Commit graph

1068 commits

Author SHA1 Message Date
Jérôme Gardou
662774bca3 [NTOS] Do not force-align an integer value 2021-04-28 13:10:23 +02:00
George Bișoc
44fb528fcc
[NTOS:SE] Implement the NtImpersonateAnonymousToken system call
Implement SepImpersonateAnonymousToken private helpers, which is necessary for the complete implementation of NtImpersonateAnonymousToken function and thus finally we're able to impersonate the anonymous logon token.
2021-04-27 12:25:03 +02:00
George Bișoc
12c69e6d63
[NTOS:SE] Add the declaration prototype of SepRegQueryHelper in the internal header 2021-04-27 12:25:03 +02:00
George Bișoc
b68216e503
[NTOS:SE] Annotate the function parameters of SepRegQueryHelper with SAL
And add a documentation comment header
2021-04-27 12:25:03 +02:00
George Bișoc
f9c603db6e
[NTOS:OB] Do not close the handle if it's granted access to ObpAccessProtectCloseBit
As of now the Object Manager private service, ObpCloseHandleTableEntry, looks for OBJ_PROTECT_CLOSE attribute if a handle should not be closed. However, in ObDuplicateObject if an attribute of OBJ_PROTECT_CLOSE is found as it's been filled to the caller (see L2466) this attribute is removed from the attributes list of the new handle and ObpAccessProtectCloseBit access is granted to the newly duplicated object handle.

With that being said ObpCloseHandleTableEntry indiscriminately closes the object handle albeit it shouldn't do so. As a matter of fact in Windows Server 2003 SP2 this service indeed checks for ObpAccessProtectCloseBit flag bit and if the condition is met then it returns STATUS_HANDLE_NOT_CLOSABLE as it should. Therefore we should do the same.

