コード例 #1
0
PEPROCESS		DKOM_SearchProcessByPID(IN long pid)
{
	PEPROCESS		foundProc;
	/* ANOTHER WAY TO FIND PEPROCESS VIA PID
	if (PsLookupProcessByProcessId ((PVOID)pid, &foundProc) == STATUS_SUCCESS) {
		DbgPrint("PID %ld found for '%s'", pid, (char*)((char*)foundProc + EPROCESS_OFFSET_IMAGENAME));
		return (foundProc);
	}
	*/
	PEPROCESS		saveProc;
	PEPROCESS		currProc;
	PLIST_ENTRY		list;
	long*			tmp = NULL;

	saveProc = IoGetCurrentProcess();
	currProc = saveProc;
	do {
		tmp = ((unsigned char*)currProc + EPROCESS_OFFSET_PID);
		//DbgPrint("[%s] %ld (0x%X) == %ld (0x%X)", (char*)currProc + EPROCESS_OFFSET_IMAGENAME, pid, pid, *tmp, *tmp);
		if (pid == (*tmp)) {
			DbgPrint("Process %ld found '%s'", pid, ((unsigned char*)currProc + EPROCESS_OFFSET_IMAGENAME));
			return (currProc);
		}

		list = (PLIST_ENTRY)((unsigned char*)currProc + EPROCESS_OFFSET_ELIST);
		currProc = (PEPROCESS)list->Flink;
		currProc = (PEPROCESS)((unsigned char*)currProc - EPROCESS_OFFSET_ELIST);
	} while (saveProc != currProc);

	return (0);
}
コード例 #2
0
ファイル: memapi.c プロジェクト: burluckij/unhooker
PEPROCESS GetEprocess(PUCHAR szProcessName)
{
	PEPROCESS pBaseEprocess = NULL;
	PEPROCESS pCurrentEprocess = NULL;
	PLIST_ENTRY pCurrentList = NULL;

	pCurrentEprocess = (PEPROCESS)IoGetCurrentProcess();
	pBaseEprocess = pCurrentEprocess;

	do
	{
		//DbgPrint("\nProcess : %s", ((PUCHAR)pCurrentEprocess+0x174));
		pCurrentList = (PLIST_ENTRY)((PUCHAR)pCurrentEprocess + off_EPROCESS_ActiveProcessLink);

		if (pCurrentList->Flink == NULL)
			return NULL;

		pCurrentEprocess = (PEPROCESS)((PUCHAR)pCurrentList->Flink - off_EPROCESS_ActiveProcessLink);

		if (pBaseEprocess == pCurrentEprocess)
			return NULL;

	} while (strcmp(szProcessName, (PUCHAR)pCurrentEprocess + off_EPROCESS_ProcessName));

	return pCurrentEprocess;
}
コード例 #3
0
ファイル: misc_irp.c プロジェクト: capturePointer/diskcryptor
NTSTATUS dc_create_close_irp(PDEVICE_OBJECT dev_obj, PIRP irp)
{
	PIO_STACK_LOCATION irp_sp = IoGetCurrentIrpStackLocation(irp);
	NTSTATUS           status = STATUS_SUCCESS;
	PEPROCESS          process;
	PACCESS_TOKEN      token;

	/* get requestor process */
	process = IoGetRequestorProcess(irp);
	if (process == NULL) process = IoGetCurrentProcess();
	
	if (irp_sp->MajorFunction == IRP_MJ_CREATE)
	{
		/* check process token */
		if ( (token = PsReferencePrimaryToken(process)) == NULL || SeTokenIsAdmin(token) == FALSE ) {
			status = STATUS_ACCESS_DENIED;
		}
		if (token != NULL) PsDereferencePrimaryToken(token);
	}
	if (irp_sp->MajorFunction == IRP_MJ_CLOSE) 
	{
		/* unlock all memory locked by this process */
		mm_unlock_user_memory(NULL, process);
		/* syncronize all encryptions */
		dc_sync_all_encs();
	}
	return dc_complete_irp(irp, status, 0);
}
コード例 #4
0
ファイル: net.c プロジェクト: svn2github/virtualbox
NTSTATUS VBoxMRxCreateSrvCall(PMRX_SRV_CALL pSrvCall, PMRX_SRVCALL_CALLBACK_CONTEXT pCallbackContext)
{
    PMRX_SRVCALLDOWN_STRUCTURE SrvCalldownStructure = (PMRX_SRVCALLDOWN_STRUCTURE)(pCallbackContext->SrvCalldownStructure);
    RT_NOREF(pSrvCall);

    Log(("VBOXSF: MRxCreateSrvCall: %p.\n", pSrvCall));

    if (IoGetCurrentProcess() == RxGetRDBSSProcess())
    {
        Log(("VBOXSF: MRxCreateSrvCall: Called in context of RDBSS process\n"));

        vbsfExecuteCreateSrvCall(pCallbackContext);
    }
    else
    {
        NTSTATUS Status;

        Log(("VBOXSF: MRxCreateSrvCall: Dispatching to worker thread\n"));

        Status = RxDispatchToWorkerThread(VBoxMRxDeviceObject, DelayedWorkQueue,
                                          (PWORKER_THREAD_ROUTINE)vbsfExecuteCreateSrvCall,
                                          pCallbackContext);

        if (Status == STATUS_SUCCESS)
            Log(("VBOXSF: MRxCreateSrvCall: queued\n"));
        else
        {
            pCallbackContext->Status = Status;
            SrvCalldownStructure->CallBack(pCallbackContext);
        }
    }

