[ros-diffs] [reactos] 01/01: [FREELDR] Set LDRP_IMAGE_INTEGRITY_FORCED if necessary. (Part of PR #1905)

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=43a8d871bfacb42e3758e… commit 43a8d871bfacb42e3758e4f647ad5e8d9bf5fc5e Author: Mark Harmstone <mark(a)harmstone.com> AuthorDate: Wed Oct 9 21:28:33 2019 +0100 Commit: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org> CommitDate: Mon Oct 14 00:49:00 2019 +0200 [FREELDR] Set LDRP_IMAGE_INTEGRITY_FORCED if necessary. (Part of PR #1905) + Add extra information. Co-authored-by: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org> --- boot/freeldr/freeldr/lib/peloader.c | 24 ++++++++++++++++++++++++ sdk/include/ndk/ldrtypes.h | 1 + 2 files changed, 25 insertions(+) diff --git a/boot/freeldr/freeldr/lib/peloader.c b/boot/freeldr/freeldr/lib/peloader.c index 5a7cfa60a86..2c981cefe91 100644 --- a/boot/freeldr/freeldr/lib/peloader.c +++ b/boot/freeldr/freeldr/lib/peloader.c @@ -658,6 +658,24 @@ PeLdrAllocateDataTableEntry( DataTableEntry->Flags = LDRP_ENTRY_PROCESSED; DataTableEntry->LoadCount = 1; + /* Honour the FORCE_INTEGRITY flag */ + if (NtHeaders->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY) + { + /* + * On Vista and above, the LDRP_IMAGE_INTEGRITY_FORCED flag must be set + * if IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY is set in the image header. + * This is done after the image has been loaded and the digital signature + * check has passed successfully. (We do not do it yet!) + * + * Several OS functionality depend on the presence of this flag. + * For example, when using Object-Manager callbacks the latter will call + * MmVerifyCallbackFunction() to verify whether the flag is present. + * If not callbacks will not work. + * (See Windows Internals Part 1, 6th edition, p. 176.) + */ + DataTableEntry->Flags |= LDRP_IMAGE_INTEGRITY_FORCED; + } + /* Insert this DTE to a list in the LPB */ InsertTailList(ModuleListHead, &DataTableEntry->InLoadOrderLinks); TRACE("Inserting DTE %p, name='%.*S' DllBase=%p \n", DataTableEntry, @@ -783,6 +801,12 @@ PeLdrLoadImage( return FALSE; } + /* + * On Vista and above, a digital signature check is performed when the image + * has the IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY flag set in its header. + * (We of course do not perform this check yet!) + */ + /* Reload the NT Header */ NtHeaders = RtlImageNtHeader(PhysicalBase); diff --git a/sdk/include/ndk/ldrtypes.h b/sdk/include/ndk/ldrtypes.h index fd5dd125943..41385ba39be 100644 --- a/sdk/include/ndk/ldrtypes.h +++ b/sdk/include/ndk/ldrtypes.h @@ -38,6 +38,7 @@ Author: #define LDRP_STATIC_LINK 0x00000002 #define LDRP_IMAGE_DLL 0x00000004 #define LDRP_SHIMENG_SUPPRESSED_ENTRY 0x00000008 +#define LDRP_IMAGE_INTEGRITY_FORCED 0x00000020 #define LDRP_LOAD_IN_PROGRESS 0x00001000 #define LDRP_UNLOAD_IN_PROGRESS 0x00002000 #define LDRP_ENTRY_PROCESSED 0x00004000