From 01d18d99de02709dced64d148503e066296f14d8 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Wed, 14 May 2025 10:43:45 +0100 Subject: [PATCH] [misc] remove manual hooks into ntdll * Since we are now liking with ntdll directly, we can remove all the hooks we applied and just use regular calls. We also rename process.h to ntdll.h as a result. --- .vs/rufus.vcxproj | 2 +- .vs/rufus.vcxproj.filters | 2 +- src/drive.c | 10 +-- src/drive.h | 16 ----- src/ext2fs/nt_io.c | 63 +++++-------------- src/{process.h => ntdll.h} | 123 ++++++++++++++++++++++++++++++++++++- src/process.c | 99 +++++++---------------------- src/rufus.rc | 10 +-- src/stdio.c | 9 +-- 9 files changed, 174 insertions(+), 160 deletions(-) rename src/{process.h => ntdll.h} (75%) diff --git a/.vs/rufus.vcxproj b/.vs/rufus.vcxproj index b558e0ea..0fa60276 100644 --- a/.vs/rufus.vcxproj +++ b/.vs/rufus.vcxproj @@ -426,7 +426,7 @@ - + diff --git a/.vs/rufus.vcxproj.filters b/.vs/rufus.vcxproj.filters index 9204e412..f757813b 100644 --- a/.vs/rufus.vcxproj.filters +++ b/.vs/rufus.vcxproj.filters @@ -161,7 +161,7 @@ Header Files - + Header Files diff --git a/src/drive.c b/src/drive.c index 6be48e3a..ab4a6d57 100644 --- a/src/drive.c +++ b/src/drive.c @@ -33,6 +33,7 @@ #endif #include "rufus.h" +#include "ntdll.h" #include "missing.h" #include "resource.h" #include "settings.h" @@ -66,8 +67,6 @@ const IID IID_IVdsVolume = { 0x88306BB2, 0xE71F, 0x478C, { 0x86, 0xA2, 0x79, 0xD const IID IID_IVdsVolumeMF3 = { 0x6788FAF9, 0x214E, 0x4B85, { 0xBA, 0x59, 0x26, 0x69, 0x53, 0x61, 0x6E, 0x09 } }; #endif -PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryVolumeInformationFile, (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS)); - /* * Globals */ @@ -1097,15 +1096,13 @@ static BOOL _GetDriveLettersAndType(DWORD DriveIndex, char* drive_letters, UINT* HANDLE hDrive = INVALID_HANDLE_VALUE, hPhysical = INVALID_HANDLE_VALUE; UINT _drive_type; IO_STATUS_BLOCK io_status_block; - FILE_FS_DEVICE_INFORMATION file_fs_device_info; + FILE_FS_DEVICE_INFORMATION file_fs_device_info = { 0 }; BYTE geometry[256] = { 0 }; PDISK_GEOMETRY_EX DiskGeometry = (PDISK_GEOMETRY_EX)(void*)geometry; int i = 0, drives_found = 0, drive_number; char *drive, drives[26*4 + 1]; /* "D:\", "E:\", etc., plus one NUL */ char logical_drive[] = "\\\\.\\#:"; - PF_INIT(NtQueryVolumeInformationFile, Ntdll); - if (drive_letters != NULL) drive_letters[0] = 0; if (drive_type != NULL) @@ -1156,8 +1153,7 @@ static BOOL _GetDriveLettersAndType(DWORD DriveIndex, char* drive_letters, UINT* } // Eliminate floppy drives - if ((pfNtQueryVolumeInformationFile != NULL) && - (pfNtQueryVolumeInformationFile(hDrive, &io_status_block, &file_fs_device_info, + if ((NtQueryVolumeInformationFile(hDrive, &io_status_block, &file_fs_device_info, sizeof(file_fs_device_info), FileFsDeviceInformation) == NO_ERROR) && (file_fs_device_info.Characteristics & FILE_FLOPPY_DISKETTE) ) { continue; diff --git a/src/drive.h b/src/drive.h index 39a431e1..177f070f 100644 --- a/src/drive.h +++ b/src/drive.h @@ -61,22 +61,6 @@ #define VDS_SET_ERROR(hr) do { if (hr != S_OK) { SetLastError((DWORD)hr); ErrorStatus = RUFUS_ERROR(ERROR_GEN_FAILURE); } } while(0) -#if !defined(__MINGW32__) -typedef enum _FSINFOCLASS { - FileFsVolumeInformation = 