summaryrefslogtreecommitdiffstats
path: root/src/VBox/Runtime/tools
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-11 08:17:27 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-11 08:17:27 +0000
commitf215e02bf85f68d3a6106c2a1f4f7f063f819064 (patch)
tree6bb5b92c046312c4e95ac2620b10ddf482d3fa8b /src/VBox/Runtime/tools
parentInitial commit. (diff)
downloadvirtualbox-f215e02bf85f68d3a6106c2a1f4f7f063f819064.tar.xz
virtualbox-f215e02bf85f68d3a6106c2a1f4f7f063f819064.zip
Adding upstream version 7.0.14-dfsg.upstream/7.0.14-dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/VBox/Runtime/tools')
-rw-r--r--src/VBox/Runtime/tools/Makefile.kmk287
-rw-r--r--src/VBox/Runtime/tools/RTCat.cpp330
-rw-r--r--src/VBox/Runtime/tools/RTChMod.cpp435
-rw-r--r--src/VBox/Runtime/tools/RTCp.cpp361
-rw-r--r--src/VBox/Runtime/tools/RTDbgSymCache.cpp1858
-rw-r--r--src/VBox/Runtime/tools/RTDbgSymSrv.cpp600
-rw-r--r--src/VBox/Runtime/tools/RTEfiFatExtract.cpp263
-rw-r--r--src/VBox/Runtime/tools/RTEfiSigDb.cpp833
-rw-r--r--src/VBox/Runtime/tools/RTFtpServer.cpp666
-rw-r--r--src/VBox/Runtime/tools/RTFuzzClient.cpp54
-rw-r--r--src/VBox/Runtime/tools/RTFuzzMaster.cpp54
-rw-r--r--src/VBox/Runtime/tools/RTGzip.cpp55
-rw-r--r--src/VBox/Runtime/tools/RTHttp.cpp188
-rw-r--r--src/VBox/Runtime/tools/RTHttpServer.cpp889
-rw-r--r--src/VBox/Runtime/tools/RTIsoMaker.cpp54
-rw-r--r--src/VBox/Runtime/tools/RTKrnlModInfo.cpp187
-rw-r--r--src/VBox/Runtime/tools/RTLdrCheckImports.cpp708
-rw-r--r--src/VBox/Runtime/tools/RTLdrFlt.cpp598
-rw-r--r--src/VBox/Runtime/tools/RTLs.cpp54
-rw-r--r--src/VBox/Runtime/tools/RTManifest.cpp404
-rw-r--r--src/VBox/Runtime/tools/RTMkDir.cpp379
-rw-r--r--src/VBox/Runtime/tools/RTNtDbgHelp.cpp393
-rw-r--r--src/VBox/Runtime/tools/RTRm.cpp54
-rw-r--r--src/VBox/Runtime/tools/RTRmDir.cpp369
-rw-r--r--src/VBox/Runtime/tools/RTShutdown.cpp114
-rw-r--r--src/VBox/Runtime/tools/RTSignTool.cpp6330
-rw-r--r--src/VBox/Runtime/tools/RTTar.cpp54
-rw-r--r--src/VBox/Runtime/tools/RTTraceLogTool.cpp343
-rw-r--r--src/VBox/Runtime/tools/RTUnzip.cpp54
29 files changed, 16968 insertions, 0 deletions
diff --git a/src/VBox/Runtime/tools/Makefile.kmk b/src/VBox/Runtime/tools/Makefile.kmk
new file mode 100644
index 00000000..929bd728
--- /dev/null
+++ b/src/VBox/Runtime/tools/Makefile.kmk
@@ -0,0 +1,287 @@
+# $Id: Makefile.kmk $
+## @file
+# Sub-Makefile for the IPRT tools.
+#
+
+#
+# Copyright (C) 2006-2023 Oracle and/or its affiliates.
+#
+# This file is part of VirtualBox base platform packages, as
+# available from https://www.virtualbox.org.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation, in version 3 of the
+# License.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses>.
+#
+# The contents of this file may alternatively be used under the terms
+# of the Common Development and Distribution License Version 1.0
+# (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+# in the VirtualBox distribution, in which case the provisions of the
+# CDDL are applicable instead of those of the GPL.
+#
+# You may elect to license modified versions of this file under the
+# terms and conditions of either the GPL or the CDDL or both.
+#
+# SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+#
+
+SUB_DEPTH = ../../../..
+include $(KBUILD_PATH)/subheader.kmk
+
+
+if !defined(VBOX_ONLY_EXTPACKS) && !defined(VBOX_ONLY_DOCS)
+ # RTIsoMaker - ISO image maker - build version.
+ ifeq ($(KBUILD_TARGET),win) # Needed for repacking guest additions.
+ PROGRAMS += bldRTIsoMaker
+ bldRTIsoMaker_INSTTYPE = stage
+ else
+ BLDPROGS += bldRTIsoMaker
+ endif
+ bldRTIsoMaker_TEMPLATE = VBoxAdvBldProg
+ bldRTIsoMaker_SOURCES = \
+ RTIsoMaker.cpp \
+ ../common/misc/buildconfig.cpp
+ bldRTIsoMaker_DEFS = \
+ IPRT_BLDCFG_SCM_REV=$(if $(VBOX_SVN_REV_FALLBACK),$(VBOX_SVN_REV_FALLBACK),$(VBOX_SVN_REV)) \
+ IPRT_BLDCFG_VERSION_MAJOR=$(VBOX_VERSION_MAJOR) \
+ IPRT_BLDCFG_VERSION_MINOR=$(VBOX_VERSION_MINOR) \
+ IPRT_BLDCFG_VERSION_BUILD=$(VBOX_VERSION_BUILD)
+ ifdef VBOX_WITH_AUTOMATIC_DEFS_QUOTING
+ bldRTIsoMaker_DEFS += \
+ IPRT_BLDCFG_VERSION_STRING="$(VBOX_VERSION_STRING)" \
+ IPRT_BLDCFG_TARGET="$(KBUILD_TARGET)" \
+ IPRT_BLDCFG_TARGET_ARCH="$(KBUILD_TARGET_ARCH)" \
+ IPRT_BLDCFG_TYPE="$(KBUILD_TYPE)"
+ else
+ bldRTIsoMaker_DEFS += \
+ IPRT_BLDCFG_VERSION_STRING=\"$(VBOX_VERSION_STRING)\" \
+ IPRT_BLDCFG_TARGET=\"$(KBUILD_TARGET)\" \
+ IPRT_BLDCFG_TARGET_ARCH=\"$(KBUILD_TARGET_ARCH)\" \
+ IPRT_BLDCFG_TYPE=\"$(KBUILD_TYPE)\"
+ endif
+ bldRTIsoMaker_INCS = ../include
+endif
+
+
+if !defined(VBOX_ONLY_DOCS)
+
+ # RTManifest is a tool for creating and verifying manifest files - build version.
+ BLDPROGS += bldRTManifest
+ bldRTManifest_TEMPLATE = VBoxAdvBldProg
+ bldRTManifest_SOURCES = RTManifest.cpp
+
+
+ if !defined(VBOX_ONLY_EXTPACKS) || "$(KBUILD_TARGET)" == "win" || "$(KBUILD_TARGET)" == "darwin"
+ # RTSignTool - Signing utility - build version. Signed on windows so we can get the certificate from it.
+ BLDPROGS += bldRTSignTool
+ bldRTSignTool_TEMPLATE := VBoxAdvBldProg
+ bldRTSignTool_INCS := ../include
+ bldRTSignTool_SOURCES := RTSignTool.cpp
+ bldRTSignTool_DEFS := IPRT_IN_BUILD_TOOL
+ bldRTSignTool_LDFLAGS.darwin := \
+ -framework CoreFoundation \
+ -framework Security
+ bldRTSignTool_LIBS.win := Crypt32.lib NCrypt.lib
+ ifndef VBOX_WITH_BLD_RTSIGNTOOL_SIGNING
+ bldRTSignTool_DEFS += IPRT_SIGNTOOL_NO_SIGNING
+ else # RuntimeBldProg is missing a lot and is built w/o IPRT_WITH_OPENSSL. So, include missing and rebuilt openssl deps.
+ bldRTSignTool_SDKS += VBoxOpenSslBldProg
+ bldRTSignTool_DEFS += IPRT_WITH_OPENSSL
+ bldRTSignTool_SOURCES += \
+ ../common/crypto/pkix-signature-builtin.cpp \
+ ../common/crypto/pkix-signature-ossl.cpp \
+ ../common/crypto/store.cpp \
+ ../common/crypto/digest-builtin.cpp \
+ ../common/crypto/iprt-openssl.cpp \
+ ../common/crypto/key.cpp \
+ ../common/crypto/key-file.cpp \
+ ../common/crypto/key-openssl.cpp \
+ ../common/crypto/pkcs7-sign.cpp \
+ ../common/crypto/RTCrRandBytes-openssl.cpp
+ if1of ($(KBUILD_HOST), darwin win)
+ bldRTSignTool_SOURCES += ../r3/$(KBUILD_HOST)/RTCrStoreCreateSnapshotById-$(KBUILD_HOST).cpp
+ else
+ bldRTSignTool_SOURCES += ../generic/RTCrStoreCreateSnapshotById-generic.cpp
+ endif
+ endif
+ endif
+
+ if !defined(VBOX_ONLY_EXTPACKS)
+ # RTLdrCheckImports - import checker.
+ PROGRAMS += bldRTLdrCheckImports
+ bldRTLdrCheckImports_TEMPLATE = VBoxAdvBldProg
+ bldRTLdrCheckImports_DEFS = IPRT_IN_BUILD_TOOL
+ bldRTLdrCheckImports_SOURCES = RTLdrCheckImports.cpp
+ endif
+endif
+
+if !defined(VBOX_ONLY_BUILD)
+
+ # RTCat is a tool for displaying files.
+ PROGRAMS += RTCat
+ RTCat_TEMPLATE = VBoxR3Tool
+ RTCat_SOURCES = RTCat.cpp
+ RTCat_SOURCES += ../VBox/LoadVBoxDDU.cpp
+
+ # RTChMod - our chmod clone.
+ PROGRAMS += RTChMod
+ RTChMod_TEMPLATE = VBoxR3Tool
+ RTChMod_SOURCES = RTChMod.cpp
+
+ # RTCp - our cp clone.
+ PROGRAMS += RTCp
+ RTCp_TEMPLATE = VBoxR3Tool
+ RTCp_SOURCES = RTCp.cpp
+ RTCp_SOURCES += ../VBox/LoadVBoxDDU.cpp
+
+ # RTIsoMaker - ISO image maker - build version.
+ PROGRAMS += RTIsoMaker
+ RTIsoMaker_TEMPLATE = VBoxR3Tool
+ RTIsoMaker_SOURCES = RTIsoMaker.cpp
+ RTIsoMaker_SOURCES += ../VBox/LoadVBoxDDU.cpp
+
+ # RTLs is a tool for listing file information.
+ PROGRAMS += RTLs
+ RTLs_TEMPLATE = VBoxR3Tool
+ RTLs_SOURCES = RTLs.cpp
+ RTLs_SOURCES += ../VBox/LoadVBoxDDU.cpp
+
+ # RTRm is a tool for removing files and directories.
+ PROGRAMS += RTRm
+ RTRm_TEMPLATE = VBoxR3Tool
+ RTRm_SOURCES = RTRm.cpp
+ RTRm_SOURCES += ../VBox/LoadVBoxDDU.cpp
+
+ # RTManifest is a tool for creating and verifying manifest files.
+ PROGRAMS += RTManifest
+ RTManifest_TEMPLATE = VBoxR3Tool
+ RTManifest_SOURCES = RTManifest.cpp
+ RTManifest_SOURCES += ../VBox/LoadVBoxDDU.cpp
+
+ # RTLdrFlt is similar to c++filt, except that it's for VMMR0.r0 stacks.
+ PROGRAMS += RTLdrFlt
+ RTLdrFlt_TEMPLATE = VBoxR3Tool
+ RTLdrFlt_SOURCES = RTLdrFlt.cpp
+
+ # RTFtpServer implements a simple FTP server.
+ PROGRAMS += RTFtpServer
+ RTFtpServer_TEMPLATE = VBoxR3Tool
+ RTFtpServer_SOURCES = RTFtpServer.cpp
+
+ # RTGzip - our gzip clone (for testing the gzip/gunzip streaming code)
+ PROGRAMS += RTGzip
+ RTGzip_TEMPLATE = VBoxR3Tool
+ RTGzip_SOURCES = RTGzip.cpp
+ RTGzip_SOURCES += ../VBox/LoadVBoxDDU.cpp
+
+ ifdef VBOX_WITH_LIBCURL
+ # RTHttp - our http/https fetcher (for testing the http client API).
+ PROGRAMS += RTHttp
+ RTHttp_TEMPLATE = VBoxR3Tool
+ RTHttp_SOURCES = RTHttp.cpp
+ endif
+
+ # RTHttpServer implements a simple HTTP server.
+ PROGRAMS += RTHttpServer
+ RTHttpServer_TEMPLATE = VBoxR3Tool
+ RTHttpServer_SOURCES = RTHttpServer.cpp
+ ifdef IPRT_HTTP_WITH_WEBDAV
+ RTHttpServer_DEFS += IPRT_HTTP_WITH_WEBDAV
+ endif
+
+ # RTLdrCheckImports - import checker.
+ PROGRAMS += RTLdrCheckImports
+ RTLdrCheckImports_TEMPLATE = VBoxR3Tool
+ RTLdrCheckImports_SOURCES = RTLdrCheckImports.cpp
+ RTLdrCheckImports_SOURCES += ../VBox/LoadVBoxDDU.cpp
+
+ # RTMkDir - our mkdir clone.
+ PROGRAMS += RTMkDir
+ RTMkDir_TEMPLATE = VBoxR3Tool
+ RTMkDir_SOURCES = RTMkDir.cpp
+
+ # RTRmDir - our mkdir clone.
+ PROGRAMS += RTRmDir
+ RTRmDir_TEMPLATE = VBoxR3Tool
+ RTRmDir_SOURCES = RTRmDir.cpp
+
+ # RTShutdown - similar (but not identical) to a typical unix shutdown command.
+ PROGRAMS += RTShutdown
+ RTShutdown_TEMPLATE = VBoxR3Tool
+ RTShutdown_SOURCES = RTShutdown.cpp
+
+ # RTTar - our tar clone (for testing the tar/gzip/gunzip streaming code)
+ PROGRAMS += RTTar
+ RTTar_TEMPLATE = VBoxR3Tool
+ RTTar_SOURCES = RTTar.cpp
+ RTTar_SOURCES += ../VBox/LoadVBoxDDU.cpp
+
+ # RTUnzip - our unzip clone (for testing the unzip streaming code)
+ PROGRAMS += RTUnzip
+ RTUnzip_TEMPLATE = VBoxR3Tool
+ RTUnzip_SOURCES = RTUnzip.cpp
+ RTUnzip_SOURCES += ../VBox/LoadVBoxDDU.cpp
+
+ # RTNtDbgHelp - our tar clone (for testing the tar/gzip/gunzip streaming code)
+ PROGRAMS.win += RTNtDbgHelp
+ RTNtDbgHelp_TEMPLATE = VBoxR3Tool
+ RTNtDbgHelp_SOURCES = RTNtDbgHelp.cpp
+
+ # RTDbgSymCache - Symbol cache manager.
+ PROGRAMS += RTDbgSymCache
+ RTDbgSymCache_TEMPLATE = VBoxR3Tool
+ RTDbgSymCache_SOURCES = RTDbgSymCache.cpp
+
+ # RTSignTool - Signing utility.
+ PROGRAMS += RTSignTool
+ RTSignTool_TEMPLATE := VBoxR3Tool
+ RTSignTool_INCS := ../include
+ RTSignTool_SOURCES := RTSignTool.cpp
+ RTSignTool_LIBS = $(PATH_STAGE_LIB)/SUPR3$(VBOX_SUFF_LIB)
+ RTSignTool_LIBS.win = Crypt32.lib NCrypt.lib
+
+ # RTTraceLogTool - Trace log collection and dissection tool.
+ PROGRAMS += RTTraceLogTool
+ RTTraceLogTool_TEMPLATE = VBoxR3Tool
+ RTTraceLogTool_SOURCES = RTTraceLogTool.cpp
+
+ # RTFuzzMaster - Fuzzing master tool.
+ PROGRAMS += RTFuzzMaster
+ RTFuzzMaster_TEMPLATE = VBoxR3Tool
+ RTFuzzMaster_SOURCES = RTFuzzMaster.cpp
+
+ # RTFuzzClient - Fuzzing client tool.
+ PROGRAMS += RTFuzzClient
+ RTFuzzClient_TEMPLATE = VBoxR3Tool
+ RTFuzzClient_SOURCES = RTFuzzClient.cpp
+
+ # RTEfiFatExtract - Extracting single files from a fat EFI binary.
+ PROGRAMS += RTEfiFatExtract
+ RTEfiFatExtract_TEMPLATE = VBoxR3Tool
+ RTEfiFatExtract_SOURCES = RTEfiFatExtract.cpp
+
+ # RTEfiSigDb - EFI signature database management tool.
+ PROGRAMS += RTEfiSigDb
+ RTEfiSigDb_TEMPLATE = VBoxR3Tool
+ RTEfiSigDb_SOURCES = RTEfiSigDb.cpp
+
+ if1of ($(KBUILD_TARGET), darwin linux solaris win)
+ # RTKrnlModInfo - our lsmod/kextstat clone (for testing the RTKrnlMod code).
+ PROGRAMS += RTKrnlModInfo
+ RTKrnlModInfo_TEMPLATE = VBoxR3Tool
+ RTKrnlModInfo_SOURCES = RTKrnlModInfo.cpp
+ endif
+
+endif # !VBOX_ONLY_BUILD
+
+include $(FILE_KBUILD_SUB_FOOTER)
+
diff --git a/src/VBox/Runtime/tools/RTCat.cpp b/src/VBox/Runtime/tools/RTCat.cpp
new file mode 100644
index 00000000..b34204be
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTCat.cpp
@@ -0,0 +1,330 @@
+/* $Id: RTCat.cpp $ */
+/** @file
+ * IPRT - cat like utility.
+ */
+
+/*
+ * Copyright (C) 2017-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/vfs.h>
+
+#include <iprt/buildconfig.h>
+#include <iprt/errcore.h>
+#include <iprt/file.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+#include <iprt/param.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+/**
+ * CAT command options.
+ */
+typedef struct RTCMDCATOPTS
+{
+ bool fShowEnds; /**< -E */
+ bool fShowNonPrinting; /**< -v */
+ bool fShowTabs; /**< -T */
+ bool fSqueezeBlankLines; /**< -s */
+ bool fNumberLines; /**< -n */
+ bool fNumberNonBlankLines; /**< -b */
+ bool fAdvisoryOutputLock; /**< -l */
+ bool fUnbufferedOutput; /**< -u */
+} RTCMDCATOPTS;
+/** Pointer to const CAT options. */
+typedef RTCMDCATOPTS const *PCRTCMDCATOPTS;
+
+
+
+/**
+ * Outputs the source raw.
+ *
+ * @returns Command exit, error messages written using RTMsg*.
+ * @param hVfsOutput The output I/O stream.
+ * @param hVfsSrc The input I/O stream.
+ * @param pszSrc The input name.
+ */
+static RTEXITCODE rtCmdCatShowRaw(RTVFSIOSTREAM hVfsOutput, RTVFSIOSTREAM hVfsSrc, const char *pszSrc)
+{
+ int rc = RTVfsUtilPumpIoStreams(hVfsSrc, hVfsOutput, 0 /*cbBufHint*/);
+ if (RT_SUCCESS(rc))
+ return RTEXITCODE_SUCCESS;
+ return RTMsgErrorExitFailure("Error catting '%s': %Rrc", pszSrc, rc);
+}
+
+
+/**
+ * Outputs the source with complicated formatting.
+ *
+ * @returns Command exit, error messages written using RTMsg*.
+ * @param hVfsOutput The output I/O stream.
+ * @param hVfsSrc The input I/O stream.
+ * @param pszSrc The input name.
+ */
+static RTEXITCODE rtCmdCatShowComplicated(RTVFSIOSTREAM hVfsOutput, RTVFSIOSTREAM hVfsSrc, const char *pszSrc,
+ PCRTCMDCATOPTS pOpts)
+{
+ if (pOpts->fShowEnds)
+ RTMsgWarning("--show-ends is not implemented\n");
+ if (pOpts->fShowTabs)
+ RTMsgWarning("--show-tabs is not implemented\n");
+ if (pOpts->fShowNonPrinting)
+ RTMsgWarning("--show-nonprinting is not implemented\n");
+ if (pOpts->fSqueezeBlankLines)
+ RTMsgWarning("--squeeze-blank is not implemented\n");
+ if (pOpts->fNumberLines)
+ RTMsgWarning("--number is not implemented\n");
+ if (pOpts->fNumberNonBlankLines)
+ RTMsgWarning("--number-nonblank is not implemented\n");
+ return rtCmdCatShowRaw(hVfsOutput, hVfsSrc, pszSrc);
+}
+
+
+/**
+ * Opens the input file.
+ *
+ * @returns Command exit, error messages written using RTMsg*.
+ *
+ * @param pszFile The input filename.
+ * @param phVfsIos Where to return the input stream handle.
+ */
+static RTEXITCODE rtCmdCatOpenInput(const char *pszFile, PRTVFSIOSTREAM phVfsIos)
+{
+ int rc;
+
+ if (!strcmp(pszFile, "-"))
+ {
+ rc = RTVfsIoStrmFromStdHandle(RTHANDLESTD_INPUT,
+ RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_NONE,
+ true /*fLeaveOpen*/,
+ phVfsIos);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("Error opening standard input: %Rrc", rc);
+ }
+ else
+ {
+ uint32_t offError = 0;
+ RTERRINFOSTATIC ErrInfo;
+ rc = RTVfsChainOpenIoStream(pszFile, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_NONE,
+ phVfsIos, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ return RTVfsChainMsgErrorExitFailure("RTVfsChainOpenIoStream", pszFile, rc, offError, &ErrInfo.Core);
+ }
+
+ return RTEXITCODE_SUCCESS;
+
+}
+
+
+/**
+ * A /bin/cat clone.
+ *
+ * @returns Program exit code.
+ *
+ * @param cArgs The number of arguments.
+ * @param papszArgs The argument vector. (Note that this may be
+ * reordered, so the memory must be writable.)
+ */
+RTEXITCODE RTCmdCat(unsigned cArgs, char **papszArgs)
+{
+
+ /*
+ * Parse the command line.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--show-all", 'A', RTGETOPT_REQ_NOTHING },
+ { "--number-nonblanks", 'b', RTGETOPT_REQ_NOTHING },
+ { "--show-ends-and-nonprinting", 'e', RTGETOPT_REQ_NOTHING },
+ { "--show-ends", 'E', RTGETOPT_REQ_NOTHING },
+ { "--advisory-output-lock", 'l', RTGETOPT_REQ_NOTHING },
+ { "--number", 'n', RTGETOPT_REQ_NOTHING },
+ { "--squeeze-blank", 's', RTGETOPT_REQ_NOTHING },
+ { "--show-tabs-and-nonprinting", 't', RTGETOPT_REQ_NOTHING },
+ { "--show-tabs", 'T', RTGETOPT_REQ_NOTHING },
+ { "--unbuffered-output", 'u', RTGETOPT_REQ_NOTHING },
+ { "--show-nonprinting", 'v', RTGETOPT_REQ_NOTHING },
+ };
+
+ RTCMDCATOPTS Opts;
+ Opts.fShowEnds = false;
+ Opts.fShowNonPrinting = false;
+ Opts.fShowTabs = false;
+ Opts.fSqueezeBlankLines = false;
+ Opts.fNumberLines = false;
+ Opts.fNumberNonBlankLines = false;
+ Opts.fAdvisoryOutputLock = false;
+ Opts.fUnbufferedOutput = false;
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ unsigned cProcessed = 0;
+ RTVFSIOSTREAM hVfsOutput = NIL_RTVFSIOSTREAM;
+ int rc = RTVfsIoStrmFromStdHandle(RTHANDLESTD_OUTPUT, RTFILE_O_WRITE | RTFILE_O_OPEN | RTFILE_O_DENY_NONE,
+ true /*fLeaveOpen*/, &hVfsOutput);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTVfsIoStrmFromStdHandle: %Rrc", rc);
+
+ RTGETOPTSTATE GetState;
+ rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1,
+ RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ if (RT_SUCCESS(rc))
+ {
+ bool fContinue = true;
+ do
+ {
+ RTGETOPTUNION ValueUnion;
+ int chOpt = RTGetOpt(&GetState, &ValueUnion);
+ switch (chOpt)
+ {
+ case 0:
+ /*
+ * If we've processed any files we're done. Otherwise take
+ * input from stdin and write the output to stdout.
+ */
+ if (cProcessed > 0)
+ {
+ fContinue = false;
+ break;
+ }
+ ValueUnion.psz = "-";
+ RT_FALL_THRU();
+ case VINF_GETOPT_NOT_OPTION:
+ {
+ RTVFSIOSTREAM hVfsSrc;
+ RTEXITCODE rcExit2 = rtCmdCatOpenInput(ValueUnion.psz, &hVfsSrc);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ {
+ if ( Opts.fShowEnds
+ || Opts.fShowTabs
+ || Opts.fShowNonPrinting
+ || Opts.fSqueezeBlankLines
+ || Opts.fNumberLines
+ || Opts.fNumberNonBlankLines)
+ rcExit2 = rtCmdCatShowComplicated(hVfsOutput, hVfsSrc, ValueUnion.psz, &Opts);
+ else
+ rcExit2 = rtCmdCatShowRaw(hVfsOutput, hVfsSrc, ValueUnion.psz);
+ RTVfsIoStrmRelease(hVfsSrc);
+ }
+ if (rcExit2 != RTEXITCODE_SUCCESS)
+ rcExit = rcExit2;
+ cProcessed++;
+ break;
+ }
+
+ case 'A':
+ Opts.fShowNonPrinting = true;
+ Opts.fShowEnds = true;
+ Opts.fShowTabs = true;
+ break;
+
+ case 'b':
+ Opts.fNumberNonBlankLines = true;
+ break;
+
+ case 'e':
+ Opts.fShowNonPrinting = true;
+ RT_FALL_THRU();
+ case 'E':
+ Opts.fShowEnds = true;
+ break;
+
+ case 'l':
+ Opts.fAdvisoryOutputLock = true;
+ break;
+
+ case 'n':
+ Opts.fNumberLines = true;
+ Opts.fNumberNonBlankLines = false;
+ break;
+
+ case 's':
+ Opts.fSqueezeBlankLines = true;
+ break;
+
+ case 't':
+ Opts.fShowNonPrinting = true;
+ RT_FALL_THRU();
+ case 'T':
+ Opts.fShowTabs = true;
+ break;
+
+ case 'u': /* currently ignored */
+ Opts.fUnbufferedOutput = true;
+ break;
+
+ case 'v':
+ Opts.fShowNonPrinting = true;
+ break;
+
+ case 'h':
+ RTPrintf("Usage: to be written\nOption dump:\n");
+ for (unsigned i = 0; i < RT_ELEMENTS(s_aOptions); i++)
+ RTPrintf(" -%c,%s\n", s_aOptions[i].iShort, s_aOptions[i].pszLong);
+ fContinue = false;
+ break;
+
+ case 'V':
+ RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
+ fContinue = false;
+ break;
+
+ default:
+ rcExit = RTGetOptPrintError(chOpt, &ValueUnion);
+ fContinue = false;
+ break;
+ }
+ } while (fContinue);
+ }
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_SYNTAX, "RTGetOptInit: %Rrc", rc);
+ RTVfsIoStrmRelease(hVfsOutput);
+ return rcExit;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTCmdCat(argc, argv);
+}
+
diff --git a/src/VBox/Runtime/tools/RTChMod.cpp b/src/VBox/Runtime/tools/RTChMod.cpp
new file mode 100644
index 00000000..46ddd6c2
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTChMod.cpp
@@ -0,0 +1,435 @@
+/* $Id: RTChMod.cpp $ */
+/** @file
+ * IPRT - Changes the mode/attributes of a file system object.
+ */
+
+/*
+ * Copyright (C) 2013-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/buildconfig.h>
+#include <iprt/errcore.h>
+#include <iprt/file.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+#include <iprt/vfs.h>
+
+
+/*********************************************************************************************************************************
+* Defined Constants And Macros *
+*********************************************************************************************************************************/
+/** What to clear we all bits are being set. */
+#define RTCHMOD_SET_ALL_MASK (~( RTFS_TYPE_MASK \
+ | RTFS_DOS_NT_ENCRYPTED \
+ | RTFS_DOS_NT_COMPRESSED \
+ | RTFS_DOS_NT_REPARSE_POINT \
+ | RTFS_DOS_NT_SPARSE_FILE \
+ | RTFS_DOS_NT_DEVICE \
+ | RTFS_DOS_DIRECTORY))
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+typedef enum RTCMDCHMODNOISE
+{
+ kRTCmdChModNoise_Quiet,
+ kRTCmdChModNoise_Default,
+ kRTCmdChModNoise_Changes,
+ kRTCmdChModNoise_Verbose
+} RTCMDCHMODNOISE;
+
+
+typedef struct RTCMDCHMODOPTS
+{
+ /** The noise level. */
+ RTCMDCHMODNOISE enmNoiseLevel;
+ /** -R, --recursive */
+ bool fRecursive;
+ /** --preserve-root / --no-preserve-root (don't allow recursion from root). */
+ bool fPreserveRoot;
+ /** Whether to always use the VFS chain API (for testing). */
+ bool fAlwaysUseChainApi;
+ /** Which mode bits to set. */
+ RTFMODE fModeSet;
+ /** Which mode bits to clear. */
+ RTFMODE fModeClear;
+} RTCMDCHMODOPTS;
+
+
+
+/**
+ * Calculates the new file mode.
+ *
+ * @returns New mode mask.
+ * @param pOpts The chmod options.
+ * @param fMode The current file mode.
+ */
+static RTFMODE rtCmdMkModCalcNewMode(RTCMDCHMODOPTS const *pOpts, RTFMODE fMode)
+{
+ fMode &= ~pOpts->fModeClear;
+ fMode |= pOpts->fModeSet;
+ /** @todo do 'X' */
+ return fMode;
+}
+
+
+/**
+ * Changes the file mode of one file system object.
+ *
+ * @returns exit code
+ * @param pOpts The chmod options.
+ * @param pszPath The path to the file system object to change the
+ * file mode of.
+ */
+static RTEXITCODE rtCmdChModOne(RTCMDCHMODOPTS const *pOpts, const char *pszPath)
+{
+ int rc;
+ RTFSOBJINFO ObjInfo;
+ bool fChanges = false;
+ if (!pOpts->fAlwaysUseChainApi && !RTVfsChainIsSpec(pszPath) )
+ {
+ rc = RTPathQueryInfoEx(pszPath, &ObjInfo, RTFSOBJATTRADD_NOTHING, RTPATH_F_FOLLOW_LINK);
+ if (RT_SUCCESS(rc))
+ {
+ RTFMODE fNewMode = rtCmdMkModCalcNewMode(pOpts, ObjInfo.Attr.fMode);
+ fChanges = fNewMode != ObjInfo.Attr.fMode;
+ if (fChanges)
+ {
+ rc = RTPathSetMode(pszPath, fNewMode);
+ if (RT_FAILURE(rc))
+ RTMsgError("RTPathSetMode failed on '%s' with fNewMode=%#x: %Rrc", pszPath, fNewMode, rc);
+ }
+ }
+ else
+ RTMsgError("RTPathQueryInfoEx failed on '%s': %Rrc", pszPath, rc);
+ }
+ else
+ {
+ RTVFSOBJ hVfsObj;
+ uint32_t offError;
+ RTERRINFOSTATIC ErrInfo;
+ rc = RTVfsChainOpenObj(pszPath, RTFILE_O_ACCESS_ATTR_READWRITE | RTFILE_O_DENY_NONE | RTFILE_O_OPEN,
+ RTVFSOBJ_F_OPEN_ANY | RTVFSOBJ_F_CREATE_NOTHING | RTPATH_F_FOLLOW_LINK,
+ &hVfsObj, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTVfsObjQueryInfo(hVfsObj, &ObjInfo, RTFSOBJATTRADD_NOTHING);
+ if (RT_SUCCESS(rc))
+ {
+ RTFMODE fNewMode = rtCmdMkModCalcNewMode(pOpts, ObjInfo.Attr.fMode);
+ fChanges = fNewMode != ObjInfo.Attr.fMode;
+ if (fChanges)
+ {
+ rc = RTVfsObjSetMode(hVfsObj, fNewMode, RTCHMOD_SET_ALL_MASK);
+ if (RT_FAILURE(rc))
+ RTMsgError("RTVfsObjSetMode failed on '%s' with fNewMode=%#x: %Rrc", pszPath, fNewMode, rc);
+ }
+ }
+ else
+ RTVfsChainMsgError("RTVfsObjQueryInfo", pszPath, rc, offError, &ErrInfo.Core);
+ RTVfsObjRelease(hVfsObj);
+ }
+ else
+ RTVfsChainMsgError("RTVfsChainOpenObject", pszPath, rc, offError, &ErrInfo.Core);
+ }
+
+ if (RT_SUCCESS(rc))
+ {
+ if (pOpts->enmNoiseLevel >= (fChanges ? kRTCmdChModNoise_Changes : kRTCmdChModNoise_Verbose))
+ RTPrintf("%s\n", pszPath);
+ return RTEXITCODE_SUCCESS;
+ }
+ return RTEXITCODE_FAILURE;
+}
+
+
+/**
+ * Recursively changes the file mode.
+ *
+ * @returns exit code
+ * @param pOpts The mkdir option.
+ * @param pszPath The path to start changing the mode of.
+ */
+static int rtCmdChModRecursive(RTCMDCHMODOPTS const *pOpts, const char *pszPath)
+{
+ /*
+ * Check if it's a directory first. If not, join the non-recursive code.
+ */
+ int rc;
+ uint32_t offError;
+ RTFSOBJINFO ObjInfo;
+ RTERRINFOSTATIC ErrInfo;
+ bool const fUseChainApi = pOpts->fAlwaysUseChainApi || RTVfsChainIsSpec(pszPath);
+ if (!fUseChainApi)
+ {
+ rc = RTPathQueryInfoEx(pszPath, &ObjInfo, RTFSOBJATTRADD_NOTHING, RTPATH_F_FOLLOW_LINK);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTPathQueryInfoEx failed on '%s': %Rrc", pszPath, rc);
+ }
+ else
+ {
+ rc = RTVfsChainQueryInfo(pszPath, &ObjInfo, RTFSOBJATTRADD_NOTHING, RTPATH_F_FOLLOW_LINK,
+ &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ return RTVfsChainMsgErrorExitFailure("RTVfsChainQueryInfo", pszPath, rc, offError, &ErrInfo.Core);
+ }
+
+ if (!RTFS_IS_DIRECTORY(ObjInfo.Attr.fMode))
+ {
+ /*
+ * Don't bother redoing the above work if its not necessary.
+ */
+ RTFMODE fNewMode = rtCmdMkModCalcNewMode(pOpts, ObjInfo.Attr.fMode);
+ if (fNewMode != ObjInfo.Attr.fMode)
+ return rtCmdChModOne(pOpts, pszPath);
+ if (pOpts->enmNoiseLevel >= kRTCmdChModNoise_Verbose)
+ RTPrintf("%s\n", pszPath);
+ return RTEXITCODE_SUCCESS;
+ }
+
+ /*
+ * For recursion we always use the VFS layer.
+ */
+ RTVFSDIR hVfsDir;
+ if (!fUseChainApi)
+ {
+ rc = RTVfsDirOpenNormal(pszPath, 0 /** @todo write attrib flag*/, &hVfsDir);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTVfsDirOpenNormal failed on '%s': %Rrc", pszPath, rc);
+ }
+ else
+ {
+ rc = RTVfsChainOpenDir(pszPath, 0 /** @todo write attrib flag*/, &hVfsDir, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ return RTVfsChainMsgErrorExitFailure("RTVfsChainQueryInfo", pszPath, rc, offError, &ErrInfo.Core);
+ }
+
+ RTMsgError("Recursion is not yet implemented\n");
+ RTVfsDirRelease(hVfsDir);
+ rc = VERR_NOT_IMPLEMENTED;
+
+ return RT_SUCCESS(rc) ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
+}
+
+
+static RTEXITCODE RTCmdChMod(unsigned cArgs, char **papszArgs)
+{
+ /*
+ * Parse the command line.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ /* operations */
+ { "--recursive", 'R', RTGETOPT_REQ_NOTHING },
+ { "--preserve-root", 'x', RTGETOPT_REQ_NOTHING },
+ { "--no-preserve-root", 'X', RTGETOPT_REQ_NOTHING },
+ { "--changes", 'c', RTGETOPT_REQ_NOTHING },
+ { "--quiet", 'f', RTGETOPT_REQ_NOTHING },
+ { "--silent", 'f', RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--reference", 'Z', RTGETOPT_REQ_NOTHING },
+ { "--always-use-vfs-chain-api", 'A', RTGETOPT_REQ_NOTHING },
+
+ };
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1,
+ RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOpt failed: %Rrc", rc);
+
+ RTCMDCHMODOPTS Opts;
+ Opts.enmNoiseLevel = kRTCmdChModNoise_Default;
+ Opts.fPreserveRoot = false;
+ Opts.fRecursive = false;
+ Opts.fAlwaysUseChainApi = false;
+ Opts.fModeClear = 0;
+ Opts.fModeSet = 0;
+
+ RTGETOPTUNION ValueUnion;
+ while ( (rc = RTGetOpt(&GetState, &ValueUnion)) != 0
+ && rc != VINF_GETOPT_NOT_OPTION)
+ {
+ switch (rc)
+ {
+ case 'R':
+ Opts.fRecursive = true;
+ break;
+
+ case 'x':
+ Opts.fPreserveRoot = true;
+ break;
+ case 'X':
+ Opts.fPreserveRoot = false;
+ break;
+
+ case 'f':
+ Opts.enmNoiseLevel = kRTCmdChModNoise_Quiet;
+ break;
+ case 'c':
+ Opts.enmNoiseLevel = kRTCmdChModNoise_Changes;
+ break;
+ case 'v':
+ Opts.enmNoiseLevel = kRTCmdChModNoise_Verbose;
+ break;
+
+ case 'Z':
+ {
+ RTFSOBJINFO ObjInfo;
+ RTERRINFOSTATIC ErrInfo;
+ uint32_t offError;
+ rc = RTVfsChainQueryInfo(ValueUnion.psz, &ObjInfo,RTFSOBJATTRADD_NOTHING, RTPATH_F_FOLLOW_LINK,
+ &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ return RTVfsChainMsgErrorExitFailure("RTVfsChainQueryInfo", ValueUnion.psz, rc, offError, &ErrInfo.Core);
+ Opts.fModeClear = RTCHMOD_SET_ALL_MASK;
+ Opts.fModeSet = ObjInfo.Attr.fMode & RTCHMOD_SET_ALL_MASK;
+ break;
+ }
+
+ case 'A':
+ Opts.fAlwaysUseChainApi = true;
+ break;
+
+ case 'h':
+ RTPrintf("Usage: %s [options] <mode> <file> [..]\n"
+ "\n"
+ "Options:\n"
+ " -f, --silent, --quiet\n"
+ " -c, --changes\n"
+ " -v, --verbose\n"
+ " Noise level selection.\n"
+ " -R, --recursive\n"
+ " Recurse into directories.\n"
+ " --preserve-root, --no-preserve-root\n"
+ " Whether to allow recursion from the root (default: yes).\n"
+ " --reference <file>\n"
+ " Take mode mask to use from <file> instead of <mode>.\n"
+ "\n"
+ "The <mode> part isn't fully implemented, so only numerical octal notation\n"
+ "works. Prefix the number(s) with 0x to use hexadecimal. There are two forms\n"
+ "of the numerical notation: <SET> and <SET>:<CLEAR>\n"
+ , papszArgs[0]);
+ return RTEXITCODE_SUCCESS;
+
+ case 'V':
+ RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
+ return RTEXITCODE_SUCCESS;
+
+ default:
+
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+ /*
+ * The MODE.
+ */
+ if ( Opts.fModeClear == 0
+ && Opts.fModeSet == 0)
+ {
+ if (rc != VINF_GETOPT_NOT_OPTION)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "No mode change specified.\n");
+
+ char *pszNext;
+ if ( ValueUnion.psz[0] == '0'
+ && (ValueUnion.psz[1] == 'x' || ValueUnion.psz[1] == 'X'))
+ rc = RTStrToUInt32Ex(ValueUnion.psz, &pszNext, 16, &Opts.fModeSet);
+ else
+ rc = RTStrToUInt32Ex(ValueUnion.psz, &pszNext, 8, &Opts.fModeSet);
+ if ( rc != VINF_SUCCESS
+ && (rc != VWRN_TRAILING_CHARS || *pszNext != ':'))
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Unable to parse mode mask: %s\n", ValueUnion.psz);
+ Opts.fModeSet &= RTCHMOD_SET_ALL_MASK;
+
+ if (rc == VINF_SUCCESS)
+ Opts.fModeClear = RTCHMOD_SET_ALL_MASK;
+ else
+ {
+ pszNext++;
+ if ( pszNext[0] == '0'
+ && (pszNext[1] == 'x' || pszNext[1] == 'X'))
+ rc = RTStrToUInt32Ex(pszNext, &pszNext, 16, &Opts.fModeClear);
+ else
+ rc = RTStrToUInt32Ex(pszNext, &pszNext, 8, &Opts.fModeClear);
+ if (rc != VINF_SUCCESS)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Unable to parse mode mask: %s\n", ValueUnion.psz);
+ Opts.fModeClear &= RTCHMOD_SET_ALL_MASK;
+ }
+
+ rc = RTGetOpt(&GetState, &ValueUnion);
+ }
+
+ /*
+ * No files means error.
+ */
+ if (rc != VINF_GETOPT_NOT_OPTION)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No directories specified.\n");
+
+ /*
+ * Work thru the specified dirs.
+ */
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ while (rc == VINF_GETOPT_NOT_OPTION)
+ {
+ if (Opts.fRecursive)
+ rc = rtCmdChModRecursive(&Opts, ValueUnion.psz);
+ else
+ rc = rtCmdChModOne(&Opts, ValueUnion.psz);
+ if (RT_FAILURE(rc))
+ rcExit = RTEXITCODE_FAILURE;
+
+ /* next */
+ rc = RTGetOpt(&GetState, &ValueUnion);
+ }
+ if (rc != 0)
+ rcExit = RTGetOptPrintError(rc, &ValueUnion);
+
+ return rcExit;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTCmdChMod(argc, argv);
+}
+
diff --git a/src/VBox/Runtime/tools/RTCp.cpp b/src/VBox/Runtime/tools/RTCp.cpp
new file mode 100644
index 00000000..0a96d6d0
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTCp.cpp
@@ -0,0 +1,361 @@
+/* $Id: RTCp.cpp $ */
+/** @file
+ * IPRT - cp like utility.
+ */
+
+/*
+ * Copyright (C) 2017-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/vfs.h>
+
+#include <iprt/buildconfig.h>
+#include <iprt/file.h>
+#include <iprt/fs.h>
+#include <iprt/err.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+#include <iprt/mem.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+/**
+ * CAT command options.
+ */
+typedef struct RTCMDCPOPTS
+{
+ /** -v, --verbose. */
+ bool fVerbose;
+
+ /** -H */
+ bool fFollowCommandLineSymlinks;
+
+ /** Set if recursive copy. */
+ bool fRecursive;
+ /** -x, --one-filesystem. */
+ bool fOneFileSystem;
+
+ /** Special --no-replace-nor-trucate hack for basic NTFS write support. */
+ bool fNoReplaceNorTruncate;
+
+ /** Number of sources. */
+ size_t cSources;
+ /** Source files/dirs. */
+ const char **papszSources;
+ /** Destination dir/file. */
+ const char *pszDestination;
+} RTCMDCPOPTS;
+/** Pointer to const CAT options. */
+typedef RTCMDCPOPTS const *PCRTCMDCPOPTS;
+
+
+
+/**
+ * Does the copying, source by source.
+ *
+ * @returns exit code.
+ * @param pOpts Options.
+ */
+static RTEXITCODE rtCmdCpDoIt(PCRTCMDCPOPTS pOpts)
+{
+ /*
+ * Check out what the destination is.
+ */
+/** @todo need to cache + share VFS chain elements here! */
+ RTERRINFOSTATIC ErrInfo;
+ uint32_t offError;
+ RTFSOBJINFO DstObjInfo;
+ int rc = RTVfsChainQueryInfo(pOpts->pszDestination, &DstObjInfo, RTFSOBJATTRADD_UNIX, RTPATH_F_FOLLOW_LINK,
+ &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ if (pOpts->cSources > 1 && !RTFS_IS_DIRECTORY(DstObjInfo.Attr.fMode))
+ return RTMsgErrorExitFailure("Mutiple files to copy and destination is not a directory!");
+ }
+ else if (rc != VERR_FILE_NOT_FOUND)
+ return RTVfsChainMsgErrorExitFailure("RTVfsChainQueryInfo", pOpts->pszDestination, rc, offError, &ErrInfo.Core);
+ else
+ RT_ZERO(DstObjInfo);
+#if !RT_GNUC_PREREQ(8,2) || RT_GNUC_PREREQ(8,3) /* GCC 8.2 produces a tautological compare warning/error here. */
+ AssertCompile(!RTFS_IS_DIRECTORY(0));
+#endif
+
+ /*
+ * Process the sources.
+ */
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ for (size_t iSrc = 0; iSrc < pOpts->cSources; iSrc++)
+ {
+ const char *pszSrc = pOpts->papszSources[iSrc];
+ RTFSOBJINFO SrcObjInfo;
+ RT_ZERO(SrcObjInfo);
+ rc = RTVfsChainQueryInfo(pszSrc, &SrcObjInfo, RTFSOBJATTRADD_UNIX,
+ pOpts->fFollowCommandLineSymlinks ? RTPATH_F_FOLLOW_LINK : RTPATH_F_ON_LINK,
+ &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ {
+ rcExit = RTVfsChainMsgErrorExitFailure("RTVfsChainQueryInfo", pszSrc, rc, offError, &ErrInfo.Core);
+ continue;
+ }
+
+ /*
+ * Regular file.
+ */
+ if (RTFS_IS_FILE(SrcObjInfo.Attr.fMode))
+ {
+ /* Open source. */
+ RTVFSFILE hVfsSrc;
+ rc = RTVfsChainOpenFile(pszSrc, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_NONE,
+ &hVfsSrc, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ /* Make destination name if necessary and open destination.
+ Note! RTFILE_O_READ needed for VFS chains. */
+ char szDstPath[RTPATH_MAX];
+ const char *pszDst = pOpts->pszDestination;
+ if (RTFS_IS_DIRECTORY(DstObjInfo.Attr.fMode))
+ {
+ rc = RTPathJoin(szDstPath, sizeof(szDstPath), pszDst, RTPathFilename(pszSrc));
+ pszDst = szDstPath;
+ }
+ if (RT_SUCCESS(rc))
+ {
+ RTVFSFILE hVfsDst;
+ uint64_t fDstFlags = (pOpts->fNoReplaceNorTruncate ? RTFILE_O_OPEN_CREATE : RTFILE_O_CREATE_REPLACE)
+ | RTFILE_O_READWRITE | RTFILE_O_DENY_WRITE | (0666 << RTFILE_O_CREATE_MODE_SHIFT);
+ rc = RTVfsChainOpenFile(pszDst, fDstFlags, &hVfsDst, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ /* Copy the bytes. */
+ RTVFSIOSTREAM hVfsIosSrc = RTVfsFileToIoStream(hVfsSrc);
+ RTVFSIOSTREAM hVfsIosDst = RTVfsFileToIoStream(hVfsDst);
+
+ rc = RTVfsUtilPumpIoStreams(hVfsIosSrc, hVfsIosDst, 0);
+
+ if (RT_SUCCESS(rc))
+ {
+ if (pOpts->fVerbose)
+ RTPrintf("'%s' -> '%s'\n", pszSrc, pszDst);
+ }
+ else
+ rcExit = RTMsgErrorExitFailure("RTVfsUtilPumpIoStreams failed for '%s' -> '%s': %Rrc",
+ pszSrc, pszDst, rc);
+ RTVfsIoStrmRelease(hVfsIosSrc);
+ RTVfsIoStrmRelease(hVfsIosDst);
+ RTVfsFileRelease(hVfsDst);
+ }
+ else
+ rcExit = RTVfsChainMsgErrorExitFailure("RTVfsChainOpenFile", pszDst, rc, offError, &ErrInfo.Core);
+ }
+ else
+ rcExit = RTMsgErrorExitFailure("Destination path too long for source #%u (%Rrc): %s", iSrc, pszSrc, rc);
+ RTVfsFileRelease(hVfsSrc);
+ }
+ else
+ rcExit = RTVfsChainMsgErrorExitFailure("RTVfsChainOpenFile", pszSrc, rc, offError, &ErrInfo.Core);
+ }
+ /*
+ * Copying a directory requires the -R option to be active.
+ */
+ else if (RTFS_IS_DIRECTORY(SrcObjInfo.Attr.fMode))
+ {
+ if (pOpts->fRecursive)
+ {
+ /** @todo recursive copy */
+ rcExit = RTMsgErrorExitFailure("Recursion not implemented yet!");
+ }
+ else
+ rcExit = RTMsgErrorExitFailure("Source #%u is a directory: %s", iSrc + 1, pszSrc);
+ }
+ /*
+ * We currently don't support copying any other file types.
+ */
+ else
+ rcExit = RTMsgErrorExitFailure("Source #%u neither a file nor a directory: %s", iSrc + 1, pszSrc);
+ }
+ return rcExit;
+}
+
+
+/**
+ * A /bin/cp clone.
+ *
+ * @returns Program exit code.
+ *
+ * @param cArgs The number of arguments.
+ * @param papszArgs The argument vector. (Note that this may be
+ * reordered, so the memory must be writable.)
+ */
+RTEXITCODE RTCmdCp(unsigned cArgs, char **papszArgs)
+{
+
+ /*
+ * Parse the command line.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--archive", 'a', RTGETOPT_REQ_NOTHING },
+ { "--backup", 'B', RTGETOPT_REQ_STRING },
+ { "", 'b', RTGETOPT_REQ_NOTHING },
+ { "--copy-contents", 1024, RTGETOPT_REQ_NOTHING },
+ { "", 'd', RTGETOPT_REQ_NOTHING },
+ { "--no-dereference", 'P', RTGETOPT_REQ_NOTHING },
+ { "--force", 'f', RTGETOPT_REQ_NOTHING },
+ { "", 'H', RTGETOPT_REQ_NOTHING },
+ { "--link", 'l', RTGETOPT_REQ_NOTHING },
+ { "--dereference", 'L', RTGETOPT_REQ_NOTHING },
+ { "", 'p', RTGETOPT_REQ_NOTHING },
+ { "--preserve", 1026, RTGETOPT_REQ_STRING },
+ { "--no-preserve", 1027, RTGETOPT_REQ_STRING },
+ { "--recursive", 'R', RTGETOPT_REQ_NOTHING },
+ { "--remove-destination", 1028, RTGETOPT_REQ_NOTHING },
+ { "--reply", 1029, RTGETOPT_REQ_STRING },
+ { "--sparse", 1030, RTGETOPT_REQ_STRING },
+ { "--strip-trailing-slashes", 1031, RTGETOPT_REQ_NOTHING },
+ { "--symbolic-links", 's', RTGETOPT_REQ_NOTHING },
+ { "--suffix", 'S', RTGETOPT_REQ_STRING },
+ { "--target-directory", 't', RTGETOPT_REQ_STRING },
+ { "--no-target-directory", 'T', RTGETOPT_REQ_NOTHING },
+ { "--update", 'u', RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--one-file-system", 'x', RTGETOPT_REQ_NOTHING },
+ { "--no-replace-nor-trucate", 1032, RTGETOPT_REQ_NOTHING },
+ };
+
+ RTCMDCPOPTS Opts;
+ Opts.fVerbose = false;
+ Opts.fFollowCommandLineSymlinks = false;
+ Opts.fRecursive = false;
+ Opts.fOneFileSystem = false;
+ Opts.fNoReplaceNorTruncate = false;
+ Opts.pszDestination = NULL;
+ Opts.cSources = 0;
+ Opts.papszSources = (const char **)RTMemAllocZ(sizeof(const char *) * (cArgs + 2));
+ AssertReturn(Opts.papszSources, RTEXITCODE_FAILURE);
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1,
+ RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ if (RT_SUCCESS(rc))
+ {
+ bool fContinue = true;
+ do
+ {
+ RTGETOPTUNION ValueUnion;
+ int chOpt = RTGetOpt(&GetState, &ValueUnion);
+ switch (chOpt)
+ {
+ case 0:
+ if (Opts.pszDestination == NULL && Opts.cSources == 0)
+ rcExit = RTMsgErrorExit(RTEXITCODE_SYNTAX, "Missing source and destination");
+ else if (Opts.pszDestination == NULL && Opts.cSources == 1)
+ rcExit = RTMsgErrorExit(RTEXITCODE_SYNTAX, "Missing destination");
+ else if (Opts.pszDestination != NULL && Opts.cSources == 0)
+ rcExit = RTMsgErrorExit(RTEXITCODE_SYNTAX, "Missing source");
+ else
+ {
+ if (Opts.pszDestination == NULL && Opts.cSources > 0)
+ Opts.pszDestination = Opts.papszSources[--Opts.cSources];
+ Assert(Opts.cSources > 0);
+ rcExit = rtCmdCpDoIt(&Opts);
+ }
+ fContinue = false;
+ break;
+
+ case VINF_GETOPT_NOT_OPTION:
+ Assert(Opts.cSources < cArgs);
+ Opts.papszSources[Opts.cSources++] = ValueUnion.psz;
+ break;
+
+ case 'H':
+ Opts.fFollowCommandLineSymlinks = true;
+ break;
+
+ case 'R':
+ Opts.fRecursive = true;
+ break;
+ case 'x':
+ Opts.fOneFileSystem = true;
+ break;
+
+ case 'v':
+ Opts.fVerbose = true;
+ break;
+
+ case 1032:
+ Opts.fNoReplaceNorTruncate = true;
+ break;
+
+ case 'h':
+ RTPrintf("Usage: to be written\nOption dump:\n");
+ for (unsigned i = 0; i < RT_ELEMENTS(s_aOptions); i++)
+ RTPrintf(" -%c,%s\n", s_aOptions[i].iShort, s_aOptions[i].pszLong);
+ fContinue = false;
+ break;
+
+ case 'V':
+ RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
+ fContinue = false;
+ break;
+
+ default:
+ rcExit = RTGetOptPrintError(chOpt, &ValueUnion);
+ fContinue = false;
+ break;
+ }
+ } while (fContinue);
+ }
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_SYNTAX, "RTGetOptInit: %Rrc", rc);
+ RTMemFree(Opts.papszSources);
+ return rcExit;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTCmdCp(argc, argv);
+}
+
diff --git a/src/VBox/Runtime/tools/RTDbgSymCache.cpp b/src/VBox/Runtime/tools/RTDbgSymCache.cpp
new file mode 100644
index 00000000..961cfcac
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTDbgSymCache.cpp
@@ -0,0 +1,1858 @@
+/* $Id: RTDbgSymCache.cpp $ */
+/** @file
+ * IPRT - Debug Symbol Cache Utility.
+ */
+
+/*
+ * Copyright (C) 2013-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/zip.h>
+
+#include <iprt/buildconfig.h>
+#include <iprt/dbg.h>
+#include <iprt/err.h>
+#include <iprt/file.h>
+#include <iprt/formats/mach-o.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/ldr.h>
+#include <iprt/message.h>
+#include <iprt/param.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+#include <iprt/uuid.h>
+#include <iprt/vfs.h>
+#include <iprt/zip.h>
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+/**
+ * Cache file type.
+ */
+typedef enum RTDBGSYMCACHEFILETYPE
+{
+ RTDBGSYMCACHEFILETYPE_INVALID,
+ RTDBGSYMCACHEFILETYPE_DIR,
+ RTDBGSYMCACHEFILETYPE_DIR_FILTER,
+ RTDBGSYMCACHEFILETYPE_DEBUG_FILE,
+ RTDBGSYMCACHEFILETYPE_IMAGE_FILE,
+ RTDBGSYMCACHEFILETYPE_DEBUG_BUNDLE,
+ RTDBGSYMCACHEFILETYPE_IMAGE_BUNDLE,
+ RTDBGSYMCACHEFILETYPE_IGNORE
+} RTDBGSYMCACHEFILETYPE;
+
+
+/**
+ * Configuration for the 'add' command.
+ */
+typedef struct RTDBGSYMCACHEADDCFG
+{
+ bool fRecursive;
+ bool fOverwriteOnConflict;
+ const char *pszFilter;
+ const char *pszCache;
+} RTDBGSYMCACHEADDCFG;
+/** Pointer to a read only 'add' config. */
+typedef RTDBGSYMCACHEADDCFG const *PCRTDBGSYMCACHEADDCFG;
+
+
+/*********************************************************************************************************************************
+* Global Variables *
+*********************************************************************************************************************************/
+/** Bundle suffixes. */
+static const char * const g_apszBundleSuffixes[] =
+{
+ ".kext",
+ ".app",
+ ".framework", /** @todo framework is different. */
+ ".component",
+ ".action",
+ ".caction",
+ ".bundle",
+ ".sourcebundle",
+ ".plugin",
+ ".ppp",
+ ".menu",
+ ".monitorpanel",
+ ".scripting",
+ ".prefPane",
+ ".qlgenerator",
+ ".brailledriver",
+ ".saver",
+ ".SpeechVoice",
+ ".SpeechRecognizer",
+ ".SpeechSynthesizer",
+ ".mdimporter",
+ ".spreporter",
+ ".xpc",
+ NULL
+};
+
+/** Debug bundle suffixes. (Same as above + .dSYM) */
+static const char * const g_apszDSymBundleSuffixes[] =
+{
+ ".kext.dSYM",
+ ".app.dSYM",
+ ".framework.dSYM",
+ ".component.dSYM",
+ ".action.dSYM",
+ ".caction.dSYM",
+ ".bundle.dSYM",
+ ".sourcebundle.dSYM",
+ ".menu.dSYM",
+ ".plugin.dSYM",
+ ".ppp.dSYM",
+ ".monitorpanel.dSYM",
+ ".scripting.dSYM",
+ ".prefPane.dSYM",
+ ".qlgenerator.dSYM",
+ ".brailledriver.dSYM",
+ ".saver.dSYM",
+ ".SpeechVoice.dSYM",
+ ".SpeechRecognizer.dSYM",
+ ".SpeechSynthesizer.dSYM",
+ ".mdimporter.dSYM",
+ ".spreporter.dSYM",
+ ".xpc.dSYM",
+ ".dSYM",
+ NULL
+};
+
+
+/*********************************************************************************************************************************
+* Internal Functions *
+*********************************************************************************************************************************/
+static int rtDbgSymCacheAddDirWorker(char *pszPath, size_t cchPath, PRTDIRENTRYEX pDirEntry, PCRTDBGSYMCACHEADDCFG pCfg);
+
+
+/*********************************************************************************************************************************
+* Global Variables *
+*********************************************************************************************************************************/
+/** Verbositity level. */
+static uint32_t g_iLogLevel = 99;
+
+
+/**
+ * Display the version of the cache program.
+ *
+ * @returns exit code.
+ */
+static RTEXITCODE rtDbgSymCacheVersion(void)
+{
+ RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
+ return RTEXITCODE_SUCCESS;
+}
+
+
+/**
+ * Shows the usage of the cache program.
+ *
+ * @returns Exit code.
+ * @param pszArg0 Program name.
+ * @param pszCommand Command selector, NULL if all.
+ */
+static RTEXITCODE rtDbgSymCacheUsage(const char *pszArg0, const char *pszCommand)
+{
+ if (!pszCommand || !strcmp(pszCommand, "add"))
+ RTPrintf("Usage: %s add [-Rno] <cache-root-dir> <file1[=cache-name]> [fileN..]\n"
+ "\n"
+ "Options:\n"
+ " -R, --recursive\n"
+ " Process directory arguments recursively.\n"
+ " -n, --no-recursive\n"
+ " No recursion. (default)\n"
+ " -o, --overwrite-on-conflict\n"
+ " Overwrite existing cache entry.\n"
+ , RTPathFilename(pszArg0));
+
+
+ if (!pszCommand || !strcmp(pszCommand, "get"))
+ RTPrintf("Usage: %s get <query-options> <cache-options> [--output|-o <path>]\n"
+ "\n"
+ "Query Options:\n"
+ " --for-exe[cutable] <path>\n"
+ " Get debug file for the given executable.\n"
+ " --dwo, --dwarf, --dwarf-external\n"
+ " Get external DWARF debug file. Needs --name and --dwo-crc32.\n"
+ " --dsym\n"
+ " Get DWARF debug file from .dSYM bundle. Needs --uuid or --name.\n"
+ " --dbg\n"
+ " Get NT DBG debug file. Needs --name, --timestamp and --size.\n"
+ " --pdb20\n"
+ " Get PDB 2.0 debug file. Needs --name, --timestamp, --size\n"
+ " and --pdb-age (if non-zero).\n"
+ " --pdb70\n"
+ " Get PDB 7.0 debug file. Needs --name, --uuid, and --pdb-age\n"
+ " (if non-zero).\n"
+ " --macho\n"
+ " Get Mach-O image file. Needs --uuid or --name.\n"
+ " --pe\n"
+ " Get PE image file. Needs --name, --timestamp and --size.\n"
+ " --timestamp, --ts, -t <timestamp>\n"
+ " The timestamp (32-bit) for the file to get. Used with --dbg, --pdb20\n"
+ " and --pe.\n"
+ " --uuid, -u, <uuid>\n"
+ " The UUID for the file to get. Used with --dsym, --pdb70 and --macho\n"
+ " --image-size, --size, -z <size>\n"
+ " The image size (32-bit) for the file to get. Used with --dbg,\n"
+ " --pdb20, --pdb70 and --pe.\n"
+ " --pdb-age, -a <age>\n"
+ " The PDB age (32-bit) for the file to get. Used with --pdb20 and --pdb70.\n"
+ " --dwo-crc32, -c <crc32>\n"
+ " The CRC32 for the file to get. Used with --dwo.\n"
+ " --name, -n <name>\n"
+ " The name (in the cache) of the file to get.\n"
+ "\n"
+ "Debug Cache Options:\n"
+ " --sym-path, -s <path>\n"
+ " Adds the path to the debug configuration, NT style with 'srv*' and\n"
+ " 'cache*' prefixes as well as our own 'rec*' and 'norec*' recursion\n"
+ " prefixes.\n"
+ " --env-prefix, -p <prefix>\n"
+ " The enviornment variable prefix, default is 'IPRT_' making the\n"
+ " symbol path variable 'IPRT_PATH'.\n"
+ " --use-native-paths (default), --no-native-paths\n"
+ " Pick up native symbol paths from the environment.\n"
+ "\n"
+ "Output Options:\n"
+ " --output, -o <path>\n"
+ " The output filename or directory. Directories must end with a\n"
+ " path separator. The default filename that in the cache.\n"
+ "\n"
+ "This is handy for triggering downloading of symbol files from a server. Say\n"
+ "you have the executable but want the corrsponding PDB or .dSYM file:\n"
+ " %s get --for-executable VBoxRT.dll\n"
+ " %s get --for-executable VBoxRT.dylib\n"
+ " "
+ , RTPathFilename(pszArg0), RTPathFilename(pszArg0), RTPathFilename(pszArg0));
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+/**
+ * @callback_method_impl{FNRTDBGCFGLOG}
+ */
+static DECLCALLBACK(void) rtDbgSymCacheLogCallback(RTDBGCFG hDbgCfg, uint32_t iLevel, const char *pszMsg, void *pvUser)
+{
+ RT_NOREF(hDbgCfg, pvUser);
+ if (iLevel <= g_iLogLevel)
+ {
+ size_t cchMsg = strlen(pszMsg);
+ if (cchMsg > 0 && pszMsg[cchMsg - 1] == '\n')
+ RTMsgInfo("[%u] %s", iLevel, pszMsg);
+ else if (cchMsg > 0)
+ RTMsgInfo("[%u] %s\n", iLevel, pszMsg);
+ }
+}
+
+
+/**
+ * Creates a UUID mapping for the file.
+ *
+ * @returns IPRT status code.
+ * @param pszCacheFile The path to the file in the cache.
+ * @param pFileUuid The UUID of the file.
+ * @param pszUuidMapDir The UUID map subdirectory in the cache, if this is
+ * wanted, otherwise NULL.
+ * @param pCfg The configuration.
+ */
+static int rtDbgSymCacheAddCreateUuidMapping(const char *pszCacheFile, PRTUUID pFileUuid,
+ const char *pszUuidMapDir, PCRTDBGSYMCACHEADDCFG pCfg)
+{
+ /*
+ * Create the UUID map entry first, deep.
+ */
+ char szMapPath[RTPATH_MAX];
+ int rc = RTPathJoin(szMapPath, sizeof(szMapPath) - sizeof("/xxxx/yyyy/xxxx/yyyy/xxxx/zzzzzzzzzzzz") + 1,
+ pCfg->pszCache, pszUuidMapDir);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error constructing UUID map path (RTPathJoin): %Rrc", rc);
+
+ size_t cch = strlen(szMapPath);
+ szMapPath[cch] = '-';
+
+ rc = RTUuidToStr(pFileUuid, &szMapPath[cch + 2], sizeof(szMapPath) - cch);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error constructing UUID map path (RTUuidToStr): %Rrc", rc);
+
+ /* Uppercase the whole lot. */
+ RTStrToUpper(&szMapPath[cch + 2]);
+
+ /* Split the first dword in two. */
+ szMapPath[cch + 1] = szMapPath[cch + 2];
+ szMapPath[cch + 2] = szMapPath[cch + 3];
+ szMapPath[cch + 3] = szMapPath[cch + 4];
+ szMapPath[cch + 4] = szMapPath[cch + 5];
+ szMapPath[cch + 5] = '-';
+
+ /*
+ * Create the directories in the path.
+ */
+ for (unsigned i = 0; i < 6; i++, cch += 5)
+ {
+ Assert(szMapPath[cch] == '-');
+ szMapPath[cch] = '\0';
+ if (!RTDirExists(szMapPath))
+ {
+ rc = RTDirCreate(szMapPath, 0755, RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_NOT_CRITICAL);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "RTDirCreate failed on '%s' (UUID map path): %Rrc", szMapPath, rc);
+ }
+ szMapPath[cch] = RTPATH_SLASH;
+ }
+ cch -= 5;
+
+ /*
+ * Calculate a relative path from there to the actual file.
+ */
+ char szLinkTarget[RTPATH_MAX];
+ szMapPath[cch] = '\0';
+ rc = RTPathCalcRelative(szLinkTarget, sizeof(szLinkTarget), szMapPath, false /*fFromFile*/, pszCacheFile);
+ szMapPath[cch] = RTPATH_SLASH;
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Failed to calculate relative path from '%s' to '%s': %Rrc", szMapPath, pszCacheFile, rc);
+
+ /*
+ * If there is already a link there, check if it matches or whether
+ * perhaps it's target doesn't exist.
+ */
+ RTFSOBJINFO ObjInfo;
+ rc = RTPathQueryInfoEx(szMapPath, &ObjInfo, RTFSOBJATTRADD_NOTHING, RTPATH_F_ON_LINK);
+ if (RT_SUCCESS(rc))
+ {
+ if (RTFS_IS_SYMLINK(ObjInfo.Attr.fMode))
+ {
+ rc = RTPathQueryInfoEx(szMapPath, &ObjInfo, RTFSOBJATTRADD_NOTHING, RTPATH_F_FOLLOW_LINK);
+ if (RT_SUCCESS(rc))
+ {
+ char *pszCurTarget = NULL;
+ rc = RTSymlinkReadA(szMapPath, &pszCurTarget);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "UUID map: failed to read existing symlink '%s': %Rrc", szMapPath, rc);
+ if (RTPathCompare(pszCurTarget, szLinkTarget) == 0)
+ RTMsgInfo("UUID map: existing link '%s' has the same target ('%s').", szMapPath, pszCurTarget);
+ else
+ {
+ RTMsgError("UUID map: Existing mapping '%s' pointing to '%s' insted of '%s'",
+ szMapPath, pszCurTarget, szLinkTarget);
+ rc = VERR_ALREADY_EXISTS;
+ }
+ RTStrFree(pszCurTarget);
+ return rc;
+ }
+ else
+ RTMsgInfo("UUID map: replacing dangling link '%s'", szMapPath);
+ RTSymlinkDelete(szMapPath, 0 /*fFlags*/);
+ }
+ else if (RTFS_IS_FILE(ObjInfo.Attr.fMode))
+ return RTMsgErrorRc(VERR_IS_A_FILE,
+ "UUID map: found file at '%s', expect symbolic link or nothing.", szMapPath);
+ else if (RTFS_IS_DIRECTORY(ObjInfo.Attr.fMode))
+ return RTMsgErrorRc(VERR_IS_A_DIRECTORY,
+ "UUID map: found directory at '%s', expect symbolic link or nothing.", szMapPath);
+ else
+ return RTMsgErrorRc(VERR_NOT_SYMLINK,
+ "UUID map: Expected symbolic link or nothing at '%s', found: fMode=%#x",
+ szMapPath, ObjInfo.Attr.fMode);
+ }
+
+ /*
+ * Create the symbolic link.
+ */
+ rc = RTSymlinkCreate(szMapPath, szLinkTarget, RTSYMLINKTYPE_FILE, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Failed to create UUID map symlink '%s' to '%s': %Rrc", szMapPath, szLinkTarget, rc);
+ RTMsgInfo("UUID map: %s => %s", szMapPath, szLinkTarget);
+ return VINF_SUCCESS;
+}
+
+
+/**
+ * Adds a file to the cache.
+ *
+ * @returns IPRT status code.
+ * @param pszSrcPath Path to the source file.
+ * @param pszDstName The name of the destionation file (no path stuff).
+ * @param pszExtraSuff Optional extra suffix. Mach-O dSYM hack.
+ * @param pszDstSubDir The subdirectory to file it under. This is the
+ * stringification of a relatively unique identifier of
+ * the file in question.
+ * @param pAddToUuidMap Optional file UUID that is used to create a UUID map
+ * entry.
+ * @param pszUuidMapDir The UUID map subdirectory in the cache, if this is
+ * wanted, otherwise NULL.
+ * @param pCfg The configuration.
+ */
+static int rtDbgSymCacheAddOneFile(const char *pszSrcPath, const char *pszDstName, const char *pszExtraStuff,
+ const char *pszDstSubDir, PRTUUID pAddToUuidMap, const char *pszUuidMapDir,
+ PCRTDBGSYMCACHEADDCFG pCfg)
+{
+ /*
+ * Build and create the destination path, step by step.
+ */
+ char szDstPath[RTPATH_MAX];
+ int rc = RTPathJoin(szDstPath, sizeof(szDstPath), pCfg->pszCache, pszDstName);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error constructing cache path for '%s': %Rrc", pszSrcPath, rc);
+
+ if (!RTDirExists(szDstPath))
+ {
+ rc = RTDirCreate(szDstPath, 0755, RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_NOT_CRITICAL);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error creating '%s': %Rrc", szDstPath, rc);
+ }
+
+ rc = RTPathAppend(szDstPath, sizeof(szDstPath), pszDstSubDir);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error constructing cache path for '%s': %Rrc", pszSrcPath, rc);
+
+ if (!RTDirExists(szDstPath))
+ {
+ rc = RTDirCreate(szDstPath, 0755, RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_NOT_CRITICAL);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error creating '%s': %Rrc", szDstPath, rc);
+ }
+
+ rc = RTPathAppend(szDstPath, sizeof(szDstPath), pszDstName);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error constructing cache path for '%s': %Rrc", pszSrcPath, rc);
+ if (pszExtraStuff)
+ {
+ rc = RTStrCat(szDstPath, sizeof(szDstPath), pszExtraStuff);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error constructing cache path for '%s': %Rrc", pszSrcPath, rc);
+ }
+
+ /*
+ * If the file exists, we compare the two and throws an error if the doesn't match.
+ */
+ if (RTPathExists(szDstPath))
+ {
+ rc = RTFileCompare(pszSrcPath, szDstPath);
+ if (RT_SUCCESS(rc))
+ {
+ RTMsgInfo("%s is already in the cache.", pszSrcPath);
+ if (pAddToUuidMap && pszUuidMapDir)
+ return rtDbgSymCacheAddCreateUuidMapping(szDstPath, pAddToUuidMap, pszUuidMapDir, pCfg);
+ return VINF_SUCCESS;
+ }
+ if (rc == VERR_NOT_EQUAL)
+ RTMsgInfo("Cache conflict with existing entry '%s' when inserting '%s'.", szDstPath, pszSrcPath);
+ else
+ RTMsgInfo("Error comparing '%s' with '%s': %Rrc", pszSrcPath, szDstPath, rc);
+ if (!pCfg->fOverwriteOnConflict)
+ return rc;
+ }
+
+ /*
+ * The file doesn't exist or we should overwrite it,
+ */
+ RTMsgInfo("Copying '%s' to '%s'...", pszSrcPath, szDstPath);
+ rc = RTFileCopy(pszSrcPath, szDstPath);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error copying '%s' to '%s': %Rrc", pszSrcPath, szDstPath, rc);
+ if (pAddToUuidMap && pszUuidMapDir)
+ return rtDbgSymCacheAddCreateUuidMapping(szDstPath, pAddToUuidMap, pszUuidMapDir, pCfg);
+ return VINF_SUCCESS;
+}
+
+
+/**
+ * Worker that add the image file to the right place.
+ *
+ * @returns IPRT status code.
+ * @param pszPath Path to the image file.
+ * @param pszDstName Add to the cache under this name. Typically the
+ * filename part of @a pszPath.
+ * @param pCfg Configuration data.
+ * @param hLdrMod Image handle.
+ * @param pszExtraSuff Optional extra suffix. Mach-O dSYM hack.
+ * @param pszUuidMapDir Optional UUID map cache directory if the image
+ * should be mapped by UUID.
+ * The map is a Mac OS X debug feature supported by
+ * the two native debuggers gdb and lldb. Look for
+ * descriptions of DBGFileMappedPaths in the
+ * com.apple.DebugSymbols in the user defaults.
+ */
+static int rtDbgSymCacheAddImageFileWorker(const char *pszPath, const char *pszDstName, PCRTDBGSYMCACHEADDCFG pCfg,
+ RTLDRMOD hLdrMod, const char *pszExtrSuff, const char *pszUuidMapDir)
+{
+ /*
+ * Determine which subdirectory to put the files in.
+ */
+ RTUUID Uuid;
+ PRTUUID pUuid = NULL;
+ int rc;
+ char szSubDir[48];
+ RTLDRFMT enmFmt = RTLdrGetFormat(hLdrMod);
+ switch (enmFmt)
+ {
+ case RTLDRFMT_MACHO:
+ {
+ rc = RTLdrQueryProp(hLdrMod, RTLDRPROP_UUID, &Uuid, sizeof(Uuid));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error quering image UUID from image '%s': %Rrc", pszPath, rc);
+
+ rc = RTUuidToStr(&Uuid, szSubDir, sizeof(szSubDir));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error convering UUID for image '%s' to string: %Rrc", pszPath, rc);
+ pUuid = &Uuid;
+ break;
+ }
+
+ case RTLDRFMT_PE:
+ {
+ uint32_t uTimestamp;
+ rc = RTLdrQueryProp(hLdrMod, RTLDRPROP_TIMESTAMP_SECONDS, &uTimestamp, sizeof(uTimestamp));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error quering timestamp from image '%s': %Rrc", pszPath, rc);
+
+ size_t cbImage = RTLdrSize(hLdrMod);
+ if (cbImage == ~(size_t)0)
+ return RTMsgErrorRc(rc, "Error quering size of image '%s': %Rrc", pszPath, rc);
+
+ RTStrPrintf(szSubDir, sizeof(szSubDir), "%08X%x", uTimestamp, cbImage);
+ break;
+ }
+
+ case RTLDRFMT_AOUT:
+ return RTMsgErrorRc(VERR_NOT_SUPPORTED, "Caching of a.out image has not yet been implemented: %s", pszPath);
+ case RTLDRFMT_ELF:
+ return RTMsgErrorRc(VERR_NOT_SUPPORTED, "Caching of ELF image has not yet been implemented: %s", pszPath);
+ case RTLDRFMT_LX:
+ return RTMsgErrorRc(VERR_NOT_SUPPORTED, "Caching of LX image has not yet been implemented: %s", pszPath);
+ default:
+ return RTMsgErrorRc(VERR_NOT_SUPPORTED, "Unknown loader format for '%s': %d", pszPath, enmFmt);
+ }
+
+ /*
+ * Now add it.
+ */
+ return rtDbgSymCacheAddOneFile(pszPath, pszDstName, pszExtrSuff, szSubDir, pUuid, pszUuidMapDir, pCfg);
+}
+
+
+/**
+ * Adds what we think is an image file to the cache.
+ *
+ * @returns IPRT status code.
+ * @param pszPath Path to the image file.
+ * @param pszDstName Add to the cache under this name. Typically the
+ * filename part of @a pszPath.
+ * @param pszExtraSuff Optional extra suffix. Mach-O dSYM hack.
+ * @param pszUuidMapDir The UUID map subdirectory in the cache, if this is
+ * wanted, otherwise NULL.
+ * @param pCfg Configuration data.
+ */
+static int rtDbgSymCacheAddImageFile(const char *pszPath, const char *pszDstName, const char *pszExtraSuff,
+ const char *pszUuidMapDir, PCRTDBGSYMCACHEADDCFG pCfg)
+{
+ RTERRINFOSTATIC ErrInfo;
+
+ /*
+ * Use the loader to open the alleged image file. We need to open it with
+ * arch set to amd64 and x86_32 in order to handle FAT images from the mac
+ * guys (we should actually enumerate archs, but that's currently not
+ * implemented nor necessary for our current use).
+ */
+ /* Open it as AMD64. */
+ RTLDRMOD hLdrMod64;
+ int rc = RTLdrOpenEx(pszPath, RTLDR_O_FOR_DEBUG, RTLDRARCH_AMD64, &hLdrMod64, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ {
+ if (rc != VERR_LDR_ARCH_MISMATCH)
+ {
+ if (rc != VERR_INVALID_EXE_SIGNATURE)
+ return RTMsgErrorRc(rc, "RTLdrOpen failed opening '%s' [arch=amd64]: %Rrc%s%s", pszPath, rc,
+ RTErrInfoIsSet(&ErrInfo.Core) ? " - " : "",
+ RTErrInfoIsSet(&ErrInfo.Core) ? ErrInfo.Core.pszMsg : "");
+
+ RTMsgInfo("Skipping '%s', no a recognizable image file...", pszPath);
+ return VINF_SUCCESS;
+ }
+ hLdrMod64 = NIL_RTLDRMOD;
+ }
+
+ /* Open it as X86. */
+ RTLDRMOD hLdrMod32;
+ rc = RTLdrOpenEx(pszPath, RTLDR_O_FOR_DEBUG, RTLDRARCH_X86_32, &hLdrMod32, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ {
+ if (rc != VERR_LDR_ARCH_MISMATCH)
+ {
+ RTLdrClose(hLdrMod64);
+ return RTMsgErrorRc(rc, "RTLdrOpen failed opening '%s' [arch=x86]: %Rrc%s%s", pszPath, rc,
+ RTErrInfoIsSet(&ErrInfo.Core) ? " - " : "",
+ RTErrInfoIsSet(&ErrInfo.Core) ? ErrInfo.Core.pszMsg : "");
+ }
+ hLdrMod32 = NIL_RTLDRMOD;
+ }
+
+ /*
+ * Add the file.
+ */
+ if (hLdrMod32 == NIL_RTLDRMOD)
+ rc = rtDbgSymCacheAddImageFileWorker(pszPath, pszDstName, pCfg, hLdrMod64, pszExtraSuff, pszUuidMapDir);
+ else if (hLdrMod64 == NIL_RTLDRMOD)
+ rc = rtDbgSymCacheAddImageFileWorker(pszPath, pszDstName, pCfg, hLdrMod32, pszExtraSuff, pszUuidMapDir);
+ else
+ {
+ /*
+ * Do we need to add it once or twice?
+ */
+ RTLDRFMT enmFmt = RTLdrGetFormat(hLdrMod32);
+ bool fSame = enmFmt == RTLdrGetFormat(hLdrMod64);
+ if (fSame && enmFmt == RTLDRFMT_MACHO)
+ {
+ RTUUID Uuid32, Uuid64;
+ int rc32 = RTLdrQueryProp(hLdrMod32, RTLDRPROP_UUID, &Uuid32, sizeof(Uuid32));
+ int rc64 = RTLdrQueryProp(hLdrMod64, RTLDRPROP_UUID, &Uuid64, sizeof(Uuid64));
+ fSame = RT_SUCCESS(rc32) == RT_SUCCESS(rc64);
+ if (fSame && RT_SUCCESS(rc32))
+ fSame = RTUuidCompare(&Uuid32, &Uuid64) == 0;
+ }
+ else if (fSame && enmFmt == RTLDRFMT_PE)
+ {
+ fSame = RTLdrSize(hLdrMod32) == RTLdrSize(hLdrMod64);
+ if (fSame)
+ {
+ uint32_t uTimestamp32, uTimestamp64;
+ int rc32 = RTLdrQueryProp(hLdrMod32, RTLDRPROP_TIMESTAMP_SECONDS, &uTimestamp32, sizeof(uTimestamp32));
+ int rc64 = RTLdrQueryProp(hLdrMod64, RTLDRPROP_TIMESTAMP_SECONDS, &uTimestamp64, sizeof(uTimestamp64));
+ fSame = RT_SUCCESS(rc32) == RT_SUCCESS(rc64);
+ if (fSame && RT_SUCCESS(rc32))
+ fSame = uTimestamp32 == uTimestamp64;
+ }
+ }
+
+ rc = rtDbgSymCacheAddImageFileWorker(pszPath, pszDstName, pCfg, hLdrMod64, pszExtraSuff, pszUuidMapDir);
+ if (!fSame)
+ {
+ /** @todo should symlink or hardlink this second copy. */
+ int rc2 = rtDbgSymCacheAddImageFileWorker(pszPath, pszDstName, pCfg, hLdrMod32, pszExtraSuff, pszUuidMapDir);
+ if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
+ rc = rc2;
+ }
+ }
+
+ RTLdrClose(hLdrMod32);
+ RTLdrClose(hLdrMod64);
+ return VINF_SUCCESS;
+}
+
+
+/**
+ * Worker for rtDbgSymCacheAddDebugFile that adds a Mach-O debug file to the
+ * cache.
+ *
+ * @returns IPRT status code
+ * @param pszPath The path to the PDB file.
+ * @param pszDstName Add to the cache under this name. Typically the
+ * filename part of @a pszPath.
+ * @param pCfg The configuration.
+ * @param hFile Handle to the file.
+ */
+static int rtDbgSymCacheAddDebugMachO(const char *pszPath, const char *pszDstName, PCRTDBGSYMCACHEADDCFG pCfg)
+{
+ /* This shouldn't happen, figure out what to do if it does. */
+ RT_NOREF(pCfg, pszDstName);
+ return RTMsgErrorRc(VERR_NOT_IMPLEMENTED,
+ "'%s' is an OS X image file, did you point me to a file inside a .dSYM or .sym file?",
+ pszPath);
+}
+
+
+/**
+ * Worker for rtDbgSymCacheAddDebugFile that adds PDBs to the cace.
+ *
+ * @returns IPRT status code
+ * @param pszPath The path to the PDB file.
+ * @param pszDstName Add to the cache under this name. Typically the
+ * filename part of @a pszPath.
+ * @param pCfg The configuration.
+ * @param hFile Handle to the file.
+ */
+static int rtDbgSymCacheAddDebugPdb(const char *pszPath, const char *pszDstName, PCRTDBGSYMCACHEADDCFG pCfg, RTFILE hFile)
+{
+ RT_NOREF(pCfg, hFile, pszDstName);
+ return RTMsgErrorRc(VERR_NOT_IMPLEMENTED, "PDB support not implemented: '%s'", pszPath);
+}
+
+
+/**
+ * Adds a debug file to the cache.
+ *
+ * @returns IPRT status code
+ * @param pszPath The path to the debug file in question.
+ * @param pszDstName Add to the cache under this name. Typically the
+ * filename part of @a pszPath.
+ * @param pCfg The configuration.
+ */
+static int rtDbgSymCacheAddDebugFile(const char *pszPath, const char *pszDstName, PCRTDBGSYMCACHEADDCFG pCfg)
+{
+ /*
+ * Need to extract an identifier of sorts here in order to put them in
+ * the right place in the cache. Currently only implemnted for Mach-O
+ * files since these use executable containers.
+ *
+ * We take a look at the file header in hope to figure out what to do
+ * with the file.
+ */
+ RTFILE hFile;
+ int rc = RTFileOpen(&hFile, pszPath, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Error opening '%s': %Rrc", pszPath, rc);
+
+ union
+ {
+ uint64_t au64[16];
+ uint32_t au32[16];
+ uint16_t au16[32];
+ uint8_t ab[64];
+ } uBuf;
+ rc = RTFileRead(hFile, &uBuf, sizeof(uBuf), NULL);
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Look for magics and call workers.
