ReactOS  0.4.15-dev-5146-g069b08d
driver.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Service Control Manager
3  * LICENSE: GPL - See COPYING in the top level directory
4  * FILE: base/system/services/driver.c
5  * PURPOSE: Driver control interface
6  * COPYRIGHT: Copyright 2005-2006 Eric Kohl
7  *
8  */
9 
10 /* INCLUDES *****************************************************************/
11 
12 #include "services.h"
13 
14 #include <ndk/iofuncs.h>
15 #include <ndk/setypes.h>
16 
17 #define NDEBUG
18 #include <debug.h>
19 
20 /* FUNCTIONS ****************************************************************/
21 
22 static
23 DWORD
24 ScmLoadDriver(PSERVICE lpService)
25 {
26  NTSTATUS Status = STATUS_SUCCESS;
27  BOOLEAN WasPrivilegeEnabled = FALSE;
28  PWSTR pszDriverPath;
29  UNICODE_STRING DriverPath;
30 
31  /* Build the driver path */
32  /* 52 = wcslen(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\") */
33  pszDriverPath = HeapAlloc(GetProcessHeap(),
34  HEAP_ZERO_MEMORY,
35  (52 + wcslen(lpService->lpServiceName) + 1) * sizeof(WCHAR));
36  if (pszDriverPath == NULL)
37  return ERROR_NOT_ENOUGH_MEMORY;
38 
39  wcscpy(pszDriverPath,
40  L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\");
41  wcscat(pszDriverPath,
42  lpService->lpServiceName);
43 
44  RtlInitUnicodeString(&DriverPath,
45  pszDriverPath);
46 
47  DPRINT(" Path: %wZ\n", &DriverPath);
48 
49  /* Acquire driver-loading privilege */
50  Status = RtlAdjustPrivilege(SE_LOAD_DRIVER_PRIVILEGE,
51  TRUE,
52  FALSE,
53  &WasPrivilegeEnabled);
54  if (!NT_SUCCESS(Status))
55  {
56  /* We encountered a failure, exit properly */
57  DPRINT1("SERVICES: Cannot acquire driver-loading privilege, Status = 0x%08lx\n", Status);
58  goto done;
59  }
60 
61  Status = NtLoadDriver(&DriverPath);
62 
63  /* Release driver-loading privilege */
64  RtlAdjustPrivilege(SE_LOAD_DRIVER_PRIVILEGE,
65  WasPrivilegeEnabled,
66  FALSE,
67  &WasPrivilegeEnabled);
68 
69 done:
70  HeapFree(GetProcessHeap(), 0, pszDriverPath);
71  return RtlNtStatusToDosError(Status);
72 }
73 
74 
75 static
76 DWORD
77 ScmUnloadDriver(PSERVICE lpService)
78 {
79  NTSTATUS Status = STATUS_SUCCESS;
80  BOOLEAN WasPrivilegeEnabled = FALSE;
81  PWSTR pszDriverPath;
82  UNICODE_STRING DriverPath;
83  DWORD dwError;
84 
85  /* Build the driver path */
86  /* 52 = wcslen(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\") */
87  pszDriverPath = HeapAlloc(GetProcessHeap(),
88  HEAP_ZERO_MEMORY,
89  (52 + wcslen(lpService->lpServiceName) + 1) * sizeof(WCHAR));
90  if (pszDriverPath == NULL)
91  return ERROR_NOT_ENOUGH_MEMORY;
92 
93  wcscpy(pszDriverPath,
94  L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\");
95  wcscat(pszDriverPath,
96  lpService->lpServiceName);
97 
98  RtlInitUnicodeString(&DriverPath,
99  pszDriverPath);
100 
101  DPRINT(" Path: %wZ\n", &DriverPath);
102 
103  /* Acquire driver-unloading privilege */
104  Status = RtlAdjustPrivilege(SE_LOAD_DRIVER_PRIVILEGE,
105  TRUE,
106  FALSE,
107  &WasPrivilegeEnabled);
108  if (!NT_SUCCESS(Status))
109  {
110  /* We encountered a failure, exit properly */
111  DPRINT1("SERVICES: Cannot acquire driver-unloading privilege, Status = 0x%08lx\n", Status);
112  dwError = RtlNtStatusToDosError(Status);
113  goto done;
114  }
115 
116  Status = NtUnloadDriver(&DriverPath);
