[ADVAPI32] Fix some vista exports

ETW trace exports only exist on NT 0x502 ntdll, so limit the forwarders accordingly. Exports do exist on advapi32 Vista+, so for now these are stubs.
2025-08-03 17:56:00 +00:00 · 2023-08-05 15:42:39 +03:00 · 2023-08-05 15:42:39 +03:00 · a17dd3a7a9
commit a17dd3a7a9
parent 2549e10c38
1 changed files with 42 additions and 21 deletions
--- a/dll/win32/advapi32/advapi32.spec
+++ b/dll/win32/advapi32/advapi32.spec
@ -66,8 +66,10 @@
@ stdcall CommandLineFromMsiDescriptor(wstr ptr ptr)
@ stub ComputeAccessTokenFromCodeAuthzLevel
@ stdcall ControlService(long long ptr)
-@ stdcall ControlTraceA(double str ptr long) ntdll.EtwControlTraceA
+@ stdcall -version=0x502 ControlTraceA(double str ptr long) ntdll.EtwControlTraceA
-@ stdcall ControlTraceW(double wstr ptr long) ntdll.EtwControlTraceW
+@ stdcall -stub -version=0x600+ ControlTraceA(double str ptr long)
@ stdcall -version=0x502 ControlTraceW(double wstr ptr long) ntdll.EtwControlTraceW
@ stdcall -stub -version=0x600+ ControlTraceW(double wstr ptr long)
@ stub ConvertAccessToSecurityDescriptorA
@ stub ConvertAccessToSecurityDescriptorW
@ stub ConvertSDToStringSDRootDomainA
@ -201,7 +203,8 @@
@ stdcall ElfReportEventA(long long long long ptr long long ptr ptr long ptr ptr)
@ stdcall ElfReportEventAndSourceW(long long ptr long long long ptr ptr long long ptr ptr long ptr ptr)
@ stdcall ElfReportEventW(long long long long ptr long long ptr ptr long ptr ptr)
-@ stdcall EnableTrace(long long long ptr double) ntdll.EtwEnableTrace
+@ stdcall -version=0x502 EnableTrace(long long long ptr double) ntdll.EtwEnableTrace
@ stdcall -stub -version=0x600+ EnableTrace(long long long ptr double)
@ stdcall EncryptFileA(str)
@ stdcall EncryptFileW(wstr)
@ stub EncryptedFileKeyInfo
@ -213,15 +216,18 @@
@ stdcall EnumServicesStatusExA(long long long long ptr long ptr ptr ptr str)
@ stdcall EnumServicesStatusExW(long long long long ptr long ptr ptr ptr wstr)
@ stdcall EnumServicesStatusW(long long long ptr long ptr ptr ptr)
-@ stdcall EnumerateTraceGuids(ptr long ptr) ntdll.EtwEnumerateTraceGuids
+@ stdcall -version=0x502 EnumerateTraceGuids(ptr long ptr) ntdll.EtwEnumerateTraceGuids
@ stdcall -stub -version=0x600+ EnumerateTraceGuids(ptr long ptr)
@ stdcall EqualDomainSid(ptr ptr ptr)
@ stdcall EqualPrefixSid(ptr ptr)
@ stdcall EqualSid(ptr ptr)
@ stdcall FileEncryptionStatusA(str ptr)
@ stdcall FileEncryptionStatusW(wstr ptr)
@ stdcall FindFirstFreeAce(ptr ptr)
-@ stdcall FlushTraceA(double str ptr) ntdll.EtwFlushTraceA
+@ stdcall -version=0x502 FlushTraceA(double str ptr) ntdll.EtwFlushTraceA
-@ stdcall FlushTraceW(double wstr ptr) ntdll.EtwFlushTraceW
+@ stdcall -stub -version=0x600+ FlushTraceA(double str ptr)
