2009-10-12 03:35:35 +00:00
|
|
|
/*
|
2012-09-28 12:17:23 +00:00
|
|
|
* PROJECT: ReactOS Kernel
|
|
|
|
|
* LICENSE: BSD - See COPYING.ARM in the top level directory
|
|
|
|
|
* FILE: ntoskrnl/mm/ARM3/sysldr.c
|
|
|
|
|
* PURPOSE: Contains the Kernel Loader (SYSLDR) for loading PE files.
|
|
|
|
|
* PROGRAMMERS: Alex Ionescu (alex.ionescu@reactos.org)
|
|
|
|
|
* ReactOS Portable Systems Group
|
|
|
|
|
*/
|
2009-10-12 03:35:35 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* INCLUDES *******************************************************************/
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
#include <ntoskrnl.h>
|
|
|
|
|
#define NDEBUG
|
|
|
|
|
#include <debug.h>
|
|
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
#define MODULE_INVOLVED_IN_ARM3
|
2014-11-10 16:26:55 +00:00
|
|
|
#include <mm/ARM3/miarm.h>
|
2010-02-21 02:13:20 +00:00
|
|
|
|
2016-08-06 15:04:08 +00:00
|
|
|
static
|
|
|
|
|
inline
|
2009-10-12 03:35:35 +00:00
|
|
|
VOID
|
|
|
|
|
sprintf_nt(IN PCHAR Buffer,
|
|
|
|
|
IN PCHAR Format,
|
|
|
|
|
IN ...)
|
|
|
|
|
{
|
|
|
|
|
va_list ap;
|
|
|
|
|
va_start(ap, Format);
|
|
|
|
|
vsprintf(Buffer, Format, ap);
|
|
|
|
|
va_end(ap);
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* GLOBALS ********************************************************************/
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
LIST_ENTRY PsLoadedModuleList;
|
2009-10-31 01:02:35 +00:00
|
|
|
LIST_ENTRY MmLoadedUserImageList;
|
2009-10-12 03:35:35 +00:00
|
|
|
KSPIN_LOCK PsLoadedModuleSpinLock;
|
2009-11-12 19:41:39 +00:00
|
|
|
ERESOURCE PsLoadedModuleResource;
|
2009-10-12 03:35:35 +00:00
|
|
|
ULONG_PTR PsNtosImageBase;
|
|
|
|
|
KMUTANT MmSystemLoadLock;
|
|
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
PFN_NUMBER MmTotalSystemDriverPages;
|
|
|
|
|
|
2009-10-31 01:02:35 +00:00
|
|
|
PVOID MmUnloadedDrivers;
|
|
|
|
|
PVOID MmLastUnloadedDrivers;
|
|
|
|
|
|
2010-04-20 22:47:51 +00:00
|
|
|
BOOLEAN MmMakeLowMemory;
|
|
|
|
|
BOOLEAN MmEnforceWriteProtection = TRUE;
|
|
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
PMMPTE MiKernelResourceStartPte, MiKernelResourceEndPte;
|
|
|
|
|
ULONG_PTR ExPoolCodeStart, ExPoolCodeEnd, MmPoolCodeStart, MmPoolCodeEnd;
|
|
|
|
|
ULONG_PTR MmPteCodeStart, MmPteCodeEnd;
|
|
|
|
|
|
2021-01-04 21:08:48 +00:00
|
|
|
#ifdef _WIN64
|
|
|
|
|
#define DEFAULT_SECURITY_COOKIE 0x00002B992DDFA232ll
|
|
|
|
|
#else
|
|
|
|
|
#define DEFAULT_SECURITY_COOKIE 0xBB40E64E
|
|
|
|
|
#endif
|
|
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* FUNCTIONS ******************************************************************/
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
PVOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiCacheImageSymbols(IN PVOID BaseAddress)
|
|
|
|
|
{
|
|
|
|
|
ULONG DebugSize;
|
|
|
|
|
PVOID DebugDirectory = NULL;
|
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
|
|
/* Make sure it's safe to access the image */
|
|
|
|
|
_SEH2_TRY
|
|
|
|
|
{
|
|
|
|
|
/* Get the debug directory */
|
|
|
|
|
DebugDirectory = RtlImageDirectoryEntryToData(BaseAddress,
|
|
|
|
|
TRUE,
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_DEBUG,
|
|
|
|
|
&DebugSize);
|
|
|
|
|
}
|
|
|
|
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
|
|
|
{
|
|
|
|
|
/* Nothing */
|
|
|
|
|
}
|
|
|
|
|
_SEH2_END;
|
|
|
|
|
|
|
|
|
|
/* Return the directory */
|
|
|
|
|
return DebugDirectory;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
2020-10-23 15:27:47 +00:00
|
|
|
MiLoadImageSection(_Inout_ PSECTION *SectionPtr,
|
|
|
|
|
_Out_ PVOID *ImageBase,
|
|
|
|
|
_In_ PUNICODE_STRING FileName,
|
|
|
|
|
_In_ BOOLEAN SessionLoad,
|
|
|
|
|
_In_ PLDR_DATA_TABLE_ENTRY LdrEntry)
|
2009-10-12 03:35:35 +00:00
|
|
|
{
|
2020-10-23 15:27:47 +00:00
|
|
|
PSECTION Section = *SectionPtr;
|
2009-10-12 03:35:35 +00:00
|
|
|
NTSTATUS Status;
|
|
|
|
|
PEPROCESS Process;
|
|
|
|
|
PVOID Base = NULL;
|
|
|
|
|
SIZE_T ViewSize = 0;
|
|
|
|
|
KAPC_STATE ApcState;
|
|
|
|
|
LARGE_INTEGER SectionOffset = {{0, 0}};
|
|
|
|
|
BOOLEAN LoadSymbols = FALSE;
|
[HAL/NDK]
- Make Vector parameter in HalEnableSystemInterrupt, HalDisableSystemInterrupt and HalBeginSystemInterrupt an ULONG, not an UCHAR
[NDK]
- 64bit fixes for HANDLE_TABLE, KPROCESS, SECTION_IMAGE_INFORMATION, MMADDRESS_LIST, MMVAD_FLAGS, MMVAD, MMVAD_LONG, MMVAD_SHORT, MEMORY_DESCRIPTOR, MEMORY_ALLOCATION_DESCRIPTOR, LdrVerifyMappedImageMatchesChecksum
- KDPC_DATA::DpcQueueDepth is signed on amd64, unsigned on x86
[NTOSKRNL]
- Fix hundreds of MSVC and amd64 warnings
- add a pragma message to FstubFixupEfiPartition, since it looks broken
- Move portable Ke constants from <arch>/cpu.c to krnlinit.c
- Fixed a bug in amd64 KiGeneralProtectionFaultHandler
svn path=/trunk/; revision=53734
2011-09-18 13:11:45 +00:00
|
|
|
PFN_COUNT PteCount;
|
2010-02-21 02:13:20 +00:00
|
|
|
PMMPTE PointerPte, LastPte;
|
2009-10-12 03:35:35 +00:00
|
|
|
PVOID DriverBase;
|
2010-02-21 02:13:20 +00:00
|
|
|
MMPTE TempPte;
|
2014-10-04 21:17:27 +00:00
|
|
|
KIRQL OldIrql;
|
|
|
|
|
PFN_NUMBER PageFrameIndex;
|
2009-10-12 03:35:35 +00:00
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
|
|
/* Detect session load */
|
|
|
|
|
if (SessionLoad)
|
|
|
|
|
{
|
|
|
|
|
/* Fail */
|
2013-01-06 18:47:39 +00:00
|
|
|
UNIMPLEMENTED_DBGBREAK("Session loading not yet supported!\n");
|
2013-01-04 12:54:39 +00:00
|
|
|
return STATUS_NOT_IMPLEMENTED;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Not session load, shouldn't have an entry */
|
|
|
|
|
ASSERT(LdrEntry == NULL);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2009-10-12 03:35:35 +00:00
|
|
|
/* Attach to the system process */
|
|
|
|
|
KeStackAttachProcess(&PsInitialSystemProcess->Pcb, &ApcState);
|
|
|
|
|
|
|
|
|
|
/* Check if we need to load symbols */
|
|
|
|
|
if (NtGlobalFlag & FLG_ENABLE_KDEBUG_SYMBOL_LOAD)
|
|
|
|
|
{
|
|
|
|
|
/* Yes we do */
|
|
|
|
|
LoadSymbols = TRUE;
|
|
|
|
|
NtGlobalFlag &= ~FLG_ENABLE_KDEBUG_SYMBOL_LOAD;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Map the driver */
|
|
|
|
|
Process = PsGetCurrentProcess();
|
|
|
|
|
Status = MmMapViewOfSection(Section,
|
|
|
|
|
Process,
|
|
|
|
|
&Base,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
&SectionOffset,
|
|
|
|
|
&ViewSize,
|
|
|
|
|
ViewUnmap,
|
|
|
|
|
0,
|
|
|
|
|
PAGE_EXECUTE);
|
|
|
|
|
|
|
|
|
|
/* Re-enable the flag */
|
|
|
|
|
if (LoadSymbols) NtGlobalFlag |= FLG_ENABLE_KDEBUG_SYMBOL_LOAD;
|
|
|
|
|
|
|
|
|
|
/* Check if we failed with distinguished status code */
|
|
|
|
|
if (Status == STATUS_IMAGE_MACHINE_TYPE_MISMATCH)
|
|
|
|
|
{
|
|
|
|
|
/* Change it to something more generic */
|
|
|
|
|
Status = STATUS_INVALID_IMAGE_FORMAT;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Now check if we failed */
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
/* Detach and return */
|
2011-10-01 17:54:42 +00:00
|
|
|
DPRINT1("MmMapViewOfSection failed with status 0x%x\n", Status);
|
2009-10-12 03:35:35 +00:00
|
|
|
KeUnstackDetachProcess(&ApcState);
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* Reserve system PTEs needed */
|
2020-10-23 15:27:47 +00:00
|
|
|
PteCount = ROUND_TO_PAGES(((PMM_IMAGE_SECTION_OBJECT)Section->Segment)->ImageInformation.ImageFileSize) >> PAGE_SHIFT;
|
2010-02-21 02:13:20 +00:00
|
|
|
PointerPte = MiReserveSystemPtes(PteCount, SystemPteSpace);
|
2011-11-16 00:11:10 +00:00
|
|
|
if (!PointerPte)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("MiReserveSystemPtes failed\n");
|
|
|
|
|
KeUnstackDetachProcess(&ApcState);
|
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* New driver base */
|
|
|
|
|
LastPte = PointerPte + PteCount;
|
|
|
|
|
DriverBase = MiPteToAddress(PointerPte);
|
|
|
|
|
|
|
|
|
|
/* The driver is here */
|
2009-10-12 03:35:35 +00:00
|
|
|
*ImageBase = DriverBase;
|
2010-11-02 15:16:22 +00:00
|
|
|
DPRINT1("Loading: %wZ at %p with %lx pages\n", FileName, DriverBase, PteCount);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
2014-10-04 21:17:27 +00:00
|
|
|
/* Lock the PFN database */
|
2017-11-21 22:33:42 +00:00
|
|
|
OldIrql = MiAcquirePfnLock();
|
2014-10-04 21:17:27 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* Loop the new driver PTEs */
|
|
|
|
|
TempPte = ValidKernelPte;
|
|
|
|
|
while (PointerPte < LastPte)
|
|
|
|
|
{
|
2014-10-04 21:17:27 +00:00
|
|
|
/* Make sure the PTE is not valid for whatever reason */
|
|
|
|
|
ASSERT(PointerPte->u.Hard.Valid == 0);
|
|
|
|
|
|
2017-05-22 13:30:44 +00:00
|
|
|
/* Some debug stuff */
|
|
|
|
|
MI_SET_USAGE(MI_USAGE_DRIVER_PAGE);
|
|
|
|
|
#if MI_TRACE_PFNS
|
2021-03-30 14:20:25 +00:00
|
|
|
MI_SET_PROCESS_USTR(FileName);
|
2017-05-22 13:30:44 +00:00
|
|
|
#endif
|
|
|
|
|
|
2014-10-04 21:17:27 +00:00
|
|
|
/* Grab a page */
|
|
|
|
|
PageFrameIndex = MiRemoveAnyPage(MI_GET_NEXT_COLOR());
|
2010-06-06 18:45:46 +00:00
|
|
|
|
2014-10-04 21:17:27 +00:00
|
|
|
/* Initialize its PFN entry */
|
|
|
|
|
MiInitializePfn(PageFrameIndex, PointerPte, TRUE);
|
|
|
|
|
|
|
|
|
|
/* Write the PTE */
|
|
|
|
|
TempPte.u.Hard.PageFrameNumber = PageFrameIndex;
|
2010-06-06 18:45:46 +00:00
|
|
|
MI_WRITE_VALID_PTE(PointerPte, TempPte);
|
|
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* Move on */
|
|
|
|
|
PointerPte++;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2014-10-04 21:17:27 +00:00
|
|
|
/* Release the PFN lock */
|
2017-11-21 22:33:42 +00:00
|
|
|
MiReleasePfnLock(OldIrql);
|
2014-10-04 21:17:27 +00:00
|
|
|
|
2009-10-12 03:35:35 +00:00
|
|
|
/* Copy the image */
|
2010-02-21 02:13:20 +00:00
|
|
|
RtlCopyMemory(DriverBase, Base, PteCount << PAGE_SHIFT);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Now unmap the view */
|
|
|
|
|
Status = MmUnmapViewOfSection(Process, Base);
|
|
|
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
|
|
|
|
|
|
/* Detach and return status */
|
|
|
|
|
KeUnstackDetachProcess(&ApcState);
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PVOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiLocateExportName(IN PVOID DllBase,
|
|
|
|
|
IN PCHAR ExportName)
|
|
|
|
|
{
|
|
|
|
|
PULONG NameTable;
|
|
|
|
|
PUSHORT OrdinalTable;
|
|
|
|
|
PIMAGE_EXPORT_DIRECTORY ExportDirectory;
|
|
|
|
|
LONG Low = 0, Mid = 0, High, Ret;
|
|
|
|
|
USHORT Ordinal;
|
|
|
|
|
PVOID Function;
|
|
|
|
|
ULONG ExportSize;
|
|
|
|
|
PULONG ExportTable;
|
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
|
|
/* Get the export directory */
|
|
|
|
|
ExportDirectory = RtlImageDirectoryEntryToData(DllBase,
|
|
|
|
|
TRUE,
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_EXPORT,
|
|
|
|
|
&ExportSize);
|
|
|
|
|
if (!ExportDirectory) return NULL;
|
|
|
|
|
|
|
|
|
|
/* Setup name tables */
|
|
|
|
|
NameTable = (PULONG)((ULONG_PTR)DllBase +
|
|
|
|
|
ExportDirectory->AddressOfNames);
|
|
|
|
|
OrdinalTable = (PUSHORT)((ULONG_PTR)DllBase +
|
|
|
|
|
ExportDirectory->AddressOfNameOrdinals);
|
|
|
|
|
|
|
|
|
|
/* Do a binary search */
|
|
|
|
|
High = ExportDirectory->NumberOfNames - 1;
|
|
|
|
|
while (High >= Low)
|
|
|
|
|
{
|
|
|
|
|
/* Get new middle value */
|
|
|
|
|
Mid = (Low + High) >> 1;
|
|
|
|
|
|
|
|
|
|
/* Compare name */
|
|
|
|
|
Ret = strcmp(ExportName, (PCHAR)DllBase + NameTable[Mid]);
|
|
|
|
|
if (Ret < 0)
|
|
|
|
|
{
|
|
|
|
|
/* Update high */
|
|
|
|
|
High = Mid - 1;
|
|
|
|
|
}
|
|
|
|
|
else if (Ret > 0)
|
|
|
|
|
{
|
|
|
|
|
/* Update low */
|
|
|
|
|
Low = Mid + 1;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* We got it */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if we couldn't find it */
|
|
|
|
|
if (High < Low) return NULL;
|
|
|
|
|
|
|
|
|
|
/* Otherwise, this is the ordinal */
|
|
|
|
|
Ordinal = OrdinalTable[Mid];
|
|
|
|
|
|
|
|
|
|
/* Resolve the address and write it */
|
|
|
|
|
ExportTable = (PULONG)((ULONG_PTR)DllBase +
|
|
|
|
|
ExportDirectory->AddressOfFunctions);
|
|
|
|
|
Function = (PVOID)((ULONG_PTR)DllBase + ExportTable[Ordinal]);
|
|
|
|
|
|
|
|
|
|
/* Check if the function is actually a forwarder */
|
|
|
|
|
if (((ULONG_PTR)Function > (ULONG_PTR)ExportDirectory) &&
|
|
|
|
|
((ULONG_PTR)Function < ((ULONG_PTR)ExportDirectory + ExportSize)))
|
|
|
|
|
{
|
|
|
|
|
/* It is, fail */
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We found it */
|
|
|
|
|
return Function;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
MmCallDllInitialize(IN PLDR_DATA_TABLE_ENTRY LdrEntry,
|
|
|
|
|
IN PLIST_ENTRY ListHead)
|
|
|
|
|
{
|
|
|
|
|
UNICODE_STRING ServicesKeyName = RTL_CONSTANT_STRING(
|
|
|
|
|
L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\");
|
|
|
|
|
PMM_DLL_INITIALIZE DllInit;
|
|
|
|
|
UNICODE_STRING RegPath, ImportName;
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
|
|
|
|
|
/* Try to see if the image exports a DllInitialize routine */
|
|
|
|
|
DllInit = (PMM_DLL_INITIALIZE)MiLocateExportName(LdrEntry->DllBase,
|
|
|
|
|
"DllInitialize");
|
|
|
|
|
if (!DllInit) return STATUS_SUCCESS;
|
|
|
|
|
|
2019-06-25 22:46:52 +00:00
|
|
|
/*
|
|
|
|
|
* Do a temporary copy of BaseDllName called ImportName
|
|
|
|
|
* because we'll alter the length of the string.
|
2009-10-12 03:35:35 +00:00
|
|
|
*/
|
|
|
|
|
ImportName.Length = LdrEntry->BaseDllName.Length;
|
|
|
|
|
ImportName.MaximumLength = LdrEntry->BaseDllName.MaximumLength;
|
|
|
|
|
ImportName.Buffer = LdrEntry->BaseDllName.Buffer;
|
|
|
|
|
|
|
|
|
|
/* Obtain the path to this dll's service in the registry */
|
|
|
|
|
RegPath.MaximumLength = ServicesKeyName.Length +
|
|
|
|
|
ImportName.Length + sizeof(UNICODE_NULL);
|
|
|
|
|
RegPath.Buffer = ExAllocatePoolWithTag(NonPagedPool,
|
|
|
|
|
RegPath.MaximumLength,
|
|
|
|
|
TAG_LDR_WSTR);
|
|
|
|
|
|
|
|
|
|
/* Check if this allocation was unsuccessful */
|
|
|
|
|
if (!RegPath.Buffer) return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
|
|
|
|
|
/* Build and append the service name itself */
|
|
|
|
|
RegPath.Length = ServicesKeyName.Length;
|
|
|
|
|
RtlCopyMemory(RegPath.Buffer,
|
|
|
|
|
ServicesKeyName.Buffer,
|
|
|
|
|
ServicesKeyName.Length);
|
|
|
|
|
|
|
|
|
|
/* Check if there is a dot in the filename */
|
|
|
|
|
if (wcschr(ImportName.Buffer, L'.'))
