Support/win/SUPHardenedVerify-win.h

	SUPHardenedVerify-win.h revision 48e06e6a052c50ecf176f63f5537f80b544bf34a
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync/* $Id$ */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync/** @file
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * VirtualBox Support Library/Driver - Hardened Verification, Windows.
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync/*
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * Copyright (C) 2006-2014 Oracle Corporation
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync *
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * This file is part of VirtualBox Open Source Edition (OSE), as
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * available from http://www.virtualbox.org. This file is free software;
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * you can redistribute it and/or modify it under the terms of the GNU
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * General Public License (GPL) as published by the Free Software
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * Foundation, in version 2 as it comes in the "COPYING" file of the
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync *
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * The contents of this file may alternatively be used under the terms
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * of the Common Development and Distribution License Version 1.0
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * VirtualBox OSE distribution, in which case the provisions of the
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * CDDL are applicable instead of those of the GPL.
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync *
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * You may elect to license modified versions of this file under the
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * terms and conditions of either the GPL or the CDDL or both.
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#ifndef ___win_SUPHardenedVerify_win_h
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#define ___win_SUPHardenedVerify_win_h
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#include <iprt/types.h>
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#include <iprt/crypto/x509.h>
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#ifndef SUP_CERTIFICATES_ONLY
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync# ifdef RT_OS_WINDOWS
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  include <iprt/ldr.h>
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync# endif
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#endif
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncRT_C_DECLS_BEGIN
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#ifndef SUP_CERTIFICATES_ONLY
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync# ifdef RT_OS_WINDOWS
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncDECLHIDDEN(int)     supHardenedWinInitImageVerifier(PRTERRINFO pErrInfo);
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncDECLHIDDEN(void)    supHardenedWinTermImageVerifier(void);
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncDECLHIDDEN(void)    supR3HardenedWinVerifyCachePreload(PCRTUTF16 pwszName);
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsynctypedef enum SUPHARDNTVPKIND
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync{
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    SUPHARDNTVPKIND_VERIFY_ONLY = 1,
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    SUPHARDNTVPKIND_CHILD_PURIFICATION,
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    SUPHARDNTVPKIND_SELF_PURIFICATION,
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    SUPHARDNTVPKIND_32BIT_HACK = 0x7fffffff
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync} SUPHARDNTVPKIND;
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncDECLHIDDEN(int)     supHardenedWinVerifyProcess(HANDLE hProcess, HANDLE hThread, SUPHARDNTVPKIND enmKind, PRTERRINFO pErrInfo);
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncDECLHIDDEN(bool)    supHardViUniStrPathStartsWithUniStr(UNICODE_STRING const *pUniStrLeft,
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync                                                        UNICODE_STRING const *pUniStrRight, bool fCheckSlash);
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncDECLHIDDEN(bool)    supHardViUtf16PathStartsWithEx(PCRTUTF16 pwszLeft, uint32_t cwcLeft,
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync                                                PCRTUTF16 pwszRight, uint32_t cwcRight, bool fCheckSlash);
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncDECLHIDDEN(bool)    supHardViIsAppPatchDir(PCRTUTF16 pwszPath, uint32_t cwcName);
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync/**
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync * SUP image verifier loader reader instance.
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsynctypedef struct SUPHNTVIRDR
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync{
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    /** The core reader structure. */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    RTLDRREADER Core;
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    /** The file handle . */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    HANDLE      hFile;
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    /** Current file offset. */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    RTFOFF      off;
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    /** The file size. */
b0a3d0ec5780199a2f379da63c59ccf48f1a73b9vboxsync    RTFOFF      cbFile;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    /** Flags for the verification callback, SUPHNTVI_F_XXX. */
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    uint32_t    fFlags;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    /** The executable timstamp in second since unix epoch. */
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    uint64_t    uTimestamp;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    /** Log name. */
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    char        szFilename[1];
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync} SUPHNTVIRDR;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync/** Pointer to an SUP image verifier loader reader instance. */
37c53e9b2c955f92dff6f11aff63809004945f17vboxsynctypedef SUPHNTVIRDR *PSUPHNTVIRDR;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncDECLHIDDEN(int) supHardNtViRdrCreate(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, PSUPHNTVIRDR *ppNtViRdr);
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsyncDECLHIDDEN(int) supHardenedWinVerifyImageByHandle(HANDLE hFile, PCRTUTF16 pwszName, uint32_t fFlags, bool *pfCacheable, PRTERRINFO pErrInfo);
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncDECLHIDDEN(int) supHardenedWinVerifyImageByHandleNoName(HANDLE hFile, uint32_t fFlags, PRTERRINFO pErrInfo);
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncDECLHIDDEN(int) supHardenedWinVerifyImageByLdrMod(RTLDRMOD hLdrMod, PCRTUTF16 pwszName, PSUPHNTVIRDR pNtViRdr,
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync                                                  bool *pfCacheable, PRTERRINFO pErrInfo);
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync/** @name SUPHNTVI_F_XXX - Flags for supHardenedWinVerifyImageByHandle.