    /* RDBSS expect this. */
    return STATUS_PENDING;
}
コード例 #5
0
ファイル: bowutils.c プロジェクト: BillTheBest/WinNT4
VOID
BowserUninitializeTraceLog()
{
    BOOLEAN ProcessAttached = FALSE;

    PAGED_CODE();

    ExDeleteResource(&BrowserTraceLock);

    if (BrowserTraceLogHandle != NULL) {
        if (IoGetCurrentProcess() != BowserFspProcess) {
            KeAttachProcess(BowserFspProcess);

            ProcessAttached = TRUE;
        }

        ZwClose(BrowserTraceLogHandle);

        if (ProcessAttached) {
            KeDetachProcess();
        }
    }

    BrowserTraceLogHandle = NULL;
}
コード例 #6
0
ファイル: bowutils.c プロジェクト: BillTheBest/WinNT4
NTSTATUS
BowserDebugCall(
    IN PLMDR_REQUEST_PACKET InputBuffer,
    IN ULONG InputBufferLength
    )
{
    NTSTATUS Status;

    PAGED_CODE();

    ASSERT (IoGetCurrentProcess() == BowserFspProcess);

    if (InputBufferLength < sizeof(LMDR_REQUEST_PACKET)) {
        return STATUS_BUFFER_TOO_SMALL;
    }

    if (InputBuffer->Version != LMDR_REQUEST_PACKET_VERSION) {
        return (Status = STATUS_INVALID_PARAMETER);
    }

    if (InputBuffer->Parameters.Debug.OpenLog && InputBuffer->Parameters.Debug.CloseLog) {
        return (Status = STATUS_INVALID_PARAMETER);
    }

    if (InputBuffer->Parameters.Debug.OpenLog) {
        Status = BowserOpenTraceLogFile(InputBuffer->Parameters.Debug.TraceFileName);
        return Status;
    } else if (InputBuffer->Parameters.Debug.CloseLog) {
        Status = ZwClose(BrowserTraceLogHandle);

        if (NT_SUCCESS(Status)) {
            BrowserTraceLogHandle = NULL;
        }

        return Status;
    } else if (InputBuffer->Parameters.Debug.TruncateLog) {
        FILE_END_OF_FILE_INFORMATION EndOfFileInformation;
        IO_STATUS_BLOCK IoStatus;

        if (BrowserTraceLogHandle == NULL) {
            return STATUS_INVALID_HANDLE;
        }

        EndOfFileInformation.EndOfFile.HighPart = 0;
        EndOfFileInformation.EndOfFile.LowPart = 0;

        Status = NtSetInformationFile(BrowserTraceLogHandle,
                                        &IoStatus,
                                        &EndOfFileInformation,
                                        sizeof(EndOfFileInformation),
                                        FileEndOfFileInformation);

        return Status;
    } else {
        BowserDebugTraceLevel = InputBuffer->Parameters.Debug.DebugTraceBits;
        KdPrint(("Setting Browser Debug Trace Bits to %lx\n", BowserDebugTraceLevel));
    }

    return STATUS_SUCCESS;
}
コード例 #7
0
BOOLEAN IsTbsServiceProcess()
{
	char* ProcessName;

	PAGED_CODE();

	ProcessName = (char*)IoGetCurrentProcess();
	ProcessName += ProcessNameOffset;

	if(	strncmp(ProcessName,"svchost.exe",11) == 0)
	{
		return TRUE;
	}
	return FALSE;
}
コード例 #8
0
ファイル: Protect.c プロジェクト: xqrzd/HazardShield
/// <summary>
/// This routine is called by the operating system
/// when a process or thread handle operation occurs.
/// </summary>
OB_PREOP_CALLBACK_STATUS HspObPreCallback(
	_In_ PVOID RegistrationContext,
	_Inout_ POB_PRE_OPERATION_INFORMATION OperationInformation)
{
	PEPROCESS process;
	ACCESS_MASK processAccessBitsToClear;
	ACCESS_MASK threadAccessBitsToClear;

	UNREFERENCED_PARAMETER(RegistrationContext);

	// ObRegisterCallbacks doesn't allow changing access of kernel handles.
	if (OperationInformation->KernelHandle)
		return OB_PREOP_SUCCESS;

	// Get target process.
	if (OperationInformation->ObjectType == *PsProcessType)
		process = OperationInformation->Object;
	else if (OperationInformation->ObjectType == *PsThreadType)
		process = IoThreadToProcess(OperationInformation->Object);
	else
		return OB_PREOP_SUCCESS; // Shouldn't ever happen.

	// Allow process to open itself.
	if (process == IoGetCurrentProcess())
		return OB_PREOP_SUCCESS;

	if (HsIsProcessProtected(process, &processAccessBitsToClear, &threadAccessBitsToClear))
	{
		ACCESS_MASK accessBitsToClear;

		if (OperationInformation->ObjectType == *PsProcessType)
			accessBitsToClear = processAccessBitsToClear;
		else
			accessBitsToClear = threadAccessBitsToClear;

		// Remove access flags.
		if (OperationInformation->Operation == OB_OPERATION_HANDLE_CREATE)
		{
			OperationInformation->Parameters->CreateHandleInformation.DesiredAccess &= ~accessBitsToClear;
		}
		else if (OperationInformation->Operation == OB_OPERATION_HANDLE_DUPLICATE)
		{
			OperationInformation->Parameters->DuplicateHandleInformation.DesiredAccess &= ~accessBitsToClear;
		}
	}

	return OB_PREOP_SUCCESS;
}
コード例 #9
0
ULONG GetProcessNameOffset()
{
	ULONG Offset   = 0;
	char* Eprocess;

