#include <ntoskrnl.h>#include <debug.h>
Include dependency graph for send.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Functions | |
| NTSTATUS NTAPI | LpcRequestPort (IN PVOID PortObject, IN PPORT_MESSAGE LpcMessage) |
| NTSTATUS NTAPI | LpcRequestWaitReplyPort (IN PVOID PortObject, IN PPORT_MESSAGE LpcRequest, OUT PPORT_MESSAGE LpcReply) |
| NTSTATUS NTAPI | NtRequestPort (IN HANDLE PortHandle, IN PPORT_MESSAGE LpcRequest) |
| NTSTATUS NTAPI | LpcpVerifyMessageDataInfo (_In_ PPORT_MESSAGE Message, _Out_ PULONG NumberOfDataEntries) |
| NTSTATUS NTAPI | NtRequestWaitReplyPort (IN HANDLE PortHandle, IN PPORT_MESSAGE LpcRequest, IN OUT PPORT_MESSAGE LpcReply) |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ LpcpVerifyMessageDataInfo()
| NTSTATUS NTAPI LpcpVerifyMessageDataInfo | ( | _In_ PPORT_MESSAGE | Message, |
| _Out_ PULONG | NumberOfDataEntries | ||
| ) |
Definition at line 652 of file send.c.
655{
656 PLPCP_DATA_INFO DataInfo;
657 PUCHAR EndOfEntries;
658
659 /* Check if we have no data info at all */
661 {
662 *NumberOfDataEntries = 0;
664 }
665
666 /* Make sure the data info structure is within the message */
672 {
674 }
675
676 /* Get a pointer to the data info */
678
679 /* Make sure the full data info with all entries is within the message */
683 {
685 }
686
687 *NumberOfDataEntries = DataInfo->NumberOfEntries;
689}
FORCEINLINE PLPCP_DATA_INFO LpcpGetDataInfoFromMessage(PPORT_MESSAGE Message)
Definition: lpc_x.h:170
Definition: lpc.h:68
struct _LPCP_DATA_INFO::@1926 Entries[1]
Definition: winternl.h:3332
Referenced by NtRequestWaitReplyPort().
◆ LpcRequestPort()
Definition at line 22 of file send.c.
24{
26 ULONG MessageType;
30
31 PAGED_CODE();
32
34
35 /* Check if this is a non-datagram message */
36 if (LpcMessage->u2.s2.Type)
37 {
38 /* Get the message type */
39 MessageType = LpcpGetMessageType(LpcMessage);
40
41 /* Validate it */
43 {
44 /* Fail */
46 }
47
48 /* Mark this as a kernel-mode message only if we really came from it */
50 (LpcMessage->u2.s2.Type & LPC_KERNELMODE_MESSAGE))
51 {
52 /* We did, this is a kernel mode message */
53 MessageType |= LPC_KERNELMODE_MESSAGE;
54 }
55 }
56 else
57 {
58 /* This is a datagram */
59 MessageType = LPC_DATAGRAM;
60 }
61
62 /* Can't have data information on this type of call */
64
65 /* Validate the message length */
68 {
69 /* Fail */
71 }
72
73 /* Allocate a new message */
76
77 /* Clear the context */
80
81 /* Copy the message */
83 LpcMessage,
84 LpcMessage + 1,
85 MessageType,
87
88 /* Acquire the LPC lock */
90
91 /* Check if this is anything but a connection port */
93 {
94 /* The queue port is the connected port */
95 QueuePort = Port->ConnectedPort;
96 if (QueuePort)
97 {
98 /* Check if this is a client port */
100 {
101 /* Then copy the context */
102 Message->PortContext = QueuePort->PortContext;
103 ConnectionPort = QueuePort = Port->ConnectionPort;
104 if (!ConnectionPort)
105 {
106 /* Fail */
109 }
110 }
112 {
113 /* Any other kind of port, use the connection port */
114 ConnectionPort = QueuePort = Port->ConnectionPort;
115 if (!ConnectionPort)
116 {
117 /* Fail */
120 }
121 }
122
123 /* If we have a connection port, reference it */
125 }
126 }
127 else
128 {
129 /* For connection ports, use the port itself */
130 QueuePort = PortObject;
131 }
132
133 /* Make sure we have a port */
134 if (QueuePort)
135 {
136 /* Generate the Message ID and set it */
139 Message->Request.CallbackId = 0;
140
141 /* No Message ID for the thread */
142 Thread->LpcReplyMessageId = 0;
143
