#include <stdio.h>
#include <windef.h>
#include <winbase.h>
#include <winreg.h>
#include <ndk/iofuncs.h>
#include <ndk/obfuncs.h>
#include <ndk/rtlfuncs.h>
#include <ndk/cmfuncs.h>
#include <ndk/exfuncs.h>
#include <ndk/mmfuncs.h>
#include <ndk/psfuncs.h>
#include <ndk/lpcfuncs.h>
#include <ndk/setypes.h>
#include <ndk/umfuncs.h>
#include <ndk/kefuncs.h>
#include <ntstrsafe.h>
#include <sm/smmsg.h>

Include dependency graph for smss.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes
struct	_SMP_REGISTRY_VALUE

struct	_SMP_SUBSYSTEM

Macros
#define	WIN32_NO_STATUS

#define	NTOS_MODE_USER

#define	SMP_DEBUG_FLAG 0x01

#define	SMP_ASYNC_FLAG 0x02

#define	SMP_AUTOCHK_FLAG 0x04

#define	SMP_SUBSYSTEM_FLAG 0x08

#define	SMP_INVALID_PATH 0x10

#define	SMP_DEFERRED_FLAG 0x20

#define	SMP_POSIX_FLAG 0x100

#define	SMP_OS2_FLAG 0x200

Typedefs
typedef struct _SMP_REGISTRY_VALUE	SMP_REGISTRY_VALUE

typedef struct _SMP_REGISTRY_VALUE *	PSMP_REGISTRY_VALUE

typedef struct _SMP_SUBSYSTEM	SMP_SUBSYSTEM

typedef struct _SMP_SUBSYSTEM *	PSMP_SUBSYSTEM

Functions
NTSTATUS NTAPI	SmpTerminate (IN PULONG_PTR Parameters, IN ULONG ParameterMask, IN ULONG ParameterCount)

NTSTATUS NTAPI	SmpCreateSecurityDescriptors (IN BOOLEAN InitialCall)

NTSTATUS NTAPI	SmpInit (IN PUNICODE_STRING InitialCommand, OUT PHANDLE ProcessHandle)

NTSTATUS NTAPI	SmpAcquirePrivilege (IN ULONG Privilege, OUT PVOID *PrivilegeStat)

VOID NTAPI	SmpReleasePrivilege (IN PVOID State)

ULONG NTAPI	SmpApiLoop (IN PVOID Parameter)

NTSTATUS NTAPI	SmpExecuteCommand (IN PUNICODE_STRING CommandLine, IN ULONG MuSessionId, OUT PHANDLE ProcessId, IN ULONG Flags)

NTSTATUS NTAPI	SmpLoadSubSystemsForMuSession (IN PULONG MuSessionId, OUT PHANDLE ProcessId, IN PUNICODE_STRING InitialCommand)

VOID NTAPI	SmpPagingFileInitialize (VOID)

NTSTATUS NTAPI	SmpCreatePagingFileDescriptor (IN PUNICODE_STRING PageFileToken)

NTSTATUS NTAPI	SmpCreatePagingFiles (VOID)

NTSTATUS NTAPI	SmpParseCommandLine (IN PUNICODE_STRING CommandLine, OUT PULONG Flags, OUT PUNICODE_STRING FileName, OUT PUNICODE_STRING Directory, OUT PUNICODE_STRING Arguments)

NTSTATUS NTAPI	SmpLoadSubSystem (IN PUNICODE_STRING FileName, IN PUNICODE_STRING Directory, IN PUNICODE_STRING CommandLine, IN ULONG MuSessionId, OUT PHANDLE ProcessId, IN ULONG Flags)

NTSTATUS NTAPI	SmpSetProcessMuSessionId (IN HANDLE ProcessHandle, IN ULONG SessionId)

BOOLEAN NTAPI	SmpQueryRegistrySosOption (VOID)

BOOLEAN NTAPI	SmpSaveAndClearBootStatusData (OUT PBOOLEAN BootOkay, OUT PBOOLEAN ShutdownOkay)

VOID NTAPI	SmpRestoreBootStatusData (IN BOOLEAN BootOkay, IN BOOLEAN ShutdownOkay)

BOOLEAN NTAPI	SmpCheckForCrashDump (IN PUNICODE_STRING FileName)

