September 2024 - Wine-gitlab

[PATCH v11 0/4] MR6423: Implement NtQuerySystemEnvironmentValueEx, NtQuerySystemInformation SystemBootEnvironmentInformation, GetFirmwareType, GetFirmwareEnvironmentVariable*
by Grigory Vasilyev (＠h0tc0d3) 05 Sep '24

05 Sep '24

ntdll: - `NtQuerySystemInformation` `SystemBootEnvironmentInformation` - `NtQuerySystemEnvironmentValueEx` kernel32: - `GetFirmwareType` - `GetFirmwareEnvironmentVariableExA` - `GetFirmwareEnvironmentVariableExW` - `GetFirmwareEnvironmentVariableA` - `GetFirmwareEnvironmentVariableW`. The code is needed to check SecureBoot status, security systems and for example to check the licenses of software that can use efi variables. The behavior matches the behavior of Windows 11. And the output is no different on wine and Windows 11. Example: ```C #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <windows.h> #include <winnt.h> #include <winternl.h> #include <winbase.h> #include <shlwapi.h> #include <securitybaseapi.h> /* x86_64-w64-mingw32-gcc -O2 firmware.c -o firmware.exe -Wl,--subsystem,console -lole32 */ #define SystemBootEnvironmentInformation 90 #define GUID_FORMAT "%08lX-%04hX-%04hX-%02hhX%02hhX-%02hhX%02hhX%02hhX%02hhX%02hhX%02hhX" #define GUID_ARG(guid) \ (guid).Data1, (guid).Data2, (guid).Data3, (guid).Data4[0], (guid).Data4[1], (guid).Data4[2], (guid).Data4[3], \ (guid).Data4[4], (guid).Data4[5], (guid).Data4[6], (guid).Data4[7] typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION { GUID BootIdentifier; FIRMWARE_TYPE FirmwareType; union { ULONGLONG BootFlags; struct { ULONGLONG DbgMenuOsSelection : 1; ULONGLONG DbgHiberBoot : 1; ULONGLONG DbgSoftBoot : 1; ULONGLONG DbgMeasuredLaunch : 1; ULONGLONG DbgMeasuredLaunchCapable : 1; ULONGLONG DbgSystemHiveReplace : 1; ULONGLONG DbgMeasuredLaunchSmmProtections : 1; ULONGLONG DbgMeasuredLaunchSmmLevel : 7; }; }; } SYSTEM_BOOT_ENVIRONMENT_INFORMATION, *PSYSTEM_BOOT_ENVIRONMENT_INFORMATION; typedef NTSTATUS(NTAPI *LPFNZwInitUnicodeString)(IN OUT PUNICODE_STRING DestinationString, IN PCWSTR SourceString); typedef NTSTATUS(NTAPI *LPFNZwQuerySystemInformation)( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength ); typedef NTSTATUS(NTAPI *LPFNZwQuerySystemEnvironmentValueEx)( IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN OUT PULONG ReturnLength, OUT PULONG Attributes ); BOOL EnableTokenPrivilege(HANDLE hToken, LPCTSTR pszPrivilegesName, BOOL bEnabled) { LUID luid; TOKEN_PRIVILEGES tp; if (!LookupPrivilegeValue(NULL, pszPrivilegesName, &luid)) { return FALSE; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; tp.Privileges[0].Attributes = bEnabled ? SE_PRIVILEGE_ENABLED : 0; if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) { return FALSE; } return TRUE; } int main(int argc, char **argv) { DWORD ret; ULONG ret_size; HANDLE hToken; HANDLE hProcess; HINSTANCE hNTdll; DWORD attributes; BOOLEAN secureboot = 0; FIRMWARE_TYPE type = FirmwareTypeUnknown; UNICODE_STRING asus_name; char asus_license[2048] = {0}; UNICODE_STRING secureboot_name; GUID asus_guid; GUID secureboot_guid; SYSTEM_BOOT_ENVIRONMENT_INFORMATION boot_info = {0}; LPFNZwInitUnicodeString ZwInitUnicodeString; LPFNZwQuerySystemInformation ZwQuerySystemInformation; LPFNZwQuerySystemEnvironmentValueEx ZwQuerySystemEnvironmentValueEx; if (CLSIDFromString(L"{02076249-a52b-420e-bd53-aed044349379}", &asus_guid) != NOERROR) { printf("CLSIDFromString error: %d!\n", GetLastError()); return -1; } if (CLSIDFromString(L"{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot_guid) != NOERROR) { printf("CLSIDFromString error: %d!\n", GetLastError()); return -1; } hNTdll = LoadLibraryW(L"Ntdll.dll"); if (!hNTdll) { printf("Can't load ntdll liabrary!\n"); return -1; } ZwInitUnicodeString = (LPFNZwInitUnicodeString) GetProcAddress(hNTdll, "RtlInitUnicodeString"); if (!ZwInitUnicodeString) { printf("Can't get GetProcAddress RtlInitUnicodeString error: %d!\n", GetLastError()); return -1; } ZwInitUnicodeString(&secureboot_name, L"SecureBoot"); ZwInitUnicodeString(&asus_name, L"AsusOnboardToolLicense"); ZwQuerySystemInformation = (LPFNZwQuerySystemInformation) GetProcAddress(hNTdll, "ZwQuerySystemInformation"); if (!ZwQuerySystemInformation) { printf("Can't get GetProcAddress ZwQuerySystemInformation error: %d!\n", GetLastError()); return -1; } ZwQuerySystemEnvironmentValueEx = (LPFNZwQuerySystemEnvironmentValueEx) GetProcAddress(hNTdll, "ZwQuerySystemEnvironmentValueEx"); if (!ZwQuerySystemEnvironmentValueEx) { printf("Can't get GetProcAddress ZwQuerySystemEnvironmentValueEx error: %d!\n", GetLastError()); return -1; } hProcess = GetCurrentProcess(); if (!hProcess) { printf("GetCurrentProcessToken error: %d!