archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/sdktools/buggy/driver/mapview.c

1292 lines
27 KiB
Raw Normal View History

Add source files
4 years ago
  1. //
  2. // Template Driver
  3. // Copyright (c) Microsoft Corporation, 2000.
  4. //
  5. // Module: MapView.c
  6. // Author: Daniel Mihai (DMihai)
  7. // Created: 4/6/2000
  8. //
  9. // This module contains tests for MmMapViewInSystemSpace & MmMapViewInSessionSpace.
  10. // Note that SystemViewSize & SessionViewSize are configurable using the registry.
  11. //
  12. // SessionPoolTest is exercising the paged pool allocated with SESSION_POOL_MASK.
  13. // The size of this pool can be also configured using the SsessionViewSize registry
  14. // value.
  15. //
  16. // --- History ---
  17. //
  18. // 4/6/2000 (DMihai): initial version.
  19. //
  21. #include <ntddk.h>
  23. #include "active.h"
  24. #include "MapView.h"
  25. #include "tdriver.h"
  27. #if !MAPVIEW_ACTIVE
  29. //
  30. // Dummy implementation if the module is inactive
  31. //
  33. VOID MmMapViewInSystemSpaceLargest (
  34. PVOID NotUsed
  35. )
  36. {
  37. DbgPrint ("Buggy: MapView module is disabled from active.h\n");
  38. }
  40. VOID MmMapViewInSystemSpaceTotal (
  41. PVOID NotUsed
  42. )
  43. {
  44. DbgPrint ("Buggy: MapView module is disabled from active.h\n");
  45. }
  47. VOID MmMapViewInSessionSpaceLargest (
  48. PVOID NotUsed
  49. )
  50. {
  51. DbgPrint ("Buggy: MapView module is disabled from active.h\n");
  52. }
  54. VOID MmMapViewInSessionSpaceTotal (
  55. PVOID NotUsed
  56. )
  57. {
  58. DbgPrint ("Buggy: MapView module is disabled from active.h\n");
  59. }
  61. VOID SessionPoolTest (
  62. PVOID NotUsed
  63. )
  64. {
  65. DbgPrint ("Buggy: MapView module is disabled from active.h\n");
  66. }
  68. #else
  70. const LARGE_INTEGER BuggyFiveSeconds = {(ULONG)(-5 * 1000 * 1000 * 10), -1};
  73. //
  74. // Real implementation if the module is active
  75. //
  77. #ifndef SESSION_POOL_MASK
  78. #define SESSION_POOL_MASK 32
  79. #endif //#ifndef SESSION_POOL_MASK
  81. #ifndef SEC_COMMIT
  82. #define SEC_COMMIT 0x8000000
  83. #endif //#ifndef SEC_COMMIT
  85. #ifndef ZwDeleteFile
  87. NTSYSCALLAPI
  88. NTSTATUS
  89. NTAPI
  90. ZwDeleteFile(
  91. IN POBJECT_ATTRIBUTES ObjectAttributes
  92. ); //#ifndef ZwDeleteFile
  94. #endif
  97. #ifndef MmCreateSection
  100. NTKERNELAPI
  101. NTSTATUS
  102. MmCreateSection (
  103. OUT PVOID *SectionObject,
  104. IN ACCESS_MASK DesiredAccess,
  105. IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
  106. IN PLARGE_INTEGER MaximumSize,
  107. IN ULONG SectionPageProtection,
  108. IN ULONG AllocationAttributes,
  109. IN HANDLE FileHandle OPTIONAL,
  110. IN PFILE_OBJECT File OPTIONAL
  111. );
  113. NTKERNELAPI
  114. NTSTATUS
  115. MmMapViewInSystemSpace (
  116. IN PVOID Section,
  117. OUT PVOID *MappedBase,
  118. IN PSIZE_T ViewSize
  119. );
  121. NTKERNELAPI
  122. NTSTATUS
  123. MmUnmapViewInSystemSpace (
  124. IN PVOID MappedBase
  125. );
  127. // begin_ntosp
  128. NTKERNELAPI
  129. NTSTATUS
  130. MmMapViewInSessionSpace (
  131. IN PVOID Section,
  132. OUT PVOID *MappedBase,
  133. IN OUT PSIZE_T ViewSize
  134. );
  136. NTKERNELAPI
  137. NTSTATUS
  138. MmUnmapViewInSessionSpace (
  139. IN PVOID MappedBase
  140. );
  142. #endif //#ifndef MmCreateSection
  144. #define BUGGY_TEMPORARY_FILE1 L"\\SystemRoot\\Buggy1.tmp"
