archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/printscan/wia/kernel/usbscn9x/ioctl.c

1588 lines
53 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (C) Microsoft Corporation, 1997 - 2001
  5. Module Name:
  7. ioctl.c
  9. Abstract:
  11. Environment:
  13. kernel mode only
  15. Notes:
  17. Revision History:
  19. --*/
  21. #include <stdio.h>
  22. #include <stddef.h>
  23. #include <wdm.h>
  24. #include <usbscan.h>
  25. #include "usbd_api.h"
  26. #include "private.h"
  28. #ifdef ALLOC_PRAGMA
  29. #pragma alloc_text(PAGE, USDeviceControl)
  30. #pragma alloc_text(PAGE, USReadWriteRegisters)
  31. #pragma alloc_text(PAGE, USCancelPipe)
  32. #pragma alloc_text(PAGE, USAbortResetPipe)
  33. #endif
  35. #ifdef _WIN64
  36. BOOLEAN
  37. IoIs32bitProcess(
  38. IN PIRP Irp
  39. );
  40. #endif // _WIN64
  42. NTSTATUS
  43. USDeviceControl(
  44. IN PDEVICE_OBJECT pDeviceObject,
  45. IN PIRP pIrp
  46. )
  47. /*++
  49. Routine Description:
  51. Arguments:
  52. pDeviceObject - Device object for a device.
  53. pIrp - DEVICE IOCTL irp
  55. Return Value:
  56. NT Status - STATUS_SUCCESS
  58. --*/
  59. {
  60. PIO_STACK_LOCATION pIrpStack;
  61. PIO_STACK_LOCATION pNextIrpStack;
  62. PFILE_OBJECT fileObject;
  63. PUSBSCAN_FILE_CONTEXT pFileContext;
  64. ULONG IoControlCode;
  65. PUSBSCAN_DEVICE_EXTENSION pde;
  66. NTSTATUS Status;
  67. PDRV_VERSION pVersion;
  68. PDEVICE_DESCRIPTOR pDesc;
  69. PUSBSCAN_GET_DESCRIPTOR pGetDesc;
  70. PUSBSCAN_PIPE_CONFIGURATION pPipeConfig;
  71. PVOID pBuffer;
  73. IO_BLOCK LocalIoBlock;
  74. IO_BLOCK_EX LocalIoBlockEx;
  75. PIO_BLOCK pIoBlock;
  76. PIO_BLOCK_EX pIoBlockEx;
  78. ULONG InLength;
  79. ULONG OutLength;
  80. BOOLEAN fRead = FALSE;
  81. BOOLEAN fAbort = TRUE;
  82. ULONG i;
  83. PURB pUrb;
  85. PAGED_CODE();
  87. DebugTrace(TRACE_PROC_ENTER,("USDeviceControl: Enter.. - \n"));
  89. //
  90. // Indicates I/O processing increase.
  91. //
  93. USIncrementIoCount( pDeviceObject );
  95. pde = (PUSBSCAN_DEVICE_EXTENSION)pDeviceObject -> DeviceExtension;
  97. if (FALSE == pde -> AcceptingRequests) {
  98. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! IOCTL issued after device stopped/removed!\n"));
  99. Status = STATUS_DELETE_PENDING;
  100. pIrp -> IoStatus.Status = Status;
  101. pIrp -> IoStatus.Information = 0;
  102. IoCompleteRequest(pIrp, IO_NO_INCREMENT);
  104. goto USDeviceControl_return;
  105. }
  107. //
  108. // Check device power state.
  109. //
  111. if (PowerDeviceD0 != pde -> CurrentDevicePowerState) {
  112. DebugTrace(TRACE_WARNING,("USDeviceControl: WARNING!! Device is suspended.\n"));
  113. Status = STATUS_DELETE_PENDING;
  114. pIrp -> IoStatus.Status = Status;
  115. pIrp -> IoStatus.Information = 0;
  116. IoCompleteRequest(pIrp, IO_NO_INCREMENT);
  118. goto USDeviceControl_return;
  119. }
  122. pIrpStack = IoGetCurrentIrpStackLocation( pIrp );
  123. pNextIrpStack = IoGetNextIrpStackLocation( pIrp );
  124. IoControlCode = pIrpStack->Parameters.DeviceIoControl.IoControlCode;
  126. InLength = pIrpStack->Parameters.DeviceIoControl.InputBufferLength;
  127. OutLength = pIrpStack->Parameters.DeviceIoControl.OutputBufferLength;
  128. pBuffer = pIrp -> AssociatedIrp.SystemBuffer;
  130. fileObject = pIrpStack->FileObject;
  131. pFileContext = fileObject->FsContext;
  133. DebugTrace(TRACE_STATUS,("USDeviceControl: Control code 0x%x = ", IoControlCode));
  135. switch (IoControlCode) {
  137. case IOCTL_GET_VERSION:
  138. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_GET_VERSION\n"));
  140. if (OutLength < sizeof(DRV_VERSION) ) {
  141. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Buffer(0x%x) too small(<0x%x)\n", OutLength, sizeof(DRV_VERSION)));
  142. DEBUG_BREAKPOINT();
  143. Status = STATUS_INVALID_PARAMETER;
  144. break;
  145. }
  147. pVersion = (PDRV_VERSION)pBuffer;
  148. pVersion->major = 1;
  149. pVersion->minor = 0;
  150. pVersion->internal = 0;
  152. pIrp -> IoStatus.Information = sizeof(DRV_VERSION);
  154. Status = STATUS_SUCCESS;
  155. break;
  157. case IOCTL_CANCEL_IO:
  158. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_CANCEL_IO\n"));
  159. fAbort = TRUE;
  161. //
  162. // Falling through to the next case, this is intentional. We want to reset pipe when
  163. // cancel requested
  164. //
  166. case IOCTL_RESET_PIPE:
  167. if(IOCTL_RESET_PIPE == IoControlCode){
  168. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_RESET_PIPE\n"));
  169. fAbort = FALSE;
  170. }
  172. //
  173. // Validate buffer size
  174. //
  176. if (InLength < sizeof(PIPE_TYPE) ) {
  177. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Pipe type buffer (0x%x bytes) too small\n" ,InLength));
  178. Status = STATUS_INVALID_PARAMETER;
  179. break;
  180. }
  182. Status = USCancelPipe(pDeviceObject,
  183. pIrp,
  184. *(PIPE_TYPE*)pBuffer,
  185. fAbort);
  186. break;
  188. case IOCTL_WAIT_ON_DEVICE_EVENT:
  189. {
  190. ULONG Index;
  191. ULONG Timeout;
  192. PULONG pTimeout;
  195. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_WAIT_ON_DEVICE_EVENT\n"));
  197. Index = USGetPipeIndexToUse(pDeviceObject,
  198. pIrp,
  199. pde -> IndexInterrupt);
  201. if (OutLength < pde -> PipeInfo[Index].MaximumPacketSize) {
  202. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! User buffer(0x%x) too small(<)\n"
  203. , OutLength
  204. , pde -> PipeInfo[Index].MaximumPacketSize));
  205. Status = STATUS_INVALID_PARAMETER;
  206. break;
  207. }
  209. //
  210. // Copy timeout value from file context.
  211. //
  213. Timeout = pFileContext->TimeoutEvent;
  215. //
  216. // If timeout value is 0, then never timeout.
