ReactOS 0.4.15-dev-6056-gb29b268
verifier.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS NT User Mode Library
3 * LICENSE: GPL-2.0+ (https://spdx.org/licenses/GPL-2.0+)
4 * PURPOSE: Verifier support routines
5 * COPYRIGHT: Copyright 2011 Aleksey Bragin (aleksey@reactos.org)
6 * Copyright 2018 Mark Jansen (mark.jansen@reactos.org)
7 */
8
9
10#include <ntdll.h>
11#include <reactos/verifier.h>
12
13#define NDEBUG
14#include <debug.h>
15
16extern PLDR_DATA_TABLE_ENTRY LdrpImageEntry;
17ULONG AVrfpVerifierFlags = 0;
18WCHAR AVrfpVerifierDllsString[256] = { 0 };
19ULONG AVrfpDebug = 0;
20BOOL AVrfpInitialized = FALSE;
21RTL_CRITICAL_SECTION AVrfpVerifierLock;
22LIST_ENTRY AVrfpVerifierProvidersList;
23
24#define VERIFIER_DLL_FLAGS_RESOLVED 1
25
26
27typedef struct _VERIFIER_PROVIDER
28{
29 LIST_ENTRY ListEntry;
30 UNICODE_STRING DllName;
31 PVOID BaseAddress;
32 PVOID EntryPoint;
33
34 // Provider data
35 PRTL_VERIFIER_DLL_DESCRIPTOR ProviderDlls;
36 RTL_VERIFIER_DLL_LOAD_CALLBACK ProviderDllLoadCallback;
37 RTL_VERIFIER_DLL_UNLOAD_CALLBACK ProviderDllUnloadCallback;
38 RTL_VERIFIER_NTDLLHEAPFREE_CALLBACK ProviderNtdllHeapFreeCallback;
39} VERIFIER_PROVIDER, *PVERIFIER_PROVIDER;
40
41
42
43
44VOID
45NTAPI
46AVrfReadIFEO(HANDLE KeyHandle)
47{
48 NTSTATUS Status;
49
50 Status = LdrQueryImageFileKeyOption(KeyHandle,
51 L"VerifierDlls",
52 REG_SZ,
53 AVrfpVerifierDllsString,
54 sizeof(AVrfpVerifierDllsString) - sizeof(WCHAR),
55 NULL);
56
57 if (!NT_SUCCESS(Status))
58 AVrfpVerifierDllsString[0] = UNICODE_NULL;
59
60 Status = LdrQueryImageFileKeyOption(KeyHandle,
61 L"VerifierFlags",
62 REG_DWORD,
63 &AVrfpVerifierFlags,
64 sizeof(AVrfpVerifierFlags),
65 NULL);
66 if (!NT_SUCCESS(Status))
67 AVrfpVerifierFlags = RTL_VRF_FLG_HANDLE_CHECKS | RTL_VRF_FLG_FAST_FILL_HEAP | RTL_VRF_FLG_LOCK_CHECKS;
68
69 Status = LdrQueryImageFileKeyOption(KeyHandle,
70 L"VerifierDebug",
71 REG_DWORD,
72 &AVrfpDebug,
73 sizeof(AVrfpDebug),
74 NULL);
75 if (!NT_SUCCESS(Status))
76 AVrfpDebug = 0;
77}
78
79
80NTSTATUS
81NTAPI
82LdrpInitializeApplicationVerifierPackage(HANDLE KeyHandle, PPEB Peb, BOOLEAN SystemWide, BOOLEAN ReadAdvancedOptions)
83{
84 /* If global flags request DPH, perform some additional actions */
85 if (Peb->NtGlobalFlag & FLG_HEAP_PAGE_ALLOCS)
86 {
87 // TODO: Read advanced DPH flags from the registry if requested
88 if (ReadAdvancedOptions)
89 {
90 UNIMPLEMENTED;
91 }
92
93 /* Enable page heap */
94 RtlpPageHeapEnabled = TRUE;
95 }
96
97 AVrfReadIFEO(KeyHandle);
98
99 return STATUS_SUCCESS;
100}
101
102BOOLEAN
103AVrfpIsVerifierProviderDll(PVOID BaseAddress)
104{
105 PLIST_ENTRY Entry;
106 PVERIFIER_PROVIDER Provider;
107
108 for (Entry = AVrfpVerifierProvidersList.Flink; Entry != &AVrfpVerifierProvidersList; Entry = Entry->Flink)
109 {
110 Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
111
112 if (BaseAddress == Provider->BaseAddress)
113 return TRUE;
114 }
115
116 return FALSE;
117}
118
119SIZE_T
120AVrfpCountThunks(PIMAGE_THUNK_DATA Thunk)
121{
122 SIZE_T Count = 0;
123 while (Thunk[Count].u1.Function)
124 Count++;
125 return Count;
126}
127
128VOID
129AVrfpSnapDllImports(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
130{
131 ULONG Size;
132 PIMAGE_IMPORT_DESCRIPTOR ImportDescriptor;
133 PBYTE DllBase = LdrEntry->DllBase;
134
135 ImportDescriptor = RtlImageDirectoryEntryToData(DllBase, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &Size);
136 if (!ImportDescriptor)
137 {
138 //SHIMENG_INFO("Skipping module 0x%p \"%wZ\" due to no iat found\n", LdrEntry->DllBase, &LdrEntry->BaseDllName);
139 return;
140 }
141
142 for (; ImportDescriptor->Name && ImportDescriptor->OriginalFirstThunk; ImportDescriptor++)
143 {
144 PIMAGE_THUNK_DATA FirstThunk;
145 PVOID UnprotectedPtr = NULL;
146 SIZE_T UnprotectedSize = 0;
147 ULONG OldProtection = 0;
148 FirstThunk = (PIMAGE_THUNK_DATA)(DllBase + ImportDescriptor->FirstThunk);
149
150 /* Walk all imports */
151 for (;FirstThunk->u1.Function; FirstThunk++)