  145. #define BUGGY_TEMPORARY_FILE2 L"\\SystemRoot\\Buggy2.tmp"
  146. #define BUGGY_TEMPORARY_FILE3 L"\\SystemRoot\\Buggy3.tmp"
  147. #define BUGGY_TEMPORARY_FILE4 L"\\SystemRoot\\Buggy4.tmp"
  149. #define BUGGY_MAX_SECTIONS_TO_MAP ( 8 * 1024 )
  151. //
  152. // global array for mapped sections
  153. //
  155. /////////////////////////////////////////////////////////////////////////////
  156. //
  157. // verify a mapping
  158. //
  160. VOID VerifyMapping( PVOID pBase, SIZE_T uSize )
  161. {
  162. SIZE_T *puCrtPage;
  163. SIZE_T uCrtPageIndex;
  164. SIZE_T uPages;
  166. if( uSize > 100 * 1024 * 1024 )
  167. {
  168. DbgPrint ( "Buggy: VerifyMapping: don't try to touch all the %p size to avoid deadlock\n",
  169. uSize );
  171. return;
  172. }
  174. /*
  175. DbgPrint ( "\nBuggy: Verifying mapping at address %p, size %p...\n",
  176. pBase,
  177. (PVOID) uSize );
  178. */
  180. uPages = uSize / PAGE_SIZE;
  182. puCrtPage = (SIZE_T *)pBase;
  184. for( uCrtPageIndex = 0; uCrtPageIndex < uPages; uCrtPageIndex++ )
  185. {
  186. *puCrtPage = uCrtPageIndex;
  188. puCrtPage = (SIZE_T *) ( ( (CHAR*) puCrtPage ) + PAGE_SIZE );
  189. }
  191. while( uCrtPageIndex > 0 )
  192. {
  193. uCrtPageIndex --;
  194. puCrtPage = (SIZE_T *) ( ( (CHAR*) puCrtPage ) - PAGE_SIZE );
  196. if( *puCrtPage != uCrtPageIndex )
  197. {
  198. DbgPrint ( "\nBuggy: Wrong mapping at address %p\n",
  199. puCrtPage );
  201. DbgBreakPoint();
  202. }
  203. }
  205. //DbgPrint ( "done\n" );
  206. }
  208. /////////////////////////////////////////////////////////////////////////////
  210. VOID MmMapViewInSystemSpaceLargest (
  211. PVOID NotUsed
  212. )
  213. {
  214. NTSTATUS Status;
  215. HANDLE hFile = NULL;
  216. SIZE_T SizeToMap;
  217. SIZE_T SizeToGrow;
  218. PVOID pMappedBase = NULL;
  219. PVOID pSection = NULL;
  220. LARGE_INTEGER MaxSectionSize;
  221. OBJECT_ATTRIBUTES ObjectAttributes;
  222. UNICODE_STRING FileName;
  223. IO_STATUS_BLOCK IoStatusBlock;
  225. //
  226. // Create BUGGY_TEMPORARY_FILE1
  227. //
  229. RtlInitUnicodeString(
  230. &FileName,
  231. BUGGY_TEMPORARY_FILE1
  232. );
  234. InitializeObjectAttributes(
  235. &ObjectAttributes,
  236. &FileName,
  237. OBJ_CASE_INSENSITIVE ,
  238. NULL,
  239. NULL
  240. );
  242. Status = ZwCreateFile(
  243. &hFile,
  244. GENERIC_READ | GENERIC_WRITE,
  245. &ObjectAttributes,
  246. &IoStatusBlock,
  247. NULL,
  248. FILE_ATTRIBUTE_NORMAL,
  249. 0,
  250. FILE_OVERWRITE_IF,
  251. FILE_NON_DIRECTORY_FILE,
  252. NULL,
  253. 0 );
  255. /*
  256. Status = ZwCreateFile(
  257. &hFile,
  258. GENERIC_READ | GENERIC_WRITE,
  259. &ObjectAttributes,
  260. &IoStatusBlock,
  261. NULL,
  262. FILE_ATTRIBUTE_NORMAL,
  263. FILE_SHARE_READ,
  264. FILE_OPEN_IF,
  265. FILE_WRITE_THROUGH |
  266. FILE_NO_INTERMEDIATE_BUFFERING |
  267. FILE_SYNCHRONOUS_IO_NONALERT,
  268. NULL,
  269. 0
  270. );
  271. */
  273. if( ! NT_SUCCESS( Status ) )
  274. {
  275. DbgPrint ("Buggy: ZwCreateFile failed - status %X\n",
  276. Status );
  278. goto cleanup;
  279. }
  280. else
  281. {
  282. DbgPrint ( "Buggy: created file, handle %p\n",
  283. hFile );
  284. }
  286. //
  287. // Create a section for the temp file
  288. //
  290. #ifdef _WIN64
  291. MaxSectionSize.QuadPart = (LONGLONG)0x40000000 * PAGE_SIZE;
  292. #else
  293. MaxSectionSize.QuadPart = 0xFFFFFFFF;
  294. #endif //#ifdef _WIN64
  296. do
  297. {
