228 lines
7.4 KiB
C
228 lines
7.4 KiB
C
//
|
|
// Helpful macro
|
|
//
|
|
#define FIELDOFFSET(type, field) ((int)(&((type *)1)->field)-1)
|
|
|
|
|
|
//
|
|
// The macro that should be used to check for apphack flags
|
|
//
|
|
|
|
#define APPCOMPATFLAG(_flag) (NtCurrentPeb()->AppCompatFlags.QuadPart & (_flag))
|
|
|
|
//
|
|
// Application compatibility flags and information
|
|
//
|
|
|
|
#define KACF_OLDGETSHORTPATHNAME 0x00000001 // Don't be like Win9x: in GetShortPathName(), NT 4
|
|
// did not care if the file existed - it would give
|
|
// the short path name anyway. This behavior was
|
|
// changed in NT 5 (Win2000) to reflect behavior of
|
|
// Win9x which will fail if the file does not exist.
|
|
// Turning on this flag will give the old behavior
|
|
// for the app.
|
|
#define KACF_VERSIONLIE 0x00000002 // Used to signify app will
|
|
// be lied to wrt what version
|
|
// of the OS its running on via
|
|
// GetVersion(), GetVersionEx()
|
|
#define KACF_GETDISKFREESPACE 0x00000008 // Make GetDiskFreeSpace 2G friendly
|
|
|
|
#define KACF_GETTEMPPATH 0x00000010 // Make GetTempPath return x:\temp
|
|
|
|
#define KACF_FTMFROMCURRENTAPT 0x00000020 // If set, a DCOM Free-Threaded-Marshaled Object has
|
|
// its' stub parked in the apartment that the object is
|
|
// marshaled from instead of the Neutral-Apartment.
|
|
// Having to set this bit indicates a busted App
|
|
// that is not following the rules for FTM objects. The
|
|
// app probably has other subtle problems that NT 4 or
|
|
// Win9x didn't show. Blindly using the ATL wizard to
|
|
// enable using the FTM is usually the source of the bug.
|
|
|
|
#define KACF_DISALLOWORBINDINGCHANGES 0x00000040 // If set, the process will not be notified of changes
|
|
// in the local machine bindings used by COM.
|
|
|
|
#define KACF_OLE32VALIDATEPTRS 0x00000080 // If set, ole32.dll will use the IsBadReadPtr family of
|
|
// functions to verify pointer arguments in the standard COM APIs.
|
|
// This was the default behavior on all platforms prior to Whistler.
|
|
|
|
#define KACF_DISABLECICERO 0x00000100 // If set, Cicero support for the current process
|
|
// is disabled.
|
|
|
|
#define KACF_OLE32ENABLEASYNCDOCFILE 0x00000200
|
|
|
|
enum {
|
|
AVT_OSVERSIONINFO = 1, // Designates that an OSVERSIONINFO type info is contained within
|
|
AVT_PATCHINFO // Designates that patching info is contained within
|
|
};
|
|
|
|
//
|
|
// This variable length struct is the main basic data type contained within
|
|
// the ApplicationGoo registry entry. Anything can be contained within here:
|
|
// ResourceVersionInfo, VersionlyingInfo, patches, etc. You need to use the
|
|
// XXX function to bounce down these correctly.
|
|
//
|
|
typedef struct _APP_VARIABLE_INFO {
|
|
|
|
//
|
|
// Type of variable length struct (defined above)
|
|
//
|
|
ULONG dwVariableType;
|
|
|
|
//
|
|
// Total size of this particular variable length struct
|
|
//
|
|
ULONG dwVariableInfoSize;
|
|
|
|
//
|
|
// The variable length data itself is to follow. It's commented out
|
|
// as the length is undefined, could even be zero.
|
|
//
|
|
// UCHAR VariableInfo[];
|
|
|
|
|
|
} APP_VARIABLE_INFO, *PAPP_VARIABLE_INFO;
|
|
|
|
typedef struct _PRE_APP_COMPAT_INFO {
|
|
|
|
//
|
|
// Total size of this entry
|
|
//
|
|
ULONG dwEntryTotalSize;
|
|
|
|
//
|
|
// Amount of version resource information present in this entry
|
|
//
|
|
ULONG dwResourceInfoSize;
|
|
|
|
//
|
|
// Actual version resource information itself. It's commented out
|
|
// as some apps have no version info. For the apps that do, below
|
|
// is where it would start
|
|
//
|
|
// UCHAR ResourceInfo[];
|
|
|
|
|
|
} PRE_APP_COMPAT_INFO, *PPRE_APP_COMPAT_INFO;
|
|
|
|
//
|
|
// This struct is what is read directly out of the registry under
|
|
// HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXEname - ApplicationGoo.
