static void test_GetMappedFileName(void)
{
HMODULE hMod = GetModuleHandle(NULL);
char szMapPath[MAX_PATH], szModPath[MAX_PATH], *szMapBaseName;
DWORD ret;
SetLastError(0xdeadbeef);
pGetMappedFileNameA(NULL, hMod, szMapPath, sizeof(szMapPath));
ok(GetLastError() == ERROR_INVALID_HANDLE, "expected error=ERROR_INVALID_HANDLE but got %d\n", GetLastError());
SetLastError(0xdeadbeef);
pGetMappedFileNameA(hpSR, hMod, szMapPath, sizeof(szMapPath));
todo_wine ok(GetLastError() == ERROR_ACCESS_DENIED, "expected error=ERROR_ACCESS_DENIED but got %d\n", GetLastError());
SetLastError( 0xdeadbeef );
ret = pGetMappedFileNameA(hpQI, hMod, szMapPath, sizeof(szMapPath));
ok( ret || broken(GetLastError() == ERROR_UNEXP_NET_ERR), /* win2k */
"GetMappedFileNameA failed with error %u\n", GetLastError() );
if (!ret) return;
ok(ret == strlen(szMapPath), "szMapPath=\"%s\" ret=%d\n", szMapPath, ret);
ok(szMapPath[0] == '\\', "szMapPath=\"%s\"\n", szMapPath);
szMapBaseName = strrchr(szMapPath, '\\'); /* That's close enough for us */
if(!szMapBaseName || !*szMapBaseName)
{
ok(0, "szMapPath=\"%s\"\n", szMapPath);
return;
}
GetModuleFileNameA(NULL, szModPath, sizeof(szModPath));
ok(!strcmp(strrchr(szModPath, '\\'), szMapBaseName),
"szModPath=\"%s\" szMapBaseName=\"%s\"\n", szModPath, szMapBaseName);
}
static void test_GetProcessImageFileName(void)
{
HMODULE hMod = GetModuleHandle(NULL);
char szImgPath[MAX_PATH], szMapPath[MAX_PATH];
DWORD ret;
if(pGetProcessImageFileNameA == NULL)
return;
/* This function is available on WinXP+ only */
SetLastError(0xdeadbeef);
if(!pGetProcessImageFileNameA(hpQI, szImgPath, sizeof(szImgPath)))
{
if(GetLastError() == ERROR_INVALID_FUNCTION)
win_skip("GetProcessImageFileName not implemented\n");
else if(GetLastError() == 0xdeadbeef)
ok(0, "failed without error code\n");
else
ok(0, "failed with %d\n", GetLastError());
return;
}
w32_err(pGetProcessImageFileNameA(NULL, szImgPath, sizeof(szImgPath)), ERROR_INVALID_HANDLE);
w32_err(pGetProcessImageFileNameA(hpSR, szImgPath, sizeof(szImgPath)), ERROR_ACCESS_DENIED);
w32_err(pGetProcessImageFileNameA(hpQI, szImgPath, 0), ERROR_INSUFFICIENT_BUFFER);
if(!w32_suc(ret = pGetProcessImageFileNameA(hpQI, szImgPath, sizeof(szImgPath))) ||
!w32_suc(pGetMappedFileNameA(hpQV, hMod, szMapPath, sizeof(szMapPath))))
return;
/* Windows returns 2*strlen-1 */
ok(ret >= strlen(szImgPath), "szImgPath=\"%s\" ret=%d\n", szImgPath, ret);
ok(!strcmp(szImgPath, szMapPath),
"szImgPath=\"%s\" szMapPath=\"%s\"\n", szImgPath, szMapPath);
}
static void test_GetProcessImageFileName(void)
{
HMODULE hMod = GetModuleHandle(NULL);
char szImgPath[MAX_PATH], szMapPath[MAX_PATH];
WCHAR szImgPathW[MAX_PATH];
DWORD ret;
if(pGetProcessImageFileNameA == NULL)
return;
/* This function is available on WinXP+ only */
SetLastError(0xdeadbeef);
if(!pGetProcessImageFileNameA(hpQI, szImgPath, sizeof(szImgPath)))