152 {
153 PLIST_ENTRY Entry;
154 PVERIFIER_PROVIDER Provider;
155
156 for (Entry = AVrfpVerifierProvidersList.Flink; Entry != &AVrfpVerifierProvidersList; Entry = Entry->Flink)
157 {
158 PRTL_VERIFIER_DLL_DESCRIPTOR DllDescriptor;
159
160 Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
161 for (DllDescriptor = Provider->ProviderDlls; DllDescriptor && DllDescriptor->DllName; ++DllDescriptor)
162 {
163 PRTL_VERIFIER_THUNK_DESCRIPTOR ThunkDescriptor;
164
165 for (ThunkDescriptor = DllDescriptor->DllThunks; ThunkDescriptor && ThunkDescriptor->ThunkName; ++ThunkDescriptor)
166 {
167 /* Just compare function addresses, the loader will have handled forwarders and ordinals for us */
168 if ((PVOID)FirstThunk->u1.Function != ThunkDescriptor->ThunkOldAddress)
169 continue;
170
171 if (!UnprotectedPtr)
172 {
173 PVOID Ptr = &FirstThunk->u1.Function;
174 SIZE_T Size = sizeof(FirstThunk->u1.Function) * AVrfpCountThunks(FirstThunk);
175 NTSTATUS Status;
176
177 UnprotectedPtr = Ptr;
178 UnprotectedSize = Size;
179
180 Status = NtProtectVirtualMemory(NtCurrentProcess(),
181 &Ptr,
182 &Size,
183 PAGE_EXECUTE_READWRITE,
184 &OldProtection);
185
186 if (!NT_SUCCESS(Status))
187 {
188 DbgPrint("AVRF: Unable to unprotect IAT to modify thunks (status %08X).\n", Status);
189 UnprotectedPtr = NULL;
190 continue;
191 }
192 }
193
194 if (ThunkDescriptor->ThunkNewAddress == NULL)
195 {
196 DbgPrint("AVRF: internal error: New thunk for %s is null.\n", ThunkDescriptor->ThunkName);
197 continue;
198 }
199 FirstThunk->u1.Function = (SIZE_T)ThunkDescriptor->ThunkNewAddress;
200 if (AVrfpDebug & RTL_VRF_DBG_SHOWSNAPS)
201 DbgPrint("AVRF: Snapped (%wZ: %s) with (%wZ: %p).\n",
202 &LdrEntry->BaseDllName,
203 ThunkDescriptor->ThunkName,
204 &Provider->DllName,
205 ThunkDescriptor->ThunkNewAddress);
206 }
207 }
208 }
209 }
210
211 if (UnprotectedPtr)
212 {
213 PVOID Ptr = UnprotectedPtr;
214 SIZE_T Size = UnprotectedSize;
215 NTSTATUS Status;
216
217 UnprotectedPtr = Ptr;
218 UnprotectedSize = Size;
219
220 Status = NtProtectVirtualMemory(NtCurrentProcess(),
221 &Ptr,
222 &Size,
223 OldProtection,
224 &OldProtection);
225 if (!NT_SUCCESS(Status))
226 {
227 DbgPrint("AVRF: Unable to reprotect IAT to modify thunks (status %08X).\n", Status);
228 }
229 }
230 }
231}
232
233
234VOID
235AvrfpResolveThunks(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
236{
237 PLIST_ENTRY Entry;
238 PVERIFIER_PROVIDER Provider;
239
240 if (!AVrfpInitialized)
241 return;
242
243 for (Entry = AVrfpVerifierProvidersList.Flink; Entry != &AVrfpVerifierProvidersList; Entry = Entry->Flink)
244 {
245 PRTL_VERIFIER_DLL_DESCRIPTOR DllDescriptor;
246
247 Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
248
249 for (DllDescriptor = Provider->ProviderDlls; DllDescriptor && DllDescriptor->DllName; ++DllDescriptor)
250 {
251 PRTL_VERIFIER_THUNK_DESCRIPTOR ThunkDescriptor;
252
253 if ((DllDescriptor->DllFlags & VERIFIER_DLL_FLAGS_RESOLVED) ||
254 _wcsicmp(DllDescriptor->DllName, LdrEntry->BaseDllName.Buffer))
255 continue;
256
257 if (AVrfpDebug & RTL_VRF_DBG_SHOWVERIFIEDEXPORTS)
258 DbgPrint("AVRF: pid 0x%X: found dll descriptor for `%wZ' with verified exports\n",
259 NtCurrentTeb()->ClientId.UniqueProcess,
260 &LdrEntry->BaseDllName);
261
262 for (ThunkDescriptor = DllDescriptor->DllThunks; ThunkDescriptor && ThunkDescriptor->ThunkName; ++ThunkDescriptor)
263 {
264 if (!ThunkDescriptor->ThunkOldAddress)
265 {
266 ANSI_STRING ThunkName;
267
268 RtlInitAnsiString(&ThunkName, ThunkDescriptor->ThunkName);
269 /* We cannot call the public api, because that would run init routines! */
270 if (NT_SUCCESS(LdrpGetProcedureAddress(LdrEntry->DllBase, &ThunkName, 0, &ThunkDescriptor->ThunkOldAddress, FALSE)))
271 {
272 if (AVrfpDebug & RTL_VRF_DBG_SHOWFOUNDEXPORTS)
273 DbgPrint("AVRF: (%wZ) %Z export found.\n", &LdrEntry->BaseDllName, &ThunkName);
274 }
275 else
276 {
277 if (AVrfpDebug & RTL_VRF_DBG_SHOWFOUNDEXPORTS)
