NTSTATUS
NTAPI
SmpTerminate(IN PULONG_PTR Parameters,
IN ULONG ParameterMask,
IN ULONG ParameterCount)
{
NTSTATUS Status;
BOOLEAN Old;
ULONG Response;
/* Give the shutdown privilege to the thread */
if (RtlAdjustPrivilege(SE_SHUTDOWN_PRIVILEGE, TRUE, TRUE, &Old) ==
STATUS_NO_TOKEN)
{
/* Thread doesn't have a token, give it to the entire process */
RtlAdjustPrivilege(SE_SHUTDOWN_PRIVILEGE, TRUE, FALSE, &Old);
}
/* Take down the process/machine with a hard error */
Status = NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED,
ParameterCount,
ParameterMask,
Parameters,
OptionShutdownSystem,
&Response);
/* Terminate the process if the hard error didn't already */
return NtTerminateProcess(NtCurrentProcess(), Status);
}
NTSTATUS __cdecl _main(int argc,
char *argv[],
char *envp[],
ULONG DebugFlag)
{
NTSTATUS Status = STATUS_SUCCESS;
PROCESS_BASIC_INFORMATION PBI = {0};
/* Lookup yourself */
Status = NtQueryInformationProcess (NtCurrentProcess(),
ProcessBasicInformation,
& PBI,
sizeof PBI,
NULL);
if(NT_SUCCESS(Status))
{
SmSsProcessId = (ULONG) PBI.UniqueProcessId;
}
/* Initialize the system */
Status = InitSessionManager();
/* Watch required subsystems TODO */
#if 0
if (!NT_SUCCESS(Status))
{
int i;
for (i=0; i < (sizeof Children / sizeof Children[0]); i++)
{
if (Children[i])
{
NtTerminateProcess(Children[i],0);
}
}
DPRINT1("SM: Initialization failed!\n");
goto ByeBye;
}
Status = NtWaitForMultipleObjects(((LONG) sizeof(Children) / sizeof(HANDLE)),
Children,
WaitAny,
TRUE, /* alertable */
NULL); /* NULL for infinite */
if (!NT_SUCCESS(Status))
{
DPRINT1("SM: NtWaitForMultipleObjects failed! (Status=0x%08lx)\n", Status);
}
else
{
DPRINT1("SM: Process terminated!\n");
}
ByeBye:
/* Raise a hard error (crash the system/BSOD) */
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED,
0,0,0,0,0);
// NtTerminateProcess(NtCurrentProcess(), 0);
#endif
return NtTerminateThread(NtCurrentThread(), Status);
}
int
_cdecl
_main(int argc,
char *argv[],
char *envp[],
int DebugFlag)
{
KPRIORITY BasePriority = (8 + 1) + 4;
NTSTATUS Status;
//ULONG Response; // see the #if 0
UNREFERENCED_PARAMETER(envp);
UNREFERENCED_PARAMETER(DebugFlag);
/* Set the Priority */
NtSetInformationProcess(NtCurrentProcess(),
ProcessBasePriority,
&BasePriority,
sizeof(KPRIORITY));
/* Give us IOPL so that we can access the VGA registers */
Status = NtSetInformationProcess(NtCurrentProcess(),
ProcessUserModeIOPL,
NULL,
0);
if (!NT_SUCCESS(Status))
{
/* Raise a hard error */
DPRINT1("CSRSS: Could not raise IOPL, Status: 0x%08lx\n", Status);
#if 0
Status = NtRaiseHardError(STATUS_IO_PRIVILEGE_FAILED,
0,
0,
NULL,
OptionOk,
&Response);
#endif
}
/* Initialize CSR through CSRSRV */
Status = CsrServerInitialization(argc, argv);
if (!NT_SUCCESS(Status))
{
/* Kill us */
DPRINT1("CSRSS: Unable to initialize server, Status: 0x%08lx\n", Status);
NtTerminateProcess(NtCurrentProcess(), Status);
}
/* Disable errors */
CsrpSetDefaultProcessHardErrorMode();
/* If this is Session 0, make sure killing us bugchecks the system */
if (NtCurrentPeb()->SessionId == 0) RtlSetProcessIsCritical(TRUE, NULL, FALSE);
/* Kill this thread. CSRSRV keeps us going */
NtTerminateThread(NtCurrentThread(), Status);
return 0;
}
void mymain(void) {
NTSTATUS status;
HANDLE hProcess = INVALID_HANDLE_VALUE;
UNICODE_STRING uProcName;
RtlInitUnicodeString(&uProcName, L"notepad.exe");
status = openProcByName(&hProcess, &uProcName, TRUE);
NtRaiseHardError(status, 0, 0, NULL, 0, (PULONG)&status);
}
DWORD
_cdecl
main(
int argc,
char *argv[],
char *envp[]
)
{
ULONG ErrorParameters[2];
ULONG ErrorResponse;
UNICODE_STRING PathName;
RtlInitUnicodeString(&PathName,L"\\\\??\\O:\\AUTORUN.EXE");
ErrorResponse = ResponseOk;
ErrorParameters[0] = (ULONG)&PathName;
NtRaiseHardError( STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE,
1,
1,
ErrorParameters,
OptionOk,
&ErrorResponse
);
RtlInitUnicodeString(&PathName,L"\\\\??\\O:\\autorun.exe");
ErrorResponse = ResponseOk;
ErrorParameters[0] = (ULONG)&PathName;
NtRaiseHardError( STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE,
1,
1,
ErrorParameters,
OptionOk,
&ErrorResponse
);
return 1;
}
NTSTATUS
PsLocateSystemDll (
VOID
)
/*++
Routine Description:
This function locates the system dll and creates a section for the
DLL and maps it into the system process.
