archive
/
windows-nt-4.0
mirror of https://github.com/lianthony/NT4.0
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Windows NT 4.0 source code leak
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
184 MiB
Tree: b4a8d373d8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b4a8d373d8'
${ noResults }
windows-nt-4.0/private/ntos/lpc/lpcreply.c

762 lines
23 KiB
Raw Normal View History

initial commit
4 years ago
  1. /*++
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. lpcreply.c
  9. Abstract:
  11. Local Inter-Process Communication (LPC) reply system services.
  13. Author:
  15. Steve Wood (stevewo) 15-May-1989
  17. Revision History:
  19. --*/
  21. #include "lpcp.h"
  23. NTSTATUS
  24. LpcpCopyRequestData(
  25. IN BOOLEAN WriteToMessageData,
  26. IN HANDLE PortHandle,
  27. IN PPORT_MESSAGE Message,
  28. IN ULONG DataEntryIndex,
  29. IN PVOID Buffer,
  30. IN ULONG BufferSize,
  31. OUT PULONG NumberOfBytesCopied OPTIONAL
  32. );
  34. #ifdef ALLOC_PRAGMA
  35. #pragma alloc_text(PAGE,NtReplyPort)
  36. #pragma alloc_text(PAGE,NtReplyWaitReplyPort)
  37. #pragma alloc_text(PAGE,NtReadRequestData)
  38. #pragma alloc_text(PAGE,NtWriteRequestData)
  39. #pragma alloc_text(PAGE,LpcpCopyRequestData)
  40. #endif
  43. NTSTATUS
  44. NtReplyPort(
  45. IN HANDLE PortHandle,
  46. IN PPORT_MESSAGE ReplyMessage
  47. )
  48. {
  49. KPROCESSOR_MODE PreviousMode;
  50. PLPCP_PORT_OBJECT PortObject;
  51. PORT_MESSAGE CapturedReplyMessage;
  52. NTSTATUS Status;
  53. PLPCP_MESSAGE Msg;
  54. PETHREAD CurrentThread;
  55. PETHREAD WakeupThread;
  57. PAGED_CODE();
  58. CurrentThread = PsGetCurrentThread();
  60. //
  61. // Get previous processor mode and probe output arguments if necessary.
  62. //
  64. PreviousMode = KeGetPreviousMode();
  65. if (PreviousMode != KernelMode) {
  66. try {
  67. ProbeForRead( ReplyMessage,
  68. sizeof( *ReplyMessage ),
  69. sizeof( ULONG )
  70. );
  71. CapturedReplyMessage = *ReplyMessage;
  72. }
  73. except( EXCEPTION_EXECUTE_HANDLER ) {
  74. return( GetExceptionCode() );
  75. }
  76. }
  77. else {
  78. CapturedReplyMessage = *ReplyMessage;
  79. }
  81. //
  82. // Reference the port object by handle
  83. //
  85. Status = LpcpReferencePortObject( PortHandle,
  86. 0,
  87. PreviousMode,
  88. &PortObject
  89. );
  90. if (!NT_SUCCESS( Status )) {
  91. return( Status );
  92. }
  94. //
  95. // Translate the ClientId from the connection request into a
  96. // thread pointer. This is a referenced pointer to keep the thread
  97. // from evaporating out from under us.
  98. //
  100. Status = PsLookupProcessThreadByCid( &CapturedReplyMessage.ClientId,
  101. NULL,
  102. &WakeupThread
  103. );
  104. if (!NT_SUCCESS( Status )) {
  105. ObDereferenceObject( PortObject );
  106. return( Status );
  107. }
  109. //
  110. // Acquire the mutex that gaurds the LpcReplyMessage field of
  111. // the thread and get the pointer to the message that the thread
  112. // is waiting for a reply to.
