|
|
// define COBJMACROS so the IUnknown_Release() gets defined
#define COBJMACROS
// disable ddraw COM declarations. Otherwise ddrawint.h defineds _NO_COM
// and includes ddraw.h. That causes ddraw.h to define IUnknown as 'void *'
// which obliterates the struct IUnknown in objbase.h. This all happens
// inside winddi.h
#define _NO_DDRAWINT_NO_COM
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <objbase.h>
#include <mshtml.h>
#include <winddi.h>
#include <io.h>
#define PAGE_4K 0x1000
// Assume an error happened. This variable controls whether a pass or fail
// is logged in the test results.
BOOL g_bError = TRUE;
// Time the test started (only valid in the main process)
time_t TestStartTime;
FILE *fpLogFile;
void __cdecl PrintToLog(char *format, ...){ va_list pArg; char buffer[4096];
va_start(pArg, format); _vsnprintf(buffer, sizeof(buffer), format, pArg); buffer[sizeof(buffer)-1] = '\0'; printf("%s", buffer); if (fpLogFile) { fprintf(fpLogFile, "%s", buffer); }}
//////////// All this code runs in a worker thread in a child process //////
//// Prefix any output by "WOW64BVT1" so it can be identified as coming from
//// the child process.
// This routine is invoked when "childprocess" is passed on the command-line.
// The child runs synchronously with the parent to maximize the test coverage.
int BeAChildProcess(void){ HRESULT hr; IUnknown *pUnk; CLSID clsid; HWND hwnd;
PrintToLog("WOW64BVT1: Child process running\n");
// Do some COM stuff here
hr = CoInitializeEx(NULL, COINIT_MULTITHREADED|COINIT_DISABLE_OLE1DDE); if (FAILED(hr)) { PrintToLog("ERROR: WOW64BVT1: CoInitializeEx failed %x\n", hr); return 3; }
// Load and call 32-bit mshtml inproc
hr = CLSIDFromProgID(L"Shell.Explorer", &clsid); if (FAILED(hr)) { PrintToLog("ERROR: WOW64BVT1: CLSIDFromProgID for Shell.Explorer failed %x\n", hr); return 3; }#if 0 // The cocreate fails on IA64 with 8007000e (E_OUTOFMEMORY)
hr = CoCreateInstance(&clsid, NULL, CLSCTX_INPROC_SERVER, &IID_IUnknown, (PVOID *)&pUnk); if (FAILED(hr)) { PrintToLog("ERROR: WOW64BVT1: CoCreateInstance for Shell.Explorer failed %x\n", hr); return 3; } Sleep(1000); IUnknown_Release(pUnk); pUnk = NULL;#endif
// Load and call mplay32.exe out-of-proc
#if 0 // The clsidfromprogid fails on IA64 with 800401f3 (CO_E_CLASSSTRING)
hr = CLSIDFromProgID(L"MediaPlayer.MediaPlayer.1", &clsid); if (FAILED(hr)) { PrintToLog("ERROR: WOW64BVT1: CLSIDFromProgID for MediaPlayer.MediaPlayer failed %x\n", hr); return 3; } hr = CoCreateInstance(&clsid, NULL, CLSCTX_LOCAL_SERVER, &IID_IUnknown, (PVOID *)&pUnk); if (FAILED(hr)) { PrintToLog("ERROR: WOW64BVT1: CoCreateInstance for MediaPlayer.MediaPlayer failed %x\n", hr); return 3; } Sleep(5000); IUnknown_Release(pUnk); pUnk = NULL;#endif
// Unfortunately, mplay32 has a refcounting problem and doesn't close
// when we release it. Post a quit message to make it close.
hwnd = FindWindowW(NULL, L"Windows Media Player"); if (hwnd) { PostMessage(hwnd, WM_QUIT, 0, 0); }
// Wrap up COM now
CoUninitialize();
PrintToLog("WOW64BVT1: Child process done OK.\n"); return 0;}
//////////// All this code runs in a worker thread in the main process //////
//// Prefix any output by "WOW64BVT" so it can be identified as coming from
//// the parent process.
DWORD BeAThread(LPVOID lpParam){ NTSTATUS st; LPWSTR lp;
PrintToLog("WOW64BVT: Worker thread running\n");
// Call an API close to the end of whnt32.c's dispatch table
st = NtYieldExecution(); if (FAILED(st)) { PrintToLog("ERROR: WOW64BVT: NtYieldExecution failed %x\n", st); exit(1); }
// Call an API close to the end of whwin32.c's dispatch table. Pass NULL,
// so it is expected to fail.