  217. //
  219. if(0 == Timeout){
  220. pTimeout = NULL;
  221. } else {
  222. DebugTrace(TRACE_STATUS,("USDeviceControl: Timeout is set to 0x%x sec.\n", Timeout));
  223. pTimeout = &Timeout;
  224. }
  226. Status = USTransfer(pDeviceObject,
  227. pIrp,
  228. Index,
  229. pIrp -> AssociatedIrp.SystemBuffer,
  230. NULL,
  231. pde -> PipeInfo[Index].MaximumPacketSize,
  232. pTimeout);
  234. //
  235. // IRP should be completed in USTransfer or its completion routine.
  236. //
  238. goto USDeviceControl_return;
  239. }
  241. case IOCTL_READ_REGISTERS:
  242. fRead = TRUE;
  243. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_READ_REGISTERS\n"));
  245. case IOCTL_WRITE_REGISTERS:{
  247. if (IOCTL_WRITE_REGISTERS == IoControlCode) {
  248. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_WRITE_REGISTERS\n"));
  249. fRead = FALSE;
  250. }
  251. #ifdef _WIN64
  253. if(IoIs32bitProcess(pIrp)){
  254. PIO_BLOCK_32 pIoBlock32;
  256. if (InLength < sizeof(IO_BLOCK_32) ) {
  257. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Invalid input 32bit buffer size(0x%x<0x%x)\n"
  258. , InLength,
  259. sizeof(IO_BLOCK_32)));
  260. Status = STATUS_INVALID_PARAMETER;
  261. break;
  262. }
  264. //
  265. // Copy all parameters from 32bit structure.
  266. //
  268. pIoBlock32 = (PIO_BLOCK_32)pBuffer;
  269. pIoBlock = &LocalIoBlock;
  271. pIoBlock -> uOffset = pIoBlock32 -> uOffset;
  272. pIoBlock -> uLength = pIoBlock32 -> uLength;
  273. pIoBlock -> pbyData = pIoBlock32 -> pbyData;
  274. pIoBlock -> uIndex = pIoBlock32 -> uIndex;
  276. } else { // if(IoIs32bitProcess(pIrp))
  277. #endif // _WIN64
  279. if (InLength < sizeof(IO_BLOCK) ) {
  280. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Invalid input buffer size(0x%x<0x%x)\n"
  281. , InLength,
  282. sizeof(IO_BLOCK)));
  283. Status = STATUS_INVALID_PARAMETER;
  284. break;
  285. }
  286. pIoBlock = (PIO_BLOCK)pBuffer;
  288. #ifdef _WIN64
  289. } // if(IoIs32bitProcess(pIrp))
  290. #endif // _WIN64
  292. if(TRUE == fRead){
  294. //
  295. // Check the size of Output buffer.
  296. //
  298. if (OutLength < pIoBlock -> uLength) {
  299. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Out buffer(0x%x) too small(<0x%x)\n"
  300. , OutLength
  301. , pIoBlock -> uLength));
  302. Status = STATUS_INVALID_PARAMETER;
  303. break;
  304. } // if (OutLength < pIoBlock -> uLength)
  305. } // if(TRUE == fRead)
  307. pIrp -> IoStatus.Information = pIoBlock -> uLength;
  309. //
  310. // Caller gives us a pointer, embedded into IOCTL buffer. If call is made from
  311. // user-mode , we need to validate that given pointer is readable.
  312. //
  314. if (pIrp->RequestorMode != KernelMode) {
  316. try {
  317. ProbeForRead(pIoBlock->pbyData,
  318. pIoBlock -> uLength,
  319. sizeof(UCHAR));
  321. } except(EXCEPTION_EXECUTE_HANDLER) {
  323. DebugTrace(TRACE_ERROR,("USDeviceControl: Read/Write registers buffer pointer is invalid\n"));
  324. DEBUG_BREAKPOINT();
  326. Status = GetExceptionCode();
  328. pIrp -> IoStatus.Information = 0;
  329. break;
  330. } // except
  331. } // !kernelmode
  333. //
  334. // Now go to worker function
  335. //
  337. Status = USReadWriteRegisters(pDeviceObject,
  338. pIoBlock,
  339. fRead,
  340. InLength);
  341. if (STATUS_SUCCESS != Status) {
  342. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! USReadWriteRegisters failed\n"));
  343. DEBUG_BREAKPOINT();
  344. pIrp -> IoStatus.Information = 0;
  345. }
  346. break;
  347. } // case IOCTL_WRITE_REGISTERS:
  348. case IOCTL_GET_CHANNEL_ALIGN_RQST:
  349. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_GET_CHANNEL_ALIGN_REQUEST\n"));
  351. if (OutLength < sizeof(CHANNEL_INFO) ) {
  353. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Buffer(0x%x) too small(<0x%x)\n"
  354. , OutLength
  355. ,sizeof(CHANNEL_INFO)));
  356. Status = STATUS_INVALID_PARAMETER;
  357. break;
  358. }
  360. pIoBlock = (PIO_BLOCK)pBuffer;
  361. RtlZeroMemory((PCHANNEL_INFO)pIoBlock, sizeof(CHANNEL_INFO));
  363. for (i = 0; i < pde -> NumberOfPipes; i++) {
  365. //
  366. // Have to check which pipe to use
  367. //
  369. ULONG Index;
  370. Index = USGetPipeIndexToUse(pDeviceObject,
  371. pIrp,
  372. i);
  373. switch (pde -> PipeInfo[Index].PipeType) {
  374. case USB_ENDPOINT_TYPE_INTERRUPT:
  375. ((PCHANNEL_INFO)pIoBlock)->EventChannelSize = pde -> PipeInfo[Index].MaximumPacketSize;
  376. break;
  377. case USB_ENDPOINT_TYPE_BULK:
  378. if (pde -> pEndpointDescriptor[Index].bEndpointAddress & BULKIN_FLAG) {
  379. ((PCHANNEL_INFO)pIoBlock) -> uReadDataAlignment = pde -> PipeInfo[Index].MaximumPacketSize;
  380. } else {
  381. ((PCHANNEL_INFO)pIoBlock) -> uWriteDataAlignment = pde -> PipeInfo[Index].MaximumPacketSize;
  382. }
  383. break;
  384. }
  385. }
  386. pIrp -> IoStatus.Information = sizeof(CHANNEL_INFO);
  387. Status = STATUS_SUCCESS;
  388. break;
  390. case IOCTL_GET_DEVICE_DESCRIPTOR:
  391. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_GET_DEVICE_DESCRIPTOR\n"));
  393. if (OutLength < sizeof(DEVICE_DESCRIPTOR)) {
  394. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Out buffer(0x%x) is too small(<0x%x)\n"
  395. , OutLength
  396. , sizeof(DEVICE_DESCRIPTOR)));
  397. Status = STATUS_INVALID_PARAMETER_6;
  398. break;
  399. }
  401. pDesc = (PDEVICE_DESCRIPTOR)pBuffer;
  402. pDesc -> usVendorId = pde -> pDeviceDescriptor -> idVendor;
  403. pDesc -> usProductId = pde -> pDeviceDescriptor -> idProduct;
  404. pDesc -> usBcdDevice = pde -> pDeviceDescriptor -> bcdDevice;
