Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1670 lines
49 KiB

/*++
Copyright (c) 1997-1999 Microsoft Corporation
Module Name:
api.c
Abstract:
Api entrypoints to WMI
Author:
AlanWar
Environment:
Kernel Mode
Revision History:
--*/
#include "wmikmp.h"
#ifndef MEMPHIS
#include "evntrace.h"
#include "tracep.h"
#endif
BOOLEAN WMIInitialize(
ULONG Phase,
PVOID LoaderBlock
);
NTSTATUS IoWMIRegistrationControl(
IN PDEVICE_OBJECT DeviceObject,
IN ULONG Action
);
NTSTATUS IoWMISuggestInstanceName(
IN PDEVICE_OBJECT PhysicalDeviceObject OPTIONAL,
IN PUNICODE_STRING SymbolicLinkName OPTIONAL,
IN BOOLEAN CombineNames,
OUT PUNICODE_STRING SuggestedInstanceName
);
#ifdef ALLOC_PRAGMA
#ifndef MEMPHIS
#pragma alloc_text(INIT,WMIInitialize)
#endif
#pragma alloc_text(PAGE,IoWMIRegistrationControl)
#pragma alloc_text(PAGE,IoWMIAllocateInstanceIds)
#pragma alloc_text(PAGE,IoWMISuggestInstanceName)
#pragma alloc_text(PAGE,IoWMIOpenBlock)
#pragma alloc_text(PAGE,IoWMIQueryAllData)
#pragma alloc_text(PAGE,IoWMIQueryAllDataMultiple)
#pragma alloc_text(PAGE,IoWMIQuerySingleInstance)
#pragma alloc_text(PAGE,IoWMIQuerySingleInstanceMultiple)
#pragma alloc_text(PAGE,IoWMISetSingleInstance)
#pragma alloc_text(PAGE,IoWMISetSingleItem)
#pragma alloc_text(PAGE,IoWMISetNotificationCallback)
#pragma alloc_text(PAGE,IoWMIExecuteMethod)
#endif
#ifdef MEMPHIS
BOOLEAN WmipInitialized;
#endif
//
// Mutex used to ensure single access to InstanceId chunks
PINSTIDCHUNK WmipInstIdChunkHead;
NTSTATUS
WmipDriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
);
BOOLEAN WMIInitialize(
ULONG Phase,
PVOID LoaderBlockPtr
)
/*++
Routine Description:
This routine is the initialization routine for WMI and is called by IO
within IoInitSystem on NT. On memphis it is called the firest time
that IoWMIRegistrationControl is called. This routine asssumes that the
IO system is initialized enough to call IoCreateDriver. The rest of the
initialization occurs in the DriverEntry routine.
Arguments:
Pass specifies the pass of initalization needed
Return Value:
TRUE if initialization was successful
--*/
{
#ifndef MEMPHIS
//
// We name the driver this so that any eventlogs fired will have the
// source name WMIxWDM and thus get the eventlog messages from
// ntiologc.mc
//
#define WMIDRIVERNAME L"\\Driver\\WMIxWDM"
UNICODE_STRING DriverName;
#endif
NTSTATUS Status;
if (Phase == 0)
{
WmipAssert(WmipServiceDeviceObject == NULL);
WmipAssert(LoaderBlockPtr != NULL);
#ifdef MEMPHIS
Status = IoCreateDriver(NULL, WmipDriverEntry);
WmipInitialized = TRUE;
#else
RtlInitUnicodeString(&DriverName, WMIDRIVERNAME);
Status = IoCreateDriver(&DriverName, WmipDriverEntry);
#endif
#if defined(_IA64_) // EFI actually
WmipGetSMBiosFromLoaderBlock(LoaderBlockPtr);
#endif
} else {
WmipAssert(LoaderBlockPtr == NULL);
WmipInitializeRegistration(Phase);
Status = STATUS_SUCCESS;
}
#if defined(_IA64_)
//
// Give MCA a chance to init during phase 0 and 1
//
WmipRegisterMcaHandler(Phase);
#endif
return(NT_SUCCESS(Status));
}
NTSTATUS IoWMIRegistrationControl(
IN PDEVICE_OBJECT DeviceObject,
IN ULONG Action
)
/*++
Routine Description:
This routine informs WMI of the existence and disappearance of a device
object that would support WMI.
Arguments:
DeviceObject - Pointer to device object or callback address
Action - Registration action code
WMIREG_ACTION_REGISTER - If set action is to inform WMI that the
device object supports and is ready to receive WMI IRPS.
WMIREG_ACTION_DEREGISTER - If set action is to inform WMI that the
device object no longer supports and is not ready to receive WMI
IRPS.
WMIREG_ACTION_REREGISTER - If set action is to requery the device
object for the guids that it supports. This has the effect of
deregistering followed by registering.
WMIREG_ACTION_UPDATE_GUIDS - If set action is to query for information
that is used to update already registered guids.
WMIREG_ACTION_BLOCK_IRPS - If set action is to block any further irps
from being sent to the device. The irps are failed by WMI.
