You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1239 lines
31 KiB
1239 lines
31 KiB
/*++
|
|
|
|
Copyright (c) 1991 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
bowutils.c
|
|
|
|
Abstract:
|
|
|
|
This module implements various useful routines for the NT datagram
|
|
receiver (bowser).
|
|
|
|
|
|
Author:
|
|
|
|
Larry Osterman (larryo) 6-May-1991
|
|
|
|
Revision History:
|
|
|
|
24-Sep-1991 larryo
|
|
|
|
Created
|
|
|
|
--*/
|
|
|
|
#include "precomp.h"
|
|
#pragma hdrstop
|
|
|
|
#ifdef ALLOC_PRAGMA
|
|
#pragma alloc_text(PAGE, BowserMapUsersBuffer)
|
|
#pragma alloc_text(PAGE, BowserLockUsersBuffer)
|
|
#pragma alloc_text(PAGE, BowserConvertType3IoControlToType2IoControl)
|
|
#pragma alloc_text(PAGE, BowserPackNtString)
|
|
#pragma alloc_text(PAGE, BowserPackUnicodeString)
|
|
#pragma alloc_text(PAGE, BowserRandom)
|
|
#pragma alloc_text(PAGE, BowserTimeUp)
|
|
#pragma alloc_text(PAGE, BowserReferenceDiscardableCode)
|
|
#pragma alloc_text(PAGE, BowserDereferenceDiscardableCode)
|
|
#pragma alloc_text(PAGE, BowserUninitializeDiscardableCode)
|
|
#pragma alloc_text(INIT, BowserInitializeDiscardableCode)
|
|
|
|
#if DBG
|
|
#ifndef PRODUCT1
|
|
#pragma alloc_text(PAGE, BowserTrace)
|
|
#endif
|
|
#pragma alloc_text(PAGE, BowserInitializeTraceLog)
|
|
#pragma alloc_text(PAGE, BowserOpenTraceLogFile)
|
|
#pragma alloc_text(PAGE, BowserUninitializeTraceLog)
|
|
#pragma alloc_text(PAGE, BowserDebugCall)
|
|
#endif
|
|
|
|
#endif
|
|
|
|
BOOLEAN
|
|
BowserMapUsersBuffer (
|
|
IN PIRP Irp,
|
|
OUT PVOID *UserBuffer,
|
|
IN ULONG Length
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine will probe and lock the buffer described by the
|
|
provided Irp.
|
|
|
|
Arguments:
|
|
|
|
IN PIRP Irp - Supplies the IRP that is to be mapped.
|
|
OUT PVOID *Buffer - Returns a buffer that maps the user's buffer in the IRP
|
|
|
|
Return Value:
|
|
|
|
TRUE - The buffer was mapped into the current address space.
|
|
FALSE - The buffer was NOT mapped in, it was already mappable.
|
|
|
|
|
|
--*/
|
|
|
|
{
|
|
PAGED_CODE();
|
|
|
|
if (Irp->MdlAddress) {
|
|
*UserBuffer = MmGetSystemAddressForMdlSafe(Irp->MdlAddress, LowPagePriority);
|
|
return FALSE;
|
|
} else {
|
|
if (Irp->AssociatedIrp.SystemBuffer != NULL) {
|
|
*UserBuffer = Irp->AssociatedIrp.SystemBuffer;
|
|
|
|
} else if (Irp->RequestorMode != KernelMode) {
|
|
PIO_STACK_LOCATION IrpSp;
|
|
|
|
IrpSp = IoGetCurrentIrpStackLocation( Irp );
|
|
|
|
if ((Length != 0) && (Irp->UserBuffer != 0)) {
|
|
|
|
if ((IrpSp->MajorFunction == IRP_MJ_FILE_SYSTEM_CONTROL) ||
|
|
(IrpSp->MajorFunction == IRP_MJ_DEVICE_CONTROL)) {
|
|
ULONG ControlCode = IrpSp->Parameters.DeviceIoControl.IoControlCode;
|
|
|
|
if ((ControlCode & 3) == METHOD_NEITHER) {
|
|
ProbeForWrite( Irp->UserBuffer,
|
|
Length,
|
|
sizeof(UCHAR) );
|
|
} else {
|
|
ASSERT ((ControlCode & 3) != METHOD_BUFFERED);
|
|
ASSERT ((ControlCode & 3) != METHOD_IN_DIRECT);
|
|
ASSERT ((ControlCode & 3) != METHOD_OUT_DIRECT);
|
|
}
|
|
|
|
} else if ((IrpSp->MajorFunction == IRP_MJ_READ) ||
|
|
(IrpSp->MajorFunction == IRP_MJ_QUERY_INFORMATION) ||
|
|
(IrpSp->MajorFunction == IRP_MJ_QUERY_VOLUME_INFORMATION) ||
|
|
(IrpSp->MajorFunction == IRP_MJ_QUERY_SECURITY) ||
|
|
(IrpSp->MajorFunction == IRP_MJ_DIRECTORY_CONTROL)) {
|
|
|
|
ProbeForWrite( Irp->UserBuffer,
|
|
Length,
|
|
sizeof(UCHAR) );
|
|
} else {
|
|
ProbeForRead( Irp->UserBuffer,
|
|
Length,
|
|
sizeof(UCHAR) );
|
|
}
|
|
}
|
|
|
|
*UserBuffer = Irp->UserBuffer;
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
}
|
|
|
|
NTSTATUS
|
|
BowserLockUsersBuffer (
|
|
IN PIRP Irp,
|
|
IN LOCK_OPERATION Operation,
|
|
IN ULONG BufferLength
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine will probe and lock the buffer described by the
|
|
provided Irp.