VOID NTAPI	SmpTranslateSystemPartitionInformation (VOID)

PSMP_SUBSYSTEM NTAPI	SmpLocateKnownSubSysByCid (IN PCLIENT_ID ClientId)

PSMP_SUBSYSTEM NTAPI	SmpLocateKnownSubSysByType (IN ULONG MuSessionId, IN ULONG ImageType)

NTSTATUS NTAPI	SmpGetProcessMuSessionId (IN HANDLE ProcessHandle, OUT PULONG SessionId)

VOID NTAPI	SmpDereferenceSubsystem (IN PSMP_SUBSYSTEM SubSystem)

NTSTATUS NTAPI	SmpSbCreateSession (IN PVOID Reserved, IN PSMP_SUBSYSTEM OtherSubsystem, IN PRTL_USER_PROCESS_INFORMATION ProcessInformation, IN ULONG MuSessionId, IN PCLIENT_ID DbgClientId)

ULONG NTAPI	SmpAllocateSessionId (IN PSMP_SUBSYSTEM Subsystem, IN PSMP_SUBSYSTEM OtherSubsystem)

VOID NTAPI	SmpDeleteSession (IN ULONG SessionId)

BOOLEAN NTAPI	SmpCheckDuplicateMuSessionId (IN ULONG MuSessionId)

NTSTATUS NTAPI	SmpExecuteInitialCommand (IN ULONG MuSessionId, IN PUNICODE_STRING InitialCommand, IN HANDLE InitialCommandProcess, OUT PHANDLE ReturnPid)

NTSTATUS NTAPI	SmpExecuteImage (IN PUNICODE_STRING FileName, IN PUNICODE_STRING Directory, IN PUNICODE_STRING CommandLine, IN ULONG MuSessionId, IN ULONG Flags, IN PRTL_USER_PROCESS_INFORMATION ProcessInformation)

Macro Definition Documentation

◆ NTOS_MODE_USER

#define NTOS_MODE_USER

Definition at line 21 of file smss.h.

◆ SMP_ASYNC_FLAG

#define SMP_ASYNC_FLAG 0x02

Definition at line 42 of file smss.h.

◆ SMP_AUTOCHK_FLAG

#define SMP_AUTOCHK_FLAG 0x04

Definition at line 43 of file smss.h.

◆ SMP_DEBUG_FLAG

#define SMP_DEBUG_FLAG 0x01

Definition at line 41 of file smss.h.

◆ SMP_DEFERRED_FLAG

#define SMP_DEFERRED_FLAG 0x20

Definition at line 46 of file smss.h.

◆ SMP_INVALID_PATH

#define SMP_INVALID_PATH 0x10

Definition at line 45 of file smss.h.

◆ SMP_OS2_FLAG

#define SMP_OS2_FLAG 0x200

Definition at line 48 of file smss.h.

◆ SMP_POSIX_FLAG

#define SMP_POSIX_FLAG 0x100

Definition at line 47 of file smss.h.

◆ SMP_SUBSYSTEM_FLAG

#define SMP_SUBSYSTEM_FLAG 0x08

Definition at line 44 of file smss.h.

◆ WIN32_NO_STATUS

#define WIN32_NO_STATUS

Definition at line 16 of file smss.h.

Typedef Documentation

◆ PSMP_REGISTRY_VALUE

typedef struct _SMP_REGISTRY_VALUE * PSMP_REGISTRY_VALUE

◆ PSMP_SUBSYSTEM

typedef struct _SMP_SUBSYSTEM * PSMP_SUBSYSTEM

◆ SMP_REGISTRY_VALUE

typedef struct _SMP_REGISTRY_VALUE SMP_REGISTRY_VALUE

◆ SMP_SUBSYSTEM

typedef struct _SMP_SUBSYSTEM SMP_SUBSYSTEM

Function Documentation

◆ SmpAcquirePrivilege()

NTSTATUS NTAPI SmpAcquirePrivilege	(	IN ULONG	Privilege,
		OUT PVOID *	PrivilegeStat
	)

Definition at line 40 of file smutil.c.

