archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/sdktools/buggy/control/tcontrol.cxx

1105 lines
22 KiB
Raw Normal View History

Add source files
4 years ago
  2. //
  3. // Template driver user-mode controller
  4. // Copyright (c) Microsoft Corporation, 1999.
  5. //
  6. // Module: tcontrol.cxx
  7. // Author: Silviu Calinoiu (SilviuC)
  8. // Created: 4/20/1999 3:40pm
  9. //
  10. // This module contains a user-mode controller for a template
  11. // driver.
  12. //
  13. // --- History ---
  14. //
  15. // 4/20/1999 (SilviuC): initial version.
  16. //
  18. #include <stdlib.h>
  19. #include <stdio.h>
  20. #include <tchar.h>
  21. #include <windows.h>
  22. #include <winioctl.h>
  23. #include <time.h>
  25. #define NO_BUGGY_FUNCTIONS
  26. #define FUNS_DEFINITION_MODULE
  27. #include "..\driver\tdriver.h"
  28. #include "..\driver\funs.h"
  31. //
  32. // Get rid of performance warnings for BOOL to bool conversions
  33. //
  35. #pragma warning (disable: 4800)
  38. bool TdCreateService (LPCTSTR DriverName);
  39. bool TdDeleteService (LPCTSTR DriverName);
  40. bool TdStartService (LPCTSTR DriverName);
  41. bool TdStopService (LPCTSTR DriverName);
  42. bool TdOpenDevice (LPCTSTR DriverName, PHANDLE DeviceHandle);
  43. bool TdCloseDevice (HANDLE Device);
  44. bool TdSendIoctl (IN HANDLE Device, IN DWORD Ioctl, IN PVOID pData OPTIONAL, IN ULONG uDataSize OPTIONAL);
  46. void TdSectMapProcessAddressSpaceTest();
  47. void TdSectMapSystemAddressSpaceTest();
  49. VOID
  50. TdReservedMapSetSize( int argc, char *argv[] );
  52. VOID
  53. TdReservedMapRead( VOID );
  55. BOOL
  56. ProcessCommandLine (
  57. LPCTSTR Option
  58. );
  60. ULONG_PTR
  61. UtilHexStringToUlongPtr( char *szHexNumber );
  63. ///////////////////////////////////////////////////////////////////////////////
  64. //////////////////////////////////////////////////////////////////////// Main()
  65. ///////////////////////////////////////////////////////////////////////////////
  67. void _cdecl
  68. main (int argc, char *argv[])
  69. {
  70. BOOL DisplayHelp;
  71. HANDLE Device;
  72. DWORD Index;
  73. char *pCrtChar;
  75. DisplayHelp = FALSE;
  77. try {
  79. if (argc == 3 && _stricmp (argv[1], "/create") == 0) {
  80. TdCreateService (argv[2]);
  81. }
  82. else if (argc == 3 && _stricmp (argv[1], "/delete") == 0) {
  83. TdDeleteService (argv[2]);
  84. }
  85. else if (argc == 3 && _stricmp (argv[1], "/start") == 0) {
  86. TdStartService (argv[2]);
  87. }
  88. else if (argc == 3 && _stricmp (argv[1], "/stop") == 0) {
  89. TdStopService (argv[2]);
  90. }
  91. else if (argc == 2 && _stricmp (argv[1], "/sectionmaptest") == 0) {
  93. TdSectMapProcessAddressSpaceTest();
  94. }
  95. else if (argc == 2 && _stricmp (argv[1], "/sectionmaptestsysspace") == 0) {
  97. TdSectMapSystemAddressSpaceTest();
  98. }
  99. else if ( _stricmp (argv[1], "/ReservedMapSetSize") == 0) {
  101. TdReservedMapSetSize( argc, argv );
  102. }
  103. else if ( _stricmp (argv[1], "/ReservedMapRead") == 0) {
  105. TdReservedMapRead();
  106. }
  107. else if (argc >= 2 && _stricmp (argv[1], "/ioctlbugcheck") == 0) {
  109. //
  110. // Send the bugcheck parameters from the command line
  111. //
  113. BUGCHECK_PARAMS BugcheckParams;
  115. ZeroMemory( &BugcheckParams, sizeof( BugcheckParams ) );
  117. //
  118. // Bugcheck code
  119. //
  121. if( argc >= 3 )
  122. {
  123. BugcheckParams.BugCheckCode = (ULONG)UtilHexStringToUlongPtr( argv[ 2 ] );
  124. }
  126. //
  127. // Bugcheck paramaters
  128. //
  130. for( int nCrtCommandLineArg = 3; nCrtCommandLineArg < argc; nCrtCommandLineArg++ )
  131. {
  132. BugcheckParams.BugCheckParameters[ nCrtCommandLineArg - 3 ] =
  133. UtilHexStringToUlongPtr( argv[ nCrtCommandLineArg ] );
  134. }
  136. //
  137. // Send the IOCTL to the driver
  138. //
  140. HANDLE Device;
  142. if ( TdOpenDevice ("buggy", &Device) ) {