{
if(GetLastError() == ERROR_INVALID_FUNCTION) {
win_skip("GetProcessImageFileName not implemented\n");
return;
}
if(GetLastError() == 0xdeadbeef)
todo_wine ok(0, "failed without error code\n");
else
todo_wine ok(0, "failed with %d\n", GetLastError());
}
todo_wine w32_err(pGetProcessImageFileNameA(NULL, szImgPath, sizeof(szImgPath)), ERROR_INVALID_HANDLE);
todo_wine w32_err(pGetProcessImageFileNameA(hpSR, szImgPath, sizeof(szImgPath)), ERROR_ACCESS_DENIED);
todo_wine w32_err(pGetProcessImageFileNameA(hpQI, szImgPath, 0), ERROR_INSUFFICIENT_BUFFER);
todo_wine
if(w32_suc(ret = pGetProcessImageFileNameA(hpQI, szImgPath, sizeof(szImgPath))) &&
w32_suc(pGetMappedFileNameA(hpQV, hMod, szMapPath, sizeof(szMapPath)))) {
/* Windows returns 2*strlen-1 */
ok(ret >= strlen(szImgPath), "szImgPath=\"%s\" ret=%d\n", szImgPath, ret);
ok(!strcmp(szImgPath, szMapPath),
"szImgPath=\"%s\" szMapPath=\"%s\"\n", szImgPath, szMapPath);
}
w32_err(pGetProcessImageFileNameW(NULL, szImgPathW, sizeof(szImgPathW)), ERROR_INVALID_HANDLE);
/* no information about correct buffer size returned: */
w32_err(pGetProcessImageFileNameW(hpQI, szImgPathW, 0), ERROR_INSUFFICIENT_BUFFER);
w32_err(pGetProcessImageFileNameW(hpQI, NULL, 0), ERROR_INSUFFICIENT_BUFFER);
/* correct call */
memset(szImgPathW, 0xff, sizeof(szImgPathW));
ret = pGetProcessImageFileNameW(hpQI, szImgPathW, sizeof(szImgPathW)/sizeof(WCHAR));
ok(ret > 0, "GetProcessImageFileNameW should have succeeded.\n");
ok(szImgPathW[0] == '\\', "GetProcessImageFileNameW should have returned an NT path.\n");
expect_eq_d(lstrlenW(szImgPathW), ret);
/* boundary values of 'size' */
w32_err(pGetProcessImageFileNameW(hpQI, szImgPathW, ret), ERROR_INSUFFICIENT_BUFFER);
memset(szImgPathW, 0xff, sizeof(szImgPathW));
ret = pGetProcessImageFileNameW(hpQI, szImgPathW, ret + 1);
ok(ret > 0, "GetProcessImageFileNameW should have succeeded.\n");
ok(szImgPathW[0] == '\\', "GetProcessImageFileNameW should have returned an NT path.\n");
expect_eq_d(lstrlenW(szImgPathW), ret);
}
static void test_GetMappedFileName(void)
{
HMODULE hMod = GetModuleHandle(NULL);
char szMapPath[MAX_PATH], szModPath[MAX_PATH], *szMapBaseName;
DWORD ret;
w32_err(pGetMappedFileNameA(NULL, hMod, szMapPath, sizeof(szMapPath)), ERROR_INVALID_HANDLE);
w32_err(pGetMappedFileNameA(hpSR, hMod, szMapPath, sizeof(szMapPath)), ERROR_ACCESS_DENIED);
if(!w32_suc(ret = pGetMappedFileNameA(hpQI, hMod, szMapPath, sizeof(szMapPath))))
return;
ok(ret == strlen(szMapPath), "szMapPath=\"%s\" ret=%d\n", szMapPath, ret);
ok(szMapPath[0] == '\\', "szMapPath=\"%s\"\n", szMapPath);
szMapBaseName = strrchr(szMapPath, '\\'); /* That's close enough for us */
if(!szMapBaseName || !*szMapBaseName)
{
ok(0, "szMapPath=\"%s\"\n", szMapPath);
return;
}
GetModuleFileNameA(NULL, szModPath, sizeof(szModPath));
