/**
* Frees a block of memory allocated with PhAllocate().
*
* \param Memory A pointer to a block of memory.
*
*/
static VOID PhFree(PVOID Memory)
{
PF_INIT(RtlFreeHeap, Ntdll);
if (pfRtlFreeHeap != NULL)
pfRtlFreeHeap(PhHeapHandle, 0, Memory);
}
/**
* Allocates a block of memory.
*
* \param Size The number of bytes to allocate.
*
* \return A pointer to the allocated block of memory.
*
*/
static PVOID PhAllocate(SIZE_T Size)
{
PF_INIT(RtlAllocateHeap, Ntdll);
if (pfRtlAllocateHeap == NULL)
return NULL;
return pfRtlAllocateHeap(PhHeapHandle, 0, Size);
}
/*
* Get the VID, PID and current device speed
*/
static void GetUSBProperties(char* parent_path, char* device_id, usb_device_props* props)
{
HANDLE handle = INVALID_HANDLE_VALUE;
DWORD size;
DEVINST device_inst;
USB_NODE_CONNECTION_INFORMATION_EX conn_info;
USB_NODE_CONNECTION_INFORMATION_EX_V2 conn_info_v2;
PF_INIT(CM_Get_DevNode_Registry_PropertyA, Cfgmgr32);
if ((parent_path == NULL) || (device_id == NULL) || (props == NULL)) {
return;
}
props->port = 0;
size = sizeof(props->port);
if ( (pfCM_Get_DevNode_Registry_PropertyA != NULL) &&
(CM_Locate_DevNodeA(&device_inst, device_id, 0) == CR_SUCCESS) ) {
pfCM_Get_DevNode_Registry_PropertyA(device_inst, CM_DRP_ADDRESS, NULL, (PVOID)&props->port, &size, 0);
}
handle = CreateFileA(parent_path, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL);
if (handle == INVALID_HANDLE_VALUE) {
uprintf("Could not open hub %s: %s", parent_path, WindowsErrorString());
goto out;
}
memset(&conn_info, 0, sizeof(conn_info));
size = sizeof(conn_info);
conn_info.ConnectionIndex = (ULONG)props->port;
// coverity[tainted_data_argument]
if (!DeviceIoControl(handle, IOCTL_USB_GET_NODE_CONNECTION_INFORMATION_EX, &conn_info, size, &conn_info, size, &size, NULL)) {
uprintf("Could not get node connection information for '%s': %s", device_id, WindowsErrorString());
goto out;
}
props->vid = conn_info.DeviceDescriptor.idVendor;
props->pid = conn_info.DeviceDescriptor.idProduct;
props->speed = conn_info.Speed + 1;
// In their great wisdom, Microsoft decided to BREAK the USB speed report between Windows 7 and Windows 8
if (nWindowsVersion >= WINDOWS_8) {
memset(&conn_info_v2, 0, sizeof(conn_info_v2));
size = sizeof(conn_info_v2);
conn_info_v2.ConnectionIndex = (ULONG)props->port;
conn_info_v2.Length = size;
conn_info_v2.SupportedUsbProtocols.Usb300 = 1;
if (!DeviceIoControl(handle, IOCTL_USB_GET_NODE_CONNECTION_INFORMATION_EX_V2, &conn_info_v2, size, &conn_info_v2, size, &size, NULL)) {
uprintf("Could not get node connection information (V2) for device '%s': %s", device_id, WindowsErrorString());
} else if (conn_info_v2.Flags.DeviceIsOperatingAtSuperSpeedOrHigher) {
