最近在研究chromium双核的功能, 想要IE控件的数据跟配置不去污染IE自身的配置好难啊。
本以为通过虚拟化注册表可以解决配置,但是道高一尺, 魔高一丈啊。 IE的配置通过不仅保存在注册表, 还保存在共享内存了, 即使不去改变注册表, A进程里面的配置也会影响B进程。 只虚拟注册表不行了, 只能重定向缓存了
唯一留下的遗产就这个注册表的虚拟化
头文件。
#include "base/basictypes.h"
#include "base/synchronization/lock.h"
#include <map>
#include <set>
#include <vector>
typedef std::string RegistryPath;
typedef std::string RegistryBuffer;
typedef std::pair<DWORD, RegistryBuffer> RegistryValue;
namespace trident_glue{
class RegistryManager{
public:
static RegistryManager* GetInstance();
static void DestroyInstance();
static bool HasInstance();
static RegistryBuffer MakeDwordBuffer(DWORD value);
static RegistryBuffer MakeSzBuffer(const std::string& value);
// reg_path sample: \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft
// reg_path should consider wow64, pass a absolute path
void AddHookValue(const RegistryPath& reg_path, const std::string& value_name, const RegistryValue& value);
void AddHookValue(HKEY rootkey , const std::string& sub_key, const std::string& value_name, const RegistryValue& value);
void RemoveHookValue(const RegistryPath& reg_path, const std::string& value_name);
public:
// void RegOpenExA_After(LONG* ret_value, HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult);
// void RegOpenExW_After(LONG* ret_value, HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult);
//
void RegClose_After(LONG* ret_value, HKEY hkey);
bool RegQueryValueExW_Before(LONG* ret_value, HKEY hKey,LPCWSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData);
void RegQueryValueExW_After(LONG* ret_value, HKEY hKey,LPCWSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData);
bool RegQueryValueExA_Before(LONG* ret_value, HKEY hKey,LPCSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData);
void RegQueryValueExA_After(LONG* ret_value, HKEY hKey,LPCSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData);
bool RegSetValueExW_Before(LONG* ret_value, HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType,
const BYTE *lpData,DWORD cbData);
void RegSetValueExW_After(LONG* ret_value, HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType,
const BYTE *lpData,DWORD cbData);
bool RegSetValueExA_Before(LONG* ret_value, HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType,
const BYTE *lpData,DWORD cbData);
void RegSetValueExA_After(LONG* ret_value, HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType,
const BYTE *lpData,DWORD cbData);
bool RegEnumValueA_Before(LONG* ret_value, HKEY hKey, DWORD dwIndex,LPSTR lpValueName,LPDWORD lpcchValueName,
LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData);
void RegEnumValueA_After(LONG* ret_value, HKEY hKey, DWORD dwIndex,LPSTR lpValueName,LPDWORD lpcchValueName,
LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData);
private:
static RegistryManager* instance_;
RegistryManager();
virtual ~RegistryManager();
bool GetHandlePath(HKEY key, RegistryPath& path) ;
//void PushNewHandle(HKEY key, const RegistryPath& path);
void EraseHandle(HKEY key);
bool GetHookValue(const RegistryPath& path, const std::string& value_name, RegistryValue& value);
bool HasHookValue(const RegistryPath& path, const std::string& value_name);
bool HasHookValue(const RegistryPath& path);
base::Lock handleMapPathLock_;
std::map<HKEY, RegistryPath> handleMapPath_;
base::Lock hookValueLock_;
std::map<RegistryPath, std::map<std::string, RegistryValue>> hookValue_;
};
}
cc实现
<pre name="code" class="cpp">#include "base/logging.h"
#include "base/strings/string_util.h"
#include "base/strings/sys_string_conversions.h"
#include "trident_glue/trident_hook/inline_hook/preamble_patcher.h"
#include <windows.h>
namespace {