If the WMIREG_FLAG_CALLBACK is set then DeviceObject actually specifies a callback
address and not a DeviceObject
Return Value:
Returns status code
--*/
{
#ifdef MEMPHIS
//
// make sure this matches with the value in io.h
#define WMIREG_FLAG_CALLBACK 0x80000000
#endif
NTSTATUS Status;
#ifdef MEMPHIS
BOOLEAN IsCallback = ((Action & WMIREG_FLAG_CALLBACK) == WMIREG_FLAG_CALLBACK);
#endif
ULONG RegistrationFlag = 0;
ULONG IsTraceProvider = FALSE;
ULONG TraceClass;
PREGENTRY RegEntry;
PAGED_CODE();
#ifdef MEMPHIS
if (! WmipInitialized)
{
WMIInitialize();
}
//
// Callbacks are not supported on memphis
if (IsCallback)
{
WmipDebugPrintEx((DPFLTR_WMICORE_ID, DPFLTR_INFO_LEVEL,
"WMI: Callback registrations not supported %x\n",
DeviceObject));
return(STATUS_NOT_IMPLEMENTED);
}
#endif
if (WmipIsWmiNotSetupProperly())
{
return(STATUS_UNSUCCESSFUL);
}
if (Action & WMIREG_FLAG_CALLBACK)
{
RegistrationFlag |= WMIREG_FLAG_CALLBACK;
Action &= ~WMIREG_FLAG_CALLBACK;
}
#ifndef MEMPHIS
if (Action & WMIREG_FLAG_TRACE_PROVIDER)
{
TraceClass = Action & WMIREG_FLAG_TRACE_NOTIFY_MASK;
Action &= ~WMIREG_FLAG_TRACE_PROVIDER & ~WMIREG_FLAG_TRACE_NOTIFY_MASK;
IsTraceProvider = TRUE;
RegistrationFlag |= WMIREG_FLAG_TRACE_PROVIDER | TraceClass;
}
#endif
switch(Action)
{
case WMIREG_ACTION_REGISTER:
{
Status = WmipRegisterDevice(
DeviceObject,
RegistrationFlag);
#ifndef MEMPHIS
if (IsTraceProvider)
{
WmipSetTraceNotify(DeviceObject, TraceClass, TRUE);
}
break;
#endif
}
case WMIREG_ACTION_DEREGISTER:
{
Status = WmipDeregisterDevice(DeviceObject);
break;
}
case WMIREG_ACTION_REREGISTER:
{
Status = WmipDeregisterDevice(DeviceObject);
if (NT_SUCCESS(Status))
{
Status = WmipRegisterDevice(
DeviceObject,
RegistrationFlag);
}
break;
}
case WMIREG_ACTION_UPDATE_GUIDS:
{
Status = WmipUpdateRegistration(DeviceObject);
break;
}
#ifndef MEMPHIS
case WMIREG_ACTION_BLOCK_IRPS:
{
RegEntry = WmipFindRegEntryByDevice(DeviceObject, FALSE);
if (RegEntry != NULL)
{
//
// Mark the regentry as invalid so that no more irps
// are sent to the device and the event will set when
// the last irp completes.
WmipEnterSMCritSection();
RegEntry->Flags |= REGENTRY_FLAG_NOT_ACCEPTING_IRPS;
WmipLeaveSMCritSection();
WmipUnreferenceRegEntry(RegEntry);
Status = STATUS_SUCCESS;
} else {
Status = STATUS_INVALID_PARAMETER;
}
break;
}
#endif
default:
{
Status = STATUS_INVALID_PARAMETER;
break;
}
}
return(Status);
}
NTSTATUS IoWMIAllocateInstanceIds(
IN GUID *Guid,
IN ULONG InstanceCount,
OUT ULONG *FirstInstanceId
)
/*++
Routine Description:
This routine allocates a range of instance ids that are unique to the
guid. This routine is to be called only at PASSIVE_LEVEL.
Arguments:
Guid - Pointer to guid for which instance ids are needed.
InstanceCount - Count of instance ids to allocate.
*FirstInstanceId - Returns first instance id in the range.
Return Value:
Returns a status code
--*/
{
PINSTIDCHUNK InstIdChunk, LastInstIdChunk = NULL;
PINSTID InstId;
ULONG i;
PAGED_CODE();
#ifdef MEMPHIS
if (! WmipInitialized)
{
WMIInitialize();
}
#endif
if (WmipIsWmiNotSetupProperly())
{
return(STATUS_UNSUCCESSFUL);
}
WmipEnterSMCritSection();
//
// See if the guid is already in the list
InstIdChunk = WmipInstIdChunkHead;
while (InstIdChunk != NULL)
{
for (i = 0; i < INSTIDSPERCHUNK; i++)
{
InstId = &InstIdChunk->InstId[i];
if (InstId->BaseId == ~0)
{
//
// Since InstIds are always filled sequentially and are
// never freed, if we hit a free one then we know that
// our guid is not in the list and we need to fill in a
// new entry.
goto FillInstId;
}
if (IsEqualGUID(Guid, &InstId->Guid))
{
//
// We found an entry for our guid so use its information
*FirstInstanceId = InstId->BaseId;
InstId->BaseId += InstanceCount;
WmipLeaveSMCritSection();
return(STATUS_SUCCESS);
}
}
LastInstIdChunk = InstIdChunk;
InstIdChunk = InstIdChunk->Next;
}
//
// We need to allocate a brand new chunk to accomodate the entry
InstIdChunk = ExAllocatePoolWithTag(PagedPool,
sizeof(INSTIDCHUNK),
WMIIIPOOLTAG);
if (InstIdChunk != NULL)
{
RtlFillMemory(InstIdChunk, sizeof(INSTIDCHUNK), 0xff);
InstIdChunk->Next = NULL;
if (LastInstIdChunk == NULL)
{
WmipInstIdChunkHead = InstIdChunk;
} else {
LastInstIdChunk->Next = InstIdChunk;
}
InstId = &InstIdChunk->InstId[0];
} else {
WmipLeaveSMCritSection();
return(STATUS_INSUFFICIENT_RESOURCES);
}
FillInstId:
RtlCopyMemory(&InstId->Guid, Guid, sizeof(GUID));
InstId->BaseId = InstanceCount;
WmipLeaveSMCritSection();
*FirstInstanceId = 0;
return(STATUS_SUCCESS);
}
NTSTATUS IoWMISuggestInstanceName(
IN PDEVICE_OBJECT PhysicalDeviceObject OPTIONAL,
IN PUNICODE_STRING SymbolicLinkName OPTIONAL,
IN BOOLEAN CombineNames,
OUT PUNICODE_STRING SuggestedInstanceName
)
/*++
Routine Description:
This routine is used by a device driver to suggest a base name with which
to build WMI instance names for the device. A driver is not bound to
follow the instance name returned.
Arguments:
PhysicalDeviceObject - PDO of device for which a suggested instance name
is being requested
SymbolicLinkName - Symbolic link name returned from
IoRegisterDeviceInterface.
CombineNames - If TRUE then the suggested names arising from the
PhysicalDeviceObject and the SymbolicLinkName are combined to create
the resultant suggested name.
