libsupp.c File Reference

#include <ntoskrnl.h>
#include <debug.h>

Include dependency graph for libsupp.c:

Go to the source code of this file.

Classes
struct	_RTL_RANGE_ENTRY

Macros
#define	NDEBUG

Typedefs
typedef struct _RTL_RANGE_ENTRY	RTL_RANGE_ENTRY
typedef struct _RTL_RANGE_ENTRY *	PRTL_RANGE_ENTRY

Functions
PVOID NTAPI	RtlPcToFileHeader (IN PVOID PcValue, OUT PVOID *BaseOfImage)
VOID NTAPI	RtlInitializeRangeListPackage (VOID)
BOOLEAN NTAPI	RtlpCheckForActiveDebugger (VOID)
BOOLEAN NTAPI	RtlpSetInDbgPrint (VOID)
VOID NTAPI	RtlpClearInDbgPrint (VOID)
KPROCESSOR_MODE NTAPI	RtlpGetMode (VOID)
PVOID NTAPI	RtlpAllocateMemory (ULONG Bytes, ULONG Tag)
VOID NTAPI	RtlpFreeMemory (PVOID Mem, ULONG Tag)
VOID NTAPI	RtlAcquirePebLock (VOID)
VOID NTAPI	RtlReleasePebLock (VOID)
NTSTATUS NTAPI	LdrShutdownThread (VOID)
PPEB NTAPI	RtlGetCurrentPeb (VOID)
NTSTATUS NTAPI	RtlDeleteHeapLock (IN OUT PHEAP_LOCK Lock)
NTSTATUS NTAPI	RtlEnterHeapLock (IN OUT PHEAP_LOCK Lock, IN BOOLEAN Exclusive)
BOOLEAN NTAPI	RtlTryEnterHeapLock (IN OUT PHEAP_LOCK Lock, IN BOOLEAN Exclusive)
NTSTATUS NTAPI	RtlInitializeHeapLock (IN OUT PHEAP_LOCK *Lock)
NTSTATUS NTAPI	RtlLeaveHeapLock (IN OUT PHEAP_LOCK Lock)
VOID NTAPI	RtlpAddHeapToProcessList (struct _HEAP *Heap)
VOID NTAPI	RtlpRemoveHeapFromProcessList (struct _HEAP *Heap)
VOID	RtlInitializeHeapManager (VOID)
VOID NTAPI	RtlpSetHeapParameters (IN PRTL_HEAP_PARAMETERS Parameters)
VOID NTAPI	RtlpCheckLogException (IN PEXCEPTION_RECORD ExceptionRecord, IN PCONTEXT ContextRecord, IN PVOID ContextData, IN ULONG Size)
BOOLEAN NTAPI	RtlpHandleDpcStackException (IN PEXCEPTION_REGISTRATION_RECORD RegistrationFrame, IN ULONG_PTR RegistrationFrameEnd, IN OUT PULONG_PTR StackLow, IN OUT PULONG_PTR StackHigh)
BOOLEAN NTAPI	RtlpCaptureStackLimits (IN ULONG_PTR Ebp, IN ULONG_PTR *StackBegin, IN ULONG_PTR *StackEnd)
ULONG NTAPI	RtlWalkFrameChain (OUT PVOID *Callers, IN ULONG Count, IN ULONG Flags)
VOID NTAPI	RtlpGetStackLimits (OUT PULONG_PTR LowLimit, OUT PULONG_PTR HighLimit)
NTSTATUS	RtlpInitAtomTableLock (PRTL_ATOM_TABLE AtomTable)
VOID	RtlpDestroyAtomTableLock (PRTL_ATOM_TABLE AtomTable)
BOOLEAN	RtlpLockAtomTable (PRTL_ATOM_TABLE AtomTable)
VOID	RtlpUnlockAtomTable (PRTL_ATOM_TABLE AtomTable)
BOOLEAN	RtlpCreateAtomHandleTable (PRTL_ATOM_TABLE AtomTable)
BOOLEAN NTAPI	RtlpCloseHandleCallback (IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID HandleTable)
VOID	RtlpDestroyAtomHandleTable (PRTL_ATOM_TABLE AtomTable)
PRTL_ATOM_TABLE	RtlpAllocAtomTable (ULONG Size)
VOID	RtlpFreeAtomTable (PRTL_ATOM_TABLE AtomTable)
PRTL_ATOM_TABLE_ENTRY	RtlpAllocAtomTableEntry (ULONG Size)
VOID	RtlpFreeAtomTableEntry (PRTL_ATOM_TABLE_ENTRY Entry)
VOID	RtlpFreeAtomHandle (PRTL_ATOM_TABLE AtomTable, PRTL_ATOM_TABLE_ENTRY Entry)
BOOLEAN	RtlpCreateAtomHandle (PRTL_ATOM_TABLE AtomTable, PRTL_ATOM_TABLE_ENTRY Entry)
PRTL_ATOM_TABLE_ENTRY	RtlpGetAtomEntry (PRTL_ATOM_TABLE AtomTable, ULONG Index)
NTSTATUS NTAPI	RtlpImageNtHeaderEx (_In_ ULONG Flags, _In_ PVOID Base, _In_ ULONG64 Size, _Out_ PIMAGE_NT_HEADERS *OutHeaders)
NTSTATUS NTAPI	RtlImageNtHeaderEx (_In_ ULONG Flags, _In_ PVOID Base, _In_ ULONG64 Size, _Out_ PIMAGE_NT_HEADERS *OutHeaders)
IMAGE_RESOURCE_DIRECTORY *	find_entry_by_name (IMAGE_RESOURCE_DIRECTORY *dir, LPCWSTR name, void *root, int want_dir)
IMAGE_RESOURCE_DIRECTORY *	find_entry_by_id (IMAGE_RESOURCE_DIRECTORY *dir, USHORT id, void *root, int want_dir)
IMAGE_RESOURCE_DIRECTORY *	find_first_entry (IMAGE_RESOURCE_DIRECTORY *dir, void *root, int want_dir)
NTSTATUS	find_entry (PVOID BaseAddress, LDR_RESOURCE_INFO *info, ULONG level, void **ret, int want_dir)
NTSTATUS NTAPI	RtlpSafeCopyMemory (_Out_writes_bytes_all_(Length) VOID UNALIGNED *Destination, _In_reads_bytes_(Length) CONST VOID UNALIGNED *Source, _In_ SIZE_T Length)
BOOLEAN NTAPI	RtlCallVectoredExceptionHandlers (_In_ PEXCEPTION_RECORD ExceptionRecord, _In_ PCONTEXT Context)
VOID NTAPI	RtlCallVectoredContinueHandlers (_In_ PEXCEPTION_RECORD ExceptionRecord, _In_ PCONTEXT Context)

