mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1220 lines
30 KiB
1220 lines
30 KiB
/*++
|
|
|
|
Copyright (c) Microsoft Corporation. All rights reserved.
|
|
|
|
Module Name:
|
|
|
|
PpDrvDB.c
|
|
|
|
Abstract:
|
|
|
|
This module containst PnP routines related to Defective Driver Database
|
|
(DDB) support.
|
|
|
|
Author:
|
|
|
|
Santosh S. Jodh - 22 Jan 2001
|
|
|
|
Environment:
|
|
|
|
Kernel mode
|
|
|
|
Revision History:
|
|
|
|
|
|
--*/
|
|
|
|
#include "pnpmgrp.h"
|
|
#include "windef.h"
|
|
#include "winerror.h"
|
|
#include "shimdb.h"
|
|
#pragma hdrstop
|
|
|
|
// Bit 0 indicates policy for filters (0 = critical, 1 = non-critical)
|
|
#define DDB_DRIVER_POLICY_CRITICAL_BIT (1 << 0)
|
|
// Bit 1 indicates policy for user-mode setup blocking (0 = block, 1 = no-block)
|
|
#define DDB_DRIVER_POLICY_SETUP_NO_BLOCK_BIT (1 << 1)
|
|
|
|
#define DDB_BOOT_NOT_LOADED_ERROR (1 << 0)
|
|
#define DDB_BOOT_OUT_OF_MEMORY_ERROR (1 << 1)
|
|
#define DDB_BOOT_INIT_ERROR (1 << 2)
|
|
#define DDB_DRIVER_PATH_ERROR (1 << 3)
|
|
#define DDB_OPEN_FILE_ERROR (1 << 4)
|
|
#define DDB_CREATE_SECTION_ERROR (1 << 5)
|
|
#define DDB_MAP_SECTION_ERROR (1 << 6)
|
|
#define DDB_MAPPED_INIT_ERROR (1 << 7)
|
|
#define DDB_READ_INFORMATION_ERROR (1 << 8)
|
|
|
|
//#define USE_HANDLES 0
|
|
|
|
extern BOOLEAN ExpInTextModeSetup;
|
|
|
|
#define INVALID_HANDLE_VALUE ((HANDLE)-1)
|
|
|
|
typedef struct _DDBCACHE_ENTRY {
|
|
//
|
|
// These fields are used as matching critereon for cache lookup.
|
|
//
|
|
UNICODE_STRING Name; // Driver name
|
|
ULONG TimeDateStamp; // Link date of the driver
|
|
//
|
|
// Reference data for the cached entry.
|
|
//
|
|
NTSTATUS Status; // Status from the DDB lookup
|
|
GUID Guid;
|
|
|
|
} DDBCACHE_ENTRY, *PDDBCACHE_ENTRY;
|
|
|
|
#ifdef ALLOC_DATA_PRAGMA
|
|
#pragma data_seg("PAGEDATA")
|
|
#pragma const_seg("PAGECONST")
|
|
#endif
|
|
|
|
//
|
|
// Constants.
|
|
//
|
|
const PWSTR PiSetupDDBPath = TEXT("\\$WIN_NT$.~BT\\drvmain.sdb");
|
|
const PWSTR PiNormalDDBPath = TEXT("\\SystemRoot\\AppPatch\\drvmain.sdb");
|
|
//
|
|
// Data.
|
|
//
|
|
// Handle to the driver database.
|
|
//
|
|
HSDB PpDDBHandle = NULL;
|
|
//
|
|
// Copy to the in memory image of driver database. Used only during boot.
|
|
//
|
|
PVOID PpBootDDB = NULL;
|
|
//
|
|
// Lock for synchronizing access to the driver database.
|
|
//
|
|
ERESOURCE PiDDBLock;
|
|
//
|
|
// We use RTL AVL table for our cache.
|
|
//
|
|
RTL_GENERIC_TABLE PiDDBCacheTable;
|
|
//
|
|
// Number of drivers blocked this boot.
|
|
//
|
|
ULONG PpBlockedDriverCount = 0;
|
|
//
|
|
// Path for the DDB.
|
|
//
|
|
PWSTR PiDDBPath = NULL;
|
|
//
|
|
// Mask to record already logged events.
