Qt: Warn the user about DBAR 1.8 on Windows.

At startup, dig through the registry looking for shell extensions. If
any of them match known Dell Backup and Recovery DLL names and the DLL
version matches 1.8.*.*, show the user a warning dialog.

This is a bit extreme but I'm not sure what else to do. Dell is a popular
computer manufacturer and bug reports keep trickling in.

Change-Id: I6d1bd6c56850279356570154d231b07facb30cff
Bug: 12036
Ping-bug: 12701
Ping-bug: 13414
Reviewed-on: https://code.wireshark.org/review/16861
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

4 files changed, 131 insertions, 0 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 08eb05c31b..720ee7d502 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1959,6 +1959,7 @@ if(BUILD_wireshark AND QT_FOUND)
 		${APPLE_CORE_FOUNDATION_LIBRARY}
 		${APPLE_SYSTEM_CONFIGURATION_LIBRARY}
 		${NL_LIBRARIES}
+		${WIN_VERSION_LIBRARY}
 	)
 
 	# Policy since 2.8.11
diff --git a/cmake/modules/UseWinLibs.cmake b/cmake/modules/UseWinLibs.cmake
index 4f45bbe5a0..d06fa1d41e 100644
--- a/cmake/modules/UseWinLibs.cmake
+++ b/cmake/modules/UseWinLibs.cmake
@@ -11,6 +11,7 @@ if( WIN32 )
 	set( WIN_PSAPI_LIBRARY    psapi.lib )
 	set( WIN_WSOCK32_LIBRARY  wsock32.lib )
 	set( WIN_COMCTL32_LIBRARY comctl32.lib )
+	set( WIN_VERSION_LIBRARY  version.lib )
 
 	# Linking with setargv.obj enables "wildcard expansion" of command-line arguments
 	set( WS_LINK_FLAGS "${WS_LINK_FLAGS} setargv.obj" )
diff --git a/ui/qt/wireshark_application.cpp b/ui/qt/wireshark_application.cpp
index ee224f96f8..f75a46099c 100644
--- a/ui/qt/wireshark_application.cpp
+++ b/ui/qt/wireshark_application.cpp
@@ -73,6 +73,8 @@
 #ifdef _WIN32
 #  include "ui/win32/console_win32.h"
 #  include "wsutil/file_util.h"
+#  include <QMessageBox>
+#  include <QSettings>
 #endif /* _WIN32 */
 
 #include <QAction>
@@ -474,6 +476,124 @@ void WiresharkApplication::storeCustomColorsInRecent()
     }
 }
 