278 DbgPrint("AVRF: warning: did not find `%Z' export in %wZ.\n", &ThunkName, &LdrEntry->BaseDllName);
279 }
280 }
281 }
282
283 DllDescriptor->DllFlags |= VERIFIER_DLL_FLAGS_RESOLVED;
284 }
285 }
286
287 AVrfpSnapDllImports(LdrEntry);
288}
289
290
291
292VOID
293NTAPI
294AVrfDllLoadNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
295{
296 PLIST_ENTRY Entry;
297
298 if (!(NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER))
299 return;
300
301 RtlEnterCriticalSection(&AVrfpVerifierLock);
302 if (!AVrfpIsVerifierProviderDll(LdrEntry->DllBase))
303 {
304 AvrfpResolveThunks(LdrEntry);
305
306 for (Entry = AVrfpVerifierProvidersList.Flink; Entry != &AVrfpVerifierProvidersList; Entry = Entry->Flink)
307 {
308 PVERIFIER_PROVIDER Provider;
309 RTL_VERIFIER_DLL_LOAD_CALLBACK ProviderDllLoadCallback;
310
311 Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
312
313 ProviderDllLoadCallback = Provider->ProviderDllLoadCallback;
314 if (ProviderDllLoadCallback)
315 {
316 ProviderDllLoadCallback(LdrEntry->BaseDllName.Buffer,
317 LdrEntry->DllBase,
318 LdrEntry->SizeOfImage,
319 LdrEntry);
320 }
321 }
322 }
323 RtlLeaveCriticalSection(&AVrfpVerifierLock);
324}
325
326VOID
327NTAPI
328AVrfDllUnloadNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
329{
330 PLIST_ENTRY Entry;
331
332 if (!(NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER))
333 return;
334
335 RtlEnterCriticalSection(&AVrfpVerifierLock);
336 if (!AVrfpIsVerifierProviderDll(LdrEntry->DllBase))
337 {
338 for (Entry = AVrfpVerifierProvidersList.Flink; Entry != &AVrfpVerifierProvidersList; Entry = Entry->Flink)
339 {
340 PVERIFIER_PROVIDER Provider;
341 RTL_VERIFIER_DLL_UNLOAD_CALLBACK ProviderDllUnloadCallback;
342
343 Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
344
345 ProviderDllUnloadCallback = Provider->ProviderDllUnloadCallback;
346 if (ProviderDllUnloadCallback)
347 {
348 ProviderDllUnloadCallback(LdrEntry->BaseDllName.Buffer,
349 LdrEntry->DllBase,
350 LdrEntry->SizeOfImage,
351 LdrEntry);
352 }
353 }
354 }
355 RtlLeaveCriticalSection(&AVrfpVerifierLock);
356}
357
358
359VOID
360NTAPI
361AVrfPageHeapDllNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
362{
363 /* Check if page heap dll notification is turned on */
364 if (!(RtlpDphGlobalFlags & DPH_FLAG_DLL_NOTIFY))
365 return;
366
367 /* We don't support this flag currently */
368 UNIMPLEMENTED;
369}
370
371
372VOID
373NTAPI
374AVrfpResnapInitialModules(VOID)
375{
376 PLIST_ENTRY ListHead, ListEntry;
377
378 ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
379 for (ListEntry = ListHead->Flink; ListHead != ListEntry; ListEntry = ListEntry->Flink)
380 {
381 PLDR_DATA_TABLE_ENTRY LdrEntry;
382
383 LdrEntry = CONTAINING_RECORD(ListEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
384
385 if (AVrfpIsVerifierProviderDll(LdrEntry->DllBase))
386 {
387 if (AVrfpDebug & RTL_VRF_DBG_SHOWSNAPS)
388 DbgPrint("AVRF: skipped resnapping provider %wZ ...\n", &LdrEntry->BaseDllName);
389 }
390 else
391 {
392 if (AVrfpDebug & RTL_VRF_DBG_SHOWSNAPS)
393 DbgPrint("AVRF: resnapping %wZ ...\n", &LdrEntry->BaseDllName);
394
395 AvrfpResolveThunks(LdrEntry);
396 }
397 }
398}
399
400PVOID
401NTAPI
402AvrfpFindDuplicateThunk(PLIST_ENTRY EndEntry, PWCHAR DllName, PCHAR ThunkName)
403{
404 PLIST_ENTRY Entry;
405
406 for (Entry = AVrfpVerifierProvidersList.Flink; Entry != EndEntry; Entry = Entry->Flink)
407 {
408 PVERIFIER_PROVIDER Provider;
409 PRTL_VERIFIER_DLL_DESCRIPTOR DllDescriptor;
410
411 Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
412
413 if (AVrfpDebug & RTL_VRF_DBG_SHOWCHAINING_DEBUG)
414 DbgPrint("AVRF: chain: searching in %wZ\n", &Provider->DllName);
415
416 for (DllDescriptor = Provider->ProviderDlls; DllDescriptor && DllDescriptor->DllName; ++DllDescriptor)
417 {
418 PRTL_VERIFIER_THUNK_DESCRIPTOR ThunkDescriptor;
419
420 if (AVrfpDebug & RTL_VRF_DBG_SHOWCHAINING_DEBUG)
421 DbgPrint("AVRF: chain: dll: %ws\n", DllDescriptor->DllName);
422
423 if (_wcsicmp(DllDescriptor->DllName, DllName))
