static DWORD NtOpenObject(OBJECT_TYPE type, PHANDLE phandle, DWORD access, LPCWSTR path)
{
UNICODE_STRING ustr;
RtlInitUnicodeString(&ustr, path);
OBJECT_ATTRIBUTES open_struct = { sizeof(OBJECT_ATTRIBUTES), 0x00, &ustr, 0x40 };
if (type != FILE_OBJECT)
access |= STANDARD_RIGHTS_READ;
IO_STATUS_BLOCK ioStatusBlock;
switch (type)
{
case DIRECTORY_OBJECT: return NtOpenDirectoryObject(phandle, access, &open_struct);
case SYMBOLICLINK_OBJECT: return NtOpenSymbolicLinkObject(phandle, access, &open_struct);
case MUTANT_OBJECT: return NtOpenMutant(phandle, access, &open_struct);
case SECTION_OBJECT: return NtOpenSection(phandle, access, &open_struct);
case EVENT_OBJECT: return NtOpenEvent(phandle, access, &open_struct);
case SEMAPHORE_OBJECT: return NtOpenSemaphore(phandle, access, &open_struct);
case TIMER_OBJECT: return NtOpenTimer(phandle, access, &open_struct);
case KEY_OBJECT: return NtOpenKey(phandle, access, &open_struct);
case EVENTPAIR_OBJECT: return NtOpenEventPair(phandle, access, &open_struct);
case IOCOMPLETION_OBJECT: return NtOpenIoCompletion(phandle, access, &open_struct);
case FILE_OBJECT: return NtOpenFile(phandle, access, &open_struct, &ioStatusBlock, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 0);
default:
return ERROR_INVALID_FUNCTION;
}
}
static int OnNtCreateSectionClick(HWND hDlg, UINT nIDCtrl)
{
TFileTestData * pData = GetDialogData(hDlg);
POBJECT_ATTRIBUTES pObjectAttributes = NULL;
OBJECT_ATTRIBUTES ObjAttr;
UNICODE_STRING SectionName;
NTSTATUS Status;
HANDLE FileHandle = NULL;
// Close the section, if already open
if(IsHandleValid(pData->hSection))
OnNtCloseClick(hDlg);
// Get the values from dialog controls to the dialog data
if(SaveDialog1(hDlg) != ERROR_SUCCESS)
return FALSE;
// Format the object attributes
if(pData->szSectionName[0] != 0)
{
InitializeObjectAttributes(&ObjAttr, &SectionName, OBJ_CASE_INSENSITIVE, NULL, NULL);
RtlInitUnicodeString(&SectionName, pData->szSectionName);
pObjectAttributes = &ObjAttr;
}
// Get the file handle for it
if(IsHandleValid(pData->hFile))
FileHandle = pData->hFile;
// Either create a section or open one
if(nIDCtrl == IDC_NTCREATE_SECTION)
{
Status = NtCreateSection(&pData->hSection,
pData->dwSectDesiredAccess,
pObjectAttributes,
&pData->MaximumSize,
pData->dwSectPageProtection,
pData->dwSectAllocAttributes,
FileHandle);
}
else
{
Status = NtOpenSection(&pData->hSection,
pData->dwSectDesiredAccess,
pObjectAttributes);
}
// Set the result info
SetResultInfo(hDlg, Status, pData->hSection);
UpdateDialog(hDlg, pData);
return TRUE;
}
/* FIXME: Convert to the new macros */
HANDLE
NTAPI
OpenFileMappingW(IN DWORD dwDesiredAccess,
IN BOOL bInheritHandle,
IN LPCWSTR lpName)
{
NTSTATUS Status;
HANDLE SectionHandle;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING UnicodeName;
/* We need a name */
if (!lpName)
{
/* Otherwise, fail */
SetLastError(ERROR_INVALID_PARAMETER);
return NULL;
}
/* Convert attributes */
RtlInitUnicodeString(&UnicodeName, lpName);
InitializeObjectAttributes(&ObjectAttributes,
&UnicodeName,
(bInheritHandle ? OBJ_INHERIT : 0),
BaseGetNamedObjectDirectory(),
NULL);
/* Convert COPY to READ */
if (dwDesiredAccess == FILE_MAP_COPY)
{
/* Fixup copy */
dwDesiredAccess = SECTION_MAP_READ;
}
else if (dwDesiredAccess & FILE_MAP_EXECUTE)
{
/* Fixup execute */
dwDesiredAccess = (dwDesiredAccess & ~FILE_MAP_EXECUTE) | SECTION_MAP_EXECUTE;
}
/* Open the section */
Status = NtOpenSection(&SectionHandle, dwDesiredAccess, &ObjectAttributes);
if (!NT_SUCCESS(Status))
{
/* We failed */
BaseSetLastNTError(Status);
return NULL;
}
/* Otherwise, return the handle */
return SectionHandle;
}
/***********************************************************************
* OpenFileMappingW (KERNEL32.@)
*
* See OpenFileMappingA.
*/
HANDLE WINAPI OpenFileMappingW( DWORD access, BOOL inherit, LPCWSTR name)
{
OBJECT_ATTRIBUTES attr;
UNICODE_STRING nameW;
HANDLE ret;
NTSTATUS status;
if (!name)
{
SetLastError( ERROR_INVALID_PARAMETER );
return 0;
}
attr.Length = sizeof(attr);
attr.RootDirectory = get_BaseNamedObjects_handle();
attr.ObjectName = &nameW;
attr.Attributes = inherit ? OBJ_INHERIT : 0;
attr.SecurityDescriptor = NULL;
attr.SecurityQualityOfService = NULL;
RtlInitUnicodeString( &nameW, name );
if (access == FILE_MAP_COPY) access = SECTION_MAP_READ;
access |= SECTION_QUERY;
if (GetVersion() & 0x80000000)
{
/* win9x doesn't do access checks, so try with full access first */
if (!NtOpenSection( &ret, access | SECTION_MAP_READ | SECTION_MAP_WRITE, &attr )) return ret;
}
if ((status = NtOpenSection( &ret, access, &attr )))
{
SetLastError( RtlNtStatusToDosError(status) );
ret = 0;
}
return ret;
}
HANDLE
APIENTRY
OpenFileMappingW(
DWORD dwDesiredAccess,
BOOL bInheritHandle,
LPCWSTR lpName
)
{
OBJECT_ATTRIBUTES Obja;
UNICODE_STRING ObjectName;
NTSTATUS Status;
HANDLE Object;
if ( !lpName ) {
BaseSetLastNTError(STATUS_INVALID_PARAMETER);
return NULL;
}
RtlInitUnicodeString(&ObjectName,lpName);
InitializeObjectAttributes(
&Obja,
&ObjectName,
(bInheritHandle ? OBJ_INHERIT : 0),
BaseGetNamedObjectDirectory(),
NULL
);
if ( dwDesiredAccess == FILE_MAP_COPY ) {
dwDesiredAccess = FILE_MAP_READ;
}
Status = NtOpenSection(
&Object,
dwDesiredAccess,
&Obja
);
if ( !NT_SUCCESS(Status) ) {
BaseSetLastNTError(Status);
return NULL;
}
return Object;
}
// OpensPhysicalMemory
// This function opens the physical memory device. It
// uses the native API since
//
HANDLE OpenPhysicalMemory()
{
NTSTATUS status;
HANDLE physmem;
UNICODE_STRING physmemString;
OBJECT_ATTRIBUTES attributes;
WCHAR physmemName[] = L"\\device\\physicalmemory";
RtlInitUnicodeString( &physmemString, physmemName );
InitializeObjectAttributes( &attributes, &physmemString,
OBJ_CASE_INSENSITIVE, NULL, NULL );
status = NtOpenSection( &physmem, SECTION_MAP_READ, &attributes );
if( !NT_SUCCESS( status )) {
// PrintError( "Could not open \\device\\physicalmemory", status );
return NULL;
}
return physmem;
}
/*
* propOpenCurrentObject
*
* Purpose:
*
* Opens currently viewed object depending on type
