archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/ntos/ke/amd64/callout.asm

395 lines
13 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. title "Call Out to User Mode"
  2. ;++
  3. ;
  4. ; Copyright (c) 2000 Microsoft Corporation
  5. ;
  6. ; Module Name:
  7. ;
  8. ; callout.asm
  9. ;
  10. ; Abstract:
  11. ;
  12. ; This module implements the code necessary to call out from kernel
  13. ; mode to user mode.
  14. ;
  15. ; Author:
  16. ;
  17. ; David N. Cutler (davec) 30-Aug-2000
  18. ;
  19. ; Environment:
  20. ;
  21. ; Kernel mode only.
  22. ;
  23. ;--
  25. include ksamd64.inc
  27. extern KeUserCallbackDispatcher:qword
  28. extern KiSystemServiceExit:proc
  29. extern MmGrowKernelStack:proc
  30. extern PsConvertToGuiThread:proc
  32. subttl "Call User Mode Function"
  33. ;++
  34. ;
  35. ; NTSTATUS
  36. ; KiCallUserMode (
  37. ; IN PVOID *Outputbuffer,
  38. ; IN PULONG OutputLength
  39. ; )
  40. ;
  41. ; Routine Description:
  42. ;
  43. ; This function calls a user mode function from kernel mode.
  44. ;
  45. ; N.B. This function calls out to user mode and the NtCallbackReturn
  46. ; function returns back to the caller of this function. Therefore,
  47. ; the stack layout must be consistent between the two routines.
  48. ;
  49. ; Arguments:
  50. ;
  51. ; OutputBuffer (rcx) - Supplies a pointer to the variable that receivies
  52. ; the address of the output buffer.
  53. ;
  54. ; OutputLength (rdx) - Supplies a pointer to a variable that receives
  55. ; the length of the output buffer.
  56. ;
  57. ; Return Value:
  58. ;
  59. ; The final status of the call out function is returned as the status
  60. ; of the function.
  61. ;
  62. ; N.B. This function does not return to its caller. A return to the
  63. ; caller is executed when a NtCallbackReturn system service is
  64. ; executed.
  65. ;
  66. ; N.B. This function does return to its caller if a kernel stack
  67. ; expansion is required and the attempted expansion fails.
  68. ;
  69. ;--
  71. NESTED_ENTRY KiCallUserMode, _TEXT$00
  73. GENERATE_EXCEPTION_FRAME <Rbp> ; generate exception frame
  75. ;
  76. ; Save argument registers in frame and allocate a legacy floating point
  77. ; save area.
  78. ;
  80. mov CuOutputBuffer[rbp], rcx ; save output buffer address
  81. mov CuOutputLength[rbp], rdx ; save output length address
  82. sub rsp, LEGACY_SAVE_AREA_LENGTH ; allocate legacy save area
  84. ;
  85. ; Check if sufficient room is available on the kernel stack for another
  86. ; system call.
  87. ;
  89. mov rbx, gs:[PcCurrentThread] ; get current thread address
  90. lea rax, (- KERNEL_LARGE_STACK_COMMIT)[rsp] ; compute bottom address
  91. cmp rax, ThStackLimit[rbx] ; check if limit exceeded
  92. jae short KiCU10 ; if ae, limit not exceeded
  93. mov rcx, rsp ; set current stack address
  94. call MmGrowKernelStack ; attempt to grow kernel stack
  95. or eax, eax ; check for successful completion
  96. jne short KiCU20 ; if ne, attempt to grow failed
  98. ;
  99. ; Save the callback stack address and the initial stack address in the current
  100. ; frame.
  101. ;
  103. KiCU10: mov rax, ThCallbackStack[rbx] ; save current callback stack address
  104. mov CuCallbackStack[rbp], rax ;
  105. mov rsi, ThInitialStack[rbx] ; save initial stack address
  106. mov CuInitialStack[rbp], rsi ;
  107. mov ThCallbackstack[rbx], rbp ; set new callback stack address
  109. ;
  110. ; If the legacy state is scrub, then copy the legacy state template to the
  111. ; new legacy state area.
  112. ;
  114. cmp byte ptr ThNpxState[rbx], LEGACY_STATE_SCRUB ; check if scrub state
  115. jne short KiCU15 ; if ne, not scrubbing legacy state
  116. mov ecx, (LEGACY_SAVE_AREA_LENGTH / 8) ; set length of copy
  117. mov rdi, rsp ; set destination address
  118. movsq ; copy legacy floating template
  120. ;
  121. ; Save the current trap frame address and establish a new initial kernel stack
  122. ; address;
  123. ;
  125. KiCU15: mov rsi, ThTrapFrame[rbx] ; save current trap frame address
  126. mov CuTrapFrame[rbp], rsi ;
  127. mov rdi, gs:[PcTss] ; get processor TSS address
  128. cli ; disable interrupts
  129. mov ThInitialStack[rbx], rsp ; set new initial stack address
  130. mov TssRsp0[rdi], rsp ; set initial stack address in TSS
  132. ;
  133. ; Construct a trap frame to facilitate the transfer into user mode via
  134. ; the standard system call exit.
