47873d8cc62e11fef8791aaea2b3d9c7d8ed9681 55017 |
|
31-Mar-2015 |
vboxsync |
supHardNt: bcrypt.dll is not mandatory |
f1f6f0dfb3894c3c606f33186666914daf3213c3 55007 |
|
30-Mar-2015 |
vboxsync |
supHardNt: Corrected loader lock ownership check. Turns out LockCount doesn't behave like expected, check RecursionCount instead to make a definite positive on ownership. |
0dce96288d862069ff8c049d6b7a8dc625f9f555 54997 |
|
28-Mar-2015 |
vboxsync |
supHardNt: Never call WinVerifyTrust and friends when owning the loader lock, they do an awful lot of loader work (GetProcAddress and sometimes LoadLibrary). |
8825cfa0db3bf263a5b0da21f8ad487699e3af61 53820 |
|
15-Jan-2015 |
vboxsync |
SUPHardenedVerfiyImage-win.cpp: Tell RTLdr to disregard the specified arch if there is no code in the DLL, this is what LdrLoadDll does. |
2be6efa3a888d76feb7ad8b050e0b6c7e2d66c36 53220 |
|
05-Nov-2014 |
vboxsync |
SUP: Relax image architecture restrictions so 32-bit resource DLLs won't cause unnecessary trouble in 64-bit processes. (untested) |
9a49f7e775b1d8e5850e637526e4e067c2bb0144 53042 |
|
13-Oct-2014 |
vboxsync |
SUP: CERT_E_CHANING due to signatures rooted in 'Microsoft Digital Media Authority 2005' (igdusc64.dll / 3D). |
5a62252a15cf89959ce9f8d309351546c8e631ff 53035 |
|
11-Oct-2014 |
vboxsync |
supHardNtViRdrRead: Cleanup and deal with async i/o in ring-3 just to be on the safe side. |
8ce864006b017481247823fbc15e45bd30d98811 53034 |
|
11-Oct-2014 |
vboxsync |
SUP: Missing two FILE_SYNCHRONOUS_IO_NONALERT flags, one of which seems responsible for the occational BSOD 4E (9a,...). |
ad8dba2ed364f757ee03a355a1deee56b9f8066e 53024 |
|
10-Oct-2014 |
vboxsync |
SUP: Removed heap debug code. |
1ff19c6bd579b290ca46ce7f391712dfc470e01a 53022 |
|
10-Oct-2014 |
vboxsync |
SUP: XP + ATI kludge. |
f7fda4cdf38129fe7943d9736281cb9662754b53 53011 |
|
09-Oct-2014 |
vboxsync |
SUP: instrumentation for debugging possible heap corruption. |
9eca6d49e3fd77fc38cfdbd021e5afa83a27526f 53005 |
|
09-Oct-2014 |
vboxsync |
SUP: Short list of microsoft files that when found not to be signed in any way are most likely modified rather actually seriously unsigned. |
0c2ffca957882f38c677fc23f324cfd695b96947 52943 |
|
04-Oct-2014 |
vboxsync |
SUP: The child side of early VM process init. |
30f07af559efcbd967e801903746fc21f81ee533 52940 |
|
03-Oct-2014 |
vboxsync |
Eliminating some more kernel32.dll dependencies, marking APIs we like to use early as OK. |
0a391f08407ad2804a24429ad6aa664f3efd829d 52907 |
|
30-Sep-2014 |
vboxsync |
SUP: Allow loading of administrator group owned DLLs in addition to localsystem and trustedinstaller. |
a6c871653045073d6ef74d0589de345ae62b607d 52795 |
|
19-Sep-2014 |
vboxsync |
SUP: Deal with comodo's ntdll export and getprocaddress modifications. Fixed bug in supHardNtLdrCacheOpen. |
ac181e85aa56547be29282b8235794b5af53edbf 52690 |
|
10-Sep-2014 |
vboxsync |
SUP: relax trusted installer for winsxs too. |
cf0e96b2c5a08292c6d13e4fdcb2d9518d1983e8 52634 |
|
06-Sep-2014 |
