in fixups/RegLegacyFixups/RegistryFixups.cpp [18:186]
REGSAM RegFixupSam(std::string keypath, REGSAM samDesired, DWORD RegLocalInstance)
{
REGSAM samModified = samDesired;
std::string keystring;
Log("[%d] RegFixupSam: path=%s\n", RegLocalInstance, keypath.c_str());
for (auto& spec : g_regRemediationSpecs)
{
#ifdef _DEBUG
Log("[%d] RegFixupSam: spec.type=%d\n", RegLocalInstance, spec.remeditaionType);
#endif
switch (spec.remeditaionType)
{
case Reg_Remediation_Type_ModifyKeyAccess:
#ifdef _DEBUG
Log("[%d] RegFixupSam: is Check ModifyKeyAccess...\n", RegLocalInstance);
#endif
for (auto& rem : spec.remediationRecords)
{
switch (rem.modifyKeyAccess.hive)
{
case Modify_Key_Hive_Type_HKCU:
keystring = "HKEY_CURRENT_USER\\";
if (keypath._Starts_with(keystring))
{
#ifdef _DEBUG
Log("[%d] RegFixupSam: is HKCU key\n", RegLocalInstance);
#endif
for (auto& pattern : rem.modifyKeyAccess.patterns)
{
#ifdef _DEBUG
Log("[%d] RegFixupSam: Check %LS\n", RegLocalInstance, widen(keypath.substr(keystring.size())).c_str());
Log("[%d] RegFixupSam: using %LS\n", RegLocalInstance, pattern.c_str());
#endif
if (std::regex_match(widen(keypath.substr(keystring.size())), std::wregex(pattern)))
{
#ifdef _DEBUG
Log("[%d] RegFixupSam: is HKCU pattern match.\n", RegLocalInstance);
#endif
switch (rem.modifyKeyAccess.access)
{
case Modify_Key_Access_Type_Full2RW:
if ((samDesired & (KEY_ALL_ACCESS|KEY_CREATE_LINK)) != 0)
{
samModified = samDesired & ~(DELETE|KEY_CREATE_LINK);
#ifdef _DEBUG
Log("[%d] RegFixupSam: Full2RW\n", RegLocalInstance);
#endif
}
break;
case Modify_Key_Access_Type_Full2MaxAllowed:
if ((samDesired & (DELETE | WRITE_DAC | WRITE_OWNER | KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_CREATE_LINK)) != 0)
{
samModified = MAXIMUM_ALLOWED;
#ifdef _DEBUG
Log("[%d] RegFixupSam: Full2MaxAllowed\n", RegLocalInstance);
#endif
}
case Modify_Key_Access_Type_Full2R:
if ((samDesired & (DELETE | WRITE_DAC | WRITE_OWNER | KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_CREATE_LINK)) != 0)
{
samModified = samDesired & ~(DELETE | WRITE_DAC | WRITE_OWNER | KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_CREATE_LINK);
#ifdef _DEBUG
Log("[%d] RegFixupSam: Full2R\n", RegLocalInstance);
#endif
}
case Modify_Key_Access_Type_RW2R:
if ((samDesired & (KEY_CREATE_LINK|KEY_CREATE_SUB_KEY|KEY_SET_VALUE)) != 0)
{
samModified = samDesired & ~(DELETE | WRITE_DAC | WRITE_OWNER | KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_CREATE_LINK);
#ifdef _DEBUG
Log("[%d] RegFixupSam: RW2R\n", RegLocalInstance);
#endif
}
case Modify_Key_Access_Type_RW2MaxAllowed:
if ((samDesired & (KEY_CREATE_LINK | KEY_CREATE_SUB_KEY | KEY_SET_VALUE | WRITE_DAC | WRITE_OWNER)) != 0)
{
samModified = MAXIMUM_ALLOWED;
#ifdef _DEBUG
Log("[%d] RegFixupSam: RW2MaxAllowed\n", RegLocalInstance);
#endif
}
default:
break;
}
return samModified;
}
}
}
break;
case Modify_Key_Hive_Type_HKLM:
keystring = "HKEY_LOCAL_MACHINE\\";
if (keypath._Starts_with(keystring))
{
#ifdef _DEBUG
Log("[%d] RegFixupSam: is HKLM key\n", RegLocalInstance);
#endif
for (auto& pattern : rem.modifyKeyAccess.patterns)
{
if (std::regex_match(widen(keypath.substr(keystring.size())), std::wregex(pattern)))
{
#ifdef _DEBUG
Log("[%d] RegFixupSam: HKLM pattern match.\n", RegLocalInstance);
#endif
switch (rem.modifyKeyAccess.access)
{
case Modify_Key_Access_Type_Full2RW:
if ((samDesired & (KEY_ALL_ACCESS | KEY_CREATE_LINK)) != 0)
{
samModified = samDesired & ~(DELETE|KEY_CREATE_LINK);
#ifdef _DEBUG
Log("[%d] RegFixupSam: Full2RW\n", RegLocalInstance);
#endif
}
break;
case Modify_Key_Access_Type_Full2R:
if ((samDesired & (DELETE | WRITE_DAC | WRITE_OWNER | KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_CREATE_LINK)) != 0)
{
samModified = samDesired & ~(DELETE | WRITE_DAC | WRITE_OWNER | KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_CREATE_LINK);
#ifdef _DEBUG
Log("[%d] RegFixupSam: Full2R\n", RegLocalInstance);
#endif
}
case Modify_Key_Access_Type_Full2MaxAllowed:
if ((samDesired & (DELETE | WRITE_DAC | WRITE_OWNER | KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_CREATE_LINK)) != 0)
{
samModified = MAXIMUM_ALLOWED;
#ifdef _DEBUG
Log("[%d] RegFixupSam: Full2MaxAllowed\n", RegLocalInstance);
#endif
}
case Modify_Key_Access_Type_RW2R:
if ((samDesired & (KEY_CREATE_LINK | KEY_CREATE_SUB_KEY | KEY_SET_VALUE)) != 0)
{
samModified = samDesired & ~(DELETE | WRITE_DAC | WRITE_OWNER | KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_CREATE_LINK);
#ifdef _DEBUG
Log("[%d] RegFixupSam: RW2R\n", RegLocalInstance);
#endif
}
case Modify_Key_Access_Type_RW2MaxAllowed:
if ((samDesired & (KEY_CREATE_LINK | KEY_CREATE_SUB_KEY | KEY_SET_VALUE | WRITE_DAC | WRITE_OWNER)) != 0)
{
samModified = MAXIMUM_ALLOWED;
#ifdef _DEBUG
Log("[%d] RegFixupSam: RW2MaxAllowed\n", RegLocalInstance);
#endif
}
default:
break;
}
return samModified;
}
}
}
break;
case Modify_Key_Hive_Type_Unknown:
default:
break;
}
}
break;
case Reg_Remediation_Type_Unknown:
default:
break;
}
}
return samModified;
}