props->speed = USB_SPEED_SUPER_OR_LATER;
} else if (conn_info_v2.Flags.DeviceIsSuperSpeedCapableOrHigher) {
props->is_LowerSpeed = TRUE;
}
}
out:
safe_closehandle(handle);
}
// Setup the Cfgmgr32 DLLs
static BOOL init_dlls(void)
{
PF_INIT_OR_OUT(CM_Locate_DevNodeA, Cfgmgr32.dll);
PF_INIT_OR_OUT(CM_Reenumerate_DevNode, Cfgmgr32.dll);
PF_INIT_OR_OUT(CM_Get_DevNode_Status, Cfgmgr32.dll);
PF_INIT(__wgetmainargs, Msvcrt.dll);
return TRUE;
out:
return FALSE;
}
BOOL is_x64(void)
{
BOOL ret = FALSE;
PF_TYPE_DECL(WINAPI, BOOL, IsWow64Process, (HANDLE, PBOOL));
// Detect if we're running a 32 or 64 bit system
if (sizeof(uintptr_t) < 8) {
PF_INIT(IsWow64Process, Kernel32);
if (pfIsWow64Process != NULL) {
(*pfIsWow64Process)(GetCurrentProcess(), &ret);
}
} else {
ret = TRUE;
}
return ret;
}
/*
* Get the VID, PID and current device speed
*/
static BOOL GetUSBProperties(char* parent_path, char* device_id, usb_device_props* props)
{
BOOL r = FALSE;
CONFIGRET cr;
HANDLE handle = INVALID_HANDLE_VALUE;
DWORD size;
DEVINST device_inst;
USB_NODE_CONNECTION_INFORMATION_EX conn_info;
USB_NODE_CONNECTION_INFORMATION_EX_V2 conn_info_v2;
PF_INIT(CM_Get_DevNode_Registry_PropertyA, Cfgmgr32);
if ((parent_path == NULL) || (device_id == NULL) || (props == NULL) ||
(pfCM_Get_DevNode_Registry_PropertyA == NULL)) {
goto out;
}
cr = CM_Locate_DevNodeA(&device_inst, device_id, 0);
if (cr != CR_SUCCESS) {
uprintf("Could not get device instance handle for '%s': CR error %d", device_id, cr);
goto out;
}
props->port = 0;
size = sizeof(props->port);
cr = pfCM_Get_DevNode_Registry_PropertyA(device_inst, CM_DRP_ADDRESS, NULL, (PVOID)&props->port, &size, 0);
if (cr != CR_SUCCESS) {
uprintf("Could not get port for '%s': CR error %d", device_id, cr);
goto out;
}
handle = CreateFileA(parent_path, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL);
if (handle == INVALID_HANDLE_VALUE) {
uprintf("Could not open hub %s: %s", parent_path, WindowsErrorString());
goto out;
}
size = sizeof(conn_info);
memset(&conn_info, 0, size);
conn_info.ConnectionIndex = (ULONG)props->port;
// coverity[tainted_data_argument]
if (!DeviceIoControl(handle, IOCTL_USB_GET_NODE_CONNECTION_INFORMATION_EX, &conn_info, size, &conn_info, size, &size, NULL)) {
uprintf("Could not get node connection information for '%s': %s", device_id, WindowsErrorString());
goto out;
}
// Some poorly written proprietary Windows 7 USB 3.0 controller drivers (<cough>ASMedia<cough>)
// have a screwed up implementation of IOCTL_USB_GET_NODE_CONNECTION_INFORMATION_EX that succeeds
// but returns zeroed data => Add a workaround so that we don't lose our VID:PID...
