLock();
376  ListEntry = ApphelpShimCacheAge.Flink;
377  while (ListEntry != &ApphelpShimCacheAge)
378  {
379  PSHIM_CACHE_ENTRY Entry = CONTAINING_RECORD(ListEntry, SHIM_CACHE_ENTRY, List);
380  Length += SHIM_PERSISTENT_CACHE_ENTRY_SIZE;
381  Length += Entry->Persistent.ImageName.MaximumLength;
382  ++NumEntries;
383  ListEntry = ListEntry->Flink;
384  }
385  DPRINT("SHIMS: ApphelpCacheWrite, %d Entries, total size: %d\n", NumEntries, Length);
386  Length = ROUND_UP(Length, sizeof(ULONGLONG));
387  DPRINT("SHIMS: ApphelpCacheWrite, Rounded to: %d\n", Length);
388 
389  /* Now we allocate and prepare some helpers */
390  Buffer = ApphelpAlloc(Length);
391  BufferNamePos = Buffer + Length;
392  Header = (PSHIM_PERSISTENT_CACHE_HEADER)Buffer;
393  WriteEntry = (PSHIM_PERSISTENT_CACHE_ENTRY)(Buffer + SHIM_CACHE_HEADER_SIZE);
394 
395  Header->Magic = SHIM_CACHE_MAGIC;
396  Header->NumEntries = NumEntries;
397 
398  ListEntry = ApphelpShimCacheAge.Flink;
399  while (ListEntry != &ApphelpShimCacheAge)
400  {
401  PSHIM_CACHE_ENTRY Entry = CONTAINING_RECORD(ListEntry, SHIM_CACHE_ENTRY, List);
402  USHORT ImageNameLen = Entry->Persistent.ImageName.MaximumLength;
403  /* Copy the Persistent structure over */
404  *WriteEntry = Entry->Persistent;
405  BufferNamePos -= ImageNameLen;
406  /* Copy the image name over */
407  RtlCopyMemory(BufferNamePos, Entry->Persistent.ImageName.Buffer, ImageNameLen);
408  /* Fix the Persistent structure, so that Buffer is once again an offset */
409  WriteEntry->ImageName.Buffer = (PWCH)(BufferNamePos - Buffer);
410 
411  ++WriteEntry;
412  ListEntry = ListEntry->Flink;
413  }
414  ApphelpCacheReleaseLock();
415 
416  Status = ZwOpenKey(&KeyHandle, KEY_SET_VALUE, &AppCompatKeyAttributes);
417  if (NT_SUCCESS(Status))
418  {
419  Status = ZwSetValueKey(KeyHandle,
420  &AppCompatCacheValue,
421  0,
422  REG_BINARY,
423  Buffer,
424  Length);
425  ZwClose(KeyHandle);
426  }
427  else
428  {
429  DPRINT1("SHIMS: ApphelpCacheWrite could not even open Session Manager\\AppCompatCache (0x%x)\n", Status);
430  }
431 
432  ApphelpFree(Buffer);
433  return NT_SUCCESS(Status);
434 }
435 
436 
437 CODE_SEG("INIT")
438 NTSTATUS
439 NTAPI
440 ApphelpCacheInitialize(VOID)
441 {
442  DPRINT("SHIMS: ApphelpCacheInitialize\n");
443  /* If we are booting in safemode we do not want to use the apphelp cache */
444  if (InitSafeBootMode)
445  {
446  DPRINT1("SHIMS: Safe mode detected, disabling cache.\n");
447  ApphelpCacheEnabled = FALSE;
448  }
449  else
450  {
451  ExInitializeResourceLite(&ApphelpCacheLock);
452  RtlInitializeGenericTableAvl(&ApphelpShimCache,
453  ApphelpShimCacheCompareRoutine,
454  ApphelpShimCacheAllocateRoutine,
455  ApphelpShimCacheFreeRoutine,
456  NULL);
457  InitializeListHead(&ApphelpShimCacheAge);
458  ApphelpCacheEnabled = ApphelpCacheRead();
459  }
460  DPRINT("SHIMS: ApphelpCacheInitialize: %d\n", ApphelpCacheEnabled);
461  return STATUS_SUCCESS;
462 }
463 
464 VOID
465 NTAPI
466 ApphelpCacheShutdown(VOID)
467 {
468  if (ApphelpCacheEnabled)
469  {
470  ApphelpCacheWrite();
471  }
472 }
473 
474 NTSTATUS
475 ApphelpValidateData(
476  _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData,
477  _Out_ PUNICODE_STRING ImageName,
478  _Out_ PHANDLE ImageHandle)
479 {
480  NTSTATUS Status = STATUS_INVALID_PARAMETER;
481 
482  if (ServiceData)
483  {
484  UNICODE_STRING LocalImageName;
485  _SEH2_TRY
486  {
487  ProbeForRead(ServiceData,
