ReactOS 0.4.15-dev-6675-gcbc63d8
apphelp.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS Kernel
3 * LICENSE: BSD - See COPYING.ARM in the top level directory
4 * FILE: ntoskrnl/ps/apphelp.c
5 * PURPOSE: SHIM engine caching.
6 * This caching speeds up checks for the apphelp compatibility layer.
7 * PROGRAMMERS: Mark Jansen
8 */
9
10/*
11Useful references:
12https://github.com/mandiant/ShimCacheParser/blob/master/ShimCacheParser.py
13http://technet.microsoft.com/en-us/library/dd837644(v=ws.10).aspx
14http://msdn.microsoft.com/en-us/library/bb432182(v=vs.85).aspx
15http://www.alex-ionescu.com/?p=43
16http://recxltd.blogspot.nl/2012/04/windows-appcompat-research-notes-part-1.html
17http://journeyintoir.blogspot.ch/2013/12/revealing-recentfilecachebcf-file.html
18https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf
19*/
20
21/* INCLUDES ******************************************************************/
22
23#include <ntoskrnl.h>
24#define NDEBUG
25#include <debug.h>
26
27/* GLOBALS *******************************************************************/
28
29static BOOLEAN ApphelpCacheEnabled = FALSE;
30static ERESOURCE ApphelpCacheLock;
31static RTL_AVL_TABLE ApphelpShimCache;
32static LIST_ENTRY ApphelpShimCacheAge;
33
34extern ULONG InitSafeBootMode;
35
36static UNICODE_STRING AppCompatCacheKey = RTL_CONSTANT_STRING(L"\\Registry\\MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\AppCompatCache");
37static OBJECT_ATTRIBUTES AppCompatKeyAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES(&AppCompatCacheKey, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE);
38static UNICODE_STRING AppCompatCacheValue = RTL_CONSTANT_STRING(L"AppCompatCache");
39
40#define EMPTY_SHIM_ENTRY { { 0 }, { { 0 } }, 0 }
41#define MAX_SHIM_ENTRIES 0x200
42
43#ifndef INVALID_HANDLE_VALUE
44#define INVALID_HANDLE_VALUE (HANDLE)(-1)
45#endif
46
47#include <pshpack1.h>
48
49typedef struct SHIM_PERSISTENT_CACHE_HEADER_52
50{
51 ULONG Magic;
52 ULONG NumEntries;
53} SHIM_PERSISTENT_CACHE_HEADER_52, *PSHIM_PERSISTENT_CACHE_HEADER_52;
54
55/* The data that is present in the registry (Win2k3 version) */
56typedef struct SHIM_PERSISTENT_CACHE_ENTRY_52
57{
58 UNICODE_STRING ImageName;
59 LARGE_INTEGER DateTime;
60 LARGE_INTEGER FileSize;
61} SHIM_PERSISTENT_CACHE_ENTRY_52, *PSHIM_PERSISTENT_CACHE_ENTRY_52;
62
63#include <poppack.h>
64
65#define CACHE_MAGIC_NT_52 0xbadc0ffe
66#define CACHE_HEADER_SIZE_NT_52 0x8
67#define NT52_PERSISTENT_ENTRY_SIZE32 0x18
68#define NT52_PERSISTENT_ENTRY_SIZE64 0x20
69
70//#define CACHE_MAGIC_NT_61 0xbadc0fee
71//#define CACHE_HEADER_SIZE_NT_61 0x80
72//#define NT61_PERSISTENT_ENTRY_SIZE32 0x20
73//#define NT61_PERSISTENT_ENTRY_SIZE64 0x30
74
75#define SHIM_CACHE_MAGIC CACHE_MAGIC_NT_52
76#define SHIM_CACHE_HEADER_SIZE CACHE_HEADER_SIZE_NT_52
77#ifdef _WIN64
78#define SHIM_PERSISTENT_CACHE_ENTRY_SIZE NT52_PERSISTENT_ENTRY_SIZE64
79#else
80#define SHIM_PERSISTENT_CACHE_ENTRY_SIZE NT52_PERSISTENT_ENTRY_SIZE32
81#endif
82#define SHIM_PERSISTENT_CACHE_HEADER SHIM_PERSISTENT_CACHE_HEADER_52
83#define PSHIM_PERSISTENT_CACHE_HEADER PSHIM_PERSISTENT_CACHE_HEADER_52
84#define SHIM_PERSISTENT_CACHE_ENTRY SHIM_PERSISTENT_CACHE_ENTRY_52
85#define PSHIM_PERSISTENT_CACHE_ENTRY PSHIM_PERSISTENT_CACHE_ENTRY_52
86
87C_ASSERT(sizeof(SHIM_PERSISTENT_CACHE_ENTRY) == SHIM_PERSISTENT_CACHE_ENTRY_SIZE);
88C_ASSERT(sizeof(SHIM_PERSISTENT_CACHE_HEADER) == SHIM_CACHE_HEADER_SIZE);
89
90/* The struct we keep in memory */
91typedef struct SHIM_CACHE_ENTRY
92{
93 LIST_ENTRY List;
94 SHIM_PERSISTENT_CACHE_ENTRY Persistent;
95 ULONG CompatFlags;
96} SHIM_CACHE_ENTRY, *PSHIM_CACHE_ENTRY;
97
98/* PRIVATE FUNCTIONS *********************************************************/
99
100PVOID
101ApphelpAlloc(
102 _In_ ULONG ByteSize)
103{
104 return ExAllocatePoolWithTag(PagedPool, ByteSize, TAG_SHIM);
105}
106
107VOID
108ApphelpFree(
109 _In_ PVOID Data)
110{
111 ExFreePoolWithTag(Data, TAG_SHIM);
112}
113
114VOID
115ApphelpCacheAcquireLock(VOID)
116{
117 KeEnterCriticalRegion();
118 ExAcquireResourceExclusiveLite(&ApphelpCacheLock, TRUE);
119}
120
121BOOLEAN
122ApphelpCacheTryAcquireLock(VOID)
123{
124 KeEnterCriticalRegion();
125 if (!ExTryToAcquireResourceExclusiveLite(&ApphelpCacheLock))
126 {
127 KeLeaveCriticalRegion();
128 return FALSE;
129 }
130 return TRUE;
131}
132
133VOID
134ApphelpCacheReleaseLock(VOID)
135{
136 ExReleaseResourceLite(&ApphelpCacheLock);
137 KeLeaveCriticalRegion();
138}
139
140VOID
141ApphelpDuplicateUnicodeString(
142 _Out_ PUNICODE_STRING Destination,
143 _In_ PCUNICODE_STRING Source)
144{
145 Destination->Length = Source->Length;
146 if (Destination->Length)
147 {
148 Destination->MaximumLength = Destination->Length + sizeof(WCHAR);
