archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/ntos/vdm/i386/vdminit.c

477 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  2. #include "vdmp.h"
  4. #include <ntos.h>
  5. #include <zwapi.h>
  6. #include <ntconfig.h>
  8. #ifdef ALLOC_PRAGMA
  9. #pragma alloc_text(PAGE, VdmpInitialize)
  10. #endif
  12. #define KEY_VALUE_BUFFER_SIZE 1024
  14. #if DEVL
  15. ULONG VdmBopCount;
  16. #endif
  18. NTSTATUS
  19. VdmpInitialize (
  20. PVDM_INITIALIZE_DATA VdmInitData
  21. )
  23. /*++
  25. Routine Description:
  27. Initialize the address space of a VDM.
  29. Arguments:
  31. VdmInitData - Supplies the captured initialization data.
  33. Return Value:
  35. NTSTATUS.
  37. --*/
  39. {
  40. PETHREAD CurrentThread;
  41. PVOID OriginalVdmObjects;
  42. NTSTATUS Status, StatusCopy;
  43. OBJECT_ATTRIBUTES ObjectAttributes;
  44. UNICODE_STRING SectionName;
  45. UNICODE_STRING WorkString;
  46. ULONG ViewSize;
  47. LARGE_INTEGER ViewBase;
  48. PVOID BaseAddress;
  49. PVOID destination;
  50. HANDLE SectionHandle, RegistryHandle;
  51. PEPROCESS Process = PsGetCurrentProcess();
  52. ULONG ResultLength;
  53. ULONG Index;
  54. PCM_FULL_RESOURCE_DESCRIPTOR ResourceDescriptor;
  55. PCM_PARTIAL_RESOURCE_DESCRIPTOR PartialResourceDescriptor;
  56. PKEY_VALUE_FULL_INFORMATION KeyValueBuffer;
  57. PCM_ROM_BLOCK BiosBlock;
  58. ULONG LastMappedAddress;
  59. PVDM_PROCESS_OBJECTS pVdmObjects;
  60. PVDMICAUSERDATA pIcaUserData;
  61. PVOID TrapcHandler;
  63. PAGED_CODE();
  65. NtCurrentTeb()->Vdm = NULL;
  67. //
  68. // Simple check to sure it is not already initialized. A final synchronized
  69. // check is made farther down.
  70. //
  72. if (Process->VdmObjects) {
  73. return STATUS_UNSUCCESSFUL;
  74. }
  76. RtlInitUnicodeString (&SectionName, L"\\Device\\PhysicalMemory");
  78. InitializeObjectAttributes (&ObjectAttributes,
  79. &SectionName,
  80. OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
  81. (HANDLE) NULL,
  82. (PSECURITY_DESCRIPTOR) NULL);
  84. Status = ZwOpenSection (&SectionHandle,
  85. SECTION_ALL_ACCESS,
  86. &ObjectAttributes);
  88. if (!NT_SUCCESS(Status)) {
  89. return Status;
  90. }
  92. pIcaUserData = VdmInitData->IcaUserData;
  93. TrapcHandler = VdmInitData->TrapcHandler;
  95. //
  96. // Copy the first page of memory into the VDM's address space
  97. //
  99. BaseAddress = 0;
  100. destination = 0;
  101. ViewSize = 0x1000;
  102. ViewBase.LowPart = 0;
  103. ViewBase.HighPart = 0;
  105. Status = ZwMapViewOfSection (SectionHandle,
  106. NtCurrentProcess(),
  107. &BaseAddress,
  108. 0,
  109. ViewSize,
  110. &ViewBase,
  111. &ViewSize,
  112. ViewUnmap,
  113. 0,
  114. PAGE_READWRITE);
  116. if (!NT_SUCCESS(Status)) {
  117. ZwClose (SectionHandle);
  118. return Status;
  119. }
  121. StatusCopy = STATUS_SUCCESS;
  123. try {
  124. RtlCopyMemory (destination, BaseAddress, ViewSize);
  125. }
  126. except(EXCEPTION_EXECUTE_HANDLER) {
  127. StatusCopy = GetExceptionCode ();
  128. }
  130. Status = ZwUnmapViewOfSection (NtCurrentProcess(), BaseAddress);
  132. if (!NT_SUCCESS(Status) || !NT_SUCCESS(StatusCopy)) {
  133. ZwClose (SectionHandle);
  134. return (NT_SUCCESS(Status) ? StatusCopy : Status);
  135. }
  137. //
  138. // Map Rom into address space
  139. //
  141. BaseAddress = (PVOID) 0x000C0000;
  142. ViewSize = 0x40000;
  143. ViewBase.LowPart = 0x000C0000;
  144. ViewBase.HighPart = 0;
  146. //
  147. // First unmap the reserved memory. This must be done here to prevent
  148. // the virtual memory in question from being consumed by some other
  149. // alloc vm call.
