winbootmgr.cpp DebugMan - 第8个男人内核技术，漏洞挖掘，逆向技术，程序设计

本页主题: winbootmgr.cpp	打印 \| 加为IE收藏 \| 收藏主题 \| 上一主题 \| 下一主题

MJ0011

我是乖娃娃

级别: RCT成员
精华: 29
发帖: 2189
声望: 80 点
DM币: 5636 元
贡献: 0 点
注册时间:2007-06-04
最后登录:2010-08-01

winbootmgr.cpp

本帖被 xIkUg 执行加亮操作(2008-09-23)

Copy code

// winbootmgr.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include "windows.h"
#include "winbase.h"
#include "stdio.h"
#include <stdlib.h>

#define BOOT_MGR_TYPE 0x10100002
#define BOOT_MGR_NAME_ELEMENTS 12000004
#define BOOT_MGR_LOCAL 12000005
#define BOOT_MGR_PTR_TO_DEFULT_OS 23000003
#define BOOT_MGR_PTR_TO_DEFULT_REMUSE 23000006
#define BOOT_MGR_BOOT_OS_LIST 24000001
#define BOOT_MGR_PTR_TO_MEMTEST 24000010
#define BOOT_MGR_WAIT_TIME 25000004

#define OS_BOOTLOADER_PATH 12000002
#define OS_NAME 12000004
#define OS_LOCALE_LANGUAGE 12000005
#define OS_SYSTEM_PATH 22000002

// typedef struct BOOT_MGR{
//
// };

void DisplayOSNodeInfo(HKEY hkeyObjects ,
LPCSTR OsGUIDName)
{
ULONG xret ;

CHAR xxName[100];

HKEY hkeyOS ;
sprintf(xxName , "%s\\Elements\\%u" , OsGUIDName , OS_BOOTLOADER_PATH );

xret = RegOpenKey(hkeyObjects , xxName , &hkeyOS );

if (xret != ERROR_SUCCESS)
{
printf("error open Key :%s , err = %u\n" , xxName , xret);

}
else
{

ULONG Type , retlen = 100;
CHAR OSBootLoaderPath[100];

xret = RegQueryValueEx(hkeyOS , "Element" , 0 , &Type , (LPBYTE)OSBootLoaderPath , &retlen );
if (xret != ERROR_SUCCESS)
{
printf("error query value key , err = %u\n", xret);
}
else
{
printf("OsBootLoader Path :%s\n" , OSBootLoaderPath);

}
RegCloseKey(hkeyOS);
}
sprintf(xxName , "%s\\Elements\\%u" , OsGUIDName , OS_NAME );

xret = RegOpenKey(hkeyObjects , xxName , &hkeyOS );

if (xret != ERROR_SUCCESS)
{
printf("error open Key :%s , err = %u\n" , xxName , xret);

}
else
{
ULONG Type , retlen = 100;
CHAR OsName[100];

xret = RegQueryValueEx(hkeyOS , "Element" , 0 , &Type , (LPBYTE)OsName , &retlen );
if (xret != ERROR_SUCCESS)
{
printf("error query value key , err = %u\n", xret);
}
else
{
printf("OS Name :%s\n" , OsName);

}
RegCloseKey(hkeyOS);
}
sprintf(xxName , "%s\\Elements\\%u" , OsGUIDName , OS_LOCALE_LANGUAGE );

xret = RegOpenKey(hkeyObjects , xxName , &hkeyOS );

if (xret != ERROR_SUCCESS)
{
//printf("error open Key :%s , err = %u\n" , xxName , xret);
printf("Locale Language : N/A\n");

}
else
{
ULONG Type , retlen = 100;
CHAR OsLocale[100];

xret = RegQueryValueEx(hkeyOS , "Element" , 0 , &Type , (LPBYTE)OsLocale , &retlen );
if (xret != ERROR_SUCCESS)
{
printf("error query value key , err = %u\n", xret);
}
else
{
printf("Os Locale Language :%s\n" , OsLocale);

}
RegCloseKey(hkeyOS);
}
sprintf(xxName , "%s\\Elements\\%u" , OsGUIDName , OS_SYSTEM_PATH );

xret = RegOpenKey(hkeyObjects , xxName , &hkeyOS );

if (xret != ERROR_SUCCESS)
{
// printf("error open Key :%s , err = %u\n" , xxName , xret);
printf("Os System Path :N/A\n");

}
else
{
ULONG Type , retlen = 100;
CHAR OsSystemPath[100];

xret = RegQueryValueEx(hkeyOS , "Element" , 0 , &Type , (LPBYTE)OsSystemPath , &retlen );
if (xret != ERROR_SUCCESS)
{
printf("error query value key , err = %u\n", xret);
}
else
{
printf("Os System Path :%s\n\n" , OsSystemPath);

}
RegCloseKey(hkeyOS);
}
return ;
}
BOOL ConnectBootMgr()
{
HKEY hkey ;
ULONG xret ;

xret = RegOpenKey(HKEY_LOCAL_MACHINE , "BCD00000000" , &hkey);

if (xret != ERROR_SUCCESS)
{
printf("open bcd main key failed , err = %u\n" , xret);
return 3 ;
}