  406. DebugTrace(TRACE_STATUS,("USDeviceControl: Vendor ID:%d\n", pDesc -> usVendorId));
  407. DebugTrace(TRACE_STATUS,("USDeviceControl: Product ID:%d\n", pDesc -> usProductId));
  408. DebugTrace(TRACE_STATUS,("USDeviceControl: BcdDevice:%d\n", pDesc -> usBcdDevice));
  410. pIrp -> IoStatus.Information = sizeof(DEVICE_DESCRIPTOR);
  411. Status = STATUS_SUCCESS;
  412. break;
  415. case IOCTL_GET_USB_DESCRIPTOR:
  416. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_GET_USB_DESCRIPTOR\n"));
  418. if (OutLength < sizeof(USBSCAN_GET_DESCRIPTOR)) {
  419. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Out buffer(0x%x) is too small(<0x%x)\n"
  420. , OutLength
  421. , sizeof(USBSCAN_GET_DESCRIPTOR)));
  422. Status = STATUS_INVALID_PARAMETER_6;
  423. break;
  424. }
  426. pGetDesc = (PUSBSCAN_GET_DESCRIPTOR)pBuffer;
  427. pUrb = USAllocatePool(NonPagedPool,
  428. sizeof(struct _URB_CONTROL_DESCRIPTOR_REQUEST));
  429. if (NULL == pUrb) {
  430. DebugTrace(TRACE_CRITICAL,("USDeviceControl: ERROR!! Can't allocate control descriptor URB.\n"));
  431. DEBUG_BREAKPOINT();
  432. Status = STATUS_INSUFFICIENT_RESOURCES;
  433. break;
  434. }
  436. #ifdef DEBUG
  437. switch(pGetDesc -> DescriptorType){
  438. case USB_DEVICE_DESCRIPTOR_TYPE:
  439. DebugTrace(TRACE_STATUS,("USDeviceControl: USB_DEVICE_DESCRIPTOR_TYPE\n"));
  440. break;
  441. case USB_CONFIGURATION_DESCRIPTOR_TYPE:
  442. DebugTrace(TRACE_STATUS,("USDeviceControl: USB_CONFIGURATION_DESCRIPTOR_TYPE\n"));
  443. break;
  444. case USB_STRING_DESCRIPTOR_TYPE:
  445. DebugTrace(TRACE_STATUS,("USDeviceControl: USB_STRING_DESCRIPTOR_TYPE\n"));
  446. break;
  447. default:
  448. DebugTrace(TRACE_WARNING,("USDeviceControl: WARNING!! 0x%x = Undefined.\n", pGetDesc -> DescriptorType));
  449. Status = STATUS_INVALID_PARAMETER_3;
  451. USFreePool(pUrb);
  452. pUrb = NULL;
  453. pIrp -> IoStatus.Information = 0;
  454. goto USDeviceControl_return;
  455. }
  456. DebugTrace(TRACE_STATUS, ("USDeviceControl: Index :%d\n",pGetDesc -> Index));
  457. DebugTrace(TRACE_STATUS, ("USDeviceControl: LanguageID :%d\n", pGetDesc -> LanguageId));
  458. #endif //DEBUG
  460. UsbBuildGetDescriptorRequest(pUrb,
  461. (USHORT)sizeof(struct _URB_CONTROL_DESCRIPTOR_REQUEST),
  462. pGetDesc -> DescriptorType,
  463. pGetDesc -> Index,
  464. pGetDesc -> LanguageId,
  465. pBuffer,
  466. NULL,
  467. OutLength,
  468. NULL);
  470. Status = USBSCAN_CallUSBD(pDeviceObject, pUrb);
  471. #ifdef DEBUG
  472. if ( (STATUS_SUCCESS == Status)
  473. // && (USB_DEVICE_DESCRIPTOR_TYPE == pGetDesc -> DescriptorType)
  474. )
  475. {
  476. PUSB_DEVICE_DESCRIPTOR pDeviceDescriptor;
  477. pDeviceDescriptor = (PUSB_DEVICE_DESCRIPTOR)pBuffer;
  478. DebugTrace(TRACE_STATUS,("USDeviceControl: Device Descriptor = %x, len %x\n",
  479. pDeviceDescriptor,
  480. pUrb->UrbControlDescriptorRequest.TransferBufferLength));
  482. DebugTrace(TRACE_STATUS,("USDeviceControl: USBSCAN Device Descriptor:\n"));
  483. DebugTrace(TRACE_STATUS,("USDeviceControl: -------------------------\n"));
  484. DebugTrace(TRACE_STATUS,("USDeviceControl: bLength %d\n", pDeviceDescriptor->bLength));
  485. DebugTrace(TRACE_STATUS,("USDeviceControl: bDescriptorType 0x%x\n", pDeviceDescriptor->bDescriptorType));
  486. DebugTrace(TRACE_STATUS,("USDeviceControl: bcdUSB 0x%x\n", pDeviceDescriptor->bcdUSB));
  487. DebugTrace(TRACE_STATUS,("USDeviceControl: bDeviceClass 0x%x\n", pDeviceDescriptor->bDeviceClass));
  488. DebugTrace(TRACE_STATUS,("USDeviceControl: bDeviceSubClass 0x%x\n", pDeviceDescriptor->bDeviceSubClass));
  489. DebugTrace(TRACE_STATUS,("USDeviceControl: bDeviceProtocol 0x%x\n", pDeviceDescriptor->bDeviceProtocol));
  490. DebugTrace(TRACE_STATUS,("USDeviceControl: bMaxPacketSize0 0x%x\n", pDeviceDescriptor->bMaxPacketSize0));
  491. DebugTrace(TRACE_STATUS,("USDeviceControl: idVendor 0x%x\n", pDeviceDescriptor->idVendor));
  492. DebugTrace(TRACE_STATUS,("USDeviceControl: idProduct 0x%x\n", pDeviceDescriptor->idProduct));
  493. DebugTrace(TRACE_STATUS,("USDeviceControl: bcdDevice 0x%x\n", pDeviceDescriptor->bcdDevice));
  494. DebugTrace(TRACE_STATUS,("USDeviceControl: iManufacturer 0x%x\n", pDeviceDescriptor->iManufacturer));
  495. DebugTrace(TRACE_STATUS,("USDeviceControl: iProduct 0x%x\n", pDeviceDescriptor->iProduct));
  496. DebugTrace(TRACE_STATUS,("USDeviceControl: iSerialNumber 0x%x\n", pDeviceDescriptor->iSerialNumber));
  497. DebugTrace(TRACE_STATUS,("USDeviceControl: bNumConfigurations 0x%x\n", pDeviceDescriptor->bNumConfigurations));
  499. } else {
  500. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR! Status = %d\n", Status));
  501. }
  503. #endif //DEBUG
  505. USFreePool(pUrb);
  506. pUrb = NULL;
  507. pIrp -> IoStatus.Information = ((PUSB_DEVICE_DESCRIPTOR)pBuffer)->bLength;
  508. break;
  510. case IOCTL_SEND_USB_REQUEST:
  511. {
  513. //
  514. // Generic pass-through mechanism for USB vendor requests.
  515. //
  517. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_SEND_USB_REQUEST\n"));
  519. //
  520. // Validate length parameters.
  521. //
  523. #ifdef _WIN64
  525. if(IoIs32bitProcess(pIrp)){
  526. PIO_BLOCK_EX_32 pIoBlockEx32;
  528. if (InLength < sizeof(IO_BLOCK_EX_32) ) {
  529. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Invalid input 32bit buffer size(0x%x<0x%x)\n"
  530. , InLength,
  531. sizeof(IO_BLOCK_EX_32)));
  532. Status = STATUS_INVALID_PARAMETER;
  533. break;
  534. }
  536. //
  537. // Copy all parameters from 32bit structure.
