/*++
* @name CsrRevertToSelf
* @implemented NT4
*
* The CsrRevertToSelf routine will attempt to remove an active impersonation.
*
* @param None.
*
* @return TRUE if the reversion was succesful, FALSE otherwise.
*
* @remarks Impersonation can be recursive; as such, the impersonation token
* will only be deleted once the CSR Thread's impersonaton count
* has reached zero.
*
*--*/
BOOLEAN
NTAPI
CsrRevertToSelf(VOID)
{
NTSTATUS Status;
PCSR_THREAD CurrentThread = CsrGetClientThread();
HANDLE ImpersonationToken = NULL;
/* Check if we have a Current Thread */
if (CurrentThread)
{
/* Make sure impersonation is on */
if (!CurrentThread->ImpersonationCount)
{
DPRINT1("CSRSS: CsrRevertToSelf called while not impersonating\n");
// DbgBreakPoint();
return FALSE;
}
else if ((--CurrentThread->ImpersonationCount) > 0)
{
/* Success; impersonation count decreased but still not zero */
return TRUE;
}
}
/* Impersonation has been totally removed, revert to ourselves */
Status = NtSetInformationThread(NtCurrentThread(),
ThreadImpersonationToken,
&ImpersonationToken,
sizeof(ImpersonationToken));
/* Return TRUE or FALSE */
return NT_SUCCESS(Status);
}
NTSTATUS NTAPI BaseSrvCreatePairWaitHandles(PHANDLE ServerEvent, PHANDLE ClientEvent)
{
NTSTATUS Status;
/* Create the event */
Status = NtCreateEvent(ServerEvent, EVENT_ALL_ACCESS, NULL, NotificationEvent, FALSE);
if (!NT_SUCCESS(Status)) return Status;
/* Duplicate the event into the client process */
Status = NtDuplicateObject(NtCurrentProcess(),
*ServerEvent,
CsrGetClientThread()->Process->ProcessHandle,
ClientEvent,
0,
0,
DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_SAME_ACCESS);
if (!NT_SUCCESS(Status)) NtClose(*ServerEvent);
return Status;
}
/*++
* @name CsrImpersonateClient
* @implemented NT4
*
* The CsrImpersonateClient will impersonate the given CSR Thread.
*
* @param CsrThread
* Pointer to the CSR Thread to impersonate.
*
* @return TRUE if impersonation succeeded, FALSE otherwise.
*
* @remarks Impersonation can be recursive.
*
*--*/
BOOLEAN
NTAPI
CsrImpersonateClient(IN PCSR_THREAD CsrThread)
{
NTSTATUS Status;
PCSR_THREAD CurrentThread = CsrGetClientThread();
/* Use the current thread if none given */
if (!CsrThread) CsrThread = CurrentThread;
/* Still no thread, something is wrong */
if (!CsrThread)
{
/* Failure */
return FALSE;
}
/* Make the call */
Status = NtImpersonateThread(NtCurrentThread(),
CsrThread->ThreadHandle,
&CsrSecurityQos);
if (!NT_SUCCESS(Status))
{
/* Failure */
DPRINT1("CSRSS: Can't impersonate client thread - Status = %lx\n", Status);
// if (Status != STATUS_BAD_IMPERSONATION_LEVEL) DbgBreakPoint();
return FALSE;
}
/* Increase the impersonation count for the current thread */
if (CurrentThread) ++CurrentThread->ImpersonationCount;
/* Return Success */
return TRUE;
}
NTSTATUS
GRAPHICS_BUFFER_Initialize(OUT PCONSOLE_SCREEN_BUFFER* Buffer,
IN OUT PCONSOLE Console,
IN PGRAPHICS_BUFFER_INFO GraphicsInfo)
{
NTSTATUS Status = STATUS_SUCCESS;
PGRAPHICS_SCREEN_BUFFER NewBuffer = NULL;
LARGE_INTEGER SectionSize;
ULONG ViewSize = 0;
HANDLE ProcessHandle;
if (Buffer == NULL || Console == NULL || GraphicsInfo == NULL)
return STATUS_INVALID_PARAMETER;
*Buffer = NULL;
Status = CONSOLE_SCREEN_BUFFER_Initialize((PCONSOLE_SCREEN_BUFFER*)&NewBuffer,
Console,
sizeof(GRAPHICS_SCREEN_BUFFER));
if (!NT_SUCCESS(Status)) return Status;
NewBuffer->Header.Type = GRAPHICS_BUFFER;
NewBuffer->Vtbl = &GraphicsVtbl;
/*
* Remember the handle to the process so that we can close or unmap
* correctly the allocated resources when the client releases the
* screen buffer.
