182 lines
5.2 KiB
C
182 lines
5.2 KiB
C
#include "dmincludes.h"
|
|
|
|
// Please note, I (Nathan LeRoux) did not write this file!
|
|
// cOz requested that I add this into xbdm, so I did
|
|
|
|
#define TOTAL_TYPES 4
|
|
DWORD obtypes[] = {
|
|
OBJ_TYP_SYMBLINK,
|
|
OBJ_TYP_DEVICE,
|
|
0x0,
|
|
OBJ_TYP_DIRECTORY
|
|
};
|
|
static int iLevel = 0;
|
|
VOID DumpAllObjects(char* pszDir, SOCKET s)
|
|
{
|
|
int i, typeCount = 0;
|
|
ANSI_STRING UName;
|
|
BOOL restart = FALSE;
|
|
HANDLE hObj, hLink;
|
|
NTSTATUS ntStatus, ntStatusTmp;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
POBJECT_DIRECTORY_INFORMATION DirObjInformation;
|
|
CHAR szData[256];
|
|
CHAR szLinkName[256];
|
|
CHAR tabs[32];
|
|
CHAR dirTabs[32];
|
|
DWORD dw, index;
|
|
DirObjInformation = (POBJECT_DIRECTORY_INFORMATION)szData;
|
|
ZeroMemory(tabs, 32);
|
|
ZeroMemory(dirTabs, 32);
|
|
if(iLevel == 0)
|
|
{
|
|
strcat_s(tabs, sizeof(tabs), " ");
|
|
}
|
|
else
|
|
{
|
|
for(i=0; i<iLevel; i++)
|
|
strcat_s(tabs, sizeof(tabs), " ");
|
|
for(i=0; i<(iLevel-1); i++)
|
|
strcat_s(dirTabs, sizeof(dirTabs), " ");
|
|
}
|
|
// open directory object
|
|
RtlInitAnsiString(&UName, pszDir);
|
|
InitializeObjectAttributes(&ObjectAttributes, &UName, OBJ_CASE_INSENSITIVE, NULL);
|
|
|
|
ntStatus = NtOpenDirectoryObject(&hObj, &ObjectAttributes);
|
|
|
|
if(NT_SUCCESS(ntStatus))
|
|
{
|
|
FSendLine(s, "%s'%s' (directory)", dirTabs, pszDir);
|
|
index = 0; // start index
|
|
|
|
while(NT_SUCCESS(ntStatus))
|
|
{
|
|
ZeroMemory(szData, sizeof(szData));
|
|
DirObjInformation = (POBJECT_DIRECTORY_INFORMATION)&szData;
|
|
ntStatus = NtQueryDirectoryObject(hObj, szData, sizeof(szData), restart, &index, &dw);
|
|
restart = FALSE;
|
|
//DbgPrint("status %08x\r\n", ntStatus);
|
|
if((ntStatus == 0x8000001A)) // STATUS_NO_MORE_ENTRIES
|
|
{
|
|
if(typeCount < (TOTAL_TYPES-1))
|
|
{
|
|
index = 0;
|
|
ntStatus = 0;
|
|
typeCount++;
|
|
restart = TRUE;
|
|
}
|
|
}
|
|
else if(NT_SUCCESS(ntStatus))
|
|
{
|
|
//DbgPrint("index %08x\r\n", index);
|
|
if(pszDir[strlen(pszDir)-1] != '\\')
|
|
RtlSnprintf(szLinkName, 256, "%s\\%s", pszDir, DirObjInformation->Name.Buffer);
|
|
else
|
|
RtlSnprintf(szLinkName, 256, "%s%s", pszDir, DirObjInformation->Name.Buffer);
|
|
//DbgPrint("checking type %x index %x typecount %d\r\n", obtypes[typeCount], index, typeCount);
|
|
|
|
if((DirObjInformation->Type == obtypes[typeCount])&&(obtypes[typeCount] == OBJ_TYP_SYMBLINK))
|
|
{
|
|
ANSI_STRING symb;
|
|
FSendLine(s, "%s'%s' ", tabs, szLinkName);
|
|
RtlInitAnsiString(&symb, szLinkName);
|
|
InitializeObjectAttributes(&ObjectAttributes, &symb, OBJ_CASE_INSENSITIVE, NULL);
|
|
ntStatusTmp = NtOpenSymbolicLinkObject(&hLink, &ObjectAttributes);
|
|
if(NT_SUCCESS(ntStatusTmp))
|
|
{
|
|
ANSI_STRING LName;
|
|
char outstr[256];
|
|
LName.Buffer = outstr;
