static ULONG get_ea_len(device_extension* Vcb, root* subvol, UINT64 inode, PIRP Irp) { UINT8* eadata; UINT16 len; if (get_xattr(Vcb, subvol, inode, EA_EA, EA_EA_HASH, &eadata, &len, Irp)) { ULONG offset; NTSTATUS Status; Status = IoCheckEaBufferValidity((FILE_FULL_EA_INFORMATION*)eadata, len, &offset); if (!NT_SUCCESS(Status)) { WARN("IoCheckEaBufferValidity returned %08x (error at offset %u)\n", Status, offset); ExFreePool(eadata); return 0; } else { FILE_FULL_EA_INFORMATION* eainfo; ULONG ealen; ealen = 4; eainfo = (FILE_FULL_EA_INFORMATION*)eadata; do { ealen += 5 + eainfo->EaNameLength + eainfo->EaValueLength; if (eainfo->NextEntryOffset == 0) break; eainfo = (FILE_FULL_EA_INFORMATION*)(((UINT8*)eainfo) + eainfo->NextEntryOffset); } while (TRUE); ExFreePool(eadata); return ealen; } } else return 0; }
NTSTATUS IopCreateFileXp2003( __out PHANDLE FileHandle, __in ACCESS_MASK DesiredAccess, __in POBJECT_ATTRIBUTES ObjectAttributes, __out PIO_STATUS_BLOCK IoStatusBlock, __in PLARGE_INTEGER AllocationSize OPTIONAL, __in ULONG FileAttributes, __in ULONG ShareAccess, __in ULONG Disposition, __in ULONG CreateOptions, __in PVOID EaBuffer OPTIONAL, __in ULONG EaLength, __in CREATE_FILE_TYPE CreateFileType, __in PVOID ExtraCreateParameters OPTIONAL, __in ULONG Options, __in ULONG InternalFlags, __in PVOID DeviceObject ) { KPROCESSOR_MODE kRrequestorMode = KernelMode; NTSTATUS nsStatus = STATUS_UNSUCCESSFUL; HANDLE hHandle = NULL; POPEN_PACKET pOpenPacket = NULL; PVOID pFileObjRetFunc = NULL; PVOID pDeviceObjRetFunc = NULL; BOOLEAN bSuccessfulIoParse = FALSE; BOOLEAN bSetObjFunc = FALSE; ULONG ulFileOrDevice = 0; LARGE_INTEGER liInitialAllocationSize = {0x00}; do { kRrequestorMode = KernelMode; if (Options & IO_NO_PARAMETER_CHECKING) { kRrequestorMode = KernelMode; } if (AllocationSize != NULL) { liInitialAllocationSize.QuadPart = AllocationSize->QuadPart; } else { liInitialAllocationSize.QuadPart = 0; } BDKitAllocateNonpagePool(pOpenPacket, sizeof(*pOpenPacket)); BDKit_If_Not_Break(pOpenPacket != NULL); if (EaBuffer != NULL && EaLength != 0) { ULONG errorOffset = 0; BDKitAllocatePagePool(pOpenPacket->EaBuffer, EaLength); BDKit_If_Not_Break(pOpenPacket->EaBuffer != NULL); pOpenPacket->EaLength = EaLength; __try { RtlCopyMemory(pOpenPacket->EaBuffer, EaBuffer, EaLength); } __except(EXCEPTION_EXECUTE_HANDLER) { nsStatus= STATUS_INVALID_PARAMETER; BDKit_If_Not_Break(FALSE); } nsStatus = IoCheckEaBufferValidity((PFILE_FULL_EA_INFORMATION)pOpenPacket->EaBuffer, EaLength, &errorOffset); if (!NT_SUCCESS(nsStatus)) { IoStatusBlock->Status = nsStatus; IoStatusBlock->Information = errorOffset; BDKit_If_Not_Break(FALSE); } } else { pOpenPacket->EaBuffer = (PVOID)NULL; pOpenPacket->EaLength = 0L; } pOpenPacket->Type = IO_TYPE_OPEN_PACKET; pOpenPacket->Size = sizeof(*pOpenPacket); pOpenPacket->ParseCheck = 0L; pOpenPacket->AllocationSize = liInitialAllocationSize; pOpenPacket->CreateOptions = CreateOptions; pOpenPacket->FileAttributes = (USHORT) FileAttributes; pOpenPacket->ShareAccess = (USHORT) ShareAccess; pOpenPacket->Disposition = Disposition; pOpenPacket->Override = FALSE; pOpenPacket->QueryOnly = FALSE; pOpenPacket->DeleteOnly = FALSE; pOpenPacket->Options = Options; pOpenPacket->RelatedFileObject = (PFILE_OBJECT)NULL; pOpenPacket->CreateFileType = CreateFileType; pOpenPacket->ExtraCreateParameters = ExtraCreateParameters; pOpenPacket->InternalFlags = InternalFlags; pOpenPacket->TraversedMountPoint = FALSE; pOpenPacket->TopDeviceObjectHint = (PDEVICE_OBJECT)DeviceObject; pOpenPacket->FinalStatus = STATUS_SUCCESS; pOpenPacket->FileObject = (PFILE_OBJECT)NULL; { //恢复Object CallBack bSetObjFunc = KeFileSetObjectFunction(*IoFileObjectType, g_emObjFileFunction, emObjParseOper, &pFileObjRetFunc, TRUE); if (bSetObjFunc && pFileObjRetFunc != NULL) { ulFileOrDevice |= RESET_FILE_OBJECT_CALLBACK; } bSetObjFunc = KeFileSetObjectFunction(g_pDevObjectTypePointer, g_emObjDeviceFunction, emObjParseOper, &pDeviceObjRetFunc, TRUE); if (bSetObjFunc && pDeviceObjRetFunc != NULL) { ulFileOrDevice |= RESET_DEVICE_OBJECT_CALLBACK; } nsStatus = ObOpenObjectByName( ObjectAttributes, NULL, kRrequestorMode, NULL, DesiredAccess, pOpenPacket, &hHandle ); //恢复设置 if (ulFileOrDevice & RESET_FILE_OBJECT_CALLBACK) { KeFileSetObjectFunction(*IoFileObjectType, g_emObjFileFunction, emObjParseOper, &pFileObjRetFunc, FALSE); ulFileOrDevice &= ~RESET_FILE_OBJECT_CALLBACK; } if (ulFileOrDevice & RESET_DEVICE_OBJECT_CALLBACK) { KeFileSetObjectFunction(g_pDevObjectTypePointer, g_emObjDeviceFunction, emObjParseOper, &pDeviceObjRetFunc, FALSE); ulFileOrDevice &= ~RESET_DEVICE_OBJECT_CALLBACK; } } BDKitFreePool(pOpenPacket->EaBuffer); pOpenPacket->EaLength = 0; bSuccessfulIoParse = (BOOLEAN)(pOpenPacket->ParseCheck == OPEN_PACKET_PATTERN); if ( !NT_SUCCESS(nsStatus) || bSuccessfulIoParse == FALSE ) { if (NT_SUCCESS(nsStatus)) { BDKitCloseHandle(hHandle); nsStatus = STATUS_OBJECT_TYPE_MISMATCH; } if ( !NT_SUCCESS(pOpenPacket->FinalStatus) ) { nsStatus = pOpenPacket->FinalStatus; if ( NT_WARNING(nsStatus) ) { __try { IoStatusBlock->Status = pOpenPacket->FinalStatus; IoStatusBlock->Information = pOpenPacket->Information; } __except(EXCEPTION_EXECUTE_HANDLER) { nsStatus = GetExceptionCode(); } } } else if ( pOpenPacket->FileObject != NULL && !bSuccessfulIoParse )
int _tmain(int argc, _TCHAR* argv[]) { void *pFunction; pIoCheckEaBufferValidity IoCheckEaBufferValidity; HMODULE hKrnlMod = LoadLibrary(L"ntoskrnl.exe"); if (hKrnlMod) { pFunction = GetProcAddress(hKrnlMod,"IoCheckEaBufferValidity"); IoCheckEaBufferValidity = (pIoCheckEaBufferValidity)pFunction; if (IoCheckEaBufferValidity!