180 lines
4.9 KiB
C++
180 lines
4.9 KiB
C++
/*++
|
|
|
|
Copyright (c) 2000-2002 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
CorrectCreateEventName.cpp
|
|
|
|
Abstract:
|
|
|
|
The \ character is not a legal character for an event.
|
|
This shim will replace all \ characters with an underscore,
|
|
except for Global\ or Local\ namespace tags.
|
|
|
|
Notes:
|
|
|
|
This is a general purpose shim.
|
|
|
|
History:
|
|
|
|
07/19/1999 robkenny Created
|
|
03/15/2001 robkenny Converted to CString
|
|
02/26/2002 robkenny Security review. Was not properly handling Global\ and Local\ namespaces.
|
|
Shim wasn't handling OpenEventA, making it pretty useless.
|
|
|
|
--*/
|
|
|
|
|
|
#include "precomp.h"
|
|
|
|
IMPLEMENT_SHIM_BEGIN(CorrectCreateEventName)
|
|
#include "ShimHookMacro.h"
|
|
|
|
|
|
APIHOOK_ENUM_BEGIN
|
|
APIHOOK_ENUM_ENTRY(CreateEventA)
|
|
APIHOOK_ENUM_ENTRY(OpenEventA)
|
|
APIHOOK_ENUM_END
|
|
|
|
typedef HANDLE (WINAPI *_pfn_OpenEventA)(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName );
|
|
|
|
|
|
BOOL CorrectEventName(CString & csBadEventName)
|
|
{
|
|
int nCount = 0;
|
|
|
|
// Make sure we don't stomp Global\ or Local\ namespace prefixes.
|
|
// Global and Local are case sensitive, and non-localized.
|
|
|
|
if (csBadEventName.ComparePart(L"Global\\", 0, 7) == 0)
|
|
{
|
|
// This event exists in the global namespace
|
|
csBadEventName.Delete(0, 7);
|
|
nCount = csBadEventName.Replace(L'\\', '_');
|
|
csBadEventName = L"Global\\" + csBadEventName;
|
|
}
|
|
else if (csBadEventName.ComparePart(L"Local\\", 0, 6) == 0)
|
|
{
|
|
// This event exists in the Local namespace
|
|
csBadEventName.Delete(0, 6);
|
|
nCount = csBadEventName.Replace(L'\\', '_');
|
|
csBadEventName = L"Local\\" + csBadEventName;
|
|
}
|
|
else
|
|
{
|
|
nCount = csBadEventName.Replace(L'\\', '_');
|
|
}
|
|
|
|
return nCount != 0;
|
|
}
|
|
|
|
HANDLE
|
|
APIHOOK(OpenEventA)(
|
|
DWORD dwDesiredAccess, // access
|
|
BOOL bInheritHandle, // inheritance option
|
|
LPCSTR lpName // object name
|
|
)
|
|
{
|
|
DPFN( eDbgLevelInfo, "OpenEventA called with event name = %s.", lpName);
|
|
|
|
if (lpName)
|
|
{
|
|
CSTRING_TRY
|
|
{
|
|
const char * lpCorrectName = lpName;
|
|
|
|
CString csName(lpName);
|
|
|
|
if (CorrectEventName(csName))
|
|
{
|
|
lpCorrectName = csName.GetAnsiNIE();
|
|
LOGN( eDbgLevelError,
|
|
"CreateEventA corrected event name from (%s) to (%s)", lpName, lpCorrectName);
|
|
}
|
|
|
|
HANDLE returnValue = ORIGINAL_API(OpenEventA)(dwDesiredAccess,
|
|
bInheritHandle,
|
|
lpCorrectName);
|
|
return returnValue;
|
|
}
|
|
CSTRING_CATCH
|
|
{
|
|
// Do nothing
|
|
}
|
|
}
|
|
|
|
HANDLE returnValue = ORIGINAL_API(OpenEventA)(dwDesiredAccess,
|
|
bInheritHandle,
|
|
lpName);
|
|
return returnValue;
|
|
}
|
|
/*+
|
|
|
|
CreateEvent doesn't like event names that are similar to path names. This shim
|
|
will replace all \ characters with an underscore, unless they \ is part of either
|
|
the Global\ or Local\ namespace tag.
|
|
|
|
--*/
|
|
|
|
HANDLE
|
|
APIHOOK(CreateEventA)(
|
|
LPSECURITY_ATTRIBUTES lpEventAttributes, // SD
|
|
BOOL bManualReset, // reset type
|
|
BOOL bInitialState, // initial state
|
|
LPCSTR lpName // object name
|
|
)
|
|
{
|
|
DPFN( eDbgLevelInfo, "CreateEventA called with event name = %s.", lpName);
|
|
|
|
if (lpName)
|
|
{
|
|
CSTRING_TRY
|
|
{
|
|
const char * lpCorrectName = lpName;
|
|
|
|
CString csName(lpName);
|
|
|
|
if (CorrectEventName(csName))
|
|
{
|
|
lpCorrectName = csName.GetAnsiNIE();
|
|
LOGN( eDbgLevelError,
|
|
"CreateEventA corrected event name from (%s) to (%s)", lpName, lpCorrectName);
|
|
}
|
|
|
|
HANDLE returnValue = ORIGINAL_API(CreateEventA)(lpEventAttributes,
|
|
bManualReset,
|
|
bInitialState,
|
|
lpCorrectName);
|
|
return returnValue;
|
|
}
|
|
CSTRING_CATCH
|
|
{
|
|
// Do nothing
|
|
}
|
|
}
|
|
|
|
HANDLE returnValue = ORIGINAL_API(CreateEventA)(lpEventAttributes,
|
|
bManualReset,
|
|
bInitialState,
|
|
lpName);
|
|
return returnValue;
|
|
}
|
|
|
|
/*++
|
|
|
|
Register hooked functions
|
|
|
|
--*/
|
|
|
|
HOOK_BEGIN
|
|
|
|
APIHOOK_ENTRY(KERNEL32.DLL, CreateEventA)
|
|
APIHOOK_ENTRY(KERNEL32.DLL, OpenEventA)
|
|
|
|
HOOK_END
|
|
|
|
|
|
IMPLEMENT_SHIM_END
|
|
|