Include dependency graph for virtual.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
| #define | MODULE_INVOLVED_IN_ARM3 |
| #define | MI_MAPPED_COPY_PAGES 14 |
| #define | MI_POOL_COPY_BYTES 512 |
| #define | MI_MAX_TRANSFER_SIZE 64 * 1024 |
Macro Definition Documentation
◆ MI_MAPPED_COPY_PAGES
◆ MI_MAX_TRANSFER_SIZE
◆ MI_POOL_COPY_BYTES
◆ MODULE_INVOLVED_IN_ARM3
◆ NDEBUG
Function Documentation
◆ MI_IS_LOCKED_VA()
| FORCEINLINE BOOLEAN MI_IS_LOCKED_VA | ( | PMMPFN | Pfn1, |
| ULONG | LockType | ||
| ) |
Definition at line 3242 of file virtual.c.
3245{
3246 // HACK until we have proper WSLIST support
3248
3253
3255}
Definition: mmtypes.h:853
union _MMWSLE::@2813 u1
Referenced by MiLockVirtualMemory(), and MiUnlockVirtualMemory().
◆ MI_LOCK_VA()
| FORCEINLINE VOID MI_LOCK_VA | ( | PMMPFN | Pfn1, |
| ULONG | LockType | ||
| ) |
Definition at line 3259 of file virtual.c.
3262{
3263 // HACK until we have proper WSLIST support
3265
3268 {
3269 MiReferenceProbedPageAndBumpLockCount(Pfn1);
3270 }
3271
3276}
FORCEINLINE VOID MiReferenceProbedPageAndBumpLockCount(IN PMMPFN Pfn1)
Definition: miarm.h:1690
Referenced by MiLockVirtualMemory().
◆ MI_UNLOCK_VA()
| FORCEINLINE VOID MI_UNLOCK_VA | ( | PMMPFN | Pfn1, |
| ULONG | LockType | ||
| ) |
Definition at line 3280 of file virtual.c.
3283{
3284 // HACK until we have proper WSLIST support
3286
3291
3294 {
3295 MiDereferencePfnAndDropLockCount(Pfn1);
3296 }
3297}
FORCEINLINE VOID MiDereferencePfnAndDropLockCount(IN PMMPFN Pfn1)
Definition: miarm.h:1618
Referenced by MiUnlockVirtualMemory().
◆ MiCalculatePageCommitment()
| ULONG NTAPI MiCalculatePageCommitment | ( | IN ULONG_PTR | StartingAddress, |
| IN ULONG_PTR | EndingAddress, | ||
| IN PMMVAD | Vad, | ||
| IN PEPROCESS | Process | ||
| ) |
Definition at line 42 of file virtual.c.
46{
47 PMMPTE PointerPte, LastPte;
48 PMMPDE PointerPde;
50#if _MI_PAGING_LEVELS >= 3
51 PMMPPE PointerPpe;
53#if _MI_PAGING_LEVELS == 4
54 PMMPXE PointerPxe;
56#endif
57#endif
58
59 /* Make sure this all makes sense */
60 ASSERT(PsGetCurrentThread()->OwnsProcessWorkingSetExclusive || PsGetCurrentThread()->OwnsProcessWorkingSetShared);
61 ASSERT(EndingAddress >= StartingAddress);
62 PointerPte = MiAddressToPte(StartingAddress);
63 LastPte = MiAddressToPte(EndingAddress);
64
65 /*
66 * In case this is a committed VAD, assume the whole range is committed
67 * and count the individually decommitted pages.
68 * In case it is not, assume the range is not committed and count the individually committed pages.
69 */
70 ULONG_PTR CommittedPages = Vad->u.VadFlags.MemCommit ? BYTES_TO_PAGES(EndingAddress - StartingAddress) : 0;
71
72 while (PointerPte <= LastPte)
73 {
74#if _MI_PAGING_LEVELS == 4
75 /* Check if PXE was ever paged in. */
76 if (OnPxeBoundary)
77 {
78 PointerPxe = MiPteToPxe(PointerPte);
79
80 /* Check that this loop is sane */
81 ASSERT(OnPpeBoundary);
82 ASSERT(OnPdeBoundary);
83
85 {
86 PointerPxe++;
87 PointerPte = MiPxeToPte(PointerPde);
88 continue;
89 }
90
93 }
95#endif
96
97#if _MI_PAGING_LEVELS >= 3
98 /* Now PPE */
99 if (OnPpeBoundary)
100 {
101 PointerPpe = MiPteToPpe(PointerPte);
102
103 /* Sanity again */
104 ASSERT(OnPdeBoundary);
105
107 {
108 PointerPpe++;
109 PointerPte = MiPpeToPte(PointerPpe);
110#if _MI_PAGING_LEVELS == 4
111 OnPxeBoundary = MiIsPteOnPxeBoundary(PointerPte);
112#endif
113 continue;
114 }
115
118 }
120#endif
121
122 /* Last level is the PDE */
123 if (OnPdeBoundary)
124 {
125 PointerPde = MiPteToPde(PointerPte);
127 {
128 PointerPde++;
129 PointerPte = MiPdeToPte(PointerPde);
130#if _MI_PAGING_LEVELS >= 3
131 OnPpeBoundary = MiIsPteOnPpeBoundary(PointerPte);
132#if _MI_PAGING_LEVELS == 4
133 OnPxeBoundary = MiIsPteOnPxeBoundary(PointerPte);
134#endif
135#endif
136 continue;
137 }
138
141 }
143
144 /* Is this PTE demand zero? */
146 {
147 /* It isn't -- is it a decommited, invalid, or faulted PTE? */
152 {
153 /* It is, so remove it from the count of committed pages if we have to */
154 if (Vad->u.VadFlags.MemCommit)
155 CommittedPages--;
156 }
157 else if (!Vad->u.VadFlags.MemCommit)
158 {
159 /* It is a valid, non-decommited, non-paged out PTE. Count it in. */
160 CommittedPages++;
161 }
162 }
163
164 /* Move to the next PTE */
165 PointerPte++;
166 /* Manage page tables */
167 OnPdeBoundary = MiIsPteOnPdeBoundary(PointerPte);
168#if _MI_PAGING_LEVELS >= 3
169 OnPpeBoundary = MiIsPteOnPpeBoundary(PointerPte);
170#if _MI_PAGING_LEVELS == 4
171 OnPxeBoundary = MiIsPteOnPxeBoundary(PointerPte);
172#endif
173#endif
174 }
175
176 /* Make sure we didn't mess this up */
178 return CommittedPages;
179}
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
ULONG NTAPI MiMakeSystemAddressValid(IN PVOID PageTableVirtualAddress, IN PEPROCESS CurrentProcess)
Definition: virtual.c:183
Definition: mmtypes.h:212
union _MMPTE::@2514 u
#define BYTES_TO_PAGES(Size)
Referenced by NtFreeVirtualMemory().
◆ MiCheckVadsForLockOperation()
|
static |
FIXME: this might be a memory area for a section view...
Definition at line 3301 of file virtual.c.
3306{
3307 PMMVAD Vad;
3308 PVOID CurrentVa;
3309
3310 /* Get the base address and align the start address */
3314
3315 /* First loop and check all VADs */
3316 CurrentVa = *BaseAddress;
3317 while (CurrentVa < *EndAddress)
3318 {
3319 /* Get VAD */
3320 Vad = MiLocateAddress(CurrentVa);
3322 {
3325 }
3326
3327 /* Check VAD type */
3331 {
3332 *EndAddress = CurrentVa;
3335 }
3336
3338 }
3339
3342}
Definition: nsiface.idl:2307
PMMVAD NTAPI MiLocateAddress(IN PVOID VirtualAddress)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
Definition: mmtypes.h:721
union _MMVAD::@2803 u
Referenced by MiLockVirtualMemory(), and MiUnlockVirtualMemory().
◆ MiDecommitPages()
| ULONG NTAPI MiDecommitPages | ( | IN PVOID | StartingAddress, |
| IN PMMPTE | EndingPte, | ||
| IN PEPROCESS | Process, | ||
| IN PMMVAD | Vad | ||
| ) |
Definition at line 2592 of file virtual.c.
2596{
2598 PMMPDE PointerPde;
2599 ULONG CommitReduction = 0;
2600 PMMPTE ValidPteList[256];
2601 ULONG PteCount = 0;
2602 PMMPFN Pfn1;
2603 MMPTE PteContents;
2605
2606 //
2607 // Get the PTE and PTE for the address, and lock the working set
2608 // If this was a VAD for a MEM_COMMIT allocation, also figure out where the
2609 // commited range ends so that we can do the right accounting.
2610 //
2611 PointerPde = MiAddressToPde(StartingAddress);
2612 PointerPte = MiAddressToPte(StartingAddress);
2615
2616 //
2617 // Make the PDE valid, and now loop through each page's worth of data
2618 //
2620 while (PointerPte <= EndingPte)
2621 {
2622 //
2623 // Check if we've crossed a PDE boundary
2624 //
2626 {
2627 //
2628 // Get the new PDE and flush the valid PTEs we had built up until
2629 // now. This helps reduce the amount of TLB flushing we have to do.
2630 // Note that Windows does a much better job using timestamps and
2631 // such, and does not flush the entire TLB all the time, but right
2632 // now we have bigger problems to worry about than TLB flushing.
2633 //
2634 PointerPde = MiAddressToPde(StartingAddress);
2635 if (PteCount)
2636 {
2637 MiProcessValidPteList(ValidPteList, PteCount);
2638 PteCount = 0;
2639 }
2640
2641 //
2642 // Make this PDE valid
2643 //
2645 }
2646
2647 //
2648 // Read this PTE. It might be active or still demand-zero.
2649 //
2650 PteContents = *PointerPte;
2652 {
2653 //
2654 // The PTE is active. It might be valid and in a working set, or
2655 // it might be a prototype PTE or paged out or even in transition.
2656 //
2658 {
2659 //
2660 // It's already decommited, so there's nothing for us to do here
2661 //
2662 CommitReduction++;
2663 }
2664 else
2665 {
2666 //
2667 // Remove it from the counters, and check if it was valid or not
2668 //
2669 //Process->NumberOfPrivatePages--;
2671 {
2672 //
2673 // It's valid. At this point make sure that it is not a ROS
2674 // PFN. Also, we don't support ProtoPTEs in this code path.
2675 //
2679
2680 //
2681 // Flush any pending PTEs that we had not yet flushed, if our
2682 // list has gotten too big, then add this PTE to the flush list.
2683 //
2684 if (PteCount == 256)
2685 {
2686 MiProcessValidPteList(ValidPteList, PteCount);
2687 PteCount = 0;
2688 }
2689 ValidPteList[PteCount++] = PointerPte;
2690 }
2691 else
2692 {
2693 //
2694 // We do not support any of these other scenarios at the moment
2695 //
2699
2700 //
2701 // So the only other possibility is that it is still a demand
2702 // zero PTE, in which case we undo the accounting we did
2703 // earlier and simply make the page decommitted.
2704 //
2705 //Process->NumberOfPrivatePages++;
2707 }
2708 }
2709 }
2710 else
2711 {
2712 //
2713 // This used to be a zero PTE and it no longer is, so we must add a
2714 // reference to the pagetable.
2715 //
2716 MiIncrementPageTableReferences(StartingAddress);
2717
2718 //
2719 // Next, we account for decommitted PTEs and make the PTE as such
2720 //
2721 if (PointerPte > CommitPte) CommitReduction++;
2723 }
2724
2725 //
2726 // Move to the next PTE and the next address
2727 //
2728 PointerPte++;
2730 }
2731
2732 //
2733 // Flush any dangling PTEs from the loop in the last page table, and then
2734 // release the working set and return the commit reduction accounting.
2735 //
2738 return CommitReduction;
2739}
FORCEINLINE VOID MiUnlockProcessWorkingSetUnsafe(IN PEPROCESS Process, IN PETHREAD Thread)
Definition: miarm.h:1242
FORCEINLINE VOID MI_WRITE_INVALID_PTE(IN PMMPTE PointerPte, IN MMPTE InvalidPte)
Definition: miarm.h:996
FORCEINLINE USHORT MiIncrementPageTableReferences(IN PVOID Address)
Definition: miarm.h:2475
FORCEINLINE VOID MiLockProcessWorkingSetUnsafe(IN PEPROCESS Process, IN PETHREAD Thread)
Definition: miarm.h:1172
VOID NTAPI MiProcessValidPteList(IN PMMPTE *ValidPteList, IN ULONG Count)
Definition: virtual.c:2540
VOID NTAPI MiMakePdeExistAndMakeValid(IN PMMPDE PointerPde, IN PEPROCESS TargetProcess, IN KIRQL OldIrql)
Definition: virtual.c:2446
Definition: pstypes.h:1191
union _MMPFN::@1931 u3
Referenced by NtFreeVirtualMemory().
◆ MiDeletePte()
| VOID NTAPI MiDeletePte | ( | IN PMMPTE | PointerPte, |
| IN PVOID | VirtualAddress, | ||
| IN PEPROCESS | CurrentProcess, | ||
| IN PMMPTE | PrototypePte | ||
| ) |
Definition at line 369 of file virtual.c.
373{
374 PMMPFN Pfn1;
376 PFN_NUMBER PageFrameIndex;
377 PMMPDE PointerPde;
378
379 /* PFN lock must be held */
380 MI_ASSERT_PFN_LOCK_HELD();
381
382 /* WorkingSet must be exclusively locked */
384
385 /* This must be current process. */
387
388 /* Capture the PTE */
389 TempPte = *PointerPte;
390
391 /* See if the PTE is valid */
393 {
394 /* Prototype and paged out PTEs not supported yet */
397
399 {
400 /* Get the PFN entry */
402 Pfn1 = MiGetPfnEntry(PageFrameIndex);
403
405
406 /* Make sure the saved PTE address is valid */
408
409 /* Destroy the PTE */
410 MI_ERASE_PTE(PointerPte);
411
412 /* Drop the reference on the page table. */
414
415 /* In case of shared page, the prototype PTE must be in transition, not the process one */
417
418 /* Delete the PFN */
419 MI_SET_PFN_DELETED(Pfn1);
420
421 /* It must be either free (refcount == 0) or being written (refcount == 1) */
423
424 /* See if we must free it ourselves, or if it will be freed once I/O is over */
426 {
427 /* And it should be in standby or modified list */
428 ASSERT((Pfn1->u3.e1.PageLocation == ModifiedPageList) || (Pfn1->u3.e1.PageLocation == StandbyPageList));
429
430 /* Unlink it and set its reference count to one */
431 MiUnlinkPageFromList(Pfn1);
433
434 /* This will put it back in free list and clean properly up */
435 MiDecrementReferenceCount(Pfn1, PageFrameIndex);
436 }
437 return;
438 }
439 }
440
441 /* Get the PFN entry */
443 Pfn1 = MiGetPfnEntry(PageFrameIndex);
444
445 /* Check if this is a valid, prototype PTE */
447 {
448 /* Get the PDE and make sure it's faulted in */
449 PointerPde = MiPteToPde(PointerPte);
451 {
452#if (_MI_PAGING_LEVELS == 2)
453 /* Could be paged pool access from a new process -- synchronize the page directories */
455 {
456#endif
457 /* The PDE must be valid at this point */
458 KeBugCheckEx(MEMORY_MANAGEMENT,
459 0x61940,
460 (ULONG_PTR)PointerPte,
461 PointerPte->u.Long,
463 }
464#if (_MI_PAGING_LEVELS == 2)
465 }
466#endif
467 /* Drop the share count on the page table */
468 PointerPde = MiPteToPde(PointerPte);
471
472 /* Drop the share count */
473 MiDecrementShareCount(Pfn1, PageFrameIndex);
474
475 /* Either a fork, or this is the shared user data page */
477 {
478 /* If it's not the shared user page, then crash, since there's no fork() yet */
481 {
482 /* Must be some sort of memory corruption */
483 KeBugCheckEx(MEMORY_MANAGEMENT,
484 0x400,
485 (ULONG_PTR)PointerPte,
488 }
489 }
490
491 /* Erase it */
492 MI_ERASE_PTE(PointerPte);
493 }
494 else
495 {
496 /* Make sure the saved PTE address is valid */
498 {
499 /* The PFN entry is illegal, or invalid */
500 KeBugCheckEx(MEMORY_MANAGEMENT,
501 0x401,
502 (ULONG_PTR)PointerPte,
503 PointerPte->u.Long,
505 }
506
507 /* Erase the PTE */
508 MI_ERASE_PTE(PointerPte);
509
510 /* There should only be 1 shared reference count */
512
513 /* Drop the reference on the page table. */
515
516 /* Mark the PFN for deletion and dereference what should be the last ref */
517 MI_SET_PFN_DELETED(Pfn1);
518 MiDecrementShareCount(Pfn1, PageFrameIndex);
519
520 /* We should eventually do this */
521 //CurrentProcess->NumberOfPrivatePages--;
522 }
523
524 /* Flush the TLB */
525 KeFlushCurrentTb();
526}
FORCEINLINE BOOLEAN MM_ANY_WS_LOCK_HELD_EXCLUSIVE(_In_ PETHREAD Thread)
Definition: miarm.h:1068
VOID NTAPI MiDecrementShareCount(IN PMMPFN Pfn1, IN PFN_NUMBER PageFrameIndex)
Definition: pfnlist.c:1141
NTSTATUS FASTCALL MiCheckPdeForPagedPool(IN PVOID Address)
Definition: pagfault.c:479
VOID NTAPI MiDecrementReferenceCount(IN PMMPFN Pfn1, IN PFN_NUMBER PageFrameIndex)
Definition: pfnlist.c:1236
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
union _MMPFN::@1934 u4
struct _MMPFN::@1931::@1937 e2
union _MMPFN::@1930 u2
_Must_inspect_result_ _In_ WDFDMATRANSACTION _In_ PFN_WDF_PROGRAM_DMA _In_ WDF_DMA_DIRECTION _In_ PMDL _In_ PVOID VirtualAddress
Definition: wdfdmatransaction.h:189
#define PAGE_ALIGN(Va)
Referenced by MiDeletePde(), MiDeleteVirtualAddresses(), MiResolveProtoPteFault(), and MmArmAccessFault().