typedef enum _KEY_INFORMATION_CLASS {
KeyBasicInformation = 0,
KeyNodeInformation = 1,
KeyFullInformation = 2,
KeyNameInformation = 3,
KeyCachedInformation = 4,
KeyFlagsInformation = 5,
KeyVirtualizationInformation = 6,
KeyHandleTagsInformation = 7,
MaxKeyInfoClass = 8
} KEY_INFORMATION_CLASS;
typedef struct _KEY_NAME_INFORMATION {
ULONG NameLength;
WCHAR Name[1];
} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
typedef LONG (WINAPI* FN_ZwQueryKey)(
_In_ HANDLE KeyHandle,
_In_ KEY_INFORMATION_CLASS KeyInformationClass,
_Out_opt_ PVOID KeyInformation,
_In_ ULONG Length,
_Out_ PULONG ResultLength
);
typedef LONG (WINAPI* FN_RegEnumValueA)(HKEY hKey, DWORD dwIndex,LPSTR lpValueName,LPDWORD lpcchValueName,
LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData);
typedef LONG (WINAPI* FN_RegQueryValueExA) (HKEY hKey,LPCSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData);
typedef LONG (WINAPI* FN_RegQueryValueExW) (HKEY hKey,LPCWSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData);
typedef LONG (WINAPI* FN_RegSetValueExA)(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType,
const BYTE *lpData,DWORD cbData );
typedef LONG (WINAPI* FN_RegSetValueExW)(HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType,
const BYTE *lpData,DWORD cbData );
typedef LONG (WINAPI* FN_RegCloseKey)(HKEY hKey);
// typedef LONG (WINAPI* FN_RegOpenKeyExA)(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult);
//
// typedef LONG (WINAPI* FN_RegOpenKeyExW)(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult);
//
//
bool IsPredefinedKey(HKEY key) {
if(key == HKEY_CLASSES_ROOT ||
key == HKEY_CURRENT_CONFIG ||
key == HKEY_CURRENT_USER ||
key == HKEY_LOCAL_MACHINE ||
key == HKEY_USERS )
return true;
else
return false;
}
//std::string GetNormalizedPath(const std::string& path) {
// std::string ret_value = path;
// const char kSperatro[] = { '\\'};
// const char kReverseSepator[] = {'/'};
// TrimWhitespace(ret_value, TRIM_ALL, &ret_value);
// TrimString(ret_value, kSperatro, &ret_value);
// StringToLowerASCII(&ret_value);
// //ReplaceChars(ret_value, kReverseSepator, "\\", &ret_value);
// return ret_value;
//}
//std::wstring GetNormalizedPath(const std::wstring& path) {
// std::wstring ret_value = path;
// const wchar_t kSperatro[] = { L'\\', L'/'};
// const wchar_t kReverseSepator[] = {'/'};
// TrimWhitespace(ret_value, TRIM_ALL, &ret_value);
// TrimString(ret_value, kSperatro, &ret_value);
// StringToLowerASCII(&ret_value);
// ReplaceChars(ret_value, kReverseSepator, L"\\", &ret_value);
// return ret_value;
//}
//std::string GetCompletePathStrA(const RegistryPath& path){
// std::string ret_value;
// if(path.first == HKEY_CLASSES_ROOT){
// ret_value = "hkey_root\\";
// } else if(path.first == HKEY_CURRENT_USER){
// ret_value = "hkey_curusr\\";
// } else if(path.first == HKEY_LOCAL_MACHINE){
// ret_value = "hkey_locmachine\\";
// } else if(path.first == HKEY_USERS){
// ret_value = "hkey_user\\";
// }
// ret_value.append(path.second);
// return ret_value;
//}
//std::wstring GetCompletePathStrW(const RegistryPath& path){
// std::string ret_value = GetCompletePathStrA(path);
// return base::SysNativeMBToWide(ret_value);
//}
char* InstallInlineHook(const wchar_t* dll_name, const char* function_name, void* new_function){
char* origin_function_stub = NULL;
void* orgin_fuction_address = ::GetProcAddress(
::GetModuleHandle(dll_name), function_name);
if (orgin_fuction_address == NULL)
return origin_function_stub;
DWORD old_protect = 0;
if (!::VirtualProtect(orgin_fuction_address, 5,
PAGE_EXECUTE_READWRITE, &old_protect))
return origin_function_stub;
origin_function_stub = reinterpret_cast<char*>(VirtualAllocEx(