*/
ProcessHandle = CsrGetClientThread()->Process->ProcessHandle;
NewBuffer->ClientProcess = ProcessHandle;
/* Get infos from the graphics buffer information structure */
NewBuffer->BitMapInfoLength = GraphicsInfo->Info.dwBitMapInfoLength;
NewBuffer->BitMapInfo = ConsoleAllocHeap(HEAP_ZERO_MEMORY, NewBuffer->BitMapInfoLength);
if (NewBuffer->BitMapInfo == NULL)
{
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
return STATUS_INSUFFICIENT_RESOURCES;
}
/* Adjust the bitmap height if needed (bottom-top vs. top-bottom). Use always bottom-up. */
if (GraphicsInfo->Info.lpBitMapInfo->bmiHeader.biHeight > 0)
GraphicsInfo->Info.lpBitMapInfo->bmiHeader.biHeight = -GraphicsInfo->Info.lpBitMapInfo->bmiHeader.biHeight;
/* We do not use anything else than uncompressed bitmaps */
if (GraphicsInfo->Info.lpBitMapInfo->bmiHeader.biCompression != BI_RGB)
{
DPRINT1("biCompression == %d != BI_RGB, correct that!\n", GraphicsInfo->Info.lpBitMapInfo->bmiHeader.biCompression);
GraphicsInfo->Info.lpBitMapInfo->bmiHeader.biCompression = BI_RGB;
}
RtlCopyMemory(NewBuffer->BitMapInfo,
GraphicsInfo->Info.lpBitMapInfo,
GraphicsInfo->Info.dwBitMapInfoLength);
NewBuffer->BitMapUsage = GraphicsInfo->Info.dwUsage;
/* Set the screen buffer size. Fight against overflows. */
if ( GraphicsInfo->Info.lpBitMapInfo->bmiHeader.biWidth <= 0xFFFF &&
-GraphicsInfo->Info.lpBitMapInfo->bmiHeader.biHeight <= 0xFFFF )
{
/* Be careful about the sign of biHeight */
NewBuffer->ScreenBufferSize.X = (SHORT)GraphicsInfo->Info.lpBitMapInfo->bmiHeader.biWidth ;
NewBuffer->ScreenBufferSize.Y = (SHORT)-GraphicsInfo->Info.lpBitMapInfo->bmiHeader.biHeight;
NewBuffer->OldViewSize = NewBuffer->ViewSize =
NewBuffer->OldScreenBufferSize = NewBuffer->ScreenBufferSize;
}
else
{
Status = STATUS_INSUFFICIENT_RESOURCES;
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
goto Quit;
}
/*
* Create a mutex to synchronize bitmap memory access
* between ourselves and the client.
*/
Status = NtCreateMutant(&NewBuffer->Mutex, MUTANT_ALL_ACCESS, NULL, FALSE);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtCreateMutant() failed: %lu\n", Status);
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
goto Quit;
}
/*
* Duplicate the Mutex for the client. We must keep a trace of it
* so that we can close it when the client releases the screen buffer.
*/
Status = NtDuplicateObject(NtCurrentProcess(),
NewBuffer->Mutex,
ProcessHandle,
&NewBuffer->ClientMutex,
0, 0, DUPLICATE_SAME_ACCESS);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateObject() failed: %lu\n", Status);
NtClose(NewBuffer->Mutex);
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
goto Quit;
}
/*
* Create a memory section for the bitmap area, to share with the client.
*/
SectionSize.QuadPart = NewBuffer->BitMapInfo->bmiHeader.biSizeImage;
Status = NtCreateSection(&NewBuffer->hSection,
SECTION_ALL_ACCESS,
NULL,
&SectionSize,
PAGE_READWRITE,
SEC_COMMIT,
NULL);
if (!NT_SUCCESS(Status))
{
DPRINT1("Error: Impossible to create a shared section ; Status = %lu\n", Status);
NtClose(NewBuffer->ClientMutex);
NtClose(NewBuffer->Mutex);
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
goto Quit;
}
/*
* Create a view for our needs.
*/
ViewSize = 0;
NewBuffer->BitMap = NULL;
Status = NtMapViewOfSection(NewBuffer->hSection,
NtCurrentProcess(),
(PVOID*)&NewBuffer->BitMap,
0,
0,
NULL,
&ViewSize,
ViewUnmap,
0,
PAGE_READWRITE);
if (!NT_SUCCESS(Status))
{
DPRINT1("Error: Impossible to map the shared section ; Status = %lu\n", Status);
NtClose(NewBuffer->hSection);
NtClose(NewBuffer->ClientMutex);
NtClose(NewBuffer->Mutex);
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
goto Quit;
}
/*
* Create a view for the client. We must keep a trace of it so that
* we can unmap it when the client releases the screen buffer.
