Add boot time registry lock/unlock.

Add support for lists of keys.
bkeyes93 · Aug 11, 2016 · 0b9084e · 0b9084e
1 parent 3babbcf
commit 0b9084e
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 13 deletions.
diff --git a/driver.c b/driver.c
@@ -199,6 +199,7 @@ static NTSTATUS reg_set_lock(PUNICODE_STRING name, int lock)
 	NTSTATUS st;
 	CM_KEY_CONTROL_BLOCK *cb;
 	CM_KEY_BODY *kb;
+
 	st = ZwOpenKey(&h, KEY_READ, &attr);
 	if (!NT_SUCCESS(st))
 		return st;
@@ -229,6 +230,34 @@ out:;
 	return st;
 }
 
+static NTSTATUS regs_do(NTSTATUS (*fn)(PUNICODE_STRING,int), PUNICODE_STRING names, int lock)
+{
+	WCHAR *p = names->Buffer;
+	NTSTATUS status = STATUS_SUCCESS;
+
+	if (!p)
+		return status;
+
+	while (*p) {
+		WCHAR *next;
+		UNICODE_STRING split;
+		NTSTATUS item_status;
+
+		next = wcschr(p, L';');
+		if (next)
+			*next = 0;
+
+		RtlInitUnicodeString(&split, p);
+		item_status = fn(&split, lock);
+		if (NT_SUCCESS(status) && !NT_SUCCESS(item_status))
+			status = item_status;
+		if (!next)
+			break;
+		p = next+1;
+	}
+	return status;
+}
+
 static NTSTATUS change_prot(wind_prot_t *req)
 {
 	int getonly;
@@ -305,11 +334,11 @@ switch (code) {
 		break;
 	case WIND_IOCTL_REGLOCKON:
 	case WIND_IOCTL_REGLOCKOFF:
-		status = reg_set_lock(&us, (code>>2)&1);
+		status = regs_do(reg_set_lock, &us, (code>>2)&1);
 		break;
 	case WIND_IOCTL_REGNON:
 	case WIND_IOCTL_REGNOFF:
-		status = reg_set_notify(&us, (code>>2)&1);
+		status = regs_do(reg_set_notify, &us, (code>>2)&1);
 		break;
 	case WIND_IOCTL_PROT:
 		if (len != sizeof(wind_prot_t))
@@ -329,7 +358,8 @@ NTSTATUS NTAPI ENTRY(driver_entry)(IN PDRIVER_OBJECT self, IN PUNICODE_STRING re
 {
 	PDEVICE_OBJECT dev;
 	NTSTATUS status;
-	RTL_QUERY_REGISTRY_TABLE tab[2] = {{
+	UNICODE_STRING regs[4]={{0}};
+	RTL_QUERY_REGISTRY_TABLE tab[] = {{
 		.Flags = RTL_QUERY_REGISTRY_DIRECT
 			|RTL_QUERY_REGISTRY_TYPECHECK
 			|RTL_QUERY_REGISTRY_REQUIRED
@@ -341,7 +371,32 @@ NTSTATUS NTAPI ENTRY(driver_entry)(IN PDRIVER_OBJECT self, IN PUNICODE_STRING re
 		.EntryContext = &cfg,
 		.DefaultType = (REG_BINARY<<RTL_QUERY_REGISTRY_TYPECHECK_SHIFT)
 			|REG_NONE
-	},{}};
+	},{
+		.Flags = RTL_QUERY_REGISTRY_DIRECT
+			|RTL_QUERY_REGISTRY_TYPECHECK,
+		.DefaultType = (REG_SZ<<RTL_QUERY_REGISTRY_TYPECHECK_SHIFT),
+		.Name = L"RD",
+		.EntryContext = regs,
+	},{
+		.Flags = RTL_QUERY_REGISTRY_DIRECT
+			|RTL_QUERY_REGISTRY_TYPECHECK,
+		.DefaultType = (REG_SZ<<RTL_QUERY_REGISTRY_TYPECHECK_SHIFT),
+		.Name = L"RE",
+		.EntryContext = regs+1,
+	},{
+		.Flags = RTL_QUERY_REGISTRY_DIRECT
+			|RTL_QUERY_REGISTRY_TYPECHECK,
+		.DefaultType = (REG_SZ<<RTL_QUERY_REGISTRY_TYPECHECK_SHIFT),
+		.Name = L"ND",
+		.EntryContext = regs+2,
+	},{
+		.Flags = RTL_QUERY_REGISTRY_DIRECT
+			|RTL_QUERY_REGISTRY_TYPECHECK,
+		.DefaultType = (REG_SZ<<RTL_QUERY_REGISTRY_TYPECHECK_SHIFT),
+		.Name = L"NE",
+		.EntryContext = regs+3,
+	},
+	{}};
 
 	status = RtlQueryRegistryValues(0, reg->Buffer, tab, NULL, NULL);
 	if (!NT_SUCCESS(status)) {
@@ -376,6 +431,14 @@ NTSTATUS NTAPI ENTRY(driver_entry)(IN PDRIVER_OBJECT self, IN PUNICODE_STRING re
 	dev->Flags &= ~DO_DEVICE_INITIALIZING;
 