424 continue;
425
426 for (ThunkDescriptor = DllDescriptor->DllThunks; ThunkDescriptor && ThunkDescriptor->ThunkName; ++ThunkDescriptor)
427 {
428 if (AVrfpDebug & RTL_VRF_DBG_SHOWCHAINING_DEBUG)
429 DbgPrint("AVRF: chain: thunk: %s == %s ?\n", ThunkDescriptor->ThunkName, ThunkName);
430
431 if (!_stricmp(ThunkDescriptor->ThunkName, ThunkName))
432 {
433 if (AVrfpDebug & RTL_VRF_DBG_SHOWCHAINING_DEBUG)
434 DbgPrint("AVRF: Found duplicate for (%ws: %s) in %wZ\n",
435 DllDescriptor->DllName, ThunkDescriptor->ThunkName, &Provider->DllName);
436
437 return ThunkDescriptor->ThunkNewAddress;
438 }
439 }
440 }
441 }
442 return NULL;
443}
444
445
446VOID
447NTAPI
448AVrfpChainDuplicateThunks(VOID)
449{
450 PLIST_ENTRY Entry;
451 PVERIFIER_PROVIDER Provider;
452
453 for (Entry = AVrfpVerifierProvidersList.Flink; Entry != &AVrfpVerifierProvidersList; Entry = Entry->Flink)
454 {
455 PRTL_VERIFIER_DLL_DESCRIPTOR DllDescriptor;
456 PRTL_VERIFIER_THUNK_DESCRIPTOR ThunkDescriptor;
457
458 Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
459
460 for (DllDescriptor = Provider->ProviderDlls; DllDescriptor && DllDescriptor->DllName; ++DllDescriptor)
461 {
462 for (ThunkDescriptor = DllDescriptor->DllThunks; ThunkDescriptor && ThunkDescriptor->ThunkName; ++ThunkDescriptor)
463 {
464 PVOID Ptr;
465
466 if (AVrfpDebug & RTL_VRF_DBG_SHOWCHAINING_DEBUG)
467 DbgPrint("AVRF: Checking %wZ for duplicate (%ws: %s)\n",
468 &Provider->DllName, DllDescriptor->DllName, ThunkDescriptor->ThunkName);
469
470 Ptr = AvrfpFindDuplicateThunk(Entry, DllDescriptor->DllName, ThunkDescriptor->ThunkName);
471 if (Ptr)
472 {
473 if (AVrfpDebug & RTL_VRF_DBG_SHOWCHAINING)
474 DbgPrint("AVRF: Chaining (%ws: %s) to %wZ\n", DllDescriptor->DllName, ThunkDescriptor->ThunkName, &Provider->DllName);
475
476 ThunkDescriptor->ThunkOldAddress = Ptr;
477 }
478 }
479 }
480 }
481}
482
483NTSTATUS
484NTAPI
485AVrfpLoadAndInitializeProvider(PVERIFIER_PROVIDER Provider)
486{
487 WCHAR StringBuffer[MAX_PATH + 11];
488 UNICODE_STRING DllPath;
489 PRTL_VERIFIER_PROVIDER_DESCRIPTOR Descriptor;
490 PIMAGE_NT_HEADERS ImageNtHeader;
491 NTSTATUS Status;
492
493 RtlInitEmptyUnicodeString(&DllPath, StringBuffer, sizeof(StringBuffer));
494 RtlAppendUnicodeToString(&DllPath, SharedUserData->NtSystemRoot);
495 RtlAppendUnicodeToString(&DllPath, L"\\System32\\");
496
497 if (AVrfpDebug & RTL_VRF_DBG_SHOWSNAPS)
498 DbgPrint("AVRF: verifier dll `%wZ'\n", &Provider->DllName);
499
500 Status = LdrLoadDll(DllPath.Buffer, NULL, &Provider->DllName, &Provider->BaseAddress);
501 if (!NT_SUCCESS(Status))
502 {
503 DbgPrint("AVRF: %wZ: failed to load provider `%wZ' (status %08X) from %wZ\n",
504 &LdrpImageEntry->BaseDllName,
505 &Provider->DllName,
506 Status,
507 &DllPath);
508 return Status;
509 }
510
511 /* Prevent someone funny from specifying his own application as provider */
512 ImageNtHeader = RtlImageNtHeader(Provider->BaseAddress);
513 if (!ImageNtHeader ||
514 !(ImageNtHeader->FileHeader.Characteristics & IMAGE_FILE_DLL))
515 {
516 DbgPrint("AVRF: provider %wZ is not a DLL image\n", &Provider->DllName);
517 return STATUS_DLL_INIT_FAILED;
518 }
519
520 Provider->EntryPoint = LdrpFetchAddressOfEntryPoint(Provider->BaseAddress);
521 if (!Provider->EntryPoint)
522 {
523 DbgPrint("AVRF: cannot find an entry point for provider %wZ\n", &Provider->DllName);
524 return STATUS_PROCEDURE_NOT_FOUND;
525 }
526
527 _SEH2_TRY
528 {
529 if (LdrpCallInitRoutine(Provider->EntryPoint,
530 Provider->BaseAddress,
531 DLL_PROCESS_VERIFIER,
532 &Descriptor))
533 {
534 if (Descriptor && Descriptor->Length == sizeof(RTL_VERIFIER_PROVIDER_DESCRIPTOR))
535 {
536 /* Copy the data */
537 Provider->ProviderDlls = Descriptor->ProviderDlls;
538 Provider->ProviderDllLoadCallback = Descriptor->ProviderDllLoadCallback;
539 Provider->ProviderDllUnloadCallback = Descriptor->ProviderDllUnloadCallback;
540 Provider->ProviderNtdllHeapFreeCallback = Descriptor->ProviderNtdllHeapFreeCallback;
541