=NULL) { /* Check tes Windows Function */ ULONG ulWinError; ULONG ulROSError; NTSTATUS WinStatus; NTSTATUS ROSStatus; PFILE_FULL_EA_INFORMATION WinEaBuffer; PFILE_FULL_EA_INFORMATION ROSEaBuffer; char szTest[100] = "FltMgr"; int iTestCount,i; ULONG TestEaLength; UCHAR TestEaBufferFlags; // Test the flag TestEaBufferFlags = 0; iTestCount = 1; WinEaBuffer = (PFILE_FULL_EA_INFORMATION)malloc(TEST_BUFFER_LEN); ROSEaBuffer = (PFILE_FULL_EA_INFORMATION)malloc(TEST_BUFFER_LEN); printf("1.) Test : *********************\n"); /* Check EaLength calculation */ /* Here all zero : only i>9 pass the test with STATUS_SUCCESS */ for (i=0;i<TEST_BUFFER_LEN;i++) { TestEaLength = i; // Windows memset(WinEaBuffer,0,TEST_BUFFER_LEN); ulWinError = RANDOM_INIT_ERROR; WinEaBuffer->Flags = TestEaBufferFlags; WinStatus = IoCheckEaBufferValidity(WinEaBuffer,TestEaLength,&ulWinError); // ROS memset(ROSEaBuffer,0,TEST_BUFFER_LEN); ulROSError = RANDOM_INIT_ERROR; ROSEaBuffer->Flags = TestEaBufferFlags; ROSStatus = IoCheckEaBufferValidityROS(ROSEaBuffer,TestEaLength,&ulROSError); CheckROSAgainstWinAndPrintResult(WinEaBuffer,ROSEaBuffer,WinStatus,ROSStatus,ulWinError,ulWinError,TEST_BUFFER_LEN,iTestCount,TestEaLength); iTestCount++; } printf("2.) Test : *********************\n"); /* Here all zero but EaBuffer::EaName is set : will always end in STATUS_EA_LIST_INCONSISTENT */ /* There must a link to EaBuffer::EaName */ for (i=0;i<TEST_BUFFER_LEN;i++) { TestEaLength = i; // Windows memset(WinEaBuffer,0,TEST_BUFFER_LEN); sprintf(WinEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); ulWinError = RANDOM_INIT_ERROR; WinEaBuffer->Flags = TestEaBufferFlags; WinStatus = IoCheckEaBufferValidity(WinEaBuffer,TestEaLength,&ulWinError); // ROS memset(ROSEaBuffer,0,TEST_BUFFER_LEN); sprintf(ROSEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); ulROSError = RANDOM_INIT_ERROR; ROSStatus = IoCheckEaBufferValidityROS(ROSEaBuffer,TestEaLength,&ulROSError); CheckROSAgainstWinAndPrintResult(WinEaBuffer,ROSEaBuffer,WinStatus,ROSStatus,ulWinError,ulWinError,TEST_BUFFER_LEN,iTestCount,TestEaLength); iTestCount++; } printf("3.) Test : *********************\n"); /* Here EaBuffer::EaName is set and EaBuffer::EaNameLength is count up. EaLength is maxbuffer: STATUS_SUCCESS when EaBuffer::EaNameLength>strlen(EaBuffer::EaName) */ TestEaLength = TEST_BUFFER_LEN; for (i=0;i<TEST_BUFFER_LEN;i++) { // Windows memset(WinEaBuffer,0,TEST_BUFFER_LEN); sprintf(WinEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); WinEaBuffer->EaNameLength = i; ulWinError = RANDOM_INIT_ERROR; WinEaBuffer->Flags = TestEaBufferFlags; WinStatus = IoCheckEaBufferValidity(WinEaBuffer,TestEaLength,&ulWinError); // ROS memset(ROSEaBuffer,0,TEST_BUFFER_LEN); sprintf(ROSEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); ROSEaBuffer->EaNameLength = i; ulROSError = RANDOM_INIT_ERROR; ROSEaBuffer->Flags = TestEaBufferFlags; ROSStatus = IoCheckEaBufferValidityROS(ROSEaBuffer,TestEaLength,&ulROSError); CheckROSAgainstWinAndPrintResult(WinEaBuffer,ROSEaBuffer,WinStatus,ROSStatus,ulWinError,ulWinError,TEST_BUFFER_LEN,iTestCount,TestEaLength); iTestCount++; } printf("4.) Test : *********************\n"); /* Here EaBuffer::EaName is set and EaBuffer::EaNameLength is