You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5947 lines
198 KiB
5947 lines
198 KiB
/*++
|
|
|
|
Copyright (c) 1989-2001 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
sysinfo.c
|
|
|
|
Abstract:
|
|
|
|
This module implements the NT set and query system information services.
|
|
|
|
Author:
|
|
|
|
Steve Wood (stevewo) 21-Aug-1989
|
|
|
|
Environment:
|
|
|
|
Kernel mode only.
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#include "exp.h"
|
|
#pragma hdrstop
|
|
|
|
#include "stdlib.h"
|
|
#include "string.h"
|
|
#include "vdmntos.h"
|
|
#include <nturtl.h>
|
|
#include "pool.h"
|
|
#include "stktrace.h"
|
|
#include "align.h"
|
|
|
|
#if defined(_WIN64)
|
|
#include <wow64t.h>
|
|
#endif
|
|
|
|
extern ULONG MmAvailablePages;
|
|
extern ULONG MmSystemCodePage;
|
|
extern ULONG MmSystemCachePage;
|
|
extern ULONG MmPagedPoolPage;
|
|
extern ULONG MmSystemDriverPage;
|
|
extern ULONG MmTotalSystemCodePages;
|
|
extern ULONG MmTotalSystemDriverPages;
|
|
extern ULONG MmStandbyRePurposed;
|
|
extern RTL_TIME_ZONE_INFORMATION ExpTimeZoneInformation;
|
|
|
|
//
|
|
// For SystemDpcBehaviorInformation
|
|
//
|
|
extern ULONG KiMaximumDpcQueueDepth;
|
|
extern ULONG KiMinimumDpcRate;
|
|
extern ULONG KiAdjustDpcThreshold;
|
|
extern ULONG KiIdealDpcRate;
|
|
|
|
extern LIST_ENTRY MmLoadedUserImageList;
|
|
|
|
extern MMSUPPORT MmSystemCacheWs;
|
|
extern PFN_NUMBER MmTransitionSharedPages;
|
|
extern PFN_NUMBER MmTransitionSharedPagesPeak;
|
|
|
|
#define ROUND_UP(VALUE,ROUND) ((ULONG)(((ULONG)VALUE + \
|
|
((ULONG)ROUND - 1L)) & (~((ULONG)ROUND - 1L))))
|
|
|
|
//
|
|
// For referencing a user-supplied event handle
|
|
//
|
|
extern POBJECT_TYPE ExEventObjectType;
|
|
|
|
//
|
|
// Watchdog Handler
|
|
//
|
|
|
|
PWD_HANDLER ExpWdHandler = NULL;
|
|
PVOID ExpWdHandlerContext = NULL;
|
|
|
|
|
|
//
|
|
// COM+ Package Install Status
|
|
//
|
|
|
|
const static UNICODE_STRING KeyName = RTL_CONSTANT_STRING (COMPLUS_PACKAGE_KEYPATH);
|
|
static UNICODE_STRING KeyValueName = RTL_CONSTANT_STRING (COMPLUS_PACKAGE_ENABLE64BIT);
|
|
|
|
|
|
|
|
NTSTATUS
|
|
ExpValidateLocale(
|
|
IN LCID LocaleId
|
|
);
|
|
|
|
BOOLEAN
|
|
ExpIsValidUILanguage(
|
|
IN WCHAR *pLangId
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpGetCurrentUserUILanguage(
|
|
IN WCHAR *ValueName,
|
|
OUT LANGID *CurrentUserUILanguageId,
|
|
IN BOOLEAN bCheckGP
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpSetCurrentUserUILanguage(
|
|
IN WCHAR *ValueName,
|
|
IN LANGID DefaultUILanguageId
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpGetUILanguagePolicy(
|
|
IN HANDLE CurrentUserKey,
|
|
OUT LANGID *PolicyUILanguageId
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpGetProcessInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length,
|
|
IN PULONG SessionId OPTIONAL,
|
|
IN BOOLEAN ExtendedInformation
|
|
);
|
|
|
|
NTSTATUS
|
|
ExGetSessionPoolTagInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length,
|
|
IN PULONG SessionId
|
|
);
|
|
|
|
VOID
|
|
ExpGetProcessorIdleInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
);
|
|
|
|
VOID
|
|
ExpGetProcessorPowerInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
);
|
|
|
|
VOID
|
|
ExpCopyProcessInfo (
|
|
IN PSYSTEM_PROCESS_INFORMATION ProcessInfo,
|
|
IN PEPROCESS Process,
|
|
IN BOOLEAN ExtendedInformation
|
|
);
|
|
|
|
VOID
|
|
ExpCopyThreadInfo (
|
|
IN PVOID ThreadInfoBuffer,
|
|
IN PETHREAD Thread,
|
|
IN BOOLEAN ExtendedInformation
|
|
);
|
|
|
|
#if i386
|
|
NTSTATUS
|
|
ExpGetStackTraceInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
);
|
|
#endif // i386
|
|
|
|
NTSTATUS
|
|
ExpGetLockInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpGetLookasideInformation (
|
|
OUT PVOID Buffer,
|
|
IN ULONG BufferLength,
|
|
OUT PULONG Length
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpGetHandleInformation(
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpGetHandleInformationEx(
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpGetObjectInformation(
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
ExpGetInstemulInformation(
|
|
OUT PSYSTEM_VDM_INSTEMUL_INFO Info
|
|
);
|
|
|
|
NTSTATUS
|
|
ExGetPoolTagInfo (
|
|
IN PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
IN OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
NTSTATUS
|
|
ExGetSessionPoolTagInfo (
|
|
IN PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
IN OUT PULONG ReturnedEntries,
|
|
IN OUT PULONG ActualEntries
|
|
);
|
|
|
|
NTSTATUS
|
|
ExGetBigPoolInfo (
|
|
IN PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
IN OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpQueryModuleInformation(
|
|
IN PLIST_ENTRY LoadOrderListHead,
|
|
IN PLIST_ENTRY UserModeLoadOrderListHead,
|
|
OUT PRTL_PROCESS_MODULES ModuleInformation,
|
|
IN ULONG ModuleInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpQueryLegacyDriverInformation(
|
|
IN PSYSTEM_LEGACY_DRIVER_INFORMATION LegacyInfo,
|
|
IN PULONG Length
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpQueryNumaProcessorMap(
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG ReturnedLength
|
|
);
|
|
|
|
NTSTATUS
|
|
ExpQueryNumaAvailableMemory(
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG ReturnedLength
|
|
);
|
|
|
|
#if defined(ALLOC_PRAGMA)
|
|
#pragma alloc_text(PAGE, NtQueryDefaultLocale)
|
|
#pragma alloc_text(PAGE, NtSetDefaultLocale)
|
|
#pragma alloc_text(PAGE, NtQueryInstallUILanguage)
|
|
#pragma alloc_text(PAGE, NtQueryDefaultUILanguage)
|
|
#pragma alloc_text(PAGE, ExpGetCurrentUserUILanguage)
|
|
#pragma alloc_text(PAGE, NtSetDefaultUILanguage)
|
|
#pragma alloc_text(PAGE, ExpSetCurrentUserUILanguage)
|
|
#pragma alloc_text(PAGE, ExpValidateLocale)
|
|
#pragma alloc_text(PAGE, ExpGetUILanguagePolicy)
|
|
#pragma alloc_text(PAGE, NtQuerySystemInformation)
|
|
#pragma alloc_text(PAGE, NtSetSystemInformation)
|
|
#pragma alloc_text(PAGE, ExpGetHandleInformation)
|
|
#pragma alloc_text(PAGE, ExpGetHandleInformationEx)
|
|
#pragma alloc_text(PAGE, ExpGetObjectInformation)
|
|
#pragma alloc_text(PAGE, ExpQueryModuleInformation)
|
|
#pragma alloc_text(PAGE, ExpCopyProcessInfo)
|
|
#pragma alloc_text(PAGE, ExpQueryLegacyDriverInformation)
|
|
#pragma alloc_text(PAGE, ExLockUserBuffer)
|
|
#pragma alloc_text(PAGE, ExpQueryNumaAvailableMemory)
|
|
#pragma alloc_text(PAGE, ExpQueryNumaProcessorMap)
|
|
#pragma alloc_text(PAGE, ExpReadComPlusPackage)
|
|
#pragma alloc_text(PAGE, ExpUpdateComPlusPackage)
|
|
#pragma alloc_text(PAGE, ExGetSessionPoolTagInformation)
|
|
#pragma alloc_text(PAGELK, ExpGetLockInformation)
|
|
#pragma alloc_text(PAGELK, ExpGetProcessorPowerInformation)
|
|
#pragma alloc_text(PAGELK, ExpGetProcessorIdleInformation)
|
|
#pragma alloc_text(PAGE, ExpIsValidUILanguage)
|
|
#endif
|
|
|
|
NTSTATUS
|
|
ExpReadComPlusPackage(
|
|
VOID
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function reads the status of the 64-bit COM+ package from the registry
|
|
and stick it inside the shared page.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS.
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS Status;
|
|
static OBJECT_ATTRIBUTES ObjectAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES (&KeyName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE);
|
|
CHAR KeyValueBuffer[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(ULONG)];
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
|
|
ULONG ResultLength;
|
|
HANDLE Key;
|
|
|
|
|
|
Status = ZwOpenKey (&Key,
|
|
GENERIC_READ,
|
|
&ObjectAttributes);
|
|
|
|
if (NT_SUCCESS (Status)) {
|
|
|
|
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
|
|
Status = ZwQueryValueKey (Key,
|
|
&KeyValueName,
|
|
KeyValuePartialInformation,
|
|
KeyValueInformation,
|
|
sizeof (KeyValueBuffer),
|
|
&ResultLength);
|
|
|
|
if (NT_SUCCESS (Status)) {
|
|
|
|
if ((KeyValueInformation->Type == REG_DWORD) &&
|
|
(KeyValueInformation->DataLength == sizeof(ULONG))) {
|
|
SharedUserData->ComPlusPackage = *(PULONG)KeyValueInformation->Data;
|
|
}
|
|
}
|
|
|
|
ZwClose (Key);
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
ExpUpdateComPlusPackage(
|
|
IN ULONG ComPlusPackageStatus
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function updates the COM+ runtime package status on the system.
|
|
The package status indicates whether the 64-bit or the 32-bit runtime
|
|
should be used when executing IL_ONLY COM+ images.
|
|
|
|
Arguments:
|
|
|
|
ComPlusPackageStatus - COM+ Runtime package status on the system
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS Status;
|
|
static OBJECT_ATTRIBUTES ObjectAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES (&KeyName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE | OBJ_FORCE_ACCESS_CHECK);
|
|
ULONG Disposition;
|
|
HANDLE Key;
|
|
|
|
|
|
Status = ZwOpenKey (&Key,
|
|
GENERIC_WRITE,
|
|
&ObjectAttributes
|
|
);
|
|
|
|
if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
|
|
{
|
|
Status = ZwCreateKey (&Key,
|
|
GENERIC_WRITE,
|
|
&ObjectAttributes,
|
|
0,
|
|
NULL,
|
|
REG_OPTION_NON_VOLATILE,
|
|
&Disposition
|
|
);
|
|
}
|
|
|
|
if (NT_SUCCESS (Status)) {
|
|
|
|
Status = ZwSetValueKey (Key,
|
|
&KeyValueName,
|
|
0,
|
|
REG_DWORD,
|
|
&ComPlusPackageStatus,
|
|
sizeof(ULONG));
|
|
ZwClose (Key);
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
NtQueryDefaultLocale (
|
|
IN BOOLEAN UserProfile,
|
|
OUT PLCID DefaultLocaleId
|
|
)
|
|
{
|
|
KPROCESSOR_MODE PreviousMode;
|
|
NTSTATUS Status;
|
|
|
|
PAGED_CODE();
|
|
|
|
Status = STATUS_SUCCESS;
|
|
try {
|
|
|
|
//
|
|
// Get previous processor mode and probe output argument if necessary.
|
|
//
|
|
|
|
PreviousMode = KeGetPreviousMode();
|
|
if (PreviousMode != KernelMode) {
|
|
ProbeForWriteUlong ((PULONG)DefaultLocaleId);
|
|
}
|
|
|
|
if (UserProfile) {
|
|
*DefaultLocaleId = MmGetSessionLocaleId ();
|
|
}
|
|
else {
|
|
*DefaultLocaleId = PsDefaultSystemLocaleId;
|
|
}
|
|
}
|
|
except (EXCEPTION_EXECUTE_HANDLER) {
|
|
Status = GetExceptionCode();
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
NtSetDefaultLocale (
|
|
IN BOOLEAN UserProfile,
|
|
IN LCID DefaultLocaleId
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
UNICODE_STRING KeyPath, KeyValueName;
|
|
HANDLE CurrentUserKey, Key;
|
|
WCHAR KeyValueBuffer[ 128 ];
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
|
|
ULONG ResultLength;
|
|
PWSTR s;
|
|
ULONG n, i, Digit;
|
|
WCHAR c;
|
|
ULONG Flags;
|
|
|
|
PAGED_CODE();
|
|
|
|
if (DefaultLocaleId & 0xFFFF0000) {
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
|
|
if (UserProfile) {
|
|
Status = RtlOpenCurrentUser( KEY_ENUMERATE_SUB_KEYS, &CurrentUserKey );
|
|
if (!NT_SUCCESS( Status )) {
|
|
return Status;
|
|
}
|
|
|
|
RtlInitUnicodeString( &KeyValueName, L"Locale" );
|
|
RtlInitUnicodeString( &KeyPath, L"Control Panel\\International" );
|
|
Flags = OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE | OBJ_FORCE_ACCESS_CHECK;
|
|
}
|
|
else {
|
|
RtlInitUnicodeString( &KeyValueName, L"Default" );
|
|
RtlInitUnicodeString( &KeyPath, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Language" );
|
|
CurrentUserKey = NULL;
|
|
Flags = OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE;
|
|
}
|
|
|
|
InitializeObjectAttributes (&ObjectAttributes,
|
|
&KeyPath,
|
|
Flags,
|
|
CurrentUserKey,
|
|
NULL);
|
|
|
|
if (DefaultLocaleId == 0) {
|
|
|
|
Status = ZwOpenKey (&Key, GENERIC_READ, &ObjectAttributes);
|
|
|
|
if (NT_SUCCESS( Status )) {
|
|
Status = ZwQueryValueKey( Key,
|
|
&KeyValueName,
|
|
KeyValuePartialInformation,
|
|
KeyValueInformation,
|
|
sizeof( KeyValueBuffer ),
|
|
&ResultLength
|
|
);
|
|
if (NT_SUCCESS( Status )) {
|
|
if (KeyValueInformation->Type == REG_SZ) {
|
|
s = (PWSTR)KeyValueInformation->Data;
|
|
for (i=0; i<KeyValueInformation->DataLength; i += sizeof( WCHAR )) {
|
|
c = *s++;
|
|
if (c >= L'0' && c <= L'9') {
|
|
Digit = c - L'0';
|
|
}
|
|
else if (c >= L'A' && c <= L'F') {
|
|
Digit = c - L'A' + 10;
|
|
}
|
|
else if (c >= L'a' && c <= L'f') {
|
|
Digit = c - L'a' + 10;
|
|
}
|
|
else {
|
|
break;
|
|
}
|
|
|
|
if (Digit >= 16) {
|
|
break;
|
|
}
|
|
|
|
DefaultLocaleId = (DefaultLocaleId << 4) | Digit;
|
|
}
|
|
}
|
|
else {
|
|
if (KeyValueInformation->Type == REG_DWORD &&
|
|
KeyValueInformation->DataLength == sizeof( ULONG )) {
|
|
|
|
DefaultLocaleId = *(PLCID)KeyValueInformation->Data;
|
|
}
|
|
else {
|
|
Status = STATUS_UNSUCCESSFUL;
|
|
}
|
|
}
|
|
}
|
|
|
|
ZwClose( Key );
|
|
}
|
|
}
|
|
else {
|
|
|
|
Status = ExpValidateLocale( DefaultLocaleId );
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
|
|
Status = ZwOpenKey( &Key,
|
|
GENERIC_WRITE,
|
|
&ObjectAttributes
|
|
);
|
|
|
|
if (NT_SUCCESS( Status )) {
|
|
if (UserProfile) {
|
|
n = 8;
|
|
}
|
|
else {
|
|
n = 4;
|
|
}
|
|
|
|
s = &KeyValueBuffer[ n ];
|
|
*s-- = UNICODE_NULL;
|
|
i = (ULONG)DefaultLocaleId;
|
|
|
|
while (s >= KeyValueBuffer) {
|
|
Digit = i & 0x0000000F;
|
|
if (Digit <= 9) {
|
|
*s-- = (WCHAR)(Digit + L'0');
|
|
}
|
|
else {
|
|
*s-- = (WCHAR)((Digit - 10) + L'A');
|
|
}
|
|
|
|
i = i >> 4;
|
|
}
|
|
|
|
Status = ZwSetValueKey( Key,
|
|
&KeyValueName,
|
|
0,
|
|
REG_SZ,
|
|
KeyValueBuffer,
|
|
(n+1) * sizeof( WCHAR )
|
|
);
|
|
ZwClose( Key );
|
|
}
|
|
}
|
|
}
|
|
|
|
ZwClose( CurrentUserKey );
|
|
|
|
if (NT_SUCCESS( Status )) {
|
|
if (UserProfile) {
|
|
MmSetSessionLocaleId (DefaultLocaleId);
|
|
}
|
|
else {
|
|
PsDefaultSystemLocaleId = DefaultLocaleId;
|
|
}
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
NtQueryInstallUILanguage(
|
|
OUT LANGID *InstallUILanguageId
|
|
)
|
|
{
|
|
KPROCESSOR_MODE PreviousMode;
|
|
NTSTATUS Status;
|
|
|
|
PAGED_CODE();
|
|
|
|
Status = STATUS_SUCCESS;
|
|
try {
|
|
|
|
//
|
|
// Get previous processor mode and probe output argument if necessary.
|
|
//
|
|
|
|
PreviousMode = KeGetPreviousMode();
|
|
if (PreviousMode != KernelMode) {
|
|
ProbeForWriteUshort( (USHORT *)InstallUILanguageId );
|
|
}
|
|
|
|
*InstallUILanguageId = PsInstallUILanguageId;
|
|
}
|
|
except (EXCEPTION_EXECUTE_HANDLER) {
|
|
Status = GetExceptionCode();
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
NtQueryDefaultUILanguage(
|
|
OUT LANGID *DefaultUILanguageId
|
|
)
|
|
{
|
|
KPROCESSOR_MODE PreviousMode;
|
|
NTSTATUS Status;
|
|
|
|
PAGED_CODE();
|
|
|
|
Status = STATUS_SUCCESS;
|
|
try {
|
|
|
|
//
|
|
// Get previous processor mode and probe output argument if necessary.
|
|
//
|
|
|
|
PreviousMode = KeGetPreviousMode();
|
|
if (PreviousMode != KernelMode) {
|
|
ProbeForWriteUshort( (USHORT *)DefaultUILanguageId );
|
|
}
|
|
|
|
//
|
|
// Read the UI language from the current security context.
|
|
//
|
|
if (!NT_SUCCESS(ExpGetCurrentUserUILanguage( L"MultiUILanguageId",
|
|
DefaultUILanguageId,
|
|
TRUE))) {
|
|
*DefaultUILanguageId = PsInstallUILanguageId;
|
|
}
|
|
}
|
|
except (EXCEPTION_EXECUTE_HANDLER) {
|
|
Status = GetExceptionCode();
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS
|
|
ExpGetUILanguagePolicy(
|
|
IN HANDLE CurrentUserKey,
|
|
OUT LANGID *PolicyUILanguageId
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
UNICODE_STRING KeyPath, KeyValueName;
|
|
HANDLE Key;
|
|
WCHAR KeyValueBuffer[ 128 ];
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
|
|
ULONG ResultLength;
|
|
ULONG Language;
|
|
|
|
PAGED_CODE();
|
|
|
|
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
|
|
RtlInitUnicodeString( &KeyValueName, L"MultiUILanguageId" );
|
|
RtlInitUnicodeString( &KeyPath, L"Software\\Policies\\Microsoft\\Control Panel\\Desktop" );
|
|
|
|
InitializeObjectAttributes( &ObjectAttributes,
|
|
&KeyPath,
|
|
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE),
|
|
CurrentUserKey,
|
|
NULL
|
|
);
|
|
|
|
//
|
|
// Check if there is a Policy key
|
|
//
|
|
Status = ZwOpenKey( &Key,
|
|
GENERIC_READ,
|
|
&ObjectAttributes
|
|
);
|
|
|
|
if (NT_SUCCESS( Status )) {
|
|
|
|
Status = ZwQueryValueKey( Key,
|
|
&KeyValueName,
|
|
KeyValuePartialInformation,
|
|
KeyValueInformation,
|
|
sizeof( KeyValueBuffer ),
|
|
&ResultLength
|
|
);
|
|
|
|
if (NT_SUCCESS( Status )) {
|
|
if ((KeyValueInformation->DataLength > 2) &&
|
|
(KeyValueInformation->Type == REG_SZ) &&
|
|
ExpIsValidUILanguage((PWSTR) KeyValueInformation->Data)) {
|
|
|
|
RtlInitUnicodeString( &KeyValueName, (PWSTR) KeyValueInformation->Data );
|
|
Status = RtlUnicodeStringToInteger( &KeyValueName,
|
|
(ULONG)16,
|
|
&Language
|
|
);
|
|
//
|
|
// Final check to make sure this is an MUI system
|
|
//
|
|
if (NT_SUCCESS( Status )) {
|
|
*PolicyUILanguageId = (LANGID)Language;
|
|
}
|
|
}
|
|
else {
|
|
Status = STATUS_UNSUCCESSFUL;
|
|
}
|
|
}
|
|
ZwClose( Key );
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS
|
|
ExpSetCurrentUserUILanguage(
|
|
IN WCHAR *ValueName,
|
|
IN LANGID CurrentUserUILanguage
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
UNICODE_STRING KeyPath, KeyValueName;
|
|
HANDLE CurrentUserKey, Key;
|
|
WCHAR KeyValueBuffer[ 128 ];
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
|
|
PWSTR s;
|
|
ULONG i, Digit;
|
|
|
|
PAGED_CODE();
|
|
|
|
if (CurrentUserUILanguage & 0xFFFF0000) {
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
|
|
Status = RtlOpenCurrentUser( KEY_ENUMERATE_SUB_KEYS, &CurrentUserKey );
|
|
if (!NT_SUCCESS( Status )) {
|
|
return Status;
|
|
}
|
|
|
|
RtlInitUnicodeString( &KeyValueName, ValueName );
|
|
RtlInitUnicodeString( &KeyPath, L"Control Panel\\Desktop" );
|
|
InitializeObjectAttributes( &ObjectAttributes,
|
|
&KeyPath,
|
|
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE | OBJ_FORCE_ACCESS_CHECK),
|
|
CurrentUserKey,
|
|
NULL
|
|
);
|
|
|
|
|
|
Status = ExpValidateLocale( MAKELCID( CurrentUserUILanguage, SORT_DEFAULT ) );
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
|
|
Status = ZwOpenKey( &Key,
|
|
GENERIC_WRITE,
|
|
&ObjectAttributes
|
|
);
|
|
if (NT_SUCCESS( Status )) {
|
|
|
|
s = &KeyValueBuffer[ 8 ];
|
|
*s-- = UNICODE_NULL;
|
|
i = (ULONG)CurrentUserUILanguage;
|
|
|
|
while (s >= KeyValueBuffer) {
|
|
Digit = i & 0x0000000F;
|
|
if (Digit <= 9) {
|
|
*s-- = (WCHAR)(Digit + L'0');
|
|
}
|
|
else {
|
|
*s-- = (WCHAR)((Digit - 10) + L'A');
|
|
}
|
|
|
|
i = i >> 4;
|
|
}
|
|
|
|
Status = ZwSetValueKey( Key,
|
|
&KeyValueName,
|
|
0,
|
|
REG_SZ,
|
|
KeyValueBuffer,
|
|
9 * sizeof( WCHAR )
|
|
);
|
|
ZwClose( Key );
|
|
}
|
|
}
|
|
|
|
ZwClose( CurrentUserKey );
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
ExpGetCurrentUserUILanguage(
|
|
IN WCHAR *ValueName,
|
|
OUT LANGID *CurrentUserUILanguageId,
|
|
IN BOOLEAN bCheckGP
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
UNICODE_STRING KeyPath, KeyValueName, UILanguage;
|
|
HANDLE CurrentUserKey, Key;
|
|
WCHAR KeyValueBuffer[ 128 ];
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
|
|
ULONG ResultLength;
|
|
ULONG Digit;
|
|
|
|
PAGED_CODE();
|
|
|
|
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
|
|
Status = RtlOpenCurrentUser( KEY_ENUMERATE_SUB_KEYS, &CurrentUserKey );
|
|
if (!NT_SUCCESS( Status )) {
|
|
return Status;
|
|
}
|
|
RtlInitUnicodeString( &KeyValueName, ValueName );
|
|
RtlInitUnicodeString( &KeyPath, L"Control Panel\\Desktop" );
|
|
InitializeObjectAttributes( &ObjectAttributes,
|
|
&KeyPath,
|
|
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE | OBJ_FORCE_ACCESS_CHECK),
|
|
CurrentUserKey,
|
|
NULL
|
|
);
|
|
|
|
//
|
|
// Let's check if there is a policy installed for the UI language,
|
|
// and if so, let's use it.