Arguments:
None.
Return Value:
TRUE - Initialization was successful.
FALSE - Initialization Failed.
--*/
{
HANDLE File;
HANDLE Section;
NTSTATUS st;
UNICODE_STRING DllPathName;
WCHAR PathBuffer[DOS_MAX_PATH_LENGTH];
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatus;
//
// Initialize the system DLL
//
DllPathName.Length = 0;
DllPathName.Buffer = PathBuffer;
DllPathName.MaximumLength = 256;
RtlInitUnicodeString(&DllPathName,L"\\SystemRoot\\System32\\ntdll.dll");
InitializeObjectAttributes(
&ObjectAttributes,
&DllPathName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
st = ZwOpenFile(
&File,
SYNCHRONIZE | FILE_EXECUTE,
&ObjectAttributes,
&IoStatus,
FILE_SHARE_READ,
0
);
if (!NT_SUCCESS(st)) {
#if DBG
DbgPrint("PS: PsLocateSystemDll - NtOpenFile( NTDLL.DLL ) failed. Status == %lx\n",
st
);
#endif
KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED,st,2,0,0);
return st;
}
st = MmCheckSystemImage(File);
if ( st == STATUS_IMAGE_CHECKSUM_MISMATCH ) {
ULONG ErrorParameters;
ULONG ErrorResponse;
//
// Hard error time. A driver is corrupt.
//
ErrorParameters = (ULONG)&DllPathName;
NtRaiseHardError(
st,
1,
1,
&ErrorParameters,
OptionOk,
&ErrorResponse
);
return st;
}
PsNtDllPathName.MaximumLength = DllPathName.Length + sizeof( WCHAR );
PsNtDllPathName.Length = 0;
PsNtDllPathName.Buffer = RtlAllocateStringRoutine( PsNtDllPathName.MaximumLength );
RtlCopyUnicodeString( &PsNtDllPathName, &DllPathName );
st = ZwCreateSection(
&Section,
SECTION_ALL_ACCESS,
NULL,
0,
PAGE_EXECUTE,
SEC_IMAGE,
File
);
ZwClose( File );
if (!NT_SUCCESS(st)) {
#if DBG
DbgPrint("PS: PsLocateSystemDll: NtCreateSection Status == %lx\n",st);
#endif
KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED,st,3,0,0);
return st;
}
//
// Now that we have the section, reference it, store its address in the
// PspSystemDll and then close handle to the section.
