1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
|
// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/installer/gcapi/gcapi.h"
#include <atlbase.h>
#include <atlcom.h>
#include <windows.h>
#include <sddl.h>
#include <stdlib.h>
#include <strsafe.h>
#include <tlhelp32.h>
#include "google_update_idl.h"
namespace {
const wchar_t kChromeRegClientsKey[] = L"Software\\Google\\Update\\Clients\\{8A69D345-D564-463c-AFF1-A69D9E530F96}";
const wchar_t kChromeRegClientStateKey[] = L"Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}";
const wchar_t kChromeRegLaunchCmd[] = L"InstallerSuccessLaunchCmdLine";
const wchar_t kChromeRegLastLaunchCmd[] = L"LastInstallerSuccessLaunchCmdLine";
const wchar_t kChromeRegVersion[] = L"pv";
const wchar_t kNoChromeOfferUntil[] = L"SOFTWARE\\Google\\No Chrome Offer Until";
// Remove any registry key with non-numeric value or with the numeric value
// equal or less than today's date represented in YYYYMMDD form.
void CleanUpRegistryValues() {
HKEY key = NULL;
if (::RegOpenKeyEx(HKEY_LOCAL_MACHINE, kNoChromeOfferUntil,
0, KEY_ALL_ACCESS, &key) != ERROR_SUCCESS)
return;
DWORD index = 0;
wchar_t value_name[260];
DWORD value_name_len = _countof(value_name);
DWORD value_type = REG_DWORD;
DWORD value_data = 0;
DWORD value_len = sizeof(DWORD);
// First, remove any value whose type is not DWORD.
while (::RegEnumValue(key, index, value_name, &value_name_len, NULL,
&value_type, NULL, &value_len) == ERROR_SUCCESS) {
if (value_type == REG_DWORD)
index++;
else
::RegDeleteValue(key, value_name);
value_name_len = _countof(value_name);
value_type = REG_DWORD;
value_len = sizeof(DWORD);
}
// Get today's date, and format it as YYYYMMDD numeric value.
SYSTEMTIME now;
::GetLocalTime(&now);
DWORD expiration_date = now.wYear * 10000 + now.wMonth * 100 + now.wDay;
// Remove any DWORD value smaller than the number represent the
// expiration date (YYYYMMDD).
index = 0;
while (::RegEnumValue(key, index, value_name, &value_name_len, NULL,
&value_type, (LPBYTE) &value_data,
&value_len) == ERROR_SUCCESS) {
if (value_type == REG_DWORD && value_data > expiration_date)
index++; // move on to next value.
else
::RegDeleteValue(key, value_name); // delete this value.
value_name_len = _countof(value_name);
value_type = REG_DWORD;
value_data = 0;
value_len = sizeof(DWORD);
}
::RegCloseKey(key);
}
// Return the company name specified in the file version info resource.
bool GetCompanyName(const wchar_t* filename, wchar_t* buffer, DWORD out_len) {
wchar_t file_version_info[8192];
DWORD handle = 0;
DWORD buffer_size = 0;
buffer_size = ::GetFileVersionInfoSize(filename, &handle);
// Cannot stats the file or our buffer size is too small (very unlikely).
if (buffer_size == 0 || buffer_size > _countof(file_version_info))
return false;
buffer_size = _countof(file_version_info);
memset(file_version_info, 0, buffer_size);
if (!::GetFileVersionInfo(filename, handle, buffer_size, file_version_info))
return false;
DWORD data_len = 0;
LPVOID data = NULL;
// Retrieve the language and codepage code if exists.
buffer_size = 0;
if (!::VerQueryValue(file_version_info, TEXT("\\VarFileInfo\\Translation"),
reinterpret_cast<LPVOID *>(&data), reinterpret_cast<UINT *>(&data_len)))
return false;
if (data_len != 4)
return false;
wchar_t info_name[256];
DWORD lang = 0;
// Formulate the string to retrieve the company name of the specific
// language codepage.
