archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/sdktools/buggy/driver/mapview.c

1288 lines
28 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //
  2. // Template Driver
  3. // Copyright (c) Microsoft Corporation, 2000.
  4. //
  5. // Module: MapView.c
  6. // Author: Daniel Mihai (DMihai)
  7. // Created: 4/6/2000
  8. //
  9. // This module contains tests for MmMapViewInSystemSpace & MmMapViewInSessionSpace.
  10. // Note that SystemViewSize & SessionViewSize are configurable using the registry.
  11. //
  12. // SessionPoolTest is exercising the paged pool allocated with SESSION_POOL_MASK.
  13. // The size of this pool can be also configured using the SsessionViewSize registry
  14. // value.
  15. //
  16. // --- History ---
  17. //
  18. // 4/6/2000 (DMihai): initial version.
  19. //
  21. #include <ntddk.h>
  23. #include "active.h"
  24. #include "MapView.h"
  25. #include "tdriver.h"
  27. #if !MAPVIEW_ACTIVE
  29. //
  30. // Dummy implementation if the module is inactive
  31. //
  33. VOID MmMapViewInSystemSpaceLargest (
  34. PVOID NotUsed
  35. )
  36. {
  37. DbgPrint ("Buggy: MapView module is disabled from active.h\n");
  38. }
  40. VOID MmMapViewInSystemSpaceTotal (
  41. PVOID NotUsed
  42. )
  43. {
  44. DbgPrint ("Buggy: MapView module is disabled from active.h\n");
  45. }
  47. VOID MmMapViewInSessionSpaceLargest (
  48. PVOID NotUsed
  49. )
  50. {
  51. DbgPrint ("Buggy: MapView module is disabled from active.h\n");
  52. }
  54. VOID MmMapViewInSessionSpaceTotal (
  55. PVOID NotUsed
  56. )
  57. {
  58. DbgPrint ("Buggy: MapView module is disabled from active.h\n");
  59. }
  61. VOID SessionPoolTest (
  62. PVOID NotUsed
  63. )
  64. {
  65. DbgPrint ("Buggy: MapView module is disabled from active.h\n");
  66. }
  68. #else
  70. const LARGE_INTEGER BuggyFiveSeconds = {(ULONG)(-5 * 1000 * 1000 * 10), -1};
  73. //
  74. // Real implementation if the module is active
  75. //
  77. #ifndef SEC_COMMIT
  78. #define SEC_COMMIT 0x8000000
  79. #endif //#ifndef SEC_COMMIT
  81. #ifndef ZwDeleteFile
  83. NTSYSCALLAPI
  84. NTSTATUS
  85. NTAPI
  86. ZwDeleteFile(
  87. IN POBJECT_ATTRIBUTES ObjectAttributes
  88. ); //#ifndef ZwDeleteFile
  90. #endif
  93. #ifndef MmCreateSection
  96. NTKERNELAPI
  97. NTSTATUS
  98. MmCreateSection (
  99. OUT PVOID *SectionObject,
  100. IN ACCESS_MASK DesiredAccess,
  101. IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
  102. IN PLARGE_INTEGER MaximumSize,
  103. IN ULONG SectionPageProtection,
  104. IN ULONG AllocationAttributes,
  105. IN HANDLE FileHandle OPTIONAL,
  106. IN PFILE_OBJECT File OPTIONAL
  107. );
  109. NTKERNELAPI
  110. NTSTATUS
  111. MmMapViewInSystemSpace (
  112. IN PVOID Section,
  113. OUT PVOID *MappedBase,
  114. IN PSIZE_T ViewSize
  115. );
  117. NTKERNELAPI
  118. NTSTATUS
  119. MmUnmapViewInSystemSpace (
  120. IN PVOID MappedBase
  121. );
  123. // begin_ntosp
  124. NTKERNELAPI
  125. NTSTATUS
  126. MmMapViewInSessionSpace (
  127. IN PVOID Section,
  128. OUT PVOID *MappedBase,
  129. IN OUT PSIZE_T ViewSize
  130. );
  132. NTKERNELAPI
  133. NTSTATUS
  134. MmUnmapViewInSessionSpace (
  135. IN PVOID MappedBase
  136. );
  138. #endif //#ifndef MmCreateSection
  140. #define BUGGY_TEMPORARY_FILE1 L"\\SystemRoot\\Buggy1.tmp"
  141. #define BUGGY_TEMPORARY_FILE2 L"\\SystemRoot\\Buggy2.tmp"
  142. #define BUGGY_TEMPORARY_FILE3 L"\\SystemRoot\\Buggy3.tmp"