\n", GetLastError()); return -1; } if (!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { printf("OpenProcessToken error: %d!\n", GetLastError()); return -1; } if (!EnableTokenPrivilege(hToken, SE_SYSTEM_ENVIRONMENT_NAME, TRUE)) { printf("EnableTokenPrivilege error: %d!\n", GetLastError()); return -1; } if (GetFirmwareType(&type)) printf("GetFirmwareType: %s\n\n", type == FirmwareTypeUefi ? "UEFI" : "BIOS"); ret = GetFirmwareEnvironmentVariableA( "SecureBoot", "{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN) ); if (!ret) { printf("GetFirmwareEnvironmentVariableA error: % d!\n\n", GetLastError()); return -1; } printf("GetFirmwareEnvironmentVariableA\nBytes: %d\nSecureBoot: %s\n\n", ret, secureboot ? "enabled" : "disabled"); secureboot = 0; ret = GetFirmwareEnvironmentVariableW( L"SecureBoot", L"{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN) ); if (!ret) { printf("GetFirmwareEnvironmentVariableW error: % d!\n\n", GetLastError()); return -1; } printf("GetFirmwareEnvironmentVariableW\nBytes: %d\nSecureBoot: %s\n\n", ret, secureboot ? "enabled" : "disabled"); attributes = 0; secureboot = 0; ret = GetFirmwareEnvironmentVariableExA( "SecureBoot", "{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN), &attributes ); if (!ret) { printf("GetFirmwareEnvironmentVariableExA error: % d!\n\n", GetLastError()); return -1; } printf( "GetFirmwareEnvironmentVariableExA\nBytes: %d\nAttributes: 0x%08x\nSecureBoot: %s\n\n", ret, attributes, secureboot ? "enabled" : "disabled" ); attributes = 0; ret = GetFirmwareEnvironmentVariableExW( L"AsusOnboardToolLicense", L"{02076249-a52b-420e-bd53-aed044349379}", asus_license, sizeof(asus_license), &attributes ); if (!ret) { printf("GetFirmwareEnvironmentVariableExW error: % d!\n\n", GetLastError()); return -1; } printf( "GetFirmwareEnvironmentVariableExW\nBytes: %d\nAttributes: 0x%08x\nAsus License: \n%s\n\n", ret, attributes, asus_license ); ret_size = sizeof(secureboot); attributes = 0; secureboot = 0; if (ZwQuerySystemEnvironmentValueEx(&secureboot_name, &secureboot_guid, &secureboot, &ret_size, &attributes) != NOERROR) { printf("ZwQuerySystemEnvironmentValueEx error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf( "NtQuerySystemEnvironmentValueEx\nBytes: %d\nAttributes: 0x%08x\nSecureBoot: %s\n\n", ret_size, attributes, secureboot ? "enabled" : "disabled" ); ret_size = sizeof(asus_license); attributes = 0; for (size_t i = 0; i < ret_size; i++) { asus_license[i] = '\0'; } if (ZwQuerySystemEnvironmentValueEx(&asus_name, &asus_guid, asus_license, &ret_size, &attributes) != NOERROR) { printf("ZwQuerySystemEnvironmentValueEx error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf( "NtQuerySystemEnvironmentValueEx\nBytes: %d\nAttributes: 0x%08x\nAsus License: \n%s\n\n", ret_size, attributes, asus_license ); if (ZwQuerySystemInformation( (SYSTEM_INFORMATION_CLASS) SystemBootEnvironmentInformation, &boot_info, sizeof(boot_info), &ret_size ) != NOERROR) { printf("ZwQuerySystemInformation error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf("SystemBootEnvironmentInformation:\nBootIdentifier: {" GUID_FORMAT "}", GUID_ARG(boot_info.BootIdentifier)); printf( "\nFirmwareType: %s\nBootFlags: 0x%llX\n\n", (boot_info.FirmwareType == FirmwareTypeUefi ? "UEFI" : "BIOS"), boot_info.BootFlags ); FreeLibrary(hNTdll); return 0; } ``` Output: ``` GetFirmwareType: UEFI GetFirmwareEnvironmentVariableA Bytes: 1 SecureBoot: enabled GetFirmwareEnvironmentVariableW Bytes: 1 SecureBoot: enabled GetFirmwareEnvironmentVariableExA Bytes: 1 Attributes: 0x00000006 SecureBoot: enabled GetFirmwareEnvironmentVariableExW Bytes: 1570 Attributes: 0x00000006 Asus License: BASE64_BIG_LICENSE_TEXT== [LicenseID]:FED7A1 [Model]:Dummy-BaseBoard-Id [Tools]:WAsusDmiS,LogoFlashS,ASUSFwConfigS,AsusEventLogS,AsusNvLockS [Customer]:DummyLic [Expire]:2022-11-24 NtQuerySystemEnvironmentValueEx Bytes: 1 Attributes: 0x00000006 SecureBoot: enabled NtQuerySystemEnvironmentValueEx Bytes: 1570 Attributes: 0x00000006 Asus License: BASE64_BIG_LICENSE_TEXT== [LicenseID]:FED7A1 [Model]:Dummy-BaseBoard-Id [Tools]:WAsusDmiS,LogoFlashS,ASUSFwConfigS,AsusEventLogS,AsusNvLockS [Customer]:DummyLic [Expire]:2022-11-24 SystemBootEnvironmentInformation: BootIdentifier: {8522FFCA-6A31-11EF-952A-966164983DCB} FirmwareType: UEFI BootFlags: 0x0 ``` -- v11: kernel32: Implement GetFirmwareEnvironmentVariableExA, GetFirmwareEnvironmentVariableExW, GetFirmwareEnvironmentVariableA, GetFirmwareEnvironmentVariableW. kernel32: Implement GetFirmwareType. ntdll: Implement NtQuerySystemInformation SystemBootEnvironmentInformation. ntdll: Implement NtQuerySystemEnvironmentValueEx. https://gitlab.winehq.org/wine/wine/-/merge_requests/6423

