ReactOS 0.4.16-dev-117-g38f21f9
|
#include <reactos/probe.h>
Go to the source code of this file.
Functions | |
static __inline NTSTATUS | DefaultSetInfoBufferCheck (_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode) |
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from user or kernel mode. | |
static __inline NTSTATUS | DefaultQueryInfoBufferCheck (_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode) |
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from user or kernel mode. | |
|
static |
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from user or kernel mode.
[in] | Class | The specific class information that the caller explicitly requested information to be queried from an object. |
[in] | ClassList | An internal INFORMATION_CLASS_INFO consisting of a list array of information classes checked against the requested information classes given in Class parameter. |
[in] | ClassListEntries | Specifies the number of class entries in an array, provided by the ClassList parameter. |
[in] | Flags | Specifies a bit mask flag that influences how the query probe validation must be performed against Buffer and ReturnLength parameters. For further information in regard of this parameter, see remarks. |
[in] | Buffer | A pointer to an arbitrary data content in memory to be validated. Such parameter must be an initialized variable where the queried information is going to be received into this pointer. If the calling processor mode is UM (aka user mode) this parameter is validated. This parameter can be NULL (see remarks for more details). |
[in] | BufferLength | The length of the buffer pointed by the Buffer parameter, whose size is in bytes. If the Buffer parameter is NULL, this parameter can be 0. |
[in] | ReturnLength | The returned length of the buffer whose size is in bytes. If Buffer is NULL as well as BufferLength is 0, this parameter receives the actual return length needed to store the buffer in memory space. If the processor level calling mode is UM, this parameter is validated. If ICIF_FORCE_RETURN_LENGTH_PROBE is specified in Flags parameter, ReturnLength mustn't be NULL (see remarks). Otherwise it can be NULL. |
[in] | ReturnLengthPtr | This parameter is of the same nature as the ReturnLength one, with the difference being that the type parameter can be a ULONG on x86 systems or a ULONGLONG on AMD64 systems. If the processor level calling mode is UM, this parameter is validated. This parameter is currently unused. |
[in] | PreviousMode | The processor calling level mode. This level mode determines the procedure of probing validation in action. If the level calling mode is KM (aka kernel mode) this function will only validate the properties of the information class itself such as the required information length size. If the calling mode is UM, the pointer buffer provided by Buffer parameter is also validated as well as the return length parameter. |
STATUS_INVALID_INFO_CLASS – Indicates the given information class is not a valid QUERY class (ICIF_QUERY flag is not set to the corresponding information class) or the actual class is not present in the class list array.
STATUS_INFO_LENGTH_MISMATCH – Indicates the information length doesn't match with the one that the information class itself expects. This is the case with classes where ICIF_QUERY_SIZE_VARIABLE is not set, which means that the class requires a fixed length size.
STATUS_ACCESS_VIOLATION – Indicates the buffer is not within the user mode probe address range or the buffer variable is not writable (see remarks). The function will raise an exception.
STATUS_DATATYPE_MISALIGNMENT – Indicates the address of the buffer in memory is not aligned to the required alignment set.
ICIF_PROBE_READ_WRITE – This flag explicitly tells the function to do a read and write probe against Buffer parameter. ProbeForWrite is invoked in this case. This is the default mechanism.
ICIF_PROBE_READ – This flag explicitly tells the function to do a read probe against Buffer parameter only, that is, the function does not probe if the parameter is actually writable. ProbeForRead is invoked in this case.
ICIF_FORCE_RETURN_LENGTH_PROBE – If this flag is set, the function will force probe the ReturnLength parameter. In this scenario if ReturnLength is NULL a STATUS_ACCESS_VIOLATION exception is raised. NtQueryInformationToken is the only NT system call where ReturnLength has to be properly initialized and not NULL.
Buffer parameter can be NULL if the caller does not want to actually query a certain information from an object. This is typically with query NT syscalls where a caller has to query the actual buffer length needed to store the queried information before doing a "real" query in the first place.
Definition at line 219 of file probe.h.
Referenced by NtQueryEvent(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIoCompletion(), NtQueryMutant(), NtQuerySemaphore(), and NtQueryTimer().
|
static |
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from user or kernel mode.
[in] | Class | The specific class information that the caller explicitly requested information to be set into an object. |
[in] | ClassList | An internal INFORMATION_CLASS_INFO consisting of a list array of information classes checked against the requested information classes given in Class parameter. |
[in] | ClassListEntries | Specifies the number of class entries in an array, provided by the ClassList parameter. |
[in] | Buffer | A pointer to an arbitrary data content in memory to be validated. Such pointer points to the actual arbitrary information class buffer to be set into the object. This buffer is validated only if the calling processor mode is UM (aka user mode). |
[in] | BufferLength | The length of the buffer pointed by the Buffer parameter, whose size is in bytes. |
[in] | PreviousMode | The processor calling level mode. This level mode determines the procedure of probing validation in action. If the level calling mode is KM (aka kernel mode) this function will only validate the properties of the information class itself such as the required information length size. If the calling mode is UM, the pointer buffer provided by Buffer parameter is also validated. |
STATUS_INVALID_INFO_CLASS – Indicates the given information class is not a valid valid SET class (ICIF_SET flag is not set to the corresponding information class) or the actual class is not present in the class list array.
STATUS_INFO_LENGTH_MISMATCH – Indicates the information length doesn't match with the one that the information class itself expects. This is the case with classes ICIF_SET_SIZE_VARIABLE is not set, which means that the class requires a fixed length size.
STATUS_ACCESS_VIOLATION – Indicates the buffer is not within the user mode probe address range. The function will raise an exception.
STATUS_DATATYPE_MISALIGNMENT – Indicates the address of the buffer in memory is not aligned to the required alignment set.
Definition at line 70 of file probe.h.
Referenced by NtSetInformationDebugObject(), NtSetInformationProcess(), NtSetInformationThread(), and NtSetInformationToken().