  143. #define BUGGY_TEMPORARY_FILE4 L"\\SystemRoot\\Buggy4.tmp"
  145. #define BUGGY_MAX_SECTIONS_TO_MAP ( 8 * 1024 )
  147. //
  148. // global array for mapped sections
  149. //
  151. /////////////////////////////////////////////////////////////////////////////
  152. //
  153. // verify a mapping
  154. //
  156. VOID VerifyMapping( PVOID pBase, SIZE_T uSize )
  157. {
  158. SIZE_T *puCrtPage;
  159. SIZE_T uCrtPageIndex;
  160. SIZE_T uPages;
  162. if( uSize > 100 * 1024 * 1024 )
  163. {
  164. DbgPrint ( "Buggy: VerifyMapping: don't try to touch all the %p size to avoid deadlock\n",
  165. uSize );
  167. return;
  168. }
  170. /*
  171. DbgPrint ( "\nBuggy: Verifying mapping at address %p, size %p...\n",
  172. pBase,
  173. (PVOID) uSize );
  174. */
  176. uPages = uSize / PAGE_SIZE;
  178. puCrtPage = (SIZE_T *)pBase;
  180. for( uCrtPageIndex = 0; uCrtPageIndex < uPages; uCrtPageIndex++ )
  181. {
  182. *puCrtPage = uCrtPageIndex;
  184. puCrtPage = (SIZE_T *) ( ( (CHAR*) puCrtPage ) + PAGE_SIZE );
  185. }
  187. while( uCrtPageIndex > 0 )
  188. {
  189. uCrtPageIndex --;
  190. puCrtPage = (SIZE_T *) ( ( (CHAR*) puCrtPage ) - PAGE_SIZE );
  192. if( *puCrtPage != uCrtPageIndex )
  193. {
  194. DbgPrint ( "\nBuggy: Wrong mapping at address %p\n",
  195. puCrtPage );
  197. DbgBreakPoint();
  198. }
  199. }
  201. //DbgPrint ( "done\n" );
  202. }
  204. /////////////////////////////////////////////////////////////////////////////
  206. VOID MmMapViewInSystemSpaceLargest (
  207. PVOID NotUsed
  208. )
  209. {
  210. NTSTATUS Status;
  211. HANDLE hFile = NULL;
  212. SIZE_T SizeToMap;
  213. SIZE_T SizeToGrow;
  214. PVOID pMappedBase = NULL;
  215. PVOID pSection = NULL;
  216. LARGE_INTEGER MaxSectionSize;
  217. OBJECT_ATTRIBUTES ObjectAttributes;
  218. UNICODE_STRING FileName;
  219. IO_STATUS_BLOCK IoStatusBlock;
  221. //
  222. // Create BUGGY_TEMPORARY_FILE1
  223. //
  225. RtlInitUnicodeString(
  226. &FileName,
  227. BUGGY_TEMPORARY_FILE1
  228. );
  230. InitializeObjectAttributes(
  231. &ObjectAttributes,
  232. &FileName,
  233. OBJ_CASE_INSENSITIVE ,
  234. NULL,
  235. NULL
  236. );
  238. Status = ZwCreateFile(
  239. &hFile,
  240. GENERIC_READ | GENERIC_WRITE,
  241. &ObjectAttributes,
  242. &IoStatusBlock,
  243. NULL,
  244. FILE_ATTRIBUTE_NORMAL,
  245. 0,
  246. FILE_OVERWRITE_IF,
  247. FILE_NON_DIRECTORY_FILE,
  248. NULL,
  249. 0 );
  251. /*
  252. Status = ZwCreateFile(
  253. &hFile,
  254. GENERIC_READ | GENERIC_WRITE,
  255. &ObjectAttributes,
  256. &IoStatusBlock,
  257. NULL,
  258. FILE_ATTRIBUTE_NORMAL,
  259. FILE_SHARE_READ,
  260. FILE_OPEN_IF,
  261. FILE_WRITE_THROUGH |
  262. FILE_NO_INTERMEDIATE_BUFFERING |
  263. FILE_SYNCHRONOUS_IO_NONALERT,
  264. NULL,
  265. 0
  266. );
  267. */
  269. if( ! NT_SUCCESS( Status ) )
  270. {
  271. DbgPrint ("Buggy: ZwCreateFile failed - status %X\n",
  272. Status );
  274. goto cleanup;
  275. }
  276. else
  277. {
  278. DbgPrint ( "Buggy: created file, handle %p\n",
  279. hFile );
  280. }
  282. //
  283. // Create a section for the temp file
  284. //
  286. #ifdef _WIN64
  287. MaxSectionSize.QuadPart = (LONGLONG)0x40000000 * PAGE_SIZE;
  288. #else
  289. MaxSectionSize.QuadPart = 0xFFFFFFFF;
  290. #endif //#ifdef _WIN64
  292. do
  293. {
  294. Status = MmCreateSection(
  295. &pSection,
  296. STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE,