SuggestedInstanceName - Supplies a pointer to an empty (i.e., Buffer
field set to NULL) UNICODE_STRING structure which, upon success, will
be set to a newly-allocated string buffer containing the suggested
instance name. The caller is responsible for freeing
SuggestedInstanceName->Buffer when it is no longer needed.
Note: If CombineNames is TRUE then both PhysicalDeviceObject and
SymbolicLinkName must be specified. Otherwise only one of them
must be specified.
Return Value:
Returns a status code
--*/
{
ULONG Status = STATUS_INVALID_PARAMETER_MIX;
ULONG DeviceDescSizeRequired;
ULONG DeviceDescSize;
PWCHAR DeviceDescBuffer;
HANDLE DeviceInstanceKey;
PKEY_VALUE_FULL_INFORMATION InfoBuffer;
PWCHAR SymLinkDescBuffer;
ULONG InfoSizeRequired;
ULONG ResultDescSize;
PWCHAR ResultDescBuffer;
UNICODE_STRING DefaultValue;
PAGED_CODE();
#ifdef MEMPHIS
if (! WmipInitialized)
{
WMIInitialize();
}
#endif
if (WmipIsWmiNotSetupProperly())
{
return(STATUS_UNSUCCESSFUL);
}
DeviceDescBuffer = NULL;
DeviceDescSizeRequired = 0;
DeviceDescSize = 0;
if (PhysicalDeviceObject != NULL)
{
Status = IoGetDeviceProperty(PhysicalDeviceObject,
DevicePropertyDeviceDescription,
DeviceDescSize,
DeviceDescBuffer,
&DeviceDescSizeRequired);
if (Status == STATUS_BUFFER_TOO_SMALL)
{
DeviceDescBuffer = ExAllocatePoolWithTag(PagedPool,
DeviceDescSizeRequired,
WMIPOOLTAG);
if (DeviceDescBuffer == NULL)
{
return(STATUS_INSUFFICIENT_RESOURCES);
}
DeviceDescSize = DeviceDescSizeRequired;
Status = IoGetDeviceProperty(PhysicalDeviceObject,
DevicePropertyDeviceDescription,
DeviceDescSize,
DeviceDescBuffer,
&DeviceDescSizeRequired);
if (! NT_SUCCESS(Status))
{
ExFreePool(DeviceDescBuffer);
return(Status);
}
} else if (! NT_SUCCESS(Status)) {
return(Status);
}
}
if (SymbolicLinkName != NULL)
{
Status = IoOpenDeviceInterfaceRegistryKey(SymbolicLinkName,
KEY_ALL_ACCESS,
&DeviceInstanceKey);
if (NT_SUCCESS(Status))
{
//
// Figure out how big the data value is so that a buffer of the
// appropriate size can be allocated.
DefaultValue.Length = 0;
DefaultValue.MaximumLength= 0;
DefaultValue.Buffer = NULL;
Status = ZwQueryValueKey( DeviceInstanceKey,
&DefaultValue,
KeyValueFullInformation,
(PVOID) NULL,
0,
&InfoSizeRequired );
if (Status == STATUS_BUFFER_OVERFLOW ||
Status == STATUS_BUFFER_TOO_SMALL)
{
InfoBuffer = ExAllocatePoolWithTag(PagedPool,
InfoSizeRequired,
WMIPOOLTAG);
if (InfoBuffer != NULL)
{
Status = ZwQueryValueKey(DeviceInstanceKey,
&DefaultValue,
KeyValueFullInformation,
InfoBuffer,
InfoSizeRequired,
&InfoSizeRequired);
if (NT_SUCCESS(Status))
{
SymLinkDescBuffer = (PWCHAR)((PCHAR)InfoBuffer + InfoBuffer->DataOffset);
if (CombineNames)
{
ResultDescSize = InfoBuffer->DataLength +
DeviceDescSizeRequired +
sizeof(WCHAR);
ResultDescBuffer = ExAllocatePoolWithTag(PagedPool,
ResultDescSize,
WMIPOOLTAG);
if (ResultDescBuffer == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
} else {
SuggestedInstanceName->Buffer = ResultDescBuffer;
SuggestedInstanceName->Length = 0;
SuggestedInstanceName->MaximumLength = (USHORT)ResultDescSize;
RtlAppendUnicodeToString(SuggestedInstanceName,
DeviceDescBuffer);
RtlAppendUnicodeToString(SuggestedInstanceName,
L"_");
RtlAppendUnicodeToString(SuggestedInstanceName,
SymLinkDescBuffer);
}
ExFreePool(DeviceDescBuffer);
DeviceDescBuffer= NULL;
} else {
if (DeviceDescBuffer != NULL)
{
ExFreePool(DeviceDescBuffer);
DeviceDescBuffer = NULL;
}
ResultDescBuffer = ExAllocatePoolWithTag(PagedPool,
InfoBuffer->DataLength,
WMIPOOLTAG);
if (ResultDescBuffer == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
} else {
SuggestedInstanceName->Buffer = ResultDescBuffer;
SuggestedInstanceName->Length = 0;
SuggestedInstanceName->MaximumLength = (USHORT)InfoBuffer->DataLength;
RtlAppendUnicodeToString(SuggestedInstanceName,
SymLinkDescBuffer);
}
}
}
ExFreePool(InfoBuffer);
} else {
Status = STATUS_INSUFFICIENT_RESOURCES;
}
}
ZwClose(DeviceInstanceKey);
}
if ((DeviceDescBuffer != NULL) && (! NT_SUCCESS(Status)))
{
ExFreePool(DeviceDescBuffer);
}
} else {
if (DeviceDescBuffer != NULL)
{
//
// Only looking for device description from PDO
SuggestedInstanceName->Buffer = DeviceDescBuffer;
SuggestedInstanceName->Length = (USHORT)DeviceDescSizeRequired - sizeof(WCHAR);
SuggestedInstanceName->MaximumLength = (USHORT)DeviceDescSize;
} else {
SuggestedInstanceName->Buffer = NULL;
SuggestedInstanceName->Length = (USHORT)0;
SuggestedInstanceName->MaximumLength = 0;
}
}
return(Status);
}
NTSTATUS IoWMIWriteEvent(
IN PVOID WnodeEventItem
)
/*++
Routine Description:
This routine will queue the passed WNODE_EVENT_ITEM for delivery to the
WMI user mode agent. Once the event is delivered the WNODE_EVENT_ITEM
buffer will be returned to the pool.