::GetCurrentProcess(), NULL, sidestep::kMaxPreambleStubSize,
MEM_COMMIT, PAGE_EXECUTE_READWRITE));
if (origin_function_stub == NULL)
return origin_function_stub;
sidestep::SideStepError patch_result =
sidestep::PreamblePatcher::Patch(
orgin_fuction_address, new_function,
origin_function_stub, sidestep::kMaxPreambleStubSize);
if (patch_result != sidestep::SIDESTEP_SUCCESS) {
CHECK(::VirtualFreeEx(::GetCurrentProcess(), origin_function_stub,
0, MEM_RELEASE));
CHECK(::VirtualProtect(orgin_fuction_address, 5, old_protect,
&old_protect));
return origin_function_stub;
}
DWORD dummy = 0;
CHECK(::VirtualProtect(orgin_fuction_address,
5,
old_protect,
&dummy));
CHECK(::VirtualProtect(origin_function_stub,
sidestep::kMaxPreambleStubSize,
old_protect,
&old_protect));
return origin_function_stub;
}
std::string GetKeyPathFromHKEY(HKEY key)
{
std::string keyPath;
std::wstring keyPath_Unicode;
HMODULE dll = LoadLibrary(L"ntdll.dll");
if (dll == NULL)
return keyPath;
FN_ZwQueryKey pfnZwQueryKey = reinterpret_cast<FN_ZwQueryKey>(::GetProcAddress(dll, "ZwQueryKey"));
if(pfnZwQueryKey == NULL)
return keyPath;
ULONG result_length = 0;
pfnZwQueryKey(key, KeyNameInformation, NULL, NULL, &result_length);
if(result_length == 0)
return keyPath;
void* allocted_mem = malloc(result_length);
ZeroMemory(allocted_mem, result_length);
PKEY_NAME_INFORMATION pKeyNameInfo = (PKEY_NAME_INFORMATION)allocted_mem;
if(0 == pfnZwQueryKey(key, KeyNameInformation, allocted_mem, result_length, &result_length)){
keyPath_Unicode.append(pKeyNameInfo->Name, pKeyNameInfo->NameLength/2);
keyPath = base::SysWideToNativeMB(keyPath_Unicode);
}
free(allocted_mem);
return keyPath;
}
}
namespace trident_glue{
FN_RegEnumValueA g_pfnRegEnumValue_Origin = NULL;
FN_RegQueryValueExA g_pfnRegQueryValueExA_Origin = NULL;
FN_RegQueryValueExW g_pfnRegQueryValueExW_Origin = NULL;
FN_RegSetValueExA g_pfnRegSetValueExA_Origin = NULL;
FN_RegSetValueExW g_pfnRegSetValueExW_Origin = NULL;
FN_RegCloseKey g_pfnRegCloseKey_Origin = NULL;
// FN_RegOpenKeyExA g_pfnRegOpenKeyExA_Origin = NULL;
// FN_RegOpenKeyExW g_pfnRegOpenKeyExW_Origin = NULL;
//
LONG WINAPI RegEnumValueA_Hook(HKEY hKey, DWORD dwIndex,LPSTR lpValueName,LPDWORD lpcchValueName,
LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData){
if(!RegistryManager::HasInstance())
return g_pfnRegEnumValue_Origin(hKey, dwIndex, lpValueName,
lpcchValueName, lpReserved, lpType, lpData, lpcbData);
LONG ret_value = 0;
bool call_origin = RegistryManager::GetInstance()->RegEnumValueA_Before(&ret_value, hKey, dwIndex, lpValueName,
lpcchValueName, lpReserved, lpType, lpData, lpcbData);
if(call_origin) {
ret_value = g_pfnRegEnumValue_Origin(hKey, dwIndex, lpValueName,
lpcchValueName, lpReserved, lpType, lpData, lpcbData);
}
RegistryManager::GetInstance()->RegEnumValueA_After(&ret_value, hKey, dwIndex, lpValueName,
lpcchValueName, lpReserved, lpType, lpData, lpcbData);
return ret_value;
}
LONG WINAPI RegQueryValueExA_Hook(HKEY hKey,LPCSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData){
if(!RegistryManager::HasInstance())
return g_pfnRegQueryValueExA_Origin(hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
LONG ret_value = 0;
bool call_origin = RegistryManager::GetInstance()->RegQueryValueExA_Before(&ret_value, hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
if(call_origin) {
ret_value = g_pfnRegQueryValueExA_Origin(hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
}
RegistryManager::GetInstance()->RegQueryValueExA_After(&ret_value, hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
return ret_value;
}
LONG WINAPI RegQueryValueExW_Hook(HKEY hKey,LPCWSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData){