542 /* Update some info for the provider */
543 Descriptor->VerifierImage = LdrpImageEntry->BaseDllName.Buffer;
544 Descriptor->VerifierFlags = AVrfpVerifierFlags;
545 Descriptor->VerifierDebug = AVrfpDebug;
546
547 /* We don't have these yet */
548 DPRINT1("AVRF: RtlpGetStackTraceAddress MISSING\n");
549 DPRINT1("AVRF: RtlpDebugPageHeapCreate MISSING\n");
550 DPRINT1("AVRF: RtlpDebugPageHeapDestroy MISSING\n");
551 Descriptor->RtlpGetStackTraceAddress = NULL;
552 Descriptor->RtlpDebugPageHeapCreate = NULL;
553 Descriptor->RtlpDebugPageHeapDestroy = NULL;
554 Status = STATUS_SUCCESS;
555 }
556 else
557 {
558 DbgPrint("AVRF: provider %wZ passed an invalid descriptor @ %p\n", &Provider->DllName, Descriptor);
559 Status = STATUS_INVALID_PARAMETER_4;
560 }
561 }
562 else
563 {
564 DbgPrint("AVRF: provider %wZ did not initialize correctly\n", &Provider->DllName);
565 Status = STATUS_DLL_INIT_FAILED;
566 }
567 }
568 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
569 {
570 Status = _SEH2_GetExceptionCode();
571 }
572 _SEH2_END;
573
574 if (!NT_SUCCESS(Status))
575 return Status;
576
577
578 if (AVrfpDebug & RTL_VRF_DBG_LISTPROVIDERS)
579 DbgPrint("AVRF: initialized provider %wZ (descriptor @ %p)\n", &Provider->DllName, Descriptor);
580
581 /* Done loading providers, allow dll notifications */
582 AVrfpInitialized = TRUE;
583
584 AVrfpChainDuplicateThunks();
585 AVrfpResnapInitialModules();
586
587 /* Manually call with DLL_PROCESS_ATTACH, since the process is not done initializing */
588 _SEH2_TRY
589 {
590 if (!LdrpCallInitRoutine(Provider->EntryPoint,
591 Provider->BaseAddress,
592 DLL_PROCESS_ATTACH,
593 NULL))
594 {
595 DbgPrint("AVRF: provider %wZ did not initialize correctly\n", &Provider->DllName);
596 Status = STATUS_DLL_INIT_FAILED;
597 }
598
599 }
600 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
601 {
602 Status = _SEH2_GetExceptionCode();
603 }
604 _SEH2_END;
605
606 return Status;
607}
608
609
610NTSTATUS
611NTAPI
612AVrfInitializeVerifier(VOID)
613{
614 NTSTATUS Status;
615 PVERIFIER_PROVIDER Provider;
616 PLIST_ENTRY Entry;
617 WCHAR* Ptr, *Next;
618
619 Status = RtlInitializeCriticalSection(&AVrfpVerifierLock);
620 InitializeListHead(&AVrfpVerifierProvidersList);
621
622 if (!NT_SUCCESS(Status))
623 return Status;
624
625 DbgPrint("AVRF: %wZ: pid 0x%X: flags 0x%X: application verifier enabled\n",
626 &LdrpImageEntry->BaseDllName, NtCurrentTeb()->ClientId.UniqueProcess, AVrfpVerifierFlags);
627
628 Provider = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(VERIFIER_PROVIDER));
629 if (!Provider)
630 return STATUS_NO_MEMORY;
631
632 RtlInitUnicodeString(&Provider->DllName, L"verifier.dll");
633 InsertTailList(&AVrfpVerifierProvidersList, &Provider->ListEntry);
634
635 Next = AVrfpVerifierDllsString;
636
637 do
638 {
639 while (*Next == L' ' || *Next == L'\t')
640 Next++;
641
642 Ptr = Next;
643
644 while (*Next != ' ' && *Next != '\t' && *Next)
645 Next++;
646
647 if (*Next)
648 *(Next++) = '\0';
649 else
650 Next = NULL;
651
652 if (*Ptr)
653 {
654 Provider = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(VERIFIER_PROVIDER));
655 if (!Provider)
656 return STATUS_NO_MEMORY;
657 RtlInitUnicodeString(&Provider->DllName, Ptr);
658 InsertTailList(&AVrfpVerifierProvidersList, &Provider->ListEntry);
659 }
660 } while (Next);
661
662 Entry = AVrfpVerifierProvidersList.Flink;
663 while (Entry != &AVrfpVerifierProvidersList)
664 {
665 Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
666 Entry = Entry->Flink;
667
668 Status = AVrfpLoadAndInitializeProvider(Provider);
669 if (!NT_SUCCESS(Status))
670 {
671 RemoveEntryList(&Provider->ListEntry);
672 RtlFreeHeap(RtlGetProcessHeap(), 0, Provider);
673 }
674 }
675
676 if (!NT_SUCCESS(Status))
677 {
678 DbgPrint("AVRF: %wZ: pid 0x%X: application verifier will be disabled due to an initialization error.\n",
679 &LdrpImageEntry->BaseDllName, NtCurrentTeb()->ClientId.UniqueProcess);
680 NtCurrentPeb()->NtGlobalFlag &= ~FLG_APPLICATION_VERIFIER;