3 7

[PATCH v8 0/4] MR6423: Implement NtQuerySystemEnvironmentValueEx, NtQuerySystemInformation SystemBootEnvironmentInformation, GetFirmwareType, GetFirmwareEnvironmentVariable*
by Grigory Vasilyev (＠h0tc0d3) 05 Sep '24

05 Sep '24

ntdll: - `NtQuerySystemInformation` `SystemBootEnvironmentInformation` - `NtQuerySystemEnvironmentValueEx` kernel32: - `GetFirmwareType` - `GetFirmwareEnvironmentVariableExA` - `GetFirmwareEnvironmentVariableExW` - `GetFirmwareEnvironmentVariableA` - `GetFirmwareEnvironmentVariableW`. The code is needed to check SecureBoot status, security systems and for example to check the licenses of software that can use efi variables. The behavior matches the behavior of Windows 11. And the output is no different on wine and Windows 11. Example: ```C #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <windows.h> #include <winnt.h> #include <winternl.h> #include <winbase.h> #include <shlwapi.h> #include <securitybaseapi.h> /* x86_64-w64-mingw32-gcc -O2 firmware.c -o firmware.exe -Wl,--subsystem,console -lole32 */ #define SystemBootEnvironmentInformation 90 #define GUID_FORMAT "%08lX-%04hX-%04hX-%02hhX%02hhX-%02hhX%02hhX%02hhX%02hhX%02hhX%02hhX" #define GUID_ARG(guid) \ (guid).Data1, (guid).Data2, (guid).Data3, (guid).Data4[0], (guid).Data4[1], (guid).Data4[2], (guid).Data4[3], \ (guid).Data4[4], (guid).Data4[5], (guid).Data4[6], (guid).Data4[7] typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION { GUID BootIdentifier; FIRMWARE_TYPE FirmwareType; union { ULONGLONG BootFlags; struct { ULONGLONG DbgMenuOsSelection : 1; ULONGLONG DbgHiberBoot : 1; ULONGLONG DbgSoftBoot : 1; ULONGLONG DbgMeasuredLaunch : 1; ULONGLONG DbgMeasuredLaunchCapable : 1; ULONGLONG DbgSystemHiveReplace : 1; ULONGLONG DbgMeasuredLaunchSmmProtections : 1; ULONGLONG DbgMeasuredLaunchSmmLevel : 7; }; }; } SYSTEM_BOOT_ENVIRONMENT_INFORMATION, *PSYSTEM_BOOT_ENVIRONMENT_INFORMATION; typedef NTSTATUS(NTAPI *LPFNZwInitUnicodeString)(IN OUT PUNICODE_STRING DestinationString, IN PCWSTR SourceString); typedef NTSTATUS(NTAPI *LPFNZwQuerySystemInformation)( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength ); typedef NTSTATUS(NTAPI *LPFNZwQuerySystemEnvironmentValueEx)( IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN OUT PULONG ReturnLength, OUT PULONG Attributes ); BOOL EnableTokenPrivilege(HANDLE hToken, LPCTSTR pszPrivilegesName, BOOL bEnabled) { LUID luid; TOKEN_PRIVILEGES tp; if (!LookupPrivilegeValue(NULL, pszPrivilegesName, &luid)) { return FALSE; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; tp.Privileges[0].Attributes = bEnabled ? SE_PRIVILEGE_ENABLED : 0; if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) { return FALSE; } return TRUE; } int main(int argc, char **argv) { DWORD ret; ULONG ret_size; HANDLE hToken; HANDLE hProcess; HINSTANCE hNTdll; DWORD attributes; BOOLEAN secureboot = 0; FIRMWARE_TYPE type = FirmwareTypeUnknown; UNICODE_STRING asus_name; char asus_license[2048] = {0}; UNICODE_STRING secureboot_name; GUID asus_guid; GUID secureboot_guid; SYSTEM_BOOT_ENVIRONMENT_INFORMATION boot_info = {0}; LPFNZwInitUnicodeString ZwInitUnicodeString; LPFNZwQuerySystemInformation ZwQuerySystemInformation; LPFNZwQuerySystemEnvironmentValueEx ZwQuerySystemEnvironmentValueEx; if (CLSIDFromString(L"{02076249-a52b-420e-bd53-aed044349379}", &asus_guid) != NOERROR) { printf("CLSIDFromString error: %d!\n", GetLastError()); return -1; } if (CLSIDFromString(L"{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot_guid) != NOERROR) { printf("CLSIDFromString error: %d!\n", GetLastError()); return -1; } hNTdll = LoadLibraryW(L"Ntdll.dll"); if (!hNTdll) { printf("Can't load ntdll liabrary!\n"); return -1; } ZwInitUnicodeString = (LPFNZwInitUnicodeString) GetProcAddress(hNTdll, "RtlInitUnicodeString"); if (!ZwInitUnicodeString) { printf("Can't get GetProcAddress RtlInitUnicodeString error: %d!\n", GetLastError()); return -1; } ZwInitUnicodeString(&secureboot_name, L"SecureBoot"); ZwInitUnicodeString(&asus_name, L"AsusOnboardToolLicense"); ZwQuerySystemInformation = (LPFNZwQuerySystemInformation) GetProcAddress(hNTdll, "ZwQuerySystemInformation"); if (!ZwQuerySystemInformation) { printf("Can't get GetProcAddress ZwQuerySystemInformation error: %d!\n", GetLastError()); return -1; } ZwQuerySystemEnvironmentValueEx = (LPFNZwQuerySystemEnvironmentValueEx) GetProcAddress(hNTdll, "ZwQuerySystemEnvironmentValueEx"); if (!ZwQuerySystemEnvironmentValueEx) { printf("Can't get GetProcAddress ZwQuerySystemEnvironmentValueEx error: %d!\n", GetLastError()); return -1; } hProcess = GetCurrentProcess(); if (!hProcess) { printf("GetCurrentProcessToken error: %d!\n", GetLastError()); return -1; } if (!