Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

244 lines
4.4 KiB

/*++
Copyright (c) 2000 Microsoft Corporation
Module Name:
KingsQuestMask.cpp
Abstract:
The app calls UnmapViewOfFile with a bogus address - an address that wasn't obtained
from MapViewOfFile. We validate the address before calling UnmapViewOfFile.
History:
11/20/2000 maonis Created
--*/
#include "precomp.h"
typedef BOOL (WINAPI *_pfn_UnmapViewOfFile)(LPCVOID lpBaseAddress);
IMPLEMENT_SHIM_BEGIN(KingsQuestMask)
#include "ShimHookMacro.h"
APIHOOK_ENUM_BEGIN
APIHOOK_ENUM_ENTRY(MapViewOfFile)
APIHOOK_ENUM_ENTRY(UnmapViewOfFile)
APIHOOK_ENUM_END
// Link list of base addresses
struct MAPADDRESS
{
MAPADDRESS *next;
LPCVOID pBaseAddress;
};
MAPADDRESS *g_pBaseAddressList;
/*++
Function Description:
Add a base address to the linked list of addresses. Does not add if the
address is NULL or a duplicate.
Arguments:
IN pBaseAddress - base address returned by MapViewOfFile.
Return Value:
None
History:
11/20/2000 maonis Created
--*/
VOID
AddBaseAddress(
IN LPCVOID pBaseAddress
)
{
if (pBaseAddress)
{
MAPADDRESS *pMapAddress = g_pBaseAddressList;
while (pMapAddress)
{
if (pMapAddress->pBaseAddress == pBaseAddress)
{
return;
}
pMapAddress = pMapAddress->next;
}
pMapAddress = (MAPADDRESS *) malloc(sizeof MAPADDRESS);
pMapAddress->pBaseAddress = pBaseAddress;
pMapAddress->next = g_pBaseAddressList;
g_pBaseAddressList = pMapAddress;
}
}
/*++
Function Description:
Remove a base address if it can be found in the linked list of addresses.
Arguments:
IN pBaseAddress - the base address to remove.
Return Value:
TRUE if the address is found.
FALSE if the address is not found.
History:
11/20/2000 maonis Created
--*/
BOOL
RemoveBaseAddress(
IN LPCVOID pBaseAddress
)
{
MAPADDRESS *pMapAddress = g_pBaseAddressList;
MAPADDRESS *last = NULL;
while (pMapAddress)
{
if (pMapAddress->pBaseAddress == pBaseAddress)
{
if (last)
{
last->next = pMapAddress->next;
}
else
{
g_pBaseAddressList = pMapAddress->next;
}
free(pMapAddress);
return TRUE;
}
last = pMapAddress;
pMapAddress = pMapAddress->next;
}
return FALSE;
}
/*++
Add the base address to our list.
--*/
LPVOID
APIHOOK(MapViewOfFile)(
HANDLE hFileMappingObject,
DWORD dwDesiredAccess,
DWORD dwFileOffsetHigh,
DWORD dwFileOffsetLow,
SIZE_T dwNumberOfBytesToMap
)
{
LPVOID pRet = ORIGINAL_API(MapViewOfFile)(
hFileMappingObject,
dwDesiredAccess,
dwFileOffsetHigh,
dwFileOffsetLow,
dwNumberOfBytesToMap);
AddBaseAddress(pRet);
DPFN( eDbgLevelInfo, "MapViewOfFile: added base address = 0x%x\n", pRet);
return pRet;
}
/*++
Remove the address from our list if it can be found; otherwise do nothing.
--*/
BOOL
APIHOOK(UnmapViewOfFile)(
LPCVOID lpBaseAddress
)
{
BOOL bRet;
if (RemoveBaseAddress(lpBaseAddress))
{
bRet = ORIGINAL_API(UnmapViewOfFile)(lpBaseAddress);
if (bRet)
{
DPFN( eDbgLevelInfo, "UnmapViewOfFile unmapped address 0x%x\n", lpBaseAddress);
}
return bRet;
}
else
{
DPFN( eDbgLevelError,"UnmapViewOfFile was passed an invalid address 0x%x\n", lpBaseAddress);
return FALSE;
}
}
/*++
Free the list.
--*/
BOOL
NOTIFY_FUNCTION(
DWORD fdwReason)
{
if (fdwReason == DLL_PROCESS_DETACH) {
DWORD dwCount = 0;
MAPADDRESS *pMapAddress = g_pBaseAddressList;
while (pMapAddress)
{
g_pBaseAddressList = pMapAddress->next;
ORIGINAL_API(UnmapViewOfFile)(pMapAddress->pBaseAddress);
free(pMapAddress);
pMapAddress = g_pBaseAddressList;
dwCount++;
}
if (dwCount > 0)
{
DPFN( eDbgLevelInfo,"%d addresses not unmapped.", dwCount);
}
}
return TRUE;
}
/*++
Register hooked functions
--*/
HOOK_BEGIN
APIHOOK_ENTRY(KERNEL32.DLL, MapViewOfFile)
APIHOOK_ENTRY(KERNEL32.DLL, UnmapViewOfFile)
CALL_NOTIFY_FUNCTION
HOOK_END
IMPLEMENT_SHIM_END