memcpy(&lang, data, 4);
::StringCchPrintf(info_name, _countof(info_name),
L"\\StringFileInfo\\%02X%02X%02X%02X\\CompanyName",
(lang & 0xff00)>>8, (lang & 0xff), (lang & 0xff000000)>>24,
(lang & 0xff0000)>>16);
data_len = 0;
if (!::VerQueryValue(file_version_info, info_name,
reinterpret_cast<LPVOID *>(&data), reinterpret_cast<UINT *>(&data_len)))
return false;
if (data_len <= 0 || data_len >= out_len)
return false;
memset(buffer, 0, out_len);
::StringCchCopyN(buffer, out_len, (const wchar_t*)data, data_len);
return true;
}
// Return true if we can re-offer Chrome; false, otherwise.
// Each partner can only offer Chrome once every six months.
bool CanReOfferChrome(BOOL set_flag) {
wchar_t filename[MAX_PATH+1];
wchar_t company[MAX_PATH];
// If we cannot retrieve the version info of the executable or company
// name, we allow the Chrome to be offered because there is no past
// history to be found.
if (::GetModuleFileName(NULL, filename, MAX_PATH) == 0)
return true;
if (!GetCompanyName(filename, company, sizeof(company)))
return true;
bool can_re_offer = true;
DWORD disposition = 0;
HKEY key = NULL;
if (::RegCreateKeyEx(HKEY_LOCAL_MACHINE, kNoChromeOfferUntil,
0, NULL, REG_OPTION_NON_VOLATILE, KEY_READ | KEY_WRITE,
NULL, &key, &disposition) == ERROR_SUCCESS) {
// Cannot re-offer, if the timer already exists and is not expired yet.
if (::RegQueryValueEx(key, company, 0, 0, 0, 0) == ERROR_SUCCESS) {
// The expired timers were already removed in CleanUpRegistryValues.
// So if the key is not found, we can offer the Chrome.
can_re_offer = false;
} else if (set_flag) {
// Set expiration date for offer as six months from today,
// represented as a YYYYMMDD numeric value.
SYSTEMTIME timer;
::GetLocalTime(&timer);
timer.wMonth = timer.wMonth + 6;
if (timer.wMonth > 12) {
timer.wMonth = timer.wMonth - 12;
timer.wYear = timer.wYear + 1;
}
DWORD value = timer.wYear * 10000 + timer.wMonth * 100 + timer.wDay;
::RegSetValueEx(key, company, 0, REG_DWORD, (LPBYTE)&value, sizeof(DWORD));
}
::RegCloseKey(key);
}
return can_re_offer;
}
// Helper function to read a value from registry. Returns true if value
// is read successfully and stored in parameter value. Returns false otherwise.
bool ReadValueFromRegistry(HKEY root_key, const wchar_t *sub_key,
const wchar_t *value_name, wchar_t *value,
size_t *size) {
HKEY key;
if ((::RegOpenKeyEx(root_key, sub_key, NULL,
KEY_READ, &key) == ERROR_SUCCESS) &&
(::RegQueryValueEx(key, value_name, NULL, NULL,
reinterpret_cast<LPBYTE>(value),
reinterpret_cast<LPDWORD>(size)) == ERROR_SUCCESS)) {
::RegCloseKey(key);
return true;
}
return false;
}
bool IsChromeInstalled(HKEY root_key) {
wchar_t version[64];
size_t size = _countof(version);
if (ReadValueFromRegistry(root_key, kChromeRegClientsKey, kChromeRegVersion,
version, &size))
return true;
return false;
}
bool IsWinXPSp1OrLater(bool* is_vista_or_later) {
OSVERSIONINFOEX osviex = { sizeof(OSVERSIONINFOEX) };
int r = ::GetVersionEx((LPOSVERSIONINFO)&osviex);
// If this failed we're on Win9X or a pre NT4SP6 OS.
if (!r)
return false;
if (osviex.dwMajorVersion < 5)
return false;
if (osviex.dwMajorVersion > 5) {
*is_vista_or_later = true;
return true; // way beyond Windows XP;
}
if (osviex.dwMinorVersion >= 1 && osviex.wServicePackMajor >= 1)
return true; // Windows XP SP1 or better.
return false; // Windows 2000, WinXP no Service Pack.