117  if (Status == STATUS_INVALID_DEVICE_REQUEST)
118  dwError = ERROR_INVALID_SERVICE_CONTROL;
119  else
120  dwError = RtlNtStatusToDosError(Status);
121 
122  /* Release driver-unloading privilege */
123  RtlAdjustPrivilege(SE_LOAD_DRIVER_PRIVILEGE,
124  WasPrivilegeEnabled,
125  FALSE,
126  &WasPrivilegeEnabled);
127 
128 done:
129  HeapFree(GetProcessHeap(), 0, pszDriverPath);
130  return dwError;
131 }
132 
133 
134 static
135 DWORD
136 ScmGetDriverStatus(PSERVICE lpService,
137  LPSERVICE_STATUS lpServiceStatus)
138 {
139  OBJECT_ATTRIBUTES ObjectAttributes;
140  UNICODE_STRING DirName;
141  HANDLE DirHandle;
142  NTSTATUS Status = STATUS_SUCCESS;
143  POBJECT_DIRECTORY_INFORMATION DirInfo;
144  ULONG BufferLength;
145  ULONG DataLength;
146  ULONG Index;
147  DWORD dwError = ERROR_SUCCESS;
148  BOOLEAN bFound = FALSE;
149  DWORD dwPreviousState;
150 
151  DPRINT1("ScmGetDriverStatus() called\n");
152 
153  /* Zero output buffer if any */
154  if (lpServiceStatus != NULL)
155  {
156  memset(lpServiceStatus, 0, sizeof(SERVICE_STATUS));
157  }
158 
159  /* Select the appropriate object directory based on driver type */
160  if (lpService->Status.dwServiceType == SERVICE_KERNEL_DRIVER)
161  {
162  RtlInitUnicodeString(&DirName, L"\\Driver");
163  }
164  else // if (lpService->Status.dwServiceType == SERVICE_FILE_SYSTEM_DRIVER)
165  {
166  ASSERT(lpService->Status.dwServiceType == SERVICE_FILE_SYSTEM_DRIVER);
167  RtlInitUnicodeString(&DirName, L"\\FileSystem");
168  }
169 
170  InitializeObjectAttributes(&ObjectAttributes,
171  &DirName,
172  0,
173  NULL,
174  NULL);
175 
176  /* Open the object directory where loaded drivers are */
177  Status = NtOpenDirectoryObject(&DirHandle,
178  DIRECTORY_QUERY | DIRECTORY_TRAVERSE,
179  &ObjectAttributes);
180  if (!NT_SUCCESS(Status))
181  {
182  DPRINT1("NtOpenDirectoryObject() failed\n");
183  return RtlNtStatusToDosError(Status);
184  }
185 
186  /* Allocate a buffer big enough for querying the object */
187  BufferLength = sizeof(OBJECT_DIRECTORY_INFORMATION) +
188  2 * MAX_PATH * sizeof(WCHAR);
189  DirInfo = (OBJECT_DIRECTORY_INFORMATION*) HeapAlloc(GetProcessHeap(),
190  HEAP_ZERO_MEMORY,
191  BufferLength);
192 
193  /* Now, start browsing entry by entry */
194  Index = 0;
195  while (TRUE)
196  {
197  Status = NtQueryDirectoryObject(DirHandle,
198  DirInfo,
199  BufferLength,
200  TRUE,
201  FALSE,
202  &Index,
203  &DataLength);
204  /* End of enumeration, the driver was not found */
205  if (Status == STATUS_NO_MORE_ENTRIES)
206  {
207  DPRINT("No more services\n");
208  break;
209  }
210 
211  /* Other error, fail */
212  if (!NT_SUCCESS(Status))
213  break;
214 
215  DPRINT("Comparing: '%S' '%wZ'\n", lpService->lpServiceName, &DirInfo->Name);
216 
217  /* Compare names to check whether it matches our driver */
218  if (_wcsicmp(lpService->lpServiceName, DirInfo->Name.Buffer) == 0)
219  {
220  /* That's our driver, bail out! */
221  DPRINT1("Found: '%S' '%wZ'\n",
222  lpService->lpServiceName, &DirInfo->Name);
223  bFound = TRUE;
224 
225  break;
226  }
227  }
228 
229  /* Release resources we don't need */
230  HeapFree(GetProcessHeap(),
231  0,
232  DirInfo);
233  NtClose(DirHandle);
234 
235  /* Only quit if there's a failure
236  * Not having found the driver is legit!
