Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

5947 lines
198 KiB

/*++
Copyright (c) 1989-2001 Microsoft Corporation
Module Name:
sysinfo.c
Abstract:
This module implements the NT set and query system information services.
Author:
Steve Wood (stevewo) 21-Aug-1989
Environment:
Kernel mode only.
Revision History:
--*/
#include "exp.h"
#pragma hdrstop
#include "stdlib.h"
#include "string.h"
#include "vdmntos.h"
#include <nturtl.h>
#include "pool.h"
#include "stktrace.h"
#include "align.h"
#if defined(_WIN64)
#include <wow64t.h>
#endif
extern ULONG MmAvailablePages;
extern ULONG MmSystemCodePage;
extern ULONG MmSystemCachePage;
extern ULONG MmPagedPoolPage;
extern ULONG MmSystemDriverPage;
extern ULONG MmTotalSystemCodePages;
extern ULONG MmTotalSystemDriverPages;
extern ULONG MmStandbyRePurposed;
extern RTL_TIME_ZONE_INFORMATION ExpTimeZoneInformation;
//
// For SystemDpcBehaviorInformation
//
extern ULONG KiMaximumDpcQueueDepth;
extern ULONG KiMinimumDpcRate;
extern ULONG KiAdjustDpcThreshold;
extern ULONG KiIdealDpcRate;
extern LIST_ENTRY MmLoadedUserImageList;
extern MMSUPPORT MmSystemCacheWs;
extern PFN_NUMBER MmTransitionSharedPages;
extern PFN_NUMBER MmTransitionSharedPagesPeak;
#define ROUND_UP(VALUE,ROUND) ((ULONG)(((ULONG)VALUE + \
((ULONG)ROUND - 1L)) & (~((ULONG)ROUND - 1L))))
//
// For referencing a user-supplied event handle
//
extern POBJECT_TYPE ExEventObjectType;
//
// Watchdog Handler
//
PWD_HANDLER ExpWdHandler = NULL;
PVOID ExpWdHandlerContext = NULL;
//
// COM+ Package Install Status
//
const static UNICODE_STRING KeyName = RTL_CONSTANT_STRING (COMPLUS_PACKAGE_KEYPATH);
static UNICODE_STRING KeyValueName = RTL_CONSTANT_STRING (COMPLUS_PACKAGE_ENABLE64BIT);
NTSTATUS
ExpValidateLocale(
IN LCID LocaleId
);
BOOLEAN
ExpIsValidUILanguage(
IN WCHAR *pLangId
);
NTSTATUS
ExpGetCurrentUserUILanguage(
IN WCHAR *ValueName,
OUT LANGID *CurrentUserUILanguageId,
IN BOOLEAN bCheckGP
);
NTSTATUS
ExpSetCurrentUserUILanguage(
IN WCHAR *ValueName,
IN LANGID DefaultUILanguageId
);
NTSTATUS
ExpGetUILanguagePolicy(
IN HANDLE CurrentUserKey,
OUT LANGID *PolicyUILanguageId
);
NTSTATUS
ExpGetProcessInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length,
IN PULONG SessionId OPTIONAL,
IN BOOLEAN ExtendedInformation
);
NTSTATUS
ExGetSessionPoolTagInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length,
IN PULONG SessionId
);
VOID
ExpGetProcessorIdleInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
);
VOID
ExpGetProcessorPowerInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
);
VOID
ExpCopyProcessInfo (
IN PSYSTEM_PROCESS_INFORMATION ProcessInfo,
IN PEPROCESS Process,
IN BOOLEAN ExtendedInformation
);
VOID
ExpCopyThreadInfo (
IN PVOID ThreadInfoBuffer,
IN PETHREAD Thread,
IN BOOLEAN ExtendedInformation
);
#if i386
NTSTATUS
ExpGetStackTraceInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
);
#endif // i386
NTSTATUS
ExpGetLockInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
);
NTSTATUS
ExpGetLookasideInformation (
OUT PVOID Buffer,
IN ULONG BufferLength,
OUT PULONG Length
);
NTSTATUS
ExpGetHandleInformation(
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
);
NTSTATUS
ExpGetHandleInformationEx(
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
);
NTSTATUS
ExpGetObjectInformation(
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
);
NTSTATUS
ExpGetInstemulInformation(
OUT PSYSTEM_VDM_INSTEMUL_INFO Info
);
NTSTATUS
ExGetPoolTagInfo (
IN PVOID SystemInformation,
IN ULONG SystemInformationLength,
IN OUT PULONG ReturnLength OPTIONAL
);
NTSTATUS
ExGetSessionPoolTagInfo (
IN PVOID SystemInformation,
IN ULONG SystemInformationLength,
IN OUT PULONG ReturnedEntries,
IN OUT PULONG ActualEntries
);
NTSTATUS
ExGetBigPoolInfo (
IN PVOID SystemInformation,
IN ULONG SystemInformationLength,
IN OUT PULONG ReturnLength OPTIONAL
);
NTSTATUS
ExpQueryModuleInformation(
IN PLIST_ENTRY LoadOrderListHead,
IN PLIST_ENTRY UserModeLoadOrderListHead,
OUT PRTL_PROCESS_MODULES ModuleInformation,
IN ULONG ModuleInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
NTSTATUS
ExpQueryLegacyDriverInformation(
IN PSYSTEM_LEGACY_DRIVER_INFORMATION LegacyInfo,
IN PULONG Length
);
NTSTATUS
ExpQueryNumaProcessorMap(
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnedLength
);
NTSTATUS
ExpQueryNumaAvailableMemory(
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnedLength
);
#if defined(ALLOC_PRAGMA)
#pragma alloc_text(PAGE, NtQueryDefaultLocale)
#pragma alloc_text(PAGE, NtSetDefaultLocale)
#pragma alloc_text(PAGE, NtQueryInstallUILanguage)
#pragma alloc_text(PAGE, NtQueryDefaultUILanguage)
#pragma alloc_text(PAGE, ExpGetCurrentUserUILanguage)
#pragma alloc_text(PAGE, NtSetDefaultUILanguage)
#pragma alloc_text(PAGE, ExpSetCurrentUserUILanguage)
#pragma alloc_text(PAGE, ExpValidateLocale)
#pragma alloc_text(PAGE, ExpGetUILanguagePolicy)
#pragma alloc_text(PAGE, NtQuerySystemInformation)
#pragma alloc_text(PAGE, NtSetSystemInformation)
#pragma alloc_text(PAGE, ExpGetHandleInformation)
#pragma alloc_text(PAGE, ExpGetHandleInformationEx)
#pragma alloc_text(PAGE, ExpGetObjectInformation)
#pragma alloc_text(PAGE, ExpQueryModuleInformation)
#pragma alloc_text(PAGE, ExpCopyProcessInfo)
#pragma alloc_text(PAGE, ExpQueryLegacyDriverInformation)
#pragma alloc_text(PAGE, ExLockUserBuffer)
#pragma alloc_text(PAGE, ExpQueryNumaAvailableMemory)
#pragma alloc_text(PAGE, ExpQueryNumaProcessorMap)
#pragma alloc_text(PAGE, ExpReadComPlusPackage)
#pragma alloc_text(PAGE, ExpUpdateComPlusPackage)
#pragma alloc_text(PAGE, ExGetSessionPoolTagInformation)
#pragma alloc_text(PAGELK, ExpGetLockInformation)
#pragma alloc_text(PAGELK, ExpGetProcessorPowerInformation)
#pragma alloc_text(PAGELK, ExpGetProcessorIdleInformation)
#pragma alloc_text(PAGE, ExpIsValidUILanguage)
#endif
NTSTATUS
ExpReadComPlusPackage(
VOID
)
/*++
Routine Description:
This function reads the status of the 64-bit COM+ package from the registry
and stick it inside the shared page.
Arguments:
None.
Return Value:
NTSTATUS.
--*/
{
NTSTATUS Status;
static OBJECT_ATTRIBUTES ObjectAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES (&KeyName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE);
CHAR KeyValueBuffer[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(ULONG)];
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
ULONG ResultLength;
HANDLE Key;
Status = ZwOpenKey (&Key,
GENERIC_READ,
&ObjectAttributes);
if (NT_SUCCESS (Status)) {
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
Status = ZwQueryValueKey (Key,
&KeyValueName,
KeyValuePartialInformation,
KeyValueInformation,
sizeof (KeyValueBuffer),
&ResultLength);
if (NT_SUCCESS (Status)) {
if ((KeyValueInformation->Type == REG_DWORD) &&
(KeyValueInformation->DataLength == sizeof(ULONG))) {
SharedUserData->ComPlusPackage = *(PULONG)KeyValueInformation->Data;
}
}
ZwClose (Key);
}
return Status;
}
NTSTATUS
ExpUpdateComPlusPackage(
IN ULONG ComPlusPackageStatus
)
/*++
Routine Description:
This function updates the COM+ runtime package status on the system.
The package status indicates whether the 64-bit or the 32-bit runtime
should be used when executing IL_ONLY COM+ images.
Arguments:
ComPlusPackageStatus - COM+ Runtime package status on the system
Return Value:
NTSTATUS
--*/
{
NTSTATUS Status;
static OBJECT_ATTRIBUTES ObjectAttributes = RTL_CONSTANT_OBJECT_ATTRIBUTES (&KeyName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE | OBJ_FORCE_ACCESS_CHECK);
ULONG Disposition;
HANDLE Key;
Status = ZwOpenKey (&Key,
GENERIC_WRITE,
&ObjectAttributes
);
if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
{
Status = ZwCreateKey (&Key,
GENERIC_WRITE,
&ObjectAttributes,
0,
NULL,
REG_OPTION_NON_VOLATILE,
&Disposition
);
}
if (NT_SUCCESS (Status)) {
Status = ZwSetValueKey (Key,
&KeyValueName,
0,
REG_DWORD,
&ComPlusPackageStatus,
sizeof(ULONG));
ZwClose (Key);
}
return Status;
}
NTSTATUS
NtQueryDefaultLocale (
IN BOOLEAN UserProfile,
OUT PLCID DefaultLocaleId
)
{
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
PAGED_CODE();
Status = STATUS_SUCCESS;
try {
//
// Get previous processor mode and probe output argument if necessary.
//
PreviousMode = KeGetPreviousMode();
if (PreviousMode != KernelMode) {
ProbeForWriteUlong ((PULONG)DefaultLocaleId);
}
if (UserProfile) {
*DefaultLocaleId = MmGetSessionLocaleId ();
}
else {
*DefaultLocaleId = PsDefaultSystemLocaleId;
}
}
except (EXCEPTION_EXECUTE_HANDLER) {
Status = GetExceptionCode();
}
return Status;
}
NTSTATUS
NtSetDefaultLocale (
IN BOOLEAN UserProfile,
IN LCID DefaultLocaleId
)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyPath, KeyValueName;
HANDLE CurrentUserKey, Key;
WCHAR KeyValueBuffer[ 128 ];
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
ULONG ResultLength;
PWSTR s;
ULONG n, i, Digit;
WCHAR c;
ULONG Flags;
PAGED_CODE();
if (DefaultLocaleId & 0xFFFF0000) {
return STATUS_INVALID_PARAMETER;
}
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
if (UserProfile) {
Status = RtlOpenCurrentUser( KEY_ENUMERATE_SUB_KEYS, &CurrentUserKey );
if (!NT_SUCCESS( Status )) {
return Status;
}
RtlInitUnicodeString( &KeyValueName, L"Locale" );
RtlInitUnicodeString( &KeyPath, L"Control Panel\\International" );
Flags = OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE | OBJ_FORCE_ACCESS_CHECK;
}
else {
RtlInitUnicodeString( &KeyValueName, L"Default" );
RtlInitUnicodeString( &KeyPath, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Language" );
CurrentUserKey = NULL;
Flags = OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE;
}
InitializeObjectAttributes (&ObjectAttributes,
&KeyPath,
Flags,
CurrentUserKey,
NULL);
if (DefaultLocaleId == 0) {
Status = ZwOpenKey (&Key, GENERIC_READ, &ObjectAttributes);
if (NT_SUCCESS( Status )) {
Status = ZwQueryValueKey( Key,
&KeyValueName,
KeyValuePartialInformation,
KeyValueInformation,
sizeof( KeyValueBuffer ),
&ResultLength
);
if (NT_SUCCESS( Status )) {
if (KeyValueInformation->Type == REG_SZ) {
s = (PWSTR)KeyValueInformation->Data;
for (i=0; i<KeyValueInformation->DataLength; i += sizeof( WCHAR )) {
c = *s++;
if (c >= L'0' && c <= L'9') {
Digit = c - L'0';
}
else if (c >= L'A' && c <= L'F') {
Digit = c - L'A' + 10;
}
else if (c >= L'a' && c <= L'f') {
Digit = c - L'a' + 10;
}
else {
break;
}
if (Digit >= 16) {
break;
}
DefaultLocaleId = (DefaultLocaleId << 4) | Digit;
}
}
else {
if (KeyValueInformation->Type == REG_DWORD &&
KeyValueInformation->DataLength == sizeof( ULONG )) {
DefaultLocaleId = *(PLCID)KeyValueInformation->Data;
}
else {
Status = STATUS_UNSUCCESSFUL;
}
}
}
ZwClose( Key );
}
}
else {
Status = ExpValidateLocale( DefaultLocaleId );
if (NT_SUCCESS(Status)) {
Status = ZwOpenKey( &Key,
GENERIC_WRITE,
&ObjectAttributes
);
if (NT_SUCCESS( Status )) {
if (UserProfile) {
n = 8;
}
else {
n = 4;
}
s = &KeyValueBuffer[ n ];
*s-- = UNICODE_NULL;
i = (ULONG)DefaultLocaleId;
while (s >= KeyValueBuffer) {
Digit = i & 0x0000000F;
if (Digit <= 9) {
*s-- = (WCHAR)(Digit + L'0');
}
else {
*s-- = (WCHAR)((Digit - 10) + L'A');
}
i = i >> 4;
}
Status = ZwSetValueKey( Key,
&KeyValueName,
0,
REG_SZ,
KeyValueBuffer,
(n+1) * sizeof( WCHAR )
);
ZwClose( Key );
}
}
}
ZwClose( CurrentUserKey );
if (NT_SUCCESS( Status )) {
if (UserProfile) {
MmSetSessionLocaleId (DefaultLocaleId);
}
else {
PsDefaultSystemLocaleId = DefaultLocaleId;
}
}
return Status;
}
NTSTATUS
NtQueryInstallUILanguage(
OUT LANGID *InstallUILanguageId
)
{
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
PAGED_CODE();
Status = STATUS_SUCCESS;
try {
//
// Get previous processor mode and probe output argument if necessary.
//
PreviousMode = KeGetPreviousMode();
if (PreviousMode != KernelMode) {
ProbeForWriteUshort( (USHORT *)InstallUILanguageId );
}
*InstallUILanguageId = PsInstallUILanguageId;
}
except (EXCEPTION_EXECUTE_HANDLER) {
Status = GetExceptionCode();
}
return Status;
}
NTSTATUS
NtQueryDefaultUILanguage(
OUT LANGID *DefaultUILanguageId
)
{
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
PAGED_CODE();
Status = STATUS_SUCCESS;
try {
//
// Get previous processor mode and probe output argument if necessary.
//
PreviousMode = KeGetPreviousMode();
if (PreviousMode != KernelMode) {
ProbeForWriteUshort( (USHORT *)DefaultUILanguageId );
}
//
// Read the UI language from the current security context.
//
if (!NT_SUCCESS(ExpGetCurrentUserUILanguage( L"MultiUILanguageId",
DefaultUILanguageId,
TRUE))) {
*DefaultUILanguageId = PsInstallUILanguageId;
}
}
except (EXCEPTION_EXECUTE_HANDLER) {
Status = GetExceptionCode();
}
return Status;
}
NTSTATUS
ExpGetUILanguagePolicy(
IN HANDLE CurrentUserKey,
OUT LANGID *PolicyUILanguageId
)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyPath, KeyValueName;
HANDLE Key;
WCHAR KeyValueBuffer[ 128 ];
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
ULONG ResultLength;
ULONG Language;
PAGED_CODE();
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
RtlInitUnicodeString( &KeyValueName, L"MultiUILanguageId" );
RtlInitUnicodeString( &KeyPath, L"Software\\Policies\\Microsoft\\Control Panel\\Desktop" );
InitializeObjectAttributes( &ObjectAttributes,
&KeyPath,
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE),
CurrentUserKey,
NULL
);
//
// Check if there is a Policy key
//
Status = ZwOpenKey( &Key,
GENERIC_READ,
&ObjectAttributes
);
if (NT_SUCCESS( Status )) {
Status = ZwQueryValueKey( Key,
&KeyValueName,
KeyValuePartialInformation,
KeyValueInformation,
sizeof( KeyValueBuffer ),
&ResultLength
);
if (NT_SUCCESS( Status )) {
if ((KeyValueInformation->DataLength > 2) &&
(KeyValueInformation->Type == REG_SZ) &&
ExpIsValidUILanguage((PWSTR) KeyValueInformation->Data)) {
RtlInitUnicodeString( &KeyValueName, (PWSTR) KeyValueInformation->Data );
Status = RtlUnicodeStringToInteger( &KeyValueName,
(ULONG)16,
&Language
);
//
// Final check to make sure this is an MUI system
//
if (NT_SUCCESS( Status )) {
*PolicyUILanguageId = (LANGID)Language;
}
}
else {
Status = STATUS_UNSUCCESSFUL;
}
}
ZwClose( Key );
}
return Status;
}
NTSTATUS
ExpSetCurrentUserUILanguage(
IN WCHAR *ValueName,
IN LANGID CurrentUserUILanguage
)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyPath, KeyValueName;
HANDLE CurrentUserKey, Key;
WCHAR KeyValueBuffer[ 128 ];
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
PWSTR s;
ULONG i, Digit;
PAGED_CODE();
if (CurrentUserUILanguage & 0xFFFF0000) {
return STATUS_INVALID_PARAMETER;
}
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
Status = RtlOpenCurrentUser( KEY_ENUMERATE_SUB_KEYS, &CurrentUserKey );
if (!NT_SUCCESS( Status )) {
return Status;
}
RtlInitUnicodeString( &KeyValueName, ValueName );
RtlInitUnicodeString( &KeyPath, L"Control Panel\\Desktop" );
InitializeObjectAttributes( &ObjectAttributes,
&KeyPath,
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE | OBJ_FORCE_ACCESS_CHECK),
CurrentUserKey,
NULL
);
Status = ExpValidateLocale( MAKELCID( CurrentUserUILanguage, SORT_DEFAULT ) );
if (NT_SUCCESS(Status)) {
Status = ZwOpenKey( &Key,
GENERIC_WRITE,
&ObjectAttributes
);
if (NT_SUCCESS( Status )) {
s = &KeyValueBuffer[ 8 ];
*s-- = UNICODE_NULL;
i = (ULONG)CurrentUserUILanguage;
while (s >= KeyValueBuffer) {
Digit = i & 0x0000000F;
if (Digit <= 9) {
*s-- = (WCHAR)(Digit + L'0');
}
else {
*s-- = (WCHAR)((Digit - 10) + L'A');
}
i = i >> 4;
}
Status = ZwSetValueKey( Key,
&KeyValueName,
0,
REG_SZ,
KeyValueBuffer,
9 * sizeof( WCHAR )
);
ZwClose( Key );
}
}
ZwClose( CurrentUserKey );
return Status;
}
NTSTATUS
ExpGetCurrentUserUILanguage(
IN WCHAR *ValueName,
OUT LANGID *CurrentUserUILanguageId,
IN BOOLEAN bCheckGP
)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyPath, KeyValueName, UILanguage;
HANDLE CurrentUserKey, Key;
WCHAR KeyValueBuffer[ 128 ];
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
ULONG ResultLength;
ULONG Digit;
PAGED_CODE();
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
Status = RtlOpenCurrentUser( KEY_ENUMERATE_SUB_KEYS, &CurrentUserKey );
if (!NT_SUCCESS( Status )) {
return Status;
}
RtlInitUnicodeString( &KeyValueName, ValueName );
RtlInitUnicodeString( &KeyPath, L"Control Panel\\Desktop" );
InitializeObjectAttributes( &ObjectAttributes,
&KeyPath,
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE | OBJ_FORCE_ACCESS_CHECK),
CurrentUserKey,
NULL
);
//
// Let's check if there is a policy installed for the UI language,
// and if so, let's use it.
//
if (!bCheckGP || !NT_SUCCESS( ExpGetUILanguagePolicy( CurrentUserKey, CurrentUserUILanguageId ))) {
Status = ZwOpenKey( &Key,
GENERIC_READ,
&ObjectAttributes
);
if (NT_SUCCESS( Status )) {
Status = ZwQueryValueKey( Key,
&KeyValueName,
KeyValuePartialInformation,
KeyValueInformation,
sizeof( KeyValueBuffer ),
&ResultLength
);
if (NT_SUCCESS( Status )) {
if (KeyValueInformation->Type == REG_SZ &&
ExpIsValidUILanguage((PWSTR) KeyValueInformation->Data)) {
RtlInitUnicodeString( &UILanguage, (PWSTR) KeyValueInformation->Data);
Status = RtlUnicodeStringToInteger( &UILanguage,
(ULONG) 16,
&Digit
);
if (NT_SUCCESS( Status )) {
*CurrentUserUILanguageId = (LANGID) Digit;
}
}
else {
Status = STATUS_UNSUCCESSFUL;
}
}
ZwClose( Key );
}
}
ZwClose( CurrentUserKey );
return Status;
}
NTSTATUS
NtSetDefaultUILanguage(
IN LANGID DefaultUILanguageId
)
{
NTSTATUS Status;
LANGID LangId;
//
// if this is called during user logon, then we need to update the user's registry.
//
if (DefaultUILanguageId == 0) {
Status = ExpGetCurrentUserUILanguage( L"MUILanguagePending" ,
&LangId,
FALSE
);
if (NT_SUCCESS( Status )) {
Status = ExpSetCurrentUserUILanguage( L"MultiUILanguageId" ,
LangId
);
}
return Status;
}
return ExpSetCurrentUserUILanguage( L"MUILanguagePending", DefaultUILanguageId );
}
NTSTATUS
ExpValidateLocale(
IN LCID LocaleId
)
{
NTSTATUS Status = STATUS_INVALID_PARAMETER, ReturnStatus;
UNICODE_STRING LocaleName, KeyValueName;
UNICODE_STRING NlsLocaleKeyPath, NlsSortKeyPath, NlsLangGroupKeyPath;
WCHAR LocaleNameBuffer[ 32 ];
WCHAR KeyValueNameBuffer[ 32 ];
WCHAR KeyValueBuffer[ 128 ];
WCHAR *Ptr;
HANDLE LocaleKey, SortKey, LangGroupKey;
OBJECT_ATTRIBUTES NlsLocaleObjA, NlsSortObjA, NlsLangGroupObjA;
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
ULONG i, ResultLength;
//
// Convert the LCID to the form %08x (e.g. 00000409)
//
LocaleName.Length = sizeof( LocaleNameBuffer ) / sizeof( WCHAR );
LocaleName.MaximumLength = LocaleName.Length;
LocaleName.Buffer = LocaleNameBuffer;
//
// Convert LCID to a string
//
ReturnStatus = RtlIntegerToUnicodeString( LocaleId, 16, &LocaleName );
if (!NT_SUCCESS(ReturnStatus))
goto Failed1;
Ptr = KeyValueNameBuffer;
for (i = ((LocaleName.Length)/sizeof(WCHAR));
i < 8;
i++, Ptr++) {
*Ptr = L'0';
}
*Ptr = UNICODE_NULL;
RtlInitUnicodeString(&KeyValueName, KeyValueNameBuffer);
KeyValueName.MaximumLength = sizeof( KeyValueNameBuffer ) / sizeof( WCHAR );
RtlAppendUnicodeToString(&KeyValueName, LocaleName.Buffer);
//
// Open Registry Keys : Locale, Sort and LanguageGroup
//
RtlInitUnicodeString(&NlsLocaleKeyPath,
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Locale");
InitializeObjectAttributes( &NlsLocaleObjA,
&NlsLocaleKeyPath,
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE),
NULL,
NULL
);
ReturnStatus = ZwOpenKey( &LocaleKey,
GENERIC_READ,
&NlsLocaleObjA
);
if (!NT_SUCCESS(ReturnStatus))
goto Failed1;
RtlInitUnicodeString(&NlsSortKeyPath,
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Locale\\Alternate Sorts");
InitializeObjectAttributes( &NlsSortObjA,
&NlsSortKeyPath,
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE),
NULL,
NULL
);
ReturnStatus = ZwOpenKey( &SortKey,
GENERIC_READ,
&NlsSortObjA
);
if (!NT_SUCCESS(ReturnStatus))
goto Failed2;
RtlInitUnicodeString(&NlsLangGroupKeyPath,
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Language Groups");
InitializeObjectAttributes( &NlsLangGroupObjA,
&NlsLangGroupKeyPath,
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE),
NULL,
NULL
);
ReturnStatus = ZwOpenKey( &LangGroupKey,
GENERIC_READ,
&NlsLangGroupObjA
);
if (!NT_SUCCESS(ReturnStatus))
goto Failed3;
//
// Validate Locale : Lookup the Locale's Language group, and make sure it is there.
//
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION) KeyValueBuffer;
ReturnStatus = ZwQueryValueKey( LocaleKey,
&KeyValueName,
KeyValuePartialInformation,
KeyValueInformation,
sizeof( KeyValueBuffer ),
&ResultLength
);
if (!NT_SUCCESS(ReturnStatus)) {
ReturnStatus = ZwQueryValueKey( SortKey,
&KeyValueName,
KeyValuePartialInformation,
KeyValueInformation,
sizeof( KeyValueBuffer ),
&ResultLength
);
}
if ((NT_SUCCESS(ReturnStatus)) &&
(KeyValueInformation->DataLength > 2)
) {
RtlInitUnicodeString( &KeyValueName, (PWSTR) KeyValueInformation->Data );
ReturnStatus = ZwQueryValueKey( LangGroupKey,
&KeyValueName,
KeyValuePartialInformation,
KeyValueInformation,
sizeof( KeyValueBuffer ),
&ResultLength
);
if ((NT_SUCCESS(ReturnStatus)) &&
(KeyValueInformation->Type == REG_SZ) &&
(KeyValueInformation->DataLength > 2)
) {
Ptr = (PWSTR) KeyValueInformation->Data;
if (Ptr[0] == L'1' && Ptr[1] == UNICODE_NULL) {
Status = STATUS_SUCCESS;
}
}
}
//
// Close opened keys
//
ZwClose( LangGroupKey );
Failed3:
ZwClose( SortKey );
Failed2:
ZwClose( LocaleKey );
Failed1:
//
// If an error happens, let's record it.
//
if (!NT_SUCCESS(ReturnStatus)) {
Status = ReturnStatus;
}
return Status;
}
NTSTATUS
ExpQueryNumaProcessorMap(
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnedLength
)
{
PSYSTEM_NUMA_INFORMATION Map;
ULONG Length;
ULONG ReturnCount;
#if !defined(NT_UP)
ULONG i;
#endif
Map = (PSYSTEM_NUMA_INFORMATION)SystemInformation;
//
// Must be able to return at least the number of nodes.
//
if (SystemInformationLength < sizeof(Map->HighestNodeNumber)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Map->HighestNodeNumber = KeNumberNodes - 1;
//
// Return as many node masks as possible in the SystemInformation
// buffer.
//
Length = FIELD_OFFSET(SYSTEM_NUMA_INFORMATION,
ActiveProcessorsAffinityMask);
ReturnCount = (SystemInformationLength - Length) /
sizeof(Map->ActiveProcessorsAffinityMask[0]);
if (ReturnCount > KeNumberNodes) {
ReturnCount = KeNumberNodes;
}
if ((Length > SystemInformationLength) ||
(ReturnCount == 0)) {
*ReturnedLength = sizeof(Map->HighestNodeNumber);
return STATUS_SUCCESS;
}
*ReturnedLength = FIELD_OFFSET(SYSTEM_NUMA_INFORMATION,
ActiveProcessorsAffinityMask[ReturnCount]);
#if !defined(NT_UP)
for (i = 0; i < ReturnCount; i++) {
Map->ActiveProcessorsAffinityMask[i] = KeNodeBlock[i]->ProcessorMask;
}
#else
if (ReturnCount) {
Map->ActiveProcessorsAffinityMask[0] = 1;
}
#endif
return STATUS_SUCCESS;
}
NTSTATUS
ExpQueryNumaAvailableMemory(
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnedLength
)
{
PSYSTEM_NUMA_INFORMATION Map;
ULONG Length;
ULONG ReturnCount;
Map = (PSYSTEM_NUMA_INFORMATION)SystemInformation;
//
// Must be able to return at least the number of nodes.
//
if (SystemInformationLength < sizeof(Map->HighestNodeNumber)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Map->HighestNodeNumber = KeNumberNodes - 1;
//
// Return as many node masks as possible in the SystemInformation
// buffer.
//
Length = FIELD_OFFSET(SYSTEM_NUMA_INFORMATION,
AvailableMemory);
ReturnCount = (SystemInformationLength - Length) /
sizeof(Map->AvailableMemory[0]);
if (ReturnCount > KeNumberNodes) {
ReturnCount = KeNumberNodes;
}
if ((Length > SystemInformationLength) ||
(ReturnCount == 0)) {
*ReturnedLength = sizeof(Map->HighestNodeNumber);
return STATUS_SUCCESS;
}
*ReturnedLength = FIELD_OFFSET(SYSTEM_NUMA_INFORMATION,
AvailableMemory[ReturnCount]);
//
// Return the aproximate number of free bytes at this time.
// (It's aproximate because no lock is taken and with respect
// to any user mode application its only a sample.
//
#if !defined(NT_UP)
if (KeNumberNodes > 1) {
ULONG i;
for (i = 0; i < ReturnCount; i++) {
Map->AvailableMemory[i] =
((ULONGLONG)KeNodeBlock[i]->FreeCount[ZeroedPageList] +
(ULONGLONG)KeNodeBlock[i]->FreeCount[FreePageList])
<< PAGE_SHIFT;
}
} else
#endif
if (ReturnCount) {
Map->AvailableMemory[0] = ((ULONGLONG)MmAvailablePages) << PAGE_SHIFT;
}
return STATUS_SUCCESS;
}
NTSTATUS
ExpGetSystemBasicInformation (
OUT PSYSTEM_BASIC_INFORMATION BasicInfo
)
{
NTSTATUS NtStatus = STATUS_SUCCESS;
try {
BasicInfo->NumberOfProcessors = KeNumberProcessors;
BasicInfo->ActiveProcessorsAffinityMask = (ULONG_PTR)KeActiveProcessors;
BasicInfo->Reserved = 0;
BasicInfo->TimerResolution = KeMaximumIncrement;
BasicInfo->NumberOfPhysicalPages = MmNumberOfPhysicalPages;
BasicInfo->LowestPhysicalPageNumber = (SYSINF_PAGE_COUNT)MmLowestPhysicalPage;
BasicInfo->HighestPhysicalPageNumber = (SYSINF_PAGE_COUNT)MmHighestPhysicalPage;
BasicInfo->PageSize = PAGE_SIZE;
BasicInfo->AllocationGranularity = MM_ALLOCATION_GRANULARITY;
BasicInfo->MinimumUserModeAddress = (ULONG_PTR)MM_LOWEST_USER_ADDRESS;
BasicInfo->MaximumUserModeAddress = (ULONG_PTR)MM_HIGHEST_USER_ADDRESS;
}
except (EXCEPTION_EXECUTE_HANDLER) {
NtStatus = GetExceptionCode();
}
return NtStatus;
}
NTSTATUS
ExpGetSystemProcessorInformation (
OUT PSYSTEM_PROCESSOR_INFORMATION ProcessorInformation
)
{
NTSTATUS NtStatus = STATUS_SUCCESS;
try {
ProcessorInformation->ProcessorArchitecture = KeProcessorArchitecture;
ProcessorInformation->ProcessorLevel = KeProcessorLevel;
ProcessorInformation->ProcessorRevision = KeProcessorRevision;
ProcessorInformation->Reserved = 0;
ProcessorInformation->ProcessorFeatureBits = KeFeatureBits;
}
except (EXCEPTION_EXECUTE_HANDLER) {
NtStatus = GetExceptionCode();
}
return NtStatus;
}
#if defined(_WIN64)
NTSTATUS
ExpGetSystemEmulationBasicInformation (
OUT PSYSTEM_BASIC_INFORMATION BasicInfo
)
{
NTSTATUS NtStatus = STATUS_SUCCESS;
try {
BasicInfo->NumberOfProcessors = min(32, KeNumberProcessors);
BasicInfo->ActiveProcessorsAffinityMask = (ULONG_PTR)
((KeActiveProcessors & 0xFFFFFFFF) | ((KeActiveProcessors & (0xFFFFFFFF << 32) ) >> 32));
BasicInfo->Reserved = 0;
BasicInfo->TimerResolution = KeMaximumIncrement;
BasicInfo->NumberOfPhysicalPages = (MmNumberOfPhysicalPages * (PAGE_SIZE >> PAGE_SHIFT_X86NT));
BasicInfo->LowestPhysicalPageNumber = (SYSINF_PAGE_COUNT)MmLowestPhysicalPage;
BasicInfo->HighestPhysicalPageNumber = (SYSINF_PAGE_COUNT)MmHighestPhysicalPage;
BasicInfo->PageSize = PAGE_SIZE_X86NT;
BasicInfo->AllocationGranularity = MM_ALLOCATION_GRANULARITY;
BasicInfo->MinimumUserModeAddress = 0x00000000000010000UI64;
//
// NOTE: MmGetMaxWowAddress return the highest usermode address boundary,
// thus we are subtracting one to get the maximum accessible usermode address
//
BasicInfo->MaximumUserModeAddress = ((ULONG_PTR)MmGetMaxWowAddress () - 1);
}
except (EXCEPTION_EXECUTE_HANDLER) {
NtStatus = GetExceptionCode();
}
return NtStatus;
}
#endif
NTSTATUS
NtQuerySystemInformation (
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL
)
/*++
Routine Description:
This function queries information about the system.
Arguments:
SystemInformationClass - The system information class about which
to retrieve information.
SystemInformation - A pointer to a buffer which receives the specified
information. The format and content of the buffer depend on the
specified system information class.
SystemInformation Format by Information Class:
SystemBasicInformation - Data type is SYSTEM_BASIC_INFORMATION
SYSTEM_BASIC_INFORMATION Structure
ULONG Reserved - Always zero.
ULONG TimerResolutionInMicroSeconds - The resolution of
the hardware time. All time values in NT are
specified as 64-bit LARGE_INTEGER values in units of
100 nanoseconds. This field allows an application to
understand how many of the low order bits of a system
time value are insignificant.
ULONG PageSize - The physical page size for virtual memory
objects. Physical memory is committed in PageSize
chunks.
ULONG AllocationGranularity - The logical page size for
virtual memory objects. Allocating 1 byte of virtual
memory will actually allocate AllocationGranularity
bytes of virtual memory. Storing into that byte will
commit the first physical page of the virtual memory.
ULONG MinimumUserModeAddress - The smallest valid user mode
address. The first AllocationGranularity bytes of
the virtual address space are reserved. This forces
access violations for code the dereferences a zero
pointer.
ULONG MaximumUserModeAddress - The largest valid user mode
address. The next AllocationGranularity bytes of
the virtual address space are reserved. This allows
system service routines to validate user mode pointer
parameters quickly.
KAFFINITY ActiveProcessorsAffinityMask - The affinity mask
for the current hardware configuration.
CCHAR NumberOfProcessors - The number of processors
in the current hardware configuration.
SystemProcessorInformation - Data type is SYSTEM_PROCESSOR_INFORMATION
SYSTEM_PROCESSOR_INFORMATION Structure
USHORT ProcessorArchitecture - The processor architecture:
PROCESSOR_ARCHITECTURE_INTEL
PROCESSOR_ARCHITECTURE_IA64
PROCESSOR_ARCHITECTURE_MIPS
PROCESSOR_ARCHITECTURE_ALPHA
PROCESSOR_ARCHITECTURE_PPC
USHORT ProcessorLevel - architecture dependent processor level.
This is the least common denominator for an MP system:
For PROCESSOR_ARCHITECTURE_INTEL:
3 - 386
4 - 486
5 - 586 or Pentium
For PROCESSOR_ARCHITECTURE_IA64:
7 - Itanium
31 - Itanium 2
For PROCESSOR_ARCHITECTURE_MIPS:
00xx - where xx is 8-bit implementation number (bits 8-15 of
PRId register.
0004 - R4000
For PROCESSOR_ARCHITECTURE_ALPHA:
xxxx - where xxxx is 16-bit processor version number (low
order 16 bits of processor version number from firmware)
21064 - 21064
21066 - 21066
21164 - 21164
For PROCESSOR_ARCHITECTURE_PPC:
xxxx - where xxxx is 16-bit processor version number (high
order 16 bits of Processor Version Register).
1 - 601
3 - 603
4 - 604
6 - 603+
9 - 604+
20 - 620
USHORT ProcessorRevision - architecture dependent processor revision.
This is the least common denominator for an MP system:
For PROCESSOR_ARCHITECTURE_INTEL:
For Old Intel 386 or 486:
FFxx - where xx is displayed as a hexadecimal CPU stepping
(e.g. FFD0 is D0 stepping)
For Intel Pentium or Cyrix/NexGen 486
xxyy - where xx is model number and yy is stepping, so
0201 is Model 2, Stepping 1
For PROCESSOR_ARCHITECTURE_IA64:
xxyy - where xx is model number and yy is stepping, so
0201 is Model 2, Stepping 1
For PROCESSOR_ARCHITECTURE_MIPS:
00xx is 8-bit revision number of processor (low order 8 bits
of PRId Register
For PROCESSOR_ARCHITECTURE_ALPHA:
xxyy - where xxyy is 16-bit processor revision number (low
order 16 bits of processor revision number from firmware).
Displayed as Model 'A'+xx, Pass yy
For PROCESSOR_ARCHITECTURE_PPC:
xxyy - where xxyy is 16-bit processor revision number (low
order 16 bits of Processor Version Register). Displayed
as a fixed point number xx.yy
USHORT Reserved - Always zero.
ULONG ProcessorFeatureBits - architecture dependent processor feature bits.
This is the least common denominator for an MP system.
SystemPerformanceInformation - Data type is SYSTEM_PERFORMANCE_INFORMATION
SYSTEM_PERFORMANCE_INFORMATION Structure
LARGE_INTEGER IdleProcessTime - Returns the kernel time of the idle
process.
LARGE_INTEGER IoReadTransferCount;
LARGE_INTEGER IoWriteTransferCount;
LARGE_INTEGER IoOtherTransferCount;
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
ULONG IoReadOperationCount;
ULONG IoWriteOperationCount;
ULONG IoOtherOperationCount;
ULONG AvailablePages;
ULONG CommittedPages;
ULONG PageFaultCount;
ULONG CopyOnWriteCount;
ULONG TransitionCount;
ULONG CacheTransitionCount;
ULONG DemandZeroCount;
ULONG PageReadCount;
ULONG PageReadIoCount;
ULONG CacheReadCount;
ULONG CacheIoCount;
ULONG DirtyPagesWriteCount;
ULONG DirtyWriteIoCount;
ULONG MappedPagesWriteCount;
ULONG MappedWriteIoCount;
ULONG PagedPoolPages;
ULONG NonPagedPoolPages;
ULONG PagedPoolAllocs;
ULONG PagedPoolFrees;
ULONG NonPagedPoolAllocs;
ULONG NonPagedPoolFrees;
ULONG LpcThreadsWaitingInReceive;
ULONG LpcThreadsWaitingForReply;
SystemProcessInformation - Data type is SYSTEM_PROCESS_INFORMATION
SYSTEM_PROCESS_INFORMATION Structure
SystemDockInformation - Data type is SYSTEM_DOCK_INFORMATION
SYSTEM_DOCK_INFORMATION Structure
SYSTEM_DOCKED_STATE DockState - Ordinal specifying the current docking state. Possible values:
SystemDockStateUnknown - The docking state of the system could not be determined.
SystemUndocked - The system is undocked.
SystemDocked - The system is docked.
ULONG DockIdLength - Specifies the length in characters of the Dock ID string
(not including terminating NULL).
ULONG SerialNumberOffset - Specifies the character offset of the Serial Number within
the DockId buffer.
ULONG SerialNumberLength - Specifies the length in characters of the Serial Number
string (not including terminating NULL).
WCHAR DockId - Character buffer containing two null-terminated strings. The first
string is a character representation of the dock ID number, starting
at the beginning of the buffer. The second string is a character
representation of the machine's serial number, starting at character
offset SerialNumberOffset in the buffer.
SystemPowerSettings - Data type is SYSTEM_POWER_SETTINGS
SYSTEM_POWER_INFORMATION Structure
BOOLEAN SystemSuspendSupported - Supplies a BOOLEAN as to
whether the system suspend is enabled or not.
BOOLEAN SystemHibernateSupported - Supplies a BOOLEAN as to
whether the system hibernate is enabled or not.
BOOLEAN ResumeTimerSupportsSuspend - Supplies a BOOLEAN as to
whether the resuming from an external programmed timer
from within a system suspend is enabled or not.
BOOLEAN ResumeTimerSupportsHibernate - Supplies a BOOLEAN as to
whether or resuming from an external programmed timer
from within a system hibernate is enabled or not.
BOOLEAN LidSupported - Supplies a BOOLEAN as to whether or not
the suspending and resuming by Lid are enabled or not.
BOOLEAN TurboSettingSupported - Supplies a BOOLEAN as to whether
or not the system supports a turbo mode setting.
BOOLEAN TurboMode - Supplies a BOOLEAN as to whether or not
the system is in turbo mode.
BOOLEAN SystemAcOrDc - Supplies a BOOLEAN as to whether or not
the system is in AC mode.
BOOLEAN DisablePowerDown - If TRUE, signifies that all requests to
PoRequestPowerChange for a SET_POWER-PowerDown irp are to
be ignored.
LARGE_INTEGER SpindownDrives - If non-zero, signifies to the
cache manager (or the IO subsystem) to optimize drive
accesses based upon power saves, are that drives are to
be spun down as appropriate. The value represents to user's
requested disk spin down timeout.
SystemProcessorSpeedInformation - Data type is SYSTEM_PROCESSOR_SPEED_INFORMATION
SYSTEM_PROCESSOR_SPEED_INFORMATION Structure (same as HalProcessorSpeedInformation)
ULONG MaximumProcessorSpeed - The maximum hertz the processor is
capable of. This information is used by the UI to draw the
appropriate scale. This field is read-only and cannot be
set.
ULONG CurrentAvailableSpeed - The hertz for which the processor
runs at when not idle. This field is read-only and cannot
be set.
ULONG ConfiguredSpeedLimit - The hertz for which the processor
is limited to due to the current configuration.
UCHAR PowerState
0 - Normal
1 - The processor speed is being limited due to available
power restrictions. This field id read-only by the system.
UCHAR ThermalState
0 - Normal
1 - The processors speed is being limited due to thermal
restrictions. This field is read-only by the system.
UCHAR TurboState
0 - Normal
1 - The processors speed is being limited by the fact that
the system turbo mode is currently disabled which is
requested to obtain more processor speed.
SystemInformationLength - Specifies the length in bytes of the system
information buffer.
ReturnLength - An optional pointer which, if specified, receives the
number of bytes placed in the system information buffer.
Return Value:
Returns one of the following status codes:
STATUS_SUCCESS - normal, successful completion.
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
did not specify a valid value.
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
parameter did not match the length required for the information
class requested by the SystemInformationClass parameter.
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
or the ReturnLength pointer value specified an invalid address.
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
working set to lock the specified output structure in memory.
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
for this request to complete.
--*/
{
KPROCESSOR_MODE PreviousMode;
SYSTEM_TIMEOFDAY_INFORMATION LocalTimeOfDayInfo;
SYSTEM_PERFORMANCE_INFORMATION LocalPerformanceInfo;
PSYSTEM_PERFORMANCE_INFORMATION PerformanceInfo;
PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION ProcessorPerformanceInfo;
PSYSTEM_CALL_COUNT_INFORMATION CallCountInformation;
PSYSTEM_DEVICE_INFORMATION DeviceInformation;
PCONFIGURATION_INFORMATION ConfigInfo;
PSYSTEM_EXCEPTION_INFORMATION ExceptionInformation;
PSYSTEM_FILECACHE_INFORMATION FileCache;
PSYSTEM_QUERY_TIME_ADJUST_INFORMATION TimeAdjustmentInformation;
PSYSTEM_KERNEL_DEBUGGER_INFORMATION KernelDebuggerInformation;
PSYSTEM_CONTEXT_SWITCH_INFORMATION ContextSwitchInformation;
PSYSTEM_INTERRUPT_INFORMATION InterruptInformation;
PSYSTEM_SESSION_PROCESS_INFORMATION SessionProcessInformation;
PVOID ProcessInformation;
ULONG ProcessInformationLength;
PSYSTEM_SESSION_POOLTAG_INFORMATION SessionPoolTagInformation;
PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION SessionMappedViewInformation;
ULONG SessionPoolTagInformationLength;
NTSTATUS Status;
PKPRCB Prcb;
ULONG Length = 0;
ULONG i;
ULONG ContextSwitches;
PULONG TableLimit, TableCounts;
PKSERVICE_TABLE_DESCRIPTOR Table;
ULONG SessionId;
ULONG Alignment;
PAGED_CODE();
//
// Assume successful completion.
//
Status = STATUS_SUCCESS;
try {
//
// Get previous processor mode and probe output argument if necessary.
//
PreviousMode = KeGetPreviousMode();
if (PreviousMode != KernelMode) {
Alignment = sizeof(ULONG);
if (SystemInformationClass == SystemKernelDebuggerInformation) {
Alignment = sizeof(BOOLEAN);
} else if (SystemInformationClass == SystemLocksInformation) {
Alignment = sizeof(PVOID);
}
ProbeForWrite(SystemInformation,
SystemInformationLength,
Alignment);
if (ARGUMENT_PRESENT(ReturnLength)) {
ProbeForWriteUlong(ReturnLength);
}
}
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = 0;
}
switch (SystemInformationClass) {
case SystemBasicInformation:
if (SystemInformationLength != sizeof( SYSTEM_BASIC_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Status = ExpGetSystemBasicInformation ((PSYSTEM_BASIC_INFORMATION)SystemInformation);
if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof( SYSTEM_BASIC_INFORMATION );
}
break;
case SystemEmulationBasicInformation:
if (SystemInformationLength != sizeof( SYSTEM_BASIC_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
#if defined(_WIN64)
Status = ExpGetSystemEmulationBasicInformation ((PSYSTEM_BASIC_INFORMATION)SystemInformation);
#else
Status = ExpGetSystemBasicInformation ((PSYSTEM_BASIC_INFORMATION)SystemInformation);
#endif
if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof( SYSTEM_BASIC_INFORMATION );
}
break;
case SystemProcessorInformation:
if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Status = ExpGetSystemProcessorInformation ((PSYSTEM_PROCESSOR_INFORMATION)SystemInformation);
if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof( SYSTEM_PROCESSOR_INFORMATION );
}
break;
case SystemEmulationProcessorInformation:
if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
#if defined(_WIN64)
Status = ExpGetSystemEmulationProcessorInformation ((PSYSTEM_PROCESSOR_INFORMATION)SystemInformation);
#else
Status = ExpGetSystemProcessorInformation ((PSYSTEM_PROCESSOR_INFORMATION)SystemInformation);
#endif
if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof( SYSTEM_PROCESSOR_INFORMATION );
}
break;
case SystemPerformanceInformation:
if (SystemInformationLength < sizeof( SYSTEM_PERFORMANCE_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
PerformanceInfo = (PSYSTEM_PERFORMANCE_INFORMATION)SystemInformation;
//
// Io information.
//
LocalPerformanceInfo.IoReadTransferCount = IoReadTransferCount;
LocalPerformanceInfo.IoWriteTransferCount = IoWriteTransferCount;
LocalPerformanceInfo.IoOtherTransferCount = IoOtherTransferCount;
LocalPerformanceInfo.IoReadOperationCount = IoReadOperationCount;
LocalPerformanceInfo.IoWriteOperationCount = IoWriteOperationCount;
LocalPerformanceInfo.IoOtherOperationCount = IoOtherOperationCount;
//
// Ke information.
//
// These counters are kept on a per processor basis and must
// be totaled.
//
{
ULONG FirstLevelTbFills = 0;
ULONG SecondLevelTbFills = 0;
ULONG SystemCalls = 0;
// ULONG InterruptCount = 0;
ContextSwitches = 0;
for (i = 0; i < (ULONG)KeNumberProcessors; i += 1) {
Prcb = KiProcessorBlock[i];
if (Prcb != NULL) {
ContextSwitches += KeGetContextSwitches(Prcb);
FirstLevelTbFills += Prcb->KeFirstLevelTbFills;
// InterruptCount += Prcb->KeInterruptCount;
SecondLevelTbFills += Prcb->KeSecondLevelTbFills;
SystemCalls += Prcb->KeSystemCalls;
}
}
LocalPerformanceInfo.ContextSwitches = ContextSwitches;
LocalPerformanceInfo.FirstLevelTbFills = FirstLevelTbFills;
// LocalPerformanceInfo.InterruptCount = KeInterruptCount;
LocalPerformanceInfo.SecondLevelTbFills = SecondLevelTbFills;
LocalPerformanceInfo.SystemCalls = SystemCalls;
}
//
// Mm information.
//
LocalPerformanceInfo.AvailablePages = MmAvailablePages;
LocalPerformanceInfo.CommittedPages = (SYSINF_PAGE_COUNT)MmTotalCommittedPages;
LocalPerformanceInfo.CommitLimit = (SYSINF_PAGE_COUNT)MmTotalCommitLimit;
LocalPerformanceInfo.PeakCommitment = (SYSINF_PAGE_COUNT)MmPeakCommitment;
LocalPerformanceInfo.PageFaultCount = MmInfoCounters.PageFaultCount;
LocalPerformanceInfo.CopyOnWriteCount = MmInfoCounters.CopyOnWriteCount;
LocalPerformanceInfo.TransitionCount = MmInfoCounters.TransitionCount;
LocalPerformanceInfo.CacheTransitionCount = MmInfoCounters.CacheTransitionCount;
LocalPerformanceInfo.DemandZeroCount = MmInfoCounters.DemandZeroCount;
LocalPerformanceInfo.PageReadCount = MmInfoCounters.PageReadCount;
LocalPerformanceInfo.PageReadIoCount = MmInfoCounters.PageReadIoCount;
LocalPerformanceInfo.CacheReadCount = MmInfoCounters.CacheReadCount;
LocalPerformanceInfo.CacheIoCount = MmInfoCounters.CacheIoCount;
LocalPerformanceInfo.DirtyPagesWriteCount = MmInfoCounters.DirtyPagesWriteCount;
LocalPerformanceInfo.DirtyWriteIoCount = MmInfoCounters.DirtyWriteIoCount;
LocalPerformanceInfo.MappedPagesWriteCount = MmInfoCounters.MappedPagesWriteCount;
LocalPerformanceInfo.MappedWriteIoCount = MmInfoCounters.MappedWriteIoCount;
LocalPerformanceInfo.FreeSystemPtes = MmTotalFreeSystemPtes[0];
LocalPerformanceInfo.ResidentSystemCodePage = MmSystemCodePage;
LocalPerformanceInfo.ResidentSystemCachePage = MmSystemCachePage;
LocalPerformanceInfo.ResidentPagedPoolPage = MmPagedPoolPage;
LocalPerformanceInfo.ResidentSystemDriverPage = MmSystemDriverPage;
LocalPerformanceInfo.TotalSystemCodePages = MmTotalSystemCodePages;
LocalPerformanceInfo.TotalSystemDriverPages = MmTotalSystemDriverPages;
LocalPerformanceInfo.AvailablePagedPoolPages = (ULONG)MmAvailablePoolInPages (PagedPool);
//
// Process information.
//
LocalPerformanceInfo.IdleProcessTime.QuadPart =
UInt32x32To64(PsIdleProcess->Pcb.KernelTime,
KeMaximumIncrement);
//
// Pool information.
//
LocalPerformanceInfo.PagedPoolPages = 0;
LocalPerformanceInfo.NonPagedPoolPages = 0;
LocalPerformanceInfo.PagedPoolAllocs = 0;
LocalPerformanceInfo.PagedPoolFrees = 0;
LocalPerformanceInfo.PagedPoolLookasideHits = 0;
LocalPerformanceInfo.NonPagedPoolAllocs = 0;
LocalPerformanceInfo.NonPagedPoolFrees = 0;
LocalPerformanceInfo.NonPagedPoolLookasideHits = 0;
ExQueryPoolUsage( &LocalPerformanceInfo.PagedPoolPages,
&LocalPerformanceInfo.NonPagedPoolPages,
&LocalPerformanceInfo.PagedPoolAllocs,
&LocalPerformanceInfo.PagedPoolFrees,
&LocalPerformanceInfo.PagedPoolLookasideHits,
&LocalPerformanceInfo.NonPagedPoolAllocs,
&LocalPerformanceInfo.NonPagedPoolFrees,
&LocalPerformanceInfo.NonPagedPoolLookasideHits
);
//
// Cache Manager information.
//
LocalPerformanceInfo.CcFastReadNoWait = CcFastReadNoWait;
LocalPerformanceInfo.CcFastReadWait = CcFastReadWait;
LocalPerformanceInfo.CcFastReadResourceMiss = CcFastReadResourceMiss;
LocalPerformanceInfo.CcFastReadNotPossible = CcFastReadNotPossible;
LocalPerformanceInfo.CcFastMdlReadNoWait = CcFastMdlReadNoWait;
LocalPerformanceInfo.CcFastMdlReadWait = CcFastMdlReadWait;
LocalPerformanceInfo.CcFastMdlReadResourceMiss = CcFastMdlReadResourceMiss;
LocalPerformanceInfo.CcFastMdlReadNotPossible = CcFastMdlReadNotPossible;
LocalPerformanceInfo.CcMapDataNoWait = CcMapDataNoWait;
LocalPerformanceInfo.CcMapDataWait = CcMapDataWait;
LocalPerformanceInfo.CcMapDataNoWaitMiss = CcMapDataNoWaitMiss;
LocalPerformanceInfo.CcMapDataWaitMiss = CcMapDataWaitMiss;
LocalPerformanceInfo.CcPinMappedDataCount = CcPinMappedDataCount;
LocalPerformanceInfo.CcPinReadNoWait = CcPinReadNoWait;
LocalPerformanceInfo.CcPinReadWait = CcPinReadWait;
LocalPerformanceInfo.CcPinReadNoWaitMiss = CcPinReadNoWaitMiss;
LocalPerformanceInfo.CcPinReadWaitMiss = CcPinReadWaitMiss;
LocalPerformanceInfo.CcCopyReadNoWait = CcCopyReadNoWait;
LocalPerformanceInfo.CcCopyReadWait = CcCopyReadWait;
LocalPerformanceInfo.CcCopyReadNoWaitMiss = CcCopyReadNoWaitMiss;
LocalPerformanceInfo.CcCopyReadWaitMiss = CcCopyReadWaitMiss;
LocalPerformanceInfo.CcMdlReadNoWait = CcMdlReadNoWait;
LocalPerformanceInfo.CcMdlReadWait = CcMdlReadWait;
LocalPerformanceInfo.CcMdlReadNoWaitMiss = CcMdlReadNoWaitMiss;
LocalPerformanceInfo.CcMdlReadWaitMiss = CcMdlReadWaitMiss;
LocalPerformanceInfo.CcReadAheadIos = CcReadAheadIos;
LocalPerformanceInfo.CcLazyWriteIos = CcLazyWriteIos;
LocalPerformanceInfo.CcLazyWritePages = CcLazyWritePages;
LocalPerformanceInfo.CcDataFlushes = CcDataFlushes;
LocalPerformanceInfo.CcDataPages = CcDataPages;
#if !defined(NT_UP)
//
// On an MP machines go sum up some other 'hot' cache manager
// statistics.
//
for (i = 0; i < (ULONG)KeNumberProcessors; i++) {
Prcb = KiProcessorBlock[i];
LocalPerformanceInfo.CcFastReadNoWait += Prcb->CcFastReadNoWait;
LocalPerformanceInfo.CcFastReadWait += Prcb->CcFastReadWait;
LocalPerformanceInfo.CcFastReadNotPossible += Prcb->CcFastReadNotPossible;
LocalPerformanceInfo.CcCopyReadNoWait += Prcb->CcCopyReadNoWait;
LocalPerformanceInfo.CcCopyReadWait += Prcb->CcCopyReadWait;
LocalPerformanceInfo.CcCopyReadNoWaitMiss += Prcb->CcCopyReadNoWaitMiss;
}
#endif
*PerformanceInfo = LocalPerformanceInfo;
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof(LocalPerformanceInfo);
}
break;
case SystemProcessorPerformanceInformation:
if (SystemInformationLength <
sizeof( SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
ProcessorPerformanceInfo =
(PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION) SystemInformation;
Length = 0;
for (i = 0; i < (ULONG)KeNumberProcessors; i++) {
Prcb = KiProcessorBlock[i];
if (Prcb != NULL) {
if (SystemInformationLength < Length + sizeof(SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION))
break;
Length += sizeof(SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION);
ProcessorPerformanceInfo->UserTime.QuadPart =
UInt32x32To64(Prcb->UserTime,
KeMaximumIncrement);
ProcessorPerformanceInfo->KernelTime.QuadPart =
UInt32x32To64(Prcb->KernelTime,
KeMaximumIncrement);
ProcessorPerformanceInfo->DpcTime.QuadPart =
UInt32x32To64(Prcb->DpcTime,
KeMaximumIncrement);
ProcessorPerformanceInfo->InterruptTime.QuadPart =
UInt32x32To64(Prcb->InterruptTime,
KeMaximumIncrement);
ProcessorPerformanceInfo->IdleTime.QuadPart =
UInt32x32To64(Prcb->IdleThread->KernelTime,
KeMaximumIncrement);
ProcessorPerformanceInfo->InterruptCount = Prcb->InterruptCount;
ProcessorPerformanceInfo++;
}
}
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemProcessorPowerInformation:
if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_POWER_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
ExpGetProcessorPowerInformation(
SystemInformation,
SystemInformationLength,
&Length
);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemProcessorIdleInformation:
if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_IDLE_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
ExpGetProcessorIdleInformation(
SystemInformation,
SystemInformationLength,
&Length
);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemTimeOfDayInformation:
if (SystemInformationLength > sizeof (SYSTEM_TIMEOFDAY_INFORMATION)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
RtlZeroMemory (&LocalTimeOfDayInfo, sizeof(LocalTimeOfDayInfo));
KeQuerySystemTime(&LocalTimeOfDayInfo.CurrentTime);
LocalTimeOfDayInfo.BootTime = KeBootTime;
LocalTimeOfDayInfo.TimeZoneBias = ExpTimeZoneBias;
LocalTimeOfDayInfo.TimeZoneId = ExpCurrentTimeZoneId;
LocalTimeOfDayInfo.BootTimeBias = KeBootTimeBias;
LocalTimeOfDayInfo.SleepTimeBias = KeInterruptTimeBias;
try {
RtlCopyMemory (
SystemInformation,
&LocalTimeOfDayInfo,
SystemInformationLength
);
if (ARGUMENT_PRESENT(ReturnLength) ) {
*ReturnLength = SystemInformationLength;
}
} except(EXCEPTION_EXECUTE_HANDLER) {
return GetExceptionCode ();
}
break;
//
// Query system time adjustment information.
//
case SystemTimeAdjustmentInformation:
if (SystemInformationLength != sizeof( SYSTEM_QUERY_TIME_ADJUST_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
TimeAdjustmentInformation =
(PSYSTEM_QUERY_TIME_ADJUST_INFORMATION)SystemInformation;
TimeAdjustmentInformation->TimeAdjustment = KeTimeAdjustment;
TimeAdjustmentInformation->TimeIncrement = KeMaximumIncrement;
TimeAdjustmentInformation->Enable = KeTimeSynchronization;
break;
case SystemSummaryMemoryInformation:
case SystemFullMemoryInformation:
if (SystemInformationLength < sizeof( SYSTEM_MEMORY_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Status = MmMemoryUsage (SystemInformation,
SystemInformationLength,
(SystemInformationClass == SystemFullMemoryInformation) ? 0 : 1,
&Length);
if (NT_SUCCESS(Status) && ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemPathInformation:
#if DBG
DbgPrint( "EX: SystemPathInformation now available via SharedUserData\n" );
DbgBreakPoint();
#endif
return STATUS_NOT_IMPLEMENTED;
break;
case SystemProcessInformation:
case SystemExtendedProcessInformation:
{
BOOLEAN ExtendedInformation;
if (SystemInformationClass == SystemProcessInformation ) {
ExtendedInformation = FALSE;
} else {
ExtendedInformation = TRUE;
}
Status = ExpGetProcessInformation (SystemInformation,
SystemInformationLength,
&Length,
NULL,
ExtendedInformation);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
}
break;
case SystemSessionProcessInformation:
SessionProcessInformation =
(PSYSTEM_SESSION_PROCESS_INFORMATION)SystemInformation;
if (SystemInformationLength < sizeof( SYSTEM_SESSION_PROCESS_INFORMATION)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
//
// The lower level locks the buffer specified below into memory using MmProbeAndLockPages.
// We don't need to probe the buffers here.
//
SessionId = SessionProcessInformation->SessionId;
ProcessInformation = SessionProcessInformation->Buffer;
ProcessInformationLength = SessionProcessInformation->SizeOfBuf;
if (!POINTER_IS_ALIGNED (ProcessInformation, sizeof (ULONG))) {
return STATUS_DATATYPE_MISALIGNMENT;
}
Status = ExpGetProcessInformation (ProcessInformation,
ProcessInformationLength,
&Length,
&SessionId,
FALSE);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemCallCountInformation:
Length = sizeof(SYSTEM_CALL_COUNT_INFORMATION) +
(NUMBER_SERVICE_TABLES * sizeof(ULONG));
Table = KeServiceDescriptorTableShadow;
for (i = 0; i < NUMBER_SERVICE_TABLES; i += 1) {
if ((Table->Limit != 0) && (Table->Count != NULL)) {
Length += Table->Limit * sizeof(ULONG);
}
Table += 1;
}
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
if (SystemInformationLength < Length) {
return STATUS_INFO_LENGTH_MISMATCH;
}
CallCountInformation = (PSYSTEM_CALL_COUNT_INFORMATION)SystemInformation;
CallCountInformation->Length = Length;
CallCountInformation->NumberOfTables = NUMBER_SERVICE_TABLES;
TableLimit = (PULONG)(CallCountInformation + 1);
TableCounts = TableLimit + NUMBER_SERVICE_TABLES;
Table = KeServiceDescriptorTableShadow;
for (i = 0; i < NUMBER_SERVICE_TABLES; i += 1) {
if ((Table->Limit == 0) || (Table->Count == NULL)) {
*TableLimit++ = 0;
} else {
*TableLimit++ = Table->Limit;
RtlCopyMemory((PVOID)TableCounts,
(PVOID)Table->Count,
Table->Limit * sizeof(ULONG));
TableCounts += Table->Limit;
}
Table += 1;
}
break;
case SystemDeviceInformation:
if (SystemInformationLength != sizeof( SYSTEM_DEVICE_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
ConfigInfo = IoGetConfigurationInformation();
DeviceInformation = (PSYSTEM_DEVICE_INFORMATION)SystemInformation;
DeviceInformation->NumberOfDisks = ConfigInfo->DiskCount;
DeviceInformation->NumberOfFloppies = ConfigInfo->FloppyCount;
DeviceInformation->NumberOfCdRoms = ConfigInfo->CdRomCount;
DeviceInformation->NumberOfTapes = ConfigInfo->TapeCount;
DeviceInformation->NumberOfSerialPorts = ConfigInfo->SerialCount;
DeviceInformation->NumberOfParallelPorts = ConfigInfo->ParallelCount;
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof( SYSTEM_DEVICE_INFORMATION );
}
break;
case SystemFlagsInformation:
if (SystemInformationLength != sizeof( SYSTEM_FLAGS_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
((PSYSTEM_FLAGS_INFORMATION)SystemInformation)->Flags = NtGlobalFlag;
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof( SYSTEM_FLAGS_INFORMATION );
}
break;
case SystemCallTimeInformation:
return STATUS_NOT_IMPLEMENTED;
case SystemModuleInformation:
KeEnterCriticalRegion();
ExAcquireResourceExclusiveLite( &PsLoadedModuleResource, TRUE );
try {
Status = ExpQueryModuleInformation( &PsLoadedModuleList,
&MmLoadedUserImageList,
(PRTL_PROCESS_MODULES)SystemInformation,
SystemInformationLength,
ReturnLength
);
} except(EXCEPTION_EXECUTE_HANDLER) {
Status = GetExceptionCode();
}
ExReleaseResourceLite (&PsLoadedModuleResource);
KeLeaveCriticalRegion();
break;
case SystemLocksInformation:
if (SystemInformationLength < sizeof( RTL_PROCESS_LOCKS )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Status = ExpGetLockInformation (SystemInformation,
SystemInformationLength,
&Length);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemStackTraceInformation:
if (SystemInformationLength < sizeof( RTL_PROCESS_BACKTRACES )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
#if i386
Status = ExpGetStackTraceInformation (SystemInformation,
SystemInformationLength,
&Length);
#else
Status = STATUS_NOT_IMPLEMENTED;
#endif // i386
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemPagedPoolInformation:
Status = STATUS_NOT_IMPLEMENTED;
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = 0;
}
break;
case SystemNonPagedPoolInformation:
Status = STATUS_NOT_IMPLEMENTED;
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = 0;
}
break;
case SystemHandleInformation:
if (SystemInformationLength < sizeof( SYSTEM_HANDLE_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (!POINTER_IS_ALIGNED (SystemInformation, TYPE_ALIGNMENT (SYSTEM_HANDLE_INFORMATION))) {
return STATUS_DATATYPE_MISALIGNMENT;
}
Status = ExpGetHandleInformation( SystemInformation,
SystemInformationLength,
&Length
);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemExtendedHandleInformation:
if (SystemInformationLength < sizeof( SYSTEM_HANDLE_INFORMATION_EX )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (!POINTER_IS_ALIGNED (SystemInformation, TYPE_ALIGNMENT (SYSTEM_HANDLE_INFORMATION_EX))) {
return STATUS_DATATYPE_MISALIGNMENT;
}
Status = ExpGetHandleInformationEx( SystemInformation,
SystemInformationLength,
&Length
);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemObjectInformation:
if (SystemInformationLength < sizeof( SYSTEM_OBJECTTYPE_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Status = ExpGetObjectInformation( SystemInformation,
SystemInformationLength,
&Length
);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemPageFileInformation:
if (SystemInformationLength < sizeof( SYSTEM_PAGEFILE_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Status = MmGetPageFileInformation( SystemInformation,
SystemInformationLength,
&Length
);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemFileCacheInformation:
//
// This structure was extended in NT 4.0 from 12 bytes.
// Use the previous size of 12 bytes for versioning info.
//
if (SystemInformationLength < 12) {
return STATUS_INFO_LENGTH_MISMATCH;
}
FileCache = (PSYSTEM_FILECACHE_INFORMATION)SystemInformation;
FileCache->CurrentSize = ((SIZE_T)MmSystemCacheWs.WorkingSetSize) << PAGE_SHIFT;
FileCache->PeakSize = ((SIZE_T)MmSystemCacheWs.PeakWorkingSetSize) << PAGE_SHIFT;
FileCache->PageFaultCount = MmSystemCacheWs.PageFaultCount;
i = 12;
if (SystemInformationLength >= sizeof( SYSTEM_FILECACHE_INFORMATION )) {
i = sizeof (SYSTEM_FILECACHE_INFORMATION);
FileCache->MinimumWorkingSet =
MmSystemCacheWs.MinimumWorkingSetSize;
FileCache->MaximumWorkingSet =
MmSystemCacheWs.MaximumWorkingSetSize;
FileCache->CurrentSizeIncludingTransitionInPages = MmSystemCacheWs.WorkingSetSize + MmTransitionSharedPages;
FileCache->PeakSizeIncludingTransitionInPages = MmTransitionSharedPagesPeak;
FileCache->TransitionRePurposeCount = MmStandbyRePurposed;
}
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = i;
}
break;
case SystemSessionPoolTagInformation:
SessionProcessInformation =
(PSYSTEM_SESSION_PROCESS_INFORMATION)SystemInformation;
if (SystemInformationLength < sizeof( SYSTEM_SESSION_PROCESS_INFORMATION)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
//
// The lower level locks the buffer specified below into
// memory using MmProbeAndLockPages.
// We don't need to probe the buffers here.
//
SessionId = SessionProcessInformation->SessionId;
SessionPoolTagInformation = SessionProcessInformation->Buffer;
SessionPoolTagInformationLength = SessionProcessInformation->SizeOfBuf;
if (!POINTER_IS_ALIGNED (SessionPoolTagInformation, sizeof (ULONGLONG))) {
return STATUS_DATATYPE_MISALIGNMENT;
}
Status = ExGetSessionPoolTagInformation (
SessionPoolTagInformation,
SessionPoolTagInformationLength,
&Length,
&SessionId);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemPoolTagInformation:
if (SystemInformationLength < sizeof( SYSTEM_POOLTAG_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Status = ExGetPoolTagInfo (SystemInformation,
SystemInformationLength,
ReturnLength);
break;
case SystemBigPoolInformation:
if (SystemInformationLength < sizeof( SYSTEM_BIGPOOL_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Status = ExGetBigPoolInfo (SystemInformation,
SystemInformationLength,
ReturnLength);
break;
case SystemSessionMappedViewInformation:
SessionMappedViewInformation =
(PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION)SystemInformation;
if (SystemInformationLength < sizeof( SYSTEM_SESSION_MAPPED_VIEW_INFORMATION)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
//
// The lower level locks the buffer specified below into
// memory using MmProbeAndLockPages.
// We don't need to probe the buffers here.
//
SessionId = SessionMappedViewInformation->SessionId;
if (!POINTER_IS_ALIGNED (SessionMappedViewInformation, sizeof (ULONGLONG))) {
return STATUS_DATATYPE_MISALIGNMENT;
}
Status = MmGetSessionMappedViewInformation (
SessionMappedViewInformation,
SystemInformationLength,
&Length,
&SessionId);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemVdmInstemulInformation:
#ifdef i386
if (SystemInformationLength < sizeof( SYSTEM_VDM_INSTEMUL_INFO )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Status = ExpGetInstemulInformation(
(PSYSTEM_VDM_INSTEMUL_INFO)SystemInformation
);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof(SYSTEM_VDM_INSTEMUL_INFO);
}
#else
Status = STATUS_NOT_IMPLEMENTED;
#endif
break;
//
// Get system exception information which includes the number
// of exceptions that have dispatched, the number of alignment
// fixups, and the number of floating emulations that have been
// performed.
//
case SystemExceptionInformation:
if (SystemInformationLength < sizeof( SYSTEM_EXCEPTION_INFORMATION)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof(SYSTEM_EXCEPTION_INFORMATION);
}
ExceptionInformation = (PSYSTEM_EXCEPTION_INFORMATION)SystemInformation;
//
// Ke information.
//
// These counters are kept on a per processor basis and must
// be totaled.
//
{
ULONG AlignmentFixupCount = 0;
ULONG ExceptionDispatchCount = 0;
ULONG FloatingEmulationCount = 0;
ULONG ByteWordEmulationCount = 0;
for (i = 0; i < (ULONG)KeNumberProcessors; i += 1) {
Prcb = KiProcessorBlock[i];
if (Prcb != NULL) {
AlignmentFixupCount += Prcb->KeAlignmentFixupCount;
ExceptionDispatchCount += Prcb->KeExceptionDispatchCount;
FloatingEmulationCount += Prcb->KeFloatingEmulationCount;
}
}
ExceptionInformation->AlignmentFixupCount = AlignmentFixupCount;
ExceptionInformation->ExceptionDispatchCount = ExceptionDispatchCount;
ExceptionInformation->FloatingEmulationCount = FloatingEmulationCount;
ExceptionInformation->ByteWordEmulationCount = ByteWordEmulationCount;
}
break;
case SystemKernelDebuggerInformation:
if (SystemInformationLength < sizeof( SYSTEM_KERNEL_DEBUGGER_INFORMATION)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
KernelDebuggerInformation =
(PSYSTEM_KERNEL_DEBUGGER_INFORMATION)SystemInformation;
KernelDebuggerInformation->KernelDebuggerEnabled = KdDebuggerEnabled;
KernelDebuggerInformation->KernelDebuggerNotPresent = KdDebuggerNotPresent;
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof(SYSTEM_KERNEL_DEBUGGER_INFORMATION);
}
break;
case SystemContextSwitchInformation:
if (SystemInformationLength < sizeof( SYSTEM_CONTEXT_SWITCH_INFORMATION)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
ContextSwitchInformation =
(PSYSTEM_CONTEXT_SWITCH_INFORMATION)SystemInformation;
//
// Compute the total number of context switches and fill in the
// remainder of the context switch information.
//
ContextSwitches = 0;
for (i = 0; i < (ULONG)KeNumberProcessors; i += 1) {
Prcb = KiProcessorBlock[i];
if (Prcb != NULL) {
ContextSwitches += KeGetContextSwitches(Prcb);
}
}
ContextSwitchInformation->ContextSwitches = ContextSwitches;
ContextSwitchInformation->FindAny = KeThreadSwitchCounters.FindAny;
ContextSwitchInformation->FindLast = KeThreadSwitchCounters.FindLast;
ContextSwitchInformation->FindIdeal = KeThreadSwitchCounters.FindIdeal;
ContextSwitchInformation->IdleAny = KeThreadSwitchCounters.IdleAny;
ContextSwitchInformation->IdleCurrent = KeThreadSwitchCounters.IdleCurrent;
ContextSwitchInformation->IdleLast = KeThreadSwitchCounters.IdleLast;
ContextSwitchInformation->IdleIdeal = KeThreadSwitchCounters.IdleIdeal;
ContextSwitchInformation->PreemptAny = KeThreadSwitchCounters.PreemptAny;
ContextSwitchInformation->PreemptCurrent = KeThreadSwitchCounters.PreemptCurrent;
ContextSwitchInformation->PreemptLast = KeThreadSwitchCounters.PreemptLast;
ContextSwitchInformation->SwitchToIdle = KeThreadSwitchCounters.SwitchToIdle;
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof(SYSTEM_CONTEXT_SWITCH_INFORMATION);
}
break;
case SystemRegistryQuotaInformation:
if (SystemInformationLength < sizeof( SYSTEM_REGISTRY_QUOTA_INFORMATION)) {
return(STATUS_INFO_LENGTH_MISMATCH);
}
CmQueryRegistryQuotaInformation((PSYSTEM_REGISTRY_QUOTA_INFORMATION)SystemInformation);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof(SYSTEM_REGISTRY_QUOTA_INFORMATION);
}
break;
case SystemDpcBehaviorInformation:
{
PSYSTEM_DPC_BEHAVIOR_INFORMATION DpcInfo;
//
// If the system information buffer is not the correct length,
// then return an error.
//
if (SystemInformationLength != sizeof(SYSTEM_DPC_BEHAVIOR_INFORMATION)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
DpcInfo = (PSYSTEM_DPC_BEHAVIOR_INFORMATION)SystemInformation;
//
// Exception handler for this routine will return the correct
// error if any of these accesses fail.
//
//
// Return the current DPC behavior variables
//
DpcInfo->DpcQueueDepth = KiMaximumDpcQueueDepth;
DpcInfo->MinimumDpcRate = KiMinimumDpcRate;
DpcInfo->AdjustDpcThreshold = KiAdjustDpcThreshold;
DpcInfo->IdealDpcRate = KiIdealDpcRate;
}
break;
case SystemInterruptInformation:
if (SystemInformationLength < (sizeof(SYSTEM_INTERRUPT_INFORMATION) * KeNumberProcessors)) {
return(STATUS_INFO_LENGTH_MISMATCH);
}
InterruptInformation = (PSYSTEM_INTERRUPT_INFORMATION)SystemInformation;
for (i=0; i < (ULONG)KeNumberProcessors; i++) {
Prcb = KiProcessorBlock[i];
InterruptInformation->ContextSwitches = KeGetContextSwitches(Prcb);
InterruptInformation->DpcCount = Prcb->DpcData[DPC_NORMAL].DpcCount;
InterruptInformation->DpcRate = Prcb->DpcRequestRate;
InterruptInformation->TimeIncrement = KeTimeIncrement;
InterruptInformation->DpcBypassCount = 0;
InterruptInformation->ApcBypassCount = 0;
++InterruptInformation;
}
break;
case SystemCurrentTimeZoneInformation:
if (SystemInformationLength < sizeof( RTL_TIME_ZONE_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
RtlCopyMemory(SystemInformation,&ExpTimeZoneInformation,sizeof(ExpTimeZoneInformation));
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = sizeof( RTL_TIME_ZONE_INFORMATION );
}
Status = STATUS_SUCCESS;
break;
//
// Query pool lookaside list and general lookaside list
// information.
//
case SystemLookasideInformation:
Status = ExpGetLookasideInformation(SystemInformation,
SystemInformationLength,
&Length);
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = Length;
}
break;
case SystemRangeStartInformation:
if ( SystemInformationLength != sizeof(ULONG_PTR) ) {
return STATUS_INFO_LENGTH_MISMATCH;
}
*(PULONG_PTR)SystemInformation = (ULONG_PTR)MmSystemRangeStart;
if (ARGUMENT_PRESENT(ReturnLength) ) {
*ReturnLength = sizeof(ULONG_PTR);
}
break;
case SystemVerifierInformation:
if (SystemInformationLength < sizeof( SYSTEM_VERIFIER_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Status = MmGetVerifierInformation( SystemInformation,
SystemInformationLength,
&Length
);
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = Length;
}
break;
case SystemLegacyDriverInformation:
if (SystemInformationLength < sizeof(SYSTEM_LEGACY_DRIVER_INFORMATION)) {
return(STATUS_INFO_LENGTH_MISMATCH);
}
Length = SystemInformationLength;
Status = ExpQueryLegacyDriverInformation((PSYSTEM_LEGACY_DRIVER_INFORMATION)SystemInformation, &Length);
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = Length;
}
break;
case SystemPerformanceTraceInformation:
#ifdef NTPERF
Status = PerfInfoQueryPerformanceTraceInformation(SystemInformation,
SystemInformationLength,
&Length
);
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = Length;
}
#else
Status = STATUS_INVALID_INFO_CLASS;
#endif // NTPERF
break;
case SystemPrefetcherInformation:
Status = CcPfQueryPrefetcherInformation(SystemInformationClass,
SystemInformation,
SystemInformationLength,
PreviousMode,
&Length
);
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = Length;
}
break;
case SystemNumaProcessorMap:
Status = ExpQueryNumaProcessorMap(SystemInformation,
SystemInformationLength,
&Length);
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = Length;
}
break;
case SystemNumaAvailableMemory:
Status = ExpQueryNumaAvailableMemory(SystemInformation,
SystemInformationLength,
&Length);
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = Length;
}
break;
case SystemRecommendedSharedDataAlignment:
if (SystemInformationLength < sizeof(ULONG)) {
return(STATUS_INFO_LENGTH_MISMATCH);
}
//
// Alignment is guaranteed by the ProbeForWrite above
// so just store the value as a ULONG.
//
*(PULONG)SystemInformation = KeGetRecommendedSharedDataAlignment();
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = sizeof(ULONG);
}
break;
case SystemComPlusPackage:
if (SystemInformationLength != sizeof(ULONG)) {
return(STATUS_INFO_LENGTH_MISMATCH);
}
if (SharedUserData->ComPlusPackage == COMPLUS_PACKAGE_INVALID) {
//
// The initialization happens one time.
//
SharedUserData->ComPlusPackage = 0;
ExpReadComPlusPackage ();
}
*(PULONG)SystemInformation = SharedUserData->ComPlusPackage;
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = sizeof(ULONG);
}
break;
case SystemLostDelayedWriteInformation:
if (SystemInformationLength < sizeof(ULONG)) {
return(STATUS_INFO_LENGTH_MISMATCH);
}
*(PULONG)SystemInformation = CcLostDelayedWrites;
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = sizeof(ULONG);
}
break;
case SystemObjectSecurityMode:
if (SystemInformationLength != sizeof (ULONG)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
*(PULONG)SystemInformation = ObGetSecurityMode ();
if (ARGUMENT_PRESENT (ReturnLength)) {
*ReturnLength = sizeof (ULONG);
}
break;
case SystemWatchdogTimerInformation:
{
PSYSTEM_WATCHDOG_TIMER_INFORMATION WdTimerInfo = (PSYSTEM_WATCHDOG_TIMER_INFORMATION) SystemInformation;
//
// Caller must be kernel mode with the proper parameters
//
if (PreviousMode != KernelMode || SystemInformation == NULL || SystemInformationLength != sizeof(SYSTEM_WATCHDOG_TIMER_INFORMATION)) {
ExRaiseStatus (STATUS_INVALID_PARAMETER);
}
if (ExpWdHandler == NULL) {
Status = STATUS_NOT_IMPLEMENTED;
} else {
switch (WdTimerInfo->WdInfoClass) {
case WdInfoTimeoutValue:
Status = ExpWdHandler( WdActionQueryTimeoutValue, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE );
break;
case WdInfoTriggerAction:
Status = ExpWdHandler( WdActionQueryTriggerAction, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE );
break;
case WdInfoState:
Status = ExpWdHandler( WdActionQueryState, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE );
break;
default:
Status = STATUS_INVALID_PARAMETER;
break;
}
}
}
break;
case SystemLogicalProcessorInformation:
Status = KeQueryLogicalProcessorInformation(
SystemInformation,
SystemInformationLength,
&Length);
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = Length;
}
break;
default:
//
// Invalid argument.
//
return STATUS_INVALID_INFO_CLASS;
}
} except (EXCEPTION_EXECUTE_HANDLER) {
Status = GetExceptionCode();
}
return Status;
}
NTSTATUS
NTAPI
NtSetSystemInformation (
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
IN PVOID SystemInformation,
IN ULONG SystemInformationLength
)
/*++
Routine Description:
This function set information about the system.
Arguments:
SystemInformationClass - The system information class which is to
be modified.
SystemInformation - A pointer to a buffer which contains the specified
information. The format and content of the buffer depend on the
specified system information class.
SystemInformationLength - Specifies the length in bytes of the system
information buffer.
Return Value:
Returns one of the following status codes:
STATUS_SUCCESS - Normal, successful completion.
STATUS_ACCESS_VIOLATION - The specified system information buffer
is not accessible.
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
did not specify a valid value.
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
parameter did not match the length required for the information
class requested by the SystemInformationClass parameter.
STATUS_PRIVILEGE_NOT_HELD is returned if the caller does not have the
privilege to set the system time.
--*/
{
BOOLEAN Enable;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
ULONG TimeAdjustment;
PSYSTEM_SET_TIME_ADJUST_INFORMATION TimeAdjustmentInformation;
HANDLE EventHandle;
PVOID Event;
ULONG LoadFlags = MM_LOAD_IMAGE_IN_SESSION;
PAGED_CODE();
//
// Establish an exception handle in case the system information buffer
// is not accessible.
//
Status = STATUS_SUCCESS;
try {
//
// Get the previous processor mode and probe the input buffer for
// read access if necessary.
//
PreviousMode = KeGetPreviousMode();
if (PreviousMode != KernelMode) {
ProbeForRead((PVOID)SystemInformation,
SystemInformationLength,
sizeof(ULONG));
}
//
// Dispatch on the system information class.
//
switch (SystemInformationClass) {
case SystemFlagsInformation:
if (SystemInformationLength != sizeof( SYSTEM_FLAGS_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (!SeSinglePrivilegeCheck( SeDebugPrivilege, PreviousMode )) {
return STATUS_ACCESS_DENIED;
}
else {
ULONG Flags;
Flags = ((PSYSTEM_FLAGS_INFORMATION)SystemInformation)->Flags &
~(FLG_KERNELMODE_VALID_BITS | FLG_BOOTONLY_VALID_BITS);
Flags |= NtGlobalFlag & (FLG_KERNELMODE_VALID_BITS | FLG_BOOTONLY_VALID_BITS);
NtGlobalFlag = Flags;
((PSYSTEM_FLAGS_INFORMATION)SystemInformation)->Flags = NtGlobalFlag;
}
break;
//
// Set system time adjustment information.
//
// N.B. The caller must have the SeSystemTime privilege.
//
case SystemTimeAdjustmentInformation:
//
// If the system information buffer is not the correct length,
// then return an error.
//
if (SystemInformationLength != sizeof( SYSTEM_SET_TIME_ADJUST_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
//
// If the current thread does not have the privilege to set the
// time adjustment variables, then return an error.
//
if ((PreviousMode != KernelMode) &&
(SeSinglePrivilegeCheck(SeSystemtimePrivilege, PreviousMode) == FALSE)) {
return STATUS_PRIVILEGE_NOT_HELD;
}
//
// Set system time adjustment parameters.
//
TimeAdjustmentInformation =
(PSYSTEM_SET_TIME_ADJUST_INFORMATION)SystemInformation;
Enable = TimeAdjustmentInformation->Enable;
TimeAdjustment = TimeAdjustmentInformation->TimeAdjustment;
if (Enable == TRUE) {
KeTimeAdjustment = KeMaximumIncrement;
} else {
if (TimeAdjustment == 0) {
return STATUS_INVALID_PARAMETER_2;
}
KeTimeAdjustment = TimeAdjustment;
}
KeTimeSynchronization = Enable;
break;
//
// Set an event to signal when the clock interrupt has been
// masked for too long, causing the time to slip.
// The event will be referenced to prevent it from being
// deleted. If the new event handle is valid or NULL, the
// old event will be dereferenced and forgotten. If the
// event handle is non-NULL but invalid, the old event will
// be remembered and a failure status will be returned.
//
// N.B. The caller must have the SeSystemTime privilege.
//
case SystemTimeSlipNotification:
if (SystemInformationLength != sizeof(HANDLE)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
//
// If the current thread does not have the privilege to set the
// time adjustment variables, then return an error.
//
if ((PreviousMode != KernelMode) &&
(SeSinglePrivilegeCheck(SeSystemtimePrivilege, PreviousMode) == FALSE)) {
return STATUS_PRIVILEGE_NOT_HELD;
}
EventHandle = *(PHANDLE)SystemInformation;
if (EventHandle == NULL) {
//
// Dereference the old event and don't signal anything
// for time slips.
//
Event = NULL;
Status = STATUS_SUCCESS;
} else {
Status = ObReferenceObjectByHandle(EventHandle,
EVENT_MODIFY_STATE,
ExEventObjectType,
PreviousMode,
&Event,
NULL);
}
if (NT_SUCCESS(Status)) {
KdUpdateTimeSlipEvent(Event);
}
break;
//
// Set registry quota limit.
//
// N.B. The caller must have SeIncreaseQuotaPrivilege
//
case SystemRegistryQuotaInformation:
//
// If the system information buffer is not the correct length,
// then return an error.
//
if (SystemInformationLength != sizeof( SYSTEM_REGISTRY_QUOTA_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
//
// If the current thread does not have the privilege to create
// a pagefile, then return an error.
//
if ((PreviousMode != KernelMode) &&
(SeSinglePrivilegeCheck(SeIncreaseQuotaPrivilege, PreviousMode) == FALSE)) {
return STATUS_PRIVILEGE_NOT_HELD;
}
//
// Set registry quota parameters.
//
CmSetRegistryQuotaInformation((PSYSTEM_REGISTRY_QUOTA_INFORMATION)SystemInformation);
break;
case SystemPrioritySeperation:
{
ULONG PrioritySeparation;
//
// If the system information buffer is not the correct length,
// then return an error.
//
if (SystemInformationLength != sizeof (ULONG)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (!SeSinglePrivilegeCheck (SeTcbPrivilege, PreviousMode)) {
return STATUS_PRIVILEGE_NOT_HELD;
}
try {
PrioritySeparation = *(PULONG)SystemInformation;
}
except(EXCEPTION_EXECUTE_HANDLER) {
return GetExceptionCode();
}
PsChangeQuantumTable (TRUE, PrioritySeparation);
Status = STATUS_SUCCESS;
}
break;
case SystemExtendServiceTableInformation:
{
UNICODE_STRING Image;
PWSTR Buffer;
PVOID ImageBaseAddress;
ULONG_PTR EntryPoint;
PVOID SectionPointer;
PIMAGE_NT_HEADERS NtHeaders;
PDRIVER_INITIALIZE InitRoutine;
DRIVER_OBJECT Win32KDevice;
//
// If the system information buffer is not the correct length,
// then return an error.
//
if (SystemInformationLength != sizeof( UNICODE_STRING ) ) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (PreviousMode != KernelMode) {
//
// The caller's access mode is not kernel so check to ensure
// the caller has the privilege to load a driver.
//
if (!SeSinglePrivilegeCheck( SeLoadDriverPrivilege, PreviousMode )) {
return STATUS_PRIVILEGE_NOT_HELD;
}
Buffer = NULL;
try {
Image = *(PUNICODE_STRING)SystemInformation;
//
// Guard against overflow.
//
if (Image.Length > Image.MaximumLength) {
Image.Length = Image.MaximumLength;
}
if (Image.Length == 0) {
return STATUS_NO_MEMORY;
}
ProbeForRead(Image.Buffer, Image.Length, sizeof(UCHAR));
Buffer = ExAllocatePoolWithTag(PagedPool, Image.Length, 'ofnI');
if ( !Buffer ) {
return STATUS_NO_MEMORY;
}
RtlCopyMemory(Buffer, Image.Buffer, Image.Length);
Image.Buffer = Buffer;
Image.MaximumLength = Image.Length;
}
except(EXCEPTION_EXECUTE_HANDLER) {
if ( Buffer ) {
ExFreePool(Buffer);
}
return GetExceptionCode();
}
//
// Call MmLoadSystemImage with previous mode of kernel.
//
Status = ZwSetSystemInformation(
SystemExtendServiceTableInformation,
(PVOID)&Image,
sizeof(Image)
);
ExFreePool(Buffer);
return Status;
}
Image = *(PUNICODE_STRING)SystemInformation;
//
// Now in kernelmode, so load the driver.
//
Status = MmLoadSystemImage (&Image,
NULL,
NULL,
MM_LOAD_IMAGE_IN_SESSION,
&SectionPointer,
(PVOID *) &ImageBaseAddress);
if (!NT_SUCCESS (Status)) {
return Status;
}
NtHeaders = RtlImageNtHeader( ImageBaseAddress );
if (! NtHeaders) {
MmUnloadSystemImage (SectionPointer);
return STATUS_INVALID_IMAGE_FORMAT;
}
EntryPoint = NtHeaders->OptionalHeader.AddressOfEntryPoint;
EntryPoint += (ULONG_PTR) ImageBaseAddress;
InitRoutine = (PDRIVER_INITIALIZE) EntryPoint;
RtlZeroMemory (&Win32KDevice, sizeof(Win32KDevice));
ASSERT (KeGetCurrentIrql() == 0);
Win32KDevice.DriverStart = (PVOID)ImageBaseAddress;
Status = (InitRoutine)(&Win32KDevice,NULL);
ASSERT (KeGetCurrentIrql() == 0);
if (!NT_SUCCESS (Status)) {
MmUnloadSystemImage (SectionPointer);
}
else {
//
// Pass the driver object to memory management so the
// session can be unloaded cleanly.
//
MmSessionSetUnloadAddress (&Win32KDevice);
}
}
break;
case SystemUnloadGdiDriverInformation:
{
if (SystemInformationLength != sizeof( PVOID ) ) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (PreviousMode != KernelMode) {
//
// The caller's access mode is not kernel so fail.
// Only GDI from the kernel can call this.
//
return STATUS_PRIVILEGE_NOT_HELD;
}
MmUnloadSystemImage( *((PVOID *)SystemInformation) );
Status = STATUS_SUCCESS;
}
break;
case SystemLoadGdiDriverInSystemSpace:
{
LoadFlags &= ~MM_LOAD_IMAGE_IN_SESSION;
//
// Fall through
//
}
case SystemLoadGdiDriverInformation:
{
UNICODE_STRING Image;
PVOID ImageBaseAddress;
ULONG_PTR EntryPoint;
PVOID SectionPointer;
PIMAGE_NT_HEADERS NtHeaders;
//
// If the system information buffer is not the correct length,
// then return an error.
//
if (SystemInformationLength != sizeof( SYSTEM_GDI_DRIVER_INFORMATION ) ) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (PreviousMode != KernelMode) {
//
// The caller's access mode is not kernel so fail.
// Only GDI from the kernel can call this.
//
return STATUS_PRIVILEGE_NOT_HELD;
}
Image = ((PSYSTEM_GDI_DRIVER_INFORMATION)SystemInformation)->DriverName;
Status = MmLoadSystemImage (&Image,
NULL,
NULL,
LoadFlags,
&SectionPointer,
(PVOID *) &ImageBaseAddress);
if ((NT_SUCCESS( Status ))) {
PSYSTEM_GDI_DRIVER_INFORMATION GdiDriverInfo =
(PSYSTEM_GDI_DRIVER_INFORMATION) SystemInformation;
ULONG Size;
GdiDriverInfo->ExportSectionPointer =
RtlImageDirectoryEntryToData(ImageBaseAddress,
TRUE,
IMAGE_DIRECTORY_ENTRY_EXPORT,
&Size);
//
// Capture the entry point.
//
NtHeaders = RtlImageNtHeader( ImageBaseAddress );
EntryPoint = NtHeaders->OptionalHeader.AddressOfEntryPoint;
EntryPoint += (ULONG_PTR) ImageBaseAddress;
GdiDriverInfo->ImageAddress = (PVOID) ImageBaseAddress;
GdiDriverInfo->SectionPointer = SectionPointer;
GdiDriverInfo->EntryPoint = (PVOID) EntryPoint;
GdiDriverInfo->ImageLength = NtHeaders->OptionalHeader.SizeOfImage;
}
}
break;
case SystemFileCacheInformation:
if (SystemInformationLength < sizeof( SYSTEM_FILECACHE_INFORMATION )) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (!SeSinglePrivilegeCheck( SeIncreaseQuotaPrivilege, PreviousMode )) {
return STATUS_ACCESS_DENIED;
}
return MmAdjustWorkingSetSize (
((PSYSTEM_FILECACHE_INFORMATION)SystemInformation)->MinimumWorkingSet,
((PSYSTEM_FILECACHE_INFORMATION)SystemInformation)->MaximumWorkingSet,
TRUE,
TRUE);
break;
case SystemDpcBehaviorInformation:
{
SYSTEM_DPC_BEHAVIOR_INFORMATION DpcInfo;
//
// If the system information buffer is not the correct length,
// then return an error.
//
if (SystemInformationLength != sizeof(SYSTEM_DPC_BEHAVIOR_INFORMATION)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (PreviousMode != KernelMode) {
//
// The caller's access mode is not kernel so check to ensure that
// the caller has the privilege to load a driver.
//
if (!SeSinglePrivilegeCheck( SeLoadDriverPrivilege, PreviousMode )) {
return STATUS_PRIVILEGE_NOT_HELD;
}
}
//
// Exception handler for this routine will return the correct
// error if this access fails.
//
DpcInfo = *(PSYSTEM_DPC_BEHAVIOR_INFORMATION)SystemInformation;
//
// Set the new DPC behavior variables
//
KiMaximumDpcQueueDepth = DpcInfo.DpcQueueDepth;
KiMinimumDpcRate = DpcInfo.MinimumDpcRate;
KiAdjustDpcThreshold = DpcInfo.AdjustDpcThreshold;
KiIdealDpcRate = DpcInfo.IdealDpcRate;
}
break;
case SystemSessionCreate:
{
//
// Creation of a session space.
//
ULONG SessionId;
//
// If the system information buffer is not the correct length,
// then return an error.
//
if (SystemInformationLength != sizeof(ULONG)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (PreviousMode != KernelMode) {
//
// The caller's access mode is not kernel so check to
// ensure that the caller has the privilege to load
// a driver.
//
if (!SeSinglePrivilegeCheck (SeLoadDriverPrivilege, PreviousMode)) {
return STATUS_PRIVILEGE_NOT_HELD;
}
try {
ProbeForWriteUlong((PULONG)SystemInformation);
}
except (EXCEPTION_EXECUTE_HANDLER) {
return GetExceptionCode();
}
}
//
// Create a session space in the current process.
//
Status = MmSessionCreate (&SessionId);
if (NT_SUCCESS(Status)) {
if (PreviousMode != KernelMode) {
try {
*(PULONG)SystemInformation = SessionId;
}
except (EXCEPTION_EXECUTE_HANDLER) {
return GetExceptionCode();
}
}
else {
*(PULONG)SystemInformation = SessionId;
}
}
return Status;
}
break;
case SystemSessionDetach:
{
ULONG SessionId;
//
// If the system information buffer is not the correct length,
// then return an error.
//
if (SystemInformationLength != sizeof(ULONG)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
if (PreviousMode != KernelMode) {
//
// The caller's access mode is not kernel so check to
// ensure that the caller has the privilege to load
// a driver.
//
if (!SeSinglePrivilegeCheck( SeLoadDriverPrivilege, PreviousMode )) {
return STATUS_PRIVILEGE_NOT_HELD;
}
try {
ProbeForRead ((PVOID)SystemInformation,
sizeof(ULONG),
sizeof(ULONG));
SessionId = *(PULONG)SystemInformation;
}
except (EXCEPTION_EXECUTE_HANDLER) {
return GetExceptionCode();
}
}
else {
SessionId = *(PULONG)SystemInformation;
}
//
// Detach the current process from a session space
// if it has one.
//
Status = MmSessionDelete (SessionId);
return Status;
}
break;
case SystemCrashDumpStateInformation:
//
// All this system information does when you set it is trigger a
// reconfigurating of the current crashdump state based on the
// registry.
//
Status = IoConfigureCrashDump(CrashDumpReconfigure);
break;
case SystemPerformanceTraceInformation:
#ifdef NTPERF
Status = PerfInfoSetPerformanceTraceInformation(SystemInformation,
SystemInformationLength
);
#else
Status = STATUS_INVALID_INFO_CLASS;
#endif // NTPERF
break;
case SystemVerifierThunkExtend:
if (PreviousMode != KernelMode) {
//
// The caller's access mode is not kernel so fail.
// Only device drivers can call this.
//
return STATUS_PRIVILEGE_NOT_HELD;
}
Status = MmAddVerifierThunks (SystemInformation,
SystemInformationLength);
break;
case SystemVerifierInformation:
if (!SeSinglePrivilegeCheck (SeDebugPrivilege, PreviousMode)) {
return STATUS_ACCESS_DENIED;
}
Status = MmSetVerifierInformation (SystemInformation,
SystemInformationLength);
break;
case SystemVerifierAddDriverInformation:
case SystemVerifierRemoveDriverInformation:
{
UNICODE_STRING Image;
PUNICODE_STRING ImagePointer;
PWSTR Buffer;
//
// If the system information buffer is not the correct length,
// then return an error.
//
if (SystemInformationLength != sizeof( UNICODE_STRING ) ) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Buffer = NULL;
if (PreviousMode != KernelMode) {
//
// The caller's access mode is not kernel so check to ensure
// the caller has the privilege to add a verifier entry.
//
if (!SeSinglePrivilegeCheck( SeDebugPrivilege, PreviousMode )) {
return STATUS_PRIVILEGE_NOT_HELD;
}
try {
Image = *(PUNICODE_STRING)SystemInformation;
//
// Guard against overflow.
//
if (Image.Length > Image.MaximumLength) {
Image.Length = Image.MaximumLength;
}
if (Image.Length == 0) {
return STATUS_NO_MEMORY;
}
ProbeForRead(Image.Buffer, Image.Length, sizeof(UCHAR));
Buffer = ExAllocatePoolWithTag(PagedPool, Image.Length, 'ofnI');
if ( !Buffer ) {
return STATUS_NO_MEMORY;
}
RtlCopyMemory(Buffer, Image.Buffer, Image.Length);
Image.Buffer = Buffer;
Image.MaximumLength = Image.Length;
}
except(EXCEPTION_EXECUTE_HANDLER) {
if ( Buffer ) {
ExFreePool(Buffer);
}
return GetExceptionCode();
}
ImagePointer = &Image;
}
else {
ImagePointer = (PUNICODE_STRING)SystemInformation;
}
switch (SystemInformationClass) {
case SystemVerifierAddDriverInformation:
Status = MmAddVerifierEntry (ImagePointer);
break;
case SystemVerifierRemoveDriverInformation:
Status = MmRemoveVerifierEntry (ImagePointer);
break;
default:
Status = STATUS_INVALID_INFO_CLASS;
break;
}
if (Buffer) {
ExFreePool(Buffer);
}
}
break;
case SystemMirrorMemoryInformation:
Status = MmCreateMirror ();
break;
case SystemPrefetcherInformation:
Status = CcPfSetPrefetcherInformation(SystemInformationClass,
SystemInformation,
SystemInformationLength,
PreviousMode
);
break;
case SystemComPlusPackage:
if (SystemInformationLength != sizeof( ULONG ) ) {
return STATUS_INFO_LENGTH_MISMATCH;
}
Status = ExpUpdateComPlusPackage (*(PULONG)SystemInformation);
if (NT_SUCCESS (Status)) {
SharedUserData->ComPlusPackage = *(PULONG)SystemInformation;
}
break;
case SystemHotpatchInformation:
#if defined(_X86_)
Status = ExApplyCodePatch( SystemInformation,
SystemInformationLength
);
#else
//
// The platforms which no not support hotpatching yet
// simple return the appropriate status
//
Status = STATUS_NOT_IMPLEMENTED;
#endif
break;
case SystemWatchdogTimerHandler:
{
PSYSTEM_WATCHDOG_HANDLER_INFORMATION WdHandlerInfo = (PSYSTEM_WATCHDOG_HANDLER_INFORMATION) SystemInformation;
//
// Caller must be kernel mode with the proper parameters
//
if (PreviousMode != KernelMode || SystemInformation == NULL || SystemInformationLength != sizeof(SYSTEM_WATCHDOG_HANDLER_INFORMATION)) {
ExRaiseStatus (STATUS_INVALID_PARAMETER);
}
ExpWdHandler = WdHandlerInfo->WdHandler;
ExpWdHandlerContext = WdHandlerInfo->Context;
}
break;
case SystemWatchdogTimerInformation:
{
PSYSTEM_WATCHDOG_TIMER_INFORMATION WdTimerInfo = (PSYSTEM_WATCHDOG_TIMER_INFORMATION) SystemInformation;
//
// Caller must be kernel mode with the proper parameters
//
if (PreviousMode != KernelMode || SystemInformation == NULL || SystemInformationLength != sizeof(SYSTEM_WATCHDOG_TIMER_INFORMATION)) {
ExRaiseStatus (STATUS_INVALID_PARAMETER);
}
if (ExpWdHandler == NULL) {
Status = STATUS_NOT_IMPLEMENTED;
} else {
switch (WdTimerInfo->WdInfoClass) {
case WdInfoTimeoutValue:
Status = ExpWdHandler( WdActionSetTimeoutValue, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE );
break;
case WdInfoResetTimer:
Status = ExpWdHandler( WdActionResetTimer, ExpWdHandlerContext, NULL, FALSE );
break;
case WdInfoStopTimer:
Status = ExpWdHandler( WdActionStopTimer, ExpWdHandlerContext, NULL, FALSE );
break;
case WdInfoStartTimer:
Status = ExpWdHandler( WdActionStartTimer, ExpWdHandlerContext, NULL, FALSE );
break;
case WdInfoTriggerAction:
Status = ExpWdHandler( WdActionSetTriggerAction, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE );
break;
default:
Status = STATUS_INVALID_PARAMETER;
break;
}
}
}
break;
default:
//KeBugCheckEx(SystemInformationClass,KdPitchDebugger,0,0,0);
Status = STATUS_INVALID_INFO_CLASS;
break;
}
} except (EXCEPTION_EXECUTE_HANDLER) {
Status = GetExceptionCode();
}
return Status;
}
NTSTATUS
ExLockUserBuffer (
IN PVOID Buffer,
IN ULONG Length,
IN KPROCESSOR_MODE ProbeMode,
IN LOCK_OPERATION LockMode,
OUT PVOID *LockedBuffer,
OUT PVOID *LockVariable
)
/*++
Routine Description:
Wrapper for MmProbeAndLockPages. Creates an MDL and locks the
specified buffer with that MDL.
Arguments:
Buffer - pointer to the buffer to be locked.
Length - size of the buffer to be locked.
ProbeMode - processor mode for doing the probe in MmProbeAndLockPages.
LockMode - the mode the pages should be locked for.
LockedBuffer - returns a pointer to the locked buffer for use by the
caller.
LockVariable - returns a context pointer. This must be passed into
ExUnlockUserBuffer when complete so the MDL can be freed.
Return Value:
Returns one of the following status codes:
STATUS_SUCCESS - Normal, successful completion.
STATUS_ACCESS_VIOLATION - The buffer is not accessible with the
specified LockMode.
STATUS_INSUFFICIENT_RESOURCES - not enough memory to allocate the MDL.
--*/
{
PMDL Mdl;
SIZE_T MdlSize;
//
// It is the caller's responsibility to ensure zero cannot be passed in.
//
ASSERT (Length != 0);
*LockedBuffer = NULL;
*LockVariable = NULL;
//
// Allocate an MDL to map the request.
//
MdlSize = MmSizeOfMdl( Buffer, Length );
Mdl = ExAllocatePoolWithQuotaTag (NonPagedPool | POOL_QUOTA_FAIL_INSTEAD_OF_RAISE,
MdlSize,
'ofnI');
if (Mdl == NULL) {
return STATUS_INSUFFICIENT_RESOURCES;
}
//
// Initialize MDL for request.
//
MmInitializeMdl(Mdl, Buffer, Length);
try {
MmProbeAndLockPages (Mdl, ProbeMode, LockMode);
} except (EXCEPTION_EXECUTE_HANDLER) {
ExFreePool (Mdl);
return GetExceptionCode();
}
Mdl->MdlFlags |= MDL_MAPPING_CAN_FAIL;
*LockedBuffer = MmGetSystemAddressForMdl (Mdl);
if (*LockedBuffer == NULL) {
ExUnlockUserBuffer (Mdl);
return STATUS_INSUFFICIENT_RESOURCES;
}
*LockVariable = Mdl;
return STATUS_SUCCESS;
}
VOID
ExUnlockUserBuffer(
IN PVOID LockVariable
)
{
MmUnlockPages ((PMDL)LockVariable);
ExFreePool ((PMDL)LockVariable);
return;
}
NTSTATUS
ExpGetProcessInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length,
IN PULONG SessionId OPTIONAL,
IN BOOLEAN ExtendedInformation
)
/*++
Routine Description:
This function returns information about all the processes and
threads in the system.
Arguments:
SystemInformation - A pointer to a buffer which receives the specified
information.
SystemInformationLength - Specifies the length in bytes of the system
information buffer.
Length - An optional pointer which, if specified, receives the
number of bytes placed in the system information buffer.
SessionId - Session Id.
ExtendedInformation - TRUE if extended information (e.g., Process PDE) is needed.
Environment:
Kernel mode.
This routine could be made PAGELK but it is a high frequency routine
so it is actually better to keep it nonpaged to avoid bringing in the
entire PAGELK section.
Return Value:
Returns one of the following status codes:
STATUS_SUCCESS - normal, successful completion.
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
did not specify a valid value.
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
parameter did not match the length required for the information
class requested by the SystemInformationClass parameter.
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
or the Length pointer value specified an invalid address.
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
working set to lock the specified output structure in memory.
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
for this request to complete.
--*/
{
KLOCK_QUEUE_HANDLE LockHandle;
PEPROCESS Process = NULL;
PETHREAD Thread;
PSYSTEM_PROCESS_INFORMATION ProcessInfo;
PVOID ThreadInfo;
ULONG ThreadInfoSize;
PLIST_ENTRY NextThread;
PVOID MappedAddress;
PVOID LockVariable;
ULONG ProcessSessionId;
ULONG TotalSize = 0;
ULONG NextEntryOffset = 0;
PUCHAR Src;
PWCHAR SrcW;
PWSTR Dst;
ULONG n, nc;
NTSTATUS status = STATUS_SUCCESS, status1;
PUNICODE_STRING pImageFileName;
*Length = 0;
if (SystemInformationLength > 0) {
status1 = ExLockUserBuffer (SystemInformation,
SystemInformationLength,
KeGetPreviousMode(),
IoWriteAccess,
&MappedAddress,
&LockVariable);
if (!NT_SUCCESS(status1)) {
return status1;
}
} else {
//
// This indicates the caller just wants to know the size of the
// buffer to allocate but is not prepared to accept any data content
// in this instance.
//
MappedAddress = NULL;
LockVariable = NULL;
}
if (ExtendedInformation) {
ThreadInfoSize = sizeof(SYSTEM_EXTENDED_THREAD_INFORMATION);
} else {
ThreadInfoSize = sizeof(SYSTEM_THREAD_INFORMATION);
}
ProcessInfo = (PSYSTEM_PROCESS_INFORMATION) MappedAddress;
try {
//
// Do the idle process first then all the other processes.
//
for (Process = PsIdleProcess;
Process != NULL;
Process = PsGetNextProcess ((Process == PsIdleProcess) ? NULL : Process)) {
//
// Skip terminating processes
//
if (Process->Flags&PS_PROCESS_FLAGS_PROCESS_EXITING) {
continue;
}
if (ARGUMENT_PRESENT(SessionId) && Process == PsIdleProcess) {
continue;
}
ProcessSessionId = MmGetSessionId (Process);
if ((ARGUMENT_PRESENT(SessionId)) &&
(ProcessSessionId != *SessionId)) {
continue;
}
ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)
((PUCHAR)MappedAddress + TotalSize);
NextEntryOffset = sizeof(SYSTEM_PROCESS_INFORMATION);
TotalSize += sizeof(SYSTEM_PROCESS_INFORMATION);
if (TotalSize > SystemInformationLength) {
status = STATUS_INFO_LENGTH_MISMATCH;
} else {
//
// Get information for each process.
//
ExpCopyProcessInfo (ProcessInfo, Process, ExtendedInformation);
ProcessInfo->NumberOfThreads = 0;
//
// Store the Remote Terminal SessionId
//
ProcessInfo->SessionId = ProcessSessionId;
ProcessInfo->ImageName.Buffer = NULL;
ProcessInfo->ImageName.Length = 0;
ProcessInfo->ImageName.MaximumLength = 0;
if (Process == PsIdleProcess) {
//
// Since Idle process and system process share the same
// object table, zero out idle processes handle count to
// reduce confusion
//
// Idle Process always has SessionId 0
//
ProcessInfo->HandleCount = 0;
ProcessInfo->SessionId = 0;
}
}
//
// Raise IRQL to SYNCH_LEVEL, acquire the kernel process lock, and
// get information for each thread.
//
ThreadInfo = (PVOID)(ProcessInfo + 1);
KeAcquireInStackQueuedSpinLockRaiseToSynch(&Process->Pcb.ProcessLock,
&LockHandle);
NextThread = Process->Pcb.ThreadListHead.Flink;
while (NextThread != &Process->Pcb.ThreadListHead) {
NextEntryOffset += ThreadInfoSize;
TotalSize += ThreadInfoSize;
if (TotalSize > SystemInformationLength) {
status = STATUS_INFO_LENGTH_MISMATCH;
} else {
Thread = (PETHREAD)(CONTAINING_RECORD(NextThread,
KTHREAD,
ThreadListEntry));
//
// Lock dispatcher database to get atomic view of thread
// attributes.
//
KiLockDispatcherDatabaseAtSynchLevel();
ExpCopyThreadInfo (ThreadInfo, Thread, ExtendedInformation);
KiUnlockDispatcherDatabaseFromSynchLevel();
ProcessInfo->NumberOfThreads += 1;
ThreadInfo = (PCHAR) ThreadInfo + ThreadInfoSize;
}
NextThread = NextThread->Flink;
}
//
// Unlock kernel process lock and lower IRQL to its previous value.
//
KeReleaseInStackQueuedSpinLock(&LockHandle);
//
// Get the image name.
//
if (Process != PsIdleProcess) {
//
// Try to use the real image name if we can that not limited to 16 characters
//
Dst = (PWSTR)(ThreadInfo);
status1 = SeLocateProcessImageName (Process, &pImageFileName);
if (NT_SUCCESS (status1)) {
n = pImageFileName->Length;
if (n == 0) {
ExFreePool (pImageFileName);
}
} else {
n = 0;
}
if (n) {
SrcW = pImageFileName->Buffer + n / sizeof (WCHAR);
while (SrcW != pImageFileName->Buffer) {
if (*--SrcW == L'\\') {
SrcW = SrcW + 1;
break;
}
}
nc = n - (ULONG)(SrcW - pImageFileName->Buffer) * sizeof (WCHAR);
n = ROUND_UP (nc + 1, sizeof(LARGE_INTEGER));
TotalSize += n;
NextEntryOffset += n;
if (TotalSize > SystemInformationLength) {
status = STATUS_INFO_LENGTH_MISMATCH;
} else {
RtlCopyMemory (Dst, SrcW, nc);
Dst += nc / sizeof (WCHAR);
*Dst++ = L'\0';
}
ExFreePool (pImageFileName);
} else {
Src = Process->ImageFileName;
n = (ULONG) strlen ((PCHAR)Src);
if (n != 0) {
n = ROUND_UP( ((n + 1) * sizeof( WCHAR )), sizeof(LARGE_INTEGER) );
TotalSize += n;
NextEntryOffset += n;
if (TotalSize > SystemInformationLength) {
status = STATUS_INFO_LENGTH_MISMATCH;
} else {
WCHAR c;
while (1) {
c = (WCHAR)*Src++;
*Dst++ = c;
if (c == L'\0') {
break;
}
}
}
}
}
if (NT_SUCCESS (status)) {
ProcessInfo->ImageName.Length = (USHORT)((PCHAR)Dst -
(PCHAR)ThreadInfo - sizeof( UNICODE_NULL ));
ProcessInfo->ImageName.MaximumLength = (USHORT)n;
//
// Set the image name to point into the user's memory.
//
ProcessInfo->ImageName.Buffer = (PWSTR)
((PCHAR)SystemInformation +
((PCHAR)(ThreadInfo) - (PCHAR)MappedAddress));
}
}
//
// Point to next process.
//
if (NT_SUCCESS (status)) {
ProcessInfo->NextEntryOffset = NextEntryOffset;
}
}
if (NT_SUCCESS (status)) {
ProcessInfo->NextEntryOffset = 0;
}
*Length = TotalSize;
} finally {
if (MappedAddress != NULL) {
ExUnlockUserBuffer (LockVariable);
}
}
return status;
}
NTSTATUS
ExGetSessionPoolTagInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length,
IN PULONG SessionId OPTIONAL
)
/*++
Routine Description:
This function returns information about all the per-session pool tag
information in the system.
Arguments:
SystemInformation - A pointer to a buffer which receives the specified
information.
SystemInformationLength - Specifies the length in bytes of the system
information buffer.
Length - Receives the number of bytes placed (or would have been placed)
in the system information buffer.
SessionId - Session Id (-1 indicates enumerate all sessions).
Environment:
Kernel mode.
Return Value:
Returns one of the following status codes:
STATUS_SUCCESS - normal, successful completion.
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
did not specify a valid value.
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
parameter did not match the length required for the information
class requested by the SystemInformationClass parameter.
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
or the Length pointer value specified an invalid address.
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
working set to lock the specified output structure in memory.
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
for this request to complete.
--*/
{
KAPC_STATE ApcState;
PVOID MappedAddress;
PVOID OpaqueSession;
PVOID LockVariable;
ULONG TotalSize;
ULONG NextEntryOffset;
ULONG CurrentSessionId;
ULONG Count;
ULONG AbsoluteCount;
NTSTATUS status;
NTSTATUS status1;
PSYSTEM_SESSION_POOLTAG_INFORMATION SessionPoolTagInfo;
*Length = 0;
TotalSize = 0;
NextEntryOffset = 0;
status = STATUS_SUCCESS;
SessionPoolTagInfo = NULL;
if (SystemInformationLength > 0) {
status1 = ExLockUserBuffer (SystemInformation,
SystemInformationLength,
KeGetPreviousMode(),
IoWriteAccess,
&MappedAddress,
&LockVariable);
if (!NT_SUCCESS(status1)) {
return status1;
}
}
else {
//
// This indicates the caller just wants to know the size of the
// buffer to allocate but is not prepared to accept any data content
// in this instance.
//
MappedAddress = NULL;
LockVariable = NULL;
}
for (OpaqueSession = MmGetNextSession (NULL);
OpaqueSession != NULL;
OpaqueSession = MmGetNextSession (OpaqueSession)) {
SessionPoolTagInfo = (PSYSTEM_SESSION_POOLTAG_INFORMATION)
((PUCHAR)MappedAddress + TotalSize);
//
// If a specific session was requested, only extract that one.
//
CurrentSessionId = MmGetSessionId (OpaqueSession);
if ((*SessionId == 0xFFFFFFFF) || (CurrentSessionId == *SessionId)) {
//
// Attach to session now to perform operations...
//
if (NT_SUCCESS (MmAttachSession (OpaqueSession, &ApcState))) {
//
// Session is still alive so include it.
//
NextEntryOffset = sizeof (SYSTEM_SESSION_POOLTAG_INFORMATION);
TotalSize += sizeof (SYSTEM_SESSION_POOLTAG_INFORMATION);
if (TotalSize > SystemInformationLength) {
status = STATUS_INFO_LENGTH_MISMATCH;
//
// Get absolute size for this session, ignore status as
// we must return the one above.
//
ExGetSessionPoolTagInfo (NULL,
0,
&Count,
&AbsoluteCount);
}
else {
//
// Get pool tagging information for each session.
//
status = ExGetSessionPoolTagInfo (
SessionPoolTagInfo->TagInfo,
SystemInformationLength - TotalSize + sizeof (SYSTEM_POOLTAG),
&Count,
&AbsoluteCount);
SessionPoolTagInfo->SessionId = CurrentSessionId;
SessionPoolTagInfo->Count = Count;
//
// Point to next session.
//
if (NT_SUCCESS (status)) {
NextEntryOffset += ((Count - 1) * sizeof (SYSTEM_POOLTAG));
SessionPoolTagInfo->NextEntryOffset = NextEntryOffset;
}
}
TotalSize += ((AbsoluteCount - 1) * sizeof (SYSTEM_POOLTAG));
//
// Detach from session.
//
MmDetachSession (OpaqueSession, &ApcState);
}
//
// Bail if only this session was of interest.
//
if (*SessionId != 0xFFFFFFFF) {
MmQuitNextSession (OpaqueSession);
break;
}
}
}
if ((NT_SUCCESS (status)) && (SessionPoolTagInfo != NULL)) {
SessionPoolTagInfo->NextEntryOffset = 0;
}
if (MappedAddress != NULL) {
ExUnlockUserBuffer (LockVariable);
}
*Length = TotalSize;
return status;
}
VOID
ExpGetProcessorPowerInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
)
{
KAFFINITY currentAffinity;
KAFFINITY processors;
KIRQL oldIrql;
PKPRCB Prcb;
PPROCESSOR_POWER_STATE PState;
PPROCESSOR_PERF_STATE PerfStates;
PSYSTEM_PROCESSOR_POWER_INFORMATION CallerPowerInfo;
SYSTEM_PROCESSOR_POWER_INFORMATION ProcessorPowerInfo;
//
// We will walk this pointer to store the user data...
//
CallerPowerInfo = (PSYSTEM_PROCESSOR_POWER_INFORMATION) SystemInformation;
*Length = 0;
//
// Lock everything down
//
MmLockPagableSectionByHandle (ExPageLockHandle);
//
// Walk the list of processors
//
processors = KeActiveProcessors;
currentAffinity = 1;
while (processors) {
if (!(processors & currentAffinity)) {
currentAffinity <<= 1;
}
//
// Check to see if we have the space for this
//
if (SystemInformationLength < *Length + sizeof(SYSTEM_PROCESSOR_POWER_INFORMATION)) {
break;
}
processors &= ~currentAffinity;
KeSetSystemAffinityThread(currentAffinity);
currentAffinity <<= 1;
//
// Raise to DPC level to synchronize access to the data structures
//
KeRaiseIrql(DISPATCH_LEVEL, &oldIrql );
//
// Get the PRCB and PowerState information
//
Prcb = KeGetCurrentPrcb();
PState = &(Prcb->PowerState);
PerfStates = PState->PerfStates;
//
// Grab the data that we care about
//
ProcessorPowerInfo.CurrentFrequency = PState->CurrentThrottle;
ProcessorPowerInfo.LastBusyFrequency = PState->LastBusyPercentage;
ProcessorPowerInfo.LastAdjustedBusyFrequency = PState->LastAdjustedBusyPercentage;
ProcessorPowerInfo.LastC3Frequency = PState->LastC3Percentage;
ProcessorPowerInfo.ProcessorMinThrottle = PState->ProcessorMinThrottle;
ProcessorPowerInfo.ProcessorMaxThrottle = PState->ProcessorMaxThrottle;
ProcessorPowerInfo.ErrorCount = PState->ErrorCount;
ProcessorPowerInfo.RetryCount = PState->RetryCount;
//
// Do we have any kind of PerfStates?
//
if (PerfStates) {
ProcessorPowerInfo.ThermalLimitFrequency = PerfStates[PState->ThermalThrottleIndex].PercentFrequency;
ProcessorPowerInfo.ConstantThrottleFrequency = PerfStates[PState->KneeThrottleIndex].PercentFrequency;
ProcessorPowerInfo.DegradedThrottleFrequency = PerfStates[PState->ThrottleLimitIndex].PercentFrequency;
} else {
ProcessorPowerInfo.ThermalLimitFrequency = 0;
ProcessorPowerInfo.ConstantThrottleFrequency = 0;
ProcessorPowerInfo.DegradedThrottleFrequency = 0;
}
ProcessorPowerInfo.CurrentFrequencyTime =
UInt32x32To64(
(Prcb->KernelTime + Prcb->UserTime - PState->PerfTickCount),
KeMaximumIncrement
);
ProcessorPowerInfo.CurrentProcessorTime =
UInt32x32To64(
Prcb->KernelTime + Prcb->UserTime,
KeMaximumIncrement
);
ProcessorPowerInfo.CurrentProcessorIdleTime =
UInt32x32To64( Prcb->IdleThread->KernelTime, KeMaximumIncrement );
ProcessorPowerInfo.LastProcessorTime =
UInt32x32To64( PState->PerfSystemTime, KeMaximumIncrement );
ProcessorPowerInfo.LastProcessorIdleTime =
UInt32x32To64( PState->PerfIdleTime, KeMaximumIncrement );
ProcessorPowerInfo.PromotionCount = PState->PromotionCount;
ProcessorPowerInfo.DemotionCount = PState->DemotionCount;
ProcessorPowerInfo.NumberOfFrequencies = PState->PerfStatesCount;
//
// Return to the original level (should be IRQL 0)
//
KeLowerIrql( oldIrql );
//
// Copy the data to the correct place
//
try {
RtlCopyMemory(
CallerPowerInfo,
&ProcessorPowerInfo,
sizeof(SYSTEM_PROCESSOR_POWER_INFORMATION)
);
} except (EXCEPTION_EXECUTE_HANDLER) {
MmUnlockPagableImageSection(ExPageLockHandle);
ExRaiseStatus (GetExceptionCode ());
}
//
// Point to the next structure element
//
CallerPowerInfo++;
*Length += sizeof(SYSTEM_PROCESSOR_POWER_INFORMATION);
}
//
// Revert to the original affinity
//
KeRevertToUserAffinityThread();
//
// Unlock everything
MmUnlockPagableImageSection(ExPageLockHandle);
}
VOID
ExpGetProcessorIdleInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
)
{
KAFFINITY currentAffinity;
KAFFINITY processors;
KIRQL oldIrql;
LARGE_INTEGER PerfFrequency;
PKPRCB Prcb;
PPROCESSOR_POWER_STATE PState;
PSYSTEM_PROCESSOR_IDLE_INFORMATION CallerIdleInfo;
SYSTEM_PROCESSOR_IDLE_INFORMATION ProcessorIdleInfo;
//
// We will walk this pointer to store the user data...
//
CallerIdleInfo = (PSYSTEM_PROCESSOR_IDLE_INFORMATION) SystemInformation;
*Length = 0;
//
// We need to know what frequency the perf counters are running at
//
KeQueryPerformanceCounter(&PerfFrequency);
//
// Lock everything down
//
MmLockPagableSectionByHandle (ExPageLockHandle);
//
// Walk the list of processors
//
processors = KeActiveProcessors;
currentAffinity = 1;
while (processors) {
if (!(processors & currentAffinity)) {
currentAffinity <<= 1;
}
//
// Check to see if we have the space for this
//
if (SystemInformationLength < *Length + sizeof(SYSTEM_PROCESSOR_IDLE_INFORMATION)) {
break;
}
processors &= ~currentAffinity;
KeSetSystemAffinityThread(currentAffinity);
currentAffinity <<= 1;
//
// Raise to DPC level to synchronize access to the data structures
//
KeRaiseIrql(DISPATCH_LEVEL, &oldIrql );
//
// Get the PRCB and PowerState information
//
Prcb = KeGetCurrentPrcb();
PState = &(Prcb->PowerState);
//
// Grab the data that we care about
//
ProcessorIdleInfo.IdleTime = UInt32x32To64(Prcb->IdleThread->KernelTime,KeMaximumIncrement);
//
// The Cx times are kept in units of the same frequency as KeQueryPerformanceCounter
// This needs to be converted to standard 100ns units.
//
ProcessorIdleInfo.C1Time = (PState->TotalIdleStateTime[0]*1000)/(PerfFrequency.QuadPart/10000);
ProcessorIdleInfo.C2Time = (PState->TotalIdleStateTime[1]*1000)/(PerfFrequency.QuadPart/10000);
ProcessorIdleInfo.C3Time = (PState->TotalIdleStateTime[2]*1000)/(PerfFrequency.QuadPart/10000);
ProcessorIdleInfo.C1Transitions = PState->TotalIdleTransitions[0];
ProcessorIdleInfo.C2Transitions = PState->TotalIdleTransitions[1];
ProcessorIdleInfo.C3Transitions = PState->TotalIdleTransitions[2];
//
// Return to the original level (should be IRQL 0)
//
KeLowerIrql( oldIrql );
//
// Copy the data to the correct place
//
try {
RtlCopyMemory(
CallerIdleInfo,
&ProcessorIdleInfo,
sizeof(SYSTEM_PROCESSOR_IDLE_INFORMATION)
);
} except (EXCEPTION_EXECUTE_HANDLER) {
MmUnlockPagableImageSection (ExPageLockHandle);
ExRaiseStatus (GetExceptionCode ());
}
//
// Point to the next structure element
//
CallerIdleInfo++;
*Length += sizeof(SYSTEM_PROCESSOR_IDLE_INFORMATION);
}
//
// Revert to the original affinity
//
KeRevertToUserAffinityThread();
//
// Unlock everything
//
MmUnlockPagableImageSection(ExPageLockHandle);
}
VOID
ExpCopyProcessInfo (
IN PSYSTEM_PROCESS_INFORMATION ProcessInfo,
IN PEPROCESS Process,
IN BOOLEAN ExtendedInformation
)
{
PAGED_CODE();
ProcessInfo->HandleCount = ObGetProcessHandleCount (Process);
ProcessInfo->CreateTime = Process->CreateTime;
ProcessInfo->UserTime.QuadPart = UInt32x32To64(Process->Pcb.UserTime,
KeMaximumIncrement);
ProcessInfo->KernelTime.QuadPart = UInt32x32To64(Process->Pcb.KernelTime,
KeMaximumIncrement);
ProcessInfo->BasePriority = Process->Pcb.BasePriority;
ProcessInfo->UniqueProcessId = Process->UniqueProcessId;
ProcessInfo->InheritedFromUniqueProcessId = Process->InheritedFromUniqueProcessId;
ProcessInfo->PeakVirtualSize = Process->PeakVirtualSize;
ProcessInfo->VirtualSize = Process->VirtualSize;
ProcessInfo->PageFaultCount = Process->Vm.PageFaultCount;
ProcessInfo->PeakWorkingSetSize = ((SIZE_T)Process->Vm.PeakWorkingSetSize) << PAGE_SHIFT;
ProcessInfo->WorkingSetSize = ((SIZE_T)Process->Vm.WorkingSetSize) << PAGE_SHIFT;
ProcessInfo->QuotaPeakPagedPoolUsage =
Process->QuotaPeak[PsPagedPool];
ProcessInfo->QuotaPagedPoolUsage = Process->QuotaUsage[PsPagedPool];
ProcessInfo->QuotaPeakNonPagedPoolUsage =
Process->QuotaPeak[PsNonPagedPool];
ProcessInfo->QuotaNonPagedPoolUsage =
Process->QuotaUsage[PsNonPagedPool];
ProcessInfo->PagefileUsage = Process->QuotaUsage[PsPageFile] << PAGE_SHIFT;
ProcessInfo->PeakPagefileUsage = Process->QuotaPeak[PsPageFile] << PAGE_SHIFT;
ProcessInfo->PrivatePageCount = Process->CommitCharge << PAGE_SHIFT;
ProcessInfo->ReadOperationCount = Process->ReadOperationCount;
ProcessInfo->WriteOperationCount = Process->WriteOperationCount;
ProcessInfo->OtherOperationCount = Process->OtherOperationCount;
ProcessInfo->ReadTransferCount = Process->ReadTransferCount;
ProcessInfo->WriteTransferCount = Process->WriteTransferCount;
ProcessInfo->OtherTransferCount = Process->OtherTransferCount;
if (ExtendedInformation) {
ProcessInfo->PageDirectoryBase = MmGetDirectoryFrameFromProcess(Process);
}
}
VOID
ExpCopyThreadInfo (
IN PVOID ThreadInfoBuffer,
IN PETHREAD Thread,
IN BOOLEAN ExtendedInformation
)
/*++
Routine Description:
This function returns information about the specified thread.
Arguments:
ThreadInfoBuffer - A pointer to a buffer which receives the specified
information.
Thread - Supplies a pointer to the desired thread.
ExtendedInformation - TRUE if extended thread information is needed.
Environment:
Kernel mode. The dispatcher lock is held.
This routine could be made PAGELK but it is a high frequency routine
so it is actually better to keep it nonpaged to avoid bringing in the
entire PAGELK section.
Return Value:
None.
--*/
{
PSYSTEM_THREAD_INFORMATION ThreadInfo;
ThreadInfo = (PSYSTEM_THREAD_INFORMATION) ThreadInfoBuffer;
ThreadInfo->KernelTime.QuadPart = UInt32x32To64(Thread->Tcb.KernelTime,
KeMaximumIncrement);
ThreadInfo->UserTime.QuadPart = UInt32x32To64(Thread->Tcb.UserTime,
KeMaximumIncrement);
ThreadInfo->CreateTime.QuadPart = PS_GET_THREAD_CREATE_TIME (Thread);
ThreadInfo->WaitTime = Thread->Tcb.WaitTime;
ThreadInfo->ClientId = Thread->Cid;
ThreadInfo->ThreadState = Thread->Tcb.State;
ThreadInfo->WaitReason = Thread->Tcb.WaitReason;
ThreadInfo->Priority = Thread->Tcb.Priority;
ThreadInfo->BasePriority = Thread->Tcb.BasePriority;
ThreadInfo->ContextSwitches = Thread->Tcb.ContextSwitches;
ThreadInfo->StartAddress = Thread->StartAddress;
if (ExtendedInformation) {
PSYSTEM_EXTENDED_THREAD_INFORMATION ExtendedThreadInfo;
ExtendedThreadInfo = (PSYSTEM_EXTENDED_THREAD_INFORMATION) ThreadInfo;
ExtendedThreadInfo->StackBase = Thread->Tcb.StackBase;
ExtendedThreadInfo->StackLimit = Thread->Tcb.StackLimit;
if (Thread->LpcReceivedMsgIdValid) {
ExtendedThreadInfo->Win32StartAddress = 0;
} else {
ExtendedThreadInfo->Win32StartAddress = Thread->Win32StartAddress;
}
ExtendedThreadInfo->Reserved1 = 0;
ExtendedThreadInfo->Reserved2 = 0;
ExtendedThreadInfo->Reserved3 = 0;
ExtendedThreadInfo->Reserved4 = 0;
}
}
#if defined(_X86_)
extern ULONG ExVdmOpcodeDispatchCounts[256];
extern ULONG VdmBopCount;
extern ULONG ExVdmSegmentNotPresent;
#if defined(ALLOC_PRAGMA)
#pragma alloc_text(PAGE, ExpGetInstemulInformation)
#endif
NTSTATUS
ExpGetInstemulInformation(
OUT PSYSTEM_VDM_INSTEMUL_INFO Info
)
{
SYSTEM_VDM_INSTEMUL_INFO LocalInfo;
LocalInfo.VdmOpcode0F = ExVdmOpcodeDispatchCounts[VDM_INDEX_0F];
LocalInfo.OpcodeESPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_ESPrefix];
LocalInfo.OpcodeCSPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_CSPrefix];
LocalInfo.OpcodeSSPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_SSPrefix];
LocalInfo.OpcodeDSPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_DSPrefix];
LocalInfo.OpcodeFSPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_FSPrefix];
LocalInfo.OpcodeGSPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_GSPrefix];
LocalInfo.OpcodeOPER32Prefix= ExVdmOpcodeDispatchCounts[VDM_INDEX_OPER32Prefix];
LocalInfo.OpcodeADDR32Prefix= ExVdmOpcodeDispatchCounts[VDM_INDEX_ADDR32Prefix];
LocalInfo.OpcodeINSB = ExVdmOpcodeDispatchCounts[VDM_INDEX_INSB];
LocalInfo.OpcodeINSW = ExVdmOpcodeDispatchCounts[VDM_INDEX_INSW];
LocalInfo.OpcodeOUTSB = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTSB];
LocalInfo.OpcodeOUTSW = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTSW];
LocalInfo.OpcodePUSHF = ExVdmOpcodeDispatchCounts[VDM_INDEX_PUSHF];
LocalInfo.OpcodePOPF = ExVdmOpcodeDispatchCounts[VDM_INDEX_POPF];
LocalInfo.OpcodeINTnn = ExVdmOpcodeDispatchCounts[VDM_INDEX_INTnn];
LocalInfo.OpcodeINTO = ExVdmOpcodeDispatchCounts[VDM_INDEX_INTO];
LocalInfo.OpcodeIRET = ExVdmOpcodeDispatchCounts[VDM_INDEX_IRET];
LocalInfo.OpcodeINBimm = ExVdmOpcodeDispatchCounts[VDM_INDEX_INBimm];
LocalInfo.OpcodeINWimm = ExVdmOpcodeDispatchCounts[VDM_INDEX_INWimm];
LocalInfo.OpcodeOUTBimm = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTBimm];
LocalInfo.OpcodeOUTWimm = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTWimm];
LocalInfo.OpcodeINB = ExVdmOpcodeDispatchCounts[VDM_INDEX_INB];
LocalInfo.OpcodeINW = ExVdmOpcodeDispatchCounts[VDM_INDEX_INW];
LocalInfo.OpcodeOUTB = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTB];
LocalInfo.OpcodeOUTW = ExVdmOpcodeDispatchCounts[VDM_INDEX_OUTW];
LocalInfo.OpcodeLOCKPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_LOCKPrefix];
LocalInfo.OpcodeREPNEPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_REPNEPrefix];
LocalInfo.OpcodeREPPrefix = ExVdmOpcodeDispatchCounts[VDM_INDEX_REPPrefix];
LocalInfo.OpcodeHLT = ExVdmOpcodeDispatchCounts[VDM_INDEX_HLT];
LocalInfo.OpcodeCLI = ExVdmOpcodeDispatchCounts[VDM_INDEX_CLI];
LocalInfo.OpcodeSTI = ExVdmOpcodeDispatchCounts[VDM_INDEX_STI];
LocalInfo.BopCount = VdmBopCount;
LocalInfo.SegmentNotPresent = ExVdmSegmentNotPresent;
RtlCopyMemory(Info,&LocalInfo,sizeof(LocalInfo));
return STATUS_SUCCESS;
}
#endif
#if i386
NTSTATUS
ExpGetStackTraceInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL
)
{
NTSTATUS Status;
PRTL_PROCESS_BACKTRACES BackTraceInformation;
PRTL_PROCESS_BACKTRACE_INFORMATION BackTraceInfo;
PSTACK_TRACE_DATABASE DataBase;
PRTL_STACK_TRACE_ENTRY p, *pp;
ULONG RequiredLength, n;
DataBase = RtlpAcquireStackTraceDataBase();
if (DataBase == NULL) {
return STATUS_UNSUCCESSFUL;
}
DataBase->DumpInProgress = TRUE;
RtlpReleaseStackTraceDataBase();
n = 0;
RequiredLength = 0;
Status = STATUS_INFO_LENGTH_MISMATCH;
BackTraceInformation = (PRTL_PROCESS_BACKTRACES) SystemInformation;
RequiredLength = FIELD_OFFSET( RTL_PROCESS_BACKTRACES, BackTraces );
try {
if (SystemInformationLength >= RequiredLength) {
BackTraceInformation->CommittedMemory =
(ULONG)DataBase->CurrentUpperCommitLimit - (ULONG)DataBase->CommitBase;
BackTraceInformation->ReservedMemory =
(ULONG)DataBase->EntryIndexArray - (ULONG)DataBase->CommitBase;
BackTraceInformation->NumberOfBackTraceLookups = DataBase->NumberOfEntriesLookedUp;
n = DataBase->NumberOfEntriesAdded;
BackTraceInformation->NumberOfBackTraces = n;
}
RequiredLength += (sizeof( *BackTraceInfo ) * n);
if (SystemInformationLength >= RequiredLength) {
Status = STATUS_SUCCESS;
BackTraceInfo = &BackTraceInformation->BackTraces[ 0 ];
pp = DataBase->EntryIndexArray;
while (n--) {
p = *--pp;
BackTraceInfo->SymbolicBackTrace = NULL;
BackTraceInfo->TraceCount = p->TraceCount;
BackTraceInfo->Index = p->Index;
BackTraceInfo->Depth = p->Depth;
RtlCopyMemory( BackTraceInfo->BackTrace,
p->BackTrace,
p->Depth * sizeof( PVOID )
);
BackTraceInfo += 1;
}
}
}
finally {
DataBase->DumpInProgress = FALSE;
}
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = RequiredLength;
}
return Status;
}
#endif // i386
NTSTATUS
ExpGetLockInformation (
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
)
/*++
Routine Description:
This function returns information about all the ERESOURCE locks
in the system.
Arguments:
SystemInformation - A pointer to a buffer which receives the specified
information.
SystemInformationLength - Specifies the length in bytes of the system
information buffer.
Length - An optional pointer which, if specified, receives the
number of bytes placed in the system information buffer.
Return Value:
Returns one of the following status codes:
STATUS_SUCCESS - normal, successful completion.
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
did not specify a valid value.
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
parameter did not match the length required for the information
class requested by the SystemInformationClass parameter.
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
or the Length pointer value specified an invalid address.
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
working set to lock the specified output structure in memory.
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
for this request to complete.
--*/
{
PRTL_PROCESS_LOCKS LockInfo;
PVOID LockVariable;
NTSTATUS Status;
*Length = 0;
Status = ExLockUserBuffer( SystemInformation,
SystemInformationLength,
KeGetPreviousMode(),
IoWriteAccess,
&LockInfo,
&LockVariable
);
if (!NT_SUCCESS(Status)) {
return( Status );
}
Status = STATUS_SUCCESS;
MmLockPagableSectionByHandle (ExPageLockHandle);
try {
Status = ExQuerySystemLockInformation( LockInfo,
SystemInformationLength,
Length
);
}
finally {
ExUnlockUserBuffer( LockVariable );
MmUnlockPagableImageSection(ExPageLockHandle);
}
return Status;
}
NTSTATUS
ExpGetLookasideInformation (
OUT PVOID Buffer,
IN ULONG BufferLength,
OUT PULONG Length
)
/*++
Routine Description:
This function returns pool lookaside list and general lookaside
list information.
Arguments:
Buffer - Supplies a pointer to the buffer which receives the lookaside
list information.
BufferLength - Supplies the length of the information buffer in bytes.
Length - Supplies a pointer to a variable that receives the length of
lookaside information returned.
Environment:
Kernel mode.
This routine could be made PAGELK but it is a high frequency routine
so it is actually better to keep it nonpaged to avoid bringing in the
entire PAGELK section.
Return Value:
Returns one of the following status codes:
STATUS_SUCCESS - Normal, successful completion.
STATUS_ACCESS_VIOLATION - The buffer could not be locked in memory.
--*/
{
PVOID BufferLock;
PLIST_ENTRY Entry;
KIRQL OldIrql;
ULONG Limit;
PSYSTEM_LOOKASIDE_INFORMATION Lookaside;
ULONG Number;
PNPAGED_LOOKASIDE_LIST NPagedLookaside;
PPAGED_LOOKASIDE_LIST PagedLookaside;
PGENERAL_LOOKASIDE PoolLookaside;
PGENERAL_LOOKASIDE SystemLookaside;
PKSPIN_LOCK SpinLock;
NTSTATUS Status;
//
// Compute the number of lookaside entries and set the return status to
// success.
//
Limit = BufferLength / sizeof(SYSTEM_LOOKASIDE_INFORMATION);
Number = 0;
Status = STATUS_SUCCESS;
//
// If the number of lookaside entries to return is not zero, then collect
// the lookaside information.
//
if (Limit != 0) {
Status = ExLockUserBuffer(Buffer,
BufferLength,
KeGetPreviousMode(),
IoWriteAccess,
&Lookaside,
&BufferLock);
if (NT_SUCCESS(Status)) {
Status = STATUS_SUCCESS;
//
// Copy nonpaged and paged pool lookaside information to
// information buffer.
//
Entry = ExPoolLookasideListHead.Flink;
while (Entry != &ExPoolLookasideListHead) {
PoolLookaside = CONTAINING_RECORD(Entry,
GENERAL_LOOKASIDE,
ListEntry);
Lookaside->CurrentDepth = ExQueryDepthSList(&PoolLookaside->ListHead);
Lookaside->MaximumDepth = PoolLookaside->Depth;
Lookaside->TotalAllocates = PoolLookaside->TotalAllocates;
Lookaside->AllocateMisses =
PoolLookaside->TotalAllocates - PoolLookaside->AllocateHits;
Lookaside->TotalFrees = PoolLookaside->TotalFrees;
Lookaside->FreeMisses =
PoolLookaside->TotalFrees - PoolLookaside->FreeHits;
Lookaside->Type = PoolLookaside->Type;
Lookaside->Tag = PoolLookaside->Tag;
Lookaside->Size = PoolLookaside->Size;
Number += 1;
if (Number == Limit) {
goto Finish2;
}
Entry = Entry->Flink;
Lookaside += 1;
}
//
// Copy nonpaged and paged system lookaside information to
// information buffer.
//
Entry = ExSystemLookasideListHead.Flink;
while (Entry != &ExSystemLookasideListHead) {
SystemLookaside = CONTAINING_RECORD(Entry,
GENERAL_LOOKASIDE,
ListEntry);
Lookaside->CurrentDepth = ExQueryDepthSList(&SystemLookaside->ListHead);
Lookaside->MaximumDepth = SystemLookaside->Depth;
Lookaside->TotalAllocates = SystemLookaside->TotalAllocates;
Lookaside->AllocateMisses = SystemLookaside->AllocateMisses;
Lookaside->TotalFrees = SystemLookaside->TotalFrees;
Lookaside->FreeMisses = SystemLookaside->FreeMisses;
Lookaside->Type = SystemLookaside->Type;
Lookaside->Tag = SystemLookaside->Tag;
Lookaside->Size = SystemLookaside->Size;
Number += 1;
if (Number == Limit) {
goto Finish2;
}
Entry = Entry->Flink;
Lookaside += 1;
}
//
// Copy nonpaged general lookaside information to buffer.
//
SpinLock = &ExNPagedLookasideLock;
ExAcquireSpinLock(SpinLock, &OldIrql);
Entry = ExNPagedLookasideListHead.Flink;
while (Entry != &ExNPagedLookasideListHead) {
NPagedLookaside = CONTAINING_RECORD(Entry,
NPAGED_LOOKASIDE_LIST,
L.ListEntry);
Lookaside->CurrentDepth = ExQueryDepthSList(&NPagedLookaside->L.ListHead);
Lookaside->MaximumDepth = NPagedLookaside->L.Depth;
Lookaside->TotalAllocates = NPagedLookaside->L.TotalAllocates;
Lookaside->AllocateMisses = NPagedLookaside->L.AllocateMisses;
Lookaside->TotalFrees = NPagedLookaside->L.TotalFrees;
Lookaside->FreeMisses = NPagedLookaside->L.FreeMisses;
Lookaside->Type = 0;
Lookaside->Tag = NPagedLookaside->L.Tag;
Lookaside->Size = NPagedLookaside->L.Size;
Number += 1;
if (Number == Limit) {
goto Finish1;
}
Entry = Entry->Flink;
Lookaside += 1;
}
ExReleaseSpinLock(SpinLock, OldIrql);
//
// Copy paged general lookaside information to buffer.
//
SpinLock = &ExPagedLookasideLock;
ExAcquireSpinLock(SpinLock, &OldIrql);
Entry = ExPagedLookasideListHead.Flink;
while (Entry != &ExPagedLookasideListHead) {
PagedLookaside = CONTAINING_RECORD(Entry,
PAGED_LOOKASIDE_LIST,
L.ListEntry);
Lookaside->CurrentDepth = ExQueryDepthSList(&PagedLookaside->L.ListHead);
Lookaside->MaximumDepth = PagedLookaside->L.Depth;
Lookaside->TotalAllocates = PagedLookaside->L.TotalAllocates;
Lookaside->AllocateMisses = PagedLookaside->L.AllocateMisses;
Lookaside->TotalFrees = PagedLookaside->L.TotalFrees;
Lookaside->FreeMisses = PagedLookaside->L.FreeMisses;
Lookaside->Type = 1;
Lookaside->Tag = PagedLookaside->L.Tag;
Lookaside->Size = PagedLookaside->L.Size;
Number += 1;
if (Number == Limit) {
goto Finish1;
}
Entry = Entry->Flink;
Lookaside += 1;
}
Finish1:
ExReleaseSpinLock(SpinLock, OldIrql);
Finish2:
//
// Unlock user buffer.
//
ExUnlockUserBuffer(BufferLock);
}
}
*Length = Number * sizeof(SYSTEM_LOOKASIDE_INFORMATION);
return Status;
}
NTSTATUS
ExpGetHandleInformation(
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
)
/*++
Routine Description:
This function returns information about the open handles in the system.
Arguments:
SystemInformation - A pointer to a buffer which receives the specified
information.
SystemInformationLength - Specifies the length in bytes of the system
information buffer.
Length - An optional pointer which, if specified, receives the
number of bytes placed in the system information buffer.
Return Value:
Returns one of the following status codes:
STATUS_SUCCESS - normal, successful completion.
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
did not specify a valid value.
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
parameter did not match the length required for the information
class requested by the SystemInformationClass parameter.
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
or the Length pointer value specified an invalid address.
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
working set to lock the specified output structure in memory.
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
for this request to complete.
--*/
{
PSYSTEM_HANDLE_INFORMATION HandleInfo;
PVOID LockVariable;
NTSTATUS Status;
PAGED_CODE();
*Length = 0;
Status = ExLockUserBuffer( SystemInformation,
SystemInformationLength,
KeGetPreviousMode(),
IoWriteAccess,
&HandleInfo,
&LockVariable
);
if (!NT_SUCCESS(Status)) {
return Status;
}
Status = STATUS_SUCCESS;
try {
Status = ObGetHandleInformation( HandleInfo,
SystemInformationLength,
Length
);
}
finally {
ExUnlockUserBuffer( LockVariable );
}
return Status;
}
NTSTATUS
ExpGetHandleInformationEx(
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
)
/*++
Routine Description:
This function returns information about the open handles in the system.
Arguments:
SystemInformation - A pointer to a buffer which receives the specified
information.
SystemInformationLength - Specifies the length in bytes of the system
information buffer.
Length - An optional pointer which, if specified, receives the
number of bytes placed in the system information buffer.
Return Value:
Returns one of the following status codes:
STATUS_SUCCESS - normal, successful completion.
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
did not specify a valid value.
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
parameter did not match the length required for the information
class requested by the SystemInformationClass parameter.
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
or the Length pointer value specified an invalid address.
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
working set to lock the specified output structure in memory.
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
for this request to complete.
--*/
{
PSYSTEM_HANDLE_INFORMATION_EX HandleInfo;
PVOID LockVariable;
NTSTATUS Status;
PAGED_CODE();
*Length = 0;
Status = ExLockUserBuffer( SystemInformation,
SystemInformationLength,
KeGetPreviousMode(),
IoWriteAccess,
&HandleInfo,
&LockVariable
);
if (!NT_SUCCESS(Status)) {
return Status;
}
Status = STATUS_SUCCESS;
try {
Status = ObGetHandleInformationEx( HandleInfo,
SystemInformationLength,
Length
);
}
finally {
ExUnlockUserBuffer( LockVariable );
}
return Status;
}
NTSTATUS
ExpGetObjectInformation(
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG Length
)
/*++
Routine Description:
This function returns information about the objects in the system.
Arguments:
SystemInformation - A pointer to a buffer which receives the specified
information.
SystemInformationLength - Specifies the length in bytes of the system
information buffer.
Length - An optional pointer which, if specified, receives the
number of bytes placed in the system information buffer.
Return Value:
Returns one of the following status codes:
STATUS_SUCCESS - normal, successful completion.
STATUS_INVALID_INFO_CLASS - The SystemInformationClass parameter
did not specify a valid value.
STATUS_INFO_LENGTH_MISMATCH - The value of the SystemInformationLength
parameter did not match the length required for the information
class requested by the SystemInformationClass parameter.
STATUS_ACCESS_VIOLATION - Either the SystemInformation buffer pointer
or the Length pointer value specified an invalid address.
STATUS_WORKING_SET_QUOTA - The process does not have sufficient
working set to lock the specified output structure in memory.
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources exist
for this request to complete.
--*/
{
PSYSTEM_OBJECTTYPE_INFORMATION ObjectInfo;
PVOID LockVariable;
NTSTATUS Status;
PAGED_CODE();
*Length = 0;
Status = ExLockUserBuffer( SystemInformation,
SystemInformationLength,
KeGetPreviousMode(),
IoWriteAccess,
&ObjectInfo,
&LockVariable
);
if (!NT_SUCCESS(Status)) {
return( Status );
}
Status = STATUS_SUCCESS;
try {
Status = ObGetObjectInformation( SystemInformation,
ObjectInfo,
SystemInformationLength,
Length
);
}
finally {
ExUnlockUserBuffer( LockVariable );
}
return Status;
}
NTSTATUS
ExpQueryModuleInformation(
IN PLIST_ENTRY LoadOrderListHead,
IN PLIST_ENTRY UserModeLoadOrderListHead,
OUT PRTL_PROCESS_MODULES ModuleInformation,
IN ULONG ModuleInformationLength,
OUT PULONG ReturnLength OPTIONAL
)
{
NTSTATUS Status;
ULONG RequiredLength;
PLIST_ENTRY Next;
PRTL_PROCESS_MODULE_INFORMATION ModuleInfo;
PKLDR_DATA_TABLE_ENTRY LdrDataTableEntry;
ANSI_STRING AnsiString;
PCHAR s;
ULONG NumberOfModules;
NumberOfModules = 0;
Status = STATUS_SUCCESS;
RequiredLength = FIELD_OFFSET( RTL_PROCESS_MODULES, Modules );
ModuleInfo = &ModuleInformation->Modules[ 0 ];
Next = LoadOrderListHead->Flink;
while ( Next != LoadOrderListHead ) {
LdrDataTableEntry = CONTAINING_RECORD( Next,
KLDR_DATA_TABLE_ENTRY,
InLoadOrderLinks
);
RequiredLength += sizeof( RTL_PROCESS_MODULE_INFORMATION );
if (ModuleInformationLength < RequiredLength) {
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else {
ModuleInfo->MappedBase = NULL;
ModuleInfo->ImageBase = LdrDataTableEntry->DllBase;
ModuleInfo->ImageSize = LdrDataTableEntry->SizeOfImage;
ModuleInfo->Flags = LdrDataTableEntry->Flags;
ModuleInfo->LoadCount = LdrDataTableEntry->LoadCount;
ModuleInfo->LoadOrderIndex = (USHORT)(NumberOfModules);
ModuleInfo->InitOrderIndex = 0;
AnsiString.Buffer = (PCHAR) ModuleInfo->FullPathName;
AnsiString.Length = 0;
AnsiString.MaximumLength = sizeof( ModuleInfo->FullPathName );
RtlUnicodeStringToAnsiString( &AnsiString,
&LdrDataTableEntry->FullDllName,
FALSE
);
s = AnsiString.Buffer + AnsiString.Length;
while (s > AnsiString.Buffer && *--s) {
if (*s == (UCHAR)OBJ_NAME_PATH_SEPARATOR) {
s += 1;
break;
}
}
ModuleInfo->OffsetToFileName = (USHORT)(s - AnsiString.Buffer);
ModuleInfo += 1;
}
NumberOfModules += 1;
Next = Next->Flink;
}
if (ARGUMENT_PRESENT( UserModeLoadOrderListHead )) {
Next = UserModeLoadOrderListHead->Flink;
while ( Next != UserModeLoadOrderListHead ) {
LdrDataTableEntry = CONTAINING_RECORD( Next,
KLDR_DATA_TABLE_ENTRY,
InLoadOrderLinks
);
RequiredLength += sizeof( RTL_PROCESS_MODULE_INFORMATION );
if (ModuleInformationLength < RequiredLength) {
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else {
ModuleInfo->MappedBase = NULL;
ModuleInfo->ImageBase = LdrDataTableEntry->DllBase;
ModuleInfo->ImageSize = LdrDataTableEntry->SizeOfImage;
ModuleInfo->Flags = LdrDataTableEntry->Flags;
ModuleInfo->LoadCount = LdrDataTableEntry->LoadCount;
ModuleInfo->LoadOrderIndex = (USHORT)(NumberOfModules);
ModuleInfo->InitOrderIndex = ModuleInfo->LoadOrderIndex;
AnsiString.Buffer = (PCHAR) ModuleInfo->FullPathName;
AnsiString.Length = 0;
AnsiString.MaximumLength = sizeof( ModuleInfo->FullPathName );
RtlUnicodeStringToAnsiString( &AnsiString,
&LdrDataTableEntry->FullDllName,
FALSE
);
s = AnsiString.Buffer + AnsiString.Length;
while (s > AnsiString.Buffer && *--s) {
if (*s == (UCHAR)OBJ_NAME_PATH_SEPARATOR) {
s += 1;
break;
}
}
ModuleInfo->OffsetToFileName = (USHORT)(s - AnsiString.Buffer);
ModuleInfo += 1;
}
NumberOfModules += 1;
Next = Next->Flink;
}
}
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = RequiredLength;
}
if (ModuleInformationLength >= FIELD_OFFSET( RTL_PROCESS_MODULES, Modules )) {
ModuleInformation->NumberOfModules = NumberOfModules;
} else {
Status = STATUS_INFO_LENGTH_MISMATCH;
}
return Status;
}
BOOLEAN
ExIsProcessorFeaturePresent(
ULONG ProcessorFeature
)
{
BOOLEAN rv;
if ( ProcessorFeature < PROCESSOR_FEATURE_MAX ) {
rv = SharedUserData->ProcessorFeatures[ProcessorFeature];
}
else {
rv = FALSE;
}
return rv;
}
NTSTATUS
ExpQueryLegacyDriverInformation(
IN PSYSTEM_LEGACY_DRIVER_INFORMATION LegacyInfo,
IN PULONG Length
)
/*++
Routine Description:
Returns legacy driver information for figuring out why PNP/Power functionality
is disabled.
Arguments:
LegacyInfo - Returns the legacy driver information
Length - Supplies the length of the LegacyInfo buffer
Returns the amount of data written
Return Value:
NTSTATUS
--*/
{
PNP_VETO_TYPE VetoType;
PWSTR VetoList = NULL;
NTSTATUS Status;
UNICODE_STRING String;
ULONG ReturnLength;
Status = IoGetLegacyVetoList(&VetoList, &VetoType);
if (!NT_SUCCESS(Status)) {
return(Status);
}
RtlInitUnicodeString(&String, VetoList);
ReturnLength = sizeof(SYSTEM_LEGACY_DRIVER_INFORMATION) + String.Length;
try {
if (ReturnLength > *Length) {
Status = STATUS_BUFFER_OVERFLOW;
} else {
LegacyInfo->VetoType = VetoType;
LegacyInfo->VetoList.Length = String.Length;
LegacyInfo->VetoList.Buffer = (PWSTR)(LegacyInfo+1);
RtlCopyMemory(LegacyInfo+1, String.Buffer, String.Length);
}
} finally {
if (VetoList) {
ExFreePool(VetoList);
}
}
*Length = ReturnLength;
return(Status);
}
VOID
ExGetCurrentProcessorCpuUsage(
OUT PULONG CpuUsage
)
/*++
Routine Description:
Returns an estimation of current cpu usage in percent.
Arguments:
CpuUsage - Returns the current cpu usage in percent.
Return Value:
Nothing
--*/
{
PKPRCB Prcb;
Prcb = KeGetCurrentPrcb();
*CpuUsage = 100 - (ULONG)(UInt32x32To64(Prcb->IdleThread->KernelTime, 100) /
(ULONGLONG)(Prcb->KernelTime + Prcb->UserTime));
}
VOID
ExGetCurrentProcessorCounts(
OUT PULONG IdleCount,
OUT PULONG KernelAndUser,
OUT PULONG Index
)
/*++
Routine Description:
Returns information regarding idle time and kernel + user time for
the current processor.
Arguments:
IdleCount - Returns the kernel time of the idle thread on the current
processor.
KernelAndUser - Returns the kernel pluse user on the current processor.
Index - Returns the number identifiying the current processor.
Return Value:
Nothing
--*/
{
PKPRCB Prcb;
Prcb = KeGetCurrentPrcb();
*IdleCount = Prcb->IdleThread->KernelTime;
*KernelAndUser = Prcb->KernelTime + Prcb->UserTime;
*Index = (ULONG)Prcb->Number;
}
BOOLEAN
ExpIsValidUILanguage(
IN WCHAR * pLangId
)
/*++
Routine Description:
Check if specified language ID is valid.
Arguments:
pLangId - language ID hex string.
Return Value:
TRUE: Valid
FALSE: Invalid
--*/
{
NTSTATUS Status;
UNICODE_STRING KeyPath, KeyValueName;
HANDLE hKey;
WCHAR KeyValueBuffer[ 128 ];
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation;
OBJECT_ATTRIBUTES ObjectAttributes;
ULONG ResultLength;
BOOLEAN bRet = FALSE;
int iLen = 0;
RtlInitUnicodeString(&KeyPath, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\MUILanguages");
//
// pLangId is passed in as DWORD or WORD hex string
// LangId string in MUILanguages is set as WORD hex string
//
while (pLangId[iLen])
{
iLen++;
}
//
// We need to validate both 4 digits and 8 digits LangId
//
RtlInitUnicodeString(&KeyValueName, iLen < 8? pLangId : &pLangId[4]);
InitializeObjectAttributes (&ObjectAttributes,
&KeyPath,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
if (NT_SUCCESS(ZwOpenKey( &hKey, GENERIC_READ, &ObjectAttributes)))
{
KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
Status = ZwQueryValueKey( hKey,
&KeyValueName,
KeyValuePartialInformation,
KeyValueInformation,
sizeof( KeyValueBuffer ),
&ResultLength
);
if (NT_SUCCESS(Status))
{
if (KeyValueInformation->Type == REG_SZ && *((PWSTR)(KeyValueInformation->Data)) == L'1')
{
bRet = TRUE;
}
}
ZwClose(hKey);
}
return bRet;
}