ReactOS 0.4.15-dev-7994-gb388cb6
Functions
probe.h File Reference
#include <reactos/probe.h>
Include dependency graph for probe.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

static __inline NTSTATUS DefaultSetInfoBufferCheck (_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
 Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from user or kernel mode.
 
static __inline NTSTATUS DefaultQueryInfoBufferCheck (_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
 Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from user or kernel mode.
 

Function Documentation

◆ DefaultQueryInfoBufferCheck()

static __inline NTSTATUS DefaultQueryInfoBufferCheck ( _In_ ULONG  Class,
_In_ const INFORMATION_CLASS_INFO ClassList,
_In_ ULONG  ClassListEntries,
_In_ ULONG  Flags,
_In_opt_ PVOID  Buffer,
_In_ ULONG  BufferLength,
_In_opt_ PULONG  ReturnLength,
_In_opt_ PULONG_PTR  ReturnLengthPtr,
_In_ KPROCESSOR_MODE  PreviousMode 
)
static

Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from user or kernel mode.

Parameters
[in]ClassThe specific class information that the caller explicitly requested information to be queried from an object.
[in]ClassListAn internal INFORMATION_CLASS_INFO consisting of a list array of information classes checked against the requested information classes given in Class parameter.
[in]ClassListEntriesSpecifies the number of class entries in an array, provided by the ClassList parameter.
[in]FlagsSpecifies a bit mask flag that influences how the query probe validation must be performed against Buffer and ReturnLength parameters. For further information in regard of this parameter, see remarks.
[in]BufferA pointer to an arbitrary data content in memory to be validated. Such parameter must be an initialized variable where the queried information is going to be received into this pointer. If the calling processor mode is UM (aka user mode) this parameter is validated. This parameter can be NULL (see remarks for more details).
[in]BufferLengthThe length of the buffer pointed by the Buffer parameter, whose size is in bytes. If the Buffer parameter is NULL, this parameter can be 0.
[in]ReturnLengthThe returned length of the buffer whose size is in bytes. If Buffer is NULL as well as BufferLength is 0, this parameter receives the actual return length needed to store the buffer in memory space. If the processor level calling mode is UM, this parameter is validated. If ICIF_FORCE_RETURN_LENGTH_PROBE is specified in Flags parameter, ReturnLength mustn't be NULL (see remarks). Otherwise it can be NULL.
[in]ReturnLengthPtrThis parameter is of the same nature as the ReturnLength one, with the difference being that the type parameter can be a ULONG on x86 systems or a ULONGLONG on AMD64 systems. If the processor level calling mode is UM, this parameter is validated. This parameter is currently unused.
[in]PreviousModeThe processor calling level mode. This level mode determines the procedure of probing validation in action. If the level calling mode is KM (aka kernel mode) this function will only validate the properties of the information class itself such as the required information length size. If the calling mode is UM, the pointer buffer provided by Buffer parameter is also validated as well as the return length parameter.
Returns
The outcome of the probe validation is based upon the returned NTSTATUS code. STATUS_SUCCESS is returned if the validation succeeded. Otherwise, one of the following failure status codes is returned:

STATUS_INVALID_INFO_CLASS – Indicates the given information class is not a valid QUERY class (ICIF_QUERY flag is not set to the corresponding information class) or the actual class is not present in the class list array.

STATUS_INFO_LENGTH_MISMATCH – Indicates the information length doesn't match with the one that the information class itself expects. This is the case with classes where ICIF_QUERY_SIZE_VARIABLE is not set, which means that the class requires a fixed length size.

STATUS_ACCESS_VIOLATION – Indicates the buffer is not within the user mode probe address range or the buffer variable is not writable (see remarks). The function will raise an exception.

STATUS_DATATYPE_MISALIGNMENT – Indicates the address of the buffer in memory is not aligned to the required alignment set.