681 }
682
683 return Status;
684}
685
NtCurrentPeb
#define NtCurrentPeb()
Definition: FLS.c:22
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
DPRINT1
#define DPRINT1
Definition: precomp.h:8
UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: debug.h:115
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
_stricmp
#define _stricmp
Definition: cat.c:22
ImageNtHeader
PIMAGE_NT_HEADERS WINAPI ImageNtHeader(_In_ PVOID)
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DLL_PROCESS_ATTACH
#define DLL_PROCESS_ATTACH
Definition: compat.h:131
RtlImageDirectoryEntryToData
#define RtlImageDirectoryEntryToData
Definition: compat.h:809
RtlImageNtHeader
#define RtlImageNtHeader
Definition: compat.h:806
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
Peb
PPEB Peb
Definition: dllmain.c:27
RemoveEntryList
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
RtlAppendUnicodeToString
NTSTATUS RtlAppendUnicodeToString(IN PUNICODE_STRING Str1, IN PWSTR Str2)
Definition: string_lib.cpp:62
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
_SEH2_END
#define _SEH2_END
Definition: filesup.c:22
_SEH2_TRY
#define _SEH2_TRY
Definition: filesup.c:19
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
Ptr
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
Status
Status
Definition: gdiplustypes.h:25
u1
GLdouble u1
Definition: glext.h:8308
DbgPrint
#define DbgPrint
Definition: hal.h:12
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
FLG_HEAP_PAGE_ALLOCS
#define FLG_HEAP_PAGE_ALLOCS
Definition: pstypes.h:84
FLG_APPLICATION_VERIFIER
#define FLG_APPLICATION_VERIFIER
Definition: pstypes.h:64
NtCurrentTeb
#define NtCurrentTeb
Definition: iphlpapi_private.h:4
REG_SZ
#define REG_SZ
Definition: layer.c:22
LdrLoadDll
NTSTATUS NTAPI DECLSPEC_HOTPATCH LdrLoadDll(IN PWSTR SearchPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress)
Definition: ldrapi.c:310
StringBuffer
WCHAR StringBuffer[156]
Definition: ldrinit.c:41
LdrQueryImageFileKeyOption
NTSTATUS NTAPI LdrQueryImageFileKeyOption(IN HANDLE KeyHandle, IN PCWSTR ValueName, IN ULONG Type, OUT PVOID Buffer, IN ULONG BufferSize, OUT PULONG ReturnedLength OPTIONAL)
Definition: ldrinit.c:184
if
if(dx< 0)
Definition: linetemp.h:194
DllPath
static const char const char * DllPath
Definition: image.c:34
KeyHandle
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4715
BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
RtlEnterCriticalSection
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
RtlLeaveCriticalSection
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
RtlInitializeCriticalSection
NTSYSAPI NTSTATUS NTAPI RtlInitializeCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
Count
int Count
Definition: noreturn.cpp:7
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
PAGE_EXECUTE_READWRITE
#define PAGE_EXECUTE_READWRITE
Definition: nt_native.h:1308
UNICODE_NULL
#define UNICODE_NULL
AVrfpVerifierFlags
ULONG AVrfpVerifierFlags
Definition: verifier.c:17
AVrfpVerifierProvidersList
LIST_ENTRY AVrfpVerifierProvidersList
Definition: verifier.c:22
LdrpImageEntry
PLDR_DATA_TABLE_ENTRY LdrpImageEntry
Definition: ldrinit.c:39
LdrpInitializeApplicationVerifierPackage
NTSTATUS NTAPI LdrpInitializeApplicationVerifierPackage(HANDLE KeyHandle, PPEB Peb, BOOLEAN SystemWide, BOOLEAN ReadAdvancedOptions)
Definition: verifier.c:82
AVrfpInitialized
BOOL AVrfpInitialized
Definition: verifier.c:20
AVrfReadIFEO
VOID NTAPI AVrfReadIFEO(HANDLE KeyHandle)
Definition: verifier.c:46
AVrfpDebug
ULONG AVrfpDebug
Definition: verifier.c:19
AVrfInitializeVerifier
NTSTATUS NTAPI AVrfInitializeVerifier(VOID)
Definition: verifier.c:612
PVERIFIER_PROVIDER
struct _VERIFIER_PROVIDER * PVERIFIER_PROVIDER
AVrfpVerifierLock
RTL_CRITICAL_SECTION AVrfpVerifierLock
Definition: verifier.c:21
AVrfpCountThunks
SIZE_T AVrfpCountThunks(PIMAGE_THUNK_DATA Thunk)
Definition: verifier.c:120
VERIFIER_DLL_FLAGS_RESOLVED
#define VERIFIER_DLL_FLAGS_RESOLVED
Definition: verifier.c:24
