#include <ntoskrnl.h>
#include <debug.h>
#include <mm/ARM3/miarm.h>

Include dependency graph for virtual.c:

Macros
#define	NDEBUG

#define	MODULE_INVOLVED_IN_ARM3

#define	MI_MAPPED_COPY_PAGES 14

#define	MI_POOL_COPY_BYTES 512

#define	MI_MAX_TRANSFER_SIZE 64 * 1024

Functions
NTSTATUS NTAPI	MiProtectVirtualMemory (IN PEPROCESS Process, IN OUT PVOID *BaseAddress, IN OUT PSIZE_T NumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG OldAccessProtection OPTIONAL)

VOID NTAPI	MiFlushTbAndCapture (IN PMMVAD FoundVad, IN PMMPTE PointerPte, IN ULONG ProtectionMask, IN PMMPFN Pfn1, IN BOOLEAN CaptureDirtyBit)

ULONG NTAPI	MiCalculatePageCommitment (IN ULONG_PTR StartingAddress, IN ULONG_PTR EndingAddress, IN PMMVAD Vad, IN PEPROCESS Process)

ULONG NTAPI	MiMakeSystemAddressValid (IN PVOID PageTableVirtualAddress, IN PEPROCESS CurrentProcess)

ULONG NTAPI	MiMakeSystemAddressValidPfn (IN PVOID VirtualAddress, IN KIRQL OldIrql)

PFN_COUNT NTAPI	MiDeleteSystemPageableVm (IN PMMPTE PointerPte, IN PFN_NUMBER PageCount, IN ULONG Flags, OUT PPFN_NUMBER ValidPages)

VOID NTAPI	MiDeletePte (IN PMMPTE PointerPte, IN PVOID VirtualAddress, IN PEPROCESS CurrentProcess, IN PMMPTE PrototypePte)

VOID NTAPI	MiDeleteVirtualAddresses (IN ULONG_PTR Va, IN ULONG_PTR EndingAddress, IN PMMVAD Vad)

LONG	MiGetExceptionInfo (IN PEXCEPTION_POINTERS ExceptionInfo, OUT PBOOLEAN HaveBadAddress, OUT PULONG_PTR BadAddress)

NTSTATUS NTAPI	MiDoMappedCopy (IN PEPROCESS SourceProcess, IN PVOID SourceAddress, IN PEPROCESS TargetProcess, OUT PVOID TargetAddress, IN SIZE_T BufferSize, IN KPROCESSOR_MODE PreviousMode, OUT PSIZE_T ReturnSize)

NTSTATUS NTAPI	MiDoPoolCopy (IN PEPROCESS SourceProcess, IN PVOID SourceAddress, IN PEPROCESS TargetProcess, OUT PVOID TargetAddress, IN SIZE_T BufferSize, IN KPROCESSOR_MODE PreviousMode, OUT PSIZE_T ReturnSize)

NTSTATUS NTAPI	MmCopyVirtualMemory (IN PEPROCESS SourceProcess, IN PVOID SourceAddress, IN PEPROCESS TargetProcess, OUT PVOID TargetAddress, IN SIZE_T BufferSize, IN KPROCESSOR_MODE PreviousMode, OUT PSIZE_T ReturnSize)

NTSTATUS NTAPI	MmFlushVirtualMemory (IN PEPROCESS Process, IN OUT PVOID *BaseAddress, IN OUT PSIZE_T RegionSize, OUT PIO_STATUS_BLOCK IoStatusBlock)

ULONG NTAPI	MiGetPageProtection (IN PMMPTE PointerPte)

ULONG NTAPI	MiQueryAddressState (IN PVOID Va, IN PMMVAD Vad, IN PEPROCESS TargetProcess, OUT PULONG ReturnedProtect, OUT PVOID *NextVa)

NTSTATUS NTAPI	MiQueryMemoryBasicInformation (IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID MemoryInformation, IN SIZE_T MemoryInformationLength, OUT PSIZE_T ReturnLength)

BOOLEAN NTAPI	MiIsEntireRangeCommitted (IN ULONG_PTR StartingAddress, IN ULONG_PTR EndingAddress, IN PMMVAD Vad, IN PEPROCESS Process)

NTSTATUS NTAPI	MiRosProtectVirtualMemory (IN PEPROCESS Process, IN OUT PVOID *BaseAddress, IN OUT PSIZE_T NumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG OldAccessProtection OPTIONAL)

VOID NTAPI	MiMakePdeExistAndMakeValid (IN PMMPDE PointerPde, IN PEPROCESS TargetProcess, IN KIRQL OldIrql)

VOID NTAPI	MiProcessValidPteList (IN PMMPTE *ValidPteList, IN ULONG Count)

ULONG NTAPI	MiDecommitPages (IN PVOID StartingAddress, IN PMMPTE EndingPte, IN PEPROCESS Process, IN PMMVAD Vad)

PVOID NTAPI	MmGetVirtualForPhysical (IN PHYSICAL_ADDRESS PhysicalAddress)

PVOID NTAPI	MmSecureVirtualMemory (IN PVOID Address, IN SIZE_T Length, IN ULONG Mode)

VOID NTAPI	MmUnsecureVirtualMemory (IN PVOID SecureMem)

NTSTATUS NTAPI	NtReadVirtualMemory (IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN SIZE_T NumberOfBytesToRead, OUT PSIZE_T NumberOfBytesRead OPTIONAL)

NTSTATUS NTAPI	NtWriteVirtualMemory (IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN SIZE_T NumberOfBytesToWrite, OUT PSIZE_T NumberOfBytesWritten OPTIONAL)

NTSTATUS NTAPI	NtFlushInstructionCache (_In_ HANDLE ProcessHandle, _In_opt_ PVOID BaseAddress, _In_ SIZE_T FlushSize)

NTSTATUS NTAPI	NtProtectVirtualMemory (IN HANDLE ProcessHandle, IN OUT PVOID UnsafeBaseAddress, IN OUT SIZE_T UnsafeNumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG UnsafeOldAccessProtection)

FORCEINLINE BOOLEAN	MI_IS_LOCKED_VA (PMMPFN Pfn1, ULONG LockType)

FORCEINLINE VOID	MI_LOCK_VA (PMMPFN Pfn1, ULONG LockType)

FORCEINLINE VOID	MI_UNLOCK_VA (PMMPFN Pfn1, ULONG LockType)

static NTSTATUS	MiCheckVadsForLockOperation (_Inout_ PVOID BaseAddress, _Inout_ PSIZE_T RegionSize, _Inout_ PVOID EndAddress)

static NTSTATUS	MiLockVirtualMemory (IN OUT PVOID *BaseAddress, IN OUT PSIZE_T RegionSize, IN ULONG MapType)

NTSTATUS NTAPI	NtLockVirtualMemory (IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PSIZE_T NumberOfBytesToLock, IN ULONG MapType)

static NTSTATUS	MiUnlockVirtualMemory (IN OUT PVOID *BaseAddress, IN OUT PSIZE_T RegionSize, IN ULONG MapType)

NTSTATUS NTAPI	NtUnlockVirtualMemory (IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PSIZE_T NumberOfBytesToUnlock, IN ULONG MapType)

NTSTATUS NTAPI	NtFlushVirtualMemory (IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PSIZE_T NumberOfBytesToFlush, OUT PIO_STATUS_BLOCK IoStatusBlock)

NTSTATUS NTAPI	NtGetWriteWatch (IN HANDLE ProcessHandle, IN ULONG Flags, IN PVOID BaseAddress, IN SIZE_T RegionSize, IN PVOID *UserAddressArray, OUT PULONG_PTR EntriesInUserAddressArray, OUT PULONG Granularity)

NTSTATUS NTAPI	NtResetWriteWatch (IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN SIZE_T RegionSize)

NTSTATUS NTAPI	NtQueryVirtualMemory (IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN MEMORY_INFORMATION_CLASS MemoryInformationClass, OUT PVOID MemoryInformation, IN SIZE_T MemoryInformationLength, OUT PSIZE_T ReturnLength)

NTSTATUS NTAPI	NtAllocateVirtualMemory (IN HANDLE ProcessHandle, IN OUT PVOID *UBaseAddress, IN ULONG_PTR ZeroBits, IN OUT PSIZE_T URegionSize, IN ULONG AllocationType, IN ULONG Protect)

NTSTATUS NTAPI	NtFreeVirtualMemory (IN HANDLE ProcessHandle, IN PVOID *UBaseAddress, IN PSIZE_T URegionSize, IN ULONG FreeType)

PHYSICAL_ADDRESS NTAPI	MmGetPhysicalAddress (PVOID Address)

Macro Definition Documentation

◆ MI_MAPPED_COPY_PAGES

#define MI_MAPPED_COPY_PAGES 14

Definition at line 18 of file virtual.c.

Referenced by MiDoMappedCopy().

◆ MI_MAX_TRANSFER_SIZE

#define MI_MAX_TRANSFER_SIZE 64 * 1024

Definition at line 20 of file virtual.c.

Referenced by MiDoPoolCopy().

◆ MI_POOL_COPY_BYTES

#define MI_POOL_COPY_BYTES 512

Definition at line 19 of file virtual.c.

Referenced by MiDoPoolCopy(), and MmCopyVirtualMemory().

◆ MODULE_INVOLVED_IN_ARM3

#define MODULE_INVOLVED_IN_ARM3

Definition at line 15 of file virtual.c.

◆ NDEBUG

#define NDEBUG

Definition at line 12 of file virtual.c.

Function Documentation

◆ MI_IS_LOCKED_VA()

FORCEINLINE BOOLEAN MI_IS_LOCKED_VA	(	PMMPFN	Pfn1,
		ULONG	LockType
	)

Definition at line 3152 of file virtual.c.

Referenced by MiLockVirtualMemory(), and MiUnlockVirtualMemory().

 {
     // HACK until we have proper WSLIST support
     PMMWSLE Wsle = &Pfn1->Wsle;
 
     if ((LockType & MAP_PROCESS) && (Wsle->u1.e1.LockedInWs))
         return TRUE;
     if ((LockType & MAP_SYSTEM) && (Wsle->u1.e1.LockedInMemory))
         return TRUE;
 
     return FALSE;
 }

◆ MI_LOCK_VA()

FORCEINLINE VOID MI_LOCK_VA	(	PMMPFN	Pfn1,
		ULONG	LockType
	)

Definition at line 3169 of file virtual.c.

Referenced by MiLockVirtualMemory().

 {
     // HACK until we have proper WSLIST support
     PMMWSLE Wsle = &Pfn1->Wsle;
 
     if (!Wsle->u1.e1.LockedInWs &&
         !Wsle->u1.e1.LockedInMemory)
     {
         MiReferenceProbedPageAndBumpLockCount(Pfn1);
     }
 
     if (LockType & MAP_PROCESS)
         Wsle->u1.e1.LockedInWs = 1;
     if (LockType & MAP_SYSTEM)
         Wsle->u1.e1.LockedInMemory = 1;
 }

◆ MI_UNLOCK_VA()

FORCEINLINE VOID MI_UNLOCK_VA	(	PMMPFN	Pfn1,
		ULONG	LockType
	)

Definition at line 3190 of file virtual.c.

Referenced by MiUnlockVirtualMemory().

 {
     // HACK until we have proper WSLIST support
     PMMWSLE Wsle = &Pfn1->Wsle;
 
     if (LockType & MAP_PROCESS)
         Wsle->u1.e1.LockedInWs = 0;
     if (LockType & MAP_SYSTEM)
         Wsle->u1.e1.LockedInMemory = 0;
 
     if (!Wsle->u1.e1.LockedInWs &&
         !Wsle->u1.e1.LockedInMemory)
     {
         MiDereferencePfnAndDropLockCount(Pfn1);
     }
 }

◆ MiCalculatePageCommitment()

ULONG NTAPI MiCalculatePageCommitment	(	IN ULONG_PTR	StartingAddress,
		IN ULONG_PTR	EndingAddress,
		IN PMMVAD	Vad,
		IN PEPROCESS	Process
	)

Definition at line 42 of file virtual.c.

Referenced by NtFreeVirtualMemory().

 {
     PMMPTE PointerPte, LastPte;
     PMMPDE PointerPde;
     ULONG CommittedPages;
 
     /* Compute starting and ending PTE and PDE addresses */
     PointerPde = MiAddressToPde(StartingAddress);
     PointerPte = MiAddressToPte(StartingAddress);
     LastPte = MiAddressToPte(EndingAddress);
 
     /* Handle commited pages first */
     if (Vad->u.VadFlags.MemCommit == 1)
     {
         /* This is a committed VAD, so Assume the whole range is committed */
         CommittedPages = (ULONG)BYTES_TO_PAGES(EndingAddress - StartingAddress);
 
         /* Is the PDE demand-zero? */
         PointerPde = MiPteToPde(PointerPte);
         if (PointerPde->u.Long != 0)
         {
             /* It is not. Is it valid? */
             if (PointerPde->u.Hard.Valid == 0)
             {
                 /* Fault it in */
                 PointerPte = MiPteToAddress(PointerPde);
                 MiMakeSystemAddressValid(PointerPte, Process);
             }
         }
         else
         {
             /* It is, skip it and move to the next PDE, unless we're done */
             PointerPde++;
             PointerPte = MiPteToAddress(PointerPde);
             if (PointerPte > LastPte) return CommittedPages;
         }
 
         /* Now loop all the PTEs in the range */
         while (PointerPte <= LastPte)
         {
             /* Have we crossed a PDE boundary? */
             if (MiIsPteOnPdeBoundary(PointerPte))
             {
                 /* Is this PDE demand zero? */
                 PointerPde = MiPteToPde(PointerPte);
                 if (PointerPde->u.Long != 0)
                 {
                     /* It isn't -- is it valid? */
                     if (PointerPde->u.Hard.Valid == 0)
                     {
                         /* Nope, fault it in */
                         PointerPte = MiPteToAddress(PointerPde);
                         MiMakeSystemAddressValid(PointerPte, Process);
                     }
                 }
                 else
                 {
                     /* It is, skip it and move to the next PDE */
                     PointerPde++;
                     PointerPte = MiPteToAddress(PointerPde);
                     continue;
                 }
             }
 
             /* Is this PTE demand zero? */
             if (PointerPte->u.Long != 0)
             {
                 /* It isn't -- is it a decommited, invalid, or faulted PTE? */
                 if ((PointerPte->u.Soft.Protection == MM_DECOMMIT) &&
                     (PointerPte->u.Hard.Valid == 0) &&
                     ((PointerPte->u.Soft.Prototype == 0) ||
                      (PointerPte->u.Soft.PageFileHigh == MI_PTE_LOOKUP_NEEDED)))
                 {
                     /* It is, so remove it from the count of commited pages */
                     CommittedPages--;
                 }
             }
 