vboxsync |
SUP: Fix deadlock problem when mounting ISO on vista. (Never all WinVerifyTrust while holding the loader semaphore.) |
817577d2c4d6dee709de7a92d3bb7d0aeedae9ae 52627 |
|
05-Sep-2014 |
vboxsync |
SUP: Fixed comctl32.dll resolving (generic winsxs) and fixed a crash log statement in LdrLoadDll when the search path is used for flags instead of an actual string pointer. |
4ee2f4fc8e99dc69ba5d63fd7dd3f52a38d0501e 52600 |
|
05-Sep-2014 |
vboxsync |
IPRT: Added support for microsoft timestamp counter signatures. This required making the PKCS #7 code accept some of the CMS (RFC-5652) stuff. |
814cc4006ca929fb4013fef16a8908d525b1b45a 52541 |
|
31-Aug-2014 |
vboxsync |
fix |
8cba79d647bd84eb8b7d9eb39ac77cc85ae247c5 52537 |
|
31-Aug-2014 |
vboxsync |
IPRT,SUP: First part of timestamp counter signatures support. |
e352c25b01398e5503235fed02436cb2992f1021 52529 |
|
29-Aug-2014 |
vboxsync |
Extended avast cleanup kludge. Added build time option of supporting the application verifier / paged heaps. |
1f7b836686e1f04175cfbda46a5f9d20b98aca99 52500 |
|
26-Aug-2014 |
vboxsync |
supR3HardenedWinIsDesiredRootCA: Changed to blacklisting, added more logging. |
ca3d954105919597e09cb2278ab6132919c34c96 52487 |
|
24-Aug-2014 |
vboxsync |
clearification. |
90624af27b0e648b68167bd3b332d0e3b1d18ab1 52484 |
|
24-Aug-2014 |
vboxsync |
SUP: Explained the opengl modulus-by-zero crash (fixed by system32 dll ownership relaxation). Consistent LdrLoadDll return logging. |
0bc5fa2d224947a76f49bca2ac9bdceb27bc23a0 52482 |
|
22-Aug-2014 |
vboxsync |
SUP: TrustedInstaller or LocalSystem, works around tumbleweed desktop validator issue. |
f26952c8159edeeef1d0e4e585d2b57c173a0235 52453 |
|
22-Aug-2014 |
vboxsync |
supHardNtViCheckIsOwnedByTrustedInstaller: Workaround for someones user32.dll not owned by TrustedInstaller. |
f2c1a5f27ded5c0265c47c5a928a5a7fd6b01a41 52414 |
|
19-Aug-2014 |
vboxsync |
SUP: Need per thread recursion counters for WinVerifyTrust or we risk deadlocking. This is new after hooking LdrLoadDll. |
db87bb1112c1f2827ffa192593174cf845f8f04d 52406 |
|
19-Aug-2014 |
vboxsync |
SUP: No need to repeat the IPRT signature check when we just want to do WinVerifyTrust. |
cd2274c977e1b722b535e4f601a324e8029b5e43 52404 |
|
19-Aug-2014 |
vboxsync |
Simplified the checks. |
a60be2c64ea23bb7ce4c9998bcd541c4db879fba 52403 |
|
18-Aug-2014 |
vboxsync |
SUP,IPRT: Extended RTLdrQueryPropEx with a pvBits parameter, RTLDRPROP_IMPORT_COUNT and RTLDRPROP_IMPORT_MODULE. Hook LdrLoadDll to validate DLLs before they get to NtCreateSection and the loader code/data can be messed up (windows 7 / 32-bit crash). Allow the kernel to buffer the log file, no real need that each write hits the disk. |
361ef195c21ec36df0a44797ce62edb13d649d06 52376 |
|
14-Aug-2014 |
vboxsync |
Fixed bug in supHardViUtf16PathStartsWithEx. |
48e06e6a052c50ecf176f63f5537f80b544bf34a 52375 |
|
14-Aug-2014 |
vboxsync |
SUP: Some cleanup and bug hacking. |
bfc39c8324b2a90c8cb3fedf883495d1ed92e724 52366 |
|
13-Aug-2014 |