This routine may be called at DPC level
Arguments:
WnodeEventItem - Pointer to WNODE_EVENT_ITEM that has event information.
Return Value:
Returns STATUS_SUCCESS or an error code
--*/
{
NTSTATUS Status;
PWNODE_HEADER WnodeHeader = (PWNODE_HEADER)WnodeEventItem;
#ifndef MEMPHIS
PULONG TraceMarker = (PULONG) WnodeHeader;
#endif
KIRQL OldIrql;
PREGENTRY RegEntry;
PEVENTWORKCONTEXT EventContext;
if (WmipIsWmiNotSetupProperly())
{
return(STATUS_UNSUCCESSFUL);
}
#ifndef MEMPHIS
//
// Special mode with high order bit set
//
if ((*TraceMarker & 0xC0000000) == TRACE_HEADER_FLAG)
{
ULONG LoggerId = WmiGetLoggerId(WnodeHeader->HistoricalContext);
if (LoggerId > 0 && LoggerId < MAXLOGGERS)
{
if (WmipLoggerContext[LoggerId] != NULL)
return WmiTraceFastEvent(WnodeHeader);
}
#if DBG
DbgPrintEx(DPFLTR_WMILIB_ID,
DPFLTR_INFO_LEVEL,
"IoWMIWriteEvent: Invalid loggerid %d\n",
LoggerId);
#endif
return STATUS_WMI_INSTANCE_NOT_FOUND;
}
if ( (WnodeHeader->Flags & WNODE_FLAG_TRACED_GUID) ||
(WnodeHeader->Flags & WNODE_FLAG_LOG_WNODE) )
{
ULONG LoggerId = WmiGetLoggerId(WnodeHeader->HistoricalContext);
ULONG IsTrace = WnodeHeader->Flags & WNODE_FLAG_TRACED_GUID;
ULONG SavedSize = WnodeHeader->BufferSize;
PULONG TraceMarker = (PULONG) WnodeHeader;
if (SavedSize < sizeof(WNODE_HEADER))
return STATUS_BUFFER_TOO_SMALL;
//
// If trace header, turn higher bit on and support
// only full header
//
if (IsTrace)
{
if (SavedSize > 0XFFFF) // restrict to USHORT max size
return STATUS_BUFFER_OVERFLOW;
*TraceMarker |= TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE |
(TRACE_HEADER_TYPE_FULL_HEADER << 16);
}
else
{
if (SavedSize & TRACE_HEADER_FLAG)
return STATUS_BUFFER_OVERFLOW;
}
Status = STATUS_INVALID_HANDLE;
if (LoggerId > 0 && LoggerId < MAXLOGGERS)
{
if (WmipLoggerContext[LoggerId] != NULL)
{
//
// NOTE: The rule here is that IoWMIWriteEvent is always
// called in kernel mode, and the buffer needs not be probed!
//
Status = WmiTraceEvent(WnodeHeader, KernelMode);
}
}
// NOTE: If it is a trace, we will not go any further
// Otherwise, if it is a regular WMI event, it will still
// be processed by WMI.
if (IsTrace)
{
WnodeHeader->BufferSize = SavedSize;
return Status;
}
}
#endif // MEMPHIS
//
// Memory for event buffers is limited so the size of any event is also
// limited.
#if DBG
if (WnodeHeader->BufferSize > LARGEKMWNODEEVENTSIZE)
{
WmipDebugPrintEx((DPFLTR_WMICORE_ID, DPFLTR_EVENT_INFO_LEVEL,
"WMI: Large event %p fired by %x via WMI\n",
WnodeEventItem,
((PWNODE_HEADER)WnodeEventItem)->ProviderId));
}
#endif
if (WnodeHeader->BufferSize <= WmipMaxKmWnodeEventSize)
{
EventContext = ExAllocatePoolWithTag(NonPagedPool,
sizeof(EVENTWORKCONTEXT),
WMINWPOOLTAG);
if (EventContext != NULL)
{
//
// Try to take a refcount on the regentry associated with the
// provider id in the event. If we are successful then we set a
// flag in the wnode header saying so. When processing the
// event in the work item we check the flag and if it is set
// we'll go looking for the regentry on the active and zombie
// lists and then use it. At that time it will give up the ref
// count taken here so that if the regentry really is a zombie
// then it will go away peacefully.
//
KeAcquireSpinLock(&WmipRegistrationSpinLock,
&OldIrql);
RegEntry = WmipDoFindRegEntryByProviderId(WnodeHeader->ProviderId,
REGENTRY_FLAG_RUNDOWN);
if (RegEntry != NULL)
{
WmipReferenceRegEntry(RegEntry);
}
KeReleaseSpinLock(&WmipRegistrationSpinLock,
OldIrql);
WnodeHeader->ClientContext = WnodeHeader->Version;
EventContext->RegEntry = RegEntry;
EventContext->Wnode = WnodeHeader;
ExInterlockedInsertTailList(
&WmipNPEvent,
&EventContext->ListEntry,
&WmipNPNotificationSpinlock);
//
// If the queue was empty then there was no work item outstanding
// to move from non paged to paged memory. So fire up a work item
// to do so.