Variables
ULONG	NtGlobalFlag
PAGED_LOOKASIDE_LIST	RtlpRangeListEntryLookasideList
SIZE_T	RtlpAllocDeallocQueryBufferSize = 128

Macro Definition Documentation

NDEBUG

#define NDEBUG

Definition at line 13 of file libsupp.c.

Typedef Documentation

PRTL_RANGE_ENTRY

typedef struct _RTL_RANGE_ENTRY * PRTL_RANGE_ENTRY

RTL_RANGE_ENTRY

typedef struct _RTL_RANGE_ENTRY RTL_RANGE_ENTRY

Function Documentation

find_entry()

NTSTATUS find_entry	(	PVOID	BaseAddress,
		LDR_RESOURCE_INFO *	info,
		ULONG	level,
		void **	ret,
		int	want_dir
	)

Definition at line 757 of file libsupp.c.

{
    ULONG size;
    void *root;
    IMAGE_RESOURCE_DIRECTORY *resdirptr;
 
    root = RtlImageDirectoryEntryToData( BaseAddress, TRUE, IMAGE_DIRECTORY_ENTRY_RESOURCE, &size );
    if (!root) return STATUS_RESOURCE_DATA_NOT_FOUND;
    if (size < sizeof(*resdirptr)) return STATUS_RESOURCE_DATA_NOT_FOUND;
    resdirptr = root;
 
    if (!level--) goto done;
    if (!(*ret = find_entry_by_name( resdirptr, (LPCWSTR)info->Type, root, want_dir || level )))
        return STATUS_RESOURCE_TYPE_NOT_FOUND;
    if (!level--) return STATUS_SUCCESS;
 
    resdirptr = *ret;
    if (!(*ret = find_entry_by_name( resdirptr, (LPCWSTR)info->Name, root, want_dir || level )))
        return STATUS_RESOURCE_NAME_NOT_FOUND;
    if (!level--) return STATUS_SUCCESS;
    if (level) return STATUS_INVALID_PARAMETER;  /* level > 3 */
 
    resdirptr = *ret;
 
    if ((*ret = find_first_entry( resdirptr, root, want_dir ))) return STATUS_SUCCESS;
 
    return STATUS_RESOURCE_DATA_NOT_FOUND;
 
done:
    *ret = resdirptr;
    return STATUS_SUCCESS;
}

Referenced by LdrFindResource_U(), and LdrFindResourceDirectory_U().

find_entry_by_id()

IMAGE_RESOURCE_DIRECTORY * find_entry_by_id	(	IMAGE_RESOURCE_DIRECTORY *	dir,
		USHORT	id,
		void *	root,
		int	want_dir
	)

Definition at line 95 of file res.c.

{
    const IMAGE_RESOURCE_DIRECTORY_ENTRY *entry;
    int min, max, pos;
 
    entry = (const IMAGE_RESOURCE_DIRECTORY_ENTRY *)(dir + 1);
    min = dir->NumberOfNamedEntries;
    max = min + dir->NumberOfIdEntries - 1;
    while (min <= max)
    {
        pos = (min + max) / 2;
        if (entry[pos].Id == id)
        {
            if (!entry[pos].DataIsDirectory == !want_dir)
            {
                DPRINT("root %p dir %p id %04x ret %p\n",
                       root, dir, id, (const char*)root + entry[pos].OffsetToDirectory);
                return (IMAGE_RESOURCE_DIRECTORY *)((char *)root + entry[pos].OffsetToDirectory);
            }
            break;
        }
        if (entry[pos].Id > id) max = pos - 1;
        else min = pos + 1;
    }
    DPRINT("root %p dir %p id %04x not found\n", root, dir, id );
    return NULL;
}

Referenced by find_entry_by_name().

find_entry_by_name()

IMAGE_RESOURCE_DIRECTORY * find_entry_by_name	(	IMAGE_RESOURCE_DIRECTORY *	dir,
		LPCWSTR	name,
		void *	root,
		int	want_dir
	)

Definition at line 130 of file res.c.

{
    const IMAGE_RESOURCE_DIRECTORY_ENTRY *entry;
    const IMAGE_RESOURCE_DIR_STRING_U *str;
    int min, max, res, pos;
    size_t namelen;
 
    if (!((ULONG_PTR)name & 0xFFFF0000)) return find_entry_by_id( dir, (ULONG_PTR)name & 0xFFFF, root, want_dir );
    entry = (const IMAGE_RESOURCE_DIRECTORY_ENTRY *)(dir + 1);
    namelen = wcslen(name);
    min = 0;
    max = dir->NumberOfNamedEntries - 1;
    while (min <= max)
    {
        pos = (min + max) / 2;
        str = (const IMAGE_RESOURCE_DIR_STRING_U *)((const char *)root + entry[pos].NameOffset);
        res = _wcsnicmp( name, str->NameString, str->Length );
        if (!res && namelen == str->Length)
        {
            if (!entry[pos].DataIsDirectory == !want_dir)
            {
                DPRINT("root %p dir %p name %ws ret %p\n",
                       root, dir, name, (const char*)root + entry[pos].OffsetToDirectory);
                return (IMAGE_RESOURCE_DIRECTORY *)((char *)root + entry[pos].OffsetToDirectory);
            }
            break;
        }
        if (res < 0) max = pos - 1;
        else min = pos + 1;
    }
    DPRINT("root %p dir %p name %ws not found\n", root, dir, name);
    return NULL;
}

find_first_entry()

IMAGE_RESOURCE_DIRECTORY * find_first_entry	(	IMAGE_RESOURCE_DIRECTORY *	dir,
		void *	root,
		int	want_dir
	)

Definition at line 75 of file res.c.