  113. //
  115. ExAcquireFastMutex( &LpcpLock );
  116. Msg = (PLPCP_MESSAGE)LpcpAllocateFromPortZone( CapturedReplyMessage.u1.s1.TotalLength );
  117. if (Msg == NULL) {
  118. ExReleaseFastMutex( &LpcpLock );
  119. ObDereferenceObject( WakeupThread );
  120. ObDereferenceObject( PortObject );
  121. return( STATUS_NO_MEMORY );
  122. }
  124. //
  125. // See if the thread is waiting for a reply to the message
  126. // specified on this call. If not then a bogus message
  127. // has been specified, so release the mutex, dereference the thread
  128. // and return failure.
  129. //
  131. if (WakeupThread->LpcReplyMessageId != CapturedReplyMessage.MessageId) {
  132. LpcpPrint(( "%s Attempted reply to Thread %lx (%s)\n",
  133. PsGetCurrentProcess()->ImageFileName,
  134. WakeupThread,
  135. THREAD_TO_PROCESS( WakeupThread )->ImageFileName
  136. ));
  137. LpcpPrint(( "failed. MessageId == %u Client Id: %x.%x\n",
  138. CapturedReplyMessage.MessageId,
  139. CapturedReplyMessage.ClientId.UniqueProcess,
  140. CapturedReplyMessage.ClientId.UniqueThread
  141. ));
  142. LpcpPrint(( " Thread MessageId == %u Client Id: %x.%x\n",
  143. WakeupThread->LpcReplyMessageId,
  144. WakeupThread->Cid.UniqueProcess,
  145. WakeupThread->Cid.UniqueThread
  146. ));
  147. #if DBG
  148. if (LpcpStopOnReplyMismatch) {
  149. DbgBreakPoint();
  150. }
  151. #endif
  152. LpcpFreeToPortZone( Msg, TRUE );
  153. ExReleaseFastMutex( &LpcpLock );
  154. ObDereferenceObject( WakeupThread );
  155. ObDereferenceObject( PortObject );
  156. return( STATUS_REPLY_MESSAGE_MISMATCH );
  157. }
  159. LpcpTrace(( "%s Sending Reply Msg %lx (%u, %x) [%08x %08x %08x %08x] to Thread %lx (%s)\n",
  160. PsGetCurrentProcess()->ImageFileName,
  161. Msg,
  162. CapturedReplyMessage.MessageId,
  163. CapturedReplyMessage.u2.s2.DataInfoOffset,
  164. *((PULONG)(Msg+1)+0),
  165. *((PULONG)(Msg+1)+1),
  166. *((PULONG)(Msg+1)+2),
  167. *((PULONG)(Msg+1)+3),
  168. WakeupThread,
  169. THREAD_TO_PROCESS( WakeupThread )->ImageFileName
  170. ));
  172. if (CapturedReplyMessage.u2.s2.DataInfoOffset != 0) {
  173. LpcpFreeDataInfoMessage( PortObject,
  174. CapturedReplyMessage.MessageId,
  175. CapturedReplyMessage.CallbackId
  176. );
  177. }
  179. //
  180. // Release the mutex that guards the LpcReplyMessage field
  181. // after marking message as being replied to.
  182. //
  184. Msg->RepliedToThread = WakeupThread;
  185. WakeupThread->LpcReplyMessageId = 0;
  186. WakeupThread->LpcReplyMessage = (PVOID)Msg;
  188. //
  189. // Remove the thread from the reply rundown list as we are sending the reply.