1, - FileFsLabelInformation, - FileFsSizeInformation, - FileFsDeviceInformation, - FileFsAttributeInformation, - FileFsControlInformation, - FileFsFullSizeInformation, - FileFsObjectIdInformation, - FileFsDriverPathInformation, - FileFsVolumeFlagsInformation, - FileFsMaximumInformation -} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS; -#endif - /* We need a redef of these MS structure */ typedef struct { DWORD DeviceType; diff --git a/src/ext2fs/nt_io.c b/src/ext2fs/nt_io.c index c74f3cfa..f36dc3b2 100644 --- a/src/ext2fs/nt_io.c +++ b/src/ext2fs/nt_io.c @@ -28,21 +28,12 @@ #include "config.h" #include "ext2fs.h" #include "rufus.h" +#include "ntdll.h" #include "msapi_utf8.h" extern char* NtStatusError(NTSTATUS Status); static DWORD LastWinError = 0; -PF_TYPE_DECL(NTAPI, ULONG, RtlNtStatusToDosError, (NTSTATUS)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtClose, (HANDLE)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtOpenFile, (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, ULONG, ULONG)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtFlushBuffersFile, (HANDLE, PIO_STATUS_BLOCK)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtReadFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtWriteFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtDeviceIoControlFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtFsControlFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtDelayExecution, (BOOLEAN, PLARGE_INTEGER)); - #define ARGUMENT_PRESENT(ArgumentPointer) ((CHAR *)((ULONG_PTR)(ArgumentPointer)) != (CHAR *)(NULL)) #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) @@ -173,8 +164,7 @@ static unsigned _MapDosError(IN ULONG WinError) // Map NT status to dos error. static __inline unsigned _MapNtStatus(IN NTSTATUS Status) { - PF_INIT(RtlNtStatusToDosError, Ntdll); - return (pfRtlNtStatusToDosError == NULL) ? EFAULT: _MapDosError(pfRtlNtStatusToDosError(Status)); + return _MapDosError(RtlNtStatusToDosError(Status)); } // Return the last Windows Error @@ -193,8 +183,6 @@ static NTSTATUS _OpenNtName(IN PCSTR Name, IN BOOLEAN Readonly, OUT PHANDLE Hand NTSTATUS Status = EFAULT; OBJECT_ATTRIBUTES ObjectAttributes; IO_STATUS_BLOCK IoStatusBlock; - PF_INIT(NtDelayExecution, Ntdll); - PF_INIT_OR_OUT(NtOpenFile, Ntdll); // Make Unicode name from input string utf8_to_wchar_no_alloc(Name, Buffer, ARRAYSIZE(Buffer)); @@ -209,16 +197,16 @@ static NTSTATUS _OpenNtName(IN PCSTR Name, IN BOOLEAN Readonly, OUT PHANDLE Hand if (ARGUMENT_PRESENT(OpenedReadonly)) *OpenedReadonly = Readonly; - Status = pfNtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA), + Status = NtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA), &ObjectAttributes, &IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ, FILE_SYNCHRONOUS_IO_NONALERT); if (!NT_SUCCESS(Status)) { // Maybe was just mounted? wait 0.5 sec and retry. LARGE_INTEGER Interval; Interval.QuadPart = -5000000; // 0.5 sec. from now - pfNtDelayExecution(FALSE, &Interval); + NtDelayExecution(FALSE, &Interval); - Status = pfNtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA), + Status = NtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA), &ObjectAttributes, &IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ, FILE_SYNCHRONOUS_IO_NONALERT); @@ -227,13 +215,12 @@ static NTSTATUS _OpenNtName(IN PCSTR Name, IN BOOLEAN Readonly, OUT PHANDLE Hand if (ARGUMENT_PRESENT(OpenedReadonly)) *OpenedReadonly = TRUE; - Status = pfNtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA, &ObjectAttributes, + Status = NtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA, &ObjectAttributes, &IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ, FILE_SYNCHRONOUS_IO_NONALERT); } } -out: return Status; } @@ -247,45 +234,38 @@ static NTSTATUS _OpenDriveLetter(IN CHAR Letter, IN BOOLEAN ReadOnly, OUT PHANDL static __inline NTSTATUS _FlushDrive(IN HANDLE Handle) { IO_STATUS_BLOCK IoStatusBlock; - PF_INIT(NtFlushBuffersFile, NtDll); - return (pfNtFlushBuffersFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFlushBuffersFile(Handle, &IoStatusBlock); + return NtFlushBuffersFile(Handle, &IoStatusBlock); } static __inline NTSTATUS _LockDrive(IN HANDLE Handle) { IO_STATUS_BLOCK IoStatusBlock; - PF_INIT(NtFsControlFile, NtDll); - return (pfNtFsControlFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_LOCK_VOLUME, 0, 0, 0, 0); + return NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_LOCK_VOLUME, 0, 0, 0, 0); } static __inline NTSTATUS _UnlockDrive(IN HANDLE Handle) { IO_STATUS_BLOCK IoStatusBlock; - PF_INIT(NtFsControlFile, NtDll); - return (pfNtFsControlFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_UNLOCK_VOLUME, 0, 0, 0, 0); + return NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_UNLOCK_VOLUME, 0, 0, 0, 0); } static __inline NTSTATUS _DismountDrive(IN HANDLE Handle) { IO_STATUS_BLOCK IoStatusBlock; - PF_INIT(NtFsControlFile, NtDll); - return (pfNtFsControlFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_DISMOUNT_VOLUME, 0, 0, 0, 0); + return NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_DISMOUNT_VOLUME, 0, 0, 0, 0); } static __inline BOOLEAN _IsMounted(IN HANDLE Handle) { IO_STATUS_BLOCK IoStatusBlock; - PF_INIT(NtFsControlFile, NtDll); - return (pfNtFsControlFile == NULL) ? FALSE : - (BOOLEAN)(pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_IS_VOLUME_MOUNTED, 0, 0, 0, 0) == STATUS_SUCCESS); + return (BOOLEAN)(NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_IS_VOLUME_MOUNTED, 0, 0, 0, 0) == STATUS_SUCCESS); } static __inline NTSTATUS _CloseDisk(IN HANDLE Handle) { - PF_INIT(NtClose, Ntdll); - return (pfNtClose == NULL) ? STATUS_DLL_NOT_FOUND : pfNtClose(Handle); + return NtClose(Handle); } static PCSTR _NormalizeDeviceName(IN PCSTR Device, IN PSTR NormalizedDeviceNameBuffer, OUT __u64 *Offset, OUT __u64 *Size) @@ -320,12 +300,9 @@ static VOID _GetDeviceSize(IN HANDLE h, OUT unsigned __int64 *FsSize) LARGE_INTEGER li; *FsSize = 0; - PF_INIT(NtDeviceIoControlFile, NtDll); - if (pfNtDeviceIoControlFile == NULL) - return; RtlZeroMemory(&pi, sizeof(pi)); - Status = pfNtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock, + Status = NtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock, IOCTL_DISK_GET_PARTITION_INFO_EX, &pi, sizeof(pi), &pi, sizeof(pi)); if (NT_SUCCESS(Status)) { @@ -334,7 +311,7 @@ static VOID _GetDeviceSize(IN HANDLE h, OUT unsigned __int64 *FsSize) // No partitions: Try a drive geometry request RtlZeroMemory(&gi, sizeof(gi)); - Status = pfNtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock, + Status = NtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock, IOCTL_DISK_GET_DRIVE_GEOMETRY_EX, &gi, sizeof(gi), &gi, sizeof(gi)); @@ -389,8 +366,6 @@ static BOOLEAN _BlockIo(IN HANDLE Handle, IN LARGE_INTEGER Offset, IN ULONG Byte { IO_STATUS_BLOCK IoStatusBlock; NTSTATUS Status = STATUS_DLL_NOT_FOUND; - PF_INIT_OR_OUT(NtReadFile, NtDll); - PF_INIT_OR_OUT(NtWriteFile, NtDll); // Should be aligned assert((Bytes % 512) == 0); @@ -399,14 +374,13 @@ static BOOLEAN _BlockIo(IN HANDLE Handle, IN LARGE_INTEGER Offset, IN ULONG Byte LastWinError = 0; // Perform io if(Read) { - Status = pfNtReadFile(Handle, NULL, NULL, NULL, + Status = NtReadFile(Handle, NULL, NULL, NULL, &IoStatusBlock, Buffer, Bytes, &Offset, NULL); } else { - Status = pfNtWriteFile(Handle, NULL, NULL, NULL, + Status = NtWriteFile(Handle, NULL, NULL, NULL, &IoStatusBlock, Buffer, Bytes, &Offset, NULL); } -out: if (!NT_SUCCESS(Status)) { if (ARGUMENT_PRESENT(Errno)) *Errno = _MapNtStatus(Status); @@ -431,10 +405,7 @@ static BOOLEAN _RawRead(IN HANDLE Handle, IN LARGE_INTEGER Offset, IN ULONG Byte static BOOLEAN _SetPartType(IN HANDLE Handle, IN UCHAR Type) { IO_STATUS_BLOCK IoStatusBlock; - PF_INIT(NtDeviceIoControlFile, NtDll); - if (pfNtDeviceIoControlFile == NULL) - return FALSE; - return NT_SUCCESS(pfNtDeviceIoControlFile(Handle, NULL, NULL, NULL, &IoStatusBlock, + return NT_SUCCESS(NtDeviceIoControlFile(Handle, NULL, NULL, NULL, &IoStatusBlock, IOCTL_DISK_SET_PARTITION_INFO, &Type, sizeof(Type), NULL, 0)); } diff --git a/src/process.h b/src/ntdll.h similarity index 75% rename from src/process.h rename to src/ntdll.h index 3c367ca5..309e4b27 100644 --- a/src/process.h +++ b/src/ntdll.h @@ -1,10 +1,10 @@ /* * Rufus: The Reliable USB Formatting Utility - * Process search functionality + * ntdll definitions & process search functionality * * Modified from System Informer (a.k.a. Process Hacker): * https://github.com/winsiderss/systeminformer - * Copyright © 2017-2023 Pete Batard + * Copyright © 2017-2025 Pete Batard * Copyright © 2017 dmex * Copyright © 2009-2016 wj32 * @@ -318,3 +318,122 @@ typedef struct { ProcessEntry Process[MAX_BLOCKING_PROCESSES]; // Fixed size process list uint32_t nPass; // Incremental counter of how many passes we ran } BlockingProcess; + +#if !defined(__MINGW32__) +typedef enum _FSINFOCLASS { + FileFsVolumeInformation = 1, + FileFsLabelInformation, + FileFsSizeInformation, + FileFsDeviceInformation, + FileFsAttributeInformation, + FileFsControlInformation, + FileFsFullSizeInformation, + FileFsObjectIdInformation, + FileFsDriverPathInformation, + FileFsVolumeFlagsInformation, + FileFsMaximumInformation +} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS; +#endif + +NTSYSAPI PVOID NTAPI RtlCreateHeap( + IN ULONG Flags, + IN PVOID HeapBase OPTIONAL, + IN SIZE_T ReserveSize OPTIONAL, + IN SIZE_T CommitSize OPTIONAL, + IN PVOID Lock OPTIONAL, + IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL); + +NTSYSAPI PVOID NTAPI RtlAllocateHeap( + IN HANDLE HeapHandle, + IN ULONG Flags OPTIONAL, + IN SIZE_T Size); + +NTSYSAPI BOOLEAN NTAPI RtlFreeHeap( + IN PVOID HeapHandle, + IN ULONG Flags OPTIONAL, + IN PVOID BaseAddress); + +NTSYSAPI PVOID NTAPI RtlDestroyHeap( + IN PVOID HeapHandle); + +NTSYSAPI NTSTATUS NTAPI NtOpenProcess( + OUT PHANDLE ProcessHandle, + IN ACCESS_MASK AccessMask, + IN POBJECT_ATTRIBUTES ObjectAttributes, + IN CLIENT_ID* ClientId); + +NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken( + IN HANDLE ProcessHandle, + IN ACCESS_MASK DesiredAccess, + OUT PHANDLE TokenHandle); + +NTSYSAPI NTSTATUS NTAPI NtAdjustPrivilegesToken( + IN HANDLE TokenHandle, + IN BOOLEAN DisableAllPrivileges, + IN