+ */
+ if (!memcmp(uBuf.ab, RT_STR_TUPLE("Microsoft C/C++ MSF 7.00")))
+ rc = rtDbgSymCacheAddDebugPdb(pszPath, pszDstName, pCfg, hFile);
+ else if ( uBuf.au32[0] == IMAGE_FAT_SIGNATURE
+ || uBuf.au32[0] == IMAGE_FAT_SIGNATURE_OE
+ || uBuf.au32[0] == IMAGE_MACHO32_SIGNATURE
+ || uBuf.au32[0] == IMAGE_MACHO64_SIGNATURE
+ || uBuf.au32[0] == IMAGE_MACHO32_SIGNATURE_OE
+ || uBuf.au32[0] == IMAGE_MACHO64_SIGNATURE_OE)
+ rc = rtDbgSymCacheAddDebugMachO(pszPath, pszDstName, pCfg);
+ else
+ rc = RTMsgErrorRc(VERR_INVALID_MAGIC, "Unsupported debug file '%s' magic: %#010x", pszPath, uBuf.au32[0]);
+ }
+ else
+ rc = RTMsgErrorRc(rc, "Error reading '%s': %Rrc", pszPath, rc);
+
+ /* close the file. */
+ int rc2 = RTFileClose(hFile);
+ if (RT_FAILURE(rc2))
+ {
+ RTMsgError("Error closing '%s': %Rrc", pszPath, rc2);
+ if (RT_SUCCESS(rc))
+ rc = rc2;
+ }
+ return rc;
+}
+
+
+/**
+ * Constructs the path to the file instide the bundle that we're keen on.
+ *
+ * @returns IPRT status code.
+ * @param pszPath Path to the bundle on input, on successful
+ * return it's the path to the desired file. This
+ * a RTPATH_MAX size buffer.
+ * @param cchPath The length of the path up to the bundle name.
+ * @param cchName The length of the bundle name.
+ * @param pszSubDir The bundle subdirectory the file lives in.
+ * @param papszSuffixes Pointer to an array of bundle suffixes.
+ */
+static int rtDbgSymCacheConstructBundlePath(char *pszPath, size_t cchPath, size_t cchName, const char *pszSubDir,
+ const char * const *papszSuffixes)
+{
+ /*
+ * Calc the name without the bundle extension.
+ */
+ size_t const cchOrgName = cchName;
+ const char *pszEnd = &pszPath[cchPath + cchName];
+ for (unsigned i = 0; papszSuffixes[i]; i++)
+ {
+ Assert(papszSuffixes[i][0] == '.');
+ size_t cchSuff = strlen(papszSuffixes[i]);
+ if ( cchSuff < cchName
+ && !memcmp(&pszEnd[-(ssize_t)cchSuff], papszSuffixes[i], cchSuff))
+ {
+ cchName -= cchSuff;
+ break;
+ }
+ }
+
+ /*
+ * Check the immediate directory first, in case it's layed out like
+ * IOPCIFamily.kext.
+ */
+ int rc = RTPathAppendEx(pszPath, RTPATH_MAX, &pszPath[cchPath], cchName, RTPATH_STR_F_STYLE_HOST);
+ if (RT_FAILURE(rc) || !RTFileExists(pszPath))
+ {
+ /*
+ * Not there, ok then try the given subdirectory + name.
+ */
+ pszPath[cchPath + cchOrgName] = '\0';
+ rc = RTPathAppend(pszPath, RTPATH_MAX, pszSubDir);
+ if (RT_SUCCESS(rc))
+ rc = RTPathAppendEx(pszPath, RTPATH_MAX, &pszPath[cchPath], cchName, RTPATH_STR_F_STYLE_HOST);
+ if (RT_FAILURE(rc))
+ {
+ pszPath[cchPath + cchOrgName] = '\0';
+ return RTMsgErrorRc(rc, "Error constructing image bundle path for '%s': %Rrc", pszPath, rc);
+ }
+ }
+
+ return VINF_SUCCESS;
+}
+
+
+/**
+ * Adds a image bundle of some sort.
+ *
+ * @returns IPRT status code.
+ * @param pszPath Path to the bundle. This a RTPATH_MAX size
+ * buffer that we can write to when creating the
+ * path to the file inside the bundle that we're
+ * interested in.
+ * @param cchPath The length of the path up to the bundle name.
+ * @param cchName The length of the bundle name.
+ * @param pszDstName Add to the cache under this name, NULL if not
+ * specified.
+ * @param pDirEntry The directory entry buffer, for handling bundle
+ * within bundle recursion.
+ * @param pCfg The configuration.
+ */
+static int rtDbgSymCacheAddImageBundle(char *pszPath, size_t cchPath, size_t cchName, const char *pszDstName,
+ PRTDIRENTRYEX pDirEntry, PCRTDBGSYMCACHEADDCFG pCfg)
+{
+ /*
+ * Assuming these are kexts or simple applications, we only add the image
+ * file itself to the cache. No Info.plist or other files.
+ */
+ /** @todo consider looking for Frameworks and handling framework bundles. */
+ int rc = rtDbgSymCacheConstructBundlePath(pszPath, cchPath, cchName, "Contents/MacOS/", g_apszBundleSuffixes);
+ if (RT_SUCCESS(rc))
+ {
+ if (!pszDstName)
+ pszDstName = RTPathFilename(pszPath);
+ rc = rtDbgSymCacheAddImageFile(pszPath, pszDstName, NULL, RTDBG_CACHE_UUID_MAP_DIR_IMAGES, pCfg);
+ }
+
+ /*
+ * Look for plugins and other sub-bundles.
+ */
+ if (pCfg->fRecursive)
+ {
+ static char const * const s_apszSubBundleDirs[] =
+ {
+ "Contents/Plugins/",
+ /** @todo Frameworks ++ */
+ };
+ for (uint32_t i = 0; i < RT_ELEMENTS(s_apszSubBundleDirs); i++)
+ {
+ pszPath[cchPath + cchName] = '\0';
+ int rc2 = RTPathAppend(pszPath, RTPATH_MAX - 1, s_apszSubBundleDirs[i]);
+ if (RT_SUCCESS(rc2))
+ {
+ if (RTDirExists(pszPath))
+ {
+ size_t cchPath2 = strlen(pszPath);
+ if (!RTPATH_IS_SLASH(pszPath[cchPath2 - 1]))
+ {
+ pszPath[cchPath2++] = RTPATH_SLASH;
+ pszPath[cchPath2] = '\0';
+ }
+ rc2 = rtDbgSymCacheAddDirWorker(pszPath, cchPath2, pDirEntry, pCfg);
+ }
+ }
+ else
+ {
+ pszPath[cchPath + cchName] = '\0';
+ RTMsgError("Error constructing bundle subdir path for '%s' + '%s': %Rrc", pszPath, s_apszSubBundleDirs[i], rc);
+ }
+ if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
+ rc = rc2;
+ }
+ }
+
+ return rc;
+}
+
+
+/**
+ * Adds a debug bundle.
+ *
+ * @returns IPRT status code.
+ * @param pszPath Path to the bundle. This a RTPATH_MAX size
+ * buffer that we can write to when creating the
+ * path to the file inside the bundle that we're
+ * interested in.
+ * @param cchPath The length of the path up to the bundle name.
+ * @param cchName The length of the bundle name.
+ * @param pszDstName Add to the cache under this name, NULL if not
+ * specified.
+ * @param pCfg The configuration.
+ */
+static int rtDbgSymCacheAddDebugBundle(char *pszPath, size_t cchPath, size_t cchName, const char *pszDstName,
+ PCRTDBGSYMCACHEADDCFG pCfg)
+{
+ /*
+ * The current policy is not to add the whole .dSYM (or .sym) bundle, but
+ * rather just the dwarf image instide it. The <UUID>.plist and Info.plist
+ * files generally doesn't contain much extra information that's really
+ * necessary, I hope. At least this is what the uuidmap example in the
+ * lldb hints at (it links to the dwarf file, not the .dSYM dir).
+ *
+ * To avoid confusion with a .dSYM bundle, as well as collision with the
+ * image file, we use .dwarf suffix for the file.
+ *
+ * For details on the uuid map see rtDbgSymCacheAddImageFile as well as
+ * http://lldb.llvm.org/symbols.html .
+ *
+ * ASSUMES bundles contains Mach-O DWARF files.
+ */
+ int rc = rtDbgSymCacheConstructBundlePath(pszPath, cchPath, cchName, "Contents/Resources/DWARF/", g_apszDSymBundleSuffixes);
+ if (RT_SUCCESS(rc))
+ {
+ if (!pszDstName)
+ pszDstName = RTPathFilename(pszPath);
+ rc = rtDbgSymCacheAddImageFile(pszPath, pszDstName, RTDBG_CACHE_DSYM_FILE_SUFFIX, RTDBG_CACHE_UUID_MAP_DIR_DSYMS, pCfg);
+ }
+ return rc;
+}
+
+
+/**
+ * Figure the type of a file/dir based on path and FS object info.
+ *
+ * @returns The type.
+ * @param pszPath The path to the file/dir.
+ * @param pObjInfo The object information, symlinks followed.
+ */
+static RTDBGSYMCACHEFILETYPE rtDbgSymCacheFigureType2(const char *pszPath, PCRTFSOBJINFO pObjInfo)
+{
+ const char *pszName = RTPathFilename(pszPath);
+ const char *pszExt = RTPathSuffix(pszName);
+ if (pszExt)
+ pszExt++;
+ else
+ pszExt = "";
+
+ if ( RTFS_IS_DIRECTORY(pObjInfo->Attr.fMode)
+ || (pObjInfo->Attr.fMode & RTFS_DOS_DIRECTORY)) /** @todo OS X samba reports reparse points in /Volumes/ that we cannot resolve. */
+ {
+ /* Skip directories shouldn't bother with. */
+ if ( !RTStrICmp(pszName, ".Trashes")
+ || !RTStrICmp(pszName, ".$RESCYCLE.BIN")
+ || !RTStrICmp(pszName, "System.kext") /* Usually only plugins here, so skip it. */
+ )
+ return RTDBGSYMCACHEFILETYPE_IGNORE;
+
+ /* Directories can also be bundles on the mac. */
+ if (!RTStrICmp(pszExt, "dSYM"))
+ return RTDBGSYMCACHEFILETYPE_DEBUG_BUNDLE;
+
+ for (unsigned i = 0; i < RT_ELEMENTS(g_apszBundleSuffixes) - 1; i++)
+ if (!RTStrICmp(pszExt, &g_apszBundleSuffixes[i][1]))
+ return RTDBGSYMCACHEFILETYPE_IMAGE_BUNDLE;
+
+ return RTDBGSYMCACHEFILETYPE_DIR;
+ }
+
+ if (!RTFS_IS_FILE(pObjInfo->Attr.fMode))
+ return RTDBGSYMCACHEFILETYPE_INVALID;
+
+ /* Select image vs debug info based on extension. */
+ if ( !RTStrICmp(pszExt, "pdb")
+ || !RTStrICmp(pszExt, "dbg")
+ || !RTStrICmp(pszExt, "sym")
+ || !RTStrICmp(pszExt, "dwo")
+ || !RTStrICmp(pszExt, "dwp")
+ || !RTStrICmp(pszExt, "debug")
+ || !RTStrICmp(pszExt, "dsym")
+ || !RTStrICmp(pszExt, "dwarf")
+ || !RTStrICmp(pszExt, "map")
+ || !RTStrICmp(pszExt, "cv"))
+ return RTDBGSYMCACHEFILETYPE_DEBUG_FILE;
+
+ /* Filter out a bunch of files which obviously shouldn't be images. */
+ if ( !RTStrICmp(pszExt, "txt")
+ || !RTStrICmp(pszExt, "html")
+ || !RTStrICmp(pszExt, "htm")
+ || !RTStrICmp(pszExt, "rtf")
+ || !RTStrICmp(pszExt, "zip")
+ || !RTStrICmp(pszExt, "doc")
+ || !RTStrICmp(pszExt, "gz")
+ || !RTStrICmp(pszExt, "bz2")
+ || !RTStrICmp(pszExt, "xz")
+ || !RTStrICmp(pszExt, "kmk")
+ || !RTStrICmp(pszExt, "c")
+ || !RTStrICmp(pszExt, "cpp")
+ || !RTStrICmp(pszExt, "h")
+ || !RTStrICmp(pszExt, "m")
+ || !RTStrICmp(pszExt, "mm")
+ || !RTStrICmp(pszExt, "asm")
+ || !RTStrICmp(pszExt, "S")
+ || !RTStrICmp(pszExt, "inc")
+ || !RTStrICmp(pszExt, "sh")
+ )
+ return RTDBGSYMCACHEFILETYPE_IGNORE;
+ if ( !RTStrICmp(pszName, "Makefile")
+ || !RTStrICmp(pszName, "GNUmakefile")
+ || !RTStrICmp(pszName, "createsymbolfiles")
+ || !RTStrICmp(pszName, "kgmacros")
+ )
+ return RTDBGSYMCACHEFILETYPE_IGNORE;
+
+ return RTDBGSYMCACHEFILETYPE_IMAGE_FILE;
+}
+
+
+/**
+ * Figure file type based on name, will stat the file/dir.
+ *
+ * @returns File type.
+ * @param pszPath The path to the file/dir to figure.
+ */
+static RTDBGSYMCACHEFILETYPE rtDbgSymCacheFigureType(const char *pszPath)
+{
+ const char *pszName = RTPathFilename(pszPath);
+
+ /* Trailing slash. */
+ if (!pszName)
+ return RTDBGSYMCACHEFILETYPE_DIR;
+
+ /* Wildcard means listing directory and filtering. */
+ if (strpbrk(pszName, "?*"))
+ return RTDBGSYMCACHEFILETYPE_DIR_FILTER;
+
+ /* Get object info, following links. */
+ RTFSOBJINFO ObjInfo;
+ int rc = RTPathQueryInfoEx(pszPath, &ObjInfo, RTFSOBJATTRADD_NOTHING, RTPATH_F_FOLLOW_LINK);
+ if (RT_FAILURE(rc))
+ return RTDBGSYMCACHEFILETYPE_INVALID;
+ return rtDbgSymCacheFigureType2(pszPath, &ObjInfo);
+}
+
+
+/**
+ * Recursive worker for rtDbgSymCacheAddDir, for minimal stack wasting.
+ *
+ * @returns IPRT status code (fully bitched).
+ * @param pszPath Pointer to a RTPATH_MAX size buffer containing
+ * the path to the current directory ending with a
+ * slash.
+ * @param cchPath The size of the current directory path.
+ * @param pDirEntry Pointer to the RTDIRENTRYEX structure to use.
+ * @param pCfg The configuration.
+ */
+static int rtDbgSymCacheAddDirWorker(char *pszPath, size_t cchPath, PRTDIRENTRYEX pDirEntry, PCRTDBGSYMCACHEADDCFG pCfg)
+{
+ /*
+ * Open the directory.
+ */
+ RTDIR hDir;
+ int rc, rc2;
+ if (pCfg->pszFilter)
+ {
+ rc = RTStrCopy(&pszPath[cchPath], RTPATH_MAX - cchPath, pCfg->pszFilter);
+ if (RT_FAILURE(rc))
+ {
+ pszPath[cchPath] = '\0';
+ return RTMsgErrorRc(rc, "Filename too long (%Rrc): '%s" RTPATH_SLASH_STR "%s'", rc, pszPath, pCfg->pszFilter);
+ }
+ rc = RTDirOpenFiltered(&hDir, pszPath, RTDIRFILTER_WINNT, 0 /*fFlags*/);
+ }
+ else
+ rc = RTDirOpen(&hDir, pszPath);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "RTDirOpen%s failed on '%s': %Rrc", pCfg->pszFilter ? "Filtered" : "", pszPath, rc);
+
+ /*
+ * Enumerate the files.
+ */
+ for (;;)
+ {
+ rc2 = RTDirReadEx(hDir, pDirEntry, NULL, RTFSOBJATTRADD_NOTHING, RTPATH_F_FOLLOW_LINK);
+ if (RT_FAILURE(rc2))
+ {
+ pszPath[cchPath] = '\0';
+ if (rc2 != VERR_NO_MORE_FILES)
+ {
+ RTMsgError("RTDirReadEx failed in '%s': %Rrc\n", pszPath, rc2);
+ rc = rc2;
+ }
+ break;
+ }
+
+ /* Skip dot and dot-dot. */
+ if (RTDirEntryExIsStdDotLink(pDirEntry))
+ continue;
+
+ /* Construct a full path. */
+ rc = RTStrCopy(&pszPath[cchPath], RTPATH_MAX, pDirEntry->szName);
+ if (RT_FAILURE(rc))
+ {
+ pszPath[cchPath] = '\0';
+ RTMsgError("File name too long in '%s': '%s' (%Rrc)", pszPath, pDirEntry->szName, rc);
+ break;
+ }
+
+ switch (rtDbgSymCacheFigureType2(pszPath, &pDirEntry->Info))
+ {
+ case RTDBGSYMCACHEFILETYPE_DIR:
+ if (!pCfg->fRecursive)
+ RTMsgInfo("Skipping directory '%s'...", pszPath);
+ else
+ {
+ if (cchPath + pDirEntry->cbName + 3 <= RTPATH_MAX)
+ {
+ pszPath[cchPath + pDirEntry->cbName] = RTPATH_SLASH;
+ pszPath[cchPath + pDirEntry->cbName + 1] = '\0';
+ rc2 = rtDbgSymCacheAddDirWorker(pszPath, cchPath + pDirEntry->cbName + 1, pDirEntry, pCfg);
+ }
+ else
+ {
+ RTMsgError("File name too long in '%s': '%s' (%Rrc)", pszPath, pDirEntry->szName, rc);
+ rc2 = VERR_FILENAME_TOO_LONG;
+ }
+ }
+ break;
+
+ case RTDBGSYMCACHEFILETYPE_DEBUG_FILE:
+ rc2 = rtDbgSymCacheAddDebugFile(pszPath, pDirEntry->szName, pCfg);
+ break;
+
+ case RTDBGSYMCACHEFILETYPE_IMAGE_FILE:
+ rc2 = rtDbgSymCacheAddImageFile(pszPath, pDirEntry->szName, NULL /*pszExtraSuff*/, RTDBG_CACHE_UUID_MAP_DIR_IMAGES, pCfg);
+ break;
+
+ case RTDBGSYMCACHEFILETYPE_DEBUG_BUNDLE:
+ rc2 = rtDbgSymCacheAddDebugBundle(pszPath, cchPath, pDirEntry->cbName, NULL /*pszDstName*/, pCfg);
+ break;
+
+ case RTDBGSYMCACHEFILETYPE_IMAGE_BUNDLE:
+ rc2 = rtDbgSymCacheAddImageBundle(pszPath, cchPath, pDirEntry->cbName, NULL /*pszDstName*/, pDirEntry, pCfg);
+ break;
+
+ case RTDBGSYMCACHEFILETYPE_DIR_FILTER:
+ case RTDBGSYMCACHEFILETYPE_INVALID:
+ rc2 = RTMsgErrorRc(VERR_INTERNAL_ERROR_2, "Invalid: '%s'", pszPath);
+ break;
+
+ case RTDBGSYMCACHEFILETYPE_IGNORE:
+ rc2 = VINF_SUCCESS;
+ break;
+ }
+
+ if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
+ rc = rc2;
+ }
+
+ /*
+ * Clean up.
+ */
+ rc2 = RTDirClose(hDir);
+ if (RT_FAILURE(rc2))
+ {
+ RTMsgError("RTDirClose failed in '%s': %Rrc", pszPath, rc);
+ rc = rc2;
+ }
+ return rc;
+}
+
+
+/**
+ * Adds a directory.
+ *
+ * @returns IPRT status code (fully bitched).
+ * @param pszPath The directory path.
+ * @param pCfg The configuration.
+ */
+static int rtDbgSymCacheAddDir(const char *pszPath, PCRTDBGSYMCACHEADDCFG pCfg)
+{
+ /*
+ * Set up the path buffer, stripping any filter.
+ */
+ char szPath[RTPATH_MAX];
+ int rc = RTStrCopy(szPath, sizeof(szPath) - 2, pszPath);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Path too long: '%s'", pszPath);
+
+ size_t cchPath = strlen(pszPath);
+ if (!cchPath)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Path empty: '%s'", pszPath);
+
+ if (pCfg->pszFilter)
+ szPath[cchPath - strlen(pCfg->pszFilter)] = '\0';
+ cchPath = RTPathStripTrailingSlash(szPath);
+ if (!RTPATH_IS_SEP(pszPath[cchPath - 1]))
+ {
+ szPath[cchPath++] = RTPATH_SLASH;
+ szPath[cchPath] = '\0';
+ }
+
+ /*
+ * Let the worker do the rest.
+ */
+ RTDIRENTRYEX DirEntry;
+ return rtDbgSymCacheAddDirWorker(szPath, cchPath, &DirEntry, pCfg);
+}
+
+
+/**
+ * Adds a file or directory.
+ *
+ * @returns Program exit code.
+ * @param pszPath The user supplied path to the file or directory.
+ * @param pszCache The path to the cache.
+ * @param fRecursive Whether to process directories recursively.
+ * @param fOverwriteOnConflict Whether to overwrite existing cache entry on
+ * conflict, or just leave it.
+ */
+static RTEXITCODE rtDbgSymCacheAddFileOrDir(const char *pszPath, const char *pszCache, bool fRecursive,
+ bool fOverwriteOnConflict)
+{
+ RT_NOREF1(fOverwriteOnConflict);
+ RTDBGSYMCACHEADDCFG Cfg;
+ Cfg.fRecursive = fRecursive;
+ Cfg.pszCache = pszCache;
+ Cfg.pszFilter = NULL;
+
+ /* If the filename contains an equal ('=') char, treat the left as the file
+ to add tne right part as the name to add it under (handy for kernels). */
+ char *pszFree = NULL;
+ const char *pszDstName = RTPathFilename(pszPath);
+ const char *pszEqual = pszDstName ? strchr(pszDstName, '=') : NULL;
+ if (pszEqual)
+ {
+ pszPath = pszFree = RTStrDupN(pszPath, pszEqual - pszPath);
+ if (!pszFree)
+ return RTMsgErrorExitFailure("out of memory!\n");
+ pszDstName = pszEqual + 1;
+ if (!*pszDstName)
+ return RTMsgErrorExitFailure("add-as filename is empty!\n");
+ }
+
+ int rc;
+ RTDBGSYMCACHEFILETYPE enmType = rtDbgSymCacheFigureType(pszPath);
+ switch (enmType)
+ {
+ default:
+ case RTDBGSYMCACHEFILETYPE_INVALID:
+ rc = RTMsgErrorRc(VERR_INVALID_PARAMETER, "Invalid: '%s'", pszPath);
+ break;
+
+ case RTDBGSYMCACHEFILETYPE_DIR_FILTER:
+ Cfg.pszFilter = RTPathFilename(pszPath);
+ RT_FALL_THRU();
+ case RTDBGSYMCACHEFILETYPE_DIR:
+ if (!pszEqual)
+ rc = rtDbgSymCacheAddDir(pszPath, &Cfg);
+ else
+ rc = RTMsgErrorRc(VERR_INVALID_PARAMETER, "Add-as filename is not applicable to directories!");
+ break;
+
+ case RTDBGSYMCACHEFILETYPE_DEBUG_FILE:
+ rc = rtDbgSymCacheAddDebugFile(pszPath, pszDstName, &Cfg);
+ break;
+
+ case RTDBGSYMCACHEFILETYPE_IMAGE_FILE:
+ rc = rtDbgSymCacheAddImageFile(pszPath, pszDstName, NULL /*pszExtraSuff*/, RTDBG_CACHE_UUID_MAP_DIR_IMAGES, &Cfg);
+ break;
+
+ case RTDBGSYMCACHEFILETYPE_DEBUG_BUNDLE:
+ case RTDBGSYMCACHEFILETYPE_IMAGE_BUNDLE:
+ {
+ size_t cchPath = strlen(pszPath);
+ size_t cchFilename = strlen(RTPathFilename(pszPath));
+ char szPathBuf[RTPATH_MAX];
+ if (cchPath < sizeof(szPathBuf))
+ {
+ memcpy(szPathBuf, pszPath, cchPath + 1);
+ if (enmType == RTDBGSYMCACHEFILETYPE_DEBUG_BUNDLE)
+ rc = rtDbgSymCacheAddDebugBundle(szPathBuf, cchPath - cchFilename, cchFilename,
+ pszEqual ? pszDstName : NULL, &Cfg);
+ else
+ {
+ RTDIRENTRYEX DirEntry;
+ rc = rtDbgSymCacheAddImageBundle(szPathBuf, cchPath - cchFilename, cchFilename,
+ pszEqual ? pszDstName : NULL, &DirEntry, &Cfg);
+ }
+ }
+ else
+ rc = RTMsgErrorRc(VERR_FILENAME_TOO_LONG, "Filename too long: '%s'", pszPath);
+ break;
+ }
+
+ case RTDBGSYMCACHEFILETYPE_IGNORE:
+ rc = RTMsgErrorRc(VERR_INVALID_PARAMETER, "Invalid file: '%s'", pszPath);
+ break;
+ }
+
+ RTStrFree(pszFree);
+ return RT_SUCCESS(rc) ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
+}
+
+
+/**
+ * Handles the 'add' command.
+ *
+ * @returns Program exit code.
+ * @param pszArg0 The program name.
+ * @param cArgs The number of arguments to the 'add' command.
+ * @param papszArgs The argument vector, starting after 'add'.
+ */
+static RTEXITCODE rtDbgSymCacheCmdAdd(const char *pszArg0, int cArgs, char **papszArgs)
+{
+ /*
+ * Parse the command line.
+ */
+ static RTGETOPTDEF const s_aOptions[] =
+ {
+ { "--recursive", 'R', RTGETOPT_REQ_NOTHING },
+ { "--no-recursive", 'n', RTGETOPT_REQ_NOTHING },
+ { "--overwrite-on-conflict", 'o', RTGETOPT_REQ_NOTHING },
+ };
+
+ const char *pszCache = NULL;
+ bool fRecursive = false;
+ bool fOverwriteOnConflict = false;
+
+ RTGETOPTSTATE State;
+ int rc = RTGetOptInit(&State, cArgs, papszArgs, &s_aOptions[0], RT_ELEMENTS(s_aOptions), 0, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOptInit failed: %Rrc", rc);
+
+ //uint32_t cAdded = 0;
+ RTGETOPTUNION ValueUnion;
+ int chOpt;
+ while ((chOpt = RTGetOpt(&State, &ValueUnion)) != 0)
+ {
+ switch (chOpt)
+ {
+ case 'R':
+ fRecursive = true;
+ break;
+
+ case 'n':
+ fRecursive = false;
+ break;
+
+ case 'o':
+ fOverwriteOnConflict = true;
+ break;
+
+ case VINF_GETOPT_NOT_OPTION:
+ /* The first non-option is a cache directory. */
+ if (!pszCache)
+ {
+ pszCache = ValueUnion.psz;
+ if (!RTPathExists(pszCache))
+ {
+ rc = RTDirCreate(pszCache, 0755, RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_NOT_CRITICAL);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Error creating cache directory '%s': %Rrc", pszCache, rc);
+ }
+ else if (!RTDirExists(pszCache))
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Specified cache directory is not a directory: '%s'", pszCache);
+ }
+ /* Subsequent non-options are files to be added to the cache. */
+ else
+ {
+ RTEXITCODE rcExit = rtDbgSymCacheAddFileOrDir(ValueUnion.psz, pszCache, fRecursive, fOverwriteOnConflict);
+ if (rcExit != RTEXITCODE_FAILURE)
+ return rcExit;
+ }
+ break;
+
+ case 'h':
+ return rtDbgSymCacheUsage(pszArg0, "add");
+ case 'V':
+ return rtDbgSymCacheVersion();
+ default:
+ return RTGetOptPrintError(chOpt, &ValueUnion);
+ }
+ }
+
+ if (!pszCache)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "No cache directory or files to add were specified.");
+ return RTEXITCODE_SUCCESS;
+}
+
+
+/**
+ * Debug info + external path for the 'get' command.
+ */
+typedef struct MYDBGINFO
+{
+ /** The kind of debug info. */
+ RTLDRDBGINFOTYPE enmType;
+ /** The CRC32 of the external file (RTLDRDBGINFOTYPE_DWARF_DWO). */
+ uint32_t uDwoCrc32;
+ /** The PE image size (RTLDRDBGINFOTYPE_CODEVIEW_DBG,
+ * RTLDRDBGINFOTYPE_CODEVIEW_PDB20, RTLDRDBGINFOTYPE_CODEVIEW_PDB70 (,
+ * RTLDRDBGINFOTYPE_CODEVIEW, RTLDRDBGINFOTYPE_COFF)). */
+ uint32_t cbImage;
+ /** Timestamp in seconds since unix epoch (RTLDRDBGINFOTYPE_CODEVIEW_DBG,
+ * RTLDRDBGINFOTYPE_CODEVIEW_PDB20 (, RTLDRDBGINFOTYPE_CODEVIEW,
+ * RTLDRDBGINFOTYPE_COFF)). */
+ uint32_t uTimestamp;
+ /** The PDB age (RTLDRDBGINFOTYPE_CODEVIEW_PDB20, RTLDRDBGINFOTYPE_CODEVIEW_PDB70). */
+ uint32_t uPdbAge;
+ /** The UUID of the PDB or mach-o image (RTLDRDBGINFOTYPE_CODEVIEW_PDB70, +). */
+ RTUUID Uuid;
+ /** External path (can be empty). */
+ char szExtFile[RTPATH_MAX];
+} MYDBGINFO;
+
+/**
+ * @callback_method_impl{FNRTLDRENUMDBG, For the 'get' command.}
+ */
+static DECLCALLBACK(int) rtDbgSymCacheCmdGetForExeDbgInfoCallback(RTLDRMOD hLdrMod, PCRTLDRDBGINFO pDbgInfo, void *pvUser)
+{
+ RT_NOREF(hLdrMod);
+ if (!pDbgInfo->pszExtFile)
+ switch (pDbgInfo->enmType)
+ {
+ case RTLDRDBGINFOTYPE_CODEVIEW_PDB20:
+ case RTLDRDBGINFOTYPE_CODEVIEW_PDB70:
+ case RTLDRDBGINFOTYPE_CODEVIEW_DBG:
+ break;
+ default:
+ return VINF_SUCCESS;
+ }
+
+ /* Copy the info: */
+ MYDBGINFO *pMyInfo = (MYDBGINFO *)pvUser;
+ RT_ZERO(*pMyInfo);
+ pMyInfo->enmType = pDbgInfo->enmType;
+ int rc = VINF_SUCCESS;
+ if (pDbgInfo->pszExtFile)
+ rc = RTStrCopy(pMyInfo->szExtFile, sizeof(pMyInfo->szExtFile), pDbgInfo->pszExtFile);
+
+ switch (pDbgInfo->enmType)
+ {
+ case RTLDRDBGINFOTYPE_DWARF_DWO:
+ pMyInfo->uDwoCrc32 = pDbgInfo->u.Dwo.uCrc32;
+ break;
+
+ case RTLDRDBGINFOTYPE_CODEVIEW:
+ case RTLDRDBGINFOTYPE_COFF:
+ pMyInfo->cbImage = pDbgInfo->u.Cv.cbImage;
+ pMyInfo->uTimestamp = pDbgInfo->u.Cv.uTimestamp;
+ break;
+
+ case RTLDRDBGINFOTYPE_CODEVIEW_DBG:
+ pMyInfo->cbImage = pDbgInfo->u.Dbg.cbImage;
+ pMyInfo->uTimestamp = pDbgInfo->u.Dbg.uTimestamp;
+ break;
+
+ case RTLDRDBGINFOTYPE_CODEVIEW_PDB20:
+ pMyInfo->cbImage = pDbgInfo->u.Pdb20.cbImage;
+ pMyInfo->uTimestamp = pDbgInfo->u.Pdb20.uTimestamp;
+ pMyInfo->uPdbAge = pDbgInfo->u.Pdb20.uAge;
+ break;
+
+ case RTLDRDBGINFOTYPE_CODEVIEW_PDB70:
+ pMyInfo->cbImage = pDbgInfo->u.Pdb70.cbImage;
+ pMyInfo->Uuid = pDbgInfo->u.Pdb70.Uuid;
+ pMyInfo->uPdbAge = pDbgInfo->u.Pdb70.uAge;
+ break;
+
+ default:
+ return VINF_SUCCESS;
+ }
+
+ return rc;
+}
+
+
+/**
+ * @callback_method_impl{FNRTDBGCFGOPEN}
+ */
+static DECLCALLBACK(int) rtDbgSymCacheCmdGetCallback(RTDBGCFG hDbgCfg, const char *pszFilename, void *pvUser1, void *pvUser2)
+{
+ RT_NOREF(hDbgCfg, pvUser2);
+
+ char *pszJoined = NULL;
+ const char *pszOutput = (const char *)pvUser1;
+ if (!pszOutput || *pszOutput == '\0')
+ pszOutput = RTPathFilename(pszFilename);
+ else if (RTPathFilename(pszOutput) == NULL)
+ pszOutput = pszJoined = RTPathJoinA(pszOutput, RTPathFilename(pszFilename));
+
+ if (g_iLogLevel > 0) // --pe --name wintypes.dll --image-size 1388544 --timestamp 0x57F8D9F0
+ RTMsgInfo("Copying '%s' to '%s...", pszFilename, pszOutput);
+ int rc = RTFileCopy(pszFilename, pszOutput);
+ if (RT_FAILURE(rc))
+ {
+ if (rc == VERR_ALREADY_EXISTS)
+ {
+ rc = RTFileCompare(pszFilename, pszOutput);
+ if (RT_SUCCESS(rc))
+ RTMsgInfo("Output '%s' exists and matches '%s'.", pszOutput, pszFilename);
+ else
+ RTMsgError("Output '%s' already exists (does not match '%s')", pszOutput, pszFilename);
+ }
+ else
+ RTMsgError("Copying '%s' to '%s failed: %Rrc", pszFilename, pszOutput, rc);
+ }
+ RTStrFree(pszJoined);
+ if (RT_SUCCESS(rc))
+ return VINF_CALLBACK_RETURN;
+ return rc;
+}
+
+
+/**
+ * Handles the 'get' command.
+ *
+ * @returns Program exit code.
+ * @param pszArg0 The program name.
+ * @param cArgs The number of arguments to the 'add' command.
+ * @param papszArgs The argument vector, starting after 'add'.
+ */
+static RTEXITCODE rtDbgSymCacheCmdGet(const char *pszArg0, int cArgs, char **papszArgs)
+{
+ RTERRINFOSTATIC ErrInfo;
+
+ /*
+ * Parse the command line.
+ */
+ static RTGETOPTDEF const s_aOptions[] =
+ {
+ { "--output", 'o', RTGETOPT_REQ_STRING },
+
+ /* Query: */
+ { "--for-exe", 'e', RTGETOPT_REQ_STRING },
+ { "--for-executable", 'e', RTGETOPT_REQ_STRING },
+ { "--uuid", 'u', RTGETOPT_REQ_UUID },
+ { "--ts", 't', RTGETOPT_REQ_UINT32 },
+ { "--timestamp", 't', RTGETOPT_REQ_UINT32 },
+ { "--size", 'z', RTGETOPT_REQ_UINT32 },
+ { "--image-size", 'z', RTGETOPT_REQ_UINT32 },
+ { "--pdb-age", 'a', RTGETOPT_REQ_UINT32 },
+ { "--dwo-crc32", 'c', RTGETOPT_REQ_UINT32 },
+ { "--name", 'n', RTGETOPT_REQ_STRING },
+
+ { "--dwo", 'd', RTGETOPT_REQ_NOTHING },
+ { "--dwarf", 'd', RTGETOPT_REQ_NOTHING },
+ { "--dwarf-external", 'd', RTGETOPT_REQ_NOTHING },
+ { "--dsym", 'D', RTGETOPT_REQ_NOTHING },
+ { "--dbg", '0', RTGETOPT_REQ_NOTHING },
+ { "--pdb20", '2', RTGETOPT_REQ_NOTHING },
+ { "--pdb70", '7', RTGETOPT_REQ_NOTHING },
+
+ { "--pe", 'P', RTGETOPT_REQ_NOTHING },
+ { "--macho", 'M', RTGETOPT_REQ_NOTHING },
+ { "--elf", 'E', RTGETOPT_REQ_NOTHING },
+
+ /* RTDbgCfg: */
+ { "--env-prefix", 'p', RTGETOPT_REQ_STRING },
+ { "--sym-path", 's', RTGETOPT_REQ_STRING },
+ { "--use-native-paths", 1000, RTGETOPT_REQ_NOTHING },
+ { "--no-native-paths", 1001, RTGETOPT_REQ_NOTHING },
+ };
+
+ RTGETOPTSTATE State;
+ int rc = RTGetOptInit(&State, cArgs, papszArgs, &s_aOptions[0], RT_ELEMENTS(s_aOptions), 0, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOptInit failed: %Rrc", rc);
+
+ const char *pszOutput = NULL;
+
+ bool fGetExeImage = true;
+ const char *pszForExec = NULL;
+ const char *pszName = NULL;
+ RTLDRARCH enmImageArch = RTLDRARCH_WHATEVER;
+ RTLDRFMT enmImageFmt = RTLDRFMT_INVALID;
+ MYDBGINFO DbgInfo;
+ RT_ZERO(DbgInfo);
+
+ const char *pszEnvPrefix = "IPRT_";
+ bool fNativePaths = true;
+ const char *apszSymPaths[12] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL };
+ unsigned cSymPaths = 0;
+
+ RTGETOPTUNION ValueUnion;
+ int chOpt;
+ while ((chOpt = RTGetOpt(&State, &ValueUnion)) != 0)
+ {
+ switch (chOpt)
+ {
+ case 'o':
+ pszOutput = ValueUnion.psz;
+ break;
+
+ /*
+ * Query elements:
+ */
+ case 'z':
+ DbgInfo.cbImage = ValueUnion.u32;
+ break;
+
+ case 't':
+ DbgInfo.uTimestamp = ValueUnion.u32;
+ enmImageFmt = RTLDRFMT_PE;
+ break;
+
+ case 'u':
+ DbgInfo.Uuid = ValueUnion.Uuid;
+ enmImageFmt = RTLDRFMT_MACHO;
+ break;
+
+ case 'a':
+ DbgInfo.uPdbAge = ValueUnion.u32;
+ if (DbgInfo.enmType != RTLDRDBGINFOTYPE_CODEVIEW_PDB20)
+ DbgInfo.enmType = RTLDRDBGINFOTYPE_CODEVIEW_PDB70;
+ break;
+
+ case 'c':
+ DbgInfo.uDwoCrc32 = ValueUnion.u32;
+ DbgInfo.enmType = RTLDRDBGINFOTYPE_DWARF_DWO;
+ break;
+
+ case 'n':
+ pszName = ValueUnion.psz;
+ DbgInfo.szExtFile[0] = '\0';
+ break;
+
+ case 'd':
+ fGetExeImage = false;
+ DbgInfo.enmType = RTLDRDBGINFOTYPE_DWARF_DWO;
+ break;
+
+ case 'D':
+ fGetExeImage = false;
+ DbgInfo.enmType = RTLDRDBGINFOTYPE_DWARF; /* == dSYM */
+ break;
+
+ case '0':
+ fGetExeImage = false;
+ DbgInfo.enmType = RTLDRDBGINFOTYPE_CODEVIEW_DBG;
+ break;
+
+ case '2':
+ fGetExeImage = false;
+ DbgInfo.enmType = RTLDRDBGINFOTYPE_CODEVIEW_PDB20;
+ break;
+
+ case '7':
+ fGetExeImage = false;
+ DbgInfo.enmType = RTLDRDBGINFOTYPE_CODEVIEW_PDB70;
+ break;
+
+ case 'E':
+ fGetExeImage = true;
+ enmImageFmt = RTLDRFMT_ELF;
+ break;
+
+ case 'M':
+ fGetExeImage = true;
+ enmImageFmt = RTLDRFMT_MACHO;
+ break;
+
+ case 'P':
+ fGetExeImage = true;
+ enmImageFmt = RTLDRFMT_PE;
+ break;
+
+ case 'e':
+ {
+ /* Open the executable and retrieve the query parameters from it: */
+ fGetExeImage = false;
+ pszForExec = ValueUnion.psz;
+ if (!pszName)
+ pszName = RTPathFilename(pszForExec);
+
+ RTLDRMOD hLdrMod;
+ rc = RTLdrOpenEx(pszForExec, RTLDR_O_FOR_DEBUG, enmImageArch, &hLdrMod, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("Failed to open image '%s': %Rrc%#RTeim", pszForExec, rc, &ErrInfo);
+
+ DbgInfo.cbImage = (uint32_t)RTLdrSize(hLdrMod);
+ enmImageFmt = RTLdrGetFormat(hLdrMod);
+ if (enmImageFmt == RTLDRFMT_MACHO)
+ {
+ DbgInfo.enmType = RTLDRDBGINFOTYPE_DWARF; /* .dSYM */
+ rc = RTLdrQueryProp(hLdrMod, RTLDRPROP_UUID, &DbgInfo.Uuid, sizeof(DbgInfo.Uuid));
+ if (RT_FAILURE(rc))
+ RTMsgError("Failed to query image UUID from '%s': %Rrc", pszForExec, rc);
+ }
+ else
+ {
+ rc = RTLdrQueryProp(hLdrMod, RTLDRPROP_TIMESTAMP_SECONDS, &DbgInfo.uTimestamp, sizeof(DbgInfo.uTimestamp));
+ if (RT_SUCCESS(rc) || (rc == VERR_NOT_FOUND && enmImageFmt != RTLDRFMT_PE))
+ {
+ RT_ZERO(DbgInfo);
+ rc = RTLdrEnumDbgInfo(hLdrMod, NULL, rtDbgSymCacheCmdGetForExeDbgInfoCallback, &DbgInfo);
+ if (RT_FAILURE(rc))
+ RTMsgError("RTLdrEnumDbgInfo failed on '%s': %Rrc", pszForExec, rc);
+ }
+ else if (RT_FAILURE(rc))
+ RTMsgError("Failed to query image timestamp from '%s': %Rrc", pszForExec, rc);
+ }
+
+ RTLdrClose(hLdrMod);
+ if (RT_FAILURE(rc))
+ return RTEXITCODE_FAILURE;
+ break;
+ }
+
+ /*
+ * RTDbgCfg setup:
+ */
+ case 'p':
+ pszEnvPrefix = ValueUnion.psz;
+ break;
+
+ case 's':
+ if (cSymPaths < RT_ELEMENTS(apszSymPaths))
+ apszSymPaths[cSymPaths++] = ValueUnion.psz;
+ else
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Too many --sym-paths arguments: max %u", RT_ELEMENTS(apszSymPaths));
+ break;
+
+ case 1000:
+ fNativePaths = true;
+ break;
+
+ case 1001:
+ fNativePaths = false;
+ break;
+
+ case 'h':
+ return rtDbgSymCacheUsage(pszArg0, "get");
+ case 'V':
+ return rtDbgSymCacheVersion();
+ default:
+ return RTGetOptPrintError(chOpt, &ValueUnion);
+ }
+ }
+
+ /*
+ * Instantiate the debug config we'll be querying.
+ */
+ RTDBGCFG hDbgCfg;
+ rc = RTDbgCfgCreate(&hDbgCfg, pszEnvPrefix, fNativePaths);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTDbgCfgCreate failed: %Rrc", rc);
+
+ rc = RTDbgCfgSetLogCallback(hDbgCfg, rtDbgSymCacheLogCallback, NULL);
+ AssertRCStmt(rc, RTMsgError("RTDbgCfgSetLogCallback failed: %Rrc", rc));
+
+ for (unsigned i = 0; i < cSymPaths && RT_SUCCESS(rc); i++)
+ {
+ rc = RTDbgCfgChangeString(hDbgCfg, RTDBGCFGPROP_PATH, RTDBGCFGOP_APPEND, apszSymPaths[i]);
+ if (RT_FAILURE(rc))
+ RTMsgError("Failed to append symbol path '%s': %Rrc", apszSymPaths[i], rc);
+ }
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Do the getting.
+ */
+ if (fGetExeImage)
+ {
+ if (enmImageFmt == RTLDRFMT_INVALID)
+ {
+ if (!RTUuidIsNull(&DbgInfo.Uuid))
+ enmImageFmt = RTLDRFMT_MACHO;
+ else if (DbgInfo.cbImage && DbgInfo.uTimestamp)
+ enmImageFmt = RTLDRFMT_PE;
+ else
+ rc = RTMsgErrorRc(VERR_NOT_IMPLEMENTED, "Not enough to go on to find executable");
+ }
+ if (enmImageFmt == RTLDRFMT_PE)
+ rc = RTDbgCfgOpenPeImage(hDbgCfg, pszName, DbgInfo.cbImage, DbgInfo.uTimestamp,
+ rtDbgSymCacheCmdGetCallback, (void *)pszOutput, NULL);
+ else if (enmImageFmt == RTLDRFMT_MACHO)
+ rc = RTDbgCfgOpenMachOImage(hDbgCfg, pszName, &DbgInfo.Uuid,
+ rtDbgSymCacheCmdGetCallback, (void *)pszOutput, NULL);
+ else if (enmImageFmt != RTLDRFMT_INVALID)
+ rc = RTMsgErrorRc(VERR_NOT_IMPLEMENTED, "Format not implemented: %s", RTLdrGetFormat);
+ }
+ else if (DbgInfo.enmType == RTLDRDBGINFOTYPE_CODEVIEW_PDB70)
+ rc = RTDbgCfgOpenPdb70(hDbgCfg, DbgInfo.szExtFile[0] ? DbgInfo.szExtFile : pszName, &DbgInfo.Uuid, DbgInfo.uPdbAge,
+ rtDbgSymCacheCmdGetCallback, (void *)pszOutput, NULL);
+ else if (DbgInfo.enmType == RTLDRDBGINFOTYPE_CODEVIEW_PDB20)
+ rc = RTDbgCfgOpenPdb20(hDbgCfg, DbgInfo.szExtFile[0] ? DbgInfo.szExtFile : pszName, DbgInfo.cbImage,
+ DbgInfo.uTimestamp, DbgInfo.uPdbAge, rtDbgSymCacheCmdGetCallback, (void *)pszOutput, NULL);
+ else if (DbgInfo.enmType == RTLDRDBGINFOTYPE_CODEVIEW_DBG)
+ rc = RTDbgCfgOpenDbg(hDbgCfg, DbgInfo.szExtFile[0] ? DbgInfo.szExtFile : pszName, DbgInfo.cbImage,
+ DbgInfo.uTimestamp, rtDbgSymCacheCmdGetCallback, (void *)pszOutput, NULL);
+ else if (DbgInfo.enmType == RTLDRDBGINFOTYPE_DWARF_DWO)
+ rc = RTDbgCfgOpenDwo(hDbgCfg, DbgInfo.szExtFile[0] ? DbgInfo.szExtFile : pszName, DbgInfo.uDwoCrc32,
+ rtDbgSymCacheCmdGetCallback, (void *)pszOutput, NULL);
+ else if (DbgInfo.enmType == RTLDRDBGINFOTYPE_DWARF)
+ rc = RTDbgCfgOpenDsymBundle(hDbgCfg, DbgInfo.szExtFile[0] ? DbgInfo.szExtFile : pszName, &DbgInfo.Uuid,
+ rtDbgSymCacheCmdGetCallback, (void *)pszOutput, NULL);
+ else
+ rc = RTMsgErrorRc(VERR_NOT_IMPLEMENTED, "Format not implemented");
+ }
+
+ RTDbgCfgRelease(hDbgCfg);
+ return RT_SUCCESS(rc) ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /*
+ * Switch on the command.
+ */
+ RTEXITCODE rcExit = RTEXITCODE_SYNTAX;
+ if (argc < 2)
+ rtDbgSymCacheUsage(argv[0], NULL);
+ else if (!strcmp(argv[1], "add"))
+ rcExit = rtDbgSymCacheCmdAdd(argv[0], argc - 2, argv + 2);
+ else if (!strcmp(argv[1], "get"))
+ rcExit = rtDbgSymCacheCmdGet(argv[0], argc - 2, argv + 2);
+ else if ( !strcmp(argv[1], "-h")
+ || !strcmp(argv[1], "-?")
+ || !strcmp(argv[1], "--help"))
+ rcExit = rtDbgSymCacheUsage(argv[0], NULL);
+ else if ( !strcmp(argv[1], "-V")
+ || !strcmp(argv[1], "--version"))
+ rcExit = rtDbgSymCacheVersion();
+ else
+ RTMsgError("Unknown command: '%s'", argv[1]);
+
+ return rcExit;
+}
+
diff --git a/src/VBox/Runtime/tools/RTDbgSymSrv.cpp b/src/VBox/Runtime/tools/RTDbgSymSrv.cpp
new file mode 100644
index 00000000..4d47086b
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTDbgSymSrv.cpp
@@ -0,0 +1,600 @@
+/* $Id: RTDbgSymSrv.cpp $ */
+/** @file
+ * IPRT - Debug Symbol Server.
+ */
+
+/*
+ * Copyright (C) 2021-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+
+#include <iprt/assert.h>
+#include <iprt/buildconfig.h>
+#include <iprt/err.h>
+#include <iprt/dir.h>
+#include <iprt/env.h>
+#include <iprt/file.h>
+#include <iprt/log.h>
+#include <iprt/getopt.h>
+#include <iprt/http.h>
+#include <iprt/http-server.h>
+#include <iprt/initterm.h>
+#include <iprt/string.h>
+#include <iprt/stream.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/process.h>
+#include <iprt/thread.h>
+#include <iprt/pipe.h>
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+
+
+/*********************************************************************************************************************************
+* Internal Functions *
+*********************************************************************************************************************************/
+static DECLCALLBACK(int) dbgSymSrvOpen(PRTHTTPCALLBACKDATA pData, PRTHTTPSERVERREQ pReq, void **ppvHandle);
+static DECLCALLBACK(int) dbgSymSrvRead(PRTHTTPCALLBACKDATA pData, void *pvHandle, void *pvBuf, size_t cbBuf, size_t *pcbRead);
+static DECLCALLBACK(int) dbgSymSrvClose(PRTHTTPCALLBACKDATA pData, void *pvHandle);
+static DECLCALLBACK(int) dbgSymSrvQueryInfo(PRTHTTPCALLBACKDATA pData, PRTHTTPSERVERREQ pReq, PRTFSOBJINFO pObjInfo, char **ppszMIMEHint);
+static DECLCALLBACK(int) dbgSymSrvDestroy(PRTHTTPCALLBACKDATA pData);
+
+
+/*********************************************************************************************************************************
+* Global Variables *
+*********************************************************************************************************************************/
+/** Flag whether the server was interrupted. */
+static bool g_fCanceled = false;
+/** The symbol cache absolute root. */
+static const char *g_pszSymCacheRoot = NULL;
+/** The path to the pdb.exe. */
+static const char *g_pszPdbExe = NULL;
+/** Symbol server to forward requests to if not found locally. */
+static const char *g_pszSymSrvFwd = NULL;
+#ifndef RT_OS_WINDOWS
+/** The WINEPREFIX to use. */
+static const char *g_pszWinePrefix = NULL;
+/** The path to the wine binary to use for pdb.exe. */
+static const char *g_pszWinePath = NULL;
+#endif
+/** Verbositity level. */
+//static uint32_t g_iLogLevel = 99;
+/** Server callbacks. */
+static RTHTTPSERVERCALLBACKS g_SrvCallbacks =
+{
+ dbgSymSrvOpen,
+ dbgSymSrvRead,
+ dbgSymSrvClose,
+ dbgSymSrvQueryInfo,
+ NULL,
+ NULL,
+ dbgSymSrvDestroy
+};
+
+
+/**
+ * Resolves (and validates) a given URL to an absolute (local) path.
+ *
+ * @returns VBox status code.
+ * @param pszUrl URL to resolve.
+ * @param ppszPathAbs Where to store the resolved absolute path on success.
+ * Needs to be free'd with RTStrFree().
+ * @param ppszPathAbsXml Where to store the resolved absolute path for the converted XML
+ * file. Needs to be free'd with RTStrFree().
+ */
+static int rtDbgSymSrvPathResolve(const char *pszUrl, char **ppszPathAbs, char **ppszPathAbsXml)
+{
+ /* The URL needs to start with /download/symbols/. */
+ if (strncmp(pszUrl, "/download/symbols/", sizeof("/download/symbols/") - 1))
+ return VERR_NOT_FOUND;
+
+ pszUrl += sizeof("/download/symbols/") - 1;
+ /* Construct absolute path. */
+ char *pszPathAbs = NULL;
+ if (RTStrAPrintf(&pszPathAbs, "%s/%s", g_pszSymCacheRoot, pszUrl) <= 0)
+ return VERR_NO_MEMORY;
+
+ if (ppszPathAbsXml)
+ {
+ char *pszPathAbsXml = NULL;
+ if (RTStrAPrintf(&pszPathAbsXml, "%s/%s.xml", g_pszSymCacheRoot, pszUrl) <= 0)
+ return VERR_NO_MEMORY;
+
+ *ppszPathAbsXml = pszPathAbsXml;
+ }
+
+ *ppszPathAbs = pszPathAbs;
+
+ return VINF_SUCCESS;
+}
+
+
+static int rtDbgSymSrvFwdDownload(const char *pszUrl, char *pszPathAbs)
+{
+ RTPrintf("'%s' not in local cache, fetching from '%s'\n", pszPathAbs, g_pszSymSrvFwd);
+
+ char *pszFilename = RTPathFilename(pszPathAbs);
+ char chStart = *pszFilename;
+ *pszFilename = '\0';
+ int rc = RTDirCreateFullPath(pszPathAbs, 0766);
+ if (!RTDirExists(pszPathAbs))
+ {
+ Log(("Error creating cache dir '%s': %Rrc\n", pszPathAbs, rc));
+ return rc;
+ }
+ *pszFilename = chStart;
+
+ char szUrl[_2K];
+ RTHTTP hHttp;
+ rc = RTHttpCreate(&hHttp);
+ if (RT_SUCCESS(rc))
+ {
+ RTHttpUseSystemProxySettings(hHttp);
+ RTHttpSetFollowRedirects(hHttp, 8);
+
+ static const char * const s_apszHeaders[] =
+ {
+ "User-Agent: Microsoft-Symbol-Server/6.6.0999.9",
+ "Pragma: no-cache",
+ };
+
+ rc = RTHttpSetHeaders(hHttp, RT_ELEMENTS(s_apszHeaders), s_apszHeaders);
+ if (RT_SUCCESS(rc))
+ {
+ RTStrPrintf(szUrl, sizeof(szUrl), "%s/%s", g_pszSymSrvFwd, pszUrl + sizeof("/download/symbols/") - 1);
+
+ /** @todo Use some temporary file name and rename it after the operation
+ * since not all systems support read-deny file sharing
+ * settings. */
+ RTPrintf("Downloading '%s' to '%s'...\n", szUrl, pszPathAbs);
+ rc = RTHttpGetFile(hHttp, szUrl, pszPathAbs);
+ if (RT_FAILURE(rc))
+ {
+ RTFileDelete(pszPathAbs);
+ RTPrintf("%Rrc on URL '%s'\n", rc, szUrl);
+ }
+ if (rc == VERR_HTTP_NOT_FOUND)
+ {
+ /* Try the compressed version of the file. */
+ pszPathAbs[strlen(pszPathAbs) - 1] = '_';
+ szUrl[strlen(szUrl) - 1] = '_';
+ RTPrintf("Downloading '%s' to '%s'...\n", szUrl, pszPathAbs);
+ rc = RTHttpGetFile(hHttp, szUrl, pszPathAbs);
+#if 0 /** @todo */
+ if (RT_SUCCESS(rc))
+ rc = rtDbgCfgUnpackMsCacheFile(pThis, pszPathAbs, pszFilename);
+ else
+#endif
+ {
+ RTPrintf("%Rrc on URL '%s'\n", rc, pszPathAbs);
+ RTFileDelete(pszPathAbs);
+ }
+ }
+ }
+
+ RTHttpDestroy(hHttp);
+ }
+
+ return rc;
+}
+
+
+static int rtDbgSymSrvConvertToGhidraXml(char *pszPath, const char *pszFilename)
+{
+ RTPrintf("Converting '%s' to ghidra XML into '%s'\n", pszPath, pszFilename);
+
+ /*
+ * Figuring out the argument list for the platform specific way to call pdb.exe.
+ */
+#ifdef RT_OS_WINDOWS
+ RTENV hEnv = RTENV_DEFAULT;
+ RTPathChangeToDosSlashes(pszPath, false /*fForce*/);
+ const char *papszArgs[] =
+ {
+ g_pszPdbExe,
+ pszPath,
+ NULL
+ };
+
+#else
+ const char *papszArgs[] =
+ {
+ g_pszWinePath,
+ g_pszPdbExe,
+ pszPath,
+ NULL
+ };
+
+ RTENV hEnv;
+ {
+ int rc = RTEnvCreate(&hEnv);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTEnvSetEx(hEnv, "WINEPREFIX", g_pszWinePrefix);
+ if (RT_SUCCESS(rc))
+ rc = RTEnvSetEx(hEnv, "WINEDEBUG", "-all");
+ if (RT_FAILURE(rc))
+ {
+ RTEnvDestroy(hEnv);
+ return rc;
+ }
+ }
+ }
+#endif
+
+ RTPIPE hPipeR, hPipeW;
+ int rc = RTPipeCreate(&hPipeR, &hPipeW, RTPIPE_C_INHERIT_WRITE);
+ if (RT_SUCCESS(rc))
+ {
+ RTHANDLE Handle;
+ Handle.enmType = RTHANDLETYPE_PIPE;
+ Handle.u.hPipe = hPipeW;
+
+ /*
+ * Do the conversion.
+ */
+ RTPROCESS hChild;
+ RTFILE hFile;
+
+ rc = RTFileOpen(&hFile, pszFilename, RTFILE_O_WRITE | RTFILE_O_CREATE_REPLACE | RTFILE_O_DENY_NONE); AssertRC(rc);
+
+ rc = RTProcCreateEx(papszArgs[0], papszArgs, hEnv,
+#if defined(RT_OS_WINDOWS) || defined(RT_OS_OS2)
+ RTPROC_FLAGS_NO_WINDOW | RTPROC_FLAGS_HIDDEN | RTPROC_FLAGS_SEARCH_PATH,
+#else
+ RTPROC_FLAGS_SEARCH_PATH,
+#endif
+ NULL /*phStdIn*/, &Handle, NULL /*phStdErr*/,
+ NULL /*pszAsUser*/, NULL /*pszPassword*/, NULL /*pvExtraData*/,
+ &hChild);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTPipeClose(hPipeW); AssertRC(rc);
+
+ for (;;)
+ {
+ char szOutput[_4K];
+ size_t cbRead;
+ rc = RTPipeReadBlocking(hPipeR, &szOutput[0], sizeof(szOutput), &cbRead);
+ if (RT_FAILURE(rc))
+ {
+ Assert(rc == VERR_BROKEN_PIPE);
+ break;
+ }
+
+ rc = RTFileWrite(hFile, &szOutput[0], cbRead, NULL /*pcbWritten*/); AssertRC(rc);
+ }
+ rc = RTPipeClose(hPipeR); AssertRC(rc);
+
+ RTPROCSTATUS ProcStatus;
+ rc = RTProcWait(hChild, RTPROCWAIT_FLAGS_BLOCK, &ProcStatus);
+ if (RT_SUCCESS(rc))
+ {
+ if ( ProcStatus.enmReason == RTPROCEXITREASON_NORMAL
+ && ProcStatus.iStatus == 0)
+ {
+ if (RTPathExists(pszPath))
+ {
+ RTPrintf("Successfully unpacked '%s' to '%s'.\n", pszPath, pszFilename);
+ rc = VINF_SUCCESS;
+ }
+ else
+ {
+ RTPrintf("Successfully ran unpacker on '%s', but '%s' is missing!\n", pszPath, pszFilename);
+ rc = VERR_FILE_NOT_FOUND;
+ }
+ }
+ else
+ {
+ RTPrintf("Unpacking '%s' failed: iStatus=%d enmReason=%d\n",
+ pszPath, ProcStatus.iStatus, ProcStatus.enmReason);
+ rc = VERR_ZIP_CORRUPTED;
+ }
+ }
+ else
+ RTPrintf("Error waiting for process: %Rrc\n", rc);
+
+ RTFileClose(hFile);
+
+ }
+ else
+ RTPrintf("Error starting unpack process '%s': %Rrc\n", papszArgs[0], rc);
+ }
+
+#ifndef RT_OS_WINDOWS
+ RTEnvDestroy(hEnv);
+#endif
+ return rc;
+}
+
+
+static DECLCALLBACK(int) dbgSymSrvOpen(PRTHTTPCALLBACKDATA pData, PRTHTTPSERVERREQ pReq, void **ppvHandle)
+{
+ RT_NOREF(pData);
+
+ char *pszPathAbs = NULL;
+ char *pszPathAbsXml = NULL;
+ int rc = rtDbgSymSrvPathResolve(pReq->pszUrl, &pszPathAbs, &pszPathAbsXml);
+ if (RT_SUCCESS(rc))
+ {
+ RTFILE hFile;
+ if ( g_pszPdbExe
+ && RTPathExists(pszPathAbsXml))
+ {
+ RTPrintf("Opening '%s'\n", pszPathAbsXml);
+ rc = RTFileOpen(&hFile, pszPathAbsXml, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
+ }
+ else
+ {
+ RTPrintf("Opening '%s'\n", pszPathAbs);
+ rc = RTFileOpen(&hFile, pszPathAbs, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
+ }
+ if (RT_SUCCESS(rc))
+ *ppvHandle = hFile;
+
+ RTStrFree(pszPathAbs);
+ RTStrFree(pszPathAbsXml);
+ }
+
+ LogFlowFuncLeaveRC(rc);
+ return rc;
+}
+
+
+static DECLCALLBACK(int) dbgSymSrvRead(PRTHTTPCALLBACKDATA pData, void *pvHandle, void *pvBuf, size_t cbBuf, size_t *pcbRead)
+{
+ RT_NOREF(pData);
+ return RTFileRead((RTFILE)pvHandle, pvBuf, cbBuf, pcbRead);
+}
+
+
+static DECLCALLBACK(int) dbgSymSrvClose(PRTHTTPCALLBACKDATA pData, void *pvHandle)
+{
+ RT_NOREF(pData);
+ return RTFileClose((RTFILE)pvHandle);
+}
+
+
+static DECLCALLBACK(int) dbgSymSrvQueryInfo(PRTHTTPCALLBACKDATA pData, PRTHTTPSERVERREQ pReq, PRTFSOBJINFO pObjInfo, char **ppszMIMEHint)
+{
+ RT_NOREF(pData, ppszMIMEHint);
+ char *pszPathAbs = NULL;
+ char *pszPathAbsXml = NULL;
+ int rc = rtDbgSymSrvPathResolve(pReq->pszUrl, &pszPathAbs, &pszPathAbsXml);
+ if (RT_SUCCESS(rc))
+ {
+ if ( !RTPathExists(pszPathAbs)
+ && g_pszSymSrvFwd)
+ rc = rtDbgSymSrvFwdDownload(pReq->pszUrl, pszPathAbs);
+
+ if ( RT_SUCCESS(rc)
+ && RTPathExists(pszPathAbs))
+ {
+ const char *pszFile = pszPathAbs;
+
+ if (g_pszPdbExe)
+ {
+ if (!RTPathExists(pszPathAbsXml))
+ rc = rtDbgSymSrvConvertToGhidraXml(pszPathAbs, pszPathAbsXml);
+ if (RT_SUCCESS(rc))
+ pszFile = pszPathAbsXml;
+ }
+
+ if ( RT_SUCCESS(rc)
+ && RTPathExists(pszFile))
+ {
+ rc = RTPathQueryInfo(pszFile, pObjInfo, RTFSOBJATTRADD_NOTHING);
+ if (RT_SUCCESS(rc))
+ {
+ if (!RTFS_IS_FILE(pObjInfo->Attr.fMode))
+ rc = VERR_NOT_SUPPORTED;
+ }
+ }
+ else
+ rc = VERR_FILE_NOT_FOUND;
+ }
+ else
+ rc = VERR_FILE_NOT_FOUND;
+
+ RTStrFree(pszPathAbs);
+ RTStrFree(pszPathAbsXml);
+ }
+
+ LogFlowFuncLeaveRC(rc);
+ return rc;
+}
+
+
+static DECLCALLBACK(int) dbgSymSrvDestroy(PRTHTTPCALLBACKDATA pData)
+{
+ RTPrintf("%s\n", __FUNCTION__);
+ RT_NOREF(pData);
+ return VINF_SUCCESS;
+}
+
+
+/**
+ * Display the version of the server program.
+ *
+ * @returns exit code.
+ */
+static RTEXITCODE rtDbgSymSrvVersion(void)
+{
+ RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
+ return RTEXITCODE_SUCCESS;
+}
+
+
+/**
+ * Shows the usage of the cache program.
+ *
+ * @returns Exit code.
+ * @param pszArg0 Program name.
+ */
+static RTEXITCODE rtDbgSymSrvUsage(const char *pszArg0)
+{
+ RTPrintf("Usage: %s --address <interface> --port <port> --sym-cache <symbol cache root> --pdb-exe <ghidra pdb.exe path>\n"
+ "\n"
+ "Options:\n"
+ " -a, --address\n"
+ " The interface to listen on, default is localhost.\n"
+ " -p, --port\n"
+ " The port to listen on, default is 80.\n"
+ " -c, --sym-cache\n"
+ " The absolute path of the symbol cache.\n"
+ " -x, --pdb-exe\n"
+ " The path of Ghidra's pdb.exe to convert PDB files to XML on the fly.\n"
+ " -f, --sym-srv-forward\n"
+ " The symbol server to forward requests to if a file is not in the local cache\n"
+#ifndef RT_OS_WINDOWS
+ " -w, --wine-prefix\n"
+ " The prefix of the wine environment to use which has msdia140.dll set up for pdb.exe.\n"
+ " -b, --wine-bin\n"
+ " The wine binary path to run pdb.exe with.\n"
+#endif
+ , RTPathFilename(pszArg0));
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /*
+ * Parse the command line.
+ */
+ static RTGETOPTDEF const s_aOptions[] =
+ {
+ { "--address", 'a', RTGETOPT_REQ_STRING },
+ { "--port", 'p', RTGETOPT_REQ_UINT16 },
+ { "--sym-cache", 'c', RTGETOPT_REQ_STRING },
+ { "--pdb-exe", 'x', RTGETOPT_REQ_STRING },
+ { "--sym-srv-forward", 'f', RTGETOPT_REQ_STRING },
+#ifndef RT_OS_WINDOWS
+ { "--wine-prefix", 'w', RTGETOPT_REQ_STRING },
+ { "--wine-bin", 'b', RTGETOPT_REQ_STRING },
+#endif
+ { "--help", 'h', RTGETOPT_REQ_NOTHING },
+ { "--version", 'V', RTGETOPT_REQ_NOTHING },
+ };
+
+ RTGETOPTSTATE State;
+ rc = RTGetOptInit(&State, argc, argv, &s_aOptions[0], RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOptInit failed: %Rrc", rc);
+
+ const char *pszAddress = "localhost";
+ uint16_t uPort = 80;
+
+ RTGETOPTUNION ValueUnion;
+ int chOpt;
+ while ((chOpt = RTGetOpt(&State, &ValueUnion)) != 0)
+ {
+ switch (chOpt)
+ {
+ case 'a':
+ pszAddress = ValueUnion.psz;
+ break;
+ case 'p':
+ uPort = ValueUnion.u16;
+ break;
+ case 'c':
+ g_pszSymCacheRoot = ValueUnion.psz;
+ break;
+ case 'x':
+ g_pszPdbExe = ValueUnion.psz;
+ break;
+ case 'f':
+ g_pszSymSrvFwd = ValueUnion.psz;
+ break;
+#ifndef RT_OS_WINDOWS
+ case 'w':
+ g_pszWinePrefix = ValueUnion.psz;
+ break;
+ case 'b':
+ g_pszWinePath = ValueUnion.psz;
+ break;
+#endif
+
+ case 'h':
+ return rtDbgSymSrvUsage(argv[0]);
+ case 'V':
+ return rtDbgSymSrvVersion();
+ default:
+ return RTGetOptPrintError(chOpt, &ValueUnion);
+ }
+ }
+
+ if (!g_pszSymCacheRoot)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "The symbol cache root needs to be set");
+
+ RTHTTPSERVER hHttpSrv;
+ rc = RTHttpServerCreate(&hHttpSrv, pszAddress, uPort, &g_SrvCallbacks,
+ NULL, 0);
+ if (RT_SUCCESS(rc))
+ {
+ RTPrintf("Starting HTTP server at %s:%RU16 ...\n", pszAddress, uPort);
+ RTPrintf("Root directory is '%s'\n", g_pszSymCacheRoot);
+
+ RTPrintf("Running HTTP server ...\n");
+
+ for (;;)
+ {
+ RTThreadSleep(1000);
+
+ if (g_fCanceled)
+ break;
+ }
+
+ RTPrintf("Stopping HTTP server ...\n");
+
+ int rc2 = RTHttpServerDestroy(hHttpSrv);
+ if (RT_SUCCESS(rc))
+ rc = rc2;
+
+ RTPrintf("Stopped HTTP server\n");
+ }
+ else
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTHttpServerCreate failed: %Rrc", rc);
+
+ return RTEXITCODE_SUCCESS;
+}
+
diff --git a/src/VBox/Runtime/tools/RTEfiFatExtract.cpp b/src/VBox/Runtime/tools/RTEfiFatExtract.cpp
new file mode 100644
index 00000000..6158705f
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTEfiFatExtract.cpp
@@ -0,0 +1,263 @@
+/* $Id: RTEfiFatExtract.cpp $ */
+/** @file
+ * IPRT - Utility for extracting single files from a fat EFI binary.
+ */
+
+/*
+ * Copyright (C) 2019-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/formats/efi-fat.h>
+
+#include <iprt/assert.h>
+#include <iprt/errcore.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/file.h>
+#include <iprt/mem.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+
+
+
+static int efiFatExtractList(const char *pszInput)
+{
+ RTFILE hFile = NIL_RTFILE;
+ int rc = RTFileOpen(&hFile, pszInput, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
+ if (RT_SUCCESS(rc))
+ {
+ EFI_FATHDR Hdr;
+ rc = RTFileReadAt(hFile, 0, &Hdr, sizeof(Hdr), NULL);
+ if (RT_SUCCESS(rc))
+ {
+ if ( RT_LE2H_U32(Hdr.u32Magic) == EFI_FATHDR_MAGIC
+ && RT_LE2H_U32(Hdr.cFilesEmbedded) <= 16 /*Arbitrary number*/)
+ {
+ RTFOFF offRead = sizeof(Hdr);
+
+ for (uint32_t i = 0; i < RT_LE2H_U32(Hdr.cFilesEmbedded); i++)
+ {
+ EFI_FATDIRENTRY Entry;
+ rc = RTFileReadAt(hFile, offRead, &Entry, sizeof(Entry), NULL);
+ if (RT_SUCCESS(rc))
+ {
+ RTPrintf("Entry %u:\n", i);
+ RTPrintf(" CPU Type: %#x\n", RT_LE2H_U32(Entry.u32CpuType));
+ RTPrintf(" CPU Subtype: %#x\n", RT_LE2H_U32(Entry.u32CpuSubType));
+ RTPrintf(" Offset: %#x\n", RT_LE2H_U32(Entry.u32OffsetStart));
+ RTPrintf(" Size: %#x\n", RT_LE2H_U32(Entry.cbFile));
+ RTPrintf(" Alignment: %#x\n", RT_LE2H_U32(Entry.u32Alignment));
+ }
+ else
+ {
+ RTPrintf("Failed to read file entry %u of '%s': %Rrc\n", pszInput, i, rc);
+ break;
+ }
+
+ offRead += sizeof(Entry);
+ }
+ }
+ else
+ {
+ rc = VERR_INVALID_MAGIC;
+ RTPrintf("The header contains invalid values\n");
+ }
+ }
+ else
+ RTPrintf("Failed to read header of '%s': %Rrc\n", pszInput, rc);
+
+ RTFileClose(hFile);
+ }
+ else
+ RTPrintf("Failed to open file '%s': %Rrc\n", pszInput, rc);
+
+ return rc;
+}
+
+
+static int efiFatExtractSave(const char *pszInput, uint32_t idxEntry, const char *pszOut)
+{
+ RTFILE hFile = NIL_RTFILE;
+ int rc = RTFileOpen(&hFile, pszInput, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
+ if (RT_SUCCESS(rc))
+ {
+ EFI_FATHDR Hdr;
+ rc = RTFileReadAt(hFile, 0, &Hdr, sizeof(Hdr), NULL);
+ if (RT_SUCCESS(rc))
+ {
+ if ( RT_LE2H_U32(Hdr.u32Magic) == EFI_FATHDR_MAGIC
+ && RT_LE2H_U32(Hdr.cFilesEmbedded) <= 16 /*Arbitrary number*/)
+ {
+ if (idxEntry < RT_LE2H_U32(Hdr.cFilesEmbedded))
+ {
+ EFI_FATDIRENTRY Entry;
+
+ rc = RTFileReadAt(hFile, sizeof(Hdr) + idxEntry * sizeof(Entry), &Entry, sizeof(Entry), NULL);
+ if (RT_SUCCESS(rc))
+ {
+ void *pvFile = RTMemAllocZ(RT_LE2H_U32(Entry.cbFile));
+ if (RT_LIKELY(pvFile))
+ {
+ rc = RTFileReadAt(hFile, RT_LE2H_U32(Entry.u32OffsetStart), pvFile, RT_LE2H_U32(Entry.cbFile), NULL);
+ if (RT_SUCCESS(rc))
+ {
+ RTFILE hFileOut;
+ rc = RTFileOpen(&hFileOut, pszOut, RTFILE_O_WRITE | RTFILE_O_DENY_WRITE | RTFILE_O_CREATE);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTFileWrite(hFileOut, pvFile, RT_LE2H_U32(Entry.cbFile), NULL);
+ if (RT_FAILURE(rc))
+ RTPrintf("Failed to write output file '%s': %Rrc\n", pszOut, rc);
+ RTFileClose(hFileOut);
+ }
+ else
+ RTPrintf("Failed to create output file '%s': %Rrc\n", pszOut, rc);
+ }
+ else
+ RTPrintf("Failed to read embedded file %u: %Rrc\n", idxEntry, rc);
+
+ RTMemFree(pvFile);
+ }
+ else
+ RTPrintf("Failed to allocate %u bytes of memory\n", RT_LE2H_U32(Entry.cbFile));
+ }
+ else
+ RTPrintf("Failed to read file entry %u of '%s': %Rrc\n", pszInput, idxEntry, rc);
+ }
+ else
+ {
+ rc = VERR_INVALID_PARAMETER;
+ RTPrintf("Given index out of range, maximum is %u\n", RT_LE2H_U32(Hdr.cFilesEmbedded));
+ }
+ }
+ else
+ {
+ rc = VERR_INVALID_MAGIC;
+ RTPrintf("The header contains invalid values\n");
+ }
+ }
+ else
+ RTPrintf("Failed to read header of '%s': %Rrc\n", pszInput, rc);
+
+ RTFileClose(hFile);
+ }
+ else
+ RTPrintf("Failed to open file '%s': %Rrc\n", pszInput, rc);
+
+ return rc;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--input", 'i', RTGETOPT_REQ_STRING },
+ { "--output", 'o', RTGETOPT_REQ_STRING },
+ { "--entry", 'e', RTGETOPT_REQ_UINT32 },
+ { "--help", 'h', RTGETOPT_REQ_NOTHING },
+ { "--version", 'V', RTGETOPT_REQ_NOTHING },
+ };
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ const char *pszInput = NULL;
+ const char *pszOut = NULL;
+ uint32_t idxEntry = UINT32_C(0xffffffff);
+
+ RTGETOPTUNION ValueUnion;
+ RTGETOPTSTATE GetState;
+ RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ while ((rc = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (rc)
+ {
+ case 'h':
+ RTPrintf("Usage: %s [options]\n"
+ "\n"
+ "Options:\n"
+ " -i,--input=<file>\n"
+ " Input file\n"
+ " -e,--entry=<idx>\n"
+ " Selects the entry for saving\n"
+ " -o,--output=file\n"
+ " Save the specified entry to this file\n"
+ " -h, -?, --help\n"
+ " Display this help text and exit successfully.\n"
+ " -V, --version\n"
+ " Display the revision and exit successfully.\n"
+ , RTPathFilename(argv[0]));
+ return RTEXITCODE_SUCCESS;
+ case 'V':
+ RTPrintf("$Revision: 155244 $\n");
+ return RTEXITCODE_SUCCESS;
+
+ case 'i':
+ pszInput = ValueUnion.psz;
+ break;
+ case 'o':
+ pszOut = ValueUnion.psz;
+ break;
+ case 'e':
+ idxEntry = ValueUnion.u32;
+ break;
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+ if (!pszInput)
+ {
+ RTPrintf("An input path must be given\n");
+ return RTEXITCODE_FAILURE;
+ }
+
+ if (!pszOut || idxEntry == UINT32_C(0xffffffff))
+ rc = efiFatExtractList(pszInput);
+ else
+ rc = efiFatExtractSave(pszInput, idxEntry, pszOut);
+ if (RT_FAILURE(rc))
+ rcExit = RTEXITCODE_FAILURE;
+
+ return rcExit;
+}
+
diff --git a/src/VBox/Runtime/tools/RTEfiSigDb.cpp b/src/VBox/Runtime/tools/RTEfiSigDb.cpp
new file mode 100644
index 00000000..911831d4
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTEfiSigDb.cpp
@@ -0,0 +1,833 @@
+/* $Id: RTEfiSigDb.cpp $ */
+/** @file
+ * IPRT - Utility for manipulating EFI signature databases.
+ */
+
+/*
+ * Copyright (C) 2021-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/assert.h>
+#include <iprt/buildconfig.h>
+#include <iprt/err.h>
+#include <iprt/efi.h>
+#include <iprt/file.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/mem.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+#include <iprt/uuid.h>
+#include <iprt/vfs.h>
+
+#include <iprt/formats/efi-signature.h>
+#include <iprt/formats/efi-varstore.h>
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+
+
+/*********************************************************************************************************************************
+* Global Variables *
+*********************************************************************************************************************************/
+/** Signature type identifier to internal type mapping. */
+struct RTEFISIGDBID2TYPEENTRY
+{
+ const char *pszId;
+ RTEFISIGTYPE enmType;
+} g_aId2SigType[] =
+{
+ { "sha256", RTEFISIGTYPE_SHA256 },
+ { "rsa2048", RTEFISIGTYPE_RSA2048 },
+ { "x509", RTEFISIGTYPE_X509 }
+};
+
+
+/*********************************************************************************************************************************
+* Internal Functions *
+*********************************************************************************************************************************/
+
+/**
+ * Display the version of the cache program.
+ *
+ * @returns exit code.
+ */
+static RTEXITCODE rtEfiSigDbVersion(void)
+{
+ RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
+ return RTEXITCODE_SUCCESS;
+}
+
+
+/**
+ * Shows the usage of the program.
+ *
+ * @returns Exit code.
+ * @param pszArg0 Program name.
+ * @param pszCommand Command selector, NULL if all.
+ */
+static RTEXITCODE rtEfiSigDbUsage(const char *pszArg0, const char *pszCommand)
+{
+ if (!pszCommand || !strcmp(pszCommand, "list"))
+ RTPrintf("Usage: %s list <signature database path>\n"
+ , RTPathFilename(pszArg0));
+
+ if (!pszCommand || !strcmp(pszCommand, "add"))
+ RTPrintf("Usage: %s add <signature database path> <x509|sha256|rsa2048> <owner uuid> <signature path> ...\n"
+ , RTPathFilename(pszArg0));
+
+ if (!pszCommand || !strcmp(pszCommand, "initnvram"))
+ RTPrintf("Usage: %s initnvram <nvram path> <init options>\n"
+ "\n"
+ "Init Options:\n"
+ " --pk <path>\n"
+ " Init the PK with the given signature.\n"
+ " --pk-owner <uuid>\n"
+ " Set the given UUID as the owner of the PK.\n"
+ " --kek <path>\n"
+ " Init the KEK with the given signature.\n"
+ " --kek-owner <uuid>\n"
+ " Set the given UUID as the owner of the KEK.\n"
+ " --db <x509|sha256|rsa2048>:<owner uuid>:<path>\n"
+ " Adds the given signature with the owner UUID and type to the db, can be given multiple times.\n"
+ " --secure-boot <on|off>\n"
+ " Enables or disables secure boot\n"
+ , RTPathFilename(pszArg0));
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEFISIGTYPE rtEfiSigDbGetTypeById(const char *pszId)
+{
+ for (uint32_t i = 0; i < RT_ELEMENTS(g_aId2SigType); i++)
+ if (!strcmp(pszId, g_aId2SigType[i].pszId))
+ return g_aId2SigType[i].enmType;
+
+ return RTEFISIGTYPE_INVALID;
+}
+
+
+/**
+ * Opens the specified signature database, returning an VFS file handle on success.
+ *
+ * @returns IPRT status code.
+ * @param pszPath Path to the signature database.
+ * @param phVfsFile Where to return the VFS file handle on success.
+ */
+static int rtEfiSigDbOpen(const char *pszPath, PRTVFSFILE phVfsFile)
+{
+ int rc;
+
+ if (RTVfsChainIsSpec(pszPath))
+ {
+ RTVFSOBJ hVfsObj;
+ rc = RTVfsChainOpenObj(pszPath, RTFILE_O_READWRITE | RTFILE_O_DENY_NONE | RTFILE_O_OPEN,
+ RTVFSOBJ_F_OPEN_ANY | RTVFSOBJ_F_CREATE_NOTHING | RTPATH_F_ON_LINK,
+ &hVfsObj, NULL, NULL);
+ if ( RT_SUCCESS(rc)
+ && RTVfsObjGetType(hVfsObj) == RTVFSOBJTYPE_FILE)
+ {
+ *phVfsFile = RTVfsObjToFile(hVfsObj);
+ RTVfsObjRelease(hVfsObj);
+ }
+ else
+ {
+ RTPrintf("'%s' doesn't point to a file\n", pszPath);
+ rc = VERR_INVALID_PARAMETER;
+ }
+ }
+ else
+ rc = RTVfsFileOpenNormal(pszPath, RTFILE_O_READWRITE | RTFILE_O_DENY_NONE | RTFILE_O_OPEN,
+ phVfsFile);
+
+ return rc;
+}
+
+
+/**
+ * Signature database enumeration callback.
+ */
+static DECLCALLBACK(int) rtEfiSgDbEnum(RTEFISIGDB hEfiSigDb, RTEFISIGTYPE enmSigType, PCRTUUID pUuidOwner,
+ const void *pvSig, size_t cbSig, void *pvUser)
+{
+ RT_NOREF(hEfiSigDb, pvUser);
+
+ uint32_t *pidxSig = (uint32_t *)pvUser;
+
+ RTPrintf("%02u: %s\n", (*pidxSig)++, RTEfiSigDbTypeStringify(enmSigType));
+ RTPrintf(" Owner: %RTuuid\n", pUuidOwner);
+ RTPrintf(" Signature:\n"
+ "%.*Rhxd\n\n", cbSig, pvSig);
+ return VINF_SUCCESS;
+}
+
+
+/**
+ * Handles the 'list' command.
+ *
+ * @returns Program exit code.
+ * @param pszArg0 The program name.
+ * @param cArgs The number of arguments to the 'add' command.
+ * @param papszArgs The argument vector, starting after 'add'.
+ */
+static RTEXITCODE rtEfiSgDbCmdList(const char *pszArg0, int cArgs, char **papszArgs)
+{
+ RT_NOREF(pszArg0);
+
+ if (!cArgs)
+ {
+ RTPrintf("An input path must be given\n");
+ return RTEXITCODE_FAILURE;
+ }
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ RTVFSFILE hVfsFile = NIL_RTVFSFILE;
+ int rc = rtEfiSigDbOpen(papszArgs[0], &hVfsFile);
+ if (RT_SUCCESS(rc))
+ {
+ RTEFISIGDB hEfiSigDb;
+ rc = RTEfiSigDbCreate(&hEfiSigDb);
+ if (RT_SUCCESS(rc))
+ {
+ uint32_t idxSig = 0;
+
+ rc = RTEfiSigDbAddFromExistingDb(hEfiSigDb, hVfsFile);
+ if (RT_SUCCESS(rc))
+ RTEfiSigDbEnum(hEfiSigDb, rtEfiSgDbEnum, &idxSig);
+ else
+ {
+ RTPrintf("Loading the signature database failed with %Rrc\n", rc);
+ rcExit = RTEXITCODE_FAILURE;
+ }
+
+ RTEfiSigDbDestroy(hEfiSigDb);
+ }
+ else
+ {
+ RTPrintf("Creating the signature database failed with %Rrc\n", rc);
+ rcExit = RTEXITCODE_FAILURE;
+ }
+
+ RTVfsFileRelease(hVfsFile);
+ }
+ else
+ rcExit = RTEXITCODE_FAILURE;
+
+ return rcExit;
+}
+
+
+/**
+ * Handles the 'add' command.
+ *
+ * @returns Program exit code.
+ * @param pszArg0 The program name.
+ * @param cArgs The number of arguments to the 'add' command.
+ * @param papszArgs The argument vector, starting after 'add'.
