archive
/
windows-nt-4.0
mirror of https://github.com/lianthony/NT4.0
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Windows NT 4.0 source code leak
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
184 MiB
Tree: b4a8d373d8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b4a8d373d8'
${ noResults }
windows-nt-4.0/private/ntos/lpc/lpcrecv.c

386 lines
13 KiB
Raw Normal View History

initial commit
4 years ago
  1. /*++
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. lpcrecv.c
  9. Abstract:
  11. Local Inter-Process Communication (LPC) receive system services.
  13. Author:
  15. Steve Wood (stevewo) 15-May-1989
  17. Revision History:
  19. --*/
  21. #include "lpcp.h"
  23. #ifdef ALLOC_PRAGMA
  24. #pragma alloc_text(PAGE,NtReplyWaitReceivePort)
  25. #endif
  27. NTSTATUS
  28. NtReplyWaitReceivePort(
  29. IN HANDLE PortHandle,
  30. OUT PVOID *PortContext OPTIONAL,
  31. IN PPORT_MESSAGE ReplyMessage OPTIONAL,
  32. OUT PPORT_MESSAGE ReceiveMessage
  33. )
  34. {
  35. PLPCP_PORT_OBJECT PortObject;
  36. PLPCP_PORT_OBJECT ReceivePort;
  37. PORT_MESSAGE CapturedReplyMessage;
  38. KPROCESSOR_MODE PreviousMode;
  39. KPROCESSOR_MODE WaitMode;
  40. NTSTATUS Status;
  41. PLPCP_MESSAGE Msg;
  42. PETHREAD CurrentThread;
  43. PETHREAD WakeupThread;
  45. PAGED_CODE();
  46. CurrentThread = PsGetCurrentThread();
  48. //
  49. // Get previous processor mode
  50. //
  52. PreviousMode = KeGetPreviousMode();
  53. WaitMode = PreviousMode;
  54. if (PreviousMode != KernelMode) {
  55. try {
  56. if (ARGUMENT_PRESENT( PortContext )) {
  57. ProbeForWriteUlong( (PULONG)PortContext );
  58. }
  60. if (ARGUMENT_PRESENT( ReplyMessage)) {
  61. ProbeForRead( ReplyMessage,
  62. sizeof( *ReplyMessage ),
  63. sizeof( ULONG )
  64. );
  65. CapturedReplyMessage = *ReplyMessage;
  66. }
  68. ProbeForWrite( ReceiveMessage,
  69. sizeof( *ReceiveMessage ),
  70. sizeof( ULONG )
  71. );
  72. }
  73. except( EXCEPTION_EXECUTE_HANDLER ) {
  74. return( GetExceptionCode() );
  75. }
  76. }
  77. else {
  79. //
  80. // Kernel mode threads call with wait mode of user so that their kernel
  81. // stacks are swappable. Main consumer of this is SepRmCommandThread
  82. //
  84. if ( IS_SYSTEM_THREAD(CurrentThread) ) {
  85. WaitMode = UserMode;
  86. }
  88. if (ARGUMENT_PRESENT( ReplyMessage)) {
  89. CapturedReplyMessage = *ReplyMessage;
  90. }
  91. }
  93. //
  94. // Reference the port object by handle
  95. //
  97. Status = LpcpReferencePortObject( PortHandle,
  98. 0,
  99. PreviousMode,
  100. &PortObject
  101. );
  102. if (!NT_SUCCESS( Status )) {
  103. return( Status );
  104. }
  106. if ((PortObject->Flags & PORT_TYPE) != CLIENT_COMMUNICATION_PORT) {
  107. ReceivePort = PortObject->ConnectionPort;
  108. }
  109. else {
  110. ReceivePort = PortObject;
  111. }
  113. //
  114. // If ReplyMessage argument present, then send reply
  115. //
  117. if (ARGUMENT_PRESENT( ReplyMessage )) {
  119. //
  120. // Translate the ClientId from the connection request into a
  121. // thread pointer. This is a referenced pointer to keep the thread
  122. // from evaporating out from under us.
  123. //
  125. Status = PsLookupProcessThreadByCid( &CapturedReplyMessage.ClientId,
  126. NULL,
  127. &WakeupThread
  128. );
  129. if (!NT_SUCCESS( Status )) {
  130. ObDereferenceObject( PortObject );
  131. return( Status );
  132. }
  134. //
  135. // Acquire the global Lpc mutex that gaurds the LpcReplyMessage
  136. // field of the thread and get the pointer to the message that
  137. // the thread is waiting for a reply to.
