2012-10-13 20:32:44 +00:00
|
|
|
/*
|
2012-10-22 00:09:51 +00:00
|
|
|
* COPYRIGHT: See COPYING in the top level directory
|
2012-10-25 20:40:41 +00:00
|
|
|
* PROJECT: ReactOS Client/Server Runtime SubSystem
|
2012-10-22 00:09:51 +00:00
|
|
|
* FILE: subsystems/win32/csrsrv/api.c
|
|
|
|
|
* PURPOSE: CSR Server DLL API LPC Implementation
|
2014-12-15 23:35:32 +00:00
|
|
|
* "\Windows\ApiPort" port process management functions
|
2012-10-22 00:09:51 +00:00
|
|
|
* PROGRAMMERS: Alex Ionescu (alex@relsoft.net)
|
1999-12-22 14:48:30 +00:00
|
|
|
*/
|
|
|
|
|
|
2012-10-27 14:30:32 +00:00
|
|
|
/* INCLUDES *******************************************************************/
|
1999-12-22 14:48:30 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
#include "srv.h"
|
2005-03-20 22:55:05 +00:00
|
|
|
|
2014-01-04 10:27:29 +00:00
|
|
|
#include <ndk/kefuncs.h>
|
|
|
|
|
|
2013-01-03 17:18:19 +00:00
|
|
|
#define NDEBUG
|
2002-09-07 15:13:13 +00:00
|
|
|
#include <debug.h>
|
|
|
|
|
|
2012-10-27 14:30:32 +00:00
|
|
|
/* GLOBALS ********************************************************************/
|
1999-12-30 01:51:42 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
BOOLEAN (*CsrClientThreadSetup)(VOID) = NULL;
|
2012-02-16 16:40:15 +00:00
|
|
|
UNICODE_STRING CsrApiPortName;
|
2013-07-28 10:41:27 +00:00
|
|
|
volatile ULONG CsrpStaticThreadCount;
|
|
|
|
|
volatile ULONG CsrpDynamicThreadTotal;
|
2012-09-05 21:38:02 +00:00
|
|
|
extern ULONG CsrMaxApiRequestThreads;
|
2003-12-02 11:38:47 +00:00
|
|
|
|
2012-10-27 14:30:32 +00:00
|
|
|
/* FUNCTIONS ******************************************************************/
|
1999-12-22 14:48:30 +00:00
|
|
|
|
2012-02-18 01:27:50 +00:00
|
|
|
/*++
|
|
|
|
|
* @name CsrCallServerFromServer
|
|
|
|
|
* @implemented NT4
|
|
|
|
|
*
|
|
|
|
|
* The CsrCallServerFromServer routine calls a CSR API from within a server.
|
|
|
|
|
* It avoids using LPC messages since the request isn't coming from a client.
|
|
|
|
|
*
|
|
|
|
|
* @param ReceiveMsg
|
|
|
|
|
* Pointer to the CSR API Message to send to the server.
|
|
|
|
|
*
|
|
|
|
|
* @param ReplyMsg
|
|
|
|
|
* Pointer to the CSR API Message to receive from the server.
|
|
|
|
|
*
|
|
|
|
|
* @return STATUS_SUCCESS in case of success, STATUS_ILLEGAL_FUNCTION
|
2012-10-17 23:10:40 +00:00
|
|
|
* if the ApiNumber is invalid, or STATUS_ACCESS_VIOLATION if there
|
2012-02-18 01:27:50 +00:00
|
|
|
* was a problem executing the API.
|
|
|
|
|
*
|
|
|
|
|
* @remarks None.
|
|
|
|
|
*
|
|
|
|
|
*--*/
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
2012-10-22 00:09:51 +00:00
|
|
|
CsrCallServerFromServer(IN PCSR_API_MESSAGE ReceiveMsg,
|
|
|
|
|
IN OUT PCSR_API_MESSAGE ReplyMsg)
|
2012-02-18 01:27:50 +00:00
|
|
|
{
|
|
|
|
|
ULONG ServerId;
|
2021-04-21 17:48:58 +00:00
|
|
|
PCSR_SERVER_DLL ServerDll = NULL;
|
2012-02-18 01:27:50 +00:00
|
|
|
ULONG ApiId;
|
2012-12-04 23:01:54 +00:00
|
|
|
CSR_REPLY_CODE ReplyCode = CsrReplyImmediately;
|
2012-02-18 01:27:50 +00:00
|
|
|
|
|
|
|
|
/* Get the Server ID */
|
2012-10-22 00:09:51 +00:00
|
|
|
ServerId = CSR_API_NUMBER_TO_SERVER_ID(ReceiveMsg->ApiNumber);
|
2012-02-18 01:27:50 +00:00
|
|
|
|
|
|
|
|
/* Make sure that the ID is within limits, and the Server DLL loaded */
|
|
|
|
|
if ((ServerId >= CSR_SERVER_DLL_MAX) ||
|
|
|
|
|
(!(ServerDll = CsrLoadedServerDll[ServerId])))
|
|
|
|
|
{
|
|
|
|
|
/* We are beyond the Maximum Server ID */
|
2021-04-21 17:47:36 +00:00
|
|
|
#ifdef CSR_DBG
|
|
|
|
|
DPRINT1("CSRSS: %lx is invalid ServerDllIndex (%08x)\n",
|
|
|
|
|
ServerId, ServerDll);
|
|
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
2013-05-04 14:27:09 +00:00
|
|
|
ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
|
2012-02-18 01:27:50 +00:00
|
|
|
return STATUS_ILLEGAL_FUNCTION;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2012-11-05 00:23:58 +00:00
|
|
|
/* Get the API ID, normalized with our Base ID */
|
|
|
|
|
ApiId = CSR_API_NUMBER_TO_API_ID(ReceiveMsg->ApiNumber) - ServerDll->ApiBase;
|
2012-02-18 01:27:50 +00:00
|
|
|
|
|
|
|
|
/* Make sure that the ID is within limits, and the entry exists */
|
|
|
|
|
if ((ApiId >= ServerDll->HighestApiSupported) ||
|
|
|
|
|
((ServerDll->ValidTable) && !(ServerDll->ValidTable[ApiId])))
|
|
|
|
|
{
|
|
|
|
|
/* We are beyond the Maximum API ID, or it doesn't exist */
|
[CSR]
During my investigations for making working Win2k3 csrsrv.dll (or other CSR servers) into ROS (to compare our behaviour with our own csrsrv.dll and Win2k3 one), I hit a problem: if I test a checked-build version of csrsrv (or other CSR servers), everything was fine when they were loaded, but if I use a release-build version (i.e. without any debug information), I systematically hit a memory access violation which was traced back to the moment when a CSR server's CsrInitialization entry point was called.
So I did the experiment, where I used our (debug-build) csrsrv with a free-build win2k3 CSR server dll (it was winsrv.dll, and I retested with basesrv.dll after). I hit the access violation. But if I took a debug-build version of winsrv.dll, everything was OK.
I then added in our csrsrv' server.c file the following line (around line 212 of the current file version):
DPRINT1("%s ; ServerDll->ValidTable = 0x%p ; ServerDll->NameTable = 0x%p ; ServerDll->SizeOfProcessData = %d ; ServerDll->ConnectCallback = 0x%p\n", DllString, ServerDll->ValidTable, ServerDll->NameTable, ServerDll->SizeOfProcessData, ServerDll->ConnectCallback);
and I saw that, when using a debug-build win2k3 CSR server, everything was fine (in particular the ServerDll->SizeOfProcessData member contained a reasonable value, e.g. a size of 88 bytes), whereas if I used a free-build version, I got an off-by-one problem, with the ServerDll->ValidTable pointer valid but the ServerDll->NameTable member being equal to 88 (i.e. invalid pointer) and the ServerDll->SizeOfProcessData member being equal to a very large value, which looked like a pointer value.
After more investigations, I saw that in debug-build CSR servers the list of API names were stored, whereas it was not the case in free-build versions. Therefore I concluded that the API names table was included *ONLY* in debug builds and not in release builds.
Hence, to be able to test in ROS either debug-builds or release-builds versions of Windows CSR servers in ROS (and vice-versa), I introduced a #define called CSR_DBG, which is defined only if the DBG macro is != 0, and which is not defined otherwise. When the CSR_DBG flag is defined, API names tables are added in CSR servers and otherwise, they are not.
Therefore, we are now able to test debug-build Windows CSR servers in ROS (the default possibility) or free-build versions of these CSR servers (but first, we have to build the other ones without the CSR_DBG flag, to avoid the off-by-one problem described above).
svn path=/trunk/; revision=60560
2013-10-06 13:33:17 +00:00
|
|
|
#ifdef CSR_DBG
|
2020-04-14 20:53:49 +00:00
|
|
|
DPRINT1("API: %d\n", ApiId);
|
2012-02-18 01:27:50 +00:00
|
|
|
DPRINT1("CSRSS: %lx (%s) is invalid ApiTableIndex for %Z or is an "
|
|
|
|
|
"invalid API to call from the server.\n",
|
2013-08-29 20:13:31 +00:00
|
|
|
ApiId,
|
2012-02-18 01:27:50 +00:00
|
|
|
((ServerDll->NameTable) && (ServerDll->NameTable[ApiId])) ?
|
2013-08-29 20:13:31 +00:00
|
|
|
ServerDll->NameTable[ApiId] : "*** UNKNOWN ***",
|
|
|
|
|
&ServerDll->Name);
|
2020-04-14 20:53:49 +00:00
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
[CSR]
During my investigations for making working Win2k3 csrsrv.dll (or other CSR servers) into ROS (to compare our behaviour with our own csrsrv.dll and Win2k3 one), I hit a problem: if I test a checked-build version of csrsrv (or other CSR servers), everything was fine when they were loaded, but if I use a release-build version (i.e. without any debug information), I systematically hit a memory access violation which was traced back to the moment when a CSR server's CsrInitialization entry point was called.
So I did the experiment, where I used our (debug-build) csrsrv with a free-build win2k3 CSR server dll (it was winsrv.dll, and I retested with basesrv.dll after). I hit the access violation. But if I took a debug-build version of winsrv.dll, everything was OK.
I then added in our csrsrv' server.c file the following line (around line 212 of the current file version):
DPRINT1("%s ; ServerDll->ValidTable = 0x%p ; ServerDll->NameTable = 0x%p ; ServerDll->SizeOfProcessData = %d ; ServerDll->ConnectCallback = 0x%p\n", DllString, ServerDll->ValidTable, ServerDll->NameTable, ServerDll->SizeOfProcessData, ServerDll->ConnectCallback);
and I saw that, when using a debug-build win2k3 CSR server, everything was fine (in particular the ServerDll->SizeOfProcessData member contained a reasonable value, e.g. a size of 88 bytes), whereas if I used a free-build version, I got an off-by-one problem, with the ServerDll->ValidTable pointer valid but the ServerDll->NameTable member being equal to 88 (i.e. invalid pointer) and the ServerDll->SizeOfProcessData member being equal to a very large value, which looked like a pointer value.
After more investigations, I saw that in debug-build CSR servers the list of API names were stored, whereas it was not the case in free-build versions. Therefore I concluded that the API names table was included *ONLY* in debug builds and not in release builds.
Hence, to be able to test in ROS either debug-builds or release-builds versions of Windows CSR servers in ROS (and vice-versa), I introduced a #define called CSR_DBG, which is defined only if the DBG macro is != 0, and which is not defined otherwise. When the CSR_DBG flag is defined, API names tables are added in CSR servers and otherwise, they are not.
Therefore, we are now able to test debug-build Windows CSR servers in ROS (the default possibility) or free-build versions of these CSR servers (but first, we have to build the other ones without the CSR_DBG flag, to avoid the off-by-one problem described above).
svn path=/trunk/; revision=60560
2013-10-06 13:33:17 +00:00
|
|
|
#endif
|
2013-05-04 14:27:09 +00:00
|
|
|
ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
|
2012-02-18 01:27:50 +00:00
|
|
|
return STATUS_ILLEGAL_FUNCTION;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
[CSR]
During my investigations for making working Win2k3 csrsrv.dll (or other CSR servers) into ROS (to compare our behaviour with our own csrsrv.dll and Win2k3 one), I hit a problem: if I test a checked-build version of csrsrv (or other CSR servers), everything was fine when they were loaded, but if I use a release-build version (i.e. without any debug information), I systematically hit a memory access violation which was traced back to the moment when a CSR server's CsrInitialization entry point was called.
So I did the experiment, where I used our (debug-build) csrsrv with a free-build win2k3 CSR server dll (it was winsrv.dll, and I retested with basesrv.dll after). I hit the access violation. But if I took a debug-build version of winsrv.dll, everything was OK.
I then added in our csrsrv' server.c file the following line (around line 212 of the current file version):
DPRINT1("%s ; ServerDll->ValidTable = 0x%p ; ServerDll->NameTable = 0x%p ; ServerDll->SizeOfProcessData = %d ; ServerDll->ConnectCallback = 0x%p\n", DllString, ServerDll->ValidTable, ServerDll->NameTable, ServerDll->SizeOfProcessData, ServerDll->ConnectCallback);
and I saw that, when using a debug-build win2k3 CSR server, everything was fine (in particular the ServerDll->SizeOfProcessData member contained a reasonable value, e.g. a size of 88 bytes), whereas if I used a free-build version, I got an off-by-one problem, with the ServerDll->ValidTable pointer valid but the ServerDll->NameTable member being equal to 88 (i.e. invalid pointer) and the ServerDll->SizeOfProcessData member being equal to a very large value, which looked like a pointer value.