  538. //
  540. pIoBlockEx32 = (PIO_BLOCK_EX_32)pBuffer;
  541. pIoBlockEx = &LocalIoBlockEx;
  543. pIoBlockEx -> uOffset = pIoBlockEx32 -> uOffset;
  544. pIoBlockEx -> uLength = pIoBlockEx32 -> uLength;
  545. pIoBlockEx -> pbyData = pIoBlockEx32 -> pbyData;
  546. pIoBlockEx -> uIndex = pIoBlockEx32 -> uIndex;
  547. pIoBlockEx -> bRequest = pIoBlockEx32 -> bRequest;
  548. pIoBlockEx -> bmRequestType = pIoBlockEx32 -> bmRequestType;
  549. pIoBlockEx -> fTransferDirectionIn = pIoBlockEx32 -> fTransferDirectionIn;
  551. } else { // if(IoIs32bitProcess(pIrp))
  552. #endif // _WIN64
  554. if (InLength < sizeof(IO_BLOCK_EX) ) {
  555. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! I/O buffer(0x%x) too small(<0x%x)\n"
  556. , InLength
  557. , sizeof(IO_BLOCK_EX)));
  558. Status = STATUS_INVALID_PARAMETER;
  559. break;
  560. }
  562. pIoBlockEx = (PIO_BLOCK_EX)pBuffer;
  564. #ifdef _WIN64
  565. } // if(IoIs32bitProcess(pIrp))
  566. #endif // _WIN64
  568. if (pIoBlockEx->fTransferDirectionIn) {
  570. //
  571. // Check output buffer length is valid.
  572. //
  574. if (OutLength < pIoBlockEx -> uLength) {
  575. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! OutLength too small\n"));
  576. DEBUG_BREAKPOINT();
  577. Status = STATUS_INVALID_PARAMETER;
  578. pIrp -> IoStatus.Information = 0;
  579. break;
  580. }
  581. pIrp -> IoStatus.Information = pIoBlockEx -> uLength;
  583. } else {
  585. //
  586. // No output to the caller.
  587. //
  589. pIrp -> IoStatus.Information = 0;
  590. }
  592. //
  593. // Validate user buffer.
  594. //
  596. if (pIrp->RequestorMode != KernelMode) {
  598. try {
  599. ProbeForRead(pIoBlockEx->pbyData,
  600. pIoBlockEx->uLength,
  601. sizeof(UCHAR));
  603. } except(EXCEPTION_EXECUTE_HANDLER) {
  605. DebugTrace(TRACE_ERROR,("USDeviceControl: User buffer pointer is invalid\n"));
  607. Status = GetExceptionCode();
  609. pIrp -> IoStatus.Information = 0;
  610. break;
  611. } // except
  612. } // !kernelmode
  614. //
  615. // Now go to worker function
  616. //
  618. Status = USPassThruUSBRequest(pDeviceObject,
  619. (PIO_BLOCK_EX)pBuffer,
  620. InLength,
  621. OutLength
  622. );
  624. if (STATUS_SUCCESS != Status) {
  625. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! USPassThruUSBRequest failed\n"));
  626. DEBUG_BREAKPOINT();
  627. pIrp -> IoStatus.Information = 0;
  628. }
  630. break;
  632. } // case IOCTL_SEND_USB_REQUEST:
  634. case IOCTL_SEND_USB_REQUEST_PTP:
  635. {
  637. //
  638. // Generic pass-through mechanism for USB vendor requests.
  639. //
  641. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_SEND_USB_REQUEST_PTP\n"));
  643. //
  644. // Validate length parameters.
  645. //
  647. #ifdef _WIN64
  649. if(IoIs32bitProcess(pIrp)){
  650. PIO_BLOCK_EX_32 pIoBlockEx32;
  652. if (InLength < sizeof(IO_BLOCK_EX_32) ) {
  653. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Invalid input 32bit buffer size(0x%x<0x%x)\n"
  654. , InLength,
  655. sizeof(IO_BLOCK_EX_32)));
  656. Status = STATUS_INVALID_PARAMETER;
  657. break;
  658. }
  660. //
  661. // Copy all parameters from 32bit structure.
  662. //
  664. pIoBlockEx32 = (PIO_BLOCK_EX_32)pBuffer;
  665. pIoBlockEx = &LocalIoBlockEx;
  667. pIoBlockEx -> uOffset = pIoBlockEx32 -> uOffset;
  668. pIoBlockEx -> uLength = pIoBlockEx32 -> uLength;
  669. pIoBlockEx -> pbyData = pIoBlockEx32 -> pbyData;
  670. pIoBlockEx -> uIndex = pIoBlockEx32 -> uIndex;
  671. pIoBlockEx -> bRequest = pIoBlockEx32 -> bRequest;
  672. pIoBlockEx -> bmRequestType = pIoBlockEx32 -> bmRequestType;
  673. pIoBlockEx -> fTransferDirectionIn = pIoBlockEx32 -> fTransferDirectionIn;
  675. } else { // if(IoIs32bitProcess(pIrp))
  676. #endif // _WIN64
  678. if (InLength < sizeof(IO_BLOCK_EX) ) {
  679. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! I/O buffer(0x%x) too small(<0x%x)\n"
  680. , InLength
  681. , sizeof(IO_BLOCK_EX)));
  682. Status = STATUS_INVALID_PARAMETER;
  683. break;
  684. }
  686. pIoBlockEx = (PIO_BLOCK_EX)pBuffer;
  688. #ifdef _WIN64
  689. } // if(IoIs32bitProcess(pIrp))
  690. #endif // _WIN64
  692. if (pIoBlockEx->fTransferDirectionIn) {
  694. //
  695. // Check output buffer length is valid.
  696. //
  698. if (OutLength < pIoBlockEx -> uLength) {
  699. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! OutLength too small\n"));
  700. DEBUG_BREAKPOINT();
  701. Status = STATUS_INVALID_PARAMETER;
  702. pIrp -> IoStatus.Information = 0;
  703. break;
  704. }
  705. pIrp -> IoStatus.Information = pIoBlockEx -> uLength;
  707. } else {
  709. //
  710. // No output to the caller.
  711. //
  713. pIrp -> IoStatus.Information = 0;
  714. }
  716. //
  717. // Validate user buffer.
  718. //
  720. if (pIrp->RequestorMode != KernelMode) {
  722. try {
  723. ProbeForRead(pIoBlockEx->pbyData,
  724. pIoBlockEx->uLength,
  725. sizeof(UCHAR));
  727. } except(EXCEPTION_EXECUTE_HANDLER) {
  729. DebugTrace(TRACE_ERROR,("USDeviceControl: User buffer pointer is invalid\n"));
  731. Status = GetExceptionCode();
  733. pIrp -> IoStatus.Information = 0;
  734. break;
  735. } // except
  736. } // !kernelmode
  738. //
  739. // Now go to worker function
  740. //
  742. Status = USPassThruUSBRequestPTP(pDeviceObject,
  743. (PIO_BLOCK_EX)pBuffer,
  744. InLength,
  745. OutLength);
  747. if (STATUS_SUCCESS != Status) {
  748. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! USPassThruUSBRequestPTP failed\n"));
  749. DEBUG_BREAKPOINT();
  750. pIrp -> IoStatus.Information = 0;
  751. }
  753. break;
  755. } // case IOCTL_SEND_USB_REQUEST_PTP:
  757. case IOCTL_GET_PIPE_CONFIGURATION:
  758. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_GET_PIPE_CONFIGURATION\n"));
  760. //
  761. // Check output buffer length
  762. //
  764. if (OutLength < sizeof(USBSCAN_PIPE_CONFIGURATION)) {
  765. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! GetPipeConfig buffer(0x%x) too small(<0x%x)\n"
  766. , OutLength
  767. , sizeof(USBSCAN_PIPE_CONFIGURATION)));
  768. Status = STATUS_INVALID_PARAMETER_6;
  769. break;
  770. }
  772. //
  773. // Copy Pipe configuration to user buffer.
