archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/ntos/rtl/rtlmmapio.c

874 lines
27 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) Microsoft Corporation
  5. Module Name:
  7. rtlmmapio.c
  9. Abstract:
  11. Functions to aid in
  12. rigorously safe
  13. reasonably efficient
  14. reasonably easy to code
  15. memory mapped i/o that captures with "tight" __try/__excepts to
  16. catch status_in_page_errors, and captures only as much as is needed,
  17. like only individual struct fields, to keep stack usage low.
  19. Author:
  21. Jay Krell (JayKrell) January 2002
  23. Revision History:
  25. Environment:
  27. Pretty much anywhere memory mapped i/o is available.
  28. Initial client is win32k.sys font loading "rewrite".
  30. --*/
  32. #pragma warning(disable:4214) /* bit field types other than int */
  33. #pragma warning(disable:4201) /* nameless struct/union */
  34. #pragma warning(disable:4115) /* named type definition in parentheses */
  35. #pragma warning(disable:4127) /* condition expression is constant */
  37. #include "nt.h"
  38. #include "ntrtl.h"
  39. #include "nturtl.h"
  40. #include "ntrtlmmapio.h"
  41. #include "ntrtloverflow.h"
  42. #if defined(__cplusplus)
  43. extern "C" {
  44. #endif
  46. #define NOT_YET_USED 1
  48. #define RTLP_STRINGIZE_(x) #x
  49. #define RTLP_STRINGIZE(x) RTLP_STRINGIZE_(x)
  50. #define RTLP_LINE_AS_STRING() RTLP_STRINGIZE(__LINE__)
  51. #define RTLP_PREPEND_LINE_SPACE_TO_STRING(x) RTLP_LINE_AS_STRING() " " x
  53. #define RTLP_COPY_MAPPED_MEMORY_EX_FLAG_CATCH_INPAGE_ERRORS_IN_FROM_RANGE (0x00000001)
  54. #define RTLP_COPY_MAPPED_MEMORY_EX_FLAG_CATCH_INPAGE_ERRORS_IN_TO_RANGE (0x00000002)
  56. NTSTATUS
  57. RtlpAddWithOverflowCheckUlongPtr(
  58. ULONG_PTR *pc,
  59. ULONG_PTR a,
  60. ULONG_PTR b
  61. )
  62. {
  63. return RtlAddWithCarryOutUlongPtr(pc, a, b) ? STATUS_INTEGER_OVERFLOW : STATUS_SUCCESS;
  64. }
  66. NTSTATUS
  67. RtlpAddWithOverflowCheckSizet(
  68. SIZE_T *pc,
  69. SIZE_T a,
  70. SIZE_T b
  71. )
  72. {
  73. return RtlAddWithCarryOutSizet(pc, a, b) ? STATUS_INTEGER_OVERFLOW : STATUS_SUCCESS;
  74. }
  76. LONG
  77. RtlpCopyMappedMemoryEx_ExceptionFilter(
  78. ULONG Flags,
  79. PVOID ToAddress,
  80. PCVOID FromAddress,
  81. SIZE_T Size,
  82. OUT PSIZE_T BytesCopiedOut OPTIONAL,
  83. OUT PEXCEPTION_RECORD ExceptionRecordOut OPTIONAL,
  84. IN PEXCEPTION_POINTERS ExceptionPointers,
  85. OUT PNTSTATUS StatusOut OPTIONAL
  86. )
  87. /*++
  89. Routine Description:
  91. This routine serves as an exception filter and has the special job of
  92. extracting the "real" I/O error when Mm raises STATUS_IN_PAGE_ERROR
  93. beneath us. This is based on CcCopyReadExceptionFilter / MiGetExceptionInfo / RtlUnhandledExceptionFilter
  95. Arguments:
  97. ExceptionPointers - A pointer to the context and
  98. the exception record that contains the real Io Status.
  100. ExceptionCode - A pointer to an NTSTATUS that is to receive the real
  101. status.
