Lines Matching refs:pwszName
202 static int supR3HardNtViCallWinVerifyTrust(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, PRTERRINFO pErrInfo,
204 static int supR3HardNtViCallWinVerifyTrustCatFile(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, PRTERRINFO pErrInfo,
345 * @param pwszName Optional file name.
349 DECLHIDDEN(int) supHardNtViRdrCreate(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, PSUPHNTVIRDR *ppNtViRdr)
389 if (pwszName)
390 cchFilename = RTUtf16CalcUtf8Len(pwszName);
409 rc = RTUtf16ToUtf8Ex(pwszName, RTSTR_MAX, &pszName, cchFilename + 1, NULL);
439 * @param pwszName The name of the file.
441 static bool supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(HANDLE hFile, PCRTUTF16 pwszName)
459 SUP_DPRINTF(("NtQuerySecurityObject failed with rcNt=%#x on '%ls'\n", rcNt, pwszName));
491 SUP_DPRINTF(("%ls: Owner is administrators group.\n", pwszName));
496 pwszName, ((uint8_t *)pOwner)[1] /*SubAuthorityCount*/ * sizeof(ULONG) + 8, pOwner));
727 * @param pwszName The NT name of the DLL/EXE.
732 static int supHardNtViCheckIfNotSignedOk(RTLDRMOD hLdrMod, PCRTUTF16 pwszName, uint32_t fFlags, HANDLE hFile, int rc)
764 uint32_t cwcName = (uint32_t)RTUtf16Len(pwszName);
766 if (supHardViUtf16PathStartsWithEx(pwszName, cwcName, g_System32NtPath.UniStr.Buffer, cwcOther, true /*fCheckSlash*/))
768 pwsz = pwszName + cwcOther + 1;
772 && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName))
821 if (supHardViUtf16PathStartsWithEx(pwszName, cwcName, g_WinSxSNtPath.UniStr.Buffer, cwcOther, true /*fCheckSlash*/))
823 pwsz = pwszName + cwcOther + 1;
833 && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName))
844 if (supHardViIsAppPatchDir(pwszName, cwcName))
847 pwsz = pwszName + cwcOther + 1;
850 && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName))
881 if ( supHardViUtf16PathStartsWithEx(pwszName, cwcName,
884 || supHardViUtf16PathStartsWithEx(pwszName, cwcName,
888 || supHardViUtf16PathStartsWithEx(pwszName, cwcName,
891 || supHardViUtf16PathStartsWithEx(pwszName, cwcName,
898 && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName))
908 || supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName))
1072 * @param pwszName Full NT path to the DLL in question, used for
1081 DECLHIDDEN(int) supHardenedWinVerifyImageByLdrMod(RTLDRMOD hLdrMod, PCRTUTF16 pwszName, PSUPHNTVIRDR pNtViRdr,
1117 && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(pNtViRdr->hFile, pwszName))
1119 if (supHardViUtf16PathStartsWithEx(pwszName, (uint32_t)RTUtf16Len(pwszName),
1122 SUP_DPRINTF(("%ls: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).\n", pwszName));
1123 else if (supHardViUtf16PathStartsWithEx(pwszName, (uint32_t)RTUtf16Len(pwszName),
1126 SUP_DPRINTF(("%ls: Relaxing the TrustedInstaller requirement for this DLL (it's in WinSxS).\n", pwszName));
1129 "supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '%ls'.", pwszName);
1169 rc = supHardNtViCheckIfNotSignedOk(hLdrMod, pwszName, pNtViRdr->fFlags, pNtViRdr->hFile, rc);
1171 RTErrInfoAddF(pErrInfo, rc, ": %ls", pwszName);
1182 pwszName, rc2);
1185 "The image '%ls' was not linked with /IntegrityCheck.", pwszName);
1189 RTErrInfoSetF(pErrInfo, rc, "RTLdrQueryProp/RTLDRPROP_TIMESTAMP_SECONDS failed on %ls: %Rrc", pwszName, rc);