Remarks
The probing of Buffer and ReturnLength are influenced based on the probe flags pointed by Flags parameter. The following flags are:

ICIF_PROBE_READ_WRITE – This flag explicitly tells the function to do a read and write probe against Buffer parameter. ProbeForWrite is invoked in this case. This is the default mechanism.

ICIF_PROBE_READ – This flag explicitly tells the function to do a read probe against Buffer parameter only, that is, the function does not probe if the parameter is actually writable. ProbeForRead is invoked in this case.

ICIF_FORCE_RETURN_LENGTH_PROBE – If this flag is set, the function will force probe the ReturnLength parameter. In this scenario if ReturnLength is NULL a STATUS_ACCESS_VIOLATION exception is raised. NtQueryInformationToken is the only NT system call where ReturnLength has to be properly initialized and not NULL.

Buffer parameter can be NULL if the caller does not want to actually query a certain information from an object. This is typically with query NT syscalls where a caller has to query the actual buffer length needed to store the queried information before doing a "real" query in the first place.

Definition at line 219 of file probe.h.

229{
230 NTSTATUS Status = STATUS_SUCCESS;
231
232 if (Class < ClassListEntries)
233 {
234 if (!(ClassList[Class].Flags & ICIF_QUERY))
235 {
236 Status = STATUS_INVALID_INFO_CLASS;
237 }
238 else if (ClassList[Class].RequiredSizeQUERY > 0 &&
239 BufferLength != ClassList[Class].RequiredSizeQUERY)
240 {
241 if (!(ClassList[Class].Flags & ICIF_QUERY_SIZE_VARIABLE))
242 {
243 Status = STATUS_INFO_LENGTH_MISMATCH;
244 }
245 }
246
247 if (NT_SUCCESS(Status))
248 {
249 if (PreviousMode != KernelMode)
250 {
251 _SEH2_TRY
252 {
253 if (Buffer != NULL)
254 {
255 if (Flags & ICIF_PROBE_READ)
256 {
257 ProbeForRead(Buffer,
258 BufferLength,
259 ClassList[Class].AlignmentQUERY);
260 }
261 else
262 {
263 ProbeForWrite(Buffer,
264 BufferLength,
265 ClassList[Class].AlignmentQUERY);
266 }
267 }
268
269 if ((Flags & ICIF_FORCE_RETURN_LENGTH_PROBE) || (ReturnLength != NULL))
270 {
271 ProbeForWriteUlong(ReturnLength);
272 }
273
274 if (ReturnLengthPtr != NULL)
275 {
276 ProbeForWrite(ReturnLengthPtr, sizeof(ULONG_PTR), sizeof(ULONG_PTR));
277 }
278 }
279 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
280 {
281 Status = _SEH2_GetExceptionCode();
282 }
283 _SEH2_END;
284 }
285 }
286 }
287 else
288 Status = STATUS_INVALID_INFO_CLASS;
289
290 return Status;
291}
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Buffer
Definition: bufpool.h:45
NULL
#define NULL
Definition: types.h:112
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ReturnLength
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:43
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
_SEH2_END
#define _SEH2_END
Definition: filesup.c:22
_SEH2_TRY
#define _SEH2_TRY
Definition: filesup.c:19
Status
Status
Definition: gdiplustypes.h:25
ICIF_QUERY_SIZE_VARIABLE
#define ICIF_QUERY_SIZE_VARIABLE
Definition: icif.h:20
ICIF_QUERY
#define ICIF_QUERY
Definition: icif.h:18
ICIF_PROBE_READ
#define ICIF_PROBE_READ
Definition: icif.h:25
ICIF_FORCE_RETURN_LENGTH_PROBE
#define ICIF_FORCE_RETURN_LENGTH_PROBE
Definition: icif.h:26
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
KernelMode
#define KernelMode
Definition: asm.h:34
STATUS_INVALID_INFO_CLASS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
ProbeForWriteUlong
#define ProbeForWriteUlong(Ptr)
Definition: probe.h:36
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103

Referenced by NtQueryEvent(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIoCompletion(), NtQueryMutant(), NtQuerySemaphore(), and NtQueryTimer().