+#ifdef _WIN32
+// Dell Backup and Recovery is awful and terrible.
+// https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036
+// https://bugreports.qt.io/browse/QTBUG-41416
+// http://en.community.dell.com/support-forums/software-os/f/3526/t/19634253
+// http://stackoverflow.com/a/33697140/82195
+//
+// According to https://www.portraitprofessional.com/support/?qid=79 , which
+// points to http://cloudfront.portraitprofessional.com/Tools/unregister_dell_backup.cmd
+// DBAR's shell extension DLLs are named DBROverlayIconBackuped.dll,
+// DBROverlayIconNotBackuped.dll, and DBRShellExtension.dll.
+//
+// Look for them in the registry and show a warning if we find any of them.
+//
+// This is obnoxious, but so is crashing. Hopefully we can remove it at some
+// point.
+
+// Returns only the most significant (major + minor) 32 bits of the version number.
+unsigned int WiresharkApplication::fileVersion(QString file_path) {
+    unsigned int version = 0;
+    DWORD gfvi_size = GetFileVersionInfoSize((LPCWSTR) file_path.utf16(), NULL);
+
+    if (gfvi_size == 0) {
+        return 0;
+    }
+
+    LPSTR version_info = new char[gfvi_size];
+    if (GetFileVersionInfo((LPCWSTR) file_path.utf16(), 0, gfvi_size, version_info)) {
+        void *vqv_buffer = NULL;
+        UINT vqv_size = 0;
+        if (VerQueryValue(version_info, TEXT("\\"), &vqv_buffer, &vqv_size)) {
+            VS_FIXEDFILEINFO *vqv_fileinfo = (VS_FIXEDFILEINFO *)vqv_buffer;
+            if (vqv_size && vqv_buffer && vqv_fileinfo->dwSignature == 0xfeef04bd) {
+                version = vqv_fileinfo->dwFileVersionMS;
+            }
+        }
+    }
+
+    delete[] version_info;
+    return version;
+}
+
+void WiresharkApplication::checkForDbar()
+{
+    QStringList dbar_dlls = QStringList()
+        // << "7-Zip.dll" // For testing. I don't have DBAR.
+        // << "shell32.dll"
+        << "DBROverlayIconBackuped.dll"
+        << "DBROverlayIconNotBackuped.dll"
+        << "DBRShellExtension.dll";
+    // List of HKCR subkeys in which to look for "shellex\ContextMenuHandlers".
+    // This may be incomplete.
+    // https://msdn.microsoft.com/en-us/library/windows/desktop/cc144110
+    QStringList hkcr_subkeys = QStringList()
+        << "*"
+        << "AllFileSystemObjects"
+        << "Folder"
+        << "Directory"
+        << "Drive";
+    QRegExp uuid_re("^\\{.+\\}");
+    QSet<QString> clsids;
+
+    // Look for context menu handler CLSIDs. We might want to skip this and
+    // just iterate through all of the CLSID subkeys below.
+    foreach (QString subkey, hkcr_subkeys) {
+        QString cmh_path = QString("HKEY_CLASSES_ROOT\\%1\\shellex\\ContextMenuHandlers").arg(subkey);
+        QSettings cmh_reg(cmh_path, QSettings::NativeFormat);
+        foreach (QString cmh_key, cmh_reg.allKeys()) {
+            // Add anything that looks like a UUID.
+            if (!cmh_key.endsWith("/.")) continue; // No default key?
+
+            // "Registering Shell Extension Handlers" says the subkey name
+            // should be the class ID...
+            if (cmh_key.contains(uuid_re)) {
+                cmh_key.chop(2);
+                clsids += cmh_key;
+                continue;
+            }
+
+            // ...it then gives an example with the subkey named after the
+            // application, with the default key containing the class ID.
+            QString cmh_default = cmh_reg.value(cmh_key).toString();
+            if (cmh_default.contains(uuid_re)) clsids += cmh_default;
+
+        }
+    }
+
+    // We have a list of context menu handler CLSIDs. Now look for
+    // offending DLLs.
+    foreach (QString clsid, clsids.toList()) {
+        QString inproc_path = QString("HKEY_CLASSES_ROOT\\CLSID\\%1\\InprocServer32").arg(clsid);
+        QSettings inproc_reg(inproc_path, QSettings::NativeFormat);
+        QString inproc_default = inproc_reg.value(".").toString();
+        if (inproc_default.isEmpty()) continue;
+
+        foreach (QString dbar_dll, dbar_dlls) {
+            // XXX We don't expand environment variables in the path.
+            unsigned int dll_version = fileVersion(inproc_default);
+            unsigned int bad_version = 1 << 16 | 8; // Offending DBAR version is 1.8.
+            if (inproc_default.contains(dbar_dll, Qt::CaseInsensitive) && dll_version == bad_version) {
+                QMessageBox dbar_msgbox;
+                dbar_msgbox.setIcon(QMessageBox::Warning);
+                dbar_msgbox.setStandardButtons(QMessageBox::Ok);
+                dbar_msgbox.setWindowTitle(tr("Dell Backup and Recovery Found"));
+                dbar_msgbox.setText(tr("You appear to be running Dell Backup and Recovery 1.8."));
+                dbar_msgbox.setInformativeText(tr(
+                    "DBAR can make many applications crash"
+                    " <a href=\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036\">including Wireshark</a>."
+                ));
+                dbar_msgbox.setDetailedText(tr("Offending DLL: %1").arg(inproc_default));
+                dbar_msgbox.exec();
+                return;
+            }
+        }
+    }
+}
+#endif
+
 void WiresharkApplication::setLastOpenDir(const char *dir_name)
 {
     qint64 len;
@@ -714,6 +834,11 @@ WiresharkApplication::WiresharkApplication(int &argc,  char **argv) :
 #ifdef HAVE_SOFTWARE_UPDATE
     connect(this, SIGNAL(softwareUpdateQuit()), this, SLOT(quit()), Qt::QueuedConnection);
 #endif
+
+#ifdef _WIN32
+    checkForDbar();
+#endif
+
     connect(qApp, SIGNAL(aboutToQuit()), this, SLOT(cleanup()));
 }
 
diff --git a/ui/qt/wireshark_application.h b/ui/qt/wireshark_application.h
index fffce30a73..f992192b39 100644
--- a/ui/qt/wireshark_application.h
+++ b/ui/qt/wireshark_application.h
@@ -156,6 +156,10 @@ private:
 #endif
 
     void storeCustomColorsInRecent();
+#ifdef _WIN32
+    unsigned int fileVersion(QString file_path);
+    void checkForDbar();
+#endif
 
 protected:
     bool event(QEvent *event);