Source code of Windows XP (NT5)
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
/*++
Copyright (c) 2000 Microsoft Corporation
Module Name:
kevutil.c
Abstract:
This module implements various utilities required to do driver verification.
Author:
Adrian J. Oney (adriao) 20-Apr-1998
Environment:
Kernel mode
Revision History:
AdriaO 02/10/2000 - Seperated out from ntos\io\ioassert.c
--*/
#include "ki.h"
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGEVRFY, KevUtilAddressToFileHeader)
#endif // ALLOC_PRAGMA
NTSTATUS KevUtilAddressToFileHeader( IN PVOID Address, OUT UINT_PTR *OffsetIntoImage, OUT PUNICODE_STRING *DriverName, OUT BOOLEAN *InVerifierList ) /*++
Routine Description:
This function returns the name of a driver based on the specified Address. In addition, the offset into the driver is returned along with an indication as to whether the driver is among the list of those being verified.
Arguments:
Address - Supplies an address to resolve to a driver name.
OffsetIntoImage - Recieves the offset relative to the base of the driver.
DriverName - Recieves a pointer to the name of the driver.
InVerifierList - Receives TRUE if the driver is in the verifier list, FALSE otherwise.
Return Value:
NTSTATUS (On failure, OffsetIntoImage receives NULL, DriverName receives NULL, and InVerifierList receives FALSE).
--*/ { PLIST_ENTRY pModuleListHead, next; PLDR_DATA_TABLE_ENTRY pDataTableEntry; UINT_PTR bounds, pReturnBase, pCurBase;
//
// Preinit for failure
//
*DriverName = NULL; *InVerifierList = FALSE; *OffsetIntoImage = 0;
//
// Set initial values for the module walk
//
pReturnBase = 0; pModuleListHead = &PsLoadedModuleList;
//
// It would be nice if we could call MiLookupDataTableEntry, but it's
// pageable, so we do what the bugcheck stuff does...
//
next = pModuleListHead->Flink; if (next != NULL) { while (next != pModuleListHead) {
//
// Extract the data table entry
//
pDataTableEntry = CONTAINING_RECORD( next, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks );
next = next->Flink; pCurBase = (UINT_PTR) pDataTableEntry->DllBase; bounds = pCurBase + pDataTableEntry->SizeOfImage; if ((UINT_PTR)Address >= pCurBase && (UINT_PTR)Address < bounds) {
//
// We have a match, record it and get out of here.
//
pReturnBase = pCurBase; break; } } }
if (!pReturnBase) {
//
// ADRIAO BUGBUG 02/16/2000 -
// Get better error code.
//
return STATUS_UNSUCCESSFUL; }
//
// Here we go!
//
*OffsetIntoImage = (UINT_PTR) Address - pReturnBase; *DriverName = &pDataTableEntry->BaseDllName;
//
// Now record whether this is in the verifying table.
//
if (pDataTableEntry->Flags & LDRP_IMAGE_VERIFYING) {
*InVerifierList = TRUE; }
return STATUS_SUCCESS; }
|