|
|
//
|
|
ULONG PiLoggedErrorEventsMask = 0;
|
|
|
|
#ifdef ALLOC_DATA_PRAGMA
|
|
#pragma data_seg()
|
|
#pragma const_seg()
|
|
#endif
|
|
|
|
NTSTATUS
|
|
PiLookupInDDB(
|
|
IN PUNICODE_STRING FullPath,
|
|
IN PVOID ImageBase,
|
|
IN ULONG ImageSize,
|
|
IN BOOLEAN IsFilter,
|
|
OUT LPGUID EntryGuid
|
|
);
|
|
|
|
NTSTATUS
|
|
PiIsDriverBlocked(
|
|
IN HSDB SdbHandle,
|
|
IN PUNICODE_STRING FullPath,
|
|
IN PVOID ImageBase,
|
|
IN ULONG ImageSize,
|
|
IN BOOLEAN IsFilter,
|
|
OUT LPGUID EntryGuid
|
|
);
|
|
|
|
VOID
|
|
PiLogDriverBlockedEvent(
|
|
IN PWCHAR InsertionString,
|
|
IN PVOID Data,
|
|
IN ULONG DataLength,
|
|
IN NTSTATUS Status
|
|
);
|
|
|
|
NTSTATUS
|
|
PiInitializeDDBCache(
|
|
VOID
|
|
);
|
|
|
|
RTL_GENERIC_COMPARE_RESULTS
|
|
NTAPI
|
|
PiCompareDDBCacheEntries(
|
|
IN PRTL_GENERIC_TABLE Table,
|
|
IN PVOID FirstStruct,
|
|
IN PVOID SecondStruct
|
|
);
|
|
|
|
NTSTATUS
|
|
PiLookupInDDBCache(
|
|
IN PUNICODE_STRING FullPath,
|
|
IN PVOID ImageBase,
|
|
IN ULONG ImageSize,
|
|
OUT LPGUID EntryGuid
|
|
);
|
|
|
|
VOID
|
|
PiUpdateDriverDBCache(
|
|
IN PUNICODE_STRING FullPath,
|
|
IN PVOID ImageBase,
|
|
IN ULONG ImageSize,
|
|
IN NTSTATUS Status,
|
|
IN GUID *Guid
|
|
);
|
|
|
|
#ifdef ALLOC_PRAGMA
|
|
#pragma alloc_text(INIT, PpInitializeBootDDB)
|
|
#pragma alloc_text(PAGE, PpReleaseBootDDB)
|
|
#pragma alloc_text(PAGE, PpCheckInDriverDatabase)
|
|
#pragma alloc_text(PAGE, PiLookupInDDB)
|
|
#pragma alloc_text(PAGE, PiIsDriverBlocked)
|
|
#pragma alloc_text(PAGE, PiLogDriverBlockedEvent)
|
|
#pragma alloc_text(PAGE, PiInitializeDDBCache)
|
|
#pragma alloc_text(PAGE, PiCompareDDBCacheEntries)
|
|
#pragma alloc_text(PAGE, PiLookupInDDBCache)
|
|
#pragma alloc_text(PAGE, PiUpdateDriverDBCache)
|
|
#pragma alloc_text(PAGE, PpGetBlockedDriverList)
|
|
#endif
|
|
|
|
NTSTATUS
|
|
PpInitializeBootDDB(
|
|
IN PLOADER_PARAMETER_BLOCK LoaderBlock
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine initializes the DDB from the image copied by ntldr.
|
|
|
|
Arguments:
|
|
|
|
LoaderBlock - Pointer to loader block.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS.
|
|
|
|
--*/
|
|
{
|
|
PAGED_CODE();
|
|
|
|
PpBlockedDriverCount = 0;
|
|
PpDDBHandle = NULL;
|
|
PpBootDDB = NULL;
|
|
//
|
|
// Initialize the lock for serializing access to the DDB.
|
|
//
|
|
ExInitializeResource(&PiDDBLock);
|
|
PiDDBPath = (ExpInTextModeSetup)? PiSetupDDBPath : PiNormalDDBPath;
|
|
//
|
|
// Initialize DDB cache.
|
|
//
|
|
PiInitializeDDBCache();
|
|
//
|
|
// Return failure if the loader did not load the database.
|
|
//
|
|
if (LoaderBlock->Extension->DrvDBSize == 0 ||
|
|
LoaderBlock->Extension->DrvDBImage == NULL) {
|
|
|
|
if (!(PiLoggedErrorEventsMask & DDB_BOOT_NOT_LOADED_ERROR)) {
|
|
|
|
IopDbgPrint((IOP_ERROR_LEVEL,
|
|
"PpInitializeDriverDB: Driver database not loaded!\n"));
|
|
|
|
PiLoggedErrorEventsMask |= DDB_BOOT_NOT_LOADED_ERROR;
|
|
PiLogDriverBlockedEvent(
|
|
TEXT("DATABASE NOT LOADED"),
|
|
NULL,
|
|
0,
|
|
STATUS_DRIVER_DATABASE_ERROR);
|
|
}
|
|
|
|
return STATUS_UNSUCCESSFUL;
|
|
}
|
|
//
|
|
// Make a copy of the database in pageable memory since the loader memory
|
|
// will soon get claimed.
|
|
// If this becomes a perf issue, we need to add
|
|
// support for a new loader memory type (PAGEABLE DATA).
|
|
//
|
|
PpBootDDB = ExAllocatePool(PagedPool, LoaderBlock->Extension->DrvDBSize);
|
|
if (PpBootDDB == NULL) {
|
|
|
|
IopDbgPrint((IOP_ERROR_LEVEL,
|
|
"PpInitializeDriverDB: Failed to allocate memory to copy driver database!\n"));
|
|
ASSERT(PpBootDDB);
|
|
|
|
if (!(PiLoggedErrorEventsMask & DDB_BOOT_OUT_OF_MEMORY_ERROR)) {
|
|
|
|
PiLoggedErrorEventsMask |= DDB_BOOT_OUT_OF_MEMORY_ERROR;
|
|
PiLogDriverBlockedEvent(
|
|
TEXT("OUT OF MEMORY"),
|
|
NULL,
|
|
0,
|
|
STATUS_DRIVER_DATABASE_ERROR);
|
|
}
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
}
|
|
RtlCopyMemory(PpBootDDB, LoaderBlock->Extension->DrvDBImage, LoaderBlock->Extension->DrvDBSize);
|
|
//
|
|
// Initialize the database from the memory image.
