/*++
Copyright (c) 2000 Microsoft Corporation
Module Name:
smcrash.c
Abstract:
Routines related to crashdump creation.
Author:
Matthew D Hendel (math) 28-Aug-2000
Revision History:
--*/
#include "smsrvp.h"
#include <ntiodump.h>
#include <stdio.h>
#include <string.h>
#define REVIEW KdBreakPoint
#define CRASHDUMP_KEY L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\CrashControl"
typedef struct _CRASH_PARAMETERS {
UNICODE_STRING DumpFileName;
UNICODE_STRING MiniDumpDir;
ULONG Overwrite;
ULONG TempDestination;
} CRASH_PARAMETERS, *PCRASH_PARAMETERS;
//
// Forward declarations
//
BOOLEAN
SmpQueryFileExists(
IN PUNICODE_STRING FileName
);
NTSTATUS
SmpCanCopyCrashDump(
IN PDUMP_HEADER DumpHeader,
IN PCRASH_PARAMETERS Parameters,
IN PUNICODE_STRING PageFileName,
IN ULONGLONG PageFileSize,
OUT PUNICODE_STRING DumpFile
);
NTSTATUS
SmpGetCrashParameters(
IN PDUMP_HEADER DumpHeader,
OUT PCRASH_PARAMETERS CrashParameters
);
NTSTATUS
SmpCopyDumpFile(
IN PDUMP_HEADER MemoryDump,
IN HANDLE PageFile,
IN PUNICODE_STRING DumpFileName
);
//
// Functions
//
PVOID
SmpAllocateString(
IN SIZE_T Length
)
{
return RtlAllocateHeap (RtlProcessHeap(),
MAKE_TAG( INIT_TAG ),
Length);
}
VOID
SmpFreeString(
IN PVOID Pointer
)
{
RtlFreeHeap (RtlProcessHeap(),
0,
Pointer);
}
NTSTATUS
SmpSetDumpSecurity(
IN HANDLE File
)
{
NTSTATUS Status;
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY ;
SID_IDENTIFIER_AUTHORITY WorldAuthority = SECURITY_WORLD_SID_AUTHORITY ;
PSID EveryoneSid = NULL;
PSID LocalSystemSid = NULL;
PSID AdminSid = NULL;
UCHAR DescriptorBuffer[SECURITY_DESCRIPTOR_MIN_LENGTH];
UCHAR AclBuffer[1024];
PACL Acl;
PSECURITY_DESCRIPTOR SecurityDescriptor;
Acl = (PACL)&AclBuffer;
SecurityDescriptor = (PSECURITY_DESCRIPTOR)DescriptorBuffer;
RtlAllocateAndInitializeSid( &WorldAuthority, 1, SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0, &EveryoneSid );
RtlAllocateAndInitializeSid( &NtAuthority, 1, SECURITY_LOCAL_SYSTEM_RID,
0, 0, 0, 0, 0, 0, 0, &LocalSystemSid );
RtlAllocateAndInitializeSid( &NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &AdminSid );
//
// You can be fancy and compute the exact size, but since the
// security descriptor capture code has to do that anyway, why
// do it twice?
