mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10652 lines
314 KiB
10652 lines
314 KiB
/*++
|
|
|
|
Copyright (c) 1989-1993 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
internal.c
|
|
|
|
Abstract:
|
|
|
|
This module contains the internal subroutines used by the I/O system.
|
|
|
|
Author:
|
|
|
|
Darryl E. Havens (darrylh) 18-Apr-1989
|
|
Nar Ganapathy (narg) 1/1/1999
|
|
|
|
Environment:
|
|
|
|
Kernel mode, local to I/O system
|
|
|
|
Revision History:
|
|
|
|
|
|
--*/
|
|
|
|
#include "iomgr.h"
|
|
#pragma hdrstop
|
|
#include <ioevent.h>
|
|
#include <hdlsblk.h>
|
|
#include <hdlsterm.h>
|
|
|
|
//PLJTMP
|
|
#if defined(_X86_)
|
|
VOID
|
|
RtlAssert(
|
|
IN PVOID FailedAssertion,
|
|
IN PVOID FileName,
|
|
IN ULONG LineNumber,
|
|
IN PCHAR Message OPTIONAL
|
|
);
|
|
#endif
|
|
//PLJTMPend
|
|
|
|
#define IsFileLocal( FileObject ) ( !((FileObject)->DeviceObject->Characteristics & FILE_REMOTE_DEVICE) )
|
|
|
|
#define IO_MAX_ALLOCATE_IRP_TRIES 30*60 // Try for 7 minutes
|
|
#define IO_INFINITE_RETRIES -1 // Try for ever
|
|
|
|
typedef LINK_TRACKING_INFORMATION FILE_VOLUMEID_WITH_TYPE, *PFILE_VOLUMEID_WITH_TYPE;
|
|
|
|
typedef struct _TRACKING_BUFFER {
|
|
FILE_TRACKING_INFORMATION TrackingInformation;
|
|
UCHAR Buffer[256];
|
|
} TRACKING_BUFFER, *PTRACKING_BUFFER;
|
|
|
|
typedef struct _REMOTE_LINK_BUFFER {
|
|
REMOTE_LINK_TRACKING_INFORMATION TrackingInformation;
|
|
UCHAR Buffer[256];
|
|
} REMOTE_LINK_BUFFER, *PREMOTE_LINK_BUFFER;
|
|
|
|
PIRP IopDeadIrp;
|
|
|
|
NTSTATUS
|
|
IopResurrectDriver(
|
|
PDRIVER_OBJECT DriverObject
|
|
);
|
|
|
|
VOID
|
|
IopUserRundown(
|
|
IN PKAPC Apc
|
|
);
|
|
|
|
VOID
|
|
IopMarshalIds(
|
|
OUT PTRACKING_BUFFER TrackingBuffer,
|
|
IN PFILE_VOLUMEID_WITH_TYPE TargetVolumeId,
|
|
IN PFILE_OBJECTID_BUFFER TargetObjectId,
|
|
IN PFILE_TRACKING_INFORMATION TrackingInfo
|
|
);
|
|
|
|
VOID
|
|
IopUnMarshalIds(
|
|
IN FILE_TRACKING_INFORMATION * TrackingInformation,
|
|
OUT FILE_VOLUMEID_WITH_TYPE * TargetVolumeId,
|
|
OUT GUID * TargetObjectId,
|
|
OUT GUID * TargetMachineId
|
|
);
|
|
|
|
NTSTATUS
|
|
IopBootLogToFile(
|
|
PUNICODE_STRING String
|
|
);
|
|
|
|
VOID
|
|
IopCopyBootLogRegistryToFile(
|
|
VOID
|
|
);
|
|
|
|
#ifdef ALLOC_PRAGMA
|
|
|
|
VOID
|
|
IopRaiseHardError(
|
|
IN PVOID NormalContext,
|
|
IN PVOID SystemArgument1,
|
|
IN PVOID SystemArgument2
|
|
);
|
|
VOID
|
|
IopApcHardError(
|
|
IN PVOID StartContext
|
|
);
|
|
|
|
PVPB
|
|
IopMountInitializeVpb(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PDEVICE_OBJECT AttachedDevice,
|
|
IN ULONG RawMountOnly
|
|
);
|
|
|
|
#pragma alloc_text(PAGE, IopAbortRequest)
|
|
#pragma alloc_text(PAGE, IopAcquireFileObjectLock)
|
|
#pragma alloc_text(PAGE, IopAllocateIrpCleanup)
|
|
#pragma alloc_text(PAGE, IopCallDriverReinitializationRoutines)
|
|
#pragma alloc_text(PAGE, IopCancelAlertedRequest)
|
|
#pragma alloc_text(PAGE, IopCheckGetQuotaBufferValidity)
|
|
#pragma alloc_text(PAGE, IopConnectLinkTrackingPort)
|
|
#pragma alloc_text(PAGE, IopDeallocateApc)
|
|
#pragma alloc_text(PAGE, IopExceptionCleanup)
|
|
#pragma alloc_text(PAGE, IopGetDriverNameFromKeyNode)
|
|
#pragma alloc_text(PAGE, IopGetFileInformation)
|
|
#pragma alloc_text(PAGE, IopGetRegistryKeyInformation)
|
|
#pragma alloc_text(PAGE, IopGetRegistryValue)
|
|
#pragma alloc_text(PAGE, IopGetRegistryValues)
|
|
#pragma alloc_text(PAGE, IopGetSetObjectId)
|
|
#pragma alloc_text(PAGE, IopGetVolumeId)
|
|
#pragma alloc_text(PAGE, IopInvalidateVolumesForDevice)
|
|
#pragma alloc_text(PAGE, IopIsSameMachine)
|
|
#pragma alloc_text(PAGE, IopLoadDriver)
|
|
#pragma alloc_text(PAGE, IopLoadFileSystemDriver)
|
|
#pragma alloc_text(PAGE, IopLoadUnloadDriver)
|
|
#pragma alloc_text(PAGE, IopMountVolume)
|
|
#pragma alloc_text(PAGE, IopMarshalIds)
|
|
#pragma alloc_text(PAGE, IopOpenLinkOrRenameTarget)
|
|
#pragma alloc_text(PAGE, IopOpenRegistryKey)
|
|
#pragma alloc_text(PAGE, IopQueryXxxInformation)
|
|
#pragma alloc_text(PAGE, IopRaiseHardError)
|
|
#pragma alloc_text(PAGE, IopApcHardError)
|
|
#pragma alloc_text(PAGE, IopRaiseInformationalHardError)
|
|
#pragma alloc_text(PAGE, IopReadyDeviceObjects)
|
|
#pragma alloc_text(PAGE, IopReferenceDriverObjectByName)
|
|
#pragma alloc_text(PAGE, IopUnMarshalIds)
|
|
#pragma alloc_text(PAGE, IopSendMessageToTrackService)
|
|
#pragma alloc_text(PAGE, IopSetEaOrQuotaInformationFile)
|
|
#pragma alloc_text(PAGE, IopSetRemoteLink)
|
|
#pragma alloc_text(PAGE, IopStartApcHardError)
|
|
#pragma alloc_text(PAGE, IopSynchronousApiServiceTail)
|
|
#pragma alloc_text(PAGE, IopSynchronousServiceTail)
|
|
#pragma alloc_text(PAGE, IopTrackLink)
|
|
#pragma alloc_text(PAGE, IopUserCompletion)
|
|
#pragma alloc_text(PAGE, IopUserRundown)
|
|
#pragma alloc_text(PAGE, IopXxxControlFile)
|
|
#pragma alloc_text(PAGE, IopLookupBusStringFromID)
|
|
#pragma alloc_text(PAGE, IopSafebootDriverLoad)
|
|
#pragma alloc_text(PAGE, IopInitializeBootLogging)
|
|
#pragma alloc_text(PAGE, IopBootLog)
|
|
#pragma alloc_text(PAGE, IopCopyBootLogRegistryToFile)
|
|
#pragma alloc_text(PAGE, IopBootLogToFile)
|
|
#pragma alloc_text(PAGE, IopHardErrorThread)
|
|
#pragma alloc_text(PAGE, IopGetBasicInformationFile)
|
|
#pragma alloc_text(PAGE, IopBuildFullDriverPath)
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
VOID
|
|
IopAbortRequest(
|
|
IN PKAPC Apc
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to abort an I/O request. It is invoked during the
|
|
rundown of a thread.
|
|
|
|
Arguments:
|
|
|
|
Apc - Pointer to the kernel APC structure. This structure is contained
|
|
within the I/O Request Packet (IRP) itself.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Invoke the normal special kernel APC routine.
|
|
//
|
|
|
|
IopCompleteRequest( Apc,
|
|
&Apc->NormalRoutine,
|
|
&Apc->NormalContext,
|
|
&Apc->SystemArgument1,
|
|
&Apc->SystemArgument2 );
|
|
}
|
|
|
|
NTSTATUS
|
|
IopAcquireFileObjectLock(
|
|
IN PFILE_OBJECT FileObject,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN BOOLEAN Alertable,
|
|
OUT PBOOLEAN Interrupted
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to acquire the lock for a file object whenever
|
|
there is contention and obtaining the fast lock for the file failed.
|
|
|
|
Arguments:
|
|
|
|
FileObject - Pointer to the file object whose lock is to be acquired.
|
|
|
|
RequestorMode - Processor access mode of the caller.
|
|
|
|
Alertable - Indicates whether or not the lock should be obtained in an
|
|
alertable manner.
|
|
|
|
Interrupted - A variable to receive a BOOLEAN that indicates whether or
|
|
not the attempt to acquire the lock was interrupted by an alert or
|
|
an APC.
|
|
|
|
Return Value:
|
|
|
|
The function status is the final status of the operation.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Assume that the function will not be interrupted by an alert or an
|
|
// APC while attempting to acquire the lock.
|
|
//
|
|
|
|
*Interrupted = FALSE;
|
|
|
|
//
|
|
// Loop attempting to acquire the lock for the file object.
|
|
//
|
|
|
|
InterlockedIncrement (&FileObject->Waiters);
|
|
|
|
for (;;) {
|
|
if (!FileObject->Busy) {
|
|
|
|
//
|
|
// The file object appears to be un-owned, try to acquire it
|
|
//
|
|
|
|
if (IopAcquireFastLock ( FileObject ) ) {
|
|
|
|
//
|
|
// Object was acquired. Remove our count and return success
|
|
//
|
|
|
|
InterlockedDecrement (&FileObject->Waiters);
|
|
return STATUS_SUCCESS;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Wait for the event that indicates that the thread that currently
|
|
// owns the file object has released it.
|
|
//
|
|
|
|
status = KeWaitForSingleObject( &FileObject->Lock,
|
|
Executive,
|
|
RequestorMode,
|
|
Alertable,
|
|
(PLARGE_INTEGER) NULL );
|
|
|
|
//
|
|
// If the above wait was interrupted, then indicate so and return.
|
|
// Before returning, however, check the state of the ownership of
|
|
// the file object itself. If it is not currently owned (the busy
|
|
// flag is clear), then check to see whether or not there are any
|
|
// other waiters. If so, then set the event to the signaled state
|
|
// again so that they wake up and check the state of the busy flag.
|
|
//
|
|
|
|
if (status == STATUS_USER_APC || status == STATUS_ALERTED) {
|
|
InterlockedDecrement (&FileObject->Waiters);
|
|
|
|
if (!FileObject->Busy && FileObject->Waiters) {
|
|
KeSetEvent( &FileObject->Lock, 0, FALSE );
|
|
|
|
}
|
|
*Interrupted = TRUE;
|
|
return status;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
VOID
|
|
IopAllocateIrpCleanup(
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PKEVENT EventObject OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked internally by those system services that attempt
|
|
to allocate an IRP and fail. This routine cleans up the file object
|
|
and any event object that has been references and releases any locks
|
|
that were taken out.
|
|
|
|
Arguments:
|
|
|
|
FileObject - Pointer to the file object being worked on.
|
|
|
|
EventObject - Optional pointer to a referenced event to be dereferenced.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Begin by dereferencing the event, if one was specified.
|
|
//
|
|
|
|
if (ARGUMENT_PRESENT( EventObject )) {
|
|
ObDereferenceObject( EventObject );
|
|
}
|
|
|
|
//
|
|
// Release the synchronization semaphore if it is currently held and
|
|
// dereference the file object.
|
|
//
|
|
|
|
if (FileObject->Flags & FO_SYNCHRONOUS_IO) {
|
|
IopReleaseFileObjectLock( FileObject );
|
|
}
|
|
|
|
ObDereferenceObject( FileObject );
|
|
|
|
return;
|
|
}
|
|
|
|
PIRP
|
|
IopAllocateIrpMustSucceed(
|
|
IN CCHAR StackSize
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to allocate an IRP when there are no appropriate
|
|
packets remaining on the look-aside list, and no memory was available
|
|
from the general non-paged pool, and yet, the code path requiring the
|
|
packet has no way of backing out and simply returning an error. There-
|
|
fore, it must allocate an IRP. Hence, this routine is called to allocate
|
|
that packet.
|
|
|
|
Arguments:
|
|
|
|
StackSize - Supplies the number of IRP I/O stack locations that the
|
|
packet must have when allocated.
|
|
|
|
Return Value:
|
|
|
|
A pointer to the allocated I/O Request Packet.
|
|
|
|
--*/
|
|
|
|
{
|
|
PIRP irp;
|
|
USHORT packetSize;
|
|
LONG numTries;
|
|
LARGE_INTEGER interval;
|
|
|
|
//
|
|
// Attempt to allocate the IRP normally and failing that,
|
|
// wait a second and try again. If we exhaust 7 minutes then
|
|
// allocate the IRP from nonpaged must succeed pool.
|
|
//
|
|
|
|
numTries = IO_INFINITE_RETRIES;
|
|
|
|
irp = IoAllocateIrp(StackSize, FALSE);
|
|
|
|
while (!irp && numTries) {
|
|
|
|
interval.QuadPart = -1000 * 1000 * 10; // 10 Msec.
|
|
KeDelayExecutionThread(KernelMode, FALSE, &interval);
|
|
irp = IoAllocateIrp(StackSize, FALSE);
|
|
if (numTries != IO_INFINITE_RETRIES) {
|
|
numTries--;
|
|
}
|
|
}
|
|
|
|
//
|
|
// We tried for seven minutes and we have not freed memory.
|
|
// Its time to try the must succeed pool.
|
|
//
|
|
|
|
if (!irp) {
|
|
packetSize = IoSizeOfIrp(StackSize);
|
|
irp = ExAllocatePoolWithTag(NonPagedPoolMustSucceed, packetSize, ' prI');
|
|
IoInitializeIrp(irp, packetSize, StackSize);
|
|
irp->AllocationFlags |= IRP_ALLOCATED_MUST_SUCCEED;
|
|
}
|
|
|
|
return irp;
|
|
}
|
|
|
|
VOID
|
|
IopApcHardError(
|
|
IN PVOID StartContext
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function is invoked when we need to do a hard error pop-up, but the
|
|
Irp's originating thread is at APC level, ie. IoPageRead. We in a special
|
|
purpose thread that will go away when the user responds to the pop-up.
|
|
|
|
Arguments:
|
|
|
|
StartContext - Startup context, contains a IOP_APC_HARD_ERROR_PACKET.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PIOP_APC_HARD_ERROR_PACKET packet;
|
|
|
|
packet = StartContext;
|
|
|
|
IopRaiseHardError( packet->Irp, packet->Vpb, packet->RealDeviceObject );
|
|
|
|
ExFreePool( packet );
|
|
}
|
|
|
|
|
|
VOID
|
|
IopCancelAlertedRequest(
|
|
IN PKEVENT Event,
|
|
IN PIRP Irp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked when a synchronous I/O operation that is blocked in
|
|
the I/O system needs to be canceled because the thread making the request has
|
|
either been alerted because it is going away or because of a CTRL/C. This
|
|
routine carefully attempts to work its way out of the current operation so
|
|
that local events or other local data will not be accessed once the service
|
|
being interrupted returns.
|
|
|
|
Arguments:
|
|
|
|
Event - The address of a kernel event that will be set to the Signaled state
|
|
by I/O completion when the request is complete.
|
|
|
|
Irp - Pointer to the I/O Request Packet (IRP) representing the current request.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
KIRQL irql;
|
|
LARGE_INTEGER deltaTime;
|
|
BOOLEAN canceled;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Begin by blocking special kernel APCs so that the request cannot
|
|
// complete.
|
|
//
|
|
|
|
KeRaiseIrql( APC_LEVEL, &irql );
|
|
|
|
//
|
|
// Check the state of the event to determine whether or not the
|
|
// packet has already been completed.
|
|
//
|
|
|
|
if (KeReadStateEvent( Event ) == 0) {
|
|
|
|
//
|
|
// The packet has not been completed, so attempt to cancel it.
|
|
//
|
|
|
|
canceled = IoCancelIrp( Irp );
|
|
|
|
KeLowerIrql( irql );
|
|
|
|
if (canceled) {
|
|
|
|
//
|
|
// The packet had a cancel routine, so it was canceled. Loop,
|
|
// waiting for the packet to complete. This should occur almost
|
|
// immediately.
|
|
//
|
|
|
|
deltaTime.QuadPart = - 10 * 1000 * 10;
|
|
|
|
while (KeReadStateEvent( Event ) == 0) {
|
|
|
|
KeDelayExecutionThread( KernelMode, FALSE, &deltaTime );
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// The packet did not have a cancel routine, so simply wait for
|
|
// the event to be set to the Signaled state. This will save
|
|
// CPU time by not looping, since it is not known when the packet
|
|
// will actually complete. Note, however, that the cancel flag
|
|
// is set in the packet, so should a driver examine the flag
|
|
// at some point in the future, it will immediately stop
|
|
// processing the request.
|
|
//
|
|
|
|
(VOID) KeWaitForSingleObject( Event,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// The packet has already been completed, so simply lower the
|
|
// IRQL back to its original value and exit.
|
|
//
|
|
|
|
KeLowerIrql( irql );
|
|
|
|
}
|
|
}
|
|
|
|
NTSTATUS
|
|
IopCheckGetQuotaBufferValidity(
|
|
IN PFILE_GET_QUOTA_INFORMATION QuotaBuffer,
|
|
IN ULONG QuotaLength,
|
|
OUT PULONG_PTR ErrorOffset
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine checks the validity of the specified get quota buffer to
|
|
guarantee that its format is proper, no fields hang over, that it is
|
|
not recursive, etc.
|
|
|
|
Arguments:
|
|
|
|
QuotaBuffer - Pointer to the buffer containing the get quota structure
|
|
array to be checked.
|
|
|
|
QuotaLength - Specifies the length of the quota buffer.
|
|
|
|
ErrorOffset - A variable to receive the offset of the offending entry
|
|
in the quota buffer if an error is incurred. This variable is only
|
|
valid if an error occurs.
|
|
|
|
Return Value:
|
|
|
|
The function value is STATUS_SUCCESS if the get quota buffer contains a
|
|
valid, properly formed list, otherwise STATUS_QUOTA_LIST_INCONSISTENT.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
#define GET_OFFSET_LENGTH( CurrentSid, SidBase ) ( (ULONG) ((PCHAR) CurrentSid - (PCHAR) SidBase) )
|
|
|
|
LONG tempLength;
|
|
LONG entrySize;
|
|
PFILE_GET_QUOTA_INFORMATION sids;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Walk the buffer and ensure that its format is valid. That is, ensure
|
|
// that it does not walk off the end of the buffer, is not recursive, etc.
|
|
//
|
|
|
|
sids = QuotaBuffer;
|
|
tempLength = QuotaLength;
|
|
|
|
for (;;) {
|
|
|
|
//
|
|
// Ensure that the current entry is valid.
|
|
//
|
|
|
|
if ((tempLength < (LONG) (FIELD_OFFSET(FILE_GET_QUOTA_INFORMATION, Sid.SubAuthority) +
|
|
sizeof (sids->Sid.SubAuthority))) ||
|
|
!RtlValidSid( &sids->Sid)) {
|
|
|
|
*ErrorOffset = GET_OFFSET_LENGTH( sids, QuotaBuffer );
|
|
return STATUS_QUOTA_LIST_INCONSISTENT;
|
|
}
|
|
|
|
//
|
|
// Get the size of the current entry in the buffer.
|
|
//
|
|
|
|
entrySize = FIELD_OFFSET( FILE_GET_QUOTA_INFORMATION, Sid ) + RtlLengthSid( (&sids->Sid) );
|
|
|
|
if (sids->NextEntryOffset) {
|
|
|
|
//
|
|
// There is another entry in the buffer and it must be longword
|
|
// aligned. Ensure that the offset indicates that it is. If it
|
|
// isn't, return an invalid parameter status.
|
|
//
|
|
|
|
if (entrySize > (LONG) sids->NextEntryOffset ||
|
|
sids->NextEntryOffset & (sizeof( ULONG ) - 1)) {
|
|
*ErrorOffset = GET_OFFSET_LENGTH( sids, QuotaBuffer );
|
|
return STATUS_QUOTA_LIST_INCONSISTENT;
|
|
|
|
} else {
|
|
|
|
//
|
|
// There is another entry in the buffer, so account for the
|
|
// size of the current entry in the length and get a pointer
|
|
// to the next entry.
|
|
//
|
|
|
|
tempLength -= sids->NextEntryOffset;
|
|
if (tempLength < 0) {
|
|
*ErrorOffset = GET_OFFSET_LENGTH( sids, QuotaBuffer );
|
|
return STATUS_QUOTA_LIST_INCONSISTENT;
|
|
}
|
|
sids = (PFILE_GET_QUOTA_INFORMATION) ((PCHAR) sids + sids->NextEntryOffset);
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// There are no other entries in the buffer. Simply account for
|
|
// the overall buffer length according to the size of the current
|
|
// entry and exit the loop.
|
|
//
|
|
|
|
tempLength -= entrySize;
|
|
break;
|
|
}
|
|
}
|
|
|
|
//
|
|
// All of the entries in the buffer have been processed. Check to see
|
|
// whether the overall buffer length went negative. If so, return an
|
|
// error.
|
|
//
|
|
|
|
if (tempLength < 0) {
|
|
*ErrorOffset = GET_OFFSET_LENGTH( sids, QuotaBuffer );
|
|
return STATUS_QUOTA_LIST_INCONSISTENT;
|
|
}
|
|
|
|
//
|
|
// The format of the get quota buffer was correct, so simply return a
|
|
// success status code.
|
|
//
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
|
|
VOID
|
|
IopCompleteUnloadOrDelete(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN BOOLEAN OnCleanStack,
|
|
IN KIRQL Irql
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked when the reference count on a device object
|
|
transitions to a zero and the driver is mark for unload or device has
|
|
been marked for delete. This means that it may be possible to actually
|
|
unload the driver or delete the device object. If all
|
|
of the devices have a reference count of zero, then the driver is
|
|
actually unloaded. Note that in order to ensure that this routine is
|
|
not invoked twice, at the same time, on two different processors, the
|
|
I/O database spin lock is still held at this point.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Supplies a pointer to one of the driver's device objects,
|
|
namely the one whose reference count just went to zero.
|
|
|
|
OnCleanStack - Indicates whether the current thread is in the middle a
|
|
driver operation.
|
|
|
|
Irql - Specifies the IRQL of the processor at the time that the I/O
|
|
database lock was acquired.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PDRIVER_OBJECT driverObject;
|
|
PDEVICE_OBJECT deviceObject;
|
|
PDEVICE_OBJECT baseDeviceObject;
|
|
PDEVICE_OBJECT attachedDeviceObject;
|
|
PDEVOBJ_EXTENSION deviceExtension;
|
|
|
|
BOOLEAN unload = TRUE;
|
|
|
|
driverObject = DeviceObject->DriverObject;
|
|
|
|
if (DeviceObject->DeviceObjectExtension->ExtensionFlags & DOE_REMOVE_PENDING) {
|
|
|
|
//
|
|
// Run some tests to determine if it is an appropriate time to notify
|
|
// PnP that all file objects in the attachment chain have gone away.
|
|
//
|
|
|
|
baseDeviceObject = IopGetDeviceAttachmentBase( DeviceObject );
|
|
deviceExtension = baseDeviceObject->DeviceObjectExtension;
|
|
|
|
ASSERT(deviceExtension->DeviceNode != NULL);
|
|
|
|
//
|
|
// baseDeviceObject is a PDO, this is a PnP stack. See if
|
|
// an IRP_MN_REMOVE_DEVICE is pending.
|
|
//
|
|
|
|
// ASSERT(deviceNode->Flags & DNF_REMOVE_PENDING_CLOSES);
|
|
|
|
//
|
|
// PnP wants to be notified as soon as all refcounts on all devices in
|
|
// this attachment chain go away.
|
|
//
|
|
|
|
attachedDeviceObject = baseDeviceObject;
|
|
while (attachedDeviceObject != NULL) {
|
|
|
|
if (attachedDeviceObject->ReferenceCount != 0) {
|
|
|
|
//
|
|
// At least one device object in the attachment chain has
|
|
// an outstanding open.
|
|
//
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, Irql );
|
|
|
|
return;
|
|
}
|
|
attachedDeviceObject = attachedDeviceObject->AttachedDevice;
|
|
}
|
|
|
|
//
|
|
// Now one more time changing DOE_REMOVE_PENDING to
|
|
// DOE_REMOVE_PROCESSED.
|
|
//
|
|
|
|
attachedDeviceObject = baseDeviceObject;
|
|
while (attachedDeviceObject != NULL) {
|
|
|
|
deviceExtension = attachedDeviceObject->DeviceObjectExtension;
|
|
|
|
deviceExtension->ExtensionFlags &= ~DOE_REMOVE_PENDING;
|
|
deviceExtension->ExtensionFlags |= DOE_REMOVE_PROCESSED;
|
|
|
|
attachedDeviceObject = attachedDeviceObject->AttachedDevice;
|
|
}
|
|
|
|
//
|
|
// It is time to give PnP the notification it was waiting for. We have
|
|
// to release the spinlock before doing so.
|
|
//
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, Irql );
|
|
|
|
IopChainDereferenceComplete( baseDeviceObject, OnCleanStack );
|
|
|
|
return;
|
|
}
|
|
|
|
if (DeviceObject->DeviceObjectExtension->ExtensionFlags & DOE_DELETE_PENDING) {
|
|
|
|
if ((DeviceObject->DeviceObjectExtension->ExtensionFlags &
|
|
DOE_UNLOAD_PENDING) == 0 ||
|
|
driverObject->Flags & DRVO_UNLOAD_INVOKED) {
|
|
|
|
unload = FALSE;
|
|
}
|
|
|
|
//
|
|
// If another device is attached to this device, inform the former's
|
|
// driver that the device is being deleted.
|
|
//
|
|
|
|
if (DeviceObject->AttachedDevice) {
|
|
PFAST_IO_DISPATCH fastIoDispatch = DeviceObject->AttachedDevice->DriverObject->FastIoDispatch;
|
|
PDEVICE_OBJECT attachedDevice = DeviceObject->AttachedDevice;
|
|
|
|
//
|
|
// Increment the device reference count so the detach routine
|
|
// does not recurse back to here.
|
|
//
|
|
|
|
DeviceObject->ReferenceCount++;
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, Irql );
|
|
|
|
if (fastIoDispatch &&
|
|
fastIoDispatch->SizeOfFastIoDispatch > FIELD_OFFSET( FAST_IO_DISPATCH, FastIoDetachDevice ) &&
|
|
fastIoDispatch->FastIoDetachDevice) {
|
|
(fastIoDispatch->FastIoDetachDevice)( attachedDevice, DeviceObject );
|
|
}
|
|
|
|
Irql = KeAcquireQueuedSpinLock( LockQueueIoDatabaseLock );
|
|
|
|
//
|
|
// Restore the reference count value.
|
|
//
|
|
|
|
DeviceObject->ReferenceCount--;
|
|
|
|
if (DeviceObject->AttachedDevice ||
|
|
DeviceObject->ReferenceCount != 0) {
|
|
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, Irql );
|
|
return;
|
|
}
|
|
}
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, Irql );
|
|
|
|
//
|
|
// Deallocate the memory for the security descriptor that was allocated
|
|
// for this device object.
|
|
//
|
|
|
|
if (DeviceObject->SecurityDescriptor != (PSECURITY_DESCRIPTOR) NULL) {
|
|
ObDereferenceSecurityDescriptor( DeviceObject->SecurityDescriptor, 1 );
|
|
}
|
|
|
|
//
|
|
// Remove this device object from the driver object's list.
|
|
//
|
|
|
|
IopInsertRemoveDevice( DeviceObject->DriverObject, DeviceObject, FALSE );
|
|
|
|
//
|
|
// Finally, dereference the object so it is deleted.
|
|
//
|
|
|
|
ObDereferenceObject( DeviceObject );
|
|
|
|
//
|
|
// Return if the unload does not need to be done.
|
|
//
|
|
|
|
if (!unload) {
|
|
return;
|
|
}
|
|
|
|
//
|
|
// Reacquire the spin lock make sure the unload routine does has
|
|
// not been called.
|
|
//
|
|
|
|
Irql = KeAcquireQueuedSpinLock( LockQueueIoDatabaseLock );
|
|
|
|
if (driverObject->Flags & DRVO_UNLOAD_INVOKED) {
|
|
|
|
//
|
|
// Some other thread is doing the unload, release the lock and return.
|
|
//
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, Irql );
|
|
return;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Scan the list of device objects for this driver, looking for a
|
|
// non-zero reference count. If any reference count is non-zero, then
|
|
// the driver may not be unloaded.
|
|
//
|
|
|
|
deviceObject = driverObject->DeviceObject;
|
|
|
|
while (deviceObject) {
|
|
if (deviceObject->ReferenceCount || deviceObject->AttachedDevice ||
|
|
deviceObject->DeviceObjectExtension->ExtensionFlags & (DOE_DELETE_PENDING | DOE_REMOVE_PENDING)) {
|
|
unload = FALSE;
|
|
break;
|
|
}
|
|
deviceObject = deviceObject->NextDevice;
|
|
}
|
|
|
|
//
|
|
// If this is a base filesystem driver and we still have device objects
|
|
// skip the unload.
|
|
//
|
|
|
|
if (driverObject->Flags & DRVO_BASE_FILESYSTEM_DRIVER && driverObject->DeviceObject) {
|
|
unload = FALSE;
|
|
}
|
|
|
|
if (unload) {
|
|
driverObject->Flags |= DRVO_UNLOAD_INVOKED;
|
|
}
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, Irql );
|
|
|
|
//
|
|
// If the reference counts for all of the devices is zero, then this
|
|
// driver can now be unloaded.
|
|
//
|
|
|
|
if (unload) {
|
|
LOAD_PACKET loadPacket;
|
|
|
|
KeInitializeEvent( &loadPacket.Event, NotificationEvent, FALSE );
|
|
loadPacket.DriverObject = driverObject;
|
|
|
|
if (OnCleanStack) {
|
|
|
|
IopLoadUnloadDriver(&loadPacket);
|
|
|
|
} else {
|
|
|
|
ExInitializeWorkItem( &loadPacket.WorkQueueItem,
|
|
IopLoadUnloadDriver,
|
|
&loadPacket );
|
|
ExQueueWorkItem( &loadPacket.WorkQueueItem, DelayedWorkQueue );
|
|
(VOID) KeWaitForSingleObject( &loadPacket.Event,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
}
|
|
|
|
ObMakeTemporaryObject( driverObject );
|
|
ObDereferenceObject( driverObject );
|
|
}
|
|
}
|
|
|
|
VOID
|
|
IopCompletePageWrite(
|
|
IN PKAPC Apc,
|
|
IN PKNORMAL_ROUTINE *NormalRoutine,
|
|
IN PVOID *NormalContext,
|
|
IN PVOID *SystemArgument1,
|
|
IN PVOID *SystemArgument2
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine executes as a special kernel APC routine in the context of
|
|
the Modified Page Writer (MPW) system thread when an out-page operation
|
|
has completed.
|
|
|
|
This routine performs the following tasks:
|
|
|
|
o The I/O status is copied.
|
|
|
|
o The Modified Page Writer's APC routine is invoked.
|
|
|
|
Arguments:
|
|
|
|
Apc - Supplies a pointer to kernel APC structure.
|
|
|
|
NormalRoutine - Supplies a pointer to a pointer to the normal function
|
|
that was specified when the APC was initialized.
|
|
|
|
NormalContext - Supplies a pointer to a pointer to an arbitrary data
|
|
structure that was specified when the APC was initialized.
|
|
|
|
SystemArgument1 - Supplies a pointer to an argument that contains an
|
|
argument that is unused by this routine.
|
|
|
|
SystemArgument2 - Supplies a pointer to an argument that contains an
|
|
argument that is unused by this routine.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PIRP irp;
|
|
PIO_APC_ROUTINE apcRoutine;
|
|
PVOID apcContext;
|
|
PIO_STATUS_BLOCK ioStatus;
|
|
|
|
UNREFERENCED_PARAMETER( NormalRoutine );
|
|
UNREFERENCED_PARAMETER( NormalContext );
|
|
UNREFERENCED_PARAMETER( SystemArgument1 );
|
|
UNREFERENCED_PARAMETER( SystemArgument2 );
|
|
|
|
//
|
|
// Begin by getting the address of the I/O Request Packet from the APC.
|
|
//
|
|
|
|
irp = CONTAINING_RECORD( Apc, IRP, Tail.Apc );
|
|
|
|
//
|
|
// If this I/O operation did not complete successfully through the
|
|
// dispatch routine of the driver, then drop everything on the floor
|
|
// now and return to the original call point in the MPW.
|
|
//
|
|
|
|
if (!irp->PendingReturned && NT_ERROR( irp->IoStatus.Status )) {
|
|
IoFreeIrp( irp );
|
|
return;
|
|
}
|
|
|
|
//
|
|
// Copy the I/O status from the IRP into the caller's I/O status block.
|
|
//
|
|
|
|
*irp->UserIosb = irp->IoStatus;
|
|
|
|
//
|
|
// Copy the pertinent information from the I/O Request Packet into locals
|
|
// and free it.
|
|
//
|
|
|
|
apcRoutine = irp->Overlay.AsynchronousParameters.UserApcRoutine;
|
|
apcContext = irp->Overlay.AsynchronousParameters.UserApcContext;
|
|
ioStatus = irp->UserIosb;
|
|
|
|
IoFreeIrp( irp );
|
|
|
|
//
|
|
// Finally, invoke the MPW's APC routine.
|
|
//
|
|
|
|
apcRoutine( apcContext, ioStatus, 0 );
|
|
|
|
return;
|
|
}
|
|
|
|
|
|
VOID
|
|
IopCompleteRequest(
|
|
IN PKAPC Apc,
|
|
IN PKNORMAL_ROUTINE *NormalRoutine,
|
|
IN PVOID *NormalContext,
|
|
IN PVOID *SystemArgument1,
|
|
IN PVOID *SystemArgument2
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine executes as a special kernel APC routine in the context of
|
|
the thread which originally requested the I/O operation which is now
|
|
being completed.
|
|
|
|
This routine performs the following tasks:
|
|
|
|
o A check is made to determine whether the specified request ended
|
|
with an error status. If so, and the error code qualifies as one
|
|
which should be reported to an error port, then an error port is
|
|
looked for in the thread/process. If one exists, then this routine
|
|
will attempt to set up an LPC to it. Otherwise, it will attempt to
|
|
set up an LPC to the system error port.
|
|
|
|
o Copy buffers.
|
|
|
|
o Free MDLs.
|
|
|
|
o Copy I/O status.
|
|
|
|
o Set event, if any and dereference if appropriate.
|
|
|
|
o Dequeue the IRP from the thread queue as pending I/O request.
|
|
|
|
o Queue APC to thread, if any.
|
|
|
|
o If no APC is to be queued, then free the packet now.
|
|
|
|
|
|
Arguments:
|
|
|
|
Apc - Supplies a pointer to kernel APC structure.
|
|
|
|
NormalRoutine - Supplies a pointer to a pointer to the normal function
|
|
that was specified when the APC was initialied.
|
|
|
|
NormalContext - Supplies a pointer to a pointer to an arbitrary data
|
|
structure that was specified when the APC was initialized.
|
|
|
|
SystemArgument1 - Supplies a pointer to an argument that contains the
|
|
address of the original file object for this I/O operation.
|
|
|
|
SystemArgument2 - Supplies a pointer to an argument that contains an
|
|
argument that is used by this routine only in the case of STATUS_REPARSE.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
{
|
|
#define SynchronousIo( Irp, FileObject ) ( \
|
|
(Irp->Flags & IRP_SYNCHRONOUS_API) || \
|
|
(FileObject == NULL ? 0 : FileObject->Flags & FO_SYNCHRONOUS_IO) )
|
|
|
|
PIRP irp;
|
|
PMDL mdl, nextMdl;
|
|
PETHREAD thread;
|
|
PFILE_OBJECT fileObject;
|
|
NTSTATUS status;
|
|
|
|
UNREFERENCED_PARAMETER( NormalRoutine );
|
|
UNREFERENCED_PARAMETER( NormalContext );
|
|
|
|
//
|
|
// Begin by getting the address of the I/O Request Packet. Also, get
|
|
// the address of the current thread and the address of the original file
|
|
// object for this I/O operation.
|
|
//
|
|
|
|
irp = CONTAINING_RECORD( Apc, IRP, Tail.Apc );
|
|
thread = PsGetCurrentThread();
|
|
fileObject = (PFILE_OBJECT) *SystemArgument1;
|
|
|
|
IOVP_COMPLETE_REQUEST(Apc, SystemArgument1, SystemArgument2);
|
|
|
|
//
|
|
// Ensure that the packet is not being completed with a minus one. This
|
|
// is apparently a common problem in some drivers, and has no meaning
|
|
// as a status code.
|
|
//
|
|
|
|
ASSERT( irp->IoStatus.Status != 0xffffffff );
|
|
|
|
//
|
|
// See if we need to do the name transmogrify work.
|
|
//
|
|
|
|
if ( *SystemArgument2 != NULL ) {
|
|
|
|
PREPARSE_DATA_BUFFER reparseBuffer = NULL;
|
|
|
|
//
|
|
// The IO_REPARSE_TAG_MOUNT_POINT tag needs attention.
|
|
//
|
|
|
|
if ( irp->IoStatus.Status == STATUS_REPARSE &&
|
|
irp->IoStatus.Information == IO_REPARSE_TAG_MOUNT_POINT ) {
|
|
|
|
reparseBuffer = (PREPARSE_DATA_BUFFER) *SystemArgument2;
|
|
|
|
ASSERT( reparseBuffer->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT );
|
|
ASSERT( reparseBuffer->ReparseDataLength < MAXIMUM_REPARSE_DATA_BUFFER_SIZE );
|
|
ASSERT( reparseBuffer->Reserved < MAXIMUM_REPARSE_DATA_BUFFER_SIZE );
|
|
|
|
IopDoNameTransmogrify( irp,
|
|
fileObject,
|
|
reparseBuffer );
|
|
}
|
|
}
|
|
|
|
//
|
|
// Check to see whether there is any data in a system buffer which needs
|
|
// to be copied to the caller's buffer. If so, copy the data and then
|
|
// free the system buffer if necessary.
|
|
//
|
|
|
|
if (irp->Flags & IRP_BUFFERED_IO) {
|
|
|
|
//
|
|
// Copy the data if this was an input operation. Note that no copy
|
|
// is performed if the status indicates that a verify operation is
|
|
// required, or if the final status was an error-level severity.
|
|
//
|
|
|
|
if (irp->Flags & IRP_INPUT_OPERATION &&
|
|
irp->IoStatus.Status != STATUS_VERIFY_REQUIRED &&
|
|
!NT_ERROR( irp->IoStatus.Status )) {
|
|
|
|
//
|
|
// Copy the information from the system buffer to the caller's
|
|
// buffer. This is done with an exception handler in case
|
|
// the operation fails because the caller's address space
|
|
// has gone away, or it's protection has been changed while
|
|
// the service was executing.
|
|
//
|
|
|
|
try {
|
|
RtlCopyMemory( irp->UserBuffer,
|
|
irp->AssociatedIrp.SystemBuffer,
|
|
irp->IoStatus.Information );
|
|
} except(IopExceptionFilter(GetExceptionInformation(), &status)) {
|
|
|
|
//
|
|
// An exception occurred while attempting to copy the
|
|
// system buffer contents to the caller's buffer. Set
|
|
// a new I/O completion status.
|
|
// If the status is a special one set by Mm then we need to
|
|
// return here and the operation will be retried in
|
|
// IoRetryIrpCompletions.
|
|
//
|
|
|
|
if (status == STATUS_MULTIPLE_FAULT_VIOLATION) {
|
|
irp->Tail.Overlay.OriginalFileObject = fileObject; /* Wiped out by APC overlay */
|
|
irp->Flags |= IRP_RETRY_IO_COMPLETION;
|
|
return;
|
|
}
|
|
irp->IoStatus.Status = GetExceptionCode();
|
|
}
|
|
}
|
|
|
|
//
|
|
// Free the buffer if needed.
|
|
//
|
|
|
|
if (irp->Flags & IRP_DEALLOCATE_BUFFER) {
|
|
ExFreePool( irp->AssociatedIrp.SystemBuffer );
|
|
}
|
|
}
|
|
|
|
irp->Flags &= ~(IRP_DEALLOCATE_BUFFER|IRP_BUFFERED_IO);
|
|
|
|
//
|
|
// If there is an MDL (or MDLs) associated with this I/O request,
|
|
// Free it (them) here. This is accomplished by walking the MDL list
|
|
// hanging off of the IRP and deallocating each MDL encountered.
|
|
//
|
|
|
|
if (irp->MdlAddress) {
|
|
for (mdl = irp->MdlAddress; mdl != NULL; mdl = nextMdl) {
|
|
nextMdl = mdl->Next;
|
|
IoFreeMdl( mdl );
|
|
}
|
|
}
|
|
|
|
irp->MdlAddress = NULL;
|
|
|
|
//
|
|
// Check to see whether or not the I/O operation actually completed. If
|
|
// it did, then proceed normally. Otherwise, cleanup everything and get
|
|
// out of here.
|
|
//
|
|
|
|
if (!NT_ERROR( irp->IoStatus.Status ) ||
|
|
(NT_ERROR( irp->IoStatus.Status ) &&
|
|
irp->PendingReturned &&
|
|
!SynchronousIo( irp, fileObject ))) {
|
|
|
|
PVOID port = NULL;
|
|
PVOID key;
|
|
BOOLEAN createOperation = FALSE;
|
|
|
|
//
|
|
// If there is an I/O completion port object associated w/this request,
|
|
// save it here so that the file object can be dereferenced.