149 Destination->Buffer = ApphelpAlloc(Destination->MaximumLength);
150 RtlCopyMemory(Destination->Buffer, Source->Buffer, Destination->Length);
151 Destination->Buffer[Destination->Length / sizeof(WCHAR)] = UNICODE_NULL;
152 }
153 else
154 {
155 Destination->MaximumLength = 0;
156 Destination->Buffer = NULL;
157 }
158}
159
160VOID
161ApphelpFreeUnicodeString(
162 _Inout_ PUNICODE_STRING String)
163{
164 if (String->Buffer)
165 {
166 ApphelpFree(String->Buffer);
167 }
168 String->Length = 0;
169 String->MaximumLength = 0;
170 String->Buffer = NULL;
171}
172
173/* Query file info from a handle, storing it in Entry */
174NTSTATUS
175ApphelpCacheQueryInfo(
176 _In_ HANDLE ImageHandle,
177 _Out_ PSHIM_CACHE_ENTRY Entry)
178{
179 IO_STATUS_BLOCK IoStatusBlock;
180 FILE_BASIC_INFORMATION FileBasic;
181 FILE_STANDARD_INFORMATION FileStandard;
182 NTSTATUS Status;
183
184 Status = ZwQueryInformationFile(ImageHandle,
185 &IoStatusBlock,
186 &FileBasic,
187 sizeof(FileBasic),
188 FileBasicInformation);
189 if (!NT_SUCCESS(Status))
190 {
191 return Status;
192 }
193
194 Status = ZwQueryInformationFile(ImageHandle,
195 &IoStatusBlock,
196 &FileStandard,
197 sizeof(FileStandard),
198 FileStandardInformation);
199 if (NT_SUCCESS(Status))
200 {
201 Entry->Persistent.DateTime = FileBasic.LastWriteTime;
202 Entry->Persistent.FileSize = FileStandard.EndOfFile;
203 }
204 return Status;
205}
206
207RTL_GENERIC_COMPARE_RESULTS
208NTAPI
209ApphelpShimCacheCompareRoutine(
210 _In_ struct _RTL_AVL_TABLE *Table,
211 _In_ PVOID FirstStruct,
212 _In_ PVOID SecondStruct)
213{
214 PSHIM_CACHE_ENTRY FirstEntry = FirstStruct;
215 PSHIM_CACHE_ENTRY SecondEntry = SecondStruct;
216 LONG Result;
217
218 Result = RtlCompareUnicodeString(&FirstEntry->Persistent.ImageName,
219 &SecondEntry->Persistent.ImageName,
220 TRUE);
221 if (Result < 0)
222 {
223 return GenericLessThan;
224 }
225 else if (Result == 0)
226 {
227 return GenericEqual;
228 }
229 return GenericGreaterThan;
230}
231
232PVOID
233NTAPI
234ApphelpShimCacheAllocateRoutine(
235 _In_ struct _RTL_AVL_TABLE *Table,
236 _In_ CLONG ByteSize)
237{
238 return ApphelpAlloc(ByteSize);
239}
240
241VOID
242NTAPI
243ApphelpShimCacheFreeRoutine(
244 _In_ struct _RTL_AVL_TABLE *Table,
245 _In_ PVOID Buffer)
246{
247 ApphelpFree(Buffer);
248}
249
250NTSTATUS
251ApphelpCacheParse(
252 _In_reads_(DataLength) PUCHAR Data,
253 _In_ ULONG DataLength)
254{
255 PSHIM_PERSISTENT_CACHE_HEADER Header = (PSHIM_PERSISTENT_CACHE_HEADER)Data;
256 ULONG Cur;
257 ULONG NumEntries;
258 UNICODE_STRING String;
259 SHIM_CACHE_ENTRY Entry = EMPTY_SHIM_ENTRY;
260 PSHIM_CACHE_ENTRY Result;
261 PSHIM_PERSISTENT_CACHE_ENTRY Persistent;
262
263 if (DataLength < CACHE_HEADER_SIZE_NT_52)
264 {
265 DPRINT1("SHIMS: ApphelpCacheParse not enough data for a minimal header (0x%x)\n", DataLength);
266 return STATUS_INVALID_PARAMETER;
267 }
268
269 if (Header->Magic != SHIM_CACHE_MAGIC)
270 {
271 DPRINT1("SHIMS: ApphelpCacheParse found invalid magic (0x%x)\n", Header->Magic);
272 return STATUS_INVALID_PARAMETER;
273 }
274
275 NumEntries = Header->NumEntries;
276 DPRINT("SHIMS: ApphelpCacheParse walking %d entries\n", NumEntries);
277 for (Cur = 0; Cur < NumEntries; ++Cur)
278 {
279 Persistent = (PSHIM_PERSISTENT_CACHE_ENTRY)(Data + SHIM_CACHE_HEADER_SIZE +
280 (Cur * SHIM_PERSISTENT_CACHE_ENTRY_SIZE));
281 /* The entry in the Persistent storage is not really a UNICODE_STRING,
282 so we have to convert the offset into a real pointer before using it. */
283 String.Length = Persistent->ImageName.Length;
284 String.MaximumLength = Persistent->ImageName.MaximumLength;
285 String.Buffer = (PWCHAR)((ULONG_PTR)Persistent->ImageName.Buffer + Data);
286
287 /* Now we copy all data to a local buffer, that can be safely duplicated by RtlInsert */
288 Entry.Persistent = *Persistent;
289 ApphelpDuplicateUnicodeString(&Entry.Persistent.ImageName, &String);
290 Result = RtlInsertElementGenericTableAvl(&ApphelpShimCache,
291 &Entry,
292 sizeof(Entry),
293 NULL);
294 if (!Result)
295 {
296 DPRINT1("SHIMS: ApphelpCacheParse insert failed\n");
297 ApphelpFreeUnicodeString(&Entry.Persistent.ImageName);
298 return STATUS_INVALID_PARAMETER;
299 }
300 InsertTailList(&ApphelpShimCacheAge, &Result->List);
301 }
302 return STATUS_SUCCESS;
303}
304
305BOOLEAN
306ApphelpCacheRead(VOID)
307{
308 HANDLE KeyHandle;
309 NTSTATUS Status;
310 KEY_VALUE_PARTIAL_INFORMATION KeyValueObject;
311 PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation = &KeyValueObject;
312 ULONG KeyInfoSize, ResultSize;
313
314 Status = ZwOpenKey(&KeyHandle, KEY_QUERY_VALUE, &AppCompatKeyAttributes);
315 if (!NT_SUCCESS(Status))
316 {
317 DPRINT1("SHIMS: ApphelpCacheRead could not even open Session Manager\\AppCompatCache (0x%x)\n", Status);
318 return FALSE;
319 }
320
