static
NTSTATUS
VideoPortUseDeviceInSesion(
_Inout_ PDEVICE_OBJECT DeviceObject,
_Inout_ PVIDEO_DEVICE_SESSION_STATUS SessionState,
_In_ ULONG BufferLength,
_Out_ PULONG_PTR Information)
{
PVIDEO_PORT_DEVICE_EXTENSION DeviceExtension;
/* Check buffer size */
*Information = sizeof(VIDEO_DEVICE_SESSION_STATUS);
if (BufferLength < sizeof(VIDEO_DEVICE_SESSION_STATUS))
{
ERR_(VIDEOPRT, "Buffer too small for VIDEO_DEVICE_SESSION_STATUS: %lx\n",
BufferLength);
return STATUS_BUFFER_TOO_SMALL;
}
/* Get the device extension */
DeviceExtension = DeviceObject->DeviceExtension;
/* Shall we enable the session? */
if (SessionState->bEnable)
{
/* Check if we have no session yet */
if (DeviceExtension->SessionId == -1)
{
/* Use this session and return success */
DeviceExtension->SessionId = PsGetCurrentProcessSessionId();
SessionState->bSuccess = TRUE;
}
else
{
ERR_(VIDEOPRT, "Requested to set session, but session is already set to: 0x%lx",
DeviceExtension->SessionId);
SessionState->bSuccess = FALSE;
}
}
else
{
/* Check if we belong to the current session */
if (DeviceExtension->SessionId == PsGetCurrentProcessSessionId())
{
/* Reset the session and return success */
DeviceExtension->SessionId = -1;
SessionState->bSuccess = TRUE;
}
else
{
ERR_(VIDEOPRT, "Requested to reset session, but session is not set\n");
SessionState->bSuccess = FALSE;
}
}
return STATUS_SUCCESS;
}
NTSTATUS
NTAPI
ExpWin32SessionCallout(
_In_ PVOID Object,
_In_ PKWIN32_SESSION_CALLOUT CalloutProcedure,
_Inout_opt_ PVOID Parameter)
{
PWIN32_KERNEL_OBJECT_HEADER Win32ObjectHeader;
PVOID SessionEntry = NULL;
KAPC_STATE ApcState;
NTSTATUS Status;
/* The objects have a common header. And the kernel accesses it!
Thanks MS for this kind of retarded "design"! */
Win32ObjectHeader = Object;
/* Check if we are not already in the correct session */
if (!PsGetCurrentProcess()->ProcessInSession ||
(PsGetCurrentProcessSessionId() != Win32ObjectHeader->SessionId))
{
/* Get the session from the objects session Id */
DPRINT("SessionId == %d\n", Win32ObjectHeader->SessionId);
SessionEntry = MmGetSessionById(Win32ObjectHeader->SessionId);
if (SessionEntry == NULL)
{
/* The requested session does not even exist! */
NT_ASSERT(FALSE);
return STATUS_NOT_FOUND;
}
/* Attach to the session */
Status = MmAttachSession(SessionEntry, &ApcState);
if (!NT_SUCCESS(Status))
{
DPRINT1("Could not attach to 0x%p, object %p, callout 0x%p\n",
SessionEntry,
Win32ObjectHeader,
CalloutProcedure);
/* Cleanup and return */
MmQuitNextSession(SessionEntry);
NT_ASSERT(FALSE);
return Status;
}
}
/* Call the callout routine */
Status = CalloutProcedure(Parameter);
/* Check if we have a session */
if (SessionEntry != NULL)
{
/* Detach from the session and quit using it */
MmDetachSession(SessionEntry, &ApcState);
MmQuitNextSession(SessionEntry);
}
/* Return the callback status */
return Status;
}
NTSTATUS DispatchIoctl(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp){
NTSTATUS ntStatus = STATUS_UNSUCCESSFUL;
PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation(Irp);
PDEVICE_EXTENSION extension = DeviceObject->DeviceExtension;