//
RtlCreateSecurityDescriptor (SecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION);
RtlCreateAcl (Acl, 1024, ACL_REVISION);
#if 0
//
// anybody can delete it
//
RtlAddAccessAllowedAce (Acl,
ACL_REVISION,
DELETE,
EveryoneSid);
#endif
//
// Administrator and system have full control
//
RtlAddAccessAllowedAce (Acl,
ACL_REVISION,
GENERIC_ALL | DELETE | WRITE_DAC | WRITE_OWNER,
AdminSid);
RtlAddAccessAllowedAce (Acl,
ACL_REVISION,
GENERIC_ALL | DELETE | WRITE_DAC | WRITE_OWNER,
LocalSystemSid);
RtlSetDaclSecurityDescriptor (SecurityDescriptor, TRUE, Acl, FALSE);
RtlSetOwnerSecurityDescriptor (SecurityDescriptor, AdminSid, FALSE);
Status = NtSetSecurityObject (File,
DACL_SECURITY_INFORMATION,
SecurityDescriptor);
RtlFreeHeap (RtlProcessHeap(), 0, EveryoneSid);
RtlFreeHeap (RtlProcessHeap(), 0, LocalSystemSid);
RtlFreeHeap (RtlProcessHeap(), 0, AdminSid);
return Status;
}
VOID
SmpInitializeVolumePath(
IN PUNICODE_STRING FileOnVolume,
OUT PUNICODE_STRING VolumePath
)
{
ULONG n;
PWSTR s;
*VolumePath = *FileOnVolume;
n = VolumePath->Length;
VolumePath->Length = 0;
s = VolumePath->Buffer;
while (n) {
if (*s++ == L':' && *s == OBJ_NAME_PATH_SEPARATOR) {
s++;
break;
}
else {
n -= sizeof( WCHAR );
}
}
VolumePath->Length = (USHORT)((PCHAR)s - (PCHAR)VolumePath->Buffer);
}
NTSTATUS
SmpQueryPathFromRegistry(
IN HANDLE Key,
IN PWSTR Value,
IN PWSTR DefaultValue,
OUT PUNICODE_STRING Path
)
{
NTSTATUS Status;
UNICODE_STRING ValueName;
ULONG KeyValueLength;
UCHAR KeyValueBuffer [VALUE_BUFFER_SIZE];
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInfo;
WCHAR Buffer[258];
UNICODE_STRING TempString;
UNICODE_STRING ExpandedString;
PWSTR DosPathName;
BOOLEAN Succ;
DosPathName = NULL;
KeyValueInfo = (PKEY_VALUE_PARTIAL_INFORMATION)&KeyValueBuffer;
RtlInitUnicodeString (&ValueName, Value);
KeyValueLength = sizeof (KeyValueBuffer);
Status = NtQueryValueKey (Key,
&ValueName,
KeyValuePartialInformation,
KeyValueInfo,
KeyValueLength,
&KeyValueLength);
if (NT_SUCCESS (Status)) {
if (KeyValueInfo->Type == REG_EXPAND_SZ) {
TempString.Length = (USHORT)KeyValueLength;
TempString.MaximumLength = (USHORT)KeyValueLength;
TempString.Buffer = (PWSTR)KeyValueInfo->Data;
ExpandedString.Length = 0;
ExpandedString.MaximumLength = sizeof (Buffer);
ExpandedString.Buffer = Buffer;
Status = RtlExpandEnvironmentStrings_U (NULL,
&TempString,
&ExpandedString,
NULL);
if (NT_SUCCESS (Status)) {
DosPathName = ExpandedString.Buffer;
}
} else if (KeyValueInfo->Type == REG_SZ) {
DosPathName = (PWSTR)KeyValueInfo->Data;
}
}
if (!DosPathName) {
DosPathName = DefaultValue;
}
Succ = RtlDosPathNameToNtPathName_U (DosPathName, Path, NULL, NULL);
return (Succ ? STATUS_SUCCESS : STATUS_UNSUCCESSFUL);
}
NTSTATUS
SmpQueryDwordFromRegistry(
IN HANDLE Key,
IN PWSTR Value,
IN ULONG DefaultValue,
OUT PULONG Dword
)
{
NTSTATUS Status;
UNICODE_STRING ValueName;
ULONG KeyValueLength;
UCHAR KeyValueBuffer [VALUE_BUFFER_SIZE];
PKEY_VALUE_PARTIAL_INFORMATION KeyValueInfo;
