NTSTATUS
GingkoRead (
    IN PDEVICE_OBJECT DeviceObject,
    IN PIRP Irp
    )
{
	NTSTATUS status = STATUS_SUCCESS;
	PVOID pBuff = NULL;
	BOOLEAN GingkoFile = FALSE;
	PGINGKO_OBJECT pGingkoObject = NULL;
	PIO_STACK_LOCATION irpsp = NULL;
	PFILE_OBJECT FileObject = NULL;
	SharedNotificationPtr snf = NULL;
	PGINGKO_PROCESS_LIST pProcessList = NULL;
	PGINGKO_DEVICE_EXTENSION DevExt = DeviceObject->DeviceExtension;

	if ( IS_GINGKO_CONTROL_DEVICE_OBJECT(DeviceObject) ) {
		//KdPrint( ("READ: Read Gingko Control Device...") );
		Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
		Irp->IoStatus.Information = 0;
		IoCompleteRequest( Irp, IO_NO_INCREMENT );
		return STATUS_INVALID_DEVICE_REQUEST;
	}

	REDFISH_NETWORK_DISPATCH( DeviceObject, Irp );

	if( IsGingkoServerProcess()  || PsIsSystemThread(KeGetCurrentThread()) )
	{
		return GingkoPassThrough( DeviceObject, Irp );
	}

	snf = GingkoReferenceSharedNotification();

	if( gGingkoServerStarted == FALSE || snf == NULL )
	{
		return GingkoPassThrough( DeviceObject, Irp );
	}

	GingkoDereferenceSharedNotification( snf );

	irpsp = IoGetCurrentIrpStackLocation(Irp);

	FileObject = irpsp->FileObject;
	
	if( FsRtlIsPagingFile( FileObject ) )
	{
		KdPrint(("This is a Paging file: %wZ.\n", &(FileObject->FileName)));
	}

	//RtlInitUnicodeString( &TempName, L"\\GingkoDebug\\dbgview.chm" );

	//if( RtlCompareUnicodeString( &TempName, &FileObject->FileName, TRUE ) == 0 )
	//{
	//	LARGE_INTEGER OriginalOffset = irpsp->Parameters.Read.ByteOffset;
	//	long		  OriginalLength = irpsp->Parameters.Read.Length;
	//	KdPrint(("Read DbgView: %I64d (L: %08x, H: %08x) Lenght: %08x\n", OriginalOffset.QuadPart, OriginalOffset.LowPart, 
	//		OriginalOffset.HighPart, OriginalLength));
	//}

	if( FindWriteFileObject( FileObject, IoGetRequestorProcessId(Irp), &pGingkoObject, FALSE ) )
	{
	    NTSTATUS status = 0L;
		if( pGingkoObject != NULL ) //&& pGingkoObject->Queue.CryptoInfo != NULL && ( pGingkoObject->Permission & 0x800F0000 | pGingkoObject->Permission & 0x8000F000 ) )
		{
			if( irpsp->Parameters.Read.Length > 0L )
			{
				if( !Irp->MdlAddress )
				{
					__try{
						ProbeForRead( Irp->UserBuffer, irpsp->Parameters.Read.Length, 1);
						IoAllocateMdl( Irp->UserBuffer, irpsp->Parameters.Read.Length, FALSE, FALSE, Irp );
						if( Irp->MdlAddress )
						{
							MmProbeAndLockPages( Irp->MdlAddress, UserMode, IoReadAccess );
						}
					}__except(EXCEPTION_EXECUTE_HANDLER)
					{
						KdPrint(("Exception Code: %08x. PassThrough. The Write Length is %d, Offset: %I64d.\n", GetExceptionCode(), irpsp->Parameters.Read.Length, irpsp->Parameters.Read.ByteOffset ));
						if( Irp->MdlAddress )
						{
							IoFreeMdl( Irp->MdlAddress );
							Irp->MdlAddress = NULL;
						}
					}
				}
			}

			status = EncryptedIoQueueAddIrp (&pGingkoObject->Queue, Irp);
			
			if( status != STATUS_PENDING )
				TCCompleteDiskIrp ( Irp, status, 0 );

			return status;
		}
Esempio n. 2
0
VOID
SpySetName (
    __inout PRECORD_LIST RecordList,
    __in PDEVICE_OBJECT DeviceObject,
    __in_opt PFILE_OBJECT FileObject,
    __in ULONG LookupFlags,
    __in_opt PVOID Context
)
/*++

Routine Description:

    This routine looks up the FileObject in the hash table.  If the FileObject
    is found in the hash table, copy the associated file name to RecordList.
    Otherwise, calls NLGetFullPathName to try to get the name of the FileObject.
    If successful, copy the file name to the RecordList and insert into hash
    table.

Arguments:

    RecordList - RecordList to copy name to.
    FileObject - the FileObject to look up.
    LookInFileObject - see routine description
    DeviceExtension - contains the volume name (e.g., "c:") and
        the next device object which may be needed.

Return Value:

    None.