 {
     PSMP_PRIVILEGE_STATE State;
     ULONG Size;
     NTSTATUS Status;
 
     /* Assume failure */
     *PrivilegeState = NULL;
 
     /* Acquire the state structure to hold everything we need */
     State = RtlAllocateHeap(SmpHeap,
                             0,
                             sizeof(SMP_PRIVILEGE_STATE) +
                             sizeof(TOKEN_PRIVILEGES) +
                             sizeof(LUID_AND_ATTRIBUTES));
     if (!State) return STATUS_NO_MEMORY;
 
     /* Open our token */
     Status = NtOpenProcessToken(NtCurrentProcess(),
                                 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
                                 &State->TokenHandle);
     if (!NT_SUCCESS(Status))
     {
         /* Fail */
         RtlFreeHeap(SmpHeap, 0, State);
         return Status;
     }
 
     /* Set one privilege in the enabled state */
     State->NewPrivileges = &State->NewBuffer;
     State->OldPrivileges = (PTOKEN_PRIVILEGES)&State->OldBuffer;
     State->NewPrivileges->PrivilegeCount = 1;
     State->NewPrivileges->Privileges[0].Luid = RtlConvertUlongToLuid(Privilege);
     State->NewPrivileges->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
 
     /* Adjust the privileges in the token */
     Size = sizeof(State->OldBuffer);
     Status = NtAdjustPrivilegesToken(State->TokenHandle,
                                      FALSE,
                                      State->NewPrivileges,
                                      Size,
                                      State->OldPrivileges,
                                      &Size);
     if (Status == STATUS_BUFFER_TOO_SMALL)
     {
         /* Our static buffer is not big enough, allocate a bigger one */
         State->OldPrivileges = RtlAllocateHeap(SmpHeap, 0, Size);
         if (!State->OldPrivileges)
         {
             /* Out of memory, fail */
             Status = STATUS_NO_MEMORY;
             goto Quickie;
         }
 
         /* Now try again */
         Status = NtAdjustPrivilegesToken(State->TokenHandle,
                                          FALSE,
                                          State->NewPrivileges,
                                          Size,
                                          State->OldPrivileges,
                                          &Size);
     }
 
     /* Normalize failure code and check for success */
     if (Status == STATUS_NOT_ALL_ASSIGNED) Status = STATUS_PRIVILEGE_NOT_HELD;
     if (NT_SUCCESS(Status))
     {
         /* We got the privilege, return */
         *PrivilegeState = State;
         return STATUS_SUCCESS;
     }
 
 Quickie:
     /* Check if we used a dynamic buffer */
     if (State->OldPrivileges != (PTOKEN_PRIVILEGES)&State->OldBuffer)
     {
         /* Free it */
         RtlFreeHeap(SmpHeap, 0, State->OldPrivileges);
     }
 
     /* Close the token handle and free the state structure */
     NtClose(State->TokenHandle);
     RtlFreeHeap(SmpHeap, 0, State);
     return Status;
 }

Referenced by _main(), SmpLoadSubSystem(), and SmpLoadSubSystemsForMuSession().

◆ SmpAllocateSessionId()

ULONG NTAPI SmpAllocateSessionId	(	IN PSMP_SUBSYSTEM	Subsystem,
		IN PSMP_SUBSYSTEM	OtherSubsystem
	)

Definition at line 123 of file smsessn.c.

 {
     ULONG SessionId;
     PSMP_SESSION Session;
 
     /* Allocate a new ID while under the lock */
     RtlEnterCriticalSection(&SmpSessionListLock);
     SessionId = SmpNextSessionId++;
 
     /* Check for overflow */
     if (SmpNextSessionIdScanMode)
     {
         /* Break if it happened */
         DbgPrint("SMSS: SessionId's Wrapped\n");
         DbgBreakPoint();
     }
     else
     {
         /* Detect it for next time */
         if (!SmpNextSessionId) SmpNextSessionIdScanMode = 1;
     }
 
     /* Allocate a session structure */
     Session = RtlAllocateHeap(SmpHeap, 0, sizeof(SMP_SESSION));
     if (Session)
     {
         /* Write the session data and insert it into the session list */
         Session->Subsystem = Subsystem;
         Session->SessionId = SessionId;
         Session->OtherSubsystem = OtherSubsystem;
         InsertTailList(&SmpSessionListHead, &Session->Entry);
     }
     else
     {
         DPRINT1("SMSS: Unable to keep track of session ID -- no memory available\n");
     }
 
     /* Release the session lock */
     RtlLeaveCriticalSection(&SmpSessionListLock);
     return SessionId;
 }

Referenced by SmpLoadSubSystem(), and SmpSbCreateSession().