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { printf("OpenProcessToken error: %d!\n", GetLastError()); return -1; } if (!EnableTokenPrivilege(hToken, SE_SYSTEM_ENVIRONMENT_NAME, TRUE)) { printf("EnableTokenPrivilege error: %d!\n", GetLastError()); return -1; } if (GetFirmwareType(&type)) printf("GetFirmwareType: %s\n\n", type == FirmwareTypeUefi ? "UEFI" : "BIOS"); ret = GetFirmwareEnvironmentVariableA( "SecureBoot", "{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN) ); if (!ret) { printf("GetFirmwareEnvironmentVariableA error: % d!\n\n", GetLastError()); return -1; } printf("GetFirmwareEnvironmentVariableA\nBytes: %d\nSecureBoot: %s\n\n", ret, secureboot ? "enabled" : "disabled"); secureboot = 0; ret = GetFirmwareEnvironmentVariableW( L"SecureBoot", L"{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN) ); if (!ret) { printf("GetFirmwareEnvironmentVariableW error: % d!\n\n", GetLastError()); return -1; } printf("GetFirmwareEnvironmentVariableW\nBytes: %d\nSecureBoot: %s\n\n", ret, secureboot ? "enabled" : "disabled"); attributes = 0; secureboot = 0; ret = GetFirmwareEnvironmentVariableExA( "SecureBoot", "{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN), &attributes ); if (!ret) { printf("GetFirmwareEnvironmentVariableExA error: % d!\n\n", GetLastError()); return -1; } printf( "GetFirmwareEnvironmentVariableExA\nBytes: %d\nAttributes: 0x%08x\nSecureBoot: %s\n\n", ret, attributes, secureboot ? "enabled" : "disabled" ); attributes = 0; ret = GetFirmwareEnvironmentVariableExW( L"AsusOnboardToolLicense", L"{02076249-a52b-420e-bd53-aed044349379}", asus_license, sizeof(asus_license), &attributes ); if (!ret) { printf("GetFirmwareEnvironmentVariableExW error: % d!\n\n", GetLastError()); return -1; } printf( "GetFirmwareEnvironmentVariableExW\nBytes: %d\nAttributes: 0x%08x\nAsus License: \n%s\n\n", ret, attributes, asus_license ); ret_size = sizeof(secureboot); attributes = 0; secureboot = 0; if (ZwQuerySystemEnvironmentValueEx(&secureboot_name, &secureboot_guid, &secureboot, &ret_size, &attributes) != NOERROR) { printf("ZwQuerySystemEnvironmentValueEx error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf( "NtQuerySystemEnvironmentValueEx\nBytes: %d\nAttributes: 0x%08x\nSecureBoot: %s\n\n", ret_size, attributes, secureboot ? "enabled" : "disabled" ); ret_size = sizeof(asus_license); attributes = 0; for (size_t i = 0; i < ret_size; i++) { asus_license[i] = '\0'; } if (ZwQuerySystemEnvironmentValueEx(&asus_name, &asus_guid, asus_license, &ret_size, &attributes) != NOERROR) { printf("ZwQuerySystemEnvironmentValueEx error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf( "NtQuerySystemEnvironmentValueEx\nBytes: %d\nAttributes: 0x%08x\nAsus License: \n%s\n\n", ret_size, attributes, asus_license ); if (ZwQuerySystemInformation( (SYSTEM_INFORMATION_CLASS) SystemBootEnvironmentInformation, &boot_info, sizeof(boot_info), &ret_size ) != NOERROR) { printf("ZwQuerySystemInformation error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf("SystemBootEnvironmentInformation:\nBootIdentifier: {" GUID_FORMAT "}", GUID_ARG(boot_info.BootIdentifier)); printf( "\nFirmwareType: %s\nBootFlags: 0x%llX\n\n", (boot_info.FirmwareType == FirmwareTypeUefi ? "UEFI" : "BIOS"), boot_info.BootFlags ); FreeLibrary(hNTdll); return 0; } ``` Output: ``` GetFirmwareType: UEFI GetFirmwareEnvironmentVariableA Bytes: 1 SecureBoot: enabled GetFirmwareEnvironmentVariableW Bytes: 1 SecureBoot: enabled GetFirmwareEnvironmentVariableExA Bytes: 1 Attributes: 0x00000006 SecureBoot: enabled GetFirmwareEnvironmentVariableExW Bytes: 1570 Attributes: 0x00000006 Asus License: BASE64_BIG_LICENSE_TEXT== [LicenseID]:FED7A1 [Model]:Dummy-BaseBoard-Id [Tools]:WAsusDmiS,LogoFlashS,ASUSFwConfigS,AsusEventLogS,AsusNvLockS [Customer]:DummyLic [Expire]:2022-11-24 NtQuerySystemEnvironmentValueEx Bytes: 1 Attributes: 0x00000006 SecureBoot: enabled NtQuerySystemEnvironmentValueEx Bytes: 1570 Attributes: 0x00000006 Asus License: BASE64_BIG_LICENSE_TEXT== [LicenseID]:FED7A1 [Model]:Dummy-BaseBoard-Id [Tools]:WAsusDmiS,LogoFlashS,ASUSFwConfigS,AsusEventLogS,AsusNvLockS [Customer]:DummyLic [Expire]:2022-11-24 SystemBootEnvironmentInformation: BootIdentifier: {8522FFCA-6A31-11EF-952A-966164983DCB} FirmwareType: UEFI BootFlags: 0x0 ``` -- v8: kernel32: Implement GetFirmwareEnvironmentVariableExA, GetFirmwareEnvironmentVariableExW, GetFirmwareEnvironmentVariableA, GetFirmwareEnvironmentVariableW. kernel32: Implement GetFirmwareType. ntdll: Implement NtQuerySystemInformation SystemBootEnvironmentInformation. ntdll: Implement NtQuerySystemEnvironmentValueEx. https://gitlab.winehq.org/wine/wine/-/merge_requests/6423