144 /* Insert the message in our chain */
146
147 /* Release the lock and the semaphore */
148 KeEnterCriticalRegion();
150 LpcpCompleteWait(QueuePort->MsgQueue.Semaphore);
151
152 /* If this is a waitable port, wake it up */
154 {
155 /* Wake it */
157 }
158
159 KeLeaveCriticalRegion();
160
161 /* We're done */
165 }
166
167 /* If we got here, then free the message and fail */
171}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
VOID NTAPI LpcpFreeToPortZone(IN PLPCP_MESSAGE Message, IN ULONG LockFlags)
Definition: close.c:52
VOID NTAPI LpcpMoveMessage(IN PPORT_MESSAGE Destination, IN PPORT_MESSAGE Origin, IN PVOID Data, IN ULONG MessageType, IN PCLIENT_ID ClientId)
Definition: reply.c:139
static __inline PLPCP_MESSAGE LpcpAllocateFromPortZone(VOID)
Definition: lpc_x.h:100
Definition: pstypes.h:1191
Definition: lpctypes.h:238
Definition: lpctypes.h:210
Referenced by CsrClientCallServer(), LpcpDeletePort(), and PspExitThread().
◆ LpcRequestWaitReplyPort()
| NTSTATUS NTAPI LpcRequestWaitReplyPort | ( | IN PVOID | PortObject, |
| IN PPORT_MESSAGE | LpcRequest, | ||
| OUT PPORT_MESSAGE | LpcReply | ||
| ) |
Definition at line 178 of file send.c.
181{
187 USHORT MessageType;
190 PKSEMAPHORE Semaphore;
191
192 PAGED_CODE();
193
195 "Port: %p. Messages: %p/%p. Type: %lx\n",
196 Port,
197 LpcRequest,
198 LpcReply,
199 LpcpGetMessageType(LpcRequest));
200
201 /* Check if the thread is dying */
203
204 /* Check if this is an LPC Request */
205 MessageType = LpcpGetMessageType(LpcRequest);
206 switch (MessageType)
207 {
208 /* No type, assume LPC request */
209 case 0:
210 MessageType = LPC_REQUEST;
211 break;
212
213 /* LPC request callback */
216 break;
217
218 /* Anything else, nothing to do */
224 break;
225
226 /* Invalid message type */
227 default:
229 }
230
231 /* Set the request type */
232 LpcRequest->u2.s2.Type = MessageType;
233
234 /* Validate the message length */
237 {
238 /* Fail */
240 }
241
242 /* Allocate a message from the port zone */
245 {
246 /* Fail if we couldn't allocate a message */
248 }
249
250 /* Check if this is a callback */
252 {
253 /* FIXME: TODO */
257 }
258 else
259 {
260 /* No callback, just copy the message */
262 LpcRequest,
263 LpcRequest + 1,
264 0,
266
267 /* Acquire the LPC lock */
269
270 /* Right now clear the port context */
272
273 /* Check if this is a not connection port */
275 {
276 /* We want the connected port */
277 QueuePort = Port->ConnectedPort;
278 if (!QueuePort)
279 {
280 /* We have no connected port, fail */
283 }
284
285 /* This will be the rundown port */
286 ReplyPort = QueuePort;
287
288 /* Check if this is a communication port */
290 {
291 /* Copy the port context and use the connection port */
293 ConnectionPort = QueuePort = Port->ConnectionPort;
294 if (!ConnectionPort)
295 {
296 /* Fail */
299 }
300 }
303 {
304 /* Use the connection port for anything but communication ports */
305 ConnectionPort = QueuePort = Port->ConnectionPort;
306 if (!ConnectionPort)
307 {
308 /* Fail */
311 }
312 }
313
314 /* Reference the connection port if it exists */
316 }
317 else
318 {
319 /* Otherwise, for a connection port, use the same port object */
320 QueuePort = ReplyPort = Port;
321 }
322
323 /* No reply thread */
326
327 /* Generate the Message ID and set it */
330 Message->Request.CallbackId = 0;
331
332 /* Set the message ID for our thread now */
335
336 /* Insert the message in our chain */
340
341 /* Release the lock and get the semaphore we'll use later */
342 KeEnterCriticalRegion();
345
