|
|
/*++
Copyright (c) 1991 Microsoft Corporation
Module Name:
cmp.h
Abstract:
This module contains the private (internal) header file for the configuration manager.
Author:
Bryan M. Willman (bryanwi) 10-Sep-91
Environment:
Kernel mode only.
Revision History:
13-Jan-99 Dragos C. Sambotin (dragoss) - factoring the data structure declarations in \nt\private\ntos\inc\cmdata.h :: to be available from outside.--*/
#ifndef _CMP_
#define _CMP_
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Begin SCS (Switch Control Section)
//
// 1. Code to check consistency and to help catch bugs: To be turned on when problems
// appear in that area; Word of caution: some of these switches may affect performance
//
#if DBG
#define CMP_NOTIFY_POSTBLOCK_CHECK // controls the CmpCheckPostBlock macro, used to check
// validity and consistency of a notify post block
#define CMP_ENTRYLIST_MANIPULATION // controls the removal of an element from a LIST_ENTRY
// by setting the Blink and Flink to NULL;
// macros affected : IsListEmpty and RemoveEmptyList
// WARNING : to be defined only when not linking against the loader
#define CMP_KCB_CACHE_VALIDATION // validates KCB cached members changes by comparing against the knode values.
// We shall disable this after proven the caching mechanism works OK
//#define CMP_CMVIEW_VALIDATION // validates the view mapping mechanism
#define CHECK_REGISTRY_USECOUNT // Validates the GetCell/ReleaseCell call matching, to ensure mapped views
// don't get unmapped while in use
//#define SYNC_HIVE_VALIDATION // validate the HvpDoWriteHive paged dirty data algorithm
// We shall disable this after we catch saving alternate problem
//#define HIVE_SECURITY_STATS // collect statistics about security cells
//#define CMP_STATS // collect statistics about kcbs
//#define WRITE_PROTECTED_REGISTRY_POOL // applies only for registry hives stored in paged pool
// controls access over registry bins
//#define WRITE_PROTECTED_VALUE_CACHE // protects pool allocations used for kcb value cache
//#define DRAGOSS_PRIVATE_DEBUG // private debug session
//#define CM_CHECK_MAP_NO_READ_SCHEME // validates the mapping code assumption (i.e. each bin map should start
// with HMAP_NEW_ALLOC; this is true only for mapped bins
#define REGISTRY_LOCK_CHECKING // on each Nt API level call, checks the thread has released all locks
// acquired. We may want to remove it, as it can hide bugs in other components
// bellow registry (Ob, Se, Ps, Mm)
//#define CM_PERF_ISSUES // keep track of how long CmpInitializeHiveList and CmpConvertHiveToMapped takes
#define CM_CHECK_FOR_ORPHANED_KCBS // check for orphaned kcbs every time we free a hive.
#endif //DBG
//#define CM_RETRY_CREATE_FILE // when an error is returned from ZwCreateFile calls, retry the call
//#define CM_NOTIFY_CHANGED_KCB_FULLPATH // return the full qualified path of the changed kcb in the Buffer arg of NtNotifyChangeKey
#if defined(_X86_)
#define CM_LEAK_STACK_TRACES // keeps stacks traces for opened handles
#endif //_X86_
//
// 2. these section controls whether or not a certain feature goes into product or not;
// The goal is to remove these switches as new features are accepted, tested and proven to work
//
#ifndef _CM_LDR_
#define NT_RENAME_KEY // NtRenameKey API
#define NT_UNLOAD_KEY_EX // NtUnloadKeyEx API
#endif //_CM_LDR_
#define CM_ENABLE_MAPPED_VIEWS // controls whether the mapped views feature (using Cc interfaces) is used
// by commenting this, registry hives are reverted to paged pool
// WARNING: This should be always on !!!
//#define CM_ENABLE_WRITE_ONLY_BINS // use MmSetPageProtection to catch writes on data not marked dirty
#define CM_MAP_NO_READ // this switch contols whether we map (touch all pages) or just pin_no_read
// now it makes sense to use this as mm will fault in one page at a time for
// MNW streams
#define CM_BREAK_ON_KEY_OPEN // breaks when a key with Flags & KEY_BREAK_ON_OPEN is opened or a subkey is added
//#define CM_SAVE_KCB_CACHE // at shutdown, save the kcb cache into a file
//#define CM_DYN_SYM_LINK // dynamic symbolic links enabled.
//#define HV_TRACK_FREE_SPACE // keep track of the actual free space inside the hive
//
// End SCS
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
#ifdef CM_DYN_SYM_LINK
#define REG_DYN_LINK 21 // this should be moved to the proper place
#endif
#include "ntos.h"
#include "hive.h"
#include "wchar.h"
#include "zwapi.h"
#include <stdio.h>
#include <profiles.h>
// bugcheck description and defines
#include "cmpbug.h"
#include "kddll.h"
// CM data structure declarations
// file location: \nt\private\ntos\inc
#include "cmdata.h"
#ifdef CMP_STATS
VOIDCmpKcbStat( VOID );#endif
#ifndef _CM_LDR_
#define CmKdPrintEx(_x_) KdPrintEx(_x_)
#else
#define CmKdPrintEx(_x_) //nothing
#endif //_CM_LDR_
#define _64K 64L*1024L //64K
#define _256K 256L*1024L //256K
//
// this constant defines the size of a Cc view that is mapped -in every time a cell
// is accessed; It can be any power of 2, no less than 16K and no bigger than 256K
//
#define CM_VIEW_SIZE 16L*1024L //16K
//
// control the granularity the primary file grows;
// Warning: this should be multiple of 4K (HBLOCK_SIZE) !!!
//
#define CM_FILE_GROW_INCREMENT 256L*1024L //256K
//
// this controls the maximmum adress space allowed per hive. It should be specified in
// multiples of 256K
//
// 4 means 1 MB
// 6 means 1.5 MB
// 12 means 3 MB
// .....
//
#define MAX_MB_PER_HIVE 16 // 4MB
#define MAX_NAME 128
#ifdef CMP_ENTRYLIST_MANIPULATION
#define CmpRemoveEntryList(a) \
if(((a)->Flink == NULL) && ((a)->Blink == NULL) ) {\ DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_ERROR_LEVEL,"CmpRemoveEntryList: Entry %08lx\n",a);\ DbgBreakPoint();\ }\ RemoveEntryList(a);\ (a)->Flink = (a)->Blink = NULL
#define CmpClearListEntry(a) (a)->Flink = (a)->Blink = NULL
#define CmpIsListEmpty(a) ( ( ((a)->Flink == NULL) && ((a)->Blink == NULL) ) || ( ((a)->Flink != NULL) && ((a)->Blink != NULL) && IsListEmpty(a) ) )
#else
#define CmpRemoveEntryList(a) RemoveEntryList(a)
#define CmpClearListEntry(a) //nothing
#define CmpIsListEmpty(a) IsListEmpty(a)
#endif // CMP_ENTRYLIST_MANIPULATION
extern PCM_TRACE_NOTIFY_ROUTINE CmpTraceRoutine;
VOIDCmpWmiDumpKcb( PCM_KEY_CONTROL_BLOCK kcb);
#define CmpWmiFireEvent(Status,Kcb,ElapsedTime,Index,KeyName,Type) \
try { \ PCM_TRACE_NOTIFY_ROUTINE TraceRoutine = CmpTraceRoutine; \ if( TraceRoutine != NULL ) { \ (*TraceRoutine)(Status,Kcb,ElapsedTime,Index,KeyName,Type); \ } \} except (EXCEPTION_EXECUTE_HANDLER) { }
#define StartWmiCmTrace()\
LARGE_INTEGER StartSystemTime;\ LARGE_INTEGER EndSystemTime;\ PVOID HookKcb = NULL;\ if (CmpTraceRoutine) {\ PerfTimeStamp(StartSystemTime); \ }
#define EndWmiCmTrace(Status,Index,KeyName,Type)\
if (CmpTraceRoutine) {\ try {\ PerfTimeStamp(EndSystemTime); \ CmpWmiFireEvent(Status,HookKcb,EndSystemTime.QuadPart - StartSystemTime.QuadPart,Index,KeyName,Type);\ } except (EXCEPTION_EXECUTE_HANDLER) {\ }\ }
#define HookKcbForWmiCmTrace(KeyBody) \
if (CmpTraceRoutine) {\ if(KeyBody) {\ HookKcb = KeyBody->KeyControlBlock;\ }\ }
#define HookKcbFromHandleForWmiCmTrace(KeyHandle) \
if (CmpTraceRoutine) {\ PCM_KEY_BODY KeyBody;\ NTSTATUS status;\ status = ObReferenceObjectByHandle(\ KeyHandle,\ 0,\ CmpKeyObjectType,\ KeGetPreviousMode(),\ (PVOID *)(&KeyBody),\ NULL\ );\ if (NT_SUCCESS(status)) {\ HookKcb = KeyBody->KeyControlBlock;\ ObDereferenceObject((PVOID)KeyBody);\ }\ }
#define CmpTraceKcbCreate(kcb) \
if (CmpTraceRoutine) {\ CmpWmiDumpKcb(kcb);\ }
#ifdef WRITE_PROTECTED_VALUE_CACHE
#define CmpMakeSpecialPoolReadOnly(PoolAddress) \
{ \ if( !MmProtectSpecialPool( (PVOID) PoolAddress, PAGE_READONLY) ) \ CmKdPrintEx((DPFLTR_CONFIG_ID,CML_POOL,"[CmpMakeSpecialPoolReadOnly]: Failed to Mark SpecialPool %p as ReadOnly", PoolAddress )); \ }
#define CmpMakeSpecialPoolReadWrite(PoolAddress) \
{ \ if( !MmProtectSpecialPool( (PVOID) PoolAddress, PAGE_READWRITE) ) { \ CmKdPrintEx((DPFLTR_CONFIG_ID,CML_POOL,"[CmpMakeSpecialPoolReadWrite]: Failed to Mark SpecialPool %p as ReadWrite", PoolAddress )); \ } \ }#define CmpMakeValueCacheReadOnly(ValueCached,PoolAddress) \
if(ValueCached) { \ CmpMakeSpecialPoolReadOnly( PoolAddress );\ }
#define CmpMakeValueCacheReadWrite(ValueCached,PoolAddress) \
if(ValueCached) { \ CmpMakeSpecialPoolReadWrite( PoolAddress );\ }
#else
#define CmpMakeSpecialPoolReadOnly(a) //nothing