237  * It means the driver was registered as a service, but not loaded
238  * We have not to fail in that situation, but to return proper status
239  */
240  if (!NT_SUCCESS(Status) && Status != STATUS_NO_MORE_ENTRIES)
241  {
242  DPRINT1("Status: %lx\n", Status);
243  return RtlNtStatusToDosError(Status);
244  }
245 
246  /* Now, we have two cases:
247  * We found the driver: it means it's running
248  * We didn't find the driver: it wasn't running
249  */
250  if (bFound)
251  {
252  /* Found, return it's running */
253 
254  dwPreviousState = lpService->Status.dwCurrentState;
255 
256  /* It is running */
257  lpService->Status.dwCurrentState = SERVICE_RUNNING;
258 
259  if (dwPreviousState == SERVICE_STOPPED)
260  {
261  /* Make it run if it was stopped before */
262  lpService->Status.dwWin32ExitCode = ERROR_SUCCESS;
263  lpService->Status.dwServiceSpecificExitCode = ERROR_SUCCESS;
264  lpService->Status.dwControlsAccepted = SERVICE_ACCEPT_STOP;
265  lpService->Status.dwCheckPoint = 0;
266  lpService->Status.dwWaitHint = 0;
267  }
268 
269  if (lpService->Status.dwWin32ExitCode == ERROR_SERVICE_NEVER_STARTED)
270  lpService->Status.dwWin32ExitCode = ERROR_SUCCESS;
271  }
272  else
273  {
274  /* Not found, return it's stopped */
275 
276  if (lpService->Status.dwCurrentState == SERVICE_STOP_PENDING)
277  {
278  /* Stopped successfully */
279  lpService->Status.dwWin32ExitCode = ERROR_SUCCESS;
280  lpService->Status.dwCurrentState = SERVICE_STOPPED;
281  lpService->Status.dwControlsAccepted = 0;
282  lpService->Status.dwCheckPoint = 0;
283  lpService->Status.dwWaitHint = 0;
284  }
285  else if (lpService->Status.dwCurrentState == SERVICE_STOPPED)
286  {
287  /* Don't change the current status */
288  }
289  else
290  {
291  lpService->Status.dwWin32ExitCode = ERROR_GEN_FAILURE;
292  lpService->Status.dwCurrentState = SERVICE_STOPPED;
293  lpService->Status.dwControlsAccepted = 0;
294  lpService->Status.dwCheckPoint = 0;
295  lpService->Status.dwWaitHint = 0;
296  }
297  }
298 
299  /* Copy service status if required */
300  if (lpServiceStatus != NULL)
301  {
302  RtlCopyMemory(lpServiceStatus,
303  &lpService->Status,
304  sizeof(SERVICE_STATUS));
305  }
306 
307  DPRINT1("ScmGetDriverStatus() done (Error: %lu)\n", dwError);
308 
309  return ERROR_SUCCESS;
310 }
311 
312 
313 DWORD
314 ScmStartDriver(PSERVICE pService)
315 {
316  DWORD dwError;
317 
318  DPRINT("ScmStartDriver(%p)\n", pService);
319 
320  dwError = ScmLoadDriver(pService);
321  if (dwError == ERROR_SUCCESS)
322  {
323  pService->Status.dwCurrentState = SERVICE_RUNNING;
324  pService->Status.dwControlsAccepted = SERVICE_ACCEPT_STOP;
325  pService->Status.dwWin32ExitCode = ERROR_SUCCESS;
326  }
327 
328  DPRINT("ScmStartDriver returns %lu\n", dwError);
329 
330  return dwError;
331 }
332 
333 
334 DWORD
335 ScmControlDriver(PSERVICE lpService,
336  DWORD dwControl,
337  LPSERVICE_STATUS lpServiceStatus)
338 {
339  DWORD dwError;
340 
341  DPRINT("ScmControlDriver() called\n");
342 
343  switch (dwControl)
344  {
345  case SERVICE_CONTROL_STOP:
346  /* Check the drivers status */
347  dwError = ScmGetDriverStatus(lpService,
348  lpServiceStatus);
349  if (dwError != ERROR_SUCCESS)
350  goto done;
351 
352  /* Fail, if it is not running */