◆ SmpApiLoop()

ULONG NTAPI SmpApiLoop ( IN PVOID Parameter )

Definition at line 371 of file smloop.c.

 {
     HANDLE SmApiPort = (HANDLE)Parameter;
     NTSTATUS Status;
     PSMP_CLIENT_CONTEXT ClientContext;
     PSM_API_MSG ReplyMsg = NULL;
     SM_API_MSG RequestMsg;
     PROCESS_BASIC_INFORMATION ProcessInformation;
     LARGE_INTEGER Timeout;
 
     /* Increase the number of API threads for throttling code for later */
     _InterlockedExchangeAdd(&SmTotalApiThreads, 1);
 
     /* Mark us critical */
     RtlSetThreadIsCritical(TRUE, NULL, TRUE);
 
     /* Set the PID of the SM process itself for later checking */
     NtQueryInformationProcess(NtCurrentProcess(),
                               ProcessBasicInformation,
                               &ProcessInformation,
                               sizeof(ProcessInformation),
                               NULL);
     SmUniqueProcessId = (HANDLE)ProcessInformation.UniqueProcessId;
 
     /* Now process incoming messages */
     while (TRUE)
     {
         /* Begin waiting on a request */
         Status = NtReplyWaitReceivePort(SmApiPort,
                                         (PVOID*)&ClientContext,
                                         &ReplyMsg->h,
                                         &RequestMsg.h);
         if (Status == STATUS_NO_MEMORY)
         {
             /* Ran out of memory, so do a little timeout and try again */
             if (ReplyMsg) DPRINT1("SMSS: Failed to reply to calling thread, retrying.\n");
             Timeout.QuadPart = -50000000;
             NtDelayExecution(FALSE, &Timeout);
             continue;
         }
 
         /* Check what kind of request we received */
         switch (RequestMsg.h.u2.s2.Type)
         {
             /* A new connection */
             case LPC_CONNECTION_REQUEST:
                 /* Create the right structures for it */
                 SmpHandleConnectionRequest(SmApiPort, (PSB_API_MSG)&RequestMsg);
                 ReplyMsg = NULL;
                 break;
 
             /* A closed connection */
             case LPC_PORT_CLOSED:
                 /* Destroy any state we had for this client */
                 DPRINT1("Port closed\n");
                 //if (ClientContext) SmpPushDeferredClientContext(ClientContext);
                 ReplyMsg = NULL;
                 break;
 
             /* An actual API message */
             default:
                 if (!ClientContext)
                 {
                     ReplyMsg = NULL;
                     break;
                 }
 
                 RequestMsg.ReturnValue = STATUS_PENDING;
 
                 /* Check if the API is valid */
                 if (RequestMsg.ApiNumber >= SmpMaxApiNumber)
                 {
                     /* It isn't, fail */
                     DPRINT1("Invalid API: %lx\n", RequestMsg.ApiNumber);
                     Status = STATUS_NOT_IMPLEMENTED;
                 }
                 else if ((RequestMsg.ApiNumber <= SmpTerminateForeignSessionApi) &&
                          !(ClientContext->Subsystem))
                 {
                     /* It's valid, but doesn't have a subsystem with it */
                     DPRINT1("Invalid session API\n");
                     Status = STATUS_INVALID_PARAMETER;
                 }
                 else
                 {
                     /* It's totally okay, so call the dispatcher for it */
                     Status = SmpApiDispatch[RequestMsg.ApiNumber](&RequestMsg,
                                                                   ClientContext,
                                                                   SmApiPort);
                 }
 
                 /* Write the result value and return the message back */
                 RequestMsg.ReturnValue = Status;
                 ReplyMsg = &RequestMsg;
                 break;
         }
     }
     return STATUS_SUCCESS;
 }

Referenced by SmpInit().

◆ SmpCheckDuplicateMuSessionId()

BOOLEAN NTAPI SmpCheckDuplicateMuSessionId ( IN ULONG MuSessionId )

Definition at line 37 of file smsessn.c.