KeyValueInfo = (PKEY_VALUE_PARTIAL_INFORMATION)&KeyValueBuffer;
RtlInitUnicodeString (&ValueName, L"Overwrite");
KeyValueLength = sizeof (KeyValueBuffer);
Status = NtQueryValueKey (Key,
&ValueName,
KeyValuePartialInformation,
KeyValueInfo,
KeyValueLength,
&KeyValueLength);
if (NT_SUCCESS (Status) && KeyValueInfo->Type == REG_DWORD) {
*Dword = *(PULONG)KeyValueInfo->Data;
} else {
*Dword = DefaultValue;
}
return STATUS_SUCCESS;
}
NTSTATUS
SmpCreateUnicodeString(
IN PUNICODE_STRING String,
IN PWSTR InitString,
IN ULONG MaximumLength
)
{
if (MaximumLength == -1) {
MaximumLength = (wcslen (InitString) + 1) * 2;
}
if (MaximumLength >= UNICODE_STRING_MAX_CHARS) {
return STATUS_NO_MEMORY;
}
String->Buffer = RtlAllocateStringRoutine (MaximumLength + 1);
if (String->Buffer == NULL) {
return STATUS_NO_MEMORY;
}
String->MaximumLength = (USHORT)MaximumLength;
if (InitString) {
wcscpy (String->Buffer, InitString);
String->Length = (USHORT)wcslen (String->Buffer) * sizeof (WCHAR);
} else {
String->Length = 0;
}
return STATUS_SUCCESS;
}
NTSTATUS
SmpCreateTempFile(
IN PUNICODE_STRING Directory,
IN PWSTR Prefix,
OUT PUNICODE_STRING TempFileName
)
{
ULONG i;
ULONG Tick;
WCHAR Buffer [260];
UNICODE_STRING FileName;
NTSTATUS Status;
Tick = NtGetTickCount ();
for (i = 0; i < 100; i++) {
swprintf (Buffer,
L"%s\\%s%4.4x.tmp",
Directory->Buffer,
Prefix,
(Tick + i) & 0xFFFF);
Status = RtlDosPathNameToNtPathName_U (Buffer,
&FileName,
NULL,
NULL);
if (!NT_SUCCESS (Status)) {
return Status;
}
if (!SmpQueryFileExists (&FileName)) {
*TempFileName = FileName;
return STATUS_SUCCESS;
}
}
return STATUS_UNSUCCESSFUL;
}
NTSTATUS
SmpQueryVolumeFreeSpace(
IN PUNICODE_STRING FileOnVolume,
OUT PULONGLONG VolumeFreeSpace
)
{
NTSTATUS Status;
UNICODE_STRING VolumePath;
PWCHAR s;
ULONG n;
HANDLE Handle;
IO_STATUS_BLOCK IoStatusBlock;
FILE_FS_SIZE_INFORMATION SizeInfo;
OBJECT_ATTRIBUTES ObjectAttributes;
ULONGLONG AvailableBytes;
//
// Create an unicode string (VolumePath) containing only the
// volume path from the pagefile name description (e.g. we get
// "C:\" from "C:\pagefile.sys".
//
VolumePath = *FileOnVolume;
n = VolumePath.Length;
VolumePath.Length = 0;
s = VolumePath.Buffer;
while (n) {
if (*s++ == L':' && *s == OBJ_NAME_PATH_SEPARATOR) {
s++;
break;
}
else {
n -= sizeof( WCHAR );
}
}
VolumePath.Length = (USHORT)((PCHAR)s - (PCHAR)VolumePath.Buffer);
InitializeObjectAttributes( &ObjectAttributes,
&VolumePath,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
Status = NtOpenFile( &Handle,
(ACCESS_MASK)FILE_LIST_DIRECTORY | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE
);
if (!NT_SUCCESS( Status )) {
return Status;
}
//
// Determine the size parameters of the volume.
//
Status = NtQueryVolumeInformationFile( Handle,
&IoStatusBlock,
&SizeInfo,
sizeof( SizeInfo ),
FileFsSizeInformation
);
NtClose( Handle );
if (!NT_SUCCESS( Status )) {
return Status;
}
//
// Compute the AvailableBytes on the volume.
// Deal with 64 bit sizes.