353  if (lpService->Status.dwCurrentState != SERVICE_RUNNING)
354  {
355  dwError = ERROR_INVALID_SERVICE_CONTROL;
356  goto done;
357  }
358 
359  /* Unload the driver */
360  dwError = ScmUnloadDriver(lpService);
361  if (dwError == ERROR_INVALID_SERVICE_CONTROL)
362  {
363  /* The driver cannot be stopped, mark it non-stoppable */
364  lpService->Status.dwControlsAccepted = 0;
365  goto done;
366  }
367 
368  /* Make the driver 'stop pending' */
369  lpService->Status.dwCurrentState = SERVICE_STOP_PENDING;
370 
371  /* Check the drivers status again */
372  dwError = ScmGetDriverStatus(lpService,
373  lpServiceStatus);
374  break;
375 
376  case SERVICE_CONTROL_INTERROGATE:
377  dwError = ScmGetDriverStatus(lpService,
378  lpServiceStatus);
379  break;
380 
381  default:
382  dwError = ERROR_INVALID_SERVICE_CONTROL;
383  }
384 
385 done:
386  DPRINT("ScmControlDriver() done (Erorr: %lu)\n", dwError);
387 
388  return dwError;
389 }
390 
391 /* EOF */
_OBJECT_DIRECTORY_INFORMATION
Definition: obtypes.h:276
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767
_SERVICE::Status
SERVICE_STATUS Status
Definition: services.h:70
ScmControlDriver
DWORD ScmControlDriver(PSERVICE lpService, DWORD dwControl, LPSERVICE_STATUS lpServiceStatus)
Definition: driver.c:335
STATUS_NO_MORE_ENTRIES
#define STATUS_NO_MORE_ENTRIES
Definition: ntstatus.h:205
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
_SERVICE_STATUS::dwCurrentState
DWORD dwCurrentState
Definition: winsvc.h:100
TRUE
#define TRUE
Definition: types.h:120
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
NtOpenDirectoryObject
NTSTATUS NTAPI NtOpenDirectoryObject(OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: obdir.c:393
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SE_LOAD_DRIVER_PRIVILEGE
#define SE_LOAD_DRIVER_PRIVILEGE
Definition: security.c:664
SERVICE_ACCEPT_STOP
#define SERVICE_ACCEPT_STOP
Definition: winsvc.h:28
STATUS_INVALID_DEVICE_REQUEST
#define STATUS_INVALID_DEVICE_REQUEST
Definition: udferr_usr.h:138
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
RtlAdjustPrivilege
NTSYSAPI NTSTATUS NTAPI RtlAdjustPrivilege(_In_ ULONG Privilege, _In_ BOOLEAN NewValue, _In_ BOOLEAN ForThread, _Out_ PBOOLEAN OldValue)
_SERVICE_STATUS::dwServiceSpecificExitCode
DWORD dwServiceSpecificExitCode
Definition: winsvc.h:103
ScmStartDriver
DWORD ScmStartDriver(PSERVICE pService)
Definition: driver.c:314
NtQueryDirectoryObject
NTSTATUS NTAPI NtQueryDirectoryObject(IN HANDLE DirectoryHandle, OUT PVOID Buffer, IN ULONG BufferLength, IN BOOLEAN ReturnSingleEntry, IN BOOLEAN RestartScan, IN OUT PULONG Context, OUT PULONG ReturnLength OPTIONAL)
Definition: obdir.c:490
ERROR_SERVICE_NEVER_STARTED
#define ERROR_SERVICE_NEVER_STARTED
Definition: winerror.h:628
ScmUnloadDriver
static DWORD ScmUnloadDriver(PSERVICE lpService)
Definition: driver.c:77
_SERVICE_STATUS::dwCheckPoint
DWORD dwCheckPoint
Definition: winsvc.h:104
L
#define L(x)
Definition: ntvdm.h:50
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
SERVICE_STOPPED
#define SERVICE_STOPPED
Definition: winsvc.h:21
FALSE
#define FALSE
Definition: types.h:117
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
SERVICE_RUNNING
#define SERVICE_RUNNING
Definition: winsvc.h:24
ERROR_INVALID_SERVICE_CONTROL