|
|
//
|
|
|
|
if (fileObject && fileObject->CompletionContext) {
|
|
port = fileObject->CompletionContext->Port;
|
|
key = fileObject->CompletionContext->Key;
|
|
}
|
|
|
|
//
|
|
// Copy the I/O status from the IRP into the caller's I/O status
|
|
// block. This is done using an exception handler in case the caller's
|
|
// virtual address space for the I/O status block was deleted or
|
|
// its protection was changed to readonly. Note that if the I/O
|
|
// status block cannot be written, the error is simply ignored since
|
|
// there is no way to tell the caller that something went wrong.
|
|
// This is, of course, by definition, since the I/O status block
|
|
// is where the caller will attempt to look for errors in the first
|
|
// place!
|
|
//
|
|
|
|
try {
|
|
|
|
//
|
|
// Since HasOverlappedIoCompleted and GetOverlappedResult only
|
|
// look at the Status field of the UserIosb to determine if the
|
|
// IRP has completed, the Information field must be written
|
|
// before the Status field.
|
|
//
|
|
|
|
#if defined(_WIN64)
|
|
PIO_STATUS_BLOCK32 UserIosb32;
|
|
|
|
//
|
|
// If the caller passes a 32 bit IOSB the ApcRoutine has the LSB set to 1
|
|
//
|
|
if (IopIsIosb32(irp->Overlay.AsynchronousParameters.UserApcRoutine)) {
|
|
UserIosb32 = (PIO_STATUS_BLOCK32)irp->UserIosb;
|
|
|
|
UserIosb32->Information = (ULONG)irp->IoStatus.Information;
|
|
KeMemoryBarrier ();
|
|
UserIosb32->Status = (NTSTATUS)irp->IoStatus.Status;
|
|
} else {
|
|
irp->UserIosb->Information = irp->IoStatus.Information;
|
|
KeMemoryBarrier ();
|
|
irp->UserIosb->Status = irp->IoStatus.Status;
|
|
}
|
|
#else
|
|
irp->UserIosb->Information = irp->IoStatus.Information;
|
|
KeMemoryBarrier ();
|
|
irp->UserIosb->Status = irp->IoStatus.Status;
|
|
#endif /*_WIN64 */
|
|
|
|
} except(IopExceptionFilter(GetExceptionInformation(), &status)) {
|
|
|
|
//
|
|
// An exception was incurred attempting to write the caller's
|
|
// I/O status block. Simply continue executing as if nothing
|
|
// ever happened since nothing can be done about it anyway.
|
|
// If the status is a multiple fault status, this is a special
|
|
// status sent by the Memory manager. Mark the IRP and return from
|
|
// this routine. Mm will call us back later and we will retry this
|
|
// operation (IoRetryIrpCompletions)
|
|
//
|
|
if (status == STATUS_MULTIPLE_FAULT_VIOLATION) {
|
|
irp->Tail.Overlay.OriginalFileObject = fileObject; /* Wiped out by APC overlay */
|
|
irp->Flags |= IRP_RETRY_IO_COMPLETION;
|
|
return;
|
|
}
|
|
}
|
|
|
|
|
|
//
|
|
// Determine whether the caller supplied an event that needs to be set
|
|
// to the Signaled state. If so, then set it; otherwise, set the event
|
|
// in the file object to the Signaled state.
|
|
//
|
|
// It is possible for the event to have been specified as a PKEVENT if
|
|
// this was an I/O operation hand-built for an FSP or an FSD, or
|
|
// some other types of operations such as synchronous I/O APIs. In
|
|
// any of these cases, the event was not referenced since it is not an
|
|
// object manager event, so it should not be dereferenced.
|
|
//
|
|
// Also, it is possible for there not to be a file object for this IRP.
|
|
// This occurs when an FSP is doing I/O operations to a device driver on
|
|
// behalf of a process doing I/O to a file. The file object cannot be
|
|
// dereferenced if this is the case. If this operation was a create
|
|
// operation then the object should not be dereferenced either. This
|
|
// is because the reference count must be one or it will go away for
|
|
// the caller (not much point in making an object that just got created
|
|
// go away).
|
|
//
|
|
|
|
if (irp->UserEvent) {
|
|
(VOID) KeSetEvent( irp->UserEvent, 0, FALSE );
|
|
if (fileObject) {
|
|
if (!(irp->Flags & IRP_SYNCHRONOUS_API)) {
|
|
ObDereferenceObject( irp->UserEvent );
|
|
}
|
|
if (fileObject->Flags & FO_SYNCHRONOUS_IO && !(irp->Flags & IRP_OB_QUERY_NAME)) {
|
|
(VOID) KeSetEvent( &fileObject->Event, 0, FALSE );
|
|
fileObject->FinalStatus = irp->IoStatus.Status;
|
|
}
|
|
if (irp->Flags & IRP_CREATE_OPERATION) {
|
|
createOperation = TRUE;
|
|
irp->Overlay.AsynchronousParameters.UserApcRoutine = (PIO_APC_ROUTINE) NULL;
|
|
}
|
|
}
|
|
} else if (fileObject) {
|
|
(VOID) KeSetEvent( &fileObject->Event, 0, FALSE );
|
|
fileObject->FinalStatus = irp->IoStatus.Status;
|
|
if (irp->Flags & IRP_CREATE_OPERATION) {
|
|
createOperation = TRUE;
|
|
irp->Overlay.AsynchronousParameters.UserApcRoutine = (PIO_APC_ROUTINE) NULL;
|
|
}
|
|
}
|
|
|
|
//
|
|
// If this is normal I/O, update the transfer count for this process.
|
|
//
|
|
|
|
if (!(irp->Flags & IRP_CREATE_OPERATION)) {
|
|
if (irp->Flags & IRP_READ_OPERATION) {
|
|
IopUpdateReadTransferCount( (ULONG) irp->IoStatus.Information );
|
|
} else if (irp->Flags & IRP_WRITE_OPERATION) {
|
|
IopUpdateWriteTransferCount( (ULONG) irp->IoStatus.Information );
|
|
} else {
|
|
//
|
|
// If the information field contains a pointer then skip the update.
|
|
// Some PNP IRPs contain this.
|
|
//
|
|
if (!((ULONG) irp->IoStatus.Information & 0x80000000)) {
|
|
IopUpdateOtherTransferCount( (ULONG) irp->IoStatus.Information );
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Dequeue the packet from the thread's pending I/O request list.
|
|
//
|
|
|
|
IopDequeueThreadIrp( irp );
|
|
|
|
//
|
|
// If the caller requested an APC, queue it to the thread. If not, then
|
|
// simply free the packet now.
|
|
//
|
|
|
|
#ifdef _WIN64
|
|
//
|
|
// For 64 bit systems clear the LSB field of the ApcRoutine that indicates whether
|
|
// the IOSB is a 32 bit IOSB or a 64 bit IOSB.
|
|
//
|
|
irp->Overlay.AsynchronousParameters.UserApcRoutine =
|
|
(PIO_APC_ROUTINE)((LONG_PTR)(irp->Overlay.AsynchronousParameters.UserApcRoutine) & ~1);
|
|
#endif
|
|
|
|
if (irp->Overlay.AsynchronousParameters.UserApcRoutine) {
|
|
KeInitializeApc( &irp->Tail.Apc,
|
|
&thread->Tcb,
|
|
CurrentApcEnvironment,
|
|
IopUserCompletion,
|
|
(PKRUNDOWN_ROUTINE) IopUserRundown,
|
|
(PKNORMAL_ROUTINE) irp->Overlay.AsynchronousParameters.UserApcRoutine,
|
|
irp->RequestorMode,
|
|
irp->Overlay.AsynchronousParameters.UserApcContext );
|
|
|
|
KeInsertQueueApc( &irp->Tail.Apc,
|
|
irp->UserIosb,
|
|
NULL,
|
|
2 );
|
|
|
|
} else if (port && irp->Overlay.AsynchronousParameters.UserApcContext) {
|
|
|
|
//
|
|
// If there is a completion context associated w/this I/O operation,
|
|
// send the message to the port. Tag completion packet as an Irp.
|
|
//
|
|
|
|
irp->Tail.CompletionKey = key;
|
|
irp->Tail.Overlay.PacketType = IopCompletionPacketIrp;
|
|
|
|
KeInsertQueue( (PKQUEUE) port,
|
|
&irp->Tail.Overlay.ListEntry );
|
|
|
|
} else {
|
|
|
|
//
|
|
// Free the IRP now since it is no longer needed.
|
|
//
|
|
|
|
IoFreeIrp( irp );
|
|
}
|
|
|
|
if (fileObject && !createOperation) {
|
|
|
|
//
|
|
// Dereference the file object now.
|
|
//
|
|
|
|
ObDereferenceObject( fileObject );
|
|
}
|
|
|
|
} else {
|
|
|
|
if (irp->PendingReturned && fileObject) {
|
|
|
|
//
|
|
// This is an I/O operation that completed as an error for
|
|
// which a pending status was returned and the I/O operation
|
|
// is synchronous. For this case, the I/O system is waiting
|
|
// on behalf of the caller. If the reason that the I/O was
|
|
// synchronous is that the file object was opened for synchronous
|
|
// I/O, then the event associated with the file object is set
|
|
// to the signaled state. If the I/O operation was synchronous
|
|
// because this is a synchronous API, then the event is set to
|
|
// the signaled state.
|
|
//
|
|
// Note also that the status must be returned for both types
|
|
// of synchronous I/O. If this is a synchronous API, then the
|
|
// I/O system supplies its own status block so it can simply
|
|
// be written; otherwise, the I/O system will obtain the final
|
|
// status from the file object itself.
|
|
//
|
|
|
|
if (irp->Flags & IRP_SYNCHRONOUS_API) {
|
|
*irp->UserIosb = irp->IoStatus;
|
|
if (irp->UserEvent) {
|
|
(VOID) KeSetEvent( irp->UserEvent, 0, FALSE );
|
|
} else {
|
|
(VOID) KeSetEvent( &fileObject->Event, 0, FALSE );
|
|
}
|
|
} else {
|
|
fileObject->FinalStatus = irp->IoStatus.Status;
|
|
(VOID) KeSetEvent( &fileObject->Event, 0, FALSE );
|
|
}
|
|
}
|
|
|
|
//
|
|
// The operation was incomplete. Perform the general cleanup. Note
|
|
// that everything is basically dropped on the floor without doing
|
|
// anything. That is:
|
|
//
|
|
// IoStatusBlock - Do nothing.
|
|
// Event - Dereference without setting to Signaled state.
|
|
// FileObject - Dereference without setting to Signaled state.
|
|
// ApcRoutine - Do nothing.
|
|
//
|
|
|
|
if (fileObject) {
|
|
if (!(irp->Flags & IRP_CREATE_OPERATION)) {
|
|
ObDereferenceObject( fileObject );
|
|
}
|
|
}
|
|
|
|
if (irp->UserEvent &&
|
|
fileObject &&
|
|
!(irp->Flags & IRP_SYNCHRONOUS_API)) {
|
|
ObDereferenceObject( irp->UserEvent );
|
|
}
|
|
|
|
IopDequeueThreadIrp( irp );
|
|
IoFreeIrp( irp );
|
|
}
|
|
}
|
|
|
|
VOID
|
|
IopConnectLinkTrackingPort(
|
|
IN PVOID Parameter
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to connect to the user-mode link tracking service's
|
|
LPC port. It makes a connection which establishes a handle to the port,
|
|
and then creates a referenced object pointer to the port.
|
|
|
|
Arguments:
|
|
|
|
Parameter - Pointer to the link tracking packet.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
|
|
--*/
|
|
|
|
{
|
|
#define MESSAGE_SIZE ( (2 * sizeof( FILE_VOLUMEID_WITH_TYPE )) + \
|
|
sizeof( FILE_OBJECTID_BUFFER ) + \
|
|
sizeof( GUID ) + \
|
|
sizeof( NTSTATUS ) + \
|
|
sizeof( ULONG ) )
|
|
|
|
PLINK_TRACKING_PACKET ltp;
|
|
HANDLE serviceHandle;
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE();
|
|
//
|
|
// Begin by getting a pointer to the link tracking packet.
|
|
//
|
|
|
|
ltp = (PLINK_TRACKING_PACKET) Parameter;
|
|
|
|
|
|
//
|
|
// Ensure that the port has not already been opened.
|
|
//
|
|
|
|
status = STATUS_SUCCESS;
|
|
if (!IopLinkTrackingServiceObject) {
|
|
|
|
UNICODE_STRING portName;
|
|
ULONG maxMessageLength;
|
|
SECURITY_QUALITY_OF_SERVICE dynamicQos;
|
|
|
|
if (KeReadStateEvent( IopLinkTrackingServiceEvent )) {
|
|
|
|
//
|
|
// Attempt to open a handle to the port.
|
|
//
|
|
|
|
//
|
|
// Set up the security quality of service parameters to use over the
|
|
// port. Use the most efficient (least overhead) which is dynamic
|
|
// rather than static tracking.
|
|
//
|
|
|
|
dynamicQos.ImpersonationLevel = SecurityImpersonation;
|
|
dynamicQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
|
|
dynamicQos.EffectiveOnly = TRUE;
|
|
|
|
//
|
|
// Generate the string structure for describing the port.
|
|
//
|
|
|
|
RtlInitUnicodeString( &portName, L"\\Security\\TRKWKS_PORT" );
|
|
|
|
status = NtConnectPort( &serviceHandle,
|
|
&portName,
|
|
&dynamicQos,
|
|
(PPORT_VIEW) NULL,
|
|
(PREMOTE_PORT_VIEW) NULL,
|
|
&maxMessageLength,
|
|
(PVOID) NULL,
|
|
(PULONG) NULL );
|
|
if (NT_SUCCESS( status )) {
|
|
if (maxMessageLength >= MESSAGE_SIZE) {
|
|
status = ObReferenceObjectByHandle( serviceHandle,
|
|
0,
|
|
LpcPortObjectType,
|
|
KernelMode,
|
|
&IopLinkTrackingServiceObject,
|
|
NULL );
|
|
NtClose( serviceHandle );
|
|
} else {
|
|
NtClose( serviceHandle );
|
|
status = STATUS_INVALID_PARAMETER;
|
|
}
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// The service has not been started so the port does not exist.
|
|
//
|
|
|
|
status = STATUS_OBJECT_NAME_NOT_FOUND;
|
|
}
|
|
}
|
|
|
|
|
|
//
|
|
// Return final status and wake the caller up.
|
|
//
|
|
ltp->FinalStatus = status;
|
|
KeSetEvent( <p->Event, 0, FALSE );
|
|
}
|
|
|
|
VOID
|
|
IopDisassociateThreadIrp(
|
|
VOID
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked when the I/O requests for a thread are being
|
|
cancelled, but there is a packet at the end of the thread's queue that
|
|
has not been completed for such a long period of time that it has timed
|
|
out. It is this routine's responsibility to try to disassociate that
|
|
IRP with this thread.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
KIRQL irql;
|
|
KIRQL spIrql;
|
|
PIRP irp;
|
|
PETHREAD thread;
|
|
PLIST_ENTRY entry;
|
|
PIO_STACK_LOCATION irpSp;
|
|
PDEVICE_OBJECT deviceObject;
|
|
NTSTATUS status;
|
|
PIO_ERROR_LOG_PACKET errorLogEntry;
|
|
|
|
//
|
|
// Begin by ensuring that the packet has not already been removed from
|
|
// the thread's queue.
|
|
//
|
|
|
|
KeRaiseIrql( APC_LEVEL, &irql );
|
|
|
|
thread = PsGetCurrentThread();
|
|
|
|
//
|
|
// If there are no packets on the IRP list, then simply return now.
|
|
// All of the packets have been fully completed, so the caller will also
|
|
// simply return to its caller.
|
|
//
|
|
|
|
if (IsListEmpty( &thread->IrpList )) {
|
|
KeLowerIrql( irql );
|
|
return;
|
|
}
|
|
|
|
//
|
|
// Get a pointer to the first packet on the queue, and begin examining
|
|
// it. Note that because the processor is at raised IRQL, and because
|
|
// the packet can only be removed in the context of the currently
|
|
// executing thread, that it is not possible for the packet to be removed
|
|
// from the list. On the other hand, it IS possible for the packet to
|
|
// be queued to the thread's APC list at this point, and this must be
|
|
// blocked/synchronized in order to examine the request.
|
|
//
|
|
// Begin, therefore, by acquiring the I/O completion spinlock, so that
|
|
// the packet can be safely examined.
|
|
//
|
|
|
|
spIrql = KeAcquireQueuedSpinLock( LockQueueIoCompletionLock );
|
|
|
|
//
|
|
// Check to see whether or not the packet has been completed (that is,
|
|
// queued to the current thread). If not, change threads.
|
|
//
|
|
|
|
entry = thread->IrpList.Flink;
|
|
irp = CONTAINING_RECORD( entry, IRP, ThreadListEntry );
|
|
|
|
if (irp->CurrentLocation == irp->StackCount + 2) {
|
|
|
|
//
|
|
// The request has just gone through enough of completion that
|
|
// queueing it to the thread is inevitable. Simply release the
|
|
// lock and return.
|
|
//
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoCompletionLock, spIrql );
|
|
KeLowerIrql( irql );
|
|
return;
|
|
}
|
|
|
|
//
|
|
// The packet has been located, and it is not going through completion
|
|
// at this point. Switch threads, so that it will not complete through
|
|
// this thread, remove the request from this thread's queue, and release
|
|
// the spinlock. Final processing of the IRP will occur when I/O
|
|
// completion notices that there is no thread associated with the
|
|
// request. It will essentially drop the I/O on the floor.
|
|
//
|
|
// Also, while the request is still held, attempt to determine on which
|
|
// device object the operation is being performed.
|
|
//
|
|
|
|
////
|
|
////DbgPrint( "Disassociating Irp: %x\n", irp );
|
|
////DbgBreakPoint();
|
|
////
|
|
|
|
IopDeadIrp = irp;
|
|
|
|
irp->Tail.Overlay.Thread = (PETHREAD) NULL;
|
|
entry = RemoveHeadList( &thread->IrpList );
|
|
|
|
// Initialize the thread entry. Otherwise the assertion in IoFreeIrp
|
|
// called via IopDeadIrp will fail.
|
|
InitializeListHead (&(irp)->ThreadListEntry);
|
|
|
|
irpSp = IoGetCurrentIrpStackLocation( irp );
|
|
if (irp->CurrentLocation <= irp->StackCount) {
|
|
deviceObject = irpSp->DeviceObject;
|
|
} else {
|
|
deviceObject = (PDEVICE_OBJECT) NULL;
|
|
}
|
|
KeReleaseQueuedSpinLock( LockQueueIoCompletionLock, spIrql );
|
|
KeLowerIrql( irql );
|
|
|
|
//
|
|
// If a device object could be identified then try to write to the event log about this
|
|
// device object.
|
|
//
|
|
|
|
if (deviceObject) {
|
|
errorLogEntry = IoAllocateErrorLogEntry(deviceObject, sizeof(IO_ERROR_LOG_PACKET));
|
|
if (errorLogEntry) {
|
|
errorLogEntry->ErrorCode = IO_DRIVER_CANCEL_TIMEOUT;
|
|
IoWriteErrorLogEntry(errorLogEntry);
|
|
}
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
VOID
|
|
IopDeallocateApc(
|
|
IN PKAPC Apc,
|
|
IN PKNORMAL_ROUTINE *NormalRoutine,
|
|
IN PVOID *NormalContext,
|
|
IN PVOID *SystemArgument1,
|
|
IN PVOID *SystemArgument2
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to deallocate an APC that was used to queue a
|
|
request to a target thread. It simple deallocates the APC.
|
|
|
|
Arguments:
|
|
|
|
Apc - Supplies a pointer to kernel APC structure.
|
|
|
|
NormalRoutine - Supplies a pointer to a pointer to the normal function
|
|
that was specified when the APC was initialied.
|
|
|
|
NormalContext - Supplies a pointer to a pointer to an arbitrary data
|
|
structure that was specified when the APC was initialized.
|
|
|
|
SystemArgument1, SystemArgument2 - Supplies a set of two pointers to
|
|
two arguments that contain untyped data.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
UNREFERENCED_PARAMETER( NormalRoutine );
|
|
UNREFERENCED_PARAMETER( NormalContext );
|
|
UNREFERENCED_PARAMETER( SystemArgument1 );
|
|
UNREFERENCED_PARAMETER( SystemArgument2 );
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Free the APC.
|
|
//
|
|
|
|
ExFreePool( Apc );
|
|
}
|
|
|
|
VOID
|
|
IopDropIrp(
|
|
IN PIRP Irp,
|
|
IN PFILE_OBJECT FileObject
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine attempts to drop everything about the specified IRP on the
|
|
floor.
|
|
|
|
Arguments:
|
|
|
|
Irp - Supplies the I/O Request Packet to be completed to the bit bucket.
|
|
|
|
FileObject - Supplies the file object for which the I/O Request Packet was
|
|
bound.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PMDL mdl;
|
|
PMDL nextMdl;
|
|
|
|
//
|
|
// Free the resources associated with the IRP.
|
|
//
|
|
|
|
if (Irp->Flags & IRP_DEALLOCATE_BUFFER) {
|
|
ExFreePool( Irp->AssociatedIrp.SystemBuffer );
|
|
}
|
|
|
|
if (Irp->MdlAddress) {
|
|
for (mdl = Irp->MdlAddress; mdl; mdl = nextMdl) {
|
|
nextMdl = mdl->Next;
|
|
IoFreeMdl( mdl );
|
|
}
|
|
}
|
|
|
|
if (Irp->UserEvent &&
|
|
FileObject &&
|
|
!(Irp->Flags & IRP_SYNCHRONOUS_API)) {
|
|
ObDereferenceObject( Irp->UserEvent );
|
|
}
|
|
|
|
if (FileObject && !(Irp->Flags & IRP_CREATE_OPERATION)) {
|
|
ObDereferenceObject( FileObject );
|
|
}
|
|
|
|
//
|
|
// Finally, free the IRP itself.
|
|
//
|
|
|
|
IoFreeIrp( Irp );
|
|
}
|
|
|
|
LONG
|
|
IopExceptionFilter(
|
|
IN PEXCEPTION_POINTERS ExceptionPointer,
|
|
OUT PNTSTATUS ExceptionCode
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked when an exception occurs to determine whether or
|
|
not the exception was due to an error that caused an in-page error status
|
|
code exception to be raised. If so, then this routine changes the code
|
|
in the exception record to the actual error code that was originally
|
|
raised.
|
|
|
|
Arguments:
|
|
|
|
ExceptionPointer - Pointer to the exception record.
|
|
|
|
ExceptionCode - Variable to receive actual exception code.
|
|
|
|
Return Value:
|
|
|
|
The function value indicates that the exception handler is to be executed.
|
|
|
|
--*/
|
|
|
|
{
|
|
//
|
|
// Simply check for an in-page error status code and, if the conditions
|
|
// are right, replace it with the actual status code.
|
|
//
|
|
|
|
*ExceptionCode = ExceptionPointer->ExceptionRecord->ExceptionCode;
|
|
if (*ExceptionCode == STATUS_IN_PAGE_ERROR &&
|
|
ExceptionPointer->ExceptionRecord->NumberParameters >= 3) {
|
|
*ExceptionCode = (LONG) ExceptionPointer->ExceptionRecord->ExceptionInformation[2];
|
|
}
|
|
|
|
//
|
|
// Translate alignment warnings into alignment errors.
|
|
//
|
|
|
|
if (*ExceptionCode == STATUS_DATATYPE_MISALIGNMENT) {
|
|
*ExceptionCode = STATUS_DATATYPE_MISALIGNMENT_ERROR;
|
|
}
|
|
|
|
return EXCEPTION_EXECUTE_HANDLER;
|
|
}
|
|
|
|
VOID
|
|
IopExceptionCleanup(
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PIRP Irp,
|
|
IN PKEVENT EventObject OPTIONAL,
|
|
IN PKEVENT KernelEvent OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine performs generalized cleanup for the I/O system services when
|
|
an exception occurs during caller parameter processing. This routine
|
|
performs the following steps:
|
|
|
|
o If a system buffer was allocated it is freed.
|
|
|
|
o If an MDL was allocated it is freed.
|
|
|
|
o The IRP is freed.
|
|
|
|
o If the file object is opened for synchronous I/O, the semaphore
|
|
is released.
|
|
|
|
o If an event object was referenced it is dereferenced.
|
|
|
|
o If a kernel event was allocated, free it.
|
|
|
|
o The file object is dereferenced.
|
|
|
|
Arguments:
|
|
|
|
FileObject - Pointer to the file object currently being worked on.
|
|
|
|
Irp - Pointer to the IRP allocated to handle the I/O request.
|
|
|
|
EventObject - Optional pointer to a referenced event object.
|
|
|
|
KernelEvent - Optional pointer to an allocated kernel event.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// If a system buffer was allocated from nonpaged pool, free it.
|
|
//
|
|
|
|
if (Irp->AssociatedIrp.SystemBuffer != NULL) {
|
|
ExFreePool( Irp->AssociatedIrp.SystemBuffer );
|
|
}
|
|
|
|
//
|
|
// If an MDL was allocated, free it.
|
|
//
|
|
|
|
if (Irp->MdlAddress != NULL) {
|
|
IoFreeMdl( Irp->MdlAddress );
|
|
}
|
|
|
|
//
|
|
// Free the I/O Request Packet.
|
|
//
|
|
|
|
IoFreeIrp( Irp );
|
|
|
|
//
|
|
// Finally, release the synchronization semaphore if it is currently
|
|
// held, dereference the event if one was specified, free the kernel
|
|
// event if one was allocated, and dereference the file object.
|
|
//
|
|
|
|
if (FileObject->Flags & FO_SYNCHRONOUS_IO) {
|
|
IopReleaseFileObjectLock( FileObject );
|
|
}
|
|
|
|
if (ARGUMENT_PRESENT( EventObject )) {
|
|
ObDereferenceObject( EventObject );
|
|
}
|
|
|
|
if (ARGUMENT_PRESENT( KernelEvent )) {
|
|
ExFreePool( KernelEvent );
|
|
}
|
|
|
|
ObDereferenceObject( FileObject );
|
|
|
|
return;
|
|
}
|
|
|
|
VOID
|
|
IopFreeIrpAndMdls(
|
|
IN PIRP Irp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine frees the specified I/O Request Packet and all of its Memory
|
|
Descriptor Lists.
|
|
|
|
Arguments:
|
|
|
|
Irp - Pointer to the I/O Request Packet to be freed.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PMDL mdl;
|
|
PMDL nextMdl;
|
|
|
|
//
|
|
// If there are any MDLs that need to be freed, free them now.
|
|
//
|
|
|
|
for (mdl = Irp->MdlAddress; mdl != (PMDL) NULL; mdl = nextMdl) {
|
|
nextMdl = mdl->Next;
|
|
IoFreeMdl( mdl );
|
|
}
|
|
|
|
//
|
|
// Free the IRP.
|
|
//
|
|
|
|
IoFreeIrp( Irp );
|
|
return;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopGetDriverNameFromKeyNode(
|
|
IN HANDLE KeyHandle,
|
|
OUT PUNICODE_STRING DriverName
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Given a handle to a driver service list key in the registry, return the
|
|
name that represents the Object Manager name space string that should
|
|
be used to locate/create the driver object.
|
|
|
|
Arguments:
|
|
|
|
KeyHandle - Supplies a handle to driver service entry in the registry.
|
|
|
|
DriverName - Supplies a Unicode string descriptor variable in which the
|
|
name of the driver is returned.
|
|
|
|
Return Value:
|
|
|
|
The function value is the final status of the operation.
|
|
|
|
--*/
|
|
|
|
{
|
|
PKEY_VALUE_FULL_INFORMATION keyValueInformation;
|
|
PKEY_BASIC_INFORMATION keyBasicInformation;
|
|
ULONG keyBasicLength;
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Get the optional object name for this driver from the value for this
|
|
// key. If one exists, then its name overrides the default name of the
|
|
// driver.
|
|
//
|
|
|
|
status = IopGetRegistryValue( KeyHandle,
|
|
L"ObjectName",
|
|
&keyValueInformation );
|
|
|
|
if (NT_SUCCESS( status )) {
|
|
|
|
PWSTR src, dst;
|
|
ULONG i;
|
|
|
|
//
|
|
// The driver entry specifies an object name. This overrides the
|
|
// default name for the driver. Use this name to open the driver
|
|
// object.
|
|
//
|
|
|
|
if (!keyValueInformation->DataLength) {
|
|
ExFreePool( keyValueInformation );
|
|
return STATUS_ILL_FORMED_SERVICE_ENTRY;
|
|
}
|
|
|
|
DriverName->Length = (USHORT) (keyValueInformation->DataLength - sizeof( WCHAR ));
|
|
DriverName->MaximumLength = (USHORT) keyValueInformation->DataLength;
|
|
|
|
src = (PWSTR) ((PUCHAR) keyValueInformation + keyValueInformation->DataOffset);
|
|
dst = (PWSTR) keyValueInformation;
|
|
for (i = DriverName->Length; i; i--) {
|
|
*dst++ = *src++;
|
|
}
|
|
|
|
DriverName->Buffer = (PWSTR) keyValueInformation;
|
|
|
|
} else {
|
|
|
|
PULONG driverType;
|
|
PWSTR baseObjectName;
|
|
UNICODE_STRING remainderName;
|
|
|
|
//
|
|
// The driver node does not specify an object name, so determine
|
|
// what the default name for the driver object should be based on
|
|
// the information in the key.
|
|
//
|
|
|
|
status = IopGetRegistryValue( KeyHandle,
|
|
L"Type",
|
|
&keyValueInformation );
|
|
if (!NT_SUCCESS( status ) || !keyValueInformation->DataLength) {
|
|
|
|
//
|
|
// There must be some type of "Type" associated with this driver,
|
|
// either DRIVER or FILE_SYSTEM. Otherwise, this node is ill-
|
|
// formed.
|
|
//
|
|
|
|
if (NT_SUCCESS( status )) {
|
|
ExFreePool( keyValueInformation );
|
|
}
|
|
|
|
return STATUS_ILL_FORMED_SERVICE_ENTRY;
|
|
}
|
|
|
|
//
|
|
// Now determine whether the type of this entry is a driver or a
|
|
// file system. Begin by assuming that it is a device driver.
|
|
//
|
|
|
|
baseObjectName = L"\\Driver\\";
|
|
DriverName->Length = 8*2;
|
|
|
|
driverType = (PULONG) ((PUCHAR) keyValueInformation + keyValueInformation->DataOffset);
|
|
|
|
if (*driverType == FileSystemType ||
|
|
*driverType == RecognizerType) {
|
|
baseObjectName = L"\\FileSystem\\";
|
|
DriverName->Length = 12*2;
|
|
}
|
|
|
|
//
|
|
// Get the name of the key that is being used to describe this
|
|
// driver. This will return just the last component of the name
|
|
// string, which can be used to formulate the name of the driver.
|
|
//
|
|
|
|
status = ZwQueryKey( KeyHandle,
|
|
KeyBasicInformation,
|
|
(PVOID) NULL,
|
|
0,
|
|
&keyBasicLength );
|
|
|
|
keyBasicInformation = ExAllocatePool( NonPagedPool, keyBasicLength );
|
|
if (!keyBasicInformation) {
|
|
ExFreePool( keyValueInformation );
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
status = ZwQueryKey( KeyHandle,
|
|
KeyBasicInformation,
|
|
keyBasicInformation,
|
|
keyBasicLength,
|
|
&keyBasicLength );
|
|
if (!NT_SUCCESS( status )) {
|
|
ExFreePool( keyBasicInformation );
|
|
ExFreePool( keyValueInformation );
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Allocate a buffer from pool that is large enough to contain the
|
|
// entire name string of the driver object.
|
|
//
|
|
|
|
DriverName->MaximumLength = (USHORT) (DriverName->Length + keyBasicInformation->NameLength);
|
|
DriverName->Buffer = ExAllocatePool( NonPagedPool,
|
|
DriverName->MaximumLength );
|
|
if (!DriverName->Buffer) {
|
|
ExFreePool( keyBasicInformation );
|
|
ExFreePool( keyValueInformation );
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
//
|
|
// Now form the name of the object to be opened.
|
|
//
|
|
|
|
DriverName->Length = 0;
|
|
RtlAppendUnicodeToString( DriverName, baseObjectName );
|
|
remainderName.Length = (USHORT) keyBasicInformation->NameLength;
|
|
remainderName.MaximumLength = remainderName.Length;
|
|
remainderName.Buffer = &keyBasicInformation->Name[0];
|
|
RtlAppendUnicodeStringToString( DriverName, &remainderName );
|
|
ExFreePool( keyBasicInformation );
|
|
ExFreePool( keyValueInformation );
|
|
}
|
|
|
|
//
|
|
// Finally, simply return to the caller with the name filled in. Note
|
|
// that the caller must free the buffer pointed to by the Buffer field
|
|
// of the Unicode string descriptor.
|
|
//
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopGetFileInformation(
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG Length,
|
|
IN FILE_INFORMATION_CLASS FileInformationClass,
|
|
OUT PVOID FileInformation,
|
|
OUT PULONG ReturnedLength
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to asynchronously obtain the name or other information
|
|
of a file object when the file was opened for synchronous I/O, and the previous mode of the
|
|
caller was kernel mode, and the query was done through the Object Manager.
|
|
In this case, the situation is likely that the Lazy Writer has incurred a
|
|
write error, and it is attempting to obtain the name of the file so that it
|
|
can output a popup. In doing so, a deadlock can occur because another
|
|
thread has locked the file object synchronous I/O lock. Hence, this routine
|
|
obtains the name of the file w/o acquiring that lock.
|
|
|
|
Arguments:
|
|
|
|
FileObject - A pointer to the file object whose name is to be queried.
|
|
|
|
Length - Supplies the length of the buffer to receive the name.
|
|
|
|
FileInformation - A pointer to the buffer to receive the name.
|
|
|
|
ReturnedLength - A variable to receive the length of the name returned.
|
|
|
|
Return Value:
|
|
|
|
The status returned is the final completion status of the operation.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PIRP irp;
|
|
NTSTATUS status;
|
|
PDEVICE_OBJECT deviceObject;
|
|
KEVENT event;
|
|
PIO_STACK_LOCATION irpSp;
|
|
IO_STATUS_BLOCK localIoStatus;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Reference the file object here so that no special checks need be made
|
|
// in I/O completion to determine whether or not to dereference the file
|
|
// object.
|
|
//
|
|
|
|
ObReferenceObject( FileObject );
|
|
|
|
//
|
|
// Initialize an event that will be used to synchronize the completion of
|
|
// the query operation. Note that this is the only way to synchronize this
|
|
// since the file object itself cannot be used since it was opened for
|
|
// synchronous I/O and may be busy.
|
|
//
|
|
|
|
KeInitializeEvent( &event, SynchronizationEvent, FALSE );
|
|
|
|
//
|
|
// Get the address of the target device object.
|
|
//
|
|
|
|
deviceObject = IoGetRelatedDeviceObject( FileObject );
|
|
|
|
//
|
|
// Allocate and initialize the I/O Request Packet (IRP) for this operation.
|
|
//
|
|
|
|
irp = IoAllocateIrp( deviceObject->StackSize, FALSE );
|
|
if (!irp) {
|
|
|
|
//
|
|
// An IRP could not be allocated. Cleanup and return an appropriate
|
|
// error status code.
|
|
//
|
|
|
|
ObDereferenceObject( FileObject );
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
irp->Tail.Overlay.OriginalFileObject = FileObject;
|
|
irp->Tail.Overlay.Thread = PsGetCurrentThread();
|
|
irp->RequestorMode = KernelMode;
|
|
|
|
//
|
|
// Fill in the service independent parameters in the IRP. Note that the
|
|
// setting of the special query name flag in the packet guarantees that the
|
|
// standard completion for a synchronous file object will not occur because
|
|
// this flag communicates to the I/O completion that it should not do so.
|
|
//
|
|
|
|
irp->UserEvent = &event;
|
|
irp->Flags = IRP_SYNCHRONOUS_API | IRP_OB_QUERY_NAME;
|
|
irp->UserIosb = &localIoStatus;
|
|
irp->Overlay.AsynchronousParameters.UserApcRoutine = (PIO_APC_ROUTINE) NULL;
|
|
|
|
//
|
|
// Get a pointer to the stack location for the first driver. This will be
|
|
// used to pass the original function codes and parameters.
|
|
//
|
|
|
|
irpSp = IoGetNextIrpStackLocation( irp );
|
|
irpSp->MajorFunction = IRP_MJ_QUERY_INFORMATION;
|
|
irpSp->FileObject = FileObject;
|
|
|
|
//
|
|
// Set the system buffer address to the address of the caller's buffer and
|
|
// set the flags so that the buffer is not deallocated.
|
|
//
|
|
|
|
irp->AssociatedIrp.SystemBuffer = FileInformation;
|
|
irp->Flags |= IRP_BUFFERED_IO;
|
|
|
|
//
|
|
// Copy the caller's parameters to the service-specific portion of the
|
|
// IRP.
|
|
//
|
|
|
|
irpSp->Parameters.QueryFile.Length = Length;
|
|
irpSp->Parameters.QueryFile.FileInformationClass = FileInformationClass;
|
|
|
|
//
|
|
// Insert the packet at the head of the IRP list for the thread.
|
|
//
|
|
|
|
IopQueueThreadIrp( irp );
|
|
|
|
//
|
|
// Now simply invoke the driver at its dispatch entry with the IRP.
|
|
//
|
|
|
|
status = IoCallDriver( deviceObject, irp );
|
|
|
|
//
|
|
// Now get the final status of the operation once the request completes
|
|
// and return the length of the buffer written.
|
|
//
|
|
|
|
if (status == STATUS_PENDING) {
|
|
(VOID) KeWaitForSingleObject( &event,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
status = localIoStatus.Status;
|
|
}
|
|
|
|
*ReturnedLength = (ULONG) localIoStatus.Information;
|
|
return status;
|
|
}
|
|
|
|
BOOLEAN
|
|
IopGetMountFlag(
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to determine whether or not the specified device
|
|
is mounted.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Supplies a pointer to the device object for which the mount
|
|
flag is tested.
|
|
|
|
Return Value:
|
|
|
|
The function value is TRUE if the specified device is mounted, otherwise
|
|
FALSE.
|
|
|
|
|
|
--*/
|
|
|
|
{
|
|
KIRQL irql;
|
|
BOOLEAN deviceMounted = FALSE;
|
|
|
|
//
|
|
// Check to see whether or not the device is mounted. Note that the caller
|
|
// has probably already looked to see whether or not the device has a VPB
|
|
// outside of owning the lock, so simply get the lock and check it again
|
|
// to start with, rather than checking to see whether or not the device
|
|
// still has a VPB without holding the lock.
|
|
//
|
|
|
|
irql = KeAcquireQueuedSpinLock( LockQueueIoVpbLock );
|
|
if (DeviceObject->Vpb) {
|
|
if (DeviceObject->Vpb->Flags & VPB_MOUNTED) {
|
|
deviceMounted = TRUE;
|
|
}
|
|
}
|
|
KeReleaseQueuedSpinLock( LockQueueIoVpbLock, irql );
|
|
|
|
return deviceMounted;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopGetRegistryKeyInformation(
|
|
IN HANDLE KeyHandle,
|
|
OUT PKEY_FULL_INFORMATION *Information
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to retrieve the full key information for a
|
|
registry key. This is done by querying the full key information
|
|
of the key with a zero-length buffer to determine the size of the data,
|
|
and then allocating a buffer and actually querying the data into the buffer.
|
|
|
|
It is the responsibility of the caller to free the buffer.
|
|
|
|
Arguments:
|
|
|
|
KeyHandle - Supplies the key handle whose full key information is to
|
|
be queried
|
|
|
|
Information - Returns a pointer to the allocated data buffer.
|
|
|
|
Return Value:
|
|
|
|
The function value is the final status of the query operation.