{
    const IMAGE_RESOURCE_DIRECTORY_ENTRY *entry = (const IMAGE_RESOURCE_DIRECTORY_ENTRY *)(dir + 1);
    int pos;
 
    for (pos = 0; pos < dir->NumberOfNamedEntries + dir->NumberOfIdEntries; pos++)
    {
        if (!entry[pos].DataIsDirectory == !want_dir)
            return (IMAGE_RESOURCE_DIRECTORY *)((char *)root + entry[pos].OffsetToDirectory);
    }
    return NULL;
}

LdrShutdownThread()

NTSTATUS NTAPI LdrShutdownThread

(

VOID

)

Definition at line 145 of file libsupp.c.

{
    return STATUS_SUCCESS;
}

Referenced by ExitThread(), and RtlExitUserThread().

RtlAcquirePebLock()

VOID NTAPI RtlAcquirePebLock

(

VOID

)

Definition at line 129 of file libsupp.c.

{
 
}

Referenced by BaseGetNamedObjectDirectory(), BasepComputeProcessPath(), BasePushProcessParameters(), BaseRundownFls(), CheckForSameCurdir(), ExitProcess(), FlsAlloc(), FlsFree(), FlsSetValue(), GetEnvironmentStringsA(), GetEnvironmentStringsW(), GetEnvironmentVariableA(), LdrShutdownThread(), RtlCreateEnvironment(), RtlCreateProcessParameters(), RtlGetCurrentDirectory_U(), RtlGetFullPathName_Ustr(), RtlGetFullPathName_UstrEx(), RtlpDosPathNameToRelativeNtPathName_Ustr(), RtlQueryEnvironmentVariable_U(), RtlSetCurrentDirectory_U(), RtlSetCurrentEnvironment(), RtlSetEnvironmentVariable(), TlsAlloc(), TlsFree(), and TlsSetValue().

RtlCallVectoredContinueHandlers()

VOID NTAPI RtlCallVectoredContinueHandlers	(	_In_ PEXCEPTION_RECORD	ExceptionRecord,
		_In_ PCONTEXT	Context
	)

Definition at line 822 of file libsupp.c.

{
    /* No vectored continue handlers either in kernel mode */
    return;
}

Referenced by RtlDispatchException().

RtlCallVectoredExceptionHandlers()

BOOLEAN NTAPI RtlCallVectoredExceptionHandlers	(	_In_ PEXCEPTION_RECORD	ExceptionRecord,
		_In_ PCONTEXT	Context
	)

Definition at line 813 of file libsupp.c.

{
    /* In the kernel we don't have vectored exception handlers */
    return FALSE;
}

Referenced by RtlDispatchException().

RtlDeleteHeapLock()

NTSTATUS NTAPI RtlDeleteHeapLock

(

IN OUT PHEAP_LOCK

Lock

)

Definition at line 160 of file libsupp.c.

{
    ExDeleteResourceLite(&Lock->Resource);
    ExFreePoolWithTag(Lock, TAG_RTHL);
 
    return STATUS_SUCCESS;
}

RtlEnterHeapLock()

NTSTATUS NTAPI RtlEnterHeapLock	(	IN OUT PHEAP_LOCK	Lock,
		IN BOOLEAN	Exclusive
	)

Definition at line 170 of file libsupp.c.

{
    KeEnterCriticalRegion();
 
    if (Exclusive)
        ExAcquireResourceExclusiveLite(&Lock->Resource, TRUE);
    else
        ExAcquireResourceSharedLite(&Lock->Resource, TRUE);
 
    return STATUS_SUCCESS;
}

RtlGetCurrentPeb()

PPEB NTAPI RtlGetCurrentPeb

(

VOID

)

Definition at line 153 of file libsupp.c.

{
   return ((PEPROCESS)(KeGetCurrentThread()->ApcState.Process))->Peb;
}

Referenced by _IRQL_requires_max_(), LdrpLoadImportModule(), RtlComputePrivatizedDllName_U(), RtlDebugDestroyHeap(), RtlGetProcessHeaps(), RtlInitializeHeapManager(), RtlpAddHeapToProcessList(), RtlpRemoveHeapFromProcessList(), RtlpSetHeapParameters(), and RtlQueryEnvironmentVariable_U().

RtlImageNtHeaderEx()

NTSTATUS NTAPI RtlImageNtHeaderEx	(	_In_ ULONG	Flags,
		_In_ PVOID	Base,
		_In_ ULONG64	Size,
		_Out_ PIMAGE_NT_HEADERS *	OutHeaders
	)

Definition at line 714 of file libsupp.c.

{
    NTSTATUS Status;
 
    /* Assume failure. This is also done in RtlpImageNtHeaderEx, but this is guarded by SEH. */
    if (OutHeaders != NULL)
        *OutHeaders = NULL;
 
    _SEH2_TRY
    {
        Status = RtlpImageNtHeaderEx(Flags, Base, Size, OutHeaders);
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        /* Fail with the SEH error */
        Status = _SEH2_GetExceptionCode();
    }
    _SEH2_END;
 
    return Status;
}

RtlInitializeHeapLock()

NTSTATUS NTAPI RtlInitializeHeapLock

(

IN OUT PHEAP_LOCK *

Lock

)

Definition at line 202 of file libsupp.c.