|
|
LName.Length = 0;
|
|
LName.MaximumLength = 256;
|
|
memset(outstr, 0x0, 256);
|
|
ntStatusTmp = NtQuerySymbolicLinkObject(hLink, &LName, &dw);
|
|
if(NT_SUCCESS(ntStatusTmp))
|
|
FSendLine(s, "linked to: '%s' (SymbolicLink)", outstr);
|
|
else
|
|
FSendLine(s, "\r\n NtQuerySymbolicLinkObject fail = 0x%lX\r\n", ntStatusTmp);
|
|
NtClose(hLink);
|
|
}
|
|
else
|
|
FSendLine(s, "\r\n NtOpenSymboliclinkObject fail = 0x%lX\r\n", ntStatusTmp);
|
|
}
|
|
else if((DirObjInformation->Type == obtypes[typeCount])&&(obtypes[typeCount] == OBJ_TYP_DEVICE))
|
|
{
|
|
FSendLine(s, "%s'%s' (Device)", tabs, szLinkName);
|
|
}
|
|
else if((DirObjInformation->Type == obtypes[typeCount])&&(obtypes[typeCount] == OBJ_TYP_DIRECTORY))
|
|
{
|
|
iLevel++;
|
|
DumpAllObjects(szLinkName, s);
|
|
iLevel--;
|
|
}
|
|
else if(obtypes[typeCount] == 0x0)
|
|
{
|
|
DWORD tt = DirObjInformation->Type;
|
|
if((tt != OBJ_TYP_DIRECTORY)&&(tt != OBJ_TYP_DEVICE)&&(tt != OBJ_TYP_SYMBLINK))
|
|
{
|
|
if(DirObjInformation->Type == OBJ_TYP_EVENT)
|
|
FSendLine(s, "%s'%s' (Event)", tabs, szLinkName);
|
|
else if(DirObjInformation->Type == OBJ_TYP_DEBUG)
|
|
FSendLine(s, "%s'%s' (Debug)", tabs, szLinkName);
|
|
else
|
|
{
|
|
FSendLine(s, "%s**** '%s' (unknown %08x-'%c%c%c%c')", tabs, szLinkName, tt, tt&0xFF, (tt>>8)&0xFF, (tt>>16)&0xFF, (tt>>24)&0xFF);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
FSendLine(s, "NtQueryDirectoryObject = 0x%lX (%S)", ntStatus, pszDir);
|
|
}
|
|
}
|
|
|
|
NtClose(hObj);
|
|
}
|
|
else
|
|
{
|
|
printf("NtOpenDirectoryObject = 0x%lX (%S)\r\n", ntStatus, pszDir);
|
|
}
|
|
}
|
|
|
|
// Xam 0x9BB(Open), Xam 0x9BC(Close)
|
|
DWORD XSecurityAllOk_Hook()
|
|
{
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
// Xam 0x9BD(Verify)
|
|
DWORD XSecurityVerify_Hook(DWORD dwMilliseconds, LPOVERLAPPED lpOverlapped,
|
|
LPOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
|
|
{
|
|
if(lpCompletionRoutine)
|
|
lpCompletionRoutine(0, 0, lpOverlapped);
|
|
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
// Xam 0x9BE(GetFailures)
|
|
DWORD XSecurityGetFailureInfo_Hook(PXSECURITY_FAILURE_INFORMATION pFailureInformation)
|
|
{
|
|
if(pFailureInformation->dwSize == 0x14)
|
|
{
|
|
pFailureInformation->dwBlocksChecked = 0x64;
|
|
pFailureInformation->dwFailedHashes = 0;
|
|
pFailureInformation->dwFailedReads = 0;
|
|
pFailureInformation->dwTotalBlocks = 0x64;
|
|
}
|
|
else if(pFailureInformation->dwSize == sizeof(XSECURITY_FAILURE_INFORMATION))
|
|
{
|
|
pFailureInformation->dwBlocksChecked = 0x100;
|
|
pFailureInformation->dwFailedHashes = 0;
|
|
pFailureInformation->dwFailedReads = 0;
|
|
pFailureInformation->dwTotalBlocks = 0x100;
|
|
pFailureInformation->fComplete = TRUE;
|
|
}
|
|
else
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
|
|
return ERROR_SUCCESS;
|
|
} |