From 603af9bb92af6bc429d880df71618e96820967c5 Mon Sep 17 00:00:00 2001 From: Ron Yorston Date: Sat, 27 May 2023 08:35:59 +0100 Subject: win32: support "app exec link" reparse points Reparse points with the tag IO_REPARSE_TAG_APPEXECLINK are present in ~/AppData/Local/Microsoft/WindowsApps in Windows 10 and 11. They are: Used by Universal Windows Platform (UWP) packages to encode information that allows the application to be launched by CreateProcess. Modify readlink(2) and lsattr(1) to treat them as symbolic links, in much the same way as was done previously for junctions. They aren't really symbolic links but they're similar. Costs 128-160 bytes. (GitHub issue #327) --- e2fsprogs/e2fs_lib.c | 6 ++++++ e2fsprogs/lsattr.c | 1 + win32/mingw.c | 37 ++++++++++++++++++++++++++++++++++++- 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/e2fsprogs/e2fs_lib.c b/e2fsprogs/e2fs_lib.c index 031f5e06b..4a4db1a13 100644 --- a/e2fsprogs/e2fs_lib.c +++ b/e2fsprogs/e2fs_lib.c @@ -135,6 +135,9 @@ void print_e2flags_long(struct stat *sb) case IO_REPARSE_TAG_MOUNT_POINT: ln = "Junction"; break; + case IO_REPARSE_TAG_APPEXECLINK: + ln = "App_Exec_Link"; + break; } } fputs(ln, stdout); @@ -174,6 +177,9 @@ void print_e2flags(struct stat *sb) case IO_REPARSE_TAG_MOUNT_POINT: c = 'j'; break; + case IO_REPARSE_TAG_APPEXECLINK: + c = 'A'; + break; } } #endif diff --git a/e2fsprogs/lsattr.c b/e2fsprogs/lsattr.c index a6c4a27e9..87fdb78b3 100644 --- a/e2fsprogs/lsattr.c +++ b/e2fsprogs/lsattr.c @@ -47,6 +47,7 @@ //usage: "\n\nAttributes:\n" //usage: "\n j Junction" //usage: "\n l Symbolic link" +//usage: "\n A App exec link" //usage: "\n R Reparse point" //usage: "\n o Offline" //usage: "\n e Encrypted" diff --git a/win32/mingw.c b/win32/mingw.c index 9e1cf5eea..be4fc7aa1 100644 --- a/win32/mingw.c +++ b/win32/mingw.c @@ -593,6 +593,7 @@ static DWORD get_symlink_data(DWORD attr, const char *pathname, switch (fbuf->dwReserved0) { case IO_REPARSE_TAG_SYMLINK: case IO_REPARSE_TAG_MOUNT_POINT: + case IO_REPARSE_TAG_APPEXECLINK: return fbuf->dwReserved0; } } @@ -1602,6 +1603,23 @@ static wchar_t *normalize_ntpath(wchar_t *wbuf) return wbuf; } +/* + * This is the stucture required for reparse points with the tag + * IO_REPARSE_TAG_APPEXECLINK. The Buffer member contains four + * NUL-terminated, concatentated strings: + * + * package id, entry point, executable path and application type. + * + * https://www.tiraniddo.dev/2019/09/overview-of-windows-execution-aliases.html + */ +typedef struct { + DWORD ReparseTag; + USHORT ReparseDataLength; + USHORT Reserved; + ULONG Version; + WCHAR Buffer[1]; +} APPEXECLINK_BUFFER; + #define SRPB rptr->SymbolicLinkReparseBuffer ssize_t readlink(const char *pathname, char *buf, size_t bufsiz) { @@ -1613,9 +1631,11 @@ ssize_t readlink(const char *pathname, char *buf, size_t bufsiz) DWORD nbytes; BYTE rbuf[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; PREPARSE_DATA_BUFFER rptr = (PREPARSE_DATA_BUFFER)rbuf; + APPEXECLINK_BUFFER *aptr = (APPEXECLINK_BUFFER *)rptr; BOOL status; size_t len; - WCHAR *name = NULL; + WCHAR *name = NULL, *str[4], *s; + int i; status = DeviceIoControl(h, FSCTL_GET_REPARSE_POINT, NULL, 0, rptr, sizeof(rbuf), &nbytes, NULL); @@ -1627,6 +1647,21 @@ ssize_t readlink(const char *pathname, char *buf, size_t bufsiz) } else if (status && rptr->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { len = MRPB.SubstituteNameLength/sizeof(WCHAR); name = MRPB.PathBuffer + MRPB.SubstituteNameOffset/sizeof(WCHAR); + } else if (status && rptr->ReparseTag == IO_REPARSE_TAG_APPEXECLINK) { + // We only need the executable path but we determine all of + // the strings as a sanity check. + i = 0; + s = aptr->Buffer; + do { + str[i] = s; + while (*s++) + ; + } while (++i < 4); + + if (s - aptr->Buffer < MAXIMUM_REPARSE_DATA_BUFFER_SIZE) { + len = wcslen(str[2]); + name = str[2]; + } } if (name) { -- cgit v1.2.3-55-g6feb