{
    PHEAP_LOCK HeapLock = ExAllocatePoolWithTag(NonPagedPool,
                                                sizeof(HEAP_LOCK),
                                                TAG_RTHL);
    if (HeapLock == NULL)
        return STATUS_NO_MEMORY;
 
    ExInitializeResourceLite(&HeapLock->Resource);
    *Lock = HeapLock;
 
    return STATUS_SUCCESS;
}

RtlInitializeHeapManager()

VOID RtlInitializeHeapManager

(

VOID

)

Definition at line 243 of file libsupp.c.

{
}

RtlInitializeRangeListPackage()

VOID NTAPI RtlInitializeRangeListPackage

(

VOID

)

Definition at line 62 of file libsupp.c.

{
    /* Setup the lookaside list for allocations (not used yet) */
    ExInitializePagedLookasideList(&RtlpRangeListEntryLookasideList,
                                   NULL,
                                   NULL,
                                   POOL_COLD_ALLOCATION,
                                   sizeof(RTL_RANGE_ENTRY),
                                   'elRR',
                                   16);
}

Referenced by Phase1InitializationDiscard().

RtlLeaveHeapLock()

NTSTATUS NTAPI RtlLeaveHeapLock

(

IN OUT PHEAP_LOCK

Lock

)

Definition at line 218 of file libsupp.c.

{
    ExReleaseResourceLite(&Lock->Resource);
    KeLeaveCriticalRegion();
 
    return STATUS_SUCCESS;
}

RtlpAddHeapToProcessList()

VOID NTAPI RtlpAddHeapToProcessList

(

struct _HEAP *

Heap

)

Definition at line 230 of file libsupp.c.

{
    UNREFERENCED_PARAMETER(Heap);
}

Referenced by RtlCreateHeap().

RtlpAllocateMemory()

PVOID NTAPI RtlpAllocateMemory	(	ULONG	Bytes,
		ULONG	Tag
	)

Definition at line 106 of file libsupp.c.

{
    return ExAllocatePoolWithTag(PagedPool,
                                 (SIZE_T)Bytes,
                                 Tag);
}

RtlpAllocAtomTable()

PRTL_ATOM_TABLE RtlpAllocAtomTable

(

ULONG

Size

)

Definition at line 587 of file libsupp.c.

{
   PRTL_ATOM_TABLE Table = ExAllocatePoolWithTag(NonPagedPool,
                                                 Size,
                                                 TAG_ATMT);
   if (Table != NULL)
   {
      RtlZeroMemory(Table,
                    Size);
   }
 
   return Table;
}

Referenced by RtlCreateAtomTable().

RtlpAllocAtomTableEntry()

PRTL_ATOM_TABLE_ENTRY RtlpAllocAtomTableEntry

(

ULONG

Size

)

Definition at line 608 of file libsupp.c.

{
    PRTL_ATOM_TABLE_ENTRY Entry;
 
    Entry = ExAllocatePoolWithTag(NonPagedPool, Size, TAG_ATMT);
    if (Entry != NULL)
    {
        RtlZeroMemory(Entry, Size);
    }
 
    return Entry;
}

Referenced by RtlAddAtomToAtomTable().

RtlpCaptureStackLimits()

BOOLEAN NTAPI RtlpCaptureStackLimits	(	IN ULONG_PTR	Ebp,
		IN ULONG_PTR *	StackBegin,
		IN ULONG_PTR *	StackEnd
	)

Definition at line 321 of file libsupp.c.

{
    PKTHREAD Thread = KeGetCurrentThread();
 
    /* Don't even try at ISR level or later */
    if (KeGetCurrentIrql() > DISPATCH_LEVEL) return FALSE;
 
    /* Start with defaults */
    *StackBegin = Thread->StackLimit;
    *StackEnd = (ULONG_PTR)Thread->StackBase;
 
    /* Check if EBP is inside the stack */
    if ((*StackBegin <= Ebp) && (Ebp <= *StackEnd))
    {
        /* Then make the stack start at EBP */
        *StackBegin = Ebp;
    }
    else
    {
        /* Now we're going to assume we're on the DPC stack */
        *StackEnd = (ULONG_PTR)(KeGetPcr()->Prcb->DpcStack);
        *StackBegin = *StackEnd - KERNEL_STACK_SIZE;
 
        /* Check if we seem to be on the DPC stack */
        if ((*StackEnd) && (*StackBegin < Ebp) && (Ebp <= *StackEnd))
        {
            /* We're on the DPC stack */
            *StackBegin = Ebp;
        }
        else
        {
            /* We're somewhere else entirely... use EBP for safety */
            *StackBegin = Ebp;
            *StackEnd = (ULONG_PTR)PAGE_ALIGN(*StackBegin);
        }
    }
 
    /* Return success */
    return TRUE;
}

RtlpCheckForActiveDebugger()

BOOLEAN NTAPI RtlpCheckForActiveDebugger

(

VOID

)

Definition at line 76 of file libsupp.c.

{
    /* This check is meaningless in kernel-mode */
    return FALSE;
}

RtlpCheckLogException()

VOID NTAPI RtlpCheckLogException	(	IN PEXCEPTION_RECORD	ExceptionRecord,
		IN PCONTEXT	ContextRecord,
		IN PVOID	ContextData,
		IN ULONG	Size
	)

Definition at line 272 of file libsupp.c.

{
    /* Check the global flag */
    if (NtGlobalFlag & FLG_ENABLE_EXCEPTION_LOGGING)
    {
        /* FIXME: Log this exception */
    }
}

RtlpClearInDbgPrint()

VOID NTAPI RtlpClearInDbgPrint

(

VOID

)

Definition at line 92 of file libsupp.c.