}
// Note this function should not be called on old Windows versions where these
// Windows API are not available. We always invoke this function after checking
// that current OS is Vista or later.
bool VerifyAdminGroup() {
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
PSID Group;
BOOL check = ::AllocateAndInitializeSid(&NtAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0,
0, 0, 0,
&Group);
if (check) {
if (!::CheckTokenMembership(NULL, Group, &check))
check = FALSE;
}
::FreeSid(Group);
return (check == TRUE);
}
bool VerifyHKLMAccess(const wchar_t* sub_key) {
HKEY root = HKEY_LOCAL_MACHINE;
wchar_t str[] = L"test";
bool result = false;
DWORD disposition = 0;
HKEY key = NULL;
if (::RegCreateKeyEx(root, sub_key, 0, NULL,
REG_OPTION_NON_VOLATILE, KEY_READ | KEY_WRITE, NULL,
&key, &disposition) == ERROR_SUCCESS) {
if (::RegSetValueEx(key, str, 0, REG_SZ, (LPBYTE)str,
(DWORD)lstrlen(str)) == ERROR_SUCCESS) {
result = true;
RegDeleteValue(key, str);
}
// If we create the main key, delete the entire key.
if (disposition == REG_CREATED_NEW_KEY)
RegDeleteKey(key, NULL);
RegCloseKey(key);
}
return result;
}
bool IsRunningElevated() {
// This method should be called only for Vista or later.
bool is_vista_or_later = false;
IsWinXPSp1OrLater(&is_vista_or_later);
if (!is_vista_or_later || !VerifyAdminGroup())
return false;
HANDLE process_token;
if (!::OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &process_token))
return false;
TOKEN_ELEVATION_TYPE elevation_type = TokenElevationTypeDefault;
DWORD size_returned = 0;
if (!::GetTokenInformation(process_token, TokenElevationType,
&elevation_type, sizeof(elevation_type),
&size_returned)) {
::CloseHandle(process_token);
return false;
}
::CloseHandle(process_token);
return (elevation_type == TokenElevationTypeFull);
}
bool GetUserIdForProcess(size_t pid, wchar_t** user_sid) {
HANDLE process_handle = ::OpenProcess(PROCESS_QUERY_INFORMATION, TRUE, pid);
if (process_handle == NULL)
return false;
HANDLE process_token;
bool result = false;
if (::OpenProcessToken(process_handle, TOKEN_QUERY, &process_token)) {
DWORD size = 0;
::GetTokenInformation(process_token, TokenUser, NULL, 0, &size);
if (::GetLastError() == ERROR_INSUFFICIENT_BUFFER ||
::GetLastError() == ERROR_SUCCESS) {
DWORD actual_size = 0;
BYTE* token_user = new BYTE[size];
if ((::GetTokenInformation(process_token, TokenUser, token_user, size,
&actual_size)) &&
(actual_size <= size)) {
PSID sid = reinterpret_cast<TOKEN_USER*>(token_user)->User.Sid;
if (::ConvertSidToStringSid(sid, user_sid))
result = true;
}
delete[] token_user;
}
::CloseHandle(process_token);
}
::CloseHandle(process_handle);
return result;
}
} // namespace
#pragma comment(linker, "/EXPORT:GoogleChromeCompatibilityCheck=_GoogleChromeCompatibilityCheck@8,PRIVATE")
DLLEXPORT BOOL __stdcall GoogleChromeCompatibilityCheck(BOOL set_flag, DWORD *reasons) {
DWORD local_reasons = 0;
bool is_vista_or_later = false;
// System requirements?
if (!IsWinXPSp1OrLater(&is_vista_or_later))
local_reasons |= GCCC_ERROR_OSNOTSUPPORTED;
if (IsChromeInstalled(HKEY_LOCAL_MACHINE))
local_reasons |= GCCC_ERROR_SYSTEMLEVELALREADYPRESENT;
if (IsChromeInstalled(HKEY_CURRENT_USER))
local_reasons |= GCCC_ERROR_USERLEVELALREADYPRESENT;
if (!VerifyHKLMAccess(kChromeRegClientsKey)) {
local_reasons |= GCCC_ERROR_ACCESSDENIED;
} else if (is_vista_or_later && !VerifyAdminGroup()) {
// For Vista or later check for elevation since even for admin user we could
// be running in non-elevated mode. We require integrity level High.
local_reasons |= GCCC_ERROR_INTEGRITYLEVEL;
}
// First clean up the registry keys left over previously.