strlen(EaBuffer::EaName). EaLength is count: STATUS_SUCCESS when EaLength>=17 (EaBuffer::EaNameLength+9) */ for (i=0;i<TEST_BUFFER_LEN;i++) { TestEaLength = i; // Windows memset(WinEaBuffer,0,TEST_BUFFER_LEN); sprintf(WinEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); WinEaBuffer->EaNameLength = (UCHAR)strlen(WinEaBuffer->EaName); ulWinError = RANDOM_INIT_ERROR; WinEaBuffer->Flags = TestEaBufferFlags; WinStatus = IoCheckEaBufferValidity(WinEaBuffer,TestEaLength,&ulWinError); // ROS memset(ROSEaBuffer,0,TEST_BUFFER_LEN); sprintf(ROSEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); ROSEaBuffer->EaNameLength = (UCHAR)strlen(ROSEaBuffer->EaName); ulROSError = RANDOM_INIT_ERROR; ROSEaBuffer->Flags = TestEaBufferFlags; ROSStatus = IoCheckEaBufferValidityROS(ROSEaBuffer,TestEaLength,&ulROSError); CheckROSAgainstWinAndPrintResult(WinEaBuffer,ROSEaBuffer,WinStatus,ROSStatus,ulWinError,ulWinError,TEST_BUFFER_LEN,iTestCount,TestEaLength); iTestCount++; } printf("5.) Test : *********************\n"); /* Here EaBuffer::EaName is set and EaBuffer::EaNameLength is strlen(EaBuffer::EaName) EaBuffer::EaValueLength is strlen(EaBuffer::EaName)+1. EaLength is count: STATUS_SUCCESS when EaLength>=26 (EaBuffer::EaNameLength+EaBuffer::EaValueLength+9) */ for (i=0;i<TEST_BUFFER_LEN;i++) { TestEaLength = i; // Windows memset(WinEaBuffer,0,TEST_BUFFER_LEN); sprintf(WinEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); WinEaBuffer->EaNameLength = (UCHAR)strlen(WinEaBuffer->EaName); WinEaBuffer->EaValueLength = (UCHAR)strlen(WinEaBuffer->EaName)+1; ulWinError = RANDOM_INIT_ERROR; WinEaBuffer->Flags = TestEaBufferFlags; WinStatus = IoCheckEaBufferValidity(WinEaBuffer,TestEaLength,&ulWinError); // ROS memset(ROSEaBuffer,0,TEST_BUFFER_LEN); sprintf(ROSEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); ROSEaBuffer->EaNameLength = (UCHAR)strlen(ROSEaBuffer->EaName); ROSEaBuffer->EaValueLength = (UCHAR)strlen(ROSEaBuffer->EaName)+1; ulROSError = RANDOM_INIT_ERROR; ROSEaBuffer->Flags = TestEaBufferFlags; ROSStatus = IoCheckEaBufferValidityROS(ROSEaBuffer,TestEaLength,&ulROSError); CheckROSAgainstWinAndPrintResult(WinEaBuffer,ROSEaBuffer,WinStatus,ROSStatus,ulWinError,ulWinError,TEST_BUFFER_LEN,iTestCount,TestEaLength); iTestCount++; } printf("6.) Test : *********************\n"); /* The same test like 5.) but more data in the buffer*/ /* Here EaBuffer::EaName is set and EaBuffer::EaNameLength is strlen(EaBuffer::EaName) EaBuffer::EaValueLength is strlen(EaBuffer::EaName)+1. EaLength is count: STATUS_SUCCESS when EaLength>=26 (EaBuffer::EaNameLength+EaBuffer::EaValueLength+9) */ for (i=0;i<TEST_BUFFER_LEN;i++) { TestEaLength = i; // Windows memset(WinEaBuffer,0,TEST_BUFFER_LEN); sprintf(WinEaBuffer->EaName,"%x%x%x",RANDOM_INIT_ERROR,RANDOM_INIT_ERROR,RANDOM_INIT_ERROR); sprintf(WinEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); WinEaBuffer->EaNameLength = (UCHAR)strlen(WinEaBuffer->EaName); WinEaBuffer->EaValueLength = (UCHAR)strlen(WinEaBuffer->EaName)+1; ulWinError = RANDOM_INIT_ERROR; WinEaBuffer->Flags = TestEaBufferFlags; WinStatus = IoCheckEaBufferValidity(WinEaBuffer,TestEaLength,&ulWinError); // ROS memset(ROSEaBuffer,0,TEST_BUFFER_LEN); sprintf(ROSEaBuffer->EaName,"%x%x%x",RANDOM_INIT_ERROR,RANDOM_INIT_ERROR,RANDOM_INIT_ERROR); sprintf(ROSEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); ROSEaBuffer->EaNameLength = (UCHAR)strlen(ROSEaBuffer->EaName); ROSEaBuffer->EaValueLength = (UCHAR)strlen(ROSEaBuffer->EaName)+1; ulROSError = RANDOM_INIT_ERROR; ROSEaBuffer->Flags = TestEaBufferFlags; ROSStatus = IoCheckEaBufferValidityROS(ROSEaBuffer,TestEaLength,&ulROSError); CheckROSAgainstWinAndPrintResult(WinEaBuffer,ROSEaBuffer,WinStatus,ROSStatus,ulWinError,ulWinError,TEST_BUFFER_LEN,iTestCount,TestEaLength); iTestCount++; } printf("7.) Test : *********************\n"); /* The same test like 6.) but wrong strlen */ /* Here EaBuffer::EaName is set and EaBuffer::EaNameLength is strlen(EaBuffer::EaName) EaBuffer::EaValueLength is strlen(EaBuffer::EaName)+1. EaLength is count: will always end in STATUS_EA_LIST_INCONSISTENT */ for (i=0;i<TEST_BUFFER_LEN;i++) { TestEaLength = i; // Windows memset(WinEaBuffer,0,TEST_BUFFER_LEN); sprintf(WinEaBuffer->EaName,"%x%x%x",RANDOM_INIT_ERROR,RANDOM_INIT_ERROR,RANDOM_INIT_ERROR); sprintf(WinEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); WinEaBuffer->EaNameLength = (UCHAR)strlen(WinEaBuffer->EaName)-1; WinEaBuffer->EaValueLength = (UCHAR)strlen(WinEaBuffer->EaName)+2; ulWinError = RANDOM_INIT_ERROR; WinEaBuffer->Flags = TestEaBufferFlags; WinStatus = IoCheckEaBufferValidity(WinEaBuffer,TestEaLength,&ulWinError); // ROS memset(ROSEaBuffer,0,TEST_BUFFER_LEN); sprintf(ROSEaBuffer->EaName,"%x%x%x",RANDOM_INIT_ERROR,RANDOM_INIT_ERROR,RANDOM_INIT_ERROR); sprintf(ROSEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); ROSEaBuffer->EaNameLength = (UCHAR)strlen(ROSEaBuffer->EaName)-1; ROSEaBuffer->EaValueLength = (UCHAR)strlen(ROSEaBuffer->EaName)+2; ulROSError = RANDOM_INIT_ERROR; ROSEaBuffer->Flags = TestEaBufferFlags; ROSStatus = IoCheckEaBufferValidityROS(ROSEaBuffer,TestEaLength,&ulROSError); CheckROSAgainstWinAndPrintResult(WinEaBuffer,ROSEaBuffer,WinStatus,ROSStatus,ulWinError,ulWinError,TEST_BUFFER_LEN,iTestCount,TestEaLength); iTestCount++; } printf("8.) Test : *********************\n"); /* Here WinEaBuffer->NextEntryOffset test : STATUS_SUCCESS when NextEntryOffset=0 else STATUS_EA_LIST_INCONSISTENT when NextEntryOffset = 28 = 8+8+9 ((WinEaBuffer->EaNameLength+WinEaBuffer->EaNameLength+9)+3)&0xFFFFFFFC then ErrorOffset 28 */ /* From the MSDN (http://msdn2.microsoft.com/en-us/library/ms795740.aspx). For all entries except the last, the value of NextEntryOffset must be greater than zero and must fall on a ULONG boundary.