*
*/
BOOL propOpenCurrentObject(
_In_ PROP_OBJECT_INFO *Context,
_Inout_ PHANDLE phObject,
_In_ ACCESS_MASK DesiredAccess
)
{
BOOL bResult;
HANDLE hObject, hDirectory;
NTSTATUS status;
UNICODE_STRING ustr;
OBJECT_ATTRIBUTES obja;
IO_STATUS_BLOCK iost;
bResult = FALSE;
if (Context == NULL) {
return bResult;
}
//we don't know who is it
if (Context->TypeIndex == TYPE_UNKNOWN) {
SetLastError(ERROR_UNSUPPORTED_TYPE);
return bResult;
}
if (phObject == NULL) {
SetLastError(ERROR_OBJECT_NOT_FOUND);
return bResult;
}
if (Context->lpObjectName == NULL) {
SetLastError(ERROR_OBJECT_NOT_FOUND);
return bResult;
}
if (Context->lpCurrentObjectPath == NULL) {
SetLastError(ERROR_OBJECT_NOT_FOUND);
return bResult;
}
//ports not supported
if (
(Context->TypeIndex == TYPE_PORT) ||
(Context->TypeIndex == TYPE_FLTCOMM_PORT) ||
(Context->TypeIndex == TYPE_FLTCONN_PORT) ||
(Context->TypeIndex == TYPE_WAITABLEPORT)
)
{
SetLastError(ERROR_UNSUPPORTED_TYPE);
return bResult;
}
hDirectory = NULL;
if (DesiredAccess == 0) {
DesiredAccess = 1;
}
//handle directory type
if (Context->TypeIndex == TYPE_DIRECTORY) {
//if this is root, then root hDirectory = NULL
if (_strcmpi(Context->lpObjectName, L"\\") != 0) {
//else open directory that holds this object
hDirectory = supOpenDirectoryForObject(Context->lpObjectName, Context->lpCurrentObjectPath);
if (hDirectory == NULL) {
SetLastError(ERROR_OBJECT_NOT_FOUND);
return bResult;
}
}
//open object in directory
RtlSecureZeroMemory(&ustr, sizeof(ustr));
RtlInitUnicodeString(&ustr, Context->lpObjectName);
InitializeObjectAttributes(&obja, &ustr, OBJ_CASE_INSENSITIVE, hDirectory, NULL);
hObject = NULL;
status = NtOpenDirectoryObject(&hObject, DesiredAccess, &obja); //DIRECTORY_QUERY for query
SetLastError(RtlNtStatusToDosError(status));
bResult = ((NT_SUCCESS(status)) && (hObject != NULL));
if (bResult && phObject) {
*phObject = hObject;
}
//dont forget to close directory handle if it was opened
if (hDirectory != NULL) {
NtClose(hDirectory);
}
return bResult;
}
//handle window station type
if (Context->TypeIndex == TYPE_WINSTATION) {
hObject = OpenWindowStation(Context->lpObjectName, FALSE, DesiredAccess); //WINSTA_READATTRIBUTES for query
bResult = (hObject != NULL);
if (bResult && phObject) {
*phObject = hObject;
}
return bResult;
}
//handle desktop type
if (Context->TypeIndex == TYPE_DESKTOP) {
hObject = OpenDesktop(Context->lpObjectName, 0, FALSE, DesiredAccess); //DESKTOP_READOBJECTS for query
bResult = (hObject != NULL);
if (bResult && phObject) {
*phObject = hObject;
}
return bResult;
}
//open directory which current object belongs
hDirectory = supOpenDirectoryForObject(Context->lpObjectName, Context->lpCurrentObjectPath);
if (hDirectory == NULL) {
SetLastError(ERROR_OBJECT_NOT_FOUND);
return bResult;
}
RtlSecureZeroMemory(&ustr, sizeof(ustr));
RtlInitUnicodeString(&ustr, Context->lpObjectName);
InitializeObjectAttributes(&obja, &ustr, OBJ_CASE_INSENSITIVE, hDirectory, NULL);
status = STATUS_UNSUCCESSFUL;
hObject = NULL;
//handle supported objects
switch (Context->TypeIndex) {
case TYPE_DEVICE: //FILE_OBJECT
status = NtCreateFile(&hObject, DesiredAccess, &obja, &iost, NULL, 0,
FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, 0, NULL, 0);//generic access rights
break;
case TYPE_MUTANT:
status = NtOpenMutant(&hObject, DesiredAccess, &obja); //MUTANT_QUERY_STATE for query
break;
case TYPE_KEY:
status = NtOpenKey(&hObject, DesiredAccess, &obja); //KEY_QUERY_VALUE for query
break;
case TYPE_SEMAPHORE:
status = NtOpenSemaphore(&hObject, DesiredAccess, &obja); //SEMAPHORE_QUERY_STATE for query
break;
case TYPE_TIMER:
status = NtOpenTimer(&hObject, DesiredAccess, &obja); //TIMER_QUERY_STATE for query
break;
case TYPE_EVENT:
status = NtOpenEvent(&hObject, DesiredAccess, &obja); //EVENT_QUERY_STATE for query
break;
case TYPE_EVENTPAIR:
status = NtOpenEventPair(&hObject, DesiredAccess, &obja); //generic access
break;
case TYPE_SYMLINK:
status = NtOpenSymbolicLinkObject(&hObject, DesiredAccess, &obja); //SYMBOLIC_LINK_QUERY for query
break;
case TYPE_IOCOMPLETION:
status = NtOpenIoCompletion(&hObject, DesiredAccess, &obja); //IO_COMPLETION_QUERY_STATE for query
break;
case TYPE_SECTION:
status = NtOpenSection(&hObject, DesiredAccess, &obja); //SECTION_QUERY for query
break;
case TYPE_JOB:
status = NtOpenJobObject(&hObject, DesiredAccess, &obja); //JOB_OBJECT_QUERY for query
break;
}
SetLastError(RtlNtStatusToDosError(status));
NtClose(hDirectory);
bResult = ((NT_SUCCESS(status)) && (hObject != NULL));
if (bResult && phObject) {
*phObject = hObject;
}
return bResult;
}
PVOID DisableProt(BOOL mode) {
HANDLE Section;
DWORD Res;
NTSTATUS ntS;
PACL OldDacl=NULL, NewDacl=NULL;
PSECURITY_DESCRIPTOR SecDesc=NULL;
EXPLICIT_ACCESS Access;
OBJECT_ATTRIBUTES ObAttributes;
INIT_UNICODE(ObName, L"\\Device\\PhysicalMemory");
//mode 1 = current
//mode 2 = user
memset(&Access, 0, sizeof(EXPLICIT_ACCESS));
InitializeObjectAttributes(&ObAttributes,
&ObName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
// open handle de \Device\PhysicalMemory
ntS = NtOpenSection(&Section, WRITE_DAC | READ_CONTROL, &ObAttributes);
if (ntS != STATUS_SUCCESS) {
printf("error: NtOpenSection (code: %x)\n", ntS);
goto cleanup;
}
// retrieve a copy of the security descriptor
Res = GetSecurityInfo(Section, SE_KERNEL_OBJECT,
DACL_SECURITY_INFORMATION, NULL, NULL, &OldDacl,
NULL, &SecDesc);
if (Res != ERROR_SUCCESS) {
printf("error: GetSecurityInfo (code: %lu)\n", Res);
goto cleanup;
}
Access.grfAccessPermissions = SECTION_ALL_ACCESS; // :P
Access.grfAccessMode = GRANT_ACCESS;
Access.grfInheritance = NO_INHERITANCE;
Access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
// change these informations to grant access to a group or other user
Access.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
Access.Trustee.TrusteeType = TRUSTEE_IS_USER;
Access.Trustee.ptstrName = "CURRENT_USER";
// create the new ACL
Res = SetEntriesInAcl(1, &Access, OldDacl, &NewDacl);
if (Res != ERROR_SUCCESS) {