  297. NULL,
  298. &MaxSectionSize,
  299. PAGE_READWRITE,
  300. SEC_COMMIT,
  301. hFile,
  302. NULL );
  304. if( ! NT_SUCCESS( Status ) )
  305. {
  306. if( Status == STATUS_DISK_FULL )
  307. {
  308. MaxSectionSize.QuadPart /= 2;
  310. DbgPrint ("Buggy: MmCreateSection returned STATUS_DISK_FULL, re-trying with max section size = %I64X\n",
  311. MaxSectionSize.QuadPart );
  312. }
  313. else
  314. {
  315. DbgPrint ("Buggy: MmCreateSection failed - status %X\n",
  316. Status );
  318. goto cleanup;
  319. }
  320. }
  321. else
  322. {
  323. DbgPrint ( "Buggy: created section with max size %I64X\n",
  324. MaxSectionSize.QuadPart );
  326. break;
  327. }
  329. } while( MaxSectionSize.QuadPart > PAGE_SIZE );
  332. DbgPrint ( "Buggy: Using section at %p\n",
  333. pSection );
  335. //
  336. // try to map the max size section
  337. //
  339. SizeToMap = (SIZE_T) MaxSectionSize.QuadPart;
  341. while( SizeToMap > PAGE_SIZE )
  342. {
  343. Status = MmMapViewInSystemSpace(
  344. pSection,
  345. &pMappedBase,
  346. &SizeToMap );
  348. if( ! NT_SUCCESS( Status ) )
  349. {
  350. DbgPrint ( "Buggy: MmMapViewInSystemSpace failed for size %p, status %X\n",
  351. SizeToMap,
  352. Status );
  354. SizeToMap /= 2;
  355. }
  356. else
  357. {
  358. DbgPrint ( "\n\nFirst result of the test:\n\n" );
  360. DbgPrint ( "Buggy: MmMapViewInSystemSpace succeeded for size %p, mapped base %p\n",
  361. SizeToMap,
  362. pMappedBase );
  364. //DbgPrint ( "\n\n" );
  366. VerifyMapping( pMappedBase, SizeToMap );
  368. break;
  369. }
  370. }
  372. //
  373. // try to grow the size
  374. //
  376. while( pMappedBase != NULL )
  377. {
  378. //
  379. // unmap the old one
  380. //
  382. Status = MmUnmapViewInSystemSpace(
  383. pMappedBase );
  385. if( ! NT_SUCCESS( Status ) )
  386. {
  387. DbgPrint ( "Buggy: MmUnmapViewInSystemSpace failed, status %X\n",
  388. Status );
  390. DbgBreakPoint();
  392. break;
  393. }
  395. pMappedBase = NULL;
  397. //
  398. // grow the size
  399. //
  401. SizeToGrow = SizeToMap / 10;
  403. if( SizeToGrow < 10 * PAGE_SIZE )
  404. {
  405. //
  406. // don't bother
  407. //
  409. break;
  410. }
  412. SizeToMap += SizeToGrow;
  414. //
  415. // try to use this bigger size
  416. //
  418. Status = MmMapViewInSystemSpace(
  419. pSection,
  420. &pMappedBase,
  421. &SizeToMap );
  423. if( ! NT_SUCCESS( Status ) )
  424. {
  425. /*
  426. DbgPrint ( "Buggy: MmMapViewInSystemSpace failed for size %p, status %X\n",
  427. SizeToMap,
  428. Status );
  429. */
  431. //
  432. // can't grow the size anymore
  433. //
  435. break;
  436. }
  437. else
  438. {
  439. DbgPrint ( "\n\nBetter result of the test:\n\n" );
  441. DbgPrint ( "Buggy: MmMapViewInSystemSpace succeeded for size %p, mapped base %p\n",
  442. SizeToMap,
  443. pMappedBase );
  445. //DbgPrint ( "\n\n" );
  447. VerifyMapping( pMappedBase, SizeToMap );
  448. }
  449. }
  451. //
  452. // clean-up
  453. //
  455. cleanup:
  457. if( pMappedBase != NULL )
  458. {
  459. Status = MmUnmapViewInSystemSpace(
  460. pMappedBase );
  462. if( ! NT_SUCCESS( Status ) )
  463. {
  464. DbgPrint ( "Buggy: MmUnmapViewInSystemSpace failed, status %X\n",
  465. Status );
  467. DbgBreakPoint();
  468. }
  469. }
  471. if( pSection != NULL )
  472. {
  473. ObDereferenceObject(
  474. pSection );
  475. }
  477. if( hFile != NULL )
  478. {
  479. ZwClose( hFile );