Now NtClose can properly warn the calling thread the object handle can't be closed which fixes a testcase failure within NtDuplicateObject NTDLL APITEST where this function gives handle close protection bit as requested by the caller.
2021-04-26 19:36:38 +02:00
Serge Gautherie
710acab83d [NTOS:MM] MiSetPagingOfDriver(): Add an explicit #if around unreachable code 2021-04-26 10:27:20 +02:00
George Bișoc
3d8dd932b1
[NTOS:SE] Lock the token in SeQueryInformationToken and do some cleanup
* Guard the token in a lock whilst querying stuff
* Remove the piece of code that checks if the information class provided is above the maximum information class threshold. That code literally duplicates the inner functionality of the default case in the switch block, where the code falls in that case if an invalid information class is provided anyway.
* Remove the redundant information classes. Internally, this function in Windows has 12 switch case blocks (11 token info classes + the default case) and the other classes are supported in NtQueryInformationToken only so it doesn't make any logical sense to keep them in the codebase.
* Annotate the argument parameters with SAL and add documentation header
2021-04-18 13:56:37 +02:00
Hermès Bélusca-Maïto
3ad573f92f
[NTOS:KE] Both KeFindConfigurationEntry() and KeFindConfigurationNextEntry() functions are exported by NTOSKRNL, so they definitively must NOT be in the discardable INIT section!!
Noticed while reviewing c7d1ff4a.
2021-04-10 00:43:52 +02:00
Victor Perevertkin
f3e1697c2b
[NDK] DATA_SEG requires an extra #pragma on MSVC 2021-04-09 04:38:35 +03:00
Jérôme Gardou
c48580135d [NTOS:MM] Fix a bit page fault handler with regard to COW sections 2021-04-08 15:40:37 +02:00
Jérôme Gardou
a34d9bcfb6 [NTOS:MM] Share "page.c" between i386 & amd64 builds 2021-04-08 15:40:37 +02:00
Jérôme Gardou
7ea8312617 [NTOS:MM] Split MmCreateProcessAddressSpace in two parts
Generic one and arch-specific one.
Properly fail if we are out of resources.
Restore a lost assert.
2021-04-08 15:40:37 +02:00
Jérôme Gardou
6c027d28f9 [NTOS:MM] Properly track system process hyper space PDE page 2021-04-08 15:40:37 +02:00
Jérôme Gardou
370982aa1d [NTOS:MM] Make i386/page.c usable for all x86 variants
This includes PAE & amd64
2021-04-08 15:40:37 +02:00
Jérôme Gardou
b10d92a16c [NTOS:MM] Use MI_MAKE_HARDWARE_PTE & friends in legacy Mm 2021-04-08 15:40:37 +02:00
Jérôme Gardou
43378411fb [NTOS:MM] Rewrite arch-specifics of the legacy Mm
Properly handle PDE refcounting
Clean-up of the internal API
Enforce attaching to the process when modifying its memory layout, instead of
making circonvoluted mappings which always end up being broken.
2021-04-08 15:40:37 +02:00
Jérôme Gardou
b445005c70 [NTOS:MM] Get rid of MmRosFlushVirtualMemory
It's not used anywhere now, and it will eventually be gone
2021-04-08 15:40:37 +02:00
Jérôme Gardou
9e121fb6c2 [NTOS:MM] Get rid of MmSetCleanAllRmaps and MmIsDirtyPageRmap
Everything is wrong with them. Bad locking. Bad logic.
2021-04-08 15:40:37 +02:00
Jérôme Gardou
7bffb92099 [NTOS:MM] Let ARM3 handle invalid PDE for itself. 2021-04-08 15:40:37 +02:00
Jérôme Gardou
36a92e6ea5 [NTOS:MM] Fix a bit the page-out/page-in logic
- Do not lock the section segment when we are serving a fault for a process private page.
 - Do not keep the process address space lock while writing to pagefile.
 - Do not wait for an event that might never be set.
2021-04-08 15:40:37 +02:00
Jérôme Gardou
82c908195c Revert "[NTOS:MM] Allow MiMapPageInHyperSpace to be called from DISPATCH_LEVEL"
This reverts commit 8404d1a6ff.
Not ready for prime time, sorry.
2021-04-07 23:26:44 +02:00
Jérôme Gardou
8404d1a6ff [NTOS:MM] Allow MiMapPageInHyperSpace to be called from DISPATCH_LEVEL
Also annotate it to show its behaviour.
2021-04-07 23:09:26 +02:00
Oleg Dubinskiy
52f4d8019b [NTOS:MM][NTOS:SE] Mute some noisy stubs
Mute debug prints of MmDoesFileHaveUserWritableReferences and SeAuditingFileEventsWithContext stubs.
These stubs are very noisy and create a lot of spam in the log when using Microsoft NTFS driver in ReactOS (with some other improvements applied).
Implementing those functions isn't badly required for the proper work of this driver, so better way for now is just mute these stubs a bit.
After my changes, they will be displayed only once, and the log will be more clear, so it will seem to be enough to understand that the driver calls these routines.
CORE-17409
2021-04-07 13:16:03 +02:00
Jérôme Gardou
0d3825862f [NTOS:KE] Rewrite KiSystemCallTrampoline in assembly
Instead of making assumptions about what the compiler does with forced-inline functions
2021-04-06 17:57:18 +02:00
Eric Kohl
d8c38c4b4c [NTOS:PNP] PiSetDevNodeText: Do not overwrite existing DeviceDesc values
CORE-17513
2021-04-05 14:33:48 +02:00
Mark Jansen
5e928e5c92
[NTOS:MM] Stubplement cookie generation for drivers 2021-04-03 18:08:53 +02:00
Eric Kohl
c449929fef [NTOS:EX] Use RtlCutoverTimeToSystemTime to determine the current time zone id
CORE-14658
2021-04-03 09:38:07 +02:00
Jérôme Gardou
998870c5ea [NTOS:MM] Properly fail for invalid sizes of data section mappings 2021-03-30 22:20:15 +02:00
Jérôme Gardou
4c731adc04 [NTOS:MM] Fix compilation when PFN tracing is enabled 2021-03-30 17:22:09 +02:00
Jérôme Gardou
80f8beeeee [NTOS/MM] Remove an outdated check 2021-03-30 17:13:19 +02:00
Jérôme Gardou
0187c1e113 [NTOS:MM] Fix PFN tracing 2021-03-30 16:26:43 +02:00
George Bișoc
eba68ffb9c [NTOS:SE] Specify the code section of SepCreateSystemProcessToken as INIT
This function is used during the Security kernel module phase initialisation to set up the system process token which the phase initialisation procedure in itself is stored in the INIT section. With that being said, do the same for SepCreateSystemProcessToken too and add a header documentation as an addition.
2021-03-25 02:30:46 +03:00
George Bișoc
5b5b814af8 [NTOS:SE] Create the anonymous logon tokens on Security initialisation phase 2021-03-25 02:30:46 +03:00
George Bișoc
fe0f9d8646 [NTOS:SE] Implement SepCreateSystemAnonymousLogonToken and SepCreateSystemAnonymousLogonTokenNoEveryone functions
These private functions are needed to set up two different kinds of system's anonymous logon tokens: one that includes everyone in the group and the other that doesn't. These functions are needed as next step closer to the
implementation of NtImpersonateAnonymousToken system call.
2021-03-25 02:30:46 +03:00
George Bișoc
b28530d4ac [NTOS:SE] Set up an ACL and SD for the anonymous logon 2021-03-25 02:30:46 +03:00
Jérôme Gardou
6e4f83da70 [NTOS:CC] Wake up lazy scan after inserting elements in the list. 2021-03-24 15:28:04 +01:00
Jérôme Gardou
edd4a985d9 [NTOS:CC] Be verbose about why we defer writes 2021-03-24 15:27:36 +01:00
Jérôme Gardou
5c54fb9179 [NTOS:CC] Rewrite CcPostDeferredWrites
This allows to post small writes if there are any, and avoid holding the list lock for a long time.
2021-03-24 11:22:28 +01:00
Jérôme Gardou
b13a696513 [NTOS:KE] Explicitly cast -1 to ULONG 2021-03-24 11:13:04 +01:00
Jérôme Gardou
94d175b7f2 [NTOS] Remove a definition which is redundant with ndk 2021-03-24 11:12:12 +01:00
Jérôme Gardou
187ca32175 [NTOS:KE] Use PNT_TIB as argument in KeSetTebBase 2021-03-24 11:09:20 +01:00
Jérôme Gardou
173cdcae8f [CMAKE] Use the "kernel" module type for ntoskrnl and ntkrnlmp 2021-03-23 11:18:43 +01:00
Jérôme Gardou
d1d1260f5f [NTOS:MM] Fix integer arithmetics 2021-03-22 10:02:12 +01:00
Victor Perevertkin
0fed07b7e4
[NTOS:PNP] Initialize DeviceDesc and LocationInformation registry fields
for manually reported devices, as it is required by the newdev.dll
for installing drivers from INF files