+ */
+static RTEXITCODE rtEfiSgDbCmdAdd(const char *pszArg0, int cArgs, char **papszArgs)
+{
+ RT_NOREF(pszArg0);
+
+ if (!cArgs)
+ {
+ RTPrintf("The signature database path is missing\n");
+ return RTEXITCODE_FAILURE;
+ }
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ RTVFSFILE hVfsFile = NIL_RTVFSFILE;
+ int rc = rtEfiSigDbOpen(papszArgs[0], &hVfsFile);
+ if (RT_SUCCESS(rc))
+ {
+ RTEFISIGDB hEfiSigDb;
+ rc = RTEfiSigDbCreate(&hEfiSigDb);
+ if (RT_SUCCESS(rc))
+ {
+ uint64_t cbSigDb = 0;
+ rc = RTVfsFileQuerySize(hVfsFile, &cbSigDb);
+ if ( RT_SUCCESS(rc)
+ && cbSigDb)
+ rc = RTEfiSigDbAddFromExistingDb(hEfiSigDb, hVfsFile);
+ if (RT_SUCCESS(rc))
+ {
+ cArgs--;
+ papszArgs++;
+
+ while (cArgs >= 3)
+ {
+ RTEFISIGTYPE enmSigType = rtEfiSigDbGetTypeById(papszArgs[0]);
+ const char *pszUuidOwner = papszArgs[1];
+ const char *pszSigDataPath = papszArgs[2];
+
+ if (enmSigType == RTEFISIGTYPE_INVALID)
+ {
+ RTPrintf("Signature type '%s' is not known\n", papszArgs[0]);
+ break;
+ }
+
+ RTUUID UuidOwner;
+ rc = RTUuidFromStr(&UuidOwner, pszUuidOwner);
+ if (RT_FAILURE(rc))
+ {
+ RTPrintf("UUID '%s' is malformed\n", pszUuidOwner);
+ break;
+ }
+
+ RTVFSFILE hVfsFileSigData = NIL_RTVFSFILE;
+ rc = rtEfiSigDbOpen(pszSigDataPath, &hVfsFileSigData);
+ if (RT_FAILURE(rc))
+ {
+ RTPrintf("Opening '%s' failed with %Rrc\n", pszSigDataPath, rc);
+ break;
+ }
+
+ rc = RTEfiSigDbAddSignatureFromFile(hEfiSigDb, enmSigType, &UuidOwner, hVfsFileSigData);
+ RTVfsFileRelease(hVfsFileSigData);
+ if (RT_FAILURE(rc))
+ {
+ RTPrintf("Adding signature data from '%s' failed with %Rrc\n", pszSigDataPath, rc);
+ break;
+ }
+ papszArgs += 3;
+ cArgs -= 3;
+ }
+
+ if (RT_SUCCESS(rc))
+ {
+ if (!cArgs)
+ {
+ rc = RTVfsFileSeek(hVfsFile, 0 /*offSeek*/, RTFILE_SEEK_BEGIN, NULL /*poffActual*/);
+ AssertRC(rc);
+
+ rc = RTEfiSigDbWriteToFile(hEfiSigDb, hVfsFile);
+ if (RT_FAILURE(rc))
+ {
+ RTPrintf("Writing the updated signature database failed with %Rrc\n", rc);
+ rcExit = RTEXITCODE_FAILURE;
+ }
+ }
+ else
+ {
+ RTPrintf("Incomplete list of entries to add given\n");
+ rcExit = RTEXITCODE_FAILURE;
+ }
+ }
+ }
+ else
+ {
+ RTPrintf("Loading the signature database failed with %Rrc\n", rc);
+ rcExit = RTEXITCODE_FAILURE;
+ }
+
+ RTEfiSigDbDestroy(hEfiSigDb);
+ }
+ else
+ {
+ RTPrintf("Creating the signature database failed with %Rrc\n", rc);
+ rcExit = RTEXITCODE_FAILURE;
+ }
+
+ RTVfsFileRelease(hVfsFile);
+ }
+ else
+ rcExit = RTEXITCODE_FAILURE;
+
+ return rcExit;
+}
+
+
+/**
+ * Adds the given signature to the given database.
+ *
+ * @returns IPRT status code.
+ * @param hEfiSigDb The EFI signature database handle.
+ * @param pszSigPath The signature data path.
+ * @param pszSigType The signature type.
+ * @param pszUuidOwner The owner UUID.
+ */
+static int rtEfiSigDbAddSig(RTEFISIGDB hEfiSigDb, const char *pszSigPath, const char *pszSigType, const char *pszUuidOwner)
+{
+ RTEFISIGTYPE enmSigType = rtEfiSigDbGetTypeById(pszSigType);
+ if (enmSigType == RTEFISIGTYPE_INVALID)
+ return RTMsgErrorRc(VERR_INVALID_PARAMETER, "Signature type '%s' is unknown!", pszSigType);
+
+ RTUUID UuidOwner;
+ int rc = RTUuidFromStr(&UuidOwner, pszUuidOwner);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(VERR_INVALID_PARAMETER, "Owner UUID '%s' is malformed!", pszUuidOwner);
+
+ RTVFSFILE hVfsFileSigData = NIL_RTVFSFILE;
+ rc = rtEfiSigDbOpen(pszSigPath, &hVfsFileSigData);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Opening '%s' failed: %Rrc", pszSigPath, rc);
+
+ rc = RTEfiSigDbAddSignatureFromFile(hEfiSigDb, enmSigType, &UuidOwner, hVfsFileSigData);
+ RTVfsFileRelease(hVfsFileSigData);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorRc(rc, "Adding signature '%s' failed: %Rrc", pszSigPath, rc);
+
+ return VINF_SUCCESS;
+}
+
+
+/**
+ * Sets the given attributes for the given EFI variable store variable.
+ *
+ * @returns IPRT status code.
+ * @param hVfsVarStore Handle of the EFI variable store VFS.
+ * @param pszVar The variable to set the attributes for.
+ * @param fAttr The attributes to set, see EFI_VAR_HEADER_ATTR_XXX.
+ */
+static int rtEfiSigDbSetVarAttr(RTVFS hVfsVarStore, const char *pszVar, uint32_t fAttr)
+{
+ char szVarPath[_1K];
+ ssize_t cch = RTStrPrintf2(szVarPath, sizeof(szVarPath), "/raw/%s/attr", pszVar);
+ Assert(cch > 0); RT_NOREF(cch);
+
+ RTVFSFILE hVfsFileAttr = NIL_RTVFSFILE;
+ int rc = RTVfsFileOpen(hVfsVarStore, szVarPath,
+ RTFILE_O_READWRITE | RTFILE_O_DENY_NONE | RTFILE_O_OPEN,
+ &hVfsFileAttr);
+ if (RT_SUCCESS(rc))
+ {
+ uint32_t fAttrLe = RT_H2LE_U32(fAttr);
+ rc = RTVfsFileWrite(hVfsFileAttr, &fAttrLe, sizeof(fAttrLe), NULL /*pcbWritten*/);
+ RTVfsFileRelease(hVfsFileAttr);
+ }
+
+ return rc;
+}
+
+
+/**
+ * Adds the given variable to the variable store.
+ *
+ * @returns IPRT status code.
+ * @param hVfsVarStore Handle of the EFI variable store VFS.
+ * @param pGuid The EFI GUID of the variable.
+ * @param pszVar The variable name.
+ * @param fAttr Attributes for the variable.
+ * @param phVfsFile Where to return the VFS file handle to the created variable on success.
+ */
+static int rtEfiSigDbVarStoreAddVar(RTVFS hVfsVarStore, PCEFI_GUID pGuid, const char *pszVar, uint32_t fAttr, PRTVFSFILE phVfsFile)
+{
+ RTUUID UuidVar;
+ RTEfiGuidToUuid(&UuidVar, pGuid);
+
+ char szVarPath[_1K];
+ ssize_t cch = RTStrPrintf2(szVarPath, sizeof(szVarPath), "/by-uuid/%RTuuid/%s", &UuidVar, pszVar);
+ Assert(cch > 0); RT_NOREF(cch);
+
+ int rc = RTVfsFileOpen(hVfsVarStore, szVarPath,
+ RTFILE_O_READWRITE | RTFILE_O_DENY_NONE | RTFILE_O_OPEN,
+ phVfsFile);
+ if ( rc == VERR_PATH_NOT_FOUND
+ || rc == VERR_FILE_NOT_FOUND)
+ {
+ /*
+ * Try to create the owner GUID of the variable by creating the appropriate directory,
+ * ignore error if it exists already.
+ */
+ RTVFSDIR hVfsDirRoot = NIL_RTVFSDIR;
+ rc = RTVfsOpenRoot(hVfsVarStore, &hVfsDirRoot);
+ if (RT_SUCCESS(rc))
+ {
+ char szGuidPath[_1K];
+ cch = RTStrPrintf2(szGuidPath, sizeof(szGuidPath), "by-uuid/%RTuuid", &UuidVar);
+ Assert(cch > 0);
+
+ RTVFSDIR hVfsDirGuid = NIL_RTVFSDIR;
+ rc = RTVfsDirCreateDir(hVfsDirRoot, szGuidPath, 0755, 0 /*fFlags*/, &hVfsDirGuid);
+ if (RT_SUCCESS(rc))
+ RTVfsDirRelease(hVfsDirGuid);
+ else if (rc == VERR_ALREADY_EXISTS)
+ rc = VINF_SUCCESS;
+
+ RTVfsDirRelease(hVfsDirRoot);
+ }
+ else
+ rc = RTMsgErrorRc(rc, "Opening variable storage root directory failed: %Rrc", rc);
+
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTVfsFileOpen(hVfsVarStore, szVarPath,
+ RTFILE_O_READWRITE | RTFILE_O_DENY_NONE | RTFILE_O_CREATE,
+ phVfsFile);
+ if (RT_SUCCESS(rc))
+ rc = rtEfiSigDbSetVarAttr(hVfsVarStore, pszVar, fAttr);
+ }
+
+ if (RT_FAILURE(rc))
+ rc = RTMsgErrorRc(rc, "Creating the variable '%s' failed: %Rrc", pszVar, rc);
+ }
+
+ return rc;
+}
+
+
+/**
+ * Creates the given variable and sets the data.
+ *
+ * @returns IPRT status code.
+ * @param hVfsVarStore Handle of the EFI variable store VFS.
+ * @param pGuid The EFI GUID of the variable.
+ * @param pszVar The variable name.
+ * @param fAttr Attributes for the variable.
+ * @param pvBuf The data to write.
+ * @param cbBuf Number of bytes of data.
+ */
+static int rtEfiSigDbVarStoreSetVar(RTVFS hVfsVarStore, PCEFI_GUID pGuid, const char *pszVar, uint32_t fAttr,
+ const void *pvBuf, size_t cbBuf)
+{
+ RTVFSFILE hVfsFileVar = NIL_RTVFSFILE;
+ int rc = rtEfiSigDbVarStoreAddVar(hVfsVarStore, pGuid, pszVar, fAttr, &hVfsFileVar);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTVfsFileWrite(hVfsFileVar, pvBuf, cbBuf, NULL /*pcbWritten*/);
+ if (RT_FAILURE(rc))
+ rc = RTMsgErrorRc(rc, "Writing variable '%s' failed: %Rrc", pszVar, rc);
+ RTVfsFileRelease(hVfsFileVar);
+ }
+ else
+ rc = RTMsgErrorRc(rc, "Creating variable '%s' failed: %Rrc", pszVar, rc);
+
+ return rc;
+}
+
+
+/**
+ * Adds the given signature to the given signature database of the given EFI variable store.
+ *
+ * @returns IPRT status code.
+ * @param hVfsVarStore Handle of the EFI variable store VFS.
+ * @param pGuid The EFI GUID of the variable.
+ * @param pszDb The signature database to update.
+ * @param fWipeDbBefore Flag whether to wipe the database before adding the signature.
+ * @param cSigs Number of signatures following.
+ * @param ... A triple of signature path, signature type and owner uuid string pointers for each
+ * signature.
+ */
+static int rtEfiSigDbVarStoreAddToDb(RTVFS hVfsVarStore, PCEFI_GUID pGuid, const char *pszDb, bool fWipeDbBefore, uint32_t cSigs,
+ ... /*const char *pszSigPath, const char *pszSigType, const char *pszUuidOwner*/)
+{
+ RTVFSFILE hVfsFileSigDb = NIL_RTVFSFILE;
+ int rc = rtEfiSigDbVarStoreAddVar(hVfsVarStore, pGuid, pszDb,
+ EFI_VAR_HEADER_ATTR_NON_VOLATILE
+ | EFI_VAR_HEADER_ATTR_BOOTSERVICE_ACCESS
+ | EFI_VAR_HEADER_ATTR_RUNTIME_ACCESS
+ | EFI_AUTH_VAR_HEADER_ATTR_TIME_BASED_AUTH_WRITE_ACCESS,
+ &hVfsFileSigDb);
+ if (RT_SUCCESS(rc))
+ {
+ RTEFISIGDB hEfiSigDb;
+ rc = RTEfiSigDbCreate(&hEfiSigDb);
+ if (RT_SUCCESS(rc))
+ {
+ if (!fWipeDbBefore)
+ rc = RTEfiSigDbAddFromExistingDb(hEfiSigDb, hVfsFileSigDb);
+ if (RT_SUCCESS(rc))
+ {
+ va_list VarArgs;
+ va_start(VarArgs, cSigs);
+
+ while ( cSigs--
+ && RT_SUCCESS(rc))
+ {
+ const char *pszSigPath = va_arg(VarArgs, const char *);
+ const char *pszSigType = va_arg(VarArgs, const char *);
+ const char *pszUuidOwner = va_arg(VarArgs, const char *);
+
+ rc = rtEfiSigDbAddSig(hEfiSigDb, pszSigPath, pszSigType, pszUuidOwner);
+ }
+
+ va_end(VarArgs);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTVfsFileSeek(hVfsFileSigDb, 0 /*offSeek*/, RTFILE_SEEK_BEGIN, NULL /*poffActual*/);
+ AssertRC(rc);
+
+ rc = RTEfiSigDbWriteToFile(hEfiSigDb, hVfsFileSigDb);
+ if (RT_FAILURE(rc))
+ rc = RTMsgErrorRc(rc, "Writing updated signature database failed: %Rrc", rc);
+ }
+ }
+ else
+ rc = RTMsgErrorRc(rc, "Loading signature database failed: %Rrc", rc);
+
+ RTEfiSigDbDestroy(hEfiSigDb);
+ }
+ else
+ rc = RTMsgErrorRc(rc, "Creating signature database failed: %Rrc", rc);
+
+ RTVfsFileRelease(hVfsFileSigDb);
+ }
+ else
+ rc = RTMsgErrorRc(rc, "Opening signature database '%s' failed: %Rrc", pszDb, rc);
+
+ return rc;
+}
+
+
+/**
+ * Handles the 'initnvram' command.
+ *
+ * @returns Program exit code.
+ * @param pszArg0 The program name.
+ * @param cArgs The number of arguments to the 'add' command.
+ * @param papszArgs The argument vector, starting after 'add'.
+ */
+static RTEXITCODE rtEfiSgDbCmdInitNvram(const char *pszArg0, int cArgs, char **papszArgs)
+{
+ RT_NOREF(pszArg0);
+ RTERRINFOSTATIC ErrInfo;
+
+ /*
+ * Parse the command line.
+ */
+ static RTGETOPTDEF const s_aOptions[] =
+ {
+ { "--pk", 'p', RTGETOPT_REQ_STRING },
+ { "--pk-owner", 'o', RTGETOPT_REQ_STRING },
+ { "--kek", 'k', RTGETOPT_REQ_STRING },
+ { "--kek-owner", 'w', RTGETOPT_REQ_STRING },
+ { "--db", 'd', RTGETOPT_REQ_STRING },
+ { "--secure-boot", 's', RTGETOPT_REQ_BOOL_ONOFF }
+ };
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ RTGETOPTSTATE State;
+ int rc = RTGetOptInit(&State, cArgs, papszArgs, &s_aOptions[0], RT_ELEMENTS(s_aOptions), 0, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOptInit failed: %Rrc", rc);
+
+ const char *pszNvram = NULL;
+ const char *pszPkPath = NULL;
+ const char *pszUuidPkOwner = NULL;
+ const char *pszKekPath = NULL;
+ const char *pszUuidKekOwner = NULL;
+ const char **papszDb = NULL;
+ bool fSecureBoot = true;
+ bool fSetSecureBoot = false;
+ uint32_t cDbEntries = 0;
+ uint32_t cDbEntriesMax = 0;
+
+ RTGETOPTUNION ValueUnion;
+ int chOpt;
+ while ((chOpt = RTGetOpt(&State, &ValueUnion)) != 0)
+ {
+ switch (chOpt)
+ {
+ case 'p':
+ pszPkPath = ValueUnion.psz;
+ break;
+ case 'o':
+ pszUuidPkOwner = ValueUnion.psz;
+ break;
+
+ case 'k':
+ pszKekPath = ValueUnion.psz;
+ break;
+ case 'w':
+ pszUuidKekOwner = ValueUnion.psz;
+ break;
+
+ case 'd':
+ {
+ if (cDbEntries == cDbEntriesMax)
+ {
+ uint32_t cDbEntriesMaxNew = cDbEntriesMax + 10;
+ const char **papszDbNew = (const char **)RTMemRealloc(papszDb, cDbEntriesMaxNew * sizeof(const char *));
+ if (!papszDbNew)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Out of memory allocating memory for '%s'", ValueUnion.psz);
+
+ papszDb = papszDbNew;
+ cDbEntriesMax = cDbEntriesMaxNew;
+ }
+
+ papszDb[cDbEntries++] = ValueUnion.psz;
+ break;
+ }
+
+ case 's':
+ fSecureBoot = ValueUnion.f;
+ fSetSecureBoot = true;
+ break;
+
+ case VINF_GETOPT_NOT_OPTION:
+ /* The first non-option is the NVRAM file. */
+ if (!pszNvram)
+ pszNvram = ValueUnion.psz;
+ else
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Invalid option '%s'", ValueUnion.psz);
+ break;
+
+ default:
+ return RTGetOptPrintError(chOpt, &ValueUnion);
+ }
+ }
+
+ if (!pszNvram)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "The NVRAM file path is missing");
+
+ if ( pszPkPath
+ && !pszUuidPkOwner)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "The PK is missing the owner UUID");
+
+ if ( pszKekPath
+ && !pszUuidKekOwner)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "The KEK is missing the owner UUID");
+
+ RTVFSFILE hVfsFileNvram = NIL_RTVFSFILE;
+ rc = RTVfsFileOpenNormal(pszNvram, RTFILE_O_READWRITE | RTFILE_O_DENY_NONE | RTFILE_O_OPEN,
+ &hVfsFileNvram);
+ if (RT_SUCCESS(rc))
+ {
+ RTVFS hVfsEfiVarStore = NIL_RTVFS;
+ rc = RTEfiVarStoreOpenAsVfs(hVfsFileNvram, 0 /*fMntFlags*/, 0 /*fVarStoreFlags*/, &hVfsEfiVarStore, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ EFI_GUID GuidSecurityDb = EFI_IMAGE_SECURITY_DATABASE_GUID;
+ EFI_GUID GuidGlobalVar = EFI_GLOBAL_VARIABLE_GUID;
+
+ if (pszPkPath)
+ rc = rtEfiSigDbVarStoreAddToDb(hVfsEfiVarStore, &GuidGlobalVar, "PK", true /*fWipeDbBefore*/, 1 /*cSigs*/, pszPkPath, "x509", pszUuidPkOwner);
+ if ( RT_SUCCESS(rc)
+ && pszKekPath)
+ rc = rtEfiSigDbVarStoreAddToDb(hVfsEfiVarStore, &GuidGlobalVar ,"KEK", true /*fWipeDbBefore*/, 1 /*cSigs*/, pszKekPath, "x509", pszUuidKekOwner);
+
+ if ( RT_SUCCESS(rc)
+ && cDbEntries)
+ {
+ /** @todo Optimize to avoid re-opening and re-parsing the database for every entry. */
+ for (uint32_t i = 0; i < cDbEntries && RT_SUCCESS(rc); i++)
+ {
+ const char *pszDbEntry = papszDb[i];
+
+ const char *pszSigType = pszDbEntry;
+ const char *pszUuidOwner = strchr(pszSigType, ':');
+ if (pszUuidOwner)
+ pszUuidOwner++;
+ const char *pszSigPath = pszUuidOwner ? strchr(pszUuidOwner, ':') : NULL;
+ if (pszSigPath)
+ pszSigPath++;
+
+ if ( pszUuidOwner
+ && pszSigPath)
+ {
+ char *pszSigTypeFree = RTStrDupN(pszSigType, pszUuidOwner - pszSigType - 1);
+ char *pszUuidOwnerFree = RTStrDupN(pszUuidOwner, pszSigPath - pszUuidOwner - 1);
+
+ if ( pszSigTypeFree
+ && pszUuidOwnerFree)
+ rc = rtEfiSigDbVarStoreAddToDb(hVfsEfiVarStore, &GuidSecurityDb, "db",
+ i == 0 ? true : false /*fWipeDbBefore*/,
+ 1 /*cSigs*/,
+ pszSigPath, pszSigTypeFree, pszUuidOwnerFree);
+ else
+ rc = RTMsgErrorRc(VERR_NO_MEMORY, "Out of memory!");
+
+ if (pszSigTypeFree)
+ RTStrFree(pszSigTypeFree);
+ if (pszUuidOwnerFree)
+ RTStrFree(pszUuidOwnerFree);
+ }
+ else
+ rc = RTMsgErrorRc(VERR_INVALID_PARAMETER, "DB entry '%s' is malformed!", pszDbEntry);
+ }
+
+ if (RT_FAILURE(rc))
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Initializing the NVRAM '%s' failed: %Rrc", pszNvram, rc);
+ }
+
+ if ( RT_SUCCESS(rc)
+ && fSetSecureBoot)
+ {
+ EFI_GUID GuidSecureBootEnable = EFI_SECURE_BOOT_ENABLE_DISABLE_GUID;
+ uint8_t bVar = fSecureBoot ? 0x1 : 0x0;
+ rtEfiSigDbVarStoreSetVar(hVfsEfiVarStore, &GuidSecureBootEnable, "SecureBootEnable",
+ EFI_VAR_HEADER_ATTR_NON_VOLATILE
+ | EFI_VAR_HEADER_ATTR_BOOTSERVICE_ACCESS
+ | EFI_VAR_HEADER_ATTR_RUNTIME_ACCESS,
+ &bVar, sizeof(bVar));
+ }
+
+ RTVfsRelease(hVfsEfiVarStore);
+ }
+
+ RTVfsFileRelease(hVfsFileNvram);
+ }
+
+ if (papszDb)
+ RTMemFree(papszDb);
+ return rcExit;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /*
+ * Switch on the command.
+ */
+ RTEXITCODE rcExit = RTEXITCODE_SYNTAX;
+ if (argc < 2)
+ rtEfiSigDbUsage(argv[0], NULL);
+ else if (!strcmp(argv[1], "list"))
+ rcExit = rtEfiSgDbCmdList(argv[0], argc - 2, argv + 2);
+ else if (!strcmp(argv[1], "add"))
+ rcExit = rtEfiSgDbCmdAdd(argv[0], argc - 2, argv + 2);
+ else if (!strcmp(argv[1], "initnvram"))
+ rcExit = rtEfiSgDbCmdInitNvram(argv[0], argc - 2, argv + 2);
+ else if ( !strcmp(argv[1], "-h")
+ || !strcmp(argv[1], "-?")
+ || !strcmp(argv[1], "--help"))
+ rcExit = rtEfiSigDbUsage(argv[0], NULL);
+ else if ( !strcmp(argv[1], "-V")
+ || !strcmp(argv[1], "--version"))
+ rcExit = rtEfiSigDbVersion();
+ else
+ RTMsgError("Unknown command: '%s'", argv[1]);
+
+ return rcExit;
+}
+
diff --git a/src/VBox/Runtime/tools/RTFtpServer.cpp b/src/VBox/Runtime/tools/RTFtpServer.cpp
new file mode 100644
index 00000000..643fa7cd
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTFtpServer.cpp
@@ -0,0 +1,666 @@
+/* $Id: RTFtpServer.cpp $ */
+/** @file
+ * IPRT - Utility for running a (simple) FTP server.
+ *
+ * Use this setup to best see what's going on:
+ * VBOX_LOG=rt_ftp=~0
+ * VBOX_LOG_DEST="nofile stderr"
+ * VBOX_LOG_FLAGS="unbuffered enabled thread msprog"
+ *
+ */
+
+/*
+ * Copyright (C) 2020-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <signal.h>
+
+#include <iprt/ftp.h>
+
+#include <iprt/net.h> /* To make use of IPv4Addr in RTGETOPTUNION. */
+
+#include <iprt/asm.h>
+#include <iprt/assert.h>
+#include <iprt/ctype.h>
+#include <iprt/err.h>
+#include <iprt/file.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/mem.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+#include <iprt/thread.h>
+#include <iprt/vfs.h>
+
+#ifdef RT_OS_WINDOWS
+# include <iprt/win/windows.h>
+#endif
+
+
+/*********************************************************************************************************************************
+* Definitations *
+*********************************************************************************************************************************/
+typedef struct FTPSERVERDATA
+{
+ /** The absolute path of the FTP server's root directory. */
+ char szPathRootAbs[RTPATH_MAX];
+ /** The relative current working directory (CWD) to szRootDir. */
+ char szCWD[RTPATH_MAX];
+} FTPSERVERDATA;
+typedef FTPSERVERDATA *PFTPSERVERDATA;
+
+/**
+ * Enumeration specifying the VFS handle type of the FTP server.
+ */
+typedef enum FTPSERVERVFSHANDLETYPE
+{
+ FTPSERVERVFSHANDLETYPE_INVALID = 0,
+ FTPSERVERVFSHANDLETYPE_FILE,
+ FTPSERVERVFSHANDLETYPE_DIR,
+ /** The usual 32-bit hack. */
+ FTPSERVERVFSHANDLETYPE_32BIT_HACK = 0x7fffffff
+} FTPSERVERVFSHANDLETYPE;
+
+/**
+ * Structure for keeping a VFS handle of the FTP server.
+ */
+typedef struct FTPSERVERVFSHANDLE
+{
+ /** The type of the handle, stored in the union below. */
+ FTPSERVERVFSHANDLETYPE enmType;
+ union
+ {
+ /** The VFS (chain) handle to use for this file. */
+ RTVFSFILE hVfsFile;
+ /** The VFS (chain) handle to use for this directory. */
+ RTVFSDIR hVfsDir;
+ } u;
+} FTPSERVERVFSHANDLE;
+typedef FTPSERVERVFSHANDLE *PFTPSERVERVFSHANDLE;
+
+
+/*********************************************************************************************************************************
+* Global Variables *
+*********************************************************************************************************************************/
+/** Set by the signal handler when the FTP server shall be terminated. */
+static volatile bool g_fCanceled = false;
+static FTPSERVERDATA g_FtpServerData;
+
+
+#ifdef RT_OS_WINDOWS
+static BOOL WINAPI signalHandler(DWORD dwCtrlType) RT_NOTHROW_DEF
+{
+ bool fEventHandled = FALSE;
+ switch (dwCtrlType)
+ {
+ /* User pressed CTRL+C or CTRL+BREAK or an external event was sent
+ * via GenerateConsoleCtrlEvent(). */
+ case CTRL_BREAK_EVENT:
+ case CTRL_CLOSE_EVENT:
+ case CTRL_C_EVENT:
+ ASMAtomicWriteBool(&g_fCanceled, true);
+ fEventHandled = TRUE;
+ break;
+ default:
+ break;
+ /** @todo Add other events here. */
+ }
+
+ return fEventHandled;
+}
+#else /* !RT_OS_WINDOWS */
+/**
+ * Signal handler that sets g_fCanceled.
+ *
+ * This can be executed on any thread in the process, on Windows it may even be
+ * a thread dedicated to delivering this signal. Don't do anything
+ * unnecessary here.
+ */
+static void signalHandler(int iSignal) RT_NOTHROW_DEF
+{
+ NOREF(iSignal);
+ ASMAtomicWriteBool(&g_fCanceled, true);
+}
+#endif
+
+/**
+ * Installs a custom signal handler to get notified
+ * whenever the user wants to intercept the program.
+ *
+ * @todo Make this handler available for all VBoxManage modules?
+ */
+static int signalHandlerInstall(void)
+{
+ g_fCanceled = false;
+
+ int rc = VINF_SUCCESS;
+#ifdef RT_OS_WINDOWS
+ if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE)signalHandler, TRUE /* Add handler */))
+ {
+ rc = RTErrConvertFromWin32(GetLastError());
+ RTMsgError("Unable to install console control handler, rc=%Rrc\n", rc);
+ }
+#else
+ signal(SIGINT, signalHandler);
+ signal(SIGTERM, signalHandler);
+# ifdef SIGBREAK
+ signal(SIGBREAK, signalHandler);
+# endif
+#endif
+ return rc;
+}
+
+/**
+ * Uninstalls a previously installed signal handler.
+ */
+static int signalHandlerUninstall(void)
+{
+ int rc = VINF_SUCCESS;
+#ifdef RT_OS_WINDOWS
+ if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE)NULL, FALSE /* Remove handler */))
+ {
+ rc = RTErrConvertFromWin32(GetLastError());
+ RTMsgError("Unable to uninstall console control handler, rc=%Rrc\n", rc);
+ }
+#else
+ signal(SIGINT, SIG_DFL);
+ signal(SIGTERM, SIG_DFL);
+# ifdef SIGBREAK
+ signal(SIGBREAK, SIG_DFL);
+# endif
+#endif
+ return rc;
+}
+
+static DECLCALLBACK(int) onUserConnect(PRTFTPCALLBACKDATA pData, const char *pcszUser)
+{
+ RT_NOREF(pData, pcszUser);
+
+ RTPrintf("User '%s' connected\n", pcszUser);
+
+ return VINF_SUCCESS;
+}
+
+static DECLCALLBACK(int) onUserAuthenticate(PRTFTPCALLBACKDATA pData, const char *pcszUser, const char *pcszPassword)
+{
+ RT_NOREF(pData, pcszUser, pcszPassword);
+
+ RTPrintf("Authenticating user '%s' ...\n", pcszUser);
+
+ return VINF_SUCCESS;
+}
+
+static DECLCALLBACK(int) onUserDisonnect(PRTFTPCALLBACKDATA pData, const char *pcszUser)
+{
+ RT_NOREF(pData);
+
+ RTPrintf("User '%s' disconnected\n", pcszUser);
+
+ return VINF_SUCCESS;
+}
+
+static DECLCALLBACK(int) onFileOpen(PRTFTPCALLBACKDATA pData, const char *pcszPath, uint32_t fMode, void **ppvHandle)
+{
+ PFTPSERVERDATA pThis = (PFTPSERVERDATA)pData->pvUser;
+ Assert(pData->cbUser == sizeof(FTPSERVERDATA));
+
+ PFTPSERVERVFSHANDLE pHandle = (PFTPSERVERVFSHANDLE)RTMemAllocZ(sizeof(FTPSERVERVFSHANDLE));
+ if (!pHandle)
+ return VERR_NO_MEMORY;
+
+ char *pszPathAbs = NULL;
+ if (RTStrAPrintf(&pszPathAbs, "%s/%s", pThis->szPathRootAbs, pcszPath) <= 0)
+ return VERR_NO_MEMORY;
+
+ int rc = RTVfsChainOpenFile(pszPathAbs, fMode, &pHandle->u.hVfsFile, NULL /*poffError */, NULL /* pErrInfo */);
+ if (RT_SUCCESS(rc))
+ {
+ pHandle->enmType = FTPSERVERVFSHANDLETYPE_FILE;
+
+ *ppvHandle = pHandle;
+ }
+ else
+ RTMemFree(pHandle);
+
+ RTStrFree(pszPathAbs);
+
+ return rc;
+}
+
+static DECLCALLBACK(int) onFileRead(PRTFTPCALLBACKDATA pData, void *pvHandle, void *pvBuf, size_t cbToRead, size_t *pcbRead)
+{
+ RT_NOREF(pData);
+
+ PFTPSERVERVFSHANDLE pHandle = (PFTPSERVERVFSHANDLE)pvHandle;
+ AssertPtrReturn(pHandle, VERR_INVALID_POINTER);
+ AssertReturn(pHandle->enmType == FTPSERVERVFSHANDLETYPE_FILE, VERR_INVALID_PARAMETER);
+
+ return RTVfsFileRead(pHandle->u.hVfsFile, pvBuf, cbToRead, pcbRead);
+}
+
+static DECLCALLBACK(int) onFileClose(PRTFTPCALLBACKDATA pData, void *pvHandle)
+{
+ RT_NOREF(pData);
+
+ PFTPSERVERVFSHANDLE pHandle = (PFTPSERVERVFSHANDLE)pvHandle;
+ AssertPtrReturn(pHandle, VERR_INVALID_POINTER);
+ AssertReturn(pHandle->enmType == FTPSERVERVFSHANDLETYPE_FILE, VERR_INVALID_PARAMETER);
+
+ int rc = RTVfsFileRelease(pHandle->u.hVfsFile);
+ if (RT_SUCCESS(rc))
+ {
+ RTMemFree(pvHandle);
+ pvHandle = NULL;
+ }
+
+ return rc;
+}
+
+static DECLCALLBACK(int) onFileGetSize(PRTFTPCALLBACKDATA pData, const char *pcszPath, uint64_t *puSize)
+{
+ PFTPSERVERDATA pThis = (PFTPSERVERDATA)pData->pvUser;
+ Assert(pData->cbUser == sizeof(FTPSERVERDATA));
+
+ char *pszStat = NULL;
+ if (RTStrAPrintf(&pszStat, "%s/%s", pThis->szPathRootAbs, pcszPath) <= 0)
+ return VERR_NO_MEMORY;
+
+ RTPrintf("Retrieving file size for '%s' ...\n", pcszPath);
+
+ RTFILE hFile;
+ int rc = RTFileOpen(&hFile, pcszPath,
+ RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTFileQuerySize(hFile, puSize);
+ if (RT_SUCCESS(rc))
+ RTPrintf("File size is: %RU64\n", *puSize);
+ RTFileClose(hFile);
+ }
+
+ RTStrFree(pszStat);
+
+ return rc;
+}
+
+static DECLCALLBACK(int) onFileStat(PRTFTPCALLBACKDATA pData, const char *pcszPath, PRTFSOBJINFO pFsObjInfo)
+{
+ PFTPSERVERDATA pThis = (PFTPSERVERDATA)pData->pvUser;
+ Assert(pData->cbUser == sizeof(FTPSERVERDATA));
+
+ char *pszStat = NULL;
+ if (RTStrAPrintf(&pszStat, "%s/%s", pThis->szPathRootAbs, pcszPath) <= 0)
+ return VERR_NO_MEMORY;
+
+ RTPrintf("Stat for '%s'\n", pszStat);
+
+ RTFILE hFile;
+ int rc = RTFileOpen(&hFile, pszStat,
+ RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
+ if (RT_SUCCESS(rc))
+ {
+ RTFSOBJINFO fsObjInfo;
+ rc = RTFileQueryInfo(hFile, &fsObjInfo, RTFSOBJATTRADD_NOTHING);
+ if (RT_SUCCESS(rc))
+ {
+ if (pFsObjInfo)
+ *pFsObjInfo = fsObjInfo;
+ }
+
+ RTFileClose(hFile);
+ }
+
+ RTStrFree(pszStat);
+
+ return rc;
+}
+
+static DECLCALLBACK(int) onPathSetCurrent(PRTFTPCALLBACKDATA pData, const char *pcszCWD)
+{
+ PFTPSERVERDATA pThis = (PFTPSERVERDATA)pData->pvUser;
+ Assert(pData->cbUser == sizeof(FTPSERVERDATA));
+
+ RTPrintf("Setting current directory to '%s'\n", pcszCWD);
+
+ /** @todo BUGBUG Santiy checks! */
+
+ return RTStrCopy(pThis->szCWD, sizeof(pThis->szCWD), pcszCWD);
+}
+
+static DECLCALLBACK(int) onPathGetCurrent(PRTFTPCALLBACKDATA pData, char *pszPWD, size_t cbPWD)
+{
+ PFTPSERVERDATA pThis = (PFTPSERVERDATA)pData->pvUser;
+ Assert(pData->cbUser == sizeof(FTPSERVERDATA));
+
+ RTPrintf("Current directory is: '%s'\n", pThis->szCWD);
+
+ return RTStrCopy(pszPWD, cbPWD, pThis->szCWD);
+}
+
+static DECLCALLBACK(int) onPathUp(PRTFTPCALLBACKDATA pData)
+{
+ RT_NOREF(pData);
+
+ return VINF_SUCCESS;
+}
+
+static DECLCALLBACK(int) onDirOpen(PRTFTPCALLBACKDATA pData, const char *pcszPath, void **ppvHandle)
+{
+ PFTPSERVERDATA pThis = (PFTPSERVERDATA)pData->pvUser;
+ Assert(pData->cbUser == sizeof(FTPSERVERDATA));
+
+ PFTPSERVERVFSHANDLE pHandle = (PFTPSERVERVFSHANDLE)RTMemAllocZ(sizeof(FTPSERVERVFSHANDLE));
+ if (!pHandle)
+ return VERR_NO_MEMORY;
+
+ /* Construct absolute path. */
+ char *pszPathAbs = NULL;
+ if (RTStrAPrintf(&pszPathAbs, "%s/%s", pThis->szPathRootAbs, pcszPath) <= 0)
+ return VERR_NO_MEMORY;
+
+ RTPrintf("Opening directory '%s'\n", pszPathAbs);
+
+ int rc = RTVfsChainOpenDir(pszPathAbs, 0 /*fFlags*/, &pHandle->u.hVfsDir, NULL /* poffError */, NULL /* pErrInfo */);
+ if (RT_SUCCESS(rc))
+ {
+ pHandle->enmType = FTPSERVERVFSHANDLETYPE_DIR;
+
+ *ppvHandle = pHandle;
+ }
+ else
+ {
+ RTMemFree(pHandle);
+ }
+
+ RTStrFree(pszPathAbs);
+
+ return rc;
+}
+
+static DECLCALLBACK(int) onDirClose(PRTFTPCALLBACKDATA pData, void *pvHandle)
+{
+ RT_NOREF(pData);
+
+ PFTPSERVERVFSHANDLE pHandle = (PFTPSERVERVFSHANDLE)pvHandle;
+ AssertPtrReturn(pHandle, VERR_INVALID_POINTER);
+ AssertReturn(pHandle->enmType == FTPSERVERVFSHANDLETYPE_DIR, VERR_INVALID_PARAMETER);
+
+ RTVfsDirRelease(pHandle->u.hVfsDir);
+
+ RTMemFree(pHandle);
+ pHandle = NULL;
+
+ return VINF_SUCCESS;
+}
+
+static DECLCALLBACK(int) onDirRead(PRTFTPCALLBACKDATA pData, void *pvHandle, char **ppszEntry,
+ PRTFSOBJINFO pInfo, char **ppszOwner, char **ppszGroup, char **ppszTarget)
+{
+ RT_NOREF(pData);
+ RT_NOREF(ppszTarget); /* No symlinks yet */
+
+ PFTPSERVERVFSHANDLE pHandle = (PFTPSERVERVFSHANDLE)pvHandle;
+ AssertPtrReturn(pHandle, VERR_INVALID_POINTER);
+ AssertReturn(pHandle->enmType == FTPSERVERVFSHANDLETYPE_DIR, VERR_INVALID_PARAMETER);
+
+ size_t cbDirEntryAlloced = sizeof(RTDIRENTRYEX);
+ PRTDIRENTRYEX pDirEntry = (PRTDIRENTRYEX)RTMemTmpAlloc(cbDirEntryAlloced);
+ if (!pDirEntry)
+ return VERR_NO_MEMORY;
+
+ int rc;
+
+ for (;;)
+ {
+ size_t cbDirEntry = cbDirEntryAlloced;
+ rc = RTVfsDirReadEx(pHandle->u.hVfsDir, pDirEntry, &cbDirEntry, RTFSOBJATTRADD_UNIX);
+ if (RT_FAILURE(rc))
+ {
+ if (rc == VERR_BUFFER_OVERFLOW)
+ {
+ RTMemTmpFree(pDirEntry);
+ cbDirEntryAlloced = RT_ALIGN_Z(RT_MIN(cbDirEntry, cbDirEntryAlloced) + 64, 64);
+ pDirEntry = (PRTDIRENTRYEX)RTMemTmpAlloc(cbDirEntryAlloced);
+ if (pDirEntry)
+ continue;
+ }
+ else if (rc != VERR_NO_MORE_FILES)
+ break;
+ }
+
+ if (RT_SUCCESS(rc))
+ {
+ if (pDirEntry->Info.Attr.u.Unix.uid != NIL_RTUID)
+ {
+ RTFSOBJINFO OwnerInfo;
+ rc = RTVfsDirQueryPathInfo(pHandle->u.hVfsDir,
+ pDirEntry->szName, &OwnerInfo, RTFSOBJATTRADD_UNIX_OWNER, RTPATH_F_ON_LINK);
+ if ( RT_SUCCESS(rc)
+ && OwnerInfo.Attr.u.UnixOwner.szName[0])
+ {
+ *ppszOwner = RTStrDup(&OwnerInfo.Attr.u.UnixOwner.szName[0]);
+ if (!*ppszOwner)
+ rc = VERR_NO_MEMORY;
+ }
+ }
+
+ if ( RT_SUCCESS(rc)
+ && pDirEntry->Info.Attr.u.Unix.gid != NIL_RTGID)
+ {
+ RTFSOBJINFO GroupInfo;
+ rc = RTVfsDirQueryPathInfo(pHandle->u.hVfsDir,
+ pDirEntry->szName, &GroupInfo, RTFSOBJATTRADD_UNIX_GROUP, RTPATH_F_ON_LINK);
+ if ( RT_SUCCESS(rc)
+ && GroupInfo.Attr.u.UnixGroup.szName[0])
+ {
+ *ppszGroup = RTStrDup(&GroupInfo.Attr.u.UnixGroup.szName[0]);
+ if (!*ppszGroup)
+ rc = VERR_NO_MEMORY;
+ }
+ }
+ }
+
+ *ppszEntry = RTStrDup(pDirEntry->szName);
+ AssertPtrReturn(*ppszEntry, VERR_NO_MEMORY);
+
+ *pInfo = pDirEntry->Info;
+
+ break;
+
+ } /* for */
+
+ RTMemTmpFree(pDirEntry);
+ pDirEntry = NULL;
+
+ return rc;
+}
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /* Use some sane defaults. */
+ char szAddress[64] = "localhost";
+ uint16_t uPort = 2121;
+
+ RT_ZERO(g_FtpServerData);
+
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--address", 'a', RTGETOPT_REQ_IPV4ADDR }, /** @todo Use a string for DNS hostnames? */
+ /** @todo Implement IPv6 support? */
+ { "--port", 'p', RTGETOPT_REQ_UINT16 },
+ { "--root-dir", 'r', RTGETOPT_REQ_STRING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING }
+ };
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ unsigned uVerbosityLevel = 1;
+
+ RTGETOPTUNION ValueUnion;
+ RTGETOPTSTATE GetState;
+ RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ while ((rc = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (rc)
+ {
+ case 'a':
+ RTStrPrintf2(szAddress, sizeof(szAddress), "%RU8.%RU8.%RU8.%RU8", /** @todo Improve this. */
+ ValueUnion.IPv4Addr.au8[0], ValueUnion.IPv4Addr.au8[1], ValueUnion.IPv4Addr.au8[2], ValueUnion.IPv4Addr.au8[3]);
+ break;
+
+ case 'p':
+ uPort = ValueUnion.u16;
+ break;
+
+ case 'r':
+ RTStrCopy(g_FtpServerData.szPathRootAbs, sizeof(g_FtpServerData.szPathRootAbs), ValueUnion.psz);
+ break;
+
+ case 'v':
+ uVerbosityLevel++;
+ break;
+
+ case 'h':
+ RTPrintf("Usage: %s [options]\n"
+ "\n"
+ "Options:\n"
+ " -a, --address (default: localhost)\n"
+ " Specifies the address to use for listening.\n"
+ " -p, --port (default: 2121)\n"
+ " Specifies the port to use for listening.\n"
+ " -r, --root-dir (default: current dir)\n"
+ " Specifies the root directory being served.\n"
+ " -v, --verbose\n"
+ " Controls the verbosity level.\n"
+ " -h, -?, --help\n"
+ " Display this help text and exit successfully.\n"
+ " -V, --version\n"
+ " Display the revision and exit successfully.\n"
+ , RTPathFilename(argv[0]));
+ return RTEXITCODE_SUCCESS;
+
+ case 'V':
+ RTPrintf("$Revision: 155244 $\n");
+ return RTEXITCODE_SUCCESS;
+
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+ if (!strlen(g_FtpServerData.szPathRootAbs))
+ {
+ /* By default use the current directory as serving root directory. */
+ rc = RTPathGetCurrent(g_FtpServerData.szPathRootAbs, sizeof(g_FtpServerData.szPathRootAbs));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Retrieving current directory failed: %Rrc", rc);
+ }
+
+ /* Initialize CWD. */
+ RTStrPrintf2(g_FtpServerData.szCWD, sizeof(g_FtpServerData.szCWD), "/");
+
+ /* Install signal handler. */
+ rc = signalHandlerInstall();
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Create the FTP server instance.
+ */
+ RTFTPSERVERCALLBACKS Callbacks;
+ RT_ZERO(Callbacks);
+
+ Callbacks.pfnOnUserConnect = onUserConnect;
+ Callbacks.pfnOnUserAuthenticate = onUserAuthenticate;
+ Callbacks.pfnOnUserDisconnect = onUserDisonnect;
+ Callbacks.pfnOnFileOpen = onFileOpen;
+ Callbacks.pfnOnFileRead = onFileRead;
+ Callbacks.pfnOnFileClose = onFileClose;
+ Callbacks.pfnOnFileGetSize = onFileGetSize;
+ Callbacks.pfnOnFileStat = onFileStat;
+ Callbacks.pfnOnPathSetCurrent = onPathSetCurrent;
+ Callbacks.pfnOnPathGetCurrent = onPathGetCurrent;
+ Callbacks.pfnOnPathUp = onPathUp;
+ Callbacks.pfnOnDirOpen = onDirOpen;
+ Callbacks.pfnOnDirClose = onDirClose;
+ Callbacks.pfnOnDirRead = onDirRead;
+
+ RTFTPSERVER hFTPServer;
+ rc = RTFtpServerCreate(&hFTPServer, szAddress, uPort, &Callbacks,
+ &g_FtpServerData, sizeof(g_FtpServerData));
+ if (RT_SUCCESS(rc))
+ {
+ RTPrintf("Starting FTP server at %s:%RU16 ...\n", szAddress, uPort);
+ RTPrintf("Root directory is '%s'\n", g_FtpServerData.szPathRootAbs);
+
+ RTPrintf("Running FTP server ...\n");
+
+ for (;;)
+ {
+ RTThreadSleep(200);
+
+ if (g_fCanceled)
+ break;
+ }
+
+ RTPrintf("Stopping FTP server ...\n");
+
+ int rc2 = RTFtpServerDestroy(hFTPServer);
+ if (RT_SUCCESS(rc))
+ rc = rc2;
+
+ RTPrintf("Stopped FTP server\n");
+ }
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "RTFTPServerCreate failed: %Rrc", rc);
+
+ int rc2 = signalHandlerUninstall();
+ if (RT_SUCCESS(rc))
+ rc = rc2;
+ }
+
+ /* Set rcExit on failure in case we forgot to do so before. */
+ if (RT_FAILURE(rc))
+ rcExit = RTEXITCODE_FAILURE;
+
+ return rcExit;
+}
+
diff --git a/src/VBox/Runtime/tools/RTFuzzClient.cpp b/src/VBox/Runtime/tools/RTFuzzClient.cpp
new file mode 100644
index 00000000..2776a921
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTFuzzClient.cpp
@@ -0,0 +1,54 @@
+/* $Id: RTFuzzClient.cpp $ */
+/** @file
+ * IPRT - Fuzzing client utility.
+ */
+
+/*
+ * Copyright (C) 2019-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/fuzz.h>
+#include <iprt/errcore.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTFuzzCmdFuzzingClient(argc, argv, NULL, NULL);
+}
+
diff --git a/src/VBox/Runtime/tools/RTFuzzMaster.cpp b/src/VBox/Runtime/tools/RTFuzzMaster.cpp
new file mode 100644
index 00000000..713b7ffe
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTFuzzMaster.cpp
@@ -0,0 +1,54 @@
+/* $Id: RTFuzzMaster.cpp $ */
+/** @file
+ * IPRT - Fuzzing master Utility.
+ */
+
+/*
+ * Copyright (C) 2018-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/fuzz.h>
+#include <iprt/errcore.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTFuzzCmdMaster(argc, argv);
+}
+
diff --git a/src/VBox/Runtime/tools/RTGzip.cpp b/src/VBox/Runtime/tools/RTGzip.cpp
new file mode 100644
index 00000000..1f904134
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTGzip.cpp
@@ -0,0 +1,55 @@
+/* $Id: RTGzip.cpp $ */
+/** @file
+ * IPRT - GZIP Utility.
+ */
+
+/*
+ * Copyright (C) 2010-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/zip.h>
+
+#include <iprt/errcore.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTZipGzipCmd(argc, argv);
+}
+
diff --git a/src/VBox/Runtime/tools/RTHttp.cpp b/src/VBox/Runtime/tools/RTHttp.cpp
new file mode 100644
index 00000000..7befe3e2
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTHttp.cpp
@@ -0,0 +1,188 @@
+/* $Id: RTHttp.cpp $ */
+/** @file
+ * IPRT - Utility for retriving URLs.
+ */
+
+/*
+ * Copyright (C) 2006-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/http.h>
+
+#include <iprt/assert.h>
+#include <iprt/ctype.h>
+#include <iprt/errcore.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+#include <iprt/vfs.h>
+
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /*
+ * Create a HTTP client instance.
+ */
+ RTHTTP hHttp;
+ rc = RTHttpCreate(&hHttp);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTHttpCreate failed: %Rrc", rc);
+ rc = RTHttpSetFollowRedirects(hHttp, 8);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTHttpSetFollowRedirects(,8) failed: %Rrc", rc);
+
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--output", 'o', RTGETOPT_REQ_STRING },
+ { "--quiet", 'q', RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--set-header", 's', RTGETOPT_REQ_STRING },
+ };
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ const char *pszOutput = NULL;
+ unsigned uVerbosityLevel = 1;
+
+ RTGETOPTUNION ValueUnion;
+ RTGETOPTSTATE GetState;
+ RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ while ((rc = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (rc)
+ {
+ case 'o':
+ pszOutput = ValueUnion.psz;
+ break;
+
+ case 'q':
+ uVerbosityLevel--;
+ break;
+ case 'v':
+ uVerbosityLevel++;
+ break;
+
+ case 'h':
+ RTPrintf("Usage: %s [options] URL0 [URL1 [...]]\n"
+ "\n"
+ "Options:\n"
+ " -o,--output=file\n"
+ " Output file. If not given, the file is displayed on stdout.\n"
+ " -q, --quiet\n"
+ " -v, --verbose\n"
+ " Controls the verbosity level.\n"
+ " -h, -?, --help\n"
+ " Display this help text and exit successfully.\n"
+ " -V, --version\n"
+ " Display the revision and exit successfully.\n"
+ , RTPathFilename(argv[0]));
+ return RTEXITCODE_SUCCESS;
+
+ case 'V':
+ RTPrintf("$Revision: 155244 $\n");
+ return RTEXITCODE_SUCCESS;
+
+ case 's':
+ {
+ char *pszColon = (char *)strchr(ValueUnion.psz, ':');
+ if (!pszColon)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No colon in --set-header value: %s", ValueUnion.psz);
+ *pszColon = '\0'; /* evil */
+ const char *pszValue = pszColon + 1;
+ if (RT_C_IS_BLANK(*pszValue))
+ pszValue++;
+ rc = RTHttpAddHeader(hHttp, ValueUnion.psz, pszValue, RTSTR_MAX, RTHTTPADDHDR_F_BACK);
+ *pszColon = ':';
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTHttpAddHeader failed: %Rrc (on %s)", rc, ValueUnion.psz);
+ break;
+ }
+
+ case VINF_GETOPT_NOT_OPTION:
+ {
+ int rcHttp;
+ if (pszOutput && strcmp("-", pszOutput))
+ {
+ if (uVerbosityLevel > 0)
+ RTStrmPrintf(g_pStdErr, "Fetching '%s' into '%s'...\n", ValueUnion.psz, pszOutput);
+ rcHttp = RTHttpGetFile(hHttp, ValueUnion.psz, pszOutput);
+ }
+ else
+ {
+ if (uVerbosityLevel > 0)
+ RTStrmPrintf(g_pStdErr, "Fetching '%s'...\n", ValueUnion.psz);
+
+ void *pvResp;
+ size_t cbResp;
+ rcHttp = RTHttpGetBinary(hHttp, ValueUnion.psz, &pvResp, &cbResp);
+ if (RT_SUCCESS(rcHttp))
+ {
+ RTVFSIOSTREAM hVfsIos;
+ rc = RTVfsIoStrmFromStdHandle(RTHANDLESTD_OUTPUT, 0, true /*fLeaveOpen*/, &hVfsIos);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTVfsIoStrmWrite(hVfsIos, pvResp, cbResp, true /*fBlocking*/, NULL);
+ if (RT_FAILURE(rc))
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Error writing to stdout: %Rrc", rc);
+ RTVfsIoStrmRelease(hVfsIos);
+ }
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Error opening stdout: %Rrc", rc);
+ RTHttpFreeResponse(pvResp);
+ }
+ }
+ if (RT_FAILURE(rcHttp))
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Error %Rrc getting '%s'", rcHttp, ValueUnion.psz);
+ break;
+ }
+
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+ RTHttpDestroy(hHttp);
+ return rcExit;
+}
+
diff --git a/src/VBox/Runtime/tools/RTHttpServer.cpp b/src/VBox/Runtime/tools/RTHttpServer.cpp
new file mode 100644
index 00000000..4fe1454a
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTHttpServer.cpp
@@ -0,0 +1,889 @@
+/* $Id: RTHttpServer.cpp $ */
+/** @file
+ * IPRT - Utility for running a (simple) HTTP server.
+ *
+ * Use this setup to best see what's going on:
+ * VBOX_LOG=rt_http=~0
+ * VBOX_LOG_DEST="nofile stderr"
+ * VBOX_LOG_FLAGS="unbuffered enabled thread msprog"
+ *
+ */
+
+/*
+ * Copyright (C) 2020-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <signal.h>
+
+#include <iprt/http.h>
+#include <iprt/http-server.h>
+
+#include <iprt/net.h> /* To make use of IPv4Addr in RTGETOPTUNION. */
+
+#include <iprt/asm.h>
+#include <iprt/assert.h>
+#include <iprt/ctype.h>
+#include <iprt/err.h>
+#include <iprt/file.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#define LOG_GROUP RTLOGGROUP_HTTP
+#include <iprt/log.h>
+#include <iprt/mem.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+#include <iprt/thread.h>
+#include <iprt/vfs.h>
+
+#ifdef RT_OS_WINDOWS
+# include <iprt/win/windows.h>
+#endif
+
+
+/*********************************************************************************************************************************
+* Definitations *
+*********************************************************************************************************************************/
+typedef struct HTTPSERVERDATA
+{
+ /** The absolute path of the HTTP server's root directory. */
+ char szPathRootAbs[RTPATH_MAX];
+ RTFMODE fMode;
+ union
+ {
+ RTFILE File;
+ RTVFSDIR Dir;
+ } h;
+ /** Cached response data. */
+ RTHTTPSERVERRESP Resp;
+} HTTPSERVERDATA;
+typedef HTTPSERVERDATA *PHTTPSERVERDATA;
+
+/**
+ * Enumeration specifying the VFS handle type of the HTTP server.
+ */
+typedef enum HTTPSERVERVFSHANDLETYPE
+{
+ HTTPSERVERVFSHANDLETYPE_INVALID = 0,
+ HTTPSERVERVFSHANDLETYPE_FILE,
+ HTTPSERVERVFSHANDLETYPE_DIR,
+ /** The usual 32-bit hack. */
+ HTTPSERVERVFSHANDLETYPE_32BIT_HACK = 0x7fffffff
+} HTTPSERVERVFSHANDLETYPE;
+
+/**
+ * Structure for keeping a VFS handle of the HTTP server.
+ */
+typedef struct HTTPSERVERVFSHANDLE
+{
+ /** The type of the handle, stored in the union below. */
+ HTTPSERVERVFSHANDLETYPE enmType;
+ union
+ {
+ /** The VFS (chain) handle to use for this file. */
+ RTVFSFILE hVfsFile;
+ /** The VFS (chain) handle to use for this directory. */
+ RTVFSDIR hVfsDir;
+ } u;
+} HTTPSERVERVFSHANDLE;
+typedef HTTPSERVERVFSHANDLE *PHTTPSERVERVFSHANDLE;
+
+/**
+ * HTTP directory entry.
+ */
+typedef struct RTHTTPDIRENTRY
+{
+ /** The information about the entry. */
+ RTFSOBJINFO Info;
+ /** Symbolic link target (allocated after the name). */
+ const char *pszTarget;
+ /** Owner if applicable (allocated after the name). */
+ const char *pszOwner;
+ /** Group if applicable (allocated after the name). */
+ const char *pszGroup;
+ /** The length of szName. */
+ size_t cchName;
+ /** The entry name. */
+ RT_FLEXIBLE_ARRAY_EXTENSION
+ char szName[RT_FLEXIBLE_ARRAY];
+} RTHTTPDIRENTRY;
+/** Pointer to a HTTP directory entry. */
+typedef RTHTTPDIRENTRY *PRTHTTPDIRENTRY;
+/** Pointer to a HTTP directory entry pointer. */
+typedef PRTHTTPDIRENTRY *PPRTHTTPDIRENTRY;
+
+/**
+ * Collection of HTTP directory entries.
+ * Used for also caching stuff.
+ */
+typedef struct RTHTTPDIRCOLLECTION
+{
+ /** Current size of papEntries. */
+ size_t cEntries;
+ /** Memory allocated for papEntries. */
+ size_t cEntriesAllocated;
+ /** Current entries pending sorting and display. */
+ PPRTHTTPDIRENTRY papEntries;
+
+ /** Total number of bytes allocated for the above entries. */
+ uint64_t cbTotalAllocated;
+ /** Total number of file content bytes. */
+ uint64_t cbTotalFiles;
+
+} RTHTTPDIRCOLLECTION;
+/** Pointer to a directory collection. */
+typedef RTHTTPDIRCOLLECTION *PRTHTTPDIRCOLLECTION;
+/** Pointer to a directory entry collection pointer. */
+typedef PRTHTTPDIRCOLLECTION *PPRTHTTPDIRCOLLECTION;
+
+
+/*********************************************************************************************************************************
+* Global Variables *
+*********************************************************************************************************************************/
+/** Set by the signal handler when the HTTP server shall be terminated. */
+static volatile bool g_fCanceled = false;
+static HTTPSERVERDATA g_HttpServerData;
+
+
+#ifdef RT_OS_WINDOWS
+static BOOL WINAPI signalHandler(DWORD dwCtrlType) RT_NOTHROW_DEF
+{
+ bool fEventHandled = FALSE;
+ switch (dwCtrlType)
+ {
+ /* User pressed CTRL+C or CTRL+BREAK or an external event was sent
+ * via GenerateConsoleCtrlEvent(). */
+ case CTRL_BREAK_EVENT:
+ case CTRL_CLOSE_EVENT:
+ case CTRL_C_EVENT:
+ ASMAtomicWriteBool(&g_fCanceled, true);
+ fEventHandled = TRUE;
+ break;
+ default:
+ break;
+ /** @todo Add other events here. */
+ }
+
+ return fEventHandled;
+}
+#else /* !RT_OS_WINDOWS */
+/**
+ * Signal handler that sets g_fCanceled.
+ *
+ * This can be executed on any thread in the process, on Windows it may even be
+ * a thread dedicated to delivering this signal. Don't do anything
+ * unnecessary here.
+ */
+static void signalHandler(int iSignal) RT_NOTHROW_DEF
+{
+ NOREF(iSignal);
+ ASMAtomicWriteBool(&g_fCanceled, true);
+}
+#endif
+
+/**
+ * Installs a custom signal handler to get notified
+ * whenever the user wants to intercept the program.
+ *
+ * @todo Make this handler available for all VBoxManage modules?
+ */
+static int signalHandlerInstall(void)
+{
+ g_fCanceled = false;
+
+ int rc = VINF_SUCCESS;
+#ifdef RT_OS_WINDOWS
+ if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE)signalHandler, TRUE /* Add handler */))
+ {
+ rc = RTErrConvertFromWin32(GetLastError());
+ RTMsgError("Unable to install console control handler, rc=%Rrc\n", rc);
+ }
+#else
+ signal(SIGINT, signalHandler);
+ signal(SIGTERM, signalHandler);
+# ifdef SIGBREAK
+ signal(SIGBREAK, signalHandler);
+# endif
+#endif
+ return rc;
+}
+
+/**
+ * Uninstalls a previously installed signal handler.
+ */
+static int signalHandlerUninstall(void)
+{
+ int rc = VINF_SUCCESS;
+#ifdef RT_OS_WINDOWS
+ if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE)NULL, FALSE /* Remove handler */))
+ {
+ rc = RTErrConvertFromWin32(GetLastError());
+ RTMsgError("Unable to uninstall console control handler, rc=%Rrc\n", rc);
+ }
+#else
+ signal(SIGINT, SIG_DFL);
+ signal(SIGTERM, SIG_DFL);
+# ifdef SIGBREAK
+ signal(SIGBREAK, SIG_DFL);
+# endif
+#endif
+ return rc;
+}
+
+static int dirOpen(const char *pszPathAbs, PRTVFSDIR phVfsDir)
+{
+ return RTVfsChainOpenDir(pszPathAbs, 0 /*fFlags*/, phVfsDir, NULL /* poffError */, NULL /* pErrInfo */);
+}
+
+static int dirClose(RTVFSDIR hVfsDir)
+{
+ RTVfsDirRelease(hVfsDir);
+
+ return VINF_SUCCESS;
+}
+
+static int dirRead(RTVFSDIR hVfsDir, char **ppszEntry, PRTFSOBJINFO pInfo)
+{
+ size_t cbDirEntryAlloced = sizeof(RTDIRENTRYEX);
+ PRTDIRENTRYEX pDirEntry = (PRTDIRENTRYEX)RTMemTmpAlloc(cbDirEntryAlloced);
+ if (!pDirEntry)
+ return VERR_NO_MEMORY;
+
+ int rc;
+
+ for (;;)
+ {
+ size_t cbDirEntry = cbDirEntryAlloced;
+ rc = RTVfsDirReadEx(hVfsDir, pDirEntry, &cbDirEntry, RTFSOBJATTRADD_UNIX);
+ if (RT_FAILURE(rc))
+ {
+ if (rc == VERR_BUFFER_OVERFLOW)
+ {
+ RTMemTmpFree(pDirEntry);
+ cbDirEntryAlloced = RT_ALIGN_Z(RT_MIN(cbDirEntry, cbDirEntryAlloced) + 64, 64);
+ pDirEntry = (PRTDIRENTRYEX)RTMemTmpAlloc(cbDirEntryAlloced);
+ if (pDirEntry)
+ continue;
+ }
+ else
+ break;
+ }
+
+ /* Skip dot directories. */
+ if (RTDirEntryExIsStdDotLink(pDirEntry))
+ continue;
+
+ *ppszEntry = RTStrDup(pDirEntry->szName);
+ AssertPtrReturn(*ppszEntry, VERR_NO_MEMORY);
+
+ *pInfo = pDirEntry->Info;
+
+ break;
+
+ } /* for */
+
+ RTMemTmpFree(pDirEntry);
+ pDirEntry = NULL;
+
+ return rc;
+}
+
+#ifdef IPRT_HTTP_WITH_WEBDAV
+static int dirEntryWriteDAV(char *pszBuf, size_t cbBuf,
+ const char *pszEntry, const PRTFSOBJINFO pObjInfo, size_t *pcbWritten)
+{
+ char szBirthTime[32];
+ if (RTTimeSpecToString(&pObjInfo->BirthTime, szBirthTime, sizeof(szBirthTime)) == NULL)
+ return VERR_BUFFER_UNDERFLOW;
+
+ char szModTime[32];
+ if (RTTimeSpecToString(&pObjInfo->ModificationTime, szModTime, sizeof(szModTime)) == NULL)
+ return VERR_BUFFER_UNDERFLOW;
+
+ int rc = VINF_SUCCESS;
+
+ /**
+ * !!! HACK ALERT !!!
+ ** @todo Build up and use a real XML DOM here. Works with Gnome / Gvfs-compatible apps though.
+ * !!! HACK ALERT !!!
+ */
+ ssize_t cch = RTStrPrintf(pszBuf, cbBuf,
+"<d:response>"
+"<d:href>%s</d:href>"
+"<d:propstat>"
+"<d:status>HTTP/1.1 200 OK</d:status>"
+"<d:prop>"
+"<d:displayname>%s</d:displayname>"
+"<d:getcontentlength>%RU64</d:getcontentlength>"
+"<d:getcontenttype>%s</d:getcontenttype>"
+"<d:creationdate>%s</d:creationdate>"
+"<d:getlastmodified>%s</d:getlastmodified>"
+"<d:getetag/>"
+"<d:resourcetype><d:collection/></d:resourcetype>"
+"</d:prop>"
+"</d:propstat>"
+"</d:response>",
+ pszEntry, pszEntry, pObjInfo->cbObject, "application/octet-stream", szBirthTime, szModTime);
+
+ if (cch <= 0)
+ rc = VERR_BUFFER_OVERFLOW;
+
+ *pcbWritten = cch;
+
+ return rc;
+}
+
+static int writeHeaderDAV(PRTHTTPSERVERREQ pReq, PRTFSOBJINFO pObjInfo, char *pszBuf, size_t cbBuf, size_t *pcbWritten)
+{
+ /**
+ * !!! HACK ALERT !!!
+ ** @todo Build up and use a real XML DOM here. Works with Gnome / Gvfs-compatible apps though.
+ * !!! HACK ALERT !!!
+ */
+
+ size_t cbWritten = 0;
+
+ ssize_t cch = RTStrPrintf2(pszBuf, cbBuf - cbWritten, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n");
+ AssertReturn(cch, VERR_BUFFER_UNDERFLOW);
+ pszBuf += cch;
+ cbWritten += cch;
+
+ cch = RTStrPrintf2(pszBuf, cbBuf - cbWritten, "<d:multistatus xmlns:d=\"DAV:\">\r\n");
+ AssertReturn(cch, VERR_BUFFER_UNDERFLOW);
+ pszBuf += cch;
+ cbWritten += cch;
+
+ int rc = dirEntryWriteDAV(pszBuf, cbBuf - cbWritten, pReq->pszUrl, pObjInfo, (size_t *)&cch);
+ AssertRC(rc);
+ pszBuf += cch;
+ cbWritten += cch;
+
+ *pcbWritten += cbWritten;
+
+ return rc;
+}
+
+static int writeFooterDAV(PRTHTTPSERVERREQ pReq, char *pszBuf, size_t cbBuf, size_t *pcbWritten)
+{
+ RT_NOREF(pReq, pcbWritten);
+
+ /**
+ * !!! HACK ALERT !!!
+ ** @todo Build up and use a real XML DOM here. Works with Gnome / Gvfs-compatible apps though.
+ * !!! HACK ALERT !!!
+ */
+ ssize_t cch = RTStrPrintf2(pszBuf, cbBuf, "</d:multistatus>");
+ AssertReturn(cch, VERR_BUFFER_UNDERFLOW);
+ RT_NOREF(cch);
+
+ return VINF_SUCCESS;
+}
+#endif /* IPRT_HTTP_WITH_WEBDAV */
+
+static int dirEntryWrite(RTHTTPMETHOD enmMethod, char *pszBuf, size_t cbBuf,
+ const char *pszEntry, const PRTFSOBJINFO pObjInfo, size_t *pcbWritten)
+{
+ char szModTime[32];
+ if (RTTimeSpecToString(&pObjInfo->ModificationTime, szModTime, sizeof(szModTime)) == NULL)
+ return VERR_BUFFER_UNDERFLOW;
+
+ int rc = VINF_SUCCESS;
+
+ ssize_t cch = 0;
+
+ if (enmMethod == RTHTTPMETHOD_GET)
+ {
+ cch = RTStrPrintf2(pszBuf, cbBuf, "201: %s %RU64 %s %s\r\n",
+ pszEntry, pObjInfo->cbObject, szModTime,
+ /** @todo Very crude; only files and directories are supported for now. */
+ RTFS_IS_FILE(pObjInfo->Attr.fMode) ? "FILE" : "DIRECTORY");
+ if (cch <= 0)
+ rc = VERR_BUFFER_OVERFLOW;
+ }
+#ifdef IPRT_HTTP_WITH_WEBDAV
+ else if (enmMethod == RTHTTPMETHOD_PROPFIND)
+ {
+ char szBuf[RTPATH_MAX + _4K]; /** @todo Just a rough guesstimate. */
+ rc = dirEntryWriteDAV(szBuf, sizeof(szBuf), pszEntry, pObjInfo, (size_t *)&cch);
+ if (RT_SUCCESS(rc))
+ rc = RTStrCat(pszBuf, cbBuf, szBuf);
+ AssertRC(rc);
+ }
+#endif /* IPRT_HTTP_WITH_WEBDAV */
+ else
+ rc = VERR_NOT_SUPPORTED;
+
+ if (RT_SUCCESS(rc))
+ {
+ *pcbWritten = (size_t)cch;
+ }
+
+ return rc;
+}
+
+/**
+ * Resolves (and validates) a given URL to an absolute (local) path.
+ *
+ * @returns VBox status code.
+ * @param pThis HTTP server instance data.
+ * @param pszUrl URL to resolve.
+ * @param ppszPathAbs Where to store the resolved absolute path on success.
+ * Needs to be free'd with RTStrFree().
+ */
+static int pathResolve(PHTTPSERVERDATA pThis, const char *pszUrl, char **ppszPathAbs)
+{
+ /* Construct absolute path. */
+ char *pszPathAbs = NULL;
+ if (RTStrAPrintf(&pszPathAbs, "%s/%s", pThis->szPathRootAbs, pszUrl) <= 0)
+ return VERR_NO_MEMORY;
+
+#ifdef VBOX_STRICT
+ RTFSOBJINFO objInfo;
+ int rc2 = RTPathQueryInfo(pszPathAbs, &objInfo, RTFSOBJATTRADD_NOTHING);
+ AssertRCReturn(rc2, rc2); RT_NOREF(rc2);
+ AssertReturn(!RTFS_IS_SYMLINK(objInfo.Attr.fMode), VERR_NOT_SUPPORTED);
+#endif
+
+ *ppszPathAbs = pszPathAbs;
+
+ return VINF_SUCCESS;
+}
+
+static DECLCALLBACK(int) onOpen(PRTHTTPCALLBACKDATA pData, PRTHTTPSERVERREQ pReq, void **ppvHandle)
+{
+ PHTTPSERVERDATA pThis = (PHTTPSERVERDATA)pData->pvUser;
+ Assert(pData->cbUser == sizeof(HTTPSERVERDATA));
+
+ char *pszPathAbs = NULL;
+ int rc = pathResolve(pThis, pReq->pszUrl, &pszPathAbs);
+ if (RT_SUCCESS(rc))
+ {
+ RTFSOBJINFO objInfo;
+ rc = RTPathQueryInfo(pszPathAbs, &objInfo, RTFSOBJATTRADD_NOTHING);
+ AssertRCReturn(rc, rc);
+ if (RTFS_IS_DIRECTORY(objInfo.Attr.fMode))
+ {
+ /* Nothing to do here;
+ * The directory listing has been cached already in onQueryInfo(). */
+ }
+ else if (RTFS_IS_FILE(objInfo.Attr.fMode))
+ {
+ rc = RTFileOpen(&pThis->h.File, pszPathAbs,
+ RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
+ }
+
+ if (RT_SUCCESS(rc))
+ {
+ pThis->fMode = objInfo.Attr.fMode;
+
+ uint64_t *puHandle = (uint64_t *)RTMemAlloc(sizeof(uint64_t));
+ *puHandle = 42; /** @todo Fudge. */
+ *ppvHandle = puHandle;
+ }
+
+ RTStrFree(pszPathAbs);
+ }
+
+ LogFlowFuncLeaveRC(rc);
+ return rc;
+}
+
+static DECLCALLBACK(int) onRead(PRTHTTPCALLBACKDATA pData, void *pvHandle, void *pvBuf, size_t cbBuf, size_t *pcbRead)
+{
+ PHTTPSERVERDATA pThis = (PHTTPSERVERDATA)pData->pvUser;
+ Assert(pData->cbUser == sizeof(HTTPSERVERDATA));
+
+ AssertReturn(*(uint64_t *)pvHandle == 42 /** @todo Fudge. */, VERR_NOT_FOUND);
+
+ int rc;
+
+ if (RTFS_IS_DIRECTORY(pThis->fMode))
+ {
+ PRTHTTPSERVERRESP pResp = &pThis->Resp;
+
+ const size_t cbToCopy = RT_MIN(cbBuf, pResp->Body.cbBodyUsed - pResp->Body.offBody);
+ memcpy(pvBuf, (uint8_t *)pResp->Body.pvBody + pResp->Body.offBody, cbToCopy);
+ Assert(pResp->Body.cbBodyUsed >= cbToCopy);
+ pResp->Body.offBody += cbToCopy;
+
+ *pcbRead = cbToCopy;
+
+ rc = VINF_SUCCESS;
+ }
+ else if (RTFS_IS_FILE(pThis->fMode))
+ {
+ rc = RTFileRead(pThis->h.File, pvBuf, cbBuf, pcbRead);
+ }
+ else
+ rc = VERR_NOT_SUPPORTED;
+
+ LogFlowFuncLeaveRC(rc);
+ return rc;
+}
+
+static DECLCALLBACK(int) onClose(PRTHTTPCALLBACKDATA pData, void *pvHandle)
+{
+ PHTTPSERVERDATA pThis = (PHTTPSERVERDATA)pData->pvUser;
+ Assert(pData->cbUser == sizeof(HTTPSERVERDATA));
+
+ AssertReturn(*(uint64_t *)pvHandle == 42 /** @todo Fudge. */, VERR_NOT_FOUND);
+
+ int rc;
+
+ if (RTFS_IS_FILE(pThis->fMode))
+ {
+ rc = RTFileClose(pThis->h.File);
+ if (RT_SUCCESS(rc))
+ pThis->h.File = NIL_RTFILE;
+ }
+ else
+ rc = VINF_SUCCESS;
+
+ RTMemFree(pvHandle);
+ pvHandle = NULL;
+
+ LogFlowFuncLeaveRC(rc);
+ return rc;
+}
+
+static DECLCALLBACK(int) onQueryInfo(PRTHTTPCALLBACKDATA pData,
+ PRTHTTPSERVERREQ pReq, PRTFSOBJINFO pObjInfo, char **ppszMIMEHint)
+{
+ PHTTPSERVERDATA pThis = (PHTTPSERVERDATA)pData->pvUser;
+ Assert(pData->cbUser == sizeof(HTTPSERVERDATA));
+
+ /** !!!! WARNING !!!
+ **
+ ** Not production-ready code below!
+ ** @todo Use something like bodyAdd() instead of the RTStrPrintf2() hacks.
+ **
+ ** !!!! WARNING !!! */
+
+ char *pszPathAbs = NULL;
+ int rc = pathResolve(pThis, pReq->pszUrl, &pszPathAbs);
+ if (RT_SUCCESS(rc))
+ {
+ RTFSOBJINFO objInfo;
+ rc = RTPathQueryInfo(pszPathAbs, &objInfo, RTFSOBJATTRADD_NOTHING);
+ if (RT_SUCCESS(rc))
+ {
+ if (RTFS_IS_DIRECTORY(objInfo.Attr.fMode))
+ {
+ PRTHTTPSERVERRESP pResp = &pThis->Resp; /* Only one request a time for now. */
+
+ RTVFSDIR hVfsDir;
+ rc = dirOpen(pszPathAbs, &hVfsDir);
+ if (RT_SUCCESS(rc))
+ {
+ RTHttpServerResponseDestroy(pResp);
+ RTHttpServerResponseInitEx(pResp, _64K); /** @todo Make this more dynamic. */
+
+ char *pszBody = (char *)pResp->Body.pvBody;
+ size_t cbBodyLeft = pResp->Body.cbBodyAlloc;
+
+ /*
+ * Write body header.
+ */
+ if (pReq->enmMethod == RTHTTPMETHOD_GET)
+ {
+ ssize_t cch = RTStrPrintf2(pszBody, cbBodyLeft,
+ "300: file://%s\r\n"
+ "200: filename content-length last-modified file-type\r\n",
+ pReq->pszUrl);
+ Assert(cch);
+ pszBody += cch;
+ cbBodyLeft -= cch;
+ }
+#ifdef IPRT_HTTP_WITH_WEBDAV
+ else if (pReq->enmMethod == RTHTTPMETHOD_PROPFIND)
+ {
+ size_t cbWritten = 0;
+ rc = writeHeaderDAV(pReq, &objInfo, pszBody, cbBodyLeft, &cbWritten);
+ if (RT_SUCCESS(rc))
+ {
+ Assert(cbBodyLeft >= cbWritten);
+ cbBodyLeft -= cbWritten;
+ }
+
+ }
+#endif /* IPRT_HTTP_WITH_WEBDAV */
+ /*
+ * Write body entries.
+ */
+ char *pszEntry = NULL;
+ RTFSOBJINFO fsObjInfo;
+ while (RT_SUCCESS(rc = dirRead(hVfsDir, &pszEntry, &fsObjInfo)))
+ {
+ LogFlowFunc(("Entry '%s'\n", pszEntry));
+
+ size_t cbWritten = 0;
+ rc = dirEntryWrite(pReq->enmMethod, pszBody, cbBodyLeft, pszEntry, &fsObjInfo, &cbWritten);
+ if (rc == VERR_BUFFER_OVERFLOW)
+ {
+ pResp->Body.cbBodyAlloc += _4K; /** @todo Improve this. */
+ pResp->Body.pvBody = RTMemRealloc(pResp->Body.pvBody, pResp->Body.cbBodyAlloc);
+ AssertPtrBreakStmt(pResp->Body.pvBody, rc = VERR_NO_MEMORY);
+
+ pszBody = (char *)pResp->Body.pvBody;
+ cbBodyLeft += _4K; /** @todo Ditto. */
+
+ rc = dirEntryWrite(pReq->enmMethod, pszBody, cbBodyLeft, pszEntry, &fsObjInfo, &cbWritten);
+ }
+
+ if ( RT_SUCCESS(rc)
+ && cbWritten)
+ {
+ pszBody += cbWritten;
+ Assert(cbBodyLeft > cbWritten);
+ cbBodyLeft -= cbWritten;
+ }
+
+ RTStrFree(pszEntry);
+
+ if (RT_FAILURE(rc))
+ break;
+ }
+
+ if (rc == VERR_NO_MORE_FILES) /* All entries consumed? */
+ rc = VINF_SUCCESS;
+
+ dirClose(hVfsDir);
+
+ /*
+ * Write footers, if any.
+ */
+ if (RT_SUCCESS(rc))
+ {
+ if (pReq->enmMethod == RTHTTPMETHOD_GET)
+ {
+ if (ppszMIMEHint)
+ rc = RTStrAPrintf(ppszMIMEHint, "text/plain");
+ }
+#ifdef IPRT_HTTP_WITH_WEBDAV
+ else if (pReq->enmMethod == RTHTTPMETHOD_PROPFIND)
+ {
+ rc = writeFooterDAV(pReq, pszBody, cbBodyLeft, NULL);
+ }
+#endif /* IPRT_HTTP_WITH_WEBDAV */
+
+ pResp->Body.cbBodyUsed = strlen((char *)pResp->Body.pvBody);
+
+ pObjInfo->cbObject = pResp->Body.cbBodyUsed;
+ }
+ }
+ }
+ else if (RTFS_IS_FILE(objInfo.Attr.fMode))
+ {
+ RTFILE hFile;
+ rc = RTFileOpen(&hFile, pszPathAbs,
+ RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTFileQueryInfo(hFile, pObjInfo, RTFSOBJATTRADD_NOTHING);
+
+ RTFileClose(hFile);
+ }
+ }
+ else
+ rc = VERR_NOT_SUPPORTED;
+ }
+
+ RTStrFree(pszPathAbs);
+ }
+
+ LogFlowFuncLeaveRC(rc);
+ return rc;
+}
+
+static DECLCALLBACK(int) onDestroy(PRTHTTPCALLBACKDATA pData)
+{
+ PHTTPSERVERDATA pThis = (PHTTPSERVERDATA)pData->pvUser;
+ Assert(pData->cbUser == sizeof(HTTPSERVERDATA));
+
+ RTHttpServerResponseDestroy(&pThis->Resp);
+
+ return VINF_SUCCESS;
+}
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /* Use some sane defaults. */
+ char szAddress[64] = "localhost";
+ uint16_t uPort = 8080;
+
+ RT_ZERO(g_HttpServerData);
+
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--address", 'a', RTGETOPT_REQ_IPV4ADDR }, /** @todo Use a string for DNS hostnames? */
+ /** @todo Implement IPv6 support? */
+ { "--port", 'p', RTGETOPT_REQ_UINT16 },
+ { "--root-dir", 'r', RTGETOPT_REQ_STRING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING }
+ };
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ unsigned uVerbosityLevel = 1;
+
+ RTGETOPTUNION ValueUnion;
+ RTGETOPTSTATE GetState;
+ RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ while ((rc = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (rc)
+ {
+ case 'a':
+ RTStrPrintf2(szAddress, sizeof(szAddress), "%RU8.%RU8.%RU8.%RU8", /** @todo Improve this. */
+ ValueUnion.IPv4Addr.au8[0], ValueUnion.IPv4Addr.au8[1], ValueUnion.IPv4Addr.au8[2], ValueUnion.IPv4Addr.au8[3]);
+ break;
+
+ case 'p':
+ uPort = ValueUnion.u16;
+ break;
+
+ case 'r':
+ RTStrCopy(g_HttpServerData.szPathRootAbs, sizeof(g_HttpServerData.szPathRootAbs), ValueUnion.psz);
+ break;
+
+ case 'v':
+ uVerbosityLevel++;
+ break;
+
+ case 'h':
+ RTPrintf("Usage: %s [options]\n"
+ "\n"
+ "Options:\n"
+ " -a, --address (default: localhost)\n"
+ " Specifies the address to use for listening.\n"
+ " -p, --port (default: 8080)\n"
+ " Specifies the port to use for listening.\n"
+ " -r, --root-dir (default: current dir)\n"
+ " Specifies the root directory being served.\n"
+ " -v, --verbose\n"
+ " Controls the verbosity level.\n"
+ " -h, -?, --help\n"
+ " Display this help text and exit successfully.\n"
+ " -V, --version\n"
+ " Display the revision and exit successfully.\n"
+ , RTPathFilename(argv[0]));
+ return RTEXITCODE_SUCCESS;
+
+ case 'V':
+ RTPrintf("$Revision: 155244 $\n");
+ return RTEXITCODE_SUCCESS;
+
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+ if (!strlen(g_HttpServerData.szPathRootAbs))
+ {
+ /* By default use the current directory as serving root directory. */
+ rc = RTPathGetCurrent(g_HttpServerData.szPathRootAbs, sizeof(g_HttpServerData.szPathRootAbs));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Retrieving current directory failed: %Rrc", rc);
+ }
+
+ /* Install signal handler. */
+ rc = signalHandlerInstall();
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Create the HTTP server instance.
+ */
+ RTHTTPSERVERCALLBACKS Callbacks;
+ RT_ZERO(Callbacks);
+
+ Callbacks.pfnOpen = onOpen;
+ Callbacks.pfnRead = onRead;
+ Callbacks.pfnClose = onClose;
+ Callbacks.pfnQueryInfo = onQueryInfo;
+ Callbacks.pfnDestroy = onDestroy;
+
+ g_HttpServerData.h.File = NIL_RTFILE;
+ g_HttpServerData.h.Dir = NIL_RTVFSDIR;
+
+ rc = RTHttpServerResponseInit(&g_HttpServerData.Resp);
+ AssertRC(rc);
+
+ RTHTTPSERVER hHTTPServer;
+ rc = RTHttpServerCreate(&hHTTPServer, szAddress, uPort, &Callbacks,
+ &g_HttpServerData, sizeof(g_HttpServerData));
+ if (RT_SUCCESS(rc))
+ {
+ RTPrintf("Starting HTTP server at %s:%RU16 ...\n", szAddress, uPort);
+ RTPrintf("Root directory is '%s'\n", g_HttpServerData.szPathRootAbs);
+
+ RTPrintf("Running HTTP server ...\n");
+
+ for (;;)
+ {
+ RTThreadSleep(200);
+
+ if (g_fCanceled)
+ break;
+ }
+
+ RTPrintf("Stopping HTTP server ...\n");
+
+ int rc2 = RTHttpServerDestroy(hHTTPServer);
+ if (RT_SUCCESS(rc))
+ rc = rc2;
+
+ RTPrintf("Stopped HTTP server\n");
+ }
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "RTHttpServerCreate failed: %Rrc", rc);
+
+ int rc2 = signalHandlerUninstall();
+ if (RT_SUCCESS(rc))
+ rc = rc2;
+ }
+
+ /* Set rcExit on failure in case we forgot to do so before. */
+ if (RT_FAILURE(rc))
+ rcExit = RTEXITCODE_FAILURE;
+
+ return rcExit;
+}
+
diff --git a/src/VBox/Runtime/tools/RTIsoMaker.cpp b/src/VBox/Runtime/tools/RTIsoMaker.cpp
new file mode 100644
index 00000000..2fa3aa7b
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTIsoMaker.cpp
@@ -0,0 +1,54 @@
+/* $Id: RTIsoMaker.cpp $ */
+/** @file
+ * IPRT - ISO maker Utility.