 {
     PSMP_SUBSYSTEM Subsystem;
     BOOLEAN FoundDuplicate = FALSE;
     PLIST_ENTRY NextEntry;
 
     /* Lock the subsystem database */
     RtlEnterCriticalSection(&SmpKnownSubSysLock);
 
     /* Scan each entry */
     NextEntry = SmpKnownSubSysHead.Flink;
     while (NextEntry != &SmpKnownSubSysHead)
     {
         /* Check if this entry has the same session ID */
         Subsystem = CONTAINING_RECORD(NextEntry, SMP_SUBSYSTEM, Entry);
         if (Subsystem->MuSessionId == MuSessionId)
         {
             /* Break out of here! */
             FoundDuplicate = TRUE;
             break;
         }
 
         /* Keep going */
         NextEntry = NextEntry->Flink;
     }
 
     /* Release the database and return the result */
     RtlLeaveCriticalSection(&SmpKnownSubSysLock);
     return FoundDuplicate;
 }

Referenced by SmpLoadSubSystem(), and SmpSbCreateSession().

◆ SmpCheckForCrashDump()

BOOLEAN NTAPI SmpCheckForCrashDump ( IN PUNICODE_STRING FileName )

Definition at line 20 of file crashdmp.c.

 {
     return FALSE;
 }

Referenced by SmpCreatePagingFileOnFixedDrive().

◆ SmpCreatePagingFileDescriptor()

NTSTATUS NTAPI SmpCreatePagingFileDescriptor ( IN PUNICODE_STRING PageFileToken )

Definition at line 84 of file pagefile.c.

 {
     NTSTATUS Status;
     ULONG MinSize = 0, MaxSize = 0;
     BOOLEAN SystemManaged = FALSE, ZeroSize = TRUE;
     PSMP_PAGEFILE_DESCRIPTOR Descriptor, ListDescriptor;
     ULONG i;
     WCHAR c;
     PLIST_ENTRY NextEntry;
     UNICODE_STRING PageFileName, Arguments, SecondArgument;
 
     /* Make sure we don't have too many */
     if (SmpNumberOfPagingFiles >= 16)
     {
         DPRINT1("SMSS:PFILE: Too many paging files specified - %lu\n",
                 SmpNumberOfPagingFiles);
         return STATUS_TOO_MANY_PAGING_FILES;
     }
 
     /* Parse the specified and get the name and arguments out of it */
     DPRINT("SMSS:PFILE: Paging file specifier `%wZ'\n", PageFileToken);
     Status = SmpParseCommandLine(PageFileToken,
                                  NULL,
                                  &PageFileName,
                                  NULL,
                                  &Arguments);
     if (!NT_SUCCESS(Status))
     {
         /* Fail */
         DPRINT1("SMSS:PFILE: SmpParseCommandLine( %wZ ) failed - Status == %lx\n",
                 PageFileToken, Status);
         return Status;
     }
 
     /* Set the variable to let everyone know we have a pagefile token */
     SmpRegistrySpecifierPresent = TRUE;
 
     /* Parse the arguments, if any */
     if (Arguments.Buffer)
     {
         /* Parse the pagefile size */
         for (i = 0; i < Arguments.Length / sizeof(WCHAR); i++)
         {
             /* Check if it's zero */
             c = Arguments.Buffer[i];
             if ((c != L' ') && (c != L'\t') && (c != L'0'))
             {
                 /* It isn't, break out */
                 ZeroSize = FALSE;
                 break;
             }
         }
     }
 
     /* Was a pagefile not specified, or was it specified with no size? */
     if (!(Arguments.Buffer) || (ZeroSize))
     {
         /* In this case, the system will manage its size */
         SystemManaged = TRUE;
     }
     else
     {
         /* We do have a size, so convert the arguments into a number */
         Status = RtlUnicodeStringToInteger(&Arguments, 0, &MinSize);
         if (!NT_SUCCESS(Status))
         {
             /* Fail */
             RtlFreeUnicodeString(&PageFileName);
             RtlFreeUnicodeString(&Arguments);
             return Status;
         }
 