*/ for (i=0;i<TEST_BUFFER_LEN;i++) { TestEaLength = TEST_BUFFER_LEN; // Windows memset(WinEaBuffer,0,TEST_BUFFER_LEN); sprintf(WinEaBuffer->EaName,"%x%x%x",RANDOM_INIT_ERROR,RANDOM_INIT_ERROR,RANDOM_INIT_ERROR); sprintf(WinEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); WinEaBuffer->EaNameLength = (UCHAR)strlen(WinEaBuffer->EaName); WinEaBuffer->EaValueLength = (UCHAR)strlen(WinEaBuffer->EaName); ulWinError = RANDOM_INIT_ERROR; WinEaBuffer->Flags = TestEaBufferFlags; WinEaBuffer->NextEntryOffset = i; WinStatus = IoCheckEaBufferValidity(WinEaBuffer,TestEaLength,&ulWinError); // ROS memset(ROSEaBuffer,0,TEST_BUFFER_LEN); sprintf(ROSEaBuffer->EaName,"%x%x%x",RANDOM_INIT_ERROR,RANDOM_INIT_ERROR,RANDOM_INIT_ERROR); sprintf(ROSEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); ROSEaBuffer->EaNameLength = (UCHAR)strlen(ROSEaBuffer->EaName); ROSEaBuffer->EaValueLength = (UCHAR)strlen(ROSEaBuffer->EaName); ulROSError = RANDOM_INIT_ERROR; ROSEaBuffer->Flags = TestEaBufferFlags; ROSEaBuffer->NextEntryOffset = i; ROSStatus = IoCheckEaBufferValidityROS(ROSEaBuffer,TestEaLength,&ulROSError); printf("%i-",ROSEaBuffer->NextEntryOffset); CheckROSAgainstWinAndPrintResult(WinEaBuffer,ROSEaBuffer,WinStatus,ROSStatus,ulWinError,ulWinError,TEST_BUFFER_LEN,iTestCount,TestEaLength); iTestCount++; } printf("9.) Test : *********************\n"); /* Here WinEaBuffer->NextEntryOffset test wrong strlen: STATUS_SUCCESS NextEntryOffset=0 & NextEntryOffset = 28 = 8+8+9 ((WinEaBuffer->EaNameLength+WinEaBuffer->EaNameLength+9)+3)&0xFFFFFFFC */ /* From the MSDN (http://msdn2.microsoft.com/en-us/library/ms795740.aspx). For all entries except the last, the value of NextEntryOffset must be greater than zero and must fall on a ULONG boundary.*/ for (i=0;i<TEST_BUFFER_LEN;i++) { TestEaLength = TEST_BUFFER_LEN; // Windows memset(WinEaBuffer,0,TEST_BUFFER_LEN); sprintf(WinEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); WinEaBuffer->EaNameLength = (UCHAR)strlen(WinEaBuffer->EaName)-1; WinEaBuffer->EaValueLength = (UCHAR)strlen(WinEaBuffer->EaName); ulWinError = RANDOM_INIT_ERROR; WinEaBuffer->Flags = TestEaBufferFlags; WinEaBuffer->NextEntryOffset = i; WinStatus = IoCheckEaBufferValidity(WinEaBuffer,TestEaLength,&ulWinError); // ROS memset(ROSEaBuffer,0,TEST_BUFFER_LEN); sprintf(ROSEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); ROSEaBuffer->EaNameLength = (UCHAR)strlen(ROSEaBuffer->EaName)-1; ROSEaBuffer->EaValueLength = (UCHAR)strlen(ROSEaBuffer->EaName); ulROSError = RANDOM_INIT_ERROR; ROSEaBuffer->Flags = TestEaBufferFlags; ROSEaBuffer->NextEntryOffset = i; ROSStatus = IoCheckEaBufferValidityROS(ROSEaBuffer,TestEaLength,&ulROSError); printf("%i-",ROSEaBuffer->NextEntryOffset); CheckROSAgainstWinAndPrintResult(WinEaBuffer,ROSEaBuffer,WinStatus,ROSStatus,ulWinError,ulWinError,TEST_BUFFER_LEN,iTestCount,TestEaLength); iTestCount++; } printf("10.) Test : *********************\n"); /* Here WinEaBuffer->NextEntryOffset test wrong strlen: STATUS_SUCCESS NextEntryOffset=0 & NextEntryOffset = 28 = 8+8+9 ((WinEaBuffer->EaNameLength+WinEaBuffer->EaNameLength+9)+3)&0xFFFFFFFC */ /* From the MSDN (http://msdn2.microsoft.com/en-us/library/ms795740.aspx). For all entries except the last, the value of NextEntryOffset must be greater than zero and must fall on a ULONG boundary.