  190. //
  191. if (!WakeupThread->LpcExitThreadCalled && !IsListEmpty( &WakeupThread->LpcReplyChain )) {
  192. RemoveEntryList( &WakeupThread->LpcReplyChain );
  193. InitializeListHead( &WakeupThread->LpcReplyChain );
  194. }
  196. if (CurrentThread->LpcReceivedMsgIdValid &&
  197. CurrentThread->LpcReceivedMessageId == CapturedReplyMessage.MessageId
  198. ) {
  199. CurrentThread->LpcReceivedMessageId = 0;
  200. CurrentThread->LpcReceivedMsgIdValid = FALSE;
  201. }
  202. ExReleaseFastMutex( &LpcpLock );
  204. //
  205. // Copy the reply message to the request message buffer
  206. //
  207. try {
  208. LpcpMoveMessage( &Msg->Request,
  209. &CapturedReplyMessage,
  210. (ReplyMessage + 1),
  211. LPC_REPLY,
  212. NULL
  213. );
  214. }
  215. except( EXCEPTION_EXECUTE_HANDLER ) {
  216. Status = GetExceptionCode();
  217. }
  219. //
  220. // Wake up the thread that is waiting for an answer to its request
  221. // inside of NtRequestWaitReplyPort or NtReplyWaitReplyPort. That
  222. // will dereference itself when it wakes up.
  223. //
  225. KeReleaseSemaphore( &WakeupThread->LpcReplySemaphore,
  226. 0,
  227. 1L,
  228. FALSE
  229. );
  231. //
  232. // Dereference port object and return the system service status.
  233. //
  235. ObDereferenceObject( PortObject );
  236. return( Status );
  237. }
  240. NTSTATUS
  241. NtReplyWaitReplyPort(
  242. IN HANDLE PortHandle,
  243. IN OUT PPORT_MESSAGE ReplyMessage
  244. )
  245. {
  246. KPROCESSOR_MODE PreviousMode;
  247. NTSTATUS Status;
  248. PLPCP_PORT_OBJECT PortObject;
  249. PORT_MESSAGE CapturedReplyMessage;
  250. PLPCP_MESSAGE Msg;
  251. PETHREAD CurrentThread;
  252. PETHREAD WakeupThread;
  254. PAGED_CODE();
  255. CurrentThread = PsGetCurrentThread();
  257. //
  258. // Get previous processor mode and probe output arguments if necessary.
  259. //
  261. PreviousMode = KeGetPreviousMode();
  262. if (PreviousMode != KernelMode) {
  263. try {
  264. ProbeForRead( ReplyMessage,
  265. sizeof( *ReplyMessage ),
  266. sizeof( ULONG )
  267. );
  268. CapturedReplyMessage = *ReplyMessage;
  269. }
  270. except( EXCEPTION_EXECUTE_HANDLER ) {
  271. return( GetExceptionCode() );
  272. }
  273. }
  274. else {
  275. CapturedReplyMessage = *ReplyMessage;
  276. }
  278. //
  279. // Reference the communication port object by handle. Return status if
  280. // unsuccessful.
  281. //
  283. Status = LpcpReferencePortObject( PortHandle,
  284. 0,
  285. PreviousMode,
  286. &PortObject
  287. );
  288. if (!NT_SUCCESS( Status )) {
  289. return( Status );
  290. }
  293. //
  294. // Translate the ClientId from the connection request into a
  295. // thread pointer. This is a referenced pointer to keep the thread
  296. // from evaporating out from under us.
  297. //
  299. Status = PsLookupProcessThreadByCid( &CapturedReplyMessage.ClientId,
  300. NULL,
  301. &WakeupThread
  302. );
  303. if (!NT_SUCCESS( Status )) {
  304. ObDereferenceObject( PortObject );
  305. return( Status );
  306. }
  308. //
  309. // Acquire the mutex that gaurds the LpcReplyMessage field of
  310. // the thread and get the pointer to the message that the thread
  311. // is waiting for a reply to.
  312. //
  314. ExAcquireFastMutex( &LpcpLock );
  315. Msg = (PLPCP_MESSAGE)LpcpAllocateFromPortZone( CapturedReplyMessage.u1.s1.TotalLength );
  316. if (Msg == NULL) {
  317. ExReleaseFastMutex( &LpcpLock );
  318. ObDereferenceObject( WakeupThread );
  319. ObDereferenceObject( PortObject );
  320. return( STATUS_NO_MEMORY );
  321. }
  323. //
  324. // See if the thread is waiting for a reply to the message
  325. // specified on this call. If not then a bogus message
  326. // has been specified, so release the mutex, dereference the thread
  327. // and return failure.