	PAGED_CODE();
	
	Eprocess = (char*)IoGetCurrentProcess();

	while(Offset < 0x3000)
	{
		if(strncmp(Eprocess+Offset,"System",6) == 0)
			break;
		Offset++;
	}
	return Offset < 0x3000 ? Offset : 0;
}
コード例 #10
0
ファイル: noddriver2.cpp プロジェクト: 12019/Carberp
VOID APCInjectRoutine(PKAPC pkaApc, PKNORMAL_ROUTINE*, PVOID*, PVOID*, PVOID*)
{
	WI_INJECT wiiItem;

	ExFreePool(pkaApc);

	wiiItem.pktThread = KeGetCurrentThread();
	wiiItem.pepProcess = IoGetCurrentProcess();
	wiiItem.hProcessID = PsGetCurrentProcessId();

	KeInitializeEvent(&wiiItem.keEvent, NotificationEvent, FALSE);

	ExInitializeWorkItem(&wiiItem.qiItem, InjectorWorkItem, &wiiItem);
	ExQueueWorkItem(&wiiItem.qiItem, DelayedWorkQueue);

	//was KernelMode not work do UserMode and work
	KeWaitForSingleObject(&wiiItem.keEvent, Executive, UserMode, TRUE, 0);

	return;
}
コード例 #11
0
PEPROCESS		DKOM_SearchProcessByName(IN char* procName, IN int lenName)
{
	PEPROCESS		saveProc;
	PEPROCESS		currProc;
	PLIST_ENTRY		list;

	saveProc = IoGetCurrentProcess();
	currProc = saveProc;
	do {
		if (strncmp(procName, ((unsigned char*)currProc + EPROCESS_OFFSET_IMAGENAME), lenName) == 0) {
			DbgPrint("Process %.*s found with uPID:%ld", lenName, procName, *((unsigned char*)currProc + EPROCESS_OFFSET_PID));
			return (currProc);
		}

		list = (PLIST_ENTRY)((unsigned char*)currProc + EPROCESS_OFFSET_ELIST);
		currProc = (PEPROCESS)list->Flink;
		currProc = (PEPROCESS)((unsigned char*)currProc - EPROCESS_OFFSET_ELIST);
	} while (saveProc != currProc);

	return (0);
}
コード例 #12
0
ファイル: init.c プロジェクト: BillTheBest/WinNT4
NTSTATUS
DriverEntry (
    IN PDRIVER_OBJECT DriverObject,
    IN PUNICODE_STRING RegistryPath
    )

/*++

Routine Description:

    This is the initialization routine for the AFD device driver.

Arguments:

    DriverObject - Pointer to driver object created by the system.

Return Value:

    The function value is the final status from the initialization operation.

--*/

{
    NTSTATUS status;
    UNICODE_STRING deviceName;
    CLONG i;
    BOOLEAN success;

    PAGED_CODE( );

    //
    // Create the device object.  (IoCreateDevice zeroes the memory
    // occupied by the object.)
    //
    // !!! Apply an ACL to the device object.
    //

    RtlInitUnicodeString( &deviceName, AFD_DEVICE_NAME );

    status = IoCreateDevice(
                 DriverObject,                   // DriverObject
                 0,                              // DeviceExtension
                 &deviceName,                    // DeviceName
                 FILE_DEVICE_NAMED_PIPE,         // DeviceType
                 0,                              // DeviceCharacteristics
                 FALSE,                          // Exclusive
                 &AfdDeviceObject                // DeviceObject
                 );


    if ( !NT_SUCCESS(status) ) {
        KdPrint(( "AFD DriverEntry: unable to create device object: %X\n", status ));
        return status;
    }

    //
    // Create the security descriptor used for raw socket access checks.
    //
    status = AfdCreateRawSecurityDescriptor();

    if (!NT_SUCCESS(status)) {
        IoDeleteDevice(AfdDeviceObject);
        return status;
    }

    AfdDeviceObject->Flags |= DO_DIRECT_IO;

    //
    // Initialize the driver object for this file system driver.
    //

    for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++) {
        DriverObject->MajorFunction[i] = AfdDispatch;
    }

    DriverObject->FastIoDispatch = &AfdFastIoDispatch;
    DriverObject->DriverUnload = NULL;

    //
    // Initialize global data.
    //

    success = AfdInitializeData( );
    if ( !success ) {
        IoDeleteDevice(AfdDeviceObject);
        return STATUS_INSUFFICIENT_RESOURCES;
    }

    //
    // Initialize group ID manager.
    //

    success = AfdInitializeGroup();
    if ( !success ) {
        IoDeleteDevice(AfdDeviceObject);
        return STATUS_INSUFFICIENT_RESOURCES;
    }

    //
    // Read registry information.
    //

    AfdReadRegistry( );

#if DBG
    if( AfdEnableUnload ) {
        KdPrint(( "AFD: DriverUnload enabled\n" ));
        DriverObject->DriverUnload = AfdUnload;
    }
#endif

    //
    // Initialize the lookaside lists.
    //

    AfdLookasideLists = AFD_ALLOCATE_POOL(
                            NonPagedPool,
                            sizeof(*AfdLookasideLists),
                            AFD_LOOKASIDE_LISTS_POOL_TAG
                            );

    if( AfdLookasideLists == NULL ) {
        IoDeleteDevice(AfdDeviceObject);
        return STATUS_INSUFFICIENT_RESOURCES;
    }

