NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid) { ULONG SidSize = 0; PISID NewSid, Sid = (PISID)InputSid; NTSTATUS Status; PAGED_CODE(); if (AccessMode != KernelMode) { _SEH2_TRY { ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR)); SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount); ProbeForRead(Sid, SidSize, sizeof(UCHAR)); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Return the exception code */ _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; /* allocate a SID and copy it */ NewSid = ExAllocatePool(PoolType, SidSize); if (NewSid != NULL) { _SEH2_TRY { RtlCopyMemory(NewSid, Sid, SidSize); *CapturedSid = NewSid; } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Free the SID and return the exception code */ ExFreePoolWithTag(NewSid, TAG_SID); _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl) { PACL NewAcl; ULONG AclSize = 0; NTSTATUS Status = STATUS_SUCCESS; PAGED_CODE(); if (AccessMode != KernelMode) { _SEH2_TRY { ProbeForRead(InputAcl, sizeof(ACL), sizeof(ULONG)); AclSize = InputAcl->AclSize; ProbeForRead(InputAcl, AclSize, sizeof(ULONG)); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Return the exception code */ _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; NewAcl = ExAllocatePoolWithTag(PoolType, AclSize, TAG_ACL); if (NewAcl != NULL) { _SEH2_TRY { RtlCopyMemory(NewAcl, InputAcl, AclSize); *CapturedAcl = NewAcl; } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Free the ACL and return the exception code */ ExFreePoolWithTag(NewAcl, TAG_ACL); _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
/* * @implemented */ NTSTATUS NTAPI NtQueryDefaultUILanguage(OUT LANGID* LanguageId) { NTSTATUS Status = STATUS_SUCCESS; PAGED_CODE(); /* Enter SEH for probing */ _SEH2_TRY { /* Check if we came from user mode */ if (KeGetPreviousMode() != KernelMode) { /* Probe the Language ID */ ProbeForWriteLangid(LanguageId); } /* Call the executive helper routine */ Status = ExpGetCurrentUserUILanguage(L"MultiUILanguageId", LanguageId); if (NT_SUCCESS(Status)) { /* Success, return the language */ *LanguageId = PsInstallUILanguageId; } } _SEH2_EXCEPT(ExSystemExceptionFilter()) { /* Get exception code */ Status = _SEH2_GetExceptionCode(); } _SEH2_END; /* Return status */ return Status; }
/* * NtUserGetKeyboardLayoutName * * Returns KLID of current thread keyboard layout */ BOOL APIENTRY NtUserGetKeyboardLayoutName( LPWSTR pwszName) { BOOL bRet = FALSE; PKL pKl; PTHREADINFO pti; UserEnterShared(); pti = PsGetCurrentThreadWin32Thread(); pKl = pti->KeyboardLayout; if (!pKl) goto cleanup; _SEH2_TRY { ProbeForWrite(pwszName, KL_NAMELENGTH*sizeof(WCHAR), 1); wcscpy(pwszName, pKl->spkf->awchKF); bRet = TRUE; } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { SetLastNtError(_SEH2_GetExceptionCode()); } _SEH2_END; cleanup: UserLeave(); return bRet; }
/*++ * @name NtQuerySecurityObject * @implemented NT4 * * The NtQuerySecurityObject routine <FILLMEIN> * * @param Handle * <FILLMEIN> * * @param SecurityInformation * <FILLMEIN> * * @param SecurityDescriptor * <FILLMEIN> * * @param Length * <FILLMEIN> * * @param ResultLength * <FILLMEIN> * * @return STATUS_SUCCESS or appropriate error value. * * @remarks None. * *--*/ NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength) { KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); PVOID Object; POBJECT_HEADER Header; POBJECT_TYPE Type; ACCESS_MASK DesiredAccess; NTSTATUS Status; PAGED_CODE(); /* Check if we came from user mode */ if (PreviousMode != KernelMode) { /* Enter SEH */ _SEH2_TRY { /* Probe the SD and the length pointer */ ProbeForWrite(SecurityDescriptor, Length, sizeof(ULONG)); ProbeForWriteUlong(ResultLength); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Return the exception code */ _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