  328. //
  330. if (WakeupThread->LpcReplyMessageId != CapturedReplyMessage.MessageId) {
  331. LpcpPrint(( "%s Attempted reply wait reply to Thread %lx (%s)\n",
  332. PsGetCurrentProcess()->ImageFileName,
  333. WakeupThread,
  334. THREAD_TO_PROCESS( WakeupThread )->ImageFileName
  335. ));
  336. LpcpPrint(( "failed. MessageId == %u Client Id: %x.%x\n",
  337. CapturedReplyMessage.MessageId,
  338. CapturedReplyMessage.ClientId.UniqueProcess,
  339. CapturedReplyMessage.ClientId.UniqueThread
  340. ));
  341. LpcpPrint(( " Thread MessageId == %u Client Id: %x.%x\n",
  342. WakeupThread->LpcReplyMessageId,
  343. WakeupThread->Cid.UniqueProcess,
  344. WakeupThread->Cid.UniqueThread
  345. ));
  346. #if DBG
  347. if (LpcpStopOnReplyMismatch) {
  348. DbgBreakPoint();
  349. }
  350. #endif
  351. LpcpFreeToPortZone( Msg, TRUE );
  352. ExReleaseFastMutex( &LpcpLock );
  353. ObDereferenceObject( WakeupThread );
  354. ObDereferenceObject( PortObject );
  355. return( STATUS_REPLY_MESSAGE_MISMATCH );
  356. }
  359. LpcpTrace(( "%s Sending Reply Wait Reply Msg %lx (%u, %x) [%08x %08x %08x %08x] to Thread %lx (%s)\n",
  360. PsGetCurrentProcess()->ImageFileName,
  361. Msg,
  362. CapturedReplyMessage.MessageId,
  363. CapturedReplyMessage.u2.s2.DataInfoOffset,
  364. *((PULONG)(Msg+1)+0),
  365. *((PULONG)(Msg+1)+1),
  366. *((PULONG)(Msg+1)+2),
  367. *((PULONG)(Msg+1)+3),
  368. WakeupThread,
  369. THREAD_TO_PROCESS( WakeupThread )->ImageFileName
  370. ));
  372. if (CapturedReplyMessage.u2.s2.DataInfoOffset != 0) {
  373. LpcpFreeDataInfoMessage( PortObject,
  374. CapturedReplyMessage.MessageId,
  375. CapturedReplyMessage.CallbackId
  376. );
  377. }
  379. //
  380. // Release the mutex that guards the LpcReplyMessage field
  381. // after marking message as being replied to.
  382. //
  384. Msg->RepliedToThread = WakeupThread;
  385. WakeupThread->LpcReplyMessageId = 0;
  386. WakeupThread->LpcReplyMessage = (PVOID)Msg;
  388. //
  389. // Remove the thread from the reply rundown list as we are sending the reply.
  390. //
  391. if (!WakeupThread->LpcExitThreadCalled && !IsListEmpty( &WakeupThread->LpcReplyChain )) {
  392. RemoveEntryList( &WakeupThread->LpcReplyChain );
  393. InitializeListHead( &WakeupThread->LpcReplyChain );
  394. }
  396. CurrentThread->LpcReplyMessageId = CapturedReplyMessage.MessageId;
  397. CurrentThread->LpcReplyMessage = NULL;
  398. if (CurrentThread->LpcReceivedMsgIdValid &&
  399. CurrentThread->LpcReceivedMessageId == CapturedReplyMessage.MessageId
  400. ) {
  401. CurrentThread->LpcReceivedMessageId = 0;
  402. CurrentThread->LpcReceivedMsgIdValid = FALSE;
  403. }
  404. ExReleaseFastMutex( &LpcpLock );
  406. //
  407. // Copy the reply message to the request message buffer
  408. //
  409. try {
  410. LpcpMoveMessage( &Msg->Request,
  411. &CapturedReplyMessage,
  412. (ReplyMessage + 1),
  413. LPC_REPLY,
  414. NULL
  415. );
  416. }
  417. except( EXCEPTION_EXECUTE_HANDLER ) {
  418. Status = GetExceptionCode();
  419. ObDereferenceObject( WakeupThread );
  420. ObDereferenceObject( PortObject );
  421. return Status;
  422. }
  424. //
  425. // Wake up the thread that is waiting for an answer to its request
  426. // inside of NtRequestWaitReplyPort or NtReplyWaitReplyPort. That
  427. // will dereference itself when it wakes up.