printf("error: SetEntriesInAcl (code: %lu)\n", Res);
goto cleanup;
}
// update ACL
Res = SetSecurityInfo(Section, SE_KERNEL_OBJECT,
DACL_SECURITY_INFORMATION, NULL, NULL, NewDacl,
NULL);
if (Res != ERROR_SUCCESS) {
printf("error: SetEntriesInAcl (code: %lu)\n", Res);
goto cleanup;
}
printf("\\Device\\PhysicalMemory chmoded\n");
cleanup:
if (Section)
NtClose(Section);
if (SecDesc)
LocalFree(SecDesc);
return(0);
}
BOOLEAN WepOpenServerObjects(
VOID
)
{
OBJECT_ATTRIBUTES objectAttributes;
WCHAR buffer[256];
UNICODE_STRING objectName;
if (!WeServerSharedSection)
{
WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_NAME, buffer, &objectName);
InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL);
if (!NT_SUCCESS(NtOpenSection(
&WeServerSharedSection,
SECTION_ALL_ACCESS,
&objectAttributes
)))
{
return FALSE;
}
}
if (!WeServerSharedData)
{
PVOID viewBase;
SIZE_T viewSize;
viewBase = NULL;
viewSize = sizeof(WE_HOOK_SHARED_DATA);
if (!NT_SUCCESS(NtMapViewOfSection(
WeServerSharedSection,
NtCurrentProcess(),
&viewBase,
0,
0,
NULL,
&viewSize,
ViewShare,
0,
PAGE_READWRITE
)))
{
WepCloseServerObjects();
return FALSE;
}
WeServerSharedData = viewBase;
}
if (!WeServerSharedSectionLock)
{
WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_LOCK_NAME, buffer, &objectName);
InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL);
if (!NT_SUCCESS(NtOpenMutant(
&WeServerSharedSectionLock,
MUTANT_ALL_ACCESS,
&objectAttributes
)))
{
WepCloseServerObjects();
return FALSE;
}
}
if (!WeServerSharedSectionEvent)
{
WeFormatLocalObjectName(WE_SERVER_SHARED_SECTION_EVENT_NAME, buffer, &objectName);
InitializeObjectAttributes(&objectAttributes, &objectName, OBJ_CASE_INSENSITIVE, NULL, NULL);
if (!NT_SUCCESS(NtOpenEvent(
&WeServerSharedSectionEvent,
EVENT_ALL_ACCESS,
&objectAttributes
)))
{
WepCloseServerObjects();
return FALSE;
}
}
return TRUE;
}
static HANDLE devmem_open(Devtab_t *pdevtab, Pfd_t *fpd, Path_t *ip, int oflags,
HANDLE *extra)
{
HANDLE hp;
int blkno, minor = ip->name[1];
unsigned short *blocks = devtab_ptr(Share->chardev_index, DEVMEM_MAJOR);
NTSTATUS r;
UNICODE_STRING ucstr;
OBJECT_ATTRIBUTES attr;
SYSTEM_BASIC_INFORMATION sbi;
Pdevmem_t *pdm;
ACCESS_MASK am;
if(Share->Platform != VER_PLATFORM_WIN32_NT)
{
logerr(0, "/dev/mem not supported on non NT systems");
goto enodev;
}
if(!devmem_api())
{
logerr(0, "failed to get ntdll.dll API functions");
goto enodev;
}
if(minor > DEVALLKMEM_MINOR)
{
logerr(0, "illegal minor device number");
goto enodev;
}
if(minor > DEVPORT_MINOR)
{
logerr(0, "minor device not implemented yet");
goto enodev;
}
if(blkno = blocks[minor])
{ /* device already in use, increase device usage counter */
pdm = (Pdevmem_t*)dev_ptr(blkno);
InterlockedIncrement(&pdm->count);
}
else
{ /* allocate new device block, fill in info */
if((blkno = block_alloc(BLK_PDEV)) == 0)
return(0);
pdm = (Pdevmem_t*)dev_ptr(blkno);
ZeroMemory((void *)pdm, BLOCK_SIZE-1);
pdm->major = DEVMEM_MAJOR;
pdm->minor = minor;
blocks[minor] = blkno;
/* get physical memory size */
r = NtQuerySystemInformation(SystemBasicInformation, &sbi, sizeof(sbi), 0);
if(!NT_SUCCESS(r))
{
logerr(0, "NtQuerySystemInformation failed");
goto nterr;
}
switch(minor)
{
case DEVMEM_MINOR:
pdm->min_addr = 0; // sbi.LowestPhysicalPage * sbi.PhysicalPageSize;
pdm->max_addr = sbi.HighestPhysicalPage * sbi.PhysicalPageSize;
break;
case DEVPORT_MINOR:
pdm->min_addr = 0;
pdm->max_addr = 0x10000;
break;
default:
pdm->min_addr = pdm->max_addr = 0;
break;
}
}
fpd->devno = blkno;
fpd->extra64 = 0;
RtlInitUnicodeString(&ucstr, L"\\Device\\PhysicalMemory");
InitializeObjectAttributes(&attr, &ucstr, OBJ_CASE_INSENSITIVE | OBJ_INHERIT, 0, 0);
switch(oflags & O_ACCMODE)
{
case O_RDONLY:
am = SECTION_MAP_READ;
break;
case O_WRONLY:
case O_RDWR:
am = SECTION_MAP_READ | SECTION_MAP_WRITE;
break;
}
r = NtOpenSection(&hp, am, &attr);
if(!NT_SUCCESS(r))
{
logerr(0, "NtOpenSection failed");
goto nterr;
}
return hp;
nterr:
errno = unix_err(RtlNtStatusToDosError(r));
return 0;
enodev:
errno = ENODEV;
return 0;
}
PPH_LIST QueryDotNetAppDomainsForPid_V4(
_In_ BOOLEAN Wow64,
_In_ HANDLE ProcessHandle,
_In_ HANDLE ProcessId
)
{
HANDLE legacyPrivateBlockHandle = NULL;
PVOID ipcControlBlockTable = NULL;
LARGE_INTEGER sectionOffset = { 0 };
SIZE_T viewSize = 0;
OBJECT_ATTRIBUTES objectAttributes;
UNICODE_STRING sectionNameUs;
PPH_LIST appDomainsList = NULL;
if (!PhStringRefToUnicodeString(&GeneratePrivateNameV4(ProcessId)->sr, §ionNameUs))
goto CleanupExit;
InitializeObjectAttributes(
&objectAttributes,
§ionNameUs,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
if (!NT_SUCCESS(NtOpenSection(
&legacyPrivateBlockHandle,
SECTION_MAP_READ,
&objectAttributes
)))
{
goto CleanupExit;
}
if (!NT_SUCCESS(NtMapViewOfSection(
legacyPrivateBlockHandle,
NtCurrentProcess(),
&ipcControlBlockTable,
0,
viewSize,
§ionOffset,
&viewSize,
ViewShare,
0,
PAGE_READONLY
)))
{
goto CleanupExit;
}
if (Wow64)
{
LegacyPrivateIPCControlBlock_Wow64* legacyPrivateBlock;
AppDomainEnumerationIPCBlock_Wow64* appDomainEnumBlock;
legacyPrivateBlock = (LegacyPrivateIPCControlBlock_Wow64*)ipcControlBlockTable;
appDomainEnumBlock = &legacyPrivateBlock->AppDomainBlock;
// Check the IPCControlBlock is initialized.
if ((legacyPrivateBlock->FullIPCHeader.Header.Flags & IPC_FLAG_INITIALIZED) != IPC_FLAG_INITIALIZED)
{
goto CleanupExit;
}
// Check the IPCControlBlock version is valid.
if (legacyPrivateBlock->FullIPCHeader.Header.Version > VER_LEGACYPRIVATE_IPC_BLOCK)
{
goto CleanupExit;
}
appDomainsList = EnumerateAppDomainIpcBlockWow64(
ProcessHandle,
appDomainEnumBlock
);
}
else
{
LegacyPrivateIPCControlBlock* legacyPrivateBlock;
AppDomainEnumerationIPCBlock* appDomainEnumBlock;
legacyPrivateBlock = (LegacyPrivateIPCControlBlock*)ipcControlBlockTable;
appDomainEnumBlock = &legacyPrivateBlock->AppDomainBlock;
// Check the IPCControlBlock is initialized.
if ((legacyPrivateBlock->FullIPCHeader.Header.Flags & IPC_FLAG_INITIALIZED) != IPC_FLAG_INITIALIZED)
{
goto CleanupExit;
}
// Check the IPCControlBlock version is valid.