  103. Return Value:
  105. EXCEPTION_EXECUTE_HANDLER for inpage errors in the "expected" range
  106. otherwise EXCEPTION_CONTINUE_SEARCH
  108. --*/
  109. {
  110. const PEXCEPTION_RECORD ExceptionRecord = ExceptionPointers->ExceptionRecord;
  111. NTSTATUS ExceptionCode = ExceptionRecord->ExceptionCode;
  112. LONG Disposition = EXCEPTION_CONTINUE_SEARCH;
  113. SIZE_T BytesCopied = 0;
  115. if (ExceptionCode == STATUS_IN_PAGE_ERROR) {
  117. const ULONG NumberParameters = ExceptionRecord->NumberParameters;
  119. if (RTL_IN_PAGE_ERROR_EXCEPTION_INFO_FAULTING_VA_INDEX < NumberParameters) {
  121. const ULONG_PTR ExceptionAddress = ExceptionRecord->ExceptionInformation[RTL_IN_PAGE_ERROR_EXCEPTION_INFO_FAULTING_VA_INDEX];
  123. if ((Flags & RTLP_COPY_MAPPED_MEMORY_EX_FLAG_CATCH_INPAGE_ERRORS_IN_FROM_RANGE) != 0
  124. && ExceptionAddress >= ((ULONG_PTR)FromAddress)
  125. && ExceptionAddress < (((ULONG_PTR)FromAddress) + Size)) {
  127. Disposition = EXCEPTION_EXECUTE_HANDLER;
  128. BytesCopied = (SIZE_T)(ExceptionAddress - (ULONG_PTR)FromAddress);
  130. } else if ((Flags & RTLP_COPY_MAPPED_MEMORY_EX_FLAG_CATCH_INPAGE_ERRORS_IN_TO_RANGE) != 0
  131. && ExceptionAddress >= ((ULONG_PTR)ToAddress)
  132. && ExceptionAddress < (((ULONG_PTR)ToAddress) + Size)) {
  134. Disposition = EXCEPTION_EXECUTE_HANDLER;
  135. BytesCopied = (SIZE_T)(ExceptionAddress - (ULONG_PTR)ToAddress);
  137. }
  138. } else {
  139. //
  140. // We don't have the information to do the range check. What to do?
  141. // We return continue_search.
  142. //
  143. // Comments in code indicate this can happen, that the iomgr reraises
  144. // inpage errors without the additional parameters.
  145. //
  146. }
  147. if (RTL_IN_PAGE_ERROR_EXCEPTION_INFO_UNDERLYING_STATUS_INDEX < NumberParameters) {
  148. ExceptionCode = (NTSTATUS) ExceptionRecord->ExceptionInformation[RTL_IN_PAGE_ERROR_EXCEPTION_INFO_UNDERLYING_STATUS_INDEX];
  149. }
  150. }
  151. if (ARGUMENT_PRESENT(ExceptionRecordOut)) {
  152. *ExceptionRecordOut = *ExceptionRecord;
  153. }
  154. if (ARGUMENT_PRESENT(StatusOut)) {
  155. *StatusOut = ExceptionCode;
  156. }
  157. if (ARGUMENT_PRESENT(BytesCopiedOut)) {
  158. *BytesCopiedOut = BytesCopied;
  159. }
  160. return Disposition;
  161. }
  163. NTSTATUS
  164. NTAPI
  165. RtlpCopyMappedMemoryEx(
  166. ULONG Flags,
  167. PVOID ToAddress,
  168. PCVOID FromAddress,
  169. SIZE_T Size,
  170. PSIZE_T BytesCopied OPTIONAL,
  171. PEXCEPTION_RECORD ExceptionRecordOut OPTIONAL
  172. )
  173. {
  174. NTSTATUS Status;
  176. if (ARGUMENT_PRESENT(BytesCopied)) {
  177. *BytesCopied = 0;
  178. }
  179. __try {
  180. RtlCopyMemory(ToAddress, FromAddress, Size);
  181. if (ARGUMENT_PRESENT(BytesCopied)) {
  182. *BytesCopied = Size;
  183. }
  184. Status = STATUS_SUCCESS;
  185. } __except(
  186. RtlpCopyMappedMemoryEx_ExceptionFilter(
  187. Flags,
  188. ToAddress,
  189. FromAddress,
  190. Size,
  191. BytesCopied,
  192. ExceptionRecordOut,
  193. GetExceptionInformation(),
  194. &Status)) {
  195. }
  196. return Status;
  197. }
  199. NTSTATUS
  200. NTAPI
  201. RtlCopyMappedMemory(
  202. PVOID ToAddress,
  203. PCVOID FromAddress,
  204. SIZE_T Size
  205. )
  206. {
  207. return
  208. RtlpCopyMappedMemoryEx(
  209. RTLP_COPY_MAPPED_MEMORY_EX_FLAG_CATCH_INPAGE_ERRORS_IN_FROM_RANGE
  210. | RTLP_COPY_MAPPED_MEMORY_EX_FLAG_CATCH_INPAGE_ERRORS_IN_TO_RANGE,
  211. ToAddress,
  212. FromAddress,
  213. Size,
  214. NULL, // BytesCopied OPTIONAL,
  215. NULL // ExceptionRecordOut OPTIONAL
  216. );
  217. }
  219. #if NOT_YET_USED
  221. NTSTATUS
  222. NTAPI
  223. RtlCopyMemoryFromMappedView(
  224. PCVOID ViewBase,
  225. SIZE_T ViewSize,
  226. PVOID ToAddress,
  227. PCVOID FromAddress,
  228. SIZE_T Size,
  229. PSIZE_T BytesCopied OPTIONAL,
  230. PEXCEPTION_RECORD ExceptionRecordOut OPTIONAL
  231. )