@ stdcall -version=0x502 FlushTraceW(double wstr ptr) ntdll.EtwFlushTraceW
@ stdcall -stub -version=0x600+ FlushTraceW(double wstr ptr)
@ stub FreeEncryptedFileKeyInfo
@ stdcall FreeEncryptionCertificateHashList(ptr)
@ stdcall FreeInheritedFromArray(ptr long ptr)
@ -439,8 +445,10 @@
@ stdcall PrivilegedServiceAuditAlarmW(wstr wstr long ptr long)
@ stub ProcessIdleTasks
@ stdcall ProcessTrace(ptr long ptr ptr)
-@ stdcall QueryAllTracesA(ptr long ptr) ntdll.EtwQueryAllTracesA
+@ stdcall -version=0x502 QueryAllTracesA(ptr long ptr) ntdll.EtwQueryAllTracesA
-@ stdcall QueryAllTracesW(ptr long ptr) ntdll.EtwQueryAllTracesW
+@ stdcall -stub -version=0x600+ QueryAllTracesA(ptr long ptr)
@ stdcall -version=0x502 QueryAllTracesW(ptr long ptr) ntdll.EtwQueryAllTracesW
@ stdcall -stub -version=0x600+ QueryAllTracesW(ptr long ptr)
@ stdcall QueryRecoveryAgentsOnEncryptedFile(wstr ptr)
@ stdcall QueryServiceConfig2A(long long ptr long ptr)
@ stdcall QueryServiceConfig2W(long long ptr long ptr)
@ -451,8 +459,10 @@
@ stdcall QueryServiceObjectSecurity(long long ptr long ptr)
@ stdcall QueryServiceStatus(long ptr)
@ stdcall QueryServiceStatusEx(long long ptr long ptr)
-@ stdcall QueryTraceA(double str ptr) ntdll.EtwQueryTraceA
+@ stdcall -version=0x502 QueryTraceA(double str ptr) ntdll.EtwQueryTraceA
-@ stdcall QueryTraceW(double str ptr) ntdll.EtwQueryTraceA
+@ stdcall -stub -version=0x600+ QueryTraceA(double str ptr)
@ stdcall -version=0x502 QueryTraceW(double str ptr) ntdll.EtwQueryTraceW
@ stdcall -stub -version=0x600+ QueryTraceW(double str ptr)
@ stdcall QueryUsersOnEncryptedFile(wstr ptr)
@ stdcall ReadEncryptedFileRaw(ptr ptr ptr)
@ stdcall ReadEventLogA(long long long ptr long ptr ptr)
@ -587,10 +597,14 @@
@ stdcall StartServiceCtrlDispatcherA(ptr)
@ stdcall StartServiceCtrlDispatcherW(ptr)
@ stdcall StartServiceW(long long ptr)
-@ stdcall StartTraceA(ptr str ptr) ntdll.EtwStartTraceA
+@ stdcall -version=0x502 StartTraceA(ptr str ptr) ntdll.EtwStartTraceA
-@ stdcall StartTraceW(ptr wstr ptr) ntdll.EtwStartTraceW
+@ stdcall -stub -version=0x600+ StartTraceA(ptr str ptr)
-@ stdcall StopTraceA(double str ptr) ntdll.EtwStopTraceA
+@ stdcall -version=0x502 StartTraceW(ptr wstr ptr) ntdll.EtwStartTraceW
-@ stdcall StopTraceW(double wstr ptr) ntdll.EtwStopTraceA
+@ stdcall -stub -version=0x600+ StartTraceW(ptr wstr ptr)
@ stdcall -version=0x502 StopTraceA(double str ptr) ntdll.EtwStopTraceA
@ stdcall -stub -version=0x600+ StopTraceA(double str ptr)
@ stdcall -version=0x502 StopTraceW(double wstr ptr) ntdll.EtwStopTraceW
@ stdcall -stub -version=0x600+ StopTraceW(double wstr ptr)
@ stdcall SystemFunction001(ptr ptr ptr)
@ stdcall SystemFunction002(ptr ptr ptr)
@ stdcall SystemFunction003(ptr ptr)