if (InterlockedIncrement(&WmipEventWorkItems) == 1)
{
ExQueueWorkItem( &WmipEventWorkQueueItem, DelayedWorkQueue );
}
Status = STATUS_SUCCESS;
} else {
Status = STATUS_INSUFFICIENT_RESOURCES;
}
} else {
Status = STATUS_BUFFER_OVERFLOW;
WmipDebugPrintEx((DPFLTR_WMICORE_ID, DPFLTR_EVENT_INFO_LEVEL,
"WMI: IoWMIWriteEvent detected an event %p fired by %x that exceeds the maximum event size\n",
WnodeEventItem,
((PWNODE_HEADER)WnodeEventItem)->ProviderId));
}
return(Status);
}
// IoWMIDeviceObjectToProviderId is in register.c
NTSTATUS IoWMIOpenBlock(
IN GUID *Guid,
IN ULONG DesiredAccess,
OUT PVOID *DataBlockObject
)
{
OBJECT_ATTRIBUTES ObjectAttributes;
WCHAR ObjectName[WmiGuidObjectNameLength+1];
UNICODE_STRING ObjectString;
ULONG Ioctl;
NTSTATUS Status;
HANDLE DataBlockHandle;
PAGED_CODE();
//
// Establish the OBJECT_ATTRIBUTES for the guid object
//
wcscpy(ObjectName, WmiGuidObjectDirectory);
swprintf(&ObjectName[9],
L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
Guid->Data1, Guid->Data2,
Guid->Data3,
Guid->Data4[0], Guid->Data4[1],
Guid->Data4[2], Guid->Data4[3],
Guid->Data4[4], Guid->Data4[5],
Guid->Data4[6], Guid->Data4[7]);
RtlInitUnicodeString(&ObjectString, ObjectName);
RtlZeroMemory(&ObjectAttributes, sizeof(OBJECT_ATTRIBUTES));
ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES);
ObjectAttributes.ObjectName = &ObjectString;
ObjectAttributes.Attributes = OBJ_KERNEL_HANDLE;
if (DesiredAccess & WMIGUID_NOTIFICATION)
{
Ioctl = IOCTL_WMI_OPEN_GUID_FOR_EVENTS;
} else {
Ioctl = IOCTL_WMI_OPEN_GUID_FOR_QUERYSET;
}
Status = WmipOpenBlock(Ioctl,
KernelMode,
&ObjectAttributes,
DesiredAccess,
&DataBlockHandle);
if (NT_SUCCESS(Status))
{
Status = ObReferenceObjectByHandle(DataBlockHandle,
DesiredAccess,
WmipGuidObjectType,
KernelMode,
DataBlockObject,
NULL);
ZwClose(DataBlockHandle);
}
return(Status);
}
//
// Useful macro to establish a WNODE_HEADER quickly
#define WmipBuildWnodeHeader(Wnode, WnodeSize, FlagsUlong, Handle) { \
((PWNODE_HEADER)(Wnode))->Flags = FlagsUlong; \
((PWNODE_HEADER)(Wnode))->KernelHandle = Handle; \
((PWNODE_HEADER)(Wnode))->BufferSize = WnodeSize; \
((PWNODE_HEADER)(Wnode))->Linkage = 0; \
}
NTSTATUS IoWMIQueryAllData(
IN PVOID DataBlockObject,
IN OUT ULONG *InOutBufferSize,
OUT /* non paged */ PVOID OutBuffer
)
{
NTSTATUS Status;
WNODE_ALL_DATA WnodeAD;
ULONG WnodeSize;
ULONG RetSize;
PWNODE_ALL_DATA Wnode;
PAGED_CODE();
//
// See if the caller passed a buffer that is large enough
//
WnodeSize = *InOutBufferSize;
Wnode = (PWNODE_ALL_DATA)OutBuffer;
if ((Wnode == NULL) || (WnodeSize < sizeof(WNODE_ALL_DATA)))
{
Wnode = &WnodeAD;
WnodeSize = sizeof(WnodeAD);
}
//
// Initialize buffer for query
//
WmipBuildWnodeHeader(Wnode,
sizeof(WNODE_HEADER),
WNODE_FLAG_ALL_DATA,
NULL);
Status = WmipQueryAllData(DataBlockObject,
NULL,
KernelMode,
Wnode,
WnodeSize,
&RetSize);
//
// if this was a successful query then extract the results
//
if (NT_SUCCESS(Status))
{
if (Wnode->WnodeHeader.Flags & WNODE_FLAG_INTERNAL)
{
//
// Internal guids are not supported in KM
//
Status = STATUS_NOT_SUPPORTED;
} else if (Wnode->WnodeHeader.Flags & WNODE_FLAG_TOO_SMALL) {
//
// Buffer passed was too small for provier
//
*InOutBufferSize = ((PWNODE_TOO_SMALL)Wnode)->SizeNeeded;
Status = STATUS_BUFFER_TOO_SMALL;
} else {
//
// Buffer was large enough for provider
//
*InOutBufferSize = RetSize;
if (Wnode == &WnodeAD)
{
//
// Although there was enough room for the provider,
// the caller didn't pass a large enough buffer
// so we need to return a buffer too small error
//
Status = STATUS_BUFFER_TOO_SMALL;
}
}
}
return(Status);
}
NTSTATUS
IoWMIQueryAllDataMultiple(
IN PVOID *DataBlockObjectList,
IN ULONG ObjectCount,
IN OUT ULONG *InOutBufferSize,
OUT PVOID OutBuffer
)
{
NTSTATUS Status;
WNODE_ALL_DATA WnodeAD;
PWNODE_HEADER Wnode;
ULONG WnodeSize;
ULONG RetSize;
PAGED_CODE();
//
// Make sure we have an output buffer
//
WnodeSize = *InOutBufferSize;
Wnode = (PWNODE_HEADER)OutBuffer;
if ((Wnode == NULL) || (WnodeSize < sizeof(WNODE_ALL_DATA)))
{
Wnode = (PWNODE_HEADER)&WnodeAD;
WnodeSize = sizeof(WnodeAD);
}
Status = WmipQueryAllDataMultiple(ObjectCount,
(PWMIGUIDOBJECT *)DataBlockObjectList,
NULL,
KernelMode,
(PUCHAR)Wnode,
WnodeSize,
NULL,
&RetSize);
//
// if this was a successful query then extract the results
//
if (NT_SUCCESS(Status))
{
if (Wnode->Flags & WNODE_FLAG_TOO_SMALL)
{
//
// Buffer passed to provider was too small
//
*InOutBufferSize = ((PWNODE_TOO_SMALL)Wnode)->SizeNeeded;
Status = STATUS_BUFFER_TOO_SMALL;
} else {
//
// Buffer was large enough for provider
//
*InOutBufferSize = RetSize;
if (Wnode == (PWNODE_HEADER)&WnodeAD)
{
//
