// manually connect to a server
void dlgMain::OnManualConnect(wxCommandEvent &event)
{
wxString ped_result;
wxString ted_result;
wxTextEntryDialog ted(this, wxT("Please enter IP Address and Port"),
wxT("Please enter IP Address and Port"), wxT("0.0.0.0:0"));
wxPasswordEntryDialog ped(this, wxT("Enter an optional password"),
wxT("Enter an optional password"), wxT(""));
// Keep asking for a valid ip/port number
while (1)
{
if (ted.ShowModal() == wxID_CANCEL)
return;
ted_result = ted.GetValue();
if (IsAddressValid(ted_result) == false)
{
wxMessageBox(wxT("Invalid IP address/Port number"));
continue;
}
else
break;
}
// Show password entry dialog
if (ped.ShowModal() == wxID_CANCEL)
return;
LaunchGame(ted_result, launchercfg_s.odamex_directory,
launchercfg_s.wad_paths, ped.GetValue());
}
VOID NTAPI NetworkItemAddedHandler(
_In_opt_ PVOID Parameter,
_In_opt_ PVOID Context
)
{
PPH_NETWORK_ITEM NetworkItem = (PPH_NETWORK_ITEM)Parameter;
PNETWORK_DNSCACHE_EXTENSION Extension = PhPluginGetObjectExtension(PluginInstance, NetworkItem, EmNetworkItemType);
Extension->AddressValid = IsAddressValid(NetworkItem->RemoteAddressString);
UpdateNetworkItem(NETWORK_COLUMN_ID_DNSCACHE_ROOT_QUERY, NetworkItem, Extension);
}
/**
Dispatch function for SMM lock box update.
Caution: This function may receive untrusted input.
Restore buffer and length are external input, so this function will validate
it is in SMRAM.
@param LockBoxParameterUpdate parameter of lock box update
**/
VOID
SmmLockBoxUpdate (
IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate
)
{
EFI_STATUS Status;
EFI_SMM_LOCK_BOX_PARAMETER_UPDATE TempLockBoxParameterUpdate;
//
// Sanity check
//
if (mLocked) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Locked!\n"));
LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;
return ;
}
CopyMem (&TempLockBoxParameterUpdate, LockBoxParameterUpdate, sizeof (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE));
//
// Sanity check
//
if (!IsAddressValid ((UINTN)TempLockBoxParameterUpdate.Buffer, (UINTN)TempLockBoxParameterUpdate.Length)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Update address in SMRAM or buffer overflow!\n"));
LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;
return ;
}
//
// Update data
//
Status = UpdateLockBox (
&TempLockBoxParameterUpdate.Guid,
(UINTN)TempLockBoxParameterUpdate.Offset,
(VOID *)(UINTN)TempLockBoxParameterUpdate.Buffer,
(UINTN)TempLockBoxParameterUpdate.Length
);
LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)Status;
return ;
}
/**
Dispatch function for SMM lock box restore.
Caution: This function may receive untrusted input.
Restore buffer and length are external input, so this function will validate
it is in SMRAM.
@param LockBoxParameterRestore parameter of lock box restore
**/
VOID
SmmLockBoxRestore (
IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore
)
{
EFI_STATUS Status;
EFI_SMM_LOCK_BOX_PARAMETER_RESTORE TempLockBoxParameterRestore;
CopyMem (&TempLockBoxParameterRestore, LockBoxParameterRestore, sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE));
//
// Sanity check
//
if (!IsAddressValid ((UINTN)TempLockBoxParameterRestore.Buffer, (UINTN)TempLockBoxParameterRestore.Length)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Restore address in SMRAM or buffer overflow!\n"));
LockBoxParameterRestore->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;
return ;
}
//
// Restore data
//
if ((TempLockBoxParameterRestore.Length == 0) && (TempLockBoxParameterRestore.Buffer == 0)) {
Status = RestoreLockBox (
&TempLockBoxParameterRestore.Guid,
NULL,
NULL
);
} else {
Status = RestoreLockBox (
&TempLockBoxParameterRestore.Guid,
(VOID *)(UINTN)TempLockBoxParameterRestore.Buffer,
(UINTN *)&TempLockBoxParameterRestore.Length
);
}
LockBoxParameterRestore->Header.ReturnStatus = (UINT64)Status;
return ;
}
/**
Update page table according to protected memory ranges and the 4KB-page mapped memory ranges.