{
    /* Nothing to clear in kernel mode */
}

RtlpCloseHandleCallback()

BOOLEAN NTAPI RtlpCloseHandleCallback	(	IN PHANDLE_TABLE_ENTRY	HandleTableEntry,
		IN HANDLE	Handle,
		IN PVOID	HandleTable
	)

Definition at line 564 of file libsupp.c.

{
    /* Destroy and unlock the handle entry */
    return ExDestroyHandle(HandleTable, Handle, HandleTableEntry);
}

Referenced by RtlpDestroyAtomHandleTable().

RtlpCreateAtomHandle()

BOOLEAN RtlpCreateAtomHandle	(	PRTL_ATOM_TABLE	AtomTable,
		PRTL_ATOM_TABLE_ENTRY	Entry
	)

Definition at line 636 of file libsupp.c.

{
   HANDLE_TABLE_ENTRY ExEntry;
   HANDLE Handle;
   USHORT HandleIndex;
 
   /* Initialize ex handle table entry */
   ExEntry.Object = Entry;
   ExEntry.GrantedAccess = 0x1; /* FIXME - valid handle */
 
   /* Create ex handle */
   Handle = ExCreateHandle(AtomTable->ExHandleTable,
                           &ExEntry);
   if (!Handle) return FALSE;
 
   /* Calculate HandleIndex (by getting rid of the first two bits) */
   HandleIndex = (USHORT)((ULONG_PTR)Handle >> 2);
 
   /* Index must be less than 0xC000 */
   if (HandleIndex >= 0xC000)
   {
       /* Destroy ex handle */
       ExDestroyHandle(AtomTable->ExHandleTable,
                       Handle,
                       NULL);
 
       /* Return failure */
       return FALSE;
   }
 
   /* Initialize atom table entry */
   Entry->HandleIndex = HandleIndex;
   Entry->Atom = 0xC000 + HandleIndex;
 
   /* Return success */
   return TRUE;
}

Referenced by RtlAddAtomToAtomTable().

RtlpCreateAtomHandleTable()

BOOLEAN RtlpCreateAtomHandleTable

(

PRTL_ATOM_TABLE

AtomTable

)

Definition at line 556 of file libsupp.c.

{
   AtomTable->ExHandleTable = ExCreateHandleTable(NULL);
   return (AtomTable->ExHandleTable != NULL);
}

Referenced by RtlCreateAtomTable().

RtlPcToFileHeader()

PVOID NTAPI RtlPcToFileHeader	(	IN PVOID	PcValue,
		OUT PVOID *	BaseOfImage
	)

Definition at line 31 of file libsupp.c.

{
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    BOOLEAN InSystem;
    KIRQL OldIrql;
 
    /* Get the base for this file */
    if ((ULONG_PTR)PcValue > (ULONG_PTR)MmHighestUserAddress)
    {
        /* Acquire the loaded module spinlock */
        KeAcquireSpinLock(&PsLoadedModuleSpinLock, &OldIrql);
 
        /* We are in kernel */
        *BaseOfImage = KiPcToFileHeader(PcValue, &LdrEntry, FALSE, &InSystem);
 
        /* Release lock */
        KeReleaseSpinLock(&PsLoadedModuleSpinLock, OldIrql);
    }
    else
    {
        /* User mode is not handled here! */
        *BaseOfImage = NULL;
    }
 
    return *BaseOfImage;
}

RtlpDestroyAtomHandleTable()

VOID RtlpDestroyAtomHandleTable

(

PRTL_ATOM_TABLE

AtomTable

)

Definition at line 574 of file libsupp.c.

{
   if (AtomTable->ExHandleTable)
   {
      ExSweepHandleTable(AtomTable->ExHandleTable,
                         RtlpCloseHandleCallback,
                         AtomTable->ExHandleTable);
      ExDestroyHandleTable(AtomTable->ExHandleTable, NULL);
      AtomTable->ExHandleTable = NULL;
   }
}

Referenced by RtlDestroyAtomTable().

RtlpDestroyAtomTableLock()

VOID RtlpDestroyAtomTableLock

(

PRTL_ATOM_TABLE

AtomTable

)

Definition at line 537 of file libsupp.c.

{
}

Referenced by RtlCreateAtomTable(), and RtlDestroyAtomTable().

RtlpFreeAtomHandle()

VOID RtlpFreeAtomHandle	(	PRTL_ATOM_TABLE	AtomTable,
		PRTL_ATOM_TABLE_ENTRY	Entry
	)

Definition at line 628 of file libsupp.c.

{
   ExDestroyHandle(AtomTable->ExHandleTable,
                   (HANDLE)((ULONG_PTR)Entry->HandleIndex << 2),
                   NULL);
}

Referenced by RtlDeleteAtomFromAtomTable(), and RtlEmptyAtomTable().

RtlpFreeAtomTable()

VOID RtlpFreeAtomTable

(

PRTL_ATOM_TABLE

AtomTable

)

Definition at line 602 of file libsupp.c.

{
   ExFreePoolWithTag(AtomTable, TAG_ATMT);
}

Referenced by RtlCreateAtomTable(), and RtlDestroyAtomTable().

RtlpFreeAtomTableEntry()

VOID RtlpFreeAtomTableEntry

(

PRTL_ATOM_TABLE_ENTRY

Entry

)

Definition at line 622 of file libsupp.c.

{
    ExFreePoolWithTag(Entry, TAG_ATMT);
}

Referenced by RtlAddAtomToAtomTable(), RtlDeleteAtomFromAtomTable(), RtlDestroyAtomTable(), and RtlEmptyAtomTable().

RtlpFreeMemory()

VOID NTAPI RtlpFreeMemory	(	PVOID	Mem,
		ULONG	Tag
	)

Definition at line 116 of file libsupp.c.