#define CmpMakeSpecialPoolReadWrite(a) //nothing
#define CmpMakeValueCacheReadOnly(a,b) //nothing
#define CmpMakeValueCacheReadWrite(a,b) //nothing
#endif
#ifdef WRITE_PROTECTED_REGISTRY_POOL
VOIDHvpMarkBinReadWrite( PHHIVE Hive, HCELL_INDEX Cell );
VOIDHvpChangeBinAllocation( PHBIN Bin, BOOLEAN ReadOnly );
VOIDCmpMarkAllBinsReadOnly( PHHIVE Hive );
#else
#define HvpChangeBinAllocation(a,b) //nothing
#define HvpMarkBinReadWrite(a,b) //nothing
#define CmpMarkAllBinsReadOnly(a) //nothing
#endif
#ifdef POOL_TAGGING
//
// Pool Tag
//
#define CM_POOL_TAG ' MC'
#define CM_KCB_TAG 'bkMC'
#define CM_POSTBLOCK_TAG 'bpMC'
#define CM_NOTIFYBLOCK_TAG 'bnMC'
#define CM_POSTEVENT_TAG 'epMC'
#define CM_POSTAPC_TAG 'apMC'
#define CM_MAPPEDVIEW_TAG 'wVMC'
#define CM_SECCACHE_TAG 'cSMC'
#define CM_DELAYCLOSE_TAG 'cDMC'
#define CM_STASHBUFFER_TAG 'bSMC'
#define CM_HVBIN_TAG 'bHMC'
#define CM_ALLOCATE_TAG 'lAMC'
//
// Find leaks
//
#define CM_FIND_LEAK_TAG1 ' 1MC'
#define CM_FIND_LEAK_TAG2 ' 2MC'
#define CM_FIND_LEAK_TAG3 ' 3MC'
#define CM_FIND_LEAK_TAG4 ' 4MC'
#define CM_FIND_LEAK_TAG5 ' 5MC'
#define CM_FIND_LEAK_TAG6 ' 6MC'
#define CM_FIND_LEAK_TAG7 ' 7MC'
#define CM_FIND_LEAK_TAG8 ' 8MC'
#define CM_FIND_LEAK_TAG9 ' 9MC'
#define CM_FIND_LEAK_TAG10 '01MC'
#define CM_FIND_LEAK_TAG11 '11MC'
#define CM_FIND_LEAK_TAG12 '21MC'
#define CM_FIND_LEAK_TAG13 '31MC'
#define CM_FIND_LEAK_TAG14 '41MC'
#define CM_FIND_LEAK_TAG15 '51MC'
#define CM_FIND_LEAK_TAG16 '61MC'
#define CM_FIND_LEAK_TAG17 '71MC'
#define CM_FIND_LEAK_TAG18 '81MC'
#define CM_FIND_LEAK_TAG19 '91MC'
#define CM_FIND_LEAK_TAG20 '02MC'
#define CM_FIND_LEAK_TAG21 '12MC'
#define CM_FIND_LEAK_TAG22 '22MC'
#define CM_FIND_LEAK_TAG23 '32MC'
#define CM_FIND_LEAK_TAG24 '42MC'
#define CM_FIND_LEAK_TAG25 '52MC'
#define CM_FIND_LEAK_TAG26 '62MC'
#define CM_FIND_LEAK_TAG27 '72MC'
#define CM_FIND_LEAK_TAG28 '82MC'
#define CM_FIND_LEAK_TAG29 '92MC'
#define CM_FIND_LEAK_TAG30 '03MC'
#define CM_FIND_LEAK_TAG31 '13MC'
#define CM_FIND_LEAK_TAG32 '23MC'
#define CM_FIND_LEAK_TAG33 '33MC'
#define CM_FIND_LEAK_TAG34 '43MC'
#define CM_FIND_LEAK_TAG35 '53MC'
#define CM_FIND_LEAK_TAG36 '63MC'
#define CM_FIND_LEAK_TAG37 '73MC'
#define CM_FIND_LEAK_TAG38 '83MC'
#define CM_FIND_LEAK_TAG39 '93MC'
#define CM_FIND_LEAK_TAG40 '04MC'
#define CM_FIND_LEAK_TAG41 '14MC'
#define CM_FIND_LEAK_TAG42 '24MC'
#define CM_FIND_LEAK_TAG43 '34MC'
#define CM_FIND_LEAK_TAG44 '44MC'
#define CM_FIND_LEAK_TAG45 '54MC'
#ifdef _WANT_MACHINE_IDENTIFICATION
#define CM_PARSEINI_TAG 'ipMC'
#define CM_GENINST_TAG 'igMC'
#endif
//
// Extra Tags for cache.
// We may want to merge these tags later.
//
#define CM_CACHE_VALUE_INDEX_TAG 'IVMC'
#define CM_CACHE_VALUE_TAG 'aVMC'
#define CM_CACHE_INDEX_TAG 'nIMC'
#define CM_CACHE_VALUE_DATA_TAG 'aDMC'
#define CM_NAME_TAG 'bNMC'
#define ExAllocatePool(a,b) ExAllocatePoolWithTag(a,b,CM_POOL_TAG)
#define ExAllocatePoolWithQuota(a,b) ExAllocatePoolWithQuotaTag(a,b,CM_POOL_TAG)
PVOIDCmpAllocateTag( ULONG Size, BOOLEAN UseForIo, ULONG Tag );#else
#define CmpAllocateTag(a,b,c) CmpAllocate(a,b,c)
#endif
//
// A variable so can turn on/off certain performance features.
//
extern const ULONG CmpCacheOnFlag;
#define CM_CACHE_FAKE_KEY 0x00000001 // Create Fake key KCB
//
// This lock protects the KCB cache, including the KCB structures,
// NameBlock and Value Index.
//
extern ERESOURCE CmpKcbLock;
//
// This is \REGISTRY
//
extern HANDLE CmpRegistryRootHandle;
#if 0
#define CmpLockKCBTree() ExAcquireResourceShared(&CmpKcbLock, TRUE)
#define CmpLockKCBTreeExclusive() ExAcquireResourceExclusive(&CmpKcbLock);
#else
VOIDCmpLockKCBTreeExclusive( VOID );VOIDCmpLockKCBTree( VOID );#endif
VOIDCmpUnlockKCBTree( );
#if DBG
BOOLEANCmpTestKCBLock( VOID );BOOLEANCmpTestKCBLockExclusive( VOID );#define ASSERT_KCB_LOCK_OWNED() \
ASSERT(CmpTestKCBLock() == TRUE)
#define ASSERT_KCB_LOCK_OWNED_EXCLUSIVE() \
ASSERT(CmpTestKCBLockExclusive() == TRUE)#else
#define ASSERT_KCB_LOCK_OWNED()
#define ASSERT_KCB_LOCK_OWNED_EXCLUSIVE()
#endif
//
// Logging: remember, first 4 levels (0-3) are reserved system-wide
//
#define CML_BUGCHECK 4 // fatal errors
#define CML_EXCEPTION 5 // all exception's
#define CML_NTAPI 6 // NtApi calls
#define CML_NTAPI_ARGS 7 // NtApi parameters
#define CML_CM 8 // Cm level, general
#define CML_NOTIFY 9 // Notify level, general
#define CML_HIVE 10 // Hv level, general
#define CML_IO 11 // IO level
#define CML_SEC 12 // Security level
#define CML_INIT 13 // Init level, general
#define CML_INDEX 14 // Index level, general
#define CML_BIN_MAP 15 // bin mapping level
#define CML_FREECELL 16 // Free cell hints
#define CML_POOL 17 // Pool
#define CML_LOCKING 18 // Lock/unlock level
#define CML_FLOW 19 // General flow
#define CML_PARSE 20 // Parse algorithm
#define CML_SAVRES 21 // SavRes operations
#define REGCHECKING 1
#if DBG
#if REGCHECKING
#define DCmCheckRegistry(a) if(HvHiveChecking) ASSERT(CmCheckRegistry(a, CM_CHECK_REGISTRY_HIVE_CHECK) == 0)
#else
#define DCmCheckRegistry(a)
#endif
#else
#define DCmCheckRegistry(a)
#endif
#ifdef CHECK_REGISTRY_USECOUNT
VOIDCmpCheckRegistryUseCount( );#endif //CHECK_REGISTRY_USECOUNT
#ifdef REGISTRY_LOCK_CHECKING
ULONGCmpCheckLockExceptionFilter( IN PEXCEPTION_POINTERS ExceptionPointers );
//
// updated to check both registry and kcb
//
#define BEGIN_LOCK_CHECKPOINT \
{ \ ULONG RegistryLockCountBefore,RegistryLockCountAfter; \ ULONG KCBLockCountBefore,KCBLockCountAfter; \ RegistryLockCountBefore = ExIsResourceAcquiredShared(&CmpRegistryLock); \ RegistryLockCountBefore += ExIsResourceAcquiredExclusive(&CmpRegistryLock); \ KCBLockCountBefore = ExIsResourceAcquiredShared(&CmpKcbLock); \ KCBLockCountBefore += ExIsResourceAcquiredExclusive(&CmpKcbLock); \ try {
#define END_LOCK_CHECKPOINT \
} except(CmpCheckLockExceptionFilter(GetExceptionInformation())) {} \ RegistryLockCountAfter = ExIsResourceAcquiredShared(&CmpRegistryLock); \ RegistryLockCountAfter += ExIsResourceAcquiredExclusive(&CmpRegistryLock); \ KCBLockCountAfter = ExIsResourceAcquiredShared(&CmpKcbLock); \ KCBLockCountAfter += ExIsResourceAcquiredExclusive(&CmpKcbLock); \ if( RegistryLockCountBefore != RegistryLockCountAfter ) { \ CM_BUGCHECK(REGISTRY_ERROR,REGISTRY_LOCK_CHECKPOINT,0,RegistryLockCountBefore,RegistryLockCountAfter); \ } \ if( KCBLockCountBefore != KCBLockCountAfter ) { \ CM_BUGCHECK(REGISTRY_ERROR,REGISTRY_LOCK_CHECKPOINT,1,KCBLockCountBefore,KCBLockCountAfter); \ } \ }
#define BEGIN_KCB_LOCK_GUARD \
try {
#define END_KCB_LOCK_GUARD \
} except(CmpCheckLockExceptionFilter(GetExceptionInformation())) {}
#else
#define BEGIN_LOCK_CHECKPOINT
#define END_LOCK_CHECKPOINT
#define BEGIN_KCB_LOCK_GUARD
#define END_KCB_LOCK_GUARD
#endif //REGISTRY_LOCK_CHECKING
extern BOOLEAN CmpSpecialBootCondition;
#if DBG
#define ASSERT_CM_LOCK_OWNED() \
ASSERT( (CmpSpecialBootCondition == TRUE) || (CmpTestRegistryLock() == TRUE) )#define ASSERT_CM_LOCK_OWNED_EXCLUSIVE() \
ASSERT((CmpSpecialBootCondition == TRUE) || (CmpTestRegistryLockExclusive() == TRUE) )#define ASSERT_CM_EXCLUSIVE_HIVE_ACCESS(Hive) \
ASSERT((CmpSpecialBootCondition == TRUE) || (CmpTestRegistryLockExclusive() == TRUE) || (Hive->ReleaseCellRoutine == NULL) )#else
#define ASSERT_CM_LOCK_OWNED()
#define ASSERT_CM_LOCK_OWNED_EXCLUSIVE()
#define ASSERT_CM_EXCLUSIVE_HIVE_ACCESS(Hive)
#endif
#if DBG
#ifndef _CM_LDR_
#define ASSERT_PASSIVE_LEVEL() \
{ \ KIRQL Irql; \ Irql = KeGetCurrentIrql(); \ if( KeGetCurrentIrql() != PASSIVE_LEVEL ) { \ DbgPrintEx(DPFLTR_CONFIG_ID,DPFLTR_ERROR_LEVEL,"ASSERT_PASSIVE_LEVEL failed ... Irql = %lu\n",Irql); \ ASSERT( FALSE ); \ } \ }#endif //_CM_LDR_
#else
#define ASSERT_PASSIVE_LEVEL()
#endif
#define VALIDATE_CELL_MAP(LINE,Map,Hive,Address) \
if( Map == NULL ) { \ CM_BUGCHECK (REGISTRY_ERROR,BAD_CELL_MAP,(ULONG_PTR)(Hive),(ULONG)(Address),(ULONG)(LINE)) ; \ }
#if DBG
VOIDSepDumpSecurityDescriptor( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSZ TitleString );
extern BOOLEAN SepDumpSD;
#define CmpDumpSecurityDescriptor(x,y) \
{ \ SepDumpSD=TRUE; \ SepDumpSecurityDescriptor(x, y); \ SepDumpSD=FALSE; \ }#else
#define CmpDumpSecurityDescriptor(x,y)
#endif
//
// misc stuff
//
extern UNICODE_STRING CmRegistrySystemCloneName;
//
// Determines whether the Current Control Set used during booting
// is cloned in order to fully preserve it for being saved
// as the LKG Control Set.
