[RTL] Use RtlApplicationVerifierStop for DPH

This commit is contained in:
Mark Jansen 2022-10-23 21:34:04 +02:00
parent d82185f104
commit e3ac541360
No known key found for this signature in database
GPG key ID: B39240EE84BEAE8B
2 changed files with 107 additions and 17 deletions

View file

@ -83,4 +83,33 @@ typedef struct _RTL_VERIFIER_PROVIDER_DESCRIPTOR {
#define RTL_VRF_DBG_ENTRYPOINT_HOOKS 0x10000
#define RTL_VRF_DBG_ENTRYPOINT_CALLS 0x20000
// Verifier stop codes
#define APPLICATION_VERIFIER_CORRUPT_HEAP_POINTER 0x0006
#define APPLICATION_VERIFIER_DOUBLE_FREE 0x0007
#define APPLICATION_VERIFIER_EXCEPTION_WHILE_VERIFYING_BLOCK_HEADER 0x000B
#define APPLICATION_VERIFIER_CORRUPTED_HEAP_BLOCK_AFTER_FREE 0x000D
#define APPLICATION_VERIFIER_CORRUPTED_INFIX_PATTERN 0x000E
#define APPLICATION_VERIFIER_CORRUPTED_SUFFIX_PATTERN 0x000F
#define APPLICATION_VERIFIER_CORRUPTED_START_STAMP 0x0010
#define APPLICATION_VERIFIER_CORRUPTED_END_STAMP 0x0011
#define APPLICATION_VERIFIER_CORRUPTED_PREFIX_PATTERN 0x0012
VOID NTAPI
RtlApplicationVerifierStop(
_In_ ULONG_PTR Code,
_In_ PCSTR Message,
_In_ PVOID Value1,
_In_ PCSTR Description1,
_In_ PVOID Value2,
_In_ PCSTR Description2,
_In_ PVOID Value3,
_In_ PCSTR Description3,
_In_ PVOID Value4,
_In_ PCSTR Description4);
#endif // REACTOS_VERIFIER_H

