drvmgmt.c File Reference

#include <ntoskrnl.h>
#include <debug.h>
#include <mm/ARM3/miarm.h>

Include dependency graph for drvmgmt.c:

Go to the source code of this file.

Macros
#define	NDEBUG
#define	MODULE_INVOLVED_IN_ARM3

Functions
VOID NTAPI	MmUnlockPageableImageSection (IN PVOID ImageSectionHandle)
VOID NTAPI	MmLockPageableSectionByHandle (IN PVOID ImageSectionHandle)
PVOID NTAPI	MmLockPageableDataSection (IN PVOID AddressWithinSection)
ULONG NTAPI	MmTrimAllSystemPageableMemory (IN ULONG PurgeTransitionList)
NTSTATUS NTAPI	MmAddVerifierThunks (IN PVOID ThunkBuffer, IN ULONG ThunkBufferSize)
LOGICAL NTAPI	MmIsDriverVerifying (IN PDRIVER_OBJECT DriverObject)
NTSTATUS NTAPI	MmIsVerifierEnabled (OUT PULONG VerifierFlags)

Variables
MM_DRIVER_VERIFIER_DATA	MmVerifierData
LIST_ENTRY	MiVerifierDriverAddedThunkListHead
ULONG	MiActiveVerifierThunks
WCHAR	MmVerifyDriverBuffer [512] = {0}
ULONG	MmVerifyDriverBufferLength = sizeof(MmVerifyDriverBuffer)
ULONG	MmVerifyDriverBufferType = REG_NONE
ULONG	MmVerifyDriverLevel = -1
PVOID	MmTriageActionTaken
PVOID	KernelVerifier

Macro Definition Documentation

MODULE_INVOLVED_IN_ARM3

#define MODULE_INVOLVED_IN_ARM3

Definition at line 15 of file drvmgmt.c.

NDEBUG

#define NDEBUG

Definition at line 12 of file drvmgmt.c.

Function Documentation

MmAddVerifierThunks()

NTSTATUS NTAPI MmAddVerifierThunks	(	IN PVOID	ThunkBuffer,
		IN ULONG	ThunkBufferSize
	)

Definition at line 82 of file drvmgmt.c.

{
    PDRIVER_VERIFIER_THUNK_PAIRS ThunkTable;
    ULONG ThunkCount;
    PDRIVER_SPECIFIED_VERIFIER_THUNKS DriverThunks;
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    PVOID ModuleBase, ModuleEnd;
    ULONG i;
    NTSTATUS Status = STATUS_SUCCESS;
    PAGED_CODE();

    //
    // Make sure the driver verifier is initialized
    //
    if (!MiVerifierDriverAddedThunkListHead.Flink) return STATUS_NOT_SUPPORTED;

    //
    // Get the thunk pairs and count them
    //
    ThunkCount = ThunkBufferSize / sizeof(DRIVER_VERIFIER_THUNK_PAIRS);
    if (!ThunkCount) return STATUS_INVALID_PARAMETER_1;

    //
    // Now allocate our own thunk table
    //
    DriverThunks = ExAllocatePoolWithTag(PagedPool,
                                         sizeof(*DriverThunks) +
                                         ThunkCount *
                                         sizeof(DRIVER_VERIFIER_THUNK_PAIRS),
                                         'tVmM');
    if (!DriverThunks) return STATUS_INSUFFICIENT_RESOURCES;

    //
    // Now copy the driver-fed part
    //
    ThunkTable = (PDRIVER_VERIFIER_THUNK_PAIRS)(DriverThunks + 1);
    RtlCopyMemory(ThunkTable,
                  ThunkBuffer,
                  ThunkCount * sizeof(DRIVER_VERIFIER_THUNK_PAIRS));

    //
    // Acquire the system load lock
    //
    KeEnterCriticalRegion();
    KeWaitForSingleObject(&MmSystemLoadLock,
                          WrVirtualMemory,
                          KernelMode,
                          FALSE,
                          NULL);

    //
    // Get the loader entry
    //
    LdrEntry = MiLookupDataTableEntry(ThunkTable->PristineRoutine);
    if (!LdrEntry)
    {
        //
        // Fail
        //
        Status = STATUS_INVALID_PARAMETER_2;
        goto Cleanup;
    }

    //
    // Get driver base and end
    //
    ModuleBase = LdrEntry->DllBase;
    ModuleEnd = (PVOID)((ULONG_PTR)LdrEntry->DllBase + LdrEntry->SizeOfImage);

    //
    // Don't allow hooking the kernel or HAL
    //
    if (ModuleBase < (PVOID)(KSEG0_BASE + MmBootImageSize))
    {
        //
        // Fail
        //
        Status = STATUS_INVALID_PARAMETER_2;
        goto Cleanup;
    }