488  sizeof(APPHELP_CACHE_SERVICE_LOOKUP),
489  sizeof(ULONG));
490  LocalImageName = ServiceData->ImageName;
491  *ImageHandle = ServiceData->ImageHandle;
492  if (LocalImageName.Length && LocalImageName.Buffer)
493  {
494  ProbeForRead(LocalImageName.Buffer,
495  LocalImageName.Length * sizeof(WCHAR),
496  1);
497  ApphelpDuplicateUnicodeString(ImageName, &LocalImageName);
498  Status = STATUS_SUCCESS;
499  }
500  }
501  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
502  {
503  _SEH2_YIELD(return _SEH2_GetExceptionCode());
504  }
505  _SEH2_END;
506  }
507  if (!NT_SUCCESS(Status))
508  {
509  DPRINT1("SHIMS: ApphelpValidateData: invalid data passed\n");
510  }
511  return Status;
512 }
513 
514 NTSTATUS
515 ApphelpCacheRemoveEntryNolock(
516  _In_ PSHIM_CACHE_ENTRY Entry)
517 {
518  if (Entry)
519  {
520  PWSTR Buffer = Entry->Persistent.ImageName.Buffer;
521  RemoveEntryList(&Entry->List);
522  if (RtlDeleteElementGenericTableAvl(&ApphelpShimCache, Entry))
523  {
524  ApphelpFree(Buffer);
525  }
526  return STATUS_SUCCESS;
527  }
528  return STATUS_NOT_FOUND;
529 }
530 
531 NTSTATUS
532 ApphelpCacheLookupEntry(
533  _In_ PUNICODE_STRING ImageName,
534  _In_ HANDLE ImageHandle)
535 {
536  NTSTATUS Status = STATUS_NOT_FOUND;
537  SHIM_CACHE_ENTRY Lookup = EMPTY_SHIM_ENTRY;
538  PSHIM_CACHE_ENTRY Entry;
539 
540  if (!ApphelpCacheTryAcquireLock())
541  {
542  return Status;
543  }
544 
545  Lookup.Persistent.ImageName = *ImageName;
546  Entry = RtlLookupElementGenericTableAvl(&ApphelpShimCache, &Lookup);
547  if (Entry == NULL)
548  {
549  DPRINT("SHIMS: ApphelpCacheLookupEntry: could not find %wZ\n", ImageName);
550  goto Cleanup;
551  }
552 
553  DPRINT("SHIMS: ApphelpCacheLookupEntry: found %wZ\n", ImageName);
554  if (ImageHandle == INVALID_HANDLE_VALUE)
555  {
556  DPRINT("SHIMS: ApphelpCacheLookupEntry: ok\n");
557  /* just return if we know it, do not query file info */
558  Status = STATUS_SUCCESS;
559  }
560  else
561  {
562  Status = ApphelpCacheQueryInfo(ImageHandle, &Lookup);
563  if (NT_SUCCESS(Status) &&
564  Lookup.Persistent.DateTime.QuadPart == Entry->Persistent.DateTime.QuadPart &&
565  Lookup.Persistent.FileSize.QuadPart == Entry->Persistent.FileSize.QuadPart)
566  {
567  DPRINT("SHIMS: ApphelpCacheLookupEntry: found & validated\n");
568  Status = STATUS_SUCCESS;
569  /* move it to the front to keep it alive */
570  RemoveEntryList(&Entry->List);
571  InsertHeadList(&ApphelpShimCacheAge, &Entry->List);
572  }
573  else
574  {
575  DPRINT1("SHIMS: ApphelpCacheLookupEntry: file info mismatch (%lx)\n", Status);
576  Status = STATUS_NOT_FOUND;
577  /* Could not read file info, or it did not match, drop it from the cache */
578  ApphelpCacheRemoveEntryNolock(Entry);
579  }
580  }
581 
582 Cleanup:
583  ApphelpCacheReleaseLock();
584  return Status;
585 }
586 
587 NTSTATUS
588 ApphelpCacheRemoveEntry(
589  _In_ PUNICODE_STRING ImageName)
590 {
591  PSHIM_CACHE_ENTRY Entry;
592  NTSTATUS Status;
593 
594  ApphelpCacheAcquireLock();
595  Entry = RtlLookupElementGenericTableAvl(&ApphelpShimCache, ImageName);
596  Status = ApphelpCacheRemoveEntryNolock(Entry);
597  ApphelpCacheReleaseLock();
598  return Status;
599 }
600 
601 /* Validate that we are either called from r0, or from a service-like context */
602 NTSTATUS
603 ApphelpCacheAccessCheck(VOID)
604 {
605  if (ExGetPreviousMode() != KernelMode)
606  {
607  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, UserMode))
