mirror of
https://github.com/pbatard/rufus.git
synced 2025-05-25 12:14:33 -04:00
[misc] remove manual hooks into ntdll
* Since we are now liking with ntdll directly, we can remove all the hooks we applied and just use regular calls. We also rename process.h to ntdll.h as a result.
This commit is contained in:
Pete Batard
parent
4adfa4f37e
commit
01d18d99de
9 changed files with 174 additions and 160 deletions
|
|
@ -426,7 +426,7 @@
|
|||
<ClInclude Include="..\src\mbr_types.h" />
|
||||
<ClInclude Include="..\src\missing.h" />
|
||||
<ClInclude Include="..\src\msvc-missing\unistd.h" />
|
||||
<ClInclude Include="..\src\process.h" />
|
||||
<ClInclude Include="..\src\ntdll.h" />
|
||||
<ClInclude Include="..\src\re.h" />
|
||||
<ClInclude Include="..\src\settings.h" />
|
||||
<ClInclude Include="..\src\libcdio\cdio\cdio.h" />
|
||||
|
|
|
|||
|
|
@ -161,7 +161,7 @@
|
|||
<ClInclude Include="..\src\db.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\src\process.h">
|
||||
<ClInclude Include="..\src\ntdll.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\src\ui.h">
|
||||
|
|
|
|||
10
src/drive.c
10
src/drive.c
|
|
@ -33,6 +33,7 @@
|
|||
#endif
|
||||
|
||||
#include "rufus.h"
|
||||
#include "ntdll.h"
|
||||
#include "missing.h"
|
||||
#include "resource.h"
|
||||
#include "settings.h"
|
||||
|
|
@ -66,8 +67,6 @@ const IID IID_IVdsVolume = { 0x88306BB2, 0xE71F, 0x478C, { 0x86, 0xA2, 0x79, 0xD
|
|||
const IID IID_IVdsVolumeMF3 = { 0x6788FAF9, 0x214E, 0x4B85, { 0xBA, 0x59, 0x26, 0x69, 0x53, 0x61, 0x6E, 0x09 } };
|
||||
#endif
|
||||
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryVolumeInformationFile, (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS));
|
||||
|
||||
/*
|
||||
* Globals
|
||||
*/
|
||||
|
|
@ -1097,15 +1096,13 @@ static BOOL _GetDriveLettersAndType(DWORD DriveIndex, char* drive_letters, UINT*
|
|||
HANDLE hDrive = INVALID_HANDLE_VALUE, hPhysical = INVALID_HANDLE_VALUE;
|
||||
UINT _drive_type;
|
||||
IO_STATUS_BLOCK io_status_block;
|
||||
FILE_FS_DEVICE_INFORMATION file_fs_device_info;
|
||||
FILE_FS_DEVICE_INFORMATION file_fs_device_info = { 0 };
|
||||
BYTE geometry[256] = { 0 };
|
||||
PDISK_GEOMETRY_EX DiskGeometry = (PDISK_GEOMETRY_EX)(void*)geometry;
|
||||
int i = 0, drives_found = 0, drive_number;
|
||||
char *drive, drives[26*4 + 1]; /* "D:\", "E:\", etc., plus one NUL */
|
||||
char logical_drive[] = "\\\\.\\#:";
|
||||
|
||||
PF_INIT(NtQueryVolumeInformationFile, Ntdll);
|
||||
|
||||
if (drive_letters != NULL)
|
||||
drive_letters[0] = 0;
|
||||
if (drive_type != NULL)
|
||||
|
|
@ -1156,8 +1153,7 @@ static BOOL _GetDriveLettersAndType(DWORD DriveIndex, char* drive_letters, UINT*
|
|||
}
|
||||
|
||||
// Eliminate floppy drives
|
||||
if ((pfNtQueryVolumeInformationFile != NULL) &&
|
||||
(pfNtQueryVolumeInformationFile(hDrive, &io_status_block, &file_fs_device_info,
|
||||
if ((NtQueryVolumeInformationFile(hDrive, &io_status_block, &file_fs_device_info,
|
||||
sizeof(file_fs_device_info), FileFsDeviceInformation) == NO_ERROR) &&
|
||||
(file_fs_device_info.Characteristics & FILE_FLOPPY_DISKETTE) ) {
|
||||
continue;
|
||||
|
|
|
|||
16
src/drive.h
16
src/drive.h
|
|
@ -61,22 +61,6 @@
|
|||
|
||||
#define VDS_SET_ERROR(hr) do { if (hr != S_OK) { SetLastError((DWORD)hr); ErrorStatus = RUFUS_ERROR(ERROR_GEN_FAILURE); } } while(0)
|
||||
|
||||
#if !defined(__MINGW32__)
|
||||
typedef enum _FSINFOCLASS {
|
||||
FileFsVolumeInformation = 1,
|
||||
FileFsLabelInformation,
|
||||
FileFsSizeInformation,
|
||||
FileFsDeviceInformation,
|
||||
FileFsAttributeInformation,
|
||||
FileFsControlInformation,
|
||||
FileFsFullSizeInformation,
|
||||
FileFsObjectIdInformation,
|
||||
FileFsDriverPathInformation,
|
||||
FileFsVolumeFlagsInformation,
|
||||
FileFsMaximumInformation
|
||||
} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
|
||||
#endif
|
||||
|
||||
/* We need a redef of these MS structure */
|
||||
typedef struct {
|
||||
DWORD DeviceType;
|
||||
|
|
|
|||
|
|
@ -28,21 +28,12 @@
|
|||
#include "config.h"
|
||||
#include "ext2fs.h"
|
||||
#include "rufus.h"
|
||||
#include "ntdll.h"
|
||||
#include "msapi_utf8.h"
|
||||
|
||||
extern char* NtStatusError(NTSTATUS Status);
|
||||
static DWORD LastWinError = 0;
|
||||
|
||||
PF_TYPE_DECL(NTAPI, ULONG, RtlNtStatusToDosError, (NTSTATUS));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtClose, (HANDLE));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtOpenFile, (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, ULONG, ULONG));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtFlushBuffersFile, (HANDLE, PIO_STATUS_BLOCK));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtReadFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtWriteFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtDeviceIoControlFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtFsControlFile, (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtDelayExecution, (BOOLEAN, PLARGE_INTEGER));
|
||||
|
||||
#define ARGUMENT_PRESENT(ArgumentPointer) ((CHAR *)((ULONG_PTR)(ArgumentPointer)) != (CHAR *)(NULL))
|
||||
|
||||
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
|
||||
|
|
@ -173,8 +164,7 @@ static unsigned _MapDosError(IN ULONG WinError)
|
|||
// Map NT status to dos error.