if (legacyPrivateBlock->FullIPCHeader.Header.Version > VER_LEGACYPRIVATE_IPC_BLOCK)
{
goto CleanupExit;
}
appDomainsList = EnumerateAppDomainIpcBlock(
ProcessHandle,
appDomainEnumBlock
);
}
CleanupExit:
if (ipcControlBlockTable)
{
NtUnmapViewOfSection(NtCurrentProcess(), ipcControlBlockTable);
}
if (legacyPrivateBlockHandle)
{
NtClose(legacyPrivateBlockHandle);
}
return appDomainsList;
}
BOOLEAN OpenDotNetPublicControlBlock_V4(
_In_ BOOLEAN IsImmersive,
_In_ HANDLE ProcessHandle,
_In_ HANDLE ProcessId,
_Out_ HANDLE* BlockTableHandle,
_Out_ PVOID* BlockTableAddress
)
{
BOOLEAN result = FALSE;
PVOID boundaryDescriptorHandle = NULL;
HANDLE privateNamespaceHandle = NULL;
HANDLE blockTableHandle = NULL;
HANDLE tokenHandle = NULL;
PSID everyoneSIDHandle = NULL;
PVOID blockTableAddress = NULL;
LARGE_INTEGER sectionOffset = { 0 };
SIZE_T viewSize = 0;
UNICODE_STRING prefixNameUs;
UNICODE_STRING sectionNameUs;
UNICODE_STRING boundaryNameUs;
OBJECT_ATTRIBUTES namespaceObjectAttributes;
OBJECT_ATTRIBUTES sectionObjectAttributes;
PTOKEN_APPCONTAINER_INFORMATION appContainerInfo = NULL;
SID_IDENTIFIER_AUTHORITY SIDWorldAuth = SECURITY_WORLD_SID_AUTHORITY;
if (!PhStringRefToUnicodeString(&GenerateBoundaryDescriptorName(ProcessId)->sr, &boundaryNameUs))
goto CleanupExit;
if (!(boundaryDescriptorHandle = RtlCreateBoundaryDescriptor(&boundaryNameUs, 0)))
goto CleanupExit;
if (!NT_SUCCESS(RtlAllocateAndInitializeSid(&SIDWorldAuth, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyoneSIDHandle)))
goto CleanupExit;
if (!NT_SUCCESS(RtlAddSIDToBoundaryDescriptor(&boundaryDescriptorHandle, everyoneSIDHandle)))
goto CleanupExit;
if (WINDOWS_HAS_IMMERSIVE && IsImmersive)
{
if (NT_SUCCESS(NtOpenProcessToken(&tokenHandle, TOKEN_QUERY, ProcessHandle)))
{
ULONG returnLength = 0;
if (NtQueryInformationToken(
tokenHandle,
TokenAppContainerSid,
NULL,
0,
&returnLength
) != STATUS_BUFFER_TOO_SMALL)
{
goto CleanupExit;
}
appContainerInfo = PhAllocate(returnLength);
if (!NT_SUCCESS(NtQueryInformationToken(
tokenHandle,
TokenAppContainerSid,
appContainerInfo,
returnLength,
&returnLength
)))
{
goto CleanupExit;
}
if (!NT_SUCCESS(RtlAddSIDToBoundaryDescriptor(&boundaryDescriptorHandle, appContainerInfo->TokenAppContainer)))
goto CleanupExit;
}
}
RtlInitUnicodeString(&prefixNameUs, CorSxSReaderPrivateNamespacePrefix);
InitializeObjectAttributes(
&namespaceObjectAttributes,
&prefixNameUs,
OBJ_CASE_INSENSITIVE,
boundaryDescriptorHandle,
NULL
);
if (!NT_SUCCESS(NtOpenPrivateNamespace(
&privateNamespaceHandle,
MAXIMUM_ALLOWED,
&namespaceObjectAttributes,
boundaryDescriptorHandle
)))
{
goto CleanupExit;
}
RtlInitUnicodeString(§ionNameUs, CorSxSVistaPublicIPCBlock);
InitializeObjectAttributes(
§ionObjectAttributes,
§ionNameUs,
OBJ_CASE_INSENSITIVE,
privateNamespaceHandle,
NULL
);
if (!NT_SUCCESS(NtOpenSection(
&blockTableHandle,
SECTION_MAP_READ,
§ionObjectAttributes
)))
{
goto CleanupExit;
}
if (!NT_SUCCESS(NtMapViewOfSection(
blockTableHandle,
NtCurrentProcess(),
&blockTableAddress,
0,
viewSize,
§ionOffset,
&viewSize,
ViewShare,
0,
PAGE_READONLY
)))
{
goto CleanupExit;
}
*BlockTableHandle = blockTableHandle;
*BlockTableAddress = blockTableAddress;
result = TRUE;
CleanupExit:
if (!result)
{
if (blockTableHandle)
{
NtClose(blockTableHandle);
}
if (blockTableAddress)
{
NtUnmapViewOfSection(NtCurrentProcess(), blockTableAddress);
}
*BlockTableHandle = NULL;
*BlockTableAddress = NULL;
}
if (tokenHandle)
{
NtClose(tokenHandle);
}
if (appContainerInfo)
{
PhFree(appContainerInfo);
}
if (privateNamespaceHandle)
{
NtClose(privateNamespaceHandle);
}
if (everyoneSIDHandle)
{
RtlFreeSid(everyoneSIDHandle);
}
if (boundaryDescriptorHandle)
{
RtlDeleteBoundaryDescriptor(boundaryDescriptorHandle);
}
return result;
}
BOOLEAN OpenDotNetPublicControlBlock_V2(
_In_ HANDLE ProcessId,
_Out_ HANDLE* BlockTableHandle,
_Out_ PVOID* BlockTableAddress
)
{
BOOLEAN result = FALSE;
HANDLE blockTableHandle = NULL;
PVOID blockTableAddress = NULL;
UNICODE_STRING sectionNameUs;
OBJECT_ATTRIBUTES objectAttributes;
LARGE_INTEGER sectionOffset = { 0 };
SIZE_T viewSize = 0;
if (!PhStringRefToUnicodeString(&GenerateLegacyPublicName(ProcessId)->sr, §ionNameUs))
return FALSE;
InitializeObjectAttributes(
&objectAttributes,
§ionNameUs,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
if (!NT_SUCCESS(NtOpenSection(
&blockTableHandle,
SECTION_MAP_READ,
&objectAttributes
)))
{
return FALSE;
}
if (NT_SUCCESS(NtMapViewOfSection(
blockTableHandle,
NtCurrentProcess(),
&blockTableAddress,
0,
viewSize,
§ionOffset,
&viewSize,
ViewShare,
0,
PAGE_READONLY
)))
{
*BlockTableHandle = blockTableHandle;
*BlockTableAddress = blockTableAddress;
return TRUE;
}
if (blockTableHandle)
NtClose(blockTableHandle);
if (blockTableAddress)
NtUnmapViewOfSection(NtCurrentProcess(), blockTableAddress);
return FALSE;
}
PPH_LIST QueryDotNetAppDomainsForPid_V2(
_In_ BOOLEAN Wow64,
_In_ HANDLE ProcessHandle,
_In_ HANDLE ProcessId
)
{
LARGE_INTEGER sectionOffset = { 0 };
SIZE_T viewSize = 0;
OBJECT_ATTRIBUTES objectAttributes;
UNICODE_STRING sectionNameUs;
HANDLE legacyPrivateBlockHandle = NULL;
PVOID ipcControlBlockTable = NULL;
PPH_LIST appDomainsList = NULL;
__try
{
if (!PhStringRefToUnicodeString(&GeneratePrivateName(ProcessId)->sr, §ionNameUs))
__leave;
InitializeObjectAttributes(
&objectAttributes,
§ionNameUs,
0,
NULL,
NULL
);
if (!NT_SUCCESS(NtOpenSection(
&legacyPrivateBlockHandle,
SECTION_MAP_READ,
&objectAttributes
)))
{
__leave;
}
if (!NT_SUCCESS(NtMapViewOfSection(
legacyPrivateBlockHandle,
NtCurrentProcess(),
&ipcControlBlockTable,
0,
viewSize,
§ionOffset,
&viewSize,
ViewShare,
0,
PAGE_READONLY
)))
{
__leave;
}
if (Wow64)
{
LegacyPrivateIPCControlBlock_Wow64* legacyPrivateBlock;
AppDomainEnumerationIPCBlock_Wow64* appDomainEnumBlock;
legacyPrivateBlock = (LegacyPrivateIPCControlBlock_Wow64*)ipcControlBlockTable;
// NOTE: .NET 2.0 processes do not have the IPC_FLAG_INITIALIZED flag.