608  {
609  DPRINT1("SHIMS: ApphelpCacheAccessCheck failed\n");
610  return STATUS_ACCESS_DENIED;
611  }
612  }
613  return STATUS_SUCCESS;
614 }
615 
616 NTSTATUS
617 ApphelpCacheUpdateEntry(
618  _In_ PUNICODE_STRING ImageName,
619  _In_ HANDLE ImageHandle)
620 {
621  NTSTATUS Status = STATUS_SUCCESS;
622  SHIM_CACHE_ENTRY Entry = EMPTY_SHIM_ENTRY;
623  PSHIM_CACHE_ENTRY Lookup;
624  PVOID NodeOrParent;
625  TABLE_SEARCH_RESULT SearchResult;
626 
627  ApphelpCacheAcquireLock();
628 
629  /* If we got a file handle, query it for info */
630  if (ImageHandle != INVALID_HANDLE_VALUE)
631  {
632  Status = ApphelpCacheQueryInfo(ImageHandle, &Entry);
633  if (!NT_SUCCESS(Status))
634  {
635  goto Cleanup;
636  }
637  }
638 
639  /* Use ImageName for the lookup, don't actually duplicate it */
640  Entry.Persistent.ImageName = *ImageName;
641  Lookup = RtlLookupElementGenericTableFullAvl(&ApphelpShimCache,
642  &Entry,
643  &NodeOrParent, &SearchResult);
644  if (Lookup)
645  {
646  DPRINT("SHIMS: ApphelpCacheUpdateEntry: Entry already exists, reusing it\n");
647  /* Unlink the found item, so we can put it back at the front,
648  and copy the earlier obtained file info*/
649  RemoveEntryList(&Lookup->List);
650  Lookup->Persistent.DateTime = Entry.Persistent.DateTime;
651  Lookup->Persistent.FileSize = Entry.Persistent.FileSize;
652  }
653  else
654  {
655  DPRINT("SHIMS: ApphelpCacheUpdateEntry: Inserting new Entry\n");
656  /* Insert a new entry, with its own copy of the ImageName */
657  ApphelpDuplicateUnicodeString(&Entry.Persistent.ImageName, ImageName);
658  Lookup = RtlInsertElementGenericTableFullAvl(&ApphelpShimCache,
659  &Entry,
660  sizeof(Entry),
661  0,
662  NodeOrParent,
663  SearchResult);
664  if (!Lookup)
665  {
666  ApphelpFreeUnicodeString(&Entry.Persistent.ImageName);
667  Status = STATUS_NO_MEMORY;
668  }
669  }
670  if (Lookup)
671  {
672  /* Either we re-used an existing item, or we inserted a new one, keep it alive */
673  InsertHeadList(&ApphelpShimCacheAge, &Lookup->List);
674  if (RtlNumberGenericTableElementsAvl(&ApphelpShimCache) > MAX_SHIM_ENTRIES)
675  {
676  PSHIM_CACHE_ENTRY Remove;
677  DPRINT1("SHIMS: ApphelpCacheUpdateEntry: Cache growing too big, dropping oldest item\n");
678  Remove = CONTAINING_RECORD(ApphelpShimCacheAge.Blink, SHIM_CACHE_ENTRY, List);
679  Status = ApphelpCacheRemoveEntryNolock(Remove);
680  }
681  }
682 
683 Cleanup:
684  ApphelpCacheReleaseLock();
685  return Status;
686 }
687 
688 NTSTATUS
689 ApphelpCacheFlush(VOID)
690 {
691  PVOID p;
692 
693  DPRINT1("SHIMS: ApphelpCacheFlush\n");
694  ApphelpCacheAcquireLock();
695  while ((p = RtlEnumerateGenericTableAvl(&ApphelpShimCache, TRUE)))
696  {
697  ApphelpCacheRemoveEntryNolock((PSHIM_CACHE_ENTRY)p);
698  }
699  ApphelpCacheReleaseLock();
700  return STATUS_SUCCESS;
701 }
702 
703 NTSTATUS
704 ApphelpCacheDump(VOID)
705 {
706  PLIST_ENTRY ListEntry;
707  PSHIM_CACHE_ENTRY Entry;
708 
709  DPRINT1("SHIMS: NtApphelpCacheControl( Dumping entries, newest to oldest )\n");
710  ApphelpCacheAcquireLock();
711  ListEntry = ApphelpShimCacheAge.Flink;
712  while (ListEntry != &ApphelpShimCacheAge)
713  {
714  Entry = CONTAINING_RECORD(ListEntry, SHIM_CACHE_ENTRY, List);
715  DPRINT1("Entry: %wZ\n", &Entry->Persistent.ImageName);
716  DPRINT1("DateTime: 0x%I64x\n", Entry->Persistent.DateTime.QuadPart);
717  DPRINT1("FileSize: 0x%I64x\n", Entry->Persistent.FileSize.QuadPart);