321 Status = ZwQueryValueKey(KeyHandle,
322 &AppCompatCacheValue,
323 KeyValuePartialInformation,
324 KeyValueInformation,
325 sizeof(KeyValueObject),
326 &ResultSize);
327 if (Status == STATUS_BUFFER_OVERFLOW)
328 {
329 KeyInfoSize = sizeof(KEY_VALUE_PARTIAL_INFORMATION) + KeyValueInformation->DataLength;
330 KeyValueInformation = ApphelpAlloc(KeyInfoSize);
331 if (KeyValueInformation != NULL)
332 {
333 Status = ZwQueryValueKey(KeyHandle,
334 &AppCompatCacheValue,
335 KeyValuePartialInformation,
336 KeyValueInformation,
337 KeyInfoSize,
338 &ResultSize);
339 }
340 }
341
342 if (NT_SUCCESS(Status) && KeyValueInformation->Type == REG_BINARY)
343 {
344 Status = ApphelpCacheParse(KeyValueInformation->Data,
345 KeyValueInformation->DataLength);
346 }
347 else
348 {
349 DPRINT1("SHIMS: ApphelpCacheRead not loaded from registry (0x%x)\n", Status);
350 }
351
352 if (KeyValueInformation != &KeyValueObject && KeyValueInformation != NULL)
353 {
354 ApphelpFree(KeyValueInformation);
355 }
356
357 ZwClose(KeyHandle);
358 return NT_SUCCESS(Status);
359}
360
361BOOLEAN
362ApphelpCacheWrite(VOID)
363{
364 ULONG Length = SHIM_CACHE_HEADER_SIZE;
365 ULONG NumEntries = 0;
366 PLIST_ENTRY ListEntry;
367 PUCHAR Buffer, BufferNamePos;
368 PSHIM_PERSISTENT_CACHE_HEADER Header;
369 PSHIM_PERSISTENT_CACHE_ENTRY WriteEntry;
370 HANDLE KeyHandle;
371 NTSTATUS Status;
372
373 /* First we have to calculate the required size. */
374 ApphelpCacheAcquireLock();
375 ListEntry = ApphelpShimCacheAge.Flink;
376 while (ListEntry != &ApphelpShimCacheAge)
377 {
378 PSHIM_CACHE_ENTRY Entry = CONTAINING_RECORD(ListEntry, SHIM_CACHE_ENTRY, List);
379 Length += SHIM_PERSISTENT_CACHE_ENTRY_SIZE;
380 Length += Entry->Persistent.ImageName.MaximumLength;
381 ++NumEntries;
382 ListEntry = ListEntry->Flink;
383 }
384 DPRINT("SHIMS: ApphelpCacheWrite, %d Entries, total size: %d\n", NumEntries, Length);
385 Length = ROUND_UP(Length, sizeof(ULONGLONG));
386 DPRINT("SHIMS: ApphelpCacheWrite, Rounded to: %d\n", Length);
387
388 /* Now we allocate and prepare some helpers */
389 Buffer = ApphelpAlloc(Length);
390 BufferNamePos = Buffer + Length;
391 Header = (PSHIM_PERSISTENT_CACHE_HEADER)Buffer;
392 WriteEntry = (PSHIM_PERSISTENT_CACHE_ENTRY)(Buffer + SHIM_CACHE_HEADER_SIZE);
393
394 Header->Magic = SHIM_CACHE_MAGIC;
395 Header->NumEntries = NumEntries;
396
397 ListEntry = ApphelpShimCacheAge.Flink;
398 while (ListEntry != &ApphelpShimCacheAge)
399 {
400 PSHIM_CACHE_ENTRY Entry = CONTAINING_RECORD(ListEntry, SHIM_CACHE_ENTRY, List);
401 USHORT ImageNameLen = Entry->Persistent.ImageName.MaximumLength;
402 /* Copy the Persistent structure over */
403 *WriteEntry = Entry->Persistent;
404 BufferNamePos -= ImageNameLen;
405 /* Copy the image name over */
406 RtlCopyMemory(BufferNamePos, Entry->Persistent.ImageName.Buffer, ImageNameLen);
407 /* Fix the Persistent structure, so that Buffer is once again an offset */
408 WriteEntry->ImageName.Buffer = (PWCH)(BufferNamePos - Buffer);
409
410 ++WriteEntry;
411 ListEntry = ListEntry->Flink;
412 }
413 ApphelpCacheReleaseLock();
414
415 Status = ZwOpenKey(&KeyHandle, KEY_SET_VALUE, &AppCompatKeyAttributes);
416 if (NT_SUCCESS(Status))
417 {
418 Status = ZwSetValueKey(KeyHandle,
419 &AppCompatCacheValue,
420 0,
421 REG_BINARY,
422 Buffer,
423 Length);
424 ZwClose(KeyHandle);
425 }
426 else
427 {
428 DPRINT1("SHIMS: ApphelpCacheWrite could not even open Session Manager\\AppCompatCache (0x%x)\n", Status);
429 }
430
431 ApphelpFree(Buffer);
432 return NT_SUCCESS(Status);
433}
434
435
436CODE_SEG("INIT")
437NTSTATUS
438NTAPI
439ApphelpCacheInitialize(VOID)
440{
441 DPRINT("SHIMS: ApphelpCacheInitialize\n");
442 /* If we are booting in safemode we do not want to use the apphelp cache */
443 if (InitSafeBootMode)
444 {
445 DPRINT1("SHIMS: Safe mode detected, disabling cache.\n");
446 ApphelpCacheEnabled = FALSE;
447 }
448 else
449 {
450 ExInitializeResourceLite(&ApphelpCacheLock);
451 RtlInitializeGenericTableAvl(&ApphelpShimCache,
452 ApphelpShimCacheCompareRoutine,
453 ApphelpShimCacheAllocateRoutine,
454 ApphelpShimCacheFreeRoutine,
455 NULL);
456 InitializeListHead(&ApphelpShimCacheAge);
457 ApphelpCacheEnabled = ApphelpCacheRead();
458 }
459 DPRINT("SHIMS: ApphelpCacheInitialize: %d\n", ApphelpCacheEnabled);
460 return STATUS_SUCCESS;
461}
462
463VOID
464NTAPI
465ApphelpCacheShutdown(VOID)
466{
467 if (ApphelpCacheEnabled)
468 {
469 ApphelpCacheWrite();
470 }
471}
472
473NTSTATUS
474ApphelpValidateData(
475 _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData,
476 _Out_ PUNICODE_STRING ImageName,
477 _Out_ PHANDLE ImageHandle)
478{
479 NTSTATUS Status = STATUS_INVALID_PARAMETER;
480
481 if (ServiceData)
482 {
483 UNICODE_STRING LocalImageName;
484 _SEH2_TRY
485 {
486 ProbeForRead(ServiceData,