*/
ViewSize = 0;
NewBuffer->ClientBitMap = NULL;
Status = NtMapViewOfSection(NewBuffer->hSection,
ProcessHandle,
(PVOID*)&NewBuffer->ClientBitMap,
0,
0,
NULL,
&ViewSize,
ViewUnmap,
0,
PAGE_READWRITE);
if (!NT_SUCCESS(Status))
{
DPRINT1("Error: Impossible to map the shared section ; Status = %lu\n", Status);
NtUnmapViewOfSection(NtCurrentProcess(), NewBuffer->BitMap);
NtClose(NewBuffer->hSection);
NtClose(NewBuffer->ClientMutex);
NtClose(NewBuffer->Mutex);
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
goto Quit;
}
NewBuffer->ViewOrigin.X = NewBuffer->ViewOrigin.Y = 0;
NewBuffer->VirtualY = 0;
NewBuffer->CursorBlinkOn = FALSE;
NewBuffer->ForceCursorOff = TRUE;
NewBuffer->CursorInfo.bVisible = FALSE;
NewBuffer->CursorInfo.dwSize = 0;
NewBuffer->CursorPosition.X = NewBuffer->CursorPosition.Y = 0;
NewBuffer->Mode = 0;
*Buffer = (PCONSOLE_SCREEN_BUFFER)NewBuffer;
Status = STATUS_SUCCESS;
Quit:
return Status;
}
/*++
* @name CsrCreateProcess
* @implemented NT4
*
* The CsrCreateProcess routine creates a CSR Process object for an NT Process.
*
* @param hProcess
* Handle to an existing NT Process to which to associate this
* CSR Process.
*
* @param hThread
* Handle to an existing NT Thread to which to create its
* corresponding CSR Thread for this CSR Process.
*
* @param ClientId
* Pointer to the Client ID structure of the NT Process to associate
* with this CSR Process.
*
* @param NtSession
* @param Flags
* @param DebugCid
*
* @return STATUS_SUCCESS in case of success, STATUS_UNSUCCESSFUL otherwise.
*
* @remarks None.
*
*--*/
NTSTATUS
NTAPI
CsrCreateProcess(IN HANDLE hProcess,
IN HANDLE hThread,
IN PCLIENT_ID ClientId,
IN PCSR_NT_SESSION NtSession,
IN ULONG Flags,
IN PCLIENT_ID DebugCid)
{
PCSR_THREAD CurrentThread = CsrGetClientThread();
CLIENT_ID CurrentCid;
PCSR_PROCESS CurrentProcess;
PCSR_SERVER_DLL ServerDll;
PVOID ProcessData;
ULONG i;
PCSR_PROCESS CsrProcess;
NTSTATUS Status;
PCSR_THREAD CsrThread;
KERNEL_USER_TIMES KernelTimes;
/* Get the current CID and lock Processes */
CurrentCid = CurrentThread->ClientId;
CsrAcquireProcessLock();
/* Get the current CSR Thread */
CurrentThread = CsrLocateThreadByClientId(&CurrentProcess, &CurrentCid);
if (!CurrentThread)
{
/* We've failed to locate the thread */
CsrReleaseProcessLock();
return STATUS_THREAD_IS_TERMINATING;
}
/* Allocate a new Process Object */
CsrProcess = CsrAllocateProcess();
if (!CsrProcess)
{
/* Couldn't allocate Process */
CsrReleaseProcessLock();
return STATUS_NO_MEMORY;
}
/* Inherit the Process Data */
CurrentProcess = CurrentThread->Process;
ProcessData = &CsrProcess->ServerData[CSR_SERVER_DLL_MAX];
for (i = 0; i < CSR_SERVER_DLL_MAX; i++)
{
/* Get the current Server */
ServerDll = CsrLoadedServerDll[i];
/* Check if the DLL is Loaded and has Per Process Data */
if (ServerDll && ServerDll->SizeOfProcessData)
{
/* Set the pointer */
CsrProcess->ServerData[i] = ProcessData;
/* Copy the Data */
RtlMoveMemory(ProcessData,
CurrentProcess->ServerData[i],
ServerDll->SizeOfProcessData);
/* Update next data pointer */
ProcessData = (PVOID)((ULONG_PTR)ProcessData +
ServerDll->SizeOfProcessData);
}
else
{
/* No data for this Server */
CsrProcess->ServerData[i] = NULL;
}
}
/* Set the Exception Port for us */
Status = NtSetInformationProcess(hProcess,
ProcessExceptionPort,
&CsrApiPort,
sizeof(CsrApiPort));
if (!NT_SUCCESS(Status))
{
/* Failed */
CsrDeallocateProcess(CsrProcess);
CsrReleaseProcessLock();
return STATUS_NO_MEMORY;
}
/* Check if CreateProcess got CREATE_NEW_PROCESS_GROUP */
if (Flags & CsrProcessCreateNewGroup)
{
/*
* We create the process group leader of a new process group, therefore
* its process group ID and sequence number are its own ones.
