/*++ Copyright (c) 2000-2002 Microsoft Corporation Module Name: CorrectCreateEventName.cpp Abstract: The \ character is not a legal character for an event. This shim will replace all \ characters with an underscore, except for Global\ or Local\ namespace tags. Notes: This is a general purpose shim. History: 07/19/1999 robkenny Created 03/15/2001 robkenny Converted to CString 02/26/2002 robkenny Security review. Was not properly handling Global\ and Local\ namespaces. Shim wasn't handling OpenEventA, making it pretty useless. --*/ #include "precomp.h" IMPLEMENT_SHIM_BEGIN(CorrectCreateEventName) #include "ShimHookMacro.h" APIHOOK_ENUM_BEGIN APIHOOK_ENUM_ENTRY(CreateEventA) APIHOOK_ENUM_ENTRY(OpenEventA) APIHOOK_ENUM_END typedef HANDLE (WINAPI *_pfn_OpenEventA)(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName ); BOOL CorrectEventName(CString & csBadEventName) { int nCount = 0; // Make sure we don't stomp Global\ or Local\ namespace prefixes. // Global and Local are case sensitive, and non-localized. if (csBadEventName.ComparePart(L"Global\\", 0, 7) == 0) { // This event exists in the global namespace csBadEventName.Delete(0, 7); nCount = csBadEventName.Replace(L'\\', '_'); csBadEventName = L"Global\\" + csBadEventName; } else if (csBadEventName.ComparePart(L"Local\\", 0, 6) == 0) { // This event exists in the Local namespace csBadEventName.Delete(0, 6); nCount = csBadEventName.Replace(L'\\', '_'); csBadEventName = L"Local\\" + csBadEventName; } else { nCount = csBadEventName.Replace(L'\\', '_'); } return nCount != 0; } HANDLE APIHOOK(OpenEventA)( DWORD dwDesiredAccess, // access BOOL bInheritHandle, // inheritance option LPCSTR lpName // object name ) { DPFN( eDbgLevelInfo, "OpenEventA called with event name = %s.", lpName); if (lpName) { CSTRING_TRY { const char * lpCorrectName = lpName; CString csName(lpName); if (CorrectEventName(csName)) { lpCorrectName = csName.GetAnsiNIE(); LOGN( eDbgLevelError, "CreateEventA corrected event name from (%s) to (%s)", lpName, lpCorrectName); } HANDLE returnValue = ORIGINAL_API(OpenEventA)(dwDesiredAccess, bInheritHandle, lpCorrectName); return returnValue; } CSTRING_CATCH { // Do nothing } } HANDLE returnValue = ORIGINAL_API(OpenEventA)(dwDesiredAccess, bInheritHandle, lpName); return returnValue; } /*+ CreateEvent doesn't like event names that are similar to path names. This shim will replace all \ characters with an underscore, unless they \ is part of either the Global\ or Local\ namespace tag. --*/ HANDLE APIHOOK(CreateEventA)( LPSECURITY_ATTRIBUTES lpEventAttributes, // SD BOOL bManualReset, // reset type BOOL bInitialState, // initial state LPCSTR lpName // object name ) { DPFN( eDbgLevelInfo, "CreateEventA called with event name = %s.", lpName); if (lpName) { CSTRING_TRY { const char * lpCorrectName = lpName; CString csName(lpName); if (CorrectEventName(csName)) { lpCorrectName = csName.GetAnsiNIE(); LOGN( eDbgLevelError, "CreateEventA corrected event name from (%s) to (%s)", lpName, lpCorrectName); } HANDLE returnValue = ORIGINAL_API(CreateEventA)(lpEventAttributes, bManualReset, bInitialState, lpCorrectName); return returnValue; } CSTRING_CATCH { // Do nothing } } HANDLE returnValue = ORIGINAL_API(CreateEventA)(lpEventAttributes, bManualReset, bInitialState, lpName); return returnValue; } /*++ Register hooked functions --*/ HOOK_BEGIN APIHOOK_ENTRY(KERNEL32.DLL, CreateEventA) APIHOOK_ENTRY(KERNEL32.DLL, OpenEventA) HOOK_END IMPLEMENT_SHIM_END