  428. //
  430. Status = KeReleaseWaitForSemaphore( &WakeupThread->LpcReplySemaphore,
  431. &CurrentThread->LpcReplySemaphore,
  432. Executive,
  433. PreviousMode
  434. );
  435. if (Status == STATUS_USER_APC) {
  436. //
  437. // if the semaphore is signaled, then clear it
  438. //
  439. if (KeReadStateSemaphore( &CurrentThread->LpcReplySemaphore )) {
  440. KeWaitForSingleObject( &CurrentThread->LpcReplySemaphore,
  441. WrExecutive,
  442. KernelMode,
  443. FALSE,
  444. NULL
  445. );
  446. Status = STATUS_SUCCESS;
  447. }
  448. }
  451. //
  452. // If the wait succeeded, copy the reply to the reply buffer.
  453. //
  455. if (Status == STATUS_SUCCESS ) {
  457. //
  458. // Acquire the mutex that gaurds the request message
  459. // queue. Remove the request message from the list of
  460. // messages being processed and free the message back to the queue's zone.
  461. // If the zone's free list was zero before freeing this message then
  462. // pulse the free event after free the message so that threads waiting
  463. // to allocate a request message buffer will wake up. Finally,
  464. // release the mutex and return the system service status.
  465. //
  467. ExAcquireFastMutex( &LpcpLock );
  469. Msg = CurrentThread->LpcReplyMessage;
  470. CurrentThread->LpcReplyMessage = NULL;
  471. #if DBG
  472. if (Msg != NULL) {
  473. LpcpTrace(( "%s Got Reply Msg %lx (%u) [%08x %08x %08x %08x] for Thread %lx (%s)\n",
  474. PsGetCurrentProcess()->ImageFileName,
  475. Msg,
  476. Msg->Request.MessageId,
  477. *((PULONG)(Msg+1)+0),
  478. *((PULONG)(Msg+1)+1),
  479. *((PULONG)(Msg+1)+2),
  480. *((PULONG)(Msg+1)+3),
  481. CurrentThread,
  482. THREAD_TO_PROCESS( CurrentThread )->ImageFileName
  483. ));
  484. if (!IsListEmpty( &Msg->Entry )) {
  485. LpcpTrace(( "Reply Msg %lx has non-empty list entry\n", Msg ));
  486. }
  487. }
  488. #endif
  490. ExReleaseFastMutex( &LpcpLock );
  492. if (Msg != NULL) {
  493. try {
  494. LpcpMoveMessage( ReplyMessage,
  495. &Msg->Request,
  496. (&Msg->Request) + 1,
  497. 0,
  498. NULL
  499. );
  500. }
  501. except( EXCEPTION_EXECUTE_HANDLER ) {
  502. Status = GetExceptionCode();
  503. }
  505. //
  506. // Acquire the LPC mutex and decrement the reference count for the
  507. // message. If the reference count goes to zero the message will be
  508. // deleted.