if ((conn_info.DeviceDescriptor.idVendor != 0) || (conn_info.DeviceDescriptor.idProduct != 0)) {
props->vid = conn_info.DeviceDescriptor.idVendor;
props->pid = conn_info.DeviceDescriptor.idProduct;
props->speed = conn_info.Speed + 1;
r = TRUE;
}
// In their great wisdom, Microsoft decided to BREAK the USB speed report between Windows 7 and Windows 8
if (nWindowsVersion >= WINDOWS_8) {
size = sizeof(conn_info_v2);
memset(&conn_info_v2, 0, size);
conn_info_v2.ConnectionIndex = (ULONG)props->port;
conn_info_v2.Length = size;
conn_info_v2.SupportedUsbProtocols.Usb300 = 1;
if (!DeviceIoControl(handle, IOCTL_USB_GET_NODE_CONNECTION_INFORMATION_EX_V2, &conn_info_v2, size, &conn_info_v2, size, &size, NULL)) {
uprintf("Could not get node connection information (V2) for device '%s': %s", device_id, WindowsErrorString());
} else if (conn_info_v2.Flags.DeviceIsOperatingAtSuperSpeedOrHigher) {
props->speed = USB_SPEED_SUPER_OR_LATER;
} else if (conn_info_v2.Flags.DeviceIsSuperSpeedCapableOrHigher) {
props->is_LowerSpeed = TRUE;
}
}
out:
safe_closehandle(handle);
return r;
}
void*
test(void* thread)
{
size_t num_retry_cas1 = 0, num_retry_cas2 = 0, num_retry_cas3 = 0 , num_retry_cas4 = 0, num_retry_cas5 = 0;
thread_data_t* td = (thread_data_t*) thread;
uint8_t ID = td->id;
phys_id = the_cores[ID % (NUMBER_OF_SOCKETS * CORES_PER_SOCKET)];
set_cpu(phys_id);
ssmem_allocator_t* alloc = (ssmem_allocator_t*) memalign(CACHE_LINE_SIZE, sizeof(ssmem_allocator_t));
assert(alloc != NULL);
ssmem_alloc_init(alloc, SSMEM_DEFAULT_MEM_SIZE, ID);
ssmem_gc_thread_init(alloc, ID);
PF_INIT(3, SSPFD_NUM_ENTRIES, ID);
#if defined(COMPUTE_LATENCY)
volatile ticks my_putting_succ = 0;
volatile ticks my_putting_fail = 0;
volatile ticks my_getting_succ = 0;
volatile ticks my_getting_fail = 0;
volatile ticks my_removing_succ = 0;
volatile ticks my_removing_fail = 0;
#endif
uint64_t my_putting_count = 0;
uint64_t my_getting_count = 0;
uint64_t my_removing_count = 0;
uint64_t my_putting_count_succ = 0;
uint64_t my_getting_count_succ = 0;
uint64_t my_removing_count_succ = 0;
#if defined(COMPUTE_LATENCY) && PFD_TYPE == 0
volatile ticks start_acq, end_acq;
volatile ticks correction = getticks_correction_calc();
#endif
seeds = seed_rand();
MEM_BARRIER;
barrier_cross(&barrier);
barrier_cross(&barrier_global);
size_t obj_size_bytes = obj_size * sizeof(size_t);
volatile size_t* dat = (size_t*) malloc(obj_size_bytes);
assert(dat != NULL);
size_t* obj = NULL;
while (stop == 0)
{
size_t rand = (my_random(&(seeds[0]), &(seeds[1]), &(seeds[2])));
size_t k = (rand & 1) + 2;
rand &= 1023;
/* search baby! */
int i;
for (i = 0; i < KEY_BUCKT; i++)
{
volatile uintptr_t v = val[i];
if (snap->map[i] == MAP_VALID && key[i] == k)
{
if (val[i] == v)
{
if (GET_VAL(v) != k)
{
printf("[%02d] :get: key != val for %zu\n", ID, k);
}
break;
}
}
}
if (rand > 513)
{
my_putting_count++;
if (obj != NULL)
{
ssmem_free(alloc, (void*) obj);
}
obj = ssmem_alloc(alloc, 8);
*obj = k;
int empty_index = -2;
clht_snapshot_t s;
retry:
s.snapshot = snap->snapshot;
int i;
for (i = 0; i < KEY_BUCKT; i++)
{
volatile uintptr_t v = val[i];
if (snap->map[i] == MAP_VALID && key[i] == k)
{
if (val[i] == v)
{
if (empty_index > 0)
{
snap->map[empty_index] = MAP_INVLD;
}
goto end;
}
}
}
clht_snapshot_all_t s1;
if (empty_index < 0)
{