|
|
|
|
|
{
|
|
|
|
|
/* Remove the extension */
|
[HAL/NDK]
- Make Vector parameter in HalEnableSystemInterrupt, HalDisableSystemInterrupt and HalBeginSystemInterrupt an ULONG, not an UCHAR
[NDK]
- 64bit fixes for HANDLE_TABLE, KPROCESS, SECTION_IMAGE_INFORMATION, MMADDRESS_LIST, MMVAD_FLAGS, MMVAD, MMVAD_LONG, MMVAD_SHORT, MEMORY_DESCRIPTOR, MEMORY_ALLOCATION_DESCRIPTOR, LdrVerifyMappedImageMatchesChecksum
- KDPC_DATA::DpcQueueDepth is signed on amd64, unsigned on x86
[NTOSKRNL]
- Fix hundreds of MSVC and amd64 warnings
- add a pragma message to FstubFixupEfiPartition, since it looks broken
- Move portable Ke constants from <arch>/cpu.c to krnlinit.c
- Fixed a bug in amd64 KiGeneralProtectionFaultHandler
svn path=/trunk/; revision=53734
2011-09-18 13:11:45 +00:00
|
|
|
ImportName.Length = (USHORT)(wcschr(ImportName.Buffer, L'.') -
|
2009-10-12 03:35:35 +00:00
|
|
|
ImportName.Buffer) * sizeof(WCHAR);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Append service name (the basename without extension) */
|
|
|
|
|
RtlAppendUnicodeStringToString(&RegPath, &ImportName);
|
|
|
|
|
|
|
|
|
|
/* Now call the DllInit func */
|
|
|
|
|
DPRINT("Calling DllInit(%wZ)\n", &RegPath);
|
|
|
|
|
Status = DllInit(&RegPath);
|
|
|
|
|
|
|
|
|
|
/* Clean up */
|
2011-06-01 13:39:36 +00:00
|
|
|
ExFreePoolWithTag(RegPath.Buffer, TAG_LDR_WSTR);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Return status value which DllInitialize returned */
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
2010-04-21 14:14:45 +00:00
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
MiCallDllUnloadAndUnloadDll(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
|
|
|
|
|
{
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
PMM_DLL_UNLOAD Func;
|
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
|
|
/* Get the unload routine */
|
|
|
|
|
Func = (PMM_DLL_UNLOAD)MiLocateExportName(LdrEntry->DllBase, "DllUnload");
|
|
|
|
|
if (!Func) return FALSE;
|
|
|
|
|
|
|
|
|
|
/* Call it and check for success */
|
|
|
|
|
Status = Func();
|
|
|
|
|
if (!NT_SUCCESS(Status)) return FALSE;
|
|
|
|
|
|
|
|
|
|
/* Lie about the load count so we can unload the image */
|
|
|
|
|
ASSERT(LdrEntry->LoadCount == 0);
|
|
|
|
|
LdrEntry->LoadCount = 1;
|
|
|
|
|
|
|
|
|
|
/* Unload it and return true */
|
|
|
|
|
MmUnloadSystemImage(LdrEntry);
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
MiDereferenceImports(IN PLOAD_IMPORTS ImportList)
|
|
|
|
|
{
|
|
|
|
|
SIZE_T i;
|
|
|
|
|
LOAD_IMPORTS SingleEntry;
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry;
|
|
|
|
|
PVOID CurrentImports;
|
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
|
|
/* Check if there's no imports or if we're a boot driver */
|
|
|
|
|
if ((ImportList == MM_SYSLDR_NO_IMPORTS) ||
|
|
|
|
|
(ImportList == MM_SYSLDR_BOOT_LOADED) ||
|
|
|
|
|
(ImportList->Count == 0))
|
|
|
|
|
{
|
|
|
|
|
/* Then there's nothing to do */
|
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:14:45 +00:00
|
|
|
/* Check for single-entry */
|
|
|
|
|
if ((ULONG_PTR)ImportList & MM_SYSLDR_SINGLE_ENTRY)
|
|
|
|
|
{
|
|
|
|
|
/* Set it up */
|
|
|
|
|
SingleEntry.Count = 1;
|
|
|
|
|
SingleEntry.Entry[0] = (PVOID)((ULONG_PTR)ImportList &~ MM_SYSLDR_SINGLE_ENTRY);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:14:45 +00:00
|
|
|
/* Use this as the import list */
|
|
|
|
|
ImportList = &SingleEntry;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Loop the import list */
|
|
|
|
|
for (i = 0; (i < ImportList->Count) && (ImportList->Entry[i]); i++)
|
|
|
|
|
{
|
|
|
|
|
/* Get the entry */
|
|
|
|
|
LdrEntry = ImportList->Entry[i];
|
|
|
|
|
DPRINT1("%wZ <%wZ>\n", &LdrEntry->FullDllName, &LdrEntry->BaseDllName);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:14:45 +00:00
|
|
|
/* Skip boot loaded images */
|
|
|
|
|
if (LdrEntry->LoadedImports == MM_SYSLDR_BOOT_LOADED) continue;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:14:45 +00:00
|
|
|
/* Dereference the entry */
|
|
|
|
|
ASSERT(LdrEntry->LoadCount >= 1);
|
|
|
|
|
if (!--LdrEntry->LoadCount)
|
|
|
|
|
{
|
|
|
|
|
/* Save the import data in case unload fails */
|
|
|
|
|
CurrentImports = LdrEntry->LoadedImports;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:14:45 +00:00
|
|
|
/* This is the last entry */
|
|
|
|
|
LdrEntry->LoadedImports = MM_SYSLDR_NO_IMPORTS;
|
|
|
|
|
if (MiCallDllUnloadAndUnloadDll(LdrEntry))
|
|
|
|
|
{
|
|
|
|
|
/* Unloading worked, parse this DLL's imports too */
|
|
|
|
|
MiDereferenceImports(CurrentImports);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:14:45 +00:00
|
|
|
/* Check if we had valid imports */
|
2015-04-17 18:21:12 +00:00
|
|
|
if ((CurrentImports != MM_SYSLDR_BOOT_LOADED) &&
|
|
|
|
|
(CurrentImports != MM_SYSLDR_NO_IMPORTS) &&
|
|
|
|
|
!((ULONG_PTR)CurrentImports & MM_SYSLDR_SINGLE_ENTRY))
|
2010-04-21 14:14:45 +00:00
|
|
|
{
|
|
|
|
|
/* Free them */
|
2011-06-01 13:39:36 +00:00
|
|
|
ExFreePoolWithTag(CurrentImports, TAG_LDR_IMPORTS);
|
2010-04-21 14:14:45 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Unload failed, restore imports */
|
|
|
|
|
LdrEntry->LoadedImports = CurrentImports;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:14:45 +00:00
|
|
|
/* Done */
|
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiClearImports(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
|
|
|
|
|
{
|
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
|
|
/* Check if there's no imports or we're a boot driver or only one entry */
|
|
|
|
|
if ((LdrEntry->LoadedImports == MM_SYSLDR_BOOT_LOADED) ||
|
|
|
|
|
(LdrEntry->LoadedImports == MM_SYSLDR_NO_IMPORTS) ||
|
|
|
|
|
((ULONG_PTR)LdrEntry->LoadedImports & MM_SYSLDR_SINGLE_ENTRY))
|
|
|
|
|
{
|
|
|
|
|
/* Nothing to do */
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Otherwise, free the import list */
|
2011-06-01 13:39:36 +00:00
|
|
|
ExFreePoolWithTag(LdrEntry->LoadedImports, TAG_LDR_IMPORTS);
|
2010-04-21 14:14:45 +00:00
|
|
|
LdrEntry->LoadedImports = MM_SYSLDR_BOOT_LOADED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PVOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiFindExportedRoutineByName(IN PVOID DllBase,
|
|
|
|
|
IN PANSI_STRING ExportName)
|
|
|
|
|
{
|
|
|
|
|
PULONG NameTable;
|
|
|
|
|
PUSHORT OrdinalTable;
|
|
|
|
|
PIMAGE_EXPORT_DIRECTORY ExportDirectory;
|
|
|
|
|
LONG Low = 0, Mid = 0, High, Ret;
|
|
|
|
|
USHORT Ordinal;
|
|
|
|
|
PVOID Function;
|
|
|
|
|
ULONG ExportSize;
|
|
|
|
|
PULONG ExportTable;
|
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
|
|
/* Get the export directory */
|
|
|
|
|
ExportDirectory = RtlImageDirectoryEntryToData(DllBase,
|
|
|
|
|
TRUE,
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_EXPORT,
|
|
|
|
|
&ExportSize);
|
|
|
|
|
if (!ExportDirectory) return NULL;
|
|
|
|
|
|
|
|
|
|
/* Setup name tables */
|
|
|
|
|
NameTable = (PULONG)((ULONG_PTR)DllBase +
|
|
|
|
|
ExportDirectory->AddressOfNames);
|
|
|
|
|
OrdinalTable = (PUSHORT)((ULONG_PTR)DllBase +
|
|
|
|
|
ExportDirectory->AddressOfNameOrdinals);
|
|
|
|
|
|
|
|
|
|
/* Do a binary search */
|
|
|
|
|
High = ExportDirectory->NumberOfNames - 1;
|
|
|
|
|
while (High >= Low)
|
|
|
|
|
{
|
|
|
|
|
/* Get new middle value */
|
|
|
|
|
Mid = (Low + High) >> 1;
|
|
|
|
|
|
|
|
|
|
/* Compare name */
|
|
|
|
|
Ret = strcmp(ExportName->Buffer, (PCHAR)DllBase + NameTable[Mid]);
|
|
|
|
|
if (Ret < 0)
|
|
|
|
|
{
|
|
|
|
|
/* Update high */
|
|
|
|
|
High = Mid - 1;
|
|
|
|
|
}
|
|
|
|
|
else if (Ret > 0)
|
|
|
|
|
{
|
|
|
|
|
/* Update low */
|
|
|
|
|
Low = Mid + 1;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* We got it */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if we couldn't find it */
|
|
|
|
|
if (High < Low) return NULL;
|
|
|
|
|
|
|
|
|
|
/* Otherwise, this is the ordinal */
|
|
|
|
|
Ordinal = OrdinalTable[Mid];
|
|
|
|
|
|
2010-04-22 03:54:09 +00:00
|
|
|
/* Validate the ordinal */
|
|
|
|
|
if (Ordinal >= ExportDirectory->NumberOfFunctions) return NULL;
|
|
|
|
|
|
2010-04-21 14:14:45 +00:00
|
|
|
/* Resolve the address and write it */
|
|
|
|
|
ExportTable = (PULONG)((ULONG_PTR)DllBase +
|
|
|
|
|
ExportDirectory->AddressOfFunctions);
|
|
|
|
|
Function = (PVOID)((ULONG_PTR)DllBase + ExportTable[Ordinal]);
|
|
|
|
|
|
|
|
|
|
/* We found it! */
|
2016-11-22 22:30:55 +00:00
|
|
|
ASSERT((Function < (PVOID)ExportDirectory) ||
|
|
|
|
|
(Function > (PVOID)((ULONG_PTR)ExportDirectory + ExportSize)));
|
|
|
|
|
|
2010-04-21 14:14:45 +00:00
|
|
|
return Function;
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-12 03:35:35 +00:00
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiProcessLoaderEntry(IN PLDR_DATA_TABLE_ENTRY LdrEntry,
|
|
|
|
|
IN BOOLEAN Insert)
|
|
|
|
|
{
|
|
|
|
|
KIRQL OldIrql;
|
|
|
|
|
|
2009-11-12 19:41:39 +00:00
|
|
|
/* Acquire module list lock */
|
|
|
|
|
KeEnterCriticalRegion();
|
|
|
|
|
ExAcquireResourceExclusiveLite(&PsLoadedModuleResource, TRUE);
|
|
|
|
|
|
|
|
|
|
/* Acquire the spinlock too as we will insert or remove the entry */
|
|
|
|
|
OldIrql = KeAcquireSpinLockRaiseToSynch(&PsLoadedModuleSpinLock);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Insert or remove from the list */
|
2013-11-17 21:58:48 +00:00
|
|
|
if (Insert)
|
|
|
|
|
InsertTailList(&PsLoadedModuleList, &LdrEntry->InLoadOrderLinks);
|
|
|
|
|
else
|
|
|
|
|
RemoveEntryList(&LdrEntry->InLoadOrderLinks);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
2009-11-12 19:41:39 +00:00
|
|
|
/* Release locks */
|
2009-10-12 03:35:35 +00:00
|
|
|
KeReleaseSpinLock(&PsLoadedModuleSpinLock, OldIrql);
|
2009-11-12 19:41:39 +00:00
|
|
|
ExReleaseResourceLite(&PsLoadedModuleResource);
|
|
|
|
|
KeLeaveCriticalRegion();
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
2020-10-06 19:44:01 +00:00
|
|
|
CODE_SEG("INIT")
|
2009-10-12 03:35:35 +00:00
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiUpdateThunks(IN PLOADER_PARAMETER_BLOCK LoaderBlock,
|
|
|
|
|
IN PVOID OldBase,
|
|
|
|
|
IN PVOID NewBase,
|
|
|
|
|
IN ULONG Size)
|
|
|
|
|
{
|
|
|
|
|
ULONG_PTR OldBaseTop, Delta;
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry;
|
|
|
|
|
PLIST_ENTRY NextEntry;
|
[NTOS]: Remove useless variables in kernel code that were set, but never actually used (dead code, tests, copy/pasters). If a variable was set but not used because of missing/#if'ed out code, a note was added instead.
[NTOS]: In the process, fix bugs in the Event dispatcher code that used Win32 EVENT_TYPE instead of NT KOBJECTS enumeration.
[NTOS]: Fix a bug in ObpInsertHandleCount, where the object access check was being done with the previous mode, instead of honoring the probe mode, which is defined by OBJ_FORCE_ACCESS_CHECK.
[NTOS]: Fix a bug in a section function which was always returning STATUS_SUCCESS, now it returns the result of the previous Status = function assignment. If this isn't desired, then don't check for the Status anymore.
[NTOS]: Note that MDL code does not support SkipBytes argument. If it is used, MDL could be invalid.
[NTOS]: Add checks for VerifierAllocation and set it when needed (WIP).
[NTOS]: Clarify what _WORKING_LINKER_ is, and the legal risks in continuing to use a linker that builds non-Microsoft drivers when used with headers whose EULA specify that they can only be used for Microsoft drivers.
svn path=/trunk/; revision=48692
2010-09-04 08:17:17 +00:00
|
|
|
ULONG ImportSize;
|
|
|
|
|
//
|
|
|
|
|
// FIXME: MINGW-W64 must fix LD to generate drivers that Windows can load,
|
|
|
|
|
// since a real version of Windows would fail at this point, but they seem
|
|
|
|
|
// busy implementing features such as "HotPatch" support in GCC 4.6 instead,
|
|
|
|
|
// a feature which isn't even used by Windows. Priorities, priorities...
|
|
|
|
|
// Please note that Microsoft WDK EULA and license prohibits using
|
|
|
|
|
// the information contained within it for the generation of "non-Windows"
|
|
|
|
|
// drivers, which is precisely what LD will generate, since an LD driver
|
|
|
|
|
// will not load on Windows.
|
|
|
|
|
//
|
|
|
|
|
#ifdef _WORKING_LINKER_
|
|
|
|
|
ULONG i;
|
|
|
|
|
#endif
|
2010-04-22 03:54:09 +00:00
|
|
|
PULONG_PTR ImageThunk;
|
2009-10-12 03:35:35 +00:00
|
|
|
PIMAGE_IMPORT_DESCRIPTOR ImportDescriptor;
|
|
|
|
|
|
|
|
|
|
/* Calculate the top and delta */
|
|
|
|
|
OldBaseTop = (ULONG_PTR)OldBase + Size - 1;
|
|
|
|
|
Delta = (ULONG_PTR)NewBase - (ULONG_PTR)OldBase;
|
|
|
|
|
|
|
|
|
|
/* Loop the loader block */
|
|
|
|
|
for (NextEntry = LoaderBlock->LoadOrderListHead.Flink;
|
|
|
|
|
NextEntry != &LoaderBlock->LoadOrderListHead;
|
|
|
|
|
NextEntry = NextEntry->Flink)
|
|
|
|
|
{
|
|
|
|
|
/* Get the loader entry */
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
2010-04-22 03:54:09 +00:00
|
|
|
#ifdef _WORKING_LINKER_
|
|
|
|
|
/* Get the IAT */
|
|
|
|
|
ImageThunk = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
|
|
|
|
|
TRUE,
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_IAT,
|
|
|
|
|
&ImportSize);
|
|
|
|
|
if (!ImageThunk) continue;
|
2009-10-12 03:35:35 +00:00
|
|
|
|
2010-04-22 03:54:09 +00:00
|
|
|
/* Make sure we have an IAT */
|
|
|
|
|
DPRINT("[Mm0]: Updating thunks in: %wZ\n", &LdrEntry->BaseDllName);
|
|
|
|
|
for (i = 0; i < ImportSize; i++, ImageThunk++)
|
|
|
|
|
{
|
|
|
|
|
/* Check if it's within this module */
|
|
|
|
|
if ((*ImageThunk >= (ULONG_PTR)OldBase) && (*ImageThunk <= OldBaseTop))
|
|
|
|
|
{
|
|
|
|
|
/* Relocate it */
|
|
|
|
|
DPRINT("[Mm0]: Updating IAT at: %p. Old Entry: %p. New Entry: %p.\n",
|
|
|
|
|
ImageThunk, *ImageThunk, *ImageThunk + Delta);
|
|
|
|
|
*ImageThunk += Delta;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#else
|
2009-10-12 03:35:35 +00:00
|
|
|
/* Get the import table */
|
|
|
|
|
ImportDescriptor = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
|
|
|
|
|
TRUE,
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_IMPORT,
|
|
|
|
|
&ImportSize);
|
|
|
|
|
if (!ImportDescriptor) continue;
|
|
|
|
|
|
|
|
|
|
/* Make sure we have an IAT */
|
|
|
|
|
DPRINT("[Mm0]: Updating thunks in: %wZ\n", &LdrEntry->BaseDllName);
|
|
|
|
|
while ((ImportDescriptor->Name) &&
|
|
|
|
|
(ImportDescriptor->OriginalFirstThunk))
|
|
|
|
|
{
|
|
|
|
|
/* Get the image thunk */
|
|
|
|
|
ImageThunk = (PVOID)((ULONG_PTR)LdrEntry->DllBase +
|
|
|
|
|
ImportDescriptor->FirstThunk);
|
|
|
|
|
while (*ImageThunk)
|
|
|
|
|
{
|
|
|
|
|
/* Check if it's within this module */
|
|
|
|
|
if ((*ImageThunk >= (ULONG_PTR)OldBase) && (*ImageThunk <= OldBaseTop))
|
|
|
|
|
{
|
|
|
|
|
/* Relocate it */
|
|
|
|
|
DPRINT("[Mm0]: Updating IAT at: %p. Old Entry: %p. New Entry: %p.\n",
|
|
|
|
|
ImageThunk, *ImageThunk, *ImageThunk + Delta);
|
|
|
|
|
*ImageThunk += Delta;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Go to the next thunk */
|
|
|
|
|
ImageThunk++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Go to the next import */
|
|
|
|
|
ImportDescriptor++;
|
|
|
|
|
}
|
2010-04-22 03:54:09 +00:00
|
|
|
#endif
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
MiSnapThunk(IN PVOID DllBase,
|
|
|
|
|
IN PVOID ImageBase,
|
|
|
|
|
IN PIMAGE_THUNK_DATA Name,
|
|
|
|
|
IN PIMAGE_THUNK_DATA Address,
|
|
|
|
|
IN PIMAGE_EXPORT_DIRECTORY ExportDirectory,
|
|
|
|
|
IN ULONG ExportSize,
|
|
|
|
|
IN BOOLEAN SnapForwarder,
|
|
|
|
|
OUT PCHAR *MissingApi)
|
|
|
|
|
{
|
|
|
|
|
BOOLEAN IsOrdinal;
|
|
|
|
|
USHORT Ordinal;
|
|
|
|
|
PULONG NameTable;
|
|
|
|
|
PUSHORT OrdinalTable;
|
|
|
|
|
PIMAGE_IMPORT_BY_NAME NameImport;
|
|
|
|
|
USHORT Hint;
|
|
|
|
|
ULONG Low = 0, Mid = 0, High;
|
|
|
|
|
LONG Ret;
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
PCHAR MissingForwarder;
|
|
|
|
|
CHAR NameBuffer[MAXIMUM_FILENAME_LENGTH];
|
|
|
|
|
PULONG ExportTable;
|
|
|
|
|
ANSI_STRING DllName;
|
|
|
|
|
UNICODE_STRING ForwarderName;
|
|
|
|
|
PLIST_ENTRY NextEntry;
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry;
|
|
|
|
|
ULONG ForwardExportSize;
|
|
|
|
|
PIMAGE_EXPORT_DIRECTORY ForwardExportDirectory;
|
|
|
|
|
PIMAGE_IMPORT_BY_NAME ForwardName;
|
[HAL/NDK]
- Make Vector parameter in HalEnableSystemInterrupt, HalDisableSystemInterrupt and HalBeginSystemInterrupt an ULONG, not an UCHAR
[NDK]
- 64bit fixes for HANDLE_TABLE, KPROCESS, SECTION_IMAGE_INFORMATION, MMADDRESS_LIST, MMVAD_FLAGS, MMVAD, MMVAD_LONG, MMVAD_SHORT, MEMORY_DESCRIPTOR, MEMORY_ALLOCATION_DESCRIPTOR, LdrVerifyMappedImageMatchesChecksum
- KDPC_DATA::DpcQueueDepth is signed on amd64, unsigned on x86
[NTOSKRNL]
- Fix hundreds of MSVC and amd64 warnings
- add a pragma message to FstubFixupEfiPartition, since it looks broken
- Move portable Ke constants from <arch>/cpu.c to krnlinit.c
- Fixed a bug in amd64 KiGeneralProtectionFaultHandler
svn path=/trunk/; revision=53734
2011-09-18 13:11:45 +00:00
|
|
|
SIZE_T ForwardLength;
|
2009-10-12 03:35:35 +00:00
|
|
|
IMAGE_THUNK_DATA ForwardThunk;
|
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
|
|
/* Check if this is an ordinal */
|
|
|
|
|
IsOrdinal = IMAGE_SNAP_BY_ORDINAL(Name->u1.Ordinal);
|
|
|
|
|
if ((IsOrdinal) && !(SnapForwarder))
|
|
|
|
|
{
|
|
|
|
|
/* Get the ordinal number and set it as missing */
|
|
|
|
|
Ordinal = (USHORT)(IMAGE_ORDINAL(Name->u1.Ordinal) -
|
|
|
|
|
ExportDirectory->Base);
|
|
|
|
|
*MissingApi = (PCHAR)(ULONG_PTR)Ordinal;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Get the VA if we don't have to snap */
|
|
|
|
|
if (!SnapForwarder) Name->u1.AddressOfData += (ULONG_PTR)ImageBase;
|
|
|
|
|
NameImport = (PIMAGE_IMPORT_BY_NAME)Name->u1.AddressOfData;
|
|
|
|
|
|
|
|
|
|
/* Copy the procedure name */
|
2011-03-25 22:28:15 +00:00
|
|
|
RtlStringCbCopyA(*MissingApi,
|
|
|
|
|
MAXIMUM_FILENAME_LENGTH,
|
2011-12-25 18:21:05 +00:00
|
|
|
(PCHAR)&NameImport->Name[0]);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Setup name tables */
|
|
|
|
|
DPRINT("Import name: %s\n", NameImport->Name);
|
|
|
|
|
NameTable = (PULONG)((ULONG_PTR)DllBase +
|
|
|
|
|
ExportDirectory->AddressOfNames);
|
|
|
|
|
OrdinalTable = (PUSHORT)((ULONG_PTR)DllBase +
|
|
|
|
|
ExportDirectory->AddressOfNameOrdinals);
|
|
|
|
|
|
|
|
|
|
/* Get the hint and check if it's valid */
|
|
|
|
|
Hint = NameImport->Hint;
|
|
|
|
|
if ((Hint < ExportDirectory->NumberOfNames) &&
|
2010-04-22 03:54:09 +00:00
|
|
|
!(strcmp((PCHAR)NameImport->Name, (PCHAR)DllBase + NameTable[Hint])))
|
2009-10-12 03:35:35 +00:00
|
|
|
{
|
|
|
|
|
/* We have a match, get the ordinal number from here */
|
|
|
|
|
Ordinal = OrdinalTable[Hint];
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Do a binary search */
|
|
|
|
|
High = ExportDirectory->NumberOfNames - 1;
|
|
|
|
|
while (High >= Low)
|
|
|
|
|
{
|
|
|
|
|
/* Get new middle value */
|
|
|
|
|
Mid = (Low + High) >> 1;
|
|
|
|
|
|
|
|
|
|
/* Compare name */
|
|
|
|
|
Ret = strcmp((PCHAR)NameImport->Name, (PCHAR)DllBase + NameTable[Mid]);
|
|
|
|
|
if (Ret < 0)
|
|
|
|
|
{
|
|
|
|
|
/* Update high */
|
|
|
|
|
High = Mid - 1;
|
|
|
|
|
}
|
|
|
|
|
else if (Ret > 0)
|
|
|
|
|
{
|
|
|
|
|
/* Update low */
|
|
|
|
|
Low = Mid + 1;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* We got it */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if we couldn't find it */
|
2010-09-21 05:34:05 +00:00
|
|
|
if (High < Low)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("Warning: Driver failed to load, %s not found\n", NameImport->Name);
|
|
|
|
|
return STATUS_DRIVER_ENTRYPOINT_NOT_FOUND;
|
|
|
|
|
}
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Otherwise, this is the ordinal */
|
|
|
|
|
Ordinal = OrdinalTable[Mid];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if the ordinal is invalid */
|
|
|
|
|
if (Ordinal >= ExportDirectory->NumberOfFunctions)
|
|
|
|
|
{
|
|
|
|
|
/* Fail */
|
|
|
|
|
Status = STATUS_DRIVER_ORDINAL_NOT_FOUND;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* In case the forwarder is missing */
|
|
|
|
|
MissingForwarder = NameBuffer;
|
|
|
|
|
|
|
|
|
|
/* Resolve the address and write it */
|
|
|
|
|
ExportTable = (PULONG)((ULONG_PTR)DllBase +
|
|
|
|
|