  144. TdSendIoctl (
  145. Device,
  146. IOCTL_TD_BUGCHECK,
  147. &BugcheckParams,
  148. sizeof( BugcheckParams ) );
  150. TdCloseDevice (Device);
  151. }
  152. }
  153. else {
  154. if (ProcessCommandLine (argv[1]) == FALSE) {
  155. DisplayHelp = TRUE;
  156. }
  157. }
  158. }
  159. catch (char * Message) {
  161. printf ("Error: s", GetLastError(), Message);
  162. }
  164. if ( DisplayHelp == TRUE ) {
  166. printf ("ctlbuggy /create DRIVER \n");
  167. printf ("ctlbuggy /delete DRIVER \n");
  168. printf ("ctlbuggy /start DRIVER \n");
  169. printf ("ctlbuggy /stop DRIVER \n");
  170. printf (" \n");
  171. printf ("ctlbuggy /sectionmaptest \n");
  172. printf ("ctlbuggy /sectionmaptestsysspace \n");
  173. printf (" \n");
  174. printf ("ctlbuggy IOCTL-NAME \n");
  175. printf ("\n\n");
  177. for (Index = 0; BuggyFuns[Index].Ioctl != 0; Index++) {
  178. printf("ctlbuggy %s \n", BuggyFuns[Index].Command);
  179. }
  181. printf ("\n");
  182. exit (1);
  183. }
  185. exit( 0 );
  186. }
  188. BOOL
  189. ProcessCommandLine (
  190. LPCTSTR Option
  191. )
  192. /*++
  194. Routine Description:
  196. This routine tries to figure out if the command line option
  197. is specifies one of the ioctls that can be processed.
  199. Arguments:
  201. `Option' - command line option.
  203. Return Value:
  205. TRUE if an option has been found and processed.
  206. FALSE otherwise.
  208. Environment:
  210. Nothing special.
  212. --*/
  214. {
  215. DWORD Index;
  216. HANDLE Device;
  217. BOOL Result = FALSE;
  219. for (Index = 0; BuggyFuns[Index].Ioctl != 0; Index++) {
  220. if (_stricmp (BuggyFuns[Index].Command, Option) == 0) {
  221. if ( TdOpenDevice ("buggy", &Device) ) {
  222. TdSendIoctl (Device, BuggyFuns[Index].Ioctl, NULL, 0);
  223. TdCloseDevice (Device);
  224. Result = TRUE;
  225. break;
  226. }
  227. }
  228. }
  230. return Result;
  231. }
  233. ///////////////////////////////////////////////////////////////////////////////
  234. //////////////////////////////////////////////////////////// Driver load/unload
  235. ///////////////////////////////////////////////////////////////////////////////
  237. bool
  238. TdCreateService (
  240. LPCTSTR DriverName)
  241. {
  242. SC_HANDLE ServiceManager = NULL;
  243. SC_HANDLE ServiceHandle = NULL;
  244. BOOL ReturnValue;
  245. HANDLE Driver;
  246. TCHAR ScratchBuffer [MAX_PATH];
  247. TCHAR DriverPath [MAX_PATH];
  248. TCHAR DevicePath [MAX_PATH];
  250. try {
  252. GetSystemDirectory (ScratchBuffer, sizeof ScratchBuffer);
  253. _stprintf (DriverPath, "%s\\drivers\\%s.sys", ScratchBuffer, DriverName);
  254. _stprintf (DevicePath, "\\\\.\\%s", DriverName);
  256. //
  257. // Open the service control manager
  258. //
  260. ServiceManager = OpenSCManager (
  262. NULL,
  263. NULL,
  264. SC_MANAGER_ALL_ACCESS);
  266. if (ServiceManager == NULL) {
  267. throw "OpenScManager()";
  268. }
  270. //
  271. // Create the service
  272. //
  274. printf("Driver path: %s \n", DriverPath);
  275. printf("Device path: %s \n", DevicePath);
  277. ServiceHandle = CreateService (
  279. ServiceManager, // handle to SC manager
  280. DriverName, // name of service
  281. DriverName, // display name
  282. SERVICE_ALL_ACCESS, // access mask
  283. SERVICE_KERNEL_DRIVER, // service type
  284. SERVICE_DEMAND_START, // start type
  285. SERVICE_ERROR_NORMAL, // error control
  286. DriverPath, // full path to driver
  287. NULL, // load ordering
  288. NULL, // tag id
  289. NULL, // dependency
  290. NULL, // account name
  291. NULL); // password
  293. if (ServiceHandle == NULL && GetLastError() != ERROR_SERVICE_EXISTS) {
  294. throw "CreateService()";
  295. }
  297. ReturnValue = TRUE;
  298. }
  299. catch (char * Msg) {
  301. printf("Error: %u: %s\n", GetLastError(), Msg);
  302. fflush (stdout);
  303. ReturnValue = FALSE;
  304. }
  306. //
  307. // Close handles and return.