  298. Status = MmCreateSection(
  299. &pSection,
  300. STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE,
  301. NULL,
  302. &MaxSectionSize,
  303. PAGE_READWRITE,
  304. SEC_COMMIT,
  305. hFile,
  306. NULL );
  308. if( ! NT_SUCCESS( Status ) )
  309. {
  310. if( Status == STATUS_DISK_FULL )
  311. {
  312. MaxSectionSize.QuadPart /= 2;
  314. DbgPrint ("Buggy: MmCreateSection returned STATUS_DISK_FULL, re-trying with max section size = %I64X\n",
  315. MaxSectionSize.QuadPart );
  316. }
  317. else
  318. {
  319. DbgPrint ("Buggy: MmCreateSection failed - status %X\n",
  320. Status );
  322. goto cleanup;
  323. }
  324. }
  325. else
  326. {
  327. DbgPrint ( "Buggy: created section with max size %I64X\n",
  328. MaxSectionSize.QuadPart );
  330. break;
  331. }
  333. } while( MaxSectionSize.QuadPart > PAGE_SIZE );
  336. DbgPrint ( "Buggy: Using section at %p\n",
  337. pSection );
  339. //
  340. // try to map the max size section
  341. //
  343. SizeToMap = (SIZE_T) MaxSectionSize.QuadPart;
  345. while( SizeToMap > PAGE_SIZE )
  346. {
  347. Status = MmMapViewInSystemSpace(
  348. pSection,
  349. &pMappedBase,
  350. &SizeToMap );
  352. if( ! NT_SUCCESS( Status ) )
  353. {
  354. DbgPrint ( "Buggy: MmMapViewInSystemSpace failed for size %p, status %X\n",
  355. SizeToMap,
  356. Status );
  358. SizeToMap /= 2;
  359. }
  360. else
  361. {
  362. DbgPrint ( "\n\nFirst result of the test:\n\n" );
  364. DbgPrint ( "Buggy: MmMapViewInSystemSpace succeeded for size %p, mapped base %p\n",
  365. SizeToMap,
  366. pMappedBase );
  368. //DbgPrint ( "\n\n" );
  370. VerifyMapping( pMappedBase, SizeToMap );
  372. break;
  373. }
  374. }
  376. //
  377. // try to grow the size
  378. //
  380. while( pMappedBase != NULL )
  381. {
  382. //
  383. // unmap the old one
  384. //
  386. Status = MmUnmapViewInSystemSpace(
  387. pMappedBase );
  389. if( ! NT_SUCCESS( Status ) )
  390. {
  391. DbgPrint ( "Buggy: MmUnmapViewInSystemSpace failed, status %X\n",
  392. Status );
  394. DbgBreakPoint();
  396. break;
  397. }
  399. pMappedBase = NULL;
  401. //
  402. // grow the size
  403. //
  405. SizeToGrow = SizeToMap / 10;
  407. if( SizeToGrow < 10 * PAGE_SIZE )
  408. {
  409. //
  410. // don't bother
  411. //
  413. break;
  414. }
  416. SizeToMap += SizeToGrow;
  418. //
  419. // try to use this bigger size
  420. //
  422. Status = MmMapViewInSystemSpace(
  423. pSection,
  424. &pMappedBase,
  425. &SizeToMap );
  427. if( ! NT_SUCCESS( Status ) )
  428. {
  429. /*
  430. DbgPrint ( "Buggy: MmMapViewInSystemSpace failed for size %p, status %X\n",
  431. SizeToMap,
  432. Status );
  433. */
  435. //
  436. // can't grow the size anymore
  437. //
  439. break;
  440. }
  441. else
  442. {
  443. DbgPrint ( "\n\nBetter result of the test:\n\n" );
  445. DbgPrint ( "Buggy: MmMapViewInSystemSpace succeeded for size %p, mapped base %p\n",
  446. SizeToMap,
  447. pMappedBase );
  449. //DbgPrint ( "\n\n" );
  451. VerifyMapping( pMappedBase, SizeToMap );
  452. }
  453. }
  455. //
  456. // clean-up
  457. //
  459. cleanup:
  461. if( pMappedBase != NULL )
  462. {
  463. Status = MmUnmapViewInSystemSpace(
  464. pMappedBase );
  466. if( ! NT_SUCCESS( Status ) )
  467. {
  468. DbgPrint ( "Buggy: MmUnmapViewInSystemSpace failed, status %X\n",
  469. Status );
  471. DbgBreakPoint();
  472. }
  473. }
  475. if( pSection != NULL )
  476. {
  477. ObDereferenceObject(