718  DPRINT1("Flags: 0x%x\n", Entry->CompatFlags);
719  ListEntry = ListEntry->Flink;
720  }
721  ApphelpCacheReleaseLock();
722  return STATUS_SUCCESS;
723 }
724 
725 /* PUBLIC FUNCTIONS **********************************************************/
726 
727 NTSTATUS
728 NTAPI
729 NtApphelpCacheControl(
730  _In_ APPHELPCACHESERVICECLASS Service,
731  _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData)
732 {
733  NTSTATUS Status = STATUS_INVALID_PARAMETER;
734  UNICODE_STRING ImageName = { 0 };
735  HANDLE Handle = INVALID_HANDLE_VALUE;
736 
737  if (!ApphelpCacheEnabled)
738  {
739  DPRINT1("NtApphelpCacheControl: ApphelpCacheEnabled == 0\n");
740  return Status;
741  }
742  switch (Service)
743  {
744  case ApphelpCacheServiceLookup:
745  DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceLookup )\n");
746  Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
747  if (NT_SUCCESS(Status))
748  Status = ApphelpCacheLookupEntry(&ImageName, Handle);
749  break;
750  case ApphelpCacheServiceRemove:
751  DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceRemove )\n");
752  Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
753  if (NT_SUCCESS(Status))
754  Status = ApphelpCacheRemoveEntry(&ImageName);
755  break;
756  case ApphelpCacheServiceUpdate:
757  DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceUpdate )\n");
758  Status = ApphelpCacheAccessCheck();
759  if (NT_SUCCESS(Status))
760  {
761  Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
762  if (NT_SUCCESS(Status))
763  Status = ApphelpCacheUpdateEntry(&ImageName, Handle);
764  }
765  break;
766  case ApphelpCacheServiceFlush:
767  /* FIXME: Check for admin or system here. */
768  Status = ApphelpCacheFlush();
769  break;
770  case ApphelpCacheServiceDump:
771  Status = ApphelpCacheDump();
772  break;
773  case ApphelpDBGReadRegistry:
774  DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): flushing cache.\n");
775  ApphelpCacheFlush();
776  DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): reading cache.\n");
777  Status = ApphelpCacheRead() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
778  break;
779  case ApphelpDBGWriteRegistry:
780  DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGWriteRegistry ): writing cache.\n");
781  Status = ApphelpCacheWrite() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
782  break;
783  default:
784  DPRINT1("SHIMS: NtApphelpCacheControl( Invalid service requested )\n");
785  break;
786  }
787  if (ImageName.Buffer)
788  {
789  ApphelpFreeUnicodeString(&ImageName);
790  }
791  return Status;
792 }
793 
ApphelpCacheReleaseLock
VOID ApphelpCacheReleaseLock(VOID)
Definition: apphelp.c:135
ApphelpCacheParse
NTSTATUS ApphelpCacheParse(_In_reads_(DataLength) PUCHAR Data, _In_ ULONG DataLength)
Definition: apphelp.c:252
SHIM_PERSISTENT_CACHE_ENTRY_52::DateTime
LARGE_INTEGER DateTime
Definition: apphelp.c:60
ApphelpShimCacheAllocateRoutine
PVOID NTAPI ApphelpShimCacheAllocateRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ CLONG ByteSize)
Definition: apphelp.c:235
Table
ASMGENDATA Table[]
Definition: genincdata.c:61
SHIM_PERSISTENT_CACHE_HEADER
#define SHIM_PERSISTENT_CACHE_HEADER
Definition: apphelp.c:83
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
ROUND_UP
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
ApphelpCacheDump
NTSTATUS ApphelpCacheDump(VOID)
Definition: apphelp.c:704
TAG_SHIM
#define TAG_SHIM