After more investigations, I saw that in debug-build CSR servers the list of API names were stored, whereas it was not the case in free-build versions. Therefore I concluded that the API names table was included *ONLY* in debug builds and not in release builds.
Hence, to be able to test in ROS either debug-builds or release-builds versions of Windows CSR servers in ROS (and vice-versa), I introduced a #define called CSR_DBG, which is defined only if the DBG macro is != 0, and which is not defined otherwise. When the CSR_DBG flag is defined, API names tables are added in CSR servers and otherwise, they are not.
Therefore, we are now able to test debug-build Windows CSR servers in ROS (the default possibility) or free-build versions of these CSR servers (but first, we have to build the other ones without the CSR_DBG flag, to avoid the off-by-one problem described above).
svn path=/trunk/; revision=60560
2013-10-06 13:33:17 +00:00
|
|
|
#ifdef CSR_DBG
|
2012-02-18 01:27:50 +00:00
|
|
|
if (CsrDebug & 2)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("CSRSS: %s Api Request received from server process\n",
|
|
|
|
|
ServerDll->NameTable[ApiId]);
|
|
|
|
|
}
|
[CSR]
During my investigations for making working Win2k3 csrsrv.dll (or other CSR servers) into ROS (to compare our behaviour with our own csrsrv.dll and Win2k3 one), I hit a problem: if I test a checked-build version of csrsrv (or other CSR servers), everything was fine when they were loaded, but if I use a release-build version (i.e. without any debug information), I systematically hit a memory access violation which was traced back to the moment when a CSR server's CsrInitialization entry point was called.
So I did the experiment, where I used our (debug-build) csrsrv with a free-build win2k3 CSR server dll (it was winsrv.dll, and I retested with basesrv.dll after). I hit the access violation. But if I took a debug-build version of winsrv.dll, everything was OK.
I then added in our csrsrv' server.c file the following line (around line 212 of the current file version):
DPRINT1("%s ; ServerDll->ValidTable = 0x%p ; ServerDll->NameTable = 0x%p ; ServerDll->SizeOfProcessData = %d ; ServerDll->ConnectCallback = 0x%p\n", DllString, ServerDll->ValidTable, ServerDll->NameTable, ServerDll->SizeOfProcessData, ServerDll->ConnectCallback);
and I saw that, when using a debug-build win2k3 CSR server, everything was fine (in particular the ServerDll->SizeOfProcessData member contained a reasonable value, e.g. a size of 88 bytes), whereas if I used a free-build version, I got an off-by-one problem, with the ServerDll->ValidTable pointer valid but the ServerDll->NameTable member being equal to 88 (i.e. invalid pointer) and the ServerDll->SizeOfProcessData member being equal to a very large value, which looked like a pointer value.
After more investigations, I saw that in debug-build CSR servers the list of API names were stored, whereas it was not the case in free-build versions. Therefore I concluded that the API names table was included *ONLY* in debug builds and not in release builds.
Hence, to be able to test in ROS either debug-builds or release-builds versions of Windows CSR servers in ROS (and vice-versa), I introduced a #define called CSR_DBG, which is defined only if the DBG macro is != 0, and which is not defined otherwise. When the CSR_DBG flag is defined, API names tables are added in CSR servers and otherwise, they are not.
Therefore, we are now able to test debug-build Windows CSR servers in ROS (the default possibility) or free-build versions of these CSR servers (but first, we have to build the other ones without the CSR_DBG flag, to avoid the off-by-one problem described above).
svn path=/trunk/; revision=60560
2013-10-06 13:33:17 +00:00
|
|
|
#endif
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-02-18 01:27:50 +00:00
|
|
|
/* Validation complete, start SEH */
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
2012-12-04 23:01:54 +00:00
|
|
|
/* Call the API, get the reply code and return the result */
|
|
|
|
|
ReplyMsg->Status = ServerDll->DispatchTable[ApiId](ReceiveMsg, &ReplyCode);
|
2012-02-18 01:27:50 +00:00
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
/* If we got an exception, return access violation */
|
|
|
|
|
ReplyMsg->Status = STATUS_ACCESS_VIOLATION;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
/* Return success */
|
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2012-02-16 16:40:15 +00:00
|
|
|
/*++
|
2012-10-22 00:09:51 +00:00
|
|
|
* @name CsrApiHandleConnectionRequest
|
2012-02-16 16:40:15 +00:00
|
|
|
*
|
2012-10-22 00:09:51 +00:00
|
|
|
* The CsrApiHandleConnectionRequest routine handles and accepts a new
|
|
|
|
|
* connection request to the CSR API LPC Port.
|
2012-02-16 16:40:15 +00:00
|
|
|
*
|
2012-10-22 00:09:51 +00:00
|
|
|
* @param ApiMessage
|
|
|
|
|
* Pointer to the incoming CSR API Message which contains the
|
|
|
|
|
* connection request.
|
2012-02-16 16:40:15 +00:00
|
|
|
*
|
2012-10-22 00:09:51 +00:00
|
|
|
* @return STATUS_SUCCESS in case of success, or status code which caused
|
|
|
|
|
* the routine to error.
|
2012-02-16 16:40:15 +00:00
|
|
|
*
|
2012-10-22 00:09:51 +00:00
|
|
|
* @remarks This routine is responsible for attaching the Shared Section to
|
|
|
|
|
* new clients connecting to CSR.
|
2012-02-16 16:40:15 +00:00
|
|
|
*
|
|
|
|
|
*--*/
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
2012-10-22 00:09:51 +00:00
|
|
|
CsrApiHandleConnectionRequest(IN PCSR_API_MESSAGE ApiMessage)
|
2012-02-16 16:40:15 +00:00
|
|
|
{
|
2012-10-22 00:09:51 +00:00
|
|
|
PCSR_THREAD CsrThread = NULL;
|
|
|
|
|
PCSR_PROCESS CsrProcess = NULL;
|
|
|
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
2013-08-19 18:14:43 +00:00
|
|
|
PCSR_API_CONNECTINFO ConnectInfo = &ApiMessage->ConnectionInfo;
|
2012-10-22 00:09:51 +00:00
|
|
|
BOOLEAN AllowConnection = FALSE;
|
|
|
|
|
REMOTE_PORT_VIEW RemotePortView;
|
2012-11-21 18:52:42 +00:00
|
|
|
HANDLE ServerPort;
|
2012-02-16 16:40:15 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Acquire the Process Lock */
|
|
|
|
|
CsrAcquireProcessLock();
|
2012-02-16 16:40:15 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Lookup the CSR Thread */
|
|
|
|
|
CsrThread = CsrLocateThreadByClientId(NULL, &ApiMessage->Header.ClientId);
|
2012-02-16 16:40:15 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Check if we have a thread */
|
|
|
|
|
if (CsrThread)
|
2012-02-16 16:40:15 +00:00
|
|
|
{
|
2014-12-15 23:35:32 +00:00
|
|
|
/* Get the Process and make sure we have it as well */
|
2012-10-22 00:09:51 +00:00
|
|
|
CsrProcess = CsrThread->Process;
|
|
|
|
|
if (CsrProcess)
|
2012-02-16 16:40:15 +00:00
|
|
|
{
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Reference the Process */
|
2013-05-04 14:27:09 +00:00
|
|
|
CsrLockedReferenceProcess(CsrProcess);
|
2012-02-16 16:40:15 +00:00
|
|
|
|
2014-12-15 23:35:32 +00:00
|
|
|
/* Attach the Shared Section */
|
|
|
|
|
Status = CsrSrvAttachSharedSection(CsrProcess, ConnectInfo);
|
2012-10-22 00:09:51 +00:00
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
2014-12-15 23:35:32 +00:00
|
|
|
/* Allow the connection and return debugging flag */
|
|
|
|
|
ConnectInfo->DebugFlags = CsrDebug;
|
|
|
|
|
AllowConnection = TRUE;
|
2012-02-16 16:40:15 +00:00
|
|
|
}
|
2006-10-30 18:45:22 +00:00
|
|
|
|
2014-12-15 23:35:32 +00:00
|
|
|
/* Dereference the Process */
|
2012-10-22 00:09:51 +00:00
|
|
|
CsrLockedDereferenceProcess(CsrProcess);
|
2011-08-03 03:09:02 +00:00
|
|
|
}
|
|
|
|
|
}
|
2012-02-15 16:11:12 +00:00
|
|
|
|
2014-12-15 23:35:32 +00:00
|
|
|
/* Release the Process Lock */
|
2012-10-22 00:09:51 +00:00
|
|
|
CsrReleaseProcessLock();
|
2012-02-19 04:18:33 +00:00
|
|
|
|
|
|
|
|
/* Setup the Port View Structure */
|
|
|
|
|
RemotePortView.Length = sizeof(REMOTE_PORT_VIEW);
|
|
|
|
|
RemotePortView.ViewSize = 0;
|
|
|
|
|
RemotePortView.ViewBase = NULL;
|
|
|
|
|
|
|
|
|
|
/* Save the Process ID */
|
2013-08-29 00:02:15 +00:00
|
|
|
ConnectInfo->ServerProcessId = NtCurrentTeb()->ClientId.UniqueProcess;
|
2012-02-19 04:18:33 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Accept the Connection */
|
2021-03-04 21:54:00 +00:00
|
|
|
ASSERT(!AllowConnection || CsrProcess);
|
2012-11-21 18:52:42 +00:00
|
|
|
Status = NtAcceptConnectPort(&ServerPort,
|
2012-10-22 00:09:51 +00:00
|
|
|
AllowConnection ? UlongToPtr(CsrProcess->SequenceNumber) : 0,
|
|
|
|
|
&ApiMessage->Header,
|
2011-08-03 03:09:02 +00:00
|
|
|
AllowConnection,
|
2012-02-19 04:18:33 +00:00
|
|
|
NULL,
|
|
|
|
|
&RemotePortView);
|
2011-08-03 03:09:02 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
2012-02-19 04:18:33 +00:00
|
|
|
DPRINT1("CSRSS: NtAcceptConnectPort - failed. Status == %X\n", Status);
|
2006-10-30 18:45:22 +00:00
|
|
|
}
|
2012-02-19 04:18:33 +00:00
|
|
|
else if (AllowConnection)
|
|
|
|
|
{
|
|
|
|
|
if (CsrDebug & 2)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("CSRSS: ClientId: %lx.%lx has ClientView: Base=%p, Size=%lx\n",
|
2012-10-22 00:09:51 +00:00
|
|
|
ApiMessage->Header.ClientId.UniqueProcess,
|
|
|
|
|
ApiMessage->Header.ClientId.UniqueThread,
|
2012-02-19 04:18:33 +00:00
|
|
|
RemotePortView.ViewBase,
|
|
|
|
|
RemotePortView.ViewSize);
|
|
|
|
|
}
|
2006-10-30 18:45:22 +00:00
|
|
|
|
2012-02-19 04:18:33 +00:00
|
|
|
/* Set some Port Data in the Process */
|
2012-11-21 18:52:42 +00:00
|
|
|
CsrProcess->ClientPort = ServerPort;
|
2012-10-22 00:09:51 +00:00
|
|
|
CsrProcess->ClientViewBase = (ULONG_PTR)RemotePortView.ViewBase;
|
|
|
|
|
CsrProcess->ClientViewBounds = (ULONG_PTR)((ULONG_PTR)RemotePortView.ViewBase +
|
|
|
|
|
(ULONG_PTR)RemotePortView.ViewSize);
|
2006-10-30 18:45:22 +00:00
|
|
|
|
2012-02-19 04:18:33 +00:00
|
|
|
/* Complete the connection */
|
2012-11-21 18:52:42 +00:00
|
|
|
Status = NtCompleteConnectPort(ServerPort);
|
2012-02-19 04:18:33 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("CSRSS: NtCompleteConnectPort - failed. Status == %X\n", Status);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
2006-10-30 18:45:22 +00:00
|
|
|
{
|
2012-02-19 04:18:33 +00:00
|
|
|
DPRINT1("CSRSS: Rejecting Connection Request from ClientId: %lx.%lx\n",
|
2012-10-22 00:09:51 +00:00
|
|
|
ApiMessage->Header.ClientId.UniqueProcess,
|
|
|
|
|
ApiMessage->Header.ClientId.UniqueThread);
|
2006-10-30 18:45:22 +00:00
|
|
|
}
|
2012-02-15 16:11:12 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Return status to caller */
|
2006-10-30 18:45:22 +00:00
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
2012-02-19 06:32:17 +00:00
|
|
|
/*++
|
|
|
|
|
* @name CsrpCheckRequestThreads
|
|
|
|
|
*
|
|
|
|
|
* The CsrpCheckRequestThreads routine checks if there are no more threads
|
|
|
|
|
* to handle CSR API Requests, and creates a new thread if possible, to
|
|
|
|
|
* avoid starvation.
|
|
|
|
|
*
|
|
|
|
|
* @param None.
|
|
|
|
|
*
|
|
|
|
|
* @return STATUS_SUCCESS in case of success, STATUS_UNSUCCESSFUL
|
|
|
|
|
* if a new thread couldn't be created.
|
|
|
|
|
*
|
|
|
|
|
* @remarks None.