ExportDirectory->AddressOfFunctions);
|
|
|
|
|
Address->u1.Function = (ULONG_PTR)DllBase + ExportTable[Ordinal];
|
|
|
|
|
|
|
|
|
|
/* Assume success from now on */
|
|
|
|
|
Status = STATUS_SUCCESS;
|
|
|
|
|
|
|
|
|
|
/* Check if the function is actually a forwarder */
|
|
|
|
|
if ((Address->u1.Function > (ULONG_PTR)ExportDirectory) &&
|
|
|
|
|
(Address->u1.Function < ((ULONG_PTR)ExportDirectory + ExportSize)))
|
|
|
|
|
{
|
|
|
|
|
/* Now assume failure in case the forwarder doesn't exist */
|
|
|
|
|
Status = STATUS_DRIVER_ENTRYPOINT_NOT_FOUND;
|
|
|
|
|
|
|
|
|
|
/* Build the forwarder name */
|
|
|
|
|
DllName.Buffer = (PCHAR)Address->u1.Function;
|
[HAL/NDK]
- Make Vector parameter in HalEnableSystemInterrupt, HalDisableSystemInterrupt and HalBeginSystemInterrupt an ULONG, not an UCHAR
[NDK]
- 64bit fixes for HANDLE_TABLE, KPROCESS, SECTION_IMAGE_INFORMATION, MMADDRESS_LIST, MMVAD_FLAGS, MMVAD, MMVAD_LONG, MMVAD_SHORT, MEMORY_DESCRIPTOR, MEMORY_ALLOCATION_DESCRIPTOR, LdrVerifyMappedImageMatchesChecksum
- KDPC_DATA::DpcQueueDepth is signed on amd64, unsigned on x86
[NTOSKRNL]
- Fix hundreds of MSVC and amd64 warnings
- add a pragma message to FstubFixupEfiPartition, since it looks broken
- Move portable Ke constants from <arch>/cpu.c to krnlinit.c
- Fixed a bug in amd64 KiGeneralProtectionFaultHandler
svn path=/trunk/; revision=53734
2011-09-18 13:11:45 +00:00
|
|
|
DllName.Length = (USHORT)(strchr(DllName.Buffer, '.') -
|
|
|
|
|
DllName.Buffer) +
|
2011-09-18 20:56:44 +00:00
|
|
|
sizeof(ANSI_NULL);
|
2009-10-12 03:35:35 +00:00
|
|
|
DllName.MaximumLength = DllName.Length;
|
|
|
|
|
|
|
|
|
|
/* Convert it */
|
|
|
|
|
if (!NT_SUCCESS(RtlAnsiStringToUnicodeString(&ForwarderName,
|
|
|
|
|
&DllName,
|
|
|
|
|
TRUE)))
|
|
|
|
|
{
|
|
|
|
|
/* We failed, just return an error */
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Loop the module list */
|
|
|
|
|
NextEntry = PsLoadedModuleList.Flink;
|
|
|
|
|
while (NextEntry != &PsLoadedModuleList)
|
|
|
|
|
{
|
|
|
|
|
/* Get the loader entry */
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
|
|
|
|
|
|
|
|
|
/* Check if it matches */
|
2013-09-13 22:27:41 +00:00
|
|
|
if (RtlPrefixUnicodeString(&ForwarderName,
|
|
|
|
|
&LdrEntry->BaseDllName,
|
|
|
|
|
TRUE))
|
2009-10-12 03:35:35 +00:00
|
|
|
{
|
|
|
|
|
/* Get the forwarder export directory */
|
|
|
|
|
ForwardExportDirectory =
|
|
|
|
|
RtlImageDirectoryEntryToData(LdrEntry->DllBase,
|
|
|
|
|
TRUE,
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_EXPORT,
|
|
|
|
|
&ForwardExportSize);
|
|
|
|
|
if (!ForwardExportDirectory) break;
|
|
|
|
|
|
|
|
|
|
/* Allocate a name entry */
|
|
|
|
|
ForwardLength = strlen(DllName.Buffer + DllName.Length) +
|
|
|
|
|
sizeof(ANSI_NULL);
|
|
|
|
|
ForwardName = ExAllocatePoolWithTag(PagedPool,
|
|
|
|
|
sizeof(*ForwardName) +
|
|
|
|
|
ForwardLength,
|
|
|
|
|
TAG_LDR_WSTR);
|
|
|
|
|
if (!ForwardName) break;
|
|
|
|
|
|
|
|
|
|
/* Copy the data */
|
|
|
|
|
RtlCopyMemory(&ForwardName->Name[0],
|
|
|
|
|
DllName.Buffer + DllName.Length,
|
|
|
|
|
ForwardLength);
|
|
|
|
|
ForwardName->Hint = 0;
|
|
|
|
|
|
|
|
|
|
/* Set the new address */
|
2009-12-06 03:24:18 +00:00
|
|
|
ForwardThunk.u1.AddressOfData = (ULONG_PTR)ForwardName;
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Snap the forwarder */
|
|
|
|
|
Status = MiSnapThunk(LdrEntry->DllBase,
|
|
|
|
|
ImageBase,
|
|
|
|
|
&ForwardThunk,
|
|
|
|
|
&ForwardThunk,
|
|
|
|
|
ForwardExportDirectory,
|
|
|
|
|
ForwardExportSize,
|
|
|
|
|
TRUE,
|
|
|
|
|
&MissingForwarder);
|
|
|
|
|
|
|
|
|
|
/* Free the forwarder name and set the thunk */
|
|
|
|
|
ExFreePoolWithTag(ForwardName, TAG_LDR_WSTR);
|
|
|
|
|
Address->u1 = ForwardThunk.u1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Go to the next entry */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Free the name */
|
|
|
|
|
RtlFreeUnicodeString(&ForwarderName);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return status */
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
MmUnloadSystemImage(IN PVOID ImageHandle)
|
|
|
|
|
{
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry = ImageHandle;
|
|
|
|
|
PVOID BaseAddress = LdrEntry->DllBase;
|
|
|
|
|
NTSTATUS Status;
|
2009-10-25 15:56:38 +00:00
|
|
|
STRING TempName;
|
2009-10-12 03:35:35 +00:00
|
|
|
BOOLEAN HadEntry = FALSE;
|
|
|
|
|
|
|
|
|
|
/* Acquire the loader lock */
|
|
|
|
|
KeEnterCriticalRegion();
|
|
|
|
|
KeWaitForSingleObject(&MmSystemLoadLock,
|
|
|
|
|
WrVirtualMemory,
|
|
|
|
|
KernelMode,
|
|
|
|
|
FALSE,
|
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
|
|
/* Check if this driver was loaded at boot and didn't get imports parsed */
|
2010-04-22 03:54:09 +00:00
|
|
|
if (LdrEntry->LoadedImports == MM_SYSLDR_BOOT_LOADED) goto Done;
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* We should still be alive */
|
|
|
|
|
ASSERT(LdrEntry->LoadCount != 0);
|
|
|
|
|
LdrEntry->LoadCount--;
|
|
|
|
|
|
|
|
|
|
/* Check if we're still loaded */
|
|
|
|
|
if (LdrEntry->LoadCount) goto Done;
|
|
|
|
|
|
|
|
|
|
/* We should cleanup... are symbols loaded */
|
|
|
|
|
if (LdrEntry->Flags & LDRP_DEBUG_SYMBOLS_LOADED)
|
|
|
|
|
{
|
|
|
|
|
/* Create the ANSI name */
|
|
|
|
|
Status = RtlUnicodeStringToAnsiString(&TempName,
|
|
|
|
|
&LdrEntry->BaseDllName,
|
|
|
|
|
TRUE);
|
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
/* Unload the symbols */
|
2009-10-25 15:56:38 +00:00
|
|
|
DbgUnLoadImageSymbols(&TempName,
|
|
|
|
|
BaseAddress,
|
2014-05-22 10:18:22 +00:00
|
|
|
(ULONG_PTR)PsGetCurrentProcessId());
|
2009-10-12 03:35:35 +00:00
|
|
|
RtlFreeAnsiString(&TempName);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* FIXME: Free the driver */
|
2010-04-22 03:54:09 +00:00
|
|
|
DPRINT1("Leaking driver: %wZ\n", &LdrEntry->BaseDllName);
|
2009-10-12 03:35:35 +00:00
|
|
|
//MmFreeSection(LdrEntry->DllBase);
|
|
|
|
|
|
|
|
|
|
/* Check if we're linked in */
|
|
|
|
|
if (LdrEntry->InLoadOrderLinks.Flink)
|
|
|
|
|
{
|
|
|
|
|
/* Remove us */
|
|
|
|
|
MiProcessLoaderEntry(LdrEntry, FALSE);
|
|
|
|
|
HadEntry = TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Dereference and clear the imports */
|
|
|
|
|
MiDereferenceImports(LdrEntry->LoadedImports);
|
|
|
|
|
MiClearImports(LdrEntry);
|
|
|
|
|
|
|
|
|
|
/* Check if the entry needs to go away */
|
|
|
|
|
if (HadEntry)
|
|
|
|
|
{
|
|
|
|
|
/* Check if it had a name */
|
|
|
|
|
if (LdrEntry->FullDllName.Buffer)
|
|
|
|
|
{
|
|
|
|
|
/* Free it */
|
2011-06-01 13:39:36 +00:00
|
|
|
ExFreePoolWithTag(LdrEntry->FullDllName.Buffer, TAG_LDR_WSTR);
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if we had a section */
|
|
|
|
|
if (LdrEntry->SectionPointer)
|
|
|
|
|
{
|
|
|
|
|
/* Dereference it */
|
|
|
|
|
ObDereferenceObject(LdrEntry->SectionPointer);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Free the entry */
|
2011-06-01 13:39:36 +00:00
|
|
|
ExFreePoolWithTag(LdrEntry, TAG_MODULE_OBJECT);
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Release the system lock and return */
|
|
|
|
|
Done:
|
2020-10-16 14:09:08 +00:00
|
|
|
KeReleaseMutant(&MmSystemLoadLock, MUTANT_INCREMENT, FALSE, FALSE);
|
2009-10-12 03:35:35 +00:00
|
|
|
KeLeaveCriticalRegion();
|
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
MiResolveImageReferences(IN PVOID ImageBase,
|
|
|
|
|
IN PUNICODE_STRING ImageFileDirectory,
|
|
|
|
|
IN PUNICODE_STRING NamePrefix OPTIONAL,
|
|
|
|
|
OUT PCHAR *MissingApi,
|
|
|
|
|
OUT PWCHAR *MissingDriver,
|
|
|
|
|
OUT PLOAD_IMPORTS *LoadImports)
|
|
|
|
|
{
|
2013-11-11 20:01:13 +00:00
|
|
|
static UNICODE_STRING DriversFolderName = RTL_CONSTANT_STRING(L"drivers\\");
|
2009-10-12 03:35:35 +00:00
|
|
|
PCHAR MissingApiBuffer = *MissingApi, ImportName;
|
|
|
|
|
PIMAGE_IMPORT_DESCRIPTOR ImportDescriptor, CurrentImport;
|
|
|
|
|
ULONG ImportSize, ImportCount = 0, LoadedImportsSize, ExportSize;
|
|
|
|
|
PLOAD_IMPORTS LoadedImports, NewImports;
|
|
|
|
|
ULONG GdiLink, NormalLink, i;
|
|
|
|
|
BOOLEAN ReferenceNeeded, Loaded;
|
|
|
|
|
ANSI_STRING TempString;
|
|
|
|
|
UNICODE_STRING NameString, DllName;
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry = NULL, DllEntry, ImportEntry = NULL;
|
|
|
|
|
PVOID ImportBase, DllBase;
|
|
|
|
|
PLIST_ENTRY NextEntry;
|
|
|
|
|
PIMAGE_EXPORT_DIRECTORY ExportDirectory;
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
PIMAGE_THUNK_DATA OrigThunk, FirstThunk;
|
|
|
|
|
PAGED_CODE();
|
|
|
|
|
DPRINT("%s - ImageBase: %p. ImageFileDirectory: %wZ\n",
|
|
|
|
|
__FUNCTION__, ImageBase, ImageFileDirectory);
|
|
|
|
|
|
2013-11-11 20:01:13 +00:00
|
|
|
/* No name string buffer yet */
|
|
|
|
|
NameString.Buffer = NULL;
|
|
|
|
|
|
2009-10-12 03:35:35 +00:00
|
|
|
/* Assume no imports */
|
2010-04-22 03:54:09 +00:00
|
|
|
*LoadImports = MM_SYSLDR_NO_IMPORTS;
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Get the import descriptor */
|
|
|
|
|
ImportDescriptor = RtlImageDirectoryEntryToData(ImageBase,
|
|
|
|
|
TRUE,
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_IMPORT,
|
|
|
|
|
&ImportSize);
|
|
|
|
|
if (!ImportDescriptor) return STATUS_SUCCESS;
|
|
|
|
|
|
|
|
|
|
/* Loop all imports to count them */
|
|
|
|
|
for (CurrentImport = ImportDescriptor;
|
|
|
|
|
(CurrentImport->Name) && (CurrentImport->OriginalFirstThunk);
|
|
|
|
|
CurrentImport++)
|
|
|
|
|
{
|
|
|
|
|
/* One more */
|
|
|
|
|
ImportCount++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Make sure we have non-zero imports */
|
|
|
|
|
if (ImportCount)
|
|
|
|
|
{
|
|
|
|
|
/* Calculate and allocate the list we'll need */
|
|
|
|
|
LoadedImportsSize = ImportCount * sizeof(PVOID) + sizeof(SIZE_T);
|
|
|
|
|
LoadedImports = ExAllocatePoolWithTag(PagedPool,
|
|
|
|
|
LoadedImportsSize,
|
2011-06-01 13:39:36 +00:00
|
|
|
TAG_LDR_IMPORTS);
|
2009-10-12 03:35:35 +00:00
|
|
|
if (LoadedImports)
|
|
|
|
|
{
|
|
|
|
|
/* Zero it */
|
|
|
|
|
RtlZeroMemory(LoadedImports, LoadedImportsSize);
|
2010-04-22 03:54:09 +00:00
|
|
|
LoadedImports->Count = ImportCount;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* No table */
|
|
|
|
|
LoadedImports = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Reset the import count and loop descriptors again */
|
|
|
|
|
ImportCount = GdiLink = NormalLink = 0;
|
|
|
|
|
while ((ImportDescriptor->Name) && (ImportDescriptor->OriginalFirstThunk))
|
|
|
|
|
{
|
|
|
|
|
/* Get the name */
|
|
|
|
|
ImportName = (PCHAR)((ULONG_PTR)ImageBase + ImportDescriptor->Name);
|
|
|
|
|
|
|
|
|
|
/* Check if this is a GDI driver */
|
|
|
|
|
GdiLink = GdiLink |
|
|
|
|
|
!(_strnicmp(ImportName, "win32k", sizeof("win32k") - 1));
|
|
|
|
|
|
2019-06-25 22:46:52 +00:00
|
|
|
/* We can also allow dxapi (for Windows compat, allow IRT and coverage) */
|
2009-10-12 03:35:35 +00:00
|
|
|
NormalLink = NormalLink |
|
|
|
|
|
((_strnicmp(ImportName, "win32k", sizeof("win32k") - 1)) &&
|
2010-04-22 03:54:09 +00:00
|
|
|
(_strnicmp(ImportName, "dxapi", sizeof("dxapi") - 1)) &&
|
|
|
|
|
(_strnicmp(ImportName, "coverage", sizeof("coverage") - 1)) &&
|
|
|
|
|
(_strnicmp(ImportName, "irt", sizeof("irt") - 1)));
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Check if this is a valid GDI driver */
|
|
|
|
|
if ((GdiLink) && (NormalLink))
|
|
|
|
|
{
|
|
|
|
|
/* It's not, it's importing stuff it shouldn't be! */
|
2013-11-11 20:01:13 +00:00
|
|
|
Status = STATUS_PROCEDURE_NOT_FOUND;
|
|
|
|
|
goto Failure;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
2010-04-22 03:54:09 +00:00
|
|
|
/* Check for user-mode printer or video card drivers, which don't belong */
|
|
|
|
|
if (!(_strnicmp(ImportName, "ntdll", sizeof("ntdll") - 1)) ||
|
|
|
|
|
!(_strnicmp(ImportName, "winsrv", sizeof("winsrv") - 1)) ||
|
|
|
|
|
!(_strnicmp(ImportName, "advapi32", sizeof("advapi32") - 1)) ||
|
|
|
|
|
!(_strnicmp(ImportName, "kernel32", sizeof("kernel32") - 1)) ||
|
|
|
|
|
!(_strnicmp(ImportName, "user32", sizeof("user32") - 1)) ||
|
|
|
|
|
!(_strnicmp(ImportName, "gdi32", sizeof("gdi32") - 1)))
|
|
|
|
|
{
|
|
|
|
|
/* This is not kernel code */
|
2013-11-11 20:01:13 +00:00
|
|
|
Status = STATUS_PROCEDURE_NOT_FOUND;
|
|
|
|
|
goto Failure;
|
2010-04-22 03:54:09 +00:00
|
|
|
}
|
|
|
|
|
|
2009-10-12 03:35:35 +00:00
|
|
|
/* Check if this is a "core" import, which doesn't get referenced */
|
|
|
|
|
if (!(_strnicmp(ImportName, "ntoskrnl", sizeof("ntoskrnl") - 1)) ||
|
|
|
|
|
!(_strnicmp(ImportName, "win32k", sizeof("win32k") - 1)) ||
|
|
|
|
|
!(_strnicmp(ImportName, "hal", sizeof("hal") - 1)))
|
|
|
|
|
{
|
|
|
|
|
/* Don't reference this */
|
|
|
|
|
ReferenceNeeded = FALSE;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Reference these modules */
|
|
|
|
|
ReferenceNeeded = TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Now setup a unicode string for the import */
|
|
|
|
|
RtlInitAnsiString(&TempString, ImportName);
|
|
|
|
|
Status = RtlAnsiStringToUnicodeString(&NameString, &TempString, TRUE);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
/* Failed */
|
2013-11-11 20:01:13 +00:00
|
|
|
goto Failure;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We don't support name prefixes yet */
|
|
|
|
|
if (NamePrefix) DPRINT1("Name Prefix not yet supported!\n");
|
|
|
|
|
|
|
|
|
|
/* Remember that we haven't loaded the import at this point */
|
|
|
|
|
CheckDllState:
|
|
|
|
|
Loaded = FALSE;
|
|
|
|
|
ImportBase = NULL;
|
|
|
|
|
|
|
|
|
|
/* Loop the driver list */
|
|
|
|
|
NextEntry = PsLoadedModuleList.Flink;
|
|
|
|
|
while (NextEntry != &PsLoadedModuleList)
|
|
|
|
|
{
|
|
|
|
|
/* Get the loader entry and compare the name */
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
|
|
|
|
if (RtlEqualUnicodeString(&NameString,
|
|
|
|
|
&LdrEntry->BaseDllName,
|
|
|
|
|
TRUE))
|
|
|
|
|
{
|
|
|
|
|
/* Get the base address */
|
|
|
|
|
ImportBase = LdrEntry->DllBase;
|
|
|
|
|
|
|
|
|
|
/* Check if we haven't loaded yet, and we need references */
|
|
|
|
|
if (!(Loaded) && (ReferenceNeeded))
|
|
|
|
|
{
|
|
|
|
|
/* Make sure we're not already loading */
|
|
|
|
|
if (!(LdrEntry->Flags & LDRP_LOAD_IN_PROGRESS))
|
|
|
|
|
{
|
|
|
|
|
/* Increase the load count */
|
|
|
|
|
LdrEntry->LoadCount++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Done, break out */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Go to the next entry */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if we haven't loaded the import yet */
|
|
|
|
|
if (!ImportBase)
|
|
|
|
|
{
|
|
|
|
|
/* Setup the import DLL name */
|
|
|
|
|
DllName.MaximumLength = NameString.Length +
|
|
|
|
|
ImageFileDirectory->Length +
|
|
|
|
|
sizeof(UNICODE_NULL);
|
|
|
|
|
DllName.Buffer = ExAllocatePoolWithTag(NonPagedPool,
|
|
|
|
|
DllName.MaximumLength,
|
2011-06-01 13:39:36 +00:00
|
|
|
TAG_LDR_WSTR);
|
2013-11-11 20:01:13 +00:00
|
|
|
if (!DllName.Buffer)
|
2009-10-12 03:35:35 +00:00
|
|
|
{
|
2013-11-11 20:01:13 +00:00
|
|
|
/* We're out of resources */
|
|
|
|
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
goto Failure;
|
|
|
|
|
}
|
|
|
|
|
|
2013-11-13 22:07:54 +00:00
|
|
|
/* Add the import name to the base directory */
|
|
|
|
|
RtlCopyUnicodeString(&DllName, ImageFileDirectory);
|
2013-11-11 20:01:13 +00:00
|
|
|
RtlAppendUnicodeStringToString(&DllName,
|
|
|
|
|
&NameString);
|
|
|
|
|
|
|
|
|
|
/* Load the image */
|
|
|
|
|
Status = MmLoadSystemImage(&DllName,
|
|
|
|
|
NamePrefix,
|
|
|
|
|
NULL,
|
|
|
|
|
FALSE,
|
2013-11-13 22:07:54 +00:00
|
|
|
(PVOID *)&DllEntry,
|
2013-11-11 20:01:13 +00:00
|
|
|
&DllBase);
|
|
|
|
|
|
|
|
|
|
/* win32k / GDI drivers can also import from system32 folder */
|
|
|
|
|
if ((Status == STATUS_OBJECT_NAME_NOT_FOUND) &&
|
|
|
|
|
(MI_IS_SESSION_ADDRESS(ImageBase) || 1)) // HACK
|
|
|
|
|
{
|
|
|
|
|
/* Free the old name buffer */
|
|
|
|
|
ExFreePoolWithTag(DllName.Buffer, TAG_LDR_WSTR);
|
|
|
|
|
|
|
|
|
|
/* Calculate size for a string the adds 'drivers\' */
|
|
|
|
|
DllName.MaximumLength += DriversFolderName.Length;
|
|
|
|
|
|
|
|
|
|
/* Allocate the new buffer */
|
|
|
|
|
DllName.Buffer = ExAllocatePoolWithTag(NonPagedPool,
|
|
|
|
|
DllName.MaximumLength,
|
|
|
|
|
TAG_LDR_WSTR);
|
|
|
|
|
if (!DllName.Buffer)
|
|
|
|
|
{
|
|
|
|
|
/* We're out of resources */
|
|
|
|
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
goto Failure;
|
|
|
|
|
}
|
|
|
|
|
|
2013-11-13 22:07:54 +00:00
|
|
|
/* Copy image directory and append 'drivers\' folder name */
|
|
|
|
|
RtlCopyUnicodeString(&DllName, ImageFileDirectory);
|
2013-11-11 20:01:13 +00:00
|
|
|
RtlAppendUnicodeStringToString(&DllName, &DriversFolderName);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
2013-11-13 22:07:54 +00:00
|
|
|
/* Now add the import name */
|
2013-11-11 20:01:13 +00:00
|
|
|
RtlAppendUnicodeStringToString(&DllName, &NameString);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
2013-11-11 20:01:13 +00:00
|
|
|
/* Try once again to load the image */
|
2009-10-12 03:35:35 +00:00
|
|
|
Status = MmLoadSystemImage(&DllName,
|
|
|
|
|
NamePrefix,
|
|
|
|
|
NULL,
|
2010-04-22 03:54:09 +00:00
|
|
|
FALSE,
|
2013-11-13 22:07:54 +00:00
|
|
|
(PVOID *)&DllEntry,
|
2009-10-12 03:35:35 +00:00
|
|
|
&DllBase);
|
|
|
|
|
}
|
|
|
|
|
|
2013-11-11 20:01:13 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
2009-10-12 03:35:35 +00:00
|
|
|
{
|
2013-11-11 20:01:13 +00:00
|
|
|
/* Fill out the information for the error */
|
|
|
|
|
*MissingDriver = DllName.Buffer;
|
|
|
|
|
*(PULONG)MissingDriver |= 1;
|
|
|
|
|
*MissingApi = NULL;
|
2009-10-12 03:35:35 +00:00
|
|
|
|
2013-11-13 22:07:54 +00:00
|
|
|
DPRINT1("Failed to load dependency: %wZ\n", &DllName);
|
|
|
|
|
|
2013-11-11 20:01:13 +00:00
|
|
|
/* Don't free the name */
|
|
|
|
|
DllName.Buffer = NULL;
|
2009-10-12 03:35:35 +00:00
|
|
|
|
2013-11-11 20:01:13 +00:00
|
|
|
/* Cleanup and return */
|
|
|
|
|
goto Failure;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
2013-11-11 20:01:13 +00:00
|
|
|
/* We can free the DLL Name */
|
|
|
|
|
ExFreePoolWithTag(DllName.Buffer, TAG_LDR_WSTR);
|
|
|
|
|
DllName.Buffer = NULL;
|
|
|
|
|
|
|
|
|
|
/* We're now loaded */
|
|
|
|
|
Loaded = TRUE;
|
|
|
|
|
|
|
|
|
|
/* Sanity check */
|
|
|
|
|
ASSERT(DllBase == DllEntry->DllBase);
|
|
|
|
|
|
|
|
|
|
/* Call the initialization routines */
|
|
|
|
|
Status = MmCallDllInitialize(DllEntry, &PsLoadedModuleList);
|
2009-10-12 03:35:35 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
2013-11-11 20:01:13 +00:00
|
|
|
/* We failed, unload the image */
|
|
|
|
|
MmUnloadSystemImage(DllEntry);
|
|
|
|
|
ERROR_DBGBREAK("MmCallDllInitialize failed with status 0x%x\n", Status);
|
|
|
|
|
Loaded = FALSE;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Loop again to make sure that everything is OK */
|
|
|
|
|
goto CheckDllState;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if we're support to reference this import */
|
|
|
|
|
if ((ReferenceNeeded) && (LoadedImports))
|
|
|
|
|
{
|
|
|
|
|
/* Make sure we're not already loading */
|
|
|
|
|
if (!(LdrEntry->Flags & LDRP_LOAD_IN_PROGRESS))
|
|
|
|
|
{
|
|
|
|
|
/* Add the entry */
|
2010-04-22 03:54:09 +00:00
|
|
|
LoadedImports->Entry[ImportCount] = LdrEntry;
|
|
|
|
|
ImportCount++;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Free the import name */
|
|
|
|
|
RtlFreeUnicodeString(&NameString);
|
|
|
|
|
|
|
|
|
|
/* Set the missing driver name and get the export directory */
|
|
|
|
|
*MissingDriver = LdrEntry->BaseDllName.Buffer;
|
|
|
|
|
ExportDirectory = RtlImageDirectoryEntryToData(ImportBase,
|
|
|
|
|
TRUE,
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_EXPORT,
|
|
|
|
|
&ExportSize);
|
|
|
|
|
if (!ExportDirectory)
|
|
|
|
|
{
|
|
|
|
|
/* Cleanup and return */
|
2010-09-21 05:34:05 +00:00
|
|
|
DPRINT1("Warning: Driver failed to load, %S not found\n", *MissingDriver);
|
2013-11-11 20:01:13 +00:00
|
|
|
Status = STATUS_DRIVER_ENTRYPOINT_NOT_FOUND;
|
|
|
|
|
goto Failure;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Make sure we have an IAT */
|
|
|
|
|
if (ImportDescriptor->OriginalFirstThunk)
|
|
|
|
|