switch(irpStack->Parameters.DeviceIoControl.IoControlCode){
case IOCTL_GET_HOOKS:
{
unsigned int i,j;
PETHREAD pethread;
PTHREADINFO ptiCurrent;
PDESKTOPINFO pdesktopinfo;
PPROCESSINFO ppi;
PARAMS_GET_HOOKS *params;
DATA_GET_HOOKS *data;
PHOOK* aphkStart;
if (irpStack->Parameters.DeviceIoControl.OutputBufferLength < sizeof(DATA_GET_HOOKS)) {
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
if (irpStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(PARAMS_GET_HOOKS)) {
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
params = ExAllocatePoolWithTag(PagedPool, sizeof(PARAMS_GET_HOOKS), 'tdkh');
if (!params) {
break;
}
memcpy(params, Irp->AssociatedIrp.SystemBuffer, sizeof(PARAMS_GET_HOOKS));
pethread = PsGetCurrentThread();
ptiCurrent = PsGetThreadWin32Thread(pethread);
if (g_win7) {
pdesktopinfo = (PDESKTOPINFO)((unsigned int*)ptiCurrent)[0xCC/4];
ppi = (PPROCESSINFO)&((char*)ptiCurrent)[0xB8];
aphkStart = (PHOOK*)&((char*)pdesktopinfo)[0x10];
} else {
pdesktopinfo = ptiCurrent->pDeskInfo;
ppi = ptiCurrent->ppi;
aphkStart = pdesktopinfo->aphkStart;
}
data = (DATA_GET_HOOKS*)Irp->AssociatedIrp.SystemBuffer;
memset(data, 0, sizeof(DATA_GET_HOOKS));
retrieve_hooks(aphkStart, ppi, data->global_hook);
data->threads=0;
j=0;
for (i=0;i<params->threads;i++) {
if (PsLookupThreadByThreadId((HANDLE)params->thread_id[i], &pethread) != STATUS_SUCCESS) {
continue;
}
if (g_win7) {
if (PsGetThreadSessionId(pethread) != PsGetCurrentProcessSessionId()) {
ObDereferenceObject(pethread);
continue;
}
}
ptiCurrent = PsGetThreadWin32Thread(pethread);
if (ptiCurrent) {
if (g_win7) {
aphkStart = (PHOOK*)&((char*)ptiCurrent)[0x198];
ppi = (PPROCESSINFO)&((char*)ptiCurrent)[0xB8];
} else {
aphkStart = (PHOOK*)&((char*)ptiCurrent)[0xf4];
ppi = ptiCurrent->ppi;
}
if (has_hooks(aphkStart)) {
data->threads++;
if (j<MAX_OUT_THREADS) {
retrieve_hooks(aphkStart, ppi, data->thread[j].hook);
data->thread[j].thread_id = params->thread_id[i];
j++;
}
}
}
ObDereferenceObject(pethread);
}
ExFreePool(params);
ntStatus = STATUS_SUCCESS;
break;
}
case IOCTL_HMOD_TBL_INX_TO_MOD_NAME:
{
DATA_HMOD_TBL_INX_TO_MOD_NAME *data;
PARAMS_HMOD_TBL_INX_TO_MOD_NAME *params;
WCHAR tmp;
int hmod_table_index;
if (irpStack->Parameters.DeviceIoControl.OutputBufferLength < sizeof(DATA_HMOD_TBL_INX_TO_MOD_NAME)) {
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
if (irpStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(PARAMS_HMOD_TBL_INX_TO_MOD_NAME)) {
ntStatus = STATUS_BUFFER_TOO_SMALL;
break;
}
params = Irp->AssociatedIrp.SystemBuffer;
UserGetAtomName = (UserGetAtomName_ptr)params->UserGetAtomName_address;
aatomSysLoaded = (ATOM*)params->aatomSysLoaded_address;
hmod_table_index = params->hmod_table_index;
if (UserGetAtomName && aatomSysLoaded) {
__try {
(*UserGetAtomName)(aatomSysLoaded[0], &tmp, 1);
} __except (EXCEPTION_EXECUTE_HANDLER) {
UserGetAtomName = 0;
}
}
data = Irp->AssociatedIrp.SystemBuffer;
if (UserGetAtomName) {
(*UserGetAtomName)(aatomSysLoaded[hmod_table_index], data->module_name, MAX_PATH);
} else {
data->module_name[0] = 0;
}
ntStatus = STATUS_SUCCESS;
break;
}
}