487 sizeof(APPHELP_CACHE_SERVICE_LOOKUP),
488 sizeof(ULONG));
489 LocalImageName = ServiceData->ImageName;
490 *ImageHandle = ServiceData->ImageHandle;
491 if (LocalImageName.Length && LocalImageName.Buffer)
492 {
493 ProbeForRead(LocalImageName.Buffer,
494 LocalImageName.Length * sizeof(WCHAR),
495 1);
496 ApphelpDuplicateUnicodeString(ImageName, &LocalImageName);
497 Status = STATUS_SUCCESS;
498 }
499 }
500 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
501 {
502 _SEH2_YIELD(return _SEH2_GetExceptionCode());
503 }
504 _SEH2_END;
505 }
506 if (!NT_SUCCESS(Status))
507 {
508 DPRINT1("SHIMS: ApphelpValidateData: invalid data passed\n");
509 }
510 return Status;
511}
512
513NTSTATUS
514ApphelpCacheRemoveEntryNolock(
515 _In_ PSHIM_CACHE_ENTRY Entry)
516{
517 if (Entry)
518 {
519 PWSTR Buffer = Entry->Persistent.ImageName.Buffer;
520 RemoveEntryList(&Entry->List);
521 if (RtlDeleteElementGenericTableAvl(&ApphelpShimCache, Entry))
522 {
523 ApphelpFree(Buffer);
524 }
525 return STATUS_SUCCESS;
526 }
527 return STATUS_NOT_FOUND;
528}
529
530NTSTATUS
531ApphelpCacheLookupEntry(
532 _In_ PUNICODE_STRING ImageName,
533 _In_ HANDLE ImageHandle)
534{
535 NTSTATUS Status = STATUS_NOT_FOUND;
536 SHIM_CACHE_ENTRY Lookup = EMPTY_SHIM_ENTRY;
537 PSHIM_CACHE_ENTRY Entry;
538
539 if (!ApphelpCacheTryAcquireLock())
540 {
541 return Status;
542 }
543
544 Lookup.Persistent.ImageName = *ImageName;
545 Entry = RtlLookupElementGenericTableAvl(&ApphelpShimCache, &Lookup);
546 if (Entry == NULL)
547 {
548 DPRINT("SHIMS: ApphelpCacheLookupEntry: could not find %wZ\n", ImageName);
549 goto Cleanup;
550 }
551
552 DPRINT("SHIMS: ApphelpCacheLookupEntry: found %wZ\n", ImageName);
553 if (ImageHandle == INVALID_HANDLE_VALUE)
554 {
555 DPRINT("SHIMS: ApphelpCacheLookupEntry: ok\n");
556 /* just return if we know it, do not query file info */
557 Status = STATUS_SUCCESS;
558 }
559 else
560 {
561 Status = ApphelpCacheQueryInfo(ImageHandle, &Lookup);
562 if (NT_SUCCESS(Status) &&
563 Lookup.Persistent.DateTime.QuadPart == Entry->Persistent.DateTime.QuadPart &&
564 Lookup.Persistent.FileSize.QuadPart == Entry->Persistent.FileSize.QuadPart)
565 {
566 DPRINT("SHIMS: ApphelpCacheLookupEntry: found & validated\n");
567 Status = STATUS_SUCCESS;
568 /* move it to the front to keep it alive */
569 RemoveEntryList(&Entry->List);
570 InsertHeadList(&ApphelpShimCacheAge, &Entry->List);
571 }
572 else
573 {
574 DPRINT1("SHIMS: ApphelpCacheLookupEntry: file info mismatch (%lx)\n", Status);
575 Status = STATUS_NOT_FOUND;
576 /* Could not read file info, or it did not match, drop it from the cache */
577 ApphelpCacheRemoveEntryNolock(Entry);
578 }
579 }
580
581Cleanup:
582 ApphelpCacheReleaseLock();
583 return Status;
584}
585
586NTSTATUS
587ApphelpCacheRemoveEntry(
588 _In_ PUNICODE_STRING ImageName)
589{
590 PSHIM_CACHE_ENTRY Entry;
591 NTSTATUS Status;
592
593 ApphelpCacheAcquireLock();
594 Entry = RtlLookupElementGenericTableAvl(&ApphelpShimCache, ImageName);
595 Status = ApphelpCacheRemoveEntryNolock(Entry);
596 ApphelpCacheReleaseLock();
597 return Status;
598}
599
600/* Validate that we are either called from r0, or from a service-like context */
601NTSTATUS
602ApphelpCacheAccessCheck(VOID)
603{
604 if (ExGetPreviousMode() != KernelMode)
605 {
606 if (!SeSinglePrivilegeCheck(SeTcbPrivilege, UserMode))
607 {
608 DPRINT1("SHIMS: ApphelpCacheAccessCheck failed\n");
609 return STATUS_ACCESS_DENIED;
610 }
611 }
612 return STATUS_SUCCESS;
613}
614
615NTSTATUS
616ApphelpCacheUpdateEntry(
617 _In_ PUNICODE_STRING ImageName,
618 _In_ HANDLE ImageHandle)
619{
620 NTSTATUS Status = STATUS_SUCCESS;
621 SHIM_CACHE_ENTRY Entry = EMPTY_SHIM_ENTRY;
622 PSHIM_CACHE_ENTRY Lookup;
623 PVOID NodeOrParent;
624 TABLE_SEARCH_RESULT SearchResult;
625
626 ApphelpCacheAcquireLock();
627
628 /* If we got a file handle, query it for info */
629 if (ImageHandle != INVALID_HANDLE_VALUE)
630 {
631 Status = ApphelpCacheQueryInfo(ImageHandle, &Entry);
632 if (!NT_SUCCESS(Status))
633 {
634 goto Cleanup;
635 }
636 }
637
638 /* Use ImageName for the lookup, don't actually duplicate it */
639 Entry.Persistent.ImageName = *ImageName;
640 Lookup = RtlLookupElementGenericTableFullAvl(&ApphelpShimCache,
641 &Entry,
642 &NodeOrParent, &SearchResult);
643 if (Lookup)
644 {
645 DPRINT("SHIMS: ApphelpCacheUpdateEntry: Entry already exists, reusing it\n");
646 /* Unlink the found item, so we can put it back at the front,
647 and copy the earlier obtained file info*/
648 RemoveEntryList(&Lookup->List);
649 Lookup->Persistent.DateTime = Entry.Persistent.DateTime;
650 Lookup->Persistent.FileSize = Entry.Persistent.FileSize;
651 }
652 else
653 {
654 DPRINT("SHIMS: ApphelpCacheUpdateEntry: Inserting new Entry\n");