{
    if (Tag == TAG_ASTR || Tag == TAG_OSTR || Tag == TAG_USTR)
        ExFreePool(Mem);
    else
        ExFreePoolWithTag(Mem, Tag);
}

RtlpGetAtomEntry()

PRTL_ATOM_TABLE_ENTRY RtlpGetAtomEntry	(	PRTL_ATOM_TABLE	AtomTable,
		ULONG	Index
	)

Definition at line 675 of file libsupp.c.

{
   PHANDLE_TABLE_ENTRY ExEntry;
   PRTL_ATOM_TABLE_ENTRY Entry = NULL;
 
   /* NOTE: There's no need to explicitly enter a critical region because it's
            guaranteed that we're in a critical region right now (as we hold
            the atom table lock) */
 
   ExEntry = ExMapHandleToPointer(AtomTable->ExHandleTable,
                                  (HANDLE)((ULONG_PTR)Index << 2));
   if (ExEntry != NULL)
   {
      Entry = ExEntry->Object;
 
      ExUnlockHandleTableEntry(AtomTable->ExHandleTable,
                               ExEntry);
   }
 
   return Entry;
}

Referenced by RtlDeleteAtomFromAtomTable(), RtlPinAtomInAtomTable(), and RtlQueryAtomInAtomTable().

RtlpGetMode()

KPROCESSOR_MODE NTAPI RtlpGetMode

(

VOID

)

Definition at line 99 of file libsupp.c.

{
   return KernelMode;
}

RtlpGetStackLimits()

VOID NTAPI RtlpGetStackLimits	(	OUT PULONG_PTR	LowLimit,
		OUT PULONG_PTR	HighLimit
	)

Definition at line 511 of file libsupp.c.

{
    PKTHREAD CurrentThread = KeGetCurrentThread();
    *LowLimit = (ULONG_PTR)CurrentThread->StackLimit;
#ifdef _M_IX86
    *HighLimit = (ULONG_PTR)CurrentThread->InitialStack -
        sizeof(FX_SAVE_AREA);
#else
    *HighLimit = (ULONG_PTR)CurrentThread->InitialStack;
#endif
}

RtlpHandleDpcStackException()

BOOLEAN NTAPI RtlpHandleDpcStackException	(	IN PEXCEPTION_REGISTRATION_RECORD	RegistrationFrame,
		IN ULONG_PTR	RegistrationFrameEnd,
		IN OUT PULONG_PTR	StackLow,
		IN OUT PULONG_PTR	StackHigh
	)

Definition at line 286 of file libsupp.c.

{
    PKPRCB Prcb;
    ULONG_PTR DpcStack;
 
    /* Check if we are at DISPATCH or higher */
    if (KeGetCurrentIrql() >= DISPATCH_LEVEL)
    {
        /* Get the PRCB and DPC Stack */
        Prcb = KeGetCurrentPrcb();
        DpcStack = (ULONG_PTR)Prcb->DpcStack;
 
        /* Check if we are in a DPC and the stack matches */
        if ((Prcb->DpcRoutineActive) &&
            (RegistrationFrameEnd <= DpcStack) &&
            ((ULONG_PTR)RegistrationFrame >= DpcStack - KERNEL_STACK_SIZE))
        {
            /* Update the limits to the DPC Stack's */
            *StackHigh = DpcStack;
            *StackLow = DpcStack - KERNEL_STACK_SIZE;
            return TRUE;
        }
    }
 
    /* Not in DPC stack */
    return FALSE;
}

RtlpImageNtHeaderEx()

NTSTATUS NTAPI RtlpImageNtHeaderEx	(	_In_ ULONG	Flags,
		_In_ PVOID	Base,
		_In_ ULONG64	Size,
		_Out_ PIMAGE_NT_HEADERS *	OutHeaders
	)

Definition at line 140 of file image.c.

{
    PIMAGE_NT_HEADERS NtHeaders;
    PIMAGE_DOS_HEADER DosHeader;
    BOOLEAN WantsRangeCheck;
    ULONG NtHeaderOffset;
 
    /* You must want NT Headers, no? */
    if (OutHeaders == NULL)
    {
        DPRINT1("OutHeaders is NULL\n");
        return STATUS_INVALID_PARAMETER;
    }
 
    /* Assume failure */
    *OutHeaders = NULL;
 
    /* Validate Flags */
    if (Flags & ~RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK)
    {
        DPRINT1("Invalid flags: 0x%lx\n", Flags);
        return STATUS_INVALID_PARAMETER;
    }
 
    /* Validate base */
    if ((Base == NULL) || (Base == (PVOID)-1))
    {
        DPRINT1("Invalid base address: %p\n", Base);
        return STATUS_INVALID_PARAMETER;
    }
 
    /* Check if the caller wants range checks */
    WantsRangeCheck = !(Flags & RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK);
    if (WantsRangeCheck)
    {
        /* Make sure the image size is at least big enough for the DOS header */
        if (Size < sizeof(IMAGE_DOS_HEADER))
        {
            DPRINT1("Size too small\n");
            return STATUS_INVALID_IMAGE_FORMAT;
        }
    }
 
    /* Check if the DOS Signature matches */
    DosHeader = Base;
    if (DosHeader->e_magic != IMAGE_DOS_SIGNATURE)
    {
        /* Not a valid COFF */
        DPRINT1("Invalid image DOS signature!\n");
        return STATUS_INVALID_IMAGE_FORMAT;
    }
 
    /* Get the offset to the NT headers (and copy from LONG to ULONG) */
    NtHeaderOffset = DosHeader->e_lfanew;
 
    /* The offset must not be larger than 256MB, as a hard-coded check.
       In Windows this check is only done in user mode, not in kernel mode,
       but it shouldn't harm to have it anyway. Note that without this check,
       other overflow checks would become necessary! */
    if (NtHeaderOffset >= (256 * 1024 * 1024))
    {
        /* Fail */
        DPRINT1("NT headers offset is larger than 256MB!\n");
        return STATUS_INVALID_IMAGE_FORMAT;
    }
 