if(!RegistryManager::HasInstance())
return g_pfnRegQueryValueExW_Origin(hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
LONG ret_value = 0;
bool call_origin = RegistryManager::GetInstance()->RegQueryValueExW_Before(&ret_value, hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
if(call_origin) {
ret_value = g_pfnRegQueryValueExW_Origin(hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
}
RegistryManager::GetInstance()->RegQueryValueExW_After(&ret_value, hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
return ret_value;
}
LONG WINAPI RegSetValueExA_Hook(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData,DWORD cbData ){
if(!RegistryManager::HasInstance())
return g_pfnRegSetValueExA_Origin(hKey, lpValueName, Reserved, dwType, lpData, cbData);
LONG ret_value = 0;
bool call_origin = RegistryManager::GetInstance()->RegSetValueExA_Before(&ret_value, hKey, lpValueName, Reserved, dwType, lpData, cbData);
if(call_origin) {
ret_value = g_pfnRegSetValueExA_Origin(hKey, lpValueName, Reserved, dwType, lpData, cbData);
}
RegistryManager::GetInstance()->RegSetValueExA_After(&ret_value, hKey, lpValueName, Reserved, dwType, lpData, cbData);
return ret_value;
}
LONG WINAPI RegSetValueExW_Hook(HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType,
const BYTE *lpData,DWORD cbData ){
if(!RegistryManager::HasInstance())
return g_pfnRegSetValueExW_Origin(hKey, lpValueName, Reserved, dwType, lpData, cbData);
LONG ret_value = 0;
bool call_origin = RegistryManager::GetInstance()->RegSetValueExW_Before(&ret_value, hKey, lpValueName, Reserved, dwType, lpData, cbData);
if(call_origin) {
ret_value = g_pfnRegSetValueExW_Origin(hKey, lpValueName, Reserved, dwType, lpData, cbData);
}
RegistryManager::GetInstance()->RegSetValueExW_After(&ret_value,hKey, lpValueName, Reserved, dwType, lpData, cbData);
return ret_value;
}
LONG WINAPI RegCloseKey_Hook(HKEY hKey){
if(!RegistryManager::HasInstance())
return g_pfnRegCloseKey_Origin(hKey);
LONG ret_value = g_pfnRegCloseKey_Origin(hKey);
RegistryManager::GetInstance()->RegClose_After(&ret_value, hKey);
return ret_value;
}
// LONG WINAPI RegOpenKeyExA_Hook(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult){
// if(!RegistryManager::HasInstance())
// return g_pfnRegOpenKeyExA_Origin(hKey, lpSubKey, ulOptions, samDesired, phkResult);
// LONG ret_value = g_pfnRegOpenKeyExA_Origin(hKey, lpSubKey, ulOptions, samDesired, phkResult);
// RegistryManager::GetInstance()->RegOpenExA_After(&ret_value, hKey, lpSubKey, ulOptions, samDesired, phkResult);
// return ret_value;
// }
//
// LONG WINAPI RegOpenKeyExW_Hook(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult){
//
// if(!RegistryManager::HasInstance())
// return g_pfnRegOpenKeyExW_Origin(hKey, lpSubKey, ulOptions, samDesired, phkResult);
// LONG ret_value = g_pfnRegOpenKeyExW_Origin(hKey, lpSubKey, ulOptions, samDesired, phkResult);
// RegistryManager::GetInstance()->RegOpenExW_After(&ret_value, hKey, lpSubKey, ulOptions, samDesired, phkResult);
// return ret_value;
// }
//
RegistryManager* RegistryManager::instance_ = NULL;
//static
RegistryManager* RegistryManager::GetInstance() {
if(!instance_){
instance_ = new RegistryManager;
}
return instance_;
}
//static
void RegistryManager::DestroyInstance() {
if(instance_) {
delete instance_;
instance_ = NULL;
}
}
//static
bool RegistryManager::HasInstance() {
return instance_ != NULL;
}
//static
RegistryBuffer RegistryManager::MakeDwordBuffer(DWORD value) {
RegistryBuffer ret_value;
ret_value.assign((char*)(&value), sizeof(DWORD));
return ret_value;
}
//static
RegistryBuffer RegistryManager::MakeSzBuffer(const std::string& value) {
RegistryBuffer ret_value;