|
|
|
|
|
*
|
|
|
|
|
*--*/
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
CsrpCheckRequestThreads(VOID)
|
|
|
|
|
{
|
|
|
|
|
HANDLE hThread;
|
|
|
|
|
CLIENT_ID ClientId;
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
|
|
|
|
|
/* Decrease the count, and see if we're out */
|
2013-07-28 10:41:27 +00:00
|
|
|
if (InterlockedDecrementUL(&CsrpStaticThreadCount) == 0)
|
2012-02-19 06:32:17 +00:00
|
|
|
{
|
|
|
|
|
/* Check if we've still got space for a Dynamic Thread */
|
|
|
|
|
if (CsrpDynamicThreadTotal < CsrMaxApiRequestThreads)
|
|
|
|
|
{
|
|
|
|
|
/* Create a new dynamic thread */
|
|
|
|
|
Status = RtlCreateUserThread(NtCurrentProcess(),
|
|
|
|
|
NULL,
|
|
|
|
|
TRUE,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
2012-10-22 00:09:51 +00:00
|
|
|
(PVOID)CsrApiRequestThread,
|
2012-02-19 06:32:17 +00:00
|
|
|
NULL,
|
|
|
|
|
&hThread,
|
|
|
|
|
&ClientId);
|
|
|
|
|
/* Check success */
|
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
/* Increase the thread counts */
|
2013-07-28 10:41:27 +00:00
|
|
|
InterlockedIncrementUL(&CsrpStaticThreadCount);
|
|
|
|
|
InterlockedIncrementUL(&CsrpDynamicThreadTotal);
|
2012-02-19 06:32:17 +00:00
|
|
|
|
|
|
|
|
/* Add a new server thread */
|
|
|
|
|
if (CsrAddStaticServerThread(hThread,
|
|
|
|
|
&ClientId,
|
|
|
|
|
CsrThreadIsServerThread))
|
|
|
|
|
{
|
|
|
|
|
/* Activate it */
|
|
|
|
|
NtResumeThread(hThread, NULL);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Failed to create a new static thread */
|
2013-07-28 10:41:27 +00:00
|
|
|
InterlockedDecrementUL(&CsrpStaticThreadCount);
|
|
|
|
|
InterlockedDecrementUL(&CsrpDynamicThreadTotal);
|
2012-02-19 06:32:17 +00:00
|
|
|
|
|
|
|
|
/* Terminate it */
|
|
|
|
|
DPRINT1("Failing\n");
|
|
|
|
|
NtTerminateThread(hThread, 0);
|
|
|
|
|
NtClose(hThread);
|
|
|
|
|
|
|
|
|
|
/* Return */
|
|
|
|
|
return STATUS_UNSUCCESSFUL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Success */
|
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/*++
|
|
|
|
|
* @name CsrApiRequestThread
|
|
|
|
|
*
|
|
|
|
|
* The CsrApiRequestThread routine handles incoming messages or connection
|
|
|
|
|
* requests on the CSR API LPC Port.
|
|
|
|
|
*
|
|
|
|
|
* @param Parameter
|
|
|
|
|
* System-default user-defined parameter. Unused.
|
|
|
|
|
*
|
|
|
|
|
* @return The thread exit code, if the thread is terminated.
|
|
|
|
|
*
|
|
|
|
|
* @remarks Before listening on the port, the routine will first attempt
|
|
|
|
|
* to connect to the user subsystem.
|
|
|
|
|
*
|
|
|
|
|
*--*/
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
CsrApiRequestThread(IN PVOID Parameter)
|
2003-12-02 11:38:47 +00:00
|
|
|
{
|
2012-02-16 16:40:15 +00:00
|
|
|
PTEB Teb = NtCurrentTeb();
|
|
|
|
|
LARGE_INTEGER TimeOut;
|
2012-10-22 00:09:51 +00:00
|
|
|
PCSR_THREAD CurrentThread, CsrThread;
|
Large change to modify NTDLL'S CSR Functions to be compatible with NT. They are external and we should at least try to match the number of arguments (one vs eight? come on!). Because this is also the direction that Emanuele wants to be taking, the whole external calling interface was modified to be more compatible with NT (although internally it still isn't, and does not have a reason to be). API Names are now generated by a macro from the Server ID, like Emanuele and I noticed from traces, and I've entirely removed the concept of a reply structure. CSRSS uses full-duplex one-way structures, not dual-strutures (this would've been incompatible with the external interface anyways). I don't seem to have introduced any new bugs (console-ROS works great for me, as does the GUI), but there is still a chance some obscure bug might happen, so please bear with me, I had to hand-edit over 250 calls. Also, this now allows full removal of ntdll headers and the next commits will clean this up
svn path=/trunk/; revision=16213
2005-06-22 04:02:32 +00:00
|
|
|
NTSTATUS Status;
|
2012-12-04 23:01:54 +00:00
|
|
|
CSR_REPLY_CODE ReplyCode;
|
2012-10-22 00:09:51 +00:00
|
|
|
PCSR_API_MESSAGE ReplyMsg;
|
|
|
|
|
CSR_API_MESSAGE ReceiveMsg;
|
2012-02-19 19:40:28 +00:00
|
|
|
PCSR_PROCESS CsrProcess;
|
|
|
|
|
PHARDERROR_MSG HardErrorMsg;
|
2012-10-22 00:09:51 +00:00
|
|
|
PVOID PortContext;
|
|
|
|
|
PCSR_SERVER_DLL ServerDll;
|
2012-02-19 19:40:28 +00:00
|
|
|
PCLIENT_DIED_MSG ClientDiedMsg;
|
2012-10-22 00:09:51 +00:00
|
|
|
PDBGKM_MSG DebugMessage;
|
2012-12-04 23:01:54 +00:00
|
|
|
ULONG ServerId, ApiId, MessageType, i;
|
2012-10-22 00:09:51 +00:00
|
|
|
HANDLE ReplyPort;
|
2012-02-15 16:11:12 +00:00
|
|
|
|
2012-02-16 16:40:15 +00:00
|
|
|
/* Setup LPC loop port and message */
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-02-19 06:32:17 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2012-02-16 16:40:15 +00:00
|
|
|
|
2010-03-09 20:23:22 +00:00
|
|
|
/* Connect to user32 */
|
|
|
|
|
while (!CsrConnectToUser())
|
|
|
|
|
{
|
2012-02-16 16:40:15 +00:00
|
|
|
/* Set up the timeout for the connect (30 seconds) */
|
|
|
|
|
TimeOut.QuadPart = -30 * 1000 * 1000 * 10;
|
|
|
|
|
|
2010-03-09 20:23:22 +00:00
|
|
|
/* Keep trying until we get a response */
|
2012-02-16 16:40:15 +00:00
|
|
|
Teb->Win32ClientInfo[0] = 0;
|
|
|
|
|
NtDelayExecution(FALSE, &TimeOut);
|
2010-03-09 20:23:22 +00:00
|
|
|
}
|
Large change to modify NTDLL'S CSR Functions to be compatible with NT. They are external and we should at least try to match the number of arguments (one vs eight? come on!). Because this is also the direction that Emanuele wants to be taking, the whole external calling interface was modified to be more compatible with NT (although internally it still isn't, and does not have a reason to be). API Names are now generated by a macro from the Server ID, like Emanuele and I noticed from traces, and I've entirely removed the concept of a reply structure. CSRSS uses full-duplex one-way structures, not dual-strutures (this would've been incompatible with the external interface anyways). I don't seem to have introduced any new bugs (console-ROS works great for me, as does the GUI), but there is still a chance some obscure bug might happen, so please bear with me, I had to hand-edit over 250 calls. Also, this now allows full removal of ntdll headers and the next commits will clean this up
svn path=/trunk/; revision=16213
2005-06-22 04:02:32 +00:00
|
|
|
|
2012-02-16 16:40:15 +00:00
|
|
|
/* Get our thread */
|
2012-10-22 00:09:51 +00:00
|
|
|
CurrentThread = Teb->CsrClientThread;
|
2012-02-16 16:40:15 +00:00
|
|
|
|
|
|
|
|
/* If we got an event... */
|
|
|
|
|
if (Parameter)
|
|
|
|
|
{
|
|
|
|
|
/* Set it, to let stuff waiting on us load */
|
|
|
|
|
Status = NtSetEvent((HANDLE)Parameter, NULL);
|
|
|
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
|
|
|
|
|
|
/* Increase the Thread Counts */
|
2013-07-28 10:41:27 +00:00
|
|
|
InterlockedIncrementUL(&CsrpStaticThreadCount);
|
|
|
|
|
InterlockedIncrementUL(&CsrpDynamicThreadTotal);
|
2012-02-16 16:40:15 +00:00
|
|
|
}
|
2005-06-22 17:43:59 +00:00
|
|
|
|
2012-02-16 16:40:15 +00:00
|
|
|
/* Now start the loop */
|
|
|
|
|
while (TRUE)
|
2003-12-02 11:38:47 +00:00
|
|
|
{
|
2012-02-16 16:40:15 +00:00
|
|
|
/* Make sure the real CID is set */
|
|
|
|
|
Teb->RealClientId = Teb->ClientId;
|
|
|
|
|
|
2020-04-14 20:53:49 +00:00
|
|
|
#ifdef CSR_DBG
|
2012-02-16 16:40:15 +00:00
|
|
|
/* Debug check */
|
|
|
|
|
if (Teb->CountOfOwnedCriticalSections)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("CSRSRV: FATAL ERROR. CsrThread is Idle while holding %lu critical sections\n",
|
|
|
|
|
Teb->CountOfOwnedCriticalSections);
|
|
|
|
|
DPRINT1("CSRSRV: Last Receive Message %lx ReplyMessage %lx\n",
|
2012-10-22 00:09:51 +00:00
|
|
|
&ReceiveMsg, ReplyMsg);
|
2012-02-16 16:40:15 +00:00
|
|
|
DbgBreakPoint();
|
|
|
|
|
}
|
2020-04-14 20:53:49 +00:00
|
|
|
#endif
|
2012-02-16 16:40:15 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Wait for a message to come through */
|
2012-02-19 06:32:17 +00:00
|
|
|
Status = NtReplyWaitReceivePort(ReplyPort,
|
2012-10-22 00:09:51 +00:00
|
|
|
&PortContext,
|
|
|
|
|
&ReplyMsg->Header,
|
|
|
|
|
&ReceiveMsg.Header);
|
|
|
|
|
|
2012-02-16 16:40:15 +00:00
|
|
|
/* Check if we didn't get success */
|
|
|
|
|
if (Status != STATUS_SUCCESS)
|
2007-06-15 19:14:15 +00:00
|
|
|
{
|
2012-02-16 16:40:15 +00:00
|
|
|
/* Was it a failure or another success code? */
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
2020-04-14 20:53:49 +00:00
|
|
|
#ifdef CSR_DBG
|
2012-02-16 16:40:15 +00:00
|
|
|
/* Check for specific status cases */
|
|
|
|
|
if ((Status != STATUS_INVALID_CID) &&
|
2012-02-19 06:32:17 +00:00
|
|
|
(Status != STATUS_UNSUCCESSFUL) &&
|
2020-04-14 20:53:49 +00:00
|
|
|
((Status != STATUS_INVALID_HANDLE) || (ReplyPort == CsrApiPort)))
|
2012-02-16 16:40:15 +00:00
|
|
|
{
|
|
|
|
|
/* Notify the debugger */
|
|
|
|
|
DPRINT1("CSRSS: ReceivePort failed - Status == %X\n", Status);
|
2012-02-19 06:32:17 +00:00
|
|
|
DPRINT1("CSRSS: ReplyPortHandle %lx CsrApiPort %lx\n", ReplyPort, CsrApiPort);
|
2012-02-16 16:40:15 +00:00
|
|
|
}
|
2020-04-14 20:53:49 +00:00
|
|
|
#endif
|
2012-02-16 16:40:15 +00:00
|
|
|
|
|
|
|
|
/* We failed big time, so start out fresh */
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-02-19 06:32:17 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2012-02-16 16:40:15 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2013-05-04 14:27:09 +00:00
|
|
|
/* A strange "success" code, just try again */
|
2012-02-16 16:40:15 +00:00
|
|
|
DPRINT1("NtReplyWaitReceivePort returned \"success\" status 0x%x\n", Status);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2007-06-15 19:14:15 +00:00
|
|
|
}
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2020-04-14 20:53:49 +00:00
|
|
|
// ASSERT(ReceiveMsg.Header.u1.s1.TotalLength >= sizeof(PORT_MESSAGE));
|
|
|
|
|
// ASSERT(ReceiveMsg.Header.u1.s1.TotalLength < sizeof(ReceiveMsg));
|
|
|
|
|
|
2012-02-16 16:40:15 +00:00
|
|
|
/* Use whatever Client ID we got */
|
2012-10-22 00:09:51 +00:00
|
|
|
Teb->RealClientId = ReceiveMsg.Header.ClientId;
|
2007-06-15 19:14:15 +00:00
|
|
|
|
2012-02-16 16:40:15 +00:00
|
|
|
/* Get the Message Type */
|
2012-10-22 00:09:51 +00:00
|
|
|
MessageType = ReceiveMsg.Header.u2.s2.Type;
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Handle connection requests */
|
2012-02-16 16:40:15 +00:00
|
|
|
if (MessageType == LPC_CONNECTION_REQUEST)
|
2006-10-30 18:45:22 +00:00
|
|
|
{
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Handle the Connection Request */
|
2012-10-22 00:09:51 +00:00
|
|
|
CsrApiHandleConnectionRequest(&ReceiveMsg);
|
2012-12-04 23:01:54 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-12-04 23:01:54 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2006-10-30 18:45:22 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* It's some other kind of request. Get the lock for the lookup */