#define ERROR_INVALID_SERVICE_CONTROL
Definition: winerror.h:603
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SERVICE_CONTROL_INTERROGATE
#define SERVICE_CONTROL_INTERROGATE
Definition: winsvc.h:39
DataLength
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1437
SERVICE_FILE_SYSTEM_DRIVER
#define SERVICE_FILE_SYSTEM_DRIVER
Definition: cmtypes.h:954
DIRECTORY_TRAVERSE
#define DIRECTORY_TRAVERSE
Definition: nt_native.h:1255
Status
Status
Definition: gdiplustypes.h:24
ScmLoadDriver
static DWORD ScmLoadDriver(PSERVICE lpService)
Definition: driver.c:24
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:595
HeapAlloc
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
ASSERT
#define ASSERT(a)
Definition: mode.c:44
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_SERVICE_STATUS::dwWaitHint
DWORD dwWaitHint
Definition: winsvc.h:105
Index
_In_ WDFCOLLECTION _In_ ULONG Index
Definition: wdfcollection.h:179
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
_SERVICE_STATUS::dwWin32ExitCode
DWORD dwWin32ExitCode
Definition: winsvc.h:102
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
_OBJECT_DIRECTORY_INFORMATION::Name
UNICODE_STRING Name
Definition: obtypes.h:278
_SERVICE_STATUS::dwServiceType
DWORD dwServiceType
Definition: winsvc.h:99
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
wcscpy
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
NtUnloadDriver
NTSTATUS NTAPI NtUnloadDriver(IN PUNICODE_STRING DriverServiceName)
Definition: driver.c:2179
ScmGetDriverStatus
static DWORD ScmGetDriverStatus(PSERVICE lpService, LPSERVICE_STATUS lpServiceStatus)
Definition: driver.c:136
_SERVICE::lpServiceName
LPWSTR lpServiceName
Definition: services.h:62
OBJECT_DIRECTORY_INFORMATION
struct _OBJECT_DIRECTORY_INFORMATION OBJECT_DIRECTORY_INFORMATION
_SERVICE_STATUS::dwControlsAccepted
DWORD dwControlsAccepted
Definition: winsvc.h:101
_UNICODE_STRING
Definition: env_spec_w32.h:368
_SERVICE
Definition: services.h:59
_SERVICE_STATUS
Definition: winsvc.h:98
wcscat
_CRTIMP wchar_t *__cdecl wcscat(_Inout_updates_z_(_String_length_(_Dest)+_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
NULL
#define NULL
Definition: types.h:112
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
DPRINT1
#define DPRINT1
Definition: precomp.h:8
ULONG
unsigned int ULONG
Definition: retypes.h:1
DIRECTORY_QUERY
#define DIRECTORY_QUERY
Definition: nt_native.h:1254
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
DirName
_In_ PFCB _In_ PCD_NAME DirName
Definition: cdprocs.h:736
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
SERVICE_CONTROL_STOP
#define SERVICE_CONTROL_STOP
Definition: winsvc.h:36
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ERROR_GEN_FAILURE
#define ERROR_GEN_FAILURE
Definition: winerror.h:134
DPRINT
#define DPRINT
Definition: sndvol32.h:71
memset
#define memset(x, y, z)
Definition: compat.h:39
NtLoadDriver
NTSTATUS NTAPI NtLoadDriver(IN PUNICODE_STRING DriverServiceName)
Definition: driver.c:2118
SERVICE_STOP_PENDING
#define SERVICE_STOP_PENDING
Definition: winsvc.h:23
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:594
_wcsicmp
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
SERVICE_KERNEL_DRIVER
#define SERVICE_KERNEL_DRIVER
Definition: cmtypes.h:953