//------------------------------------------------------------------------------ static int check_registry_access() { HKEY key; key = open_cmd_proc_key(g_all_users, 0, 1); if (key == nullptr) return 0; close_key(key); key = open_cmd_proc_key(g_all_users, 1, 1); if (key == nullptr) return 0; close_key(key); return 1; }
//------------------------------------------------------------------------------ static int install_autorun(const char* clink_path, int wow64) { HKEY cmd_proc_key; const char* value; char* new_value; char* key_value; int i; // Remove any previous autorun entries so we never have more than one. We // could just check for an exisiting entry, but by always uninstalling and // reinstalling, we ensure clink's last in the chain, which allows it to // play nicely with other projects that hook cmd.exe and install autoruns. uninstall_autorun(clink_path, wow64); cmd_proc_key = open_software_key("Microsoft\\Command Processor", wow64, 1); if (cmd_proc_key == NULL) { return 0; } key_value = NULL; get_value(cmd_proc_key, "AutoRun", &key_value); i = key_value ? (int)strlen(key_value) : 0; i += 2048; new_value = malloc(i); // Build the new autorun entry by appending clink's entry to the current one. new_value[0] = '\0'; if (key_value != NULL && *key_value != '\0') { str_cat(new_value, key_value, i); str_cat(new_value, "&&", i); } str_cat(new_value, "\"", i); str_cat(new_value, clink_path, i); str_cat(new_value, "\\clink\" inject", i); if (g_clink_args != NULL) { str_cat(new_value, " ", i); str_cat(new_value, g_clink_args, i); } // Set it value = get_cmd_start(new_value); i = 1; if (!set_value(cmd_proc_key, "AutoRun", value)) { i = 0; } // Tidy up. close_key(cmd_proc_key); free(new_value); free(key_value); return i; }
//------------------------------------------------------------------------------ static int uninstall_autorun(const char* clink_path, int wow64) { HKEY cmd_proc_key; char* key_value; int ret; int left, right; cmd_proc_key = open_software_key("Microsoft\\Command Processor", wow64, 1); if (cmd_proc_key == NULL) { return 0; } key_value = NULL; get_value(cmd_proc_key, "AutoRun", &key_value); ret = 1; if (key_value && find_clink_entry(key_value, &left, &right)) { const char* read; char* write; int i, n; // Copy the key value into itself, skipping clink's entry. read = write = key_value; for (i = 0, n = (int)strlen(key_value); i <= n; ++i) { if (i < left || i >= right) { *write++ = *read; } ++read; } read = get_cmd_start(key_value); if (*read == '\0') { // Empty key. We might as well delete it. if (!delete_value(cmd_proc_key, "AutoRun")) { ret = 0; } } else if (!set_value(cmd_proc_key, "AutoRun", read)) { ret = 0; } } // Delete legacy values. delete_value(cmd_proc_key, "AutoRunPreClinkInstall"); // Tidy up. close_key(cmd_proc_key); free(key_value); return ret; }
//------------------------------------------------------------------------------ static int uninstall_autorun(const char* clink_path, int wow64) { HKEY cmd_proc_key; char* key_value; int ret; int left, right; cmd_proc_key = open_cmd_proc_key(g_all_users, wow64, 1); if (cmd_proc_key == nullptr) { printf("ERROR: Failed to open registry key (%d)\n", GetLastError()); return 0; } key_value = nullptr; get_value(cmd_proc_key, "AutoRun", &key_value); ret = 1; if (key_value && find_clink_entry(key_value, &left, &right)) { const char* read; char* write; int i, n; // Copy the key value into itself, skipping clink's entry. read = write = key_value; for (i = 0, n = (int)strlen(key_value); i <= n; ++i) { if (i < left || i >= right) { *write++ = *read; } ++read; } read = get_cmd_start(key_value); if (*read == '\0') { // Empty key. We might as well delete it. if (!delete_value(cmd_proc_key, "AutoRun")) { ret = 0; } } else if (!set_value(cmd_proc_key, "AutoRun", read)) { ret = 0; } } // Tidy up. close_key(cmd_proc_key); free(key_value); return ret; }
//------------------------------------------------------------------------------ static int install_autorun(const char* clink_path, int wow64) { HKEY cmd_proc_key; const char* value; char* key_value; int i; // Remove any previous autorun entries so we never have more than one. We // could just check for an exisiting entry, but by always uninstalling and // reinstalling, we ensure clink's last in the chain, which allows it to // play nicely with other projects that hook cmd.exe and install autoruns. uninstall_autorun(clink_path, wow64); cmd_proc_key = open_cmd_proc_key(g_all_users, wow64, 1); if (cmd_proc_key == nullptr) { printf("ERROR: Failed to open registry key (%d)\n", GetLastError()); return 0; } key_value = nullptr; get_value(cmd_proc_key, "AutoRun", &key_value); i = key_value ? (int)strlen(key_value) : 0; i += 2048; str_base new_value((char*)malloc(i), i); new_value.clear(); // Build the new autorun entry by appending clink's entry to the current one. if (key_value != nullptr && *key_value != '\0') new_value << key_value << "&"; new_value << "\"" << clink_path << "\\clink.bat\" inject --autorun"; if (!g_clink_args.empty()) new_value << " " << g_clink_args; // Set it value = get_cmd_start(new_value.c_str()); i = 1; if (!set_value(cmd_proc_key, "AutoRun", value)) i = 0; // Tidy up. close_key(cmd_proc_key); free(new_value.data()); free(key_value); return i; }