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS status;
|
|
PKEY_FULL_INFORMATION infoBuffer;
|
|
ULONG keyInfoLength;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Figure out how big the data value is so that a buffer of the
|
|
// appropriate size can be allocated.
|
|
//
|
|
|
|
status = ZwQueryKey( KeyHandle,
|
|
KeyFullInformation,
|
|
(PVOID) NULL,
|
|
0,
|
|
&keyInfoLength );
|
|
if (status != STATUS_BUFFER_OVERFLOW &&
|
|
status != STATUS_BUFFER_TOO_SMALL) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Allocate a buffer large enough to contain the entire key data.
|
|
//
|
|
|
|
infoBuffer = ExAllocatePool( NonPagedPool, keyInfoLength );
|
|
if (!infoBuffer) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
//
|
|
// Query the full key data for the key.
|
|
//
|
|
|
|
status = ZwQueryKey( KeyHandle,
|
|
KeyFullInformation,
|
|
infoBuffer,
|
|
keyInfoLength,
|
|
&keyInfoLength );
|
|
if (!NT_SUCCESS( status )) {
|
|
ExFreePool( infoBuffer );
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Everything worked, so simply return the address of the allocated
|
|
// buffer to the caller, who is now responsible for freeing it.
|
|
//
|
|
|
|
*Information = infoBuffer;
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopGetRegistryValue(
|
|
IN HANDLE KeyHandle,
|
|
IN PWSTR ValueName,
|
|
OUT PKEY_VALUE_FULL_INFORMATION *Information
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to retrieve the data for a registry key's value.
|
|
This is done by querying the value of the key with a zero-length buffer
|
|
to determine the size of the value, and then allocating a buffer and
|
|
actually querying the value into the buffer.
|
|
|
|
It is the responsibility of the caller to free the buffer.
|
|
|
|
Arguments:
|
|
|
|
KeyHandle - Supplies the key handle whose value is to be queried
|
|
|
|
ValueName - Supplies the null-terminated Unicode name of the value.
|
|
|
|
Information - Returns a pointer to the allocated data buffer.
|
|
|
|
Return Value:
|
|
|
|
The function value is the final status of the query operation.
|
|
|
|
--*/
|
|
|
|
{
|
|
UNICODE_STRING unicodeString;
|
|
NTSTATUS status;
|
|
PKEY_VALUE_FULL_INFORMATION infoBuffer;
|
|
ULONG keyValueLength, guessSize, dataSize;
|
|
|
|
PAGED_CODE();
|
|
|
|
RtlInitUnicodeString( &unicodeString, ValueName );
|
|
|
|
//
|
|
// Set an initial size to try when loading a key. Note that
|
|
// KeyValueFullInformation already comes with a single WCHAR of data.
|
|
//
|
|
guessSize = sizeof(KEY_VALUE_FULL_INFORMATION) +
|
|
wcslen(ValueName)*sizeof(WCHAR);
|
|
|
|
//
|
|
// Now round up to a natural alignment. This needs to be done because our
|
|
// data member will naturally aligned as well.
|
|
//
|
|
guessSize = (ULONG) ALIGN_POINTER_OFFSET(guessSize);
|
|
|
|
//
|
|
// Set the data cache length to a ULONG's worth of data, because most data
|
|
// we read via this function is type REG_DWORD.
|
|
//
|
|
guessSize += sizeof(ULONG);
|
|
|
|
infoBuffer = ExAllocatePool(NonPagedPool, guessSize);
|
|
if (!infoBuffer) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
//
|
|
// Figure out how big the data value is so that a buffer of the
|
|
// appropriate size can be allocated.
|
|
//
|
|
|
|
status = ZwQueryValueKey( KeyHandle,
|
|
&unicodeString,
|
|
KeyValueFullInformation,
|
|
(PVOID) infoBuffer,
|
|
guessSize,
|
|
&keyValueLength );
|
|
if (NT_SUCCESS(status)) {
|
|
|
|
//
|
|
// First guess worked, bail!
|
|
//
|
|
*Information = infoBuffer;
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
ExFreePool(infoBuffer);
|
|
if (status != STATUS_BUFFER_OVERFLOW &&
|
|
status != STATUS_BUFFER_TOO_SMALL) {
|
|
|
|
ASSERT(!NT_SUCCESS(status));
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Allocate a buffer large enough to contain the entire key data value.
|
|
//
|
|
|
|
infoBuffer = ExAllocatePool( NonPagedPool, keyValueLength );
|
|
if (!infoBuffer) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
//
|
|
// Query the data for the key value.
|
|
//
|
|
|
|
status = ZwQueryValueKey( KeyHandle,
|
|
&unicodeString,
|
|
KeyValueFullInformation,
|
|
infoBuffer,
|
|
keyValueLength,
|
|
&keyValueLength );
|
|
if (!NT_SUCCESS( status )) {
|
|
ExFreePool( infoBuffer );
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Everything worked, so simply return the address of the allocated
|
|
// buffer to the caller, who is now responsible for freeing it.
|
|
//
|
|
|
|
*Information = infoBuffer;
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopGetRegistryValues(
|
|
IN HANDLE KeyHandle,
|
|
IN PKEY_VALUE_FULL_INFORMATION *ValueList
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to retrieve the *three* types of data for a
|
|
registry key's. This is done by calling the IopGetRegistryValue function
|
|
with the three valid key names.
|
|
|
|
It is the responsibility of the caller to free the three buffers.
|
|
|
|
Arguments:
|
|
|
|
KeyHandle - Supplies the key handle whose value is to be queried
|
|
|
|
ValueList - Pointer to a buffer in which the three pointers to the value
|
|
entries will be stored.
|
|
|
|
Return Value:
|
|
|
|
The function value is the final status of the query operation.
|
|
|
|
Note:
|
|
|
|
The values are stored in the order represented by the I/O query device
|
|
data format.
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Zero out all entries initially.
|
|
//
|
|
|
|
*ValueList = NULL;
|
|
*(ValueList + 1) = NULL;
|
|
*(ValueList + 2) = NULL;
|
|
|
|
//
|
|
// Get the information for each of the three types of entries available.
|
|
// Each time, check if an internal error occurred; If the object name was
|
|
// not found, it only means not data was present, and this does not
|
|
// constitute an error.
|
|
//
|
|
|
|
status = IopGetRegistryValue( KeyHandle,
|
|
L"Identifier",
|
|
ValueList );
|
|
|
|
if (!NT_SUCCESS( status ) && (status != STATUS_OBJECT_NAME_NOT_FOUND)) {
|
|
return status;
|
|
}
|
|
|
|
status = IopGetRegistryValue( KeyHandle,
|
|
L"Configuration Data",
|
|
++ValueList );
|
|
|
|
if (!NT_SUCCESS( status ) && (status != STATUS_OBJECT_NAME_NOT_FOUND)) {
|
|
return status;
|
|
}
|
|
|
|
status = IopGetRegistryValue( KeyHandle,
|
|
L"Component Information",
|
|
++ValueList );
|
|
|
|
if (!NT_SUCCESS( status ) && (status != STATUS_OBJECT_NAME_NOT_FOUND)) {
|
|
return status;
|
|
}
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopGetSetObjectId(
|
|
IN PFILE_OBJECT FileObject,
|
|
IN OUT PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN ULONG Function
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to obtain or set the object ID for a file. If
|
|
one does not exist for the file, then one is created, provided that the
|
|
underlying file system supports object IDs in the first place (query).
|
|
|
|
Arguments:
|
|
|
|
FileObject - Supplies a pointer to the referenced file object whose ID is
|
|
to be returned or set.
|
|
|
|
Buffer - A variable to receive the object ID of the file (query) or that
|
|
contains the object ID that is to be set on the file.
|
|
|
|
Length - The length of the Buffer.
|
|
|
|
Function - The FSCTL to send.
|
|
FSCTL_LMR_GET_LINK_TRACKING_INFORMATION;
|
|
FSCTL_CREATE_OR_GET_OBJECT_ID;
|
|
FSCTL_GET_OBJECT_ID;
|
|
FSCTL_SET_OBJECT_ID_EXTENDED;
|
|
FSCTL_LMR_SET_LINK_TRACKING_INFORMATION;
|
|
FSCTL_SET_OBJECT_ID_EXTENDED;
|
|
FSCTL_SET_OBJECT_ID;
|
|
FSCTL_DELETE_OBJECT_ID;
|
|
|
|
Return Value:
|
|
|
|
The status returned is the final completion status of the operation.
|
|
|
|
--*/
|
|
|
|
{
|
|
IO_STATUS_BLOCK ioStatus;
|
|
NTSTATUS status;
|
|
PIRP irp;
|
|
KEVENT event;
|
|
PIO_STACK_LOCATION irpSp;
|
|
PDEVICE_OBJECT deviceObject;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Initialize the event structure to synchronize completion of the I/O
|
|
// request.
|
|
//
|
|
|
|
KeInitializeEvent( &event,
|
|
NotificationEvent,
|
|
FALSE );
|
|
|
|
//
|
|
// Build an I/O Request Packet to be sent to the file system driver to get
|
|
// the object ID.
|
|
//
|
|
|
|
deviceObject = IoGetRelatedDeviceObject( FileObject );
|
|
|
|
irp = IoBuildDeviceIoControlRequest( Function,
|
|
deviceObject,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
0,
|
|
FALSE,
|
|
&event,
|
|
&ioStatus );
|
|
if (!irp) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
//
|
|
// Fill in the remainder of the IRP to retrieve the object ID for the
|
|
// file.
|
|
//
|
|
|
|
irp->Flags |= IRP_SYNCHRONOUS_API;
|
|
irp->UserBuffer = Buffer;
|
|
irp->AssociatedIrp.SystemBuffer = Buffer;
|
|
irp->Tail.Overlay.OriginalFileObject = FileObject;
|
|
|
|
irpSp = IoGetNextIrpStackLocation( irp );
|
|
irpSp->FileObject = FileObject;
|
|
irpSp->MajorFunction = IRP_MJ_FILE_SYSTEM_CONTROL;
|
|
irpSp->MinorFunction = IRP_MN_KERNEL_CALL;
|
|
|
|
if (Function == FSCTL_LMR_GET_LINK_TRACKING_INFORMATION ||
|
|
Function == FSCTL_CREATE_OR_GET_OBJECT_ID ||
|
|
Function == FSCTL_GET_OBJECT_ID ) {
|
|
irpSp->Parameters.FileSystemControl.OutputBufferLength = Length;
|
|
} else {
|
|
irpSp->Parameters.FileSystemControl.InputBufferLength = Length;
|
|
}
|
|
|
|
//
|
|
// Take out another reference to the file object to guarantee that it does
|
|
// not get deleted.
|
|
//
|
|
|
|
ObReferenceObject( FileObject );
|
|
|
|
//
|
|
// Call the driver to get the request.
|
|
//
|
|
|
|
status = IoCallDriver( deviceObject, irp );
|
|
|
|
//
|
|
// Synchronize completion of the request.
|
|
//
|
|
|
|
if (status == STATUS_PENDING) {
|
|
status = KeWaitForSingleObject( &event,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
status = ioStatus.Status;
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopGetVolumeId(
|
|
IN PFILE_OBJECT FileObject,
|
|
IN OUT PFILE_VOLUMEID_WITH_TYPE ObjectId,
|
|
IN ULONG Length
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked by the I/O System link tracking code to obtain the
|
|
volume ID for a file that has been moved or is being moved between volumes
|
|
and potentially between systems.
|
|
|
|
Arguments:
|
|
|
|
FileObject - Supplies the file object for the file.
|
|
|
|
ObjectId - A buffer to receive the volume object ID.
|
|
|
|
Length - Length of the buffer.
|
|
|
|
Return Value:
|
|
|
|
The final function value is the final completion status of the operation.
|
|
|
|
--*/
|
|
|
|
{
|
|
IO_STATUS_BLOCK ioStatus;
|
|
NTSTATUS status;
|
|
PIRP irp;
|
|
KEVENT event;
|
|
PIO_STACK_LOCATION irpSp;
|
|
PDEVICE_OBJECT deviceObject;
|
|
FILE_FS_OBJECTID_INFORMATION volumeId;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Initialize the event structure to synchronize completion of the I/O
|
|
// request.
|
|
//
|
|
|
|
KeInitializeEvent( &event,
|
|
NotificationEvent,
|
|
FALSE );
|
|
|
|
//
|
|
// Build an I/O Request Packet to be sent to the file system driver to get
|
|
// the volume ID.
|
|
//
|
|
|
|
deviceObject = IoGetRelatedDeviceObject( FileObject );
|
|
|
|
irp = IoBuildDeviceIoControlRequest( 0,
|
|
deviceObject,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
0,
|
|
FALSE,
|
|
&event,
|
|
&ioStatus );
|
|
if (!irp) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
//
|
|
// Fill in the remainder of the IRP to retrieve the volume ID for the
|
|
// file.
|
|
//
|
|
|
|
irp->Flags |= IRP_SYNCHRONOUS_API;
|
|
irp->UserBuffer = &volumeId;
|
|
irp->AssociatedIrp.SystemBuffer = &volumeId;
|
|
irp->Tail.Overlay.OriginalFileObject = FileObject;
|
|
|
|
irpSp = IoGetNextIrpStackLocation( irp );
|
|
irpSp->FileObject = FileObject;
|
|
irpSp->MajorFunction = IRP_MJ_QUERY_VOLUME_INFORMATION;
|
|
irpSp->Parameters.QueryVolume.Length = sizeof( volumeId );
|
|
irpSp->Parameters.QueryVolume.FsInformationClass = FileFsObjectIdInformation;
|
|
|
|
//
|
|
// Take out another reference to the file object to guarantee that it does
|
|
// not get deleted.
|
|
//
|
|
|
|
ObReferenceObject( FileObject );
|
|
|
|
//
|
|
// Call the driver to get the request.
|
|
//
|
|
|
|
status = IoCallDriver( deviceObject, irp );
|
|
|
|
//
|
|
// Synchronize completion of the request.
|
|
//
|
|
|
|
if (status == STATUS_PENDING) {
|
|
status = KeWaitForSingleObject( &event,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
status = ioStatus.Status;
|
|
}
|
|
|
|
//
|
|
// If the file system returned the volume ID, copy it to the caller's
|
|
// buffer and set the file system tracking type.
|
|
//
|
|
|
|
if (NT_SUCCESS( status )) {
|
|
ObjectId->Type = NtfsLinkTrackingInformation;
|
|
RtlCopyMemory( ObjectId->VolumeId,
|
|
&volumeId.ObjectId,
|
|
sizeof( GUID ) );
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
PIOP_HARD_ERROR_PACKET
|
|
IopRemoveHardErrorPacket(
|
|
VOID
|
|
)
|
|
{
|
|
PIOP_HARD_ERROR_PACKET hardErrorPacket;
|
|
KIRQL oldIrql;
|
|
PVOID entry;
|
|
|
|
ExAcquireFastLock( &IopHardError.WorkQueueSpinLock, &oldIrql );
|
|
|
|
//
|
|
// The work queue structures are now exclusively owned, so remove the
|
|
// first packet from the head of the list.
|
|
//
|
|
|
|
entry = RemoveHeadList( &IopHardError.WorkQueue );
|
|
|
|
hardErrorPacket = CONTAINING_RECORD( entry,
|
|
IOP_HARD_ERROR_PACKET,
|
|
WorkQueueLinks );
|
|
|
|
IopCurrentHardError = hardErrorPacket;
|
|
|
|
ExReleaseFastLock( &IopHardError.WorkQueueSpinLock, oldIrql );
|
|
|
|
return hardErrorPacket;
|
|
}
|
|
|
|
BOOLEAN
|
|
IopCheckHardErrorEmpty(
|
|
VOID
|
|
)
|
|
{
|
|
BOOLEAN MoreEntries;
|
|
KIRQL oldIrql;
|
|
|
|
MoreEntries = TRUE;
|
|
|
|
ExAcquireFastLock( &IopHardError.WorkQueueSpinLock, &oldIrql );
|
|
|
|
IopCurrentHardError = NULL;
|
|
|
|
if ( IsListEmpty( &IopHardError.WorkQueue ) ) {
|
|
IopHardError.ThreadStarted = FALSE;
|
|
MoreEntries = FALSE;
|
|
}
|
|
|
|
ExReleaseFastLock( &IopHardError.WorkQueueSpinLock, oldIrql );
|
|
|
|
return MoreEntries;
|
|
}
|
|
|
|
VOID
|
|
IopHardErrorThread(
|
|
IN PVOID StartContext
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function waits for work on the IopHardErrorQueue, and all calls
|
|
IopRaiseInformationalHardError to actually perform the pop-ups.
|
|
|
|
Arguments:
|
|
|
|
StartContext - Startup context; not used.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
ULONG parameterPresent;
|
|
ULONG_PTR errorParameter;
|
|
ULONG errorResponse;
|
|
BOOLEAN MoreEntries;
|
|
PIOP_HARD_ERROR_PACKET hardErrorPacket;
|
|
|
|
UNREFERENCED_PARAMETER( StartContext );
|
|
|
|
PAGED_CODE();
|
|
//
|
|
// Loop, waiting forever for a hard error packet to be sent to this thread.
|
|
// When one is placed onto the queue, wake up, process it, and continue
|
|
// the loop.
|
|
//
|
|
|
|
MoreEntries = TRUE;
|
|
|
|
do {
|
|
|
|
(VOID) KeWaitForSingleObject( &IopHardError.WorkQueueSemaphore,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
|
|
hardErrorPacket = IopRemoveHardErrorPacket();
|
|
|
|
|
|
//
|
|
// Simply raise the hard error if the system is ready to accept one.
|
|
//
|
|
|
|
errorParameter = (ULONG_PTR) &hardErrorPacket->String;
|
|
parameterPresent = (hardErrorPacket->String.Buffer != NULL);
|
|
|
|
if (ExReadyForErrors) {
|
|
(VOID) ExRaiseHardError( hardErrorPacket->ErrorStatus,
|
|
parameterPresent,
|
|
parameterPresent,
|
|
parameterPresent ? &errorParameter : NULL,
|
|
OptionOkNoWait,
|
|
&errorResponse );
|
|
}
|
|
|
|
//
|
|
// If this was the last entry, exit the thread and mark it as so.
|
|
//
|
|
|
|
MoreEntries = IopCheckHardErrorEmpty();
|
|
|
|
//
|
|
// Now free the packet and the buffer, if one was specified.
|
|
//
|
|
|
|
if (hardErrorPacket->String.Buffer) {
|
|
ExFreePool( hardErrorPacket->String.Buffer );
|
|
}
|
|
|
|
ExFreePool( hardErrorPacket );
|
|
|
|
} while ( MoreEntries );
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
IopInvalidDeviceRequest(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function is the default dispatch routine for all driver entries
|
|
not implemented by drivers that have been loaded into the system. Its
|
|
responsibility is simply to set the status in the packet to indicate
|
|
that the operation requested is invalid for this device type, and then
|
|
complete the packet.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Specifies the device object for which this request is
|
|
bound. Ignored by this routine.
|
|
|
|
Irp - Specifies the address of the I/O Request Packet (IRP) for this
|
|
request.
|
|
|
|
Return Value:
|
|
|
|
The final status is always STATUS_INVALID_DEVICE_REQUEST.
|
|
|
|
|
|
--*/
|
|
|
|
{
|
|
UNREFERENCED_PARAMETER( DeviceObject );
|
|
|
|
//
|
|
// Simply store the appropriate status, complete the request, and return
|
|
// the same status stored in the packet.
|
|
//
|
|
|
|
if ((IoGetCurrentIrpStackLocation(Irp))->MajorFunction == IRP_MJ_POWER) {
|
|
PoStartNextPowerIrp(Irp);
|
|
}
|
|
Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
|
|
IoCompleteRequest( Irp, IO_NO_INCREMENT );
|
|
return STATUS_INVALID_DEVICE_REQUEST;
|
|
}
|
|
|
|
BOOLEAN
|
|
IopIsSameMachine(
|
|
IN PFILE_OBJECT SourceFile,
|
|
IN HANDLE TargetFile
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to determine whether two file objects that represent
|
|
files on remote machines actually reside on the same physical system.
|
|
|
|
Arguments:
|
|
|
|
SourceFile - Supplies the file object for the first file.
|
|
|
|
TargetFile - Supplies the file object for the second file.
|
|
|
|
Return Value:
|
|
|
|
The final function value is TRUE if the files reside on the same machine,
|
|
otherwise FALSE is returned.
|
|
|
|
--*/
|
|
|
|
{
|
|
PDEVICE_OBJECT deviceObject;
|
|
PFAST_IO_DISPATCH fastIoDispatch;
|
|
NTSTATUS status = STATUS_NOT_SAME_DEVICE;
|
|
IO_STATUS_BLOCK ioStatus;
|
|
HANDLE target = TargetFile;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Simply invoke the device I/O control function to determine whether or
|
|
// not the two files are on the same server. If the fast I/O path does
|
|
// not exist, or the function fails for any reason, then the two files are
|
|
// assumed to not be on the same machine. Note that this simply means
|
|
// that there will be a performance penalty on open of the target, but
|
|
// the above will only fail if the two files really aren't on the same
|
|
// machine in the first place, or if there's a filter that doesn't under-
|
|
// stand what is being done here.
|
|
//
|
|
|
|
deviceObject = IoGetRelatedDeviceObject( SourceFile );
|
|
|
|
fastIoDispatch = deviceObject->DriverObject->FastIoDispatch;
|
|
if (fastIoDispatch && fastIoDispatch->FastIoDeviceControl) {
|
|
if (fastIoDispatch->FastIoDeviceControl( SourceFile,
|
|
TRUE,
|
|
(PVOID) &target,
|
|
sizeof( target ),
|
|
(PVOID) NULL,
|
|
0,
|
|
IOCTL_LMR_ARE_FILE_OBJECTS_ON_SAME_SERVER,
|
|
&ioStatus,
|
|
deviceObject )) {
|
|
status = ioStatus.Status;
|
|
}
|
|
}
|
|
|
|
return status == STATUS_SUCCESS;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopBuildFullDriverPath(
|
|
IN PUNICODE_STRING KeyName,
|
|
IN HANDLE KeyHandle,
|
|
OUT PUNICODE_STRING FullPath
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine builds up the full path for the driver. If ImagePath is
|
|
specified, use it or else prepend the standard drivers path.
|
|
|
|
Arguments:
|
|
|
|
KeyHandle - Supplies a handle to the driver service node in the registry
|
|
that describes the driver to be loaded.
|
|
|
|
CheckForSafeBoot - If TRUE, the driver will be loaded only if it belongs
|
|
to the list of safe mode OK binaries.
|
|
|
|
FullPath - Full driver path is returned in this.
|
|
|
|
Return Value:
|
|
|
|
STATUS_SUCCESS or STATUS_INSUFFICIENT_RESOURCES.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS status;
|
|
PWCHAR path, name, ext;
|
|
ULONG pathLength, nameLength, extLength;
|
|
PKEY_VALUE_FULL_INFORMATION keyValueInformation;
|
|
|
|
FullPath->Length = FullPath->MaximumLength = 0;
|
|
FullPath->Buffer = NULL;
|
|
extLength = nameLength = pathLength = 0;
|
|
keyValueInformation = NULL;
|
|
status = IopGetRegistryValue( KeyHandle,
|
|
L"ImagePath",
|
|
&keyValueInformation);
|
|
if (NT_SUCCESS(status) && keyValueInformation->DataLength) {
|
|
|
|
nameLength = keyValueInformation->DataLength - sizeof(WCHAR);
|
|
name = (PWCHAR)KEY_VALUE_DATA(keyValueInformation);
|
|
if (name[0] != L'\\') {
|
|
|
|
path = L"\\SystemRoot\\";
|
|
pathLength = sizeof(L"\\SystemRoot\\") - sizeof(UNICODE_NULL);
|
|
}
|
|
} else {
|
|
|
|
nameLength = KeyName->Length;
|
|
name = KeyName->Buffer;
|
|
pathLength = sizeof(L"\\SystemRoot\\System32\\Drivers\\") - sizeof(UNICODE_NULL);
|
|
path = L"\\SystemRoot\\System32\\Drivers\\";
|
|
extLength = sizeof(L".SYS") - sizeof(UNICODE_NULL);
|
|
ext = L".SYS";
|
|
}
|
|
//
|
|
// Allocate storage for the full path.
|
|
//
|
|
FullPath->MaximumLength = (USHORT)(pathLength + nameLength + extLength + sizeof(UNICODE_NULL));
|
|
FullPath->Buffer = ExAllocatePool(PagedPool, FullPath->MaximumLength);
|
|
if (FullPath->Buffer) {
|
|
|
|
FullPath->Length = FullPath->MaximumLength - sizeof(UNICODE_NULL);
|
|
//
|
|
// Create the full path by combining path, name and ext.
|
|
//
|
|
if (pathLength) {
|
|
|
|
RtlCopyMemory(FullPath->Buffer, path, pathLength);
|
|
}
|
|
if (nameLength) {
|
|
|
|
RtlCopyMemory((PUCHAR)FullPath->Buffer + pathLength, name, nameLength);
|
|
}
|
|
if (extLength) {
|
|
|
|
RtlCopyMemory((PUCHAR)FullPath->Buffer + pathLength + nameLength, ext, extLength);
|
|
}
|
|
//
|
|
// NULL terminate the full path.
|
|
//
|
|
FullPath->Buffer[FullPath->Length / sizeof(WCHAR)] = UNICODE_NULL;
|
|
status = STATUS_SUCCESS;
|
|
|
|
} else {
|
|
|
|
FullPath->MaximumLength = 0;
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
//
|
|
// Clean up on the way out.
|
|
//
|
|
if (keyValueInformation) {
|
|
|
|
ExFreePool(keyValueInformation);
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopLoadDriver(
|
|
IN HANDLE KeyHandle,
|
|
IN BOOLEAN CheckForSafeBoot,
|
|
IN BOOLEAN IsFilter,
|
|
OUT NTSTATUS *DriverEntryStatus
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to load a device or file system driver, either
|
|
during system initialization, or dynamically while the system is running.
|
|
|
|
Arguments:
|
|
|
|
KeyHandle - Supplies a handle to the driver service node in the registry
|
|
that describes the driver to be loaded.
|
|
|
|
IsFilter - TRUE if the driver is a WDM filter, FALSE otherwise.
|
|
|
|
CheckForSafeBoot - If TRUE, the driver will be loaded only if it belongs
|
|
to the list of safe mode OK binaries.
|
|
|
|
DriverEntryStatus - Receives status returned by DriverEntry(...)
|
|
|
|
Return Value:
|
|
|
|
The function value is the final status of the load operation. If
|
|
STATUS_FAILED_DRIVER_ENTRY is returned, the driver's return value
|
|
is stored in DriverEntryStatus.
|
|
|
|
Notes:
|
|
|
|
Note that this routine closes the KeyHandle before returning.
|
|
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS status;
|
|
PLIST_ENTRY nextEntry;
|
|
PKLDR_DATA_TABLE_ENTRY driverEntry;
|
|
PKEY_BASIC_INFORMATION keyBasicInformation = NULL;
|
|
ULONG keyBasicLength;
|
|
UNICODE_STRING baseName;
|
|
UNICODE_STRING serviceName = {0, 0, NULL};
|
|
OBJECT_ATTRIBUTES objectAttributes;
|
|
PVOID sectionPointer;
|
|
UNICODE_STRING driverName;
|
|
PDRIVER_OBJECT driverObject;
|
|
PIMAGE_NT_HEADERS ntHeaders;
|
|
PVOID imageBaseAddress;
|
|
ULONG_PTR entryPoint;
|
|
HANDLE driverHandle;
|
|
ULONG i;
|
|
POBJECT_NAME_INFORMATION registryPath;
|
|
#if DBG
|
|
LARGE_INTEGER stime, etime;
|
|
ULONG dtime;
|
|
#endif
|
|
|
|
PAGED_CODE();
|
|
|
|
driverName.Buffer = (PWSTR) NULL;
|
|
*DriverEntryStatus = STATUS_SUCCESS;
|
|
baseName.Buffer = NULL;
|
|
|
|
//
|
|
// Begin by formulating the name of the driver image file to be loaded.
|
|
// Note that this is used to determine whether or not the driver has
|
|
// already been loaded by the OS loader, not necessarily in actually
|
|
// loading the driver image, since the node can override that name.
|
|
//
|
|
|
|
status = NtQueryKey( KeyHandle,
|
|
KeyBasicInformation,
|
|
(PVOID) NULL,
|
|
0,
|
|
&keyBasicLength );
|
|
if (status != STATUS_BUFFER_OVERFLOW &&
|
|
status != STATUS_BUFFER_TOO_SMALL) {
|
|
status = STATUS_ILL_FORMED_SERVICE_ENTRY;
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
keyBasicInformation = ExAllocatePool( NonPagedPool,
|
|
keyBasicLength + (4 * 2) );
|
|
if (!keyBasicInformation) {
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
status = NtQueryKey( KeyHandle,
|
|
KeyBasicInformation,
|
|
keyBasicInformation,
|
|
keyBasicLength,
|
|
&keyBasicLength );
|
|
if (!NT_SUCCESS( status )) {
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
//
|
|
// Create a Unicode string descriptor which forms the name of the
|
|
// driver.
|
|
//
|
|
|
|
baseName.Length = (USHORT) keyBasicInformation->NameLength;
|
|
baseName.MaximumLength = (USHORT) (baseName.Length + (4 * 2));
|
|
baseName.Buffer = &keyBasicInformation->Name[0];
|
|
|
|
serviceName.Buffer = ExAllocatePool(PagedPool, baseName.Length + sizeof(UNICODE_NULL));
|
|
if (serviceName.Buffer) {
|
|
serviceName.Length = baseName.Length;
|
|
serviceName.MaximumLength = serviceName.Length + sizeof(UNICODE_NULL);
|
|
RtlCopyMemory(serviceName.Buffer, baseName.Buffer, baseName.Length);
|
|
serviceName.Buffer[serviceName.Length / sizeof(WCHAR)] = UNICODE_NULL;
|
|
}
|
|
#if DBG
|
|
else {
|
|
DbgPrint("IopLoadDriver: No memory available for Service Keyname\n");
|
|
}
|
|
#endif
|
|
|
|
RtlAppendUnicodeToString( &baseName, L".SYS" );
|
|
|
|
//
|
|
// Log the file name
|
|
//
|
|
HeadlessKernelAddLogEntry(HEADLESS_LOG_LOADING_FILENAME, &baseName);
|
|
|
|
if (CheckForSafeBoot && InitSafeBootMode) {
|
|
|
|
BOOLEAN GroupIsGood = FALSE;
|
|
UNICODE_STRING string;
|
|
PKEY_VALUE_PARTIAL_INFORMATION keyValue;
|
|
UCHAR nameBuffer[FIELD_OFFSET(KEY_VALUE_PARTIAL_INFORMATION, Data) + 64];
|
|
ULONG length;
|
|
|
|
RtlInitUnicodeString( &string, L"Group" );
|
|
keyValue = (PKEY_VALUE_PARTIAL_INFORMATION)nameBuffer;
|
|
RtlZeroMemory(nameBuffer, sizeof(nameBuffer));
|
|
|
|
status = NtQueryValueKey(
|
|
KeyHandle,
|
|
&string,
|
|
KeyValuePartialInformation,
|
|
keyValue,
|
|
sizeof(nameBuffer),
|
|
&length
|
|
);
|
|
if (NT_SUCCESS(status)) {
|
|
|
|
string.Length = (USHORT)(keyValue->DataLength - sizeof(WCHAR));
|
|
string.MaximumLength = string.Length;
|
|
string.Buffer = (PWSTR)keyValue->Data;
|
|
|
|
if (IopSafebootDriverLoad(&string)) {
|
|
GroupIsGood = TRUE;
|
|
}
|
|
}
|
|
|
|
if (!GroupIsGood && !IopSafebootDriverLoad(&baseName)) {
|
|
//
|
|
// don't load the driver
|
|
//
|
|
|
|
IopBootLog(&baseName, FALSE);
|
|
|
|
DbgPrint("SAFEBOOT: skipping device = %wZ(%wZ)\n",&baseName,&string);
|
|
HeadlessKernelAddLogEntry(HEADLESS_LOG_LOAD_SUCCESSFUL, NULL);
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// See if this driver has already been loaded by the boot loader.
|
|
//
|
|
|
|
//
|
|
// No need to do KeEnterCriticalRegion as this is called
|
|
// from system process only.
|
|
//
|
|
ExAcquireResourceSharedLite( &PsLoadedModuleResource, TRUE );
|
|
nextEntry = PsLoadedModuleList.Flink;
|
|
while (nextEntry != &PsLoadedModuleList) {
|
|
|
|
//
|
|
// Look at the next boot driver in the list.
|
|
//
|
|
|
|
driverEntry = CONTAINING_RECORD( nextEntry,
|
|
KLDR_DATA_TABLE_ENTRY,
|
|
InLoadOrderLinks );
|
|
|
|
//
|
|
// If this is not the kernel image (ntoskrnl) and not the HAL (hal),
|
|
// then this is a driver, so initialize it.
|
|
//
|
|
|
|
if (RtlEqualString( (PSTRING) &baseName,
|
|
(PSTRING) &driverEntry->FullDllName,
|
|
TRUE )) {
|
|
status = STATUS_IMAGE_ALREADY_LOADED;
|
|
ExReleaseResourceLite( &PsLoadedModuleResource );
|
|
|
|
IopBootLog(&baseName, TRUE);
|
|
baseName.Buffer = NULL;
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
nextEntry = nextEntry->Flink;
|
|
}
|
|
ExReleaseResourceLite( &PsLoadedModuleResource );
|
|
|
|
//
|
|
// This driver has not already been loaded by the OS loader. Form the
|
|
// full path name for this driver.
|
|
//
|
|
|
|
status = IopBuildFullDriverPath(&serviceName, KeyHandle, &baseName);
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
baseName.Buffer = NULL;
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
//
|
|
// Now get the name of the driver object.
|
|
//
|
|
|
|
status = IopGetDriverNameFromKeyNode( KeyHandle,
|
|
&driverName );
|
|
if (!NT_SUCCESS( status )) {
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
InitializeObjectAttributes( &objectAttributes,
|
|
&driverName,
|
|
OBJ_PERMANENT,
|
|
(HANDLE) NULL,
|
|
(PSECURITY_DESCRIPTOR) NULL );
|
|
|
|
//
|
|
// Load the driver image into memory. If this fails partway through
|
|
// the operation, then it will automatically be unloaded.
|
|
//
|
|
|
|
status = MmLoadSystemImage( &baseName,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
§ionPointer,
|
|
(PVOID *) &imageBaseAddress );
|
|
|
|
if (!NT_SUCCESS( status )) {
|
|
|
|
//
|
|
// If the image was not already loaded then exit.
|
|
//
|
|
|
|
if (status != STATUS_IMAGE_ALREADY_LOADED) {
|
|
|
|
IopBootLog(&baseName, FALSE);
|
|
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
//
|
|
// Open the driver object.
|
|
//
|
|
|
|
status = ObOpenObjectByName( &objectAttributes,
|
|
IoDriverObjectType,
|
|
KernelMode,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
&driverHandle );
|
|
|
|
|
|
if (!NT_SUCCESS( status )) {
|
|
|
|
IopBootLog(&baseName, FALSE);
|
|
|
|
if (status == STATUS_OBJECT_NAME_NOT_FOUND) {
|
|
|
|
//
|
|
// Adjust the exit code so that we can distinguish drivers that
|
|
// aren't present from drivers that are present but have had
|
|
// their driver objects made temporary.
|
|
//
|
|
status = STATUS_DRIVER_FAILED_PRIOR_UNLOAD;
|
|
}
|
|
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
//
|
|
// Reference the handle and obtain a pointer to the driver object so that
|
|
// the handle can be deleted without the object going away.
|
|
//
|
|
|
|
status = ObReferenceObjectByHandle( driverHandle,
|
|
0,
|
|
IoDriverObjectType,
|
|
KeGetPreviousMode(),
|
|
(PVOID *) &driverObject,
|
|
(POBJECT_HANDLE_INFORMATION) NULL );
|
|
NtClose( driverHandle );
|
|
|
|
if (!NT_SUCCESS( status )) {
|
|
IopBootLog(&baseName, FALSE);
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
|
|
status = IopResurrectDriver( driverObject );
|
|
|
|
//
|
|
// Regardless of the status the driver object should be dereferenced.
|
|
// if the unload has already run then driver is almost gone. If
|
|
// the driver has been resurrected then the I/O system still has its
|
|
// original reference.
|
|
//
|
|
|
|
ObDereferenceObject( driverObject );
|
|
IopBootLog(&baseName, FALSE);
|
|
goto IopLoadExit;
|
|
} else {
|
|
|
|
ntHeaders = RtlImageNtHeader( imageBaseAddress );
|
|
|
|
//
|
|
// Check should this driver be loaded. If yes, the enum subkey
|
|
// of the service will be prepared.
|
|
//
|
|
|
|
status = IopPrepareDriverLoading (&serviceName, KeyHandle, imageBaseAddress, IsFilter);
|
|
if (!NT_SUCCESS(status)) {
|
|
MmUnloadSystemImage(sectionPointer);
|
|
IopBootLog(&baseName, FALSE);
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// The driver image has now been loaded into memory. Create the driver
|
|
// object that represents this image.
|
|
//
|
|
|
|
status = ObCreateObject( KeGetPreviousMode(),
|
|
IoDriverObjectType,
|
|
&objectAttributes,
|
|
KernelMode,
|
|
(PVOID) NULL,
|
|
(ULONG) (sizeof( DRIVER_OBJECT ) + sizeof ( DRIVER_EXTENSION )),
|
|
0,
|
|
0,
|
|
(PVOID *) &driverObject );
|
|
|
|
if (!NT_SUCCESS( status )) {
|
|
IopBootLog(&baseName, FALSE);
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
//
|
|
// Initialize this driver object and insert it into the object table.
|
|
//
|
|
|
|
RtlZeroMemory( driverObject, sizeof( DRIVER_OBJECT ) + sizeof ( DRIVER_EXTENSION) );
|
|
driverObject->DriverExtension = (PDRIVER_EXTENSION) (driverObject + 1);
|
|
driverObject->DriverExtension->DriverObject = driverObject;
|
|
|
|
for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++) {
|
|
driverObject->MajorFunction[i] = IopInvalidDeviceRequest;
|
|
}
|
|
|
|
driverObject->Type = IO_TYPE_DRIVER;
|
|
driverObject->Size = sizeof( DRIVER_OBJECT );
|
|
ntHeaders = RtlImageNtHeader( imageBaseAddress );
|
|
entryPoint = ntHeaders->OptionalHeader.AddressOfEntryPoint;
|
|
entryPoint += (ULONG_PTR) imageBaseAddress;
|
|
if (!(ntHeaders->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_WDM_DRIVER)) {
|
|
driverObject->Flags |= DRVO_LEGACY_DRIVER;
|
|
}
|
|
driverObject->DriverInit = (PDRIVER_INITIALIZE) entryPoint;
|
|
driverObject->DriverSection = sectionPointer;
|
|
driverObject->DriverStart = imageBaseAddress;
|
|
driverObject->DriverSize = ntHeaders->OptionalHeader.SizeOfImage;
|
|
|
|
status = ObInsertObject( driverObject,
|
|
(PACCESS_STATE) NULL,
|
|
FILE_READ_DATA,
|
|
0,
|
|
(PVOID *) NULL,
|
|
&driverHandle );
|
|
if (!NT_SUCCESS( status )) {
|
|
IopBootLog(&baseName, FALSE);
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
//
|
|
// Reference the handle and obtain a pointer to the driver object so that
|
|
// the handle can be deleted without the object going away.
|
|
//
|
|
|
|
status = ObReferenceObjectByHandle( driverHandle,
|
|
0,
|
|
IoDriverObjectType,
|
|
KeGetPreviousMode(),
|
|
(PVOID *) &driverObject,
|
|
(POBJECT_HANDLE_INFORMATION) NULL );
|
|
|
|
ASSERT(status == STATUS_SUCCESS);
|
|
|
|
NtClose( driverHandle );
|
|
|
|
//
|
|
// Load the Registry information in the appropriate fields of the device
|
|
// object.
|
|
//
|
|
|
|
driverObject->HardwareDatabase =
|
|
&CmRegistryMachineHardwareDescriptionSystemName;
|
|
|
|
//
|
|
// Store the name of the device driver in the driver object so that it
|
|
// can be easily found by the error log thread.
|
|
//
|
|
|
|
driverObject->DriverName.Buffer = ExAllocatePool( PagedPool,
|
|
driverName.MaximumLength );
|
|
if (driverObject->DriverName.Buffer) {
|
|
driverObject->DriverName.MaximumLength = driverName.MaximumLength;
|
|
driverObject->DriverName.Length = driverName.Length;
|
|
|
|
RtlCopyMemory( driverObject->DriverName.Buffer,
|
|
driverName.Buffer,
|
|
driverName.MaximumLength );
|
|
}
|
|
|
|
//
|
|
// Query the name of the registry path for this driver so that it can
|
|
// be passed to the driver.
|
|
//
|
|
|
|
registryPath = ExAllocatePool( NonPagedPool, PAGE_SIZE );
|
|
if (!registryPath) {
|
|
ObMakeTemporaryObject( driverObject );
|
|
ObDereferenceObject( driverObject );
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
status = NtQueryObject( KeyHandle,
|
|
ObjectNameInformation,
|
|
registryPath,
|
|
PAGE_SIZE,
|
|
&i );
|
|
if (!NT_SUCCESS( status )) {
|
|
ObMakeTemporaryObject( driverObject );
|
|
ObDereferenceObject( driverObject );
|
|
ExFreePool( registryPath );
|
|
goto IopLoadExit;
|
|
}
|
|
|
|
#if DBG
|
|
KeQuerySystemTime (&stime);
|
|
#endif
|
|
|
|
//
|
|
// Store the service key name of the device driver in the driver object
|
|
//
|
|
|
|
if (serviceName.Buffer) {
|
|
driverObject->DriverExtension->ServiceKeyName.Buffer =
|
|
ExAllocatePool( NonPagedPool, serviceName.MaximumLength );
|
|
if (driverObject->DriverExtension->ServiceKeyName.Buffer) {
|
|
driverObject->DriverExtension->ServiceKeyName.MaximumLength = serviceName.MaximumLength;
|
|
driverObject->DriverExtension->ServiceKeyName.Length = serviceName.Length;
|
|
|
|
RtlCopyMemory( driverObject->DriverExtension->ServiceKeyName.Buffer,
|
|
serviceName.Buffer,
|
|
serviceName.MaximumLength );
|
|
}
|
|
}
|
|
|
|
//
|
|
// Now invoke the driver's initialization routine to initialize itself.
|
|
//
|
|
|
|
status = driverObject->DriverInit( driverObject, ®istryPath->Name );
|
|
|
|
*DriverEntryStatus = status;
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
status = STATUS_FAILED_DRIVER_ENTRY;
|
|
}
|
|
|
|
#if DBG
|
|
|
|
//
|
|
// If DriverInit took longer than 5 seconds, print a message.
|
|
//
|
|
|
|
KeQuerySystemTime (&etime);
|
|
dtime = (ULONG) ((etime.QuadPart - stime.QuadPart) / 1000000);
|
|
|
|
if (dtime > 50) {
|
|
DbgPrint( "IOLOAD: Driver %wZ took %d.%ds to %s\n",
|
|
&driverName,
|
|
dtime/10,
|
|
dtime%10,
|
|
NT_SUCCESS(status) ? "initialize" : "fail initialization"
|
|
);
|
|
|
|
}
|
|
#endif
|
|
|
|
//
|
|
// Workaround for broken NT 4.0 3D labs driver
|
|
// They zero out some function table entries by mistake.
|
|
|
|
for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++) {
|
|
if (driverObject->MajorFunction[i] == NULL) {
|
|
ASSERT(driverObject->MajorFunction[i] != NULL);
|
|
driverObject->MajorFunction[i] = IopInvalidDeviceRequest;
|
|
}
|
|
}
|
|
|
|
//
|
|
// If DriverInit doesn't work, then simply unload the image and mark the driver
|
|
// object as temporary. This will cause everything to be deleted.
|
|
//
|
|
|
|
ExFreePool( registryPath );
|
|
|
|
//
|
|
// If we load the driver because we think it is a legacy driver and
|
|
// it does not create any device object in its DriverEntry. We will
|
|
// unload this driver.
|
|
//
|
|
|
|
if (NT_SUCCESS(status) && !IopIsLegacyDriver(driverObject)) {
|
|
|
|
status = IopPnpDriverStarted(driverObject, KeyHandle, &serviceName);
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
if (driverObject->DriverUnload) {
|
|
driverObject->Flags |= DRVO_UNLOAD_INVOKED;
|
|
driverObject->DriverUnload(driverObject);
|
|
IopBootLog(&baseName, FALSE);
|
|
} else {
|
|
#if DBG
|
|
DbgPrint("IopLoadDriver: A PnP driver %wZ does not support DriverUnload routine.\n", &driverName);
|
|
// ASSERT(0);
|
|
#endif
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!NT_SUCCESS( status )) {
|
|
ObMakeTemporaryObject( driverObject );
|
|
ObDereferenceObject( driverObject );
|
|
} else {
|
|
|
|
//
|
|
// Free the memory occupied by the driver's initialization routines.