/* * @implemented */ NTSTATUS NTAPI NtCreateSemaphore(OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN LONG InitialCount, IN LONG MaximumCount) { PKSEMAPHORE Semaphore; HANDLE hSemaphore; KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); NTSTATUS Status; PAGED_CODE(); /* Check if we were called from user-mode */ if (PreviousMode != KernelMode) { /* Enter SEH Block */ _SEH2_TRY { /* Check handle pointer */ ProbeForWriteHandle(SemaphoreHandle); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Return the exception code */ _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
HANDLE APIENTRY NtUserSetClipboardData(UINT fmt, HANDLE hData, PSETCLIPBDATA pUnsafeScd) { SETCLIPBDATA scd; HANDLE hRet; TRACE("NtUserSetClipboardData(%x %p %p)\n", fmt, hData, pUnsafeScd); _SEH2_TRY { ProbeForRead(pUnsafeScd, sizeof(*pUnsafeScd), 1); RtlCopyMemory(&scd, pUnsafeScd, sizeof(scd)); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { SetLastNtError(_SEH2_GetExceptionCode()); _SEH2_YIELD(return NULL;) } _SEH2_END UserEnterExclusive(); /* Call internal function */ hRet = UserSetClipboardData(fmt, hData, &scd); UserLeave(); return hRet; }
/* * @implemented */ NTSTATUS NTAPI LdrFindResource_U(PVOID BaseAddress, PLDR_RESOURCE_INFO ResourceInfo, ULONG Level, PIMAGE_RESOURCE_DATA_ENTRY* ResourceDataEntry) { void *res; NTSTATUS status = STATUS_SUCCESS; _SEH2_TRY { if (ResourceInfo) { DPRINT( "module %p type %ws name %ws lang %04lx level %lu\n", BaseAddress, (LPCWSTR)ResourceInfo->Type, Level > 1 ? (LPCWSTR)ResourceInfo->Name : L"", Level > 2 ? ResourceInfo->Language : 0, Level ); } status = find_entry( BaseAddress, ResourceInfo, Level, &res, FALSE ); if (NT_SUCCESS(status)) *ResourceDataEntry = res; } _SEH2_EXCEPT(page_fault(_SEH2_GetExceptionCode())) { status = _SEH2_GetExceptionCode(); } _SEH2_END; return status; }
/* * @unimplemented */ NTSTATUS NTAPI NtCreateJobObject ( PHANDLE JobHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes ) { HANDLE hJob; PEJOB Job; KPROCESSOR_MODE PreviousMode; PEPROCESS CurrentProcess; NTSTATUS Status; PAGED_CODE(); PreviousMode = ExGetPreviousMode(); CurrentProcess = PsGetCurrentProcess(); /* check for valid buffers */ if (PreviousMode != KernelMode) { _SEH2_TRY { ProbeForWriteHandle(JobHandle); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
/* * @implemented */ NTSTATUS NTAPI NtReplyPort(IN HANDLE PortHandle, IN PPORT_MESSAGE ReplyMessage) { PLPCP_PORT_OBJECT Port; KPROCESSOR_MODE PreviousMode = KeGetPreviousMode(); NTSTATUS Status; PLPCP_MESSAGE Message; PETHREAD Thread = PsGetCurrentThread(), WakeupThread; //PORT_MESSAGE CapturedReplyMessage; PAGED_CODE(); LPCTRACE(LPC_REPLY_DEBUG, "Handle: %p. Message: %p.\n", PortHandle, ReplyMessage); if (KeGetPreviousMode() == UserMode) { _SEH2_TRY { ProbeForRead(ReplyMessage, sizeof(PORT_MESSAGE), sizeof(ULONG)); /*RtlCopyMemory(&CapturedReplyMessage, ReplyMessage, sizeof(PORT_MESSAGE)); ReplyMessage = &CapturedReplyMessage;*/ } _SEH2_EXCEPT(ExSystemExceptionFilter()) { DPRINT1("SEH crash [1]\n"); DbgBreakPoint(); _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
/* * @implemented */ NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId) { LUID NewLuid; KPROCESSOR_MODE PreviousMode; NTSTATUS Status; PAGED_CODE(); PreviousMode = ExGetPreviousMode(); if(PreviousMode != KernelMode) { _SEH2_TRY { ProbeForWrite(LocallyUniqueId, sizeof(LUID), sizeof(ULONG)); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