//------------------------------------------------------------------------------ static int force_autorun(const char* value, int wow64) { HKEY cmd_proc_key; int i; cmd_proc_key = open_software_key("Microsoft\\Command Processor", wow64, 1); if (cmd_proc_key == NULL) { return 0; } i = set_value(cmd_proc_key, "AutoRun", value); close_key(cmd_proc_key); return 0; }
//------------------------------------------------------------------------------ static int show_autorun() { int all_users; puts("Current AutoRun values"); for (all_users = 0; all_users < 2; ++all_users) { int wow64; printf("\n %s:\n", all_users ? "All users" : "Current user"); for (wow64 = 0; wow64 < 2; ++wow64) { HKEY cmd_proc_key; char* key_value; cmd_proc_key = open_cmd_proc_key(all_users, wow64, 0); if (cmd_proc_key == nullptr) { printf("ERROR: Failed to open registry key (%d)\n", GetLastError()); return 0; } key_value = nullptr; get_value(cmd_proc_key, "AutoRun", &key_value); printf("\n %6s : %s", wow64 ? " wow64" : "native", key_value ? key_value : "<unset>" ); close_key(cmd_proc_key); free(key_value); } puts(""); } puts(""); return 1; }
// generate public/private key pair for digital signatures void genkeys(void) { if (open_crypt()) { if (CryptGenKey(hProv, AT_SIGNATURE, keylen << 16 | CRYPT_EXPORTABLE, &hKey)) { // export as C array and binary export_key(PUBLICKEYBLOB, DSA_PUBLIC_H, DSA_C_ARRAY); export_key(PUBLICKEYBLOB, DSA_PUBLIC_BIN, DSA_BINARY); export_key(PRIVATEKEYBLOB, DSA_PRIVATE_H, DSA_C_ARRAY); export_key(PRIVATEKEYBLOB, DSA_PRIVATE_BIN, DSA_BINARY); close_key(); } else { xstrerror("CryptGenKey(%i)", keylen); } close_crypt(); } else { xstrerror("CryptAcquireContext()"); } }
//------------------------------------------------------------------------------ static int set_autorun_value(const char* value, int wow64) { HKEY cmd_proc_key; int ret; cmd_proc_key = open_cmd_proc_key(g_all_users, wow64, 1); if (cmd_proc_key == nullptr) { printf("ERROR: Failed to open registry key (%d)\n", GetLastError()); return 0; } if (value == nullptr || *value == '\0') ret = delete_value(cmd_proc_key, "AutoRun"); else ret = set_value(cmd_proc_key, "AutoRun", value); close_key(cmd_proc_key); return ret; }
// sign a hash of input using private key void sign (void) { char *p; // initialize crypto API if (open_crypt()) { // import our private key if (open_key (RSA_PRIVATE_BIN)) { // hash the input if (open_hash ()) { // obtain size of signature CryptSignHash (hHash, AT_SIGNATURE, NULL, 0, NULL, &dwSigLen); pbSignature=xmalloc (dwSigLen); // sign the hash to obtain signature if (CryptSignHash (hHash, AT_SIGNATURE, NULL, 0, pbSignature, &dwSigLen)) { p=sig2hex(); if (p) { printf (" [ signature is: %i::%s\n", lstrlen(p), p); } xfree (pbSignature); } else { xstrerror ("CryptSignHash()"); } close_hash(); } else { xstrerror ("open_hash()"); } close_key(); } else { xstrerror ("open_key()"); } close_crypt(); } else { xstrerror ("open_crypt()"); } }
// verify a signature using public key BOOL verify(void) { BOOL bStatus = FALSE; // initialize crypto API if (open_crypt()) { // import public key if (open_key(DSA_PUBLIC_BIN)) { // hash the input if (open_hash()) { // convert signature to binary sig2bin(); if (pbSignature != NULL) { // verify signature bStatus = CryptVerifySignature(hHash, pbSignature, dwSigLen, hKey, NULL, 0); printf(" [ signature is %s\n", bStatus ? "valid" : "invalid"); xfree(pbSignature); } close_hash(); } else { printf("open_hash()"); } close_key(); } else { printf("open_key()"); } close_crypt(); } else { printf("open_crypt()"); } return bStatus; }
//------------------------------------------------------------------------------ static int show_autorun(const char* clink_path, int wow64) { HKEY cmd_proc_key; char* key_value; cmd_proc_key = open_software_key("Microsoft\\Command Processor", wow64, 0); if (cmd_proc_key == NULL) { return 0; } key_value = NULL; get_value(cmd_proc_key, "AutoRun", &key_value); printf("%6s : %s\n", wow64 ? "wow64" : "native", key_value ? key_value : "<unset>" ); close_key(cmd_proc_key); free(key_value); return 0; }
void lemur::file::Keyfile::close() { // don't close an unopened key. if (_handle != NULL) close_key( _handle); delete[](_handle); _handle = NULL; }