//
#define CLONE_CONTROL_SET FALSE
#if CLONE_CONTROL_SET
#define CM_NUMBER_OF_MACHINE_HIVES 7
#else
#define CM_NUMBER_OF_MACHINE_HIVES 6
#endif
#define NUMBER_TYPES (MaximumType + 1)
#define CM_WRAP_LIMIT 0x7fffffff
//
// Tuning and control constants
//
#define CM_MAX_STASH 1024*1024 // If size of data for a set
// is bigger than this,
#define CM_MAX_REASONABLE_VALUES 100 // If number of values for a
// key is greater than this,
// round up value list size
//
// Limit on the number of layers of hive there may be. We allow only
// the master hive and hives directly linked into it for now, for currently
// value is always 2..
//
#define MAX_HIVE_LAYERS 2
//
// structure used to create and sort ordered list of drivers to be loaded.
// This is also used by the OS Loader when loading the boot drivers.
// (Particularly the ErrorControl field)
//
typedef struct _BOOT_DRIVER_NODE { BOOT_DRIVER_LIST_ENTRY ListEntry; UNICODE_STRING Group; UNICODE_STRING Name; ULONG Tag; ULONG ErrorControl;} BOOT_DRIVER_NODE, *PBOOT_DRIVER_NODE;
//
// extern for object type pointer
//
extern POBJECT_TYPE CmpKeyObjectType;extern POBJECT_TYPE IoFileObjectType;
//
// indexes in CmpMachineHiveList
//
#define SYSTEM_HIVE_INDEX 3
#define CLONE_HIVE_INDEX 6
//
// Miscelaneous Hash routines
//
#define RNDM_CONSTANT 314159269 /* default value for "scrambling constant" */
#define RNDM_PRIME 1000000007 /* prime number, also used for scrambling */
#define HASH_KEY(_convkey_) ((RNDM_CONSTANT * (_convkey_)) % RNDM_PRIME)
#define GET_HASH_INDEX(Key) HASH_KEY(Key) % CmpHashTableSize
#define GET_HASH_ENTRY(Table, Key) Table[GET_HASH_INDEX(Key)]
//
// CM_KEY_BODY
//
// Same structure used for KEY_ROOT and KEY objects. This is the
// Cm defined part of the object.
//
// This object represents an open instance, several of them could refer
// to a single key control block.
//
#define KEY_BODY_TYPE 0x6b793032 // "ky02"
struct _CM_NOTIFY_BLOCK; //forward
typedef struct _CM_KEY_BODY { ULONG Type; PCM_KEY_CONTROL_BLOCK KeyControlBlock; struct _CM_NOTIFY_BLOCK *NotifyBlock; PEPROCESS Process; // the owner process
#ifdef CM_LEAK_STACK_TRACES
ULONG Callers; PVOID CallerAddress[10];#endif //CM_LEAK_STACK_TRACES
LIST_ENTRY KeyBodyList; // key_nodes using the same kcb
} CM_KEY_BODY, *PCM_KEY_BODY;
#ifdef CM_LEAK_STACK_TRACES
// just because we need this #define code inside a macro !
#define CmpSetNoCallers(KeyBody) KeyBody->Callers = 0
#define CmpAddKeyTracker(KeyHandle,mode) \
if(PoCleanShutdownEnabled() & PO_CLEAN_SHUTDOWN_REGISTRY) { \ PCM_KEY_BODY KeyBody; \ NTSTATUS status; \ status = ObReferenceObjectByHandle( \ KeyHandle, \ 0, \ CmpKeyObjectType, \ mode, \ (PVOID *)(&KeyBody), \ NULL \ ); \ if( NT_SUCCESS(status) ) { \ KeyBody->Callers = RtlWalkFrameChain(&(KeyBody->CallerAddress[0]), 10, 0); \ ObDereferenceObject((PVOID)KeyBody); \ } \}#else
#define CmpSetNoCallers(KeyBody) // nothing
#define CmpAddKeyTracker(KeyHandle,mode) // nothing yet
#endif //CM_LEAK_STACK_TRACES
#define INIT_KCB_KEYBODY_LIST(kcb) InitializeListHead(&(kcb->KeyBodyListHead))
#define ASSERT_KEYBODY_LIST_EMPTY(kcb) ASSERT(IsListEmpty(&(kcb->KeyBodyListHead)) == TRUE)
#define ENLIST_KEYBODY_IN_KEYBODY_LIST(KeyBody) \
ASSERT( KeyBody->KeyControlBlock != NULL ); \ BEGIN_KCB_LOCK_GUARD; \ CmpLockKCBTreeExclusive(); \ InsertTailList(&(KeyBody->KeyControlBlock->KeyBodyListHead),&(KeyBody->KeyBodyList)); \ CmpSetNoCallers(KeyBody); \ CmpUnlockKCBTree(); \ END_KCB_LOCK_GUARD
#define DELIST_KEYBODY_FROM_KEYBODY_LIST(KeyBody) \
ASSERT( KeyBody->KeyControlBlock != NULL ); \ ASSERT(IsListEmpty(&(KeyBody->KeyControlBlock->KeyBodyListHead)) == FALSE); \ BEGIN_KCB_LOCK_GUARD; \ CmpLockKCBTreeExclusive(); \ RemoveEntryList(&(KeyBody->KeyBodyList)); \ CmpUnlockKCBTree(); \ END_KCB_LOCK_GUARD
#define ASSERT_KEY_OBJECT(x) ASSERT(((PCM_KEY_BODY)x)->Type == KEY_BODY_TYPE)
#define ASSERT_NODE(x) ASSERT(((PCM_KEY_NODE)x)->Signature == CM_KEY_NODE_SIGNATURE)
#define ASSERT_SECURITY(x) ASSERT(((PCM_KEY_SECURITY)x)->Signature == CM_KEY_SECURITY_SIGNATURE)
//
// CM_POST_KEY_BODY
//
// A post block can have attached a keybody which has to be dereferenced
// when the post block goes out of scope. This structure allows the
// implementation of keybody "delayed dereferencing". (see CmpPostNotify for comments)
//
typedef struct _CM_POST_KEY_BODY { LIST_ENTRY KeyBodyList; struct _CM_KEY_BODY *KeyBody; // this key body object
} CM_POST_KEY_BODY, *PCM_POST_KEY_BODY;
//
// CM_NOTIFY_BLOCK
//
// A notify block tracks an active notification waiting for notification.
// Any one open instance (CM_KEY_BODY) will refer to at most one
// notify block. A given key control block may have as many notify
// blocks refering to it as there are CM_KEY_BODYs refering to it.
// Notify blocks are attached to hives and sorted by length of name.
//
typedef struct _CM_NOTIFY_BLOCK { LIST_ENTRY HiveList; // sorted list of notifies
LIST_ENTRY PostList; // Posts to fill
PCM_KEY_CONTROL_BLOCK KeyControlBlock; // Open instance notify is on
struct _CM_KEY_BODY *KeyBody; // our owning key handle object
struct { ULONG Filter : 30; // Events of interest
ULONG WatchTree : 1; ULONG NotifyPending : 1; }; SECURITY_SUBJECT_CONTEXT SubjectContext; // Security stuff
} CM_NOTIFY_BLOCK, *PCM_NOTIFY_BLOCK;
//
// CM_POST_BLOCK
//
// Whenever a notify call is made, a post block is created and attached
// to the notify block. Each time an event is posted against the notify,
// the waiter described by the post block is signaled. (i.e. APC enqueued,
// event signalled, etc.)
//
//
// The NotifyType ULONG is a combination of POST_BLOCK_TYPE enum and flags
//
typedef enum _POST_BLOCK_TYPE { PostSynchronous = 1, PostAsyncUser = 2, PostAsyncKernel = 3} POST_BLOCK_TYPE;
typedef struct _CM_SYNC_POST_BLOCK { PKEVENT SystemEvent; NTSTATUS Status;} CM_SYNC_POST_BLOCK, *PCM_SYNC_POST_BLOCK;
typedef struct _CM_ASYNC_USER_POST_BLOCK { PKEVENT UserEvent; PKAPC Apc; PIO_STATUS_BLOCK IoStatusBlock;} CM_ASYNC_USER_POST_BLOCK, *PCM_ASYNC_USER_POST_BLOCK;
typedef struct _CM_ASYNC_KERNEL_POST_BLOCK { PKEVENT Event; PWORK_QUEUE_ITEM WorkItem; WORK_QUEUE_TYPE QueueType;} CM_ASYNC_KERNEL_POST_BLOCK, *PCM_ASYNC_KERNEL_POST_BLOCK;
typedef union _CM_POST_BLOCK_UNION { CM_SYNC_POST_BLOCK Sync; CM_ASYNC_USER_POST_BLOCK AsyncUser; CM_ASYNC_KERNEL_POST_BLOCK AsyncKernel;} CM_POST_BLOCK_UNION, *PCM_POST_BLOCK_UNION;
typedef struct _CM_POST_BLOCK {#if DBG
BOOLEAN TraceIntoDebugger;#endif
LIST_ENTRY NotifyList; LIST_ENTRY ThreadList; LIST_ENTRY CancelPostList; // slave notifications that are attached to this notification
struct _CM_POST_KEY_BODY *PostKeyBody;
#ifdef CM_NOTIFY_CHANGED_KCB_FULLPATH
PUNICODE_STRING ChangedKcbFullName; // full qualified name of the kcb that triggered this notification
PVOID CallerBuffer; // used to return full qualified name of the changed kcb to the caller
ULONG CallerBufferSize; // these are supposed to be filled by CmpAllocatePostBlock
#endif //CM_NOTIFY_CHANGED_KCB_FULLPATH
ULONG NotifyType; PCM_POST_BLOCK_UNION u;} CM_POST_BLOCK, *PCM_POST_BLOCK;
#define REG_NOTIFY_POST_TYPE_MASK (0x0000FFFFL) // mask for finding out the type of the post block
#define REG_NOTIFY_MASTER_POST (0x00010000L) // The current post block is a master one
//
// Usefull macros to manipulate the NotifyType field in CM_POST_BLOCK
//
#define PostBlockType(_post_) ((POST_BLOCK_TYPE)( ((_post_)->NotifyType) & REG_NOTIFY_POST_TYPE_MASK ))
#define IsMasterPostBlock(_post_) ( ((_post_)->NotifyType) & REG_NOTIFY_MASTER_POST )
#define SetMasterPostBlockFlag(_post_) ( ((_post_)->NotifyType) |= REG_NOTIFY_MASTER_POST )
#define ClearMasterPostBlockFlag(_post_) ( ((_post_)->NotifyType) &= ~REG_NOTIFY_MASTER_POST )
//
// This lock protects the PostList(s) in Notification objects.