HANDLE APIENTRY NtGdiCreateColorSpace( IN PLOGCOLORSPACEEXW pLogColorSpace) { LOGCOLORSPACEEXW Safelcs; NTSTATUS Status = STATUS_SUCCESS; _SEH2_TRY { ProbeForRead( pLogColorSpace, sizeof(LOGCOLORSPACEEXW), 1); RtlCopyMemory(&Safelcs, pLogColorSpace, sizeof(LOGCOLORSPACEEXW)); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { Status = _SEH2_GetExceptionCode(); } _SEH2_END; if (!NT_SUCCESS(Status)) { SetLastNtError(Status); return NULL; } return IntGdiCreateColorSpace(&Safelcs); }
/* * @implemented */ NTSTATUS NTAPI NtOpenProcessTokenEx(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle) { PACCESS_TOKEN Token; HANDLE hToken; KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); NTSTATUS Status; PAGED_CODE(); PSTRACE(PS_SECURITY_DEBUG, "Process: %p DesiredAccess: %lx\n", ProcessHandle, DesiredAccess); /* Check if caller was user-mode */ if (PreviousMode != KernelMode) { /* Enter SEH for probing */ _SEH2_TRY { /* Probe the token handle */ ProbeForWriteHandle(TokenHandle); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Return the exception code */ _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
NTSTATUS NTAPI NtAlertResumeThread(IN HANDLE ThreadHandle, OUT PULONG SuspendCount) { KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); PETHREAD Thread; NTSTATUS Status; ULONG PreviousState; /* Check if we came from user mode with a suspend count */ if ((SuspendCount) && (PreviousMode != KernelMode)) { /* Enter SEH for probing */ _SEH2_TRY { /* Probe the count */ ProbeForWriteUlong(SuspendCount); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Return the exception code */ _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
DWORD APIENTRY NtGdiGetFontData( HDC hDC, DWORD Table, DWORD Offset, LPVOID Buffer, DWORD Size) { PDC Dc; PDC_ATTR pdcattr; HFONT hFont; PTEXTOBJ TextObj; PFONTGDI FontGdi; DWORD Result = GDI_ERROR; NTSTATUS Status = STATUS_SUCCESS; if (Buffer && Size) { _SEH2_TRY { ProbeForRead(Buffer, Size, 1); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { Status = _SEH2_GetExceptionCode(); } _SEH2_END }
INT APIENTRY NtGdiGetAppClipBox(HDC hDC, PRECTL rc) { INT Ret; NTSTATUS Status = STATUS_SUCCESS; RECTL Saferect; Ret = GdiGetClipBox(hDC, &Saferect); _SEH2_TRY { ProbeForWrite(rc, sizeof(RECT), 1); *rc = Saferect; } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { Status = _SEH2_GetExceptionCode(); } _SEH2_END; if(!NT_SUCCESS(Status)) { SetLastNtError(Status); return ERROR; } return Ret; }
NTSTATUS NTAPI NtCancelTimer(IN HANDLE TimerHandle, OUT PBOOLEAN CurrentState OPTIONAL) { PETIMER Timer; KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); BOOLEAN State; KIRQL OldIrql; PETHREAD TimerThread; ULONG DerefsToDo = 1; NTSTATUS Status; PAGED_CODE(); /* Check if we need to probe */ if ((CurrentState) && (PreviousMode != KernelMode)) { _SEH2_TRY { /* Make sure the pointer is valid */ ProbeForWriteBoolean(CurrentState); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Return the exception code */ _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
NTSTATUS NTAPI NtCreateEventPair(OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes) { PKEVENT_PAIR EventPair; HANDLE hEventPair; KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); NTSTATUS Status; PAGED_CODE(); DPRINT("NtCreateEventPair: 0x%p\n", EventPairHandle); /* Check if we were called from user-mode */ if (PreviousMode != KernelMode) { /* Enter SEH Block */ _SEH2_TRY { /* Check handle pointer */ ProbeForWriteHandle(EventPairHandle); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Return the exception code */ _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