+ */
+
+/*
+ * Copyright (C) 2010-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/fsisomaker.h>
+#include <iprt/errcore.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTFsIsoMakerCmd(argc, argv);
+}
+
diff --git a/src/VBox/Runtime/tools/RTKrnlModInfo.cpp b/src/VBox/Runtime/tools/RTKrnlModInfo.cpp
new file mode 100644
index 00000000..9fa77c9d
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTKrnlModInfo.cpp
@@ -0,0 +1,187 @@
+/* $Id: RTKrnlModInfo.cpp $ */
+/** @file
+ * IPRT - Utility for getting information about loaded kernel modules.
+ */
+
+/*
+ * Copyright (C) 2017-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/krnlmod.h>
+
+#include <iprt/assert.h>
+#include <iprt/errcore.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/mem.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+
+
+/**
+ * Handles loading a kernel module by name.
+ *
+ * @returns Process status code.
+ * @param pszName THe module name to load.
+ */
+static RTEXITCODE rtKrnlModInfoHandleLoad(const char *pszName)
+{
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ int rc = RTKrnlModLoadByName(pszName);
+ if (RT_SUCCESS(rc))
+ RTPrintf("Kernel module '%s' loaded successfully\n", pszName);
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Error %Rrc loading kernel module '%s'", rc, pszName);
+
+ return rcExit;
+}
+
+
+/**
+ * Handles unloading a kernel module by name.
+ *
+ * @returns Process status code.
+ * @param pszName THe module name to load.
+ */
+static RTEXITCODE rtKrnlModInfoHandleUnload(const char *pszName)
+{
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ int rc = RTKrnlModUnloadByName(pszName);
+ if (RT_SUCCESS(rc))
+ RTPrintf("Kernel module '%s' unloaded successfully\n", pszName);
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Error %Rrc unloading kernel module '%s'", rc, pszName);
+
+ return rcExit;
+}
+
+
+/**
+ * Handles listing all loaded kernel modules.
+ *
+ * @returns Process status code.
+ */
+static RTEXITCODE rtKrnlModInfoHandleList(void)
+{
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ uint32_t cKrnlMods = RTKrnlModLoadedGetCount();
+ if (cKrnlMods)
+ {
+ PRTKRNLMODINFO pahKrnlModInfo = (PRTKRNLMODINFO)RTMemAllocZ(cKrnlMods * sizeof(RTKRNLMODINFO));
+ if (pahKrnlModInfo)
+ {
+ int rc = RTKrnlModLoadedQueryInfoAll(pahKrnlModInfo, cKrnlMods, &cKrnlMods);
+ if (RT_SUCCESS(rc))
+ {
+ RTPrintf("Index Load address Size Ref count Name \n");
+ for (unsigned i = 0; i < cKrnlMods; i++)
+ {
+ RTKRNLMODINFO hKrnlModInfo = pahKrnlModInfo[i];
+ RTPrintf("%5u %#-18RHv %-10u %-10u %s\n", i,
+ RTKrnlModInfoGetLoadAddr(hKrnlModInfo),
+ RTKrnlModInfoGetSize(hKrnlModInfo),
+ RTKrnlModInfoGetRefCnt(hKrnlModInfo),
+ RTKrnlModInfoGetName(hKrnlModInfo));
+ RTKrnlModInfoRelease(hKrnlModInfo);
+ }
+ }
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Error %Rrc querying kernel modules", rc);
+
+ RTMemFree(pahKrnlModInfo);
+ }
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Error %Rrc allocating memory", VERR_NO_MEMORY);
+ }
+
+ return rcExit;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--load", 'l', RTGETOPT_REQ_STRING },
+ { "--unload", 'u', RTGETOPT_REQ_STRING },
+ { "--show-loaded", 's', RTGETOPT_REQ_NOTHING },
+ { "--help", 'h', RTGETOPT_REQ_NOTHING }
+ };
+
+ RTGETOPTUNION ValueUnion;
+ RTGETOPTSTATE GetState;
+ RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ while ((rc = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (rc)
+ {
+ case 'l':
+ return rtKrnlModInfoHandleLoad(ValueUnion.psz);
+ case 'u':
+ return rtKrnlModInfoHandleUnload(ValueUnion.psz);
+ case 's':
+ return rtKrnlModInfoHandleList();
+ case 'h':
+ RTPrintf("Usage: %s [options]\n"
+ "\n"
+ "Options:\n"
+ " -l, --load <module name>\n"
+ " Tries to load the given kernel module.\n"
+ " -s, --show-loaded\n"
+ " Lists all loaded kernel modules.\n"
+ , RTPathFilename(argv[0]));
+ return RTEXITCODE_SUCCESS;
+
+ case 'V':
+ RTPrintf("$Revision: 155244 $\n");
+ return RTEXITCODE_SUCCESS;
+
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+ /* No arguments means listing all loaded kernel modules. */
+ return rtKrnlModInfoHandleList();
+}
+
diff --git a/src/VBox/Runtime/tools/RTLdrCheckImports.cpp b/src/VBox/Runtime/tools/RTLdrCheckImports.cpp
new file mode 100644
index 00000000..169e304d
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTLdrCheckImports.cpp
@@ -0,0 +1,708 @@
+/* $Id: RTLdrCheckImports.cpp $ */
+/** @file
+ * IPRT - Module dependency checker.
+ */
+
+/*
+ * Copyright (C) 2010-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/ctype.h>
+#include <iprt/err.h>
+#include <iprt/getopt.h>
+#include <iprt/buildconfig.h>
+#include <iprt/file.h>
+#include <iprt/initterm.h>
+#include <iprt/ldr.h>
+#include <iprt/mem.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/string.h>
+#include <iprt/stream.h>
+#include <iprt/vfs.h>
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+/**
+ * Import checker options.
+ */
+typedef struct RTCHECKIMPORTSOPTS
+{
+ /** Number of paths to search. */
+ size_t cPaths;
+ /** Search directories. */
+ char **papszPaths;
+ /** The loader architecture. */
+ RTLDRARCH enmLdrArch;
+ /** Verbosity level. */
+ unsigned cVerbosity;
+ /** Whether to also list orinals in the export listing. */
+ bool fListOrdinals;
+} RTCHECKIMPORTSOPTS;
+/** Pointer to the checker options. */
+typedef RTCHECKIMPORTSOPTS *PRTCHECKIMPORTSOPTS;
+/** Pointer to the const checker options. */
+typedef RTCHECKIMPORTSOPTS const *PCRTCHECKIMPORTSOPTS;
+
+
+/**
+ * Import module.
+ */
+typedef struct RTCHECKIMPORTMODULE
+{
+ /** The module. If NIL, then we've got a export list (papszExports). */
+ RTLDRMOD hLdrMod;
+ /** Number of export in the export list. (Zero if hLdrMod is valid.) */
+ size_t cExports;
+ /** Export list. (NULL if hLdrMod is valid.) */
+ char **papszExports;
+ /** The module name. */
+ char szModule[256];
+} RTCHECKIMPORTMODULE;
+/** Pointer to an import module. */
+typedef RTCHECKIMPORTMODULE *PRTCHECKIMPORTMODULE;
+
+
+/**
+ * Import checker state (for each image being checked).
+ */
+typedef struct RTCHECKIMPORTSTATE
+{
+ /** The image we're processing. */
+ const char *pszImage;
+ /** The image we're processing. */
+ PCRTCHECKIMPORTSOPTS pOpts;
+ /** Status code. */
+ int iRc;
+ /** Import hint. */
+ uint32_t iHint;
+ /** Number modules. */
+ uint32_t cImports;
+ /** Import modules. */
+ RT_FLEXIBLE_ARRAY_EXTENSION
+ RTCHECKIMPORTMODULE aImports[RT_FLEXIBLE_ARRAY];
+} RTCHECKIMPORTSTATE;
+/** Pointer to the import checker state. */
+typedef RTCHECKIMPORTSTATE *PRTCHECKIMPORTSTATE;
+
+
+
+/**
+ * Looks up a symbol/ordinal in the given import module.
+ *
+ * @returns IPRT status code.
+ * @param pModule The import module.
+ * @param pszSymbol The symbol name (NULL if not used).
+ * @param uSymbol The ordinal (~0 if unused).
+ * @param pValue Where to return a fake address.
+ */
+static int QuerySymbolFromImportModule(PRTCHECKIMPORTMODULE pModule, const char *pszSymbol, unsigned uSymbol, PRTLDRADDR pValue)
+{
+ if (pModule->hLdrMod != NIL_RTLDRMOD)
+ return RTLdrGetSymbolEx(pModule->hLdrMod, NULL, _128M, uSymbol, pszSymbol, pValue);
+
+ /*
+ * Search the export list. Ordinal imports are stringified: #<ordinal>
+ */
+ char szOrdinal[32];
+ if (!pszSymbol)
+ {
+ RTStrPrintf(szOrdinal, sizeof(szOrdinal), "#%u", uSymbol);
+ pszSymbol = szOrdinal;
+ }
+
+ size_t i = pModule->cExports;
+ while (i-- > 0)
+ if (strcmp(pModule->papszExports[i], pszSymbol) == 0)
+ {
+ *pValue = _128M + i*4;
+ return VINF_SUCCESS;
+ }
+ return VERR_SYMBOL_NOT_FOUND;
+}
+
+
+/**
+ * @callback_method_impl{FNRTLDRIMPORT}
+ */
+static DECLCALLBACK(int) GetImportCallback(RTLDRMOD hLdrMod, const char *pszModule, const char *pszSymbol,
+ unsigned uSymbol, PRTLDRADDR pValue, void *pvUser)
+{
+ PRTCHECKIMPORTSTATE pState = (PRTCHECKIMPORTSTATE)pvUser;
+ int rc;
+ NOREF(hLdrMod);
+
+ /*
+ * If a module is given, lookup the symbol/ordinal there.
+ */
+ if (pszModule)
+ {
+ uint32_t iModule = pState->iHint;
+ if ( iModule > pState->cImports
+ || strcmp(pState->aImports[iModule].szModule, pszModule) != 0)
+ {
+ for (iModule = 0; iModule < pState->cImports; iModule++)
+ if (strcmp(pState->aImports[iModule].szModule, pszModule) == 0)
+ break;
+ if (iModule >= pState->cImports)
+ return RTMsgErrorRc(VERR_MODULE_NOT_FOUND, "%s: Failed to locate import module '%s'", pState->pszImage, pszModule);
+ pState->iHint = iModule;
+ }
+
+ rc = QuerySymbolFromImportModule(&pState->aImports[iModule], pszSymbol, uSymbol, pValue);
+ if (RT_SUCCESS(rc))
+ { /* likely */ }
+ else if (rc == VERR_LDR_FORWARDER)
+ rc= VINF_SUCCESS;
+ else
+ {
+ if (pszSymbol)
+ RTMsgError("%s: Missing import '%s' from '%s'!", pState->pszImage, pszSymbol, pszModule);
+ else
+ RTMsgError("%s: Missing import #%u from '%s'!", pState->pszImage, uSymbol, pszModule);
+ pState->iRc = rc;
+ rc = VINF_SUCCESS;
+ *pValue = _128M + _4K;
+ }
+ }
+ /*
+ * Otherwise we need to scan all modules.
+ */
+ else
+ {
+ Assert(pszSymbol);
+ uint32_t iModule = pState->iHint;
+ if (iModule < pState->cImports)
+ rc = QuerySymbolFromImportModule(&pState->aImports[iModule], pszSymbol, uSymbol, pValue);
+ else
+ rc = VERR_SYMBOL_NOT_FOUND;
+ if (rc == VERR_SYMBOL_NOT_FOUND)
+ {
+ for (iModule = 0; iModule < pState->cImports; iModule++)
+ {
+ rc = QuerySymbolFromImportModule(&pState->aImports[iModule], pszSymbol, uSymbol, pValue);
+ if (rc != VERR_SYMBOL_NOT_FOUND)
+ break;
+ }
+ }
+ if (RT_FAILURE(rc))
+ {
+ RTMsgError("%s: Missing import '%s'!", pState->pszImage, pszSymbol);
+ pState->iRc = rc;
+ rc = VINF_SUCCESS;
+ *pValue = _128M + _4K;
+ }
+ }
+ return rc;
+}
+
+
+/**
+ * Loads an imported module.
+ *
+ * @returns IPRT status code.
+ * @param pOpts The check program options.
+ * @param pModule The import module.
+ * @param pErrInfo Error buffer (to avoid wasting stack).
+ * @param pszImage The image we're processing (for error messages).
+ */
+static int LoadImportModule(PCRTCHECKIMPORTSOPTS pOpts, PRTCHECKIMPORTMODULE pModule, PRTERRINFO pErrInfo, const char *pszImage)
+
+{
+ /*
+ * Look for real DLLs.
+ */
+ for (uint32_t iPath = 0; iPath < pOpts->cPaths; iPath++)
+ {
+ char szPath[RTPATH_MAX];
+ int rc = RTPathJoin(szPath, sizeof(szPath), pOpts->papszPaths[iPath], pModule->szModule);
+ if (RT_SUCCESS(rc))
+ {
+ uint32_t offError;
+ RTFSOBJINFO ObjInfo;
+ rc = RTVfsChainQueryInfo(szPath, &ObjInfo, RTFSOBJATTRADD_NOTHING, RTPATH_F_FOLLOW_LINK, &offError, pErrInfo);
+ if (RT_SUCCESS(rc))
+ {
+ if (RTFS_IS_FILE(ObjInfo.Attr.fMode))
+ {
+ RTLDRMOD hLdrMod;
+ rc = RTLdrOpenVfsChain(szPath, RTLDR_O_FOR_DEBUG, pOpts->enmLdrArch, &hLdrMod, &offError, pErrInfo);
+ if (RT_SUCCESS(rc))
+ {
+ pModule->hLdrMod = hLdrMod;
+ if (pOpts->cVerbosity > 0)
+ RTMsgInfo("Import '%s' -> '%s'\n", pModule->szModule, szPath);
+ }
+ else if (RTErrInfoIsSet(pErrInfo))
+ RTMsgError("%s: Failed opening import image '%s': %Rrc - %s", pszImage, szPath, rc, pErrInfo->pszMsg);
+ else
+ RTMsgError("%s: Failed opening import image '%s': %Rrc", pszImage, szPath, rc);
+ return rc;
+ }
+ }
+ else if ( rc != VERR_PATH_NOT_FOUND
+ && rc != VERR_FILE_NOT_FOUND)
+ RTVfsChainMsgError("RTVfsChainQueryInfo", szPath, rc, offError, pErrInfo);
+
+ /*
+ * Check for export file.
+ */
+ RTStrCat(szPath, sizeof(szPath), ".exports");
+ RTVFSFILE hVfsFile;
+ rc = RTVfsChainOpenFile(szPath, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE, &hVfsFile, &offError, pErrInfo);
+ if (RT_SUCCESS(rc))
+ {
+ /* Read it into a memory buffer. */
+ uint64_t cbFile;
+ rc = RTVfsFileQuerySize(hVfsFile, &cbFile);
+ if (RT_SUCCESS(rc))
+ {
+ if (cbFile < _4M)
+ {
+ char *pszFile = (char *)RTMemAlloc((size_t)cbFile + 1);
+ if (pszFile)
+ {
+ rc = RTVfsFileRead(hVfsFile, pszFile, (size_t)cbFile, NULL);
+ if (RT_SUCCESS(rc))
+ {
+ pszFile[(size_t)cbFile] = '\0';
+ rc = RTStrValidateEncoding(pszFile);
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Parse it.
+ */
+ size_t iLine = 1;
+ size_t off = 0;
+ while (off < cbFile)
+ {
+ size_t const offStartLine = off;
+
+ /* skip leading blanks */
+ while (RT_C_IS_BLANK(pszFile[off]))
+ off++;
+
+ char ch = pszFile[off];
+ if ( ch != ';' /* comment */
+ && !RT_C_IS_CNTRL(ch))
+ {
+ /* find length of symbol */
+ size_t const offSymbol = off;
+ while ( (ch = pszFile[off]) != '\0'
+ && !RT_C_IS_SPACE(ch))
+ off++;
+ size_t const cchSymbol = off - offSymbol;
+
+ /* add it. */
+ if ((pModule->cExports & 127) == 0)
+ {
+ void *pvNew = RTMemRealloc(pModule->papszExports,
+ (pModule->cExports + 128) * sizeof(char *));
+ if (!pvNew)
+ {
+ rc = RTMsgErrorRc(VERR_NO_MEMORY, "%s: %s:%u: out of memory!", pszImage, szPath, iLine);
+ break;
+ }
+ pModule->papszExports = (char **)pvNew;
+ }
+ pModule->papszExports[pModule->cExports] = RTStrDupN(&pszFile[offSymbol], cchSymbol);
+ if (pModule->papszExports[pModule->cExports])
+ pModule->cExports++;
+ else
+ {
+ rc = RTMsgErrorRc(VERR_NO_MEMORY, "%s: %s:%u: out of memory!", pszImage, szPath, iLine);
+ break;
+ }
+
+ /* check what comes next is a comment or end of line/file */
+ while (RT_C_IS_BLANK(pszFile[off]))
+ off++;
+ ch = pszFile[off];
+ if ( ch != '\0'
+ && ch != '\n'
+ && ch != '\r'
+ && ch != ';')
+ rc = RTMsgErrorRc(VERR_PARSE_ERROR, "%s: %s:%u: Unexpected text at position %u!",
+ pszImage, szPath, iLine, off - offStartLine);
+ }
+
+ /* advance to the end of the the line */
+ while ( (ch = pszFile[off]) != '\0'
+ && ch != '\n')
+ off++;
+ off++;
+ iLine++;
+ }
+
+ if (pOpts->cVerbosity > 0)
+ RTMsgInfo("Import '%s' -> '%s' (%u exports)\n",
+ pModule->szModule, szPath, pModule->cExports);
+ }
+ else
+ RTMsgError("%s: %s: Invalid UTF-8 encoding in export file: %Rrc", pszImage, szPath, rc);
+ }
+ RTMemFree(pszFile);
+ }
+ else
+ rc = RTMsgErrorRc(VERR_NO_MEMORY, "%s: %s: Out of memory reading export file (%#RX64 bytes)",
+ pszImage, szPath, cbFile + 1);
+ }
+ else
+ rc = RTMsgErrorRc(VERR_NO_MEMORY, "%s: %s: Export file is too big: %#RX64 bytes, max 4MiB",
+ pszImage, szPath, cbFile);
+ }
+ else
+ RTMsgError("%s: %s: RTVfsFileQuerySize failed on export file: %Rrc", pszImage, szPath, rc);
+ RTVfsFileRelease(hVfsFile);
+ return rc;
+ }
+ else if ( rc != VERR_PATH_NOT_FOUND
+ && rc != VERR_FILE_NOT_FOUND)
+ RTVfsChainMsgError("RTVfsChainOpenFile", szPath, rc, offError, pErrInfo);
+ }
+ }
+
+ return RTMsgErrorRc(VERR_MODULE_NOT_FOUND, "%s: Import module '%s' was not found!", pszImage, pModule->szModule);
+}
+
+
+/**
+ * Checks the imports for the given image.
+ *
+ * @returns IPRT status code.
+ * @param pOpts The check program options.
+ * @param pszImage The image to check.
+ */
+static int rtCheckImportsForImage(PCRTCHECKIMPORTSOPTS pOpts, const char *pszImage)
+{
+ if (pOpts->cVerbosity > 0)
+ RTMsgInfo("Checking '%s'...\n", pszImage);
+
+ /*
+ * Open the image.
+ */
+ uint32_t offError;
+ RTERRINFOSTATIC ErrInfo;
+ RTLDRMOD hLdrMod;
+ int rc = RTLdrOpenVfsChain(pszImage, RTLDR_O_FOR_DEBUG, RTLDRARCH_WHATEVER,
+ &hLdrMod, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ {
+ if (RT_FAILURE(rc) && RTErrInfoIsSet(&ErrInfo.Core))
+ return RTMsgErrorRc(rc, "Failed opening image '%s': %Rrc - %s", pszImage, rc, ErrInfo.Core.pszMsg);
+ return RTMsgErrorRc(rc, "Failed opening image '%s': %Rrc", pszImage, rc);
+ }
+
+ /*
+ * Do the import modules first.
+ */
+ uint32_t cImports = 0;
+ rc = RTLdrQueryProp(hLdrMod, RTLDRPROP_IMPORT_COUNT, &cImports, sizeof(cImports));
+ if (RT_SUCCESS(rc))
+ {
+ RTCHECKIMPORTSTATE *pState = (RTCHECKIMPORTSTATE *)RTMemAllocZ(RT_UOFFSETOF_DYN(RTCHECKIMPORTSTATE, aImports[cImports + 1]));
+ if (pState)
+ {
+ pState->pszImage = pszImage;
+ pState->pOpts = pOpts;
+ pState->cImports = cImports;
+ for (uint32_t iImport = 0; iImport < cImports; iImport++)
+ pState->aImports[iImport].hLdrMod = NIL_RTLDRMOD;
+
+ for (uint32_t iImport = 0; iImport < cImports; iImport++)
+ {
+ *(uint32_t *)&pState->aImports[iImport].szModule[0] = iImport;
+ rc = RTLdrQueryProp(hLdrMod, RTLDRPROP_IMPORT_MODULE, pState->aImports[iImport].szModule,
+ sizeof(pState->aImports[iImport].szModule));
+ if (RT_FAILURE(rc))
+ {
+ RTMsgError("%s: Error querying import #%u: %Rrc", pszImage, iImport, rc);
+ break;
+ }
+ rc = LoadImportModule(pOpts, &pState->aImports[iImport], &ErrInfo.Core, pszImage);
+ if (RT_FAILURE(rc))
+ break;
+ }
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Get the image bits, indirectly resolving imports.
+ */
+ size_t cbImage = RTLdrSize(hLdrMod);
+ void *pvImage = RTMemAllocZ(cbImage);
+ if (pvImage)
+ {
+ pState->iRc = VINF_SUCCESS;
+ rc = RTLdrGetBits(hLdrMod, pvImage, _4M, GetImportCallback, pState);
+ if (RT_SUCCESS(rc))
+ rc = pState->iRc;
+ else
+ RTMsgError("%s: RTLdrGetBits failed: %Rrc", pszImage, rc);
+
+ RTMemFree(pvImage);
+ }
+ else
+ rc = RTMsgErrorRc(VERR_NO_MEMORY, "%s: out of memory", pszImage);
+ }
+
+ for (uint32_t iImport = 0; iImport < cImports; iImport++)
+ if (pState->aImports[iImport].hLdrMod != NIL_RTLDRMOD)
+ {
+ RTLdrClose(pState->aImports[iImport].hLdrMod);
+
+ size_t i = pState->aImports[iImport].cExports;
+ while (i-- > 0)
+ RTStrFree(pState->aImports[iImport].papszExports[i]);
+ RTMemFree(pState->aImports[iImport].papszExports);
+ }
+ RTMemFree(pState);
+ }
+ else
+ rc = RTMsgErrorRc(VERR_NO_MEMORY, "%s: out of memory", pszImage);
+ }
+ else
+ RTMsgError("%s: Querying RTLDRPROP_IMPORT_COUNT failed: %Rrc", pszImage, rc);
+ RTLdrClose(hLdrMod);
+ return rc;
+}
+
+
+/**
+ * @callback_method_impl{FNRTLDRENUMSYMS}
+ */
+static DECLCALLBACK(int) PrintSymbolForExportList(RTLDRMOD hLdrMod, const char *pszSymbol, unsigned uSymbol,
+ RTLDRADDR Value, void *pvUser)
+{
+ if (pszSymbol)
+ RTPrintf("%s\n", pszSymbol);
+ if (uSymbol != ~(unsigned)0 && (!pszSymbol || ((PCRTCHECKIMPORTSOPTS)pvUser)->fListOrdinals))
+ RTPrintf("#%u\n", uSymbol);
+ RT_NOREF(hLdrMod, Value, pvUser);
+ return VINF_SUCCESS;
+}
+
+
+/**
+ * Produces the export list for the given image.
+ *
+ * @returns IPRT status code.
+ * @param pOpts The check program options.
+ * @param pszImage Path to the image.
+ */
+static int ProduceExportList(PCRTCHECKIMPORTSOPTS pOpts, const char *pszImage)
+{
+ /*
+ * Open the image.
+ */
+ uint32_t offError;
+ RTERRINFOSTATIC ErrInfo;
+ RTLDRMOD hLdrMod;
+ int rc = RTLdrOpenVfsChain(pszImage, RTLDR_O_FOR_DEBUG, RTLDRARCH_WHATEVER, &hLdrMod, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Some info about the file.
+ */
+ RTPrintf(";\n"
+ "; Generated from: %s\n", pszImage);
+
+ RTFSOBJINFO ObjInfo;
+ rc = RTVfsChainQueryInfo(pszImage, &ObjInfo, RTFSOBJATTRADD_NOTHING, RTPATH_F_FOLLOW_LINK, NULL, NULL);
+ if (RT_SUCCESS(rc))
+ RTPrintf("; Size file: %#RX64 (%RU64)\n", ObjInfo.cbObject, ObjInfo.cbObject);
+
+ switch (RTLdrGetFormat(hLdrMod))
+ {
+ case RTLDRFMT_AOUT: RTPrintf("; Format: a.out\n"); break;
+ case RTLDRFMT_ELF: RTPrintf("; Format: ELF\n"); break;
+ case RTLDRFMT_LX: RTPrintf("; Format: LX\n"); break;
+ case RTLDRFMT_MACHO: RTPrintf("; Format: Mach-O\n"); break;
+ case RTLDRFMT_PE: RTPrintf("; Format: PE\n"); break;
+ default: RTPrintf("; Format: %u\n", RTLdrGetFormat(hLdrMod)); break;
+
+ }
+
+ RTPrintf("; Size of image: %#x (%u)\n", RTLdrSize(hLdrMod), RTLdrSize(hLdrMod));
+
+ switch (RTLdrGetArch(hLdrMod))
+ {
+ case RTLDRARCH_AMD64: RTPrintf("; Architecture: AMD64\n"); break;
+ case RTLDRARCH_X86_32: RTPrintf("; Architecture: X86\n"); break;
+ default: RTPrintf("; Architecture: %u\n", RTLdrGetArch(hLdrMod)); break;
+ }
+
+ uint64_t uTimestamp;
+ rc = RTLdrQueryProp(hLdrMod, RTLDRPROP_TIMESTAMP_SECONDS, &uTimestamp, sizeof(uTimestamp));
+ if (RT_SUCCESS(rc))
+ {
+ RTTIMESPEC Timestamp;
+ char szTime[128];
+ RTTimeSpecToString(RTTimeSpecSetSeconds(&Timestamp, uTimestamp), szTime, sizeof(szTime));
+ char *pszEnd = strchr(szTime, '\0');
+ while (pszEnd[0] != '.')
+ pszEnd--;
+ *pszEnd = '\0';
+ RTPrintf("; Timestamp: %#RX64 - %s\n", uTimestamp, szTime);
+ }
+
+ RTUUID ImageUuid;
+ rc = RTLdrQueryProp(hLdrMod, RTLDRPROP_UUID, &ImageUuid, sizeof(ImageUuid));
+ if (RT_SUCCESS(rc))
+ RTPrintf("; UUID: %RTuuid\n", &ImageUuid);
+
+ RTPrintf(";\n");
+
+ /*
+ * The list of exports.
+ */
+ rc = RTLdrEnumSymbols(hLdrMod, 0 /*fFlags*/, NULL, _4M, PrintSymbolForExportList, (void *)pOpts);
+ if (RT_FAILURE(rc))
+ RTMsgError("%s: RTLdrEnumSymbols failed: %Rrc", pszImage, rc);
+
+ /* done */
+ RTLdrClose(hLdrMod);
+ }
+ else if (RTErrInfoIsSet(&ErrInfo.Core))
+ RTMsgError("Failed opening image '%s': %Rrc - %s", pszImage, rc, ErrInfo.Core.pszMsg);
+ else
+ RTMsgError("Failed opening image '%s': %Rrc", pszImage, rc);
+ return rc;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ RTCHECKIMPORTSOPTS Opts;
+ Opts.cPaths = 0;
+ Opts.papszPaths = NULL;
+ Opts.enmLdrArch = RTLDRARCH_WHATEVER;
+ Opts.cVerbosity = 1;
+ Opts.fListOrdinals = false;
+
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--path", 'p', RTGETOPT_REQ_STRING },
+ { "--export", 'e', RTGETOPT_REQ_STRING },
+ { "--list-ordinals", 'O', RTGETOPT_REQ_NOTHING },
+ { "--quiet", 'q', RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ };
+ RTGETOPTSTATE State;
+ rc = RTGetOptInit(&State, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ RTGETOPTUNION ValueUnion;
+ while ((rc = RTGetOpt(&State, &ValueUnion)) != 0)
+ {
+ switch (rc)
+ {
+ case 'p':
+ if ((Opts.cPaths % 16) == 0)
+ {
+ void *pvNew = RTMemRealloc(Opts.papszPaths, sizeof(Opts.papszPaths[0]) * (Opts.cPaths + 16));
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+ Opts.papszPaths = (char **)pvNew;
+ }
+ Opts.papszPaths[Opts.cPaths] = RTStrDup(ValueUnion.psz);
+ AssertReturn(Opts.papszPaths[Opts.cPaths], RTEXITCODE_FAILURE);
+ Opts.cPaths++;
+ break;
+
+ case 'e':
+ rc = ProduceExportList(&Opts, ValueUnion.psz);
+ if (RT_FAILURE(rc))
+ rcExit = RTEXITCODE_FAILURE;
+ break;
+
+ case 'O':
+ Opts.fListOrdinals = true;
+ break;
+
+ case 'q':
+ Opts.cVerbosity = 0;
+ break;
+
+ case 'v':
+ Opts.cVerbosity = 0;
+ break;
+
+ case VINF_GETOPT_NOT_OPTION:
+ rc = rtCheckImportsForImage(&Opts, ValueUnion.psz);
+ if (RT_FAILURE(rc))
+ rcExit = RTEXITCODE_FAILURE;
+ break;
+
+ case 'h':
+ RTPrintf("Usage: RTCheckImports [-p|--path <dir>] [-v|--verbose] [-q|--quiet] <image [..]>\n"
+ " or: RTCheckImports -e <image>\n"
+ " or: RTCheckImports <-h|--help>\n"
+ " or: RTCheckImports <-V|--version>\n"
+ "Checks library imports. VFS chain syntax supported.\n"
+ "\n"
+ "Options:\n"
+ " -p, --path <dir>\n"
+ " Search the specified directory for imported modules or their export lists.\n"
+ " -e, --export <image>\n"
+ " Write export list for the file to stdout. (Redirect to a .export file.)\n"
+ " -O, --list-ordinals\n"
+ " Whether to list ordinals as well as names in the export list.\n"
+ " -q, --quiet\n"
+ " Quiet execution.\n"
+ " -v, --verbose\n"
+ " Increases verbosity.\n"
+ ""
+ );
+ return RTEXITCODE_SUCCESS;
+
+#ifndef IPRT_IN_BUILD_TOOL
+ case 'V':
+ RTPrintf("%sr%s\n", RTBldCfgVersion(), RTBldCfgRevisionStr());
+ return RTEXITCODE_SUCCESS;
+#endif
+
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+ return rcExit;
+}
+
diff --git a/src/VBox/Runtime/tools/RTLdrFlt.cpp b/src/VBox/Runtime/tools/RTLdrFlt.cpp
new file mode 100644
index 00000000..9f582479
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTLdrFlt.cpp
@@ -0,0 +1,598 @@
+/* $Id: RTLdrFlt.cpp $ */
+/** @file
+ * IPRT - Utility for translating addresses into symbols+offset.
+ */
+
+/*
+ * Copyright (C) 2006-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/mem.h>
+#include <iprt/assert.h>
+#include <iprt/ctype.h>
+#include <iprt/dbg.h>
+#include <iprt/err.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+
+
+
+/** Worker for ProduceKAllSyms. */
+static void PrintSymbolForKAllSyms(const char *pszModule, PCRTDBGSYMBOL pSymInfo, PCRTDBGSEGMENT pSegInfo,
+ RTUINTPTR uBaseAddr, bool fOneSeg)
+{
+ RTUINTPTR uAddr;
+ char chType = 't';
+ if (pSymInfo->iSeg < RTDBGSEGIDX_SPECIAL_FIRST)
+ {
+ uAddr = uBaseAddr + pSymInfo->offSeg;
+ if (!fOneSeg)
+ uAddr += pSegInfo->uRva;
+ if (pSegInfo->szName[0])
+ {
+ if (strstr(pSegInfo->szName, "rodata") != NULL)
+ chType = 'r';
+ else if (strstr(pSegInfo->szName, "bss") != NULL)
+ chType = 'b';
+ else if (strstr(pSegInfo->szName, "data") != NULL)
+ chType = 'd';
+ }
+ }
+ else if (pSymInfo->iSeg == RTDBGSEGIDX_ABS)
+ {
+ chType = 'a';
+ uAddr = pSymInfo->offSeg;
+ }
+ else if (pSymInfo->iSeg == RTDBGSEGIDX_RVA)
+ {
+ Assert(!fOneSeg);
+ uAddr = uBaseAddr + pSymInfo->offSeg;
+ }
+ else
+ {
+ RTMsgError("Unsupported special segment %#x for %s in %s!", pSymInfo->iSeg, pSymInfo->szName, pszModule);
+ return;
+ }
+
+ RTPrintf("%RTptr %c %s\t[%s]\n", uAddr, chType, pSymInfo->szName, pszModule);
+}
+
+
+/**
+ * Produces a /proc/kallsyms compatible symbol listing of @a hDbgAs on standard
+ * output.
+ *
+ * @returns Exit code.
+ * @param hDbgAs The address space to dump.
+ */
+static RTEXITCODE ProduceKAllSyms(RTDBGAS hDbgAs)
+{
+ /*
+ * Iterate modules.
+ */
+ uint32_t cModules = RTDbgAsModuleCount(hDbgAs);
+ for (uint32_t iModule = 0; iModule < cModules; iModule++)
+ {
+ RTDBGMOD const hDbgMod = RTDbgAsModuleByIndex(hDbgAs, iModule);
+ const char * const pszModule = RTDbgModName(hDbgMod);
+
+ /*
+ * Iterate mappings of the module.
+ */
+ RTDBGASMAPINFO aMappings[128];
+ uint32_t cMappings = RT_ELEMENTS(aMappings);
+ int rc = RTDbgAsModuleQueryMapByIndex(hDbgAs, iModule, &aMappings[0], &cMappings, 0 /*fFlags*/);
+ if (RT_SUCCESS(rc))
+ {
+ for (uint32_t iMapping = 0; iMapping < cMappings; iMapping++)
+ {
+ RTDBGSEGMENT SegInfo = {0};
+ if (aMappings[iMapping].iSeg == NIL_RTDBGSEGIDX)
+ {
+ /*
+ * Flat mapping of the entire module.
+ */
+ SegInfo.iSeg = NIL_RTDBGSEGIDX;
+ uint32_t cSymbols = RTDbgModSymbolCount(hDbgMod);
+ for (uint32_t iSymbol = 0; iSymbol < cSymbols; iSymbol++)
+ {
+ RTDBGSYMBOL SymInfo;
+ rc = RTDbgModSymbolByOrdinal(hDbgMod, iSymbol, &SymInfo);
+ if (RT_SUCCESS(rc))
+ {
+ if ( SymInfo.iSeg != SegInfo.iSeg
+ && SymInfo.iSeg < RTDBGSEGIDX_SPECIAL_FIRST)
+ {
+ rc = RTDbgModSegmentByIndex(hDbgMod, SymInfo.iSeg, &SegInfo);
+ if (RT_FAILURE(rc))
+ {
+ RTMsgError("RTDbgModSegmentByIndex(%s, %u) failed: %Rrc", pszModule, SymInfo.iSeg, rc);
+ continue;
+ }
+ }
+ PrintSymbolForKAllSyms(pszModule, &SymInfo, &SegInfo, aMappings[iMapping].Address, false);
+ }
+ else
+ RTMsgError("RTDbgModSymbolByOrdinal(%s, %u) failed: %Rrc", pszModule, iSymbol, rc);
+ }
+ }
+ else
+ {
+ /*
+ * Just one segment.
+ */
+ rc = RTDbgModSegmentByIndex(hDbgMod, aMappings[iMapping].iSeg, &SegInfo);
+ if (RT_SUCCESS(rc))
+ {
+ /** @todo */
+ }
+ else
+ RTMsgError("RTDbgModSegmentByIndex(%s, %u) failed: %Rrc", pszModule, aMappings[iMapping].iSeg, rc);
+ }
+ }
+ }
+ else
+ RTMsgError("RTDbgAsModuleQueryMapByIndex failed: %Rrc", rc);
+ RTDbgModRelease(hDbgMod);
+ }
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+/**
+ * Dumps the address space.
+ */
+static void DumpAddressSpace(RTDBGAS hDbgAs, unsigned cVerbosityLevel)
+{
+ RTPrintf("*** Address Space Dump ***\n");
+ uint32_t cModules = RTDbgAsModuleCount(hDbgAs);
+ for (uint32_t iModule = 0; iModule < cModules; iModule++)
+ {
+ RTDBGMOD hDbgMod = RTDbgAsModuleByIndex(hDbgAs, iModule);
+ RTPrintf("Module #%u: %s\n", iModule, RTDbgModName(hDbgMod));
+
+ RTDBGASMAPINFO aMappings[128];
+ uint32_t cMappings = RT_ELEMENTS(aMappings);
+ int rc = RTDbgAsModuleQueryMapByIndex(hDbgAs, iModule, &aMappings[0], &cMappings, 0 /*fFlags*/);
+ if (RT_SUCCESS(rc))
+ {
+ for (uint32_t iMapping = 0; iMapping < cMappings; iMapping++)
+ {
+ if (aMappings[iMapping].iSeg == NIL_RTDBGSEGIDX)
+ {
+ RTPrintf(" mapping #%u: %RTptr-%RTptr\n",
+ iMapping,
+ aMappings[iMapping].Address,
+ aMappings[iMapping].Address + RTDbgModImageSize(hDbgMod) - 1);
+ if (cVerbosityLevel > 2)
+ {
+ uint32_t cSegments = RTDbgModSegmentCount(hDbgMod);
+ for (uint32_t iSeg = 0; iSeg < cSegments; iSeg++)
+ {
+ RTDBGSEGMENT SegInfo;
+ rc = RTDbgModSegmentByIndex(hDbgMod, iSeg, &SegInfo);
+ if (RT_SUCCESS(rc))
+ RTPrintf(" seg #%u: %RTptr LB %RTptr '%s'\n",
+ iSeg, SegInfo.uRva, SegInfo.cb, SegInfo.szName);
+ else
+ RTPrintf(" seg #%u: %Rrc\n", iSeg, rc);
+ }
+ }
+ }
+ else
+ {
+ RTDBGSEGMENT SegInfo;
+ rc = RTDbgModSegmentByIndex(hDbgMod, aMappings[iMapping].iSeg, &SegInfo);
+ if (RT_SUCCESS(rc))
+ RTPrintf(" mapping #%u: %RTptr-%RTptr (segment #%u - '%s')\n",
+ iMapping,
+ aMappings[iMapping].Address,
+ aMappings[iMapping].Address + SegInfo.cb,
+ SegInfo.iSeg, SegInfo.szName);
+ else
+ RTPrintf(" mapping #%u: %RTptr-???????? (segment #%u) rc=%Rrc\n",
+ iMapping, aMappings[iMapping].Address, aMappings[iMapping].iSeg, rc);
+ }
+
+ if (cVerbosityLevel > 1)
+ {
+ uint32_t cSymbols = RTDbgModSymbolCount(hDbgMod);
+ RTPrintf(" %u symbols\n", cSymbols);
+ for (uint32_t iSymbol = 0; iSymbol < cSymbols; iSymbol++)
+ {
+ RTDBGSYMBOL SymInfo;
+ rc = RTDbgModSymbolByOrdinal(hDbgMod, iSymbol, &SymInfo);
+ if (RT_SUCCESS(rc))
+ RTPrintf(" #%04u at %08x:%RTptr (%RTptr) %05llx %s\n",
+ SymInfo.iOrdinal, SymInfo.iSeg, SymInfo.offSeg, SymInfo.Value,
+ (uint64_t)SymInfo.cb, SymInfo.szName);
+ }
+ }
+ }
+ }
+ else
+ RTMsgError("RTDbgAsModuleQueryMapByIndex failed: %Rrc", rc);
+ RTDbgModRelease(hDbgMod);
+ }
+ RTPrintf("*** End of Address Space Dump ***\n");
+}
+
+
+/**
+ * Tries to parse out an address at the head of the string.
+ *
+ * @returns true if found address, false if not.
+ * @param psz Where to start parsing.
+ * @param pcchAddress Where to store the address length.
+ * @param pu64Address Where to store the address value.
+ */
+static bool TryParseAddress(const char *psz, size_t *pcchAddress, uint64_t *pu64Address)
+{
+ const char *pszStart = psz;
+
+ /*
+ * Hex prefix?
+ */
+ if (psz[0] == '0' && (psz[1] == 'x' || psz[1] == 'X'))
+ psz += 2;
+
+ /*
+ * How many hex digits? We want at least 4 and at most 16.
+ */
+ size_t off = 0;
+ while (RT_C_IS_XDIGIT(psz[off]))
+ off++;
+ if (off < 4 || off > 16)
+ return false;
+
+ /*
+ * Check for separator (xxxxxxxx'yyyyyyyy).
+ */
+ bool fHave64bitSep = off <= 8
+ && psz[off] == '\''
+ && RT_C_IS_XDIGIT(psz[off + 1])
+ && RT_C_IS_XDIGIT(psz[off + 2])
+ && RT_C_IS_XDIGIT(psz[off + 3])
+ && RT_C_IS_XDIGIT(psz[off + 4])
+ && RT_C_IS_XDIGIT(psz[off + 5])
+ && RT_C_IS_XDIGIT(psz[off + 6])
+ && RT_C_IS_XDIGIT(psz[off + 7])
+ && RT_C_IS_XDIGIT(psz[off + 8])
+ && !RT_C_IS_XDIGIT(psz[off + 9]);
+ if (fHave64bitSep)
+ {
+ uint32_t u32High;
+ int rc = RTStrToUInt32Ex(psz, NULL, 16, &u32High);
+ if (rc != VWRN_TRAILING_CHARS)
+ return false;
+
+ uint32_t u32Low;
+ rc = RTStrToUInt32Ex(&psz[off + 1], NULL, 16, &u32Low);
+ if ( rc != VINF_SUCCESS
+ && rc != VWRN_TRAILING_SPACES
+ && rc != VWRN_TRAILING_CHARS)
+ return false;
+
+ *pu64Address = RT_MAKE_U64(u32Low, u32High);
+ off += 1 + 8;
+ }
+ else
+ {
+ int rc = RTStrToUInt64Ex(psz, NULL, 16, pu64Address);
+ if ( rc != VINF_SUCCESS
+ && rc != VWRN_TRAILING_SPACES
+ && rc != VWRN_TRAILING_CHARS)
+ return false;
+ }
+
+ *pcchAddress = psz + off - pszStart;
+ return true;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /*
+ * Create an empty address space that we can load modules and stuff into
+ * as we parse the parameters.
+ */
+ RTDBGAS hDbgAs;
+ rc = RTDbgAsCreate(&hDbgAs, 0, RTUINTPTR_MAX, "");
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTDBgAsCreate -> %Rrc", rc);
+
+ /*
+ * Create a debugging configuration instance to work with so that we can
+ * make use of (i.e. test) path searching and such.
+ */
+ RTDBGCFG hDbgCfg;
+ rc = RTDbgCfgCreate(&hDbgCfg, "IPRT", true /*fNativePaths*/);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTDbgCfgCreate -> %Rrc", rc);
+
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--input", 'i', RTGETOPT_REQ_STRING },
+ { "--local-file", 'l', RTGETOPT_REQ_NOTHING },
+ { "--cache-file", 'c', RTGETOPT_REQ_NOTHING },
+ { "--pe-image", 'p', RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--x86", '8', RTGETOPT_REQ_NOTHING },
+ { "--amd64", '6', RTGETOPT_REQ_NOTHING },
+ { "--whatever", '*', RTGETOPT_REQ_NOTHING },
+ { "--kallsyms", 'k', RTGETOPT_REQ_NOTHING },
+ };
+
+ PRTSTREAM pInput = g_pStdIn;
+ PRTSTREAM pOutput = g_pStdOut;
+ unsigned cVerbosityLevel = 0;
+ enum {
+ kOpenMethod_FromImage,
+ kOpenMethod_FromPeImage
+ } enmOpenMethod = kOpenMethod_FromImage;
+ bool fCacheFile = false;
+ RTLDRARCH enmArch = RTLDRARCH_WHATEVER;
+ bool fKAllSyms = false;
+
+ RTGETOPTUNION ValueUnion;
+ RTGETOPTSTATE GetState;
+ RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, 0);
+ while ((rc = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (rc)
+ {
+ case 'i':
+ rc = RTStrmOpen(ValueUnion.psz, "r", &pInput);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to open '%s' for reading: %Rrc", ValueUnion.psz, rc);
+ break;
+
+ case 'c':
+ fCacheFile = true;
+ break;
+
+ case 'k':
+ fKAllSyms = true;
+ break;
+
+ case 'l':
+ fCacheFile = false;
+ break;
+
+ case 'p':
+ enmOpenMethod = kOpenMethod_FromPeImage;
+ break;
+
+ case 'v':
+ cVerbosityLevel++;
+ break;
+
+ case '8':
+ enmArch = RTLDRARCH_X86_32;
+ break;
+
+ case '6':
+ enmArch = RTLDRARCH_AMD64;
+ break;
+
+ case '*':
+ enmArch = RTLDRARCH_WHATEVER;
+ break;
+
+ case 'h':
+ RTPrintf("Usage: %s [options] <module> <address> [<module> <address> [..]]\n"
+ "\n"
+ "Options:\n"
+ " -i,--input=file\n"
+ " Specify a input file instead of standard input.\n"
+ " --pe-image\n"
+ " Use RTDbgModCreateFromPeImage to open the file."
+ " -v, --verbose\n"
+ " Display the address space before doing the filtering.\n"
+ " --amd64,--x86,--whatever\n"
+ " Selects the desired architecture.\n"
+ " -k,--kallsyms\n"
+ " Produce a /proc/kallsyms compatible symbol listing and quit.\n"
+ " -h, -?, --help\n"
+ " Display this help text and exit successfully.\n"
+ " -V, --version\n"
+ " Display the revision and exit successfully.\n"
+ , RTPathFilename(argv[0]));
+ return RTEXITCODE_SUCCESS;
+
+ case 'V':
+ RTPrintf("$Revision: 155244 $\n");
+ return RTEXITCODE_SUCCESS;
+
+ case VINF_GETOPT_NOT_OPTION:
+ {
+ /* <module> <address> */
+ const char *pszModule = ValueUnion.psz;
+
+ rc = RTGetOptFetchValue(&GetState, &ValueUnion, RTGETOPT_REQ_UINT64 | RTGETOPT_FLAG_HEX);
+ if (RT_FAILURE(rc))
+ return RTGetOptPrintError(rc, &ValueUnion);
+ uint64_t u64Address = ValueUnion.u64;
+
+ uint32_t cbImage = 0;
+ uint32_t uTimestamp = 0;
+ if (fCacheFile)
+ {
+ rc = RTGetOptFetchValue(&GetState, &ValueUnion, RTGETOPT_REQ_UINT32 | RTGETOPT_FLAG_HEX);
+ if (RT_FAILURE(rc))
+ return RTGetOptPrintError(rc, &ValueUnion);
+ cbImage = ValueUnion.u32;
+
+ rc = RTGetOptFetchValue(&GetState, &ValueUnion, RTGETOPT_REQ_UINT32 | RTGETOPT_FLAG_HEX);
+ if (RT_FAILURE(rc))
+ return RTGetOptPrintError(rc, &ValueUnion);
+ uTimestamp = ValueUnion.u32;
+ }
+
+ RTDBGMOD hMod;
+ if (enmOpenMethod == kOpenMethod_FromImage)
+ rc = RTDbgModCreateFromImage(&hMod, pszModule, NULL, enmArch, hDbgCfg);
+ else
+ rc = RTDbgModCreateFromPeImage(&hMod, pszModule, NULL, NULL, cbImage, uTimestamp, hDbgCfg);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTDbgModCreateFromImage(,%s,,) -> %Rrc", pszModule, rc);
+
+ rc = RTDbgAsModuleLink(hDbgAs, hMod, u64Address, 0 /* fFlags */);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTDbgAsModuleLink(,%s,%llx,) -> %Rrc", pszModule, u64Address, rc);
+ break;
+ }
+
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+ /*
+ * Display the address space.
+ */
+ if (cVerbosityLevel)
+ DumpAddressSpace(hDbgAs, cVerbosityLevel);
+
+ /*
+ * Produce the /proc/kallsyms output.
+ */
+ if (fKAllSyms)
+ return ProduceKAllSyms(hDbgAs);
+
+ /*
+ * Read text from standard input and see if there is anything we can translate.
+ */
+ for (;;)
+ {
+ /* Get a line. */
+ char szLine[_64K];
+ rc = RTStrmGetLine(pInput, szLine, sizeof(szLine));
+ if (rc == VERR_EOF)
+ break;
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTStrmGetLine() -> %Rrc\n", rc);
+
+ /*
+ * Search the line for potential addresses and replace them with
+ * symbols+offset.
+ */
+ const char *pszStart = szLine;
+ const char *psz = szLine;
+ char ch;
+ while ((ch = *psz) != '\0')
+ {
+ size_t cchAddress;
+ uint64_t u64Address;
+
+ if ( ( ch == '0'
+ && (psz[1] == 'x' || psz[1] == 'X')
+ && TryParseAddress(psz, &cchAddress, &u64Address))
+ || ( RT_C_IS_XDIGIT(ch)
+ && TryParseAddress(psz, &cchAddress, &u64Address))
+ )
+ {
+ /* Print. */
+ psz += cchAddress;
+ if (pszStart != psz)
+ RTStrmWrite(pOutput, pszStart, psz - pszStart);
+ pszStart = psz;
+
+ /* Try get the module. */
+ RTUINTPTR uAddr;
+ RTDBGSEGIDX iSeg;
+ RTDBGMOD hDbgMod;
+ rc = RTDbgAsModuleByAddr(hDbgAs, u64Address, &hDbgMod, &uAddr, &iSeg);
+ if (RT_SUCCESS(rc))
+ {
+ if (iSeg != UINT32_MAX)
+ RTStrmPrintf(pOutput, "=[%s:%u", RTDbgModName(hDbgMod), iSeg);
+ else
+ RTStrmPrintf(pOutput, "=[%s", RTDbgModName(hDbgMod));
+
+ /*
+ * Do we have symbols?
+ */
+ RTDBGSYMBOL Symbol;
+ RTINTPTR offSym;
+ rc = RTDbgAsSymbolByAddr(hDbgAs, u64Address, RTDBGSYMADDR_FLAGS_LESS_OR_EQUAL, &offSym, &Symbol, NULL);
+ if (RT_SUCCESS(rc))
+ {
+ if (!offSym)
+ RTStrmPrintf(pOutput, "!%s", Symbol.szName);
+ else if (offSym > 0)
+ RTStrmPrintf(pOutput, "!%s+%#llx", Symbol.szName, offSym);
+ else
+ RTStrmPrintf(pOutput, "!%s-%#llx", Symbol.szName, -offSym);
+ }
+ else
+ RTStrmPrintf(pOutput, "+%#llx", u64Address - uAddr);
+
+ /*
+ * Do we have line numbers?
+ */
+ RTDBGLINE Line;
+ RTINTPTR offLine;
+ rc = RTDbgAsLineByAddr(hDbgAs, u64Address, &offLine, &Line, NULL);
+ if (RT_SUCCESS(rc))
+ RTStrmPrintf(pOutput, " %Rbn(%u)", Line.szFilename, Line.uLineNo);
+
+ RTStrmPrintf(pOutput, "]");
+ RTDbgModRelease(hDbgMod);
+ }
+ }
+ else
+ psz++;
+ }
+
+ if (pszStart != psz)
+ RTStrmWrite(pOutput, pszStart, psz - pszStart);
+ RTStrmPutCh(pOutput, '\n');
+ }
+
+ return RTEXITCODE_SUCCESS;
+}
+
diff --git a/src/VBox/Runtime/tools/RTLs.cpp b/src/VBox/Runtime/tools/RTLs.cpp
new file mode 100644
index 00000000..f6d34889
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTLs.cpp
@@ -0,0 +1,54 @@
+/* $Id: RTLs.cpp $ */
+/** @file
+ * IPRT - /bin/ls like utility for testing the VFS code.
+ */
+
+/*
+ * Copyright (C) 2017-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/errcore.h>
+#include <iprt/fs.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTFsCmdLs(argc, argv);
+}
+
diff --git a/src/VBox/Runtime/tools/RTManifest.cpp b/src/VBox/Runtime/tools/RTManifest.cpp
new file mode 100644
index 00000000..3a2d1180
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTManifest.cpp
@@ -0,0 +1,404 @@
+/* $Id: RTManifest.cpp $ */
+/** @file
+ * IPRT - Manifest Utility.
+ */
+
+/*
+ * Copyright (C) 2010-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/manifest.h>
+
+#include <iprt/buildconfig.h>
+#include <iprt/errcore.h>
+#include <iprt/file.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/process.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+#include <iprt/vfs.h>
+
+
+/**
+ * Verify a manifest.
+ *
+ * @returns Program exit code, failures with error message.
+ * @param pszManifest The manifest file. NULL if standard input.
+ * @param fStdFormat Whether to expect standard format (true) or
+ * java format (false).
+ * @param pszChDir The directory to change into before processing
+ * the files in the manifest.
+ */
+static RTEXITCODE rtManifestDoVerify(const char *pszManifest, bool fStdFormat, const char *pszChDir)
+{
+ RT_NOREF_PV(pszChDir); /** @todo implement pszChDir! */
+
+ /*
+ * Open the manifest.
+ */
+ int rc;
+ RTVFSIOSTREAM hVfsIos;
+ if (!pszManifest)
+ {
+ rc = RTVfsIoStrmFromStdHandle(RTHANDLESTD_INPUT, RTFILE_O_READ, false /*fLeaveOpen*/, &hVfsIos);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to prepare standard input for reading: %Rrc", rc);
+ }
+ else
+ {
+ uint32_t offError = 0;
+ RTERRINFOSTATIC ErrInfo;
+ rc = RTVfsChainOpenIoStream(pszManifest, RTFILE_O_READ | RTFILE_O_DENY_WRITE | RTFILE_O_OPEN,
+ &hVfsIos, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ return RTVfsChainMsgErrorExitFailure("RTVfsChainOpenIoStream", pszManifest, rc, offError, &ErrInfo.Core);
+ }
+
+ /*
+ * Read it.
+ */
+ RTMANIFEST hManifest;
+ rc = RTManifestCreate(0 /*fFlags*/, &hManifest);
+ if (RT_SUCCESS(rc))
+ {
+ if (fStdFormat)
+ {
+ char szErr[4096 + 1024];
+ rc = RTManifestReadStandardEx(hManifest, hVfsIos, szErr, sizeof(szErr));
+ if (RT_SUCCESS(rc))
+ {
+ RTVfsIoStrmRelease(hVfsIos);
+ hVfsIos = NIL_RTVFSIOSTREAM;
+
+ /*
+ * Do the verification.
+ */
+ /** @todo We're missing some enumeration APIs here! */
+ RTMsgError("The manifest read fine, but the actual verification code is yet to be written. Sorry.");
+ rc = VERR_NOT_IMPLEMENTED;
+#if 1 /* For now, just write the manifest to stdout so we can test the read routine. */
+ RTVFSIOSTREAM hVfsIosOut;
+ rc = RTVfsIoStrmFromStdHandle(RTHANDLESTD_OUTPUT, RTFILE_O_WRITE, false /*fLeaveOpen*/, &hVfsIosOut);
+ if (RT_SUCCESS(rc))
+ {
+ RTManifestWriteStandard(hManifest, hVfsIosOut);
+ RTVfsIoStrmRelease(hVfsIosOut);
+ }
+#endif
+ }
+ else if (szErr[0])
+ RTMsgError("Error reading manifest: %s", szErr);
+ else
+ RTMsgError("Error reading manifest: %Rrc", rc);
+ }
+ else
+ {
+ RTMsgError("Support for Java manifest files is not implemented yet");
+ rc = VERR_NOT_IMPLEMENTED;
+ }
+ RTManifestRelease(hManifest);
+ }
+
+ RTVfsIoStrmRelease(hVfsIos);
+ return RT_SUCCESS(rc) ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
+}
+
+
+/**
+ * Adds a file to the manifest.
+ *
+ * @returns IPRT status code, failures with error message.
+ * @param hManifest The manifest to add it to.
+ * @param pszFilename The name of the file to add.
+ * @param fAttr The manifest attributes to add.
+ */
+static int rtManifestAddFileToManifest(RTMANIFEST hManifest, const char *pszFilename, uint32_t fAttr)
+{
+ RTVFSIOSTREAM hVfsIos;
+ uint32_t offError = 0;
+ RTERRINFOSTATIC ErrInfo;
+ int rc = RTVfsChainOpenIoStream(pszFilename, RTFILE_O_READ | RTFILE_O_DENY_WRITE | RTFILE_O_OPEN,
+ &hVfsIos, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ {
+ RTVfsChainMsgError("RTVfsChainOpenIoStream", pszFilename, rc, offError, &ErrInfo.Core);
+ return rc;
+ }
+
+ rc = RTManifestEntryAddIoStream(hManifest, hVfsIos, pszFilename, fAttr);
+ if (RT_FAILURE(rc))
+ RTMsgError("RTManifestEntryAddIoStream failed for '%s': %Rrc", pszFilename, rc);
+
+ RTVfsIoStrmRelease(hVfsIos);
+ return rc;
+}
+
+
+/**
+ * Create a manifest from the specified input files.
+ *
+ * @returns Program exit code, failures with error message.
+ * @param pszManifest The name of the output manifest file. NULL if
+ * it should be written to standard output.
+ * @param fStdFormat Whether to expect standard format (true) or
+ * java format (false).
+ * @param pszChDir The directory to change into before processing
+ * the file arguments.
+ * @param fAttr The file attributes to put in the manifest.
+ * @param pGetState The RTGetOpt state.
+ * @param pUnion What the last RTGetOpt() call returned.
+ * @param chOpt What the last RTGetOpt() call returned.
+ */
+static RTEXITCODE rtManifestDoCreate(const char *pszManifest, bool fStdFormat, const char *pszChDir, uint32_t fAttr,
+ PRTGETOPTSTATE pGetState, PRTGETOPTUNION pUnion, int chOpt)
+{
+ /*
+ * Open the manifest file.
+ */
+ int rc;
+ RTVFSIOSTREAM hVfsIos;
+ if (!pszManifest)
+ {
+ rc = RTVfsIoStrmFromStdHandle(RTHANDLESTD_OUTPUT, RTFILE_O_WRITE, false /*fLeaveOpen*/, &hVfsIos);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to prepare standard output for writing: %Rrc", rc);
+ }
+ else
+ {
+ RTERRINFOSTATIC ErrInfo;
+ uint32_t offError;
+ rc = RTVfsChainOpenIoStream(pszManifest, RTFILE_O_WRITE | RTFILE_O_DENY_WRITE | RTFILE_O_CREATE_REPLACE,
+ &hVfsIos, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ return RTVfsChainMsgErrorExitFailure("RTVfsChainOpenIoStream", pszManifest, rc, offError, &ErrInfo.Core);
+ }
+
+ /*
+ * Create the internal manifest.
+ */
+ RTMANIFEST hManifest;
+ rc = RTManifestCreate(0 /*fFlags*/, &hManifest);
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Change directory and start processing the specified files.
+ */
+ if (pszChDir)
+ {
+ rc = RTPathSetCurrent(pszChDir);
+ if (RT_FAILURE(rc))
+ RTMsgError("Failed to change directory to '%s': %Rrc", pszChDir, rc);
+ }
+ if (RT_SUCCESS(rc))
+ {
+ while (chOpt == VINF_GETOPT_NOT_OPTION)
+ {
+ rc = rtManifestAddFileToManifest(hManifest, pUnion->psz, fAttr);
+ if (RT_FAILURE(rc))
+ break;
+
+ /* next */
+ chOpt = RTGetOpt(pGetState, pUnion);
+ }
+ if (RT_SUCCESS(rc) && chOpt != 0)
+ {
+ RTGetOptPrintError(chOpt, pUnion);
+ rc = chOpt < 0 ? chOpt : -chOpt;
+ }
+ }
+
+ /*
+ * Write the manifest.
+ */
+ if (RT_SUCCESS(rc))
+ {
+ if (fStdFormat)
+ {
+ rc = RTManifestWriteStandard(hManifest, hVfsIos);
+ if (RT_FAILURE(rc))
+ RTMsgError("RTManifestWriteStandard failed: %Rrc", rc);
+ }
+ else
+ {
+ RTMsgError("Support for Java manifest files is not implemented yet");
+ rc = VERR_NOT_IMPLEMENTED;
+ }
+ }
+
+ RTManifestRelease(hManifest);
+ }
+
+ RTVfsIoStrmRelease(hVfsIos);
+ return RT_SUCCESS(rc) ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /*
+ * Parse arguments.
+ */
+ static RTGETOPTDEF const s_aOptions[] =
+ {
+ { "--manifest", 'm', RTGETOPT_REQ_STRING },
+ { "--java", 'j', RTGETOPT_REQ_NOTHING },
+ { "--chdir", 'C', RTGETOPT_REQ_STRING },
+ { "--attribute", 'a', RTGETOPT_REQ_STRING },
+ { "--verify", 'v', RTGETOPT_REQ_NOTHING },
+ };
+
+ bool fVerify = false;
+ bool fStdFormat = true;
+ const char *pszManifest = NULL;
+ const char *pszChDir = NULL;
+ uint32_t fAttr = RTMANIFEST_ATTR_UNKNOWN;
+
+ RTGETOPTSTATE GetState;
+ rc = RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOptInit failed: %Rrc", rc);
+
+ RTGETOPTUNION ValueUnion;
+ while ( (rc = RTGetOpt(&GetState, &ValueUnion)) != 0
+ && rc != VINF_GETOPT_NOT_OPTION)
+ {
+ switch (rc)
+ {
+ case 'a':
+ {
+ static struct
+ {
+ const char *pszAttr;
+ uint32_t fAttr;
+ } s_aAttributes[] =
+ {
+ { "size", RTMANIFEST_ATTR_SIZE },
+ { "md5", RTMANIFEST_ATTR_MD5 },
+ { "sha1", RTMANIFEST_ATTR_SHA1 },
+ { "sha256", RTMANIFEST_ATTR_SHA256 },
+ { "sha512", RTMANIFEST_ATTR_SHA512 }
+ };
+ uint32_t fThisAttr = RTMANIFEST_ATTR_UNKNOWN;
+ for (unsigned i = 0; i < RT_ELEMENTS(s_aAttributes); i++)
+ if (!RTStrICmp(s_aAttributes[i].pszAttr, ValueUnion.psz))
+ {
+ fThisAttr = s_aAttributes[i].fAttr;
+ break;
+ }
+ if (fThisAttr == RTMANIFEST_ATTR_UNKNOWN)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Unknown attribute type '%s'", ValueUnion.psz);
+
+ if (fAttr == RTMANIFEST_ATTR_UNKNOWN)
+ fAttr = fThisAttr;
+ else
+ fAttr |= fThisAttr;
+ break;
+ }
+
+ case 'j':
+ fStdFormat = false;
+ break;
+
+ case 'm':
+ if (pszManifest)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Only one manifest can be specified");
+ pszManifest = ValueUnion.psz;
+ break;
+
+ case 'v':
+ fVerify = true;
+ break;
+
+ case 'C':
+ if (pszChDir)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Only one directory change can be specified");
+ pszChDir = ValueUnion.psz;
+ break;
+
+ case 'h':
+ RTPrintf("Usage: %s [--manifest <file>] [--chdir <dir>] [--attribute <attrib-name> [..]] <files>\n"
+ " or %s --verify [--manifest <file>] [--chdir <dir>]\n"
+ "\n"
+ "attrib-name: size, md5, sha1, sha256 or sha512\n"
+ , RTProcShortName(), RTProcShortName());
+ return RTEXITCODE_SUCCESS;
+
+#ifndef IN_BLD_PROG /* RTBldCfgVersion or RTBldCfgRevision in build time IPRT lib. */
+ case 'V':
+ RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
+ return RTEXITCODE_SUCCESS;
+#endif
+
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+ /*
+ * Take action.
+ */
+ RTEXITCODE rcExit;
+ if (!fVerify)
+ {
+ if (rc != VINF_GETOPT_NOT_OPTION)
+ RTMsgWarning("No files specified, the manifest will be empty.");
+ if (fAttr == RTMANIFEST_ATTR_UNKNOWN)
+ fAttr = RTMANIFEST_ATTR_SIZE | RTMANIFEST_ATTR_MD5
+ | RTMANIFEST_ATTR_SHA1 | RTMANIFEST_ATTR_SHA256 | RTMANIFEST_ATTR_SHA512;
+ rcExit = rtManifestDoCreate(pszManifest, fStdFormat, pszChDir, fAttr, &GetState, &ValueUnion, rc);
+ }
+ else
+ {
+ if (rc == VINF_GETOPT_NOT_OPTION)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX,
+ "No files should be specified when verifying a manifest (--verfiy), "
+ "only a manifest via the --manifest option");
+ if (fAttr != RTMANIFEST_ATTR_UNKNOWN)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX,
+ "The --attribute (-a) option does not combine with --verify (-v)");
+
+
+ rcExit = rtManifestDoVerify(pszManifest, fStdFormat, pszChDir);
+ }
+
+ return rcExit;
+}
+
diff --git a/src/VBox/Runtime/tools/RTMkDir.cpp b/src/VBox/Runtime/tools/RTMkDir.cpp
new file mode 100644
index 00000000..060d476e
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTMkDir.cpp
@@ -0,0 +1,379 @@
+/* $Id: RTMkDir.cpp $ */
+/** @file
+ * IPRT - Creates directory.
+ */
+
+/*
+ * Copyright (C) 2013-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/path.h>
+#include <iprt/err.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+
+#include <iprt/vfs.h>
+#include <iprt/string.h>
+#include <iprt/stream.h>
+#include <iprt/getopt.h>
+#include <iprt/buildconfig.h>
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+typedef struct RTCMDMKDIROPTS
+{
+ /** -v, --verbose */
+ bool fVerbose;
+ /** -p, --parents */
+ bool fParents;
+ /** Whether to always use the VFS chain API (for testing). */
+ bool fAlwaysUseChainApi;
+ /** Directory creation flags (RTDIRCREATE_FLAGS_XXX). */
+ uint32_t fCreateFlags;
+ /** The directory mode. */
+ RTFMODE fMode;
+} RTCMDMKDIROPTS;
+
+
+/**
+ * Create one directory and any missing parent directories.
+ *
+ * @returns exit code
+ * @param pOpts The mkdir option.
+ * @param pszDir The path to the new directory.
+ */
+static int rtCmdMkDirOneWithParents(RTCMDMKDIROPTS const *pOpts, const char *pszDir)
+{
+ int rc;
+ if (!pOpts->fAlwaysUseChainApi && !RTVfsChainIsSpec(pszDir) )
+ {
+ /*
+ * Use the API for doing the entire job. Unfortuantely, this means we
+ * can't be very verbose about what we're doing.
+ */
+ rc = RTDirCreateFullPath(pszDir, pOpts->fMode);
+ if (RT_FAILURE(rc))
+ RTMsgError("Failed to create directory '%s' (or a parent): %Rrc", pszDir, rc);
+ else if (pOpts->fVerbose)
+ RTPrintf("%s\n", pszDir);
+ }
+ else
+ {
+ /*
+ * Strip the final path element from the pszDir spec.
+ */
+ char *pszCopy = RTStrDup(pszDir);
+ if (!pszCopy)
+ return RTMsgErrorExitFailure("Out of string memory!");
+
+ char *pszFinalPath;
+ char *pszSpec;
+ uint32_t offError;
+ rc = RTVfsChainSplitOffFinalPath(pszCopy, &pszSpec, &pszFinalPath, &offError);
+ if (RT_SUCCESS(rc))
+ {
+ const char * const pszFullFinalPath = pszFinalPath;
+
+ /*
+ * Open the root director/whatever.
+ */
+ RTERRINFOSTATIC ErrInfo;
+ RTVFSDIR hVfsCurDir;
+ if (pszSpec)
+ {
+ rc = RTVfsChainOpenDir(pszSpec, 0 /*fOpen*/, &hVfsCurDir, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ RTVfsChainMsgError("RTVfsChainOpenDir", pszSpec, rc, offError, &ErrInfo.Core);
+ else if (!pszFinalPath)
+ pszFinalPath = RTStrEnd(pszSpec, RTSTR_MAX);
+ }
+ else if (!RTPathStartsWithRoot(pszFinalPath))
+ {
+ rc = RTVfsDirOpenNormal(".", 0 /*fOpen*/, &hVfsCurDir);
+ if (RT_FAILURE(rc))
+ RTMsgError("Failed to open '.' (for %s): %Rrc", rc, pszFinalPath);
+ }
+ else
+ {
+ char *pszRoot = pszFinalPath;
+ pszFinalPath = RTPathSkipRootSpec(pszFinalPath);
+ char const chSaved = *pszFinalPath;
+ *pszFinalPath = '\0';
+ rc = RTVfsDirOpenNormal(pszRoot, 0 /*fOpen*/, &hVfsCurDir);
+ *pszFinalPath = chSaved;
+ if (RT_FAILURE(rc))
+ RTMsgError("Failed to open root dir for '%s': %Rrc", rc, pszRoot);
+ }
+
+ /*
+ * Walk the path component by component.
+ */
+ while (RT_SUCCESS(rc))
+ {
+ /*
+ * Strip leading slashes.
+ */
+ while (RTPATH_IS_SLASH(*pszFinalPath))
+ pszFinalPath++;
+ if (*pszFinalPath == '\0')
+ {
+ RTVfsDirRelease(hVfsCurDir);
+ break;
+ }
+
+ /*
+ * Find the end of the next path component.
+ */
+ size_t cchComponent = 0;
+ char ch;
+ while ( (ch = pszFinalPath[cchComponent]) != '\0'
+ && !RTPATH_IS_SLASH(ch))
+ cchComponent++;
+
+ /*
+ * Open or create the component.
+ */
+ pszFinalPath[cchComponent] = '\0';
+ RTVFSDIR hVfsNextDir = NIL_RTVFSDIR;
+ for (uint32_t cTries = 0; cTries < 8; cTries++)
+ {
+ /* Try open it. */
+ rc = RTVfsDirOpenDir(hVfsCurDir, pszFinalPath, 0 /*fFlags*/, &hVfsNextDir);
+ if (RT_SUCCESS(rc))
+ break;
+ if ( rc != VERR_FILE_NOT_FOUND
+ && rc != VERR_PATH_NOT_FOUND)
+ {
+ if (ch == '\0')
+ RTMsgError("Failed opening directory '%s': %Rrc", pszDir, rc);
+ else
+ RTMsgError("Failed opening dir '%s' (for creating '%s'): %Rrc", pszFullFinalPath, pszDir, rc);
+ break;
+ }
+
+ /* Not found, so try create it. */
+ rc = RTVfsDirCreateDir(hVfsCurDir, pszFinalPath, pOpts->fMode, pOpts->fCreateFlags, &hVfsNextDir);
+ if (rc == VERR_ALREADY_EXISTS)
+ continue; /* We lost a creation race, try again. */
+ if (RT_SUCCESS(rc) && pOpts->fVerbose)
+ {
+ if (pszSpec)
+ RTPrintf("%s:%s\n", pszSpec, pszFullFinalPath);
+ else
+ RTPrintf("%s\n", pszFullFinalPath);
+ }
+ else if (RT_FAILURE(rc))
+ {
+ if (ch == '\0')
+ RTMsgError("Failed creating directory '%s': %Rrc", pszDir, rc);
+ else
+ RTMsgError("Failed creating dir '%s' (for '%s'): %Rrc", pszFullFinalPath, pszDir, rc);
+ }
+ break;
+ }
+ pszFinalPath[cchComponent] = ch;
+
+ RTVfsDirRelease(hVfsCurDir);
+ hVfsCurDir = hVfsNextDir;
+ pszFinalPath += cchComponent;
+ }
+ }
+ else
+ RTVfsChainMsgError("RTVfsChainOpenParentDir", pszCopy, rc, offError, NULL);
+ RTStrFree(pszCopy);
+ }
+ return RT_SUCCESS(rc) ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
+}
+
+
+/**
+ * Create one directory.
+ *
+ * @returns exit code
+ * @param pOpts The mkdir option.
+ * @param pszDir The path to the new directory.
+ */
+static RTEXITCODE rtCmdMkDirOne(RTCMDMKDIROPTS const *pOpts, const char *pszDir)
+{
+ int rc;
+ if (!pOpts->fAlwaysUseChainApi && !RTVfsChainIsSpec(pszDir) )
+ rc = RTDirCreate(pszDir, pOpts->fMode, 0);
+ else
+ {
+ RTVFSDIR hVfsDir;
+ const char *pszChild;
+ uint32_t offError;
+ RTERRINFOSTATIC ErrInfo;
+ rc = RTVfsChainOpenParentDir(pszDir, 0 /*fOpen*/, &hVfsDir, &pszChild, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTVfsDirCreateDir(hVfsDir, pszChild, pOpts->fMode, 0 /*fFlags*/, NULL);
+ RTVfsDirRelease(hVfsDir);
+ }
+ else
+ return RTVfsChainMsgErrorExitFailure("RTVfsChainOpenParentDir", pszDir, rc, offError, &ErrInfo.Core);
+ }
+ if (RT_SUCCESS(rc))
+ {
+ if (pOpts->fVerbose)
+ RTPrintf("%s\n", pszDir);
+ return RTEXITCODE_SUCCESS;
+ }
+ return RTMsgErrorExitFailure("Failed to create '%s': %Rrc", pszDir, rc);
+}
+
+
+static RTEXITCODE RTCmdMkDir(unsigned cArgs, char **papszArgs)
+{
+ /*
+ * Parse the command line.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ /* operations */
+ { "--mode", 'm', RTGETOPT_REQ_UINT32 | RTGETOPT_FLAG_OCT },
+ { "--parents", 'p', RTGETOPT_REQ_NOTHING },
+ { "--always-use-vfs-chain-api", 'A', RTGETOPT_REQ_NOTHING },
+ { "--allow-content-indexing", 'i', RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ };
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1,
+ RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOpt failed: %Rrc", rc);
+
+ RTCMDMKDIROPTS Opts;
+ Opts.fVerbose = false;
+ Opts.fParents = false;
+ Opts.fAlwaysUseChainApi = false;
+ Opts.fCreateFlags = RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_NOT_CRITICAL | RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_SET;
+ Opts.fMode = 0775 | RTFS_TYPE_DIRECTORY | RTFS_DOS_DIRECTORY;
+
+ RTGETOPTUNION ValueUnion;
+ while ( (rc = RTGetOpt(&GetState, &ValueUnion)) != 0
+ && rc != VINF_GETOPT_NOT_OPTION)
+ {
+ switch (rc)
+ {
+ case 'm':
+ /** @todo DOS+NT attributes and symbolic notation. */
+ Opts.fMode &= ~07777;
+ Opts.fMode |= ValueUnion.u32 & 07777;
+ break;
+
+ case 'p':
+ Opts.fParents = true;
+ break;
+
+ case 'v':
+ Opts.fVerbose = true;
+ break;
+
+ case 'A':
+ Opts.fAlwaysUseChainApi = true;
+ break;
+
+ case 'i':
+ Opts.fCreateFlags &= ~RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_SET;
+ Opts.fCreateFlags |= RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_DONT_SET;
+ break;
+
+ case 'h':
+ RTPrintf("Usage: %s [options] <dir> [..]\n"
+ "\n"
+ "Options:\n"
+ " -m <mode>, --mode <mode>\n"
+ " The creation mode. Default is 0775.\n"
+ " -p, --parent\n"
+ " Create parent directories too. Ignore any existing directories.\n"
+ " -v, --verbose\n"
+ " Tell which directories get created.\n"
+ " -A, --always-use-vfs-chain-api\n"
+ " Always use the VFS API.\n"
+ " -i, --allow-content-indexing\n"
+ " Don't set flags to disable context indexing on windows.\n"
+ , papszArgs[0]);
+ return RTEXITCODE_SUCCESS;
+
+ case 'V':
+ RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
+ return RTEXITCODE_SUCCESS;
+
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+
+ /*
+ * No files means error.
+ */
+ if (rc != VINF_GETOPT_NOT_OPTION)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No directories specified.\n");
+
+ /*
+ * Work thru the specified dirs.
+ */
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ while (rc == VINF_GETOPT_NOT_OPTION)
+ {
+ if (Opts.fParents)
+ rc = rtCmdMkDirOneWithParents(&Opts, ValueUnion.psz);
+ else
+ rc = rtCmdMkDirOne(&Opts, ValueUnion.psz);
+ if (RT_FAILURE(rc))
+ rcExit = RTEXITCODE_FAILURE;
+
+ /* next */
+ rc = RTGetOpt(&GetState, &ValueUnion);
+ }
+ if (rc != 0)
+ rcExit = RTGetOptPrintError(rc, &ValueUnion);
+
+ return rcExit;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTCmdMkDir(argc, argv);
+}
+
diff --git a/src/VBox/Runtime/tools/RTNtDbgHelp.cpp b/src/VBox/Runtime/tools/RTNtDbgHelp.cpp
new file mode 100644
index 00000000..39cd2da7
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTNtDbgHelp.cpp
@@ -0,0 +1,393 @@
+/* $Id: RTNtDbgHelp.cpp $ */
+/** @file
+ * IPRT - RTNtDbgHelp - Tool for working/exploring DbgHelp.dll.
+ */
+
+/*
+ * Copyright (C) 2013-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/win/windows.h>
+#include <iprt/win/dbghelp.h>
+
+#include <iprt/alloca.h>
+#include <iprt/dir.h>
+#include <iprt/file.h>
+#include <iprt/getopt.h>
+#include <iprt/env.h>
+#include <iprt/initterm.h>
+#include <iprt/list.h>
+#include <iprt/mem.h>
+#include <iprt/message.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+#include <iprt/errcore.h>
+
+#include <iprt/win/lazy-dbghelp.h>
+
+#include <iprt/ldrlazy.h>
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+/**
+ * Debug module record.
+ *
+ * Used for dumping the whole context.
+ */
+typedef struct RTNTDBGHELPMOD
+{
+ /** The list bits. */
+ RTLISTNODE ListEntry;
+ /** The module address. */
+ uint64_t uModAddr;
+ /** Pointer to the name part of szFullName. */
+ char *pszName;
+ /** The module name. */
+ char szFullName[1];
+} RTNTDBGHELPMOD;
+/** Pointer to a debug module. */
+typedef RTNTDBGHELPMOD *PRTNTDBGHELPMOD;
+
+
+/*********************************************************************************************************************************
+* Global Variables *
+*********************************************************************************************************************************/
+/** Verbosity level. */
+static int g_iOptVerbose = 1;
+
+/** Fake process handle. */
+static HANDLE g_hFake = (HANDLE)0x1234567;
+/** Number of modules in the list. */
+static uint32_t g_cModules = 0;
+/** Module list. */
+static RTLISTANCHOR g_ModuleList;
+/** Set when initialized, clear until then. Lazy init on first operation. */
+static bool g_fInitialized = false;
+
+/** The current address register. */
+static uint64_t g_uCurAddress = 0;
+
+
+
+/**
+ * For debug/verbose output.
+ *
+ * @param iMin The minimum verbosity level for this message.
+ * @param pszFormat The format string.
+ * @param ... The arguments referenced in the format string.
+ */
+static void infoPrintf(int iMin, const char *pszFormat, ...)
+{
+ if (g_iOptVerbose >= iMin)
+ {
+ va_list va;
+ va_start(va, pszFormat);
+ RTPrintf("info: ");
+ RTPrintfV(pszFormat, va);
+ va_end(va);
+ }
+}
+
+static BOOL CALLBACK symDebugCallback64(HANDLE hProcess, ULONG uAction, ULONG64 ullData, ULONG64 ullUserCtx)
+{
+ NOREF(hProcess); NOREF(ullUserCtx);
+ switch (uAction)
+ {
+ case CBA_DEBUG_INFO:
+ {
+ const char *pszMsg = (const char *)(uintptr_t)ullData;
+ size_t cchMsg = strlen(pszMsg);
+ if (cchMsg > 0 && pszMsg[cchMsg - 1] == '\n')
+ RTPrintf("cba_debug_info: %s", pszMsg);
+ else
+ RTPrintf("cba_debug_info: %s\n", pszMsg);
+ return TRUE;
+ }
+
+ case CBA_DEFERRED_SYMBOL_LOAD_CANCEL:
+ return FALSE;
+
+ case CBA_EVENT:
+ return FALSE;
+
+ default:
+ RTPrintf("cba_???: uAction=%#x ullData=%#llx\n", uAction, ullData);
+ break;
+ }
+
+ return FALSE;
+}
+
+/**
+ * Lazy initialization.
+ * @returns Exit code with any relevant complaints printed.
+ */
+static RTEXITCODE ensureInitialized(void)
+{
+ if (!g_fInitialized)
+ {
+ if (!SymInitialize(g_hFake, NULL, FALSE))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "SymInitialied failed: %u\n", GetLastError());
+ if (!SymRegisterCallback64(g_hFake, symDebugCallback64, 0))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "SymRegisterCallback64 failed: %u\n", GetLastError());
+ g_fInitialized = true;
+ infoPrintf(2, "SymInitialized(,,)\n");
+ }
+ return RTEXITCODE_SUCCESS;
+}
+
+
+/**
+ * Loads the given module, the address is either automatic or a previously given
+ * one.
+ *
+ * @returns Exit code with any relevant complaints printed.
+ * @param pszFile The file to load.
+ */
+static RTEXITCODE loadModule(const char *pszFile)
+{
+ RTEXITCODE rcExit = ensureInitialized();
+ if (rcExit != RTEXITCODE_SUCCESS)
+ return rcExit;
+
+ uint64_t uModAddrReq = g_uCurAddress == 0 ? UINT64_C(0x1000000) * g_cModules : g_uCurAddress;
+ uint64_t uModAddrGot = SymLoadModuleEx(g_hFake, NULL /*hFile*/, pszFile, NULL /*pszModuleName*/,
+ uModAddrReq, 0, NULL /*pData*/, 0 /*fFlags*/);
+ if (uModAddrGot == 0)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "SymLoadModuleEx failed: %u\n", GetLastError());
+
+ size_t cbFullName = strlen(pszFile) + 1;
+ PRTNTDBGHELPMOD pMod = (PRTNTDBGHELPMOD)RTMemAlloc(RT_UOFFSETOF_DYN(RTNTDBGHELPMOD, szFullName[cbFullName + 1]));
+ memcpy(pMod->szFullName, pszFile, cbFullName);
+ pMod->pszName = RTPathFilename(pMod->szFullName);
+ pMod->uModAddr = uModAddrGot;
+ RTListAppend(&g_ModuleList, &pMod->ListEntry);
+ infoPrintf(1, "%#018RX64 %s\n", pMod->uModAddr, pMod->pszName);
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+/**
+ * Translates SYM_TYPE to string.
+ *
+ * @returns String.
+ * @param enmType The symbol type value.
+ */
+static const char *symTypeName(SYM_TYPE enmType)
+{
+ switch (enmType)
+ {
+ case SymCoff: return "SymCoff";
+ case SymCv: return "SymCv";
+ case SymPdb: return "SymPdb";
+ case SymExport: return "SymExport";
+ case SymDeferred: return "SymDeferred";
+ case SymSym: return "SymSym";
+ case SymDia: return "SymDia";
+ case SymVirtual: return "SymVirtual";
+ default:
+ {
+ static char s_szBuf[32];
+ RTStrPrintf(s_szBuf, sizeof(s_szBuf), "Unknown-%#x", enmType);
+ return s_szBuf;
+ }
+ }
+}
+
+
+/**
+ * Symbol enumeration callback.
+ *
+ * @returns TRUE (continue enum).
+ * @param pSymInfo The symbol info.
+ * @param cbSymbol The symbol length (calculated).
+ * @param pvUser NULL.
+ */
+static BOOL CALLBACK dumpSymbolCallback(PSYMBOL_INFO pSymInfo, ULONG cbSymbol, PVOID pvUser)
+{
+ NOREF(pvUser);
+ RTPrintf(" %#018RX64 LB %#07x %s\n", pSymInfo->Address, cbSymbol, pSymInfo->Name);
+ return TRUE;
+}
+
+/**
+ * Dumps all info.
+ * @returns Exit code with any relevant complaints printed.
