//------------------------------------------------------------------------------
static int check_registry_access()
{
HKEY key;
key = open_cmd_proc_key(g_all_users, 0, 1);
if (key == nullptr)
return 0;
close_key(key);
key = open_cmd_proc_key(g_all_users, 1, 1);
if (key == nullptr)
return 0;
close_key(key);
return 1;
}
//------------------------------------------------------------------------------
static int install_autorun(const char* clink_path, int wow64)
{
HKEY cmd_proc_key;
const char* value;
char* new_value;
char* key_value;
int i;
// Remove any previous autorun entries so we never have more than one. We
// could just check for an exisiting entry, but by always uninstalling and
// reinstalling, we ensure clink's last in the chain, which allows it to
// play nicely with other projects that hook cmd.exe and install autoruns.
uninstall_autorun(clink_path, wow64);
cmd_proc_key = open_software_key("Microsoft\\Command Processor", wow64, 1);
if (cmd_proc_key == NULL)
{
return 0;
}
key_value = NULL;
get_value(cmd_proc_key, "AutoRun", &key_value);
i = key_value ? (int)strlen(key_value) : 0;
i += 2048;
new_value = malloc(i);
// Build the new autorun entry by appending clink's entry to the current one.
new_value[0] = '\0';
if (key_value != NULL && *key_value != '\0')
{
str_cat(new_value, key_value, i);
str_cat(new_value, "&&", i);
}
str_cat(new_value, "\"", i);
str_cat(new_value, clink_path, i);
str_cat(new_value, "\\clink\" inject", i);
if (g_clink_args != NULL)
{
str_cat(new_value, " ", i);
str_cat(new_value, g_clink_args, i);
}
// Set it
value = get_cmd_start(new_value);
i = 1;
if (!set_value(cmd_proc_key, "AutoRun", value))
{
i = 0;
}
// Tidy up.
close_key(cmd_proc_key);
free(new_value);
free(key_value);
return i;
}
//------------------------------------------------------------------------------
static int uninstall_autorun(const char* clink_path, int wow64)
{
HKEY cmd_proc_key;
char* key_value;
int ret;
int left, right;
cmd_proc_key = open_software_key("Microsoft\\Command Processor", wow64, 1);
if (cmd_proc_key == NULL)
{
return 0;
}
key_value = NULL;
get_value(cmd_proc_key, "AutoRun", &key_value);
ret = 1;
if (key_value && find_clink_entry(key_value, &left, &right))
{
const char* read;
char* write;
int i, n;
// Copy the key value into itself, skipping clink's entry.
read = write = key_value;
for (i = 0, n = (int)strlen(key_value); i <= n; ++i)
{
if (i < left || i >= right)
{
*write++ = *read;
}
++read;
}
read = get_cmd_start(key_value);
if (*read == '\0')
{
// Empty key. We might as well delete it.
if (!delete_value(cmd_proc_key, "AutoRun"))
{
ret = 0;
}
}
else if (!set_value(cmd_proc_key, "AutoRun", read))
{
ret = 0;
}
}
// Delete legacy values.
delete_value(cmd_proc_key, "AutoRunPreClinkInstall");
// Tidy up.
close_key(cmd_proc_key);
free(key_value);
return ret;
}
//------------------------------------------------------------------------------
static int uninstall_autorun(const char* clink_path, int wow64)
{
HKEY cmd_proc_key;
char* key_value;
int ret;
int left, right;
cmd_proc_key = open_cmd_proc_key(g_all_users, wow64, 1);
if (cmd_proc_key == nullptr)
{
printf("ERROR: Failed to open registry key (%d)\n", GetLastError());
return 0;
}
key_value = nullptr;
get_value(cmd_proc_key, "AutoRun", &key_value);
ret = 1;
if (key_value && find_clink_entry(key_value, &left, &right))
{
const char* read;
char* write;
int i, n;
// Copy the key value into itself, skipping clink's entry.
read = write = key_value;
for (i = 0, n = (int)strlen(key_value); i <= n; ++i)
{
if (i < left || i >= right)
{
*write++ = *read;
}
++read;
}
read = get_cmd_start(key_value);
if (*read == '\0')
{
// Empty key. We might as well delete it.
if (!delete_value(cmd_proc_key, "AutoRun"))
{
ret = 0;
}
}
else if (!set_value(cmd_proc_key, "AutoRun", read))
{
ret = 0;
}
}
// Tidy up.
close_key(cmd_proc_key);
free(key_value);
return ret;
}
//------------------------------------------------------------------------------
static int install_autorun(const char* clink_path, int wow64)
{
HKEY cmd_proc_key;
const char* value;
char* key_value;
int i;
// Remove any previous autorun entries so we never have more than one. We
// could just check for an exisiting entry, but by always uninstalling and
// reinstalling, we ensure clink's last in the chain, which allows it to
// play nicely with other projects that hook cmd.exe and install autoruns.
uninstall_autorun(clink_path, wow64);
cmd_proc_key = open_cmd_proc_key(g_all_users, wow64, 1);
if (cmd_proc_key == nullptr)
{
printf("ERROR: Failed to open registry key (%d)\n", GetLastError());
return 0;
}
key_value = nullptr;
get_value(cmd_proc_key, "AutoRun", &key_value);
i = key_value ? (int)strlen(key_value) : 0;
i += 2048;
str_base new_value((char*)malloc(i), i);
new_value.clear();
// Build the new autorun entry by appending clink's entry to the current one.