static NTSTATUS LdrpAccessResource( PVOID BaseAddress, IMAGE_RESOURCE_DATA_ENTRY *entry, void **ptr, ULONG *size ) #endif { NTSTATUS status = STATUS_SUCCESS; _SEH2_TRY { ULONG dirsize; if (!RtlImageDirectoryEntryToData( BaseAddress, TRUE, IMAGE_DIRECTORY_ENTRY_RESOURCE, &dirsize )) status = STATUS_RESOURCE_DATA_NOT_FOUND; else { if (ptr) { if (is_data_file_module(BaseAddress)) { PVOID mod = (PVOID)((ULONG_PTR)BaseAddress & ~1); *ptr = RtlImageRvaToVa( RtlImageNtHeader(mod), mod, entry->OffsetToData, NULL ); } else *ptr = (char *)BaseAddress + entry->OffsetToData; } if (size) *size = entry->Size; } } _SEH2_EXCEPT(page_fault(_SEH2_GetExceptionCode())) { status = _SEH2_GetExceptionCode(); } _SEH2_END; return status; }
NTSTATUS NTAPI NtCreateIoCompletion(OUT PHANDLE IoCompletionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG NumberOfConcurrentThreads) { PKQUEUE Queue; HANDLE hIoCompletionHandle; KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); NTSTATUS Status; PAGED_CODE(); /* Check if this was a user-mode call */ if (PreviousMode != KernelMode) { /* Wrap probing in SEH */ _SEH2_TRY { /* Probe the handle */ ProbeForWriteHandle(IoCompletionHandle); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Return the exception code */ _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
/* * @implemented */ NTSTATUS NTAPI NtQueryInstallUILanguage(OUT LANGID* LanguageId) { NTSTATUS Status = STATUS_SUCCESS; PAGED_CODE(); /* Enter SEH for probing */ _SEH2_TRY { /* Check if we came from user mode */ if (KeGetPreviousMode() != KernelMode) { /* Probe the Language ID */ ProbeForWriteLangid(LanguageId); } /* Return it */ *LanguageId = PsInstallUILanguageId; } _SEH2_EXCEPT(ExSystemExceptionFilter()) { /* Get exception code */ Status = _SEH2_GetExceptionCode(); } _SEH2_END; /* Return status */ return Status; }
/* * @implemented */ NTSTATUS NTAPI NtCreateEvent(OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN EVENT_TYPE EventType, IN BOOLEAN InitialState) { KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); PKEVENT Event; HANDLE hEvent; NTSTATUS Status; PAGED_CODE(); DPRINT("NtCreateEvent(0x%p, 0x%x, 0x%p)\n", EventHandle, DesiredAccess, ObjectAttributes); /* Check if we were called from user-mode */ if (PreviousMode != KernelMode) { /* Enter SEH Block */ _SEH2_TRY { /* Check handle pointer */ ProbeForWriteHandle(EventHandle); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Return the exception code */ _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
/* * @implemented */ NTSTATUS NTAPI NtReplyPort(IN HANDLE PortHandle, IN PPORT_MESSAGE ReplyMessage) { NTSTATUS Status; KPROCESSOR_MODE PreviousMode = KeGetPreviousMode(); PORT_MESSAGE CapturedReplyMessage; PLPCP_PORT_OBJECT Port; PLPCP_MESSAGE Message; PETHREAD Thread = PsGetCurrentThread(), WakeupThread; PAGED_CODE(); LPCTRACE(LPC_REPLY_DEBUG, "Handle: %p. Message: %p.\n", PortHandle, ReplyMessage); /* Check if the call comes from user mode */ if (PreviousMode != KernelMode) { _SEH2_TRY { ProbeForRead(ReplyMessage, sizeof(*ReplyMessage), sizeof(ULONG)); CapturedReplyMessage = *(volatile PORT_MESSAGE*)ReplyMessage; } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