View file

@ -15,6 +15,7 @@
#include <rtl.h>
#include <heap.h>
#include <reactos/verifier.h>
#define NDEBUG
#include <debug.h>
@ -192,7 +193,11 @@ BOOLEAN NTAPI
RtlpDphIsNormalFreeHeapBlock(PVOID Block, PULONG ValidationInformation, BOOLEAN CheckFillers);
VOID NTAPI
RtlpDphReportCorruptedBlock(PDPH_HEAP_ROOT DphRoot, ULONG Reserved, PVOID Block, ULONG ValidationInfo);
RtlpDphReportCorruptedBlock(
_In_ PDPH_HEAP_ROOT DphRoot,
_In_ ULONG Reserved,
_In_ PVOID Block,
_In_ ULONG ValidationInfo);
BOOLEAN NTAPI
RtlpDphNormalHeapValidate(PDPH_HEAP_ROOT DphRoot, ULONG Flags, PVOID BaseAddress);
@ -231,6 +236,27 @@ RtlpDphPointerFromHandle(PVOID Handle)
return NULL;
}
PVOID NTAPI
RtlpDphHeapFromPointer(PDPH_HEAP_ROOT DphHeap)
{
return ((PUCHAR)DphHeap) - PAGE_SIZE;
}
ULONG NTAPI
RtlpDphGetBlockSizeFromCorruptedBlock(PVOID Block)
{
PDPH_BLOCK_INFORMATION BlockInfo;
BlockInfo = (PDPH_BLOCK_INFORMATION)Block - 1;
/* Check stamps */
if (BlockInfo->StartStamp != DPH_FILL_START_STAMP_1 && BlockInfo->StartStamp != DPH_FILL_START_STAMP_2)
{
return 0;
}
return BlockInfo->RequestedSize;
}
VOID NTAPI
RtlpDphEnterCriticalSection(PDPH_HEAP_ROOT DphRoot, ULONG Flags)
{
@ -1297,59 +1323,94 @@ RtlpDphVerifyIntegrity(PDPH_HEAP_ROOT DphRoot)
}
VOID NTAPI
RtlpDphReportCorruptedBlock(PDPH_HEAP_ROOT DphRoot,
ULONG Reserved,
PVOID Block,
ULONG ValidationInfo)
RtlpDphReportCorruptedBlock(
_In_ PDPH_HEAP_ROOT DphRoot,
_In_ ULONG Reserved,
_In_ PVOID Block,
_In_ ULONG ValidationInfo)
{
//RtlpDphGetBlockSizeFromCorruptedBlock();
PVOID Size = (PVOID)(ULONG_PTR)RtlpDphGetBlockSizeFromCorruptedBlock(Block);
DPH_BLOCK_INFORMATION SafeInfo = {0};
DPRINT1("Corrupted heap block %p\n", Block);
_SEH2_TRY
{
PDPH_BLOCK_INFORMATION BlockInfo = (PDPH_BLOCK_INFORMATION)Block - 1;
RtlCopyMemory(&SafeInfo, BlockInfo, sizeof(SafeInfo));
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
DPRINT1("ERROR: Could not read DPH_BLOCK_INFORMATION\n");
RtlZeroMemory(&SafeInfo, sizeof(SafeInfo));
}
_SEH2_END;
if (ValidationInfo & DPH_VALINFO_CORRUPTED_AFTER_FREE)
{
DPRINT1("block corrupted after having been freed\n");
RtlApplicationVerifierStop(
APPLICATION_VERIFIER_CORRUPTED_HEAP_BLOCK_AFTER_FREE, "block corrupted after having been freed",
RtlpDphHeapFromPointer(DphRoot), "Heap handle", Block, "Heap block", (PVOID)Size, "Block size", 0, "");
}
if (ValidationInfo & DPH_VALINFO_ALREADY_FREED)
{
DPRINT1("block already freed\n");
RtlApplicationVerifierStop(
APPLICATION_VERIFIER_DOUBLE_FREE, "block already freed", RtlpDphHeapFromPointer(DphRoot), "Heap handle",
Block, "Heap block", Size, "Block size", 0, "");
}
if (ValidationInfo & DPH_VALINFO_BAD_INFIX_PATTERN)
{
DPRINT1("corrupted infix pattern for freed block\n");
RtlApplicationVerifierStop(
APPLICATION_VERIFIER_CORRUPTED_INFIX_PATTERN, "corrupted infix pattern for freed block",
RtlpDphHeapFromPointer(DphRoot), "Heap handle", Block, "Heap block", Size, "Block size", 0, "");
}
if (ValidationInfo & DPH_VALINFO_BAD_POINTER)
{
DPRINT1("corrupted heap pointer or using wrong heap\n");
RtlApplicationVerifierStop(
APPLICATION_VERIFIER_CORRUPT_HEAP_POINTER, "corrupted heap pointer or using wrong heap",
RtlpDphHeapFromPointer(DphRoot), "Heap handle used", Block, "Heap block", Size, "Block size",
SafeInfo.Heap, "Actual heap handle");
}
if (ValidationInfo & DPH_VALINFO_BAD_SUFFIX_PATTERN)
{
DPRINT1("corrupted suffix pattern\n");
RtlApplicationVerifierStop(
APPLICATION_VERIFIER_CORRUPTED_SUFFIX_PATTERN, "corrupted suffix pattern", RtlpDphHeapFromPointer(DphRoot),
"Heap handle used", Block, "Heap block", Size, "Block size", 0, "");
}
if (ValidationInfo & DPH_VALINFO_BAD_PREFIX_PATTERN)
{
DPRINT1("corrupted prefix pattern\n");
RtlApplicationVerifierStop(
APPLICATION_VERIFIER_CORRUPTED_PREFIX_PATTERN, "corrupted prefix pattern", RtlpDphHeapFromPointer(DphRoot),
"Heap handle used", Block, "Heap block", Size, "Block size", 0, "");
}
if (ValidationInfo & DPH_VALINFO_BAD_START_STAMP)
{
DPRINT1("corrupted start stamp\n");
RtlApplicationVerifierStop(
APPLICATION_VERIFIER_CORRUPTED_START_STAMP, "corrupted start stamp", RtlpDphHeapFromPointer(DphRoot),
"Heap handle used", Block, "Heap block", Size, "Block size", (PVOID)(ULONG_PTR)SafeInfo.StartStamp,
"Corrupted start stamp");
}
if (ValidationInfo & DPH_VALINFO_BAD_END_STAMP)
{
DPRINT1("corrupted end stamp\n");
RtlApplicationVerifierStop(
APPLICATION_VERIFIER_CORRUPTED_END_STAMP, "corrupted end stamp", RtlpDphHeapFromPointer(DphRoot),
"Heap handle used", Block, "Heap block", Size, "Block size", (PVOID)(ULONG_PTR)SafeInfo.EndStamp,
"Corrupted end stamp");
}
if (ValidationInfo & DPH_VALINFO_EXCEPTION)
{
DPRINT1("exception raised while verifying block\n");
RtlApplicationVerifierStop(
APPLICATION_VERIFIER_EXCEPTION_WHILE_VERIFYING_BLOCK_HEADER, "exception raised while verifying block",
RtlpDphHeapFromPointer(DphRoot), "Heap handle used", Block, "Heap block", Size, "Block size", 0, "");
}
DPRINT1("Corrupted heap block %p\n", Block);
}
BOOLEAN NTAPI