lp = EngGetPrinterDataFileName(NULL); // calls NtGdiGetDhpdev()
if (lp) { // It succeeded.... it shouldn't have since
PrintToLog("ERROR: WOW64BVT: EngGetPrinterDataFileName succeeeded when it should not have.\n"); exit(1); }
PrintToLog("WOW64BVT: Worker thread done OK.\n"); return 0;}
HANDLE CreateTheThread(void){ HANDLE h; DWORD dwThreadId;
PrintToLog("WOW64BVT: Creating child thread\n"); h = CreateThread(NULL, 0, BeAThread, NULL, 0, &dwThreadId); if (h == INVALID_HANDLE_VALUE) { PrintToLog("ERROR: WOW64BVT: Error %d creating worker thread.\n", GetLastError()); exit(2); } // Sleep a bit here, to try and let the child thread run a bit
Sleep(10); return h;}
BOOL AllocateStackAndTouch( INT Count){ char temp[4096];
memset(temp, 0, sizeof(temp));
if (--Count) { AllocateStackAndTouch(Count); }
return TRUE;}
DWORD WINAPI TestGuardPagesThreadProc( PVOID lpParam){ try { AllocateStackAndTouch(PtrToUlong(lpParam)); } except(EXCEPTION_EXECUTE_HANDLER) { PrintToLog("ERROR: WOW64BVT: Error allocating stack. Exception Code = %lx\n", GetExceptionCode()); exit(1); }
return 0;}
int TestGuardPages( VOID){ HANDLE h; DWORD dwExitCode, dwThreadId; BOOL b; ULONG NestedStackCount = 100; DWORD StackSize = 4096; PrintToLog("WOW64BVT: Creating worker threads to test guard pages\n");
while (StackSize < (32768+1)) { h = CreateThread(NULL, StackSize, TestGuardPagesThreadProc, UlongToPtr(NestedStackCount), 0, &dwThreadId); if (h == INVALID_HANDLE_VALUE) { PrintToLog("ERROR: WOW64BVT: Error %d creating worker thread for guard page tests.\n", GetLastError()); exit(2); } StackSize += 4096; WaitForSingleObject(h, INFINITE);
b = GetExitCodeThread(h, &dwExitCode); if (b) { if (dwExitCode) { return (int)dwExitCode; } } else { PrintToLog("ERROR: GetExitCodeThread failed with LastError = %d\n", GetLastError()); return 1; } }
PrintToLog("WOW64BVT: Test guard pages done OK.\n");
return 0;}
int TestMemoryMappedFiles( VOID){ HANDLE Handle; PWCHAR pwc; MEMORY_BASIC_INFORMATION mbi; BOOL ExceptionHappened = FALSE; PrintToLog("WOW64BVT: Testing memory mapped files\n");
Handle = CreateFileMappingW(INVALID_HANDLE_VALUE, NULL, SEC_RESERVE | PAGE_READWRITE, 0, 32 * 1024, L"HelloWorld");
if (Handle == INVALID_HANDLE_VALUE) { PrintToLog("ERROR: WOW64BVT : Error %d creating file mapping\n", GetLastError()); return 1; }
pwc = (PWCHAR)MapViewOfFile(Handle, FILE_MAP_WRITE, 0, 0, 0);
if (!pwc) { PrintToLog("ERROR: WOW64BVT : Error %d mapping section object\n", GetLastError()); return 1; }
if (!VirtualQuery(pwc, &mbi, sizeof(mbi))) { PrintToLog("ERROR: WOW64BVT : Virtual query failed with last error = %d\n", GetLastError()); return 1; }
if (mbi.State != MEM_RESERVE) { PrintToLog("ERROR: WOW64BVT : Memory attributes have changed since mapped %lx\n", mbi.State); return 1; }
try { *pwc = *(pwc+1); } except(EXCEPTION_EXECUTE_HANDLER) { ExceptionHappened = TRUE; }
if (ExceptionHappened == FALSE) { PrintToLog("ERROR: WOW64BVT : Memory has been committed while it should have ONLY been reserved.\n"); return 1; }
if (!VirtualQuery(pwc, &mbi, sizeof(mbi))) { PrintToLog("ERROR: WOW64BVT : Virtual query failed with last error = %d\n", GetLastError()); return 1; }
if (mbi.State != MEM_RESERVE) { PrintToLog("ERROR: WOW64BVT : Memory attributes have changed since mapped %lx\n", mbi.State); return 1; }
UnmapViewOfFile(pwc); CloseHandle(Handle);
PrintToLog("WOW64BVT: Testing memory mapped files done OK.\n");
return 0;}
BOOL ReleasePages(PVOID Address, DWORD DeAllocationType, SIZE_T ReleasedPages){
PVOID p = Address; SIZE_T nPages = ReleasedPages; NTSTATUS NtStatus;
NtStatus = NtFreeVirtualMemory(NtCurrentProcess(), &p, &nPages, DeAllocationType);
return NT_SUCCESS(NtStatus);}
BOOL VerifyPages(PVOID Address, DWORD DeAllocationType, SIZE_T ReleasedPages){ DWORD PagesState; BOOL b; MEMORY_BASIC_INFORMATION mbi;
if (DeAllocationType == MEM_DECOMMIT) { PagesState = MEM_RESERVE; } else if (DeAllocationType == MEM_RELEASE) { PagesState = MEM_FREE; } else { PagesState = DeAllocationType; }
b = VirtualQuery(Address, &mbi, sizeof(mbi));