◆ MiDeleteSystemPageableVm()
| PFN_COUNT NTAPI MiDeleteSystemPageableVm | ( | IN PMMPTE | PointerPte, |
| IN PFN_NUMBER | PageCount, | ||
| IN ULONG | Flags, | ||
| OUT PPFN_NUMBER | ValidPages | ||
| ) |
Definition at line 275 of file virtual.c.
279{
280 PFN_COUNT ActualPages = 0;
282 PMMPFN Pfn1, Pfn2;
283 PFN_NUMBER PageFrameIndex, PageTableIndex;
286
287 /* Lock the system working set */
289
290 /* Loop all pages */
291 while (PageCount)
292 {
293 /* Make sure there's some data about the page */
294 if (PointerPte->u.Long)
295 {
296 /* Normally this is one possibility -- freeing a valid page */
297 if (PointerPte->u.Hard.Valid)
298 {
299 /* Get the page PFN */
300 PageFrameIndex = PFN_FROM_PTE(PointerPte);
301 Pfn1 = MiGetPfnEntry(PageFrameIndex);
302
303 /* Should not have any working set data yet */
305
306 /* Actual valid, legitimate, pages */
307 if (ValidPages) (*ValidPages)++;
308
309 /* Get the page table entry */
311 Pfn2 = MiGetPfnEntry(PageTableIndex);
312
313 /* Lock the PFN database */
314 OldIrql = MiAcquirePfnLock();
315
316 /* Delete it the page */
317 MI_SET_PFN_DELETED(Pfn1);
318 MiDecrementShareCount(Pfn1, PageFrameIndex);
319
320 /* Decrement the page table too */
321 MiDecrementShareCount(Pfn2, PageTableIndex);
322
323 /* Release the PFN database */
324 MiReleasePfnLock(OldIrql);
325
326 /* Destroy the PTE */
327 MI_ERASE_PTE(PointerPte);
328 }
329 else
330 {
331 /* As always, only handle current ARM3 scenarios */
332 ASSERT(PointerPte->u.Soft.Prototype == 0);
333 ASSERT(PointerPte->u.Soft.Transition == 0);
334
335 /*
336 * The only other ARM3 possibility is a demand zero page, which would
337 * mean freeing some of the paged pool pages that haven't even been
338 * touched yet, as part of a larger allocation.
339 *
340 * Right now, we shouldn't expect any page file information in the PTE
341 */
342 ASSERT(PointerPte->u.Soft.PageFileHigh == 0);
343
344 /* Destroy the PTE */
345 MI_ERASE_PTE(PointerPte);
346 }
347
348 /* Actual legitimate pages */
349 ActualPages++;
350 }
351
352 /* Keep going */
353 PointerPte++;
354 PageCount--;
355 }
356
357 /* Release the working set */
359
360 /* Flush the entire TLB */
362
363 /* Done */
364 return ActualPages;
365}
FORCEINLINE VOID MiLockWorkingSet(IN PETHREAD Thread, IN PMMSUPPORT WorkingSet)
Definition: miarm.h:1268
FORCEINLINE VOID MiUnlockWorkingSet(IN PETHREAD Thread, IN PMMSUPPORT WorkingSet)
Definition: miarm.h:1354
VOID NTAPI KeFlushEntireTb(IN BOOLEAN Invalid, IN BOOLEAN AllProcessors)
Definition: cpu.c:661
union _MMPFN::@1929 u1
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
Definition: kefuncs.h:778
Referenced by MiFreeInitializationCode(), MiFreePoolPages(), MmFreeDriverInitialization(), and MmFreeSpecialPool().
◆ MiDeleteVirtualAddresses()
| VOID NTAPI MiDeleteVirtualAddresses | ( | _In_ ULONG_PTR | Va, |
| _In_ ULONG_PTR | EndingAddress, | ||
| _In_opt_ PMMVAD | Vad | ||
| ) |
Definition at line 530 of file virtual.c.
534{
536 PMMPDE PointerPde;
537#if (_MI_PAGING_LEVELS >= 3)
538 PMMPPE PointerPpe;
539#endif
540#if (_MI_PAGING_LEVELS >= 4)
541 PMMPPE PointerPxe;
542#endif
544 PEPROCESS CurrentProcess;
547 PSUBSECTION Subsection;
548
549 /* We should never get RosMm memory areas here */
551
552 /* Get the current process */
553 CurrentProcess = PsGetCurrentProcess();
554
555 /* Check if this is a section VAD or a VM VAD */
556 if (!(Vad) || (Vad->u.VadFlags.PrivateMemory) || !(Vad->FirstPrototypePte))
557 {
558 /* Don't worry about prototypes */
560 }
561 else
562 {
563 /* Get the prototype PTE */
564 PrototypePte = Vad->FirstPrototypePte;
565 LastPrototypePte = Vad->FirstPrototypePte + 1;
566 }
567
568 /* In all cases, we don't support fork() yet */
570
571 /* Loop the PTE for each VA (EndingAddress is inclusive!) */
572 while (Va <= EndingAddress)
573 {
574#if (_MI_PAGING_LEVELS >= 4)
575 /* Get the PXE and check if it's valid */
578 {
579 /* Check for unmapped range and skip it */
581 {
582 /* There are gaps in the address space */
583 AddressGap = TRUE;
584
585 /* Update Va and continue looping */
587 continue;
588 }
589
590 /* Make the PXE valid */
592 }
593#endif
594#if (_MI_PAGING_LEVELS >= 3)
595 /* Get the PPE and check if it's valid */
598 {
599 /* Check for unmapped range and skip it */
601 {
602 /* There are gaps in the address space */
603 AddressGap = TRUE;
604
605 /* Update Va and continue looping */
607 continue;
608 }
609
610 /* Make the PPE valid */
612 }
613#endif
614 /* Skip invalid PDEs */
617 {
618 /* There are gaps in the address space */
619 AddressGap = TRUE;
620
621 /* Check if all the PDEs are invalid, so there's nothing to free */
623 continue;
624 }
625
626 /* Now check if the PDE is mapped in */
628 {
629 /* It isn't, so map it in */
630 PointerPte = MiPteToAddress(PointerPde);
631 MiMakeSystemAddressValid(PointerPte, CurrentProcess);
632 }
633
634 /* Now we should have a valid PDE, mapped in, and still have some VA */
636 ASSERT(Va <= EndingAddress);
637
638 /* Check if this is a section VAD with gaps in it */
639 if ((AddressGap) && (LastPrototypePte))
640 {
641 /* We need to skip to the next correct prototype PTE */
643
644 /* And we need the subsection to skip to the next last prototype PTE */
646 if (Subsection)
647 {
648 /* Found it! */
650 }
651 else
652 {
653 /* No more subsections, we are done with prototype PTEs */
655 }
656 }
657
658 /* Lock the PFN Database while we delete the PTEs */
659 OldIrql = MiAcquirePfnLock();
660 PointerPte = MiAddressToPte(Va);
661 do
662 {
663 /* Making sure the PDE is still valid */
665
666 /* Capture the PDE and make sure it exists */
667 TempPte = *PointerPte;
669 {
670 /* Check if the PTE is actually mapped in */
672 {
673 /* Are we dealing with section VAD? */
675 {
676 /* We need to skip to the next correct prototype PTE */
678
679 /* And we need the subsection to skip to the next last prototype PTE */
681 if (Subsection)
682 {
683 /* Found it! */
685 }
686 else
687 {
688 /* No more subsections, we are done with prototype PTEs */
690 }
691 }
692
693 /* Check for prototype PTE */
695 (TempPte.u.Soft.Prototype == 1))
696 {
697 /* Just nuke it */
698 MI_ERASE_PTE(PointerPte);
699 }
700 else
701 {
702 /* Delete the PTE proper */
703 MiDeletePte(PointerPte,
704 (PVOID)Va,
705 CurrentProcess,
706 PrototypePte);
707 }
708 }
709 else
710 {
711 /* The PTE was never mapped, just nuke it here */
712 MI_ERASE_PTE(PointerPte);
713 }
714
716 {
718
719 /* Delete the PDE proper */
720 MiDeletePde(PointerPde, CurrentProcess);
721
722 /* Continue with the next PDE */
724
725 /* Use this to detect address gaps */
726 PointerPte++;
727
728 PrototypePte++;
729 break;
730 }
731 }
732
733 /* Update the address and PTE for it */
734 Va += PAGE_SIZE;
735 PointerPte++;
736 PrototypePte++;
738
739 /* Release the lock */
740 MiReleasePfnLock(OldIrql);
741
742 if (Va > EndingAddress) return;
743
744 /* Check if we exited the loop regularly */
745 AddressGap = (PointerPte != MiAddressToPte(Va));
746 }
747}
FORCEINLINE PMMPTE MI_GET_PROTOTYPE_PTE_FOR_VPN(IN PMMVAD Vad, IN ULONG_PTR Vpn)
Definition: miarm.h:1560
FORCEINLINE VOID MiDeletePde(_In_ PMMPDE PointerPde, _In_ PEPROCESS CurrentProcess)
Definition: miarm.h:2535
FORCEINLINE USHORT MiDecrementPageTableReferences(IN PVOID Address)
Definition: miarm.h:2501
PSUBSECTION NTAPI MiLocateSubsection(IN PMMVAD Vad, IN ULONG_PTR Vpn)
Definition: section.c:556
VOID NTAPI MiDeletePte(IN PMMPTE PointerPte, IN PVOID VirtualAddress, IN PEPROCESS CurrentProcess, IN PMMPTE PrototypePte)
Definition: virtual.c:369
Definition: pstypes.h:1350
Definition: mmtypes.h:572
Referenced by MiRemoveMappedView(), MmCleanProcessAddressSpace(), MmDeleteTeb(), and NtFreeVirtualMemory().
◆ MiDoMappedCopy()
| NTSTATUS NTAPI MiDoMappedCopy | ( | IN PEPROCESS | SourceProcess, |
| IN PVOID | SourceAddress, | ||
| IN PEPROCESS | TargetProcess, | ||
| OUT PVOID | TargetAddress, | ||
| IN SIZE_T | BufferSize, | ||
| IN KPROCESSOR_MODE | PreviousMode, | ||
| OUT PSIZE_T | ReturnSize | ||
| ) |
Definition at line 795 of file virtual.c.
802{
805 SIZE_T TotalSize, CurrentSize, RemainingSize;
811 BOOLEAN HaveBadAddress;
812 ULONG_PTR BadAddress;
814 PAGED_CODE();
815
816 //
817 // Calculate the maximum amount of data to move
818 //
821 CurrentSize = TotalSize;
822 RemainingSize = BufferSize;
823
824 //
825 // Loop as long as there is still data
826 //
827 while (RemainingSize > 0)
828 {
829 //
830 // Check if this transfer will finish everything off
831 //
832 if (RemainingSize < CurrentSize) CurrentSize = RemainingSize;
833
834 //
835 // Attach to the source address space
836 //
838
839 //
840 // Check state for this pass
841 //
845
846 //
847 // Protect user-mode copy
848 //
849 _SEH2_TRY
850 {
851 //
852 // If this is our first time, probe the buffer
853 //
855 {
856 //
857 // Catch a failure here
858 //
859 FailedInProbe = TRUE;
860
861 //
862 // Do the probe
863 //
865
866 //
867 // Passed
868 //
869 FailedInProbe = FALSE;
870 }
871
872 //
873 // Initialize and probe and lock the MDL
874 //
877 PagesLocked = TRUE;
878 }
880 {
882 }
883 _SEH2_END
884
885 /* Detach from source process */
887
889 {
891 }
892
893 //
894 // Now map the pages
895 //
897 KernelMode,
898 MmCached,
899 NULL,
900 FALSE,
901 HighPagePriority);
902 if (!MdlAddress)
903 {
906 }
907
908 //
909 // Grab to the target process
910 //
912
913 _SEH2_TRY
914 {
915 //
916 // Check if this is our first time through
917 //
919 {
920 //
921 // Catch a failure here
922 //
923 FailedInProbe = TRUE;
924
925 //
926 // Do the probe
927 //
929
930 //
931 // Passed
932 //
933 FailedInProbe = FALSE;
934 }
935
936 //
937 // Now do the actual move
938 //
939 RtlCopyMemory(CurrentTargetAddress, MdlAddress, CurrentSize);
940 }
942 &HaveBadAddress,
943 &BadAddress))
944 {
945 *ReturnSize = BufferSize - RemainingSize;
946 //
947 // Check if we failed during the probe
948 //
949 if (FailedInProbe)
950 {
951 //
952 // Exit
953 //
955 }
956 else
957 {
958 //
959 // Othewise we failed during the move.
960 // Check if we know exactly where we stopped copying
961 //
962 if (HaveBadAddress)
963 {
964 //
965 // Return the exact number of bytes copied
966 //
968 }
969 //
970 // Return partial copy
971 //
973 }
974 }
975 _SEH2_END;
976
977 /* Detach from target process */
979
980 //
981 // Check for SEH status
982 //
984 {
986 }
987
988 //
989 // Unmap and unlock
990 //
992 MdlAddress = NULL;
994 PagesLocked = FALSE;
995
996 //
997 // Update location and size
998 //
999 RemainingSize -= CurrentSize;
1002 }
1003
1004Exit:
1007 if (PagesLocked)
1009
1010 //
1011 // All bytes read
1012 //
1014 *ReturnSize = BufferSize;
1016}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
VOID NTAPI MmProbeAndLockPages(IN PMDL Mdl, IN KPROCESSOR_MODE AccessMode, IN LOCK_OPERATION Operation)
Definition: mdlsup.c:931
PVOID NTAPI MmMapLockedPagesSpecifyCache(IN PMDL Mdl, IN KPROCESSOR_MODE AccessMode, IN MEMORY_CACHING_TYPE CacheType, IN PVOID BaseAddress, IN ULONG BugCheckOnFailure, IN ULONG Priority)
Definition: mdlsup.c:660
VOID NTAPI MmUnmapLockedPages(IN PVOID BaseAddress, IN PMDL Mdl)
Definition: mdlsup.c:837
LONG MiGetExceptionInfo(IN PEXCEPTION_POINTERS ExceptionInfo, OUT PBOOLEAN HaveBadAddress, OUT PULONG_PTR BadAddress)
Definition: virtual.c:750
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
_Must_inspect_result_ typedef _In_ PHYSICAL_ADDRESS _Inout_ PLARGE_INTEGER _Outptr_ PVOID * TargetAddress
Definition: iotypes.h:1037
_Must_inspect_result_ typedef _In_ PHYSICAL_ADDRESS SourceAddress
Definition: iotypes.h:1127
#define MmInitializeMdl(_MemoryDescriptorList, _BaseVa, _Length)
Referenced by MmCopyVirtualMemory().
◆ MiDoPoolCopy()
| NTSTATUS NTAPI MiDoPoolCopy | ( | IN PEPROCESS | SourceProcess, |
| IN PVOID | SourceAddress, | ||
| IN PEPROCESS | TargetProcess, | ||
| OUT PVOID | TargetAddress, | ||
| IN SIZE_T | BufferSize, | ||
| IN KPROCESSOR_MODE | PreviousMode, | ||
| OUT PSIZE_T | ReturnSize | ||
| ) |
Definition at line 1020 of file virtual.c.
1027{
1029 SIZE_T TotalSize, CurrentSize, RemainingSize;
1032 PVOID PoolAddress;
1034 BOOLEAN HaveBadAddress;
1035 ULONG_PTR BadAddress;
1037 PAGED_CODE();
1038
1041
1042 //
1043 // Calculate the maximum amount of data to move
1044 //
1045 TotalSize = MI_MAX_TRANSFER_SIZE;
1047 CurrentSize = TotalSize;
1048 RemainingSize = BufferSize;
1049
1050 //
1051 // Check if we can use the stack
1052 //
1054 {
1055 //
1056 // Use it
1057 //
1058 PoolAddress = (PVOID)StackBuffer;
1059 }
1060 else
1061 {
1062 //
1063 // Allocate pool
1064 //
1067 HavePoolAddress = TRUE;
1068 }
1069
1070 //
1071 // Loop as long as there is still data
1072 //
1073 while (RemainingSize > 0)
1074 {
1075 //
1076 // Check if this transfer will finish everything off
1077 //
1078 if (RemainingSize < CurrentSize) CurrentSize = RemainingSize;
1079
1080 //
1081 // Attach to the source address space
1082 //
1084
1085 /* Check that state is sane */
1088
1089 //
1090 // Protect user-mode copy
1091 //
1092 _SEH2_TRY
1093 {
1094 //
1095 // If this is our first time, probe the buffer
1096 //
1098 {
1099 //
1100 // Catch a failure here
1101 //
1102 FailedInProbe = TRUE;
1103
1104 //
1105 // Do the probe
1106 //
1108
1109 //
1110 // Passed
1111 //
1112 FailedInProbe = FALSE;
1113 }
1114
1115 //
1116 // Do the copy
1117 //
1118 RtlCopyMemory(PoolAddress, CurrentAddress, CurrentSize);
1119 }
1121 &HaveBadAddress,
1122 &BadAddress))
1123 {
1124 *ReturnSize = BufferSize - RemainingSize;
1125
1126 //
1127 // Check if we failed during the probe
1128 //
1129 if (FailedInProbe)
1130 {
1131 //
1132 // Exit
1133 //
1135 }
1136 else
1137 {
1138 //
1139 // We failed during the move.