// It is used to prevent attempts for simultaneous changes of
// CancelPostList list in PostBlocks
//
extern FAST_MUTEX CmpPostLock;#define LOCK_POST_LIST() ExAcquireFastMutexUnsafe(&CmpPostLock)
#define UNLOCK_POST_LIST() ExReleaseFastMutexUnsafe(&CmpPostLock)
extern FAST_MUTEX CmpStashBufferLock;#define LOCK_STASH_BUFFER() ExAcquireFastMutexUnsafe(&CmpStashBufferLock)
#define UNLOCK_STASH_BUFFER() ExReleaseFastMutexUnsafe(&CmpStashBufferLock)
//
// protection for CmpHiveListHead
//
extern FAST_MUTEX CmpHiveListHeadLock;#ifndef _CM_LDR_
#define LOCK_HIVE_LIST() ExAcquireFastMutexUnsafe(&CmpHiveListHeadLock)
#define UNLOCK_HIVE_LIST() ExReleaseFastMutexUnsafe(&CmpHiveListHeadLock)
#else
#define LOCK_HIVE_LIST() //nothing
#define UNLOCK_HIVE_LIST() //nothing
#endif
//
// used by CmpFileWrite, so it doesn't take up so much stack.
//
typedef struct _CM_WRITE_BLOCK { HANDLE EventHandles[MAXIMUM_WAIT_OBJECTS]; PKEVENT EventObjects[MAXIMUM_WAIT_OBJECTS]; KWAIT_BLOCK WaitBlockArray[MAXIMUM_WAIT_OBJECTS]; IO_STATUS_BLOCK IoStatus[MAXIMUM_WAIT_OBJECTS];} CM_WRITE_BLOCK, *PCM_WRITE_BLOCK;
//
// CM data to manipulate views inside the primary hive file
//
//#define MAPPED_VIEWS_PER_HIVE 12 * (_256K / CM_VIEW_SIZE ) // max 3 MB per hive ; we don't really need this
#define MAX_VIEWS_PER_HIVE MAX_MB_PER_HIVE * ( (_256K) / (CM_VIEW_SIZE) )
#define ASSERT_VIEW_MAPPED(a) \
ASSERT((a)->Size != 0); \ ASSERT((a)->ViewAddress != 0); \ ASSERT((a)->Bcb != 0); \ ASSERT( IsListEmpty(&((a)->LRUViewList)) == FALSE); \ ASSERT( IsListEmpty(&((a)->PinViewList)) == TRUE)
#define ASSERT_VIEW_PINNED(a) \
ASSERT((a)->Size != 0); \ ASSERT((a)->ViewAddress != 0); \ ASSERT((a)->Bcb != 0); \ ASSERT( IsListEmpty(&((a)->LRUViewList)) == TRUE)
typedef struct _CM_VIEW_OF_FILE { LIST_ENTRY LRUViewList; // LRU connection ==> when this is empty, the view is pinned
LIST_ENTRY PinViewList; // list of views pinned into memory ==> when this is empty, the view is in LRU list
ULONG FileOffset; // file offset at which the mapping starts
ULONG Size; // size the view maps
PULONG_PTR ViewAddress; // memory address containing the mapping
PVOID Bcb; // BCB needed for map/pin/unpin access
ULONG UseCount; // how many cells are currently in use inside this view
} CM_VIEW_OF_FILE, *PCM_VIEW_OF_FILE;
//
// security hash manipulation
//
#define CmpSecHashTableSize 64 // size of the hash table
typedef struct _CM_KCB_REMAP_BLOCK { LIST_ENTRY RemapList; PCM_KEY_CONTROL_BLOCK KeyControlBlock; HCELL_INDEX OldCellIndex; HCELL_INDEX NewCellIndex; ULONG ValueCount; HCELL_INDEX ValueList;} CM_KCB_REMAP_BLOCK, *PCM_KCB_REMAP_BLOCK;
typedef struct _CM_CELL_REMAP_BLOCK { HCELL_INDEX OldCell; HCELL_INDEX NewCell;} CM_CELL_REMAP_BLOCK, *PCM_CELL_REMAP_BLOCK;
typedef struct _CM_KNODE_REMAP_BLOCK { LIST_ENTRY RemapList; PCM_KEY_NODE KeyNode; HCELL_INDEX NewParent;} CM_KNODE_REMAP_BLOCK, *PCM_KNODE_REMAP_BLOCK;
// ----- Cm version of Hive structure (CMHIVE) -----
//
typedef struct _CMHIVE { HHIVE Hive; HANDLE FileHandles[HFILE_TYPE_MAX]; LIST_ENTRY NotifyList; LIST_ENTRY HiveList; // Used to find hives at shutdown
PFAST_MUTEX HiveLock; // Used to synchronize operations on the hive (NotifyList and Flush)
PFAST_MUTEX ViewLock; // Used to control access over the view list, UseCount
LIST_ENTRY LRUViewListHead; // Head of the same list as above but ordered (LRU)
LIST_ENTRY PinViewListHead; // Head of the List of Views pinned into memory inside the primary hive file
#if 0 // it didn't work
LIST_ENTRY FakeViewListHead; // Used to optimize boot process (fault all the data in in 256K chunks at once)
#endif
PFILE_OBJECT FileObject; // FileObject needed for Cc operations on the mapped views
UNICODE_STRING FileFullPath; // full path of the hive file- needed for CmPrefetchHivePages
UNICODE_STRING FileUserName; // file name as passed onto NtLoadKey
USHORT MappedViews; // number of mapped (but not pinned views) i.e. the number of elements in LRUViewList
USHORT PinnedViews; // number of pinned views i.e. the number of elements in PinViewList
ULONG UseCount; // how many cells are currently in use inside this hive
#if 0
ULONG FakeViews; // number of FakeViews (debug-only)
#endif
ULONG SecurityCount; // number of security cells cached
ULONG SecurityCacheSize; // number of entries in the cache (to avoid memory fragmentation)
LONG SecurityHitHint; // index of the last cell we've searched on
PCM_KEY_SECURITY_CACHE_ENTRY SecurityCache; // the security cache
// hash table (to retrieve the security cells by descriptor)
LIST_ENTRY SecurityHash[CmpSecHashTableSize];
#ifdef NT_UNLOAD_KEY_EX
PKEVENT UnloadEvent; // the event to be signaled when the hive unloads
// this may be valid (not NULL) only in conjunction with
// a not NULL RootKcb and a TRUE Frozen (bellow)
PCM_KEY_CONTROL_BLOCK RootKcb; // kcb to the root of the hive. We keep a reference on it, which
// will be released at the time the hive unloads (i.e. it is the last
// reference somebody has on this kcb); This is should be valid (not NULL)
// only when the Frozen flag is set to TRUE
BOOLEAN Frozen; // set to TRUE when the hive is frozen (no further operations are allowed on
// this hive
PWORK_QUEUE_ITEM UnloadWorkItem; // Work Item to actually perform the late unload
#endif //NT_UNLOAD_KEY_EX
BOOLEAN GrowOnlyMode; // the hive is in "grow only" mode; new cells are allocated past GrowOffset
ULONG GrowOffset;
LIST_ENTRY KcbConvertListHead; // list of CM_KCB_REMAP_BLOCK storing the associations to the new hive.
LIST_ENTRY KnodeConvertListHead; PCM_CELL_REMAP_BLOCK CellRemapArray; // array of mappings used for security cells
} CMHIVE, *PCMHIVE;
#ifdef NT_UNLOAD_KEY_EX
#define IsHiveFrozen(_CmHive_) (((PCMHIVE)(_CmHive_))->Frozen == TRUE)
#endif
#define HiveWritesThroughCache(Hive,FileType) ((FileType == HFILE_TYPE_PRIMARY) && (((PCMHIVE)CONTAINING_RECORD(Hive, CMHIVE, Hive))->FileObject != NULL))
//
// Delayed close kcb list
//
typedef struct _CM_DELAYED_CLOSE_ENTRY { LIST_ENTRY DelayedLRUList; // LRU list of entries in the Delayed Close Table
PCM_KEY_CONTROL_BLOCK KeyControlBlock; // KCB in this entry; NULL if the entry is available
} CM_DELAYED_CLOSE_ENTRY, *PCM_DELAYED_CLOSE_ENTRY;
//
// Hive locking support
//
//
#define CmLockHive(_hive_) ASSERT( (_hive_)->HiveLock );\
ExAcquireFastMutexUnsafe((_hive_)->HiveLock)#define CmUnlockHive(_hive_) ASSERT( (_hive_)->HiveLock );\
ExReleaseFastMutexUnsafe((_hive_)->HiveLock)
//
// View locking support
//
#define CmLockHiveViews(_hive_) ASSERT( (_hive_)->ViewLock );\
ExAcquireFastMutexUnsafe((_hive_)->ViewLock)#define CmUnlockHiveViews(_hive_) ASSERT( (_hive_)->ViewLock );\
ExReleaseFastMutexUnsafe((_hive_)->ViewLock)
//
// Macros
//
//
// ----- CM_KEY_NODE -----
//
#define CmpHKeyNameLen(Key) \
(((Key)->Flags & KEY_COMP_NAME) ? \ CmpCompressedNameSize((Key)->Name,(Key)->NameLength) : \ (Key)->NameLength)
#define CmpNcbNameLen(Ncb) \
(((Ncb)->Compressed) ? \ CmpCompressedNameSize((Ncb)->Name,(Ncb)->NameLength) : \ (Ncb)->NameLength)
#define CmpHKeyNodeSize(Hive, KeyName) \
(FIELD_OFFSET(CM_KEY_NODE, Name) + CmpNameSize(Hive, KeyName))
//
// ----- CM_KEY_VALUE -----
//
#define CmpValueNameLen(Value) \
(((Value)->Flags & VALUE_COMP_NAME) ? \ CmpCompressedNameSize((Value)->Name,(Value)->NameLength) : \ (Value)->NameLength)
#define CmpHKeyValueSize(Hive, ValueName) \
(FIELD_OFFSET(CM_KEY_VALUE, Name) + CmpNameSize(Hive, ValueName))
//