346 /* If this is a waitable port, wake it up */
348 {
349 /* Wake it */
351 }
352 }
353
354 /* Now release the semaphore */
355 LpcpCompleteWait(Semaphore);
356 KeLeaveCriticalRegion();
357
358 /* And let's wait for the reply */
360
361 /* Acquire the LPC lock */
363
364 /* Get the LPC Message and clear our thread's reply data */
367 Thread->LpcReplyMessageId = 0;
368
369 /* Check if we have anything on the reply chain*/
371 {
372 /* Remove this thread and reinitialize the list */
375 }
376
377 /* Release the lock */
379
380 /* Check if we got a reply */
382 {
383 /* Check if we have a valid message */
385 {
387 "Reply Messages: %p/%p\n",
388 &Message->Request,
389 (&Message->Request) + 1);
390
391 /* Move the message */
392 LpcpMoveMessage(LpcReply,
393 &Message->Request,
394 (&Message->Request) + 1,
395 0,
396 NULL);
397
398 /* Acquire the lock */
400
401 /* Check if we replied to a thread */
403 {
404 /* Dereference */
407 }
408
409 /* Free the message */
411 }
412 else
413 {
414 /* We don't have a reply */
416 }
417 }
418 else
419 {
420 /* The wait failed, free the message */
422 }
423
424 /* All done */
426 "Port: %p. Status: %d\n",
427 Port,
428 Status);
429
430 /* Dereference the connection port */
433}
FORCEINLINE VOID LpcpSetPortToThread(IN PETHREAD Thread, IN PLPCP_PORT_OBJECT Port)
Definition: lpc_x.h:160
FORCEINLINE PLPCP_MESSAGE LpcpGetMessageFromThread(IN PETHREAD Thread)
Definition: lpc_x.h:129
struct _LPCP_PORT_OBJECT * PLPCP_PORT_OBJECT
Definition: ketypes.h:867
Referenced by CsrClientCallServer(), DbgkpSendApiMessageLpc(), and ExpRaiseHardError().
◆ NtRequestPort()
Definition at line 440 of file send.c.
442{
446 PORT_MESSAGE CapturedLpcRequest;
448 ULONG MessageType;
450
451 PAGED_CODE();
452
453 /* Check if the call comes from user mode */
455 {
456 _SEH2_TRY
457 {
458 /* Probe and capture the LpcRequest */
461 }
463 {
465 }
466 _SEH2_END;
467 }
468 else
469 {
470 /* Access the LpcRequest directly */
471 CapturedLpcRequest = *LpcRequest;
472 }
473
475 "Handle: %p. Message: %p. Type: %lx\n",
476 PortHandle,
477 LpcRequest,
478 LpcpGetMessageType(&CapturedLpcRequest));
479
480 /* Get the message type */
481 MessageType = CapturedLpcRequest.u2.s2.Type | LPC_DATAGRAM;
482
483 /* Can't have data information on this type of call */
485
486 /* Validate the length */
488 (ULONG)CapturedLpcRequest.u1.s1.TotalLength)
489 {
490 /* Fail */
492 }
493
494 /* Reference the object */
496 0,
497 LpcPortObjectType,
498 PreviousMode,
500 NULL);
502
503 /* Validate the message length */
506 {
507 /* Fail */
510 }
511
512 /* Allocate a message from the port zone */
515 {
516 /* Fail if we couldn't allocate a message */
519 }
520
521 /* No callback, just copy the message */
522 _SEH2_TRY
523 {
524 /* Copy it */
526 &CapturedLpcRequest,
527 LpcRequest + 1,
528 MessageType,
530 }
532 {
533 /* Cleanup and return the exception code */
537 }
538 _SEH2_END;
539
540 /* Acquire the LPC lock */
542
543 /* Right now clear the port context */
545
546 /* Check if this is a not connection port */
548 {
549 /* We want the connected port */
550 QueuePort = Port->ConnectedPort;
551 if (!QueuePort)
552 {
553 /* We have no connected port, fail */
557 }
558
559 /* Check if this is a communication port */
561 {
562 /* Copy the port context and use the connection port */
564 ConnectionPort = QueuePort = Port->ConnectionPort;
565 if (!ConnectionPort)
566 {
567 /* Fail */
571 }
572 }
574 {
575 /* Use the connection port for anything but communication ports */