CORE-17212 CORE-17398

Co-authored-by: Stanislav Motylkov <x86corez@gmail.com>
2021-03-19 07:57:41 +03:00
Victor Perevertkin
aec3d9cc8f
[NTOS:IO][NTOS:PNP] Fix incorrect usage of IopGetRegistryValue
KEY_VALUE_FULL_INFORMATION was not always freed properly
2021-03-19 01:07:22 +03:00
Jérôme Gardou
42094071ee [NTOS:MM] Silence noisy DPRINTs 2021-03-18 12:24:21 +01:00
Jérôme Gardou
4ff5d39edb [NTOS:MM] Use a define for the big pool table occupation rate 2021-03-18 12:24:21 +01:00
Jérôme Gardou
8494688eeb [NTOS:MM] Do not use atomic operations to set a bit while holding a lock.
Saving your fingers from typing it doesn't make it better code.
2021-03-18 12:24:21 +01:00
Jérôme Gardou
f06b58925d [NTOS:MM] Implement shrinking big pool allocation table
Shrink when using 1/8 of its allocated capacity (thus use 25% of it at the end of the process)
Expand when using 3/4 of its allocated capacity (thus use ~40% of it at the end of the process)
2021-03-18 12:24:21 +01:00
Jérôme Gardou
54354712e2 [NTOS:MM] Fail allocating non-paged pool when running out of available pages 2021-03-18 12:24:21 +01:00