    //
    // Initialize the work queue item lookaside list.
    //

    ExInitializeNPagedLookasideList(
        &AfdLookasideLists->WorkQueueList,
#if DBG
        AfdAllocateWorkItemPool,
        AfdFreeWorkItemPool,
#else
        NULL,
        NULL,
#endif
        NonPagedPoolMustSucceed,
        sizeof( AFD_WORK_ITEM ),
        AFD_WORK_ITEM_POOL_TAG,
        12
        );

    //
    // Initialize the AFD buffer lookaside lists.  These must be
    // initialized *after* the registry data has been read.
    //

    ExInitializeNPagedLookasideList(
        &AfdLookasideLists->LargeBufferList,
        AfdAllocateBuffer,
#if DBG
        AfdFreeBufferPool,
#else
        NULL,
#endif
        0,
        AfdLargeBufferSize,
        AFD_DATA_BUFFER_POOL_TAG,
        (USHORT)AfdLargeBufferListDepth
        );

    ExInitializeNPagedLookasideList(
        &AfdLookasideLists->MediumBufferList,
        AfdAllocateBuffer,
#if DBG
        AfdFreeBufferPool,
#else
        NULL,
#endif
        0,
        AfdMediumBufferSize,
        AFD_DATA_BUFFER_POOL_TAG,
        (USHORT)AfdMediumBufferListDepth
        );

    ExInitializeNPagedLookasideList(
        &AfdLookasideLists->SmallBufferList,
        AfdAllocateBuffer,
#if DBG
        AfdFreeBufferPool,
#else
        NULL,
#endif
        0,
        AfdSmallBufferSize,
        AFD_DATA_BUFFER_POOL_TAG,
        (USHORT)AfdSmallBufferListDepth
        );

    //
    // Initialize our device object.
    //

    AfdDeviceObject->StackSize = AfdIrpStackSize;

    //
    // Remember a pointer to the system process.  We'll use this pointer
    // for KeAttachProcess() calls so that we can open handles in the
    // context of the system process.
    //

    AfdSystemProcess = (PKPROCESS)IoGetCurrentProcess();

    //
    // Tell MM that it can page all of AFD it is desires.  We will reset
    // to normal paging of AFD code as soon as an AFD endpoint is
    // opened.
    //

    AfdLoaded = FALSE;

    MmPageEntireDriver( DriverEntry );

    return (status);

} // DriverEntry
コード例 #13
0
ファイル: data.c プロジェクト: GYGit/reactos
BOOLEAN
NTAPI
InitializeDeviceData(IN PDEVICE_OBJECT DeviceObject)
{
    PSAC_DEVICE_EXTENSION DeviceExtension = DeviceObject->DeviceExtension;
    BOOLEAN EnableData;
    ULONG PriorityValue;
    NTSTATUS Status;
    LARGE_INTEGER DueTime;
    PWCHAR Message;
    PAGED_CODE();
    SAC_DBG(SAC_DBG_ENTRY_EXIT, "Entering.\n");

    /* If we already did this, bail out */
    if (DeviceExtension->Initialized) goto SuccessExit;

    /* Setup the DO flags */
    DeviceObject->Flags |= DO_DIRECT_IO;
    DeviceObject->StackSize = 16;

    /* Setup the device extension */
    DeviceExtension->DeviceObject = DeviceObject;
    DeviceExtension->PriorityBoost = IO_SERIAL_INCREMENT;
    DeviceExtension->PriorityFail = 0;
    DeviceExtension->RundownInProgress = 0;

    /* Initialize locks, events, timers, DPCs, etc... */
    KeInitializeTimer(&DeviceExtension->Timer);
    KeInitializeDpc(&DeviceExtension->Dpc, TimerDpcRoutine, DeviceExtension);
    KeInitializeSpinLock(&DeviceExtension->Lock);
    KeInitializeEvent(&DeviceExtension->Event, SynchronizationEvent, FALSE);
    InitializeListHead(&DeviceExtension->List);

    /* Attempt to enable HDL support */
    EnableData = TRUE;
    Status = HeadlessDispatch(HeadlessCmdEnableTerminal,
                              &EnableData,
                              sizeof(EnableData),
                              NULL,
                              0);
    if (!NT_SUCCESS(Status))
    {
        /* Bail out if we couldn't even get this far */
        SAC_DBG(SAC_DBG_ENTRY_EXIT, "Exiting (1) with status FALSE\n");
        return FALSE;
    }

    /* Remember which process we started in */
    DeviceExtension->Process = IoGetCurrentProcess();

    /* Protect the device against non-admins */
    Status = CreateDeviceSecurityDescriptor(&DeviceExtension->DeviceObject);
    if (!NT_SUCCESS(Status))
    {
        /* Write down why we failed */
        SAC_DBG(SAC_DBG_ENTRY_EXIT, "Exiting (2) with status FALSE\n");

        /* Disable the HDL terminal on failure */
        EnableData = FALSE;
        Status = HeadlessDispatch(HeadlessCmdEnableTerminal,
                                  &EnableData,
                                  sizeof(EnableData),
                                  NULL,
                                  NULL);
        if (!NT_SUCCESS(Status)) SAC_DBG(SAC_DBG_INIT, "Failed dispatch\n");