**/
VOID
InitPaging (
VOID
)
{
UINT64 *Pml4;
UINT64 *Pde;
UINT64 *Pte;
UINT64 *Pt;
UINTN Address;
UINTN Level1;
UINTN Level2;
UINTN Level3;
UINTN Level4;
UINTN NumberOfPdpEntries;
UINTN NumberOfPml4Entries;
UINTN SizeOfMemorySpace;
BOOLEAN Nx;
if (sizeof (UINTN) == sizeof (UINT64)) {
Pml4 = (UINT64*)(UINTN)mSmmProfileCr3;
SizeOfMemorySpace = HighBitSet64 (gPhyMask) + 1;
//
// Calculate the table entries of PML4E and PDPTE.
//
if (SizeOfMemorySpace <= 39 ) {
NumberOfPml4Entries = 1;
NumberOfPdpEntries = (UINT32)LShiftU64 (1, (SizeOfMemorySpace - 30));
} else {
NumberOfPml4Entries = (UINT32)LShiftU64 (1, (SizeOfMemorySpace - 39));
NumberOfPdpEntries = 512;
}
} else {
NumberOfPml4Entries = 1;
NumberOfPdpEntries = 4;
}
//
// Go through page table and change 2MB-page into 4KB-page.
//
for (Level1 = 0; Level1 < NumberOfPml4Entries; Level1++) {
if (sizeof (UINTN) == sizeof (UINT64)) {
if ((Pml4[Level1] & IA32_PG_P) == 0) {
//
// If Pml4 entry does not exist, skip it
//
continue;
}
Pde = (UINT64 *)(UINTN)(Pml4[Level1] & ~mAddressEncMask & PHYSICAL_ADDRESS_MASK);
} else {
Pde = (UINT64*)(UINTN)mSmmProfileCr3;
}
for (Level2 = 0; Level2 < NumberOfPdpEntries; Level2++, Pde++) {
if ((*Pde & IA32_PG_P) == 0) {
//
// If PDE entry does not exist, skip it
//
continue;
}
if ((*Pde & IA32_PG_PS) != 0) {
//
// This is 1G entry, skip it
//
continue;
}
Pte = (UINT64 *)(UINTN)(*Pde & ~mAddressEncMask & PHYSICAL_ADDRESS_MASK);
if (Pte == 0) {
continue;
}
for (Level3 = 0; Level3 < SIZE_4KB / sizeof (*Pte); Level3++, Pte++) {
if ((*Pte & IA32_PG_P) == 0) {
//
// If PTE entry does not exist, skip it
//
continue;
}
Address = (((Level2 << 9) + Level3) << 21);
//
// If it is 2M page, check IsAddressSplit()
//
if (((*Pte & IA32_PG_PS) != 0) && IsAddressSplit (Address)) {
//
// Based on current page table, create 4KB page table for split area.
//
ASSERT (Address == (*Pte & PHYSICAL_ADDRESS_MASK));
Pt = AllocatePageTableMemory (1);
ASSERT (Pt != NULL);
// Split it
for (Level4 = 0; Level4 < SIZE_4KB / sizeof(*Pt); Level4++) {
Pt[Level4] = Address + ((Level4 << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS);
} // end for PT
*Pte = (UINT64)(UINTN)Pt | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
} // end if IsAddressSplit
} // end for PTE
} // end for PDE
}
//
// Go through page table and set several page table entries to absent or execute-disable.