/* * FUNCTION: Sets the system time. * PARAMETERS: * NewTime - Points to a variable that specified the new time * of day in the standard time format. * OldTime - Optionally points to a variable that receives the * old time of day in the standard time format. * RETURNS: Status */ NTSTATUS NTAPI NtSetSystemTime(IN PLARGE_INTEGER SystemTime, OUT PLARGE_INTEGER PreviousTime OPTIONAL) { LARGE_INTEGER OldSystemTime; LARGE_INTEGER NewSystemTime; LARGE_INTEGER LocalTime; TIME_FIELDS TimeFields; KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); NTSTATUS Status = STATUS_SUCCESS; PAGED_CODE(); /* Check if we were called from user-mode */ if (PreviousMode != KernelMode) { _SEH2_TRY { /* Verify the time pointers */ NewSystemTime = ProbeForReadLargeInteger(SystemTime); if(PreviousTime) ProbeForWriteLargeInteger(PreviousTime); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Return the exception code */ _SEH2_YIELD(return _SEH2_GetExceptionCode()); } _SEH2_END; }
HANDLE FASTCALL renderBITMAPfromDIB(LPBYTE pDIB) { HDC hdc; HBITMAP hbitmap; PBITMAPINFO pBmi, pConvertedBmi = NULL; NTSTATUS Status ; UINT offset = 0; /* Stupid compiler */ pBmi = (BITMAPINFO*)pDIB; //hdc = UserGetDCEx(NULL, NULL, DCX_USESTYLE); hdc = UserGetDCEx(ClipboardWindow, NULL, DCX_USESTYLE); /* Probe it */ _SEH2_TRY { ProbeForRead(&pBmi->bmiHeader.biSize, sizeof(DWORD), 1); ProbeForRead(pBmi, pBmi->bmiHeader.biSize, 1); ProbeForRead(pBmi, DIB_BitmapInfoSize(pBmi, DIB_RGB_COLORS), 1); pConvertedBmi = DIB_ConvertBitmapInfo(pBmi, DIB_RGB_COLORS); if(!pConvertedBmi) { Status = STATUS_INVALID_PARAMETER; } else { offset = DIB_BitmapInfoSize((BITMAPINFO*)pBmi, DIB_RGB_COLORS); ProbeForRead(pDIB + offset, pConvertedBmi->bmiHeader.biSizeImage, 1); } } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { Status = _SEH2_GetExceptionCode(); } _SEH2_END if(!NT_SUCCESS(Status)) { UserReleaseDC(ClipboardWindow, hdc, FALSE); return NULL; } hbitmap = GreCreateDIBitmapInternal(hdc, pConvertedBmi->bmiHeader.biWidth, pConvertedBmi->bmiHeader.biHeight, CBM_INIT, pDIB+offset, pConvertedBmi, DIB_RGB_COLORS, 0, 0); //UserReleaseDC(NULL, hdc, FALSE); UserReleaseDC(ClipboardWindow, hdc, FALSE); DIB_FreeConvertedBitmapInfo(pConvertedBmi, pBmi); return hbitmap; }
ULONG APIENTRY NtUserCopyAcceleratorTable( HACCEL hAccel, LPACCEL Entries, ULONG EntriesCount) { PACCELERATOR_TABLE Accel; ULONG Ret; DECLARE_RETURN(int); TRACE("Enter NtUserCopyAcceleratorTable\n"); UserEnterShared(); Accel = UserGetAccelObject(hAccel); if (!Accel) { RETURN(0); } /* If Entries is NULL return table size */ if (!Entries) { RETURN(Accel->Count); } /* Don't overrun */ if (Accel->Count < EntriesCount) EntriesCount = Accel->Count; Ret = 0; _SEH2_TRY { ProbeForWrite(Entries, EntriesCount*sizeof(Entries[0]), 4); for (Ret = 0; Ret < EntriesCount; Ret++) { Entries[Ret].fVirt = Accel->Table[Ret].fVirt; Entries[Ret].key = Accel->Table[Ret].key; Entries[Ret].cmd = Accel->Table[Ret].cmd; } } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { SetLastNtError(_SEH2_GetExceptionCode()); Ret = 0; } _SEH2_END; RETURN(Ret); CLEANUP: TRACE("Leave NtUserCopyAcceleratorTable, ret=%i\n", _ret_); UserLeave(); END_CLEANUP; }
BOOL APIENTRY NtGdiGetDeviceGammaRamp(HDC hDC, LPVOID Ramp) { BOOL Ret; PDC dc; NTSTATUS Status = STATUS_SUCCESS; PGAMMARAMP SafeRamp; if (!Ramp) return FALSE; dc = DC_LockDc(hDC); if (!dc) { EngSetLastError(ERROR_INVALID_HANDLE); return FALSE; } SafeRamp = ExAllocatePoolWithTag(PagedPool, sizeof(GAMMARAMP), GDITAG_ICM); if (!SafeRamp) { DC_UnlockDc(dc); EngSetLastError(STATUS_NO_MEMORY); return FALSE; } Ret = IntGetDeviceGammaRamp((HDEV)dc->ppdev, SafeRamp); if (!Ret) return Ret; _SEH2_TRY { ProbeForWrite( Ramp, sizeof(PVOID), 1); RtlCopyMemory( Ramp, SafeRamp, sizeof(GAMMARAMP)); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { Status = _SEH2_GetExceptionCode(); } _SEH2_END; DC_UnlockDc(dc); ExFreePoolWithTag(SafeRamp, GDITAG_ICM); if (!NT_SUCCESS(Status)) { SetLastNtError(Status); return FALSE; } return Ret; }