  308. //
  310. if (ServiceHandle) {
  311. CloseServiceHandle (ServiceHandle);
  312. }
  314. if (ServiceManager) {
  315. CloseServiceHandle (ServiceManager);
  316. }
  318. return ReturnValue;
  321. }
  323. bool
  324. TdStartService (
  326. LPCTSTR DriverName)
  327. {
  328. SC_HANDLE ServiceManager = NULL;
  329. SC_HANDLE ServiceHandle = NULL;
  330. BOOL ReturnValue;
  331. HANDLE Driver;
  332. TCHAR ScratchBuffer [MAX_PATH];
  333. TCHAR DriverPath [MAX_PATH];
  334. TCHAR DevicePath [MAX_PATH];
  337. try {
  339. GetSystemDirectory (ScratchBuffer, sizeof ScratchBuffer);
  340. _stprintf (DriverPath, "%s\\drivers\\%s.sys", ScratchBuffer, DriverName);
  341. _stprintf (DevicePath, "\\\\.\\%s", DriverName);
  343. //
  344. // Open the service control manager
  345. //
  347. ServiceManager = OpenSCManager (
  349. NULL,
  350. NULL,
  351. SC_MANAGER_ALL_ACCESS);
  353. if (ServiceManager == NULL) {
  354. throw "OpenScManager()";
  355. }
  357. //
  358. // Open the service. The function assumes that
  359. // TdCreateService has been called before this one
  360. // and the service is already installed.
  361. //
  363. ServiceHandle = OpenService (
  365. ServiceManager,
  366. DriverName,
  367. SERVICE_ALL_ACCESS);
  369. if (ServiceHandle == NULL) {
  370. throw "OpenService()";
  371. }
  373. //
  374. // Start the service
  375. //
  377. if (! StartService (ServiceHandle, 0, NULL)) {
  378. if (GetLastError() != ERROR_SERVICE_ALREADY_RUNNING) {
  379. throw "StartService()";
  380. }
  381. }
  383. ReturnValue = TRUE;
  384. }
  385. catch (char * Msg) {
  387. printf("Error: %u: %s\n", GetLastError(), Msg);
  388. fflush (stdout);
  389. ReturnValue = FALSE;
  390. }
  392. //
  393. // Close handles and return.
  394. //
  396. if (ServiceHandle) {
  397. CloseServiceHandle (ServiceHandle);
  398. }
  400. if (ServiceManager) {
  401. CloseServiceHandle (ServiceManager);
  402. }
  404. return ReturnValue;
  405. }
  407. bool
  408. TdStopService (
  410. LPCTSTR DriverName)
  411. {
  412. SC_HANDLE ServiceManager = NULL;
  413. SC_HANDLE ServiceHandle = NULL;
  414. SERVICE_STATUS ServiceStatus;
  415. BOOL ReturnValue;
  417. try {
  419. //
  420. // Open the service control manager
  421. //
  423. ServiceManager = OpenSCManager (
  425. NULL,
  426. NULL,
  427. SC_MANAGER_ALL_ACCESS);
  429. if (ServiceManager == NULL) {
  430. throw "OpenSCManager()";
  431. }
  433. //
  434. // Open the service so we can stop it
  435. //
  437. ServiceHandle = OpenService (
  439. ServiceManager,
  440. DriverName,
  441. SERVICE_ALL_ACCESS);
  443. if (ServiceHandle == NULL) {
  444. throw "OpenService()";
  445. }
  447. //
  448. // Stop the service
  449. //
  451. if (! ControlService (ServiceHandle, SERVICE_CONTROL_STOP, &ServiceStatus)) {
  452. throw "ControlService()";
  453. }
  455. ReturnValue = TRUE;
  456. }
  457. catch (char * Msg) {
  459. printf("Error: %u: %s\n", GetLastError(), Msg);
  460. fflush (stdout);
  461. ReturnValue = FALSE;
  462. }
  464. //
  465. // Close handles ans return.