ULONG Index = 0 ;
CHAR KeyName[100] = "";
ULONG uret = ERROR_SUCCESS ;
BOOL bFind = FALSE ;

while(uret == ERROR_SUCCESS)
{
if (!stricmp(KeyName , "Objects"))
{
bFind = TRUE ;
break ;
}
uret = RegEnumKey(hkey , Index , KeyName , 100) ;
Index ++ ;
}

if (!bFind)
{
RegCloseKey(hkey);
printf("cannot found BCDMgr->Objects!\n");
return FALSE ;
}

HKEY hkeyObject ;
xret = RegOpenKey(hkey , KeyName , &hkeyObject) ;

if (xret != ERROR_SUCCESS)
{
printf("error open BCDMgr->Objects! err = %u\n" , xret);
RegCloseKey(hkey);
return FALSE;
}

Index = 0 ;
uret = ERROR_SUCCESS ;
bFind = FALSE ;

RegCloseKey(hkey);

while(uret == ERROR_SUCCESS)
{
uret = RegEnumKey(hkeyObject , Index , KeyName , 100) ;
if (uret == ERROR_SUCCESS)
{
CHAR DescObject[100];
HKEY hkeyDesc ;

sprintf(DescObject , "%s\\%s" , KeyName , "Description");

xret = RegOpenKey(hkeyObject , DescObject , &hkeyDesc) ;
if ( xret != ERROR_SUCCESS)
{
printf("error open Object Description , err = %u\n" , xret);
RegCloseKey(hkeyObject);
RegCloseKey(hkey);
return FALSE ;

}

ULONG value ,type ,retlen = sizeof(ULONG);

xret = RegQueryValueEx(hkeyDesc , "Type" , 0 , &type , (LPBYTE)&value , &retlen) ;

if (xret !=ERROR_SUCCESS)
{
printf("error query object description type err = %u\n" , xret);
RegCloseKey(hkeyDesc);
RegCloseKey(hkeyObject);
RegCloseKey(hkey);
return FALSE ;
}

if (value == BOOT_MGR_TYPE)
{
printf("BootMgr Object GUID = %s\n\n" , KeyName);
bFind = TRUE ;

break ;

}
else
{
RegCloseKey(hkeyDesc);

}
}

Index ++ ;
}

CHAR ElementName[100];
HKEY htemp ;

sprintf(ElementName , "%s\\Elements\\%u" , KeyName , BOOT_MGR_NAME_ELEMENTS);

xret = RegOpenKey(hkeyObject , ElementName , &htemp );
if (xret != ERROR_SUCCESS)
{
printf("error open Elements:BOOT_MGR_NAME_ELEMENTS Key :%s , err = %u\n" , ElementName , xret);
}
else
{
CHAR BootMgrName[100];
ULONG size = 100 , Type ;

xret= RegQueryValueEx(htemp , "Element" , 0 , &Type ,(LPBYTE)BootMgrName , &size) ;

if (xret != ERROR_SUCCESS)
{
printf("error query element value of BOOT_MGR_NAME_ELEMENTS err= %u\n" , xret);
}
else
{
printf("BootMgr Name : %s\n\n" , BootMgrName);
}
RegCloseKey(htemp);

}

sprintf(ElementName , "%s\\Elements\\%u" , KeyName , BOOT_MGR_LOCAL);

xret = RegOpenKey(hkeyObject , ElementName , &htemp );
if (xret != ERROR_SUCCESS)
{
printf("error open Elements:BOOT_MGR_LOCAL Key :%s , err = %u\n" , ElementName , xret);
}
else
{
CHAR Local[100];
ULONG size = 100 , Type ;

xret= RegQueryValueEx(htemp , "Element" , 0 , &Type ,(LPBYTE)Local , &size) ;

if (xret != ERROR_SUCCESS)
{
printf("error query element value of BOOT_MGR_LOCAL err= %u\n" , xret);
}
else
{
printf("Locale Language : %s\n\n" , Local);
}
RegCloseKey(htemp);

}

sprintf(ElementName , "%s\\Elements\\%u" , KeyName , BOOT_MGR_PTR_TO_DEFULT_OS );

xret = RegOpenKey(hkeyObject , ElementName , &htemp );
if (xret != ERROR_SUCCESS)
{
printf("error open Elements:BOOT_MGR_PTR_TO_DEFULT_OS Key :%s , err = %u\n" , ElementName , xret);
}
else
{
CHAR DefaultOS[100];
ULONG size = 100 , Type ;

xret= RegQueryValueEx(htemp , "Element" , 0 , &Type ,(LPBYTE)DefaultOS , &size) ;

if (xret != ERROR_SUCCESS)
{
printf("error query element value of BOOT_MGR_PTR_TO_DEFULT_OS err= %u\n" , xret);
}
else
{
printf("DefaultOS GUID : %s\n\n" , DefaultOS);
}
RegCloseKey(htemp);