1140 // Check if we know exactly where we stopped copying
1141 //
1142 if (HaveBadAddress)
1143 {
1144 //
1145 // Return the exact number of bytes copied
1146 //
1148 }
1149 //
1150 // Return partial copy
1151 //
1153 }
1154 }
1155 _SEH2_END
1156
1157 /* Let go of the source */
1159
1161 {
1163 }
1164
1165 /* Grab the target process */
1167
1168 _SEH2_TRY
1169 {
1170 //
1171 // Check if this is our first time through
1172 //
1174 {
1175 //
1176 // Catch a failure here
1177 //
1178 FailedInProbe = TRUE;
1179
1180 //
1181 // Do the probe
1182 //
1184
1185 //
1186 // Passed
1187 //
1188 FailedInProbe = FALSE;
1189 }
1190
1191 //
1192 // Now do the actual move
1193 //
1194 RtlCopyMemory(CurrentTargetAddress, PoolAddress, CurrentSize);
1195 }
1197 &HaveBadAddress,
1198 &BadAddress))
1199 {
1200 *ReturnSize = BufferSize - RemainingSize;
1201 //
1202 // Check if we failed during the probe
1203 //
1204 if (FailedInProbe)
1205 {
1206 //
1207 // Exit
1208 //
1210 }
1211 else
1212 {
1213 //
1214 // Otherwise we failed during the move.
1215 // Check if we know exactly where we stopped copying
1216 //
1217 if (HaveBadAddress)
1218 {
1219 //
1220 // Return the exact number of bytes copied
1221 //
1223 }
1224 //
1225 // Return partial copy
1226 //
1228 }
1229 }
1230 _SEH2_END;
1231
1232 //
1233 // Detach from target
1234 //
1236
1237 //
1238 // Check for SEH status
1239 //
1241 {
1243 }
1244
1245 //
1246 // Update location and size
1247 //
1248 RemainingSize -= CurrentSize;
1251 CurrentSize);
1252 }
1253
1254Exit:
1255 //
1256 // Check if we had allocated pool
1257 //
1258 if (HavePoolAddress)
1260
1261 //
1262 // All bytes read
1263 //
1265 *ReturnSize = BufferSize;
1267}
Referenced by MmCopyVirtualMemory().
◆ MiFlushTbAndCapture()
| VOID NTAPI MiFlushTbAndCapture | ( | IN PMMVAD | FoundVad, |
| IN PMMPTE | PointerPte, | ||
| IN ULONG | ProtectionMask, | ||
| IN PMMPFN | Pfn1, | ||
| IN BOOLEAN | CaptureDirtyBit | ||
| ) |
Definition at line 1821 of file section.c.
1826{
1830
1831 //
1832 // User for sanity checking later on
1833 //
1834 PreviousPte = *PointerPte;
1835
1836 //
1837 // Build the PTE and acquire the PFN lock
1838 //
1840 PointerPte,
1841 ProtectionMask,
1843 OldIrql = MiAcquirePfnLock();
1844
1845 //
1846 // We don't support I/O mappings in this path yet
1847 //
1850
1851 //
1852 // Make sure new protection mask doesn't get in conflict and fix it if it does
1853 //
1855 {
1856 //
1857 // This is a cached PFN
1858 //
1860 {
1861 RebuildPte = TRUE;
1863 }
1864 }
1866 {
1867 //
1868 // This is a non-cached PFN
1869 //
1871 {
1872 RebuildPte = TRUE;
1873 ProtectionMask &= ~MM_NOACCESS;
1874 ProtectionMask |= MM_NOCACHE;
1875 }
1876 }
1877
1878 if (RebuildPte)
1879 {
1881 PointerPte,
1882 ProtectionMask,
1884 }
1885
1886 //
1887 // Write the new PTE, making sure we are only changing the bits
1888 //
1890
1891 //
1892 // Flush the TLB
1893 //
1895 KeFlushCurrentTb();
1897
1898 //
1899 // Windows updates the relevant PFN1 information, we currently don't.
1900 //
1902 {
1903 if (!Pfn1->u3.e1.Modified)
1904 {
1906 }
1907 }
1908
1909 //
1910 // Not supported in ARM3
1911 //
1913
1914 //
1915 // Release the PFN lock, we are done
1916 //
1917 MiReleasePfnLock(OldIrql);
1918}
FORCEINLINE VOID MI_MAKE_HARDWARE_PTE_USER(IN PMMPTE NewPte, IN PMMPTE MappingPte, IN ULONG_PTR ProtectionMask, IN PFN_NUMBER PageFrameNumber)
Definition: miarm.h:831
FORCEINLINE VOID MI_UPDATE_VALID_PTE(IN PMMPTE PointerPte, IN MMPTE TempPte)
Definition: miarm.h:981
Referenced by MiProtectVirtualMemory().
◆ MiGetExceptionInfo()
| LONG MiGetExceptionInfo | ( | IN PEXCEPTION_POINTERS | ExceptionInfo, |
| OUT PBOOLEAN | HaveBadAddress, | ||
| OUT PULONG_PTR | BadAddress | ||
| ) |
Definition at line 750 of file virtual.c.
753{
754 PEXCEPTION_RECORD ExceptionRecord;
755 PAGED_CODE();
756
757 //
758 // Assume default
759 //
760 *HaveBadAddress = FALSE;
761
762 //
763 // Get the exception record
764 //
765 ExceptionRecord = ExceptionInfo->ExceptionRecord;
766
767 //
768 // Look at the exception code
769 //
773 {
774 //
775 // We can tell the address if we have more than one parameter
776 //
778 {
779 //
780 // Return the address
781 //
782 *HaveBadAddress = TRUE;
783 *BadAddress = ExceptionRecord->ExceptionInformation[1];
784 }
785 }
786
787 //
788 // Continue executing the next handler
789 //
791}
Definition: compat.h:207
struct _EXCEPTION_RECORD * ExceptionRecord
Definition: compat.h:210
ULONG_PTR ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS]
Definition: compat.h:213
Referenced by MiDoMappedCopy(), and MiDoPoolCopy().
◆ MiGetPageProtection()
Definition at line 1361 of file virtual.c.
1362{
1364 PMMPFN Pfn;
1365 PEPROCESS CurrentProcess;
1366 PETHREAD CurrentThread;
1367 BOOLEAN WsSafe, WsShared;
1370 PAGED_CODE();
1371
1372 /* Copy this PTE's contents */
1373 TempPte = *PointerPte;
1374
1375 /* Assure it's not totally zero */
1377
1378 /* Check for a special prototype format */
1380 (TempPte.u.Soft.Prototype == 1))
1381 {
1382 /* Check if the prototype PTE is not yet pointing to a PTE */
1384 {
1385 /* The prototype PTE contains the protection */
1387 }
1388
1389 /* Get a pointer to the underlying shared PTE */
1391
1392 /* Since the PTE we want to read can be paged out at any time, we need
1393 to release the working set lock first, so that it can be paged in */
1394 CurrentThread = PsGetCurrentThread();
1395 CurrentProcess = PsGetCurrentProcess();
1396 MiUnlockProcessWorkingSetForFault(CurrentProcess,
1397 CurrentThread,
1398 &WsSafe,
1399 &WsShared);
1400
1401 /* Now read the PTE value */
1402 TempPte = *PointerPte;
1403
1404 /* Check if that one is invalid */
1406 {
1407 /* We get the protection directly from this PTE */
1409 }
1410 else
1411 {
1412 /* The PTE is valid, so we might need to get the protection from
1413 the PFN. Lock the PFN database */
1414 OldIrql = MiAcquirePfnLock();
1415
1416 /* Check if the PDE is still valid */
1418 {
1419 /* It's not, make it valid */
1421 }
1422
1423 /* Now it's safe to read the PTE value again */
1424 TempPte = *PointerPte;
1426
1427 /* Check again if the PTE is invalid */
1429 {
1430 /* The PTE is not valid, so we can use it's protection field */
1432 }
1433 else
1434 {
1435 /* The PTE is valid, so we can find the protection in the
1436 OriginalPte field of the PFN */
1439 }
1440
1441 /* Release the PFN database */
1442 MiReleasePfnLock(OldIrql);
1443 }
1444
1445 /* Lock the working set again */
1446 MiLockProcessWorkingSetForFault(CurrentProcess,
1447 CurrentThread,
1448 WsSafe,
1449 WsShared);
1450
1452 }
1453
1454 /* In the easy case of transition or demand zero PTE just return its protection */
1456
1457 /* If we get here, the PTE is valid, so look up the page in PFN database */
1460 {
1461 /* Return protection of the original pte */
1464 }
1465
1466 /* This is software PTE */
1472}
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble * u
Definition: glfuncs.h:240
FORCEINLINE VOID MiUnlockProcessWorkingSetForFault(IN PEPROCESS Process, IN PETHREAD Thread, OUT PBOOLEAN Safe, OUT PBOOLEAN Shared)
Definition: miarm.h:1471
FORCEINLINE VOID MiLockProcessWorkingSetForFault(IN PEPROCESS Process, IN PETHREAD Thread, IN BOOLEAN Safe, IN BOOLEAN Shared)
Definition: miarm.h:1504
ULONG NTAPI MiMakeSystemAddressValidPfn(IN PVOID VirtualAddress, IN KIRQL OldIrql)
Definition: virtual.c:235
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG _In_ ULONG Protect
Definition: zwfuncs.h:221
Referenced by MiProtectVirtualMemory(), MiQueryAddressState(), and NtAllocateVirtualMemory().
◆ MiIsEntireRangeCommitted()
| BOOLEAN NTAPI MiIsEntireRangeCommitted | ( | IN ULONG_PTR | StartingAddress, |
| IN ULONG_PTR | EndingAddress, | ||
| IN PMMVAD | Vad, | ||
| IN PEPROCESS | Process | ||
| ) |
Definition at line 2004 of file virtual.c.
2008{
2009 PMMPTE PointerPte, LastPte;
2010 PMMPDE PointerPde;
2012#if _MI_PAGING_LEVELS >= 3
2013 PMMPPE PointerPpe;
2015#if _MI_PAGING_LEVELS == 4
2016 PMMPXE PointerPxe;
2018#endif
2019#endif
2020
2021 PAGED_CODE();
2022
2023 /* Check that we hols the right locks */
2024 ASSERT(PsGetCurrentThread()->OwnsProcessWorkingSetExclusive || PsGetCurrentThread()->OwnsProcessWorkingSetShared);
2025
2026 /* Get the PTE addresses */
2027 PointerPte = MiAddressToPte(StartingAddress);
2028 LastPte = MiAddressToPte(EndingAddress);
2029
2030 /* Loop all the PTEs */
2031 while (PointerPte <= LastPte)
2032 {
2033#if _MI_PAGING_LEVELS == 4
2034 /* Check for new PXE boundary */
2035 if (OnPxeBoundary)
2036 {
2037 PointerPxe = MiPteToPxe(PointerPte);
2038
2039 /* Check that this loop is sane */
2040 ASSERT(OnPpeBoundary);
2041 ASSERT(OnPdeBoundary);
2042
2044 {
2045 /* Make it valid if needed */
2048 }
2049 else
2050 {
2051 /* Is the entire VAD committed? If not, fail */
2053
2054 PointerPxe++;
2055 PointerPte = MiPxeToPte(PointerPte);
2056 continue;
2057 }
2058 }
2059#endif
2060
2061#if _MI_PAGING_LEVELS >= 3
2062 /* Check for new PPE boundary */
2063 if (OnPpeBoundary)
2064 {
2065 PointerPpe = MiPteToPpe(PointerPte);
2066
2067 /* Check that this loop is sane */
2068 ASSERT(OnPdeBoundary);
2069
2071 {
2072 /* Make it valid if needed */
2075 }
2076 else
2077 {
2078 /* Is the entire VAD committed? If not, fail */
2080
2081 PointerPpe++;
2082 PointerPte = MiPpeToPte(PointerPpe);
2083#if _MI_PAGING_LEVELS == 4
2084 OnPxeBoundary = MiIsPteOnPxeBoundary(PointerPte);
2085#endif
2086 continue;
2087 }
2088 }
2089#endif
2090 /* Check if we've hit a new PDE boundary */
2091 if (OnPdeBoundary)
2092 {
2093 /* Is this PDE demand zero? */
2094 PointerPde = MiPteToPde(PointerPte);
2096 {
2097 /* It isn't -- is it valid? */
2099 {
2100 /* Nope, fault it in */
2102 }
2103 }
2104 else
2105 {
2106 /* Is the entire VAD committed? If not, fail */
2108
2109 /* The PTE was already valid, so move to the next one */
2110 PointerPde++;
2111 PointerPte = MiPdeToPte(PointerPde);
2112#if _MI_PAGING_LEVELS >= 3
2113 OnPpeBoundary = MiIsPteOnPpeBoundary(PointerPte);
2114#if _MI_PAGING_LEVELS == 4
2115 OnPxeBoundary = MiIsPteOnPxeBoundary(PointerPte);
2116#endif
2117#endif
2118
2119 /* New loop iteration with our new, on-boundary PTE. */
2120 continue;
2121 }
2122 }
2123
2124 /* Is the PTE demand zero? */
2126 {
2127 /* Is the entire VAD committed? If not, fail */
2129 }
2130 else
2131 {
2132 /* It isn't -- is it a decommited, invalid, or faulted PTE? */
2137 {
2138 /* Then part of the range is decommitted, so fail */
2140 }
2141 }
2142
2143 /* Move to the next PTE */
2144 PointerPte++;
2145 OnPdeBoundary = MiIsPteOnPdeBoundary(PointerPte);
2146#if _MI_PAGING_LEVELS >= 3
2147 OnPpeBoundary = MiIsPteOnPpeBoundary(PointerPte);
2148#if _MI_PAGING_LEVELS == 4
2149 OnPxeBoundary = MiIsPteOnPxeBoundary(PointerPte);
2150#endif
2151#endif
2152 }
2153
2154 /* All PTEs seem valid, and no VAD checks failed, the range is okay */
2156}
Referenced by MiProtectVirtualMemory().
◆ MiLockVirtualMemory()
|
static |
Definition at line 3346 of file virtual.c.
3350{
3351 PEPROCESS CurrentProcess;
3353 PVOID CurrentVa, EndAddress;
3354 PMMPTE PointerPte, LastPte;
3355 PMMPDE PointerPde;
3356#if (_MI_PAGING_LEVELS >= 3)
3357 PMMPDE PointerPpe;
3358#endif
3359#if (_MI_PAGING_LEVELS == 4)
3360 PMMPDE PointerPxe;
3361#endif
3362 PMMPFN Pfn1;
3364
3365 /* Lock the address space */
3368
3369 /* Make sure we still have an address space */
3370 CurrentProcess = PsGetCurrentProcess();
3372 {
3375 }
3376
3377 /* Check the VADs in the requested range */
3380 {
3382 }
3383
3384 /* Enter SEH for probing */
3385 _SEH2_TRY
3386 {
3387 /* Loop all pages and probe them */
3388 CurrentVa = *BaseAddress;
3389 while (CurrentVa < EndAddress)
3390 {
3393 }
3394 }
3396 {
3399 }
3400 _SEH2_END;
3401
3402 /* All pages were accessible, since we hold the address space lock, nothing
3403 can be de-committed. Assume success for now. */
3405
3406 /* Get the PTE and PDE */
3409#if (_MI_PAGING_LEVELS >= 3)
3411#endif
3412#if (_MI_PAGING_LEVELS == 4)
3414#endif
3415
3416 /* Get the last PTE */
3418
3419 /* Lock the process working set */
3421
3422 /* Loop the pages */
3423 do
3424 {
3425 /* Check for a page that is not accessible */
3426 while (
3429#endif
3432#endif
3435 {
3436 /* Release process working set */
3438
3439 /* Access the page */
3440 CurrentVa = MiPteToAddress(PointerPte);
3441
3442 //HACK: Pass a placeholder TrapInformation so the fault handler knows we're unlocked
3443 TempStatus = MmAccessFault(TRUE, CurrentVa, KernelMode, (PVOID)(ULONG_PTR)0xBADBADA3BADBADA3ULL);
3445 {
3446 // This should only happen, when remote backing storage is not accessible
3448 Status = TempStatus;
3450 }
3451
3452 /* Lock the process working set */
3454 }
3455
3456 /* Get the PFN */
3459
3460 /* Check the previous lock status */
3462 {
3464 }
3465
3466 /* Lock it */
3467 MI_LOCK_VA(Pfn1, MapType);
3468
3469 /* Go to the next PTE */
3470 PointerPte++;
3471
3472 /* Check if we're on a PDE boundary */
3474#if (_MI_PAGING_LEVELS >= 3)
3476#endif
3477#if (_MI_PAGING_LEVELS == 4)
3479#endif
3480 } while (PointerPte <= LastPte);
3481
3482 /* Release process working set */
3484
3485Cleanup:
3486 /* Unlock address space */
3488
3490}
FORCEINLINE VOID MiUnlockProcessWorkingSet(IN PEPROCESS Process, IN PETHREAD Thread)
Definition: miarm.h:1197
FORCEINLINE VOID MiLockProcessWorkingSet(IN PEPROCESS Process, IN PETHREAD Thread)
Definition: miarm.h:1127
FORCEINLINE VOID MmUnlockAddressSpace(PMMSUPPORT AddressSpace)
Definition: mm.h:1707
NTSTATUS NTAPI MmAccessFault(IN ULONG FaultCode, IN PVOID Address, IN KPROCESSOR_MODE Mode, IN PVOID TrapInformation)
Definition: mmfault.c:220
static NTSTATUS MiCheckVadsForLockOperation(_Inout_ PVOID *BaseAddress, _Inout_ PSIZE_T RegionSize, _Inout_ PVOID *EndAddress)
Definition: virtual.c:3301
FORCEINLINE BOOLEAN MI_IS_LOCKED_VA(PMMPFN Pfn1, ULONG LockType)
Definition: virtual.c:3242
Definition: mmtypes.h:923
Referenced by NtLockVirtualMemory(), and RunTest().