//
AvailableBytes = SizeInfo.AvailableAllocationUnits.QuadPart *
SizeInfo.SectorsPerAllocationUnit *
SizeInfo.BytesPerSector;
*VolumeFreeSpace = AvailableBytes;
return STATUS_SUCCESS;
}
BOOLEAN
SmpQuerySameVolume(
IN PUNICODE_STRING FileName1,
IN PUNICODE_STRING FileName2
)
{
HANDLE Handle;
NTSTATUS Status;
ULONG SerialNumber;
struct {
FILE_FS_VOLUME_INFORMATION Volume;
WCHAR Buffer [100];
} VolumeInfo;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
UNICODE_STRING VolumePath;
SmpInitializeVolumePath (FileName1, &VolumePath);
InitializeObjectAttributes (&ObjectAttributes,
&VolumePath,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenFile (&Handle,
(ACCESS_MASK)FILE_READ_ATTRIBUTES | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT);
if (!NT_SUCCESS (Status)) {
return FALSE;
}
Status = NtQueryVolumeInformationFile (Handle,
&IoStatusBlock,
&VolumeInfo,
sizeof (VolumeInfo),
FileFsVolumeInformation);
if (!NT_SUCCESS (Status)) {
NtClose (Handle);
return FALSE;
}
SerialNumber = VolumeInfo.Volume.VolumeSerialNumber;
NtClose (Handle);
SmpInitializeVolumePath (FileName2, &VolumePath);
InitializeObjectAttributes (&ObjectAttributes,
&VolumePath,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenFile (&Handle,
(ACCESS_MASK)FILE_READ_ATTRIBUTES | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT);
if (!NT_SUCCESS (Status)) {
return FALSE;
}
Status = NtQueryVolumeInformationFile (Handle,
&IoStatusBlock,
&VolumeInfo,
sizeof (VolumeInfo),
FileFsVolumeInformation);
NtClose (Handle);
if (!NT_SUCCESS (Status)) {
return FALSE;
}
return ((SerialNumber == VolumeInfo.Volume.VolumeSerialNumber) ? TRUE : FALSE);
}
NTSTATUS
SmpSetEndOfFile(
IN HANDLE File,
IN ULONGLONG EndOfFile
)
/*++
Routine Description:
Expand or truncate a file to a specific size.
Arguments:
File - Supplies the file handle of the file to be expanded
or truncated.
EndOfFile - Supplies the final size of the file.
Return Value:
NTSTATUS code.
--*/
{
NTSTATUS Status;
FILE_END_OF_FILE_INFORMATION EndOfFileInfo;
FILE_ALLOCATION_INFORMATION AllocationInfo;
IO_STATUS_BLOCK IoStatusBlock;
EndOfFileInfo.EndOfFile.QuadPart = EndOfFile;
Status = NtSetInformationFile (File,
&IoStatusBlock,
&EndOfFileInfo,
sizeof (EndOfFileInfo),
FileEndOfFileInformation);
if (!NT_SUCCESS( Status )) {
return Status;
}
AllocationInfo.AllocationSize.QuadPart = EndOfFile;
Status = NtSetInformationFile (File,
&IoStatusBlock,
&AllocationInfo,
sizeof (AllocationInfo),
FileAllocationInformation);
return Status;
}
NTSTATUS
SmpQueryFileSize(
IN HANDLE FileHandle,
OUT PULONGLONG FileSize
)
/*++
Routine Description:
Query the size of the specified file.x
Arguments:
FileHandle - Supplies a handle to the file whose size is
to be querried.
FileSize - Supplies a pointer to a buffer where the size is
copied.
Return Value:
NTSTATUS code.
--*/
{
NTSTATUS Status;
IO_STATUS_BLOCK IoStatusBlock;
FILE_STANDARD_INFORMATION StandardInfo;
Status = NtQueryInformationFile (FileHandle,
&IoStatusBlock,
&StandardInfo,
sizeof (StandardInfo),
FileStandardInformation);
if (NT_SUCCESS (Status)) {
*FileSize = StandardInfo.AllocationSize.QuadPart;
}
return Status;
}
BOOLEAN
SmpQueryFileExists(
IN PUNICODE_STRING FileName
)
{
NTSTATUS Status;
HANDLE Handle;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
InitializeObjectAttributes (&ObjectAttributes,
FileName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenFile (&Handle,
(ACCESS_MASK)FILE_READ_ATTRIBUTES | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT);
if (!NT_SUCCESS (Status)) {
return FALSE;
}
NtClose (Handle);
return TRUE;
}
BOOLEAN
SmpCheckForCrashDump(
IN PUNICODE_STRING PageFileName
)
/*++
Routine Description:
Check the paging file to see if there is a valid crashdump
in it. This can only be done before we call NtOpenPagingFile.