             /* Move to the next PTE */
             PointerPte++;
         }
 
         /* Return how many committed pages there still are */
         return CommittedPages;
     }
 
     /* This is a non-commited VAD, so assume none of it is committed */
     CommittedPages = 0;
 
     /* Is the PDE demand-zero? */
     PointerPde = MiPteToPde(PointerPte);
     if (PointerPde->u.Long != 0)
     {
         /* It isn't -- is it invalid? */
         if (PointerPde->u.Hard.Valid == 0)
         {
             /* It is, so page it in */
             PointerPte = MiPteToAddress(PointerPde);
             MiMakeSystemAddressValid(PointerPte, Process);
         }
     }
     else
     {
         /* It is, so skip it and move to the next PDE */
         PointerPde++;
         PointerPte = MiPteToAddress(PointerPde);
         if (PointerPte > LastPte) return CommittedPages;
     }
 
     /* Loop all the PTEs in this PDE */
     while (PointerPte <= LastPte)
     {
         /* Have we crossed a PDE boundary? */
         if (MiIsPteOnPdeBoundary(PointerPte))
         {
             /* Is this new PDE demand-zero? */
             PointerPde = MiPteToPde(PointerPte);
             if (PointerPde->u.Long != 0)
             {
                 /* It isn't. Is it valid? */
                 if (PointerPde->u.Hard.Valid == 0)
                 {
                     /* It isn't, so make it valid */
                     PointerPte = MiPteToAddress(PointerPde);
                     MiMakeSystemAddressValid(PointerPte, Process);
                 }
             }
             else
             {
                 /* It is, so skip it and move to the next one */
                 PointerPde++;
                 PointerPte = MiPteToAddress(PointerPde);
                 continue;
             }
         }
 
         /* Is this PTE demand-zero? */
         if (PointerPte->u.Long != 0)
         {
             /* Nope. Is it a valid, non-decommited, non-paged out PTE? */
             if ((PointerPte->u.Soft.Protection != MM_DECOMMIT) ||
                 (PointerPte->u.Hard.Valid == 1) ||
                 ((PointerPte->u.Soft.Prototype == 1) &&
                  (PointerPte->u.Soft.PageFileHigh != MI_PTE_LOOKUP_NEEDED)))
             {
                 /* It is! So we'll treat this as a committed page */
                 CommittedPages++;
             }
         }
 
         /* Move to the next PTE */
         PointerPte++;
     }
 
     /* Return how many committed pages we found in this VAD */
     return CommittedPages;
 }

◆ MiCheckVadsForLockOperation()

static NTSTATUS MiCheckVadsForLockOperation	(	_Inout_ PVOID *	BaseAddress,
		_Inout_ PSIZE_T	RegionSize,
		_Inout_ PVOID *	EndAddress
	)

static

FIXME: this might be a memory area for a section view...

Definition at line 3211 of file virtual.c.

Referenced by MiLockVirtualMemory(), and MiUnlockVirtualMemory().

 {
     PMMVAD Vad;
     PVOID CurrentVa;
 
     /* Get the base address and align the start address */
     *EndAddress = (PUCHAR)*BaseAddress + *RegionSize;
     *EndAddress = ALIGN_UP_POINTER_BY(*EndAddress, PAGE_SIZE);
     *BaseAddress = ALIGN_DOWN_POINTER_BY(*BaseAddress, PAGE_SIZE);
 
     /* First loop and check all VADs */
     CurrentVa = *BaseAddress;
     while (CurrentVa < *EndAddress)
     {
         /* Get VAD */
         Vad = MiLocateAddress(CurrentVa);
         if (Vad == NULL)
         {
             return STATUS_ACCESS_VIOLATION;
         }
 
         /* Check VAD type */
         if ((Vad->u.VadFlags.VadType != VadNone) &&
             (Vad->u.VadFlags.VadType != VadImageMap) &&
             (Vad->u.VadFlags.VadType != VadWriteWatch))
         {
             *EndAddress = CurrentVa;
             *RegionSize = (PUCHAR)*EndAddress - (PUCHAR)*BaseAddress;
             return STATUS_INCOMPATIBLE_FILE_MAP;
         }
 
         CurrentVa = (PVOID)((Vad->EndingVpn + 1) << PAGE_SHIFT);
     }
 
     *RegionSize = (PUCHAR)*EndAddress - (PUCHAR)*BaseAddress;
     return STATUS_SUCCESS;
 }

◆ MiDecommitPages()

ULONG NTAPI MiDecommitPages	(	IN PVOID	StartingAddress,
		IN PMMPTE	EndingPte,
		IN PEPROCESS	Process,
		IN PMMVAD	Vad
	)

Definition at line 2502 of file virtual.c.

Referenced by NtFreeVirtualMemory().

 {
     PMMPTE PointerPte, CommitPte = NULL;
     PMMPDE PointerPde;
     ULONG CommitReduction = 0;
     PMMPTE ValidPteList[256];
     ULONG PteCount = 0;
     PMMPFN Pfn1;
     MMPTE PteContents;
     PETHREAD CurrentThread = PsGetCurrentThread();
 
     //
     // Get the PTE and PTE for the address, and lock the working set
     // If this was a VAD for a MEM_COMMIT allocation, also figure out where the
     // commited range ends so that we can do the right accounting.
     //
     PointerPde = MiAddressToPde(StartingAddress);
     PointerPte = MiAddressToPte(StartingAddress);
     if (Vad->u.VadFlags.MemCommit) CommitPte = MiAddressToPte(Vad->EndingVpn << PAGE_SHIFT);
     MiLockProcessWorkingSetUnsafe(Process, CurrentThread);
 
     //
     // Make the PDE valid, and now loop through each page's worth of data
     //
     MiMakePdeExistAndMakeValid(PointerPde, Process, MM_NOIRQL);
     while (PointerPte <= EndingPte)
     {
         //
         // Check if we've crossed a PDE boundary
         //
         if (MiIsPteOnPdeBoundary(PointerPte))
         {
             //
             // Get the new PDE and flush the valid PTEs we had built up until
             // now. This helps reduce the amount of TLB flushing we have to do.
             // Note that Windows does a much better job using timestamps and
             // such, and does not flush the entire TLB all the time, but right
             // now we have bigger problems to worry about than TLB flushing.
             //
             PointerPde = MiAddressToPde(StartingAddress);
             if (PteCount)
             {
                 MiProcessValidPteList(ValidPteList, PteCount);
                 PteCount = 0;
             }
 
             //
             // Make this PDE valid
             //
             MiMakePdeExistAndMakeValid(PointerPde, Process, MM_NOIRQL);
         }
 
         //
         // Read this PTE. It might be active or still demand-zero.
         //
         PteContents = *PointerPte;
         if (PteContents.u.Long)
         {
             //
             // The PTE is active. It might be valid and in a working set, or
             // it might be a prototype PTE or paged out or even in transition.
             //
             if (PointerPte->u.Long == MmDecommittedPte.u.Long)
             {
                 //
                 // It's already decommited, so there's nothing for us to do here
                 //
                 CommitReduction++;
             }
             else
             {
                 //
                 // Remove it from the counters, and check if it was valid or not
                 //
                 //Process->NumberOfPrivatePages--;
                 if (PteContents.u.Hard.Valid)
                 {
                     //
                     // It's valid. At this point make sure that it is not a ROS
                     // PFN. Also, we don't support ProtoPTEs in this code path.
                     //
                     Pfn1 = MiGetPfnEntry(PteContents.u.Hard.PageFrameNumber);
                     ASSERT(MI_IS_ROS_PFN(Pfn1) == FALSE);
                     ASSERT(Pfn1->u3.e1.PrototypePte == FALSE);
 
                     //
                     // Flush any pending PTEs that we had not yet flushed, if our
                     // list has gotten too big, then add this PTE to the flush list.
                     //
                     if (PteCount == 256)
                     {
                         MiProcessValidPteList(ValidPteList, PteCount);
                         PteCount = 0;
                     }
                     ValidPteList[PteCount++] = PointerPte;
                 }
                 else
                 {
                     //
                     // We do not support any of these other scenarios at the moment
                     //
                     ASSERT(PteContents.u.Soft.Prototype == 0);
                     ASSERT(PteContents.u.Soft.Transition == 0);
                     ASSERT(PteContents.u.Soft.PageFileHigh == 0);
 
                     //
                     // So the only other possibility is that it is still a demand
                     // zero PTE, in which case we undo the accounting we did
                     // earlier and simply make the page decommitted.
                     //
                     //Process->NumberOfPrivatePages++;
                     MI_WRITE_INVALID_PTE(PointerPte, MmDecommittedPte);
                 }
             }
         }
         else
         {
             //
             // This used to be a zero PTE and it no longer is, so we must add a
             // reference to the pagetable.
             //
             MiIncrementPageTableReferences(StartingAddress);
 
             //
             // Next, we account for decommitted PTEs and make the PTE as such
             //
             if (PointerPte > CommitPte) CommitReduction++;
             MI_WRITE_INVALID_PTE(PointerPte, MmDecommittedPte);
         }
 
         //
         // Move to the next PTE and the next address
         //
         PointerPte++;
         StartingAddress = (PVOID)((ULONG_PTR)StartingAddress + PAGE_SIZE);
     }
 
     //
     // Flush any dangling PTEs from the loop in the last page table, and then
     // release the working set and return the commit reduction accounting.
     //
     if (PteCount) MiProcessValidPteList(ValidPteList, PteCount);
     MiUnlockProcessWorkingSetUnsafe(Process, CurrentThread);
     return CommitReduction;
 }

◆ MiDeletePte()

VOID NTAPI MiDeletePte	(	IN PMMPTE	PointerPte,
		IN PVOID	VirtualAddress,
		IN PEPROCESS	CurrentProcess,
		IN PMMPTE	PrototypePte
	)

Definition at line 391 of file virtual.c.

Referenced by MiBalancerThread(), MiDeleteVirtualAddresses(), MiQueryPageTableReferences(), MiResolveProtoPteFault(), MiUnmapLockedPagesInUserSpace(), MmArmAccessFault(), MmDeleteProcessAddressSpace(), and MmFreeMemoryArea().

 {
     PMMPFN Pfn1;
     MMPTE TempPte;
     PFN_NUMBER PageFrameIndex;
     PMMPDE PointerPde;
 
     /* PFN lock must be held */
     MI_ASSERT_PFN_LOCK_HELD();
 
     /* Capture the PTE */
     TempPte = *PointerPte;
 
     /* See if the PTE is valid */
     if (TempPte.u.Hard.Valid == 0)
     {
         /* Prototype and paged out PTEs not supported yet */
         ASSERT(TempPte.u.Soft.Prototype == 0);
         ASSERT((TempPte.u.Soft.PageFileHigh == 0) || (TempPte.u.Soft.Transition == 1));
 
         if (TempPte.u.Soft.Transition)
         {
             /* Get the PFN entry */
             PageFrameIndex = PFN_FROM_PTE(&TempPte);
             Pfn1 = MiGetPfnEntry(PageFrameIndex);
 
             DPRINT("Pte %p is transitional!\n", PointerPte);
 
             /* Make sure the saved PTE address is valid */
             ASSERT((PMMPTE)((ULONG_PTR)Pfn1->PteAddress & ~0x1) == PointerPte);
 
             /* Destroy the PTE */
             MI_ERASE_PTE(PointerPte);
 
             /* Drop the reference on the page table. */
             MiDecrementShareCount(MiGetPfnEntry(Pfn1->u4.PteFrame), Pfn1->u4.PteFrame);
 
             ASSERT(Pfn1->u3.e1.PrototypePte == 0);
 
             /* Make the page free. For prototypes, it will be made free when deleting the section object */
             if (Pfn1->u3.e2.ReferenceCount == 0)
             {
                 /* And it should be in standby or modified list */
                 ASSERT((Pfn1->u3.e1.PageLocation == ModifiedPageList) || (Pfn1->u3.e1.PageLocation == StandbyPageList));
 
                 /* Unlink it and set its reference count to one */
                 MiUnlinkPageFromList(Pfn1);
                 Pfn1->u3.e2.ReferenceCount++;
 
                 /* This will put it back in free list and clean properly up */
                 MI_SET_PFN_DELETED(Pfn1);
                 MiDecrementReferenceCount(Pfn1, PageFrameIndex);
             }
             return;
         }
     }
 
     /* Get the PFN entry */
     PageFrameIndex = PFN_FROM_PTE(&TempPte);
     Pfn1 = MiGetPfnEntry(PageFrameIndex);
 
     /* Check if this is a valid, prototype PTE */
     if (Pfn1->u3.e1.PrototypePte == 1)
     {
         /* Get the PDE and make sure it's faulted in */
         PointerPde = MiPteToPde(PointerPte);
         if (PointerPde->u.Hard.Valid == 0)
         {
 #if (_MI_PAGING_LEVELS == 2)
             /* Could be paged pool access from a new process -- synchronize the page directories */
             if (!NT_SUCCESS(MiCheckPdeForPagedPool(VirtualAddress)))
             {
 #endif
                 /* The PDE must be valid at this point */
                 KeBugCheckEx(MEMORY_MANAGEMENT,
                              0x61940,
                              (ULONG_PTR)PointerPte,
                              PointerPte->u.Long,
                              (ULONG_PTR)VirtualAddress);
             }
 #if (_MI_PAGING_LEVELS == 2)
         }
 #endif
         /* Drop the share count on the page table */
         PointerPde = MiPteToPde(PointerPte);
         MiDecrementShareCount(MiGetPfnEntry(PointerPde->u.Hard.PageFrameNumber),
             PointerPde->u.Hard.PageFrameNumber);
 
         /* Drop the share count */
         MiDecrementShareCount(Pfn1, PageFrameIndex);
 
         /* Either a fork, or this is the shared user data page */
         if ((PointerPte <= MiHighestUserPte) && (PrototypePte != Pfn1->PteAddress))
         {
             /* If it's not the shared user page, then crash, since there's no fork() yet */
             if ((PAGE_ALIGN(VirtualAddress) != (PVOID)USER_SHARED_DATA) ||
                  (MmHighestUserAddress <= (PVOID)USER_SHARED_DATA))
             {
                 /* Must be some sort of memory corruption */
                 KeBugCheckEx(MEMORY_MANAGEMENT,
                              0x400,
                              (ULONG_PTR)PointerPte,
                              (ULONG_PTR)PrototypePte,
                              (ULONG_PTR)Pfn1->PteAddress);
             }
         }
 
         /* Erase it */
         MI_ERASE_PTE(PointerPte);
     }
     else
     {
         /* Make sure the saved PTE address is valid */
         if ((PMMPTE)((ULONG_PTR)Pfn1->PteAddress & ~0x1) != PointerPte)
         {
             /* The PFN entry is illegal, or invalid */
             KeBugCheckEx(MEMORY_MANAGEMENT,
                          0x401,
                          (ULONG_PTR)PointerPte,
                          PointerPte->u.Long,
                          (ULONG_PTR)Pfn1->PteAddress);
         }
 
         /* Erase the PTE */
         MI_ERASE_PTE(PointerPte);
 
         /* There should only be 1 shared reference count */
         ASSERT(Pfn1->u2.ShareCount == 1);
 
         /* Drop the reference on the page table. */
         MiDecrementShareCount(MiGetPfnEntry(Pfn1->u4.PteFrame), Pfn1->u4.PteFrame);
 
         /* Mark the PFN for deletion and dereference what should be the last ref */
         MI_SET_PFN_DELETED(Pfn1);
         MiDecrementShareCount(Pfn1, PageFrameIndex);
 
         /* We should eventually do this */
         //CurrentProcess->NumberOfPrivatePages--;
     }
 
     /* Flush the TLB */
     KeFlushCurrentTb();
 }

◆ MiDeleteSystemPageableVm()

PFN_COUNT NTAPI MiDeleteSystemPageableVm	(	IN PMMPTE	PointerPte,
		IN PFN_NUMBER	PageCount,
		IN ULONG	Flags,
		OUT PPFN_NUMBER	ValidPages
	)

Definition at line 297 of file virtual.c.

