# Copyright (C) 2018, Stefan Kanthak # * The software is provided "as is" without any warranty, neither express # nor implied. # In no event will the author be held liable for any damage(s) arising # from the use of the software. # * Redistribution of the software is allowed only in unmodified form. # * Permission is granted to use the software solely for personal private # and non-commercial purposes. # * An individuals use of the software in his or her capacity or function # as an agent, (independent) contractor, employee, member or officer of # a business, corporation or organization (commercial or non-commercial) # does not qualify as personal private and non-commercial purpose. # * Without written approval from the author the software must not be used # for a business, for commercial, corporate, governmental, military or # organizational purposes of any kind, or in a commercial, corporate, # governmental, military or organizational environment of any kind. sign: BTI_RDCL.EXE SIGNTOOL.EXE Sign /A /D "Meltdown & Spectre Update Check Utility" /DU "https://skanthak.homepage.t-online.de/gimmick.html" /T "http://timestamp.verisign.com/scripts/timstamp.dll" /V $** # SIGNTOOL.EXE Sign /AS /D "Meltdown & Spectre Update Check Utility" /DU "https://skanthak.homepage.t-online.de/gimmick.html" /FD SHA256 /TD SHA256 /TR "http://timestamp.verisign.com/scripts/timstamp.dll" /V $** clobber: clean Erase BTI_RDCL.EXE clean: Erase BTI_RDCL.MAN BTI_RDCL.OBJ BTI_RDCL.RES BTI_RDCL.EXE: $*.RES $*.OBJ NTDLL.LIB LINK.EXE /DYNAMICBASE /ENTRY:wWinMainCRTStartup /FIXED:NO /LARGEADDRESSAWARE /NODEFAULTLIB /NOLOGO /NXCOMPAT /OPT:REF /OSVERSION:5.0 /OUT:$@ /RELEASE /SUBSYSTEM:WINDOWS /SWAPRUN:CD,NET /VERSION:1.0 $*.OBJ $*.RES NTDLL.LIB KERNEL32.LIB USER32.LIB BTI_RDCL.OBJ: BTI_RDCL.MAK CL.EXE /c /D$* /Fo$@ /GA /GF /GS- /Gy /O1 /Os /Tc<< /W4 /Zl /nologo // Copyright (C) 2018, Stefan Kanthak #pragma comment(compiler) #pragma comment(user, __TIMESTAMP__) #define STRICT #define UNICODE #define WIN32_LEAN_AND_MEAN #include extern const IMAGE_DOS_HEADER __ImageBase; // https://msdn.microsoft.com/en-us/library/cc231200.aspx // https://msdn.microsoft.com/en-us/library/cc704588.aspx typedef enum _NTSTATUS { STATUS_SUCCESS = 0x00000000, STATUS_UNSUCCESSFUL = 0xC0000001, STATUS_NOT_IMPLEMENTED = 0xC0000002, STATUS_INVALID_INFO_CLASS = 0xC0000003, STATUS_INFO_LENGTH_MISMATCH = 0xC0000004, STATUS_INVALID_PARAMETER = 0xC000000D } NTSTATUS; // https://msdn.microsoft.com/en-us/library/ms680600.aspx __declspec(dllimport) DWORD NTAPI RtlNtStatusToDosError(NTSTATUS Status); typedef enum _SYSTEM_INFORMATION_CLASS { SystemKernelVaShadowInformation = 196, SystemSpeculationControlInformation = 201 } SYSTEM_INFORMATION_CLASS; // https://msdn.microsoft.com/en-us/library/ms724509.aspx __declspec(dllimport) NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS SystemInformationClass, LPVOID SystemInformation, DWORD SystemInformationLength, LPDWORD ReturnLength); // https://msdn.microsoft.com/en-us/library/f9t8842e.aspx VOID wWinMainCRTStartup(VOID) { NTSTATUS ntStatus = STATUS_SUCCESS; #pragma warning(disable: 4214) struct { DWORD KvaShadowEnabled : 1; // Kernel Virtual Address Shadowing enabled DWORD KvaShadowUserGlobal : 1; // Kernel Virtual Address Shadowing enabled on user pages marked global DWORD KvaShadowPcid : 1; // PCID support (Westmere and later) DWORD KvaShadowInvpcid : 1; // INVPCID support (Haswell and later) DWORD Reserved : 28; } KvaShadowFlags; struct { DWORD BpbEnabled : 1; // Branch target injection protection enabled DWORD BpbDisabledSystemPolicy : 1; // PolicyOverride/PolicyOverrideMask registry setting DWORD BpbDisabledNoHardwareSupport : 1; // Microcode update not installed DWORD SpecCtrlEnumerated : 1; // IA32_SPEC_CTRL MSR support DWORD SpecCmdEnumerated : 1; // IA32_PRED_CMD MSR support (IBPB) DWORD