 	KeInitializeMutex(&ioctl_mutex, 0);
+	KeWaitForMutexObject(&ioctl_mutex, UserRequest, KernelMode, FALSE, NULL);
+	if (cfg.bootreg) {
+		regs_do(reg_set_lock, regs, 0);
+		regs_do(reg_set_lock, regs+1, 1);
+		regs_do(reg_set_notify, regs+2, 0);
+		regs_do(reg_set_notify, regs+3, 1);
+	}
+	KeReleaseMutex(&ioctl_mutex, 0);
 
 	DBG("loaded driver\n");
 	return status;

diff --git a/wind.c b/wind.c
@@ -369,9 +369,9 @@ static int install_files(WCHAR *svc, WCHAR *ldr)
 	return 1;
 }
 
-static HANDLE trigger_loader(WCHAR *svc, WCHAR *ldr)
+static HANDLE trigger_loader(WCHAR *svc, WCHAR *ldr, int boot)
 {
-	wind_config_t cfg = {0};
+	wind_config_t cfg = {.bootreg=boot};
 	NTSTATUS status;
 	UNICODE_STRING svcu, ldru;
 	HANDLE dev = NULL;
@@ -465,7 +465,7 @@ out:;
 	return dev;
 }
 
-static HANDLE check_driver(int force)
+static HANDLE check_driver(int force, int boot)
 {
 	HANDLE dev;
 	dev = wind_open();
@@ -477,7 +477,7 @@ static HANDLE check_driver(int force)
 		WaitForSingleObject(hmutex,INFINITE);
 
 		if (install_files(svc, ldr))
-			dev = trigger_loader(svc, ldr);
+			dev = trigger_loader(svc, ldr, boot);
 
 		ReleaseMutex(hmutex);
 		CloseHandle(hmutex);
@@ -504,7 +504,7 @@ static int unprotect(WCHAR *p)
 		return 0;
 	while (*p == L' ' || *p == L'\t') p++;
 	prot.pid = _wtoi(p);
-	dev = check_driver(0);
+	dev = check_driver(0,0);
 	if (!dev) {
 		printf("Failed to open/install WinD device.\n");
 		return 0;
@@ -530,7 +530,7 @@ static int load_driver(WCHAR *name)
 	if (!elevate())
 		return 0;
 
-       	dev = check_driver(0);
+       	dev = check_driver(0,0);
 	if (!name) {
 		ret = !!dev;
 		goto outclose;
@@ -619,7 +619,7 @@ static int do_install()
 	(void)st;
 	DBG("Unloading previous driver %x", (int)st);
 
-	if (!check_driver(1)) {
+	if (!check_driver(1,0)) {
 		printf("Failed to initialize driver.\n");
 		DBG("no driver, exiting");
 		return 0;
@@ -926,7 +926,7 @@ static int run_service()
 	pid = pbi[5];
 	prot.pid = pid;
 	DBG("got parent pid=%d",pid);
-	dev = check_driver(0);
+	dev = check_driver(0,1);
 	if (!dev) {
 		DBG("no driver, bye");
 		return 0;
@@ -957,7 +957,7 @@ static int regunlock(int mcmd, WCHAR *p)
 	if ((!cmd) || ((cmd != 'E') && (cmd != 'D')))
 		usage(0);
 	while (*p == L' ' || *p == L'\t') p++;
-	dev = check_driver(0);
+	dev = check_driver(0,0);
 	if (!dev) {
 		printf("Failed to open/install WinD device.\n");
 		return 0;

diff --git a/wind.h b/wind.h
@@ -12,6 +12,7 @@ typedef struct {
 	UCHAR 	ci_guess;  // If ciorigptr is 0, use this guess instead.
 	int 	protofs;   // _EPROCESS->Flags2 offset on Win7, PS_PROTECTION Win8.
 	int 	protbit;   // Flags2->ProtectedProcess bit on Win7, -1 otherwise.
+	int 	bootreg;   // process registry entries at boot
 } wind_config_t;
 
 // Load a driver. Argument is simply the unicode string.