vboxsync |
SUP: Cache images for process verficiation. |
9b62e122a37f42c2bbaae1312ad198f44bebea5c 52365 |
|
13-Aug-2014 |
vboxsync |
sup: Check for TrustedInstaller; accept ProgramFiles and CommonFiles. |
d1e6154d21dcc739e31ac7d8b139ee0fdfe60d45 52356 |
|
11-Aug-2014 |
vboxsync |
SUP: Manual imports. |
0c8e85263a357c44964520942cb5816ab1c2e69d 52213 |
|
28-Jul-2014 |
vboxsync |
SUP,IPRT: Implemented forwarder support in RTLdr and cleaned up some the ordinal mess. Resolved imports when doing the process verification/purification runs other than SUPHARDNTVPKIND_CHILD_PURIFICATION. This is necessary since 32-bit windows combine .text with .rdata, and we don't want to overwrite the import table after it has been snapped. Include read-only sections in the verfication runs. |
2f9acd6c5608d79e003dda3b5ebbd511d7f6fdd0 52207 |
|
27-Jul-2014 |
vboxsync |
SUP: Fixed handle leak in the driver. Adjusted NtQueryInformationProcess/ProcessImageInformation for XP. Shut up an DEBUG assertion caused by certificate(s) with malformed ASN.1 UTC TIME objects (not zulu time). |
7d6ce198fd361f58bd1ebdeee7772f76b4e58966 52204 |
|
26-Jul-2014 |
vboxsync |
SUP,LDR: Changed RTLdrGetBits to allow not resolving imports. Combined the memory and image purification code with the process validation code, adding a validation kind/mode parameter. The process verfication code now checks that code sections are unmodified. Had to add a self purification run before hooking NtCreateSection to undo a weird kernel32 change that avast made (making GetBinaryTypeW specify write thru when opening a file). So, VM startup is now even slower thanks to avast. |
fd658895339cb48b2ba581b1a1141aea39009ff7 52160 |
|
24-Jul-2014 |
vboxsync |
SUP: some cleanups. |
02a86c3f55161b12d393bdf96b01c0086fd42313 52030 |
|
15-Jul-2014 |
vboxsync |
Forward ported r95010 from 4.3 |
10283f156a70daa64cf4817a62743e756b84c9bb 51977 |
|
11-Jul-2014 |
vboxsync |
Refuse symantec sysfer.dll; accept microsoft sfc.dll. |
10f88bf0c9c815259a6559f7d5bef34eff889098 51972 |
|
10-Jul-2014 |
vboxsync |
duh |
7d2a7bb82244229ec318d0295aaf46fc7a98d863 51970 |
|
10-Jul-2014 |
vboxsync |
SUP: More image verifier init fixes. |
76bd4ec6d277af265850cc522ad5c9e89626b259 51860 |
|
04-Jul-2014 |
vboxsync |
relaxed system32. |
2f8175b63b0fa558fb56df987387875c2dda6299 51826 |
|
03-Jul-2014 |
vboxsync |
Fixed the first timestamp hack. |
1a42673c3eb659db7687e89abd0951582ee8ae0d 51824 |
|
03-Jul-2014 |
vboxsync |
timestamp hack v2. |
396186df506c303aa6137c1707423855981eb0c2 51819 |
|
02-Jul-2014 |
vboxsync |
timestamp tweak. |
208b6c2dc45ecf098ded011e80eb380698695ee8 51818 |
|
02-Jul-2014 |
vboxsync |
Wrong test. |
a5d6536233b36d63d25e3127624f1ddb7b59c52b 51817 |
|
02-Jul-2014 |
vboxsync |
quick tweak. |
8ca9bc7876e76fd62c489a54b9a5acf26cace946 51812 |
|
02-Jul-2014 |
vboxsync |
Fixed a pCert use that I'd missed (pCert / pTaInfo). |
13493ab7596e827b8d0caab2c89e635dd65f78f9 51770 |
|
01-Jul-2014 |
vboxsync |
Merged in iprt++ dev branch. |