mirror of
https://github.com/reactos/reactos.git
synced 2024-07-06 20:55:16 +00:00
[KERNEL32] Re-enable Safer and AppCompat checks in CreateProcessInternalW. CORE-12585
svn path=/trunk/; revision=73473
This commit is contained in:
parent
974a6b6921
commit
bd37cb261c
|
@ -2313,7 +2313,7 @@ CreateProcessInternalW(IN HANDLE hUserToken,
|
||||||
HANDLE FileHandle, SectionHandle, ProcessHandle;
|
HANDLE FileHandle, SectionHandle, ProcessHandle;
|
||||||
ULONG ResumeCount;
|
ULONG ResumeCount;
|
||||||
PROCESS_PRIORITY_CLASS PriorityClass;
|
PROCESS_PRIORITY_CLASS PriorityClass;
|
||||||
NTSTATUS Status, Status1, ImageDbgStatus;
|
NTSTATUS Status, AppCompatStatus, SaferStatus, IFEOStatus, ImageDbgStatus;
|
||||||
PPEB Peb, RemotePeb;
|
PPEB Peb, RemotePeb;
|
||||||
PTEB Teb;
|
PTEB Teb;
|
||||||
INITIAL_TEB InitialTeb;
|
INITIAL_TEB InitialTeb;
|
||||||
|
@ -2386,7 +2386,7 @@ CreateProcessInternalW(IN HANDLE hUserToken,
|
||||||
/* Zero out the initial core variables and handles */
|
/* Zero out the initial core variables and handles */
|
||||||
QuerySection = FALSE;
|
QuerySection = FALSE;
|
||||||
InJob = FALSE;
|
InJob = FALSE;
|
||||||
SkipSaferAndAppCompat = TRUE; // HACK for making .bat/.cmd launch working again.
|
SkipSaferAndAppCompat = FALSE;
|
||||||
ParameterFlags = 0;
|
ParameterFlags = 0;
|
||||||
Flags = 0;
|
Flags = 0;
|
||||||
DebugHandle = NULL;
|
DebugHandle = NULL;
|
||||||
|
@ -3051,12 +3051,12 @@ StartScan:
|
||||||
if (QuerySection)
|
if (QuerySection)
|
||||||
{
|
{
|
||||||
/* Nothing to do */
|
/* Nothing to do */
|
||||||
Status = STATUS_SUCCESS;
|
AppCompatStatus = STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* Get some information about the executable */
|
/* Get some information about the executable */
|
||||||
Status = NtQuerySection(SectionHandle,
|
AppCompatStatus = NtQuerySection(SectionHandle,
|
||||||
SectionImageInformation,
|
SectionImageInformation,
|
||||||
&ImageInformation,
|
&ImageInformation,
|
||||||
sizeof(ImageInformation),
|
sizeof(ImageInformation),
|
||||||
|
@ -3064,7 +3064,7 @@ StartScan:
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Do we have section information now? */
|
/* Do we have section information now? */
|
||||||
if (NT_SUCCESS(Status))
|
if (NT_SUCCESS(AppCompatStatus))
|
||||||
{
|
{
|
||||||
/* Don't ask for it again, save the machine type */
|
/* Don't ask for it again, save the machine type */
|
||||||
QuerySection = TRUE;
|
QuerySection = TRUE;
|
||||||
|
@ -3073,7 +3073,7 @@ StartScan:
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Is there a reason/Shim we shouldn't run this application? */
|
/* Is there a reason/Shim we shouldn't run this application? */
|
||||||
Status = BasepCheckBadapp(FileHandle,
|
AppCompatStatus = BasepCheckBadapp(FileHandle,
|
||||||
FreeBuffer,
|
FreeBuffer,
|
||||||
lpEnvironment,
|
lpEnvironment,
|
||||||
ImageMachine,
|
ImageMachine,
|
||||||
|
@ -3082,11 +3082,11 @@ StartScan:
|
||||||
&AppCompatSxsData,
|
&AppCompatSxsData,
|
||||||
&AppCompatSxsDataSize,
|
&AppCompatSxsDataSize,
|
||||||
&FusionFlags);