         /* Now advance to the next argument */
         for (i = 0; i < Arguments.Length / sizeof(WCHAR); i++)
         {
             /* Found a space -- second argument must start here */
             if (Arguments.Buffer[i] == L' ')
             {
                 /* Use the rest of the arguments as a maximum size */
                 SecondArgument.Buffer = &Arguments.Buffer[i];
                 SecondArgument.Length = (USHORT)(Arguments.Length -
                                         i * sizeof(WCHAR));
                 SecondArgument.MaximumLength = (USHORT)(Arguments.MaximumLength -
                                                i * sizeof(WCHAR));
                 Status = RtlUnicodeStringToInteger(&SecondArgument, 0, &MaxSize);
                 if (!NT_SUCCESS(Status))
                 {
                     /* Fail */
                     RtlFreeUnicodeString(&PageFileName);
                     RtlFreeUnicodeString(&Arguments);
                     return Status;
                 }
 
                 break;
             }
         }
     }
 
     /* We are done parsing arguments */
     RtlFreeUnicodeString(&Arguments);
 
     /* Now we can allocate our descriptor */
     Descriptor = RtlAllocateHeap(RtlGetProcessHeap(),
                                  HEAP_ZERO_MEMORY,
                                  sizeof(SMP_PAGEFILE_DESCRIPTOR));
     if (!Descriptor)
     {
         /* Fail if we couldn't */
         RtlFreeUnicodeString(&PageFileName);
         return STATUS_NO_MEMORY;
     }
 
     /* Capture all our data into the descriptor */
     Descriptor->Token = *PageFileToken;
     Descriptor->Name = PageFileName;
     Descriptor->MinSize.QuadPart = MinSize * MEGABYTE;
     Descriptor->MaxSize.QuadPart = MaxSize * MEGABYTE;
     if (SystemManaged) Descriptor->Flags |= SMP_PAGEFILE_SYSTEM_MANAGED;
     Descriptor->Name.Buffer[STANDARD_DRIVE_LETTER_OFFSET] =
     RtlUpcaseUnicodeChar(Descriptor->Name.Buffer[STANDARD_DRIVE_LETTER_OFFSET]);
     if (Descriptor->Name.Buffer[STANDARD_DRIVE_LETTER_OFFSET] == '?')
     {
         Descriptor->Flags |= SMP_PAGEFILE_ON_ANY_DRIVE;
     }
 
     /* Now loop the existing descriptors */
     NextEntry = SmpPagingFileDescriptorList.Flink;
     do
     {
         /* Are there none, or have we looped back to the beginning? */
         if (NextEntry == &SmpPagingFileDescriptorList)
         {
             /* This means no duplicates exist, so insert our descriptor! */
             InsertTailList(&SmpPagingFileDescriptorList, &Descriptor->Entry);
             SmpNumberOfPagingFiles++;
             DPRINT("SMSS:PFILE: Created descriptor for `%wZ' (`%wZ')\n",
                     PageFileToken, &Descriptor->Name);
             return STATUS_SUCCESS;
         }
 
         /* Keep going until we find a duplicate, unless we are in "any" mode */
         ListDescriptor = CONTAINING_RECORD(NextEntry, SMP_PAGEFILE_DESCRIPTOR, Entry);
         NextEntry = NextEntry->Flink;
     } while (!(ListDescriptor->Flags & SMP_PAGEFILE_ON_ANY_DRIVE) ||
              !(Descriptor->Flags & SMP_PAGEFILE_ON_ANY_DRIVE));
 
     /* We found a duplicate, so skip this descriptor/pagefile and fail */
     DPRINT1("SMSS:PFILE: Skipping duplicate specifier `%wZ'\n", PageFileToken);
     RtlFreeUnicodeString(&PageFileName);
     RtlFreeHeap(RtlGetProcessHeap(), 0, Descriptor);
     return STATUS_INVALID_PARAMETER;
 }

Referenced by SmpLoadDataFromRegistry().

◆ SmpCreatePagingFiles()

NTSTATUS NTAPI SmpCreatePagingFiles ( VOID )

Definition at line 998 of file pagefile.c.

