From 094a90ad4e7f14b67cc5e532347e738b95189cec Mon Sep 17 00:00:00 2001 From: Timo Kreuzer Date: Sat, 10 Feb 2018 23:57:27 +0100 Subject: [PATCH] [NTOS:PS] Fix an issue with PROCESS_DEVICEMAP_INFORMATION size on 64 bit builds The PROCESS_DEVICEMAP_INFORMATION union has 2 fields, one is a handle, the other one is a structure of 36 bytes (independent of architecture). The handle forces 64 bit alignment on 64 bit builds, making the structure 4 bytes bigger than on 32 bit builds. The site is checked in NtQueryInformationProcess (case ProcessDeviceMap). The expected size on x64 is the size of the Query structure without alignment. autocheck correctly passes the site of the Query union member, while smss passes the full size of PROCESS_DEVICEMAP_INFORMATION. Packing the structure is not an option, since it is defined in public headers without packing. Using the original headers sizeof(PROCESS_DEVICEMAP_INFORMATION) is 0x28, sizeof(PROCESS_DEVICEMAP_INFORMATION::Query) is 0x24. --- base/system/smss/pagefile.c | 4 ++-- dll/win32/kernel32/client/file/disk.c | 11 ++++++----- ntoskrnl/ps/query.c | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/base/system/smss/pagefile.c b/base/system/smss/pagefile.c index bd4df1a5c9f..6af9b214951 100644 --- a/base/system/smss/pagefile.c +++ b/base/system/smss/pagefile.c @@ -837,8 +837,8 @@ SmpCreateVolumeDescriptors(VOID) /* Query the device map so we can get the drive letters */ Status = NtQueryInformationProcess(NtCurrentProcess(), ProcessDeviceMap, - &ProcessInformation, - sizeof(ProcessInformation), + &ProcessInformation.Query, + sizeof(ProcessInformation.Query), NULL); if (!NT_SUCCESS(Status)) { diff --git a/dll/win32/kernel32/client/file/disk.c b/dll/win32/kernel32/client/file/disk.c index 7fe80616662..12751c6b1ad 100644 --- a/dll/win32/kernel32/client/file/disk.c +++ b/dll/win32/kernel32/client/file/disk.c @@ -115,8 +115,8 @@ GetLogicalDrives(VOID) /* Get the Device Map for this Process */ Status = NtQueryInformationProcess(NtCurrentProcess(), ProcessDeviceMap, - &ProcessDeviceMapInfo, - sizeof(ProcessDeviceMapInfo), + &ProcessDeviceMapInfo.Query, + sizeof(ProcessDeviceMapInfo.Query), NULL); /* Return the Drive Map */ @@ -557,9 +557,10 @@ GetDriveTypeW(IN LPCWSTR lpRootPathName) PROCESS_DEVICEMAP_INFORMATION DeviceMap; /* Query the device map */ - Status = NtQueryInformationProcess(NtCurrentProcess(), ProcessDeviceMap, - &DeviceMap, - sizeof(PROCESS_DEVICEMAP_INFORMATION), + Status = NtQueryInformationProcess(NtCurrentProcess(), + ProcessDeviceMap, + &DeviceMap.Query, + sizeof(DeviceMap.Query), NULL); /* Zero output if we failed */ if (!NT_SUCCESS(Status)) diff --git a/ntoskrnl/ps/query.c b/ntoskrnl/ps/query.c index 7a1767d54ff..1f605be3349 100644 --- a/ntoskrnl/ps/query.c +++ b/ntoskrnl/ps/query.c @@ -564,7 +564,7 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle, /* DOS Device Map */ case ProcessDeviceMap: - if (ProcessInformationLength != sizeof(PROCESS_DEVICEMAP_INFORMATION)) + if (ProcessInformationLength != RTL_FIELD_SIZE(PROCESS_DEVICEMAP_INFORMATION, Query)) { if (ProcessInformationLength == sizeof(PROCESS_DEVICEMAP_INFORMATION_EX)) {