Definition: apphelp.c:42
Entry
struct _Entry Entry
Definition: kefuncs.h:627
KEY_SET_VALUE
#define KEY_SET_VALUE
Definition: nt_native.h:1017
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
KeyHandle
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4711
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
Buffer
IN BOOLEAN OUT PSTR Buffer
Definition: progress.h:34
AppCompatCacheValue
static UNICODE_STRING AppCompatCacheValue
Definition: apphelp.c:38
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: apphelp.c:45
REG_BINARY
#define REG_BINARY
Definition: nt_native.h:1496
TRUE
#define TRUE
Definition: types.h:120
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_FILE_STANDARD_INFORMATION
Definition: propsheet.cpp:53
ZwClose
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
_LIST_ENTRY::Blink
struct _LIST_ENTRY * Blink
Definition: typedefs.h:122
InsertHeadList
FORCEINLINE VOID InsertHeadList(_Inout_ PLIST_ENTRY ListHead, _Inout_ __drv_aliasesMem PLIST_ENTRY Entry)
Definition: rtlfuncs.h:201
ApphelpShimCache
static RTL_AVL_TABLE ApphelpShimCache
Definition: apphelp.c:31
RtlDeleteElementGenericTableAvl
NTSYSAPI BOOLEAN NTAPI RtlDeleteElementGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer)
EMPTY_SHIM_ENTRY
#define EMPTY_SHIM_ENTRY
Definition: apphelp.c:40
PUCHAR
unsigned char * PUCHAR
Definition: retypes.h:3
_KEY_VALUE_PARTIAL_INFORMATION::Type
ULONG Type
Definition: nt_native.h:1167
Data
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG _In_opt_ PVOID Data
Definition: wdfdevice.h:4527
TABLE_SEARCH_RESULT
enum _TABLE_SEARCH_RESULT TABLE_SEARCH_RESULT
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
ApphelpCacheUpdateEntry
NTSTATUS ApphelpCacheUpdateEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:617
RtlLookupElementGenericTableFullAvl
NTSYSAPI PVOID NTAPI RtlLookupElementGenericTableFullAvl(_In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer, _Out_ PVOID *NodeOrParent, _Out_ TABLE_SEARCH_RESULT *SearchResult)
ExInitializeResourceLite
NTSTATUS ExInitializeResourceLite(PULONG res)
Definition: env_spec_w32.h:641
RtlInsertElementGenericTableFullAvl
NTSYSAPI PVOID NTAPI RtlInsertElementGenericTableFullAvl(_In_ PRTL_AVL_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement, _In_ PVOID NodeOrParent, _In_ TABLE_SEARCH_RESULT SearchResult)
_KEY_VALUE_PARTIAL_INFORMATION::DataLength
ULONG DataLength
Definition: nt_native.h:1168
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
ApphelpCacheQueryInfo
NTSTATUS ApphelpCacheQueryInfo(_In_ HANDLE ImageHandle, _Out_ PSHIM_CACHE_ENTRY Entry)
Definition: apphelp.c:176
_RTL_AVL_TABLE
Definition: rtltypes.h:421
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
_In_opt_
#define _In_opt_
Definition: no_sal2.h:212
ApphelpCacheRead
BOOLEAN ApphelpCacheRead(VOID)
Definition: apphelp.c:307
C_ASSERT
C_ASSERT(sizeof(SHIM_PERSISTENT_CACHE_ENTRY)==SHIM_PERSISTENT_CACHE_ENTRY_SIZE)
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
ApphelpFreeUnicodeString
VOID ApphelpFreeUnicodeString(_Inout_ PUNICODE_STRING String)
Definition: apphelp.c:162
RemoveEntryList
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
ExAcquireResourceExclusiveLite
BOOLEAN NTAPI ExAcquireResourceExclusiveLite(IN PERESOURCE Resource, IN BOOLEAN Wait)
Definition: resource.c:770
Lookup
static void Lookup(RTF_Info *, char *)
Definition: reader.c:2228
CLONG
ULONG CLONG
Definition: umtypes.h:126
SHIM_PERSISTENT_CACHE_HEADER_52