    /* Check if the caller wants validation */
    if (WantsRangeCheck)
    {
        /* Make sure the file header fits into the size */
        if ((NtHeaderOffset +
             RTL_SIZEOF_THROUGH_FIELD(IMAGE_NT_HEADERS, FileHeader)) >= Size)
        {
            /* Fail */
            DPRINT1("NT headers beyond image size!\n");
            return STATUS_INVALID_IMAGE_FORMAT;
        }
    }
 
    /* Now get a pointer to the NT Headers */
    NtHeaders = (PIMAGE_NT_HEADERS)((ULONG_PTR)Base + NtHeaderOffset);
 
    /* Check if the mapping is in user space */
    if (Base <= MmHighestUserAddress)
    {
        /* Make sure we don't overflow into kernel space */
        if ((PVOID)(NtHeaders + 1) > MmHighestUserAddress)
        {
            DPRINT1("Image overflows from user space into kernel space!\n");
            return STATUS_INVALID_IMAGE_FORMAT;
        }
    }
 
    /* Verify the PE Signature */
    if (NtHeaders->Signature != IMAGE_NT_SIGNATURE)
    {
        /* Fail */
        DPRINT1("Invalid image NT signature!\n");
        return STATUS_INVALID_IMAGE_FORMAT;
    }
 
    /* Now return success and the NT header */
    *OutHeaders = NtHeaders;
    return STATUS_SUCCESS;
}

RtlpInitAtomTableLock()

NTSTATUS RtlpInitAtomTableLock

(

PRTL_ATOM_TABLE

AtomTable

)

Definition at line 528 of file libsupp.c.

{
   ExInitializeFastMutex(&AtomTable->FastMutex);
 
   return STATUS_SUCCESS;
}

Referenced by RtlCreateAtomTable().

RtlpLockAtomTable()

BOOLEAN RtlpLockAtomTable

(

PRTL_ATOM_TABLE

AtomTable

)

Definition at line 543 of file libsupp.c.

{
   ExAcquireFastMutex(&AtomTable->FastMutex);
   return TRUE;
}

Referenced by RtlAddAtomToAtomTable(), RtlDeleteAtomFromAtomTable(), RtlDestroyAtomTable(), RtlEmptyAtomTable(), RtlLookupAtomInAtomTable(), RtlPinAtomInAtomTable(), RtlQueryAtomInAtomTable(), and RtlQueryAtomListInAtomTable().

RtlpRemoveHeapFromProcessList()

VOID NTAPI RtlpRemoveHeapFromProcessList

(

struct _HEAP *

Heap

)

Definition at line 237 of file libsupp.c.

{
    UNREFERENCED_PARAMETER(Heap);
}

Referenced by RtlDestroyHeap().

RtlpSafeCopyMemory()

NTSTATUS NTAPI RtlpSafeCopyMemory	(	_Out_writes_bytes_all_(Length) VOID UNALIGNED *	Destination,
		_In_reads_bytes_(Length) CONST VOID UNALIGNED *	Source,
		_In_ SIZE_T	Length
	)

Definition at line 793 of file libsupp.c.

{
    _SEH2_TRY
    {
        RtlCopyMemory(Destination, Source, Length);
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        _SEH2_YIELD(return _SEH2_GetExceptionCode());
    }
    _SEH2_END;
 
    return STATUS_SUCCESS;
}

RtlpSetHeapParameters()

VOID NTAPI RtlpSetHeapParameters

(

IN PRTL_HEAP_PARAMETERS

Parameters

)

Definition at line 261 of file libsupp.c.

{
    /* Apply defaults for non-set parameters */
    if (!Parameters->SegmentCommit) Parameters->SegmentCommit = MmHeapSegmentCommit;
    if (!Parameters->SegmentReserve) Parameters->SegmentReserve = MmHeapSegmentReserve;
    if (!Parameters->DeCommitFreeBlockThreshold) Parameters->DeCommitFreeBlockThreshold = MmHeapDeCommitFreeBlockThreshold;
    if (!Parameters->DeCommitTotalFreeThreshold) Parameters->DeCommitTotalFreeThreshold = MmHeapDeCommitTotalFreeThreshold;
}

RtlpSetInDbgPrint()

BOOLEAN NTAPI RtlpSetInDbgPrint

(

VOID

)

Definition at line 84 of file libsupp.c.

{
    /* Nothing to set in kernel mode */
    return FALSE;
}

RtlpUnlockAtomTable()

VOID RtlpUnlockAtomTable

(

PRTL_ATOM_TABLE

AtomTable

)

Definition at line 550 of file libsupp.c.

{
   ExReleaseFastMutex(&AtomTable->FastMutex);
}

Referenced by RtlAddAtomToAtomTable(), RtlDeleteAtomFromAtomTable(), RtlDestroyAtomTable(), RtlEmptyAtomTable(), RtlLookupAtomInAtomTable(), RtlPinAtomInAtomTable(), RtlQueryAtomInAtomTable(), and RtlQueryAtomListInAtomTable().

RtlReleasePebLock()

VOID NTAPI RtlReleasePebLock

(

VOID

)

Definition at line 138 of file libsupp.c.

{
 
}

Referenced by BaseGetNamedObjectDirectory(), BasepComputeProcessPath(), BasePushProcessParameters(), BaseRundownFls(), CheckForSameCurdir(), ExitProcess(), FlsAlloc(), FlsFree(), FlsSetValue(), GetEnvironmentStringsA(), GetEnvironmentStringsW(), GetEnvironmentVariableA(), LdrShutdownThread(), RtlCreateEnvironment(), RtlCreateProcessParameters(), RtlGetCurrentDirectory_U(), RtlGetFullPathName_Ustr(), RtlGetFullPathName_UstrEx(), RtlpDosPathNameToRelativeNtPathName_Ustr(), RtlQueryEnvironmentVariable_U(), RtlSetCurrentDirectory_U(), RtlSetCurrentEnvironment(), RtlSetEnvironmentVariable(), TlsAlloc(), TlsFree(), and TlsSetValue().