655 /* Insert a new entry, with its own copy of the ImageName */
656 ApphelpDuplicateUnicodeString(&Entry.Persistent.ImageName, ImageName);
657 Lookup = RtlInsertElementGenericTableFullAvl(&ApphelpShimCache,
658 &Entry,
659 sizeof(Entry),
660 0,
661 NodeOrParent,
662 SearchResult);
663 if (!Lookup)
664 {
665 ApphelpFreeUnicodeString(&Entry.Persistent.ImageName);
666 Status = STATUS_NO_MEMORY;
667 }
668 }
669 if (Lookup)
670 {
671 /* Either we re-used an existing item, or we inserted a new one, keep it alive */
672 InsertHeadList(&ApphelpShimCacheAge, &Lookup->List);
673 if (RtlNumberGenericTableElementsAvl(&ApphelpShimCache) > MAX_SHIM_ENTRIES)
674 {
675 PSHIM_CACHE_ENTRY Remove;
676 DPRINT1("SHIMS: ApphelpCacheUpdateEntry: Cache growing too big, dropping oldest item\n");
677 Remove = CONTAINING_RECORD(ApphelpShimCacheAge.Blink, SHIM_CACHE_ENTRY, List);
678 Status = ApphelpCacheRemoveEntryNolock(Remove);
679 }
680 }
681
682Cleanup:
683 ApphelpCacheReleaseLock();
684 return Status;
685}
686
687NTSTATUS
688ApphelpCacheFlush(VOID)
689{
690 PVOID p;
691
692 DPRINT1("SHIMS: ApphelpCacheFlush\n");
693 ApphelpCacheAcquireLock();
694 while ((p = RtlEnumerateGenericTableAvl(&ApphelpShimCache, TRUE)))
695 {
696 ApphelpCacheRemoveEntryNolock((PSHIM_CACHE_ENTRY)p);
697 }
698 ApphelpCacheReleaseLock();
699 return STATUS_SUCCESS;
700}
701
702NTSTATUS
703ApphelpCacheDump(VOID)
704{
705 PLIST_ENTRY ListEntry;
706 PSHIM_CACHE_ENTRY Entry;
707
708 DPRINT1("SHIMS: NtApphelpCacheControl( Dumping entries, newest to oldest )\n");
709 ApphelpCacheAcquireLock();
710 ListEntry = ApphelpShimCacheAge.Flink;
711 while (ListEntry != &ApphelpShimCacheAge)
712 {
713 Entry = CONTAINING_RECORD(ListEntry, SHIM_CACHE_ENTRY, List);
714 DPRINT1("Entry: %wZ\n", &Entry->Persistent.ImageName);
715 DPRINT1("DateTime: 0x%I64x\n", Entry->Persistent.DateTime.QuadPart);
716 DPRINT1("FileSize: 0x%I64x\n", Entry->Persistent.FileSize.QuadPart);
717 DPRINT1("Flags: 0x%x\n", Entry->CompatFlags);
718 ListEntry = ListEntry->Flink;
719 }
720 ApphelpCacheReleaseLock();
721 return STATUS_SUCCESS;
722}
723
724/* PUBLIC FUNCTIONS **********************************************************/
725
726NTSTATUS
727NTAPI
728NtApphelpCacheControl(
729 _In_ APPHELPCACHESERVICECLASS Service,
730 _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData)
731{
732 NTSTATUS Status = STATUS_INVALID_PARAMETER;
733 UNICODE_STRING ImageName = { 0 };
734 HANDLE Handle = INVALID_HANDLE_VALUE;
735
736 if (!ApphelpCacheEnabled)
737 {
738 DPRINT1("NtApphelpCacheControl: ApphelpCacheEnabled == 0\n");
739 return Status;
740 }
741 switch (Service)
742 {
743 case ApphelpCacheServiceLookup:
744 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceLookup )\n");
745 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
746 if (NT_SUCCESS(Status))
747 Status = ApphelpCacheLookupEntry(&ImageName, Handle);
748 break;
749 case ApphelpCacheServiceRemove:
750 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceRemove )\n");
751 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
752 if (NT_SUCCESS(Status))
753 Status = ApphelpCacheRemoveEntry(&ImageName);
754 break;
755 case ApphelpCacheServiceUpdate:
756 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceUpdate )\n");
757 Status = ApphelpCacheAccessCheck();
758 if (NT_SUCCESS(Status))
759 {
760 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
761 if (NT_SUCCESS(Status))
762 Status = ApphelpCacheUpdateEntry(&ImageName, Handle);
763 }
764 break;
765 case ApphelpCacheServiceFlush:
766 /* FIXME: Check for admin or system here. */
767 Status = ApphelpCacheFlush();
768 break;
769 case ApphelpCacheServiceDump:
770 Status = ApphelpCacheDump();
771 break;
772 case ApphelpDBGReadRegistry:
773 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): flushing cache.\n");
774 ApphelpCacheFlush();
775 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): reading cache.\n");
776 Status = ApphelpCacheRead() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
777 break;
778 case ApphelpDBGWriteRegistry:
779 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGWriteRegistry ): writing cache.\n");
780 Status = ApphelpCacheWrite() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
781 break;
782 default:
783 DPRINT1("SHIMS: NtApphelpCacheControl( Invalid service requested )\n");
784 break;
785 }
786 if (ImageName.Buffer)
787 {
788 ApphelpFreeUnicodeString(&ImageName);
789 }
790 return Status;
791}
792
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
RtlInitializeGenericTableAvl
VOID NTAPI RtlInitializeGenericTableAvl(IN OUT PRTL_AVL_TABLE Table, IN PRTL_AVL_COMPARE_ROUTINE CompareRoutine, IN PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine, IN PRTL_AVL_FREE_ROUTINE FreeRoutine, IN PVOID TableContext)
Definition: avltable.c:26