        /* Bail out */
        return FALSE;
    }

    /* Create the worker thread */
    Status = PsCreateSystemThread(&DeviceExtension->WorkerThreadHandle,
                                  THREAD_ALL_ACCESS,
                                  NULL,
                                  NULL,
                                  NULL,
                                  WorkerThreadStartUp,
                                  DeviceExtension);
    if (!NT_SUCCESS(Status))
    {
        /* Write down why we failed */
        SAC_DBG(SAC_DBG_ENTRY_EXIT, "Exiting (3) with status FALSE\n");

        /* Disable the HDL terminal on failure */
        EnableData = FALSE;
        Status = HeadlessDispatch(HeadlessCmdEnableTerminal,
                                  &EnableData,
                                  sizeof(EnableData),
                                  NULL,
                                  NULL);
        if (!NT_SUCCESS(Status)) SAC_DBG(SAC_DBG_INIT, "Failed dispatch\n");

        /* Bail out */
        return FALSE;
    }

    /* Set the priority of our thread to highest */
    PriorityValue = HIGH_PRIORITY;
    Status = NtSetInformationThread(DeviceExtension->WorkerThreadHandle,
                                    ThreadPriority,
                                    &PriorityValue,
                                    sizeof(PriorityValue));
    if (!NT_SUCCESS(Status))
    {
        /* For debugging, write down why we failed */
        SAC_DBG(SAC_DBG_ENTRY_EXIT, "Exiting (6) with status FALSE\n");
        DeviceExtension->PriorityFail = TRUE;

        /* Initialize rundown and wait for the thread to do it */
        KeInitializeEvent(&DeviceExtension->RundownEvent, SynchronizationEvent, FALSE);
        KeSetEvent(&DeviceExtension->Event, DeviceExtension->PriorityBoost, FALSE);
        Status = KeWaitForSingleObject(&DeviceExtension->RundownEvent,
                                       Executive,
                                       KernelMode,
                                       FALSE,
                                       NULL);
        ASSERT(Status == STATUS_SUCCESS);

        /* Disable the HDL terminal on failure */
        EnableData = FALSE;
        Status = HeadlessDispatch(HeadlessCmdEnableTerminal,
                                  &EnableData,
                                  sizeof(EnableData),
                                  NULL,
                                  0);
        if (!NT_SUCCESS(Status)) SAC_DBG(SAC_DBG_INIT, "Failed dispatch\n");

        /* Bail out */
        return FALSE;
    }

    /* The first "packet" is the machine information in XML... */
    Status = TranslateMachineInformationXML(&Message, NULL);
    if (NT_SUCCESS(Status))
    {
        /* Go ahead and send it */
        UTF8EncodeAndSend(L"<?xml version=\"1.0\"?>\r\n");
        UTF8EncodeAndSend(Message);

        /* Free the temporary buffer */
        SacFreePool(Message);
    }

    /* Finally, initialize the I/O Manager */
    Status = ConMgrInitialize();
    if (!NT_SUCCESS(Status)) return FALSE;

    /* Set the timer. Once this is done, the device is initialized */
    DueTime.QuadPart = -4000;
    KeSetTimerEx(&DeviceExtension->Timer, DueTime, 4, &DeviceExtension->Dpc);
    DeviceExtension->Initialized = TRUE;

SuccessExit:
    /* Success path -- everything worked */
    SAC_DBG(SAC_DBG_ENTRY_EXIT, "Exiting with status TRUE\n");
    return TRUE;
}
コード例 #14
0
ファイル: srvcall.c プロジェクト: LastRitter/vbox-haiku
NTSTATUS VBoxMRxCreateSrvCall (PMRX_SRV_CALL pSrvCall, PMRX_SRVCALL_CALLBACK_CONTEXT pCallbackContext)
/*++

 Routine Description:

 This routine patches the RDBSS created srv call instance with the information required
 by the mini redirector.

 Arguments:

 RxContext        - Supplies the context of the original create/ioctl

 CallBackContext  - the call back context in RDBSS for continuation.

 Return Value:

 RXSTATUS - The return status for the operation

 --*/
{
    NTSTATUS Status;

    PMRX_SRVCALLDOWN_STRUCTURE SrvCalldownStructure = (PMRX_SRVCALLDOWN_STRUCTURE)(pCallbackContext->SrvCalldownStructure);

    Assert(pSrvCall);
    Assert(NodeType(pSrvCall) == RDBSS_NTC_SRVCALL);

    Log(("VBOXSF: VBoxMRxCreateSrvCall: Called %p.\n", pSrvCall));

    //
    // If this request was made on behalf of the RDBSS, do ExecuteCreatSrvCall
    // immediately. If the request was made from somewhere else, create a work item
    // and place it on a queue for a worker thread to process later. This distinction
    // is made to simplify transport handle management.
    //
    if (IoGetCurrentProcess() == RxGetRDBSSProcess())
    {
        Log(("VBOXSF: VBoxMRxCreateSrvCall: Called in context of RDBSS process\n"));

        //
        // Peform the processing immediately because RDBSS is the initiator of this
        // request
        //

        ExecuteCreateSrvCall(pCallbackContext);
    }
    else
    {
        Log(("VBOXSF: VBoxMRxCreateSrvCall: Dispatching to worker thread\n"));

        //
        // Dispatch the request to a worker thread because the redirected drive
        // buffering sub-system (RDBSS) was not the initiator
        //