  478. pSection );
  479. }
  481. if( hFile != NULL )
  482. {
  483. ZwClose( hFile );
  485. Status = ZwDeleteFile(
  486. &ObjectAttributes );
  488. if( ! NT_SUCCESS( Status ) )
  489. {
  490. DbgPrint ("Buggy: ZwDeleteFile failed - status %X\n",
  491. Status );
  492. }
  493. else
  494. {
  495. // DbgPrint ("Buggy: temporary file deleted\n" );
  496. }
  497. }
  498. }
  500. ///////////////////////////////////////////////////////////////////////////
  502. PVOID *MappedSections;
  504. VOID MmMapViewInSystemSpaceTotal (
  505. PVOID NotUsed
  506. )
  507. {
  508. NTSTATUS Status;
  509. HANDLE hFile = NULL;
  510. SIZE_T SizeToMap;
  511. PVOID pSection = NULL;
  512. SIZE_T CrtMap;
  513. LARGE_INTEGER MaxSectionSize;
  514. OBJECT_ATTRIBUTES ObjectAttributes;
  515. UNICODE_STRING FileName;
  516. IO_STATUS_BLOCK IoStatusBlock;
  518. MappedSections = ExAllocatePoolWithTag(
  519. NonPagedPool,
  520. BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ),
  521. TD_POOL_TAG );
  523. if( MappedSections == NULL )
  524. {
  525. DbgPrint ("Buggy: ExAllocatePoolWithTag failed - bail\n" );
  527. return;
  528. }
  530. RtlZeroMemory( MappedSections, BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ) );
  532. //
  533. // Create BUGGY_TEMPORARY_FILE2
  534. //
  536. RtlInitUnicodeString(
  537. &FileName,
  538. BUGGY_TEMPORARY_FILE2
  539. );
  541. InitializeObjectAttributes(
  542. &ObjectAttributes,
  543. &FileName,
  544. OBJ_CASE_INSENSITIVE,
  545. NULL,
  546. NULL
  547. );
  549. Status = ZwCreateFile(
  550. &hFile,
  551. GENERIC_READ | GENERIC_WRITE,
  552. &ObjectAttributes,
  553. &IoStatusBlock,
  554. NULL,
  555. FILE_ATTRIBUTE_NORMAL,
  556. 0,
  557. FILE_OVERWRITE_IF,
  558. FILE_NON_DIRECTORY_FILE,
  559. NULL,
  560. 0 );
  562. if( ! NT_SUCCESS( Status ) )
  563. {
  564. /*
  565. DbgPrint ("Buggy: ZwCreateFile failed - status %X\n",
  566. Status );
  567. */
  569. goto cleanup;
  570. }
  571. else
  572. {
  573. //DbgPrint ( "Buggy: created file\n" );
  574. }
  576. //
  577. // Create a section for the temp file
  578. //
  580. MaxSectionSize.QuadPart = 1024 * 1024;
  582. do
  583. {
  584. Status = MmCreateSection(
  585. &pSection,
  586. STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE,
  587. NULL,
  588. &MaxSectionSize,
  589. PAGE_READWRITE,
  590. SEC_COMMIT,
  591. hFile,
  592. NULL );
  594. if( ! NT_SUCCESS( Status ) )
  595. {
  596. if( Status == STATUS_DISK_FULL )
  597. {
  598. MaxSectionSize.QuadPart /= 2;
  600. /*
  601. DbgPrint ("Buggy: MmCreateSection returned STATUS_DISK_FULL, re-trying with max section size = %I64X\n",
  602. MaxSectionSize.QuadPart );
  603. */
  604. }
  605. else
  606. {
  607. DbgPrint ("Buggy: MmCreateSection failed - status %X\n",
  608. Status );
  610. goto cleanup;
  611. }
  612. }
  613. else
  614. {
  615. /*
  616. DbgPrint ( "Buggy: created section with max size %I64X\n",
  617. MaxSectionSize.QuadPart );
  618. */
  620. break;
  621. }
  623. } while( MaxSectionSize.QuadPart > PAGE_SIZE );
  626. //
  627. // get a pointer to the section
  628. //
  630. DbgPrint ( "Buggy: Using section at %p\n",
  631. pSection );
  633. //
  634. // try to map the max size section
  635. //
  637. SizeToMap = (SIZE_T) MaxSectionSize.QuadPart;
  639. RtlZeroMemory( MappedSections, BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ) );
  641. for( CrtMap = 0; CrtMap < BUGGY_MAX_SECTIONS_TO_MAP; CrtMap++ )
