[ros-diffs] [reactos] 01/01: [NTDLL] Add policy kill-switch for manifest based automatic shimming CORE-16631

Sat, 25 Jan 2020 05:10:25 -0800 

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=8381e29467be1a80b6dce7109925557835ccb54a

commit 8381e29467be1a80b6dce7109925557835ccb54a
Author:     Mark Jansen <[email protected]>
AuthorDate: Fri Jan 24 20:06:11 2020 +0100
Commit:     Mark Jansen <[email protected]>
CommitDate: Sat Jan 25 13:23:54 2020 +0100

    [NTDLL] Add policy kill-switch for manifest based automatic shimming
    CORE-16631
---
 dll/ntdll/ldr/ldrinit.c | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/dll/ntdll/ldr/ldrinit.c b/dll/ntdll/ldr/ldrinit.c
index 37e731c5960..955c9a23b8c 100644
--- a/dll/ntdll/ldr/ldrinit.c
+++ b/dll/ntdll/ldr/ldrinit.c
@@ -1537,6 +1537,40 @@ LdrpValidateImageForMp(IN PLDR_DATA_TABLE_ENTRY 
LdrDataTableEntry)
     UNIMPLEMENTED;
 }
 
+BOOLEAN
+NTAPI
+LdrpDisableProcessCompatGuidDetection(VOID)
+{
+    UNICODE_STRING PolicyKey = 
RTL_CONSTANT_STRING(L"\\Registry\\MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppCompat");
+    UNICODE_STRING DisableDetection = 
RTL_CONSTANT_STRING(L"DisableCompatGuidDetection");
+    OBJECT_ATTRIBUTES PolicyKeyAttributes = 
RTL_CONSTANT_OBJECT_ATTRIBUTES(&PolicyKey, OBJ_CASE_INSENSITIVE);
+    KEY_VALUE_PARTIAL_INFORMATION KeyInfo;
+    ULONG ResultLength;
+    NTSTATUS Status;
+    HANDLE KeyHandle;
+
+    Status = NtOpenKey(&KeyHandle, KEY_QUERY_VALUE, &PolicyKeyAttributes);
+    if (NT_SUCCESS(Status))
+    {
+        Status = NtQueryValueKey(KeyHandle,
+                                 &DisableDetection,
+                                 KeyValuePartialInformation,
+                                 &KeyInfo,
+                                 sizeof(KeyInfo),
+                                 &ResultLength);
+        NtClose(KeyHandle);
+        if ((NT_SUCCESS(Status)) &&
+            (KeyInfo.Type == REG_DWORD) &&
+            (KeyInfo.DataLength == sizeof(ULONG)) &&
+            (KeyInfo.Data[0] == TRUE))
+        {
+            return TRUE;
+        }
+    }
+    return FALSE;
+}
+
+
 VOID
 NTAPI
 LdrpInitializeProcessCompat(PVOID pProcessActctx, PVOID* pOldShimData)
@@ -1610,6 +1644,12 @@ LdrpInitializeProcessCompat(PVOID pProcessActctx, PVOID* 
pOldShimData)
             if (ContextCompatInfo->Elements[n].Type == 
ACTCX_COMPATIBILITY_ELEMENT_TYPE_OS &&
                 RtlCompareMemory(&ContextCompatInfo->Elements[n].Id, 
KnownCompatGuids[cur].Guid, sizeof(GUID)) == sizeof(GUID))
             {
+                if (LdrpDisableProcessCompatGuidDetection())
+                {
+                    DPRINT1("LdrpInitializeProcessCompat: Not applying 
automatic fix for winver 0x%x due to policy\n", KnownCompatGuids[cur].Version);
+                    return;
+                }
+
                 /* If this process did not need shim data before, allocate and 
store it */
                 if (pShimData == NULL)
                 {

Reply via email to