        Status = RxDispatchToWorkerThread(VBoxMRxDeviceObject, DelayedWorkQueue, (PWORKER_THREAD_ROUTINE)ExecuteCreateSrvCall, /* explicit cast for first parameter type */
        pCallbackContext);

        if (Status == STATUS_SUCCESS)
        {
            Log(("VBOXSF: VBoxMRxCreateSrvCall: queued!\n"));
        }
        else
        {
            pCallbackContext->Status = Status;
            SrvCalldownStructure->CallBack(pCallbackContext);
        }
    }

    //
    // The wrapper expects PENDING.
    //
    return STATUS_PENDING;
}
コード例 #15
0
ファイル: pgflt.c プロジェクト: GYGit/reactos
//*************************************************************************
// HandleInDebuggerFault()
//
//*************************************************************************
ULONG HandleInDebuggerFault(FRAME* ptr,ULONG address)
{
	PEPROCESS tsk;

    ENTER_FUNC();

	DPRINT((0,"HandleInDebuggerFault(): ###### page fault @ %.8X while inside debugger, eip: %x\n",address, ptr->eip));

	// fault in this page fault handler
	if(bInPageFaultHandler)
	{
    	DPRINT((0,"HandleInDebuggerFault(): ###### page fault @ %.8X while in page fault handler\n",address));

        DPRINT((0,"!!! machine is halted !!!\n"));
        __asm__ __volatile__ ("hlt");

        LEAVE_FUNC();
		return 0;
	}

	bInPageFaultHandler = TRUE;

    // when we come here from DebuggerShell() we live on a different stack
    // so the current task is different as well
    tsk = IoGetCurrentProcess();

    DPRINT((0,"%.8X (%.4X:%.8X %.8X %s %s %s task=%.8X )\n",
        address,
        ptr->cs,
        ptr->eip,
        ptr->eflags,
        (ptr->error_code&1)?"PLP":"NP",
        (ptr->error_code&2)?"WRITE":"READ",
        (ptr->error_code&4)?"USER-MODE":"KERNEL-MODE",
        (ULONG)tsk));

	if(!bInPrintk)
    {
    	DPRINT((0,"HandleInDebuggerFault(): unexpected pagefault in command handler!\n",address));
    }
	else
    {
    	DPRINT((0,"HandleInDebuggerFault(): unexpected pagefault in command handler while in PrintkCallback()!\n",address));
    }

    if(tsk)
    {
	    PULONG pPGD;
	    PULONG pPTE;

        pPGD = ADDR_TO_PDE(address);

        DPRINT((0,"PGD for %.8X @ %.8X = %.8X\n",address,(ULONG)pPGD,(ULONG)(*pPGD) ));

        if(pPGD && (*pPGD)&_PAGE_PRESENT)
        {
            // not large page
            if(!((*pPGD)&_PAGE_4M))
            {
                pPTE = ADDR_TO_PTE(address);
                if(pPTE)
                {
                    DPRINT((0,"PTE for %.8X @ %.8X = %.8X\n",address,(ULONG)pPTE,(ULONG)(*pPTE) ));
                }
            }
        }
    }

    IntelStackWalk(ptr->eip,CurrentEBP,ulRealStackPtr);

    DPRINT((0,"!!! machine is halted !!!\n"));
    __asm__ __volatile__ ("hlt");

    LEAVE_FUNC();

	return 2;
}
コード例 #16
0
ファイル: pgflt.c プロジェクト: GYGit/reactos
//*************************************************************************
// HandlePageFault()
//
// returns:
// 0    =       let the system handle it
// 1    =       call DebuggerShell()
// 2    =       FATAL error inside debugger
//*************************************************************************
ULONG HandlePageFault(FRAME* ptr)
{
    PVOID address;
	PEPROCESS tsk, tsk1;
	PMADDRESS_SPACE vma;
    PLIST_ENTRY current_entry;
	MEMORY_AREA* current;
    ULONG value;
	PKTHREAD CurrentThread;
	PETHREAD CurrentEThread;

	// get linear address of page fault
	__asm__ __volatile__("movl %%cr2,%0"
					      :"=r" (address));

  	DPRINT((0,"\nPageFault: bInDebShell: %d, error: %d, addr: %x\n", bInDebuggerShell, ptr->error_code, address));

    // there's something terribly wrong if we get a fault in our command handler
    if(bInDebuggerShell)
    {
		DPRINT((0,"return handleindebuggerfault\n"));
		return HandleInDebuggerFault(ptr,(ULONG)address);
    }

	ASSERT(IsAddressValid((ULONG)ptr));
    // remember error code so we can push it back on the stack
    error_code = ptr->error_code;

    //ei Check IRQL here!!!
/*
    if(in_interrupt())
    {
        Print(OUTPUT_WINDOW,"pICE: system is currently processing an interrupt!\n");
        return 1;
    }
*/
	// current process
    tsk = IoGetCurrentProcess();
	DPRINT((0,"tsk: %x\t", tsk));
	if( !tsk || !(IsAddressValid((ULONG)tsk))){
		DPRINT((0,"tsk address not valid: tsk: %x\n", tsk));
		return 0;
	}