◆ MiMakePdeExistAndMakeValid()
| VOID NTAPI MiMakePdeExistAndMakeValid | ( | IN PMMPDE | PointerPde, |
| IN PEPROCESS | TargetProcess, | ||
| IN KIRQL | OldIrql | ||
| ) |
Definition at line 2446 of file virtual.c.
2449{
2450 PMMPTE PointerPte;
2451#if _MI_PAGING_LEVELS >= 3
2453#if _MI_PAGING_LEVELS == 4
2455#endif
2456#endif
2457
2458 //
2459 // Sanity checks. The latter is because we only use this function with the
2460 // PFN lock not held, so it may go away in the future.
2461 //
2464
2465 //
2466 // If everything is already valid, there is nothing to do.
2467 //
2468 if (
2471#endif
2474#endif
2475 (PointerPde->u.Hard.Valid))
2476 {
2477 return;
2478 }
2479
2480 //
2481 // At least something is invalid, so begin by getting the PTE for the PDE itself
2482 // and then lookup each additional level. We must do it in this precise order
2483 // because the pagfault.c code (as well as in Windows) depends that the next
2484 // level up (higher) must be valid when faulting a lower level
2485 //
2486 PointerPte = MiPteToAddress(PointerPde);
2487 do
2488 {
2489 //
2490 // Make sure APCs continued to be disabled
2491 //
2493
2494#if _MI_PAGING_LEVELS == 4
2495 //
2496 // First, make the PXE valid if needed
2497 //
2499 {
2500 MiMakeSystemAddressValid(PointerPpe, TargetProcess);
2502 }
2503#endif
2504
2505#if _MI_PAGING_LEVELS >= 3
2506 //
2507 // Next, the PPE
2508 //
2510 {
2511 MiMakeSystemAddressValid(PointerPde, TargetProcess);
2513 }
2514#endif
2515
2516 //
2517 // And finally, make the PDE itself valid.
2518 //
2519 MiMakeSystemAddressValid(PointerPte, TargetProcess);
2520
2521 /* Do not increment Page table refcount here for the PDE, this must be managed by caller */
2522
2523 //
2524 // This should've worked the first time so the loop is really just for
2525 // show -- ASSERT that we're actually NOT going to be looping.
2526 //
2527 ASSERT(PointerPde->u.Hard.Valid == 1);
2528 } while (
2531#endif
2534#endif
2535 !PointerPde->u.Hard.Valid);
2536}
Referenced by _Success_(), MiDecommitPages(), MiMapLockedPagesInUserSpace(), MiProtectVirtualMemory(), MmCreatePageFileMapping(), MmCreateVirtualMappingUnsafeEx(), MmDeletePageFileMapping(), MmGetPageFileMapping(), MmGetPageProtect(), MmGetPfnForProcess(), MmIsDisabledPage(), MmIsPagePresent(), MmIsPageSwapEntry(), MmSetDirtyBit(), MmSetPageProtect(), and NtAllocateVirtualMemory().
◆ MiMakeSystemAddressValid()
| ULONG NTAPI MiMakeSystemAddressValid | ( | IN PVOID | PageTableVirtualAddress, |
| IN PEPROCESS | CurrentProcess | ||
| ) |
Definition at line 183 of file virtual.c.
185{
189
190 /* Must be a non-pool page table, since those are double-mapped already */
193 (PageTableVirtualAddress > MmPagedPoolEnd));
194
195 /* Working set lock or PFN lock should be held */
197
198 /* Check if the page table is valid */
200 {
201 /* Release the working set lock */
202 MiUnlockProcessWorkingSetForFault(CurrentProcess,
203 CurrentThread,
204 &WsSafe,
205 &WsShared);
206
207 /* Fault it in */
210 {
211 /* This should not fail */
212 KeBugCheckEx(KERNEL_DATA_INPAGE_ERROR,
213 1,
214 Status,
215 (ULONG_PTR)CurrentProcess,
216 (ULONG_PTR)PageTableVirtualAddress);
217 }
218
219 /* Lock the working set again */
220 MiLockProcessWorkingSetForFault(CurrentProcess,
221 CurrentThread,
222 WsSafe,
223 WsShared);
224
225 /* This flag will be useful later when we do better locking */
226 LockChange = TRUE;
227 }
228
229 /* Let caller know what the lock state is */
230 return LockChange;
231}
Referenced by MiCalculatePageCommitment(), MiDeleteVirtualAddresses(), MiIsEntireRangeCommitted(), MiIsPageTablePresent(), MiMakePdeExistAndMakeValid(), and MiQueryAddressState().
◆ MiMakeSystemAddressValidPfn()
Definition at line 235 of file virtual.c.
237{
240
241 /* Must be e kernel address */
243
244 /* Check if the page is valid */
246 {
247 /* Release the PFN database */
248 MiReleasePfnLock(OldIrql);
249
250 /* Fault it in */
253 {
254 /* This should not fail */
255 KeBugCheckEx(KERNEL_DATA_INPAGE_ERROR,
256 3,
257 Status,
258 0,
260 }
261
262 /* This flag will be useful later when we do better locking */
263 LockChange = TRUE;
264
265 /* Lock the PFN database */
266 OldIrql = MiAcquirePfnLock();
267 }
268
269 /* Let caller know what the lock state is */
270 return LockChange;
271}
Referenced by MiGetPageProtection(), and MiSegmentDelete().
◆ MiProcessValidPteList()
Definition at line 2540 of file virtual.c.
2542{
2546 PFN_NUMBER PageFrameIndex;
2547 PMMPFN Pfn1, Pfn2;
2548
2549 //
2550 // Acquire the PFN lock and loop all the PTEs in the list
2551 //
2552 OldIrql = MiAcquirePfnLock();
2554 {
2555 //
2556 // The PTE must currently be valid
2557 //
2560
2561 //
2562 // Get the PFN entry for the page itself, and then for its page table
2563 //
2565 Pfn1 = MiGetPfnEntry(PageFrameIndex);
2567
2568 //
2569 // Decrement the share count on the page table, and then on the page
2570 // itself
2571 //
2573 MI_SET_PFN_DELETED(Pfn1);
2574 MiDecrementShareCount(Pfn1, PageFrameIndex);
2575
2576 //
2577 // Make the page decommitted
2578 //
2580 }
2581
2582 //
2583 // All the PTEs have been dereferenced and made invalid, flush the TLB now
2584 // and then release the PFN lock
2585 //
2586 KeFlushCurrentTb();
2587 MiReleasePfnLock(OldIrql);
2588}
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
Referenced by MiDecommitPages().
◆ MiProtectVirtualMemory()
| NTSTATUS NTAPI MiProtectVirtualMemory | ( | IN PEPROCESS | Process, |
| IN OUT PVOID * | BaseAddress, | ||
| IN OUT PSIZE_T | NumberOfBytesToProtect, | ||
| IN ULONG | NewAccessProtection, | ||
| OUT PULONG OldAccessProtection | OPTIONAL | ||
| ) |
Definition at line 2160 of file virtual.c.
2165{
2166 PMMVAD Vad;
2168 ULONG_PTR StartingAddress, EndingAddress;
2169 PMMPTE PointerPte, LastPte;
2170 PMMPDE PointerPde;
2171 MMPTE PteContents;
2172 PMMPFN Pfn1;
2173 ULONG ProtectionMask, OldProtect;
2174 BOOLEAN Committed;
2178
2179 /* We must be attached */
2181
2182 /* Calculate base address for the VAD */
2185
2186 /* Calculate the protection mask and make sure it's valid */
2187 ProtectionMask = MiMakeProtectionMask(NewAccessProtection);
2189 {
2192 }
2193
2194 /* Lock the address space and make sure the process isn't already dead */
2198 {
2201 goto FailPath;
2202 }
2203
2204 /* Get the VAD for this address range, and make sure it exists */
2206 EndingAddress >> PAGE_SHIFT,
2207 &Process->VadRoot,
2208 (PMMADDRESS_NODE*)&Vad);
2210 {
2213 goto FailPath;
2214 }
2215
2216 /* Check if this is a ROSMM VAD */
2218 {
2219 /* Not too shabby hack */
2221 *NumberOfBytesToProtect = PAGE_ROUND_UP((ULONG_PTR)(*BaseAddress) + (*NumberOfBytesToProtect)) - PAGE_ROUND_DOWN(*BaseAddress);
2224 (PMEMORY_AREA)Vad,
2225 *BaseAddress,
2226 *NumberOfBytesToProtect,
2227 NewAccessProtection,
2228 OldAccessProtection);
2231 }
2232
2233 /* Make sure the address is within this VAD's boundaries */
2236 {
2238 goto FailPath;
2239 }
2240
2241 /* These kinds of VADs are not supported atm */
2245 {
2248 goto FailPath;
2249 }
2250
2251 /* Check for a VAD whose protection can't be changed */
2253 {
2256 goto FailPath;
2257 }
2258
2259 /* Is this section, or private memory? */
2261 {
2262 /* Not yet supported */
2264 {
2267 goto FailPath;
2268 }
2269
2270 /* Rotate VADs are not yet supported */
2272 {
2275 goto FailPath;
2276 }
2277
2278 /* Not valid on section files */
2280 {
2281 /* Fail */
2284 goto FailPath;
2285 }
2286
2287 /* Check if data or page file mapping protection PTE is compatible */
2289 {
2290 /* Not yet */
2292 }
2293
2294 /* This is a section, and this is not yet supported */
2296 OldProtect = 0;
2297 }
2298 else
2299 {
2300 /* Private memory, check protection flags */
2302 (NewAccessProtection & PAGE_EXECUTE_WRITECOPY))
2303 {
2306 goto FailPath;
2307 }
2308
2309 /* Lock the working set */
2311
2312 /* Check if all pages in this range are committed */
2313 Committed = MiIsEntireRangeCommitted(StartingAddress,
2314 EndingAddress,
2315 Vad,
2316 Process);
2317 if (!Committed)
2318 {
2319 /* Fail */
2323 goto FailPath;
2324 }
2325
2326 /* Compute starting and ending PTE and PDE addresses */
2327 PointerPde = MiAddressToPde(StartingAddress);
2328 PointerPte = MiAddressToPte(StartingAddress);
2329 LastPte = MiAddressToPte(EndingAddress);
2330
2331 /* Make this PDE valid */
2333
2334 /* Save protection of the first page */
2336 {
2337 /* Capture the page protection and make the PDE valid */
2338 OldProtect = MiGetPageProtection(PointerPte);
2340 }
2341 else
2342 {
2343 /* Grab the old protection from the VAD itself */
2345 }
2346
2347 /* Loop all the PTEs now */
2348 while (PointerPte <= LastPte)
2349 {
2350 /* Check if we've crossed a PDE boundary and make the new PDE valid too */
2352 {
2353 PointerPde = MiPteToPde(PointerPte);
2355 }
2356
2357 /* Capture the PTE and check if it was empty */
2358 PteContents = *PointerPte;
2360 {
2361 /* This used to be a zero PTE and it no longer is, so we must add a
2362 reference to the pagetable. */
2364 }
2365
2366 /* Check what kind of PTE we are dealing with */
2368 {
2369 /* Get the PFN entry */
2371
2372 /* We don't support this yet */
2374
2375 /* Check if the page should not be accessible at all */
2377 (NewAccessProtection & PAGE_GUARD))
2378 {
2380
2381 /* Mark the PTE as transition and change its protection */
2385 /* Decrease PFN share count and write the PTE */
2387 // FIXME: remove the page from the WS
2388 MI_WRITE_INVALID_PTE(PointerPte, PteContents);
2389#ifdef CONFIG_SMP
2390 // FIXME: Should invalidate entry in every CPU TLB
2392#endif
2394
2395 /* We are done for this PTE */
2396 MiReleasePfnLock(OldIrql);
2397 }
2398 else
2399 {
2400 /* Write the protection mask and write it with a TLB flush */
2402 MiFlushTbAndCapture(Vad,
2403 PointerPte,
2404 ProtectionMask,
2405 Pfn1,
2406 TRUE);
2407 }
2408 }
2409 else
2410 {
2411 /* We don't support these cases yet */
2413 //ASSERT(PteContents.u.Soft.Transition == 0);
2414
2415 /* The PTE is already demand-zero, just update the protection mask */
2417 MI_WRITE_INVALID_PTE(PointerPte, PteContents);
2419 }
2420
2421 /* Move to the next PTE */
2422 PointerPte++;
2423 }
2424
2425 /* Unlock the working set */
2427 }
2428
2429 /* Unlock the address space */
2431
2432 /* Return parameters and success */
2433 *NumberOfBytesToProtect = EndingAddress - StartingAddress + 1;
2435 *OldAccessProtection = OldProtect;
2437
2438FailPath:
2439 /* Unlock the address space and return the failure code */
2442}
TABLE_SEARCH_RESULT NTAPI MiCheckForConflictingNode(IN ULONG_PTR StartVpn, IN ULONG_PTR EndVpn, IN PMM_AVL_TABLE Table, OUT PMMADDRESS_NODE *NodeOrParent)
Definition: vadnode.c:157
NTSTATUS NTAPI MmProtectSectionView(PMMSUPPORT AddressSpace, PMEMORY_AREA MemoryArea, PVOID BaseAddress, SIZE_T Length, ULONG Protect, PULONG OldProtect)
Definition: section.c:2087
VOID NTAPI MiFlushTbAndCapture(IN PMMVAD FoundVad, IN PMMPTE PointerPte, IN ULONG ProtectionMask, IN PMMPFN Pfn1, IN BOOLEAN CaptureDirtyBit)
Definition: section.c:1821
BOOLEAN NTAPI MiIsEntireRangeCommitted(IN ULONG_PTR StartingAddress, IN ULONG_PTR EndingAddress, IN PMMVAD Vad, IN PEPROCESS Process)
Definition: virtual.c:2004
union _CONTROL_AREA::@2796 u
Definition: mm.h:253
Definition: mmtypes.h:645
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
Referenced by CcPreparePinWrite(), CcpUnpinData(), NtAllocateVirtualMemory(), and NtProtectVirtualMemory().
◆ MiQueryAddressState()
| ULONG NTAPI MiQueryAddressState | ( | IN PVOID | Va, |
| IN PMMVAD | Vad, | ||
| IN PEPROCESS | TargetProcess, | ||
| OUT PULONG | ReturnedProtect, | ||
| OUT PVOID * | NextVa | ||
| ) |
Definition at line 1476 of file virtual.c.
1481{
1482
1483 PMMPTE PointerPte, ProtoPte;
1484 PMMPDE PointerPde;
1485#if (_MI_PAGING_LEVELS >= 3)
1486 PMMPPE PointerPpe;
1487#endif
1488#if (_MI_PAGING_LEVELS >= 4)
1489 PMMPXE PointerPxe;
1490#endif
1496
1497 /* Only normal VADs supported */
1499
1500 /* Get the PDE and PTE for the address */
1501 PointerPde = MiAddressToPde(Va);
1502 PointerPte = MiAddressToPte(Va);
1503#if (_MI_PAGING_LEVELS >= 3)
1504 PointerPpe = MiAddressToPpe(Va);
1505#endif
1506#if (_MI_PAGING_LEVELS >= 4)
1507 PointerPxe = MiAddressToPxe(Va);
1508#endif
1509
1510 /* Return the next range */
1512
1513 do
1514 {
1515#if (_MI_PAGING_LEVELS >= 4)
1516 /* Does the PXE exist? */
1518 {
1519 /* It does not, next range starts at the next PXE */
1520 *NextVa = MiPxeToAddress(PointerPxe + 1);
1521 break;
1522 }
1523
1524 /* Is the PXE valid? */
1526 {
1527 /* Is isn't, fault it in (make the PPE accessible) */
1528 MiMakeSystemAddressValid(PointerPpe, TargetProcess);
1529 }
1530#endif
1531#if (_MI_PAGING_LEVELS >= 3)
1532 /* Does the PPE exist? */
1534 {
1535 /* It does not, next range starts at the next PPE */
1536 *NextVa = MiPpeToAddress(PointerPpe + 1);
1537 break;
1538 }
1539
1540 /* Is the PPE valid? */
1542 {
1543 /* Is isn't, fault it in (make the PDE accessible) */
1544 MiMakeSystemAddressValid(PointerPde, TargetProcess);
1545 }
1546#endif
1547
1548 /* Does the PDE exist? */
1550 {
1551 /* It does not, next range starts at the next PDE */
1552 *NextVa = MiPdeToAddress(PointerPde + 1);
1553 break;
1554 }
1555
1556 /* Is the PDE valid? */
1558 {
1559 /* Is isn't, fault it in (make the PTE accessible) */
1560 MiMakeSystemAddressValid(PointerPte, TargetProcess);
1561 }
1562
1563 /* We have a PTE that we can access now! */
1564 ValidPte = TRUE;
1565
1567
1568 /* Is it safe to try reading the PTE? */
1569 if (ValidPte)
1570 {
1571 /* FIXME: watch out for large pages */
1573
1574 /* Capture the PTE */
1575 TempPte = *PointerPte;
1577 {
1578 /* The PTE is valid, so it's not zeroed out */
1580
1581 /* Is it a decommited, invalid, or faulted PTE? */
1584 ((TempPte.u.Soft.Prototype == 0) ||
1586 {
1587 /* Otherwise our defaults should hold */
1590 }
1591 else
1592 {
1593 /* This means it's committed */
1595
1596 /* We don't support these */
1600
1601 /* Get protection state of this page */
1603
1604 /* Check if this is an image-backed VAD */
1606 (TempPte.u.Soft.Prototype == 1) &&
1607 (Vad->u.VadFlags.PrivateMemory == 0) &&
1608 (Vad->ControlArea))
1609 {
1612 }
1613 }
1614 }
1615 }
1616
1617 /* Check if this was a demand-zero PTE, since we need to find the state */
1619 {
1620 /* Not yet handled */
1623
1624 /* Check if this is private commited memory, or an section-backed VAD */
1625 if ((Vad->u.VadFlags.PrivateMemory == 0) && (Vad->ControlArea))
1626 {
1627 /* Tell caller about the next range */
1629
1630 /* Get the prototype PTE for this VAD */
1631 ProtoPte = MI_GET_PROTOTYPE_PTE_FOR_VPN(Vad,
1633 if (ProtoPte)
1634 {
1635 /* We should unlock the working set, but it's not being held! */
1636
1637 /* Is the prototype PTE actually valid (committed)? */
1638 TempProtoPte = *ProtoPte;
1640 {
1641 /* Unless this is a memory-mapped file, handle it like private VAD */
1645 }
1646
1647 /* We should re-lock the working set */
1648 }
1649 }
1650 else if (Vad->u.VadFlags.MemCommit)
1651 {
1652 /* This is committed memory */
1654
1655 /* Convert the protection */
1657 }
1658 }
1659
1660 /* Return the protection code */
1661 *ReturnedProtect = Protect;
1663}
Definition: stack_allocator.h:18
Referenced by MiQueryMemoryBasicInformation().