*/ for (i=0;i<TEST_BUFFER_LEN;i++) { TestEaLength = TEST_BUFFER_LEN; // Windows memset(WinEaBuffer,0,TEST_BUFFER_LEN); sprintf(WinEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); WinEaBuffer->EaNameLength = (UCHAR)strlen(WinEaBuffer->EaName)+1; WinEaBuffer->EaValueLength = (UCHAR)strlen(WinEaBuffer->EaName)+1; ulWinError = RANDOM_INIT_ERROR; WinEaBuffer->Flags = TestEaBufferFlags; WinEaBuffer->NextEntryOffset = i; WinStatus = IoCheckEaBufferValidity(WinEaBuffer,TestEaLength,&ulWinError); // ROS memset(ROSEaBuffer,0,TEST_BUFFER_LEN); sprintf(ROSEaBuffer->EaName,"%x",RANDOM_INIT_ERROR); ROSEaBuffer->EaNameLength = (UCHAR)strlen(ROSEaBuffer->EaName)+1; ROSEaBuffer->EaValueLength = (UCHAR)strlen(ROSEaBuffer->EaName)+1; ulROSError = RANDOM_INIT_ERROR; ROSEaBuffer->Flags = TestEaBufferFlags; ROSEaBuffer->NextEntryOffset = i; ROSStatus = IoCheckEaBufferValidityROS(ROSEaBuffer,TestEaLength,&ulROSError); printf("%i-",ROSEaBuffer->NextEntryOffset); CheckROSAgainstWinAndPrintResult(WinEaBuffer,ROSEaBuffer,WinStatus,ROSStatus,ulWinError,ulWinError,TEST_BUFFER_LEN,iTestCount,TestEaLength); iTestCount++; } printf("11.) Test : *********************\n"); /* Here WinEaBuffer->NextEntryOffset : */ for (i=0;i<TEST_BUFFER_LEN;i++) { TestEaLength = TEST_BUFFER_LEN; // Windows memset(WinEaBuffer,0,TEST_BUFFER_LEN); sprintf(WinEaBuffer->EaName,"%x",RANDOM_INIT_ERROR,RANDOM_INIT_ERROR); WinEaBuffer->EaNameLength = (UCHAR)strlen(WinEaBuffer->EaName); WinEaBuffer->EaValueLength = (UCHAR)strlen(WinEaBuffer->EaName); ulWinError = RANDOM_INIT_ERROR; WinEaBuffer->Flags = TestEaBufferFlags; WinEaBuffer->NextEntryOffset = ((WinEaBuffer->EaNameLength+WinEaBuffer->EaNameLength+9)+3)&0xFFFFFFFC; WinStatus = IoCheckEaBufferValidity(WinEaBuffer,TestEaLength,&ulWinError); // ROS memset(ROSEaBuffer,0,TEST_BUFFER_LEN); sprintf(ROSEaBuffer->EaName,"%x",RANDOM_INIT_ERROR,RANDOM_INIT_ERROR); ROSEaBuffer->EaNameLength = (UCHAR)strlen(ROSEaBuffer->EaName); ROSEaBuffer->EaValueLength = (UCHAR)strlen(ROSEaBuffer->EaName); ulROSError = RANDOM_INIT_ERROR; ROSEaBuffer->Flags = TestEaBufferFlags; ROSEaBuffer->NextEntryOffset = ((ROSEaBuffer->EaNameLength+ROSEaBuffer->EaNameLength+9)+3)&0xFFFFFFFC; ROSStatus = IoCheckEaBufferValidityROS(ROSEaBuffer,TestEaLength,&ulROSError); printf("%i-",ROSEaBuffer->NextEntryOffset); CheckROSAgainstWinAndPrintResult(WinEaBuffer,ROSEaBuffer,WinStatus,ROSStatus,ulWinError,ulWinError,TEST_BUFFER_LEN,iTestCount,TestEaLength); iTestCount++; } free(WinEaBuffer); free(ROSEaBuffer); } FreeLibrary(hKrnlMod); } else { DWORD dwLastError = GetLastError(); switch (dwLastError) { case ERROR_MOD_NOT_FOUND: printf("ERROR_MOD_NOT_FOUND\n"); break; case ERROR_BAD_EXE_FORMAT: printf("ERROR_BAD_EXE_FORMAT\n"); break; } } return 0; }