|
|
//
|
|
PpDDBHandle = SdbInitDatabaseInMemory(PpBootDDB, LoaderBlock->Extension->DrvDBSize);
|
|
if (PpDDBHandle == NULL) {
|
|
|
|
ExFreePool(PpBootDDB);
|
|
PpBootDDB = NULL;
|
|
IopDbgPrint((IOP_ERROR_LEVEL,
|
|
"PpInitializeDriverDB: Failed to initialize driver database!\n"));
|
|
ASSERT(PpDDBHandle);
|
|
|
|
if (!(PiLoggedErrorEventsMask & DDB_BOOT_INIT_ERROR)) {
|
|
|
|
PiLoggedErrorEventsMask |= DDB_BOOT_INIT_ERROR;
|
|
PiLogDriverBlockedEvent(
|
|
TEXT("INIT DATABASE FAILED"),
|
|
NULL,
|
|
0,
|
|
STATUS_DRIVER_DATABASE_ERROR);
|
|
}
|
|
|
|
return STATUS_UNSUCCESSFUL;
|
|
}
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
NTSTATUS
|
|
PpReleaseBootDDB(
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine frees up the boot DDB once we are dont loading most drivers
|
|
during boot.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE();
|
|
|
|
//
|
|
// Lock the DDB before freeing it.
|
|
//
|
|
KeEnterCriticalRegion();
|
|
ExAcquireResourceExclusiveLite(&PiDDBLock, TRUE);
|
|
//
|
|
// Free the DDB if any.
|
|
//
|
|
if (PpDDBHandle) {
|
|
|
|
ASSERT(PpBootDDB);
|
|
SdbReleaseDatabase(PpDDBHandle);
|
|
PpDDBHandle = NULL;
|
|
ExFreePool(PpBootDDB);
|
|
PpBootDDB = NULL;
|
|
status = STATUS_SUCCESS;
|
|
} else {
|
|
|
|
IopDbgPrint((IOP_WARNING_LEVEL,
|
|
"PpReleaseBootDDB called with uninitialized database!\n"));
|
|
status = STATUS_UNSUCCESSFUL;
|
|
}
|
|
//
|
|
// Unlock the DDB.
|
|
//
|
|
ExReleaseResourceLite(&PiDDBLock);
|
|
KeLeaveCriticalRegion();
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
PpCheckInDriverDatabase(
|
|
IN PUNICODE_STRING KeyName,
|
|
IN HANDLE KeyHandle,
|
|
IN PVOID ImageBase,
|
|
IN ULONG ImageSize,
|
|
IN BOOLEAN IsFilter,
|
|
OUT LPGUID EntryGuid
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine checks the DDB for the presence of this driver.
|
|
|
|
Arguments:
|
|
|
|
KeyName - Supplies a pointer to the driver's service key unicode string
|
|
|
|
KeyHandle - Supplies a handle to the driver service node in the registry
|
|
that describes the driver to be loaded.
|
|
|
|
Header - Driver image header.
|
|
|
|
IsFilter - Specifies whether this is a filter driver or not.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS status;
|
|
UNICODE_STRING fullPath;
|
|
|
|
PAGED_CODE();
|
|
//
|
|
// No driver blocking during textmode setup.
|
|
//
|
|
if (ExpInTextModeSetup) {
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
status = IopBuildFullDriverPath(KeyName, KeyHandle, &fullPath);
|
|
if (NT_SUCCESS(status)) {
|
|
//
|
|
// Lock the database access.
|
|
//
|
|
KeEnterCriticalRegion();
|
|
ExAcquireResourceExclusiveLite(&PiDDBLock, TRUE);
|
|
//
|
|
// First check the cache.
|
|
//
|
|
status = PiLookupInDDBCache(&fullPath, ImageBase, ImageSize, EntryGuid);
|
|
if (status == STATUS_UNSUCCESSFUL) {
|
|
//
|
|
// Cache miss, try the database.
|
|
//
|
|
status = PiLookupInDDB(&fullPath, ImageBase, ImageSize, IsFilter, EntryGuid);
|
|
}
|
|
//
|
|
// Unlock the database.
|
|
//
|
|
ExReleaseResourceLite(&PiDDBLock);
|
|
KeLeaveCriticalRegion();
|
|
|
|
ExFreePool(fullPath.Buffer);
|
|
} else {
|
|
|
|
IopDbgPrint((IOP_ERROR_LEVEL,
|
|
"IopCheckInDriverDatabase: Failed to build full driver path!\n"));
|
|
ASSERT(NT_SUCCESS(status));
|
|
|
|
if (!(PiLoggedErrorEventsMask & DDB_DRIVER_PATH_ERROR)) {
|
|
|
|
PiLoggedErrorEventsMask |= DDB_DRIVER_PATH_ERROR;
|
|
PiLogDriverBlockedEvent(
|
|
TEXT("BUILD DRIVER PATH FAILED"),
|
|
NULL,
|
|
0,
|
|
STATUS_DRIVER_DATABASE_ERROR);
|
|
}
|
|
}
|
|
//
|
|
// Ingore errors.