if (b) { if (mbi.State != PagesState) { PrintToLog("ERROR: WOW64BVT: Incorrect page protection set at address %p. State = %lx - %lx, RegionSize = %lx - %lx\n", Address, mbi.State, PagesState, mbi.RegionSize, ReleasedPages); b = FALSE; } } else { PrintToLog("ERROR: WOW64BVT: Failed to query virtual memory at address %p - %lx\n", Address, GetLastError()); }
return b;}
BOOL ReleaseVerifyPages(PVOID BaseAllocation, PVOID *Address, SIZE_T *AllocationSize, DWORD AllocationType, DWORD DeAllocationType, DWORD ReleasedPages){ BOOL b;
if (ReleasedPages > *AllocationSize) { ReleasedPages = *AllocationSize; } b = ReleasePages(*Address, DeAllocationType, ReleasedPages); if (b == FALSE) { PrintToLog("ERROR: WOW64BVT: Failed to release a page - %lx\n", GetLastError()); return b; } b = VerifyPages(*Address, DeAllocationType, ReleasedPages);
*AllocationSize -= ReleasedPages; *Address = (PVOID)((ULONG_PTR)*Address + ReleasedPages);
if (b == FALSE) { PrintToLog("ERROR: WOW64BVT: Failed to verify pages at address %lx - %lx\n", ((ULONG_PTR)Address + ReleasedPages), GetLastError()); }
return b;}
BOOL TestVadSplitOnFreeHelper(DWORD AllocationType, DWORD DeAllocationType, SIZE_T TotalAllocation){ BOOL b; PVOID Address; PVOID BaseAllocation; SIZE_T BaseAllocationSize; INT n;
Address = VirtualAlloc(NULL, TotalAllocation, AllocationType, PAGE_READWRITE);
if (Address == NULL) { PrintToLog("ERROR: WOW64BVT: Failed to allocate memory - %lx\n", GetLastError()); }
n = 1; BaseAllocation = Address; BaseAllocationSize = TotalAllocation; while (TotalAllocation != 0) { b = ReleaseVerifyPages(BaseAllocation, &Address, &TotalAllocation, AllocationType, DeAllocationType, PAGE_4K * n);
if (b == FALSE) { PrintToLog("ERROR: WOW64BVT: ReleaseVerifyPages failed - %lx. %lx-%lx-%lx", GetLastError(), BaseAllocation, Address, TotalAllocation); break; } b = VerifyPages(BaseAllocation, DeAllocationType, n * PAGE_4K);
if (b == FALSE) { PrintToLog("ERROR: WOW64BVT: Verify released pages from address %p with length = %lx failed\n", BaseAllocation, (n * PAGE_4K)); break; }
if (TotalAllocation > 0) { b = VerifyPages(Address, AllocationType, TotalAllocation);
if (b == FALSE) { PrintToLog("ERROR: WOW64BVT: Verify pages from address %p with length = %lx failed\n", BaseAllocation, TotalAllocation); break; } }
n += 2; }
return b;}
int TestVadSplitOnFree(){ BOOL b; SIZE_T AllocationSize = (PAGE_4K * 10);
PrintToLog("WOW64BVT: Testing VAD splitting...\n");
b = TestVadSplitOnFreeHelper(MEM_COMMIT, MEM_DECOMMIT, AllocationSize);
if (b) { b = TestVadSplitOnFreeHelper(MEM_COMMIT, MEM_RELEASE, AllocationSize); }
if (b) { b = TestVadSplitOnFreeHelper(MEM_RESERVE, MEM_RELEASE, AllocationSize); }
if (b != FALSE) { PrintToLog("WOW64BVT: Testing VAD splitting...OK\n"); } else { PrintToLog("ERROR: WOW64BVT: Testing VAD splitting\n"); }
return (b == FALSE);}
PVOID GetReadOnlyBuffer(){ PVOID pReadOnlyBuffer = NULL;
if (!pReadOnlyBuffer) { SYSTEM_INFO SystemInfo;
// Get system info so that we know the page size
GetSystemInfo(&SystemInfo);
// Allocate a whole page. This is optimal.
pReadOnlyBuffer = VirtualAlloc(NULL, SystemInfo.dwPageSize, MEM_COMMIT, PAGE_READWRITE); if (pReadOnlyBuffer) { // Fill it with know patern
FillMemory(pReadOnlyBuffer, SystemInfo.dwPageSize, 0xA5); // Mark the page readonly
pReadOnlyBuffer = VirtualAlloc(pReadOnlyBuffer, SystemInfo.dwPageSize, MEM_COMMIT, PAGE_READONLY); } }
return pReadOnlyBuffer;}
PVOID GetReadOnlyBuffer2(){ PVOID pReadOnlyBuffer = NULL;
DWORD OldP; SYSTEM_INFO SystemInfo;
// Get system info so that we know the page size
GetSystemInfo(&SystemInfo);
// Allocate a whole page. This is optimal.
pReadOnlyBuffer = VirtualAlloc(NULL, SystemInfo.dwPageSize, MEM_COMMIT, PAGE_READWRITE);
if (pReadOnlyBuffer) { FillMemory(pReadOnlyBuffer, SystemInfo.dwPageSize, 0xA5); lstrcpy((PTSTR)pReadOnlyBuffer, TEXT("xxxxxxxxxxxxxxxxxxxx"));
if (!VirtualProtect(pReadOnlyBuffer, SystemInfo.dwPageSize, PAGE_READONLY, &OldP)) { PrintToLog("ERROR: WOW64BVT: VirtualProtect() failed inside GetReadOnlyBuffer2()\n"); VirtualFree(pReadOnlyBuffer, 0, MEM_RELEASE);