|
|
//
|
|
|
|
IopBootLog(&baseName, TRUE);
|
|
MmFreeDriverInitialization( driverObject->DriverSection );
|
|
IopReadyDeviceObjects( driverObject );
|
|
}
|
|
|
|
IopLoadExit:
|
|
|
|
if (NT_SUCCESS(status) || (status == STATUS_IMAGE_ALREADY_LOADED)) {
|
|
HeadlessKernelAddLogEntry(HEADLESS_LOG_LOAD_SUCCESSFUL, NULL);
|
|
} else {
|
|
HeadlessKernelAddLogEntry(HEADLESS_LOG_LOAD_FAILED, NULL);
|
|
}
|
|
|
|
//
|
|
// Free any pool that was allocated by this routine that has not yet
|
|
// been freed.
|
|
//
|
|
|
|
if (driverName.Buffer != NULL) {
|
|
ExFreePool( driverName.Buffer );
|
|
}
|
|
|
|
if (keyBasicInformation != NULL) {
|
|
ExFreePool( keyBasicInformation );
|
|
}
|
|
|
|
if (serviceName.Buffer != NULL) {
|
|
ExFreePool(serviceName.Buffer);
|
|
}
|
|
|
|
if (baseName.Buffer != NULL) {
|
|
ExFreePool(baseName.Buffer);
|
|
}
|
|
|
|
//
|
|
// If this routine is about to return a failure, then let the Configuration
|
|
// Manager know about it. But, if STATUS_PLUGPLAY_NO_DEVICE, the device was
|
|
// disabled by hardware profile. In this case we don't need to report it.
|
|
//
|
|
|
|
if (!NT_SUCCESS( status ) && (status != STATUS_PLUGPLAY_NO_DEVICE)) {
|
|
|
|
NTSTATUS lStatus;
|
|
PULONG errorControl;
|
|
PKEY_VALUE_FULL_INFORMATION keyValueInformation;
|
|
|
|
if (status != STATUS_IMAGE_ALREADY_LOADED) {
|
|
|
|
//
|
|
// If driver was loaded, do not call IopDriverLoadingFailed to change
|
|
// the driver loading status. Because, obviously, the driver is
|
|
// running.
|
|
//
|
|
|
|
IopDriverLoadingFailed(KeyHandle, NULL);
|
|
lStatus = IopGetRegistryValue( KeyHandle,
|
|
L"ErrorControl",
|
|
&keyValueInformation );
|
|
if (!NT_SUCCESS( lStatus ) || !keyValueInformation->DataLength) {
|
|
if (NT_SUCCESS( lStatus )) {
|
|
ExFreePool( keyValueInformation );
|
|
}
|
|
} else {
|
|
errorControl = (PULONG) ((PUCHAR) keyValueInformation + keyValueInformation->DataOffset);
|
|
CmBootLastKnownGood( *errorControl );
|
|
ExFreePool( keyValueInformation );
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Close the caller's handle and return the final status from the load
|
|
// operation.
|
|
//
|
|
|
|
NtClose( KeyHandle );
|
|
return status;
|
|
}
|
|
|
|
|
|
PDEVICE_OBJECT
|
|
IopGetDeviceAttachmentBase(
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine returns the lowest level device object associated with
|
|
the specified device.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Supplies a pointer to the device for which the bottom of
|
|
attachment chain is to be found.
|
|
|
|
Return Value:
|
|
|
|
The function value is a reference to the lowest level device attached
|
|
to the specified device. If the supplied device object is that device
|
|
object, then a pointer to it is returned.
|
|
|
|
N.B. Caller must own the IopDatabaseLock.
|
|
|
|
--*/
|
|
|
|
{
|
|
PDEVICE_OBJECT baseDeviceObject;
|
|
PDEVOBJ_EXTENSION deviceExtension;
|
|
|
|
//
|
|
// Descend down the attachment chain until we find a device object
|
|
// that isn't attached to anything else.
|
|
//
|
|
|
|
baseDeviceObject = DeviceObject;
|
|
deviceExtension = baseDeviceObject->DeviceObjectExtension;
|
|
while (deviceExtension->AttachedTo != NULL) {
|
|
|
|
baseDeviceObject = deviceExtension->AttachedTo;
|
|
deviceExtension = baseDeviceObject->DeviceObjectExtension;
|
|
}
|
|
|
|
return baseDeviceObject;
|
|
}
|
|
|
|
|
|
|
|
VOID
|
|
IopDecrementDeviceObjectRef(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN BOOLEAN AlwaysUnload,
|
|
IN BOOLEAN OnCleanStack
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
The routine decrements the reference count on a device object. If the
|
|
reference count goes to zero and the device object is a candidate for deletion
|
|
then IopCompleteUnloadOrDelete is called. A device object is subject for
|
|
deletion if the AlwaysUnload flag is true, or the device object is pending
|
|
deletion or the driver is pending unload.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Supplies the device object whose reference count is to be
|
|
decremented.
|
|
|
|
AlwaysUnload - Indicates if the driver should be unloaded regardless of the
|
|
state of the unload flag.
|
|
|
|
OnCleanStack - Indicates whether the current thread is in the middle a
|
|
driver operation.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
{
|
|
KIRQL irql;
|
|
|
|
//
|
|
// Decrement the reference count on the device object. If this is the last
|
|
// last reason that this mini-file system recognizer needs to stay around,
|
|
// then unload it.
|
|
//
|
|
|
|
irql = KeAcquireQueuedSpinLock( LockQueueIoDatabaseLock );
|
|
|
|
ASSERT( DeviceObject->ReferenceCount > 0 );
|
|
|
|
DeviceObject->ReferenceCount--;
|
|
|
|
if (!DeviceObject->ReferenceCount && (AlwaysUnload ||
|
|
DeviceObject->DeviceObjectExtension->ExtensionFlags &
|
|
(DOE_DELETE_PENDING | DOE_UNLOAD_PENDING | DOE_REMOVE_PENDING))) {
|
|
|
|
IopCompleteUnloadOrDelete( DeviceObject, OnCleanStack, irql );
|
|
} else {
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
}
|
|
|
|
}
|
|
|
|
VOID
|
|
IopLoadFileSystemDriver(
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked when a mini-file system recognizer driver recognizes
|
|
a volume as being a particular file system, but the driver for that file
|
|
system has not yet been loaded. This function allows the mini-driver to
|
|
load the real file system, and remove itself from the system, so that the
|
|
real file system can mount the device in question.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Registered file system device object for the mini-driver.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
KEVENT event;
|
|
NTSTATUS status;
|
|
IO_STATUS_BLOCK ioStatus;
|
|
PIRP irp;
|
|
PIO_STACK_LOCATION irpSp;
|
|
PDEVICE_OBJECT attachedDevice;
|
|
|
|
PAGED_CODE();
|
|
|
|
attachedDevice = DeviceObject;
|
|
while (attachedDevice->AttachedDevice) {
|
|
attachedDevice = attachedDevice->AttachedDevice;
|
|
}
|
|
|
|
//
|
|
// Begin by building an I/O Request Packet to have the mini-file system
|
|
// driver load the real file system.
|
|
//
|
|
|
|
KeInitializeEvent( &event, NotificationEvent, FALSE );
|
|
|
|
irp = IoBuildDeviceIoControlRequest( IRP_MJ_DEVICE_CONTROL,
|
|
attachedDevice,
|
|
(PVOID) NULL,
|
|
0,
|
|
(PVOID) NULL,
|
|
0,
|
|
FALSE,
|
|
&event,
|
|
&ioStatus );
|
|
if (irp) {
|
|
|
|
//
|
|
// Change the actual major and minor function codes to be a file system
|
|
// control with a minor function code of load FS driver.
|
|
//
|
|
|
|
irpSp = IoGetNextIrpStackLocation( irp );
|
|
irpSp->MajorFunction = IRP_MJ_FILE_SYSTEM_CONTROL;
|
|
irpSp->MinorFunction = IRP_MN_LOAD_FILE_SYSTEM;
|
|
|
|
//
|
|
// Now issue the request.
|
|
//
|
|
|
|
status = IoCallDriver( attachedDevice, irp );
|
|
if (status == STATUS_PENDING) {
|
|
(VOID) KeWaitForSingleObject( &event,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
}
|
|
}
|
|
|
|
//
|
|
// Decrement the reference count on the device object. If this is the last
|
|
// last reason that this mini-file system recognizer needs to stay around,
|
|
// then unload it.
|
|
//
|
|
|
|
IopDecrementDeviceObjectRef(DeviceObject, TRUE, TRUE);
|
|
|
|
return;
|
|
}
|
|
|
|
VOID
|
|
IopLoadUnloadDriver(
|
|
IN PVOID Parameter
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is executed as an EX worker thread routine when a driver is
|
|
to be loaded or unloaded dynamically. It is used because some drivers
|
|
need to create system threads in the context of the system process, which
|
|
cannot be done in the context of the caller of the system service that
|
|
was invoked to load or unload the specified driver.
|
|
|
|
Arguments:
|
|
|
|
Parameter - Pointer to the load packet describing what work is to be
|
|
done.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PLOAD_PACKET loadPacket;
|
|
NTSTATUS status, driverEntryStatus;
|
|
HANDLE keyHandle;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Begin by getting a pointer to the load packet.
|
|
//
|
|
|
|
loadPacket = (PLOAD_PACKET) Parameter;
|
|
|
|
//
|
|
// If the driver object field of the packet is non-NULL, then this is
|
|
// a request to complete the unload of a driver. Simply invoke the
|
|
// driver's unload routine. Note that the final status of the unload
|
|
// is ignored, so it is not set here.
|
|
//
|
|
|
|
if (loadPacket->DriverObject) {
|
|
|
|
loadPacket->DriverObject->DriverUnload( loadPacket->DriverObject );
|
|
status = STATUS_SUCCESS;
|
|
|
|
} else {
|
|
|
|
PLIST_ENTRY entry;
|
|
PREINIT_PACKET reinitEntry;
|
|
|
|
//
|
|
// The driver specified by the DriverServiceName is to be loaded.
|
|
// Begin by opening the registry node for this driver. Note
|
|
// that if this is successful, then the load driver routine is
|
|
// responsible for closing the handle.
|
|
//
|
|
|
|
status = IopOpenRegistryKey( &keyHandle,
|
|
(HANDLE) NULL,
|
|
loadPacket->DriverServiceName,
|
|
KEY_READ,
|
|
FALSE );
|
|
if (NT_SUCCESS( status )) {
|
|
|
|
//
|
|
// Invoke the internal common routine to perform the work.
|
|
// This is the same routine that is used by the I/O system
|
|
// initialization code to load drivers.
|
|
//
|
|
|
|
status = IopLoadDriver( keyHandle, TRUE, FALSE, &driverEntryStatus );
|
|
|
|
if (status == STATUS_FAILED_DRIVER_ENTRY) {
|
|
|
|
status = driverEntryStatus;
|
|
|
|
} else if (status == STATUS_DRIVER_FAILED_PRIOR_UNLOAD) {
|
|
|
|
//
|
|
// Keep legacy behavior (don't change status code)
|
|
//
|
|
status = STATUS_OBJECT_NAME_NOT_FOUND;
|
|
}
|
|
|
|
IopCallDriverReinitializationRoutines();
|
|
}
|
|
}
|
|
|
|
//
|
|
// Set the final status of the load or unload operation, and indicate to
|
|
// the caller that the operation is now complete.
|
|
//
|
|
|
|
loadPacket->FinalStatus = status;
|
|
(VOID) KeSetEvent( &loadPacket->Event, 0, FALSE );
|
|
}
|
|
|
|
NTSTATUS
|
|
IopMountVolume(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN BOOLEAN AllowRawMount,
|
|
IN BOOLEAN DeviceLockAlreadyHeld,
|
|
IN BOOLEAN Alertable,
|
|
OUT PVPB *Vpb
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is used to mount a volume on the specified device. The Volume
|
|
Parameter Block (VPB) for the specified device is a "clean" VPB. That is,
|
|
it indicates that the volume has never been mounted. It is up to the file
|
|
system that eventually mounts the volume to determine whether the volume is,
|
|
or has been, mounted elsewhere.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Pointer to device object on which the volume is to be
|
|
mounted.
|
|
|
|
AllowRawMount - This parameter tells us if we should continue our
|
|
filesystem search to include the Raw file system. This flag will
|
|
only be passed in as TRUE as a result of a DASD open.
|
|
|
|
DeviceLockAlreadyHeld - If TRUE, then the caller has already acquired
|
|
the device lock and we should not attempt to acquire it. This is
|
|
currently passed in as TRUE when called from IoVerifyVolume.
|
|
|
|
Return Value:
|
|
|
|
The function value is a successful status code if a volume was successfully
|
|
mounted on the device. Otherwise, an error code is returned.
|
|
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS status;
|
|
KEVENT event;
|
|
PIRP irp;
|
|
PDEVICE_OBJECT fsDeviceObject;
|
|
PDEVICE_OBJECT attachedDevice;
|
|
PLIST_ENTRY entry;
|
|
PLIST_ENTRY queueHeader;
|
|
IO_STATUS_BLOCK ioStatus;
|
|
PIO_STACK_LOCATION irpSp;
|
|
ULONG extraStack;
|
|
LIST_ENTRY dummy;
|
|
ULONG rawMountOnly;
|
|
ULONG numRegOps;
|
|
PETHREAD CurrentThread;
|
|
|
|
PAGED_CODE();
|
|
|
|
CurrentThread = PsGetCurrentThread ();
|
|
|
|
//
|
|
// Obtain the lock for the device to be mounted. This guarantees that
|
|
// only one thread is attempting to mount (or verify) this particular
|
|
// device at a time.
|
|
//
|
|
|
|
if (!DeviceLockAlreadyHeld) {
|
|
|
|
status = KeWaitForSingleObject( &DeviceObject->DeviceLock,
|
|
Executive,
|
|
KeGetPreviousModeByThread(&CurrentThread->Tcb),
|
|
Alertable,
|
|
(PLARGE_INTEGER) NULL );
|
|
|
|
//
|
|
// If the wait ended because of an alert or an APC, return now
|
|
// without mounting the device. Note that as the wait for the
|
|
// event was unsuccessful, we do not set it on exit.
|
|
//
|
|
|
|
if (status == STATUS_ALERTED || status == STATUS_USER_APC) {
|
|
|
|
return status;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Now acquire the resource database lock for the I/O system to perform this
|
|
// operation. This resource protects access to the file system queue.
|
|
//
|
|
|
|
KeEnterCriticalRegionThread(&CurrentThread->Tcb);
|
|
(VOID) ExAcquireResourceSharedLite( &IopDatabaseResource, TRUE );
|
|
|
|
//
|
|
// Check the 'mounted' flag of the VPB to ensure that it is still clear.
|
|
// If it is, then no one has gotten in before this to mount the volume.
|
|
// Attempt to mount the volume in this case.
|
|
//
|
|
|
|
if ((DeviceObject->Vpb->Flags & (VPB_MOUNTED | VPB_REMOVE_PENDING)) == 0) {
|
|
|
|
//
|
|
// This volume has never been mounted. Initialize the event and set the
|
|
// status to unsuccessful to set up for the loop. Also if the device
|
|
// has the verify bit set, clear it.
|
|
//
|
|
|
|
KeInitializeEvent( &event, NotificationEvent, FALSE );
|
|
status = STATUS_UNSUCCESSFUL;
|
|
DeviceObject->Flags &= ~DO_VERIFY_VOLUME;
|
|
|
|
//
|
|
// Get the actual device that this volume is to be mounted on. This
|
|
// device is the final device in the list of devices which are attached
|
|
// to the specified real device.
|
|
//
|
|
|
|
attachedDevice = DeviceObject;
|
|
while (attachedDevice->AttachedDevice) {
|
|
attachedDevice = attachedDevice->AttachedDevice;
|
|
}
|
|
|
|
//
|
|
// Reference the device object so it cannot go away.
|
|
//
|
|
|
|
ObReferenceObject( attachedDevice );
|
|
|
|
//
|
|
// Determine which type of file system should be invoked based on
|
|
// the device type of the device being mounted.
|
|
//
|
|
|
|
if (DeviceObject->DeviceType == FILE_DEVICE_DISK ||
|
|
DeviceObject->DeviceType == FILE_DEVICE_VIRTUAL_DISK) {
|
|
queueHeader = &IopDiskFileSystemQueueHead;
|
|
} else if (DeviceObject->DeviceType == FILE_DEVICE_CD_ROM) {
|
|
queueHeader = &IopCdRomFileSystemQueueHead;
|
|
} else {
|
|
queueHeader = &IopTapeFileSystemQueueHead;
|
|
}
|
|
|
|
rawMountOnly = (DeviceObject->Vpb->Flags & VPB_RAW_MOUNT);
|
|
|
|
//
|
|
// Now loop through each of the file systems which have been loaded in
|
|
// the system to see whether anyone understands the media in the device.
|
|
//
|
|
|
|
for (entry = queueHeader->Flink;
|
|
entry != queueHeader && !NT_SUCCESS( status );
|
|
entry = entry->Flink) {
|
|
|
|
PDEVICE_OBJECT savedFsDeviceObject;
|
|
|
|
//
|
|
// If this is the final entry (Raw file system), and it is also
|
|
// not the first entry, and a raw mount is not permitted, then
|
|
// break out of the loop at this point, as this volume cannot
|
|
// be mounted for the caller's purposes.
|
|
//
|
|
|
|
if (!AllowRawMount && entry->Flink == queueHeader && entry != queueHeader->Flink) {
|
|
break;
|
|
}
|
|
|
|
//
|
|
// If raw mount is the only one requested and this is not the last entry on the list
|
|
// then skip.
|
|
//
|
|
if (rawMountOnly && (entry->Flink != queueHeader)) {
|
|
continue;
|
|
}
|
|
|
|
fsDeviceObject = CONTAINING_RECORD( entry, DEVICE_OBJECT, Queue.ListEntry );
|
|
savedFsDeviceObject = fsDeviceObject;
|
|
|
|
//
|
|
// It is possible that the file system has been attached to, so
|
|
// walk the attached list for the file system. The number of stack
|
|
// locations that must be allocated in the IRP must include one for
|
|
// the file system itself, and then one for each driver that is
|
|
// attached to it. Account for all of the stack locations required
|
|
// to get through the mount process.
|
|
//
|
|
|
|
extraStack = 1;
|
|
|
|
while (fsDeviceObject->AttachedDevice) {
|
|
fsDeviceObject = fsDeviceObject->AttachedDevice;
|
|
extraStack++;
|
|
}
|
|
|
|
//
|
|
// Another file system has been found and the volume has still not
|
|
// been mounted. Attempt to mount the volume using this file
|
|
// system.
|
|
//
|
|
// Begin by resetting the event being used for synchronization with
|
|
// the I/O operation.
|
|
//
|
|
|
|
KeClearEvent( &event );
|
|
|
|
//
|
|
// Allocate and initialize an IRP for this mount operation. Notice
|
|
// that the flags for this operation appear the same as a page read
|
|
// operation. This is because the completion code for both of the
|
|
// operations is exactly the same logic.
|
|
//
|
|
|
|
irp = IoAllocateIrp ((CCHAR) (attachedDevice->StackSize + extraStack), FALSE);
|
|
|
|
if ( !irp ) {
|
|
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
break;
|
|
}
|
|
|
|
irp->Flags = IRP_MOUNT_COMPLETION | IRP_SYNCHRONOUS_PAGING_IO;
|
|
irp->RequestorMode = KernelMode;
|
|
irp->UserEvent = &event;
|
|
irp->UserIosb = &ioStatus;
|
|
irp->Tail.Overlay.Thread = CurrentThread;
|
|
irpSp = IoGetNextIrpStackLocation( irp );
|
|
irpSp->MajorFunction = IRP_MJ_FILE_SYSTEM_CONTROL;
|
|
irpSp->MinorFunction = IRP_MN_MOUNT_VOLUME;
|
|
irpSp->Flags = AllowRawMount;
|
|
irpSp->Parameters.MountVolume.Vpb = DeviceObject->Vpb;
|
|
irpSp->Parameters.MountVolume.DeviceObject = attachedDevice;
|
|
|
|
numRegOps = IopFsRegistrationOps;
|
|
|
|
//
|
|
// Increment the number of reasons that this driver cannot
|
|
// be unloaded. Note that this must be done while still
|
|
// holding the database resource.
|
|
//
|
|
|
|
IopInterlockedIncrementUlong( LockQueueIoDatabaseLock,
|
|
&savedFsDeviceObject->ReferenceCount );
|
|
|
|
ExReleaseResourceLite( &IopDatabaseResource );
|
|
KeLeaveCriticalRegionThread(&CurrentThread->Tcb);
|
|
|
|
status = IoCallDriver( fsDeviceObject, irp );
|
|
|
|
//
|
|
// Wait for the I/O operation to complete.
|
|
//
|
|
|
|
if (status == STATUS_PENDING) {
|
|
(VOID) KeWaitForSingleObject( &event,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
} else {
|
|
|
|
//
|
|
// Ensure that the proper status value gets picked up.
|
|
//
|
|
|
|
ioStatus.Status = status;
|
|
ioStatus.Information = 0;
|
|
}
|
|
|
|
KeEnterCriticalRegionThread(&CurrentThread->Tcb);
|
|
(VOID) ExAcquireResourceSharedLite( &IopDatabaseResource, TRUE );
|
|
|
|
|
|
//
|
|
// Decrement the number of reasons that this driver cannot be unloaded.
|
|
// If the device object is for FSREC it could not have gotten de-registered
|
|
// here. It should get de-registered only at the time of loading the driver
|
|
// which should happen later.
|
|
//
|
|
|
|
IopInterlockedDecrementUlong( LockQueueIoDatabaseLock,
|
|
&savedFsDeviceObject->ReferenceCount );
|
|
|
|
//
|
|
// If the operation was successful then set the VPB as mounted.
|
|
//
|
|
|
|
if (NT_SUCCESS( ioStatus.Status )) {
|
|
|
|
status = ioStatus.Status;
|
|
|
|
*Vpb = IopMountInitializeVpb(DeviceObject, attachedDevice, rawMountOnly);
|
|
|
|
} else {
|
|
|
|
//
|
|
// The mount operation failed. Make a special check here to
|
|
// determine whether or not a popup was enabled, and if so,
|
|
// check to see whether or not the operation was to be aborted.
|
|
// If so, bail out now and return the error to the caller.
|
|
//
|
|
|
|
status = ioStatus.Status;
|
|
if (IoIsErrorUserInduced(status) &&
|
|
ioStatus.Information == IOP_ABORT) {
|
|
break;
|
|
}
|
|
|
|
//
|
|
// If there were any registrations or unregistrations during the period
|
|
// we unlocked the database resource bail out and start all over again.
|
|
//
|
|
|
|
if (numRegOps != IopFsRegistrationOps) {
|
|
|
|
//
|
|
// Reset the list back to the beginning and start over
|
|
// again.
|
|
//
|
|
|
|
dummy.Flink = queueHeader->Flink;
|
|
entry = &dummy;
|
|
status = STATUS_UNRECOGNIZED_VOLUME;
|
|
}
|
|
|
|
//
|
|
// Also check to see whether or not this is a volume that has
|
|
// been recognized, but the file system for it needs to be
|
|
// loaded. If so, drop the locks held at this point, tell the
|
|
// mini-file system recognizer to load the driver, and then
|
|
// reacquire the locks.
|
|
//
|
|
|
|
if (status == STATUS_FS_DRIVER_REQUIRED) {
|
|
|
|
//
|
|
// Increment the number of reasons that this driver cannot
|
|
// be unloaded. Note that this must be done while still
|
|
// holding the database resource.
|
|
//
|
|
|
|
IopInterlockedIncrementUlong( LockQueueIoDatabaseLock,
|
|
&savedFsDeviceObject->ReferenceCount );
|
|
|
|
ExReleaseResourceLite( &IopDatabaseResource );
|
|
KeLeaveCriticalRegionThread(&CurrentThread->Tcb);
|
|
|
|
if (!DeviceLockAlreadyHeld) {
|
|
KeSetEvent( &DeviceObject->DeviceLock, 0, FALSE );
|
|
}
|
|
IopLoadFileSystemDriver( savedFsDeviceObject );
|
|
|
|
//
|
|
// Now reacquire the locks, in the correct order, and check
|
|
// to see if the volume has been mounted before we could
|
|
// get back. If so, exit; otherwise, restart the file
|
|
// file system queue scan from the beginning.
|
|
//
|
|
|
|
if (!DeviceLockAlreadyHeld) {
|
|
status = KeWaitForSingleObject( &DeviceObject->DeviceLock,
|
|
Executive,
|
|
KeGetPreviousModeByThread(&CurrentThread->Tcb),
|
|
Alertable,
|
|
(PLARGE_INTEGER) NULL );
|
|
if (status == STATUS_ALERTED || status == STATUS_USER_APC) {
|
|
|
|
//
|
|
// The device was not mounted by us so
|
|
// drop the reference before returning.
|
|
//
|
|
|
|
ObDereferenceObject( attachedDevice );
|
|
|
|
return status;
|
|
}
|
|
}
|
|
|
|
KeEnterCriticalRegionThread(&CurrentThread->Tcb);
|
|
(VOID) ExAcquireResourceSharedLite( &IopDatabaseResource, TRUE );
|
|
|
|
if (DeviceObject->Vpb->Flags & VPB_MOUNTED) {
|
|
|
|
//
|
|
// This volume was mounted before we got back.
|
|
// Hence deref the attachedDevice as the other thread
|
|
// that got the reference is the one that's going to be
|
|
// used by the filesystem.
|
|
//
|
|
|
|
ObDereferenceObject( attachedDevice );
|
|
status = STATUS_SUCCESS;
|
|
break;
|
|
}
|
|
|
|
//
|
|
// Reset the list back to the beginning and start over
|
|
// again.
|
|
//
|
|
|
|
dummy.Flink = queueHeader->Flink;
|
|
entry = &dummy;
|
|
status = STATUS_UNRECOGNIZED_VOLUME;
|
|
}
|
|
|
|
//
|
|
// If the error wasn't STATUS_UNRECOGNIZED_VOLUME, and this
|
|
// request is not going to the Raw file system, then there
|
|
// is no reason to continue looping.
|
|
//
|
|
|
|
if (!AllowRawMount && (status != STATUS_UNRECOGNIZED_VOLUME) &&
|
|
FsRtlIsTotalDeviceFailure(status)) {
|
|
break;
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
//
|
|
// The device was not mounted by us so
|
|
// drop the reference.
|
|
//
|
|
|
|
ObDereferenceObject( attachedDevice );
|
|
|
|
}
|
|
|
|
} else if((DeviceObject->Vpb->Flags & VPB_REMOVE_PENDING) != 0) {
|
|
|
|
//
|
|
// Pnp is attempting to remove this volume. Don't allow the mount.
|
|
//
|
|
|
|
status = STATUS_DEVICE_DOES_NOT_EXIST;
|
|
|
|
} else {
|
|
|
|
//
|
|
// The volume for this device has already been mounted. Return a
|
|
// success code.
|
|
//
|
|
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
|
|
ExReleaseResourceLite( &IopDatabaseResource );
|
|
KeLeaveCriticalRegionThread(&CurrentThread->Tcb);
|
|
|
|
//
|
|
// Release the I/O database resource lock and the synchronization event for
|
|
// the device.
|
|
//
|
|
|
|
if (!DeviceLockAlreadyHeld) {
|
|
KeSetEvent( &DeviceObject->DeviceLock, 0, FALSE );
|
|
}
|
|
|
|
//
|
|
// Finally, if the mount operation failed, and the target device is the
|
|
// boot partition, then bugcheck the system. It is not possible for the
|
|
// system to run properly if the system's boot partition cannot be mounted.
|
|
//
|
|
// Note: Don't bugcheck if the system is already booted.
|
|
//
|
|
|
|
if (!NT_SUCCESS( status ) &&
|
|
DeviceObject->Flags & DO_SYSTEM_BOOT_PARTITION &&
|
|
InitializationPhase < 2) {
|
|
KeBugCheckEx( UNMOUNTABLE_BOOT_VOLUME, (ULONG_PTR) DeviceObject, status, 0, 0 );
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
IopInvalidateVolumesForDevice(
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is used to force filesystems to, as completely as possible, throw
|
|
out volumes which remain referenced for a given device.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Pointer to device object for which volumes are to be
|
|
invalidated.
|
|
|
|
Return Value:
|
|
|
|
The function value is a successful status code if all filesystems accepted the
|
|
operation. Otherwise, an error code is returned.
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS status;
|
|
NTSTATUS finalStatus;
|
|
KEVENT event;
|
|
PIRP irp;
|
|
PDEVICE_OBJECT fsDeviceObject;
|
|
PDEVICE_OBJECT attachedDevice;
|
|
PFILE_OBJECT storageFileObject;
|
|
HANDLE storageHandle;
|
|
PLIST_ENTRY entry;
|
|
PLIST_ENTRY queueHeader;
|
|
IO_STATUS_BLOCK ioStatus;
|
|
PIO_STACK_LOCATION irpSp;
|
|
PKTHREAD CurrentThread;
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
//
|
|
// Get the actual device that could be mounted on.
|
|
// Note that there could be multiple device objects on the stack that has a
|
|
// VPB and could be potentially mounted on by FS. So we call the FS with every
|
|
// device object that has a VPB. This is really a stupid brute force approach but
|
|
// this is not a high performance path and is backwards compatible.
|
|
//
|
|
|
|
for (attachedDevice = DeviceObject ;attachedDevice; attachedDevice = attachedDevice->AttachedDevice) {
|
|
|
|
//
|
|
// If the device object has no VPB skip.
|
|
//
|
|
|
|
if (!attachedDevice->Vpb) {
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// Synchronize against mounts.
|
|
//
|
|
|
|
KeWaitForSingleObject(&(attachedDevice->DeviceLock),
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
NULL);
|
|
//
|
|
// Get a handle to this device for use in the fsctl. The way we have to do
|
|
// this is kind of loopy: note we wind up with two references to clean up.
|
|
//
|
|
// The only use of this fileobject/handle is to communicate the device to
|
|
// invalidate volumes on. It isn't used for anything else, and must not be.
|
|
//
|
|
|
|
try {
|
|
|
|
storageFileObject = NULL;
|
|
storageFileObject = IoCreateStreamFileObjectLite( NULL, attachedDevice );
|
|
storageFileObject->Vpb = attachedDevice->Vpb;
|
|
|
|
storageHandle = NULL;
|
|
status = ObOpenObjectByPointer( storageFileObject,
|
|
OBJ_KERNEL_HANDLE,
|
|
NULL,
|
|
0,
|
|
IoFileObjectType,
|
|
KernelMode,
|
|
&storageHandle );
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
status = GetExceptionCode();
|
|
}
|
|
|
|
if (NT_SUCCESS( status )) {
|
|
|
|
//
|
|
// Now acquire the resource database lock for the I/O system to perform this
|
|
// operation. This resource protects access to the file system queue.
|
|
//
|
|
|
|
CurrentThread = KeGetCurrentThread ();
|
|
KeEnterCriticalRegionThread(CurrentThread);
|
|
(VOID) ExAcquireResourceSharedLite( &IopDatabaseResource, TRUE );
|
|
|
|
//
|
|
// Determine which type of file system should be invoked based on
|
|
// the device type of the device being invalidated.
|
|
//
|
|
|
|
if (DeviceObject->DeviceType == FILE_DEVICE_DISK ||
|
|
DeviceObject->DeviceType == FILE_DEVICE_VIRTUAL_DISK) {
|
|
queueHeader = &IopDiskFileSystemQueueHead;
|
|
} else if (DeviceObject->DeviceType == FILE_DEVICE_CD_ROM) {
|
|
queueHeader = &IopCdRomFileSystemQueueHead;
|
|
} else {
|
|
queueHeader = &IopTapeFileSystemQueueHead;
|
|
}
|
|
|
|
//
|
|
// Initialize the event and set the status to set up
|
|
// for the loop.
|
|
//
|
|
|
|
KeInitializeEvent( &event, NotificationEvent, FALSE );
|
|
finalStatus = STATUS_SUCCESS;
|
|
|
|
//
|
|
// Now loop through each of the file systems which have been loaded in
|
|
// the system and ask them to invalidate volumes they have had mounted
|
|
// on it.
|
|
//
|
|
|
|
for (entry = queueHeader->Flink;
|
|
entry != queueHeader;
|
|
entry = entry->Flink) {
|
|
|
|
//
|
|
// If this is the final entry (Raw file system), then break out of the
|
|
// loop at this point, as volumes cannot be invalidated for the caller's
|
|
// purposes in Raw.
|
|
//
|
|
|
|
if (entry->Flink == queueHeader) {
|
|
break;
|
|
}
|
|
|
|
fsDeviceObject = CONTAINING_RECORD( entry, DEVICE_OBJECT, Queue.ListEntry );
|
|
|
|
//
|
|
// It is possible that the file system has been attached to, so
|
|
// walk the attached list for the file system.
|
|
//
|
|
|
|
while (fsDeviceObject->AttachedDevice) {
|
|
fsDeviceObject = fsDeviceObject->AttachedDevice;
|
|
}
|
|
|
|
//
|
|
// Another file system has been found. Attempt to invalidate volumes
|
|
// using this file system.
|
|
//
|
|
// Begin by resetting the event being used for synchronization with
|
|
// the I/O operation.
|
|
//
|
|
|
|
KeClearEvent( &event );
|
|
|
|
//
|
|
// Build an IRP for this operation.
|
|
//
|
|
|
|
irp = IoBuildDeviceIoControlRequest( FSCTL_INVALIDATE_VOLUMES,
|
|
fsDeviceObject,
|
|
&storageHandle,
|
|
sizeof(HANDLE),
|
|
NULL,
|
|
0,
|
|
FALSE,
|
|
&event,
|
|
&ioStatus );
|
|
|
|
if (irp == NULL) {
|
|
|
|
finalStatus = STATUS_INSUFFICIENT_RESOURCES;
|
|
break;
|
|
}
|
|
|
|
irpSp = IoGetNextIrpStackLocation( irp );
|
|
irpSp->MajorFunction = IRP_MJ_FILE_SYSTEM_CONTROL;
|
|
|
|
status = IoCallDriver( fsDeviceObject, irp );
|
|
|
|
//
|
|
// Wait for the I/O operation to complete.
|
|
//
|
|
|
|
if (status == STATUS_PENDING) {
|
|
(VOID) KeWaitForSingleObject( &event,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
|
|
status = ioStatus.Status;
|
|
|
|
} else {
|
|
|
|
//
|
|
// Ensure that the proper status value gets picked up.
|
|
//
|
|
|
|
ioStatus.Status = status;
|
|
ioStatus.Information = 0;
|
|
}
|
|
|
|
//
|
|
// Commute status' indicating the operation is not implemented
|
|
// to success. If a filesystem does not implement, it must not
|
|
// hold volumes that are not mounted.
|
|
//
|
|
|
|
if (status == STATUS_INVALID_DEVICE_REQUEST ||
|
|
status == STATUS_NOT_IMPLEMENTED) {
|
|
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
|
|
//
|
|
// Hand back the first failure we get, but plow on anyway.
|
|
//
|
|
|
|
if (NT_SUCCESS( finalStatus ) && !NT_SUCCESS( status )) {
|
|
finalStatus = status;
|
|
}
|
|
}
|
|
|
|
ExReleaseResourceLite( &IopDatabaseResource );
|
|
KeLeaveCriticalRegionThread(CurrentThread);
|
|
|
|
if (storageFileObject) {
|
|
ObDereferenceObject( storageFileObject );
|
|
if (storageHandle) {
|
|
ZwClose( storageHandle ); // Note that this is a close for which the FS has not
|
|
// gotten the corresponding open.
|
|
}
|
|
}
|
|
|
|
//
|
|
// Unlock the device lock to let mounts go
|
|
//
|
|
|
|
KeSetEvent(&(attachedDevice->DeviceLock), IO_NO_INCREMENT, FALSE);
|
|
|
|
status = finalStatus;
|
|
}
|
|
}
|
|
|
|
|
|
return status;
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
IopNotifyPnpWhenChainDereferenced(
|
|
IN PDEVICE_OBJECT *PhysicalDeviceObjects,
|
|
IN ULONG DeviceObjectCount,
|
|
IN BOOLEAN Query,
|
|
OUT PDEVICE_OBJECT *VetoingDevice
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Called by PnP when processing a Surprise Removal or a Query Remove.
|
|
|
|
In the case of Surprise Removal this function will set DOE_REMOVE_PENDING
|
|
in the device extension flags of the each PDO and all its attached devices.
|
|
For each PDO (and its attachment chain) which currently has a zero
|
|
ReferenceCount DOE_REMOVE_PENDING is reset and DOE_REMOVE_PROCESSED is
|
|
set. IopChainDereferenceComplete is then called to notify PnP that
|
|
this PDO is ready for removal.
|
|
|
|
Then as each remaining PDO and its attachment chain's ReferenceCount drops
|
|
to zero IopCheckUnloadOrDelete will call IopChainDereferenceComplete
|
|
(supplied by PnP).
|
|
|
|
In the case of Query Remove this function set DOE_REMOVE_PROCESSED on the
|
|
PDO and all its attached devices to prevent further opens. It also checks
|
|
to see if the ReferenceCount for all the PDOs and their attached devices is
|
|
zero. If so it leaves the DOE_REMOVE_PROCESSED set and returns FALSE. If
|
|
not, it resets the DOE_REMOVE_PROCESSED on all the PDOs and their attached
|
|
devices and returns TRUE.
|
|
|
|
Arguments:
|
|
|
|
PhysicalDeviceObjects List of PDEVICE_OBJECTs for all of the PDOs to be
|
|
checked.
|
|
|
|
DeviceObjectCount Count of PDEVICE_OBJECTs in PhysicalDeviceObjects.
|
|
|
|
Query TRUE if this is for a Query Remove.
|
|
|
|
VetoingDevice Only used for Query Remove, Set to first PDO with a
|
|
ReferenceCount not equal to zero. This is used to
|
|
provide feedback to the user as to why the query
|
|
may have failed.
|
|
|
|
|
|
Return Value:
|
|
|
|
If Query is set then the return value is TRUE if there are outstanding
|
|
opens on any of the PDOs or the attached devices, otherwise FALSE is
|
|
returned.
|
|
|
|
If Query is NOT set then the return value is always TRUE.
|
|
|
|
--*/
|
|
|
|
{
|
|
PDEVOBJ_EXTENSION deviceExtension;
|
|
PDEVICE_OBJECT deviceObject;
|
|
PDEVICE_OBJECT attachedDeviceObject;
|
|
ULONG referenced;
|
|
ULONG pass1SetFlag;
|
|
ULONG pass1ClearFlag;
|
|
LONG i;
|
|
KIRQL irql;
|
|
|
|
irql = KeAcquireQueuedSpinLock( LockQueueIoDatabaseLock );
|
|
|
|
if (Query) {
|
|
pass1SetFlag = DOE_REMOVE_PROCESSED;
|
|
pass1ClearFlag = 0;
|
|
} else {
|
|
pass1SetFlag = DOE_REMOVE_PENDING;
|
|
pass1ClearFlag = DOE_REMOVE_PROCESSED;
|
|
}
|
|
|
|
for (i = 0; i < (LONG)DeviceObjectCount; i++) {
|
|
deviceObject = PhysicalDeviceObjects[i];
|
|
deviceExtension = deviceObject->DeviceObjectExtension;
|
|
|
|
ASSERT( deviceExtension->DeviceNode != NULL );
|
|
|
|
//
|
|
// Assume that at least one device object has a reference. Walk the
|
|
// entire chain marking them with DOE_REMOVE_PENDING.
|
|
//
|
|
|
|
//
|
|
// We don't actually care how many aggregate references there actually
|
|
// are. All we're interested in is whether there are any. So we'll OR
|
|
// them together rather than adding them. That way we don't have to do
|
|
// testing or branching and we don't have to worry about overflow in the
|
|
// highly unlikely event that there are a total of more references than
|
|
// will fit in a ULONG.
|
|
//
|
|
|
|
referenced = 0;
|
|
attachedDeviceObject = deviceObject;
|
|
do {
|
|
deviceExtension = attachedDeviceObject->DeviceObjectExtension;
|
|
|
|
ASSERT(deviceExtension != NULL);
|
|
ASSERT(!(deviceExtension->ExtensionFlags & pass1SetFlag));
|
|
|
|
|
|
deviceExtension->ExtensionFlags &= ~pass1ClearFlag;
|
|
deviceExtension->ExtensionFlags |= pass1SetFlag;
|
|
referenced |= attachedDeviceObject->ReferenceCount;
|
|
|
|
attachedDeviceObject = attachedDeviceObject->AttachedDevice;
|
|
|
|
} while (attachedDeviceObject != NULL);
|
|
|
|
if (!Query && referenced == 0) {
|
|
|
|
//
|
|
// There aren't any outstanding references, retraverse the chain and
|
|
// mark them all DOE_REMOVE_PROCESSED. This will still prevent any
|
|
// opens or attaches from occuring but we won't call
|
|
// IopChainDereferenceComplete in IopCompleteUnloadOrDelete.
|
|
//
|
|
|
|
attachedDeviceObject = deviceObject;
|
|
do {
|
|
deviceExtension = attachedDeviceObject->DeviceObjectExtension;
|
|
|
|
deviceExtension->ExtensionFlags &= ~DOE_REMOVE_PENDING;
|
|
deviceExtension->ExtensionFlags |= DOE_REMOVE_PROCESSED;
|
|
|
|
attachedDeviceObject = attachedDeviceObject->AttachedDevice;
|
|
|
|
} while (attachedDeviceObject != NULL);
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
|
|
IopChainDereferenceComplete( deviceObject, TRUE );
|
|
|
|
irql = KeAcquireQueuedSpinLock( LockQueueIoDatabaseLock );
|
|
} else if (Query && referenced != 0) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (Query && referenced != 0) {
|
|
|
|
if (VetoingDevice != NULL) {
|
|
*VetoingDevice = deviceObject;
|
|
}
|
|
|
|
for (; i >= 0; i--) {
|
|
deviceObject = PhysicalDeviceObjects[i];
|
|
deviceExtension = deviceObject->DeviceObjectExtension;
|
|
|
|
//
|
|
// There are outstanding references, retraverse the chain and
|
|
// unset DOE_REMOVE_PROCESSED.
|
|
//
|
|
|
|
attachedDeviceObject = deviceObject;
|
|
do {
|
|
deviceExtension = attachedDeviceObject->DeviceObjectExtension;
|
|
|
|
deviceExtension->ExtensionFlags &= ~DOE_REMOVE_PROCESSED;
|
|
|
|
attachedDeviceObject = attachedDeviceObject->AttachedDevice;
|
|
|
|
} while (attachedDeviceObject != NULL);
|
|
}
|
|
}
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
|
|
return !Query || referenced != 0;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopOpenLinkOrRenameTarget(
|
|
OUT PHANDLE TargetHandle,
|
|
IN PIRP Irp,
|
|
IN PVOID RenameBuffer,
|
|
IN PFILE_OBJECT FileObject
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked by the rename, set link and set copy-on-write code
|
|
in the I/O system's NtSetInformationFile system service when the caller has
|
|
specified a fully qualified file name as the target of a rename, set link,
|
|
or set copy-on-write operation. This routine attempts to open the parent
|
|
of the specified file and checks the following:
|
|
|
|
o If the file itself exists, then the caller must have specified that
|
|
the target is to be replaced, otherwise an error is returned.
|
|
|
|
o Ensures that the target file specification refers to the same volume
|
|
upon which the source file exists.
|
|
|
|
Arguments:
|
|
|
|
TargetHandle - Supplies the address of a variable to return the handle to
|
|
the opened target file if no errors have occurred.
|
|
|
|
Irp - Supplies a pointer to the IRP that represents the current rename
|
|
request.
|
|
|
|
RenameBuffer - Supplies a pointer to the system intermediate buffer that
|
|
contains the caller's rename parameters.
|
|
|
|
FileObject - Supplies a pointer to the file object representing the file
|
|
being renamed.
|
|
|
|
Return Value:
|
|
|
|
The function value is the final status of the operation.
|
|
|
|
Note:
|
|
|
|
This function assumes that the layout of a rename, set link and set
|
|
copy-on-write information structure are exactly the same.