//
st = ObReferenceObjectByHandle(
Section,
SECTION_ALL_ACCESS,
MmSectionObjectType,
KernelMode,
&PspSystemDll.Section,
NULL
);
ZwClose(Section);
if ( !NT_SUCCESS(st) ) {
KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED,st,4,0,0);
return st;
}
//
// Map the system dll into the user part of the address space
//
st = PspMapSystemDll(PsGetCurrentProcess(),&PspSystemDll.DllBase);
PsSystemDllDllBase = PspSystemDll.DllBase;
if ( !NT_SUCCESS(st) ) {
KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED,st,5,0,0);
return st;
}
PsSystemDllBase = PspSystemDll.DllBase;
return STATUS_SUCCESS;
}
_Noreturn void _MCFCRT_Bail(const wchar_t *pwszDescription){
static volatile bool s_bBailing = false;
const bool bBailing = __atomic_exchange_n(&s_bBailing, true, __ATOMIC_RELAXED);
if(bBailing){
TerminateThread(GetCurrentThread(), 3);
__builtin_unreachable();
}
#ifdef NDEBUG
const bool bCanBeDebugged = IsDebuggerPresent();
#else
const bool bCanBeDebugged = true;
#endif
wchar_t awcBuffer[1024 + 128];
wchar_t *pwcWrite = _MCFCRT_wcpcpy(awcBuffer, L"应用程序异常终止,请联系作者寻求协助。");
if(pwszDescription){
pwcWrite = _MCFCRT_wcpcpy(pwcWrite, L"\n\n错误描述:\n");
pwcWrite = _MCFCRT_wcppcpy(pwcWrite, awcBuffer + 1024, pwszDescription); // 后面还有一些内容,保留一些字符。
}
pwcWrite = _MCFCRT_wcpcpy(pwcWrite, L"\n\n单击“确定”终止应用程序");
if(bCanBeDebugged){
pwcWrite = _MCFCRT_wcpcpy(pwcWrite, L",单击“取消”调试应用程序");
}
pwcWrite = _MCFCRT_wcpcpy(pwcWrite, L"。");
const size_t uLength = (size_t)(pwcWrite - awcBuffer);
_MCFCRT_WriteStandardErrorText(awcBuffer, uLength, true);
size_t uTextSizeInBytes = uLength * sizeof(wchar_t);
const unsigned kMaxSizeInBytes = USHRT_MAX & -sizeof(wchar_t);
if(uTextSizeInBytes > kMaxSizeInBytes){
uTextSizeInBytes = kMaxSizeInBytes;
}
UNICODE_STRING ustrText;
ustrText.Length = (unsigned short)uTextSizeInBytes;
ustrText.MaximumLength = ustrText.Length;
ustrText.Buffer = awcBuffer;
static const wchar_t kCaption[] = L"MCF CRT";
UNICODE_STRING ustrCaption;
ustrCaption.Length = sizeof(kCaption) - sizeof(wchar_t);
ustrCaption.MaximumLength = ustrCaption.Length;
ustrCaption.Buffer = (wchar_t *)kCaption;
const ULONG_PTR aulParams[] = {
(ULONG_PTR)&ustrText,
(ULONG_PTR)&ustrCaption,
(ULONG_PTR)((bCanBeDebugged ? MB_OKCANCEL : MB_OK) | MB_ICONERROR),
(ULONG_PTR)-1
};
HardErrorResponse eResponse;
const NTSTATUS lStatus = NtRaiseHardError(0x50000018, sizeof(aulParams) / sizeof(aulParams[0]), 3, aulParams, kHardErrorOk, &eResponse);
if(!NT_SUCCESS(lStatus)){
eResponse = kHardErrorResponseCancel;
}
if(eResponse != kHardErrorResponseOk){
DebugBreak();
}
TerminateProcess(GetCurrentProcess(), 3);
__builtin_unreachable();
}
int
WINAPI
WinMain(
IN HINSTANCE hInstance,
IN HINSTANCE hPrevInstance,
IN LPSTR lpCmdLine,
IN int nShowCmd)
{
#if 0
LSA_STRING ProcessName, PackageName;
HANDLE LsaHandle;
LSA_OPERATIONAL_MODE Mode;
BOOLEAN Old;
ULONG AuthenticationPackage;
NTSTATUS Status;
#endif
ULONG HardErrorResponse;
MSG Msg;
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
UNREFERENCED_PARAMETER(nShowCmd);
hAppInstance = hInstance;
/* Make us critical */
RtlSetProcessIsCritical(TRUE, NULL, FALSE);
RtlSetThreadIsCritical(TRUE, NULL, FALSE);
if (!RegisterLogonProcess(GetCurrentProcessId(), TRUE))
{
ERR("WL: Could not register logon process\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
WLSession = (PWLSESSION)HeapAlloc(GetProcessHeap(), 0, sizeof(WLSESSION));
if (!WLSession)
{
ERR("WL: Could not allocate memory for winlogon instance\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
ZeroMemory(WLSession, sizeof(WLSESSION));
WLSession->DialogTimeout = 120; /* 2 minutes */
/* Initialize the dialog tracking list */
InitDialogListHead();
if (!CreateWindowStationAndDesktops(WLSession))
{
ERR("WL: Could not create window station and desktops\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
LockWorkstation(WLSession);
/* Load default keyboard layouts */
if (!InitKeyboardLayouts())
{
ERR("WL: Could not preload keyboard layouts\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
if (!StartRpcServer())
{
ERR("WL: Could not start the RPC server\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
if (!StartServicesManager())
{
ERR("WL: Could not start services.exe\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
if (!StartLsass())
{
ERR("WL: Failed to start lsass.exe service (error %lu)\n", GetLastError());
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
/* Wait for the LSA server */
WaitForLsass();
/* Init Notifications */
InitNotifications();
/* Load and initialize gina */
if (!GinaInit(WLSession))
{
ERR("WL: Failed to initialize Gina\n");
// FIXME: Retrieve the real name of the GINA DLL we were trying to load.