  481. Status = ZwDeleteFile(
  482. &ObjectAttributes );
  484. if( ! NT_SUCCESS( Status ) )
  485. {
  486. DbgPrint ("Buggy: ZwDeleteFile failed - status %X\n",
  487. Status );
  488. }
  489. else
  490. {
  491. // DbgPrint ("Buggy: temporary file deleted\n" );
  492. }
  493. }
  494. }
  496. ///////////////////////////////////////////////////////////////////////////
  498. PVOID *MappedSections;
  500. VOID MmMapViewInSystemSpaceTotal (
  501. PVOID NotUsed
  502. )
  503. {
  504. NTSTATUS Status;
  505. HANDLE hFile = NULL;
  506. SIZE_T SizeToMap;
  507. PVOID pSection = NULL;
  508. SIZE_T CrtMap;
  509. LARGE_INTEGER MaxSectionSize;
  510. OBJECT_ATTRIBUTES ObjectAttributes;
  511. UNICODE_STRING FileName;
  512. IO_STATUS_BLOCK IoStatusBlock;
  514. MappedSections = ExAllocatePoolWithTag(
  515. NonPagedPool,
  516. BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ),
  517. TD_POOL_TAG );
  519. if( MappedSections == NULL )
  520. {
  521. DbgPrint ("Buggy: ExAllocatePoolWithTag failed - bail\n" );
  523. return;
  524. }
  526. RtlZeroMemory( MappedSections, BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ) );
  528. //
  529. // Create BUGGY_TEMPORARY_FILE2
  530. //
  532. RtlInitUnicodeString(
  533. &FileName,
  534. BUGGY_TEMPORARY_FILE2
  535. );
  537. InitializeObjectAttributes(
  538. &ObjectAttributes,
  539. &FileName,
  540. OBJ_CASE_INSENSITIVE,
  541. NULL,
  542. NULL
  543. );
  545. Status = ZwCreateFile(
  546. &hFile,
  547. GENERIC_READ | GENERIC_WRITE,
  548. &ObjectAttributes,
  549. &IoStatusBlock,
  550. NULL,
  551. FILE_ATTRIBUTE_NORMAL,
  552. 0,
  553. FILE_OVERWRITE_IF,
  554. FILE_NON_DIRECTORY_FILE,
  555. NULL,
  556. 0 );
  558. if( ! NT_SUCCESS( Status ) )
  559. {
  560. /*
  561. DbgPrint ("Buggy: ZwCreateFile failed - status %X\n",
  562. Status );
  563. */
  565. goto cleanup;
  566. }
  567. else
  568. {
  569. //DbgPrint ( "Buggy: created file\n" );
  570. }
  572. //
  573. // Create a section for the temp file
  574. //
  576. MaxSectionSize.QuadPart = 1024 * 1024;
  578. do
  579. {
  580. Status = MmCreateSection(
  581. &pSection,
  582. STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE,
  583. NULL,
  584. &MaxSectionSize,
  585. PAGE_READWRITE,
  586. SEC_COMMIT,
  587. hFile,
  588. NULL );
  590. if( ! NT_SUCCESS( Status ) )
  591. {
  592. if( Status == STATUS_DISK_FULL )
  593. {
  594. MaxSectionSize.QuadPart /= 2;
  596. /*
  597. DbgPrint ("Buggy: MmCreateSection returned STATUS_DISK_FULL, re-trying with max section size = %I64X\n",
  598. MaxSectionSize.QuadPart );
  599. */
  600. }
  601. else
  602. {
  603. DbgPrint ("Buggy: MmCreateSection failed - status %X\n",
  604. Status );
  606. goto cleanup;
  607. }
  608. }
  609. else
  610. {
  611. /*
  612. DbgPrint ( "Buggy: created section with max size %I64X\n",
  613. MaxSectionSize.QuadPart );
  614. */
  616. break;
  617. }
  619. } while( MaxSectionSize.QuadPart > PAGE_SIZE );
  622. //
  623. // get a pointer to the section
  624. //
  626. DbgPrint ( "Buggy: Using section at %p\n",
  627. pSection );
  629. //
  630. // try to map the max size section
  631. //
  633. SizeToMap = (SIZE_T) MaxSectionSize.QuadPart;
  635. RtlZeroMemory( MappedSections, BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ) );
  637. for( CrtMap = 0; CrtMap < BUGGY_MAX_SECTIONS_TO_MAP; CrtMap++ )
  638. {
  639. Status = MmMapViewInSystemSpace(