4 8

[PATCH v9 0/4] MR6423: Implement NtQuerySystemEnvironmentValueEx, NtQuerySystemInformation SystemBootEnvironmentInformation, GetFirmwareType, GetFirmwareEnvironmentVariable*
by Grigory Vasilyev (＠h0tc0d3) 05 Sep '24

05 Sep '24

ntdll: - `NtQuerySystemInformation` `SystemBootEnvironmentInformation` - `NtQuerySystemEnvironmentValueEx` kernel32: - `GetFirmwareType` - `GetFirmwareEnvironmentVariableExA` - `GetFirmwareEnvironmentVariableExW` - `GetFirmwareEnvironmentVariableA` - `GetFirmwareEnvironmentVariableW`. The code is needed to check SecureBoot status, security systems and for example to check the licenses of software that can use efi variables. The behavior matches the behavior of Windows 11. And the output is no different on wine and Windows 11. Example: ```C #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <windows.h> #include <winnt.h> #include <winternl.h> #include <winbase.h> #include <shlwapi.h> #include <securitybaseapi.h> /* x86_64-w64-mingw32-gcc -O2 firmware.c -o firmware.exe -Wl,--subsystem,console -lole32 */ #define SystemBootEnvironmentInformation 90 #define GUID_FORMAT "%08lX-%04hX-%04hX-%02hhX%02hhX-%02hhX%02hhX%02hhX%02hhX%02hhX%02hhX" #define GUID_ARG(guid) \ (guid).Data1, (guid).Data2, (guid).Data3, (guid).Data4[0], (guid).Data4[1], (guid).Data4[2], (guid).Data4[3], \ (guid).Data4[4], (guid).Data4[5], (guid).Data4[6], (guid).Data4[7] typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION { GUID BootIdentifier; FIRMWARE_TYPE FirmwareType; union { ULONGLONG BootFlags; struct { ULONGLONG DbgMenuOsSelection : 1; ULONGLONG DbgHiberBoot : 1; ULONGLONG DbgSoftBoot : 1; ULONGLONG DbgMeasuredLaunch : 1; ULONGLONG DbgMeasuredLaunchCapable : 1; ULONGLONG DbgSystemHiveReplace : 1; ULONGLONG DbgMeasuredLaunchSmmProtections : 1; ULONGLONG DbgMeasuredLaunchSmmLevel : 7; }; }; } SYSTEM_BOOT_ENVIRONMENT_INFORMATION, *PSYSTEM_BOOT_ENVIRONMENT_INFORMATION; typedef NTSTATUS(NTAPI *LPFNZwInitUnicodeString)(IN OUT PUNICODE_STRING DestinationString, IN PCWSTR SourceString); typedef NTSTATUS(NTAPI *LPFNZwQuerySystemInformation)( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength ); typedef NTSTATUS(NTAPI *LPFNZwQuerySystemEnvironmentValueEx)( IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN OUT PULONG ReturnLength, OUT PULONG Attributes ); BOOL EnableTokenPrivilege(HANDLE hToken, LPCTSTR pszPrivilegesName, BOOL bEnabled) { LUID luid; TOKEN_PRIVILEGES tp; if (!LookupPrivilegeValue(NULL, pszPrivilegesName, &luid)) { return FALSE; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; tp.Privileges[0].Attributes = bEnabled ? SE_PRIVILEGE_ENABLED : 0; if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) { return FALSE; } return TRUE; } int main(int argc, char **argv) { DWORD ret; ULONG ret_size; HANDLE hToken; HANDLE hProcess; HINSTANCE hNTdll; DWORD attributes; BOOLEAN secureboot = 0; FIRMWARE_TYPE type = FirmwareTypeUnknown; UNICODE_STRING asus_name; char asus_license[2048] = {0}; UNICODE_STRING secureboot_name; GUID asus_guid; GUID secureboot_guid; SYSTEM_BOOT_ENVIRONMENT_INFORMATION boot_info = {0}; LPFNZwInitUnicodeString ZwInitUnicodeString; LPFNZwQuerySystemInformation ZwQuerySystemInformation; LPFNZwQuerySystemEnvironmentValueEx ZwQuerySystemEnvironmentValueEx; if (CLSIDFromString(L"{02076249-a52b-420e-bd53-aed044349379}", &asus_guid) != NOERROR) { printf("CLSIDFromString error: %d!\n", GetLastError()); return -1; } if (CLSIDFromString(L"{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot_guid) != NOERROR) { printf("CLSIDFromString error: %d!\n", GetLastError()); return -1; } hNTdll = LoadLibraryW(L"Ntdll.dll"); if (!hNTdll) { printf("Can't load ntdll liabrary!\n"); return -1; } ZwInitUnicodeString = (LPFNZwInitUnicodeString) GetProcAddress(hNTdll, "RtlInitUnicodeString"); if (!ZwInitUnicodeString) { printf("Can't get GetProcAddress RtlInitUnicodeString error: %d!\n", GetLastError()); return -1; } ZwInitUnicodeString(&secureboot_name, L"SecureBoot"); ZwInitUnicodeString(&asus_name, L"AsusOnboardToolLicense"); ZwQuerySystemInformation = (LPFNZwQuerySystemInformation) GetProcAddress(hNTdll, "ZwQuerySystemInformation"); if (!ZwQuerySystemInformation) { printf("Can't get GetProcAddress ZwQuerySystemInformation error: %d!\n", GetLastError()); return -1; } ZwQuerySystemEnvironmentValueEx = (LPFNZwQuerySystemEnvironmentValueEx) GetProcAddress(hNTdll, "ZwQuerySystemEnvironmentValueEx"); if (!ZwQuerySystemEnvironmentValueEx) { printf("Can't get GetProcAddress ZwQuerySystemEnvironmentValueEx error: %d!\n", GetLastError()); return -1; } hProcess = GetCurrentProcess(); if (!hProcess) { printf("GetCurrentProcessToken error: %d!\n", GetLastError()); return -1; } if (!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { printf("OpenProcessToken error: %d!\n", GetLastError()); return -1; } if (!EnableTokenPrivilege(hToken, SE_SYSTEM_ENVIRONMENT_NAME, TRUE)) { printf("EnableTokenPrivilege error: %d!\n", GetLastError()); return -1; } if (GetFirmwareType(&type)) printf("GetFirmwareType: %s\n\n", type == FirmwareTypeUefi ? "UEFI" : "BIOS"); ret = GetFirmwareEnvironmentVariableA( "SecureBoot", "{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN) ); if (!ret) { printf("GetFirmwareEnvironmentVariableA error: % d!\n\n", GetLastError()); return -1; } printf("GetFirmwareEnvironmentVariableA\nBytes: %d\nSecureBoot: %s\n\n", ret, secureboot ? "enabled" : "disabled"); secureboot = 0; ret = GetFirmwareEnvironmentVariableW( L"SecureBoot", L"{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN) ); if (!ret) { printf("GetFirmwareEnvironmentVariableW error: % d!\n\n", GetLastError()); return -1; } printf("GetFirmwareEnvironmentVariableW\nBytes: %d\nSecureBoot: %s\n\n", ret, secureboot ? "enabled" : "disabled"); attributes = 0; secureboot = 0; ret = GetFirmwareEnvironmentVariableExA( "SecureBoot", "{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN), &attributes ); if (!ret) { printf("GetFirmwareEnvironmentVariableExA error: % d!\n\n", GetLastError()); return -1; } printf( "GetFirmwareEnvironmentVariableExA\nBytes: %d\nAttributes: 0x%08x\nSecureBoot: %s\n\n", ret, attributes, secureboot ? "enabled" : "disabled" ); attributes = 0; ret = GetFirmwareEnvironmentVariableExW( L"AsusOnboardToolLicense", L"{02076249-a52b-420e-bd53-aed044349379}", asus_license, sizeof(asus_license), &attributes ); if (!ret) { printf("GetFirmwareEnvironmentVariableExW error: % d!\n\n", GetLastError()); return -1; } printf( "GetFirmwareEnvironmentVariableExW\nBytes: %d\nAttributes: 0x%08x\nAsus License: \n%s\n\n", ret, attributes, asus_license ); ret_size = sizeof(secureboot); attributes = 0; secureboot = 0; if (ZwQuerySystemEnvironmentValueEx(&secureboot_name, &secureboot_guid, &secureboot, &ret_size, &attributes) != NOERROR) { printf("ZwQuerySystemEnvironmentValueEx error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf( "NtQuerySystemEnvironmentValueEx\nBytes: %d\nAttributes: 0x%08x\nSecureBoot: %s\n\n", ret_size, attributes, secureboot ? "enabled" : "disabled" ); ret_size = sizeof(asus_license); attributes = 0; for (size_t i = 0; i < ret_size; i++) { asus_license[i] = '\0'; } if (ZwQuerySystemEnvironmentValueEx(&asus_name, &asus_guid, asus_license, &ret_size, &attributes) != NOERROR) { printf("ZwQuerySystemEnvironmentValueEx error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf( "NtQuerySystemEnvironmentValueEx\nBytes: %d\nAttributes: 0x%08x\nAsus License: \n%s\n\n", ret_size, attributes, asus_license ); if (ZwQuerySystemInformation( (SYSTEM_INFORMATION_CLASS) SystemBootEnvironmentInformation, &boot_info, sizeof(boot_info), &ret_size ) != NOERROR) { printf("ZwQuerySystemInformation error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf("SystemBootEnvironmentInformation:\nBootIdentifier: {" GUID_FORMAT "}", GUID_ARG(boot_info.BootIdentifier)); printf( "\nFirmwareType: %s\nBootFlags: 0x%llX\n\n", (boot_info.FirmwareType == FirmwareTypeUefi ? "UEFI" : "BIOS"), boot_info.BootFlags ); FreeLibrary(hNTdll); return 0; } ``` Output: ``` GetFirmwareType: UEFI GetFirmwareEnvironmentVariableA Bytes: 1 SecureBoot: enabled GetFirmwareEnvironmentVariableW Bytes: 1 SecureBoot: enabled GetFirmwareEnvironmentVariableExA Bytes: 1 Attributes: 0x00000006 SecureBoot: enabled GetFirmwareEnvironmentVariableExW Bytes: 1570 Attributes: 0x00000006 Asus License: BASE64_BIG_LICENSE_TEXT== [LicenseID]:FED7A1 [Model]:Dummy-BaseBoard-Id [Tools]:WAsusDmiS,LogoFlashS,ASUSFwConfigS,AsusEventLogS,AsusNvLockS [Customer]:DummyLic [Expire]:2022-11-24 NtQuerySystemEnvironmentValueEx Bytes: 1 Attributes: 0x00000006 SecureBoot: enabled NtQuerySystemEnvironmentValueEx Bytes: 1570 Attributes: 0x00000006 Asus License: BASE64_BIG_LICENSE_TEXT== [LicenseID]:FED7A1 [Model]:Dummy-BaseBoard-Id [Tools]:WAsusDmiS,LogoFlashS,ASUSFwConfigS,AsusEventLogS,AsusNvLockS [Customer]:DummyLic [Expire]:2022-11-24 SystemBootEnvironmentInformation: BootIdentifier: {8522FFCA-6A31-11EF-952A-966164983DCB} FirmwareType: UEFI BootFlags: 0x0 ``` -- v9: kernel32: Implement GetFirmwareEnvironmentVariableExA, GetFirmwareEnvironmentVariableExW, GetFirmwareEnvironmentVariableA, GetFirmwareEnvironmentVariableW. https://gitlab.winehq.org/wine/wine/-/merge_requests/6423

