コード例 #1
0
        public bool TryGetValue(
            string lpValue,
            Win32Api.RegRestrictionFlags dwFlags,
            /*ref UInt32*/ IntPtr pdwType,
            IntPtr pvData,
            /*ref UInt32*/ IntPtr pcbData)
        {
            if (!DoUni2AnsiConversion)
            {
                return(Win32Exception.CheckIfFoundAndNoError((int)key_.TryGetValueUnmanaged(lpValue, pdwType, pvData, pcbData)));
            }
            Data dst = new Data(pvData, pcbData, Data.CountIn.Bytes);

            // Sandboxie-generated reghives might contain REG_SZ values stored in ansi format
            // we need to detect them and avoid conversion for them

            return(DataTransformer.TryAlterData(pdwType, dst,
                                                (newpdwType, newDst) =>
                                                (int)key_.TryGetValueUnmanaged(lpValue, newpdwType, newDst.Ptr, newDst.PCount),
                                                (result, type) => result == Win32Api.Error.ERROR_SUCCESS &&
                                                DataTransformer.IsStringType(type),
                                                (type, pSrcData, cbSrcData) =>
                                                dst.FillWithString(new BytesString(pSrcData, cbSrcData), StringFormat.Ansi,
                                                                   Data.NullCharHandling.NotAddingIfNotPresent)));
        }
コード例 #2
0
ファイル: WindowsKey.cs プロジェクト: rwrc/OpenSandbox
 public bool TryQueryValue(
     string lpValueName,
     IntPtr lpReserved,
     IntPtr lpType,
     IntPtr lpData,
     IntPtr lpcbData)
 {
     return(Win32Exception.CheckIfFoundAndNoError(
                Win32Api.RegQueryValueEx(handle_, lpValueName, lpReserved,
                                         lpType, lpData, lpcbData)));
 }
コード例 #3
0
ファイル: WindowsKey.cs プロジェクト: rwrc/OpenSandbox
 public bool TryGetValue(
     string lpValue,
     Win32Api.RegRestrictionFlags dwFlags,
     /*ref UInt32*/ IntPtr pdwType,
     IntPtr pvData,
     /*ref UInt32*/ IntPtr pcbData)
 {
     return(Win32Exception.CheckIfFoundAndNoError(
                Win32Api.RegGetValue(handle_, null, lpValue, dwFlags,
                                     pdwType, pvData, pcbData)));
 }
コード例 #4
0
ファイル: NtQueryKey.cs プロジェクト: rwrc/OpenSandbox
 public bool Handle(WindowsKey key)
 {
     if (!KeyIdentity.IsPredefined(key.Handle))
     {
         return Win32Exception.CheckIfFoundAndNoError(
             Win32Api.NtQueryKey(key.Handle, KeyInformationClass_, KeyInformation_, Length_,
             out ResultLength_));
     }
     // Predefined key handle values are valid only on the advapi32.dll level
     // on the ntdll.dll level we have to replace them with appropriate ntdll.dll handles
     IntPtr hNtKey = IntPtr.Zero;
     string objectName = KeyIdentity.GetSystemBasePath(key.Handle);
     Win32Api.UNICODE_STRING usObjectName = new Win32Api.UNICODE_STRING();
     usObjectName.Length = unchecked((ushort)(sizeof(char) * objectName.Length));
     usObjectName.MaximumLength = usObjectName.Length;
     using (HGlobalPtr pObjectNameBuffer = new HGlobalPtr(Marshal.StringToHGlobalUni(objectName)))
     {
         usObjectName.Buffer = pObjectNameBuffer.Ptr;
         using (HGlobalPtr pObjectName = new HGlobalPtr(Marshal.SizeOf(typeof(Win32Api.UNICODE_STRING))))
         {
             Marshal.StructureToPtr(usObjectName, pObjectName.Ptr, false);
             Win32Api.OBJECT_ATTRIBUTES oa = new Win32Api.OBJECT_ATTRIBUTES();
             oa.Length = unchecked((uint)Marshal.SizeOf(typeof(Win32Api.OBJECT_ATTRIBUTES)));
             oa.RootDirectory = IntPtr.Zero;
             oa.ObjectName = pObjectName.Ptr;
             oa.Attributes = (uint)Win32Api.ObjectAttributes.OBJ_CASE_INSENSITIVE;
             oa.SecurityDescriptor = IntPtr.Zero;
             oa.SecurityQualityOfService = IntPtr.Zero;
             using (HGlobalPtr pOA = new HGlobalPtr(Marshal.SizeOf(typeof(Win32Api.OBJECT_ATTRIBUTES))))
             {
                 Marshal.StructureToPtr(oa, pOA.Ptr, false);
                 if (!Win32Exception.CheckIfFoundAndNoError(
                     Win32Api.NtOpenKey(out hNtKey, (uint)Win32Api.KeySecurity.KEY_QUERY_VALUE, pOA.Ptr)))
                 {
                     return false;
                 }
                 try
                 {
                     return Win32Exception.CheckIfFoundAndNoError(
                         Win32Api.NtQueryKey(hNtKey, KeyInformationClass_, KeyInformation_, Length_,
                         out ResultLength_));
                 }
                 finally
                 {
                     Win32Api.NtClose(hNtKey);
                 }
             }
         }
     }
 }
コード例 #5
0
        internal static bool TryAlterData(IntPtr pdwType, Data dst,
                                          Operation operation, Condition condition, Transformer transformer)
        {
            // We call operation in original way to handle all the cases other
            // than when the altering condition is true
            // But if we call original operation, then we might not know some condition
            // params like data type if user provided null pointers, for instance
            using (HGlobalPtr newpdwType = new HGlobalPtr(Marshal.SizeOf(typeof(uint))),
                   newpcbData = new HGlobalPtr(Marshal.SizeOf(typeof(uint))))
            {
//                Marshal.WriteInt32(newpcbData.Ptr, 0);
                Marshal.WriteInt32(newpcbData.Ptr, -1);
                int result = operation(newpdwType.Ptr, new Data(IntPtr.Zero, newpcbData.Ptr, Data.CountIn.Bytes));
                int type   = Marshal.ReadInt32(newpdwType.Ptr);
                // if pcbData == IntPtr.Zero => pData too - data is not to be read
                if (dst.PCount == IntPtr.Zero || !condition(unchecked ((Win32Api.Error)result),
                                                            unchecked ((Win32Api.RegValueType)type)))
                {
                    return(Win32Exception.CheckIfFoundAndNoError(operation(pdwType, dst)));
                }
                if (pdwType != IntPtr.Zero)
                {
                    Marshal.WriteInt32(pdwType, type);
                }
                using (HGlobalPtr newpData = new HGlobalPtr(Marshal.ReadInt32(newpcbData.Ptr)))
                {
                    // The full value is retrieved even if pData == IntPtr.Zero
                    // because length of new value may depend on the contents of original
                    // one like in path modification feature
                    if (!Win32Exception.CheckIfFoundAndNoError(
                            operation(IntPtr.Zero, new Data(newpData.Ptr, newpcbData.Ptr, Data.CountIn.Bytes))))
                    {
                        return(false);
                    }
                    return(Win32Exception.CheckIfFoundAndNoError(
                               transformer(unchecked ((Win32Api.RegValueType)type),
                                           newpData.Ptr, Marshal.ReadInt32(newpcbData.Ptr))));
                }
            }
        }
コード例 #6
0
ファイル: WindowsKey.cs プロジェクト: rwrc/OpenSandbox
        public static bool TryOpen(KeyIdentity identity, KeySecurity samDesired, out WindowsKey openedImpl)
        {
            if (identity.GetRegPath() == null)
            {
                // This works fine because baseKey is always one of the predefined
                // registry keys, so its handle does not need to be duplicated
                // or closed
                openedImpl = new WindowsKey(identity.BaseKey, samDesired);
                return(true);
            }
            IntPtr handle;
            int    result = Win32Api.RegOpenKeyEx(identity.BaseKey, identity.GetRegPath(), 0,
                                                  samDesired.Value | (Win32Api.KeySecurity)identity.GetWow64Mode(),
                                                  out handle);