|
|
//
|
|
if (status != STATUS_DRIVER_BLOCKED &&
|
|
status != STATUS_DRIVER_BLOCKED_CRITICAL) {
|
|
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
PiLookupInDDB(
|
|
IN PUNICODE_STRING FullPath,
|
|
IN PVOID ImageBase,
|
|
IN ULONG ImageSize,
|
|
IN BOOLEAN IsFilter,
|
|
OUT LPGUID EntryGuid
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine checks the DDB for the presence of this driver. During BOOT,
|
|
it uses the boot DDB loaded by ntldr. Once the system is booted, it maps the
|
|
DDB in memory.
|
|
|
|
Arguments:
|
|
|
|
FullPath - Full driver path
|
|
|
|
Header - Driver image header.
|
|
|
|
IsFilter - Specifies whether this is a filter driver or not.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS.
|
|
|
|
--*/
|
|
{
|
|
UNICODE_STRING fileName;
|
|
OBJECT_ATTRIBUTES objectAttributes;
|
|
HANDLE sectionHandle, fileHandle;
|
|
NTSTATUS status, unmapStatus;
|
|
IO_STATUS_BLOCK ioStatus;
|
|
PVOID ddbAddress;
|
|
SIZE_T ddbSize;
|
|
|
|
PAGED_CODE();
|
|
|
|
fileHandle = (HANDLE)0;
|
|
sectionHandle = (HANDLE)0;
|
|
ddbAddress = NULL;
|
|
if (PpDDBHandle == NULL) {
|
|
//
|
|
// Map the database in memory and initialize it.
|
|
//
|
|
RtlInitUnicodeString(&fileName, PiDDBPath);
|
|
InitializeObjectAttributes(&objectAttributes,
|
|
&fileName,
|
|
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE),
|
|
NULL,
|
|
NULL);
|
|
status = ZwOpenFile (&fileHandle,
|
|
GENERIC_READ,
|
|
&objectAttributes,
|
|
&ioStatus,
|
|
FILE_SHARE_READ | FILE_SHARE_DELETE,
|
|
0);
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
if (!(PiLoggedErrorEventsMask & DDB_OPEN_FILE_ERROR)) {
|
|
|
|
IopDbgPrint((IOP_ERROR_LEVEL,
|
|
"PiLookupInDDB: Failed to open driver database %wZ!\n", &fileName));
|
|
|
|
PiLoggedErrorEventsMask |= DDB_OPEN_FILE_ERROR;
|
|
PiLogDriverBlockedEvent(
|
|
TEXT("DATABASE OPEN FAILED"),
|
|
NULL,
|
|
0,
|
|
STATUS_DRIVER_DATABASE_ERROR);
|
|
}
|
|
|
|
goto Cleanup;
|
|
}
|
|
status = ZwCreateSection(
|
|
§ionHandle,
|
|
SECTION_MAP_READ,
|
|
NULL,
|
|
NULL,
|
|
PAGE_READONLY,
|
|
SEC_COMMIT,
|
|
fileHandle);
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
IopDbgPrint((IOP_ERROR_LEVEL,
|
|
"PiLookupInDDB: Failed to create section to map driver database %wZ!\n", &fileName));
|
|
ASSERT(NT_SUCCESS(status));
|
|
|
|
if (!(PiLoggedErrorEventsMask & DDB_CREATE_SECTION_ERROR)) {
|
|
|
|
PiLoggedErrorEventsMask |= DDB_CREATE_SECTION_ERROR;
|
|
PiLogDriverBlockedEvent(
|
|
TEXT("DATABASE SECTION FAILED"),
|
|
NULL,
|
|
0,
|
|
STATUS_DRIVER_DATABASE_ERROR);
|
|
}
|
|
|
|
goto Cleanup;
|
|
}
|
|
ddbSize = 0;
|
|
status = ZwMapViewOfSection(
|
|
sectionHandle,
|
|
NtCurrentProcess(),
|
|
&ddbAddress,
|
|
0,
|
|
0,
|
|
NULL,
|
|
&ddbSize,
|
|
ViewShare,
|
|
0,
|
|
PAGE_READONLY
|
|
);
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
IopDbgPrint((IOP_ERROR_LEVEL,
|
|
"PiLookupInDDB: Failed to map driver database %wZ!\n", &fileName));
|
|
ASSERT(NT_SUCCESS(status));
|
|
|
|
if (!(PiLoggedErrorEventsMask & DDB_MAP_SECTION_ERROR)) {
|
|
|
|
PiLoggedErrorEventsMask |= DDB_MAP_SECTION_ERROR;
|
|
PiLogDriverBlockedEvent(
|
|
TEXT("DATABASE MAPPING FAILED"),
|
|
NULL,
|
|
0,
|
|
STATUS_DRIVER_DATABASE_ERROR);
|
|
}
|
|
|
|
goto Cleanup;
|
|
}
|
|
PpDDBHandle = SdbInitDatabaseInMemory(ddbAddress, (ULONG)ddbSize);
|
|
if (PpDDBHandle == NULL) {
|
|
|
|
IopDbgPrint((IOP_ERROR_LEVEL,
|
|
"PiLookupInDDB: Failed to initialize mapped driver database %wZ!\n", &fileName));
|
|
status = STATUS_UNSUCCESSFUL;
|
|
ASSERT(PpDDBHandle);
|
|
|
|
if (!(PiLoggedErrorEventsMask & DDB_MAPPED_INIT_ERROR)) {
|
|
|
|
PiLoggedErrorEventsMask |= DDB_MAPPED_INIT_ERROR;
|
|
PiLogDriverBlockedEvent(
|
|
TEXT("INIT DATABASE FAILED"),
|
|
NULL,
|
|
0,
|
|
STATUS_DRIVER_DATABASE_ERROR);
|
|
}
|
|
|
|
goto Cleanup;
|
|
}
|
|
}
|
|
//
|
|
// Lookup the driver in the DDB.