  138. //
  140. ExAcquireFastMutex( &LpcpLock );
  141. Msg = (PLPCP_MESSAGE)LpcpAllocateFromPortZone( CapturedReplyMessage.u1.s1.TotalLength );
  142. if (Msg == NULL) {
  143. ExReleaseFastMutex( &LpcpLock );
  144. ObDereferenceObject( WakeupThread );
  145. return( STATUS_NO_MEMORY );
  146. }
  148. //
  149. // See if the thread is waiting for a reply to the message
  150. // specified on this call. If not then a bogus message
  151. // has been specified, so release the mutex, dereference the thread
  152. // and return failure.
  153. //
  155. if (WakeupThread->LpcReplyMessageId != CapturedReplyMessage.MessageId
  156. ) {
  157. LpcpPrint(( "%s Attempted ReplyWaitReceive to Thread %lx (%s)\n",
  158. PsGetCurrentProcess()->ImageFileName,
  159. WakeupThread,
  160. THREAD_TO_PROCESS( WakeupThread )->ImageFileName
  161. ));
  162. LpcpPrint(( "failed. MessageId == %u Client Id: %x.%x\n",
  163. CapturedReplyMessage.MessageId,
  164. CapturedReplyMessage.ClientId.UniqueProcess,
  165. CapturedReplyMessage.ClientId.UniqueThread
  166. ));
  167. LpcpPrint(( " Thread MessageId == %u Client Id: %x.%x\n",
  168. WakeupThread->LpcReplyMessageId,
  169. WakeupThread->Cid.UniqueProcess,
  170. WakeupThread->Cid.UniqueThread
  171. ));
  172. #if DBG
  173. if (LpcpStopOnReplyMismatch) {
  174. DbgBreakPoint();
  175. }
  176. #endif
  177. LpcpFreeToPortZone( Msg, TRUE );
  178. ExReleaseFastMutex( &LpcpLock );
  179. ObDereferenceObject( WakeupThread );
  180. ObDereferenceObject( PortObject );
  181. return (STATUS_REPLY_MESSAGE_MISMATCH);
  182. }
  184. LpcpTrace(( "%s Sending Reply Msg %lx (%u.%u, %x) [%08x %08x %08x %08x] to Thread %lx (%s)\n",
  185. PsGetCurrentProcess()->ImageFileName,
  186. Msg,
  187. CapturedReplyMessage.MessageId,
  188. CapturedReplyMessage.CallbackId,
  189. CapturedReplyMessage.u2.s2.DataInfoOffset,
  190. *((PULONG)(Msg+1)+0),
  191. *((PULONG)(Msg+1)+1),
  192. *((PULONG)(Msg+1)+2),
  193. *((PULONG)(Msg+1)+3),
  194. WakeupThread,
  195. THREAD_TO_PROCESS( WakeupThread )->ImageFileName
  196. ));
  198. if (CapturedReplyMessage.u2.s2.DataInfoOffset != 0) {
  199. LpcpFreeDataInfoMessage( PortObject,
  200. CapturedReplyMessage.MessageId,
  201. CapturedReplyMessage.CallbackId
  202. );
  203. }
  205. //
  206. // Release the mutex that guards the LpcReplyMessage field
  207. // after marking message as being replied to.
  208. //
  210. Msg->RepliedToThread = WakeupThread;
  211. WakeupThread->LpcReplyMessageId = 0;
  212. WakeupThread->LpcReplyMessage = (PVOID)Msg;
  214. //
  215. // Remove the thread from the reply rundown list as we are sending the reply.
  216. //
  217. if (!WakeupThread->LpcExitThreadCalled && !IsListEmpty( &WakeupThread->LpcReplyChain )) {
  218. RemoveEntryList( &WakeupThread->LpcReplyChain );
  219. InitializeListHead( &WakeupThread->LpcReplyChain );
  220. }
  222. if (CurrentThread->LpcReceivedMsgIdValid &&
  223. CurrentThread->LpcReceivedMessageId == CapturedReplyMessage.MessageId
  224. ) {
  225. CurrentThread->LpcReceivedMessageId = 0;
  226. CurrentThread->LpcReceivedMsgIdValid = FALSE;
  227. }
  229. LpcpTrace(( "%s Waiting for message to Port %x (%s)\n",
  230. PsGetCurrentProcess()->ImageFileName,
  231. ReceivePort,
  232. LpcpGetCreatorName( ReceivePort )
  233. ));
  235. ExReleaseFastMutex( &LpcpLock );
  237. // Copy the reply message to the request message buffer
  238. //
  239. try {
  240. LpcpMoveMessage( &Msg->Request,
  241. &CapturedReplyMessage,
  242. (ReplyMessage + 1),
  243. LPC_REPLY,
  244. NULL
  245. );
  246. }
  247. except( EXCEPTION_EXECUTE_HANDLER ) {
  248. Status = GetExceptionCode(); // FIX, FIX
  249. }
  251. //
  252. // Wake up the thread that is waiting for an answer to its request
  253. // inside of NtRequestWaitReplyPort or NtReplyWaitReplyPort
  254. //
  256. Status = KeReleaseWaitForSemaphore( &WakeupThread->LpcReplySemaphore,
  257. ReceivePort->MsgQueue.Semaphore,
  258. WrLpcReceive,
  259. WaitMode
  260. );
  262. //
  263. // Fall into receive code. Client thread reference will be
  264. // returned by the client when it wakes up.