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS status;
|
|
IO_STATUS_BLOCK ioStatus;
|
|
HANDLE handle;
|
|
OBJECT_ATTRIBUTES objectAttributes;
|
|
UNICODE_STRING newFileName;
|
|
PIO_STACK_LOCATION irpSp;
|
|
PFILE_OBJECT targetFileObject;
|
|
OBJECT_HANDLE_INFORMATION handleInformation;
|
|
PFILE_RENAME_INFORMATION renameBuffer = RenameBuffer;
|
|
FILE_BASIC_INFORMATION basicInformation;
|
|
ACCESS_MASK accessMask;
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT( sizeof( FILE_RENAME_INFORMATION ) ==
|
|
sizeof( FILE_LINK_INFORMATION ) );
|
|
ASSERT( FIELD_OFFSET( FILE_RENAME_INFORMATION, ReplaceIfExists ) ==
|
|
FIELD_OFFSET( FILE_LINK_INFORMATION, ReplaceIfExists ) );
|
|
ASSERT( FIELD_OFFSET( FILE_RENAME_INFORMATION, RootDirectory ) ==
|
|
FIELD_OFFSET( FILE_LINK_INFORMATION, RootDirectory ) );
|
|
ASSERT( FIELD_OFFSET( FILE_RENAME_INFORMATION, FileNameLength ) ==
|
|
FIELD_OFFSET( FILE_LINK_INFORMATION, FileNameLength ) );
|
|
ASSERT( FIELD_OFFSET( FILE_RENAME_INFORMATION, FileName ) ==
|
|
FIELD_OFFSET( FILE_LINK_INFORMATION, FileName ) );
|
|
|
|
ASSERT( sizeof( FILE_RENAME_INFORMATION ) ==
|
|
sizeof( FILE_MOVE_CLUSTER_INFORMATION ) );
|
|
ASSERT( FIELD_OFFSET( FILE_RENAME_INFORMATION, ReplaceIfExists ) ==
|
|
FIELD_OFFSET( FILE_MOVE_CLUSTER_INFORMATION, ClusterCount ) );
|
|
ASSERT( FIELD_OFFSET( FILE_RENAME_INFORMATION, RootDirectory ) ==
|
|
FIELD_OFFSET( FILE_MOVE_CLUSTER_INFORMATION, RootDirectory ) );
|
|
ASSERT( FIELD_OFFSET( FILE_RENAME_INFORMATION, FileNameLength ) ==
|
|
FIELD_OFFSET( FILE_MOVE_CLUSTER_INFORMATION, FileNameLength ) );
|
|
ASSERT( FIELD_OFFSET( FILE_RENAME_INFORMATION, FileName ) ==
|
|
FIELD_OFFSET( FILE_MOVE_CLUSTER_INFORMATION, FileName ) );
|
|
|
|
//
|
|
// Check if the fileobject is a directory or a regular file.
|
|
// The access mask is different based on that behaviour.
|
|
//
|
|
|
|
accessMask = FILE_WRITE_DATA;
|
|
|
|
if (!(FileObject->Flags & FO_DIRECT_DEVICE_OPEN)) {
|
|
status = IopGetBasicInformationFile(FileObject, &basicInformation);
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
return status;
|
|
}
|
|
|
|
if (basicInformation.FileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
|
|
accessMask = FILE_ADD_SUBDIRECTORY;
|
|
}
|
|
}
|
|
|
|
//
|
|
// A fully qualified file name was specified. Begin by attempting to open
|
|
// the parent directory of the specified target file.
|
|
//
|
|
|
|
newFileName.Length = (USHORT) renameBuffer->FileNameLength;
|
|
newFileName.MaximumLength = (USHORT) renameBuffer->FileNameLength;
|
|
newFileName.Buffer = renameBuffer->FileName;
|
|
|
|
InitializeObjectAttributes( &objectAttributes,
|
|
&newFileName,
|
|
(FileObject->Flags & FO_OPENED_CASE_SENSITIVE ? 0 : OBJ_CASE_INSENSITIVE)|OBJ_KERNEL_HANDLE,
|
|
renameBuffer->RootDirectory,
|
|
(PSECURITY_DESCRIPTOR) NULL );
|
|
|
|
//
|
|
// Check if the fileobject is not to the top of the stack.
|
|
//
|
|
|
|
if (FileObject->Flags & FO_FILE_OBJECT_HAS_EXTENSION) {
|
|
|
|
PIOP_FILE_OBJECT_EXTENSION fileObjectExtension =
|
|
(PIOP_FILE_OBJECT_EXTENSION)(FileObject + 1);
|
|
|
|
ASSERT(!(FileObject->Flags & FO_DIRECT_DEVICE_OPEN));
|
|
|
|
status = IoCreateFileSpecifyDeviceObjectHint( &handle,
|
|
accessMask | SYNCHRONIZE,
|
|
&objectAttributes,
|
|
&ioStatus,
|
|
(PLARGE_INTEGER) NULL,
|
|
0,
|
|
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
|
FILE_OPEN,
|
|
FILE_OPEN_FOR_BACKUP_INTENT,
|
|
(PVOID) NULL,
|
|
0L,
|
|
CreateFileTypeNone,
|
|
(PVOID) NULL,
|
|
IO_NO_PARAMETER_CHECKING |
|
|
IO_OPEN_TARGET_DIRECTORY |
|
|
IO_FORCE_ACCESS_CHECK |
|
|
IOP_CREATE_USE_TOP_DEVICE_OBJECT_HINT,
|
|
fileObjectExtension->TopDeviceObjectHint );
|
|
|
|
} else {
|
|
|
|
status = IoCreateFile( &handle,
|
|
accessMask | SYNCHRONIZE,
|
|
&objectAttributes,
|
|
&ioStatus,
|
|
(PLARGE_INTEGER) NULL,
|
|
0,
|
|
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
|
FILE_OPEN,
|
|
FILE_OPEN_FOR_BACKUP_INTENT,
|
|
(PVOID) NULL,
|
|
0L,
|
|
CreateFileTypeNone,
|
|
(PVOID) NULL,
|
|
IO_NO_PARAMETER_CHECKING |
|
|
IO_OPEN_TARGET_DIRECTORY |
|
|
IO_FORCE_ACCESS_CHECK );
|
|
}
|
|
|
|
if (NT_SUCCESS( status )) {
|
|
//
|
|
// The open operation for the target file's parent directory was
|
|
// successful. Check to see whether or not the file exists.
|
|
//
|
|
|
|
irpSp = IoGetNextIrpStackLocation( Irp );
|
|
if (irpSp->Parameters.SetFile.FileInformationClass == FileLinkInformation &&
|
|
!renameBuffer->ReplaceIfExists &&
|
|
ioStatus.Information == FILE_EXISTS) {
|
|
|
|
//
|
|
// The target file exists, and the caller does not want to replace
|
|
// it. This is a name collision error so cleanup and return.
|
|
//
|
|
|
|
ObCloseHandle( handle , KernelMode);
|
|
status = STATUS_OBJECT_NAME_COLLISION;
|
|
|
|
} else {
|
|
|
|
//
|
|
// Everything up to this point is fine, so dereference the handle
|
|
// to a pointer to the file object and ensure that the two file
|
|
// specifications refer to the same device.
|
|
//
|
|
|
|
status = ObReferenceObjectByHandle( handle,
|
|
accessMask,
|
|
IoFileObjectType,
|
|
KernelMode,
|
|
(PVOID *) &targetFileObject,
|
|
&handleInformation );
|
|
if (NT_SUCCESS( status )) {
|
|
|
|
ObDereferenceObject( targetFileObject );
|
|
|
|
if (IoGetRelatedDeviceObject( targetFileObject) !=
|
|
IoGetRelatedDeviceObject( FileObject )) {
|
|
|
|
//
|
|
// The two files refer to different devices. Clean everything
|
|
// up and return an appropriate error.
|
|
//
|
|
|
|
ObCloseHandle( handle, KernelMode );
|
|
status = STATUS_NOT_SAME_DEVICE;
|
|
|
|
} else {
|
|
|
|
//
|
|
// Otherwise, everything worked, so allow the rename operation
|
|
// to continue.
|
|
//
|
|
|
|
irpSp->Parameters.SetFile.FileObject = targetFileObject;
|
|
*TargetHandle = handle;
|
|
status = STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// There was an error referencing the handle to what should
|
|
// have been the target directory. This generally means that
|
|
// there was a resource problem or the handle was invalid, etc.
|
|
// Simply attempt to close the handle and return the error.
|
|
//
|
|
|
|
ObCloseHandle( handle , KernelMode);
|
|
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
//
|
|
// Return the final status of the operation.
|
|
//
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopOpenRegistryKey(
|
|
OUT PHANDLE Handle,
|
|
IN HANDLE BaseHandle OPTIONAL,
|
|
IN PUNICODE_STRING KeyName,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN BOOLEAN Create
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Opens or creates a VOLATILE registry key using the name passed in based
|
|
at the BaseHandle node.
|
|
|
|
Arguments:
|
|
|
|
Handle - Pointer to the handle which will contain the registry key that
|
|
was opened.
|
|
|
|
BaseHandle - Handle to the base path from which the key must be opened.
|
|
|
|
KeyName - Name of the Key that must be opened/created.
|
|
|
|
DesiredAccess - Specifies the desired access that the caller needs to
|
|
the key.
|
|
|
|
Create - Determines if the key is to be created if it does not exist.
|
|
|
|
Return Value:
|
|
|
|
The function value is the final status of the operation.
|
|
|
|
--*/
|
|
|
|
{
|
|
OBJECT_ATTRIBUTES objectAttributes;
|
|
ULONG disposition;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Initialize the object for the key.
|
|
//
|
|
|
|
InitializeObjectAttributes( &objectAttributes,
|
|
KeyName,
|
|
OBJ_CASE_INSENSITIVE,
|
|
BaseHandle,
|
|
(PSECURITY_DESCRIPTOR) NULL );
|
|
|
|
//
|
|
// Create the key or open it, as appropriate based on the caller's
|
|
// wishes.
|
|
//
|
|
|
|
if (Create) {
|
|
return ZwCreateKey( Handle,
|
|
DesiredAccess,
|
|
&objectAttributes,
|
|
0,
|
|
(PUNICODE_STRING) NULL,
|
|
REG_OPTION_VOLATILE,
|
|
&disposition );
|
|
} else {
|
|
return ZwOpenKey( Handle,
|
|
DesiredAccess,
|
|
&objectAttributes );
|
|
}
|
|
}
|
|
|
|
NTSTATUS
|
|
IopQueryXxxInformation(
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG InformationClass,
|
|
IN ULONG Length,
|
|
OUT PVOID Information,
|
|
OUT PULONG ReturnedLength,
|
|
IN BOOLEAN FileInformation
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine returns the requested information about a specified file
|
|
or volume. The information returned is determined by the class that
|
|
is specified, and it is placed into the caller's output buffer.
|
|
|
|
Arguments:
|
|
|
|
FileObject - Supplies a pointer to the file object about which the requested
|
|
information is returned.
|
|
|
|
FsInformationClass - Specifies the type of information which should be
|
|
returned about the file/volume.
|
|
|
|
Length - Supplies the length of the buffer in bytes.
|
|
|
|
FsInformation - Supplies a buffer to receive the requested information
|
|
returned about the file. This buffer must not be pageable and must
|
|
reside in system space.
|
|
|
|
ReturnedLength - Supplies a variable that is to receive the length of the
|
|
information written to the buffer.
|
|
|
|
FileInformation - Boolean that indicates whether the information requested
|
|
is for a file or a volume.
|
|
|
|
Return Value:
|
|
|
|
The status returned is the final completion status of the operation.
|
|
|
|
--*/
|
|
|
|
{
|
|
PIRP irp;
|
|
NTSTATUS status;
|
|
PDEVICE_OBJECT deviceObject;
|
|
KEVENT event;
|
|
PIO_STACK_LOCATION irpSp;
|
|
IO_STATUS_BLOCK localIoStatus;
|
|
BOOLEAN synchronousIo;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Reference the file object here so that no special checks need be made
|
|
// in I/O completion to determine whether or not to dereference the file
|
|
// object.
|
|
//
|
|
|
|
ObReferenceObject( FileObject );
|
|
|
|
//
|
|
// Make a special check here to determine whether this is a synchronous
|
|
// I/O operation. If it is, then wait here until the file is owned by
|
|
// the current thread. If this is not a (serialized) synchronous I/O
|
|
// operation, then initialize the local event.
|
|
//
|
|
|
|
if (FileObject->Flags & FO_SYNCHRONOUS_IO) {
|
|
|
|
BOOLEAN interrupted;
|
|
|
|
if (!IopAcquireFastLock( FileObject )) {
|
|
status = IopAcquireFileObjectLock( FileObject,
|
|
KernelMode,
|
|
(BOOLEAN) ((FileObject->Flags & FO_ALERTABLE_IO) != 0),
|
|
&interrupted );
|
|
if (interrupted) {
|
|
ObDereferenceObject( FileObject );
|
|
return status;
|
|
}
|
|
}
|
|
KeClearEvent( &FileObject->Event );
|
|
synchronousIo = TRUE;
|
|
} else {
|
|
KeInitializeEvent( &event, SynchronizationEvent, FALSE );
|
|
synchronousIo = FALSE;
|
|
}
|
|
|
|
//
|
|
// Get the address of the target device object.
|
|
//
|
|
|
|
deviceObject = IoGetRelatedDeviceObject( FileObject );
|
|
|
|
//
|
|
// Allocate and initialize the I/O Request Packet (IRP) for this operation.
|
|
// The allocation is performed with an exception handler in case the
|
|
// caller does not have enough quota to allocate the packet.
|
|
//
|
|
|
|
irp = IoAllocateIrp( deviceObject->StackSize, TRUE );
|
|
if (!irp) {
|
|
|
|
//
|
|
// An IRP could not be allocated. Cleanup and return an appropriate
|
|
// error status code.
|
|
//
|
|
|
|
IopAllocateIrpCleanup( FileObject, (PKEVENT) NULL );
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
irp->Tail.Overlay.OriginalFileObject = FileObject;
|
|
irp->Tail.Overlay.Thread = PsGetCurrentThread();
|
|
irp->RequestorMode = KernelMode;
|
|
|
|
//
|
|
// Fill in the service independent parameters in the IRP.
|
|
//
|
|
|
|
if (synchronousIo) {
|
|
irp->UserEvent = (PKEVENT) NULL;
|
|
} else {
|
|
irp->UserEvent = &event;
|
|
irp->Flags = IRP_SYNCHRONOUS_API;
|
|
}
|
|
irp->UserIosb = &localIoStatus;
|
|
irp->Overlay.AsynchronousParameters.UserApcRoutine = (PIO_APC_ROUTINE) NULL;
|
|
|
|
//
|
|
// Get a pointer to the stack location for the first driver. This will be
|
|
// used to pass the original function codes and parameters.
|
|
//
|
|
|
|
irpSp = IoGetNextIrpStackLocation( irp );
|
|
irpSp->MajorFunction = FileInformation ?
|
|
IRP_MJ_QUERY_INFORMATION :
|
|
IRP_MJ_QUERY_VOLUME_INFORMATION;
|
|
irpSp->FileObject = FileObject;
|
|
|
|
//
|
|
// Set the system buffer address to the address of the caller's buffer and
|
|
// set the flags so that the buffer is not deallocated.
|
|
//
|
|
|
|
irp->AssociatedIrp.SystemBuffer = Information;
|
|
irp->Flags |= IRP_BUFFERED_IO;
|
|
|
|
//
|
|
// Copy the caller's parameters to the service-specific portion of the
|
|
// IRP.
|
|
//
|
|
|
|
if (FileInformation) {
|
|
irpSp->Parameters.QueryFile.Length = Length;
|
|
irpSp->Parameters.QueryFile.FileInformationClass = InformationClass;
|
|
} else {
|
|
irpSp->Parameters.QueryVolume.Length = Length;
|
|
irpSp->Parameters.QueryVolume.FsInformationClass = InformationClass;
|
|
}
|
|
|
|
//
|
|
// Insert the packet at the head of the IRP list for the thread.
|
|
//
|
|
|
|
IopQueueThreadIrp( irp );
|
|
|
|
//
|
|
// Now simply invoke the driver at its dispatch entry with the IRP.
|
|
//
|
|
|
|
status = IoCallDriver( deviceObject, irp );
|
|
|
|
//
|
|
// If this operation was a synchronous I/O operation, check the return
|
|
// status to determine whether or not to wait on the file object. If
|
|
// the file object is to be waited on, wait for the operation to complete
|
|
// and obtain the final status from the file object itself.
|
|
//
|
|
|
|
if (synchronousIo) {
|
|
if (status == STATUS_PENDING) {
|
|
status = KeWaitForSingleObject( &FileObject->Event,
|
|
Executive,
|
|
KernelMode,
|
|
(BOOLEAN) ((FileObject->Flags & FO_ALERTABLE_IO) != 0),
|
|
(PLARGE_INTEGER) NULL );
|
|
if (status == STATUS_ALERTED) {
|
|
IopCancelAlertedRequest( &FileObject->Event, irp );
|
|
}
|
|
status = FileObject->FinalStatus;
|
|
}
|
|
IopReleaseFileObjectLock( FileObject );
|
|
|
|
} else {
|
|
|
|
//
|
|
// This is a normal synchronous I/O operation, as opposed to a
|
|
// serialized synchronous I/O operation. For this case, wait
|
|
// for the local event and copy the final status information
|
|
// back to the caller.
|
|
//
|
|
|
|
if (status == STATUS_PENDING) {
|
|
(VOID) KeWaitForSingleObject( &event,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
status = localIoStatus.Status;
|
|
}
|
|
}
|
|
|
|
*ReturnedLength = (ULONG) localIoStatus.Information;
|
|
return status;
|
|
}
|
|
|
|
VOID
|
|
IopRaiseHardError(
|
|
IN PVOID NormalContext,
|
|
IN PVOID SystemArgument1,
|
|
IN PVOID SystemArgument2
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine raises a hard error popup in the context of the current
|
|
thread. The APC was used to get into the context of this thread so that
|
|
the popup would be sent to the appropriate port.
|
|
|
|
Arguments:
|
|
|
|
NormalContext - Supplies a pointer to the I/O Request Packet (IRP) that
|
|
was initially used to request the operation that has failed.
|
|
|
|
SystemArgument1 - Supplies a pointer to the media's volume parameter block.
|
|
See IoRaiseHardError documentation for more information.
|
|
|
|
SystemArgument2 - Supplies a pointer to the real device object. See
|
|
IoRaiseHardError documentation for more information.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
ULONG_PTR parameters[2];
|
|
ULONG numberOfParameters;
|
|
ULONG parameterMask;
|
|
ULONG response;
|
|
NTSTATUS status;
|
|
PIRP irp = (PIRP) NormalContext;
|
|
PVPB vpb = (PVPB) SystemArgument1;
|
|
PDEVICE_OBJECT realDeviceObject = (PDEVICE_OBJECT) SystemArgument2;
|
|
|
|
ULONG length = 0;
|
|
POBJECT_NAME_INFORMATION objectName;
|
|
|
|
UNICODE_STRING labelName;
|
|
|
|
//
|
|
// Determine the name of the device and the volume label of the offending
|
|
// media. Start by determining the size of the DeviceName, and allocate
|
|
// enough storage for both the ObjectName structure and the string
|
|
// because "that's the ways Steve's routine works".
|
|
//
|
|
|
|
ObQueryNameString( realDeviceObject, NULL, 0, &length );
|
|
|
|
if ((objectName = ExAllocatePool(PagedPool, length)) == NULL) {
|
|
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
} else {
|
|
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
|
|
if (!NT_SUCCESS( status ) ||
|
|
!NT_SUCCESS( status = ObQueryNameString( realDeviceObject,
|
|
objectName,
|
|
length,
|
|
&response ) )) {
|
|
|
|
//
|
|
// Allocation of the pool to put up this popup did not work or
|
|
// something else failed, so there isn't really much that can be
|
|
// done here. Simply return an error back to the user.
|
|
//
|
|
|
|
if (objectName) {
|
|
ExFreePool( objectName );
|
|
}
|
|
|
|
irp->IoStatus.Status = status;
|
|
irp->IoStatus.Information = 0;
|
|
|
|
IoCompleteRequest( irp, IO_DISK_INCREMENT );
|
|
|
|
return;
|
|
}
|
|
|
|
//
|
|
// The volume label has a max size of 32 characters (Unicode). Convert
|
|
// it to a Unicode string for output in the popup message.
|
|
//
|
|
|
|
if (vpb != NULL && vpb->Flags & VPB_MOUNTED) {
|
|
|
|
labelName.Buffer = &vpb->VolumeLabel[0];
|
|
labelName.Length = vpb->VolumeLabelLength;
|
|
labelName.MaximumLength = MAXIMUM_VOLUME_LABEL_LENGTH;
|
|
|
|
} else {
|
|
|
|
RtlInitUnicodeString( &labelName, NULL );
|
|
}
|
|
|
|
//
|
|
// Different pop-ups have different printf formats. Depending on the
|
|
// specific error value, adjust the parameters.
|
|
//
|
|
|
|
switch( irp->IoStatus.Status ) {
|
|
|
|
case STATUS_MEDIA_WRITE_PROTECTED:
|
|
case STATUS_WRONG_VOLUME:
|
|
|
|
numberOfParameters = 2;
|
|
parameterMask = 3;
|
|
|
|
parameters[0] = (ULONG_PTR) &labelName;
|
|
parameters[1] = (ULONG_PTR) &objectName->Name;
|
|
|
|
break;
|
|
|
|
case STATUS_DEVICE_NOT_READY:
|
|
case STATUS_IO_TIMEOUT:
|
|
case STATUS_NO_MEDIA_IN_DEVICE:
|
|
case STATUS_UNRECOGNIZED_MEDIA:
|
|
|
|
numberOfParameters = 1;
|
|
parameterMask = 1;
|
|
|
|
parameters[0] = (ULONG_PTR) &objectName->Name;
|
|
parameters[1] = 0;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
numberOfParameters = 0;
|
|
parameterMask = 0;
|
|
|
|
}
|
|
|
|
//
|
|
// Simply raise the hard error.
|
|
//
|
|
|
|
if (ExReadyForErrors) {
|
|
status = ExRaiseHardError( irp->IoStatus.Status,
|
|
numberOfParameters,
|
|
parameterMask,
|
|
parameters,
|
|
OptionCancelTryContinue,
|
|
&response );
|
|
|
|
} else {
|
|
|
|
status = STATUS_UNSUCCESSFUL;
|
|
response = ResponseReturnToCaller;
|
|
}
|
|
|
|
//
|
|
// Free any pool or other resources that were allocated to output the
|
|
// popup.
|
|
//
|
|
|
|
ExFreePool( objectName );
|
|
|
|
//
|
|
// If there was a problem, or the user didn't want to retry, just
|
|
// complete the request. Otherwise simply call the driver entry
|
|
// point and retry the IRP as if it had never been tried before.
|
|
//
|
|
|
|
if (!NT_SUCCESS( status ) || response != ResponseTryAgain) {
|
|
|
|
//
|
|
// Before completing the request, make one last check. If this was
|
|
// a mount request, and the reason for the failure was t/o, no media,
|
|
// or unrecognized media, then set the Information field of the status
|
|
// block to indicate whether or not an abort was performed.
|
|
//
|
|
|
|
if (response == ResponseCancel) {
|
|
PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation( irp );
|
|
if (irpSp->MajorFunction == IRP_MJ_FILE_SYSTEM_CONTROL &&
|
|
irpSp->MinorFunction == IRP_MN_MOUNT_VOLUME) {
|
|
irp->IoStatus.Information = IOP_ABORT;
|
|
} else {
|
|
irp->IoStatus.Status = STATUS_REQUEST_ABORTED;
|
|
}
|
|
}
|
|
|
|
//
|
|
// An error was incurred, so zero out the information field before
|
|
// completing the request if this was an input operation. Otherwise,
|
|
// IopCompleteRequest will try to copy to the user's buffer.
|
|
//
|
|
|
|
if (irp->Flags & IRP_INPUT_OPERATION) {
|
|
irp->IoStatus.Information = 0;
|
|
}
|
|
|
|
IoCompleteRequest( irp, IO_DISK_INCREMENT );
|
|
|
|
} else {
|
|
|
|
PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation( irp );
|
|
PDEVICE_OBJECT fsDeviceObject = irpSp->DeviceObject;
|
|
PDRIVER_OBJECT driverObject = fsDeviceObject->DriverObject;
|
|
|
|
//
|
|
// Retry the request from the top.
|
|
//
|
|
|
|
driverObject->MajorFunction[irpSp->MajorFunction]( fsDeviceObject,
|
|
irp );
|
|
|
|
}
|
|
}
|
|
|
|
VOID
|
|
IopRaiseInformationalHardError(
|
|
IN PVOID NormalContext,
|
|
IN PVOID SystemArgument1,
|
|
IN PVOID SystemArgument2
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine performs the actual pop-up. It will called from either the
|
|
hard-error thread, or a APC routine in a user thread after exiting the
|
|
file system.
|
|
|
|
Arguments:
|
|
|
|
NormalContext - Contains the information for the pop-up
|
|
|
|
SystemArgument1 - not used.
|
|
|
|
SystemArgument1 - not used.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
ULONG parameterPresent;
|
|
ULONG_PTR errorParameter;
|
|
ULONG errorResponse;
|
|
PIOP_HARD_ERROR_PACKET hardErrorPacket;
|
|
|
|
UNREFERENCED_PARAMETER( SystemArgument1 );
|
|
UNREFERENCED_PARAMETER( SystemArgument2 );
|
|
|
|
hardErrorPacket = (PIOP_HARD_ERROR_PACKET) NormalContext;
|
|
|
|
//
|
|
// Simply raise the hard error if the system is ready to accept one.
|
|
//
|
|
|
|
errorParameter = (ULONG_PTR) &hardErrorPacket->String;
|
|
|
|
parameterPresent = (hardErrorPacket->String.Buffer != NULL);
|
|
|
|
if (ExReadyForErrors) {
|
|
(VOID) ExRaiseHardError( hardErrorPacket->ErrorStatus,
|
|
parameterPresent,
|
|
parameterPresent,
|
|
parameterPresent ? &errorParameter : NULL,
|
|
OptionOkNoWait,
|
|
&errorResponse );
|
|
}
|
|
|
|
//
|
|
// Now free the packet and the buffer, if one was specified.
|
|
//
|
|
|
|
if (hardErrorPacket->String.Buffer) {
|
|
ExFreePool( hardErrorPacket->String.Buffer );
|
|
}
|
|
|
|
ExFreePool( hardErrorPacket );
|
|
InterlockedDecrement(&IopHardError.NumPendingApcPopups);
|
|
}
|
|
|
|
VOID
|
|
IopReadyDeviceObjects(
|
|
IN PDRIVER_OBJECT DriverObject
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to mark all of the device objects owned by the
|
|
specified driver as having been fully initialized and therefore ready
|
|
for access by other drivers/clients.
|
|
|
|
Arguments:
|
|
|
|
DriverObject - Supplies a pointer to the driver object for the driver
|
|
whose devices are to be marked as being "ready".
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PDEVICE_OBJECT deviceObject = DriverObject->DeviceObject;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Loop through all of the driver's device objects, clearing the
|
|
// DO_DEVICE_INITIALIZING flag.
|
|
//
|
|
|
|
DriverObject->Flags |= DRVO_INITIALIZED;
|
|
while (deviceObject) {
|
|
deviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
|
|
deviceObject = deviceObject->NextDevice;
|
|
}
|
|
}
|
|
|
|
NTSTATUS
|
|
IopResurrectDriver(
|
|
PDRIVER_OBJECT DriverObject
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to clear unload pending flag on all of the device
|
|
objects owned by the specified driver, if the unload routine has not run.
|
|
This allows the driver to come back to life after a pending unload.
|
|
|
|
|
|
Arguments:
|
|
|
|
DriverObject - Supplies a pointer to the driver object for the driver
|
|
whose devices are to be cleared.
|
|
|
|
Return Value:
|
|
|
|
Status - Returns success if the driver's unload routine has not run;
|
|
otherwise STATUS_IMAGE_ALREADY_LOADED is returned.
|
|
|
|
--*/
|
|
|
|
{
|
|
PDEVICE_OBJECT deviceObject = DriverObject->DeviceObject;
|
|
KIRQL irql;
|
|
|
|
//
|
|
// Acquire the I/O spinlock that protects the device list and
|
|
// driver flags.
|
|
//
|
|
|
|
irql = KeAcquireQueuedSpinLock( LockQueueIoDatabaseLock );
|
|
|
|
if (DriverObject->Flags & DRVO_UNLOAD_INVOKED || !deviceObject ||
|
|
!(deviceObject->DeviceObjectExtension->ExtensionFlags & DOE_UNLOAD_PENDING)) {
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
return STATUS_IMAGE_ALREADY_LOADED;
|
|
}
|
|
|
|
//
|
|
// Loop through all of the driver's device objects, clearing the
|
|
// DOE_UNLOAD_PENDING flag.
|
|
//
|
|
|
|
while (deviceObject) {
|
|
deviceObject->DeviceObjectExtension->ExtensionFlags &= ~DOE_UNLOAD_PENDING;
|
|
deviceObject = deviceObject->NextDevice;
|
|
}
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
return STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
VOID
|
|
IopMarshalIds(
|
|
OUT PTRACKING_BUFFER TrackingBuffer,
|
|
IN PFILE_VOLUMEID_WITH_TYPE TargetVolumeId,
|
|
IN PFILE_OBJECTID_BUFFER TargetObjectId,
|
|
IN PFILE_TRACKING_INFORMATION TrackingInfo
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine marshals the TargetVolumeId and TargetObjectId
|
|
into the supplied TrackingBuffer in a standard remotable format.
|
|
|
|
It also clears the DestinationFile handle to NULL, and sets the
|
|
ObjectInformationLength to the size of the marshalled data.
|
|
|
|
Arguments:
|
|
|
|
TrackingBuffer - The buffer to receive the marshalled parameters.
|
|
|
|
TargetVolumeId - The volume id to marshal.
|
|
|
|
TargetObjectId - The object id to marshal.
|
|
|
|
TrackingInfo - The additional tracking information to marshal.
|
|
|
|
--*/
|
|
|
|
{
|
|
ULONG ObjectInformationLength = 0;
|
|
|
|
TrackingBuffer->TrackingInformation.DestinationFile = (HANDLE) NULL;
|
|
|
|
RtlZeroMemory( &TrackingBuffer->TrackingInformation.ObjectInformation[ ObjectInformationLength ],
|
|
sizeof(TargetVolumeId->Type) );
|
|
|
|
RtlCopyMemory( &TrackingBuffer->TrackingInformation.ObjectInformation[ ObjectInformationLength ],
|
|
&TargetVolumeId->Type,
|
|
sizeof(TargetVolumeId->Type) );
|
|
ObjectInformationLength += sizeof(TargetVolumeId->Type);
|
|
|
|
RtlCopyMemory( &TrackingBuffer->TrackingInformation.ObjectInformation[ ObjectInformationLength ],
|
|
&TargetVolumeId->VolumeId[0],
|
|
sizeof(TargetVolumeId->VolumeId) );
|
|
ObjectInformationLength += sizeof(TargetVolumeId->VolumeId);
|
|
|
|
RtlCopyMemory( &TrackingBuffer->TrackingInformation.ObjectInformation[ ObjectInformationLength ],
|
|
&TargetObjectId->ObjectId[0],
|
|
sizeof(TargetObjectId->ObjectId) );
|
|
ObjectInformationLength += sizeof(TargetObjectId->ObjectId);
|
|
|
|
RtlCopyMemory( &TrackingBuffer->TrackingInformation.ObjectInformation[ ObjectInformationLength ],
|
|
&TrackingInfo->ObjectInformation[0],
|
|
TrackingInfo->ObjectInformationLength );
|
|
ObjectInformationLength += TrackingInfo->ObjectInformationLength;
|
|
|
|
TrackingBuffer->TrackingInformation.ObjectInformationLength = ObjectInformationLength;
|
|
|
|
}
|
|
|
|
VOID
|
|
IopUnMarshalIds(
|
|
IN FILE_TRACKING_INFORMATION * TrackingInformation,
|
|
OUT FILE_VOLUMEID_WITH_TYPE * TargetVolumeId,
|
|
OUT GUID * TargetObjectId,
|
|
OUT GUID * TargetMachineId
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine unmarshals the TargetVolumeId and TargetObjectId
|
|
from the supplied TrackingInformation from a standard remotable format.
|
|
|
|
Arguments:
|
|
|
|
TrackingInformation - The buffer containing the marshalled parameters.
|
|
|
|
TargetVolumeId - Buffer to receive the volume id.
|
|
|
|
TargetObjectId - Buffer to receive the object id.
|
|
|
|
TargetMachineId - Buffer to receieve the machine id.
|
|
|
|
--*/
|
|
|
|
{
|
|
ULONG ObjectInformationLength = 0;
|
|
|
|
RtlCopyMemory( &TargetVolumeId->Type,
|
|
&TrackingInformation->ObjectInformation[ ObjectInformationLength ],
|
|
sizeof(TargetVolumeId->Type) );
|
|
ObjectInformationLength += sizeof(TargetVolumeId->Type);
|
|
|
|
|
|
RtlCopyMemory( &TargetVolumeId->VolumeId[0],
|
|
&TrackingInformation->ObjectInformation[ ObjectInformationLength ],
|
|
sizeof(TargetVolumeId->VolumeId) );
|
|
ObjectInformationLength += sizeof(TargetVolumeId->VolumeId);
|
|
|
|
RtlCopyMemory( TargetObjectId,
|
|
&TrackingInformation->ObjectInformation[ ObjectInformationLength ],
|
|
sizeof(*TargetObjectId) );
|
|
ObjectInformationLength += sizeof(*TargetObjectId);
|
|
|
|
if( TrackingInformation->ObjectInformationLength > ObjectInformationLength ) {
|
|
RtlCopyMemory( TargetMachineId,
|
|
&TrackingInformation->ObjectInformation[ ObjectInformationLength ],
|
|
min( sizeof(*TargetMachineId), TrackingInformation->ObjectInformationLength - ObjectInformationLength) );
|
|
// ObjectInformationLength += sizeof(GUID);
|
|
}
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
IopSendMessageToTrackService(
|
|
IN PFILE_VOLUMEID_WITH_TYPE SourceVolumeId,
|
|
IN PFILE_OBJECTID_BUFFER SourceObjectId,
|
|
IN PFILE_TRACKING_INFORMATION TargetObjectInformation
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to send a message to the user-mode link tracking
|
|
service to inform it that a file has been moved so that it can track it
|
|
by its object ID.
|
|
|
|
Arguments:
|
|
|
|
SourceVolumeId - Volume ID of the source file.
|
|
|
|
SourceObjectId - Object ID of the source file.
|
|
|
|
TargetObjectInformation - Volume ID, object ID of the target file.
|
|
|
|
Return Value:
|
|
|
|
The final function value is the final completion status of the operation.
|
|
|
|
|
|
--*/
|
|
|
|
{
|
|
typedef struct _LINK_TRACKING_MESSAGE {
|
|
NTSTATUS Status;
|
|
ULONG Request;
|
|
FILE_VOLUMEID_WITH_TYPE SourceVolumeId; // src vol type & id
|
|
FILE_OBJECTID_BUFFER SourceObjectId; // src obj id & birth info
|
|
FILE_VOLUMEID_WITH_TYPE TargetVolumeId; // tgt vol type & id
|
|
GUID TargetObjectId; // tgt obj id
|
|
GUID TargetMachineId;
|
|
} LINK_TRACKING_MESSAGE, *PLINK_TRACKING_MESSAGE;
|
|
|
|
typedef struct _LINK_TRACKING_RESPONSE {
|
|
NTSTATUS Status;
|
|
} LINK_TRACKING_RESPONSE, *PLINK_TRACKING_RESPONSE;
|
|
|
|
PPORT_MESSAGE portMessage;
|
|
PPORT_MESSAGE portReplyMessage;
|
|
CHAR portReply[ 256 ];
|
|
PLINK_TRACKING_MESSAGE requestMessage;
|
|
PLINK_TRACKING_RESPONSE replyMessage;
|
|
LINK_TRACKING_PACKET ltp;
|
|
NTSTATUS status;
|
|
ULONG loopCount = 0;
|
|
KPROCESSOR_MODE PreviousMode;
|
|
|
|
PAGED_CODE();
|
|
|
|
PreviousMode = KeGetPreviousMode();
|
|
//
|
|
// Begin by determining whether or not the LPC port to the link tracking
|
|
// service has been opened. If not, then attempt to open it now.
|
|
//
|
|
|
|
retry:
|
|
|
|
if (!IopLinkTrackingServiceObject) {
|
|
|
|
//
|
|
// The port has not yet been opened. Check to see whether or not
|
|
// the service has been started. If not, then get out now as there
|
|
// will be no port if the service is not running.
|
|
//
|
|
|
|
if (!KeReadStateEvent( IopLinkTrackingServiceEvent )) {
|
|
return STATUS_NO_TRACKING_SERVICE;
|
|
}
|
|
|
|
for (;; ) {
|
|
status = KeWaitForSingleObject(&IopLinkTrackingPortObject,
|
|
Executive,
|
|
PreviousMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
|
|
if ((status == STATUS_USER_APC) || (status == STATUS_ALERTED)) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// There is no referenced object pointer to the
|
|
// link tracking port so open it.
|
|
//
|
|
if (!IopLinkTrackingServiceObject) {
|
|
ExInitializeWorkItem(
|
|
&IopLinkTrackingPacket.WorkQueueItem,
|
|
IopConnectLinkTrackingPort,
|
|
&IopLinkTrackingPacket);
|
|
(VOID)KeResetEvent(&IopLinkTrackingPacket.Event);
|
|
ExQueueWorkItem( &IopLinkTrackingPacket.WorkQueueItem,
|
|
DelayedWorkQueue );
|
|
status = KeWaitForSingleObject(
|
|
&IopLinkTrackingPacket.Event,
|
|
Executive,
|
|
PreviousMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
|
|
if ((status == STATUS_USER_APC) || (status == STATUS_ALERTED)) {
|
|
NOTHING;
|
|
} else if (!NT_SUCCESS( IopLinkTrackingPacket.FinalStatus )) {
|
|
status = IopLinkTrackingPacket.FinalStatus;
|
|
}
|
|
|
|
KeSetEvent(&IopLinkTrackingPortObject,
|
|
0,
|
|
FALSE);
|
|
if (status == STATUS_SUCCESS) {
|
|
break;
|
|
} else {
|
|
return status;
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// The connection is established.
|
|
//
|
|
|
|
KeSetEvent(&IopLinkTrackingPortObject,
|
|
0,
|
|
FALSE);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Form a message from the input parameters and send it to the caller.
|
|
//
|
|
|
|
portMessage = ExAllocatePool( PagedPool,
|
|
sizeof( LINK_TRACKING_MESSAGE ) +
|
|
sizeof( PORT_MESSAGE ) );
|
|
if (!portMessage) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
requestMessage = (PLINK_TRACKING_MESSAGE) (portMessage + 1);
|
|
RtlZeroMemory( requestMessage, sizeof(*requestMessage) );
|
|
|
|
requestMessage->Status = STATUS_SUCCESS;
|
|
requestMessage->Request = 0;
|
|
|
|
RtlCopyMemory( &requestMessage->SourceVolumeId,
|
|
SourceVolumeId,
|
|
sizeof( FILE_VOLUMEID_WITH_TYPE ) );
|
|
|
|
RtlCopyMemory( &requestMessage->SourceObjectId,
|
|
SourceObjectId,
|
|
sizeof( FILE_OBJECTID_BUFFER ) );
|
|
|
|
IopUnMarshalIds( TargetObjectInformation,
|
|
&requestMessage->TargetVolumeId,
|
|
&requestMessage->TargetObjectId,
|
|
&requestMessage->TargetMachineId);
|
|
|
|
portMessage->u1.s1.TotalLength = (USHORT) (sizeof( PORT_MESSAGE ) +
|
|
sizeof( LINK_TRACKING_MESSAGE ));
|
|
portMessage->u1.s1.DataLength = (USHORT) sizeof( LINK_TRACKING_MESSAGE );
|
|
portMessage->u2.ZeroInit = 0;
|
|
|
|
status = LpcRequestWaitReplyPort( IopLinkTrackingServiceObject,
|
|
portMessage,
|
|
(PPORT_MESSAGE) &portReply[0] );
|
|
if (!NT_SUCCESS( status )) {
|
|
if (status == STATUS_PORT_DISCONNECTED) {
|
|
status = KeWaitForSingleObject(&IopLinkTrackingPortObject,
|
|
Executive,
|
|
PreviousMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
ObDereferenceObject( IopLinkTrackingServiceObject );
|
|
IopLinkTrackingServiceObject = NULL;
|
|
KeSetEvent(&IopLinkTrackingPortObject,
|
|
0,
|
|
FALSE);
|
|
if (!loopCount) {
|
|
loopCount += 1;
|
|
goto retry;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (NT_SUCCESS( status )) {
|
|
portReplyMessage = (PPORT_MESSAGE) &portReply[0];
|
|
replyMessage = (PLINK_TRACKING_RESPONSE) (portReplyMessage + 1);
|
|
status = replyMessage->Status;
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopSetEaOrQuotaInformationFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN BOOLEAN SetEa
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked by the NtSetEa[Quota]InformationFile system services
|
|
to either modify the EAs on a file or the quota entries on a volume. All of
|
|
the specified entries in the buffer are made to the file or volume.