ret_value.assign(value.c_str(), value.length() + 1);
return ret_value;
}
void RegistryManager::AddHookValue(const RegistryPath& reg_path, const std::string& value_name, const RegistryValue& value) {
base::AutoLock auto_lock(hookValueLock_);
RegistryPath normal_reg_path = StringToLowerASCII(reg_path);
hookValue_[normal_reg_path][StringToLowerASCII(value_name)] = value;
}
void RegistryManager::AddHookValue(HKEY rootkey , const std::string& sub_key, const std::string& value_name, const RegistryValue& value) {
base::AutoLock auto_lock(hookValueLock_);
HKEY subkey_handle = NULL;
if( ERROR_SUCCESS != ::RegOpenKeyA(rootkey, sub_key.c_str(), &subkey_handle))
return ;
std::string reg_path = GetKeyPathFromHKEY(subkey_handle);
::RegCloseKey(subkey_handle);
if(reg_path.empty())
return ;
RegistryPath normal_reg_path = StringToLowerASCII(reg_path);
hookValue_[normal_reg_path][StringToLowerASCII(value_name)] = value;
}
void RegistryManager::RemoveHookValue(const RegistryPath& reg_path, const std::string& value_name) {
base::AutoLock auto_lock(hookValueLock_);
RegistryPath normal_reg_path = StringToLowerASCII(reg_path);
hookValue_[normal_reg_path].erase(StringToLowerASCII(value_name));
}
RegistryManager::RegistryManager() {
g_pfnRegEnumValue_Origin = (FN_RegEnumValueA)InstallInlineHook(L"Advapi32.dll", "RegEnumValueA", RegEnumValueA_Hook);
g_pfnRegQueryValueExA_Origin = (FN_RegQueryValueExA)InstallInlineHook(L"Advapi32.dll", "RegQueryValueExA", RegQueryValueExA_Hook);
g_pfnRegQueryValueExW_Origin = (FN_RegQueryValueExW)InstallInlineHook(L"Advapi32.dll", "RegQueryValueExW", RegQueryValueExW_Hook);
g_pfnRegSetValueExA_Origin = (FN_RegSetValueExA)InstallInlineHook(L"Advapi32.dll", "RegSetValueExA", RegSetValueExA_Hook);
g_pfnRegSetValueExW_Origin = (FN_RegSetValueExW)InstallInlineHook(L"Advapi32.dll", "RegSetValueExW", RegSetValueExW_Hook);
g_pfnRegCloseKey_Origin = (FN_RegCloseKey)InstallInlineHook(L"Advapi32.dll", "RegCloseKey", RegCloseKey_Hook);
}
RegistryManager::~RegistryManager(){
FreeModule(GetModuleHandleA("wininet.dll"));
InstallInlineHook(L"Advapi32.dll", "RegEnumValueA", g_pfnRegEnumValue_Origin);
g_pfnRegEnumValue_Origin = NULL;
InstallInlineHook(L"Advapi32.dll", "RegQueryValueExA", g_pfnRegQueryValueExA_Origin);
g_pfnRegQueryValueExA_Origin = NULL;
InstallInlineHook(L"Advapi32.dll", "RegQueryValueExW", g_pfnRegQueryValueExW_Origin);
g_pfnRegQueryValueExW_Origin = NULL;
InstallInlineHook(L"Advapi32.dll", "RegSetValueExA", g_pfnRegSetValueExA_Origin);
g_pfnRegSetValueExA_Origin = NULL;
InstallInlineHook(L"Advapi32.dll", "RegSetValueExW", g_pfnRegSetValueExW_Origin);
g_pfnRegSetValueExW_Origin = NULL;
InstallInlineHook(L"Advapi32.dll", "RegCloseKey", g_pfnRegCloseKey_Origin);
g_pfnRegCloseKey_Origin = NULL;
}
bool RegistryManager::GetHandlePath(HKEY key, RegistryPath& path) {
base::AutoLock auto_lock(handleMapPathLock_);
std::map<HKEY, RegistryPath>::const_iterator iter = handleMapPath_.find(key);
if(iter != handleMapPath_.end()) {
path = iter->second;
return true;
} else{
std::string key_path = GetKeyPathFromHKEY(key);
if(!key_path.empty()){
path = StringToLowerASCII(key_path);
handleMapPath_[key] = path;
return true;
}
}
return false;
}
//void RegistryManager::PushNewHandle(HKEY key, const RegistryPath& path){
// base::AutoLock auto_lock(handleMapPathLock_);
// std::map<HKEY, RegistryPath>::const_iterator iter = handleMapPath_.find(key);
// DCHECK(iter == handleMapPath_.end());
// handleMapPath_[key] = path;
//}
void RegistryManager::EraseHandle(HKEY key){
base::AutoLock auto_lock(handleMapPathLock_);
handleMapPath_.erase(key);
}
bool RegistryManager::GetHookValue(const RegistryPath& path, const std::string& value_name, RegistryValue& value){