--*/
{
    PFILESPY_DEVICE_EXTENSION devExt = DeviceObject->DeviceExtension;
    UINT_PTR hashIndex;
    KIRQL oldIrql;
    PHASH_ENTRY pHash;
    PHASH_ENTRY newHash;
    PLIST_ENTRY listHead;
    PNAME_CONTROL newName = NULL;
    PCHAR buffer = NULL;
    NTSTATUS status;
    BOOLEAN cacheName;

    UNREFERENCED_PARAMETER( Context );

    try {

        if (FileObject == NULL) {

            SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &gEmptyUnicode );
            leave;
        }

        hashIndex = HASH_FUNC(FileObject);

        INC_STATS(TotalContextSearches);

        listHead = &gHashTable[hashIndex];

        //
        //  Don't bother checking the hash if we are in create, we must always
        //  generate a name.
        //

        if (!FlagOn(LookupFlags, NLFL_IN_CREATE)) {

            //
            //  Acquire the hash lock
            //

            KeAcquireSpinLock( &gHashLockTable[hashIndex], &oldIrql );

            pHash = SpyHashBucketLookup( &gHashTable[hashIndex], FileObject );

            if (pHash != NULL) {

                //
                //  Copy the found file name to the LogRecord
                //

                SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &pHash->Name );

                KeReleaseSpinLock( &gHashLockTable[hashIndex], oldIrql );

                INC_STATS( TotalContextFound );

                leave;
            }

            KeReleaseSpinLock( &gHashLockTable[hashIndex], oldIrql );
        }

#if WINVER >= 0x0501
        //
        //  We can not allocate paged pool if this is a paging file.  If it is
        //  a paging file set a default name and return
        //

#if __NDAS_FS__

        NDASFS_ASSERT( FALSE );

#else

        if (FsRtlIsPagingFile( FileObject )) {

            SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &PagingFile );
            leave;
        }

#endif

#endif

        //
        //  We did not find the name in the hash.  Allocate name control buffer
        //  (for getting name) and a buffer for inserting this name into the
        //  hash.
        //

        buffer = SpyAllocateBuffer( &gNamesAllocated, gMaxNamesToAllocate, NULL );

        status = NLAllocateNameControl( &newName, &gFileSpyNameBufferLookasideList );

        if ((buffer != NULL) && NT_SUCCESS(status)) {

            //
            //  Init the new hash entry in case we need to use it
            //

            newHash = (PHASH_ENTRY)buffer;
            RtlInitEmptyUnicodeString( &newHash->Name,
                                       (PWCHAR)(buffer + sizeof(HASH_ENTRY)),
                                       RECORD_SIZE - sizeof(HASH_ENTRY) );

            //
            //  Retrieve the name
            //

            status = NLGetFullPathName( FileObject,
                                        newName,
                                        &devExt->NLExtHeader,
                                        LookupFlags | NLFL_USE_DOS_DEVICE_NAME,
                                        &gFileSpyNameBufferLookasideList,
                                        &cacheName );

            if (NT_SUCCESS( status ) && cacheName) {

                //
                //  We got a name and the name should be cached, save it in the
                //  log record and the hash buffer.
                //

                SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &newName->Name );

                RtlCopyUnicodeString( &newHash->Name, &newName->Name );
                newHash->FileObject = FileObject;

                //
                //  Acquire the hash lock
                //

                KeAcquireSpinLock( &gHashLockTable[hashIndex], &oldIrql );

                //
                //  Search again because it may have been stored in the hash table
                //  since we did our last search and dropped the lock.
                //

                pHash = SpyHashBucketLookup( &gHashTable[hashIndex], FileObject );

                if (pHash != NULL) {

                    //
                    //  We found it in the hash table this time, don't need to
                    //  cache it again.
                    //

                    KeReleaseSpinLock( &gHashLockTable[hashIndex], oldIrql );

                    leave;
                }

                //
                //  It not found in the hash, add the new entry.
                //

                InsertHeadList( listHead, &newHash->List );

                gHashCurrentCounters[hashIndex]++;

                if (gHashCurrentCounters[hashIndex] > gHashMaxCounters[hashIndex]) {

                    gHashMaxCounters[hashIndex] = gHashCurrentCounters[hashIndex];
                }

                //
                //  Since we inserted the new hash entry, mark the buffer as empty
                //  so we won't try and free it
                //

                buffer = NULL;

                KeReleaseSpinLock( &gHashLockTable[hashIndex], oldIrql );

            } else {

                //
                //  Either the name should not be cached or we couldn't get a
                //  name, return whatever name they gave us
                //

                SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &newName->Name );

                INC_STATS( TotalContextTemporary );
            }

        } else {

            //
            //  Set a default string even if there is no buffer.
            //

            SpyCopyFileNameToLogRecord( &RecordList->LogRecord, &OutOfBuffers );
        }

    }
    finally {

        //
        //  Free memory
        //

        if (buffer != NULL) {

            SpyFreeBuffer( buffer, &gNamesAllocated );
        }

        if (newName != NULL) {

            NLFreeNameControl( newName, &gFileSpyNameBufferLookasideList );
        }
    }
}