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync * @{ */
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync/** The signing certificate must be the same as the one the VirtualBox build
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync * was signed with. */
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync#  define SUPHNTVI_F_REQUIRE_BUILD_CERT             RT_BIT(0)
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync/** Require kernel code signing level. */
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync#  define SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING    RT_BIT(1)
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync/** Require the image to force the memory mapper to do signature checking. */
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync#  define SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT  RT_BIT(2)
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync/** Whether to allow image verification by catalog file. */
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync#  define SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION    RT_BIT(3)
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync/** The file owner must be TrustedInstaller on Vista+. */
2d8a09147af7f74a5deb52f52ded5b845ddcba2dvboxsync#  define SUPHNTVI_F_TRUSTED_INSTALLER_OWNER        RT_BIT(4)
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync/** Resource image, could be any bitness. */
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync#  define SUPHNTVI_F_RESOURCE_IMAGE                 RT_BIT(30)
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync/** Raw-mode context image, always 32-bit. */
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync#  define SUPHNTVI_F_RC_IMAGE                       RT_BIT(31)
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync/** @} */
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync/**
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync * Loader cache entry.
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync *
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync * This is for avoiding loading and signature checking a file multiple times,
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync * due to multiple passes thru the process validation code (and syscall import
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync * code of NTDLL).
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync */
ca5d48382e06537b69b713b1b772dc299e681d24vboxsynctypedef struct SUPHNTLDRCACHEENTRY
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync{
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync    /** The file name (from g_apszSupNtVpAllowedDlls or
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync     *  g_apszSupNtVpAllowedVmExes). */
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync    const char         *pszName;
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync    /** Load module associated with the image during content verfication. */
ca5d48382e06537b69b713b1b772dc299e681d24vboxsync    RTLDRMOD            hLdrMod;
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync    /** The file reader. */
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync    PSUPHNTVIRDR        pNtViRdr;
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync    /** The module file handle, if we've opened it.
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync     * (pNtviRdr does not close the file handle on destruction.)  */
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync    HANDLE              hFile;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    /** Bits buffer. */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    uint8_t            *pbBits;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    /** Set if verified. */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync    bool                fVerified;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync} SUPHNTLDRCACHEENTRY;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync/** Pointer to a loader cache entry. */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsynctypedef SUPHNTLDRCACHEENTRY *PSUPHNTLDRCACHEENTRY;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncDECLHIDDEN(int)  supHardNtLdrCacheOpen(const char *pszName, PSUPHNTLDRCACHEENTRY *ppEntry);
5931d363b6b08895843fb9bfcc9823795da1e952vboxsyncDECLHIDDEN(int)  supHardNtLdrCacheEntryVerify(PSUPHNTLDRCACHEENTRY pEntry, PCRTUTF16 pwszName, PRTERRINFO pErrInfo);
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncDECLHIDDEN(int)  supHardNtLdrCacheEntryAllocBits(PSUPHNTLDRCACHEENTRY pEntry, uint8_t **ppbBits, PRTERRINFO pErrInfo);
5931d363b6b08895843fb9bfcc9823795da1e952vboxsync
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync/** Which directory under the system root to get. */
37c53e9b2c955f92dff6f11aff63809004945f17vboxsynctypedef enum SUPHARDNTSYSROOTDIR
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync{
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    kSupHardNtSysRootDir_System32 = 0,
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    kSupHardNtSysRootDir_WinSxS,
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync} SUPHARDNTSYSROOTDIR;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncDECLHIDDEN(int) supHardNtGetSystemRootDir(void *pvBuf, uint32_t cbBuf, SUPHARDNTSYSROOTDIR enmDir, PRTERRINFO pErrInfo);
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#  ifndef SUPHNTVI_NO_NT_STUFF
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync/** Typical system root directory buffer. */
37c53e9b2c955f92dff6f11aff63809004945f17vboxsynctypedef struct SUPSYSROOTDIRBUF
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync{
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    UNICODE_STRING  UniStr;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync    WCHAR           awcBuffer[260];
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync} SUPSYSROOTDIRBUF;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncextern SUPSYSROOTDIRBUF g_System32NtPath;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncextern SUPSYSROOTDIRBUF g_WinSxSNtPath;
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync#ifdef IN_RING3
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncextern SUPSYSROOTDIRBUF g_ProgramFilesNtPath;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncextern SUPSYSROOTDIRBUF g_CommonFilesNtPath;
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync# if ARCH_BITS == 64
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncextern SUPSYSROOTDIRBUF g_ProgramFilesX86NtPath;