|
|
|
|
Arguments:
|
|
|
|
IN PIRP Irp - Supplies the IRP that is to be locked.
|
|
IN LOCK_OPERATION Operation - Supplies the operation type to probe.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
|
|
PAGED_CODE();
|
|
if ((Irp->MdlAddress == NULL)) {
|
|
|
|
try {
|
|
|
|
Irp->MdlAddress = IoAllocateMdl(Irp->UserBuffer,
|
|
BufferLength,
|
|
FALSE,
|
|
TRUE,
|
|
NULL);
|
|
|
|
if (Irp->MdlAddress == NULL) {
|
|
return(STATUS_INSUFFICIENT_RESOURCES);
|
|
}
|
|
|
|
|
|
//
|
|
// Now probe and lock down the user's data buffer.
|
|
//
|
|
|
|
MmProbeAndLockPages(Irp->MdlAddress,
|
|
Irp->RequestorMode,
|
|
Operation);
|
|
|
|
} except (BR_EXCEPTION) {
|
|
Status = GetExceptionCode();
|
|
|
|
if (Irp->MdlAddress != NULL) {
|
|
//
|
|
// We blew up in the probe and lock, free up the MDL
|
|
// and set the IRP to have a null MDL pointer - we are failing the
|
|
// request
|
|
//
|
|
|
|
IoFreeMdl(Irp->MdlAddress);
|
|
Irp->MdlAddress = NULL;
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return Status;
|
|
|
|
}
|
|
|
|
NTSTATUS
|
|
BowserConvertType3IoControlToType2IoControl (
|
|
IN PIRP Irp,
|
|
IN PIO_STACK_LOCATION IrpSp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine does the work necessary to convert a type 3 IoCtl to a
|
|
type 2 IoCtl. We do this when we have to pass a user IRP to the FSP.
|
|
|
|
|
|
Arguments:
|
|
|
|
IN PIRP Irp - Supplies an IRP to convert
|
|
IN PIO_STACK_LOCATION IrpSp - Supplies an Irp Stack location for convenience
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS - Status of operation
|
|
|
|
Note: This must be called in the FSD.
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
PAGED_CODE();
|
|
|
|
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength != 0) {
|
|
Status = BowserLockUsersBuffer(Irp, IoWriteAccess, IrpSp->Parameters.DeviceIoControl.OutputBufferLength);
|
|
|
|
//
|
|
// If we were unable to lock the users output buffer, return now.
|
|
//
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
return Status;
|
|
}
|
|
|
|
}
|
|
|
|
ASSERT (Irp->AssociatedIrp.SystemBuffer == NULL);
|
|
|
|
try {
|
|
if (IrpSp->Parameters.DeviceIoControl.InputBufferLength != 0) {
|
|
PCHAR InputBuffer = IrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
|
|
ULONG InputBufferLength = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
|
|
|
|
Irp->AssociatedIrp.SystemBuffer = ExAllocatePoolWithQuotaTag(PagedPool,
|
|
InputBufferLength, ' GD');
|
|
|
|
if (Irp->AssociatedIrp.SystemBuffer == NULL) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
//
|
|
// If called from a user process,
|
|
// probe the buffer to ensure it is in the callers address space.
|
|
//
|
|
if (Irp->RequestorMode != KernelMode) {
|
|
ProbeForRead( InputBuffer,
|
|
InputBufferLength,
|
|
sizeof(UCHAR));
|
|
}
|
|
|
|
RtlCopyMemory( Irp->AssociatedIrp.SystemBuffer,
|
|
InputBuffer,
|
|
InputBufferLength);
|
|
|
|
Irp->Flags |= (IRP_BUFFERED_IO | IRP_DEALLOCATE_BUFFER);
|
|
|
|
} else {
|
|
Irp->AssociatedIrp.SystemBuffer = NULL;
|
|
}
|
|
|
|
} except (BR_EXCEPTION) {
|
|
|
|
if (Irp->AssociatedIrp.SystemBuffer != NULL) {
|
|
ExFreePool(Irp->AssociatedIrp.SystemBuffer);
|
|
}
|
|
return GetExceptionCode();
|
|
|
|
}
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
ULONG
|
|
BowserPackNtString(
|
|
PUNICODE_STRING string,
|
|
ULONG_PTR BufferDisplacement,
|
|
PCHAR dataend,
|
|
PCHAR * laststring
|
|
)
|
|
/** BowserPackNtString
|
|
*
|
|
* BowserPackNtString is used to stuff variable-length data, which
|
|
* is pointed to by (surpise!) a pointer. The data is assumed
|
|
* to be a nul-terminated string (ASCIIZ). Repeated calls to
|
|
* this function are used to pack data from an entire structure.
|
|
*
|
|
* Upon first call, the laststring pointer should point to just
|
|
* past the end of the buffer. Data will be copied into the buffer from
|
|
* the end, working towards the beginning. If a data item cannot
|
|
* fit, the pointer will be set to NULL, else the pointer will be
|
|
* set to the new data location.