ok(!strcmp(strrchr(szModPath, '\\'), szMapBaseName),
"szModPath=\"%s\" szMapBaseName=\"%s\"\n", szModPath, szMapBaseName);
}
static void test_GetMappedFileName(void)
{
HMODULE hMod = GetModuleHandleA(NULL);
char szMapPath[MAX_PATH], szModPath[MAX_PATH], *szMapBaseName;
DWORD ret;
char *base;
char temp_path[MAX_PATH], file_name[MAX_PATH], map_name[MAX_PATH], device_name[MAX_PATH], drive[3];
WCHAR map_nameW[MAX_PATH], nt_map_name[MAX_PATH];
HANDLE hfile, hmap;
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameA(NULL, hMod, szMapPath, sizeof(szMapPath));
ok(!ret, "GetMappedFileName should fail\n");
todo_wine
ok(GetLastError() == ERROR_INVALID_HANDLE, "expected error=ERROR_INVALID_HANDLE but got %d\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameA(hpSR, hMod, szMapPath, sizeof(szMapPath));
ok(!ret, "GetMappedFileName should fail\n");
todo_wine
ok(GetLastError() == ERROR_ACCESS_DENIED, "expected error=ERROR_ACCESS_DENIED but got %d\n", GetLastError());
SetLastError( 0xdeadbeef );
ret = pGetMappedFileNameA(hpQI, hMod, szMapPath, sizeof(szMapPath));
todo_wine
ok( ret || broken(GetLastError() == ERROR_UNEXP_NET_ERR), /* win2k */
"GetMappedFileNameA failed with error %u\n", GetLastError() );
if (ret)
{
ok(ret == strlen(szMapPath), "szMapPath=\"%s\" ret=%d\n", szMapPath, ret);
todo_wine
ok(szMapPath[0] == '\\', "szMapPath=\"%s\"\n", szMapPath);
szMapBaseName = strrchr(szMapPath, '\\'); /* That's close enough for us */
todo_wine
ok(szMapBaseName && *szMapBaseName, "szMapPath=\"%s\"\n", szMapPath);
if (szMapBaseName)
{
GetModuleFileNameA(NULL, szModPath, sizeof(szModPath));
ok(!strcmp(strrchr(szModPath, '\\'), szMapBaseName),
"szModPath=\"%s\" szMapBaseName=\"%s\"\n", szModPath, szMapBaseName);
}
}
GetTempPathA(MAX_PATH, temp_path);
GetTempFileNameA(temp_path, "map", 0, file_name);
drive[0] = file_name[0];
drive[1] = ':';
drive[2] = 0;
SetLastError(0xdeadbeef);
ret = QueryDosDeviceA(drive, device_name, sizeof(device_name));
ok(ret, "QueryDosDeviceA error %d\n", GetLastError());
trace("%s -> %s\n", drive, device_name);
SetLastError(0xdeadbeef);
hfile = CreateFileA(file_name, GENERIC_READ | GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0);
ok(hfile != INVALID_HANDLE_VALUE, "CreateFileA(%s) error %d\n", file_name, GetLastError());
SetFilePointer(hfile, 0x4000, NULL, FILE_BEGIN);
SetEndOfFile(hfile);
SetLastError(0xdeadbeef);
hmap = CreateFileMappingA(hfile, NULL, PAGE_READONLY | SEC_COMMIT, 0, 0, NULL);
ok(hmap != 0, "CreateFileMappingA error %d\n", GetLastError());
SetLastError(0xdeadbeef);
base = MapViewOfFile(hmap, FILE_MAP_READ, 0, 0, 0);
ok(base != NULL, "MapViewOfFile error %d\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameA(GetCurrentProcess(), base, map_name, 0);
ok(!ret, "GetMappedFileName should fail\n");
todo_wine
ok(GetLastError() == ERROR_INVALID_PARAMETER || GetLastError() == ERROR_INSUFFICIENT_BUFFER,