//
DEBUG ((EFI_D_INFO, "Patch page table start ...\n"));
for (Level1 = 0; Level1 < NumberOfPml4Entries; Level1++) {
if (sizeof (UINTN) == sizeof (UINT64)) {
if ((Pml4[Level1] & IA32_PG_P) == 0) {
//
// If Pml4 entry does not exist, skip it
//
continue;
}
Pde = (UINT64 *)(UINTN)(Pml4[Level1] & ~mAddressEncMask & PHYSICAL_ADDRESS_MASK);
} else {
Pde = (UINT64*)(UINTN)mSmmProfileCr3;
}
for (Level2 = 0; Level2 < NumberOfPdpEntries; Level2++, Pde++) {
if ((*Pde & IA32_PG_P) == 0) {
//
// If PDE entry does not exist, skip it
//
continue;
}
if ((*Pde & IA32_PG_PS) != 0) {
//
// This is 1G entry, set NX bit and skip it
//
if (mXdSupported) {
*Pde = *Pde | IA32_PG_NX;
}
continue;
}
Pte = (UINT64 *)(UINTN)(*Pde & ~mAddressEncMask & PHYSICAL_ADDRESS_MASK);
if (Pte == 0) {
continue;
}
for (Level3 = 0; Level3 < SIZE_4KB / sizeof (*Pte); Level3++, Pte++) {
if ((*Pte & IA32_PG_P) == 0) {
//
// If PTE entry does not exist, skip it
//
continue;
}
Address = (((Level2 << 9) + Level3) << 21);
if ((*Pte & IA32_PG_PS) != 0) {
// 2MB page
if (!IsAddressValid (Address, &Nx)) {
//
// Patch to remove Present flag and RW flag
//
*Pte = *Pte & (INTN)(INT32)(~PAGE_ATTRIBUTE_BITS);
}
if (Nx && mXdSupported) {
*Pte = *Pte | IA32_PG_NX;
}
} else {
// 4KB page
Pt = (UINT64 *)(UINTN)(*Pte & ~mAddressEncMask & PHYSICAL_ADDRESS_MASK);
if (Pt == 0) {
continue;
}
for (Level4 = 0; Level4 < SIZE_4KB / sizeof(*Pt); Level4++, Pt++) {
if (!IsAddressValid (Address, &Nx)) {
*Pt = *Pt & (INTN)(INT32)(~PAGE_ATTRIBUTE_BITS);
}
if (Nx && mXdSupported) {
*Pt = *Pt | IA32_PG_NX;
}
Address += SIZE_4KB;
} // end for PT
} // end if PS
} // end for PTE
} // end for PDE
}
//
// Flush TLB
//
CpuFlushTlb ();
DEBUG ((EFI_D_INFO, "Patch page table done!\n"));
//
// Set execute-disable flag
//
mXdEnabled = TRUE;
return ;
}
//*************************************************************************
// HandlePageFault()
//
// returns:
// 0 = let the system handle it
// 1 = call DebuggerShell()
// 2 = FATAL error inside debugger
//*************************************************************************
ULONG HandlePageFault(FRAME* ptr)
{
PVOID address;
PEPROCESS tsk, tsk1;
PMADDRESS_SPACE vma;
PLIST_ENTRY current_entry;
MEMORY_AREA* current;
ULONG value;
PKTHREAD CurrentThread;
PETHREAD CurrentEThread;
// get linear address of page fault
__asm__ __volatile__("movl %%cr2,%0"
:"=r" (address));
DPRINT((0,"\nPageFault: bInDebShell: %d, error: %d, addr: %x\n", bInDebuggerShell, ptr->error_code, address));
// there's something terribly wrong if we get a fault in our command handler
if(bInDebuggerShell)
{
DPRINT((0,"return handleindebuggerfault\n"));
return HandleInDebuggerFault(ptr,(ULONG)address);
}
ASSERT(IsAddressValid((ULONG)ptr));
// remember error code so we can push it back on the stack
error_code = ptr->error_code;
//ei Check IRQL here!!!