// Then only check whether we can re-offer, if everything else is OK.
CleanUpRegistryValues();
if (local_reasons == 0 && !CanReOfferChrome(set_flag))
local_reasons |= GCCC_ERROR_ALREADYOFFERED;
// Done. Copy/return results.
if (reasons != NULL)
*reasons = local_reasons;
return (*reasons == 0);
}
#pragma comment(linker, "/EXPORT:LaunchGoogleChrome=_LaunchGoogleChrome@0,PRIVATE")
DLLEXPORT BOOL __stdcall LaunchGoogleChrome() {
wchar_t launch_cmd[MAX_PATH];
size_t size = _countof(launch_cmd);
if (!ReadValueFromRegistry(HKEY_LOCAL_MACHINE, kChromeRegClientStateKey,
kChromeRegLastLaunchCmd, launch_cmd, &size)) {
size = _countof(launch_cmd);
if (!ReadValueFromRegistry(HKEY_LOCAL_MACHINE, kChromeRegClientStateKey,
kChromeRegLaunchCmd, launch_cmd, &size)) {
return false;
}
}
HRESULT hr = ::CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
if (hr != S_OK) {
if (hr == S_FALSE)
::CoUninitialize();
return false;
}
if (::CoInitializeSecurity(NULL, -1, NULL, NULL,
RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
RPC_C_IMP_LEVEL_IDENTIFY, NULL,
EOAC_DYNAMIC_CLOAKING, NULL) != S_OK) {
::CoUninitialize();
return false;
}
bool impersonation_success = false;
if (IsRunningElevated()) {
wchar_t* curr_proc_sid;
if (!GetUserIdForProcess(GetCurrentProcessId(), &curr_proc_sid)) {
::CoUninitialize();
return false;
}
DWORD pid = 0;
::GetWindowThreadProcessId(::GetShellWindow(), &pid);
if (pid <= 0) {
::LocalFree(curr_proc_sid);
::CoUninitialize();
return false;
}
wchar_t* exp_proc_sid;
if (GetUserIdForProcess(pid, &exp_proc_sid)) {
if (_wcsicmp(curr_proc_sid, exp_proc_sid) == 0) {
HANDLE process_handle = ::OpenProcess(
PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION, TRUE, pid);
if (process_handle != NULL) {
HANDLE process_token;
HANDLE user_token;
if (::OpenProcessToken(process_handle, TOKEN_DUPLICATE | TOKEN_QUERY,
&process_token) &&
::DuplicateTokenEx(process_token,
TOKEN_IMPERSONATE | TOKEN_QUERY |
TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE,
NULL, SecurityImpersonation,
TokenPrimary, &user_token) &&
(::ImpersonateLoggedOnUser(user_token) != 0)) {
impersonation_success = true;
}
::CloseHandle(user_token);
::CloseHandle(process_token);
::CloseHandle(process_handle);
}
}
::LocalFree(exp_proc_sid);
}
::LocalFree(curr_proc_sid);
if (!impersonation_success) {
::CoUninitialize();
return false;
}
}
bool ret = false;
CComPtr<IProcessLauncher> ipl;
if (!FAILED(ipl.CoCreateInstance(__uuidof(ProcessLauncherClass), NULL,
CLSCTX_LOCAL_SERVER))) {
if (!FAILED(ipl->LaunchCmdLine(launch_cmd)))
ret = true;
ipl.Release();
}
if (impersonation_success)
::RevertToSelf();
::CoUninitialize();
return ret;
}
|