|
||||
static __inline unsigned _MapNtStatus(IN NTSTATUS Status)
|
||||
{
|
||||
PF_INIT(RtlNtStatusToDosError, Ntdll);
|
||||
return (pfRtlNtStatusToDosError == NULL) ? EFAULT: _MapDosError(pfRtlNtStatusToDosError(Status));
|
||||
return _MapDosError(RtlNtStatusToDosError(Status));
|
||||
}
|
||||
|
||||
// Return the last Windows Error
|
||||
|
|
@ -193,8 +183,6 @@ static NTSTATUS _OpenNtName(IN PCSTR Name, IN BOOLEAN Readonly, OUT PHANDLE Hand
|
|||
NTSTATUS Status = EFAULT;
|
||||
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
IO_STATUS_BLOCK IoStatusBlock;
|
||||
PF_INIT(NtDelayExecution, Ntdll);
|
||||
PF_INIT_OR_OUT(NtOpenFile, Ntdll);
|
||||
|
||||
// Make Unicode name from input string
|
||||
utf8_to_wchar_no_alloc(Name, Buffer, ARRAYSIZE(Buffer));
|
||||
|
|
@ -209,16 +197,16 @@ static NTSTATUS _OpenNtName(IN PCSTR Name, IN BOOLEAN Readonly, OUT PHANDLE Hand
|
|||
if (ARGUMENT_PRESENT(OpenedReadonly))
|
||||
*OpenedReadonly = Readonly;
|
||||
|
||||
Status = pfNtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA),
|
||||
Status = NtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA),
|
||||
&ObjectAttributes, &IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ,
|
||||
FILE_SYNCHRONOUS_IO_NONALERT);
|
||||
if (!NT_SUCCESS(Status)) {
|
||||
// Maybe was just mounted? wait 0.5 sec and retry.
|
||||
LARGE_INTEGER Interval;
|
||||
Interval.QuadPart = -5000000; // 0.5 sec. from now
|
||||
pfNtDelayExecution(FALSE, &Interval);
|
||||
NtDelayExecution(FALSE, &Interval);
|
||||
|
||||
Status = pfNtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA),
|
||||
Status = NtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA | (Readonly ? 0 : FILE_WRITE_DATA),
|
||||
&ObjectAttributes, &IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ,
|
||||
FILE_SYNCHRONOUS_IO_NONALERT);
|
||||
|
||||
|
|
@ -227,13 +215,12 @@ static NTSTATUS _OpenNtName(IN PCSTR Name, IN BOOLEAN Readonly, OUT PHANDLE Hand
|
|||
if (ARGUMENT_PRESENT(OpenedReadonly))
|
||||
*OpenedReadonly = TRUE;
|
||||
|
||||
Status = pfNtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA, &ObjectAttributes,
|
||||
Status = NtOpenFile(Handle, SYNCHRONIZE | FILE_READ_DATA, &ObjectAttributes,
|
||||
&IoStatusBlock, FILE_SHARE_WRITE | FILE_SHARE_READ,
|
||||
FILE_SYNCHRONOUS_IO_NONALERT);
|
||||
}
|
||||
}
|
||||
|
||||
out:
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
|
@ -247,45 +234,38 @@ static NTSTATUS _OpenDriveLetter(IN CHAR Letter, IN BOOLEAN ReadOnly, OUT PHANDL
|
|||
static __inline NTSTATUS _FlushDrive(IN HANDLE Handle)
|
||||
{
|
||||
IO_STATUS_BLOCK IoStatusBlock;
|
||||
PF_INIT(NtFlushBuffersFile, NtDll);
|
||||
return (pfNtFlushBuffersFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFlushBuffersFile(Handle, &IoStatusBlock);
|
||||
return NtFlushBuffersFile(Handle, &IoStatusBlock);
|
||||
}
|
||||
|
||||
|
||||
static __inline NTSTATUS _LockDrive(IN HANDLE Handle)
|
||||
{
|
||||
IO_STATUS_BLOCK IoStatusBlock;
|
||||
PF_INIT(NtFsControlFile, NtDll);
|
||||
return (pfNtFsControlFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_LOCK_VOLUME, 0, 0, 0, 0);
|
||||
return NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_LOCK_VOLUME, 0, 0, 0, 0);
|
||||
}
|
||||
|
||||
|
||||
static __inline NTSTATUS _UnlockDrive(IN HANDLE Handle)
|
||||
{
|
||||
IO_STATUS_BLOCK IoStatusBlock;
|
||||
PF_INIT(NtFsControlFile, NtDll);
|
||||
return (pfNtFsControlFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_UNLOCK_VOLUME, 0, 0, 0, 0);
|
||||
return NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_UNLOCK_VOLUME, 0, 0, 0, 0);
|
||||
}
|
||||
|
||||
static __inline NTSTATUS _DismountDrive(IN HANDLE Handle)
|
||||
{
|
||||
