archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/ntos/ex/exhotp.c

328 lines
9.2 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*
  3. Copyright (c) 2001 Microsoft Corporation
  5. File name:
  7. hotpatch.c
  9. Author:
  11. Adrian Marinescu (adrmarin) Nov 20 2001
  13. Environment:
  15. Kernel mode only.
  17. Revision History:
  19. */
  21. #include "exp.h"
  22. #pragma hdrstop
  24. NTSTATUS
  25. ExpSyncRenameFiles(
  26. IN HANDLE FileHandle1,
  27. OUT PIO_STATUS_BLOCK IoStatusBlock1,
  28. IN PFILE_RENAME_INFORMATION RenameInformation1,
  29. IN ULONG RenameInformationLength1,
  30. IN HANDLE FileHandle2,
  31. OUT PIO_STATUS_BLOCK IoStatusBlock2,
  32. IN PFILE_RENAME_INFORMATION RenameInformation2,
  33. IN ULONG RenameInformationLength2
  34. );
  37. #ifdef ALLOC_PRAGMA
  39. #pragma alloc_text(PAGE,ExApplyCodePatch)
  40. #pragma alloc_text(PAGE,ExpSyncRenameFiles)
  42. #endif
  44. #define EXP_MAX_HOTPATCH_INFO_SIZE PAGE_SIZE
  46. //
  47. // Privileged flags define the operations where we require privilege check
  48. //
  50. #define FLG_HOTPATCH_PRIVILEGED_FLAGS (FLG_HOTPATCH_KERNEL | FLG_HOTPATCH_RELOAD_NTDLL | FLG_HOTPATCH_RENAME_INFO | FLG_HOTPATCH_MAP_ATOMIC_SWAP)
  52. //
  53. // Exclusive flags define the flags that cannot be used in combinations with other flags
  54. //
  56. #define FLG_HOTPATCH_EXCLUSIVE_FLAGS (FLG_HOTPATCH_RELOAD_NTDLL | FLG_HOTPATCH_RENAME_INFO | FLG_HOTPATCH_MAP_ATOMIC_SWAP)
  58. volatile LONG ExHotpSyncRenameSequence = 0;
  61. NTSTATUS
  62. ExpSyncRenameFiles(
  63. IN HANDLE FileHandle1,
  64. OUT PIO_STATUS_BLOCK IoStatusBlock1,
  65. IN PFILE_RENAME_INFORMATION RenameInformation1,
  66. IN ULONG RenameInformationLength1,
  67. IN HANDLE FileHandle2,
  68. OUT PIO_STATUS_BLOCK IoStatusBlock2,
  69. IN PFILE_RENAME_INFORMATION RenameInformation2,
  70. IN ULONG RenameInformationLength2
  71. )
  73. /*++
  75. Routine Description:
  77. This service changes the provided information about a specified file. The
  78. information that is changed is determined by the FileInformationClass that
  79. is specified. The new information is taken from the FileInformation buffer.
  81. Arguments:
  83. FileHandle1 - Supplies a first handle to the file to be renamed.
  85. IoStatusBlock1 - Address of the caller's I/O status block.
  87. FileInformation1 - Supplies the new name for the first file.
  89. RenameInformationLength1 - Supplies the lengtd of the rename information buffer
  91. FileHandle2 - Supplies a second handle to the file to be renamed.
  93. IoStatusBlock2 - Address of the second caller's I/O status block.
  95. FileInformation2 - Supplies the new name for the second file.
  97. RenameInformationLength2 - Supplies the lengtd of the rename information buffer
  99. Return Value:
  101. The status returned is the final completion status of the operation.
  103. --*/
  105. {
  106. NTSTATUS Status;
  107. LONG CapturedSeqNumber;
  109. PAGED_CODE();
  111. CapturedSeqNumber = ExHotpSyncRenameSequence;
  113. if ((CapturedSeqNumber & 1)
  114. ||
  115. InterlockedCompareExchange(&ExHotpSyncRenameSequence, CapturedSeqNumber + 1, CapturedSeqNumber) != CapturedSeqNumber) {
  117. return STATUS_UNSUCCESSFUL;
  118. }
  120. Status = NtSetInformationFile( FileHandle1,
  121. IoStatusBlock1,
  122. RenameInformation1,
  123. RenameInformationLength1,
  124. FileRenameInformation);
  126. if ( NT_SUCCESS(Status) ) {
  128. Status = NtSetInformationFile( FileHandle2,
  129. IoStatusBlock2,
  130. RenameInformation2,
  131. RenameInformationLength2,
  132. FileRenameInformation);
  133. }
  135. InterlockedIncrement(&ExHotpSyncRenameSequence);
  137. return Status;
  138. }
  141. NTSTATUS
  142. ExApplyCodePatch (
  143. IN PVOID PatchInfoPtr,
  144. IN SIZE_T PatchSize
  145. )
  147. /*++
  149. Routine Description:
  151. This routine is handling the common tasks to both user-mode
  152. and kernel-mode patching
  154. Arguments:
  156. PatchInfoPtr - Pointer to PSYSTEM_HOTPATCH_CODE_INFORMATION structure
  157. describing the patch. The pointer is user-mode.