◆ MiQueryMemoryBasicInformation()
| NTSTATUS NTAPI MiQueryMemoryBasicInformation | ( | IN HANDLE | ProcessHandle, |
| IN PVOID | BaseAddress, | ||
| OUT PVOID | MemoryInformation, | ||
| IN SIZE_T | MemoryInformationLength, | ||
| OUT PSIZE_T | ReturnLength | ||
| ) |
Definition at line 1667 of file virtual.c.
1672{
1673 PEPROCESS TargetProcess;
1679 ULONG_PTR BaseVpn;
1680 MEMORY_BASIC_INFORMATION MemoryInfo;
1684
1685 /* Check for illegal addresses in user-space, or the shared memory area */
1688 {
1690
1691 /* Make up an info structure describing this range */
1695
1696 /* Special case for shared data */
1698 {
1703 }
1704 else
1705 {
1710 }
1711
1712 /* Return the data, NtQueryInformation already probed it*/
1714 {
1715 _SEH2_TRY
1716 {
1717 *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
1719 }
1721 {
1723 }
1724 _SEH2_END;
1725 }
1726 else
1727 {
1728 *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
1730 }
1731
1733 }
1734
1735 /* Check if this is for a local or remote process */
1737 {
1738 TargetProcess = PsGetCurrentProcess();
1739 }
1740 else
1741 {
1742 /* Reference the target process */
1745 PsProcessType,
1746 ExGetPreviousMode(),
1747 (PVOID*)&TargetProcess,
1748 NULL);
1750
1751 /* Attach to it now */
1753 }
1754
1755 /* Lock the address space and make sure the process isn't already dead */
1758 {
1759 /* Unlock the address space of the process */
1761
1762 /* Check if we were attached */
1764 {
1765 /* Detach and dereference the process */
1767 ObDereferenceObject(TargetProcess);
1768 }
1769
1770 /* Bail out */
1773 }
1774
1775 /* Loop the VADs */
1778 {
1779 /* Scan on the right */
1782 while (Vad)
1783 {
1784 /* Check if this VAD covers the allocation range */
1786 (BaseVpn <= Vad->EndingVpn))
1787 {
1788 /* We're done */
1790 break;
1791 }
1792
1793 /* Check if this VAD is too high */
1794 if (BaseVpn < Vad->StartingVpn)
1795 {
1796 /* Stop if there is no left child */
1798
1799 /* Search on the left next */
1800 Vad = Vad->LeftChild;
1801 }
1802 else
1803 {
1804 /* Then this VAD is too low, keep searching on the right */
1806
1807 /* Stop if there is no right child */
1809
1810 /* Search on the right next */
1811 Vad = Vad->RightChild;
1812 }
1813 }
1814 }
1815
1816 /* Was a VAD found? */
1818 {
1820
1821 /* Calculate region size */
1822 if (Vad)
1823 {
1825 {
1826 /* Region size is the free space till the start of that VAD */
1828 }
1829 else
1830 {
1831 /* Get the next VAD */
1833 if (Vad)
1834 {
1835 /* Region size is the free space till the start of that VAD */
1837 }
1838 else
1839 {
1840 /* Maximum possible region size with that base address */
1842 }
1843 }
1844 }
1845 else
1846 {
1847 /* Maximum possible region size with that base address */
1849 }
1850
1851 /* Unlock the address space of the process */
1853
1854 /* Check if we were attached */
1856 {
1857 /* Detach and dereference the process */
1859 ObDereferenceObject(TargetProcess);
1860 }
1861
1862 /* Build the rest of the initial information block */
1865 MemoryInfo.AllocationProtect = 0;
1868 MemoryInfo.Type = 0;
1869
1870 /* Return the data, NtQueryInformation already probed it*/
1872 {
1873 _SEH2_TRY
1874 {
1875 *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
1877 }
1879 {
1881 }
1882 _SEH2_END;
1883 }
1884 else
1885 {
1886 *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
1888 }
1889
1891 }
1892
1893 /* Set the correct memory type based on what kind of VAD this is */
1896 {
1898 }
1900 {
1902 }
1903 else
1904 {
1906 }
1907
1908 /* Check if this is a RosMM VAD */
1910 {
1914 {
1918 }
1919 }
1920 else
1921 {
1922 /* Build the initial information block */
1928
1929 /* Acquire the working set lock (shared is enough) */
1931
1932 /* Find the largest chunk of memory which has the same state and protection mask */
1934 Vad,
1935 TargetProcess,
1936 &MemoryInfo.Protect,
1937 &NextAddress);
1938 Address = NextAddress;
1940 {
1941 /* Keep going unless the state or protection mask changed */
1944 Address = NextAddress;
1945 }
1946
1947 /* Release the working set lock */
1949
1950 /* Check if we went outside of the VAD */
1952 {
1953 /* Set the end of the VAD as the end address */
1955 }
1956
1957 /* Now that we know the last VA address, calculate the region size */
1959 }
1960
1961 /* Unlock the address space of the process */
1963
1964 /* Check if we were attached */
1966 {
1967 /* Detach and dereference the process */
1969 ObDereferenceObject(TargetProcess);
1970 }
1971
1972 /* Return the data, NtQueryInformation already probed it */
1974 {
1975 _SEH2_TRY
1976 {
1977 *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
1979 }
1981 {
1983 }
1984 _SEH2_END;
1985 }
1986 else
1987 {
1988 *(PMEMORY_BASIC_INFORMATION)MemoryInformation = MemoryInfo;
1990 }
1991
1992 /* All went well */
1994 "State: %lx Type: %lx Size: %lx\n",
1998
2000}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
FORCEINLINE VOID MiLockProcessWorkingSetShared(IN PEPROCESS Process, IN PETHREAD Thread)
Definition: miarm.h:1149
FORCEINLINE VOID MiUnlockProcessWorkingSetShared(IN PEPROCESS Process, IN PETHREAD Thread)
Definition: miarm.h:1218
struct _MEMORY_BASIC_INFORMATION * PMEMORY_BASIC_INFORMATION
struct _MMVAD * PMMVAD
struct _MEMORY_BASIC_INFORMATION MEMORY_BASIC_INFORMATION
NTSTATUS NTAPI MmQuerySectionView(PMEMORY_AREA MemoryArea, PVOID Address, PMEMORY_BASIC_INFORMATION Info, PSIZE_T ResultLength)
Definition: section.c:2131
ULONG NTAPI MiQueryAddressState(IN PVOID Va, IN PMMVAD Vad, IN PEPROCESS TargetProcess, OUT PULONG ReturnedProtect, OUT PVOID *NextVa)
Definition: virtual.c:1476
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: mmtypes.h:971
ULONG_PTR NumberGenericTableElements
Definition: mmtypes.h:668
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3782
Referenced by NtQueryVirtualMemory().
◆ MiUnlockVirtualMemory()
|
static |
Definition at line 3665 of file virtual.c.
3669{
3670 PEPROCESS CurrentProcess;
3672 PVOID EndAddress;
3673 PMMPTE PointerPte, LastPte;
3674 PMMPDE PointerPde;
3675#if (_MI_PAGING_LEVELS >= 3)
3676 PMMPDE PointerPpe;
3677#endif
3678#if (_MI_PAGING_LEVELS == 4)
3679 PMMPDE PointerPxe;
3680#endif
3681 PMMPFN Pfn1;
3683
3684 /* Lock the address space */
3687
3688 /* Make sure we still have an address space */
3689 CurrentProcess = PsGetCurrentProcess();
3691 {
3694 }
3695
3696 /* Check the VADs in the requested range */
3698
3699 /* Note: only bail out, if we hit an area without a VAD. If we hit an
3700 incompatible VAD we continue, like Windows does */
3702 {
3705 }
3706
3707 /* Get the PTE and PDE */
3710#if (_MI_PAGING_LEVELS >= 3)
3712#endif
3713#if (_MI_PAGING_LEVELS == 4)
3715#endif
3716
3717 /* Get the last PTE */
3719
3720 /* Lock the process working set */
3722
3723 /* Loop the pages */
3724 do
3725 {
3726 /* Check for a page that is not present */
3727 if (
3730#endif
3733#endif
3736 {
3737 /* Remember it, but keep going */
3739 }
3740 else
3741 {
3742 /* Get the PFN */
3745
3746 /* Check if all of the requested locks are present */
3749 {
3750 /* Remember it, but keep going */
3752
3753 /* Check if no lock is present */
3755 {
3757 }
3758 }
3759 }
3760
3761 /* Go to the next PTE */
3762 PointerPte++;
3763
3764 /* Check if we're on a PDE boundary */
3766#if (_MI_PAGING_LEVELS >= 3)
3768#endif
3769#if (_MI_PAGING_LEVELS == 4)
3771#endif
3772 } while (PointerPte <= LastPte);
3773
3774 /* Check if we hit a page that was not locked */
3776 {
3777 goto CleanupWithWsLock;
3778 }
3779
3780 /* All pages in the region were locked, so unlock them all */
3781
3782 /* Get the PTE and PDE */
3785#if (_MI_PAGING_LEVELS >= 3)
3787#endif
3788#if (_MI_PAGING_LEVELS == 4)
3790#endif
3791
3792 /* Loop the pages */
3793 do
3794 {
3795 /* Unlock it */
3797 MI_UNLOCK_VA(Pfn1, MapType);
3798
3799 /* Go to the next PTE */
3800 PointerPte++;
3801
3802 /* Check if we're on a PDE boundary */
3804#if (_MI_PAGING_LEVELS >= 3)
3806#endif
3807#if (_MI_PAGING_LEVELS == 4)
3809#endif
3810 } while (PointerPte <= LastPte);
3811
3812 /* Everything is done */
3814
3815CleanupWithWsLock:
3816
3817 /* Release process working set */
3819
3820Cleanup:
3821 /* Unlock address space */
3823
3825}
Referenced by NtUnlockVirtualMemory().
◆ MmCopyVirtualMemory()
| NTSTATUS NTAPI MmCopyVirtualMemory | ( | IN PEPROCESS | SourceProcess, |
| IN PVOID | SourceAddress, | ||
| IN PEPROCESS | TargetProcess, | ||
| OUT PVOID | TargetAddress, | ||
| IN SIZE_T | BufferSize, | ||
| IN KPROCESSOR_MODE | PreviousMode, | ||
| OUT PSIZE_T | ReturnSize | ||
| ) |
Definition at line 1271 of file virtual.c.
1278{
1281
1282 //
1283 // Don't accept zero-sized buffers
1284 //
1286
1287 //
1288 // If we are copying from ourselves, lock the target instead
1289 //
1291
1292 //
1293 // Acquire rundown protection
1294 //
1296 {
1297 //
1298 // Fail
1299 //
1301 }
1302
1303 //
1304 // See if we should use the pool copy
1305 //
1307 {
1308 //
1309 // Use MDL-copy
1310 //
1312 SourceAddress,
1313 TargetProcess,
1314 TargetAddress,
1315 BufferSize,
1316 PreviousMode,
1317 ReturnSize);
1318 }
1319 else
1320 {
1321 //
1322 // Do pool copy
1323 //
1325 SourceAddress,
1326 TargetProcess,
1327 TargetAddress,
1328 BufferSize,
1329 PreviousMode,
1330 ReturnSize);
1331 }
1332
1333 //
1334 // Release the lock
1335 //
1338}
NTSTATUS NTAPI MiDoPoolCopy(IN PEPROCESS SourceProcess, IN PVOID SourceAddress, IN PEPROCESS TargetProcess, OUT PVOID TargetAddress, IN SIZE_T BufferSize, IN KPROCESSOR_MODE PreviousMode, OUT PSIZE_T ReturnSize)
Definition: virtual.c:1020
NTSTATUS NTAPI MiDoMappedCopy(IN PEPROCESS SourceProcess, IN PVOID SourceAddress, IN PEPROCESS TargetProcess, OUT PVOID TargetAddress, IN SIZE_T BufferSize, IN KPROCESSOR_MODE PreviousMode, OUT PSIZE_T ReturnSize)
Definition: virtual.c:795
Referenced by LpcpCopyRequestData(), NtReadVirtualMemory(), and NtWriteVirtualMemory().
◆ MmFlushVirtualMemory()
| NTSTATUS NTAPI MmFlushVirtualMemory | ( | IN PEPROCESS | Process, |
| IN OUT PVOID * | BaseAddress, | ||
| IN OUT PSIZE_T | RegionSize, | ||
| OUT PIO_STATUS_BLOCK | IoStatusBlock | ||
| ) |
Definition at line 1342 of file virtual.c.
1346{
1347 PAGED_CODE();
1348
1349 UNIMPLEMENTED;
1350
1351 // Report actual state.
1354
1355 // Pretend success.
1357}
Referenced by NtFlushVirtualMemory().
◆ MmGetPhysicalAddress()
| PHYSICAL_ADDRESS NTAPI MmGetPhysicalAddress | ( | PVOID | Address | ) |
Definition at line 5676 of file virtual.c.
5677{
5681
5682 /* Check if the PXE/PPE/PDE is valid */
5683 if (
5686#endif
5689#endif
5691 {
5692 /* Check for large pages */
5695 {
5696 /* Physical address is base page + large page offset */
5700 }
5701
5702 /* Check if the PTE is valid */
5705 {
5706 /* Physical address is base page + page offset */
5710 }
5711 }
5712
5717}
Definition: typedefs.h:103
_Must_inspect_result_ typedef _In_ PHYSICAL_ADDRESS PhysicalAddress
Definition: iotypes.h:1098
◆ MmGetVirtualForPhysical()
| PVOID NTAPI MmGetVirtualForPhysical | ( | IN PHYSICAL_ADDRESS | PhysicalAddress | ) |
◆ MmSecureVirtualMemory()
Definition at line 2759 of file virtual.c.
2762{
2765}
Referenced by EngSecureMem(), and EngSecureMemForRead().
◆ MmUnsecureVirtualMemory()
Definition at line 2772 of file virtual.c.
Referenced by EngUnsecureMem().
◆ NtAllocateVirtualMemory()
| NTSTATUS NTAPI NtAllocateVirtualMemory | ( | IN HANDLE | ProcessHandle, |
| IN OUT PVOID * | UBaseAddress, | ||
| IN ULONG_PTR | ZeroBits, | ||
| IN OUT PSIZE_T | URegionSize, | ||
| IN ULONG | AllocationType, | ||
| IN ULONG | Protect | ||
| ) |
- Todo:
- HACK: pretend success
Definition at line 4457 of file virtual.c.
4463{
4468 PVOID PBaseAddress;
4469 ULONG_PTR PRegionSize, StartingAddress, EndingAddress;
4475 ULONG ProtectionMask, QuotaCharge = 0, QuotaFree = 0;
4478 PMMPTE PointerPte, LastPte;
4479 PMMPDE PointerPde;
4481 PAGED_CODE();
4482
4483 /* Check for valid Zero bits */
4485 {
4488 }
4489
4490 /* Check for valid Allocation Types */
4493 {
4496 }
4497
4498 /* Check for at least one of these Allocation Types to be set */
4500 {
4503 }
4504
4505 /* MEM_RESET is an exclusive flag, make sure that is valid too */
4507 {
4510 }
4511
4512 /* Check if large pages are being used */
4514 {
4515 /* Large page allocations MUST be committed */
4517 {
4520 }
4521
4522 /* These flags are not allowed with large page allocations */
4524 {
4527 }
4528 }
4529
4530 /* MEM_WRITE_WATCH can only be used if MEM_RESERVE is also used */
4532 {
4535 }
4536
4537 /* Check for valid MEM_PHYSICAL usage */
4539 {
4540 /* MEM_PHYSICAL can only be used if MEM_RESERVE is also used */
4542 {
4545 }
4546
4547 /* Only these flags are allowed with MEM_PHYSIAL */
4549 {
4552 }
4553
4554 /* Then make sure PAGE_READWRITE is used */
4556 {
4559 }
4560 }
4561
4562 /* Calculate the protection mask and make sure it's valid */
4565 {
4568 }
4569
4570 /* Enter SEH */
4571 _SEH2_TRY
4572 {
4573 /* Check for user-mode parameters */
4575 {
4576 /* Make sure they are writable */
4577 ProbeForWritePointer(UBaseAddress);
4578 ProbeForWriteSize_t(URegionSize);
4579 }
4580
4581 /* Capture their values */
4582 PBaseAddress = *UBaseAddress;
4583 PRegionSize = *URegionSize;
4584 }
4586 {
4587 /* Return the exception code */
4589 }
4590 _SEH2_END;
4591
4592 /* Make sure the allocation isn't past the VAD area */
4594 {
4597 }
4598
4599 /* Make sure the allocation wouldn't overflow past the VAD area */
4601 {
4604 }
4605
4606 /* Make sure there's a size specified */
4607 if (!PRegionSize)
4608 {
4611 }
4612
4613 //
4614 // If this is for the current process, just use PsGetCurrentProcess
4615 //
4617 {
4618 Process = CurrentProcess;
4619 }
4620 else
4621 {
4622 //
4623 // Otherwise, reference the process with VM rights and attach to it if
4624 // this isn't the current process. We must attach because we'll be touching
4625 // PTEs and PDEs that belong to user-mode memory, and also touching the
4626 // Working Set which is stored in Hyperspace.