576 ConnectionPort = QueuePort = Port->ConnectionPort;
577 if (!ConnectionPort)
578 {
579 /* Fail */
583 }
584 }
585
586 /* Reference the connection port if it exists */
588 }
589 else
590 {
591 /* Otherwise, for a connection port, use the same port object */
592 QueuePort = Port;
593 }
594
595 /* Reference QueuePort if we have it */
597 {
598 /* Set sender's port */
600
601 /* Generate the Message ID and set it */
604 Message->Request.CallbackId = 0;
605
606 /* No Message ID for the thread */
607 Thread->LpcReplyMessageId = 0;
608
609 /* Insert the message in our chain */
611
612 /* Release the lock and the semaphore */
613 KeEnterCriticalRegion();
616
617 /* If this is a waitable port, wake it up */
619 {
620 /* Wake it */
622 }
623
624 KeLeaveCriticalRegion();
625
626 /* Dereference objects */
628 ObDereferenceObject(QueuePort);
632 }
633
635
636 /* All done with a failure*/
638 "Port: %p. Status: %d\n",
639 Port,
640 Status);
641
642 /* The wait failed, free the message */
644
648}
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Definition: nsiface.idl:2307
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Referenced by ClientThread(), and main().
◆ NtRequestWaitReplyPort()
| NTSTATUS NTAPI NtRequestWaitReplyPort | ( | IN HANDLE | PortHandle, |
| IN PPORT_MESSAGE | LpcRequest, | ||
| IN OUT PPORT_MESSAGE | LpcReply | ||
| ) |
Definition at line 696 of file send.c.
699{
701 PORT_MESSAGE CapturedLpcRequest;
702 ULONG NumberOfDataEntries;
708 PKSEMAPHORE Semaphore;
709 ULONG MessageType;
710 PLPCP_DATA_INFO DataInfo;
711
712 PAGED_CODE();
713
714 /* Check if the thread is dying */
717
718 /* Check for user mode access */
720 {
721 _SEH2_TRY
722 {
723 /* Probe and capture the LpcRequest */
726
727 /* Probe the reply message for write */
729
730 /* Make sure the data entries in the request message are valid */
733 {
736 }
737 }
739 {
742 }
743 _SEH2_END;
744 }
745 else
746 {
747 CapturedLpcRequest = *LpcRequest;
750 {
753 }
754 }
755
757 "Handle: %p. Messages: %p/%p. Type: %lx\n",
758 PortHandle,
759 LpcRequest,
760 LpcReply,
761 LpcpGetMessageType(&CapturedLpcRequest));
762
763 /* This flag is undocumented. Remove it before continuing */
764 CapturedLpcRequest.u2.s2.Type &= ~0x4000;
765
766 /* Check if this is an LPC Request */
768 {
769 /* Then it's a callback */
771 }
773 {
774 /* This is a not kernel-mode message */
777 }
778 else
779 {
780 /* This is a kernel-mode message without a callback */
781 CapturedLpcRequest.u2.s2.Type |= LPC_REQUEST;
783 }
784
785 /* Get the message type */
786 MessageType = CapturedLpcRequest.u2.s2.Type;
787
788 /* Due to the above probe, we know that TotalLength is positive */
789 ASSERT(CapturedLpcRequest.u1.s1.TotalLength >= 0);
790
791 /* Validate the length */
793 (ULONG)CapturedLpcRequest.u1.s1.TotalLength))
794 {
795 /* Fail */
797 CapturedLpcRequest.u1.s1.DataLength,
798 CapturedLpcRequest.u1.s1.TotalLength);
800 }
801
802 /* Reference the object */
804 0,
805 LpcPortObjectType,
806 PreviousMode,
808 NULL);
810
811 /* Validate the message length */
814 {
815 /* Fail */
817 CapturedLpcRequest.u1.s1.DataLength,
818 CapturedLpcRequest.u1.s1.TotalLength);
821 }
822
823 /* Allocate a message from the port zone */
826 {
827 /* Fail if we couldn't allocate a message */
831 }
832
833 /* Check if this is a callback */
835 {
836 /* FIXME: TODO */
839 }
840 else
841 {
842 /* No callback, just copy the message */
843 _SEH2_TRY
844 {
845 /* Check if we have data info entries */
846 if (LpcRequest->u2.s2.DataInfoOffset != 0)
847 {