|
|
|
|
|
CsrAcquireProcessLock();
|
2006-10-30 18:45:22 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Now do the lookup to get the CSR_THREAD */
|
|
|
|
|
CsrThread = CsrLocateThreadByClientId(&CsrProcess,
|
2012-10-22 00:09:51 +00:00
|
|
|
&ReceiveMsg.Header.ClientId);
|
2004-07-03 17:15:02 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Did we find a thread? */
|
|
|
|
|
if (!CsrThread)
|
2012-02-19 18:05:49 +00:00
|
|
|
{
|
2012-02-19 19:40:28 +00:00
|
|
|
/* This wasn't a CSR Thread, release lock */
|
|
|
|
|
CsrReleaseProcessLock();
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* If this was an exception, handle it */
|
|
|
|
|
if (MessageType == LPC_EXCEPTION)
|
|
|
|
|
{
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = &ReceiveMsg;
|
2012-02-19 19:40:28 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg->Status = DBG_CONTINUE;
|
2012-02-19 19:40:28 +00:00
|
|
|
}
|
|
|
|
|
else if (MessageType == LPC_PORT_CLOSED ||
|
|
|
|
|
MessageType == LPC_CLIENT_DIED)
|
|
|
|
|
{
|
|
|
|
|
/* The Client or Port are gone, loop again */
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-02-19 19:40:28 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
|
|
|
|
}
|
|
|
|
|
else if (MessageType == LPC_ERROR_EVENT)
|
|
|
|
|
{
|
|
|
|
|
/* If it's a hard error, handle this too */
|
2012-10-22 00:09:51 +00:00
|
|
|
HardErrorMsg = (PHARDERROR_MSG)&ReceiveMsg;
|
2012-02-19 18:05:49 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Default it to unhandled */
|
|
|
|
|
HardErrorMsg->Response = ResponseNotHandled;
|
2012-02-15 16:11:12 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Check if there are free api threads */
|
2012-02-19 06:32:17 +00:00
|
|
|
CsrpCheckRequestThreads();
|
2012-02-19 19:40:28 +00:00
|
|
|
if (CsrpStaticThreadCount)
|
2012-02-19 06:32:17 +00:00
|
|
|
{
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Loop every Server DLL */
|
|
|
|
|
for (i = 0; i < CSR_SERVER_DLL_MAX; i++)
|
|
|
|
|
{
|
|
|
|
|
/* Get the Server DLL */
|
|
|
|
|
ServerDll = CsrLoadedServerDll[i];
|
|
|
|
|
|
|
|
|
|
/* Check if it's valid and if it has a Hard Error Callback */
|
|
|
|
|
if ((ServerDll) && (ServerDll->HardErrorCallback))
|
|
|
|
|
{
|
|
|
|
|
/* Call it */
|
2012-12-05 23:21:41 +00:00
|
|
|
ServerDll->HardErrorCallback(NULL /* == CsrThread */, HardErrorMsg);
|
2012-10-22 00:09:51 +00:00
|
|
|
|
|
|
|
|
/* If it's handled, get out of here */
|
|
|
|
|
if (HardErrorMsg->Response != ResponseNotHandled) break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-02-19 06:32:17 +00:00
|
|
|
}
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Increase the thread count */
|
2013-07-28 10:41:27 +00:00
|
|
|
InterlockedIncrementUL(&CsrpStaticThreadCount);
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* If the response was 0xFFFFFFFF, we'll ignore it */
|
|
|
|
|
if (HardErrorMsg->Response == 0xFFFFFFFF)
|
2012-02-19 06:32:17 +00:00
|
|
|
{
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-02-19 19:40:28 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2012-02-19 06:32:17 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = &ReceiveMsg;
|
2012-12-05 23:21:41 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2012-02-19 06:32:17 +00:00
|
|
|
}
|
2012-02-19 19:40:28 +00:00
|
|
|
}
|
|
|
|
|
else if (MessageType == LPC_REQUEST)
|
|
|
|
|
{
|
|
|
|
|
/* This is an API Message coming from a non-CSR Thread */
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = &ReceiveMsg;
|
2012-02-19 19:40:28 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
|
2012-02-19 19:40:28 +00:00
|
|
|
}
|
|
|
|
|
else if (MessageType == LPC_DATAGRAM)
|
|
|
|
|
{
|
2012-10-22 00:09:51 +00:00
|
|
|
/* This is an API call, get the Server ID */
|
|
|
|
|
ServerId = CSR_API_NUMBER_TO_SERVER_ID(ReceiveMsg.ApiNumber);
|
|
|
|
|
|
|
|
|
|
/* Make sure that the ID is within limits, and the Server DLL loaded */
|
|
|
|
|
ServerDll = NULL;
|
|
|
|
|
if ((ServerId >= CSR_SERVER_DLL_MAX) ||
|
|
|
|
|
(!(ServerDll = CsrLoadedServerDll[ServerId])))
|
|
|
|
|
{
|
|
|
|
|
/* We are beyond the Maximum Server ID */
|
2020-04-14 20:53:49 +00:00
|
|
|
#ifdef CSR_DBG
|
2012-10-22 00:09:51 +00:00
|
|
|
DPRINT1("CSRSS: %lx is invalid ServerDllIndex (%08x)\n",
|
|
|
|
|
ServerId, ServerDll);
|
2020-04-14 20:53:49 +00:00
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-12-04 23:01:54 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2012-10-22 00:09:51 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/* Get the API ID, normalized with our Base ID */
|
|
|
|
|
ApiId = CSR_API_NUMBER_TO_API_ID(ReceiveMsg.ApiNumber) - ServerDll->ApiBase;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
|
|
|
|
/* Make sure that the ID is within limits, and the entry exists */
|
|
|
|
|
if (ApiId >= ServerDll->HighestApiSupported)
|
|
|
|
|
{
|
|
|
|
|
/* We are beyond the Maximum API ID, or it doesn't exist */
|
2021-04-21 17:47:36 +00:00
|
|
|
#ifdef CSR_DBG
|
2012-10-22 00:09:51 +00:00
|
|
|
DPRINT1("CSRSS: %lx is invalid ApiTableIndex for %Z\n",
|
|
|
|
|
CSR_API_NUMBER_TO_API_ID(ReceiveMsg.ApiNumber),
|
|
|
|
|
&ServerDll->Name);
|
2021-04-21 17:47:36 +00:00
|
|
|
#endif
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
|
|
|
|
ReplyMsg = NULL;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
[CSR]
During my investigations for making working Win2k3 csrsrv.dll (or other CSR servers) into ROS (to compare our behaviour with our own csrsrv.dll and Win2k3 one), I hit a problem: if I test a checked-build version of csrsrv (or other CSR servers), everything was fine when they were loaded, but if I use a release-build version (i.e. without any debug information), I systematically hit a memory access violation which was traced back to the moment when a CSR server's CsrInitialization entry point was called.
So I did the experiment, where I used our (debug-build) csrsrv with a free-build win2k3 CSR server dll (it was winsrv.dll, and I retested with basesrv.dll after). I hit the access violation. But if I took a debug-build version of winsrv.dll, everything was OK.
I then added in our csrsrv' server.c file the following line (around line 212 of the current file version):
DPRINT1("%s ; ServerDll->ValidTable = 0x%p ; ServerDll->NameTable = 0x%p ; ServerDll->SizeOfProcessData = %d ; ServerDll->ConnectCallback = 0x%p\n", DllString, ServerDll->ValidTable, ServerDll->NameTable, ServerDll->SizeOfProcessData, ServerDll->ConnectCallback);
and I saw that, when using a debug-build win2k3 CSR server, everything was fine (in particular the ServerDll->SizeOfProcessData member contained a reasonable value, e.g. a size of 88 bytes), whereas if I used a free-build version, I got an off-by-one problem, with the ServerDll->ValidTable pointer valid but the ServerDll->NameTable member being equal to 88 (i.e. invalid pointer) and the ServerDll->SizeOfProcessData member being equal to a very large value, which looked like a pointer value.
After more investigations, I saw that in debug-build CSR servers the list of API names were stored, whereas it was not the case in free-build versions. Therefore I concluded that the API names table was included *ONLY* in debug builds and not in release builds.
Hence, to be able to test in ROS either debug-builds or release-builds versions of Windows CSR servers in ROS (and vice-versa), I introduced a #define called CSR_DBG, which is defined only if the DBG macro is != 0, and which is not defined otherwise. When the CSR_DBG flag is defined, API names tables are added in CSR servers and otherwise, they are not.
Therefore, we are now able to test debug-build Windows CSR servers in ROS (the default possibility) or free-build versions of these CSR servers (but first, we have to build the other ones without the CSR_DBG flag, to avoid the off-by-one problem described above).
svn path=/trunk/; revision=60560
2013-10-06 13:33:17 +00:00
|
|
|
#ifdef CSR_DBG
|
2012-10-22 00:09:51 +00:00
|
|
|
if (CsrDebug & 2)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("[%02x] CSRSS: [%02x,%02x] - %s Api called from %08x\n",
|
|
|
|
|
Teb->ClientId.UniqueThread,
|
|
|
|
|
ReceiveMsg.Header.ClientId.UniqueProcess,
|
|
|
|
|
ReceiveMsg.Header.ClientId.UniqueThread,
|
|
|
|
|
ServerDll->NameTable[ApiId],
|
|
|
|
|
NULL);
|
|
|
|
|
}
|
[CSR]
During my investigations for making working Win2k3 csrsrv.dll (or other CSR servers) into ROS (to compare our behaviour with our own csrsrv.dll and Win2k3 one), I hit a problem: if I test a checked-build version of csrsrv (or other CSR servers), everything was fine when they were loaded, but if I use a release-build version (i.e. without any debug information), I systematically hit a memory access violation which was traced back to the moment when a CSR server's CsrInitialization entry point was called.
So I did the experiment, where I used our (debug-build) csrsrv with a free-build win2k3 CSR server dll (it was winsrv.dll, and I retested with basesrv.dll after). I hit the access violation. But if I took a debug-build version of winsrv.dll, everything was OK.
I then added in our csrsrv' server.c file the following line (around line 212 of the current file version):
DPRINT1("%s ; ServerDll->ValidTable = 0x%p ; ServerDll->NameTable = 0x%p ; ServerDll->SizeOfProcessData = %d ; ServerDll->ConnectCallback = 0x%p\n", DllString, ServerDll->ValidTable, ServerDll->NameTable, ServerDll->SizeOfProcessData, ServerDll->ConnectCallback);
and I saw that, when using a debug-build win2k3 CSR server, everything was fine (in particular the ServerDll->SizeOfProcessData member contained a reasonable value, e.g. a size of 88 bytes), whereas if I used a free-build version, I got an off-by-one problem, with the ServerDll->ValidTable pointer valid but the ServerDll->NameTable member being equal to 88 (i.e. invalid pointer) and the ServerDll->SizeOfProcessData member being equal to a very large value, which looked like a pointer value.
After more investigations, I saw that in debug-build CSR servers the list of API names were stored, whereas it was not the case in free-build versions. Therefore I concluded that the API names table was included *ONLY* in debug builds and not in release builds.
Hence, to be able to test in ROS either debug-builds or release-builds versions of Windows CSR servers in ROS (and vice-versa), I introduced a #define called CSR_DBG, which is defined only if the DBG macro is != 0, and which is not defined otherwise. When the CSR_DBG flag is defined, API names tables are added in CSR servers and otherwise, they are not.
Therefore, we are now able to test debug-build Windows CSR servers in ROS (the default possibility) or free-build versions of these CSR servers (but first, we have to build the other ones without the CSR_DBG flag, to avoid the off-by-one problem described above).