◆ DefaultSetInfoBufferCheck()

static __inline NTSTATUS DefaultSetInfoBufferCheck ( _In_ ULONG  Class,
_In_ const INFORMATION_CLASS_INFO ClassList,
_In_ ULONG  ClassListEntries,
_In_ PVOID  Buffer,
_In_ ULONG  BufferLength,
_In_ KPROCESSOR_MODE  PreviousMode 
)
static

Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from user or kernel mode.

Parameters
[in]ClassThe specific class information that the caller explicitly requested information to be set into an object.
[in]ClassListAn internal INFORMATION_CLASS_INFO consisting of a list array of information classes checked against the requested information classes given in Class parameter.
[in]ClassListEntriesSpecifies the number of class entries in an array, provided by the ClassList parameter.
[in]BufferA pointer to an arbitrary data content in memory to be validated. Such pointer points to the actual arbitrary information class buffer to be set into the object. This buffer is validated only if the calling processor mode is UM (aka user mode).
[in]BufferLengthThe length of the buffer pointed by the Buffer parameter, whose size is in bytes.
[in]PreviousModeThe processor calling level mode. This level mode determines the procedure of probing validation in action. If the level calling mode is KM (aka kernel mode) this function will only validate the properties of the information class itself such as the required information length size. If the calling mode is UM, the pointer buffer provided by Buffer parameter is also validated.
Returns
The outcome of the probe validation is based upon the returned NTSTATUS code. STATUS_SUCCESS is returned if the validation succeeded. Otherwise, one of the following failure status codes is returned:

STATUS_INVALID_INFO_CLASS – Indicates the given information class is not a valid valid SET class (ICIF_SET flag is not set to the corresponding information class) or the actual class is not present in the class list array.

STATUS_INFO_LENGTH_MISMATCH – Indicates the information length doesn't match with the one that the information class itself expects. This is the case with classes ICIF_SET_SIZE_VARIABLE is not set, which means that the class requires a fixed length size.

STATUS_ACCESS_VIOLATION – Indicates the buffer is not within the user mode probe address range. The function will raise an exception.

STATUS_DATATYPE_MISALIGNMENT – Indicates the address of the buffer in memory is not aligned to the required alignment set.

Definition at line 70 of file probe.h.

77{
78 NTSTATUS Status = STATUS_SUCCESS;
79
80 if (Class < ClassListEntries)
81 {
82 if (!(ClassList[Class].Flags & ICIF_SET))
83 {
84 Status = STATUS_INVALID_INFO_CLASS;
85 }
86 else if (ClassList[Class].RequiredSizeSET > 0 &&
87 BufferLength != ClassList[Class].RequiredSizeSET)
88 {
89 if (!(ClassList[Class].Flags & ICIF_SET_SIZE_VARIABLE))
90 {
91 Status = STATUS_INFO_LENGTH_MISMATCH;
92 }
93 }
94
95 if (NT_SUCCESS(Status))
96 {
97 if (PreviousMode != KernelMode)
98 {
99 _SEH2_TRY
100 {
101 ProbeForRead(Buffer,
102 BufferLength,
103 ClassList[Class].AlignmentSET);
104 }
105 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
106 {
107 Status = _SEH2_GetExceptionCode();
108 }
109 _SEH2_END;
110 }
111 }
112 }
113 else
114 Status = STATUS_INVALID_INFO_CLASS;
115
116 return Status;
117}
ICIF_SET
#define ICIF_SET
Definition: icif.h:19
ICIF_SET_SIZE_VARIABLE
#define ICIF_SET_SIZE_VARIABLE
Definition: icif.h:21

Referenced by NtSetInformationDebugObject(), NtSetInformationProcess(), NtSetInformationThread(), and NtSetInformationToken().