Overwite potentially faked kernel version with correct values

* ntdll.h (RtlGetNtVersionNumbers): Declare.
	* wincap.cc (wincapc::init): Overwrite kernel version info
	returned by RtlGetVersion with correct info returnd by
	RtlGetNtVersionNumbers.  Add comment.

Originally, using RtlGetVersion instead of GetVersionEx was supposed to
fix the fact that GetVersionInfo returns the wrong kernel version if the
executable has been built with an old manifest (or none at all), starting
with Windows 8.1.  Either this never really worked as desired and our
testing was flawed, or this has been changed again with Windows 10, so
that RtlGetVersion does the kernel faking twist as well.  Since we're
only reading the value in the first process in a process tree. the entire
process tree is running with a wrong OS version information in that case.

Fortunately, the (undocumented) RtlGetNtVersionNumbers function is not
affected by this nonsense, so we simply override the OS version info
fields with the correct values now.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2016-03-09 23:10:17 +01:00
parent 264b5e137e
commit 48511f3d38
2 changed files with 6 additions and 0 deletions

View File

@ -1452,6 +1452,7 @@ extern "C"
PACL *, PBOOLEAN);
NTSTATUS NTAPI RtlGetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID *,
PBOOLEAN);
NTSTATUS NTAPI RtlGetNtVersionNumbers (LPDWORD, LPDWORD, LPDWORD);
NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID *,
PBOOLEAN);
NTSTATUS NTAPI RtlGetVersion (PRTL_OSVERSIONINFOEXW);

View File

@ -276,6 +276,11 @@ wincapc::init ()
GetSystemInfo (&system_info);
version.dwOSVersionInfoSize = sizeof (RTL_OSVERSIONINFOEXW);
RtlGetVersion (&version);
/* Overwrite unreliable kernel version with correct values returned by
RtlGetNtVersionNumbers. See git log of this change for a description. */
RtlGetNtVersionNumbers (&version.dwMajorVersion,
&version.dwMinorVersion,
&version.dwBuildNumber);
switch (version.dwMajorVersion)
{