  774. //
  776. pPipeConfig = (PUSBSCAN_PIPE_CONFIGURATION)pBuffer;
  777. RtlZeroMemory(pPipeConfig, sizeof(USBSCAN_PIPE_CONFIGURATION));
  779. pPipeConfig->NumberOfPipes = pde->NumberOfPipes;
  780. for(i=0; i < pPipeConfig->NumberOfPipes; i++){
  781. pPipeConfig->PipeInfo[i].MaximumPacketSize = pde->PipeInfo[i].MaximumPacketSize;
  782. pPipeConfig->PipeInfo[i].EndpointAddress = pde->PipeInfo[i].EndpointAddress;
  783. pPipeConfig->PipeInfo[i].Interval = pde->PipeInfo[i].Interval;
  784. pPipeConfig->PipeInfo[i].PipeType = pde->PipeInfo[i].PipeType;
  785. }
  787. pIrp -> IoStatus.Information = sizeof(USBSCAN_PIPE_CONFIGURATION);
  788. Status = STATUS_SUCCESS;
  789. break;
  792. case IOCTL_SET_TIMEOUT:
  793. DebugTrace(TRACE_STATUS,("USDeviceControl: IOCTL_SET_TIMEOUT\n"));
  795. //
  796. // Make sure input buffer size is big enough.
  797. //
  799. if(sizeof(USBSCAN_TIMEOUT) > InLength){
  801. //
  802. // Incorrect Input buffer size.
  803. //
  805. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Invalid input buffer size\n"));
  806. Status = STATUS_INVALID_PARAMETER;
  807. break;
  808. }
  810. //
  811. // Copy timeout value.
  812. //
  814. pFileContext -> TimeoutRead = ((PUSBSCAN_TIMEOUT)pBuffer) -> TimeoutRead;
  815. pFileContext -> TimeoutWrite = ((PUSBSCAN_TIMEOUT)pBuffer) -> TimeoutWrite;
  816. pFileContext -> TimeoutEvent = ((PUSBSCAN_TIMEOUT)pBuffer) -> TimeoutEvent;
  818. pIrp -> IoStatus.Information = 0;
  820. Status = STATUS_SUCCESS;
  821. break;
  823. default:
  824. DebugTrace(TRACE_ERROR,("USDeviceControl: ERROR!! Unsupported IOCTL\n"));
  825. Status = STATUS_NOT_SUPPORTED;
  826. break;
  827. }
  830. pIrp -> IoStatus.Status = Status;
  831. IoCompleteRequest(pIrp, IO_NO_INCREMENT);
  833. USDeviceControl_return:
  834. USDecrementIoCount(pDeviceObject);
  835. DebugTrace(TRACE_PROC_LEAVE,("USDeviceControl: Leaving.. Status = 0x%x\n", Status));
  836. return Status;
  839. } // end USDeviceControl()
  843. NTSTATUS
  844. USReadWriteRegisters(
  845. IN PDEVICE_OBJECT pDeviceObject,
  846. IN PIO_BLOCK pIoBlock,
  847. IN BOOLEAN fRead,
  848. IN ULONG IoBlockSize
  849. )
  850. /*++
  852. Routine Description:
  854. Arguments:
  856. Return Value:
  858. --*/
  859. {
  860. NTSTATUS Status;
  861. PUSBSCAN_DEVICE_EXTENSION pde;
  862. PURB pUrb;
  863. ULONG siz;
  864. UCHAR Request;
  865. PVOID pBuffer = NULL;
  866. //USHORT uIndex;
  867. unsigned uIndex;
  869. PAGED_CODE();
  871. DebugTrace(TRACE_PROC_ENTER,("USReadWriteRegisters: Enter..\n"));
  873. pde = (PUSBSCAN_DEVICE_EXTENSION)pDeviceObject -> DeviceExtension;
  875. //
  876. // Allocate URB
  877. //
  879. siz = sizeof(struct _URB_CONTROL_VENDOR_OR_CLASS_REQUEST);
  880. pUrb = USAllocatePool(NonPagedPool, siz);
  881. if (NULL == pUrb) {
  882. DebugTrace(TRACE_CRITICAL,("USReadWriteRegisters: ERROR!! cannot allocated URB\n"));
  883. DEBUG_BREAKPOINT();
  884. Status = STATUS_INSUFFICIENT_RESOURCES;
  885. goto USReadWriteRegisters_return;
  886. }
  888. RtlZeroMemory(pUrb, siz);
  890. //
  891. // Setup URB
  892. //
  894. Request = REGISTER_AREA;
  895. if (pIoBlock -> uLength > 1) {
  896. DebugTrace(TRACE_STATUS,("USReadWriteRegisters: ULength > 1, turning on automatic increment\n"));
  897. Request |= OPCODE_SEQ_TRANSFER; // automatic address increment after the read
  898. } else {
  899. Request |= OPCODE_SINGLE_ADDR_TRANSFER; // no address increment after the read
  900. }
  902. //
  903. // Reading registers will read into pIoBlock itself.
  904. //
  906. pBuffer = pIoBlock;
  908. //
  909. // If we are writing registers, then we need to make a copy of the
  910. // register block into a non-paged block of memory before handing it off
  911. // to usbd.
  912. //
  914. if (!fRead) {
  915. DebugTrace(TRACE_STATUS,("USReadWriteRegisters: Write request, allocating non-paged reg buffer, len = %d\n",pIoBlock->uLength));
  916. pBuffer = USAllocatePool(NonPagedPool, pIoBlock->uLength);
  917. if (NULL == pBuffer) {
  918. DebugTrace(TRACE_CRITICAL,("USReadWriteRegisters: ERROR!! cannot allocate write reg buffer\n"));
  919. DEBUG_BREAKPOINT();
  920. USFreePool(pUrb);
  921. pUrb = NULL;
  922. Status = STATUS_INSUFFICIENT_RESOURCES;
  923. goto USReadWriteRegisters_return;
  924. }
  926. //
  927. // Caller gives us a pointer, embedded into IOCTL buffer. We need to
  928. // validate that given pointer is readable.
  929. //
  931. try{
  932. RtlCopyMemory(pBuffer,
  933. pIoBlock->pbyData,
  934. pIoBlock->uLength);
  936. } except(EXCEPTION_EXECUTE_HANDLER) {
  938. //
  939. // Caller buffer is not valid, or worse..
  940. //
  942. DebugTrace(TRACE_ERROR,("USReadWriteRegisters: ERROR!! Copying caller buffer failed.\n"));
  943. DEBUG_BREAKPOINT();
  944. Status = GetExceptionCode();
  946. //
  947. // Clear allocated pool
  948. //
  950. USFreePool(pUrb);
  951. USFreePool(pBuffer);
  952. pUrb = NULL;
  953. pBuffer = NULL;
  955. goto USReadWriteRegisters_return;
  956. }
  958. }
  960. //
  961. // If the IoBlock is new style (Intel has added a uIndex field to the end of it),
  962. // then make sure we pass the corrected uIndex value to usbd.