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
DPRINT1
#define DPRINT1
Definition: precomp.h:8
DataLength
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1444
Buffer
Definition: bufpool.h:45
Header
Definition: Header.h:9
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
Lookup
static void Lookup(RTF_Info *, char *)
Definition: reader.c:2228
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
RemoveEntryList
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
InsertHeadList
#define InsertHeadList(ListHead, Entry)
Definition: env_spec_w32.h:1022
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
RtlCompareUnicodeString
ULONG RtlCompareUnicodeString(PUNICODE_STRING s1, PUNICODE_STRING s2, BOOLEAN UpCase)
Definition: string_lib.cpp:31
ExInitializeResourceLite
NTSTATUS ExInitializeResourceLite(PULONG res)
Definition: env_spec_w32.h:641
ExAcquireResourceExclusiveLite
#define ExAcquireResourceExclusiveLite(res, wait)
Definition: env_spec_w32.h:615
ERESOURCE
ULONG ERESOURCE
Definition: env_spec_w32.h:594
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
PagedPool
#define PagedPool
Definition: env_spec_w32.h:308
ROUND_UP
#define ROUND_UP(n, align)
Definition: eventvwr.h:34
ExGetPreviousMode
#define ExGetPreviousMode
Definition: ex.h:140
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
#define _SEH2_END
Definition: filesup.c:22
_SEH2_TRY
#define _SEH2_TRY
Definition: filesup.c:19
FileBasicInformation
@ FileBasicInformation
Definition: from_kernel.h:65
Handle
ULONG Handle
Definition: gdb_input.c:15
Status
Status
Definition: gdiplustypes.h:25
Table
ASMGENDATA Table[]
Definition: genincdata.c:61
p
GLfloat GLfloat p
Definition: glext.h:8902
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
APPHELPCACHESERVICECLASS
enum _APPHELPCACHESERVICECLASS APPHELPCACHESERVICECLASS
ApphelpDBGReadRegistry
@ ApphelpDBGReadRegistry
Definition: pstypes.h:979
ApphelpCacheServiceLookup
@ ApphelpCacheServiceLookup
Definition: pstypes.h:973
ApphelpCacheServiceRemove
@ ApphelpCacheServiceRemove
Definition: pstypes.h:974
ApphelpCacheServiceUpdate
@ ApphelpCacheServiceUpdate
Definition: pstypes.h:975
ApphelpCacheServiceDump
@ ApphelpCacheServiceDump
Definition: pstypes.h:977
ApphelpDBGWriteRegistry
@ ApphelpDBGWriteRegistry
Definition: pstypes.h:980
ApphelpCacheServiceFlush
@ ApphelpCacheServiceFlush
Definition: pstypes.h:976
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
C_ASSERT
#define C_ASSERT(e)
Definition: intsafe.h:73
CODE_SEG
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
KeLeaveCriticalRegion
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
KeEnterCriticalRegion
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
Length
static PWSTR SIZE_T Length
Definition: apphelp.c:93
ImageName
static const char * ImageName
Definition: image.c:34
IoStatusBlock
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
_Inout_
#define _Inout_
Definition: ms_sal.h:378
_Out_
#define _Out_
Definition: ms_sal.h:345
_In_
#define _In_
Definition: ms_sal.h:308
_In_opt_
#define _In_opt_
Definition: ms_sal.h:309
_In_reads_
#define _In_reads_(size)
Definition: ms_sal.h:319
Source
_In_ UINT _In_ UINT _In_ PNDIS_PACKET Source
Definition: ndis.h:3169
KeyHandle
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4715
KernelMode
#define KernelMode
Definition: asm.h:34
UserMode
#define UserMode
Definition: asm.h:35
ZwClose
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
Destination
_In_ PUNICODE_STRING _Inout_ PUNICODE_STRING Destination
Definition: rtlfuncs.h:3004
REG_BINARY
#define REG_BINARY
Definition: nt_native.h:1496
KeyValuePartialInformation
@ KeyValuePartialInformation
Definition: nt_native.h:1182
KEY_QUERY_VALUE
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
KEY_VALUE_PARTIAL_INFORMATION
struct _KEY_VALUE_PARTIAL_INFORMATION KEY_VALUE_PARTIAL_INFORMATION
KEY_SET_VALUE
#define KEY_SET_VALUE
Definition: nt_native.h:1017
PWCH
WCHAR * PWCH
Definition: ntbasedef.h:410
UNICODE_NULL
#define UNICODE_NULL
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
RTL_CONSTANT_OBJECT_ATTRIBUTES
#define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a)
Definition: ntdef.template.h:305
ExTryToAcquireResourceExclusiveLite
BOOLEAN NTAPI ExTryToAcquireResourceExclusiveLite(IN PERESOURCE Resource)
Definition: resource.c:2134
ExReleaseResourceLite
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1822
SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:26
ApphelpCacheDump
NTSTATUS ApphelpCacheDump(VOID)
Definition: apphelp.c:703
AppCompatCacheValue
static UNICODE_STRING AppCompatCacheValue
Definition: apphelp.c:38
ApphelpShimCacheCompareRoutine
RTL_GENERIC_COMPARE_RESULTS NTAPI ApphelpShimCacheCompareRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID FirstStruct, _In_ PVOID SecondStruct)