|
|
|
|
Arguments:
|
|
|
|
FileHandle - Supplies a handle to the file/volume for which the entries are
|
|
to be applied.
|
|
|
|
IoStatusBlock - Address of the caller's I/O status block.
|
|
|
|
Buffer - Supplies a buffer containing the entries to be added/modified.
|
|
|
|
Length - Supplies the length, in bytes, of the buffer.
|
|
|
|
SetEa - A BOOLEAN that indicates whether to change the EAs on a file or
|
|
the quota entries on the volume.
|
|
|
|
Return Value:
|
|
|
|
The status returned is the final completion status of the operation.
|
|
|
|
--*/
|
|
|
|
{
|
|
PIRP irp;
|
|
NTSTATUS status;
|
|
PFILE_OBJECT fileObject;
|
|
PDEVICE_OBJECT deviceObject;
|
|
PKEVENT event = (PKEVENT) NULL;
|
|
KPROCESSOR_MODE requestorMode;
|
|
PIO_STACK_LOCATION irpSp;
|
|
IO_STATUS_BLOCK localIoStatus;
|
|
BOOLEAN synchronousIo;
|
|
PETHREAD CurrentThread;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Get the previous mode; i.e., the mode of the caller.
|
|
//
|
|
|
|
CurrentThread = PsGetCurrentThread ();
|
|
requestorMode = KeGetPreviousModeByThread(&CurrentThread->Tcb);
|
|
|
|
if (requestorMode != KernelMode) {
|
|
|
|
//
|
|
// The caller's access mode is user, so probe each of the arguments
|
|
// and capture them as necessary. If any failures occur, the condition
|
|
// handler will be invoked to handle them. It will simply cleanup and
|
|
// return an access violation status code back to the system service
|
|
// dispatcher.
|
|
//
|
|
|
|
try {
|
|
|
|
//
|
|
// The IoStatusBlock parameter must be writeable by the caller.
|
|
//
|
|
|
|
ProbeForWriteIoStatus( IoStatusBlock);
|
|
|
|
//
|
|
// The Buffer parameter must be readable by the caller.
|
|
//
|
|
|
|
ProbeForRead( Buffer, Length, sizeof( ULONG ) );
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
//
|
|
// An exception was incurred while probing the caller's parameters.
|
|
// Cleanup and return an appropriate error status code.
|
|
//
|
|
|
|
return GetExceptionCode();
|
|
}
|
|
}
|
|
|
|
//
|
|
// There were no blatant errors so far, so reference the file object so
|
|
// the target device object can be found. Note that if the handle does
|
|
// not refer to a file object, or if the caller does not have the required
|
|
// access to the file, then it will fail.
|
|
//
|
|
|
|
status = ObReferenceObjectByHandle( FileHandle,
|
|
SetEa ? FILE_WRITE_EA : FILE_WRITE_DATA,
|
|
IoFileObjectType,
|
|
requestorMode,
|
|
(PVOID *) &fileObject,
|
|
NULL );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Make a special check here to determine whether this is a synchronous
|
|
// I/O operation. If it is, then wait here until the file is owned by
|
|
// the current thread. If this is not a (serialized) synchronous I/O
|
|
// operation, then allocate and initialize the local event.
|
|
//
|
|
|
|
if (fileObject->Flags & FO_SYNCHRONOUS_IO) {
|
|
|
|
BOOLEAN interrupted;
|
|
|
|
if (!IopAcquireFastLock( fileObject )) {
|
|
status = IopAcquireFileObjectLock( fileObject,
|
|
requestorMode,
|
|
(BOOLEAN) ((fileObject->Flags & FO_ALERTABLE_IO) != 0),
|
|
&interrupted );
|
|
if (interrupted) {
|
|
ObDereferenceObject( fileObject );
|
|
return status;
|
|
}
|
|
}
|
|
synchronousIo = TRUE;
|
|
} else {
|
|
|
|
//
|
|
// This is a synchronous API being invoked for a file that is opened
|
|
// for asynchronous I/O. This means that this system service is
|
|
// to synchronize the completion of the operation before returning
|
|
// to the caller. A local event is used to do this.
|
|
//
|
|
|
|
event = ExAllocatePool( NonPagedPool, sizeof( KEVENT ) );
|
|
if (!event) {
|
|
ObDereferenceObject( fileObject );
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
KeInitializeEvent( event, SynchronizationEvent, FALSE );
|
|
synchronousIo = FALSE;
|
|
}
|
|
|
|
//
|
|
// Set the file object to the Not-Signaled state.
|
|
//
|
|
|
|
KeClearEvent( &fileObject->Event );
|
|
|
|
//
|
|
// Get the address of the target device object.
|
|
//
|
|
|
|
deviceObject = IoGetRelatedDeviceObject( fileObject );
|
|
|
|
//
|
|
// Allocate and initialize the I/O Request Packet (IRP) for this operation.
|
|
// The allocation is performed with an exception handler in case the
|
|
// caller does not have enough quota to allocate the packet.
|
|
|
|
irp = IoAllocateIrp( deviceObject->StackSize, TRUE );
|
|
if (!irp) {
|
|
|
|
//
|
|
// An IRP could not be allocated. Cleanup and return an appropriate
|
|
// error status code.
|
|
//
|
|
|
|
if (!(fileObject->Flags & FO_SYNCHRONOUS_IO)) {
|
|
ExFreePool( event );
|
|
}
|
|
|
|
IopAllocateIrpCleanup( fileObject, (PKEVENT) NULL );
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
irp->Tail.Overlay.OriginalFileObject = fileObject;
|
|
irp->Tail.Overlay.Thread = CurrentThread;
|
|
irp->RequestorMode = requestorMode;
|
|
|
|
//
|
|
// Fill in the service independent parameters in the IRP.
|
|
//
|
|
|
|
if (synchronousIo) {
|
|
irp->UserEvent = (PKEVENT) NULL;
|
|
irp->UserIosb = IoStatusBlock;
|
|
} else {
|
|
irp->UserEvent = event;
|
|
irp->UserIosb = &localIoStatus;
|
|
irp->Flags = IRP_SYNCHRONOUS_API;
|
|
}
|
|
irp->Overlay.AsynchronousParameters.UserApcRoutine = (PIO_APC_ROUTINE) NULL;
|
|
|
|
//
|
|
// Get a pointer to the stack location for the first driver. This will be
|
|
// used to pass the original function codes and parameters.
|
|
//
|
|
|
|
irpSp = IoGetNextIrpStackLocation( irp );
|
|
irpSp->MajorFunction = SetEa ? IRP_MJ_SET_EA : IRP_MJ_SET_QUOTA;
|
|
irpSp->FileObject = fileObject;
|
|
|
|
//
|
|
// Now determine whether this driver expects to have data buffered to it
|
|
// or whether it performs direct I/O. This is based on the DO_BUFFERED_IO
|
|
// flag in the device object. if the flag is set, then a system buffer is
|
|
// allocated and driver's data is copied to it. If the DO_DIRECT_IO flag
|
|
// is set in the device object, then a Memory Descriptor List (MDL) is
|
|
// allocated and the caller's buffer is locked down using it. Finally, if
|
|
// the driver specifies neither of the flags, then simply pass the address
|
|
// and length of the buffer and allow the driver to perform all of the
|
|
// checking and buffering if any is required.
|
|
//
|
|
|
|
if (deviceObject->Flags & DO_BUFFERED_IO) {
|
|
|
|
PVOID systemBuffer;
|
|
ULONG errorOffset;
|
|
|
|
//
|
|
// The driver wishes the caller's buffer to be copied into an
|
|
// intermediary buffer. Allocate the system buffer and specify
|
|
// that it should be deallocated on completion. Also check to
|
|
// ensure that the caller's EA list or quota list is valid. All
|
|
// of this is performed within an exception handler that will perform
|
|
// cleanup if the operation fails.
|
|
//
|
|
|
|
try {
|
|
|
|
//
|
|
// Allocate the intermediary system buffer and charge the caller
|
|
// quota for its allocation. Copy the caller's buffer into the
|
|
// system buffer and check to ensure that it is valid.
|
|
//
|
|
|
|
systemBuffer = ExAllocatePoolWithQuota( NonPagedPool, Length );
|
|
|
|
irp->AssociatedIrp.SystemBuffer = systemBuffer;
|
|
|
|
RtlCopyMemory( systemBuffer, Buffer, Length );
|
|
|
|
if (SetEa) {
|
|
status = IoCheckEaBufferValidity( systemBuffer,
|
|
Length,
|
|
&errorOffset );
|
|
} else {
|
|
status = IoCheckQuotaBufferValidity( systemBuffer,
|
|
Length,
|
|
&errorOffset );
|
|
}
|
|
|
|
if (!NT_SUCCESS( status )) {
|
|
IoStatusBlock->Status = status;
|
|
IoStatusBlock->Information = errorOffset;
|
|
ExRaiseStatus( status );
|
|
}
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
//
|
|
// An exception was incurred while allocating the buffer, copying
|
|
// the caller's data into it, or walking the buffer. Determine
|
|
// what happened, cleanup, and return an appropriate error status
|
|
// code.
|
|
//
|
|
|
|
IopExceptionCleanup( fileObject,
|
|
irp,
|
|
(PKEVENT) NULL,
|
|
event );
|
|
|
|
return GetExceptionCode();
|
|
|
|
}
|
|
|
|
//
|
|
// Set the flags so that the completion code knows to deallocate the
|
|
// buffer.
|
|
//
|
|
|
|
irp->Flags |= IRP_BUFFERED_IO | IRP_DEALLOCATE_BUFFER;
|
|
|
|
} else if (deviceObject->Flags & DO_DIRECT_IO) {
|
|
|
|
PMDL mdl;
|
|
|
|
//
|
|
// This is a direct I/O operation. Allocate an MDL and invoke the
|
|
// memory management routine to lock the buffer into memory. This is
|
|
// done using an exception handler that will perform cleanup if the
|
|
// operation fails.
|
|
//
|
|
|
|
mdl = (PMDL) NULL;
|
|
|
|
try {
|
|
|
|
//
|
|
// Allocate an MDL, charging quota for it, and hang it off of the
|
|
// IRP. Probe and lock the pages associated with the caller's
|
|
// buffer for read access and fill in the MDL with the PFNs of those
|
|
// pages.
|
|
//
|
|
|
|
mdl = IoAllocateMdl( Buffer, Length, FALSE, TRUE, irp );
|
|
if (!mdl) {
|
|
ExRaiseStatus( STATUS_INSUFFICIENT_RESOURCES );
|
|
}
|
|
IopProbeAndLockPages( mdl, requestorMode, IoReadAccess, deviceObject, irpSp->MajorFunction);
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
//
|
|
// An exception was incurred while either probing the caller's
|
|
// buffer or allocating the MDL. Determine what actually happened,
|
|
// clean everything up, and return an appropriate error status code.
|
|
//
|
|
|
|
IopExceptionCleanup( fileObject,
|
|
irp,
|
|
(PKEVENT) NULL,
|
|
event );
|
|
|
|
return GetExceptionCode();
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// Pass the address of the user's buffer so the driver has access to
|
|
// it. It is now the driver's responsibility to do everything.
|
|
//
|
|
|
|
irp->UserBuffer = Buffer;
|
|
|
|
}
|
|
|
|
//
|
|
// Copy the caller's parameters to the service-specific portion of the
|
|
// IRP.
|
|
//
|
|
|
|
if (SetEa) {
|
|
irpSp->Parameters.SetEa.Length = Length;
|
|
} else {
|
|
irpSp->Parameters.SetQuota.Length = Length;
|
|
}
|
|
|
|
//
|
|
// Queue the packet, call the driver, and synchronize appropriately with
|
|
// I/O completion.
|
|
//
|
|
|
|
status = IopSynchronousServiceTail( deviceObject,
|
|
irp,
|
|
fileObject,
|
|
FALSE,
|
|
requestorMode,
|
|
synchronousIo,
|
|
OtherTransfer );
|
|
|
|
//
|
|
// If the file for this operation was not opened for synchronous I/O, then
|
|
// synchronization of completion of the I/O operation has not yet occurred
|
|
// since the allocated event must be used for synchronous APIs on files
|
|
// opened for asynchronous I/O. Synchronize the completion of the I/O
|
|
// operation now.
|
|
//
|
|
|
|
if (!synchronousIo) {
|
|
|
|
status = IopSynchronousApiServiceTail( status,
|
|
event,
|
|
irp,
|
|
requestorMode,
|
|
&localIoStatus,
|
|
IoStatusBlock );
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopSetRemoteLink(
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PFILE_OBJECT DestinationFileObject OPTIONAL,
|
|
IN PFILE_TRACKING_INFORMATION FileInformation OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to remote an NtSetInformationFile API call via an
|
|
FSCTL to the Redirector. The call will cause the remote system to perform
|
|
the service call to track the link for a file which was just moved.
|
|
|
|
Arguments:
|
|
|
|
FileObject - Supplies the file object for the file that was moved.
|
|
|
|
DestinationFileObject - Optionally supplies the file object for the new
|
|
destination location for the file.
|
|
|
|
FileInformation - Optionally supplies the volume and file object IDs of
|
|
the target file.
|
|
|
|
Return Value:
|
|
|
|
The final function value is the final completion status of the operation.
|
|
|
|
--*/
|
|
|
|
{
|
|
REMOTE_LINK_BUFFER remoteBuffer;
|
|
IO_STATUS_BLOCK ioStatus;
|
|
NTSTATUS status;
|
|
PIRP irp;
|
|
KEVENT event;
|
|
PIO_STACK_LOCATION irpSp;
|
|
PDEVICE_OBJECT deviceObject;
|
|
ULONG length = 0;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Initialize the event structure to synchronize completion of the I/O
|
|
// request.
|
|
//
|
|
|
|
KeInitializeEvent( &event,
|
|
NotificationEvent,
|
|
FALSE );
|
|
|
|
//
|
|
// Build an I/O Request Packet to be sent to the file system driver to get
|
|
// the volume ID.
|
|
//
|
|
|
|
deviceObject = IoGetRelatedDeviceObject( FileObject );
|
|
|
|
irp = IoBuildDeviceIoControlRequest( FSCTL_LMR_SET_LINK_TRACKING_INFORMATION,
|
|
deviceObject,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
0,
|
|
FALSE,
|
|
&event,
|
|
&ioStatus );
|
|
if (!irp) {
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
|
|
//
|
|
// Initialize the remote link buffer according to the input information.
|
|
//
|
|
|
|
if (DestinationFileObject) {
|
|
|
|
// The FileObject and DestinationFileObject are on the same machine
|
|
remoteBuffer.TrackingInformation.TargetFileObject = DestinationFileObject;
|
|
|
|
if (FileInformation) {
|
|
// Copy the ObjectInformation from the FileInformation buffer into
|
|
// the TargetLinkTrackingInformationBuffer. Set 'length' to include
|
|
// this buffer.
|
|
|
|
remoteBuffer.TrackingInformation.TargetLinkTrackingInformationLength
|
|
= length = FileInformation->ObjectInformationLength;
|
|
RtlCopyMemory( &remoteBuffer.TrackingInformation.TargetLinkTrackingInformationBuffer,
|
|
FileInformation->ObjectInformation,
|
|
length );
|
|
} else {
|
|
// We don't have any extra FileInformation.
|
|
remoteBuffer.TrackingInformation.TargetLinkTrackingInformationLength = 0;
|
|
}
|
|
|
|
// Increment the length to include the size of the non-optional fields in
|
|
// REMOTE_LINK_TRACKING_INFORMATION.
|
|
length += sizeof( PFILE_OBJECT ) + sizeof( ULONG );
|
|
|
|
} else {
|
|
// There's no DestinationFileObject, so all the necessary information is in the
|
|
// FileInformation structure.
|
|
length = FileInformation->ObjectInformationLength + sizeof( HANDLE ) + sizeof( ULONG );
|
|
RtlCopyMemory( &remoteBuffer.TrackingInformation,
|
|
FileInformation,
|
|
length );
|
|
remoteBuffer.TrackingInformation.TargetFileObject = NULL;
|
|
}
|
|
|
|
//
|
|
// Fill in the remainder of the IRP to retrieve the object ID for the
|
|
// file.
|
|
//
|
|
|
|
irp->Flags |= IRP_SYNCHRONOUS_API;
|
|
irp->AssociatedIrp.SystemBuffer = &remoteBuffer;
|
|
irp->Tail.Overlay.OriginalFileObject = FileObject;
|
|
|
|
irpSp = IoGetNextIrpStackLocation( irp );
|
|
irpSp->FileObject = FileObject;
|
|
irpSp->MajorFunction = IRP_MJ_FILE_SYSTEM_CONTROL;
|
|
irpSp->MinorFunction = IRP_MN_KERNEL_CALL;
|
|
irpSp->Parameters.FileSystemControl.InputBufferLength = length;
|
|
|
|
//
|
|
// Take out another reference to the file object to guarantee that it does
|
|
// not get deleted.
|
|
//
|
|
|
|
ObReferenceObject( FileObject );
|
|
|
|
//
|
|
// Call the driver to get the request.
|
|
//
|
|
|
|
status = IoCallDriver( deviceObject, irp );
|
|
|
|
//
|
|
// Synchronize completion of the request.
|
|
//
|
|
|
|
if (status == STATUS_PENDING) {
|
|
status = KeWaitForSingleObject( &event,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
status = ioStatus.Status;
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
VOID
|
|
IopStartApcHardError(
|
|
IN PVOID StartContext
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function is invoked in an ExWorker thread when we need to do a
|
|
hard error pop-up, but the Irp's originating thread is at APC level,
|
|
ie. IoPageRead. It starts a thread to hold the pop-up.
|
|
|
|
Arguments:
|
|
|
|
StartContext - Startup context, contains a IOP_APC_HARD_ERROR_PACKET.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
HANDLE thread;
|
|
NTSTATUS status;
|
|
|
|
//
|
|
// Create the hard error pop-up thread. If for whatever reason we
|
|
// can't do this then just complete the Irp with the error.
|
|
//
|
|
|
|
status = PsCreateSystemThread( &thread,
|
|
0,
|
|
(POBJECT_ATTRIBUTES)NULL,
|
|
(HANDLE)0,
|
|
(PCLIENT_ID)NULL,
|
|
IopApcHardError,
|
|
StartContext );
|
|
|
|
if ( !NT_SUCCESS( status ) ) {
|
|
|
|
|
|
IoCompleteRequest( ((PIOP_APC_HARD_ERROR_PACKET)StartContext)->Irp,
|
|
IO_DISK_INCREMENT );
|
|
ExFreePool( StartContext );
|
|
return;
|
|
}
|
|
|
|
//
|
|
// Close thread handle
|
|
//
|
|
|
|
ZwClose(thread);
|
|
}
|
|
|
|
NTSTATUS
|
|
IopSynchronousApiServiceTail(
|
|
IN NTSTATUS ReturnedStatus,
|
|
IN PKEVENT Event,
|
|
IN PIRP Irp,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PIO_STATUS_BLOCK LocalIoStatus,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked when a synchronous API is invoked for a file
|
|
that has been opened for asynchronous I/O. This function synchronizes
|
|
the completion of the I/O operation on the file.
|
|
|
|
Arguments:
|
|
|
|
ReturnedStatus - Supplies the status that was returned from the call to
|
|
IoCallDriver.
|
|
|
|
Event - Address of the allocated kernel event to be used for synchronization
|
|
of the I/O operation.
|
|
|
|
Irp - Address of the I/O Request Packet submitted to the driver.
|
|
|
|
RequestorMode - Processor mode of the caller when the operation was
|
|
requested.
|
|
|
|
LocalIoStatus - Address of the I/O status block used to capture the final
|
|
status by the service itself.
|
|
|
|
IoStatusBlock - Address of the I/O status block supplied by the caller of
|
|
the system service.
|
|
|
|
Return Value:
|
|
|
|
The function value is the final status of the operation.
|
|
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// This is a normal synchronous I/O operation, as opposed to a
|
|
// serialized synchronous I/O operation. For this case, wait for
|
|
// the local event and copy the final status information back to
|
|
// the caller.
|
|
//
|
|
|
|
status = ReturnedStatus;
|
|
|
|
if (status == STATUS_PENDING) {
|
|
|
|
status = KeWaitForSingleObject( Event,
|
|
Executive,
|
|
RequestorMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER) NULL );
|
|
|
|
if (status == STATUS_USER_APC) {
|
|
|
|
//
|
|
// The wait request has ended either because the thread was
|
|
// alerted or an APC was queued to this thread, because of
|
|
// thread rundown or CTRL/C processing. In either case, try
|
|
// to bail out of this I/O request carefully so that the IRP
|
|
// completes before this routine exists or the event will not
|
|
// be around to set to the Signaled state.
|
|
//
|
|
|
|
IopCancelAlertedRequest( Event, Irp );
|
|
|
|
}
|
|
|
|
status = LocalIoStatus->Status;
|
|
}
|
|
|
|
try {
|
|
|
|
*IoStatusBlock = *LocalIoStatus;
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
//
|
|
// An exception occurred attempting to write the caller's I/O
|
|
// status block. Simply change the final status of the operation
|
|
// to the exception code.
|
|
//
|
|
|
|
status = GetExceptionCode();
|
|
}
|
|
|
|
ExFreePool( Event );
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopSynchronousServiceTail(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PIRP Irp,
|
|
IN PFILE_OBJECT FileObject,
|
|
IN BOOLEAN DeferredIoCompletion,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN BOOLEAN SynchronousIo,
|
|
IN TRANSFER_TYPE TransferType
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to complete the operation of a system service.
|
|
It queues the IRP to the thread's queue, updates the transfer count,
|
|
calls the driver, and finally synchronizes completion of the I/O.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Device on which the I/O is to occur.
|
|
|
|
Irp - I/O Request Packet representing the I/O operation.
|
|
|
|
FileObject - File object for this open instantiation.
|
|
|
|
DeferredIoCompletion - Indicates whether deferred completion is possible.
|
|
|
|
RequestorMode - Mode in which request was made.
|
|
|
|
SynchronousIo - Indicates whether the operation is to be synchronous.
|
|
|
|
TransferType - Type of transfer being performed: read, write, or other.
|
|
|
|
Return Value:
|
|
|
|
The function value is the final status of the operation.
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Insert the packet at the head of the IRP list for the thread.
|
|
//
|
|
|
|
IopQueueThreadIrp( Irp );
|
|
|
|
//
|
|
// Update the operation count statistic for the current process.
|
|
//
|
|
|
|
switch( TransferType ) {
|
|
|
|
case ReadTransfer:
|
|
IopUpdateReadOperationCount();
|
|
break;
|
|
|
|
case WriteTransfer:
|
|
IopUpdateWriteOperationCount();
|
|
break;
|
|
|
|
case OtherTransfer:
|
|
IopUpdateOtherOperationCount();
|
|
break;
|
|
}
|
|
|
|
//
|
|
// Now simply invoke the driver at its dispatch entry with the IRP.
|
|
//
|
|
|
|
status = IoCallDriver( DeviceObject, Irp );
|
|
|
|
//
|
|
// If deferred I/O completion is possible, check for pending returned
|
|
// from the driver. If the driver did not return pending, then the
|
|
// packet has not actually been completed yet, so complete it here.
|
|
//
|
|
|
|
if (DeferredIoCompletion) {
|
|
|
|
if (status != STATUS_PENDING) {
|
|
|
|
//
|
|
// The I/O operation was completed without returning a status of
|
|
// pending. This means that at this point, the IRP has not been
|
|
// fully completed. Complete it now.
|
|
//
|
|
|
|
PKNORMAL_ROUTINE normalRoutine;
|
|
PVOID normalContext;
|
|
KIRQL irql;
|
|
|
|
ASSERT( !Irp->PendingReturned );
|
|
|
|
KeRaiseIrql( APC_LEVEL, &irql );
|
|
IopCompleteRequest( &Irp->Tail.Apc,
|
|
&normalRoutine,
|
|
&normalContext,
|
|
(PVOID *) &FileObject,
|
|
&normalContext );
|
|
KeLowerIrql( irql );
|
|
}
|
|
}
|
|
|
|
//
|
|
// If this operation was a synchronous I/O operation, check the return
|
|
// status to determine whether or not to wait on the file object. If
|
|
// the file object is to be waited on, wait for the operation to complete
|
|
// and obtain the final status from the file object itself.
|
|
//
|
|
|
|
if (SynchronousIo) {
|
|
|
|
if (status == STATUS_PENDING) {
|
|
|
|
status = KeWaitForSingleObject( &FileObject->Event,
|
|
Executive,
|
|
RequestorMode,
|
|
(BOOLEAN) ((FileObject->Flags & FO_ALERTABLE_IO) != 0),
|
|
(PLARGE_INTEGER) NULL );
|
|
|
|
if (status == STATUS_ALERTED || status == STATUS_USER_APC) {
|
|
|
|
//
|
|
// The wait request has ended either because the thread was alerted
|
|
// or an APC was queued to this thread, because of thread rundown or
|
|
// CTRL/C processing. In either case, try to bail out of this I/O
|
|
// request carefully so that the IRP completes before this routine
|
|
// exists so that synchronization with the file object will remain
|
|
// intact.
|
|
//
|
|
|
|
IopCancelAlertedRequest( &FileObject->Event, Irp );
|
|
|
|
}
|
|
|
|
status = FileObject->FinalStatus;
|
|
|
|
}
|
|
|
|
IopReleaseFileObjectLock( FileObject );
|
|
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
VOID
|
|
IopTimerDispatch(
|
|
IN PKDPC Dpc,
|
|
IN PVOID DeferredContext,
|
|
IN PVOID SystemArgument1,
|
|
IN PVOID SystemArgument2
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine scans the I/O system timer database and invokes each driver
|
|
that has enabled a timer in the list, once every second.
|
|
|
|
Arguments:
|
|
|
|
Dpc - Supplies a pointer to a control object of type DPC.
|
|
|
|
DeferredContext - Optional deferred context; not used.
|
|
|
|
SystemArgument1 - Optional argument 1; not used.
|
|
|
|
SystemArgument2 - Optional argument 2; not used.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
PLIST_ENTRY timerEntry;
|
|
PIO_TIMER timer;
|
|
KIRQL irql;
|
|
ULONG i;
|
|
|
|
UNREFERENCED_PARAMETER( Dpc );
|
|
UNREFERENCED_PARAMETER( DeferredContext );
|
|
UNREFERENCED_PARAMETER( SystemArgument1 );
|
|
UNREFERENCED_PARAMETER( SystemArgument2 );
|
|
|
|
//
|
|
// Check to see whether or not there are any timers in the queue that
|
|
// have been enabled. If so, then walk the list and invoke all of the
|
|
// drivers' routines. Note that if the counter changes, which it can
|
|
// because the spin lock is not owned, then a timer routine may be
|
|
// missed. However, this is acceptable, since the driver inserting the
|
|
// entry could be context switched away from, etc. Therefore, this is
|
|
// not a critical resource for the most part.
|
|
//
|
|
|
|
if (IopTimerCount) {
|
|
|
|
//
|
|
// There is at least one timer entry in the queue that is enabled.
|
|
// Walk the queue and invoke each specified timer routine.
|
|
//
|
|
|
|
ExAcquireSpinLock( &IopTimerLock, &irql );
|
|
i = IopTimerCount;
|
|
timerEntry = IopTimerQueueHead.Flink;
|
|
|
|
//
|
|
// For each entry found that is enabled, invoke the driver's routine
|
|
// with its specified context parameter. The local count is used
|
|
// to abort the queue traversal when there are more entries in the
|
|
// queue, but they are not enabled.
|
|
//
|
|
|
|
for (timerEntry = IopTimerQueueHead.Flink;
|
|
(timerEntry != &IopTimerQueueHead) && i;
|
|
timerEntry = timerEntry->Flink ) {
|
|
|
|
timer = CONTAINING_RECORD( timerEntry, IO_TIMER, TimerList );
|
|
|
|
if (timer->TimerFlag) {
|
|
timer->TimerRoutine( timer->DeviceObject, timer->Context );
|
|
i--;
|
|
}
|
|
}
|
|
ExReleaseSpinLock( &IopTimerLock, irql );
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
IopTrackLink(
|
|
IN PFILE_OBJECT FileObject,
|
|
IN OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PFILE_TRACKING_INFORMATION FileInformation,
|
|
IN ULONG Length,
|
|
IN PKEVENT Event,
|
|
IN KPROCESSOR_MODE RequestorMode
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked to track a link. It tracks the source file's Object
|
|
ID to the target file so that links to the source will follow to the new
|
|
location of the target.
|
|
|
|
Arguments:
|
|
|
|
FileObject - Supplies a pointer to the referenced source file object.
|
|
|
|
IoStatusBlock - Pointer to the caller's I/O status block.
|
|
|
|
FileInformation - A buffer containing the parameters for the move that was
|
|
performed.
|
|
|
|
Length - Specifies the length of the FileInformation buffer.
|
|
|
|
Event - An event to be set to the Signaled state once the operation has been
|
|
performed, provided it was successful.
|
|
|
|
RequestorMode - Requestor mode of the caller.
|
|
|
|
N.B. - Note that the presence of an event indicates that the source file was
|
|
opened for asynchronous I/O, otherwise it was opened for synchronous I/O.
|
|
|
|
Return Value:
|
|
|
|
The status returned is the final completion status of the operation.
|
|
|
|
|
|
--*/
|
|
|
|
{
|
|
PFILE_TRACKING_INFORMATION trackingInfo = NULL;
|
|
PFILE_OBJECT dstFileObject = NULL;
|
|
FILE_VOLUMEID_WITH_TYPE SourceVolumeId;
|
|
FILE_OBJECTID_BUFFER SourceObjectId;
|
|
FILE_OBJECTID_BUFFER NormalizedObjectId;
|
|
FILE_OBJECTID_BUFFER CrossVolumeObjectId;
|
|
FILE_VOLUMEID_WITH_TYPE TargetVolumeId;
|
|
FILE_OBJECTID_BUFFER TargetObjectId;
|
|
TRACKING_BUFFER trackingBuffer;
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Begin by capturing the caller's buffer, if required.
|
|
//
|
|
|
|
if (RequestorMode != KernelMode) {
|
|
|
|
try {
|
|
trackingInfo = ExAllocatePoolWithQuota( PagedPool,
|
|
Length );
|
|
RtlCopyMemory( trackingInfo, FileInformation, Length );
|
|
|
|
if (!trackingInfo->DestinationFile ||
|
|
((Length - FIELD_OFFSET( FILE_TRACKING_INFORMATION, ObjectInformation ))
|
|
< trackingInfo->ObjectInformationLength)) {
|
|
ExFreePool( trackingInfo );
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
//
|
|
// An exception was incurred while allocating the intermediary
|
|
// system buffer or while copying the caller's data into the
|
|
// buffer. Cleanup and return an appropriate error status code.
|
|
//
|
|
|
|
if (trackingInfo) {
|
|
ExFreePool( trackingInfo );
|
|
}
|
|
|
|
return GetExceptionCode();
|
|
}
|
|
} else {
|
|
trackingInfo = FileInformation;
|
|
}
|
|
|
|
//
|
|
// If a destination file handle was specified, convert it to a pointer to
|
|
// a file object.
|
|
//
|
|
|
|
if (trackingInfo->DestinationFile) {
|
|
status = ObReferenceObjectByHandle( trackingInfo->DestinationFile,
|
|
FILE_WRITE_DATA,
|
|
IoFileObjectType,
|
|
RequestorMode,
|
|
(PVOID *) &dstFileObject,
|
|
NULL );
|
|
if (!NT_SUCCESS( status )) {
|
|
if (RequestorMode != KernelMode) {
|
|
ExFreePool( trackingInfo );
|
|
}
|
|
return status;
|
|
}
|
|
}
|
|
|
|
try {
|
|
|
|
//
|
|
// Determine whether this is a local or a remote link tracking
|
|
// operation.
|
|
//
|
|
|
|
if (IsFileLocal( FileObject )) {
|
|
|
|
//
|
|
// The source file, i.e., the one being moved, is a file local to
|
|
// this system. Determine the form of the target file and track
|
|
// it accordingly.
|
|
//
|
|
|
|
if (trackingInfo->DestinationFile) {
|
|
|
|
if (IsFileLocal( dstFileObject )) {
|
|
|
|
BOOLEAN IdSetOnTarget = FALSE;
|
|
|
|
//
|
|
// The target file is specified as a handle and it is local.
|
|
// Simply perform the query and set locally. Note that if
|
|
// the source file does not have an object ID, then no
|
|
// tracking will be performed, but it will appear as if the
|
|
// operation worked.
|
|
//
|
|
|
|
status = IopGetSetObjectId( FileObject,
|
|
&SourceObjectId,
|
|
sizeof( SourceObjectId ),
|
|
FSCTL_GET_OBJECT_ID );
|
|
|
|
if (status == STATUS_OBJECT_NAME_NOT_FOUND) {
|
|
return(STATUS_SUCCESS);
|
|
}
|
|
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// If the extended info field is zero then this file
|
|
// has no interesting tracking information.
|
|
//
|
|
if (RtlCompareMemoryUlong(SourceObjectId.BirthObjectId,
|
|
sizeof(SourceObjectId.BirthObjectId),
|
|
0) == sizeof(SourceObjectId.BirthObjectId)) {
|
|
return (STATUS_SUCCESS);
|
|
}
|
|
|
|
|
|
//
|
|
// Get the volume ID of the source and destination
|
|
//
|
|
|
|
status = IopGetVolumeId( dstFileObject,
|
|
&TargetVolumeId,
|
|
sizeof( TargetVolumeId ) );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
status = IopGetVolumeId( FileObject,
|
|
&SourceVolumeId,
|
|
sizeof( SourceVolumeId ) );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Delete the ID from the source now, since the
|
|
// target may be on the same volume. If there's a
|
|
// subsequent error, we'll try to restore it.
|
|
//
|
|
|
|
status = IopGetSetObjectId( FileObject,
|
|
NULL,
|
|
0,
|
|
FSCTL_DELETE_OBJECT_ID );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
|
|
//
|
|
// Set the ID on the target. If it's a cross-volume
|
|
// move, set the bit that indicates same.
|
|
//
|
|
|
|
CrossVolumeObjectId = TargetObjectId = SourceObjectId;
|
|
if( !RtlEqualMemory( &TargetVolumeId.VolumeId[0],
|
|
&SourceVolumeId.VolumeId[0],
|
|
sizeof(SourceVolumeId.VolumeId) )) {
|
|
CrossVolumeObjectId.BirthVolumeId[0] |= 1;
|
|
}
|
|
|
|
status = IopGetSetObjectId( dstFileObject,
|
|
&CrossVolumeObjectId,
|
|
sizeof( CrossVolumeObjectId ),
|
|
FSCTL_SET_OBJECT_ID );
|
|
|
|
if( status == STATUS_DUPLICATE_NAME ||
|
|
status == STATUS_OBJECT_NAME_COLLISION ) {
|
|
|
|
// This object ID is already in use on the target volume,
|
|
// or the dest file already has an object ID.
|
|
// Get the file's ID (or have NTFS generate a new one).
|
|
|
|
status = IopGetSetObjectId( dstFileObject,
|
|
&TargetObjectId,
|
|
sizeof(TargetObjectId),
|
|
FSCTL_CREATE_OR_GET_OBJECT_ID );
|
|
if( NT_SUCCESS(status) ) {
|
|
|
|
// Write the birth ID
|
|
|
|
status = IopGetSetObjectId( dstFileObject,
|
|
&CrossVolumeObjectId.ExtendedInfo[0],
|
|
sizeof( CrossVolumeObjectId.ExtendedInfo ),
|
|
FSCTL_SET_OBJECT_ID_EXTENDED );
|
|
}
|
|
}
|
|
|
|
if( NT_SUCCESS(status) ) {
|
|
|
|
IdSetOnTarget = TRUE;
|
|
|
|
// If this was a cross-volume move, notify the tracking service.
|
|
|
|
if( !RtlEqualMemory( &TargetVolumeId.VolumeId[0],
|
|
&SourceVolumeId.VolumeId[0],
|
|
sizeof(SourceVolumeId.VolumeId) )) {
|
|
|
|
IopMarshalIds( &trackingBuffer, &TargetVolumeId, &TargetObjectId, trackingInfo );
|
|
|
|
// Bit 0 must be reset before notifying tracking service
|
|
NormalizedObjectId = SourceObjectId;
|
|
NormalizedObjectId.BirthVolumeId[0] &= 0xfe;
|
|
|
|
status = IopSendMessageToTrackService( &SourceVolumeId,
|
|
&NormalizedObjectId,
|
|
&trackingBuffer.TrackingInformation );
|
|
}
|
|
}
|
|
|
|
//
|
|
// If there was an error after the ObjectID was deleted
|
|
// from the source. Try to restore it before returning.
|
|
//
|
|
|
|
if( !NT_SUCCESS(status) ) {
|
|
NTSTATUS statusT = STATUS_SUCCESS;
|
|
|
|
if( IdSetOnTarget ) {
|
|
|
|
if( RtlEqualMemory( &TargetObjectId.ObjectId,
|
|
&SourceObjectId.ObjectId,
|
|
sizeof(TargetObjectId.ObjectId) )) {
|
|
|
|
// This ID was set with FSCTL_SET_OBJECT_ID
|
|
statusT = IopGetSetObjectId( dstFileObject,
|
|
NULL,
|
|
0,
|
|
FSCTL_DELETE_OBJECT_ID );
|
|
|
|
} else {
|
|
|
|
// Restore the target's extended data.
|
|
|
|
statusT = IopGetSetObjectId( dstFileObject,
|
|
&TargetObjectId.ExtendedInfo[0],
|
|
sizeof(TargetObjectId.ExtendedInfo),
|
|
FSCTL_SET_OBJECT_ID_EXTENDED );
|
|
}
|
|
}
|
|
|
|
if( NT_SUCCESS( statusT )) {
|
|
|
|
IopGetSetObjectId( FileObject,
|
|
&SourceObjectId,
|
|
sizeof(SourceObjectId),
|
|
FSCTL_SET_OBJECT_ID );
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
|
|
} else { // if (IsFileLocal( dstFileObject ))
|
|
|
|
//
|
|
// The source file is local, but the destination file object
|
|
// is remote. For this case query the target file's object
|
|
// ID and notify the link tracking system that the file has
|
|
// been moved across systems.
|
|
//
|
|
|
|
//
|
|
// Begin by ensuring that the source file has an object ID
|
|
// already. If not, then just make it appear as if the
|
|
// operation worked.
|
|
//
|
|
|
|
status = IopGetSetObjectId( FileObject,
|
|
&SourceObjectId,
|
|
sizeof( SourceObjectId ),
|
|
FSCTL_GET_OBJECT_ID );
|
|
if (!NT_SUCCESS( status )) {
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
|
|
//
|
|
// If the extended info field is zero then this file
|
|
// has no interesting tracking information.
|
|
//
|
|
if (RtlCompareMemoryUlong(&SourceObjectId.BirthObjectId,
|
|
sizeof(SourceObjectId.BirthObjectId),
|
|
0) == sizeof(SourceObjectId.BirthObjectId)) {
|
|
return (STATUS_SUCCESS);
|
|
}
|
|
|
|
//
|
|
// Query the volume ID of the target.
|
|
//
|
|
|
|
status = IopGetSetObjectId( dstFileObject,
|
|
&TargetVolumeId,
|
|
sizeof( FILE_VOLUMEID_WITH_TYPE ),
|
|
FSCTL_LMR_GET_LINK_TRACKING_INFORMATION );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Query the object ID of the target.
|
|
//
|
|
|
|
status = IopGetSetObjectId( dstFileObject,
|
|
&TargetObjectId,
|
|
sizeof( TargetObjectId ),
|
|
FSCTL_CREATE_OR_GET_OBJECT_ID );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Notify the tracking system of the move.
|
|
//
|
|
|
|
IopMarshalIds( &trackingBuffer, &TargetVolumeId, &TargetObjectId, trackingInfo );
|
|
status = IopTrackLink( FileObject,
|
|
IoStatusBlock,
|
|
&trackingBuffer.TrackingInformation,
|
|
FIELD_OFFSET( FILE_TRACKING_INFORMATION,
|
|
ObjectInformation ) +
|
|
trackingBuffer.TrackingInformation.ObjectInformationLength,
|
|
Event,
|
|
KernelMode );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Delete the ID from the source
|
|
//
|
|
|
|
status = IopGetSetObjectId( FileObject,
|
|
NULL,
|
|
0,
|
|
FSCTL_DELETE_OBJECT_ID );
|
|
if( !NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Set the Birth ID on the target, turning on the bit
|
|
// that indicates that this file has been involved in a cross-
|
|
// volume move.
|
|
//
|
|
|
|
CrossVolumeObjectId = SourceObjectId;
|
|
CrossVolumeObjectId.BirthVolumeId[0] |= 1;
|
|
|
|
status = IopGetSetObjectId( dstFileObject,
|
|
&CrossVolumeObjectId.ExtendedInfo[0],
|
|
sizeof( CrossVolumeObjectId.ExtendedInfo ),
|
|
FSCTL_SET_OBJECT_ID_EXTENDED );
|
|
if (!NT_SUCCESS( status )) {
|
|
|
|
// Try to restore the source
|
|
IopGetSetObjectId( FileObject,
|
|
&SourceObjectId,
|
|
sizeof(SourceObjectId),
|
|
FSCTL_SET_OBJECT_ID );
|
|
return status;
|
|
}
|
|
|
|
|
|
} // if (IsFileLocal( dstFileObject ))
|
|
|
|
} else { // if (trackingInfo->DestinationFile)
|
|
|
|
//
|
|
// A destination file handle was not specified. Simply query
|
|
// the source file's object ID and call the link tracking code.