2 6

[PATCH v7 0/4] MR6423: Implement NtQuerySystemEnvironmentValueEx, NtQuerySystemInformation SystemBootEnvironmentInformation, GetFirmwareType, GetFirmwareEnvironmentVariable*
by Grigory Vasilyev (＠h0tc0d3) 05 Sep '24

05 Sep '24

ntdll: - `NtQuerySystemInformation` `SystemBootEnvironmentInformation` - `NtQuerySystemEnvironmentValueEx` kernel32: - `GetFirmwareType` - `GetFirmwareEnvironmentVariableExA` - `GetFirmwareEnvironmentVariableExW` - `GetFirmwareEnvironmentVariableA` - `GetFirmwareEnvironmentVariableW`. The code is needed to check SecureBoot status, security systems and for example to check the licenses of software that can use efi variables. The behavior matches the behavior of Windows 11. And the output is no different on wine and Windows 11. Example: ```C #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <windows.h> #include <winnt.h> #include <winternl.h> #include <winbase.h> #include <shlwapi.h> #include <securitybaseapi.h> /* x86_64-w64-mingw32-gcc -O2 firmware.c -o firmware.exe -Wl,--subsystem,console -lole32 */ #define SystemBootEnvironmentInformation 90 #define GUID_FORMAT "%08lX-%04hX-%04hX-%02hhX%02hhX-%02hhX%02hhX%02hhX%02hhX%02hhX%02hhX" #define GUID_ARG(guid) \ (guid).Data1, (guid).Data2, (guid).Data3, (guid).Data4[0], (guid).Data4[1], (guid).Data4[2], (guid).Data4[3], \ (guid).Data4[4], (guid).Data4[5], (guid).Data4[6], (guid).Data4[7] typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION { GUID BootIdentifier; FIRMWARE_TYPE FirmwareType; union { ULONGLONG BootFlags; struct { ULONGLONG DbgMenuOsSelection : 1; ULONGLONG DbgHiberBoot : 1; ULONGLONG DbgSoftBoot : 1; ULONGLONG DbgMeasuredLaunch : 1; ULONGLONG DbgMeasuredLaunchCapable : 1; ULONGLONG DbgSystemHiveReplace : 1; ULONGLONG DbgMeasuredLaunchSmmProtections : 1; ULONGLONG DbgMeasuredLaunchSmmLevel : 7; }; }; } SYSTEM_BOOT_ENVIRONMENT_INFORMATION, *PSYSTEM_BOOT_ENVIRONMENT_INFORMATION; typedef NTSTATUS(NTAPI *LPFNZwInitUnicodeString)(IN OUT PUNICODE_STRING DestinationString, IN PCWSTR SourceString); typedef NTSTATUS(NTAPI *LPFNZwQuerySystemInformation)( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength ); typedef NTSTATUS(NTAPI *LPFNZwQuerySystemEnvironmentValueEx)( IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN OUT PULONG ReturnLength, OUT PULONG Attributes ); BOOL EnableTokenPrivilege(HANDLE hToken, LPCTSTR pszPrivilegesName, BOOL bEnabled) { LUID luid; TOKEN_PRIVILEGES tp; if (!LookupPrivilegeValue(NULL, pszPrivilegesName, &luid)) { return FALSE; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; tp.Privileges[0].Attributes = bEnabled ? SE_PRIVILEGE_ENABLED : 0; if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) { return FALSE; } return TRUE; } int main(int argc, char **argv) { DWORD ret; ULONG ret_size; HANDLE hToken; HANDLE hProcess; HINSTANCE hNTdll; DWORD attributes; BOOLEAN secureboot = 0; FIRMWARE_TYPE type = FirmwareTypeUnknown; UNICODE_STRING asus_name; char asus_license[2048] = {0}; UNICODE_STRING secureboot_name; GUID asus_guid; GUID secureboot_guid; SYSTEM_BOOT_ENVIRONMENT_INFORMATION boot_info = {0}; LPFNZwInitUnicodeString ZwInitUnicodeString; LPFNZwQuerySystemInformation ZwQuerySystemInformation; LPFNZwQuerySystemEnvironmentValueEx ZwQuerySystemEnvironmentValueEx; if (CLSIDFromString(L"{02076249-a52b-420e-bd53-aed044349379}", &asus_guid) != NOERROR) { printf("CLSIDFromString error: %d!\n", GetLastError()); return -1; } if (CLSIDFromString(L"{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot_guid) != NOERROR) { printf("CLSIDFromString error: %d!\n", GetLastError()); return -1; } hNTdll = LoadLibraryW(L"Ntdll.dll"); if (!hNTdll) { printf("Can't load ntdll liabrary!\n"); return -1; } ZwInitUnicodeString = (LPFNZwInitUnicodeString) GetProcAddress(hNTdll, "RtlInitUnicodeString"); if (!ZwInitUnicodeString) { printf("Can't get GetProcAddress RtlInitUnicodeString error: %d!\n", GetLastError()); return -1; } ZwInitUnicodeString(&secureboot_name, L"SecureBoot"); ZwInitUnicodeString(&asus_name, L"AsusOnboardToolLicense"); ZwQuerySystemInformation = (LPFNZwQuerySystemInformation) GetProcAddress(hNTdll, "ZwQuerySystemInformation"); if (!ZwQuerySystemInformation) { printf("Can't get GetProcAddress ZwQuerySystemInformation error: %d!\n", GetLastError()); return -1; } ZwQuerySystemEnvironmentValueEx = (LPFNZwQuerySystemEnvironmentValueEx) GetProcAddress(hNTdll, "ZwQuerySystemEnvironmentValueEx"); if (!ZwQuerySystemEnvironmentValueEx) { printf("Can't get GetProcAddress ZwQuerySystemEnvironmentValueEx error: %d!\n", GetLastError()); return -1; } hProcess = GetCurrentProcess(); if (!hProcess) { printf("GetCurrentProcessToken error: %d!\n", GetLastError()); return -1; } if (!