PTOKEN_PRIVILEGES TokenPrivileges, + IN ULONG PreviousPrivilegesLength, + OUT PTOKEN_PRIVILEGES PreviousPrivileges OPTIONAL, + OUT PULONG RequiredLength OPTIONAL); + +NTSYSAPI NTSTATUS NTAPI NtDuplicateObject( + IN HANDLE SourceProcessHandle, + IN PHANDLE SourceHandle, + IN HANDLE TargetProcessHandle, + OUT PHANDLE TargetHandle, + IN ACCESS_MASK DesiredAccess OPTIONAL, + IN BOOLEAN InheritHandle, + IN ULONG Options); + +NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile( + IN HANDLE FileHandle, + OUT PIO_STATUS_BLOCK IoStatusBlock, + OUT PVOID FileInformation, + IN ULONG Length, + IN FILE_INFORMATION_CLASS FileInformationClass); + +NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile( + IN HANDLE FileHandle, + OUT PIO_STATUS_BLOCK IoStatusBlock, + OUT PVOID FsInformation, + IN ULONG Length, + IN FS_INFORMATION_CLASS FsInformationClass); + +NTSYSAPI NTSTATUS NTAPI NtReadFile(IN HANDLE FileHandle, + IN HANDLE Event OPTIONAL, + IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, + IN PVOID ApcContext OPTIONAL, + OUT PIO_STATUS_BLOCK IoStatusBlock, + OUT PVOID Buffer, + IN ULONG Length, + IN PLARGE_INTEGER ByteOffset OPTIONAL, + IN PULONG Key OPTIONAL); + +NTSYSAPI NTSTATUS NTAPI NtWriteFile(IN HANDLE FileHandle, + IN HANDLE Event OPTIONAL, + IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, + IN PVOID ApcContext OPTIONAL, + OUT PIO_STATUS_BLOCK IoStatusBlock, + IN PVOID Buffer, + IN ULONG Length, + IN PLARGE_INTEGER ByteOffset OPTIONAL, + IN PULONG Key OPTIONAL); + +NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile( + IN HANDLE FileHandle, + OUT PIO_STATUS_BLOCK IoStatusBlock); + +NTSYSAPI NTSTATUS NTAPI NtFsControlFile( + IN HANDLE FileHandle, + IN HANDLE Event, + IN PIO_APC_ROUTINE ApcRoutine, + IN PVOID ApcContext, + OUT PIO_STATUS_BLOCK IoStatusBlock, + IN ULONG FsControlCode, + IN PVOID InputBuffer, + IN ULONG InputBufferLength, + OUT PVOID OutputBuffer, + IN ULONG OutputBufferLength); + +NTSYSAPI NTSTATUS NTAPI NtDelayExecution( + IN BOOLEAN Alertable, + IN PLARGE_INTEGER DelayInterval); diff --git a/src/process.c b/src/process.c index 5505912e..6d3b8338 100644 --- a/src/process.c +++ b/src/process.c @@ -32,26 +32,12 @@ #include "rufus.h" #include "drive.h" -#include "process.h" +#include "ntdll.h" #include "missing.h" #include "msapi_utf8.h" -PF_TYPE_DECL(NTAPI, PVOID, RtlCreateHeap, (ULONG, PVOID, SIZE_T, SIZE_T, PVOID, PRTL_HEAP_PARAMETERS)); -PF_TYPE_DECL(NTAPI, PVOID, RtlDestroyHeap, (PVOID)); -PF_TYPE_DECL(NTAPI, PVOID, RtlAllocateHeap, (PVOID, ULONG, SIZE_T)); -PF_TYPE_DECL(NTAPI, BOOLEAN, RtlFreeHeap, (PVOID, ULONG, PVOID)); - -PF_TYPE_DECL(NTAPI, NTSTATUS, NtQuerySystemInformation, (SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryInformationFile, (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryInformationProcess, (HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG)); PF_TYPE_DECL(NTAPI, NTSTATUS, NtWow64QueryInformationProcess64, (HANDLE, ULONG, PVOID, ULONG, PULONG)); PF_TYPE_DECL(NTAPI, NTSTATUS, NtWow64ReadVirtualMemory64, (HANDLE, ULONGLONG, PVOID, ULONG64, PULONG64)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryObject, (HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtDuplicateObject, (HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtOpenProcess, (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, CLIENT_ID*)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtOpenProcessToken, (HANDLE, ACCESS_MASK, PHANDLE)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtAdjustPrivilegesToken, (HANDLE, BOOLEAN, PTOKEN_PRIVILEGES, ULONG, PTOKEN_PRIVILEGES, PULONG)); -PF_TYPE_DECL(NTAPI, NTSTATUS, NtClose, (HANDLE)); static