+ */
+static RTEXITCODE dumpAll(void)
+{
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ PRTNTDBGHELPMOD pMod;
+ RTListForEach(&g_ModuleList, pMod, RTNTDBGHELPMOD, ListEntry)
+ {
+ RTPrintf("*** %#018RX64 - %s ***\n", pMod->uModAddr, pMod->szFullName);
+
+ static const int8_t s_acbVariations[] = { 0, -4, -8, -12, -16, -20, -24, -28, -32, 4, 8, 12, 16, 20, 24, 28, 32 };
+ unsigned iVariation = 0;
+ union
+ {
+ IMAGEHLP_MODULE64 ModInfo;
+ uint8_t abPadding[sizeof(IMAGEHLP_MODULE64) + 64];
+ } u;
+
+ BOOL fRc;
+ do
+ {
+ RT_ZERO(u.ModInfo);
+ u.ModInfo.SizeOfStruct = sizeof(u.ModInfo) + s_acbVariations[iVariation++];
+ fRc = SymGetModuleInfo64(g_hFake, pMod->uModAddr, &u.ModInfo);
+ } while (!fRc && GetLastError() == ERROR_INVALID_PARAMETER && iVariation < RT_ELEMENTS(s_acbVariations));
+
+ if (fRc)
+ {
+ RTPrintf(" BaseOfImage = %#018llx\n", u.ModInfo.BaseOfImage);
+ RTPrintf(" ImageSize = %#010x\n", u.ModInfo.ImageSize);
+ RTPrintf(" TimeDateStamp = %#010x\n", u.ModInfo.TimeDateStamp);
+ RTPrintf(" CheckSum = %#010x\n", u.ModInfo.CheckSum);
+ RTPrintf(" NumSyms = %#010x (%u)\n", u.ModInfo.NumSyms, u.ModInfo.NumSyms);
+ RTPrintf(" SymType = %s\n", symTypeName(u.ModInfo.SymType));
+ RTPrintf(" ModuleName = %.32s\n", u.ModInfo.ModuleName);
+ RTPrintf(" ImageName = %.256s\n", u.ModInfo.ImageName);
+ RTPrintf(" LoadedImageName = %.256s\n", u.ModInfo.LoadedImageName);
+ RTPrintf(" LoadedPdbName = %.256s\n", u.ModInfo.LoadedPdbName);
+ RTPrintf(" CVSig = %#010x\n", u.ModInfo.CVSig);
+ /** @todo CVData. */
+ RTPrintf(" PdbSig = %#010x\n", u.ModInfo.PdbSig);
+ RTPrintf(" PdbSig70 = %RTuuid\n", &u.ModInfo.PdbSig70);
+ RTPrintf(" PdbAge = %#010x\n", u.ModInfo.PdbAge);
+ RTPrintf(" PdbUnmatched = %RTbool\n", u.ModInfo.PdbUnmatched);
+ RTPrintf(" DbgUnmatched = %RTbool\n", u.ModInfo.DbgUnmatched);
+ RTPrintf(" LineNumbers = %RTbool\n", u.ModInfo.LineNumbers);
+ RTPrintf(" GlobalSymbols = %RTbool\n", u.ModInfo.GlobalSymbols);
+ RTPrintf(" TypeInfo = %RTbool\n", u.ModInfo.TypeInfo);
+ RTPrintf(" SourceIndexed = %RTbool\n", u.ModInfo.SourceIndexed);
+ RTPrintf(" Publics = %RTbool\n", u.ModInfo.Publics);
+ }
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "SymGetModuleInfo64 failed: %u\n", GetLastError());
+
+ if (!SymEnumSymbols(g_hFake, pMod->uModAddr, NULL, dumpSymbolCallback, NULL))
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "SymEnumSymbols failed: %u\n", GetLastError());
+
+ }
+ return rcExit;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0 /*fFlags*/);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ RTListInit(&g_ModuleList);
+
+ /*
+ * Parse options.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--dump-all", 'd', RTGETOPT_REQ_NOTHING },
+ { "--load", 'l', RTGETOPT_REQ_STRING },
+ { "--set-address", 'a', RTGETOPT_REQ_UINT64 },
+#define OPT_SET_DEBUG_INFO 0x1000
+ { "--set-debug-info", OPT_SET_DEBUG_INFO, RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--quiet", 'q', RTGETOPT_REQ_NOTHING },
+ };
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ //const char *pszOutput = "-";
+
+ int ch;
+ RTGETOPTUNION ValueUnion;
+ RTGETOPTSTATE GetState;
+ RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1,
+ RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)) != 0)
+ {
+ switch (ch)
+ {
+ case 'v':
+ g_iOptVerbose++;
+ break;
+
+ case 'q':
+ g_iOptVerbose++;
+ break;
+
+ case 'l':
+ rcExit = loadModule(ValueUnion.psz);
+ break;
+
+ case 'a':
+ g_uCurAddress = ValueUnion.u64;
+ break;
+
+ case 'd':
+ rcExit = dumpAll();
+ break;
+
+ case OPT_SET_DEBUG_INFO:
+ rcExit = ensureInitialized();
+ if (rcExit == RTEXITCODE_SUCCESS && !SymSetOptions(SymGetOptions() | SYMOPT_DEBUG))
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "SymSetOptions failed: %u\n", GetLastError());
+ break;
+
+
+ case 'V':
+ RTPrintf("$Revision: 155244 $");
+ break;
+
+ case 'h':
+ RTPrintf("usage: %s [-v|--verbose] [-q|--quiet] [--set-debug-info] [-a <addr>] [-l <file>] [-d] [...]\n"
+ " or: %s [-V|--version]\n"
+ " or: %s [-h|--help]\n",
+ argv[0], argv[0], argv[0]);
+ return RTEXITCODE_SUCCESS;
+
+ case VINF_GETOPT_NOT_OPTION:
+ default:
+ return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ if (rcExit != RTEXITCODE_SUCCESS)
+ break;
+ }
+ return rcExit;
+}
+
diff --git a/src/VBox/Runtime/tools/RTRm.cpp b/src/VBox/Runtime/tools/RTRm.cpp
new file mode 100644
index 00000000..46df757d
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTRm.cpp
@@ -0,0 +1,54 @@
+/* $Id: RTRm.cpp $ */
+/** @file
+ * IPRT - Remove Directory Entries Utility.
+ */
+
+/*
+ * Copyright (C) 2013-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/path.h>
+#include <iprt/errcore.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTPathRmCmd(argc, argv);
+}
+
diff --git a/src/VBox/Runtime/tools/RTRmDir.cpp b/src/VBox/Runtime/tools/RTRmDir.cpp
new file mode 100644
index 00000000..6d9dd26f
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTRmDir.cpp
@@ -0,0 +1,369 @@
+/* $Id: RTRmDir.cpp $ */
+/** @file
+ * IPRT - Removes directory.
+ */
+
+/*
+ * Copyright (C) 2013-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/path.h>
+#include <iprt/err.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+
+#include <iprt/vfs.h>
+#include <iprt/string.h>
+#include <iprt/stream.h>
+#include <iprt/getopt.h>
+#include <iprt/buildconfig.h>
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+typedef struct RTCMDRMDIROPTS
+{
+ /** -v, --verbose */
+ bool fVerbose;
+ /** -p, --parents */
+ bool fParents;
+ /** Don't fail if directories that aren't empty. */
+ bool fIgnoreNotEmpty;
+ /** Don't fail a directory doesn't exist (i.e. has already been removed). */
+ bool fIgnoreNonExisting;
+ /** Whether to always use the VFS chain API (for testing). */
+ bool fAlwaysUseChainApi;
+} RTCMDRMDIROPTS;
+
+
+/**
+ * Create one directory and any missing parent directories.
+ *
+ * @returns exit code
+ * @param pOpts The mkdir option.
+ * @param pszDir The path to the new directory.
+ */
+static int rtCmdRmDirOneWithParents(RTCMDRMDIROPTS const *pOpts, const char *pszDir)
+{
+ /* We need a copy we can work with here. */
+ char *pszCopy = RTStrDup(pszDir);
+ if (!pszCopy)
+ return RTMsgErrorExitFailure("Out of string memory!");
+
+ int rc;
+ if (!pOpts->fAlwaysUseChainApi && !RTVfsChainIsSpec(pszDir) )
+ {
+ size_t cchCopy = strlen(pszCopy);
+ do
+ {
+ rc = RTDirRemove(pszCopy);
+ if (RT_SUCCESS(rc))
+ {
+ if (pOpts->fVerbose)
+ RTPrintf("%s\n", pszCopy);
+ }
+ else if ((rc == VERR_PATH_NOT_FOUND || rc == VERR_FILE_NOT_FOUND) && pOpts->fIgnoreNonExisting)
+ rc = VINF_SUCCESS;
+ else
+ {
+ if ((rc == VERR_DIR_NOT_EMPTY || rc == VERR_SHARING_VIOLATION) && pOpts->fIgnoreNotEmpty)
+ rc = VINF_SUCCESS;
+ else
+ RTMsgError("Failed to remove directory '%s': %Rrc", pszCopy, rc);
+ break;
+ }
+
+ /* Strip off a component. */
+ while (cchCopy > 0 && RTPATH_IS_SLASH(pszCopy[cchCopy - 1]))
+ cchCopy--;
+ while (cchCopy > 0 && !RTPATH_IS_SLASH(pszCopy[cchCopy - 1]))
+ cchCopy--;
+ while (cchCopy > 0 && RTPATH_IS_SLASH(pszCopy[cchCopy - 1]))
+ cchCopy--;
+ pszCopy[cchCopy] = '\0';
+ } while (cchCopy > 0);
+ }
+ else
+ {
+ /*
+ * Strip the final path element from the pszDir spec.
+ */
+ char *pszFinalPath;
+ char *pszSpec;
+ uint32_t offError;
+ rc = RTVfsChainSplitOffFinalPath(pszCopy, &pszSpec, &pszFinalPath, &offError);
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Open the root director/whatever.
+ */
+ RTERRINFOSTATIC ErrInfo;
+ RTVFSDIR hVfsBaseDir;
+ if (pszSpec)
+ {
+ rc = RTVfsChainOpenDir(pszSpec, 0 /*fOpen*/, &hVfsBaseDir, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ RTVfsChainMsgError("RTVfsChainOpenDir", pszSpec, rc, offError, &ErrInfo.Core);
+ else if (!pszFinalPath)
+ pszFinalPath = RTStrEnd(pszSpec, RTSTR_MAX);
+ }
+ else if (!RTPathStartsWithRoot(pszFinalPath))
+ {
+ rc = RTVfsDirOpenNormal(".", 0 /*fOpen*/, &hVfsBaseDir);
+ if (RT_FAILURE(rc))
+ RTMsgError("Failed to open '.' (for %s): %Rrc", rc, pszFinalPath);
+ }
+ else
+ {
+ char *pszRoot = pszFinalPath;
+ pszFinalPath = RTPathSkipRootSpec(pszFinalPath);
+ char const chSaved = *pszFinalPath;
+ *pszFinalPath = '\0';
+ rc = RTVfsDirOpenNormal(pszRoot, 0 /*fOpen*/, &hVfsBaseDir);
+ *pszFinalPath = chSaved;
+ if (RT_FAILURE(rc))
+ RTMsgError("Failed to open root dir for '%s': %Rrc", rc, pszRoot);
+ }
+
+ /*
+ * Walk the path component by component, starting at the end.
+ */
+ if (RT_SUCCESS(rc))
+ {
+ size_t cchFinalPath = strlen(pszFinalPath);
+ while (RT_SUCCESS(rc) && cchFinalPath > 0)
+ {
+ rc = RTVfsDirRemoveDir(hVfsBaseDir, pszFinalPath, 0 /*fFlags*/);
+ if (RT_SUCCESS(rc))
+ {
+ if (pOpts->fVerbose)
+ RTPrintf("%s\n", pszCopy);
+ }
+ else if ((rc == VERR_PATH_NOT_FOUND || rc == VERR_FILE_NOT_FOUND) && pOpts->fIgnoreNonExisting)
+ rc = VINF_SUCCESS;
+ else
+ {
+ if ((rc == VERR_DIR_NOT_EMPTY || rc == VERR_SHARING_VIOLATION) && pOpts->fIgnoreNotEmpty)
+ rc = VINF_SUCCESS;
+ else if (pszSpec)
+ RTMsgError("Failed to remove directory '%s:%s': %Rrc", pszSpec, pszFinalPath, rc);
+ else
+ RTMsgError("Failed to remove directory '%s': %Rrc", pszFinalPath, rc);
+ break;
+ }
+
+ /* Strip off a component. */
+ while (cchFinalPath > 0 && RTPATH_IS_SLASH(pszFinalPath[cchFinalPath - 1]))
+ cchFinalPath--;
+ while (cchFinalPath > 0 && !RTPATH_IS_SLASH(pszFinalPath[cchFinalPath - 1]))
+ cchFinalPath--;
+ while (cchFinalPath > 0 && RTPATH_IS_SLASH(pszFinalPath[cchFinalPath - 1]))
+ cchFinalPath--;
+ pszFinalPath[cchFinalPath] = '\0';
+ }
+
+ RTVfsDirRelease(hVfsBaseDir);
+ }
+ }
+ else
+ RTVfsChainMsgError("RTVfsChainOpenParentDir", pszCopy, rc, offError, NULL);
+ }
+ RTStrFree(pszCopy);
+ return RT_SUCCESS(rc) ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
+}
+
+
+/**
+ * Removes one directory.
+ *
+ * @returns exit code
+ * @param pOpts The mkdir option.
+ * @param pszDir The path to the new directory.
+ */
+static RTEXITCODE rtCmdRmDirOne(RTCMDRMDIROPTS const *pOpts, const char *pszDir)
+{
+ int rc;
+ if (!pOpts->fAlwaysUseChainApi && !RTVfsChainIsSpec(pszDir) )
+ rc = RTDirRemove(pszDir);
+ else
+ {
+ RTVFSDIR hVfsDir;
+ const char *pszChild;
+ uint32_t offError;
+ RTERRINFOSTATIC ErrInfo;
+ rc = RTVfsChainOpenParentDir(pszDir, 0 /*fOpen*/, &hVfsDir, &pszChild, &offError, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTVfsDirRemoveDir(hVfsDir, pszChild, 0 /*fFlags*/);
+ RTVfsDirRelease(hVfsDir);
+ }
+ else
+ return RTVfsChainMsgErrorExitFailure("RTVfsChainOpenParentDir", pszDir, rc, offError, &ErrInfo.Core);
+ }
+ if (RT_SUCCESS(rc))
+ {
+ if (pOpts->fVerbose)
+ RTPrintf("%s\n", pszDir);
+ return RTEXITCODE_SUCCESS;
+ }
+ if ((rc == VERR_DIR_NOT_EMPTY || rc == VERR_SHARING_VIOLATION) && pOpts->fIgnoreNotEmpty)
+ return RTEXITCODE_SUCCESS; /** @todo be verbose about this? */
+ if ((rc == VERR_PATH_NOT_FOUND || rc == VERR_FILE_NOT_FOUND) && pOpts->fIgnoreNonExisting)
+ return RTEXITCODE_SUCCESS; /** @todo be verbose about this? */
+ return RTMsgErrorExitFailure("Failed to remove '%s': %Rrc", pszDir, rc);
+}
+
+
+static RTEXITCODE RTCmdRmDir(unsigned cArgs, char **papszArgs)
+{
+ /*
+ * Parse the command line.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ /* operations */
+ { "--parents", 'p', RTGETOPT_REQ_NOTHING },
+ { "--ignore-fail-on-non-empty", 'F', RTGETOPT_REQ_NOTHING },
+ { "--ignore-non-existing", 'E', RTGETOPT_REQ_NOTHING },
+ { "--always-use-vfs-chain-api", 'A', RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ };
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1,
+ RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTGetOpt failed: %Rrc", rc);
+
+ RTCMDRMDIROPTS Opts;
+ Opts.fVerbose = false;
+ Opts.fParents = false;
+ Opts.fIgnoreNotEmpty = false;
+ Opts.fIgnoreNonExisting = false;
+ Opts.fAlwaysUseChainApi = false;
+
+ RTGETOPTUNION ValueUnion;
+ while ( (rc = RTGetOpt(&GetState, &ValueUnion)) != 0
+ && rc != VINF_GETOPT_NOT_OPTION)
+ {
+ switch (rc)
+ {
+ case 'p':
+ Opts.fParents = true;
+ break;
+
+ case 'v':
+ Opts.fVerbose = true;
+ break;
+
+ case 'A':
+ Opts.fAlwaysUseChainApi = true;
+ break;
+
+ case 'E':
+ Opts.fIgnoreNonExisting = true;
+ break;
+
+ case 'F':
+ Opts.fIgnoreNotEmpty = true;
+ break;
+
+ case 'h':
+ RTPrintf("Usage: %s [options] <dir> [..]\n"
+ "\n"
+ "Removes empty directories.\n"
+ "\n"
+ "Options:\n"
+ " -p, --parent\n"
+ " Remove specified parent directories too.\n"
+ " -F, --ignore-fail-on-non-empty\n"
+ " Do not fail if a directory is not empty, just ignore it.\n"
+ " This is really handy with the -p option.\n"
+ " -E, --ignore-non-existing\n"
+ " Do not fail if a specified directory is not there.\n"
+ " -v, --verbose\n"
+ " Tell which directories get remove.\n"
+ " -A, --always-use-vfs-chain-api\n"
+ " Always use the VFS API.\n"
+ , papszArgs[0]);
+ return RTEXITCODE_SUCCESS;
+
+ case 'V':
+ RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
+ return RTEXITCODE_SUCCESS;
+
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+
+ /*
+ * No files means error.
+ */
+ if (rc != VINF_GETOPT_NOT_OPTION)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No directories specified.\n");
+
+ /*
+ * Work thru the specified dirs.
+ */
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ while (rc == VINF_GETOPT_NOT_OPTION)
+ {
+ if (Opts.fParents)
+ rc = rtCmdRmDirOneWithParents(&Opts, ValueUnion.psz);
+ else
+ rc = rtCmdRmDirOne(&Opts, ValueUnion.psz);
+ if (RT_FAILURE(rc))
+ rcExit = RTEXITCODE_FAILURE;
+
+ /* next */
+ rc = RTGetOpt(&GetState, &ValueUnion);
+ }
+ if (rc != 0)
+ rcExit = RTGetOptPrintError(rc, &ValueUnion);
+
+ return rcExit;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTCmdRmDir(argc, argv);
+}
+
diff --git a/src/VBox/Runtime/tools/RTShutdown.cpp b/src/VBox/Runtime/tools/RTShutdown.cpp
new file mode 100644
index 00000000..d632e474
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTShutdown.cpp
@@ -0,0 +1,114 @@
+/* $Id: RTShutdown.cpp $ */
+/** @file
+ * IPRT Testcase - System Shutdown.
+ */
+
+/*
+ * Copyright (C) 2012-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/system.h>
+
+#include <iprt/buildconfig.h>
+#include <iprt/errcore.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /*
+ * Parse the command line.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--halt", 'H', RTGETOPT_REQ_NOTHING },
+ { "--poweroff", 'p', RTGETOPT_REQ_NOTHING },
+ { "--reboot", 'r', RTGETOPT_REQ_NOTHING },
+ { "--force", 'f', RTGETOPT_REQ_NOTHING },
+ { "--delay", 'd', RTGETOPT_REQ_UINT32 },
+ { "--message", 'm', RTGETOPT_REQ_STRING }
+ };
+
+ const char *pszMsg = "RTShutdown";
+ RTMSINTERVAL cMsDelay = 0;
+ uint32_t fFlags = RTSYSTEM_SHUTDOWN_POWER_OFF | RTSYSTEM_SHUTDOWN_PLANNED;
+
+ RTGETOPTSTATE GetState;
+ rc = RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1,
+ RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ for (;;)
+ {
+ RTGETOPTUNION ValueUnion;
+ rc = RTGetOpt(&GetState, &ValueUnion);
+ if (rc == 0)
+ break;
+ switch (rc)
+ {
+ case 'H': fFlags = (fFlags & ~RTSYSTEM_SHUTDOWN_ACTION_MASK) | RTSYSTEM_SHUTDOWN_HALT; break;
+ case 'p': fFlags = (fFlags & ~RTSYSTEM_SHUTDOWN_ACTION_MASK) | RTSYSTEM_SHUTDOWN_POWER_OFF_HALT; break;
+ case 'r': fFlags = (fFlags & ~RTSYSTEM_SHUTDOWN_ACTION_MASK) | RTSYSTEM_SHUTDOWN_REBOOT; break;
+ case 'f': fFlags |= RTSYSTEM_SHUTDOWN_FORCE; break;
+ case 'd': cMsDelay = ValueUnion.u32; break;
+ case 'm': pszMsg = ValueUnion.psz; break;
+
+ case 'h':
+ RTPrintf("Usage: RTShutdown [-H|-p|-r] [-f] [-d <milliseconds>] [-m <msg>]\n");
+ return RTEXITCODE_SUCCESS;
+
+ case 'V':
+ RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
+ return RTEXITCODE_SUCCESS;
+
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+ /*
+ * Do the deed.
+ */
+ rc = RTSystemShutdown(cMsDelay, fFlags, pszMsg);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTSystemShutdown(%u, %#x, \"%s\") returned %Rrc\n", cMsDelay, fFlags, pszMsg, rc);
+ return RTEXITCODE_SUCCESS;
+}
+
diff --git a/src/VBox/Runtime/tools/RTSignTool.cpp b/src/VBox/Runtime/tools/RTSignTool.cpp
new file mode 100644
index 00000000..99cffa44
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTSignTool.cpp
@@ -0,0 +1,6330 @@
+/* $Id: RTSignTool.cpp $ */
+/** @file
+ * IPRT - Signing Tool.
+ */
+
+/*
+ * Copyright (C) 2006-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/assert.h>
+#include <iprt/buildconfig.h>
+#include <iprt/ctype.h>
+#include <iprt/err.h>
+#include <iprt/getopt.h>
+#include <iprt/file.h>
+#include <iprt/initterm.h>
+#include <iprt/ldr.h>
+#include <iprt/message.h>
+#include <iprt/mem.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+#ifdef RT_OS_WINDOWS
+# include <iprt/utf16.h>
+#endif
+#include <iprt/uuid.h>
+#include <iprt/zero.h>
+#include <iprt/formats/asn1.h>
+#include <iprt/formats/mach-o.h>
+#ifndef RT_OS_WINDOWS
+# include <iprt/formats/pecoff.h>
+#else
+# define WIN_CERTIFICATE_ALIGNMENT UINT32_C(8) /* from pecoff.h */
+#endif
+#include <iprt/crypto/applecodesign.h>
+#include <iprt/crypto/digest.h>
+#include <iprt/crypto/key.h>
+#include <iprt/crypto/x509.h>
+#include <iprt/crypto/pkcs7.h>
+#include <iprt/crypto/store.h>
+#include <iprt/crypto/spc.h>
+#include <iprt/crypto/tsp.h>
+#include <iprt/cpp/ministring.h>
+#ifdef VBOX
+# include <VBox/sup.h> /* Certificates */
+#endif
+#ifdef RT_OS_WINDOWS
+# include <iprt/win/windows.h>
+# include <iprt/win/imagehlp.h>
+# include <wincrypt.h>
+# include <ncrypt.h>
+#endif
+#include "internal/ldr.h" /* for IMAGE_XX_SIGNATURE defines */
+
+
+/*********************************************************************************************************************************
+* Defined Constants And Macros *
+*********************************************************************************************************************************/
+#define OPT_OFF_CERT_FILE 0 /**< signtool /f file */
+#define OPT_OFF_CERT_SHA1 1 /**< signtool /sha1 thumbprint */
+#define OPT_OFF_CERT_SUBJECT 2 /**< signtool /n name */
+#define OPT_OFF_CERT_STORE 3 /**< signtool /s store */
+#define OPT_OFF_CERT_STORE_MACHINE 4 /**< signtool /sm */
+#define OPT_OFF_KEY_FILE 5 /**< no signtool equivalent, other than maybe /f. */
+#define OPT_OFF_KEY_PASSWORD 6 /**< signtool /p pass */
+#define OPT_OFF_KEY_PASSWORD_FILE 7 /**< no signtool equivalent. */
+#define OPT_OFF_KEY_NAME 8 /**< signtool /kc name */
+#define OPT_OFF_KEY_PROVIDER 9 /**< signtool /csp name (CSP = cryptographic service provider) */
+
+#define OPT_CERT_KEY_SWITCH_CASES(a_Instance, a_uBase, a_chOpt, a_ValueUnion, a_rcExit) \
+ case (a_uBase) + OPT_OFF_CERT_FILE: \
+ case (a_uBase) + OPT_OFF_CERT_SHA1: \
+ case (a_uBase) + OPT_OFF_CERT_SUBJECT: \
+ case (a_uBase) + OPT_OFF_CERT_STORE: \
+ case (a_uBase) + OPT_OFF_CERT_STORE_MACHINE: \
+ case (a_uBase) + OPT_OFF_KEY_FILE: \
+ case (a_uBase) + OPT_OFF_KEY_PASSWORD: \
+ case (a_uBase) + OPT_OFF_KEY_PASSWORD_FILE: \
+ case (a_uBase) + OPT_OFF_KEY_NAME: \
+ case (a_uBase) + OPT_OFF_KEY_PROVIDER: \
+ a_rcExit = a_Instance.handleOption((a_chOpt) - (a_uBase), &(a_ValueUnion)); \
+ break
+
+#define OPT_CERT_KEY_GETOPTDEF_ENTRIES(a_szPrefix, a_szSuffix, a_uBase) \
+ { a_szPrefix "cert-file" a_szSuffix, (a_uBase) + OPT_OFF_CERT_FILE, RTGETOPT_REQ_STRING }, \
+ { a_szPrefix "cert-sha1" a_szSuffix, (a_uBase) + OPT_OFF_CERT_SHA1, RTGETOPT_REQ_STRING }, \
+ { a_szPrefix "cert-subject" a_szSuffix, (a_uBase) + OPT_OFF_CERT_SUBJECT, RTGETOPT_REQ_STRING }, \
+ { a_szPrefix "cert-store" a_szSuffix, (a_uBase) + OPT_OFF_CERT_STORE, RTGETOPT_REQ_STRING }, \
+ { a_szPrefix "cert-machine-store" a_szSuffix, (a_uBase) + OPT_OFF_CERT_STORE_MACHINE, RTGETOPT_REQ_NOTHING }, \
+ { a_szPrefix "key-file" a_szSuffix, (a_uBase) + OPT_OFF_KEY_FILE, RTGETOPT_REQ_STRING }, \
+ { a_szPrefix "key-password" a_szSuffix, (a_uBase) + OPT_OFF_KEY_PASSWORD, RTGETOPT_REQ_STRING }, \
+ { a_szPrefix "key-password-file" a_szSuffix, (a_uBase) + OPT_OFF_KEY_PASSWORD_FILE, RTGETOPT_REQ_STRING }, \
+ { a_szPrefix "key-name" a_szSuffix, (a_uBase) + OPT_OFF_KEY_NAME, RTGETOPT_REQ_STRING }, \
+ { a_szPrefix "key-provider" a_szSuffix, (a_uBase) + OPT_OFF_KEY_PROVIDER, RTGETOPT_REQ_STRING }
+
+#define OPT_CERT_KEY_GETOPTDEF_COMPAT_ENTRIES(a_uBase) \
+ { "/f", (a_uBase) + OPT_OFF_CERT_FILE, RTGETOPT_REQ_STRING }, \
+ { "/sha1", (a_uBase) + OPT_OFF_CERT_SHA1, RTGETOPT_REQ_STRING }, \
+ { "/n", (a_uBase) + OPT_OFF_CERT_SUBJECT, RTGETOPT_REQ_STRING }, \
+ { "/s", (a_uBase) + OPT_OFF_CERT_STORE, RTGETOPT_REQ_STRING }, \
+ { "/sm", (a_uBase) + OPT_OFF_CERT_STORE_MACHINE, RTGETOPT_REQ_NOTHING }, \
+ { "/p", (a_uBase) + OPT_OFF_KEY_PASSWORD, RTGETOPT_REQ_STRING }, \
+ { "/kc", (a_uBase) + OPT_OFF_KEY_NAME, RTGETOPT_REQ_STRING }, \
+ { "/csp", (a_uBase) + OPT_OFF_KEY_PROVIDER, RTGETOPT_REQ_STRING }
+
+#define OPT_CERT_KEY_SYNOPSIS(a_szPrefix, a_szSuffix) \
+ "[" a_szPrefix "cert-file" a_szSuffix " <file.pem|file.crt>] " \
+ "[" a_szPrefix "cert-sha1" a_szSuffix " <fingerprint>] " \
+ "[" a_szPrefix "cert-subject" a_szSuffix " <part-name>] " \
+ "[" a_szPrefix "cert-store" a_szSuffix " <store>] " \
+ "[" a_szPrefix "cert-machine-store" a_szSuffix "] " \
+ "[" a_szPrefix "key-file" a_szSuffix " <file.pem|file.p12>] " \
+ "[" a_szPrefix "key-password" a_szSuffix " <password>] " \
+ "[" a_szPrefix "key-password-file" a_szSuffix " <file>|stdin] " \
+ "[" a_szPrefix "key-name" a_szSuffix " <name>] " \
+ "[" a_szPrefix "key-provider" a_szSuffix " <csp>] "
+
+#define OPT_HASH_PAGES 1200
+#define OPT_NO_HASH_PAGES 1201
+#define OPT_ADD_CERT 1202
+#define OPT_TIMESTAMP_TYPE 1203
+#define OPT_TIMESTAMP_TYPE_2 1204
+#define OPT_TIMESTAMP_OVERRIDE 1205
+#define OPT_NO_SIGNING_TIME 1206
+#define OPT_FILE_TYPE 1207
+#define OPT_IGNORED 1208
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+/** Help detail levels. */
+typedef enum RTSIGNTOOLHELP
+{
+ RTSIGNTOOLHELP_USAGE,
+ RTSIGNTOOLHELP_FULL
+} RTSIGNTOOLHELP;
+
+
+/** Filetypes. */
+typedef enum RTSIGNTOOLFILETYPE
+{
+ RTSIGNTOOLFILETYPE_INVALID = 0,
+ RTSIGNTOOLFILETYPE_DETECT,
+ RTSIGNTOOLFILETYPE_EXE,
+ RTSIGNTOOLFILETYPE_CAT,
+ RTSIGNTOOLFILETYPE_UNKNOWN,
+ RTSIGNTOOLFILETYPE_END
+} RTSIGNTOOLFILETYPE;
+
+
+/**
+ * PKCS\#7 signature data.
+ */
+typedef struct SIGNTOOLPKCS7
+{
+ /** The file type. */
+ RTSIGNTOOLFILETYPE enmType;
+ /** The raw signature. */
+ uint8_t *pbBuf;
+ /** Size of the raw signature. */
+ size_t cbBuf;
+ /** The filename. */
+ const char *pszFilename;
+ /** The outer content info wrapper. */
+ RTCRPKCS7CONTENTINFO ContentInfo;
+ /** Pointer to the decoded SignedData inside the ContentInfo member. */
+ PRTCRPKCS7SIGNEDDATA pSignedData;
+
+ /** Newly encoded raw signature.
+ * @sa SignToolPkcs7_Encode() */
+ uint8_t *pbNewBuf;
+ /** Size of newly encoded raw signature. */
+ size_t cbNewBuf;
+
+} SIGNTOOLPKCS7;
+typedef SIGNTOOLPKCS7 *PSIGNTOOLPKCS7;
+
+
+/**
+ * PKCS\#7 signature data for executable.
+ */
+typedef struct SIGNTOOLPKCS7EXE : public SIGNTOOLPKCS7
+{
+ /** The module handle. */
+ RTLDRMOD hLdrMod;
+} SIGNTOOLPKCS7EXE;
+typedef SIGNTOOLPKCS7EXE *PSIGNTOOLPKCS7EXE;
+
+
+/**
+ * Data for the show exe (signature) command.
+ */
+typedef struct SHOWEXEPKCS7 : public SIGNTOOLPKCS7EXE
+{
+ /** The verbosity. */
+ unsigned cVerbosity;
+ /** The prefix buffer. */
+ char szPrefix[256];
+ /** Temporary buffer. */
+ char szTmp[4096];
+} SHOWEXEPKCS7;
+typedef SHOWEXEPKCS7 *PSHOWEXEPKCS7;
+
+
+/*********************************************************************************************************************************
+* Internal Functions *
+*********************************************************************************************************************************/
+static RTEXITCODE HandleHelp(int cArgs, char **papszArgs);
+static RTEXITCODE HelpHelp(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel);
+static RTEXITCODE HandleVersion(int cArgs, char **papszArgs);
+static int HandleShowExeWorkerPkcs7DisplaySignerInfo(PSHOWEXEPKCS7 pThis, size_t offPrefix, PCRTCRPKCS7SIGNERINFO pSignerInfo);
+static int HandleShowExeWorkerPkcs7Display(PSHOWEXEPKCS7 pThis, PRTCRPKCS7SIGNEDDATA pSignedData, size_t offPrefix,
+ PCRTCRPKCS7CONTENTINFO pContentInfo);
+
+
+/*********************************************************************************************************************************
+* Certificate and Private Key Handling (options, ++). *
+*********************************************************************************************************************************/
+#ifdef RT_OS_WINDOWS
+
+/** @todo create a better fake certificate. */
+const unsigned char g_abFakeCertificate[] =
+{
+ 0x30, 0x82, 0x03, 0xb2, 0x30, 0x82, 0x02, 0x9a, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x31, /* 0x00000000: 0...0..........1 */
+ 0xba, 0xd6, 0xbc, 0x5d, 0x9a, 0xe0, 0xb0, 0x4e, 0xd4, 0xfa, 0xcc, 0xfb, 0x47, 0x00, 0x5c, 0x30, /* 0x00000010: ...]...N....G.\0 */
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x71, /* 0x00000020: ...*.H........0q */
+ 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x54, 0x69, 0x6d, 0x65, 0x73, /* 0x00000030: 1.0...U....Times */
+ 0x74, 0x61, 0x6d, 0x70, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x32, 0x31, 0x0c, /* 0x00000040: tamp Signing 21. */
+ 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03, 0x44, 0x65, 0x76, 0x31, 0x15, 0x30, 0x13, /* 0x00000050: 0...U....Dev1.0. */
+ 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6f, 0x6d, 0x70, /* 0x00000060: ..U....Test Comp */
+ 0x61, 0x6e, 0x79, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x53, 0x74, /* 0x00000070: any1.0...U....St */
+ 0x75, 0x74, 0x74, 0x67, 0x61, 0x72, 0x74, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, /* 0x00000080: uttgart1.0...U.. */
+ 0x0c, 0x02, 0x42, 0x42, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x44, /* 0x00000090: ..BB1.0...U....D */
+ 0x45, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x31, 0x30, /* 0x000000a0: E0...00010100010 */
+ 0x31, 0x5a, 0x17, 0x0d, 0x33, 0x36, 0x31, 0x32, 0x33, 0x31, 0x32, 0x32, 0x35, 0x39, 0x35, 0x39, /* 0x000000b0: 1Z..361231225959 */
+ 0x5a, 0x30, 0x71, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x54, 0x69, /* 0x000000c0: Z0q1.0...U....Ti */
+ 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, /* 0x000000d0: mestamp Signing */
+ 0x32, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03, 0x44, 0x65, 0x76, 0x31, /* 0x000000e0: 21.0...U....Dev1 */
+ 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, /* 0x000000f0: .0...U....Test C */
+ 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, /* 0x00000100: ompany1.0...U... */
+ 0x09, 0x53, 0x74, 0x75, 0x74, 0x74, 0x67, 0x61, 0x72, 0x74, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, /* 0x00000110: .Stuttgart1.0... */
+ 0x55, 0x04, 0x08, 0x0c, 0x02, 0x42, 0x42, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, /* 0x00000120: U....BB1.0...U.. */
+ 0x13, 0x02, 0x44, 0x45, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, /* 0x00000130: ..DE0.."0...*.H. */
+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, /* 0x00000140: ............0... */
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xdb, 0x18, 0x63, 0x33, 0xf2, 0x08, 0x90, 0x5a, 0xab, 0xda, 0x88, /* 0x00000150: .......c3...Z... */
+ 0x73, 0x86, 0x49, 0xea, 0x8b, 0xaf, 0xcf, 0x67, 0x15, 0xa5, 0x39, 0xe6, 0xa2, 0x94, 0x0c, 0x3f, /* 0x00000160: s.I....g..9....? */
+ 0xa1, 0x2e, 0x6c, 0xd2, 0xdf, 0x01, 0x65, 0x6d, 0xed, 0x6c, 0x4c, 0xac, 0xe7, 0x77, 0x7a, 0x45, /* 0x00000170: ..l...em.lL..wzE */
+ 0x05, 0x6b, 0x24, 0xf3, 0xaf, 0x45, 0x35, 0x6e, 0x64, 0x0a, 0xac, 0x1d, 0x37, 0xe1, 0x33, 0xa4, /* 0x00000180: .k$..E5nd...7.3. */
+ 0x92, 0xec, 0x45, 0xe8, 0x99, 0xc1, 0xde, 0x6f, 0xab, 0x7c, 0xf0, 0xdc, 0xe2, 0xc5, 0x42, 0xa3, /* 0x00000190: ..E....o.|....B. */
+ 0xea, 0xf5, 0x8a, 0xf9, 0x0e, 0xe7, 0xb3, 0x35, 0xa2, 0x75, 0x5e, 0x87, 0xd2, 0x2a, 0xd1, 0x27, /* 0x000001a0: .......5.u^..*.' */
+ 0xa6, 0x79, 0x9e, 0xfe, 0x90, 0xbf, 0x97, 0xa4, 0xa1, 0xd8, 0xf7, 0xd7, 0x05, 0x59, 0x44, 0x27, /* 0x000001b0: .y...........YD' */
+ 0x39, 0x6e, 0x33, 0x01, 0x2e, 0x46, 0x92, 0x47, 0xbe, 0x50, 0x91, 0x26, 0x27, 0xe5, 0x4b, 0x3a, /* 0x000001c0: 9n3..F.G.P.&'.K: */
+ 0x76, 0x26, 0x64, 0x92, 0x0c, 0xa0, 0x54, 0x43, 0x6f, 0x56, 0xcc, 0x7b, 0xd0, 0xe3, 0xd8, 0x39, /* 0x000001d0: v&d...TCoV.{...9 */
+ 0x5f, 0xb9, 0x41, 0xda, 0x1c, 0x62, 0x88, 0x0c, 0x45, 0x03, 0x63, 0xf8, 0xff, 0xe5, 0x3e, 0x87, /* 0x000001e0: _.A..b..E.c...>. */
+ 0x0c, 0x75, 0xc9, 0xdd, 0xa2, 0xc0, 0x1b, 0x63, 0x19, 0xeb, 0x09, 0x9d, 0xa1, 0xbb, 0x0f, 0x63, /* 0x000001f0: .u.....c.......c */
+ 0x67, 0x1c, 0xa3, 0xfd, 0x2f, 0xd1, 0x2a, 0xda, 0xd8, 0x93, 0x66, 0x45, 0x54, 0xef, 0x8b, 0x6d, /* 0x00000200: g.....*...fET..m */
+ 0x12, 0x15, 0x0f, 0xd4, 0xb5, 0x04, 0x17, 0x30, 0x5b, 0xfa, 0x12, 0x96, 0x48, 0x5b, 0x38, 0x65, /* 0x00000210: .......0[...H[8e */
+ 0xfd, 0x8f, 0x0c, 0xa3, 0x11, 0x46, 0x49, 0xe0, 0x62, 0xc3, 0xcc, 0x34, 0xe6, 0xfb, 0xab, 0x51, /* 0x00000220: .....FI.b..4...Q */
+ 0xc3, 0xd4, 0x0b, 0xdc, 0x39, 0x93, 0x87, 0x90, 0x10, 0x9f, 0xce, 0x43, 0x27, 0x31, 0xd5, 0x4e, /* 0x00000230: ....9......C'1.N */
+ 0x52, 0x60, 0xf1, 0x93, 0xd5, 0x06, 0xc4, 0x4e, 0x65, 0xb6, 0x35, 0x4a, 0x64, 0x15, 0xf8, 0xaf, /* 0x00000240: R`.....Ne.5Jd... */
+ 0x71, 0xb2, 0x42, 0x50, 0x89, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x46, 0x30, 0x44, 0x30, 0x0e, /* 0x00000250: q.BP.......F0D0. */
+ 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x13, /* 0x00000260: ..U...........0. */
+ 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, /* 0x00000270: ..U.%..0...+.... */
+ 0x07, 0x03, 0x08, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x52, 0x9d, /* 0x00000280: ...0...U......R. */
+ 0x4d, 0xcd, 0x41, 0xe1, 0xd2, 0x68, 0x22, 0xd3, 0x10, 0x33, 0x01, 0xca, 0xff, 0x00, 0x1d, 0x27, /* 0x00000290: M.A..h"..3.....' */
+ 0xa4, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, /* 0x000002a0: ..0...*.H....... */
+ 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xc5, 0x5a, 0x51, 0x83, 0x68, 0x3f, 0x06, 0x39, 0x79, 0x13, /* 0x000002b0: .......ZQ.h?.9y. */
+ 0xa6, 0xf0, 0x1a, 0xf9, 0x29, 0x16, 0x2d, 0xa2, 0x07, 0xaa, 0x9b, 0xc3, 0x13, 0x88, 0x39, 0x69, /* 0x000002c0: ....).-.......9i */
+ 0xba, 0xf7, 0x0d, 0xfb, 0xc0, 0x6e, 0x3a, 0x0b, 0x49, 0x10, 0xd1, 0xbe, 0x36, 0x91, 0x3f, 0x9d, /* 0x000002d0: .....n:.I...6.?. */
+ 0xa1, 0xe8, 0xc4, 0x91, 0xf9, 0x02, 0xe1, 0xf1, 0x01, 0x15, 0x09, 0xb7, 0xa1, 0xf1, 0xec, 0x43, /* 0x000002e0: ...............C */
+ 0x0d, 0x73, 0xd1, 0x31, 0x02, 0x4a, 0xce, 0x21, 0xf2, 0xa7, 0x99, 0x7c, 0xee, 0x85, 0x54, 0xc0, /* 0x000002f0: .s.1.J.!...|..T. */
+ 0x55, 0x9b, 0x19, 0x37, 0xe8, 0xcf, 0x94, 0x41, 0x10, 0x6e, 0x67, 0xdd, 0x86, 0xaf, 0xb7, 0xfe, /* 0x00000300: U..7...A.ng..... */
+ 0x50, 0x05, 0xf6, 0xfb, 0x0a, 0xdf, 0x88, 0xb5, 0x59, 0x69, 0x98, 0x27, 0xf8, 0x81, 0x6a, 0x4a, /* 0x00000310: P.......Yi.'..jJ */
+ 0x7c, 0xf3, 0x63, 0xa9, 0x41, 0x78, 0x76, 0x12, 0xdb, 0x0e, 0x94, 0x0a, 0xdb, 0x1d, 0x3c, 0x87, /* 0x00000320: |.c.Axv.......<. */
+ 0x35, 0xca, 0x28, 0xeb, 0xb0, 0x62, 0x27, 0x69, 0xe2, 0xf3, 0x84, 0x48, 0xa2, 0x2d, 0xd7, 0x0e, /* 0x00000330: 5.(..b'i...H.-.. */
+ 0x4b, 0x6d, 0x39, 0xa7, 0x3e, 0x04, 0x94, 0x8e, 0xb6, 0x4b, 0x91, 0x01, 0x68, 0xf9, 0xd2, 0x75, /* 0x00000340: Km9.>....K..h..u */
+ 0x1b, 0xac, 0x42, 0x3b, 0x85, 0xfc, 0x5b, 0x48, 0x3a, 0x13, 0xe7, 0x1c, 0x17, 0xcd, 0x84, 0x89, /* 0x00000350: ..B;..[H:....... */
+ 0x9e, 0x5f, 0xe3, 0x77, 0xc0, 0xae, 0x34, 0xc3, 0x87, 0x76, 0x4a, 0x23, 0x30, 0xa0, 0xe1, 0x45, /* 0x00000360: ._.w..4..vJ#0..E */
+ 0x94, 0x2a, 0x5b, 0x6b, 0x5a, 0xf0, 0x1a, 0x7e, 0xa6, 0xc4, 0xed, 0xe4, 0xac, 0x5d, 0xdf, 0x87, /* 0x00000370: .*[kZ..~.....].. */
+ 0x8f, 0xc5, 0xb4, 0x8c, 0xbc, 0x70, 0xc1, 0xf7, 0xb2, 0x72, 0xbd, 0x73, 0xc9, 0x4e, 0xed, 0x8d, /* 0x00000380: .....p...r.s.N.. */
+ 0x29, 0x33, 0xe9, 0x14, 0xc1, 0x5e, 0xff, 0x39, 0xa8, 0xe7, 0x9a, 0x3b, 0x7a, 0x3c, 0xce, 0x5d, /* 0x00000390: )3...^.9...;z<.] */
+ 0x0f, 0x3c, 0x82, 0x90, 0xff, 0x81, 0x82, 0x00, 0x82, 0x5f, 0xba, 0x08, 0x79, 0xb1, 0x97, 0xc3, /* 0x000003a0: .<......._..y... */
+ 0x09, 0x75, 0xc0, 0x04, 0x9b, 0x67, /* 0x000003b0: .u...g */
+};
+
+const unsigned char g_abFakeRsaKey[] =
+{
+ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xdb, 0x18, 0x63, 0x33, /* 0x00000000: 0.............c3 */
+ 0xf2, 0x08, 0x90, 0x5a, 0xab, 0xda, 0x88, 0x73, 0x86, 0x49, 0xea, 0x8b, 0xaf, 0xcf, 0x67, 0x15, /* 0x00000010: ...Z...s.I....g. */
+ 0xa5, 0x39, 0xe6, 0xa2, 0x94, 0x0c, 0x3f, 0xa1, 0x2e, 0x6c, 0xd2, 0xdf, 0x01, 0x65, 0x6d, 0xed, /* 0x00000020: .9....?..l...em. */
+ 0x6c, 0x4c, 0xac, 0xe7, 0x77, 0x7a, 0x45, 0x05, 0x6b, 0x24, 0xf3, 0xaf, 0x45, 0x35, 0x6e, 0x64, /* 0x00000030: lL..wzE.k$..E5nd */
+ 0x0a, 0xac, 0x1d, 0x37, 0xe1, 0x33, 0xa4, 0x92, 0xec, 0x45, 0xe8, 0x99, 0xc1, 0xde, 0x6f, 0xab, /* 0x00000040: ...7.3...E....o. */
+ 0x7c, 0xf0, 0xdc, 0xe2, 0xc5, 0x42, 0xa3, 0xea, 0xf5, 0x8a, 0xf9, 0x0e, 0xe7, 0xb3, 0x35, 0xa2, /* 0x00000050: |....B........5. */
+ 0x75, 0x5e, 0x87, 0xd2, 0x2a, 0xd1, 0x27, 0xa6, 0x79, 0x9e, 0xfe, 0x90, 0xbf, 0x97, 0xa4, 0xa1, /* 0x00000060: u^..*.'.y....... */
+ 0xd8, 0xf7, 0xd7, 0x05, 0x59, 0x44, 0x27, 0x39, 0x6e, 0x33, 0x01, 0x2e, 0x46, 0x92, 0x47, 0xbe, /* 0x00000070: ....YD'9n3..F.G. */
+ 0x50, 0x91, 0x26, 0x27, 0xe5, 0x4b, 0x3a, 0x76, 0x26, 0x64, 0x92, 0x0c, 0xa0, 0x54, 0x43, 0x6f, /* 0x00000080: P.&'.K:v&d...TCo */
+ 0x56, 0xcc, 0x7b, 0xd0, 0xe3, 0xd8, 0x39, 0x5f, 0xb9, 0x41, 0xda, 0x1c, 0x62, 0x88, 0x0c, 0x45, /* 0x00000090: V.{...9_.A..b..E */
+ 0x03, 0x63, 0xf8, 0xff, 0xe5, 0x3e, 0x87, 0x0c, 0x75, 0xc9, 0xdd, 0xa2, 0xc0, 0x1b, 0x63, 0x19, /* 0x000000a0: .c...>..u.....c. */
+ 0xeb, 0x09, 0x9d, 0xa1, 0xbb, 0x0f, 0x63, 0x67, 0x1c, 0xa3, 0xfd, 0x2f, 0xd1, 0x2a, 0xda, 0xd8, /* 0x000000b0: ......cg.....*.. */
+ 0x93, 0x66, 0x45, 0x54, 0xef, 0x8b, 0x6d, 0x12, 0x15, 0x0f, 0xd4, 0xb5, 0x04, 0x17, 0x30, 0x5b, /* 0x000000c0: .fET..m.......0[ */
+ 0xfa, 0x12, 0x96, 0x48, 0x5b, 0x38, 0x65, 0xfd, 0x8f, 0x0c, 0xa3, 0x11, 0x46, 0x49, 0xe0, 0x62, /* 0x000000d0: ...H[8e.....FI.b */
+ 0xc3, 0xcc, 0x34, 0xe6, 0xfb, 0xab, 0x51, 0xc3, 0xd4, 0x0b, 0xdc, 0x39, 0x93, 0x87, 0x90, 0x10, /* 0x000000e0: ..4...Q....9.... */
+ 0x9f, 0xce, 0x43, 0x27, 0x31, 0xd5, 0x4e, 0x52, 0x60, 0xf1, 0x93, 0xd5, 0x06, 0xc4, 0x4e, 0x65, /* 0x000000f0: ..C'1.NR`.....Ne */
+ 0xb6, 0x35, 0x4a, 0x64, 0x15, 0xf8, 0xaf, 0x71, 0xb2, 0x42, 0x50, 0x89, 0x02, 0x03, 0x01, 0x00, /* 0x00000100: .5Jd...q.BP..... */
+ 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd0, 0x5e, 0x09, 0x3a, 0xc5, 0xdc, 0xcf, 0x2c, 0xec, 0x74, /* 0x00000110: .......^.:...,.t */
+ 0x11, 0x81, 0x8d, 0x1d, 0x8f, 0x2a, 0xfa, 0x31, 0x4d, 0xe0, 0x90, 0x1a, 0xd8, 0xf5, 0x95, 0xc7, /* 0x00000120: .....*.1M....... */
+ 0x70, 0x5c, 0x62, 0x42, 0xac, 0xe9, 0xd9, 0xf2, 0x14, 0xf1, 0xd0, 0x25, 0xbb, 0xeb, 0x06, 0xfe, /* 0x00000130: p\bB.......%.... */
+ 0x09, 0xd6, 0x75, 0x67, 0xd7, 0x39, 0xc1, 0xa0, 0x67, 0x34, 0x4d, 0xd2, 0x12, 0x97, 0xaa, 0x5d, /* 0x00000140: ..ug.9..g4M....] */
+ 0xeb, 0x0e, 0xb0, 0x16, 0x6c, 0x78, 0x8e, 0xa0, 0x75, 0xa3, 0xaa, 0x57, 0x88, 0x3b, 0x43, 0x4f, /* 0x00000150: ....lx..u..W.;CO */
+ 0x75, 0x85, 0x67, 0xb0, 0x9b, 0xdd, 0x49, 0x0e, 0x6e, 0xdb, 0xea, 0xb3, 0xd4, 0x88, 0x54, 0xa0, /* 0x00000160: u.g...I.n.....T. */
+ 0x46, 0x0d, 0x55, 0x6d, 0x98, 0xbd, 0x20, 0xf9, 0x9f, 0x61, 0x2d, 0x6f, 0xc7, 0xd7, 0x16, 0x66, /* 0x00000170: F.Um.. ..a-o...f */
+ 0x72, 0xc7, 0x73, 0xbe, 0x9e, 0x48, 0xdc, 0x65, 0x12, 0x46, 0x35, 0x69, 0x55, 0xd8, 0x6b, 0x81, /* 0x00000180: r.s..H.e.F5iU.k. */
+ 0x78, 0x40, 0x15, 0x93, 0x60, 0x31, 0x4e, 0x87, 0x15, 0x2a, 0x74, 0x74, 0x7b, 0xa0, 0x1f, 0x59, /* 0x00000190: x@..`1N..*tt{..Y */
+ 0x8d, 0xc8, 0x3f, 0xdd, 0xf0, 0x13, 0x88, 0x2a, 0x4a, 0xf2, 0xf5, 0xf1, 0x9e, 0xf3, 0x2d, 0x9c, /* 0x000001a0: ..?....*J.....-. */
+ 0x8e, 0xbc, 0xb1, 0x21, 0x45, 0xc7, 0x44, 0x0c, 0x6a, 0xfe, 0x4c, 0x20, 0xdc, 0x73, 0xda, 0x62, /* 0x000001b0: ...!E.D.j.L .s.b */
+ 0x21, 0xcb, 0xdf, 0x06, 0xfc, 0x90, 0xc2, 0xbd, 0xd6, 0xde, 0xfb, 0xf6, 0x08, 0x69, 0x5d, 0xea, /* 0x000001c0: !............i]. */
+ 0xb3, 0x7f, 0x93, 0x61, 0xf2, 0xc1, 0xd0, 0x61, 0x4f, 0xd5, 0x5b, 0x63, 0xba, 0xb0, 0x3b, 0x07, /* 0x000001d0: ...a...aO.[c..;. */
+ 0x7a, 0x55, 0xcd, 0xa1, 0xae, 0x8a, 0x92, 0x21, 0xcc, 0x2f, 0x5b, 0xf8, 0x40, 0x6a, 0xcd, 0xd5, /* 0x000001e0: zU.....!..[.@j.. */
+ 0x5f, 0x15, 0xf4, 0xb6, 0xbd, 0xe5, 0x91, 0xb9, 0xa8, 0xcc, 0x2a, 0xa8, 0xa6, 0x67, 0x57, 0x2b, /* 0x000001f0: _.........*..gW+ */
+ 0x4b, 0xe9, 0x88, 0xe0, 0xbb, 0x58, 0xac, 0x69, 0x5f, 0x3c, 0x76, 0x28, 0xa6, 0x9d, 0xbc, 0x71, /* 0x00000200: K....X.i_<v(...q */
+ 0x7f, 0xcb, 0x0c, 0xc0, 0xbd, 0x61, 0x02, 0x81, 0x81, 0x00, 0xfc, 0x62, 0x79, 0x5b, 0xac, 0xf6, /* 0x00000210: .....a.....by[.. */
+ 0x9b, 0x8c, 0xaa, 0x76, 0x2a, 0x30, 0x0e, 0xcf, 0x6b, 0x88, 0x72, 0x54, 0x8c, 0xdf, 0xf3, 0x9d, /* 0x00000220: ...v*0..k.rT.... */
+ 0x84, 0xbb, 0xe7, 0x9d, 0xd4, 0x04, 0x29, 0x3c, 0xb5, 0x9d, 0x60, 0x9a, 0xcc, 0x12, 0xf3, 0xfa, /* 0x00000230: ......)<..`..... */
+ 0x64, 0x30, 0x23, 0x47, 0xc6, 0xa4, 0x8b, 0x6c, 0x73, 0x6c, 0x6b, 0x78, 0x82, 0xec, 0x05, 0x19, /* 0x00000240: d0#G...lslkx.... */
+ 0xde, 0xdd, 0xde, 0x52, 0xc5, 0x20, 0xd1, 0x11, 0x58, 0x19, 0x07, 0x5a, 0x90, 0xdd, 0x22, 0x91, /* 0x00000250: ...R. ..X..Z..". */
+ 0x89, 0x22, 0x3f, 0x12, 0x54, 0x1a, 0xb8, 0x79, 0xd8, 0x6c, 0xbc, 0xf5, 0x0d, 0xc7, 0x73, 0x5c, /* 0x00000260: ."?.T..y.l....s\ */
+ 0xed, 0xba, 0x40, 0x2b, 0x72, 0x34, 0x34, 0x97, 0xfa, 0x49, 0xf6, 0x43, 0x7c, 0xbc, 0x61, 0x30, /* 0x00000270: ..@+r44..I.C|.a0 */
+ 0x54, 0x22, 0x21, 0x5f, 0x77, 0x68, 0x6b, 0x83, 0x95, 0xc6, 0x8d, 0xb8, 0x25, 0x3a, 0xd3, 0xb2, /* 0x00000280: T"!_whk.....%:.. */
+ 0xbe, 0x29, 0x94, 0x01, 0x15, 0xf0, 0x36, 0x9d, 0x3e, 0xff, 0x02, 0x81, 0x81, 0x00, 0xde, 0x3b, /* 0x00000290: .)....6.>......; */
+ 0xd6, 0x4b, 0x38, 0x69, 0x9b, 0x71, 0x29, 0x89, 0xd4, 0x6d, 0x8c, 0x41, 0xee, 0xe2, 0x4d, 0xfc, /* 0x000002a0: .K8i.q)..m.A..M. */
+ 0xf0, 0x9a, 0x73, 0xf1, 0x15, 0x94, 0xac, 0x1b, 0x68, 0x5f, 0x79, 0x15, 0x3a, 0x41, 0x55, 0x09, /* 0x000002b0: ..s.....h_y.:AU. */
+ 0xc7, 0x1e, 0xec, 0x27, 0x67, 0xe2, 0xdc, 0x54, 0xa8, 0x09, 0xe6, 0x46, 0x92, 0x92, 0x03, 0x8d, /* 0x000002c0: ...'g..T...F.... */
+ 0xe5, 0x96, 0xfb, 0x1a, 0xdd, 0x59, 0x6f, 0x92, 0xf1, 0xf6, 0x8f, 0x76, 0xb0, 0xc5, 0xe6, 0xd7, /* 0x000002d0: .....Yo....v.... */
+ 0x1b, 0x25, 0xaf, 0x04, 0x9f, 0xd8, 0x71, 0x27, 0x97, 0x99, 0x23, 0x09, 0x7d, 0xef, 0x06, 0x13, /* 0x000002e0: .%....q'..#.}... */
+ 0xab, 0xdc, 0xa2, 0xd8, 0x5f, 0xc5, 0xec, 0xf3, 0x62, 0x20, 0x72, 0x7b, 0xa8, 0xc7, 0x09, 0x24, /* 0x000002f0: ...._...b r{...$ */
+ 0xaf, 0x72, 0xc9, 0xea, 0xb8, 0x2d, 0xda, 0x00, 0xc8, 0xfe, 0xb4, 0x9f, 0x9f, 0xc7, 0xa9, 0xf7, /* 0x00000300: .r...-.......... */
+ 0x1d, 0xce, 0xb1, 0xdb, 0xc5, 0x8a, 0x4e, 0xe8, 0x88, 0x77, 0x68, 0xdd, 0xf8, 0x77, 0x02, 0x81, /* 0x00000310: ......N..wh..w.. */
+ 0x80, 0x5b, 0xa5, 0x8e, 0x98, 0x01, 0xa8, 0xd3, 0x37, 0x33, 0x37, 0x11, 0x7e, 0xbe, 0x02, 0x07, /* 0x00000320: .[......737.~... */
+ 0xf4, 0x56, 0x3f, 0xe9, 0x9f, 0xf1, 0x20, 0xc3, 0xf0, 0x4f, 0xdc, 0xf9, 0xfe, 0x40, 0xd3, 0x30, /* 0x00000330: .V?... ..O...@.0 */
+ 0xc7, 0xe3, 0x2a, 0x92, 0xec, 0x56, 0xf8, 0x17, 0xa5, 0x7b, 0x4a, 0x37, 0x11, 0xcd, 0x27, 0x26, /* 0x00000340: ..*..V...{J7..'& */
+ 0x8a, 0xba, 0x43, 0xda, 0x96, 0xc6, 0x0b, 0x6c, 0xe8, 0x78, 0x30, 0xea, 0x30, 0x4e, 0x7a, 0xd3, /* 0x00000350: ..C....l.x0.0Nz. */
+ 0xd8, 0xd2, 0xd8, 0xca, 0x3d, 0xe2, 0xad, 0xa2, 0x74, 0x73, 0x1e, 0xbe, 0xb7, 0xad, 0x41, 0x61, /* 0x00000360: ....=...ts....Aa */
+ 0x9b, 0xaa, 0xc9, 0xf9, 0xa4, 0xf1, 0x79, 0x4f, 0x42, 0x10, 0xc7, 0x36, 0x03, 0x4b, 0x0d, 0xdc, /* 0x00000370: ......yOB..6.K.. */
+ 0xef, 0x3a, 0xa3, 0xab, 0x09, 0xe4, 0xe8, 0xdd, 0xc4, 0x3f, 0x06, 0x21, 0xa0, 0x23, 0x5a, 0x76, /* 0x00000380: .:.......?.!.#Zv */
+ 0xea, 0xd0, 0xcf, 0x8b, 0x85, 0x5f, 0x16, 0x4b, 0x03, 0x62, 0x21, 0x3a, 0xcc, 0x2d, 0xa8, 0xd0, /* 0x00000390: ....._.K.b!:.-.. */
+ 0x15, 0x02, 0x81, 0x80, 0x51, 0xf6, 0x89, 0xbb, 0xa6, 0x6b, 0xb4, 0xcb, 0xd0, 0xc1, 0x27, 0xda, /* 0x000003a0: ....Q....k....'. */
+ 0xdb, 0x6e, 0xf9, 0xd6, 0xf7, 0x62, 0x81, 0xae, 0xc5, 0x72, 0x36, 0x3e, 0x66, 0x17, 0x99, 0xb0, /* 0x000003b0: .n...b...r6>f... */
+ 0x14, 0xad, 0x52, 0x96, 0x03, 0xf2, 0x1e, 0x41, 0x76, 0x61, 0xb6, 0x3c, 0x02, 0x7d, 0x2a, 0x98, /* 0x000003c0: ..R....Ava.<.}*. */
+ 0xb4, 0x18, 0x75, 0x38, 0x6b, 0x1d, 0x2b, 0x7f, 0x3a, 0xcf, 0x96, 0xb1, 0xc4, 0xa7, 0xd2, 0x9b, /* 0x000003d0: ..u8k.+.:....... */
+ 0xd8, 0x1f, 0xb3, 0x64, 0xda, 0x15, 0x9d, 0xca, 0x91, 0x39, 0x48, 0x67, 0x00, 0x9c, 0xd4, 0x99, /* 0x000003e0: ...d.....9Hg.... */
+ 0xc3, 0x45, 0x5d, 0xf0, 0x09, 0x32, 0xba, 0x21, 0x1e, 0xe2, 0x64, 0xb8, 0x50, 0x03, 0x17, 0xbe, /* 0x000003f0: .E]..2.!..d.P... */
+ 0xd5, 0xda, 0x6b, 0xce, 0x34, 0xbe, 0x16, 0x03, 0x65, 0x1b, 0x2f, 0xa0, 0xa1, 0x95, 0xc6, 0x8b, /* 0x00000400: ..k.4...e....... */
+ 0xc2, 0x3c, 0x59, 0x26, 0xbf, 0xb6, 0x07, 0x85, 0x53, 0x2d, 0xb6, 0x36, 0xa3, 0x91, 0xb9, 0xbb, /* 0x00000410: .<Y&....S-.6.... */
+ 0x28, 0xaf, 0x2d, 0x53, 0x02, 0x81, 0x81, 0x00, 0xd7, 0xbc, 0x70, 0xd8, 0x18, 0x4f, 0x65, 0x8c, /* 0x00000420: (.-S......p..Oe. */
+ 0x68, 0xca, 0x35, 0x77, 0x43, 0x50, 0x9b, 0xa1, 0xa3, 0x9a, 0x0e, 0x2d, 0x7b, 0x38, 0xf8, 0xba, /* 0x00000430: h.5wCP.....-{8.. */
+ 0x14, 0x91, 0x3b, 0xc3, 0x3b, 0x1b, 0xa0, 0x6d, 0x45, 0xe4, 0xa8, 0x28, 0x97, 0xf6, 0x89, 0x13, /* 0x00000440: ..;.;..mE..(.... */
+ 0xb6, 0x16, 0x6d, 0x65, 0x47, 0x8c, 0xa6, 0x21, 0xf8, 0x6a, 0xce, 0x4e, 0x44, 0x5e, 0x81, 0x47, /* 0x00000450: ..meG..!.j.ND^.G */
+ 0xd9, 0xad, 0x8a, 0xb9, 0xd9, 0xe9, 0x3e, 0x33, 0x1e, 0x5f, 0xe9, 0xe9, 0xa7, 0xea, 0x60, 0x75, /* 0x00000460: ......>3._....`u */
+ 0x02, 0x57, 0x71, 0xb5, 0xed, 0x47, 0x77, 0xda, 0x1a, 0x40, 0x38, 0xab, 0x82, 0xd2, 0x0d, 0xf5, /* 0x00000470: .Wq..Gw..@8..... */
+ 0x0e, 0x8e, 0xa9, 0x24, 0xdc, 0x30, 0xc9, 0x98, 0xa2, 0x05, 0xcd, 0xca, 0x01, 0xcf, 0xae, 0x1d, /* 0x00000480: ...$.0.......... */
+ 0xe9, 0x02, 0x47, 0x0e, 0x46, 0x1d, 0x52, 0x02, 0x9a, 0x99, 0x22, 0x23, 0x7f, 0xf8, 0x9e, 0xc2, /* 0x00000490: ..G.F.R..."#.... */
+ 0x16, 0x86, 0xca, 0xa0, 0xa7, 0x34, 0xfb, 0xbc, /* 0x000004a0: .....4.. */
+};
+
+#endif /* RT_OS_WINDOWS */
+
+
+/**
+ * Certificate w/ public key + private key pair for signing.
+ */
+class SignToolKeyPair
+{
+protected:
+ /* Context: */
+ const char *m_pszWhat;
+ bool m_fMandatory;
+
+ /* Parameters kept till finalizing parsing: */
+ const char *m_pszCertFile;
+ const char *m_pszCertSha1;
+ uint8_t m_abCertSha1[RTSHA1_HASH_SIZE];
+ const char *m_pszCertSubject;
+ const char *m_pszCertStore;
+ bool m_fMachineStore; /**< false = personal store */
+
+ const char *m_pszKeyFile;
+ const char *m_pszKeyPassword;
+ const char *m_pszKeyName;
+ const char *m_pszKeyProvider;
+
+ /** String buffer for m_pszKeyPassword when read from file. */
+ RTCString m_strPassword;
+ /** Storage for pCertificate when it's loaded from a file. */
+ RTCRX509CERTIFICATE m_DecodedCert;
+#ifdef RT_OS_WINDOWS
+ /** For the fake certificate */
+ RTCRX509CERTIFICATE m_DecodedFakeCert;
+ /** The certificate store. */
+ HCERTSTORE m_hStore;
+ /** The windows certificate context. */
+ PCCERT_CONTEXT m_pCertCtx;
+ /** Whether hNCryptPrivateKey/hLegacyPrivateKey needs freeing or not. */
+ BOOL m_fFreePrivateHandle;
+#endif
+
+ /** Set if already finalized. */
+ bool m_fFinalized;
+
+ /** Store containing the intermediate certificates available to the host.
+ * */
+ static RTCRSTORE s_hStoreIntermediate;
+ /** Instance counter for helping cleaning up m_hStoreIntermediate. */
+ static uint32_t s_cInstances;
+
+public: /* used to be a struct, thus not prefix either. */
+ /* Result: */
+ PCRTCRX509CERTIFICATE pCertificate;
+ RTCRKEY hPrivateKey;
+#ifdef RT_OS_WINDOWS
+ PCRTCRX509CERTIFICATE pCertificateReal;
+ NCRYPT_KEY_HANDLE hNCryptPrivateKey;
+ HCRYPTPROV hLegacyPrivateKey;
+#endif
+
+public:
+ SignToolKeyPair(const char *a_pszWhat, bool a_fMandatory = false)
+ : m_pszWhat(a_pszWhat)
+ , m_fMandatory(a_fMandatory)
+ , m_pszCertFile(NULL)
+ , m_pszCertSha1(NULL)
+ , m_pszCertSubject(NULL)
+ , m_pszCertStore("MY")
+ , m_fMachineStore(false)
+ , m_pszKeyFile(NULL)
+ , m_pszKeyPassword(NULL)
+ , m_pszKeyName(NULL)
+ , m_pszKeyProvider(NULL)
+#ifdef RT_OS_WINDOWS
+ , m_hStore(NULL)
+ , m_pCertCtx(NULL)
+ , m_fFreePrivateHandle(FALSE)
+#endif
+ , m_fFinalized(false)
+ , pCertificate(NULL)
+ , hPrivateKey(NIL_RTCRKEY)
+#ifdef RT_OS_WINDOWS
+ , pCertificateReal(NULL)
+ , hNCryptPrivateKey(0)
+ , hLegacyPrivateKey(0)
+#endif
+ {
+ RT_ZERO(m_DecodedCert);
+#ifdef RT_OS_WINDOWS
+ RT_ZERO(m_DecodedFakeCert);
+#endif
+ s_cInstances++;
+ }
+
+ virtual ~SignToolKeyPair()
+ {
+ if (hPrivateKey != NIL_RTCRKEY)
+ {
+ RTCrKeyRelease(hPrivateKey);
+ hPrivateKey = NIL_RTCRKEY;
+ }
+ if (pCertificate == &m_DecodedCert)
+ {
+ RTCrX509Certificate_Delete(&m_DecodedCert);
+ pCertificate = NULL;
+ }
+#ifdef RT_OS_WINDOWS
+ if (pCertificate == &m_DecodedFakeCert)
+ {
+ RTCrX509Certificate_Delete(&m_DecodedFakeCert);
+ RTCrX509Certificate_Delete(&m_DecodedCert);
+ pCertificate = NULL;
+ pCertificateReal = NULL;
+ }
+#endif
+#ifdef RT_OS_WINDOWS
+ if (m_pCertCtx != NULL)
+ {
+ CertFreeCertificateContext(m_pCertCtx);
+ m_pCertCtx = NULL;
+ }
+ if (m_hStore != NULL)
+ {
+ CertCloseStore(m_hStore, 0);
+ m_hStore = NULL;
+ }
+#endif
+ s_cInstances--;
+ if (s_cInstances == 0)
+ {
+ RTCrStoreRelease(s_hStoreIntermediate);
+ s_hStoreIntermediate = NIL_RTCRSTORE;
+ }
+ }
+
+ bool isComplete(void) const
+ {
+ return pCertificate && hPrivateKey != NIL_RTCRKEY;
+ }
+
+ bool isNull(void) const
+ {
+ return pCertificate == NULL && hPrivateKey == NIL_RTCRKEY;
+ }
+
+ RTEXITCODE handleOption(unsigned offOpt, PRTGETOPTUNION pValueUnion)
+ {
+ AssertReturn(!m_fFinalized, RTMsgErrorExitFailure("Cannot handle options after finalizeOptions was called!"));
+ switch (offOpt)
+ {
+ case OPT_OFF_CERT_FILE:
+ m_pszCertFile = pValueUnion->psz;
+ m_pszCertSha1 = NULL;
+ m_pszCertSubject = NULL;
+ break;
+ case OPT_OFF_CERT_SHA1:
+ {
+ /* Crude normalization of input separators to colons, since it's likely
+ to use spaces and our conversion function only does colons or nothing. */
+ char szDigest[RTSHA1_DIGEST_LEN * 3 + 1];
+ int rc = RTStrCopy(szDigest, sizeof(szDigest), pValueUnion->psz);
+ if (RT_SUCCESS(rc))
+ {
+ char *pszDigest = RTStrStrip(szDigest);
+ size_t offDst = 0;
+ size_t offSrc = 0;
+ char ch;
+ while ((ch = pszDigest[offSrc++]) != '\0')
+ {
+ if (ch == ' ' || ch == '\t' || ch == ':')
+ {
+ while ((ch = pszDigest[offSrc]) == ' ' || ch == '\t' || ch == ':')
+ offSrc++;
+ ch = ch ? ':' : '\0';
+ }
+ pszDigest[offDst++] = ch;
+ }
+ pszDigest[offDst] = '\0';
+
+ /** @todo add a more relaxed input mode to RTStrConvertHexBytes that can deal
+ * with spaces as well as multi-byte cluster of inputs. */
+ rc = RTStrConvertHexBytes(pszDigest, m_abCertSha1, RTSHA1_HASH_SIZE, RTSTRCONVERTHEXBYTES_F_SEP_COLON);
+ if (RT_SUCCESS(rc))
+ {
+ m_pszCertFile = NULL;
+ m_pszCertSha1 = pValueUnion->psz;
+ m_pszCertSubject = NULL;
+ break;
+ }
+ }
+ return RTMsgErrorExitFailure("malformed SHA-1 certificate fingerprint (%Rrc): %s", rc, pValueUnion->psz);
+ }
+ case OPT_OFF_CERT_SUBJECT:
+ m_pszCertFile = NULL;
+ m_pszCertSha1 = NULL;
+ m_pszCertSubject = pValueUnion->psz;
+ break;
+ case OPT_OFF_CERT_STORE:
+ m_pszCertStore = pValueUnion->psz;
+ break;
+ case OPT_OFF_CERT_STORE_MACHINE:
+ m_fMachineStore = true;
+ break;
+
+ case OPT_OFF_KEY_FILE:
+ m_pszKeyFile = pValueUnion->psz;
+ m_pszKeyName = NULL;
+ break;
+ case OPT_OFF_KEY_NAME:
+ m_pszKeyFile = NULL;
+ m_pszKeyName = pValueUnion->psz;
+ break;
+ case OPT_OFF_KEY_PROVIDER:
+ m_pszKeyProvider = pValueUnion->psz;
+ break;
+ case OPT_OFF_KEY_PASSWORD:
+ m_pszKeyPassword = pValueUnion->psz;
+ break;
+ case OPT_OFF_KEY_PASSWORD_FILE:
+ {
+ m_pszKeyPassword = NULL;
+
+ size_t const cchMax = 512;
+ int rc = m_strPassword.reserveNoThrow(cchMax + 1);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("out of memory");
+
+ PRTSTREAM pStrm = g_pStdIn;
+ bool const fClose = strcmp(pValueUnion->psz, "stdin") != 0;
+ if (fClose)
+ {
+ rc = RTStrmOpen(pValueUnion->psz, "r", &pStrm);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("Failed to open password file '%s' for reading: %Rrc", pValueUnion->psz, rc);
+ }
+ rc = RTStrmGetLine(pStrm, m_strPassword.mutableRaw(), cchMax);
+ if (fClose)
+ RTStrmClose(pStrm);
+ if (rc == VERR_BUFFER_OVERFLOW || rc == VINF_BUFFER_OVERFLOW)
+ return RTMsgErrorExitFailure("Password from '%s' is too long (max %zu)", pValueUnion->psz, cchMax);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("Error reading password from '%s': %Rrc", pValueUnion->psz, rc);
+
+ m_strPassword.jolt();
+ m_strPassword.stripRight();
+ m_pszKeyPassword = m_strPassword.c_str();
+ break;
+ }
+ default:
+ AssertFailedReturn(RTMsgErrorExitFailure("Invalid offOpt=%u!\n", offOpt));
+ }
+ return RTEXITCODE_SUCCESS;
+ }
+
+ RTEXITCODE finalizeOptions(unsigned cVerbosity)
+ {
+ RT_NOREF(cVerbosity);
+
+ /* Only do this once. */
+ if (m_fFinalized)
+ return RTEXITCODE_SUCCESS;
+ m_fFinalized = true;
+
+ /*
+ * Got a cert? Is it required?
+ */
+ bool const fHasKey = ( m_pszKeyFile != NULL
+ || m_pszKeyName != NULL);
+ bool const fHasCert = ( m_pszCertFile != NULL
+ || m_pszCertSha1 != NULL
+ || m_pszCertSubject != NULL);
+ if (!fHasCert)
+ {
+ if (m_fMandatory)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Specifying a %s certificiate is required.", m_pszWhat);
+ return RTEXITCODE_SUCCESS;
+ }
+
+ /*
+ * Get the certificate.
+ */
+ RTERRINFOSTATIC ErrInfo;
+ /* From file: */
+ if (m_pszCertFile)
+ {
+ int rc = RTCrX509Certificate_ReadFromFile(&m_DecodedCert, m_pszCertFile, 0, &g_RTAsn1DefaultAllocator,
+ RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("Error reading %s certificate from '%s': %Rrc%#RTeim",
+ m_pszWhat, m_pszCertFile, rc, &ErrInfo.Core);
+ pCertificate = &m_DecodedCert;
+ }
+ /* From certificate store by name (substring) or fingerprint: */
+ else
+ {
+#ifdef RT_OS_WINDOWS
+ m_hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, X509_ASN_ENCODING, NULL,
+ CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG | CERT_STORE_READONLY_FLAG
+ | CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_ENUM_ARCHIVED_FLAG
+ | (m_fMachineStore ? CERT_SYSTEM_STORE_LOCAL_MACHINE : CERT_SYSTEM_STORE_CURRENT_USER),
+ m_pszCertStore);
+ if (m_hStore == NULL)
+ return RTMsgErrorExitFailure("Failed to open %s store '%s': %Rwc (%u)", m_fMachineStore ? "machine" : "user",
+ m_pszCertStore, GetLastError(), GetLastError());
+
+ CRYPT_HASH_BLOB Thumbprint = { RTSHA1_HASH_SIZE, m_abCertSha1 };
+ PRTUTF16 pwszSubject = NULL;
+ void const *pvFindParam = &Thumbprint;
+ DWORD fFind = CERT_FIND_SHA1_HASH;
+ if (!m_pszCertSha1)
+ {
+ int rc = RTStrToUtf16(m_pszCertSubject, &pwszSubject);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTStrToUtf16 failed: %Rrc, input %.*Rhxs",
+ rc, strlen(m_pszCertSubject), m_pszCertSubject);
+ pvFindParam = pwszSubject;
+ fFind = CERT_FIND_SUBJECT_STR;
+ }
+
+ while ((m_pCertCtx = CertFindCertificateInStore(m_hStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0 /*fFlags*/,
+ fFind, pvFindParam, m_pCertCtx)) != NULL)
+ {
+ if (m_pCertCtx->dwCertEncodingType & X509_ASN_ENCODING)
+ {
+ RTASN1CURSORPRIMARY PrimaryCursor;
+ RTAsn1CursorInitPrimary(&PrimaryCursor, m_pCertCtx->pbCertEncoded, m_pCertCtx->cbCertEncoded,
+ RTErrInfoInitStatic(&ErrInfo),
+ &g_RTAsn1DefaultAllocator, RTASN1CURSOR_FLAGS_DER, "CurCtx");
+ int rc = RTCrX509Certificate_DecodeAsn1(&PrimaryCursor.Cursor, 0, &m_DecodedCert, "Cert");
+ if (RT_SUCCESS(rc))
+ {
+ pCertificate = &m_DecodedCert;
+ break;
+ }
+ RTMsgError("failed to decode certificate %p: %Rrc%#RTeim", m_pCertCtx, rc, &ErrInfo.Core);
+ }
+ }
+
+ RTUtf16Free(pwszSubject);
+ if (!m_pCertCtx)
+ return RTMsgErrorExitFailure("No certificate found matching %s '%s' (%Rwc / %u)",
+ m_pszCertSha1 ? "thumbprint" : "subject substring",
+ m_pszCertSha1 ? m_pszCertSha1 : m_pszCertSubject, GetLastError(), GetLastError());
+
+ /* Use this for private key too? */
+ if (!fHasKey)
+ {
+ HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hTmpPrivateKey = 0;
+ DWORD dwKeySpec = 0;
+ if (CryptAcquireCertificatePrivateKey(m_pCertCtx,
+ CRYPT_ACQUIRE_SILENT_FLAG | CRYPT_ACQUIRE_COMPARE_KEY_FLAG
+ | CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG
+ | CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG,
+ NULL, &hTmpPrivateKey, &dwKeySpec, &m_fFreePrivateHandle))
+ {
+ if (cVerbosity > 1)
+ RTMsgInfo("hTmpPrivateKey=%p m_fFreePrivateHandle=%d dwKeySpec=%#x",
+ hTmpPrivateKey, m_fFreePrivateHandle, dwKeySpec);
+ Assert(dwKeySpec == CERT_NCRYPT_KEY_SPEC);
+ if (dwKeySpec == CERT_NCRYPT_KEY_SPEC)
+ hNCryptPrivateKey = hTmpPrivateKey;
+ else
+ hLegacyPrivateKey = hTmpPrivateKey; /** @todo remove or drop CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG */
+ return loadFakePrivateKeyAndCert();
+ }
+ return RTMsgErrorExitFailure("CryptAcquireCertificatePrivateKey failed: %Rwc (%d)", GetLastError(), GetLastError());
+ }
+#else
+ return RTMsgErrorExitFailure("Certificate store support is missing on this host");
+#endif
+ }
+
+ /*
+ * Get hold of the private key (if someone above already did, they'd returned already).
+ */
+ Assert(hPrivateKey == NIL_RTCRKEY);
+ /* Use cert file if nothing else specified. */
+ if (!fHasKey && m_pszCertFile)
+ m_pszKeyFile = m_pszCertFile;
+
+ /* Load from file:*/
+ if (m_pszKeyFile)
+ {
+ int rc = RTCrKeyCreateFromFile(&hPrivateKey, 0 /*fFlags*/, m_pszKeyFile, m_pszKeyPassword,
+ RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("Error reading the %s private key from '%s': %Rrc%#RTeim",
+ m_pszWhat, m_pszKeyFile, rc, &ErrInfo.Core);
+ }
+ /* From key store: */
+ else
+ {
+ return RTMsgErrorExitFailure("Key store support is missing on this host");
+ }
+
+ return RTEXITCODE_SUCCESS;
+ }
+
+ /** Returns the real certificate. */
+ PCRTCRX509CERTIFICATE getRealCertificate() const
+ {
+#ifdef RT_OS_WINDOWS
+ if (pCertificateReal)
+ return pCertificateReal;
+#endif
+ return pCertificate;
+ }
+
+#ifdef RT_OS_WINDOWS
+ RTEXITCODE loadFakePrivateKeyAndCert()
+ {
+ int rc = RTCrX509Certificate_ReadFromBuffer(&m_DecodedFakeCert, g_abFakeCertificate, sizeof(g_abFakeCertificate),
+ 0 /*fFlags*/, &g_RTAsn1DefaultAllocator, NULL, NULL);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrX509Certificate_ReadFromBuffer/g_abFakeCertificate failed: %Rrc", rc);
+ pCertificateReal = pCertificate;
+ pCertificate = &m_DecodedFakeCert;
+
+ rc = RTCrKeyCreateFromBuffer(&hPrivateKey, 0 /*fFlags*/, g_abFakeRsaKey, sizeof(g_abFakeRsaKey), NULL, NULL, NULL);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrKeyCreateFromBuffer/g_abFakeRsaKey failed: %Rrc", rc);
+ return RTEXITCODE_SUCCESS;
+ }
+
+#endif
+
+ /**
+ * Search for intermediate CA.
+ *
+ * Currently this only do a single certificate path, so this may go south if
+ * there are multiple paths available. It may work fine for a cross signing
+ * path, as long as the cross over is at the level immediately below the root.
+ */
+ PCRTCRCERTCTX findNextIntermediateCert(PCRTCRCERTCTX pPrev)
+ {
+ /*
+ * Make sure the store is loaded before we start.
+ */
+ if (s_hStoreIntermediate == NIL_RTCRSTORE)
+ {
+ Assert(!pPrev);
+ RTERRINFOSTATIC ErrInfo;
+ int rc = RTCrStoreCreateSnapshotById(&s_hStoreIntermediate,
+ !m_fMachineStore
+ ? RTCRSTOREID_USER_INTERMEDIATE_CAS : RTCRSTOREID_SYSTEM_INTERMEDIATE_CAS,
+ RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ {
+ RTMsgError("RTCrStoreCreateSnapshotById/%s-intermediate-CAs failed: %Rrc%#RTeim",
+ m_fMachineStore ? "user" : "machine", rc, &ErrInfo.Core);
+ return NULL;
+ }
+ }
+
+ /*
+ * Open the search handle for the parent of the previous/end certificate.
+ *
+ * We don't need to consider RTCRCERTCTX::pTaInfo here as we're not
+ * after trust anchors, only intermediate certificates.
+ */
+#ifdef RT_OS_WINDOWS
+ PCRTCRX509CERTIFICATE pChildCert = pPrev ? pPrev->pCert : pCertificateReal ? pCertificateReal : pCertificate;
+#else
+ PCRTCRX509CERTIFICATE pChildCert = pPrev ? pPrev->pCert : pCertificate;
+#endif
+ AssertReturnStmt(pChildCert, RTCrCertCtxRelease(pPrev), NULL);
+
+ RTCRSTORECERTSEARCH Search;
+ int rc = RTCrStoreCertFindBySubjectOrAltSubjectByRfc5280(s_hStoreIntermediate, &pChildCert->TbsCertificate.Issuer,
+ &Search);
+ if (RT_FAILURE(rc))
+ {
+ RTMsgError("RTCrStoreCertFindBySubjectOrAltSubjectByRfc5280 failed: %Rrc", rc);
+ return NULL;
+ }
+
+ /*
+ * We only gave the subject so, we have to check the serial number our selves.
+ */
+ PCRTCRCERTCTX pCertCtx;
+ while ((pCertCtx = RTCrStoreCertSearchNext(s_hStoreIntermediate, &Search)) != NULL)
+ {
+ if ( pCertCtx->pCert
+ && RTAsn1BitString_Compare(&pCertCtx->pCert->TbsCertificate.T1.IssuerUniqueId,
+ &pChildCert->TbsCertificate.T1.IssuerUniqueId) == 0 /* compares presentness too */
+ && !RTCrX509Certificate_IsSelfSigned(pCertCtx->pCert))
+ {
+ break; /** @todo compare valid periode too and keep a best match when outside the desired period? */
+ }
+ RTCrCertCtxRelease(pCertCtx);
+ }
+
+ RTCrStoreCertSearchDestroy(s_hStoreIntermediate, & Search);
+ RTCrCertCtxRelease(pPrev);
+ return pCertCtx;
+ }
+
+ /**
+ * Merges the user specified certificates with the signing certificate and any
+ * intermediate CAs we can find in the system store.
+ *
+ * @returns Merged store, NIL_RTCRSTORE on failure (messaged).
+ * @param hUserSpecifiedCertificates The user certificate store.