|
|
*
|
|
* Pointers which are passed in as NULL will be set to be pointer
|
|
* to and empty string, as the NULL-pointer is reserved for
|
|
* data which could not fit as opposed to data not available.
|
|
*
|
|
* Returns: 0 if could not fit data into buffer
|
|
* else size of data stuffed (guaranteed non-zero)
|
|
*
|
|
* See the test case for sample usage. (tst/packtest.c)
|
|
*/
|
|
|
|
{
|
|
LONG size;
|
|
|
|
PAGED_CODE();
|
|
|
|
dlog(DPRT_PACK, ("BowserPackNtString:\n"));
|
|
dlog(DPRT_PACK, (" string=%Fp, *string=%Fp, **string=\"%us\"\n",
|
|
string, *string, *string));
|
|
dlog(DPRT_PACK, (" end=%Fp\n", dataend));
|
|
dlog(DPRT_PACK, (" last=%Fp, *last=%Fp, **last=\"%us\"\n",
|
|
laststring, *laststring, *laststring));
|
|
|
|
ASSERT (dataend < *laststring);
|
|
|
|
//
|
|
// is there room for the string?
|
|
//
|
|
|
|
size = string->Length;
|
|
|
|
if ((*laststring - dataend) < size) {
|
|
string->Length = 0;
|
|
return(0);
|
|
} else {
|
|
*laststring -= size;
|
|
RtlCopyMemory(*laststring, string->Buffer, size);
|
|
string->Buffer = (PWSTR)((*laststring) - BufferDisplacement);
|
|
return(size);
|
|
}
|
|
}
|
|
|
|
ULONG
|
|
BowserPackUnicodeString(
|
|
IN OUT PWCHAR * string, // pointer by reference: string to be copied.
|
|
IN ULONG StringLength, // Length of this string (in bytes) (w/o trailing zero)
|
|
IN ULONG_PTR OutputBufferDisplacement, // Amount to subtract from output buffer
|
|
IN PVOID dataend, // pointer to end of fixed size data.
|
|
IN OUT PVOID * laststring // pointer by reference: top of string data.
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
BowserPackUnicodeString is used to stuff variable-length data, which
|
|
is pointed to by (surpise!) a pointer. The data is assumed
|
|
to be a nul-terminated string (ASCIIZ). Repeated calls to
|
|
this function are used to pack data from an entire structure.
|
|
|
|
Upon first call, the laststring pointer should point to just
|
|
past the end of the buffer. Data will be copied into the buffer from
|
|
the end, working towards the beginning. If a data item cannot
|
|
fit, the pointer will be set to NULL, else the pointer will be
|
|
set to the new data location.
|
|
|
|
Pointers which are passed in as NULL will be set to be pointer
|
|
to and empty string, as the NULL-pointer is reserved for
|
|
data which could not fit as opposed to data not available.
|
|
|
|
See the test case for sample usage. (tst/packtest.c)
|
|
|
|
|
|
Arguments:
|
|
|
|
string - pointer by reference: string to be copied.
|
|
|
|
dataend - pointer to end of fixed size data.
|
|
|
|
laststring - pointer by reference: top of string data.
|
|
|
|
Return Value:
|
|
|
|
0 - if it could not fit data into the buffer. Or...
|
|
|
|
sizeOfData - the size of data stuffed (guaranteed non-zero)
|
|
|
|
--*/
|
|
|
|
{
|
|
DWORD size;
|
|
DWORD Available = (DWORD)((PCHAR)*laststring - (PCHAR)dataend);
|
|
WCHAR StringBuffer[1] = L"";
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Verify that there is room left for the string. If a NULL string
|
|
// is input, there must be at least room for a UNICODE NULL, so set
|
|
// size to sizeof(WCHAR) in this case.
|
|
//
|
|
|
|
if (*string == NULL) {
|
|
StringLength = 0;
|
|
*string = StringBuffer;
|
|
}
|
|
|
|
size = StringLength + sizeof(WCHAR);
|
|
|
|
// if the end of the buffer passed to us is not aligned properly for wide chars, shift it inwards to align it
|
|
*laststring = ROUND_DOWN_POINTER(*laststring, ALIGN_WCHAR);
|
|
|
|
if (*laststring < dataend || size > Available) {
|
|
*string = UNICODE_NULL;
|
|
return(0);
|
|
}
|
|
|
|
*((PCHAR *)laststring) -= size;
|
|
RtlCopyMemory(*laststring, *string, size-sizeof(WCHAR));
|
|
*string = *laststring;
|
|
(*string)[StringLength/2] = L'\0';
|
|
*(PCHAR*)string -=OutputBufferDisplacement;
|
|
return(size);
|
|
|
|
} // BowserUnicodePackString
|
|
|
|
|
|
ULONG
|
|
BowserTimeUp(
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
BowserTimeUp is used to return the number of seconds the browser has been
|
|
running.
|
|
|
|
|
|
Arguments:
|
|
|
|
None
|
|
|
|
Return Value:
|
|
|
|
Number of seconds the browser has been up.