{
|
|
|
|
|
/* Get the first thunks */
|
|
|
|
|
OrigThunk = (PVOID)((ULONG_PTR)ImageBase +
|
|
|
|
|
ImportDescriptor->OriginalFirstThunk);
|
|
|
|
|
FirstThunk = (PVOID)((ULONG_PTR)ImageBase +
|
|
|
|
|
ImportDescriptor->FirstThunk);
|
|
|
|
|
|
|
|
|
|
/* Loop the IAT */
|
|
|
|
|
while (OrigThunk->u1.AddressOfData)
|
|
|
|
|
{
|
|
|
|
|
/* Snap thunk */
|
|
|
|
|
Status = MiSnapThunk(ImportBase,
|
|
|
|
|
ImageBase,
|
|
|
|
|
OrigThunk++,
|
|
|
|
|
FirstThunk++,
|
|
|
|
|
ExportDirectory,
|
|
|
|
|
ExportSize,
|
|
|
|
|
FALSE,
|
|
|
|
|
MissingApi);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
/* Cleanup and return */
|
2013-11-11 20:01:13 +00:00
|
|
|
goto Failure;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Reset the buffer */
|
|
|
|
|
*MissingApi = MissingApiBuffer;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Go to the next import */
|
|
|
|
|
ImportDescriptor++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if we have an import list */
|
|
|
|
|
if (LoadedImports)
|
|
|
|
|
{
|
2010-11-02 14:41:29 +00:00
|
|
|
/* Reset the count again, and loop entries */
|
2009-10-12 03:35:35 +00:00
|
|
|
ImportCount = 0;
|
|
|
|
|
for (i = 0; i < LoadedImports->Count; i++)
|
|
|
|
|
{
|
|
|
|
|
if (LoadedImports->Entry[i])
|
|
|
|
|
{
|
|
|
|
|
/* Got an entry, OR it with 1 in case it's the single entry */
|
2010-04-22 03:54:09 +00:00
|
|
|
ImportEntry = (PVOID)((ULONG_PTR)LoadedImports->Entry[i] |
|
|
|
|
|
MM_SYSLDR_SINGLE_ENTRY);
|
2009-10-12 03:35:35 +00:00
|
|
|
ImportCount++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if we had no imports */
|
|
|
|
|
if (!ImportCount)
|
|
|
|
|
{
|
|
|
|
|
/* Free the list and set it to no imports */
|
2011-06-01 13:39:36 +00:00
|
|
|
ExFreePoolWithTag(LoadedImports, TAG_LDR_IMPORTS);
|
2010-04-22 03:54:09 +00:00
|
|
|
LoadedImports = MM_SYSLDR_NO_IMPORTS;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
else if (ImportCount == 1)
|
|
|
|
|
{
|
|
|
|
|
/* Just one entry, we can free the table and only use our entry */
|
2011-06-01 13:39:36 +00:00
|
|
|
ExFreePoolWithTag(LoadedImports, TAG_LDR_IMPORTS);
|
2009-10-12 03:35:35 +00:00
|
|
|
LoadedImports = (PLOAD_IMPORTS)ImportEntry;
|
|
|
|
|
}
|
|
|
|
|
else if (ImportCount != LoadedImports->Count)
|
|
|
|
|
{
|
|
|
|
|
/* Allocate a new list */
|
|
|
|
|
LoadedImportsSize = ImportCount * sizeof(PVOID) + sizeof(SIZE_T);
|
|
|
|
|
NewImports = ExAllocatePoolWithTag(PagedPool,
|
|
|
|
|
LoadedImportsSize,
|
2011-06-01 13:39:36 +00:00
|
|
|
TAG_LDR_IMPORTS);
|
2009-10-12 03:35:35 +00:00
|
|
|
if (NewImports)
|
|
|
|
|
{
|
|
|
|
|
/* Set count */
|
|
|
|
|
NewImports->Count = 0;
|
|
|
|
|
|
|
|
|
|
/* Loop all the imports */
|
|
|
|
|
for (i = 0; i < LoadedImports->Count; i++)
|
|
|
|
|
{
|
|
|
|
|
/* Make sure it's valid */
|
|
|
|
|
if (LoadedImports->Entry[i])
|
|
|
|
|
{
|
|
|
|
|
/* Copy it */
|
|
|
|
|
NewImports->Entry[NewImports->Count] = LoadedImports->Entry[i];
|
|
|
|
|
NewImports->Count++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Free the old copy */
|
2011-06-01 13:39:36 +00:00
|
|
|
ExFreePoolWithTag(LoadedImports, TAG_LDR_IMPORTS);
|
2009-10-12 03:35:35 +00:00
|
|
|
LoadedImports = NewImports;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return the list */
|
|
|
|
|
*LoadImports = LoadedImports;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return success */
|
|
|
|
|
return STATUS_SUCCESS;
|
2013-11-11 20:01:13 +00:00
|
|
|
|
|
|
|
|
Failure:
|
|
|
|
|
|
|
|
|
|
/* Cleanup and return */
|
2013-11-13 22:07:54 +00:00
|
|
|
RtlFreeUnicodeString(&NameString);
|
2013-11-11 20:01:13 +00:00
|
|
|
|
|
|
|
|
if (LoadedImports)
|
|
|
|
|
{
|
|
|
|
|
MiDereferenceImports(LoadedImports);
|
|
|
|
|
ExFreePoolWithTag(LoadedImports, TAG_LDR_IMPORTS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Status;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
2012-02-17 22:57:32 +00:00
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiFreeInitializationCode(IN PVOID InitStart,
|
|
|
|
|
IN PVOID InitEnd)
|
|
|
|
|
{
|
|
|
|
|
PMMPTE PointerPte;
|
|
|
|
|
PFN_NUMBER PagesFreed;
|
|
|
|
|
|
|
|
|
|
/* Get the start PTE */
|
|
|
|
|
PointerPte = MiAddressToPte(InitStart);
|
|
|
|
|
ASSERT(MI_IS_PHYSICAL_ADDRESS(InitStart) == FALSE);
|
|
|
|
|
|
|
|
|
|
/* Compute the number of pages we expect to free */
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
PagesFreed = (PFN_NUMBER)(MiAddressToPte(InitEnd) - PointerPte);
|
2012-10-07 21:36:50 +00:00
|
|
|
|
2012-02-17 22:57:32 +00:00
|
|
|
/* Try to actually free them */
|
|
|
|
|
PagesFreed = MiDeleteSystemPageableVm(PointerPte,
|
|
|
|
|
PagesFreed,
|
|
|
|
|
0,
|
|
|
|
|
NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 19:44:01 +00:00
|
|
|
CODE_SEG("INIT")
|
2012-02-17 22:57:32 +00:00
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiFindInitializationCode(OUT PVOID *StartVa,
|
|
|
|
|
OUT PVOID *EndVa)
|
|
|
|
|
{
|
|
|
|
|
ULONG Size, SectionCount, Alignment;
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry;
|
|
|
|
|
ULONG_PTR DllBase, InitStart, InitEnd, ImageEnd, InitCode;
|
|
|
|
|
PLIST_ENTRY NextEntry;
|
|
|
|
|
PIMAGE_NT_HEADERS NtHeader;
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
PIMAGE_SECTION_HEADER Section, LastSection, InitSection;
|
2012-02-17 22:57:32 +00:00
|
|
|
BOOLEAN InitFound;
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
DBG_UNREFERENCED_LOCAL_VARIABLE(InitSection);
|
2012-10-07 21:36:50 +00:00
|
|
|
|
2012-02-17 22:57:32 +00:00
|
|
|
/* So we don't free our own code yet */
|
|
|
|
|
InitCode = (ULONG_PTR)&MiFindInitializationCode;
|
|
|
|
|
|
|
|
|
|
/* Assume failure */
|
|
|
|
|
*StartVa = NULL;
|
|
|
|
|
|
2020-10-15 11:42:13 +00:00
|
|
|
/* Acquire the necessary locks while we loop the list */
|
2012-02-17 22:57:32 +00:00
|
|
|
KeEnterCriticalRegion();
|
2020-10-15 11:40:42 +00:00
|
|
|
KeWaitForSingleObject(&MmSystemLoadLock,
|
|
|
|
|
WrVirtualMemory,
|
|
|
|
|
KernelMode,
|
|
|
|
|
FALSE,
|
|
|
|
|
NULL);
|
2020-10-15 11:42:13 +00:00
|
|
|
ExAcquireResourceExclusiveLite(&PsLoadedModuleResource, TRUE);
|
2012-02-17 22:57:32 +00:00
|
|
|
|
|
|
|
|
/* Loop all loaded modules */
|
|
|
|
|
NextEntry = PsLoadedModuleList.Flink;
|
|
|
|
|
while (NextEntry != &PsLoadedModuleList)
|
|
|
|
|
{
|
|
|
|
|
/* Get the loader entry and its DLL base */
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
|
|
|
|
|
DllBase = (ULONG_PTR)LdrEntry->DllBase;
|
2012-10-07 21:36:50 +00:00
|
|
|
|
2013-11-22 12:51:40 +00:00
|
|
|
/* Only process boot loaded images. Other drivers are processed by
|
|
|
|
|
MmFreeDriverInitialization */
|
|
|
|
|
if (LdrEntry->Flags & LDRP_MM_LOADED)
|
|
|
|
|
{
|
|
|
|
|
/* Keep going */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2012-02-17 22:57:32 +00:00
|
|
|
/* Get the NT header */
|
|
|
|
|
NtHeader = RtlImageNtHeader((PVOID)DllBase);
|
|
|
|
|
if (!NtHeader)
|
|
|
|
|
{
|
|
|
|
|
/* Keep going */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Get the first section, the section count, and scan them all */
|
|
|
|
|
Section = IMAGE_FIRST_SECTION(NtHeader);
|
|
|
|
|
SectionCount = NtHeader->FileHeader.NumberOfSections;
|
|
|
|
|
InitStart = 0;
|
|
|
|
|
while (SectionCount > 0)
|
|
|
|
|
{
|
|
|
|
|
/* Assume failure */
|
|
|
|
|
InitFound = FALSE;
|
|
|
|
|
|
|
|
|
|
/* Is this the INIT section or a discardable section? */
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
if ((strncmp((PCCH)Section->Name, "INIT", 5) == 0) ||
|
2012-02-17 22:57:32 +00:00
|
|
|
((Section->Characteristics & IMAGE_SCN_MEM_DISCARDABLE)))
|
|
|
|
|
{
|
|
|
|
|
/* Remember this */
|
|
|
|
|
InitFound = TRUE;
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
InitSection = Section;
|
2012-02-17 22:57:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (InitFound)
|
|
|
|
|
{
|
|
|
|
|
/* Pick the biggest size -- either raw or virtual */
|
|
|
|
|
Size = max(Section->SizeOfRawData, Section->Misc.VirtualSize);
|
2012-10-07 21:36:50 +00:00
|
|
|
|
2012-02-17 22:57:32 +00:00
|
|
|
/* Read the section alignment */
|
|
|
|
|
Alignment = NtHeader->OptionalHeader.SectionAlignment;
|
|
|
|
|
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
/* Get the start and end addresses */
|
2012-02-17 22:57:32 +00:00
|
|
|
InitStart = DllBase + Section->VirtualAddress;
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
InitEnd = ALIGN_UP_BY(InitStart + Size, Alignment);
|
|
|
|
|
|
|
|
|
|
/* Align the addresses to PAGE_SIZE */
|
|
|
|
|
InitStart = ALIGN_UP_BY(InitStart, PAGE_SIZE);
|
|
|
|
|
InitEnd = ALIGN_DOWN_BY(InitEnd, PAGE_SIZE);
|
2012-02-17 22:57:32 +00:00
|
|
|
|
|
|
|
|
/* Have we reached the last section? */
|
|
|
|
|
if (SectionCount == 1)
|
|
|
|
|
{
|
|
|
|
|
/* Remember this */
|
|
|
|
|
LastSection = Section;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* We have not, loop all the sections */
|
|
|
|
|
LastSection = NULL;
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
/* Keep going until we find a non-discardable section range */
|
|
|
|
|
SectionCount--;
|
|
|
|
|
Section++;
|
|
|
|
|
if (Section->Characteristics & IMAGE_SCN_MEM_DISCARDABLE)
|
|
|
|
|
{
|
|
|
|
|
/* Discardable, so record it, then keep going */
|
|
|
|
|
LastSection = Section;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Non-contigous discard flag, or no flag, break out */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
while (SectionCount > 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Have we found a discardable or init section? */
|
|
|
|
|
if (LastSection)
|
|
|
|
|
{
|
|
|
|
|
/* Pick the biggest size -- either raw or virtual */
|
|
|
|
|
Size = max(LastSection->SizeOfRawData, LastSection->Misc.VirtualSize);
|
|
|
|
|
|
|
|
|
|
/* Use this as the end of the section address */
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
InitEnd = DllBase + LastSection->VirtualAddress + Size;
|
2012-02-17 22:57:32 +00:00
|
|
|
|
|
|
|
|
/* Have we reached the last section yet? */
|
|
|
|
|
if (SectionCount != 1)
|
|
|
|
|
{
|
|
|
|
|
/* Then align this accross the session boundary */
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
InitEnd = ALIGN_UP_BY(InitEnd, Alignment);
|
|
|
|
|
InitEnd = ALIGN_DOWN_BY(InitEnd, PAGE_SIZE);
|
2012-02-17 22:57:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Make sure we don't let the init section go past the image */
|
|
|
|
|
ImageEnd = DllBase + LdrEntry->SizeOfImage;
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
if (InitEnd > ImageEnd) InitEnd = ALIGN_UP_BY(ImageEnd, PAGE_SIZE);
|
2012-02-17 22:57:32 +00:00
|
|
|
|
|
|
|
|
/* Make sure we have a valid, non-zero init section */
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
if (InitStart < InitEnd)
|
2012-02-17 22:57:32 +00:00
|
|
|
{
|
|
|
|
|
/* Make sure we are not within this code itself */
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
if ((InitCode >= InitStart) && (InitCode < InitEnd))
|
2012-02-17 22:57:32 +00:00
|
|
|
{
|
|
|
|
|
/* Return it, we can't free ourselves now */
|
|
|
|
|
ASSERT(*StartVa == 0);
|
|
|
|
|
*StartVa = (PVOID)InitStart;
|
|
|
|
|
*EndVa = (PVOID)InitEnd;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* This isn't us -- go ahead and free it */
|
|
|
|
|
ASSERT(MI_IS_PHYSICAL_ADDRESS((PVOID)InitStart) == FALSE);
|
[NTOS] Fix MiFindInitializationCode (#751)
Short: The code was suffering from an off-by-one bug (inconsistency between inclusive end exclusive end address), which could lead to freeing one page above the initialization code. This led to freeing part of the kernel import section on x64. Now it is consistently using the aligned/exclusive end address.
Long:
* Initialization sections are freed both for the boot loaded images as well as for drivers that are loaded later. Obviously the second mechanism needs to be able to run at any time, so it is not initialization code itself. For some reason someone decided though, it would be a smart idea to implement the code twice, once for the boot loaded images, once for drivers and concluding that the former was initialization code itself and had to be freed.
* Since freeing the code that frees the initialization sections, while it is doing that is not possible, it uses a "smart trick", initially skipping that range, returning its start and end to the caller and have the caller free it afterwards.
* The code was using the end address in an inconsistent way, partly aligning it to the start of the following section, sometimes pointing to the last byte that should be freed. The function that freed each chunk was assuming the latter (i.e. that the end was included in the range) and thus freed the page that contained the end address. The end address for the range that was returned to the caller was aligned to the start of the next section, and the caller used it to free the range including the following page. On x64 this was the start of the import section of ntoskrnl. How that worked on x86 I don't even want to know.
2018-08-21 08:35:57 +00:00
|
|
|
DPRINT("Freeing init code: %p-%p ('%wZ' @%p : '%s')\n",
|
|
|
|
|
(PVOID)InitStart,
|
|
|
|
|
(PVOID)InitEnd,
|
|
|
|
|
&LdrEntry->BaseDllName,
|
|
|
|
|
LdrEntry->DllBase,
|
|
|
|
|
InitSection->Name);
|
2012-02-17 22:57:32 +00:00
|
|
|
MiFreeInitializationCode((PVOID)InitStart, (PVOID)InitEnd);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-10-07 21:36:50 +00:00
|
|
|
|
2012-02-17 22:57:32 +00:00
|
|
|
/* Move to the next section */
|
|
|
|
|
SectionCount--;
|
|
|
|
|
Section++;
|
|
|
|
|
}
|
2012-10-07 21:36:50 +00:00
|
|
|
|
2012-02-17 22:57:32 +00:00
|
|
|
/* Move to the next module */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-15 11:42:13 +00:00
|
|
|
/* Release the locks and return */
|
|
|
|
|
ExReleaseResourceLite(&PsLoadedModuleResource);
|
2020-10-16 14:09:08 +00:00
|
|
|
KeReleaseMutant(&MmSystemLoadLock, MUTANT_INCREMENT, FALSE, FALSE);
|
2012-02-17 22:57:32 +00:00
|
|
|
KeLeaveCriticalRegion();
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-07 21:36:50 +00:00
|
|
|
/*
|
2012-02-17 22:57:32 +00:00
|
|
|
* Note: This function assumes that all discardable sections are at the end of
|
|
|
|
|
* the PE file. It searches backwards until it finds the non-discardable section
|
|
|
|
|
*/
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MmFreeDriverInitialization(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
|
|
|
|
|
{
|
|
|
|
|
PMMPTE StartPte, EndPte;
|
|
|
|
|
PFN_NUMBER PageCount;
|
|
|
|
|
PVOID DllBase;
|
|
|
|
|
ULONG i;
|
|
|
|
|
PIMAGE_NT_HEADERS NtHeader;
|
|
|
|
|
PIMAGE_SECTION_HEADER Section, DiscardSection;
|
|
|
|
|
|
|
|
|
|
/* Get the base address and the page count */
|
|
|
|
|
DllBase = LdrEntry->DllBase;
|
|
|
|
|
PageCount = LdrEntry->SizeOfImage >> PAGE_SHIFT;
|
|
|
|
|
|
|
|
|
|
/* Get the last PTE in this image */
|
|
|
|
|
EndPte = MiAddressToPte(DllBase) + PageCount;
|
|
|
|
|
|
|
|
|
|
/* Get the NT header */
|
|
|
|
|
NtHeader = RtlImageNtHeader(DllBase);
|
|
|
|
|
if (!NtHeader) return;
|
|
|
|
|
|
|
|
|
|
/* Get the last section and loop each section backwards */
|
|
|
|
|
Section = IMAGE_FIRST_SECTION(NtHeader) + NtHeader->FileHeader.NumberOfSections;
|
|
|
|
|
DiscardSection = NULL;
|
|
|
|
|
for (i = 0; i < NtHeader->FileHeader.NumberOfSections; i++)
|
|
|
|
|
{
|
|
|
|
|
/* Go back a section and check if it's discardable */
|
|
|
|
|
Section--;
|
|
|
|
|
if (Section->Characteristics & IMAGE_SCN_MEM_DISCARDABLE)
|
|
|
|
|
{
|
|
|
|
|
/* It is, select it for freeing */
|
|
|
|
|
DiscardSection = Section;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* No more discardable sections exist, bail out */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Bail out if there's nothing to free */
|
|
|
|
|
if (!DiscardSection) return;
|
|
|
|
|
|
|
|
|
|
/* Push the DLL base to the first disacrable section, and get its PTE */
|
|
|
|
|
DllBase = (PVOID)ROUND_TO_PAGES((ULONG_PTR)DllBase + DiscardSection->VirtualAddress);
|
|
|
|
|
ASSERT(MI_IS_PHYSICAL_ADDRESS(DllBase) == FALSE);
|
|
|
|
|
StartPte = MiAddressToPte(DllBase);
|
|
|
|
|
|
|
|
|
|
/* Check how many pages to free total */
|
|
|
|
|
PageCount = (PFN_NUMBER)(EndPte - StartPte);
|
|
|
|
|
if (!PageCount) return;
|
|
|
|
|
|
|
|
|
|
/* Delete this many PTEs */
|
2013-06-02 19:04:02 +00:00
|
|
|
MiDeleteSystemPageableVm(StartPte, PageCount, 0, NULL);
|
2012-02-17 22:57:32 +00:00
|
|
|
}
|
|
|
|
|
|
2020-10-06 19:44:01 +00:00
|
|
|
CODE_SEG("INIT")
|
2009-10-12 03:35:35 +00:00
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiReloadBootLoadedDrivers(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
|
|
|
|
|
{
|
|
|
|
|
PLIST_ENTRY NextEntry;
|
|
|
|
|
ULONG i = 0;
|
|
|
|
|
PIMAGE_NT_HEADERS NtHeader;
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry;
|
|
|
|
|
PIMAGE_FILE_HEADER FileHeader;
|
|
|
|
|
BOOLEAN ValidRelocs;
|
|
|
|
|
PIMAGE_DATA_DIRECTORY DataDirectory;
|
|
|
|
|
PVOID DllBase, NewImageAddress;
|
|
|
|
|
NTSTATUS Status;
|
2010-02-21 02:13:20 +00:00
|
|
|
PMMPTE PointerPte, StartPte, LastPte;
|
[HAL/NDK]
- Make Vector parameter in HalEnableSystemInterrupt, HalDisableSystemInterrupt and HalBeginSystemInterrupt an ULONG, not an UCHAR
[NDK]
- 64bit fixes for HANDLE_TABLE, KPROCESS, SECTION_IMAGE_INFORMATION, MMADDRESS_LIST, MMVAD_FLAGS, MMVAD, MMVAD_LONG, MMVAD_SHORT, MEMORY_DESCRIPTOR, MEMORY_ALLOCATION_DESCRIPTOR, LdrVerifyMappedImageMatchesChecksum
- KDPC_DATA::DpcQueueDepth is signed on amd64, unsigned on x86
[NTOSKRNL]
- Fix hundreds of MSVC and amd64 warnings
- add a pragma message to FstubFixupEfiPartition, since it looks broken
- Move portable Ke constants from <arch>/cpu.c to krnlinit.c
- Fixed a bug in amd64 KiGeneralProtectionFaultHandler
svn path=/trunk/; revision=53734
2011-09-18 13:11:45 +00:00
|
|
|
PFN_COUNT PteCount;
|
2010-02-21 02:13:20 +00:00
|
|
|
PMMPFN Pfn1;
|
|
|
|
|
MMPTE TempPte, OldPte;
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Loop driver list */
|
|
|
|
|
for (NextEntry = LoaderBlock->LoadOrderListHead.Flink;
|
|
|
|
|
NextEntry != &LoaderBlock->LoadOrderListHead;
|
|
|
|
|
NextEntry = NextEntry->Flink)
|
|
|
|
|
{
|
|
|
|
|
/* Get the loader entry and NT header */
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
|
|
|
|
NtHeader = RtlImageNtHeader(LdrEntry->DllBase);
|
|
|
|
|
|
|
|
|
|
/* Debug info */
|
|
|
|
|
DPRINT("[Mm0]: Driver at: %p ending at: %p for module: %wZ\n",
|
|
|
|
|
LdrEntry->DllBase,
|
2009-11-08 01:13:49 +00:00
|
|
|
(ULONG_PTR)LdrEntry->DllBase + LdrEntry->SizeOfImage,
|
2009-10-12 03:35:35 +00:00
|
|
|
&LdrEntry->FullDllName);
|
|
|
|
|
|
2010-11-02 15:16:22 +00:00
|
|
|
/* Get the first PTE and the number of PTEs we'll need */
|
|
|
|
|
PointerPte = StartPte = MiAddressToPte(LdrEntry->DllBase);
|
|
|
|
|
PteCount = ROUND_TO_PAGES(LdrEntry->SizeOfImage) >> PAGE_SHIFT;
|
|
|
|
|
LastPte = StartPte + PteCount;
|
|
|
|
|
|
|
|
|
|
#if MI_TRACE_PFNS
|
|
|
|
|
/* Loop the PTEs */
|
|
|
|
|
while (PointerPte < LastPte)
|
|
|
|
|
{
|
|
|
|
|
ULONG len;
|
|
|
|
|
ASSERT(PointerPte->u.Hard.Valid == 1);
|
|
|
|
|
Pfn1 = MiGetPfnEntry(PFN_FROM_PTE(PointerPte));
|
|
|
|
|
len = wcslen(LdrEntry->BaseDllName.Buffer) * sizeof(WCHAR);
|
|
|
|
|
snprintf(Pfn1->ProcessName, min(16, len), "%S", LdrEntry->BaseDllName.Buffer);
|
|
|
|
|
PointerPte++;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2009-10-12 03:35:35 +00:00
|
|
|
/* Skip kernel and HAL */
|
|
|
|
|
/* ROS HACK: Skip BOOTVID/KDCOM too */
|
|
|
|
|
i++;
|
|
|
|
|
if (i <= 4) continue;
|
|
|
|
|
|
|
|
|
|
/* Skip non-drivers */
|
|
|
|
|
if (!NtHeader) continue;
|
|
|
|
|
|
|
|
|
|
/* Get the file header and make sure we can relocate */
|
|
|
|
|
FileHeader = &NtHeader->FileHeader;
|
|
|
|
|
if (FileHeader->Characteristics & IMAGE_FILE_RELOCS_STRIPPED) continue;
|
|
|
|
|
if (NtHeader->OptionalHeader.NumberOfRvaAndSizes <
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_BASERELOC) continue;
|
|
|
|
|
|
|
|
|
|
/* Everything made sense until now, check the relocation section too */
|
|
|
|
|
DataDirectory = &NtHeader->OptionalHeader.
