supHardNt: bcrypt.dll is not mandatory

supHardNt: Corrected loader lock ownership check. Turns out LockCount doesn't behave like expected, check RecursionCount instead to make a definite positive on ownership.

supHardNt: Never call WinVerifyTrust and friends when owning the loader lock, they do an awful lot of loader work (GetProcAddress and sometimes LoadLibrary).

SUPHardenedVerfiyImage-win.cpp: Tell RTLdr to disregard the specified arch if there is no code in the DLL, this is what LdrLoadDll does.

SUP: Relax image architecture restrictions so 32-bit resource DLLs won't cause unnecessary trouble in 64-bit processes. (untested)

SUP: CERT_E_CHANING due to signatures rooted in 'Microsoft Digital Media Authority 2005' (igdusc64.dll / 3D).

supHardNtViRdrRead: Cleanup and deal with async i/o in ring-3 just to be on the safe side.

SUP: Missing two FILE_SYNCHRONOUS_IO_NONALERT flags, one of which seems responsible for the occational BSOD 4E (9a,...).

SUP: Removed heap debug code.

SUP: XP + ATI kludge.

SUP: instrumentation for debugging possible heap corruption.

SUP: Short list of microsoft files that when found not to be signed in any way are most likely modified rather actually seriously unsigned.

SUP: The child side of early VM process init.

Eliminating some more kernel32.dll dependencies, marking APIs we like to use early as OK.

SUP: Allow loading of administrator group owned DLLs in addition to localsystem and trustedinstaller.

SUP: Deal with comodo's ntdll export and getprocaddress modifications. Fixed bug in supHardNtLdrCacheOpen.

SUP: relax trusted installer for winsxs too.

SUP: Fix deadlock problem when mounting ISO on vista. (Never all WinVerifyTrust while holding the loader semaphore.)

SUP: Fixed comctl32.dll resolving (generic winsxs) and fixed a crash log statement in LdrLoadDll when the search path is used for flags instead of an actual string pointer.

IPRT: Added support for microsoft timestamp counter signatures. This required making the PKCS #7 code accept some of the CMS (RFC-5652) stuff.

fix

IPRT,SUP: First part of timestamp counter signatures support.

Extended avast cleanup kludge. Added build time option of supporting the application verifier / paged heaps.

supR3HardenedWinIsDesiredRootCA: Changed to blacklisting, added more logging.

clearification.

SUP: Explained the opengl modulus-by-zero crash (fixed by system32 dll ownership relaxation). Consistent LdrLoadDll return logging.

SUP: TrustedInstaller or LocalSystem, works around tumbleweed desktop validator issue.

supHardNtViCheckIsOwnedByTrustedInstaller: Workaround for someones user32.dll not owned by TrustedInstaller.

SUP: Need per thread recursion counters for WinVerifyTrust or we risk deadlocking. This is new after hooking LdrLoadDll.

SUP: No need to repeat the IPRT signature check when we just want to do WinVerifyTrust.

Simplified the checks.

SUP,IPRT: Extended RTLdrQueryPropEx with a pvBits parameter, RTLDRPROP_IMPORT_COUNT and RTLDRPROP_IMPORT_MODULE. Hook LdrLoadDll to validate DLLs before they get to NtCreateSection and the loader code/data can be messed up (windows 7 / 32-bit crash). Allow the kernel to buffer the log file, no real need that each write hits the disk.

Fixed bug in supHardViUtf16PathStartsWithEx.

SUP: Some cleanup and bug hacking.

SUP: Cache images for process verficiation.

sup: Check for TrustedInstaller; accept ProgramFiles and CommonFiles.

SUP: Manual imports.

SUP,IPRT: Implemented forwarder support in RTLdr and cleaned up some the ordinal mess. Resolved imports when doing the process verification/purification runs other than SUPHARDNTVPKIND_CHILD_PURIFICATION. This is necessary since 32-bit windows combine .text with .rdata, and we don't want to overwrite the import table after it has been snapped. Include read-only sections in the verfication runs.

SUP: Fixed handle leak in the driver. Adjusted NtQueryInformationProcess/ProcessImageInformation for XP. Shut up an DEBUG assertion caused by certificate(s) with malformed ASN.1 UTC TIME objects (not zulu time).

SUP,LDR: Changed RTLdrGetBits to allow not resolving imports. Combined the memory and image purification code with the process validation code, adding a validation kind/mode parameter. The process verfication code now checks that code sections are unmodified. Had to add a self purification run before hooking NtCreateSection to undo a weird kernel32 change that avast made (making GetBinaryTypeW specify write thru when opening a file). So, VM startup is now even slower thanks to avast.

SUP: some cleanups.

Forward ported r95010 from 4.3

Refuse symantec sysfer.dll; accept microsoft sfc.dll.

duh

SUP: More image verifier init fixes.

relaxed system32.

Fixed the first timestamp hack.

timestamp hack v2.

timestamp tweak.

Wrong test.

quick tweak.

Fixed a pCert use that I'd missed (pCert / pTaInfo).

Merged in iprt++ dev branch.