AVrfpResnapInitialModules
VOID NTAPI AVrfpResnapInitialModules(VOID)
Definition: verifier.c:374
VERIFIER_PROVIDER
struct _VERIFIER_PROVIDER VERIFIER_PROVIDER
AvrfpFindDuplicateThunk
PVOID NTAPI AvrfpFindDuplicateThunk(PLIST_ENTRY EndEntry, PWCHAR DllName, PCHAR ThunkName)
Definition: verifier.c:402
AVrfpIsVerifierProviderDll
BOOLEAN AVrfpIsVerifierProviderDll(PVOID BaseAddress)
Definition: verifier.c:103
AVrfpVerifierDllsString
WCHAR AVrfpVerifierDllsString[256]
Definition: verifier.c:18
AVrfDllUnloadNotification
VOID NTAPI AVrfDllUnloadNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:328
AVrfpLoadAndInitializeProvider
NTSTATUS NTAPI AVrfpLoadAndInitializeProvider(PVERIFIER_PROVIDER Provider)
Definition: verifier.c:485
AVrfDllLoadNotification
VOID NTAPI AVrfDllLoadNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:294
AVrfpChainDuplicateThunks
VOID NTAPI AVrfpChainDuplicateThunks(VOID)
Definition: verifier.c:448
AVrfpSnapDllImports
VOID AVrfpSnapDllImports(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:129
AVrfPageHeapDllNotification
VOID NTAPI AVrfPageHeapDllNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:361
AvrfpResolveThunks
VOID AvrfpResolveThunks(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:235
RtlpDphGlobalFlags
ULONG RtlpDphGlobalFlags
Definition: heappage.c:108
LdrpGetProcedureAddress
NTSTATUS NTAPI LdrpGetProcedureAddress(IN PVOID BaseAddress, IN PANSI_STRING Name, IN ULONG Ordinal, OUT PVOID *ProcedureAddress, IN BOOLEAN ExecuteInit)
Definition: ldrutils.c:2252
LdrpCallInitRoutine
BOOLEAN NTAPI LdrpCallInitRoutine(IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
Definition: ldrutils.c:100
LdrpFetchAddressOfEntryPoint
PVOID NTAPI LdrpFetchAddressOfEntryPoint(PVOID ImageBase)
RtlpPageHeapEnabled
BOOLEAN RtlpPageHeapEnabled
Definition: heappage.c:107
DPH_FLAG_DLL_NOTIFY
#define DPH_FLAG_DLL_NOTIFY
Definition: ntdllp.h:24
PIMAGE_THUNK_DATA
PIMAGE_THUNK_DATA32 PIMAGE_THUNK_DATA
Definition: ntimage.h:566
NtGlobalFlag
ULONG NtGlobalFlag
Definition: init.c:54
NtProtectVirtualMemory
NTSTATUS NTAPI NtProtectVirtualMemory(IN HANDLE ProcessHandle, IN OUT PVOID *UnsafeBaseAddress, IN OUT SIZE_T *UnsafeNumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG UnsafeOldAccessProtection)
Definition: virtual.c:3105
STATUS_INVALID_PARAMETER_4
#define STATUS_INVALID_PARAMETER_4
Definition: ntstatus.h:478
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
STATUS_PROCEDURE_NOT_FOUND
#define STATUS_PROCEDURE_NOT_FOUND
Definition: ntstatus.h:358
STATUS_DLL_INIT_FAILED
#define STATUS_DLL_INIT_FAILED
Definition: ntstatus.h:558
L
#define L(x)
Definition: ntvdm.h:50
IMAGE_DIRECTORY_ENTRY_IMPORT
#define IMAGE_DIRECTORY_ENTRY_IMPORT
Definition: pedump.c:260
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
IMAGE_FILE_DLL
#define IMAGE_FILE_DLL
Definition: pedump.c:169
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
REG_DWORD
#define REG_DWORD
Definition: sdbapi.c:596
_wcsicmp
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
SharedUserData
#define SharedUserData
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
Entry
base of all file and directory entries
Definition: entries.h:83
_ANSI_STRING
Definition: env_spec_w32.h:375
_CLIENT_ID::UniqueProcess
HANDLE UniqueProcess
Definition: compat.h:825
_IMAGE_FILE_HEADER::Characteristics
WORD Characteristics
Definition: ntddk_ex.h:128
_IMAGE_IMPORT_DESCRIPTOR
Definition: ntimage.h:572
_IMAGE_IMPORT_DESCRIPTOR::FirstThunk
ULONG FirstThunk
Definition: ntimage.h:580
_IMAGE_IMPORT_DESCRIPTOR::Name
ULONG Name
Definition: ntimage.h:579
_IMAGE_IMPORT_DESCRIPTOR::OriginalFirstThunk
ULONG OriginalFirstThunk
Definition: ntimage.h:575
_IMAGE_NT_HEADERS
Definition: ntddk_ex.h:181
_IMAGE_NT_HEADERS::FileHeader
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
_IMAGE_THUNK_DATA32
Definition: ntimage.h:510
_IMAGE_THUNK_DATA32::u1
union _IMAGE_THUNK_DATA32::@2111 u1
_IMAGE_THUNK_DATA32::Function
ULONG Function
Definition: ntimage.h:513