empty_index = snap_get_empty_index(s.snapshot);
if (empty_index < 0)
{
num_retry_cas1++;
goto end;
}
s1 = snap_set_map(s.snapshot, empty_index, MAP_INSRT);
if (CAS_U64(&snap->snapshot, s.snapshot, s1) != s.snapshot)
{
empty_index = -2;
num_retry_cas2++;
goto retry;
}
val[empty_index] = (uintptr_t) obj;
key[empty_index] = k;
}
else
{
s1 = snap_set_map(s.snapshot, empty_index, MAP_INSRT);
}
clht_snapshot_all_t s2 = snap_set_map_and_inc_version(s1, empty_index, MAP_VALID);
if (CAS_U64(&snap->snapshot, s1, s2) != s1)
{
num_retry_cas3++;
/* key[empty_index] = 0; */
/* val[empty_index] = 0; */
goto retry;
}
obj = NULL;
my_putting_count_succ++;
end:
;
}
else
{
my_removing_count++;
clht_snapshot_t s;
retry_rem:
s.snapshot = snap->snapshot;
volatile uintptr_t v;
int i, removed = 0;
for (i = 0; i < KEY_BUCKT && !removed; i++)
{
if (key[i] == k && s.map[i] == MAP_VALID)
{
v = val[i];
clht_snapshot_all_t s1 = snap_set_map(s.snapshot, i, MAP_INVLD);
if (CAS_U64(&snap->snapshot, s.snapshot, s1) == s.snapshot)
{
/* snap->map[i] = MAP_INVLD; */
removed = 1;
}
else
{
num_retry_cas4++;
goto retry_rem;
}
}
}
if (removed)
{
ssmem_free(alloc, (void*) v);
my_removing_count_succ++;
}
}
}
free((void*) dat);
#if defined(DEBUG)
if (put_num_restarts | put_num_failed_expand | put_num_failed_on_new)
{
/* printf("put_num_restarts = %3u / put_num_failed_expand = %3u / put_num_failed_on_new = %3u \n", */
/* put_num_restarts, put_num_failed_expand, put_num_failed_on_new); */
}
#endif
if (ID < 2)
{
printf("#retry-stats-thread-%d: #cas1: %-8zu / #cas2: %-8zu /"
"#cas3: %-8zu / #cas4: %-8zu / #cas5: %-8zu\n",
ID, num_retry_cas1, num_retry_cas2, num_retry_cas3, num_retry_cas4, num_retry_cas5);
}
/* printf("gets: %-10llu / succ: %llu\n", num_get, num_get_succ); */
/* printf("rems: %-10llu / succ: %llu\n", num_rem, num_rem_succ); */
barrier_cross(&barrier);
#if defined(COMPUTE_LATENCY)
putting_succ[ID] += my_putting_succ;
putting_fail[ID] += my_putting_fail;
getting_succ[ID] += my_getting_succ;
getting_fail[ID] += my_getting_fail;
removing_succ[ID] += my_removing_succ;
removing_fail[ID] += my_removing_fail;
#endif
putting_count[ID] += my_putting_count;
getting_count[ID] += my_getting_count;
removing_count[ID]+= my_removing_count;
putting_count_succ[ID] += my_putting_count_succ;
getting_count_succ[ID] += my_getting_count_succ;
removing_count_succ[ID]+= my_removing_count_succ;
#if (PFD_TYPE == 1) && defined(COMPUTE_LATENCY)
if (ID == 0)
{
printf("get ----------------------------------------------------\n");
SSPFDPN(0, SSPFD_NUM_ENTRIES, print_vals_num);
printf("put ----------------------------------------------------\n");
SSPFDPN(1, SSPFD_NUM_ENTRIES, print_vals_num);
printf("rem ----------------------------------------------------\n");
SSPFDPN(2, SSPFD_NUM_ENTRIES, print_vals_num);
}
#endif
/* SSPFDTERM(); */
pthread_exit(NULL);
}
static DWORD WINAPI SearchProcessThread(LPVOID param)
{
const char *access_rights_str[8] = { "n", "r", "w", "rw", "x", "rx", "wx", "rwx" };
char tmp[MAX_PATH];
NTSTATUS status = STATUS_SUCCESS;
PSYSTEM_HANDLE_INFORMATION_EX handles = NULL;
POBJECT_NAME_INFORMATION buffer = NULL;
ULONG_PTR i;
ULONG_PTR pid[2];
ULONG_PTR last_access_denied_pid = 0;
ULONG bufferSize;
USHORT wHandleNameLen;
WCHAR *wHandleName = NULL;
HANDLE dupHandle = NULL;
HANDLE processHandle = NULL;