// ----- Procedure Prototypes -----
//
//
// Configuration Manager private procedure prototypes
//
#define REG_OPTION_PREDEF_HANDLE (0x01000000L)
#define REG_PREDEF_HANDLE_MASK (0x80000000L)
typedef struct _CM_PARSE_CONTEXT { ULONG TitleIndex; UNICODE_STRING Class; ULONG CreateOptions; ULONG Disposition; BOOLEAN CreateLink; CM_KEY_REFERENCE ChildHive; HANDLE PredefinedHandle;} CM_PARSE_CONTEXT, *PCM_PARSE_CONTEXT;
NTSTATUSCmpParseKey( IN PVOID ParseObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING CompleteName, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *Object );
NTSTATUSCmpDoCreate( IN PHHIVE Hive, IN HCELL_INDEX Cell, IN PACCESS_STATE AccessState, IN PUNICODE_STRING Name, IN KPROCESSOR_MODE AccessMode, IN PCM_PARSE_CONTEXT Context, IN PCM_KEY_CONTROL_BLOCK ParentKcb, OUT PVOID *Object );
NTSTATUSCmpDoCreateChild( IN PHHIVE Hive, IN HCELL_INDEX ParentCell, IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL, IN PACCESS_STATE AccessState, IN PUNICODE_STRING Name, IN KPROCESSOR_MODE AccessMode, IN PCM_PARSE_CONTEXT Context, IN PCM_KEY_CONTROL_BLOCK ParentKcb, IN USHORT Flags, OUT PHCELL_INDEX KeyCell, OUT PVOID *Object );
NTSTATUSCmpQueryKeyName( IN PVOID Object, IN BOOLEAN HasObjectName, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength );
VOIDCmpDeleteKeyObject( IN PVOID Object );
VOIDCmpCloseKeyObject( IN PEPROCESS Process OPTIONAL, IN PVOID Object, IN ACCESS_MASK GrantedAccess, IN ULONG ProcessHandleCount, IN ULONG SystemHandleCount );
NTSTATUSCmpSecurityMethod ( IN PVOID Object, IN SECURITY_OPERATION_CODE OperationCode, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG CapturedLength, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping );
#define KCB_WORKER_CONTINUE 0
#define KCB_WORKER_DONE 1
#define KCB_WORKER_DELETE 2
#define KCB_WORKER_ERROR 3
typedefULONG(*PKCB_WORKER_ROUTINE) ( PCM_KEY_CONTROL_BLOCK Current, PVOID Context1, PVOID Context2 );
BOOLEANCmpSearchKeyControlBlockTree( PKCB_WORKER_ROUTINE WorkerRoutine, PVOID Context1, PVOID Context2 );
//
// Wrappers
//
PVOIDCmpAllocate( ULONG Size, BOOLEAN UseForIo, ULONG Tag );
VOIDCmpFree( PVOID MemoryBlock, ULONG GlobalQuotaSize );
BOOLEANCmpFileSetSize( PHHIVE Hive, ULONG FileType, ULONG FileSize, ULONG OldFileSize );
NTSTATUSCmpDoFileSetSize( PHHIVE Hive, ULONG FileType, ULONG FileSize, ULONG OldFileSize );
BOOLEANCmpFileWrite( PHHIVE Hive, ULONG FileType, PCMP_OFFSET_ARRAY offsetArray, ULONG offsetArrayCount, PULONG FileOffset );
BOOLEANCmpFileWriteThroughCache( PHHIVE Hive, ULONG FileType, PCMP_OFFSET_ARRAY offsetArray, ULONG offsetArrayCount );
BOOLEANCmpFileRead ( PHHIVE Hive, ULONG FileType, PULONG FileOffset, PVOID DataBuffer, ULONG DataLength );
BOOLEANCmpFileFlush ( PHHIVE Hive, ULONG FileType, PLARGE_INTEGER FileOffset, ULONG Length );
NTSTATUSCmpCreateEvent( IN EVENT_TYPE eventType, OUT PHANDLE eventHandle, OUT PKEVENT *event );
//
// Configuration Manager CM level registry functions
//
NTSTATUSCmDeleteKey( IN PCM_KEY_BODY KeyBody );
NTSTATUSCmDeleteValueKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN UNICODE_STRING ValueName );
NTSTATUSCmEnumerateKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN ULONG Index, IN KEY_INFORMATION_CLASS KeyInformationClass, IN PVOID KeyInformation, IN ULONG Length, IN PULONG ResultLength );
NTSTATUSCmEnumerateValueKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN ULONG Index, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, IN PVOID KeyValueInformation, IN ULONG Length, IN PULONG ResultLength );
NTSTATUSCmFlushKey( IN PHHIVE Hive, IN HCELL_INDEX Cell );
NTSTATUSCmQueryKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN KEY_INFORMATION_CLASS KeyInformationClass, IN PVOID KeyInformation, IN ULONG Length, IN PULONG ResultLength );
NTSTATUSCmQueryValueKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN UNICODE_STRING ValueName, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, IN PVOID KeyValueInformation, IN ULONG Length, IN PULONG ResultLength );
NTSTATUSCmQueryMultipleValueKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN PKEY_VALUE_ENTRY ValueEntries, IN ULONG EntryCount, IN PVOID ValueBuffer, IN OUT PULONG BufferLength, IN OPTIONAL PULONG ResultLength );
NTSTATUSCmRenameValueKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN UNICODE_STRING SourceValueName, IN UNICODE_STRING TargetValueName, IN ULONG TargetIndex );
NTSTATUSCmReplaceKey( IN PHHIVE Hive, IN HCELL_INDEX Cell, IN PUNICODE_STRING NewHiveName, IN PUNICODE_STRING OldFileName );
NTSTATUSCmRestoreKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN HANDLE FileHandle, IN ULONG Flags );
NTSTATUSCmSaveKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN HANDLE FileHandle, IN ULONG HiveVersion );
NTSTATUSCmDumpKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN HANDLE FileHandle );
NTSTATUSCmSaveMergedKeys( IN PCM_KEY_CONTROL_BLOCK HighPrecedenceKcb, IN PCM_KEY_CONTROL_BLOCK LowPrecedenceKcb, IN HANDLE FileHandle );
NTSTATUSCmpShiftHiveFreeBins( PCMHIVE CmHive, PCMHIVE *NewHive );
NTSTATUSCmpOverwriteHive( PCMHIVE CmHive, PCMHIVE NewHive, HCELL_INDEX LinkCell );
VOIDCmpSwitchStorageAndRebuildMappings(PCMHIVE OldCmHive, PCMHIVE NewHive );
NTSTATUSCmSetValueKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN PUNICODE_STRING ValueName, IN ULONG Type, IN PVOID Data, IN ULONG DataSize );
NTSTATUSCmSetLastWriteTimeKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN PLARGE_INTEGER LastWriteTime );
NTSTATUSCmSetKeyUserFlags( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN ULONG UserFlags );
NTSTATUSCmpNotifyChangeKey( IN PCM_KEY_BODY KeyBody, IN PCM_POST_BLOCK PostBlock, IN ULONG CompletionFilter, IN BOOLEAN WatchTree, IN PVOID Buffer, IN ULONG BufferSize, IN PCM_POST_BLOCK MasterPostBlock );
NTSTATUSCmLoadKey( IN POBJECT_ATTRIBUTES TargetKey, IN POBJECT_ATTRIBUTES SourceFile, IN ULONG Flags );
NTSTATUSCmUnloadKey( IN PHHIVE Hive, IN HCELL_INDEX Cell, IN PCM_KEY_CONTROL_BLOCK Kcb );
NTSTATUSCmMoveKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock );
NTSTATUSCmCompressKey( IN PHHIVE Hive );
//
// Procedures private to CM
//
BOOLEANCmpMarkKeyDirty( PHHIVE Hive, HCELL_INDEX Cell#if DBG
, BOOLEAN CheckNoSubkeys#endif
);
BOOLEANCmpDoFlushAll( BOOLEAN ForceFlush );
VOIDCmpFixHiveUsageCount( IN PCMHIVE CmHive );
VOIDCmpLazyFlush( VOID );
VOIDCmpQuotaWarningWorker( IN PVOID WorkItem );
VOIDCmpComputeGlobalQuotaAllowed( VOID );
BOOLEANCmpClaimGlobalQuota( IN ULONG Size );
VOIDCmpReleaseGlobalQuota( IN ULONG Size );
VOIDCmpSetGlobalQuotaAllowed( VOID );
VOIDCmpSystemQuotaWarningWorker( IN PVOID WorkItem );
BOOLEANCmpCanGrowSystemHive( IN PHHIVE Hive, IN ULONG NewLength );
//
// security functions (cmse.c)
//
NTSTATUSCmpAssignSecurityDescriptor( IN PHHIVE Hive, IN HCELL_INDEX Cell, IN PCM_KEY_NODE Node, IN PSECURITY_DESCRIPTOR SecurityDescriptor );
BOOLEANCmpCheckCreateAccess( IN PUNICODE_STRING RelativeName, IN PSECURITY_DESCRIPTOR Descriptor, IN PACCESS_STATE AccessState, IN KPROCESSOR_MODE PreviousMode, IN ACCESS_MASK AdditionalAccess, OUT PNTSTATUS AccessStatus );
BOOLEANCmpCheckNotifyAccess( IN PCM_NOTIFY_BLOCK NotifyBlock, IN PHHIVE Hive, IN PCM_KEY_NODE Node );
PSECURITY_DESCRIPTORCmpHiveRootSecurityDescriptor( VOID );
VOIDCmpFreeSecurityDescriptor( IN PHHIVE Hive, IN HCELL_INDEX Cell );
//
// Access to the registry is serialized by a shared resource, CmpRegistryLock.