|
|
//
|
|
if (!bCheckGP || !NT_SUCCESS( ExpGetUILanguagePolicy( CurrentUserKey, CurrentUserUILanguageId ))) {
|
|
Status = ZwOpenKey( &Key,
|
|
GENERIC_READ,
|
|
&ObjectAttributes
|
|
);
|
|
if (NT_SUCCESS( Status )) {
|
|
Status = ZwQueryValueKey( Key,
|
|
&KeyValueName,
|
|
KeyValuePartialInformation,
|
|
KeyValueInformation,
|
|
sizeof( KeyValueBuffer ),
|
|
&ResultLength
|
|
);
|
|
if (NT_SUCCESS( Status )) {
|
|
|
|
if (KeyValueInformation->Type == REG_SZ &&
|
|
ExpIsValidUILanguage((PWSTR) KeyValueInformation->Data)) {
|
|
|
|
RtlInitUnicodeString( &UILanguage, (PWSTR) KeyValueInformation->Data);
|
|
Status = RtlUnicodeStringToInteger( &UILanguage,
|
|
(ULONG) 16,
|
|
&Digit
|
|
);
|
|
if (NT_SUCCESS( Status )) {
|
|
*CurrentUserUILanguageId = (LANGID) Digit;
|
|
}
|
|
}
|
|
else {
|
|
Status = STATUS_UNSUCCESSFUL;
|
|
}
|
|
}
|
|
ZwClose( Key );
|
|
}
|
|
}
|
|
|
|
ZwClose( CurrentUserKey );
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
NtSetDefaultUILanguage(
|
|
IN LANGID DefaultUILanguageId
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
LANGID LangId;
|
|
|
|
//
|
|
// if this is called during user logon, then we need to update the user's registry.
|
|
//
|
|
if (DefaultUILanguageId == 0) {
|
|
Status = ExpGetCurrentUserUILanguage( L"MUILanguagePending" ,
|
|
&LangId,
|
|
FALSE
|
|
);
|
|
if (NT_SUCCESS( Status )) {
|
|
Status = ExpSetCurrentUserUILanguage( L"MultiUILanguageId" ,
|
|
LangId
|
|
);
|
|
}
|
|
return Status;
|
|
}
|
|
|
|
return ExpSetCurrentUserUILanguage( L"MUILanguagePending", DefaultUILanguageId );
|
|
}
|
|
|
|
NTSTATUS
|
|
ExpValidateLocale(
|
|
IN LCID LocaleId
|
|
)
|
|
{
|
|
NTSTATUS Status = STATUS_INVALID_PARAMETER, ReturnStatus;
|
|
UNICODE_STRING LocaleName, KeyValueName;
|
|
UNICODE_STRING NlsLocaleKeyPath, NlsSortKeyPath, NlsLangGroupKeyPath;
|
|
WCHAR LocaleNameBuffer[ 32 ];
|
|
WCHAR KeyValueNameBuffer[ 32 ];
|
|
WCHAR KeyValueBuffer[ 128 ];
|
|
WCHAR *Ptr;
|
|
HANDLE LocaleKey, SortKey, LangGroupKey;
|
|
OBJECT_ATTRIBUTES NlsLocaleObjA, NlsSortObjA, NlsLangGroupObjA;
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
|
|
ULONG i, ResultLength;
|
|
|
|
|
|
//
|
|
// Convert the LCID to the form %08x (e.g. 00000409)
|
|
//
|
|
LocaleName.Length = sizeof( LocaleNameBuffer ) / sizeof( WCHAR );
|
|
LocaleName.MaximumLength = LocaleName.Length;
|
|
LocaleName.Buffer = LocaleNameBuffer;
|
|
|
|
//
|
|
// Convert LCID to a string
|
|
//
|
|
ReturnStatus = RtlIntegerToUnicodeString( LocaleId, 16, &LocaleName );
|
|
if (!NT_SUCCESS(ReturnStatus))
|
|
goto Failed1;
|
|
|
|
Ptr = KeyValueNameBuffer;
|
|
for (i = ((LocaleName.Length)/sizeof(WCHAR));
|
|
i < 8;
|
|
i++, Ptr++) {
|
|
*Ptr = L'0';
|
|
}
|
|
*Ptr = UNICODE_NULL;
|
|
|
|
RtlInitUnicodeString(&KeyValueName, KeyValueNameBuffer);
|
|
KeyValueName.MaximumLength = sizeof( KeyValueNameBuffer ) / sizeof( WCHAR );
|
|
RtlAppendUnicodeToString(&KeyValueName, LocaleName.Buffer);
|
|
|
|
|
|
//
|
|
// Open Registry Keys : Locale, Sort and LanguageGroup
|
|
//
|
|
RtlInitUnicodeString(&NlsLocaleKeyPath,
|
|
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Locale");
|
|
|
|
InitializeObjectAttributes( &NlsLocaleObjA,
|
|
&NlsLocaleKeyPath,
|
|
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE),
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
ReturnStatus = ZwOpenKey( &LocaleKey,
|
|
GENERIC_READ,
|
|
&NlsLocaleObjA
|
|
);
|
|
if (!NT_SUCCESS(ReturnStatus))
|
|
goto Failed1;
|
|
|
|
RtlInitUnicodeString(&NlsSortKeyPath,
|
|
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Locale\\Alternate Sorts");
|
|
|
|
InitializeObjectAttributes( &NlsSortObjA,
|
|
&NlsSortKeyPath,
|
|
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE),
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
ReturnStatus = ZwOpenKey( &SortKey,
|
|
GENERIC_READ,
|
|
&NlsSortObjA
|
|
);
|
|
if (!NT_SUCCESS(ReturnStatus))
|
|
goto Failed2;
|
|
|
|
RtlInitUnicodeString(&NlsLangGroupKeyPath,
|
|
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Language Groups");
|
|
|
|
InitializeObjectAttributes( &NlsLangGroupObjA,
|
|
&NlsLangGroupKeyPath,
|
|
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE),
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
|
|
ReturnStatus = ZwOpenKey( &LangGroupKey,
|
|
GENERIC_READ,
|
|
&NlsLangGroupObjA
|
|
);
|
|
if (!NT_SUCCESS(ReturnStatus))
|
|
goto Failed3;
|
|
|
|
//
|
|
// Validate Locale : Lookup the Locale's Language group, and make sure it is there.
|
|
//
|
|
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION) KeyValueBuffer;
|
|
ReturnStatus = ZwQueryValueKey( LocaleKey,
|
|
&KeyValueName,
|
|
KeyValuePartialInformation,
|
|
KeyValueInformation,
|
|
sizeof( KeyValueBuffer ),
|
|
&ResultLength
|
|
);
|
|
|
|
if (!NT_SUCCESS(ReturnStatus)) {
|
|
ReturnStatus = ZwQueryValueKey( SortKey,
|
|
&KeyValueName,
|
|
KeyValuePartialInformation,
|
|
KeyValueInformation,
|
|
sizeof( KeyValueBuffer ),
|
|
&ResultLength
|
|
);
|
|
}
|
|
|
|
if ((NT_SUCCESS(ReturnStatus)) &&
|
|
(KeyValueInformation->DataLength > 2)
|
|
) {
|
|
|
|
RtlInitUnicodeString( &KeyValueName, (PWSTR) KeyValueInformation->Data );
|
|
|
|
ReturnStatus = ZwQueryValueKey( LangGroupKey,
|
|
&KeyValueName,
|
|
KeyValuePartialInformation,
|
|
KeyValueInformation,
|
|
sizeof( KeyValueBuffer ),
|
|
&ResultLength
|
|
);
|
|
if ((NT_SUCCESS(ReturnStatus)) &&
|
|
(KeyValueInformation->Type == REG_SZ) &&
|
|
(KeyValueInformation->DataLength > 2)
|
|
) {
|
|
Ptr = (PWSTR) KeyValueInformation->Data;
|
|
if (Ptr[0] == L'1' && Ptr[1] == UNICODE_NULL) {
|
|
Status = STATUS_SUCCESS;
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Close opened keys
|
|
//
|
|
|
|
ZwClose( LangGroupKey );
|
|
|
|
Failed3:
|
|
ZwClose( SortKey );
|
|
|
|
Failed2:
|
|
ZwClose( LocaleKey );
|
|
|
|
Failed1:
|
|
|
|
//
|
|
// If an error happens, let's record it.
|
|
//
|
|
if (!NT_SUCCESS(ReturnStatus)) {
|
|
Status = ReturnStatus;
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExpQueryNumaProcessorMap(
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG ReturnedLength
|
|
)
|
|
{
|
|
PSYSTEM_NUMA_INFORMATION Map;
|
|
ULONG Length;
|
|
ULONG ReturnCount;
|
|
#if !defined(NT_UP)
|
|
ULONG i;
|
|
#endif
|
|
|
|
Map = (PSYSTEM_NUMA_INFORMATION)SystemInformation;
|
|
|
|
//
|
|
// Must be able to return at least the number of nodes.
|
|
//
|
|
|
|
if (SystemInformationLength < sizeof(Map->HighestNodeNumber)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Map->HighestNodeNumber = KeNumberNodes - 1;
|
|
|
|
//
|
|
// Return as many node masks as possible in the SystemInformation
|
|
// buffer.
|
|
//
|
|
|
|
Length = FIELD_OFFSET(SYSTEM_NUMA_INFORMATION,
|
|
ActiveProcessorsAffinityMask);
|
|
|
|
ReturnCount = (SystemInformationLength - Length) /
|
|
sizeof(Map->ActiveProcessorsAffinityMask[0]);
|
|
|
|
if (ReturnCount > KeNumberNodes) {
|
|
ReturnCount = KeNumberNodes;
|
|
}
|
|
|
|
if ((Length > SystemInformationLength) ||
|
|
(ReturnCount == 0)) {
|
|
*ReturnedLength = sizeof(Map->HighestNodeNumber);
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
*ReturnedLength = FIELD_OFFSET(SYSTEM_NUMA_INFORMATION,
|
|
ActiveProcessorsAffinityMask[ReturnCount]);
|
|
|
|
#if !defined(NT_UP)
|
|
|
|
for (i = 0; i < ReturnCount; i++) {
|
|
Map->ActiveProcessorsAffinityMask[i] = KeNodeBlock[i]->ProcessorMask;
|
|
}
|
|
|
|
#else
|
|
|
|
if (ReturnCount) {
|
|
Map->ActiveProcessorsAffinityMask[0] = 1;
|
|
}
|
|
|
|
#endif
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExpQueryNumaAvailableMemory(
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG ReturnedLength
|
|
)
|
|
{
|
|
PSYSTEM_NUMA_INFORMATION Map;
|
|
ULONG Length;
|
|
ULONG ReturnCount;
|
|
|
|
Map = (PSYSTEM_NUMA_INFORMATION)SystemInformation;
|
|
|
|
//
|
|
// Must be able to return at least the number of nodes.
|
|
//
|
|
|
|
if (SystemInformationLength < sizeof(Map->HighestNodeNumber)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Map->HighestNodeNumber = KeNumberNodes - 1;
|
|
|
|
//
|
|
// Return as many node masks as possible in the SystemInformation
|
|
// buffer.
|
|
//
|
|
|
|
Length = FIELD_OFFSET(SYSTEM_NUMA_INFORMATION,
|
|
AvailableMemory);
|
|
|
|
ReturnCount = (SystemInformationLength - Length) /
|
|
sizeof(Map->AvailableMemory[0]);
|
|
|
|
if (ReturnCount > KeNumberNodes) {
|
|
ReturnCount = KeNumberNodes;
|
|
}
|
|
|
|
if ((Length > SystemInformationLength) ||
|
|
(ReturnCount == 0)) {
|
|
*ReturnedLength = sizeof(Map->HighestNodeNumber);
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
*ReturnedLength = FIELD_OFFSET(SYSTEM_NUMA_INFORMATION,
|
|
AvailableMemory[ReturnCount]);
|
|
|
|
//
|
|
// Return the aproximate number of free bytes at this time.
|
|
// (It's aproximate because no lock is taken and with respect
|
|
// to any user mode application its only a sample.
|
|
//
|
|
|
|
#if !defined(NT_UP)
|
|
|
|
if (KeNumberNodes > 1) {
|
|
|
|
ULONG i;
|
|
|
|
for (i = 0; i < ReturnCount; i++) {
|
|
Map->AvailableMemory[i] =
|
|
((ULONGLONG)KeNodeBlock[i]->FreeCount[ZeroedPageList] +
|
|
(ULONGLONG)KeNodeBlock[i]->FreeCount[FreePageList])
|
|
<< PAGE_SHIFT;
|
|
}
|
|
} else
|
|
|
|
#endif
|
|
|
|
if (ReturnCount) {
|
|
Map->AvailableMemory[0] = ((ULONGLONG)MmAvailablePages) << PAGE_SHIFT;
|
|
}
|
|
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExpGetSystemBasicInformation (
|
|
OUT PSYSTEM_BASIC_INFORMATION BasicInfo
|
|
)
|
|
{
|
|
NTSTATUS NtStatus = STATUS_SUCCESS;
|
|
|
|
try {
|
|
|
|
BasicInfo->NumberOfProcessors = KeNumberProcessors;
|
|
BasicInfo->ActiveProcessorsAffinityMask = (ULONG_PTR)KeActiveProcessors;
|
|
BasicInfo->Reserved = 0;
|
|
BasicInfo->TimerResolution = KeMaximumIncrement;
|
|
BasicInfo->NumberOfPhysicalPages = MmNumberOfPhysicalPages;
|
|
BasicInfo->LowestPhysicalPageNumber = (SYSINF_PAGE_COUNT)MmLowestPhysicalPage;
|
|
BasicInfo->HighestPhysicalPageNumber = (SYSINF_PAGE_COUNT)MmHighestPhysicalPage;
|
|
BasicInfo->PageSize = PAGE_SIZE;
|
|
BasicInfo->AllocationGranularity = MM_ALLOCATION_GRANULARITY;
|
|
BasicInfo->MinimumUserModeAddress = (ULONG_PTR)MM_LOWEST_USER_ADDRESS;
|
|
BasicInfo->MaximumUserModeAddress = (ULONG_PTR)MM_HIGHEST_USER_ADDRESS;
|
|
}
|
|
except (EXCEPTION_EXECUTE_HANDLER) {
|
|
NtStatus = GetExceptionCode();
|
|
}
|
|
|
|
return NtStatus;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExpGetSystemProcessorInformation (
|
|
OUT PSYSTEM_PROCESSOR_INFORMATION ProcessorInformation
|
|
)
|
|
{
|
|
NTSTATUS NtStatus = STATUS_SUCCESS;
|
|
|
|
try {
|
|
|
|
ProcessorInformation->ProcessorArchitecture = KeProcessorArchitecture;
|
|
ProcessorInformation->ProcessorLevel = KeProcessorLevel;
|
|
ProcessorInformation->ProcessorRevision = KeProcessorRevision;
|
|
ProcessorInformation->Reserved = 0;
|
|
ProcessorInformation->ProcessorFeatureBits = KeFeatureBits;
|
|
}
|
|
except (EXCEPTION_EXECUTE_HANDLER) {
|
|
NtStatus = GetExceptionCode();
|
|
}
|
|
|
|
return NtStatus;
|
|
}
|
|
#if defined(_WIN64)
|
|
|
|
NTSTATUS
|
|
ExpGetSystemEmulationBasicInformation (
|
|
OUT PSYSTEM_BASIC_INFORMATION BasicInfo
|
|
)
|
|
{
|
|
NTSTATUS NtStatus = STATUS_SUCCESS;
|
|
|
|
try {
|
|
|
|
BasicInfo->NumberOfProcessors = min(32, KeNumberProcessors);
|
|
BasicInfo->ActiveProcessorsAffinityMask = (ULONG_PTR)
|
|
((KeActiveProcessors & 0xFFFFFFFF) | ((KeActiveProcessors & (0xFFFFFFFF << 32) ) >> 32));
|
|
BasicInfo->Reserved = 0;
|
|
BasicInfo->TimerResolution = KeMaximumIncrement;
|
|
BasicInfo->NumberOfPhysicalPages = (MmNumberOfPhysicalPages * (PAGE_SIZE >> PAGE_SHIFT_X86NT));
|
|
BasicInfo->LowestPhysicalPageNumber = (SYSINF_PAGE_COUNT)MmLowestPhysicalPage;
|
|
BasicInfo->HighestPhysicalPageNumber = (SYSINF_PAGE_COUNT)MmHighestPhysicalPage;
|
|
BasicInfo->PageSize = PAGE_SIZE_X86NT;
|
|
BasicInfo->AllocationGranularity = MM_ALLOCATION_GRANULARITY;
|
|
BasicInfo->MinimumUserModeAddress = 0x00000000000010000UI64;
|
|
|
|
//
|
|
// NOTE: MmGetMaxWowAddress return the highest usermode address boundary,
|
|
// thus we are subtracting one to get the maximum accessible usermode address
|
|
//
|
|
|
|
BasicInfo->MaximumUserModeAddress = ((ULONG_PTR)MmGetMaxWowAddress () - 1);
|
|
}
|
|
except (EXCEPTION_EXECUTE_HANDLER) {
|
|
NtStatus = GetExceptionCode();
|
|
}
|
|
|
|
return NtStatus;
|
|
}
|
|
#endif
|
|
|
|
NTSTATUS
|
|
NtQuerySystemInformation (
|
|
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function queries information about the system.
|
|
|
|
Arguments:
|
|
|
|
SystemInformationClass - The system information class about which
|
|
to retrieve information.
|
|
|
|
SystemInformation - A pointer to a buffer which receives the specified
|
|
information. The format and content of the buffer depend on the
|
|
specified system information class.
|
|
|
|
SystemInformation Format by Information Class:
|
|
|
|
SystemBasicInformation - Data type is SYSTEM_BASIC_INFORMATION
|
|
|
|
SYSTEM_BASIC_INFORMATION Structure
|
|
|
|
ULONG Reserved - Always zero.
|
|
|
|
ULONG TimerResolutionInMicroSeconds - The resolution of
|
|
the hardware time. All time values in NT are
|
|
specified as 64-bit LARGE_INTEGER values in units of
|
|
100 nanoseconds. This field allows an application to
|
|
understand how many of the low order bits of a system
|
|
time value are insignificant.
|
|
|
|
ULONG PageSize - The physical page size for virtual memory
|
|
objects. Physical memory is committed in PageSize
|
|
chunks.
|
|
|
|
ULONG AllocationGranularity - The logical page size for
|
|
virtual memory objects. Allocating 1 byte of virtual
|
|
memory will actually allocate AllocationGranularity
|
|
bytes of virtual memory. Storing into that byte will
|
|
commit the first physical page of the virtual memory.
|
|
|
|
ULONG MinimumUserModeAddress - The smallest valid user mode
|
|
address. The first AllocationGranularity bytes of
|
|
the virtual address space are reserved. This forces
|
|
access violations for code the dereferences a zero
|
|
pointer.
|
|
|
|
ULONG MaximumUserModeAddress - The largest valid user mode
|
|
address. The next AllocationGranularity bytes of
|
|
the virtual address space are reserved. This allows
|
|
system service routines to validate user mode pointer
|
|
parameters quickly.
|
|
|
|
KAFFINITY ActiveProcessorsAffinityMask - The affinity mask
|
|
for the current hardware configuration.
|
|
|
|
CCHAR NumberOfProcessors - The number of processors
|
|
in the current hardware configuration.
|
|
|
|
SystemProcessorInformation - Data type is SYSTEM_PROCESSOR_INFORMATION
|
|
|
|
SYSTEM_PROCESSOR_INFORMATION Structure
|
|
|
|
USHORT ProcessorArchitecture - The processor architecture:
|
|
PROCESSOR_ARCHITECTURE_INTEL
|
|
PROCESSOR_ARCHITECTURE_IA64
|
|
PROCESSOR_ARCHITECTURE_MIPS
|
|
PROCESSOR_ARCHITECTURE_ALPHA
|
|
PROCESSOR_ARCHITECTURE_PPC
|
|
|
|
USHORT ProcessorLevel - architecture dependent processor level.
|
|
This is the least common denominator for an MP system:
|
|
|
|
For PROCESSOR_ARCHITECTURE_INTEL:
|
|
3 - 386
|
|
4 - 486
|
|
5 - 586 or Pentium
|
|
|
|
For PROCESSOR_ARCHITECTURE_IA64:
|
|
7 - Itanium
|
|
31 - Itanium 2
|
|
|
|
For PROCESSOR_ARCHITECTURE_MIPS:
|
|
00xx - where xx is 8-bit implementation number (bits 8-15 of
|
|
PRId register.
|
|
0004 - R4000
|
|
|
|
For PROCESSOR_ARCHITECTURE_ALPHA:
|
|
xxxx - where xxxx is 16-bit processor version number (low
|
|
order 16 bits of processor version number from firmware)
|
|
|
|
21064 - 21064
|
|
21066 - 21066
|
|
21164 - 21164
|
|
|
|
For PROCESSOR_ARCHITECTURE_PPC:
|
|
xxxx - where xxxx is 16-bit processor version number (high
|
|
order 16 bits of Processor Version Register).
|
|
1 - 601
|
|
3 - 603
|
|
4 - 604
|
|
6 - 603+
|
|
9 - 604+
|
|
20 - 620
|
|
|
|
USHORT ProcessorRevision - architecture dependent processor revision.
|
|
This is the least common denominator for an MP system:
|
|
|
|
For PROCESSOR_ARCHITECTURE_INTEL:
|
|
For Old Intel 386 or 486:
|
|
FFxx - where xx is displayed as a hexadecimal CPU stepping
|
|
(e.g. FFD0 is D0 stepping)
|
|
|
|
For Intel Pentium or Cyrix/NexGen 486
|
|
xxyy - where xx is model number and yy is stepping, so
|
|
0201 is Model 2, Stepping 1
|
|
|
|
For PROCESSOR_ARCHITECTURE_IA64:
|
|
xxyy - where xx is model number and yy is stepping, so
|
|
0201 is Model 2, Stepping 1
|
|
|
|
For PROCESSOR_ARCHITECTURE_MIPS:
|
|
00xx is 8-bit revision number of processor (low order 8 bits
|
|
of PRId Register
|
|
|
|
For PROCESSOR_ARCHITECTURE_ALPHA:
|
|
xxyy - where xxyy is 16-bit processor revision number (low
|
|
order 16 bits of processor revision number from firmware).
|
|
Displayed as Model 'A'+xx, Pass yy
|
|
|
|
For PROCESSOR_ARCHITECTURE_PPC:
|
|
xxyy - where xxyy is 16-bit processor revision number (low
|
|
order 16 bits of Processor Version Register). Displayed
|
|
as a fixed point number xx.yy
|
|
|
|
USHORT Reserved - Always zero.
|
|
|
|
ULONG ProcessorFeatureBits - architecture dependent processor feature bits.
|
|
This is the least common denominator for an MP system.
|
|
|
|
SystemPerformanceInformation - Data type is SYSTEM_PERFORMANCE_INFORMATION
|
|
|
|
SYSTEM_PERFORMANCE_INFORMATION Structure
|
|
|
|
LARGE_INTEGER IdleProcessTime - Returns the kernel time of the idle
|
|
process.
|
|
|
|
LARGE_INTEGER IoReadTransferCount;
|
|
LARGE_INTEGER IoWriteTransferCount;
|
|
LARGE_INTEGER IoOtherTransferCount;
|
|
LARGE_INTEGER KernelTime;
|
|
LARGE_INTEGER UserTime;
|
|
ULONG IoReadOperationCount;
|
|
ULONG IoWriteOperationCount;
|
|
ULONG IoOtherOperationCount;
|
|
ULONG AvailablePages;
|
|
ULONG CommittedPages;
|
|
ULONG PageFaultCount;
|
|
ULONG CopyOnWriteCount;
|
|
ULONG TransitionCount;
|
|
ULONG CacheTransitionCount;
|
|
ULONG DemandZeroCount;
|
|
ULONG PageReadCount;
|
|
ULONG PageReadIoCount;
|
|
ULONG CacheReadCount;
|
|
ULONG CacheIoCount;
|
|
ULONG DirtyPagesWriteCount;
|
|
ULONG DirtyWriteIoCount;
|
|
ULONG MappedPagesWriteCount;
|
|
ULONG MappedWriteIoCount;
|
|
ULONG PagedPoolPages;
|
|
ULONG NonPagedPoolPages;
|
|
ULONG PagedPoolAllocs;
|
|
ULONG PagedPoolFrees;
|
|
ULONG NonPagedPoolAllocs;
|
|
ULONG NonPagedPoolFrees;
|
|
ULONG LpcThreadsWaitingInReceive;
|
|
ULONG LpcThreadsWaitingForReply;
|
|
|
|
SystemProcessInformation - Data type is SYSTEM_PROCESS_INFORMATION
|
|
|
|
SYSTEM_PROCESS_INFORMATION Structure
|
|
|
|
SystemDockInformation - Data type is SYSTEM_DOCK_INFORMATION
|
|
|
|
SYSTEM_DOCK_INFORMATION Structure
|
|
|
|
SYSTEM_DOCKED_STATE DockState - Ordinal specifying the current docking state. Possible values:
|
|
SystemDockStateUnknown - The docking state of the system could not be determined.