BOOLEAN bFound = FALSE, bGotExePath, verbose = !_bQuiet;
ULONG access_rights = 0;
DWORD size;
char exe_path[MAX_PATH] = { 0 };
wchar_t wexe_path[MAX_PATH];
int cur_pid;
PF_INIT_OR_SET_STATUS(NtQueryObject, Ntdll);
PF_INIT_OR_SET_STATUS(NtDuplicateObject, NtDll);
PF_INIT_OR_SET_STATUS(NtClose, NtDll);
StrArrayClear(&BlockingProcess);
if (NT_SUCCESS(status))
status = PhCreateHeap();
if (NT_SUCCESS(status))
status = PhEnumHandlesEx(&handles);
if (!NT_SUCCESS(status)) {
uprintf("Warning: Could not enumerate process handles: %s", NtStatusError(status));
goto out;
}
pid[0] = (ULONG_PTR)0;
cur_pid = 1;
wHandleName = utf8_to_wchar(_HandleName);
wHandleNameLen = (USHORT)wcslen(wHandleName);
bufferSize = 0x200;
buffer = PhAllocate(bufferSize);
if (buffer == NULL)
goto out;
for (i = 0; ; i++) {
ULONG attempts = 8;
PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handleInfo =
(i < handles->NumberOfHandles) ? &handles->Handles[i] : NULL;
if ((dupHandle != NULL) && (processHandle != NtCurrentProcess())) {
pfNtClose(dupHandle);
dupHandle = NULL;
}
// Update the current handle's process PID and compare against last
// Note: Be careful about not trying to overflow our list!
pid[cur_pid] = (handleInfo != NULL) ? handleInfo->UniqueProcessId : -1;
if (pid[0] != pid[1]) {
cur_pid = (cur_pid + 1) % 2;
// If we're switching process and found a match, print it
if (bFound) {
vuprintf("● '%s' (pid: %ld, access: %s)", exe_path, pid[cur_pid], access_rights_str[access_rights & 0x7]);
static_sprintf(tmp, "● %s (%s)", exe_path, access_rights_str[access_rights & 0x7]);
StrArrayAdd(&BlockingProcess, tmp, TRUE);
bFound = FALSE;
access_rights = 0;
}
// Close the previous handle
if (processHandle != NULL) {
if (processHandle != NtCurrentProcess())
pfNtClose(processHandle);
processHandle = NULL;
}
}
CHECK_FOR_USER_CANCEL;
// Exit loop condition
if (i >= handles->NumberOfHandles)
break;
// Don't bother with processes we can't access
if (handleInfo->UniqueProcessId == last_access_denied_pid)
continue;
// Filter out handles that aren't opened with Read (bit 0), Write (bit 1) or Execute (bit 5) access
if ((handleInfo->GrantedAccess & 0x23) == 0)
continue;
// Open the process to which the handle we are after belongs, if not already opened
if (pid[0] != pid[1]) {
status = PhOpenProcess(&processHandle, PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION,
(HANDLE)handleInfo->UniqueProcessId);
// There exists some processes we can't access
if (!NT_SUCCESS(status)) {
uuprintf("SearchProcess: Could not open process %ld: %s",
handleInfo->UniqueProcessId, NtStatusError(status));
processHandle = NULL;
if (status == STATUS_ACCESS_DENIED) {
last_access_denied_pid = handleInfo->UniqueProcessId;
}
continue;
}
}
// Now duplicate this handle onto our own process, so that we can access its properties
if (processHandle == NtCurrentProcess()) {
if (_bIgnoreSelf)
continue;
dupHandle = (HANDLE)handleInfo->HandleValue;
} else {
status = pfNtDuplicateObject(processHandle, (HANDLE)handleInfo->HandleValue,
NtCurrentProcess(), &dupHandle, 0, 0, 0);
if (!NT_SUCCESS(status))
continue;
}
// Filter non-storage handles. We're not interested in them and they make NtQueryObject() freeze
if (GetFileType(dupHandle) != FILE_TYPE_DISK)
continue;
// A loop is needed because the I/O subsystem likes to give us the wrong return lengths...
