- Add probing of the result buffer

- Add missing target process reference/dereference in MemorySectionName case of NtQueryVirtualMemory. Fixes 2 "psapi_winetest" failures. svn path=/trunk/; revision=41406
2024-10-04 00:13:57 +00:00 · 2009-06-14 08:30:22 +00:00 · 2009-06-14 08:30:22 +00:00 · a72b50ba4d
parent 7c65e049ea
commit a72b50ba4d
1 changed files with 22 additions and 2 deletions
--- a/reactos/ntoskrnl/mm/virtual.c
+++ b/reactos/ntoskrnl/mm/virtual.c
@ -849,6 +849,7 @@ NtProtectVirtualMemory(IN HANDLE ProcessHandle,
    SIZE_T NumberOfBytesToProtect = 0;
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
    NTSTATUS Status = STATUS_SUCCESS;
+    PAGED_CODE();

    /* Check for valid protection flags */
    Protection = NewAccessProtection & ~(PAGE_GUARD|PAGE_NOCACHE);
@ -961,6 +962,7 @@ NtQueryVirtualMemory(IN HANDLE ProcessHandle,
    WCHAR ModuleFileNameBuffer[MAX_PATH] = {0};
    UNICODE_STRING ModuleFileName;
    PMEMORY_SECTION_NAME SectionName = NULL;
+    PEPROCESS Process;
    union
    {
        MEMORY_BASIC_INFORMATION BasicInfo;
@ -975,11 +977,15 @@ NtQueryVirtualMemory(IN HANDLE ProcessHandle,

    PreviousMode =  ExGetPreviousMode();

-    if (PreviousMode != KernelMode && UnsafeResultLength != NULL)
+    if (PreviousMode != KernelMode)
    {
        _SEH2_TRY
        {
-            ProbeForWriteSize_t(UnsafeResultLength);
+            ProbeForWrite(VirtualMemoryInformation,
+                          Length,
+                          sizeof(ULONG_PTR));
+
+            if (UnsafeResultLength) ProbeForWriteSize_t(UnsafeResultLength);
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
@ -1002,6 +1008,19 @@ NtQueryVirtualMemory(IN HANDLE ProcessHandle,
    /* FIXME: Move this inside MiQueryVirtualMemory */
    if (VirtualMemoryInformationClass == MemorySectionName)
    {
+        Status = ObReferenceObjectByHandle(ProcessHandle,
+                                           PROCESS_QUERY_INFORMATION,
+                                           NULL,
+                                           PreviousMode,
+                                           (PVOID*)(&Process),
+                                           NULL);
+
+        if (!NT_SUCCESS(Status))
+        {
+            DPRINT("NtQueryVirtualMemory() = %x\n",Status);
+            return(Status);
+        }
+
        RtlInitEmptyUnicodeString(&ModuleFileName, ModuleFileNameBuffer, sizeof(ModuleFileNameBuffer));
        Status = MmGetFileNameForAddress(Address, &ModuleFileName);

@ -1039,6 +1058,7 @@ NtQueryVirtualMemory(IN HANDLE ProcessHandle,
                }
            }
        }
+        ObDereferenceObject(Process);
        return Status;
    }
    else