/*
if(in_interrupt())
{
Print(OUTPUT_WINDOW,"pICE: system is currently processing an interrupt!\n");
return 1;
}
*/
// current process
tsk = IoGetCurrentProcess();
DPRINT((0,"tsk: %x\t", tsk));
if( !tsk || !(IsAddressValid((ULONG)tsk))){
DPRINT((0,"tsk address not valid: tsk: %x\n", tsk));
return 0;
}
// lookup VMA for this address
if( (ULONG)address > KERNEL_BASE )
vma = my_init_mm; // use kernel mem area for kernel addresses
else vma = &(tsk->AddressSpace); // otherwise, use user memory area
if( !vma ){
DPRINT((0,"vma not valid: vma: %x\n", vma));
return 0;
}
current_entry = vma->MAreaListHead.Flink;
ASSERT(current_entry);
DPRINT((0,"vma: %x, current_entry: %x, kernel arena: %x\n", vma, current_entry, my_init_mm));
while(current_entry != &vma->MAreaListHead)
{
ASSERT(current_entry);
ASSERT(IsAddressValid((ULONG)current_entry));
current = CONTAINING_RECORD(current_entry,
MEMORY_AREA,
Entry);
if( (address >= current->BaseAddress) && (address <= current->BaseAddress + current->Length ))
{
DPRINT((0,"address: %x %x - %x Attrib: %x, Type: %x\n", address, current->BaseAddress, current->BaseAddress + current->Length, current->Attributes, current->Type));
//page not present
if( !(error_code & 1) ){
//check it is in pageable area
if( current->Type == MEMORY_AREA_SECTION_VIEW ||
current->Type == MEMORY_AREA_VIRTUAL_MEMORY ||
current->Type == MEMORY_AREA_PAGED_POOL ||
current->Type == MEMORY_AREA_SHARED_DATA
){
//ei too much output Print(OUTPUT_WINDOW,"pICE: VMA Pageable Section.\n");
//ei DPRINT((0,"return 0 1\n"));
return 0; //let the system handle this
}
Print(OUTPUT_WINDOW,"pICE: VMA Page not present in non-pageable Section!\n");
//ei DPRINT((0,"Type: currenttype: %x return 1 2\n", current->Type));
return 0;
}
else{ //access violation
if( error_code & 4 )
{ //user mode
if( (ULONG)address >= KERNEL_BASE )
{
Print(OUTPUT_WINDOW,"pICE: User mode program trying to access kernel memory!\n");
//DPRINT((0,"return 0 3\n"));
return 1;
}
//DPRINT((0,"return 0 4\n"));
return 0;
}
/*
if(error_code & 2)
{
//on write
if(!(current->Attributes & PAGE_READONLY))
{
Print(OUTPUT_WINDOW,"pICE: virtual memory arena is not writeable!\n");
return 1;
}
}
// READ ACCESS
else
{
// test EXT bit in error code
if (error_code & 1)
{
Print(OUTPUT_WINDOW,"pICE: page-level protection fault!\n");
return 1;
}
//
*/
/*
if (!(current->Attributes & PAGE_EXECUTE_READ))
{
Print(OUTPUT_WINDOW,"pICE: VMA is not readable!\n");
return 1;
}
*/
// let the system handle it
//DPRINT((0,"return 0 5\n"));
return 0;
}
}
current_entry = current_entry->Flink;
}
Print(OUTPUT_WINDOW,"pICE: no virtual memory arena at this address!\n");
DPRINT((0,"return 0 6\n"));
return 1;
// let the system handle it
// return 0;
}
/**
Update page table to map the memory correctly in order to make the instruction
which caused page fault execute successfully. And it also save the original page
table to be restored in single-step exception.
@param PageTable PageTable Address.
@param PFAddress The memory address which caused page fault exception.
@param CpuIndex The index of the processor.
@param ErrorCode The Error code of exception.
@param IsValidPFAddress The flag indicates if SMM profile data need be added.
**/
VOID
RestorePageTableAbove4G (
UINT64 *PageTable,
UINT64 PFAddress,
UINTN CpuIndex,
UINTN ErrorCode,
BOOLEAN *IsValidPFAddress
)
{
UINTN PTIndex;
UINT64 Address;
BOOLEAN Nx;
BOOLEAN Existed;
UINTN Index;
UINTN PFIndex;
ASSERT ((PageTable != NULL) && (IsValidPFAddress != NULL));
//
// If page fault address is 4GB above.
//
//
// Check if page fault address has existed in page table.
// If it exists in page table but page fault is generated,
// there are 2 possible reasons: 1. present flag is set to 0; 2. instruction fetch in protected memory range.
//
Existed = FALSE;
PageTable = (UINT64*)(AsmReadCr3 () & PHYSICAL_ADDRESS_MASK);
PTIndex = BitFieldRead64 (PFAddress, 39, 47);
if ((PageTable[PTIndex] & IA32_PG_P) != 0) {
// PML4E
PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & PHYSICAL_ADDRESS_MASK);
PTIndex = BitFieldRead64 (PFAddress, 30, 38);
if ((PageTable[PTIndex] & IA32_PG_P) != 0) {
// PDPTE
PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & PHYSICAL_ADDRESS_MASK);
PTIndex = BitFieldRead64 (PFAddress, 21, 29);
// PD
if ((PageTable[PTIndex] & IA32_PG_PS) != 0) {
//
// 2MB page
//
Address = (UINT64)(PageTable[PTIndex] & PHYSICAL_ADDRESS_MASK);
if ((Address & PHYSICAL_ADDRESS_MASK & ~((1ull << 21) - 1)) == ((PFAddress & PHYSICAL_ADDRESS_MASK & ~((1ull << 21) - 1)))) {
Existed = TRUE;
}
} else {
//
// 4KB page
//
PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & PHYSICAL_ADDRESS_MASK);
if (PageTable != 0) {
//
// When there is a valid entry to map to 4KB page, need not create a new entry to map 2MB.