// Check the IPCControlBlock version is valid.
if (legacyPrivateBlock->FullIPCHeader.Header.Version > VER_LEGACYPRIVATE_IPC_BLOCK)
{
__leave;
}
appDomainEnumBlock = GetLegacyBlockTableEntry(
Wow64,
ipcControlBlockTable,
eLegacyPrivateIPC_AppDomain
);
appDomainsList = EnumerateAppDomainIpcBlockWow64(
ProcessHandle,
appDomainEnumBlock
);
}
else
{
LegacyPrivateIPCControlBlock* legacyPrivateBlock;
AppDomainEnumerationIPCBlock* appDomainEnumBlock;
legacyPrivateBlock = (LegacyPrivateIPCControlBlock*)ipcControlBlockTable;
// NOTE: .NET 2.0 processes do not have the IPC_FLAG_INITIALIZED flag.
// Check the IPCControlBlock version is valid.
if (legacyPrivateBlock->FullIPCHeader.Header.Version > VER_LEGACYPRIVATE_IPC_BLOCK)
{
__leave;
}
appDomainEnumBlock = GetLegacyBlockTableEntry(
Wow64,
ipcControlBlockTable,
eLegacyPrivateIPC_AppDomain
);
appDomainsList = EnumerateAppDomainIpcBlock(
ProcessHandle,
appDomainEnumBlock
);
}
}
__finally
{
if (ipcControlBlockTable)
{
NtUnmapViewOfSection(NtCurrentProcess(), ipcControlBlockTable);
}
if (legacyPrivateBlockHandle)
{
NtClose(legacyPrivateBlockHandle);
}
}
return appDomainsList;
}
_CRTAPI1 main()
{
LONG i, j;
PULONG p4, p3, p2, p1, oldp1, vp1;
ULONG Size1, Size2, Size3;
NTSTATUS status, alstatus;
HANDLE CurrentProcessHandle;
HANDLE GiantSection;
HANDLE Section2, Section4;
MEMORY_BASIC_INFORMATION MemInfo;
ULONG OldProtect;
STRING Name3;
HANDLE Section1;
OBJECT_ATTRIBUTES ObjectAttributes;
OBJECT_ATTRIBUTES Object1Attributes;
ULONG ViewSize;
LARGE_INTEGER Offset;
LARGE_INTEGER SectionSize;
UNICODE_STRING Unicode;
CurrentProcessHandle = NtCurrentProcess();
DbgPrint(" Memory Management Tests - AllocVm, FreeVm, ProtectVm, QueryVm\n");
p1 = (PULONG)0x20020000;
Size1 = 0xbc0000;
alstatus = NtAllocateVirtualMemory (CurrentProcessHandle, (PVOID *)&p1,
0, &Size1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (!NT_SUCCESS(alstatus)) {
DbgPrint("failed first created vm status %X start %lx size %lx\n",
alstatus, (ULONG)p1, Size1);
DbgPrint("******** FAILED TEST 1 **************\n");
}
status = NtQueryVirtualMemory (CurrentProcessHandle, p1,
MemoryBasicInformation,
&MemInfo, sizeof (MEMORY_BASIC_INFORMATION),
NULL);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 2 **************\n");
DbgPrint("FAILURE query vm status %X address %lx Base %lx size %lx\n",
status,
p1,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.Type);
}
if ((MemInfo.RegionSize != Size1) || (MemInfo.BaseAddress != p1) ||
(MemInfo.Protect != PAGE_READWRITE) || (MemInfo.Type != MEM_PRIVATE) ||
(MemInfo.State != MEM_COMMIT)) {
DbgPrint("******** FAILED TEST 3 **************\n");
DbgPrint("FAILURE query vm status %X address %lx Base %lx size %lx\n",
status,
p1,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.Type);
}
p2 = (PULONG)NULL;
Size2 = 0x100000;
alstatus = NtAllocateVirtualMemory (CurrentProcessHandle,
(PVOID *)&p2,
3,
&Size2,
MEM_TOP_DOWN | MEM_RESERVE | MEM_COMMIT,
PAGE_READWRITE);
if (!NT_SUCCESS(alstatus)) {
DbgPrint("failed first created vm status %lC start %lx size %lx\n",
status, (ULONG)p1, Size1);
DbgPrint("******** FAILED TEST 3a.1 **************\n");
NtTerminateProcess(NtCurrentProcess(),status);
}
//
// Touch every other page.
//
vp1 = p2 + 3000;
while (vp1 < (PULONG)((PCHAR)p2 + Size2)) {
*vp1 = 938;
vp1 += 3000;
}
//
// Decommit pages.
//
Size3 = Size2 - 5044;
vp1 = p2 + 3000;
status = NtFreeVirtualMemory (CurrentProcessHandle,
(PVOID *)&p2,
&Size3,
MEM_DECOMMIT);
if (!(NT_SUCCESS(status))) {
DbgPrint(" free vm failed - status %lx\n",status);
DbgPrint("******** FAILED TEST 3a.4 **************\n");
NtTerminateProcess(NtCurrentProcess(),status);
}
//
// Split the memory block using MEM_RELEASE.
//
vp1 = p2 + 5000;
Size3 = Size2 - 50000;
status = NtFreeVirtualMemory (CurrentProcessHandle,
(PVOID *)&vp1,
&Size3,
MEM_RELEASE);
if (!(NT_SUCCESS(status))) {
DbgPrint(" free vm failed - status %lx\n",status);
DbgPrint("******** FAILED TEST 3a.b **************\n");
NtTerminateProcess(NtCurrentProcess(),status);
}
vp1 = p2 + 3000;
Size3 = 41;
status = NtFreeVirtualMemory (CurrentProcessHandle,
(PVOID *)&vp1,
&Size3,
MEM_RELEASE);
if (!(NT_SUCCESS(status))) {
DbgPrint(" free vm failed - status %lx\n",status);
DbgPrint("******** FAILED TEST 3a.5 **************\n");
NtTerminateProcess(NtCurrentProcess(),status);
}
//
// free every page, ignore the status.