// Although there was enough room for the provider,
// the caller didn't pass a large enough buffer
// so we need to return a buffer too small error
//
Status = STATUS_BUFFER_TOO_SMALL;
}
}
}
return(Status);
}
NTSTATUS
IoWMIQuerySingleInstance(
IN PVOID DataBlockObject,
IN PUNICODE_STRING InstanceName,
IN OUT ULONG *InOutBufferSize,
OUT PVOID OutBuffer
)
{
NTSTATUS Status;
PWNODE_SINGLE_INSTANCE WnodeSI;
ULONG WnodeSize;
PWCHAR WPtr;
ULONG SizeNeeded;
ULONG RetSize;
PAGED_CODE();
//
// Make sure we have an output buffer
//
SizeNeeded = (FIELD_OFFSET(WNODE_SINGLE_INSTANCE,
VariableData) +
InstanceName->Length +
sizeof(USHORT) + 7) & ~7;
WnodeSize = *InOutBufferSize;
WnodeSI = (PWNODE_SINGLE_INSTANCE)OutBuffer;
if ((WnodeSI == NULL) || (WnodeSize < SizeNeeded))
{
WnodeSI = (PWNODE_SINGLE_INSTANCE)WmipAllocNP(SizeNeeded);
WnodeSize = SizeNeeded;
}
if (WnodeSI != NULL)
{
//
// Build WNODE_SINGLE_INSTANCE appropriately and query
//
RtlZeroMemory(WnodeSI, FIELD_OFFSET(WNODE_SINGLE_INSTANCE,
VariableData));
WmipBuildWnodeHeader(WnodeSI,
SizeNeeded,
WNODE_FLAG_SINGLE_INSTANCE,
NULL);
WnodeSI->OffsetInstanceName = FIELD_OFFSET(WNODE_SINGLE_INSTANCE,
VariableData);
WnodeSI->DataBlockOffset = SizeNeeded;
//
// Copy InstanceName into the WnodeSingleInstance for the query.
//
WPtr = (PWCHAR)OffsetToPtr(WnodeSI, WnodeSI->OffsetInstanceName);
*WPtr++ = InstanceName->Length;
RtlCopyMemory(WPtr, InstanceName->Buffer, InstanceName->Length);
Status = WmipQuerySetExecuteSI((PWMIGUIDOBJECT)DataBlockObject,
NULL,
KernelMode,
IRP_MN_QUERY_SINGLE_INSTANCE,
(PWNODE_HEADER)WnodeSI,
WnodeSize,
&RetSize);
//
// if this was a successful query then extract the results
//
if (NT_SUCCESS(Status))
{
if (WnodeSI->WnodeHeader.Flags & WNODE_FLAG_INTERNAL)
{
//
// Internal guids are not supported in KM
//
Status = STATUS_NOT_SUPPORTED;
} else if (WnodeSI->WnodeHeader.Flags & WNODE_FLAG_TOO_SMALL) {
//
// Our buffer was too small
//
*InOutBufferSize = ((PWNODE_TOO_SMALL)WnodeSI)->SizeNeeded;
Status = STATUS_BUFFER_TOO_SMALL;
} else {
//
// Buffer not too small, remember output size
//
*InOutBufferSize = RetSize;
if (WnodeSI != OutBuffer)
{
//
// Although there was enough room for the provider,
// the caller didn't pass a large enough buffer
// so we need to return a buffer too small error
//
Status = STATUS_BUFFER_TOO_SMALL;
}
}
}
if (WnodeSI != OutBuffer)
{
WmipFree(WnodeSI);
}
} else {
Status = STATUS_INSUFFICIENT_RESOURCES;
}
return(Status);
}
NTSTATUS
IoWMIQuerySingleInstanceMultiple(
IN PVOID *DataBlockObjectList,
IN PUNICODE_STRING InstanceNames,
IN ULONG ObjectCount,
IN OUT ULONG *InOutBufferSize,
OUT PVOID OutBuffer
)
{
NTSTATUS Status;
ULONG RetSize;
PWNODE_HEADER Wnode;
WNODE_TOO_SMALL WnodeTooSmall;
ULONG WnodeSize;
PAGED_CODE();
WnodeSize = *InOutBufferSize;
Wnode = (PWNODE_HEADER)OutBuffer;
if ((Wnode == NULL) || (WnodeSize < sizeof(WNODE_TOO_SMALL)))
{
Wnode = (PWNODE_HEADER)&WnodeTooSmall;
WnodeSize = sizeof(WNODE_TOO_SMALL);
}
Status = WmipQuerySingleMultiple(NULL,
KernelMode,
(PUCHAR)Wnode,
WnodeSize,
NULL,
ObjectCount,
(PWMIGUIDOBJECT *)DataBlockObjectList,
InstanceNames,
&RetSize);
//
// if this was a successful query then extract the results
//
if (NT_SUCCESS(Status))
{
if (Wnode->Flags & WNODE_FLAG_TOO_SMALL)
{
//
// Buffer passed to provider was too small
//
*InOutBufferSize = ((PWNODE_TOO_SMALL)Wnode)->SizeNeeded;
Status = STATUS_BUFFER_TOO_SMALL;
} else {
//
// Buffer was large enough for provider
//
*InOutBufferSize = RetSize;
if (Wnode == (PWNODE_HEADER)&WnodeTooSmall)
{
//
// Although there was enough room for the provider,
// the caller didn't pass a large enough buffer
// so we need to return a buffer too small error
//
Status = STATUS_BUFFER_TOO_SMALL;
}
}
}
return(Status);
}
NTSTATUS
IoWMISetSingleInstance(
IN PVOID DataBlockObject,
IN PUNICODE_STRING InstanceName,
IN ULONG Version,
IN ULONG ValueBufferSize,
IN PVOID ValueBuffer
)
{
NTSTATUS Status;
PWNODE_SINGLE_INSTANCE WnodeSI;
PWCHAR WPtr;
ULONG SizeNeeded;
ULONG RetSize;
ULONG InstanceOffset;
ULONG DataOffset;
PUCHAR DPtr;
PAGED_CODE();
InstanceOffset = (FIELD_OFFSET(WNODE_SINGLE_INSTANCE,
VariableData) + 1) & ~1;
DataOffset = (InstanceOffset +
InstanceName->Length + sizeof(USHORT) + 7) & ~7;
SizeNeeded = DataOffset + ValueBufferSize;
WnodeSI = (PWNODE_SINGLE_INSTANCE)WmipAllocNP(SizeNeeded);
if (WnodeSI != NULL)
{
//
// Build WNODE_SINGLE_INSTANCE appropriately and query
//
RtlZeroMemory(WnodeSI, FIELD_OFFSET(WNODE_SINGLE_INSTANCE,
VariableData));
WmipBuildWnodeHeader(WnodeSI,
SizeNeeded,
WNODE_FLAG_SINGLE_INSTANCE,
NULL);
WnodeSI->WnodeHeader.Version = Version;
//
// Copy InstanceName into the WnodeSingleInstance for the query.