+ */
+ RTCRSTORE assembleAllAdditionalCertificates(RTCRSTORE hUserSpecifiedCertificates)
+ {
+ RTCRSTORE hRetStore;
+ int rc = RTCrStoreCreateInMemEx(&hRetStore, 0, hUserSpecifiedCertificates);
+ if (RT_SUCCESS(rc))
+ {
+ /* Add the signing certificate: */
+ RTERRINFOSTATIC ErrInfo;
+ rc = RTCrStoreCertAddX509(hRetStore, RTCRCERTCTX_F_ENC_X509_DER | RTCRCERTCTX_F_ADD_IF_NOT_FOUND,
+#ifdef RT_OS_WINDOWS
+ (PRTCRX509CERTIFICATE)(pCertificateReal ? pCertificateReal : pCertificate),
+#else
+ (PRTCRX509CERTIFICATE)pCertificate,
+#endif
+ RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ /* Add all intermediate CAs certificates we can find. */
+ PCRTCRCERTCTX pInterCaCert = NULL;
+ while ((pInterCaCert = findNextIntermediateCert(pInterCaCert)) != NULL)
+ {
+ rc = RTCrStoreCertAddEncoded(hRetStore, RTCRCERTCTX_F_ENC_X509_DER | RTCRCERTCTX_F_ADD_IF_NOT_FOUND,
+ pInterCaCert->pabEncoded, pInterCaCert->cbEncoded,
+ RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ {
+ RTMsgError("RTCrStoreCertAddEncoded/InterCA failed: %Rrc%#RTeim", rc, &ErrInfo.Core);
+ RTCrCertCtxRelease(pInterCaCert);
+ break;
+ }
+ }
+ if (RT_SUCCESS(rc))
+ return hRetStore;
+ }
+ else
+ RTMsgError("RTCrStoreCertAddX509/signer failed: %Rrc%#RTeim", rc, &ErrInfo.Core);
+ RTCrStoreRelease(hRetStore);
+ }
+ else
+ RTMsgError("RTCrStoreCreateInMemEx failed: %Rrc", rc);
+ return NIL_RTCRSTORE;
+ }
+
+};
+
+/*static*/ RTCRSTORE SignToolKeyPair::s_hStoreIntermediate = NIL_RTCRSTORE;
+/*static*/ uint32_t SignToolKeyPair::s_cInstances = 0;
+
+
+/*********************************************************************************************************************************
+*
+*********************************************************************************************************************************/
+/** Timestamp type. */
+typedef enum
+{
+ /** Old timestamp style.
+ * This is just a counter signature with a trustworthy SigningTime attribute.
+ * Specificially it's the SignerInfo part of a detached PKCS#7 covering the
+ * SignerInfo.EncryptedDigest. */
+ kTimestampType_Old = 1,
+ /** This is a whole PKCS#7 signature of an TSTInfo from RFC-3161 (see page 7).
+ * Currently not supported. */
+ kTimestampType_New
+} TIMESTAMPTYPE;
+
+/**
+ * Timestamping options.
+ *
+ * Certificate w/ public key + private key pair for signing and signature type.
+ */
+class SignToolTimestampOpts : public SignToolKeyPair
+{
+public:
+ /** Type timestamp type. */
+ TIMESTAMPTYPE m_enmType;
+
+ SignToolTimestampOpts(const char *a_pszWhat, TIMESTAMPTYPE a_enmType = kTimestampType_Old)
+ : SignToolKeyPair(a_pszWhat)
+ , m_enmType(a_enmType)
+ {
+ }
+
+ bool isOldType() const { return m_enmType == kTimestampType_Old; }
+ bool isNewType() const { return m_enmType == kTimestampType_New; }
+};
+
+
+
+/*********************************************************************************************************************************
+* Crypto Store Auto Cleanup Wrapper. *
+*********************************************************************************************************************************/
+class CryptoStore
+{
+public:
+ RTCRSTORE m_hStore;
+
+ CryptoStore()
+ : m_hStore(NIL_RTCRSTORE)
+ {
+ }
+
+ ~CryptoStore()
+ {
+ if (m_hStore != NIL_RTCRSTORE)
+ {
+ uint32_t cRefs = RTCrStoreRelease(m_hStore);
+ Assert(cRefs == 0); RT_NOREF(cRefs);
+ m_hStore = NIL_RTCRSTORE;
+ }
+ }
+
+ /**
+ * Adds one or more certificates from the given file.
+ *
+ * @returns boolean success indicator.
+ */
+ bool addFromFile(const char *pszFilename, PRTERRINFOSTATIC pStaticErrInfo)
+ {
+ int rc = RTCrStoreCertAddFromFile(this->m_hStore, RTCRCERTCTX_F_ADD_IF_NOT_FOUND | RTCRCERTCTX_F_ADD_CONTINUE_ON_ERROR,
+ pszFilename, RTErrInfoInitStatic(pStaticErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ if (RTErrInfoIsSet(&pStaticErrInfo->Core))
+ RTMsgWarning("Warnings loading certificate '%s': %s", pszFilename, pStaticErrInfo->Core.pszMsg);
+ return true;
+ }
+ RTMsgError("Error loading certificate '%s': %Rrc%#RTeim", pszFilename, rc, &pStaticErrInfo->Core);
+ return false;
+ }
+
+ /**
+ * Adds trusted self-signed certificates from the system.
+ *
+ * @returns boolean success indicator.
+ * @note The selection is self-signed rather than CAs here so that test signing
+ * certificates will be included.
+ */
+ bool addSelfSignedRootsFromSystem(PRTERRINFOSTATIC pStaticErrInfo)
+ {
+ CryptoStore Tmp;
+ int rc = RTCrStoreCreateSnapshotOfUserAndSystemTrustedCAsAndCerts(&Tmp.m_hStore, RTErrInfoInitStatic(pStaticErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ RTCRSTORECERTSEARCH Search;
+ rc = RTCrStoreCertFindAll(Tmp.m_hStore, &Search);
+ if (RT_SUCCESS(rc))
+ {
+ PCRTCRCERTCTX pCertCtx;
+ while ((pCertCtx = RTCrStoreCertSearchNext(Tmp.m_hStore, &Search)) != NULL)
+ {
+ /* Add it if it's a full fledged self-signed certificate, otherwise just skip: */
+ if ( pCertCtx->pCert
+ && RTCrX509Certificate_IsSelfSigned(pCertCtx->pCert))
+ {
+ int rc2 = RTCrStoreCertAddEncoded(this->m_hStore,
+ pCertCtx->fFlags | RTCRCERTCTX_F_ADD_IF_NOT_FOUND,
+ pCertCtx->pabEncoded, pCertCtx->cbEncoded, NULL);
+ if (RT_FAILURE(rc2))
+ RTMsgWarning("RTCrStoreCertAddEncoded failed for a certificate: %Rrc", rc2);
+ }
+ RTCrCertCtxRelease(pCertCtx);
+ }
+
+ int rc2 = RTCrStoreCertSearchDestroy(Tmp.m_hStore, &Search);
+ AssertRC(rc2);
+ return true;
+ }
+ RTMsgError("RTCrStoreCertFindAll failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTCrStoreCreateSnapshotOfUserAndSystemTrustedCAsAndCerts failed: %Rrc%#RTeim", rc, &pStaticErrInfo->Core);
+ return false;
+ }
+
+};
+
+
+
+/*********************************************************************************************************************************
+* Workers. *
+*********************************************************************************************************************************/
+
+
+/**
+ * Deletes the structure.
+ *
+ * @param pThis The structure to initialize.
+ */
+static void SignToolPkcs7_Delete(PSIGNTOOLPKCS7 pThis)
+{
+ RTCrPkcs7ContentInfo_Delete(&pThis->ContentInfo);
+ pThis->pSignedData = NULL;
+ RTMemFree(pThis->pbBuf);
+ pThis->pbBuf = NULL;
+ pThis->cbBuf = 0;
+ RTMemFree(pThis->pbNewBuf);
+ pThis->pbNewBuf = NULL;
+ pThis->cbNewBuf = 0;
+}
+
+
+/**
+ * Deletes the structure.
+ *
+ * @param pThis The structure to initialize.
+ */
+static void SignToolPkcs7Exe_Delete(PSIGNTOOLPKCS7EXE pThis)
+{
+ if (pThis->hLdrMod != NIL_RTLDRMOD)
+ {
+ int rc2 = RTLdrClose(pThis->hLdrMod);
+ if (RT_FAILURE(rc2))
+ RTMsgError("RTLdrClose failed: %Rrc\n", rc2);
+ pThis->hLdrMod = NIL_RTLDRMOD;
+ }
+ SignToolPkcs7_Delete(pThis);
+}
+
+
+/**
+ * Decodes the PKCS #7 blob pointed to by pThis->pbBuf.
+ *
+ * @returns IPRT status code (error message already shown on failure).
+ * @param pThis The PKCS\#7 signature to decode.
+ * @param fCatalog Set if catalog file, clear if executable.
+ */
+static int SignToolPkcs7_Decode(PSIGNTOOLPKCS7 pThis, bool fCatalog)
+{
+ RTERRINFOSTATIC ErrInfo;
+ RTASN1CURSORPRIMARY PrimaryCursor;
+ RTAsn1CursorInitPrimary(&PrimaryCursor, pThis->pbBuf, (uint32_t)pThis->cbBuf, RTErrInfoInitStatic(&ErrInfo),
+ &g_RTAsn1DefaultAllocator, 0, "WinCert");
+
+ int rc = RTCrPkcs7ContentInfo_DecodeAsn1(&PrimaryCursor.Cursor, 0, &pThis->ContentInfo, "CI");
+ if (RT_SUCCESS(rc))
+ {
+ if (RTCrPkcs7ContentInfo_IsSignedData(&pThis->ContentInfo))
+ {
+ pThis->pSignedData = pThis->ContentInfo.u.pSignedData;
+
+ /*
+ * Decode the authenticode bits.
+ */
+ if (!strcmp(pThis->pSignedData->ContentInfo.ContentType.szObjId, RTCRSPCINDIRECTDATACONTENT_OID))
+ {
+ PRTCRSPCINDIRECTDATACONTENT pIndData = pThis->pSignedData->ContentInfo.u.pIndirectDataContent;
+ Assert(pIndData);
+
+ /*
+ * Check that things add up.
+ */
+ rc = RTCrPkcs7SignedData_CheckSanity(pThis->pSignedData,
+ RTCRPKCS7SIGNEDDATA_SANITY_F_AUTHENTICODE
+ | RTCRPKCS7SIGNEDDATA_SANITY_F_ONLY_KNOWN_HASH
+ | RTCRPKCS7SIGNEDDATA_SANITY_F_SIGNING_CERT_PRESENT,
+ RTErrInfoInitStatic(&ErrInfo), "SD");
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTCrSpcIndirectDataContent_CheckSanityEx(pIndData,
+ pThis->pSignedData,
+ RTCRSPCINDIRECTDATACONTENT_SANITY_F_ONLY_KNOWN_HASH,
+ RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ RTMsgError("SPC indirect data content sanity check failed for '%s': %Rrc - %s\n",
+ pThis->pszFilename, rc, ErrInfo.szMsg);
+ }
+ else
+ RTMsgError("PKCS#7 sanity check failed for '%s': %Rrc - %s\n", pThis->pszFilename, rc, ErrInfo.szMsg);
+ }
+ else if (!strcmp(pThis->pSignedData->ContentInfo.ContentType.szObjId, RTCR_PKCS7_DATA_OID))
+ { /* apple code signing */ }
+ else if (!fCatalog)
+ RTMsgError("Unexpected the signed content in '%s': %s (expected %s)", pThis->pszFilename,
+ pThis->pSignedData->ContentInfo.ContentType.szObjId, RTCRSPCINDIRECTDATACONTENT_OID);
+ }
+ else
+ rc = RTMsgErrorRc(VERR_CR_PKCS7_NOT_SIGNED_DATA,
+ "PKCS#7 content is inside '%s' is not 'signedData': %s\n",
+ pThis->pszFilename, pThis->ContentInfo.ContentType.szObjId);
+ }
+ else
+ RTMsgError("RTCrPkcs7ContentInfo_DecodeAsn1 failed on '%s': %Rrc - %s\n", pThis->pszFilename, rc, ErrInfo.szMsg);
+ return rc;
+}
+
+
+/**
+ * Reads and decodes PKCS\#7 signature from the given cat file.
+ *
+ * @returns RTEXITCODE_SUCCESS on success, RTEXITCODE_FAILURE with error message
+ * on failure.
+ * @param pThis The structure to initialize.
+ * @param pszFilename The catalog (or any other DER PKCS\#7) filename.
+ * @param cVerbosity The verbosity.
+ */
+static RTEXITCODE SignToolPkcs7_InitFromFile(PSIGNTOOLPKCS7 pThis, const char *pszFilename, unsigned cVerbosity)
+{
+ /*
+ * Init the return structure.
+ */
+ RT_ZERO(*pThis);
+ pThis->pszFilename = pszFilename;
+ pThis->enmType = RTSIGNTOOLFILETYPE_CAT;
+
+ /*
+ * Lazy bird uses RTFileReadAll and duplicates the allocation.
+ */
+ void *pvFile;
+ int rc = RTFileReadAll(pszFilename, &pvFile, &pThis->cbBuf);
+ if (RT_SUCCESS(rc))
+ {
+ pThis->pbBuf = (uint8_t *)RTMemDup(pvFile, pThis->cbBuf);
+ RTFileReadAllFree(pvFile, pThis->cbBuf);
+ if (pThis->pbBuf)
+ {
+ if (cVerbosity > 2)
+ RTPrintf("PKCS#7 signature: %u bytes\n", pThis->cbBuf);
+
+ /*
+ * Decode it.
+ */
+ rc = SignToolPkcs7_Decode(pThis, true /*fCatalog*/);
+ if (RT_SUCCESS(rc))
+ return RTEXITCODE_SUCCESS;
+ }
+ else
+ RTMsgError("Out of memory!");
+ }
+ else
+ RTMsgError("Error reading '%s' into memory: %Rrc", pszFilename, rc);
+
+ SignToolPkcs7_Delete(pThis);
+ return RTEXITCODE_FAILURE;
+}
+
+
+/**
+ * Encodes the signature into the SIGNTOOLPKCS7::pbNewBuf and
+ * SIGNTOOLPKCS7::cbNewBuf members.
+ *
+ * @returns RTEXITCODE_SUCCESS on success, RTEXITCODE_FAILURE with error message
+ * on failure.
+ * @param pThis The signature to encode.
+ * @param cVerbosity The verbosity.
+ */
+static RTEXITCODE SignToolPkcs7_Encode(PSIGNTOOLPKCS7 pThis, unsigned cVerbosity)
+{
+ RTERRINFOSTATIC StaticErrInfo;
+ PRTASN1CORE pRoot = RTCrPkcs7ContentInfo_GetAsn1Core(&pThis->ContentInfo);
+ uint32_t cbEncoded;
+ int rc = RTAsn1EncodePrepare(pRoot, RTASN1ENCODE_F_DER, &cbEncoded, RTErrInfoInitStatic(&StaticErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ if (cVerbosity >= 4)
+ RTAsn1Dump(pRoot, 0, 0, RTStrmDumpPrintfV, g_pStdOut);
+
+ RTMemFree(pThis->pbNewBuf);
+ pThis->cbNewBuf = cbEncoded;
+ pThis->pbNewBuf = (uint8_t *)RTMemAllocZ(cbEncoded);
+ if (pThis->pbNewBuf)
+ {
+ rc = RTAsn1EncodeToBuffer(pRoot, RTASN1ENCODE_F_DER, pThis->pbNewBuf, pThis->cbNewBuf,
+ RTErrInfoInitStatic(&StaticErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ if (cVerbosity > 1)
+ RTMsgInfo("Encoded signature to %u bytes", cbEncoded);
+ return RTEXITCODE_SUCCESS;
+ }
+ RTMsgError("RTAsn1EncodeToBuffer failed: %Rrc", rc);
+
+ RTMemFree(pThis->pbNewBuf);
+ pThis->pbNewBuf = NULL;
+ }
+ else
+ RTMsgError("Failed to allocate %u bytes!", cbEncoded);
+ }
+ else
+ RTMsgError("RTAsn1EncodePrepare failed: %Rrc - %s", rc, StaticErrInfo.szMsg);
+ return RTEXITCODE_FAILURE;
+}
+
+
+/**
+ * Helper that makes sure the UnauthenticatedAttributes are present in the given
+ * SignerInfo structure.
+ *
+ * Call this before trying to modify the array.
+ *
+ * @returns RTEXITCODE_SUCCESS on success, RTEXITCODE_FAILURE with error already
+ * displayed on failure.
+ * @param pSignerInfo The SignerInfo structure in question.
+ */
+static RTEXITCODE SignToolPkcs7_EnsureUnauthenticatedAttributesPresent(PRTCRPKCS7SIGNERINFO pSignerInfo)
+{
+ if (pSignerInfo->UnauthenticatedAttributes.cItems == 0)
+ {
+ /* HACK ALERT! Invent ASN.1 setters/whatever for members to replace this mess. */
+
+ if (pSignerInfo->AuthenticatedAttributes.cItems == 0)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No authenticated or unauthenticated attributes! Sorry, no can do.");
+
+ Assert(pSignerInfo->UnauthenticatedAttributes.SetCore.Asn1Core.uTag == 0);
+ int rc = RTAsn1SetCore_Init(&pSignerInfo->UnauthenticatedAttributes.SetCore,
+ pSignerInfo->AuthenticatedAttributes.SetCore.Asn1Core.pOps);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTAsn1SetCore_Init failed: %Rrc", rc);
+ pSignerInfo->UnauthenticatedAttributes.SetCore.Asn1Core.uTag = 1;
+ pSignerInfo->UnauthenticatedAttributes.SetCore.Asn1Core.fClass = ASN1_TAGCLASS_CONTEXT | ASN1_TAGFLAG_CONSTRUCTED;
+ RTAsn1MemInitArrayAllocation(&pSignerInfo->UnauthenticatedAttributes.Allocation,
+ pSignerInfo->AuthenticatedAttributes.Allocation.pAllocator,
+ sizeof(**pSignerInfo->UnauthenticatedAttributes.papItems));
+ }
+ return RTEXITCODE_SUCCESS;
+}
+
+
+/**
+ * Adds the @a pSrc signature as a nested signature.
+ *
+ * @returns RTEXITCODE_SUCCESS on success, RTEXITCODE_FAILURE with error message
+ * on failure.
+ * @param pThis The signature to modify.
+ * @param pSrc The signature to add as nested.
+ * @param cVerbosity The verbosity.
+ * @param fPrepend Whether to prepend (true) or append (false) the
+ * source signature to the nested attribute.
+ */
+static RTEXITCODE SignToolPkcs7_AddNestedSignature(PSIGNTOOLPKCS7 pThis, PSIGNTOOLPKCS7 pSrc,
+ unsigned cVerbosity, bool fPrepend)
+{
+ PRTCRPKCS7SIGNERINFO pSignerInfo = pThis->pSignedData->SignerInfos.papItems[0];
+
+ /*
+ * Deal with UnauthenticatedAttributes being absent before trying to append to the array.
+ */
+ RTEXITCODE rcExit = SignToolPkcs7_EnsureUnauthenticatedAttributesPresent(pSignerInfo);
+ if (rcExit != RTEXITCODE_SUCCESS)
+ return rcExit;
+
+ /*
+ * Find or add an unauthenticated attribute for nested signatures.
+ */
+ int rc = VERR_NOT_FOUND;
+ PRTCRPKCS7ATTRIBUTE pAttr = NULL;
+ int32_t iPos = pSignerInfo->UnauthenticatedAttributes.cItems;
+ while (iPos-- > 0)
+ if (pSignerInfo->UnauthenticatedAttributes.papItems[iPos]->enmType == RTCRPKCS7ATTRIBUTETYPE_MS_NESTED_SIGNATURE)
+ {
+ pAttr = pSignerInfo->UnauthenticatedAttributes.papItems[iPos];
+ rc = VINF_SUCCESS;
+ break;
+ }
+ if (iPos < 0)
+ {
+ iPos = RTCrPkcs7Attributes_Append(&pSignerInfo->UnauthenticatedAttributes);
+ if (iPos >= 0)
+ {
+ if (cVerbosity >= 3)
+ RTMsgInfo("Adding UnauthenticatedAttribute #%u...", iPos);
+ Assert((uint32_t)iPos < pSignerInfo->UnauthenticatedAttributes.cItems);
+
+ pAttr = pSignerInfo->UnauthenticatedAttributes.papItems[iPos];
+ rc = RTAsn1ObjId_InitFromString(&pAttr->Type, RTCR_PKCS9_ID_MS_NESTED_SIGNATURE, pAttr->Allocation.pAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ /** @todo Generalize the Type + enmType DYN stuff and generate setters. */
+ Assert(pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_NOT_PRESENT);
+ Assert(pAttr->uValues.pContentInfos == NULL);
+ pAttr->enmType = RTCRPKCS7ATTRIBUTETYPE_MS_NESTED_SIGNATURE;
+ rc = RTAsn1MemAllocZ(&pAttr->Allocation, (void **)&pAttr->uValues.pContentInfos,
+ sizeof(*pAttr->uValues.pContentInfos));
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTCrPkcs7SetOfContentInfos_Init(pAttr->uValues.pContentInfos, pAttr->Allocation.pAllocator);
+ if (!RT_SUCCESS(rc))
+ RTMsgError("RTCrPkcs7ContentInfos_Init failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTAsn1MemAllocZ failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTAsn1ObjId_InitFromString failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTCrPkcs7Attributes_Append failed: %Rrc", iPos);
+ }
+ else if (cVerbosity >= 2)
+ RTMsgInfo("Found UnauthenticatedAttribute #%u...", iPos);
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Append/prepend the signature.
+ */
+ uint32_t iActualPos = UINT32_MAX;
+ iPos = fPrepend ? 0 : pAttr->uValues.pContentInfos->cItems;
+ rc = RTCrPkcs7SetOfContentInfos_InsertEx(pAttr->uValues.pContentInfos, iPos, &pSrc->ContentInfo,
+ pAttr->Allocation.pAllocator, &iActualPos);
+ if (RT_SUCCESS(rc))
+ {
+ if (cVerbosity > 0)
+ RTMsgInfo("Added nested signature (#%u)", iActualPos);
+ if (cVerbosity >= 3)
+ {
+ RTMsgInfo("SingerInfo dump after change:");
+ RTAsn1Dump(RTCrPkcs7SignerInfo_GetAsn1Core(pSignerInfo), 0, 2, RTStrmDumpPrintfV, g_pStdOut);
+ }
+ return RTEXITCODE_SUCCESS;
+ }
+
+ RTMsgError("RTCrPkcs7ContentInfos_InsertEx failed: %Rrc", rc);
+ }
+ return RTEXITCODE_FAILURE;
+}
+
+
+/**
+ * Writes the signature to the file.
+ *
+ * Caller must have called SignToolPkcs7_Encode() prior to this function.
+ *
+ * @returns RTEXITCODE_SUCCESS on success, RTEXITCODE_FAILURE with error
+ * message on failure.
+ * @param pThis The file which to write.
+ * @param cVerbosity The verbosity.
+ */
+static RTEXITCODE SignToolPkcs7_WriteSignatureToFile(PSIGNTOOLPKCS7 pThis, const char *pszFilename, unsigned cVerbosity)
+{
+ AssertReturn(pThis->cbNewBuf && pThis->pbNewBuf, RTEXITCODE_FAILURE);
+
+ /*
+ * Open+truncate file, write new signature, close. Simple.
+ */
+ RTFILE hFile;
+ int rc = RTFileOpen(&hFile, pszFilename, RTFILE_O_WRITE | RTFILE_O_OPEN_CREATE | RTFILE_O_TRUNCATE | RTFILE_O_DENY_WRITE);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTFileWrite(hFile, pThis->pbNewBuf, pThis->cbNewBuf, NULL);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTFileClose(hFile);
+ if (RT_SUCCESS(rc))
+ {
+ if (cVerbosity > 0)
+ RTMsgInfo("Wrote %u bytes to %s", pThis->cbNewBuf, pszFilename);
+ return RTEXITCODE_SUCCESS;
+ }
+
+ RTMsgError("RTFileClose failed on %s: %Rrc", pszFilename, rc);
+ }
+ else
+ RTMsgError("Write error on %s: %Rrc", pszFilename, rc);
+ }
+ else
+ RTMsgError("Failed to open %s for writing: %Rrc", pszFilename, rc);
+ return RTEXITCODE_FAILURE;
+}
+
+
+
+/**
+ * Worker for recursively searching for MS nested signatures and signer infos.
+ *
+ * @returns Pointer to the signer info corresponding to @a iReqSignature. NULL
+ * if not found.
+ * @param pSignedData The signature to search.
+ * @param piNextSignature Pointer to the variable keeping track of the next
+ * signature number.
+ * @param iReqSignature The request signature number.
+ * @param ppSignedData Where to return the signature data structure.
+ * Optional.
+ */
+static PRTCRPKCS7SIGNERINFO SignToolPkcs7_FindNestedSignatureByIndexWorker(PRTCRPKCS7SIGNEDDATA pSignedData,
+ uint32_t *piNextSignature,
+ uint32_t iReqSignature,
+ PRTCRPKCS7SIGNEDDATA *ppSignedData)
+{
+ for (uint32_t iSignerInfo = 0; iSignerInfo < pSignedData->SignerInfos.cItems; iSignerInfo++)
+ {
+ /* Match?*/
+ PRTCRPKCS7SIGNERINFO pSignerInfo = pSignedData->SignerInfos.papItems[iSignerInfo];
+ if (*piNextSignature == iReqSignature)
+ {
+ if (ppSignedData)
+ *ppSignedData = pSignedData;
+ return pSignerInfo;
+ }
+ *piNextSignature += 1;
+
+ /* Look for nested signatures. */
+ for (uint32_t iAttrib = 0; iAttrib < pSignerInfo->UnauthenticatedAttributes.cItems; iAttrib++)
+ if (pSignerInfo->UnauthenticatedAttributes.papItems[iAttrib]->enmType == RTCRPKCS7ATTRIBUTETYPE_MS_NESTED_SIGNATURE)
+ {
+ PRTCRPKCS7SETOFCONTENTINFOS pCntInfos;
+ pCntInfos = pSignerInfo->UnauthenticatedAttributes.papItems[iAttrib]->uValues.pContentInfos;
+ for (uint32_t iCntInfo = 0; iCntInfo < pCntInfos->cItems; iCntInfo++)
+ {
+ PRTCRPKCS7CONTENTINFO pCntInfo = pCntInfos->papItems[iCntInfo];
+ if (RTCrPkcs7ContentInfo_IsSignedData(pCntInfo))
+ {
+ PRTCRPKCS7SIGNERINFO pRet;
+ pRet = SignToolPkcs7_FindNestedSignatureByIndexWorker(pCntInfo->u.pSignedData, piNextSignature,
+ iReqSignature, ppSignedData);
+ if (pRet)
+ return pRet;
+ }
+ }
+ }
+ }
+ return NULL;
+}
+
+
+/**
+ * Locates the given nested signature.
+ *
+ * @returns Pointer to the signer info corresponding to @a iReqSignature. NULL
+ * if not found.
+ * @param pThis The PKCS\#7 structure to search.
+ * @param iReqSignature The requested signature number.
+ * @param ppSignedData Where to return the pointer to the signed data that
+ * the returned signer info belongs to.
+ *
+ * @todo Move into SPC or PKCS\#7.
+ */
+static PRTCRPKCS7SIGNERINFO SignToolPkcs7_FindNestedSignatureByIndex(PSIGNTOOLPKCS7 pThis, uint32_t iReqSignature,
+ PRTCRPKCS7SIGNEDDATA *ppSignedData)
+{
+ uint32_t iNextSignature = 0;
+ return SignToolPkcs7_FindNestedSignatureByIndexWorker(pThis->pSignedData, &iNextSignature, iReqSignature, ppSignedData);
+}
+
+
+
+/**
+ * Reads and decodes PKCS\#7 signature from the given executable, if it has one.
+ *
+ * @returns RTEXITCODE_SUCCESS on success, RTEXITCODE_FAILURE with error message
+ * on failure.
+ * @param pThis The structure to initialize.
+ * @param pszFilename The executable filename.
+ * @param cVerbosity The verbosity.
+ * @param enmLdrArch For FAT binaries.
+ * @param fAllowUnsigned Whether to allow unsigned binaries.
+ */
+static RTEXITCODE SignToolPkcs7Exe_InitFromFile(PSIGNTOOLPKCS7EXE pThis, const char *pszFilename, unsigned cVerbosity,
+ RTLDRARCH enmLdrArch = RTLDRARCH_WHATEVER, bool fAllowUnsigned = false)
+{
+ /*
+ * Init the return structure.
+ */
+ RT_ZERO(*pThis);
+ pThis->hLdrMod = NIL_RTLDRMOD;
+ pThis->pszFilename = pszFilename;
+ pThis->enmType = RTSIGNTOOLFILETYPE_EXE;
+
+ /*
+ * Open the image and check if it's signed.
+ */
+ int rc = RTLdrOpen(pszFilename, RTLDR_O_FOR_VALIDATION, enmLdrArch, &pThis->hLdrMod);
+ if (RT_SUCCESS(rc))
+ {
+ bool fIsSigned = false;
+ rc = RTLdrQueryProp(pThis->hLdrMod, RTLDRPROP_IS_SIGNED, &fIsSigned, sizeof(fIsSigned));
+ if (RT_SUCCESS(rc) && fIsSigned)
+ {
+ /*
+ * Query the PKCS#7 data (assuming M$ style signing) and hand it to a worker.
+ */
+ size_t cbActual = 0;
+#ifdef DEBUG
+ size_t cbBuf = 64;
+#else
+ size_t cbBuf = _512K;
+#endif
+ void *pvBuf = RTMemAllocZ(cbBuf);
+ if (pvBuf)
+ {
+ rc = RTLdrQueryPropEx(pThis->hLdrMod, RTLDRPROP_PKCS7_SIGNED_DATA, NULL /*pvBits*/, pvBuf, cbBuf, &cbActual);
+ if (rc == VERR_BUFFER_OVERFLOW)
+ {
+ RTMemFree(pvBuf);
+ cbBuf = cbActual;
+ pvBuf = RTMemAllocZ(cbActual);
+ if (pvBuf)
+ rc = RTLdrQueryPropEx(pThis->hLdrMod, RTLDRPROP_PKCS7_SIGNED_DATA, NULL /*pvBits*/,
+ pvBuf, cbBuf, &cbActual);
+ else
+ rc = VERR_NO_MEMORY;
+ }
+ }
+ else
+ rc = VERR_NO_MEMORY;
+
+ pThis->pbBuf = (uint8_t *)pvBuf;
+ pThis->cbBuf = cbActual;
+ if (RT_SUCCESS(rc))
+ {
+ if (cVerbosity > 2)
+ RTPrintf("PKCS#7 signature: %u bytes\n", cbActual);
+ if (cVerbosity > 3)
+ RTPrintf("%.*Rhxd\n", cbActual, pvBuf);
+
+ /*
+ * Decode it.
+ */
+ rc = SignToolPkcs7_Decode(pThis, false /*fCatalog*/);
+ if (RT_SUCCESS(rc))
+ return RTEXITCODE_SUCCESS;
+ }
+ else
+ RTMsgError("RTLdrQueryPropEx/RTLDRPROP_PKCS7_SIGNED_DATA failed on '%s': %Rrc\n", pszFilename, rc);
+ }
+ else if (RT_SUCCESS(rc))
+ {
+ if (!fAllowUnsigned || cVerbosity >= 2)
+ RTMsgInfo("'%s': not signed\n", pszFilename);
+ if (fAllowUnsigned)
+ return RTEXITCODE_SUCCESS;
+ }
+ else
+ RTMsgError("RTLdrQueryProp/RTLDRPROP_IS_SIGNED failed on '%s': %Rrc\n", pszFilename, rc);
+ }
+ else
+ RTMsgError("Error opening executable image '%s': %Rrc", pszFilename, rc);
+
+ SignToolPkcs7Exe_Delete(pThis);
+ return RTEXITCODE_FAILURE;
+}
+
+
+/**
+ * Calculates the checksum of an executable.
+ *
+ * @returns Success indicator (errors are reported)
+ * @param pThis The exe file to checksum.
+ * @param hFile The file handle.
+ * @param puCheckSum Where to return the checksum.
+ */
+static bool SignToolPkcs7Exe_CalcPeCheckSum(PSIGNTOOLPKCS7EXE pThis, RTFILE hFile, uint32_t *puCheckSum)
+{
+#ifdef RT_OS_WINDOWS
+ /*
+ * Try use IMAGEHLP!MapFileAndCheckSumW first.
+ */
+ PRTUTF16 pwszPath;
+ int rc = RTStrToUtf16(pThis->pszFilename, &pwszPath);
+ if (RT_SUCCESS(rc))
+ {
+ decltype(MapFileAndCheckSumW) *pfnMapFileAndCheckSumW;
+ pfnMapFileAndCheckSumW = (decltype(MapFileAndCheckSumW) *)RTLdrGetSystemSymbol("IMAGEHLP.DLL", "MapFileAndCheckSumW");
+ if (pfnMapFileAndCheckSumW)
+ {
+ DWORD uOldSum = UINT32_MAX;
+ DWORD uCheckSum = UINT32_MAX;
+ DWORD dwRc = pfnMapFileAndCheckSumW(pwszPath, &uOldSum, &uCheckSum);
+ if (dwRc == CHECKSUM_SUCCESS)
+ {
+ *puCheckSum = uCheckSum;
+ return true;
+ }
+ }
+ }
+#endif
+
+ RT_NOREF(pThis, hFile, puCheckSum);
+ RTMsgError("Implement check sum calcuation fallback!");
+ return false;
+}
+
+
+/**
+ * Writes the signature to the file.
+ *
+ * This has the side-effect of closing the hLdrMod member. So, it can only be
+ * called once!
+ *
+ * Caller must have called SignToolPkcs7_Encode() prior to this function.
+ *
+ * @returns RTEXITCODE_SUCCESS on success, RTEXITCODE_FAILURE with error
+ * message on failure.
+ * @param pThis The file which to write.
+ * @param cVerbosity The verbosity.
+ */
+static RTEXITCODE SignToolPkcs7Exe_WriteSignatureToFile(PSIGNTOOLPKCS7EXE pThis, unsigned cVerbosity)
+{
+ AssertReturn(pThis->cbNewBuf && pThis->pbNewBuf, RTEXITCODE_FAILURE);
+
+ /*
+ * Get the file header offset and arch before closing the destination handle.
+ */
+ uint32_t offNtHdrs;
+ int rc = RTLdrQueryProp(pThis->hLdrMod, RTLDRPROP_FILE_OFF_HEADER, &offNtHdrs, sizeof(offNtHdrs));
+ if (RT_SUCCESS(rc))
+ {
+ RTLDRARCH enmLdrArch = RTLdrGetArch(pThis->hLdrMod);
+ if (enmLdrArch != RTLDRARCH_INVALID)
+ {
+ RTLdrClose(pThis->hLdrMod);
+ pThis->hLdrMod = NIL_RTLDRMOD;
+ unsigned cbNtHdrs = 0;
+ switch (enmLdrArch)
+ {
+ case RTLDRARCH_AMD64:
+ cbNtHdrs = sizeof(IMAGE_NT_HEADERS64);
+ break;
+ case RTLDRARCH_X86_32:
+ cbNtHdrs = sizeof(IMAGE_NT_HEADERS32);
+ break;
+ default:
+ RTMsgError("Unknown image arch: %d", enmLdrArch);
+ }
+ if (cbNtHdrs > 0)
+ {
+ if (cVerbosity > 0)
+ RTMsgInfo("offNtHdrs=%#x cbNtHdrs=%u\n", offNtHdrs, cbNtHdrs);
+
+ /*
+ * Open the executable file for writing.
+ */
+ RTFILE hFile;
+ rc = RTFileOpen(&hFile, pThis->pszFilename, RTFILE_O_READWRITE | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
+ if (RT_SUCCESS(rc))
+ {
+ /* Read the file header and locate the security directory entry. */
+ union
+ {
+ IMAGE_NT_HEADERS32 NtHdrs32;
+ IMAGE_NT_HEADERS64 NtHdrs64;
+ } uBuf;
+ PIMAGE_DATA_DIRECTORY pSecDir = cbNtHdrs == sizeof(IMAGE_NT_HEADERS64)
+ ? &uBuf.NtHdrs64.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]
+ : &uBuf.NtHdrs32.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
+
+ rc = RTFileReadAt(hFile, offNtHdrs, &uBuf, cbNtHdrs, NULL);
+ if ( RT_SUCCESS(rc)
+ && uBuf.NtHdrs32.Signature == IMAGE_NT_SIGNATURE)
+ {
+ /*
+ * Drop any old signature by truncating the file.
+ */
+ if ( pSecDir->Size > 8
+ && pSecDir->VirtualAddress > offNtHdrs + sizeof(IMAGE_NT_HEADERS32))
+ {
+ rc = RTFileSetSize(hFile, pSecDir->VirtualAddress);
+ if (RT_FAILURE(rc))
+ RTMsgError("Error truncating file to %#x bytes: %Rrc", pSecDir->VirtualAddress, rc);
+ }
+ else if (pSecDir->Size != 0 && pSecDir->VirtualAddress == 0)
+ rc = RTMsgErrorRc(VERR_BAD_EXE_FORMAT, "Bad security directory entry: VA=%#x Size=%#x",
+ pSecDir->VirtualAddress, pSecDir->Size);
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Pad the file with zero up to a WIN_CERTIFICATE_ALIGNMENT boundary.
+ *
+ * Since the hash algorithm hashes everything up to the signature data,
+ * zero padding included, the alignment we do here must match the alignment
+ * padding that done while calculating the hash.
+ */
+ uint32_t const cbWinCert = RT_UOFFSETOF(WIN_CERTIFICATE, bCertificate);
+ uint64_t offCur = 0;
+ rc = RTFileQuerySize(hFile, &offCur);
+ if ( RT_SUCCESS(rc)
+ && offCur < _2G)
+ {
+ if (offCur != RT_ALIGN_64(offCur, WIN_CERTIFICATE_ALIGNMENT))
+ {
+ uint32_t const cbNeeded = (uint32_t)(RT_ALIGN_64(offCur, WIN_CERTIFICATE_ALIGNMENT) - offCur);
+ rc = RTFileWriteAt(hFile, offCur, g_abRTZero4K, cbNeeded, NULL);
+ if (RT_SUCCESS(rc))
+ offCur += cbNeeded;
+ }
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Write the header followed by the signature data.
+ */
+ uint32_t const cbZeroPad = (uint32_t)(RT_ALIGN_Z(pThis->cbNewBuf, 8) - pThis->cbNewBuf);
+ pSecDir->VirtualAddress = (uint32_t)offCur;
+ pSecDir->Size = cbWinCert + (uint32_t)pThis->cbNewBuf + cbZeroPad;
+ if (cVerbosity >= 2)
+ RTMsgInfo("Writing %u (%#x) bytes of signature at %#x (%u).\n",
+ pSecDir->Size, pSecDir->Size, pSecDir->VirtualAddress, pSecDir->VirtualAddress);
+
+ WIN_CERTIFICATE WinCert;
+ WinCert.dwLength = pSecDir->Size;
+ WinCert.wRevision = WIN_CERT_REVISION_2_0;
+ WinCert.wCertificateType = WIN_CERT_TYPE_PKCS_SIGNED_DATA;
+
+ rc = RTFileWriteAt(hFile, offCur, &WinCert, cbWinCert, NULL);
+ if (RT_SUCCESS(rc))
+ {
+ offCur += cbWinCert;
+ rc = RTFileWriteAt(hFile, offCur, pThis->pbNewBuf, pThis->cbNewBuf, NULL);
+ }
+ if (RT_SUCCESS(rc) && cbZeroPad)
+ {
+ offCur += pThis->cbNewBuf;
+ rc = RTFileWriteAt(hFile, offCur, g_abRTZero4K, cbZeroPad, NULL);
+ }
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Reset the checksum (sec dir updated already) and rewrite the header.
+ */
+ uBuf.NtHdrs32.OptionalHeader.CheckSum = 0;
+ offCur = offNtHdrs;
+ rc = RTFileWriteAt(hFile, offNtHdrs, &uBuf, cbNtHdrs, NULL);
+ if (RT_SUCCESS(rc))
+ rc = RTFileFlush(hFile);
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Calc checksum and write out the header again.
+ */
+ uint32_t uCheckSum = UINT32_MAX;
+ if (SignToolPkcs7Exe_CalcPeCheckSum(pThis, hFile, &uCheckSum))
+ {
+ uBuf.NtHdrs32.OptionalHeader.CheckSum = uCheckSum;
+ rc = RTFileWriteAt(hFile, offNtHdrs, &uBuf, cbNtHdrs, NULL);
+ if (RT_SUCCESS(rc))
+ rc = RTFileFlush(hFile);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTFileClose(hFile);
+ if (RT_SUCCESS(rc))
+ return RTEXITCODE_SUCCESS;
+ RTMsgError("RTFileClose failed: %Rrc\n", rc);
+ return RTEXITCODE_FAILURE;
+ }
+ }
+ }
+ }
+ }
+ if (RT_FAILURE(rc))
+ RTMsgError("Write error at %#RX64: %Rrc", offCur, rc);
+ }
+ else if (RT_SUCCESS(rc))
+ RTMsgError("File to big: %'RU64 bytes", offCur);
+ else
+ RTMsgError("RTFileQuerySize failed: %Rrc", rc);
+ }
+ }
+ else if (RT_SUCCESS(rc))
+ RTMsgError("Not NT executable header!");
+ else
+ RTMsgError("Error reading NT headers (%#x bytes) at %#x: %Rrc", cbNtHdrs, offNtHdrs, rc);
+ RTFileClose(hFile);
+ }
+ else
+ RTMsgError("Failed to open '%s' for writing: %Rrc", pThis->pszFilename, rc);
+ }
+ }
+ else
+ RTMsgError("RTLdrGetArch failed!");
+ }
+ else
+ RTMsgError("RTLdrQueryProp/RTLDRPROP_FILE_OFF_HEADER failed: %Rrc", rc);
+ return RTEXITCODE_FAILURE;
+}
+
+#ifndef IPRT_SIGNTOOL_NO_SIGNING
+
+static PRTCRPKCS7ATTRIBUTE SignToolPkcs7_AuthAttribAppend(PRTCRPKCS7ATTRIBUTES pAuthAttribs)
+{
+ int32_t iPos = RTCrPkcs7Attributes_Append(pAuthAttribs);
+ if (iPos >= 0)
+ return pAuthAttribs->papItems[iPos];
+ RTMsgError("RTCrPkcs7Attributes_Append failed: %Rrc", iPos);
+ return NULL;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AuthAttribsAddSigningTime(PRTCRPKCS7ATTRIBUTES pAuthAttribs, RTTIMESPEC SigningTime)
+{
+ /*
+ * Signing time. For the old-style timestamps, Symantec used ASN.1 UTC TIME.
+ * start -vv vv=ASN1_TAG_UTC_TIME
+ * 00000187d6a65fd0/23b0: 0d 01 09 05 31 0f 17 0d-31 36 31 30 30 35 30 37 ....1...16100507
+ * 00000187d6a65fe0/23c0: 35 30 33 30 5a 30 23 06-09 2a 86 48 86 f7 0d 01 5030Z0#..*.H....
+ * ^^- end 2016-10-05T07:50:30.000000000Z (161005075030Z)
+ */
+ PRTCRPKCS7ATTRIBUTE pAttr = SignToolPkcs7_AuthAttribAppend(pAuthAttribs);
+ if (!pAttr)
+ return RTEXITCODE_FAILURE;
+
+ int rc = RTCrPkcs7Attribute_SetSigningTime(pAttr, NULL, pAuthAttribs->Allocation.pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrPkcs7Attribute_SetSigningTime failed: %Rrc", rc);
+
+ /* Create the timestamp. */
+ int32_t iPos = RTAsn1SetOfTimes_Append(pAttr->uValues.pSigningTime);
+ if (iPos < 0)
+ return RTMsgErrorExitFailure("RTAsn1SetOfTimes_Append failed: %Rrc", iPos);
+
+ PRTASN1TIME pTime = pAttr->uValues.pSigningTime->papItems[iPos];
+ rc = RTAsn1Time_SetTimeSpec(pTime, pAttr->Allocation.pAllocator, &SigningTime);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1Time_SetTimeSpec failed: %Rrc", rc);
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AuthAttribsAddSpcOpusInfo(PRTCRPKCS7ATTRIBUTES pAuthAttribs, void *pvInfo)
+{
+ /** @todo The OpusInfo is a structure with an optional SpcString and an
+ * optional SpcLink (url). The two attributes can be set using the /d and /du
+ * options of MS signtool.exe, I think. We shouldn't be using them atm. */
+
+ PRTCRPKCS7ATTRIBUTE pAttr = SignToolPkcs7_AuthAttribAppend(pAuthAttribs);
+ if (!pAttr)
+ return RTEXITCODE_FAILURE;
+
+ int rc = RTCrPkcs7Attribute_SetMsStatementType(pAttr, NULL, pAuthAttribs->Allocation.pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrPkcs7Attribute_SetMsStatementType failed: %Rrc", rc);
+
+ /* Override the ID. */
+ rc = RTAsn1ObjId_SetFromString(&pAttr->Type, RTCR_PKCS9_ID_MS_SP_OPUS_INFO, pAuthAttribs->Allocation.pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1ObjId_SetFromString failed: %Rrc", rc);
+
+ /* Add attribute value entry. */
+ int32_t iPos = RTAsn1SetOfObjIdSeqs_Append(pAttr->uValues.pObjIdSeqs);
+ if (iPos < 0)
+ return RTMsgErrorExitFailure("RTAsn1SetOfObjIdSeqs_Append failed: %Rrc", iPos);
+
+ RT_NOREF(pvInfo); Assert(!pvInfo);
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AuthAttribsAddMsStatementType(PRTCRPKCS7ATTRIBUTES pAuthAttribs, const char *pszTypeId)
+{
+ PRTCRPKCS7ATTRIBUTE pAttr = SignToolPkcs7_AuthAttribAppend(pAuthAttribs);
+ if (!pAttr)
+ return RTEXITCODE_FAILURE;
+
+ int rc = RTCrPkcs7Attribute_SetMsStatementType(pAttr, NULL, pAuthAttribs->Allocation.pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrPkcs7Attribute_SetMsStatementType failed: %Rrc", rc);
+
+ /* Add attribute value entry. */
+ int32_t iPos = RTAsn1SetOfObjIdSeqs_Append(pAttr->uValues.pObjIdSeqs);
+ if (iPos < 0)
+ return RTMsgErrorExitFailure("RTAsn1SetOfObjIdSeqs_Append failed: %Rrc", iPos);
+ PRTASN1SEQOFOBJIDS pSeqObjIds = pAttr->uValues.pObjIdSeqs->papItems[iPos];
+
+ /* Add a object id to the value. */
+ RTASN1OBJID ObjIdValue;
+ rc = RTAsn1ObjId_InitFromString(&ObjIdValue, pszTypeId, &g_RTAsn1DefaultAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1ObjId_InitFromString/%s failed: %Rrc", pszTypeId, rc);
+
+ rc = RTAsn1SeqOfObjIds_InsertEx(pSeqObjIds, 0 /*iPos*/, &ObjIdValue, &g_RTAsn1DefaultAllocator, NULL);
+ RTAsn1ObjId_Delete(&ObjIdValue);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1SeqOfObjIds_InsertEx failed: %Rrc", rc);
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AuthAttribsAddContentType(PRTCRPKCS7ATTRIBUTES pAuthAttribs, const char *pszContentTypeId)
+{
+ PRTCRPKCS7ATTRIBUTE pAttr = SignToolPkcs7_AuthAttribAppend(pAuthAttribs);
+ if (!pAttr)
+ return RTEXITCODE_FAILURE;
+
+ int rc = RTCrPkcs7Attribute_SetContentType(pAttr, NULL, pAuthAttribs->Allocation.pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrPkcs7Attribute_SetContentType failed: %Rrc", rc);
+
+ /* Add a object id to the value. */
+ RTASN1OBJID ObjIdValue;
+ rc = RTAsn1ObjId_InitFromString(&ObjIdValue, pszContentTypeId, pAuthAttribs->Allocation.pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1ObjId_InitFromString/%s failed: %Rrc", pszContentTypeId, rc);
+
+ rc = RTAsn1SetOfObjIds_InsertEx(pAttr->uValues.pObjIds, 0 /*iPos*/, &ObjIdValue, pAuthAttribs->Allocation.pAllocator, NULL);
+ RTAsn1ObjId_Delete(&ObjIdValue);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1SetOfObjIds_InsertEx failed: %Rrc", rc);
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AddAuthAttribsForTimestamp(PRTCRPKCS7ATTRIBUTES pAuthAttribs, TIMESTAMPTYPE enmTimestampType,
+ RTTIMESPEC SigningTime, PCRTCRX509CERTIFICATE pTimestampCert)
+{
+ /*
+ * Add content type.
+ */
+ RTEXITCODE rcExit = SignToolPkcs7_AuthAttribsAddContentType(pAuthAttribs,
+ enmTimestampType == kTimestampType_Old
+ ? RTCR_PKCS7_DATA_OID : RTCRTSPTSTINFO_OID);
+ if (rcExit != RTEXITCODE_SUCCESS)
+ return rcExit;
+
+ /*
+ * Add signing time.
+ */
+ rcExit = SignToolPkcs7_AuthAttribsAddSigningTime(pAuthAttribs, SigningTime);
+ if (rcExit != RTEXITCODE_SUCCESS)
+ return rcExit;
+
+ /*
+ * More later if we want to support fTimestampTypeOld = false perhaps?
+ */
+ Assert(enmTimestampType == kTimestampType_Old);
+ RT_NOREF(pTimestampCert);
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AddAuthAttribsForImageOrCatSignature(PRTCRPKCS7ATTRIBUTES pAuthAttribs, RTTIMESPEC SigningTime,
+ bool fNoSigningTime, const char *pszContentTypeId)
+{
+ /*
+ * Add SpcOpusInfo. No attribute values.
+ * SEQ start -vv vv- Type ObjId
+ * 1c60: 0e 03 02 1a 05 00 a0 70-30 10 06 0a 2b 06 01 04 .......p0...+...
+ * 1c70: 01 82 37 02 01 0c 31 02-30 00 30 19 06 09 2a 86 ..7...1.0.0...*.
+ * Set Of -^^ ^^- Empty Sequence.
+ */
+ RTEXITCODE rcExit = SignToolPkcs7_AuthAttribsAddSpcOpusInfo(pAuthAttribs, NULL /*pvInfo - none*/);
+ if (rcExit != RTEXITCODE_SUCCESS)
+ return rcExit;
+
+ /*
+ * Add ContentType = Ms-SpcIndirectDataContext?
+ * SEQ start -vv vv- Type ObjId
+ * 1c70: 01 82 37 02 01 0c 31 02-30 00 30 19 06 09 2a 86 ..7...1.0.0...*.
+ * 1c80: 48 86 f7 0d 01 09 03 31-0c 06 0a 2b 06 01 04 01 H......1...+....
+ * 1c90: 82 37 02 01 04 ^^- ^^- ObjId
+ * ^- Set Of
+ */
+ rcExit = SignToolPkcs7_AuthAttribsAddContentType(pAuthAttribs, pszContentTypeId);
+ if (rcExit != RTEXITCODE_SUCCESS)
+ return rcExit;
+
+ /*
+ * Add Ms-SpcStatementType = Ms-SpcIndividualCodeSigning.
+ * SEQ start -vv vv- Type ObjId
+ * 1c90: 82 37 02 01 04 30 1c 06-0a 2b 06 01 04 01 82 37 .7...0...+.....7
+ * 1ca0: 02 01 0b 31 0e 30 0c 06-0a 2b 06 01 04 01 82 37 ...1.0...+.....7
+ * 1cb0: 02 01 15 ^^ ^^ ^^- ObjId
+ * Set Of -^^ ^^- Sequence Of
+ */
+ rcExit = SignToolPkcs7_AuthAttribsAddMsStatementType(pAuthAttribs, RTCRSPC_STMT_TYPE_INDIVIDUAL_CODE_SIGNING);
+ if (rcExit != RTEXITCODE_SUCCESS)
+ return rcExit;
+
+ /*
+ * Add signing time. We add this, even if signtool.exe, since OpenSSL will always do it otherwise.
+ */
+ if (!fNoSigningTime) /** @todo requires disabling the code in do_pkcs7_signed_attrib that adds it when absent */
+ {
+ rcExit = SignToolPkcs7_AuthAttribsAddSigningTime(pAuthAttribs, SigningTime);
+ if (rcExit != RTEXITCODE_SUCCESS)
+ return rcExit;
+ }
+
+ /** @todo more? Some certificate stuff? */
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AppendCounterSignature(PRTCRPKCS7SIGNERINFO pSignerInfo,
+ PCRTCRPKCS7SIGNERINFO pCounterSignerInfo, unsigned cVerbosity)
+{
+ /* Make sure the UnauthenticatedAttributes member is there. */
+ RTEXITCODE rcExit = SignToolPkcs7_EnsureUnauthenticatedAttributesPresent(pSignerInfo);
+ if (rcExit != RTEXITCODE_SUCCESS)
+ return rcExit;
+
+#if 0 /* Windows won't accept multiple timestamps either way. Doing the latter as it makes more sense to me... */
+ /* Append an entry to UnauthenticatedAttributes. */
+ uint32_t iPos;
+ int rc = RTCrPkcs7Attributes_InsertEx(&pSignerInfo->UnauthenticatedAttributes, 0 /*iPosition*/, NULL /*pToClone*/,
+ &g_RTAsn1DefaultAllocator, &iPos);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrPkcs7Attributes_Append failed: %Rrc", rc);
+ Assert(iPos < pSignerInfo->UnauthenticatedAttributes.cItems); Assert(iPos == 0);
+ PRTCRPKCS7ATTRIBUTE pAttr = pSignerInfo->UnauthenticatedAttributes.papItems[iPos];
+
+ if (cVerbosity >= 2)
+ RTMsgInfo("Adding UnauthenticatedAttribute #%u...", iPos);
+#else
+ /* Look up the counter signature attribute, create one if needed. */
+ int rc;
+ uint32_t iPos = 0;
+ PRTCRPKCS7ATTRIBUTE pAttr = NULL;
+ for (; iPos < pSignerInfo->UnauthenticatedAttributes.cItems; iPos++)
+ {
+ pAttr = pSignerInfo->UnauthenticatedAttributes.papItems[iPos];
+ if (pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_COUNTER_SIGNATURES)
+ break;
+ }
+ if (iPos >= pSignerInfo->UnauthenticatedAttributes.cItems)
+ {
+ /* Append a new entry to UnauthenticatedAttributes. */
+ rc = RTCrPkcs7Attributes_InsertEx(&pSignerInfo->UnauthenticatedAttributes, 0 /*iPosition*/, NULL /*pToClone*/,
+ &g_RTAsn1DefaultAllocator, &iPos);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrPkcs7Attributes_Append failed: %Rrc", rc);
+ Assert(iPos < pSignerInfo->UnauthenticatedAttributes.cItems); Assert(iPos == 0);
+ pAttr = pSignerInfo->UnauthenticatedAttributes.papItems[iPos];
+
+ /* Create the attrib and its sub-set of counter signatures. */
+ rc = RTCrPkcs7Attribute_SetCounterSignatures(pAttr, NULL, pAttr->Allocation.pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrPkcs7Attribute_SetCounterSignatures failed: %Rrc", rc);
+ }
+
+ if (cVerbosity >= 2)
+ RTMsgInfo("Adding UnauthenticatedAttribute #%u.%u...", iPos, pAttr->uValues.pCounterSignatures->cItems);
+
+#endif
+
+ /* Insert the counter signature. */
+ rc = RTCrPkcs7SignerInfos_InsertEx(pAttr->uValues.pCounterSignatures, pAttr->uValues.pCounterSignatures->cItems /*iPosition*/,
+ pCounterSignerInfo, pAttr->Allocation.pAllocator, NULL);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrPkcs7SignerInfos_InsertEx failed: %Rrc", rc);
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AppendCertificate(PRTCRPKCS7SIGNEDDATA pSignedData, PCRTCRX509CERTIFICATE pCertToAppend)
+{
+ if (pSignedData->Certificates.cItems == 0 && !RTCrPkcs7SetOfCerts_IsPresent(&pSignedData->Certificates))
+ return RTMsgErrorExitFailure("PKCS#7 signature includes no certificates! Didn't expect that");
+
+ /* Already there? */
+ PCRTCRX509CERTIFICATE pExisting
+ = RTCrPkcs7SetOfCerts_FindX509ByIssuerAndSerialNumber(&pSignedData->Certificates, &pCertToAppend->TbsCertificate.Issuer,
+ &pCertToAppend->TbsCertificate.SerialNumber);
+ if (!pExisting || RTCrX509Certificate_Compare(pExisting, pCertToAppend) != 0)
+ {
+ /* Prepend a RTCRPKCS7CERT entry. */
+ uint32_t iPos;
+ int rc = RTCrPkcs7SetOfCerts_InsertEx(&pSignedData->Certificates, 0 /*iPosition*/, NULL /*pToClone*/,
+ &g_RTAsn1DefaultAllocator, &iPos);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrPkcs7SetOfCerts_Append failed: %Rrc", rc);
+ PRTCRPKCS7CERT pCertEntry = pSignedData->Certificates.papItems[iPos];
+
+ /* Set (clone) the certificate. */
+ rc = RTCrPkcs7Cert_SetX509Cert(pCertEntry, pCertToAppend, pCertEntry->Allocation.pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrPkcs7Cert_X509Cert failed: %Rrc", rc);
+ }
+ return RTEXITCODE_SUCCESS;
+}
+
+#ifdef RT_OS_WINDOWS
+
+static PCRTUTF16 GetBCryptNameFromCrDigest(RTCRDIGEST hDigest)
+{
+ switch (RTCrDigestGetType(hDigest))
+ {
+ case RTDIGESTTYPE_MD2: return BCRYPT_MD2_ALGORITHM;
+ case RTDIGESTTYPE_MD4: return BCRYPT_MD4_ALGORITHM;
+ case RTDIGESTTYPE_SHA1: return BCRYPT_SHA1_ALGORITHM;
+ case RTDIGESTTYPE_SHA256: return BCRYPT_SHA256_ALGORITHM;
+ case RTDIGESTTYPE_SHA384: return BCRYPT_SHA384_ALGORITHM;
+ case RTDIGESTTYPE_SHA512: return BCRYPT_SHA512_ALGORITHM;
+ default:
+ RTMsgError("No BCrypt translation for %s/%d!", RTCrDigestGetAlgorithmOid(hDigest), RTCrDigestGetType(hDigest));
+ return L"No BCrypt translation";
+ }
+}
+
+static RTEXITCODE
+SignToolPkcs7_Pkcs7SignStuffAgainWithReal(const char *pszWhat, SignToolKeyPair *pCertKeyPair, unsigned cVerbosity,
+ PRTCRPKCS7CONTENTINFO pContentInfo, void **ppvSigned, size_t *pcbSigned)
+
+{
+ RT_NOREF(cVerbosity);
+
+ /*
+ * First remove the fake certificate from the PKCS7 structure and insert the real one.
+ */
+ PRTCRPKCS7SIGNEDDATA pSignedData = pContentInfo->u.pSignedData;
+ unsigned iCert = pSignedData->Certificates.cItems;
+ unsigned cErased = 0;
+ while (iCert-- > 0)
+ {
+ PCRTCRPKCS7CERT pCert = pSignedData->Certificates.papItems[iCert];
+ if ( pCert->enmChoice == RTCRPKCS7CERTCHOICE_X509
+ && RTCrX509Certificate_MatchIssuerAndSerialNumber(pCert->u.pX509Cert,
+ &pCertKeyPair->pCertificate->TbsCertificate.Issuer,
+ &pCertKeyPair->pCertificate->TbsCertificate.SerialNumber))
+ {
+ RTCrPkcs7SetOfCerts_Erase(&pSignedData->Certificates, iCert);
+ cErased++;
+ }
+ }
+ if (cErased == 0)
+ return RTMsgErrorExitFailure("(%s) Failed to find temporary signing certificate in PKCS#7 from OpenSSL: %u certs",
+ pszWhat, pSignedData->Certificates.cItems);
+
+ /* Then insert the real signing certificate. */
+ PCRTCRX509CERTIFICATE const pRealCertificate = pCertKeyPair->getRealCertificate();
+ RTEXITCODE rcExit = SignToolPkcs7_AppendCertificate(pSignedData, pRealCertificate);
+ if (rcExit != RTEXITCODE_SUCCESS)
+ return rcExit;
+
+ /*
+ * Modify the signer info to reflect the real certificate.
+ */
+ PRTCRPKCS7SIGNERINFO pSignerInfo = pSignedData->SignerInfos.papItems[0];
+ RTCrX509Name_Delete(&pSignerInfo->IssuerAndSerialNumber.Name);
+ int rc = RTCrX509Name_Clone(&pSignerInfo->IssuerAndSerialNumber.Name,
+ &pRealCertificate->TbsCertificate.Issuer, &g_RTAsn1DefaultAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("(%s) RTCrX509Name_Clone failed: %Rrc", pszWhat, rc);
+
+ RTAsn1Integer_Delete(&pSignerInfo->IssuerAndSerialNumber.SerialNumber);
+ rc = RTAsn1Integer_Clone(&pSignerInfo->IssuerAndSerialNumber.SerialNumber,
+ &pRealCertificate->TbsCertificate.SerialNumber, &g_RTAsn1DefaultAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("(%s) RTAsn1Integer_Clone failed: %Rrc", pszWhat, rc);
+
+ /* There shouldn't be anything in the authenticated attributes that
+ we need to modify... */
+
+ /*
+ * Now a create a new signature using the real key. Since we haven't modified
+ * the authenticated attributes, we can just hash them as-is.
+ */
+ /* Create the hash to sign. */
+ RTCRDIGEST hDigest;
+ rc = RTCrDigestCreateByObjId(&hDigest, &pSignerInfo->DigestAlgorithm.Algorithm);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("(%s) RTCrDigestCreateByObjId failed on '%s': %Rrc",
+ pszWhat, pSignerInfo->DigestAlgorithm.Algorithm.szObjId, rc);
+
+ rcExit = RTEXITCODE_FAILURE;
+ RTERRINFOSTATIC ErrInfo;
+ rc = RTCrPkcs7Attributes_HashAttributes(&pSignerInfo->AuthenticatedAttributes, hDigest, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ BCRYPT_PKCS1_PADDING_INFO PaddingInfo = { GetBCryptNameFromCrDigest(hDigest) };
+ DWORD cbSignature = 0;
+ SECURITY_STATUS rcNCrypt = NCryptSignHash(pCertKeyPair->hNCryptPrivateKey, &PaddingInfo,
+ (PBYTE)RTCrDigestGetHash(hDigest), RTCrDigestGetHashSize(hDigest),
+ NULL, 0, &cbSignature, NCRYPT_SILENT_FLAG | BCRYPT_PAD_PKCS1);
+ if (rcNCrypt == ERROR_SUCCESS)
+ {
+ if (cVerbosity)
+ RTMsgInfo("PaddingInfo: '%ls' cb=%#x, was %#zx\n",
+ PaddingInfo.pszAlgId, cbSignature, pSignerInfo->EncryptedDigest.Asn1Core.cb);
+
+ rc = RTAsn1OctetString_AllocContent(&pSignerInfo->EncryptedDigest, NULL /*pvSrc*/, cbSignature,
+ &g_RTAsn1DefaultAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ Assert(pSignerInfo->EncryptedDigest.Asn1Core.uData.pv);
+ rcNCrypt = NCryptSignHash(pCertKeyPair->hNCryptPrivateKey, &PaddingInfo,
+ (PBYTE)RTCrDigestGetHash(hDigest), RTCrDigestGetHashSize(hDigest),
+ (PBYTE)pSignerInfo->EncryptedDigest.Asn1Core.uData.pv, cbSignature, &cbSignature,
+ /*NCRYPT_SILENT_FLAG |*/ BCRYPT_PAD_PKCS1);
+ if (rcNCrypt == ERROR_SUCCESS)
+ {
+ /*
+ * Now we need to re-encode the whole thing and decode it again.
+ */
+ PRTASN1CORE pRoot = RTCrPkcs7ContentInfo_GetAsn1Core(pContentInfo);
+ uint32_t cbRealSigned;
+ rc = RTAsn1EncodePrepare(pRoot, RTASN1ENCODE_F_DER, &cbRealSigned, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ void *pvRealSigned = RTMemAllocZ(cbRealSigned);
+ if (pvRealSigned)
+ {
+ rc = RTAsn1EncodeToBuffer(pRoot, RTASN1ENCODE_F_DER, pvRealSigned, cbRealSigned,
+ RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ /* Decode it */
+ RTCrPkcs7ContentInfo_Delete(pContentInfo);
+
+ RTASN1CURSORPRIMARY PrimaryCursor;
+ RTAsn1CursorInitPrimary(&PrimaryCursor, pvRealSigned, cbRealSigned, RTErrInfoInitStatic(&ErrInfo),
+ &g_RTAsn1DefaultAllocator, 0, pszWhat);
+ rc = RTCrPkcs7ContentInfo_DecodeAsn1(&PrimaryCursor.Cursor, 0, pContentInfo, "CI");
+ if (RT_SUCCESS(rc))
+ {
+ Assert(RTCrPkcs7ContentInfo_IsSignedData(pContentInfo));
+
+ /* Almost done! Just replace output buffer. */
+ RTMemFree(*ppvSigned);
+ *ppvSigned = pvRealSigned;
+ *pcbSigned = cbRealSigned;
+ pvRealSigned = NULL;
+ rcExit = RTEXITCODE_SUCCESS;
+ }
+ else
+ RTMsgError("(%s) RTCrPkcs7ContentInfo_DecodeAsn1 failed: %Rrc%#RTeim",
+ pszWhat, rc, &ErrInfo.Core);
+ }
+ else
+ RTMsgError("(%s) RTAsn1EncodeToBuffer failed: %Rrc%#RTeim", pszWhat, rc, &ErrInfo.Core);
+
+ RTMemFree(pvRealSigned);
+ }
+ else
+ RTMsgError("(%s) Failed to allocate %u bytes!", pszWhat, cbRealSigned);
+ }
+ else
+ RTMsgError("(%s) RTAsn1EncodePrepare failed: %Rrc%#RTeim", pszWhat, rc, &ErrInfo.Core);
+ }
+ else
+ RTMsgError("(%s) NCryptSignHash/2 failed: %Rwc %#x (%u)", pszWhat, rcNCrypt, rcNCrypt, rcNCrypt);
+ }
+ else
+ RTMsgError("(%s) RTAsn1OctetString_AllocContent(,,%#x) failed: %Rrc", pszWhat, cbSignature, rc);
+ }
+ else
+ RTMsgError("(%s) NCryptSignHash/1 failed: %Rwc %#x (%u)", pszWhat, rcNCrypt, rcNCrypt, rcNCrypt);
+ }
+ else
+ RTMsgError("(%s) RTCrPkcs7Attributes_HashAttributes failed: %Rrc%#RTeim", pszWhat, rc, &ErrInfo.Core);
+ RTCrDigestRelease(hDigest);
+ return rcExit;
+}
+
+#endif /* RT_OS_WINDOWS */
+
+static RTEXITCODE SignToolPkcs7_Pkcs7SignStuffInner(const char *pszWhat, const void *pvToDataToSign, size_t cbToDataToSign,
+ PCRTCRPKCS7ATTRIBUTES pAuthAttribs, RTCRSTORE hAdditionalCerts,
+ uint32_t fExtraFlags, RTDIGESTTYPE enmDigestType,
+ SignToolKeyPair *pCertKeyPair, unsigned cVerbosity,
+ void **ppvSigned, size_t *pcbSigned, PRTCRPKCS7CONTENTINFO pContentInfo,
+ PRTCRPKCS7SIGNEDDATA *ppSignedData)
+{
+ *ppvSigned = NULL;
+ if (pcbSigned)
+ *pcbSigned = 0;
+ if (ppSignedData)
+ *ppSignedData = NULL;
+
+ /* Figure out how large the signature will be. */
+ uint32_t const fSignFlags = RTCRPKCS7SIGN_SD_F_USE_V1 | RTCRPKCS7SIGN_SD_F_NO_SMIME_CAP | fExtraFlags;
+ size_t cbSigned = 1024;
+ RTERRINFOSTATIC ErrInfo;
+ int rc = RTCrPkcs7SimpleSignSignedData(fSignFlags, pCertKeyPair->pCertificate, pCertKeyPair->hPrivateKey,
+ pvToDataToSign, cbToDataToSign,enmDigestType, hAdditionalCerts, pAuthAttribs,
+ NULL, &cbSigned, RTErrInfoInitStatic(&ErrInfo));
+ if (rc != VERR_BUFFER_OVERFLOW)
+ return RTMsgErrorExitFailure("(%s) RTCrPkcs7SimpleSignSignedData failed: %Rrc%#RTeim", pszWhat, rc, &ErrInfo.Core);
+
+ /* Allocate memory for it and do the actual signing. */
+ void *pvSigned = RTMemAllocZ(cbSigned);
+ if (!pvSigned)
+ return RTMsgErrorExitFailure("(%s) Failed to allocate %#zx bytes for %s signature", pszWhat, cbSigned, pszWhat);
+ rc = RTCrPkcs7SimpleSignSignedData(fSignFlags, pCertKeyPair->pCertificate, pCertKeyPair->hPrivateKey,
+ pvToDataToSign, cbToDataToSign, enmDigestType, hAdditionalCerts, pAuthAttribs,
+ pvSigned, &cbSigned, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ if (cVerbosity > 2)
+ RTMsgInfo("%s signature: %#zx bytes\n%.*Rhxd\n", pszWhat, cbSigned, cbSigned, pvSigned);
+
+ /*
+ * Decode the signature and check that it is SignedData.
+ */
+ RTASN1CURSORPRIMARY PrimaryCursor;
+ RTAsn1CursorInitPrimary(&PrimaryCursor, pvSigned, (uint32_t)cbSigned, RTErrInfoInitStatic(&ErrInfo),
+ &g_RTAsn1DefaultAllocator, 0, pszWhat);
+ rc = RTCrPkcs7ContentInfo_DecodeAsn1(&PrimaryCursor.Cursor, 0, pContentInfo, "CI");
+ if (RT_SUCCESS(rc))
+ {
+ if (RTCrPkcs7ContentInfo_IsSignedData(pContentInfo))
+ {
+#ifdef RT_OS_WINDOWS
+ /*
+ * If we're using a fake key+cert, we now have to re-do the signing using the real
+ * key+cert and the windows crypto API. This kludge is necessary because we can't
+ * typically get that the encoded private key, so it isn't possible to feed it to
+ * openssl.
+ */
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ if (pCertKeyPair->pCertificateReal)
+ rcExit = SignToolPkcs7_Pkcs7SignStuffAgainWithReal(pszWhat, pCertKeyPair, cVerbosity, pContentInfo,
+ &pvSigned, &cbSigned);
+ if (rcExit == RTEXITCODE_SUCCESS)
+#endif
+ {
+ /*
+ * Set returns and maybe display the result before returning.
+ */
+ *ppvSigned = pvSigned;
+ if (pcbSigned)
+ *pcbSigned = cbSigned;
+ if (ppSignedData)
+ *ppSignedData = pContentInfo->u.pSignedData;
+
+ if (cVerbosity)
+ {
+ SHOWEXEPKCS7 ShowExe;
+ RT_ZERO(ShowExe);
+ ShowExe.cVerbosity = cVerbosity;
+ HandleShowExeWorkerPkcs7Display(&ShowExe, pContentInfo->u.pSignedData, 0, pContentInfo);
+ }
+ return RTEXITCODE_SUCCESS;
+ }
+ }
+
+ RTMsgError("(%s) RTCrPkcs7SimpleSignSignedData did not create SignedData: %s",
+ pszWhat, pContentInfo->ContentType.szObjId);
+ }
+ else
+ RTMsgError("(%s) RTCrPkcs7ContentInfo_DecodeAsn1 failed: %Rrc%#RTeim", pszWhat, rc, &ErrInfo.Core);
+ RTCrPkcs7ContentInfo_Delete(pContentInfo);
+ }
+ RTMemFree(pvSigned);
+ return RTEXITCODE_FAILURE;
+}
+
+
+static RTEXITCODE SignToolPkcs7_Pkcs7SignStuff(const char *pszWhat, const void *pvToDataToSign, size_t cbToDataToSign,
+ PCRTCRPKCS7ATTRIBUTES pAuthAttribs, RTCRSTORE hAdditionalCerts,
+ uint32_t fExtraFlags, RTDIGESTTYPE enmDigestType, SignToolKeyPair *pCertKeyPair,
+ unsigned cVerbosity, void **ppvSigned, size_t *pcbSigned,
+ PRTCRPKCS7CONTENTINFO pContentInfo, PRTCRPKCS7SIGNEDDATA *ppSignedData)
+{
+ /*
+ * Gather all additional certificates before doing the actual work.
+ */
+ RTCRSTORE hAllAdditionalCerts = pCertKeyPair->assembleAllAdditionalCertificates(hAdditionalCerts);
+ if (hAllAdditionalCerts == NIL_RTCRSTORE)
+ return RTEXITCODE_FAILURE;
+ RTEXITCODE rcExit = SignToolPkcs7_Pkcs7SignStuffInner(pszWhat, pvToDataToSign, cbToDataToSign, pAuthAttribs,
+ hAllAdditionalCerts, fExtraFlags, enmDigestType, pCertKeyPair,
+ cVerbosity, ppvSigned, pcbSigned, pContentInfo, ppSignedData);
+ RTCrStoreRelease(hAllAdditionalCerts);
+ return rcExit;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AddTimestampSignatureEx(PRTCRPKCS7SIGNERINFO pSignerInfo, PRTCRPKCS7SIGNEDDATA pSignedData,
+ unsigned cVerbosity, bool fReplaceExisting,
+ RTTIMESPEC SigningTime, SignToolTimestampOpts *pTimestampOpts)
+{
+ AssertReturn(!pTimestampOpts->isNewType(), RTMsgErrorExitFailure("New style signatures not supported yet"));
+
+ /*
+ * Create a set of attributes we need to include in the AuthenticatedAttributes
+ * of the timestamp signature.
+ */
+ RTCRPKCS7ATTRIBUTES AuthAttribs;
+ int rc = RTCrPkcs7Attributes_Init(&AuthAttribs, &g_RTAsn1DefaultAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrPkcs7SetOfAttributes_Init failed: %Rrc", rc);
+
+ RTEXITCODE rcExit = SignToolPkcs7_AddAuthAttribsForTimestamp(&AuthAttribs, pTimestampOpts->m_enmType, SigningTime,
+ pTimestampOpts->getRealCertificate());
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ /*
+ * Now create a PKCS#7 signature of the encrypted signature from the selected signer info.
+ */
+ void *pvSigned = NULL;
+ PRTCRPKCS7SIGNEDDATA pTsSignedData = NULL;
+ RTCRPKCS7CONTENTINFO TsContentInfo;
+ rcExit = SignToolPkcs7_Pkcs7SignStuffInner("timestamp", pSignerInfo->EncryptedDigest.Asn1Core.uData.pv,
+ pSignerInfo->EncryptedDigest.Asn1Core.cb, &AuthAttribs,
+ NIL_RTCRSTORE /*hAdditionalCerts*/, RTCRPKCS7SIGN_SD_F_DEATCHED,
+ RTDIGESTTYPE_SHA1, pTimestampOpts, cVerbosity,
+ &pvSigned, NULL /*pcbSigned*/, &TsContentInfo, &pTsSignedData);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+
+ /*
+ * If we're replacing existing timestamp signatures, remove old ones now.
+ */
+ if ( fReplaceExisting
+ && RTCrPkcs7Attributes_IsPresent(&pSignerInfo->UnauthenticatedAttributes))
+ {
+ uint32_t iItem = pSignerInfo->UnauthenticatedAttributes.cItems;
+ while (iItem-- > 0)
+ {
+ PRTCRPKCS7ATTRIBUTE pAttr = pSignerInfo->UnauthenticatedAttributes.papItems[iItem];
+ if (pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_COUNTER_SIGNATURES) /* ASSUMES all counter sigs are timstamps */
+ {
+ if (cVerbosity > 1)
+ RTMsgInfo("Removing counter signature in attribute #%u\n", iItem);
+ rc = RTCrPkcs7Attributes_Erase(&pSignerInfo->UnauthenticatedAttributes, iItem);
+ if (RT_FAILURE(rc))
+ rcExit = RTMsgErrorExitFailure("RTCrPkcs7Attributes_Erase failed on #%u: %Rrc", iItem, rc);
+ }
+ }
+ }
+
+ /*
+ * Add the new one.
+ */
+ if (rcExit == RTEXITCODE_SUCCESS)
+ rcExit = SignToolPkcs7_AppendCounterSignature(pSignerInfo, pTsSignedData->SignerInfos.papItems[0], cVerbosity);
+
+ /*
+ * Make sure the signing certificate is included.
+ */
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ rcExit = SignToolPkcs7_AppendCertificate(pSignedData, pTimestampOpts->getRealCertificate());
+
+ PCRTCRCERTCTX pInterCaCtx = NULL;
+ while ((pInterCaCtx = pTimestampOpts->findNextIntermediateCert(pInterCaCtx)) != NULL)
+ if (rcExit == RTEXITCODE_SUCCESS)
+ rcExit = SignToolPkcs7_AppendCertificate(pSignedData, pInterCaCtx->pCert);
+ }
+
+ /*
+ * Clean up.
+ */
+ RTCrPkcs7ContentInfo_Delete(&TsContentInfo);
+ RTMemFree(pvSigned);
+ }
+ }
+ RTCrPkcs7Attributes_Delete(&AuthAttribs);
+ return rcExit;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AddTimestampSignature(SIGNTOOLPKCS7EXE *pThis, unsigned cVerbosity, unsigned iSignature,
+ bool fReplaceExisting, RTTIMESPEC SigningTime,
+ SignToolTimestampOpts *pTimestampOpts)
+{
+ /*
+ * Locate the signature specified by iSignature and add a timestamp to it.
+ */
+ PRTCRPKCS7SIGNEDDATA pSignedData = NULL;
+ PRTCRPKCS7SIGNERINFO pSignerInfo = SignToolPkcs7_FindNestedSignatureByIndex(pThis, iSignature, &pSignedData);
+ if (!pSignerInfo)
+ return RTMsgErrorExitFailure("No signature #%u in %s", iSignature, pThis->pszFilename);
+
+ return SignToolPkcs7_AddTimestampSignatureEx(pSignerInfo, pSignedData, cVerbosity, fReplaceExisting,
+ SigningTime, pTimestampOpts);
+}
+
+
+typedef enum SIGNDATATWEAK
+{
+ kSignDataTweak_NoTweak = 1,
+ kSignDataTweak_RootIsParent
+} SIGNDATATWEAK;
+
+static RTEXITCODE SignToolPkcs7_SignData(SIGNTOOLPKCS7 *pThis, PRTASN1CORE pToSignRoot, SIGNDATATWEAK enmTweak,
+ const char *pszContentTypeId, unsigned cVerbosity, uint32_t fExtraFlags,
+ RTDIGESTTYPE enmSigType, bool fReplaceExisting, bool fNoSigningTime,
+ SignToolKeyPair *pSigningCertKey, RTCRSTORE hAddCerts,
+ RTTIMESPEC SigningTime, size_t cTimestampOpts, SignToolTimestampOpts *paTimestampOpts)
+{
+ /*
+ * Encode it.
+ */
+ RTERRINFOSTATIC ErrInfo;
+ uint32_t cbEncoded = 0;
+ int rc = RTAsn1EncodePrepare(pToSignRoot, RTASN1ENCODE_F_DER, &cbEncoded, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1EncodePrepare failed: %Rrc%RTeim", rc, &ErrInfo.Core);
+
+ if (cVerbosity >= 4)
+ RTAsn1Dump(pToSignRoot, 0, 0, RTStrmDumpPrintfV, g_pStdOut);
+
+ uint8_t *pbEncoded = (uint8_t *)RTMemTmpAllocZ(cbEncoded );
+ if (!pbEncoded)
+ return RTMsgErrorExitFailure("Failed to allocate %#z bytes for encoding data we're signing (%s)",
+ cbEncoded, pszContentTypeId);
+
+ RTEXITCODE rcExit = RTEXITCODE_FAILURE;
+ rc = RTAsn1EncodeToBuffer(pToSignRoot, RTASN1ENCODE_F_DER, pbEncoded, cbEncoded, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ size_t const cbToSign = cbEncoded - (enmTweak == kSignDataTweak_RootIsParent ? pToSignRoot->cbHdr : 0);
+ void const *pvToSign = pbEncoded + (enmTweak == kSignDataTweak_RootIsParent ? pToSignRoot->cbHdr : 0);
+
+ /*
+ * Create additional authenticated attributes.
+ */
+ RTCRPKCS7ATTRIBUTES AuthAttribs;
+ rc = RTCrPkcs7Attributes_Init(&AuthAttribs, &g_RTAsn1DefaultAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ rcExit = SignToolPkcs7_AddAuthAttribsForImageOrCatSignature(&AuthAttribs, SigningTime, fNoSigningTime,
+ pszContentTypeId);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ /*
+ * Ditch the old signature if so desired.
+ * (It is okay to do this in the CAT case too, as we've already
+ * encoded the data and won't touch pToSignRoot any more.)
+ */
+ pToSignRoot = NULL; /* (may become invalid if replacing) */
+ if (fReplaceExisting && pThis->pSignedData)
+ {
+ RTCrPkcs7ContentInfo_Delete(&pThis->ContentInfo);
+ pThis->pSignedData = NULL;
+ RTMemFree(pThis->pbBuf);
+ pThis->pbBuf = NULL;
+ pThis->cbBuf = 0;
+ }
+
+ /*
+ * Do the actual signing.
+ */
+ SIGNTOOLPKCS7 Src = { RTSIGNTOOLFILETYPE_DETECT, NULL, 0, NULL };
+ PSIGNTOOLPKCS7 pSigDst = !pThis->pSignedData ? pThis : &Src;
+ rcExit = SignToolPkcs7_Pkcs7SignStuff("image", pvToSign, cbToSign, &AuthAttribs, hAddCerts,
+ fExtraFlags | RTCRPKCS7SIGN_SD_F_NO_DATA_ENCAP, enmSigType /** @todo ?? */,
+ pSigningCertKey, cVerbosity,
+ (void **)&pSigDst->pbBuf, &pSigDst->cbBuf,
+ &pSigDst->ContentInfo, &pSigDst->pSignedData);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ /*
+ * Add the requested timestamp signatures if requested.
+ */
+ for (size_t i = 0; rcExit == RTEXITCODE_SUCCESS &&i < cTimestampOpts; i++)
+ if (paTimestampOpts[i].isComplete())
+ rcExit = SignToolPkcs7_AddTimestampSignatureEx(pSigDst->pSignedData->SignerInfos.papItems[0],
+ pSigDst->pSignedData,
+ cVerbosity, false /*fReplaceExisting*/,
+ SigningTime, &paTimestampOpts[i]);
+
+ /*
+ * Append the signature to the existing one, if that's what we're doing.
+ */
+ if (rcExit == RTEXITCODE_SUCCESS && pSigDst == &Src)
+ rcExit = SignToolPkcs7_AddNestedSignature(pThis, &Src, cVerbosity, true /*fPrepend*/); /** @todo prepend/append option */
+
+ /* cleanup */
+ if (pSigDst == &Src)
+ SignToolPkcs7_Delete(&Src);
+ }
+
+ }
+ RTCrPkcs7Attributes_Delete(&AuthAttribs);
+ }
+ else
+ RTMsgError("RTCrPkcs7SetOfAttributes_Init failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTAsn1EncodeToBuffer failed: %Rrc", rc);
+ RTMemTmpFree(pbEncoded);
+ return rcExit;
+}
+
+
+static RTEXITCODE SignToolPkcs7_SpcCompleteWithoutPageHashes(RTCRSPCINDIRECTDATACONTENT *pSpcIndData)
+{
+ PCRTASN1ALLOCATORVTABLE const pAllocator = &g_RTAsn1DefaultAllocator;
+ PRTCRSPCPEIMAGEDATA const pPeImage = pSpcIndData->Data.uValue.pPeImage;
+ Assert(pPeImage);
+
+ /*
+ * Set it to File with an empty name.
+ * RTCRSPCPEIMAGEDATA::Flags -vv
+ * RTCRSPCPEIMAGEDATA::SeqCore -vv T0 -vv vv- pT2/CtxTag2
+ * 0040: 04 01 82 37 02 01 0f 30-09 03 01 00 a0 04 a2 02 ...7...0........
+ * 0050: 80 00 30 21 30 09 06 05-2b 0e 03 02 1a 05 00 04 ..0!0...+.......
+ * ^^- pUcs2 / empty string
+ */
+
+ /* Create an empty BMP string. */
+ RTASN1STRING EmptyStr;
+ int rc = RTAsn1BmpString_Init(&EmptyStr, pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1BmpString_Init/Ucs2 failed: %Rrc", rc);
+
+ /* Create an SPC string and use the above empty string with the Ucs2 setter. */
+ RTEXITCODE rcExit = RTEXITCODE_FAILURE;
+ RTCRSPCSTRING SpcString;
+ rc = RTCrSpcString_Init(&SpcString, pAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTCrSpcString_SetUcs2(&SpcString, &EmptyStr, pAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ /* Create a temporary SpcLink with the empty SpcString. */
+ RTCRSPCLINK SpcLink;
+ rc = RTCrSpcLink_Init(&SpcLink, pAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ /* Use the setter on the SpcLink object to copy the SpcString to it. */
+ rc = RTCrSpcLink_SetFile(&SpcLink, &SpcString, pAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ /* Use the setter to copy SpcLink to the PeImage structure. */
+ rc = RTCrSpcPeImageData_SetFile(pPeImage, &SpcLink, pAllocator);
+ if (RT_SUCCESS(rc))
+ rcExit = RTEXITCODE_SUCCESS;
+ else
+ RTMsgError("RTCrSpcPeImageData_SetFile failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTCrSpcLink_SetFile failed: %Rrc", rc);
+ RTCrSpcLink_Delete(&SpcLink);
+ }
+ else
+ RTMsgError("RTCrSpcLink_Init failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTCrSpcString_SetUcs2 failed: %Rrc", rc);
+ RTCrSpcString_Delete(&SpcString);
+ }
+ else
+ RTMsgError("RTCrSpcString_Init failed: %Rrc", rc);
+ RTAsn1BmpString_Delete(&EmptyStr);
+ return rcExit;
+}
+
+
+static RTEXITCODE SignToolPkcs7_SpcAddImagePageHashes(SIGNTOOLPKCS7EXE *pThis, RTCRSPCINDIRECTDATACONTENT *pSpcIndData,
+ RTDIGESTTYPE enmSigType)
+{
+ PCRTASN1ALLOCATORVTABLE const pAllocator = &g_RTAsn1DefaultAllocator;
+ PRTCRSPCPEIMAGEDATA const pPeImage = pSpcIndData->Data.uValue.pPeImage;
+ Assert(pPeImage);
+
+ /*
+ * The hashes are stored in the 'Moniker' attribute.