Referenced by MiFreeInitializationCode(), MiFreePoolPages(), MiQueryPageTableReferences(), MmFreeDriverInitialization(), and MmFreeSpecialPool().

 {
     PFN_COUNT ActualPages = 0;
     PETHREAD CurrentThread = PsGetCurrentThread();
     PMMPFN Pfn1, Pfn2;
     PFN_NUMBER PageFrameIndex, PageTableIndex;
     KIRQL OldIrql;
     ASSERT(KeGetCurrentIrql() <= APC_LEVEL);
 
     /* Lock the system working set */
     MiLockWorkingSet(CurrentThread, &MmSystemCacheWs);
 
     /* Loop all pages */
     while (PageCount)
     {
         /* Make sure there's some data about the page */
         if (PointerPte->u.Long)
         {
             /* As always, only handle current ARM3 scenarios */
             ASSERT(PointerPte->u.Soft.Prototype == 0);
             ASSERT(PointerPte->u.Soft.Transition == 0);
 
             /* Normally this is one possibility -- freeing a valid page */
             if (PointerPte->u.Hard.Valid)
             {
                 /* Get the page PFN */
                 PageFrameIndex = PFN_FROM_PTE(PointerPte);
                 Pfn1 = MiGetPfnEntry(PageFrameIndex);
 
                 /* Should not have any working set data yet */
                 ASSERT(Pfn1->u1.WsIndex == 0);
 
                 /* Actual valid, legitimate, pages */
                 if (ValidPages) (*ValidPages)++;
 
                 /* Get the page table entry */
                 PageTableIndex = Pfn1->u4.PteFrame;
                 Pfn2 = MiGetPfnEntry(PageTableIndex);
 
                 /* Lock the PFN database */
                 OldIrql = MiAcquirePfnLock();
 
                 /* Delete it the page */
                 MI_SET_PFN_DELETED(Pfn1);
                 MiDecrementShareCount(Pfn1, PageFrameIndex);
 
                 /* Decrement the page table too */
                 MiDecrementShareCount(Pfn2, PageTableIndex);
 
                 /* Release the PFN database */
                 MiReleasePfnLock(OldIrql);
 
                 /* Destroy the PTE */
                 MI_ERASE_PTE(PointerPte);
             }
             else
             {
                 /*
                  * The only other ARM3 possibility is a demand zero page, which would
                  * mean freeing some of the paged pool pages that haven't even been
                  * touched yet, as part of a larger allocation.
                  *
                  * Right now, we shouldn't expect any page file information in the PTE
                  */
                 ASSERT(PointerPte->u.Soft.PageFileHigh == 0);
 
                 /* Destroy the PTE */
                 MI_ERASE_PTE(PointerPte);
             }
 
             /* Actual legitimate pages */
             ActualPages++;
         }
 
         /* Keep going */
         PointerPte++;
         PageCount--;
     }
 
     /* Release the working set */
     MiUnlockWorkingSet(CurrentThread, &MmSystemCacheWs);
 
     /* Flush the entire TLB */
     KeFlushEntireTb(TRUE, TRUE);
 
     /* Done */
     return ActualPages;
 }

◆ MiDeleteVirtualAddresses()

VOID NTAPI MiDeleteVirtualAddresses	(	IN ULONG_PTR	Va,
		IN ULONG_PTR	EndingAddress,
		IN PMMVAD	Vad
	)

Definition at line 540 of file virtual.c.

Referenced by MiQueryPageTableReferences(), MiRemoveMappedView(), MmCleanProcessAddressSpace(), MmDeleteTeb(), and NtFreeVirtualMemory().

 {
     PMMPTE PointerPte, PrototypePte, LastPrototypePte;
     PMMPDE PointerPde;
     MMPTE TempPte;
     PEPROCESS CurrentProcess;
     KIRQL OldIrql;
     BOOLEAN AddressGap = FALSE;
     PSUBSECTION Subsection;
 
     /* Get out if this is a fake VAD, RosMm will free the marea pages */
     if ((Vad) && (Vad->u.VadFlags.Spare == 1)) return;
 
     /* Grab the process and PTE/PDE for the address being deleted */
     CurrentProcess = PsGetCurrentProcess();
     PointerPde = MiAddressToPde(Va);
     PointerPte = MiAddressToPte(Va);
 
     /* Check if this is a section VAD or a VM VAD */
     if (!(Vad) || (Vad->u.VadFlags.PrivateMemory) || !(Vad->FirstPrototypePte))
     {
         /* Don't worry about prototypes */
         PrototypePte = LastPrototypePte = NULL;
     }
     else
     {
         /* Get the prototype PTE */
         PrototypePte = Vad->FirstPrototypePte;
         LastPrototypePte = Vad->FirstPrototypePte + 1;
     }
 
     /* In all cases, we don't support fork() yet */
     ASSERT(CurrentProcess->CloneRoot == NULL);
 
     /* Loop the PTE for each VA */
     while (TRUE)
     {
         /* First keep going until we find a valid PDE */
         while (!PointerPde->u.Long)
         {
             /* There are gaps in the address space */
             AddressGap = TRUE;
 
             /* Still no valid PDE, try the next 4MB (or whatever) */
             PointerPde++;
 
             /* Update the PTE on this new boundary */
             PointerPte = MiPteToAddress(PointerPde);
 
             /* Check if all the PDEs are invalid, so there's nothing to free */
             Va = (ULONG_PTR)MiPteToAddress(PointerPte);
             if (Va > EndingAddress) return;
         }
 
         /* Now check if the PDE is mapped in */
         if (!PointerPde->u.Hard.Valid)
         {
             /* It isn't, so map it in */
             PointerPte = MiPteToAddress(PointerPde);
             MiMakeSystemAddressValid(PointerPte, CurrentProcess);
         }
 
         /* Now we should have a valid PDE, mapped in, and still have some VA */
         ASSERT(PointerPde->u.Hard.Valid == 1);
         ASSERT(Va <= EndingAddress);
 
         /* Check if this is a section VAD with gaps in it */
         if ((AddressGap) && (LastPrototypePte))
         {
             /* We need to skip to the next correct prototype PTE */
             PrototypePte = MI_GET_PROTOTYPE_PTE_FOR_VPN(Vad, Va >> PAGE_SHIFT);
 
             /* And we need the subsection to skip to the next last prototype PTE */
             Subsection = MiLocateSubsection(Vad, Va >> PAGE_SHIFT);
             if (Subsection)
             {
                 /* Found it! */
                 LastPrototypePte = &Subsection->SubsectionBase[Subsection->PtesInSubsection];
             }
             else
             {
                 /* No more subsections, we are done with prototype PTEs */
                 PrototypePte = NULL;
             }
         }
 
         /* Lock the PFN Database while we delete the PTEs */
         OldIrql = MiAcquirePfnLock();
         do
         {
             /* Capture the PDE and make sure it exists */
             TempPte = *PointerPte;
             if (TempPte.u.Long)
             {
                 MiDecrementPageTableReferences((PVOID)Va);
 
                 /* Check if the PTE is actually mapped in */
                 if (MI_IS_MAPPED_PTE(&TempPte))
                 {
                     /* Are we dealing with section VAD? */
                     if ((LastPrototypePte) && (PrototypePte > LastPrototypePte))
                     {
                         /* We need to skip to the next correct prototype PTE */
                         PrototypePte = MI_GET_PROTOTYPE_PTE_FOR_VPN(Vad, Va >> PAGE_SHIFT);
 
                         /* And we need the subsection to skip to the next last prototype PTE */
                         Subsection = MiLocateSubsection(Vad, Va >> PAGE_SHIFT);
                         if (Subsection)
                         {
                             /* Found it! */
                             LastPrototypePte = &Subsection->SubsectionBase[Subsection->PtesInSubsection];
                         }
                         else
                         {
                             /* No more subsections, we are done with prototype PTEs */
                             PrototypePte = NULL;
                         }
                     }
 
                     /* Check for prototype PTE */
                     if ((TempPte.u.Hard.Valid == 0) &&
                         (TempPte.u.Soft.Prototype == 1))
                     {
                         /* Just nuke it */
                         MI_ERASE_PTE(PointerPte);
                     }
                     else
                     {
                         /* Delete the PTE proper */
                         MiDeletePte(PointerPte,
                                     (PVOID)Va,
                                     CurrentProcess,
                                     PrototypePte);
                     }
                 }
                 else
                 {
                     /* The PTE was never mapped, just nuke it here */
                     MI_ERASE_PTE(PointerPte);
                 }
             }
 
             /* Update the address and PTE for it */
             Va += PAGE_SIZE;
             PointerPte++;
             PrototypePte++;
 
             /* Making sure the PDE is still valid */
             ASSERT(PointerPde->u.Hard.Valid == 1);
         }
         while ((Va & (PDE_MAPPED_VA - 1)) && (Va <= EndingAddress));
 
         /* The PDE should still be valid at this point */
         ASSERT(PointerPde->u.Hard.Valid == 1);
 
         /* Check remaining PTE count (go back 1 page due to above loop) */
         if (MiQueryPageTableReferences((PVOID)(Va - PAGE_SIZE)) == 0)
         {
             if (PointerPde->u.Long != 0)
             {
                 /* Delete the PTE proper */
                 MiDeletePte(PointerPde,
                             MiPteToAddress(PointerPde),
                             CurrentProcess,
                             NULL);
             }
         }
 
         /* Release the lock and get out if we're done */
         MiReleasePfnLock(OldIrql);
         if (Va > EndingAddress) return;
 
         /* Otherwise, we exited because we hit a new PDE boundary, so start over */
         PointerPde = MiAddressToPde(Va);
         AddressGap = FALSE;
     }
 }

◆ MiDoMappedCopy()

NTSTATUS NTAPI MiDoMappedCopy	(	IN PEPROCESS	SourceProcess,
		IN PVOID	SourceAddress,
		IN PEPROCESS	TargetProcess,
		OUT PVOID	TargetAddress,
		IN SIZE_T	BufferSize,
		IN KPROCESSOR_MODE	PreviousMode,
		OUT PSIZE_T	ReturnSize
	)

Definition at line 766 of file virtual.c.

Referenced by MmCopyVirtualMemory().

 {
     PFN_NUMBER MdlBuffer[(sizeof(MDL) / sizeof(PFN_NUMBER)) + MI_MAPPED_COPY_PAGES + 1];
     PMDL Mdl = (PMDL)MdlBuffer;
     SIZE_T TotalSize, CurrentSize, RemainingSize;
     volatile BOOLEAN FailedInProbe = FALSE;
     volatile BOOLEAN PagesLocked = FALSE;
     PVOID CurrentAddress = SourceAddress, CurrentTargetAddress = TargetAddress;
     volatile PVOID MdlAddress = NULL;
     KAPC_STATE ApcState;
     BOOLEAN HaveBadAddress;
     ULONG_PTR BadAddress;
     NTSTATUS Status = STATUS_SUCCESS;
     PAGED_CODE();
 
     //
     // Calculate the maximum amount of data to move
     //
     TotalSize = MI_MAPPED_COPY_PAGES * PAGE_SIZE;
     if (BufferSize <= TotalSize) TotalSize = BufferSize;
     CurrentSize = TotalSize;
     RemainingSize = BufferSize;
 
     //
     // Loop as long as there is still data
     //
     while (RemainingSize > 0)
     {
         //
         // Check if this transfer will finish everything off
         //
         if (RemainingSize < CurrentSize) CurrentSize = RemainingSize;
 
         //
         // Attach to the source address space
         //
         KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
 
         //
         // Check state for this pass
         //
         ASSERT(MdlAddress == NULL);
         ASSERT(PagesLocked == FALSE);
         ASSERT(FailedInProbe == FALSE);
 
         //
         // Protect user-mode copy
         //
         _SEH2_TRY
         {
             //
             // If this is our first time, probe the buffer
             //
             if ((CurrentAddress == SourceAddress) && (PreviousMode != KernelMode))
             {
                 //
                 // Catch a failure here
                 //
                 FailedInProbe = TRUE;
 
                 //
                 // Do the probe
                 //
                 ProbeForRead(SourceAddress, BufferSize, sizeof(CHAR));
 
                 //
                 // Passed
                 //
                 FailedInProbe = FALSE;
             }
 
             //
             // Initialize and probe and lock the MDL
             //
             MmInitializeMdl(Mdl, CurrentAddress, CurrentSize);
             MmProbeAndLockPages(Mdl, PreviousMode, IoReadAccess);
             PagesLocked = TRUE;
         }
         _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
         {
             Status = _SEH2_GetExceptionCode();
         }
         _SEH2_END
 
         /* Detach from source process */
         KeUnstackDetachProcess(&ApcState);
 
         if (Status != STATUS_SUCCESS)
         {
             goto Exit;
         }
 
         //
         // Now map the pages
         //
         MdlAddress = MmMapLockedPagesSpecifyCache(Mdl,
                                                   KernelMode,
                                                   MmCached,
                                                   NULL,
                                                   FALSE,
                                                   HighPagePriority);
         if (!MdlAddress)
         {
             Status = STATUS_INSUFFICIENT_RESOURCES;
             goto Exit;
         }
 
         //
         // Grab to the target process
         //
         KeStackAttachProcess(&TargetProcess->Pcb, &ApcState);
 
         _SEH2_TRY
         {
             //
             // Check if this is our first time through
             //
             if ((CurrentTargetAddress == TargetAddress) && (PreviousMode != KernelMode))
             {
                 //
                 // Catch a failure here
                 //
                 FailedInProbe = TRUE;
 
                 //
                 // Do the probe
                 //
                 ProbeForWrite(TargetAddress, BufferSize, sizeof(CHAR));
 
