// Registers power callback
_Use_decl_annotations_ NTSTATUS PowerCallbackInitialization() {
PAGED_CODE();
UNICODE_STRING name = RTL_CONSTANT_STRING(L"\\Callback\\PowerState");
OBJECT_ATTRIBUTES oa =
RTL_CONSTANT_OBJECT_ATTRIBUTES(&name, OBJ_CASE_INSENSITIVE);
auto status = ExCreateCallback(&g_pcp_callback_object, &oa, FALSE, TRUE);
if (!NT_SUCCESS(status)) {
return status;
}
g_pcp_registration = ExRegisterCallback(
g_pcp_callback_object, PowerCallbackpCallbackRoutine, nullptr);
if (!g_pcp_registration) {
ObDereferenceObject(g_pcp_callback_object);
g_pcp_callback_object = nullptr;
return STATUS_UNSUCCESSFUL;
}
return status;
}
BOOLEAN
WINAPI
IsShimInfrastructureDisabled(VOID)
{
HANDLE KeyHandle;
NTSTATUS Status;
KEY_VALUE_PARTIAL_INFORMATION KeyInfo;
ULONG ResultLength;
UNICODE_STRING OptionKey = RTL_CONSTANT_STRING(L"\\Registry\\MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option");
UNICODE_STRING AppCompatKey = RTL_CONSTANT_STRING(L"\\Registry\\MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\AppCompatibility");
UNICODE_STRING PolicyKey = RTL_CONSTANT_STRING(L"\\Registry\\MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppCompat");
UNICODE_STRING OptionValue = RTL_CONSTANT_STRING(L"OptionValue");
UNICODE_STRING DisableAppCompat = RTL_CONSTANT_STRING(L"DisableAppCompat");
UNICODE_STRING DisableEngine = RTL_CONSTANT_STRING(L"DisableEngine");
OBJECT_ATTRIBUTES OptionKeyAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES(&OptionKey, OBJ_CASE_INSENSITIVE);
OBJECT_ATTRIBUTES AppCompatKeyAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES(&AppCompatKey, OBJ_CASE_INSENSITIVE);
OBJECT_ATTRIBUTES PolicyKeyAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES(&PolicyKey, OBJ_CASE_INSENSITIVE);
/*
* This is a TROOLEAN, -1 means we haven't yet figured it out.
* 0 means shims are enabled, and 1 means shims are disabled!
*/
if (g_ShimsEnabled == -1)
{
/* Open the safe mode key */
Status = NtOpenKey(&KeyHandle, 1, &OptionKeyAttributes);
if (NT_SUCCESS(Status))
{
/* Check if this is safemode */
Status = NtQueryValueKey(KeyHandle,
&OptionValue,
KeyValuePartialInformation,
&KeyInfo,
sizeof(KeyInfo),
&ResultLength);
NtClose(KeyHandle);
if ((NT_SUCCESS(Status)) &&
(KeyInfo.Type == REG_DWORD) &&
(KeyInfo.DataLength == sizeof(ULONG)) &&
(KeyInfo.Data[0] == TRUE))
{
/* It is, so disable shims! */
g_ShimsEnabled = TRUE;
}
else
{
/* Open the app compatibility engine settings key */
Status = NtOpenKey(&KeyHandle, 1, &AppCompatKeyAttributes);
if (NT_SUCCESS(Status))
{
/* Check if the app compat engine is turned off */
Status = NtQueryValueKey(KeyHandle,
&DisableAppCompat,
KeyValuePartialInformation,
&KeyInfo,
sizeof(KeyInfo),
&ResultLength);
NtClose(KeyHandle);
if ((NT_SUCCESS(Status)) &&
(KeyInfo.Type == REG_DWORD) &&
(KeyInfo.DataLength == sizeof(ULONG)) &&
(KeyInfo.Data[0] == TRUE))
{
/* It is, so disable shims! */
g_ShimsEnabled = TRUE;
}
else
{
/* Finally, open the app compatibility policy key */
Status = NtOpenKey(&KeyHandle, 1, &PolicyKeyAttributes);
if (NT_SUCCESS(Status))
{
/* Check if the system policy disables app compat */
Status = NtQueryValueKey(KeyHandle,
&DisableEngine,
KeyValuePartialInformation,
&KeyInfo,
sizeof(KeyInfo),
&ResultLength),
NtClose(KeyHandle);
if ((NT_SUCCESS(Status)) &&
(KeyInfo.Type == REG_DWORD) &&
(KeyInfo.DataLength == sizeof(ULONG)) &&
(KeyInfo.Data[0] == TRUE))
{
/* It does, so disable shims! */
g_ShimsEnabled = TRUE;
}
else
{
/* No keys are set, so enable shims! */
g_ShimsEnabled = FALSE;
}
}
}
}
}
}
}
/* Return if shims are disabled or not ("Enabled == 1" means disabled!) */
return g_ShimsEnabled ? TRUE : FALSE;
}
#include <ntoskrnl.h>
#define NDEBUG
#include <debug.h>
/* GLOBALS *******************************************************************/
static BOOLEAN ApphelpCacheEnabled = FALSE;
static ERESOURCE ApphelpCacheLock;
static RTL_AVL_TABLE ApphelpShimCache;
static LIST_ENTRY ApphelpShimCacheAge;
extern ULONG InitSafeBootMode;
static UNICODE_STRING AppCompatCacheKey = RTL_CONSTANT_STRING(L"\\Registry\\MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\AppCompatCache");
static OBJECT_ATTRIBUTES AppCompatKeyAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES(&AppCompatCacheKey, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE);
static UNICODE_STRING AppCompatCacheValue = RTL_CONSTANT_STRING(L"AppCompatCache");
#define EMPTY_SHIM_ENTRY { { 0 }, { { 0 } }, 0 }
#define MAX_SHIM_ENTRIES 0x200
#define TAG_SHIM 'MIHS'
#ifndef INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE (HANDLE)(-1)
#endif
#include <pshpack1.h>
typedef struct SHIM_PERSISTENT_CACHE_HEADER_52
{
ULONG Magic;