4627 //
4629 PROCESS_VM_OPERATION,
4630 PsProcessType,
4631 PreviousMode,
4633 NULL);
4636 {
4639 }
4640 }
4641
4642 DPRINT("NtAllocateVirtualMemory: Process 0x%p, Address 0x%p, Zerobits %lu , RegionSize 0x%x, Allocation type 0x%x, Protect 0x%x.\n",
4644
4645 //
4646 // Check for large page allocations and make sure that the required privilege
4647 // is being held, before attempting to handle them.
4648 //
4651 {
4652 /* Fail without it */
4655 goto FailPathNoLock;
4656 }
4657
4658 //
4659 // Fail on the things we don't yet support
4660 //
4662 {
4665 goto FailPathNoLock;
4666 }
4668 {
4671 goto FailPathNoLock;
4672 }
4674 {
4677 goto FailPathNoLock;
4678 }
4679
4680 //
4681 // Check if the caller is reserving memory, or committing memory and letting
4682 // us pick the base address
4683 //
4685 {
4686 //
4687 // Do not allow COPY_ON_WRITE through this API
4688 //
4690 {
4693 goto FailPathNoLock;
4694 }
4695
4696 //
4697 // Does the caller have an address in mind, or is this a blind commit?
4698 //
4699 if (!PBaseAddress)
4700 {
4701 //
4702 // This is a blind commit, all we need is the region size
4703 //
4704 PRegionSize = ROUND_TO_PAGES(PRegionSize);
4705 EndingAddress = 0;
4706 StartingAddress = 0;
4707
4708 //
4709 // Check if ZeroBits were specified
4710 //
4712 {
4713 //
4714 // Calculate the highest address and check if it's valid
4715 //
4718 {
4720 goto FailPathNoLock;
4721 }
4722 }
4723 }
4724 else
4725 {
4726 //
4727 // This is a reservation, so compute the starting address on the
4728 // expected 64KB granularity, and see where the ending address will
4729 // fall based on the aligned address and the passed in region size
4730 //
4733 StartingAddress = (ULONG_PTR)PBaseAddress;
4734 }
4735
4736 // Charge quotas for the VAD
4739 {
4741 goto FailPathNoLock;
4742 }
4743
4745
4746 //
4747 // Allocate and initialize the VAD
4748 //
4751 {
4754 goto FailPathNoLock;
4755 }
4756
4762
4763 //
4764 // Insert the VAD
4765 //
4767 &StartingAddress,
4768 PRegionSize,
4769 HighestAddress,
4770 MM_VIRTMEM_GRANULARITY,
4771 AllocationType);
4773 {
4776 goto FailPathNoLock;
4777 }
4778
4779 //
4780 // Detach and dereference the target process if
4781 // it was different from the current process
4782 //
4785
4786 //
4787 // Use SEH to write back the base address and the region size. In the case
4788 // of an exception, we do not return back the exception code, as the memory
4789 // *has* been allocated. The caller would now have to call VirtualQuery
4790 // or do some other similar trick to actually find out where its memory
4791 // allocation ended up
4792 //
4793 _SEH2_TRY
4794 {
4795 *URegionSize = PRegionSize;
4796 *UBaseAddress = (PVOID)StartingAddress;
4797 }
4799 {
4800 //
4801 // Ignore exception!
4802 //
4803 }
4804 _SEH2_END;
4807 }
4808
4809 //
4810 // This is a MEM_COMMIT on top of an existing address which must have been
4811 // MEM_RESERVED already. Compute the start and ending base addresses based
4812 // on the user input, and then compute the actual region size once all the
4813 // alignments have been done.
4814 //
4817 PRegionSize = EndingAddress - StartingAddress + 1;
4818
4819 //
4820 // Lock the address space and make sure the process isn't already dead
4821 //
4825 {
4828 goto FailPath;
4829 }
4830
4831 //
4832 // Get the VAD for this address range, and make sure it exists
4833 //
4835 EndingAddress >> PAGE_SHIFT,
4836 &Process->VadRoot,
4837 (PMMADDRESS_NODE*)&FoundVad);
4839 {
4842 goto FailPath;
4843 }
4844
4846 {
4850 goto FailPath;
4851 }
4852
4853 //
4854 // These kinds of VADs are illegal for this Windows function when trying to
4855 // commit an existing range
4856 //
4858 (FoundVad->u.VadFlags.VadType == VadDevicePhysicalMemory) ||
4859 (FoundVad->u.VadFlags.VadType == VadLargePages))
4860 {
4863 goto FailPath;
4864 }
4865
4866 //
4867 // Make sure that this address range actually fits within the VAD for it
4868 //
4870 ((EndingAddress >> PAGE_SHIFT) > FoundVad->EndingVpn))
4871 {
4874 goto FailPath;
4875 }
4876
4877 //
4878 // Make sure this is an ARM3 section
4879 //
4881 {
4884 goto FailPath;
4885 }
4886
4887 // Is this a previously reserved section being committed? If so, enter the
4888 // special section path
4889 //
4891 {
4892 //
4893 // You cannot commit large page sections through this API
4894 //
4896 {
4899 goto FailPath;
4900 }
4901
4902 //
4903 // You can only use caching flags on a rotate VAD
4904 //
4906 (FoundVad->u.VadFlags.VadType != VadRotatePhysical))
4907 {
4910 goto FailPath;
4911 }
4912
4913 //
4914 // We should make sure that the section's permissions aren't being
4915 // messed with
4916 //
4917 if (FoundVad->u.VadFlags.NoChange)
4918 {
4919 //
4920 // Make sure it's okay to touch it
4921 // Note: The Windows 2003 kernel has a bug here, passing the
4922 // unaligned base address together with the aligned size,
4923 // potentially covering a region larger than the actual allocation.
4924 // Might be exposed through NtGdiCreateDIBSection w/ section handle
4925 // For now we keep this behavior.
4926 // TODO: analyze possible implications, create test case
4927 //
4929 PBaseAddress,
4930 PRegionSize,
4931 ProtectionMask);
4933 {
4935 goto FailPath;
4936 }
4937 }
4938
4939 //
4940 // ARM3 does not support file-backed sections, only shared memory
4941 //
4943
4944 //
4945 // Rotate VADs cannot be guard pages or inaccessible, nor copy on write
4946 //
4949 {
4952 goto FailPath;
4953 }
4954
4955 //
4956 // Compute PTE addresses and the quota charge, then grab the commit lock
4957 //
4960 QuotaCharge = (ULONG)(LastPte - PointerPte + 1);
4962
4963 //
4964 // Get the segment template PTE and start looping each page
4965 //
4966 TempPte = FoundVad->ControlArea->Segment->SegmentPteTemplate;
4968 while (PointerPte <= LastPte)
4969 {
4970 //
4971 // For each non-already-committed page, write the invalid template PTE
4972 //
4974 {
4976 }
4977 else
4978 {
4979 QuotaFree++;
4980 }
4981 PointerPte++;
4982 }
4983
4984 //
4985 // Now do the commit accounting and release the lock
4986 //
4987 ASSERT(QuotaCharge >= QuotaFree);
4988 QuotaCharge -= QuotaFree;
4989 FoundVad->ControlArea->Segment->NumberOfCommittedPages += QuotaCharge;
4991
4992 //
4993 // We are done with committing the section pages
4994 //
4996 goto FailPath;
4997 }
4998
4999 //
5000 // This is a specific ReactOS check because we only use normal VADs
5001 //
5003
5004 //
5005 // While this is an actual Windows check
5006 //
5008
5009 //
5010 // Throw out attempts to use copy-on-write through this API path
5011 //
5013 {
5016 goto FailPath;
5017 }
5018
5019 //
5020 // Initialize a demand-zero PTE
5021 //
5022 TempPte.u.Long = 0;
5023 TempPte.u.Soft.Protection = ProtectionMask;
5025
5026 //
5027 // Get the PTE, PDE and the last PTE for this address range
5028 //
5029 PointerPde = MiAddressToPde(StartingAddress);
5030 PointerPte = MiAddressToPte(StartingAddress);
5031 LastPte = MiAddressToPte(EndingAddress);
5032
5033 //
5034 // Update the commit charge in the VAD as well as in the process, and check
5035 // if this commit charge was now higher than the last recorded peak, in which
5036 // case we also update the peak
5037 //
5038 FoundVad->u.VadFlags.CommitCharge += (1 + LastPte - PointerPte);
5039 Process->CommitCharge += (1 + LastPte - PointerPte);
5041 {
5043 }
5044
5045 //
5046 // Lock the working set while we play with user pages and page tables
5047 //
5049
5050 //
5051 // Make the current page table valid, and then loop each page within it
5052 //
5054 while (PointerPte <= LastPte)
5055 {
5056 //
5057 // Have we crossed into a new page table?
5058 //
5060 {
5061 //
5062 // Get the PDE and now make it valid too
5063 //
5064 PointerPde = MiPteToPde(PointerPte);
5066 }
5067
5068 //
5069 // Is this a zero PTE as expected?
5070 //
5072 {
5073 //
5074 // First increment the count of pages in the page table for this
5075 // process
5076 //
5078
5079 //
5080 // And now write the invalid demand-zero PTE as requested
5081 //
5083 }
5085 {
5086 //
5087 // If the PTE was already decommitted, there is nothing else to do
5088 // but to write the new demand-zero PTE
5089 //
5091 }
5093 {
5094 //
5095 // We don't handle these scenarios yet
5096 //
5098 {
5101 }
5102
5103 //
5104 // There's a change in protection, remember this for later, but do
5105 // not yet handle it.
5106 //
5107 ChangeProtection = TRUE;
5108 }
5109
5110 //
5111 // Move to the next PTE
5112 //
5113 PointerPte++;
5114 }
5115
5116 //
5117 // Release the working set lock, unlock the address space, and detach from
5118 // the target process if it was not the current process. Also dereference the
5119 // target process if this wasn't the case.
5120 //
5123FailPath:
5125
5127 {
5129 {
5131 }
5132 }
5133
5134 //
5135 // Check if we need to update the protection
5136 //
5137 if (ChangeProtection)
5138 {
5140 SIZE_T ProtectSize = PRegionSize;
5141 ULONG OldProtection;
5142
5143 //
5144 // Change the protection of the region
5145 //
5147 &ProtectBaseAddress,
5148 &ProtectSize,
5149 Protect,
5150 &OldProtection);
5151 }
5152
5153FailPathNoLock:
5156
5157 //
5158 // Only write back results on success
5159 //
5161 {
5162 //
5163 // Use SEH to write back the base address and the region size. In the case
5164 // of an exception, we strangely do return back the exception code, even
5165 // though the memory *has* been allocated. This mimics Windows behavior and
5166 // there is not much we can do about it.
5167 //
5168 _SEH2_TRY
5169 {
5170 *URegionSize = PRegionSize;
5171 *UBaseAddress = (PVOID)StartingAddress;
5172 }
5174 {
5176 }
5177 _SEH2_END;
5178 }
5180 {
5182 }
5183
5185}
VOID FASTCALL KeReleaseGuardedMutexUnsafe(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:75
VOID FASTCALL KeAcquireGuardedMutexUnsafe(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:64
NTSTATUS NTAPI MiInsertVadEx(_Inout_ PMMVAD Vad, _In_ ULONG_PTR *BaseAddress, _In_ SIZE_T ViewSize, _In_ ULONG_PTR HighestAddress, _In_ ULONG_PTR Alignment, _In_ ULONG AllocationType)
Definition: vadnode.c:245
NTSTATUS NTAPI MiCheckSecuredVad(IN PMMVAD Vad, IN PVOID Base, IN SIZE_T Size, IN ULONG ProtectionMask)
Definition: vadnode.c:815
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR ZeroBits
Definition: mmfuncs.h:405
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG AllocationType
Definition: mmfuncs.h:410
NTSTATUS NTAPI MiProtectVirtualMemory(IN PEPROCESS Process, IN OUT PVOID *BaseAddress, IN OUT PSIZE_T NumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG OldAccessProtection OPTIONAL)
Definition: virtual.c:2160
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Charges the non paged pool quota of a given process.
Definition: quota.c:811
VOID NTAPI PsReturnProcessNonPagedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Returns the non paged quota pool that the process was taking up.
Definition: quota.c:938
Definition: mmtypes.h:750
#define ROUND_TO_PAGES(Size)
Referenced by Allocate(), AllocateGuarded(), AllocateReadOnly(), BaseCreateStack(), BaseCreateVDMEnvironment(), BasePushProcessParameters(), CheckAdjacentVADs(), CheckAlignment(), CheckSize(), CheckSomeDefaultAddresses(), CopyLoop(), CreateProcessInternalW(), DiscardVirtualMemory(), LsapAllocateClientBuffer(), LsapEnumLogonSessions(), LsapGetLogonSessionData(), MakeReadOnly(), MemInitialize(), PsaiMalloc(), RtlCreateEnvironment(), RtlCreateQueryDebugBuffer(), RtlpDebugBufferCommit(), RtlSetEnvironmentVariable(), START_TEST(), Test_ImageSection(), Test_ImageSection2(), Test_NtFreeVirtualMemory(), Test_PageFileSection(), TestFreeNoAccess(), TestReadWrite(), TH32CreateSnapshot(), VDDAllocMem(), VDDDeInstallMemoryHook(), VirtualAllocEx(), and VirtualAllocFromApp().
◆ NtFlushInstructionCache()
| NTSTATUS NTAPI NtFlushInstructionCache | ( | _In_ HANDLE | ProcessHandle, |
| _In_opt_ PVOID | BaseAddress, | ||
| _In_ SIZE_T | FlushSize | ||
| ) |
Definition at line 3009 of file virtual.c.
3012{
3016 PAGED_CODE();
3017
3018 /* Is a base address given? */
3020 {
3021 /* If the requested size is 0, there is nothing to do */
3022 if (FlushSize == 0)
3023 {
3025 }
3026
3027 /* Is this a user mode call? */
3029 {
3030 /* Make sure the base address is in user space */
3032 {
3035 }
3036 }
3037 }
3038
3039 /* Is another process requested? */
3041 {
3042 /* Reference the process */
3044 PROCESS_VM_WRITE,
3045 PsProcessType,
3046 ExGetPreviousMode(),
3048 NULL);
3050 {
3053 }
3054
3055 /* Attach to the process */
3057 }
3058
3059 /* Forward to Ke */
3061
3062 /* Check if we attached */
3064 {
3065 /* Detach from the process and dereference it */
3068 }
3069
3070 /* All done, return to caller */
3072}
FORCEINLINE VOID KeSweepICache(IN PVOID BaseAddress, IN SIZE_T FlushSize)
Definition: ke.h:282
Definition: ketypes.h:2211
Referenced by FixupDll(), FlushInstructionCache(), and WriteProcessMemory().
◆ NtFlushVirtualMemory()
| NTSTATUS NTAPI NtFlushVirtualMemory | ( | IN HANDLE | ProcessHandle, |
| IN OUT PVOID * | BaseAddress, | ||
| IN OUT PSIZE_T | NumberOfBytesToFlush, | ||
| OUT PIO_STATUS_BLOCK | IoStatusBlock | ||
| ) |
Definition at line 4000 of file virtual.c.
4004{
4008 PVOID CapturedBaseAddress;
4009 SIZE_T CapturedBytesToFlush;
4010 IO_STATUS_BLOCK LocalStatusBlock;
4011 PAGED_CODE();
4012
4013 //
4014 // Check if we came from user mode
4015 //
4017 {
4018 //
4019 // Enter SEH for probing
4020 //
4021 _SEH2_TRY
4022 {
4023 //
4024 // Validate all outputs
4025 //
4027 ProbeForWriteSize_t(NumberOfBytesToFlush);
4029
4030 //
4031 // Capture them
4032 //
4033 CapturedBaseAddress = *BaseAddress;
4034 CapturedBytesToFlush = *NumberOfBytesToFlush;
4035 }
4037 {
4038 //
4039 // Get exception code
4040 //
4042 }
4043 _SEH2_END;
4044 }
4045 else
4046 {
4047 //
4048 // Capture directly
4049 //
4050 CapturedBaseAddress = *BaseAddress;
4051 CapturedBytesToFlush = *NumberOfBytesToFlush;
4052 }
4053
4054 //
4055 // Catch illegal base address
4056 //
4058
4059 //
4060 // Catch illegal region size
4061 //
4063 {
4064 //
4065 // Fail
4066 //
4068 }
4069
4070 //
4071 // Get a reference to the process
4072 //
4074 PROCESS_VM_OPERATION,
4075 PsProcessType,
4076 PreviousMode,
4078 NULL);
4080
4081 //
4082 // Do it
4083 //
4085 &CapturedBaseAddress,
4086 &CapturedBytesToFlush,
4087 &LocalStatusBlock);
4088
4089 //
4090 // Release reference
4091 //
4093
4094 //
4095 // Enter SEH to return data
4096 //
4097 _SEH2_TRY
4098 {
4099 //
4100 // Return data to user
4101 //
4103 *NumberOfBytesToFlush = 0;
4104 *IoStatusBlock = LocalStatusBlock;
4105 }
4107 {
4108 }
4109 _SEH2_END;
4110
4111 //
4112 // Return status
4113 //
4115}
NTSTATUS NTAPI MmFlushVirtualMemory(IN PEPROCESS Process, IN OUT PVOID *BaseAddress, IN OUT PSIZE_T RegionSize, OUT PIO_STATUS_BLOCK IoStatusBlock)
Definition: virtual.c:1342
Definition: env_spec_w32.h:870
Referenced by FlushViewOfFile(), and Test_ImageSection().