  642. {
  643. Status = MmMapViewInSystemSpace(
  644. pSection,
  645. &MappedSections[ CrtMap ],
  646. &SizeToMap );
  648. if( ! NT_SUCCESS( Status ) )
  649. {
  650. /*
  651. DbgPrint ( "Buggy: MmMapViewInSystemSpace failed for size %p, status %X, chunk %p\n",
  652. SizeToMap,
  653. Status
  654. );
  655. */
  657. break;
  658. }
  659. else
  660. {
  661. if( CrtMap <= 100 )
  662. {
  663. VerifyMapping( MappedSections[ CrtMap ], SizeToMap );
  664. }
  665. }
  666. }
  668. DbgPrint ( "\n\nBuggy: Result of the test:\n\n" );
  670. DbgPrint ( "Buggy: mapped %u sections with size %p, total %p\n",
  671. CrtMap,
  672. SizeToMap,
  673. SizeToMap * (SIZE_T)CrtMap );
  675. //DbgPrint ( "\n\n" );
  677. //
  678. // clean-up
  679. //
  681. cleanup:
  683. for( CrtMap = 0; CrtMap < BUGGY_MAX_SECTIONS_TO_MAP; CrtMap++ )
  684. {
  685. if( MappedSections[ CrtMap ] == NULL )
  686. {
  687. break;
  688. }
  690. Status = MmUnmapViewInSystemSpace(
  691. MappedSections[ CrtMap ] );
  693. if( ! NT_SUCCESS( Status ) )
  694. {
  695. DbgPrint ( "Buggy: MmUnmapViewInSystemSpace failed for %p, status %X\n",
  696. MappedSections[ CrtMap ],
  697. Status );
  699. DbgBreakPoint();
  700. }
  701. }
  703. DbgPrint ( "Buggy: unmapped %p sections\n",
  704. CrtMap );
  706. if( pSection != NULL )
  707. {
  708. ObDereferenceObject(
  709. pSection );
  711. DbgPrint ( "Buggy: dereferenced section at %p\n",
  712. pSection );
  713. }
  715. if( hFile != NULL )
  716. {
  717. ZwClose( hFile );
  719. DbgPrint ( "Buggy: calling ZwDeleteFile\n" );
  721. Status = ZwDeleteFile(
  722. &ObjectAttributes );
  724. if( ! NT_SUCCESS( Status ) )
  725. {
  726. DbgPrint ("Buggy: ZwDeleteFile failed - status %X\n",
  727. Status );
  728. }
  729. else
  730. {
  731. DbgPrint ("Buggy: temporary file deleted\n" );
  732. }
  733. }
  735. ExFreePool( MappedSections );
  736. }
  738. /////////////////////////////////////////////////////////////////////////////
  740. VOID MmMapViewInSessionSpaceLargest (
  741. PVOID NotUsed
  742. )
  743. {
  744. NTSTATUS Status;
  745. HANDLE hFile = NULL;
  746. SIZE_T SizeToMap;
  747. SIZE_T SizeToGrow;
  748. PVOID pMappedBase = NULL;
  749. PVOID pSection = NULL;
  750. LARGE_INTEGER MaxSectionSize;
  751. OBJECT_ATTRIBUTES ObjectAttributes;
  752. UNICODE_STRING FileName;
  753. IO_STATUS_BLOCK IoStatusBlock;
  755. // Create BUGGY_TEMPORARY_FILE3
  756. //
  758. RtlInitUnicodeString(
  759. &FileName,
  760. BUGGY_TEMPORARY_FILE3
  761. );
  763. InitializeObjectAttributes(
  764. &ObjectAttributes,
  765. &FileName,
  766. OBJ_CASE_INSENSITIVE,
  767. NULL,
  768. NULL
  769. );
  771. Status = ZwCreateFile(
  772. &hFile,
  773. GENERIC_READ | GENERIC_WRITE,
  774. &ObjectAttributes,
  775. &IoStatusBlock,
  776. NULL,
  777. FILE_ATTRIBUTE_NORMAL,
  778. 0,
  779. FILE_OVERWRITE_IF,
  780. FILE_NON_DIRECTORY_FILE,
  781. NULL,
  782. 0 );
  784. if( ! NT_SUCCESS( Status ) )
  785. {
  786. /*
  787. DbgPrint ("Buggy: ZwCreateFile failed - status %X\n",
  788. Status );
  789. */
  791. goto cleanup;
  792. }
  793. else
  794. {
  795. //DbgPrint ( "Buggy: created file\n" );
  796. }
  798. //
  799. // Create a section for the temp file
  800. //
  802. #ifdef _WIN64
  803. MaxSectionSize.QuadPart = (LONGLONG)0x40000000 * PAGE_SIZE;
  804. #else
  805. MaxSectionSize.QuadPart = 0xFFFFFFFF;
  806. #endif //#ifdef _WIN64