|
|
// Note that the function input buffer contains the volume ID
|
|
// and file object ID of the target. Note also that it is
|
|
// assumed that the source file has an object ID.
|
|
//
|
|
|
|
status = IopGetVolumeId( FileObject,
|
|
&SourceVolumeId,
|
|
sizeof( SourceVolumeId ) );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
status = IopGetSetObjectId( FileObject,
|
|
&SourceObjectId,
|
|
sizeof( SourceObjectId ),
|
|
FSCTL_GET_OBJECT_ID );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// If the extended info field is zero then this file
|
|
// has no interesting tracking information.
|
|
//
|
|
if (RtlCompareMemoryUlong(SourceObjectId.BirthObjectId,
|
|
sizeof(SourceObjectId.BirthObjectId),
|
|
0) == sizeof(SourceObjectId.BirthObjectId)) {
|
|
return (STATUS_SUCCESS);
|
|
}
|
|
//
|
|
// Inform the user-mode link tracking service that the file
|
|
// has been moved.
|
|
//
|
|
|
|
NormalizedObjectId = SourceObjectId;
|
|
NormalizedObjectId.BirthVolumeId[0] &= 0xfe;
|
|
|
|
status = IopSendMessageToTrackService( &SourceVolumeId,
|
|
&NormalizedObjectId,
|
|
FileInformation );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
} // if (trackingInfo->DestinationFile) ... else
|
|
|
|
} else { // if (IsFileLocal( FileObject ))
|
|
|
|
//
|
|
// The source file is remote. For this case, remote the operation
|
|
// to the system on which the source file is located. Begin by
|
|
// ensuring that the source file actually has an object ID. If
|
|
// not, then get out now since there is nothing to be done.
|
|
//
|
|
|
|
status = IopGetSetObjectId( FileObject,
|
|
&SourceObjectId,
|
|
sizeof( SourceObjectId ),
|
|
FSCTL_GET_OBJECT_ID );
|
|
|
|
if (status == STATUS_OBJECT_NAME_NOT_FOUND)
|
|
{
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// If the extended info field is zero then this file
|
|
// has no interesting tracking information.
|
|
//
|
|
if (RtlCompareMemoryUlong(SourceObjectId.BirthObjectId,
|
|
sizeof(SourceObjectId.BirthObjectId),
|
|
0) == sizeof(SourceObjectId.BirthObjectId)) {
|
|
return (STATUS_SUCCESS);
|
|
}
|
|
if (trackingInfo->DestinationFile) {
|
|
|
|
//
|
|
// A handle was specified for the destination file. Determine
|
|
// whether it is local or remote. If remote and both handles
|
|
// refer to the same machine, then ship the entire API to that
|
|
// machine and have it perform the operation.
|
|
//
|
|
// Otherwise, query the target file's object ID, and then redo
|
|
// the operation. This will cause the API to be remoted to the
|
|
// machine where the source file resides.
|
|
//
|
|
|
|
if (IsFileLocal( dstFileObject )) {
|
|
|
|
//
|
|
// The source is remote and the destination is local, so
|
|
// query the object ID of the target and recursively track
|
|
// the link from the source file's remote node.
|
|
//
|
|
|
|
status = IopGetVolumeId( dstFileObject,
|
|
&TargetVolumeId,
|
|
sizeof( TargetVolumeId ) );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
status = IopGetSetObjectId( dstFileObject,
|
|
&TargetObjectId,
|
|
sizeof( TargetObjectId ),
|
|
FSCTL_CREATE_OR_GET_OBJECT_ID );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
|
|
//
|
|
// Notify the tracking system of the move.
|
|
//
|
|
|
|
IopMarshalIds( &trackingBuffer, &TargetVolumeId, &TargetObjectId, trackingInfo );
|
|
|
|
status = IopTrackLink( FileObject,
|
|
IoStatusBlock,
|
|
&trackingBuffer.TrackingInformation,
|
|
FIELD_OFFSET( FILE_TRACKING_INFORMATION,
|
|
ObjectInformation ) +
|
|
trackingBuffer.TrackingInformation.ObjectInformationLength,
|
|
Event,
|
|
KernelMode );
|
|
if( !NT_SUCCESS(status) ) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Delete the ID from the source
|
|
//
|
|
|
|
status = IopGetSetObjectId( FileObject,
|
|
NULL,
|
|
0,
|
|
FSCTL_DELETE_OBJECT_ID );
|
|
if( !NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Set the birth ID on the target, also turning on the bit
|
|
// that indicates that this file has moved across volumes.
|
|
//
|
|
|
|
CrossVolumeObjectId = SourceObjectId;
|
|
CrossVolumeObjectId.BirthVolumeId[0] |= 1;
|
|
|
|
status = IopGetSetObjectId( dstFileObject,
|
|
&CrossVolumeObjectId.ExtendedInfo[0],
|
|
sizeof( CrossVolumeObjectId.ExtendedInfo ),
|
|
FSCTL_SET_OBJECT_ID_EXTENDED );
|
|
|
|
if( !NT_SUCCESS( status )) {
|
|
|
|
IopGetSetObjectId( FileObject,
|
|
&SourceObjectId,
|
|
sizeof(SourceObjectId),
|
|
FSCTL_SET_OBJECT_ID );
|
|
return status;
|
|
}
|
|
|
|
} // if (IsFileLocal( dstFileObject ))
|
|
|
|
else if (!IopIsSameMachine( FileObject, trackingInfo->DestinationFile)) {
|
|
|
|
//
|
|
// The source and the target are remote from each other and from
|
|
// this machine. Query the object ID of the target and recursively
|
|
// track the link from the source file's remote node.
|
|
//
|
|
|
|
//
|
|
// Query the volume ID of the target.
|
|
//
|
|
|
|
status = IopGetSetObjectId( dstFileObject,
|
|
&TargetVolumeId,
|
|
sizeof( FILE_VOLUMEID_WITH_TYPE ),
|
|
FSCTL_LMR_GET_LINK_TRACKING_INFORMATION );
|
|
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Query the object ID of the target.
|
|
//
|
|
|
|
status = IopGetSetObjectId( dstFileObject,
|
|
&TargetObjectId,
|
|
sizeof( TargetObjectId ),
|
|
FSCTL_CREATE_OR_GET_OBJECT_ID );
|
|
if( !NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Notify the tracking system of the move.
|
|
//
|
|
|
|
IopMarshalIds( &trackingBuffer, &TargetVolumeId, &TargetObjectId, trackingInfo );
|
|
|
|
status = IopTrackLink( FileObject,
|
|
IoStatusBlock,
|
|
&trackingBuffer.TrackingInformation,
|
|
FIELD_OFFSET( FILE_TRACKING_INFORMATION,
|
|
ObjectInformation ) +
|
|
trackingBuffer.TrackingInformation.ObjectInformationLength,
|
|
Event,
|
|
KernelMode );
|
|
if( !NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// Set the birth ID on the target, turning on the bit that indicates
|
|
// that this file has moved across volumes.
|
|
//
|
|
|
|
CrossVolumeObjectId = SourceObjectId;
|
|
CrossVolumeObjectId.BirthVolumeId[0] |= 1;
|
|
|
|
status = IopGetSetObjectId( dstFileObject,
|
|
&CrossVolumeObjectId.ExtendedInfo[0],
|
|
sizeof( CrossVolumeObjectId.ExtendedInfo ),
|
|
FSCTL_SET_OBJECT_ID_EXTENDED );
|
|
|
|
if( !NT_SUCCESS( status )) {
|
|
IopGetSetObjectId( FileObject,
|
|
&SourceObjectId,
|
|
sizeof(SourceObjectId),
|
|
FSCTL_SET_OBJECT_ID );
|
|
return status;
|
|
}
|
|
|
|
} else { // else if (!IopIsSameMachine( FileObject, trackingInfo->DestinationFile))
|
|
|
|
//
|
|
// Both the source and the target are remote and they're
|
|
// both on the same remote machine. For this case, remote
|
|
// the entire API using the file object pointers.
|
|
//
|
|
|
|
status = IopSetRemoteLink( FileObject, dstFileObject, trackingInfo );
|
|
|
|
} // else if (!IopIsSameMachine( FileObject, trackingInfo->DestinationFile)) ... else
|
|
|
|
} else { // if (trackingInfo->DestinationFile)
|
|
|
|
//
|
|
// The source file is remote and the object ID of the target is
|
|
// contained w/in the tracking buffer. Simply remote the API
|
|
// to the remote machine using the source file object pointer
|
|
// and the object ID of the target in the buffer.
|
|
//
|
|
|
|
status = IopSetRemoteLink( FileObject, NULL, FileInformation );
|
|
|
|
} // if (trackingInfo->DestinationFile) ... else
|
|
} // if (IsFileLocal( FileObject )) ... else
|
|
|
|
} finally {
|
|
|
|
//
|
|
// Ensure that everything has been cleaned up.
|
|
//
|
|
|
|
if (RequestorMode != KernelMode && trackingInfo) {
|
|
ExFreePool( trackingInfo );
|
|
}
|
|
|
|
if (dstFileObject ) {
|
|
ObDereferenceObject( dstFileObject );
|
|
}
|
|
|
|
KeSetEvent( Event, 0, FALSE );
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
VOID
|
|
IopUserCompletion(
|
|
IN PKAPC Apc,
|
|
IN PKNORMAL_ROUTINE *NormalRoutine,
|
|
IN PVOID *NormalContext,
|
|
IN PVOID *SystemArgument1,
|
|
IN PVOID *SystemArgument2
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked in the final processing of an IRP. Everything has
|
|
been completed except that the caller's APC routine must be invoked. The
|
|
system will do this as soon as this routine exits. The only processing
|
|
remaining to be completed by the I/O system is to free the I/O Request
|
|
Packet itself.
|
|
|
|
Arguments:
|
|
|
|
Apc - Supplies a pointer to kernel APC structure.
|
|
|
|
NormalRoutine - Supplies a pointer to a pointer to the normal function
|
|
that was specified when the APC was initialied.
|
|
|
|
NormalContext - Supplies a pointer to a pointer to an arbitrary data
|
|
structure that was specified when the APC was initialized.
|
|
|
|
SystemArgument1, SystemArgument2 - Supplies a set of two pointers to
|
|
two arguments that contain untyped data.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
Note:
|
|
|
|
If no other processing is ever needed, and the APC can be placed at the
|
|
beginning of the IRP, then this routine could be replaced by simply
|
|
specifying the address of the pool deallocation routine in the APC instead
|
|
of the address of this routine.
|
|
|
|
Caution:
|
|
|
|
This routine is also invoked as a general purpose rundown routine for APCs.
|
|
Should this code ever need to directly access any of the other parameters
|
|
other than Apc, this routine will need to be split into two separate
|
|
routines. The rundown routine should perform exactly the following code's
|
|
functionality.
|
|
|
|
--*/
|
|
|
|
{
|
|
UNREFERENCED_PARAMETER( NormalRoutine );
|
|
UNREFERENCED_PARAMETER( NormalContext );
|
|
UNREFERENCED_PARAMETER( SystemArgument1 );
|
|
UNREFERENCED_PARAMETER( SystemArgument2 );
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Free the packet.
|
|
//
|
|
|
|
IoFreeIrp( CONTAINING_RECORD( Apc, IRP, Tail.Apc ) );
|
|
}
|
|
|
|
|
|
|
|
VOID
|
|
IopUserRundown(
|
|
IN PKAPC Apc
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is invoked during thread termination as the rundown routine
|
|
for it simply calls IopUserCompletion.
|
|
|
|
Arguments:
|
|
|
|
Apc - Supplies a pointer to kernel APC structure.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
|
|
--*/
|
|
|
|
{
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Free the packet.
|
|
//
|
|
|
|
IoFreeIrp( CONTAINING_RECORD( Apc, IRP, Tail.Apc ) );
|
|
}
|
|
|
|
NTSTATUS
|
|
IopXxxControlFile(
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN ULONG IoControlCode,
|
|
IN PVOID InputBuffer OPTIONAL,
|
|
IN ULONG InputBufferLength,
|
|
OUT PVOID OutputBuffer OPTIONAL,
|
|
IN ULONG OutputBufferLength,
|
|
IN BOOLEAN DeviceIoControl
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This service builds descriptors or MDLs for the supplied buffer(s) and
|
|
passes the untyped data to the driver associated with the file handle.
|
|
handle. It is up to the driver to check the input data and function
|
|
IoControlCode for validity, as well as to make the appropriate access
|
|
checks.
|
|
|
|
Arguments:
|
|
|
|
FileHandle - Supplies a handle to the file on which the service is being
|
|
performed.
|
|
|
|
Event - Supplies an optional event to be set to the Signaled state when
|
|
the service is complete.
|
|
|
|
ApcRoutine - Supplies an optional APC routine to be executed when the
|
|
service is complete.
|
|
|
|
ApcContext - Supplies a context parameter to be passed to the ApcRoutine,
|
|
if an ApcRoutine was specified.
|
|
|
|
IoStatusBlock - Address of the caller's I/O status block.
|
|
|
|
IoControlCode - Subfunction code to determine exactly what operation is
|
|
being performed.
|
|
|
|
InputBuffer - Optionally supplies an input buffer to be passed to the
|
|
driver. Whether or not the buffer is actually optional is dependent
|
|
on the IoControlCode.
|
|
|
|
InputBufferLength - Length of the InputBuffer in bytes.
|
|
|
|
OutputBuffer - Optionally supplies an output buffer to receive information
|
|
from the driver. Whether or not the buffer is actually optional is
|
|
dependent on the IoControlCode.
|
|
|
|
OutputBufferLength - Length of the OutputBuffer in bytes.
|
|
|
|
DeviceIoControl - Determines whether this is a Device or File System
|
|
Control function.
|
|
|
|
Return Value:
|
|
|
|
The status returned is success if the control operation was properly
|
|
queued to the I/O system. Once the operation completes, the status
|
|
can be determined by examining the Status field of the I/O status block.
|
|
|
|
--*/
|
|
|
|
{
|
|
PIRP irp;
|
|
NTSTATUS status;
|
|
PFILE_OBJECT fileObject;
|
|
PDEVICE_OBJECT deviceObject;
|
|
PKEVENT eventObject = (PKEVENT) NULL;
|
|
PIO_STACK_LOCATION irpSp;
|
|
ULONG method;
|
|
OBJECT_HANDLE_INFORMATION handleInformation;
|
|
BOOLEAN synchronousIo;
|
|
IO_STATUS_BLOCK localIoStatus;
|
|
PFAST_IO_DISPATCH fastIoDispatch;
|
|
POOL_TYPE poolType;
|
|
PULONG majorFunction;
|
|
KPROCESSOR_MODE requestorMode;
|
|
PETHREAD CurrentThread;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Get the method that the buffers are being passed by.
|
|
//
|
|
|
|
method = IoControlCode & 3;
|
|
|
|
//
|
|
// Check the caller's parameters based on the mode of the caller.
|
|
//
|
|
|
|
CurrentThread = PsGetCurrentThread ();
|
|
requestorMode = KeGetPreviousModeByThread(&CurrentThread->Tcb);
|
|
|
|
if (requestorMode != KernelMode) {
|
|
|
|
//
|
|
// The caller's access mode is not kernel so probe each of the arguments
|
|
// and capture them as necessary. If any failures occur, the condition
|
|
// handler will be invoked to handle them. It will simply cleanup and
|
|
// return an access violation status code back to the system service
|
|
// dispatcher.
|
|
//
|
|
|
|
try {
|
|
|
|
//
|
|
// The IoStatusBlock parameter must be writeable by the caller.
|
|
//
|
|
|
|
ProbeForWriteIoStatusEx( IoStatusBlock , ApcRoutine);
|
|
|
|
//
|
|
// The output buffer can be used in any one of the following three ways,
|
|
// if it is specified:
|
|
//
|
|
// 0) It can be a normal, buffered output buffer.
|
|
//
|
|
// 1) It can be a DMA input buffer.
|
|
//
|
|
// 2) It can be a DMA output buffer.
|
|
//
|
|
// Which way the buffer is to be used it based on the low-order two bits
|
|
// of the IoControlCode.
|
|
//
|
|
// If the method is 0 we probe the output buffer for write access.
|
|
// If the method is not 3 we probe the input buffer for read access.
|
|
//
|
|
|
|
if (method == METHOD_BUFFERED) {
|
|
if (ARGUMENT_PRESENT( OutputBuffer )) {
|
|
ProbeForWrite( OutputBuffer,
|
|
OutputBufferLength,
|
|
sizeof( UCHAR ) );
|
|
} else {
|
|
OutputBufferLength = 0;
|
|
}
|
|
}
|
|
|
|
if (method != METHOD_NEITHER) {
|
|
if (ARGUMENT_PRESENT( InputBuffer )) {
|
|
ProbeForRead( InputBuffer,
|
|
InputBufferLength,
|
|
sizeof( UCHAR ) );
|
|
} else {
|
|
InputBufferLength = 0;
|
|
}
|
|
}
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
//
|
|
// An exception was incurred while attempting to probe or write
|
|
// one of the caller's parameters. Simply return an appropriate
|
|
// error status code.
|
|
//
|
|
|
|
return GetExceptionCode();
|
|
|
|
}
|
|
}
|
|
|
|
//
|
|
// There were no blatant errors so far, so reference the file object so
|
|
// the target device object can be found. Note that if the handle does
|
|
// not refer to a file object, or if the caller does not have the required
|
|
// access to the file, then it will fail.
|
|
//
|
|
|
|
status = ObReferenceObjectByHandle( FileHandle,
|
|
0L,
|
|
IoFileObjectType,
|
|
requestorMode,
|
|
(PVOID *) &fileObject,
|
|
&handleInformation );
|
|
if (!NT_SUCCESS( status )) {
|
|
return status;
|
|
}
|
|
|
|
//
|
|
// If this file has an I/O completion port associated w/it, then ensure
|
|
// that the caller did not supply an APC routine, as the two are mutually
|
|
// exclusive methods for I/O completion notification.
|
|
//
|
|
|
|
if (fileObject->CompletionContext && IopApcRoutinePresent( ApcRoutine )) {
|
|
ObDereferenceObject( fileObject );
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
//
|
|
// Now check the access type for this control code to ensure that the
|
|
// caller has the appropriate access to this file object to perform the
|
|
// operation.
|
|
//
|
|
|
|
if (requestorMode != KernelMode) {
|
|
|
|
ULONG accessMode = (IoControlCode >> 14) & 3;
|
|
|
|
if (accessMode != FILE_ANY_ACCESS) {
|
|
|
|
//
|
|
// This I/O control requires that the caller have read, write,
|
|
// or read/write access to the object. If this is not the case,
|
|
// then cleanup and return an appropriate error status code.
|
|
//
|
|
|
|
if (SeComputeGrantedAccesses( handleInformation.GrantedAccess, accessMode ) != accessMode ) {
|
|
ObDereferenceObject( fileObject );
|
|
return STATUS_ACCESS_DENIED;
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Get the address of the event object and set the event to the Not-
|
|
// Signaled state, if an event was specified. Note here, too, that if
|
|
// the handle does not refer to an event, or if the event cannot be
|
|
// written, then the reference will fail.
|
|
//
|
|
|
|
if (ARGUMENT_PRESENT( Event )) {
|
|
status = ObReferenceObjectByHandle( Event,
|
|
EVENT_MODIFY_STATE,
|
|
ExEventObjectType,
|
|
requestorMode,
|
|
(PVOID *) &eventObject,
|
|
NULL );
|
|
if (!NT_SUCCESS( status )) {
|
|
ObDereferenceObject( fileObject );
|
|
return status;
|
|
} else {
|
|
KeClearEvent( eventObject );
|
|
}
|
|
}
|
|
|
|
//
|
|
// Make a special check here to determine whether this is a synchronous
|
|
// I/O operation. If it is, then wait here until the file is owned by
|
|
// the current thread.
|
|
//
|
|
|
|
if (fileObject->Flags & FO_SYNCHRONOUS_IO) {
|
|
BOOLEAN interrupted;
|
|
|
|
if (!IopAcquireFastLock( fileObject )) {
|
|
status = IopAcquireFileObjectLock( fileObject,
|
|
requestorMode,
|
|
(BOOLEAN) ((fileObject->Flags & FO_ALERTABLE_IO) != 0),
|
|
&interrupted );
|
|
if (interrupted) {
|
|
if (eventObject) {
|
|
ObDereferenceObject( eventObject );
|
|
}
|
|
ObDereferenceObject( fileObject );
|
|
return status;
|
|
}
|
|
}
|
|
synchronousIo = TRUE;
|
|
} else {
|
|
synchronousIo = FALSE;
|
|
}
|
|
|
|
//
|
|
// Get the address of the target device object. If this file represents
|
|
// a device that was opened directly, then simply use the device or its
|
|
// attached device(s) directly.
|
|
//
|
|
|
|
if (!(fileObject->Flags & FO_DIRECT_DEVICE_OPEN)) {
|
|
deviceObject = IoGetRelatedDeviceObject( fileObject );
|
|
} else {
|
|
deviceObject = IoGetAttachedDevice( fileObject->DeviceObject );
|
|
}
|
|
|
|
if (DeviceIoControl) {
|
|
|
|
//
|
|
// Also get the address of the Fast I/O dispatch structure.
|
|
//
|
|
|
|
fastIoDispatch = deviceObject->DriverObject->FastIoDispatch;
|
|
|
|
//
|
|
// Turbo device control support. If the device has a fast I/O entry
|
|
// point for DeviceIoControlFile, call the entry point and give it a
|
|
// chance to try to complete the request. Note if FastIoDeviceControl
|
|
// returns FALSE or we get an I/O error, we simply fall through and
|
|
// go the "long way" and create an Irp.
|
|
//
|
|
|
|
if (fastIoDispatch && fastIoDispatch->FastIoDeviceControl) {
|
|
|
|
//
|
|
// Before we actually call the fast I/O routine in the driver,
|
|
// we must probe OutputBuffer if the method is METHOD_IN_DIRECT or METHOD_OUT_DIRECT.
|
|
//
|
|
|
|
if (requestorMode != KernelMode && ARGUMENT_PRESENT(OutputBuffer)) {
|
|
|
|
try {
|
|
|
|
if (method == METHOD_IN_DIRECT) {
|
|
ProbeForRead( OutputBuffer,
|
|
OutputBufferLength,
|
|
sizeof( UCHAR ) );
|
|
} else if (method == METHOD_OUT_DIRECT) {
|
|
ProbeForWrite( OutputBuffer,
|
|
OutputBufferLength,
|
|
sizeof( UCHAR ) );
|
|
}
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
//
|
|
// An exception was incurred while attempting to probe
|
|
// the output buffer. Clean up and return an
|
|
// appropriate error status code.
|
|
//
|
|
|
|
if (synchronousIo) {
|
|
IopReleaseFileObjectLock( fileObject );
|
|
}
|
|
|
|
if (eventObject) {
|
|
ObDereferenceObject( eventObject );
|
|
}
|
|
|
|
ObDereferenceObject( fileObject );
|
|
|
|
return GetExceptionCode();
|
|
}
|
|
}
|
|
|
|
//
|
|
// If we are dismounting a volume, increment the shared count. This
|
|
// allows user-space applications to efficiently test for validity
|
|
// of current directory handles.
|
|
//
|
|
|
|
if (IoControlCode == FSCTL_DISMOUNT_VOLUME) {
|
|
InterlockedIncrement( (PLONG) &SharedUserData->DismountCount );
|
|
}
|
|
|
|
|
|
//
|
|
// Call the driver's fast I/O routine.
|
|
//
|
|
|
|
if (fastIoDispatch->FastIoDeviceControl( fileObject,
|
|
TRUE,
|
|
InputBuffer,
|
|
InputBufferLength,
|
|
OutputBuffer,
|
|
OutputBufferLength,
|
|
IoControlCode,
|
|
&localIoStatus,
|
|
deviceObject )) {
|
|
|
|
//
|
|
// The driver successfully performed the I/O in it's
|
|
// fast device control routine. Carefully return the
|
|
// I/O status.
|
|
//
|
|
|
|
try {
|
|
#if defined(_WIN64)
|
|
//
|
|
// If this is a32-bit thread, and the IO request is
|
|
// asynchronous, then the IOSB is 32-bit. Wow64 always sends
|
|
// the 32-bit IOSB when the I/O is asynchronous.
|
|
//
|
|
if (IopIsIosb32(ApcRoutine)) {
|
|
PIO_STATUS_BLOCK32 UserIosb32 = (PIO_STATUS_BLOCK32)IoStatusBlock;
|
|
|
|
UserIosb32->Information = (ULONG)localIoStatus.Information;
|
|
UserIosb32->Status = (NTSTATUS)localIoStatus.Status;
|
|
} else {
|
|
*IoStatusBlock = localIoStatus;
|
|
}
|
|
#else
|
|
*IoStatusBlock = localIoStatus;
|
|
#endif
|
|
} except( EXCEPTION_EXECUTE_HANDLER ) {
|
|
localIoStatus.Status = GetExceptionCode();
|
|
localIoStatus.Information = 0;
|
|
}
|
|
|
|
//
|
|
// If an event was specified, set it.
|
|
//
|
|
|
|
if (ARGUMENT_PRESENT( Event )) {
|
|
KeSetEvent( eventObject, 0, FALSE );
|
|
ObDereferenceObject( eventObject );
|
|
}
|
|
|
|
//
|
|
// Note that the file object event need not be set to the
|
|
// Signaled state, as it is already set. Release the
|
|
// file object lock, if necessary.
|
|
//
|
|
|
|
if (synchronousIo) {
|
|
IopReleaseFileObjectLock( fileObject );
|
|
}
|
|
|
|
//
|
|
// If this file object has a completion port associated with it
|
|
// and this request has a non-NULL APC context then a completion
|
|
// message needs to be queued.
|
|
//
|
|
|
|
if (fileObject->CompletionContext && ARGUMENT_PRESENT( ApcContext )) {
|
|
if (!NT_SUCCESS(IoSetIoCompletion( fileObject->CompletionContext->Port,
|
|
fileObject->CompletionContext->Key,
|
|
ApcContext,
|
|
localIoStatus.Status,
|
|
localIoStatus.Information,
|
|
TRUE ))) {
|
|
localIoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Cleanup and return.
|
|
//
|
|
|
|
ObDereferenceObject( fileObject );
|
|
return localIoStatus.Status;
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
//
|
|
// Set the file object to the Not-Signaled state.
|
|
//
|
|
|
|
KeClearEvent( &fileObject->Event );
|
|
|
|
//
|
|
// Allocate and initialize the I/O Request Packet (IRP) for this operation.
|
|
|
|
irp = IopAllocateIrp( deviceObject->StackSize, TRUE );
|
|
|
|
if (!irp) {
|
|
|
|
//
|
|
// An IRP could not be allocated. Cleanup and return an appropriate
|
|
// error status code.
|
|
//
|
|
|
|
IopAllocateIrpCleanup( fileObject, eventObject );
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
irp->Tail.Overlay.OriginalFileObject = fileObject;
|
|
irp->Tail.Overlay.Thread = CurrentThread;
|
|
irp->Tail.Overlay.AuxiliaryBuffer = (PVOID) NULL;
|
|
irp->RequestorMode = requestorMode;
|
|
irp->PendingReturned = FALSE;
|
|
irp->Cancel = FALSE;
|
|
irp->CancelRoutine = (PDRIVER_CANCEL) NULL;
|
|
|
|
//
|
|
// Fill in the service independent parameters in the IRP.
|
|
//
|
|
|
|
irp->UserEvent = eventObject;
|
|
irp->UserIosb = IoStatusBlock;
|
|
irp->Overlay.AsynchronousParameters.UserApcRoutine = ApcRoutine;
|
|
irp->Overlay.AsynchronousParameters.UserApcContext = ApcContext;
|
|
|
|
//
|
|
// Get a pointer to the stack location for the first driver. This will be
|
|
// used to pass the original function codes and parameters. Note that
|
|
// setting the major function here also sets:
|
|
//
|
|
// MinorFunction = 0;
|
|
// Flags = 0;
|
|
// Control = 0;
|
|
//
|
|
|
|
irpSp = IoGetNextIrpStackLocation( irp );
|
|
majorFunction = (PULONG) (&irpSp->MajorFunction);
|
|
*majorFunction = DeviceIoControl ? IRP_MJ_DEVICE_CONTROL : IRP_MJ_FILE_SYSTEM_CONTROL;
|
|
irpSp->FileObject = fileObject;
|
|
|
|
//
|
|
// Copy the caller's parameters to the service-specific portion of the
|
|
// IRP for those parameters that are the same for all three methods.
|
|
//
|
|
|
|
irpSp->Parameters.DeviceIoControl.OutputBufferLength = OutputBufferLength;
|
|
irpSp->Parameters.DeviceIoControl.InputBufferLength = InputBufferLength;
|
|
irpSp->Parameters.DeviceIoControl.IoControlCode = IoControlCode;
|
|
|
|
//
|
|
// Set the pool type based on the type of function being performed.
|
|
//
|
|
|
|
poolType = DeviceIoControl ? NonPagedPoolCacheAligned : NonPagedPool;
|
|
|
|
//
|
|
// Based on the method that the buffer are being passed, either allocate
|
|
// buffers or build MDLs. Note that in some cases no probing has taken
|
|
// place so the exception handler must catch access violations.
|
|
//
|
|
|
|
irp->MdlAddress = (PMDL) NULL;
|
|
irp->AssociatedIrp.SystemBuffer = (PVOID) NULL;
|
|
|
|
switch ( method ) {
|
|
|
|
case METHOD_BUFFERED:
|
|
|
|
//
|
|
// For this case, allocate a buffer that is large enough to contain
|
|
// both the input and the output buffers. Copy the input buffer to
|
|
// the allocated buffer and set the appropriate IRP fields.
|
|
//
|
|
|
|
irpSp->Parameters.DeviceIoControl.Type3InputBuffer = (PVOID) NULL;
|
|
|
|
try {
|
|
|
|
if (InputBufferLength || OutputBufferLength) {
|
|
irp->AssociatedIrp.SystemBuffer =
|
|
ExAllocatePoolWithQuota( poolType,
|
|
(InputBufferLength > OutputBufferLength) ? InputBufferLength : OutputBufferLength );
|
|
|
|
if (ARGUMENT_PRESENT( InputBuffer )) {
|
|
RtlCopyMemory( irp->AssociatedIrp.SystemBuffer,
|
|
InputBuffer,
|
|
InputBufferLength );
|
|
}
|
|
irp->Flags = IRP_BUFFERED_IO | IRP_DEALLOCATE_BUFFER;
|
|
irp->UserBuffer = OutputBuffer;
|
|
if (ARGUMENT_PRESENT( OutputBuffer )) {
|
|
irp->Flags |= IRP_INPUT_OPERATION;
|
|
}
|
|
} else {
|
|
irp->Flags = 0;
|
|
irp->UserBuffer = (PVOID) NULL;
|
|
}
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
//
|
|
// An exception was incurred while either allocating the
|
|
// the system buffer or moving the caller's data. Determine
|
|
// what actually happened, cleanup accordingly, and return
|
|
// an appropriate error status code.
|
|
//
|
|
|
|
IopExceptionCleanup( fileObject,
|
|
irp,
|
|
eventObject,
|
|
(PKEVENT) NULL );
|
|
|
|
return GetExceptionCode();
|
|
}
|
|
|
|
break;
|
|
|
|
case METHOD_IN_DIRECT:
|
|
case METHOD_OUT_DIRECT:
|
|
|
|
//
|
|
// For these two cases, allocate a buffer that is large enough to
|
|
// contain the input buffer, if any, and copy the information to
|
|
// the allocated buffer. Then build an MDL for either read or write
|
|
// access, depending on the method, for the output buffer. Note
|
|
// that the buffer length parameters have been jammed to zero for
|
|
// users if the buffer parameter was not passed. (Kernel callers
|
|
// should be calling the service correctly in the first place.)
|
|
//
|
|
// Note also that it doesn't make a whole lot of sense to specify
|
|
// either method #1 or #2 if the IOCTL does not require the caller
|
|
// to specify an output buffer.
|
|
//
|
|
|
|
irp->Flags = 0;
|
|
irpSp->Parameters.DeviceIoControl.Type3InputBuffer = (PVOID) NULL;
|
|
|
|
try {
|
|
|
|
if (InputBufferLength && ARGUMENT_PRESENT( InputBuffer )) {
|
|
irp->AssociatedIrp.SystemBuffer =
|
|
ExAllocatePoolWithQuota( poolType,
|
|
InputBufferLength );
|
|
RtlCopyMemory( irp->AssociatedIrp.SystemBuffer,
|
|
InputBuffer,
|
|
InputBufferLength );
|
|
irp->Flags = IRP_BUFFERED_IO | IRP_DEALLOCATE_BUFFER;
|
|
}
|
|
|
|
if (OutputBufferLength != 0) {
|
|
irp->MdlAddress = IoAllocateMdl( OutputBuffer,
|
|
OutputBufferLength,
|
|
FALSE,
|
|
TRUE,
|
|
irp );
|
|
if (irp->MdlAddress == NULL) {
|
|
ExRaiseStatus( STATUS_INSUFFICIENT_RESOURCES );
|
|
}
|
|
IopProbeAndLockPages( irp->MdlAddress,
|
|
requestorMode,
|
|
(LOCK_OPERATION) ((method == 1) ? IoReadAccess : IoWriteAccess),
|
|
deviceObject,
|
|
*majorFunction);
|
|
}
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
//
|
|
// An exception was incurred while either allocating the
|
|
// system buffer, copying the caller's data, allocating the
|
|
// MDL, or probing and locking the caller's buffer. Determine
|
|
// what actually happened, cleanup accordingly, and return
|
|
// an appropriate error status code.
|
|
//
|
|
|
|
IopExceptionCleanup( fileObject,
|
|
irp,
|
|
eventObject,
|
|
(PKEVENT) NULL );
|
|
|
|
return GetExceptionCode();
|
|
}
|
|
|
|
break;
|
|
|
|
case METHOD_NEITHER:
|
|
|
|
//
|
|
// For this case, do nothing. Everything is up to the driver.
|
|
// Simply give the driver a copy of the caller's parameters and
|
|
// let the driver do everything itself.
|
|
//
|
|
|
|
irp->Flags = 0;
|
|
irp->UserBuffer = OutputBuffer;
|
|
irpSp->Parameters.DeviceIoControl.Type3InputBuffer = InputBuffer;
|
|
}
|
|
|
|
//
|
|
// Pass the read/write access granted bits down to the driver. This allows drivers to check
|
|
// access for ioctls that were mistakenly defined as FILE_ANY_ACCESS and cannot be redefined for
|
|
// compatibility reasons.
|
|
//
|
|
|
|
irpSp->Flags |= SeComputeGrantedAccesses( handleInformation.GrantedAccess, FILE_READ_DATA ) ? SL_READ_ACCESS_GRANTED : 0;
|
|
irpSp->Flags |= SeComputeGrantedAccesses( handleInformation.GrantedAccess, FILE_WRITE_DATA ) ? SL_WRITE_ACCESS_GRANTED : 0;
|
|
|
|
//
|
|
// Defer I/O completion for FSCTL requests, but not for IOCTL requests,
|
|
// since file systems set pending properly but device driver do not.
|
|
//
|
|
|
|
if (!DeviceIoControl) {
|
|
irp->Flags |= IRP_DEFER_IO_COMPLETION;
|
|
}
|
|
|
|
//
|
|
// If we are dismounting a volume, increment the shared count. This
|
|
// allows user-space applications to efficiently test for validity
|
|
// of current directory handles.
|
|
//
|
|
|
|
if (IoControlCode == FSCTL_DISMOUNT_VOLUME) {
|
|
InterlockedIncrement( (PLONG) &SharedUserData->DismountCount );
|
|
}
|
|
|
|
|
|
//
|
|
// Queue the packet, call the driver, and synchronize appropriately with
|
|
// I/O completion.
|
|
//
|
|
|
|
return IopSynchronousServiceTail( deviceObject,
|
|
irp,
|
|
fileObject,
|
|
(BOOLEAN)!DeviceIoControl,
|
|
requestorMode,
|
|
synchronousIo,
|
|
OtherTransfer );
|
|
}
|
|
|
|
NTSTATUS
|
|
IopLookupBusStringFromID (
|
|
IN HANDLE KeyHandle,
|
|
IN INTERFACE_TYPE InterfaceType,
|
|
OUT PWCHAR Buffer,
|
|
IN ULONG Length,
|
|
OUT PULONG BusFlags OPTIONAL
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Translates INTERFACE_TYPE to its corresponding WCHAR[] string.
|
|
|
|
Arguments:
|
|
|
|
KeyHandle - Supplies a handle to the opened registry key,
|
|
HKLM\System\CurrentControlSet\Control\SystemResources\BusValues.
|
|
|
|
InterfaceType - Supplies the interface type for which a descriptive
|
|
name is to be retrieved.
|
|
|
|
Buffer - Supplies a pointer to a unicode character buffer that will
|
|
receive the bus name. Since this buffer is used in an
|
|
intermediate step to retrieve a KEY_VALUE_FULL_INFORMATION structure,
|
|
it must be large enough to contain this structure (including the
|
|
longest value name & data length under KeyHandle).
|
|
|
|
Length - Supplies the length, in bytes, of the Buffer.
|
|
|
|
BusFlags - Optionally receives the flags specified in the second
|
|
DWORD of the matching REG_BINARY value.
|
|
|
|
Return Value:
|
|
|
|
The function value is the final status of the operation.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS status;
|
|
ULONG Index, junk, i, j;
|
|
PULONG pl;
|
|
PKEY_VALUE_FULL_INFORMATION KeyInformation;
|
|
WCHAR c;
|
|
|
|
PAGED_CODE();
|
|
|
|
Index = 0;
|
|
KeyInformation = (PKEY_VALUE_FULL_INFORMATION) Buffer;
|
|
|
|
for (; ;) {
|
|
status = ZwEnumerateValueKey (
|
|
KeyHandle,
|
|
Index++,
|
|
KeyValueFullInformation,
|
|
Buffer,
|
|
Length,
|
|
&junk
|
|
);
|
|
|
|
if (!NT_SUCCESS (status)) {
|
|
return status;
|
|
}
|
|
|
|
if (KeyInformation->Type != REG_BINARY) {
|
|
continue;
|
|
}
|
|
|
|
pl = (PULONG) ((PUCHAR) KeyInformation + KeyInformation->DataOffset);
|
|
if ((ULONG) InterfaceType != pl[0]) {
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// Found a match - move the name to the start of the buffer
|
|
//
|
|
|
|
if(ARGUMENT_PRESENT(BusFlags)) {
|
|
*BusFlags = pl[1];
|
|
}
|
|
|
|
j = KeyInformation->NameLength / sizeof (WCHAR);
|
|
for (i=0; i < j; i++) {
|
|
c = KeyInformation->Name[i];
|
|
Buffer[i] = c;
|
|
}
|
|
|
|
Buffer[i] = 0;
|
|
return STATUS_SUCCESS;
|
|
}
|
|
}
|
|
|
|
|
|
BOOLEAN
|
|
IopSafebootDriverLoad(
|
|
PUNICODE_STRING DriverId
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Checks to see if a driver or service is included
|
|
in the current safeboot registry section.
|
|
|
|
Arguments:
|
|
|
|
DriverId - Specifies which driver is to be validated.
|
|
The string should contain a driver executable name
|
|
like foo.sys or a GUID for a pnp driver class.
|
|
|
|
Return Value:
|
|
|
|
TRUE - driver/service is in the registry
|
|
FALSE - driver/service is NOT in the registry
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS status;
|
|
HANDLE hSafeBoot,hGuid;
|
|
UNICODE_STRING safeBootKey;
|
|
UNICODE_STRING SafeBootTypeString;
|
|
|
|
|
|
|
|
//
|
|
// set the first part of the registry key name
|
|
//
|
|
|
|
switch (InitSafeBootMode) {
|
|
case SAFEBOOT_MINIMAL:
|
|
RtlInitUnicodeString(&SafeBootTypeString,SAFEBOOT_MINIMAL_STR_W);
|
|
break;
|
|
|
|
case SAFEBOOT_NETWORK:
|
|
RtlInitUnicodeString(&SafeBootTypeString,SAFEBOOT_NETWORK_STR_W);
|
|
break;
|
|
|
|
case SAFEBOOT_DSREPAIR:
|
|
return TRUE;
|
|
|
|
default:
|
|
KdPrint(("SAFEBOOT: invalid safeboot option = %d\n",InitSafeBootMode));
|
|
return FALSE;
|
|
}
|
|
|
|
safeBootKey.Length = 0;
|
|
safeBootKey.MaximumLength = DriverId->Length + SafeBootTypeString.Length + (4*sizeof(WCHAR));
|
|
safeBootKey.Buffer = (PWCHAR)ExAllocatePool(PagedPool,safeBootKey.MaximumLength);
|
|
if (!safeBootKey.Buffer) {
|
|
KdPrint(("SAFEBOOT: could not allocate pool\n"));
|
|
return FALSE;
|
|
}
|
|
|
|
RtlCopyUnicodeString(&safeBootKey,&SafeBootTypeString);
|
|
status = RtlAppendUnicodeToString(&safeBootKey,L"\\");
|
|
if (!NT_SUCCESS(status)) {
|
|
ExFreePool (safeBootKey.Buffer);
|
|
KdPrint(("SAFEBOOT: could not create registry key string = %x\n",status));
|
|
return FALSE;
|
|
}
|
|
status = RtlAppendUnicodeStringToString(&safeBootKey,DriverId);
|
|
if (!NT_SUCCESS(status)) {
|
|
ExFreePool (safeBootKey.Buffer);
|
|
KdPrint(("SAFEBOOT: could not create registry key string = %x\n",status));
|
|
return FALSE;
|
|
}
|
|
|
|
status = IopOpenRegistryKey (
|
|
&hSafeBoot,
|
|
NULL,
|
|
&CmRegistryMachineSystemCurrentControlSetControlSafeBoot,
|
|
KEY_ALL_ACCESS,
|
|
FALSE
|
|
);
|
|
if (NT_SUCCESS(status)) {
|
|
status = IopOpenRegistryKey (
|
|
&hGuid,
|
|
hSafeBoot,
|
|
&safeBootKey,
|
|
KEY_ALL_ACCESS,
|
|
FALSE
|
|
);
|
|
NtClose(hSafeBoot);
|
|
if (NT_SUCCESS(status)) {
|
|
NtClose(hGuid);
|
|
ExFreePool(safeBootKey.Buffer);
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
ExFreePool(safeBootKey.Buffer);
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
|
|
#ifdef ALLOC_DATA_PRAGMA
|
|
#pragma data_seg("PAGEDATA")
|
|
#endif
|
|
static PBOOT_LOG_RECORD BootLogRecord;
|
|
#ifdef ALLOC_DATA_PRAGMA
|
|
#pragma data_seg()
|
|
#endif
|
|
|
|
VOID
|
|
IopInitializeBootLogging(
|
|
PLOADER_PARAMETER_BLOCK LoaderBlock,
|
|
PCHAR HeaderString
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Initializes strings for boot logging.