|
|
|
|
|
DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC];
|
|
|
|
|
if (!DataDirectory->VirtualAddress)
|
|
|
|
|
{
|
|
|
|
|
/* We don't really have relocations */
|
|
|
|
|
ValidRelocs = FALSE;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Make sure the size is valid */
|
|
|
|
|
if ((DataDirectory->VirtualAddress + DataDirectory->Size) >
|
|
|
|
|
LdrEntry->SizeOfImage)
|
|
|
|
|
{
|
|
|
|
|
/* They're not, skip */
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We have relocations */
|
|
|
|
|
ValidRelocs = TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Remember the original address */
|
|
|
|
|
DllBase = LdrEntry->DllBase;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* Loop the PTEs */
|
2010-11-02 15:16:22 +00:00
|
|
|
PointerPte = StartPte;
|
2010-02-21 02:13:20 +00:00
|
|
|
while (PointerPte < LastPte)
|
|
|
|
|
{
|
|
|
|
|
/* Mark the page modified in the PFN database */
|
|
|
|
|
ASSERT(PointerPte->u.Hard.Valid == 1);
|
|
|
|
|
Pfn1 = MiGetPfnEntry(PFN_FROM_PTE(PointerPte));
|
|
|
|
|
ASSERT(Pfn1->u3.e1.Rom == 0);
|
|
|
|
|
Pfn1->u3.e1.Modified = TRUE;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* Next */
|
|
|
|
|
PointerPte++;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* Now reserve system PTEs for the image */
|
|
|
|
|
PointerPte = MiReserveSystemPtes(PteCount, SystemPteSpace);
|
|
|
|
|
if (!PointerPte)
|
2009-10-12 03:35:35 +00:00
|
|
|
{
|
|
|
|
|
/* Shouldn't happen */
|
2013-01-06 18:47:39 +00:00
|
|
|
ERROR_FATAL("[Mm0]: Couldn't allocate driver section!\n");
|
2013-01-04 12:54:39 +00:00
|
|
|
return;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* This is the new virtual address for the module */
|
|
|
|
|
LastPte = PointerPte + PteCount;
|
|
|
|
|
NewImageAddress = MiPteToAddress(PointerPte);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Sanity check */
|
|
|
|
|
DPRINT("[Mm0]: Copying from: %p to: %p\n", DllBase, NewImageAddress);
|
|
|
|
|
ASSERT(ExpInitializationPhase == 0);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* Loop the new driver PTEs */
|
|
|
|
|
TempPte = ValidKernelPte;
|
|
|
|
|
while (PointerPte < LastPte)
|
|
|
|
|
{
|
|
|
|
|
/* Copy the old data */
|
|
|
|
|
OldPte = *StartPte;
|
|
|
|
|
ASSERT(OldPte.u.Hard.Valid == 1);
|
2010-06-06 18:45:46 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* Set page number from the loader's memory */
|
|
|
|
|
TempPte.u.Hard.PageFrameNumber = OldPte.u.Hard.PageFrameNumber;
|
2010-06-06 18:45:46 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* Write it */
|
2010-06-06 18:45:46 +00:00
|
|
|
MI_WRITE_VALID_PTE(PointerPte, TempPte);
|
|
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* Move on */
|
|
|
|
|
PointerPte++;
|
|
|
|
|
StartPte++;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* Update position */
|
|
|
|
|
PointerPte -= PteCount;
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Sanity check */
|
|
|
|
|
ASSERT(*(PULONG)NewImageAddress == *(PULONG)DllBase);
|
|
|
|
|
|
|
|
|
|
/* Set the image base to the address where the loader put it */
|
|
|
|
|
NtHeader->OptionalHeader.ImageBase = (ULONG_PTR)DllBase;
|
|
|
|
|
|
|
|
|
|
/* Check if we had relocations */
|
|
|
|
|
if (ValidRelocs)
|
|
|
|
|
{
|
|
|
|
|
/* Relocate the image */
|
|
|
|
|
Status = LdrRelocateImageWithBias(NewImageAddress,
|
|
|
|
|
0,
|
|
|
|
|
"SYSLDR",
|
|
|
|
|
STATUS_SUCCESS,
|
|
|
|
|
STATUS_CONFLICTING_ADDRESSES,
|
|
|
|
|
STATUS_INVALID_IMAGE_FORMAT);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
/* This shouldn't happen */
|
2013-01-06 18:47:39 +00:00
|
|
|
ERROR_FATAL("Relocations failed!\n");
|
2013-01-04 12:54:39 +00:00
|
|
|
return;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Update the loader entry */
|
|
|
|
|
LdrEntry->DllBase = NewImageAddress;
|
|
|
|
|
|
|
|
|
|
/* Update the thunks */
|
|
|
|
|
DPRINT("[Mm0]: Updating thunks to: %wZ\n", &LdrEntry->BaseDllName);
|
|
|
|
|
MiUpdateThunks(LoaderBlock,
|
|
|
|
|
DllBase,
|
|
|
|
|
NewImageAddress,
|
|
|
|
|
LdrEntry->SizeOfImage);
|
|
|
|
|
|
|
|
|
|
/* Update the loader entry */
|
2009-11-08 01:13:49 +00:00
|
|
|
LdrEntry->Flags |= LDRP_SYSTEM_MAPPED;
|
2009-10-12 03:35:35 +00:00
|
|
|
LdrEntry->EntryPoint = (PVOID)((ULONG_PTR)NewImageAddress +
|
|
|
|
|
NtHeader->OptionalHeader.AddressOfEntryPoint);
|
2010-02-21 02:13:20 +00:00
|
|
|
LdrEntry->SizeOfImage = PteCount << PAGE_SHIFT;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-02-21 02:13:20 +00:00
|
|
|
/* FIXME: We'll need to fixup the PFN linkage when switching to ARM3 */
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 19:44:01 +00:00
|
|
|
CODE_SEG("INIT")
|
2010-04-22 08:13:56 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
MiBuildImportsForBootDrivers(VOID)
|
|
|
|
|
{
|
|
|
|
|
PLIST_ENTRY NextEntry, NextEntry2;
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry, KernelEntry, HalEntry, LdrEntry2, LastEntry;
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY* EntryArray;
|
|
|
|
|
UNICODE_STRING KernelName = RTL_CONSTANT_STRING(L"ntoskrnl.exe");
|
|
|
|
|
UNICODE_STRING HalName = RTL_CONSTANT_STRING(L"hal.dll");
|
|
|
|
|
PLOAD_IMPORTS LoadedImports;
|
|
|
|
|
ULONG LoadedImportsSize, ImportSize;
|
|
|
|
|
PULONG_PTR ImageThunk;
|
|
|
|
|
ULONG_PTR DllBase, DllEnd;
|
|
|
|
|
ULONG Modules = 0, i, j = 0;
|
|
|
|
|
PIMAGE_IMPORT_DESCRIPTOR ImportDescriptor;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Initialize variables */
|
|
|
|
|
KernelEntry = HalEntry = LastEntry = NULL;
|
|
|
|
|
|
|
|
|
|
/* Loop the loaded module list... we are early enough that no lock is needed */
|
|
|
|
|
NextEntry = PsLoadedModuleList.Flink;
|
|
|
|
|
while (NextEntry != &PsLoadedModuleList)
|
|
|
|
|
{
|
|
|
|
|
/* Get the entry */
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
|
|
|
|
|
|
|
|
|
/* Check if it's the kernel or HAL */
|
|
|
|
|
if (RtlEqualUnicodeString(&KernelName, &LdrEntry->BaseDllName, TRUE))
|
|
|
|
|
{
|
|
|
|
|
/* Found it */
|
|
|
|
|
KernelEntry = LdrEntry;
|
|
|
|
|
}
|
|
|
|
|
else if (RtlEqualUnicodeString(&HalName, &LdrEntry->BaseDllName, TRUE))
|
|
|
|
|
{
|
|
|
|
|
/* Found it */
|
|
|
|
|
HalEntry = LdrEntry;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Check if this is a driver DLL */
|
|
|
|
|
if (LdrEntry->Flags & LDRP_DRIVER_DEPENDENT_DLL)
|
|
|
|
|
{
|
|
|
|
|
/* Check if this is the HAL or kernel */
|
|
|
|
|
if ((LdrEntry == HalEntry) || (LdrEntry == KernelEntry))
|
|
|
|
|
{
|
|
|
|
|
/* Add a reference */
|
|
|
|
|
LdrEntry->LoadCount = 1;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* No referencing needed */
|
|
|
|
|
LdrEntry->LoadCount = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2014-02-08 16:28:14 +00:00
|
|
|
/* Add a reference for all other modules as well */
|
|
|
|
|
LdrEntry->LoadCount = 1;
|
2010-04-22 08:13:56 +00:00
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Remember this came from the loader */
|
|
|
|
|
LdrEntry->LoadedImports = MM_SYSLDR_BOOT_LOADED;
|
|
|
|
|
|
|
|
|
|
/* Keep looping */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
Modules++;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* We must have at least found the kernel and HAL */
|
|
|
|
|
if (!(HalEntry) || (!KernelEntry)) return STATUS_NOT_FOUND;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Allocate the list */
|
2011-06-01 13:39:36 +00:00
|
|
|
EntryArray = ExAllocatePoolWithTag(PagedPool, Modules * sizeof(PVOID), TAG_LDR_IMPORTS);
|
2010-04-22 08:13:56 +00:00
|
|
|
if (!EntryArray) return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
|
|
|
|
|
/* Loop the loaded module list again */
|
|
|
|
|
NextEntry = PsLoadedModuleList.Flink;
|
|
|
|
|
while (NextEntry != &PsLoadedModuleList)
|
|
|
|
|
{
|
|
|
|
|
/* Get the entry */
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
|
|
|
|
#ifdef _WORKING_LOADER_
|
|
|
|
|
/* Get its imports */
|
|
|
|
|
ImageThunk = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
|
|
|
|
|
TRUE,
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_IAT,
|
|
|
|
|
&ImportSize);
|
2010-12-26 15:23:03 +00:00
|
|
|
if (!ImageThunk)
|
2010-04-22 08:13:56 +00:00
|
|
|
#else
|
|
|
|
|
/* Get its imports */
|
|
|
|
|
ImportDescriptor = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
|
|
|
|
|
TRUE,
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_IMPORT,
|
|
|
|
|
&ImportSize);
|
|
|
|
|
if (!ImportDescriptor)
|
|
|
|
|
#endif
|
|
|
|
|
{
|
|
|
|
|
/* None present */
|
|
|
|
|
LdrEntry->LoadedImports = MM_SYSLDR_NO_IMPORTS;
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Clear the list and count the number of IAT thunks */
|
|
|
|
|
RtlZeroMemory(EntryArray, Modules * sizeof(PVOID));
|
|
|
|
|
#ifdef _WORKING_LOADER_
|
|
|
|
|
ImportSize /= sizeof(ULONG_PTR);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Scan the thunks */
|
|
|
|
|
for (i = 0, DllBase = 0, DllEnd = 0; i < ImportSize; i++, ImageThunk++)
|
|
|
|
|
#else
|
[HAL/NDK]
- Make Vector parameter in HalEnableSystemInterrupt, HalDisableSystemInterrupt and HalBeginSystemInterrupt an ULONG, not an UCHAR
[NDK]
- 64bit fixes for HANDLE_TABLE, KPROCESS, SECTION_IMAGE_INFORMATION, MMADDRESS_LIST, MMVAD_FLAGS, MMVAD, MMVAD_LONG, MMVAD_SHORT, MEMORY_DESCRIPTOR, MEMORY_ALLOCATION_DESCRIPTOR, LdrVerifyMappedImageMatchesChecksum
- KDPC_DATA::DpcQueueDepth is signed on amd64, unsigned on x86
[NTOSKRNL]
- Fix hundreds of MSVC and amd64 warnings
- add a pragma message to FstubFixupEfiPartition, since it looks broken
- Move portable Ke constants from <arch>/cpu.c to krnlinit.c
- Fixed a bug in amd64 KiGeneralProtectionFaultHandler
svn path=/trunk/; revision=53734
2011-09-18 13:11:45 +00:00
|
|
|
DllBase = DllEnd = i = 0;
|
2010-04-22 08:13:56 +00:00
|
|
|
while ((ImportDescriptor->Name) &&
|
|
|
|
|
(ImportDescriptor->OriginalFirstThunk))
|
|
|
|
|
{
|
|
|
|
|
/* Get the image thunk */
|
|
|
|
|
ImageThunk = (PVOID)((ULONG_PTR)LdrEntry->DllBase +
|
|
|
|
|
ImportDescriptor->FirstThunk);
|
|
|
|
|
while (*ImageThunk)
|
|
|
|
|
#endif
|
|
|
|
|
{
|
|
|
|
|
/* Do we already have an address? */
|
|
|
|
|
if (DllBase)
|
|
|
|
|
{
|
|
|
|
|
/* Is the thunk in the same address? */
|
|
|
|
|
if ((*ImageThunk >= DllBase) && (*ImageThunk < DllEnd))
|
|
|
|
|
{
|
|
|
|
|
/* Skip it, we already have a reference for it */
|
|
|
|
|
ASSERT(EntryArray[j]);
|
|
|
|
|
ImageThunk++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Loop the loaded module list to locate this address owner */
|
|
|
|
|
j = 0;
|
|
|
|
|
NextEntry2 = PsLoadedModuleList.Flink;
|
|
|
|
|
while (NextEntry2 != &PsLoadedModuleList)
|
|
|
|
|
{
|
|
|
|
|
/* Get the entry */
|
|
|
|
|
LdrEntry2 = CONTAINING_RECORD(NextEntry2,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Get the address range for this module */
|
|
|
|
|
DllBase = (ULONG_PTR)LdrEntry2->DllBase;
|
|
|
|
|
DllEnd = DllBase + LdrEntry2->SizeOfImage;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Check if this IAT entry matches it */
|
|
|
|
|
if ((*ImageThunk >= DllBase) && (*ImageThunk < DllEnd))
|
|
|
|
|
{
|
|
|
|
|
/* Save it */
|
|
|
|
|
//DPRINT1("Found imported dll: %wZ\n", &LdrEntry2->BaseDllName);
|
|
|
|
|
EntryArray[j] = LdrEntry2;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Keep searching */
|
|
|
|
|
NextEntry2 = NextEntry2->Flink;
|
|
|
|
|
j++;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Do we have a thunk outside the range? */
|
|
|
|
|
if ((*ImageThunk < DllBase) || (*ImageThunk >= DllEnd))
|
|
|
|
|
{
|
|
|
|
|
/* Could be 0... */
|
|
|
|
|
if (*ImageThunk)
|
|
|
|
|
{
|
|
|
|
|
/* Should not be happening */
|
2013-01-06 18:47:39 +00:00
|
|
|
ERROR_FATAL("Broken IAT entry for %p at %p (%lx)\n",
|
|
|
|
|
LdrEntry, ImageThunk, *ImageThunk);
|
2010-04-22 08:13:56 +00:00
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Reset if we hit this */
|
|
|
|
|
DllBase = 0;
|
|
|
|
|
}
|
|
|
|
|
#ifndef _WORKING_LOADER_
|
|
|
|
|
ImageThunk++;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
i++;
|
|
|
|
|
ImportDescriptor++;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Now scan how many imports we really have */
|
|
|
|
|
for (i = 0, ImportSize = 0; i < Modules; i++)
|
|
|
|
|
{
|
|
|
|
|
/* Skip HAL and kernel */
|
|
|
|
|
if ((EntryArray[i]) &&
|
|
|
|
|
(EntryArray[i] != HalEntry) &&
|
|
|
|
|
(EntryArray[i] != KernelEntry))
|
|
|
|
|
{
|
|
|
|
|
/* A valid reference */
|
|
|
|
|
LastEntry = EntryArray[i];
|
|
|
|
|
ImportSize++;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Do we have any imports after all? */
|
|
|
|
|
if (!ImportSize)
|
|
|
|
|
{
|
|
|
|
|
/* No */
|
|
|
|
|
LdrEntry->LoadedImports = MM_SYSLDR_NO_IMPORTS;
|
|
|
|
|
}
|
|
|
|
|
else if (ImportSize == 1)
|
|
|
|
|
{
|
|
|
|
|
/* A single entry import */
|
|
|
|
|
LdrEntry->LoadedImports = (PVOID)((ULONG_PTR)LastEntry | MM_SYSLDR_SINGLE_ENTRY);
|
|
|
|
|
LastEntry->LoadCount++;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* We need an import table */
|
|
|
|
|
LoadedImportsSize = ImportSize * sizeof(PVOID) + sizeof(SIZE_T);
|
|
|
|
|
LoadedImports = ExAllocatePoolWithTag(PagedPool,
|
|
|
|
|
LoadedImportsSize,
|
2011-06-01 13:39:36 +00:00
|
|
|
TAG_LDR_IMPORTS);
|
2010-04-22 08:13:56 +00:00
|
|
|
ASSERT(LoadedImports);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Save the count */
|
|
|
|
|
LoadedImports->Count = ImportSize;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Now copy all imports */
|
|
|
|
|
for (i = 0, j = 0; i < Modules; i++)
|
|
|
|
|
{
|
|
|
|
|
/* Skip HAL and kernel */
|
|
|
|
|
if ((EntryArray[i]) &&
|
|
|
|
|
(EntryArray[i] != HalEntry) &&
|
|
|
|
|
(EntryArray[i] != KernelEntry))
|
|
|
|
|
{
|
|
|
|
|
/* A valid reference */
|
|
|
|
|
//DPRINT1("Found valid entry: %p\n", EntryArray[i]);
|
|
|
|
|
LoadedImports->Entry[j] = EntryArray[i];
|
|
|
|
|
EntryArray[i]->LoadCount++;
|
|
|
|
|
j++;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Should had as many entries as we expected */
|
|
|
|
|
ASSERT(j == ImportSize);
|
|
|
|
|
LdrEntry->LoadedImports = LoadedImports;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Next */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Free the initial array */
|
2011-06-01 13:39:36 +00:00
|
|
|
ExFreePoolWithTag(EntryArray, TAG_LDR_IMPORTS);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* FIXME: Might not need to keep the HAL/Kernel imports around */
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Kernel and HAL are loaded at boot */
|
|
|
|
|
KernelEntry->LoadedImports = MM_SYSLDR_BOOT_LOADED;
|
|
|
|
|
HalEntry->LoadedImports = MM_SYSLDR_BOOT_LOADED;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* All worked well */
|
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 19:44:01 +00:00
|
|
|
CODE_SEG("INIT")
|
2010-04-22 08:13:56 +00:00
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiLocateKernelSections(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
|
|
|
|
|
{
|
|
|
|
|
ULONG_PTR DllBase;
|
|
|
|
|
PIMAGE_NT_HEADERS NtHeaders;
|
|
|
|
|
PIMAGE_SECTION_HEADER SectionHeader;
|
|
|
|
|
ULONG Sections, Size;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Get the kernel section header */
|
|
|
|
|
DllBase = (ULONG_PTR)LdrEntry->DllBase;
|
|
|
|
|
NtHeaders = RtlImageNtHeader((PVOID)DllBase);
|
|
|
|
|
SectionHeader = IMAGE_FIRST_SECTION(NtHeaders);
|
|
|
|
|
|
|
|
|
|
/* Loop all the sections */
|
2019-06-25 22:46:52 +00:00
|
|
|
for (Sections = NtHeaders->FileHeader.NumberOfSections;
|
|
|
|
|
Sections > 0; --Sections, ++SectionHeader)
|
2010-04-22 08:13:56 +00:00
|
|
|
{
|
|
|
|
|
/* Grab the size of the section */
|
|
|
|
|
Size = max(SectionHeader->SizeOfRawData, SectionHeader->Misc.VirtualSize);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Check for .RSRC section */
|
|
|
|
|
if (*(PULONG)SectionHeader->Name == 'rsr.')