  509. //
  511. ExAcquireFastMutex( &LpcpLock );
  513. if (Msg->RepliedToThread != NULL) {
  514. ObDereferenceObject( Msg->RepliedToThread );
  515. Msg->RepliedToThread = NULL;
  516. }
  518. LpcpFreeToPortZone( Msg, TRUE );
  520. ExReleaseFastMutex( &LpcpLock );
  521. }
  522. }
  525. ObDereferenceObject( PortObject );
  526. return( Status );
  527. }
  530. NTSTATUS
  531. NtReadRequestData(
  532. IN HANDLE PortHandle,
  533. IN PPORT_MESSAGE Message,
  534. IN ULONG DataEntryIndex,
  535. OUT PVOID Buffer,
  536. IN ULONG BufferSize,
  537. OUT PULONG NumberOfBytesRead OPTIONAL
  538. )
  539. {
  540. PAGED_CODE();
  542. return LpcpCopyRequestData( FALSE,
  543. PortHandle,
  544. Message,
  545. DataEntryIndex,
  546. Buffer,
  547. BufferSize,
  548. NumberOfBytesRead
  549. );
  550. }
  553. NTSTATUS
  554. NtWriteRequestData(
  555. IN HANDLE PortHandle,
  556. IN PPORT_MESSAGE Message,
  557. IN ULONG DataEntryIndex,
  558. IN PVOID Buffer,
  559. IN ULONG BufferSize,
  560. OUT PULONG NumberOfBytesWritten OPTIONAL
  561. )
  562. {
  563. PAGED_CODE();
  564. return LpcpCopyRequestData( TRUE,
  565. PortHandle,
  566. Message,
  567. DataEntryIndex,
  568. Buffer,
  569. BufferSize,
  570. NumberOfBytesWritten
  571. );
  572. }
  575. NTSTATUS
  576. LpcpCopyRequestData(
  577. IN BOOLEAN WriteToMessageData,
  578. IN HANDLE PortHandle,
  579. IN PPORT_MESSAGE Message,
  580. IN ULONG DataEntryIndex,
  581. IN PVOID Buffer,
  582. IN ULONG BufferSize,
  583. OUT PULONG NumberOfBytesCopied OPTIONAL
  584. )
  585. {
  586. KPROCESSOR_MODE PreviousMode;
  587. PLPCP_PORT_OBJECT PortObject;
  588. PLPCP_MESSAGE Msg;
  589. PLIST_ENTRY Head, Next;
  590. NTSTATUS Status;
  591. PETHREAD ClientThread;
  592. PPORT_DATA_INFORMATION DataInfo;
  593. PPORT_DATA_ENTRY DataEntry;
  594. PORT_MESSAGE CapturedMessage;
  595. PORT_DATA_INFORMATION CapturedDataInfo;
  596. PORT_DATA_ENTRY CapturedDataEntry;
  597. ULONG BytesCopied;
  599. PAGED_CODE();
  600. //
  601. // Get previous processor mode and probe output arguments if necessary.
  602. //
  604. PreviousMode = KeGetPreviousMode();
  605. if (PreviousMode != KernelMode) {
  606. try {
  607. if (WriteToMessageData) {
  608. ProbeForRead( Buffer,
  609. BufferSize,
  610. 1
  611. );
  612. }
  613. else {
  614. ProbeForWrite( Buffer,
  615. BufferSize,
  616. 1
  617. );
  618. }
  620. ProbeForRead( Message,
  621. sizeof( *Message ),
  622. sizeof( ULONG )
  623. );
  624. CapturedMessage = *Message;
  625. if (ARGUMENT_PRESENT( NumberOfBytesCopied )) {
  626. ProbeForWriteUlong( NumberOfBytesCopied );
  627. }
  628. }
  629. except( EXCEPTION_EXECUTE_HANDLER ) {
  630. return( GetExceptionCode() );
  631. }
  632. }
  633. else {
  634. CapturedMessage = *Message;
  635. }
  637. if (CapturedMessage.u2.s2.DataInfoOffset == 0) {
  638. return( STATUS_INVALID_PARAMETER );
  639. }
  641. //
  642. // Reference the port object by handle
  643. //
  645. Status = LpcpReferencePortObject( PortHandle,
  646. 0,
  647. PreviousMode,
  648. &PortObject
  649. );
  650. if (!NT_SUCCESS( Status )) {
  651. return( Status );
  652. }
  654. //
  655. // Translate the ClientId from the connection request into a
  656. // thread pointer. This is a referenced pointer to keep the thread
  657. // from evaporating out from under us.