_LDR_DATA_TABLE_ENTRY
Definition: btrfs_drv.h:1876
_LDR_DATA_TABLE_ENTRY::DllBase
PVOID DllBase
Definition: btrfs_drv.h:1880
_LDR_DATA_TABLE_ENTRY::BaseDllName
UNICODE_STRING BaseDllName
Definition: ldrtypes.h:145
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
_PEB
Definition: btrfs_drv.h:1907
_PEB::NtGlobalFlag
ULONG NtGlobalFlag
Definition: ntddk_ex.h:270
_RTL_CRITICAL_SECTION
Definition: rtltypes.h:1430
_RTL_VERIFIER_DLL_DESCRIPTOR
Definition: verifier.h:16
_RTL_VERIFIER_DLL_DESCRIPTOR::DllName
PWCHAR DllName
Definition: verifier.h:17
_RTL_VERIFIER_DLL_DESCRIPTOR::DllFlags
DWORD DllFlags
Definition: verifier.h:18
_RTL_VERIFIER_DLL_DESCRIPTOR::DllThunks
PRTL_VERIFIER_THUNK_DESCRIPTOR DllThunks
Definition: verifier.h:20
_RTL_VERIFIER_PROVIDER_DESCRIPTOR
Definition: verifier.h:23
_RTL_VERIFIER_THUNK_DESCRIPTOR
Definition: verifier.h:10
_RTL_VERIFIER_THUNK_DESCRIPTOR::ThunkName
PCHAR ThunkName
Definition: verifier.h:11
_RTL_VERIFIER_THUNK_DESCRIPTOR::ThunkOldAddress
PVOID ThunkOldAddress
Definition: verifier.h:12
_RTL_VERIFIER_THUNK_DESCRIPTOR::ThunkNewAddress
PVOID ThunkNewAddress
Definition: verifier.h:13
_UNICODE_STRING
Definition: env_spec_w32.h:368
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
_VERIFIER_PROVIDER
Definition: verifier.c:28
_VERIFIER_PROVIDER::BaseAddress
PVOID BaseAddress
Definition: verifier.c:31
_VERIFIER_PROVIDER::DllName
UNICODE_STRING DllName
Definition: verifier.c:30
_VERIFIER_PROVIDER::ListEntry
LIST_ENTRY ListEntry
Definition: verifier.c:29
_VERIFIER_PROVIDER::ProviderNtdllHeapFreeCallback
RTL_VERIFIER_NTDLLHEAPFREE_CALLBACK ProviderNtdllHeapFreeCallback
Definition: verifier.c:38
_VERIFIER_PROVIDER::EntryPoint
PVOID EntryPoint
Definition: verifier.c:32
_VERIFIER_PROVIDER::ProviderDlls
PRTL_VERIFIER_DLL_DESCRIPTOR ProviderDlls
Definition: verifier.c:35
_VERIFIER_PROVIDER::ProviderDllLoadCallback
RTL_VERIFIER_DLL_LOAD_CALLBACK ProviderDllLoadCallback
Definition: verifier.c:36
_VERIFIER_PROVIDER::ProviderDllUnloadCallback
RTL_VERIFIER_DLL_UNLOAD_CALLBACK ProviderDllUnloadCallback
Definition: verifier.c:37
NTAPI
#define NTAPI
Definition: typedefs.h:36
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
IN
#define IN
Definition: typedefs.h:39
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260
ULONG
uint32_t ULONG
Definition: typedefs.h:59
PCHAR
char * PCHAR
Definition: typedefs.h:51
RTL_VERIFIER_NTDLLHEAPFREE_CALLBACK
VOID(NTAPI * RTL_VERIFIER_NTDLLHEAPFREE_CALLBACK)(PVOID AllocationBase, SIZE_T AllocationSize)
Definition: verifier.h:8
RTL_VRF_DBG_SHOWFOUNDEXPORTS
#define RTL_VRF_DBG_SHOWFOUNDEXPORTS
Definition: verifier.h:70
RTL_VRF_DBG_SHOWCHAINING
#define RTL_VRF_DBG_SHOWCHAINING
Definition: verifier.h:73
RTL_VRF_DBG_LISTPROVIDERS
#define RTL_VRF_DBG_LISTPROVIDERS
Definition: verifier.h:72
RTL_VRF_FLG_HANDLE_CHECKS
#define RTL_VRF_FLG_HANDLE_CHECKS
Definition: verifier.h:47
RTL_VRF_DBG_SHOWSNAPS
#define RTL_VRF_DBG_SHOWSNAPS
Definition: verifier.h:69
DLL_PROCESS_VERIFIER
#define DLL_PROCESS_VERIFIER
Definition: verifier.h:4
RTL_VRF_DBG_SHOWCHAINING_DEBUG
#define RTL_VRF_DBG_SHOWCHAINING_DEBUG
Definition: verifier.h:74
RTL_VRF_DBG_SHOWVERIFIEDEXPORTS
#define RTL_VRF_DBG_SHOWVERIFIEDEXPORTS
Definition: verifier.h:71
RTL_VERIFIER_DLL_UNLOAD_CALLBACK
VOID(NTAPI * RTL_VERIFIER_DLL_UNLOAD_CALLBACK)(PWSTR DllName, PVOID DllBase, SIZE_T DllSize, PVOID Reserved)
Definition: verifier.h:7
RTL_VRF_FLG_LOCK_CHECKS
#define RTL_VRF_FLG_LOCK_CHECKS
Definition: verifier.h:64
RTL_VRF_FLG_FAST_FILL_HEAP
#define RTL_VRF_FLG_FAST_FILL_HEAP
Definition: verifier.h:60
RTL_VERIFIER_DLL_LOAD_CALLBACK
VOID(NTAPI * RTL_VERIFIER_DLL_LOAD_CALLBACK)(PWSTR DllName, PVOID DllBase, SIZE_T DllSize, PVOID Reserved)
Definition: verifier.h:6
Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
Descriptor
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:342
ClientId
_Out_ PCLIENT_ID ClientId
Definition: kefuncs.h:1165
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180