|
|
|
|
|
{
|
|
|
|
|
/* Remember the PTEs so we can modify them later */
|
|
|
|
|
MiKernelResourceStartPte = MiAddressToPte(DllBase +
|
|
|
|
|
SectionHeader->VirtualAddress);
|
2019-06-25 22:46:52 +00:00
|
|
|
MiKernelResourceEndPte = MiAddressToPte(ROUND_TO_PAGES(DllBase +
|
|
|
|
|
SectionHeader->VirtualAddress + Size));
|
2010-04-22 08:13:56 +00:00
|
|
|
}
|
|
|
|
|
else if (*(PULONG)SectionHeader->Name == 'LOOP')
|
|
|
|
|
{
|
|
|
|
|
/* POOLCODE vs. POOLMI */
|
|
|
|
|
if (*(PULONG)&SectionHeader->Name[4] == 'EDOC')
|
|
|
|
|
{
|
|
|
|
|
/* Found Ex* Pool code */
|
|
|
|
|
ExPoolCodeStart = DllBase + SectionHeader->VirtualAddress;
|
|
|
|
|
ExPoolCodeEnd = ExPoolCodeStart + Size;
|
|
|
|
|
}
|
|
|
|
|
else if (*(PUSHORT)&SectionHeader->Name[4] == 'MI')
|
|
|
|
|
{
|
|
|
|
|
/* Found Mm* Pool code */
|
|
|
|
|
MmPoolCodeStart = DllBase + SectionHeader->VirtualAddress;
|
2019-06-25 22:46:52 +00:00
|
|
|
MmPoolCodeEnd = MmPoolCodeStart + Size;
|
2010-04-22 08:13:56 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if ((*(PULONG)SectionHeader->Name == 'YSIM') &&
|
|
|
|
|
(*(PULONG)&SectionHeader->Name[4] == 'ETPS'))
|
|
|
|
|
{
|
2019-06-25 22:46:52 +00:00
|
|
|
/* Found MISYSPTE (Mm System PTE code) */
|
2010-04-22 08:13:56 +00:00
|
|
|
MmPteCodeStart = DllBase + SectionHeader->VirtualAddress;
|
2019-06-25 22:46:52 +00:00
|
|
|
MmPteCodeEnd = MmPteCodeStart + Size;
|
2010-04-22 08:13:56 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 19:44:01 +00:00
|
|
|
CODE_SEG("INIT")
|
2009-10-12 03:35:35 +00:00
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
MiInitializeLoadedModuleList(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
|
|
|
|
|
{
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry, NewEntry;
|
|
|
|
|
PLIST_ENTRY ListHead, NextEntry;
|
|
|
|
|
ULONG EntrySize;
|
|
|
|
|
|
2009-11-12 19:41:39 +00:00
|
|
|
/* Setup the loaded module list and locks */
|
|
|
|
|
ExInitializeResourceLite(&PsLoadedModuleResource);
|
2009-10-12 03:35:35 +00:00
|
|
|
KeInitializeSpinLock(&PsLoadedModuleSpinLock);
|
|
|
|
|
InitializeListHead(&PsLoadedModuleList);
|
|
|
|
|
|
|
|
|
|
/* Get loop variables and the kernel entry */
|
|
|
|
|
ListHead = &LoaderBlock->LoadOrderListHead;
|
|
|
|
|
NextEntry = ListHead->Flink;
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
|
|
|
|
PsNtosImageBase = (ULONG_PTR)LdrEntry->DllBase;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:13:56 +00:00
|
|
|
/* Locate resource section, pool code, and system pte code */
|
|
|
|
|
MiLocateKernelSections(LdrEntry);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Loop the loader block */
|
|
|
|
|
while (NextEntry != ListHead)
|
|
|
|
|
{
|
|
|
|
|
/* Get the loader entry */
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
|
|
|
|
|
|
|
|
|
/* FIXME: ROS HACK. Make sure this is a driver */
|
|
|
|
|
if (!RtlImageNtHeader(LdrEntry->DllBase))
|
|
|
|
|
{
|
|
|
|
|
/* Skip this entry */
|
2010-04-22 08:13:56 +00:00
|
|
|
NextEntry = NextEntry->Flink;
|
2009-10-12 03:35:35 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Calculate the size we'll need and allocate a copy */
|
|
|
|
|
EntrySize = sizeof(LDR_DATA_TABLE_ENTRY) +
|
|
|
|
|
LdrEntry->BaseDllName.MaximumLength +
|
|
|
|
|
sizeof(UNICODE_NULL);
|
2011-06-01 13:39:36 +00:00
|
|
|
NewEntry = ExAllocatePoolWithTag(NonPagedPool, EntrySize, TAG_MODULE_OBJECT);
|
2009-10-12 03:35:35 +00:00
|
|
|
if (!NewEntry) return FALSE;
|
|
|
|
|
|
|
|
|
|
/* Copy the entry over */
|
|
|
|
|
*NewEntry = *LdrEntry;
|
|
|
|
|
|
|
|
|
|
/* Allocate the name */
|
|
|
|
|
NewEntry->FullDllName.Buffer =
|
|
|
|
|
ExAllocatePoolWithTag(PagedPool,
|
|
|
|
|
LdrEntry->FullDllName.MaximumLength +
|
2012-09-28 12:17:23 +00:00
|
|
|
sizeof(UNICODE_NULL),
|
2009-10-12 03:35:35 +00:00
|
|
|
TAG_LDR_WSTR);
|
2012-09-28 12:17:23 +00:00
|
|
|
if (!NewEntry->FullDllName.Buffer)
|
|
|
|
|
{
|
|
|
|
|
ExFreePoolWithTag(NewEntry, TAG_MODULE_OBJECT);
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Set the base name */
|
|
|
|
|
NewEntry->BaseDllName.Buffer = (PVOID)(NewEntry + 1);
|
|
|
|
|
|
|
|
|
|
/* Copy the full and base name */
|
|
|
|
|
RtlCopyMemory(NewEntry->FullDllName.Buffer,
|
|
|
|
|
LdrEntry->FullDllName.Buffer,
|
|
|
|
|
LdrEntry->FullDllName.MaximumLength);
|
|
|
|
|
RtlCopyMemory(NewEntry->BaseDllName.Buffer,
|
|
|
|
|
LdrEntry->BaseDllName.Buffer,
|
|
|
|
|
LdrEntry->BaseDllName.MaximumLength);
|
|
|
|
|
|
|
|
|
|
/* Null-terminate the base name */
|
|
|
|
|
NewEntry->BaseDllName.Buffer[NewEntry->BaseDllName.Length /
|
|
|
|
|
sizeof(WCHAR)] = UNICODE_NULL;
|
|
|
|
|
|
|
|
|
|
/* Insert the entry into the list */
|
|
|
|
|
InsertTailList(&PsLoadedModuleList, &NewEntry->InLoadOrderLinks);
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Build the import lists for the boot drivers */
|
2010-04-22 08:13:56 +00:00
|
|
|
MiBuildImportsForBootDrivers();
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* We're done */
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-13 22:04:19 +00:00
|
|
|
BOOLEAN
|
2019-06-25 18:45:23 +00:00
|
|
|
NTAPI
|
2019-07-13 22:04:19 +00:00
|
|
|
MmChangeKernelResourceSectionProtection(IN ULONG_PTR ProtectionMask)
|
2019-06-25 18:45:23 +00:00
|
|
|
{
|
|
|
|
|
PMMPTE PointerPte;
|
|
|
|
|
MMPTE TempPte;
|
|
|
|
|
|
|
|
|
|
/* Don't do anything if the resource section is already writable */
|
|
|
|
|
if (MiKernelResourceStartPte == NULL || MiKernelResourceEndPte == NULL)
|
2019-07-13 22:04:19 +00:00
|
|
|
return FALSE;
|
2019-06-25 18:45:23 +00:00
|
|
|
|
|
|
|
|
/* If the resource section is physical, we cannot change its protection */
|
|
|
|
|
if (MI_IS_PHYSICAL_ADDRESS(MiPteToAddress(MiKernelResourceStartPte)))
|
2019-07-13 22:04:19 +00:00
|
|
|
return FALSE;
|
2019-06-25 18:45:23 +00:00
|
|
|
|
|
|
|
|
/* Loop the PTEs */
|
2019-06-25 22:46:52 +00:00
|
|
|
for (PointerPte = MiKernelResourceStartPte; PointerPte < MiKernelResourceEndPte; ++PointerPte)
|
2019-06-25 18:45:23 +00:00
|
|
|
{
|
|
|
|
|
/* Read the PTE */
|
|
|
|
|
TempPte = *PointerPte;
|
|
|
|
|
|
|
|
|
|
/* Update the protection */
|
2019-07-13 22:04:19 +00:00
|
|
|
MI_MAKE_HARDWARE_PTE_KERNEL(&TempPte, PointerPte, ProtectionMask, TempPte.u.Hard.PageFrameNumber);
|
2019-06-25 18:45:23 +00:00
|
|
|
MI_UPDATE_VALID_PTE(PointerPte, TempPte);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Only flush the current processor's TLB */
|
|
|
|
|
KeFlushCurrentTb();
|
2019-07-13 22:04:19 +00:00
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MmMakeKernelResourceSectionWritable(VOID)
|
|
|
|
|
{
|
|
|
|
|
/* Don't do anything if the resource section is already writable */
|
|
|
|
|
if (MiKernelResourceStartPte == NULL || MiKernelResourceEndPte == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* If the resource section is physical, we cannot change its protection */
|
|
|
|
|
if (MI_IS_PHYSICAL_ADDRESS(MiPteToAddress(MiKernelResourceStartPte)))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (MmChangeKernelResourceSectionProtection(MM_READWRITE))
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Invalidate the cached resource section PTEs
|
|
|
|
|
* so as to not change its protection again later.
|
|
|
|
|
*/
|
|
|
|
|
MiKernelResourceStartPte = NULL;
|
|
|
|
|
MiKernelResourceEndPte = NULL;
|
|
|
|
|
}
|
2019-06-25 18:45:23 +00:00
|
|
|
}
|
|
|
|
|
|
2010-04-22 08:04:57 +00:00
|
|
|
LOGICAL
|
|
|
|
|
NTAPI
|
|
|
|
|
MiUseLargeDriverPage(IN ULONG NumberOfPtes,
|
|
|
|
|
IN OUT PVOID *ImageBaseAddress,
|
|
|
|
|
IN PUNICODE_STRING BaseImageName,
|
|
|
|
|
IN BOOLEAN BootDriver)
|
|
|
|
|
{
|
|
|
|
|
PLIST_ENTRY NextEntry;
|
|
|
|
|
BOOLEAN DriverFound = FALSE;
|
|
|
|
|
PMI_LARGE_PAGE_DRIVER_ENTRY LargePageDriverEntry;
|
|
|
|
|
ASSERT(KeGetCurrentIrql () <= APC_LEVEL);
|
|
|
|
|
ASSERT(*ImageBaseAddress >= MmSystemRangeStart);
|
|
|
|
|
|
|
|
|
|
#ifdef _X86_
|
|
|
|
|
if (!(KeFeatureBits & KF_LARGE_PAGE)) return FALSE;
|
|
|
|
|
if (!(__readcr4() & CR4_PSE)) return FALSE;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* Make sure there's enough system PTEs for a large page driver */
|
|
|
|
|
if (MmTotalFreeSystemPtes[SystemPteSpace] < (16 * (PDE_MAPPED_VA >> PAGE_SHIFT)))
|
|
|
|
|
{
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* This happens if the registry key had a "*" (wildcard) in it */
|
|
|
|
|
if (MiLargePageAllDrivers == 0)
|
|
|
|
|
{
|
|
|
|
|
/* It didn't, so scan the list */
|
|
|
|
|
NextEntry = MiLargePageDriverList.Flink;
|
|
|
|
|
while (NextEntry != &MiLargePageDriverList)
|
|
|
|
|
{
|
|
|
|
|
/* Check if the driver name matches */
|
|
|
|
|
LargePageDriverEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
MI_LARGE_PAGE_DRIVER_ENTRY,
|
|
|
|
|
Links);
|
|
|
|
|
if (RtlEqualUnicodeString(BaseImageName,
|
|
|
|
|
&LargePageDriverEntry->BaseName,
|
|
|
|
|
TRUE))
|
|
|
|
|
{
|
|
|
|
|
/* Enable large pages for this driver */
|
|
|
|
|
DriverFound = TRUE;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Keep trying */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:04:57 +00:00
|
|
|
/* If we didn't find the driver, it doesn't need large pages */
|
|
|
|
|
if (DriverFound == FALSE) return FALSE;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:04:57 +00:00
|
|
|
/* Nothing to do yet */
|
|
|
|
|
DPRINT1("Large pages not supported!\n");
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
VOID
|
2010-04-21 14:06:01 +00:00
|
|
|
NTAPI
|
2019-01-18 21:11:43 +00:00
|
|
|
MiSetSystemCodeProtection(
|
|
|
|
|
_In_ PMMPTE FirstPte,
|
|
|
|
|
_In_ PMMPTE LastPte,
|
|
|
|
|
_In_ ULONG Protection)
|
2010-04-21 14:06:01 +00:00
|
|
|
{
|
2019-01-18 21:11:43 +00:00
|
|
|
PMMPTE PointerPte;
|
|
|
|
|
MMPTE TempPte;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Loop the PTEs */
|
|
|
|
|
for (PointerPte = FirstPte; PointerPte <= LastPte; PointerPte++)
|
2010-04-21 14:06:01 +00:00
|
|
|
{
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Read the PTE */
|
|
|
|
|
TempPte = *PointerPte;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Make sure it's valid */
|
2020-10-08 06:39:21 +00:00
|
|
|
if (TempPte.u.Hard.Valid != 1)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("CORE-16449: FirstPte=%p, LastPte=%p, Protection=%lx\n", FirstPte, LastPte, Protection);
|
|
|
|
|
DPRINT1("CORE-16449: PointerPte=%p, TempPte=%lx\n", PointerPte, TempPte.u.Long);
|
|
|
|
|
DPRINT1("CORE-16449: Please issue the 'mod' and 'bt' (KDBG) or 'lm' and 'kp' (WinDbg) commands. Then report this in Jira.\n");
|
|
|
|
|
ASSERT(TempPte.u.Hard.Valid == 1);
|
|
|
|
|
break;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Update the protection */
|
|
|
|
|
TempPte.u.Hard.Write = BooleanFlagOn(Protection, IMAGE_SCN_MEM_WRITE);
|
|
|
|
|
#if _MI_HAS_NO_EXECUTE
|
|
|
|
|
TempPte.u.Hard.NoExecute = !BooleanFlagOn(Protection, IMAGE_SCN_MEM_EXECUTE);
|
|
|
|
|
#endif
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
MI_UPDATE_VALID_PTE(PointerPte, TempPte);
|
2010-04-21 14:06:01 +00:00
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Flush it all */
|
|
|
|
|
KeFlushEntireTb(TRUE, TRUE);
|
2010-04-21 14:06:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
2019-01-18 21:11:43 +00:00
|
|
|
MiWriteProtectSystemImage(
|
|
|
|
|
_In_ PVOID ImageBase)
|
2010-04-21 14:06:01 +00:00
|
|
|
{
|
|
|
|
|
PIMAGE_NT_HEADERS NtHeaders;
|
2019-01-18 21:11:43 +00:00
|
|
|
PIMAGE_SECTION_HEADER SectionHeaders, Section;
|
|
|
|
|
ULONG i;
|
|
|
|
|
PVOID SectionBase, SectionEnd;
|
|
|
|
|
ULONG SectionSize;
|
|
|
|
|
ULONG Protection;
|
|
|
|
|
PMMPTE FirstPte, LastPte;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Check if the registry setting is on or not */
|
2019-02-24 12:24:26 +00:00
|
|
|
if (MmEnforceWriteProtection == FALSE)
|
2010-04-21 14:06:01 +00:00
|
|
|
{
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Ignore section protection */
|
|
|
|
|
return;
|
2010-04-21 14:06:01 +00:00
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Large page mapped images are not supported */
|
|
|
|
|
NT_ASSERT(!MI_IS_PHYSICAL_ADDRESS(ImageBase));
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Session images are not yet supported */
|
|
|
|
|
NT_ASSERT(!MI_IS_SESSION_ADDRESS(ImageBase));
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Get the NT headers */
|
|
|
|
|
NtHeaders = RtlImageNtHeader(ImageBase);
|
|
|
|
|
if (NtHeaders == NULL)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("Failed to get NT headers for image @ %p\n", ImageBase);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2010-04-21 14:06:01 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Don't touch NT4 drivers */
|
|
|
|
|
if ((NtHeaders->OptionalHeader.MajorOperatingSystemVersion < 5) ||
|
|
|
|
|
(NtHeaders->OptionalHeader.MajorSubsystemVersion < 5))
|
2010-04-21 14:06:01 +00:00
|
|
|
{
|
2019-01-18 21:11:43 +00:00
|
|
|
DPRINT1("Skipping NT 4 driver @ %p\n", ImageBase);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Get the section headers */
|
|
|
|
|
SectionHeaders = IMAGE_FIRST_SECTION(NtHeaders);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Get the base address of the first section */
|
|
|
|
|
SectionBase = Add2Ptr(ImageBase, SectionHeaders[0].VirtualAddress);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Start protecting the image header as R/O */
|
|
|
|
|
FirstPte = MiAddressToPte(ImageBase);
|
|
|
|
|
LastPte = MiAddressToPte(SectionBase) - 1;
|
|
|
|
|
Protection = IMAGE_SCN_MEM_READ;
|
|
|
|
|
if (LastPte >= FirstPte)
|
|
|
|
|
{
|
|
|
|
|
MiSetSystemCodeProtection(FirstPte, LastPte, IMAGE_SCN_MEM_READ);
|
2010-04-21 14:06:01 +00:00
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Loop the sections */
|
|
|
|
|
for (i = 0; i < NtHeaders->FileHeader.NumberOfSections; i++)
|
2010-04-21 14:06:01 +00:00
|
|
|
{
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Get the section base address and size */
|
|
|
|
|
Section = &SectionHeaders[i];
|
|
|
|
|
SectionBase = Add2Ptr(ImageBase, Section->VirtualAddress);
|
|
|
|
|
SectionSize = max(Section->SizeOfRawData, Section->Misc.VirtualSize);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Get the first PTE of this section */
|
|
|
|
|
FirstPte = MiAddressToPte(SectionBase);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Check for overlap with the previous range */
|
|
|
|
|
if (FirstPte == LastPte)
|
2010-04-21 14:06:01 +00:00
|
|
|
{
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Combine the old and new protection by ORing them */
|
|
|
|
|
Protection |= (Section->Characteristics & IMAGE_SCN_PROTECTION_MASK);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Update the protection for this PTE */
|
|
|
|
|
MiSetSystemCodeProtection(FirstPte, FirstPte, Protection);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Skip this PTE */
|
|
|
|
|
FirstPte++;
|
2010-04-21 14:06:01 +00:00
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* There can not be gaps! */
|
|
|
|
|
NT_ASSERT(FirstPte == (LastPte + 1));
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Get the end of the section and the last PTE */
|
|
|
|
|
SectionEnd = Add2Ptr(SectionBase, SectionSize - 1);
|
|
|
|
|
NT_ASSERT(SectionEnd < Add2Ptr(ImageBase, NtHeaders->OptionalHeader.SizeOfImage));
|
|
|
|
|
LastPte = MiAddressToPte(SectionEnd);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* If there are no more pages (after an overlap), skip this section */
|
|
|
|
|
if (LastPte < FirstPte)
|
2010-04-21 14:06:01 +00:00
|
|
|
{
|
2019-01-18 21:11:43 +00:00
|
|
|
NT_ASSERT(FirstPte == (LastPte + 1));
|
|
|
|
|
continue;
|
2010-04-21 14:06:01 +00:00
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Get the section protection */
|
|
|
|
|
Protection = (Section->Characteristics & IMAGE_SCN_PROTECTION_MASK);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Update the protection for this section */
|
|
|
|
|
MiSetSystemCodeProtection(FirstPte, LastPte, Protection);
|
2010-04-21 14:06:01 +00:00
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2019-01-18 21:11:43 +00:00
|
|
|
/* Image should end with the last section */
|
2019-01-19 12:38:24 +00:00
|
|
|
if (ALIGN_UP_POINTER_BY(SectionEnd, PAGE_SIZE) !=
|
|
|
|
|
Add2Ptr(ImageBase, NtHeaders->OptionalHeader.SizeOfImage))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("ImageBase 0x%p ImageSize 0x%lx Section %u VA 0x%lx Raw 0x%lx virt 0x%lx\n",
|
|
|
|
|
ImageBase,
|
|
|
|
|
NtHeaders->OptionalHeader.SizeOfImage,
|
|
|
|
|
i,
|
|
|
|
|
Section->VirtualAddress,
|
|
|
|
|
Section->SizeOfRawData,
|
|
|
|
|
Section->Misc.VirtualSize);
|
|
|
|
|
}
|
2010-04-21 14:06:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiSetPagingOfDriver(IN PMMPTE PointerPte,
|
|
|
|
|
IN PMMPTE LastPte)
|
|
|
|
|
{
|
2020-09-09 01:46:56 +00:00
|
|
|
#ifdef ENABLE_MISETPAGINGOFDRIVER
|
2010-04-21 14:06:01 +00:00
|
|
|
PVOID ImageBase;
|
2010-07-22 18:26:04 +00:00
|
|
|
PETHREAD CurrentThread = PsGetCurrentThread();
|
[HAL/NDK]
- Make Vector parameter in HalEnableSystemInterrupt, HalDisableSystemInterrupt and HalBeginSystemInterrupt an ULONG, not an UCHAR
[NDK]
- 64bit fixes for HANDLE_TABLE, KPROCESS, SECTION_IMAGE_INFORMATION, MMADDRESS_LIST, MMVAD_FLAGS, MMVAD, MMVAD_LONG, MMVAD_SHORT, MEMORY_DESCRIPTOR, MEMORY_ALLOCATION_DESCRIPTOR, LdrVerifyMappedImageMatchesChecksum
- KDPC_DATA::DpcQueueDepth is signed on amd64, unsigned on x86
[NTOSKRNL]
- Fix hundreds of MSVC and amd64 warnings
- add a pragma message to FstubFixupEfiPartition, since it looks broken
- Move portable Ke constants from <arch>/cpu.c to krnlinit.c
- Fixed a bug in amd64 KiGeneralProtectionFaultHandler
svn path=/trunk/; revision=53734
2011-09-18 13:11:45 +00:00
|
|
|
PFN_COUNT PageCount = 0;
|
|
|
|
|
PFN_NUMBER PageFrameIndex;
|
2010-04-21 14:06:01 +00:00
|
|
|
PMMPFN Pfn1;
|
2020-09-09 01:46:56 +00:00
|
|
|
#endif // ENABLE_MISETPAGINGOFDRIVER
|
|
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
PAGED_CODE();
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2020-09-09 01:46:56 +00:00
|
|
|
#ifndef ENABLE_MISETPAGINGOFDRIVER
|
2013-11-22 12:51:40 +00:00
|
|
|
/* The page fault handler is broken and doesn't page back in! */
|
|
|
|
|
DPRINT1("WARNING: MiSetPagingOfDriver() called, but paging is broken! ignoring!\n");
|
2020-09-09 01:46:56 +00:00
|
|
|
#else // ENABLE_MISETPAGINGOFDRIVER
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Get the driver's base address */
|
|
|
|
|
ImageBase = MiPteToAddress(PointerPte);
|
|
|
|
|
ASSERT(MI_IS_SESSION_IMAGE_ADDRESS(ImageBase) == FALSE);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* If this is a large page, it's stuck in physical memory */
|
|
|
|
|
if (MI_IS_PHYSICAL_ADDRESS(ImageBase)) return;
|
|
|
|
|
|
2010-07-22 18:26:04 +00:00
|
|
|
/* Lock the working set */
|
|
|
|
|
MiLockWorkingSet(CurrentThread, &MmSystemCacheWs);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Loop the PTEs */
|
|
|
|
|
while (PointerPte <= LastPte)
|
|
|
|
|
{
|
|
|
|
|
/* Check for valid PTE */
|
|
|
|
|
if (PointerPte->u.Hard.Valid == 1)
|
|
|
|
|
{
|
|
|
|
|
PageFrameIndex = PFN_FROM_PTE(PointerPte);
|
|
|
|
|
Pfn1 = MiGetPfnEntry(PageFrameIndex);
|
|
|
|
|
ASSERT(Pfn1->u2.ShareCount == 1);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* No working sets in ReactOS yet */
|
|
|
|
|
PageCount++;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
ImageBase = (PVOID)((ULONG_PTR)ImageBase + PAGE_SIZE);
|
|
|
|
|
PointerPte++;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-07-22 18:26:04 +00:00
|
|
|
/* Release the working set */
|
|
|
|
|
MiUnlockWorkingSet(CurrentThread, &MmSystemCacheWs);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Do we have any driver pages? */
|
|
|
|
|
if (PageCount)
|
|
|
|
|
{
|
|
|
|
|
/* Update counters */
|
|
|
|
|
InterlockedExchangeAdd((PLONG)&MmTotalSystemDriverPages, PageCount);
|
|
|
|
|
}
|
2020-09-09 01:46:56 +00:00
|
|
|
#endif // ENABLE_MISETPAGINGOFDRIVER
|
2010-04-21 14:06:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MiEnablePagingOfDriver(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
|
|
|
|
|
{
|
|
|
|
|
ULONG_PTR ImageBase;
|
|
|
|
|
PIMAGE_NT_HEADERS NtHeaders;
|
|
|
|
|
ULONG Sections, Alignment, Size;
|
|
|
|
|
PIMAGE_SECTION_HEADER Section;
|
|
|
|
|
PMMPTE PointerPte = NULL, LastPte = NULL;
|
|
|
|
|
if (MmDisablePagingExecutive) return;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Get the driver base address and its NT header */
|
|
|
|
|
ImageBase = (ULONG_PTR)LdrEntry->DllBase;
|
|
|
|
|
NtHeaders = RtlImageNtHeader((PVOID)ImageBase);
|
|
|
|
|
if (!NtHeaders) return;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Get the sections and their alignment */
|
|
|
|
|
Sections = NtHeaders->FileHeader.NumberOfSections;
|
|
|
|
|
Alignment = NtHeaders->OptionalHeader.SectionAlignment - 1;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Loop each section */
|
|
|
|
|
Section = IMAGE_FIRST_SECTION(NtHeaders);
|
|
|
|
|
while (Sections)
|
|
|
|
|
{
|
|
|
|
|
/* Find PAGE or .edata */
|
|
|
|
|
if ((*(PULONG)Section->Name == 'EGAP') ||
|
|
|
|
|
(*(PULONG)Section->Name == 'ade.'))