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncextern SUPSYSROOTDIRBUF g_CommonFilesX86NtPath;
b0a3d0ec5780199a2f379da63c59ccf48f1a73b9vboxsync# endif
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#endif
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncextern SUPSYSROOTDIRBUF g_SupLibHardenedExeNtPath;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncextern uint32_t         g_offSupLibHardenedExeNtName;
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#   ifdef IN_RING0
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync/** Pointer to NtQueryVirtualMemory. */
37c53e9b2c955f92dff6f11aff63809004945f17vboxsynctypedef NTSTATUS (NTAPI *PFNNTQUERYVIRTUALMEMORY)(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncextern PFNNTQUERYVIRTUALMEMORY g_pfnNtQueryVirtualMemory;
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync#   endif
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync#  endif /* SUPHNTVI_NO_NT_STUFF */
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync/** Creates a combined NT version number for simple comparisons. */
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync#define SUP_MAKE_NT_VER_COMBINED(a_uMajor, a_uMinor, a_uBuild, a_uSpMajor, a_uSpMinor) \
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync    (   ((uint32_t)((a_uMajor) & UINT32_C(0xf))    << 28) \
ce58048f6cafbf5f68163cc932fecc521de0733fvboxsync      | ((uint32_t)((a_uMinor) & UINT32_C(0xf))    << 24) \
ce58048f6cafbf5f68163cc932fecc521de0733fvboxsync      | ((uint32_t)((a_uBuild) & UINT32_C(0xffff)) << 8) \
ce58048f6cafbf5f68163cc932fecc521de0733fvboxsync      | ((uint32_t)((a_uSpMajor) & UINT32_C(0xf))  << 4) \
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync      | RT_MIN((uint32_t)(a_uSpMinor), UINT32_C(0xf)) )
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync/** Simple version of SUP_MAKE_NT_VER_COMBINED. */
ce58048f6cafbf5f68163cc932fecc521de0733fvboxsync#define SUP_MAKE_NT_VER_SIMPLE(a_uMajor, a_uMinor) SUP_MAKE_NT_VER_COMBINED(a_uMajor, a_uMinor, 0, 0, 0)
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsyncextern uint32_t         g_uNtVerCombined;
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync/** Combined NT version number for XP. */
ce58048f6cafbf5f68163cc932fecc521de0733fvboxsync#define SUP_NT_VER_XP       SUP_MAKE_NT_VER_SIMPLE(5,1)
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync/** Combined NT version number for Windows server 2003 & XP64. */
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync#define SUP_NT_VER_W2K3     SUP_MAKE_NT_VER_SIMPLE(5,2)
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync/** Combined NT version number for Vista. */
ce58048f6cafbf5f68163cc932fecc521de0733fvboxsync#define SUP_NT_VER_VISTA    SUP_MAKE_NT_VER_SIMPLE(6,0)
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync/** Combined NT version number for Windows 7. */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#define SUP_NT_VER_W70      SUP_MAKE_NT_VER_SIMPLE(6,1)
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync/** Combined NT version number for Windows 8.0. */
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#define SUP_NT_VER_W80      SUP_MAKE_NT_VER_SIMPLE(6,2)
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync/** Combined NT version number for Windows 8.1. */
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#define SUP_NT_VER_W81      SUP_MAKE_NT_VER_SIMPLE(6,3)
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync# endif
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync# ifndef IN_SUP_HARDENED_R3
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#  include <iprt/mem.h>
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#  include <iprt/string.h>
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#  define suplibHardenedAllocZ       RTMemAllocZ
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#  define suplibHardenedReAlloc      RTMemRealloc
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#  define suplibHardenedFree         RTMemFree
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#  define suplibHardenedMemComp      memcmp
1df46139c7299e5fbb38e49955bce0c8ad972330vboxsync#  define suplibHardenedMemCopy      memcpy
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#  define suplibHardenedMemSet       memset
37c53e9b2c955f92dff6f11aff63809004945f17vboxsync#  define suplibHardenedStrCopy      strcpy
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define suplibHardenedStrLen       strlen
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define suplibHardenedStrCat       strcat
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define suplibHardenedStrCmp       strcmp
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define suplibHardenedStrNCmp      strncmp
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync# else   /* IN_SUP_HARDENED_R3 */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  include <iprt/mem.h>
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#if 0
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define memcmp                     suplibHardenedMemComp
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define memcpy                     suplibHardenedMemCopy
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define memset                     suplibHardenedMemSet
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define strcpy                     suplibHardenedStrCopy
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define strlen                     suplibHardenedStrLen
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define strcat                     suplibHardenedStrCat
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define strcmp                     suplibHardenedStrCmp
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#  define strncmp                    suplibHardenedStrNCmp
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#endif
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncDECLHIDDEN(void *)  suplibHardenedAllocZ(size_t cb);
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncDECLHIDDEN(void *)  suplibHardenedReAlloc(void *pvOld, size_t cbNew);
37c53e9b2c955f92dff6f11aff63809004945f17vboxsyncDECLHIDDEN(void)    suplibHardenedFree(void *pv);
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync# endif  /* IN_SUP_HARDENED_R3 */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync#endif /* SUP_CERTIFICATES_ONLY */
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsyncRT_C_DECLS_END
1d7eb4842eb34752cbc8655fc26097b97806314dvboxsync
#endif