Initial commit

2025-11-06 15:36:24 -05:00
parent a738b93280
commit b24c1ddcbc
45 changed files with 65790 additions and 0 deletions
--- a/xbdm/coz.c
+++ b/xbdm/coz.c
@@ -0,0 +1,182 @@
+#include "dmincludes.h"
+
+// Please note, I (Nathan LeRoux) did not write this file!
+// cOz requested that I add this into xbdm, so I did
+
+#define TOTAL_TYPES	4
+DWORD obtypes[] = {
+	OBJ_TYP_SYMBLINK,
+	OBJ_TYP_DEVICE,
+	0x0,
+	OBJ_TYP_DIRECTORY
+};
+static int iLevel = 0;
+VOID DumpAllObjects(char* pszDir, SOCKET s)
+{
+	int i, typeCount = 0;
+	ANSI_STRING UName;
+	BOOL restart = FALSE;
+	HANDLE hObj, hLink;
+	NTSTATUS ntStatus, ntStatusTmp;
+	OBJECT_ATTRIBUTES ObjectAttributes;
+	POBJECT_DIRECTORY_INFORMATION DirObjInformation;
+	CHAR szData[256];
+	CHAR szLinkName[256];
+	CHAR tabs[32];
+	CHAR dirTabs[32];
+	DWORD dw, index;
+	DirObjInformation = (POBJECT_DIRECTORY_INFORMATION)szData;
+	ZeroMemory(tabs, 32);
+	ZeroMemory(dirTabs, 32);
+	if(iLevel == 0)
+	{
+		strcat_s(tabs, sizeof(tabs), "    ");
+	}
+	else
+	{
+		for(i=0; i<iLevel; i++)
+			strcat_s(tabs, sizeof(tabs), "    ");
+		for(i=0; i<(iLevel-1); i++)
+			strcat_s(dirTabs, sizeof(dirTabs), "    ");
+	}
+	// open directory object
+	RtlInitAnsiString(&UName, pszDir);
+	InitializeObjectAttributes(&ObjectAttributes, &UName, OBJ_CASE_INSENSITIVE, NULL);
+
+	ntStatus = NtOpenDirectoryObject(&hObj, &ObjectAttributes);
+
+	if(NT_SUCCESS(ntStatus))
+	{
+		FSendLine(s, "%s'%s' (directory)", dirTabs, pszDir);
+		index = 0; // start index
+
+		while(NT_SUCCESS(ntStatus))
+		{
+			ZeroMemory(szData, sizeof(szData));
+			DirObjInformation = (POBJECT_DIRECTORY_INFORMATION)&szData;
+			ntStatus = NtQueryDirectoryObject(hObj, szData, sizeof(szData), restart, &index, &dw);
+			restart = FALSE;
+			//DbgPrint("status %08x\r\n", ntStatus);
+			if((ntStatus == 0x8000001A)) // STATUS_NO_MORE_ENTRIES
+			{
+				if(typeCount < (TOTAL_TYPES-1))
+				{
+					index = 0;
+					ntStatus = 0;
+					typeCount++;
+					restart = TRUE;
+				}
+			}
+			else if(NT_SUCCESS(ntStatus))
+			{
+				//DbgPrint("index %08x\r\n", index);
+				if(pszDir[strlen(pszDir)-1] != '\\')
+					RtlSnprintf(szLinkName, 256, "%s\\%s", pszDir, DirObjInformation->Name.Buffer);
+				else
+					RtlSnprintf(szLinkName, 256, "%s%s", pszDir, DirObjInformation->Name.Buffer);
+				//DbgPrint("checking type %x index %x typecount %d\r\n", obtypes[typeCount], index, typeCount);
+
+				if((DirObjInformation->Type == obtypes[typeCount])&&(obtypes[typeCount] == OBJ_TYP_SYMBLINK))
+				{
+					ANSI_STRING symb;
+					FSendLine(s, "%s'%s' ", tabs, szLinkName);
+					RtlInitAnsiString(&symb, szLinkName);
+					InitializeObjectAttributes(&ObjectAttributes, &symb, OBJ_CASE_INSENSITIVE, NULL);
+					ntStatusTmp = NtOpenSymbolicLinkObject(&hLink, &ObjectAttributes);
+					if(NT_SUCCESS(ntStatusTmp))
+					{