Arguments:
PageFileName - Name of the paging file we are about to create.
Return Value:
TRUE - If the paging file contains a valid crashdump.
FALSE - If the paging file does not contain a valid crashdump.
--*/
{
NTSTATUS Status;
HANDLE PageFile;
HANDLE Key;
BOOLEAN Copied;
DUMP_HEADER DumpHeader;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
ULONGLONG PageFileSize;
UNICODE_STRING String;
CRASH_PARAMETERS CrashParameters;
UNICODE_STRING DumpFileName;
BOOLEAN ClosePageFile;
BOOLEAN CloseKey;
RtlZeroMemory (&CrashParameters, sizeof (CRASH_PARAMETERS));
RtlZeroMemory (&DumpFileName, sizeof (UNICODE_STRING));
PageFile = (HANDLE)-1;
ClosePageFile = FALSE;
Key = (HANDLE)-1;
CloseKey = FALSE;
Copied = FALSE;
InitializeObjectAttributes (&ObjectAttributes,
PageFileName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenFile (&PageFile,
GENERIC_READ | GENERIC_WRITE |
DELETE | WRITE_DAC | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_SYNCHRONOUS_IO_NONALERT |
FILE_NO_INTERMEDIATE_BUFFERING);
if (!NT_SUCCESS (Status)) {
Copied = FALSE;
goto done;
} else {
ClosePageFile = TRUE;
}
Status = SmpQueryFileSize (PageFile, &PageFileSize);
if (!NT_SUCCESS (Status)) {
PageFileSize = 0;
}
Status = NtReadFile (PageFile,
NULL,
NULL,
NULL,
&IoStatusBlock,
&DumpHeader,
sizeof (DUMP_HEADER),
NULL,
NULL);
if (NT_SUCCESS (Status) &&
DumpHeader.Signature == DUMP_SIGNATURE &&
DumpHeader.ValidDump == DUMP_VALID_DUMP) {
Status = SmpGetCrashParameters (&DumpHeader, &CrashParameters);
if (NT_SUCCESS (Status)) {
Status = SmpCanCopyCrashDump (&DumpHeader,
&CrashParameters,
PageFileName,
PageFileSize,
&DumpFileName);
if (NT_SUCCESS (Status)) {
Status = SmpCopyDumpFile (&DumpHeader,
PageFile,
&DumpFileName);
if (NT_SUCCESS (Status)) {
Copied = TRUE;
}
}
}
}
NtClose (PageFile);
PageFile = (HANDLE) -1;
ClosePageFile = FALSE;
if (Copied) {
//
// If we copied the pagefile, create a new pagefile the same size
// as the old one.
//
InitializeObjectAttributes (&ObjectAttributes,
PageFileName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtCreateFile (&PageFile,
GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ | FILE_SHARE_WRITE,
FILE_CREATE,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if (NT_SUCCESS (Status)) {
Status = SmpSetEndOfFile (PageFile, PageFileSize);
NtClose (PageFile);
PageFile = (HANDLE) -1;
ClosePageFile = FALSE;
}
//
// If we successfully copied, we want to create
// a volitile registry key that others can use
// to locate the dump file.
//
RtlInitUnicodeString (&String, CRASHDUMP_KEY L"\\MachineCrash");
InitializeObjectAttributes (&ObjectAttributes,
&String,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtCreateKey (&Key,
KEY_READ | KEY_WRITE,
&ObjectAttributes,
0,
NULL,
REG_OPTION_VOLATILE,
NULL);
if (NT_SUCCESS (Status)) {
CloseKey = TRUE;
//
// We are setting volatile key CrashControl\MachineCrash\DumpFile
// to the name of the dump file.
