Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-04 03:34:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

[KERNEL32] Re-enable Safer and AppCompat checks in CreateProcessInternalW. CORE-12585

Browse source 
svn path=/trunk/; revision=73473
This commit is contained in:
Mark Jansen 2016-12-20 19:51:44 +00:00
parent 974a6b6921
commit bd37cb261c
1 changed files with 27 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
reactos/dll/win32/kernel32/client/proc.c
View file

@ -2313,7 +2313,7 @@ CreateProcessInternalW(IN HANDLE hUserToken,
HANDLE FileHandle, SectionHandle, ProcessHandle; HANDLE FileHandle, SectionHandle, ProcessHandle;
ULONG ResumeCount; ULONG ResumeCount;
PROCESS_PRIORITY_CLASS PriorityClass; PROCESS_PRIORITY_CLASS PriorityClass;
NTSTATUS Status, Status1, ImageDbgStatus; NTSTATUS Status, AppCompatStatus, SaferStatus, IFEOStatus, ImageDbgStatus;
PPEB Peb, RemotePeb; PPEB Peb, RemotePeb;
PTEB Teb; PTEB Teb;
INITIAL_TEB InitialTeb; INITIAL_TEB InitialTeb;
@ -2386,7 +2386,7 @@ CreateProcessInternalW(IN HANDLE hUserToken,
/* Zero out the initial core variables and handles */ /* Zero out the initial core variables and handles */
QuerySection = FALSE; QuerySection = FALSE;
InJob = FALSE; InJob = FALSE;
SkipSaferAndAppCompat = TRUE; // HACK for making .bat/.cmd launch working again. SkipSaferAndAppCompat = FALSE;
ParameterFlags = 0; ParameterFlags = 0;
Flags = 0; Flags = 0;
DebugHandle = NULL; DebugHandle = NULL;
@ -3051,12 +3051,12 @@ StartScan:
if (QuerySection) if (QuerySection)
{ {
/* Nothing to do */ /* Nothing to do */
Status = STATUS_SUCCESS; AppCompatStatus = STATUS_SUCCESS;
} }
else else
{ {
/* Get some information about the executable */ /* Get some information about the executable */
Status = NtQuerySection(SectionHandle, AppCompatStatus = NtQuerySection(SectionHandle,
SectionImageInformation, SectionImageInformation,
&ImageInformation, &ImageInformation,
sizeof(ImageInformation), sizeof(ImageInformation),
@ -3064,7 +3064,7 @@ StartScan:
} }
/* Do we have section information now? */ /* Do we have section information now? */
if (NT_SUCCESS(Status)) if (NT_SUCCESS(AppCompatStatus))
{ {
/* Don't ask for it again, save the machine type */ /* Don't ask for it again, save the machine type */
QuerySection = TRUE; QuerySection = TRUE;
@ -3073,7 +3073,7 @@ StartScan:
} }
/* Is there a reason/Shim we shouldn't run this application? */ /* Is there a reason/Shim we shouldn't run this application? */
Status = BasepCheckBadapp(FileHandle, AppCompatStatus = BasepCheckBadapp(FileHandle,
FreeBuffer, FreeBuffer,
lpEnvironment, lpEnvironment,
ImageMachine, ImageMachine,
@ -3082,11 +3082,11 @@ StartScan:
&AppCompatSxsData, &AppCompatSxsData,
&AppCompatSxsDataSize, &AppCompatSxsDataSize,
&FusionFlags); &FusionFlags);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(AppCompatStatus))
{ {
/* This is usually the status we get back */ /* This is usually the status we get back */
DPRINT1("App compat launch failure: %lx\n", Status); DPRINT1("App compat launch failure: %lx\n", AppCompatStatus);
if (Status == STATUS_ACCESS_DENIED) if (AppCompatStatus == STATUS_ACCESS_DENIED)
{ {
/* Convert it to something more Win32-specific */ /* Convert it to something more Win32-specific */
SetLastError(ERROR_CANCELLED); SetLastError(ERROR_CANCELLED);
@ -3094,7 +3094,7 @@ StartScan:
else else
{ {
/* Some other error */ /* Some other error */
BaseSetLastNTError(Status); BaseSetLastNTError(AppCompatStatus);
} }
/* Did we have a section? */ /* Did we have a section? */
@ -3148,13 +3148,13 @@ StartScan:
if (SaferNeeded) if (SaferNeeded)
{ {
/* We have to call into the WinSafer library and actually check */ /* We have to call into the WinSafer library and actually check */
Status = BasepCheckWinSaferRestrictions(hUserToken, SaferStatus = BasepCheckWinSaferRestrictions(hUserToken,