Definition: apphelp.c:209
ApphelpAlloc
PVOID ApphelpAlloc(_In_ ULONG ByteSize)
Definition: apphelp.c:101
ApphelpCacheQueryInfo
NTSTATUS ApphelpCacheQueryInfo(_In_ HANDLE ImageHandle, _Out_ PSHIM_CACHE_ENTRY Entry)
Definition: apphelp.c:175
PSHIM_PERSISTENT_CACHE_HEADER_52
struct SHIM_PERSISTENT_CACHE_HEADER_52 * PSHIM_PERSISTENT_CACHE_HEADER_52
ApphelpCacheWrite
BOOLEAN ApphelpCacheWrite(VOID)
Definition: apphelp.c:362
ApphelpCacheEnabled
static BOOLEAN ApphelpCacheEnabled
Definition: apphelp.c:29
ApphelpShimCacheAllocateRoutine
PVOID NTAPI ApphelpShimCacheAllocateRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ CLONG ByteSize)
Definition: apphelp.c:234
AppCompatKeyAttributes
static OBJECT_ATTRIBUTES AppCompatKeyAttributes
Definition: apphelp.c:37
AppCompatCacheKey
static UNICODE_STRING AppCompatCacheKey
Definition: apphelp.c:36
ApphelpCacheShutdown
VOID NTAPI ApphelpCacheShutdown(VOID)
Definition: apphelp.c:465
SHIM_CACHE_HEADER_SIZE
#define SHIM_CACHE_HEADER_SIZE
Definition: apphelp.c:76
ApphelpCacheFlush
NTSTATUS ApphelpCacheFlush(VOID)
Definition: apphelp.c:688
ApphelpDuplicateUnicodeString
VOID ApphelpDuplicateUnicodeString(_Out_ PUNICODE_STRING Destination, _In_ PCUNICODE_STRING Source)
Definition: apphelp.c:141
PSHIM_CACHE_ENTRY
struct SHIM_CACHE_ENTRY * PSHIM_CACHE_ENTRY
SHIM_PERSISTENT_CACHE_HEADER
#define SHIM_PERSISTENT_CACHE_HEADER
Definition: apphelp.c:82
SHIM_PERSISTENT_CACHE_ENTRY
#define SHIM_PERSISTENT_CACHE_ENTRY
Definition: apphelp.c:84
SHIM_CACHE_MAGIC
#define SHIM_CACHE_MAGIC
Definition: apphelp.c:75
ApphelpCacheRead
BOOLEAN ApphelpCacheRead(VOID)
Definition: apphelp.c:306
ApphelpShimCacheAge
static LIST_ENTRY ApphelpShimCacheAge
Definition: apphelp.c:32
ApphelpCacheAcquireLock
VOID ApphelpCacheAcquireLock(VOID)
Definition: apphelp.c:115
ApphelpCacheRemoveEntry
NTSTATUS ApphelpCacheRemoveEntry(_In_ PUNICODE_STRING ImageName)
Definition: apphelp.c:587
ApphelpFree
VOID ApphelpFree(_In_ PVOID Data)
Definition: apphelp.c:108
ApphelpFreeUnicodeString
VOID ApphelpFreeUnicodeString(_Inout_ PUNICODE_STRING String)
Definition: apphelp.c:161
PSHIM_PERSISTENT_CACHE_HEADER
#define PSHIM_PERSISTENT_CACHE_HEADER
Definition: apphelp.c:83
CACHE_HEADER_SIZE_NT_52
#define CACHE_HEADER_SIZE_NT_52
Definition: apphelp.c:66
ApphelpCacheUpdateEntry
NTSTATUS ApphelpCacheUpdateEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:616
PSHIM_PERSISTENT_CACHE_ENTRY_52
struct SHIM_PERSISTENT_CACHE_ENTRY_52 * PSHIM_PERSISTENT_CACHE_ENTRY_52
ApphelpCacheInitialize
NTSTATUS NTAPI ApphelpCacheInitialize(VOID)
Definition: apphelp.c:439
ApphelpValidateData
NTSTATUS ApphelpValidateData(_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData, _Out_ PUNICODE_STRING ImageName, _Out_ PHANDLE ImageHandle)
Definition: apphelp.c:474
ApphelpCacheRemoveEntryNolock
NTSTATUS ApphelpCacheRemoveEntryNolock(_In_ PSHIM_CACHE_ENTRY Entry)
Definition: apphelp.c:514
ApphelpCacheReleaseLock
VOID ApphelpCacheReleaseLock(VOID)
Definition: apphelp.c:134
ApphelpCacheAccessCheck
NTSTATUS ApphelpCacheAccessCheck(VOID)
Definition: apphelp.c:602
ApphelpCacheLookupEntry
NTSTATUS ApphelpCacheLookupEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:531
EMPTY_SHIM_ENTRY
#define EMPTY_SHIM_ENTRY
Definition: apphelp.c:40
ApphelpCacheParse
NTSTATUS ApphelpCacheParse(_In_reads_(DataLength) PUCHAR Data, _In_ ULONG DataLength)
Definition: apphelp.c:251
ApphelpShimCache
static RTL_AVL_TABLE ApphelpShimCache
Definition: apphelp.c:31
InitSafeBootMode
ULONG InitSafeBootMode
Definition: init.c:71
SHIM_PERSISTENT_CACHE_ENTRY_SIZE
#define SHIM_PERSISTENT_CACHE_ENTRY_SIZE
Definition: apphelp.c:80
MAX_SHIM_ENTRIES
#define MAX_SHIM_ENTRIES
Definition: apphelp.c:41
NtApphelpCacheControl
NTSTATUS NTAPI NtApphelpCacheControl(_In_ APPHELPCACHESERVICECLASS Service, _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData)
Definition: apphelp.c:728
ApphelpCacheTryAcquireLock
BOOLEAN ApphelpCacheTryAcquireLock(VOID)
Definition: apphelp.c:122
ApphelpCacheLock
static ERESOURCE ApphelpCacheLock
Definition: apphelp.c:30
ApphelpShimCacheFreeRoutine
VOID NTAPI ApphelpShimCacheFreeRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID Buffer)
Definition: apphelp.c:243
PSHIM_PERSISTENT_CACHE_ENTRY
#define PSHIM_PERSISTENT_CACHE_ENTRY
Definition: apphelp.c:85
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
Service
@ Service
Definition: ntsecapi.h:292
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
L
#define L(x)
Definition: ntvdm.h:50
LONG
long LONG
Definition: pedump.c:60
USHORT
unsigned short USHORT
Definition: pedump.c:61
FileStandardInformation
#define FileStandardInformation
Definition: propsheet.cpp:61
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:162