|
|
|
|
--*/
|
|
{
|
|
LARGE_INTEGER CurrentTime;
|
|
LARGE_INTEGER TimeDelta;
|
|
LARGE_INTEGER TimeUp;
|
|
|
|
//
|
|
// These are the magic numbers needed to do our extended division. The
|
|
// only numbers we ever need to divide by are
|
|
//
|
|
// 10,000 = convert 100ns tics to millisecond tics
|
|
//
|
|
//
|
|
// These values were stolen from ntos\rtl\time.c
|
|
//
|
|
|
|
LARGE_INTEGER Magic10000 = {0xe219652c, 0xd1b71758};
|
|
#define SHIFT10000 13
|
|
|
|
|
|
PAGED_CODE();
|
|
|
|
KeQuerySystemTime(&CurrentTime);
|
|
|
|
TimeDelta.QuadPart = CurrentTime.QuadPart - BowserStartTime.QuadPart;
|
|
|
|
//
|
|
// TimeDelta is the number of 100ns units the bowser has been up. Convert
|
|
// it to milliseconds using the magic routine.
|
|
//
|
|
|
|
TimeUp = RtlExtendedMagicDivide(TimeDelta, Magic10000, SHIFT10000);
|
|
|
|
//
|
|
// Please note that TimeUp.LowPart wraps after about 49 days,
|
|
// this means that if a machine has been up for more than 49 days,
|
|
// we peg at 0xffffffff.
|
|
//
|
|
|
|
if (TimeUp.HighPart != 0) {
|
|
return(0xffffffff);
|
|
}
|
|
|
|
return(TimeUp.LowPart);
|
|
}
|
|
|
|
ULONG
|
|
BowserRandom(
|
|
IN ULONG MaxValue
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
BowserRandom is used to return a random number between 0 and MaxValue
|
|
|
|
Arguments:
|
|
|
|
MaxValue - The maximum value to return.
|
|
|
|
Return Value:
|
|
|
|
Random # between 0 and MaxValue
|
|
|
|
--*/
|
|
{
|
|
PAGED_CODE();
|
|
|
|
return RtlRandom(&BowserRandomSeed) % MaxValue;
|
|
}
|
|
|
|
|
|
VOID
|
|
BowserReferenceDiscardableCode(
|
|
DISCARDABLE_SECTION_NAME SectionName
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
BowserReferenceDiscardableCode is called to reference the browsers
|
|
discardable code section.
|
|
|
|
If the section is not present in memory, MmLockPagableCodeSection is
|
|
called to fault the section into memory.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PAGED_CODE();
|
|
|
|
RdrReferenceDiscardableCode(SectionName);
|
|
|
|
|
|
}
|
|
|
|
VOID
|
|
BowserDereferenceDiscardableCode(
|
|
DISCARDABLE_SECTION_NAME SectionName
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
BowserDereferenceDiscardableCode is called to dereference the browsers
|
|
discardable code section.
|
|
|
|
When the reference count drops to 0, a timer is set that will fire in <n>
|
|
seconds, after which time the section will be unlocked.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PAGED_CODE();
|
|
RdrDereferenceDiscardableCode(SectionName);
|
|
}
|
|
|
|
VOID
|
|
BowserInitializeDiscardableCode(
|
|
VOID
|
|
)
|
|
{
|
|
}
|
|
|
|
VOID
|
|
BowserUninitializeDiscardableCode(
|
|
VOID
|
|
)
|
|
{
|
|
PAGED_CODE();
|
|
}
|
|
|
|
#if BOWSERPOOLDBG
|
|
typedef struct {
|
|
ULONG Count;
|
|
ULONG Size;
|
|
PCHAR FileName;
|
|
ULONG LineNumber;
|
|
} POOL_STATS, *PPOOL_STATS;
|
|
|
|
|
|
typedef struct _POOL_HEADER {
|
|
// LIST_ENTRY ListEntry;
|
|
ULONG NumberOfBytes;
|
|
PPOOL_STATS Stats;
|
|
} POOL_HEADER, *PPOOL_HEADER;
|
|
|
|
ULONG CurrentAllocationCount;
|
|
ULONG CurrentAllocationSize;
|
|
|
|
ULONG NextFreeEntry = 0;
|
|
|
|
POOL_STATS PoolStats[POOL_MAXTYPE+1];
|
|
|
|
PVOID
|
|
BowserAllocatePool (
|
|
IN POOL_TYPE PoolType,
|
|
IN ULONG NumberOfBytes,
|
|
IN PCHAR FileName,
|
|
IN ULONG LineNumber,
|
|
IN ULONG Tag
|
|
)
|
|
{
|
|
PPOOL_HEADER header;
|
|
KIRQL oldIrql;
|
|
#if 1
|
|
ULONG i;
|
|
#endif
|
|
|
|
#if POOL_TAGGING
|
|
header = ExAllocatePoolWithTag( PoolType, sizeof(POOL_HEADER) + NumberOfBytes, Tag );
|
|
#else
|
|
header = ExAllocatePool( PoolType, sizeof(POOL_HEADER) + NumberOfBytes );
|
|
|
|
#endif
|
|
if ( header == NULL ) {
|
|
return NULL;
|
|
}
|
|
header->NumberOfBytes = NumberOfBytes;
|
|
|
|
// DbgPrint( "BOWSER: allocated type %d, size %d at %x\n", AllocationType, NumberOfBytes, header );
|
|
|
|
ACQUIRE_SPIN_LOCK( &BowserTimeSpinLock, &oldIrql );
|
|
|
|
CurrentAllocationCount++;
|
|
CurrentAllocationSize += NumberOfBytes;
|
|
#if 1
|
|
//
|
|
// Lets see if we've already allocated one of these guys.