|
&FusionFlags);
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(AppCompatStatus))
|
||||||
{
|
{
|
||||||
/* This is usually the status we get back */
|
/* This is usually the status we get back */
|
||||||
DPRINT1("App compat launch failure: %lx\n", Status);
|
DPRINT1("App compat launch failure: %lx\n", AppCompatStatus);
|
||||||
if (Status == STATUS_ACCESS_DENIED)
|
if (AppCompatStatus == STATUS_ACCESS_DENIED)
|
||||||
{
|
{
|
||||||
/* Convert it to something more Win32-specific */
|
/* Convert it to something more Win32-specific */
|
||||||
SetLastError(ERROR_CANCELLED);
|
SetLastError(ERROR_CANCELLED);
|
||||||
|
@ -3094,7 +3094,7 @@ StartScan:
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* Some other error */
|
/* Some other error */
|
||||||
BaseSetLastNTError(Status);
|
BaseSetLastNTError(AppCompatStatus);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Did we have a section? */
|
/* Did we have a section? */
|
||||||
|
@ -3148,13 +3148,13 @@ StartScan:
|
||||||
if (SaferNeeded)
|
if (SaferNeeded)
|
||||||
{
|
{
|
||||||
/* We have to call into the WinSafer library and actually check */
|
/* We have to call into the WinSafer library and actually check */
|
||||||
Status = BasepCheckWinSaferRestrictions(hUserToken,
|
SaferStatus = BasepCheckWinSaferRestrictions(hUserToken,
|
||||||
(LPWSTR)lpApplicationName,
|
(LPWSTR)lpApplicationName,
|
||||||
FileHandle,
|
FileHandle,
|
||||||
&InJob,
|
&InJob,
|
||||||
&TokenHandle,
|
&TokenHandle,
|
||||||
&JobHandle);
|
&JobHandle);
|
||||||
if (Status == 0xFFFFFFFF)
|
if (SaferStatus == 0xFFFFFFFF)
|
||||||
{
|
{
|
||||||
/* Back in 2003, they didn't have an NTSTATUS for this... */
|
/* Back in 2003, they didn't have an NTSTATUS for this... */
|
||||||
DPRINT1("WinSafer blocking process launch\n");
|
DPRINT1("WinSafer blocking process launch\n");
|
||||||
|
@ -3164,10 +3164,10 @@ StartScan:
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Other status codes are not-Safer related, just convert them */
|
/* Other status codes are not-Safer related, just convert them */
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(SaferStatus))
|
||||||
{
|
{
|
||||||
DPRINT1("Error checking WinSafer: %lx\n", Status);
|
DPRINT1("Error checking WinSafer: %lx\n", SaferStatus);
|
||||||
BaseSetLastNTError(Status);
|
BaseSetLastNTError(SaferStatus);
|
||||||
Result = FALSE;
|
Result = FALSE;
|
||||||
goto Quickie;
|
goto Quickie;
|
||||||
}
|
}
|
||||||
|
@ -3576,7 +3576,7 @@ StartScan:
|
||||||
goto Quickie;
|
goto Quickie;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Don't let callers pass in this flag -- we'll only get it from IFRO */
|
/* Don't let callers pass in this flag -- we'll only get it from IFEO */
|
||||||
Flags &= ~PROCESS_CREATE_FLAGS_LARGE_PAGES;
|
Flags &= ~PROCESS_CREATE_FLAGS_LARGE_PAGES;
|
||||||
|
|
||||||
/* Clear the IFEO-missing flag, before we know for sure... */
|
/* Clear the IFEO-missing flag, before we know for sure... */
|
||||||
|
@ -3587,11 +3587,11 @@ StartScan:
|
||||||
(NtCurrentPeb()->ReadImageFileExecOptions))
|