// It is known only inside the GinaInit function...
DialogBoxParam(hAppInstance, MAKEINTRESOURCE(IDD_GINALOADFAILED), GetDesktopWindow(), GinaLoadFailedWindowProc, (LPARAM)L"msgina.dll");
HandleShutdown(WLSession, WLX_SAS_ACTION_SHUTDOWN_REBOOT);
ExitProcess(1);
}
DisplayStatusMessage(WLSession, WLSession->WinlogonDesktop, IDS_REACTOSISSTARTINGUP);
#if 0
/* Connect to NetLogon service (lsass.exe) */
/* Real winlogon uses "Winlogon" */
RtlInitUnicodeString((PUNICODE_STRING)&ProcessName, L"Winlogon");
Status = LsaRegisterLogonProcess(&ProcessName, &LsaHandle, &Mode);
if (Status == STATUS_PORT_CONNECTION_REFUSED)
{
/* Add the 'SeTcbPrivilege' privilege and try again */
Status = RtlAdjustPrivilege(SE_TCB_PRIVILEGE, TRUE, TRUE, &Old);
if (!NT_SUCCESS(Status))
{
ERR("RtlAdjustPrivilege() failed with error %lu\n", LsaNtStatusToWinError(Status));
return 1;
}
Status = LsaRegisterLogonProcess(&ProcessName, &LsaHandle, &Mode);
}
if (!NT_SUCCESS(Status))
{
ERR("LsaRegisterLogonProcess() failed with error %lu\n", LsaNtStatusToWinError(Status));
return 1;
}
RtlInitUnicodeString((PUNICODE_STRING)&PackageName, MICROSOFT_KERBEROS_NAME_W);
Status = LsaLookupAuthenticationPackage(LsaHandle, &PackageName, &AuthenticationPackage);
if (!NT_SUCCESS(Status))
{
ERR("LsaLookupAuthenticationPackage() failed with error %lu\n", LsaNtStatusToWinError(Status));
LsaDeregisterLogonProcess(LsaHandle);
return 1;
}
#endif
CallNotificationDlls(WLSession, StartupHandler);
/* Create a hidden window to get SAS notifications */
if (!InitializeSAS(WLSession))
{
ERR("WL: Failed to initialize SAS\n");
ExitProcess(2);
}
// DisplayStatusMessage(Session, Session->WinlogonDesktop, IDS_PREPARENETWORKCONNECTIONS);
// DisplayStatusMessage(Session, Session->WinlogonDesktop, IDS_APPLYINGCOMPUTERSETTINGS);
/* Display logged out screen */
WLSession->LogonState = STATE_INIT;
RemoveStatusMessage(WLSession);
/* Check for pending setup */
if (GetSetupType() != 0)
{
/* Run setup and reboot when done */
TRACE("WL: Setup mode detected\n");
RunSetup();
}
else
{
PostMessageW(WLSession->SASWindow, WLX_WM_SAS, WLX_SAS_TYPE_CTRL_ALT_DEL, 0);
}
(void)LoadLibraryW(L"sfc_os.dll");
/* Tell kernel that CurrentControlSet is good (needed
* to support Last good known configuration boot) */
NtInitializeRegistry(CM_BOOT_FLAG_ACCEPTED | 1);
/* Message loop for the SAS window */
while (GetMessageW(&Msg, WLSession->SASWindow, 0, 0))
{
TranslateMessage(&Msg);
DispatchMessageW(&Msg);
}
CleanupNotifications();
/* We never go there */
return 0;
}