//
WnodeSI->OffsetInstanceName = InstanceOffset;
WPtr = (PWCHAR)OffsetToPtr(WnodeSI, WnodeSI->OffsetInstanceName);
*WPtr++ = InstanceName->Length;
RtlCopyMemory(WPtr, InstanceName->Buffer, InstanceName->Length);
//
// Copy the new data into the WNODE
//
WnodeSI->SizeDataBlock = ValueBufferSize;
WnodeSI->DataBlockOffset = DataOffset;
DPtr = OffsetToPtr(WnodeSI, WnodeSI->DataBlockOffset);
RtlCopyMemory(DPtr, ValueBuffer, ValueBufferSize);
Status = WmipQuerySetExecuteSI(DataBlockObject,
NULL,
KernelMode,
IRP_MN_CHANGE_SINGLE_INSTANCE,
(PWNODE_HEADER)WnodeSI,
SizeNeeded,
&RetSize);
WmipFree(WnodeSI);
} else {
Status = STATUS_INSUFFICIENT_RESOURCES;
}
return(Status);
}
NTSTATUS
IoWMISetSingleItem(
IN PVOID DataBlockObject,
IN PUNICODE_STRING InstanceName,
IN ULONG DataItemId,
IN ULONG Version,
IN ULONG ValueBufferSize,
IN PVOID ValueBuffer
)
{
NTSTATUS Status;
PWNODE_SINGLE_ITEM WnodeSI;
PWCHAR WPtr;
ULONG SizeNeeded;
ULONG RetSize;
ULONG InstanceOffset;
ULONG DataOffset;
PUCHAR DPtr;
PAGED_CODE();
InstanceOffset = (FIELD_OFFSET(WNODE_SINGLE_ITEM,
VariableData) + 1) & ~1;
DataOffset = (InstanceOffset +
InstanceName->Length + sizeof(USHORT) + 7) & ~7;
SizeNeeded = DataOffset + ValueBufferSize;
WnodeSI = (PWNODE_SINGLE_ITEM)WmipAllocNP(SizeNeeded);
if (WnodeSI != NULL)
{
//
// Build WNODE_SINGLE_INSTANCE appropriately and query
//
RtlZeroMemory(WnodeSI, FIELD_OFFSET(WNODE_SINGLE_INSTANCE,
VariableData));
WmipBuildWnodeHeader(WnodeSI,
SizeNeeded,
WNODE_FLAG_SINGLE_ITEM,
NULL);
WnodeSI->WnodeHeader.Version = Version;
WnodeSI->ItemId = DataItemId;
//
// Copy InstanceName into the WnodeSingleInstance for the query.
//
WnodeSI->OffsetInstanceName = InstanceOffset;
WPtr = (PWCHAR)OffsetToPtr(WnodeSI, WnodeSI->OffsetInstanceName);
*WPtr++ = InstanceName->Length;
RtlCopyMemory(WPtr, InstanceName->Buffer, InstanceName->Length);
//
// Copy the new data into the WNODE
//
WnodeSI->SizeDataItem = ValueBufferSize;
WnodeSI->DataBlockOffset = DataOffset;
DPtr = OffsetToPtr(WnodeSI, WnodeSI->DataBlockOffset);
RtlCopyMemory(DPtr, ValueBuffer, ValueBufferSize);
Status = WmipQuerySetExecuteSI(DataBlockObject,
NULL,
KernelMode,
IRP_MN_CHANGE_SINGLE_ITEM,
(PWNODE_HEADER)WnodeSI,
SizeNeeded,
&RetSize);
WmipFree(WnodeSI);
} else {
Status = STATUS_INSUFFICIENT_RESOURCES;
}
return(Status);
}
NTSTATUS IoWMIExecuteMethod(
IN PVOID DataBlockObject,
IN PUNICODE_STRING InstanceName,
IN ULONG MethodId,
IN ULONG InBufferSize,
IN OUT PULONG OutBufferSize,
IN OUT PUCHAR InOutBuffer
)
{
NTSTATUS Status;
PWNODE_METHOD_ITEM WnodeMI;
PWCHAR WPtr;
PUCHAR DPtr;
ULONG SizeNeeded;
ULONG RetSize;
ULONG DataOffset;
PAGED_CODE();
//
// Make sure we have an output buffer
//
DataOffset = (FIELD_OFFSET(WNODE_METHOD_ITEM,
VariableData) +
InstanceName->Length +
sizeof(USHORT) +
7) & ~7;
SizeNeeded = DataOffset +
((InBufferSize > *OutBufferSize) ? InBufferSize :
*OutBufferSize);
WnodeMI = (PWNODE_METHOD_ITEM)WmipAllocNP(SizeNeeded);
if (WnodeMI != NULL)
{
//
// Build WNODE_SINGLE_INSTANCE appropriately and query
//
RtlZeroMemory(WnodeMI, FIELD_OFFSET(WNODE_METHOD_ITEM,
VariableData));
WmipBuildWnodeHeader(WnodeMI,
SizeNeeded,
WNODE_FLAG_METHOD_ITEM,
NULL);
WnodeMI->MethodId = MethodId;
WnodeMI->OffsetInstanceName = FIELD_OFFSET(WNODE_METHOD_ITEM,
VariableData);
WnodeMI->DataBlockOffset = DataOffset;
WnodeMI->SizeDataBlock = InBufferSize;
//
// Copy InstanceName into the WnodeMethodItem for the query.
