53 CurrentThread->LpcReceivedMessageId = 0;
54 CurrentThread->LpcReplyMessage =
NULL;
58 SectionToMap = (*ConnectMessage)->SectionToMap;
59 (*ConnectMessage)->SectionToMap =
NULL;
98 PSID CapturedServerSid;
99 ULONG ConnectionInfoLength = 0;
103 ULONG PortMessageLength;
132 CapturedClientView = *(
volatile PORT_VIEW*)ClientView;
135 if (CapturedClientView.
Length !=
sizeof(CapturedClientView))
155 if (MaxMessageLength)
159 if (ConnectionInformationLength)
162 ConnectionInfoLength = *(
volatile ULONG*)ConnectionInformationLength;
166 if (ConnectionInformation)
169 CapturedServerSid = ServerSid;
180 DPRINT1(
"Failed to capture ServerSid!\n");
194 CapturedQos = *SecurityQos;
203 if (ClientView->Length !=
sizeof(*ClientView))
208 CapturedClientView = *ClientView;
215 if (ServerView->Length !=
sizeof(*ServerView))
223 if (ConnectionInformationLength)
224 ConnectionInfoLength = *ConnectionInformationLength;
226 CapturedServerSid = ServerSid;
236 "Name: %wZ. SecurityQos: %p. Views: %p/%p. Sid: %p\n",
256 DPRINT1(
"Failed to reference port '%wZ': 0x%lx\n", &CapturedPortName,
Status);
260 if (CapturedServerSid != ServerSid)
270 DPRINT1(
"Port '%wZ' is not a connection port (Flags: 0x%lx)\n", &CapturedPortName,
Port->
Flags);
277 if (CapturedServerSid != ServerSid)
287 if (
Port->ServerProcess)
298 if (!
RtlEqualSid(CapturedServerSid, TokenUserInfo->User.Sid))
302 DPRINT1(
"Port '%wZ': server SID mismatch\n", &CapturedPortName);
315 DPRINT1(
"Port '%wZ': server SID mismatch\n", &CapturedPortName);
321 if (CapturedServerSid != ServerSid)
408 (
PVOID*)&SectionToMap,
413 DPRINT1(
"Failed to reference port section handle: 0x%lx\n",
Status);
460 if (ConnectionInfoLength >
Port->MaxConnectionInfoLength)
463 ConnectionInfoLength =
Port->MaxConnectionInfoLength;
471 DPRINT1(
"LpcpAllocateFromPortZone failed\n");
490 sizeof(CapturedClientView));
496 Message->Request.ClientViewSize = 0;
505 Message->Request.u1.s1.DataLength = (
CSHORT)ConnectionInfoLength +
508 Message->Request.u1.s1.DataLength;
512 if (ConnectionInformation)
518 ConnectionInformation,
519 ConnectionInfoLength);
523 DPRINT1(
"Exception 0x%lx when copying connection info to user mode\n",
586 "Messages: %p/%p. Ports: %p/%p. Status: %lx\n",
629 if ((
Message->Request.u1.s1.DataLength -
633 ConnectionInfoLength =
Message->Request.u1.s1.DataLength -
638 if (ConnectionInformation)
643 if (ConnectionInformationLength)
644 *ConnectionInformationLength = ConnectionInfoLength;
649 ConnectionInfoLength);
664 PortMessageLength =
Port->MaxMessageLength;
676 "Handle: %p. Length: %lx\n",
686 if (MaxMessageLength)
687 *MaxMessageLength = PortMessageLength;
695 sizeof(*ClientView));
704 sizeof(*ServerView));
794 ConnectionInformation,
795 ConnectionInformationLength);
static UNICODE_STRING PortName
#define NT_SUCCESS(StatCode)
static const WCHAR Message[]
#define RemoveEntryList(Entry)
#define InsertTailList(ListHead, Entry)
#define IsListEmpty(ListHead)
#define PsGetCurrentThread()
#define KeWaitForSingleObject(pEvt, foo, a, b, c)
#define KeSetEvent(pEvt, foo, foo2)
#define InitializeListHead(ListHead)
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
_Outptr_ PFLT_PORT * ClientPort
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
#define EXCEPTION_EXECUTE_HANDLER
#define KeLeaveCriticalRegion()
#define KeEnterCriticalRegion()
VOID NTAPI LpcpFreeToPortZone(IN PLPCP_MESSAGE Message, IN ULONG LockFlags)
POBJECT_TYPE LpcPortObjectType
#define LPCTRACE(x, fmt,...)