base::AutoLock auto_lock(hookValueLock_);
RegistryPath normal_reg_path( StringToLowerASCII(path));
std::map<RegistryPath, std::map<std::string, RegistryValue>>::iterator iter = hookValue_.find(normal_reg_path);
if(iter == hookValue_.end())
return false;
std::map<std::string, RegistryValue>::iterator iter_second = iter->second.find(StringToLowerASCII(value_name));
if(iter_second == iter->second.end())
return false;
value = iter_second->second;
return true;
}
bool RegistryManager::HasHookValue(const RegistryPath& path, const std::string& value_name){
base::AutoLock auto_lock(hookValueLock_);
RegistryPath normal_reg_path(StringToLowerASCII(path));
std::map<RegistryPath, std::map<std::string, RegistryValue>>::iterator iter = hookValue_.find(normal_reg_path);
if(iter == hookValue_.end())
return false;
std::map<std::string, RegistryValue>::iterator iter_second = iter->second.find(StringToLowerASCII(value_name));
return (iter_second != iter->second.end());
}
bool RegistryManager::HasHookValue(const RegistryPath& path) {
base::AutoLock auto_lock(hookValueLock_);
RegistryPath normal_reg_path(StringToLowerASCII(path));
std::map<RegistryPath, std::map<std::string, RegistryValue>>::iterator iter = hookValue_.find(normal_reg_path);
return (iter != hookValue_.end() && !iter->second.empty());
}
// void RegistryManager::RegOpenExA_After(LONG* ret_value, HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult) {
// if((*ret_value != ERROR_SUCCESS) || lpSubKey == NULL || (strcmp(lpSubKey, "") == 0))
// return ;
// std::pair<HKEY , std::string> parent_path;
// std::pair<HKEY , std::string> path;
// if(IsPredefinedKey(hKey)) {
// path.first = hKey;
// path.second = GetNormalizedPath(lpSubKey);
// PushNewHandle(*phkResult, path);
// }else {
// if(!GetHandlePath(hKey, parent_path))
// return ;
// path.first = parent_path.first;
// path.second = parent_path.second;
// path.second.append("\\");
// path.second.append(GetNormalizedPath(lpSubKey));
// PushNewHandle(*phkResult, path);
// }
// }
//
// void RegistryManager::RegOpenExW_After(LONG* ret_value, HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult) {
// if((*ret_value != ERROR_SUCCESS) || lpSubKey == NULL || (wcscmp(lpSubKey, L"") == 0))
// return ;
// std::pair<HKEY , std::string> parent_path;
// std::pair<HKEY , std::string> path;
// if(IsPredefinedKey(hKey)) {
// path.first = hKey;
// path.second = base::SysWideToNativeMB(GetNormalizedPath(lpSubKey));
// PushNewHandle(*phkResult, path);
// }else {
// if(!GetHandlePath(hKey, parent_path))
// return ;
// path.first = parent_path.first;
// path.second = parent_path.second;
// path.second.append("\\");
// path.second.append(base::SysWideToNativeMB(GetNormalizedPath(lpSubKey)));
// PushNewHandle(*phkResult, path);
// }
// }
//
void RegistryManager::RegClose_After(LONG* ret_value, HKEY hkey) {
if(*ret_value == ERROR_SUCCESS)
EraseHandle(hkey);
}
bool RegistryManager::RegQueryValueExW_Before(LONG* ret_value, HKEY hKey,LPCWSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData) {
RegistryPath path;
if(!GetHandlePath(hKey, path)) {
return true;
}
std::string strValueName = lpValueName?base::SysWideToNativeMB(lpValueName):"";
RegistryValue value;
if(!GetHookValue(path, strValueName, value))
return true;
if(value.first == REG_DWORD) {
if(lpType)
*lpType = REG_DWORD;
*ret_value = ERROR_SUCCESS;
*lpcbData = sizeof(DWORD);
(*(DWORD*)(lpData)) = (*((DWORD*)value.second.c_str()));
return false;
}
if(value.first == REG_SZ) {
if(lpType)
*lpType = REG_SZ;
std::wstring strvalue = base::SysNativeMBToWide(value.second);
DWORD bytes_need = (strvalue.length()*2);