  135. ;
  136. ; N.B. Interrupts are not enabled throughout the remainder of the system
  137. ; service exit.
  138. ;
  140. sub rsp, KTRAP_FRAME_LENGTH ; allocate a trap frame
  141. mov rdi, rsp ; set destination address
  142. mov rcx, (KTRAP_FRAME_LENGTH / 8) ; set length of copy
  143. rep movsq ; copy trap frame
  144. lea rbp, 128[rsp] ; set frame pointer address
  145. mov rax, KeUserCallbackDispatcher ; set user return address
  146. mov TrRip[rbp], rax ;
  147. jmp KiSystemServiceExit ; exit through service dispatch
  149. ;
  150. ; An attempt to grow the kernel stack failed.
  151. ;
  153. KiCU20: mov rsp, rbp ; deallocate legacy save area
  155. RESTORE_EXCEPTION_STATE <Rbp> ; restore exception state/deallocate
  157. ret ;
  159. NESTED_END KiCallUserMode, _TEXT$00
  161. subttl "Convert To Gui Thread"
  162. ;++
  163. ;
  164. ; NTSTATUS
  165. ; KiConvertToGuiThread (
  166. ; VOID
  167. ; );
  168. ;
  169. ; Routine Description:
  170. ;
  171. ; This routine is a stub routine which is called by the system service
  172. ; dispatcher to convert the current thread to a GUI thread. The process
  173. ; of converting to a GUI mode thread involves allocating a large stack,
  174. ; switching to the large stack, and then calling the win32k subsystem
  175. ; to record state. In order to switch the kernel stack the frame pointer
  176. ; used in the system service dispatch must be relocated.
  177. ;
  178. ; N.B. The address of the pushed rbp in this routine is located from the
  179. ; trap frame address in switch kernel stack.
  180. ;
  181. ; Arguments:
  182. ;
  183. ; None.
  184. ;
  185. ; Implicit arguments:
  186. ;
  187. ; rbp - Supplies a pointer to the trap frame.
  188. ;
  189. ; Return Value:
  190. ;
  191. ; The status returned by the real convert to GUI thread is returned as the
  192. ; function status.
  193. ;
  194. ;--
  196. NESTED_ENTRY KiConvertToGuiThread, _TEXT$00
  198. push_reg rbp ; save frame pointer
  200. END_PROLOGUE
  202. call PsConvertToGuiThread ; convert to GUI thread
  203. pop rbp ; restore frame pointer
  204. ret ;
  206. NESTED_END KiConvertToGuiThread, _TEXT$00
  208. subttl "Switch Kernel Stack"
  209. ;++
  210. ;
  211. ; PVOID
  212. ; KeSwitchKernelStack (
  213. ; IN PVOID StackBase,
  214. ; IN PVOID StackLimit
  215. ; )
  216. ;
  217. ; Routine Description:
  218. ;
  219. ; This function switches to the specified large kernel stack.
  220. ;
  221. ; N.B. This function can ONLY be called when there are no variables
  222. ; in the stack that refer to other variables in the stack, i.e.,
  223. ; there are no pointers into the stack.
  224. ;
  225. ; N.B. The address of the frame pointer used in the system service
  226. ; dispatcher is located using the trap frame.
  227. ;
  228. ; Arguments:
  229. ;
  230. ; StackBase (rcx) - Supplies a pointer to the base of the new kernel
  231. ; stack.
  232. ;
  233. ; StackLimit (rdx) - Suplies a pointer to the limit of the new kernel
  234. ; stack.
  235. ;
  236. ; Return Value:
  237. ;
  238. ; The previous stack base is returned as the function value.
  239. ;
  240. ;--
  242. SkFrame struct
  243. Fill dq ? ; fill to 8 mod 16
  244. SavedRdi dq ? ; saved register RDI
  245. SavedRsi dq ? ; saved register RSI
  246. SkFrame ends
  248. NESTED_ENTRY KeSwitchKernelStack, _TEXT$00
  250. push_reg rsi ; save nonvolatile registers
  251. push_reg rdi ;
  252. alloc_stack (sizeof SkFrame - (2 * 8)) ; allocate stack frame
  254. END_PROLOGUE
  256. ;
  257. ; Save the address of the new stack and copy the current stack to the new
  258. ; stack.
  259. ;
  261. mov r8, rcx ; save new stack base address
  262. mov r10, gs:[PcCurrentThread] ; get current thread address
  263. mov rcx, ThStackBase[r10] ; get current stack base address
  264. mov r9, ThTrapFrame[r10] ; get current trap frame address
  265. sub r9, rcx ; relocate trap frame address
  266. add r9, r8 ;
  267. mov ThTrapFrame[r10], r9 ; set new trap frame address
  268. sub rcx, rsp ; compute length of copy in bytes
  269. mov rdi, r8 ; compute destination address of copy
  270. sub rdi, rcx ;
  271. mov r9, rdi ; save new stack pointer address
  272. mov rsi, rsp ; set source address of copy
  273. shr rcx, 3 ; compute length of copy on quadwords
  274. rep movsq ; copy old stack to new stack
  275. mov rcx, ThTrapFrame[r10] ; get new trap frame address
  276. lea rax, 128[rcx] ; compute new frame address
  277. mov (-2 * 8)[rcx], rax ; set relocated frame pointer
  279. ;
  280. ; Switch to the new kernel stack and return the address of the old kernel
  281. ; stack.