//
extern ERESOURCE CmpRegistryLock;
//
// Support for "StarveExclusive" mode suring a flush
//
extern ULONG CmpFlushStarveWriters;
#define ENTER_FLUSH_MODE() InterlockedIncrement (&CmpFlushStarveWriters);
#if DBG
#define EXIT_FLUSH_MODE() \
{ \ LONG LocalIncrement = (LONG)InterlockedDecrement (&CmpFlushStarveWriters); \ ASSERT( LocalIncrement >= 0 ); \}#else
#define EXIT_FLUSH_MODE() InterlockedDecrement (&CmpFlushStarveWriters)
#endif
#if 0
#define CmpLockRegistry() KeEnterCriticalRegion(); \
ExAcquireResourceShared(&CmpRegistryLock, TRUE)
#define CmpLockRegistryExclusive() KeEnterCriticalRegion(); \
ExAcquireResourceExclusive(&CmpRegistryLock,TRUE)
#else
VOIDCmpLockRegistryExclusive( VOID );VOIDCmpLockRegistry( VOID );#endif
VOIDCmpUnlockRegistry( );
#if DBG
BOOLEANCmpTestRegistryLock( VOID );BOOLEANCmpTestRegistryLockExclusive( VOID );#endif
NTSTATUSCmpQueryKeyData( PHHIVE Hive, PCM_KEY_NODE Node, KEY_INFORMATION_CLASS KeyInformationClass, PVOID KeyInformation, ULONG Length, PULONG ResultLength#if defined(CMP_STATS) || defined(CMP_KCB_CACHE_VALIDATION)
, PCM_KEY_CONTROL_BLOCK Kcb#endif
);
NTSTATUSCmpQueryKeyDataFromCache( PCM_KEY_CONTROL_BLOCK Kcb, KEY_INFORMATION_CLASS KeyInformationClass, PVOID KeyInformation, ULONG Length, PULONG ResultLength );
BOOLEANCmpFreeKeyBody( PHHIVE Hive, HCELL_INDEX Cell );
BOOLEANCmpFreeValue( PHHIVE Hive, HCELL_INDEX Cell );
HCELL_INDEXCmpFindValueByName( PHHIVE Hive, PCM_KEY_NODE KeyNode, PUNICODE_STRING Name );
NTSTATUSCmpDeleteChildByName( PHHIVE Hive, HCELL_INDEX Cell, UNICODE_STRING Name, PHCELL_INDEX ChildCell );
NTSTATUSCmpFreeKeyByCell( PHHIVE Hive, HCELL_INDEX Cell, BOOLEAN Unlink );
BOOLEANCmpFindNameInList( IN PHHIVE Hive, IN PCHILD_LIST ChildList, IN PUNICODE_STRING Name, IN OPTIONAL PULONG ChildIndex, OUT PHCELL_INDEX CellIndex );
HCELL_INDEXCmpCopyCell( PHHIVE SourceHive, HCELL_INDEX SourceCell, PHHIVE TargetHive, HSTORAGE_TYPE Type );
HCELL_INDEXCmpCopyValue( PHHIVE SourceHive, HCELL_INDEX SourceValueCell, PHHIVE TargetHive, HSTORAGE_TYPE Type );
HCELL_INDEXCmpCopyKeyPartial( PHHIVE SourceHive, HCELL_INDEX SourceKeyCell, PHHIVE TargetHive, HCELL_INDEX Parent, BOOLEAN CopyValues );
BOOLEANCmpCopySyncTree( PHHIVE SourceHive, HCELL_INDEX SourceCell, PHHIVE TargetHive, HCELL_INDEX TargetCell, BOOLEAN CopyVolatile, CMP_COPY_TYPE CopyType );
//
// BOOLEAN
// CmpCopyTree(
// PHHIVE SourceHive,
// HCELL_INDEX SourceCell,
// PHHIVE TargetHive,
// HCELL_INDEX TargetCell
// );
//
#define CmpCopyTree(s,c,t,l) CmpCopySyncTree(s,c,t,l,FALSE,Copy)
//
// BOOLEAN
// CmpCopyTreeEx(
// PHHIVE SourceHive,
// HCELL_INDEX SourceCell,
// PHHIVE TargetHive,
// HCELL_INDEX TargetCell,
// BOOLEAN CopyVolatile
// );
//
#define CmpCopyTreeEx(s,c,t,l,f) CmpCopySyncTree(s,c,t,l,f,Copy)
//
// BOOLEAN
// CmpSyncTrees(
// PHHIVE SourceHive,
// HCELL_INDEX SourceCell,
// PHHIVE TargetHive,
// HCELL_INDEX TargetCell,
// BOOLEAN CopyVolatile);
//
#define CmpSyncTrees(s,c,t,l,f) CmpCopySyncTree(s,c,t,l,f,Sync)
//
// BOOLEAN
// CmpMergeTrees(
// PHHIVE SourceHive,
// HCELL_INDEX SourceCell,
// PHHIVE TargetHive,
// HCELL_INDEX TargetCell);
//
#define CmpMergeTrees(s,c,t,l) CmpCopySyncTree(s,c,t,l,FALSE,Merge)
VOIDCmpDeleteTree( PHHIVE Hive, HCELL_INDEX Cell );
VOIDCmpSetVersionData( VOID );
NTSTATUSCmpInitializeHardwareConfiguration( IN PLOADER_PARAMETER_BLOCK LoaderBlock );
NTSTATUSCmpInitializeMachineDependentConfiguration( IN PLOADER_PARAMETER_BLOCK LoaderBlock );
NTSTATUSCmpInitializeRegistryNode( IN PCONFIGURATION_COMPONENT_DATA CurrentEntry, IN HANDLE ParentHandle, OUT PHANDLE NewHandle, IN INTERFACE_TYPE InterfaceType, IN ULONG BusNumber, IN PUSHORT DeviceIndexTable );
NTSTATUSCmpInitializeHive( PCMHIVE *CmHive, ULONG OperationType, ULONG HiveFlags, ULONG FileType, PVOID HiveData OPTIONAL, HANDLE Primary, HANDLE Log, HANDLE External, PUNICODE_STRING FileName OPTIONAL, ULONG CheckFlags );
BOOLEANCmpDestroyHive( IN PHHIVE Hive, IN HCELL_INDEX Cell );
VOIDCmpInitializeRegistryNames( VOID );
VOIDCmpInitializeCache( VOID );
PCM_KEY_CONTROL_BLOCKCmpCreateKeyControlBlock( PHHIVE Hive, HCELL_INDEX Cell, PCM_KEY_NODE Node, PCM_KEY_CONTROL_BLOCK ParentKcb, BOOLEAN FakeKey, PUNICODE_STRING KeyName );
VOID CmpCleanUpKCBCacheTable();
ULONGCmpSearchForOpenSubKeys( IN PCM_KEY_CONTROL_BLOCK SearchKey, IN SUBKEY_SEARCH_TYPE SearchType );
VOIDCmpDereferenceKeyControlBlock( PCM_KEY_CONTROL_BLOCK KeyControlBlock );
VOIDCmpRemoveKeyControlBlock( PCM_KEY_CONTROL_BLOCK KeyControlBlock );
VOIDCmpReportNotify( PCM_KEY_CONTROL_BLOCK KeyControlBlock, PHHIVE Hive, HCELL_INDEX Cell, ULONG NotifyMask );
VOIDCmpPostNotify( PCM_NOTIFY_BLOCK NotifyBlock, PUNICODE_STRING Name OPTIONAL, ULONG Filter, NTSTATUS Status, PLIST_ENTRY ExternalKeyDeref OPTIONAL#ifdef CM_NOTIFY_CHANGED_KCB_FULLPATH
, PUNICODE_STRING ChangedKcbName OPTIONAL#endif //CM_NOTIFY_CHANGED_KCB_FULLPATH
);
PCM_POST_BLOCKCmpAllocatePostBlock( IN POST_BLOCK_TYPE BlockType, IN ULONG PostFlags, IN PCM_KEY_BODY KeyBody, IN PCM_POST_BLOCK MasterBlock );
//
//PCM_POST_BLOCK
//CmpAllocateMasterPostBlock(
// IN POST_BLOCK_TYPE BlockType
// );
//
#define CmpAllocateMasterPostBlock(b) CmpAllocatePostBlock(b,REG_NOTIFY_MASTER_POST,NULL,NULL)
//
//PCM_POST_BLOCK
//CmpAllocateSlavePostBlock(
// IN POST_BLOCK_TYPE BlockType,
// IN PCM_KEY_BODY KeyBody,
// IN PCM_POST_BLOCK MasterBlock
// );
//
#define CmpAllocateSlavePostBlock(b,k,m) CmpAllocatePostBlock(b,0,k,m)
VOIDCmpFreePostBlock( IN PCM_POST_BLOCK PostBlock );
VOIDCmpPostApc( struct _KAPC *Apc, PKNORMAL_ROUTINE *NormalRoutine, PVOID *NormalContext, PVOID *SystemArgument1, PVOID *SystemArgument2 );
VOIDCmpFlushNotify( PCM_KEY_BODY KeyBody );
VOIDCmpPostApcRunDown( struct _KAPC *Apc );
NTSTATUSCmpOpenHiveFiles( PUNICODE_STRING BaseName, PWSTR Extension OPTIONAL, PHANDLE Primary, PHANDLE Secondary, PULONG PrimaryDisposition, PULONG SecondaryDispoition, BOOLEAN CreateAllowed, BOOLEAN MarkAsSystemHive, BOOLEAN NoBuffering, PULONG ClusterSize );
NTSTATUSCmpLinkHiveToMaster( PUNICODE_STRING LinkName, HANDLE RootDirectory, PCMHIVE CmHive, BOOLEAN Allocate, PSECURITY_DESCRIPTOR SecurityDescriptor );
NTSTATUSCmpSaveBootControlSet( IN USHORT ControlSetNum );
//
// checkout procedure
//
//
// Flags to be passed to CmCheckRegistry
//
#define CM_CHECK_REGISTRY_CHECK_CLEAN 0x00000001
#define CM_CHECK_REGISTRY_FORCE_CLEAN 0x00000002
#define CM_CHECK_REGISTRY_LOADER_CLEAN 0x00000004
#define CM_CHECK_REGISTRY_SYSTEM_CLEAN 0x00000008
#define CM_CHECK_REGISTRY_HIVE_CHECK 0x00010000
ULONGCmCheckRegistry( PCMHIVE CmHive, ULONG Flags );
BOOLEANCmpValidateHiveSecurityDescriptors( IN PHHIVE Hive, OUT PBOOLEAN ResetSD );
//
// cmboot - functions for determining driver load lists
//
#define CM_HARDWARE_PROFILE_STR_DATABASE L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\IDConfigDB"
#define CM_HARDWARE_PROFILE_STR_CCS_HWPROFILE L"\\Registry\\Machine\\System\\CurrentControlSet\\Hardware Profiles"
#define CM_HARDWARE_PROFILE_STR_CCS_CURRENT L"\\Registry\\Machine\\System\\CurrentControlSet\\Hardware Profiles\\Current"
//
// Alias table key names in IDConfigDB
//
#define CM_HARDWARE_PROFILE_STR_ALIAS L"Alias"
#define CM_HARDWARE_PROFILE_STR_ACPI_ALIAS L"AcpiAlias"
#define CM_HARDWARE_PROFILE_STR_HARDWARE_PROFILES L"Hardware Profiles"
//
// Entries in the alias tables (value names)
//
#define CM_HARDWARE_PROFILE_STR_DOCKING_STATE L"DockingState"
#define CM_HARDWARE_PROFILE_STR_CAPABILITIES L"Capabilities"
#define CM_HARDWARE_PROFILE_STR_DOCKID L"DockID"
#define CM_HARDWARE_PROFILE_STR_SERIAL_NUMBER L"SerialNumber"
#define CM_HARDWARE_PROFILE_STR_ACPI_SERIAL_NUMBER L"AcpiSerialNumber"
#define CM_HARDWARE_PROFILE_STR_PROFILE_NUMBER L"ProfileNumber"
#define CM_HARDWARE_PROFILE_STR_ALIASABLE L"Aliasable"
#define CM_HARDWARE_PROFILE_STR_CLONED L"Cloned"
//
// Entries in the profile tables.
//
#define CM_HARDWARE_PROFILE_STR_PRISTINE L"Pristine"
#define CM_HARDWARE_PROFILE_STR_PREFERENCE_ORDER L"PreferenceOrder"
#define CM_HARDWARE_PROFILE_STR_FRIENDLY_NAME L"FriendlyName"
#define CM_HARDWARE_PROFILE_STR_CURRENT_DOCK_INFO L"CurrentDockInfo"
#define CM_HARDWARE_PROFILE_STR_HW_PROFILE_GUID L"HwProfileGuid"
//
// Entries for the root Hardware Profiles key.
//
#define CM_HARDWARE_PROFILE_STR_DOCKED L"Docked"
#define CM_HARDWARE_PROFILE_STR_UNDOCKED L"Undocked"
#define CM_HARDWARE_PROFILE_STR_UNKNOWN L"Unknown"
//
// List structure used in config manager init
//
typedef struct _HIVE_LIST_ENTRY { PWSTR Name; PWSTR BaseName; // MACHINE or USER
PCMHIVE CmHive; ULONG Flags; PCMHIVE CmHive2; BOOLEAN ThreadFinished; BOOLEAN ThreadStarted; BOOLEAN Allocate;} HIVE_LIST_ENTRY, *PHIVE_LIST_ENTRY;
//
// structure definitions shared with the boot loader
// to select the hardware profile.