  640. pSection,
  641. &MappedSections[ CrtMap ],
  642. &SizeToMap );
  644. if( ! NT_SUCCESS( Status ) )
  645. {
  646. DbgPrint ( "Buggy: MmMapViewInSystemSpace failed for size %p, status %X, chunk %p\n",
  647. SizeToMap,
  648. Status,
  649. CrtMap);
  651. break;
  652. }
  653. else
  654. {
  655. if( CrtMap <= 100 )
  656. {
  657. VerifyMapping( MappedSections[ CrtMap ], SizeToMap );
  658. }
  659. }
  660. }
  662. DbgPrint ( "\n\nBuggy: Result of the test:\n\n" );
  664. DbgPrint ( "Buggy: mapped %u sections with size %p, total %p\n",
  665. CrtMap,
  666. SizeToMap,
  667. SizeToMap * (SIZE_T)CrtMap );
  669. //DbgBreakPoint ();
  671. //DbgPrint ( "\n\n" );
  673. //
  674. // clean-up
  675. //
  677. cleanup:
  679. for( CrtMap = 0; CrtMap < BUGGY_MAX_SECTIONS_TO_MAP; CrtMap++ )
  680. {
  681. if( MappedSections[ CrtMap ] == NULL )
  682. {
  683. break;
  684. }
  686. Status = MmUnmapViewInSystemSpace(
  687. MappedSections[ CrtMap ] );
  689. if( ! NT_SUCCESS( Status ) )
  690. {
  691. DbgPrint ( "Buggy: MmUnmapViewInSystemSpace failed for %p, status %X\n",
  692. MappedSections[ CrtMap ],
  693. Status );
  695. DbgBreakPoint();
  696. }
  697. }
  699. DbgPrint ( "Buggy: unmapped %p sections\n",
  700. CrtMap );
  702. if( pSection != NULL )
  703. {
  704. ObDereferenceObject(
  705. pSection );
  707. DbgPrint ( "Buggy: dereferenced section at %p\n",
  708. pSection );
  709. }
  711. if( hFile != NULL )
  712. {
  713. ZwClose( hFile );
  715. DbgPrint ( "Buggy: calling ZwDeleteFile\n" );
  717. Status = ZwDeleteFile(
  718. &ObjectAttributes );
  720. if( ! NT_SUCCESS( Status ) )
  721. {
  722. DbgPrint ("Buggy: ZwDeleteFile failed - status %X\n",
  723. Status );
  724. }
  725. else
  726. {
  727. DbgPrint ("Buggy: temporary file deleted\n" );
  728. }
  729. }
  731. ExFreePool( MappedSections );
  732. }
  734. /////////////////////////////////////////////////////////////////////////////
  736. VOID MmMapViewInSessionSpaceLargest (
  737. PVOID NotUsed
  738. )
  739. {
  740. NTSTATUS Status;
  741. HANDLE hFile = NULL;
  742. SIZE_T SizeToMap;
  743. SIZE_T SizeToGrow;
  744. PVOID pMappedBase = NULL;
  745. PVOID pSection = NULL;
  746. LARGE_INTEGER MaxSectionSize;
  747. OBJECT_ATTRIBUTES ObjectAttributes;
  748. UNICODE_STRING FileName;
  749. IO_STATUS_BLOCK IoStatusBlock;
  751. // Create BUGGY_TEMPORARY_FILE3
  752. //
  754. RtlInitUnicodeString(
  755. &FileName,
  756. BUGGY_TEMPORARY_FILE3
  757. );
  759. InitializeObjectAttributes(
  760. &ObjectAttributes,
  761. &FileName,
  762. OBJ_CASE_INSENSITIVE,
  763. NULL,
  764. NULL
  765. );
  767. Status = ZwCreateFile(
  768. &hFile,
  769. GENERIC_READ | GENERIC_WRITE,
  770. &ObjectAttributes,
  771. &IoStatusBlock,
  772. NULL,
  773. FILE_ATTRIBUTE_NORMAL,
  774. 0,
  775. FILE_OVERWRITE_IF,
  776. FILE_NON_DIRECTORY_FILE,
  777. NULL,
  778. 0 );
  780. if( ! NT_SUCCESS( Status ) )
  781. {
  782. /*
  783. DbgPrint ("Buggy: ZwCreateFile failed - status %X\n",
  784. Status );
  785. */
  787. goto cleanup;
  788. }
  789. else
  790. {
  791. //DbgPrint ( "Buggy: created file\n" );
  792. }
  794. //
  795. // Create a section for the temp file
  796. //
  798. #ifdef _WIN64
  799. MaxSectionSize.QuadPart = (LONGLONG)0x40000000 * PAGE_SIZE;
  800. #else
  801. MaxSectionSize.QuadPart = 0xFFFFFFFF;
  802. #endif //#ifdef _WIN64
  804. do
  805. {
  806. Status = MmCreateSection(