|
|
//
|
|
|
|
|
|
for (i = 0;i < POOL_MAXTYPE ; i+= 1 ) {
|
|
if ((PoolStats[i].LineNumber == LineNumber) &&
|
|
(PoolStats[i].FileName == FileName)) {
|
|
|
|
//
|
|
// Yup, remember this allocation and return.
|
|
//
|
|
|
|
header->Stats = &PoolStats[i];
|
|
PoolStats[i].Count++;
|
|
PoolStats[i].Size += NumberOfBytes;
|
|
|
|
RELEASE_SPIN_LOCK( &BowserTimeSpinLock, oldIrql );
|
|
|
|
return header + 1;
|
|
}
|
|
}
|
|
|
|
for (i = NextFreeEntry; i < POOL_MAXTYPE ; i+= 1 ) {
|
|
if ((PoolStats[i].LineNumber == 0) &&
|
|
(PoolStats[i].FileName == NULL)) {
|
|
|
|
PoolStats[i].Count++;
|
|
PoolStats[i].Size += NumberOfBytes;
|
|
PoolStats[i].FileName = FileName;
|
|
PoolStats[i].LineNumber = LineNumber;
|
|
header->Stats = &PoolStats[i];
|
|
|
|
NextFreeEntry = i+1;
|
|
|
|
RELEASE_SPIN_LOCK( &BowserTimeSpinLock, oldIrql );
|
|
|
|
return header + 1;
|
|
}
|
|
}
|
|
|
|
header->Stats = &PoolStats[i];
|
|
PoolStats[POOL_MAXTYPE].Count++;
|
|
PoolStats[POOL_MAXTYPE].Size += NumberOfBytes;
|
|
#endif
|
|
|
|
RELEASE_SPIN_LOCK( &BowserTimeSpinLock, oldIrql );
|
|
|
|
return header + 1;
|
|
}
|
|
|
|
PVOID
|
|
BowserAllocatePoolWithQuota (
|
|
IN POOL_TYPE PoolType,
|
|
IN ULONG NumberOfBytes,
|
|
IN PCHAR FileName,
|
|
IN ULONG LineNumber,
|
|
IN ULONG Tag
|
|
)
|
|
{
|
|
PPOOL_HEADER header;
|
|
KIRQL oldIrql;
|
|
#if 1
|
|
ULONG i;
|
|
#endif
|
|
|
|
#if POOL_TAGGING
|
|
header = ExAllocatePoolWithTagQuota( PoolType, sizeof(POOL_HEADER) + NumberOfBytes, Tag );
|
|
#else
|
|
header = ExAllocatePoolWithQuota( PoolType, sizeof(POOL_HEADER) + NumberOfBytes );
|
|
#endif
|
|
if ( header == NULL ) {
|
|
return NULL;
|
|
}
|
|
header->NumberOfBytes = NumberOfBytes;
|
|
|
|
// DbgPrint( "BOWSER: allocated type %d, size %d at %x\n", AllocationType, NumberOfBytes, header );
|
|
|
|
ACQUIRE_SPIN_LOCK( &BowserTimeSpinLock, &oldIrql );
|
|
|
|
CurrentAllocationCount++;
|
|
CurrentAllocationSize += NumberOfBytes;
|
|
#if 1
|
|
//
|
|
// Lets see if we've already allocated one of these guys.
|
|
//
|
|
|
|
|
|
for (i = 0;i < POOL_MAXTYPE ; i+= 1 ) {
|
|
if ((PoolStats[i].LineNumber == LineNumber) &&
|
|
(PoolStats[i].FileName == FileName)) {
|
|
|
|
//
|
|
// Yup, remember this allocation and return.
|
|
//
|
|
|
|
header->Stats = &PoolStats[i];
|
|
PoolStats[i].Count++;
|
|
PoolStats[i].Size += NumberOfBytes;
|
|
|
|
RELEASE_SPIN_LOCK( &BowserTimeSpinLock, oldIrql );
|
|
|
|
return header + 1;
|
|
}
|
|
}
|
|
|
|
for (i = NextFreeEntry; i < POOL_MAXTYPE ; i+= 1 ) {
|
|
if ((PoolStats[i].LineNumber == 0) &&
|
|
(PoolStats[i].FileName == NULL)) {
|
|
|
|
PoolStats[i].Count++;
|
|
PoolStats[i].Size += NumberOfBytes;
|
|
PoolStats[i].FileName = FileName;
|
|
PoolStats[i].LineNumber = LineNumber;
|
|
header->Stats = &PoolStats[i];
|
|
|
|
NextFreeEntry = i+1;
|
|
|
|
RELEASE_SPIN_LOCK( &BowserTimeSpinLock, oldIrql );
|
|
|
|
return header + 1;
|
|
}
|
|
}
|
|
|
|
header->Stats = &PoolStats[i];
|
|
PoolStats[POOL_MAXTYPE].Count++;
|
|
PoolStats[POOL_MAXTYPE].Size += NumberOfBytes;
|
|
|
|
#endif
|
|
|
|
RELEASE_SPIN_LOCK( &BowserTimeSpinLock, oldIrql );
|
|
|
|
return header + 1;
|
|
}
|
|
|
|
VOID
|
|
BowserFreePool (
|
|
IN PVOID P
|
|
)
|
|
{
|
|
PPOOL_HEADER header;
|
|
KIRQL oldIrql;
|
|
PPOOL_STATS stats;
|
|
ULONG size;
|
|
|
|
header = (PPOOL_HEADER)P - 1;
|
|
|
|
size = header->NumberOfBytes;
|
|
stats = header->Stats;
|
|
|
|
// if ( allocationType > POOL_MAXTYPE ) allocationType = POOL_MAXTYPE;
|
|
// DbgPrint( "BOWSER: freed type %d, size %d at %x\n", allocationType, size, header );
|
|
|
|
ACQUIRE_SPIN_LOCK( &BowserTimeSpinLock, &oldIrql );
|
|
|
|
CurrentAllocationCount--;
|
|
CurrentAllocationSize -= size;
|
|
#if 1
|
|
stats->Count--;
|
|
stats->Size -= size;
|
|
#endif
|
|
|
|
RELEASE_SPIN_LOCK( &BowserTimeSpinLock, oldIrql );
|
|
|
|
ExFreePool( header );
|
|
|
|
return;
|
|
}
|
|
#endif // BOWSERPOOLDBG
|
|
|
|
#if DBG
|
|
|
|
ERESOURCE
|
|
BrowserTraceLock;
|
|
HANDLE
|
|
BrowserTraceLogHandle = NULL;
|
|
|
|
UCHAR LastCharacter = '\n';
|
|
|
|
#ifndef PRODUCT1
|
|
|
|
VOID
|
|
BowserTrace(
|
|
PCHAR FormatString,
|
|
...