◆ NtFreeVirtualMemory()
| NTSTATUS NTAPI NtFreeVirtualMemory | ( | IN HANDLE | ProcessHandle, |
| IN PVOID * | UBaseAddress, | ||
| IN PSIZE_T | URegionSize, | ||
| IN ULONG | FreeType | ||
| ) |
Definition at line 5192 of file virtual.c.
5196{
5197 SIZE_T PRegionSize;
5198 PVOID PBaseAddress;
5199 LONG_PTR AlreadyDecommitted, CommitReduction = 0;
5200 LONG_PTR FirstCommit;
5201 ULONG_PTR StartingAddress, EndingAddress;
5202 PMMVAD Vad;
5203 PMMVAD NewVad;
5212 PAGED_CODE();
5213
5214 //
5215 // Only two flags are supported, exclusively.
5216 //
5218 {
5221 }
5222
5223 //
5224 // Enter SEH for probe and capture. On failure, return back to the caller
5225 // with an exception violation.
5226 //
5227 _SEH2_TRY
5228 {
5229 //
5230 // Check for user-mode parameters and make sure that they are writeable
5231 //
5233 {
5234 ProbeForWritePointer(UBaseAddress);
5235 ProbeForWriteUlong(URegionSize);
5236 }
5237
5238 //
5239 // Capture the current values
5240 //
5241 PBaseAddress = *UBaseAddress;
5242 PRegionSize = *URegionSize;
5243 }
5245 {
5247 }
5248 _SEH2_END;
5249
5250 //
5251 // Make sure the allocation isn't past the user area
5252 //
5254 {
5257 }
5258
5259 //
5260 // Make sure the allocation wouldn't overflow past the user area
5261 //
5263 {
5266 }
5267
5268 //
5269 // If this is for the current process, just use PsGetCurrentProcess
5270 //
5272 {
5273 Process = CurrentProcess;
5274 }
5275 else
5276 {
5277 //
5278 // Otherwise, reference the process with VM rights and attach to it if
5279 // this isn't the current process. We must attach because we'll be touching
5280 // PTEs and PDEs that belong to user-mode memory, and also touching the
5281 // Working Set which is stored in Hyperspace.
5282 //
5284 PROCESS_VM_OPERATION,
5285 PsProcessType,
5286 PreviousMode,
5288 NULL);
5291 {
5294 }
5295 }
5296
5299
5300 //
5301 // Lock the address space
5302 //
5305
5306 //
5307 // If the address space is being deleted, fail the de-allocation since it's
5308 // too late to do anything about it
5309 //
5311 {
5314 goto FailPath;
5315 }
5316
5317 //
5318 // Compute start and end addresses, and locate the VAD
5319 //
5323 if (!Vad)
5324 {
5327 goto FailPath;
5328 }
5329
5330 //
5331 // If the range exceeds the VAD's ending VPN, fail this request
5332 //
5334 {
5337 goto FailPath;
5338 }
5339
5340 //
5341 // Only private memory (except rotate VADs) can be freed through here */
5342 //
5346 {
5349 goto FailPath;
5350 }
5351
5352 //
5353 // ARM3 does not yet handle protected VM
5354 //
5356
5357 //
5358 // Now we can try the operation. First check if this is a RELEASE or a DECOMMIT
5359 //
5361 {
5362 //
5363 // ARM3 only supports this VAD in this path
5364 //
5366
5367 //
5368 // Is the caller trying to remove the whole VAD, or remove only a portion
5369 // of it? If no region size is specified, then the assumption is that the
5370 // whole VAD is to be destroyed
5371 //
5372 if (!PRegionSize)
5373 {
5374 //
5375 // The caller must specify the base address identically to the range
5376 // that is stored in the VAD.
5377 //
5379 {
5382 goto FailPath;
5383 }
5384
5385 //
5386 // Now compute the actual start/end addresses based on the VAD
5387 //
5390
5391 //
5392 // Finally lock the working set and remove the VAD from the VAD tree
5393 //
5398 }
5399 else
5400 {
5401 //
5402 // This means the caller wants to release a specific region within
5403 // the range. We have to find out which range this is -- the following
5404 // possibilities exist plus their union (CASE D):
5405 //
5406 // STARTING ADDRESS ENDING ADDRESS
5407 // [<========][========================================][=========>]
5408 // CASE A CASE B CASE C
5409 //
5410 //
5411 // First, check for case A or D
5412 //
5414 {
5415 //
5416 // Check for case D
5417 //
5419 {
5420 //
5421 // Case D (freeing the entire region)
5422 //
5423 // This is the easiest one to handle -- it is identical to
5424 // the code path above when the caller sets a zero region size
5425 // and the whole VAD is destroyed
5426 //
5431 }
5432 else
5433 {
5434 //
5435 // Case A (freeing a part at the beginning)
5436 //
5437 // This case is pretty easy too -- we compute a bunch of
5438 // pages to decommit, and then push the VAD's starting address
5439 // a bit further down, then decrement the commit charge
5440 //
5442 CommitReduction = MiCalculatePageCommitment(StartingAddress,
5443 EndingAddress,
5444 Vad,
5445 Process);
5448
5449 //
5450 // After analyzing the VAD, set it to NULL so that we don't
5451 // free it in the exit path
5452 //
5453 Vad = NULL;
5454 }
5455 }
5456 else
5457 {
5458 //
5459 // This is case B or case C. First check for case C
5460 //
5462 {
5463 //
5464 // Case C (freeing a part at the end)
5465 //
5466 // This is pretty easy and similar to case A. We compute the
5467 // amount of pages to decommit, update the VAD's commit charge
5468 // and then change the ending address of the VAD to be a bit
5469 // smaller.
5470 //
5472 CommitReduction = MiCalculatePageCommitment(StartingAddress,
5473 EndingAddress,
5474 Vad,
5475 Process);
5478 }
5479 else
5480 {
5481 //
5482 // Case B (freeing a part in the middle)
5483 //
5484 // This is the hardest one. Because we are removing a chunk
5485 // of memory from the very middle of the VAD, we must actually
5486 // split the VAD into two new VADs and compute the commit
5487 // charges for each of them, and reinsert new charges.
5488 //
5491 {
5494 goto FailPath;
5495 }
5496
5497 // Charge quota for the new VAD
5499
5501 {
5505 goto FailPath;
5506 }
5507
5508 //
5509 // This new VAD describes the second chunk, so we keep the end
5510 // address of the original and adjust the start to point past
5511 // the released region.
5512 // The commit charge will be calculated below.
5513 //
5519
5520 //
5521 // Get the commit charge for the released region
5522 //
5524 CommitReduction = MiCalculatePageCommitment(StartingAddress,
5525 EndingAddress,
5526 Vad,
5527 Process);
5528
5529 //
5530 // Adjust the end of the original VAD (first chunk).
5531 //
5533
5534 //
5535 // Now the addresses for both VADs are consistent,
5536 // so insert the new one.
5537 // ReactOS: This will take care of creating a second MEMORY_AREA.
5538 //
5540
5541 //
5542 // Calculate the commit charge for the first split.
5543 // The second chunk's size is the original size, minus the
5544 // released region's size, minus this first chunk.
5545 //
5547 StartingAddress - 1,
5548 Vad,
5549 Process);
5550 NewVad->u.VadFlags.CommitCharge = Vad->u.VadFlags.CommitCharge - CommitReduction - FirstCommit;
5552 }
5553
5554 //
5555 // After analyzing the VAD, set it to NULL so that we don't
5556 // free it in the exit path
5557 //
5558 Vad = NULL;
5559 }
5560 }
5561
5562 //
5563 // Now we have a range of pages to dereference, so call the right API
5564 // to do that and then release the working set, since we're done messing
5565 // around with process pages.
5566 //
5570
5571FinalPath:
5572 //
5573 // Update the process counters
5574 //
5575 PRegionSize = EndingAddress - StartingAddress + 1;
5576 Process->CommitCharge -= CommitReduction;
5578
5579 //
5580 // Unlock the address space and free the VAD in failure cases. Next,
5581 // detach from the target process so we can write the region size and the
5582 // base address to the correct source process, and dereference the target
5583 // process.
5584 //
5589
5590 //
5591 // Use SEH to safely return the region size and the base address of the
5592 // deallocation. If we get an access violation, don't return a failure code
5593 // as the deallocation *has* happened. The caller will just have to figure
5594 // out another way to find out where it is (such as VirtualQuery).
5595 //
5596 _SEH2_TRY
5597 {
5598 *URegionSize = PRegionSize;
5599 *UBaseAddress = (PVOID)StartingAddress;
5600 }
5602 {
5603 }
5604 _SEH2_END;
5606 }
5607
5608 //
5609 // This is the decommit path. You cannot decommit from the following VADs in
5610 // Windows, so fail the vall
5611 //
5615 {
5618 goto FailPath;
5619 }
5620
5621 //
5622 // If the caller did not specify a region size, first make sure that this
5623 // region is actually committed. If it is, then compute the ending address
5624 // based on the VAD.
5625 //
5626 if (!PRegionSize)
5627 {
5629 {
5632 goto FailPath;
5633 }
5635 }
5636
5637 //
5638 // Decommit the PTEs for the range plus the actual backing pages for the
5639 // range, then reduce that amount from the commit charge in the VAD
5640 //
5642 MiAddressToPte(EndingAddress),
5643 Process,
5644 Vad);
5645 CommitReduction = MiAddressToPte(EndingAddress) -
5646 MiAddressToPte(StartingAddress) +
5647 1 -
5648 AlreadyDecommitted;
5649
5650 ASSERT(CommitReduction >= 0);
5653
5654 //
5655 // We are done, go to the exit path without freeing the VAD as it remains
5656 // valid since we have not released the allocation.
5657 //
5658 Vad = NULL;
5660 goto FinalPath;
5661
5662 //
5663 // In the failure path, we detach and dereference the target process, and
5664 // return whatever failure code was sent.
5665 //
5666FailPath:
5671}
VOID NTAPI MiRemoveNode(IN PMMADDRESS_NODE Node, IN PMM_AVL_TABLE Table)
Definition: vadnode.c:403
VOID NTAPI MiInsertVad(_Inout_ PMMVAD Vad, _Inout_ PMM_AVL_TABLE VadRoot)
FORCEINLINE PVOID ExAllocatePoolZero(ULONG PoolType, SIZE_T NumberOfBytes, ULONG Tag)
Definition: precomp.h:45
ULONG NTAPI MiCalculatePageCommitment(IN ULONG_PTR StartingAddress, IN ULONG_PTR EndingAddress, IN PMMVAD Vad, IN PEPROCESS Process)
Definition: virtual.c:42
ULONG NTAPI MiDecommitPages(IN PVOID StartingAddress, IN PMMPTE EndingPte, IN PEPROCESS Process, IN PMMVAD Vad)
Definition: virtual.c:2592
VOID NTAPI MiDeleteVirtualAddresses(_In_ ULONG_PTR Va, _In_ ULONG_PTR EndingAddress, _In_opt_ PMMVAD Vad)
Definition: virtual.c:530
Referenced by Allocate(), AllocateGuarded(), BaseCreateStack(), BaseCreateVDMEnvironment(), BaseDestroyVDMEnvironment(), BaseFreeThreadStack(), CheckAdjacentVADs(), CheckAlignment(), CheckSize(), CheckSomeDefaultAddresses(), CopyLoop(), CreateProcessInternalW(), DeleteFiber(), Free(), FreeGuarded(), FreeReadOnly(), LsapFreeClientBuffer(), MakeReadOnly(), MemCleanup(), PsaiFree(), RtlDestroyEnvironment(), RtlDestroyHandleTable(), RtlDestroyQueryDebugBuffer(), RtlFreeUserThreadStack(), RtlSetEnvironmentVariable(), START_TEST(), Test_NtFreeVirtualMemory(), Test_NtFreeVirtualMemory_Parameters(), Test_PageFileSection(), TestFreeNoAccess(), TestReadWrite(), TH32CreateSnapshot(), TH32FreeAllocatedResources(), VDDFreeMem(), VDDInstallMemoryHook(), and VirtualFreeEx().
◆ NtGetWriteWatch()
| NTSTATUS NTAPI NtGetWriteWatch | ( | IN HANDLE | ProcessHandle, |
| IN ULONG | Flags, | ||
| IN PVOID | BaseAddress, | ||
| IN SIZE_T | RegionSize, | ||
| IN PVOID * | UserAddressArray, | ||
| OUT PULONG_PTR | EntriesInUserAddressArray, | ||
| OUT PULONG | Granularity | ||
| ) |
Definition at line 4122 of file virtual.c.
4129{
4132 PVOID EndAddress;
4134 ULONG_PTR CapturedEntryCount;
4135 PAGED_CODE();
4136
4137 //
4138 // Check if we came from user mode
4139 //
4141 {
4142 //
4143 // Enter SEH for probing
4144 //
4145 _SEH2_TRY
4146 {
4147 //
4148 // Catch illegal base address
4149 //
4151
4152 //
4153 // Catch illegal region size
4154 //
4156 {
4157 //
4158 // Fail
4159 //
4161 }
4162
4163 //
4164 // Validate all data
4165 //
4166 ProbeForWriteSize_t(EntriesInUserAddressArray);
4167 ProbeForWriteUlong(Granularity);
4168
4169 //
4170 // Capture them
4171 //
4172 CapturedEntryCount = *EntriesInUserAddressArray;
4173
4174 //
4175 // Must have a count
4176 //
4178
4179 //
4180 // Can't be larger than the maximum
4181 //
4183 {
4184 //
4185 // Fail
4186 //
4188 }
4189
4190 //
4191 // Probe the actual array
4192 //
4193 ProbeForWrite(UserAddressArray,
4196 }
4198 {
4199 //
4200 // Get exception code
4201 //
4203 }
4204 _SEH2_END;
4205 }
4206 else
4207 {
4208 //
4209 // Capture directly
4210 //
4211 CapturedEntryCount = *EntriesInUserAddressArray;
4212 ASSERT(CapturedEntryCount != 0);
4213 }
4214
4215 //
4216 // Check if this is a local request
4217 //
4219 {
4220 //
4221 // No need to reference the process
4222 //
4224 }
4225 else
4226 {
4227 //
4228 // Reference the target
4229 //
4231 PROCESS_VM_OPERATION,
4232 PsProcessType,
4233 PreviousMode,
4235 NULL);
4237 }
4238
4239 //
4240 // Compute the last address and validate it
4241 //
4244 {
4245 //
4246 // Fail
4247 //
4250 }
4251
4252 //
4253 // Oops :(
4254 //
4255 UNIMPLEMENTED;
4256
4257 //
4258 // Dereference if needed
4259 //
4261
4262 //
4263 // Enter SEH to return data
4264 //
4265 _SEH2_TRY
4266 {
4267 //
4268 // Return data to user
4269 //
4270 *EntriesInUserAddressArray = 0;
4271 *Granularity = PAGE_SIZE;
4272 }
4274 {
4275 //
4276 // Get exception code
4277 //
4279 }
4280 _SEH2_END;
4281
4282 //
4283 // Return success
4284 //
4286}
Referenced by GetWriteWatch().
◆ NtLockVirtualMemory()
| NTSTATUS NTAPI NtLockVirtualMemory | ( | IN HANDLE | ProcessHandle, |
| IN OUT PVOID * | BaseAddress, | ||
| IN OUT PSIZE_T | NumberOfBytesToLock, | ||
| IN ULONG | MapType | ||
| ) |
Definition at line 3494 of file virtual.c.