  150. //
  152. Status = ZwFreeVirtualMemory (NtCurrentProcess(),
  153. &BaseAddress,
  154. &ViewSize,
  155. MEM_RELEASE);
  157. //
  158. // N.B. This should probably take into account the fact that there are
  159. // a handful of error conditions that are ok (such as no memory to
  160. // release).
  161. //
  163. if (!NT_SUCCESS(Status)) {
  164. ZwClose (SectionHandle);
  165. return Status;
  166. }
  168. //
  169. // Set up and open KeyPath
  170. //
  172. InitializeObjectAttributes (&ObjectAttributes,
  173. &CmRegistryMachineHardwareDescriptionSystemName,
  174. OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
  175. (HANDLE)NULL,
  176. NULL);
  178. Status = ZwOpenKey (&RegistryHandle, KEY_READ, &ObjectAttributes);
  180. if (!NT_SUCCESS(Status)) {
  181. ZwClose(SectionHandle);
  182. return Status;
  183. }
  185. //
  186. // Allocate space for the data
  187. //
  189. KeyValueBuffer = ExAllocatePoolWithTag (PagedPool,
  190. KEY_VALUE_BUFFER_SIZE,
  191. ' MDV');
  193. if (KeyValueBuffer == NULL) {
  194. ZwClose(RegistryHandle);
  195. ZwClose(SectionHandle);
  196. return STATUS_NO_MEMORY;
  197. }
  199. //
  200. // Get the data for the rom information
  201. //
  203. RtlInitUnicodeString (&WorkString, L"Configuration Data");
  205. Status = ZwQueryValueKey (RegistryHandle,
  206. &WorkString,
  207. KeyValueFullInformation,
  208. KeyValueBuffer,
  209. KEY_VALUE_BUFFER_SIZE,
  210. &ResultLength);
  212. if (!NT_SUCCESS(Status)) {
  213. ExFreePool(KeyValueBuffer);
  214. ZwClose(RegistryHandle);
  215. ZwClose(SectionHandle);
  216. return Status;
  217. }
  219. ResourceDescriptor = (PCM_FULL_RESOURCE_DESCRIPTOR)
  220. ((PUCHAR) KeyValueBuffer + KeyValueBuffer->DataOffset);
  222. if ((KeyValueBuffer->DataLength < sizeof(CM_FULL_RESOURCE_DESCRIPTOR)) ||
  223. (ResourceDescriptor->PartialResourceList.Count < 2)) {
  225. //
  226. // No rom blocks.
  227. //
  229. ExFreePool(KeyValueBuffer);
  230. ZwClose(RegistryHandle);
  231. ZwClose(SectionHandle);
  232. return STATUS_SUCCESS;
  233. }
  235. PartialResourceDescriptor = (PCM_PARTIAL_RESOURCE_DESCRIPTOR)
  236. ((PUCHAR)ResourceDescriptor +
  237. sizeof(CM_FULL_RESOURCE_DESCRIPTOR) +
  238. ResourceDescriptor->PartialResourceList.PartialDescriptors[0]
  239. .u.DeviceSpecificData.DataSize);
  242. if (KeyValueBuffer->DataLength < ((PUCHAR)PartialResourceDescriptor -
  243. (PUCHAR)ResourceDescriptor + sizeof(CM_PARTIAL_RESOURCE_DESCRIPTOR)
  244. + sizeof(CM_ROM_BLOCK))) {
  246. ExFreePool(KeyValueBuffer);
  247. ZwClose(RegistryHandle);
  248. ZwClose(SectionHandle);
  249. return STATUS_ILL_FORMED_SERVICE_ENTRY;
  250. }
  252. BiosBlock = (PCM_ROM_BLOCK)((PUCHAR)PartialResourceDescriptor +
  253. sizeof(CM_PARTIAL_RESOURCE_DESCRIPTOR));
  255. Index = PartialResourceDescriptor->u.DeviceSpecificData.DataSize /
  256. sizeof(CM_ROM_BLOCK);
  258. //
  259. // N.B. Rom blocks begin on 2K (not necessarily page) boundaries
  260. // They end on 512 byte boundaries. This means that we have
  261. // to keep track of the last page mapped, and round the next
  262. // Rom block up to the next page boundary if necessary.