|
|
//
|
|
status = PiIsDriverBlocked(PpDDBHandle, FullPath, ImageBase, ImageSize, IsFilter, EntryGuid);
|
|
if (ddbAddress) {
|
|
|
|
SdbReleaseDatabase(PpDDBHandle);
|
|
PpDDBHandle = NULL;
|
|
}
|
|
|
|
Cleanup:
|
|
|
|
if (ddbAddress) {
|
|
|
|
unmapStatus = ZwUnmapViewOfSection(NtCurrentProcess(), ddbAddress);
|
|
ASSERT(NT_SUCCESS(unmapStatus));
|
|
}
|
|
if (sectionHandle) {
|
|
|
|
ZwClose(sectionHandle);
|
|
}
|
|
if (fileHandle) {
|
|
|
|
ZwClose(fileHandle);
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS
|
|
PiIsDriverBlocked(
|
|
IN HSDB SdbHandle,
|
|
IN PUNICODE_STRING FullPath,
|
|
IN PVOID ImageBase,
|
|
IN ULONG ImageSize,
|
|
IN BOOLEAN IsFilter,
|
|
OUT LPGUID EntryGuid
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine checks the DDB for the presence of this driver. During BOOT,
|
|
it uses the boot DDB loaded by ntldr. Once the system is booted, it maps the
|
|
DDB in memory.
|
|
|
|
Arguments:
|
|
|
|
SdbHandle - Handle to the DDB to be used.
|
|
|
|
FullPath - Full driver path
|
|
|
|
Header - Driver image header.
|
|
|
|
IsFilter - Specifies whether this is a filter driver or not.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS status;
|
|
TAGREF driverTag;
|
|
SDBENTRYINFO entryInfo;
|
|
ULONG type, size, policy;
|
|
HANDLE fileHandle;
|
|
PWCHAR fileName;
|
|
|
|
#ifdef USE_HANDLES
|
|
UNICODE_STRING fileName;
|
|
OBJECT_ATTRIBUTES objectAttributes;
|
|
IO_STATUS_BLOCK ioStatus;
|
|
#endif
|
|
|
|
PAGED_CODE();
|
|
|
|
fileHandle = INVALID_HANDLE_VALUE;
|
|
|
|
ASSERT(ARGUMENT_PRESENT(EntryGuid));
|
|
|
|
#ifdef USE_HANDLES
|
|
if (PnPBootDriversInitialized) {
|
|
|
|
RtlInitUnicodeString(&fileName, FullPath->Buffer);
|
|
InitializeObjectAttributes(&objectAttributes,
|
|
&fileName,
|
|
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE),
|
|
NULL,
|
|
NULL);
|
|
status = ZwOpenFile (&fileHandle,
|
|
GENERIC_READ,
|
|
&objectAttributes,
|
|
&ioStatus,
|
|
FILE_SHARE_READ | FILE_SHARE_DELETE,
|
|
0);
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
IopDbgPrint((IOP_ERROR_LEVEL,
|
|
"PiIsDriverBlocked: Failed to open driver %wZ!\n", FullPath));
|
|
ASSERT(NT_SUCCESS(status));
|
|
fileHandle = INVALID_HANDLE_VALUE;
|
|
}
|
|
}
|
|
#endif
|
|
|
|
ASSERT(SdbHandle != NULL);
|
|
driverTag = SdbGetDatabaseMatch(SdbHandle, FullPath->Buffer, fileHandle, ImageBase, ImageSize);
|
|
if (TAGREF_NULL != driverTag) {
|
|
//
|
|
// Read the driver policy (we care only about bit 0).
|
|
//
|
|
size = sizeof(policy);
|
|
type = REG_DWORD;
|
|
if ( SdbQueryDriverInformation( SdbHandle,
|
|
driverTag,
|
|
L"Policy",
|
|
&type,
|
|
&policy,
|
|
&size) != ERROR_SUCCESS ||
|
|
(policy & DDB_DRIVER_POLICY_CRITICAL_BIT) == 0 || IsFilter == FALSE) {
|
|
|
|
status = STATUS_DRIVER_BLOCKED_CRITICAL;
|
|
} else {
|
|
//
|
|
// Bit 0 of POLICY==1 for a filter, means ok to start the devnode minus this filter.