|
|
SystemUndocked - The system is undocked.
|
|
SystemDocked - The system is docked.
|
|
|
|
ULONG DockIdLength - Specifies the length in characters of the Dock ID string
|
|
(not including terminating NULL).
|
|
|
|
ULONG SerialNumberOffset - Specifies the character offset of the Serial Number within
|
|
the DockId buffer.
|
|
|
|
ULONG SerialNumberLength - Specifies the length in characters of the Serial Number
|
|
string (not including terminating NULL).
|
|
|
|
WCHAR DockId - Character buffer containing two null-terminated strings. The first
|
|
string is a character representation of the dock ID number, starting
|
|
at the beginning of the buffer. The second string is a character
|
|
representation of the machine's serial number, starting at character
|
|
offset SerialNumberOffset in the buffer.
|
|
|
|
|
|
SystemPowerSettings - Data type is SYSTEM_POWER_SETTINGS
|
|
SYSTEM_POWER_INFORMATION Structure
|
|
BOOLEAN SystemSuspendSupported - Supplies a BOOLEAN as to
|
|
whether the system suspend is enabled or not.
|
|
BOOLEAN SystemHibernateSupported - Supplies a BOOLEAN as to
|
|
whether the system hibernate is enabled or not.
|
|
BOOLEAN ResumeTimerSupportsSuspend - Supplies a BOOLEAN as to
|
|
whether the resuming from an external programmed timer
|
|
from within a system suspend is enabled or not.
|
|
BOOLEAN ResumeTimerSupportsHibernate - Supplies a BOOLEAN as to
|
|
whether or resuming from an external programmed timer
|
|
from within a system hibernate is enabled or not.
|
|
BOOLEAN LidSupported - Supplies a BOOLEAN as to whether or not
|
|
the suspending and resuming by Lid are enabled or not.
|
|
BOOLEAN TurboSettingSupported - Supplies a BOOLEAN as to whether
|
|
or not the system supports a turbo mode setting.
|
|
BOOLEAN TurboMode - Supplies a BOOLEAN as to whether or not
|
|
the system is in turbo mode.
|
|
BOOLEAN SystemAcOrDc - Supplies a BOOLEAN as to whether or not
|
|
the system is in AC mode.
|
|
BOOLEAN DisablePowerDown - If TRUE, signifies that all requests to
|
|
PoRequestPowerChange for a SET_POWER-PowerDown irp are to
|
|
be ignored.
|
|
LARGE_INTEGER SpindownDrives - If non-zero, signifies to the
|
|
cache manager (or the IO subsystem) to optimize drive
|
|
accesses based upon power saves, are that drives are to
|
|
be spun down as appropriate. The value represents to user's
|
|
requested disk spin down timeout.
|
|
|
|
SystemProcessorSpeedInformation - Data type is SYSTEM_PROCESSOR_SPEED_INFORMATION
|
|
SYSTEM_PROCESSOR_SPEED_INFORMATION Structure (same as HalProcessorSpeedInformation)
|
|
ULONG MaximumProcessorSpeed - The maximum hertz the processor is
|
|
capable of. This information is used by the UI to draw the
|
|
appropriate scale. This field is read-only and cannot be
|
|
set.
|
|
ULONG CurrentAvailableSpeed - The hertz for which the processor
|
|
runs at when not idle. This field is read-only and cannot
|
|
be set.
|
|
ULONG ConfiguredSpeedLimit - The hertz for which the processor
|
|
is limited to due to the current configuration.
|
|
UCHAR PowerState
|
|
0 - Normal
|
|
1 - The processor speed is being limited due to available
|
|
power restrictions. This field id read-only by the system.
|
|
UCHAR ThermalState
|
|
0 - Normal
|
|
1 - The processors speed is being limited due to thermal
|
|
restrictions. This field is read-only by the system.
|
|
UCHAR TurboState
|
|
0 - Normal
|
|
1 - The processors speed is being limited by the fact that
|
|
the system turbo mode is currently disabled which is
|
|
requested to obtain more processor speed.
|
|
|
|
SystemInformationLength - Specifies the length in bytes of the system
|
|
information buffer.
|
|
|
|
ReturnLength - An optional pointer which, if specified, receives the
|
|
number of bytes placed in the system information buffer.
|
|
|
|
Return Value:
|
|
|
|
Returns one of the following status codes:
|
|
|
|
STATUS_SUCCESS - normal, successful completion.
|
|
|
|
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
|
|
did not specify a valid value.
|
|
|
|
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
|
|
parameter did not match the length required for the information
|
|
class requested by the SystemInformationClass parameter.
|
|
|
|
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
|
|
or the ReturnLength pointer value specified an invalid address.
|
|
|
|
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
|
|
working set to lock the specified output structure in memory.
|
|
|
|
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
|
|
for this request to complete.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
KPROCESSOR_MODE PreviousMode;
|
|
SYSTEM_TIMEOFDAY_INFORMATION LocalTimeOfDayInfo;
|
|
SYSTEM_PERFORMANCE_INFORMATION LocalPerformanceInfo;
|
|
PSYSTEM_PERFORMANCE_INFORMATION PerformanceInfo;
|
|
PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION ProcessorPerformanceInfo;
|
|
PSYSTEM_CALL_COUNT_INFORMATION CallCountInformation;
|
|
PSYSTEM_DEVICE_INFORMATION DeviceInformation;
|
|
PCONFIGURATION_INFORMATION ConfigInfo;
|
|
PSYSTEM_EXCEPTION_INFORMATION ExceptionInformation;
|
|
PSYSTEM_FILECACHE_INFORMATION FileCache;
|
|
PSYSTEM_QUERY_TIME_ADJUST_INFORMATION TimeAdjustmentInformation;
|
|
PSYSTEM_KERNEL_DEBUGGER_INFORMATION KernelDebuggerInformation;
|
|
PSYSTEM_CONTEXT_SWITCH_INFORMATION ContextSwitchInformation;
|
|
PSYSTEM_INTERRUPT_INFORMATION InterruptInformation;
|
|
PSYSTEM_SESSION_PROCESS_INFORMATION SessionProcessInformation;
|
|
PVOID ProcessInformation;
|
|
ULONG ProcessInformationLength;
|
|
PSYSTEM_SESSION_POOLTAG_INFORMATION SessionPoolTagInformation;
|
|
PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION SessionMappedViewInformation;
|
|
ULONG SessionPoolTagInformationLength;
|
|
|
|
NTSTATUS Status;
|
|
PKPRCB Prcb;
|
|
ULONG Length = 0;
|
|
ULONG i;
|
|
ULONG ContextSwitches;
|
|
PULONG TableLimit, TableCounts;
|
|
PKSERVICE_TABLE_DESCRIPTOR Table;
|
|
ULONG SessionId;
|
|
ULONG Alignment;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Assume successful completion.
|
|
//
|
|
|
|
Status = STATUS_SUCCESS;
|
|
try {
|
|
|
|
//
|
|
// Get previous processor mode and probe output argument if necessary.
|
|
//
|
|
|
|
PreviousMode = KeGetPreviousMode();
|
|
if (PreviousMode != KernelMode) {
|
|
|
|
Alignment = sizeof(ULONG);
|
|
|
|
if (SystemInformationClass == SystemKernelDebuggerInformation) {
|
|
Alignment = sizeof(BOOLEAN);
|
|
} else if (SystemInformationClass == SystemLocksInformation) {
|
|
Alignment = sizeof(PVOID);
|
|
}
|
|
|
|
ProbeForWrite(SystemInformation,
|
|
SystemInformationLength,
|
|
Alignment);
|
|
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
ProbeForWriteUlong(ReturnLength);
|
|
}
|
|
}
|
|
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = 0;
|
|
}
|
|
|
|
switch (SystemInformationClass) {
|
|
|
|
case SystemBasicInformation:
|
|
|
|
if (SystemInformationLength != sizeof( SYSTEM_BASIC_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Status = ExpGetSystemBasicInformation ((PSYSTEM_BASIC_INFORMATION)SystemInformation);
|
|
|
|
if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof( SYSTEM_BASIC_INFORMATION );
|
|
}
|
|
break;
|
|
|
|
case SystemEmulationBasicInformation:
|
|
|
|
if (SystemInformationLength != sizeof( SYSTEM_BASIC_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
#if defined(_WIN64)
|
|
Status = ExpGetSystemEmulationBasicInformation ((PSYSTEM_BASIC_INFORMATION)SystemInformation);
|
|
#else
|
|
Status = ExpGetSystemBasicInformation ((PSYSTEM_BASIC_INFORMATION)SystemInformation);
|
|
#endif
|
|
|
|
if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof( SYSTEM_BASIC_INFORMATION );
|
|
}
|
|
break;
|
|
|
|
case SystemProcessorInformation:
|
|
if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Status = ExpGetSystemProcessorInformation ((PSYSTEM_PROCESSOR_INFORMATION)SystemInformation);
|
|
|
|
if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof( SYSTEM_PROCESSOR_INFORMATION );
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemEmulationProcessorInformation:
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
#if defined(_WIN64)
|
|
Status = ExpGetSystemEmulationProcessorInformation ((PSYSTEM_PROCESSOR_INFORMATION)SystemInformation);
|
|
#else
|
|
Status = ExpGetSystemProcessorInformation ((PSYSTEM_PROCESSOR_INFORMATION)SystemInformation);
|
|
#endif
|
|
|
|
if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof( SYSTEM_PROCESSOR_INFORMATION );
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemPerformanceInformation:
|
|
if (SystemInformationLength < sizeof( SYSTEM_PERFORMANCE_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
PerformanceInfo = (PSYSTEM_PERFORMANCE_INFORMATION)SystemInformation;
|
|
|
|
//
|
|
// Io information.
|
|
//
|
|
|
|
LocalPerformanceInfo.IoReadTransferCount = IoReadTransferCount;
|
|
LocalPerformanceInfo.IoWriteTransferCount = IoWriteTransferCount;
|
|
LocalPerformanceInfo.IoOtherTransferCount = IoOtherTransferCount;
|
|
LocalPerformanceInfo.IoReadOperationCount = IoReadOperationCount;
|
|
LocalPerformanceInfo.IoWriteOperationCount = IoWriteOperationCount;
|
|
LocalPerformanceInfo.IoOtherOperationCount = IoOtherOperationCount;
|
|
|
|
//
|
|
// Ke information.
|
|
//
|
|
// These counters are kept on a per processor basis and must
|
|
// be totaled.
|
|
//
|
|
|
|
{
|
|
ULONG FirstLevelTbFills = 0;
|
|
ULONG SecondLevelTbFills = 0;
|
|
ULONG SystemCalls = 0;
|
|
// ULONG InterruptCount = 0;
|
|
|
|
ContextSwitches = 0;
|
|
for (i = 0; i < (ULONG)KeNumberProcessors; i += 1) {
|
|
Prcb = KiProcessorBlock[i];
|
|
if (Prcb != NULL) {
|
|
ContextSwitches += KeGetContextSwitches(Prcb);
|
|
FirstLevelTbFills += Prcb->KeFirstLevelTbFills;
|
|
// InterruptCount += Prcb->KeInterruptCount;
|
|
SecondLevelTbFills += Prcb->KeSecondLevelTbFills;
|
|
SystemCalls += Prcb->KeSystemCalls;
|
|
}
|
|
}
|
|
|
|
LocalPerformanceInfo.ContextSwitches = ContextSwitches;
|
|
LocalPerformanceInfo.FirstLevelTbFills = FirstLevelTbFills;
|
|
// LocalPerformanceInfo.InterruptCount = KeInterruptCount;
|
|
LocalPerformanceInfo.SecondLevelTbFills = SecondLevelTbFills;
|
|
LocalPerformanceInfo.SystemCalls = SystemCalls;
|
|
}
|
|
|
|
//
|
|
// Mm information.
|
|
//
|
|
|
|
LocalPerformanceInfo.AvailablePages = MmAvailablePages;
|
|
LocalPerformanceInfo.CommittedPages = (SYSINF_PAGE_COUNT)MmTotalCommittedPages;
|
|
LocalPerformanceInfo.CommitLimit = (SYSINF_PAGE_COUNT)MmTotalCommitLimit;
|
|
LocalPerformanceInfo.PeakCommitment = (SYSINF_PAGE_COUNT)MmPeakCommitment;
|
|
LocalPerformanceInfo.PageFaultCount = MmInfoCounters.PageFaultCount;
|
|
LocalPerformanceInfo.CopyOnWriteCount = MmInfoCounters.CopyOnWriteCount;
|
|
LocalPerformanceInfo.TransitionCount = MmInfoCounters.TransitionCount;
|
|
LocalPerformanceInfo.CacheTransitionCount = MmInfoCounters.CacheTransitionCount;
|
|
LocalPerformanceInfo.DemandZeroCount = MmInfoCounters.DemandZeroCount;
|
|
LocalPerformanceInfo.PageReadCount = MmInfoCounters.PageReadCount;
|
|
LocalPerformanceInfo.PageReadIoCount = MmInfoCounters.PageReadIoCount;
|
|
LocalPerformanceInfo.CacheReadCount = MmInfoCounters.CacheReadCount;
|
|
LocalPerformanceInfo.CacheIoCount = MmInfoCounters.CacheIoCount;
|
|
LocalPerformanceInfo.DirtyPagesWriteCount = MmInfoCounters.DirtyPagesWriteCount;
|
|
LocalPerformanceInfo.DirtyWriteIoCount = MmInfoCounters.DirtyWriteIoCount;
|
|
LocalPerformanceInfo.MappedPagesWriteCount = MmInfoCounters.MappedPagesWriteCount;
|
|
LocalPerformanceInfo.MappedWriteIoCount = MmInfoCounters.MappedWriteIoCount;
|
|
LocalPerformanceInfo.FreeSystemPtes = MmTotalFreeSystemPtes[0];
|
|
|
|
LocalPerformanceInfo.ResidentSystemCodePage = MmSystemCodePage;
|
|
LocalPerformanceInfo.ResidentSystemCachePage = MmSystemCachePage;
|
|
LocalPerformanceInfo.ResidentPagedPoolPage = MmPagedPoolPage;
|
|
LocalPerformanceInfo.ResidentSystemDriverPage = MmSystemDriverPage;
|
|
LocalPerformanceInfo.TotalSystemCodePages = MmTotalSystemCodePages;
|
|
LocalPerformanceInfo.TotalSystemDriverPages = MmTotalSystemDriverPages;
|
|
LocalPerformanceInfo.AvailablePagedPoolPages = (ULONG)MmAvailablePoolInPages (PagedPool);
|
|
//
|
|
// Process information.
|
|
//
|
|
|
|
LocalPerformanceInfo.IdleProcessTime.QuadPart =
|
|
UInt32x32To64(PsIdleProcess->Pcb.KernelTime,
|
|
KeMaximumIncrement);
|
|
|
|
//
|
|
// Pool information.
|
|
//
|
|
|
|
LocalPerformanceInfo.PagedPoolPages = 0;
|
|
LocalPerformanceInfo.NonPagedPoolPages = 0;
|
|
LocalPerformanceInfo.PagedPoolAllocs = 0;
|
|
LocalPerformanceInfo.PagedPoolFrees = 0;
|
|
LocalPerformanceInfo.PagedPoolLookasideHits = 0;
|
|
LocalPerformanceInfo.NonPagedPoolAllocs = 0;
|
|
LocalPerformanceInfo.NonPagedPoolFrees = 0;
|
|
LocalPerformanceInfo.NonPagedPoolLookasideHits = 0;
|
|
ExQueryPoolUsage( &LocalPerformanceInfo.PagedPoolPages,
|
|
&LocalPerformanceInfo.NonPagedPoolPages,
|
|
&LocalPerformanceInfo.PagedPoolAllocs,
|
|
&LocalPerformanceInfo.PagedPoolFrees,
|
|
&LocalPerformanceInfo.PagedPoolLookasideHits,
|
|
&LocalPerformanceInfo.NonPagedPoolAllocs,
|
|
&LocalPerformanceInfo.NonPagedPoolFrees,
|
|
&LocalPerformanceInfo.NonPagedPoolLookasideHits
|
|
);
|
|
|
|
//
|
|
// Cache Manager information.
|
|
//
|
|
|
|
LocalPerformanceInfo.CcFastReadNoWait = CcFastReadNoWait;
|
|
LocalPerformanceInfo.CcFastReadWait = CcFastReadWait;
|
|
LocalPerformanceInfo.CcFastReadResourceMiss = CcFastReadResourceMiss;
|
|
LocalPerformanceInfo.CcFastReadNotPossible = CcFastReadNotPossible;
|
|
LocalPerformanceInfo.CcFastMdlReadNoWait = CcFastMdlReadNoWait;
|
|
LocalPerformanceInfo.CcFastMdlReadWait = CcFastMdlReadWait;
|
|
LocalPerformanceInfo.CcFastMdlReadResourceMiss = CcFastMdlReadResourceMiss;
|
|
LocalPerformanceInfo.CcFastMdlReadNotPossible = CcFastMdlReadNotPossible;
|
|
LocalPerformanceInfo.CcMapDataNoWait = CcMapDataNoWait;
|
|
LocalPerformanceInfo.CcMapDataWait = CcMapDataWait;
|
|
LocalPerformanceInfo.CcMapDataNoWaitMiss = CcMapDataNoWaitMiss;
|
|
LocalPerformanceInfo.CcMapDataWaitMiss = CcMapDataWaitMiss;
|
|
LocalPerformanceInfo.CcPinMappedDataCount = CcPinMappedDataCount;
|
|
LocalPerformanceInfo.CcPinReadNoWait = CcPinReadNoWait;
|
|
LocalPerformanceInfo.CcPinReadWait = CcPinReadWait;
|
|
LocalPerformanceInfo.CcPinReadNoWaitMiss = CcPinReadNoWaitMiss;
|
|
LocalPerformanceInfo.CcPinReadWaitMiss = CcPinReadWaitMiss;
|
|
LocalPerformanceInfo.CcCopyReadNoWait = CcCopyReadNoWait;
|
|
LocalPerformanceInfo.CcCopyReadWait = CcCopyReadWait;
|
|
LocalPerformanceInfo.CcCopyReadNoWaitMiss = CcCopyReadNoWaitMiss;
|
|
LocalPerformanceInfo.CcCopyReadWaitMiss = CcCopyReadWaitMiss;
|
|
LocalPerformanceInfo.CcMdlReadNoWait = CcMdlReadNoWait;
|
|
LocalPerformanceInfo.CcMdlReadWait = CcMdlReadWait;
|
|
LocalPerformanceInfo.CcMdlReadNoWaitMiss = CcMdlReadNoWaitMiss;
|
|
LocalPerformanceInfo.CcMdlReadWaitMiss = CcMdlReadWaitMiss;
|
|
LocalPerformanceInfo.CcReadAheadIos = CcReadAheadIos;
|
|
LocalPerformanceInfo.CcLazyWriteIos = CcLazyWriteIos;
|
|
LocalPerformanceInfo.CcLazyWritePages = CcLazyWritePages;
|
|
LocalPerformanceInfo.CcDataFlushes = CcDataFlushes;
|
|
LocalPerformanceInfo.CcDataPages = CcDataPages;
|
|
|
|
#if !defined(NT_UP)
|
|
//
|
|
// On an MP machines go sum up some other 'hot' cache manager
|
|
// statistics.
|
|
//
|
|
|
|
for (i = 0; i < (ULONG)KeNumberProcessors; i++) {
|
|
Prcb = KiProcessorBlock[i];
|
|
|
|
LocalPerformanceInfo.CcFastReadNoWait += Prcb->CcFastReadNoWait;
|
|
LocalPerformanceInfo.CcFastReadWait += Prcb->CcFastReadWait;
|
|
LocalPerformanceInfo.CcFastReadNotPossible += Prcb->CcFastReadNotPossible;
|
|
LocalPerformanceInfo.CcCopyReadNoWait += Prcb->CcCopyReadNoWait;
|
|
LocalPerformanceInfo.CcCopyReadWait += Prcb->CcCopyReadWait;
|
|
LocalPerformanceInfo.CcCopyReadNoWaitMiss += Prcb->CcCopyReadNoWaitMiss;
|
|
}
|
|
#endif
|
|
*PerformanceInfo = LocalPerformanceInfo;
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof(LocalPerformanceInfo);
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemProcessorPerformanceInformation:
|
|
if (SystemInformationLength <
|
|
sizeof( SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
ProcessorPerformanceInfo =
|
|
(PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION) SystemInformation;
|
|
|
|
Length = 0;
|
|
for (i = 0; i < (ULONG)KeNumberProcessors; i++) {
|
|
Prcb = KiProcessorBlock[i];
|
|
if (Prcb != NULL) {
|
|
if (SystemInformationLength < Length + sizeof(SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION))
|
|
break;
|
|
|
|
Length += sizeof(SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION);
|
|
|
|
ProcessorPerformanceInfo->UserTime.QuadPart =
|
|
UInt32x32To64(Prcb->UserTime,
|
|
KeMaximumIncrement);
|
|
|
|
ProcessorPerformanceInfo->KernelTime.QuadPart =
|
|
UInt32x32To64(Prcb->KernelTime,
|
|
KeMaximumIncrement);
|
|
|
|
ProcessorPerformanceInfo->DpcTime.QuadPart =
|
|
UInt32x32To64(Prcb->DpcTime,
|
|
KeMaximumIncrement);
|
|
|
|
ProcessorPerformanceInfo->InterruptTime.QuadPart =
|
|
UInt32x32To64(Prcb->InterruptTime,
|
|
KeMaximumIncrement);
|
|
|
|
ProcessorPerformanceInfo->IdleTime.QuadPart =
|
|
UInt32x32To64(Prcb->IdleThread->KernelTime,
|
|
KeMaximumIncrement);
|
|
|
|
ProcessorPerformanceInfo->InterruptCount = Prcb->InterruptCount;
|
|
|
|
ProcessorPerformanceInfo++;
|
|
}
|
|
}
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemProcessorPowerInformation:
|
|
if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_POWER_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
ExpGetProcessorPowerInformation(
|
|
SystemInformation,
|
|
SystemInformationLength,
|
|
&Length
|
|
);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
case SystemProcessorIdleInformation:
|
|
if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_IDLE_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
ExpGetProcessorIdleInformation(
|
|
SystemInformation,
|
|
SystemInformationLength,
|
|
&Length
|
|
);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
case SystemTimeOfDayInformation:
|
|
if (SystemInformationLength > sizeof (SYSTEM_TIMEOFDAY_INFORMATION)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
RtlZeroMemory (&LocalTimeOfDayInfo, sizeof(LocalTimeOfDayInfo));
|
|
KeQuerySystemTime(&LocalTimeOfDayInfo.CurrentTime);
|
|
LocalTimeOfDayInfo.BootTime = KeBootTime;
|
|
LocalTimeOfDayInfo.TimeZoneBias = ExpTimeZoneBias;
|
|
LocalTimeOfDayInfo.TimeZoneId = ExpCurrentTimeZoneId;
|
|
LocalTimeOfDayInfo.BootTimeBias = KeBootTimeBias;
|
|
LocalTimeOfDayInfo.SleepTimeBias = KeInterruptTimeBias;
|
|
|
|
try {
|
|
RtlCopyMemory (
|
|
SystemInformation,
|
|
&LocalTimeOfDayInfo,
|
|
SystemInformationLength
|
|
);
|
|
|
|
if (ARGUMENT_PRESENT(ReturnLength) ) {
|
|
*ReturnLength = SystemInformationLength;
|
|
}
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
return GetExceptionCode ();
|
|
}
|
|
|
|
break;
|
|
|
|
//
|
|
// Query system time adjustment information.
|
|
//
|
|
|
|
case SystemTimeAdjustmentInformation:
|
|
if (SystemInformationLength != sizeof( SYSTEM_QUERY_TIME_ADJUST_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
TimeAdjustmentInformation =
|
|
(PSYSTEM_QUERY_TIME_ADJUST_INFORMATION)SystemInformation;
|
|
|
|
TimeAdjustmentInformation->TimeAdjustment = KeTimeAdjustment;
|
|
TimeAdjustmentInformation->TimeIncrement = KeMaximumIncrement;
|
|
TimeAdjustmentInformation->Enable = KeTimeSynchronization;
|
|
break;
|
|
|
|
case SystemSummaryMemoryInformation:
|
|
case SystemFullMemoryInformation:
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_MEMORY_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Status = MmMemoryUsage (SystemInformation,
|
|
SystemInformationLength,
|
|
(SystemInformationClass == SystemFullMemoryInformation) ? 0 : 1,
|
|
&Length);
|
|
|
|
if (NT_SUCCESS(Status) && ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
case SystemPathInformation:
|
|
#if DBG
|
|
DbgPrint( "EX: SystemPathInformation now available via SharedUserData\n" );
|
|
DbgBreakPoint();
|
|
#endif
|
|
return STATUS_NOT_IMPLEMENTED;
|
|
break;
|
|
|
|
case SystemProcessInformation:
|
|
case SystemExtendedProcessInformation:
|
|
{
|
|
BOOLEAN ExtendedInformation;
|
|
|
|
if (SystemInformationClass == SystemProcessInformation ) {
|
|
ExtendedInformation = FALSE;
|
|
} else {
|
|
ExtendedInformation = TRUE;
|
|
}
|
|
|
|
Status = ExpGetProcessInformation (SystemInformation,
|
|
SystemInformationLength,
|
|
&Length,
|
|
NULL,
|
|
ExtendedInformation);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemSessionProcessInformation:
|
|
|
|
|
|
SessionProcessInformation =
|
|
(PSYSTEM_SESSION_PROCESS_INFORMATION)SystemInformation;
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_SESSION_PROCESS_INFORMATION)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
//
|
|
// The lower level locks the buffer specified below into memory using MmProbeAndLockPages.