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { printf("OpenProcessToken error: %d!\n", GetLastError()); return -1; } if (!EnableTokenPrivilege(hToken, SE_SYSTEM_ENVIRONMENT_NAME, TRUE)) { printf("EnableTokenPrivilege error: %d!\n", GetLastError()); return -1; } if (GetFirmwareType(&type)) printf("GetFirmwareType: %s\n\n", type == FirmwareTypeUefi ? "UEFI" : "BIOS"); ret = GetFirmwareEnvironmentVariableA( "SecureBoot", "{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN) ); if (!ret) { printf("GetFirmwareEnvironmentVariableA error: % d!\n\n", GetLastError()); return -1; } printf("GetFirmwareEnvironmentVariableA\nBytes: %d\nSecureBoot: %s\n\n", ret, secureboot ? "enabled" : "disabled"); secureboot = 0; ret = GetFirmwareEnvironmentVariableW( L"SecureBoot", L"{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN) ); if (!ret) { printf("GetFirmwareEnvironmentVariableW error: % d!\n\n", GetLastError()); return -1; } printf("GetFirmwareEnvironmentVariableW\nBytes: %d\nSecureBoot: %s\n\n", ret, secureboot ? "enabled" : "disabled"); attributes = 0; secureboot = 0; ret = GetFirmwareEnvironmentVariableExA( "SecureBoot", "{8be4df61-93ca-11d2-aa0d-00e098032b8c}", &secureboot, sizeof(BOOLEAN), &attributes ); if (!ret) { printf("GetFirmwareEnvironmentVariableExA error: % d!\n\n", GetLastError()); return -1; } printf( "GetFirmwareEnvironmentVariableExA\nBytes: %d\nAttributes: 0x%08x\nSecureBoot: %s\n\n", ret, attributes, secureboot ? "enabled" : "disabled" ); attributes = 0; ret = GetFirmwareEnvironmentVariableExW( L"AsusOnboardToolLicense", L"{02076249-a52b-420e-bd53-aed044349379}", asus_license, sizeof(asus_license), &attributes ); if (!ret) { printf("GetFirmwareEnvironmentVariableExW error: % d!\n\n", GetLastError()); return -1; } printf( "GetFirmwareEnvironmentVariableExW\nBytes: %d\nAttributes: 0x%08x\nAsus License: \n%s\n\n", ret, attributes, asus_license ); ret_size = sizeof(secureboot); attributes = 0; secureboot = 0; if (ZwQuerySystemEnvironmentValueEx(&secureboot_name, &secureboot_guid, &secureboot, &ret_size, &attributes) != NOERROR) { printf("ZwQuerySystemEnvironmentValueEx error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf( "NtQuerySystemEnvironmentValueEx\nBytes: %d\nAttributes: 0x%08x\nSecureBoot: %s\n\n", ret_size, attributes, secureboot ? "enabled" : "disabled" ); ret_size = sizeof(asus_license); attributes = 0; for (size_t i = 0; i < ret_size; i++) { asus_license[i] = '\0'; } if (ZwQuerySystemEnvironmentValueEx(&asus_name, &asus_guid, asus_license, &ret_size, &attributes) != NOERROR) { printf("ZwQuerySystemEnvironmentValueEx error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf( "NtQuerySystemEnvironmentValueEx\nBytes: %d\nAttributes: 0x%08x\nAsus License: \n%s\n\n", ret_size, attributes, asus_license ); if (ZwQuerySystemInformation( (SYSTEM_INFORMATION_CLASS) SystemBootEnvironmentInformation, &boot_info, sizeof(boot_info), &ret_size ) != NOERROR) { printf("ZwQuerySystemInformation error: % d!\n\n", GetLastError()); FreeLibrary(hNTdll); return -1; } printf("SystemBootEnvironmentInformation:\nBootIdentifier: {" GUID_FORMAT "}", GUID_ARG(boot_info.BootIdentifier)); printf( "\nFirmwareType: %s\nBootFlags: 0x%llX\n\n", (boot_info.FirmwareType == FirmwareTypeUefi ? "UEFI" : "BIOS"), boot_info.BootFlags ); FreeLibrary(hNTdll); return 0; } ``` Output: ``` GetFirmwareType: UEFI GetFirmwareEnvironmentVariableA Bytes: 1 SecureBoot: enabled GetFirmwareEnvironmentVariableW Bytes: 1 SecureBoot: enabled GetFirmwareEnvironmentVariableExA Bytes: 1 Attributes: 0x00000006 SecureBoot: enabled GetFirmwareEnvironmentVariableExW Bytes: 1570 Attributes: 0x00000006 Asus License: BASE64_BIG_LICENSE_TEXT== [LicenseID]:FED7A1 [Model]:Dummy-BaseBoard-Id [Tools]:WAsusDmiS,LogoFlashS,ASUSFwConfigS,AsusEventLogS,AsusNvLockS [Customer]:DummyLic [Expire]:2022-11-24 NtQuerySystemEnvironmentValueEx Bytes: 1 Attributes: 0x00000006 SecureBoot: enabled NtQuerySystemEnvironmentValueEx Bytes: 1570 Attributes: 0x00000006 Asus License: BASE64_BIG_LICENSE_TEXT== [LicenseID]:FED7A1 [Model]:Dummy-BaseBoard-Id [Tools]:WAsusDmiS,LogoFlashS,ASUSFwConfigS,AsusEventLogS,AsusNvLockS [Customer]:DummyLic [Expire]:2022-11-24 SystemBootEnvironmentInformation: BootIdentifier: {8522FFCA-6A31-11EF-952A-966164983DCB} FirmwareType: UEFI BootFlags: 0x0 ``` -- v7: kernel32: Implement GetFirmwareEnvironmentVariableExA, GetFirmwareEnvironmentVariableExW, GetFirmwareEnvironmentVariableA, GetFirmwareEnvironmentVariableW. kernel32: Implement GetFirmwareType. ntdll: Implement NtQuerySystemInformation SystemBootEnvironmentInformation. ntdll: Implement NtQuerySystemEnvironmentValueEx. https://gitlab.winehq.org/wine/wine/-/merge_requests/6423