//
RtlInitUnicodeString (&String, L"DumpFile");
Status = NtSetValueKey (Key,
&String,
0,
REG_SZ,
&DumpFileName.Buffer[4],
DumpFileName.Length - (3 * sizeof (WCHAR)));
RtlInitUnicodeString (&String, L"TempDestination");
Status = NtSetValueKey (Key,
&String,
0,
REG_DWORD,
&CrashParameters.TempDestination,
sizeof (CrashParameters.TempDestination));
NtClose (Key);
Key = (HANDLE) -1;
CloseKey = FALSE;
}
}
done:
//
// Cleanup and return
//
if (CrashParameters.DumpFileName.Length != 0) {
RtlFreeUnicodeString (&CrashParameters.DumpFileName);
}
if (CrashParameters.MiniDumpDir.Length != 0) {
RtlFreeUnicodeString (&CrashParameters.MiniDumpDir);
}
if (ClosePageFile) {
NtClose (PageFile);
}
if (CloseKey) {
NtClose (Key);
}
return Copied;
}
NTSTATUS
SmpGetCrashParameters(
IN PDUMP_HEADER DumpHeader,
OUT PCRASH_PARAMETERS CrashParameters
)
/*++
Routine Description:
Get the parameters for the crashdump from
the registry.
Arguments:
DumpHeader -
CrashParameters -
Return Value:
NTSTATUS code.
--*/
{
NTSTATUS Status;
HANDLE Key;
BOOLEAN CloseKey;
UNICODE_STRING KeyName;
OBJECT_ATTRIBUTES ObjectAttributes;
WCHAR DefaultPath[260];
Key = (HANDLE) -1;
CloseKey = FALSE;
RtlInitUnicodeString (&KeyName, CRASHDUMP_KEY);
InitializeObjectAttributes (&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenKey (&Key, KEY_READ, &ObjectAttributes);
if (NT_SUCCESS (Status)) {
CloseKey = TRUE;
} else {
goto done;
}
swprintf (DefaultPath, L"%s\\MEMORY.DMP", SmpSystemRoot.Buffer);
Status = SmpQueryPathFromRegistry (Key,
L"DumpFile",
DefaultPath,
&CrashParameters->DumpFileName);
if (!NT_SUCCESS (Status)) {
goto done;
}
swprintf (DefaultPath, L"%s\\Minidump", SmpSystemRoot.Buffer);
Status = SmpQueryPathFromRegistry (Key,
L"MiniDumpDir",
DefaultPath,
&CrashParameters->MiniDumpDir);
if (!NT_SUCCESS (Status)) {
goto done;
}
Status = SmpQueryDwordFromRegistry (Key,
L"Overwrite",
1,
&CrashParameters->Overwrite);
if (!NT_SUCCESS (Status)) {
goto done;
}
//
// This value is initialized by SmpCanCopyCrashDump.
//
CrashParameters->TempDestination = FALSE;
Status = STATUS_SUCCESS;
done:
if (CloseKey) {
NtClose (Key);
}
return Status;
}
NTSTATUS
SmpCopyDumpFile(
IN PDUMP_HEADER MemoryDump,
IN HANDLE PageFile,
IN PUNICODE_STRING DumpFileName
)
/*++
Routine Description:
Copy the dump file from the pagefile to the crash
dump file.
Arguments:
DumpHeader -
PageFile -
DumpFileName -
Return Value:
NTSTATUS code.
--*/
{
NTSTATUS Status;
ULONGLONG DumpFileSize;
struct {
FILE_RENAME_INFORMATION Rename;
WCHAR Buffer[255];
} RenameInfoBuffer;
PFILE_RENAME_INFORMATION RenameInfo;
ULONG RenameInfoSize;
IO_STATUS_BLOCK IoStatusBlock;
FILE_BASIC_INFORMATION BasicInformation;
RenameInfo = &RenameInfoBuffer.Rename;
DumpFileSize = MemoryDump->RequiredDumpSpace.QuadPart;
Status = SmpSetEndOfFile (PageFile, DumpFileSize);
if (!NT_SUCCESS (Status)) {
return Status;
}
RenameInfoSize = sizeof (FILE_RENAME_INFORMATION) + DumpFileName->Length;
RenameInfo->ReplaceIfExists = TRUE;
RenameInfo->RootDirectory = NULL;
RenameInfo->FileNameLength = DumpFileName->Length;
wcscpy (RenameInfo->FileName, DumpFileName->Buffer);
Status = NtSetInformationFile (PageFile,
&IoStatusBlock,
RenameInfo,
RenameInfoSize,
FileRenameInformation);
if (!NT_SUCCESS (Status)) {
return Status;
}
//
// Reset the file SYSTEM and HIDDEN attributes.