  265. //
  266. }
  267. else {
  268. //
  269. // Wait for a message
  270. //
  272. LpcpTrace(( "%s Waiting for message to Port %x (%s)\n",
  273. PsGetCurrentProcess()->ImageFileName,
  274. ReceivePort,
  275. LpcpGetCreatorName( ReceivePort )
  276. ));
  278. Status = KeWaitForSingleObject( ReceivePort->MsgQueue.Semaphore,
  279. WrLpcReceive,
  280. WaitMode,
  281. FALSE,
  282. NULL
  283. );
  284. }
  286. if (Status == STATUS_SUCCESS) {
  287. ExAcquireFastMutex( &LpcpLock );
  289. if (IsListEmpty( &ReceivePort->MsgQueue.ReceiveHead )) {
  290. ExReleaseFastMutex( &LpcpLock );
  291. ObDereferenceObject( PortObject );
  292. return( STATUS_UNSUCCESSFUL );
  293. }
  295. Msg = (PLPCP_MESSAGE)RemoveHeadList( &ReceivePort->MsgQueue.ReceiveHead );
  296. InitializeListHead( &Msg->Entry );
  297. LpcpTrace(( "%s Receive Msg %lx (%u) from Port %lx (%s)\n",
  298. PsGetCurrentProcess()->ImageFileName,
  299. Msg,
  300. Msg->Request.MessageId,
  301. ReceivePort,
  302. LpcpGetCreatorName( ReceivePort )
  303. ));
  305. CurrentThread->LpcReceivedMessageId = Msg->Request.MessageId;
  306. CurrentThread->LpcReceivedMsgIdValid = TRUE;
  307. ExReleaseFastMutex( &LpcpLock );
  309. try {
  310. if (Msg->Request.u2.s2.Type == LPC_CONNECTION_REQUEST) {
  311. PLPCP_CONNECTION_MESSAGE ConnectMsg;
  312. ULONG ConnectionInfoLength;
  314. ConnectMsg = (PLPCP_CONNECTION_MESSAGE)(Msg + 1);
  315. ConnectionInfoLength = Msg->Request.u1.s1.DataLength -
  316. sizeof( *ConnectMsg );
  319. *ReceiveMessage = Msg->Request;
  320. ReceiveMessage->u1.s1.TotalLength = sizeof( *ReceiveMessage ) +
  321. ConnectionInfoLength;
  322. ReceiveMessage->u1.s1.DataLength = (CSHORT)ConnectionInfoLength;
  323. RtlMoveMemory( ReceiveMessage+1,
  324. ConnectMsg + 1,
  325. ConnectionInfoLength
  326. );
  328. if (ARGUMENT_PRESENT( PortContext )) {
  329. *PortContext = NULL;
  330. }
  332. //
  333. // Dont free message until NtAcceptConnectPort called.
  334. //
  336. Msg = NULL;
  337. }
  338. else
  339. if (Msg->Request.u2.s2.Type != LPC_REPLY) {
  340. LpcpMoveMessage( ReceiveMessage,
  341. &Msg->Request,
  342. (&Msg->Request) + 1,
  343. 0,
  344. NULL
  345. );
  347. if (ARGUMENT_PRESENT( PortContext )) {
  348. *PortContext = Msg->PortContext;
  349. }
  351. //
  352. // If message contains DataInfo for access via NtRead/WriteRequestData
  353. // then put the message on a list in the communication port and dont
  354. // free it. It will be freed when the server replies to the message.
  355. //
  357. if (Msg->Request.u2.s2.DataInfoOffset != 0) {
  358. LpcpSaveDataInfoMessage( PortObject, Msg );
  359. Msg = NULL;
  360. }
  361. }
  362. else {
  363. LpcpPrint(( "LPC: Bogus reply message (%08x) in receive queue of connection port %08x\n",
  364. Msg, ReceivePort
  365. ));
  366. KdBreakPoint();
  367. }
  368. }
  369. except( EXCEPTION_EXECUTE_HANDLER ) {
  370. Status = GetExceptionCode(); // FIX, FIX
  371. }
  373. //
  374. // Acquire the LPC mutex and decrement the reference count for the
  375. // message. If the reference count goes to zero the message will be
  376. // deleted.
  377. //
  379. if (Msg != NULL) {
  380. LpcpFreeToPortZone( Msg, FALSE );
  381. }
  382. }
  384. ObDereferenceObject( PortObject );
  385. return( Status );
  386. }