IO_STATUS_BLOCK IoStatusBlock;
|
||||
PF_INIT(NtFsControlFile, NtDll);
|
||||
return (pfNtFsControlFile == NULL) ? STATUS_DLL_NOT_FOUND : pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_DISMOUNT_VOLUME, 0, 0, 0, 0);
|
||||
return NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_DISMOUNT_VOLUME, 0, 0, 0, 0);
|
||||
}
|
||||
|
||||
static __inline BOOLEAN _IsMounted(IN HANDLE Handle)
|
||||
{
|
||||
IO_STATUS_BLOCK IoStatusBlock;
|
||||
PF_INIT(NtFsControlFile, NtDll);
|
||||
return (pfNtFsControlFile == NULL) ? FALSE :
|
||||
(BOOLEAN)(pfNtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_IS_VOLUME_MOUNTED, 0, 0, 0, 0) == STATUS_SUCCESS);
|
||||
return (BOOLEAN)(NtFsControlFile(Handle, 0, 0, 0, &IoStatusBlock, FSCTL_IS_VOLUME_MOUNTED, 0, 0, 0, 0) == STATUS_SUCCESS);
|
||||
}
|
||||
|
||||
static __inline NTSTATUS _CloseDisk(IN HANDLE Handle)
|
||||
{
|
||||
PF_INIT(NtClose, Ntdll);
|
||||
return (pfNtClose == NULL) ? STATUS_DLL_NOT_FOUND : pfNtClose(Handle);
|
||||
return NtClose(Handle);
|
||||
}
|
||||
|
||||
static PCSTR _NormalizeDeviceName(IN PCSTR Device, IN PSTR NormalizedDeviceNameBuffer, OUT __u64 *Offset, OUT __u64 *Size)
|
||||
|
|
@ -320,12 +300,9 @@ static VOID _GetDeviceSize(IN HANDLE h, OUT unsigned __int64 *FsSize)
|
|||
LARGE_INTEGER li;
|
||||
|
||||
*FsSize = 0;
|
||||
PF_INIT(NtDeviceIoControlFile, NtDll);
|
||||
if (pfNtDeviceIoControlFile == NULL)
|
||||
return;
|
||||
|
||||
RtlZeroMemory(&pi, sizeof(pi));
|
||||
Status = pfNtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock,
|
||||
Status = NtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock,
|
||||
IOCTL_DISK_GET_PARTITION_INFO_EX,
|
||||
&pi, sizeof(pi), &pi, sizeof(pi));
|
||||
if (NT_SUCCESS(Status)) {
|
||||
|
|
@ -334,7 +311,7 @@ static VOID _GetDeviceSize(IN HANDLE h, OUT unsigned __int64 *FsSize)
|
|||
// No partitions: Try a drive geometry request
|
||||
RtlZeroMemory(&gi, sizeof(gi));
|
||||
|
||||
Status = pfNtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock,
|
||||
Status = NtDeviceIoControlFile(h, NULL, NULL, NULL, &IoStatusBlock,
|
||||
IOCTL_DISK_GET_DRIVE_GEOMETRY_EX,
|
||||
&gi, sizeof(gi), &gi, sizeof(gi));
|
||||
|
||||
|
|
@ -389,8 +366,6 @@ static BOOLEAN _BlockIo(IN HANDLE Handle, IN LARGE_INTEGER Offset, IN ULONG Byte
|
|||
{
|
||||
IO_STATUS_BLOCK IoStatusBlock;
|
||||
NTSTATUS Status = STATUS_DLL_NOT_FOUND;
|
||||
PF_INIT_OR_OUT(NtReadFile, NtDll);
|
||||
PF_INIT_OR_OUT(NtWriteFile, NtDll);
|
||||
|
||||
// Should be aligned
|
||||
assert((Bytes % 512) == 0);
|
||||
|
|
@ -399,14 +374,13 @@ static BOOLEAN _BlockIo(IN HANDLE Handle, IN LARGE_INTEGER Offset, IN ULONG Byte
|
|||
LastWinError = 0;
|
||||
// Perform io
|
||||
if(Read) {
|
||||
Status = pfNtReadFile(Handle, NULL, NULL, NULL,
|
||||
Status = NtReadFile(Handle, NULL, NULL, NULL,
|
||||
&IoStatusBlock, Buffer, Bytes, &Offset, NULL);
|
||||
} else {
|
||||
Status = pfNtWriteFile(Handle, NULL, NULL, NULL,
|
||||
Status = NtWriteFile(Handle, NULL, NULL, NULL,
|
||||
&IoStatusBlock, Buffer, Bytes, &Offset, NULL);
|
||||
}
|
||||
|
||||
out:
|
||||
if (!NT_SUCCESS(Status)) {
|
||||
if (ARGUMENT_PRESENT(Errno))
|
||||
*Errno = _MapNtStatus(Status);
|
||||
|
|
@ -431,10 +405,7 @@ static BOOLEAN _RawRead(IN HANDLE Handle, IN LARGE_INTEGER Offset, IN ULONG Byte
|
|||
static BOOLEAN _SetPartType(IN HANDLE Handle, IN UCHAR Type)
|
||||
{
|
||||
IO_STATUS_BLOCK IoStatusBlock;
|
||||
PF_INIT(NtDeviceIoControlFile, NtDll);
|
||||
if (pfNtDeviceIoControlFile == NULL)
|
||||
return FALSE;
|
||||
return NT_SUCCESS(pfNtDeviceIoControlFile(Handle, NULL, NULL, NULL, &IoStatusBlock,
|
||||
return NT_SUCCESS(NtDeviceIoControlFile(Handle, NULL, NULL, NULL, &IoStatusBlock,