  232. /*++
  234. Routine Description:
  237. Arguments:
  239. ViewBase - the base of a memory mapped view
  241. ViewSize - the size of the memory mapped view mapped at ViewBase
  243. ToAddress - where to copy memory to, like the first parameter to RtlCopyMemory
  244. This assumed to point to memory for which inpage errors are "not possible"
  245. like backed by the pagefile or nonpaged pool
  246. If copying to mapped files or from and to mapped files, see RtlpCopyMappedMemoryEx.
  248. FromAddress - where to copy memory from, like the second parameter to RtlCopyMemory
  249. this must be within [ViewBase, ViewBase + ViewSize)
  251. Size - the number of bytes to copy, like the third parameter to RtlCopyMemory
  253. BytesCopied - optional out parameter that tells the number of bytes
  254. successfully copied; in this case of partial success, this
  255. is computed based in information in GetExceptionInformation
  257. ExceptionRecordOut - optional out parameter so the caller can pick apart
  258. the full details an exception, like to get the error
  259. underlying a status_inpage_error in the exception handler
  261. Return Value:
  263. STATUS_SUCCESS - everything is groovy
  264. STATUS_ACCESS_VIOLATION - the memory is not within the mapped view
  265. STATUS_IN_PAGE_ERROR - the memory could not be paged in
  266. the details as to why can be found via ExceptionRecordOut
  267. see RTL_IN_PAGE_ERROR_EXCEPTION_INFO_UNDERLYING_STATUS_INDEX
  268. STATUS_INVALID_PARAMETER
  270. --*/
  271. {
  272. NTSTATUS Status;
  274. if (ARGUMENT_PRESENT(BytesCopied)) {
  275. *BytesCopied = 0;
  276. }
  278. Status = RtlMappedViewRangeCheck(ViewBase, ViewSize, FromAddress, Size);
  279. if (!NT_SUCCESS(Status)) {
  280. //
  281. // Note that ExceptionRecordOut is not filled in in this case.
  282. //
  283. goto Exit;
  284. }
  286. Status =
  287. RtlpCopyMappedMemoryEx(
  288. RTLP_COPY_MAPPED_MEMORY_EX_FLAG_CATCH_INPAGE_ERRORS_IN_FROM_RANGE,
  289. ToAddress,
  290. FromAddress,
  291. Size,
  292. BytesCopied,
  293. ExceptionRecordOut
  294. );
  295. if (!NT_SUCCESS(Status)) {
  296. goto Exit;
  297. }
  298. Status = STATUS_SUCCESS;
  299. Exit:
  300. return Status;
  301. }
  303. #endif
  305. #if NOT_YET_USED
  307. NTSTATUS
  308. NTAPI
  309. RtlMemoryMappedIoCapturePartialStruct(
  310. PCVOID ViewBase,
  311. SIZE_T ViewSize,
  312. PCMEMORY_MAPPED_IO_CAPTURE_PARTIAL_STRUCT_DESCRIPTOR Descriptor,
  313. PCVOID VoidStructInViewBase,
  314. PVOID VoidSafeBuffer,
  315. SIZE_T SafeBufferSize
  316. )
  317. {
  318. NTSTATUS Status;
  319. PCMEMORY_MAPPED_IO_CAPTURE_PARTIAL_STRUCT_MEMBER_DESCRIPTOR Member;
  320. PCMEMORY_MAPPED_IO_CAPTURE_PARTIAL_STRUCT_MEMBER_DESCRIPTOR MemberEnd;
  321. PCBYTE StructInViewBase;
  322. PBYTE SafeBuffer;
  323. ULONG_PTR SafeBufferEnd;
  324. SIZE_T EntireStructFileSize;
  326. StructInViewBase = (PCBYTE)VoidStructInViewBase;
  327. SafeBuffer = (PBYTE)VoidSafeBuffer;
  328. Status = STATUS_INTERNAL_ERROR;
  329. Member = (PCMEMORY_MAPPED_IO_CAPTURE_PARTIAL_STRUCT_MEMBER_DESCRIPTOR)~(ULONG_PTR)0;
  330. MemberEnd = (PCMEMORY_MAPPED_IO_CAPTURE_PARTIAL_STRUCT_MEMBER_DESCRIPTOR)~(ULONG_PTR)0;
  332. if (!RTL_SOFT_VERIFY(
  333. ViewBase != NULL
  334. && ViewSize != 0
  335. && Descriptor != NULL
  336. && StructInViewBase != NULL
  337. && SafeBuffer != NULL
  338. && SafeBufferSize != 0
  339. && SafeBufferSize == Descriptor->PartialStructMemorySize
  340. )) {