  263. //
  265. LastMappedAddress = 0xC0000;
  267. while (Index) {
  269. #if 0
  270. DbgPrint ("Bios Block, PhysAddr = %lx, size = %lx\n",
  271. BiosBlock->Address,
  272. BiosBlock->Size);
  273. #endif
  275. if ((Index > 1) &&
  276. ((BiosBlock->Address + BiosBlock->Size) == BiosBlock[1].Address)) {
  278. //
  279. // Coalesce adjacent blocks
  280. //
  282. BiosBlock[1].Address = BiosBlock[0].Address;
  283. BiosBlock[1].Size += BiosBlock[0].Size;
  284. Index -= 1;
  285. BiosBlock += 1;
  286. continue;
  287. }
  289. BaseAddress = (PVOID)(BiosBlock->Address);
  290. ViewSize = BiosBlock->Size;
  292. if ((ULONG)BaseAddress < LastMappedAddress) {
  293. if (ViewSize > (LastMappedAddress - (ULONG)BaseAddress)) {
  294. ViewSize = ViewSize - (LastMappedAddress - (ULONG)BaseAddress);
  295. BaseAddress = (PVOID)LastMappedAddress;
  296. } else {
  297. ViewSize = 0;
  298. }
  299. }
  301. ViewBase.LowPart = (ULONG)BaseAddress;
  303. if (ViewSize > 0) {
  305. Status = ZwMapViewOfSection (SectionHandle,
  306. NtCurrentProcess(),
  307. &BaseAddress,
  308. 0,
  309. ViewSize,
  310. &ViewBase,
  311. &ViewSize,
  312. ViewUnmap,
  313. MEM_DOS_LIM,
  314. PAGE_READWRITE);
  316. if (!NT_SUCCESS(Status)) {
  317. break;
  318. }
  320. LastMappedAddress = (ULONG)BaseAddress + ViewSize;
  321. }
  323. Index -= 1;
  324. BiosBlock += 1;
  325. }
  327. //
  328. // Free up the handles
  329. //
  331. ExFreePool(KeyValueBuffer);
  332. ZwClose(SectionHandle);
  333. ZwClose(RegistryHandle);
  335. //
  336. // Create VdmObjects structure
  337. //
  338. // N.B. We don't use ExAllocatePoolWithQuota because it
  339. // takes a reference to the process (which ExFreePool
  340. // dereferences). Since we expect to clean up on
  341. // process deletion, we don't need or want the reference
  342. // (which will prevent the process from being deleted)
  343. //
  345. pVdmObjects = ExAllocatePoolWithTag (NonPagedPool,
  346. sizeof(VDM_PROCESS_OBJECTS),
  347. ' MDV');
  349. if (pVdmObjects == NULL) {
  350. return STATUS_NO_MEMORY;
  351. }
  353. Status = PsChargeProcessPoolQuota (Process,
  354. NonPagedPool,
  355. sizeof(VDM_PROCESS_OBJECTS));
  357. if (!NT_SUCCESS (Status)) {
  358. ExFreePool (pVdmObjects);
  359. return Status;
  360. }
  362. RtlZeroMemory (pVdmObjects, sizeof(VDM_PROCESS_OBJECTS));
  364. ExInitializeFastMutex (&pVdmObjects->DelayIntFastMutex);
  365. KeInitializeSpinLock (&pVdmObjects->DelayIntSpinLock);
  366. InitializeListHead (&pVdmObjects->DelayIntListHead);
  368. pVdmObjects->pIcaUserData = ExAllocatePoolWithTag (PagedPool,
  369. sizeof(VDMICAUSERDATA),
  370. ' MDV');
  372. if (pVdmObjects->pIcaUserData == NULL) {
  373. PsReturnPoolQuota (Process, NonPagedPool, sizeof(VDM_PROCESS_OBJECTS));
  374. ExFreePool (pVdmObjects);
  375. return STATUS_NO_MEMORY;
  376. }
  378. Status = PsChargeProcessPoolQuota (Process,
  379. PagedPool,
  380. sizeof(VDMICAUSERDATA));
  382. if (!NT_SUCCESS (Status)) {
  383. PsReturnPoolQuota (Process, NonPagedPool, sizeof(VDM_PROCESS_OBJECTS));
  384. ExFreePool (pVdmObjects->pIcaUserData);
  385. ExFreePool (pVdmObjects);
  386. return Status;
  387. }
  389. try {
  391. //
  392. // Copy Ica addresses from service data (in user space) into
  393. // pVdmObjects->pIcaUserData
  394. //
  396. ProbeForRead(pIcaUserData, sizeof(VDMICAUSERDATA), sizeof(UCHAR));
  397. *pVdmObjects->pIcaUserData = *pIcaUserData;
  399. //
  400. // Probe static addresses in IcaUserData.