if (key_value != nullptr && *key_value != '\0')
new_value << key_value << "&";
new_value << "\"" << clink_path << "\\clink.bat\" inject --autorun";
if (!g_clink_args.empty())
new_value << " " << g_clink_args;
// Set it
value = get_cmd_start(new_value.c_str());
i = 1;
if (!set_value(cmd_proc_key, "AutoRun", value))
i = 0;
// Tidy up.
close_key(cmd_proc_key);
free(new_value.data());
free(key_value);
return i;
}
//------------------------------------------------------------------------------
static int force_autorun(const char* value, int wow64)
{
HKEY cmd_proc_key;
int i;
cmd_proc_key = open_software_key("Microsoft\\Command Processor", wow64, 1);
if (cmd_proc_key == NULL)
{
return 0;
}
i = set_value(cmd_proc_key, "AutoRun", value);
close_key(cmd_proc_key);
return 0;
}
//------------------------------------------------------------------------------
static int show_autorun()
{
int all_users;
puts("Current AutoRun values");
for (all_users = 0; all_users < 2; ++all_users)
{
int wow64;
printf("\n %s:\n", all_users ? "All users" : "Current user");
for (wow64 = 0; wow64 < 2; ++wow64)
{
HKEY cmd_proc_key;
char* key_value;
cmd_proc_key = open_cmd_proc_key(all_users, wow64, 0);
if (cmd_proc_key == nullptr)
{
printf("ERROR: Failed to open registry key (%d)\n", GetLastError());
return 0;
}
key_value = nullptr;
get_value(cmd_proc_key, "AutoRun", &key_value);
printf("\n %6s : %s",
wow64 ? " wow64" : "native",
key_value ? key_value : "<unset>"
);
close_key(cmd_proc_key);
free(key_value);
}
puts("");
}
puts("");
return 1;
}
// generate public/private key pair for digital signatures
void genkeys(void)
{
if (open_crypt()) {
if (CryptGenKey(hProv, AT_SIGNATURE,
keylen << 16 | CRYPT_EXPORTABLE, &hKey)) {
// export as C array and binary
export_key(PUBLICKEYBLOB, DSA_PUBLIC_H, DSA_C_ARRAY);
export_key(PUBLICKEYBLOB, DSA_PUBLIC_BIN, DSA_BINARY);
export_key(PRIVATEKEYBLOB, DSA_PRIVATE_H, DSA_C_ARRAY);
export_key(PRIVATEKEYBLOB, DSA_PRIVATE_BIN, DSA_BINARY);
close_key();
} else {
xstrerror("CryptGenKey(%i)", keylen);
}
close_crypt();
} else {
xstrerror("CryptAcquireContext()");
}
}
//------------------------------------------------------------------------------
static int set_autorun_value(const char* value, int wow64)
{
HKEY cmd_proc_key;
int ret;
cmd_proc_key = open_cmd_proc_key(g_all_users, wow64, 1);
if (cmd_proc_key == nullptr)
{
printf("ERROR: Failed to open registry key (%d)\n", GetLastError());
return 0;
}
if (value == nullptr || *value == '\0')
ret = delete_value(cmd_proc_key, "AutoRun");
else
ret = set_value(cmd_proc_key, "AutoRun", value);
close_key(cmd_proc_key);
return ret;
}
// sign a hash of input using private key
void sign (void)
{
char *p;
// initialize crypto API
if (open_crypt())
{
// import our private key
if (open_key (RSA_PRIVATE_BIN))
{
// hash the input
if (open_hash ())
{
// obtain size of signature
CryptSignHash (hHash, AT_SIGNATURE, NULL, 0, NULL, &dwSigLen);
pbSignature=xmalloc (dwSigLen);
// sign the hash to obtain signature
if (CryptSignHash (hHash, AT_SIGNATURE, NULL, 0, pbSignature, &dwSigLen))
{
p=sig2hex();
if (p)
{
printf (" [ signature is: %i::%s\n", lstrlen(p), p);
}
xfree (pbSignature);
} else {
xstrerror ("CryptSignHash()");
}
close_hash();
} else {
xstrerror ("open_hash()");
}
close_key();
} else {
xstrerror ("open_key()");
}
close_crypt();
} else {
xstrerror ("open_crypt()");
}
}
// verify a signature using public key
BOOL verify(void)
{
BOOL bStatus = FALSE;
// initialize crypto API
if (open_crypt()) {
// import public key
if (open_key(DSA_PUBLIC_BIN)) {
// hash the input
if (open_hash()) {
// convert signature to binary
sig2bin();
if (pbSignature != NULL) {
// verify signature
bStatus = CryptVerifySignature(hHash, pbSignature,
dwSigLen, hKey, NULL, 0);
printf(" [ signature is %s\n",
bStatus ? "valid" : "invalid");
xfree(pbSignature);
}
close_hash();
} else {
printf("open_hash()");
}
close_key();
} else {
printf("open_key()");
}
close_crypt();
} else {
printf("open_crypt()");
}
return bStatus;
}
//------------------------------------------------------------------------------
static int show_autorun(const char* clink_path, int wow64)
{
HKEY cmd_proc_key;
char* key_value;
cmd_proc_key = open_software_key("Microsoft\\Command Processor", wow64, 0);
if (cmd_proc_key == NULL)
{
return 0;
}
key_value = NULL;
get_value(cmd_proc_key, "AutoRun", &key_value);
printf("%6s : %s\n",
wow64 ? "wow64" : "native",
key_value ? key_value : "<unset>"
);
close_key(cmd_proc_key);
free(key_value);
return 0;
}
void lemur::file::Keyfile::close() {
// don't close an unopened key.
if (_handle != NULL) close_key( _handle);
delete[](_handle);
_handle = NULL;
}