struct SHIM_PERSISTENT_CACHE_HEADER_52 SHIM_PERSISTENT_CACHE_HEADER_52
SHIM_PERSISTENT_CACHE_ENTRY_52
Definition: apphelp.c:57
String
_Must_inspect_result_ _In_ WDFDEVICE _In_ WDFSTRING String
Definition: wdfdevice.h:2430
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
FALSE
#define FALSE
Definition: types.h:117
UNICODE_NULL
#define UNICODE_NULL
SHIM_CACHE_HEADER_SIZE
#define SHIM_CACHE_HEADER_SIZE
Definition: apphelp.c:77
Header
Definition: Header.h:8
LONG
long LONG
Definition: pedump.c:60
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
PSHIM_PERSISTENT_CACHE_ENTRY_52
struct SHIM_PERSISTENT_CACHE_ENTRY_52 * PSHIM_PERSISTENT_CACHE_ENTRY_52
PSHIM_CACHE_ENTRY
struct SHIM_CACHE_ENTRY * PSHIM_CACHE_ENTRY
RtlInsertElementGenericTableAvl
NTSYSAPI PVOID NTAPI RtlInsertElementGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement)
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
SHIM_CACHE_ENTRY::Persistent
SHIM_PERSISTENT_CACHE_ENTRY Persistent
Definition: apphelp.c:95
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
ApphelpCacheWrite
BOOLEAN ApphelpCacheWrite(VOID)
Definition: apphelp.c:363
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
_Out_
#define _Out_
Definition: no_sal2.h:160
FileBasicInformation
Definition: from_kernel.h:65
_FILE_STANDARD_INFORMATION::EndOfFile
LARGE_INTEGER EndOfFile
Definition: propsheet.cpp:55
PSHIM_PERSISTENT_CACHE_HEADER
#define PSHIM_PERSISTENT_CACHE_HEADER
Definition: apphelp.c:84
Remove
_In_ BOOLEAN Remove
Definition: psfuncs.h:110
DataLength
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1437
Buffer
Definition: bufpool.h:45
KeyValuePartialInformation
Definition: nt_native.h:1182
SHIM_PERSISTENT_CACHE_ENTRY_SIZE
#define SHIM_PERSISTENT_CACHE_ENTRY_SIZE
Definition: apphelp.c:81
CONTAINING_RECORD
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
_APPHELP_CACHE_SERVICE_LOOKUP
Definition: pstypes.h:943
SHIM_CACHE_ENTRY::CompatFlags
ULONG CompatFlags
Definition: apphelp.c:96
Status
Status
Definition: gdiplustypes.h:24
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
InitSafeBootMode
ULONG InitSafeBootMode
Definition: init.c:69
ApphelpCacheAccessCheck
NTSTATUS ApphelpCacheAccessCheck(VOID)
Definition: apphelp.c:603
_FILE_BASIC_INFORMATION::LastWriteTime
LARGE_INTEGER LastWriteTime
Definition: nt_native.h:941
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
SecondStruct
_IRQL_requires_same_ _In_ PVOID _In_ PVOID SecondStruct
Definition: rtltypes.h:383
ApphelpCacheEnabled
static BOOLEAN ApphelpCacheEnabled
Definition: apphelp.c:29
SHIM_PERSISTENT_CACHE_HEADER_52
Definition: apphelp.c:50
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
RtlEnumerateGenericTableAvl
_Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlEnumerateGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_ BOOLEAN Restart)
PSHIM_PERSISTENT_CACHE_HEADER_52
struct SHIM_PERSISTENT_CACHE_HEADER_52 * PSHIM_PERSISTENT_CACHE_HEADER_52
ULONGLONG
uint64_t ULONGLONG
Definition: typedefs.h:67
ApphelpShimCacheFreeRoutine
VOID NTAPI ApphelpShimCacheFreeRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID Buffer)
Definition: apphelp.c:244
RtlNumberGenericTableElementsAvl
NTSYSAPI ULONG NTAPI RtlNumberGenericTableElementsAvl(_In_ PRTL_AVL_TABLE Table)
NtApphelpCacheControl
NTSTATUS NTAPI NtApphelpCacheControl(_In_ APPHELPCACHESERVICECLASS Service, _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData)
Definition: apphelp.c:729
Destination