  159. PatchSize - the size of the PatchInfoPtr buffer passed in
  161. Return Value:
  163. NTSTATUS.
  165. --*/
  167. {
  168. PSYSTEM_HOTPATCH_CODE_INFORMATION PatchInfo;
  169. NTSTATUS Status = STATUS_SUCCESS;
  170. KPROCESSOR_MODE PreviousMode;
  172. //
  173. // Allocate a temporary non-paged buffer to capture the used information
  174. // Restrict the size of the data to be patched to EXP_MAX_HOTPATCH_INFO_SIZE
  175. // The buffer must be non-paged because the information is accessed at DPC of higher level
  176. //
  178. if ( (PatchSize > (sizeof(SYSTEM_HOTPATCH_CODE_INFORMATION) + EXP_MAX_HOTPATCH_INFO_SIZE))
  179. ||
  180. (PatchSize < sizeof(SYSTEM_HOTPATCH_CODE_INFORMATION)) ) {
  182. return STATUS_INVALID_PARAMETER;
  183. }
  185. PatchInfo = ExAllocatePoolWithQuotaTag (NonPagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,
  186. PatchSize,
  187. 'PtoH');
  189. if (PatchInfo == NULL) {
  191. return STATUS_INSUFFICIENT_RESOURCES;
  192. }
  194. PreviousMode = KeGetPreviousMode ();
  196. try {
  198. //
  199. // Get previous processor mode and probe output argument if necessary.
  200. //
  202. if (PreviousMode != KernelMode) {
  204. ProbeForRead (PatchInfoPtr, PatchSize, sizeof(ULONG_PTR));
  205. }
  207. RtlCopyMemory (PatchInfo, PatchInfoPtr, PatchSize);
  209. } except (EXCEPTION_EXECUTE_HANDLER) {
  211. Status = GetExceptionCode ();
  212. }
  214. if (!NT_SUCCESS(Status)) {
  216. ExFreePool (PatchInfo);
  218. return Status;
  219. }
  221. if (PatchInfo->Flags & FLG_HOTPATCH_PRIVILEGED_FLAGS) {
  223. if (!SeSinglePrivilegeCheck (SeDebugPrivilege, PreviousMode)
  224. ||
  225. !SeSinglePrivilegeCheck (SeLoadDriverPrivilege, PreviousMode)) {
  227. ExFreePool (PatchInfo);
  229. return STATUS_ACCESS_DENIED;
  230. }
  231. }
  233. if (PatchInfo->Flags & FLG_HOTPATCH_EXCLUSIVE_FLAGS) {
  235. //
  236. // Special hotpatch operation
  237. //
  239. if (PatchInfo->Flags & FLG_HOTPATCH_RELOAD_NTDLL) {
  241. Status = PsLocateSystemDll( TRUE );
  243. } else if (PatchInfo->Flags & FLG_HOTPATCH_RENAME_INFO) {
  245. //
  246. // The io routine is expected to perform the parameter check
  247. //
  249. Status = ExpSyncRenameFiles( PatchInfo->RenameInfo.FileHandle1,
  250. PatchInfo->RenameInfo.IoStatusBlock1,
  251. PatchInfo->RenameInfo.RenameInformation1,
  252. PatchInfo->RenameInfo.RenameInformationLength1,
  253. PatchInfo->RenameInfo.FileHandle2,
  254. PatchInfo->RenameInfo.IoStatusBlock2,
  255. PatchInfo->RenameInfo.RenameInformation2,
  256. PatchInfo->RenameInfo.RenameInformationLength2);
  258. } else if (PatchInfo->Flags & FLG_HOTPATCH_MAP_ATOMIC_SWAP) {
  260. Status = ObSwapObjectNames( PatchInfo->AtomicSwap.ParentDirectory,
  261. PatchInfo->AtomicSwap.ObjectHandle1,
  262. PatchInfo->AtomicSwap.ObjectHandle2,
  263. 0);
  264. }
  266. } else {
  268. //
  269. // Regular patch operation which can be in either kernel mode or user mode
  270. //
  272. if (PatchInfo->Flags & FLG_HOTPATCH_KERNEL) {
  274. //
  275. // Kernel-mode patch
  276. //
  278. if ( (PatchInfo->InfoSize != PatchSize)
  279. ||
  280. !(PatchInfo->Flags & FLG_HOTPATCH_NAME_INFO)
  281. ||
  282. (PatchInfo->KernelInfo.NameOffset >= PatchSize)
  283. ||
  284. (PatchInfo->KernelInfo.NameLength >= PatchSize)
  285. ||
  286. ((ULONG)(PatchInfo->KernelInfo.NameOffset + PatchInfo->KernelInfo.NameLength) > PatchSize)) {
  288. Status = STATUS_INVALID_PARAMETER;
  290. } else {
  292. Status = MmHotPatchRoutine (PatchInfo);
  293. }
  295. } else {
  297. //
  298. // User-mode patch
  299. //
  300. // No privilege check is required for the user mode patching
  301. // as it can only be done to the current process
  302. //
  304. //
  305. // Lock the user buffer. This function also performs the
  306. // validation of the patch address to be USER
  307. //
  309. if ((PatchSize < sizeof(SYSTEM_HOTPATCH_CODE_INFORMATION))
  310. ||
  311. (PatchInfo->InfoSize != PatchSize)
  312. ||
  313. ((PatchInfo->CodeInfo.DescriptorsCount - 1) >
  314. (PatchSize - sizeof(SYSTEM_HOTPATCH_CODE_INFORMATION))/sizeof(HOTPATCH_HOOK_DESCRIPTOR))) {
  316. ExFreePool (PatchInfo);
  318. return STATUS_INVALID_PARAMETER;
  319. }
  321. Status = MmLockAndCopyMemory(PatchInfo, PreviousMode);
  322. }
  323. }
  325. ExFreePool (PatchInfo);
  327. return Status;
  328. }