NTSTATUS NTAPI LpcpInitializePortQueue(IN PLPCP_PORT_OBJECT Port)
#define LPC_CONNECT_DEBUG
#define LpcpConnectWait(s, w)
#define LpcpCompleteWait(s)
FORCEINLINE PLPCP_MESSAGE LpcpGetMessageFromThread(IN PETHREAD Thread)
static __inline PLPCP_MESSAGE LpcpAllocateFromPortZone(VOID)
#define LPCP_SECURITY_DYNAMIC
#define LPCP_CONNECTION_PORT
#define LPCP_NAME_DELETED
#define LPCP_WAITABLE_PORT
#define LPCP_PORT_TYPE_MASK
struct _LPCP_MESSAGE LPCP_MESSAGE
struct _LPCP_CONNECTION_MESSAGE * PLPCP_CONNECTION_MESSAGE
struct _LPCP_CONNECTION_MESSAGE LPCP_CONNECTION_MESSAGE
#define ExFreePoolWithTag(_P, _T)
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity(IN PETHREAD Thread, IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, IN BOOLEAN RemoteClient, OUT PSECURITY_CLIENT_CONTEXT ClientContext)
#define PsDereferencePrimaryToken(T)
#define LPC_CONNECTION_REQUEST
#define KeGetPreviousMode()
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER SectionOffset
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
#define SECTION_MAP_WRITE
_In_ ULONG _In_ ULONG _In_ ULONG Length
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
NTSTATUS NTAPI NtSecureConnectPort(OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PPORT_VIEW ClientView OPTIONAL, IN PSID ServerSid OPTIONAL, IN OUT PREMOTE_PORT_VIEW ServerView OPTIONAL, OUT PULONG MaxMessageLength OPTIONAL, IN OUT PVOID ConnectionInformation OPTIONAL, IN OUT PULONG ConnectionInformationLength OPTIONAL)
NTSTATUS NTAPI NtConnectPort(OUT PHANDLE PortHandle, IN PUNICODE_STRING PortName, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, IN OUT PPORT_VIEW ClientView OPTIONAL, IN OUT PREMOTE_PORT_VIEW ServerView OPTIONAL, OUT PULONG MaxMessageLength OPTIONAL, IN OUT PVOID ConnectionInformation OPTIONAL, IN OUT PULONG ConnectionInformationLength OPTIONAL)
PVOID NTAPI LpcpFreeConMsg(IN OUT PLPCP_MESSAGE *Message, IN OUT PLPCP_CONNECTION_MESSAGE *ConnectMessage, IN PETHREAD CurrentThread)
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
#define STATUS_INVALID_PORT_HANDLE
#define STATUS_PORT_CONNECTION_REFUSED
#define STATUS_SERVER_SID_MISMATCH
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
NTSTATUS NTAPI ObReferenceObjectByName(IN PUNICODE_STRING ObjectPath, IN ULONG Attributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, OUT PVOID *ObjectPtr)
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
#define ProbeForWriteHandle(Ptr)
#define ProbeForWriteUlong(Ptr)
NTSTATUS NTAPI MmMapViewOfSection(IN PVOID SectionObject, IN PEPROCESS Process, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
POBJECT_TYPE MmSectionObjectType
LONG NTAPI KeReadStateSemaphore(IN PKSEMAPHORE Semaphore)
PULONG MinorVersion OPTIONAL
PLPCP_PORT_OBJECT ClientPort
REMOTE_PORT_VIEW ServerView
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
NTSTATUS NTAPI SeQueryInformationToken(_In_ PACCESS_TOKEN AccessToken, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation)
Queries information details about the given token to the call. The difference between NtQueryInformat...
#define RtlCopyMemory(Destination, Source, Length)
#define RtlZeroMemory(Destination, Length)
#define STATUS_INVALID_PARAMETER
#define STATUS_OBJECT_NAME_NOT_FOUND
BOOL WINAPI ReplyMessage(_In_ LRESULT)
#define ObDereferenceObject
#define ObReferenceObject
#define PsGetCurrentProcess
_In_ KPROCESSOR_MODE PreviousMode
#define SECURITY_DYNAMIC_TRACKING