//
typedef struct _CM_HARDWARE_PROFILE { ULONG NameLength; PWSTR FriendlyName; ULONG PreferenceOrder; ULONG Id; ULONG Flags;} CM_HARDWARE_PROFILE, *PCM_HARDWARE_PROFILE;
#define CM_HP_FLAGS_ALIASABLE 1
#define CM_HP_FLAGS_TRUE_MATCH 2
#define CM_HP_FLAGS_PRISTINE 4
#define CM_HP_FLAGS_DUPLICATE 8
typedef struct _CM_HARDWARE_PROFILE_LIST { ULONG MaxProfileCount; ULONG CurrentProfileCount; CM_HARDWARE_PROFILE Profile[1];} CM_HARDWARE_PROFILE_LIST, *PCM_HARDWARE_PROFILE_LIST;
typedef struct _CM_HARDWARE_PROFILE_ALIAS { ULONG ProfileNumber; ULONG DockState; ULONG DockID; ULONG SerialNumber;} CM_HARDWARE_PROFILE_ALIAS, *PCM_HARDWARE_PROFILE_ALIAS;
typedef struct _CM_HARDWARE_PROFILE_ALIAS_LIST { ULONG MaxAliasCount; ULONG CurrentAliasCount; CM_HARDWARE_PROFILE_ALIAS Alias[1];} CM_HARDWARE_PROFILE_ALIAS_LIST, *PCM_HARDWARE_PROFILE_ALIAS_LIST;
typedef struct _CM_HARDWARE_PROFILE_ACPI_ALIAS { ULONG ProfileNumber; ULONG DockState; ULONG SerialLength; PCHAR SerialNumber;} CM_HARDWARE_PROFILE_ACPI_ALIAS, *PCM_HARDWARE_PROFILE_ACPI_ALIAS;
typedef struct _CM_HARDWARE_PROFILE_ACPI_ALIAS_LIST { ULONG MaxAliasCount; ULONG CurrentAliasCount; CM_HARDWARE_PROFILE_ACPI_ALIAS Alias[1];} CM_HARDWARE_PROFILE_ACPI_ALIAS_LIST, *PCM_HARDWARE_PROFILE_ACPI_ALIAS_LIST;
HCELL_INDEXCmpFindControlSet( IN PHHIVE SystemHive, IN HCELL_INDEX RootCell, IN PUNICODE_STRING SelectName, OUT PBOOLEAN AutoSelect );
BOOLEANCmpValidateSelect( IN PHHIVE SystemHive, IN HCELL_INDEX RootCell );
BOOLEANCmpFindDrivers( IN PHHIVE Hive, IN HCELL_INDEX ControlSet, IN SERVICE_LOAD_TYPE LoadType, IN PWSTR BootFileSystem OPTIONAL, IN PLIST_ENTRY DriverListHead );
BOOLEANCmpFindNLSData( IN PHHIVE Hive, IN HCELL_INDEX ControlSet, OUT PUNICODE_STRING AnsiFilename, OUT PUNICODE_STRING OemFilename, OUT PUNICODE_STRING CaseTableFilename, OUT PUNICODE_STRING OemHalFilename );
HCELL_INDEXCmpFindProfileOption( IN PHHIVE Hive, IN HCELL_INDEX ControlSet, OUT PCM_HARDWARE_PROFILE_LIST *ProfileList, OUT PCM_HARDWARE_PROFILE_ALIAS_LIST *AliasList, OUT PULONG Timeout );
VOIDCmpSetCurrentProfile( IN PHHIVE Hive, IN HCELL_INDEX ControlSet, IN PCM_HARDWARE_PROFILE Profile );
BOOLEANCmpResolveDriverDependencies( IN PLIST_ENTRY DriverListHead );
BOOLEANCmpSortDriverList( IN PHHIVE Hive, IN HCELL_INDEX ControlSet, IN PLIST_ENTRY DriverListHead );
HCELL_INDEXCmpFindSubKeyByName( PHHIVE Hive, PCM_KEY_NODE Parent, PUNICODE_STRING SearchName );
HCELL_INDEXCmpFindSubKeyByNumber( PHHIVE Hive, PCM_KEY_NODE Parent, ULONG Number );
BOOLEANCmpAddSubKey( PHHIVE Hive, HCELL_INDEX Parent, HCELL_INDEX Child );
BOOLEANCmpMarkIndexDirty( PHHIVE Hive, HCELL_INDEX ParentKey, HCELL_INDEX TargetKey );
BOOLEANCmpRemoveSubKey( PHHIVE Hive, HCELL_INDEX ParentKey, HCELL_INDEX TargetKey );
BOOLEANCmpGetNextName( IN OUT PUNICODE_STRING RemainingName, OUT PUNICODE_STRING NextName, OUT PBOOLEAN Last );
NTSTATUSCmpAddToHiveFileList( PCMHIVE CmHive );
VOIDCmpRemoveFromHiveFileList( );
NTSTATUSCmpInitHiveFromFile( IN PUNICODE_STRING FileName, IN ULONG HiveFlags, OUT PCMHIVE *CmHive, IN OUT PBOOLEAN Allocate, IN OUT PBOOLEAN RegistryLocked, IN ULONG CheckFlags );
NTSTATUSCmpCloneHwProfile ( IN HANDLE IDConfigDB, IN HANDLE Parent, IN HANDLE OldProfile, IN ULONG OldProfileNumber, IN USHORT DockingState, OUT PHANDLE NewProfile, OUT PULONG NewProfileNumber );
NTSTATUSCmpCreateHwProfileFriendlyName ( IN HANDLE IDConfigDB, IN ULONG DockingState, IN ULONG NewProfileNumber, OUT PUNICODE_STRING FriendlyName );
typedefNTSTATUS(*PCM_ACPI_SELECTION_ROUTINE) ( IN PCM_HARDWARE_PROFILE_LIST ProfileList, OUT PULONG ProfileIndexToUse, // Set to -1 for none.
IN PVOID Context );
NTSTATUSCmSetAcpiHwProfile ( IN PPROFILE_ACPI_DOCKING_STATE DockState, IN PCM_ACPI_SELECTION_ROUTINE, IN PVOID Context, OUT PHANDLE NewProfile, OUT PBOOLEAN ProfileChanged );
NTSTATUSCmpAddAcpiAliasEntry ( IN HANDLE IDConfigDB, IN PPROFILE_ACPI_DOCKING_STATE NewDockState, IN ULONG ProfileNumber, IN PWCHAR nameBuffer, IN PVOID valueBuffer, IN ULONG valueBufferLength, IN BOOLEAN PreventDuplication );
//
// Routines for handling registry compressed names
//
USHORTCmpNameSize( IN PHHIVE Hive, IN PUNICODE_STRING Name );
USHORTCmpCopyName( IN PHHIVE Hive, IN PWCHAR Destination, IN PUNICODE_STRING Source );
VOIDCmpCopyCompressedName( IN PWCHAR Destination, IN ULONG DestinationLength, IN PWCHAR Source, IN ULONG SourceLength );
USHORTCmpCompressedNameSize( IN PWCHAR Name, IN ULONG Length );
//
// ----- CACHED_DATA -----
//
// When values are not cached, List in ValueCache is the Hive cell index to the value list.
// When they are cached, List will be pointer to the allocation. We distinguish them by
// marking the lowest bit in the variable to indicate it is a cached allocation.
//
// Note that the cell index for value list
// is stored in the cached allocation. It is not used now but may be in further performance
// optimization.
//
// When value key and vaule data are cached, there is only one allocation for both.
// Value data is appended that the end of value key. DataCacheType indicates
// whether data is cached and ValueKeySize tells how big is the value key (so
// we can calculate the address of cached value data)
//
//
PCM_NAME_CONTROL_BLOCKCmpGetNameControlBlock( PUNICODE_STRING NodeName );
VOIDCmpDereferenceKeyControlBlockWithLock( PCM_KEY_CONTROL_BLOCK KeyControlBlock );
VOIDCmpCleanUpSubKeyInfo( PCM_KEY_CONTROL_BLOCK KeyControlBlock );
VOIDCmpCleanUpKcbValueCache( PCM_KEY_CONTROL_BLOCK KeyControlBlock );
VOIDCmpRebuildKcbCache( PCM_KEY_CONTROL_BLOCK KeyControlBlock );
/*
VOIDCmpSetUpKcbValueCache( PCM_KEY_CONTROL_BLOCK KeyControlBlock, ULONG Count, ULONG_PTR ValueList )*/#define CmpSetUpKcbValueCache(KeyControlBlock,_Count,_List) \
ASSERT( !(CMP_IS_CELL_CACHED(KeyControlBlock->ValueCache.ValueList)) ); \ ASSERT( !(KeyControlBlock->ExtFlags & CM_KCB_SYM_LINK_FOUND) ); \ KeyControlBlock->ValueCache.Count = (ULONG)(_Count); \ KeyControlBlock->ValueCache.ValueList = (ULONG_PTR)(_List)
VOIDCmpCleanUpKcbCacheWithLock( PCM_KEY_CONTROL_BLOCK KeyControlBlock );
VOIDCmpRemoveFromDelayedClose( IN PCM_KEY_CONTROL_BLOCK kcb );
PUNICODE_STRINGCmpConstructName( PCM_KEY_CONTROL_BLOCK kcb);
PCELL_DATACmpGetValueListFromCache( IN PHHIVE Hive, IN PCACHED_CHILD_LIST ChildList, IN OUT BOOLEAN *IndexCached);
PCM_KEY_VALUECmpGetValueKeyFromCache( IN PHHIVE Hive, IN PCELL_DATA List, IN ULONG Index, OUT PPCM_CACHED_VALUE *ContainingList, IN BOOLEAN IndexCached, OUT BOOLEAN *ValueCached, OUT PHCELL_INDEX CellToRelease);
PCM_KEY_VALUECmpFindValueByNameFromCache( IN PHHIVE Hive, IN PCACHED_CHILD_LIST ChildList, IN PUNICODE_STRING Name, OUT PPCM_CACHED_VALUE *ContainingList, OUT ULONG *Index, OUT BOOLEAN *ValueCached, OUT PHCELL_INDEX CellToRelease );
NTSTATUSCmpQueryKeyValueData( PHHIVE Hive, PCM_CACHED_VALUE *ContainingList, PCM_KEY_VALUE ValueKey, BOOLEAN ValueCached, KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, PVOID KeyValueInformation, ULONG Length, PULONG ResultLength );
BOOLEANCmpReferenceKeyControlBlock( PCM_KEY_CONTROL_BLOCK KeyControlBlock );
VOIDCmpInitializeKeyNameString(PCM_KEY_NODE Cell, PUNICODE_STRING KeyName, WCHAR *NameBuffer );
VOIDCmpInitializeValueNameString(PCM_KEY_VALUE Cell, PUNICODE_STRING ValueName, WCHAR *NameBuffer );
VOIDCmpFlushNotifiesOnKeyBodyList( IN PCM_KEY_CONTROL_BLOCK kcb );
#ifdef CM_NOTIFY_CHANGED_KCB_FULLPATH
VOIDCmpFillCallerBuffer( PCM_POST_BLOCK PostBlock, PUNICODE_STRING ChangedKcbName );#endif //CM_NOTIFY_CHANGED_KCB_FULLPATH
extern ULONG CmpHashTableSize;extern PCM_KEY_HASH *CmpCacheTable;
#ifdef _WANT_MACHINE_IDENTIFICATION
BOOLEANCmpGetBiosDateFromRegistry( IN PHHIVE Hive, IN HCELL_INDEX ControlSet, OUT PUNICODE_STRING Date );
BOOLEANCmpGetBiosinfoFileNameFromRegistry( IN PHHIVE Hive, IN HCELL_INDEX ControlSet, OUT PUNICODE_STRING InfName );
#endif
// Utility macro to set the fields of an IO_STATUS_BLOCK. On sundown, 32bit processes
// will pass in a 32bit Iosb, and 64bit processes will pass in a 64bit Iosb.