|
||||
IOCTL_DISK_SET_PARTITION_INFO, &Type, sizeof(Type), NULL, 0));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
/*
|
||||
* Rufus: The Reliable USB Formatting Utility
|
||||
* Process search functionality
|
||||
* ntdll definitions & process search functionality
|
||||
*
|
||||
* Modified from System Informer (a.k.a. Process Hacker):
|
||||
* https://github.com/winsiderss/systeminformer
|
||||
* Copyright © 2017-2023 Pete Batard <pete@akeo.ie>
|
||||
* Copyright © 2017-2025 Pete Batard <pete@akeo.ie>
|
||||
* Copyright © 2017 dmex
|
||||
* Copyright © 2009-2016 wj32
|
||||
*
|
||||
|
|
@ -318,3 +318,122 @@ typedef struct {
|
|||
ProcessEntry Process[MAX_BLOCKING_PROCESSES]; // Fixed size process list
|
||||
uint32_t nPass; // Incremental counter of how many passes we ran
|
||||
} BlockingProcess;
|
||||
|
||||
#if !defined(__MINGW32__)
|
||||
typedef enum _FSINFOCLASS {
|
||||
FileFsVolumeInformation = 1,
|
||||
FileFsLabelInformation,
|
||||
FileFsSizeInformation,
|
||||
FileFsDeviceInformation,
|
||||
FileFsAttributeInformation,
|
||||
FileFsControlInformation,
|
||||
FileFsFullSizeInformation,
|
||||
FileFsObjectIdInformation,
|
||||
FileFsDriverPathInformation,
|
||||
FileFsVolumeFlagsInformation,
|
||||
FileFsMaximumInformation
|
||||
} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
|
||||
#endif
|
||||
|
||||
NTSYSAPI PVOID NTAPI RtlCreateHeap(
|
||||
IN ULONG Flags,
|
||||
IN PVOID HeapBase OPTIONAL,
|
||||
IN SIZE_T ReserveSize OPTIONAL,
|
||||
IN SIZE_T CommitSize OPTIONAL,
|
||||
IN PVOID Lock OPTIONAL,
|
||||
IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
|
||||
|
||||
NTSYSAPI PVOID NTAPI RtlAllocateHeap(
|
||||
IN HANDLE HeapHandle,
|
||||
IN ULONG Flags OPTIONAL,
|
||||
IN SIZE_T Size);
|
||||
|
||||
NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(
|
||||
IN PVOID HeapHandle,
|
||||
IN ULONG Flags OPTIONAL,
|
||||
IN PVOID BaseAddress);
|
||||
|
||||
NTSYSAPI PVOID NTAPI RtlDestroyHeap(
|
||||
IN PVOID HeapHandle);
|
||||
|
||||
NTSYSAPI NTSTATUS NTAPI NtOpenProcess(
|
||||
OUT PHANDLE ProcessHandle,
|
||||
IN ACCESS_MASK AccessMask,
|
||||
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
||||
IN CLIENT_ID* ClientId);
|
||||
|
||||
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken(
|
||||
IN HANDLE ProcessHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
OUT PHANDLE TokenHandle);
|
||||
|
||||
NTSYSAPI NTSTATUS NTAPI NtAdjustPrivilegesToken(
|
||||
IN HANDLE TokenHandle,
|
||||
IN BOOLEAN DisableAllPrivileges,
|
||||
IN PTOKEN_PRIVILEGES TokenPrivileges,
|
||||
IN ULONG PreviousPrivilegesLength,
|
||||
OUT PTOKEN_PRIVILEGES PreviousPrivileges OPTIONAL,
|
||||
OUT PULONG RequiredLength OPTIONAL);
|
||||
|
||||
NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(
|
||||
IN HANDLE SourceProcessHandle,
|
||||
IN PHANDLE SourceHandle,
|
||||
IN HANDLE TargetProcessHandle,
|
||||
OUT PHANDLE TargetHandle,
|
||||
IN ACCESS_MASK DesiredAccess OPTIONAL,
|
||||
IN BOOLEAN InheritHandle,
|
||||
IN ULONG Options);
|
||||
|
||||
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile(
|
||||
IN HANDLE FileHandle,
|
||||
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
||||
OUT PVOID FileInformation,
|
||||
IN ULONG Length,
|
||||
IN FILE_INFORMATION_CLASS FileInformationClass);
|
||||
|
||||
NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(
|
||||
IN HANDLE FileHandle,
|
||||
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
||||
OUT PVOID FsInformation,
|
||||
IN ULONG Length,
|
||||
IN FS_INFORMATION_CLASS FsInformationClass);
|
||||
|
||||
NTSYSAPI NTSTATUS NTAPI NtReadFile(IN HANDLE FileHandle,
|
||||
IN HANDLE Event OPTIONAL,