//
vp1 = p2;
Size3 = 30;
while (vp1 < (PULONG)((PCHAR)p2 + Size2)) {
status = NtFreeVirtualMemory (CurrentProcessHandle,
(PVOID *)&vp1,
&Size3,
MEM_RELEASE);
vp1 += 128;
}
p2 = (PULONG)NULL;
Size2 = 0x10000;
status = NtAllocateVirtualMemory (CurrentProcessHandle,
(PVOID *)&p2,
3,
&Size2,
MEM_TOP_DOWN | MEM_RESERVE | MEM_COMMIT,
PAGE_READWRITE);
if (!NT_SUCCESS(status)) {
DbgPrint("failed first created vm status %X start %lx size %lx\n",
status, (ULONG)p1, Size1);
DbgPrint("******** FAILED TEST 3.1 **************\n");
} else {
if (p2 != (PVOID)0x1fff0000) {
DbgPrint("******** FAILED TEST 3.2 **************\n");
DbgPrint("p2 = %lx\n",p2);
}
status = NtFreeVirtualMemory (CurrentProcessHandle,
(PVOID *)&p2,
&Size2,
MEM_RELEASE);
if (!(NT_SUCCESS(status))) {
DbgPrint(" free vm failed - status %lx\n",status);
DbgPrint("******** FAILED TEST 3.3 **************\n");
NtTerminateProcess(NtCurrentProcess(),status);
}
}
if (NT_SUCCESS(alstatus)) {
status = NtFreeVirtualMemory (CurrentProcessHandle,
(PVOID *)&p1,
&Size1,
MEM_RELEASE);
}
if (!(NT_SUCCESS(status))) {
DbgPrint(" free vm failed - status %lx\n",status);
DbgPrint("******** FAILED TEST 4 **************\n");
NtTerminateProcess(NtCurrentProcess(),status);
}
p1 = (PULONG)NULL;
Size1 = 16 * 4096;
status = NtAllocateVirtualMemory (CurrentProcessHandle, (PVOID *)&p1,
0, &Size1, MEM_RESERVE, PAGE_READWRITE | PAGE_GUARD);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 5 **************\n");
DbgPrint("created vm status %X start %lx size %lx\n",
status, (ULONG)p1, Size1);
}
status = NtQueryVirtualMemory (CurrentProcessHandle, p1,
MemoryBasicInformation,
&MemInfo, sizeof (MEMORY_BASIC_INFORMATION),
NULL);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 6 **************\n");
DbgPrint("query vm status %X address %lx Base %lx size %lx\n",
status,
p1,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx alloc_protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.AllocationProtect,
MemInfo.Type);
}
if ((MemInfo.RegionSize != Size1) || (MemInfo.BaseAddress != p1) ||
(MemInfo.AllocationProtect != (PAGE_READWRITE | PAGE_GUARD)) ||
(MemInfo.Protect != 0) ||
(MemInfo.Type != MEM_PRIVATE) ||
(MemInfo.State != MEM_RESERVE)) {
DbgPrint("******** FAILED TEST 7 **************\n");
DbgPrint("query vm status %X address %lx Base %lx size %lx\n",
status,
p1,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx alloc_protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.AllocationProtect,
MemInfo.Type);
}
Size2 = 8192;
oldp1 = p1;
p1 = p1 + 14336; // 64k -8k /4
status = NtAllocateVirtualMemory (CurrentProcessHandle, (PVOID *)&p1,
0, &Size2, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 8 **************\n");
DbgPrint("created vm status %X start %lx size %lx\n",
status, (ULONG)p1, Size1);
}
status = NtQueryVirtualMemory (CurrentProcessHandle, oldp1,
MemoryBasicInformation,
&MemInfo, sizeof (MEMORY_BASIC_INFORMATION),
NULL);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 9 **************\n");
DbgPrint("query vm status %X address %lx Base %lx size %lx\n",
status,
oldp1,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.Type);
}
if ((MemInfo.RegionSize != 56*1024) || (MemInfo.BaseAddress != oldp1) ||
(MemInfo.AllocationProtect != (PAGE_READWRITE | PAGE_GUARD)) ||
(MemInfo.Protect != 0) ||
(MemInfo.Type != MEM_PRIVATE) ||
(MemInfo.State != MEM_RESERVE)) {
DbgPrint("******** FAILED TEST 10 **************\n");
DbgPrint("query vm status %X address %lx Base %lx size %lx\n",
status,
oldp1,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx alloc_protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.AllocationProtect,
MemInfo.Type);
}
status = NtQueryVirtualMemory (CurrentProcessHandle, p1,
MemoryBasicInformation,
&MemInfo, sizeof (MEMORY_BASIC_INFORMATION),
NULL);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 11 **************\n");
DbgPrint("query vm status %X address %lx Base %lx size %lx\n",
status,
p1,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.Type);
}
if ((MemInfo.RegionSize != Size2) || (MemInfo.BaseAddress != p1) ||
(MemInfo.Protect != PAGE_EXECUTE_READWRITE) || (MemInfo.Type != MEM_PRIVATE) ||
(MemInfo.State != MEM_COMMIT)
|| (MemInfo.AllocationBase != oldp1)) {
DbgPrint("******** FAILED TEST 12 **************\n");
DbgPrint("query vm status %X address %lx Base %lx size %lx\n",
status,
oldp1,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.Type);
}
Size1 = Size2;
status = NtProtectVirtualMemory (CurrentProcessHandle, (PVOID *)&p1,
&Size1, PAGE_READONLY | PAGE_NOCACHE, &OldProtect);
if ((!NT_SUCCESS(status)) || (OldProtect != PAGE_EXECUTE_READWRITE)) {
DbgPrint("******** FAILED TEST 13 **************\n");
DbgPrint("protected VM status %X, base %lx, size %lx, old protect %lx\n",
status, p1, Size1, OldProtect);
}
status = NtQueryVirtualMemory (CurrentProcessHandle, p1,
MemoryBasicInformation,
&MemInfo, sizeof (MEMORY_BASIC_INFORMATION),
NULL);
if ((!NT_SUCCESS(status)) ||
MemInfo.Protect != (PAGE_NOCACHE | PAGE_READONLY)) {
DbgPrint("******** FAILED TEST 14 **************\n");
DbgPrint("query vm status %X address %lx Base %lx size %lx\n",
status,
p1,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.Type);
}
i = *p1;
status = NtProtectVirtualMemory (CurrentProcessHandle, (PVOID *)&p1,
&Size1, PAGE_NOACCESS | PAGE_NOCACHE, &OldProtect);
if (status != STATUS_INVALID_PAGE_PROTECTION) {
DbgPrint("******** FAILED TEST 15 **************\n");
DbgPrint("protected VM status %X, base %lx, size %lx, old protect %lx\n",
status, p1, Size1, OldProtect, i);
}
status = NtProtectVirtualMemory (CurrentProcessHandle, (PVOID *)&p1,
&Size1, PAGE_READONLY, &OldProtect);
if ((!NT_SUCCESS(status)) || (OldProtect != (PAGE_NOCACHE | PAGE_READONLY))) {
DbgPrint("******** FAILED TEST 16 **************\n");
DbgPrint("protected VM status %X, base %lx, size %lx, old protect %lx\n",
status, p1, Size1, OldProtect);
}
status = NtProtectVirtualMemory (CurrentProcessHandle, (PVOID *)&p1,
&Size1, PAGE_READWRITE, &OldProtect);
if ((!NT_SUCCESS(status)) || (OldProtect != (PAGE_READONLY))) {
DbgPrint("******** FAILED TEST 17 **************\n");
DbgPrint("protected VM status %X, base %lx, size %lx, old protect %lx\n",
status, p1, Size1, OldProtect);
}
for (i = 1; i < 12; i++) {
p2 = (PULONG)NULL;
Size2 = i * 4096;
status = NtAllocateVirtualMemory (CurrentProcessHandle, (PVOID *)&p2,
0, &Size2, MEM_COMMIT, PAGE_READWRITE);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 18 **************\n");
DbgPrint("created vm status %X start %lx size %lx\n",
status, (ULONG)p2, Size2);
}
if (i==4) {
p3 = p2;
}
if (i == 8) {
Size3 = 12000;
status = NtFreeVirtualMemory (CurrentProcessHandle,(PVOID *)&p3, &Size3,
MEM_RELEASE);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 19 **************\n");
DbgPrint("free vm status %X start %lx size %lx\n",
status, (ULONG)p3, Size3);
}
}
}
p3 = p1 + 8 * 1024;
status = NtQueryVirtualMemory (CurrentProcessHandle, p3,
MemoryBasicInformation,
&MemInfo, sizeof (MEMORY_BASIC_INFORMATION),
NULL);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 20 **************\n");
DbgPrint("query vm status %X address %lx Base %lx size %lx\n",
status,
p3,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.Type);
}
p3 = p1 - 8 * 1024;
status = NtQueryVirtualMemory (CurrentProcessHandle, p3,
MemoryBasicInformation,
&MemInfo, sizeof (MEMORY_BASIC_INFORMATION),
NULL);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 21 **************\n");
DbgPrint("query vm status %X address %lx Base %lx size %lx\n",
status,
p3,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.Type);
}
Size3 = 16 * 4096;
status = NtFreeVirtualMemory (CurrentProcessHandle, (PVOID *)&p3, &Size3,
MEM_RELEASE);
if (status != STATUS_UNABLE_TO_FREE_VM) {
DbgPrint("******** FAILED TEST 22 **************\n");
DbgPrint("free vm status %X start %lx size %lx\n",
status, (ULONG)p3, Size3);
}
Size3 = 1 * 4096;
status = NtFreeVirtualMemory (CurrentProcessHandle, (PVOID *)&p3, &Size3,
MEM_RELEASE);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 23 **************\n");
DbgPrint("free vm status %X start %lx size %lx\n",
status, (ULONG)p3, Size3);
}
p3 = (PULONG)NULL;
Size3 = 300 * 4096;
status = NtAllocateVirtualMemory (CurrentProcessHandle, (PVOID *)&p3,
0, &Size3, MEM_COMMIT, PAGE_READWRITE);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 24 **************\n");
DbgPrint("created vm status %X start %lx size %lx\n",
status, (ULONG)p3, Size3);
}
p1 = p3;
p2 = ((PULONG)((PUCHAR)p3 + Size3));
p4 = p1;
j = 0;
while (p3 < p2) {
j += 1;
if (j % 8 == 0) {
if (*p4 != (ULONG)p4) {
DbgPrint("bad value in xcell %lx value is %lx\n",p4, *p4);
}
p4 += 1;
*p4 = (ULONG)p4;
p4 = p4 + 1026;
}
*p3 = (ULONG)p3;
p3 += 1027;
}
DbgPrint("checking values\n");
status = NtQueryVirtualMemory (CurrentProcessHandle, p3,
MemoryBasicInformation,
&MemInfo, sizeof (MEMORY_BASIC_INFORMATION),
NULL);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 25 **************\n");
DbgPrint("query vm status %X address %lx Base %lx size %lx\n",
status,
p3,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.Type);
}
p3 = p1;
while (p3 < p2) {
if (*p3 != (ULONG)p3) {
DbgPrint("bad value in 1cell %lx value is %lx\n",p3, *p3);
}
p3 += 1027;
}
p3 = p1;
while (p3 < p2) {
if (*p3 != (ULONG)p3) {
DbgPrint("bad value in 2cell %lx value is %lx\n",p3, *p3);
}
p3 += 1027;
}
p3 = p1;
while (p3 < p2) {
if (*p3 != (ULONG)p3) {
DbgPrint("bad value in 3cell %lx value is %lx\n",p3, *p3);
}
p3 += 1027;
}
p3 = p1;
while (p3 < p2) {
if (*p3 != (ULONG)p3) {
DbgPrint("bad value in 4cell %lx value is %lx\n",p3, *p3);
}
p3 += 1027;
}
p3 = p1;
while (p3 < p2) {
if (*p3 != (ULONG)p3) {
DbgPrint("bad value in 5cell %lx value is %lx\n",p3, *p3);
}
p3 += 1027;
}
p3 = p1;
while (p3 < p2) {
if (*p3 != (ULONG)p3) {
DbgPrint("bad value in cell %lx value is %lx\n",p3, *p3);
}
p3 += 1027;
}
//
// Check physical frame mapping.