                 //
                 // Passed
                 //
                 FailedInProbe = FALSE;
             }
 
             //
             // Now do the actual move
             //
             RtlCopyMemory(CurrentTargetAddress, MdlAddress, CurrentSize);
         }
         _SEH2_EXCEPT(MiGetExceptionInfo(_SEH2_GetExceptionInformation(),
                                         &HaveBadAddress,
                                         &BadAddress))
         {
             *ReturnSize = BufferSize - RemainingSize;
             //
             // Check if we failed during the probe
             //
             if (FailedInProbe)
             {
                 //
                 // Exit
                 //
                 Status = _SEH2_GetExceptionCode();
             }
             else
             {
                 //
                 // Othewise we failed during the move.
                 // Check if we know exactly where we stopped copying
                 //
                 if (HaveBadAddress)
                 {
                     //
                     // Return the exact number of bytes copied
                     //
                     *ReturnSize = BadAddress - (ULONG_PTR)SourceAddress;
                 }
                 //
                 // Return partial copy
                 //
                 Status = STATUS_PARTIAL_COPY;
             }
         }
         _SEH2_END;
 
         /* Detach from target process */
         KeUnstackDetachProcess(&ApcState);
 
         //
         // Check for SEH status
         //
         if (Status != STATUS_SUCCESS)
         {
             goto Exit;
         }
 
         //
         // Unmap and unlock
         //
         MmUnmapLockedPages(MdlAddress, Mdl);
         MdlAddress = NULL;
         MmUnlockPages(Mdl);
         PagesLocked = FALSE;
 
         //
         // Update location and size
         //
         RemainingSize -= CurrentSize;
         CurrentAddress = (PVOID)((ULONG_PTR)CurrentAddress + CurrentSize);
         CurrentTargetAddress = (PVOID)((ULONG_PTR)CurrentTargetAddress + CurrentSize);
     }
 
 Exit:
     if (MdlAddress != NULL)
         MmUnmapLockedPages(MdlAddress, Mdl);
     if (PagesLocked)
         MmUnlockPages(Mdl);
 
     //
     // All bytes read
     //
     if (Status == STATUS_SUCCESS)
         *ReturnSize = BufferSize;
     return Status;
 }

◆ MiDoPoolCopy()

NTSTATUS NTAPI MiDoPoolCopy	(	IN PEPROCESS	SourceProcess,
		IN PVOID	SourceAddress,
		IN PEPROCESS	TargetProcess,
		OUT PVOID	TargetAddress,
		IN SIZE_T	BufferSize,
		IN KPROCESSOR_MODE	PreviousMode,
		OUT PSIZE_T	ReturnSize
	)

Definition at line 991 of file virtual.c.

Referenced by MmCopyVirtualMemory().

 {
     UCHAR StackBuffer[MI_POOL_COPY_BYTES];
     SIZE_T TotalSize, CurrentSize, RemainingSize;
     volatile BOOLEAN FailedInProbe = FALSE, HavePoolAddress = FALSE;
     PVOID CurrentAddress = SourceAddress, CurrentTargetAddress = TargetAddress;
     PVOID PoolAddress;
     KAPC_STATE ApcState;
     BOOLEAN HaveBadAddress;
     ULONG_PTR BadAddress;
     NTSTATUS Status = STATUS_SUCCESS;
     PAGED_CODE();
 
     DPRINT("Copying %Iu bytes from process %p (address %p) to process %p (Address %p)\n",
         BufferSize, SourceProcess, SourceAddress, TargetProcess, TargetAddress);
 
     //
     // Calculate the maximum amount of data to move
     //
     TotalSize = MI_MAX_TRANSFER_SIZE;
     if (BufferSize <= MI_MAX_TRANSFER_SIZE) TotalSize = BufferSize;
     CurrentSize = TotalSize;
     RemainingSize = BufferSize;
 
     //
     // Check if we can use the stack
     //
     if (BufferSize <= MI_POOL_COPY_BYTES)
     {
         //
         // Use it
         //
         PoolAddress = (PVOID)StackBuffer;
     }
     else
     {
         //
         // Allocate pool
         //
         PoolAddress = ExAllocatePoolWithTag(NonPagedPool, TotalSize, 'VmRw');
         if (!PoolAddress) ASSERT(FALSE);
         HavePoolAddress = TRUE;
     }
 
     //
     // Loop as long as there is still data
     //
     while (RemainingSize > 0)
     {
         //
         // Check if this transfer will finish everything off
         //
         if (RemainingSize < CurrentSize) CurrentSize = RemainingSize;
 
         //
         // Attach to the source address space
         //
         KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
 
         /* Check that state is sane */
         ASSERT(FailedInProbe == FALSE);
         ASSERT(Status == STATUS_SUCCESS);
 
         //
         // Protect user-mode copy
         //
         _SEH2_TRY
         {
             //
             // If this is our first time, probe the buffer
             //
             if ((CurrentAddress == SourceAddress) && (PreviousMode != KernelMode))
             {
                 //
                 // Catch a failure here
                 //
                 FailedInProbe = TRUE;
 
                 //
                 // Do the probe
                 //
                 ProbeForRead(SourceAddress, BufferSize, sizeof(CHAR));
 
                 //
                 // Passed
                 //
                 FailedInProbe = FALSE;
             }
 
             //
             // Do the copy
             //
             RtlCopyMemory(PoolAddress, CurrentAddress, CurrentSize);
         }
         _SEH2_EXCEPT(MiGetExceptionInfo(_SEH2_GetExceptionInformation(),
                                         &HaveBadAddress,
                                         &BadAddress))
         {
             *ReturnSize = BufferSize - RemainingSize;
 
             //
             // Check if we failed during the probe
             //
             if (FailedInProbe)
             {
                 //
                 // Exit
                 //
                 Status = _SEH2_GetExceptionCode();
             }
             else
             {
                 //
                 // We failed during the move.
                 // Check if we know exactly where we stopped copying
                 //
                 if (HaveBadAddress)
                 {
                     //
                     // Return the exact number of bytes copied
                     //
                     *ReturnSize = BadAddress - (ULONG_PTR)SourceAddress;
                 }
                 //
                 // Return partial copy
                 //
                 Status = STATUS_PARTIAL_COPY;
             }
         }
         _SEH2_END
 
         /* Let go of the source */
         KeUnstackDetachProcess(&ApcState);
 
         if (Status != STATUS_SUCCESS)
         {
             goto Exit;
         }
 
         /* Grab the target process */
         KeStackAttachProcess(&TargetProcess->Pcb, &ApcState);
 
         _SEH2_TRY
         {
             //
             // Check if this is our first time through
             //
             if ((CurrentTargetAddress == TargetAddress) && (PreviousMode != KernelMode))
             {
                 //
                 // Catch a failure here
                 //
                 FailedInProbe = TRUE;
 
                 //
                 // Do the probe
                 //
                 ProbeForWrite(TargetAddress, BufferSize, sizeof(CHAR));
 
                 //
                 // Passed
                 //
                 FailedInProbe = FALSE;
             }
 
             //
             // Now do the actual move
             //
             RtlCopyMemory(CurrentTargetAddress, PoolAddress, CurrentSize);
         }
         _SEH2_EXCEPT(MiGetExceptionInfo(_SEH2_GetExceptionInformation(),
                                         &HaveBadAddress,
                                         &BadAddress))
         {
             *ReturnSize = BufferSize - RemainingSize;
             //
             // Check if we failed during the probe
             //
             if (FailedInProbe)
             {
                 //
                 // Exit
                 //
                 Status = _SEH2_GetExceptionCode();
             }
             else
             {
                 //
                 // Otherwise we failed during the move.
                 // Check if we know exactly where we stopped copying
                 //
                 if (HaveBadAddress)
                 {
                     //
                     // Return the exact number of bytes copied
                     //
                     *ReturnSize = BadAddress - (ULONG_PTR)SourceAddress;
                 }
                 //
                 // Return partial copy
                 //
                 Status = STATUS_PARTIAL_COPY;
             }
         }
         _SEH2_END;
 
         //
         // Detach from target
         //
         KeUnstackDetachProcess(&ApcState);
 
         //
         // Check for SEH status
         //
         if (Status != STATUS_SUCCESS)
         {
             goto Exit;
         }
 
         //
         // Update location and size
         //
         RemainingSize -= CurrentSize;
         CurrentAddress = (PVOID)((ULONG_PTR)CurrentAddress + CurrentSize);
         CurrentTargetAddress = (PVOID)((ULONG_PTR)CurrentTargetAddress +
                                        CurrentSize);
     }
 
 Exit:
     //
     // Check if we had allocated pool
     //
     if (HavePoolAddress)
         ExFreePoolWithTag(PoolAddress, 'VmRw');
 
     //
     // All bytes read
     //
     if (Status == STATUS_SUCCESS)
         *ReturnSize = BufferSize;
     return Status;
 }

◆ MiFlushTbAndCapture()

VOID NTAPI MiFlushTbAndCapture	(	IN PMMVAD	FoundVad,
		IN PMMPTE	PointerPte,
		IN ULONG	ProtectionMask,
		IN PMMPFN	Pfn1,
		IN BOOLEAN	CaptureDirtyBit
	)

Definition at line 1958 of file section.c.

Referenced by MiProtectVirtualMemory(), and MiSetProtectionOnSection().

 {
     MMPTE TempPte, PreviousPte;
     KIRQL OldIrql;
     BOOLEAN RebuildPte = FALSE;
 
     //
     // User for sanity checking later on
     //
     PreviousPte = *PointerPte;
 
     //
     // Build the PTE and acquire the PFN lock
     //
     MI_MAKE_HARDWARE_PTE_USER(&TempPte,
                               PointerPte,
                               ProtectionMask,
                               PreviousPte.u.Hard.PageFrameNumber);
     OldIrql = MiAcquirePfnLock();
 
     //
     // We don't support I/O mappings in this path yet
     //
     ASSERT(Pfn1 != NULL);
     ASSERT(Pfn1->u3.e1.CacheAttribute != MiWriteCombined);
 
     //
     // Make sure new protection mask doesn't get in conflict and fix it if it does
     //
     if (Pfn1->u3.e1.CacheAttribute == MiCached)
     {
         //
         // This is a cached PFN
         //
         if (ProtectionMask & (MM_NOCACHE | MM_NOACCESS))
         {
             RebuildPte = TRUE;
             ProtectionMask &= ~(MM_NOCACHE | MM_NOACCESS);
         }
     }
     else if (Pfn1->u3.e1.CacheAttribute == MiNonCached)
     {
         //
         // This is a non-cached PFN
         //
         if ((ProtectionMask & (MM_NOCACHE | MM_NOACCESS)) != MM_NOCACHE)
         {
             RebuildPte = TRUE;
             ProtectionMask &= ~MM_NOACCESS;
             ProtectionMask |= MM_NOCACHE;
         }
     }
 
     if (RebuildPte)
     {
         MI_MAKE_HARDWARE_PTE_USER(&TempPte,
                                   PointerPte,
                                   ProtectionMask,
                                   PreviousPte.u.Hard.PageFrameNumber);
     }
 
     //
     // Write the new PTE, making sure we are only changing the bits
     //
     MI_UPDATE_VALID_PTE(PointerPte, TempPte);
 
     //
     // Flush the TLB
     //
     ASSERT(PreviousPte.u.Hard.Valid == 1);
     KeFlushCurrentTb();
     ASSERT(PreviousPte.u.Hard.Valid == 1);
 
     //
     // Windows updates the relevant PFN1 information, we currently don't.
     //
     if (UpdateDirty && PreviousPte.u.Hard.Dirty)
     {
         if (!Pfn1->u3.e1.Modified)
         {
             DPRINT1("FIXME: Mark PFN as dirty\n");
         }
     }
 
     //
     // Not supported in ARM3
     //
     ASSERT(FoundVad->u.VadFlags.VadType != VadWriteWatch);
 
     //
     // Release the PFN lock, we are done
     //
     MiReleasePfnLock(OldIrql);
 }

◆ MiGetExceptionInfo()

LONG MiGetExceptionInfo	(	IN PEXCEPTION_POINTERS	ExceptionInfo,
		OUT PBOOLEAN	HaveBadAddress,
		OUT PULONG_PTR	BadAddress
	)

Definition at line 721 of file virtual.c.

Referenced by MiDoMappedCopy(), and MiDoPoolCopy().

 {
     PEXCEPTION_RECORD ExceptionRecord;
     PAGED_CODE();
 
     //
     // Assume default
     //
     *HaveBadAddress = FALSE;
 
     //
     // Get the exception record
     //
     ExceptionRecord = ExceptionInfo->ExceptionRecord;
 
     //
     // Look at the exception code
     //
     if ((ExceptionRecord->ExceptionCode == STATUS_ACCESS_VIOLATION) ||
         (ExceptionRecord->ExceptionCode == STATUS_GUARD_PAGE_VIOLATION) ||
         (ExceptionRecord->ExceptionCode == STATUS_IN_PAGE_ERROR))
     {
         //
         // We can tell the address if we have more than one parameter
         //
         if (ExceptionRecord->NumberParameters > 1)
         {
             //
             // Return the address
             //
             *HaveBadAddress = TRUE;
             *BadAddress = ExceptionRecord->ExceptionInformation[1];
         }
     }
 
     //
     // Continue executing the next handler
     //
     return EXCEPTION_EXECUTE_HANDLER;
 }

◆ MiGetPageProtection()

ULONG NTAPI MiGetPageProtection ( IN PMMPTE PointerPte )

Definition at line 1329 of file virtual.c.

Referenced by MiProtectVirtualMemory(), MiQueryAddressState(), MiQueryPageTableReferences(), MiSetProtectionOnSection(), and NtAllocateVirtualMemory().