  807. &pSection,
  808. STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE,
  809. NULL,
  810. &MaxSectionSize,
  811. PAGE_READWRITE,
  812. SEC_COMMIT,
  813. hFile,
  814. NULL );
  816. if( ! NT_SUCCESS( Status ) )
  817. {
  818. if( Status == STATUS_DISK_FULL )
  819. {
  820. MaxSectionSize.QuadPart /= 2;
  822. DbgPrint ("Buggy: MmCreateSection returned STATUS_DISK_FULL, re-trying with max section size = %I64X\n",
  823. MaxSectionSize.QuadPart );
  824. }
  825. else
  826. {
  827. DbgPrint ("Buggy: MmCreateSection failed - status %X\n",
  828. Status );
  830. goto cleanup;
  831. }
  832. }
  833. else
  834. {
  835. DbgPrint ( "Buggy: created section with max size %I64X\n",
  836. MaxSectionSize.QuadPart );
  838. break;
  839. }
  841. } while( MaxSectionSize.QuadPart > PAGE_SIZE );
  844. DbgPrint ( "Buggy: Using section at %p\n",
  845. pSection );
  847. //
  848. // try to map the max size section
  849. //
  851. SizeToMap = (SIZE_T) MaxSectionSize.QuadPart;
  853. while( SizeToMap > PAGE_SIZE )
  854. {
  855. Status = MmMapViewInSessionSpace(
  856. pSection,
  857. &pMappedBase,
  858. &SizeToMap );
  860. if( ! NT_SUCCESS( Status ) )
  861. {
  862. DbgPrint ( "Buggy: MmMapViewInSessionSpace failed for size %p, status %X\n",
  863. SizeToMap,
  864. Status );
  866. SizeToMap /= 2;
  867. }
  868. else
  869. {
  870. DbgPrint ( "\n\nFirst result of the test:\n\n" );
  872. DbgPrint ( "Buggy: MmMapViewInSessionSpace succeeded for size %p, mapped base %p\n",
  873. SizeToMap,
  874. pMappedBase );
  876. //DbgPrint ( "\n\n" );
  878. VerifyMapping( pMappedBase, SizeToMap );
  880. break;
  881. }
  882. }
  884. //
  885. // try to grow the size
  886. //
  888. while( pMappedBase != NULL )
  889. {
  890. //
  891. // unmap the old one
  892. //
  894. Status = MmUnmapViewInSessionSpace(
  895. pMappedBase );
  897. if( ! NT_SUCCESS( Status ) )
  898. {
  899. DbgPrint ( "Buggy: MmUnmapViewInSessionSpace failed, status %X\n",
  900. Status );
  902. DbgBreakPoint();
  904. break;
  905. }
  907. pMappedBase = NULL;
  909. //
  910. // grow the size
  911. //
  913. SizeToGrow = SizeToMap / 10;
  915. if( SizeToGrow < 10 * PAGE_SIZE )
  916. {
  917. //
  918. // don't bother
  919. //
  921. break;
  922. }
  924. SizeToMap += SizeToGrow;
  926. //
  927. // try to use this bigger size
  928. //
  930. Status = MmMapViewInSessionSpace(
  931. pSection,
  932. &pMappedBase,
  933. &SizeToMap );
  935. if( ! NT_SUCCESS( Status ) )
  936. {
  937. DbgPrint ( "Buggy: MmMapViewInSessionSpace failed for size %p, status %X\n",
  938. SizeToMap,
  939. Status );
  941. //
  942. // can't grow the size anymore
  943. //
  945. break;
  946. }
  947. else
  948. {
  949. DbgPrint ( "\n\nBetter result of the test:\n\n" );
  951. DbgPrint ( "Buggy: MmMapViewInSessionSpace succeeded for size %p, mapped base %p\n",
  952. SizeToMap,
  953. pMappedBase );
  955. //DbgPrint ( "\n\n" );
  957. VerifyMapping( pMappedBase, SizeToMap );
  958. }
  959. }
  961. //
  962. // clean-up
  963. //
  965. cleanup:
  967. if( pMappedBase != NULL )
  968. {
  969. Status = MmUnmapViewInSessionSpace(
  970. pMappedBase );
  972. if( ! NT_SUCCESS( Status ) )
  973. {
  974. DbgPrint ( "Buggy: MmUnmapViewInSessionSpace failed, status %X\n",
  975. Status );
  977. DbgBreakPoint();
  978. }
  979. }
  981. if( pSection != NULL )
  982. {
  983. ObDereferenceObject(