  282. ;
  284. mov rax, ThStackBase[r10] ; get current stack base address
  285. cli ; disable interrupts
  286. mov byte ptr ThLargeStack[r10], 1 ; set large stack TRUE
  287. mov ThStackBase[r10], r8 ; set new stack base address
  288. sub r8, LEGACY_SAVE_AREA_LENGTH ; compute initial stack address
  289. mov ThInitialStack[r10], r8 ; set new initial stack address
  290. mov ThStackLimit[r10], rdx ; set new stack limit address
  291. mov r10, gs:[PcTss] ; get processor TSS address
  292. mov TssRsp0[r10], r8 ; set initial stack address in TSS
  293. mov rsp, r9 ; set new stack pointer address
  294. sti ;
  295. add rsp, sizeof SkFrame - (2 * 8) ; deallocate stack frame
  296. pop rdi ; restore nonvolatile registers
  297. pop rsi ;
  298. ret ; return
  300. NESTED_END KeSwitchKernelStack, _TEXT$00
  302. subttl "Return from User Mode Callback"
  303. ;++
  304. ;
  305. ; NTSTATUS
  306. ; NtCallbackReturn (
  307. ; IN PVOID OutputBuffer OPTIONAL,
  308. ; IN ULONG OutputLength,
  309. ; IN NTSTATUS Status
  310. ; )
  311. ;
  312. ; Routine Description:
  313. ;
  314. ; This function returns from a user mode callout to the kernel
  315. ; mode caller of the user mode callback function.
  316. ;
  317. ; N.B. This function returns to the function that called out to user
  318. ; mode and the KiCallUserMode function calls out to user mode.
  319. ; Therefore, the stack layout must be consistent between the
  320. ; two routines.
  321. ;
  322. ; Arguments:
  323. ;
  324. ; OutputBuffer (rcx) - Supplies an optional pointer to an output buffer.
  325. ;
  326. ; OutputLength (rdx) - Supplies the length of the output buffer.
  327. ;
  328. ; Status (r8) - Supplies the status value returned to the caller of the
  329. ; callback function.
  330. ;
  331. ; Return Value:
  332. ;
  333. ; If the callback return cannot be executed, then an error status is
  334. ; returned. Otherwise, the specified callback status is returned to
  335. ; the caller of the callback function.
  336. ;
  337. ; N.B. This function returns to the function that called out to user
  338. ; mode is a callout is currently active.
  339. ;
  340. ;--
  342. LEAF_ENTRY NtCallbackReturn, _TEXT$00
  344. mov r11, gs:[PcCurrentThread] ; get current thread address
  345. mov r10, ThCallbackStack[r11] ; get callback stack address
  346. cmp r10, 0 ; check if callback active
  347. je KiCb10 ; if zero, callback not active
  348. mov rax, r8 ; save completion status
  350. ;
  351. ; Store the output buffer address and length.
  352. ;
  354. mov r9, CuOutputBuffer[r10] ; get address to store output buffer
  355. mov [r9], rcx ; store output buffer address
  356. mov r9, CuOutputLength[r10] ; get address to store output length
  357. mov [r9], edx ; store output buffer length
  359. ;
  360. ; Restore the previous callback stack address and trap frame address.
  361. ;
  363. cli ; disable interrupts
  364. mov r8, CuTrapFrame[r10] ; get previous trap frame address
  365. mov ThTrapFrame[r11], r8 ; restore previous trap frame address
  366. test byte ptr TrDr7[r8], DR7_ACTIVE ; test if previous debug active
  367. setnz byte ptr ThDebugActive[r11] ; set correct thread debug active
  368. mov r8, CuCallbackStack[r10] ; get previous callback stack address
  369. mov ThCallbackStack[r11], r8 ; restore previous callback stack address
  371. ;
  372. ; Restore initial stack address.
  373. ;
  375. mov r9, CuInitialStack[r10] ; get previous initial stack address
  376. mov ThInitialStack[r11], r9 ; restore initial stack address
  377. mov r8, gs:[PcTss] ; get processor TSS address
  378. mov TssRsp0[r8], r9 ; set initial stack address in TSS
  379. mov rsp, r10 ; trim stack back to callback frame
  381. RESTORE_EXCEPTION_STATE <Rbp> ; restore exception state/deallocate
  383. sti ; enable interrupts
  384. ret ; return
  386. ;
  387. ; No callback is currently active.
  388. ;
  390. KiCB10: mov eax, STATUS_NO_CALLBACK_ACTIVE ; set service status
  391. ret ; return
  393. LEAF_END NtCallbackReturn, _TEXT$00
  395. end