 {
     MMPTE TempPte;
     PMMPFN Pfn;
     PEPROCESS CurrentProcess;
     PETHREAD CurrentThread;
     BOOLEAN WsSafe, WsShared;
     ULONG Protect;
     KIRQL OldIrql;
     PAGED_CODE();
 
     /* Copy this PTE's contents */
     TempPte = *PointerPte;
 
     /* Assure it's not totally zero */
     ASSERT(TempPte.u.Long);
 
     /* Check for a special prototype format */
     if ((TempPte.u.Soft.Valid == 0) &&
         (TempPte.u.Soft.Prototype == 1))
     {
         /* Check if the prototype PTE is not yet pointing to a PTE */
         if (TempPte.u.Soft.PageFileHigh == MI_PTE_LOOKUP_NEEDED)
         {
             /* The prototype PTE contains the protection */
             return MmProtectToValue[TempPte.u.Soft.Protection];
         }
 
         /* Get a pointer to the underlying shared PTE */
         PointerPte = MiProtoPteToPte(&TempPte);
 
         /* Since the PTE we want to read can be paged out at any time, we need
            to release the working set lock first, so that it can be paged in */
         CurrentThread = PsGetCurrentThread();
         CurrentProcess = PsGetCurrentProcess();
         MiUnlockProcessWorkingSetForFault(CurrentProcess,
                                           CurrentThread,
                                           &WsSafe,
                                           &WsShared);
 
         /* Now read the PTE value */
         TempPte = *PointerPte;
 
         /* Check if that one is invalid */
         if (!TempPte.u.Hard.Valid)
         {
             /* We get the protection directly from this PTE */
             Protect = MmProtectToValue[TempPte.u.Soft.Protection];
         }
         else
         {
             /* The PTE is valid, so we might need to get the protection from
                the PFN. Lock the PFN database */
             OldIrql = MiAcquirePfnLock();
 
             /* Check if the PDE is still valid */
             if (MiAddressToPte(PointerPte)->u.Hard.Valid == 0)
             {
                 /* It's not, make it valid */
                 MiMakeSystemAddressValidPfn(PointerPte, OldIrql);
             }
 
             /* Now it's safe to read the PTE value again */
             TempPte = *PointerPte;
             ASSERT(TempPte.u.Long != 0);
 
             /* Check again if the PTE is invalid */
             if (!TempPte.u.Hard.Valid)
             {
                 /* The PTE is not valid, so we can use it's protection field */
                 Protect = MmProtectToValue[TempPte.u.Soft.Protection];
             }
             else
             {
                 /* The PTE is valid, so we can find the protection in the
                    OriginalPte field of the PFN */
                 Pfn = MI_PFN_ELEMENT(TempPte.u.Hard.PageFrameNumber);
                 Protect = MmProtectToValue[Pfn->OriginalPte.u.Soft.Protection];
             }
 
             /* Release the PFN database */
             MiReleasePfnLock(OldIrql);
         }
 
         /* Lock the working set again */
         MiLockProcessWorkingSetForFault(CurrentProcess,
                                         CurrentThread,
                                         WsSafe,
                                         WsShared);
 
         return Protect;
     }
 
     /* In the easy case of transition or demand zero PTE just return its protection */
     if (!TempPte.u.Hard.Valid) return MmProtectToValue[TempPte.u.Soft.Protection];
 
     /* If we get here, the PTE is valid, so look up the page in PFN database */
     Pfn = MiGetPfnEntry(TempPte.u.Hard.PageFrameNumber);
     if (!Pfn->u3.e1.PrototypePte)
     {
         /* Return protection of the original pte */
         ASSERT(Pfn->u4.AweAllocation == 0);
         return MmProtectToValue[Pfn->OriginalPte.u.Soft.Protection];
     }
 
     /* This is software PTE */
     DPRINT("Prototype PTE: %lx %p\n", TempPte.u.Hard.PageFrameNumber, Pfn);
     DPRINT("VA: %p\n", MiPteToAddress(&TempPte));
     DPRINT("Mask: %lx\n", TempPte.u.Soft.Protection);
     DPRINT("Mask2: %lx\n", Pfn->OriginalPte.u.Soft.Protection);
     return MmProtectToValue[TempPte.u.Soft.Protection];
 }

◆ MiIsEntireRangeCommitted()

BOOLEAN NTAPI MiIsEntireRangeCommitted	(	IN ULONG_PTR	StartingAddress,
		IN ULONG_PTR	EndingAddress,
		IN PMMVAD	Vad,
		IN PEPROCESS	Process
	)

Definition at line 1976 of file virtual.c.

Referenced by MiProtectVirtualMemory().

 {
     PMMPTE PointerPte, LastPte;
     PMMPDE PointerPde;
     BOOLEAN OnBoundary = TRUE;
     PAGED_CODE();
 
     /* Get the PDE and PTE addresses */
     PointerPde = MiAddressToPde(StartingAddress);
     PointerPte = MiAddressToPte(StartingAddress);
     LastPte = MiAddressToPte(EndingAddress);
 
     /* Loop all the PTEs */
     while (PointerPte <= LastPte)
     {
         /* Check if we've hit an new PDE boundary */
         if (OnBoundary)
         {
             /* Is this PDE demand zero? */
             PointerPde = MiPteToPde(PointerPte);
             if (PointerPde->u.Long != 0)
             {
                 /* It isn't -- is it valid? */
                 if (PointerPde->u.Hard.Valid == 0)
                 {
                     /* Nope, fault it in */
                     MiMakeSystemAddressValid(PointerPte, Process);
                 }
             }
             else
             {
                 /* The PTE was already valid, so move to the next one */
                 PointerPde++;
                 PointerPte = MiPdeToPte(PointerPde);
 
                 /* Is the entire VAD committed? If not, fail */
                 if (!Vad->u.VadFlags.MemCommit) return FALSE;
 
                 /* New loop iteration with our new, on-boundary PTE. */
                 continue;
             }
         }
 
         /* Is the PTE demand zero? */
         if (PointerPte->u.Long == 0)
         {
             /* Is the entire VAD committed? If not, fail */
             if (!Vad->u.VadFlags.MemCommit) return FALSE;
         }
         else
         {
             /* It isn't -- is it a decommited, invalid, or faulted PTE? */
             if ((PointerPte->u.Soft.Protection == MM_DECOMMIT) &&
                 (PointerPte->u.Hard.Valid == 0) &&
                 ((PointerPte->u.Soft.Prototype == 0) ||
                  (PointerPte->u.Soft.PageFileHigh == MI_PTE_LOOKUP_NEEDED)))
             {
                 /* Then part of the range is decommitted, so fail */
                 return FALSE;
             }
         }
 
         /* Move to the next PTE */
         PointerPte++;
         OnBoundary = MiIsPteOnPdeBoundary(PointerPte);
     }
 
     /* All PTEs seem valid, and no VAD checks failed, the range is okay */
     return TRUE;
 }

◆ MiLockVirtualMemory()

static NTSTATUS MiLockVirtualMemory	(	IN OUT PVOID *	BaseAddress,
		IN OUT PSIZE_T	RegionSize,
		IN ULONG	MapType
	)

static

Definition at line 3256 of file virtual.c.

Referenced by NtLockVirtualMemory(), and RunTest().

 {
     PEPROCESS CurrentProcess;
     PMMSUPPORT AddressSpace;
     PVOID CurrentVa, EndAddress;
     PMMPTE PointerPte, LastPte;
     PMMPDE PointerPde;
 #if (_MI_PAGING_LEVELS >= 3)
     PMMPDE PointerPpe;
 #endif
 #if (_MI_PAGING_LEVELS == 4)
     PMMPDE PointerPxe;
 #endif
     PMMPFN Pfn1;
     NTSTATUS Status, TempStatus;
 
     /* Lock the address space */
     AddressSpace = MmGetCurrentAddressSpace();
     MmLockAddressSpace(AddressSpace);
 
     /* Make sure we still have an address space */
     CurrentProcess = PsGetCurrentProcess();
     if (CurrentProcess->VmDeleted)
     {
         Status = STATUS_PROCESS_IS_TERMINATING;
         goto Cleanup;
     }
 
     /* Check the VADs in the requested range */
     Status = MiCheckVadsForLockOperation(BaseAddress, RegionSize, &EndAddress);
     if (!NT_SUCCESS(Status))
     {
         goto Cleanup;
     }
 
     /* Enter SEH for probing */
     _SEH2_TRY
     {
         /* Loop all pages and probe them */
         CurrentVa = *BaseAddress;
         while (CurrentVa < EndAddress)
         {
             (void)(*(volatile CHAR*)CurrentVa);
             CurrentVa = (PUCHAR)CurrentVa + PAGE_SIZE;
         }
     }
     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
     {
         Status = _SEH2_GetExceptionCode();
         goto Cleanup;
     }
     _SEH2_END;
 
     /* All pages were accessible, since we hold the address space lock, nothing
        can be de-committed. Assume success for now. */
     Status = STATUS_SUCCESS;
 
     /* Get the PTE and PDE */
     PointerPte = MiAddressToPte(*BaseAddress);
     PointerPde = MiAddressToPde(*BaseAddress);
 #if (_MI_PAGING_LEVELS >= 3)
     PointerPpe = MiAddressToPpe(*BaseAddress);
 #endif
 #if (_MI_PAGING_LEVELS == 4)
     PointerPxe = MiAddressToPxe(*BaseAddress);
 #endif
 
     /* Get the last PTE */
     LastPte = MiAddressToPte((PVOID)((ULONG_PTR)EndAddress - 1));
 
     /* Lock the process working set */
     MiLockProcessWorkingSet(CurrentProcess, PsGetCurrentThread());
 
     /* Loop the pages */
     do
     {
         /* Check for a page that is not accessible */
         while (
 #if (_MI_PAGING_LEVELS == 4)
                (PointerPxe->u.Hard.Valid == 0) ||
 #endif
 #if (_MI_PAGING_LEVELS >= 3)
                (PointerPpe->u.Hard.Valid == 0) ||
 #endif
                (PointerPde->u.Hard.Valid == 0) ||
                (PointerPte->u.Hard.Valid == 0))
         {
             /* Release process working set */
             MiUnlockProcessWorkingSet(CurrentProcess, PsGetCurrentThread());
 
             /* Access the page */
             CurrentVa = MiPteToAddress(PointerPte);
 
             //HACK: Pass a placeholder TrapInformation so the fault handler knows we're unlocked
             TempStatus = MmAccessFault(TRUE, CurrentVa, KernelMode, (PVOID)(ULONG_PTR)0xBADBADA3BADBADA3ULL);
             if (!NT_SUCCESS(TempStatus))
             {
                 // This should only happen, when remote backing storage is not accessible
                 ASSERT(FALSE);
                 Status = TempStatus;
                 goto Cleanup;
             }
 
             /* Lock the process working set */
             MiLockProcessWorkingSet(CurrentProcess, PsGetCurrentThread());
         }
 
         /* Get the PFN */
         Pfn1 = MiGetPfnEntry(PFN_FROM_PTE(PointerPte));
         ASSERT(Pfn1 != NULL);
 
         /* Check the previous lock status */
         if (MI_IS_LOCKED_VA(Pfn1, MapType))
         {
             Status = STATUS_WAS_LOCKED;
         }
 
         /* Lock it */
         MI_LOCK_VA(Pfn1, MapType);
 
         /* Go to the next PTE */
         PointerPte++;
 
         /* Check if we're on a PDE boundary */
         if (MiIsPteOnPdeBoundary(PointerPte)) PointerPde++;
 #if (_MI_PAGING_LEVELS >= 3)
         if (MiIsPteOnPpeBoundary(PointerPte)) PointerPpe++;
 #endif
 #if (_MI_PAGING_LEVELS == 4)
         if (MiIsPteOnPxeBoundary(PointerPte)) PointerPxe++;
 #endif
     } while (PointerPte <= LastPte);
 
     /* Release process working set */
     MiUnlockProcessWorkingSet(CurrentProcess, PsGetCurrentThread());
 
 Cleanup:
     /* Unlock address space */
     MmUnlockAddressSpace(AddressSpace);
 
     return Status;
 }

◆ MiMakePdeExistAndMakeValid()

VOID NTAPI MiMakePdeExistAndMakeValid	(	IN PMMPDE	PointerPde,
		IN PEPROCESS	TargetProcess,
		IN KIRQL	OldIrql
	)

Definition at line 2371 of file virtual.c.

Referenced by MiDecommitPages(), MiMapLockedPagesInUserSpace(), MiProtectVirtualMemory(), MiQueryPageTableReferences(), MiSetProtectionOnSection(), and NtAllocateVirtualMemory().

 {
    PMMPTE PointerPte, PointerPpe, PointerPxe;
 
    //
    // Sanity checks. The latter is because we only use this function with the
    // PFN lock not held, so it may go away in the future.
    //
    ASSERT(KeAreAllApcsDisabled() == TRUE);
    ASSERT(OldIrql == MM_NOIRQL);
 
    //
    // Also get the PPE and PXE. This is okay not to #ifdef because they will
    // return the same address as the PDE on 2-level page table systems.
    //
    // If everything is already valid, there is nothing to do.
    //
    PointerPpe = MiAddressToPte(PointerPde);
    PointerPxe = MiAddressToPde(PointerPde);
    if ((PointerPxe->u.Hard.Valid) &&
        (PointerPpe->u.Hard.Valid) &&
        (PointerPde->u.Hard.Valid))
    {
        return;
    }
 
    //
    // At least something is invalid, so begin by getting the PTE for the PDE itself
    // and then lookup each additional level. We must do it in this precise order
    // because the pagfault.c code (as well as in Windows) depends that the next
    // level up (higher) must be valid when faulting a lower level
    //
    PointerPte = MiPteToAddress(PointerPde);
    do
    {
        //
        // Make sure APCs continued to be disabled
        //
        ASSERT(KeAreAllApcsDisabled() == TRUE);
 
        //
        // First, make the PXE valid if needed
        //
        if (!PointerPxe->u.Hard.Valid)
        {
            MiMakeSystemAddressValid(PointerPpe, TargetProcess);
            ASSERT(PointerPxe->u.Hard.Valid == 1);
        }
 
        //
        // Next, the PPE
        //
        if (!PointerPpe->u.Hard.Valid)
        {
            MiMakeSystemAddressValid(PointerPde, TargetProcess);
            ASSERT(PointerPpe->u.Hard.Valid == 1);
        }
 
        //
        // And finally, make the PDE itself valid.
        //
        MiMakeSystemAddressValid(PointerPte, TargetProcess);
 
        //
        // This should've worked the first time so the loop is really just for
        // show -- ASSERT that we're actually NOT going to be looping.
        //
        ASSERT(PointerPxe->u.Hard.Valid == 1);
        ASSERT(PointerPpe->u.Hard.Valid == 1);
        ASSERT(PointerPde->u.Hard.Valid == 1);
    } while (!(PointerPxe->u.Hard.Valid) ||
             !(PointerPpe->u.Hard.Valid) ||
             !(PointerPde->u.Hard.Valid));
 }

◆ MiMakeSystemAddressValid()

ULONG NTAPI MiMakeSystemAddressValid	(	IN PVOID	PageTableVirtualAddress,
		IN PEPROCESS	CurrentProcess
	)

Definition at line 205 of file virtual.c.

Referenced by MiCalculatePageCommitment(), MiDeleteVirtualAddresses(), MiIsEntireRangeCommitted(), MiMakePdeExistAndMakeValid(), MiQueryAddressState(), and MiQueryPageTableReferences().