//
//
// Check physical frame mapping.
//
RtlInitAnsiString (&Name3, "\\Device\\PhysicalMemory");
status = RtlAnsiStringToUnicodeString(&Unicode,&Name3,TRUE);
if (!NT_SUCCESS(status)) {
printf("string conversion failed status %lx\n", status);
ExitProcess (status);
}
InitializeObjectAttributes( &ObjectAttributes,
&Unicode,
OBJ_CASE_INSENSITIVE,
NULL,
NULL );
status = NtOpenSection ( &Section1,
SECTION_MAP_READ | SECTION_MAP_WRITE,
&ObjectAttributes );
RtlFreeUnicodeString(&Unicode);
if (status != 0) {
DbgPrint("******** FAILED TEST 26 **************\n");
DbgPrint("open physical section failed %lx\n", status);
}
p1 = NULL;
Offset.LowPart = 0x810ff033;
Offset.HighPart = 0;
ViewSize = 300*4096;
status = NtMapViewOfSection (Section1,
NtCurrentProcess(),
(PVOID *)&p1,
0,
ViewSize,
&Offset,
&ViewSize,
ViewUnmap,
0,
PAGE_READWRITE
);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 27 **************\n");
DbgPrint ("map physical section %X offset = %lx, base %lx\n",status,
Offset.LowPart, p1);
}
p1 = NULL;
Size1 = 8 * 1024 * 1024;
alstatus = NtAllocateVirtualMemory (CurrentProcessHandle, (PVOID *)&p1,
0, &Size1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (!NT_SUCCESS(alstatus)) {
DbgPrint("failed first created vm status %X start %lx size %lx\n",
alstatus, (ULONG)p1, Size1);
DbgPrint("******** FAILED TEST 28 **************\n");
}
RtlZeroMemory (p1, Size1);
Size1 -= 20000;
(PUCHAR)p1 += 5000;
status = NtFreeVirtualMemory (CurrentProcessHandle,
(PVOID *)&p1,
&Size1 ,
MEM_DECOMMIT);
if (!(NT_SUCCESS(status))) {
DbgPrint(" free vm failed - status %lx\n",status);
DbgPrint("******** FAILED TEST 29 **************\n");
NtTerminateProcess(NtCurrentProcess(),status);
}
Size1 -= 20000;
(PUCHAR)p1 += 5000;
alstatus = NtAllocateVirtualMemory (CurrentProcessHandle, (PVOID *)&p1,
0, &Size1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (!NT_SUCCESS(alstatus)) {
DbgPrint("failed first created vm status %X start %lx size %lx\n",
alstatus, (ULONG)p1, Size1);
DbgPrint("******** FAILED TEST 30 **************\n");
}
RtlZeroMemory (p1, Size1);
Size1 = 28 * 4096;
p1 = NULL;
status = NtAllocateVirtualMemory (CurrentProcessHandle, (PVOID *)&p1,
0, &Size1, MEM_COMMIT, PAGE_READWRITE | PAGE_GUARD);
if (!NT_SUCCESS(status)) {
DbgPrint("failed first created vm status %X start %lx size %lx\n",
status, (ULONG)p1, Size1);
DbgPrint("******** FAILED TEST 31 **************\n");
}
try {
//
// attempt to write the guard page.
//
*p1 = 973;
DbgPrint("************ FAILURE TEST 31.3 guard page exception did not occur\n");
} except (EXCEPTION_EXECUTE_HANDLER) {
status = GetExceptionCode();
if (status != STATUS_GUARD_PAGE_VIOLATION) {
DbgPrint("******** FAILED TEST 32 ******\n");
}
}
p2 = NULL;
Size2 = 200*1024*1024; //200MB
status = NtAllocateVirtualMemory (CurrentProcessHandle, (PVOID *)&p2,
0, &Size2, MEM_COMMIT, PAGE_READWRITE);
if (NT_SUCCESS(status)) {
status = NtFreeVirtualMemory (CurrentProcessHandle,
(PVOID *)&p2,
&Size2,
MEM_RELEASE);
} else {
if ((status != STATUS_COMMITMENT_LIMIT) &&
(status != STATUS_PAGEFILE_QUOTA_EXCEEDED)) {
DbgPrint("******** FAILED TEST 33 ************** %lx\n",status);
}
}
//
// Create a giant section (2gb)
//
InitializeObjectAttributes( &Object1Attributes,
NULL,
0,
NULL,
NULL );
SectionSize.LowPart = 0x7f000000;
SectionSize.HighPart = 0;
status = NtCreateSection (&GiantSection,
SECTION_MAP_READ | SECTION_MAP_WRITE,
&Object1Attributes,
&SectionSize,
PAGE_READWRITE,
SEC_RESERVE,
NULL);
if (!NT_SUCCESS(status)) {
DbgPrint("failed create big section status %X\n",
status);
DbgPrint("******** FAILED TEST 41 **************\n");
}
//
// Attempt to map the section (this should fail).
//
p1 = NULL;
ViewSize = 0;
status = NtMapViewOfSection (GiantSection,
CurrentProcessHandle,
(PVOID *)&p1,
0L,
0,
0,
&ViewSize,
ViewUnmap,
0,
PAGE_READWRITE );
if (status != STATUS_NO_MEMORY) {
DbgPrint("failed map big section status %X\n",
status);
DbgPrint("******** FAILED TEST 42 **************\n");
}
#ifdef i386
//
// Test MEM_DOS_LIM support.