	// lookup VMA for this address
	if( (ULONG)address > KERNEL_BASE )
	  vma = my_init_mm;                // use kernel mem area for kernel addresses
	else vma = &(tsk->AddressSpace);   // otherwise, use user memory area

	if( !vma ){
		DPRINT((0,"vma not valid: vma: %x\n", vma));
		return 0;
	}

	current_entry = vma->MAreaListHead.Flink;
	ASSERT(current_entry);
	DPRINT((0,"vma: %x, current_entry: %x, kernel arena: %x\n", vma, current_entry, my_init_mm));
	while(current_entry != &vma->MAreaListHead)
	{
		ASSERT(current_entry);
		ASSERT(IsAddressValid((ULONG)current_entry));
		current = CONTAINING_RECORD(current_entry,
						MEMORY_AREA,
						Entry);


		if( (address >= current->BaseAddress) && (address <= current->BaseAddress + current->Length ))
		{
			DPRINT((0,"address: %x    %x - %x Attrib: %x, Type: %x\n", address, current->BaseAddress, current->BaseAddress + current->Length, current->Attributes, current->Type));
			//page not present
			if( !(error_code & 1) ){
				//check it is in pageable area
				if( current->Type == MEMORY_AREA_SECTION_VIEW ||
					current->Type == MEMORY_AREA_VIRTUAL_MEMORY ||
					current->Type == MEMORY_AREA_PAGED_POOL ||
					current->Type == MEMORY_AREA_SHARED_DATA
						){
	                //ei too much output Print(OUTPUT_WINDOW,"pICE: VMA Pageable Section.\n");
					//ei DPRINT((0,"return 0 1\n"));
					return 0; //let the system handle this
				}
				Print(OUTPUT_WINDOW,"pICE: VMA Page not present in non-pageable Section!\n");
				//ei DPRINT((0,"Type: currenttype: %x return 1 2\n", current->Type));
				return 0;
			}
			else{ //access violation

				if( error_code & 4 )
				{   //user mode
					if( (ULONG)address >= KERNEL_BASE )
					{
						Print(OUTPUT_WINDOW,"pICE: User mode program trying to access kernel memory!\n");
						//DPRINT((0,"return 0 3\n"));
						return 1;
					}
					//DPRINT((0,"return 0 4\n"));
					return 0;
				}
				/*
				if(error_code & 2)
		        {
					//on write
		            if(!(current->Attributes & PAGE_READONLY))
		            {
		                Print(OUTPUT_WINDOW,"pICE: virtual memory arena is not writeable!\n");
		                return 1;
		            }
		        }
		        // READ ACCESS
		        else
		        {
		            // test EXT bit in error code
				    if (error_code & 1)
		            {
		                Print(OUTPUT_WINDOW,"pICE: page-level protection fault!\n");
		                return 1;
		            }
		            //
				*/
					/*
					if (!(current->Attributes & PAGE_EXECUTE_READ))
		            {
		                Print(OUTPUT_WINDOW,"pICE: VMA is not readable!\n");
		                return 1;
		            }
					*/

		        // let the system handle it
				//DPRINT((0,"return 0 5\n"));
		        return 0;
			}
		}
		current_entry = current_entry->Flink;
	}

    Print(OUTPUT_WINDOW,"pICE: no virtual memory arena at this address!\n");
	DPRINT((0,"return 0 6\n"));
	return 1;

    // let the system handle it
//    return 0;
}
コード例 #17
0
ファイル: utilities.c プロジェクト: icewall/ForceDelete
NTSTATUS 
ForceDelete(
			wchar_t *path
			)
{

	HANDLE fileHandle;
	NTSTATUS result;
	IO_STATUS_BLOCK ioBlock;
	DEVICE_OBJECT *device_object;
	void* object = NULL;
	OBJECT_ATTRIBUTES fileObject;
	wchar_t deviceName[14];
	UNICODE_STRING uDeviceName;
	UNICODE_STRING uPath;

	
	EPROCESS *eproc = IoGetCurrentProcess();
	//switch context to UserMode
	KeAttachProcess(eproc);
	
	//initialize file to delete variable
	g_fileToDelete = path;
	g_fileToDelete += 6; //take from \??\C:\example only \example
	

	//e.g "\??\C:\"
	memset(deviceName,0,sizeof(deviceName));
	wcsncpy(deviceName,path,7);
	uDeviceName.Buffer = deviceName;
	uDeviceName.Length = 14;
	//file path to unicode string
	RtlInitUnicodeString(&uPath,path);
	
	InitializeObjectAttributes(&fileObject,
								&uDeviceName,
								OBJ_CASE_INSENSITIVE,
								NULL,
								NULL);

	result = ZwOpenFile(&fileHandle,
						SYNCHRONIZE,
						&fileObject,
						&ioBlock,
						FILE_SHARE_READ,
						FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE);

	if(result != STATUS_SUCCESS)
	{
		DbgPrint("Some problems with open file ;[");
		goto _end;
	}

    if ( !ObReferenceObjectByHandle(fileHandle, 0, 0, 0, &object, 0) )
    {

      device_object = IoGetBaseFileSystemDeviceObject(object);
      ObfDereferenceObject(object);
    }
	
    ZwClose(fileHandle);	
	