"wrong error %d\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameA(GetCurrentProcess(), base, 0, sizeof(map_name));
ok(!ret, "GetMappedFileName should fail\n");
todo_wine
ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameA(GetCurrentProcess(), base, map_name, 1);
todo_wine
ok(ret == 1, "GetMappedFileName error %d\n", GetLastError());
ok(!map_name[0] || broken(map_name[0] == device_name[0]) /* before win2k */, "expected 0, got %c\n", map_name[0]);
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameA(GetCurrentProcess(), base, map_name, sizeof(map_name));
todo_wine {
ok(ret, "GetMappedFileName error %d\n", GetLastError());
ok(ret > strlen(device_name), "map_name should be longer than device_name\n");
ok(memcmp(map_name, device_name, strlen(device_name)) == 0, "map name does not start with a device name: %s\n", map_name);
}
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameW(GetCurrentProcess(), base, map_nameW, sizeof(map_nameW)/sizeof(map_nameW[0]));
todo_wine {
ok(ret, "GetMappedFileNameW error %d\n", GetLastError());
ok(ret > strlen(device_name), "map_name should be longer than device_name\n");
}
if (nt_get_mapped_file_name(GetCurrentProcess(), base, nt_map_name, sizeof(nt_map_name)/sizeof(nt_map_name[0])))
{
ok(memcmp(map_nameW, nt_map_name, lstrlenW(map_nameW)) == 0, "map name does not start with a device name: %s\n", map_name);
WideCharToMultiByte(CP_ACP, 0, map_nameW, -1, map_name, MAX_PATH, NULL, NULL);
ok(memcmp(map_name, device_name, strlen(device_name)) == 0, "map name does not start with a device name: %s\n", map_name);
}
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameA(GetCurrentProcess(), base + 0x2000, map_name, sizeof(map_name));
todo_wine {
ok(ret, "GetMappedFileName error %d\n", GetLastError());
ok(ret > strlen(device_name), "map_name should be longer than device_name\n");
ok(memcmp(map_name, device_name, strlen(device_name)) == 0, "map name does not start with a device name: %s\n", map_name);
}
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameA(GetCurrentProcess(), base + 0x4000, map_name, sizeof(map_name));
ok(!ret, "GetMappedFileName should fail\n");
todo_wine
ok(GetLastError() == ERROR_UNEXP_NET_ERR, "expected ERROR_UNEXP_NET_ERR, got %d\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameA(GetCurrentProcess(), NULL, map_name, sizeof(map_name));
ok(!ret, "GetMappedFileName should fail\n");
todo_wine
ok(GetLastError() == ERROR_UNEXP_NET_ERR, "expected ERROR_UNEXP_NET_ERR, got %d\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameA(0, base, map_name, sizeof(map_name));
ok(!ret, "GetMappedFileName should fail\n");
todo_wine
ok(GetLastError() == ERROR_INVALID_HANDLE, "expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
UnmapViewOfFile(base);
CloseHandle(hmap);
CloseHandle(hfile);
DeleteFileA(file_name);