*/
CsrProcess->ProcessGroupId = HandleToUlong(ClientId->UniqueProcess);
CsrProcess->ProcessGroupSequence = CsrProcess->SequenceNumber;
}
else
{
/* Inherit the process group ID and sequence number from the current process */
CsrProcess->ProcessGroupId = CurrentProcess->ProcessGroupId;
CsrProcess->ProcessGroupSequence = CurrentProcess->ProcessGroupSequence;
}
/* Check if this is a console process */
if (Flags & CsrProcessIsConsoleApp) CsrProcess->Flags |= CsrProcessIsConsoleApp;
/* Mask out non-debug flags */
Flags &= ~(CsrProcessIsConsoleApp | CsrProcessCreateNewGroup | CsrProcessPriorityFlags);
/* Check if every process will be debugged */
if (!(Flags) && (CurrentProcess->DebugFlags & CsrDebugProcessChildren))
{
/* Pass it on to the current process */
CsrProcess->DebugFlags = CsrDebugProcessChildren;
CsrProcess->DebugCid = CurrentProcess->DebugCid;
}
/* Check if Debugging was used on this process */
if ((Flags & (CsrDebugOnlyThisProcess | CsrDebugProcessChildren)) && (DebugCid))
{
/* Save the debug flag used */
CsrProcess->DebugFlags = Flags;
/* Save the CID */
CsrProcess->DebugCid = *DebugCid;
}
/* Check if Debugging is enabled */
if (CsrProcess->DebugFlags)
{
/* Set the Debug Port for us */
Status = NtSetInformationProcess(hProcess,
ProcessDebugPort,
&CsrApiPort,
sizeof(CsrApiPort));
ASSERT(NT_SUCCESS(Status));
if (!NT_SUCCESS(Status))
{
/* Failed */
CsrDeallocateProcess(CsrProcess);
CsrReleaseProcessLock();
return STATUS_NO_MEMORY;
}
}
/* Get the Thread Create Time */
Status = NtQueryInformationThread(hThread,
ThreadTimes,
&KernelTimes,
sizeof(KernelTimes),
NULL);
if (!NT_SUCCESS(Status))
{
/* Failed */
CsrDeallocateProcess(CsrProcess);
CsrReleaseProcessLock();
return STATUS_NO_MEMORY;
}
/* Allocate a CSR Thread Structure */
CsrThread = CsrAllocateThread(CsrProcess);
if (!CsrThread)
{
/* Failed */
CsrDeallocateProcess(CsrProcess);
CsrReleaseProcessLock();
return STATUS_NO_MEMORY;
}
/* Save the data we have */
CsrThread->CreateTime = KernelTimes.CreateTime;
CsrThread->ClientId = *ClientId;
CsrThread->ThreadHandle = hThread;
ProtectHandle(hThread);
CsrThread->Flags = 0;
/* Insert the Thread into the Process */
Status = CsrInsertThread(CsrProcess, CsrThread);
if (!NT_SUCCESS(Status))
{
/* Bail out */
CsrDeallocateProcess(CsrProcess);
CsrDeallocateThread(CsrThread);
CsrReleaseProcessLock();
return Status;
}
/* Reference the session */
CsrReferenceNtSession(NtSession);
CsrProcess->NtSession = NtSession;
/* Setup Process Data */
CsrProcess->ClientId = *ClientId;
CsrProcess->ProcessHandle = hProcess;
CsrProcess->ShutdownLevel = 0x280;
/* Set the Priority to Background */
CsrSetBackgroundPriority(CsrProcess);
/* Insert the Process */
CsrInsertProcess(CurrentProcess, CsrProcess);
/* Release lock and return */
CsrReleaseProcessLock();
return Status;
}