_In_ PUNICODE_STRING _Inout_ PUNICODE_STRING Destination
Definition: rtlfuncs.h:2937
STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
_Inout_
#define _Inout_
Definition: no_sal2.h:162
CODE_SEG
CODE_SEG("INIT")
Definition: fsrtlpc.c:19
ExReleaseResourceLite
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1817
ApphelpShimCacheAge
static LIST_ENTRY ApphelpShimCacheAge
Definition: apphelp.c:32
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PWCH
WCHAR * PWCH
Definition: ntbasedef.h:410
SHIM_CACHE_ENTRY
Definition: apphelp.c:92
MAX_SHIM_ENTRIES
#define MAX_SHIM_ENTRIES
Definition: apphelp.c:41
ImageName
static const char * ImageName
Definition: image.c:34
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
L
static const WCHAR L[]
Definition: oid.c:1250
PSHIM_PERSISTENT_CACHE_ENTRY
#define PSHIM_PERSISTENT_CACHE_ENTRY
Definition: apphelp.c:86
RtlCompareUnicodeString
ULONG RtlCompareUnicodeString(PUNICODE_STRING s1, PUNICODE_STRING s2, BOOLEAN UpCase)
Definition: string_lib.cpp:31
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
List
_Must_inspect_result_ _In_ WDFCMRESLIST List
Definition: wdfresource.h:550
KeEnterCriticalRegion
#define KeEnterCriticalRegion()
Definition: ke_x.h:83
FirstStruct
_IRQL_requires_same_ _In_ PVOID FirstStruct
Definition: rtltypes.h:383
RtlInitializeGenericTableAvl
VOID NTAPI RtlInitializeGenericTableAvl(IN OUT PRTL_AVL_TABLE Table, IN PRTL_AVL_COMPARE_ROUTINE CompareRoutine, IN PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine, IN PRTL_AVL_FREE_ROUTINE FreeRoutine, IN PVOID TableContext)
Definition: avltable.c:26
ApphelpCacheShutdown
VOID NTAPI ApphelpCacheShutdown(VOID)
Definition: apphelp.c:466
_LIST_ENTRY
Definition: typedefs.h:119
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
SHIM_PERSISTENT_CACHE_ENTRY_52::FileSize
LARGE_INTEGER FileSize
Definition: apphelp.c:61
SHIM_CACHE_ENTRY::List
LIST_ENTRY List
Definition: apphelp.c:94
ApphelpShimCacheCompareRoutine
RTL_GENERIC_COMPARE_RESULTS NTAPI ApphelpShimCacheCompareRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID FirstStruct, _In_ PVOID SecondStruct)
Definition: apphelp.c:210
Length
static PWSTR SIZE_T Length
Definition: apphelp.c:91
AppCompatCacheKey
static UNICODE_STRING AppCompatCacheKey
Definition: apphelp.c:36
ApphelpCacheAcquireLock
VOID ApphelpCacheAcquireLock(VOID)
Definition: apphelp.c:116
SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:24
_In_
#define _In_
Definition: no_sal2.h:158
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870
_UNICODE_STRING
Definition: env_spec_w32.h:368
RTL_CONSTANT_OBJECT_ATTRIBUTES
#define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a)
Definition: ntdef.template.h:305
_SEH2_END
_SEH2_END
Definition: create.c:4400
SHIM_PERSISTENT_CACHE_ENTRY
#define SHIM_PERSISTENT_CACHE_ENTRY
Definition: apphelp.c:85
KeLeaveCriticalRegion
#define KeLeaveCriticalRegion()
Definition: ke_x.h:114
STATUS_BUFFER_OVERFLOW
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
USHORT
unsigned short USHORT
Definition: pedump.c:61
ApphelpDuplicateUnicodeString
VOID ApphelpDuplicateUnicodeString(_Out_ PUNICODE_STRING Destination, _In_ PCUNICODE_STRING Source)
Definition: apphelp.c:142
KEY_QUERY_VALUE
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
KEY_VALUE_PARTIAL_INFORMATION
struct _KEY_VALUE_PARTIAL_INFORMATION KEY_VALUE_PARTIAL_INFORMATION
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
ExTryToAcquireResourceExclusiveLite