svn path=/trunk/; revision=60560
2013-10-06 13:33:17 +00:00
|
|
|
#endif
|
2012-10-22 00:09:51 +00:00
|
|
|
|
|
|
|
|
/* Assume success */
|
|
|
|
|
ReceiveMsg.Status = STATUS_SUCCESS;
|
|
|
|
|
|
|
|
|
|
/* Validation complete, start SEH */
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
/* Make sure we have enough threads */
|
|
|
|
|
CsrpCheckRequestThreads();
|
|
|
|
|
|
2012-12-04 23:01:54 +00:00
|
|
|
/* Call the API and get the reply code */
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
|
|
|
|
ReplyPort = CsrApiPort;
|
2012-12-04 23:01:54 +00:00
|
|
|
ServerDll->DispatchTable[ApiId](&ReceiveMsg, &ReplyCode);
|
2012-10-22 00:09:51 +00:00
|
|
|
|
|
|
|
|
/* Increase the static thread count */
|
2013-07-28 10:41:27 +00:00
|
|
|
InterlockedIncrementUL(&CsrpStaticThreadCount);
|
2012-10-22 00:09:51 +00:00
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(CsrUnhandledExceptionFilter(_SEH2_GetExceptionInformation()))
|
|
|
|
|
{
|
|
|
|
|
ReplyMsg = NULL;
|
|
|
|
|
ReplyPort = CsrApiPort;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
2012-02-19 19:40:28 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Some other ignored message type */
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-02-19 19:40:28 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
|
|
|
|
}
|
2012-02-19 06:32:17 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Keep going */
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* We have a valid thread, was this an LPC Request? */
|
|
|
|
|
if (MessageType != LPC_REQUEST)
|
|
|
|
|
{
|
|
|
|
|
/* It's not an API, check if the client died */
|
|
|
|
|
if (MessageType == LPC_CLIENT_DIED)
|
|
|
|
|
{
|
|
|
|
|
/* Get the information and check if it matches our thread */
|
2012-10-22 00:09:51 +00:00
|
|
|
ClientDiedMsg = (PCLIENT_DIED_MSG)&ReceiveMsg;
|
2012-02-19 19:40:28 +00:00
|
|
|
if (ClientDiedMsg->CreateTime.QuadPart == CsrThread->CreateTime.QuadPart)
|
2012-02-19 06:32:17 +00:00
|
|
|
{
|
2013-01-01 02:59:31 +00:00
|
|
|
/* Now we reply to the dying client */
|
|
|
|
|
ReplyPort = CsrThread->Process->ClientPort;
|
|
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Reference the thread */
|
|
|
|
|
CsrLockedReferenceThread(CsrThread);
|
|
|
|
|
|
|
|
|
|
/* Destroy the thread in the API Message */
|
2012-10-22 00:09:51 +00:00
|
|
|
CsrDestroyThread(&ReceiveMsg.Header.ClientId);
|
2012-02-19 19:40:28 +00:00
|
|
|
|
|
|
|
|
/* Check if the thread was actually ourselves */
|
|
|
|
|
if (CsrProcess->ThreadCount == 1)
|
|
|
|
|
{
|
|
|
|
|
/* Kill the process manually here */
|
|
|
|
|
CsrDestroyProcess(&CsrThread->ClientId, 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Remove our extra reference */
|
|
|
|
|
CsrLockedDereferenceThread(CsrThread);
|
2012-02-19 06:32:17 +00:00
|
|
|
}
|
2012-02-19 19:40:28 +00:00
|
|
|
|
|
|
|
|
/* Release the lock and keep looping */
|
|
|
|
|
CsrReleaseProcessLock();
|
2012-12-04 23:01:54 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-02-19 19:40:28 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
|
|
|
|
continue;
|
2012-02-19 06:32:17 +00:00
|
|
|
}
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Reference the thread and release the lock */
|
|
|
|
|
CsrLockedReferenceThread(CsrThread);
|
|
|
|
|
CsrReleaseProcessLock();
|
|
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Check if this was an exception */
|
2012-02-19 19:40:28 +00:00
|
|
|
if (MessageType == LPC_EXCEPTION)
|
2012-02-19 06:32:17 +00:00
|
|
|
{
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Kill the process */
|
|
|
|
|
NtTerminateProcess(CsrProcess->ProcessHandle, STATUS_ABANDONED);
|
|
|
|
|
|
|
|
|
|
/* Destroy it from CSR */
|
2012-10-22 00:09:51 +00:00
|
|
|
CsrDestroyProcess(&ReceiveMsg.Header.ClientId, STATUS_ABANDONED);
|
2012-02-19 19:40:28 +00:00
|
|
|
|
|
|
|
|
/* Return a Debug Message */
|
2012-10-22 00:09:51 +00:00
|
|
|
DebugMessage = (PDBGKM_MSG)&ReceiveMsg;
|
2012-02-19 19:40:28 +00:00
|
|
|
DebugMessage->ReturnedStatus = DBG_CONTINUE;
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = &ReceiveMsg;
|
2012-02-19 06:32:17 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2012-02-19 20:13:07 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Remove our extra reference */
|
|
|
|
|
CsrDereferenceThread(CsrThread);
|
2012-02-19 06:32:17 +00:00
|
|
|
}
|
2012-02-19 19:40:28 +00:00
|
|
|
else if (MessageType == LPC_ERROR_EVENT)
|
|
|
|
|
{
|
2012-10-22 00:09:51 +00:00
|
|
|
/* If it's a hard error, handle this too */
|
|
|
|
|
HardErrorMsg = (PHARDERROR_MSG)&ReceiveMsg;
|
|
|
|
|
|
|
|
|
|
/* Default it to unhandled */
|
|
|
|
|
HardErrorMsg->Response = ResponseNotHandled;
|
|
|
|
|
|
|
|
|
|
/* Check if there are free api threads */
|
|
|
|
|
CsrpCheckRequestThreads();
|
|
|
|
|
if (CsrpStaticThreadCount)
|
|
|
|
|
{
|
|
|
|
|
/* Loop every Server DLL */
|
|
|
|
|
for (i = 0; i < CSR_SERVER_DLL_MAX; i++)
|
|
|
|
|
{
|
|
|
|
|
/* Get the Server DLL */
|
|
|
|
|
ServerDll = CsrLoadedServerDll[i];
|
|
|
|
|
|
|
|
|
|
/* Check if it's valid and if it has a Hard Error Callback */
|
|
|
|
|
if ((ServerDll) && (ServerDll->HardErrorCallback))
|
|
|
|
|
{
|
|
|
|
|
/* Call it */
|
|
|
|
|
ServerDll->HardErrorCallback(CsrThread, HardErrorMsg);
|
|
|
|
|
|
|
|
|
|
/* If it's handled, get out of here */
|
|
|
|
|
if (HardErrorMsg->Response != ResponseNotHandled) break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Increase the thread count */
|
2013-07-28 10:41:27 +00:00
|
|
|
InterlockedIncrementUL(&CsrpStaticThreadCount);
|
2012-10-22 00:09:51 +00:00
|
|
|
|
|
|
|
|
/* If the response was 0xFFFFFFFF, we'll ignore it */
|
|
|
|
|
if (HardErrorMsg->Response == 0xFFFFFFFF)
|
|
|
|
|
{
|
|
|
|
|
ReplyMsg = NULL;
|
|
|
|
|
ReplyPort = CsrApiPort;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
CsrDereferenceThread(CsrThread);
|
|
|
|
|
ReplyMsg = &ReceiveMsg;
|
|
|
|
|
ReplyPort = CsrApiPort;
|
|
|
|
|
}
|
2012-02-19 19:40:28 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Something else */
|
|
|
|
|
CsrDereferenceThread(CsrThread);
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-02-19 19:40:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Keep looping */
|
|
|
|
|
continue;
|
2006-10-30 14:20:45 +00:00
|
|
|
}
|
|
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* We got an API Request */
|
|
|
|
|
CsrLockedReferenceThread(CsrThread);
|
|
|
|
|
CsrReleaseProcessLock();
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/* This is an API call, get the Server ID */
|
|
|
|
|
ServerId = CSR_API_NUMBER_TO_SERVER_ID(ReceiveMsg.ApiNumber);
|
|
|
|
|
|
|
|
|
|
/* Make sure that the ID is within limits, and the Server DLL loaded */
|
|
|
|
|
ServerDll = NULL;
|
|
|
|
|
if ((ServerId >= CSR_SERVER_DLL_MAX) ||
|
|
|
|
|
(!(ServerDll = CsrLoadedServerDll[ServerId])))
|
|
|
|
|
{
|
|
|
|
|
/* We are beyond the Maximum Server ID */
|
2020-04-14 20:53:49 +00:00
|
|
|
#ifdef CSR_DBG
|
2012-10-22 00:09:51 +00:00
|
|
|
DPRINT1("CSRSS: %lx is invalid ServerDllIndex (%08x)\n",
|
|
|
|
|
ServerId, ServerDll);
|
2020-04-14 20:53:49 +00:00
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
|
|
|
|
ReplyMsg = &ReceiveMsg;
|
|
|
|
|
ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
|
|
|
|
|
CsrDereferenceThread(CsrThread);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/* Get the API ID, normalized with our Base ID */
|
|
|
|
|
ApiId = CSR_API_NUMBER_TO_API_ID(ReceiveMsg.ApiNumber) - ServerDll->ApiBase;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
|
|
|
|
/* Make sure that the ID is within limits, and the entry exists */
|
|
|
|
|
if (ApiId >= ServerDll->HighestApiSupported)
|
|
|
|
|
{
|
2021-04-21 17:47:36 +00:00
|
|
|
#ifdef CSR_DBG
|
2012-10-22 00:09:51 +00:00
|
|
|
/* We are beyond the Maximum API ID, or it doesn't exist */
|
|
|
|
|
DPRINT1("CSRSS: %lx is invalid ApiTableIndex for %Z\n",
|
|
|
|
|
CSR_API_NUMBER_TO_API_ID(ReceiveMsg.ApiNumber),
|
|
|
|
|
&ServerDll->Name);
|
2021-04-21 17:47:36 +00:00
|
|
|
#endif
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
|
|
|
|
ReplyMsg = &ReceiveMsg;
|
|
|
|
|
ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
|
|
|
|
|
CsrDereferenceThread(CsrThread);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
[CSR]
During my investigations for making working Win2k3 csrsrv.dll (or other CSR servers) into ROS (to compare our behaviour with our own csrsrv.dll and Win2k3 one), I hit a problem: if I test a checked-build version of csrsrv (or other CSR servers), everything was fine when they were loaded, but if I use a release-build version (i.e. without any debug information), I systematically hit a memory access violation which was traced back to the moment when a CSR server's CsrInitialization entry point was called.
So I did the experiment, where I used our (debug-build) csrsrv with a free-build win2k3 CSR server dll (it was winsrv.dll, and I retested with basesrv.dll after). I hit the access violation. But if I took a debug-build version of winsrv.dll, everything was OK.
I then added in our csrsrv' server.c file the following line (around line 212 of the current file version):
DPRINT1("%s ; ServerDll->ValidTable = 0x%p ; ServerDll->NameTable = 0x%p ; ServerDll->SizeOfProcessData = %d ; ServerDll->ConnectCallback = 0x%p\n", DllString, ServerDll->ValidTable, ServerDll->NameTable, ServerDll->SizeOfProcessData, ServerDll->ConnectCallback);
and I saw that, when using a debug-build win2k3 CSR server, everything was fine (in particular the ServerDll->SizeOfProcessData member contained a reasonable value, e.g. a size of 88 bytes), whereas if I used a free-build version, I got an off-by-one problem, with the ServerDll->ValidTable pointer valid but the ServerDll->NameTable member being equal to 88 (i.e. invalid pointer) and the ServerDll->SizeOfProcessData member being equal to a very large value, which looked like a pointer value.
After more investigations, I saw that in debug-build CSR servers the list of API names were stored, whereas it was not the case in free-build versions. Therefore I concluded that the API names table was included *ONLY* in debug builds and not in release builds.
Hence, to be able to test in ROS either debug-builds or release-builds versions of Windows CSR servers in ROS (and vice-versa), I introduced a #define called CSR_DBG, which is defined only if the DBG macro is != 0, and which is not defined otherwise. When the CSR_DBG flag is defined, API names tables are added in CSR servers and otherwise, they are not.
Therefore, we are now able to test debug-build Windows CSR servers in ROS (the default possibility) or free-build versions of these CSR servers (but first, we have to build the other ones without the CSR_DBG flag, to avoid the off-by-one problem described above).
svn path=/trunk/; revision=60560
2013-10-06 13:33:17 +00:00
|
|
|
#ifdef CSR_DBG
|
2012-10-22 00:09:51 +00:00
|
|
|
if (CsrDebug & 2)
|
|
|
|
|
{
|
2013-01-01 02:59:31 +00:00
|
|
|
DPRINT1("[%02x] CSRSS: [%02x,%02x] - %s Api called from %08x, Process %08x - %08x\n",
|
2012-10-22 00:09:51 +00:00
|
|
|
Teb->ClientId.UniqueThread,
|
|
|
|
|
ReceiveMsg.Header.ClientId.UniqueProcess,
|
|
|
|
|
ReceiveMsg.Header.ClientId.UniqueThread,
|
|
|
|
|
ServerDll->NameTable[ApiId],
|
2013-01-01 02:59:31 +00:00
|
|
|
CsrThread,
|
|
|
|
|
CsrThread->Process,
|
|
|
|
|
CsrProcess);
|
2012-10-22 00:09:51 +00:00
|
|
|
}
|
[CSR]
During my investigations for making working Win2k3 csrsrv.dll (or other CSR servers) into ROS (to compare our behaviour with our own csrsrv.dll and Win2k3 one), I hit a problem: if I test a checked-build version of csrsrv (or other CSR servers), everything was fine when they were loaded, but if I use a release-build version (i.e. without any debug information), I systematically hit a memory access violation which was traced back to the moment when a CSR server's CsrInitialization entry point was called.
So I did the experiment, where I used our (debug-build) csrsrv with a free-build win2k3 CSR server dll (it was winsrv.dll, and I retested with basesrv.dll after). I hit the access violation. But if I took a debug-build version of winsrv.dll, everything was OK.
I then added in our csrsrv' server.c file the following line (around line 212 of the current file version):
DPRINT1("%s ; ServerDll->ValidTable = 0x%p ; ServerDll->NameTable = 0x%p ; ServerDll->SizeOfProcessData = %d ; ServerDll->ConnectCallback = 0x%p\n", DllString, ServerDll->ValidTable, ServerDll->NameTable, ServerDll->SizeOfProcessData, ServerDll->ConnectCallback);
and I saw that, when using a debug-build win2k3 CSR server, everything was fine (in particular the ServerDll->SizeOfProcessData member contained a reasonable value, e.g. a size of 88 bytes), whereas if I used a free-build version, I got an off-by-one problem, with the ServerDll->ValidTable pointer valid but the ServerDll->NameTable member being equal to 88 (i.e. invalid pointer) and the ServerDll->SizeOfProcessData member being equal to a very large value, which looked like a pointer value.
After more investigations, I saw that in debug-build CSR servers the list of API names were stored, whereas it was not the case in free-build versions. Therefore I concluded that the API names table was included *ONLY* in debug builds and not in release builds.
Hence, to be able to test in ROS either debug-builds or release-builds versions of Windows CSR servers in ROS (and vice-versa), I introduced a #define called CSR_DBG, which is defined only if the DBG macro is != 0, and which is not defined otherwise. When the CSR_DBG flag is defined, API names tables are added in CSR servers and otherwise, they are not.