848 /* Get the data info and check if the number of entries matches
849 what we expect */
850 DataInfo = LpcpGetDataInfoFromMessage(LpcRequest);
852 {
856 DataInfo->NumberOfEntries, NumberOfDataEntries);
858 }
859 }
860
861 /* Copy it */
863 &CapturedLpcRequest,
864 LpcRequest + 1,
865 MessageType,
867 }
869 {
870 /* Cleanup and return the exception code */
875 }
876 _SEH2_END;
877
878 /* Acquire the LPC lock */
880
881 /* Right now clear the port context */
883
884 /* Check if this is a not connection port */
886 {
887 /* We want the connected port */
888 QueuePort = Port->ConnectedPort;
889 if (!QueuePort)
890 {
891 /* We have no connected port, fail */
896 }
897
898 /* This will be the rundown port */
899 ReplyPort = QueuePort;
900
901 /* Check if this is a client port */
903 {
904 /* Copy the port context */
906 }
907
909 {
910 /* Use the connection port for anything but communication ports */
911 ConnectionPort = QueuePort = Port->ConnectionPort;
912 if (!ConnectionPort)
913 {
914 /* Fail */
919 }
920 }
921
922 /* Reference the connection port if it exists */
924 }
925 else
926 {
927 /* Otherwise, for a connection port, use the same port object */
928 QueuePort = ReplyPort = Port;
929 }
930
931 /* No reply thread */
934
935 /* Generate the Message ID and set it */
938 Message->Request.CallbackId = 0;
939
940 /* Set the message ID for our thread now */
943
944 /* Insert the message in our chain */
948
949 /* Release the lock and get the semaphore we'll use later */
950 KeEnterCriticalRegion();
953
954 /* If this is a waitable port, wake it up */
956 {
957 /* Wake it */
959 }
960 }
961
962 /* Now release the semaphore */
963 LpcpCompleteWait(Semaphore);
964 KeLeaveCriticalRegion();
965
966 /* And let's wait for the reply */
968
969 /* Acquire the LPC lock */
971
972 /* Get the LPC Message and clear our thread's reply data */
975 Thread->LpcReplyMessageId = 0;
976
977 /* Check if we have anything on the reply chain*/
979 {
980 /* Remove this thread and reinitialize the list */
983 }
984
985 /* Release the lock */
987
988 /* Check if we got a reply */
990 {
991 /* Check if we have a valid message */
993 {
995 "Reply Messages: %p/%p\n",
996 &Message->Request,
997 (&Message->Request) + 1);
998
999 /* Move the message */
1000 _SEH2_TRY
1001 {
1002 LpcpMoveMessage(LpcReply,
1003 &Message->Request,
1004 (&Message->Request) + 1,
1005 0,
1006 NULL);
1007 }
1009 {
1012 }
1013 _SEH2_END;
1014
1015 /* Check if this is an LPC request with data information */
1017 (Message->Request.u2.s2.DataInfoOffset))
1018 {
1019 /* Save the data information */
1021 }
1022 else
1023 {
1024 /* Otherwise, just free it */
1026 }
1027 }
1028 else
1029 {
1030 /* We don't have a reply */
1032 }
1033 }
1034 else
1035 {
1036 /* The wait failed, free the message */
1038 }
1039
1040 /* All done */
1042 "Port: %p. Status: %d\n",
1043 Port,
1044 Status);
1048}
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
VOID NTAPI LpcpSaveDataInfoMessage(IN PLPCP_PORT_OBJECT Port, IN PLPCP_MESSAGE Message, IN ULONG LockFlags)
Definition: reply.c:62
NTSTATUS NTAPI LpcpVerifyMessageDataInfo(_In_ PPORT_MESSAGE Message, _Out_ PULONG NumberOfDataEntries)
Definition: send.c:652
Referenced by CsrClientCallServer(), LsaEnumerateLogonSessions(), LsaGetLogonSessionData(), LsapRmCreateLogonSession(), LsapRmDeleteLogonSession(), LsaRegisterPolicyChangeNotification(), LsaUnregisterPolicyChangeNotification(), SmpCallCsrCreateProcess(), SmpLoadSubSystem(), SmpSbCreateSession(), SmQueryInformation(), and SmSendMsgToSm().