#if defined(_WIN64)
#define CmpSetIoStatus(Iosb, s, i, UseIosb32) \
if ((UseIosb32)) { \ ((PIO_STATUS_BLOCK32)(Iosb))->Status = (NTSTATUS)(s); \ ((PIO_STATUS_BLOCK32)(Iosb))->Information = (ULONG)(i); \} \else { \ (Iosb)->Status = (s); \ (Iosb)->Information = (i); \} \
#else
#define CmpSetIoStatus(Iosb, s, i, UseIosb32) \
(Iosb)->Status = (s); \(Iosb)->Information = (i); \
#endif
// Dragos: new functions (prototyping)
NTSTATUSCmpAquireFileObjectForFile( IN PCMHIVE CmHive, IN HANDLE FileHandle, OUT PFILE_OBJECT *FileObject );
VOIDCmpDropFileObjectForHive( IN PCMHIVE CmHive );
VOIDCmpTouchView( IN PCMHIVE CmHive, IN PCM_VIEW_OF_FILE CmView, IN ULONG Cell );
NTSTATUSCmpMapCmView( IN PCMHIVE CmHive, IN ULONG FileOffset, OUT PCM_VIEW_OF_FILE *CmView, IN BOOLEAN MapInited );
VOIDCmpInitHiveViewList ( IN PCMHIVE CmHive );
VOIDCmpDestroyHiveViewList ( IN PCMHIVE CmHive );
NTSTATUSCmpPinCmView ( IN PCMHIVE CmHive, PCM_VIEW_OF_FILE CmView );VOIDCmpUnPinCmView ( IN PCMHIVE CmHive, IN PCM_VIEW_OF_FILE CmView, IN BOOLEAN SetClean, IN BOOLEAN MapIsValid );
NTSTATUSCmpMapThisBin( PCMHIVE CmHive, HCELL_INDEX Cell, BOOLEAN Touch );#if 0
VOIDCmpUnmapAditionalViews( IN PCMHIVE CmHive );
VOIDCmpUnmapFakeViews( IN PCMHIVE CmHive );
VOIDCmpMapEntireFileInFakeViews( IN PCMHIVE CmHive, IN ULONG Length );
#endif
VOIDCmpInitializeDelayedCloseTable();
VOIDCmpAddToDelayedClose( IN PCM_KEY_CONTROL_BLOCK kcb );
NTSTATUSCmpAddValueToList( IN PHHIVE Hive, IN HCELL_INDEX ValueCell, IN ULONG Index, IN ULONG Type, IN OUT PCHILD_LIST ChildList );
NTSTATUSCmpRemoveValueFromList( IN PHHIVE Hive, IN ULONG Index, IN OUT PCHILD_LIST ChildList );
BOOLEANCmpGetValueData(IN PHHIVE Hive, IN PCM_KEY_VALUE Value, OUT PULONG realsize, IN OUT PVOID *Buffer, OUT PBOOLEAN Allocated, OUT PHCELL_INDEX CellToRelease );
PCELL_DATACmpValueToData(IN PHHIVE Hive, IN PCM_KEY_VALUE Value, OUT PULONG realsize );
BOOLEANCmpMarkValueDataDirty( IN PHHIVE Hive, IN PCM_KEY_VALUE Value );
NTSTATUSCmpSetValueDataNew( IN PHHIVE Hive, IN PVOID Data, IN ULONG DataSize, IN ULONG StorageType, IN HCELL_INDEX ValueCell, OUT PHCELL_INDEX DataCell );
NTSTATUSCmpSetValueDataExisting( IN PHHIVE Hive, IN PVOID Data, IN ULONG DataSize, IN ULONG StorageType, IN HCELL_INDEX OldDataCell );
BOOLEANCmpFreeValueData( PHHIVE Hive, HCELL_INDEX DataCell, ULONG DataLength );
NTSTATUSCmpAddSecurityCellToCache ( IN OUT PCMHIVE CmHive, IN HCELL_INDEX SecurityCell, IN BOOLEAN BuildUp );
BOOLEANCmpFindSecurityCellCacheIndex ( IN PCMHIVE CmHive, IN HCELL_INDEX SecurityCell, OUT PULONG Index );
BOOLEANCmpAdjustSecurityCacheSize ( IN PCMHIVE CmHive );
VOIDCmpRemoveFromSecurityCache ( IN OUT PCMHIVE CmHive, IN HCELL_INDEX SecurityCell );
VOIDCmpDestroySecurityCache ( IN OUT PCMHIVE CmHive );
VOIDCmpInitSecurityCache( IN OUT PCMHIVE CmHive );
BOOLEANCmpRebuildSecurityCache( IN OUT PCMHIVE CmHive );
ULONGCmpSecConvKey( IN ULONG DescriptorLength, IN PULONG Descriptor );
VOIDCmpAssignSecurityToKcb( IN PCM_KEY_CONTROL_BLOCK Kcb, IN HCELL_INDEX SecurityCell );
BOOLEANCmpBuildSecurityCellMappingArray( IN PCMHIVE CmHive );
//
// new function replacing CmpWorker
//
VOIDCmpCmdHiveClose( PCMHIVE CmHive );
VOIDCmpCmdInit( BOOLEAN SetupBoot );
NTSTATUSCmpCmdRenameHive( PCMHIVE CmHive, POBJECT_NAME_INFORMATION OldName, PUNICODE_STRING NewName, ULONG NameInfoLength );
NTSTATUSCmpCmdHiveOpen( POBJECT_ATTRIBUTES FileAttributes, PSECURITY_CLIENT_CONTEXT ImpersonationContext, PBOOLEAN Allocate, PBOOLEAN RegistryLockAquired, PCMHIVE *NewHive, ULONG CheckFlags );
#ifdef NT_RENAME_KEY
HCELL_INDEXCmpDuplicateIndex( PHHIVE Hive, HCELL_INDEX IndexCell, ULONG StorageType );
NTSTATUSCmRenameKey( IN PCM_KEY_CONTROL_BLOCK KeyControlBlock, IN UNICODE_STRING NewKeyName );
BOOLEANCmpUpdateParentForEachSon( PHHIVE Hive, HCELL_INDEX Parent );#endif //NT_RENAME_KEY
#ifdef NT_UNLOAD_KEY_EX
NTSTATUSCmUnloadKeyEx( IN PCM_KEY_CONTROL_BLOCK Kcb, IN PKEVENT UserEvent );#endif //NT_UNLOAD_KEY_EX
VOIDCmpShutdownWorkers( VOID );
VOIDCmpPrefetchHiveFile( IN PFILE_OBJECT FileObject, IN ULONG Length );
#ifdef CM_CHECK_FOR_ORPHANED_KCBS
VOIDCmpCheckForOrphanedKcbs( PHHIVE Hive );#else
#define CmpCheckForOrphanedKcbs(Hive) //nothing
#endif //CM_CHECK_FOR_ORPHANED_KCBS
#define CM_HIVE_COMPRESS_LEVEL (25)
#define CMP_MAX_REGISTRY_DEPTH 512 // levels
typedef struct { HCELL_INDEX Cell; HCELL_INDEX ParentCell; ULONG ChildIndex; BOOLEAN CellChecked;} CMP_CHECK_REGISTRY_STACK_ENTRY, *PCMP_CHECK_REGISTRY_STACK_ENTRY;
#define CmIsKcbReadOnly(kcb) ((kcb)->ExtFlags & CM_KCB_READ_ONLY_KEY)
NTSTATUSCmLockKcbForWrite(PCM_KEY_CONTROL_BLOCK KeyControlBlock);
//
// Wrapper to RtlCompareUnicodeString; uses CompareFlags to avoid upcasing names
//
#define CMP_SOURCE_UP 0x00000001
#define CMP_DEST_UP 0x00000002
LONGCmpCompareUnicodeString( IN PUNICODE_STRING SourceName, IN PUNICODE_STRING DestName, IN ULONG CompareFlags );
LONGCmpCompareCompressedName( IN PUNICODE_STRING SearchName, IN PWCHAR CompressedName, IN ULONG NameLength, IN ULONG CompareFlags );
#define INIT_SYSTEMROOT_HIVEPATH L"\\SystemRoot\\System32\\Config\\"
ULONGCmpComputeHashKey( PUNICODE_STRING Name );
ULONGCmpComputeHashKeyForCompressedName( IN PWCHAR Source, IN ULONG SourceLength );//
// KCB allocator routines
//
VOID CmpInitCmPrivateAlloc();VOID CmpDestroyCmPrivateAlloc();PCM_KEY_CONTROL_BLOCK CmpAllocateKeyControlBlock( );VOID CmpFreeKeyControlBlock( PCM_KEY_CONTROL_BLOCK kcb );
//
// make handles protected, so we control handle closure
//
#define CmpSetHandleProtection(Handle,Protection) \
{ \ OBJECT_HANDLE_FLAG_INFORMATION Ohfi = { FALSE, \ FALSE \ }; \ Ohfi.ProtectFromClose = Protection; \ ZwSetInformationObject( Handle, \ ObjectHandleFlagInformation, \ &Ohfi, \ sizeof (OBJECT_HANDLE_FLAG_INFORMATION)); \}
#define CmCloseHandle(Handle) \
CmpSetHandleProtection(Handle,FALSE); \ ZwClose(Handle)
VOIDCmpUpdateSystemHiveHysteresis( PHHIVE Hive, ULONG NewLength, ULONG OldLength );
NTSTATUSCmpCallCallBacks ( IN REG_NOTIFY_CLASS Type, IN PVOID Argument );
extern ULONG CmpCallBackCount;
#define CmAreCallbacksRegistered() (CmpCallBackCount != 0)
//
// Self healing hives control switch
//
extern BOOLEAN CmpSelfHeal;extern ULONG CmpBootType;
#define CmDoSelfHeal() (CmpSelfHeal || (CmpBootType & (HBOOT_BACKUP|HBOOT_SELFHEAL)))
#ifndef _CM_LDR_
#if DBG
#define CmMarkSelfHeal(Hive) ( (Hive)->BaseBlock->BootType |= HBOOT_SELFHEAL ); \
DbgBreakPoint() #else
#define CmMarkSelfHeal(Hive) ( (Hive)->BaseBlock->BootType |= HBOOT_SELFHEAL )
#endif
#else
#define CmMarkSelfHeal(Hive) ( (Hive)->BaseBlock->BootType |= HBOOT_SELFHEAL )
#endif
BOOLEANCmpRemoveSubKeyCellNoCellRef( PHHIVE Hive, HCELL_INDEX Parent, HCELL_INDEX Child );
VOID CmpRaiseSelfHealWarning( IN PUNICODE_STRING HiveName );
VOID CmpRaiseSelfHealWarningForSystemHives();
//
// Mini NT boot indicator
//
extern BOOLEAN CmpMiniNTBoot;extern BOOLEAN CmpShareSystemHives;
#endif //_CMP_
|