  341. Status = STATUS_INVALID_PARAMETER;
  342. goto Exit;
  343. }
  345. if (!RTL_SOFT_VERIFY(NT_SUCCESS(Status =
  346. RtlpAddWithOverflowCheckUlongPtr(
  347. &SafeBufferEnd,
  348. (ULONG_PTR)SafeBuffer,
  349. SafeBufferSize
  350. )))) {
  351. goto Exit;
  352. }
  354. if (!RTL_SOFT_VERIFY(NT_SUCCESS(Status =
  355. RtlMappedViewRangeCheck(
  356. ViewBase,
  357. ViewSize,
  358. StructInViewBase,
  359. (EntireStructFileSize = Descriptor->EntireStructFileSize)
  360. )))) {
  361. goto Exit;
  362. }
  363. Member = Descriptor->MemberDescriptors;
  364. MemberEnd = Member + Descriptor->NumberOfMembers;
  365. __try {
  366. for ( ; Member != MemberEnd; ++Member ) {
  367. RtlCopyMemory(
  368. SafeBuffer + Member->MemberOffsetInMemory,
  369. StructInViewBase + Member->MemberOffsetInFile,
  370. Member->MemberSize
  371. );
  372. }
  373. Status = STATUS_SUCCESS;
  374. }
  375. __except(
  376. //
  377. // Note that we describe the entire frombuffer here.
  378. // We do not describe the tobuffer, and we don't describe just one field.
  379. // It is an optimization to not describe individual fields.
  380. // We cannot describe the tobuffer accurately because its size is different (smaller)
  381. // than the frombuffer.
  382. //
  383. RtlpCopyMappedMemoryEx_ExceptionFilter(
  384. RTLP_COPY_MAPPED_MEMORY_EX_FLAG_CATCH_INPAGE_ERRORS_IN_FROM_RANGE,
  385. NULL, // "to" isn't checked, and the tosize and fromsize are different
  386. VoidStructInViewBase,
  387. EntireStructFileSize,
  388. NULL, // BytesCopied
  389. NULL, // ExceptionRecordOut
  390. GetExceptionInformation(),
  391. &Status
  392. )) {
  393. }
  394. Exit:
  395. return Status;
  396. }
  398. #endif
  400. #if NOT_YET_USED
  402. NTSTATUS
  403. NTAPI
  404. RtlValidateMemoryMappedIoCapturePartialStructDescriptor(
  405. PCMEMORY_MAPPED_IO_CAPTURE_PARTIAL_STRUCT_DESCRIPTOR Struct,
  406. OUT PULONG Disposition,
  407. OUT PULONG_PTR Detail OPTIONAL,
  408. OUT PULONG_PTR Detail2 OPTIONAL
  409. )
  410. {
  411. NTSTATUS Status;
  412. NTSTATUS Status2;
  413. PCMEMORY_MAPPED_IO_CAPTURE_PARTIAL_STRUCT_MEMBER_DESCRIPTOR Member;
  414. PCMEMORY_MAPPED_IO_CAPTURE_PARTIAL_STRUCT_MEMBER_DESCRIPTOR MemberEnd;
  415. PCSTR LocalDetail;
  416. ULONG_PTR LocalDetail2;
  417. ULONG LocalDisposition;
  418. BOOLEAN SetDetail2;
  419. SIZE_T OffsetEnd;
  421. SetDetail2 = FALSE;
  422. LocalDetail = NULL;
  423. LocalDetail2 = 0;
  424. Status = STATUS_INTERNAL_ERROR;
  425. Status2 = STATUS_INTERNAL_ERROR;
  426. Member = NULL;
  427. MemberEnd = NULL;
  428. LocalDisposition = RTL_VALIDATE_MEMORY_MAPPED_IO_CAPTURE_PARTIAL_STRUCT_DESCRIPTOR_DISPOSITION_BAD;
  429. OffsetEnd = 0;
  431. if (ARGUMENT_PRESENT(Detail)) {
  432. *Detail = 0;
  433. }
  434. if (ARGUMENT_PRESENT(Detail2)) {
  435. *Detail2 = 0;
  436. }
  437. if (Disposition != NULL) {
  438. *Disposition = LocalDisposition;
  439. }
  441. Status = STATUS_INVALID_PARAMETER;
  442. if (!RTL_SOFT_VERIFY(Struct != NULL)) {
  443. goto Exit;
  444. }
  445. if (!RTL_SOFT_VERIFY(Disposition != NULL)) {
  446. goto Exit;
  447. }
  448. Status = STATUS_SUCCESS;
  449. if (!RTL_SOFT_VERIFY(Struct->PartialStructMemorySize <= Struct->EntireStructFileSize)) {
  450. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("memory > file");
  451. goto Exit;
  452. }
  453. //
  454. // Given that members cannot have zero size,
  455. // the number of members must be <= size.