pReadOnlyBuffer = NULL; }
}
return pReadOnlyBuffer;
}
BOOL TestMmPageProtection(){ PTSTR String; BOOL AV = FALSE;
PrintToLog("WOW64BVT: Testing MM Page Protection...\n");
String = (PTSTR) GetReadOnlyBuffer(); if (!String) { PrintToLog("ERROR: WOW64BVT: GetReadOnlyBuffer() failed\n"); return TRUE; }
try { *String = TEXT('S'); } except(EXCEPTION_EXECUTE_HANDLER) { AV = TRUE; }
VirtualFree(String, 0, MEM_RELEASE);
if (AV == TRUE) { AV = FALSE; String = (PTSTR) GetReadOnlyBuffer2();
if (!String) { PrintToLog("ERROR: WOW64BVT: GetReadOnlyBuffer2() failed\n"); return TRUE; }
try { *String = TEXT('A'); } except(EXCEPTION_EXECUTE_HANDLER) { AV = TRUE; }
VirtualFree(String, 0, MEM_RELEASE); } else { PrintToLog("ERROR: WOW64BVT: GetReadOnlyBuffer() failed to make 4K pages read only\n"); }
if (AV == TRUE) { PrintToLog("WOW64BVT: Testing MM Page Protection...OK\n"); } else { PrintToLog("ERROR: WOW64BVT: Testing MM Page Protection\n"); }
return (AV == FALSE);}
#define STACK_BUFFER 0x300
BOOL TestX86MisalignedLock(){ BOOL bError = FALSE;
PrintToLog("WOW64BVT: Testing X86 Lock on misaligned addresses...\n"); __try { __asm { pushad; pushfd;
sub esp, STACK_BUFFER;
;; ;; make eax unaliged with respect to an 8-byte cache line ;;
mov eax, esp; add eax, 10h; mov ecx, 0xfffffff0; and eax, ecx; add eax, 7; mov ebx, eax;
;; ;; add ;;
mov DWORD PTR [eax], 0x0300; lock add WORD PTR [eax], 0x0004; cmp DWORD PTR [eax], 0x0304; jnz $endwitherrornow;
mov DWORD PTR [eax], 0x0300; lock add DWORD PTR [eax], 0x10000; cmp DWORD PTR [eax], 0x10300; jnz $endwitherrornow;
mov ecx, DWORD PTR [eax+8]; add ecx, 0x10; lock add DWORD PTR [eax+8], 0x10; cmp DWORD PTR [eax+8], ecx; jnz $endwitherrornow; mov ecx, DWORD PTR fs:[5]; mov esi, 0x30000; lock add DWORD PTR fs:[5], esi; add esi, ecx; cmp DWORD PTR fs:[5], esi; mov DWORD PTR fs:[5], ecx; jnz $endwitherrornow;
mov edi, 5; mov ecx, DWORD PTR fs:[edi]; mov esi, 0x30000; lock add DWORD PTR fs:[edi], esi; add esi, ecx; cmp DWORD PTR fs:[edi], esi; mov DWORD PTR fs:[edi], ecx; jnz $endwitherrornow;
mov esi, 0x40; mov WORD PTR [eax], 0x3000; lock add WORD PTR [eax], si; cmp WORD PTR [eax], 0x3040; jnz $endwitherrornow;
mov edi, 0x40; mov DWORD PTR [eax], 0x3000; lock add DWORD PTR [eax], edi; cmp DWORD PTR [eax], 0x3040; jnz $endwitherrornow;
;; ;; adc ;;
pushfd; pop ecx; or ecx, 1; push ecx; popfd; mov DWORD PTR [eax], 0x030000; lock adc DWORD PTR [eax], 0x40000; cmp DWORD PTR [eax], 0x70001; jnz $endwitherrornow;
pushfd; pop ecx; and ecx, 0xfffffffe; push ecx; popfd; mov dx, 0x4000; mov WORD PTR [eax], 0x03000; lock adc WORD PTR [eax], dx; cmp WORD PTR [eax], 0x7000; jnz $endwitherrornow;
pushfd; pop ecx; or ecx, 0x01; push ecx; popfd; mov WORD PTR [eax], 0x03000; lock adc WORD PTR [eax], 0x04000; cmp WORD PTR [eax], 0x7001; jnz $endwitherrornow;
;; ;; and ;;
mov DWORD PTR [eax], 0xffffffff; lock and DWORD PTR [eax], 0xffff; cmp DWORD PTR [eax], 0xffff; jnz $endwitherrornow;
mov DWORD PTR [eax], 0xffffffff; lock and DWORD PTR [eax], 0xff00ff00; cmp DWORD PTR [eax], 0xff00ff00; jnz $endwitherrornow;
mov DWORD PTR [eax], 0xffffffff; mov esi, 0x00ff00ff lock and DWORD PTR [eax], esi; cmp DWORD PTR [eax], esi; jnz $endwitherrornow;
mov ecx, 4; mov DWORD PTR [eax+ecx*2], 0xffffffff; mov esi, 0xffff00ff lock and DWORD PTR [eax+ecx*2], esi; cmp DWORD PTR [eax+ecx*2], 0xffff00ff; jnz $endwitherrornow;
mov WORD PTR [eax], 0xffff; mov si, 0xff lock and WORD PTR [eax], si; cmp WORD PTR [eax], si; jnz $endwitherrornow;
mov edi, DWORD PTR fs:[5]; mov DWORD PTR fs:[5], 0xffffffff; mov ebx, 5; lock and DWORD PTR fs:[ebx], 0xff00ff00; cmp DWORD PTR fs:[ebx], 0xff00ff00; mov DWORD PTR fs:[ebx], edi; jnz $endwitherrornow;
;; ;; or ;;
mov DWORD PTR [eax], 0x00; lock or DWORD PTR [eax], 0xffff; cmp DWORD PTR [eax], 0xffff; jnz $endwitherrornow;
mov DWORD PTR [eax], 0xff00ff00; lock or DWORD PTR [eax], 0xff00ff; cmp DWORD PTR [eax], 0xffffffff; jnz $endwitherrornow;