3498{
3505 PVOID CapturedBaseAddress;
3506 SIZE_T CapturedBytesToLock;
3507 PAGED_CODE();
3508
3509 //
3510 // Validate flags
3511 //
3513 {
3514 //
3515 // Invalid set of flags
3516 //
3518 }
3519
3520 //
3521 // At least one flag must be specified
3522 //
3524 {
3525 //
3526 // No flag given
3527 //
3529 }
3530
3531 //
3532 // Enter SEH for probing
3533 //
3534 _SEH2_TRY
3535 {
3536 //
3537 // Validate output data
3538 //
3540 ProbeForWriteSize_t(NumberOfBytesToLock);
3541
3542 //
3543 // Capture it
3544 //
3545 CapturedBaseAddress = *BaseAddress;
3546 CapturedBytesToLock = *NumberOfBytesToLock;
3547 }
3549 {
3550 //
3551 // Get exception code
3552 //
3554 }
3555 _SEH2_END;
3556
3557 //
3558 // Catch illegal base address
3559 //
3561
3562 //
3563 // Catch illegal region size
3564 //
3566 {
3567 //
3568 // Fail
3569 //
3571 }
3572
3573 //
3574 // 0 is also illegal
3575 //
3577
3578 //
3579 // Get a reference to the process
3580 //
3582 PROCESS_VM_OPERATION,
3583 PsProcessType,
3584 PreviousMode,
3586 NULL);
3588
3589 //
3590 // Check if this is is system-mapped
3591 //
3593 {
3594 //
3595 // Check for required privilege
3596 //
3598 {
3599 //
3600 // Fail: Don't have it
3601 //
3604 }
3605 }
3606
3607 //
3608 // Check if we should attach
3609 //
3611 {
3612 //
3613 // Do it
3614 //
3617 }
3618
3619 //
3620 // Call the internal function
3621 //
3623 &CapturedBytesToLock,
3624 MapType);
3625
3626 //
3627 // Detach if needed
3628 //
3630
3631 //
3632 // Release reference
3633 //
3635
3636 //
3637 // Enter SEH to return data
3638 //
3639 _SEH2_TRY
3640 {
3641 //
3642 // Return data to user
3643 //
3644 *BaseAddress = CapturedBaseAddress;
3645 *NumberOfBytesToLock = CapturedBytesToLock;
3646 }
3648 {
3649 //
3650 // Get exception code
3651 //
3653 }
3654 _SEH2_END;
3655
3656 //
3657 // Return status
3658 //
3660}
static NTSTATUS MiLockVirtualMemory(IN OUT PVOID *BaseAddress, IN OUT PSIZE_T RegionSize, IN ULONG MapType)
Definition: virtual.c:3346
Referenced by VirtualLock().
◆ NtProtectVirtualMemory()
| NTSTATUS NTAPI NtProtectVirtualMemory | ( | IN HANDLE | ProcessHandle, |
| IN OUT PVOID * | UnsafeBaseAddress, | ||
| IN OUT SIZE_T * | UnsafeNumberOfBytesToProtect, | ||
| IN ULONG | NewAccessProtection, | ||
| OUT PULONG | UnsafeOldAccessProtection | ||
| ) |
Definition at line 3076 of file virtual.c.
3081{
3083 ULONG OldAccessProtection;
3084 ULONG Protection;
3087 SIZE_T NumberOfBytesToProtect = 0;
3092 PAGED_CODE();
3093
3094 //
3095 // Check for valid protection flags
3096 //
3099 Protection != PAGE_READONLY &&
3100 Protection != PAGE_READWRITE &&
3101 Protection != PAGE_WRITECOPY &&
3102 Protection != PAGE_EXECUTE &&
3103 Protection != PAGE_EXECUTE_READ &&
3104 Protection != PAGE_EXECUTE_READWRITE &&
3105 Protection != PAGE_EXECUTE_WRITECOPY)
3106 {
3107 //
3108 // Fail
3109 //
3111 }
3112
3113 //
3114 // Check if we came from user mode
3115 //
3117 {
3118 //
3119 // Enter SEH for probing
3120 //
3121 _SEH2_TRY
3122 {
3123 //
3124 // Validate all outputs
3125 //
3126 ProbeForWritePointer(UnsafeBaseAddress);
3127 ProbeForWriteSize_t(UnsafeNumberOfBytesToProtect);
3128 ProbeForWriteUlong(UnsafeOldAccessProtection);
3129
3130 //
3131 // Capture them
3132 //
3133 BaseAddress = *UnsafeBaseAddress;
3134 NumberOfBytesToProtect = *UnsafeNumberOfBytesToProtect;
3135 }
3137 {
3138 //
3139 // Get exception code
3140 //
3142 }
3143 _SEH2_END;
3144 }
3145 else
3146 {
3147 //
3148 // Capture directly
3149 //
3150 BaseAddress = *UnsafeBaseAddress;
3151 NumberOfBytesToProtect = *UnsafeNumberOfBytesToProtect;
3152 }
3153
3154 //
3155 // Catch illegal base address
3156 //
3158
3159 //
3160 // Catch illegal region size
3161 //
3163 {
3164 //
3165 // Fail
3166 //
3168 }
3169
3170 //
3171 // 0 is also illegal
3172 //
3174
3175 //
3176 // Get a reference to the process
3177 //
3179 PROCESS_VM_OPERATION,
3180 PsProcessType,
3181 PreviousMode,
3183 NULL);
3185
3186 //
3187 // Check if we should attach
3188 //
3190 {
3191 //
3192 // Do it
3193 //
3196 }
3197
3198 //
3199 // Do the actual work
3200 //
3202 &BaseAddress,
3203 &NumberOfBytesToProtect,
3204 NewAccessProtection,
3205 &OldAccessProtection);
3206
3207 //
3208 // Detach if needed
3209 //
3211
3212 //
3213 // Release reference
3214 //
3216
3217 //
3218 // Enter SEH to return data
3219 //
3220 _SEH2_TRY
3221 {
3222 //
3223 // Return data to user
3224 //
3225 *UnsafeOldAccessProtection = OldAccessProtection;
3226 *UnsafeBaseAddress = BaseAddress;
3227 *UnsafeNumberOfBytesToProtect = NumberOfBytesToProtect;
3228 }
3230 {
3231 }
3232 _SEH2_END;
3233
3234 //
3235 // Return status
3236 //
3238}
Referenced by AVrfpSnapDllImports(), BaseCreateStack(), BasepCheckForReadOnlyResource(), LdrpSnapIAT(), SeiPatchNewImport(), Test_PageFileSection(), TestFreeNoAccess(), TestReadWrite(), VirtualProtectEx(), Write(), and WriteProcessMemory().
◆ NtQueryVirtualMemory()
| NTSTATUS NTAPI NtQueryVirtualMemory | ( | IN HANDLE | ProcessHandle, |
| IN PVOID | BaseAddress, | ||
| IN MEMORY_INFORMATION_CLASS | MemoryInformationClass, | ||
| OUT PVOID | MemoryInformation, | ||
| IN SIZE_T | MemoryInformationLength, | ||
| OUT PSIZE_T | ReturnLength | ||
| ) |
Definition at line 4374 of file virtual.c.
4380{
4383
4385
4386 /* Bail out if the address is invalid */
4388
4389 /* Probe return buffer */
4392 {
4393 _SEH2_TRY
4394 {
4395 ProbeForWrite(MemoryInformation,
4396 MemoryInformationLength,
4398
4400 }
4402 {
4404 }
4405 _SEH2_END;
4406
4408 {
4410 }
4411 }
4412
4413 switch(MemoryInformationClass)
4414 {
4416 /* Validate the size information of the class */
4418 {
4419 /* The size is invalid */
4421 }
4423 BaseAddress,
4424 MemoryInformation,
4425 MemoryInformationLength,
4426 ReturnLength);
4427 break;
4428
4430 /* Validate the size information of the class */
4432 {
4433 /* The size is invalid */
4435 }
4437 BaseAddress,
4438 MemoryInformation,
4439 MemoryInformationLength,
4440 ReturnLength);
4441 break;
4444 default:
4446 break;
4447 }
4448
4450}
NTSTATUS NTAPI MiQueryMemorySectionName(IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID MemoryInformation, IN SIZE_T MemoryInformationLength, OUT PSIZE_T ReturnLength)
Definition: section.c:1754
NTSTATUS NTAPI MiQueryMemoryBasicInformation(IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID MemoryInformation, IN SIZE_T MemoryInformationLength, OUT PSIZE_T ReturnLength)
Definition: virtual.c:1667
Definition: mmtypes.h:325
Referenced by BasepCheckForReadOnlyResource(), CheckAdjacentVADs(), GetMappedFileNameW(), infinite_recursive(), InitFunctionPtrs(), LdrpInit(), QueryVirtualMemoryInformation(), QueryWorkingSet(), QueryWorkingSetEx(), RtlCreateEnvironment(), RtlSetEnvironmentVariable(), START_TEST(), and VirtualQueryEx().
◆ NtReadVirtualMemory()
| NTSTATUS NTAPI NtReadVirtualMemory | ( | IN HANDLE | ProcessHandle, |
| IN PVOID | BaseAddress, | ||
| OUT PVOID | Buffer, | ||
| IN SIZE_T | NumberOfBytesToRead, | ||
| OUT PSIZE_T NumberOfBytesRead | OPTIONAL | ||
| ) |
Definition at line 2781 of file virtual.c.
2786{
2791 PAGED_CODE();
2792
2793 //
2794 // Check if we came from user mode
2795 //
2797 {
2798 //
2799 // Validate the read addresses
2800 //
2805 {
2806 //
2807 // Don't allow to write into kernel space
2808 //
2810 }
2811
2812 //
2813 // Enter SEH for probe
2814 //
2815 _SEH2_TRY
2816 {
2817 //
2818 // Probe the output value
2819 //
2821 }
2823 {
2824 //
2825 // Get exception code
2826 //
2828 }
2829 _SEH2_END;
2830 }
2831
2832 //
2833 // Don't do zero-byte transfers
2834 //
2835 if (NumberOfBytesToRead)
2836 {
2837 //
2838 // Reference the process
2839 //
2841 PROCESS_VM_READ,
2842 PsProcessType,
2843 PreviousMode,
2845 NULL);
2847 {
2848 //
2849 // Do the copy
2850 //
2852 BaseAddress,
2853 PsGetCurrentProcess(),
2854 Buffer,
2855 NumberOfBytesToRead,
2856 PreviousMode,
2857 &BytesRead);
2858
2859 //
2860 // Dereference the process
2861 //
2863 }
2864 }
2865
2866 //
2867 // Check if the caller sent this parameter
2868 //
2869 if (NumberOfBytesRead)
2870 {
2871 //
2872 // Enter SEH to guard write
2873 //
2874 _SEH2_TRY
2875 {
2876 //
2877 // Return the number of bytes read
2878 //
2879 *NumberOfBytesRead = BytesRead;
2880 }
2882 {
2883 }
2884 _SEH2_END;
2885 }
2886
2887 //
2888 // Return status
2889 //
2891}
Definition: bufpool.h:45
NTSTATUS NTAPI MmCopyVirtualMemory(IN PEPROCESS SourceProcess, IN PVOID SourceAddress, IN PEPROCESS TargetProcess, OUT PVOID TargetAddress, IN SIZE_T BufferSize, IN KPROCESSOR_MODE PreviousMode, OUT PSIZE_T ReturnSize)
Definition: virtual.c:1271
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR _In_opt_ PLONGLONG _In_opt_ PWDF_REQUEST_SEND_OPTIONS _Out_opt_ PULONG_PTR BytesRead
Definition: wdfiotarget.h:870
Referenced by CON_API(), ConSrvConnect(), CreateProcessInternalW(), FixupDll(), InitFunctionPtrs(), LsapCallAuthenticationPackage(), LsapCopyFromClientBuffer(), LsapCopyLocalGroups(), LsapLogonUser(), PsaEnumerateProcessModules(), ReadProcessMemory(), RtlFreeUserThreadStack(), RtlpQueryRemoteProcessModules(), RtlReadOutOfProcessMemoryStream(), UserpCaptureStringParameters(), and UserpGetClientFileName().
◆ NtResetWriteWatch()
| NTSTATUS NTAPI NtResetWriteWatch | ( | IN HANDLE | ProcessHandle, |
| IN PVOID | BaseAddress, | ||
| IN SIZE_T | RegionSize | ||
| ) |
Definition at line 4293 of file virtual.c.
4296{
4297 PVOID EndAddress;
4302
4303 //
4304 // Catch illegal base address
4305 //
4307
4308 //
4309 // Catch illegal region size
4310 //
4312 {
4313 //
4314 // Fail
4315 //
4317 }
4318
4319 //
4320 // Check if this is a local request
4321 //
4323 {
4324 //
4325 // No need to reference the process
4326 //
4328 }
4329 else
4330 {
4331 //
4332 // Reference the target
4333 //
4335 PROCESS_VM_OPERATION,
4336 PsProcessType,
4337 PreviousMode,
4339 NULL);
4341 }
4342
4343 //
4344 // Compute the last address and validate it
4345 //
4348 {
4349 //
4350 // Fail
4351 //
4354 }
4355
4356 //
4357 // Oops :(
4358 //
4359 UNIMPLEMENTED;
4360
4361 //
4362 // Dereference if needed
4363 //
4365
4366 //
4367 // Return success
4368 //
4370}
Referenced by ResetWriteWatch().
◆ NtUnlockVirtualMemory()
| NTSTATUS NTAPI NtUnlockVirtualMemory | ( | IN HANDLE | ProcessHandle, |
| IN OUT PVOID * | BaseAddress, | ||
| IN OUT PSIZE_T | NumberOfBytesToUnlock, | ||
| IN ULONG | MapType | ||
| ) |
Definition at line 3830 of file virtual.c.
3834{
3841 PVOID CapturedBaseAddress;
3842 SIZE_T CapturedBytesToUnlock;
3843 PAGED_CODE();
3844
3845 //
3846 // Validate flags
3847 //
3849 {
3850 //
3851 // Invalid set of flags
3852 //
3854 }
3855
3856 //
3857 // At least one flag must be specified
3858 //
3860 {
3861 //
3862 // No flag given
3863 //
3865 }
3866
3867 //
3868 // Enter SEH for probing
3869 //
3870 _SEH2_TRY
3871 {
3872 //
3873 // Validate output data
3874 //
3876 ProbeForWriteSize_t(NumberOfBytesToUnlock);
3877
3878 //
3879 // Capture it
3880 //
3881 CapturedBaseAddress = *BaseAddress;
3882 CapturedBytesToUnlock = *NumberOfBytesToUnlock;
3883 }
3885 {
3886 //
3887 // Get exception code
3888 //
3890 }
3891 _SEH2_END;
3892
3893 //
3894 // Catch illegal base address
3895 //
3897
3898 //
3899 // Catch illegal region size
3900 //
3902 {
3903 //
3904 // Fail
3905 //
3907 }
3908
3909 //
3910 // 0 is also illegal
3911 //
3913
3914 //
3915 // Get a reference to the process
3916 //
3918 PROCESS_VM_OPERATION,
3919 PsProcessType,
3920 PreviousMode,
3922 NULL);
3924
3925 //
3926 // Check if this is is system-mapped
3927 //
3929 {
3930 //
3931 // Check for required privilege
3932 //
3934 {
3935 //
3936 // Fail: Don't have it
3937 //
3940 }
3941 }
3942
3943 //
3944 // Check if we should attach
3945 //
3947 {
3948 //
3949 // Do it
3950 //
3953 }
3954
3955 //
3956 // Call the internal function
3957 //
3959 &CapturedBytesToUnlock,
3960 MapType);
3961
3962 //
3963 // Detach if needed
3964 //
3966
3967 //
3968 // Release reference
3969 //
3971
3972 //
3973 // Enter SEH to return data
3974 //
3975 _SEH2_TRY
3976 {
3977 //
3978 // Return data to user
3979 //
3980 *BaseAddress = CapturedBaseAddress;
3981 *NumberOfBytesToUnlock = CapturedBytesToUnlock;
3982 }
3984 {
3985 //
3986 // Get exception code
3987 //
3989 }
3990 _SEH2_END;
3991
3992 //
3993 // Return status
3994 //
3996}
static NTSTATUS MiUnlockVirtualMemory(IN OUT PVOID *BaseAddress, IN OUT PSIZE_T RegionSize, IN ULONG MapType)
Definition: virtual.c:3665
Referenced by VirtualUnlock().
◆ NtWriteVirtualMemory()
| NTSTATUS NTAPI NtWriteVirtualMemory | ( | IN HANDLE | ProcessHandle, |
| IN PVOID | BaseAddress, | ||
| IN PVOID | Buffer, | ||
| IN SIZE_T | NumberOfBytesToWrite, | ||
| OUT PSIZE_T NumberOfBytesWritten | OPTIONAL | ||
| ) |
Definition at line 2895 of file virtual.c.
2900{
2905 PAGED_CODE();
2906
2907 //
2908 // Check if we came from user mode
2909 //
2911 {
2912 //
2913 // Validate the read addresses
2914 //
2919 {
2920 //
2921 // Don't allow to write into kernel space
2922 //
2924 }
2925
2926 //
2927 // Enter SEH for probe
2928 //
2929 _SEH2_TRY
2930 {
2931 //
2932 // Probe the output value
2933 //
2935 }
2937 {
2938 //
2939 // Get exception code
2940 //
2942 }
2943 _SEH2_END;
2944 }
2945
2946 //
2947 // Don't do zero-byte transfers
2948 //
2949 if (NumberOfBytesToWrite)
2950 {
2951 //
2952 // Reference the process
2953 //
2955 PROCESS_VM_WRITE,
2956 PsProcessType,
2957 PreviousMode,
2959 NULL);
2961 {
2962 //
2963 // Do the copy
2964 //
2966 Buffer,
2967 Process,
2968 BaseAddress,
2969 NumberOfBytesToWrite,
2970 PreviousMode,
2971 &BytesWritten);
2972
2973 //
2974 // Dereference the process
2975 //
2977 }
2978 }
2979
2980 //
2981 // Check if the caller sent this parameter
2982 //
2983 if (NumberOfBytesWritten)
2984 {
2985 //
2986 // Enter SEH to guard write
2987 //
2988 _SEH2_TRY
2989 {
2990 //
2991 // Return the number of bytes written
2992 //
2993 *NumberOfBytesWritten = BytesWritten;
2994 }
2996 {
2997 }
2998 _SEH2_END;
2999 }
3000
3001 //
3002 // Return status
3003 //
3005}
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR _In_opt_ PLONGLONG _In_opt_ PWDF_REQUEST_SEND_OPTIONS _Out_opt_ PULONG_PTR BytesWritten
Definition: wdfiotarget.h:960
Referenced by BasePushProcessParameters(), LsapCopyToClientBuffer(), LsapEnumLogonSessions(), LsapGetLogonSessionData(), StuffStdHandle(), Write(), and WriteProcessMemory().