if(*lpcbData < bytes_need){
*lpcbData = bytes_need;
*ret_value = ERROR_MORE_DATA;
}else {
memcpy(lpData, strvalue.c_str(), bytes_need);
*lpcbData = bytes_need;
*ret_value = ERROR_SUCCESS;
}
return false;
}
return true;
}
void RegistryManager::RegQueryValueExW_After(LONG* ret_value, HKEY hKey,LPCWSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData) {
}
bool RegistryManager::RegQueryValueExA_Before(LONG* ret_value, HKEY hKey,LPCSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData) {
RegistryPath path;
if(!GetHandlePath(hKey, path)) {
return true;
}
std::string strValueName = lpValueName?lpValueName:"";
RegistryValue value;
if(!GetHookValue(path, strValueName, value))
return true;
if(value.first == REG_DWORD) {
if(lpType)
*lpType = REG_DWORD;
*ret_value = ERROR_SUCCESS;
*lpcbData = sizeof(DWORD);
(*(DWORD*)(lpData)) = (*((DWORD*)value.second.c_str()));
return false;
}
if(value.first == REG_SZ) {
if(lpType)
*lpType = REG_SZ;
std::string strvalue = value.second;
DWORD bytes_need = (strvalue.length());
if(*lpcbData < bytes_need){
*lpcbData = bytes_need;
*ret_value = ERROR_MORE_DATA;
}else {
memcpy(lpData, strvalue.c_str(), bytes_need);
*lpcbData = bytes_need;
*ret_value = ERROR_SUCCESS;
}
return false;
}
return true;
}
void RegistryManager::RegQueryValueExA_After(LONG* ret_value, HKEY hKey,LPCSTR lpValueName, LPDWORD lpReserved,LPDWORD lpType,
LPBYTE lpData, LPDWORD lpcbData) {
}
bool RegistryManager::RegSetValueExW_Before(LONG* ret_value, HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType,
const BYTE *lpData,DWORD cbData){
RegistryPath path;
if(!GetHandlePath(hKey, path)) {
return true;
}
std::string strValueName = lpValueName?base::SysWideToNativeMB(lpValueName):"";
RegistryValue value;
if(GetHookValue(path, strValueName, value)){
*ret_value = ERROR_SUCCESS;
return false;
}
else
return true;
}
void RegistryManager::RegSetValueExW_After(LONG* ret_value, HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType,
const BYTE *lpData,DWORD cbData){
}
bool RegistryManager::RegSetValueExA_Before(LONG* ret_value, HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType,
const BYTE *lpData,DWORD cbData){
RegistryPath path;
if(!GetHandlePath(hKey, path)) {
return true;
}
std::string strValueName = lpValueName?lpValueName:"";
RegistryValue value;
if(GetHookValue(path, strValueName, value)){
*ret_value = ERROR_SUCCESS;
return false;
}
else
return true;
}
void RegistryManager::RegSetValueExA_After(LONG* ret_value, HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType,
const BYTE *lpData,DWORD cbData){
}
bool RegistryManager::RegEnumValueA_Before(LONG* ret_value, HKEY hKey, DWORD dwIndex,LPSTR lpValueName,LPDWORD lpcchValueName,
LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData) {
return true;
}
void RegistryManager::RegEnumValueA_After(LONG* ret_value, HKEY hKey, DWORD dwIndex,LPSTR lpValueName,LPDWORD lpcchValueName,
LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData) {
RegistryPath path;
if(!GetHandlePath(hKey, path)) {
return ;
}
std::string strValueName = lpValueName?lpValueName:"";
RegistryValue value;
if(!GetHookValue(path, strValueName, value))
return ;
if(lpType)
*lpType = value.first;
if(lpData ) {
if(IsBadWritePtr(lpData, value.second.length())){
*ret_value = ERROR_MORE_DATA;
*lpcbData = value.second.length();
return ;
}
}else {
return ;
}
*ret_value = ERROR_SUCCESS;
if(value.first == REG_DWORD) {
*lpcbData = sizeof(DWORD);
(*(DWORD*)(lpData)) = (*((DWORD*)value.second.c_str()));
return ;
}
if(value.first == REG_SZ) {
std::string strvalue = value.second;
DWORD bytes_need = (strvalue.length());
memcpy(lpData, strvalue.c_str(), bytes_need);
*lpcbData = bytes_need;
}
}
}