Therefore, we are now able to test debug-build Windows CSR servers in ROS (the default possibility) or free-build versions of these CSR servers (but first, we have to build the other ones without the CSR_DBG flag, to avoid the off-by-one problem described above).
svn path=/trunk/; revision=60560
2013-10-06 13:33:17 +00:00
|
|
|
#endif
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Assume success */
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = &ReceiveMsg;
|
|
|
|
|
ReceiveMsg.Status = STATUS_SUCCESS;
|
2012-02-19 19:40:28 +00:00
|
|
|
|
|
|
|
|
/* Now we reply to a particular client */
|
|
|
|
|
ReplyPort = CsrThread->Process->ClientPort;
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Check if there's a capture buffer */
|
|
|
|
|
if (ReceiveMsg.CsrCaptureData)
|
|
|
|
|
{
|
|
|
|
|
/* Capture the arguments */
|
|
|
|
|
if (!CsrCaptureArguments(CsrThread, &ReceiveMsg))
|
|
|
|
|
{
|
|
|
|
|
/* Ignore this message if we failed to get the arguments */
|
|
|
|
|
CsrDereferenceThread(CsrThread);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-02-19 19:40:28 +00:00
|
|
|
|
|
|
|
|
/* Validation complete, start SEH */
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
/* Make sure we have enough threads */
|
|
|
|
|
CsrpCheckRequestThreads();
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
Teb->CsrClientThread = CsrThread;
|
2012-02-19 19:40:28 +00:00
|
|
|
|
2012-12-04 23:01:54 +00:00
|
|
|
/* Call the API, get the reply code and return the result */
|
|
|
|
|
ReplyCode = CsrReplyImmediately;
|
|
|
|
|
ReplyMsg->Status = ServerDll->DispatchTable[ApiId](&ReceiveMsg, &ReplyCode);
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-02-19 19:40:28 +00:00
|
|
|
/* Increase the static thread count */
|
2013-07-28 10:41:27 +00:00
|
|
|
InterlockedIncrementUL(&CsrpStaticThreadCount);
|
2012-02-19 19:40:28 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
Teb->CsrClientThread = CurrentThread;
|
2012-09-15 16:33:30 +00:00
|
|
|
|
2012-12-08 00:45:41 +00:00
|
|
|
if (ReplyCode == CsrReplyAlreadySent)
|
2012-02-19 19:40:28 +00:00
|
|
|
{
|
2012-10-22 00:09:51 +00:00
|
|
|
if (ReceiveMsg.CsrCaptureData)
|
|
|
|
|
{
|
|
|
|
|
CsrReleaseCapturedArguments(&ReceiveMsg);
|
|
|
|
|
}
|
2012-12-04 23:01:54 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-02-19 19:40:28 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2012-12-04 23:01:54 +00:00
|
|
|
CsrDereferenceThread(CsrThread);
|
2012-10-22 00:09:51 +00:00
|
|
|
}
|
2012-12-04 23:01:54 +00:00
|
|
|
else if (ReplyCode == CsrReplyDeadClient)
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
2012-12-04 23:01:54 +00:00
|
|
|
/* Reply to the death message */
|
2020-04-14 20:53:49 +00:00
|
|
|
NTSTATUS Status2;
|
|
|
|
|
Status2 = NtReplyPort(ReplyPort, &ReplyMsg->Header);
|
|
|
|
|
if (!NT_SUCCESS(Status2))
|
|
|
|
|
DPRINT1("CSRSS: Error while replying to the death message, Status 0x%lx\n", Status2);
|
2012-12-04 23:01:54 +00:00
|
|
|
|
|
|
|
|
/* Reply back to the API port now */
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-12-04 23:01:54 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2012-02-19 19:40:28 +00:00
|
|
|
CsrDereferenceThread(CsrThread);
|
|
|
|
|
}
|
2012-12-04 23:01:54 +00:00
|
|
|
else if (ReplyCode == CsrReplyPending)
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
|
|
|
|
ReplyMsg = NULL;
|
2012-12-04 23:01:54 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
2012-10-22 00:09:51 +00:00
|
|
|
}
|
2012-02-19 19:40:28 +00:00
|
|
|
else
|
|
|
|
|
{
|
2012-10-22 00:09:51 +00:00
|
|
|
if (ReceiveMsg.CsrCaptureData)
|
|
|
|
|
{
|
|
|
|
|
CsrReleaseCapturedArguments(&ReceiveMsg);
|
|
|
|
|
}
|
2012-02-19 19:40:28 +00:00
|
|
|
CsrDereferenceThread(CsrThread);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(CsrUnhandledExceptionFilter(_SEH2_GetExceptionInformation()))
|
|
|
|
|
{
|
2012-10-22 00:09:51 +00:00
|
|
|
ReplyMsg = NULL;
|
2012-02-19 19:40:28 +00:00
|
|
|
ReplyPort = CsrApiPort;
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
2003-12-02 11:38:47 +00:00
|
|
|
}
|
2006-11-05 20:31:35 +00:00
|
|
|
|
2012-02-16 16:40:15 +00:00
|
|
|
/* We're out of the loop for some reason, terminate! */
|
|
|
|
|
NtTerminateThread(NtCurrentThread(), Status);
|
2012-10-22 00:09:51 +00:00
|
|
|
return Status;
|
1999-12-22 14:48:30 +00:00
|
|
|
}
|
2012-11-05 00:23:58 +00:00
|
|
|
|
|
|
|
|
/*++
|
|
|
|
|
* @name CsrApiPortInitialize
|
|
|
|
|
*
|
|
|
|
|
* The CsrApiPortInitialize routine initializes the LPC Port used for
|
|
|
|
|
* communications with the Client/Server Runtime (CSR) and initializes the
|
|
|
|
|
* static thread that will handle connection requests and APIs.
|
|
|
|
|
*
|
|
|
|
|
* @param None
|
|
|
|
|
*
|
2013-03-10 19:37:33 +00:00
|
|
|
* @return STATUS_SUCCESS in case of success, STATUS_UNSUCCESSFUL otherwise.
|
2012-11-05 00:23:58 +00:00
|
|
|
*
|
|
|
|
|
* @remarks None.
|
|
|
|
|
*
|
|
|
|
|
*--*/
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
CsrApiPortInitialize(VOID)
|
2012-02-16 06:57:27 +00:00
|
|
|
{
|
2012-11-05 00:23:58 +00:00
|
|
|
ULONG Size;
|
|
|
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
2012-10-22 00:09:51 +00:00
|
|
|
NTSTATUS Status;
|
2012-11-05 00:23:58 +00:00
|
|
|
HANDLE hRequestEvent, hThread;
|
|
|
|
|
CLIENT_ID ClientId;
|
|
|
|
|
PLIST_ENTRY ListHead, NextEntry;
|
|
|
|
|
PCSR_THREAD ServerThread;
|
2012-02-16 06:57:27 +00:00
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/* Calculate how much space we'll need for the Port Name */
|
|
|
|
|
Size = CsrDirectoryName.Length + sizeof(CSR_PORT_NAME) + sizeof(WCHAR);
|
2012-02-16 06:57:27 +00:00
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/* Create the buffer for it */
|
|
|
|
|
CsrApiPortName.Buffer = RtlAllocateHeap(CsrHeap, 0, Size);
|
|
|
|
|
if (!CsrApiPortName.Buffer) return STATUS_NO_MEMORY;
|
2012-02-16 06:57:27 +00:00
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/* Setup the rest of the empty string */
|
|
|
|
|
CsrApiPortName.Length = 0;
|
|
|
|
|
CsrApiPortName.MaximumLength = (USHORT)Size;
|
|
|
|
|
RtlAppendUnicodeStringToString(&CsrApiPortName, &CsrDirectoryName);
|
|
|
|
|
RtlAppendUnicodeToString(&CsrApiPortName, UNICODE_PATH_SEP);
|
|
|
|
|
RtlAppendUnicodeToString(&CsrApiPortName, CSR_PORT_NAME);
|
|
|
|
|
if (CsrDebug & 1)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("CSRSS: Creating %wZ port and associated threads\n", &CsrApiPortName);
|
|
|
|
|
DPRINT1("CSRSS: sizeof( CONNECTINFO ) == %ld sizeof( API_MSG ) == %ld\n",
|
2013-08-19 18:14:43 +00:00
|
|
|
sizeof(CSR_API_CONNECTINFO), sizeof(CSR_API_MESSAGE));
|
2012-10-22 00:09:51 +00:00
|
|
|
}
|
2012-02-16 06:57:27 +00:00
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/* FIXME: Create a Security Descriptor */
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/* Initialize the Attributes */
|
|
|
|
|
InitializeObjectAttributes(&ObjectAttributes,
|
|
|
|
|
&CsrApiPortName,
|
|
|
|
|
0,
|
|
|
|
|
NULL,
|
2012-12-06 23:43:31 +00:00
|
|
|
NULL /* FIXME: Use the Security Descriptor */);
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/* Create the Port Object */
|
|
|
|
|
Status = NtCreatePort(&CsrApiPort,
|
|
|
|
|
&ObjectAttributes,
|
2013-08-19 18:14:43 +00:00
|
|
|
sizeof(CSR_API_CONNECTINFO),
|
2012-12-06 23:43:31 +00:00
|
|
|
sizeof(CSR_API_MESSAGE),
|
2012-11-05 00:23:58 +00:00
|
|
|
16 * PAGE_SIZE);
|
|
|
|
|
if (NT_SUCCESS(Status))
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
2012-11-05 00:23:58 +00:00
|
|
|
/* Create the event the Port Thread will use */
|
|
|
|
|
Status = NtCreateEvent(&hRequestEvent,
|
|
|
|
|
EVENT_ALL_ACCESS,
|
|
|
|
|
NULL,
|
|
|
|
|
SynchronizationEvent,
|
|
|
|
|
FALSE);
|
|
|
|
|
if (NT_SUCCESS(Status))
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
|
|
|
|
/* Create the Request Thread */
|
|
|
|
|
Status = RtlCreateUserThread(NtCurrentProcess(),
|
|
|
|
|
NULL,
|
|
|
|
|
TRUE,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
(PVOID)CsrApiRequestThread,
|
|
|
|
|
(PVOID)hRequestEvent,
|
|
|
|
|
&hThread,
|
|
|
|
|
&ClientId);
|
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
/* Add this as a static thread to CSRSRV */
|
|
|
|
|
CsrAddStaticServerThread(hThread, &ClientId, CsrThreadIsServerThread);
|
|
|
|
|
|
|
|
|
|
/* Get the Thread List Pointers */
|
|
|
|
|
ListHead = &CsrRootProcess->ThreadList;
|
|
|
|
|
NextEntry = ListHead->Flink;
|
|
|
|
|
|
|
|
|
|
/* Start looping the list */
|
|
|
|
|
while (NextEntry != ListHead)
|
|
|
|
|
{
|
|
|
|
|
/* Get the Thread */
|
|
|
|
|
ServerThread = CONTAINING_RECORD(NextEntry, CSR_THREAD, Link);
|
|
|
|
|
|
|
|
|
|
/* Start it up */
|
|
|
|
|
Status = NtResumeThread(ServerThread->ThreadHandle, NULL);
|
|
|
|
|
|
|
|
|
|
/* Is this a Server Thread? */
|
|
|
|
|
if (ServerThread->Flags & CsrThreadIsServerThread)
|
|
|
|
|
{
|
|
|
|
|
/* If so, then wait for it to initialize */
|
|
|
|
|
Status = NtWaitForSingleObject(hRequestEvent, FALSE, NULL);
|
|
|
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Next thread */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We don't need this anymore */
|
|
|
|
|
NtClose(hRequestEvent);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return */
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*++
|
|
|
|
|
* @name CsrConnectToUser
|
|
|
|
|
* @implemented NT4
|
|
|
|
|
*
|
|
|
|
|
* The CsrConnectToUser connects to the User subsystem.
|
|
|
|
|
*
|
|
|
|
|
* @param None
|
|
|
|
|
*
|
|
|
|
|
* @return A pointer to the CSR Thread
|
|
|
|
|
*
|
|
|
|
|
* @remarks None.