/* * @implemented */ NTSTATUS NTAPI NtRequestWaitReplyPort(IN HANDLE PortHandle, IN PPORT_MESSAGE LpcRequest, IN OUT PPORT_MESSAGE LpcReply) { PORT_MESSAGE LocalLpcRequest; ULONG NumberOfDataEntries; PLPCP_PORT_OBJECT Port, QueuePort, ReplyPort, ConnectionPort = NULL; KPROCESSOR_MODE PreviousMode = KeGetPreviousMode(); NTSTATUS Status; PLPCP_MESSAGE Message; PETHREAD Thread = PsGetCurrentThread(); BOOLEAN Callback; PKSEMAPHORE Semaphore; ULONG MessageType; PLPCP_DATA_INFO DataInfo; PAGED_CODE(); LPCTRACE(LPC_SEND_DEBUG, "Handle: %p. Messages: %p/%p. Type: %lx\n", PortHandle, LpcRequest, LpcReply, LpcpGetMessageType(LpcRequest)); /* Check if the thread is dying */ if (Thread->LpcExitThreadCalled) return STATUS_THREAD_IS_TERMINATING; /* Check for user mode access */ if (PreviousMode != KernelMode) { _SEH2_TRY { /* Probe the full request message and copy the base structure */ ProbeForRead(LpcRequest, sizeof(*LpcRequest), sizeof(ULONG)); ProbeForRead(LpcRequest, LpcRequest->u1.s1.TotalLength, sizeof(ULONG)); LocalLpcRequest = *LpcRequest; /* Probe the reply message for write */ ProbeForWrite(LpcReply, sizeof(*LpcReply), sizeof(ULONG)); /* Make sure the data entries in the request message are valid */ Status = LpcpVerifyMessageDataInfo(LpcRequest, &NumberOfDataEntries); if (!NT_SUCCESS(Status)) { DPRINT1("LpcpVerifyMessageDataInfo failed\n"); return Status; } } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { DPRINT1("Got exception\n"); return _SEH2_GetExceptionCode(); } _SEH2_END; }
NTSTATUS KspEnableEvent( IN PIRP Irp, IN ULONG EventSetsCount, IN const KSEVENT_SET* EventSet, IN OUT PLIST_ENTRY EventsList OPTIONAL, IN KSEVENTS_LOCKTYPE EventsFlags OPTIONAL, IN PVOID EventsLock OPTIONAL, IN PFNKSALLOCATOR Allocator OPTIONAL, IN ULONG EventItemSize OPTIONAL) { PIO_STACK_LOCATION IoStack; NTSTATUS Status; KSEVENT Event; PKSEVENT_ITEM EventItem, FoundEventItem; PKSEVENTDATA EventData; const KSEVENT_SET *FoundEventSet; PKSEVENT_ENTRY EventEntry; ULONG Index, SubIndex, Size; PVOID Object; KSEVENT_CTX Ctx; LPGUID Guid; /* get current stack location */ IoStack = IoGetCurrentIrpStackLocation(Irp); if (IoStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(KSEVENT)) { /* invalid parameter */ return STATUS_NOT_SUPPORTED; } if (Irp->RequestorMode == UserMode) { _SEH2_TRY { ProbeForRead(IoStack->Parameters.DeviceIoControl.Type3InputBuffer, sizeof(KSEVENT), sizeof(UCHAR)); ProbeForRead(Irp->UserBuffer, IoStack->Parameters.DeviceIoControl.OutputBufferLength, sizeof(UCHAR)); RtlMoveMemory(&Event, IoStack->Parameters.DeviceIoControl.Type3InputBuffer, sizeof(KSEVENT)); Status = STATUS_SUCCESS; } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Exception, get the error code */ Status = _SEH2_GetExceptionCode(); } _SEH2_END; /* check for success */ if (!NT_SUCCESS(Status)) { /* failed to probe parameters */ return Status; } }
/* * NtUserGetKeyboardLayoutList * * Returns list of loaded keyboard layouts in system */ UINT APIENTRY NtUserGetKeyboardLayoutList( ULONG nBuff, HKL *pHklBuff) { UINT uRet = 0; PKL pKl; if (!pHklBuff) nBuff = 0; UserEnterShared(); if (!gspklBaseLayout) { UserLeave(); return 0; } pKl = gspklBaseLayout; if (nBuff == 0) { do { uRet++; pKl = pKl->pklNext; } while (pKl != gspklBaseLayout); } else { _SEH2_TRY { ProbeForWrite(pHklBuff, nBuff*sizeof(HKL), 4); while (uRet < nBuff) { pHklBuff[uRet] = pKl->hkl; uRet++; pKl = pKl->pklNext; if (pKl == gspklBaseLayout) break; } } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { SetLastNtError(_SEH2_GetExceptionCode()); uRet = 0; } _SEH2_END; } UserLeave(); return uRet; }