Mark Jansen
2450dec427
[NTOS/MM] Ensure ImageBase is not used uninitialized
2019-04-30 18:57:43 +02:00
Hermès Bélusca-Maïto
884db2ea06
[NTOS:CM] In CmpParseKey(), do not assert but instead correctly return failure if CmpHandleExitNode() doesn't return a valid node, or CmpCreateKeyControlBlock() fails.
2019-04-22 21:09:10 +02:00
Hermès Bélusca-Maïto
627b1df579
[NTOS] Fix typos.
2019-04-22 19:41:19 +02:00
Bernhard Feichtinger
f5471b7b4b
[NTOS][USERSRV] Silence noisy debug output.
2019-04-22 17:41:17 +02:00
Eric Kohl
cfe54aa4b5
[NTOSKRNL] Revert f71588ff
as it seems to break the tests
2019-04-20 23:26:57 +02:00
Pierre Schweitzer
335b906ca8
[NTOSKRNL] Drop the useless Timestamp field
2019-04-20 11:31:59 +02:00
Pierre Schweitzer
77b6899d89
[NTOSKRNL] Don't set VACB dirty on release if already dirty
...
CORE-15954
2019-04-20 11:23:35 +02:00
Pierre Schweitzer
bd75947372
[NTOSKRNL] Drop the no longer needed Dirty field
...
CORE-15954
2019-04-18 08:14:41 +02:00
Pierre Schweitzer
8b6696fcdb
[NTOSKRNL] Don't mark VACB dirty on unpin
...
This could happen if BCB was marked dirty previously.
Marking VACB dirty on unpin could lead to a double write of
the VACB, even if clean.
Indeed, now that setting BCB dirty leads to marking VACB
dirty, the VACB can be flushed in between by the lazy-writer.
The BCB state is not reset on VACB flush, contrary to the VACB state.
Thus, on unpin even if the VACB was already flushed, we were
setting back the dirty state, leading the VACB to be flushed again.
This could bring a small performance downgrade. Though it remains
limited since this is mostly used for FS metadata.
Possibly it could lead to metadata corruption, but this is likely
less possible.
CORE-15954
2019-04-17 22:35:19 +02:00
Eric Kohl
f71588ff7a
[NTOSKRNL] NtPowerInformation: Report an AC powered machine by default.
2019-04-16 20:41:21 +02:00
Eric Kohl
fb36723066
[NTOSKRNL] Initialize GUID_DEVICE_BATTERY properly
2019-04-08 21:19:57 +02:00
Hervé Poussineau
4d1a8f8f54
[NTOS:FSRTL] Use _SEH2_AbnormalTermination() instead of _abnormal_termination()
...
We're already using SEH2 macros, so also use SEH2 functions
2019-04-07 19:28:18 +02:00
Eric Kohl
626aaf227c
[NTOSKRNL] Use global power capabilities and report button presence
...
- Add and initialize a global power capabilities variable.
- Return the global power capabilities via NtPowerInformation.SystemPowerCapabilities.
- Report the presence of power button, sleep button and lid.
2019-04-07 16:42:58 +02:00
Jérôme Gardou
979972b900
[CMAKE] unset EXPORT_SYMBOL for modules and shared libraries
...
We don't use that
2019-04-06 17:43:38 +02:00
Bartosz Brachaczek
d256ff6006
[NTOSKRNL] Do not try to access OldBackTracking[-1]
...
It can be triggered by the existing "F<", "FILE.TXT" case in the tests.
CORE-15902
2019-04-01 08:28:00 +02:00
Bartosz Brachaczek
695e00fbbd
[NTOSKRNL] Unify buffer size calculation in FsRtlIs{Name,Dbcs}InExpression
...
It better captures the intent now in FsRtlIsNameInExpressionPrivate and
fixes a slight overallotion by 4 bytes in FsRtlIsDbcsInExpression.
While at it, use the ANSI_DOS_DOT macro in the Dbcs version.
CORE-15902
2019-04-01 08:27:59 +02:00
Bartosz Brachaczek
e9b438bfaa
[NTOSKRNL] Addendum to 21d2c70
: properly start DOS_START loop
...
Fixes last failing test.
CORE-15902
2019-03-31 19:35:25 +02:00
Maxim Smirnov
d29e216f99
[NTOSKRNL] In MmCreateImageSection, properly check whether cache was initialized
...
This fixes a crash that occurs if nul is typed in cmd.exe
2019-03-31 13:51:06 +02:00
Bartosz Brachaczek
8bc9935fcb
[NTOSKRNL] Properly copy backtracking buffer content on realloc
...
CORE-15902
2019-03-31 11:44:01 +02:00
Bartosz Brachaczek
21d2c70bb4
[NTOSKRNL] Properly compare position to name length in FsRtlIsNameInExpressionPrivate
...
CORE-15902
2019-03-31 11:44:00 +02:00
Bartosz Brachaczek
5d5e9c8486
[NTOSKRNL] Don't overflow backtrack stack buffer
...
CORE-15902
2019-03-31 11:44:00 +02:00
Bartosz Brachaczek
b1ae592e7f
[NTOSKRNL] Don't oversize buffer for backtracking in FsRtlIsNameInExpressionPrivate
...