IbrsPresent : 1; // IBRS support (Indirect Branch Restricted Speculation) DWORD StibpPresent : 1; // STIPB support (Single Thread Indirect Branch Predictors) DWORD SmepPresent : 1; // SMEP support (Supervisor-Mode Execution Prevention) DWORD Reserved : 24; } SpeculationControlFlags; #pragma warning(default: 4214) DWORD dwError = ERROR_SUCCESS; INT niBuffer = 0; WCHAR szBuffer[1025]; // https://msdn.microsoft.com/en-us/library/ms645402.aspx // https://msdn.microsoft.com/en-us/library/ms648029.aspx // https://msdn.microsoft.com/en-us/library/dd373908.aspx // BUG: if MB_DEFAULT_DESKTOP_ONLY is set, MessageBoxIndirect() // displays no icon and fails with access violation when // caption or text are specified as resources! MSGBOXPARAMS mbp = {sizeof(MSGBOXPARAMS), HWND_DESKTOP, (HINSTANCE) &__ImageBase, NULL, L"\"Meltdown\" (CVE-2017-5754 [Rogue Data Cache Load])", MB_USERICON | MB_OK, MAKEINTRESOURCE(1), (DWORD_PTR) NULL, (MSGBOXCALLBACK) NULL, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT)}; // https://msdn.microsoft.com/en-us/library/ms724509.aspx if ((ntStatus = NtQuerySystemInformation(SystemKernelVaShadowInformation, &KvaShadowFlags, sizeof(KvaShadowFlags), (LPDWORD) NULL)) < 0) // https://msdn.microsoft.com/en-us/library/ms647550.aspx niBuffer = wsprintf(szBuffer, L"NtQuerySystemInformation(SystemKernelVaShadowInformation) returned status 0x%08lX\n" L"\n" L"Summary information:\n" L"\tMitigation for \"Meltdown\" (CVE-2017-5754 [Rogue Data Cache Load]) is not installed!\n" L"\n" L"Notes:\t0xC0000002 (STATUS_NOT_IMPLEMENTED) indicates that security update KB405689x is installed, but does not support this information request!\n" L"\t0xC0000003 (STATUS_INVALID_INFO_CLASS) indicates that security update KB405689x is not installed!\n", ntStatus); else // https://msdn.microsoft.com/en-us/library/ms647550.aspx niBuffer = wsprintf(szBuffer, L"NtQuerySystemInformation(SystemKernelVaShadowInformation) returned status 0x%08lX\n" L"\n" L"Summary information:\n" L"\tMitigation for \"Meltdown\" (CVE-2017-5754 [Rogue Data Cache Load]) is%ls enabled!\n" L"\n" L"Detail information:\n" L"\tKvaShadowFlags = 0x%08lX\n" L"\t%lu\tKvaShadowEnabled\n" L"\t\t(Mitigation enabled by Windows)\n" L"\t%lu\tKvaShadowUserGlobal\n" L"\t%lu\tKvaShadowPcid\n" L"\t\t(Processor supports PCID feature)\n" L"\t%lu\tKvaShadowInvpcid\n" L"\t\t(Processor supports INVPCID instruction)\n" L"\t%lu\tReserved\n", ntStatus, KvaShadowFlags.KvaShadowEnabled ? L"" : L" not", *(LPDWORD) &KvaShadowFlags, KvaShadowFlags.KvaShadowEnabled, KvaShadowFlags.KvaShadowUserGlobal, KvaShadowFlags.KvaShadowPcid, KvaShadowFlags.KvaShadowInvpcid, KvaShadowFlags.Reserved); if (niBuffer == 0) dwError = GetLastError(); else { szBuffer[niBuffer] = L'\0'; mbp.lpszText = szBuffer; // mbp.lpszCaption = L"\"Meltdown\" (CVE-2017-5754 [Rogue Data Cache Load])"; // mbp.lpszIcon = MAKEINTRESOURCE(1); // https://msdn.microsoft.com/en-us/library/ms645511.aspx if (MessageBoxIndirect(&mbp) == 0) dwError = GetLastError(); else // https://msdn.microsoft.com/en-us/library/ms680600.aspx dwError = RtlNtStatusToDosError(ntStatus); } // https://msdn.microsoft.com/en-us/library/ms724509.aspx if ((ntStatus = NtQuerySystemInformation(SystemSpeculationControlInformation, &SpeculationControlFlags, sizeof(SpeculationControlFlags), (LPDWORD) NULL)) < 0) // https://msdn.microsoft.com/en-us/library/ms647550.aspx niBuffer = wsprintf(szBuffer, L"NtQuerySystemInformation(SystemSpeculationControlInformation) returned status 0x%08lX\n" L"\n" L"Summary information:\n" L"\tMitigation for \"Spectre\" (CVE-2017-5715 [Branch Target Injection] & CVE-2017-5753 [Bounds Check Bypass]) is not installed!\n" L"\n" L"Notes:\t0xC0000002 (STATUS_NOT_IMPLEMENTED) indicates that security update KB405689x is installed, but does not support this information request!