//
InitializeObjectAttributes( &Object1Attributes,
NULL,
OBJ_CASE_INSENSITIVE,
NULL,
NULL );
SectionSize.LowPart = 1575757,
SectionSize.HighPart = 0;
status = NtCreateSection (&Section4,
SECTION_MAP_READ | SECTION_MAP_WRITE,
&Object1Attributes,
&SectionSize,
PAGE_READWRITE,
SEC_COMMIT,
NULL);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 42 **************\n");
DbgPrint("t1 create section status %X section handle %lx\n", status,
(ULONG)Section4);
}
p3 = (PVOID)0x9001000;
ViewSize = 8000;
status = NtMapViewOfSection (Section4,
CurrentProcessHandle,
(PVOID *)&p3,
0L,
0,
0,
&ViewSize,
ViewUnmap,
MEM_DOS_LIM,
PAGE_READWRITE );
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 43 **************\n");
DbgPrint("t1 map section status %X base %lx size %lx\n", status, (ULONG)p3,
ViewSize);
NtTerminateProcess(NtCurrentProcess(),STATUS_SUCCESS);
}
p2 = (PVOID)0x9003000;
ViewSize = 8000;
status = NtMapViewOfSection (Section4,
CurrentProcessHandle,
(PVOID *)&p2,
0L,
0,
0,
&ViewSize,
ViewUnmap,
MEM_DOS_LIM,
PAGE_READWRITE );
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 44 **************\n");
DbgPrint("t1 map section status %X base %lx size %lx\n", status, (ULONG)p3,
ViewSize);
NtTerminateProcess(NtCurrentProcess(),STATUS_SUCCESS);
}
status = NtQueryVirtualMemory (CurrentProcessHandle, p3,
MemoryBasicInformation,
&MemInfo, sizeof (MEMORY_BASIC_INFORMATION),
NULL);
if (!NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 44 **************\n");
DbgPrint("FAILURE query vm status %X address %lx Base %lx size %lx\n",
status,
p1,
MemInfo.BaseAddress,
MemInfo.RegionSize);
DbgPrint(" state %lx protect %lx type %lx\n",
MemInfo.State,
MemInfo.Protect,
MemInfo.Type);
}
*p3 = 98;
if (*p3 != *p2) {
DbgPrint("******** FAILED TEST 45 **************\n");
}
Size2 = 8;
p1 = (PVOID)((ULONG)p2 - 0x3000);
status = NtAllocateVirtualMemory (CurrentProcessHandle, (PVOID *)&p1,
0, &Size2, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (NT_SUCCESS(status)) {
DbgPrint("******** FAILED TEST 46 **************\n");
DbgPrint("created vm status %X start %lx size %lx\n",
status, (ULONG)p1, Size1);
}
#endif
DbgPrint(" End of Memory Management Tests - CreateSection, MapView\n");
DbgPrint("creating too much virtual address space\n");
i = 0;
do {
p2 = NULL;
Size2 = 8*1024*1024 + 9938;
i += 1;
status = NtAllocateVirtualMemory (CurrentProcessHandle, (PVOID *)&p2,
0, &Size2, MEM_RESERVE, PAGE_READWRITE);
} while (NT_SUCCESS (status));
if (status != STATUS_NO_MEMORY) {
DbgPrint("******** FAILED TEST 46 **************\n");
}
DbgPrint("created vm done (successfully) status %X, number of allocs %ld\n",
status, i);
DbgPrint(" End of Memory Management Tests - AllocVm, FreeVm, ProtectVm, QueryVm\n");
{
ULONG size, Size;
PVOID BaseAddress;
NTSTATUS Status;
Size = 50*1024;
size = Size - 1;
BaseAddress = (PVOID)1;
// we pass an address of 1, so mm will round it down to 0. if we
// passed 0, it looks like a not present argument
// N.B. We have to make two separate calls to allocatevm, because
// we want a specific virtual address. If we don't first reserve
// the address, the mm fails the commit call.
Status = NtAllocateVirtualMemory( NtCurrentProcess(),
&BaseAddress,
0L,
&size,
MEM_RESERVE,
PAGE_READWRITE );
if (!NT_SUCCESS(Status)) {
DbgPrint("NtReserveVirtualMemory failed !!!! Status = %lx\n",
Status);
}
size = Size - 1;
BaseAddress = (PVOID)1;
Status = NtAllocateVirtualMemory( NtCurrentProcess(),
&BaseAddress,
0L,
&size,
MEM_COMMIT,
PAGE_READWRITE );
if (!NT_SUCCESS(Status)) {
DbgPrint("NtCommitVirtualMemory failed !!!! Status = %lx\n",
Status);
}
}
ExitProcess (0);
}
/*
* supQuerySectionFileInfo
*
* Purpose:
*
* Query section object type File + Image description from version info block
*
*/
BOOL supQuerySectionFileInfo(
_In_opt_ HANDLE hRootDirectory,
_In_ PUNICODE_STRING ObjectName,
_Inout_ LPWSTR Buffer,
_In_ DWORD ccBuffer //size of buffer in chars
)
{
HANDLE hSection;
PVOID vinfo;
LPWSTR pcValue, lpszFileName, lpszKnownDlls;
LPTRANSLATE lpTranslate;
SIZE_T cLength = 0;
NTSTATUS status;
DWORD dwHandle = 0, dwSize, dwInfoSize;
BOOL bResult, cond = FALSE;
OBJECT_ATTRIBUTES Obja;
SECTION_BASIC_INFORMATION sbi;
SECTION_IMAGE_INFORMATION sii;
WCHAR szQueryBlock[MAX_PATH];
bResult = FALSE;
if (
(ObjectName == NULL) ||
(Buffer == NULL) ||
(ccBuffer == 0)
)
{
return bResult;
}
vinfo = NULL;
lpszFileName = NULL;
hSection = NULL;
lpszKnownDlls = NULL;
do {
//oleaut32.dll does not have FileDescription
// open section with query access
InitializeObjectAttributes(&Obja, ObjectName, OBJ_CASE_INSENSITIVE, hRootDirectory, NULL);
status = NtOpenSection(&hSection, SECTION_QUERY, &Obja);
if (!NT_SUCCESS(status))
break;
// query section flags
RtlSecureZeroMemory(&sbi, sizeof(sbi));
status = NtQuerySection(hSection, SectionBasicInformation, (PVOID)&sbi, sizeof(sbi), &cLength);
if (!NT_SUCCESS(status))
break;
// check if section is SEC_IMAGE | SEC_FILE
if (!((sbi.AllocationAttributes & SEC_IMAGE) && (sbi.AllocationAttributes & SEC_FILE)))
break;
// check image machine type
RtlSecureZeroMemory(&sii, sizeof(sii));
status = NtQuerySection(hSection, SectionImageInformation, (PVOID)&sii, sizeof(sii), &cLength);
if (!NT_SUCCESS(status))
break;
// select proper decoded KnownDlls path
if (sii.Machine == IMAGE_FILE_MACHINE_I386) {
lpszKnownDlls = g_lpKnownDlls32;
}
else if (sii.Machine == IMAGE_FILE_MACHINE_AMD64) {
lpszKnownDlls = g_lpKnownDlls64;
}
// paranoid
if (lpszKnownDlls == NULL) {
RtlSecureZeroMemory(szQueryBlock, sizeof(szQueryBlock));
GetSystemDirectory(szQueryBlock, MAX_PATH);
lpszKnownDlls = szQueryBlock;
}
// allocate memory buffer to store full filename
// KnownDlls + \\ + Object->Name + \0
cLength = (_strlen(lpszKnownDlls) * sizeof(WCHAR)) +
(_strlen(ObjectName->Buffer) * sizeof(WCHAR)) + 2 * sizeof(WCHAR);
lpszFileName = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cLength);
if (lpszFileName == NULL)
break;
// construct target filepath
_strcpy(lpszFileName, lpszKnownDlls);
_strcat(lpszFileName, L"\\");
_strcat(lpszFileName, ObjectName->Buffer);
// query size of version info
dwSize = GetFileVersionInfoSize(lpszFileName, &dwHandle);
if (dwSize == 0)
break;
// allocate memory for version_info structure
vinfo = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize);
if (vinfo == NULL)
break;
// query it from file
if (!GetFileVersionInfo(lpszFileName, 0, dwSize, vinfo))
break;
// query codepage and language id info
if (!VerQueryValue(vinfo, VERSION_TRANSLATION, &lpTranslate, (PUINT)&dwInfoSize))
break;
if (dwInfoSize == 0)
break;
// query filedescription from file with given codepage & language id
RtlSecureZeroMemory(szQueryBlock, sizeof(szQueryBlock));
wsprintf(szQueryBlock, VERSION_DESCRIPTION,
lpTranslate[0].wLanguage, lpTranslate[0].wCodePage);
// finally query pointer to version_info filedescription block data
pcValue = NULL;
dwInfoSize = 0;
bResult = VerQueryValue(vinfo, szQueryBlock, &pcValue, (PUINT)&dwInfoSize);
if (bResult) {
_strncpy(Buffer, ccBuffer, pcValue, dwInfoSize);
}
} while (cond);
if (hSection) NtClose(hSection);
if (vinfo) HeapFree(GetProcessHeap(), 0, vinfo);
if (lpszFileName) HeapFree(GetProcessHeap(), 0, lpszFileName);
return bResult;
}