|
|
//
|
|
status = STATUS_DRIVER_BLOCKED;
|
|
}
|
|
if (!SdbReadDriverInformation(SdbHandle, driverTag, &entryInfo)) {
|
|
|
|
IopDbgPrint((IOP_ERROR_LEVEL,
|
|
"PiIsDriverBlocked: Failed to read the GUID from the database for driver %wZ!\n", FullPath));
|
|
ASSERT(0);
|
|
|
|
if (!(PiLoggedErrorEventsMask & DDB_READ_INFORMATION_ERROR)) {
|
|
|
|
PiLoggedErrorEventsMask |= DDB_READ_INFORMATION_ERROR;
|
|
PiLogDriverBlockedEvent(
|
|
TEXT("READ DRIVER ID FAILED"),
|
|
NULL,
|
|
0,
|
|
STATUS_DRIVER_DATABASE_ERROR);
|
|
}
|
|
|
|
} else {
|
|
|
|
IopDbgPrint((IOP_INFO_LEVEL,
|
|
"PiIsDriverBlocked: Driver entry GUID = {%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}\n",
|
|
entryInfo.guidID.Data1,
|
|
entryInfo.guidID.Data2,
|
|
entryInfo.guidID.Data3,
|
|
entryInfo.guidID.Data4[0],
|
|
entryInfo.guidID.Data4[1],
|
|
entryInfo.guidID.Data4[2],
|
|
entryInfo.guidID.Data4[3],
|
|
entryInfo.guidID.Data4[4],
|
|
entryInfo.guidID.Data4[5],
|
|
entryInfo.guidID.Data4[6],
|
|
entryInfo.guidID.Data4[7]
|
|
));
|
|
}
|
|
} else {
|
|
//
|
|
// Driver not found in the database.
|
|
//
|
|
status = STATUS_SUCCESS;
|
|
}
|
|
//
|
|
// Write an entry to the event log.
|
|
//
|
|
if (status == STATUS_DRIVER_BLOCKED_CRITICAL ||
|
|
status == STATUS_DRIVER_BLOCKED) {
|
|
|
|
IopDbgPrint((IOP_ERROR_LEVEL,
|
|
"PiIsDriverBlocked: %wZ blocked from loading!!!\n", FullPath));
|
|
|
|
fileName = wcsrchr(FullPath->Buffer, L'\\');
|
|
if (fileName == NULL) {
|
|
|
|
fileName = FullPath->Buffer;
|
|
} else {
|
|
|
|
fileName++;
|
|
}
|
|
PiLogDriverBlockedEvent(
|
|
fileName,
|
|
&entryInfo.guidID,
|
|
sizeof(entryInfo.guidID),
|
|
status);
|
|
}
|
|
//
|
|
// Update the cache if neccessary.
|
|
//
|
|
if (status == STATUS_DRIVER_BLOCKED_CRITICAL ||
|
|
status == STATUS_DRIVER_BLOCKED ||
|
|
status == STATUS_SUCCESS) {
|
|
//
|
|
// Update our cache with the results.
|
|
//
|
|
PiUpdateDriverDBCache(
|
|
FullPath,
|
|
ImageBase,
|
|
ImageSize,
|
|
status,
|
|
&entryInfo.guidID);
|
|
}
|
|
|
|
//
|
|
// If the driver was blocked, return the entry GUID.
|
|
//
|
|
if ((status == STATUS_DRIVER_BLOCKED_CRITICAL ||
|
|
status == STATUS_DRIVER_BLOCKED) && (ARGUMENT_PRESENT(EntryGuid))) {
|
|
RtlCopyMemory(EntryGuid, &entryInfo.guidID, sizeof(GUID));
|
|
}
|
|
|
|
if (fileHandle != INVALID_HANDLE_VALUE) {
|
|
|
|
ZwClose(fileHandle);
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
VOID
|
|
PiLogDriverBlockedEvent(
|
|
IN PWCHAR InsertionString,
|
|
IN PVOID Data,
|
|
IN ULONG DataLength,
|
|
IN NTSTATUS Status
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine logs the driver block event.
|
|
|
|
Arguments:
|
|
|
|
FullPath - Full driver path
|
|
|
|
Data - Data to be logged
|
|
|
|
DataLength - Length of data (in bytes)
|
|
|
|
Status - Status code to be logged
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
{
|
|
PWCHAR name;
|
|
ULONG size, stringLength;
|
|
PIO_ERROR_LOG_PACKET errorLogEntry;
|
|
|
|
PAGED_CODE();
|
|
|
|
stringLength = (wcslen(InsertionString) * sizeof(WCHAR)) + sizeof(UNICODE_NULL);
|
|
size = (sizeof(IO_ERROR_LOG_PACKET) - sizeof(ULONG)) +
|
|
DataLength + stringLength;
|
|
if (size <= ERROR_LOG_MAXIMUM_SIZE) {
|
|
|
|
errorLogEntry = IoAllocateGenericErrorLogEntry((UCHAR)size);
|
|
if (errorLogEntry) {
|
|
|
|
RtlZeroMemory(errorLogEntry, size);
|
|
errorLogEntry->ErrorCode = Status;
|
|
errorLogEntry->FinalStatus = Status;
|
|
errorLogEntry->DumpDataSize = (USHORT)DataLength;
|
|
if (Data) {
|
|
|
|
RtlCopyMemory(&errorLogEntry->DumpData[0], Data, DataLength);
|
|
}
|
|
errorLogEntry->NumberOfStrings = 1;
|
|
errorLogEntry->StringOffset = (USHORT)(((PUCHAR)&errorLogEntry->DumpData[0] + errorLogEntry->DumpDataSize) - (PUCHAR)errorLogEntry);
|
|
RtlCopyMemory(((PUCHAR)errorLogEntry + errorLogEntry->StringOffset), InsertionString, stringLength);
|
|
IoWriteErrorLogEntry(errorLogEntry);
|
|
}
|
|
} else {
|
|
|
|
ASSERT(size <= ERROR_LOG_MAXIMUM_SIZE);
|
|
}
|
|
}
|
|
|
|
NTSTATUS
|
|
PiInitializeDDBCache(
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine initializes the RTL Generic table that is used as the cache
|
|
layer on top of DDB.