do {
ULONG returnSize;
// TODO: We might potentially still need a timeout on ObjectName queries, as PH does...
status = pfNtQueryObject(dupHandle, ObjectNameInformation, buffer, bufferSize, &returnSize);
if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_INFO_LENGTH_MISMATCH ||
status == STATUS_BUFFER_TOO_SMALL) {
uuprintf("SearchProcess: Realloc from %d to %d", bufferSize, returnSize);
bufferSize = returnSize;
PhFree(buffer);
buffer = PhAllocate(bufferSize);
} else {
break;
}
} while (--attempts);
if (!NT_SUCCESS(status)) {
uuprintf("SearchProcess: NtQueryObject failed for handle %X of process %ld: %s",
handleInfo->HandleValue, handleInfo->UniqueProcessId, NtStatusError(status));
continue;
}
// Don't bother comparing if we are looking for full match and the length is different
if ((!_bPartialMatch) && (wHandleNameLen != buffer->Name.Length))
continue;
// Likewise, if we are looking for a partial match and the current length is smaller
if ((_bPartialMatch) && (wHandleNameLen > buffer->Name.Length))
continue;
// Match against our target string
if (wcsncmp(wHandleName, buffer->Name.Buffer, wHandleNameLen) != 0)
continue;
// If we are here, we have a process accessing our target!
bFound = TRUE;
// Keep a mask of all the access rights being used
access_rights |= handleInfo->GrantedAccess;
// The Executable bit is in a place we don't like => reposition it
if (access_rights & 0x20)
access_rights = (access_rights & 0x03) | 0x04;
access_mask |= (BYTE) (access_rights & 0x7) + 0x80; // Bit 7 is always set if a process was found
// If this is the very first process we find, print a header
if (exe_path[0] == 0)
vuprintf("WARNING: The following process(es) or service(s) are accessing %s:", _HandleName);
// First, we try to get the executable path using GetModuleFileNameEx
bGotExePath = (GetModuleFileNameExU(processHandle, 0, exe_path, MAX_PATH - 1) != 0);
// The above may not work on Windows 7, so try QueryFullProcessImageName (Vista or later)
if (!bGotExePath) {
size = MAX_PATH;
PF_INIT(QueryFullProcessImageNameW, kernel32);
if ( (pfQueryFullProcessImageNameW != NULL) &&
(bGotExePath = pfQueryFullProcessImageNameW(processHandle, 0, wexe_path, &size)) )
wchar_to_utf8_no_alloc(wexe_path, exe_path, sizeof(exe_path));
}
// Still nothing? Try GetProcessImageFileName. Note that GetProcessImageFileName uses
// '\Device\Harddisk#\Partition#\' instead drive letters
if (!bGotExePath) {
bGotExePath = (GetProcessImageFileNameW(processHandle, wexe_path, MAX_PATH) != 0);
if (bGotExePath)
wchar_to_utf8_no_alloc(wexe_path, exe_path, sizeof(exe_path));
}
// Complete failure => Just craft a default process name that includes the PID
if (!bGotExePath) {
safe_sprintf(exe_path, MAX_PATH, "Unknown_Process_%" PRIu64,
(ULONGLONG)handleInfo->UniqueProcessId);
}
}
out:
if (exe_path[0] != 0)
vuprintf("You should close these applications before attempting to reformat the drive.");
else
vuprintf("NOTE: Could not identify the process(es) or service(s) accessing %s", _HandleName);
free(wHandleName);
PhFree(buffer);
PhFree(handles);
PhDestroyHeap();
ExitThread(0);
}