|
|
|
|
|
*
|
|
|
|
|
*--*/
|
|
|
|
|
PCSR_THREAD
|
|
|
|
|
NTAPI
|
|
|
|
|
CsrConnectToUser(VOID)
|
|
|
|
|
{
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
ANSI_STRING DllName;
|
|
|
|
|
UNICODE_STRING TempName;
|
|
|
|
|
HANDLE hUser32;
|
|
|
|
|
STRING StartupName;
|
|
|
|
|
PTEB Teb = NtCurrentTeb();
|
|
|
|
|
PCSR_THREAD CsrThread;
|
|
|
|
|
BOOLEAN Connected;
|
|
|
|
|
|
|
|
|
|
/* Check if we didn't already find it */
|
|
|
|
|
if (!CsrClientThreadSetup)
|
|
|
|
|
{
|
|
|
|
|
/* Get the DLL Handle for user32.dll */
|
|
|
|
|
RtlInitAnsiString(&DllName, "user32");
|
|
|
|
|
RtlAnsiStringToUnicodeString(&TempName, &DllName, TRUE);
|
|
|
|
|
Status = LdrGetDllHandle(NULL,
|
|
|
|
|
NULL,
|
|
|
|
|
&TempName,
|
|
|
|
|
&hUser32);
|
|
|
|
|
RtlFreeUnicodeString(&TempName);
|
|
|
|
|
|
2012-11-20 19:34:03 +00:00
|
|
|
/* If we got the handle, get the Client Thread Startup Entrypoint */
|
2012-10-22 00:09:51 +00:00
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
RtlInitAnsiString(&StartupName,"ClientThreadSetup");
|
|
|
|
|
Status = LdrGetProcedureAddress(hUser32,
|
|
|
|
|
&StartupName,
|
|
|
|
|
0,
|
|
|
|
|
(PVOID)&CsrClientThreadSetup);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Connect to user32 */
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
Connected = CsrClientThreadSetup();
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
Connected = FALSE;
|
2020-04-14 20:53:49 +00:00
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
2014-12-15 23:35:32 +00:00
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
if (!Connected)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("CSRSS: CsrConnectToUser failed\n");
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Save pointer to this thread in TEB */
|
|
|
|
|
CsrAcquireProcessLock();
|
|
|
|
|
CsrThread = CsrLocateThreadInProcess(NULL, &Teb->ClientId);
|
|
|
|
|
CsrReleaseProcessLock();
|
|
|
|
|
if (CsrThread) Teb->CsrClientThread = CsrThread;
|
|
|
|
|
|
|
|
|
|
/* Return it */
|
|
|
|
|
return CsrThread;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*++
|
|
|
|
|
* @name CsrQueryApiPort
|
|
|
|
|
* @implemented NT4
|
|
|
|
|
*
|
|
|
|
|
* The CsrQueryApiPort routine returns a handle to the CSR API LPC port.
|
|
|
|
|
*
|
|
|
|
|
* @param None.
|
|
|
|
|
*
|
|
|
|
|
* @return A handle to the port.
|
|
|
|
|
*
|
|
|
|
|
* @remarks None.
|
|
|
|
|
*
|
|
|
|
|
*--*/
|
|
|
|
|
HANDLE
|
|
|
|
|
NTAPI
|
|
|
|
|
CsrQueryApiPort(VOID)
|
|
|
|
|
{
|
|
|
|
|
return CsrApiPort;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*++
|
|
|
|
|
* @name CsrCaptureArguments
|
|
|
|
|
* @implemented NT5.1
|
|
|
|
|
*
|
|
|
|
|
* The CsrCaptureArguments routine validates a CSR Capture Buffer and
|
|
|
|
|
* re-captures it into a server CSR Capture Buffer.
|
|
|
|
|
*
|
|
|
|
|
* @param CsrThread
|
|
|
|
|
* Pointer to the CSR Thread performing the validation.
|
|
|
|
|
*
|
|
|
|
|
* @param ApiMessage
|
|
|
|
|
* Pointer to the CSR API Message containing the Capture Buffer
|
|
|
|
|
* that needs to be validated.
|
|
|
|
|
*
|
|
|
|
|
* @return TRUE if validation succeeded, FALSE otherwise.
|
|
|
|
|
*
|
|
|
|
|
* @remarks None.
|
|
|
|
|
*
|
|
|
|
|
*--*/
|
|
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
CsrCaptureArguments(IN PCSR_THREAD CsrThread,
|
|
|
|
|
IN PCSR_API_MESSAGE ApiMessage)
|
|
|
|
|
{
|
2020-04-14 23:58:08 +00:00
|
|
|
PCSR_PROCESS CsrProcess = CsrThread->Process;
|
2020-04-15 13:53:47 +00:00
|
|
|
PCSR_CAPTURE_BUFFER ClientCaptureBuffer, ServerCaptureBuffer = NULL;
|
2020-04-14 23:58:08 +00:00
|
|
|
ULONG_PTR EndOfClientBuffer;
|
|
|
|
|
SIZE_T SizeOfBufferThroughOffsetsArray;
|
2012-11-05 00:23:58 +00:00
|
|
|
SIZE_T BufferDistance;
|
2020-04-14 23:58:08 +00:00
|
|
|
ULONG Length;
|
2012-12-06 22:24:27 +00:00
|
|
|
ULONG PointerCount;
|
|
|
|
|
PULONG_PTR OffsetPointer;
|
|
|
|
|
ULONG_PTR CurrentOffset;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2020-04-14 23:58:08 +00:00
|
|
|
/* Get the buffer we got from whoever called NTDLL */
|
|
|
|
|
ClientCaptureBuffer = ApiMessage->CsrCaptureData;
|
|
|
|
|
|
|
|
|
|
/* Use SEH to validate and capture the client buffer */
|
2012-10-22 00:09:51 +00:00
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
2020-04-14 23:58:08 +00:00
|
|
|
/* Check whether at least the buffer's header is inside our mapped section */
|
|
|
|
|
if ( ((ULONG_PTR)ClientCaptureBuffer < CsrProcess->ClientViewBase) ||
|
|
|
|
|
(((ULONG_PTR)ClientCaptureBuffer + FIELD_OFFSET(CSR_CAPTURE_BUFFER, PointerOffsetsArray))
|
|
|
|
|
>= CsrProcess->ClientViewBounds) )
|
|
|
|
|
{
|
|
|
|
|
#ifdef CSR_DBG
|
|
|
|
|
DPRINT1("*** CSRSS: CaptureBuffer outside of ClientView 1\n");
|
|
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
|
|
|
|
/* Return failure */
|
|
|
|
|
ApiMessage->Status = STATUS_INVALID_PARAMETER;
|
|
|
|
|
_SEH2_YIELD(return FALSE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Capture the buffer length */
|
2020-04-15 13:53:47 +00:00
|
|
|
Length = ((volatile CSR_CAPTURE_BUFFER*)ClientCaptureBuffer)->Size;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2020-04-14 23:58:08 +00:00
|
|
|
/*
|
|
|
|
|
* Now check if the remaining of the buffer is inside our mapped section.
|
|
|
|
|
* Take also care for any possible wrap-around of the buffer end-address.
|
|
|
|
|
*/
|
|
|
|
|
EndOfClientBuffer = (ULONG_PTR)ClientCaptureBuffer + Length;
|
|
|
|
|
if ( (EndOfClientBuffer < (ULONG_PTR)ClientCaptureBuffer) ||
|
|
|
|
|
(EndOfClientBuffer >= CsrProcess->ClientViewBounds) )
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
2020-04-14 23:58:08 +00:00
|
|
|
#ifdef CSR_DBG
|
|
|
|
|
DPRINT1("*** CSRSS: CaptureBuffer outside of ClientView 2\n");
|
|
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Return failure */
|
|
|
|
|
ApiMessage->Status = STATUS_INVALID_PARAMETER;
|
|
|
|
|
_SEH2_YIELD(return FALSE);
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-14 23:58:08 +00:00
|
|
|
/* Capture the pointer count */
|
2020-04-15 13:53:47 +00:00
|
|
|
PointerCount = ((volatile CSR_CAPTURE_BUFFER*)ClientCaptureBuffer)->PointerCount;
|
2020-04-14 23:58:08 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check whether the total buffer size and the pointer count are consistent
|
|
|
|
|
* -- the array of offsets must be contained inside the buffer.
|
|
|
|
|
*/
|
|
|
|
|
SizeOfBufferThroughOffsetsArray =
|
|
|
|
|
FIELD_OFFSET(CSR_CAPTURE_BUFFER, PointerOffsetsArray) +
|
|
|
|
|
(PointerCount * sizeof(PVOID));
|
|
|
|
|
if ( (PointerCount > MAXUSHORT) ||
|
|
|
|
|
(SizeOfBufferThroughOffsetsArray > Length) )
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
2020-04-14 20:53:49 +00:00
|
|
|
#ifdef CSR_DBG
|
2020-04-14 21:07:42 +00:00
|
|
|
DPRINT1("*** CSRSS: CaptureBuffer %p has bad length\n", ClientCaptureBuffer);
|
2020-04-14 20:53:49 +00:00
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
|
|
|
|
/* Return failure */
|
2012-10-22 00:09:51 +00:00
|
|
|
ApiMessage->Status = STATUS_INVALID_PARAMETER;
|
|
|
|
|
_SEH2_YIELD(return FALSE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
2020-04-14 23:58:08 +00:00
|
|
|
#ifdef CSR_DBG
|
|
|
|
|
DPRINT1("*** CSRSS: Took exception during capture %x\n", _SEH2_GetExceptionCode());
|
|
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
2012-10-22 00:09:51 +00:00
|
|
|
/* Return failure */
|
|
|
|
|
ApiMessage->Status = STATUS_INVALID_PARAMETER;
|
|
|
|
|
_SEH2_YIELD(return FALSE);
|
2020-04-14 23:58:08 +00:00
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2020-04-14 21:07:42 +00:00
|
|
|
/* We validated the client buffer, now allocate the server buffer */
|
|
|
|
|
ServerCaptureBuffer = RtlAllocateHeap(CsrHeap, HEAP_ZERO_MEMORY, Length);
|
|
|
|
|
if (!ServerCaptureBuffer)
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
|
|
|
|
/* We're out of memory */
|
|
|
|
|
ApiMessage->Status = STATUS_NO_MEMORY;
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-14 23:58:08 +00:00
|
|
|
/*
|
|
|
|
|
* Copy the client's buffer and ensure we use the correct buffer length
|
|
|
|
|
* and pointer count we captured and used for validation earlier on.
|
|
|
|
|
*/
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
RtlMoveMemory(ServerCaptureBuffer, ClientCaptureBuffer, Length);
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
#ifdef CSR_DBG
|
|
|
|
|
DPRINT1("*** CSRSS: Took exception during capture %x\n", _SEH2_GetExceptionCode());
|
|
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
|
|
|
|
/* Failure, free the buffer and return */
|
|
|
|
|
RtlFreeHeap(CsrHeap, 0, ServerCaptureBuffer);
|
|
|
|
|
ApiMessage->Status = STATUS_INVALID_PARAMETER;
|
|
|
|
|
_SEH2_YIELD(return FALSE);
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
ServerCaptureBuffer->Size = Length;
|
|
|
|
|
ServerCaptureBuffer->PointerCount = PointerCount;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
|
|
|
|
/* Calculate the difference between our buffer and the client's */
|
2020-04-14 21:07:42 +00:00
|
|
|
BufferDistance = (ULONG_PTR)ServerCaptureBuffer - (ULONG_PTR)ClientCaptureBuffer;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/*
|
2020-10-30 00:08:23 +00:00
|
|
|
* All the pointer offsets correspond to pointers that point
|
2020-04-14 21:07:42 +00:00
|
|
|
* to the server data buffer instead of the client one.
|
2012-11-05 00:23:58 +00:00
|
|
|
*/
|
2020-04-14 23:58:08 +00:00
|
|
|
// PointerCount = ServerCaptureBuffer->PointerCount;
|
2020-04-14 21:07:42 +00:00
|
|
|
OffsetPointer = ServerCaptureBuffer->PointerOffsetsArray;
|
2012-12-06 22:24:27 +00:00
|
|
|
while (PointerCount--)
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
2012-12-06 22:24:27 +00:00
|
|
|
CurrentOffset = *OffsetPointer;
|
|
|
|
|
|
|
|
|
|
if (CurrentOffset != 0)
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
2020-04-14 23:58:08 +00:00
|
|
|
/*
|
|
|
|
|
* Check whether the offset is pointer-aligned and whether
|
|
|
|
|
* it points inside CSR_API_MESSAGE::Data.ApiMessageData.
|
|
|
|
|
*/
|
|
|
|
|
if ( ((CurrentOffset & (sizeof(PVOID)-1)) != 0) ||
|
|
|
|
|
(CurrentOffset < FIELD_OFFSET(CSR_API_MESSAGE, Data.ApiMessageData)) ||
|
|
|
|
|
(CurrentOffset >= sizeof(CSR_API_MESSAGE)) )
|
|
|
|
|
{
|
|
|
|
|
#ifdef CSR_DBG
|
|
|
|
|
DPRINT1("*** CSRSS: CaptureBuffer MessagePointer outside of message\n");
|
|
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
|
|
|
|
/* Invalid pointer, fail */
|
|
|
|
|
ApiMessage->Status = STATUS_INVALID_PARAMETER;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2012-12-06 22:24:27 +00:00
|
|
|
/* Get the pointer corresponding to the offset */
|
|
|
|
|
CurrentOffset += (ULONG_PTR)ApiMessage;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2012-12-05 23:21:41 +00:00
|
|
|
/* Validate the bounds of the current pointed pointer */
|
2020-04-14 23:58:08 +00:00
|
|
|
if ( (*(PULONG_PTR)CurrentOffset >= ((ULONG_PTR)ClientCaptureBuffer +
|
|
|
|
|
SizeOfBufferThroughOffsetsArray)) &&
|
|
|
|
|
(*(PULONG_PTR)CurrentOffset <= (EndOfClientBuffer - sizeof(PVOID))) )
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
2012-12-05 23:21:41 +00:00
|
|
|
/* Modify the pointed pointer to take into account its new position */
|
2012-12-06 22:24:27 +00:00
|
|
|
*(PULONG_PTR)CurrentOffset += BufferDistance;
|
2012-10-22 00:09:51 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2020-04-14 20:53:49 +00:00
|
|
|
#ifdef CSR_DBG
|
2012-10-22 00:09:51 +00:00
|
|
|
DPRINT1("*** CSRSS: CaptureBuffer MessagePointer outside of ClientView\n");
|
2020-04-14 20:53:49 +00:00
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
|
|
|
|
/* Invalid pointer, fail */
|
2012-10-22 00:09:51 +00:00
|
|
|
ApiMessage->Status = STATUS_INVALID_PARAMETER;
|
2020-04-14 23:58:08 +00:00
|
|
|
break;
|
2012-10-22 00:09:51 +00:00
|
|
|
}
|
|
|
|
|
}
|
2012-12-06 22:24:27 +00:00
|
|
|
|
|
|
|
|
++OffsetPointer;
|
2012-10-22 00:09:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if we got success */
|
|
|
|
|
if (ApiMessage->Status != STATUS_SUCCESS)
|
|
|
|
|
{
|
2020-04-14 21:07:42 +00:00
|
|
|
/* Failure, free the buffer and return */
|
|
|
|
|
RtlFreeHeap(CsrHeap, 0, ServerCaptureBuffer);
|
2012-10-22 00:09:51 +00:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2020-04-14 21:07:42 +00:00
|
|
|
/* Success, save the previous buffer and use the server capture buffer */
|
|
|
|
|
ServerCaptureBuffer->PreviousCaptureBuffer = ClientCaptureBuffer;
|
|
|
|
|
ApiMessage->CsrCaptureData = ServerCaptureBuffer;
|
2012-10-22 00:09:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Success */
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*++
|
|
|
|
|
* @name CsrReleaseCapturedArguments
|
|
|
|
|
* @implemented NT5.1
|
|
|
|
|
*
|
|
|
|
|
* The CsrReleaseCapturedArguments routine releases a Capture Buffer
|
|
|
|
|
* that was previously captured with CsrCaptureArguments.