|
||||
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
||||
IN PVOID ApcContext OPTIONAL,
|
||||
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
||||
OUT PVOID Buffer,
|
||||
IN ULONG Length,
|
||||
IN PLARGE_INTEGER ByteOffset OPTIONAL,
|
||||
IN PULONG Key OPTIONAL);
|
||||
|
||||
NTSYSAPI NTSTATUS NTAPI NtWriteFile(IN HANDLE FileHandle,
|
||||
IN HANDLE Event OPTIONAL,
|
||||
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
||||
IN PVOID ApcContext OPTIONAL,
|
||||
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
||||
IN PVOID Buffer,
|
||||
IN ULONG Length,
|
||||
IN PLARGE_INTEGER ByteOffset OPTIONAL,
|
||||
IN PULONG Key OPTIONAL);
|
||||
|
||||
NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(
|
||||
IN HANDLE FileHandle,
|
||||
OUT PIO_STATUS_BLOCK IoStatusBlock);
|
||||
|
||||
NTSYSAPI NTSTATUS NTAPI NtFsControlFile(
|
||||
IN HANDLE FileHandle,
|
||||
IN HANDLE Event,
|
||||
IN PIO_APC_ROUTINE ApcRoutine,
|
||||
IN PVOID ApcContext,
|
||||
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
||||
IN ULONG FsControlCode,
|
||||
IN PVOID InputBuffer,
|
||||
IN ULONG InputBufferLength,
|
||||
OUT PVOID OutputBuffer,
|
||||
IN ULONG OutputBufferLength);
|
||||
|
||||
NTSYSAPI NTSTATUS NTAPI NtDelayExecution(
|
||||
IN BOOLEAN Alertable,
|
||||
IN PLARGE_INTEGER DelayInterval);
|
||||
|
|
@ -32,26 +32,12 @@
|
|||
|
||||
#include "rufus.h"
|
||||
#include "drive.h"
|
||||
#include "process.h"
|
||||
#include "ntdll.h"
|
||||
#include "missing.h"
|
||||
#include "msapi_utf8.h"
|
||||
|
||||
PF_TYPE_DECL(NTAPI, PVOID, RtlCreateHeap, (ULONG, PVOID, SIZE_T, SIZE_T, PVOID, PRTL_HEAP_PARAMETERS));
|
||||
PF_TYPE_DECL(NTAPI, PVOID, RtlDestroyHeap, (PVOID));
|
||||
PF_TYPE_DECL(NTAPI, PVOID, RtlAllocateHeap, (PVOID, ULONG, SIZE_T));
|
||||
PF_TYPE_DECL(NTAPI, BOOLEAN, RtlFreeHeap, (PVOID, ULONG, PVOID));
|
||||
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtQuerySystemInformation, (SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryInformationFile, (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryInformationProcess, (HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtWow64QueryInformationProcess64, (HANDLE, ULONG, PVOID, ULONG, PULONG));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtWow64ReadVirtualMemory64, (HANDLE, ULONGLONG, PVOID, ULONG64, PULONG64));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtQueryObject, (HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtDuplicateObject, (HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtOpenProcess, (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, CLIENT_ID*));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtOpenProcessToken, (HANDLE, ACCESS_MASK, PHANDLE));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtAdjustPrivilegesToken, (HANDLE, BOOLEAN, PTOKEN_PRIVILEGES, ULONG, PTOKEN_PRIVILEGES, PULONG));
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtClose, (HANDLE));
|
||||
|
||||
static PVOID PhHeapHandle = NULL;
|
||||
static HANDLE hSearchProcessThread = NULL;
|
||||
|
|
@ -118,13 +104,10 @@ static NTSTATUS PhCreateHeap(VOID)
|
|||
if (PhHeapHandle != NULL)
|
||||
return STATUS_ALREADY_COMPLETE;
|
||||
|
||||
PF_INIT_OR_SET_STATUS(RtlCreateHeap, Ntdll);
|
||||
|
||||
if (NT_SUCCESS(status)) {
|
||||
PhHeapHandle = pfRtlCreateHeap(HEAP_NO_SERIALIZE | HEAP_GROWABLE, NULL, 2 * MB, 1 * MB, NULL, NULL);
|
||||
PhHeapHandle = RtlCreateHeap(HEAP_NO_SERIALIZE | HEAP_GROWABLE, NULL, 2 * MB, 1 * MB, NULL, NULL);
|
||||
if (PhHeapHandle == NULL)
|
||||
status = STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
|
|
@ -136,15 +119,11 @@ static NTSTATUS PhDestroyHeap(VOID)
|
|||
if (PhHeapHandle == NULL)