  963. //
  965. uIndex = 0;
  966. if (IoBlockSize == sizeof(IO_BLOCK)) {
  967. DebugTrace(TRACE_STATUS,("USReadWriteRegisters: New (intel) style IoBlock -- setting uIndex to pIoBlock -> uIndex\n"));
  968. uIndex = pIoBlock -> uIndex;
  969. }
  972. UsbBuildVendorClassSpecificCommand(pUrb,
  973. fRead ? USBD_TRANSFER_DIRECTION_IN : 0,
  974. pIoBlock->uLength,
  975. pBuffer,
  976. NULL,
  977. fRead ? 0xc0 : 0x40,
  978. Request,
  979. (SHORT)pIoBlock->uOffset,
  980. (USHORT)uIndex);
  982. Status = USBSCAN_CallUSBD(pDeviceObject, pUrb);
  984. if (!fRead) {
  985. DebugTrace(TRACE_STATUS,("USReadWriteRegisters: freeing temp reg buffer\n"));
  986. USFreePool(pBuffer);
  987. pBuffer = NULL;
  988. }
  990. USFreePool(pUrb);
  991. pUrb = NULL;
  993. USReadWriteRegisters_return:
  994. if(!NT_SUCCESS(Status)){
  995. DebugTrace(TRACE_ERROR,("USReadWriteRegisters: ERROR!! Still had unfreed pointer. Free it...\n"));
  997. if(pUrb){
  998. USFreePool(pUrb);
  999. }
  1000. if( (pBuffer)
  1001. && (!fRead ) )
  1002. {
  1003. USFreePool(pBuffer);
  1004. }
  1005. }
  1006. DebugTrace(TRACE_PROC_LEAVE,("USReadWriteRegisters: Leaving.. Status = 0x%x\n", Status));
  1007. return Status;
  1008. }
  1011. NTSTATUS
  1012. USCancelPipe(
  1013. IN PDEVICE_OBJECT pDeviceObject,
  1014. IN PIRP pIrp,
  1015. IN PIPE_TYPE PipeType,
  1016. IN BOOLEAN fAbort // TRUE = Abort, FALSE = Reset
  1017. )
  1018. /*++
  1020. Routine Description:
  1022. Cansel URB or reset pipe. If PipeType is PIPE_ALL, it applies to every pipes a device has.
  1023. If not, it applies to only one default pipe even if a device supports multipul same type of pipes.
  1025. Arguments:
  1026. pDeviceObject - Pointer to Device Object
  1027. pIrp - Can be NULL if PipeType is ALL_PIPE
  1028. PipeType - Specifies type of pipe
  1029. fAbort - Specifies type of operation
  1031. Return Value:
  1033. Returns status
  1034. --*/
  1035. {
  1036. NTSTATUS Status, temp;
  1037. PUSBSCAN_DEVICE_EXTENSION pde;
  1039. PAGED_CODE();
  1041. // DebugTrace(TRACE_PROC_ENTER,("USCancelPipe: Enter.. - "));
  1043. Status = STATUS_SUCCESS;
  1044. pde = (PUSBSCAN_DEVICE_EXTENSION)pDeviceObject -> DeviceExtension;
  1046. switch (PipeType) {
  1048. case EVENT_PIPE:
  1050. DebugTrace(TRACE_STATUS,("USCancelPipe: EVENT_PIPE\n"));
  1052. if(NULL == pIrp){
  1053. DebugTrace(TRACE_ERROR,("USCancelPipe: ERROR!! pIrp not valid\n"));
  1054. break;
  1055. }
  1057. if (-1 == pde -> IndexInterrupt) {
  1058. DebugTrace(TRACE_ERROR,("USCancelPipe: ERROR!! Interrupt pipe not valid\n"));
  1059. DEBUG_BREAKPOINT();
  1060. Status = STATUS_NOT_SUPPORTED;
  1061. break;
  1062. }
  1064. Status = USAbortResetPipe(pDeviceObject,
  1065. USGetPipeIndexToUse(pDeviceObject, pIrp, pde -> IndexInterrupt),
  1066. fAbort);
  1067. DebugTrace(TRACE_STATUS,("Event Pipe aborted/reset, Status = 0x%x\n",Status));
  1068. break;
  1070. case READ_DATA_PIPE:
  1072. DebugTrace(TRACE_STATUS,("USCancelPipe: READ_DATA_PIPE\n"));
  1074. if(NULL == pIrp){
  1075. DebugTrace(TRACE_ERROR,("USCancelPipe: ERROR!! pIrp not valid\n"));
  1076. break;
  1077. }
  1079. if (-1 == pde -> IndexBulkIn) {
  1080. DebugTrace(TRACE_ERROR,("USCancelPipe: ERROR!! bulk-in pipe not valid\n"));
  1081. DEBUG_BREAKPOINT();
  1082. Status = STATUS_NOT_SUPPORTED;
  1083. break;
  1084. }
  1085. Status = USAbortResetPipe(pDeviceObject,
  1086. USGetPipeIndexToUse(pDeviceObject, pIrp, pde -> IndexBulkIn),
  1087. fAbort);
  1088. DebugTrace(TRACE_STATUS,("USCancelPipe: Read Pipe aborted/reset, Status = 0x%x\n",Status));
  1089. break;
  1091. case WRITE_DATA_PIPE:
  1093. DebugTrace(TRACE_STATUS,("USCancelPipe: WRITE_DATA_PIPE\n"));
  1095. if(NULL == pIrp){
  1096. DebugTrace(TRACE_ERROR,("USCancelPipe: ERROR!! pIrp not valid\n"));
  1097. break;
  1098. }
  1100. if (-1 == pde -> IndexBulkOut) {
  1101. DebugTrace(TRACE_ERROR,("USCancelPipe: ERROR!! bulk-out pipe not valid\n"));
  1102. DEBUG_BREAKPOINT();
  1103. Status = STATUS_NOT_SUPPORTED;
  1104. break;
  1105. }
  1106. Status = USAbortResetPipe(pDeviceObject,
  1107. USGetPipeIndexToUse(pDeviceObject, pIrp, pde -> IndexBulkOut),
  1108. fAbort);
  1109. DebugTrace(TRACE_STATUS,("Write Pipe aborted/reset, Status = 0x%x\n",Status));
  1110. break;
  1112. case ALL_PIPE:
  1113. {
  1114. ULONG i;
  1116. DebugTrace(TRACE_STATUS,("USCancelPipe: ALL_PIPE\n"));
  1118. for(i=0; i < pde -> NumberOfPipes; i++){
  1119. temp = USAbortResetPipe(pDeviceObject, i, fAbort);
  1120. // DebugTrace(TRACE_STATUS,("USCancelPipe: pipe[%d] aborted/reset, Status = 0x%x\n", i, temp));
  1121. if(STATUS_SUCCESS != temp){
  1122. Status = temp;
  1123. }
  1124. }
  1125. break;
  1126. }
  1128. default:
  1130. DebugTrace(TRACE_ERROR,("USCancelPipe: ERROR!! INVALID_PIPE\n"));
  1132. Status = STATUS_INVALID_PARAMETER;
  1133. break;
  1134. }
  1136. DebugTrace(TRACE_PROC_LEAVE,("USCancelPipe: Leaving.. Status = 0x%x\n", Status));
  1137. return Status;
  1138. }
  1141. NTSTATUS
  1142. USAbortResetPipe(
  1143. IN PDEVICE_OBJECT pDeviceObject,
  1144. IN ULONG uIndex,
  1145. IN BOOLEAN fAbort // TRUE = Abort, FALSE = Reset
  1146. )
  1147. /*++
  1149. Routine Description:
  1151. Arguments:
  1153. Return Value:
  1155. --*/
  1156. {
  1157. NTSTATUS Status = STATUS_SUCCESS;
  1158. NTSTATUS StatusReset = STATUS_SUCCESS;
  1159. PUSBSCAN_DEVICE_EXTENSION pde;
  1160. PURB pUrb;
  1161. ULONG siz;
  1163. PAGED_CODE();
  1165. DebugTrace(TRACE_PROC_ENTER,("USAbortResetPipe: Enter... \n"));
  1167. pde = (PUSBSCAN_DEVICE_EXTENSION)pDeviceObject -> DeviceExtension;
  1168. pUrb = NULL;
  1170. //
  1171. // Allocate URB
  1172. //
  1174. siz = sizeof(struct _URB_PIPE_REQUEST);
  1175. pUrb = USAllocatePool(NonPagedPool, siz);
  1176. if (NULL == pUrb) {
  1177. DebugTrace(TRACE_ERROR,("USAbortResetPipe: ERROR!! cannot allocated URB\n"));
  1178. DEBUG_BREAKPOINT();
  1179. Status = STATUS_INSUFFICIENT_RESOURCES;
  1180. goto USAbortResetPipe_return;
  1181. }
  1182. RtlZeroMemory(pUrb, siz);
  1184. if (fAbort) {
  1186. DebugTrace(TRACE_STATUS,("USAbortResetPipe: Aborting pipe[%d]\n", uIndex));
  1188. //
  1189. // Issue abort pipe call to USBD.