 {
     NTSTATUS Status;
     BOOLEAN WsShared = FALSE, WsSafe = FALSE, LockChange = FALSE;
     PETHREAD CurrentThread = PsGetCurrentThread();
 
     /* Must be a non-pool page table, since those are double-mapped already */
     ASSERT(PageTableVirtualAddress > MM_HIGHEST_USER_ADDRESS);
     ASSERT((PageTableVirtualAddress < MmPagedPoolStart) ||
            (PageTableVirtualAddress > MmPagedPoolEnd));
 
     /* Working set lock or PFN lock should be held */
     ASSERT(KeAreAllApcsDisabled() == TRUE);
 
     /* Check if the page table is valid */
     while (!MmIsAddressValid(PageTableVirtualAddress))
     {
         /* Release the working set lock */
         MiUnlockProcessWorkingSetForFault(CurrentProcess,
                                           CurrentThread,
                                           &WsSafe,
                                           &WsShared);
 
         /* Fault it in */
         Status = MmAccessFault(FALSE, PageTableVirtualAddress, KernelMode, NULL);
         if (!NT_SUCCESS(Status))
         {
             /* This should not fail */
             KeBugCheckEx(KERNEL_DATA_INPAGE_ERROR,
                          1,
                          Status,
                          (ULONG_PTR)CurrentProcess,
                          (ULONG_PTR)PageTableVirtualAddress);
         }
 
         /* Lock the working set again */
         MiLockProcessWorkingSetForFault(CurrentProcess,
                                         CurrentThread,
                                         WsSafe,
                                         WsShared);
 
         /* This flag will be useful later when we do better locking */
         LockChange = TRUE;
     }
 
     /* Let caller know what the lock state is */
     return LockChange;
 }

◆ MiMakeSystemAddressValidPfn()

ULONG NTAPI MiMakeSystemAddressValidPfn	(	IN PVOID	VirtualAddress,
		IN KIRQL	OldIrql
	)

Definition at line 257 of file virtual.c.

Referenced by MiGetPageProtection(), MiQueryPageTableReferences(), and MiSegmentDelete().

 {
     NTSTATUS Status;
     BOOLEAN LockChange = FALSE;
 
     /* Must be e kernel address */
     ASSERT(VirtualAddress > MM_HIGHEST_USER_ADDRESS);
 
     /* Check if the page is valid */
     while (!MmIsAddressValid(VirtualAddress))
     {
         /* Release the PFN database */
         MiReleasePfnLock(OldIrql);
 
         /* Fault it in */
         Status = MmAccessFault(FALSE, VirtualAddress, KernelMode, NULL);
         if (!NT_SUCCESS(Status))
         {
             /* This should not fail */
             KeBugCheckEx(KERNEL_DATA_INPAGE_ERROR,
                          3,
                          Status,
                          0,
                          (ULONG_PTR)VirtualAddress);
         }
 
         /* This flag will be useful later when we do better locking */
         LockChange = TRUE;
 
         /* Lock the PFN database */
         OldIrql = MiAcquirePfnLock();
     }
 
     /* Let caller know what the lock state is */
     return LockChange;
 }

◆ MiProcessValidPteList()

VOID NTAPI MiProcessValidPteList	(	IN PMMPTE *	ValidPteList,
		IN ULONG	Count
	)

Definition at line 2450 of file virtual.c.

Referenced by MiDecommitPages().

 {
     KIRQL OldIrql;
     ULONG i;
     MMPTE TempPte;
     PFN_NUMBER PageFrameIndex;
     PMMPFN Pfn1, Pfn2;
 
     //
     // Acquire the PFN lock and loop all the PTEs in the list
     //
     OldIrql = MiAcquirePfnLock();
     for (i = 0; i != Count; i++)
     {
         //
         // The PTE must currently be valid
         //
         TempPte = *ValidPteList[i];
         ASSERT(TempPte.u.Hard.Valid == 1);
 
         //
         // Get the PFN entry for the page itself, and then for its page table
         //
         PageFrameIndex = PFN_FROM_PTE(&TempPte);
         Pfn1 = MiGetPfnEntry(PageFrameIndex);
         Pfn2 = MiGetPfnEntry(Pfn1->u4.PteFrame);
 
         //
         // Decrement the share count on the page table, and then on the page
         // itself
         //
         MiDecrementShareCount(Pfn2, Pfn1->u4.PteFrame);
         MI_SET_PFN_DELETED(Pfn1);
         MiDecrementShareCount(Pfn1, PageFrameIndex);
 
         //
         // Make the page decommitted
         //
         MI_WRITE_INVALID_PTE(ValidPteList[i], MmDecommittedPte);
     }
 
     //
     // All the PTEs have been dereferenced and made invalid, flush the TLB now
     // and then release the PFN lock
     //
     KeFlushCurrentTb();
     MiReleasePfnLock(OldIrql);
 }

◆ MiProtectVirtualMemory()

NTSTATUS NTAPI MiProtectVirtualMemory	(	IN PEPROCESS	Process,
		IN OUT PVOID *	BaseAddress,
		IN OUT PSIZE_T	NumberOfBytesToProtect,
		IN ULONG	NewAccessProtection,
		OUT PULONG OldAccessProtection	OPTIONAL
	)

Definition at line 2092 of file virtual.c.

Referenced by CcPreparePinWrite(), CcpUnpinData(), NtAllocateVirtualMemory(), and NtProtectVirtualMemory().

 {
     PMEMORY_AREA MemoryArea;
     PMMVAD Vad;
     PMMSUPPORT AddressSpace;
     ULONG_PTR StartingAddress, EndingAddress;
     PMMPTE PointerPte, LastPte;
     PMMPDE PointerPde;
     MMPTE PteContents;
     PMMPFN Pfn1;
     ULONG ProtectionMask, OldProtect;
     BOOLEAN Committed;
     NTSTATUS Status = STATUS_SUCCESS;
     PETHREAD Thread = PsGetCurrentThread();
     TABLE_SEARCH_RESULT Result;
 
     /* Calculate base address for the VAD */
     StartingAddress = (ULONG_PTR)PAGE_ALIGN((*BaseAddress));
     EndingAddress = (((ULONG_PTR)*BaseAddress + *NumberOfBytesToProtect - 1) | (PAGE_SIZE - 1));
 
     /* Calculate the protection mask and make sure it's valid */
     ProtectionMask = MiMakeProtectionMask(NewAccessProtection);
     if (ProtectionMask == MM_INVALID_PROTECTION)
     {
         DPRINT1("Invalid protection mask\n");
         return STATUS_INVALID_PAGE_PROTECTION;
     }
 
     /* Check for ROS specific memory area */
     MemoryArea = MmLocateMemoryAreaByAddress(&Process->Vm, *BaseAddress);
     if ((MemoryArea) && (MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3))
     {
         /* Evil hack */
         return MiRosProtectVirtualMemory(Process,
                                          BaseAddress,
                                          NumberOfBytesToProtect,
                                          NewAccessProtection,
                                          OldAccessProtection);
     }
 
     /* Lock the address space and make sure the process isn't already dead */
     AddressSpace = MmGetCurrentAddressSpace();
     MmLockAddressSpace(AddressSpace);
     if (Process->VmDeleted)
     {
         DPRINT1("Process is dying\n");
         Status = STATUS_PROCESS_IS_TERMINATING;
         goto FailPath;
     }
 
     /* Get the VAD for this address range, and make sure it exists */
     Result = MiCheckForConflictingNode(StartingAddress >> PAGE_SHIFT,
                                        EndingAddress >> PAGE_SHIFT,
                                        &Process->VadRoot,
                                        (PMMADDRESS_NODE*)&Vad);
     if (Result != TableFoundNode)
     {
         DPRINT("Could not find a VAD for this allocation\n");
         Status = STATUS_CONFLICTING_ADDRESSES;
         goto FailPath;
     }
 
     /* Make sure the address is within this VAD's boundaries */
     if ((((ULONG_PTR)StartingAddress >> PAGE_SHIFT) < Vad->StartingVpn) ||
         (((ULONG_PTR)EndingAddress >> PAGE_SHIFT) > Vad->EndingVpn))
     {
         Status = STATUS_CONFLICTING_ADDRESSES;
         goto FailPath;
     }
 
     /* These kinds of VADs are not supported atm  */
     if ((Vad->u.VadFlags.VadType == VadAwe) ||
         (Vad->u.VadFlags.VadType == VadDevicePhysicalMemory) ||
         (Vad->u.VadFlags.VadType == VadLargePages))
     {
         DPRINT1("Illegal VAD for attempting to set protection\n");
         Status = STATUS_CONFLICTING_ADDRESSES;
         goto FailPath;
     }
 
     /* Check for a VAD whose protection can't be changed */
     if (Vad->u.VadFlags.NoChange == 1)
     {
         DPRINT1("Trying to change protection of a NoChange VAD\n");
         Status = STATUS_INVALID_PAGE_PROTECTION;
         goto FailPath;
     }
 
     /* Is this section, or private memory? */
     if (Vad->u.VadFlags.PrivateMemory == 0)
     {
         /* Not yet supported */
         if (Vad->u.VadFlags.VadType == VadLargePageSection)
         {
             DPRINT1("Illegal VAD for attempting to set protection\n");
             Status = STATUS_CONFLICTING_ADDRESSES;
             goto FailPath;
         }
 
         /* Rotate VADs are not yet supported */
         if (Vad->u.VadFlags.VadType == VadRotatePhysical)
         {
             DPRINT1("Illegal VAD for attempting to set protection\n");
             Status = STATUS_CONFLICTING_ADDRESSES;
             goto FailPath;
         }
 
         /* Not valid on section files */
         if (NewAccessProtection & (PAGE_NOCACHE | PAGE_WRITECOMBINE))
         {
             /* Fail */
             DPRINT1("Invalid protection flags for section\n");
             Status = STATUS_INVALID_PARAMETER_4;
             goto FailPath;
         }
 
         /* Check if data or page file mapping protection PTE is compatible */
         if (!Vad->ControlArea->u.Flags.Image)
         {
             /* Not yet */
             DPRINT1("Fixme: Not checking for valid protection\n");
         }
 
         /* This is a section, and this is not yet supported */
         DPRINT1("Section protection not yet supported\n");
         OldProtect = 0;
     }
     else
     {
         /* Private memory, check protection flags */
         if ((NewAccessProtection & PAGE_WRITECOPY) ||
             (NewAccessProtection & PAGE_EXECUTE_WRITECOPY))
         {
             DPRINT1("Invalid protection flags for private memory\n");
             Status = STATUS_INVALID_PARAMETER_4;
             goto FailPath;
         }
 
         /* Lock the working set */
         MiLockProcessWorkingSetUnsafe(Process, Thread);
 
         /* Check if all pages in this range are committed */
         Committed = MiIsEntireRangeCommitted(StartingAddress,
                                              EndingAddress,
                                              Vad,
                                              Process);
         if (!Committed)
         {
             /* Fail */
             DPRINT1("The entire range is not committed\n");
             Status = STATUS_NOT_COMMITTED;
             MiUnlockProcessWorkingSetUnsafe(Process, Thread);
             goto FailPath;
         }
 
         /* Compute starting and ending PTE and PDE addresses */
         PointerPde = MiAddressToPde(StartingAddress);
         PointerPte = MiAddressToPte(StartingAddress);
         LastPte = MiAddressToPte(EndingAddress);
 
         /* Make this PDE valid */
         MiMakePdeExistAndMakeValid(PointerPde, Process, MM_NOIRQL);
 
         /* Save protection of the first page */
         if (PointerPte->u.Long != 0)
         {
             /* Capture the page protection and make the PDE valid */
             OldProtect = MiGetPageProtection(PointerPte);
             MiMakePdeExistAndMakeValid(PointerPde, Process, MM_NOIRQL);
         }
         else
         {
             /* Grab the old protection from the VAD itself */
             OldProtect = MmProtectToValue[Vad->u.VadFlags.Protection];
         }
 
         /* Loop all the PTEs now */
         while (PointerPte <= LastPte)
         {
             /* Check if we've crossed a PDE boundary and make the new PDE valid too */
             if (MiIsPteOnPdeBoundary(PointerPte))
             {
                 PointerPde = MiPteToPde(PointerPte);
                 MiMakePdeExistAndMakeValid(PointerPde, Process, MM_NOIRQL);
             }
 
             /* Capture the PTE and check if it was empty */
             PteContents = *PointerPte;
             if (PteContents.u.Long == 0)
             {
                 /* This used to be a zero PTE and it no longer is, so we must add a
                    reference to the pagetable. */
                 MiIncrementPageTableReferences(MiPteToAddress(PointerPte));
             }
 
             /* Check what kind of PTE we are dealing with */
             if (PteContents.u.Hard.Valid == 1)
             {
                 /* Get the PFN entry */
                 Pfn1 = MiGetPfnEntry(PFN_FROM_PTE(&PteContents));
 
                 /* We don't support this yet */
                 ASSERT(Pfn1->u3.e1.PrototypePte == 0);
 
                 /* Check if the page should not be accessible at all */
                 if ((NewAccessProtection & PAGE_NOACCESS) ||
                     (NewAccessProtection & PAGE_GUARD))
                 {
                     KIRQL OldIrql = MiAcquirePfnLock();
 
                     /* Mark the PTE as transition and change its protection */
                     PteContents.u.Hard.Valid = 0;
                     PteContents.u.Soft.Transition = 1;
                     PteContents.u.Trans.Protection = ProtectionMask;
                     /* Decrease PFN share count and write the PTE */
                     MiDecrementShareCount(Pfn1, PFN_FROM_PTE(&PteContents));
                     // FIXME: remove the page from the WS
                     MI_WRITE_INVALID_PTE(PointerPte, PteContents);
 #ifdef CONFIG_SMP
                     // FIXME: Should invalidate entry in every CPU TLB
                     ASSERT(FALSE);
 #endif
                     KeInvalidateTlbEntry(MiPteToAddress(PointerPte));
 
                     /* We are done for this PTE */
                     MiReleasePfnLock(OldIrql);
                 }
                 else
                 {
                     /* Write the protection mask and write it with a TLB flush */
                     Pfn1->OriginalPte.u.Soft.Protection = ProtectionMask;
                     MiFlushTbAndCapture(Vad,
                                         PointerPte,
                                         ProtectionMask,
                                         Pfn1,
                                         TRUE);
                 }
             }
             else
             {
                 /* We don't support these cases yet */
                 ASSERT(PteContents.u.Soft.Prototype == 0);
                 //ASSERT(PteContents.u.Soft.Transition == 0);
 
                 /* The PTE is already demand-zero, just update the protection mask */
                 PteContents.u.Soft.Protection = ProtectionMask;
                 MI_WRITE_INVALID_PTE(PointerPte, PteContents);
                 ASSERT(PointerPte->u.Long != 0);
             }
 
             /* Move to the next PTE */
             PointerPte++;
         }
 
         /* Unlock the working set */
         MiUnlockProcessWorkingSetUnsafe(Process, Thread);
     }
 
     /* Unlock the address space */
     MmUnlockAddressSpace(AddressSpace);
 
     /* Return parameters and success */
     *NumberOfBytesToProtect = EndingAddress - StartingAddress + 1;
     *BaseAddress = (PVOID)StartingAddress;
     *OldAccessProtection = OldProtect;
     return STATUS_SUCCESS;
 
 FailPath:
     /* Unlock the address space and return the failure code */
     MmUnlockAddressSpace(AddressSpace);
     return Status;
 }

◆ MiQueryAddressState()

ULONG NTAPI MiQueryAddressState	(	IN PVOID	Va,
		IN PMMVAD	Vad,
		IN PEPROCESS	TargetProcess,
		OUT PULONG	ReturnedProtect,
		OUT PVOID *	NextVa
	)

Definition at line 1444 of file virtual.c.