|
||||
return STATUS_ALREADY_COMPLETE;
|
||||
|
||||
PF_INIT_OR_SET_STATUS(RtlDestroyHeap, Ntdll);
|
||||
|
||||
if (NT_SUCCESS(status)) {
|
||||
if (pfRtlDestroyHeap(PhHeapHandle) == NULL) {
|
||||
if (RtlDestroyHeap(PhHeapHandle) == NULL) {
|
||||
PhHeapHandle = NULL;
|
||||
} else {
|
||||
status = STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
|
|
@ -161,11 +140,7 @@ static PVOID PhAllocate(SIZE_T Size)
|
|||
if (PhHeapHandle == NULL)
|
||||
return NULL;
|
||||
|
||||
PF_INIT(RtlAllocateHeap, Ntdll);
|
||||
if (pfRtlAllocateHeap == NULL)
|
||||
return NULL;
|
||||
|
||||
return pfRtlAllocateHeap(PhHeapHandle, 0, Size);
|
||||
return RtlAllocateHeap(PhHeapHandle, 0, Size);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -178,9 +153,7 @@ static VOID PhFree(PVOID Memory)
|
|||
if (PhHeapHandle == NULL)
|
||||
return;
|
||||
|
||||
PF_INIT(RtlFreeHeap, Ntdll);
|
||||
if (pfRtlFreeHeap != NULL)
|
||||
pfRtlFreeHeap(PhHeapHandle, 0, Memory);
|
||||
RtlFreeHeap(PhHeapHandle, 0, Memory);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -198,16 +171,12 @@ NTSTATUS PhEnumHandlesEx(PSYSTEM_HANDLE_INFORMATION_EX *Handles)
|
|||
PVOID buffer;
|
||||
ULONG bufferSize;
|
||||
|
||||
PF_INIT_OR_SET_STATUS(NtQuerySystemInformation, Ntdll);
|
||||
if (!NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
bufferSize = initialBufferSize;
|
||||
buffer = PhAllocate(bufferSize);
|
||||
if (buffer == NULL)
|
||||
return STATUS_NO_MEMORY;
|
||||
|
||||
while ((status = pfNtQuerySystemInformation(SystemExtendedHandleInformation,
|
||||
while ((status = NtQuerySystemInformation(SystemExtendedHandleInformation,
|
||||
buffer, bufferSize, NULL)) == STATUS_INFO_LENGTH_MISMATCH) {
|
||||
PhFree(buffer);
|
||||
bufferSize *= 2;
|
||||
|
|
@ -253,15 +222,11 @@ NTSTATUS PhOpenProcess(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, HANDLE
|
|||
return 0;
|
||||
}
|
||||
|
||||
PF_INIT_OR_SET_STATUS(NtOpenProcess, Ntdll);
|
||||
if (!NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
clientId.UniqueProcess = ProcessId;
|
||||
clientId.UniqueThread = NULL;
|
||||
|
||||
InitializeObjectAttributes(&objectAttributes, NULL, 0, NULL, NULL);
|
||||
status = pfNtOpenProcess(ProcessHandle, DesiredAccess, &objectAttributes, &clientId);
|
||||
status = NtOpenProcess(ProcessHandle, DesiredAccess, &objectAttributes, &clientId);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
|
@ -283,16 +248,12 @@ NTSTATUS PhQueryProcessesUsingVolumeOrFile(HANDLE VolumeOrFileHandle,
|
|||
ULONG bufferSize;
|
||||
IO_STATUS_BLOCK isb;
|
||||
|
||||
PF_INIT_OR_SET_STATUS(NtQueryInformationFile, NtDll);
|
||||
if (!NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
bufferSize = initialBufferSize;
|
||||
buffer = PhAllocate(bufferSize);
|
||||
if (buffer == NULL)
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
|
||||
while ((status = pfNtQueryInformationFile(VolumeOrFileHandle, &isb, buffer, bufferSize,
|
||||
while ((status = NtQueryInformationFile(VolumeOrFileHandle, &isb, buffer, bufferSize,
|
||||
FileProcessIdsUsingFileInformation)) == STATUS_INFO_LENGTH_MISMATCH) {
|
||||
PhFree(buffer);
|
||||
bufferSize *= 2;
|
||||
|
|
@ -390,9 +351,7 @@ static PWSTR GetProcessCommandLine(HANDLE hProcess)
|
|||
PBYTE* params;
|
||||
UNICODE_STRING* ucmdline;
|
||||
|
||||
PF_INIT_OR_OUT(NtQueryInformationProcess, NtDll);
|
||||
|
||||
status = pfNtQueryInformationProcess(hProcess, 0, &pbi, sizeof(pbi), NULL);
|
||||
status = NtQueryInformationProcess(hProcess, 0, &pbi, sizeof(pbi), NULL);
|
||||
if (!NT_SUCCESS(status))
|
||||
goto out;
|
||||
|
||||
|
|
@ -454,10 +413,6 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
|
|||