  984. pSection );
  985. }
  987. if( hFile != NULL )
  988. {
  989. ZwClose( hFile );
  991. Status = ZwDeleteFile(
  992. &ObjectAttributes );
  994. if( ! NT_SUCCESS( Status ) )
  995. {
  996. DbgPrint ("Buggy: ZwDeleteFile failed - status %X\n",
  997. Status );
  998. }
  999. else
  1000. {
  1001. //DbgPrint ("Buggy: temporary file deleted\n" );
  1002. }
  1003. }
  1004. }
  1006. ///////////////////////////////////////////////////////////////////////////
  1008. VOID MmMapViewInSessionSpaceTotal (
  1009. PVOID NotUsed
  1010. )
  1011. {
  1012. NTSTATUS Status;
  1013. HANDLE hFile = NULL;
  1014. SIZE_T SizeToMap;
  1015. PVOID pSection = NULL;
  1016. SIZE_T CrtMap;
  1017. LARGE_INTEGER MaxSectionSize;
  1018. OBJECT_ATTRIBUTES ObjectAttributes;
  1019. UNICODE_STRING FileName;
  1020. IO_STATUS_BLOCK IoStatusBlock;
  1021. PVOID *MappedSections;
  1023. MappedSections = ExAllocatePoolWithTag(
  1024. NonPagedPool,
  1025. BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ),
  1026. TD_POOL_TAG );
  1028. if( MappedSections == NULL )
  1029. {
  1030. DbgPrint ("Buggy: ExAllocatePoolWithTag failed - bail\n" );
  1032. return;
  1033. }
  1035. RtlZeroMemory( MappedSections, BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ) );
  1038. //
  1039. // Create BUGGY_TEMPORARY_FILE3
  1040. //
  1042. RtlInitUnicodeString(
  1043. &FileName,
  1044. BUGGY_TEMPORARY_FILE3
  1045. );
  1047. InitializeObjectAttributes(
  1048. &ObjectAttributes,
  1049. &FileName,
  1050. OBJ_CASE_INSENSITIVE,
  1051. NULL,
  1052. NULL
  1053. );
  1055. Status = ZwCreateFile(
  1056. &hFile,
  1057. GENERIC_READ | GENERIC_WRITE,
  1058. &ObjectAttributes,
  1059. &IoStatusBlock,
  1060. NULL,
  1061. FILE_ATTRIBUTE_NORMAL,
  1062. 0,
  1063. FILE_OVERWRITE_IF,
  1064. FILE_NON_DIRECTORY_FILE,
  1065. NULL,
  1066. 0 );
  1068. if( ! NT_SUCCESS( Status ) )
  1069. {
  1070. DbgPrint ("Buggy: ZwCreateFile failed - status %X\n",
  1071. Status );
  1073. goto cleanup;
  1074. }
  1075. else
  1076. {
  1077. //DbgPrint ( "Buggy: created file\n" );
  1078. }
  1080. //
  1081. // Create a section for the temp file
  1082. //
  1084. MaxSectionSize.QuadPart = 1024 * 1024;
  1086. do
  1087. {
  1088. Status = MmCreateSection(
  1089. &pSection,
  1090. STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE,
  1091. NULL,
  1092. &MaxSectionSize,
  1093. PAGE_READWRITE,
  1094. SEC_COMMIT,
  1095. hFile,
  1096. NULL );
  1098. if( ! NT_SUCCESS( Status ) )
  1099. {
  1100. if( Status == STATUS_DISK_FULL )
  1101. {
  1102. MaxSectionSize.QuadPart /= 2;
  1104. /*
  1105. DbgPrint ("Buggy: MmCreateSection returned STATUS_DISK_FULL, re-trying with max section size = %I64X\n",
  1106. MaxSectionSize.QuadPart );
  1107. */
  1108. }
  1109. else
  1110. {
  1111. DbgPrint ("Buggy: MmCreateSection failed - status %X\n",
  1112. Status );
  1114. goto cleanup;
  1115. }
  1116. }
  1117. else
  1118. {
  1119. /*
  1120. DbgPrint ( "Buggy: created section with max size %I64X\n",
  1121. MaxSectionSize.QuadPart );
  1122. */
  1124. break;
  1125. }
  1127. } while( MaxSectionSize.QuadPart > PAGE_SIZE );
  1130. DbgPrint ( "Buggy: Using section at %p\n",
  1131. pSection );
  1133. //
  1134. // try to map the max size section
  1135. //
  1137. SizeToMap = (SIZE_T) MaxSectionSize.QuadPart;
  1139. RtlZeroMemory( MappedSections, BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ) );