|
|
|
|
|
*
|
|
|
|
|
* @param ApiMessage
|
|
|
|
|
* Pointer to the CSR API Message containing the Capture Buffer
|
|
|
|
|
* that needs to be released.
|
|
|
|
|
*
|
|
|
|
|
* @return None.
|
|
|
|
|
*
|
|
|
|
|
* @remarks None.
|
|
|
|
|
*
|
|
|
|
|
*--*/
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
CsrReleaseCapturedArguments(IN PCSR_API_MESSAGE ApiMessage)
|
|
|
|
|
{
|
2020-04-14 21:07:42 +00:00
|
|
|
PCSR_CAPTURE_BUFFER ServerCaptureBuffer, ClientCaptureBuffer;
|
2012-10-22 00:09:51 +00:00
|
|
|
SIZE_T BufferDistance;
|
2012-12-06 22:24:27 +00:00
|
|
|
ULONG PointerCount;
|
|
|
|
|
PULONG_PTR OffsetPointer;
|
|
|
|
|
ULONG_PTR CurrentOffset;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2020-04-14 21:07:42 +00:00
|
|
|
/* Get the server capture buffer */
|
|
|
|
|
ServerCaptureBuffer = ApiMessage->CsrCaptureData;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/* Do not continue if there is no captured buffer */
|
2020-04-14 21:07:42 +00:00
|
|
|
if (!ServerCaptureBuffer) return;
|
2012-11-05 00:23:58 +00:00
|
|
|
|
2020-04-14 21:07:42 +00:00
|
|
|
/* If there is one, get the corresponding client capture buffer */
|
|
|
|
|
ClientCaptureBuffer = ServerCaptureBuffer->PreviousCaptureBuffer;
|
2012-12-05 23:21:41 +00:00
|
|
|
|
2020-04-14 21:07:42 +00:00
|
|
|
/* Free the previous one and use again the client capture buffer */
|
|
|
|
|
ServerCaptureBuffer->PreviousCaptureBuffer = NULL;
|
|
|
|
|
ApiMessage->CsrCaptureData = ClientCaptureBuffer;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/* Calculate the difference between our buffer and the client's */
|
2020-04-14 21:07:42 +00:00
|
|
|
BufferDistance = (ULONG_PTR)ServerCaptureBuffer - (ULONG_PTR)ClientCaptureBuffer;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
2012-11-05 00:23:58 +00:00
|
|
|
/*
|
2020-10-30 00:08:23 +00:00
|
|
|
* All the pointer offsets correspond to pointers that point
|
2020-04-14 23:58:08 +00:00
|
|
|
* to the client data buffer instead of the server one (reverse
|
2020-04-14 21:07:42 +00:00
|
|
|
* the logic of CsrCaptureArguments()).
|
2012-11-05 00:23:58 +00:00
|
|
|
*/
|
2020-04-14 21:07:42 +00:00
|
|
|
PointerCount = ServerCaptureBuffer->PointerCount;
|
|
|
|
|
OffsetPointer = ServerCaptureBuffer->PointerOffsetsArray;
|
2012-12-06 22:24:27 +00:00
|
|
|
while (PointerCount--)
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
2012-12-06 22:24:27 +00:00
|
|
|
CurrentOffset = *OffsetPointer;
|
|
|
|
|
|
|
|
|
|
if (CurrentOffset != 0)
|
2012-02-16 06:57:27 +00:00
|
|
|
{
|
2012-12-06 22:24:27 +00:00
|
|
|
/* Get the pointer corresponding to the offset */
|
|
|
|
|
CurrentOffset += (ULONG_PTR)ApiMessage;
|
2012-12-05 23:21:41 +00:00
|
|
|
|
|
|
|
|
/* Modify the pointed pointer to take into account its new position */
|
2012-12-06 22:24:27 +00:00
|
|
|
*(PULONG_PTR)CurrentOffset -= BufferDistance;
|
2012-02-16 06:57:27 +00:00
|
|
|
}
|
2012-12-06 22:24:27 +00:00
|
|
|
|
|
|
|
|
++OffsetPointer;
|
2012-02-16 06:57:27 +00:00
|
|
|
}
|
|
|
|
|
|
2020-04-14 23:58:08 +00:00
|
|
|
/* Copy the data back into the client buffer */
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
RtlMoveMemory(ClientCaptureBuffer, ServerCaptureBuffer, ServerCaptureBuffer->Size);
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
#ifdef CSR_DBG
|
|
|
|
|
DPRINT1("*** CSRSS: Took exception during release %x\n", _SEH2_GetExceptionCode());
|
|
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
|
|
|
|
/* Return failure */
|
|
|
|
|
ApiMessage->Status = _SEH2_GetExceptionCode();
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
2012-02-16 06:57:27 +00:00
|
|
|
|
|
|
|
|
/* Free our allocated buffer */
|
2020-04-14 21:07:42 +00:00
|
|
|
RtlFreeHeap(CsrHeap, 0, ServerCaptureBuffer);
|
2012-02-16 06:57:27 +00:00
|
|
|
}
|
|
|
|
|
|
2012-10-22 00:09:51 +00:00
|
|
|
/*++
|
|
|
|
|
* @name CsrValidateMessageBuffer
|
|
|
|
|
* @implemented NT5.1
|
|
|
|
|
*
|
|
|
|
|
* The CsrValidateMessageBuffer routine validates a captured message buffer
|
|
|
|
|
* present in the CSR Api Message
|
|
|
|
|
*
|
|
|
|
|
* @param ApiMessage
|
|
|
|
|
* Pointer to the CSR API Message containing the CSR Capture Buffer.
|
|
|
|
|
*
|
|
|
|
|
* @param Buffer
|
|
|
|
|
* Pointer to the message buffer to validate.
|
|
|
|
|
*
|
2012-11-05 00:23:58 +00:00
|
|
|
* @param ElementCount
|
|
|
|
|
* Number of elements contained in the message buffer.
|
2012-10-22 00:09:51 +00:00
|
|
|
*
|
2012-11-05 00:23:58 +00:00
|
|
|
* @param ElementSize
|
|
|
|
|
* Size of each element.
|
2012-10-22 00:09:51 +00:00
|
|
|
*
|
2013-01-03 17:18:19 +00:00
|
|
|
* @return TRUE if validation succeeded, FALSE otherwise.
|
2012-10-22 00:09:51 +00:00
|
|
|
*
|
|
|
|
|
* @remarks None.
|
|
|
|
|
*
|
|
|
|
|
*--*/
|
|
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
CsrValidateMessageBuffer(IN PCSR_API_MESSAGE ApiMessage,
|
|
|
|
|
IN PVOID *Buffer,
|
2012-11-05 00:23:58 +00:00
|
|
|
IN ULONG ElementCount,
|
|
|
|
|
IN ULONG ElementSize)
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
|
|
|
|
PCSR_CAPTURE_BUFFER CaptureBuffer = ApiMessage->CsrCaptureData;
|
2012-12-05 23:21:41 +00:00
|
|
|
SIZE_T BufferDistance = (ULONG_PTR)Buffer - (ULONG_PTR)ApiMessage;
|
2012-12-06 22:24:27 +00:00
|
|
|
ULONG PointerCount;
|
|
|
|
|
PULONG_PTR OffsetPointer;
|
2012-11-05 00:23:58 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check whether we have a valid buffer pointer, elements
|
|
|
|
|
* of non-trivial size and that we don't overflow.
|
|
|
|
|
*/
|
|
|
|
|
if (!Buffer || ElementSize == 0 ||
|
2020-10-30 00:08:23 +00:00
|
|
|
(ULONGLONG)ElementCount * ElementSize > (ULONGLONG)MAXULONG)
|
2012-11-05 00:23:58 +00:00
|
|
|
{
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
2012-10-22 00:09:51 +00:00
|
|
|
|
|
|
|
|
/* Check if didn't get a buffer and there aren't any arguments to check */
|
2012-11-05 00:23:58 +00:00
|
|
|
// if (!*Buffer && (ElementCount * ElementSize == 0))
|
|
|
|
|
if (!*Buffer && ElementCount == 0) // Here ElementSize != 0 therefore only ElementCount can be == 0
|
|
|
|
|
return TRUE;
|
2012-10-22 00:09:51 +00:00
|
|
|
|
|
|
|
|
/* Check if we have no capture buffer */
|
|
|
|
|
if (!CaptureBuffer)
|
|
|
|
|
{
|
2020-10-30 00:08:23 +00:00
|
|
|
/* In this case, succeed only if the caller is CSRSS */
|
2012-10-22 00:09:51 +00:00
|
|
|
if (NtCurrentTeb()->ClientId.UniqueProcess ==
|
|
|
|
|
ApiMessage->Header.ClientId.UniqueProcess)
|
|
|
|
|
{
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2020-10-30 00:08:23 +00:00
|
|
|
/* Make sure that there is still space left in the capture buffer */
|
2012-11-05 00:23:58 +00:00
|
|
|
if ((CaptureBuffer->Size - (ULONG_PTR)*Buffer + (ULONG_PTR)CaptureBuffer) >=
|
|
|
|
|
(ElementCount * ElementSize))
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
2012-12-06 22:24:27 +00:00
|
|
|
/* Perform the validation test */
|
|
|
|
|
PointerCount = CaptureBuffer->PointerCount;
|
|
|
|
|
OffsetPointer = CaptureBuffer->PointerOffsetsArray;
|
|
|
|
|
while (PointerCount--)
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
2012-11-05 00:23:58 +00:00
|
|
|
/*
|
2020-10-30 00:08:23 +00:00
|
|
|
* Find in the array, the pointer offset (from the
|
|
|
|
|
* API message) that corresponds to the buffer.
|
2012-11-05 00:23:58 +00:00
|
|
|
*/
|
2012-12-06 22:24:27 +00:00
|
|
|
if (*OffsetPointer == BufferDistance)
|
2012-11-05 00:23:58 +00:00
|
|
|
{
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
2012-12-06 22:24:27 +00:00
|
|
|
++OffsetPointer;
|
2012-10-22 00:09:51 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Failure */
|
2020-04-14 20:53:49 +00:00
|
|
|
#ifdef CSR_DBG
|
2012-11-05 00:23:58 +00:00
|
|
|
DPRINT1("CSRSRV: Bad message buffer %p\n", ApiMessage);
|
2020-04-14 20:53:49 +00:00
|
|
|
if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
|
|
|
|
|
#endif
|
2012-10-22 00:09:51 +00:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*++
|
|
|
|
|
* @name CsrValidateMessageString
|
|
|
|
|
* @implemented NT5.1
|
|
|
|
|
*
|
|
|
|
|
* The CsrValidateMessageString validates a captured Wide-Character String
|
|
|
|
|
* present in a CSR API Message.
|
|
|
|
|
*
|
|
|
|
|
* @param ApiMessage
|
|
|
|
|
* Pointer to the CSR API Message containing the CSR Capture Buffer.
|
|
|
|
|
*
|
|
|
|
|
* @param MessageString
|
|
|
|
|
* Pointer to the buffer containing the string to validate.
|
|
|
|
|
*
|
2013-01-03 17:18:19 +00:00
|
|
|
* @return TRUE if validation succeeded, FALSE otherwise.
|
2012-10-22 00:09:51 +00:00
|
|
|
*
|
|
|
|
|
* @remarks None.
|
|
|
|
|
*
|
|
|
|
|
*--*/
|
|
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
CsrValidateMessageString(IN PCSR_API_MESSAGE ApiMessage,
|
2020-04-14 20:38:51 +00:00
|
|
|
IN PWSTR *MessageString)
|
2012-10-22 00:09:51 +00:00
|
|
|
{
|
2012-11-05 00:23:58 +00:00
|
|
|
if (MessageString)
|
|
|
|
|
{
|
|
|
|
|
return CsrValidateMessageBuffer(ApiMessage,
|
|
|
|
|
(PVOID*)MessageString,
|
|
|
|
|
wcslen(*MessageString) + 1,
|
|
|
|
|
sizeof(WCHAR));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
2012-10-22 00:09:51 +00:00
|
|
|
}
|
|
|
|
|
|
2001-08-14 12:57:16 +00:00
|
|
|
/* EOF */
|