  456. //
  457. if (!RTL_SOFT_VERIFY(Struct->NumberOfMembers <= Struct->EntireStructFileSize)) {
  458. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("nummemb <= filesize");
  459. goto Exit;
  460. }
  461. if (!RTL_SOFT_VERIFY(Struct->NumberOfMembers <= Struct->PartialStructMemorySize)) {
  462. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("nummemb <= memsize");
  463. goto Exit;
  464. }
  465. if (!RTL_SOFT_VERIFY(Struct->NumberOfMembers != 0)) {
  466. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("nummemb != 0");
  467. goto Exit;
  468. }
  469. if (!RTL_SOFT_VERIFY(Struct->EntireStructFileSize != 0)) {
  470. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("filesize != 0");
  471. goto Exit;
  472. }
  473. if (!RTL_SOFT_VERIFY(Struct->PartialStructMemorySize != 0)) {
  474. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("memsize != 0");
  475. goto Exit;
  476. }
  477. if (!RTL_SOFT_VERIFY(Struct->MemberDescriptors != NULL)) {
  478. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("members != NULL");
  479. goto Exit;
  480. }
  481. Member = Struct->MemberDescriptors;
  482. MemberEnd = Member + Struct->NumberOfMembers;
  483. SetDetail2 = TRUE;
  484. for ( ; Member != MemberEnd; ++Member )
  485. {
  486. if (!RTL_SOFT_VERIFY(Member->MemberSize != 0)) {
  487. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("membersize != NULL");
  488. goto Exit;
  489. }
  490. if (!RTL_SOFT_VERIFY(Member->MemberOffsetInFile < Struct->EntireStructFileSize)) {
  491. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("fileoffset < filesize");
  492. goto Exit;
  493. }
  494. if (!RTL_SOFT_VERIFY(NT_SUCCESS(Status2 = RtlpAddWithOverflowCheckSizet(&OffsetEnd, Member->MemberOffsetInFile, Member->MemberSize)))) {
  495. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("file overflow");
  496. goto Exit;
  497. }
  498. if (!RTL_SOFT_VERIFY(OffsetEnd <= Struct->EntireStructFileSize)) {
  499. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("file out of bounds");
  500. goto Exit;
  501. }
  502. if (!RTL_SOFT_VERIFY(Member->MemberOffsetInMemory < Struct->PartialStructMemorySize)) {
  503. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("memoffset < memsize");
  504. goto Exit;
  505. }
  506. if (!RTL_SOFT_VERIFY(NT_SUCCESS(Status2 = RtlpAddWithOverflowCheckSizet(&OffsetEnd, Member->MemberOffsetInMemory, Member->MemberSize)))) {
  507. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("mem overflow");
  508. goto Exit;
  509. }
  510. if (!RTL_SOFT_VERIFY(OffsetEnd <= Struct->PartialStructMemorySize)) {
  511. LocalDetail = RTLP_PREPEND_LINE_SPACE_TO_STRING("mem out of bounds");
  512. goto Exit;
  513. }
  514. }
  515. LocalDisposition = RTL_VALIDATE_MEMORY_MAPPED_IO_CAPTURE_PARTIAL_STRUCT_DESCRIPTOR_DISPOSITION_GOOD;
  516. Exit:
  517. if (LocalDisposition == RTL_VALIDATE_MEMORY_MAPPED_IO_CAPTURE_PARTIAL_STRUCT_DESCRIPTOR_DISPOSITION_BAD) {
  518. if (ARGUMENT_PRESENT(Detail)) {
  519. *Detail = (ULONG_PTR)LocalDetail;
  520. }
  521. if (ARGUMENT_PRESENT(Detail2) && SetDetail2) {
  522. *Detail2 = (MemberEnd - Member);
  523. }
  524. }
  525. if (Disposition != NULL) {
  526. *Disposition = LocalDisposition;
  527. }
  528. return Status;
  529. }
  531. #endif
  533. #if NOT_YET_USED
  535. NTSTATUS
  536. NTAPI
  537. RtlMappedViewStrlen(
  538. PCVOID VoidViewBase,
  539. SIZE_T ViewSize,
  540. PCVOID VoidString,
  541. OUT PSIZE_T OutLength OPTIONAL
  542. )
  543. /*++
  545. Routine Description:
  547. Given a mapped view and size and starting address, verify that the 8bit string
  548. starting at the address is nul terminated within the mapped view, optionally
  549. returning the length of the string.