PVOID PhHeapHandle = NULL; static HANDLE hSearchProcessThread = NULL; @@ -118,13 +104,10 @@ static NTSTATUS PhCreateHeap(VOID) if (PhHeapHandle != NULL) return STATUS_ALREADY_COMPLETE; - PF_INIT_OR_SET_STATUS(RtlCreateHeap, Ntdll); - - if (NT_SUCCESS(status)) { - PhHeapHandle = pfRtlCreateHeap(HEAP_NO_SERIALIZE | HEAP_GROWABLE, NULL, 2 * MB, 1 * MB, NULL, NULL); - if (PhHeapHandle == NULL) - status = STATUS_UNSUCCESSFUL; - } + + PhHeapHandle = RtlCreateHeap(HEAP_NO_SERIALIZE | HEAP_GROWABLE, NULL, 2 * MB, 1 * MB, NULL, NULL); + if (PhHeapHandle == NULL) + status = STATUS_UNSUCCESSFUL; return status; } @@ -136,14 +119,10 @@ static NTSTATUS PhDestroyHeap(VOID) if (PhHeapHandle == NULL) return STATUS_ALREADY_COMPLETE; - PF_INIT_OR_SET_STATUS(RtlDestroyHeap, Ntdll); - - if (NT_SUCCESS(status)) { - if (pfRtlDestroyHeap(PhHeapHandle) == NULL) { - PhHeapHandle = NULL; - } else { - status = STATUS_UNSUCCESSFUL; - } + if (RtlDestroyHeap(PhHeapHandle) == NULL) { + PhHeapHandle = NULL; + } else { + status = STATUS_UNSUCCESSFUL; } return status; @@ -161,11 +140,7 @@ static PVOID PhAllocate(SIZE_T Size) if (PhHeapHandle == NULL) return NULL; - PF_INIT(RtlAllocateHeap, Ntdll); - if (pfRtlAllocateHeap == NULL) - return NULL; - - return pfRtlAllocateHeap(PhHeapHandle, 0, Size); + return RtlAllocateHeap(PhHeapHandle, 0, Size); } /** @@ -178,9 +153,7 @@ static VOID PhFree(PVOID Memory) if (PhHeapHandle == NULL) return; - PF_INIT(RtlFreeHeap, Ntdll); - if (pfRtlFreeHeap != NULL) - pfRtlFreeHeap(PhHeapHandle, 0, Memory); + RtlFreeHeap(PhHeapHandle, 0, Memory); } /** @@ -198,16 +171,12 @@ NTSTATUS PhEnumHandlesEx(PSYSTEM_HANDLE_INFORMATION_EX *Handles) PVOID buffer; ULONG bufferSize; - PF_INIT_OR_SET_STATUS(NtQuerySystemInformation, Ntdll); - if (!NT_SUCCESS(status)) - return status; - bufferSize = initialBufferSize; buffer = PhAllocate(bufferSize); if (buffer == NULL) return STATUS_NO_MEMORY; - while ((status = pfNtQuerySystemInformation(SystemExtendedHandleInformation, + while ((status = NtQuerySystemInformation(SystemExtendedHandleInformation, buffer, bufferSize, NULL)) == STATUS_INFO_LENGTH_MISMATCH) { PhFree(buffer); bufferSize *= 2; @@ -253,15 +222,11 @@ NTSTATUS PhOpenProcess(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, HANDLE return 0; } - PF_INIT_OR_SET_STATUS(NtOpenProcess, Ntdll); - if (!NT_SUCCESS(status)) - return status; - clientId.UniqueProcess = ProcessId; clientId.UniqueThread = NULL; InitializeObjectAttributes(&objectAttributes, NULL, 0, NULL, NULL); - status = pfNtOpenProcess(ProcessHandle, DesiredAccess, &objectAttributes, &clientId); + status = NtOpenProcess(ProcessHandle, DesiredAccess, &objectAttributes, &clientId); return status; } @@ -283,16 +248,12 @@ NTSTATUS PhQueryProcessesUsingVolumeOrFile(HANDLE VolumeOrFileHandle, ULONG bufferSize; IO_STATUS_BLOCK isb; - PF_INIT_OR_SET_STATUS(NtQueryInformationFile, NtDll); - if (!NT_SUCCESS(status)) - return status; - bufferSize = initialBufferSize; buffer = PhAllocate(bufferSize); if (buffer == NULL) return STATUS_INSUFFICIENT_RESOURCES; - while ((status = pfNtQueryInformationFile(VolumeOrFileHandle, &isb, buffer, bufferSize, + while ((status = NtQueryInformationFile(VolumeOrFileHandle, &isb, buffer, bufferSize, FileProcessIdsUsingFileInformation)) == STATUS_INFO_LENGTH_MISMATCH) { PhFree(buffer); bufferSize *= 2; @@ -390,9 +351,7 @@ static PWSTR GetProcessCommandLine(HANDLE hProcess) PBYTE* params; UNICODE_STRING* ucmdline; - PF_INIT_OR_OUT(NtQueryInformationProcess, NtDll); - - status = pfNtQueryInformationProcess(hProcess, 0, &pbi, sizeof(pbi), NULL); + status = NtQueryInformationProcess(hProcess, 0, &pbi, sizeof(pbi), NULL); if (!NT_SUCCESS(status)) goto out; @@ -454,10 +413,6 @@ static DWORD WINAPI SearchProcessThread(LPVOID param) char cmdline[MAX_PATH] = { 0 }, tmp[64]; int cur_pid, j, nHandles = 0; - PF_INIT_OR_OUT(NtQueryObject, Ntdll); - PF_INIT_OR_OUT(NtDuplicateObject, NtDll); - PF_INIT_OR_OUT(NtClose, NtDll); - // Initialize the blocking process struct memset(&blocking_process, 0, sizeof(blocking_process)); hLock = CreateMutexA(NULL, TRUE, NULL); @@ -558,7 +513,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param) if ((dupHandle != NULL) && (processHandle != NtCurrentProcess())) { TRY_AND_HANDLE( EXCEPTION_ACCESS_VIOLATION, - { pfNtClose(dupHandle); }, + { NtClose(dupHandle); }, { continue; } ); dupHandle = NULL; @@ -605,7 +560,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param) // Close the previous handle if (processHandle != NULL) { if (processHandle != NtCurrentProcess()) - pfNtClose(processHandle); + NtClose(processHandle); processHandle = NULL; } } @@ -646,7 +601,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param) // Now duplicate this handle onto our own process, so that we can access its properties if (processHandle == NtCurrentProcess()) continue; - status = pfNtDuplicateObject(processHandle, (HANDLE)handleInfo->HandleValue, + status = NtDuplicateObject(processHandle, (HANDLE)handleInfo->HandleValue, NtCurrentProcess(), &dupHandle, 0, 0, 0); if (!NT_SUCCESS(status)) continue; @@ -659,7 +614,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param) do { ULONG returnSize; // TODO: We might potentially still need a timeout on ObjectName queries, as PH does... - status = pfNtQueryObject(dupHandle, ObjectNameInformation, buffer, bufferSize, &returnSize); + status = NtQueryObject(dupHandle, ObjectNameInformation, buffer, bufferSize, &returnSize); if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_INFO_LENGTH_MISMATCH || status == STATUS_BUFFER_TOO_SMALL) { bufferSize = returnSize; @@ -893,15 +848,12 @@ static BOOL IsProcessRunning(uint64_t pid) BOOL ret = FALSE; NTSTATUS status; - PF_INIT_OR_OUT(NtClose, NtDll); - status = PhOpenProcess(&hProcess, PROCESS_QUERY_LIMITED_INFORMATION, (HANDLE)(uintptr_t)pid); if (!NT_SUCCESS(status) || (hProcess == NULL)) return FALSE; if (GetExitCodeProcess(hProcess, &dwExitCode)) ret = (dwExitCode == STILL_ACTIVE); - pfNtClose(hProcess); -out: + NtClose(hProcess); return ret; } @@ -1039,11 +991,7 @@ BOOL EnablePrivileges(void) NTSTATUS status = STATUS_NOT_IMPLEMENTED; HANDLE tokenHandle; - PF_INIT_OR_OUT(NtClose, NtDll); - PF_INIT_OR_OUT(NtOpenProcessToken, NtDll); - PF_INIT_OR_OUT(NtAdjustPrivilegesToken, NtDll); - - status = pfNtOpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &tokenHandle); + status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &tokenHandle); if (NT_SUCCESS(status)) { CHAR