  466. //
  468. if (ServiceHandle) {
  469. CloseServiceHandle (ServiceHandle);
  470. }
  472. if (ServiceManager) {
  473. CloseServiceHandle (ServiceManager);
  474. }
  476. return ReturnValue;
  477. }
  479. bool
  480. TdDeleteService (
  482. LPCTSTR DriverName)
  483. {
  484. SC_HANDLE ServiceManager = NULL;
  485. SC_HANDLE ServiceHandle = NULL;
  486. SERVICE_STATUS ServiceStatus;
  487. BOOL ReturnValue;
  489. try {
  491. //
  492. // Open the service control manager
  493. //
  495. ServiceManager = OpenSCManager (
  497. NULL,
  498. NULL,
  499. SC_MANAGER_ALL_ACCESS);
  501. if (ServiceManager == NULL) {
  502. throw "OpenSCManager()";
  503. }
  505. //
  506. // Open the service so we can stop it
  507. //
  509. ServiceHandle = OpenService (
  511. ServiceManager,
  512. DriverName,
  513. SERVICE_ALL_ACCESS);
  515. if (ServiceHandle == NULL) {
  516. throw "OpenService()";
  517. }
  519. //
  520. // Delete the service
  521. //
  523. if (! DeleteService (ServiceHandle)) {
  524. if (GetLastError() != ERROR_SERVICE_MARKED_FOR_DELETE) {
  525. throw "DeleteService()";
  526. }
  527. }
  529. ReturnValue = TRUE;
  530. }
  531. catch (char * Msg) {
  533. printf("Error: %u: %s\n", GetLastError(), Msg);
  534. fflush (stdout);
  535. ReturnValue = FALSE;
  536. }
  538. //
  539. // Close handles ans return.
  540. //
  542. if (ServiceHandle) {
  543. CloseServiceHandle (ServiceHandle);
  544. }
  546. if (ServiceManager) {
  547. CloseServiceHandle (ServiceManager);
  548. }
  550. return ReturnValue;
  551. }
  553. bool
  554. TdOpenDevice (
  556. LPCTSTR DriverName,
  557. PHANDLE DeviceHandle)
  558. {
  559. SC_HANDLE ServiceManager = NULL;
  560. SC_HANDLE ServiceHandle = NULL;
  561. BOOL ReturnValue;
  562. HANDLE Device;
  563. TCHAR ScratchBuffer [MAX_PATH];
  564. TCHAR DriverPath [MAX_PATH];
  565. TCHAR DevicePath [MAX_PATH];
  567. //
  568. // Sanity checks
  569. //
  571. if (DeviceHandle == NULL) {
  572. return FALSE;
  573. }
  575. try {
  577. GetSystemDirectory (ScratchBuffer, sizeof ScratchBuffer);
  578. _stprintf (DriverPath, "%s\\drivers\\%s.sys", ScratchBuffer, DriverName);
  579. _stprintf (DevicePath, "\\\\.\\%s", DriverName);
  581. //
  582. // Open the service control manager
  583. //
  585. ServiceManager = OpenSCManager (
  587. NULL,
  588. NULL,
  589. SC_MANAGER_ALL_ACCESS);
  591. if (ServiceManager == NULL) {
  592. throw "OpenScManager()";
  593. }
  595. //
  596. // Service should already exist.