|
|
|
|
Arguments:
|
|
|
|
None
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
{
|
|
PAGED_CODE();
|
|
|
|
RtlInitializeGenericTable(
|
|
&PiDDBCacheTable,
|
|
PiCompareDDBCacheEntries,
|
|
PiAllocateGenericTableEntry,
|
|
PiFreeGenericTableEntry,
|
|
NULL);
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
RTL_GENERIC_COMPARE_RESULTS
|
|
NTAPI
|
|
PiCompareDDBCacheEntries(
|
|
IN PRTL_GENERIC_TABLE Table,
|
|
IN PVOID FirstStruct,
|
|
IN PVOID SecondStruct
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is the callback for the generic table routines.
|
|
|
|
Arguments:
|
|
|
|
Table - Table for which this is invoked.
|
|
|
|
FirstStruct - An element in the table to compare.
|
|
|
|
SecondStruct - Another element in the table to compare.
|
|
|
|
Return Value:
|
|
|
|
RTL_GENERIC_COMPARE_RESULTS.
|
|
|
|
--*/
|
|
{
|
|
PDDBCACHE_ENTRY lhs = (PDDBCACHE_ENTRY)FirstStruct;
|
|
PDDBCACHE_ENTRY rhs = (PDDBCACHE_ENTRY)SecondStruct;
|
|
LONG result;
|
|
|
|
PAGED_CODE();
|
|
|
|
result = RtlCompareUnicodeString(&lhs->Name, &rhs->Name, TRUE);
|
|
if (result < 0) {
|
|
|
|
return GenericLessThan;
|
|
} else if (result > 0) {
|
|
|
|
return GenericGreaterThan;
|
|
}
|
|
if (!Table->TableContext) {
|
|
//
|
|
// Link date as other matching criteria.
|
|
//
|
|
if (lhs->TimeDateStamp < rhs->TimeDateStamp) {
|
|
|
|
return GenericLessThan;
|
|
} else if (lhs->TimeDateStamp > rhs->TimeDateStamp) {
|
|
|
|
return GenericGreaterThan;
|
|
}
|
|
}
|
|
|
|
return GenericEqual;
|
|
}
|
|
|
|
NTSTATUS
|
|
PiLookupInDDBCache(
|
|
IN PUNICODE_STRING FullPath,
|
|
IN PVOID ImageBase,
|
|
IN ULONG ImageSize,
|
|
OUT LPGUID EntryGuid
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine looks up the driver in the DDB cache.
|
|
|
|
Arguments:
|
|
|
|
FullPath - Full driver path
|
|
|
|
Header - Driver image header
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS status;
|
|
PDDBCACHE_ENTRY cachedEntry;
|
|
DDBCACHE_ENTRY key;
|
|
PIMAGE_NT_HEADERS header;
|
|
|
|
PAGED_CODE();
|
|
|
|
ASSERT(ARGUMENT_PRESENT(EntryGuid));
|
|
|
|
status = STATUS_UNSUCCESSFUL;
|
|
PiDDBCacheTable.TableContext = NULL;
|
|
if (!RtlIsGenericTableEmpty(&PiDDBCacheTable)) {
|
|
//
|
|
// Lookup in the cache.
|
|
//
|
|
header = RtlImageNtHeader(ImageBase);
|
|
key.Name.Buffer = wcsrchr(FullPath->Buffer, L'\\');
|
|
if (!key.Name.Buffer) {
|
|
|
|
key.Name.Buffer = FullPath->Buffer;
|
|
}
|
|
key.Name.Length = wcslen(key.Name.Buffer) * sizeof(WCHAR);
|
|
key.Name.MaximumLength = key.Name.Length + sizeof(UNICODE_NULL);
|
|
key.TimeDateStamp = header->FileHeader.TimeDateStamp;
|
|
cachedEntry = (PDDBCACHE_ENTRY)RtlLookupElementGenericTable(
|
|
&PiDDBCacheTable,
|
|
&key);
|
|
if (cachedEntry) {
|
|
|
|
IopDbgPrint((IOP_WARNING_LEVEL,
|
|
"PiLookupInDDBCache: Found cached entry for %ws (status = %08x)!\n",
|
|
cachedEntry->Name.Buffer,
|
|
cachedEntry->Status));
|
|
status = cachedEntry->Status;
|
|
|
|
if (ARGUMENT_PRESENT(EntryGuid)) {
|
|
RtlCopyMemory(EntryGuid, &cachedEntry->Guid, sizeof(GUID));
|
|
}
|
|
}
|
|
}
|
|
|
|
return status;
|
|
}
|
|
|
|
VOID
|
|
PiUpdateDriverDBCache(
|
|
IN PUNICODE_STRING FullPath,
|
|
IN PVOID ImageBase,
|
|
IN ULONG ImageSize,
|
|
IN NTSTATUS Status,
|
|
IN GUID *Guid
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine updates the DDB cache with information about this driver.
|
|
|
|
Arguments:
|
|
|
|
FullPath - Full driver path
|
|
|
|
Header - Driver image header
|
|
|
|
Status - Lookup status to be cached.