            openedImpl = null;
            if (!Win32Exception.CheckIfFoundAndNoError(result))
            {
                return(false);
            }
            openedImpl = new WindowsKey(handle, samDesired);
            return(true);
        }
コード例 #7
0
 internal bool TryAlterData(KeyIdentity key, string valueName,
                            IKeyImpl keyImpl, IntPtr pdwType, Data dst, DataTransformer.Operation operation)
 {
     // TODO: this is a specific check that
     // rewrite is done only for values in sandboxie reghive which is BASE_HIVE
     // and if values are copied, DIFF_HIVE is also supported
     // It should be put outside this generalized class
     if (keyImpl.GetDisposition() == KeyDisposition.WINDOWS_REG)
     {
         return(Win32Exception.CheckIfFoundAndNoError(operation(pdwType, dst)));
     }
     return(DataTransformer.TryAlterData(pdwType, dst, operation,
                                         (result, type) =>
     {
         DebugLogger.WriteLine(@"AlterData {0} {1}\{2} ({3}) Result: {4}",
                               keyImpl.GetDisposition(), key.ToString(), valueName, type, (int)result);
         return result == Win32Api.Error.ERROR_SUCCESS &&
         DataTransformer.IsStringType(type);
     },
                                         (type, pSrcData, cbSrcData) =>
                                         DataTransformer.TransformStringValue(
                                             type, pSrcData, cbSrcData, dst, str => CallStrAlterers(key, valueName, str),
                                             HookBarrier.IsLastInjectedFuncAnsi ? StringFormat.Ansi : StringFormat.Unicode)));
 }
コード例 #8
0
 public bool Handle(WindowsKey key)
 {
     return(Win32Exception.CheckIfFoundAndNoError(
                Win32Api.RegGetKeySecurity(key.Handle, securityInformation_, pSecurityDescriptor_, lpcbSecurityDescriptor_)));
 }
コード例 #9
0
 public bool Handle(WindowsKey key)
 {
     return(Win32Exception.CheckIfFoundAndNoError(
                Win32Api.RegNotifyChangeKeyValue(key.Handle, watchSubtree_, notifyFilter_, hEvent_,
                                                 asynchronous_)));
 }