BOOLEAN NTAPI ExTryToAcquireResourceExclusiveLite(IN PERESOURCE Resource)
Definition: resource.c:2129
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
ApphelpValidateData
NTSTATUS ApphelpValidateData(_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData, _Out_ PUNICODE_STRING ImageName, _Out_ PHANDLE ImageHandle)
Definition: apphelp.c:475
APPHELPCACHESERVICECLASS
enum _APPHELPCACHESERVICECLASS APPHELPCACHESERVICECLASS
IoStatusBlock
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
SHIM_PERSISTENT_CACHE_HEADER_52::Magic
ULONG Magic
Definition: apphelp.c:52
NULL
#define NULL
Definition: types.h:112
RTL_GENERIC_COMPARE_RESULTS
enum _RTL_GENERIC_COMPARE_RESULTS RTL_GENERIC_COMPARE_RESULTS
_KEY_VALUE_PARTIAL_INFORMATION
Definition: nt_native.h:1165
_LARGE_INTEGER
Definition: typedefs.h:102
DPRINT1
#define DPRINT1
Definition: precomp.h:8
FileStandardInformation
#define FileStandardInformation
Definition: propsheet.cpp:61
_FILE_BASIC_INFORMATION
Definition: nt_native.h:938
ApphelpAlloc
PVOID ApphelpAlloc(_In_ ULONG ByteSize)
Definition: apphelp.c:102
Handle
_In_ HANDLE Handle
Definition: extypes.h:390
ApphelpCacheRemoveEntryNolock
NTSTATUS ApphelpCacheRemoveEntryNolock(_In_ PSHIM_CACHE_ENTRY Entry)
Definition: apphelp.c:515
ERESOURCE
ULONG ERESOURCE
Definition: env_spec_w32.h:594
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlLookupElementGenericTableAvl
_Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlLookupElementGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer)
SHIM_PERSISTENT_CACHE_ENTRY_52::ImageName
UNICODE_STRING ImageName
Definition: apphelp.c:59
ApphelpCacheLock
static ERESOURCE ApphelpCacheLock
Definition: apphelp.c:30
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
SHIM_CACHE_MAGIC
#define SHIM_CACHE_MAGIC
Definition: apphelp.c:76
Source
_In_ UINT _In_ UINT _In_ PNDIS_PACKET Source
Definition: ndis.h:3167
ApphelpFree
VOID ApphelpFree(_In_ PVOID Data)
Definition: apphelp.c:109
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
SHIM_PERSISTENT_CACHE_HEADER_52::NumEntries
ULONG NumEntries
Definition: apphelp.c:53
AppCompatKeyAttributes
static OBJECT_ATTRIBUTES AppCompatKeyAttributes
Definition: apphelp.c:37
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
p
GLfloat GLfloat p
Definition: glext.h:8902
DPRINT
#define DPRINT
Definition: sndvol32.h:71
ApphelpCacheTryAcquireLock
BOOLEAN ApphelpCacheTryAcquireLock(VOID)
Definition: apphelp.c:123
_In_reads_
#define _In_reads_(s)
Definition: no_sal2.h:168
_KEY_VALUE_PARTIAL_INFORMATION::Data
UCHAR Data[1]
Definition: nt_native.h:1169
ByteSize
_IRQL_requires_same_ _In_ CLONG ByteSize
Definition: rtltypes.h:393
CACHE_HEADER_SIZE_NT_52
#define CACHE_HEADER_SIZE_NT_52
Definition: apphelp.c:67
SHIM_CACHE_ENTRY
struct SHIM_CACHE_ENTRY SHIM_CACHE_ENTRY
Entry
base of all file and directory entries
Definition: entries.h:82
ApphelpCacheRemoveEntry
NTSTATUS ApphelpCacheRemoveEntry(_In_ PUNICODE_STRING ImageName)
Definition: apphelp.c:588
ApphelpCacheInitialize
NTSTATUS NTAPI ApphelpCacheInitialize(VOID)
Definition: apphelp.c:440
RTL_CONSTANT_STRING
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14
ApphelpCacheFlush
NTSTATUS ApphelpCacheFlush(VOID)
Definition: apphelp.c:689
SHIM_PERSISTENT_CACHE_ENTRY_52
struct SHIM_PERSISTENT_CACHE_ENTRY_52 SHIM_PERSISTENT_CACHE_ENTRY_52
ApphelpCacheLookupEntry
NTSTATUS ApphelpCacheLookupEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:532