RtlTryEnterHeapLock()

BOOLEAN NTAPI RtlTryEnterHeapLock	(	IN OUT PHEAP_LOCK	Lock,
		IN BOOLEAN	Exclusive
	)

Definition at line 184 of file libsupp.c.

{
    BOOLEAN Success;
    KeEnterCriticalRegion();
 
    if (Exclusive)
        Success = ExAcquireResourceExclusiveLite(&Lock->Resource, FALSE);
    else
        Success = ExAcquireResourceSharedLite(&Lock->Resource, FALSE);
 
    if (!Success)
        KeLeaveCriticalRegion();
 
    return Success;
}

RtlWalkFrameChain()

ULONG NTAPI RtlWalkFrameChain	(	OUT PVOID *	Callers,
		IN ULONG	Count,
		IN ULONG	Flags
	)

Definition at line 369 of file libsupp.c.

{
    ULONG_PTR Stack, NewStack, StackBegin, StackEnd = 0;
    ULONG Eip;
    BOOLEAN Result, StopSearch = FALSE;
    ULONG i = 0;
    PETHREAD Thread = PsGetCurrentThread();
    PTEB Teb;
    PKTRAP_FRAME TrapFrame;
 
    /* Get current EBP */
#if defined(_M_IX86)
#if defined __GNUC__
    __asm__("mov %%ebp, %0" : "=r" (Stack) : );
#elif defined(_MSC_VER)
    __asm mov Stack, ebp
#endif
#elif defined(_M_MIPS)
        __asm__("move $sp, %0" : "=r" (Stack) : );
#elif defined(_M_PPC)
    __asm__("mr %0,1" : "=r" (Stack) : );
#elif defined(_M_ARM)
    __asm__("mov sp, %0" : "=r"(Stack) : );
#else
#error Unknown architecture
#endif
 
    /* Set it as the stack begin limit as well */
    StackBegin = (ULONG_PTR)Stack;
 
    /* Check if we're called for non-logging mode */
    if (!Flags)
    {
        /* Get the actual safe limits */
        Result = RtlpCaptureStackLimits((ULONG_PTR)Stack,
                                        &StackBegin,
                                        &StackEnd);
        if (!Result) return 0;
    }
 
    /* Use a SEH block for maximum protection */
    _SEH2_TRY
    {
        /* Check if we want the user-mode stack frame */
        if (Flags == 1)
        {
            /* Get the trap frame and TEB */
            TrapFrame = KeGetTrapFrame(&Thread->Tcb);
            Teb = Thread->Tcb.Teb;
 
            /* Make sure we can trust the TEB and trap frame */
            if (!(Teb) ||
                (KeIsAttachedProcess()) ||
                (KeGetCurrentIrql() >= DISPATCH_LEVEL))
            {
                /* Invalid or unsafe attempt to get the stack */
                _SEH2_YIELD(return 0;)
            }
 
            /* Get the stack limits */
            StackBegin = (ULONG_PTR)Teb->NtTib.StackLimit;
            StackEnd = (ULONG_PTR)Teb->NtTib.StackBase;
#ifdef _M_IX86
            Stack = TrapFrame->Ebp;
#elif defined(_M_PPC)
            Stack = TrapFrame->Gpr1;
#else
#error Unknown architecture
#endif
 
            /* Validate them */
            if (StackEnd <= StackBegin) _SEH2_YIELD(return 0);
            ProbeForRead((PVOID)StackBegin,
                         StackEnd - StackBegin,
                         sizeof(CHAR));
        }
 
        /* Loop the frames */
        for (i = 0; i < Count; i++)
        {
            /*
             * Leave if we're past the stack,
             * if we're before the stack,
             * or if we've reached ourselves.
             */
            if ((Stack >= StackEnd) ||
                (!i ? (Stack < StackBegin) : (Stack <= StackBegin)) ||
                ((StackEnd - Stack) < (2 * sizeof(ULONG_PTR))))
            {
                /* We're done or hit a bad address */
                break;
            }
 
            /* Get new stack and EIP */
            NewStack = *(PULONG_PTR)Stack;
            Eip = *(PULONG_PTR)(Stack + sizeof(ULONG_PTR));
 
            /* Check if the new pointer is above the oldone and past the end */
            if (!((Stack < NewStack) && (NewStack < StackEnd)))
            {
                /* Stop searching after this entry */
                StopSearch = TRUE;
            }
 
            /* Also make sure that the EIP isn't a stack address */
            if ((StackBegin < Eip) && (Eip < StackEnd)) break;
 
            /* Check if we reached a user-mode address */
            if (!(Flags) && !(Eip & 0x80000000)) break; // FIXME: 3GB breakage
 
            /* Save this frame */
            Callers[i] = (PVOID)Eip;
 
            /* Check if we should continue */
            if (StopSearch)
            {
                /* Return the next index */
                i++;
                break;
            }
 
            /* Move to the next stack */
            Stack = NewStack;
        }
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        /* No index */
        i = 0;
    }
    _SEH2_END;
 
    /* Return frames parsed */
    return i;
}

Variable Documentation

NtGlobalFlag

ULONG NtGlobalFlag

extern

Definition at line 54 of file init.c.

Referenced by RtlpCheckLogException().

RtlpAllocDeallocQueryBufferSize

SIZE_T RtlpAllocDeallocQueryBufferSize = 128

Definition at line 25 of file libsupp.c.

Referenced by RtlQueryRegistryValues().

RtlpRangeListEntryLookasideList

PAGED_LOOKASIDE_LIST RtlpRangeListEntryLookasideList

Definition at line 24 of file libsupp.c.

Referenced by RtlInitializeRangeListPackage().