  1190. //
  1192. UsbBuildAbortPipeRequest(pUrb,
  1193. siz,
  1194. pde -> PipeInfo[uIndex].PipeHandle);
  1196. Status = USBSCAN_CallUSBD(pDeviceObject, pUrb);
  1198. if (STATUS_SUCCESS != Status) {
  1199. DebugTrace(TRACE_ERROR,("USAbortResetPipe: ERROR!! Abort pipe failed. Status = 0x%x\n",Status));
  1200. goto USAbortResetPipe_return;
  1201. }
  1203. UsbBuildResetPipeRequest(pUrb,
  1204. siz,
  1205. pde -> PipeInfo[uIndex].PipeHandle);
  1207. StatusReset = USBSCAN_CallUSBD(pDeviceObject, pUrb);
  1209. if (STATUS_SUCCESS != StatusReset) {
  1210. DebugTrace(TRACE_ERROR,("USAbortResetPipe: ERROR!! resetting pipe. Status = 0x%x\n",StatusReset));
  1211. goto USAbortResetPipe_return;
  1212. }
  1215. } else {
  1217. DebugTrace(TRACE_STATUS,("Reseting pipe[%d]\n", uIndex));
  1219. //
  1220. // Issue reset pipe call to USBD.
  1221. //
  1223. UsbBuildResetPipeRequest(pUrb,
  1224. siz,
  1225. pde -> PipeInfo[uIndex].PipeHandle);
  1227. Status = USBSCAN_CallUSBD(pDeviceObject, pUrb);
  1229. if (STATUS_SUCCESS != Status) {
  1230. DebugTrace(TRACE_ERROR,("USAbortResetPipe: ERROR!! Reset pipe failed. Status = 0x%x\n",Status));
  1231. goto USAbortResetPipe_return;
  1232. }
  1233. }
  1235. USAbortResetPipe_return:
  1236. //
  1237. // Clean up.
  1238. //
  1240. if(pUrb){
  1241. USFreePool(pUrb);
  1242. }
  1244. DebugTrace(TRACE_PROC_LEAVE,("USAbortResetPipe: Leaving.. Status = 0x%x\n", Status));
  1245. return Status;
  1246. }
  1248. NTSTATUS
  1249. USPassThruUSBRequest(
  1250. IN PDEVICE_OBJECT pDeviceObject,
  1251. IN PIO_BLOCK_EX pIoBlockEx,
  1252. IN ULONG InLength,
  1253. IN ULONG OutLength
  1254. )
  1255. /*++
  1257. Routine Description:
  1259. Implements generic pass-thru for vendor request to USBD
  1261. Arguments:
  1263. pDeviceObject - Device object
  1264. pIoBlockEx - Pointer to I/O block as described in USBSCAN.H, passed from user mode client
  1265. InLength - In length from IRP
  1266. OutLength - Out length from IRP
  1268. Return Value:
  1270. NTSTATUS type
  1272. --*/
  1273. {
  1274. NTSTATUS Status;
  1275. PUSBSCAN_DEVICE_EXTENSION pde;
  1276. PURB pUrb;
  1277. ULONG siz;
  1278. PVOID pBuffer;
  1279. BOOLEAN fDirectionIn;
  1281. PAGED_CODE();
  1283. DebugTrace(TRACE_PROC_ENTER,("USPassThruUSBRequest: Enter..\n"));
  1285. //
  1286. // Initialize local variable.
  1287. //
  1289. pde = (PUSBSCAN_DEVICE_EXTENSION)pDeviceObject -> DeviceExtension;
  1291. Status = STATUS_SUCCESS;
  1292. pUrb = NULL;
  1293. pBuffer = NULL;
  1294. fDirectionIn = TRUE;
  1296. //
  1297. // Allocate memory for URB
  1298. //
  1300. siz = sizeof(struct _URB_CONTROL_VENDOR_OR_CLASS_REQUEST);
  1301. pUrb = USAllocatePool(NonPagedPool, siz);
  1302. if (NULL == pUrb) {
  1303. DebugTrace(TRACE_CRITICAL,("USPassThruUSBRequest: ERROR!! cannot allocated URB\n"));
  1304. DEBUG_BREAKPOINT();
  1305. Status = STATUS_INSUFFICIENT_RESOURCES;
  1306. goto USPassThruUSBRequest_return;
  1307. }
  1309. RtlZeroMemory(pUrb, siz);
  1311. //
  1312. // Setup URB
  1313. //
  1315. pBuffer = pIoBlockEx;
  1317. //
  1318. // If we are writing data, then we need to make a copy of the
  1319. // register block into a non-paged block of memory before handing it off
  1320. // to usbd.
  1321. //
  1323. if (!pIoBlockEx->fTransferDirectionIn) {
  1325. DebugTrace(TRACE_STATUS,("USPassThruUSBRequest: Write request, allocating non-paged buffer, len = %d\n",pIoBlockEx->uLength));
  1327. fDirectionIn = FALSE;
  1329. if ( pIoBlockEx->uLength ) {
  1331. pBuffer = USAllocatePool(NonPagedPool, pIoBlockEx->uLength);
  1332. if (NULL == pBuffer) {
  1334. DebugTrace(TRACE_CRITICAL,("USPassThruUSBRequest: ERROR!! cannot allocate write buffer"));
  1335. DEBUG_BREAKPOINT();
  1337. Status = STATUS_INSUFFICIENT_RESOURCES;
  1338. goto USPassThruUSBRequest_return;
  1339. }
  1341. //
  1342. // Caller gives us a pointer, embedded into IOCTL buffer. We need to
  1343. // validate that given pointer is readable.
  1344. //
  1346. try{
  1347. RtlCopyMemory(pBuffer,
  1348. pIoBlockEx->pbyData,
  1349. pIoBlockEx->uLength);
  1351. } except(EXCEPTION_EXECUTE_HANDLER) {
  1353. //
  1354. // Caller buffer is not valid, or worse..
  1355. //
  1357. DebugTrace(TRACE_ERROR,("USPassThruUSBRequest: ERROR!! Copying caller buffer failed.\n"));
  1358. DEBUG_BREAKPOINT();
  1359. Status = GetExceptionCode();
  1361. goto USPassThruUSBRequest_return;
  1362. }
  1365. } else {
  1367. //
  1368. // Zero length buffer used for Write , IHV claim that's useful.
  1369. //
  1371. pBuffer = NULL;
  1372. } // if ( pIoBlockEx->uLength )
  1373. }
  1375. UsbBuildVendorClassSpecificCommand(pUrb,
  1376. pIoBlockEx->fTransferDirectionIn ? USBD_TRANSFER_DIRECTION_IN : 0,
  1377. pIoBlockEx->uLength,
  1378. pBuffer,
  1379. NULL,
  1380. pIoBlockEx->bmRequestType,
  1381. pIoBlockEx->bRequest,
  1382. (SHORT)pIoBlockEx->uOffset,
  1383. (USHORT)pIoBlockEx -> uIndex
  1384. );
  1386. Status = USBSCAN_CallUSBD(pDeviceObject, pUrb);
  1388. USPassThruUSBRequest_return:
  1390. //
  1391. // Clean up.