  597. //
  599. ServiceHandle = OpenService (
  601. ServiceManager,
  602. DriverName,
  603. SERVICE_ALL_ACCESS);
  605. if (ServiceHandle == NULL) {
  606. throw "OpenService()";
  607. }
  609. //
  610. // Open the device
  611. //
  613. Device = CreateFile (
  615. DevicePath,
  616. GENERIC_READ|GENERIC_WRITE,
  617. 0,
  618. NULL,
  619. OPEN_EXISTING,
  620. FILE_ATTRIBUTE_NORMAL,
  621. NULL);
  623. if (Device == INVALID_HANDLE_VALUE) {
  624. throw "CreateFile()";
  625. }
  627. ReturnValue = TRUE;
  628. }
  629. catch (char * Msg) {
  631. printf("Error: %u: %s\n", GetLastError(), Msg);
  632. fflush (stdout);
  633. ReturnValue = FALSE;
  634. }
  636. //
  637. // Close handles and return.
  638. //
  640. if (ServiceHandle) {
  641. CloseServiceHandle (ServiceHandle);
  642. }
  644. if (ServiceManager) {
  645. CloseServiceHandle (ServiceManager);
  646. }
  648. if (Device != INVALID_HANDLE_VALUE) {
  649. *DeviceHandle = Device;
  650. }
  652. return ReturnValue;
  654. }
  656. bool
  657. TdCloseDevice (
  659. HANDLE Device)
  660. {
  661. if (Device == INVALID_HANDLE_VALUE) {
  662. return false;
  663. }
  665. return CloseHandle(Device);
  666. }
  668. //
  669. // Function:
  670. //
  671. // SendIoctl
  672. //
  673. // Description:
  674. //
  675. // This function sends an ioctl code to the driver.
  676. //
  678. bool
  679. TdSendIoctl (
  681. IN HANDLE Driver,
  682. IN DWORD Ioctl,
  683. IN PVOID pData OPTIONAL,
  684. IN ULONG uDataSize OPTIONAL )
  685. {
  686. DWORD BytesReturned;
  687. BOOL Result;
  689. if (Driver == INVALID_HANDLE_VALUE) {
  690. return false;
  691. }
  693. Result = DeviceIoControl (
  695. Driver,
  696. Ioctl,
  697. pData,
  698. uDataSize,
  699. NULL,
  700. 0,
  701. &BytesReturned,
  702. NULL);
  704. return Result == TRUE;
  705. }
  707. //
  708. //
  709. //
  710. #if _MSC_FULL_VER >= 13008827
  711. #pragma warning(push)
  712. #pragma warning(disable:4715) // Not all control paths return (due to infinite loop)
  713. #endif
  715. DWORD
  716. MapProcessAddressSpaceThread( LPVOID lpData )
  717. {
  718. HANDLE hDevice;
  719. DWORD dwTimeToSleep;
  721. hDevice = (HANDLE)lpData;
  723. while( TRUE )
  724. {
  725. dwTimeToSleep = rand() % 5000;
  727. Sleep( dwTimeToSleep );
  729. TdSendIoctl (hDevice, IOCTL_TD_SECTION_MAP_TEST_PROCESS_SPACE, NULL, 0);
  730. }
  732. return 0;
  733. }
  735. #if _MSC_FULL_VER >= 13008827
  736. #pragma warning(pop)
  737. #endif
  740. //
  741. //
  742. //
  744. #define TD_MAPSECT_TEST_THREADS 4
  746. void TdSectMapProcessAddressSpaceTest()
  747. {
  748. HANDLE Device;
  749. time_t theTime;
  750. int nCrtThread;
  751. DWORD dwThreadId;
  752. TCHAR strMessage[ 128 ];
  754. time( &theTime );
  756. _stprintf(
  757. strMessage,
  758. "Process %u, rand seed = %u\n",
  759. GetCurrentProcessId(),
  760. (unsigned int)theTime );
  762. OutputDebugString( strMessage );
  764. srand( (unsigned int)theTime );
  766. if( TdOpenDevice ("buggy", &Device) )
  767. {
  768. for( nCrtThread = 0; nCrtThread < TD_MAPSECT_TEST_THREADS - 1; nCrtThread++ )
  769. {
  770. CreateThread(
  771. NULL,
  772. 0,
  773. MapProcessAddressSpaceThread,
  774. (LPVOID)Device,
  775. 0,
  776. &dwThreadId );
  777. }
  779. //
  780. // reuse the main thread