  808. do
  809. {
  810. Status = MmCreateSection(
  811. &pSection,
  812. STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE,
  813. NULL,
  814. &MaxSectionSize,
  815. PAGE_READWRITE,
  816. SEC_COMMIT,
  817. hFile,
  818. NULL );
  820. if( ! NT_SUCCESS( Status ) )
  821. {
  822. if( Status == STATUS_DISK_FULL )
  823. {
  824. MaxSectionSize.QuadPart /= 2;
  826. DbgPrint ("Buggy: MmCreateSection returned STATUS_DISK_FULL, re-trying with max section size = %I64X\n",
  827. MaxSectionSize.QuadPart );
  828. }
  829. else
  830. {
  831. DbgPrint ("Buggy: MmCreateSection failed - status %X\n",
  832. Status );
  834. goto cleanup;
  835. }
  836. }
  837. else
  838. {
  839. DbgPrint ( "Buggy: created section with max size %I64X\n",
  840. MaxSectionSize.QuadPart );
  842. break;
  843. }
  845. } while( MaxSectionSize.QuadPart > PAGE_SIZE );
  848. DbgPrint ( "Buggy: Using section at %p\n",
  849. pSection );
  851. //
  852. // try to map the max size section
  853. //
  855. SizeToMap = (SIZE_T) MaxSectionSize.QuadPart;
  857. while( SizeToMap > PAGE_SIZE )
  858. {
  859. Status = MmMapViewInSessionSpace(
  860. pSection,
  861. &pMappedBase,
  862. &SizeToMap );
  864. if( ! NT_SUCCESS( Status ) )
  865. {
  866. DbgPrint ( "Buggy: MmMapViewInSessionSpace failed for size %p, status %X\n",
  867. SizeToMap,
  868. Status );
  870. SizeToMap /= 2;
  871. }
  872. else
  873. {
  874. DbgPrint ( "\n\nFirst result of the test:\n\n" );
  876. DbgPrint ( "Buggy: MmMapViewInSessionSpace succeeded for size %p, mapped base %p\n",
  877. SizeToMap,
  878. pMappedBase );
  880. //DbgPrint ( "\n\n" );
  882. VerifyMapping( pMappedBase, SizeToMap );
  884. break;
  885. }
  886. }
  888. //
  889. // try to grow the size
  890. //
  892. while( pMappedBase != NULL )
  893. {
  894. //
  895. // unmap the old one
  896. //
  898. Status = MmUnmapViewInSessionSpace(
  899. pMappedBase );
  901. if( ! NT_SUCCESS( Status ) )
  902. {
  903. DbgPrint ( "Buggy: MmUnmapViewInSessionSpace failed, status %X\n",
  904. Status );
  906. DbgBreakPoint();
  908. break;
  909. }
  911. pMappedBase = NULL;
  913. //
  914. // grow the size
  915. //
  917. SizeToGrow = SizeToMap / 10;
  919. if( SizeToGrow < 10 * PAGE_SIZE )
  920. {
  921. //
  922. // don't bother
  923. //
  925. break;
  926. }
  928. SizeToMap += SizeToGrow;
  930. //
  931. // try to use this bigger size
  932. //
  934. Status = MmMapViewInSessionSpace(
  935. pSection,
  936. &pMappedBase,
  937. &SizeToMap );
  939. if( ! NT_SUCCESS( Status ) )
  940. {
  941. DbgPrint ( "Buggy: MmMapViewInSessionSpace failed for size %p, status %X\n",
  942. SizeToMap,
  943. Status );
  945. //
  946. // can't grow the size anymore
  947. //
  949. break;
  950. }
  951. else
  952. {
  953. DbgPrint ( "\n\nBetter result of the test:\n\n" );
  955. DbgPrint ( "Buggy: MmMapViewInSessionSpace succeeded for size %p, mapped base %p\n",
  956. SizeToMap,
  957. pMappedBase );
  959. //DbgPrint ( "\n\n" );
  961. VerifyMapping( pMappedBase, SizeToMap );
  962. }
  963. }
  965. //
  966. // clean-up
  967. //
  969. cleanup:
  971. if( pMappedBase != NULL )
  972. {
  973. Status = MmUnmapViewInSessionSpace(
  974. pMappedBase );
  976. if( ! NT_SUCCESS( Status ) )
  977. {
  978. DbgPrint ( "Buggy: MmUnmapViewInSessionSpace failed, status %X\n",
  979. Status );
  981. DbgBreakPoint();
  982. }
  983. }
  985. if( pSection != NULL )