|
|
|
|
Arguments:
|
|
|
|
LoaderBlock - the loader parameter block
|
|
|
|
Return Value:
|
|
|
|
VOID
|
|
|
|
--*/
|
|
{
|
|
PKLDR_DATA_TABLE_ENTRY DataTableEntry;
|
|
PMESSAGE_RESOURCE_ENTRY MessageEntry;
|
|
ULONG MsgId = 0;
|
|
ANSI_STRING AnsiString;
|
|
NTSTATUS Status;
|
|
PLIST_ENTRY nextEntry;
|
|
PKLDR_DATA_TABLE_ENTRY driverEntry;
|
|
|
|
|
|
PAGED_CODE();
|
|
|
|
if (BootLogRecord != NULL) {
|
|
return;
|
|
}
|
|
|
|
BootLogRecord = (PBOOT_LOG_RECORD) ExAllocatePool(NonPagedPool, sizeof(BOOT_LOG_RECORD));
|
|
|
|
if (BootLogRecord == NULL) {
|
|
return;
|
|
}
|
|
|
|
RtlZeroMemory(BootLogRecord, sizeof(BOOT_LOG_RECORD));
|
|
|
|
ExInitializeResourceLite(&BootLogRecord->Resource);
|
|
|
|
//
|
|
// No need to do KeEnterCriticalRegion as this is called
|
|
// from system process only.
|
|
//
|
|
ExAcquireResourceExclusiveLite(&BootLogRecord->Resource, TRUE);
|
|
|
|
DataTableEntry = CONTAINING_RECORD(LoaderBlock->LoadOrderListHead.Flink,
|
|
KLDR_DATA_TABLE_ENTRY,
|
|
InLoadOrderLinks);
|
|
|
|
Status = RtlFindMessage (DataTableEntry->DllBase, 11, 0, BOOTLOG_LOADED, &MessageEntry);
|
|
|
|
if (NT_SUCCESS( Status )) {
|
|
AnsiString.Buffer = MessageEntry->Text;
|
|
AnsiString.Length = (USHORT)strlen(MessageEntry->Text);
|
|
AnsiString.MaximumLength = AnsiString.Length + 1;
|
|
|
|
RtlAnsiStringToUnicodeString(&BootLogRecord->LoadedString, &AnsiString, TRUE);
|
|
|
|
// whack the crlf at the end of the string
|
|
|
|
if (BootLogRecord->LoadedString.Length > 2 * sizeof(WCHAR)) {
|
|
BootLogRecord->LoadedString.Length -= 2 * sizeof(WCHAR);
|
|
BootLogRecord->LoadedString.Buffer[BootLogRecord->LoadedString.Length / sizeof(WCHAR)] = UNICODE_NULL;
|
|
}
|
|
}
|
|
|
|
Status = RtlFindMessage (DataTableEntry->DllBase, 11, 0, BOOTLOG_NOT_LOADED, &MessageEntry);
|
|
|
|
if (NT_SUCCESS( Status )) {
|
|
AnsiString.Buffer = MessageEntry->Text;
|
|
AnsiString.Length = (USHORT)strlen(MessageEntry->Text);
|
|
AnsiString.MaximumLength = AnsiString.Length + 1;
|
|
|
|
RtlAnsiStringToUnicodeString(&BootLogRecord->NotLoadedString, &AnsiString, TRUE);
|
|
|
|
// whack the crlf at the end of the string
|
|
|
|
if (BootLogRecord->NotLoadedString.Length > 2 * sizeof(WCHAR)) {
|
|
BootLogRecord->NotLoadedString.Length -= 2 * sizeof(WCHAR);
|
|
BootLogRecord->NotLoadedString.Buffer[BootLogRecord->NotLoadedString.Length / sizeof(WCHAR)] = UNICODE_NULL;
|
|
}
|
|
}
|
|
|
|
// The header string (copied from DebugString in Phase1Initialization) appears to have a leading null byte
|
|
|
|
HeaderString++;
|
|
|
|
RtlCreateUnicodeStringFromAsciiz(&BootLogRecord->HeaderString, HeaderString);
|
|
|
|
// Log the drivers loaded by the boot loader
|
|
|
|
ExAcquireResourceSharedLite( &PsLoadedModuleResource, TRUE );
|
|
nextEntry = PsLoadedModuleList.Flink;
|
|
while (nextEntry != &PsLoadedModuleList) {
|
|
|
|
//
|
|
// Look at the next boot driver in the list.
|
|
//
|
|
|
|
driverEntry = CONTAINING_RECORD( nextEntry,
|
|
KLDR_DATA_TABLE_ENTRY,
|
|
InLoadOrderLinks );
|
|
|
|
IopBootLog(&driverEntry->FullDllName, TRUE);
|
|
|
|
nextEntry = nextEntry->Flink;
|
|
}
|
|
|
|
ExReleaseResourceLite( &PsLoadedModuleResource );
|
|
|
|
ExReleaseResourceLite(&BootLogRecord->Resource);
|
|
}
|
|
|
|
VOID
|
|
IopBootLog(
|
|
PUNICODE_STRING LogEntry,
|
|
BOOLEAN Loaded
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Create and write out a log entry. Before NtInitializeRegistry is called, log entries are spooled
|
|
into the registry. When NtInitalizeRegistry is called by the session manager, the
|
|
log file is created if necessary and truncated. Log entries in the registry are
|
|
then copied into the log file and the registry entries are deleted.
|
|
|
|
Arguments:
|
|
|
|
LogEntry - the text to log.
|
|
Loaded - indicates whether to prepend the "Loaded" string or the "Not Loaded" string.
|
|
|
|
Return Value:
|
|
|
|
VOID
|
|
|
|
|
|
--*/
|
|
{
|
|
WCHAR NameBuffer[BOOTLOG_STRSIZE];
|
|
UNICODE_STRING KeyName;
|
|
UNICODE_STRING ValueName;
|
|
UNICODE_STRING CrLf;
|
|
UNICODE_STRING Space;
|
|
NTSTATUS Status;
|
|
|
|
WCHAR MessageBuffer[BOOTLOG_STRSIZE];
|
|
UNICODE_STRING MessageString = {
|
|
0,
|
|
BOOTLOG_STRSIZE,
|
|
&MessageBuffer[0]
|
|
};
|
|
|
|
PAGED_CODE();
|
|
|
|
if (BootLogRecord == NULL) {
|
|
return;
|
|
}
|
|
|
|
//
|
|
// No need to do KeEnterCriticalRegion as this is called
|
|
// from system process only.
|
|
//
|
|
ExAcquireResourceExclusiveLite(&BootLogRecord->Resource, TRUE);
|
|
|
|
if (Loaded) {
|
|
RtlCopyUnicodeString(&MessageString, &BootLogRecord->LoadedString);
|
|
} else {
|
|
RtlCopyUnicodeString(&MessageString, &BootLogRecord->NotLoadedString);
|
|
}
|
|
|
|
// add a space after the message prefix
|
|
|
|
RtlInitUnicodeString(&Space, L" ");
|
|
|
|
RtlAppendUnicodeStringToString(&MessageString, &Space);
|
|
|
|
RtlAppendUnicodeStringToString(&MessageString, LogEntry);
|
|
|
|
// add a CR LF
|
|
|
|
RtlInitUnicodeString(&CrLf, L"\r\n");
|
|
RtlAppendUnicodeStringToString(&MessageString, &CrLf);
|
|
|
|
swprintf(NameBuffer, L"%d", BootLogRecord->NextKey++);
|
|
|
|
RtlCreateUnicodeString(&KeyName, NameBuffer);
|
|
RtlInitUnicodeString(&ValueName, L"");
|
|
|
|
if (!BootLogRecord->FileLogging) {
|
|
HANDLE hLogKey, hBootKey;
|
|
|
|
Status = IopOpenRegistryKey (
|
|
&hBootKey,
|
|
NULL,
|
|
&CmRegistryMachineSystemCurrentControlSetControlBootLog,
|
|
KEY_ALL_ACCESS,
|
|
TRUE
|
|
);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
Status = IopOpenRegistryKey (
|
|
&hLogKey,
|
|
hBootKey,
|
|
&KeyName,
|
|
KEY_ALL_ACCESS,
|
|
TRUE
|
|
);
|
|
if (NT_SUCCESS(Status)) {
|
|
Status = IopSetRegistryStringValue(
|
|
hLogKey,
|
|
&ValueName,
|
|
&MessageString
|
|
);
|
|
ZwClose(hLogKey);
|
|
}
|
|
ZwClose(hBootKey);
|
|
}
|
|
|
|
} else {
|
|
IopBootLogToFile( &MessageString );
|
|
}
|
|
|
|
RtlFreeUnicodeString(&KeyName);
|
|
|
|
ExReleaseResourceLite(&BootLogRecord->Resource);
|
|
}
|
|
|
|
VOID
|
|
IopCopyBootLogRegistryToFile(
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Copy the text in the registry entries into the log file and delete the registry entries. Set the
|
|
flag that indicates direct logging to the log file.
|
|
|
|
Arguments:
|
|
|
|
NONE
|
|
|
|
Return Value:
|
|
|
|
VOID
|
|
|
|
|
|
--*/
|
|
{
|
|
UNICODE_STRING KeyName;
|
|
WCHAR NameBuffer[BOOTLOG_STRSIZE];
|
|
NTSTATUS Status;
|
|
HANDLE hLogKey, hBootKey;
|
|
ULONG Index;
|
|
PKEY_VALUE_FULL_INFORMATION Information;
|
|
LARGE_INTEGER LocalTime;
|
|
TIME_FIELDS TimeFields;
|
|
CHAR AnsiTimeBuffer[256];
|
|
ANSI_STRING AnsiTimeString;
|
|
UNICODE_STRING UnicodeTimeString;
|
|
UNICODE_STRING LogString;
|
|
PKTHREAD CurrentThread;
|
|
|
|
PAGED_CODE();
|
|
|
|
if (BootLogRecord == NULL) {
|
|
return;
|
|
}
|
|
|
|
CurrentThread = KeGetCurrentThread ();
|
|
KeEnterCriticalRegionThread(CurrentThread);
|
|
ExAcquireResourceExclusiveLite(&BootLogRecord->Resource, TRUE);
|
|
|
|
IopBootLogToFile(&BootLogRecord->HeaderString);
|
|
|
|
ExSystemTimeToLocalTime(&KeBootTime, &LocalTime);
|
|
|
|
RtlTimeToTimeFields(&LocalTime, &TimeFields);
|
|
|
|
sprintf(
|
|
AnsiTimeBuffer,
|
|
"%2d %2d %4d %02d:%02d:%02d.%03d\r\n",
|
|
TimeFields.Month,
|
|
TimeFields.Day,
|
|
TimeFields.Year,
|
|
TimeFields.Hour,
|
|
TimeFields.Minute,
|
|
TimeFields.Second,
|
|
TimeFields.Milliseconds
|
|
);
|
|
|
|
RtlInitAnsiString(&AnsiTimeString, AnsiTimeBuffer);
|
|
|
|
RtlAnsiStringToUnicodeString(&UnicodeTimeString, &AnsiTimeString, TRUE);
|
|
|
|
IopBootLogToFile(&UnicodeTimeString);
|
|
|
|
RtlFreeUnicodeString(&UnicodeTimeString);
|
|
|
|
//
|
|
// Read all of the strings in the registry and write them to the log file.
|
|
// Delete the registry keys when done.
|
|
//
|
|
|
|
Status = IopOpenRegistryKey (
|
|
&hBootKey,
|
|
NULL,
|
|
&CmRegistryMachineSystemCurrentControlSetControlBootLog,
|
|
KEY_ALL_ACCESS,
|
|
FALSE
|
|
);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
for (Index = 0; Index < BootLogRecord->NextKey; Index++) {
|
|
swprintf(NameBuffer, L"%d", Index);
|
|
|
|
RtlCreateUnicodeString(&KeyName, NameBuffer);
|
|
|
|
Status = IopOpenRegistryKey (
|
|
&hLogKey,
|
|
hBootKey,
|
|
&KeyName,
|
|
KEY_ALL_ACCESS,
|
|
FALSE
|
|
);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
Status = IopGetRegistryValue(
|
|
hLogKey,
|
|
L"",
|
|
&Information
|
|
);
|
|
|
|
if (NT_SUCCESS(Status)){
|
|
RtlInitUnicodeString(&LogString, (PWSTR) ((PUCHAR)Information + Information->DataOffset));
|
|
IopBootLogToFile(&LogString);
|
|
}
|
|
ExFreePool(Information);
|
|
ZwDeleteKey(hLogKey);
|
|
ZwClose(hLogKey);
|
|
}
|
|
}
|
|
ZwDeleteKey(hBootKey);
|
|
ZwClose(hBootKey);
|
|
|
|
//
|
|
// Write directly to the file from now on.
|
|
//
|
|
|
|
BootLogRecord->FileLogging = TRUE;
|
|
}
|
|
|
|
ExReleaseResourceLite(&BootLogRecord->Resource);
|
|
KeLeaveCriticalRegionThread(CurrentThread);
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
IopBootLogToFile(
|
|
PUNICODE_STRING String
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Write the buffer into the log file.
|
|
|
|
Arguments:
|
|
|
|
Buffer - pointer to the string to write out.
|
|
Length - number of bytes to write
|
|
|
|
Return Value:
|
|
|
|
The function status is the final status of the operation.
|
|
|
|
|
|
--*/
|
|
{
|
|
OBJECT_ATTRIBUTES ObjA;
|
|
NTSTATUS Status;
|
|
IO_STATUS_BLOCK IoStatusBlock;
|
|
HANDLE FileHandle;
|
|
WCHAR UnicodeHeader = 0xfeff;
|
|
PKTHREAD CurrentThread;
|
|
|
|
PAGED_CODE();
|
|
|
|
if (BootLogRecord == NULL) {
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
CurrentThread = KeGetCurrentThread ();
|
|
KeEnterCriticalRegionThread(CurrentThread);
|
|
ExAcquireResourceExclusiveLite(&BootLogRecord->Resource, TRUE);
|
|
|
|
if (BootLogRecord->LogFileName.Buffer == NULL) {
|
|
RtlInitUnicodeString(&BootLogRecord->LogFileName, L"\\SystemRoot\\ntbtlog.txt");
|
|
}
|
|
|
|
InitializeObjectAttributes(&ObjA, &BootLogRecord->LogFileName, OBJ_CASE_INSENSITIVE, NULL, NULL);
|
|
|
|
Status = ZwCreateFile(&FileHandle,
|
|
GENERIC_WRITE,
|
|
&ObjA,
|
|
&IoStatusBlock,
|
|
NULL,
|
|
FILE_ATTRIBUTE_NORMAL,
|
|
FILE_SHARE_READ,
|
|
FILE_OPEN_IF,
|
|
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE | FILE_SEQUENTIAL_ONLY,
|
|
NULL,
|
|
0
|
|
);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
|
|
//
|
|
// If the file is created for the first time, write the header.
|
|
//
|
|
|
|
if (IoStatusBlock.Information == FILE_CREATED) {
|
|
|
|
Status = ZwWriteFile(
|
|
FileHandle,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
&IoStatusBlock,
|
|
(PVOID) &UnicodeHeader,
|
|
sizeof(WCHAR),
|
|
NULL,
|
|
NULL
|
|
);
|
|
}
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
|
|
LARGE_INTEGER EndOfFile;
|
|
|
|
EndOfFile.HighPart = 0xffffffff;
|
|
EndOfFile.LowPart = FILE_WRITE_TO_END_OF_FILE;
|
|
|
|
Status = ZwWriteFile(
|
|
FileHandle,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
&IoStatusBlock,
|
|
(PVOID) String->Buffer,
|
|
String->Length,
|
|
&EndOfFile,
|
|
NULL
|
|
);
|
|
|
|
}
|
|
|
|
ZwClose(FileHandle);
|
|
}
|
|
|
|
ExReleaseResourceLite(&BootLogRecord->Resource);
|
|
KeLeaveCriticalRegionThread(CurrentThread);
|
|
|
|
return Status;
|
|
}
|
|
|
|
PLIST_ENTRY
|
|
FASTCALL
|
|
IopInterlockedInsertHeadList (
|
|
IN PLIST_ENTRY ListHead,
|
|
IN PLIST_ENTRY ListEntry
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function inserts an entry at the head of a list using the I/O
|
|
database lock for synchronization.
|
|
|
|
Arguments:
|
|
|
|
Listhead - Supplies a pointer to the list head.
|
|
|
|
ListEntry - Supplies a pointer to the list entry.
|
|
|
|
Return Value:
|
|
|
|
If the list was previously empty, then NULL is returned as the function
|
|
value. Otherwise, a pointer to the previous first entry in the list is
|
|
returned as the function value.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PLIST_ENTRY entry;
|
|
KIRQL irql;
|
|
|
|
irql = KeAcquireQueuedSpinLock( LockQueueIoDatabaseLock );
|
|
entry = ListHead->Flink;
|
|
if ( entry == ListHead ) {
|
|
entry = NULL;
|
|
}
|
|
|
|
InsertHeadList( ListHead, ListEntry );
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
return entry;
|
|
}
|
|
|
|
PLIST_ENTRY
|
|
FASTCALL
|
|
IopInterlockedInsertTailList (
|
|
IN PLIST_ENTRY ListHead,
|
|
IN PLIST_ENTRY ListEntry
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function inserts an entry at the tail of a list using the I/O
|
|
database lock for synchronization.
|
|
|
|
Arguments:
|
|
|
|
Listhead - Supplies a pointer to the list head.
|
|
|
|
ListEntry - Supplies a pointer to the list entry.
|
|
|
|
Return Value:
|
|
|
|
If the list was previously empty, then NULL is returned as the function
|
|
value. Otherwise, a pointer to the previous last entry in the list is
|
|
returned as the function value.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PLIST_ENTRY entry;
|
|
KIRQL irql;
|
|
|
|
irql = KeAcquireQueuedSpinLock( LockQueueIoDatabaseLock );
|
|
entry = ListHead->Blink;
|
|
if ( entry == ListHead) {
|
|
entry = NULL;
|
|
}
|
|
|
|
InsertTailList( ListHead, ListEntry );
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
return entry;
|
|
}
|
|
|
|
PLIST_ENTRY
|
|
FASTCALL
|
|
IopInterlockedRemoveHeadList (
|
|
IN PLIST_ENTRY ListHead
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function removes the first entry form a list using the I/O database
|
|
lock for synchronization.
|
|
|
|
Arguments:
|
|
|
|
Listhead - Supplies a pointer to the list head.
|
|
|
|
Return Value:
|
|
|
|
If the list is empty, then NULL is returned as the function value.
|
|
Otherwise, a pointer to the first entry in the list is returned as
|
|
the function value.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
PLIST_ENTRY entry;
|
|
KIRQL irql;
|
|
|
|
irql = KeAcquireQueuedSpinLock( LockQueueIoDatabaseLock );
|
|
entry = ListHead->Flink;
|
|
if ( entry != ListHead ) {
|
|
RemoveEntryList( entry );
|
|
|
|
} else {
|
|
entry = NULL;
|
|
}
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
return entry;
|
|
}
|
|
|
|
ULONG
|
|
FASTCALL
|
|
IopInterlockedDecrementUlong (
|
|
IN KSPIN_LOCK_QUEUE_NUMBER Number,
|
|
IN OUT PULONG Addend
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function decrements the specified value using a queued spin lock
|
|
for synchronization.
|
|
|
|
Arguments:
|
|
|
|
Number - Supplies the number of the queued spin lock.
|
|
|
|
Addend - Supplies a pointer to the variable to be decremented.
|
|
|
|
Return Value:
|
|
|
|
The value of the variable before the decrement is applied.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
KIRQL irql;
|
|
ULONG value;
|
|
|
|
irql = KeAcquireQueuedSpinLock( Number );
|
|
value = *Addend;
|
|
*Addend -= 1;
|
|
KeReleaseQueuedSpinLock( Number, irql );
|
|
return value;
|
|
}
|
|
|
|
ULONG
|
|
FASTCALL
|
|
IopInterlockedIncrementUlong (
|
|
IN KSPIN_LOCK_QUEUE_NUMBER Number,
|
|
IN OUT PULONG Addend
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function increments the specified value using a queued spin lock
|
|
for synchronization.
|
|
|
|
Arguments:
|
|
|
|
Number - Supplies the number of the queued spin lock.
|
|
|
|
Addend - Supplies a pointer to the variable to be incremented.
|
|
|
|
Return Value:
|
|
|
|
The value of the variable before the increment is applied.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
KIRQL irql;
|
|
ULONG value;
|
|
|
|
irql = KeAcquireQueuedSpinLock( Number );
|
|
value = *Addend;
|
|
*Addend += 1;
|
|
KeReleaseQueuedSpinLock( Number, irql );
|
|
return value;
|
|
}
|
|
|
|
BOOLEAN
|
|
IopCallBootDriverReinitializationRoutines(
|
|
VOID
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine processes the boot driver reinitialization list. It calls each
|
|
entry and then removes it from the list.
|
|
|
|
Arguments:
|
|
|
|
NONE
|
|
|
|
Returns:
|
|
|
|
TRUE if any entries were processed.
|
|
|
|
--*/
|
|
|
|
{
|
|
PLIST_ENTRY entry;
|
|
PREINIT_PACKET reinitEntry;
|
|
BOOLEAN routinesFound = FALSE;
|
|
|
|
//
|
|
// Walk the list reinitialization list in case this driver, or
|
|
// some other driver, has requested to be invoked at a re-
|
|
// initialization entry point.
|
|
//
|
|
|
|
while (entry = IopInterlockedRemoveHeadList( &IopBootDriverReinitializeQueueHead )) {
|
|
routinesFound = TRUE;
|
|
reinitEntry = CONTAINING_RECORD( entry, REINIT_PACKET, ListEntry );
|
|
reinitEntry->DriverObject->DriverExtension->Count++;
|
|
reinitEntry->DriverObject->Flags &= ~DRVO_BOOTREINIT_REGISTERED;
|
|
reinitEntry->DriverReinitializationRoutine( reinitEntry->DriverObject,
|
|
reinitEntry->Context,
|
|
reinitEntry->DriverObject->DriverExtension->Count );
|
|
ExFreePool( reinitEntry );
|
|
}
|
|
|
|
return routinesFound;
|
|
}
|
|
|
|
BOOLEAN
|
|
IopCallDriverReinitializationRoutines(
|
|
VOID
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine processes the driver reinitialization list. It calls each
|
|
entry and then removes it from the list.
|
|
|
|
Arguments:
|
|
|
|
NONE
|
|
|
|
Returns:
|
|
|
|
TRUE if any entries were processed.
|
|
|
|
--*/
|
|
|
|
{
|
|
PLIST_ENTRY entry;
|
|
PREINIT_PACKET reinitEntry;
|
|
BOOLEAN routinesFound = FALSE;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Walk the list reinitialization list in case this driver, or
|
|
// some other driver, has requested to be invoked at a re-
|
|
// initialization entry point.
|
|
//
|
|
|
|
while (entry = IopInterlockedRemoveHeadList( &IopDriverReinitializeQueueHead )) {
|
|
routinesFound = TRUE;
|
|
reinitEntry = CONTAINING_RECORD( entry, REINIT_PACKET, ListEntry );
|
|
reinitEntry->DriverObject->DriverExtension->Count++;
|
|
reinitEntry->DriverObject->Flags &= ~DRVO_REINIT_REGISTERED;
|
|
reinitEntry->DriverReinitializationRoutine( reinitEntry->DriverObject,
|
|
reinitEntry->Context,
|
|
reinitEntry->DriverObject->DriverExtension->Count );
|
|
ExFreePool( reinitEntry );
|
|
}
|
|
|
|
return routinesFound;
|
|
}
|
|
|
|
PDRIVER_OBJECT
|
|
IopReferenceDriverObjectByName (
|
|
IN PUNICODE_STRING DriverName
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine references a driver object by a given driver name.
|
|
|
|
Arguments:
|
|
|
|
DriverName - supplies a pointer to the name of the driver whose driver object is
|
|
to be referenced.
|
|
|
|
Returns:
|
|
|
|
A pointer to a DRIVER_OBJECT if succeeds. Otherwise, a NULL value.
|
|
|
|
--*/
|
|
|
|
{
|
|
OBJECT_ATTRIBUTES objectAttributes;
|
|
HANDLE driverHandle;
|
|
NTSTATUS status;
|
|
PDRIVER_OBJECT driverObject;
|
|
|
|
//
|
|
// Make sure the driver name is valid.
|
|
//
|
|
|
|
if (DriverName->Length == 0) {
|
|
return NULL;
|
|
}
|
|
|
|
InitializeObjectAttributes(&objectAttributes,
|
|
DriverName,
|
|
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
|
|
NULL,
|
|
NULL
|
|
);
|
|
status = ObOpenObjectByName(&objectAttributes,
|
|
IoDriverObjectType,
|
|
KernelMode,
|
|
NULL,
|
|
FILE_READ_ATTRIBUTES,
|
|
NULL,
|
|
&driverHandle
|
|
);
|
|
if (NT_SUCCESS(status)) {
|
|
|
|
//
|
|
// Now reference the driver object.
|
|
//
|
|
|
|
status = ObReferenceObjectByHandle(driverHandle,
|
|
0,
|
|
IoDriverObjectType,
|
|
KernelMode,
|
|
&driverObject,
|
|
NULL
|
|
);
|
|
NtClose(driverHandle);
|
|
}
|
|
|
|
if (NT_SUCCESS(status)) {
|
|
return driverObject;
|
|
} else {
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
|
|
PIRP
|
|
IopAllocateReserveIrp(
|
|
IN CCHAR StackSize
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine allocates a reserve IRP for paging reads.
|
|
|
|
Arguments:
|
|
|
|
StackSize - IRP stack size.
|
|
|
|
Return Value:
|
|
|
|
The function value is an IRP.
|
|
|
|
--*/
|
|
{
|
|
PIOP_RESERVE_IRP_ALLOCATOR allocator = &IopReserveIrpAllocator;
|
|
|
|
if (StackSize > allocator->ReserveIrpStackSize) {
|
|
return NULL;
|
|
}
|
|
|
|
|
|
while (InterlockedExchange(&allocator->IrpAllocated, 1) == 1) {
|
|
|
|
(VOID)KeWaitForSingleObject(&allocator->Event,
|
|
Executive,
|
|
KernelMode,
|
|
FALSE,
|
|
(PLARGE_INTEGER)0);
|
|
}
|
|
|
|
IoInitializeIrp(allocator->ReserveIrp, IoSizeOfIrp(StackSize), StackSize);
|
|
return (allocator->ReserveIrp);
|
|
}
|
|
|
|
VOID
|
|
IopFreeReserveIrp(
|
|
IN PIRP Irp,
|
|
IN CCHAR PriorityBoost
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine frees a reserve IRP
|
|
|
|
Arguments:
|
|
|
|
IRP - IRP to be freed.
|
|
|
|
Return Value:
|
|
|
|
None
|
|
|
|
--*/
|
|
{
|
|
InterlockedExchange(&IopReserveIrpAllocator.IrpAllocated, 0);
|
|
KeSetEvent(&IopReserveIrpAllocator.Event, PriorityBoost, FALSE);
|
|
}
|
|
|
|
|
|
NTSTATUS
|
|
IopGetBasicInformationFile(
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PFILE_BASIC_INFORMATION BasicInformationBuffer
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine gets the basic information of a fileobject.
|
|
|
|
Arguments:
|
|
|
|
FileObject - Fileobject for which the information is needed.
|
|
BasicInformationBuffer - Buffer of type FILE_BASIC_INFORMATION
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS status;
|
|
PDEVICE_OBJECT deviceObject;
|
|
IO_STATUS_BLOCK localIoStatus;
|
|
PFAST_IO_DISPATCH fastIoDispatch;
|
|
ULONG lengthNeeded;
|
|
BOOLEAN queryResult;
|
|
|
|
PAGED_CODE();
|
|
|
|
deviceObject = IoGetRelatedDeviceObject( FileObject );
|
|
|
|
fastIoDispatch = deviceObject->DriverObject->FastIoDispatch;
|
|
|
|
if (fastIoDispatch && fastIoDispatch->FastIoQueryBasicInfo) {
|
|
|
|
queryResult = fastIoDispatch->FastIoQueryBasicInfo( FileObject,
|
|
(FileObject->Flags & FO_SYNCHRONOUS_IO) ? TRUE : FALSE,
|
|
BasicInformationBuffer,
|
|
&localIoStatus,
|
|
deviceObject );
|
|
if (queryResult) {
|
|
return (localIoStatus.Status);
|
|
}
|
|
}
|
|
|
|
//
|
|
// Use the special API because the fileobject may be synchronous.
|
|
//
|
|
|
|
status = IopGetFileInformation(FileObject,
|
|
sizeof(FILE_BASIC_INFORMATION),
|
|
FileBasicInformation,
|
|
BasicInformationBuffer,
|
|
&lengthNeeded);
|
|
return status;
|
|
}
|
|
|
|
PVPB
|
|
IopMountInitializeVpb(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PDEVICE_OBJECT AttachedDevice,
|
|
IN ULONG RawMountOnly
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine initializes the mounted volume VPB holding the VPB lock.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - Disk device object
|
|
AttachedDevice - Top of FS stack.
|
|
RawMountOnly - Only allow raw mounts
|
|
|
|
Return Value:
|
|
|
|
none.
|
|
|
|
--*/
|
|
{
|
|
KIRQL irql;
|
|
PVPB vpb;
|
|
|
|
IoAcquireVpbSpinLock(&irql);
|
|
|
|
vpb = DeviceObject->Vpb;
|
|
|
|
vpb->Flags = VPB_MOUNTED;
|
|
|
|
|
|
//
|
|
// We explicitly propagate VPB_RAW_MOUNT as the previous
|
|
// statement that has been there for a long time in NT
|
|
// could be clearing other flags which should be cleared.
|
|
//
|
|
|
|
if (RawMountOnly) {
|
|
vpb->Flags |= VPB_RAW_MOUNT;
|
|
}
|
|
|
|
vpb->DeviceObject->StackSize = (UCHAR) (AttachedDevice->StackSize + 1);
|
|
|
|
//
|
|
// Set the reverse Vpb pointer in the filesystem device object's VPB.
|
|
//
|
|
|
|
vpb->DeviceObject->DeviceObjectExtension->Vpb = vpb;
|
|
|
|
vpb->ReferenceCount += 1;
|
|
|
|
IoReleaseVpbSpinLock(irql);
|
|
|
|
return vpb;
|
|
}
|
|
|
|
BOOLEAN
|
|
IopVerifyDeviceObjectOnStack(
|
|
IN PDEVICE_OBJECT BaseDeviceObject,
|
|
IN PDEVICE_OBJECT TopDeviceObject
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine checks if a device object is on a device stack.
|
|
|
|
Arguments:
|
|
|
|
BaseDeviceObject - Lowest device object on the stack.
|
|
TopDeviceObject - Device which is to be tested.
|
|
|
|
Return Value:
|
|
|
|
Returns TRUE if TopDeviceObject is on stack.
|
|
|
|
--*/
|
|
{
|
|
KIRQL irql;
|
|
PDEVICE_OBJECT currentDeviceObject;
|
|
|
|
//
|
|
// Loop through all of the device object's attached to the specified
|
|
// device. When the last device object is found that is not attached
|
|
// to, return it.
|
|
//
|
|
|
|
ASSERT( BaseDeviceObject != NULL);
|
|
|
|
irql = KeAcquireQueuedSpinLock( LockQueueIoDatabaseLock );
|
|
currentDeviceObject = BaseDeviceObject;
|
|
|
|
do {
|
|
if (currentDeviceObject == TopDeviceObject) {
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
return TRUE;
|
|
}
|
|
currentDeviceObject = currentDeviceObject->AttachedDevice;
|
|
} while (currentDeviceObject);
|
|
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
return FALSE;
|
|
}
|
|
|
|
BOOLEAN
|
|
IopVerifyDiskSignature(
|
|
IN PDRIVE_LAYOUT_INFORMATION_EX DriveLayout,
|
|
IN PARC_DISK_SIGNATURE LoaderDiskBlock,
|
|
OUT PULONG DiskSignature
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine verifies disk signature that is present in the loader block
|
|
and that retrieved by the storage drivers.
|
|
|
|
Arguments:
|
|
|
|
DriveLayout - Informtion obtained from the storage stack.
|
|
LoaderDiskBlock - Signature info from loader
|
|
SectorBuffer - Buffer containing sector 0 on the disk.
|
|
DiskSignature - If successful contains disk signature.
|
|
|
|
Return Value:
|
|
|
|
Returns TRUE if signature matches.
|
|
|
|
--*/
|
|
{
|
|
ULONG diskSignature;
|
|
|
|
if (!LoaderDiskBlock->ValidPartitionTable) {
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Save off the signature in local variable if
|
|
// its a MBR disk
|
|
//
|
|
|
|
if (DriveLayout->PartitionStyle == PARTITION_STYLE_MBR) {
|
|
diskSignature = DriveLayout->Mbr.Signature;
|
|
if (LoaderDiskBlock->Signature == diskSignature) {
|
|
if (DiskSignature) {
|
|
*DiskSignature = diskSignature;
|
|
}
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Get hold of the signature from MBR if its GPT disk
|
|
//
|
|
|
|
if (DriveLayout->PartitionStyle == PARTITION_STYLE_GPT) {
|
|
|
|
if (!LoaderDiskBlock->IsGpt) {
|
|
return FALSE;
|
|
}
|
|
|
|
if (!RtlEqualMemory(LoaderDiskBlock->GptSignature, &DriveLayout->Gpt.DiskId, sizeof(GUID))) {
|
|
return FALSE;
|
|
}
|
|
|
|
if (DiskSignature) {
|
|
*DiskSignature = 0;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
NTSTATUS
|
|
IopGetDriverPathInformation(
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PFILE_FS_DRIVER_PATH_INFORMATION FsDpInfo,
|
|
IN ULONG Length
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine returns true if a driver specified by name is present in the IO path
|
|
for the fileobject.
|
|
|
|
Arguments:
|
|
|
|
FileObject - FileObject to which IO is issued.
|
|
FsDpInfo - Info that contains driver name.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS
|
|
|
|
--*/
|
|
{
|
|
UNICODE_STRING driverString;
|
|
PDRIVER_OBJECT driverObject;
|
|
NTSTATUS status;
|
|
KIRQL irql;
|
|
|
|
if ((ULONG) (Length - FIELD_OFFSET( FILE_FS_DRIVER_PATH_INFORMATION, DriverName[0] )) < FsDpInfo->DriverNameLength) {
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
driverString.Buffer = FsDpInfo->DriverName;
|
|
driverString.Length = (USHORT)FsDpInfo->DriverNameLength;
|
|
driverString.MaximumLength = (USHORT)FsDpInfo->DriverNameLength;
|
|
|
|
status = ObReferenceObjectByName(&driverString,
|
|
OBJ_CASE_INSENSITIVE,
|
|
NULL, // access state
|
|
0, // access mask
|
|
IoDriverObjectType,
|
|
KernelMode,
|
|
NULL, // parse context
|
|
&driverObject);
|
|
if (!NT_SUCCESS(status)) {
|
|
return status;
|
|
}
|
|
|
|
irql = KeAcquireQueuedSpinLock( LockQueueIoDatabaseLock );
|
|
|
|
|
|
if (FileObject->Vpb != NULL && FileObject->Vpb->DeviceObject != NULL) {
|
|
|
|
//
|
|
// Check the disk filesystem stack.
|
|
//
|
|
|
|
if (IopVerifyDriverObjectOnStack(FileObject->Vpb->DeviceObject, driverObject)) {
|
|
|
|
FsDpInfo->DriverInPath = TRUE;
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
ObDereferenceObject(driverObject);
|
|
return STATUS_SUCCESS;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Check the storage stack or non disk filesystem stack.
|
|
//
|
|
|
|
FsDpInfo->DriverInPath = IopVerifyDriverObjectOnStack(FileObject->DeviceObject, driverObject);
|
|
KeReleaseQueuedSpinLock( LockQueueIoDatabaseLock, irql );
|
|
|
|
ObDereferenceObject(driverObject);
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
BOOLEAN
|
|
IopVerifyDriverObjectOnStack(
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN PDRIVER_OBJECT DriverObject
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine returns true if a driver specified by driverObject is present in the IO path
|
|
for the deviceobject.
|
|
|
|
Arguments:
|
|
|
|
DeviceObject - DeviceObject to which IO is issued.
|
|
Driverobject - DriverObject to be checked.
|
|
|
|
Return Value:
|
|
|
|
TRUE if the driverObject is in the IO path
|
|
|
|
--*/
|
|
{
|
|
PDEVICE_OBJECT currentDeviceObject;
|
|
|
|
currentDeviceObject = IopGetDeviceAttachmentBase(DeviceObject);
|
|
|
|
while (currentDeviceObject) {
|
|
if (currentDeviceObject->DriverObject == DriverObject) {
|
|
return TRUE;
|
|
}
|
|
currentDeviceObject = currentDeviceObject->AttachedDevice;
|
|
}
|
|
return FALSE;
|
|
}
|
|
|
|
VOID
|
|
IopIncrementDeviceObjectHandleCount(
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
)
|
|
{
|
|
IopInterlockedIncrementUlong( LockQueueIoDatabaseLock,
|
|
&DeviceObject->ReferenceCount );
|
|
}
|
|
|
|
VOID
|
|
IopDecrementDeviceObjectHandleCount(
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
)
|
|
{
|
|
IopDecrementDeviceObjectRef(DeviceObject, FALSE, FALSE);
|
|
}
|
|
|
|
NTSTATUS
|
|
IopInitializeIrpStackProfiler(
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine initializes the Irp stack profiler.
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS
|
|
|
|
--*/
|
|
{
|
|
LARGE_INTEGER dueTime;
|
|
LONG i;
|
|
|
|
RtlZeroMemory(IopIrpStackProfiler.Profile, MAX_LOOKASIDE_IRP_STACK_COUNT * sizeof(ULONG));
|
|
|
|
KeInitializeTimer(&IopIrpStackProfiler.Timer);
|
|
KeInitializeDpc(&IopIrpStackProfiler.Dpc, IopIrpStackProfilerTimer, &IopIrpStackProfiler);
|
|
|
|
dueTime.QuadPart = - IOP_PROFILE_TIME_PERIOD * 10 * 1000 * 1000; // 1 Minute with a recurring period of a minute
|
|
IopIrpStackProfiler.TriggerCount = 0;
|
|
|
|
KeSetTimerEx(&IopIrpStackProfiler.Timer, dueTime, IOP_PROFILE_TIME_PERIOD * 1000, &IopIrpStackProfiler.Dpc);
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
VOID
|
|
IopIrpStackProfilerTimer(
|
|
IN struct _KDPC *Dpc,
|
|
IN PVOID DeferredContext,
|
|
IN PVOID SystemArgument1,
|
|
IN PVOID SystemArgument2
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is the timer DPC routine.
|
|
|
|
Arguments:
|
|
|
|
DeferredContext - Pointer to the profiler structure.
|
|
|
|
Return Value:
|
|
|
|
None
|
|
|
|
--*/
|
|
{
|
|
PIOP_IRP_STACK_PROFILER profiler = DeferredContext;
|
|
LONG i;
|
|
ULONG totalIrpsCounted;
|
|
|
|
//
|
|
// If profile stack count is now enabled, we wait for ProfileDuration * 60 secs to stop
|
|
// it. Once stopped, IopProcessIrpStackProfiler will tally the counts and find the top two
|
|
// stack counts.
|
|
//
|
|
|
|
if (profiler->Flags & IOP_PROFILE_STACK_COUNT) {
|
|
totalIrpsCounted = 0;
|
|
for (i = 0; i < MAX_LOOKASIDE_IRP_STACK_COUNT; i++) {
|
|
totalIrpsCounted += profiler->Profile[i];
|
|
}
|
|
if (totalIrpsCounted > NUM_SAMPLE_IRPS) {
|
|
profiler->Flags &= ~IOP_PROFILE_STACK_COUNT; // Stop the profiling.
|
|
IopProcessIrpStackProfiler();
|
|
}
|
|
return;
|
|
}
|
|
|
|
//
|
|
// Every IOP_PROFILE_TRIGGER_INTERVAL * 60 seconds we turn on the profiling
|
|
//
|
|
|
|
profiler->TriggerCount++;
|
|
if ((profiler->TriggerCount % IOP_PROFILE_TRIGGER_INTERVAL) == 0) {
|
|
profiler->Flags |= IOP_PROFILE_STACK_COUNT; // Enable profiling
|
|
}
|
|
}
|
|
|
|
VOID
|
|
IopProcessIrpStackProfiler(
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine profiles and resets the per-processor counters. It sets the variables
|
|
IopLargeIrpStackLocations and IopSmallIrpStackLocations with the values learned from
|
|
counters.
|
|
|
|
Arguments:
|
|
|
|
None
|
|
|
|
Return Value:
|
|
|
|
None
|
|
|
|
--*/
|
|
{
|
|
PIOP_IRP_STACK_PROFILER profiler = &IopIrpStackProfiler;
|
|
LONG i, j;
|
|
LONG bucket = 0;
|
|
LONG stackCount = 0;
|
|
LONG numRequests;
|
|
|
|
numRequests = 0;
|
|
for (i = BASE_STACK_COUNT; i < MAX_LOOKASIDE_IRP_STACK_COUNT; i++) {
|
|
numRequests += profiler->Profile[i];
|
|
profiler->Profile[i] = 0;
|
|
if (numRequests > bucket) {
|
|
stackCount = i;
|
|
bucket = numRequests;
|
|
}
|
|
numRequests = 0;
|
|
}
|
|
|
|
|
|
//
|
|
// If the top allocation is less than the minimum threshold do nothing.
|
|
//
|
|
|
|
if (bucket < MIN_IRP_THRESHOLD) {
|
|
return;
|
|
}
|
|
|
|
//
|
|
// Update the global variables. This should cause IoAllocateIrp to start using the new IRPs
|
|
// right away.
|
|
//
|
|
|
|
if (IopLargeIrpStackLocations != stackCount) {
|
|
IopLargeIrpStackLocations = stackCount;
|
|
}
|
|
}
|