mov DWORD PTR [eax], 0xff000000; mov esi, 0x00ff00ff lock or DWORD PTR [eax], esi; cmp DWORD PTR [eax], 0xffff00ff; jnz $endwitherrornow;
mov ecx, 4; mov DWORD PTR [eax+ecx*2], 0xff000000; mov esi, 0x00ff00ff lock or DWORD PTR [eax+ecx*2], esi; cmp DWORD PTR [eax+ecx*2], 0xffff00ff; jnz $endwitherrornow;
mov WORD PTR [eax], 0xf000; mov si, 0xff lock or WORD PTR [eax], si; cmp WORD PTR [eax], 0xf0ff; jnz $endwitherrornow;
mov edi, DWORD PTR fs:[5]; mov DWORD PTR fs:[5], 0x00; mov ebx, 5; lock or DWORD PTR fs:[ebx], 0xff00ff00; cmp DWORD PTR fs:[ebx], 0xff00ff00; mov DWORD PTR fs:[ebx], edi; jnz $endwitherrornow;
;; ;; xor ;;
mov DWORD PTR [eax], 0x00ffffff; lock xor DWORD PTR [eax], 0xffff; cmp DWORD PTR [eax], 0x00ff0000; jnz $endwitherrornow;
mov DWORD PTR [eax], 0xff00ff00; lock xor DWORD PTR [eax], 0xff00ff; cmp DWORD PTR [eax], 0xffffffff; jnz $endwitherrornow;
mov DWORD PTR [eax], 0xff0000ff; mov esi, 0x00ff00ff lock xor DWORD PTR [eax], esi; cmp DWORD PTR [eax], 0xffff0000; jnz $endwitherrornow;
mov ecx, 4; mov DWORD PTR [eax+ecx*2], 0xff000000; mov esi, 0xffff00ff lock xor DWORD PTR [eax+ecx*2], esi; cmp DWORD PTR [eax+ecx*2], 0x00ff00ff; jnz $endwitherrornow;
mov WORD PTR [eax], 0xf000; mov si, 0xf0ff lock xor WORD PTR [eax], si; cmp WORD PTR [eax], 0x00ff; jnz $endwitherrornow;
mov edi, DWORD PTR fs:[5]; mov DWORD PTR fs:[5], 0x0f; mov ebx, 5; lock xor DWORD PTR fs:[ebx], 0xff00000f; cmp DWORD PTR fs:[ebx], 0xff000000; mov DWORD PTR fs:[ebx], edi; jnz $endwitherrornow;
;; ;; inc & dec ;; mov DWORD PTR [eax], 0xffff; lock inc DWORD PTR [eax]; cmp DWORD PTR [eax], 0x10000; jnz $endwitherrornow; lock inc WORD PTR [eax]; cmp WORD PTR [eax], 0x0001; lock dec WORD PTR [eax]; jnz $endwitherrornow; cmp WORD PTR [eax], 0x00; jnz $endwitherrornow; mov DWORD PTR [eax], 0; lock dec DWORD PTR [eax]; cmp DWORD PTR [eax], 0xffffffff; jnz $endwitherrornow; ;; ;; not ;; mov DWORD PTR [eax], 0x10101010; lock not DWORD PTR [eax]; cmp DWORD PTR [eax], 0xefefefef; jnz $endwitherrornow; mov DWORD PTR [eax+8], 0xffff0000; lock not DWORD PTR [eax+8]; cmp DWORD PTR [eax+8], 0x0000ffff; jnz $endwitherrornow; mov ecx, 2; mov DWORD PTR [eax+ecx*4], 0xffffffff; lock not DWORD PTR [eax+ecx*4]; cmp DWORD PTR [eax+ecx*4], 0x00000000; jnz $endwitherrornow;
;; ;; neg ;; mov DWORD PTR [eax], 0; lock neg DWORD PTR [eax]; jc $endwitherrornow; cmp DWORD PTR [eax], 0; jnz $endwitherrornow; mov DWORD PTR [eax], 0xffffffff; lock neg DWORD PTR [eax]; jnc $endwitherrornow; cmp DWORD PTR [eax], 0x01; jnz $endwitherrornow;
mov WORD PTR [eax], 0xff; lock neg WORD PTR [eax]; jnc $endwitherrornow; cmp WORD PTR [eax], 0xff01; jnz $endwitherrornow;
;; ;; bts ;;
mov DWORD PTR [eax], 0x7ffffffe; lock bts DWORD PTR [eax], 0; jc $endwitherrornow; cmp DWORD PTR [eax], 0x7fffffff; jnz $endwitherrornow;
mov ecx, eax; sub ecx, 4; mov edx, 63; lock bts DWORD PTR [ecx], edx; jc $endwitherrornow; cmp DWORD PTR [eax], 0xffffffff jnz $endwitherrornow;
;; ;; xchg ;; mov DWORD PTR [eax], 0xf0f0f0f0; mov edx, 0x11112222; lock xchg DWORD PTR [eax], edx; cmp DWORD PTR [eax], 0x11112222; jnz $endwitherrornow; cmp edx, 0xf0f0f0f0; jnz $endwitherrornow;
xchg WORD PTR [eax], dx; cmp WORD PTR [eax], 0xf0f0; jnz $endwitherrornow; cmp dx, 0x2222; jnz $endwitherrornow;
;; ;; cmpxchg ;;
mov ebx, eax; mov DWORD PTR [ebx], 0xf0f0f0f0; mov eax, 0x10101010; mov edx, 0x22332233; lock cmpxchg DWORD PTR [ebx], edx; jz $endwitherrornow; cmp eax, 0xf0f0f0f0; jnz $endwitherrornow;
mov DWORD PTR [ebx], 0xf0f0f0f0; mov eax, 0xf0f0f0f0; mov edx, 0x12341234; lock cmpxchg DWORD PTR [ebx], edx; jnz $endwitherrornow; cmp DWORD PTR [ebx], 0x12341234; jnz $endwitherrornow;
;; ;; cmpxchg8b ;;
mov DWORD PTR [ebx], 0x11223344; mov DWORD PTR [ebx+4], 0x55667788; mov edx, 0x12341234; mov eax, 0xff00ff00; lock cmpxchg8b [ebx]; jz $endwitherrornow; cmp edx, 0x55667788; jnz $endwitherrornow; cmp eax, 0x11223344; jnz $endwitherrornow;