    //
    // Loop all the thunks
    //
    for (i = 0; i < ThunkCount; i++)
    {
        //
        // Make sure it's in the driver
        //
        if (((ULONG_PTR)ThunkTable->PristineRoutine < (ULONG_PTR)ModuleBase) ||
            ((ULONG_PTR)ThunkTable->PristineRoutine >= (ULONG_PTR)ModuleEnd))
        {
            //
            // Nope, fail
            //
            Status = STATUS_INVALID_PARAMETER_2;
            goto Cleanup;
        }
    }

    //
    // Otherwise, add this entry
    //
    DriverThunks->DataTableEntry = LdrEntry;
    DriverThunks->NumberOfThunks = ThunkCount;
    MiActiveVerifierThunks++;
    InsertTailList(&MiVerifierDriverAddedThunkListHead,
                   &DriverThunks->ListEntry);
    DriverThunks = NULL;

Cleanup:
    //
    // Release the lock
    //
    KeReleaseMutant(&MmSystemLoadLock, 1, FALSE, FALSE);
    KeLeaveCriticalRegion();

    //
    // Free the table if we failed and return status
    //
    if (DriverThunks) ExFreePoolWithTag(DriverThunks, 'tVmM');
    return Status;
}

MmIsDriverVerifying()

LOGICAL NTAPI MmIsDriverVerifying

(

IN PDRIVER_OBJECT

DriverObject

)

Definition at line 212 of file drvmgmt.c.

{
    PLDR_DATA_TABLE_ENTRY LdrEntry;

    //
    // Get the loader entry
    //
    LdrEntry = (PLDR_DATA_TABLE_ENTRY)DriverObject->DriverSection;
    if (!LdrEntry) return FALSE;

    //
    // Check if we're verifying or not
    //
    return (LdrEntry->Flags & LDRP_IMAGE_VERIFYING) ? TRUE: FALSE;
}

MmIsVerifierEnabled()

NTSTATUS NTAPI MmIsVerifierEnabled

(

OUT PULONG

VerifierFlags

)

Definition at line 233 of file drvmgmt.c.

{
    //
    // Check if we've actually added anything to the list
    //
    if (MiVerifierDriverAddedThunkListHead.Flink)
    {
        //
        // We have, read the verifier level
        //
        *VerifierFlags = MmVerifierData.Level;
        return STATUS_SUCCESS;
    }

    //
    // Otherwise, we're disabled
    //
    *VerifierFlags = 0;
    return STATUS_NOT_SUPPORTED;
}

MmLockPageableDataSection()

PVOID NTAPI MmLockPageableDataSection

(

IN PVOID

AddressWithinSection

)

Definition at line 57 of file drvmgmt.c.

{
    //
    // We should just find the section and call MmLockPageableSectionByHandle
    //
    static ULONG Warn; if (!Warn++) UNIMPLEMENTED;
    return AddressWithinSection;
}

MmLockPageableSectionByHandle()

VOID NTAPI MmLockPageableSectionByHandle

(

IN PVOID

ImageSectionHandle

)

Definition at line 47 of file drvmgmt.c.

{
    UNIMPLEMENTED;
}

MmTrimAllSystemPageableMemory()

ULONG NTAPI MmTrimAllSystemPageableMemory

(

IN ULONG

PurgeTransitionList

)

Definition at line 71 of file drvmgmt.c.

{
    UNIMPLEMENTED;
    return 0;
}

MmUnlockPageableImageSection()

VOID NTAPI MmUnlockPageableImageSection

(

IN PVOID

ImageSectionHandle

)

Definition at line 37 of file drvmgmt.c.

{
    static ULONG Warn; if (!Warn++) UNIMPLEMENTED;
}

Variable Documentation

KernelVerifier

PVOID KernelVerifier

Definition at line 28 of file drvmgmt.c.

MiActiveVerifierThunks

ULONG MiActiveVerifierThunks

Definition at line 22 of file drvmgmt.c.

Referenced by MmAddVerifierThunks().

MiVerifierDriverAddedThunkListHead

LIST_ENTRY MiVerifierDriverAddedThunkListHead

Definition at line 21 of file drvmgmt.c.

Referenced by MmAddVerifierThunks(), and MmIsVerifierEnabled().

MmTriageActionTaken

PVOID MmTriageActionTaken

Definition at line 27 of file drvmgmt.c.

MmVerifierData

MM_DRIVER_VERIFIER_DATA MmVerifierData

Definition at line 20 of file drvmgmt.c.

Referenced by MmIsVerifierEnabled().

MmVerifyDriverBuffer

WCHAR MmVerifyDriverBuffer[512] = {0}

Definition at line 23 of file drvmgmt.c.

MmVerifyDriverBufferLength

ULONG MmVerifyDriverBufferLength = sizeof(MmVerifyDriverBuffer)

Definition at line 24 of file drvmgmt.c.

MmVerifyDriverBufferType

ULONG MmVerifyDriverBufferType = REG_NONE

Definition at line 25 of file drvmgmt.c.

MmVerifyDriverLevel

ULONG MmVerifyDriverLevel = -1

Definition at line 26 of file drvmgmt.c.