//
PTIndex = BitFieldRead64 (PFAddress, 12, 20);
Address = (UINT64)(PageTable[PTIndex] & PHYSICAL_ADDRESS_MASK);
if ((Address & PHYSICAL_ADDRESS_MASK & ~((1ull << 12) - 1)) == (PFAddress & PHYSICAL_ADDRESS_MASK & ~((1ull << 12) - 1))) {
Existed = TRUE;
}
}
}
}
}
//
// If page entry does not existed in page table at all, create a new entry.
//
if (!Existed) {
if (IsAddressValid (PFAddress, &Nx)) {
//
// If page fault address above 4GB is in protected range but it causes a page fault exception,
// Will create a page entry for this page fault address, make page table entry as present/rw and execution-disable.
// this access is not saved into SMM profile data.
//
*IsValidPFAddress = TRUE;
}
//
// Create one entry in page table for page fault address.
//
SmiDefaultPFHandler ();
//
// Find the page table entry created just now.
//
PageTable = (UINT64*)(AsmReadCr3 () & PHYSICAL_ADDRESS_MASK);
PFAddress = AsmReadCr2 ();
// PML4E
PTIndex = BitFieldRead64 (PFAddress, 39, 47);
PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & PHYSICAL_ADDRESS_MASK);
// PDPTE
PTIndex = BitFieldRead64 (PFAddress, 30, 38);
PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & PHYSICAL_ADDRESS_MASK);
// PD
PTIndex = BitFieldRead64 (PFAddress, 21, 29);
Address = PageTable[PTIndex] & PHYSICAL_ADDRESS_MASK;
//
// Check if 2MB-page entry need be changed to 4KB-page entry.
//
if (IsAddressSplit (Address)) {
AcquirePage (&PageTable[PTIndex]);
// PTE
PageTable = (UINT64*)(UINTN)(PageTable[PTIndex] & PHYSICAL_ADDRESS_MASK);
for (Index = 0; Index < 512; Index++) {
PageTable[Index] = Address | IA32_PG_RW | IA32_PG_P;
if (!IsAddressValid (Address, &Nx)) {
PageTable[Index] = PageTable[Index] & (INTN)(INT32)(~(IA32_PG_RW | IA32_PG_P));
}
if (Nx && mXdSupported) {
PageTable[Index] = PageTable[Index] | IA32_PG_NX;
}
if (Address == (PFAddress & PHYSICAL_ADDRESS_MASK & ~((1ull << 12) - 1))) {
PTIndex = Index;
}
Address += SIZE_4KB;
} // end for PT
} else {
//
// Update 2MB page entry.
//
if (!IsAddressValid (Address, &Nx)) {
//
// Patch to remove present flag and rw flag.
//
PageTable[PTIndex] = PageTable[PTIndex] & (INTN)(INT32)(~(IA32_PG_RW | IA32_PG_P));
}
//
// Set XD bit to 1
//
if (Nx && mXdSupported) {
PageTable[PTIndex] = PageTable[PTIndex] | IA32_PG_NX;
}
}
}
//
// Record old entries with non-present status
// Old entries include the memory which instruction is at and the memory which instruction access.
//
//
ASSERT (mPFEntryCount[CpuIndex] < MAX_PF_ENTRY_COUNT);
if (mPFEntryCount[CpuIndex] < MAX_PF_ENTRY_COUNT) {
PFIndex = mPFEntryCount[CpuIndex];
mLastPFEntryValue[CpuIndex][PFIndex] = PageTable[PTIndex];
mLastPFEntryPointer[CpuIndex][PFIndex] = &PageTable[PTIndex];
mPFEntryCount[CpuIndex]++;
}
//
// Add present flag or clear XD flag to make page fault handler succeed.
//
PageTable[PTIndex] |= (UINT64)(IA32_PG_RW | IA32_PG_P);
if ((ErrorCode & IA32_PF_EC_ID) != 0) {
//
// If page fault is caused by instruction fetch, clear XD bit in the entry.
//
PageTable[PTIndex] &= ~IA32_PG_NX;
}
return;
}