|
|
// We don't need to probe the buffers here.
|
|
//
|
|
SessionId = SessionProcessInformation->SessionId;
|
|
ProcessInformation = SessionProcessInformation->Buffer;
|
|
ProcessInformationLength = SessionProcessInformation->SizeOfBuf;
|
|
|
|
if (!POINTER_IS_ALIGNED (ProcessInformation, sizeof (ULONG))) {
|
|
return STATUS_DATATYPE_MISALIGNMENT;
|
|
}
|
|
|
|
Status = ExpGetProcessInformation (ProcessInformation,
|
|
ProcessInformationLength,
|
|
&Length,
|
|
&SessionId,
|
|
FALSE);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemCallCountInformation:
|
|
|
|
Length = sizeof(SYSTEM_CALL_COUNT_INFORMATION) +
|
|
(NUMBER_SERVICE_TABLES * sizeof(ULONG));
|
|
|
|
Table = KeServiceDescriptorTableShadow;
|
|
|
|
for (i = 0; i < NUMBER_SERVICE_TABLES; i += 1) {
|
|
if ((Table->Limit != 0) && (Table->Count != NULL)) {
|
|
Length += Table->Limit * sizeof(ULONG);
|
|
}
|
|
Table += 1;
|
|
}
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
|
|
if (SystemInformationLength < Length) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
CallCountInformation = (PSYSTEM_CALL_COUNT_INFORMATION)SystemInformation;
|
|
CallCountInformation->Length = Length;
|
|
CallCountInformation->NumberOfTables = NUMBER_SERVICE_TABLES;
|
|
|
|
TableLimit = (PULONG)(CallCountInformation + 1);
|
|
TableCounts = TableLimit + NUMBER_SERVICE_TABLES;
|
|
|
|
Table = KeServiceDescriptorTableShadow;
|
|
|
|
for (i = 0; i < NUMBER_SERVICE_TABLES; i += 1) {
|
|
if ((Table->Limit == 0) || (Table->Count == NULL)) {
|
|
*TableLimit++ = 0;
|
|
} else {
|
|
*TableLimit++ = Table->Limit;
|
|
RtlCopyMemory((PVOID)TableCounts,
|
|
(PVOID)Table->Count,
|
|
Table->Limit * sizeof(ULONG));
|
|
TableCounts += Table->Limit;
|
|
}
|
|
Table += 1;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemDeviceInformation:
|
|
if (SystemInformationLength != sizeof( SYSTEM_DEVICE_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
ConfigInfo = IoGetConfigurationInformation();
|
|
DeviceInformation = (PSYSTEM_DEVICE_INFORMATION)SystemInformation;
|
|
DeviceInformation->NumberOfDisks = ConfigInfo->DiskCount;
|
|
DeviceInformation->NumberOfFloppies = ConfigInfo->FloppyCount;
|
|
DeviceInformation->NumberOfCdRoms = ConfigInfo->CdRomCount;
|
|
DeviceInformation->NumberOfTapes = ConfigInfo->TapeCount;
|
|
DeviceInformation->NumberOfSerialPorts = ConfigInfo->SerialCount;
|
|
DeviceInformation->NumberOfParallelPorts = ConfigInfo->ParallelCount;
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof( SYSTEM_DEVICE_INFORMATION );
|
|
}
|
|
break;
|
|
|
|
case SystemFlagsInformation:
|
|
if (SystemInformationLength != sizeof( SYSTEM_FLAGS_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
((PSYSTEM_FLAGS_INFORMATION)SystemInformation)->Flags = NtGlobalFlag;
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof( SYSTEM_FLAGS_INFORMATION );
|
|
}
|
|
break;
|
|
|
|
case SystemCallTimeInformation:
|
|
return STATUS_NOT_IMPLEMENTED;
|
|
|
|
case SystemModuleInformation:
|
|
KeEnterCriticalRegion();
|
|
ExAcquireResourceExclusiveLite( &PsLoadedModuleResource, TRUE );
|
|
try {
|
|
Status = ExpQueryModuleInformation( &PsLoadedModuleList,
|
|
&MmLoadedUserImageList,
|
|
(PRTL_PROCESS_MODULES)SystemInformation,
|
|
SystemInformationLength,
|
|
ReturnLength
|
|
);
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
Status = GetExceptionCode();
|
|
}
|
|
ExReleaseResourceLite (&PsLoadedModuleResource);
|
|
KeLeaveCriticalRegion();
|
|
break;
|
|
|
|
case SystemLocksInformation:
|
|
if (SystemInformationLength < sizeof( RTL_PROCESS_LOCKS )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Status = ExpGetLockInformation (SystemInformation,
|
|
SystemInformationLength,
|
|
&Length);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemStackTraceInformation:
|
|
if (SystemInformationLength < sizeof( RTL_PROCESS_BACKTRACES )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
#if i386
|
|
Status = ExpGetStackTraceInformation (SystemInformation,
|
|
SystemInformationLength,
|
|
&Length);
|
|
#else
|
|
Status = STATUS_NOT_IMPLEMENTED;
|
|
#endif // i386
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemPagedPoolInformation:
|
|
|
|
Status = STATUS_NOT_IMPLEMENTED;
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = 0;
|
|
}
|
|
break;
|
|
|
|
case SystemNonPagedPoolInformation:
|
|
|
|
Status = STATUS_NOT_IMPLEMENTED;
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = 0;
|
|
}
|
|
break;
|
|
|
|
case SystemHandleInformation:
|
|
if (SystemInformationLength < sizeof( SYSTEM_HANDLE_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (!POINTER_IS_ALIGNED (SystemInformation, TYPE_ALIGNMENT (SYSTEM_HANDLE_INFORMATION))) {
|
|
return STATUS_DATATYPE_MISALIGNMENT;
|
|
}
|
|
|
|
Status = ExpGetHandleInformation( SystemInformation,
|
|
SystemInformationLength,
|
|
&Length
|
|
);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
case SystemExtendedHandleInformation:
|
|
if (SystemInformationLength < sizeof( SYSTEM_HANDLE_INFORMATION_EX )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (!POINTER_IS_ALIGNED (SystemInformation, TYPE_ALIGNMENT (SYSTEM_HANDLE_INFORMATION_EX))) {
|
|
return STATUS_DATATYPE_MISALIGNMENT;
|
|
}
|
|
|
|
Status = ExpGetHandleInformationEx( SystemInformation,
|
|
SystemInformationLength,
|
|
&Length
|
|
);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
case SystemObjectInformation:
|
|
if (SystemInformationLength < sizeof( SYSTEM_OBJECTTYPE_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Status = ExpGetObjectInformation( SystemInformation,
|
|
SystemInformationLength,
|
|
&Length
|
|
);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
case SystemPageFileInformation:
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_PAGEFILE_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Status = MmGetPageFileInformation( SystemInformation,
|
|
SystemInformationLength,
|
|
&Length
|
|
);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
|
|
case SystemFileCacheInformation:
|
|
|
|
//
|
|
// This structure was extended in NT 4.0 from 12 bytes.
|
|
// Use the previous size of 12 bytes for versioning info.
|
|
//
|
|
|
|
if (SystemInformationLength < 12) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
FileCache = (PSYSTEM_FILECACHE_INFORMATION)SystemInformation;
|
|
FileCache->CurrentSize = ((SIZE_T)MmSystemCacheWs.WorkingSetSize) << PAGE_SHIFT;
|
|
FileCache->PeakSize = ((SIZE_T)MmSystemCacheWs.PeakWorkingSetSize) << PAGE_SHIFT;
|
|
FileCache->PageFaultCount = MmSystemCacheWs.PageFaultCount;
|
|
|
|
i = 12;
|
|
|
|
if (SystemInformationLength >= sizeof( SYSTEM_FILECACHE_INFORMATION )) {
|
|
i = sizeof (SYSTEM_FILECACHE_INFORMATION);
|
|
FileCache->MinimumWorkingSet =
|
|
MmSystemCacheWs.MinimumWorkingSetSize;
|
|
FileCache->MaximumWorkingSet =
|
|
MmSystemCacheWs.MaximumWorkingSetSize;
|
|
FileCache->CurrentSizeIncludingTransitionInPages = MmSystemCacheWs.WorkingSetSize + MmTransitionSharedPages;
|
|
FileCache->PeakSizeIncludingTransitionInPages = MmTransitionSharedPagesPeak;
|
|
FileCache->TransitionRePurposeCount = MmStandbyRePurposed;
|
|
}
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = i;
|
|
}
|
|
break;
|
|
|
|
case SystemSessionPoolTagInformation:
|
|
|
|
SessionProcessInformation =
|
|
(PSYSTEM_SESSION_PROCESS_INFORMATION)SystemInformation;
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_SESSION_PROCESS_INFORMATION)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
//
|
|
// The lower level locks the buffer specified below into
|
|
// memory using MmProbeAndLockPages.
|
|
// We don't need to probe the buffers here.
|
|
//
|
|
|
|
SessionId = SessionProcessInformation->SessionId;
|
|
SessionPoolTagInformation = SessionProcessInformation->Buffer;
|
|
SessionPoolTagInformationLength = SessionProcessInformation->SizeOfBuf;
|
|
|
|
if (!POINTER_IS_ALIGNED (SessionPoolTagInformation, sizeof (ULONGLONG))) {
|
|
return STATUS_DATATYPE_MISALIGNMENT;
|
|
}
|
|
|
|
Status = ExGetSessionPoolTagInformation (
|
|
SessionPoolTagInformation,
|
|
SessionPoolTagInformationLength,
|
|
&Length,
|
|
&SessionId);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemPoolTagInformation:
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_POOLTAG_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Status = ExGetPoolTagInfo (SystemInformation,
|
|
SystemInformationLength,
|
|
ReturnLength);
|
|
|
|
break;
|
|
|
|
case SystemBigPoolInformation:
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_BIGPOOL_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Status = ExGetBigPoolInfo (SystemInformation,
|
|
SystemInformationLength,
|
|
ReturnLength);
|
|
|
|
break;
|
|
|
|
case SystemSessionMappedViewInformation:
|
|
|
|
SessionMappedViewInformation =
|
|
(PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION)SystemInformation;
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_SESSION_MAPPED_VIEW_INFORMATION)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
//
|
|
// The lower level locks the buffer specified below into
|
|
// memory using MmProbeAndLockPages.
|
|
// We don't need to probe the buffers here.
|
|
//
|
|
|
|
SessionId = SessionMappedViewInformation->SessionId;
|
|
|
|
if (!POINTER_IS_ALIGNED (SessionMappedViewInformation, sizeof (ULONGLONG))) {
|
|
return STATUS_DATATYPE_MISALIGNMENT;
|
|
}
|
|
|
|
Status = MmGetSessionMappedViewInformation (
|
|
SessionMappedViewInformation,
|
|
SystemInformationLength,
|
|
&Length,
|
|
&SessionId);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemVdmInstemulInformation:
|
|
#ifdef i386
|
|
if (SystemInformationLength < sizeof( SYSTEM_VDM_INSTEMUL_INFO )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Status = ExpGetInstemulInformation(
|
|
(PSYSTEM_VDM_INSTEMUL_INFO)SystemInformation
|
|
);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof(SYSTEM_VDM_INSTEMUL_INFO);
|
|
}
|
|
#else
|
|
Status = STATUS_NOT_IMPLEMENTED;
|
|
#endif
|
|
break;
|
|
|
|
//
|
|
// Get system exception information which includes the number
|
|
// of exceptions that have dispatched, the number of alignment
|
|
// fixups, and the number of floating emulations that have been
|
|
// performed.
|
|
//
|
|
|
|
case SystemExceptionInformation:
|
|
if (SystemInformationLength < sizeof( SYSTEM_EXCEPTION_INFORMATION)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof(SYSTEM_EXCEPTION_INFORMATION);
|
|
}
|
|
|
|
ExceptionInformation = (PSYSTEM_EXCEPTION_INFORMATION)SystemInformation;
|
|
|
|
//
|
|
// Ke information.
|
|
//
|
|
// These counters are kept on a per processor basis and must
|
|
// be totaled.
|
|
//
|
|
|
|
{
|
|
ULONG AlignmentFixupCount = 0;
|
|
ULONG ExceptionDispatchCount = 0;
|
|
ULONG FloatingEmulationCount = 0;
|
|
ULONG ByteWordEmulationCount = 0;
|
|
|
|
for (i = 0; i < (ULONG)KeNumberProcessors; i += 1) {
|
|
Prcb = KiProcessorBlock[i];
|
|
if (Prcb != NULL) {
|
|
AlignmentFixupCount += Prcb->KeAlignmentFixupCount;
|
|
ExceptionDispatchCount += Prcb->KeExceptionDispatchCount;
|
|
FloatingEmulationCount += Prcb->KeFloatingEmulationCount;
|
|
}
|
|
}
|
|
|
|
ExceptionInformation->AlignmentFixupCount = AlignmentFixupCount;
|
|
ExceptionInformation->ExceptionDispatchCount = ExceptionDispatchCount;
|
|
ExceptionInformation->FloatingEmulationCount = FloatingEmulationCount;
|
|
ExceptionInformation->ByteWordEmulationCount = ByteWordEmulationCount;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemKernelDebuggerInformation:
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_KERNEL_DEBUGGER_INFORMATION)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
KernelDebuggerInformation =
|
|
(PSYSTEM_KERNEL_DEBUGGER_INFORMATION)SystemInformation;
|
|
KernelDebuggerInformation->KernelDebuggerEnabled = KdDebuggerEnabled;
|
|
KernelDebuggerInformation->KernelDebuggerNotPresent = KdDebuggerNotPresent;
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof(SYSTEM_KERNEL_DEBUGGER_INFORMATION);
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemContextSwitchInformation:
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_CONTEXT_SWITCH_INFORMATION)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
ContextSwitchInformation =
|
|
(PSYSTEM_CONTEXT_SWITCH_INFORMATION)SystemInformation;
|
|
|
|
//
|
|
// Compute the total number of context switches and fill in the
|
|
// remainder of the context switch information.
|
|
//
|
|
|
|
ContextSwitches = 0;
|
|
for (i = 0; i < (ULONG)KeNumberProcessors; i += 1) {
|
|
Prcb = KiProcessorBlock[i];
|
|
if (Prcb != NULL) {
|
|
ContextSwitches += KeGetContextSwitches(Prcb);
|
|
}
|
|
|
|
}
|
|
|
|
ContextSwitchInformation->ContextSwitches = ContextSwitches;
|
|
ContextSwitchInformation->FindAny = KeThreadSwitchCounters.FindAny;
|
|
ContextSwitchInformation->FindLast = KeThreadSwitchCounters.FindLast;
|
|
ContextSwitchInformation->FindIdeal = KeThreadSwitchCounters.FindIdeal;
|
|
ContextSwitchInformation->IdleAny = KeThreadSwitchCounters.IdleAny;
|
|
ContextSwitchInformation->IdleCurrent = KeThreadSwitchCounters.IdleCurrent;
|
|
ContextSwitchInformation->IdleLast = KeThreadSwitchCounters.IdleLast;
|
|
ContextSwitchInformation->IdleIdeal = KeThreadSwitchCounters.IdleIdeal;
|
|
ContextSwitchInformation->PreemptAny = KeThreadSwitchCounters.PreemptAny;
|
|
ContextSwitchInformation->PreemptCurrent = KeThreadSwitchCounters.PreemptCurrent;
|
|
ContextSwitchInformation->PreemptLast = KeThreadSwitchCounters.PreemptLast;
|
|
ContextSwitchInformation->SwitchToIdle = KeThreadSwitchCounters.SwitchToIdle;
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof(SYSTEM_CONTEXT_SWITCH_INFORMATION);
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemRegistryQuotaInformation:
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_REGISTRY_QUOTA_INFORMATION)) {
|
|
return(STATUS_INFO_LENGTH_MISMATCH);
|
|
}
|
|
CmQueryRegistryQuotaInformation((PSYSTEM_REGISTRY_QUOTA_INFORMATION)SystemInformation);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof(SYSTEM_REGISTRY_QUOTA_INFORMATION);
|
|
}
|
|
break;
|
|
|
|
case SystemDpcBehaviorInformation:
|
|
{
|
|
PSYSTEM_DPC_BEHAVIOR_INFORMATION DpcInfo;
|
|
//
|
|
// If the system information buffer is not the correct length,
|
|
// then return an error.
|
|
//
|
|
if (SystemInformationLength != sizeof(SYSTEM_DPC_BEHAVIOR_INFORMATION)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
DpcInfo = (PSYSTEM_DPC_BEHAVIOR_INFORMATION)SystemInformation;
|
|
|
|
//
|
|
// Exception handler for this routine will return the correct
|
|
// error if any of these accesses fail.
|
|
//
|
|
//
|
|
// Return the current DPC behavior variables
|
|
//
|
|
DpcInfo->DpcQueueDepth = KiMaximumDpcQueueDepth;
|
|
DpcInfo->MinimumDpcRate = KiMinimumDpcRate;
|
|
DpcInfo->AdjustDpcThreshold = KiAdjustDpcThreshold;
|
|
DpcInfo->IdealDpcRate = KiIdealDpcRate;
|
|
}
|
|
break;
|
|
|
|
case SystemInterruptInformation:
|
|
|
|
if (SystemInformationLength < (sizeof(SYSTEM_INTERRUPT_INFORMATION) * KeNumberProcessors)) {
|
|
return(STATUS_INFO_LENGTH_MISMATCH);
|
|
}
|
|
|
|
InterruptInformation = (PSYSTEM_INTERRUPT_INFORMATION)SystemInformation;
|
|
for (i=0; i < (ULONG)KeNumberProcessors; i++) {
|
|
Prcb = KiProcessorBlock[i];
|
|
InterruptInformation->ContextSwitches = KeGetContextSwitches(Prcb);
|
|
InterruptInformation->DpcCount = Prcb->DpcData[DPC_NORMAL].DpcCount;
|
|
InterruptInformation->DpcRate = Prcb->DpcRequestRate;
|
|
InterruptInformation->TimeIncrement = KeTimeIncrement;
|
|
InterruptInformation->DpcBypassCount = 0;
|
|
InterruptInformation->ApcBypassCount = 0;
|
|
|
|
++InterruptInformation;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemCurrentTimeZoneInformation:
|
|
if (SystemInformationLength < sizeof( RTL_TIME_ZONE_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
RtlCopyMemory(SystemInformation,&ExpTimeZoneInformation,sizeof(ExpTimeZoneInformation));
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = sizeof( RTL_TIME_ZONE_INFORMATION );
|
|
}
|
|
|
|
Status = STATUS_SUCCESS;
|
|
break;
|
|
|
|
//
|
|
// Query pool lookaside list and general lookaside list
|
|
// information.
|
|
//
|
|
|
|
case SystemLookasideInformation:
|
|
Status = ExpGetLookasideInformation(SystemInformation,
|
|
SystemInformationLength,
|
|
&Length);
|
|
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = Length;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemRangeStartInformation:
|
|
|
|
if ( SystemInformationLength != sizeof(ULONG_PTR) ) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
*(PULONG_PTR)SystemInformation = (ULONG_PTR)MmSystemRangeStart;
|
|
|
|
if (ARGUMENT_PRESENT(ReturnLength) ) {
|
|
*ReturnLength = sizeof(ULONG_PTR);
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemVerifierInformation:
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_VERIFIER_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Status = MmGetVerifierInformation( SystemInformation,
|
|
SystemInformationLength,
|
|
&Length
|
|
);
|
|
|
|
if (ARGUMENT_PRESENT( ReturnLength )) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
case SystemLegacyDriverInformation:
|
|
if (SystemInformationLength < sizeof(SYSTEM_LEGACY_DRIVER_INFORMATION)) {
|
|
return(STATUS_INFO_LENGTH_MISMATCH);
|
|
}
|
|
Length = SystemInformationLength;
|
|
Status = ExpQueryLegacyDriverInformation((PSYSTEM_LEGACY_DRIVER_INFORMATION)SystemInformation, &Length);
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
case SystemPerformanceTraceInformation:
|
|
#ifdef NTPERF
|
|
Status = PerfInfoQueryPerformanceTraceInformation(SystemInformation,
|
|
SystemInformationLength,
|
|
&Length
|
|
);
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = Length;
|
|
}
|
|
#else
|
|
Status = STATUS_INVALID_INFO_CLASS;
|
|
#endif // NTPERF
|
|
break;
|
|
|
|
case SystemPrefetcherInformation:
|
|
|
|
Status = CcPfQueryPrefetcherInformation(SystemInformationClass,
|
|
SystemInformation,
|
|
SystemInformationLength,
|
|
PreviousMode,
|
|
&Length
|
|
);
|
|
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = Length;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemNumaProcessorMap:
|
|
|
|
Status = ExpQueryNumaProcessorMap(SystemInformation,
|
|
SystemInformationLength,
|
|
&Length);
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
case SystemNumaAvailableMemory:
|
|
|
|
Status = ExpQueryNumaAvailableMemory(SystemInformation,
|
|
SystemInformationLength,
|
|
&Length);
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
case SystemRecommendedSharedDataAlignment:
|
|
if (SystemInformationLength < sizeof(ULONG)) {
|
|
return(STATUS_INFO_LENGTH_MISMATCH);
|
|
}
|
|
|
|
//
|
|
// Alignment is guaranteed by the ProbeForWrite above
|
|
// so just store the value as a ULONG.
|
|
//
|
|
|
|
*(PULONG)SystemInformation = KeGetRecommendedSharedDataAlignment();
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = sizeof(ULONG);
|
|
}
|
|
break;
|
|
|
|
case SystemComPlusPackage:
|
|
if (SystemInformationLength != sizeof(ULONG)) {
|
|
return(STATUS_INFO_LENGTH_MISMATCH);
|
|
}
|
|
|
|
if (SharedUserData->ComPlusPackage == COMPLUS_PACKAGE_INVALID) {
|
|
|
|
//
|
|
// The initialization happens one time.
|
|
//
|
|
SharedUserData->ComPlusPackage = 0;
|
|
|
|
ExpReadComPlusPackage ();
|
|
}
|
|
|
|
*(PULONG)SystemInformation = SharedUserData->ComPlusPackage;
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = sizeof(ULONG);
|
|
}
|
|
break;
|
|
|
|
case SystemLostDelayedWriteInformation:
|
|
|
|
if (SystemInformationLength < sizeof(ULONG)) {
|
|
return(STATUS_INFO_LENGTH_MISMATCH);
|
|
}
|
|
|
|
*(PULONG)SystemInformation = CcLostDelayedWrites;
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = sizeof(ULONG);
|
|
}
|
|
break;
|
|
|
|
case SystemObjectSecurityMode:
|
|
|
|
if (SystemInformationLength != sizeof (ULONG)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
*(PULONG)SystemInformation = ObGetSecurityMode ();
|
|
|
|
if (ARGUMENT_PRESENT (ReturnLength)) {
|
|
*ReturnLength = sizeof (ULONG);
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemWatchdogTimerInformation:
|
|
|
|
{
|
|
PSYSTEM_WATCHDOG_TIMER_INFORMATION WdTimerInfo = (PSYSTEM_WATCHDOG_TIMER_INFORMATION) SystemInformation;
|
|
|
|
//
|
|
// Caller must be kernel mode with the proper parameters
|
|
//
|
|
|
|
if (PreviousMode != KernelMode || SystemInformation == NULL || SystemInformationLength != sizeof(SYSTEM_WATCHDOG_TIMER_INFORMATION)) {
|
|
ExRaiseStatus (STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
if (ExpWdHandler == NULL) {
|
|
|
|
Status = STATUS_NOT_IMPLEMENTED;
|
|
|
|
} else {
|
|
|
|
switch (WdTimerInfo->WdInfoClass) {
|
|
case WdInfoTimeoutValue:
|
|
Status = ExpWdHandler( WdActionQueryTimeoutValue, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE );
|
|
break;
|
|
|
|
case WdInfoTriggerAction:
|
|
Status = ExpWdHandler( WdActionQueryTriggerAction, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE );
|
|
break;
|
|
|
|
case WdInfoState:
|
|
Status = ExpWdHandler( WdActionQueryState, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE );
|
|
break;
|
|
|
|
default:
|
|
Status = STATUS_INVALID_PARAMETER;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemLogicalProcessorInformation:
|
|
|
|
Status = KeQueryLogicalProcessorInformation(
|
|
SystemInformation,
|
|
SystemInformationLength,
|
|
&Length);
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = Length;
|
|
}
|
|
break;
|
|
|
|
default:
|
|
|
|
//
|
|
// Invalid argument.
|
|
//
|
|
|
|
return STATUS_INVALID_INFO_CLASS;
|
|
}
|
|
|
|
} except (EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
Status = GetExceptionCode();
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetSystemInformation (
|
|
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
|
|
IN PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function set information about the system.
|
|
|
|
Arguments:
|
|
|
|
SystemInformationClass - The system information class which is to
|
|
be modified.
|
|
|
|
SystemInformation - A pointer to a buffer which contains the specified
|
|
information. The format and content of the buffer depend on the
|
|
specified system information class.
|
|
|
|
|
|
SystemInformationLength - Specifies the length in bytes of the system
|
|
information buffer.
|
|
|
|
Return Value:
|
|
|
|
Returns one of the following status codes:
|
|
|
|
STATUS_SUCCESS - Normal, successful completion.
|
|
|
|
STATUS_ACCESS_VIOLATION - The specified system information buffer
|
|
is not accessible.
|
|
|
|
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
|
|
did not specify a valid value.
|
|
|
|
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
|
|
parameter did not match the length required for the information
|
|
class requested by the SystemInformationClass parameter.
|
|
|
|
STATUS_PRIVILEGE_NOT_HELD is returned if the caller does not have the
|
|
privilege to set the system time.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
BOOLEAN Enable;
|
|
KPROCESSOR_MODE PreviousMode;
|
|
NTSTATUS Status;
|
|
ULONG TimeAdjustment;
|
|
PSYSTEM_SET_TIME_ADJUST_INFORMATION TimeAdjustmentInformation;
|
|
HANDLE EventHandle;
|
|
PVOID Event;
|
|
ULONG LoadFlags = MM_LOAD_IMAGE_IN_SESSION;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Establish an exception handle in case the system information buffer
|
|
// is not accessible.
|
|
//
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
try {
|
|
|
|
//
|
|
// Get the previous processor mode and probe the input buffer for
|
|
// read access if necessary.
|
|
//
|
|
|
|
PreviousMode = KeGetPreviousMode();
|
|
if (PreviousMode != KernelMode) {
|
|
ProbeForRead((PVOID)SystemInformation,
|
|
SystemInformationLength,
|
|
sizeof(ULONG));
|
|
}
|
|
|
|
//
|
|
// Dispatch on the system information class.
|
|
//
|
|
|
|
switch (SystemInformationClass) {
|
|
case SystemFlagsInformation:
|
|
if (SystemInformationLength != sizeof( SYSTEM_FLAGS_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (!SeSinglePrivilegeCheck( SeDebugPrivilege, PreviousMode )) {
|
|
return STATUS_ACCESS_DENIED;
|
|
}
|
|
else {
|
|
ULONG Flags;
|
|
|
|
Flags = ((PSYSTEM_FLAGS_INFORMATION)SystemInformation)->Flags &
|
|
~(FLG_KERNELMODE_VALID_BITS | FLG_BOOTONLY_VALID_BITS);
|
|
Flags |= NtGlobalFlag & (FLG_KERNELMODE_VALID_BITS | FLG_BOOTONLY_VALID_BITS);
|
|
NtGlobalFlag = Flags;
|
|
((PSYSTEM_FLAGS_INFORMATION)SystemInformation)->Flags = NtGlobalFlag;
|
|
}
|
|
break;
|
|
|
|
//
|
|
// Set system time adjustment information.
|
|
//
|
|
// N.B. The caller must have the SeSystemTime privilege.
|
|
//
|
|
|
|
case SystemTimeAdjustmentInformation:
|
|
|
|
//
|
|
// If the system information buffer is not the correct length,
|
|
// then return an error.
|
|
//
|
|
|
|
if (SystemInformationLength != sizeof( SYSTEM_SET_TIME_ADJUST_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
//
|
|
// If the current thread does not have the privilege to set the
|
|
// time adjustment variables, then return an error.
|
|
//
|
|
|
|
if ((PreviousMode != KernelMode) &&
|
|
(SeSinglePrivilegeCheck(SeSystemtimePrivilege, PreviousMode) == FALSE)) {
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
}
|
|
|
|
//
|
|
// Set system time adjustment parameters.
|
|
//
|
|
|
|
TimeAdjustmentInformation =
|
|
(PSYSTEM_SET_TIME_ADJUST_INFORMATION)SystemInformation;
|
|
|
|
Enable = TimeAdjustmentInformation->Enable;
|
|
TimeAdjustment = TimeAdjustmentInformation->TimeAdjustment;
|
|
|
|
if (Enable == TRUE) {
|
|
KeTimeAdjustment = KeMaximumIncrement;
|
|
} else {
|
|
if (TimeAdjustment == 0) {
|
|
return STATUS_INVALID_PARAMETER_2;
|
|
}
|
|
KeTimeAdjustment = TimeAdjustment;
|
|
}
|
|
|
|
KeTimeSynchronization = Enable;
|
|
break;
|
|
|
|
//
|
|
// Set an event to signal when the clock interrupt has been
|
|
// masked for too long, causing the time to slip.
|
|
// The event will be referenced to prevent it from being
|
|
// deleted. If the new event handle is valid or NULL, the
|
|
// old event will be dereferenced and forgotten. If the
|
|
// event handle is non-NULL but invalid, the old event will
|
|
// be remembered and a failure status will be returned.
|
|
//
|
|
// N.B. The caller must have the SeSystemTime privilege.
|
|
//
|
|
case SystemTimeSlipNotification:
|
|
|
|
if (SystemInformationLength != sizeof(HANDLE)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
//
|
|
// If the current thread does not have the privilege to set the
|
|
// time adjustment variables, then return an error.
|
|
//
|
|
|
|
if ((PreviousMode != KernelMode) &&
|
|
(SeSinglePrivilegeCheck(SeSystemtimePrivilege, PreviousMode) == FALSE)) {
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
}
|
|
|
|
EventHandle = *(PHANDLE)SystemInformation;
|
|
|
|
if (EventHandle == NULL) {
|
|
|
|
//
|
|
// Dereference the old event and don't signal anything
|
|
// for time slips.
|
|
//
|
|
|
|
Event = NULL;
|
|
Status = STATUS_SUCCESS;
|
|
|
|
} else {
|
|
|
|
Status = ObReferenceObjectByHandle(EventHandle,
|
|
EVENT_MODIFY_STATE,
|
|
ExEventObjectType,
|
|
PreviousMode,
|
|
&Event,
|
|
NULL);
|
|
}
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
KdUpdateTimeSlipEvent(Event);
|
|
}
|
|
|
|
break;
|
|
|
|
//
|
|
// Set registry quota limit.
|
|
//
|
|
// N.B. The caller must have SeIncreaseQuotaPrivilege
|
|
//
|
|
case SystemRegistryQuotaInformation:
|
|
|
|
//
|
|
// If the system information buffer is not the correct length,
|
|
// then return an error.
|
|
//
|
|
|
|
if (SystemInformationLength != sizeof( SYSTEM_REGISTRY_QUOTA_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
//
|
|
// If the current thread does not have the privilege to create
|
|
// a pagefile, then return an error.
|
|
//
|
|
|
|
if ((PreviousMode != KernelMode) &&
|
|
(SeSinglePrivilegeCheck(SeIncreaseQuotaPrivilege, PreviousMode) == FALSE)) {
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
}
|
|
|
|
//
|
|
// Set registry quota parameters.
|
|
//
|
|
CmSetRegistryQuotaInformation((PSYSTEM_REGISTRY_QUOTA_INFORMATION)SystemInformation);
|
|
|
|
break;
|
|
|
|
case SystemPrioritySeperation:
|
|
{
|
|
ULONG PrioritySeparation;
|
|
|
|
//
|
|
// If the system information buffer is not the correct length,
|
|
// then return an error.
|
|
//
|
|
|
|
if (SystemInformationLength != sizeof (ULONG)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (!SeSinglePrivilegeCheck (SeTcbPrivilege, PreviousMode)) {
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
}
|
|
|
|
try {
|
|
PrioritySeparation = *(PULONG)SystemInformation;
|
|
}
|
|
except(EXCEPTION_EXECUTE_HANDLER) {
|
|
return GetExceptionCode();
|
|
}
|
|
|
|
PsChangeQuantumTable (TRUE, PrioritySeparation);
|
|
Status = STATUS_SUCCESS;
|
|
}
|
|
break;
|
|
|
|
case SystemExtendServiceTableInformation:
|
|
{
|
|
|
|
UNICODE_STRING Image;
|
|
PWSTR Buffer;
|
|
PVOID ImageBaseAddress;
|
|
ULONG_PTR EntryPoint;
|
|
PVOID SectionPointer;
|
|
PIMAGE_NT_HEADERS NtHeaders;
|
|
PDRIVER_INITIALIZE InitRoutine;
|
|
DRIVER_OBJECT Win32KDevice;
|
|
|
|
//
|
|
// If the system information buffer is not the correct length,
|
|
// then return an error.
|
|
//
|
|
|
|
if (SystemInformationLength != sizeof( UNICODE_STRING ) ) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (PreviousMode != KernelMode) {
|
|
|
|
//
|
|
// The caller's access mode is not kernel so check to ensure
|
|
// the caller has the privilege to load a driver.
|
|
//
|
|
|
|
if (!SeSinglePrivilegeCheck( SeLoadDriverPrivilege, PreviousMode )) {
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
}
|
|
|
|
Buffer = NULL;
|
|
|
|
try {
|
|
Image = *(PUNICODE_STRING)SystemInformation;
|
|
|
|
//
|
|
// Guard against overflow.
|
|
//
|
|
|
|
if (Image.Length > Image.MaximumLength) {
|
|
Image.Length = Image.MaximumLength;
|
|
}
|
|
if (Image.Length == 0) {
|
|
return STATUS_NO_MEMORY;
|
|
}
|
|
|
|
ProbeForRead(Image.Buffer, Image.Length, sizeof(UCHAR));
|
|
|
|
Buffer = ExAllocatePoolWithTag(PagedPool, Image.Length, 'ofnI');
|
|
if ( !Buffer ) {
|
|
return STATUS_NO_MEMORY;
|
|
}
|
|
|
|
RtlCopyMemory(Buffer, Image.Buffer, Image.Length);
|
|
Image.Buffer = Buffer;
|
|
Image.MaximumLength = Image.Length;
|
|
}
|
|
except(EXCEPTION_EXECUTE_HANDLER) {
|
|
if ( Buffer ) {
|
|
ExFreePool(Buffer);
|
|
}
|
|
return GetExceptionCode();
|
|
}
|
|
|
|
//
|
|
// Call MmLoadSystemImage with previous mode of kernel.
|
|
//
|
|
|
|
Status = ZwSetSystemInformation(
|
|
SystemExtendServiceTableInformation,
|
|
(PVOID)&Image,
|
|
sizeof(Image)
|
|
);
|
|
|
|
ExFreePool(Buffer);
|
|
|
|
return Status;
|
|
|
|
}
|
|
|
|
Image = *(PUNICODE_STRING)SystemInformation;
|
|
|
|
//
|
|
// Now in kernelmode, so load the driver.
|
|
//
|
|
|
|
Status = MmLoadSystemImage (&Image,
|
|
NULL,
|
|
NULL,
|
|
MM_LOAD_IMAGE_IN_SESSION,
|
|
&SectionPointer,
|
|
(PVOID *) &ImageBaseAddress);
|
|
|
|
if (!NT_SUCCESS (Status)) {
|
|
return Status;
|
|
}
|
|
|
|
NtHeaders = RtlImageNtHeader( ImageBaseAddress );
|
|
if (! NtHeaders) {
|
|
MmUnloadSystemImage (SectionPointer);
|
|
return STATUS_INVALID_IMAGE_FORMAT;
|
|
}
|
|
EntryPoint = NtHeaders->OptionalHeader.AddressOfEntryPoint;
|
|
EntryPoint += (ULONG_PTR) ImageBaseAddress;
|
|
InitRoutine = (PDRIVER_INITIALIZE) EntryPoint;
|
|
|
|
RtlZeroMemory (&Win32KDevice, sizeof(Win32KDevice));
|
|
ASSERT (KeGetCurrentIrql() == 0);
|
|
|
|
Win32KDevice.DriverStart = (PVOID)ImageBaseAddress;
|
|
Status = (InitRoutine)(&Win32KDevice,NULL);
|
|
|
|
ASSERT (KeGetCurrentIrql() == 0);
|
|
|
|
if (!NT_SUCCESS (Status)) {
|
|
MmUnloadSystemImage (SectionPointer);
|
|
}
|
|
else {
|
|
|
|
//
|
|
// Pass the driver object to memory management so the
|
|
// session can be unloaded cleanly.
|
|
//
|
|
|
|
MmSessionSetUnloadAddress (&Win32KDevice);
|
|
}
|
|
}
|
|
break;
|
|
|
|
|
|
case SystemUnloadGdiDriverInformation:
|
|
{
|
|
|
|
if (SystemInformationLength != sizeof( PVOID ) ) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (PreviousMode != KernelMode) {
|
|
|
|
//
|
|
// The caller's access mode is not kernel so fail.
|
|
// Only GDI from the kernel can call this.
|
|
//
|
|
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
|
|
}
|
|
|
|
MmUnloadSystemImage( *((PVOID *)SystemInformation) );
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
}
|
|
break;
|
|
|
|
case SystemLoadGdiDriverInSystemSpace:
|
|
{
|
|
LoadFlags &= ~MM_LOAD_IMAGE_IN_SESSION;
|
|
//
|
|
// Fall through
|
|
//
|
|
}
|
|
|
|
case SystemLoadGdiDriverInformation:
|
|
{
|
|
|
|
UNICODE_STRING Image;
|
|
PVOID ImageBaseAddress;
|
|
ULONG_PTR EntryPoint;
|
|
PVOID SectionPointer;
|
|
|
|
PIMAGE_NT_HEADERS NtHeaders;
|
|
|
|
//
|
|
// If the system information buffer is not the correct length,
|
|
// then return an error.
|
|
//
|
|
|
|
if (SystemInformationLength != sizeof( SYSTEM_GDI_DRIVER_INFORMATION ) ) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (PreviousMode != KernelMode) {
|
|
|
|
//
|
|
// The caller's access mode is not kernel so fail.
|
|
// Only GDI from the kernel can call this.
|
|
//
|
|
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
}
|
|
|
|
Image = ((PSYSTEM_GDI_DRIVER_INFORMATION)SystemInformation)->DriverName;
|
|
|
|
Status = MmLoadSystemImage (&Image,
|
|
NULL,
|
|
NULL,
|
|
LoadFlags,
|
|
&SectionPointer,
|
|
(PVOID *) &ImageBaseAddress);
|
|
|
|
|
|
if ((NT_SUCCESS( Status ))) {
|
|
|
|
PSYSTEM_GDI_DRIVER_INFORMATION GdiDriverInfo =
|
|
(PSYSTEM_GDI_DRIVER_INFORMATION) SystemInformation;
|
|
|
|
ULONG Size;
|
|
|
|
GdiDriverInfo->ExportSectionPointer =
|
|
RtlImageDirectoryEntryToData(ImageBaseAddress,
|
|
TRUE,
|
|
IMAGE_DIRECTORY_ENTRY_EXPORT,
|
|
&Size);
|
|
|
|
//
|
|
// Capture the entry point.
|
|
//
|
|
|
|
NtHeaders = RtlImageNtHeader( ImageBaseAddress );
|
|
EntryPoint = NtHeaders->OptionalHeader.AddressOfEntryPoint;
|
|
EntryPoint += (ULONG_PTR) ImageBaseAddress;
|
|
|
|
GdiDriverInfo->ImageAddress = (PVOID) ImageBaseAddress;
|
|
GdiDriverInfo->SectionPointer = SectionPointer;
|
|
GdiDriverInfo->EntryPoint = (PVOID) EntryPoint;
|
|
GdiDriverInfo->ImageLength = NtHeaders->OptionalHeader.SizeOfImage;
|
|
}
|
|
}
|
|
break;
|
|
|
|
|
|
case SystemFileCacheInformation:
|
|
|
|
if (SystemInformationLength < sizeof( SYSTEM_FILECACHE_INFORMATION )) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (!SeSinglePrivilegeCheck( SeIncreaseQuotaPrivilege, PreviousMode )) {
|
|
return STATUS_ACCESS_DENIED;
|
|
}
|
|
|
|
return MmAdjustWorkingSetSize (
|
|
((PSYSTEM_FILECACHE_INFORMATION)SystemInformation)->MinimumWorkingSet,
|
|
((PSYSTEM_FILECACHE_INFORMATION)SystemInformation)->MaximumWorkingSet,
|
|
TRUE,
|
|
TRUE);
|
|
|
|
break;
|
|
|
|
case SystemDpcBehaviorInformation:
|
|
{
|
|
SYSTEM_DPC_BEHAVIOR_INFORMATION DpcInfo;
|
|
//
|
|
// If the system information buffer is not the correct length,
|
|
// then return an error.
|
|
//
|
|
if (SystemInformationLength != sizeof(SYSTEM_DPC_BEHAVIOR_INFORMATION)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (PreviousMode != KernelMode) {
|
|
//
|
|
// The caller's access mode is not kernel so check to ensure that
|
|
// the caller has the privilege to load a driver.
|
|
//
|
|
|
|
if (!SeSinglePrivilegeCheck( SeLoadDriverPrivilege, PreviousMode )) {
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Exception handler for this routine will return the correct
|
|
// error if this access fails.
|
|
//
|
|
DpcInfo = *(PSYSTEM_DPC_BEHAVIOR_INFORMATION)SystemInformation;
|
|
|
|
//
|
|
// Set the new DPC behavior variables
|
|
//
|
|
KiMaximumDpcQueueDepth = DpcInfo.DpcQueueDepth;
|
|
KiMinimumDpcRate = DpcInfo.MinimumDpcRate;
|
|
KiAdjustDpcThreshold = DpcInfo.AdjustDpcThreshold;
|
|
KiIdealDpcRate = DpcInfo.IdealDpcRate;
|
|
}
|
|
break;
|
|
|
|
case SystemSessionCreate:
|
|
{
|
|
|
|
//
|
|
// Creation of a session space.
|
|
//
|
|
|
|
ULONG SessionId;
|
|
|
|
//
|
|
// If the system information buffer is not the correct length,
|
|
// then return an error.
|
|
//
|
|
|
|
if (SystemInformationLength != sizeof(ULONG)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (PreviousMode != KernelMode) {
|
|
|
|
//
|
|
// The caller's access mode is not kernel so check to
|
|
// ensure that the caller has the privilege to load
|
|
// a driver.
|
|
//
|
|
|
|
if (!SeSinglePrivilegeCheck (SeLoadDriverPrivilege, PreviousMode)) {
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
}
|
|
|
|
try {
|
|
ProbeForWriteUlong((PULONG)SystemInformation);
|
|
}
|
|
except (EXCEPTION_EXECUTE_HANDLER) {
|
|
return GetExceptionCode();
|
|
}
|
|
}
|
|
|
|
//
|
|
// Create a session space in the current process.
|
|
//
|
|
|
|
Status = MmSessionCreate (&SessionId);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
if (PreviousMode != KernelMode) {
|
|
try {
|
|
*(PULONG)SystemInformation = SessionId;
|
|
}
|
|
except (EXCEPTION_EXECUTE_HANDLER) {
|
|
return GetExceptionCode();
|
|
}
|
|
}
|
|
else {
|
|
*(PULONG)SystemInformation = SessionId;
|
|
}
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
break;
|
|
|
|
case SystemSessionDetach:
|
|
{
|
|
ULONG SessionId;
|
|
|
|
//
|
|
// If the system information buffer is not the correct length,
|
|
// then return an error.
|
|
//
|
|
|
|
if (SystemInformationLength != sizeof(ULONG)) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
if (PreviousMode != KernelMode) {
|
|
|
|
//
|
|
// The caller's access mode is not kernel so check to
|
|
// ensure that the caller has the privilege to load
|
|
// a driver.
|
|
//
|
|
|
|
if (!SeSinglePrivilegeCheck( SeLoadDriverPrivilege, PreviousMode )) {
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
}
|
|
|
|
try {
|
|
ProbeForRead ((PVOID)SystemInformation,
|
|
sizeof(ULONG),
|
|
sizeof(ULONG));
|
|
|
|
SessionId = *(PULONG)SystemInformation;
|
|
}
|
|
except (EXCEPTION_EXECUTE_HANDLER) {
|
|
return GetExceptionCode();
|
|
}
|
|
}
|
|
else {
|
|
SessionId = *(PULONG)SystemInformation;
|
|
}
|
|
|
|
//
|
|
// Detach the current process from a session space
|
|
// if it has one.
|
|
//
|
|
|
|
Status = MmSessionDelete (SessionId);
|
|
|
|
return Status;
|
|
}
|
|
break;
|
|
|
|
case SystemCrashDumpStateInformation:
|
|
|
|
//
|
|
// All this system information does when you set it is trigger a
|
|
// reconfigurating of the current crashdump state based on the
|
|
// registry.
|
|
//
|
|
Status = IoConfigureCrashDump(CrashDumpReconfigure);
|
|
|
|
break;
|
|
|
|
case SystemPerformanceTraceInformation:
|
|
#ifdef NTPERF
|
|
Status = PerfInfoSetPerformanceTraceInformation(SystemInformation,
|
|
SystemInformationLength
|
|
);
|
|
#else
|
|
Status = STATUS_INVALID_INFO_CLASS;
|
|
#endif // NTPERF
|
|
break;
|
|
|
|
case SystemVerifierThunkExtend:
|
|
|
|
if (PreviousMode != KernelMode) {
|
|
|
|
//
|
|
// The caller's access mode is not kernel so fail.
|
|
// Only device drivers can call this.
|
|
//
|
|
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
}
|
|
|
|
Status = MmAddVerifierThunks (SystemInformation,
|
|
SystemInformationLength);
|
|
|
|
break;
|
|
|
|
case SystemVerifierInformation:
|
|
|
|
if (!SeSinglePrivilegeCheck (SeDebugPrivilege, PreviousMode)) {
|
|
return STATUS_ACCESS_DENIED;
|
|
}
|
|
|
|
Status = MmSetVerifierInformation (SystemInformation,
|
|
SystemInformationLength);
|
|
|
|
break;
|
|
|
|
case SystemVerifierAddDriverInformation:
|
|
case SystemVerifierRemoveDriverInformation:
|
|
|
|
{
|
|
UNICODE_STRING Image;
|
|
PUNICODE_STRING ImagePointer;
|
|
PWSTR Buffer;
|
|
|
|
//
|
|
// If the system information buffer is not the correct length,
|
|
// then return an error.
|
|
//
|
|
|
|
if (SystemInformationLength != sizeof( UNICODE_STRING ) ) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Buffer = NULL;
|
|
|
|
if (PreviousMode != KernelMode) {
|
|
|
|
//
|
|
// The caller's access mode is not kernel so check to ensure
|
|
// the caller has the privilege to add a verifier entry.
|
|
//
|
|
|
|
if (!SeSinglePrivilegeCheck( SeDebugPrivilege, PreviousMode )) {
|
|
return STATUS_PRIVILEGE_NOT_HELD;
|
|
}
|
|
|
|
try {
|
|
Image = *(PUNICODE_STRING)SystemInformation;
|
|
|
|
//
|
|
// Guard against overflow.
|
|
//
|
|
|
|
if (Image.Length > Image.MaximumLength) {
|
|
Image.Length = Image.MaximumLength;
|
|
}
|
|
if (Image.Length == 0) {
|
|
return STATUS_NO_MEMORY;
|
|
}
|
|
|
|
ProbeForRead(Image.Buffer, Image.Length, sizeof(UCHAR));
|
|
|
|
Buffer = ExAllocatePoolWithTag(PagedPool, Image.Length, 'ofnI');
|
|
if ( !Buffer ) {
|
|
return STATUS_NO_MEMORY;
|
|
}
|
|
|
|
RtlCopyMemory(Buffer, Image.Buffer, Image.Length);
|
|
Image.Buffer = Buffer;
|
|
Image.MaximumLength = Image.Length;
|
|
}
|
|
except(EXCEPTION_EXECUTE_HANDLER) {
|
|
if ( Buffer ) {
|
|
ExFreePool(Buffer);
|
|
}
|
|
return GetExceptionCode();
|
|
}
|
|
ImagePointer = &Image;
|
|
}
|
|
else {
|
|
ImagePointer = (PUNICODE_STRING)SystemInformation;
|
|
}
|
|
|
|
switch (SystemInformationClass) {
|
|
case SystemVerifierAddDriverInformation:
|
|
Status = MmAddVerifierEntry (ImagePointer);
|
|
break;
|
|
case SystemVerifierRemoveDriverInformation:
|
|
Status = MmRemoveVerifierEntry (ImagePointer);
|
|
break;
|
|
default:
|
|
Status = STATUS_INVALID_INFO_CLASS;
|
|
break;
|
|
}
|
|
|
|
if (Buffer) {
|
|
ExFreePool(Buffer);
|
|
}
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemMirrorMemoryInformation:
|
|
Status = MmCreateMirror ();
|
|
break;
|
|
|
|
case SystemPrefetcherInformation:
|
|
|
|
Status = CcPfSetPrefetcherInformation(SystemInformationClass,
|
|
SystemInformation,
|
|
SystemInformationLength,
|
|
PreviousMode
|
|
);
|
|
break;
|
|
|
|
case SystemComPlusPackage:
|
|
|
|
if (SystemInformationLength != sizeof( ULONG ) ) {
|
|
return STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
|
|
Status = ExpUpdateComPlusPackage (*(PULONG)SystemInformation);
|
|
if (NT_SUCCESS (Status)) {
|
|
SharedUserData->ComPlusPackage = *(PULONG)SystemInformation;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemHotpatchInformation:
|
|
|
|
#if defined(_X86_)
|
|
|
|
Status = ExApplyCodePatch( SystemInformation,
|
|
SystemInformationLength
|
|
);
|
|
#else
|
|
//
|
|
// The platforms which no not support hotpatching yet
|
|
// simple return the appropriate status
|
|
//
|
|
|
|
Status = STATUS_NOT_IMPLEMENTED;
|
|
#endif
|
|
break;
|
|
|
|
case SystemWatchdogTimerHandler:
|
|
|
|
{
|
|
PSYSTEM_WATCHDOG_HANDLER_INFORMATION WdHandlerInfo = (PSYSTEM_WATCHDOG_HANDLER_INFORMATION) SystemInformation;
|
|
|
|
//
|
|
// Caller must be kernel mode with the proper parameters
|
|
//
|
|
|
|
if (PreviousMode != KernelMode || SystemInformation == NULL || SystemInformationLength != sizeof(SYSTEM_WATCHDOG_HANDLER_INFORMATION)) {
|
|
ExRaiseStatus (STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
ExpWdHandler = WdHandlerInfo->WdHandler;
|
|
ExpWdHandlerContext = WdHandlerInfo->Context;
|
|
}
|
|
|
|
break;
|
|
|
|
case SystemWatchdogTimerInformation:
|
|
|
|
{
|
|
PSYSTEM_WATCHDOG_TIMER_INFORMATION WdTimerInfo = (PSYSTEM_WATCHDOG_TIMER_INFORMATION) SystemInformation;
|
|
|
|
//
|
|
// Caller must be kernel mode with the proper parameters
|
|
//
|
|
|
|
if (PreviousMode != KernelMode || SystemInformation == NULL || SystemInformationLength != sizeof(SYSTEM_WATCHDOG_TIMER_INFORMATION)) {
|
|
ExRaiseStatus (STATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
if (ExpWdHandler == NULL) {
|
|
|
|
Status = STATUS_NOT_IMPLEMENTED;
|
|
|
|
} else {
|
|
|
|
switch (WdTimerInfo->WdInfoClass) {
|
|
case WdInfoTimeoutValue:
|
|
Status = ExpWdHandler( WdActionSetTimeoutValue, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE );
|
|
break;
|
|
|
|
case WdInfoResetTimer:
|
|
Status = ExpWdHandler( WdActionResetTimer, ExpWdHandlerContext, NULL, FALSE );
|
|
break;
|
|
|
|
case WdInfoStopTimer:
|
|
Status = ExpWdHandler( WdActionStopTimer, ExpWdHandlerContext, NULL, FALSE );
|
|
break;
|
|
|
|
case WdInfoStartTimer:
|
|
Status = ExpWdHandler( WdActionStartTimer, ExpWdHandlerContext, NULL, FALSE );
|
|
break;
|
|
|
|
case WdInfoTriggerAction:
|
|
Status = ExpWdHandler( WdActionSetTriggerAction, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE );
|
|
break;
|
|
|
|
default:
|
|
Status = STATUS_INVALID_PARAMETER;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
//KeBugCheckEx(SystemInformationClass,KdPitchDebugger,0,0,0);
|
|
Status = STATUS_INVALID_INFO_CLASS;
|
|
break;
|
|
}
|
|
|
|
} except (EXCEPTION_EXECUTE_HANDLER) {
|
|
Status = GetExceptionCode();
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExLockUserBuffer (
|
|
IN PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN KPROCESSOR_MODE ProbeMode,
|
|
IN LOCK_OPERATION LockMode,
|
|
OUT PVOID *LockedBuffer,
|
|
OUT PVOID *LockVariable
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Wrapper for MmProbeAndLockPages. Creates an MDL and locks the
|
|
specified buffer with that MDL.
|
|
|
|
Arguments:
|
|
|
|
Buffer - pointer to the buffer to be locked.
|
|
Length - size of the buffer to be locked.
|
|
ProbeMode - processor mode for doing the probe in MmProbeAndLockPages.
|
|
LockMode - the mode the pages should be locked for.
|
|
LockedBuffer - returns a pointer to the locked buffer for use by the
|
|
caller.
|
|
LockVariable - returns a context pointer. This must be passed into
|
|
ExUnlockUserBuffer when complete so the MDL can be freed.
|
|
|
|
Return Value:
|
|
|
|
Returns one of the following status codes:
|
|
|
|
STATUS_SUCCESS - Normal, successful completion.
|
|
|
|
STATUS_ACCESS_VIOLATION - The buffer is not accessible with the
|
|
specified LockMode.
|
|
|
|
STATUS_INSUFFICIENT_RESOURCES - not enough memory to allocate the MDL.
|
|
|
|
|
|
--*/
|
|
{
|
|
PMDL Mdl;
|
|
SIZE_T MdlSize;
|
|
|
|
//
|
|
// It is the caller's responsibility to ensure zero cannot be passed in.
|
|
//
|
|
|
|
ASSERT (Length != 0);
|
|
|
|
*LockedBuffer = NULL;
|
|
*LockVariable = NULL;
|
|
|
|
//
|
|
// Allocate an MDL to map the request.
|
|
//
|
|
|
|
MdlSize = MmSizeOfMdl( Buffer, Length );
|
|
Mdl = ExAllocatePoolWithQuotaTag (NonPagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,
|
|
MdlSize,
|
|
'ofnI');
|
|
if (Mdl == NULL) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
//
|
|
// Initialize MDL for request.
|
|
//
|
|
|
|
MmInitializeMdl(Mdl, Buffer, Length);
|
|
|
|
try {
|
|
|
|
MmProbeAndLockPages (Mdl, ProbeMode, LockMode);
|
|
|
|
} except (EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
ExFreePool (Mdl);
|
|
|
|
return GetExceptionCode();
|
|
}
|
|
|
|
Mdl->MdlFlags |= MDL_MAPPING_CAN_FAIL;
|
|
*LockedBuffer = MmGetSystemAddressForMdl (Mdl);
|
|
if (*LockedBuffer == NULL) {
|
|
ExUnlockUserBuffer (Mdl);
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
*LockVariable = Mdl;
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
|
|
VOID
|
|
ExUnlockUserBuffer(
|
|
IN PVOID LockVariable
|
|
)
|
|
|
|
{
|
|
MmUnlockPages ((PMDL)LockVariable);
|
|
ExFreePool ((PMDL)LockVariable);
|
|
return;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExpGetProcessInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length,
|
|
IN PULONG SessionId OPTIONAL,
|
|
IN BOOLEAN ExtendedInformation
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function returns information about all the processes and
|
|
threads in the system.
|
|
|
|
Arguments:
|
|
|
|
SystemInformation - A pointer to a buffer which receives the specified
|
|
information.
|
|
|
|
SystemInformationLength - Specifies the length in bytes of the system
|
|
information buffer.
|
|
|
|
Length - An optional pointer which, if specified, receives the
|
|
number of bytes placed in the system information buffer.
|
|
|
|
SessionId - Session Id.
|
|
|
|
ExtendedInformation - TRUE if extended information (e.g., Process PDE) is needed.
|
|
|
|
Environment:
|
|
|
|
Kernel mode.
|
|
|
|
This routine could be made PAGELK but it is a high frequency routine
|
|
so it is actually better to keep it nonpaged to avoid bringing in the
|
|
entire PAGELK section.
|
|
|
|
Return Value:
|
|
|
|
Returns one of the following status codes:
|
|
|
|
STATUS_SUCCESS - normal, successful completion.
|
|
|
|
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
|
|
did not specify a valid value.
|
|
|
|
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
|
|
parameter did not match the length required for the information
|
|
class requested by the SystemInformationClass parameter.
|
|
|
|
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
|
|
or the Length pointer value specified an invalid address.
|
|
|
|
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
|
|
working set to lock the specified output structure in memory.
|
|
|
|
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
|
|
for this request to complete.
|
|
|
|
--*/
|
|
|
|
{
|
|
KLOCK_QUEUE_HANDLE LockHandle;
|
|
PEPROCESS Process = NULL;
|
|
PETHREAD Thread;
|
|
PSYSTEM_PROCESS_INFORMATION ProcessInfo;
|
|
PVOID ThreadInfo;
|
|
ULONG ThreadInfoSize;
|
|
PLIST_ENTRY NextThread;
|
|
PVOID MappedAddress;
|
|
PVOID LockVariable;
|
|
ULONG ProcessSessionId;
|
|
ULONG TotalSize = 0;
|
|
ULONG NextEntryOffset = 0;
|
|
PUCHAR Src;
|
|
PWCHAR SrcW;
|
|
PWSTR Dst;
|
|
ULONG n, nc;
|
|
NTSTATUS status = STATUS_SUCCESS, status1;
|
|
PUNICODE_STRING pImageFileName;
|
|
|
|
*Length = 0;
|
|
if (SystemInformationLength > 0) {
|
|
status1 = ExLockUserBuffer (SystemInformation,
|
|
SystemInformationLength,
|
|
KeGetPreviousMode(),
|
|
IoWriteAccess,
|
|
&MappedAddress,
|
|
&LockVariable);
|
|
|
|
if (!NT_SUCCESS(status1)) {
|
|
return status1;
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// This indicates the caller just wants to know the size of the
|
|
// buffer to allocate but is not prepared to accept any data content
|
|
// in this instance.
|
|
//
|
|
|
|
MappedAddress = NULL;
|
|
LockVariable = NULL;
|
|
}
|
|
|
|
if (ExtendedInformation) {
|
|
ThreadInfoSize = sizeof(SYSTEM_EXTENDED_THREAD_INFORMATION);
|
|
|
|
} else {
|
|
ThreadInfoSize = sizeof(SYSTEM_THREAD_INFORMATION);
|
|
}
|
|
|
|
ProcessInfo = (PSYSTEM_PROCESS_INFORMATION) MappedAddress;
|
|
|
|
try {
|
|
|
|
//
|
|
// Do the idle process first then all the other processes.
|
|
//
|
|
|
|
for (Process = PsIdleProcess;
|
|
Process != NULL;
|
|
Process = PsGetNextProcess ((Process == PsIdleProcess) ? NULL : Process)) {
|
|
|
|
//
|
|
// Skip terminating processes
|
|
//
|
|
|
|
if (Process->Flags&PS_PROCESS_FLAGS_PROCESS_EXITING) {
|
|
continue;
|
|
}
|
|
|
|
if (ARGUMENT_PRESENT(SessionId) && Process == PsIdleProcess) {
|
|
continue;
|
|
}
|
|
|
|
ProcessSessionId = MmGetSessionId (Process);
|
|
if ((ARGUMENT_PRESENT(SessionId)) &&
|
|
(ProcessSessionId != *SessionId)) {
|
|
continue;
|
|
}
|
|
|
|
ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)
|
|
((PUCHAR)MappedAddress + TotalSize);
|
|
|
|
NextEntryOffset = sizeof(SYSTEM_PROCESS_INFORMATION);
|
|
TotalSize += sizeof(SYSTEM_PROCESS_INFORMATION);
|
|
if (TotalSize > SystemInformationLength) {
|
|
status = STATUS_INFO_LENGTH_MISMATCH;
|
|
|
|
} else {
|
|
|
|
//
|
|
// Get information for each process.
|
|
//
|
|
|
|
ExpCopyProcessInfo (ProcessInfo, Process, ExtendedInformation);
|
|
ProcessInfo->NumberOfThreads = 0;
|
|
|
|
//
|
|
// Store the Remote Terminal SessionId
|
|
//
|
|
|
|
ProcessInfo->SessionId = ProcessSessionId;
|
|
ProcessInfo->ImageName.Buffer = NULL;
|
|
ProcessInfo->ImageName.Length = 0;
|
|
ProcessInfo->ImageName.MaximumLength = 0;
|
|
if (Process == PsIdleProcess) {
|
|
|
|
//
|
|
// Since Idle process and system process share the same
|
|
// object table, zero out idle processes handle count to
|
|
// reduce confusion
|
|
//
|
|
// Idle Process always has SessionId 0
|
|
//
|
|
|
|
ProcessInfo->HandleCount = 0;
|
|
ProcessInfo->SessionId = 0;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Raise IRQL to SYNCH_LEVEL, acquire the kernel process lock, and
|
|
// get information for each thread.
|
|
//
|
|
|
|
ThreadInfo = (PVOID)(ProcessInfo + 1);
|
|
KeAcquireInStackQueuedSpinLockRaiseToSynch(&Process->Pcb.ProcessLock,
|
|
&LockHandle);
|
|
|
|
NextThread = Process->Pcb.ThreadListHead.Flink;
|
|
while (NextThread != &Process->Pcb.ThreadListHead) {
|
|
NextEntryOffset += ThreadInfoSize;
|
|
TotalSize += ThreadInfoSize;
|
|
|
|
if (TotalSize > SystemInformationLength) {
|
|
status = STATUS_INFO_LENGTH_MISMATCH;
|
|
|
|
} else {
|
|
Thread = (PETHREAD)(CONTAINING_RECORD(NextThread,
|
|
KTHREAD,
|
|
ThreadListEntry));
|
|
|
|
//
|
|
// Lock dispatcher database to get atomic view of thread
|
|
// attributes.
|
|
//
|
|
|
|
KiLockDispatcherDatabaseAtSynchLevel();
|
|
ExpCopyThreadInfo (ThreadInfo, Thread, ExtendedInformation);
|
|
KiUnlockDispatcherDatabaseFromSynchLevel();
|
|
ProcessInfo->NumberOfThreads += 1;
|
|
ThreadInfo = (PCHAR) ThreadInfo + ThreadInfoSize;
|
|
}
|
|
|
|
NextThread = NextThread->Flink;
|
|
}
|
|
|
|
//
|
|
// Unlock kernel process lock and lower IRQL to its previous value.
|
|
//
|
|
|
|
KeReleaseInStackQueuedSpinLock(&LockHandle);
|
|
|
|
//
|
|
// Get the image name.
|
|
//
|
|
|
|
if (Process != PsIdleProcess) {
|
|
|
|
//
|
|
// Try to use the real image name if we can that not limited to 16 characters
|
|
//
|
|
|
|
Dst = (PWSTR)(ThreadInfo);
|
|
status1 = SeLocateProcessImageName (Process, &pImageFileName);
|
|
if (NT_SUCCESS (status1)) {
|
|
n = pImageFileName->Length;
|
|
if (n == 0) {
|
|
ExFreePool (pImageFileName);
|
|
}
|
|
|
|
} else {
|
|
n = 0;
|
|
}
|
|
|
|
if (n) {
|
|
SrcW = pImageFileName->Buffer + n / sizeof (WCHAR);
|
|
while (SrcW != pImageFileName->Buffer) {
|
|
if (*--SrcW == L'\\') {
|
|
SrcW = SrcW + 1;
|
|
break;
|
|
}
|
|
}
|
|
|
|
nc = n - (ULONG)(SrcW - pImageFileName->Buffer) * sizeof (WCHAR);
|
|
n = ROUND_UP (nc + 1, sizeof(LARGE_INTEGER));
|
|
TotalSize += n;
|
|
NextEntryOffset += n;
|
|
if (TotalSize > SystemInformationLength) {
|
|
status = STATUS_INFO_LENGTH_MISMATCH;
|
|
|
|
} else {
|
|
RtlCopyMemory (Dst, SrcW, nc);
|
|
Dst += nc / sizeof (WCHAR);
|
|
*Dst++ = L'\0';
|
|
}
|
|
|
|
ExFreePool (pImageFileName);
|
|
|
|
} else {
|
|
Src = Process->ImageFileName;
|
|
n = (ULONG) strlen ((PCHAR)Src);
|
|
if (n != 0) {
|
|
n = ROUND_UP( ((n + 1) * sizeof( WCHAR )), sizeof(LARGE_INTEGER) );
|
|
TotalSize += n;
|
|
NextEntryOffset += n;
|
|
if (TotalSize > SystemInformationLength) {
|
|
status = STATUS_INFO_LENGTH_MISMATCH;
|
|
|
|
} else {
|
|
WCHAR c;
|
|
|
|
while (1) {
|
|
c = (WCHAR)*Src++;
|
|
*Dst++ = c;
|
|
if (c == L'\0') {
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (NT_SUCCESS (status)) {
|
|
ProcessInfo->ImageName.Length = (USHORT)((PCHAR)Dst -
|
|
(PCHAR)ThreadInfo - sizeof( UNICODE_NULL ));
|
|
|
|
ProcessInfo->ImageName.MaximumLength = (USHORT)n;
|
|
|
|
//
|
|
// Set the image name to point into the user's memory.
|
|
//
|
|
|
|
ProcessInfo->ImageName.Buffer = (PWSTR)
|
|
((PCHAR)SystemInformation +
|
|
((PCHAR)(ThreadInfo) - (PCHAR)MappedAddress));
|
|
}
|
|
}
|
|
|
|
//
|
|
// Point to next process.
|
|
//
|
|
|
|
if (NT_SUCCESS (status)) {
|
|
ProcessInfo->NextEntryOffset = NextEntryOffset;
|
|
}
|
|
}
|
|
|
|
if (NT_SUCCESS (status)) {
|
|
ProcessInfo->NextEntryOffset = 0;
|
|
}
|
|
|
|
*Length = TotalSize;
|
|
|
|
} finally {
|
|
|
|
if (MappedAddress != NULL) {
|
|
ExUnlockUserBuffer (LockVariable);
|
|
}
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExGetSessionPoolTagInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length,
|
|
IN PULONG SessionId OPTIONAL
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function returns information about all the per-session pool tag
|
|
information in the system.
|
|
|
|
Arguments:
|
|
|
|
SystemInformation - A pointer to a buffer which receives the specified
|
|
information.
|
|
|
|
SystemInformationLength - Specifies the length in bytes of the system
|
|
information buffer.
|
|
|
|
Length - Receives the number of bytes placed (or would have been placed)
|
|
in the system information buffer.
|
|
|
|
SessionId - Session Id (-1 indicates enumerate all sessions).
|
|
|
|
Environment:
|
|
|
|
Kernel mode.
|
|
|
|
Return Value:
|
|
|
|
Returns one of the following status codes:
|
|
|
|
STATUS_SUCCESS - normal, successful completion.
|
|
|
|
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
|
|
did not specify a valid value.
|
|
|
|
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
|
|
parameter did not match the length required for the information
|
|
class requested by the SystemInformationClass parameter.
|
|
|
|
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
|
|
or the Length pointer value specified an invalid address.
|
|
|
|
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
|
|
working set to lock the specified output structure in memory.
|
|
|
|
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
|
|
for this request to complete.
|
|
|
|
--*/
|
|
|
|
{
|
|
KAPC_STATE ApcState;
|
|
PVOID MappedAddress;
|
|
PVOID OpaqueSession;
|
|
PVOID LockVariable;
|
|
ULONG TotalSize;
|
|
ULONG NextEntryOffset;
|
|
ULONG CurrentSessionId;
|
|
ULONG Count;
|
|
ULONG AbsoluteCount;
|
|
NTSTATUS status;
|
|
NTSTATUS status1;
|
|
PSYSTEM_SESSION_POOLTAG_INFORMATION SessionPoolTagInfo;
|
|
|
|
*Length = 0;
|
|
TotalSize = 0;
|
|
NextEntryOffset = 0;
|
|
status = STATUS_SUCCESS;
|
|
SessionPoolTagInfo = NULL;
|
|
|
|
if (SystemInformationLength > 0) {
|
|
|
|
status1 = ExLockUserBuffer (SystemInformation,
|
|
SystemInformationLength,
|
|
KeGetPreviousMode(),
|
|
IoWriteAccess,
|
|
&MappedAddress,
|
|
&LockVariable);
|
|
|
|
if (!NT_SUCCESS(status1)) {
|
|
return status1;
|
|
}
|
|
|
|
}
|
|
else {
|
|
|
|
//
|
|
// This indicates the caller just wants to know the size of the
|
|
// buffer to allocate but is not prepared to accept any data content
|
|
// in this instance.
|
|
//
|
|
|
|
MappedAddress = NULL;
|
|
LockVariable = NULL;
|
|
}
|
|
|
|
for (OpaqueSession = MmGetNextSession (NULL);
|
|
OpaqueSession != NULL;
|
|
OpaqueSession = MmGetNextSession (OpaqueSession)) {
|
|
|
|
SessionPoolTagInfo = (PSYSTEM_SESSION_POOLTAG_INFORMATION)
|
|
((PUCHAR)MappedAddress + TotalSize);
|
|
|
|
//
|
|
// If a specific session was requested, only extract that one.
|
|
//
|
|
|
|
CurrentSessionId = MmGetSessionId (OpaqueSession);
|
|
|
|
if ((*SessionId == 0xFFFFFFFF) || (CurrentSessionId == *SessionId)) {
|
|
|
|
//
|
|
// Attach to session now to perform operations...
|
|
//
|
|
|
|
if (NT_SUCCESS (MmAttachSession (OpaqueSession, &ApcState))) {
|
|
|
|
//
|
|
// Session is still alive so include it.
|
|
//
|
|
|
|
NextEntryOffset = sizeof (SYSTEM_SESSION_POOLTAG_INFORMATION);
|
|
TotalSize += sizeof (SYSTEM_SESSION_POOLTAG_INFORMATION);
|
|
|
|
if (TotalSize > SystemInformationLength) {
|
|
|
|
status = STATUS_INFO_LENGTH_MISMATCH;
|
|
|
|
//
|
|
// Get absolute size for this session, ignore status as
|
|
// we must return the one above.
|
|
//
|
|
|
|
ExGetSessionPoolTagInfo (NULL,
|
|
0,
|
|
&Count,
|
|
&AbsoluteCount);
|
|
}
|
|
else {
|
|
|
|
//
|
|
// Get pool tagging information for each session.
|
|
//
|
|
|
|
status = ExGetSessionPoolTagInfo (
|
|
SessionPoolTagInfo->TagInfo,
|
|
SystemInformationLength - TotalSize + sizeof (SYSTEM_POOLTAG),
|
|
&Count,
|
|
&AbsoluteCount);
|
|
|
|
SessionPoolTagInfo->SessionId = CurrentSessionId;
|
|
SessionPoolTagInfo->Count = Count;
|
|
|
|
//
|
|
// Point to next session.
|
|
//
|
|
|
|
if (NT_SUCCESS (status)) {
|
|
NextEntryOffset += ((Count - 1) * sizeof (SYSTEM_POOLTAG));
|
|
SessionPoolTagInfo->NextEntryOffset = NextEntryOffset;
|
|
}
|
|
}
|
|
|
|
TotalSize += ((AbsoluteCount - 1) * sizeof (SYSTEM_POOLTAG));
|
|
|
|
//
|
|
// Detach from session.
|
|
//
|
|
|
|
MmDetachSession (OpaqueSession, &ApcState);
|
|
}
|
|
|
|
//
|
|
// Bail if only this session was of interest.
|
|
//
|
|
|
|
if (*SessionId != 0xFFFFFFFF) {
|
|
MmQuitNextSession (OpaqueSession);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ((NT_SUCCESS (status)) && (SessionPoolTagInfo != NULL)) {
|
|
SessionPoolTagInfo->NextEntryOffset = 0;
|
|
}
|
|
|
|
if (MappedAddress != NULL) {
|
|
ExUnlockUserBuffer (LockVariable);
|
|
}
|
|
|
|
*Length = TotalSize;
|
|
|
|
return status;
|
|
}
|
|
|
|
VOID
|
|
ExpGetProcessorPowerInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
)
|
|
{
|
|
KAFFINITY currentAffinity;
|
|
KAFFINITY processors;
|
|
KIRQL oldIrql;
|
|
PKPRCB Prcb;
|
|
PPROCESSOR_POWER_STATE PState;
|
|
PPROCESSOR_PERF_STATE PerfStates;
|
|
PSYSTEM_PROCESSOR_POWER_INFORMATION CallerPowerInfo;
|
|
SYSTEM_PROCESSOR_POWER_INFORMATION ProcessorPowerInfo;
|
|
|
|
//
|
|
// We will walk this pointer to store the user data...
|
|
//
|
|
CallerPowerInfo = (PSYSTEM_PROCESSOR_POWER_INFORMATION) SystemInformation;
|
|
*Length = 0;
|
|
|
|
//
|
|
// Lock everything down
|
|
//
|
|
MmLockPagableSectionByHandle (ExPageLockHandle);
|
|
|
|
//
|
|
// Walk the list of processors
|
|
//
|
|
processors = KeActiveProcessors;
|
|
currentAffinity = 1;
|
|
while (processors) {
|
|
|
|
if (!(processors & currentAffinity)) {
|
|
|
|
currentAffinity <<= 1;
|
|
|
|
}
|
|
|
|
//
|
|
// Check to see if we have the space for this
|
|
//
|
|
if (SystemInformationLength < *Length + sizeof(SYSTEM_PROCESSOR_POWER_INFORMATION)) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
processors &= ~currentAffinity;
|
|
KeSetSystemAffinityThread(currentAffinity);
|
|
currentAffinity <<= 1;
|
|
|
|
//
|
|
// Raise to DPC level to synchronize access to the data structures
|
|
//
|
|
KeRaiseIrql(DISPATCH_LEVEL, &oldIrql );
|
|
|
|
//
|
|
// Get the PRCB and PowerState information
|
|
//
|
|
Prcb = KeGetCurrentPrcb();
|
|
PState = &(Prcb->PowerState);
|
|
PerfStates = PState->PerfStates;
|
|
|
|
//
|
|
// Grab the data that we care about
|
|
//
|
|
ProcessorPowerInfo.CurrentFrequency = PState->CurrentThrottle;
|
|
ProcessorPowerInfo.LastBusyFrequency = PState->LastBusyPercentage;
|
|
ProcessorPowerInfo.LastAdjustedBusyFrequency = PState->LastAdjustedBusyPercentage;
|
|
ProcessorPowerInfo.LastC3Frequency = PState->LastC3Percentage;
|
|
ProcessorPowerInfo.ProcessorMinThrottle = PState->ProcessorMinThrottle;
|
|
ProcessorPowerInfo.ProcessorMaxThrottle = PState->ProcessorMaxThrottle;
|
|
ProcessorPowerInfo.ErrorCount = PState->ErrorCount;
|
|
ProcessorPowerInfo.RetryCount = PState->RetryCount;
|
|
|
|
//
|
|
// Do we have any kind of PerfStates?
|
|
//
|
|
if (PerfStates) {
|
|
|
|
ProcessorPowerInfo.ThermalLimitFrequency = PerfStates[PState->ThermalThrottleIndex].PercentFrequency;
|
|
ProcessorPowerInfo.ConstantThrottleFrequency = PerfStates[PState->KneeThrottleIndex].PercentFrequency;
|
|
ProcessorPowerInfo.DegradedThrottleFrequency = PerfStates[PState->ThrottleLimitIndex].PercentFrequency;
|
|
|
|
} else {
|
|
|
|
ProcessorPowerInfo.ThermalLimitFrequency = 0;
|
|
ProcessorPowerInfo.ConstantThrottleFrequency = 0;
|
|
ProcessorPowerInfo.DegradedThrottleFrequency = 0;
|
|
|
|
}
|
|
|
|
ProcessorPowerInfo.CurrentFrequencyTime =
|
|
UInt32x32To64(
|
|
(Prcb->KernelTime + Prcb->UserTime - PState->PerfTickCount),
|
|
KeMaximumIncrement
|
|
);
|
|
ProcessorPowerInfo.CurrentProcessorTime =
|
|
UInt32x32To64(
|
|
Prcb->KernelTime + Prcb->UserTime,
|
|
KeMaximumIncrement
|
|
);
|
|
ProcessorPowerInfo.CurrentProcessorIdleTime =
|
|
UInt32x32To64( Prcb->IdleThread->KernelTime, KeMaximumIncrement );
|
|
ProcessorPowerInfo.LastProcessorTime =
|
|
UInt32x32To64( PState->PerfSystemTime, KeMaximumIncrement );
|
|
ProcessorPowerInfo.LastProcessorIdleTime =
|
|
UInt32x32To64( PState->PerfIdleTime, KeMaximumIncrement );
|
|
|
|
ProcessorPowerInfo.PromotionCount = PState->PromotionCount;
|
|
ProcessorPowerInfo.DemotionCount = PState->DemotionCount;
|
|
ProcessorPowerInfo.NumberOfFrequencies = PState->PerfStatesCount;
|
|
|
|
//
|
|
// Return to the original level (should be IRQL 0)
|
|
//
|
|
KeLowerIrql( oldIrql );
|
|
|
|
//
|
|
// Copy the data to the correct place
|
|
//
|
|
try {
|
|
RtlCopyMemory(
|
|
CallerPowerInfo,
|
|
&ProcessorPowerInfo,
|
|
sizeof(SYSTEM_PROCESSOR_POWER_INFORMATION)
|
|
);
|
|
} except (EXCEPTION_EXECUTE_HANDLER) {
|
|
MmUnlockPagableImageSection(ExPageLockHandle);
|
|
ExRaiseStatus (GetExceptionCode ());
|
|
}
|
|
|
|
//
|
|
// Point to the next structure element
|
|
//
|
|
CallerPowerInfo++;
|
|
*Length += sizeof(SYSTEM_PROCESSOR_POWER_INFORMATION);
|
|
|
|
}
|
|
|
|
//
|
|
// Revert to the original affinity
|
|
//
|
|
KeRevertToUserAffinityThread();
|
|
|
|
//
|
|
// Unlock everything
|
|
MmUnlockPagableImageSection(ExPageLockHandle);
|
|
}
|
|
|
|
VOID
|
|
ExpGetProcessorIdleInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
)
|
|
{
|
|
KAFFINITY currentAffinity;
|
|
KAFFINITY processors;
|
|
KIRQL oldIrql;
|
|
LARGE_INTEGER PerfFrequency;
|
|
PKPRCB Prcb;
|
|
PPROCESSOR_POWER_STATE PState;
|
|
PSYSTEM_PROCESSOR_IDLE_INFORMATION CallerIdleInfo;
|
|
SYSTEM_PROCESSOR_IDLE_INFORMATION ProcessorIdleInfo;
|
|
|
|
//
|
|
// We will walk this pointer to store the user data...
|
|
//
|
|
CallerIdleInfo = (PSYSTEM_PROCESSOR_IDLE_INFORMATION) SystemInformation;
|
|
*Length = 0;
|
|
|
|
//
|
|
// We need to know what frequency the perf counters are running at
|
|
//
|
|
KeQueryPerformanceCounter(&PerfFrequency);
|
|
|
|
//
|
|
// Lock everything down
|
|
//
|
|
MmLockPagableSectionByHandle (ExPageLockHandle);
|
|
|
|
//
|
|
// Walk the list of processors
|
|
//
|
|
processors = KeActiveProcessors;
|
|
currentAffinity = 1;
|
|
while (processors) {
|
|
|
|
if (!(processors & currentAffinity)) {
|
|
|
|
currentAffinity <<= 1;
|
|
|
|
}
|
|
|
|
//
|
|
// Check to see if we have the space for this
|
|
//
|
|
if (SystemInformationLength < *Length + sizeof(SYSTEM_PROCESSOR_IDLE_INFORMATION)) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
processors &= ~currentAffinity;
|
|
KeSetSystemAffinityThread(currentAffinity);
|
|
currentAffinity <<= 1;
|
|
|
|
//
|
|
// Raise to DPC level to synchronize access to the data structures
|
|
//
|
|
KeRaiseIrql(DISPATCH_LEVEL, &oldIrql );
|
|
|
|
//
|
|
// Get the PRCB and PowerState information
|
|
//
|
|
Prcb = KeGetCurrentPrcb();
|
|
PState = &(Prcb->PowerState);
|
|
|
|
//
|
|
// Grab the data that we care about
|
|
//
|
|
ProcessorIdleInfo.IdleTime = UInt32x32To64(Prcb->IdleThread->KernelTime,KeMaximumIncrement);
|
|
|
|
//
|
|
// The Cx times are kept in units of the same frequency as KeQueryPerformanceCounter
|
|
// This needs to be converted to standard 100ns units.
|
|
//
|
|
ProcessorIdleInfo.C1Time = (PState->TotalIdleStateTime[0]*1000)/(PerfFrequency.QuadPart/10000);
|
|
ProcessorIdleInfo.C2Time = (PState->TotalIdleStateTime[1]*1000)/(PerfFrequency.QuadPart/10000);
|
|
ProcessorIdleInfo.C3Time = (PState->TotalIdleStateTime[2]*1000)/(PerfFrequency.QuadPart/10000);
|
|
|
|
ProcessorIdleInfo.C1Transitions = PState->TotalIdleTransitions[0];
|
|
ProcessorIdleInfo.C2Transitions = PState->TotalIdleTransitions[1];
|
|
ProcessorIdleInfo.C3Transitions = PState->TotalIdleTransitions[2];
|
|
|
|
//
|
|
// Return to the original level (should be IRQL 0)
|
|
//
|
|
KeLowerIrql( oldIrql );
|
|
|
|
//
|
|
// Copy the data to the correct place
|
|
//
|
|
try {
|
|
RtlCopyMemory(
|
|
CallerIdleInfo,
|
|
&ProcessorIdleInfo,
|
|
sizeof(SYSTEM_PROCESSOR_IDLE_INFORMATION)
|
|
);
|
|
} except (EXCEPTION_EXECUTE_HANDLER) {
|
|
MmUnlockPagableImageSection (ExPageLockHandle);
|
|
ExRaiseStatus (GetExceptionCode ());
|
|
}
|
|
|
|
//
|
|
// Point to the next structure element
|
|
//
|
|
CallerIdleInfo++;
|
|
*Length += sizeof(SYSTEM_PROCESSOR_IDLE_INFORMATION);
|
|
|
|
}
|
|
|
|
//
|
|
// Revert to the original affinity
|
|
//
|
|
KeRevertToUserAffinityThread();
|
|
|
|
//
|
|
// Unlock everything
|
|
//
|
|
MmUnlockPagableImageSection(ExPageLockHandle);
|
|
}
|
|
|
|
VOID
|
|
ExpCopyProcessInfo (
|
|
IN PSYSTEM_PROCESS_INFORMATION ProcessInfo,
|
|
IN PEPROCESS Process,
|
|
IN BOOLEAN ExtendedInformation
|
|
)
|
|
|
|
{
|
|
PAGED_CODE();
|
|
|
|
ProcessInfo->HandleCount = ObGetProcessHandleCount (Process);
|
|
|
|
ProcessInfo->CreateTime = Process->CreateTime;
|
|
ProcessInfo->UserTime.QuadPart = UInt32x32To64(Process->Pcb.UserTime,
|
|
KeMaximumIncrement);
|
|
|
|
ProcessInfo->KernelTime.QuadPart = UInt32x32To64(Process->Pcb.KernelTime,
|
|
KeMaximumIncrement);
|
|
|
|
ProcessInfo->BasePriority = Process->Pcb.BasePriority;
|
|
ProcessInfo->UniqueProcessId = Process->UniqueProcessId;
|
|
ProcessInfo->InheritedFromUniqueProcessId = Process->InheritedFromUniqueProcessId;
|
|
ProcessInfo->PeakVirtualSize = Process->PeakVirtualSize;
|
|
ProcessInfo->VirtualSize = Process->VirtualSize;
|
|
ProcessInfo->PageFaultCount = Process->Vm.PageFaultCount;
|
|
ProcessInfo->PeakWorkingSetSize = ((SIZE_T)Process->Vm.PeakWorkingSetSize) << PAGE_SHIFT;
|
|
ProcessInfo->WorkingSetSize = ((SIZE_T)Process->Vm.WorkingSetSize) << PAGE_SHIFT;
|
|
ProcessInfo->QuotaPeakPagedPoolUsage =
|
|
Process->QuotaPeak[PsPagedPool];
|
|
ProcessInfo->QuotaPagedPoolUsage = Process->QuotaUsage[PsPagedPool];
|
|
ProcessInfo->QuotaPeakNonPagedPoolUsage =
|
|
Process->QuotaPeak[PsNonPagedPool];
|
|
ProcessInfo->QuotaNonPagedPoolUsage =
|
|
Process->QuotaUsage[PsNonPagedPool];
|
|
ProcessInfo->PagefileUsage = Process->QuotaUsage[PsPageFile] << PAGE_SHIFT;
|
|
ProcessInfo->PeakPagefileUsage = Process->QuotaPeak[PsPageFile] << PAGE_SHIFT;
|
|
ProcessInfo->PrivatePageCount = Process->CommitCharge << PAGE_SHIFT;
|
|
|
|
ProcessInfo->ReadOperationCount = Process->ReadOperationCount;
|
|
ProcessInfo->WriteOperationCount = Process->WriteOperationCount;
|
|
ProcessInfo->OtherOperationCount = Process->OtherOperationCount;
|
|
ProcessInfo->ReadTransferCount = Process->ReadTransferCount;
|
|
ProcessInfo->WriteTransferCount = Process->WriteTransferCount;
|
|
ProcessInfo->OtherTransferCount = Process->OtherTransferCount;
|
|
|
|
if (ExtendedInformation) {
|
|
ProcessInfo->PageDirectoryBase = MmGetDirectoryFrameFromProcess(Process);
|
|
}
|
|
}
|
|
|
|
VOID
|
|
ExpCopyThreadInfo (
|
|
IN PVOID ThreadInfoBuffer,
|
|
IN PETHREAD Thread,
|
|
IN BOOLEAN ExtendedInformation
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function returns information about the specified thread.
|
|
|
|
Arguments:
|
|
|
|
ThreadInfoBuffer - A pointer to a buffer which receives the specified
|
|
information.
|
|
|
|
Thread - Supplies a pointer to the desired thread.
|
|
|
|
ExtendedInformation - TRUE if extended thread information is needed.
|
|
|
|
Environment:
|
|
|
|
Kernel mode. The dispatcher lock is held.
|
|
|
|
This routine could be made PAGELK but it is a high frequency routine
|
|
so it is actually better to keep it nonpaged to avoid bringing in the
|
|
entire PAGELK section.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PSYSTEM_THREAD_INFORMATION ThreadInfo;
|
|
ThreadInfo = (PSYSTEM_THREAD_INFORMATION) ThreadInfoBuffer;
|
|
|
|
ThreadInfo->KernelTime.QuadPart = UInt32x32To64(Thread->Tcb.KernelTime,
|
|
KeMaximumIncrement);
|
|
|
|
ThreadInfo->UserTime.QuadPart = UInt32x32To64(Thread->Tcb.UserTime,
|
|
KeMaximumIncrement);
|
|
|
|
ThreadInfo->CreateTime.QuadPart = PS_GET_THREAD_CREATE_TIME (Thread);
|
|
ThreadInfo->WaitTime = Thread->Tcb.WaitTime;
|
|
ThreadInfo->ClientId = Thread->Cid;
|
|
ThreadInfo->ThreadState = Thread->Tcb.State;
|
|
ThreadInfo->WaitReason = Thread->Tcb.WaitReason;
|
|
ThreadInfo->Priority = Thread->Tcb.Priority;
|
|
ThreadInfo->BasePriority = Thread->Tcb.BasePriority;
|
|
ThreadInfo->ContextSwitches = Thread->Tcb.ContextSwitches;
|
|
ThreadInfo->StartAddress = Thread->StartAddress;
|
|
|
|
if (ExtendedInformation) {
|
|
PSYSTEM_EXTENDED_THREAD_INFORMATION ExtendedThreadInfo;
|
|
|
|
ExtendedThreadInfo = (PSYSTEM_EXTENDED_THREAD_INFORMATION) ThreadInfo;
|
|
|
|
ExtendedThreadInfo->StackBase = Thread->Tcb.StackBase;
|
|
ExtendedThreadInfo->StackLimit = Thread->Tcb.StackLimit;
|
|
if (Thread->LpcReceivedMsgIdValid) {
|
|
ExtendedThreadInfo->Win32StartAddress = 0;
|
|
} else {
|
|
ExtendedThreadInfo->Win32StartAddress = Thread->Win32StartAddress;
|
|
}
|
|
ExtendedThreadInfo->Reserved1 = 0;
|
|
ExtendedThreadInfo->Reserved2 = 0;
|
|
ExtendedThreadInfo->Reserved3 = 0;
|
|
ExtendedThreadInfo->Reserved4 = 0;
|
|
}
|
|
|
|
}
|
|
|
|
#if defined(_X86_)
|
|
extern ULONG ExVdmOpcodeDispatchCounts[256];
|
|
extern ULONG VdmBopCount;
|
|
extern ULONG ExVdmSegmentNotPresent;
|
|
|
|
#if defined(ALLOC_PRAGMA)
|
|
#pragma alloc_text(PAGE, ExpGetInstemulInformation)
|
|
#endif
|
|
|
|
|
|
NTSTATUS
|
|
ExpGetInstemulInformation(
|
|
OUT PSYSTEM_VDM_INSTEMUL_INFO Info
|
|
)
|
|
{
|
|
SYSTEM_VDM_INSTEMUL_INFO LocalInfo;
|
|
|
|
LocalInfo.VdmOpcode0F = ExVdmOpcodeDispatchCounts[VDM_INDEX_0F];
|
|
LocalInfo.OpcodeESPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_ESPrefix];
|
|
LocalInfo.OpcodeCSPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_CSPrefix];
|
|
LocalInfo.OpcodeSSPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_SSPrefix];
|
|
LocalInfo.OpcodeDSPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_DSPrefix];
|
|
LocalInfo.OpcodeFSPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_FSPrefix];
|
|
LocalInfo.OpcodeGSPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_GSPrefix];
|
|
LocalInfo.OpcodeOPER32Prefix= ExVdmOpcodeDispatchCounts[VDM_INDEX_OPER32Prefix];
|
|
LocalInfo.OpcodeADDR32Prefix= ExVdmOpcodeDispatchCounts[VDM_INDEX_ADDR32Prefix];
|
|
LocalInfo.OpcodeINSB = ExVdmOpcodeDispatchCounts[VDM_INDEX_INSB];
|
|
LocalInfo.OpcodeINSW = ExVdmOpcodeDispatchCounts[VDM_INDEX_INSW];
|
|
LocalInfo.OpcodeOUTSB = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTSB];
|
|
LocalInfo.OpcodeOUTSW = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTSW];
|
|
LocalInfo.OpcodePUSHF = ExVdmOpcodeDispatchCounts[VDM_INDEX_PUSHF];
|
|
LocalInfo.OpcodePOPF = ExVdmOpcodeDispatchCounts[VDM_INDEX_POPF];
|
|
LocalInfo.OpcodeINTnn = ExVdmOpcodeDispatchCounts[VDM_INDEX_INTnn];
|
|
LocalInfo.OpcodeINTO = ExVdmOpcodeDispatchCounts[VDM_INDEX_INTO];
|
|
LocalInfo.OpcodeIRET = ExVdmOpcodeDispatchCounts[VDM_INDEX_IRET];
|
|
LocalInfo.OpcodeINBimm = ExVdmOpcodeDispatchCounts[VDM_INDEX_INBimm];
|
|
LocalInfo.OpcodeINWimm = ExVdmOpcodeDispatchCounts[VDM_INDEX_INWimm];
|
|
LocalInfo.OpcodeOUTBimm = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTBimm];
|
|
LocalInfo.OpcodeOUTWimm = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTWimm];
|
|
LocalInfo.OpcodeINB = ExVdmOpcodeDispatchCounts[VDM_INDEX_INB];
|
|
LocalInfo.OpcodeINW = ExVdmOpcodeDispatchCounts[VDM_INDEX_INW];
|
|
LocalInfo.OpcodeOUTB = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTB];
|
|
LocalInfo.OpcodeOUTW = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTW];
|
|
LocalInfo.OpcodeLOCKPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_LOCKPrefix];
|
|
LocalInfo.OpcodeREPNEPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_REPNEPrefix];
|
|
LocalInfo.OpcodeREPPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_REPPrefix];
|
|
LocalInfo.OpcodeHLT = ExVdmOpcodeDispatchCounts[VDM_INDEX_HLT];
|
|
LocalInfo.OpcodeCLI = ExVdmOpcodeDispatchCounts[VDM_INDEX_CLI];
|
|
LocalInfo.OpcodeSTI = ExVdmOpcodeDispatchCounts[VDM_INDEX_STI];
|
|
LocalInfo.BopCount = VdmBopCount;
|
|
LocalInfo.SegmentNotPresent = ExVdmSegmentNotPresent;
|
|
|
|
RtlCopyMemory(Info,&LocalInfo,sizeof(LocalInfo));
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
#endif
|
|
|
|
#if i386
|
|
NTSTATUS
|
|
ExpGetStackTraceInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
PRTL_PROCESS_BACKTRACES BackTraceInformation;
|
|
PRTL_PROCESS_BACKTRACE_INFORMATION BackTraceInfo;
|
|
PSTACK_TRACE_DATABASE DataBase;
|
|
PRTL_STACK_TRACE_ENTRY p, *pp;
|
|
ULONG RequiredLength, n;
|
|
|
|
DataBase = RtlpAcquireStackTraceDataBase();
|
|
|
|
if (DataBase == NULL) {
|
|
return STATUS_UNSUCCESSFUL;
|
|
}
|
|
DataBase->DumpInProgress = TRUE;
|
|
|
|
RtlpReleaseStackTraceDataBase();
|
|
|
|
n = 0;
|
|
RequiredLength = 0;
|
|
Status = STATUS_INFO_LENGTH_MISMATCH;
|
|
BackTraceInformation = (PRTL_PROCESS_BACKTRACES) SystemInformation;
|
|
|
|
RequiredLength = FIELD_OFFSET( RTL_PROCESS_BACKTRACES, BackTraces );
|
|
|
|
try {
|
|
if (SystemInformationLength >= RequiredLength) {
|
|
BackTraceInformation->CommittedMemory =
|
|
(ULONG)DataBase->CurrentUpperCommitLimit - (ULONG)DataBase->CommitBase;
|
|
BackTraceInformation->ReservedMemory =
|
|
(ULONG)DataBase->EntryIndexArray - (ULONG)DataBase->CommitBase;
|
|
BackTraceInformation->NumberOfBackTraceLookups = DataBase->NumberOfEntriesLookedUp;
|
|
n = DataBase->NumberOfEntriesAdded;
|
|
BackTraceInformation->NumberOfBackTraces = n;
|
|
}
|
|
|
|
RequiredLength += (sizeof( *BackTraceInfo ) * n);
|
|
if (SystemInformationLength >= RequiredLength) {
|
|
Status = STATUS_SUCCESS;
|
|
BackTraceInfo = &BackTraceInformation->BackTraces[ 0 ];
|
|
pp = DataBase->EntryIndexArray;
|
|
while (n--) {
|
|
p = *--pp;
|
|
BackTraceInfo->SymbolicBackTrace = NULL;
|
|
BackTraceInfo->TraceCount = p->TraceCount;
|
|
BackTraceInfo->Index = p->Index;
|
|
BackTraceInfo->Depth = p->Depth;
|
|
RtlCopyMemory( BackTraceInfo->BackTrace,
|
|
p->BackTrace,
|
|
p->Depth * sizeof( PVOID )
|
|
);
|
|
BackTraceInfo += 1;
|
|
}
|
|
}
|
|
}
|
|
finally {
|
|
DataBase->DumpInProgress = FALSE;
|
|
}
|
|
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = RequiredLength;
|
|
}
|
|
return Status;
|
|
}
|
|
#endif // i386
|
|
|
|
NTSTATUS
|
|
ExpGetLockInformation (
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function returns information about all the ERESOURCE locks
|
|
in the system.
|
|
|
|
Arguments:
|
|
|
|
SystemInformation - A pointer to a buffer which receives the specified
|
|
information.
|
|
|
|
SystemInformationLength - Specifies the length in bytes of the system
|
|
information buffer.
|
|
|
|
Length - An optional pointer which, if specified, receives the
|
|
number of bytes placed in the system information buffer.
|
|
|
|
|
|
Return Value:
|
|
|
|
Returns one of the following status codes:
|
|
|
|
STATUS_SUCCESS - normal, successful completion.
|
|
|
|
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
|
|
did not specify a valid value.
|
|
|
|
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
|
|
parameter did not match the length required for the information
|
|
class requested by the SystemInformationClass parameter.
|
|
|
|
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
|
|
or the Length pointer value specified an invalid address.
|
|
|
|
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
|
|
working set to lock the specified output structure in memory.
|
|
|
|
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
|
|
for this request to complete.
|
|
|
|
--*/
|
|
|
|
{
|
|
PRTL_PROCESS_LOCKS LockInfo;
|
|
PVOID LockVariable;
|
|
NTSTATUS Status;
|
|
|
|
*Length = 0;
|
|
|
|
Status = ExLockUserBuffer( SystemInformation,
|
|
SystemInformationLength,
|
|
KeGetPreviousMode(),
|
|
IoWriteAccess,
|
|
&LockInfo,
|
|
&LockVariable
|
|
);
|
|
if (!NT_SUCCESS(Status)) {
|
|
return( Status );
|
|
}
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
MmLockPagableSectionByHandle (ExPageLockHandle);
|
|
try {
|
|
|
|
Status = ExQuerySystemLockInformation( LockInfo,
|
|
SystemInformationLength,
|
|
Length
|
|
);
|
|
}
|
|
finally {
|
|
ExUnlockUserBuffer( LockVariable );
|
|
MmUnlockPagableImageSection(ExPageLockHandle);
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExpGetLookasideInformation (
|
|
OUT PVOID Buffer,
|
|
IN ULONG BufferLength,
|
|
OUT PULONG Length
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function returns pool lookaside list and general lookaside
|
|
list information.
|
|
|
|
Arguments:
|
|
|
|
Buffer - Supplies a pointer to the buffer which receives the lookaside
|
|
list information.
|
|
|
|
BufferLength - Supplies the length of the information buffer in bytes.
|
|
|
|
Length - Supplies a pointer to a variable that receives the length of
|
|
lookaside information returned.
|
|
|
|
Environment:
|
|
|
|
Kernel mode.
|
|
|
|
This routine could be made PAGELK but it is a high frequency routine
|
|
so it is actually better to keep it nonpaged to avoid bringing in the
|
|
entire PAGELK section.
|
|
|
|
Return Value:
|
|
|
|
Returns one of the following status codes:
|
|
|
|
STATUS_SUCCESS - Normal, successful completion.
|
|
|
|
STATUS_ACCESS_VIOLATION - The buffer could not be locked in memory.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PVOID BufferLock;
|
|
PLIST_ENTRY Entry;
|
|
KIRQL OldIrql;
|
|
ULONG Limit;
|
|
PSYSTEM_LOOKASIDE_INFORMATION Lookaside;
|
|
ULONG Number;
|
|
PNPAGED_LOOKASIDE_LIST NPagedLookaside;
|
|
PPAGED_LOOKASIDE_LIST PagedLookaside;
|
|
PGENERAL_LOOKASIDE PoolLookaside;
|
|
PGENERAL_LOOKASIDE SystemLookaside;
|
|
PKSPIN_LOCK SpinLock;
|
|
NTSTATUS Status;
|
|
|
|
//
|
|
// Compute the number of lookaside entries and set the return status to
|
|
// success.
|
|
//
|
|
|
|
Limit = BufferLength / sizeof(SYSTEM_LOOKASIDE_INFORMATION);
|
|
Number = 0;
|
|
Status = STATUS_SUCCESS;
|
|
|
|
//
|
|
// If the number of lookaside entries to return is not zero, then collect
|
|
// the lookaside information.
|
|
//
|
|
|
|
if (Limit != 0) {
|
|
Status = ExLockUserBuffer(Buffer,
|
|
BufferLength,
|
|
KeGetPreviousMode(),
|
|
IoWriteAccess,
|
|
&Lookaside,
|
|
&BufferLock);
|
|
if (NT_SUCCESS(Status)) {
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
//
|
|
// Copy nonpaged and paged pool lookaside information to
|
|
// information buffer.
|
|
//
|
|
|
|
Entry = ExPoolLookasideListHead.Flink;
|
|
while (Entry != &ExPoolLookasideListHead) {
|
|
PoolLookaside = CONTAINING_RECORD(Entry,
|
|
GENERAL_LOOKASIDE,
|
|
ListEntry);
|
|
|
|
Lookaside->CurrentDepth = ExQueryDepthSList(&PoolLookaside->ListHead);
|
|
Lookaside->MaximumDepth = PoolLookaside->Depth;
|
|
Lookaside->TotalAllocates = PoolLookaside->TotalAllocates;
|
|
Lookaside->AllocateMisses =
|
|
PoolLookaside->TotalAllocates - PoolLookaside->AllocateHits;
|
|
|
|
Lookaside->TotalFrees = PoolLookaside->TotalFrees;
|
|
Lookaside->FreeMisses =
|
|
PoolLookaside->TotalFrees - PoolLookaside->FreeHits;
|
|
|
|
Lookaside->Type = PoolLookaside->Type;
|
|
Lookaside->Tag = PoolLookaside->Tag;
|
|
Lookaside->Size = PoolLookaside->Size;
|
|
Number += 1;
|
|
if (Number == Limit) {
|
|
goto Finish2;
|
|
}
|
|
|
|
Entry = Entry->Flink;
|
|
Lookaside += 1;
|
|
}
|
|
|
|
//
|
|
// Copy nonpaged and paged system lookaside information to
|
|
// information buffer.
|
|
//
|
|
|
|
Entry = ExSystemLookasideListHead.Flink;
|
|
while (Entry != &ExSystemLookasideListHead) {
|
|
SystemLookaside = CONTAINING_RECORD(Entry,
|
|
GENERAL_LOOKASIDE,
|
|
ListEntry);
|
|
|
|
Lookaside->CurrentDepth = ExQueryDepthSList(&SystemLookaside->ListHead);
|
|
Lookaside->MaximumDepth = SystemLookaside->Depth;
|
|
Lookaside->TotalAllocates = SystemLookaside->TotalAllocates;
|
|
Lookaside->AllocateMisses = SystemLookaside->AllocateMisses;
|
|
Lookaside->TotalFrees = SystemLookaside->TotalFrees;
|
|
Lookaside->FreeMisses = SystemLookaside->FreeMisses;
|
|
Lookaside->Type = SystemLookaside->Type;
|
|
Lookaside->Tag = SystemLookaside->Tag;
|
|
Lookaside->Size = SystemLookaside->Size;
|
|
Number += 1;
|
|
if (Number == Limit) {
|
|
goto Finish2;
|
|
}
|
|
|
|
Entry = Entry->Flink;
|
|
Lookaside += 1;
|
|
}
|
|
|
|
//
|
|
// Copy nonpaged general lookaside information to buffer.
|
|
//
|
|
|
|
SpinLock = &ExNPagedLookasideLock;
|
|
ExAcquireSpinLock(SpinLock, &OldIrql);
|
|
Entry = ExNPagedLookasideListHead.Flink;
|
|
while (Entry != &ExNPagedLookasideListHead) {
|
|
NPagedLookaside = CONTAINING_RECORD(Entry,
|
|
NPAGED_LOOKASIDE_LIST,
|
|
L.ListEntry);
|
|
|
|
Lookaside->CurrentDepth = ExQueryDepthSList(&NPagedLookaside->L.ListHead);
|
|
Lookaside->MaximumDepth = NPagedLookaside->L.Depth;
|
|
Lookaside->TotalAllocates = NPagedLookaside->L.TotalAllocates;
|
|
Lookaside->AllocateMisses = NPagedLookaside->L.AllocateMisses;
|
|
Lookaside->TotalFrees = NPagedLookaside->L.TotalFrees;
|
|
Lookaside->FreeMisses = NPagedLookaside->L.FreeMisses;
|
|
Lookaside->Type = 0;
|
|
Lookaside->Tag = NPagedLookaside->L.Tag;
|
|
Lookaside->Size = NPagedLookaside->L.Size;
|
|
Number += 1;
|
|
if (Number == Limit) {
|
|
goto Finish1;
|
|
}
|
|
|
|
Entry = Entry->Flink;
|
|
Lookaside += 1;
|
|
}
|
|
|
|
ExReleaseSpinLock(SpinLock, OldIrql);
|
|
|
|
//
|
|
// Copy paged general lookaside information to buffer.
|
|
//
|
|
|
|
SpinLock = &ExPagedLookasideLock;
|
|
ExAcquireSpinLock(SpinLock, &OldIrql);
|
|
Entry = ExPagedLookasideListHead.Flink;
|
|
while (Entry != &ExPagedLookasideListHead) {
|
|
PagedLookaside = CONTAINING_RECORD(Entry,
|
|
PAGED_LOOKASIDE_LIST,
|
|
L.ListEntry);
|
|
|
|
Lookaside->CurrentDepth = ExQueryDepthSList(&PagedLookaside->L.ListHead);
|
|
Lookaside->MaximumDepth = PagedLookaside->L.Depth;
|
|
Lookaside->TotalAllocates = PagedLookaside->L.TotalAllocates;
|
|
Lookaside->AllocateMisses = PagedLookaside->L.AllocateMisses;
|
|
Lookaside->TotalFrees = PagedLookaside->L.TotalFrees;
|
|
Lookaside->FreeMisses = PagedLookaside->L.FreeMisses;
|
|
Lookaside->Type = 1;
|
|
Lookaside->Tag = PagedLookaside->L.Tag;
|
|
Lookaside->Size = PagedLookaside->L.Size;
|
|
Number += 1;
|
|
if (Number == Limit) {
|
|
goto Finish1;
|
|
}
|
|
|
|
Entry = Entry->Flink;
|
|
Lookaside += 1;
|
|
}
|
|
|
|
Finish1:
|
|
ExReleaseSpinLock(SpinLock, OldIrql);
|
|
|
|
Finish2:
|
|
//
|
|
// Unlock user buffer.
|
|
//
|
|
|
|
ExUnlockUserBuffer(BufferLock);
|
|
}
|
|
}
|
|
|
|
*Length = Number * sizeof(SYSTEM_LOOKASIDE_INFORMATION);
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExpGetHandleInformation(
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function returns information about the open handles in the system.
|
|
|
|
Arguments:
|
|
|
|
SystemInformation - A pointer to a buffer which receives the specified
|
|
information.
|
|
|
|
SystemInformationLength - Specifies the length in bytes of the system
|
|
information buffer.
|
|
|
|
Length - An optional pointer which, if specified, receives the
|
|
number of bytes placed in the system information buffer.
|
|
|
|
|
|
Return Value:
|
|
|
|
Returns one of the following status codes:
|
|
|
|
STATUS_SUCCESS - normal, successful completion.
|
|
|
|
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
|
|
did not specify a valid value.
|
|
|
|
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
|
|
parameter did not match the length required for the information
|
|
class requested by the SystemInformationClass parameter.
|
|
|
|
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
|
|
or the Length pointer value specified an invalid address.
|
|
|
|
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
|
|
working set to lock the specified output structure in memory.
|
|
|
|
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
|
|
for this request to complete.
|
|
|
|
--*/
|
|
|
|
{
|
|
PSYSTEM_HANDLE_INFORMATION HandleInfo;
|
|
PVOID LockVariable;
|
|
NTSTATUS Status;
|
|
|
|
PAGED_CODE();
|
|
|
|
*Length = 0;
|
|
|
|
Status = ExLockUserBuffer( SystemInformation,
|
|
SystemInformationLength,
|
|
KeGetPreviousMode(),
|
|
IoWriteAccess,
|
|
&HandleInfo,
|
|
&LockVariable
|
|
);
|
|
if (!NT_SUCCESS(Status)) {
|
|
return Status;
|
|
}
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
try {
|
|
Status = ObGetHandleInformation( HandleInfo,
|
|
SystemInformationLength,
|
|
Length
|
|
);
|
|
|
|
}
|
|
finally {
|
|
ExUnlockUserBuffer( LockVariable );
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExpGetHandleInformationEx(
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function returns information about the open handles in the system.
|
|
|
|
Arguments:
|
|
|
|
SystemInformation - A pointer to a buffer which receives the specified
|
|
information.
|
|
|
|
SystemInformationLength - Specifies the length in bytes of the system
|
|
information buffer.
|
|
|
|
Length - An optional pointer which, if specified, receives the
|
|
number of bytes placed in the system information buffer.
|
|
|
|
|
|
Return Value:
|
|
|
|
Returns one of the following status codes:
|
|
|
|
STATUS_SUCCESS - normal, successful completion.
|
|
|
|
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
|
|
did not specify a valid value.
|
|
|
|
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
|
|
parameter did not match the length required for the information
|
|
class requested by the SystemInformationClass parameter.
|
|
|
|
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
|
|
or the Length pointer value specified an invalid address.
|
|
|
|
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
|
|
working set to lock the specified output structure in memory.
|
|
|
|
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
|
|
for this request to complete.
|
|
|
|
--*/
|
|
|
|
{
|
|
PSYSTEM_HANDLE_INFORMATION_EX HandleInfo;
|
|
PVOID LockVariable;
|
|
NTSTATUS Status;
|
|
|
|
PAGED_CODE();
|
|
|
|
*Length = 0;
|
|
|
|
Status = ExLockUserBuffer( SystemInformation,
|
|
SystemInformationLength,
|
|
KeGetPreviousMode(),
|
|
IoWriteAccess,
|
|
&HandleInfo,
|
|
&LockVariable
|
|
);
|
|
if (!NT_SUCCESS(Status)) {
|
|
return Status;
|
|
}
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
try {
|
|
Status = ObGetHandleInformationEx( HandleInfo,
|
|
SystemInformationLength,
|
|
Length
|
|
);
|
|
|
|
}
|
|
finally {
|
|
ExUnlockUserBuffer( LockVariable );
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExpGetObjectInformation(
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG Length
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function returns information about the objects in the system.
|
|
|
|
Arguments:
|
|
|
|
SystemInformation - A pointer to a buffer which receives the specified
|
|
information.
|
|
|
|
SystemInformationLength - Specifies the length in bytes of the system
|
|
information buffer.
|
|
|
|
Length - An optional pointer which, if specified, receives the
|
|
number of bytes placed in the system information buffer.
|
|
|
|
|
|
Return Value:
|
|
|
|
Returns one of the following status codes:
|
|
|
|
STATUS_SUCCESS - normal, successful completion.
|
|
|
|
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
|
|
did not specify a valid value.
|
|
|
|
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
|
|
parameter did not match the length required for the information
|
|
class requested by the SystemInformationClass parameter.
|
|
|
|
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
|
|
or the Length pointer value specified an invalid address.
|
|
|
|
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
|
|
working set to lock the specified output structure in memory.
|
|
|
|
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
|
|
for this request to complete.
|
|
|
|
--*/
|
|
|
|
{
|
|
PSYSTEM_OBJECTTYPE_INFORMATION ObjectInfo;
|
|
PVOID LockVariable;
|
|
NTSTATUS Status;
|
|
|
|
PAGED_CODE();
|
|
|
|
*Length = 0;
|
|
|
|
Status = ExLockUserBuffer( SystemInformation,
|
|
SystemInformationLength,
|
|
KeGetPreviousMode(),
|
|
IoWriteAccess,
|
|
&ObjectInfo,
|
|
&LockVariable
|
|
);
|
|
if (!NT_SUCCESS(Status)) {
|
|
return( Status );
|
|
}
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
try {
|
|
Status = ObGetObjectInformation( SystemInformation,
|
|
ObjectInfo,
|
|
SystemInformationLength,
|
|
Length
|
|
);
|
|
|
|
}
|
|
finally {
|
|
ExUnlockUserBuffer( LockVariable );
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
ExpQueryModuleInformation(
|
|
IN PLIST_ENTRY LoadOrderListHead,
|
|
IN PLIST_ENTRY UserModeLoadOrderListHead,
|
|
OUT PRTL_PROCESS_MODULES ModuleInformation,
|
|
IN ULONG ModuleInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
ULONG RequiredLength;
|
|
PLIST_ENTRY Next;
|
|
PRTL_PROCESS_MODULE_INFORMATION ModuleInfo;
|
|
PKLDR_DATA_TABLE_ENTRY LdrDataTableEntry;
|
|
ANSI_STRING AnsiString;
|
|
PCHAR s;
|
|
ULONG NumberOfModules;
|
|
|
|
NumberOfModules = 0;
|
|
Status = STATUS_SUCCESS;
|
|
RequiredLength = FIELD_OFFSET( RTL_PROCESS_MODULES, Modules );
|
|
ModuleInfo = &ModuleInformation->Modules[ 0 ];
|
|
|
|
Next = LoadOrderListHead->Flink;
|
|
while ( Next != LoadOrderListHead ) {
|
|
LdrDataTableEntry = CONTAINING_RECORD( Next,
|
|
KLDR_DATA_TABLE_ENTRY,
|
|
InLoadOrderLinks
|
|
);
|
|
|
|
RequiredLength += sizeof( RTL_PROCESS_MODULE_INFORMATION );
|
|
if (ModuleInformationLength < RequiredLength) {
|
|
Status = STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
else {
|
|
|
|
ModuleInfo->MappedBase = NULL;
|
|
ModuleInfo->ImageBase = LdrDataTableEntry->DllBase;
|
|
ModuleInfo->ImageSize = LdrDataTableEntry->SizeOfImage;
|
|
ModuleInfo->Flags = LdrDataTableEntry->Flags;
|
|
ModuleInfo->LoadCount = LdrDataTableEntry->LoadCount;
|
|
|
|
ModuleInfo->LoadOrderIndex = (USHORT)(NumberOfModules);
|
|
ModuleInfo->InitOrderIndex = 0;
|
|
AnsiString.Buffer = (PCHAR) ModuleInfo->FullPathName;
|
|
AnsiString.Length = 0;
|
|
AnsiString.MaximumLength = sizeof( ModuleInfo->FullPathName );
|
|
RtlUnicodeStringToAnsiString( &AnsiString,
|
|
&LdrDataTableEntry->FullDllName,
|
|
FALSE
|
|
);
|
|
s = AnsiString.Buffer + AnsiString.Length;
|
|
while (s > AnsiString.Buffer && *--s) {
|
|
if (*s == (UCHAR)OBJ_NAME_PATH_SEPARATOR) {
|
|
s += 1;
|
|
break;
|
|
}
|
|
}
|
|
ModuleInfo->OffsetToFileName = (USHORT)(s - AnsiString.Buffer);
|
|
|
|
ModuleInfo += 1;
|
|
}
|
|
|
|
NumberOfModules += 1;
|
|
Next = Next->Flink;
|
|
}
|
|
|
|
if (ARGUMENT_PRESENT( UserModeLoadOrderListHead )) {
|
|
Next = UserModeLoadOrderListHead->Flink;
|
|
while ( Next != UserModeLoadOrderListHead ) {
|
|
LdrDataTableEntry = CONTAINING_RECORD( Next,
|
|
KLDR_DATA_TABLE_ENTRY,
|
|
InLoadOrderLinks
|
|
);
|
|
|
|
RequiredLength += sizeof( RTL_PROCESS_MODULE_INFORMATION );
|
|
if (ModuleInformationLength < RequiredLength) {
|
|
Status = STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
else {
|
|
ModuleInfo->MappedBase = NULL;
|
|
ModuleInfo->ImageBase = LdrDataTableEntry->DllBase;
|
|
ModuleInfo->ImageSize = LdrDataTableEntry->SizeOfImage;
|
|
ModuleInfo->Flags = LdrDataTableEntry->Flags;
|
|
ModuleInfo->LoadCount = LdrDataTableEntry->LoadCount;
|
|
|
|
ModuleInfo->LoadOrderIndex = (USHORT)(NumberOfModules);
|
|
|
|
ModuleInfo->InitOrderIndex = ModuleInfo->LoadOrderIndex;
|
|
|
|
AnsiString.Buffer = (PCHAR) ModuleInfo->FullPathName;
|
|
AnsiString.Length = 0;
|
|
AnsiString.MaximumLength = sizeof( ModuleInfo->FullPathName );
|
|
RtlUnicodeStringToAnsiString( &AnsiString,
|
|
&LdrDataTableEntry->FullDllName,
|
|
FALSE
|
|
);
|
|
s = AnsiString.Buffer + AnsiString.Length;
|
|
while (s > AnsiString.Buffer && *--s) {
|
|
if (*s == (UCHAR)OBJ_NAME_PATH_SEPARATOR) {
|
|
s += 1;
|
|
break;
|
|
}
|
|
}
|
|
ModuleInfo->OffsetToFileName = (USHORT)(s - AnsiString.Buffer);
|
|
|
|
ModuleInfo += 1;
|
|
}
|
|
|
|
NumberOfModules += 1;
|
|
Next = Next->Flink;
|
|
}
|
|
}
|
|
|
|
if (ARGUMENT_PRESENT(ReturnLength)) {
|
|
*ReturnLength = RequiredLength;
|
|
}
|
|
if (ModuleInformationLength >= FIELD_OFFSET( RTL_PROCESS_MODULES, Modules )) {
|
|
ModuleInformation->NumberOfModules = NumberOfModules;
|
|
} else {
|
|
Status = STATUS_INFO_LENGTH_MISMATCH;
|
|
}
|
|
return Status;
|
|
}
|
|
|
|
BOOLEAN
|
|
ExIsProcessorFeaturePresent(
|
|
ULONG ProcessorFeature
|
|
)
|
|
{
|
|
BOOLEAN rv;
|
|
|
|
if ( ProcessorFeature < PROCESSOR_FEATURE_MAX ) {
|
|
rv = SharedUserData->ProcessorFeatures[ProcessorFeature];
|
|
}
|
|
else {
|
|
rv = FALSE;
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
ExpQueryLegacyDriverInformation(
|
|
IN PSYSTEM_LEGACY_DRIVER_INFORMATION LegacyInfo,
|
|
IN PULONG Length
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Returns legacy driver information for figuring out why PNP/Power functionality
|
|
is disabled.
|
|
|
|
Arguments:
|
|
|
|
LegacyInfo - Returns the legacy driver information
|
|
|
|
Length - Supplies the length of the LegacyInfo buffer
|
|
Returns the amount of data written
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS
|
|
|
|
--*/
|
|
|
|
{
|
|
PNP_VETO_TYPE VetoType;
|
|
PWSTR VetoList = NULL;
|
|
NTSTATUS Status;
|
|
UNICODE_STRING String;
|
|
ULONG ReturnLength;
|
|
|
|
Status = IoGetLegacyVetoList(&VetoList, &VetoType);
|
|
if (!NT_SUCCESS(Status)) {
|
|
return(Status);
|
|
}
|
|
|
|
RtlInitUnicodeString(&String, VetoList);
|
|
ReturnLength = sizeof(SYSTEM_LEGACY_DRIVER_INFORMATION) + String.Length;
|
|
try {
|
|
if (ReturnLength > *Length) {
|
|
Status = STATUS_BUFFER_OVERFLOW;
|
|
} else {
|
|
LegacyInfo->VetoType = VetoType;
|
|
LegacyInfo->VetoList.Length = String.Length;
|
|
LegacyInfo->VetoList.Buffer = (PWSTR)(LegacyInfo+1);
|
|
RtlCopyMemory(LegacyInfo+1, String.Buffer, String.Length);
|
|
}
|
|
} finally {
|
|
if (VetoList) {
|
|
ExFreePool(VetoList);
|
|
}
|
|
}
|
|
|
|
*Length = ReturnLength;
|
|
return(Status);
|
|
}
|
|
|
|
VOID
|
|
ExGetCurrentProcessorCpuUsage(
|
|
OUT PULONG CpuUsage
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Returns an estimation of current cpu usage in percent.
|
|
|
|
Arguments:
|
|
|
|
CpuUsage - Returns the current cpu usage in percent.
|
|
|
|
Return Value:
|
|
|
|
Nothing
|
|
|
|
--*/
|
|
{
|
|
PKPRCB Prcb;
|
|
|
|
Prcb = KeGetCurrentPrcb();
|
|
*CpuUsage = 100 - (ULONG)(UInt32x32To64(Prcb->IdleThread->KernelTime, 100) /
|
|
(ULONGLONG)(Prcb->KernelTime + Prcb->UserTime));
|
|
}
|
|
|
|
|
|
VOID
|
|
ExGetCurrentProcessorCounts(
|
|
OUT PULONG IdleCount,
|
|
OUT PULONG KernelAndUser,
|
|
OUT PULONG Index
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Returns information regarding idle time and kernel + user time for
|
|
the current processor.
|
|
|
|
Arguments:
|
|
|
|
IdleCount - Returns the kernel time of the idle thread on the current
|
|
processor.
|
|
|
|
KernelAndUser - Returns the kernel pluse user on the current processor.
|
|
|
|
Index - Returns the number identifiying the current processor.
|
|
|
|
Return Value:
|
|
|
|
Nothing
|
|
|
|
--*/
|
|
{
|
|
PKPRCB Prcb;
|
|
|
|
Prcb = KeGetCurrentPrcb();
|
|
*IdleCount = Prcb->IdleThread->KernelTime;
|
|
*KernelAndUser = Prcb->KernelTime + Prcb->UserTime;
|
|
*Index = (ULONG)Prcb->Number;
|
|
}
|
|
|
|
BOOLEAN
|
|
ExpIsValidUILanguage(
|
|
IN WCHAR * pLangId
|
|
)
|
|
/*++
|
|
Routine Description:
|
|
|
|
Check if specified language ID is valid.
|
|
|
|
Arguments:
|
|
|
|
pLangId - language ID hex string.
|
|
|
|
Return Value:
|
|
|
|
TRUE: Valid
|
|
FALSE: Invalid
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS Status;
|
|
UNICODE_STRING KeyPath, KeyValueName;
|
|
HANDLE hKey;
|
|
WCHAR KeyValueBuffer[ 128 ];
|
|
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
ULONG ResultLength;
|
|
BOOLEAN bRet = FALSE;
|
|
int iLen = 0;
|
|
|
|
|
|
RtlInitUnicodeString(&KeyPath, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\MUILanguages");
|
|
//
|
|
// pLangId is passed in as DWORD or WORD hex string
|
|
// LangId string in MUILanguages is set as WORD hex string
|
|
//
|
|
while (pLangId[iLen])
|
|
{
|
|
iLen++;
|
|
}
|
|
//
|
|
// We need to validate both 4 digits and 8 digits LangId
|
|
//
|
|
RtlInitUnicodeString(&KeyValueName, iLen < 8? pLangId : &pLangId[4]);
|
|
|
|
InitializeObjectAttributes (&ObjectAttributes,
|
|
&KeyPath,
|
|
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
|
|
NULL,
|
|
NULL);
|
|
|
|
if (NT_SUCCESS(ZwOpenKey( &hKey, GENERIC_READ, &ObjectAttributes)))
|
|
{
|
|
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
|
|
|
|
Status = ZwQueryValueKey( hKey,
|
|
&KeyValueName,
|
|
KeyValuePartialInformation,
|
|
KeyValueInformation,
|
|
sizeof( KeyValueBuffer ),
|
|
&ResultLength
|
|
);
|
|
|
|
if (NT_SUCCESS(Status))
|
|
{
|
|
if (KeyValueInformation->Type == REG_SZ && *((PWSTR)(KeyValueInformation->Data)) == L'1')
|
|
{
|
|
bRet = TRUE;
|
|
}
|
|
}
|
|
|
|
ZwClose(hKey);
|
|
}
|
|
|
|
return bRet;
|
|
}
|