  781. //
  783. MapProcessAddressSpaceThread( (LPVOID)Device );
  785. TdCloseDevice (Device);
  786. }
  787. }
  789. //
  790. //
  791. //
  793. #if _MSC_FULL_VER >= 13008827
  794. #pragma warning(push)
  795. #pragma warning(disable:4715) // Not all control paths return (due to infinite loop)
  796. #endif
  797. DWORD
  798. MapSystemAddressSpaceThread( LPVOID lpData )
  799. {
  800. HANDLE hDevice;
  801. DWORD dwTimeToSleep;
  803. hDevice = (HANDLE)lpData;
  805. while( TRUE )
  806. {
  807. dwTimeToSleep = rand() % 5000;
  809. Sleep( dwTimeToSleep );
  811. TdSendIoctl (hDevice, IOCTL_TD_SECTION_MAP_TEST_SYSTEM_SPACE, NULL, 0);
  812. }
  814. return 0;
  815. }
  816. #if _MSC_FULL_VER >= 13008827
  817. #pragma warning(pop)
  818. #endif
  821. //
  822. //
  823. //
  825. void TdSectMapSystemAddressSpaceTest()
  826. {
  827. HANDLE Device;
  828. time_t theTime;
  829. int nCrtThread;
  830. DWORD dwThreadId;
  831. TCHAR strMessage[ 128 ];
  833. time( &theTime );
  835. _stprintf(
  836. strMessage,
  837. "Process %u, rand seed = %u\n",
  838. GetCurrentProcessId(),
  839. (unsigned int)theTime );
  841. OutputDebugString( strMessage );
  843. srand( (unsigned int)theTime );
  845. if( TdOpenDevice ("buggy", &Device) )
  846. {
  847. for( nCrtThread = 0; nCrtThread < TD_MAPSECT_TEST_THREADS - 1; nCrtThread++ )
  848. {
  849. CreateThread(
  850. NULL,
  851. 0,
  852. MapProcessAddressSpaceThread,
  853. (LPVOID)Device,
  854. 0,
  855. &dwThreadId );
  856. }
  858. //
  859. // reuse the main thread - only this thread will map into system address space
  860. //
  862. MapSystemAddressSpaceThread( (LPVOID)Device );
  864. TdCloseDevice (Device);
  865. }
  866. }
  868. //
  869. // Convert a hex string from the command line to an UNLONG_PTR
  870. //
  872. ULONG_PTR
  873. UtilHexStringToUlongPtr( char *szHexNumber )
  874. {
  875. ULONG_PTR uNewDigit;
  876. ULONG_PTR uResult = 0;
  877. char *pCrtChar = szHexNumber;
  879. while( ( *pCrtChar ) != (char)0 )
  880. {
  881. uNewDigit = 0;
  883. if( ( *pCrtChar ) >= '0' && ( *pCrtChar ) <= '9' )
  884. {
  885. uNewDigit = ( *pCrtChar ) - '0';
  886. }
  887. else
  888. {
  889. if( ( *pCrtChar ) >= 'A' && ( *pCrtChar ) <= 'F' )
  890. {
  891. uNewDigit = ( *pCrtChar ) - 'A' + 10;
  892. }
  893. else
  894. {
  895. if( ( *pCrtChar ) >= 'a' && ( *pCrtChar ) <= 'f' )
  896. {
  897. uNewDigit = ( *pCrtChar ) - 'a' + 10;
  898. }
  899. }
  900. }
  902. uResult = uResult * 16 + uNewDigit;
  904. pCrtChar++;
  905. }
  907. return uResult;
  908. }
  910. //
  911. // Set the current reserved size and address as asked by the user
  912. //
  915. VOID
  916. TdReservedMapSetSize(
  917. int argc,
  918. char *argv[] )
  919. {
  920. SIZE_T NewSize;
  921. HANDLE Device;
  922. time_t theTime;
  923. TCHAR strMessage[ 128 ];
  925. if( argc >= 3 )
  926. {
  927. //
  928. // User-specified buffer size
  929. //
  931. NewSize = atoi( argv[ 2 ] );
  932. }
  933. else
  934. {
  935. //
  936. // Seed the random numbers generator
  937. //
  939. time( &theTime );
  941. _stprintf(
  942. strMessage,
  943. "Process %u, rand seed = %u\n",
  944. GetCurrentProcessId(),
  945. (unsigned int)theTime );
  947. OutputDebugString( strMessage );
  949. srand( (unsigned int)theTime );