privilegesBuffer[FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges) + @@ -1060,12 +1008,11 @@ BOOL EnablePrivileges(void) privileges->Privileges[0].Luid.LowPart = requestedPrivileges[i]; } - status = pfNtAdjustPrivilegesToken(tokenHandle, FALSE, privileges, 0, NULL, NULL); + status = NtAdjustPrivilegesToken(tokenHandle, FALSE, privileges, 0, NULL, NULL); - pfNtClose(tokenHandle); + NtClose(tokenHandle); } -out: if (!NT_SUCCESS(status)) ubprintf("NOTE: Could not set process privileges: %s", NtStatusError(status)); return NT_SUCCESS(status); diff --git a/src/rufus.rc b/src/rufus.rc index 0c24d45b..5b15515a 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 4.8.2244" +CAPTION "Rufus 4.8.2245" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -407,8 +407,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 4,8,2244,0 - PRODUCTVERSION 4,8,2244,0 + FILEVERSION 4,8,2245,0 + PRODUCTVERSION 4,8,2245,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -426,13 +426,13 @@ BEGIN VALUE "Comments", "https://rufus.ie" VALUE "CompanyName", "Akeo Consulting" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "4.8.2244" + VALUE "FileVersion", "4.8.2245" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "© 2011-2025 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "OriginalFilename", "rufus-4.8.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "4.8.2244" + VALUE "ProductVersion", "4.8.2245" END END BLOCK "VarFileInfo" diff --git a/src/stdio.c b/src/stdio.c index 5fa01f12..e4270114 100644 --- a/src/stdio.c +++ b/src/stdio.c @@ -35,6 +35,7 @@ #include #include "rufus.h" +#include "ntdll.h" #include "missing.h" #include "settings.h" #include "resource.h" @@ -697,9 +698,7 @@ DWORD WaitForSingleObjectWithMessages(HANDLE hHandle, DWORD dwMilliseconds) #define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock) #define RtlGetProcessHeap() (NtCurrentPeb()->Reserved4[1]) // NtCurrentPeb()->ProcessHeap, mangled due to deficiencies in winternl.h -PF_TYPE_DECL(NTAPI, NTSTATUS, NtCreateFile, (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG, ULONG, PVOID, ULONG)); PF_TYPE_DECL(NTAPI, BOOLEAN, RtlDosPathNameToNtPathNameW, (PCWSTR, PUNICODE_STRING, PWSTR*, PVOID)); -PF_TYPE_DECL(NTAPI, BOOLEAN, RtlFreeHeap, (PVOID, ULONG, PVOID)); PF_TYPE_DECL(NTAPI, VOID, RtlSetLastWin32ErrorAndNtStatusFromNtStatus, (NTSTATUS)); HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAccess, @@ -714,9 +713,7 @@ HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAccess, LARGE_INTEGER allocationSize; NTSTATUS status = STATUS_SUCCESS; - PF_INIT_OR_SET_STATUS(NtCreateFile, Ntdll); PF_INIT_OR_SET_STATUS(RtlDosPathNameToNtPathNameW, Ntdll); - PF_INIT_OR_SET_STATUS(RtlFreeHeap, Ntdll); PF_INIT_OR_SET_STATUS(RtlSetLastWin32ErrorAndNtStatusFromNtStatus, Ntdll); if (!NT_SUCCESS(status)) { @@ -813,10 +810,10 @@ HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAccess, allocationSize.QuadPart = fileSize; // Call NtCreateFile - status = pfNtCreateFile(&fileHandle, dwDesiredAccess, &objectAttributes, &ioStatusBlock, + status = NtCreateFile(&fileHandle, dwDesiredAccess, &objectAttributes, &ioStatusBlock, &allocationSize, fileAttributes, dwShareMode, dwCreationDisposition, flags, NULL, 0); - pfRtlFreeHeap(RtlGetProcessHeap(), 0, ntPath.Buffer); + RtlFreeHeap(RtlGetProcessHeap(), 0, ntPath.Buffer); wfree(lpFileName); pfRtlSetLastWin32ErrorAndNtStatusFromNtStatus(status);