CORE-15902
2019-03-31 11:44:00 +02:00
Thomas Faber
d605b5063f
[NTOS:IO] Send IRPs to the correct device in IoVolumeDeviceToDosName. CORE-15415
2019-03-30 10:13:27 +01:00
Pierre Schweitzer
3a5063948e
[MEH] Forgot that file :-(
2019-03-29 21:51:41 +01:00
Pierre Schweitzer
ef8b1a1907
[NTOSKRNL] We don't need an event if we don't issue an IRP
2019-03-29 21:47:34 +01:00
Pierre Schweitzer
28ba29e457
[NTOSKRNL] Implement support for FileFsDriverPathInformation in NtQueryVolumeInformationFile
2019-03-29 21:42:42 +01:00
Pierre Schweitzer
092c37f845
[NTOSKRNL] Do. Not. L. E. A. K.
2019-03-29 19:51:38 +01:00
Pierre Schweitzer
d75ccd01f7
[NTOSKRNL] Only allow direct device open for FileFsDeviceInformation
2019-03-28 22:39:38 +01:00
Pierre Schweitzer
ce6488df31
[NTOSKRNL] Add a quick path for FileFsDeviceInformation in NtQueryVolumeInformationFile
...
This allows querying volume information without issuing an IRP to the owner device.
The kernel is supposed to already have all the required information to return
to the caller.
Side effect: this allows querying volume information for devices not implementing
IRP_MJ_QUERY_VOLUME_INFORMATION such as null.sys
This fixes opening null device in Python.
Fix based on debugging by Maxim Smirnov in PR #1442
CORE-14551
2019-03-28 22:39:38 +01:00
Thomas Faber
8c358a4a90
[NTOS:FSTUB] Unfix format string warning until GUID definition is fixed.
2019-03-25 22:40:41 +01:00
Thomas Faber
a976ebb031
[NTOS:IO] Avoid an unnecessary stack buffer in OpenRegistryHandlesFromSymbolicLink. CORE-15882
2019-03-25 08:43:47 +01:00
Thomas Faber
b0bb3d0041
[NTOS:FSTUB] Fix a clang format string warning.
2019-03-25 08:41:55 +01:00
Thomas Faber
57225adaac
[NTOS:IO] Fix always-false condition in IoCheckEaBufferValidity.
...
Spotted by clang.
2019-03-25 08:41:51 +01:00
Thomas Faber
faaf2dc0e6
[NTOS:KDBG] Fix uninitialized variable usage.
...
Spotted by clang.
2019-03-25 08:41:44 +01:00
Thomas Faber
938f0e469d
[NTOS:IO] Enable privilege check in NtLoadDriver.
2019-03-11 08:30:14 +01:00
Timo Kreuzer
8a4c5763da
[NTOS:PS] Use NULL instead of 0 in ps/kill.c
2019-03-06 00:49:59 +01:00
Timo Kreuzer
addc01d90b
[NTOS:KE] Add function comments
2019-03-06 00:39:25 +01:00
Timo Kreuzer
42730f9373
[NTOS:EX] Fix 64 bit issues in ExfWaitForRundownProtectionReleaseCacheAware
2019-03-04 21:58:42 +01:00
Pierre Schweitzer
1114b89952
[NTOSKRNL] Fix MSVC2010 build
2019-03-02 11:10:37 +01:00
Pierre Schweitzer
c2b6c3a69f
[NTOSKRNL] Fix ClockDiff aka fix MSVC build
2019-03-02 10:45:34 +01:00
Pierre Schweitzer
eb8b481cd4
[NTOSKRNL] Rewrite/fix our UUID generation implementation
...
So that it matches Windows behavior
Also implement ExUuidCreate that will generate UUID version 1
The implementation is based on the RFC 4122
2019-03-01 08:22:48 +01:00
Pierre Schweitzer
2d9673c68f
[NTOSKRNL] Introduce the UUID_CACHED_VALUES_STRUCT structure
...
Source: https://blog.48bits.com/el-codigo-ntoskvinci/
2019-03-01 08:22:47 +01:00
Pierre Schweitzer
81c88c1029
[NTOSKRNL] UuidMutex -> ExpUuidLock
2019-03-01 08:22:47 +01:00
Mark Jansen
5c05a29d3d
[APPHELP] Implement ShimDumpCache and ShimFlushCache
...
These functions simply call into the Base* functions,
having a prototype that is compatible with rundll32
CORE-11301
2019-02-25 20:00:34 +01:00
Timo Kreuzer
81727760e4
[NTOS::Mm] Fix inverted check in MiWriteProtectSystemImage
2019-02-24 20:34:02 +01:00
Thomas Faber
cf40421041
[NTOS:PNP] Correctly respect data size in PnpRegSzToString. CORE-15766
...
Spotted by Vadim Galyant.
2019-02-20 12:23:33 +01:00
Hermès Bélusca-Maïto
83fdb9a6d9
[NTOS:CM] Set and reset the CMHIVE HiveIsLoading flag adequately. Fix an assertion in CmFlushKey() and reset the CMHIVE ViewLockOwner when releasing the view lock.
2019-02-17 01:21:35 +01:00
Pierre Schweitzer
63b13ad939
[NTOSKRNL] Simplify object type name printing
2019-02-11 09:03:58 +01:00
Pierre Schweitzer
df829f7948
[NTOSKRNL] Also display sections name
2019-02-10 11:23:57 +01:00
Pierre Schweitzer
f4320047c3
[NTOSKRNL] Fix parsing loop
2019-02-09 13:59:11 +01:00