|
|
|
|
|
{
|
|
|
|
|
/* Had we already done some work? */
|
|
|
|
|
if (!PointerPte)
|
|
|
|
|
{
|
|
|
|
|
/* Nope, setup the first PTE address */
|
|
|
|
|
PointerPte = MiAddressToPte(ROUND_TO_PAGES(ImageBase +
|
2019-06-25 22:46:52 +00:00
|
|
|
Section->VirtualAddress));
|
2010-04-21 14:06:01 +00:00
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Compute the size */
|
|
|
|
|
Size = max(Section->SizeOfRawData, Section->Misc.VirtualSize);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Find the last PTE that maps this section */
|
|
|
|
|
LastPte = MiAddressToPte(ImageBase +
|
|
|
|
|
Section->VirtualAddress +
|
2019-06-25 22:46:52 +00:00
|
|
|
Alignment + Size - PAGE_SIZE);
|
2010-04-21 14:06:01 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Had we found a section before? */
|
|
|
|
|
if (PointerPte)
|
|
|
|
|
{
|
|
|
|
|
/* Mark it as pageable */
|
|
|
|
|
MiSetPagingOfDriver(PointerPte, LastPte);
|
|
|
|
|
PointerPte = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Keep searching */
|
|
|
|
|
Sections--;
|
|
|
|
|
Section++;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Handle the straggler */
|
|
|
|
|
if (PointerPte) MiSetPagingOfDriver(PointerPte, LastPte);
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-12 03:35:35 +00:00
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
MmVerifyImageIsOkForMpUse(IN PVOID BaseAddress)
|
|
|
|
|
{
|
|
|
|
|
PIMAGE_NT_HEADERS NtHeader;
|
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
|
|
/* Get NT Headers */
|
|
|
|
|
NtHeader = RtlImageNtHeader(BaseAddress);
|
|
|
|
|
if (NtHeader)
|
|
|
|
|
{
|
|
|
|
|
/* Check if this image is only safe for UP while we have 2+ CPUs */
|
|
|
|
|
if ((KeNumberProcessors > 1) &&
|
|
|
|
|
(NtHeader->FileHeader.Characteristics & IMAGE_FILE_UP_SYSTEM_ONLY))
|
|
|
|
|
{
|
|
|
|
|
/* Fail */
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Otherwise, it's safe */
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
MmCheckSystemImage(IN HANDLE ImageHandle,
|
|
|
|
|
IN BOOLEAN PurgeSection)
|
|
|
|
|
{
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
HANDLE SectionHandle;
|
|
|
|
|
PVOID ViewBase = NULL;
|
|
|
|
|
SIZE_T ViewSize = 0;
|
|
|
|
|
IO_STATUS_BLOCK IoStatusBlock;
|
|
|
|
|
FILE_STANDARD_INFORMATION FileStandardInfo;
|
|
|
|
|
KAPC_STATE ApcState;
|
2010-04-22 08:04:57 +00:00
|
|
|
PIMAGE_NT_HEADERS NtHeaders;
|
|
|
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
2009-10-12 03:35:35 +00:00
|
|
|
PAGED_CODE();
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:04:57 +00:00
|
|
|
/* Setup the object attributes */
|
|
|
|
|
InitializeObjectAttributes(&ObjectAttributes,
|
|
|
|
|
NULL,
|
|
|
|
|
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
|
|
|
|
|
NULL,
|
|
|
|
|
NULL);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Create a section for the DLL */
|
|
|
|
|
Status = ZwCreateSection(&SectionHandle,
|
|
|
|
|
SECTION_MAP_EXECUTE,
|
2010-04-22 08:04:57 +00:00
|
|
|
&ObjectAttributes,
|
2009-10-12 03:35:35 +00:00
|
|
|
NULL,
|
|
|
|
|
PAGE_EXECUTE,
|
2010-04-22 08:04:57 +00:00
|
|
|
SEC_IMAGE,
|
2009-10-12 03:35:35 +00:00
|
|
|
ImageHandle);
|
2011-10-01 17:54:42 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("ZwCreateSection failed with status 0x%x\n", Status);
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Make sure we're in the system process */
|
|
|
|
|
KeStackAttachProcess(&PsInitialSystemProcess->Pcb, &ApcState);
|
|
|
|
|
|
|
|
|
|
/* Map it */
|
|
|
|
|
Status = ZwMapViewOfSection(SectionHandle,
|
|
|
|
|
NtCurrentProcess(),
|
|
|
|
|
&ViewBase,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
NULL,
|
|
|
|
|
&ViewSize,
|
|
|
|
|
ViewShare,
|
|
|
|
|
0,
|
|
|
|
|
PAGE_EXECUTE);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
/* We failed, close the handle and return */
|
2011-10-01 17:54:42 +00:00
|
|
|
DPRINT1("ZwMapViewOfSection failed with status 0x%x\n", Status);
|
2009-10-12 03:35:35 +00:00
|
|
|
KeUnstackDetachProcess(&ApcState);
|
|
|
|
|
ZwClose(SectionHandle);
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Now query image information */
|
|
|
|
|
Status = ZwQueryInformationFile(ImageHandle,
|
|
|
|
|
&IoStatusBlock,
|
|
|
|
|
&FileStandardInfo,
|
|
|
|
|
sizeof(FileStandardInfo),
|
|
|
|
|
FileStandardInformation);
|
2010-04-22 08:04:57 +00:00
|
|
|
if (NT_SUCCESS(Status))
|
2009-10-12 03:35:35 +00:00
|
|
|
{
|
|
|
|
|
/* First, verify the checksum */
|
|
|
|
|
if (!LdrVerifyMappedImageMatchesChecksum(ViewBase,
|
2010-04-22 08:04:57 +00:00
|
|
|
ViewSize,
|
2009-10-12 03:35:35 +00:00
|
|
|
FileStandardInfo.
|
|
|
|
|
EndOfFile.LowPart))
|
|
|
|
|
{
|
|
|
|
|
/* Set checksum failure */
|
|
|
|
|
Status = STATUS_IMAGE_CHECKSUM_MISMATCH;
|
2010-04-22 08:04:57 +00:00
|
|
|
goto Fail;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:04:57 +00:00
|
|
|
/* Make sure it's a real image */
|
|
|
|
|
NtHeaders = RtlImageNtHeader(ViewBase);
|
|
|
|
|
if (!NtHeaders)
|
|
|
|
|
{
|
|
|
|
|
/* Set checksum failure */
|
|
|
|
|
Status = STATUS_IMAGE_CHECKSUM_MISMATCH;
|
|
|
|
|
goto Fail;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-22 08:04:57 +00:00
|
|
|
/* Make sure it's for the correct architecture */
|
|
|
|
|
if ((NtHeaders->FileHeader.Machine != IMAGE_FILE_MACHINE_NATIVE) ||
|
|
|
|
|
(NtHeaders->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR_MAGIC))
|
|
|
|
|
{
|
|
|
|
|
/* Set protection failure */
|
|
|
|
|
Status = STATUS_INVALID_IMAGE_PROTECT;
|
|
|
|
|
goto Fail;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check that it's a valid SMP image if we have more then one CPU */
|
|
|
|
|
if (!MmVerifyImageIsOkForMpUse(ViewBase))
|
|
|
|
|
{
|
|
|
|
|
/* Otherwise it's not the right image */
|
|
|
|
|
Status = STATUS_IMAGE_MP_UP_MISMATCH;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Unmap the section, close the handle, and return status */
|
2010-04-22 08:04:57 +00:00
|
|
|
Fail:
|
2009-10-12 03:35:35 +00:00
|
|
|
ZwUnmapViewOfSection(NtCurrentProcess(), ViewBase);
|
|
|
|
|
KeUnstackDetachProcess(&ApcState);
|
|
|
|
|
ZwClose(SectionHandle);
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-04 21:08:48 +00:00
|
|
|
|
|
|
|
|
PVOID
|
|
|
|
|
NTAPI
|
|
|
|
|
LdrpFetchAddressOfSecurityCookie(PVOID BaseAddress, ULONG SizeOfImage)
|
|
|
|
|
{
|
|
|
|
|
PIMAGE_LOAD_CONFIG_DIRECTORY ConfigDir;
|
|
|
|
|
ULONG DirSize;
|
|
|
|
|
PVOID Cookie = NULL;
|
|
|
|
|
|
|
|
|
|
/* Check NT header first */
|
|
|
|
|
if (!RtlImageNtHeader(BaseAddress)) return NULL;
|
|
|
|
|
|
|
|
|
|
/* Get the pointer to the config directory */
|
|
|
|
|
ConfigDir = RtlImageDirectoryEntryToData(BaseAddress,
|
|
|
|
|
TRUE,
|
|
|
|
|
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG,
|
|
|
|
|
&DirSize);
|
|
|
|
|
|
|
|
|
|
/* Check for sanity */
|
|
|
|
|
if (!ConfigDir ||
|
|
|
|
|
DirSize < FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY, SEHandlerTable) || /* SEHandlerTable is after SecurityCookie */
|
|
|
|
|
(ConfigDir->Size != DirSize))
|
|
|
|
|
{
|
|
|
|
|
/* Invalid directory*/
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Now get the cookie */
|
|
|
|
|
Cookie = (PVOID)ConfigDir->SecurityCookie;
|
|
|
|
|
|
|
|
|
|
/* Check this cookie */
|
|
|
|
|
if ((PCHAR)Cookie <= (PCHAR)BaseAddress ||
|
|
|
|
|
(PCHAR)Cookie >= (PCHAR)BaseAddress + SizeOfImage)
|
|
|
|
|
{
|
|
|
|
|
Cookie = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return validated security cookie */
|
|
|
|
|
return Cookie;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PVOID
|
|
|
|
|
NTAPI
|
|
|
|
|
LdrpInitSecurityCookie(PLDR_DATA_TABLE_ENTRY LdrEntry)
|
|
|
|
|
{
|
|
|
|
|
PULONG_PTR Cookie;
|
|
|
|
|
ULONG_PTR NewCookie;
|
|
|
|
|
|
|
|
|
|
/* Fetch address of the cookie */
|
|
|
|
|
Cookie = LdrpFetchAddressOfSecurityCookie(LdrEntry->DllBase, LdrEntry->SizeOfImage);
|
|
|
|
|
|
|
|
|
|
if (Cookie)
|
|
|
|
|
{
|
|
|
|
|
/* Check if it's a default one */
|
|
|
|
|
if ((*Cookie == DEFAULT_SECURITY_COOKIE) ||
|
|
|
|
|
(*Cookie == 0))
|
|
|
|
|
{
|
|
|
|
|
LARGE_INTEGER Counter = KeQueryPerformanceCounter(NULL);
|
|
|
|
|
/* The address should be unique */
|
|
|
|
|
NewCookie = (ULONG_PTR)Cookie;
|
|
|
|
|
|
|
|
|
|
/* We just need a simple tick, don't care about precision and whatnot */
|
|
|
|
|
NewCookie ^= (ULONG_PTR)Counter.LowPart;
|
|
|
|
|
|
|
|
|
|
/* If the result is 0 or the same as we got, just add one to the default value */
|
|
|
|
|
if ((NewCookie == 0) || (NewCookie == *Cookie))
|
|
|
|
|
{
|
|
|
|
|
NewCookie = DEFAULT_SECURITY_COOKIE + 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Set the new cookie value */
|
|
|
|
|
*Cookie = NewCookie;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Cookie;
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-12 03:35:35 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
MmLoadSystemImage(IN PUNICODE_STRING FileName,
|
|
|
|
|
IN PUNICODE_STRING NamePrefix OPTIONAL,
|
|
|
|
|
IN PUNICODE_STRING LoadedName OPTIONAL,
|
|
|
|
|
IN ULONG Flags,
|
|
|
|
|
OUT PVOID *ModuleObject,
|
|
|
|
|
OUT PVOID *ImageBaseAddress)
|
|
|
|
|
{
|
|
|
|
|
PVOID ModuleLoadBase = NULL;
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
HANDLE FileHandle = NULL;
|
|
|
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
|
|
|
IO_STATUS_BLOCK IoStatusBlock;
|
|
|
|
|
PIMAGE_NT_HEADERS NtHeader;
|
|
|
|
|
UNICODE_STRING BaseName, BaseDirectory, PrefixName, UnicodeTemp;
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry = NULL;
|
|
|
|
|
ULONG EntrySize, DriverSize;
|
2010-04-21 14:06:01 +00:00
|
|
|
PLOAD_IMPORTS LoadedImports = MM_SYSLDR_NO_IMPORTS;
|
2009-10-12 03:35:35 +00:00
|
|
|
PCHAR MissingApiName, Buffer;
|
|
|
|
|
PWCHAR MissingDriverName;
|
|
|
|
|
HANDLE SectionHandle;
|
|
|
|
|
ACCESS_MASK DesiredAccess;
|
2020-10-23 15:27:47 +00:00
|
|
|
PSECTION Section = NULL;
|
2009-10-12 03:35:35 +00:00
|
|
|
BOOLEAN LockOwned = FALSE;
|
|
|
|
|
PLIST_ENTRY NextEntry;
|
|
|
|
|
IMAGE_INFO ImageInfo;
|
2009-10-25 15:56:38 +00:00
|
|
|
STRING AnsiTemp;
|
2009-10-12 03:35:35 +00:00
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
|
|
/* Detect session-load */
|
|
|
|
|
if (Flags)
|
|
|
|
|
{
|
|
|
|
|
/* Sanity checks */
|
|
|
|
|
ASSERT(NamePrefix == NULL);
|
|
|
|
|
ASSERT(LoadedName == NULL);
|
|
|
|
|
|
|
|
|
|
/* Make sure the process is in session too */
|
|
|
|
|
if (!PsGetCurrentProcess()->ProcessInSession) return STATUS_NO_MEMORY;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Allocate a buffer we'll use for names */
|
2019-04-15 06:25:23 +00:00
|
|
|
Buffer = ExAllocatePoolWithTag(NonPagedPool,
|
|
|
|
|
MAXIMUM_FILENAME_LENGTH,
|
|
|
|
|
TAG_LDR_WSTR);
|
2009-10-12 03:35:35 +00:00
|
|
|
if (!Buffer) return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
|
|
|
|
|
/* Check for a separator */
|
|
|
|
|
if (FileName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR)
|
|
|
|
|
{
|
|
|
|
|
PWCHAR p;
|
|
|
|
|
ULONG BaseLength;
|
|
|
|
|
|
|
|
|
|
/* Loop the path until we get to the base name */
|
|
|
|
|
p = &FileName->Buffer[FileName->Length / sizeof(WCHAR)];
|
|
|
|
|
while (*(p - 1) != OBJ_NAME_PATH_SEPARATOR) p--;
|
|
|
|
|
|
|
|
|
|
/* Get the length */
|
|
|
|
|
BaseLength = (ULONG)(&FileName->Buffer[FileName->Length / sizeof(WCHAR)] - p);
|
|
|
|
|
BaseLength *= sizeof(WCHAR);
|
|
|
|
|
|
|
|
|
|
/* Setup the string */
|
|
|
|
|
BaseName.Length = (USHORT)BaseLength;
|
|
|
|
|
BaseName.Buffer = p;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Otherwise, we already have a base name */
|
|
|
|
|
BaseName.Length = FileName->Length;
|
|
|
|
|
BaseName.Buffer = FileName->Buffer;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Setup the maximum length */
|
|
|
|
|
BaseName.MaximumLength = BaseName.Length;
|
|
|
|
|
|
|
|
|
|
/* Now compute the base directory */
|
|
|
|
|
BaseDirectory = *FileName;
|
|
|
|
|
BaseDirectory.Length -= BaseName.Length;
|
|
|
|
|
BaseDirectory.MaximumLength = BaseDirectory.Length;
|
|
|
|
|
|
|
|
|
|
/* And the prefix, which for now is just the name itself */
|
|
|
|
|
PrefixName = *FileName;
|
|
|
|
|
|
|
|
|
|
/* Check if we have a prefix */
|
|
|
|
|
if (NamePrefix) DPRINT1("Prefixed images are not yet supported!\n");
|
|
|
|
|
|
|
|
|
|
/* Check if we already have a name, use it instead */
|
|
|
|
|
if (LoadedName) BaseName = *LoadedName;
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Check for loader snap debugging */
|
|
|
|
|
if (NtGlobalFlag & FLG_SHOW_LDR_SNAPS)
|
|
|
|
|
{
|
|
|
|
|
/* Print out standard string */
|
|
|
|
|
DPRINT1("MM:SYSLDR Loading %wZ (%wZ) %s\n",
|
|
|
|
|
&PrefixName, &BaseName, Flags ? "in session space" : "");
|
|
|
|
|
}
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Acquire the load lock */
|
|
|
|
|
LoaderScan:
|
|
|
|
|
ASSERT(LockOwned == FALSE);
|
|
|
|
|
LockOwned = TRUE;
|
|
|
|
|
KeEnterCriticalRegion();
|
|
|
|
|
KeWaitForSingleObject(&MmSystemLoadLock,
|
|
|
|
|
WrVirtualMemory,
|
|
|
|
|
KernelMode,
|
|
|
|
|
FALSE,
|
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
|
|
/* Scan the module list */
|
|
|
|
|
NextEntry = PsLoadedModuleList.Flink;
|
|
|
|
|
while (NextEntry != &PsLoadedModuleList)
|
|
|
|
|
{
|
|
|
|
|
/* Get the entry and compare the names */
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
|
|
|
|
if (RtlEqualUnicodeString(&PrefixName, &LdrEntry->FullDllName, TRUE))
|
|
|
|
|
{
|
|
|
|
|
/* Found it, break out */
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Keep scanning */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if we found the image */
|
|
|
|
|
if (NextEntry != &PsLoadedModuleList)
|
|
|
|
|
{
|
|
|
|
|
/* Check if we had already mapped a section */
|
|
|
|
|
if (Section)
|
|
|
|
|
{
|
|
|
|
|
/* Dereference and clear */
|
|
|
|
|
ObDereferenceObject(Section);
|
|
|
|
|
Section = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if this was supposed to be a session load */
|
|
|
|
|
if (!Flags)
|
|
|
|
|
{
|
|
|
|
|
/* It wasn't, so just return the data */
|
2009-11-08 01:13:49 +00:00
|
|
|
*ModuleObject = LdrEntry;
|
|
|
|
|
*ImageBaseAddress = LdrEntry->DllBase;
|
2009-10-12 03:35:35 +00:00
|
|
|
Status = STATUS_IMAGE_ALREADY_LOADED;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* We don't support session loading yet */
|
2013-01-06 18:47:39 +00:00
|
|
|
UNIMPLEMENTED_DBGBREAK("Unsupported Session-Load!\n");
|
2013-01-04 12:54:39 +00:00
|
|
|
Status = STATUS_NOT_IMPLEMENTED;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Do cleanup */
|
|
|
|
|
goto Quickie;
|
|
|
|
|
}
|
|
|
|
|
else if (!Section)
|
|
|
|
|
{
|
|
|
|
|
/* It wasn't loaded, and we didn't have a previous attempt */
|
2020-10-16 14:09:08 +00:00
|
|
|
KeReleaseMutant(&MmSystemLoadLock, MUTANT_INCREMENT, FALSE, FALSE);
|
2009-10-12 03:35:35 +00:00
|
|
|
KeLeaveCriticalRegion();
|
|
|
|
|
LockOwned = FALSE;
|
|
|
|
|
|
|
|
|
|
/* Check if KD is enabled */
|
|
|
|
|
if ((KdDebuggerEnabled) && !(KdDebuggerNotPresent))
|
|
|
|
|
{
|
|
|
|
|
/* FIXME: Attempt to get image from KD */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We don't have a valid entry */
|
|
|
|
|
LdrEntry = NULL;
|
|
|
|
|
|
|
|
|
|
/* Setup image attributes */
|
|
|
|
|
InitializeObjectAttributes(&ObjectAttributes,
|
|
|
|
|
FileName,
|
|
|
|
|
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
|
|
|
|
|
NULL,
|
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
|
|
/* Open the image */
|
|
|
|
|
Status = ZwOpenFile(&FileHandle,
|
|
|
|
|
FILE_EXECUTE,
|
|
|
|
|
&ObjectAttributes,
|
|
|
|
|
&IoStatusBlock,
|
|
|
|
|
FILE_SHARE_READ | FILE_SHARE_DELETE,
|
|
|
|
|
0);
|
2011-10-01 17:54:42 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
2012-10-07 21:36:50 +00:00
|
|
|
DPRINT1("ZwOpenFile failed for '%wZ' with status 0x%x\n",
|
|
|
|
|
FileName, Status);
|
2011-10-01 17:54:42 +00:00
|
|
|
goto Quickie;
|
|
|
|
|
}
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Validate it */
|
|
|
|
|
Status = MmCheckSystemImage(FileHandle, FALSE);
|
|
|
|
|
if ((Status == STATUS_IMAGE_CHECKSUM_MISMATCH) ||
|
|
|
|
|
(Status == STATUS_IMAGE_MP_UP_MISMATCH) ||
|
2010-04-21 14:06:01 +00:00
|
|
|
(Status == STATUS_INVALID_IMAGE_PROTECT))
|
2009-10-12 03:35:35 +00:00
|
|
|
{
|
|
|
|
|
/* Fail loading */
|
|
|
|
|
goto Quickie;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if this is a session-load */
|
|
|
|
|
if (Flags)
|
|
|
|
|
{
|
|
|
|
|
/* Then we only need read and execute */
|
|
|
|
|
DesiredAccess = SECTION_MAP_READ | SECTION_MAP_EXECUTE;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Otherwise, we can allow write access */
|
|
|
|
|
DesiredAccess = SECTION_ALL_ACCESS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Initialize the attributes for the section */
|
|
|
|
|
InitializeObjectAttributes(&ObjectAttributes,
|
|
|
|
|
NULL,
|
|
|
|
|
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
|
|
|
|
|
NULL,
|
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
|
|
/* Create the section */
|
|
|
|
|
Status = ZwCreateSection(&SectionHandle,
|
|
|
|
|
DesiredAccess,
|
|
|
|
|
&ObjectAttributes,
|
|
|
|
|
NULL,
|
|
|
|
|
PAGE_EXECUTE,
|
|
|
|
|
SEC_IMAGE,
|
|
|
|
|
FileHandle);
|
2011-10-01 17:54:42 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("ZwCreateSection failed with status 0x%x\n", Status);
|
|
|
|
|
goto Quickie;
|
|
|
|
|
}
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Now get the section pointer */
|
|
|
|
|
Status = ObReferenceObjectByHandle(SectionHandle,