char cmdline[MAX_PATH] = { 0 }, tmp[64];
|
||||
int cur_pid, j, nHandles = 0;
|
||||
|
||||
PF_INIT_OR_OUT(NtQueryObject, Ntdll);
|
||||
PF_INIT_OR_OUT(NtDuplicateObject, NtDll);
|
||||
PF_INIT_OR_OUT(NtClose, NtDll);
|
||||
|
||||
// Initialize the blocking process struct
|
||||
memset(&blocking_process, 0, sizeof(blocking_process));
|
||||
hLock = CreateMutexA(NULL, TRUE, NULL);
|
||||
|
|
@ -558,7 +513,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
|
|||
if ((dupHandle != NULL) && (processHandle != NtCurrentProcess())) {
|
||||
TRY_AND_HANDLE(
|
||||
EXCEPTION_ACCESS_VIOLATION,
|
||||
{ pfNtClose(dupHandle); },
|
||||
{ NtClose(dupHandle); },
|
||||
{ continue; }
|
||||
);
|
||||
dupHandle = NULL;
|
||||
|
|
@ -605,7 +560,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
|
|||
// Close the previous handle
|
||||
if (processHandle != NULL) {
|
||||
if (processHandle != NtCurrentProcess())
|
||||
pfNtClose(processHandle);
|
||||
NtClose(processHandle);
|
||||
processHandle = NULL;
|
||||
}
|
||||
}
|
||||
|
|
@ -646,7 +601,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
|
|||
// Now duplicate this handle onto our own process, so that we can access its properties
|
||||
if (processHandle == NtCurrentProcess())
|
||||
continue;
|
||||
status = pfNtDuplicateObject(processHandle, (HANDLE)handleInfo->HandleValue,
|
||||
status = NtDuplicateObject(processHandle, (HANDLE)handleInfo->HandleValue,
|
||||
NtCurrentProcess(), &dupHandle, 0, 0, 0);
|
||||
if (!NT_SUCCESS(status))
|
||||
continue;
|
||||
|
|
@ -659,7 +614,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
|
|||
do {
|
||||
ULONG returnSize;
|
||||
// TODO: We might potentially still need a timeout on ObjectName queries, as PH does...
|
||||
status = pfNtQueryObject(dupHandle, ObjectNameInformation, buffer, bufferSize, &returnSize);
|
||||
status = NtQueryObject(dupHandle, ObjectNameInformation, buffer, bufferSize, &returnSize);
|
||||
if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_INFO_LENGTH_MISMATCH ||
|
||||
status == STATUS_BUFFER_TOO_SMALL) {
|
||||
bufferSize = returnSize;
|
||||
|
|
@ -893,15 +848,12 @@ static BOOL IsProcessRunning(uint64_t pid)
|
|||
BOOL ret = FALSE;
|
||||
NTSTATUS status;
|
||||
|
||||
PF_INIT_OR_OUT(NtClose, NtDll);
|
||||
|
||||
status = PhOpenProcess(&hProcess, PROCESS_QUERY_LIMITED_INFORMATION, (HANDLE)(uintptr_t)pid);
|
||||
if (!NT_SUCCESS(status) || (hProcess == NULL))
|
||||
return FALSE;
|
||||
if (GetExitCodeProcess(hProcess, &dwExitCode))
|
||||
ret = (dwExitCode == STILL_ACTIVE);
|
||||
pfNtClose(hProcess);
|
||||
out:
|
||||
NtClose(hProcess);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -1039,11 +991,7 @@ BOOL EnablePrivileges(void)
|
|||
NTSTATUS status = STATUS_NOT_IMPLEMENTED;
|
||||
HANDLE tokenHandle;
|
||||
|
||||
PF_INIT_OR_OUT(NtClose, NtDll);
|
||||
PF_INIT_OR_OUT(NtOpenProcessToken, NtDll);
|
||||
PF_INIT_OR_OUT(NtAdjustPrivilegesToken, NtDll);
|
||||
|
||||
status = pfNtOpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &tokenHandle);
|
||||
status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &tokenHandle);
|
||||
|
||||
if (NT_SUCCESS(status)) {
|
||||
CHAR privilegesBuffer[FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges) +
|
||||
|
|
@ -1060,12 +1008,11 @@ BOOL EnablePrivileges(void)
|
|||
privileges->Privileges[0].Luid.LowPart = requestedPrivileges[i];
|
||||
}
|
||||
|
||||
status = pfNtAdjustPrivilegesToken(tokenHandle, FALSE, privileges, 0, NULL, NULL);
|
||||
status = NtAdjustPrivilegesToken(tokenHandle, FALSE, privileges, 0, NULL, NULL);
|
||||
|
||||
pfNtClose(tokenHandle);
|
||||
NtClose(tokenHandle);
|
||||
}
|
||||
|
||||
out:
|
||||
if (!NT_SUCCESS(status))