\n" L"\t0xC0000003 (STATUS_INVALID_INFO_CLASS) indicates that security update KB405689x is not installed!\n", ntStatus); else // https://msdn.microsoft.com/en-us/library/ms647550.aspx niBuffer = wsprintf(szBuffer, L"NtQuerySystemInformation(SystemSpeculationControlInformation) returned status 0x%08lX\n" L"\n" L"Summary information:\n" L"\tMitigation for \"Spectre\" (CVE-2017-5715 [Branch Target Injection]) is%ls enabled!\n" L"\n" L"Detail information:\n" L"\tSpeculationControlFlags = 0x%08lX\n" L"\t%lu\tBpbEnabled\n" L"\t\t(Mitigation enabled by Windows)\n" L"\t%lu\tBpbDisabledSystemPolicy\n" L"\t\t(Mitigation disabled via Registry)\n" L"\t%lu\tBpbDisabledNoHardwareSupport\n" L"\t\t(Microcode update missing)\n" L"\t%lu\tSpecCtrlEnumerated\n" L"\t\t(Processor supports IA32_SPEC_CTRL MSR)\n" L"\t%lu\tSpecCmdEnumerated\n" L"\t\t(Processor supports IA32_SPEC_CMD MSR)\n" L"\t%lu\tIbrsPresent\n" L"\t\t(Processor supports IBRS feature)\n" L"\t%lu\tStibpPresent\n" L"\t\t(Processor supports STIBP feature)\n" L"\t%lu\tSmepPresent\n" L"\t\t(Processor supports SMEP feature)\n" L"\t%lu\tReserved\n", ntStatus, SpeculationControlFlags.BpbEnabled ? L"" : L" not", *(LPDWORD) &SpeculationControlFlags, SpeculationControlFlags.BpbEnabled, SpeculationControlFlags.BpbDisabledSystemPolicy, SpeculationControlFlags.BpbDisabledNoHardwareSupport, SpeculationControlFlags.SpecCtrlEnumerated, SpeculationControlFlags.SpecCmdEnumerated, SpeculationControlFlags.IbrsPresent, SpeculationControlFlags.StibpPresent, SpeculationControlFlags.SmepPresent, SpeculationControlFlags.Reserved); if (niBuffer == 0) dwError = GetLastError(); else { szBuffer[niBuffer] = L'\0'; // mbp.lpszText = szBuffer; mbp.lpszCaption = L"\"Spectre\" (CVE-2017-5715 [Branch Target Injection] & CVE-2017-5753 [Bounds Check Bypass])"; mbp.lpszIcon = MAKEINTRESOURCE(2); // https://msdn.microsoft.com/en-us/library/ms645511.aspx if (MessageBoxIndirect(&mbp) == 0) dwError = GetLastError(); else // https://msdn.microsoft.com/en-us/library/ms680600.aspx dwError = RtlNtStatusToDosError(ntStatus); } // https://msdn.microsoft.com/en-us/library/ms682658.aspx ExitProcess(dwError); } < #define STRICT #define WIN32_LEAN_AND_MEAN #define WINVER 0x0500 #define _WIN32_WINNT 0x0500 #include #include #include #ifdef _WIN32 #pragma code_page(1252) #endif LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL 1 ICON "MELTDOWN.ICO" // https://meltdownattack.com/favicon.ico 2 ICON "SPECTRE.ICO" // https://spectreattack.com/favicon.ico CREATEPROCESS_MANIFEST_RESOURCE_ID RT_MANIFEST "BTI_RDCL.MAN" VERSION 0x20180315L VS_VERSION_INFO VERSIONINFO FILEFLAGS VS_FF_PRIVATEBUILD | VS_FF_SPECIALBUILD FILEFLAGSMASK VS_FFI_FILEFLAGSMASK FILEOS VOS_NT_WINDOWS32 FILETYPE VFT_APP FILESUBTYPE VFT2_UNKNOWN FILEVERSION 1,0,0,0 PRODUCTVERSION 1,0,0,0 BEGIN BLOCK "StringFileInfo" BEGIN #ifdef UNICODE BLOCK "040904B0" #else BLOCK "040904E4" #endif BEGIN VALUE "Comments", "https://meltdownattack.com/index.html\n" "https://spectreattack.com/index.html\0" VALUE "CompanyName", "eSKamation\n" "https://skanthak.homepage.t-online.de/gimmick.html\0" VALUE "FileDescription", "Meltdown (CVE-2017-5754 [Rogue Data Cache Load]) and Spectre (CVE-2017-5715 [Branch Target Injection] & CVE-2017-5753 [Bounds Check Bypass]) Update Check Utility\0" VALUE "FileVersion", "1.0.0.0\0" VALUE "InternalName", "BTI_RDCL\0" VALUE "LegalCopyright", "Copyright © 2018, Stefan Kanthak\0" VALUE "LegalTrademarks", "\0" // VALUE "OLESelfRegister", "\0" VALUE "OriginalFilename", "BTI_RDCL.EXE\0" VALUE "PrivateBuild", "NOMSVCRT\0" VALUE "ProductName", "Meltdown and Spectre Update Check Utility\0" VALUE "ProductVersion", "1.0\0" VALUE "SpecialBuild", "Release\0" END END BLOCK "VarFileInfo" BEGIN #ifdef UNICODE VALUE "Translation", 0x0409, 1200 #else VALUE "Translation", 0x0409, 1252 #endif END END < Meltdown and Spectre Update Check Utility <