Index: /trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h =================================================================== --- /trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h (revision 53021) +++ /trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h (revision 53022) @@ -221,4 +221,6 @@ extern uint32_t g_uNtVerCombined; +/** @name NT version constants for less-than checks. + * @{ */ /** Combined NT version number for XP. */ #define SUP_NT_VER_XP SUP_MAKE_NT_VER_SIMPLE(5,1) @@ -227,4 +229,6 @@ /** Combined NT version number for Vista. */ #define SUP_NT_VER_VISTA SUP_MAKE_NT_VER_SIMPLE(6,0) +/** Combined NT version number for Vista with SP1. */ +#define SUP_NT_VER_VISTA_SP1 SUP_MAKE_NT_VER_COMBINED(6,0,6001,1,0) /** Combined NT version number for Windows 7. */ #define SUP_NT_VER_W70 SUP_MAKE_NT_VER_SIMPLE(6,1) @@ -233,4 +237,5 @@ /** Combined NT version number for Windows 8.1. */ #define SUP_NT_VER_W81 SUP_MAKE_NT_VER_SIMPLE(6,3) +/** @} */ # endif Index: /trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp =================================================================== --- /trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp (revision 53021) +++ /trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp (revision 53022) @@ -2310,4 +2310,5 @@ * On Windows 8.0 and later there are more than one digest choice. */ + int fNoSignedCatalogFound = -1; rc = VERR_LDRVI_NOT_SIGNED; static struct @@ -2402,8 +2403,13 @@ goto l_fresh_context; } + ULONG ulErr = RtlGetLastWin32Error(); + fNoSignedCatalogFound = ulErr == ERROR_NOT_FOUND && fNoSignedCatalogFound != 0; if (iCat == 0) - SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed %u\n", RtlGetLastWin32Error())); + SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (%u)\n", ulErr)); + else if (iCat == 0) + SUP_DPRINTF(("supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed %u\n", ulErr)); break; } + fNoSignedCatalogFound = 0; Assert(hCatInfoPrev == NULL); hCatInfoPrev = hCatInfo; @@ -2514,7 +2520,8 @@ if (rc == VERR_LDRVI_NOT_SIGNED) { - PCRTUTF16 pwsz; - uint32_t cwcName = (uint32_t)RTUtf16Len(pwszName); - uint32_t cwcOther = g_System32NtPath.UniStr.Length / sizeof(WCHAR); + bool fCoreSystemDll = false; + PCRTUTF16 pwsz; + uint32_t cwcName = (uint32_t)RTUtf16Len(pwszName); + uint32_t cwcOther = g_System32NtPath.UniStr.Length / sizeof(WCHAR); if (supHardViUtf16PathStartsWithEx(pwszName, cwcName, g_System32NtPath.UniStr.Buffer, cwcOther, true /*fCheckSlash*/)) { @@ -2523,8 +2530,8 @@ || supHardViUtf16PathIsEqual(pwsz, "user32.dll") || supHardViUtf16PathIsEqual(pwsz, "gdi32.dll") - || supHardViUtf16PathIsEqual(pwsz, "kernel32.dll") - || supHardViUtf16PathIsEqual(pwsz, "KernelBase.dll") - || supHardViUtf16PathIsEqual(pwsz, "ntdll.dll") || supHardViUtf16PathIsEqual(pwsz, "opengl32.dll") + || (fCoreSystemDll = supHardViUtf16PathIsEqual(pwsz, "KernelBase.dll")) + || (fCoreSystemDll = supHardViUtf16PathIsEqual(pwsz, "kernel32.dll")) + || (fCoreSystemDll = supHardViUtf16PathIsEqual(pwsz, "ntdll.dll")) ) { @@ -2533,4 +2540,15 @@ RTErrInfoAddF(pErrInfo, rc, "'%ls' is most likely modified.", pwszName); } + } + + /* Kludge for ancient windows versions we don't want to support but + users still wants to use. Keep things as safe as possible without + unnecessary effort. Problem is that 3rd party catalog files cannot + easily be found. Showstopper for ATI users. */ + if ( fNoSignedCatalogFound == 1 + && g_uNtVerCombined < SUP_NT_VER_VISTA + && !fCoreSystemDll) + { + rc = VINF_LDRVI_NOT_SIGNED; } }