  551. in_page_errors are caught
  553. Arguments:
  555. VoidViewBase -
  556. ViewSize -
  557. VoidString -
  558. OutLength -
  560. Return Value:
  562. STATUS_SUCCESS: the string is nul terminated within the view
  563. STATUS_ACCESS_VIOLATION: the string is not nul terminated within the view
  564. STATUS_IN_PAGE_ERROR
  565. --*/
  566. {
  567. NTSTATUS Status;
  568. PCBYTE ByteViewBase;
  569. PCBYTE ByteViewEnd;
  570. PCBYTE ByteString;
  571. PCBYTE ByteStringEnd;
  573. Status = STATUS_INTERNAL_ERROR;
  574. ByteViewBase = (PCBYTE)VoidViewBase;
  575. ByteViewEnd = ViewSize + ByteViewBase;
  576. ByteString = (PCBYTE)VoidString;
  577. ByteStringEnd = ByteString;
  579. if (ARGUMENT_PRESENT(OutLength)) {
  580. *OutLength = 0;
  581. }
  583. if (!(ByteString >= ByteViewBase && ByteString < ByteViewEnd)) {
  584. Status = STATUS_ACCESS_VIOLATION;
  585. goto Exit;
  586. }
  587. __try {
  588. //
  589. // This could be done more efficiently with page granularity, using memchr.
  590. //
  591. for ( ; ByteStringEnd != ByteViewEnd && *ByteStringEnd != 0 ; ++ByteStringEnd) {
  592. // nothing
  593. }
  594. if (ByteStringEnd == ByteViewEnd) {
  595. Status = STATUS_ACCESS_VIOLATION;
  596. } else {
  597. Status = STATUS_SUCCESS;
  598. }
  599. } __except(
  600. //
  601. // We describe the whole buffer instead of an individual byte so that
  602. // the loop variables can be enregistered.
  603. //
  604. // If we switch to page granularity, this optimization may be less important.
  605. //
  606. RtlpCopyMappedMemoryEx_ExceptionFilter(
  607. RTLP_COPY_MAPPED_MEMORY_EX_FLAG_CATCH_INPAGE_ERRORS_IN_FROM_RANGE, // flags
  608. NULL, // no to address
  609. VoidViewBase, // from address
  610. ViewSize, // size
  611. NULL, // BytesCopied
  612. NULL, // ExceptionRecord,
  613. GetExceptionInformation(),
  614. &Status
  615. )) {
  616. ASSERT(Status != STATUS_SUCCESS);
  617. }
  618. if (ARGUMENT_PRESENT(OutLength)) {
  619. *OutLength = (SIZE_T)(ByteStringEnd - ByteString);
  620. }
  621. Exit:
  622. return Status;
  623. }
  625. #endif
  627. #if NOT_YET_USED
  629. NTSTATUS
  630. NTAPI
  631. RtlMappedViewRangeCheck(
  632. PCVOID ViewBase,
  633. SIZE_T ViewSize,
  634. PCVOID DataAddress,
  635. SIZE_T DataSize
  636. )
  637. /*++
  639. Routine Description:
  641. Given a mapped view and size, range check a data address and size.
  643. Arguments:
  645. ViewBase -
  646. ViewSize -
  647. DataAddress -
  648. DataSize -
  650. Return Value:
  652. STATUS_SUCCESS: all of the data is within the view
  653. STATUS_ACCESS_VIOLATION: some of the data is outside the view
  654. --*/
  655. {
  656. ULONG_PTR UlongPtrViewBegin;
  657. ULONG_PTR UlongPtrViewEnd;
  658. ULONG_PTR UlongPtrDataBegin;
  659. ULONG_PTR UlongPtrDataEnd;
  660. BOOLEAN InBounds;
  662. //
  663. // UlongPtrDataBegin is a valid address.
  664. // UlongPtrDataEnd is one past a valid address.
  665. // We must not allow UlongPtrDataBegin == UlongPtrViewEnd.
  666. // We must allow UlongPtrDataEnd == UlongPtrViewEnd.
  667. // Therefore, we must not allow UlongPtrDataBegin == UlongPtrDataEnd.
  668. // This can be achieved by not allowing DataSize == 0.
  669. //
  670. if (DataSize == 0)
  671. {
  672. DataSize = 1;
  673. }
  675. UlongPtrViewBegin = (ULONG_PTR)ViewBase;
  676. UlongPtrViewEnd = UlongPtrViewBegin + ViewSize;
  677. UlongPtrDataBegin = (ULONG_PTR)DataAddress;
  678. UlongPtrDataEnd = UlongPtrDataBegin + DataSize;
  680. InBounds =
  681. ( UlongPtrDataBegin >= UlongPtrViewBegin
  682. && UlongPtrDataBegin < UlongPtrDataEnd
  683. && UlongPtrDataEnd <= UlongPtrViewEnd
  684. && DataSize <= ViewSize
  685. );
  687. return (InBounds ? STATUS_SUCCESS : STATUS_ACCESS_VIOLATION);
  688. }
  690. #endif
  692. #if NOT_YET_USED
  694. //
  695. // This code is not yet as robust as the "capture partial struct" functions,
  696. // which do overflow checking, including offering a "preflight" validation of
  697. // constant parameter blocks.
  698. //
  700. typedef struct _RTL_COPY_MEMORY_SCATTER_GATHER_LIST_ELEMENT {
  701. SIZE_T FromOffset;
  702. SIZE_T ToOffset;
  703. SIZE_T Size;
  704. } RTL_COPY_MEMORY_SCATTER_GATHER_LIST_ELEMENT, *PRTL_COPY_MEMORY_SCATTER_GATHER_LIST_ELEMENT;
  705. typedef CONST RTL_COPY_MEMORY_SCATTER_GATHER_LIST_ELEMENT *PCRTL_COPY_MEMORY_SCATTER_GATHER_LIST_ELEMENT;
  707. #define RTL_COPY_MEMORY_SCATTER_GATHER_FLAG_VALID (0x00000001)
  709. typedef struct _RTL_COPY_MEMORY_SCATTER_GATHER_PARAMETERS {
  710. ULONG Flags;
  711. PCVOID FromBase;
  712. SIZE_T FromSize;
  713. PVOID ToBase;
  714. SIZE_T ToSize;
  715. SIZE_T NumberOfScatterGatherListElements;
  716. PCRTL_COPY_MEMORY_SCATTER_GATHER_LIST_ELEMENT ScatterGatherListElements;
  717. struct {
  718. BOOLEAN Caught;
  719. NTSTATUS UnderlyingStatus;
  720. PEXCEPTION_RECORD ExceptionRecord OPTIONAL;
  721. SIZE_T BytesCopied;
  722. SIZE_T FailedElementIndex;
  723. } InpageError;
  724. } RTL_COPY_MEMORY_SCATTER_GATHER_PARAMETERS, *PRTL_COPY_MEMORY_SCATTER_GATHER_PARAMETERS;
  725. typedef CONST RTL_COPY_MEMORY_SCATTER_GATHER_PARAMETERS *PCRTL_COPY_MEMORY_SCATTER_GATHER_PARAMETERS;
  727. #endif
  729. #if NOT_YET_USED
  731. LONG
  732. RtlpCopyMemoryScatterGatherExceptionHandlerAssumeValid(
  733. PRTL_COPY_MEMORY_SCATTER_GATHER_PARAMETERS Parameters,
  734. PEXCEPTION_POINTERS ExceptionPointers
  735. )
  736. {
  737. PEXCEPTION_RECORD ExceptionRecord = 0;
  738. ULONG NumberParameters = 0;
  739. ULONG_PTR ExceptionAddress = 0;
  740. ULONG_PTR CaughtBase = 0;
  741. NTSTATUS ExceptionCode = 0;
  742. LONG Disposition = 0;
  744. Disposition = EXCEPTION_CONTINUE_SEARCH;
  745. ExceptionRecord = ExceptionPointers->ExceptionRecord;
  746. ExceptionCode = ExceptionRecord->ExceptionCode;
  747. if (ExceptionCode != STATUS_IN_PAGE_ERROR) {
  748. goto Exit;
  749. }
  750. NumberParameters = ExceptionRecord->NumberParameters;
  751. if (RTL_IN_PAGE_ERROR_EXCEPTION_INFO_FAULTING_VA_INDEX < NumberParameters) {
  752. //
  753. // We don't have the information to do the range check so give up and do
  754. // not catch the exception. This can happen apparently.
  755. //
  756. goto Exit;
  757. }
  759. ExceptionAddress = ExceptionRecord->ExceptionInformation[RTL_IN_PAGE_ERROR_EXCEPTION_INFO_FAULTING_VA_INDEX];
  761. if (ExceptionAddress >= (CaughtBase = (ULONG_PTR)Parameters->FromBase)
  762. && ExceptionAddress < (CaughtBase + Parameters->FromSize)) {
  764. // nothing
  766. } else if (ExceptionAddress >= (CaughtBase = (ULONG_PTR)Parameters->ToBase)
  767. && ExceptionAddress < (CaughtBase + Parameters->ToSize)) {
  769. // nothing
  771. }
  772. else {
  774. // not in range, don't catch it
  775. goto Exit;
  777. }
  779. Disposition = EXCEPTION_EXECUTE_HANDLER;
  780. Parameters->InpageError.Caught = TRUE;
  781. Parameters->InpageError.BytesCopied = (SIZE_T)(ExceptionAddress - CaughtBase);
  782. if (ARGUMENT_PRESENT(Parameters->InpageError.ExceptionRecord)) {
  783. *Parameters->InpageError.ExceptionRecord = *ExceptionRecord;
  784. }
  785. if (RTL_IN_PAGE_ERROR_EXCEPTION_INFO_UNDERLYING_STATUS_INDEX < NumberParameters) {
  787. ExceptionCode = (NTSTATUS) ExceptionRecord->ExceptionInformation[RTL_IN_PAGE_ERROR_EXCEPTION_INFO_UNDERLYING_STATUS_INDEX];
  789. } else {
  791. // else just leave it as status_in_page_error
  793. }
  794. Parameters->InpageError.UnderlyingStatus = ExceptionCode;
  795. // DbgPrint...
  796. Exit:
  797. return Disposition;
  798. }
  800. #endif
  802. #if NOT_YET_USED
  804. LONG
  805. NTAPI
  806. RtlCopyMemoryScatterGatherExceptionHandler(
  807. PRTL_COPY_MEMORY_SCATTER_GATHER_PARAMETERS Parameters,
  808. PEXCEPTION_POINTERS ExceptionPointers
  809. )
  810. {
  811. //
  812. // This bit lets people turn off "large try/excepts" when they only really want
  813. // catch inpage errors in a small part of the try body. The pattern is:
  814. //
  815. // __try {
  816. // Parameters.Flags &= ~RTL_COPY_MEMORY_SCATTER_GATHER_FLAG_VALID;
  817. // ...
  818. // ... lots of code ...
  819. // ...
  820. // Parameters.Flags |= RTL_COPY_MEMORY_SCATTER_GATHER_FLAG_VALID;
  821. // RtlCopyMemory(&Parameters);
  822. // Parameters.Flags &= ~RTL_COPY_MEMORY_SCATTER_GATHER_FLAG_VALID;
  823. // ...
  824. // ... lots of code ...
  825. // ...
  826. // __except(RtlCopyMemoryScatterGatherExceptionHandler())
  827. //
  828. if ((Parameters->Flags & RTL_COPY_MEMORY_SCATTER_GATHER_FLAG_VALID) == 0) {
  829. return EXCEPTION_CONTINUE_SEARCH;
  830. }
  831. return RtlpCopyMemoryScatterGatherExceptionHandlerAssumeValid(Parameters, ExceptionPointers);
  832. }
  834. #endif
  836. #if NOT_YET_USED
  838. NTSTATUS
  839. NTAPI
  840. RtlCopyMemoryScatterGather(
  841. PRTL_COPY_MEMORY_SCATTER_GATHER_PARAMETERS Parameters
  842. )
  843. {
  844. RTL_COPY_MEMORY_SCATTER_GATHER_PARAMETERS LocalParameters;
  845. SIZE_T i;
  846. NTSTATUS Status = 0;
  848. // capture in locals to avoid unncessary pointer derefs in the loop
  849. LocalParameters.FromBase = Parameters->FromBase;
  850. LocalParameters.ToBase = Parameters->ToBase;
  851. LocalParameters.NumberOfScatterGatherListElements = Parameters->NumberOfScatterGatherListElements;
  852. LocalParameters.ScatterGatherListElements = Parameters->ScatterGatherListElements;
  854. __try {
  855. for (i = 0 ; i != LocalParameters.NumberOfScatterGatherListElements ; ++i) {
  856. RtlCopyMemory(
  857. ((PBYTE)LocalParameters.ToBase) + LocalParameters.ScatterGatherListElements[i].ToOffset,
  858. ((PCBYTE)LocalParameters.FromBase) + LocalParameters.ScatterGatherListElements[i].FromOffset,
  859. LocalParameters.ScatterGatherListElements[i].Size
  860. );
  861. }
  862. Status = STATUS_SUCCESS;
  863. } __except(RtlpCopyMemoryScatterGatherExceptionHandlerAssumeValid(Parameters, GetExceptionInformation())) {
  864. Status = Parameters->InpageError.UnderlyingStatus;
  865. Parameters->InpageError.FailedElementIndex = i;
  866. }
  867. return Status;
  868. }
  870. #endif
  872. #if defined(__cplusplus)
  873. } /* extern "C" */
  874. #endif