//
Status = NtQueryInformationFile (PageFile,
&IoStatusBlock,
&BasicInformation,
sizeof (BasicInformation),
FileBasicInformation);
if (!NT_SUCCESS (Status)) {
return Status;
}
BasicInformation.FileAttributes &= ~FILE_ATTRIBUTE_HIDDEN;
BasicInformation.FileAttributes &= ~FILE_ATTRIBUTE_SYSTEM;
Status = NtSetInformationFile (PageFile,
&IoStatusBlock,
&BasicInformation,
sizeof (BasicInformation),
FileBasicInformation);
//
// Reset the file security.
//
Status = SmpSetDumpSecurity (PageFile);
return Status;
}
NTSTATUS
SmpCanCopyCrashDump(
IN PDUMP_HEADER DumpHeader,
IN PCRASH_PARAMETERS CrashParameters,
IN PUNICODE_STRING PageFileName,
IN ULONGLONG PageFileSize,
OUT PUNICODE_STRING DumpFileName
)
/*++
Routine Description:
Figure out whether it's ok to copy the dump file or not.
Arguments:
DumpHeader - Supplies the header to the dump file.
CrashParameters - Supplies the parameters required to copy the file.
DumpFileName - Supplies a unicode string buffer that the crashdump
will be copied to.
Return Value:
NTSTATUS code.
--*/
{
NTSTATUS Status;
BOOLEAN SameVolume;
BOOLEAN UseTempFile;
ULONGLONG CrashFileSize;
ULONGLONG VolumeFreeSpace;
UseTempFile = FALSE;
if (DumpHeader->DumpType == DUMP_TYPE_TRIAGE) {
UseTempFile = TRUE;
} else {
SameVolume = SmpQuerySameVolume (PageFileName,
&CrashParameters->DumpFileName);
if (SameVolume) {
//
// If we're on the same volume and there is an existing dump file
// then :
// if overwrite flag was not set, fail.
// otherwise, reclaim the space for this file.
//
if (SmpQueryFileExists (&CrashParameters->DumpFileName)) {
if (CrashParameters->Overwrite) {
SmpDeleteFile (&CrashParameters->DumpFileName);
} else {
return STATUS_UNSUCCESSFUL;
}
}
} else {
//
// We're not on the same volume, so we'll need to create a temp
// file.
//
UseTempFile = TRUE;
}
}
CrashFileSize = DumpHeader->RequiredDumpSpace.QuadPart;
Status = SmpQueryVolumeFreeSpace (&CrashParameters->DumpFileName,
&VolumeFreeSpace);
if (!NT_SUCCESS (Status)) {
return Status;
}
//
// The space reserved by the pagefile is already taken into account here.
// Do not add it in (a second time) here.
//
if (CrashFileSize < VolumeFreeSpace) {
if (!UseTempFile) {
Status = SmpCreateUnicodeString (DumpFileName,
CrashParameters->DumpFileName.Buffer,
-1);
} else {
Status = SmpCreateTempFile (&SmpSystemRoot, L"DUMP", DumpFileName);
}
} else {
Status = STATUS_INSUFFICIENT_RESOURCES;
}
CrashParameters->TempDestination = UseTempFile;
if (!NT_SUCCESS (Status)) {
//
// NB: Log an error saying we were unable
// to copy the crashdump for some reason.
//
}
return Status;
}
const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine = SmpAllocateString;
const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine = SmpFreeString;
#if 0
__cdecl
main(
)
{
BOOLEAN CopiedDump;
UNICODE_STRING PageFile;
RtlInitUnicodeString (&SmpSystemRoot,
L"C:\\WINNT");
RtlDosPathNameToNtPathName_U (L"C:\\Public\\crashdmp.teo\\memory.dmp",
&PageFile,
NULL,
NULL);
CopiedDump = SmpCheckForCrashDump (&PageFile);
}
#endif // TEST