  1392. //
  1394. if(NULL != pUrb){
  1395. DebugTrace(TRACE_STATUS,("USPassThruUSBRequest: Free USB Request Block.\n"));
  1396. USFreePool(pUrb);
  1397. }
  1399. if( (!fDirectionIn)
  1400. && (NULL != pBuffer) )
  1401. {
  1402. DebugTrace(TRACE_STATUS,("USPassThruUSBRequest: Free temp buffer.\n"));
  1403. USFreePool(pBuffer);
  1404. }
  1406. DebugTrace(TRACE_PROC_LEAVE,("USPassThruUSBRequest: Leaving.. Status = 0x%x\n", Status));
  1407. return Status;
  1409. }
  1411. NTSTATUS
  1412. USPassThruUSBRequestPTP(
  1413. IN PDEVICE_OBJECT pDeviceObject,
  1414. IN PIO_BLOCK_EX pIoBlockEx,
  1415. IN ULONG InLength,
  1416. IN ULONG OutLength
  1417. )
  1418. /*++
  1420. Routine Description:
  1422. Implements generic pass-thru for vendor request to USBD
  1424. Arguments:
  1426. pDeviceObject - Device object
  1427. pIoBlockEx - Pointer to I/O block as described in USBSCAN.H, passed from user mode client
  1428. InLength - In length from IRP
  1429. OutLength - Out length from IRP
  1431. Return Value:
  1433. NTSTATUS type
  1435. --*/
  1436. {
  1437. NTSTATUS Status;
  1438. PUSBSCAN_DEVICE_EXTENSION pde;
  1439. PURB pUrb;
  1440. ULONG siz;
  1441. PVOID pBuffer;
  1442. BOOLEAN fDirectionIn;
  1443. USHORT usUsbFunction;
  1445. PAGED_CODE();
  1447. DebugTrace(TRACE_PROC_ENTER,("USPassThruUSBRequest: Enter..\n"));
  1449. //
  1450. // Initialize local variable.
  1451. //
  1453. pde = (PUSBSCAN_DEVICE_EXTENSION)pDeviceObject -> DeviceExtension;
  1455. Status = STATUS_SUCCESS;
  1456. pUrb = NULL;
  1457. pBuffer = NULL;
  1458. fDirectionIn = TRUE;
  1459. usUsbFunction = 0;
  1461. //
  1462. // Allocate memory for URB
  1463. //
  1465. siz = sizeof(struct _URB_CONTROL_VENDOR_OR_CLASS_REQUEST);
  1466. pUrb = USAllocatePool(NonPagedPool, siz);
  1467. if (NULL == pUrb) {
  1468. DebugTrace(TRACE_CRITICAL,("USPassThruUSBRequest: ERROR!! cannot allocated URB\n"));
  1469. DEBUG_BREAKPOINT();
  1470. Status = STATUS_INSUFFICIENT_RESOURCES;
  1471. goto USPassThruUSBRequest_return;
  1472. }
  1474. RtlZeroMemory(pUrb, siz);
  1476. //
  1477. // Setup URB
  1478. //
  1480. pBuffer = pIoBlockEx;
  1482. //
  1483. // If we are writing data, then we need to make a copy of the
  1484. // register block into a non-paged block of memory before handing it off
  1485. // to usbd.
  1486. //
  1488. if (!pIoBlockEx->fTransferDirectionIn) {
  1490. DebugTrace(TRACE_STATUS,("USPassThruUSBRequest: Write request, allocating non-paged buffer, len = %d\n",pIoBlockEx->uLength));
  1492. fDirectionIn = FALSE;
  1494. if ( pIoBlockEx->uLength ) {
  1496. pBuffer = USAllocatePool(NonPagedPool, pIoBlockEx->uLength);
  1497. if (NULL == pBuffer) {
  1499. DebugTrace(TRACE_CRITICAL,("USPassThruUSBRequest: ERROR!! cannot allocate write buffer"));
  1500. DEBUG_BREAKPOINT();
  1502. Status = STATUS_INSUFFICIENT_RESOURCES;
  1503. goto USPassThruUSBRequest_return;
  1504. }
  1506. //
  1507. // Caller gives us a pointer, embedded into IOCTL buffer. We need to
  1508. // validate that given pointer is readable.
  1509. //
  1511. try{
  1512. RtlCopyMemory(pBuffer,
  1513. pIoBlockEx->pbyData,
  1514. pIoBlockEx->uLength);
  1516. } except(EXCEPTION_EXECUTE_HANDLER) {
  1518. //
  1519. // Caller buffer is not valid, or worse..
  1520. //
  1522. DebugTrace(TRACE_ERROR,("USPassThruUSBRequest: ERROR!! Copying caller buffer failed.\n"));
  1523. DEBUG_BREAKPOINT();
  1524. Status = GetExceptionCode();
  1526. goto USPassThruUSBRequest_return;
  1527. }
  1530. } else {
  1532. //
  1533. // Zero length buffer used for Write , IHV claim that's useful.
  1534. //
  1536. pBuffer = NULL;
  1537. } // if ( pIoBlockEx->uLength )
  1538. }
  1540. //
  1541. // Set proper USB funtion depends on bmRequestType.
  1542. //
  1544. if(0xa1 == pIoBlockEx->bmRequestType){ // USB_PTPREQUEST_TYPE_IN: Class/Interface Device to Host.
  1545. usUsbFunction = URB_FUNCTION_CLASS_INTERFACE;
  1546. } else if(0x21 == pIoBlockEx->bmRequestType){ // USB_PTPREQUEST_TYPE_OUT: Class/Interface Host to Device.
  1547. usUsbFunction = URB_FUNCTION_CLASS_INTERFACE;
  1548. } else { // Default.
  1549. usUsbFunction = URB_FUNCTION_VENDOR_DEVICE;
  1550. }
  1552. UsbBuildVendorClassSpecificCommandPTP(usUsbFunction,
  1553. pUrb,
  1554. pIoBlockEx->fTransferDirectionIn ? USBD_TRANSFER_DIRECTION_IN : 0,
  1555. pIoBlockEx->uLength,
  1556. pBuffer,
  1557. NULL,
  1558. pIoBlockEx->bmRequestType,
  1559. pIoBlockEx->bRequest,
  1560. (SHORT)pIoBlockEx->uOffset,
  1561. (USHORT)pIoBlockEx -> uIndex);
  1563. Status = USBSCAN_CallUSBD(pDeviceObject, pUrb);
  1565. USPassThruUSBRequest_return:
  1567. //
  1568. // Clean up.
  1569. //
  1571. if(NULL != pUrb){
  1572. DebugTrace(TRACE_STATUS,("USPassThruUSBRequest: Free USB Request Block.\n"));
  1573. USFreePool(pUrb);
  1574. }
  1576. if( (!fDirectionIn)
  1577. && (NULL != pBuffer) )
  1578. {
  1579. DebugTrace(TRACE_STATUS,("USPassThruUSBRequest: Free temp buffer.\n"));
  1580. USFreePool(pBuffer);
  1581. }
  1583. DebugTrace(TRACE_PROC_LEAVE,("USPassThruUSBRequest: Leaving.. Status = 0x%x\n", Status));
  1584. return Status;
  1586. } // USPassThruUSBRequestPTP()