Referenced by MiQueryMemoryBasicInformation().

 {
 
     PMMPTE PointerPte, ProtoPte;
     PMMPDE PointerPde;
 #if (_MI_PAGING_LEVELS >= 3)
     PMMPPE PointerPpe;
 #endif
 #if (_MI_PAGING_LEVELS >= 4)
     PMMPXE PointerPxe;
 #endif
     MMPTE TempPte, TempProtoPte;
     BOOLEAN DemandZeroPte = TRUE, ValidPte = FALSE;
     ULONG State = MEM_RESERVE, Protect = 0;
     ASSERT((Vad->StartingVpn <= ((ULONG_PTR)Va >> PAGE_SHIFT)) &&
            (Vad->EndingVpn >= ((ULONG_PTR)Va >> PAGE_SHIFT)));
 
     /* Only normal VADs supported */
     ASSERT(Vad->u.VadFlags.VadType == VadNone);
 
     /* Get the PDE and PTE for the address */
     PointerPde = MiAddressToPde(Va);
     PointerPte = MiAddressToPte(Va);
 #if (_MI_PAGING_LEVELS >= 3)
     PointerPpe = MiAddressToPpe(Va);
 #endif
 #if (_MI_PAGING_LEVELS >= 4)
     PointerPxe = MiAddressToPxe(Va);
 #endif
 
     /* Return the next range */
     *NextVa = (PVOID)((ULONG_PTR)Va + PAGE_SIZE);
 
     do
     {
 #if (_MI_PAGING_LEVELS >= 4)
         /* Does the PXE exist? */
         if (PointerPxe->u.Long == 0)
         {
             /* It does not, next range starts at the next PXE */
             *NextVa = MiPxeToAddress(PointerPxe + 1);
             break;
         }
 
         /* Is the PXE valid? */
         if (PointerPxe->u.Hard.Valid == 0)
         {
             /* Is isn't, fault it in (make the PPE accessible) */
             MiMakeSystemAddressValid(PointerPpe, TargetProcess);
         }
 #endif
 #if (_MI_PAGING_LEVELS >= 3)
         /* Does the PPE exist? */
         if (PointerPpe->u.Long == 0)
         {
             /* It does not, next range starts at the next PPE */
             *NextVa = MiPpeToAddress(PointerPpe + 1);
             break;
         }
 
         /* Is the PPE valid? */
         if (PointerPpe->u.Hard.Valid == 0)
         {
             /* Is isn't, fault it in (make the PDE accessible) */
             MiMakeSystemAddressValid(PointerPde, TargetProcess);
         }
 #endif
 
         /* Does the PDE exist? */
         if (PointerPde->u.Long == 0)
         {
             /* It does not, next range starts at the next PDE */
             *NextVa = MiPdeToAddress(PointerPde + 1);
             break;
         }
 
         /* Is the PDE valid? */
         if (PointerPde->u.Hard.Valid == 0)
         {
             /* Is isn't, fault it in (make the PTE accessible) */
             MiMakeSystemAddressValid(PointerPte, TargetProcess);
         }
 
         /* We have a PTE that we can access now! */
         ValidPte = TRUE;
 
     } while (FALSE);
 
     /* Is it safe to try reading the PTE? */
     if (ValidPte)
     {
         /* FIXME: watch out for large pages */
         ASSERT(PointerPde->u.Hard.LargePage == FALSE);
 
         /* Capture the PTE */
         TempPte = *PointerPte;
         if (TempPte.u.Long != 0)
         {
             /* The PTE is valid, so it's not zeroed out */
             DemandZeroPte = FALSE;
 
             /* Is it a decommited, invalid, or faulted PTE? */
             if ((TempPte.u.Soft.Protection == MM_DECOMMIT) &&
                 (TempPte.u.Hard.Valid == 0) &&
                 ((TempPte.u.Soft.Prototype == 0) ||
                  (TempPte.u.Soft.PageFileHigh == MI_PTE_LOOKUP_NEEDED)))
             {
                 /* Otherwise our defaults should hold */
                 ASSERT(Protect == 0);
                 ASSERT(State == MEM_RESERVE);
             }
             else
             {
                 /* This means it's committed */
                 State = MEM_COMMIT;
 
                 /* We don't support these */
                 ASSERT(Vad->u.VadFlags.VadType != VadDevicePhysicalMemory);
                 ASSERT(Vad->u.VadFlags.VadType != VadRotatePhysical);
                 ASSERT(Vad->u.VadFlags.VadType != VadAwe);
 
                 /* Get protection state of this page */
                 Protect = MiGetPageProtection(PointerPte);
 
                 /* Check if this is an image-backed VAD */
                 if ((TempPte.u.Soft.Valid == 0) &&
                     (TempPte.u.Soft.Prototype == 1) &&
                     (Vad->u.VadFlags.PrivateMemory == 0) &&
                     (Vad->ControlArea))
                 {
                     DPRINT1("Not supported\n");
                     ASSERT(FALSE);
                 }
             }
         }
     }
 
     /* Check if this was a demand-zero PTE, since we need to find the state */
     if (DemandZeroPte)
     {
         /* Not yet handled */
         ASSERT(Vad->u.VadFlags.VadType != VadDevicePhysicalMemory);
         ASSERT(Vad->u.VadFlags.VadType != VadAwe);
 
         /* Check if this is private commited memory, or an section-backed VAD */
         if ((Vad->u.VadFlags.PrivateMemory == 0) && (Vad->ControlArea))
         {
             /* Tell caller about the next range */
             *NextVa = (PVOID)((ULONG_PTR)Va + PAGE_SIZE);
 
             /* Get the prototype PTE for this VAD */
             ProtoPte = MI_GET_PROTOTYPE_PTE_FOR_VPN(Vad,
                                                     (ULONG_PTR)Va >> PAGE_SHIFT);
             if (ProtoPte)
             {
                 /* We should unlock the working set, but it's not being held! */
 
                 /* Is the prototype PTE actually valid (committed)? */
                 TempProtoPte = *ProtoPte;
                 if (TempProtoPte.u.Long)
                 {
                     /* Unless this is a memory-mapped file, handle it like private VAD */
                     State = MEM_COMMIT;
                     ASSERT(Vad->u.VadFlags.VadType != VadImageMap);
                     Protect = MmProtectToValue[Vad->u.VadFlags.Protection];
                 }
 
                 /* We should re-lock the working set */
             }
         }
         else if (Vad->u.VadFlags.MemCommit)
         {
             /* This is committed memory */
             State = MEM_COMMIT;
 
             /* Convert the protection */
             Protect = MmProtectToValue[Vad->u.VadFlags.Protection];
         }
     }
 
     /* Return the protection code */
     *ReturnedProtect = Protect;
     return State;
 }

◆ MiQueryMemoryBasicInformation()

NTSTATUS NTAPI MiQueryMemoryBasicInformation	(	IN HANDLE	ProcessHandle,
		IN PVOID	BaseAddress,
		OUT PVOID	MemoryInformation,
		IN SIZE_T	MemoryInformationLength,
		OUT PSIZE_T	ReturnLength
	)

Definition at line 1635 of file virtual.c.

Referenced by NtQueryVirtualMemory().

 {
     PEPROCESS TargetProcess;
     NTSTATUS Status = STATUS_SUCCESS;
     PMMVAD Vad = NULL;
     PVOID Address, NextAddress;
     BOOLEAN Found = FALSE;
     ULONG NewProtect, NewState;
     ULONG_PTR BaseVpn;
     MEMORY_BASIC_INFORMATION MemoryInfo;
     KAPC_STATE ApcState;
     KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
     PMEMORY_AREA MemoryArea;
     SIZE_T ResultLength;
 
     /* Check for illegal addresses in user-space, or the shared memory area */
     if ((BaseAddress > MM_HIGHEST_VAD_ADDRESS) ||
         (PAGE_ALIGN(BaseAddress) == (PVOID)MM_SHARED_USER_DATA_VA))
     {
         Address = PAGE_ALIGN(BaseAddress);
 
         /* Make up an info structure describing this range */
         MemoryInfo.BaseAddress = Address;
         MemoryInfo.AllocationProtect = PAGE_READONLY;
         MemoryInfo.Type = MEM_PRIVATE;
 
         /* Special case for shared data */
         if (Address == (PVOID)MM_SHARED_USER_DATA_VA)
         {
             MemoryInfo.AllocationBase = (PVOID)MM_SHARED_USER_DATA_VA;
             MemoryInfo.State = MEM_COMMIT;
             MemoryInfo.Protect = PAGE_READONLY;
             MemoryInfo.RegionSize = PAGE_SIZE;
         }
         else
         {
             MemoryInfo.AllocationBase = (PCHAR)MM_HIGHEST_VAD_ADDRESS + 1;
             MemoryInfo.State = MEM_RESERVE;
             MemoryInfo.Protect = PAGE_NOACCESS;
             MemoryInfo.RegionSize = (ULONG_PTR)MM_HIGHEST_USER_ADDRESS + 1 - (ULONG_PTR)Address;
         }
 
         /* Return the data, NtQueryInformation already probed it*/
         if (PreviousMode != KernelMode)
         {
             _SEH2_TRY
             {
                 *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
                 if (ReturnLength) *ReturnLength = sizeof(MEMORY_BASIC_INFORMATION);
             }
              _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
         }
         else
         {
             *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
             if (ReturnLength) *ReturnLength = sizeof(MEMORY_BASIC_INFORMATION);
         }
 
         return Status;
     }
 
     /* Check if this is for a local or remote process */
     if (ProcessHandle == NtCurrentProcess())
     {
         TargetProcess = PsGetCurrentProcess();
     }
     else
     {
         /* Reference the target process */
         Status = ObReferenceObjectByHandle(ProcessHandle,
                                            PROCESS_QUERY_INFORMATION,
                                            PsProcessType,
                                            ExGetPreviousMode(),
                                            (PVOID*)&TargetProcess,
                                            NULL);
         if (!NT_SUCCESS(Status)) return Status;
 
         /* Attach to it now */
         KeStackAttachProcess(&TargetProcess->Pcb, &ApcState);
     }
 
     /* Lock the address space and make sure the process isn't already dead */
     MmLockAddressSpace(&TargetProcess->Vm);
     if (TargetProcess->VmDeleted)
     {
         /* Unlock the address space of the process */
         MmUnlockAddressSpace(&TargetProcess->Vm);
 
         /* Check if we were attached */
         if (ProcessHandle != NtCurrentProcess())
         {
             /* Detach and dereference the process */
             KeUnstackDetachProcess(&ApcState);
             ObDereferenceObject(TargetProcess);
         }
 
         /* Bail out */
         DPRINT1("Process is dying\n");
         return STATUS_PROCESS_IS_TERMINATING;
     }
 
     /* Loop the VADs */
     ASSERT(TargetProcess->VadRoot.NumberGenericTableElements);
     if (TargetProcess->VadRoot.NumberGenericTableElements)
     {
         /* Scan on the right */
         Vad = (PMMVAD)TargetProcess->VadRoot.BalancedRoot.RightChild;
         BaseVpn = (ULONG_PTR)BaseAddress >> PAGE_SHIFT;
         while (Vad)
         {
             /* Check if this VAD covers the allocation range */
             if ((BaseVpn >= Vad->StartingVpn) &&
                 (BaseVpn <= Vad->EndingVpn))
             {
                 /* We're done */
                 Found = TRUE;
                 break;
             }
 
             /* Check if this VAD is too high */
             if (BaseVpn < Vad->StartingVpn)
             {
                 /* Stop if there is no left child */
                 if (!Vad->LeftChild) break;
 
                 /* Search on the left next */
                 Vad = Vad->LeftChild;
             }
             else
             {
                 /* Then this VAD is too low, keep searching on the right */
                 ASSERT(BaseVpn > Vad->EndingVpn);
 
                 /* Stop if there is no right child */
                 if (!Vad->RightChild) break;
 
                 /* Search on the right next */
                 Vad = Vad->RightChild;
             }
         }
     }
 
     /* Was a VAD found? */
     if (!Found)
     {
         Address = PAGE_ALIGN(BaseAddress);
 
         /* Calculate region size */
         if (Vad)
         {
             if (Vad->StartingVpn >= BaseVpn)
             {
                 /* Region size is the free space till the start of that VAD */
                 MemoryInfo.RegionSize = (ULONG_PTR)(Vad->StartingVpn << PAGE_SHIFT) - (ULONG_PTR)Address;
             }
             else
             {
                 /* Get the next VAD */
                 Vad = (PMMVAD)MiGetNextNode((PMMADDRESS_NODE)Vad);
                 if (Vad)
                 {
                     /* Region size is the free space till the start of that VAD */
                     MemoryInfo.RegionSize = (ULONG_PTR)(Vad->StartingVpn << PAGE_SHIFT) - (ULONG_PTR)Address;
                 }
                 else
                 {
                     /* Maximum possible region size with that base address */
                     MemoryInfo.RegionSize = (PCHAR)MM_HIGHEST_VAD_ADDRESS + 1 - (PCHAR)Address;
                 }
             }
         }
         else
         {
             /* Maximum possible region size with that base address */
             MemoryInfo.RegionSize = (PCHAR)MM_HIGHEST_VAD_ADDRESS + 1 - (PCHAR)Address;
         }
 
         /* Unlock the address space of the process */
         MmUnlockAddressSpace(&TargetProcess->Vm);
 
         /* Check if we were attached */
         if (ProcessHandle != NtCurrentProcess())
         {
             /* Detach and derefernece the process */
             KeUnstackDetachProcess(&ApcState);
             ObDereferenceObject(TargetProcess);
         }
 
         /* Build the rest of the initial information block */
         MemoryInfo.BaseAddress = Address;
         MemoryInfo.AllocationBase = NULL;
         MemoryInfo.AllocationProtect = 0;
         MemoryInfo.State = MEM_FREE;
         MemoryInfo.Protect = PAGE_NOACCESS;
         MemoryInfo.Type = 0;
 
