Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

258 lines
4.9 KiB

  1. .xlist
  2. include kernel.inc
  3. include gpfix.inc
  4. .list
  5. externW pLocalHeap
  6. DataBegin
  7. externB kernel_flags
  8. ;externW MyCSDS
  9. DataEnd
  10. sBegin CODE
  11. assumes CS,CODE
  12. if KDEBUG
  13. ;-----------------------------------------------------------------------;
  14. ; CheckLocalHeap ;
  15. ; ;
  16. ; ;
  17. ; Arguments: ;
  18. ; ;
  19. ; Returns: ;
  20. ; ;
  21. ; Error Returns: ;
  22. ; ;
  23. ; Registers Preserved: ;
  24. ; ;
  25. ; Registers Destroyed: ;
  26. ; ;
  27. ; Calls: ;
  28. ; ;
  29. ; History: ;
  30. ; ;
  31. ; Tue Jan 01, 1980 10:58:28p -by- David N. Weise [davidw] ;
  32. ; ReWrote it from C into assembly. ;
  33. ;-----------------------------------------------------------------------;
  34. cProc CheckLocalHeap,<PUBLIC,NEAR>,<di,si>
  35. localW nrefhandles
  36. localW nhandles
  37. localW nfreehandles
  38. localW nusedhandles
  39. localW ndishandles
  40. localW pbottom
  41. cBegin
  42. beg_fault_trap clh_trap
  43. xor di,di
  44. xor dx,dx ; For error codes.
  45. mov bx,[di].pLocalHeap
  46. or bx,bx
  47. jnz have_a_heap
  48. jmp clh_ret
  49. have_a_heap:
  50. cmp di,[bx].hi_check
  51. jnz do_heap_check
  52. jmp clh_ret
  53. do_heap_check:
  54. mov cx,[bx].hi_count
  55. mov si,[bx].hi_first
  56. test [si].la_prev,LA_BUSY
  57. jnz first_should_be_busy
  58. or dx,1 ; Forward links invalid.
  59. first_should_be_busy:
  60. check_forward_links:
  61. mov ax,[si].la_next
  62. cmp ax,si
  63. jbe end_of_line
  64. mov si,ax
  65. loop check_forward_links
  66. end_of_line:
  67. cmp ax,[bx].hi_last
  68. jnz forward_bad
  69. cmp cx,1
  70. jz forward_good
  71. ; jcxz forward_good
  72. forward_bad:
  73. or dx,1 ; Forward links invalid.
  74. forward_good:
  75. mov cx,[bx].hi_count
  76. mov si,[bx].hi_last
  77. test [si].la_prev,LA_BUSY
  78. jnz last_should_be_busy
  79. or dx,2 ; Backward links invalid.
  80. last_should_be_busy:
  81. check_backward_links:
  82. mov ax,[si].la_prev
  83. and ax,0FFFCh
  84. cmp ax,si
  85. jae begin_of_line
  86. mov si,ax
  87. loop check_backward_links
  88. begin_of_line:
  89. cmp ax,[bx].hi_first
  90. jnz backward_bad
  91. cmp cx,1
  92. jz backward_good
  93. ; jcxz backward_good
  94. backward_bad:
  95. or dx,2 ; Backward links invalid.
  96. backward_good:
  97. mov cx,[bx].hi_count
  98. mov si,[bx].hi_first
  99. mov nrefhandles,0
  100. count_referenced_handles:
  101. test [si].la_prev,LA_BUSY
  102. jz no_handle
  103. test [si].la_prev,LA_MOVEABLE
  104. jz no_handle
  105. mov di,[si].la_handle
  106. cmp [di].lhe_free,LHE_FREEHANDLE
  107. jnz handle_not_free
  108. or dx,4 ; Block points to free handle.
  109. jmps no_handle
  110. handle_not_free:
  111. mov ax,si
  112. add ax,SIZE LocalArena
  113. cmp ax,[di].lhe_address
  114. jz handle_points_back
  115. or dx,8 ; Block -> handle but not vice versa
  116. jmps no_handle
  117. handle_points_back:
  118. inc nrefhandles
  119. no_handle:
  120. mov si,[si].la_next
  121. loop count_referenced_handles
  122. mov di,[bx].hi_htable
  123. mov nhandles,0
  124. mov ndishandles,0
  125. mov nusedhandles,0
  126. mov nfreehandles,0
  127. handle_block_loop:
  128. or di,di
  129. jz no_more_handle_blocks
  130. lea si,[di].ht_entry[0]
  131. mov cx,[di].ht_count
  132. add nhandles,cx
  133. handle_entry_loop:
  134. jcxz next_handle_block
  135. dec cx
  136. cmp [si].lhe_free,LHE_FREEHANDLE
  137. jnz not_free
  138. inc nfreehandles
  139. jmps next_handle_entry
  140. not_free:
  141. test [si].lhe_flags,LHE_DISCARDED
  142. jz not_discarded
  143. inc ndishandles
  144. jmps next_handle_entry
  145. not_discarded:
  146. inc nusedhandles
  147. next_handle_entry:
  148. add si,SIZE LocalHandleEntry
  149. jmp handle_entry_loop
  150. next_handle_block:
  151. mov di,[si].lhe_address
  152. jmp handle_block_loop
  153. no_more_handle_blocks:
  154. mov ax,nusedhandles
  155. cmp ax,nrefhandles
  156. jz handles_match
  157. or dx,10h ; allocated handles != used handles
  158. handles_match:
  159. add ax,nfreehandles
  160. add ax,ndishandles
  161. cmp ax,nhandles
  162. jz total_number_okay
  163. or dx,20h ; total number of handles dont add up
  164. total_number_okay:
  165. xor cx,cx
  166. mov si,[bx].hi_hfree
  167. count_free:
  168. or si,si
  169. jz counted_free
  170. inc cx
  171. mov si,[si].lhe_link
  172. jmp count_free
  173. counted_free:
  174. cmp cx,nfreehandles
  175. jz free_add_up
  176. or dx,40h ; total # of free handles dont add up
  177. free_add_up:
  178. ; now check the free block list
  179. mov si,[bx].hi_first
  180. mov si,[si].la_free_next ; Sentinals not free.
  181. mov ax,[bx].hi_last
  182. mov pbottom,ax
  183. check_free_list:
  184. cmp si,[si].la_free_next
  185. jz check_free_list_done
  186. mov ax,[si].la_next
  187. sub ax,si
  188. cmp ax,[si].la_size
  189. jnz free_list_corrupted ; invalid block size
  190. cmp [bx].hi_check,2 ; if hi_check >= 2, check free.
  191. jb dont_check_free
  192. mov di,si
  193. add di,SIZE LocalArenaFree
  194. mov cx,[si].la_next
  195. sub cx,di
  196. mov al,DBGFILL_FREE
  197. smov es,ds
  198. repz scasb
  199. jnz free_list_corrupted ; free block corrupted
  200. dont_check_free:
  201. mov ax,[si].la_free_next
  202. cmp ax,si
  203. jbe free_list_corrupted
  204. mov si,ax
  205. cmp ax,pbottom
  206. jbe check_free_list
  207. free_list_corrupted:
  208. krDebugOut DEB_FERROR, "Local free memory overwritten at #ES:#DI"
  209. or dx,80h
  210. end_fault_trap
  211. check_free_list_done:
  212. clh_ret:
  213. mov ax,dx
  214. cEnd
  215. clh_trap:
  216. fault_fix_stack
  217. mov dx, 80h
  218. jmp clh_ret
  219. endif
  220. sEnd CODE
  221. end