+						ANSI_STRING LName;
+						char outstr[256];
+						LName.Buffer = outstr;
+						LName.Length = 0;
+						LName.MaximumLength = 256;
+						memset(outstr, 0x0, 256);
+						ntStatusTmp = NtQuerySymbolicLinkObject(hLink, &LName, &dw);
+						if(NT_SUCCESS(ntStatusTmp))
+							FSendLine(s, "linked to: '%s' (SymbolicLink)", outstr);
+						else
+							FSendLine(s, "\r\n    NtQuerySymbolicLinkObject fail = 0x%lX\r\n", ntStatusTmp);
+						NtClose(hLink);
+					}
+					else
+						FSendLine(s, "\r\n    NtOpenSymboliclinkObject fail = 0x%lX\r\n", ntStatusTmp);
+				}
+				else if((DirObjInformation->Type == obtypes[typeCount])&&(obtypes[typeCount] == OBJ_TYP_DEVICE))
+				{
+					FSendLine(s, "%s'%s' (Device)", tabs, szLinkName);
+				}
+				else if((DirObjInformation->Type == obtypes[typeCount])&&(obtypes[typeCount] == OBJ_TYP_DIRECTORY))
+				{
+					iLevel++;
+					DumpAllObjects(szLinkName, s);
+					iLevel--;
+				}
+				else if(obtypes[typeCount] == 0x0)
+				{
+					DWORD tt = DirObjInformation->Type;
+					if((tt != OBJ_TYP_DIRECTORY)&&(tt != OBJ_TYP_DEVICE)&&(tt != OBJ_TYP_SYMBLINK))
+					{
+						if(DirObjInformation->Type == OBJ_TYP_EVENT)
+							FSendLine(s, "%s'%s' (Event)", tabs, szLinkName);
+						else if(DirObjInformation->Type == OBJ_TYP_DEBUG)
+							FSendLine(s, "%s'%s' (Debug)", tabs, szLinkName);
+						else
+						{
+							FSendLine(s, "%s**** '%s' (unknown %08x-'%c%c%c%c')", tabs, szLinkName, tt, tt&0xFF, (tt>>8)&0xFF, (tt>>16)&0xFF, (tt>>24)&0xFF);
+						}
+					}
+				}
+			}
+			else
+			{
+				FSendLine(s, "NtQueryDirectoryObject = 0x%lX (%S)", ntStatus, pszDir);
+			}
+		}
+
+		NtClose(hObj);
+	}
+	else
+	{
+		printf("NtOpenDirectoryObject = 0x%lX (%S)\r\n", ntStatus, pszDir);
+	}
+}
+
+// Xam 0x9BB(Open), Xam 0x9BC(Close)
+DWORD XSecurityAllOk_Hook()
+{
+	return ERROR_SUCCESS;
+}
+
+// Xam 0x9BD(Verify)
+DWORD XSecurityVerify_Hook(DWORD dwMilliseconds, LPOVERLAPPED lpOverlapped,
+	LPOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
+{
+	if(lpCompletionRoutine)
+		lpCompletionRoutine(0, 0, lpOverlapped);
+
+	return ERROR_SUCCESS;
+}
+
+// Xam 0x9BE(GetFailures)
+DWORD XSecurityGetFailureInfo_Hook(PXSECURITY_FAILURE_INFORMATION pFailureInformation)
+{
+	if(pFailureInformation->dwSize == 0x14)
+	{
+		pFailureInformation->dwBlocksChecked = 0x64;
+		pFailureInformation->dwFailedHashes = 0;
+		pFailureInformation->dwFailedReads = 0;
+		pFailureInformation->dwTotalBlocks = 0x64;
+	}
+	else if(pFailureInformation->dwSize == sizeof(XSECURITY_FAILURE_INFORMATION))
+	{
+		pFailureInformation->dwBlocksChecked = 0x100;
+		pFailureInformation->dwFailedHashes = 0;
+		pFailureInformation->dwFailedReads = 0;
+		pFailureInformation->dwTotalBlocks = 0x100;
+		pFailureInformation->fComplete = TRUE;
+	}
+	else
+		return ERROR_NOT_ENOUGH_MEMORY;
+
+	return ERROR_SUCCESS;
+}