SetLastError(0xdeadbeef);
hmap = CreateFileMappingA(INVALID_HANDLE_VALUE, NULL, PAGE_READONLY | SEC_COMMIT, 0, 4096, NULL);
ok(hmap != 0, "CreateFileMappingA error %d\n", GetLastError());
SetLastError(0xdeadbeef);
base = MapViewOfFile(hmap, FILE_MAP_READ, 0, 0, 0);
ok(base != NULL, "MapViewOfFile error %d\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pGetMappedFileNameA(GetCurrentProcess(), base, map_name, sizeof(map_name));
ok(!ret, "GetMappedFileName should fail\n");
todo_wine
ok(GetLastError() == ERROR_FILE_INVALID, "expected ERROR_FILE_INVALID, got %d\n", GetLastError());
UnmapViewOfFile(base);
CloseHandle(hmap);
}
VOID UnhookModuleExports(HMODULE hModule)
{
CHAR szModuleFileName[MAX_PATH];
pGetModuleFileNameA(hModule,szModuleFileName,sizeof(szModuleFileName));
PVOID pMap = MapBinary(szModuleFileName);
if (pMap)
{
PIMAGE_NT_HEADERS pNtHeaders = (PIMAGE_NT_HEADERS)pRtlImageNtHeader(hModule);
if (pNtHeaders)
{
DWORD dwExportsSize;
//PIMAGE_NT_HEADERS pnt = (PIMAGE_NT_HEADERS)(PIMAGE_DOS_HEADER(hModule)->e_lfanew +(PCHAR)hModule);
// dwExportsSize = pnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
/*PIMAGE_EXPORT_DIRECTORY(PCHAR(hModule) + pnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);//*/
PIMAGE_EXPORT_DIRECTORY ExportDirectory =(PIMAGE_EXPORT_DIRECTORY)pRtlImageDirectoryEntryToData((PVOID)hModule,TRUE,IMAGE_DIRECTORY_ENTRY_EXPORT,&dwExportsSize);
if (ExportDirectory && dwExportsSize)
{
PUSHORT Ords = (PUSHORT)((DWORD)hModule+ExportDirectory->AddressOfNameOrdinals);
PULONG EntriesRva = (PULONG)((DWORD)hModule+ExportDirectory->AddressOfFunctions);
PULONG Names = (PULONG)((DWORD)hModule+ExportDirectory->AddressOfNames);
for (ULONG cEntry = 0; cEntry < ExportDirectory->NumberOfNames; cEntry++)
{
ULONG StartSize = 10;
PVOID ApiStart = (PVOID)((DWORD)hModule+EntriesRva[Ords[cEntry]]);
PVOID ApiOriginalStart = (PVOID)((DWORD)pMap+EntriesRva[Ords[cEntry]]);
if (m_memcmp(ApiStart,ApiOriginalStart,StartSize))
{
BOOL bRestore = TRUE;
// DbgPrint("Hook found %s - %08x - %s ...",szModuleFileName,ApiStart,((DWORD_PTR)hModule+Names[cEntry]));
if (!plstrcmpA((PCHAR)((DWORD_PTR)hModule+Names[cEntry]),"InternetGetCookieExA"))
{
bRestore = FALSE;
}
if (*(BYTE*)ApiStart == 0xE9)
{
PVOID Handler = (PVOID)(*(DWORD*)((DWORD)ApiStart + 1) + (DWORD)ApiStart + 5);
CHAR FileName[MAX_PATH];
if (pGetMappedFileNameA(pGetCurrentProcess(),Handler,FileName,RTL_NUMBER_OF(FileName)-1))
{
if (!plstrcmpA(pPathFindFileNameA(FileName),"ieframe.dll"))
{
// DbgPrint("Not restored.\n");
bRestore = FALSE;
}
}
}
if (bRestore)
{
ULONG Written;
if (pWriteProcessMemory(pGetCurrentProcess(),ApiStart,ApiOriginalStart,StartSize,&Written))
{
// DbgPrint("Restored.\n");
}
else
{
// DbgPrint(__FUNCTION__"(): WriteProcessMemory failed with error %lx\n",GetLastError());
}
}
}
}
}
}
UnmapViewOfFile(pMap);
}
}