	InitializeObjectAttributes(&fileObject,
							   &uPath,
							   OBJ_CASE_INSENSITIVE,
							   NULL,
							   NULL);

	result = IoCreateFileSpecifyDeviceObjectHint(
			   &fileHandle,
			   SYNCHRONIZE | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | FILE_READ_DATA, //0x100181 
			   &fileObject,
			   &ioBlock,
			   0,
			   0,
			   FILE_SHARE_READ | FILE_SHARE_WRITE |FILE_SHARE_DELETE, //FILE_SHARE_VALID_FLAGS,
			   FILE_OPEN,
			   FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT,//0x60,
			   0,
			   0,
			   CreateFileTypeNone,
			   0,
			   IO_IGNORE_SHARE_ACCESS_CHECK,
			   device_object);
	if(result != STATUS_SUCCESS)
	{
		DbgPrint("error in IoCreateFileSpecifyDeviceObjectHint");
		goto _end;
	}

	result = ObReferenceObjectByHandle(fileHandle, 0, 0, 0, &object, 0);

	if(result != STATUS_SUCCESS)
	{
		DbgPrint("error in ObReferenceObjectByHandle");
		ZwClose(fileHandle);
		goto _end;
	}
	/*
		METHOD 1
	*/
	((FILE_OBJECT*)object)->SectionObjectPointer->ImageSectionObject = 0;
	((FILE_OBJECT*)object)->DeleteAccess = 1;	
	 result = ZwDeleteFile(&fileObject);
	
	if(result != STATUS_SUCCESS)
	{
		DbgPrint("\n[+]error in ZwDeleteFile");
	}
	ObDereferenceObject(object);
	ZwClose(fileHandle);
	 
	result = ZwDeleteFile(&fileObject);
	if(result != STATUS_SUCCESS)
	{
		DbgPrint("\n[+]error in ZwDeleteFile");
		/*
			METHOD 2
		*/		
		r0_fileToDelete(path);
		
		/*
			METHOD 3
			If simple solutions did not help, try this one.
		*/
		hook_it(device_object)
	}
コード例 #18
0
ファイル: bowutils.c プロジェクト: BillTheBest/WinNT4
VOID
BowserTrace(
    PCHAR FormatString,
    ...
    )

#define LAST_NAMED_ARGUMENT FormatString

{
    CHAR OutputString[1024];
    IO_STATUS_BLOCK IoStatus;
    BOOLEAN ProcessAttached = FALSE;
    va_list ParmPtr;                    // Pointer to stack parms.
    NTSTATUS Status;

    PAGED_CODE();

    if (IoGetCurrentProcess() != BowserFspProcess) {
        KeAttachProcess(BowserFspProcess);

        ProcessAttached = TRUE;
    }


    if (BrowserTraceLogHandle == NULL) {

        if (!NT_SUCCESS(BowserOpenTraceLogFile(L"\\SystemRoot\\Bowser.Log"))) {

            BrowserTraceLogHandle = (HANDLE)0xffffffff;

            if (ProcessAttached) {
                KeDetachProcess();
            }

            return;
        }

    } else if (BrowserTraceLogHandle == (HANDLE)0xffffffff) {

        if (ProcessAttached) {
            KeDetachProcess();
        }

        return;
    }


    ExAcquireResourceExclusive(&BrowserTraceLock, TRUE);

    if (BrowserTraceLogHandle == NULL) {

        ExReleaseResource(&BrowserTraceLock);

        if (ProcessAttached) {
            KeDetachProcess();
        }

        return;
    }

    try {
        LARGE_INTEGER EndOfFile;

        EndOfFile.HighPart = 0xffffffff;
        EndOfFile.LowPart = FILE_WRITE_TO_END_OF_FILE;

        if (LastCharacter == '\n') {
            LARGE_INTEGER SystemTime;
            TIME_FIELDS TimeFields;

            KeQuerySystemTime(&SystemTime);

            ExSystemTimeToLocalTime(&SystemTime, &SystemTime);

            RtlTimeToTimeFields(&SystemTime, &TimeFields);

            //
            //  The last character written was a newline character.  We should
            //  timestamp this record in the file.
            //
/****
            sprintf(OutputString, "%2.2d/%2.2d/%4.4d %2.2d:%2.2d:%2.2d.%3.3d: ", TimeFields.Month,
                                                            TimeFields.Day,
                                                            TimeFields.Year,
                                                            TimeFields.Hour,
                                                            TimeFields.Minute,
                                                            TimeFields.Second,
                                                            TimeFields.Milliseconds);
****/

            if (!NT_SUCCESS(Status = ZwWriteFile(BrowserTraceLogHandle, NULL, NULL, NULL, &IoStatus, OutputString, strlen(OutputString), &EndOfFile, NULL))) {
                KdPrint(("Error writing time to Browser log file: %lX\n", Status));
                return;
            }

            if (!NT_SUCCESS(IoStatus.Status)) {
                KdPrint(("Error writing time to Browser log file: %lX\n", IoStatus.Status));
                return;
            }

            if (IoStatus.Information != strlen(OutputString)) {
                KdPrint(("Error writing time to Browser log file: %lX\n", IoStatus.Status));
                return;
            }

        }

        va_start(ParmPtr, LAST_NAMED_ARGUMENT);

        //
        //  Format the parameters to the string.
        //

        vsprintf(OutputString, FormatString, ParmPtr);

        if (!NT_SUCCESS(Status = ZwWriteFile(BrowserTraceLogHandle, NULL, NULL, NULL, &IoStatus, OutputString, strlen(OutputString), &EndOfFile, NULL))) {
            KdPrint(("Error writing string to Browser log file: %ld\n", Status));
            return;
        }

        if (!NT_SUCCESS(IoStatus.Status)) {
            KdPrint(("Error writing string to Browser log file: %lX\n", IoStatus.Status));
            return;
        }

        if (IoStatus.Information != strlen(OutputString)) {
            KdPrint(("Error writing string to Browser log file: %ld\n", IoStatus.Status));
            return;
        }

        //
        //  Remember the last character output to the log.
        //

        LastCharacter = OutputString[strlen(OutputString)-1];

    } finally {
        ExReleaseResource(&BrowserTraceLock);

        if (ProcessAttached) {
            KeDetachProcess();
        }
    }
}