mov esi, ebx; mov DWORD PTR [esi], 0x11223344; mov DWORD PTR [esi+4], 0x55667788; mov edx, 0x55667788; mov eax, 0x11223344; mov ecx, 0x10101010; mov ebx, 0x20202020; lock cmpxchg8b [esi]; jnz $endwitherrornow; cmp DWORD PTR [esi], 0x20202020; jnz $endwitherrornow; cmp DWORD PTR [esi+4], 0x10101010; jnz $endwitherrornow; mov eax, esi; mov ebx, eax;
;; ;; sub ;;
mov DWORD PTR [eax], 0x0300; lock sub WORD PTR [eax], 0x0004; cmp DWORD PTR [eax], 0x2fc; jnz $endwitherrornow;
mov DWORD PTR [eax], 0x10000; lock sub DWORD PTR [eax], 0x0300; cmp DWORD PTR [eax], 0xfd00; jnz $endwitherrornow;
mov ecx, DWORD PTR [eax+8]; sub ecx, 0x10; lock sub DWORD PTR [eax+8], 0x10; cmp DWORD PTR [eax+8], ecx; jnz $endwitherrornow; mov ecx, DWORD PTR fs:[5]; mov esi, 0x3000; lock sub DWORD PTR fs:[5], esi; mov edi, ecx; sub ecx, esi; cmp DWORD PTR fs:[5], ecx; mov DWORD PTR fs:[5], edi; jnz $endwitherrornow;
mov edi, 5; mov ecx, DWORD PTR fs:[edi]; mov esi, 0x30000; lock sub DWORD PTR fs:[edi], esi; mov edx, ecx; sub ecx, esi; cmp DWORD PTR fs:[edi], ecx; mov DWORD PTR fs:[edi], edx; jnz $endwitherrornow;
mov si, 0x40; mov WORD PTR [eax], 0x3000; lock sub WORD PTR [eax], si; cmp WORD PTR [eax], 0x2fc0; jnz $endwitherrornow;
mov edi, 0x40; mov DWORD PTR [eax], 0x3000; lock sub DWORD PTR [eax], edi; cmp DWORD PTR [eax], 0x2fc0; jnz $endwitherrornow;
;; ;; sbb ;;
pushfd; pop ecx; or ecx, 1; push ecx; popfd; mov DWORD PTR [eax], 0x030000; lock sbb DWORD PTR [eax], 0x40000; cmp DWORD PTR [eax], 0xfffeffff; jnz $endwitherrornow;
pushfd; pop ecx; and ecx, 0xfffffffe; push ecx; popfd; mov dx, 0x4000; mov WORD PTR [eax], 0x03000; lock sbb WORD PTR [eax], dx; cmp WORD PTR [eax], 0xf000; jnz $endwitherrornow;
pushfd; pop ecx; or ecx, 0x01; push ecx; popfd; mov WORD PTR [eax], 0x03000; lock sbb WORD PTR [eax], 0x04000; cmp WORD PTR [eax], 0xefff; jnz $endwitherrornow;
;; ;; xadd ;;
mov DWORD PTR [eax], 0x12345678; mov ecx, 0x1234; lock xadd DWORD PTR [eax], ecx; cmp ecx, 0x12345678; jnz $endwitherrornow; mov edx, 0x1234; add edx, 0x12345678; cmp DWORD PTR [eax], edx; jnz $endwitherrornow;
mov WORD PTR [eax], 0x5678; mov cx, 0x1234; lock xadd WORD PTR [eax], cx; cmp cx, 0x5678; jnz $endwitherrornow; mov dx, 0x5678; add dx, 0x1234; cmp WORD PTR [eax], dx; jnz $endwitherrornow;
;; ;; Update caller with status ;; mov bError, 0 jmp $endnow;
$endwitherrornow:
mov bError, 1$endnow: add esp, STACK_BUFFER; popfd; popad; } } __except (EXCEPTION_EXECUTE_HANDLER) { bError = TRUE; printf("ERROR: WOW64BVT: Exception %lx\n", GetExceptionCode()); }
if (bError == FALSE) { PrintToLog("WOW64BVT: Testing X86 Lock on misaligned addresses...OK\n"); } else { PrintToLog("ERROR: WOW64BVT: Testing X86 Lock on misaligned addresses\n"); }
return bError;}
//////////// All this code runs in the main test driver thread //////
HANDLE CreateTheChildProcess(char *ProcessName, char *LogFileName){ char Buffer[512]; HANDLE h; STARTUPINFOA si; PROCESS_INFORMATION pi; BOOL b;
PrintToLog("WOW64BVT: Creating child process\n");
strcpy(Buffer, ProcessName); strcat(Buffer, " childprocess"); memset(&si, 0, sizeof(si)); si.cb = sizeof(si); if (fpLogFile) { // If we're logging, then change the child process' stdout/stderr
// to be the log file handle, so their output is captured to the file.
HANDLE hLog = (HANDLE)_get_osfhandle(_fileno(fpLogFile));
si.dwFlags = STARTF_USESTDHANDLES; si.hStdInput = GetStdHandle(STD_INPUT_HANDLE); si.hStdOutput = hLog; si.hStdError = hLog; } b = CreateProcessA(NULL, Buffer, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi); if (!b) { PrintToLog("ERROR: WOW64BVT: Error %d creating child process.\n", GetLastError()); exit(1); } CloseHandle(pi.hThread); return pi.hProcess;}
// This is called from within exit() in the main test driver process
void __cdecl AtExitHandler(void){ time_t EndTime; struct tm *newtime; OSVERSIONINFOW vi; BOOL b; int year, hour;
memset(&vi, 0, sizeof(vi)); vi.dwOSVersionInfoSize = sizeof(vi); b = GetVersionExW(&vi); if (!b) { PrintToLog("\tWARNING: GetVersionExW failed, LastError = %d\n", GetLastError()); vi.dwBuildNumber = 0; }
// Close the logging bucket.