+ */
+ /* Create a temporary SpcLink with a default moniker. */
+ RTCRSPCLINK SpcLink;
+ int rc = RTCrSpcLink_Init(&SpcLink, pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrSpcLink_Init failed: %Rrc", rc);
+ rc = RTCrSpcLink_SetMoniker(&SpcLink, NULL, pAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ /* Use the setter to copy SpcLink to the PeImage structure. */
+ rc = RTCrSpcPeImageData_SetFile(pPeImage, &SpcLink, pAllocator);
+ if (RT_FAILURE(rc))
+ RTMsgError("RTCrSpcLink_SetFile failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTCrSpcLink_SetMoniker failed: %Rrc", rc);
+ RTCrSpcLink_Delete(&SpcLink);
+ if (RT_FAILURE(rc))
+ return RTEXITCODE_FAILURE;
+
+ /*
+ * Now go to work on the moniker. It doesn't have any autogenerated
+ * setters, so we must do stuff manually.
+ */
+ PRTCRSPCSERIALIZEDOBJECT pMoniker = pPeImage->T0.File.u.pMoniker;
+ RTUUID Uuid;
+ rc = RTUuidFromStr(&Uuid, RTCRSPCSERIALIZEDOBJECT_UUID_STR);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTUuidFromStr failed: %Rrc", rc);
+
+ rc = RTAsn1OctetString_AllocContent(&pMoniker->Uuid, &Uuid, sizeof(Uuid), pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1String_InitWithValue/UUID failed: %Rrc", rc);
+
+ /* Create a new set of attributes and associate this with the SerializedData member. */
+ PRTCRSPCSERIALIZEDOBJECTATTRIBUTES pSpcAttribs;
+ rc = RTAsn1MemAllocZ(&pMoniker->SerializedData.EncapsulatedAllocation,
+ (void **)&pSpcAttribs, sizeof(*pSpcAttribs));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1MemAllocZ/pSpcAttribs failed: %Rrc", rc);
+ pMoniker->SerializedData.pEncapsulated = RTCrSpcSerializedObjectAttributes_GetAsn1Core(pSpcAttribs);
+ pMoniker->enmType = RTCRSPCSERIALIZEDOBJECTTYPE_ATTRIBUTES;
+ pMoniker->u.pData = pSpcAttribs;
+
+ rc = RTCrSpcSerializedObjectAttributes_Init(pSpcAttribs, pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrSpcSerializedObjectAttributes_Init failed: %Rrc", rc);
+
+ /*
+ * Add a single attribute to the set that we'll use for page hashes.
+ */
+ int32_t iPos = RTCrSpcSerializedObjectAttributes_Append(pSpcAttribs);
+ if (iPos < 0)
+ return RTMsgErrorExitFailure("RTCrSpcSerializedObjectAttributes_Append failed: %Rrc", iPos);
+ PRTCRSPCSERIALIZEDOBJECTATTRIBUTE pSpcObjAttr = pSpcAttribs->papItems[iPos];
+
+ if (enmSigType == RTDIGESTTYPE_SHA1)
+ rc = RTCrSpcSerializedObjectAttribute_SetV1Hashes(pSpcObjAttr, NULL, pAllocator);
+ else if (enmSigType == RTDIGESTTYPE_SHA256)
+ rc = RTCrSpcSerializedObjectAttribute_SetV2Hashes(pSpcObjAttr, NULL, pAllocator);
+ else
+ rc = VERR_CR_DIGEST_NOT_SUPPORTED;
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrSpcSerializedObjectAttribute_SetV1Hashes/SetV2Hashes failed: %Rrc", rc);
+ PRTCRSPCSERIALIZEDPAGEHASHES pSpcPageHashes = pSpcObjAttr->u.pPageHashes;
+ Assert(pSpcPageHashes);
+
+ /*
+ * Now ask the loader for the number of pages in the page hash table
+ * and calculate its size.
+ */
+ uint32_t cPages = 0;
+ rc = RTLdrQueryPropEx(pThis->hLdrMod, RTLDRPROP_HASHABLE_PAGES, NULL, &cPages, sizeof(cPages), NULL);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTLdrQueryPropEx/RTLDRPROP_HASHABLE_PAGES failed: %Rrc", rc);
+
+ uint32_t const cbHash = RTCrDigestTypeToHashSize(enmSigType);
+ AssertReturn(cbHash > 0, RTMsgErrorExitFailure("Invalid value: enmSigType=%d", enmSigType));
+ uint32_t const cbTable = (sizeof(uint32_t) + cbHash) * cPages;
+
+ /*
+ * Allocate memory in the octect string.
+ */
+ rc = RTAsn1ContentAllocZ(&pSpcPageHashes->RawData.Asn1Core, cbTable, pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1ContentAllocZ failed to allocate %#x bytes for page hashes: %Rrc", cbTable, rc);
+ pSpcPageHashes->pData = (PCRTCRSPCPEIMAGEPAGEHASHES)pSpcPageHashes->RawData.Asn1Core.uData.pu8;
+
+ RTLDRPROP enmLdrProp;
+ switch (enmSigType)
+ {
+ case RTDIGESTTYPE_SHA1: enmLdrProp = RTLDRPROP_SHA1_PAGE_HASHES; break;
+ case RTDIGESTTYPE_SHA256: enmLdrProp = RTLDRPROP_SHA256_PAGE_HASHES; break;
+ default: AssertFailedReturn(RTMsgErrorExitFailure("Invalid value: enmSigType=%d", enmSigType));
+
+ }
+ rc = RTLdrQueryPropEx(pThis->hLdrMod, enmLdrProp, NULL, (void *)pSpcPageHashes->RawData.Asn1Core.uData.pv, cbTable, NULL);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTLdrQueryPropEx/RTLDRPROP_SHA?_PAGE_HASHES/%#x failed: %Rrc", cbTable, rc);
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE SignToolPkcs7_SpcAddImageHash(SIGNTOOLPKCS7EXE *pThis, RTCRSPCINDIRECTDATACONTENT *pSpcIndData,
+ RTDIGESTTYPE enmSigType)
+{
+ uint32_t const cbHash = RTCrDigestTypeToHashSize(enmSigType);
+ const char * const pszAlgId = RTCrDigestTypeToAlgorithmOid(enmSigType);
+
+ /*
+ * Ask the loader for the hash.
+ */
+ uint8_t abHash[RTSHA512_HASH_SIZE];
+ int rc = RTLdrHashImage(pThis->hLdrMod, enmSigType, abHash, sizeof(abHash));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTLdrHashImage/%s failed: %Rrc", RTCrDigestTypeToName(enmSigType), rc);
+
+ /*
+ * Set it.
+ */
+ /** @todo no setter, this should be okay, though... */
+ rc = RTAsn1ObjId_InitFromString(&pSpcIndData->DigestInfo.DigestAlgorithm.Algorithm, pszAlgId, &g_RTAsn1DefaultAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1ObjId_InitFromString/%s failed: %Rrc", pszAlgId, rc);
+ RTAsn1DynType_SetToNull(&pSpcIndData->DigestInfo.DigestAlgorithm.Parameters); /* ASSUMES RSA or similar */
+
+ rc = RTAsn1ContentDup(&pSpcIndData->DigestInfo.Digest.Asn1Core, abHash, cbHash, &g_RTAsn1DefaultAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTAsn1ContentDup/%#x failed: %Rrc", cbHash, rc);
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AddOrReplaceSignature(SIGNTOOLPKCS7EXE *pThis, unsigned cVerbosity, RTDIGESTTYPE enmSigType,
+ bool fReplaceExisting, bool fHashPages, bool fNoSigningTime,
+ SignToolKeyPair *pSigningCertKey, RTCRSTORE hAddCerts,
+ RTTIMESPEC SigningTime,
+ size_t cTimestampOpts, SignToolTimestampOpts *paTimestampOpts)
+{
+ /*
+ * We must construct the data to be packed into the PKCS#7 signature
+ * and signed.
+ */
+ PCRTASN1ALLOCATORVTABLE const pAllocator = &g_RTAsn1DefaultAllocator;
+ RTCRSPCINDIRECTDATACONTENT SpcIndData;
+ int rc = RTCrSpcIndirectDataContent_Init(&SpcIndData, pAllocator);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrSpcIndirectDataContent_Init failed: %Rrc", rc);
+
+ /* Set the data to PE image. */
+ /** @todo Generalize the Type + enmType DYN stuff and generate setters. */
+ Assert(SpcIndData.Data.enmType == RTCRSPCAAOVTYPE_NOT_PRESENT);
+ Assert(SpcIndData.Data.uValue.pPeImage == NULL);
+ RTEXITCODE rcExit;
+ rc = RTAsn1ObjId_SetFromString(&SpcIndData.Data.Type, RTCRSPCPEIMAGEDATA_OID, pAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ SpcIndData.Data.enmType = RTCRSPCAAOVTYPE_PE_IMAGE_DATA;
+ rc = RTAsn1MemAllocZ(&SpcIndData.Data.Allocation, (void **)&SpcIndData.Data.uValue.pPeImage,
+ sizeof(*SpcIndData.Data.uValue.pPeImage));
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTCrSpcPeImageData_Init(SpcIndData.Data.uValue.pPeImage, pAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ /* Old (SHA1) signatures has a Flags member, it's zero bits, though. */
+ if (enmSigType == RTDIGESTTYPE_SHA1)
+ {
+ uint8_t bFlags = 0;
+ RTASN1BITSTRING Flags;
+ rc = RTAsn1BitString_InitWithData(&Flags, &bFlags, 0, pAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTCrSpcPeImageData_SetFlags(SpcIndData.Data.uValue.pPeImage, &Flags, pAllocator);
+ RTAsn1BitString_Delete(&Flags);
+ if (RT_FAILURE(rc))
+ rcExit = RTMsgErrorExitFailure("RTCrSpcPeImageData_SetFlags failed: %Rrc", rc);
+ }
+ else
+ rcExit = RTMsgErrorExitFailure("RTAsn1BitString_InitWithData failed: %Rrc", rc);
+ }
+
+ /*
+ * Add the hashes.
+ */
+ rcExit = SignToolPkcs7_SpcAddImageHash(pThis, &SpcIndData, enmSigType);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ if (fHashPages)
+ rcExit = SignToolPkcs7_SpcAddImagePageHashes(pThis, &SpcIndData, enmSigType);
+ else
+ rcExit = SignToolPkcs7_SpcCompleteWithoutPageHashes(&SpcIndData);
+
+ /*
+ * Encode and sign the SPC data, timestamp it, and line it up for adding to the executable.
+ */
+ if (rcExit == RTEXITCODE_SUCCESS)
+ rcExit = SignToolPkcs7_SignData(pThis, RTCrSpcIndirectDataContent_GetAsn1Core(&SpcIndData),
+ kSignDataTweak_NoTweak, RTCRSPCINDIRECTDATACONTENT_OID, cVerbosity, 0,
+ enmSigType, fReplaceExisting, fNoSigningTime, pSigningCertKey, hAddCerts,
+ SigningTime, cTimestampOpts, paTimestampOpts);
+ }
+ }
+ else
+ rcExit = RTMsgErrorExitFailure("RTCrPkcs7SignerInfos_Init failed: %Rrc", rc);
+ }
+ else
+ rcExit = RTMsgErrorExitFailure("RTAsn1MemAllocZ failed for RTCRSPCPEIMAGEDATA: %Rrc", rc);
+ }
+ else
+ rcExit = RTMsgErrorExitFailure("RTAsn1ObjId_SetWithString/SpcPeImageData failed: %Rrc", rc);
+
+ RTCrSpcIndirectDataContent_Delete(&SpcIndData);
+ return rcExit;
+}
+
+
+static RTEXITCODE SignToolPkcs7_AddOrReplaceCatSignature(SIGNTOOLPKCS7 *pThis, unsigned cVerbosity, RTDIGESTTYPE enmSigType,
+ bool fReplaceExisting, bool fNoSigningTime,
+ SignToolKeyPair *pSigningCertKey, RTCRSTORE hAddCerts,
+ RTTIMESPEC SigningTime,
+ size_t cTimestampOpts, SignToolTimestampOpts *paTimestampOpts)
+{
+ AssertReturn(pThis->pSignedData, RTMsgErrorExitFailure("pSignedData is NULL!"));
+
+ /*
+ * Figure out what to sign first.
+ */
+ uint32_t fExtraFlags = 0;
+ PRTASN1CORE pToSign = &pThis->pSignedData->ContentInfo.Content.Asn1Core;
+ const char *pszType = pThis->pSignedData->ContentInfo.ContentType.szObjId;
+
+ if (!fReplaceExisting && pThis->pSignedData->SignerInfos.cItems == 0)
+ fReplaceExisting = true;
+ if (!fReplaceExisting)
+ {
+ pszType = RTCR_PKCS7_DATA_OID;
+ fExtraFlags |= RTCRPKCS7SIGN_SD_F_DEATCHED;
+ }
+
+ /*
+ * Do the signing.
+ */
+ RTEXITCODE rcExit = SignToolPkcs7_SignData(pThis, pToSign, kSignDataTweak_RootIsParent,
+ pszType, cVerbosity, fExtraFlags, enmSigType, fReplaceExisting,
+ fNoSigningTime, pSigningCertKey, hAddCerts,
+ SigningTime, cTimestampOpts, paTimestampOpts);
+
+ /* probably need to clean up stuff related to nested signatures here later... */
+ return rcExit;
+}
+
+#endif /* !IPRT_SIGNTOOL_NO_SIGNING */
+
+
+/*********************************************************************************************************************************
+* Option handlers shared by 'sign-exe', 'sign-cat', 'add-timestamp-exe-signature' and others. *
+*********************************************************************************************************************************/
+#ifndef IPRT_SIGNTOOL_NO_SIGNING
+
+static RTEXITCODE HandleOptAddCert(PRTCRSTORE phStore, const char *pszFile)
+{
+ if (*phStore == NIL_RTCRSTORE)
+ {
+ int rc = RTCrStoreCreateInMem(phStore, 2);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrStoreCreateInMem(,2) failed: %Rrc", rc);
+ }
+ RTERRINFOSTATIC ErrInfo;
+ int rc = RTCrStoreCertAddFromFile(*phStore, RTCRCERTCTX_F_ADD_IF_NOT_FOUND, pszFile, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("Error reading certificate from '%s': %Rrc%#RTeim", pszFile, rc, &ErrInfo.Core);
+ return RTEXITCODE_SUCCESS;
+}
+
+static RTEXITCODE HandleOptSignatureType(RTDIGESTTYPE *penmSigType, const char *pszType)
+{
+ if ( RTStrICmpAscii(pszType, "sha1") == 0
+ || RTStrICmpAscii(pszType, "sha-1") == 0)
+ *penmSigType = RTDIGESTTYPE_SHA1;
+ else if ( RTStrICmpAscii(pszType, "sha256") == 0
+ || RTStrICmpAscii(pszType, "sha-256") == 0)
+ *penmSigType = RTDIGESTTYPE_SHA256;
+ else
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Unknown signature type: %s (expected sha1 or sha256)", pszType);
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE HandleOptTimestampType(SignToolTimestampOpts *pTimestampOpts, const char *pszType)
+{
+ if (strcmp(pszType, "old") == 0)
+ pTimestampOpts->m_enmType = kTimestampType_Old;
+ else if (strcmp(pszType, "new") == 0)
+ pTimestampOpts->m_enmType = kTimestampType_New;
+ else
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Unknown timestamp type: %s", pszType);
+ return RTEXITCODE_SUCCESS;
+}
+
+static RTEXITCODE HandleOptTimestampOverride(PRTTIMESPEC pSigningTime, const char *pszPartialTs)
+{
+ /*
+ * First try use it as-is.
+ */
+ if (RTTimeSpecFromString(pSigningTime, pszPartialTs) != NULL)
+ return RTEXITCODE_SUCCESS;
+
+ /* Check the input against a pattern, making sure we've got something that
+ makes sense before trying to merge. */
+ size_t const cchPartialTs = strlen(pszPartialTs);
+ static char s_szPattern[] = "0000-00-00T00:00:";
+ if (cchPartialTs > sizeof(s_szPattern) - 1) /* It is not a partial timestamp if we've got the seconds component. */
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Invalid timestamp: %s", pszPartialTs);
+
+ for (size_t off = 0; off < cchPartialTs; off++)
+ switch (s_szPattern[off])
+ {
+ case '0':
+ if (!RT_C_IS_DIGIT(pszPartialTs[off]))
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Invalid timestamp, expected digit at position %u: %s",
+ off + 1, pszPartialTs);
+ break;
+ case '-':
+ case ':':
+ if (pszPartialTs[off] != s_szPattern[off])
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Invalid timestamp, expected '%c' at position %u: %s",
+ s_szPattern[off], off + 1, pszPartialTs);
+ break;
+ case 'T':
+ if ( pszPartialTs[off] != 'T'
+ && pszPartialTs[off] != 't'
+ && pszPartialTs[off] != ' ')
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Invalid timestamp, expected 'T' or space at position %u: %s",
+ off + 1, pszPartialTs);
+ break;
+ default:
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Internal error");
+ }
+
+ if (RT_C_IS_DIGIT(s_szPattern[cchPartialTs]) && RT_C_IS_DIGIT(s_szPattern[cchPartialTs - 1]))
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Incomplete timstamp component: %s", pszPartialTs);
+
+ /*
+ * Take the current time and merge in the components from pszPartialTs.
+ */
+ char szSigningTime[RTTIME_STR_LEN];
+ RTTIMESPEC Now;
+ RTTimeSpecToString(RTTimeNow(&Now), szSigningTime, sizeof(szSigningTime));
+ memcpy(szSigningTime, pszPartialTs, cchPartialTs);
+ szSigningTime[4+1+2+1+2] = 'T';
+
+ /* Fix 29th for non-leap override: */
+ if (memcmp(&szSigningTime[5], RT_STR_TUPLE("02-29")) == 0)
+ {
+ if (!RTTimeIsLeapYear(RTStrToUInt32(szSigningTime)))
+ szSigningTime[9] = '8';
+ }
+ if (RTTimeSpecFromString(pSigningTime, szSigningTime) == NULL)
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Invalid timestamp: %s (%s)", pszPartialTs, szSigningTime);
+
+ return RTEXITCODE_SUCCESS;
+}
+
+static RTEXITCODE HandleOptFileType(RTSIGNTOOLFILETYPE *penmFileType, const char *pszType)
+{
+ if (strcmp(pszType, "detect") == 0 || strcmp(pszType, "auto") == 0)
+ *penmFileType = RTSIGNTOOLFILETYPE_DETECT;
+ else if (strcmp(pszType, "exe") == 0)
+ *penmFileType = RTSIGNTOOLFILETYPE_EXE;
+ else if (strcmp(pszType, "cat") == 0)
+ *penmFileType = RTSIGNTOOLFILETYPE_CAT;
+ else
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Unknown forced file type: %s", pszType);
+ return RTEXITCODE_SUCCESS;
+}
+
+#endif /* !IPRT_SIGNTOOL_NO_SIGNING */
+
+/**
+ * Detects the type of files @a pszFile is (by reading from it).
+ *
+ * @returns The file type, or RTSIGNTOOLFILETYPE_UNKNOWN (error displayed).
+ * @param enmForceFileType Usually set to RTSIGNTOOLFILETYPE_DETECT, but if
+ * not we'll return this without probing the file.
+ * @param pszFile The name of the file to detect the type of.
+ */
+static RTSIGNTOOLFILETYPE DetectFileType(RTSIGNTOOLFILETYPE enmForceFileType, const char *pszFile)
+{
+ /*
+ * Forced?
+ */
+ if (enmForceFileType != RTSIGNTOOLFILETYPE_DETECT)
+ return enmForceFileType;
+
+ /*
+ * Read the start of the file.
+ */
+ RTFILE hFile = NIL_RTFILE;
+ int rc = RTFileOpen(&hFile, pszFile, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
+ if (RT_FAILURE(rc))
+ {
+ RTMsgError("Error opening '%s' for reading: %Rrc", pszFile, rc);
+ return RTSIGNTOOLFILETYPE_UNKNOWN;
+ }
+
+ union
+ {
+ uint8_t ab[256];
+ uint16_t au16[256/2];
+ uint32_t au32[256/4];
+ } uBuf;
+ RT_ZERO(uBuf);
+
+ size_t cbRead = 0;
+ rc = RTFileRead(hFile, &uBuf, sizeof(uBuf), &cbRead);
+ if (RT_FAILURE(rc))
+ RTMsgError("Error reading from '%s': %Rrc", pszFile, rc);
+
+ uint64_t cbFile;
+ int rcSize = RTFileQuerySize(hFile, &cbFile);
+ if (RT_FAILURE(rcSize))
+ RTMsgError("Error querying size of '%s': %Rrc", pszFile, rc);
+
+ RTFileClose(hFile);
+ if (RT_FAILURE(rc) || RT_FAILURE(rcSize))
+ return RTSIGNTOOLFILETYPE_UNKNOWN;
+
+ /*
+ * Try guess the kind of file.
+ */
+ /* All the executable magics we know: */
+ if ( uBuf.au16[0] == RT_H2LE_U16_C(IMAGE_DOS_SIGNATURE)
+ || uBuf.au16[0] == RT_H2LE_U16_C(IMAGE_NE_SIGNATURE)
+ || uBuf.au16[0] == RT_H2LE_U16_C(IMAGE_LX_SIGNATURE)
+ || uBuf.au16[0] == RT_H2LE_U16_C(IMAGE_LE_SIGNATURE)
+ || uBuf.au32[0] == RT_H2LE_U32_C(IMAGE_NT_SIGNATURE)
+ || uBuf.au32[0] == RT_H2LE_U32_C(IMAGE_ELF_SIGNATURE)
+ || uBuf.au32[0] == IMAGE_FAT_SIGNATURE
+ || uBuf.au32[0] == IMAGE_FAT_SIGNATURE_OE
+ || uBuf.au32[0] == IMAGE_MACHO32_SIGNATURE
+ || uBuf.au32[0] == IMAGE_MACHO32_SIGNATURE_OE
+ || uBuf.au32[0] == IMAGE_MACHO64_SIGNATURE
+ || uBuf.au32[0] == IMAGE_MACHO64_SIGNATURE_OE)
+ return RTSIGNTOOLFILETYPE_EXE;
+
+ /*
+ * Catalog files are PKCS#7 SignedData and starts with a ContentInfo, i.e.:
+ * SEQUENCE {
+ * contentType OBJECT IDENTIFIER,
+ * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
+ * }
+ *
+ * We ASSUME that it's DER encoded and doesn't use an indefinite length form
+ * at the start and that contentType is signedData (1.2.840.113549.1.7.2).
+ *
+ * Example of a 10353 (0x2871) byte long file:
+ * vv-------- contentType -------vv
+ * 00000000 30 82 28 6D 06 09 2A 86 48 86 F7 0D 01 07 02 A0
+ * 00000010 82 28 5E 30 82 28 5A 02 01 01 31 0B 30 09 06 05
+ */
+ if ( uBuf.ab[0] == (ASN1_TAG_SEQUENCE | ASN1_TAGFLAG_CONSTRUCTED)
+ && uBuf.ab[1] != 0x80 /* not indefinite form */
+ && uBuf.ab[1] > 0x30)
+ {
+ size_t off = 1;
+ uint32_t cbRec = uBuf.ab[1];
+ if (cbRec & 0x80)
+ {
+ cbRec &= 0x7f;
+ off += cbRec;
+ switch (cbRec)
+ {
+ case 1: cbRec = uBuf.ab[2]; break;
+ case 2: cbRec = RT_MAKE_U16( uBuf.ab[3], uBuf.ab[2]); break;
+ case 3: cbRec = RT_MAKE_U32_FROM_U8(uBuf.ab[4], uBuf.ab[3], uBuf.ab[2], 0); break;
+ case 4: cbRec = RT_MAKE_U32_FROM_U8(uBuf.ab[5], uBuf.ab[4], uBuf.ab[3], uBuf.ab[2]); break;
+ default: cbRec = UINT32_MAX; break;
+ }
+ }
+ if (off <= 5)
+ {
+ off++;
+ if (off + cbRec == cbFile)
+ {
+ /* If the contentType is signedData we're going to treat it as a catalog file,
+ we don't currently much care about the signed content of a cat file. */
+ static const uint8_t s_abSignedDataOid[] =
+ { ASN1_TAG_OID, 9 /*length*/, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02 };
+ if (memcmp(&uBuf.ab[off], s_abSignedDataOid, sizeof(s_abSignedDataOid)) == 0)
+ return RTSIGNTOOLFILETYPE_CAT;
+ }
+ }
+ }
+
+ RTMsgError("Unable to detect type of '%s'", pszFile);
+ return RTSIGNTOOLFILETYPE_UNKNOWN;
+}
+
+
+/*********************************************************************************************************************************
+* The 'extract-exe-signer-cert' command. *
+*********************************************************************************************************************************/
+
+static RTEXITCODE HelpExtractExeSignerCert(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT,
+ "extract-exe-signer-cert [--ber|--cer|--der] [--signature-index|-i <num>] [--input|--exe|-e] <exe> [--output|-o] <outfile.cer>\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+static RTEXITCODE WriteCertToFile(PCRTCRX509CERTIFICATE pCert, const char *pszFilename, bool fForce)
+{
+ RTEXITCODE rcExit = RTEXITCODE_FAILURE;
+ RTFILE hFile;
+ int rc = RTFileOpen(&hFile, pszFilename,
+ RTFILE_O_WRITE | RTFILE_O_DENY_WRITE | (fForce ? RTFILE_O_CREATE_REPLACE : RTFILE_O_CREATE));
+ if (RT_SUCCESS(rc))
+ {
+ uint32_t cbCert = pCert->SeqCore.Asn1Core.cbHdr + pCert->SeqCore.Asn1Core.cb;
+ rc = RTFileWrite(hFile, pCert->SeqCore.Asn1Core.uData.pu8 - pCert->SeqCore.Asn1Core.cbHdr,
+ cbCert, NULL);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTFileClose(hFile);
+ if (RT_SUCCESS(rc))
+ {
+ hFile = NIL_RTFILE;
+ rcExit = RTEXITCODE_SUCCESS;
+ RTMsgInfo("Successfully wrote %u bytes to '%s'", cbCert, pszFilename);
+ }
+ else
+ RTMsgError("RTFileClose failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTFileWrite failed: %Rrc", rc);
+ RTFileClose(hFile);
+ }
+ else
+ RTMsgError("Error opening '%s' for writing: %Rrc", pszFilename, rc);
+ return rcExit;
+}
+
+
+static RTEXITCODE HandleExtractExeSignerCert(int cArgs, char **papszArgs)
+{
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--ber", 'b', RTGETOPT_REQ_NOTHING },
+ { "--cer", 'c', RTGETOPT_REQ_NOTHING },
+ { "--der", 'd', RTGETOPT_REQ_NOTHING },
+ { "--exe", 'e', RTGETOPT_REQ_STRING },
+ { "--input", 'e', RTGETOPT_REQ_STRING },
+ { "--output", 'o', RTGETOPT_REQ_STRING },
+ { "--signature-index", 'i', RTGETOPT_REQ_UINT32 },
+ { "--force", 'f', RTGETOPT_REQ_NOTHING },
+ };
+
+ const char *pszExe = NULL;
+ const char *pszOut = NULL;
+ RTLDRARCH enmLdrArch = RTLDRARCH_WHATEVER;
+ unsigned cVerbosity = 0;
+ uint32_t fCursorFlags = RTASN1CURSOR_FLAGS_DER;
+ uint32_t iSignature = 0;
+ bool fForce = false;
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (ch)
+ {
+ case 'e': pszExe = ValueUnion.psz; break;
+ case 'o': pszOut = ValueUnion.psz; break;
+ case 'b': fCursorFlags = 0; break;
+ case 'c': fCursorFlags = RTASN1CURSOR_FLAGS_CER; break;
+ case 'd': fCursorFlags = RTASN1CURSOR_FLAGS_DER; break;
+ case 'f': fForce = true; break;
+ case 'i': iSignature = ValueUnion.u32; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpExtractExeSignerCert(g_pStdOut, RTSIGNTOOLHELP_FULL);
+
+ case VINF_GETOPT_NOT_OPTION:
+ if (!pszExe)
+ pszExe = ValueUnion.psz;
+ else if (!pszOut)
+ pszOut = ValueUnion.psz;
+ else
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Too many file arguments: %s", ValueUnion.psz);
+ break;
+
+ default:
+ return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ }
+ if (!pszExe)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No executable given.");
+ if (!pszOut)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No output file given.");
+ if (!fForce && RTPathExists(pszOut))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "The output file '%s' exists.", pszOut);
+
+ /*
+ * Do it.
+ */
+ /* Read & decode the PKCS#7 signature. */
+ SIGNTOOLPKCS7EXE This;
+ RTEXITCODE rcExit = SignToolPkcs7Exe_InitFromFile(&This, pszExe, cVerbosity, enmLdrArch);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ /* Find the signing certificate (ASSUMING that the certificate used is shipped in the set of certificates). */
+ PRTCRPKCS7SIGNEDDATA pSignedData;
+ PCRTCRPKCS7SIGNERINFO pSignerInfo = SignToolPkcs7_FindNestedSignatureByIndex(&This, iSignature, &pSignedData);
+ rcExit = RTEXITCODE_FAILURE;
+ if (pSignerInfo)
+ {
+ PCRTCRPKCS7ISSUERANDSERIALNUMBER pISN = &pSignedData->SignerInfos.papItems[0]->IssuerAndSerialNumber;
+ PCRTCRX509CERTIFICATE pCert;
+ pCert = RTCrPkcs7SetOfCerts_FindX509ByIssuerAndSerialNumber(&pSignedData->Certificates,
+ &pISN->Name, &pISN->SerialNumber);
+ if (pCert)
+ {
+ /*
+ * Write it out.
+ */
+ rcExit = WriteCertToFile(pCert, pszOut, fForce);
+ }
+ else
+ RTMsgError("Certificate not found.");
+ }
+ else
+ RTMsgError("Could not locate signature #%u!", iSignature);
+
+ /* Delete the signature data. */
+ SignToolPkcs7Exe_Delete(&This);
+ }
+ return rcExit;
+}
+
+
+/*********************************************************************************************************************************
+* The 'extract-signer-root' & 'extract-timestamp-root' commands. *
+*********************************************************************************************************************************/
+class BaseExtractState
+{
+public:
+ const char *pszFile;
+ const char *pszOut;
+ RTLDRARCH enmLdrArch;
+ unsigned cVerbosity;
+ uint32_t iSignature;
+ bool fForce;
+ /** Timestamp or main signature. */
+ bool const fTimestamp;
+
+ BaseExtractState(bool a_fTimestamp)
+ : pszFile(NULL)
+ , pszOut(NULL)
+ , enmLdrArch(RTLDRARCH_WHATEVER)
+ , cVerbosity(0)
+ , iSignature(0)
+ , fForce(false)
+ , fTimestamp(a_fTimestamp)
+ {
+ }
+};
+
+class RootExtractState : public BaseExtractState
+{
+public:
+ CryptoStore RootStore;
+ CryptoStore AdditionalStore;
+
+ RootExtractState(bool a_fTimestamp)
+ : BaseExtractState(a_fTimestamp)
+ , RootStore()
+ , AdditionalStore()
+ { }
+
+ /**
+ * Creates the two stores, filling the root one with trusted CAs and
+ * certificates found on the system or in the user's account.
+ */
+ bool init(void)
+ {
+ int rc = RTCrStoreCreateInMem(&this->RootStore.m_hStore, 0);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTCrStoreCreateInMem(&this->AdditionalStore.m_hStore, 0);
+ if (RT_SUCCESS(rc))
+ return true;
+ }
+ RTMsgError("RTCrStoreCreateInMem failed: %Rrc", rc);
+ return false;
+ }
+};
+
+
+/**
+ * Locates the target signature and certificate collection.
+ */
+static PRTCRPKCS7SIGNERINFO BaseExtractFindSignerInfo(SIGNTOOLPKCS7 *pThis, BaseExtractState *pState,
+ PRTCRPKCS7SIGNEDDATA *ppSignedData, PCRTCRPKCS7SETOFCERTS *ppCerts)
+{
+ *ppSignedData = NULL;
+ *ppCerts = NULL;
+
+ /*
+ * Locate the target signature.
+ */
+ PRTCRPKCS7SIGNEDDATA pSignedData = NULL;
+ PRTCRPKCS7SIGNERINFO pSignerInfo = SignToolPkcs7_FindNestedSignatureByIndex(pThis, pState->iSignature, &pSignedData);
+ if (pSignerInfo)
+ {
+ /*
+ * If the target is the timestamp we have to locate the relevant
+ * timestamp signature and adjust the return values.
+ */
+ if (pState->fTimestamp)
+ {
+ for (uint32_t iItem = 0; iItem < pSignerInfo->UnauthenticatedAttributes.cItems; iItem++)
+ {
+ PCRTCRPKCS7ATTRIBUTE pAttr = pSignerInfo->UnauthenticatedAttributes.papItems[iItem];
+ if (pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_COUNTER_SIGNATURES)
+ {
+ /* ASSUME that all counter signatures are timestamping. */
+ if (pAttr->uValues.pCounterSignatures->cItems > 0)
+ {
+ *ppSignedData = pSignedData;
+ *ppCerts = &pSignedData->Certificates;
+ return pAttr->uValues.pCounterSignatures->papItems[0];
+ }
+ RTMsgWarning("Timestamp signature attribute is empty!");
+ }
+ else if (pAttr->enmType == RTCRPKCS7ATTRIBUTETYPE_MS_TIMESTAMP)
+ {
+ /* ASSUME that all valid timestamp signatures for now, pick the first. */
+ if (pAttr->uValues.pContentInfos->cItems > 0)
+ {
+ PCRTCRPKCS7CONTENTINFO pContentInfo = pAttr->uValues.pContentInfos->papItems[0];
+ if (RTAsn1ObjId_CompareWithString(&pContentInfo->ContentType, RTCR_PKCS7_SIGNED_DATA_OID) == 0)
+ {
+ pSignedData = pContentInfo->u.pSignedData;
+ if (RTAsn1ObjId_CompareWithString(&pSignedData->ContentInfo.ContentType, RTCRTSPTSTINFO_OID) == 0)
+ {
+ if (pSignedData->SignerInfos.cItems > 0)
+ {
+ *ppSignedData = pSignedData;
+ *ppCerts = &pSignedData->Certificates;
+ return pSignedData->SignerInfos.papItems[0];
+ }
+ RTMsgWarning("Timestamp signature has no signers!");
+ }
+ else
+ RTMsgWarning("Timestamp signature contains wrong content (%s)!",
+ pSignedData->ContentInfo.ContentType.szObjId);
+ }
+ else
+ RTMsgWarning("Timestamp signature is not SignedData but %s!", pContentInfo->ContentType.szObjId);
+ }
+ else
+ RTMsgWarning("Timestamp signature attribute is empty!");
+ }
+ }
+ RTMsgError("Cound not find a timestamp signature associated with signature #%u!", pState->iSignature);
+ pSignerInfo = NULL;
+ }
+ else
+ {
+ *ppSignedData = pSignedData;
+ *ppCerts = &pSignedData->Certificates;
+ }
+ }
+ else
+ RTMsgError("Could not locate signature #%u!", pState->iSignature);
+ return pSignerInfo;
+}
+
+
+/** @callback_method_impl{FNRTDUMPPRINTFV} */
+static DECLCALLBACK(void) DumpToStdOutPrintfV(void *pvUser, const char *pszFormat, va_list va)
+{
+ RT_NOREF(pvUser);
+ RTPrintfV(pszFormat, va);
+}
+
+
+static RTEXITCODE RootExtractWorker2(SIGNTOOLPKCS7 *pThis, RootExtractState *pState, PRTERRINFOSTATIC pStaticErrInfo)
+{
+ /*
+ * Locate the target signature.
+ */
+ PRTCRPKCS7SIGNEDDATA pSignedData;
+ PCRTCRPKCS7SETOFCERTS pCerts;
+ PCRTCRPKCS7SIGNERINFO pSignerInfo = BaseExtractFindSignerInfo(pThis,pState, &pSignedData, &pCerts);
+ if (!pSignerInfo)
+ return RTMsgErrorExitFailure("Could not locate signature #%u!", pState->iSignature);
+
+ /* The next bit is modelled on first half of rtCrPkcs7VerifySignerInfo. */
+
+ /*
+ * Locate the signing certificate.
+ */
+ PCRTCRCERTCTX pSignerCertCtx = RTCrStoreCertByIssuerAndSerialNo(pState->RootStore.m_hStore,
+ &pSignerInfo->IssuerAndSerialNumber.Name,
+ &pSignerInfo->IssuerAndSerialNumber.SerialNumber);
+ if (!pSignerCertCtx)
+ pSignerCertCtx = RTCrStoreCertByIssuerAndSerialNo(pState->AdditionalStore.m_hStore,
+ &pSignerInfo->IssuerAndSerialNumber.Name,
+ &pSignerInfo->IssuerAndSerialNumber.SerialNumber);
+
+ PCRTCRX509CERTIFICATE pSignerCert;
+ if (pSignerCertCtx)
+ pSignerCert = pSignerCertCtx->pCert;
+ else
+ {
+ pSignerCert = RTCrPkcs7SetOfCerts_FindX509ByIssuerAndSerialNumber(pCerts,
+ &pSignerInfo->IssuerAndSerialNumber.Name,
+ &pSignerInfo->IssuerAndSerialNumber.SerialNumber);
+ if (!pSignerCert)
+ return RTMsgErrorExitFailure("Certificate not found: serial=%.*Rhxs",
+ pSignerInfo->IssuerAndSerialNumber.SerialNumber.Asn1Core.cb,
+ pSignerInfo->IssuerAndSerialNumber.SerialNumber.Asn1Core.uData.pv);
+ }
+
+ /*
+ * Now we build paths so we can get to the root certificate.
+ */
+ RTCRX509CERTPATHS hCertPaths;
+ int rc = RTCrX509CertPathsCreate(&hCertPaths, pSignerCert);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExitFailure("RTCrX509CertPathsCreate failed: %Rrc", rc);
+
+ /* Configure: */
+ RTEXITCODE rcExit = RTEXITCODE_FAILURE;
+ rc = RTCrX509CertPathsSetTrustedStore(hCertPaths, pState->RootStore.m_hStore);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTCrX509CertPathsSetUntrustedStore(hCertPaths, pState->AdditionalStore.m_hStore);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTCrX509CertPathsSetUntrustedSet(hCertPaths, pCerts);
+ if (RT_SUCCESS(rc))
+ {
+ /* We don't technically need this, I think. */
+ rc = RTCrX509CertPathsSetTrustAnchorChecks(hCertPaths, true /*fEnable*/);
+ if (RT_SUCCESS(rc))
+ {
+ /* Build the paths: */
+ rc = RTCrX509CertPathsBuild(hCertPaths, RTErrInfoInitStatic(pStaticErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ uint32_t const cPaths = RTCrX509CertPathsGetPathCount(hCertPaths);
+
+ /* Validate the paths: */
+ uint32_t cValidPaths = 0;
+ rc = RTCrX509CertPathsValidateAll(hCertPaths, &cValidPaths, RTErrInfoInitStatic(pStaticErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ if (pState->cVerbosity > 0)
+ RTMsgInfo("%u of %u paths are valid", cValidPaths, cPaths);
+ if (pState->cVerbosity > 1)
+ RTCrX509CertPathsDumpAll(hCertPaths, pState->cVerbosity, DumpToStdOutPrintfV, NULL);
+
+ /*
+ * Now, pick the first valid path with a real certificate at the end.
+ */
+ for (uint32_t iPath = 0; iPath < cPaths; iPath++)
+ {
+ PCRTCRX509CERTIFICATE pRootCert = NULL;
+ PCRTCRX509NAME pSubject = NULL;
+ bool fTrusted = false;
+ int rcVerify = -1;
+ rc = RTCrX509CertPathsQueryPathInfo(hCertPaths, iPath, &fTrusted, NULL /*pcNodes*/,
+ &pSubject, NULL, &pRootCert, NULL /*ppCertCtx*/, &rcVerify);
+ if (RT_SUCCESS(rc))
+ {
+ if (fTrusted && RT_SUCCESS(rcVerify) && pRootCert)
+ {
+ /*
+ * Now copy out the certificate.
+ */
+ rcExit = WriteCertToFile(pRootCert, pState->pszOut, pState->fForce);
+ break;
+ }
+ }
+ else
+ {
+ RTMsgError("RTCrX509CertPathsQueryPathInfo failed: %Rrc", rc);
+ break;
+ }
+ }
+ }
+ else
+ {
+ RTMsgError("RTCrX509CertPathsValidateAll failed: %Rrc%#RTeim", rc, &pStaticErrInfo->Core);
+ RTCrX509CertPathsDumpAll(hCertPaths, pState->cVerbosity, DumpToStdOutPrintfV, NULL);
+ }
+ }
+ else
+ RTMsgError("RTCrX509CertPathsBuild failed: %Rrc%#RTeim", rc, &pStaticErrInfo->Core);
+ }
+ else
+ RTMsgError("RTCrX509CertPathsSetTrustAnchorChecks failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTCrX509CertPathsSetUntrustedSet failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTCrX509CertPathsSetUntrustedStore failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTCrX509CertPathsSetTrustedStore failed: %Rrc", rc);
+
+ uint32_t cRefs = RTCrX509CertPathsRelease(hCertPaths);
+ Assert(cRefs == 0); RT_NOREF(cRefs);
+
+ return rcExit;
+}
+
+
+static RTEXITCODE RootExtractWorker(RootExtractState *pState, PRTERRINFOSTATIC pStaticErrInfo)
+{
+ /*
+ * Check that all we need is there and whether the output file exists.
+ */
+ if (!pState->pszFile)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No executable given.");
+ if (!pState->pszOut)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No output file given.");
+ if (!pState->fForce && RTPathExists(pState->pszOut))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "The output file '%s' exists.", pState->pszOut);
+
+ /*
+ * Detect the type of file we're dealing with, do type specific setup and
+ * call common worker to do the rest.
+ */
+ RTEXITCODE rcExit;
+ RTSIGNTOOLFILETYPE enmFileType = DetectFileType(RTSIGNTOOLFILETYPE_DETECT, pState->pszFile);
+ if (enmFileType == RTSIGNTOOLFILETYPE_EXE)
+ {
+ SIGNTOOLPKCS7EXE Exe;
+ rcExit = SignToolPkcs7Exe_InitFromFile(&Exe, pState->pszFile, pState->cVerbosity, pState->enmLdrArch);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ rcExit = RootExtractWorker2(&Exe, pState, pStaticErrInfo);
+ SignToolPkcs7Exe_Delete(&Exe);
+ }
+ }
+ else if (enmFileType == RTSIGNTOOLFILETYPE_CAT)
+ {
+ SIGNTOOLPKCS7 Cat;
+ rcExit = SignToolPkcs7_InitFromFile(&Cat, pState->pszFile, pState->cVerbosity);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ rcExit = RootExtractWorker2(&Cat, pState, pStaticErrInfo);
+ SignToolPkcs7_Delete(&Cat);
+ }
+ }
+ else
+ rcExit = RTEXITCODE_FAILURE;
+ return rcExit;
+}
+
+
+static RTEXITCODE HelpExtractRootCommon(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel, bool fTimestamp)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT,
+ "extract-%s-root [-v|--verbose] [-q|--quiet] [--signature-index|-i <num>] [--root <root-cert.der>] "
+ "[--self-signed-roots-from-system] [--additional <supp-cert.der>] "
+ "[--input] <signed-file> [-f|--force] [--output|-o] <outfile.cer>\n",
+ fTimestamp ? "timestamp" : "signer");
+ if (enmLevel == RTSIGNTOOLHELP_FULL)
+ {
+ RTStrmWrappedPrintf(pStrm, 0,
+ "\n"
+ "Extracts the root certificate of the %sgiven "
+ "signature. If there are more than one valid certificate path, the first one with "
+ "a full certificate will be picked.\n",
+ fTimestamp ? "first timestamp associated with the " : "");
+ RTStrmWrappedPrintf(pStrm, 0,
+ "\n"
+ "Options:\n"
+ " -v, --verbose, -q, --quite\n"
+ " Controls the noise level. The '-v' options are accumlative while '-q' is absolute.\n"
+ " Default: -q\n"
+ " -i <num>, --signature-index <num>\n"
+ " Zero-based index of the signature to extract the root for.\n"
+ " Default: -i 0\n"
+ " -r <root-cert.file>, --root <root-cert.file>\n"
+ " Use the certificate(s) in the specified file as a trusted root(s). "
+ "The file format can be PEM or DER.\n"
+ " -R, --self-signed-roots-from-system\n"
+ " Use all self-signed trusted root certificates found in the system and associated with the "
+ "current user as trusted roots. This is limited to self-signed certificates, so that we get "
+ "a full chain even if a non-end-entity certificate is present in any of those system stores for "
+ "some reason.\n"
+ " -a <supp-cert.file>, --additional <supp-cert.file>\n"
+ " Use the certificate(s) in the specified file as a untrusted intermediate certificates. "
+ "The file format can be PEM or DER.\n"
+ " --input <signed-file>\n"
+ " Signed executable or security cabinet file to examine. The '--input' option bit is optional "
+ "and there to allow more flexible parameter ordering.\n"
+ " -f, --force\n"
+ " Overwrite existing output file. The default is not to overwriting any existing file.\n"
+ " -o <outfile.cer> --output <outfile.cer>\n"
+ " The name of the output file. Again the '-o|--output' bit is optional and only for flexibility.\n"
+ );
+ }
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE HandleExtractRootCommon(int cArgs, char **papszArgs, bool fTimestamp)
+{
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--root", 'r', RTGETOPT_REQ_STRING },
+ { "--self-signed-roots-from-system", 'R', RTGETOPT_REQ_NOTHING },
+ { "--additional", 'a', RTGETOPT_REQ_STRING },
+ { "--add", 'a', RTGETOPT_REQ_STRING },
+ { "--input", 'I', RTGETOPT_REQ_STRING },
+ { "--output", 'o', RTGETOPT_REQ_STRING },
+ { "--signature-index", 'i', RTGETOPT_REQ_UINT32 },
+ { "--force", 'f', RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--quiet", 'q', RTGETOPT_REQ_NOTHING },
+ };
+ RTERRINFOSTATIC StaticErrInfo;
+ RootExtractState State(fTimestamp);
+ if (!State.init())
+ return RTEXITCODE_FAILURE;
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (ch)
+ {
+ case 'a':
+ if (!State.AdditionalStore.addFromFile(ValueUnion.psz, &StaticErrInfo))
+ return RTEXITCODE_FAILURE;
+ break;
+
+ case 'r':
+ if (!State.RootStore.addFromFile(ValueUnion.psz, &StaticErrInfo))
+ return RTEXITCODE_FAILURE;
+ break;
+
+ case 'R':
+ if (!State.RootStore.addSelfSignedRootsFromSystem(&StaticErrInfo))
+ return RTEXITCODE_FAILURE;
+ break;
+
+ case 'I': State.pszFile = ValueUnion.psz; break;
+ case 'o': State.pszOut = ValueUnion.psz; break;
+ case 'f': State.fForce = true; break;
+ case 'i': State.iSignature = ValueUnion.u32; break;
+ case 'v': State.cVerbosity++; break;
+ case 'q': State.cVerbosity = 0; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpExtractRootCommon(g_pStdOut, RTSIGNTOOLHELP_FULL, fTimestamp);
+
+ case VINF_GETOPT_NOT_OPTION:
+ if (!State.pszFile)
+ State.pszFile = ValueUnion.psz;
+ else if (!State.pszOut)
+ State.pszOut = ValueUnion.psz;
+ else
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Too many file arguments: %s", ValueUnion.psz);
+ break;
+
+ default:
+ return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ }
+ return RootExtractWorker(&State, &StaticErrInfo);
+}
+
+
+static RTEXITCODE HelpExtractSignerRoot(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ return HelpExtractRootCommon(pStrm, enmLevel, false /*fTimestamp*/);
+}
+
+
+static RTEXITCODE HandleExtractSignerRoot(int cArgs, char **papszArgs)
+{
+ return HandleExtractRootCommon(cArgs, papszArgs, false /*fTimestamp*/ );
+}
+
+
+static RTEXITCODE HelpExtractTimestampRoot(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ return HelpExtractRootCommon(pStrm, enmLevel, true /*fTimestamp*/);
+}
+
+
+static RTEXITCODE HandleExtractTimestampRoot(int cArgs, char **papszArgs)
+{
+ return HandleExtractRootCommon(cArgs, papszArgs, true /*fTimestamp*/ );
+}
+
+
+/*********************************************************************************************************************************
+* The 'extract-exe-signature' command. *
+*********************************************************************************************************************************/
+
+static RTEXITCODE HelpExtractExeSignature(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT,
+ "extract-exe-signerature [--input|--exe|-e] <exe> [--output|-o] <outfile.pkcs7>\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+static RTEXITCODE HandleExtractExeSignature(int cArgs, char **papszArgs)
+{
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--exe", 'e', RTGETOPT_REQ_STRING },
+ { "--input", 'e', RTGETOPT_REQ_STRING },
+ { "--output", 'o', RTGETOPT_REQ_STRING },
+ { "--force", 'f', RTGETOPT_REQ_NOTHING },
+ };
+
+ const char *pszExe = NULL;
+ const char *pszOut = NULL;
+ RTLDRARCH enmLdrArch = RTLDRARCH_WHATEVER;
+ unsigned cVerbosity = 0;
+ bool fForce = false;
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (ch)
+ {
+ case 'e': pszExe = ValueUnion.psz; break;
+ case 'o': pszOut = ValueUnion.psz; break;
+ case 'f': fForce = true; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpExtractExeSignerCert(g_pStdOut, RTSIGNTOOLHELP_FULL);
+
+ case VINF_GETOPT_NOT_OPTION:
+ if (!pszExe)
+ pszExe = ValueUnion.psz;
+ else if (!pszOut)
+ pszOut = ValueUnion.psz;
+ else
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Too many file arguments: %s", ValueUnion.psz);
+ break;
+
+ default:
+ return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ }
+ if (!pszExe)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No executable given.");
+ if (!pszOut)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No output file given.");
+ if (!fForce && RTPathExists(pszOut))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "The output file '%s' exists.", pszOut);
+
+ /*
+ * Do it.
+ */
+ /* Read & decode the PKCS#7 signature. */
+ SIGNTOOLPKCS7EXE This;
+ RTEXITCODE rcExit = SignToolPkcs7Exe_InitFromFile(&This, pszExe, cVerbosity, enmLdrArch);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ /*
+ * Write out the PKCS#7 signature.
+ */
+ RTFILE hFile;
+ rc = RTFileOpen(&hFile, pszOut,
+ RTFILE_O_WRITE | RTFILE_O_DENY_WRITE | (fForce ? RTFILE_O_CREATE_REPLACE : RTFILE_O_CREATE));
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTFileWrite(hFile, This.pbBuf, This.cbBuf, NULL);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTFileClose(hFile);
+ if (RT_SUCCESS(rc))
+ {
+ hFile = NIL_RTFILE;
+ RTMsgInfo("Successfully wrote %u bytes to '%s'", This.cbBuf, pszOut);
+ rcExit = RTEXITCODE_SUCCESS;
+ }
+ else
+ RTMsgError("RTFileClose failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTFileWrite failed: %Rrc", rc);
+ RTFileClose(hFile);
+ }
+ else
+ RTMsgError("Error opening '%s' for writing: %Rrc", pszOut, rc);
+
+ /* Delete the signature data. */
+ SignToolPkcs7Exe_Delete(&This);
+ }
+ return rcExit;
+}
+
+
+/*********************************************************************************************************************************
+* The 'add-nested-exe-signature' command. *
+*********************************************************************************************************************************/
+
+static RTEXITCODE HelpAddNestedExeSignature(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT,
+ "add-nested-exe-signature [-v|--verbose] [-d|--debug] [-p|--prepend] <destination-exe> <source-exe>\n");
+ if (enmLevel == RTSIGNTOOLHELP_FULL)
+ RTStrmWrappedPrintf(pStrm, 0,
+ "\n"
+ "The --debug option allows the source-exe to be omitted in order to test the "
+ "encoding and PE file modification.\n"
+ "\n"
+ "The --prepend option puts the nested signature first rather than appending it "
+ "to the end of of the nested signature set. Windows reads nested signatures in "
+ "reverse order, so --prepend will logically putting it last.\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE HandleAddNestedExeSignature(int cArgs, char **papszArgs)
+{
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--prepend", 'p', RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--debug", 'd', RTGETOPT_REQ_NOTHING },
+ };
+
+ const char *pszDst = NULL;
+ const char *pszSrc = NULL;
+ unsigned cVerbosity = 0;
+ bool fDebug = false;
+ bool fPrepend = false;
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (ch)
+ {
+ case 'v': cVerbosity++; break;
+ case 'd': fDebug = pszSrc == NULL; break;
+ case 'p': fPrepend = true; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpAddNestedExeSignature(g_pStdOut, RTSIGNTOOLHELP_FULL);
+
+ case VINF_GETOPT_NOT_OPTION:
+ if (!pszDst)
+ pszDst = ValueUnion.psz;
+ else if (!pszSrc)
+ {
+ pszSrc = ValueUnion.psz;
+ fDebug = false;
+ }
+ else
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Too many file arguments: %s", ValueUnion.psz);
+ break;
+
+ default:
+ return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ }
+ if (!pszDst)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No destination executable given.");
+ if (!pszSrc && !fDebug)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No source executable file given.");
+
+ /*
+ * Do it.
+ */
+ /* Read & decode the source PKCS#7 signature. */
+ SIGNTOOLPKCS7EXE Src;
+ RTEXITCODE rcExit = pszSrc ? SignToolPkcs7Exe_InitFromFile(&Src, pszSrc, cVerbosity) : RTEXITCODE_SUCCESS;
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ /* Ditto for the destination PKCS#7 signature. */
+ SIGNTOOLPKCS7EXE Dst;
+ rcExit = SignToolPkcs7Exe_InitFromFile(&Dst, pszDst, cVerbosity);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ /* Do the signature manipulation. */
+ if (pszSrc)
+ rcExit = SignToolPkcs7_AddNestedSignature(&Dst, &Src, cVerbosity, fPrepend);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ rcExit = SignToolPkcs7_Encode(&Dst, cVerbosity);
+
+ /* Update the destination executable file. */
+ if (rcExit == RTEXITCODE_SUCCESS)
+ rcExit = SignToolPkcs7Exe_WriteSignatureToFile(&Dst, cVerbosity);
+
+ SignToolPkcs7Exe_Delete(&Dst);
+ }
+ if (pszSrc)
+ SignToolPkcs7Exe_Delete(&Src);
+ }
+
+ return rcExit;
+}
+
+
+/*********************************************************************************************************************************
+* The 'add-nested-cat-signature' command. *
+*********************************************************************************************************************************/
+
+static RTEXITCODE HelpAddNestedCatSignature(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT,
+ "add-nested-cat-signature [-v|--verbose] [-d|--debug] [-p|--prepend] <destination-cat> <source-cat>\n");
+ if (enmLevel == RTSIGNTOOLHELP_FULL)
+ RTStrmWrappedPrintf(pStrm, 0,
+ "\n"
+ "The --debug option allows the source-cat to be omitted in order to test the "
+ "ASN.1 re-encoding of the destination catalog file.\n"
+ "\n"
+ "The --prepend option puts the nested signature first rather than appending it "
+ "to the end of of the nested signature set. Windows reads nested signatures in "
+ "reverse order, so --prepend will logically putting it last.\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE HandleAddNestedCatSignature(int cArgs, char **papszArgs)
+{
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--prepend", 'p', RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--debug", 'd', RTGETOPT_REQ_NOTHING },
+ };
+
+ const char *pszDst = NULL;
+ const char *pszSrc = NULL;
+ unsigned cVerbosity = 0;
+ bool fDebug = false;
+ bool fPrepend = false;
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (ch)
+ {
+ case 'v': cVerbosity++; break;
+ case 'd': fDebug = pszSrc == NULL; break;
+ case 'p': fPrepend = true; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpAddNestedCatSignature(g_pStdOut, RTSIGNTOOLHELP_FULL);
+
+ case VINF_GETOPT_NOT_OPTION:
+ if (!pszDst)
+ pszDst = ValueUnion.psz;
+ else if (!pszSrc)
+ {
+ pszSrc = ValueUnion.psz;
+ fDebug = false;
+ }
+ else
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Too many file arguments: %s", ValueUnion.psz);
+ break;
+
+ default:
+ return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ }
+ if (!pszDst)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No destination catalog file given.");
+ if (!pszSrc && !fDebug)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No source catalog file given.");
+
+ /*
+ * Do it.
+ */
+ /* Read & decode the source PKCS#7 signature. */
+ SIGNTOOLPKCS7 Src;
+ RTEXITCODE rcExit = pszSrc ? SignToolPkcs7_InitFromFile(&Src, pszSrc, cVerbosity) : RTEXITCODE_SUCCESS;
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ /* Ditto for the destination PKCS#7 signature. */
+ SIGNTOOLPKCS7EXE Dst;
+ rcExit = SignToolPkcs7_InitFromFile(&Dst, pszDst, cVerbosity);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ {
+ /* Do the signature manipulation. */
+ if (pszSrc)
+ rcExit = SignToolPkcs7_AddNestedSignature(&Dst, &Src, cVerbosity, fPrepend);
+ if (rcExit == RTEXITCODE_SUCCESS)
+ rcExit = SignToolPkcs7_Encode(&Dst, cVerbosity);
+
+ /* Update the destination executable file. */
+ if (rcExit == RTEXITCODE_SUCCESS)
+ rcExit = SignToolPkcs7_WriteSignatureToFile(&Dst, pszDst, cVerbosity);
+
+ SignToolPkcs7_Delete(&Dst);
+ }
+ if (pszSrc)
+ SignToolPkcs7_Delete(&Src);
+ }
+
+ return rcExit;
+}
+
+
+/*********************************************************************************************************************************
+* The 'add-timestamp-exe-signature' command. *
+*********************************************************************************************************************************/
+#ifndef IPRT_SIGNTOOL_NO_SIGNING
+
+static RTEXITCODE HelpAddTimestampExeSignature(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT,
+ "add-timestamp-exe-signature [-v|--verbose] [--signature-index|-i <num>] "
+ OPT_CERT_KEY_SYNOPSIS("--timestamp-", "")
+ "[--timestamp-type old|new] "
+ "[--timestamp-override <partial-isots>] "
+ "[--replace-existing|-r] "
+ "<exe>\n");
+ if (enmLevel == RTSIGNTOOLHELP_FULL)
+ RTStrmWrappedPrintf(pStrm, 0,
+ "This is mainly to test timestamp code.\n"
+ "\n"
+ "The --timestamp-override option can take a partial or full ISO timestamp. It is merged "
+ "with the current time if partial.\n"
+ "\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+static RTEXITCODE HandleAddTimestampExeSignature(int cArgs, char **papszArgs)
+{
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--signature-index", 'i', RTGETOPT_REQ_UINT32 },
+ OPT_CERT_KEY_GETOPTDEF_ENTRIES("--timestamp-", "", 1000),
+ { "--timestamp-type", OPT_TIMESTAMP_TYPE, RTGETOPT_REQ_STRING },
+ { "--timestamp-override", OPT_TIMESTAMP_OVERRIDE, RTGETOPT_REQ_STRING },
+ { "--replace-existing", 'r', RTGETOPT_REQ_NOTHING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ };
+
+ unsigned cVerbosity = 0;
+ unsigned iSignature = 0;
+ bool fReplaceExisting = false;
+ SignToolTimestampOpts TimestampOpts("timestamp");
+ RTTIMESPEC SigningTime;
+ RTTimeNow(&SigningTime);
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ RTEXITCODE rcExit2 = RTEXITCODE_SUCCESS;
+ switch (ch)
+ {
+ OPT_CERT_KEY_SWITCH_CASES(TimestampOpts, 1000, ch, ValueUnion, rcExit2);
+ case 'i': iSignature = ValueUnion.u32; break;
+ case OPT_TIMESTAMP_TYPE: rcExit2 = HandleOptTimestampType(&TimestampOpts, ValueUnion.psz); break;
+ case OPT_TIMESTAMP_OVERRIDE: rcExit2 = HandleOptTimestampOverride(&SigningTime, ValueUnion.psz); break;
+ case 'r': fReplaceExisting = true; break;
+ case 'v': cVerbosity++; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpAddTimestampExeSignature(g_pStdOut, RTSIGNTOOLHELP_FULL);
+
+ case VINF_GETOPT_NOT_OPTION:
+ /* Do final certificate and key option processing (first file only). */
+ rcExit2 = TimestampOpts.finalizeOptions(cVerbosity);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ {
+ /* Do the work: */
+ SIGNTOOLPKCS7EXE Exe;
+ rcExit2 = SignToolPkcs7Exe_InitFromFile(&Exe, ValueUnion.psz, cVerbosity);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ {
+ rcExit2 = SignToolPkcs7_AddTimestampSignature(&Exe, cVerbosity, iSignature, fReplaceExisting,
+ SigningTime, &TimestampOpts);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ rcExit2 = SignToolPkcs7_Encode(&Exe, cVerbosity);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ rcExit2 = SignToolPkcs7Exe_WriteSignatureToFile(&Exe, cVerbosity);
+ SignToolPkcs7Exe_Delete(&Exe);
+ }
+ if (rcExit2 != RTEXITCODE_SUCCESS && rcExit == RTEXITCODE_SUCCESS)
+ rcExit = rcExit2;
+ rcExit2 = RTEXITCODE_SUCCESS;
+ }
+ break;
+
+ default:
+ return RTGetOptPrintError(ch, &ValueUnion);
+ }
+
+ if (rcExit2 != RTEXITCODE_SUCCESS)
+ {
+ rcExit = rcExit2;
+ break;
+ }
+ }
+ return rcExit;
+}
+
+#endif /*!IPRT_SIGNTOOL_NO_SIGNING */
+
+
+/*********************************************************************************************************************************
+* The 'sign-exe' command. *
+*********************************************************************************************************************************/
+#ifndef IPRT_SIGNTOOL_NO_SIGNING
+
+static RTEXITCODE HelpSign(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT,
+ "sign [-v|--verbose] "
+ "[--file-type exe|cat] "
+ "[--type|/fd sha1|sha256] "
+ "[--hash-pages|/ph] "
+ "[--no-hash-pages|/nph] "
+ "[--append/as] "
+ "[--no-signing-time] "
+ "[--add-cert <file>] "
+ "[--timestamp-type old|new] "
+ "[--timestamp-override <partial-isots>] "
+ "[--verbose|/debug|-v] "
+ OPT_CERT_KEY_SYNOPSIS("--", "")
+ OPT_CERT_KEY_SYNOPSIS("--timestamp-", "")
+ //OPT_CERT_KEY_SYNOPSIS("--timestamp-", "-2") - doesn't work, windows only uses one. Check again with new-style signatures
+ "<exe>\n");
+ if (enmLevel == RTSIGNTOOLHELP_FULL)
+ RTStrmWrappedPrintf(pStrm, 0,
+ "\n"
+ "Create a new code signature for an executable or catalog.\n"
+ "\n"
+ "Options:\n"
+ " --append, /as\n"
+ " Append the signature if one already exists. The default is to replace any existing signature.\n"
+ " --type sha1|sha256, /fd sha1|sha256\n"
+ " Signature type, SHA-1 or SHA-256.\n"
+ " --hash-pages, /ph, --no-page-hashes, /nph\n"
+ " Enables or disables page hashing. Ignored for catalog files. Default: --no-page-hashes\n"
+ " --add-cert <file>, /ac <file>\n"
+ " Adds (first) certificate from the file to the signature. Both PEM and DER (binary) encodings "
+ "are accepted. Repeat to add more certiifcates.\n"
+ " --timestamp-override <partial-iso-timestamp>\n"
+ " This specifies the signing time as a ISO timestamp. Partial timestamps are merged with the "
+ "current time. This is applied to any timestamp signature as well as the signingTime attribute of "
+ "main signature. Higher resolution than seconds is not supported. Default: Current time.\n"
+ " --no-signing-time\n"
+ " Don't set the signing time on the main signature, only on the timestamp one. Unfortunately, "
+ "this doesn't work without modifying OpenSSL a little.\n"
+ " --timestamp-type old|new\n"
+ " Selects the timstamp type. 'old' is the old style /t <url> stuff from signtool.exe. "
+ "'new' means a RTC-3161 timstamp - currently not implemented. Default: old\n"
+ //" --timestamp-type-2 old|new\n"
+ //" Same as --timestamp-type but for the 2nd timstamp signature.\n"
+ "\n"
+ //"Certificate and Key Options (--timestamp-cert-name[-2] etc for timestamps):\n"
+ "Certificate and Key Options (--timestamp-cert-name etc for timestamps):\n"
+ " --cert-subject <partial name>, /n <partial name>\n"
+ " Locate the main signature signing certificate and key, unless anything else is given, "
+ "by the given name substring. Overrides any previous --cert-sha1 and --cert-file options.\n"
+ " --cert-sha1 <hex bytes>, /sha1 <hex bytes>\n"
+ " Locate the main signature signing certificate and key, unless anything else is given, "
+ "by the given thumbprint. The hex bytes can be space separated, colon separated, just "
+ "bunched together, or a mix of these. This overrids any previous --cert-name and --cert-file "
+ "options.\n"
+ " --cert-store <name>, /s <store>\n"
+ " Certificate store to search when using --cert-name or --cert-sha1. Default: MY\n"
+ " --cert-machine-store, /sm\n"
+ " Use the machine store rather the ones of the current user.\n"
+ " --cert-file <file>, /f <file>\n"
+ " Load the certificate and key, unless anything else is given, from given file. Both PEM and "
+ "DER (binary) encodings are supported. Keys file can be RSA or PKCS#12 formatted.\n"
+ " --key-file <file>\n"
+ " Load the private key from the given file. Support RSA and PKCS#12 formatted files.\n"
+ " --key-password <password>, /p <password>\n"
+ " Password to use to decrypt a PKCS#12 password file.\n"
+ " --key-password-file <file>|stdin\n"
+ " Load password to decrypt the password file from the given file or from stdin.\n"
+ " --key-name <name>, /kc <name>\n"
+ " The private key container name. Not implemented.\n"
+ " --key-provider <name>, /csp <name>\n"
+ " The name of the crypto provider where the private key conatiner specified via --key-name "
+ "can be found.\n"
+ );
+
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE HandleSign(int cArgs, char **papszArgs)
+{
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--append", 'A', RTGETOPT_REQ_NOTHING },
+ { "/as", 'A', RTGETOPT_REQ_NOTHING },
+ { "/a", OPT_IGNORED, RTGETOPT_REQ_NOTHING }, /* select best cert automatically */
+ { "--type", 't', RTGETOPT_REQ_STRING },
+ { "/fd", 't', RTGETOPT_REQ_STRING },
+ { "--hash-pages", OPT_HASH_PAGES, RTGETOPT_REQ_NOTHING },
+ { "/ph", OPT_HASH_PAGES, RTGETOPT_REQ_NOTHING },
+ { "--no-hash-pages", OPT_NO_HASH_PAGES, RTGETOPT_REQ_NOTHING },
+ { "/nph", OPT_NO_HASH_PAGES, RTGETOPT_REQ_NOTHING },
+ { "--add-cert", OPT_ADD_CERT, RTGETOPT_REQ_STRING },
+ { "/ac", OPT_ADD_CERT, RTGETOPT_REQ_STRING },
+ { "--description", 'd', RTGETOPT_REQ_STRING },
+ { "--desc", 'd', RTGETOPT_REQ_STRING },
+ { "/d", 'd', RTGETOPT_REQ_STRING },
+ { "--description-url", 'D', RTGETOPT_REQ_STRING },
+ { "--desc-url", 'D', RTGETOPT_REQ_STRING },
+ { "/du", 'D', RTGETOPT_REQ_STRING },
+ { "--no-signing-time", OPT_NO_SIGNING_TIME, RTGETOPT_REQ_NOTHING },
+ OPT_CERT_KEY_GETOPTDEF_ENTRIES("--", "", 1000),
+ OPT_CERT_KEY_GETOPTDEF_COMPAT_ENTRIES( 1000),
+ OPT_CERT_KEY_GETOPTDEF_ENTRIES("--timestamp-", "", 1020),
+ //OPT_CERT_KEY_GETOPTDEF_ENTRIES("--timestamp-", "-1", 1020),
+ //OPT_CERT_KEY_GETOPTDEF_ENTRIES("--timestamp-", "-2", 1040), - disabled as windows cannot make use of it. Try again when
+ // new-style timestamp signatures has been implemented. Otherwise, just add two primary signatures with the two
+ // different timestamps certificates / hashes / whatever.
+ { "--timestamp-type", OPT_TIMESTAMP_TYPE, RTGETOPT_REQ_STRING },
+ { "--timestamp-type-1", OPT_TIMESTAMP_TYPE, RTGETOPT_REQ_STRING },
+ { "--timestamp-type-2", OPT_TIMESTAMP_TYPE_2, RTGETOPT_REQ_STRING },
+ { "--timestamp-override", OPT_TIMESTAMP_OVERRIDE, RTGETOPT_REQ_STRING },
+ { "--file-type", OPT_FILE_TYPE, RTGETOPT_REQ_STRING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "/v", 'v', RTGETOPT_REQ_NOTHING },
+ { "/debug", 'v', RTGETOPT_REQ_NOTHING },
+ };
+
+ unsigned cVerbosity = 0;
+ RTDIGESTTYPE enmSigType = RTDIGESTTYPE_SHA1;
+ bool fReplaceExisting = true;
+ bool fHashPages = false;
+ bool fNoSigningTime = false;
+ RTSIGNTOOLFILETYPE enmForceFileType = RTSIGNTOOLFILETYPE_DETECT;
+ SignToolKeyPair SigningCertKey("signing", true);
+ CryptoStore AddCerts;
+ const char *pszDescription = NULL; /** @todo implement putting descriptions into the OpusInfo stuff. */
+ const char *pszDescriptionUrl = NULL;
+ SignToolTimestampOpts aTimestampOpts[2] = { SignToolTimestampOpts("timestamp"), SignToolTimestampOpts("timestamp#2") };
+ RTTIMESPEC SigningTime;
+ RTTimeNow(&SigningTime);
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ RTEXITCODE rcExit2 = RTEXITCODE_SUCCESS;
+ switch (ch)
+ {
+ OPT_CERT_KEY_SWITCH_CASES(SigningCertKey, 1000, ch, ValueUnion, rcExit2);
+ OPT_CERT_KEY_SWITCH_CASES(aTimestampOpts[0], 1020, ch, ValueUnion, rcExit2);
+ OPT_CERT_KEY_SWITCH_CASES(aTimestampOpts[1], 1040, ch, ValueUnion, rcExit2);
+ case 't': rcExit2 = HandleOptSignatureType(&enmSigType, ValueUnion.psz); break;
+ case 'A': fReplaceExisting = false; break;
+ case 'd': pszDescription = ValueUnion.psz; break;
+ case 'D': pszDescriptionUrl = ValueUnion.psz; break;
+ case OPT_HASH_PAGES: fHashPages = true; break;
+ case OPT_NO_HASH_PAGES: fHashPages = false; break;
+ case OPT_NO_SIGNING_TIME: fNoSigningTime = true; break;
+ case OPT_ADD_CERT: rcExit2 = HandleOptAddCert(&AddCerts.m_hStore, ValueUnion.psz); break;
+ case OPT_TIMESTAMP_TYPE: rcExit2 = HandleOptTimestampType(&aTimestampOpts[0], ValueUnion.psz); break;
+ case OPT_TIMESTAMP_TYPE_2: rcExit2 = HandleOptTimestampType(&aTimestampOpts[1], ValueUnion.psz); break;
+ case OPT_TIMESTAMP_OVERRIDE: rcExit2 = HandleOptTimestampOverride(&SigningTime, ValueUnion.psz); break;
+ case OPT_FILE_TYPE: rcExit2 = HandleOptFileType(&enmForceFileType, ValueUnion.psz); break;
+ case OPT_IGNORED: break;
+ case 'v': cVerbosity++; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpSign(g_pStdOut, RTSIGNTOOLHELP_FULL);
+
+ case VINF_GETOPT_NOT_OPTION:
+ /*
+ * Do final certificate and key option processing (first file only).
+ */
+ rcExit2 = SigningCertKey.finalizeOptions(cVerbosity);
+ for (unsigned i = 0; rcExit2 == RTEXITCODE_SUCCESS && i < RT_ELEMENTS(aTimestampOpts); i++)
+ rcExit2 = aTimestampOpts[i].finalizeOptions(cVerbosity);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ {
+ /*
+ * Detect file type.
+ */
+ RTSIGNTOOLFILETYPE enmFileType = DetectFileType(enmForceFileType, ValueUnion.psz);
+ if (enmFileType == RTSIGNTOOLFILETYPE_EXE)
+ {
+ /*
+ * Sign executable image.
+ */
+ SIGNTOOLPKCS7EXE Exe;
+ rcExit2 = SignToolPkcs7Exe_InitFromFile(&Exe, ValueUnion.psz, cVerbosity,
+ RTLDRARCH_WHATEVER, true /*fAllowUnsigned*/);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ {
+ rcExit2 = SignToolPkcs7_AddOrReplaceSignature(&Exe, cVerbosity, enmSigType, fReplaceExisting,
+ fHashPages, fNoSigningTime, &SigningCertKey,
+ AddCerts.m_hStore, SigningTime,
+ RT_ELEMENTS(aTimestampOpts), aTimestampOpts);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ rcExit2 = SignToolPkcs7_Encode(&Exe, cVerbosity);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ rcExit2 = SignToolPkcs7Exe_WriteSignatureToFile(&Exe, cVerbosity);
+ SignToolPkcs7Exe_Delete(&Exe);
+ }
+ }
+ else if (enmFileType == RTSIGNTOOLFILETYPE_CAT)
+ {
+ /*
+ * Sign catalog file.
+ */
+ SIGNTOOLPKCS7 Cat;
+ rcExit2 = SignToolPkcs7_InitFromFile(&Cat, ValueUnion.psz, cVerbosity);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ {
+ rcExit2 = SignToolPkcs7_AddOrReplaceCatSignature(&Cat, cVerbosity, enmSigType, fReplaceExisting,
+ fNoSigningTime, &SigningCertKey,
+ AddCerts.m_hStore, SigningTime,
+ RT_ELEMENTS(aTimestampOpts), aTimestampOpts);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ rcExit2 = SignToolPkcs7_Encode(&Cat, cVerbosity);
+ if (rcExit2 == RTEXITCODE_SUCCESS)
+ rcExit2 = SignToolPkcs7_WriteSignatureToFile(&Cat, ValueUnion.psz, cVerbosity);
+ SignToolPkcs7_Delete(&Cat);
+ }
+ }
+ else
+ rcExit2 = RTEXITCODE_FAILURE;
+ if (rcExit2 != RTEXITCODE_SUCCESS && rcExit == RTEXITCODE_SUCCESS)
+ rcExit = rcExit2;
+ rcExit2 = RTEXITCODE_SUCCESS;
+ }
+ break;
+
+ default:
+ return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ if (rcExit2 != RTEXITCODE_SUCCESS)
+ {
+ rcExit = rcExit2;
+ break;
+ }
+ }
+
+ return rcExit;
+}
+
+#endif /*!IPRT_SIGNTOOL_NO_SIGNING */
+
+
+/*********************************************************************************************************************************
+* The 'verify-exe' command. *
+*********************************************************************************************************************************/
+#ifndef IPRT_IN_BUILD_TOOL
+
+static RTEXITCODE HelpVerifyExe(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT,
+ "verify-exe [--verbose|--quiet] [--kernel] [--root <root-cert.der>] [--self-signed-roots-from-system] "
+ "[--additional <supp-cert.der>] [--type <win|osx>] <exe1> [exe2 [..]]\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+typedef struct VERIFYEXESTATE
+{
+ CryptoStore RootStore;
+ CryptoStore KernelRootStore;
+ CryptoStore AdditionalStore;
+ bool fKernel;
+ int cVerbose;
+ enum { kSignType_Windows, kSignType_OSX } enmSignType;
+ RTLDRARCH enmLdrArch;
+ uint32_t cBad;
+ uint32_t cOkay;
+ const char *pszFilename;
+ RTTIMESPEC ValidationTime;
+
+ VERIFYEXESTATE()
+ : fKernel(false)
+ , cVerbose(0)
+ , enmSignType(kSignType_Windows)
+ , enmLdrArch(RTLDRARCH_WHATEVER)
+ , cBad(0)
+ , cOkay(0)
+ , pszFilename(NULL)
+ {
+ RTTimeSpecSetSeconds(&ValidationTime, 0);
+ }
+} VERIFYEXESTATE;
+
+# ifdef VBOX
+/** Certificate store load set.
+ * Declared outside HandleVerifyExe because of braindead gcc visibility crap. */
+struct STSTORESET
+{
+ RTCRSTORE hStore;
+ PCSUPTAENTRY paTAs;
+ unsigned cTAs;
+};
+# endif
+
+/**
+ * @callback_method_impl{FNRTCRPKCS7VERIFYCERTCALLBACK,
+ * Standard code signing. Use this for Microsoft SPC.}
+ */
+static DECLCALLBACK(int) VerifyExecCertVerifyCallback(PCRTCRX509CERTIFICATE pCert, RTCRX509CERTPATHS hCertPaths, uint32_t fFlags,
+ void *pvUser, PRTERRINFO pErrInfo)
+{
+ VERIFYEXESTATE *pState = (VERIFYEXESTATE *)pvUser;
+ uint32_t cPaths = RTCrX509CertPathsGetPathCount(hCertPaths);
+
+ /*
+ * Dump all the paths.
+ */
+ if (pState->cVerbose > 0)
+ {
+ RTPrintf(fFlags & RTCRPKCS7VCC_F_TIMESTAMP ? "Timestamp Path%s:\n" : "Signature Path%s:\n",
+ cPaths == 1 ? "" : "s");
+ for (uint32_t iPath = 0; iPath < cPaths; iPath++)
+ {
+ //if (iPath != 0)
+ // RTPrintf("---\n");
+ RTCrX509CertPathsDumpOne(hCertPaths, iPath, pState->cVerbose, RTStrmDumpPrintfV, g_pStdOut);
+ *pErrInfo->pszMsg = '\0';
+ }
+ //RTPrintf(fFlags & RTCRPKCS7VCC_F_TIMESTAMP ? "--- end timestamp ---\n" : "--- end signature ---\n");
+ }
+
+ /*
+ * Test signing certificates normally doesn't have all the necessary
+ * features required below. So, treat them as special cases.
+ */
+ if ( hCertPaths == NIL_RTCRX509CERTPATHS
+ && RTCrX509Name_Compare(&pCert->TbsCertificate.Issuer, &pCert->TbsCertificate.Subject) == 0)
+ {
+ RTMsgInfo("Test signed.\n");
+ return VINF_SUCCESS;
+ }
+
+ if (hCertPaths == NIL_RTCRX509CERTPATHS)
+ RTMsgInfo("Signed by trusted certificate.\n");
+
+ /*
+ * Standard code signing capabilites required.
+ */
+ int rc = RTCrPkcs7VerifyCertCallbackCodeSigning(pCert, hCertPaths, fFlags, NULL, pErrInfo);
+ if ( RT_SUCCESS(rc)
+ && (fFlags & RTCRPKCS7VCC_F_SIGNED_DATA))
+ {
+ /*
+ * If windows kernel signing, a valid certificate path must be anchored
+ * by the microsoft kernel signing root certificate. The only
+ * alternative is test signing.
+ */
+ if ( pState->fKernel
+ && hCertPaths != NIL_RTCRX509CERTPATHS
+ && pState->enmSignType == VERIFYEXESTATE::kSignType_Windows)
+ {
+ uint32_t cFound = 0;
+ uint32_t cValid = 0;
+ for (uint32_t iPath = 0; iPath < cPaths; iPath++)
+ {
+ bool fTrusted;
+ PCRTCRX509NAME pSubject;
+ PCRTCRX509SUBJECTPUBLICKEYINFO pPublicKeyInfo;
+ int rcVerify;
+ rc = RTCrX509CertPathsQueryPathInfo(hCertPaths, iPath, &fTrusted, NULL /*pcNodes*/, &pSubject, &pPublicKeyInfo,
+ NULL, NULL /*pCertCtx*/, &rcVerify);
+ AssertRCBreak(rc);
+
+ if (RT_SUCCESS(rcVerify))
+ {
+ Assert(fTrusted);
+ cValid++;
+
+ /* Search the kernel signing root store for a matching anchor. */
+ RTCRSTORECERTSEARCH Search;
+ rc = RTCrStoreCertFindBySubjectOrAltSubjectByRfc5280(pState->KernelRootStore.m_hStore, pSubject, &Search);
+ AssertRCBreak(rc);
+ PCRTCRCERTCTX pCertCtx;
+ while ((pCertCtx = RTCrStoreCertSearchNext(pState->KernelRootStore.m_hStore, &Search)) != NULL)
+ {
+ PCRTCRX509SUBJECTPUBLICKEYINFO pPubKeyInfo;
+ if (pCertCtx->pCert)
+ pPubKeyInfo = &pCertCtx->pCert->TbsCertificate.SubjectPublicKeyInfo;
+ else if (pCertCtx->pTaInfo)
+ pPubKeyInfo = &pCertCtx->pTaInfo->PubKey;
+ else
+ pPubKeyInfo = NULL;
+ if (RTCrX509SubjectPublicKeyInfo_Compare(pPubKeyInfo, pPublicKeyInfo) == 0)
+ cFound++;
+ RTCrCertCtxRelease(pCertCtx);
+ }
+
+ int rc2 = RTCrStoreCertSearchDestroy(pState->KernelRootStore.m_hStore, &Search); AssertRC(rc2);
+ }
+ }
+ if (RT_SUCCESS(rc) && cFound == 0)
+ rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE, "Not valid kernel code signature.");
+ if (RT_SUCCESS(rc) && cValid != 2)
+ RTMsgWarning("%u valid paths, expected 2", cValid);
+ }
+ /*
+ * For Mac OS X signing, check for special developer ID attributes.
+ */
+ else if (pState->enmSignType == VERIFYEXESTATE::kSignType_OSX)
+ {
+ uint32_t cDevIdApp = 0;
+ uint32_t cDevIdKext = 0;
+ uint32_t cDevIdMacDev = 0;
+ for (uint32_t i = 0; i < pCert->TbsCertificate.T3.Extensions.cItems; i++)
+ {
+ PCRTCRX509EXTENSION pExt = pCert->TbsCertificate.T3.Extensions.papItems[i];
+ if (RTAsn1ObjId_CompareWithString(&pExt->ExtnId, RTCR_APPLE_CS_DEVID_APPLICATION_OID) == 0)
+ {
+ cDevIdApp++;
+ if (!pExt->Critical.fValue)
+ rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
+ "Dev ID Application certificate extension is not flagged critical");
+ }
+ else if (RTAsn1ObjId_CompareWithString(&pExt->ExtnId, RTCR_APPLE_CS_DEVID_KEXT_OID) == 0)
+ {
+ cDevIdKext++;
+ if (!pExt->Critical.fValue)
+ rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
+ "Dev ID kext certificate extension is not flagged critical");
+ }
+ else if (RTAsn1ObjId_CompareWithString(&pExt->ExtnId, RTCR_APPLE_CS_DEVID_MAC_SW_DEV_OID) == 0)
+ {
+ cDevIdMacDev++;
+ if (!pExt->Critical.fValue)
+ rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
+ "Dev ID Mac SW dev certificate extension is not flagged critical");
+ }
+ }
+ if (cDevIdApp == 0)
+ {
+ if (cDevIdMacDev == 0)
+ rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
+ "Certificate is missing the 'Dev ID Application' extension");
+ else
+ RTMsgWarning("Mac SW dev certificate used to sign code.");
+ }
+ if (cDevIdKext == 0 && pState->fKernel)
+ {
+ if (cDevIdMacDev == 0)
+ rc = RTErrInfoSetF(pErrInfo, VERR_GENERAL_FAILURE,
+ "Certificate is missing the 'Dev ID kext' extension");
+ else
+ RTMsgWarning("Mac SW dev certificate used to sign kernel code.");
+ }
+ }
+ }
+
+ return rc;
+}
+
+/** @callback_method_impl{FNRTLDRVALIDATESIGNEDDATA} */
+static DECLCALLBACK(int) VerifyExeCallback(RTLDRMOD hLdrMod, PCRTLDRSIGNATUREINFO pInfo, PRTERRINFO pErrInfo, void *pvUser)
+{
+ VERIFYEXESTATE *pState = (VERIFYEXESTATE *)pvUser;
+ RT_NOREF_PV(hLdrMod);
+
+ switch (pInfo->enmType)
+ {
+ case RTLDRSIGNATURETYPE_PKCS7_SIGNED_DATA:
+ {
+ PCRTCRPKCS7CONTENTINFO pContentInfo = (PCRTCRPKCS7CONTENTINFO)pInfo->pvSignature;
+
+ if (pState->cVerbose > 0)
+ RTMsgInfo("Verifying '%s' signature #%u ...\n", pState->pszFilename, pInfo->iSignature + 1);
+
+ /*
+ * Dump the signed data if so requested and it's the first one, assuming that
+ * additional signatures in contained wihtin the same ContentInfo structure.