@ -629,7 +643,8 @@
@ stdcall SystemFunction036(ptr long) # RtlGenRandom
@ stdcall SystemFunction040(ptr long long) # RtlEncryptMemory
@ stdcall SystemFunction041(ptr long long) # RtlDecryptMemory
-@ stdcall TraceEvent(double ptr) ntdll.EtwTraceEvent
+@ stdcall -version=0x502 TraceEvent(double ptr) ntdll.EtwTraceEvent
@ stdcall -stub -version=0x600+ TraceEvent(double ptr)
@ stdcall TraceEventInstance(double ptr ptr ptr) ntdll.EtwTraceEventInstance
@ varargs TraceMessage() ntdll.EtwTraceMessage
@ stdcall TraceMessageVa() ntdll.EtwTraceMessageVa
@ -641,8 +656,10 @@
@ stdcall UnlockServiceDatabase(ptr)
@ stub UnregisterIdleTask
@ stdcall UnregisterTraceGuids(double) ntdll.EtwUnregisterTraceGuids
-@ stdcall UpdateTraceA(double str ptr) ntdll.EtwUpdateTraceA
+@ stdcall -version=0x502 UpdateTraceA(double str ptr) ntdll.EtwUpdateTraceA
-@ stdcall UpdateTraceW(double wstr ptr) ntdll.EtwUpdateTraceW
+@ stdcall -stub -version=0x600+ UpdateTraceA(double str ptr)
@ stdcall -version=0x502 UpdateTraceW(double wstr ptr) ntdll.EtwUpdateTraceW
@ stdcall -stub -version=0x600+ UpdateTraceW(double wstr ptr)
@ stub WdmWmiServiceMain
@ stub WmiCloseBlock
@ stub WmiCloseTraceWithCursor
@ -660,8 +677,10 @@
@ stub WmiGetTraceHeader
@ stub WmiMofEnumerateResourcesA
@ stub WmiMofEnumerateResourcesW
-@ stdcall WmiNotificationRegistrationA(ptr long ptr long long) ntdll.EtwNotificationRegistrationA
+@ stdcall -version=0x502 WmiNotificationRegistrationA(ptr long ptr long long) ntdll.EtwNotificationRegistrationA
-@ stdcall WmiNotificationRegistrationW(ptr long ptr long long) ntdll.EtwNotificationRegistrationW
+@ stdcall -stub -version=0x600+ WmiNotificationRegistrationA(ptr long ptr long long)
@ stdcall -version=0x502 WmiNotificationRegistrationW(ptr long ptr long long) ntdll.EtwNotificationRegistrationW
@ stdcall -stub -version=0x600+ WmiNotificationRegistrationW(ptr long ptr long long)
@ stub WmiOpenBlock
@ stub WmiOpenTraceWithCursor
@ stub WmiParseTraceEvent
@ -674,8 +693,10 @@
@ stub WmiQuerySingleInstanceMultipleA
@ stub WmiQuerySingleInstanceMultipleW
@ stub WmiQuerySingleInstanceW
-@ stdcall WmiReceiveNotificationsA(long long long long) ntdll.EtwReceiveNotificationsA
+@ stdcall -version=0x502 WmiReceiveNotificationsA(long long long long) ntdll.EtwReceiveNotificationsA
-@ stdcall WmiReceiveNotificationsW(long long long long) ntdll.EtwReceiveNotificationsW
+@ stdcall -stub -version=0x600+ WmiReceiveNotificationsA(long long long long)
@ stdcall -version=0x502 WmiReceiveNotificationsW(long long long long) ntdll.EtwReceiveNotificationsW
@ stdcall -stub -version=0x600+ WmiReceiveNotificationsW(long long long long)
@ stub WmiSetSingleInstanceA
@ stub WmiSetSingleInstanceW
@ stub WmiSetSingleItemA