|
|
// Its a "Pre" structure cuz we won't be keeping all of it, if we decide its
|
|
// a match to the app in question. You should make no assumptions of what
|
|
// is contained beyond AppCompatEntry, as everything will be variable length.
|
|
// If a match is found to the app being executed, a cleaner "Post" structure
|
|
// is made and should be used by all.
|
|
//
|
|
typedef struct _APP_COMPAT_GOO {
|
|
|
|
//
|
|
// Total size of the "Pre" structure
|
|
//
|
|
ULONG dwTotalGooSize;
|
|
|
|
//
|
|
// At least one "Pre" app compat entry will be present (possibly more)
|
|
//
|
|
PRE_APP_COMPAT_INFO AppCompatEntry[1];
|
|
|
|
|
|
} APP_COMPAT_GOO, *PAPP_COMPAT_GOO;
|
|
|
|
|
|
//
|
|
// This is the "Post" app compat structure. Variable length data can follow
|
|
// the CompatibilityFlags field, so you should use the XXX function to find
|
|
// any variable length data you might have in here. We have a "Pre" and
|
|
// "Post" struct to try and save space in the registry and in resident RAM.
|
|
//
|
|
typedef struct _APP_COMPAT_INFO {
|
|
|
|
//
|
|
// Size of app compat entry
|
|
//
|
|
ULONG dwTotalSize;
|
|
|
|
//
|
|
// Bitmask of various app compat flags, see KACF definitions
|
|
//
|
|
ULARGE_INTEGER CompatibilityFlags;
|
|
|
|
//
|
|
// We may have zero, or many APP_VARIABLE_INFO structs to follow
|
|
//
|
|
|
|
|
|
} APP_COMPAT_INFO, *PAPP_COMPAT_INFO;
|
|
|
|
|
|
typedef struct {
|
|
ULONG dwOSVersionInfoSize;
|
|
ULONG dwMajorVersion;
|
|
ULONG dwMinorVersion;
|
|
ULONG dwBuildNumber;
|
|
ULONG dwPlatformId;
|
|
USHORT wServicePackMajor;
|
|
USHORT wServicePackMinor;
|
|
USHORT wSuiteMask;
|
|
UCHAR wProductType;
|
|
UCHAR wReserved;
|
|
WCHAR szCSDVersion[ 128 ];
|
|
} EFFICIENTOSVERSIONINFOEXW, *PEFFICIENTOSVERSIONINFOEXW;
|
|
|
|
//
|
|
// New shim application compatibility flags and information
|
|
//
|
|
|
|
#define KACF_DISABLESYSKEYMESSAGES 0x00000001 // Sucks up WM_SYSKEYUP, WM_SYSKEYDOWN, WM_SYSMENU
|
|
// so a particular app will not be able to alt-tab
|
|
// to the desktop
|
|
|
|
|
|
typedef struct _APP_COMPAT_SHIM_INFO {
|
|
//
|
|
// List of API hooked
|
|
//
|
|
PVOID pHookAPIList;
|
|
|
|
//
|
|
// List of patch hooks
|
|
//
|
|
PVOID pHookPatchList;
|
|
|
|
//
|
|
// List of the APIs to be hooked
|
|
//
|
|
PVOID ppHookAPI;
|
|
|
|
//
|
|
// Count of hooked APIs
|
|
//
|
|
ULONG dwHookAPICount;
|
|
|
|
//
|
|
// Exe specific inclusions/exclusion
|
|
//
|
|
PVOID pExeFilter;
|
|
|
|
//
|
|
// Global exclusions
|
|
//
|
|
PVOID pGlobalFilterList;
|
|
|
|
//
|
|
// Late bound DLL exclusions
|
|
//
|
|
PVOID pLBFilterList;
|
|
|
|
//
|
|
// Crit sec
|
|
//
|
|
PVOID pCritSec;
|
|
|
|
//
|
|
// Shim heap
|
|
//
|
|
PVOID pShimHeap;
|
|
|
|
} APP_COMPAT_SHIM_INFO, *PAPP_COMPAT_SHIM_INFO;
|