  658. //
  660. Status = PsLookupProcessThreadByCid( &CapturedMessage.ClientId,
  661. NULL,
  662. &ClientThread
  663. );
  664. if (!NT_SUCCESS( Status )) {
  665. ObDereferenceObject( PortObject );
  666. return( Status );
  667. }
  669. //
  670. // Acquire the mutex that gaurds the LpcReplyMessage field of
  671. // the thread and get the pointer to the message that the thread
  672. // is waiting for a reply to.
  673. //
  675. ExAcquireFastMutex( &LpcpLock );
  677. //
  678. // See if the thread is waiting for a reply to the message
  679. // specified on this call. If not then a bogus message
  680. // has been specified, so release the mutex, dereference the thread
  681. // and return failure.
  682. //
  684. if (ClientThread->LpcReplyMessageId != CapturedMessage.MessageId) {
  685. Status = STATUS_REPLY_MESSAGE_MISMATCH;
  686. }
  687. else {
  688. Status = STATUS_INVALID_PARAMETER;
  689. Msg = LpcpFindDataInfoMessage( PortObject,
  690. CapturedMessage.MessageId,
  691. CapturedMessage.CallbackId
  692. );
  693. if (Msg != NULL) {
  694. DataInfo = (PPORT_DATA_INFORMATION)((PUCHAR)&Msg->Request +
  695. Msg->Request.u2.s2.DataInfoOffset
  696. );
  697. if (DataInfo->CountDataEntries > DataEntryIndex) {
  698. DataEntry = &DataInfo->DataEntries[ DataEntryIndex ];
  699. CapturedDataEntry = *DataEntry;
  700. if (CapturedDataEntry.Size >= BufferSize) {
  701. Status = STATUS_SUCCESS;
  702. }
  703. }
  704. }
  705. }
  707. if (!NT_SUCCESS( Status )) {
  708. ExReleaseFastMutex( &LpcpLock );
  709. ObDereferenceObject( ClientThread );
  710. ObDereferenceObject( PortObject );
  711. return( Status );
  712. }
  714. //
  715. // Release the mutex that guards the LpcReplyMessage field
  716. //
  718. ExReleaseFastMutex( &LpcpLock );
  721. //
  722. // Copy the message data
  723. //
  725. if (WriteToMessageData) {
  726. Status = MmCopyVirtualMemory( PsGetCurrentProcess(),
  727. Buffer,
  728. THREAD_TO_PROCESS( ClientThread ),
  729. CapturedDataEntry.Base,
  730. BufferSize,
  731. PreviousMode,
  732. &BytesCopied
  733. );
  734. }
  735. else {
  736. Status = MmCopyVirtualMemory( THREAD_TO_PROCESS( ClientThread ),
  737. CapturedDataEntry.Base,
  738. PsGetCurrentProcess(),
  739. Buffer,
  740. BufferSize,
  741. PreviousMode,
  742. &BytesCopied
  743. );
  744. }
  746. if (ARGUMENT_PRESENT( NumberOfBytesCopied )) {
  747. try {
  748. *NumberOfBytesCopied = BytesCopied;
  749. }
  750. except( EXCEPTION_EXECUTE_HANDLER ) {
  751. NOTHING;
  752. }
  753. }
  755. //
  756. // Dereference client thread and return the system service status.
  757. //
  759. ObDereferenceObject( ClientThread );
  760. ObDereferenceObject( PortObject );
  761. return( Status );
  762. }