2 4

Re: [PATCH v6 0/4] MR6423: Implement NtQuerySystemEnvironmentValueEx, NtQuerySystemInformation SystemBootEnvironmentInformation, GetFirmwareType, GetFirmwareEnvironmentVariable*
by Alfred Agrell (＠Alcaro) 05 Sep '24

05 Sep '24

Alfred Agrell (@Alcaro) commented about dlls/ntdll/unix/system.c: > +#if defined(__linux__) || defined(__gnu_linux__) > + int fd, rc; > + size_t bytes, pos = 0; > + ssize_t ssz; > + char filename[128]; > + char *cname; > + struct stat sb = {0}; > + > + cname = (char *) malloc(name->Length); > + ntdll_wcstoumbs(name->Buffer, name->Length, cname, name->Length, FALSE); > + > + snprintf(filename, sizeof(filename), > + "/sys/firmware/efi/efivars/%s-%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X", cname, > + vendor->Data1, vendor->Data2, vendor->Data3, vendor->Data4[0], vendor->Data4[1], > + vendor->Data4[2], vendor->Data4[3], vendor->Data4[4], vendor->Data4[5], > + vendor->Data4[6], vendor->Data4[7]); This throws a warning on 32bit builds. ``` ../dlls/ntdll/unix/system.c:3698:47: error: format '%X' expects argument of type 'unsigned int', but argument 5 has type 'long unsigned int' [-Werror=format=] 3698 | "/sys/firmware/efi/efivars/%s-%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X", cname, | ~~~^ | | | unsigned int | %08lX 3699 | vendor->Data1, vendor->Data2, vendor->Data3, vendor->Data4[0], vendor->Data4[1], | ~~~~~~~~~~~~~ | | | long unsigned int ``` They're both uint32, so I'd prefer if compiler could just shut up. But we can't really affect that on our end. Let's just explicitly cast to (unsigned). -- https://gitlab.winehq.org/wine/wine/-/merge_requests/6423#note_81255

1 0

Re: [PATCH v6 0/4] MR6423: Implement NtQuerySystemEnvironmentValueEx, NtQuerySystemInformation SystemBootEnvironmentInformation, GetFirmwareType, GetFirmwareEnvironmentVariable*
by Alfred Agrell (＠Alcaro) 05 Sep '24

05 Sep '24

It's improving, but with so much code changes between each version, there's plenty of room for improvement. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/6423#note_81251

1 0

Re: [PATCH v6 0/4] MR6423: Implement NtQuerySystemEnvironmentValueEx, NtQuerySystemInformation SystemBootEnvironmentInformation, GetFirmwareType, GetFirmwareEnvironmentVariable*
by Alfred Agrell (＠Alcaro) 05 Sep '24

05 Sep '24

Alfred Agrell (@Alcaro) commented about dlls/kernel32/process.c: > + > + return FALSE; > +} > + > +/*********************************************************************** > + * GetFirmwareEnvironmentVariableExA (KERNEL32.@) > + */ > +DWORD WINAPI GetFirmwareEnvironmentVariableExA(LPCSTR name, LPCSTR guid, PVOID buffer, DWORD size, PDWORD attributes) > +{ > + int nsize; > + GUID vendor = {0}; > + LPWSTR wname; > + UNICODE_STRING uname; > + DWORD ret_size = size; > + > + if (!__wine_string_to_guid(guid, &vendor)) Probably better to convert this string to utf16, then call the W function. That'd not only remove that GUID conversion function (I'd rather not review that amount of math - I think even GCC will complain that, unclear precedence warnings on | and +), but also make future maintenance easier. Yes, it'll copy and convert around things a little more. Who cares, this isn't performance sensitive. If you want to remove the allocations, you can put one in NtCurrentTeb()->StaticUnicodeBuffer, A/W conversions is exactly what it's for. (Though there's only one, so you'll need pointer math or allocations for the other one.) -- https://gitlab.winehq.org/wine/wine/-/merge_requests/6423#note_81250

1 0

Re: [PATCH v6 0/4] MR6423: Implement NtQuerySystemEnvironmentValueEx, NtQuerySystemInformation SystemBootEnvironmentInformation, GetFirmwareType, GetFirmwareEnvironmentVariable*
by Alfred Agrell (＠Alcaro) 05 Sep '24

05 Sep '24

Alfred Agrell (@Alcaro) commented about dlls/kernel32/process.c: > + GUID vendor = {0}; > + UNICODE_STRING uname; > + DWORD ret_size = size; > + > + if (!__wine_guid_from_string(guid, &vendor)) > + { > + SetLastError(RtlNtStatusToDosError(CO_E_CLASSSTRING)); > + return 0; > + } > + > + RtlInitUnicodeString(&uname, name); > + > + if (!set_ntstatus( > + NtQuerySystemEnvironmentValueEx(&uname, &vendor, buffer, &ret_size, attributes))) > + { > + RtlFreeUnicodeString(&uname); There's a few unexpected RtlFreeUnicodeString here too. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/6423#note_81249

1 0

Re: [PATCH v6 0/4] MR6423: Implement NtQuerySystemEnvironmentValueEx, NtQuerySystemInformation SystemBootEnvironmentInformation, GetFirmwareType, GetFirmwareEnvironmentVariable*
by Alfred Agrell (＠Alcaro) 05 Sep '24

05 Sep '24

Alfred Agrell (@Alcaro) commented about dlls/kernel32/process.c: > + return FALSE; > + return TRUE; > +} > + > +static const BYTE __wine_guid_conv_table[256] = > +{ > + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x00 */ > + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x10 */ > + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x20 */ > + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, /* 0x30 */ > + 0, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x40 */ > + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x50 */ > + 0, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf /* 0x60 */ > +}; > + > +static inline BOOL __wine_guid_from_string(LPCWSTR s, GUID *id) You've reinvented RtlGUIDFromString(). Better call that. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/6423#note_81247

1 0

Re: [PATCH v6 0/4] MR6423: Implement NtQuerySystemEnvironmentValueEx, NtQuerySystemInformation SystemBootEnvironmentInformation, GetFirmwareType, GetFirmwareEnvironmentVariable*
by Alfred Agrell (＠Alcaro) 05 Sep '24

05 Sep '24

Alfred Agrell (@Alcaro) commented about dlls/kernel32/process.c: > + { > + SetLastError(RtlNtStatusToDosError(ERROR_NOT_ENOUGH_MEMORY)); > + return 0; > + } > + > + MultiByteToWideChar(CP_ACP, 0, name, -1, wname, nsize); > + > + RtlInitUnicodeString(&uname, wname); > + > + if (!set_ntstatus( > + NtQuerySystemEnvironmentValueEx(&uname, &vendor, buffer, &ret_size, attributes))) > + { > + ret_size = 0; > + } > + > + RtlFreeUnicodeString(&uname); RtlInitUnicodeString doesn't allocate, it just puts the pointer in the struct. Better just just drop that variable. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/6423#note_81248

1 0