+ */
+ if (pState->cVerbose > 1 && pInfo->iSignature == 0)
+ RTAsn1Dump(&pContentInfo->SeqCore.Asn1Core, 0, 0, RTStrmDumpPrintfV, g_pStdOut);
+
+ /*
+ * We'll try different alternative timestamps here.
+ */
+ struct { RTTIMESPEC TimeSpec; const char *pszDesc; } aTimes[3];
+ unsigned cTimes = 0;
+
+ /* The specified timestamp. */
+ if (RTTimeSpecGetSeconds(&pState->ValidationTime) != 0)
+ {
+ aTimes[cTimes].TimeSpec = pState->ValidationTime;
+ aTimes[cTimes].pszDesc = "validation time";
+ cTimes++;
+ }
+
+ /* Linking timestamp: */
+ uint64_t uLinkingTime = 0;
+ int rc = RTLdrQueryProp(hLdrMod, RTLDRPROP_TIMESTAMP_SECONDS, &uLinkingTime, sizeof(uLinkingTime));
+ if (RT_SUCCESS(rc))
+ {
+ RTTimeSpecSetSeconds(&aTimes[cTimes].TimeSpec, uLinkingTime);
+ aTimes[cTimes].pszDesc = "at link time";
+ cTimes++;
+ }
+ else if (rc != VERR_NOT_FOUND)
+ RTMsgError("RTLdrQueryProp/RTLDRPROP_TIMESTAMP_SECONDS failed on '%s': %Rrc\n", pState->pszFilename, rc);
+
+ /* Now: */
+ RTTimeNow(&aTimes[cTimes].TimeSpec);
+ aTimes[cTimes].pszDesc = "now";
+ cTimes++;
+
+ /*
+ * Do the actual verification.
+ */
+ for (unsigned iTime = 0; iTime < cTimes; iTime++)
+ {
+ if (pInfo->pvExternalData)
+ rc = RTCrPkcs7VerifySignedDataWithExternalData(pContentInfo,
+ RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE_SIGNING_TIME_ONLY
+ | RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_SIGNING_TIME_IF_PRESENT
+ | RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_MS_TIMESTAMP_IF_PRESENT
+ | RTCRPKCS7VERIFY_SD_F_CHECK_TRUST_ANCHORS,
+ pState->AdditionalStore.m_hStore, pState->RootStore.m_hStore,
+ &aTimes[iTime].TimeSpec,
+ VerifyExecCertVerifyCallback, pState,
+ pInfo->pvExternalData, pInfo->cbExternalData, pErrInfo);
+ else
+ rc = RTCrPkcs7VerifySignedData(pContentInfo,
+ RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE_SIGNING_TIME_ONLY
+ | RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_SIGNING_TIME_IF_PRESENT
+ | RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_MS_TIMESTAMP_IF_PRESENT
+ | RTCRPKCS7VERIFY_SD_F_CHECK_TRUST_ANCHORS,
+ pState->AdditionalStore.m_hStore, pState->RootStore.m_hStore,
+ &aTimes[iTime].TimeSpec,
+ VerifyExecCertVerifyCallback, pState, pErrInfo);
+ if (RT_SUCCESS(rc))
+ {
+ Assert(rc == VINF_SUCCESS || rc == VINF_CR_DIGEST_DEPRECATED);
+ const char *pszNote = rc == VINF_CR_DIGEST_DEPRECATED ? " (deprecated digest)" : "";
+ if (pInfo->cSignatures == 1)
+ RTMsgInfo("'%s' is valid %s%s.\n", pState->pszFilename, aTimes[iTime].pszDesc, pszNote);
+ else
+ RTMsgInfo("'%s' signature #%u is valid %s%s.\n",
+ pState->pszFilename, pInfo->iSignature + 1, aTimes[iTime].pszDesc, pszNote);
+ pState->cOkay++;
+ return VINF_SUCCESS;
+ }
+ if (rc != VERR_CR_X509_CPV_NOT_VALID_AT_TIME)
+ {
+ if (pInfo->cSignatures == 1)
+ RTMsgError("%s: Failed to verify signature: %Rrc%#RTeim\n", pState->pszFilename, rc, pErrInfo);
+ else
+ RTMsgError("%s: Failed to verify signature #%u: %Rrc%#RTeim\n",
+ pState->pszFilename, pInfo->iSignature + 1, rc, pErrInfo);
+ pState->cBad++;
+ return VINF_SUCCESS;
+ }
+ }
+
+ if (pInfo->cSignatures == 1)
+ RTMsgError("%s: Signature is not valid at present or link time.\n", pState->pszFilename);
+ else
+ RTMsgError("%s: Signature #%u is not valid at present or link time.\n",
+ pState->pszFilename, pInfo->iSignature + 1);
+ pState->cBad++;
+ return VINF_SUCCESS;
+ }
+
+ default:
+ return RTErrInfoSetF(pErrInfo, VERR_NOT_SUPPORTED, "Unsupported signature type: %d", pInfo->enmType);
+ }
+}
+
+/**
+ * Worker for HandleVerifyExe.
+ */
+static RTEXITCODE HandleVerifyExeWorker(VERIFYEXESTATE *pState, const char *pszFilename, PRTERRINFOSTATIC pStaticErrInfo)
+{
+ /*
+ * Open the executable image and verify it.
+ */
+ RTLDRMOD hLdrMod;
+ int rc = RTLdrOpen(pszFilename, RTLDR_O_FOR_VALIDATION, pState->enmLdrArch, &hLdrMod);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error opening executable image '%s': %Rrc", pszFilename, rc);
+
+ /* Reset the state. */
+ pState->cBad = 0;
+ pState->cOkay = 0;
+ pState->pszFilename = pszFilename;
+
+ rc = RTLdrVerifySignature(hLdrMod, VerifyExeCallback, pState, RTErrInfoInitStatic(pStaticErrInfo));
+ if (RT_FAILURE(rc))
+ RTMsgError("RTLdrVerifySignature failed on '%s': %Rrc - %s\n", pszFilename, rc, pStaticErrInfo->szMsg);
+
+ int rc2 = RTLdrClose(hLdrMod);
+ if (RT_FAILURE(rc2))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTLdrClose failed: %Rrc\n", rc2);
+ if (RT_FAILURE(rc))
+ return rc != VERR_LDRVI_NOT_SIGNED ? RTEXITCODE_FAILURE : RTEXITCODE_SKIPPED;
+
+ return pState->cOkay > 0 ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
+}
+
+
+static RTEXITCODE HandleVerifyExe(int cArgs, char **papszArgs)
+{
+ RTERRINFOSTATIC StaticErrInfo;
+
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--kernel", 'k', RTGETOPT_REQ_NOTHING },
+ { "--root", 'r', RTGETOPT_REQ_STRING },
+ { "--self-signed-roots-from-system", 'R', RTGETOPT_REQ_NOTHING },
+ { "--additional", 'a', RTGETOPT_REQ_STRING },
+ { "--add", 'a', RTGETOPT_REQ_STRING },
+ { "--type", 't', RTGETOPT_REQ_STRING },
+ { "--validation-time", 'T', RTGETOPT_REQ_STRING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--quiet", 'q', RTGETOPT_REQ_NOTHING },
+ };
+
+ VERIFYEXESTATE State;
+ int rc = RTCrStoreCreateInMem(&State.RootStore.m_hStore, 0);
+ if (RT_SUCCESS(rc))
+ rc = RTCrStoreCreateInMem(&State.KernelRootStore.m_hStore, 0);
+ if (RT_SUCCESS(rc))
+ rc = RTCrStoreCreateInMem(&State.AdditionalStore.m_hStore, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error creating in-memory certificate store: %Rrc", rc);
+
+ RTGETOPTSTATE GetState;
+ rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)) && ch != VINF_GETOPT_NOT_OPTION)
+ {
+ switch (ch)
+ {
+ case 'a':
+ if (!State.AdditionalStore.addFromFile(ValueUnion.psz, &StaticErrInfo))
+ return RTEXITCODE_FAILURE;
+ break;
+
+ case 'r':
+ if (!State.RootStore.addFromFile(ValueUnion.psz, &StaticErrInfo))
+ return RTEXITCODE_FAILURE;
+ break;
+
+ case 'R':
+ if (!State.RootStore.addSelfSignedRootsFromSystem(&StaticErrInfo))
+ return RTEXITCODE_FAILURE;
+ break;
+
+ case 't':
+ if (!strcmp(ValueUnion.psz, "win") || !strcmp(ValueUnion.psz, "windows"))
+ State.enmSignType = VERIFYEXESTATE::kSignType_Windows;
+ else if (!strcmp(ValueUnion.psz, "osx") || !strcmp(ValueUnion.psz, "apple"))
+ State.enmSignType = VERIFYEXESTATE::kSignType_OSX;
+ else
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Unknown signing type: '%s'", ValueUnion.psz);
+ break;
+
+ case 'T':
+ if (!RTTimeSpecFromString(&State.ValidationTime, ValueUnion.psz))
+ return RTMsgErrorExit(RTEXITCODE_SYNTAX, "Invalid validation time (%s): %Rrc", ValueUnion.psz, rc);
+ break;
+
+ case 'k': State.fKernel = true; break;
+ case 'v': State.cVerbose++; break;
+ case 'q': State.cVerbose = 0; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpVerifyExe(g_pStdOut, RTSIGNTOOLHELP_FULL);
+ default: return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ }
+ if (ch != VINF_GETOPT_NOT_OPTION)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No executable given.");
+
+ /*
+ * Populate the certificate stores according to the signing type.
+ */
+# ifdef VBOX
+ unsigned cSets = 0;
+ struct STSTORESET aSets[6];
+ switch (State.enmSignType)
+ {
+ case VERIFYEXESTATE::kSignType_Windows:
+ aSets[cSets].hStore = State.RootStore.m_hStore;
+ aSets[cSets].paTAs = g_aSUPTimestampTAs;
+ aSets[cSets].cTAs = g_cSUPTimestampTAs;
+ cSets++;
+ aSets[cSets].hStore = State.RootStore.m_hStore;
+ aSets[cSets].paTAs = g_aSUPSpcRootTAs;
+ aSets[cSets].cTAs = g_cSUPSpcRootTAs;
+ cSets++;
+ aSets[cSets].hStore = State.RootStore.m_hStore;
+ aSets[cSets].paTAs = g_aSUPNtKernelRootTAs;
+ aSets[cSets].cTAs = g_cSUPNtKernelRootTAs;
+ cSets++;
+ aSets[cSets].hStore = State.KernelRootStore.m_hStore;
+ aSets[cSets].paTAs = g_aSUPNtKernelRootTAs;
+ aSets[cSets].cTAs = g_cSUPNtKernelRootTAs;
+ cSets++;
+ break;
+
+ case VERIFYEXESTATE::kSignType_OSX:
+ aSets[cSets].hStore = State.RootStore.m_hStore;
+ aSets[cSets].paTAs = g_aSUPAppleRootTAs;
+ aSets[cSets].cTAs = g_cSUPAppleRootTAs;
+ cSets++;
+ break;
+ }
+ for (unsigned i = 0; i < cSets; i++)
+ for (unsigned j = 0; j < aSets[i].cTAs; j++)
+ {
+ rc = RTCrStoreCertAddEncoded(aSets[i].hStore, RTCRCERTCTX_F_ENC_TAF_DER, aSets[i].paTAs[j].pch,
+ aSets[i].paTAs[j].cb, RTErrInfoInitStatic(&StaticErrInfo));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTCrStoreCertAddEncoded failed (%u/%u): %s",
+ i, j, StaticErrInfo.szMsg);
+ }
+# endif /* VBOX */
+
+ /*
+ * Do it.
+ */
+ RTEXITCODE rcExit;
+ for (;;)
+ {
+ rcExit = HandleVerifyExeWorker(&State, ValueUnion.psz, &StaticErrInfo);
+ if (rcExit != RTEXITCODE_SUCCESS)
+ break;
+
+ /*
+ * Next file
+ */
+ ch = RTGetOpt(&GetState, &ValueUnion);
+ if (ch == 0)
+ break;
+ if (ch != VINF_GETOPT_NOT_OPTION)
+ {
+ rcExit = RTGetOptPrintError(ch, &ValueUnion);
+ break;
+ }
+ }
+
+ return rcExit;
+}
+
+#endif /* !IPRT_IN_BUILD_TOOL */
+
+/*
+ * common code for show-exe and show-cat:
+ */
+
+/**
+ * Display an object ID.
+ *
+ * @returns IPRT status code.
+ * @param pThis The show exe instance data.
+ * @param pObjId The object ID to display.
+ * @param pszLabel The field label (prefixed by szPrefix).
+ * @param pszPost What to print after the ID (typically newline).
+ */
+static void HandleShowExeWorkerDisplayObjId(PSHOWEXEPKCS7 pThis, PCRTASN1OBJID pObjId, const char *pszLabel, const char *pszPost)
+{
+ int rc = RTAsn1QueryObjIdName(pObjId, pThis->szTmp, sizeof(pThis->szTmp));
+ if (RT_SUCCESS(rc))
+ {
+ if (pThis->cVerbosity > 1)
+ RTPrintf("%s%s%s (%s)%s", pThis->szPrefix, pszLabel, pThis->szTmp, pObjId->szObjId, pszPost);
+ else
+ RTPrintf("%s%s%s%s", pThis->szPrefix, pszLabel, pThis->szTmp, pszPost);
+ }
+ else
+ RTPrintf("%s%s%s%s", pThis->szPrefix, pszLabel, pObjId->szObjId, pszPost);
+}
+
+
+/**
+ * Display an object ID, without prefix and label
+ *
+ * @returns IPRT status code.
+ * @param pThis The show exe instance data.
+ * @param pObjId The object ID to display.
+ * @param pszPost What to print after the ID (typically newline).
+ */
+static void HandleShowExeWorkerDisplayObjIdSimple(PSHOWEXEPKCS7 pThis, PCRTASN1OBJID pObjId, const char *pszPost)
+{
+ int rc = RTAsn1QueryObjIdName(pObjId, pThis->szTmp, sizeof(pThis->szTmp));
+ if (RT_SUCCESS(rc))
+ {
+ if (pThis->cVerbosity > 1)
+ RTPrintf("%s (%s)%s", pThis->szTmp, pObjId->szObjId, pszPost);
+ else
+ RTPrintf("%s%s", pThis->szTmp, pszPost);
+ }
+ else
+ RTPrintf("%s%s", pObjId->szObjId, pszPost);
+}
+
+
+/**
+ * Display a signer info attribute.
+ *
+ * @returns IPRT status code.
+ * @param pThis The show exe instance data.
+ * @param offPrefix The current prefix offset.
+ * @param pAttr The attribute to display.
+ */
+static int HandleShowExeWorkerPkcs7DisplayAttrib(PSHOWEXEPKCS7 pThis, size_t offPrefix, PCRTCRPKCS7ATTRIBUTE pAttr)
+{
+ HandleShowExeWorkerDisplayObjId(pThis, &pAttr->Type, "", ":\n");
+ if (pThis->cVerbosity > 4 && pAttr->SeqCore.Asn1Core.uData.pu8)
+ RTPrintf("%s uData.pu8=%p cb=%#x\n", pThis->szPrefix, pAttr->SeqCore.Asn1Core.uData.pu8, pAttr->SeqCore.Asn1Core.cb);
+
+ int rc = VINF_SUCCESS;
+ switch (pAttr->enmType)
+ {
+ case RTCRPKCS7ATTRIBUTETYPE_UNKNOWN:
+ if (pAttr->uValues.pCores->cItems <= 1)
+ RTPrintf("%s %u bytes\n", pThis->szPrefix,pAttr->uValues.pCores->SetCore.Asn1Core.cb);
+ else
+ RTPrintf("%s %u bytes divided by %u items\n", pThis->szPrefix, pAttr->uValues.pCores->SetCore.Asn1Core.cb, pAttr->uValues.pCores->cItems);
+ break;
+
+ /* Object IDs, use pObjIds. */
+ case RTCRPKCS7ATTRIBUTETYPE_OBJ_IDS:
+ if (pAttr->uValues.pObjIds->cItems != 1)
+ RTPrintf("%s%u object IDs:", pThis->szPrefix, pAttr->uValues.pObjIds->cItems);
+ for (unsigned i = 0; i < pAttr->uValues.pObjIds->cItems; i++)
+ {
+ if (pAttr->uValues.pObjIds->cItems == 1)
+ RTPrintf("%s ", pThis->szPrefix);
+ else
+ RTPrintf("%s ObjId[%u]: ", pThis->szPrefix, i);
+ HandleShowExeWorkerDisplayObjIdSimple(pThis, pAttr->uValues.pObjIds->papItems[i], "\n");
+ }
+ break;
+
+ /* Sequence of object IDs, use pObjIdSeqs. */
+ case RTCRPKCS7ATTRIBUTETYPE_MS_STATEMENT_TYPE:
+ if (pAttr->uValues.pObjIdSeqs->cItems != 1)
+ RTPrintf("%s%u object IDs:", pThis->szPrefix, pAttr->uValues.pObjIdSeqs->cItems);
+ for (unsigned i = 0; i < pAttr->uValues.pObjIdSeqs->cItems; i++)
+ {
+ uint32_t const cObjIds = pAttr->uValues.pObjIdSeqs->papItems[i]->cItems;
+ for (unsigned j = 0; j < cObjIds; j++)
+ {
+ if (pAttr->uValues.pObjIdSeqs->cItems == 1)
+ RTPrintf("%s ", pThis->szPrefix);
+ else
+ RTPrintf("%s ObjIdSeq[%u]: ", pThis->szPrefix, i);
+ if (cObjIds != 1)
+ RTPrintf(" ObjId[%u]: ", j);
+ HandleShowExeWorkerDisplayObjIdSimple(pThis, pAttr->uValues.pObjIdSeqs->papItems[i]->papItems[i], "\n");
+ }
+ }
+ break;
+
+ /* Octet strings, use pOctetStrings. */
+ case RTCRPKCS7ATTRIBUTETYPE_OCTET_STRINGS:
+ if (pAttr->uValues.pOctetStrings->cItems != 1)
+ RTPrintf("%s%u octet strings:", pThis->szPrefix, pAttr->uValues.pOctetStrings->cItems);
+ for (unsigned i = 0; i < pAttr->uValues.pOctetStrings->cItems; i++)
+ {
+ PCRTASN1OCTETSTRING pOctetString = pAttr->uValues.pOctetStrings->papItems[i];
+ uint32_t cbContent = pOctetString->Asn1Core.cb;
+ if (cbContent > 0 && (cbContent <= 128 || pThis->cVerbosity >= 2))
+ {
+ uint8_t const *pbContent = pOctetString->Asn1Core.uData.pu8;
+ uint32_t off = 0;
+ while (off < cbContent)
+ {
+ uint32_t cbNow = RT_MIN(cbContent - off, 16);
+ if (pAttr->uValues.pOctetStrings->cItems == 1)
+ RTPrintf("%s %#06x: %.*Rhxs\n", pThis->szPrefix, off, cbNow, &pbContent[off]);
+ else
+ RTPrintf("%s OctetString[%u]: %#06x: %.*Rhxs\n", pThis->szPrefix, i, off, cbNow, &pbContent[off]);
+ off += cbNow;
+ }
+ }
+ else
+ RTPrintf("%s: OctetString[%u]: %u bytes\n", pThis->szPrefix, i, pOctetString->Asn1Core.cb);
+ }
+ break;
+
+ /* Counter signatures (PKCS \#9), use pCounterSignatures. */
+ case RTCRPKCS7ATTRIBUTETYPE_COUNTER_SIGNATURES:
+ RTPrintf("%s%u counter signatures, %u bytes in total\n", pThis->szPrefix,
+ pAttr->uValues.pCounterSignatures->cItems, pAttr->uValues.pCounterSignatures->SetCore.Asn1Core.cb);
+ for (uint32_t i = 0; i < pAttr->uValues.pCounterSignatures->cItems; i++)
+ {
+ size_t offPrefix2 = offPrefix;
+ if (pAttr->uValues.pContentInfos->cItems > 1)
+ offPrefix2 += RTStrPrintf(&pThis->szPrefix[offPrefix], sizeof(pThis->szPrefix) - offPrefix, "CounterSig[%u]: ", i);
+ else
+ offPrefix2 += RTStrPrintf(&pThis->szPrefix[offPrefix], sizeof(pThis->szPrefix) - offPrefix, " ");
+
+ int rc2 = HandleShowExeWorkerPkcs7DisplaySignerInfo(pThis, offPrefix2,
+ pAttr->uValues.pCounterSignatures->papItems[i]);
+ if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
+ rc = rc2;
+ }
+ break;
+
+ /* Signing time (PKCS \#9), use pSigningTime. */
+ case RTCRPKCS7ATTRIBUTETYPE_SIGNING_TIME:
+ for (uint32_t i = 0; i < pAttr->uValues.pSigningTime->cItems; i++)
+ {
+ PCRTASN1TIME pTime = pAttr->uValues.pSigningTime->papItems[i];
+ char szTS[RTTIME_STR_LEN];
+ RTTimeToString(&pTime->Time, szTS, sizeof(szTS));
+ if (pAttr->uValues.pSigningTime->cItems == 1)
+ RTPrintf("%s %s (%.*s)\n", pThis->szPrefix, szTS, pTime->Asn1Core.cb, pTime->Asn1Core.uData.pch);
+ else
+ RTPrintf("%s #%u: %s (%.*s)\n", pThis->szPrefix, i, szTS, pTime->Asn1Core.cb, pTime->Asn1Core.uData.pch);
+ }
+ break;
+
+ /* Microsoft timestamp info (RFC-3161) signed data, use pContentInfo. */
+ case RTCRPKCS7ATTRIBUTETYPE_MS_TIMESTAMP:
+ case RTCRPKCS7ATTRIBUTETYPE_MS_NESTED_SIGNATURE:
+ if (pAttr->uValues.pContentInfos->cItems > 1)
+ RTPrintf("%s%u nested signatures, %u bytes in total\n", pThis->szPrefix,
+ pAttr->uValues.pContentInfos->cItems, pAttr->uValues.pContentInfos->SetCore.Asn1Core.cb);
+ for (unsigned i = 0; i < pAttr->uValues.pContentInfos->cItems; i++)
+ {
+ size_t offPrefix2 = offPrefix;
+ if (pAttr->uValues.pContentInfos->cItems > 1)
+ offPrefix2 += RTStrPrintf(&pThis->szPrefix[offPrefix], sizeof(pThis->szPrefix) - offPrefix, "NestedSig[%u]: ", i);
+ else
+ offPrefix2 += RTStrPrintf(&pThis->szPrefix[offPrefix], sizeof(pThis->szPrefix) - offPrefix, " ");
+ // offPrefix2 += RTStrPrintf(&pThis->szPrefix[offPrefix], sizeof(pThis->szPrefix) - offPrefix, "NestedSig: ", i);
+ PCRTCRPKCS7CONTENTINFO pContentInfo = pAttr->uValues.pContentInfos->papItems[i];
+ int rc2;
+ if (RTCrPkcs7ContentInfo_IsSignedData(pContentInfo))
+ rc2 = HandleShowExeWorkerPkcs7Display(pThis, pContentInfo->u.pSignedData, offPrefix2, pContentInfo);
+ else
+ rc2 = RTMsgErrorRc(VERR_ASN1_UNEXPECTED_OBJ_ID, "%sPKCS#7 content in nested signature is not 'signedData': %s",
+ pThis->szPrefix, pContentInfo->ContentType.szObjId);
+ if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
+ rc = rc2;
+ }
+ break;
+
+ case RTCRPKCS7ATTRIBUTETYPE_APPLE_MULTI_CD_PLIST:
+ if (pAttr->uValues.pContentInfos->cItems != 1)
+ RTPrintf("%s%u plists, expected only 1.\n", pThis->szPrefix, pAttr->uValues.pOctetStrings->cItems);
+ for (unsigned i = 0; i < pAttr->uValues.pOctetStrings->cItems; i++)
+ {
+ PCRTASN1OCTETSTRING pOctetString = pAttr->uValues.pOctetStrings->papItems[i];
+ size_t cbContent = pOctetString->Asn1Core.cb;
+ char const *pchContent = pOctetString->Asn1Core.uData.pch;
+ rc = RTStrValidateEncodingEx(pchContent, cbContent, RTSTR_VALIDATE_ENCODING_EXACT_LENGTH);
+ if (RT_SUCCESS(rc))
+ {
+ while (cbContent > 0)
+ {
+ const char *pchNewLine = (const char *)memchr(pchContent, '\n', cbContent);
+ size_t cchToWrite = pchNewLine ? pchNewLine - pchContent : cbContent;
+ if (pAttr->uValues.pOctetStrings->cItems == 1)
+ RTPrintf("%s %.*s\n", pThis->szPrefix, cchToWrite, pchContent);
+ else
+ RTPrintf("%s plist[%u]: %.*s\n", pThis->szPrefix, i, cchToWrite, pchContent);
+ if (!pchNewLine)
+ break;
+ pchContent = pchNewLine + 1;
+ cbContent -= cchToWrite + 1;
+ }
+ }
+ else
+ {
+ if (pAttr->uValues.pContentInfos->cItems != 1)
+ RTPrintf("%s: plist[%u]: Invalid UTF-8: %Rrc\n", pThis->szPrefix, i, rc);
+ else
+ RTPrintf("%s: Invalid UTF-8: %Rrc\n", pThis->szPrefix, rc);
+ for (uint32_t off = 0; off < cbContent; off += 16)
+ {
+ size_t cbNow = RT_MIN(cbContent - off, 16);
+ if (pAttr->uValues.pOctetStrings->cItems == 1)
+ RTPrintf("%s %#06x: %.*Rhxs\n", pThis->szPrefix, off, cbNow, &pchContent[off]);
+ else
+ RTPrintf("%s plist[%u]: %#06x: %.*Rhxs\n", pThis->szPrefix, i, off, cbNow, &pchContent[off]);
+ }
+ }
+ }
+ break;
+
+ case RTCRPKCS7ATTRIBUTETYPE_INVALID:
+ RTPrintf("%sINVALID!\n", pThis->szPrefix);
+ break;
+ case RTCRPKCS7ATTRIBUTETYPE_NOT_PRESENT:
+ RTPrintf("%sNOT PRESENT!\n", pThis->szPrefix);
+ break;
+ default:
+ RTPrintf("%senmType=%d!\n", pThis->szPrefix, pAttr->enmType);
+ break;
+ }
+ return rc;
+}
+
+
+/**
+ * Displays a SignerInfo structure.
+ *
+ * @returns IPRT status code.
+ * @param pThis The show exe instance data.
+ * @param offPrefix The current prefix offset.
+ * @param pSignerInfo The structure to display.
+ */
+static int HandleShowExeWorkerPkcs7DisplaySignerInfo(PSHOWEXEPKCS7 pThis, size_t offPrefix, PCRTCRPKCS7SIGNERINFO pSignerInfo)
+{
+ int rc = RTAsn1Integer_ToString(&pSignerInfo->IssuerAndSerialNumber.SerialNumber,
+ pThis->szTmp, sizeof(pThis->szTmp), 0 /*fFlags*/, NULL);
+ if (RT_FAILURE(rc))
+ RTStrPrintf(pThis->szTmp, sizeof(pThis->szTmp), "%Rrc", rc);
+ RTPrintf("%s Serial No: %s\n", pThis->szPrefix, pThis->szTmp);
+
+ rc = RTCrX509Name_FormatAsString(&pSignerInfo->IssuerAndSerialNumber.Name, pThis->szTmp, sizeof(pThis->szTmp), NULL);
+ if (RT_FAILURE(rc))
+ RTStrPrintf(pThis->szTmp, sizeof(pThis->szTmp), "%Rrc", rc);
+ RTPrintf("%s Issuer: %s\n", pThis->szPrefix, pThis->szTmp);
+
+ const char *pszType = RTCrDigestTypeToName(RTCrX509AlgorithmIdentifier_GetDigestType(&pSignerInfo->DigestAlgorithm,
+ true /*fPureDigestsOnly*/));
+ if (!pszType)
+ pszType = pSignerInfo->DigestAlgorithm.Algorithm.szObjId;
+ RTPrintf("%s Digest Algorithm: %s", pThis->szPrefix, pszType);
+ if (pThis->cVerbosity > 1)
+ RTPrintf(" (%s)\n", pSignerInfo->DigestAlgorithm.Algorithm.szObjId);
+ else
+ RTPrintf("\n");
+
+ HandleShowExeWorkerDisplayObjId(pThis, &pSignerInfo->DigestEncryptionAlgorithm.Algorithm,
+ "Digest Encryption Algorithm: ", "\n");
+
+ if (pSignerInfo->AuthenticatedAttributes.cItems == 0)
+ RTPrintf("%s Authenticated Attributes: none\n", pThis->szPrefix);
+ else
+ {
+ RTPrintf("%s Authenticated Attributes: %u item%s\n", pThis->szPrefix,
+ pSignerInfo->AuthenticatedAttributes.cItems, pSignerInfo->AuthenticatedAttributes.cItems > 1 ? "s" : "");
+ for (unsigned j = 0; j < pSignerInfo->AuthenticatedAttributes.cItems; j++)
+ {
+ PRTCRPKCS7ATTRIBUTE pAttr = pSignerInfo->AuthenticatedAttributes.papItems[j];
+ size_t offPrefix3 = offPrefix+ RTStrPrintf(&pThis->szPrefix[offPrefix], sizeof(pThis->szPrefix) - offPrefix,
+ " AuthAttrib[%u]: ", j);
+ HandleShowExeWorkerPkcs7DisplayAttrib(pThis, offPrefix3, pAttr);
+ }
+ pThis->szPrefix[offPrefix] = '\0';
+ }
+
+ if (pSignerInfo->UnauthenticatedAttributes.cItems == 0)
+ RTPrintf("%s Unauthenticated Attributes: none\n", pThis->szPrefix);
+ else
+ {
+ RTPrintf("%s Unauthenticated Attributes: %u item%s\n", pThis->szPrefix,
+ pSignerInfo->UnauthenticatedAttributes.cItems, pSignerInfo->UnauthenticatedAttributes.cItems > 1 ? "s" : "");
+ for (unsigned j = 0; j < pSignerInfo->UnauthenticatedAttributes.cItems; j++)
+ {
+ PRTCRPKCS7ATTRIBUTE pAttr = pSignerInfo->UnauthenticatedAttributes.papItems[j];
+ size_t offPrefix3 = offPrefix + RTStrPrintf(&pThis->szPrefix[offPrefix], sizeof(pThis->szPrefix) - offPrefix,
+ " UnauthAttrib[%u]: ", j);
+ HandleShowExeWorkerPkcs7DisplayAttrib(pThis, offPrefix3, pAttr);
+ }
+ pThis->szPrefix[offPrefix] = '\0';
+ }
+
+ /** @todo show the encrypted stuff (EncryptedDigest)? */
+ return rc;
+}
+
+
+/**
+ * Displays a Microsoft SPC indirect data structure.
+ *
+ * @returns IPRT status code.
+ * @param pThis The show exe instance data.
+ * @param offPrefix The current prefix offset.
+ * @param pIndData The indirect data to display.
+ */
+static int HandleShowExeWorkerPkcs7DisplaySpcIdirectDataContent(PSHOWEXEPKCS7 pThis, size_t offPrefix,
+ PCRTCRSPCINDIRECTDATACONTENT pIndData)
+{
+ /*
+ * The image hash.
+ */
+ RTDIGESTTYPE const enmDigestType = RTCrX509AlgorithmIdentifier_GetDigestType(&pIndData->DigestInfo.DigestAlgorithm,
+ true /*fPureDigestsOnly*/);
+ const char *pszDigestType = RTCrDigestTypeToName(enmDigestType);
+ RTPrintf("%s Digest Type: %s", pThis->szPrefix, pszDigestType);
+ if (pThis->cVerbosity > 1)
+ RTPrintf(" (%s)\n", pIndData->DigestInfo.DigestAlgorithm.Algorithm.szObjId);
+ else
+ RTPrintf("\n");
+ RTPrintf("%s Digest: %.*Rhxs\n",
+ pThis->szPrefix, pIndData->DigestInfo.Digest.Asn1Core.cb, pIndData->DigestInfo.Digest.Asn1Core.uData.pu8);
+
+ /*
+ * The data/file/url.
+ */
+ switch (pIndData->Data.enmType)
+ {
+ case RTCRSPCAAOVTYPE_PE_IMAGE_DATA:
+ {
+ RTPrintf("%s Data Type: PE Image Data\n", pThis->szPrefix);
+ PRTCRSPCPEIMAGEDATA pPeImage = pIndData->Data.uValue.pPeImage;
+ /** @todo display "Flags". */
+
+ switch (pPeImage->T0.File.enmChoice)
+ {
+ case RTCRSPCLINKCHOICE_MONIKER:
+ {
+ PRTCRSPCSERIALIZEDOBJECT pMoniker = pPeImage->T0.File.u.pMoniker;
+ if (RTCrSpcSerializedObject_IsPresent(pMoniker))
+ {
+ if (RTUuidCompareStr(pMoniker->Uuid.Asn1Core.uData.pUuid, RTCRSPCSERIALIZEDOBJECT_UUID_STR) == 0)
+ {
+ RTPrintf("%s Moniker: SpcSerializedObject (%RTuuid)\n",
+ pThis->szPrefix, pMoniker->Uuid.Asn1Core.uData.pUuid);
+
+ PCRTCRSPCSERIALIZEDOBJECTATTRIBUTES pData = pMoniker->u.pData;
+ if (pData)
+ for (uint32_t i = 0; i < pData->cItems; i++)
+ {
+ RTStrPrintf(&pThis->szPrefix[offPrefix], sizeof(pThis->szPrefix) - offPrefix,
+ "MonikerAttrib[%u]: ", i);
+
+ switch (pData->papItems[i]->enmType)
+ {
+ case RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_PAGE_HASHES_V2:
+ case RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_PAGE_HASHES_V1:
+ {
+ PCRTCRSPCSERIALIZEDPAGEHASHES pPgHashes = pData->papItems[i]->u.pPageHashes;
+ uint32_t const cbHash = pData->papItems[i]->enmType
+ == RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_PAGE_HASHES_V1
+ ? 160/8 /*SHA-1*/ : 256/8 /*SHA-256*/;
+ uint32_t const cPages = pPgHashes->RawData.Asn1Core.cb / (cbHash + sizeof(uint32_t));
+
+ RTPrintf("%sPage Hashes version %u - %u pages (%u bytes total)\n", pThis->szPrefix,
+ pData->papItems[i]->enmType
+ == RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_PAGE_HASHES_V1 ? 1 : 2,
+ cPages, pPgHashes->RawData.Asn1Core.cb);
+ if (pThis->cVerbosity > 0)
+ {
+ PCRTCRSPCPEIMAGEPAGEHASHES pPg = pPgHashes->pData;
+ for (unsigned iPg = 0; iPg < cPages; iPg++)
+ {
+ uint32_t offHash = 0;
+ do
+ {
+ if (offHash == 0)
+ RTPrintf("%.*s Page#%04u/%#08x: ",
+ offPrefix, pThis->szPrefix, iPg, pPg->Generic.offFile);
+ else
+ RTPrintf("%.*s ", offPrefix, pThis->szPrefix);
+ uint32_t cbLeft = cbHash - offHash;
+ if (cbLeft > 24)
+ cbLeft = 16;
+ RTPrintf("%.*Rhxs\n", cbLeft, &pPg->Generic.abHash[offHash]);
+ offHash += cbLeft;
+ } while (offHash < cbHash);
+ pPg = (PCRTCRSPCPEIMAGEPAGEHASHES)&pPg->Generic.abHash[cbHash];
+ }
+
+ if (pThis->cVerbosity > 3)
+ RTPrintf("%.*Rhxd\n",
+ pPgHashes->RawData.Asn1Core.cb,
+ pPgHashes->RawData.Asn1Core.uData.pu8);
+ }
+ break;
+ }
+
+ case RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_UNKNOWN:
+ HandleShowExeWorkerDisplayObjIdSimple(pThis, &pData->papItems[i]->Type, "\n");
+ break;
+ case RTCRSPCSERIALIZEDOBJECTATTRIBUTETYPE_NOT_PRESENT:
+ RTPrintf("%sNot present!\n", pThis->szPrefix);
+ break;
+ default:
+ RTPrintf("%senmType=%d!\n", pThis->szPrefix, pData->papItems[i]->enmType);
+ break;
+ }
+ pThis->szPrefix[offPrefix] = '\0';
+ }
+ else
+ RTPrintf("%s pData is NULL!\n", pThis->szPrefix);
+ }
+ else
+ RTPrintf("%s Moniker: Unknown UUID: %RTuuid\n",
+ pThis->szPrefix, pMoniker->Uuid.Asn1Core.uData.pUuid);
+ }
+ else
+ RTPrintf("%s Moniker: not present\n", pThis->szPrefix);
+ break;
+ }
+
+ case RTCRSPCLINKCHOICE_URL:
+ {
+ const char *pszUrl = NULL;
+ int rc = pPeImage->T0.File.u.pUrl
+ ? RTAsn1String_QueryUtf8(pPeImage->T0.File.u.pUrl, &pszUrl, NULL)
+ : VERR_NOT_FOUND;
+ if (RT_SUCCESS(rc))
+ RTPrintf("%s URL: '%s'\n", pThis->szPrefix, pszUrl);
+ else
+ RTPrintf("%s URL: rc=%Rrc\n", pThis->szPrefix, rc);
+ break;
+ }
+
+ case RTCRSPCLINKCHOICE_FILE:
+ {
+ const char *pszFile = NULL;
+ int rc = pPeImage->T0.File.u.pT2 && pPeImage->T0.File.u.pT2->File.u.pAscii
+ ? RTAsn1String_QueryUtf8(pPeImage->T0.File.u.pT2->File.u.pAscii, &pszFile, NULL)
+ : VERR_NOT_FOUND;
+ if (RT_SUCCESS(rc))
+ RTPrintf("%s File: '%s'\n", pThis->szPrefix, pszFile);
+ else
+ RTPrintf("%s File: rc=%Rrc\n", pThis->szPrefix, rc);
+ if (pThis->cVerbosity > 4 && pPeImage->T0.File.u.pT2 == NULL)
+ RTPrintf("%s pT2=NULL\n", pThis->szPrefix);
+ else if (pThis->cVerbosity > 4)
+ {
+ PCRTASN1STRING pStr = pPeImage->T0.File.u.pT2->File.u.pAscii;
+ RTPrintf("%s pT2=%p/%p LB %#x fFlags=%#x pOps=%p (%s)\n"
+ "%s enmChoice=%d pStr=%p/%p LB %#x fFlags=%#x\n",
+ pThis->szPrefix,
+ pPeImage->T0.File.u.pT2,
+ pPeImage->T0.File.u.pT2->CtxTag2.Asn1Core.uData.pu8,
+ pPeImage->T0.File.u.pT2->CtxTag2.Asn1Core.cb,
+ pPeImage->T0.File.u.pT2->CtxTag2.Asn1Core.fFlags,
+ pPeImage->T0.File.u.pT2->CtxTag2.Asn1Core.pOps,
+ pPeImage->T0.File.u.pT2->CtxTag2.Asn1Core.pOps
+ ? pPeImage->T0.File.u.pT2->CtxTag2.Asn1Core.pOps->pszName : "",
+ pThis->szPrefix,
+ pPeImage->T0.File.u.pT2->File.enmChoice,
+ pStr,
+ pStr ? pStr->Asn1Core.uData.pu8 : NULL,
+ pStr ? pStr->Asn1Core.cb : 0,
+ pStr ? pStr->Asn1Core.fFlags : 0);
+ }
+ break;
+ }
+
+ case RTCRSPCLINKCHOICE_NOT_PRESENT:
+ RTPrintf("%s File not present!\n", pThis->szPrefix);
+ break;
+ default:
+ RTPrintf("%s enmChoice=%d!\n", pThis->szPrefix, pPeImage->T0.File.enmChoice);
+ break;
+ }
+ break;
+ }
+
+ case RTCRSPCAAOVTYPE_UNKNOWN:
+ HandleShowExeWorkerDisplayObjId(pThis, &pIndData->Data.Type, " Data Type: ", "\n");
+ break;
+ case RTCRSPCAAOVTYPE_NOT_PRESENT:
+ RTPrintf("%s Data Type: Not present!\n", pThis->szPrefix);
+ break;
+ default:
+ RTPrintf("%s Data Type: enmType=%d!\n", pThis->szPrefix, pIndData->Data.enmType);
+ break;
+ }
+
+ return VINF_SUCCESS;
+}
+
+
+/**
+ * Display an PKCS#7 signed data instance.
+ *
+ * @returns IPRT status code.
+ * @param pThis The show exe instance data.
+ * @param pSignedData The signed data to display.
+ * @param offPrefix The current prefix offset.
+ * @param pContentInfo The content info structure (for the size).
+ */
+static int HandleShowExeWorkerPkcs7Display(PSHOWEXEPKCS7 pThis, PRTCRPKCS7SIGNEDDATA pSignedData, size_t offPrefix,
+ PCRTCRPKCS7CONTENTINFO pContentInfo)
+{
+ pThis->szPrefix[offPrefix] = '\0';
+ RTPrintf("%sPKCS#7 signature: %u (%#x) bytes\n", pThis->szPrefix,
+ RTASN1CORE_GET_RAW_ASN1_SIZE(&pContentInfo->SeqCore.Asn1Core),
+ RTASN1CORE_GET_RAW_ASN1_SIZE(&pContentInfo->SeqCore.Asn1Core));
+
+ /*
+ * Display list of signing algorithms.
+ */
+ RTPrintf("%sDigestAlgorithms: ", pThis->szPrefix);
+ if (pSignedData->DigestAlgorithms.cItems == 0)
+ RTPrintf("none");
+ for (unsigned i = 0; i < pSignedData->DigestAlgorithms.cItems; i++)
+ {
+ PCRTCRX509ALGORITHMIDENTIFIER pAlgoId = pSignedData->DigestAlgorithms.papItems[i];
+ const char *pszDigestType = RTCrDigestTypeToName(RTCrX509AlgorithmIdentifier_GetDigestType(pAlgoId,
+ true /*fPureDigestsOnly*/));
+ if (!pszDigestType)
+ pszDigestType = pAlgoId->Algorithm.szObjId;
+ RTPrintf(i == 0 ? "%s" : ", %s", pszDigestType);
+ if (pThis->cVerbosity > 1)
+ RTPrintf(" (%s)", pAlgoId->Algorithm.szObjId);
+ }
+ RTPrintf("\n");
+
+ /*
+ * Display the signed data content.
+ */
+ if (RTAsn1ObjId_CompareWithString(&pSignedData->ContentInfo.ContentType, RTCRSPCINDIRECTDATACONTENT_OID) == 0)
+ {
+ RTPrintf("%s ContentType: SpcIndirectDataContent (" RTCRSPCINDIRECTDATACONTENT_OID ")\n", pThis->szPrefix);
+ size_t offPrefix2 = RTStrPrintf(&pThis->szPrefix[offPrefix], sizeof(pThis->szPrefix) - offPrefix, " SPC Ind Data: ");
+ HandleShowExeWorkerPkcs7DisplaySpcIdirectDataContent(pThis, offPrefix2 + offPrefix,
+ pSignedData->ContentInfo.u.pIndirectDataContent);
+ pThis->szPrefix[offPrefix] = '\0';
+ }
+ else
+ {
+ HandleShowExeWorkerDisplayObjId(pThis, &pSignedData->ContentInfo.ContentType, " ContentType: ", " - not implemented.\n");
+ RTPrintf("%s %u (%#x) bytes\n", pThis->szPrefix,
+ pSignedData->ContentInfo.Content.Asn1Core.cb, pSignedData->ContentInfo.Content.Asn1Core.cb);
+ }
+
+ /*
+ * Display certificates (Certificates).
+ */
+ if (pSignedData->Certificates.cItems > 0)
+ {
+ RTPrintf("%s Certificates: %u\n", pThis->szPrefix, pSignedData->Certificates.cItems);
+ for (uint32_t i = 0; i < pSignedData->Certificates.cItems; i++)
+ {
+ PCRTCRPKCS7CERT pCert = pSignedData->Certificates.papItems[i];
+ if (i != 0 && pThis->cVerbosity >= 2)
+ RTPrintf("\n");
+ switch (pCert->enmChoice)
+ {
+ case RTCRPKCS7CERTCHOICE_X509:
+ {
+ PCRTCRX509CERTIFICATE pX509Cert = pCert->u.pX509Cert;
+ int rc2 = RTAsn1QueryObjIdName(&pX509Cert->SignatureAlgorithm.Algorithm, pThis->szTmp, sizeof(pThis->szTmp));
+ RTPrintf("%s Certificate #%u: %s\n", pThis->szPrefix, i,
+ RT_SUCCESS(rc2) ? pThis->szTmp : pX509Cert->SignatureAlgorithm.Algorithm.szObjId);
+
+ rc2 = RTCrX509Name_FormatAsString(&pX509Cert->TbsCertificate.Subject,
+ pThis->szTmp, sizeof(pThis->szTmp), NULL);
+ if (RT_FAILURE(rc2))
+ RTStrPrintf(pThis->szTmp, sizeof(pThis->szTmp), "%Rrc", rc2);
+ RTPrintf("%s Subject: %s\n", pThis->szPrefix, pThis->szTmp);
+
+ rc2 = RTCrX509Name_FormatAsString(&pX509Cert->TbsCertificate.Issuer,
+ pThis->szTmp, sizeof(pThis->szTmp), NULL);
+ if (RT_FAILURE(rc2))
+ RTStrPrintf(pThis->szTmp, sizeof(pThis->szTmp), "%Rrc", rc2);
+ RTPrintf("%s Issuer: %s\n", pThis->szPrefix, pThis->szTmp);
+
+
+ char szNotAfter[RTTIME_STR_LEN];
+ RTPrintf("%s Valid: %s thru %s\n", pThis->szPrefix,
+ RTTimeToString(&pX509Cert->TbsCertificate.Validity.NotBefore.Time,
+ pThis->szTmp, sizeof(pThis->szTmp)),
+ RTTimeToString(&pX509Cert->TbsCertificate.Validity.NotAfter.Time,
+ szNotAfter, sizeof(szNotAfter)));
+ break;
+ }
+
+ default:
+ RTPrintf("%s Certificate #%u: Unsupported type\n", pThis->szPrefix, i);
+ break;
+ }
+
+
+ if (pThis->cVerbosity >= 2)
+ RTAsn1Dump(RTCrPkcs7Cert_GetAsn1Core(pSignedData->Certificates.papItems[i]), 0,
+ ((uint32_t)offPrefix + 9) / 2, RTStrmDumpPrintfV, g_pStdOut);
+ }
+
+ /** @todo display certificates properly. */
+ }
+
+ if (pSignedData->Crls.cb > 0)
+ RTPrintf("%s CRLs: %u bytes\n", pThis->szPrefix, pSignedData->Crls.cb);
+
+ /*
+ * Show signatures (SignerInfos).
+ */
+ unsigned const cSigInfos = pSignedData->SignerInfos.cItems;
+ if (cSigInfos != 1)
+ RTPrintf("%s SignerInfos: %u signers\n", pThis->szPrefix, cSigInfos);
+ else
+ RTPrintf("%s SignerInfos:\n", pThis->szPrefix);
+ int rc = VINF_SUCCESS;
+ for (unsigned i = 0; i < cSigInfos; i++)
+ {
+ size_t offPrefix2 = offPrefix;
+ if (cSigInfos != 1)
+ offPrefix2 += RTStrPrintf(&pThis->szPrefix[offPrefix], sizeof(pThis->szPrefix) - offPrefix, "SignerInfo[%u]: ", i);
+
+ int rc2 = HandleShowExeWorkerPkcs7DisplaySignerInfo(pThis, offPrefix2, pSignedData->SignerInfos.papItems[i]);
+ if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
+ rc = rc2;
+ }
+ pThis->szPrefix[offPrefix] = '\0';
+
+ return rc;
+}
+
+
+/*
+ * The 'show-exe' command.
+ */
+static RTEXITCODE HelpShowExe(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT, "show-exe [--verbose|-v] [--quiet|-q] <exe1> [exe2 [..]]\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE HandleShowExe(int cArgs, char **papszArgs)
+{
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--quiet", 'q', RTGETOPT_REQ_NOTHING },
+ };
+
+ unsigned cVerbosity = 0;
+ RTLDRARCH enmLdrArch = RTLDRARCH_WHATEVER;
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)) && ch != VINF_GETOPT_NOT_OPTION)
+ {
+ switch (ch)
+ {
+ case 'v': cVerbosity++; break;
+ case 'q': cVerbosity = 0; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpShowExe(g_pStdOut, RTSIGNTOOLHELP_FULL);
+ default: return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ }
+ if (ch != VINF_GETOPT_NOT_OPTION)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No executable given.");
+
+ /*
+ * Do it.
+ */
+ unsigned iFile = 0;
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ do
+ {
+ RTPrintf(iFile == 0 ? "%s:\n" : "\n%s:\n", ValueUnion.psz);
+
+ SHOWEXEPKCS7 This;
+ RT_ZERO(This);
+ This.cVerbosity = cVerbosity;
+
+ RTEXITCODE rcExitThis = SignToolPkcs7Exe_InitFromFile(&This, ValueUnion.psz, cVerbosity, enmLdrArch);
+ if (rcExitThis == RTEXITCODE_SUCCESS)
+ {
+ rc = HandleShowExeWorkerPkcs7Display(&This, This.pSignedData, 0, &This.ContentInfo);
+ if (RT_FAILURE(rc))
+ rcExit = RTEXITCODE_FAILURE;
+ SignToolPkcs7Exe_Delete(&This);
+ }
+ if (rcExitThis != RTEXITCODE_SUCCESS && rcExit == RTEXITCODE_SUCCESS)
+ rcExit = rcExitThis;
+
+ iFile++;
+ } while ((ch = RTGetOpt(&GetState, &ValueUnion)) == VINF_GETOPT_NOT_OPTION);
+ if (ch != 0)
+ return RTGetOptPrintError(ch, &ValueUnion);
+
+ return rcExit;
+}
+
+
+/*
+ * The 'show-cat' command.
+ */
+static RTEXITCODE HelpShowCat(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT, "show-cat [--verbose|-v] [--quiet|-q] <cat1> [cat2 [..]]\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE HandleShowCat(int cArgs, char **papszArgs)
+{
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--quiet", 'q', RTGETOPT_REQ_NOTHING },
+ };
+
+ unsigned cVerbosity = 0;
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)) && ch != VINF_GETOPT_NOT_OPTION)
+ {
+ switch (ch)
+ {
+ case 'v': cVerbosity++; break;
+ case 'q': cVerbosity = 0; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpShowCat(g_pStdOut, RTSIGNTOOLHELP_FULL);
+ default: return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ }
+ if (ch != VINF_GETOPT_NOT_OPTION)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No executable given.");
+
+ /*
+ * Do it.
+ */
+ unsigned iFile = 0;
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ do
+ {
+ RTPrintf(iFile == 0 ? "%s:\n" : "\n%s:\n", ValueUnion.psz);
+
+ SHOWEXEPKCS7 This;
+ RT_ZERO(This);
+ This.cVerbosity = cVerbosity;
+
+ RTEXITCODE rcExitThis = SignToolPkcs7_InitFromFile(&This, ValueUnion.psz, cVerbosity);
+ if (rcExitThis == RTEXITCODE_SUCCESS)
+ {
+ This.hLdrMod = NIL_RTLDRMOD;
+
+ rc = HandleShowExeWorkerPkcs7Display(&This, This.pSignedData, 0, &This.ContentInfo);
+ if (RT_FAILURE(rc))
+ rcExit = RTEXITCODE_FAILURE;
+ SignToolPkcs7Exe_Delete(&This);
+ }
+ if (rcExitThis != RTEXITCODE_SUCCESS && rcExit == RTEXITCODE_SUCCESS)
+ rcExit = rcExitThis;
+
+ iFile++;
+ } while ((ch = RTGetOpt(&GetState, &ValueUnion)) == VINF_GETOPT_NOT_OPTION);
+ if (ch != 0)
+ return RTGetOptPrintError(ch, &ValueUnion);
+
+ return rcExit;
+}
+
+
+/*********************************************************************************************************************************
+* The 'hash-exe' command. *
+*********************************************************************************************************************************/
+static RTEXITCODE HelpHashExe(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT, "hash-exe [--verbose|-v] [--quiet|-q] <exe1> [exe2 [..]]\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+
+static RTEXITCODE HandleHashExe(int cArgs, char **papszArgs)
+{
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--quiet", 'q', RTGETOPT_REQ_NOTHING },
+ };
+
+ unsigned cVerbosity = 0;
+ RTLDRARCH enmLdrArch = RTLDRARCH_WHATEVER;
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)) && ch != VINF_GETOPT_NOT_OPTION)
+ {
+ switch (ch)
+ {
+ case 'v': cVerbosity++; break;
+ case 'q': cVerbosity = 0; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpHashExe(g_pStdOut, RTSIGNTOOLHELP_FULL);
+ default: return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ }
+ if (ch != VINF_GETOPT_NOT_OPTION)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No executable given.");
+
+ /*
+ * Do it.
+ */
+ unsigned iFile = 0;
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ do
+ {
+ RTPrintf(iFile == 0 ? "%s:\n" : "\n%s:\n", ValueUnion.psz);
+
+ RTERRINFOSTATIC ErrInfo;
+ RTLDRMOD hLdrMod;
+ rc = RTLdrOpenEx(ValueUnion.psz, RTLDR_O_FOR_VALIDATION, enmLdrArch, &hLdrMod, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ uint8_t abHash[RTSHA512_HASH_SIZE];
+ char szDigest[RTSHA512_DIGEST_LEN + 1];
+
+ /* SHA-1: */
+ rc = RTLdrHashImage(hLdrMod, RTDIGESTTYPE_SHA1, abHash, sizeof(abHash));
+ if (RT_SUCCESS(rc))
+ RTSha1ToString(abHash, szDigest, sizeof(szDigest));
+ else
+ RTStrPrintf(szDigest, sizeof(szDigest), "%Rrc", rc);
+ RTPrintf(" SHA-1: %s\n", szDigest);
+
+ /* SHA-256: */
+ rc = RTLdrHashImage(hLdrMod, RTDIGESTTYPE_SHA256, abHash, sizeof(abHash));
+ if (RT_SUCCESS(rc))
+ RTSha256ToString(abHash, szDigest, sizeof(szDigest));
+ else
+ RTStrPrintf(szDigest, sizeof(szDigest), "%Rrc", rc);
+ RTPrintf(" SHA-256: %s\n", szDigest);
+
+ /* SHA-512: */
+ rc = RTLdrHashImage(hLdrMod, RTDIGESTTYPE_SHA512, abHash, sizeof(abHash));
+ if (RT_SUCCESS(rc))
+ RTSha512ToString(abHash, szDigest, sizeof(szDigest));
+ else
+ RTStrPrintf(szDigest, sizeof(szDigest), "%Rrc", rc);
+ RTPrintf(" SHA-512: %s\n", szDigest);
+
+ RTLdrClose(hLdrMod);
+ }
+ else
+ rcExit = RTMsgErrorExitFailure("Failed to open '%s': %Rrc%#RTeim", ValueUnion.psz, rc, &ErrInfo.Core);
+
+ } while ((ch = RTGetOpt(&GetState, &ValueUnion)) == VINF_GETOPT_NOT_OPTION);
+ if (ch != 0)
+ return RTGetOptPrintError(ch, &ValueUnion);
+
+ return rcExit;
+}
+
+
+/*********************************************************************************************************************************
+* The 'make-tainfo' command. *
+*********************************************************************************************************************************/
+static RTEXITCODE HelpMakeTaInfo(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmWrappedPrintf(pStrm, RTSTRMWRAPPED_F_HANGING_INDENT,
+ "make-tainfo [--verbose|--quiet] [--cert <cert.der>] [-o|--output] <tainfo.der>\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+
+typedef struct MAKETAINFOSTATE
+{
+ int cVerbose;
+ const char *pszCert;
+ const char *pszOutput;
+} MAKETAINFOSTATE;
+
+
+/** @callback_method_impl{FNRTASN1ENCODEWRITER} */
+static DECLCALLBACK(int) handleMakeTaInfoWriter(const void *pvBuf, size_t cbToWrite, void *pvUser, PRTERRINFO pErrInfo)
+{
+ RT_NOREF_PV(pErrInfo);
+ return RTStrmWrite((PRTSTREAM)pvUser, pvBuf, cbToWrite);
+}
+
+
+static RTEXITCODE HandleMakeTaInfo(int cArgs, char **papszArgs)
+{
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--cert", 'c', RTGETOPT_REQ_STRING },
+ { "--output", 'o', RTGETOPT_REQ_STRING },
+ { "--verbose", 'v', RTGETOPT_REQ_NOTHING },
+ { "--quiet", 'q', RTGETOPT_REQ_NOTHING },
+ };
+
+ MAKETAINFOSTATE State = { 0, NULL, NULL };
+
+ RTGETOPTSTATE GetState;
+ int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ AssertRCReturn(rc, RTEXITCODE_FAILURE);
+ RTGETOPTUNION ValueUnion;
+ int ch;
+ while ((ch = RTGetOpt(&GetState, &ValueUnion)) != 0)
+ {
+ switch (ch)
+ {
+ case 'c':
+ if (State.pszCert)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "The --cert option can only be used once.");
+ State.pszCert = ValueUnion.psz;
+ break;
+
+ case 'o':
+ case VINF_GETOPT_NOT_OPTION:
+ if (State.pszOutput)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Multiple output files specified.");
+ State.pszOutput = ValueUnion.psz;
+ break;
+
+ case 'v': State.cVerbose++; break;
+ case 'q': State.cVerbose = 0; break;
+ case 'V': return HandleVersion(cArgs, papszArgs);
+ case 'h': return HelpMakeTaInfo(g_pStdOut, RTSIGNTOOLHELP_FULL);
+ default: return RTGetOptPrintError(ch, &ValueUnion);
+ }
+ }
+ if (!State.pszCert)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No input certificate was specified.");
+ if (!State.pszOutput)
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "No output file was specified.");
+
+ /*
+ * Read the certificate.
+ */
+ RTERRINFOSTATIC StaticErrInfo;
+ RTCRX509CERTIFICATE Certificate;
+ rc = RTCrX509Certificate_ReadFromFile(&Certificate, State.pszCert, 0, &g_RTAsn1DefaultAllocator,
+ RTErrInfoInitStatic(&StaticErrInfo));
+ if (RT_FAILURE(rc))
+ return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error reading certificate from %s: %Rrc - %s",
+ State.pszCert, rc, StaticErrInfo.szMsg);
+ /*
+ * Construct the trust anchor information.
+ */
+ RTCRTAFTRUSTANCHORINFO TrustAnchor;
+ rc = RTCrTafTrustAnchorInfo_Init(&TrustAnchor, &g_RTAsn1DefaultAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ /* Public key. */
+ Assert(RTCrX509SubjectPublicKeyInfo_IsPresent(&TrustAnchor.PubKey));
+ RTCrX509SubjectPublicKeyInfo_Delete(&TrustAnchor.PubKey);
+ rc = RTCrX509SubjectPublicKeyInfo_Clone(&TrustAnchor.PubKey, &Certificate.TbsCertificate.SubjectPublicKeyInfo,
+ &g_RTAsn1DefaultAllocator);
+ if (RT_FAILURE(rc))
+ RTMsgError("RTCrX509SubjectPublicKeyInfo_Clone failed: %Rrc", rc);
+ RTAsn1Core_ResetImplict(RTCrX509SubjectPublicKeyInfo_GetAsn1Core(&TrustAnchor.PubKey)); /* temporary hack. */
+
+ /* Key Identifier. */
+ PCRTASN1OCTETSTRING pKeyIdentifier = NULL;
+ if (Certificate.TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_SUBJECT_KEY_IDENTIFIER)
+ pKeyIdentifier = Certificate.TbsCertificate.T3.pSubjectKeyIdentifier;
+ else if ( (Certificate.TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_AUTHORITY_KEY_IDENTIFIER)
+ && RTCrX509Certificate_IsSelfSigned(&Certificate)
+ && RTAsn1OctetString_IsPresent(&Certificate.TbsCertificate.T3.pAuthorityKeyIdentifier->KeyIdentifier) )
+ pKeyIdentifier = &Certificate.TbsCertificate.T3.pAuthorityKeyIdentifier->KeyIdentifier;
+ else if ( (Certificate.TbsCertificate.T3.fFlags & RTCRX509TBSCERTIFICATE_F_PRESENT_OLD_AUTHORITY_KEY_IDENTIFIER)
+ && RTCrX509Certificate_IsSelfSigned(&Certificate)
+ && RTAsn1OctetString_IsPresent(&Certificate.TbsCertificate.T3.pOldAuthorityKeyIdentifier->KeyIdentifier) )
+ pKeyIdentifier = &Certificate.TbsCertificate.T3.pOldAuthorityKeyIdentifier->KeyIdentifier;
+ if (pKeyIdentifier && pKeyIdentifier->Asn1Core.cb > 0)
+ {
+ Assert(RTAsn1OctetString_IsPresent(&TrustAnchor.KeyIdentifier));
+ RTAsn1OctetString_Delete(&TrustAnchor.KeyIdentifier);
+ rc = RTAsn1OctetString_Clone(&TrustAnchor.KeyIdentifier, pKeyIdentifier, &g_RTAsn1DefaultAllocator);
+ if (RT_FAILURE(rc))
+ RTMsgError("RTAsn1OctetString_Clone failed: %Rrc", rc);
+ RTAsn1Core_ResetImplict(RTAsn1OctetString_GetAsn1Core(&TrustAnchor.KeyIdentifier)); /* temporary hack. */
+ }
+ else
+ RTMsgWarning("No key identifier found or has zero length.");
+
+ /* Subject */
+ if (RT_SUCCESS(rc))
+ {
+ Assert(!RTCrTafCertPathControls_IsPresent(&TrustAnchor.CertPath));
+ rc = RTCrTafCertPathControls_Init(&TrustAnchor.CertPath, &g_RTAsn1DefaultAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ Assert(RTCrX509Name_IsPresent(&TrustAnchor.CertPath.TaName));
+ RTCrX509Name_Delete(&TrustAnchor.CertPath.TaName);
+ rc = RTCrX509Name_Clone(&TrustAnchor.CertPath.TaName, &Certificate.TbsCertificate.Subject,
+ &g_RTAsn1DefaultAllocator);
+ if (RT_SUCCESS(rc))
+ {
+ RTAsn1Core_ResetImplict(RTCrX509Name_GetAsn1Core(&TrustAnchor.CertPath.TaName)); /* temporary hack. */
+ rc = RTCrX509Name_RecodeAsUtf8(&TrustAnchor.CertPath.TaName, &g_RTAsn1DefaultAllocator);
+ if (RT_FAILURE(rc))
+ RTMsgError("RTCrX509Name_RecodeAsUtf8 failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTCrX509Name_Clone failed: %Rrc", rc);
+ }
+ else
+ RTMsgError("RTCrTafCertPathControls_Init failed: %Rrc", rc);
+ }
+
+ /* Check that what we've constructed makes some sense. */
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTCrTafTrustAnchorInfo_CheckSanity(&TrustAnchor, 0, RTErrInfoInitStatic(&StaticErrInfo), "TAI");
+ if (RT_FAILURE(rc))
+ RTMsgError("RTCrTafTrustAnchorInfo_CheckSanity failed: %Rrc - %s", rc, StaticErrInfo.szMsg);
+ }
+
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Encode it and write it to the output file.
+ */
+ uint32_t cbEncoded;
+ rc = RTAsn1EncodePrepare(RTCrTafTrustAnchorInfo_GetAsn1Core(&TrustAnchor), RTASN1ENCODE_F_DER, &cbEncoded,
+ RTErrInfoInitStatic(&StaticErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ if (State.cVerbose >= 1)
+ RTAsn1Dump(RTCrTafTrustAnchorInfo_GetAsn1Core(&TrustAnchor), 0, 0, RTStrmDumpPrintfV, g_pStdOut);
+
+ PRTSTREAM pStrm;
+ rc = RTStrmOpen(State.pszOutput, "wb", &pStrm);
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTAsn1EncodeWrite(RTCrTafTrustAnchorInfo_GetAsn1Core(&TrustAnchor), RTASN1ENCODE_F_DER,
+ handleMakeTaInfoWriter, pStrm, RTErrInfoInitStatic(&StaticErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ rc = RTStrmClose(pStrm);
+ if (RT_SUCCESS(rc))
+ RTMsgInfo("Successfully wrote TrustedAnchorInfo to '%s'.", State.pszOutput);
+ else
+ RTMsgError("RTStrmClose failed: %Rrc", rc);
+ }
+ else
+ {
+ RTMsgError("RTAsn1EncodeWrite failed: %Rrc - %s", rc, StaticErrInfo.szMsg);
+ RTStrmClose(pStrm);
+ }
+ }
+ else
+ RTMsgError("Error opening '%s' for writing: %Rrcs", State.pszOutput, rc);
+ }
+ else
+ RTMsgError("RTAsn1EncodePrepare failed: %Rrc - %s", rc, StaticErrInfo.szMsg);
+ }
+
+ RTCrTafTrustAnchorInfo_Delete(&TrustAnchor);
+ }
+ else
+ RTMsgError("RTCrTafTrustAnchorInfo_Init failed: %Rrc", rc);
+
+ RTCrX509Certificate_Delete(&Certificate);
+ return RT_SUCCESS(rc) ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
+}
+
+
+
+/*
+ * The 'version' command.
+ */
+static RTEXITCODE HelpVersion(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmPrintf(pStrm, "version\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+static RTEXITCODE HandleVersion(int cArgs, char **papszArgs)
+{
+ RT_NOREF_PV(cArgs); RT_NOREF_PV(papszArgs);
+#ifndef IN_BLD_PROG /* RTBldCfgVersion or RTBldCfgRevision in build time IPRT lib. */
+ RTPrintf("%s\n", RTBldCfgVersion());
+ return RTEXITCODE_SUCCESS;
+#else
+ return RTEXITCODE_FAILURE;
+#endif
+}
+
+
+
+/**
+ * Command mapping.
+ */
+static struct
+{
+ /** The command. */
+ const char *pszCmd;
+ /**
+ * Handle the command.
+ * @returns Program exit code.
+ * @param cArgs Number of arguments.
+ * @param papszArgs The argument vector, starting with the command name.
+ */
+ RTEXITCODE (*pfnHandler)(int cArgs, char **papszArgs);
+ /**
+ * Produce help.
+ * @returns RTEXITCODE_SUCCESS to simplify handling '--help' in the handler.
+ * @param pStrm Where to send help text.
+ * @param enmLevel The level of the help information.
+ */
+ RTEXITCODE (*pfnHelp)(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel);
+}
+/** Mapping commands to handler and helper functions. */
+const g_aCommands[] =
+{
+ { "extract-exe-signer-cert", HandleExtractExeSignerCert, HelpExtractExeSignerCert },
+ { "extract-signer-root", HandleExtractSignerRoot, HelpExtractSignerRoot },
+ { "extract-timestamp-root", HandleExtractTimestampRoot, HelpExtractTimestampRoot },
+ { "extract-exe-signature", HandleExtractExeSignature, HelpExtractExeSignature },
+ { "add-nested-exe-signature", HandleAddNestedExeSignature, HelpAddNestedExeSignature },
+ { "add-nested-cat-signature", HandleAddNestedCatSignature, HelpAddNestedCatSignature },
+#ifndef IPRT_SIGNTOOL_NO_SIGNING
+ { "add-timestamp-exe-signature", HandleAddTimestampExeSignature, HelpAddTimestampExeSignature },
+ { "sign", HandleSign, HelpSign },
+#endif
+#ifndef IPRT_IN_BUILD_TOOL
+ { "verify-exe", HandleVerifyExe, HelpVerifyExe },
+#endif
+ { "show-exe", HandleShowExe, HelpShowExe },
+ { "show-cat", HandleShowCat, HelpShowCat },
+ { "hash-exe", HandleHashExe, HelpHashExe },
+ { "make-tainfo", HandleMakeTaInfo, HelpMakeTaInfo },
+ { "help", HandleHelp, HelpHelp },
+ { "--help", HandleHelp, NULL },
+ { "-h", HandleHelp, NULL },
+ { "version", HandleVersion, HelpVersion },
+ { "--version", HandleVersion, NULL },
+ { "-V", HandleVersion, NULL },
+};
+
+
+/*
+ * The 'help' command.
+ */
+static RTEXITCODE HelpHelp(PRTSTREAM pStrm, RTSIGNTOOLHELP enmLevel)
+{
+ RT_NOREF_PV(enmLevel);
+ RTStrmPrintf(pStrm, "help [cmd-patterns]\n");
+ return RTEXITCODE_SUCCESS;
+}
+
+static RTEXITCODE HandleHelp(int cArgs, char **papszArgs)
+{
+ PRTSTREAM const pStrm = g_pStdOut;
+ RTSIGNTOOLHELP enmLevel = cArgs <= 1 ? RTSIGNTOOLHELP_USAGE : RTSIGNTOOLHELP_FULL;
+ uint32_t cShowed = 0;
+ uint32_t cchWidth;
+ if (RT_FAILURE(RTStrmQueryTerminalWidth(g_pStdOut, &cchWidth)))
+ cchWidth = 80;
+
+ RTStrmPrintf(pStrm,
+ "Usage: RTSignTool <command> [command-options]\n"
+ " or: RTSignTool <-V|--version|version>\n"
+ " or: RTSignTool <-h|--help|help> [command-pattern [..]]\n"
+ "\n"
+ );
+
+ if (enmLevel == RTSIGNTOOLHELP_USAGE)
+ RTStrmPrintf(pStrm, "Syntax summary for the RTSignTool commands:\n");
+
+ for (uint32_t iCmd = 0; iCmd < RT_ELEMENTS(g_aCommands); iCmd++)
+ {
+ if (g_aCommands[iCmd].pfnHelp)
+ {
+ bool fShow = false;
+ if (cArgs <= 1)
+ fShow = true;
+ else
+ for (int iArg = 1; iArg < cArgs; iArg++)
+ if (RTStrSimplePatternMultiMatch(papszArgs[iArg], RTSTR_MAX, g_aCommands[iCmd].pszCmd, RTSTR_MAX, NULL))
+ {
+ fShow = true;
+ break;
+ }
+ if (fShow)
+ {
+ if (enmLevel == RTSIGNTOOLHELP_FULL)
+ RTPrintf("%.*s\n", RT_MIN(cchWidth, 100),
+ "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ");
+ g_aCommands[iCmd].pfnHelp(pStrm, enmLevel);
+ cShowed++;
+ }
+ }
+ }
+ return cShowed ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
+}
+
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /*
+ * Parse global arguments.
+ */
+ int iArg = 1;
+ /* none presently. */
+
+ /*
+ * Command dispatcher.
+ */
+ if (iArg < argc)
+ {
+ const char *pszCmd = argv[iArg];
+ uint32_t i = RT_ELEMENTS(g_aCommands);
+ while (i-- > 0)
+ if (!strcmp(g_aCommands[i].pszCmd, pszCmd))
+ return g_aCommands[i].pfnHandler(argc - iArg, &argv[iArg]);
+ RTMsgError("Unknown command '%s'.", pszCmd);
+ }
+ else
+ RTMsgError("No command given. (try --help)");
+
+ return RTEXITCODE_SYNTAX;
+}
+
diff --git a/src/VBox/Runtime/tools/RTTar.cpp b/src/VBox/Runtime/tools/RTTar.cpp
new file mode 100644
index 00000000..a9d47193
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTTar.cpp
@@ -0,0 +1,54 @@
+/* $Id: RTTar.cpp $ */
+/** @file
+ * IPRT - TAR Utility.
+ */
+
+/*
+ * Copyright (C) 2010-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/zip.h>
+#include <iprt/errcore.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTZipTarCmd(argc, argv);
+}
+
diff --git a/src/VBox/Runtime/tools/RTTraceLogTool.cpp b/src/VBox/Runtime/tools/RTTraceLogTool.cpp
new file mode 100644
index 00000000..dead0e9a
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTTraceLogTool.cpp
@@ -0,0 +1,343 @@
+/* $Id: RTTraceLogTool.cpp $ */
+/** @file
+ * IPRT - Utility for reading/receiving and dissecting trace logs.
+ */
+
+/*
+ * Copyright (C) 2018-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/tracelog.h>
+
+#include <iprt/assert.h>
+#include <iprt/errcore.h>
+#include <iprt/getopt.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+#include <iprt/mem.h>
+#include <iprt/path.h>
+#include <iprt/stream.h>
+#include <iprt/string.h>
+#include <iprt/tcp.h>
+
+
+/**
+ * The tracelog tool TCP server/client state.
+ */
+typedef struct RTTRACELOGTOOLTCP
+{
+ /** Flag whether this is a server. */
+ bool fIsServer;
+ /** The TCP socket handle for the connection. */
+ RTSOCKET hSock;
+ /** The TCP server. */
+ PRTTCPSERVER pTcpSrv;
+} RTTRACELOGTOOLTCP;
+/** Pointer to the TCP server/client state. */
+typedef RTTRACELOGTOOLTCP *PRTTRACELOGTOOLTCP;
+
+
+static void rtTraceLogTcpDestroy(PRTTRACELOGTOOLTCP pTrcLogTcp)
+{
+ if (pTrcLogTcp->fIsServer)
+ RTTcpServerDestroy(pTrcLogTcp->pTcpSrv);
+ if (pTrcLogTcp->hSock != NIL_RTSOCKET)
+ {
+ if (pTrcLogTcp->fIsServer)
+ RTTcpServerDisconnectClient2(pTrcLogTcp->hSock);
+ else
+ RTTcpClientClose(pTrcLogTcp->hSock);
+ }
+ RTMemFree(pTrcLogTcp);
+}
+
+
+static DECLCALLBACK(int) rtTraceLogToolTcpInput(void *pvUser, void *pvBuf, size_t cbBuf, size_t *pcbRead,
+ RTMSINTERVAL cMsTimeout)
+{
+ PRTTRACELOGTOOLTCP pTrcLogTcp = (PRTTRACELOGTOOLTCP)pvUser;
+ if ( pTrcLogTcp->fIsServer
+ && pTrcLogTcp->hSock == NIL_RTSOCKET)
+ {
+ int rc = RTTcpServerListen2(pTrcLogTcp->pTcpSrv, &pTrcLogTcp->hSock);
+ if (RT_FAILURE(rc))
+ return rc;
+ }
+
+ int rc = RTTcpSelectOne(pTrcLogTcp->hSock, cMsTimeout);
+ if (RT_SUCCESS(rc))
+ rc = RTTcpReadNB(pTrcLogTcp->hSock, pvBuf, cbBuf, pcbRead);
+
+ return rc;
+}
+
+
+static DECLCALLBACK(int) rtTraceLogToolTcpClose(void *pvUser)
+{
+ PRTTRACELOGTOOLTCP pTrcLogTcp = (PRTTRACELOGTOOLTCP)pvUser;
+ rtTraceLogTcpDestroy(pTrcLogTcp);
+ return VINF_SUCCESS;
+}
+
+
+/**
+ * Tries to create a new trace log reader using the given input.
+ *
+ * @returns IPRT status code.
+ * @param phTraceLogRdr Where to store the handle to the trace log reader instance on success.
+ * @param pszInput The input path.
+ * @param pszSave The optional path to save
+ */
+static int rtTraceLogToolReaderCreate(PRTTRACELOGRDR phTraceLogRdr, const char *pszInput, const char *pszSave)
+{
+ RT_NOREF(pszSave);
+
+ /* Try treating the input as a file first. */
+ int rc = RTTraceLogRdrCreateFromFile(phTraceLogRdr, pszInput);
+ if (RT_FAILURE(rc))
+ {
+ /*
+ * Check whether the input looks like a port number or an address:port pair.
+ * The former will create a server listening on the port while the latter tries
+ * to connect to the given address:port combination.
+ */
+ uint32_t uPort = 0;
+ bool fIsServer = false;
+ PRTTCPSERVER pTcpSrv = NULL;
+ RTSOCKET hSock = NIL_RTSOCKET;
+ rc = RTStrToUInt32Full(pszInput, 10, &uPort);
+ if (rc == VINF_SUCCESS)
+ {
+ fIsServer = true;
+ rc = RTTcpServerCreateEx(NULL, uPort, &pTcpSrv);
+ }
+ else
+ {
+ /* Try treating the input as an address:port pair. */
+ }
+
+ if (RT_SUCCESS(rc))
+ {
+ /* Initialize structure and reader. */
+ PRTTRACELOGTOOLTCP pTrcLogTcp = (PRTTRACELOGTOOLTCP)RTMemAllocZ(sizeof(*pTrcLogTcp));
+ if (pTrcLogTcp)
+ {
+ pTrcLogTcp->fIsServer = fIsServer;
+ pTrcLogTcp->hSock = hSock;
+ pTrcLogTcp->pTcpSrv = pTcpSrv;
+ rc = RTTraceLogRdrCreate(phTraceLogRdr, rtTraceLogToolTcpInput, rtTraceLogToolTcpClose, pTrcLogTcp);
+ if (RT_FAILURE(rc))
+ rtTraceLogTcpDestroy(pTrcLogTcp);
+ }
+ else
+ {
+ if (fIsServer)
+ RTTcpServerDestroy(pTcpSrv);
+ else
+ RTSocketClose(hSock);
+ }
+ }
+ }
+ return rc;
+}
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+
+ /*
+ * Parse arguments.
+ */
+ static const RTGETOPTDEF s_aOptions[] =
+ {
+ { "--input", 'i', RTGETOPT_REQ_STRING },
+ { "--save", 's', RTGETOPT_REQ_STRING },
+ { "--help", 'h', RTGETOPT_REQ_NOTHING },
+ { "--version", 'V', RTGETOPT_REQ_NOTHING },
+ };
+
+ RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
+ const char *pszInput = NULL;
+ const char *pszSave = NULL;
+
+ RTGETOPTUNION ValueUnion;
+ RTGETOPTSTATE GetState;
+ RTGetOptInit(&GetState, argc, argv, s_aOptions, RT_ELEMENTS(s_aOptions), 1, RTGETOPTINIT_FLAGS_OPTS_FIRST);
+ while ((rc = RTGetOpt(&GetState, &ValueUnion)))
+ {
+ switch (rc)
+ {
+ case 'h':
+ RTPrintf("Usage: %s [options]\n"
+ "\n"
+ "Options:\n"
+ " -i,--input=<file|port|address:port>\n"
+ " Input path, can be a file a port to start listening on for incoming connections or an address:port to connect to\n"
+ " -s,--save=file\n"
+ " Save the input to a file for later use\n"
+ " -h, -?, --help\n"
+ " Display this help text and exit successfully.\n"
+ " -V, --version\n"
+ " Display the revision and exit successfully.\n"
+ , RTPathFilename(argv[0]));
+ return RTEXITCODE_SUCCESS;
+ case 'V':
+ RTPrintf("$Revision: 155244 $\n");
+ return RTEXITCODE_SUCCESS;
+
+ case 'i':
+ pszInput = ValueUnion.psz;
+ break;
+ case 's':
+ pszSave = ValueUnion.psz;
+ break;
+ default:
+ return RTGetOptPrintError(rc, &ValueUnion);
+ }
+ }
+
+ if (!pszInput)
+ {
+ RTPrintf("An input path must be given\n");
+ return RTEXITCODE_FAILURE;
+ }
+
+ /*
+ * Create trace log reader instance.
+ */
+ RTTRACELOGRDR hTraceLogRdr = NIL_RTTRACELOGRDR;
+ rc = rtTraceLogToolReaderCreate(&hTraceLogRdr, pszInput, pszSave);
+ if (RT_SUCCESS(rc))
+ {
+ do
+ {
+ RTTRACELOGRDRPOLLEVT enmEvt = RTTRACELOGRDRPOLLEVT_INVALID;
+ rc = RTTraceLogRdrEvtPoll(hTraceLogRdr, &enmEvt, RT_INDEFINITE_WAIT);
+ if (RT_SUCCESS(rc))
+ {
+ switch (enmEvt)
+ {
+ case RTTRACELOGRDRPOLLEVT_HDR_RECVD:
+ RTMsgInfo("A valid header was received\n");
+ break;
+ case RTTRACELOGRDRPOLLEVT_TRACE_EVENT_RECVD:
+ {
+ RTTRACELOGRDREVT hTraceLogEvt;
+ rc = RTTraceLogRdrQueryLastEvt(hTraceLogRdr, &hTraceLogEvt);
+ if (RT_SUCCESS(rc))
+ {
+ PCRTTRACELOGEVTDESC pEvtDesc = RTTraceLogRdrEvtGetDesc(hTraceLogEvt);
+ RTMsgInfo("%llu %llu %s\n",
+ RTTraceLogRdrEvtGetSeqNo(hTraceLogEvt),
+ RTTraceLogRdrEvtGetTs(hTraceLogEvt),
+ pEvtDesc->pszId);
+ for (unsigned i = 0; i < pEvtDesc->cEvtItems; i++)
+ {
+ RTTRACELOGEVTVAL Val;
+ unsigned cVals = 0;
+ rc = RTTraceLogRdrEvtFillVals(hTraceLogEvt, i, &Val, 1, &cVals);
+ if (RT_SUCCESS(rc))
+ {
+ switch (Val.pItemDesc->enmType)
+ {
+ case RTTRACELOGTYPE_BOOL:
+ RTMsgInfo(" %s: %s\n", Val.pItemDesc->pszName, Val.u.f ? "true" : "false");
+ break;
+ case RTTRACELOGTYPE_UINT8:
+ RTMsgInfo(" %s: %u\n", Val.pItemDesc->pszName, Val.u.u8);
+ break;
+ case RTTRACELOGTYPE_INT8:
+ RTMsgInfo(" %s: %d\n", Val.pItemDesc->pszName, Val.u.i8);
+ break;
+ case RTTRACELOGTYPE_UINT16:
+ RTMsgInfo(" %s: %u\n", Val.pItemDesc->pszName, Val.u.u16);
+ break;
+ case RTTRACELOGTYPE_INT16:
+ RTMsgInfo(" %s: %d\n", Val.pItemDesc->pszName, Val.u.i16);
+ break;
+ case RTTRACELOGTYPE_UINT32:
+ RTMsgInfo(" %s: %u\n", Val.pItemDesc->pszName, Val.u.u32);
+ break;
+ case RTTRACELOGTYPE_INT32:
+ RTMsgInfo(" %s: %d\n", Val.pItemDesc->pszName, Val.u.i32);
+ break;
+ case RTTRACELOGTYPE_UINT64:
+ RTMsgInfo(" %s: %llu\n", Val.pItemDesc->pszName, Val.u.u64);
+ break;
+ case RTTRACELOGTYPE_INT64:
+ RTMsgInfo(" %s: %lld\n", Val.pItemDesc->pszName, Val.u.i64);
+ break;
+ case RTTRACELOGTYPE_RAWDATA:
+ RTMsgInfo(" %s:\n"
+ "%.*Rhxd\n", Val.pItemDesc->pszName, Val.u.RawData.cb, Val.u.RawData.pb);
+ break;
+ case RTTRACELOGTYPE_FLOAT32:
+ case RTTRACELOGTYPE_FLOAT64:
+ RTMsgInfo(" %s: Float32 and Float64 data not supported yet\n", Val.pItemDesc->pszName);
+ break;
+ case RTTRACELOGTYPE_POINTER:
+ RTMsgInfo(" %s: %#llx\n", Val.pItemDesc->pszName, Val.u.uPtr);
+ break;
+ case RTTRACELOGTYPE_SIZE:
+ RTMsgInfo(" %s: %llu\n", Val.pItemDesc->pszName, Val.u.sz);
+ break;
+ default:
+ RTMsgError(" %s: Invalid type given %d\n", Val.pItemDesc->pszName, Val.pItemDesc->enmType);
+ }
+ }
+ else
+ RTMsgInfo(" Failed to retrieve event data with %Rrc\n", rc);
+ }
+ }
+ break;
+ }
+ default:
+ RTMsgInfo("Invalid event received: %d\n", enmEvt);
+ }
+ }
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Polling for an event failed with %Rrc\n", rc);
+ } while (RT_SUCCESS(rc));
+
+ RTTraceLogRdrDestroy(hTraceLogRdr);
+ }
+ else
+ rcExit = RTMsgErrorExit(RTEXITCODE_FAILURE, "Failed to create trace log reader with %Rrc\n", rc);
+
+ return rcExit;
+}
+
diff --git a/src/VBox/Runtime/tools/RTUnzip.cpp b/src/VBox/Runtime/tools/RTUnzip.cpp
new file mode 100644
index 00000000..4aeb2397
--- /dev/null
+++ b/src/VBox/Runtime/tools/RTUnzip.cpp
@@ -0,0 +1,54 @@
+/* $Id: RTUnzip.cpp $ */
+/** @file
+ * IPRT - TAR Utility.
+ */
+
+/*
+ * Copyright (C) 2010-2023 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
+ * in the VirtualBox distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#include <iprt/zip.h>
+#include <iprt/errcore.h>
+#include <iprt/initterm.h>
+#include <iprt/message.h>
+
+
+int main(int argc, char **argv)
+{
+ int rc = RTR3InitExe(argc, &argv, 0);
+ if (RT_FAILURE(rc))
+ return RTMsgInitFailure(rc);
+ return RTZipUnzipCmd(argc, argv);
+}
+