PrintToLog(("[/TEST LOGGING OUTPUT]\n"));
// Print the required data:
PrintToLog("\tTEST: wow64bvt\n"); PrintToLog("\tBUILD: %d\n", vi.dwBuildNumber); PrintToLog("\tMACHINE: \\\\%s\n", getenv("COMPUTERNAME")); PrintToLog("\tRESULT: %s\n", (g_bError) ? "FAIL" : "PASS"); PrintToLog("\tCONTACT: samera\n"); PrintToLog("\tMGR CONTACT: samera\n"); PrintToLog("\tDEV PRIME: samera\n"); PrintToLog("\tDEV ALT: askhalid\n"); PrintToLog("\tTEST PRIME: terryla\n"); PrintToLog("\tTEST ALT: terryla\n"); newtime = localtime(&TestStartTime); year = (newtime->tm_year >= 100) ? newtime->tm_year-100 : newtime->tm_year; if (newtime->tm_hour == 0) { hour = 12; } else if (newtime->tm_hour > 12) { hour = newtime->tm_hour-12; } else { hour = newtime->tm_hour; } PrintToLog("\tSTART TIME: %d/%d/%2.2d %d:%2.2d:%2.2d %s\n", newtime->tm_mon+1, newtime->tm_mday, year, hour, newtime->tm_min, newtime->tm_sec, (newtime->tm_hour < 12) ? "AM" : "PM");
time(&EndTime); newtime = localtime(&EndTime); year = (newtime->tm_year >= 100) ? newtime->tm_year-100 : newtime->tm_year; if (newtime->tm_hour == 0) { hour = 12; } else if (newtime->tm_hour > 12) { hour = newtime->tm_hour-12; } else { hour = newtime->tm_hour; } PrintToLog("\tEND TIME: %d/%d/%2.2d %d:%2.2d:%2.2d %s\n", newtime->tm_mon+1, newtime->tm_mday, year, hour, newtime->tm_min, newtime->tm_sec, (newtime->tm_hour < 12) ? "AM" : "PM"); PrintToLog("[/TESTRESULT]\n");}
//
// This is just used to print out failing exception cases
//
void __cdecl ExceptionWoops(HRESULT want, HRESULT got){ if (got == 0) { PrintToLog("==> Exception Skipped. Wanted: 0x%08x, Got: 0x%08x\n", want, got); } else { PrintToLog("==> Unexpected Exception. Wanted: 0x%08x, Got: 0x%08x\n", want, got); }}
#define EXCEPTION_LOOP 10000
// Among other things, this does some divife by zero's (as a test)
// so don't have the compiler stop things just because we're causing an error
#pragma warning(disable:4756)
#pragma warning(disable:4723)
//
// Do some exception checks
//
int __cdecl ExceptionCheck(void){ int failThis; int sawException; int i; char *p = NULL; HRESULT code;
PrintToLog("WOW64BVT: Testing Exception Handling\n");
// Assume success
failThis = FALSE;
// Test a privileged instruction
sawException = FALSE; __try { __asm { hlt } code = 0; } __except((code = GetExceptionCode()), 1 ) { if (code == STATUS_PRIVILEGED_INSTRUCTION) { // PrintToLog("Saw privileged instruction\n");
} else { PrintToLog("ERROR: Cause a privileged instruction fault\n"); ExceptionWoops(STATUS_PRIVILEGED_INSTRUCTION, code); failThis = TRUE; } sawException = TRUE; } if (!sawException) { PrintToLog("ERROR: Cause a privileged instruction fault\n"); ExceptionWoops(STATUS_PRIVILEGED_INSTRUCTION, code); failThis = TRUE; }
// Test an illegal instruction
sawException = FALSE; __try { __asm { __asm _emit 0xff __asm _emit 0xff __asm _emit 0xff __asm _emit 0xff } code = 0; } __except((code = GetExceptionCode()), 1 ) { if (code == STATUS_ILLEGAL_INSTRUCTION) { // PrintToLog("Saw illegal instruction\n");
} else { PrintToLog("ERROR: Cause an illegal instruction fault\n"); ExceptionWoops(STATUS_ILLEGAL_INSTRUCTION, code); failThis = TRUE; } sawException = TRUE; } if (!sawException) { PrintToLog("ERROR: Cause an illegal instruction fault\n"); ExceptionWoops(STATUS_ILLEGAL_INSTRUCTION, code); failThis = TRUE; }
//
// Testing for an int 3 can be a problem for systems that
// are running checked builds. So, don't bother with this
// test. Perhaps in the future, the code can test for a checked
// build and do appropriate.
//
#if 0
// Test the result of an int 3
sawException = FALSE; __try { _asm { int 3 } code = 0; } __except((code = GetExceptionCode()), 1 ) { if (code == STATUS_BREAKPOINT) { // PrintToLog("Saw debugger breakpoint\n");
} else { PrintToLog("ERROR: Cause an int 3 debugger breakpoint\n"); ExceptionWoops(STATUS_BREAKPOINT, code); failThis = TRUE; } sawException = TRUE; } if (!sawException) { PrintToLog("ERROR: Cause an int 3 debugger breakpoint\n"); ExceptionWoops(STATUS_BREAKPOINT, code); failThis = TRUE; }#endif
// Test the result of an illegal int XX instruction
sawException = FALSE; __try { _asm { int 66 } code = 0; } __except((code = GetExceptionCode()), 1 ) { if (code == STATUS_ACCESS_VIOLATION) { // PrintToLog("Saw access violation\n");
} else { PrintToLog("ERROR: Cause an int 66 unknown interrupt (Access violation)\n"); ExceptionWoops(STATUS_ACCESS_VIOLATION, code); failThis = TRUE; } sawException = TRUE; } if (!sawException) { PrintToLog("ERROR: Cause an int 66 unknown interrupt (Access violation)\n"); ExceptionWoops(STATUS_ACCESS_VIOLATION, code); failThis = TRUE; }
// Test the result of an int divide by zero
sawException = FALSE; __try { int i, j, k;
i = 0; j = 4;
k = j / i; code = 0; } __except((code = GetExceptionCode()), 1 ) { if (code == STATUS_INTEGER_DIVIDE_BY_ZERO) { // PrintToLog("Saw int divide by zero\n");
} else { PrintToLog("ERROR: Cause an integer divide by zero\n"); ExceptionWoops(STATUS_INTEGER_DIVIDE_BY_ZERO, code); failThis = TRUE; } sawException = TRUE; } if (!sawException) { PrintToLog("ERROR: Cause an integer divide by zero\n"); ExceptionWoops(STATUS_INTEGER_DIVIDE_BY_ZERO, code); failThis = TRUE; }
// Test the result of an fp divide by zero
// PrintToLog("Before div0: Control is 0x%0.4x, Status is 0x%0.4x\n", _control87(0,0), _status87());
sawException = FALSE; __try { double x, y;
y = 0.0;
x = 1.0 / y ;
// PrintToLog("x is %lf\n", x);
code = 0; } __except((code = GetExceptionCode()), 1 ) { // Don't actually get a divide by zero error, get
// so we should never hit this exception!