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
STATUS_BUFFER_OVERFLOW
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
DPRINT
#define DPRINT
Definition: sndvol32.h:71
Entry
base of all file and directory entries
Definition: entries.h:83
SHIM_CACHE_ENTRY
Definition: apphelp.c:92
SHIM_CACHE_ENTRY::CompatFlags
ULONG CompatFlags
Definition: apphelp.c:95
SHIM_CACHE_ENTRY::List
LIST_ENTRY List
Definition: apphelp.c:93
SHIM_CACHE_ENTRY::Persistent
SHIM_PERSISTENT_CACHE_ENTRY Persistent
Definition: apphelp.c:94
SHIM_PERSISTENT_CACHE_ENTRY_52
Definition: apphelp.c:57
SHIM_PERSISTENT_CACHE_ENTRY_52::ImageName
UNICODE_STRING ImageName
Definition: apphelp.c:58
SHIM_PERSISTENT_CACHE_ENTRY_52::DateTime
LARGE_INTEGER DateTime
Definition: apphelp.c:59
SHIM_PERSISTENT_CACHE_ENTRY_52::FileSize
LARGE_INTEGER FileSize
Definition: apphelp.c:60
SHIM_PERSISTENT_CACHE_HEADER_52
Definition: apphelp.c:50
SHIM_PERSISTENT_CACHE_HEADER_52::NumEntries
ULONG NumEntries
Definition: apphelp.c:52
SHIM_PERSISTENT_CACHE_HEADER_52::Magic
ULONG Magic
Definition: apphelp.c:51
_APPHELP_CACHE_SERVICE_LOOKUP
Definition: pstypes.h:985
_FILE_BASIC_INFORMATION
Definition: nt_native.h:938
_FILE_BASIC_INFORMATION::LastWriteTime
LARGE_INTEGER LastWriteTime
Definition: nt_native.h:941
_FILE_STANDARD_INFORMATION
Definition: propsheet.cpp:53
_FILE_STANDARD_INFORMATION::EndOfFile
LARGE_INTEGER EndOfFile
Definition: propsheet.cpp:55
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870
_KEY_VALUE_PARTIAL_INFORMATION
Definition: nt_native.h:1165
_KEY_VALUE_PARTIAL_INFORMATION::Data
UCHAR Data[1]
Definition: nt_native.h:1169
_KEY_VALUE_PARTIAL_INFORMATION::DataLength
ULONG DataLength
Definition: nt_native.h:1168
_KEY_VALUE_PARTIAL_INFORMATION::Type
ULONG Type
Definition: nt_native.h:1167
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Blink
struct _LIST_ENTRY * Blink
Definition: typedefs.h:122
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_RTL_AVL_TABLE
Definition: rtltypes.h:421
_UNICODE_STRING
Definition: env_spec_w32.h:368
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
TAG_SHIM
#define TAG_SHIM
Definition: tag.h:138
RTL_CONSTANT_STRING
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
NTAPI
#define NTAPI
Definition: typedefs.h:36
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260
PUCHAR
unsigned char * PUCHAR
Definition: typedefs.h:53
ULONG
uint32_t ULONG
Definition: typedefs.h:59
ULONGLONG
uint64_t ULONGLONG
Definition: typedefs.h:67
STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
CLONG
ULONG CLONG
Definition: umtypes.h:126
_LARGE_INTEGER
Definition: typedefs.h:103
String
_Must_inspect_result_ _In_ WDFDEVICE _In_ WDFSTRING String
Definition: wdfdevice.h:2433
List
_Must_inspect_result_ _In_ WDFCMRESLIST List
Definition: wdfresource.h:550
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
Remove
_In_ BOOLEAN Remove
Definition: psfuncs.h:110
RtlLookupElementGenericTableFullAvl
NTSYSAPI PVOID NTAPI RtlLookupElementGenericTableFullAvl(_In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer, _Out_ PVOID *NodeOrParent, _Out_ TABLE_SEARCH_RESULT *SearchResult)
RtlInsertElementGenericTableFullAvl
NTSYSAPI PVOID NTAPI RtlInsertElementGenericTableFullAvl(_In_ PRTL_AVL_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement, _In_ PVOID NodeOrParent, _In_ TABLE_SEARCH_RESULT SearchResult)
RtlLookupElementGenericTableAvl
_Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlLookupElementGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer)
RtlDeleteElementGenericTableAvl
NTSYSAPI BOOLEAN NTAPI RtlDeleteElementGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_ PVOID Buffer)
RtlInsertElementGenericTableAvl
NTSYSAPI PVOID NTAPI RtlInsertElementGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_reads_bytes_(BufferSize) PVOID Buffer, _In_ CLONG BufferSize, _Out_opt_ PBOOLEAN NewElement)
RtlEnumerateGenericTableAvl
_Must_inspect_result_ NTSYSAPI PVOID NTAPI RtlEnumerateGenericTableAvl(_In_ PRTL_AVL_TABLE Table, _In_ BOOLEAN Restart)
RtlNumberGenericTableElementsAvl
NTSYSAPI ULONG NTAPI RtlNumberGenericTableElementsAvl(_In_ PRTL_AVL_TABLE Table)
TABLE_SEARCH_RESULT
enum _TABLE_SEARCH_RESULT TABLE_SEARCH_RESULT
SecondStruct
_IRQL_requires_same_ _In_ PVOID _In_ PVOID SecondStruct
Definition: rtltypes.h:384
ByteSize
_IRQL_requires_same_ _In_ CLONG ByteSize
Definition: rtltypes.h:393
FirstStruct
_IRQL_requires_same_ _In_ PVOID FirstStruct
Definition: rtltypes.h:383
GenericLessThan
@ GenericLessThan
Definition: rtltypes.h:370
GenericEqual
@ GenericEqual
Definition: rtltypes.h:372
GenericGreaterThan
@ GenericGreaterThan
Definition: rtltypes.h:371
RTL_GENERIC_COMPARE_RESULTS
enum _RTL_GENERIC_COMPARE_RESULTS RTL_GENERIC_COMPARE_RESULTS
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180