  986. {
  987. ObDereferenceObject(
  988. pSection );
  989. }
  991. if( hFile != NULL )
  992. {
  993. ZwClose( hFile );
  995. Status = ZwDeleteFile(
  996. &ObjectAttributes );
  998. if( ! NT_SUCCESS( Status ) )
  999. {
  1000. DbgPrint ("Buggy: ZwDeleteFile failed - status %X\n",
  1001. Status );
  1002. }
  1003. else
  1004. {
  1005. //DbgPrint ("Buggy: temporary file deleted\n" );
  1006. }
  1007. }
  1008. }
  1010. ///////////////////////////////////////////////////////////////////////////
  1012. VOID MmMapViewInSessionSpaceTotal (
  1013. PVOID NotUsed
  1014. )
  1015. {
  1016. NTSTATUS Status;
  1017. HANDLE hFile = NULL;
  1018. SIZE_T SizeToMap;
  1019. PVOID pSection = NULL;
  1020. SIZE_T CrtMap;
  1021. LARGE_INTEGER MaxSectionSize;
  1022. OBJECT_ATTRIBUTES ObjectAttributes;
  1023. UNICODE_STRING FileName;
  1024. IO_STATUS_BLOCK IoStatusBlock;
  1025. PVOID *MappedSections;
  1027. MappedSections = ExAllocatePoolWithTag(
  1028. NonPagedPool,
  1029. BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ),
  1030. TD_POOL_TAG );
  1032. if( MappedSections == NULL )
  1033. {
  1034. DbgPrint ("Buggy: ExAllocatePoolWithTag failed - bail\n" );
  1036. return;
  1037. }
  1039. RtlZeroMemory( MappedSections, BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ) );
  1042. //
  1043. // Create BUGGY_TEMPORARY_FILE3
  1044. //
  1046. RtlInitUnicodeString(
  1047. &FileName,
  1048. BUGGY_TEMPORARY_FILE3
  1049. );
  1051. InitializeObjectAttributes(
  1052. &ObjectAttributes,
  1053. &FileName,
  1054. OBJ_CASE_INSENSITIVE,
  1055. NULL,
  1056. NULL
  1057. );
  1059. Status = ZwCreateFile(
  1060. &hFile,
  1061. GENERIC_READ | GENERIC_WRITE,
  1062. &ObjectAttributes,
  1063. &IoStatusBlock,
  1064. NULL,
  1065. FILE_ATTRIBUTE_NORMAL,
  1066. 0,
  1067. FILE_OVERWRITE_IF,
  1068. FILE_NON_DIRECTORY_FILE,
  1069. NULL,
  1070. 0 );
  1072. if( ! NT_SUCCESS( Status ) )
  1073. {
  1074. DbgPrint ("Buggy: ZwCreateFile failed - status %X\n",
  1075. Status );
  1077. goto cleanup;
  1078. }
  1079. else
  1080. {
  1081. //DbgPrint ( "Buggy: created file\n" );
  1082. }
  1084. //
  1085. // Create a section for the temp file
  1086. //
  1088. MaxSectionSize.QuadPart = 1024 * 1024;
  1090. do
  1091. {
  1092. Status = MmCreateSection(
  1093. &pSection,
  1094. STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE,
  1095. NULL,
  1096. &MaxSectionSize,
  1097. PAGE_READWRITE,
  1098. SEC_COMMIT,
  1099. hFile,
  1100. NULL );
  1102. if( ! NT_SUCCESS( Status ) )
  1103. {
  1104. if( Status == STATUS_DISK_FULL )
  1105. {
  1106. MaxSectionSize.QuadPart /= 2;
  1108. /*
  1109. DbgPrint ("Buggy: MmCreateSection returned STATUS_DISK_FULL, re-trying with max section size = %I64X\n",
  1110. MaxSectionSize.QuadPart );
  1111. */
  1112. }
  1113. else
  1114. {
  1115. DbgPrint ("Buggy: MmCreateSection failed - status %X\n",
  1116. Status );
  1118. goto cleanup;
  1119. }
  1120. }
  1121. else
  1122. {
  1123. /*
  1124. DbgPrint ( "Buggy: created section with max size %I64X\n",
  1125. MaxSectionSize.QuadPart );
  1126. */
  1128. break;
  1129. }
  1131. } while( MaxSectionSize.QuadPart > PAGE_SIZE );
  1134. DbgPrint ( "Buggy: Using section at %p\n",
  1135. pSection );
  1137. //
  1138. // try to map the max size section
  1139. //
  1141. SizeToMap = (SIZE_T) MaxSectionSize.QuadPart;
  1143. RtlZeroMemory( MappedSections, BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ) );