}
sprintf(ElementName , "%s\\Elements\\%u" , KeyName , BOOT_MGR_PTR_TO_DEFULT_REMUSE );

xret = RegOpenKey(hkeyObject , ElementName , &htemp );
if (xret != ERROR_SUCCESS)
{
printf("error open Elements:BOOT_MGR_PTR_TO_DEFULT_REMUSE Key :%s , err = %u\n" , ElementName , xret);
}
else
{
CHAR DefaultResume[100];
ULONG size = 100 , Type ;

xret= RegQueryValueEx(htemp , "Element" , 0 , &Type ,(LPBYTE)DefaultResume , &size) ;

if (xret != ERROR_SUCCESS)
{
printf("error query element value of BOOT_MGR_PTR_TO_DEFULT_REMUSE err= %u\n" , xret);
}
else
{
printf("Default Resume GUID : %s\n\n" , DefaultResume);
DisplayOSNodeInfo(hkeyObject , DefaultResume);
}
RegCloseKey(htemp);

}

sprintf(ElementName , "%s\\Elements\\%u" , KeyName , BOOT_MGR_BOOT_OS_LIST );

xret = RegOpenKey(hkeyObject , ElementName , &htemp );
if (xret != ERROR_SUCCESS)
{
printf("error open Elements:BOOT_MGR_BOOT_OS_LIST Key :%s , err = %u\n" , ElementName , xret);
}
else
{
BYTE OSList[1000];
PBYTE lpOsList = OSList ;
ULONG size = 1000 , Type ;

xret= RegQueryValueEx(htemp , "Element" , 0 , &Type ,(LPBYTE)OSList , &size) ;

if (xret != ERROR_SUCCESS)
{
printf("error query element value of BOOT_MGR_BOOT_OS_LIST err= %u\n" , xret);
}
else
{
LPCSTR OsGUIDName = (LPCSTR)lpOsList ;
ULONG OsIndex = 0 ;
printf("SystemOS List:\n\n");

while((ULONG)OsGUIDName+1 < (ULONG)lpOsList + size)
{
printf("OS[%u] : GUID = %s\n\n", OsIndex , OsGUIDName);

DisplayOSNodeInfo(hkeyObject , OsGUIDName ) ;
OsGUIDName = (LPCSTR)((ULONG)OsGUIDName + strlen(OsGUIDName) + 1 );
OsIndex ++ ;
}

}
RegCloseKey(htemp);

}

sprintf(ElementName , "%s\\Elements\\%u" , KeyName , BOOT_MGR_PTR_TO_MEMTEST );

xret = RegOpenKey(hkeyObject , ElementName , &htemp );
if (xret != ERROR_SUCCESS)
{
printf("error open Elements:BOOT_MGR_PTR_TO_MEMTEST Key :%s , err = %u\n" , ElementName , xret);
}
else
{
CHAR MemTest[100];
ULONG size = 100 , Type ;

xret= RegQueryValueEx(htemp , "Element" , 0 , &Type ,(LPBYTE)MemTest , &size) ;

if (xret != ERROR_SUCCESS)
{
printf("error query element value of BOOT_MGR_PTR_TO_MEMTEST err= %u\n" , xret);
}
else
{
printf("BootMemTest GUID : %s\n\n" , MemTest);
DisplayOSNodeInfo(hkeyObject , MemTest);
}
RegCloseKey(htemp);

}
sprintf(ElementName , "%s\\Elements\\%u" , KeyName , BOOT_MGR_WAIT_TIME );

xret = RegOpenKey(hkeyObject , ElementName , &htemp );
if (xret != ERROR_SUCCESS)
{
printf("error open Elements:BOOT_MGR_WAIT_TIME Key :%s , err = %u\n" , ElementName , xret);
}
else
{
LARGE_INTEGER WaitTime;
ULONG size = 8, Type ;

xret= RegQueryValueEx(htemp , "Element" , 0 , &Type ,(LPBYTE)&WaitTime , &size) ;

if (xret != ERROR_SUCCESS)
{
printf("error query element value of BOOT_MGR_WAIT_TIME err= %u\n" , xret);
}
else
{
printf("Boot Menu Wait Time : %I64u second(s)\n\n" , WaitTime.QuadPart);
}
RegCloseKey(htemp);

}

RegCloseKey(hkeyObject);
RegCloseKey(hkey);

// strcpy(BootName ,KeyName);

return TRUE ;

}

int main(int argc, char* argv[])
{

HKEY hkey ;

if (RegOpenKey(HKEY_LOCAL_MACHINE,"BCD00000000" , &hkey) != ERROR_SUCCESS)
{
MessageBox(GetDesktopWindow() , "Need admin privilege!" , "Error" , MB_OK|MB_ICONWARNING);
return 0;

}
RegCloseKey(hkey);

printf("Windows Vista BootMgr Demo\n"
"By MJ0011 2008-7-15\n"
"\n1.Display BootMgr config\n\n");

ULONG id = 0 ;

fflush(stdin);
scanf("%u" , &id);

if (id == 1 )
{
ConnectBootMgr();
system("pause");
}

return 0 ;

}