  1141. for( CrtMap = 0; CrtMap < BUGGY_MAX_SECTIONS_TO_MAP; CrtMap++ )
  1142. {
  1143. Status = MmMapViewInSessionSpace(
  1144. pSection,
  1145. &MappedSections[ CrtMap ],
  1146. &SizeToMap );
  1148. if( ! NT_SUCCESS( Status ) )
  1149. {
  1150. /*
  1151. DbgPrint ( "Buggy: MmMapViewInSessionSpace failed for size %p, status %X, chunk %p\n",
  1152. SizeToMap,
  1153. Status
  1154. );
  1155. */
  1157. break;
  1158. }
  1159. else
  1160. {
  1161. if( CrtMap <= 100 )
  1162. {
  1163. VerifyMapping( MappedSections[ CrtMap ], SizeToMap );
  1164. }
  1165. }
  1166. }
  1168. DbgPrint ( "\n\nBuggy: Result of the test:\n\n" );
  1170. DbgPrint ( "Buggy: mapped %u sections with size %p, total %p\n",
  1171. CrtMap,
  1172. SizeToMap,
  1173. SizeToMap * (SIZE_T)CrtMap );
  1175. //DbgPrint ( "\n\n" );
  1177. //
  1178. // clean-up
  1179. //
  1181. cleanup:
  1183. for( CrtMap = 0; CrtMap < BUGGY_MAX_SECTIONS_TO_MAP; CrtMap++ )
  1184. {
  1185. if( MappedSections[ CrtMap ] == NULL )
  1186. {
  1187. break;
  1188. }
  1190. Status = MmUnmapViewInSessionSpace(
  1191. MappedSections[ CrtMap ] );
  1193. if( ! NT_SUCCESS( Status ) )
  1194. {
  1195. DbgPrint ( "Buggy: MmUnmapViewInSessionSpace failed for %p, status %X\n",
  1196. MappedSections[ CrtMap ],
  1197. Status );
  1199. DbgBreakPoint();
  1200. }
  1201. }
  1203. if( pSection != NULL )
  1204. {
  1205. ObDereferenceObject(
  1206. pSection );
  1207. }
  1209. if( hFile != NULL )
  1210. {
  1211. ZwClose( hFile );
  1213. Status = ZwDeleteFile(
  1214. &ObjectAttributes );
  1216. if( ! NT_SUCCESS( Status ) )
  1217. {
  1218. DbgPrint ("Buggy: ZwDeleteFile failed - status %X\n",
  1219. Status );
  1220. }
  1221. else
  1222. {
  1223. //DbgPrint ("Buggy: temporary file deleted\n" );
  1224. }
  1225. }
  1227. ExFreePool( MappedSections );
  1228. }
  1230. ///////////////////////////////////////////////////////////////////////////
  1232. VOID SessionPoolTest (
  1233. PVOID NotUsed
  1234. )
  1235. {
  1236. PVOID *SessionPoolChunks;
  1237. ULONG uCrtPoolChunk;
  1239. SessionPoolChunks = ExAllocatePoolWithTag(
  1240. NonPagedPool,
  1241. BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ),
  1242. TD_POOL_TAG );
  1244. if( SessionPoolChunks == NULL )
  1245. {
  1246. DbgPrint ("Buggy: ExAllocatePoolWithTag failed - bail\n" );
  1248. return;
  1249. }
  1251. RtlZeroMemory( SessionPoolChunks, BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ) );
  1253. for( uCrtPoolChunk = 0; uCrtPoolChunk < BUGGY_MAX_SECTIONS_TO_MAP; uCrtPoolChunk++ )
  1254. {
  1255. SessionPoolChunks[ uCrtPoolChunk ] = ExAllocatePoolWithTag(
  1256. PagedPool | SESSION_POOL_MASK,
  1257. 1024 * 1024,
  1258. TD_POOL_TAG );
  1260. if( SessionPoolChunks[ uCrtPoolChunk ] == NULL )
  1261. {
  1262. DbgPrint ("\n\nBuggy: Result of the test allocated %u chunks with size 1 Mb in the session pool\n\n",
  1263. uCrtPoolChunk );
  1264. break;
  1265. }
  1266. }
  1268. DbgPrint ( "Buggy: Touching all these pool chuncks...\n" );
  1270. while( uCrtPoolChunk > 0 )
  1271. {
  1272. uCrtPoolChunk--;
  1274. if( uCrtPoolChunk <= 100 )
  1275. {
  1276. VerifyMapping( SessionPoolChunks[ uCrtPoolChunk ], 1024 * 1024 );
  1277. }
  1279. ExFreePool( SessionPoolChunks[ uCrtPoolChunk ] );
  1280. }
  1282. DbgPrint ( "Done\n" );
  1284. ExFreePool( SessionPoolChunks );
  1285. }
  1287. #endif // #if !MAPVIEW_ACTIVE