  1145. for( CrtMap = 0; CrtMap < BUGGY_MAX_SECTIONS_TO_MAP; CrtMap++ )
  1146. {
  1147. Status = MmMapViewInSessionSpace(
  1148. pSection,
  1149. &MappedSections[ CrtMap ],
  1150. &SizeToMap );
  1152. if( ! NT_SUCCESS( Status ) )
  1153. {
  1154. /*
  1155. DbgPrint ( "Buggy: MmMapViewInSessionSpace failed for size %p, status %X, chunk %p\n",
  1156. SizeToMap,
  1157. Status
  1158. );
  1159. */
  1161. break;
  1162. }
  1163. else
  1164. {
  1165. if( CrtMap <= 100 )
  1166. {
  1167. VerifyMapping( MappedSections[ CrtMap ], SizeToMap );
  1168. }
  1169. }
  1170. }
  1172. DbgPrint ( "\n\nBuggy: Result of the test:\n\n" );
  1174. DbgPrint ( "Buggy: mapped %u sections with size %p, total %p\n",
  1175. CrtMap,
  1176. SizeToMap,
  1177. SizeToMap * (SIZE_T)CrtMap );
  1179. //DbgPrint ( "\n\n" );
  1181. //
  1182. // clean-up
  1183. //
  1185. cleanup:
  1187. for( CrtMap = 0; CrtMap < BUGGY_MAX_SECTIONS_TO_MAP; CrtMap++ )
  1188. {
  1189. if( MappedSections[ CrtMap ] == NULL )
  1190. {
  1191. break;
  1192. }
  1194. Status = MmUnmapViewInSessionSpace(
  1195. MappedSections[ CrtMap ] );
  1197. if( ! NT_SUCCESS( Status ) )
  1198. {
  1199. DbgPrint ( "Buggy: MmUnmapViewInSessionSpace failed for %p, status %X\n",
  1200. MappedSections[ CrtMap ],
  1201. Status );
  1203. DbgBreakPoint();
  1204. }
  1205. }
  1207. if( pSection != NULL )
  1208. {
  1209. ObDereferenceObject(
  1210. pSection );
  1211. }
  1213. if( hFile != NULL )
  1214. {
  1215. ZwClose( hFile );
  1217. Status = ZwDeleteFile(
  1218. &ObjectAttributes );
  1220. if( ! NT_SUCCESS( Status ) )
  1221. {
  1222. DbgPrint ("Buggy: ZwDeleteFile failed - status %X\n",
  1223. Status );
  1224. }
  1225. else
  1226. {
  1227. //DbgPrint ("Buggy: temporary file deleted\n" );
  1228. }
  1229. }
  1231. ExFreePool( MappedSections );
  1232. }
  1234. ///////////////////////////////////////////////////////////////////////////
  1236. VOID SessionPoolTest (
  1237. PVOID NotUsed
  1238. )
  1239. {
  1240. PVOID *SessionPoolChunks;
  1241. ULONG uCrtPoolChunk;
  1243. SessionPoolChunks = ExAllocatePoolWithTag(
  1244. NonPagedPool,
  1245. BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ),
  1246. TD_POOL_TAG );
  1248. if( SessionPoolChunks == NULL )
  1249. {
  1250. DbgPrint ("Buggy: ExAllocatePoolWithTag failed - bail\n" );
  1252. return;
  1253. }
  1255. RtlZeroMemory( SessionPoolChunks, BUGGY_MAX_SECTIONS_TO_MAP * sizeof( PVOID ) );
  1257. for( uCrtPoolChunk = 0; uCrtPoolChunk < BUGGY_MAX_SECTIONS_TO_MAP; uCrtPoolChunk++ )
  1258. {
  1259. SessionPoolChunks[ uCrtPoolChunk ] = ExAllocatePoolWithTag(
  1260. PagedPool | SESSION_POOL_MASK,
  1261. 1024 * 1024,
  1262. TD_POOL_TAG );
  1264. if( SessionPoolChunks[ uCrtPoolChunk ] == NULL )
  1265. {
  1266. DbgPrint ("\n\nBuggy: Result of the test allocated %u chunks with size 1 Mb in the session pool\n\n",
  1267. uCrtPoolChunk );
  1268. break;
  1269. }
  1270. }
  1272. DbgPrint ( "Buggy: Touching all these pool chuncks...\n" );
  1274. while( uCrtPoolChunk > 0 )
  1275. {
  1276. uCrtPoolChunk--;
  1278. if( uCrtPoolChunk <= 100 )
  1279. {
  1280. VerifyMapping( SessionPoolChunks[ uCrtPoolChunk ], 1024 * 1024 );
  1281. }
  1283. ExFreePool( SessionPoolChunks[ uCrtPoolChunk ] );
  1284. }
  1286. DbgPrint ( "Done\n" );
  1288. ExFreePool( SessionPoolChunks );
  1289. }
  1291. #endif // #if !MAPVIEW_ACTIVE