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS.
|
|
|
|
--*/
|
|
{
|
|
PDDBCACHE_ENTRY cachedEntry;
|
|
DDBCACHE_ENTRY key;
|
|
PWCHAR name;
|
|
PIMAGE_NT_HEADERS header;
|
|
|
|
PAGED_CODE();
|
|
|
|
header = RtlImageNtHeader(ImageBase);
|
|
//
|
|
// We only want to match using name while updating the cache.
|
|
//
|
|
PiDDBCacheTable.TableContext = (PVOID)1;
|
|
key.Name = *FullPath;
|
|
cachedEntry = (PDDBCACHE_ENTRY)RtlLookupElementGenericTable(
|
|
&PiDDBCacheTable,
|
|
&key);
|
|
if (cachedEntry) {
|
|
|
|
IopDbgPrint((IOP_INFO_LEVEL,
|
|
"PiUpdateDriverDBCache: Found previously cached entry for %wZ with status=%08x!\n",
|
|
&cachedEntry->Name,
|
|
cachedEntry->Status));
|
|
if (cachedEntry->Status != STATUS_SUCCESS) {
|
|
|
|
PpBlockedDriverCount--;
|
|
}
|
|
//
|
|
// Remove any previous entry.
|
|
//
|
|
name = cachedEntry->Name.Buffer;
|
|
RtlDeleteElementGenericTable(&PiDDBCacheTable, &key);
|
|
ExFreePool(name);
|
|
}
|
|
//
|
|
// Cache the new entry.
|
|
//
|
|
key.Guid = *Guid;
|
|
key.Status = Status;
|
|
key.TimeDateStamp = header->FileHeader.TimeDateStamp;
|
|
name = wcsrchr(FullPath->Buffer, L'\\');
|
|
if (!name) {
|
|
|
|
name = FullPath->Buffer;
|
|
}
|
|
key.Name.Length = key.Name.MaximumLength = wcslen(name) * sizeof(WCHAR);
|
|
key.Name.Buffer = ExAllocatePool(PagedPool, key.Name.MaximumLength);
|
|
if (key.Name.Buffer) {
|
|
|
|
RtlCopyMemory(key.Name.Buffer, name, key.Name.Length);
|
|
RtlInsertElementGenericTable(
|
|
&PiDDBCacheTable,
|
|
(PVOID)&key,
|
|
(CLONG)sizeof(DDBCACHE_ENTRY),
|
|
NULL);
|
|
} else {
|
|
|
|
IopDbgPrint((IOP_WARNING_LEVEL,
|
|
"PiUpdateDriverDBCache: Could not allocate memory to update driver database cache!\n"));
|
|
}
|
|
if (Status != STATUS_SUCCESS) {
|
|
|
|
PpBlockedDriverCount++;
|
|
}
|
|
}
|
|
|
|
NTSTATUS
|
|
PpGetBlockedDriverList(
|
|
IN OUT GUID *Buffer,
|
|
IN OUT PULONG Size,
|
|
IN ULONG Flags
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine returns the MULTI_SZ list of currently blocked drivers.
|
|
|
|
Arguments:
|
|
|
|
Buffer - Recieves the MULTI_SZ list of drivers blocked.
|
|
|
|
Size - Buffer size on input, the actual size gets returned in this (both in
|
|
characters).
|
|
|
|
Return Value:
|
|
|
|
NTSTATUS.
|
|
|
|
--*/
|
|
{
|
|
PDDBCACHE_ENTRY ptr;
|
|
ULONG resultSize;
|
|
GUID *result;
|
|
NTSTATUS status;
|
|
|
|
PAGED_CODE();
|
|
|
|
resultSize = 0;
|
|
|
|
//
|
|
// Lock the database access.
|
|
//
|
|
KeEnterCriticalRegion();
|
|
ExAcquireResourceExclusiveLite(&PiDDBLock, TRUE);
|
|
|
|
//
|
|
// Enumerate all entries in our cache and compute the buffer size to hold
|
|
// the MULTI_SZ string.
|
|
//
|
|
for (ptr = (PDDBCACHE_ENTRY)RtlEnumerateGenericTable(&PiDDBCacheTable, TRUE);
|
|
ptr != NULL;
|
|
ptr = (PDDBCACHE_ENTRY)RtlEnumerateGenericTable(&PiDDBCacheTable, FALSE)) {
|
|
|
|
if (ptr->Status != STATUS_SUCCESS) {
|
|
|
|
resultSize += sizeof(GUID);
|
|
}
|
|
}
|
|
if (*Size >= resultSize) {
|
|
//
|
|
// Enumerate all entries in our cache.
|
|
//
|
|
result = Buffer;
|
|
for (ptr = (PDDBCACHE_ENTRY)RtlEnumerateGenericTable(&PiDDBCacheTable, TRUE);
|
|
ptr != NULL;
|
|
ptr = (PDDBCACHE_ENTRY)RtlEnumerateGenericTable(&PiDDBCacheTable, FALSE)) {
|
|
|
|
if (ptr->Status != STATUS_SUCCESS) {
|
|
|
|
*result = ptr->Guid;
|
|
result++;
|
|
}
|
|
}
|
|
*Size = resultSize;
|
|
status = STATUS_SUCCESS;
|
|
} else {
|
|
|
|
*Size = resultSize;
|
|
status = STATUS_BUFFER_TOO_SMALL;
|
|
}
|
|
//
|
|
// Unlock the database.
|
|
//
|
|
ExReleaseResourceLite(&PiDDBLock);
|
|
KeLeaveCriticalRegion();
|
|
|
|
return status;
|
|
}
|
|
|