(NtCurrentPeb()->ReadImageFileExecOptions))
|
||||||
{
|
{
|
||||||
/* Let's do this! Attempt to open IFEO */
|
/* Let's do this! Attempt to open IFEO */
|
||||||
Status1 = LdrOpenImageFileOptionsKey(&PathName, 0, &KeyHandle);
|
IFEOStatus = LdrOpenImageFileOptionsKey(&PathName, 0, &KeyHandle);
|
||||||
if (!NT_SUCCESS(Status1))
|
if (!NT_SUCCESS(IFEOStatus))
|
||||||
{
|
{
|
||||||
/* We failed, set the flag so we store this in the parameters */
|
/* We failed, set the flag so we store this in the parameters */
|
||||||
if (Status1 == STATUS_OBJECT_NAME_NOT_FOUND) ParameterFlags |= 2;
|
if (IFEOStatus == STATUS_OBJECT_NAME_NOT_FOUND) ParameterFlags |= 2;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -3605,8 +3605,8 @@ StartScan:
|
||||||
if (!DebuggerCmdLine)
|
if (!DebuggerCmdLine)
|
||||||
{
|
{
|
||||||
/* Close IFEO on failure */
|
/* Close IFEO on failure */
|
||||||
Status1 = NtClose(KeyHandle);
|
IFEOStatus = NtClose(KeyHandle);
|
||||||
ASSERT(NT_SUCCESS(Status1));
|
ASSERT(NT_SUCCESS(IFEOStatus));
|
||||||
|
|
||||||
/* Fail the call */
|
/* Fail the call */
|
||||||
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
||||||
|
@ -3616,13 +3616,13 @@ StartScan:
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Now query for the debugger */
|
/* Now query for the debugger */
|
||||||
Status1 = LdrQueryImageFileKeyOption(KeyHandle,
|
IFEOStatus = LdrQueryImageFileKeyOption(KeyHandle,
|
||||||
L"Debugger",
|
L"Debugger",
|
||||||
REG_SZ,
|
REG_SZ,
|
||||||
DebuggerCmdLine,
|
DebuggerCmdLine,
|
||||||
MAX_PATH * sizeof(WCHAR),
|
MAX_PATH * sizeof(WCHAR),
|
||||||
&ResultSize);
|
&ResultSize);
|
||||||
if (!(NT_SUCCESS(Status1)) ||
|
if (!(NT_SUCCESS(IFEOStatus)) ||
|
||||||
(ResultSize < sizeof(WCHAR)) ||
|
(ResultSize < sizeof(WCHAR)) ||
|
||||||
(DebuggerCmdLine[0] == UNICODE_NULL))
|
(DebuggerCmdLine[0] == UNICODE_NULL))
|
||||||
{
|
{
|
||||||
|
@ -3632,21 +3632,21 @@ StartScan:
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Also query if we should map with large pages */
|
/* Also query if we should map with large pages */
|
||||||
Status1 = LdrQueryImageFileKeyOption(KeyHandle,
|
IFEOStatus = LdrQueryImageFileKeyOption(KeyHandle,
|
||||||
L"UseLargePages",
|
L"UseLargePages",
|
||||||
REG_DWORD,
|
REG_DWORD,
|
||||||
&UseLargePages,
|
&UseLargePages,
|
||||||
sizeof(UseLargePages),
|
sizeof(UseLargePages),
|
||||||
NULL);
|
NULL);
|
||||||
if ((NT_SUCCESS(Status1)) && (UseLargePages))
|
if ((NT_SUCCESS(IFEOStatus)) && (UseLargePages))
|
||||||
{
|
{
|
||||||
/* Do it! This is the only way this flag can be set */
|
/* Do it! This is the only way this flag can be set */
|
||||||
Flags |= PROCESS_CREATE_FLAGS_LARGE_PAGES;
|
Flags |= PROCESS_CREATE_FLAGS_LARGE_PAGES;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We're done with IFEO, can close it now */
|
/* We're done with IFEO, can close it now */
|
||||||
Status1 = NtClose(KeyHandle);
|
IFEOStatus = NtClose(KeyHandle);
|
||||||
ASSERT(NT_SUCCESS(Status1));
|
ASSERT(NT_SUCCESS(IFEOStatus));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue