Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

142 lines
3.2 KiB

  1. /*++
  2. Copyright (c) 2000 Microsoft Corporation
  3. Module Name:
  4. kevutil.c
  5. Abstract:
  6. This module implements various utilities required to do driver verification.
  7. Author:
  8. Adrian J. Oney (adriao) 20-Apr-1998
  9. Environment:
  10. Kernel mode
  11. Revision History:
  12. AdriaO 02/10/2000 - Seperated out from ntos\io\ioassert.c
  13. --*/
  14. #include "ki.h"
  15. #ifdef ALLOC_PRAGMA
  16. #pragma alloc_text(PAGEVRFY, KevUtilAddressToFileHeader)
  17. #endif // ALLOC_PRAGMA
  18. NTSTATUS
  19. KevUtilAddressToFileHeader(
  20. IN PVOID Address,
  21. OUT UINT_PTR *OffsetIntoImage,
  22. OUT PUNICODE_STRING *DriverName,
  23. OUT BOOLEAN *InVerifierList
  24. )
  25. /*++
  26. Routine Description:
  27. This function returns the name of a driver based on the specified
  28. Address. In addition, the offset into the driver is returned along
  29. with an indication as to whether the driver is among the list of those
  30. being verified.
  31. Arguments:
  32. Address - Supplies an address to resolve to a driver name.
  33. OffsetIntoImage - Recieves the offset relative to the base of the driver.
  34. DriverName - Recieves a pointer to the name of the driver.
  35. InVerifierList - Receives TRUE if the driver is in the verifier list,
  36. FALSE otherwise.
  37. Return Value:
  38. NTSTATUS (On failure, OffsetIntoImage receives NULL, DriverName receives
  39. NULL, and InVerifierList receives FALSE).
  40. --*/
  41. {
  42. PLIST_ENTRY pModuleListHead, next;
  43. PLDR_DATA_TABLE_ENTRY pDataTableEntry;
  44. UINT_PTR bounds, pReturnBase, pCurBase;
  45. //
  46. // Preinit for failure
  47. //
  48. *DriverName = NULL;
  49. *InVerifierList = FALSE;
  50. *OffsetIntoImage = 0;
  51. //
  52. // Set initial values for the module walk
  53. //
  54. pReturnBase = 0;
  55. pModuleListHead = &PsLoadedModuleList;
  56. //
  57. // It would be nice if we could call MiLookupDataTableEntry, but it's
  58. // pageable, so we do what the bugcheck stuff does...
  59. //
  60. next = pModuleListHead->Flink;
  61. if (next != NULL) {
  62. while (next != pModuleListHead) {
  63. //
  64. // Extract the data table entry
  65. //
  66. pDataTableEntry = CONTAINING_RECORD(
  67. next,
  68. LDR_DATA_TABLE_ENTRY,
  69. InLoadOrderLinks
  70. );
  71. next = next->Flink;
  72. pCurBase = (UINT_PTR) pDataTableEntry->DllBase;
  73. bounds = pCurBase + pDataTableEntry->SizeOfImage;
  74. if ((UINT_PTR)Address >= pCurBase && (UINT_PTR)Address < bounds) {
  75. //
  76. // We have a match, record it and get out of here.
  77. //
  78. pReturnBase = pCurBase;
  79. break;
  80. }
  81. }
  82. }
  83. if (!pReturnBase) {
  84. //
  85. // ADRIAO BUGBUG 02/16/2000 -
  86. // Get better error code.
  87. //
  88. return STATUS_UNSUCCESSFUL;
  89. }
  90. //
  91. // Here we go!
  92. //
  93. *OffsetIntoImage = (UINT_PTR) Address - pReturnBase;
  94. *DriverName = &pDataTableEntry->BaseDllName;
  95. //
  96. // Now record whether this is in the verifying table.
  97. //
  98. if (pDataTableEntry->Flags & LDRP_IMAGE_VERIFYING) {
  99. *InVerifierList = TRUE;
  100. }
  101. return STATUS_SUCCESS;
  102. }