  401. //
  403. pIcaUserData = pVdmObjects->pIcaUserData;
  405. ProbeForWriteHandle (pIcaUserData->phWowIdleEvent);
  406. ProbeForWriteHandle (pIcaUserData->phMainThreadSuspended);
  408. ProbeForWrite (pIcaUserData->pIcaLock,
  409. sizeof(RTL_CRITICAL_SECTION),
  410. sizeof(UCHAR));
  412. ProbeForWrite (pIcaUserData->pIcaMaster,
  413. sizeof(VDMVIRTUALICA),
  414. sizeof(UCHAR));
  416. ProbeForWrite (pIcaUserData->pIcaSlave,
  417. sizeof(VDMVIRTUALICA),
  418. sizeof(UCHAR));
  420. ProbeForWriteUlong(pIcaUserData->pIretHooked);
  421. ProbeForWriteUlong(pIcaUserData->pDelayIrq);
  422. ProbeForWriteUlong(pIcaUserData->pUndelayIrq);
  423. ProbeForWriteUlong(pIcaUserData->pDelayIret);
  424. // We only reference the ULONG which contains the address of the
  425. // IretBop Table to push the address to the user stack and never
  426. // actually reference the table.
  427. ProbeForWriteUlong(pIcaUserData->pAddrIretBopTable);
  428. ProbeForReadSmallStructure(
  429. pIcaUserData->pIcaTimeout,
  430. sizeof(LARGE_INTEGER),
  431. sizeof(ULONG));
  433. } except(EXCEPTION_EXECUTE_HANDLER) {
  434. Status = GetExceptionCode();
  435. PsReturnPoolQuota (Process, NonPagedPool, sizeof(VDM_PROCESS_OBJECTS));
  436. PsReturnPoolQuota(Process, PagedPool, sizeof(VDMICAUSERDATA));
  437. ExFreePool (pVdmObjects->pIcaUserData);
  438. ExFreePool (pVdmObjects);
  439. return Status;
  440. }
  442. //
  443. // Save a pointer to the main thread for the delayed interrupt DPC routine.
  444. // To keep the pointer to the main thread valid, reference the thread
  445. // and don't dereference it until process exit.
  446. //
  448. CurrentThread = PsGetCurrentThread ();
  450. ObReferenceObject (CurrentThread);
  452. pVdmObjects->MainThread = CurrentThread;
  454. ASSERT (pVdmObjects->VdmTib == NULL);
  456. //
  457. // Carefully mark the process as a vdm (as other threads may be racing to
  458. // do the same marking).
  459. //
  461. OriginalVdmObjects = InterlockedCompareExchangePointer (&Process->VdmObjects, pVdmObjects, NULL);
  463. if (OriginalVdmObjects != NULL) {
  464. PsReturnPoolQuota (Process, NonPagedPool, sizeof(VDM_PROCESS_OBJECTS));
  465. PsReturnPoolQuota(Process, PagedPool, sizeof(VDMICAUSERDATA));
  466. ExFreePool (pVdmObjects->pIcaUserData);
  467. ExFreePool (pVdmObjects);
  468. ObDereferenceObject (CurrentThread);
  469. return STATUS_UNSUCCESSFUL;
  470. }
  472. ASSERT (Process->VdmObjects == pVdmObjects);
  474. Process->Pcb.VdmTrapcHandler = TrapcHandler;
  476. return Status;
  477. }