//
WPtr = (PWCHAR)OffsetToPtr(WnodeMI, WnodeMI->OffsetInstanceName);
*WPtr++ = InstanceName->Length;
RtlCopyMemory(WPtr, InstanceName->Buffer, InstanceName->Length);
//
// Copy the input data into the WnodeMethodItem
//
DPtr = (PUCHAR)OffsetToPtr(WnodeMI, WnodeMI->DataBlockOffset);
RtlCopyMemory(DPtr, InOutBuffer, InBufferSize);
Status = WmipQuerySetExecuteSI(DataBlockObject,NULL,
KernelMode,
IRP_MN_EXECUTE_METHOD,
(PWNODE_HEADER)WnodeMI,
SizeNeeded,
&RetSize);
//
// if this was a successful query then extract the results
//
if (NT_SUCCESS(Status))
{
if (WnodeMI->WnodeHeader.Flags & WNODE_FLAG_TOO_SMALL)
{
//
// Our buffer was too small
//
*OutBufferSize = ( (((PWNODE_TOO_SMALL)WnodeMI)->SizeNeeded -
DataOffset) + 7 ) & ~7;
Status = STATUS_BUFFER_TOO_SMALL;
} else {
//
// Buffer not too small, remember output size
//
if (*OutBufferSize >= WnodeMI->SizeDataBlock)
{
*OutBufferSize = WnodeMI->SizeDataBlock;
DPtr = (PUCHAR)OffsetToPtr(WnodeMI,
WnodeMI->DataBlockOffset);
RtlCopyMemory(InOutBuffer, DPtr, WnodeMI->SizeDataBlock);
} else {
*OutBufferSize = (WnodeMI->SizeDataBlock + 7) & ~7;
Status = STATUS_BUFFER_TOO_SMALL;
}
}
}
WmipFree(WnodeMI);
} else {
Status = STATUS_INSUFFICIENT_RESOURCES;
}
return(Status);
}
NTSTATUS
IoWMISetNotificationCallback(
IN PVOID Object,
IN WMI_NOTIFICATION_CALLBACK Callback,
IN PVOID Context
)
{
NTSTATUS Status;
PWMIGUIDOBJECT GuidObject;
PAGED_CODE();
GuidObject = (PWMIGUIDOBJECT)Object;
WmipAssert(GuidObject->Flags & WMIGUID_FLAG_KERNEL_NOTIFICATION);
WmipEnterSMCritSection();
GuidObject->Callback = Callback;
GuidObject->CallbackContext = Context;
WmipLeaveSMCritSection();
return(STATUS_SUCCESS);
}
NTSTATUS IoWMIHandleToInstanceName(
IN PVOID DataBlockObject,
IN HANDLE FileHandle,
OUT PUNICODE_STRING InstanceName
)
{
NTSTATUS Status;
PAGED_CODE();
Status = WmipTranslateFileHandle(NULL,
NULL,
FileHandle,
NULL,
DataBlockObject,
InstanceName);
return(Status);
}
NTSTATUS IoWMIDeviceObjectToInstanceName(
IN PVOID DataBlockObject,
IN PDEVICE_OBJECT DeviceObject,
OUT PUNICODE_STRING InstanceName
)
{
NTSTATUS Status;
PAGED_CODE();
Status = WmipTranslateFileHandle(NULL,
NULL,
NULL,
DeviceObject,
DataBlockObject,
InstanceName);
return(Status);
}
#if 0
NTSTATUS
IoWMISetGuidSecurity(
IN PVOID Object,
IN SECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR SecurityDescriptor
)
{
NTSTATUS status;
PAGED_CODE();
DaclLength = (ULONG)sizeof(ACL) +
(1*((ULONG)sizeof(ACCESS_ALLOWED_ACE))) +
SeLengthSid( SeLocalSystemSid ) +
8; // The 8 is just for good measure
ServiceDeviceSd = (PSECURITY_DESCRIPTOR)ExAllocatePoolWithTag(PagedPool,
DaclLength +
sizeof(SECURITY_DESCRIPTOR),
'ZZZZ');
if (ServiceDeviceSd == NULL)
{
return(NULL);
}
ServiceDeviceDacl = (PACL)((PUCHAR)ServiceDeviceSd +
sizeof(SECURITY_DESCRIPTOR));
Status = RtlCreateAcl( ServiceDeviceDacl,
DaclLength,
ACL_REVISION2);
if (! NT_SUCCESS(Status))
{
goto Cleanup;
}
Status = RtlAddAccessAllowedAce (
ServiceDeviceDacl,
ACL_REVISION2,
FILE_ALL_ACCESS,
SeLocalSystemSid
);
if (! NT_SUCCESS(Status))
{
goto Cleanup;
}
Status = RtlCreateSecurityDescriptor(
ServiceDeviceSd,
SECURITY_DESCRIPTOR_REVISION1
);
if (! NT_SUCCESS(Status))
{
goto Cleanup;
}
Status = RtlSetDaclSecurityDescriptor(
ServiceDeviceSd,
TRUE, // DaclPresent
ServiceDeviceDacl,
FALSE // DaclDefaulted
);
if (! NT_SUCCESS(Status))
{
goto Cleanup;
}
Cleanup:
if (! NT_SUCCESS(Status))
{
ExFreePool(ServiceDeviceSd);
ServiceDeviceSd = NULL;
}
status = ObSetSecurityObjectByPointer(Object,
SecurityInformation,
SecurityDescriptor);
return(status);
}
#endif