|
||||
ubprintf("NOTE: Could not set process privileges: %s", NtStatusError(status));
|
||||
return NT_SUCCESS(status);
|
||||
|
|
|
|||
10
src/rufus.rc
10
src/rufus.rc
|
|
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
|
|||
IDD_DIALOG DIALOGEX 12, 12, 232, 326
|
||||
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
|
||||
EXSTYLE WS_EX_ACCEPTFILES
|
||||
CAPTION "Rufus 4.8.2244"
|
||||
CAPTION "Rufus 4.8.2245"
|
||||
FONT 9, "Segoe UI Symbol", 400, 0, 0x0
|
||||
BEGIN
|
||||
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
|
||||
|
|
@ -407,8 +407,8 @@ END
|
|||
//
|
||||
|
||||
VS_VERSION_INFO VERSIONINFO
|
||||
FILEVERSION 4,8,2244,0
|
||||
PRODUCTVERSION 4,8,2244,0
|
||||
FILEVERSION 4,8,2245,0
|
||||
PRODUCTVERSION 4,8,2245,0
|
||||
FILEFLAGSMASK 0x3fL
|
||||
#ifdef _DEBUG
|
||||
FILEFLAGS 0x1L
|
||||
|
|
@ -426,13 +426,13 @@ BEGIN
|
|||
VALUE "Comments", "https://rufus.ie"
|
||||
VALUE "CompanyName", "Akeo Consulting"
|
||||
VALUE "FileDescription", "Rufus"
|
||||
VALUE "FileVersion", "4.8.2244"
|
||||
VALUE "FileVersion", "4.8.2245"
|
||||
VALUE "InternalName", "Rufus"
|
||||
VALUE "LegalCopyright", "© 2011-2025 Pete Batard (GPL v3)"
|
||||
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
|
||||
VALUE "OriginalFilename", "rufus-4.8.exe"
|
||||
VALUE "ProductName", "Rufus"
|
||||
VALUE "ProductVersion", "4.8.2244"
|
||||
VALUE "ProductVersion", "4.8.2245"
|
||||
END
|
||||
END
|
||||
BLOCK "VarFileInfo"
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@
|
|||
#include <math.h>
|
||||
|
||||
#include "rufus.h"
|
||||
#include "ntdll.h"
|
||||
#include "missing.h"
|
||||
#include "settings.h"
|
||||
#include "resource.h"
|
||||
|
|
@ -697,9 +698,7 @@ DWORD WaitForSingleObjectWithMessages(HANDLE hHandle, DWORD dwMilliseconds)
|
|||
#define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock)
|
||||
#define RtlGetProcessHeap() (NtCurrentPeb()->Reserved4[1]) // NtCurrentPeb()->ProcessHeap, mangled due to deficiencies in winternl.h
|
||||
|
||||
PF_TYPE_DECL(NTAPI, NTSTATUS, NtCreateFile, (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG, ULONG, PVOID, ULONG));
|
||||
PF_TYPE_DECL(NTAPI, BOOLEAN, RtlDosPathNameToNtPathNameW, (PCWSTR, PUNICODE_STRING, PWSTR*, PVOID));
|
||||
PF_TYPE_DECL(NTAPI, BOOLEAN, RtlFreeHeap, (PVOID, ULONG, PVOID));
|
||||
PF_TYPE_DECL(NTAPI, VOID, RtlSetLastWin32ErrorAndNtStatusFromNtStatus, (NTSTATUS));
|
||||
|
||||
HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAccess,
|
||||
|
|
@ -714,9 +713,7 @@ HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAccess,
|
|||
LARGE_INTEGER allocationSize;
|
||||
NTSTATUS status = STATUS_SUCCESS;
|
||||
|
||||
PF_INIT_OR_SET_STATUS(NtCreateFile, Ntdll);
|
||||
PF_INIT_OR_SET_STATUS(RtlDosPathNameToNtPathNameW, Ntdll);
|
||||
PF_INIT_OR_SET_STATUS(RtlFreeHeap, Ntdll);
|
||||
PF_INIT_OR_SET_STATUS(RtlSetLastWin32ErrorAndNtStatusFromNtStatus, Ntdll);
|
||||
|
||||
if (!NT_SUCCESS(status)) {
|
||||
|
|
@ -813,10 +810,10 @@ HANDLE CreatePreallocatedFile(const char* lpFileName, DWORD dwDesiredAccess,
|
|||
allocationSize.QuadPart = fileSize;
|
||||
|
||||
// Call NtCreateFile
|
||||
status = pfNtCreateFile(&fileHandle, dwDesiredAccess, &objectAttributes, &ioStatusBlock,
|
||||
status = NtCreateFile(&fileHandle, dwDesiredAccess, &objectAttributes, &ioStatusBlock,
|
||||
&allocationSize, fileAttributes, dwShareMode, dwCreationDisposition, flags, NULL, 0);
|
||||
|
||||
pfRtlFreeHeap(RtlGetProcessHeap(), 0, ntPath.Buffer);
|
||||
RtlFreeHeap(RtlGetProcessHeap(), 0, ntPath.Buffer);
|
||||
wfree(lpFileName);
|
||||
pfRtlSetLastWin32ErrorAndNtStatusFromNtStatus(status);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue