|
|
/**************************** Module Header ********************************\
* Module Name: pool.c** Copyright (c) 1985 - 1999, Microsoft Corporation** Pool reallocation routines** History:* 03-04-95 JimA Created.\***************************************************************************/
#include "precomp.h"
#pragma hdrstop
DWORD gdwPoolFlags;DWORD gSessionPoolMask;
#ifdef POOL_INSTR
/*
* Globals used by RecordStackTrace */
PVOID gRecordedStackTrace[RECORD_STACK_TRACE_SIZE]; PEPROCESS gpepRecorded; PETHREAD gpetRecorded;
DWORD gdwAllocFailIndex; // the index of the allocation that's
// going to fail
DWORD gdwAllocsToFail = 1; // how many allocs to fail
DWORD gdwFreeRecords;
/*
* Targeted tag failures */ LPDWORD gparrTagsToFail; SIZE_T gdwTagsToFailCount;
/*
* Support to keep records of failed pool allocations */ DWORD gdwFailRecords; DWORD gdwFailRecordCrtIndex; DWORD gdwFailRecordTotalFailures;
PPOOLRECORD gparrFailRecord;
/*
* Support to keep records of pool free */ DWORD gdwFreeRecords; DWORD gdwFreeRecordCrtIndex; DWORD gdwFreeRecordTotalFrees;
PPOOLRECORD gparrFreeRecord;
FAST_MUTEX* gpAllocFastMutex; // mutex to syncronize pool allocations
Win32AllocStats gAllocList;
CONST char gszTailAlloc[] = "Win32kAlloc";
#define USESESSION(dwFlags) (((dwFlags & DAP_NONSESSION) != 0) ? 0 : gSessionPoolMask)
#endif
/***************************************************************************\
* Win32QueryPoolSize** Returns the size of the given pool block.** 08-17-2001 JasonSch Created.\***************************************************************************/SIZE_T Win32QueryPoolSize( PVOID p){ /*
* If POOL_HEAVY_ALLOCS is not defined then the pointer is what * we allocated. */ if (!(gdwPoolFlags & POOL_HEAVY_ALLOCS)) { BOOLEAN notUsed; return ExQueryPoolBlockSize(p, ¬Used); } else { PWin32PoolHead ph;
ph = (PWin32PoolHead)((DWORD*)p - (sizeof(Win32PoolHead) / sizeof(DWORD))); return ph->size; }}
PVOID Win32AllocPoolWithTagZInit(SIZE_T uBytes, ULONG uTag){ PVOID pv;
pv = Win32AllocPool(uBytes, uTag); if (pv) { RtlZeroMemory(pv, uBytes); }
return pv;}
PVOID Win32AllocPoolWithTagZInitWithPriority(SIZE_T uBytes, ULONG uTag, EX_POOL_PRIORITY priority){ PVOID pv;
pv = Win32AllocPoolWithPriority(uBytes, uTag, priority); if (pv) { RtlZeroMemory(pv, uBytes); }
return pv;}
PVOID Win32AllocPoolWithQuotaTagZInit(SIZE_T uBytes, ULONG uTag){ PVOID pv;
pv = Win32AllocPoolWithQuota(uBytes, uTag); if (pv) { RtlZeroMemory(pv, uBytes); }
return pv;}
PVOID UserReAllocPoolWithTag( PVOID pSrc, SIZE_T uBytesSrc, SIZE_T uBytes, ULONG iTag){ PVOID pDest;
pDest = UserAllocPool(uBytes, iTag); if (pDest != NULL) {
/*
* If the block is shrinking, don't copy too many bytes. */ if (uBytesSrc > uBytes) { uBytesSrc = uBytes; }
RtlCopyMemory(pDest, pSrc, uBytesSrc);
UserFreePool(pSrc); }
return pDest;}
PVOID UserReAllocPoolWithQuotaTag( PVOID pSrc, SIZE_T uBytesSrc, SIZE_T uBytes, ULONG iTag){ PVOID pDest;
pDest = UserAllocPoolWithQuota(uBytes, iTag); if (pDest != NULL) {
/*
* If the block is shrinking, don't copy too many bytes. */ if (uBytesSrc > uBytes) uBytesSrc = uBytes;
RtlCopyMemory(pDest, pSrc, uBytesSrc);
UserFreePool(pSrc); }
return pDest;}
/*
* Allocation routines for rtl functions */
PVOID UserRtlAllocMem( SIZE_T uBytes){ return UserAllocPool(uBytes, TAG_RTL);}
VOID UserRtlFreeMem( PVOID pMem){ UserFreePool(pMem);}
#ifdef POOL_INSTR
VOID RecordStackTrace( VOID){ RtlZeroMemory(gRecordedStackTrace, RECORD_STACK_TRACE_SIZE * sizeof(PVOID));
RtlWalkFrameChain(gRecordedStackTrace, RECORD_STACK_TRACE_SIZE, 0);
gpepRecorded = PsGetCurrentProcess(); gpetRecorded = PsGetCurrentThread();}
/***************************************************************************\
* RecordFailAllocation** Records failed allocations** 3-22-99 CLupu Created.\***************************************************************************/VOID RecordFailAllocation( ULONG tag, SIZE_T size){ UserAssert(gdwPoolFlags & POOL_KEEP_FAIL_RECORD);
gparrFailRecord[gdwFailRecordCrtIndex].ExtraData = LongToPtr( tag ); gparrFailRecord[gdwFailRecordCrtIndex].size = size;
gdwFailRecordTotalFailures++;
RtlZeroMemory(gparrFailRecord[gdwFailRecordCrtIndex].trace, RECORD_STACK_TRACE_SIZE * sizeof(PVOID));
RtlWalkFrameChain(gparrFailRecord[gdwFailRecordCrtIndex].trace, RECORD_STACK_TRACE_SIZE, 0);
gdwFailRecordCrtIndex++;
if (gdwFailRecordCrtIndex >= gdwFailRecords) { gdwFailRecordCrtIndex = 0; }}
/***************************************************************************\
* RecordFreePool** Records free pool** 3-22-99 CLupu Created.\***************************************************************************/VOID RecordFreePool( PVOID p, SIZE_T size){ UserAssert(gdwPoolFlags & POOL_KEEP_FREE_RECORD);
gparrFreeRecord[gdwFreeRecordCrtIndex].ExtraData = p; gparrFreeRecord[gdwFreeRecordCrtIndex].size = size;
gdwFreeRecordTotalFrees++;
RtlZeroMemory(gparrFreeRecord[gdwFreeRecordCrtIndex].trace, RECORD_STACK_TRACE_SIZE * sizeof(PVOID));
RtlWalkFrameChain(gparrFreeRecord[gdwFreeRecordCrtIndex].trace, RECORD_STACK_TRACE_SIZE, 0);
gdwFreeRecordCrtIndex++;
if (gdwFreeRecordCrtIndex >= gdwFreeRecords) { gdwFreeRecordCrtIndex = 0; }}
/***************************************************************************\
* HeavyAllocPool** This will make UserAllocPool to fail if we do not provide enough memory* for the specified tag.** 12-02-96 CLupu Created.\***************************************************************************/PVOID HeavyAllocPool( SIZE_T uBytes, ULONG tag, DWORD dwFlags, EX_POOL_PRIORITY priority){ PDWORD p; PWin32PoolHead ph; POOL_TYPE poolType;
if (!(gdwPoolFlags & POOL_HEAVY_ALLOCS)) { if (dwFlags & DAP_USEQUOTA) { poolType = ((dwFlags & DAP_NONPAGEDPOOL) ? USESESSION(dwFlags) | NonPagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE : gSessionPoolMask | PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE);
p = ExAllocatePoolWithQuotaTag(poolType, uBytes, tag); } else { poolType = ((dwFlags & DAP_NONPAGEDPOOL) ? USESESSION(dwFlags) | NonPagedPool : gSessionPoolMask | PagedPool);
if (dwFlags & DAP_PRIORITY) { p = ExAllocatePoolWithTagPriority(poolType, uBytes, tag, priority); } else { p = ExAllocatePoolWithTag(poolType, uBytes, tag); }
}
if (p != NULL && (dwFlags & DAP_ZEROINIT)) { RtlZeroMemory(p, uBytes); }
return p; }
/*
* Check for overflow. */ if (uBytes >= MAXULONG - sizeof(Win32PoolHead) - sizeof(gszTailAlloc)) { if (gdwPoolFlags & POOL_KEEP_FAIL_RECORD) { RecordFailAllocation(tag, 0); }
return NULL; }
/*
* Acquire the mutex when we play with the list of allocations. */ KeEnterCriticalRegion(); ExAcquireFastMutexUnsafe(gpAllocFastMutex);
#ifdef POOL_INSTR_API
/*
* Fail the allocation if the flag is set. Don't fail allocations that * will certainly get us to bugcheck in DBG (i.e. GLOBALTHREADLOCK). */ if (gdwPoolFlags & POOL_FAIL_ALLOCS#if DBG
&& (tag != TAG_GLOBALTHREADLOCK)#endif
) {
SIZE_T dwInd;
for (dwInd = 0; dwInd < gdwTagsToFailCount; dwInd++) { if (tag == gparrTagsToFail[dwInd]) { break; } }
if (dwInd < gdwTagsToFailCount) { if (gdwPoolFlags & POOL_KEEP_FAIL_RECORD) { RecordFailAllocation(tag, uBytes); }
RIPMSG0(RIP_WARNING, "Pool allocation failed because of global restriction"); p = NULL; goto exit; } }#endif
#if DBG
if ((gdwPoolFlags & POOL_FAIL_BY_INDEX) && (tag != TAG_GLOBALTHREADLOCK)) { /*
* Count the calls to HeavyAllocPool. */ gdwAllocCrt++;
if (gdwAllocCrt >= gdwAllocFailIndex && gdwAllocCrt < gdwAllocFailIndex + gdwAllocsToFail) {
RecordStackTrace();
KdPrint(("\n--------------------------------------------------\n")); KdPrint(( "\nPool allocation %d failed because of registry settings", gdwAllocCrt)); KdPrint(("\n--------------------------------------------------\n\n"));
if (gdwPoolFlags & POOL_KEEP_FAIL_RECORD) { RecordFailAllocation(tag, uBytes); } p = NULL; goto exit; } }#endif
/*
* Reserve space for the header */ uBytes += sizeof(Win32PoolHead);
if (gdwPoolFlags & POOL_TAIL_CHECK) { uBytes += sizeof(gszTailAlloc); }
if (dwFlags & DAP_USEQUOTA) { poolType = ((dwFlags & DAP_NONPAGEDPOOL) ? USESESSION(dwFlags) | NonPagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE : gSessionPoolMask | PagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE);
p = ExAllocatePoolWithQuotaTag(poolType, uBytes, tag); } else { poolType = ((dwFlags & DAP_NONPAGEDPOOL) ? USESESSION(dwFlags)| NonPagedPool : gSessionPoolMask | PagedPool);
if (dwFlags & DAP_PRIORITY) { p = ExAllocatePoolWithTagPriority(poolType, uBytes, tag, priority); } else { p = ExAllocatePoolWithTag(poolType, uBytes, tag); } }
/*
* Return if ExAllocate... failed. */ if (p == NULL) { if (gdwPoolFlags & POOL_KEEP_FAIL_RECORD) { uBytes -= sizeof(Win32PoolHead);
if (gdwPoolFlags & POOL_TAIL_CHECK) { uBytes -= sizeof(gszTailAlloc); }
RecordFailAllocation(tag, uBytes); }
goto exit; }
if (gdwPoolFlags & POOL_TAIL_CHECK) { uBytes -= sizeof(gszTailAlloc);
RtlCopyMemory(((BYTE*)p) + uBytes, gszTailAlloc, sizeof(gszTailAlloc)); }
uBytes -= sizeof(Win32PoolHead);
/*
* Get the pointer to the header. */ ph = (PWin32PoolHead)p;
p += (sizeof(Win32PoolHead) / sizeof(DWORD));
/*
* Update the global allocations info. */ gAllocList.dwCrtMem += uBytes;
if (gAllocList.dwMaxMem < gAllocList.dwCrtMem) { gAllocList.dwMaxMem = gAllocList.dwCrtMem; }
(gAllocList.dwCrtAlloc)++;
if (gAllocList.dwMaxAlloc < gAllocList.dwCrtAlloc) { gAllocList.dwMaxAlloc = gAllocList.dwCrtAlloc; }
/*
* Grab the stack traces if the flags say so */ if (gdwPoolFlags & POOL_CAPTURE_STACK) { ph->pTrace = ExAllocatePoolWithTag(gSessionPoolMask | PagedPool, POOL_ALLOC_TRACE_SIZE * sizeof(PVOID), TAG_STACK);
if (ph->pTrace != NULL) { RtlZeroMemory(ph->pTrace, POOL_ALLOC_TRACE_SIZE * sizeof(PVOID)); RtlWalkFrameChain(ph->pTrace, POOL_ALLOC_TRACE_SIZE, 0); } } else { ph->pTrace = NULL; }
/*
* Save the info in the header and return the pointer after the header. */ ph->size = uBytes;
/*
* now, link it into the list for this tag (if any) */ ph->pPrev = NULL; ph->pNext = gAllocList.pHead;
if (gAllocList.pHead != NULL) { gAllocList.pHead->pPrev = ph; }
gAllocList.pHead = ph;
if (dwFlags & DAP_ZEROINIT) { RtlZeroMemory(p, uBytes); }
exit: /*
* Release the mutex */ ExReleaseFastMutexUnsafe(gpAllocFastMutex); KeLeaveCriticalRegion();
return p;}
/***************************************************************************\
* HeavyFreePool** 12-02-96 CLupu Created.\***************************************************************************/VOID HeavyFreePool( PVOID p){ SIZE_T uBytes; PWin32PoolHead ph;
/*
* If POOL_HEAVY_ALLOCS is not defined * then the pointer is what we allocated */ if (!(gdwPoolFlags & POOL_HEAVY_ALLOCS)) { ExFreePool(p); return; }
/*
* Acquire the mutex when we play with the list of allocations */ KeEnterCriticalRegion(); ExAcquireFastMutexUnsafe(gpAllocFastMutex);
ph = (PWin32PoolHead)((DWORD*)p - (sizeof(Win32PoolHead) / sizeof(DWORD)));
uBytes = ph->size;
/*
* Check the tail */ if (gdwPoolFlags & POOL_TAIL_CHECK) { if (!RtlEqualMemory((BYTE*)p + uBytes, gszTailAlloc, sizeof(gszTailAlloc))) { RIPMSG1(RIP_ERROR, "POOL CORRUPTION for %#p", p); } }
gAllocList.dwCrtMem -= uBytes;
UserAssert(gAllocList.dwCrtAlloc > 0);
(gAllocList.dwCrtAlloc)--;
/*
* now, remove it from the linked list */ if (ph->pPrev == NULL) { if (ph->pNext == NULL) {
UserAssert(gAllocList.dwCrtAlloc == 0);
gAllocList.pHead = NULL; } else { ph->pNext->pPrev = NULL; gAllocList.pHead = ph->pNext; } } else { ph->pPrev->pNext = ph->pNext; if (ph->pNext != NULL) { ph->pNext->pPrev = ph->pPrev; } }
/*
* Free the stack traces */ if (ph->pTrace != NULL) { ExFreePool(ph->pTrace); }
if (gdwPoolFlags & POOL_KEEP_FREE_RECORD) { RecordFreePool(ph, ph->size); }
ExFreePool(ph);
/*
* Release the mutex */ ExReleaseFastMutexUnsafe(gpAllocFastMutex); KeLeaveCriticalRegion();}
/***************************************************************************\
* CleanupPoolAllocations** 12-02-96 CLupu Created.\***************************************************************************/VOID CleanupPoolAllocations( VOID){ PWin32PoolHead pHead; PWin32PoolHead pNext;
if (gAllocList.dwCrtAlloc != 0) { if (gdwPoolFlags & POOL_BREAK_FOR_LEAKS) { FRE_RIPMSG0(RIP_ERROR, "There is still pool memory not freed in win32k.sys.\n" "Use !userkdx.dpa -vs to dump it"); }
pHead = gAllocList.pHead; while (pHead != NULL) { pNext = pHead->pNext;
UserFreePool(pHead + 1);
pHead = pNext; } }}
/***************************************************************************\
* CleanUpPoolLimitations*\***************************************************************************/VOID CleanUpPoolLimitations( VOID){ if (gpAllocFastMutex != NULL) { ExFreePool(gpAllocFastMutex); gpAllocFastMutex = NULL; }
if (gparrFailRecord != NULL) { ExFreePool(gparrFailRecord); gparrFailRecord = NULL; }
if (gparrFreeRecord != NULL) { ExFreePool(gparrFreeRecord); gparrFreeRecord = NULL; }
if (gparrTagsToFail != NULL) { ExFreePool(gparrTagsToFail); gparrTagsToFail = NULL; }}
/***************************************************************************\
* InitPoolLimitations** 12-02-96 CLupu Created.\***************************************************************************/NTSTATUS InitPoolLimitations( VOID){ UNICODE_STRING UnicodeString; OBJECT_ATTRIBUTES ObjectAttributes; HANDLE hkey; NTSTATUS Status; WCHAR achKeyValue[512]; DWORD dwData; ULONG ucb;
/*
* Initialize a critical section structure that will be used to protect * all the HeavyAllocPool and HeavyFreePool calls. */ gpAllocFastMutex = ExAllocatePoolWithTag(NonPagedPool, sizeof(FAST_MUTEX), TAG_DEBUG); if (gpAllocFastMutex == NULL) { RIPMSG0(RIP_WARNING, "InitPoolLimitations failed to allocate mutex"); return STATUS_NO_MEMORY; }
ExInitializeFastMutex(gpAllocFastMutex);
/*
* Allocate from session pool only for Full TS, that is Terminal Server * in app server mode. For normal Server (Remote Administration) or * workstation don't limit to session pool. */ if ((SharedUserData->SuiteMask & VER_SUITE_TERMINAL) && !(SharedUserData->SuiteMask & VER_SUITE_SINGLEUSERTS)) { gSessionPoolMask = SESSION_POOL_MASK;
if (gbRemoteSession) { gdwPoolFlags |= POOL_HEAVY_ALLOCS; } } else { gSessionPoolMask = 0; }
#if DBG
gdwPoolFlags |= (POOL_HEAVY_ALLOCS | POOL_CAPTURE_STACK | POOL_BREAK_FOR_LEAKS);#endif
/*
* Open the key containing the limits. */ RtlInitUnicodeString( &UnicodeString, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Session Manager\\SubSystems\\Pool");
InitializeObjectAttributes( &ObjectAttributes, &UnicodeString, OBJ_CASE_INSENSITIVE, NULL, NULL);
Status = ZwOpenKey(&hkey, KEY_READ, &ObjectAttributes); if (!NT_SUCCESS(Status)) {
#if DBG
/*
* More default settings if the Pool key doesn't exist */ if (gbRemoteSession) {
gparrFailRecord = ExAllocatePoolWithTag(PagedPool, 32 * sizeof(POOLRECORD), TAG_DEBUG);
if (gparrFailRecord != NULL) { gdwFailRecords = 32; gdwPoolFlags |= POOL_KEEP_FAIL_RECORD; }
gparrFreeRecord = ExAllocatePoolWithTag(PagedPool, 32 * sizeof(POOLRECORD), TAG_DEBUG);
if (gparrFreeRecord != NULL) { gdwFreeRecords = 32; gdwPoolFlags |= POOL_KEEP_FREE_RECORD; } }#endif
return STATUS_SUCCESS; }
if (gbRemoteSession) { /*
* Break in the debugger for memory leaks? */ RtlInitUnicodeString(&UnicodeString, L"BreakForPoolLeaks");
Status = ZwQueryValueKey( hkey, &UnicodeString, KeyValuePartialInformation, achKeyValue, sizeof(achKeyValue), &ucb);
if (NT_SUCCESS(Status) && ((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Type == REG_DWORD) {
dwData = *((PDWORD)((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Data);
if (dwData != 0) { gdwPoolFlags |= POOL_BREAK_FOR_LEAKS; } else { gdwPoolFlags &= ~POOL_BREAK_FOR_LEAKS; } }
/*
* Heavy allocs/frees for remote sessions ? */ RtlInitUnicodeString(&UnicodeString, L"HeavyRemoteSession");
Status = ZwQueryValueKey( hkey, &UnicodeString, KeyValuePartialInformation, achKeyValue, sizeof(achKeyValue), &ucb);
if (NT_SUCCESS(Status) && ((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Type == REG_DWORD) {
dwData = *((PDWORD)((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Data);
if (dwData == 0) { gdwPoolFlags &= ~POOL_HEAVY_ALLOCS; } } } else {
/*
* Heavy allocs/frees for main session ? */ RtlInitUnicodeString(&UnicodeString, L"HeavyConsoleSession");
Status = ZwQueryValueKey( hkey, &UnicodeString, KeyValuePartialInformation, achKeyValue, sizeof(achKeyValue), &ucb);
if (NT_SUCCESS(Status) && ((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Type == REG_DWORD) {
dwData = *((PDWORD)((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Data);
if (dwData != 0) { gdwPoolFlags |= POOL_HEAVY_ALLOCS; } } }
if (!(gdwPoolFlags & POOL_HEAVY_ALLOCS)) { ZwClose(hkey); return STATUS_SUCCESS; }
/*
* Check for stack traces */ RtlInitUnicodeString(&UnicodeString, L"StackTraces");
Status = ZwQueryValueKey( hkey, &UnicodeString, KeyValuePartialInformation, achKeyValue, sizeof(achKeyValue), &ucb);
if (NT_SUCCESS(Status) && ((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Type == REG_DWORD) {
dwData = *((PDWORD)((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Data);
if (dwData == 0) { gdwPoolFlags &= ~POOL_CAPTURE_STACK; } else { gdwPoolFlags |= POOL_CAPTURE_STACK; } }
/*
* Use tail checks ? */ RtlInitUnicodeString(&UnicodeString, L"UseTailString");
Status = ZwQueryValueKey( hkey, &UnicodeString, KeyValuePartialInformation, achKeyValue, sizeof(achKeyValue), &ucb);
if (NT_SUCCESS(Status) && ((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Type == REG_DWORD) {
dwData = *((PDWORD)((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Data);
if (dwData != 0) { gdwPoolFlags |= POOL_TAIL_CHECK; } }
/*
* Keep a record of frees ? By default keep the last 32. */#if DBG
gdwFreeRecords = 32;#endif
RtlInitUnicodeString(&UnicodeString, L"KeepFreeRecords");
Status = ZwQueryValueKey( hkey, &UnicodeString, KeyValuePartialInformation, achKeyValue, sizeof(achKeyValue), &ucb);
if (NT_SUCCESS(Status) && ((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Type == REG_DWORD) {
gdwFreeRecords = *((PDWORD)((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Data); }
if (gdwFreeRecords != 0) {
gparrFreeRecord = ExAllocatePoolWithTag(PagedPool, gdwFreeRecords * sizeof(POOLRECORD), TAG_DEBUG);
if (gparrFreeRecord != NULL) { gdwPoolFlags |= POOL_KEEP_FREE_RECORD; } }
/*
* Keep a record of failed allocations ? By default keep the last 32. */#if DBG
gdwFailRecords = 32;#endif
RtlInitUnicodeString(&UnicodeString, L"KeepFailRecords");
Status = ZwQueryValueKey( hkey, &UnicodeString, KeyValuePartialInformation, achKeyValue, sizeof(achKeyValue), &ucb);
if (NT_SUCCESS(Status) && ((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Type == REG_DWORD) {
gdwFailRecords = *((PDWORD)((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Data); }
if (gdwFailRecords != 0) {
gparrFailRecord = ExAllocatePoolWithTag(PagedPool, gdwFailRecords * sizeof(POOLRECORD), TAG_DEBUG);
if (gparrFailRecord != NULL) { gdwPoolFlags |= POOL_KEEP_FAIL_RECORD; } }
#if DBG
/*
* Open the key containing the allocation that should fail. */ RtlInitUnicodeString(&UnicodeString, L"AllocationIndex");
Status = ZwQueryValueKey( hkey, &UnicodeString, KeyValuePartialInformation, achKeyValue, sizeof(achKeyValue), &ucb);
if (NT_SUCCESS(Status) && ((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Type == REG_DWORD) {
gdwAllocFailIndex = *((PDWORD)((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Data); }
RtlInitUnicodeString(&UnicodeString, L"AllocationsToFail");
Status = ZwQueryValueKey( hkey, &UnicodeString, KeyValuePartialInformation, achKeyValue, sizeof(achKeyValue), &ucb);
if (NT_SUCCESS(Status) && ((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Type == REG_DWORD) {
gdwAllocsToFail = *((PDWORD)((PKEY_VALUE_PARTIAL_INFORMATION)achKeyValue)->Data); }
if (gdwAllocFailIndex != 0 && gdwAllocsToFail > 0) { gdwPoolFlags |= POOL_FAIL_BY_INDEX; }#endif
ZwClose(hkey);
return STATUS_SUCCESS;}#endif
#ifdef POOL_INSTR_API
BOOL _Win32PoolAllocationStats( LPDWORD parrTags, SIZE_T tagsCount, SIZE_T* lpdwMaxMem, SIZE_T* lpdwCrtMem, LPDWORD lpdwMaxAlloc, LPDWORD lpdwCrtAlloc){ BOOL bRet = FALSE;
/*
* Do nothing if heavy allocs/frees are disabled. */ if (!(gdwPoolFlags & POOL_HEAVY_ALLOCS)) { return FALSE; }
*lpdwMaxMem = gAllocList.dwMaxMem; *lpdwCrtMem = gAllocList.dwCrtMem; *lpdwMaxAlloc = gAllocList.dwMaxAlloc; *lpdwCrtAlloc = gAllocList.dwCrtAlloc;
/*
* Acquire the mutex when we play with the list of allocations. */ KeEnterCriticalRegion(); ExAcquireFastMutexUnsafe(gpAllocFastMutex);
if (gparrTagsToFail != NULL) { ExFreePool(gparrTagsToFail); gparrTagsToFail = NULL; gdwTagsToFailCount = 0; }
if (tagsCount != 0) { gdwPoolFlags |= POOL_FAIL_ALLOCS;
if (tagsCount > MAX_TAGS_TO_FAIL) { gdwTagsToFailCount = 0xFFFFFFFF; RIPMSG0(RIP_WARNING, "All pool allocations in WIN32K.SYS will fail."); bRet = TRUE; goto exit; } } else { gdwPoolFlags &= ~POOL_FAIL_ALLOCS;
RIPMSG0(RIP_WARNING, "Pool allocations in WIN32K.SYS back to normal."); bRet = TRUE; goto exit; }
gparrTagsToFail = ExAllocatePoolWithTag(PagedPool, sizeof(DWORD) * tagsCount, TAG_DEBUG);
if (gparrTagsToFail == NULL) { gdwPoolFlags &= ~POOL_FAIL_ALLOCS; RIPMSG0(RIP_WARNING, "Pool allocations in WIN32K.SYS back to normal !"); goto exit; }
try { ProbeForRead(parrTags, sizeof(DWORD) * tagsCount, DATAALIGN); RtlCopyMemory(gparrTagsToFail, parrTags, sizeof(DWORD) * tagsCount); } except (W32ExceptionHandler(FALSE, RIP_WARNING)) { if (gparrTagsToFail != NULL) { ExFreePool(gparrTagsToFail); gparrTagsToFail = NULL;
gdwPoolFlags &= ~POOL_FAIL_ALLOCS; RIPMSG0(RIP_WARNING, "Pool allocations in WIN32K.SYS back to normal."); goto exit; } } gdwTagsToFailCount = tagsCount;
RIPMSG0(RIP_WARNING, "Specific pool allocations in WIN32K.SYS will fail.");
exit: /*
* Release the mutex */ ExReleaseFastMutexUnsafe(gpAllocFastMutex); KeLeaveCriticalRegion();
return bRet;}
#endif
#ifdef TRACE_MAP_VIEWS
FAST_MUTEX* gpSectionFastMutex;PWin32Section gpSections;
#define EnterSectionCrit() \
KeEnterCriticalRegion(); \ ExAcquireFastMutexUnsafe(gpSectionFastMutex);
#define LeaveSectionCrit() \
ExReleaseFastMutexUnsafe(gpSectionFastMutex); \ KeLeaveCriticalRegion();
/***************************************************************************\
* CleanUpSections*\***************************************************************************/VOID CleanUpSections( VOID){ if (gpSectionFastMutex) { ExFreePool(gpSectionFastMutex); gpSectionFastMutex = NULL; }}
NTSTATUS InitSectionTrace( VOID){ gpSectionFastMutex = ExAllocatePoolWithTag(NonPagedPool, sizeof(FAST_MUTEX), TAG_DEBUG);
if (gpSectionFastMutex == NULL) { RIPMSG0(RIP_WARNING, "InitSectionTrace failed to allocate mutex"); return STATUS_NO_MEMORY; }
ExInitializeFastMutex(gpSectionFastMutex);
return STATUS_SUCCESS;}
NTSTATUS _Win32CreateSection( PVOID* pSectionObject, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PLARGE_INTEGER pInputMaximumSize, ULONG SectionPageProtection, ULONG AllocationAttributes, HANDLE FileHandle, PFILE_OBJECT FileObject, DWORD SectionTag){ PWin32Section pSection; NTSTATUS Status;
Status = MmCreateSection( pSectionObject, DesiredAccess, ObjectAttributes, pInputMaximumSize, SectionPageProtection, AllocationAttributes, FileHandle, FileObject);
if (NT_SUCCESS(Status)) { ObDeleteCapturedInsertInfo(*pSectionObject); } else { RIPMSG1(RIP_WARNING, "MmCreateSection failed with Status 0x%x.", Status); *pSectionObject = NULL; return Status; }
pSection = UserAllocPoolZInit(sizeof(Win32Section), TAG_SECTION);
if (pSection == NULL) { ObDereferenceObject(*pSectionObject); RIPMSG0(RIP_WARNING, "Failed to allocate memory for section."); *pSectionObject = NULL; return STATUS_UNSUCCESSFUL; }
EnterSectionCrit();
pSection->pNext = gpSections; if (gpSections != NULL) { UserAssert(gpSections->pPrev == NULL); gpSections->pPrev = pSection; }
pSection->SectionObject = *pSectionObject; pSection->SectionSize = *pInputMaximumSize; pSection->SectionTag = SectionTag;
gpSections = pSection;
#ifdef MAP_VIEW_STACK_TRACE
RtlZeroMemory(pSection->trace, MAP_VIEW_STACK_TRACE_SIZE * sizeof(PVOID));
RtlWalkFrameChain(pSection->trace, MAP_VIEW_STACK_TRACE_SIZE, 0);
#endif
LeaveSectionCrit();
return STATUS_SUCCESS;}
NTSTATUS _ZwWin32CreateSection( PVOID* pSectionObject, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PLARGE_INTEGER pInputMaximumSize, ULONG SectionPageProtection, ULONG AllocationAttributes, HANDLE FileHandle, PFILE_OBJECT FileObject, DWORD SectionTag){ PWin32Section pSection; NTSTATUS Status; HANDLE SectionHandle;
UNREFERENCED_PARAMETER(FileObject);
Status = ZwCreateSection( &SectionHandle, DesiredAccess, ObjectAttributes, pInputMaximumSize, SectionPageProtection, AllocationAttributes, FileHandle);
if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "ZwCreateSection failed with Statu %x", Status); *pSectionObject = NULL; return Status; }
Status = ObReferenceObjectByHandle( SectionHandle, DesiredAccess, *(POBJECT_TYPE *)MmSectionObjectType, KernelMode, pSectionObject, NULL);
ZwClose(SectionHandle);
if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "ObReferenceObjectByHandle failed with Status 0x%x", Status); *pSectionObject = NULL; return Status; }
pSection = UserAllocPoolZInit(sizeof(Win32Section), TAG_SECTION); if (pSection == NULL) { ObDereferenceObject(*pSectionObject); RIPMSG0(RIP_WARNING, "Failed to allocate memory for section"); *pSectionObject = NULL; return STATUS_UNSUCCESSFUL; }
EnterSectionCrit();
pSection->pNext = gpSections; if (gpSections != NULL) { UserAssert(gpSections->pPrev == NULL); gpSections->pPrev = pSection; }
pSection->SectionObject = *pSectionObject; pSection->SectionSize = *pInputMaximumSize; pSection->SectionTag = SectionTag;
gpSections = pSection;
#ifdef MAP_VIEW_STACK_TRACE
RtlZeroMemory(pSection->trace, MAP_VIEW_STACK_TRACE_SIZE * sizeof(PVOID));
RtlWalkFrameChain(pSection->trace, MAP_VIEW_STACK_TRACE_SIZE, 0);
#endif
LeaveSectionCrit();
return STATUS_SUCCESS;}
VOID _Win32DestroySection( PVOID Section){ PWin32Section ps;
EnterSectionCrit();
ps = gpSections;
while (ps != NULL) { if (ps->SectionObject == Section) {
/*
* Make sure there is no view mapped for this section */ if (ps->pFirstView != NULL) { RIPMSG1(RIP_ERROR, "Section %#p still has views", ps); }
/*
* now, remove it from the linked list of this tag */ if (ps->pPrev == NULL) {
UserAssert(ps == gpSections);
gpSections = ps->pNext;
if (ps->pNext != NULL) { ps->pNext->pPrev = NULL; } } else { ps->pPrev->pNext = ps->pNext; if (ps->pNext != NULL) { ps->pNext->pPrev = ps->pPrev; } } ObDereferenceObject(Section); UserFreePool(ps); LeaveSectionCrit(); return; } ps = ps->pNext; }
RIPMSG1(RIP_ERROR, "Cannot find Section %#p", Section); LeaveSectionCrit();}
NTSTATUS _Win32MapViewInSessionSpace( PVOID Section, PVOID* pMappedBase, PSIZE_T pViewSize){ NTSTATUS Status; PWin32Section ps; PWin32MapView pMapView;
/*
* First try to map the view */ Status = MmMapViewInSessionSpace(Section, pMappedBase, pViewSize);
if (!NT_SUCCESS(Status)) { RIPMSG1(RIP_WARNING, "MmMapViewInSessionSpace failed with Status %x", Status); *pMappedBase = NULL; return Status; }
/*
* Now add a record for this view */ pMapView = UserAllocPoolZInit(sizeof(Win32MapView), TAG_SECTION);
if (pMapView == NULL) { RIPMSG0(RIP_WARNING, "_Win32MapViewInSessionSpace: Memory failure");
MmUnmapViewInSessionSpace(*pMappedBase); *pMappedBase = NULL; return STATUS_NO_MEMORY; }
pMapView->pViewBase = *pMappedBase; pMapView->ViewSize = *pViewSize;
EnterSectionCrit();
ps = gpSections;
while (ps != NULL) { if (ps->SectionObject == Section) {
pMapView->pSection = ps;
pMapView->pNext = ps->pFirstView;
if (ps->pFirstView != NULL) { ps->pFirstView->pPrev = pMapView; } ps->pFirstView = pMapView;
#ifdef MAP_VIEW_STACK_TRACE
RtlZeroMemory(pMapView->trace, MAP_VIEW_STACK_TRACE_SIZE * sizeof(PVOID));
RtlWalkFrameChain(pMapView->trace, MAP_VIEW_STACK_TRACE_SIZE, 0);
#endif
LeaveSectionCrit(); return STATUS_SUCCESS; } ps = ps->pNext; }
RIPMSG1(RIP_ERROR, "_Win32MapViewInSessionSpace: Could not find section for %#p", Section);
LeaveSectionCrit();
return STATUS_UNSUCCESSFUL;}
NTSTATUS _Win32UnmapViewInSessionSpace( PVOID MappedBase){ PWin32Section ps; PWin32MapView pv; NTSTATUS Status;
EnterSectionCrit();
ps = gpSections;
while (ps != NULL) {
pv = ps->pFirstView;
while (pv != NULL) {
UserAssert(pv->pSection == ps);
if (pv->pViewBase == MappedBase) { /*
* now, remove it from the linked list */ if (pv->pPrev == NULL) {
UserAssert(pv == ps->pFirstView);
ps->pFirstView = pv->pNext;
if (pv->pNext != NULL) { pv->pNext->pPrev = NULL; } } else { pv->pPrev->pNext = pv->pNext; if (pv->pNext != NULL) { pv->pNext->pPrev = pv->pPrev; } }
UserFreePool(pv);
Status = MmUnmapViewInSessionSpace(MappedBase);
LeaveSectionCrit();
return Status; } pv = pv->pNext; } ps = ps->pNext; }
RIPMSG1(RIP_ERROR, "_Win32UnmapViewInSessionSpace: Could not find view for 0x%p", MappedBase);
LeaveSectionCrit();
return STATUS_UNSUCCESSFUL;}#endif
|