1196 rc = supHardenedWinVerifyImageTrust(pNtViRdr->hFile, pwszName, pNtViRdr->fFlags, rc, pfWinVerifyTrust, pErrInfo);
1204 supR3HardenedWinVerifyCacheScheduleImports(hLdrMod, pwszName);
1216 * @param pwszName Full NT path to the DLL in question, used for
1225 DECLHIDDEN(int) supHardenedWinVerifyImageByHandle(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, bool fAvoidWinVerifyTrust,
1232 int rc = supHardNtViRdrCreate(hFile, pwszName, fFlags, &pNtViRdr);
1249 rc = supHardenedWinVerifyImageByLdrMod(hLdrMod, pwszName, pNtViRdr, fAvoidWinVerifyTrust, pfWinVerifyTrust, pErrInfo);
1256 rc, pwszName, pfWinVerifyTrust && *pfWinVerifyTrust ? "WinVerifyTrust" : ""));
2180 * @param pwszName Full NT path to the DLL in question, used for
2189 static int supR3HardNtViCallWinVerifyTrust(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, PRTERRINFO pErrInfo,
2200 int rc = supR3HardNtViNtToWinPath(pwszName, &pwszWinPath, wszWinPathBuf, RT_ELEMENTS(wszWinPathBuf));
2202 return RTErrInfoSetF(pErrInfo, rc, "Bad path passed to supR3HardNtViCallWinVerifyTrust: rc=%Rrc '%ls'", rc, pwszName);
2266 "WinVerifyTrust failed with hrc=%s on '%ls'", pszErrConst, pwszName);
2269 "WinVerifyTrust failed with hrc=%Rhrc on '%ls'", hrc, pwszName);
2271 hrc, pszErrConst, pwszName));
2290 * @param pwszName Full NT path to the DLL in question, used for
2297 static int supR3HardNtViCallWinVerifyTrustCatFile(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, PRTERRINFO pErrInfo,
2300 SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile: hFile=%p pwszName=%ls\n", hFile, pwszName));
2307 int rc = supR3HardNtViNtToWinPath(pwszName, &pwszWinPath, wszWinPathBuf, RT_ELEMENTS(wszWinPathBuf));
2309 return RTErrInfoSetF(pErrInfo, rc, "Bad path passed to supR3HardNtViCallWinVerifyTrustCatFile: rc=%Rrc '%ls'", rc, pwszName);
2321 NtName.Buffer = (PWSTR)pwszName;
2322 NtName.Length = (USHORT)(RTUtf16Len(pwszName) * sizeof(WCHAR));
2343 "NtCreateFile returned %#x opening '%ls'.", rcNt, pwszName);
2490 hrc, CatInfo.wszCatalogFile, pwszName));
2515 RtlGetLastWin32Error(), pwszName);
2530 "CryptCATAdminCalcHashFromFileHandle[2] failed: %d [file=%s]", RtlGetLastWin32Error(), pwszName);
2538 "CryptCATAdminAcquireContext[2] failed: %d [file=%s]", RtlGetLastWin32Error(), pwszName);
2562 uint32_t cwcName = (uint32_t)RTUtf16Len(pwszName);
2564 if (supHardViUtf16PathStartsWithEx(pwszName, cwcName, g_System32NtPath.UniStr.Buffer, cwcOther, true /*fCheckSlash*/))
2566 pwsz = pwszName + cwcOther + 1;
2578 RTErrInfoAddF(pErrInfo, rc, "'%ls' is most likely modified.", pwszName);
2606 * @param pwszName Full NT path to the DLL in question, used for
2613 DECLHIDDEN(int) supHardenedWinVerifyImageTrust(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, int rc,
2657 int rc2 = supR3HardNtViCallWinVerifyTrustCatFile(hFile, pwszName, fFlags, pErrInfo,
2671 rc = supR3HardNtViCallWinVerifyTrust(hFile, pwszName, fFlags, pErrInfo, g_pfnWinVerifyTrust,
2684 rc = supR3HardNtViCallWinVerifyTrustCatFile(hFile, pwszName, fFlags, pErrInfo, g_pfnWinVerifyTrust);
2690 int rc2 = supR3HardNtViCallWinVerifyTrust(hFile, pwszName, fFlags, pErrInfo, g_pfnWinVerifyTrust, NULL);
2706 SUP_DPRINTF(("Detected WinVerifyTrust recursion: rc=%Rrc '%ls'.\n", rc, pwszName));
2709 SUP_DPRINTF(("Detected loader lock ownership: rc=%Rrc '%ls'.\n", rc, pwszName));