  951. //
  952. // New size is random, up to 10 pages
  953. //
  955. NewSize = ( abs( rand() ) % 10 + 1 ) * 0x1000;
  956. }
  958. if( TdOpenDevice ("buggy", &Device) )
  959. {
  960. printf( "TdReservedMapSetSize: sending size %p\n",
  961. NewSize );
  963. TdSendIoctl (
  964. Device,
  965. IOCTL_TD_RESERVEDMAP_SET_SIZE,
  966. &NewSize,
  967. sizeof( NewSize ) );
  969. TdCloseDevice (Device);
  970. }
  971. }
  973. //
  974. // Ask for a "read" operation from our driver
  975. //
  977. VOID
  978. TdReservedMapRead( VOID )
  979. {
  980. HANDLE Device;
  981. time_t theTime;
  982. SIZE_T ReadBufferSize;
  983. SIZE_T ReadPages;
  984. SIZE_T CrtReadPage;
  985. PSIZE_T CrtPageAddress;
  986. PVOID UserBuffer;
  987. BOOL Success;
  988. SYSTEM_INFO SystemInfo;
  989. TCHAR strMessage[ 128 ];
  991. //
  992. // Get the page size
  993. //
  995. GetSystemInfo(
  996. &SystemInfo );
  998. //
  999. // Seed the random numbers generator
  1000. //
  1002. time( &theTime );
  1004. _stprintf(
  1005. strMessage,
  1006. "Process %u, rand seed = %u\n",
  1007. GetCurrentProcessId(),
  1008. (unsigned int)theTime );
  1010. //OutputDebugString( strMessage );
  1011. puts( strMessage );
  1013. srand( (unsigned int)theTime );
  1015. //
  1016. // Choose a size >= PAGE_SIZE and <= ~1 Mb
  1017. //
  1019. ReadBufferSize = abs( rand() * rand() * rand() ) % ( 1024 * 1024 ) + SystemInfo.dwPageSize;
  1021. UserBuffer = VirtualAlloc(
  1022. NULL,
  1023. ReadBufferSize,
  1024. MEM_RESERVE | MEM_COMMIT,
  1025. PAGE_READWRITE );
  1027. if( NULL != UserBuffer )
  1028. {
  1029. if( TdOpenDevice ("buggy", &Device) )
  1030. {
  1031. //
  1032. // Prepare the parameters to the driver
  1033. //
  1035. USER_READ_BUFFER UserReadBuffer;
  1037. UserReadBuffer.UserBuffer = UserBuffer;
  1038. UserReadBuffer.UserBufferSize = ReadBufferSize;
  1040. _stprintf(
  1041. strMessage,
  1042. "TdReservedMapRead: sending buffer %p, size %p\n",
  1043. UserReadBuffer.UserBuffer,
  1044. UserReadBuffer.UserBufferSize );
  1046. //OutputDebugString( strMessage );
  1047. puts( strMessage );
  1049. //
  1050. // Send the request to the driver
  1051. //
  1053. Success = TdSendIoctl (
  1054. Device,
  1055. IOCTL_TD_RESERVEDMAP_READ_OP,
  1056. &UserReadBuffer,
  1057. sizeof( UserReadBuffer ) );
  1059. if( TRUE == Success )
  1060. {
  1061. //
  1062. // If the call succeeded then we check the validity of data returned by the driver
  1063. //
  1065. ReadPages = ReadBufferSize / SystemInfo.dwPageSize;
  1066. CrtPageAddress = (PSIZE_T)UserBuffer;
  1068. for( CrtReadPage = 1; CrtReadPage <= ReadPages; CrtReadPage++ )
  1069. {
  1070. if( *CrtPageAddress != CrtReadPage )
  1071. {
  1072. _stprintf(
  1073. strMessage,
  1074. "Incorrect data received from buggy.sys: page %p, expected %p, actual data %p\n",
  1075. CrtPageAddress,
  1076. CrtReadPage,
  1077. *CrtPageAddress );
  1079. OutputDebugString( strMessage );
  1081. DebugBreak();
  1082. }
  1084. CrtPageAddress = (PSIZE_T) ( (PCHAR)CrtPageAddress + SystemInfo.dwPageSize );
  1085. ReadPages -= 1;
  1086. }
  1088. }
  1090. TdCloseDevice (Device);
  1091. }
  1093. VirtualFree(
  1094. UserBuffer,
  1095. 0,
  1096. MEM_RELEASE );
  1097. }
  1099. }
  1101. //
  1102. // End of file
  1103. //