         /* Return the data, NtQueryInformation already probed it*/
         if (PreviousMode != KernelMode)
         {
             _SEH2_TRY
             {
                 *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
                 if (ReturnLength) *ReturnLength = sizeof(MEMORY_BASIC_INFORMATION);
             }
              _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
         }
         else
         {
             *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
             if (ReturnLength) *ReturnLength = sizeof(MEMORY_BASIC_INFORMATION);
         }
 
         return Status;
     }
 
     /* Set the correct memory type based on what kind of VAD this is */
     if ((Vad->u.VadFlags.PrivateMemory) ||
         (Vad->u.VadFlags.VadType == VadRotatePhysical))
     {
         MemoryInfo.Type = MEM_PRIVATE;
     }
     else if (Vad->u.VadFlags.VadType == VadImageMap)
     {
         MemoryInfo.Type = MEM_IMAGE;
     }
     else
     {
         MemoryInfo.Type = MEM_MAPPED;
     }
 
     /* Find the memory area the specified address belongs to */
     MemoryArea = MmLocateMemoryAreaByAddress(&TargetProcess->Vm, BaseAddress);
     ASSERT(MemoryArea != NULL);
 
     /* Determine information dependent on the memory area type */
     if (MemoryArea->Type == MEMORY_AREA_SECTION_VIEW)
     {
         Status = MmQuerySectionView(MemoryArea, BaseAddress, &MemoryInfo, &ResultLength);
         if (!NT_SUCCESS(Status))
         {
             DPRINT1("MmQuerySectionView failed. MemoryArea=%p (%p-%p), BaseAddress=%p\n",
                     MemoryArea, MA_GetStartingAddress(MemoryArea), MA_GetEndingAddress(MemoryArea), BaseAddress);
             ASSERT(NT_SUCCESS(Status));
         }
     }
     else
     {
         /* Build the initial information block */
         Address = PAGE_ALIGN(BaseAddress);
         MemoryInfo.BaseAddress = Address;
         MemoryInfo.AllocationBase = (PVOID)(Vad->StartingVpn << PAGE_SHIFT);
         MemoryInfo.AllocationProtect = MmProtectToValue[Vad->u.VadFlags.Protection];
         MemoryInfo.Type = MEM_PRIVATE;
 
         /* Acquire the working set lock (shared is enough) */
         MiLockProcessWorkingSetShared(TargetProcess, PsGetCurrentThread());
 
         /* Find the largest chunk of memory which has the same state and protection mask */
         MemoryInfo.State = MiQueryAddressState(Address,
                                                Vad,
                                                TargetProcess,
                                                &MemoryInfo.Protect,
                                                &NextAddress);
         Address = NextAddress;
         while (((ULONG_PTR)Address >> PAGE_SHIFT) <= Vad->EndingVpn)
         {
             /* Keep going unless the state or protection mask changed */
             NewState = MiQueryAddressState(Address, Vad, TargetProcess, &NewProtect, &NextAddress);
             if ((NewState != MemoryInfo.State) || (NewProtect != MemoryInfo.Protect)) break;
             Address = NextAddress;
         }
 
         /* Release the working set lock */
         MiUnlockProcessWorkingSetShared(TargetProcess, PsGetCurrentThread());
 
         /* Check if we went outside of the VAD */
          if (((ULONG_PTR)Address >> PAGE_SHIFT) > Vad->EndingVpn)
          {
             /* Set the end of the VAD as the end address */
             Address = (PVOID)((Vad->EndingVpn + 1) << PAGE_SHIFT);
          }
 
         /* Now that we know the last VA address, calculate the region size */
         MemoryInfo.RegionSize = ((ULONG_PTR)Address - (ULONG_PTR)MemoryInfo.BaseAddress);
     }
 
     /* Unlock the address space of the process */
     MmUnlockAddressSpace(&TargetProcess->Vm);
 
     /* Check if we were attached */
     if (ProcessHandle != NtCurrentProcess())
     {
         /* Detach and derefernece the process */
         KeUnstackDetachProcess(&ApcState);
         ObDereferenceObject(TargetProcess);
     }
 
     /* Return the data, NtQueryInformation already probed it */
     if (PreviousMode != KernelMode)
     {
         _SEH2_TRY
         {
             *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
             if (ReturnLength) *ReturnLength = sizeof(MEMORY_BASIC_INFORMATION);
         }
          _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
         {
             Status = _SEH2_GetExceptionCode();
         }
         _SEH2_END;
     }
     else
     {
         *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
         if (ReturnLength) *ReturnLength = sizeof(MEMORY_BASIC_INFORMATION);
     }
 
     /* All went well */
     DPRINT("Base: %p AllocBase: %p AllocProtect: %lx Protect: %lx "
             "State: %lx Type: %lx Size: %lx\n",
             MemoryInfo.BaseAddress, MemoryInfo.AllocationBase,
             MemoryInfo.AllocationProtect, MemoryInfo.Protect,
             MemoryInfo.State, MemoryInfo.Type, MemoryInfo.RegionSize);
 
     return Status;
 }

◆ MiRosProtectVirtualMemory()

NTSTATUS NTAPI MiRosProtectVirtualMemory	(	IN PEPROCESS	Process,
		IN OUT PVOID *	BaseAddress,
		IN OUT PSIZE_T	NumberOfBytesToProtect,
		IN ULONG	NewAccessProtection,
		OUT PULONG OldAccessProtection	OPTIONAL
	)

Definition at line 2052 of file virtual.c.

Referenced by MiProtectVirtualMemory(), and MiQueryPageTableReferences().

 {
     PMEMORY_AREA MemoryArea;
     PMMSUPPORT AddressSpace;
     ULONG OldAccessProtection_;
     NTSTATUS Status;
 
     *NumberOfBytesToProtect = PAGE_ROUND_UP((ULONG_PTR)(*BaseAddress) + (*NumberOfBytesToProtect)) - PAGE_ROUND_DOWN(*BaseAddress);
     *BaseAddress = (PVOID)PAGE_ROUND_DOWN(*BaseAddress);
 
     AddressSpace = &Process->Vm;
     MmLockAddressSpace(AddressSpace);
     MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace, *BaseAddress);
     if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
     {
         MmUnlockAddressSpace(AddressSpace);
         return STATUS_UNSUCCESSFUL;
     }
 
     if (OldAccessProtection == NULL) OldAccessProtection = &OldAccessProtection_;
 
     ASSERT(MemoryArea->Type == MEMORY_AREA_SECTION_VIEW);
     Status = MmProtectSectionView(AddressSpace,
                                   MemoryArea,
                                   *BaseAddress,
                                   *NumberOfBytesToProtect,
                                   NewAccessProtection,
                                   OldAccessProtection);
 
     MmUnlockAddressSpace(AddressSpace);
 
     return Status;
 }

◆ MiUnlockVirtualMemory()

static NTSTATUS MiUnlockVirtualMemory	(	IN OUT PVOID *	BaseAddress,
		IN OUT PSIZE_T	RegionSize,
		IN ULONG	MapType
	)

static

Definition at line 3575 of file virtual.c.

Referenced by NtUnlockVirtualMemory().

 {
     PEPROCESS CurrentProcess;
     PMMSUPPORT AddressSpace;
     PVOID EndAddress;
     PMMPTE PointerPte, LastPte;
     PMMPDE PointerPde;
 #if (_MI_PAGING_LEVELS >= 3)
     PMMPDE PointerPpe;
 #endif
 #if (_MI_PAGING_LEVELS == 4)
     PMMPDE PointerPxe;
 #endif
     PMMPFN Pfn1;
     NTSTATUS Status;
 
     /* Lock the address space */
     AddressSpace = MmGetCurrentAddressSpace();
     MmLockAddressSpace(AddressSpace);
 
     /* Make sure we still have an address space */
     CurrentProcess = PsGetCurrentProcess();
     if (CurrentProcess->VmDeleted)
     {
         Status = STATUS_PROCESS_IS_TERMINATING;
         goto Cleanup;
     }
 
     /* Check the VADs in the requested range */
     Status = MiCheckVadsForLockOperation(BaseAddress, RegionSize, &EndAddress);
 
     /* Note: only bail out, if we hit an area without a VAD. If we hit an
        incompatible VAD we continue, like Windows does */
     if (Status == STATUS_ACCESS_VIOLATION)
     {
         Status = STATUS_NOT_LOCKED;
         goto Cleanup;
     }
 
     /* Get the PTE and PDE */
     PointerPte = MiAddressToPte(*BaseAddress);
     PointerPde = MiAddressToPde(*BaseAddress);
 #if (_MI_PAGING_LEVELS >= 3)
     PointerPpe = MiAddressToPpe(*BaseAddress);
 #endif
 #if (_MI_PAGING_LEVELS == 4)
     PointerPxe = MiAddressToPxe(*BaseAddress);
 #endif
 
     /* Get the last PTE */
     LastPte = MiAddressToPte((PVOID)((ULONG_PTR)EndAddress - 1));
 
     /* Lock the process working set */
     MiLockProcessWorkingSet(CurrentProcess, PsGetCurrentThread());
 
     /* Loop the pages */
     do
     {
         /* Check for a page that is not present */
         if (
 #if (_MI_PAGING_LEVELS == 4)
                (PointerPxe->u.Hard.Valid == 0) ||
 #endif
 #if (_MI_PAGING_LEVELS >= 3)
                (PointerPpe->u.Hard.Valid == 0) ||
 #endif
                (PointerPde->u.Hard.Valid == 0) ||
                (PointerPte->u.Hard.Valid == 0))
         {
             /* Remember it, but keep going */
             Status = STATUS_NOT_LOCKED;
         }
         else
         {
             /* Get the PFN */
             Pfn1 = MiGetPfnEntry(PFN_FROM_PTE(PointerPte));
             ASSERT(Pfn1 != NULL);
 
             /* Check if all of the requested locks are present */
             if (((MapType & MAP_SYSTEM) && !MI_IS_LOCKED_VA(Pfn1, MAP_SYSTEM)) ||
                 ((MapType & MAP_PROCESS) && !MI_IS_LOCKED_VA(Pfn1, MAP_PROCESS)))
             {
                 /* Remember it, but keep going */
                 Status = STATUS_NOT_LOCKED;
 
                 /* Check if no lock is present */
                 if (!MI_IS_LOCKED_VA(Pfn1, MAP_PROCESS | MAP_SYSTEM))
                 {
                     DPRINT1("FIXME: Should remove the page from WS\n");
                 }
             }
         }
 
         /* Go to the next PTE */
         PointerPte++;
 
         /* Check if we're on a PDE boundary */
         if (MiIsPteOnPdeBoundary(PointerPte)) PointerPde++;
 #if (_MI_PAGING_LEVELS >= 3)
         if (MiIsPteOnPpeBoundary(PointerPte)) PointerPpe++;
 #endif
 #if (_MI_PAGING_LEVELS == 4)
         if (MiIsPteOnPxeBoundary(PointerPte)) PointerPxe++;
 #endif
     } while (PointerPte <= LastPte);
 
     /* Check if we hit a page that was not locked */
     if (Status == STATUS_NOT_LOCKED)
     {
         goto CleanupWithWsLock;
     }
 
     /* All pages in the region were locked, so unlock them all */
 
     /* Get the PTE and PDE */
     PointerPte = MiAddressToPte(*BaseAddress);
     PointerPde = MiAddressToPde(*BaseAddress);
 #if (_MI_PAGING_LEVELS >= 3)
     PointerPpe = MiAddressToPpe(*BaseAddress);
 #endif
 #if (_MI_PAGING_LEVELS == 4)
     PointerPxe = MiAddressToPxe(*BaseAddress);
 #endif
 
     /* Loop the pages */
     do
     {
         /* Unlock it */
         Pfn1 = MiGetPfnEntry(PFN_FROM_PTE(PointerPte));
         MI_UNLOCK_VA(Pfn1, MapType);
 
         /* Go to the next PTE */
         PointerPte++;
 
         /* Check if we're on a PDE boundary */
         if (MiIsPteOnPdeBoundary(PointerPte)) PointerPde++;
 #if (_MI_PAGING_LEVELS >= 3)
         if (MiIsPteOnPpeBoundary(PointerPte)) PointerPpe++;
 #endif
 #if (_MI_PAGING_LEVELS == 4)
         if (MiIsPteOnPxeBoundary(PointerPte)) PointerPxe++;
 #endif
     } while (PointerPte <= LastPte);
 
     /* Everything is done */
     Status = STATUS_SUCCESS;
 
 CleanupWithWsLock:
 
     /* Release process working set */
     MiUnlockProcessWorkingSet(CurrentProcess, PsGetCurrentThread());
 
 Cleanup:
     /* Unlock address space */
     MmUnlockAddressSpace(AddressSpace);
 
     return Status;
 }

◆ MmCopyVirtualMemory()

NTSTATUS NTAPI MmCopyVirtualMemory	(	IN PEPROCESS	SourceProcess,
		IN PVOID	SourceAddress,
		IN PEPROCESS	TargetProcess,
		OUT PVOID	TargetAddress,
		IN SIZE_T	BufferSize,
		IN KPROCESSOR_MODE	PreviousMode,
		OUT PSIZE_T	ReturnSize
	)

Definition at line 1242 of file virtual.c.

Referenced by LpcpCopyRequestData(), NtReadVirtualMemory(), and NtWriteVirtualMemory().

 {
     NTSTATUS Status;
     PEPROCESS Process = SourceProcess;
 
     //
     // Don't accept zero-sized buffers
     //
     if (!BufferSize) return STATUS_SUCCESS;
 
     //
     // If we are copying from ourselves, lock the target instead
     //
     if (SourceProcess == PsGetCurrentProcess()) Process = TargetProcess;
 
     //
     // Acquire rundown protection
     //

Macros

Functions

Macro Definition Documentation

◆ MI_MAPPED_COPY_PAGES

◆ MI_MAX_TRANSFER_SIZE

◆ MI_POOL_COPY_BYTES

◆ MODULE_INVOLVED_IN_ARM3

◆ NDEBUG

Function Documentation

◆ MI_IS_LOCKED_VA()

◆ MI_LOCK_VA()

◆ MI_UNLOCK_VA()

◆ MiCalculatePageCommitment()

◆ MiCheckVadsForLockOperation()

◆ MiDecommitPages()

◆ MiDeletePte()

◆ MiDeleteSystemPageableVm()

◆ MiDeleteVirtualAddresses()

◆ MiDoMappedCopy()

◆ MiDoPoolCopy()

◆ MiFlushTbAndCapture()

◆ MiGetExceptionInfo()

◆ MiGetPageProtection()

◆ MiIsEntireRangeCommitted()

◆ MiLockVirtualMemory()

◆ MiMakePdeExistAndMakeValid()

◆ MiMakeSystemAddressValid()

◆ MiMakeSystemAddressValidPfn()

◆ MiProcessValidPteList()

◆ MiProtectVirtualMemory()

◆ MiQueryAddressState()

◆ MiQueryMemoryBasicInformation()

◆ MiRosProtectVirtualMemory()

◆ MiUnlockVirtualMemory()

◆ MmCopyVirtualMemory()