|
|
)
|
|
|
|
#define LAST_NAMED_ARGUMENT FormatString
|
|
|
|
{
|
|
#define BR_OUTPUT_STRING_BUFFER_SIZE 1024
|
|
|
|
CHAR OutputString[BR_OUTPUT_STRING_BUFFER_SIZE];
|
|
IO_STATUS_BLOCK IoStatus;
|
|
BOOLEAN ProcessAttached = FALSE;
|
|
BOOLEAN ReleaseResource = FALSE;
|
|
va_list ParmPtr; // Pointer to stack parms.
|
|
KAPC_STATE ApcState;
|
|
NTSTATUS Status;
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
try {
|
|
//
|
|
// Acquire the BrowserTraceLock to prevent race condition
|
|
// when two threads try to initialize the handle
|
|
//
|
|
ExAcquireResourceExclusive(&BrowserTraceLock, TRUE);
|
|
ReleaseResource = TRUE;
|
|
if (BrowserTraceLogHandle == NULL) {
|
|
|
|
// Attach to FSP when using handle
|
|
if (IoGetCurrentProcess() != BowserFspProcess) {
|
|
KeStackAttachProcess(BowserFspProcess, &ApcState );
|
|
|
|
ProcessAttached = TRUE;
|
|
}
|
|
|
|
if (!NT_SUCCESS(BowserOpenTraceLogFile(L"\\SystemRoot\\Bowser.Log"))) {
|
|
|
|
BrowserTraceLogHandle = (HANDLE) -1;
|
|
|
|
if (ProcessAttached) {
|
|
KeUnstackDetachProcess( &ApcState );
|
|
ProcessAttached = FALSE;
|
|
}
|
|
if (ReleaseResource) {
|
|
ExReleaseResource(&BrowserTraceLock);
|
|
ReleaseResource = FALSE;
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
} else if (BrowserTraceLogHandle == (HANDLE) -1) {
|
|
|
|
if (ProcessAttached) {
|
|
KeUnstackDetachProcess( &ApcState );
|
|
ProcessAttached = FALSE;
|
|
}
|
|
if (ReleaseResource) {
|
|
ExReleaseResource(&BrowserTraceLock);
|
|
ReleaseResource = FALSE;
|
|
}
|
|
|
|
return;
|
|
}
|
|
} finally {
|
|
if (ReleaseResource) {
|
|
ExReleaseResource(&BrowserTraceLock);
|
|
ReleaseResource = FALSE;
|
|
}
|
|
if (ProcessAttached) {
|
|
KeUnstackDetachProcess( &ApcState );
|
|
ProcessAttached = FALSE;
|
|
}
|
|
}
|
|
|
|
|
|
//
|
|
// We need a try-finally. In addition, have a try-except so that
|
|
// exceptions are caught here itself.
|
|
//
|
|
try {
|
|
try {
|
|
LARGE_INTEGER EndOfFile;
|
|
|
|
ExAcquireResourceExclusive(&BrowserTraceLock, TRUE);
|
|
ReleaseResource = TRUE;
|
|
|
|
// re-verify we should be tracing (under lock).
|
|
if (BrowserTraceLogHandle == NULL) {
|
|
try_return(Status);
|
|
}
|
|
|
|
EndOfFile.HighPart = 0xffffffff;
|
|
EndOfFile.LowPart = FILE_WRITE_TO_END_OF_FILE;
|
|
|
|
if (LastCharacter == '\n') {
|
|
LARGE_INTEGER SystemTime;
|
|
TIME_FIELDS TimeFields;
|
|
|
|
KeQuerySystemTime(&SystemTime);
|
|
|
|
ExSystemTimeToLocalTime(&SystemTime, &SystemTime);
|
|
|
|
RtlTimeToTimeFields(&SystemTime, &TimeFields);
|
|
|
|
//
|
|
// The last character written was a newline character. We should
|
|
// timestamp this record in the file.
|
|
//
|
|
StringCbPrintfA(OutputString,
|
|
BR_OUTPUT_STRING_BUFFER_SIZE,
|
|
"%2.2d/%2.2d %2.2d:%2.2d:%2.2d.%3.3d: ",
|
|
TimeFields.Month,
|
|
TimeFields.Day,
|
|
TimeFields.Hour,
|
|
TimeFields.Minute,
|
|
TimeFields.Second,
|
|
TimeFields.Milliseconds);
|
|
// Attach to FSP when using handle
|
|
if ( !ProcessAttached && (IoGetCurrentProcess() != BowserFspProcess) ) {
|
|
KeStackAttachProcess(BowserFspProcess, &ApcState );
|
|
|
|
ProcessAttached = TRUE;
|
|
}
|
|
|
|
if (!NT_SUCCESS(Status = ZwWriteFile(BrowserTraceLogHandle, NULL, NULL, NULL, &IoStatus, OutputString, strlen(OutputString), &EndOfFile, NULL))) {
|
|
KdPrint(("Error writing time to Browser log file: %lX\n", Status));
|
|
try_return(Status);
|
|
}
|
|
|
|
if (!NT_SUCCESS(IoStatus.Status)) {
|
|
KdPrint(("Error writing time to Browser log file: %lX\n", IoStatus.Status));
|
|
try_return(Status);
|
|
}
|
|
|
|
if (IoStatus.Information != strlen(OutputString)) {
|
|
KdPrint(("Error writing time to Browser log file: %lX\n", IoStatus.Status));
|
|
try_return(Status);
|
|
}
|
|
|
|
}
|
|
|
|
va_start(ParmPtr, LAST_NAMED_ARGUMENT);
|
|
|
|
// Be in caller's process when referencing parameters.
|
|
if (ProcessAttached) {
|
|
KeUnstackDetachProcess( &ApcState );
|
|
ProcessAttached = FALSE;
|
|
}
|
|
|
|
//
|
|
// Format the parameters to the string.
|
|
//
|
|
|
|
StringCchVPrintfA(OutputString, BR_OUTPUT_STRING_BUFFER_SIZE, FormatString, ParmPtr);
|
|
|
|
// Attach to FSP when using handle
|
|
if (IoGetCurrentProcess() != BowserFspProcess) {
|
|
KeStackAttachProcess(BowserFspProcess, &ApcState );
|
|
|
|
ProcessAttached = TRUE;
|
|
}
|
|
|
|
if (!NT_SUCCESS(Status = ZwWriteFile(BrowserTraceLogHandle, NULL, NULL, NULL, &IoStatus, OutputString, strlen(OutputString), &EndOfFile, NULL))) {
|
|
KdPrint(("Error writing string to Browser log file: %ld\n", Status));
|
|
try_return(Status);
|
|
}
|
|
|
|
if (!NT_SUCCESS(IoStatus.Status)) {
|
|
KdPrint(("Error writing string to Browser log file: %lX\n", IoStatus.Status));
|
|
try_return(Status);
|
|
}
|
|
|
|
if (IoStatus.Information != strlen(OutputString)) {
|
|
KdPrint(("Error writing string to Browser log file: %ld\n", IoStatus.Status));
|
|
try_return(Status);
|
|
}
|
|
|
|
//
|
|
// Remember the last character output to the log.
|
|
//
|
|
|
|
LastCharacter = OutputString[strlen(OutputString)-1];
|
|
|
|
try_exit:NOTHING;
|
|
} finally {
|
|
if (ReleaseResource) {
|
|
ExReleaseResource(&BrowserTraceLock);
|
|
ReleaseResource = FALSE;
|
|
}
|
|
if (ProcessAttached) {
|
|
KeUnstackDetachProcess( &ApcState );
|
|
ProcessAttached = FALSE;
|
|
}
|
|
}
|
|
} except(EXCEPTION_EXECUTE_HANDLER){
|
|
}
|
|
}
|
|
|
|
#endif
|
|
|
|
VOID
|
|
BowserInitializeTraceLog()
|
|
{
|
|
|
|
PAGED_CODE();
|
|
ExInitializeResource(&BrowserTraceLock);
|
|
|
|
}
|
|
|
|
NTSTATUS
|
|
BowserOpenTraceLogFile(
|
|
IN PWCHAR TraceFile
|
|
)
|
|
{
|
|
UNICODE_STRING TraceFileName;
|
|
OBJECT_ATTRIBUTES ObjA;
|
|
NTSTATUS Status;
|
|
IO_STATUS_BLOCK IoStatusBlock;
|
|
|
|
PAGED_CODE();
|
|
|
|
RtlInitUnicodeString(&TraceFileName, TraceFile);
|
|
|
|
InitializeObjectAttributes(&ObjA, &TraceFileName, OBJ_CASE_INSENSITIVE, NULL, NULL);
|
|
|
|
Status = IoCreateFile(&BrowserTraceLogHandle,
|
|
FILE_APPEND_DATA|SYNCHRONIZE,
|
|
&ObjA,
|
|
&IoStatusBlock,
|
|
NULL,
|
|
FILE_ATTRIBUTE_NORMAL,
|
|
FILE_SHARE_READ,
|
|
FILE_OPEN_IF,
|
|
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE | FILE_SEQUENTIAL_ONLY,
|
|
NULL,
|
|
0,
|
|
CreateFileTypeNone,
|
|
NULL,
|
|
IO_FORCE_ACCESS_CHECK | // Ensure the user has access to the file
|
|
IO_NO_PARAMETER_CHECKING | // All of the buffers are kernel buffers
|
|
IO_CHECK_CREATE_PARAMETERS // But double check parameter consistancy
|
|
);
|
|
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("Bowser: Error creating trace file %ws %lX\n", TraceFile, Status));
|
|
|
|
return Status;
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
VOID
|
|
BowserUninitializeTraceLog()
|
|
{
|
|
BOOLEAN ProcessAttached = FALSE;
|
|
KAPC_STATE ApcState;
|
|
|
|
PAGED_CODE();
|
|
|
|
ExDeleteResource(&BrowserTraceLock);
|
|
|
|
if (BrowserTraceLogHandle != NULL) {
|
|
if (IoGetCurrentProcess() != BowserFspProcess) {
|
|
KeStackAttachProcess(BowserFspProcess, &ApcState );
|
|
|
|
ProcessAttached = TRUE;
|
|
}
|
|
|
|
ZwClose(BrowserTraceLogHandle);
|
|
|
|
if (ProcessAttached) {
|
|
KeUnstackDetachProcess( &ApcState );
|
|
ProcessAttached = FALSE;
|
|
}
|
|
}
|
|
|
|
BrowserTraceLogHandle = NULL;
|
|
}
|
|
|
|
NTSTATUS
|
|
BowserDebugCall(
|
|
IN PLMDR_REQUEST_PACKET InputBuffer,
|
|
IN ULONG InputBufferLength
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
BOOLEAN ProcessAttached = FALSE;
|
|
KAPC_STATE ApcState;
|
|
|
|
|
|
PAGED_CODE();
|
|
|
|
if (IoGetCurrentProcess() != BowserFspProcess) {
|
|
KeStackAttachProcess(BowserFspProcess, &ApcState );
|
|
|
|
ProcessAttached = TRUE;
|
|
}
|
|
|
|
|
|
try {
|
|
if (InputBufferLength < sizeof(LMDR_REQUEST_PACKET)) {
|
|
try_return(Status=STATUS_BUFFER_TOO_SMALL);
|
|
}
|
|
|
|
if ( InputBuffer->Version != LMDR_REQUEST_PACKET_VERSION_DOM ) {
|
|
try_return(Status=STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
if (InputBuffer->Parameters.Debug.OpenLog && InputBuffer->Parameters.Debug.CloseLog) {
|
|
try_return(Status=STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
if (InputBuffer->Parameters.Debug.OpenLog) {
|
|
|
|
ENSURE_IN_INPUT_BUFFER_STR( InputBuffer->Parameters.Debug.TraceFileName);
|
|
|
|
Status = BowserOpenTraceLogFile(InputBuffer->Parameters.Debug.TraceFileName);
|
|
|
|
} else if (InputBuffer->Parameters.Debug.CloseLog) {
|
|
Status = ZwClose(BrowserTraceLogHandle);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
BrowserTraceLogHandle = NULL;
|
|
}
|
|
|
|
} else if (InputBuffer->Parameters.Debug.TruncateLog) {
|
|
FILE_END_OF_FILE_INFORMATION EndOfFileInformation;
|
|
IO_STATUS_BLOCK IoStatus;
|
|
|
|
if (BrowserTraceLogHandle == NULL) {
|
|
try_return(Status=STATUS_INVALID_HANDLE);
|
|
}
|
|
|
|
EndOfFileInformation.EndOfFile.HighPart = 0;
|
|
EndOfFileInformation.EndOfFile.LowPart = 0;
|
|
|
|
Status = NtSetInformationFile(BrowserTraceLogHandle,
|
|
&IoStatus,
|
|
&EndOfFileInformation,
|
|
sizeof(EndOfFileInformation),
|
|
FileEndOfFileInformation);
|
|
|
|
} else {
|
|
BowserDebugLogLevel = InputBuffer->Parameters.Debug.DebugTraceBits;
|
|
KdPrint(("Setting Browser Debug Trace Bits to %lx\n", BowserDebugLogLevel));
|
|
Status = STATUS_SUCCESS;
|
|
}
|
|
|
|
try_return(Status);
|
|
|
|
try_exit:NOTHING;
|
|
} finally {
|
|
|
|
if (ProcessAttached) {
|
|
KeUnstackDetachProcess( &ApcState );
|
|
ProcessAttached = FALSE;
|
|
}
|
|
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
#endif
|
|
|
|
BOOL
|
|
BowserValidUnicodeString(
|
|
IN PUNICODE_STRING Str
|
|
)
|
|
{
|
|
// lifted from ASSERT_WELL_FORMED_UNICODE_STRING_IN - ntos\rtl\ntrtlp.h
|
|
if ( !((Str)->Length&1) && (!((Str)->Buffer) || !(sizeof((Str)->Buffer)&1) ) ) {
|
|
//
|
|
// check for aligned buffer
|
|
if POINTER_IS_ALIGNED( (Str)->Buffer, ALIGN_WCHAR ) {
|
|
return TRUE;
|
|
}
|
|
}
|
|
return FALSE;
|
|
}
|
|
|