|
|
|
|
|
SECTION_MAP_EXECUTE,
|
|
|
|
|
MmSectionObjectType,
|
|
|
|
|
KernelMode,
|
2020-10-23 15:27:47 +00:00
|
|
|
(PVOID*)&Section,
|
2009-10-12 03:35:35 +00:00
|
|
|
NULL);
|
|
|
|
|
ZwClose(SectionHandle);
|
|
|
|
|
if (!NT_SUCCESS(Status)) goto Quickie;
|
|
|
|
|
|
|
|
|
|
/* Check if this was supposed to be a session-load */
|
|
|
|
|
if (Flags)
|
|
|
|
|
{
|
|
|
|
|
/* We don't support session loading yet */
|
2013-01-06 18:47:39 +00:00
|
|
|
UNIMPLEMENTED_DBGBREAK("Unsupported Session-Load!\n");
|
2013-01-04 12:54:39 +00:00
|
|
|
goto Quickie;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check the loader list again, we should end up in the path below */
|
|
|
|
|
goto LoaderScan;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* We don't have a valid entry */
|
|
|
|
|
LdrEntry = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Load the image */
|
|
|
|
|
Status = MiLoadImageSection(&Section,
|
|
|
|
|
&ModuleLoadBase,
|
|
|
|
|
FileName,
|
|
|
|
|
FALSE,
|
|
|
|
|
NULL);
|
|
|
|
|
ASSERT(Status != STATUS_ALREADY_COMMITTED);
|
|
|
|
|
|
|
|
|
|
/* Get the size of the driver */
|
2020-10-23 15:27:47 +00:00
|
|
|
DriverSize = ((PMM_IMAGE_SECTION_OBJECT)Section->Segment)->ImageInformation.ImageFileSize;
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Make sure we're not being loaded into session space */
|
|
|
|
|
if (!Flags)
|
|
|
|
|
{
|
|
|
|
|
/* Check for success */
|
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Support large pages for drivers */
|
|
|
|
|
MiUseLargeDriverPage(DriverSize / PAGE_SIZE,
|
|
|
|
|
&ModuleLoadBase,
|
|
|
|
|
&BaseName,
|
|
|
|
|
TRUE);
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Dereference the section */
|
|
|
|
|
ObDereferenceObject(Section);
|
|
|
|
|
Section = NULL;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Check for failure of the load earlier */
|
2011-10-01 17:54:42 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("MiLoadImageSection failed with status 0x%x\n", Status);
|
|
|
|
|
goto Quickie;
|
|
|
|
|
}
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Relocate the driver */
|
|
|
|
|
Status = LdrRelocateImageWithBias(ModuleLoadBase,
|
|
|
|
|
0,
|
|
|
|
|
"SYSLDR",
|
|
|
|
|
STATUS_SUCCESS,
|
|
|
|
|
STATUS_CONFLICTING_ADDRESSES,
|
|
|
|
|
STATUS_INVALID_IMAGE_FORMAT);
|
2011-10-01 17:54:42 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("LdrRelocateImageWithBias failed with status 0x%x\n", Status);
|
|
|
|
|
goto Quickie;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Get the NT Header */
|
|
|
|
|
NtHeader = RtlImageNtHeader(ModuleLoadBase);
|
|
|
|
|
|
2009-10-12 03:35:35 +00:00
|
|
|
/* Calculate the size we'll need for the entry and allocate it */
|
|
|
|
|
EntrySize = sizeof(LDR_DATA_TABLE_ENTRY) +
|
|
|
|
|
BaseName.Length +
|
|
|
|
|
sizeof(UNICODE_NULL);
|
|
|
|
|
|
|
|
|
|
/* Allocate the entry */
|
|
|
|
|
LdrEntry = ExAllocatePoolWithTag(NonPagedPool, EntrySize, TAG_MODULE_OBJECT);
|
|
|
|
|
if (!LdrEntry)
|
|
|
|
|
{
|
|
|
|
|
/* Fail */
|
|
|
|
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
goto Quickie;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Setup the entry */
|
|
|
|
|
LdrEntry->Flags = LDRP_LOAD_IN_PROGRESS;
|
|
|
|
|
LdrEntry->LoadCount = 1;
|
|
|
|
|
LdrEntry->LoadedImports = LoadedImports;
|
|
|
|
|
LdrEntry->PatchInformation = NULL;
|
|
|
|
|
|
|
|
|
|
/* Check the version */
|
|
|
|
|
if ((NtHeader->OptionalHeader.MajorOperatingSystemVersion >= 5) &&
|
|
|
|
|
(NtHeader->OptionalHeader.MajorImageVersion >= 5))
|
|
|
|
|
{
|
|
|
|
|
/* Mark this image as a native image */
|
2009-11-08 01:13:49 +00:00
|
|
|
LdrEntry->Flags |= LDRP_ENTRY_NATIVE;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Setup the rest of the entry */
|
|
|
|
|
LdrEntry->DllBase = ModuleLoadBase;
|
|
|
|
|
LdrEntry->EntryPoint = (PVOID)((ULONG_PTR)ModuleLoadBase +
|
|
|
|
|
NtHeader->OptionalHeader.AddressOfEntryPoint);
|
|
|
|
|
LdrEntry->SizeOfImage = DriverSize;
|
|
|
|
|
LdrEntry->CheckSum = NtHeader->OptionalHeader.CheckSum;
|
|
|
|
|
LdrEntry->SectionPointer = Section;
|
|
|
|
|
|
|
|
|
|
/* Now write the DLL name */
|
|
|
|
|
LdrEntry->BaseDllName.Buffer = (PVOID)(LdrEntry + 1);
|
|
|
|
|
LdrEntry->BaseDllName.Length = BaseName.Length;
|
|
|
|
|
LdrEntry->BaseDllName.MaximumLength = BaseName.Length;
|
|
|
|
|
|
|
|
|
|
/* Copy and null-terminate it */
|
|
|
|
|
RtlCopyMemory(LdrEntry->BaseDllName.Buffer,
|
|
|
|
|
BaseName.Buffer,
|
|
|
|
|
BaseName.Length);
|
2009-11-08 01:13:49 +00:00
|
|
|
LdrEntry->BaseDllName.Buffer[BaseName.Length / sizeof(WCHAR)] = UNICODE_NULL;
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Now allocate the full name */
|
|
|
|
|
LdrEntry->FullDllName.Buffer = ExAllocatePoolWithTag(PagedPool,
|
|
|
|
|
PrefixName.Length +
|
|
|
|
|
sizeof(UNICODE_NULL),
|
|
|
|
|
TAG_LDR_WSTR);
|
|
|
|
|
if (!LdrEntry->FullDllName.Buffer)
|
|
|
|
|
{
|
|
|
|
|
/* Don't fail, just set it to zero */
|
|
|
|
|
LdrEntry->FullDllName.Length = 0;
|
|
|
|
|
LdrEntry->FullDllName.MaximumLength = 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Set it up */
|
|
|
|
|
LdrEntry->FullDllName.Length = PrefixName.Length;
|
|
|
|
|
LdrEntry->FullDllName.MaximumLength = PrefixName.Length;
|
|
|
|
|
|
|
|
|
|
/* Copy and null-terminate */
|
|
|
|
|
RtlCopyMemory(LdrEntry->FullDllName.Buffer,
|
|
|
|
|
PrefixName.Buffer,
|
|
|
|
|
PrefixName.Length);
|
2009-11-08 01:13:49 +00:00
|
|
|
LdrEntry->FullDllName.Buffer[PrefixName.Length / sizeof(WCHAR)] = UNICODE_NULL;
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Add the entry */
|
|
|
|
|
MiProcessLoaderEntry(LdrEntry, TRUE);
|
|
|
|
|
|
|
|
|
|
/* Resolve imports */
|
|
|
|
|
MissingApiName = Buffer;
|
2013-11-11 20:01:13 +00:00
|
|
|
MissingDriverName = NULL;
|
2009-10-12 03:35:35 +00:00
|
|
|
Status = MiResolveImageReferences(ModuleLoadBase,
|
|
|
|
|
&BaseDirectory,
|
|
|
|
|
NULL,
|
|
|
|
|
&MissingApiName,
|
|
|
|
|
&MissingDriverName,
|
|
|
|
|
&LoadedImports);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
2013-11-12 19:23:42 +00:00
|
|
|
BOOLEAN NeedToFreeString = FALSE;
|
|
|
|
|
|
|
|
|
|
/* If the lowest bit is set to 1, this is a hint that we need to free */
|
2013-11-13 22:07:54 +00:00
|
|
|
if (*(ULONG_PTR*)&MissingDriverName & 1)
|
2013-11-12 19:23:42 +00:00
|
|
|
{
|
|
|
|
|
NeedToFreeString = TRUE;
|
2013-11-13 22:07:54 +00:00
|
|
|
*(ULONG_PTR*)&MissingDriverName &= ~1;
|
2013-11-12 19:23:42 +00:00
|
|
|
}
|
|
|
|
|
|
2011-10-01 17:54:42 +00:00
|
|
|
DPRINT1("MiResolveImageReferences failed with status 0x%x\n", Status);
|
2013-11-13 22:07:54 +00:00
|
|
|
DPRINT1(" Missing driver '%ls', missing API '%s'\n",
|
2013-11-11 20:01:13 +00:00
|
|
|
MissingDriverName, MissingApiName);
|
|
|
|
|
|
2013-11-12 19:23:42 +00:00
|
|
|
if (NeedToFreeString)
|
2013-11-11 20:01:13 +00:00
|
|
|
{
|
|
|
|
|
ExFreePoolWithTag(MissingDriverName, TAG_LDR_WSTR);
|
|
|
|
|
}
|
2011-10-01 17:54:42 +00:00
|
|
|
|
2009-10-12 03:35:35 +00:00
|
|
|
/* Fail */
|
|
|
|
|
MiProcessLoaderEntry(LdrEntry, FALSE);
|
|
|
|
|
|
|
|
|
|
/* Check if we need to free the name */
|
|
|
|
|
if (LdrEntry->FullDllName.Buffer)
|
|
|
|
|
{
|
|
|
|
|
/* Free it */
|
2011-06-01 13:39:36 +00:00
|
|
|
ExFreePoolWithTag(LdrEntry->FullDllName.Buffer, TAG_LDR_WSTR);
|
2009-10-12 03:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Free the entry itself */
|
|
|
|
|
ExFreePoolWithTag(LdrEntry, TAG_MODULE_OBJECT);
|
|
|
|
|
LdrEntry = NULL;
|
|
|
|
|
goto Quickie;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Update the loader entry */
|
|
|
|
|
LdrEntry->Flags |= (LDRP_SYSTEM_MAPPED |
|
|
|
|
|
LDRP_ENTRY_PROCESSED |
|
|
|
|
|
LDRP_MM_LOADED);
|
|
|
|
|
LdrEntry->Flags &= ~LDRP_LOAD_IN_PROGRESS;
|
|
|
|
|
LdrEntry->LoadedImports = LoadedImports;
|
|
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* FIXME: Call driver verifier's loader function */
|
2009-10-12 03:35:35 +00:00
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Write-protect the system image */
|
|
|
|
|
MiWriteProtectSystemImage(LdrEntry->DllBase);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
2021-01-04 21:08:48 +00:00
|
|
|
/* Initialize the security cookie (Win7 is not doing this yet!) */
|
|
|
|
|
LdrpInitSecurityCookie(LdrEntry);
|
|
|
|
|
|
2009-10-12 03:35:35 +00:00
|
|
|
/* Check if notifications are enabled */
|
|
|
|
|
if (PsImageNotifyEnabled)
|
|
|
|
|
{
|
|
|
|
|
/* Fill out the notification data */
|
|
|
|
|
ImageInfo.Properties = 0;
|
|
|
|
|
ImageInfo.ImageAddressingMode = IMAGE_ADDRESSING_MODE_32BIT;
|
|
|
|
|
ImageInfo.SystemModeImage = TRUE;
|
|
|
|
|
ImageInfo.ImageSize = LdrEntry->SizeOfImage;
|
|
|
|
|
ImageInfo.ImageBase = LdrEntry->DllBase;
|
|
|
|
|
ImageInfo.ImageSectionNumber = ImageInfo.ImageSelector = 0;
|
|
|
|
|
|
|
|
|
|
/* Send the notification */
|
|
|
|
|
PspRunLoadImageNotifyRoutines(FileName, NULL, &ImageInfo);
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-09 17:47:01 +00:00
|
|
|
#ifdef __ROS_ROSSYM__
|
2009-11-08 01:13:49 +00:00
|
|
|
/* MiCacheImageSymbols doesn't detect rossym */
|
2009-10-12 03:35:35 +00:00
|
|
|
if (TRUE)
|
|
|
|
|
#else
|
2009-11-08 01:13:49 +00:00
|
|
|
/* Check if there's symbols */
|
2009-10-12 03:35:35 +00:00
|
|
|
if (MiCacheImageSymbols(LdrEntry->DllBase))
|
|
|
|
|
#endif
|
|
|
|
|
{
|
|
|
|
|
/* Check if the system root is present */
|
|
|
|
|
if ((PrefixName.Length > (11 * sizeof(WCHAR))) &&
|
|
|
|
|
!(_wcsnicmp(PrefixName.Buffer, L"\\SystemRoot", 11)))
|
|
|
|
|
{
|
|
|
|
|
/* Add the system root */
|
|
|
|
|
UnicodeTemp = PrefixName;
|
|
|
|
|
UnicodeTemp.Buffer += 11;
|
|
|
|
|
UnicodeTemp.Length -= (11 * sizeof(WCHAR));
|
|
|
|
|
sprintf_nt(Buffer,
|
|
|
|
|
"%ws%wZ",
|
|
|
|
|
&SharedUserData->NtSystemRoot[2],
|
|
|
|
|
&UnicodeTemp);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Build the name */
|
|
|
|
|
sprintf_nt(Buffer, "%wZ", &BaseName);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Setup the ansi string */
|
|
|
|
|
RtlInitString(&AnsiTemp, Buffer);
|
|
|
|
|
|
|
|
|
|
/* Notify the debugger */
|
2009-10-25 15:56:38 +00:00
|
|
|
DbgLoadImageSymbols(&AnsiTemp,
|
|
|
|
|
LdrEntry->DllBase,
|
2014-05-22 10:18:22 +00:00
|
|
|
(ULONG_PTR)PsGetCurrentProcessId());
|
2009-10-12 03:35:35 +00:00
|
|
|
LdrEntry->Flags |= LDRP_DEBUG_SYMBOLS_LOADED;
|
|
|
|
|
}
|
|
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* Page the driver */
|
2009-10-12 03:35:35 +00:00
|
|
|
ASSERT(Section == NULL);
|
2010-04-21 14:06:01 +00:00
|
|
|
MiEnablePagingOfDriver(LdrEntry);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Return pointers */
|
2009-11-08 01:13:49 +00:00
|
|
|
*ModuleObject = LdrEntry;
|
|
|
|
|
*ImageBaseAddress = LdrEntry->DllBase;
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
Quickie:
|
|
|
|
|
/* Check if we have the lock acquired */
|
|
|
|
|
if (LockOwned)
|
|
|
|
|
{
|
|
|
|
|
/* Release the lock */
|
2020-10-16 14:09:08 +00:00
|
|
|
KeReleaseMutant(&MmSystemLoadLock, MUTANT_INCREMENT, FALSE, FALSE);
|
2009-10-12 03:35:35 +00:00
|
|
|
KeLeaveCriticalRegion();
|
|
|
|
|
LockOwned = FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* If we have a file handle, close it */
|
|
|
|
|
if (FileHandle) ZwClose(FileHandle);
|
|
|
|
|
|
2011-03-25 22:28:15 +00:00
|
|
|
/* Check if we had a prefix (not supported yet - PrefixName == *FileName now) */
|
|
|
|
|
/* if (NamePrefix) ExFreePool(PrefixName.Buffer); */
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Free the name buffer and return status */
|
2011-06-01 13:39:36 +00:00
|
|
|
ExFreePoolWithTag(Buffer, TAG_LDR_WSTR);
|
2009-10-12 03:35:35 +00:00
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
2010-04-20 22:47:51 +00:00
|
|
|
PLDR_DATA_TABLE_ENTRY
|
|
|
|
|
NTAPI
|
|
|
|
|
MiLookupDataTableEntry(IN PVOID Address)
|
|
|
|
|
{
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry, FoundEntry = NULL;
|
|
|
|
|
PLIST_ENTRY NextEntry;
|
|
|
|
|
PAGED_CODE();
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-20 22:47:51 +00:00
|
|
|
/* Loop entries */
|
|
|
|
|
NextEntry = PsLoadedModuleList.Flink;
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
/* Get the loader entry */
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-20 22:47:51 +00:00
|
|
|
/* Check if the address matches */
|
|
|
|
|
if ((Address >= LdrEntry->DllBase) &&
|
|
|
|
|
(Address < (PVOID)((ULONG_PTR)LdrEntry->DllBase +
|
|
|
|
|
LdrEntry->SizeOfImage)))
|
|
|
|
|
{
|
|
|
|
|
/* Found a match */
|
|
|
|
|
FoundEntry = LdrEntry;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-20 22:47:51 +00:00
|
|
|
/* Move on */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
} while(NextEntry != &PsLoadedModuleList);
|
2010-12-26 15:23:03 +00:00
|
|
|
|
2010-04-20 22:47:51 +00:00
|
|
|
/* Return the entry */
|
|
|
|
|
return FoundEntry;
|
|
|
|
|
}
|
|
|
|
|
|
2010-04-21 14:06:01 +00:00
|
|
|
/* PUBLIC FUNCTIONS ***********************************************************/
|
|
|
|
|
|
2010-04-20 22:47:51 +00:00
|
|
|
/*
|
|
|
|
|
* @implemented
|
|
|
|
|
*/
|
|
|
|
|
PVOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MmPageEntireDriver(IN PVOID AddressWithinSection)
|
|
|
|
|
{
|
|
|
|
|
PMMPTE StartPte, EndPte;
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry;
|
|
|
|
|
PAGED_CODE();
|
|
|
|
|
|
|
|
|
|
/* Get the loader entry */
|
|
|
|
|
LdrEntry = MiLookupDataTableEntry(AddressWithinSection);
|
|
|
|
|
if (!LdrEntry) return NULL;
|
|
|
|
|
|
|
|
|
|
/* Check if paging of kernel mode is disabled or if the driver is mapped as an image */
|
|
|
|
|
if ((MmDisablePagingExecutive) || (LdrEntry->SectionPointer))
|
|
|
|
|
{
|
|
|
|
|
/* Don't do anything, just return the base address */
|
|
|
|
|
return LdrEntry->DllBase;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Wait for active DPCs to finish before we page out the driver */
|
|
|
|
|
KeFlushQueuedDpcs();
|
|
|
|
|
|
|
|
|
|
/* Get the PTE range for the whole driver image */
|
|
|
|
|
StartPte = MiAddressToPte((ULONG_PTR)LdrEntry->DllBase);
|
|
|
|
|
EndPte = MiAddressToPte((ULONG_PTR)LdrEntry->DllBase + LdrEntry->SizeOfImage);
|
2010-04-21 14:06:01 +00:00
|
|
|
|
2010-04-20 22:47:51 +00:00
|
|
|
/* Enable paging for the PTE range */
|
|
|
|
|
ASSERT(MI_IS_SESSION_IMAGE_ADDRESS(AddressWithinSection) == FALSE);
|
|
|
|
|
MiSetPagingOfDriver(StartPte, EndPte);
|
2010-04-21 14:06:01 +00:00
|
|
|
|
2010-04-20 22:47:51 +00:00
|
|
|
/* Return the base address */
|
|
|
|
|
return LdrEntry->DllBase;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* @unimplemented
|
|
|
|
|
*/
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MmResetDriverPaging(IN PVOID AddressWithinSection)
|
|
|
|
|
{
|
|
|
|
|
UNIMPLEMENTED;
|
|
|
|
|
}
|
2010-04-21 14:06:01 +00:00
|
|
|
|
2009-10-12 03:35:35 +00:00
|
|
|
/*
|
|
|
|
|
* @implemented
|
|
|
|
|
*/
|
|
|
|
|
PVOID
|
|
|
|
|
NTAPI
|
|
|
|
|
MmGetSystemRoutineAddress(IN PUNICODE_STRING SystemRoutineName)
|
|
|
|
|
{
|
|
|
|
|
PVOID ProcAddress = NULL;
|
|
|
|
|
ANSI_STRING AnsiRoutineName;
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
PLIST_ENTRY NextEntry;
|
|
|
|
|
PLDR_DATA_TABLE_ENTRY LdrEntry;
|
|
|
|
|
BOOLEAN Found = FALSE;
|
|
|
|
|
UNICODE_STRING KernelName = RTL_CONSTANT_STRING(L"ntoskrnl.exe");
|
|
|
|
|
UNICODE_STRING HalName = RTL_CONSTANT_STRING(L"hal.dll");
|
|
|
|
|
ULONG Modules = 0;
|
|
|
|
|
|
|
|
|
|
/* Convert routine to ansi name */
|
|
|
|
|
Status = RtlUnicodeStringToAnsiString(&AnsiRoutineName,
|
|
|
|
|
SystemRoutineName,
|
|
|
|
|
TRUE);
|
|
|
|
|
if (!NT_SUCCESS(Status)) return NULL;
|
|
|
|
|
|
|
|
|
|
/* Lock the list */
|
|
|
|
|
KeEnterCriticalRegion();
|
2009-11-12 19:41:39 +00:00
|
|
|
ExAcquireResourceSharedLite(&PsLoadedModuleResource, TRUE);
|
2009-10-12 03:35:35 +00:00
|
|
|
|
|
|
|
|
/* Loop the loaded module list */
|
|
|
|
|
NextEntry = PsLoadedModuleList.Flink;
|
|
|
|
|
while (NextEntry != &PsLoadedModuleList)
|
|
|
|
|
{
|
|
|
|
|
/* Get the entry */
|
|
|
|
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
|
|
|
|
LDR_DATA_TABLE_ENTRY,
|
|
|
|
|
InLoadOrderLinks);
|
|
|
|
|
|
|
|
|
|
/* Check if it's the kernel or HAL */
|
|
|
|
|
if (RtlEqualUnicodeString(&KernelName, &LdrEntry->BaseDllName, TRUE))
|
|
|
|
|
{
|
|
|
|
|
/* Found it */
|
|
|
|
|
Found = TRUE;
|
|
|
|
|
Modules++;
|
|
|
|
|
}
|
|
|
|
|
else if (RtlEqualUnicodeString(&HalName, &LdrEntry->BaseDllName, TRUE))
|
|
|
|
|
{
|
|
|
|
|
/* Found it */
|
|
|
|
|
Found = TRUE;
|
|
|
|
|
Modules++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check if we found a valid binary */
|
|
|
|
|
if (Found)
|
|
|
|
|
{
|
|
|
|
|
/* Find the procedure name */
|
|
|
|
|
ProcAddress = MiFindExportedRoutineByName(LdrEntry->DllBase,
|
|
|
|
|
&AnsiRoutineName);
|
|
|
|
|
|
|
|
|
|
/* Break out if we found it or if we already tried both modules */
|
|
|
|
|
if (ProcAddress) break;
|
|
|
|
|
if (Modules == 2) break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Keep looping */
|
|
|
|
|
NextEntry = NextEntry->Flink;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Release the lock */
|
2009-11-12 19:41:39 +00:00
|
|
|
ExReleaseResourceLite(&PsLoadedModuleResource);
|
2009-10-12 03:35:35 +00:00
|
|
|
KeLeaveCriticalRegion();
|
|
|
|
|
|
|
|
|
|
/* Free the string and return */
|
|
|
|
|
RtlFreeAnsiString(&AnsiRoutineName);
|
|
|
|
|
return ProcAddress;
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-28 12:17:23 +00:00
|
|
|
/* EOF */
|