PrintToLog("Try a floating divide by zero\n"); PrintToLog("Woops! Saw an exception when we shouldn't have!\n"); sawException = TRUE; failThis = TRUE; } // So you would think you'd get a float divide by zero error... Nope,
// you get X set to infinity...
if (code != 0) { PrintToLog("ERROR: Try a floating divide by zero\n"); ExceptionWoops(0, code); failThis = TRUE; } // PrintToLog("After div0: Control is 0x%0.4x, Status is 0x%0.4x\n", _control87(0,0), _status87());
// Test an int overflow (which actually does not cause an exception)
sawException = FALSE; __try { __asm { into } // PrintToLog("into doesn't fault\n");
code = 0; } __except((code = GetExceptionCode()), 1 ) { if (code == STATUS_INTEGER_OVERFLOW) { // PrintToLog("Saw integer overflow\n");
} else { PrintToLog("ERROR: Try an into overflow fault\n"); ExceptionWoops(STATUS_INTEGER_OVERFLOW, code); failThis = TRUE; } sawException = TRUE; } // Looks like integer overflow is ok... Is this a CRT thing?
if (code != 0) { PrintToLog("ERROR: Try an into overflow fault\n"); ExceptionWoops(0, code); failThis = TRUE; }
// Test an illegal access
sawException = FALSE; __try {
*p = 1; code = 0; } __except((code = GetExceptionCode()), 1 ) { if (code == STATUS_ACCESS_VIOLATION) { // PrintToLog("Saw access violation\n");
} else { PrintToLog("ERROR: Cause an access violation\n"); ExceptionWoops(STATUS_ACCESS_VIOLATION, code); failThis = TRUE; } sawException = TRUE; } if (!sawException) { PrintToLog("ERROR: Cause an access violation\n"); ExceptionWoops(STATUS_ACCESS_VIOLATION, code); failThis = TRUE; }
//
// Finally, try a lot of exceptions (a loop) and verify we don't overflow
// the stack
//
for (i = 0; i < EXCEPTION_LOOP; i++) { // Test an illegal access
sawException = FALSE; __try { *p = 1; code = 0; } __except((code = GetExceptionCode()), 1 ) { if (code == STATUS_ACCESS_VIOLATION) { // PrintToLog("Saw access violation\n");
} else { PrintToLog("ERROR: Cause an access violation\n"); ExceptionWoops(STATUS_ACCESS_VIOLATION, code); failThis = TRUE; break; } sawException = TRUE; } if (!sawException) { PrintToLog("ERROR: Cause an access violation\n"); ExceptionWoops(STATUS_ACCESS_VIOLATION, code); failThis = TRUE; break; } }
return failThis;}
// Ok, go back to normal warnings...
#pragma warning(default:4756)
#pragma warning(default:4723)
#if defined(__BUILDMACHINE__)
#if defined(__BUILDDATE__)
#define B2(x, y) "" #x "." #y
#define B1(x, y) B2(x, y)
#define BUILD_MACHINE_TAG B1(__BUILDMACHINE__, __BUILDDATE__)
#else
#define B2(x) "" #x
#define B1(x) B2(x)
#define BUILD_MACHINE_TAG B1(__BUILDMACHINE__)
#endif
#else
#define BUILD_MACHINE_TAG ""
#endif
int __cdecl main(int argc, char *argv[]){ NTSTATUS st; HANDLE HandleList[2]; BOOL b; DWORD dwExitCode;
// Disable buffering of the standard output handle
setvbuf(stdout, NULL, _IONBF, 0);
// Do some minimal command-line checking
if (argc < 2 || argc > 3) { PrintToLog("Usage: wow64bvt log_file_name\n\n"); return 1; } else if (strcmp(argv[1], "childprocess") == 0) { return BeAChildProcess(); } // We're the main exe
// Record the start time
time(&TestStartTime);
// Open the log file
fpLogFile = fopen(argv[1], "w"); if (!fpLogFile) { PrintToLog("wow64bvt: Error: unable to create the log file '%s'\n", argv[1]); return 1; } // Disable buffering of the log file handle
setvbuf(fpLogFile, NULL, _IONBF, 0);
// Print the initial banner
PrintToLog("[TESTRESULT]\n"); PrintToLog("[TEST LOGGING OUTPUT]\n"); PrintToLog("%s built on %s at %s by %s\n", argv[0], __DATE__, __TIME__, BUILD_MACHINE_TAG);
// Register the atexit handler - it closes the logging output section
// and prints the success/fail information as the BVT test exits.
atexit(AtExitHandler);
///////////////////////////// Test starts here //////////////////////////
// 32-bit child process creation from 32-bit parent. The parent instance
// (running now) tested 32-bit child from 64-bit parent
HandleList[0] = CreateTheChildProcess(argv[0], argv[1]);
// Create a thread do so some more work
HandleList[1] = CreateTheThread();
// Wait for everything to finish
WaitForMultipleObjects(sizeof(HandleList)/sizeof(HandleList[0]), HandleList, TRUE, INFINITE);
// Get the return code from the child process
b=GetExitCodeProcess(HandleList[0], &dwExitCode); if (b) { if (dwExitCode) { // The child failed. We should fail too.
return (int)dwExitCode; } } else { PrintToLog("ERROR: GetExitCodeProcess failed with LastError = %d\n", GetLastError()); return 1; }
// Get the return code from the thread
b=GetExitCodeThread(HandleList[1], &dwExitCode); if (b) { if (dwExitCode) { // The child failed. We should fail too.
return (int)dwExitCode; } } else { PrintToLog("ERROR: GetExitCodeThread failed with LastError = %d\n", GetLastError()); return 1; }
b = ExceptionCheck(); if (b) { PrintToLog("ERROR: Exception Handling test.\n"); return 1; }
b = TestGuardPages(); if (b) { PrintToLog("ERROR: TestGuardPages().\n"); return 1; }
b = TestMemoryMappedFiles(); if (b) { PrintToLog("ERROR: TestMemoryMappedFiles().\n"); return 1; }
b = TestVadSplitOnFree(); if (b) { PrintToLog("ERROR: TestVadSplitOnFree()\n"); return 1; }
b = TestMmPageProtection(); if (b) { PrintToLog("ERROR: TestMmPageProtection()\n"); return 1; }
b = TestX86MisalignedLock(); if (b) { PrintToLog("ERROR: TestX86MisalignedLock()\n"); return 1; }
// Everything finished OK. Clear the error flag and exit. The atexit
// callback function will finish filling out the log if this is the
// main thread.
g_bError = FALSE; return 0;}
|