(LPWSTR)lpApplicationName, (LPWSTR)lpApplicationName,
FileHandle, FileHandle,
&InJob, &InJob,
&TokenHandle, &TokenHandle,
&JobHandle); &JobHandle);
if (Status == 0xFFFFFFFF) if (SaferStatus == 0xFFFFFFFF)
{ {
/* Back in 2003, they didn't have an NTSTATUS for this... */ /* Back in 2003, they didn't have an NTSTATUS for this... */
DPRINT1("WinSafer blocking process launch\n"); DPRINT1("WinSafer blocking process launch\n");
@ -3164,10 +3164,10 @@ StartScan:
} }
/* Other status codes are not-Safer related, just convert them */ /* Other status codes are not-Safer related, just convert them */
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(SaferStatus))
{ {
DPRINT1("Error checking WinSafer: %lx\n", Status); DPRINT1("Error checking WinSafer: %lx\n", SaferStatus);
BaseSetLastNTError(Status); BaseSetLastNTError(SaferStatus);
Result = FALSE; Result = FALSE;
goto Quickie; goto Quickie;
} }
@ -3576,7 +3576,7 @@ StartScan:
goto Quickie; goto Quickie;
} }
/* Don't let callers pass in this flag -- we'll only get it from IFRO */ /* Don't let callers pass in this flag -- we'll only get it from IFEO */
Flags &= ~PROCESS_CREATE_FLAGS_LARGE_PAGES; Flags &= ~PROCESS_CREATE_FLAGS_LARGE_PAGES;
/* Clear the IFEO-missing flag, before we know for sure... */ /* Clear the IFEO-missing flag, before we know for sure... */
@ -3587,11 +3587,11 @@ StartScan:
(NtCurrentPeb()->ReadImageFileExecOptions)) (NtCurrentPeb()->ReadImageFileExecOptions))
{ {
/* Let's do this! Attempt to open IFEO */ /* Let's do this! Attempt to open IFEO */
Status1 = LdrOpenImageFileOptionsKey(&PathName, 0, &KeyHandle); IFEOStatus = LdrOpenImageFileOptionsKey(&PathName, 0, &KeyHandle);
if (!NT_SUCCESS(Status1)) if (!NT_SUCCESS(IFEOStatus))
{ {
/* We failed, set the flag so we store this in the parameters */ /* We failed, set the flag so we store this in the parameters */
if (Status1 == STATUS_OBJECT_NAME_NOT_FOUND) ParameterFlags |= 2; if (IFEOStatus == STATUS_OBJECT_NAME_NOT_FOUND) ParameterFlags |= 2;
} }
else else
{ {
@ -3605,8 +3605,8 @@ StartScan:
if (!DebuggerCmdLine) if (!DebuggerCmdLine)
{ {
/* Close IFEO on failure */ /* Close IFEO on failure */
Status1 = NtClose(KeyHandle); IFEOStatus = NtClose(KeyHandle);
ASSERT(NT_SUCCESS(Status1)); ASSERT(NT_SUCCESS(IFEOStatus));
/* Fail the call */ /* Fail the call */
SetLastError(ERROR_NOT_ENOUGH_MEMORY); SetLastError(ERROR_NOT_ENOUGH_MEMORY);
@ -3616,13 +3616,13 @@ StartScan:
} }
/* Now query for the debugger */ /* Now query for the debugger */
Status1 = LdrQueryImageFileKeyOption(KeyHandle, IFEOStatus = LdrQueryImageFileKeyOption(KeyHandle,
L"Debugger", L"Debugger",
REG_SZ, REG_SZ,
DebuggerCmdLine, DebuggerCmdLine,
MAX_PATH * sizeof(WCHAR), MAX_PATH * sizeof(WCHAR),
&ResultSize); &ResultSize);
if (!(NT_SUCCESS(Status1)) || if (!(NT_SUCCESS(IFEOStatus)) ||
(ResultSize < sizeof(WCHAR)) || (ResultSize < sizeof(WCHAR)) ||
(DebuggerCmdLine[0] == UNICODE_NULL)) (DebuggerCmdLine[0] == UNICODE_NULL))
{ {
@ -3632,21 +3632,21 @@ StartScan:
} }
/* Also query if we should map with large pages */ /* Also query if we should map with large pages */
Status1 = LdrQueryImageFileKeyOption(KeyHandle, IFEOStatus = LdrQueryImageFileKeyOption(KeyHandle,
L"UseLargePages", L"UseLargePages",
REG_DWORD, REG_DWORD,
&UseLargePages, &UseLargePages,
sizeof(UseLargePages), sizeof(UseLargePages),
NULL); NULL);
if ((NT_SUCCESS(Status1)) && (UseLargePages)) if ((NT_SUCCESS(IFEOStatus)) && (UseLargePages))
{ {
/* Do it! This is the only way this flag can be set */ /* Do it! This is the only way this flag can be set */
Flags |= PROCESS_CREATE_FLAGS_LARGE_PAGES; Flags |= PROCESS_CREATE_FLAGS_LARGE_PAGES;
} }
/* We're done with IFEO, can close it now */ /* We're done with IFEO, can close it now */
Status1 = NtClose(KeyHandle); IFEOStatus = NtClose(KeyHandle);
ASSERT(NT_SUCCESS(Status1)); ASSERT(NT_SUCCESS(IFEOStatus));
} }
} }