 {
     NTSTATUS Status;
     PSMP_PAGEFILE_DESCRIPTOR Descriptor;
     LARGE_INTEGER Size, FuzzFactor;
     BOOLEAN Created = FALSE;
     PLIST_ENTRY NextEntry;
 
     /* Check if no paging files were requested */
     if (!(SmpNumberOfPagingFiles) && !(SmpRegistrySpecifierPresent))
     {
         /* The list should be empty -- nothing to do */
         ASSERT(IsListEmpty(&SmpPagingFileDescriptorList));
         DPRINT1("SMSS:PFILE: No paging file was requested\n");
         return STATUS_SUCCESS;
     }
 
     /* Initialize the volume descriptors so we can know what's available */
     Status = SmpCreateVolumeDescriptors();
     if (!NT_SUCCESS(Status))
     {
         /* We can't make decisions without this, so fail */
         DPRINT1("SMSS:PFILE: Failed to create volume descriptors (status %X)\n",
                 Status);
         return Status;
     }
 
     /* If we fail creating pagefiles, try to reduce by this much each time */
     FuzzFactor.QuadPart = FUZZ_FACTOR;
 
     /* Loop the descriptor list */
     NextEntry = SmpPagingFileDescriptorList.Flink;
     while (NextEntry != &SmpPagingFileDescriptorList)
     {
         /* Check what kind of descriptor this is */
         Descriptor = CONTAINING_RECORD(NextEntry, SMP_PAGEFILE_DESCRIPTOR, Entry);
         if (Descriptor->Flags & SMP_PAGEFILE_SYSTEM_MANAGED)
         {
             /* This is a system-managed descriptor. Create the correct file */
             DPRINT("SMSS:PFILE: Creating a system managed paging file (`%wZ')\n",
                     &Descriptor->Name);
             Status = SmpCreateSystemManagedPagingFile(Descriptor, FALSE);
             if (!NT_SUCCESS(Status))
             {
                 /* We failed -- try again, with size minimization this time */
                 DPRINT("SMSS:PFILE: Trying lower sizes for (`%wZ')\n",
                         &Descriptor->Name);
                 Status = SmpCreateSystemManagedPagingFile(Descriptor, TRUE);
             }
         }
         else
         {
             /* This is a manually entered descriptor. Validate its size first */
             SmpValidatePagingFileSizes(Descriptor);
 
             /* Check if this is an ANY pagefile or a FIXED pagefile */
             DPRINT("SMSS:PFILE: Creating a normal paging file (`%wZ')\n",
                     &Descriptor->Name);
             if (Descriptor->Name.Buffer[STANDARD_DRIVE_LETTER_OFFSET] == L'?')
             {
                 /* It's an any pagefile, try to create it wherever possible */
                 Size = Descriptor->MinSize;
                 Status = SmpCreatePagingFileOnAnyDrive(Descriptor,
                                                        &FuzzFactor,
                                                        &Size);
                 if (!NT_SUCCESS(Status))
                 {
                     /* We failed to create it. Try again with a smaller size */
                     DPRINT("SMSS:PFILE: Trying lower sizes for (`%wZ')\n",
                             &Descriptor->Name);
                     Size.QuadPart = 16 * MEGABYTE;
                     Status = SmpCreatePagingFileOnAnyDrive(Descriptor,
                                                            &FuzzFactor,
                                                            &Size);
                 }
             }
             else
             {
                 /* It's a fixed pagefile: override the minimum and use ours */
                 Size.QuadPart = 16 * MEGABYTE;
                 Status = SmpCreatePagingFileOnFixedDrive(Descriptor,
                                                          &FuzzFactor,
                                                          &Size);
             }
         }
 
         /* Go to the next descriptor */
         if (NT_SUCCESS(Status)) Created = TRUE;
         NextEntry = NextEntry->Flink;
     }
 
     /* Check if none of the code in our loops above was able to create it */
     if (!Created)
     {
         /* Build an emergency pagefile ourselves */
         DPRINT1("SMSS:PFILE: Creating emergency paging file.\n");
         Status = SmpCreateEmergencyPagingFile();
     }
 
     /* All done */
     return Status;
 }

Referenced by SmpLoadDataFromRegistry().

◆ SmpCreateSecurityDescriptors()

NTSTATUS NTAPI SmpCreateSecurityDescriptors ( IN BOOLEAN InitialCall )

Definition at line 950 of file sminit.c.

 {
     NTSTATUS Status;
     PSID WorldSid = NULL, AdminSid = NULL, SystemSid = NULL;
     PSID RestrictedSid = NULL, OwnerSid = NULL;
     SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
     SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
     SID_IDENTIFIER_AUTHORITY CreatorAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
     ULONG AclLength, SidLength;
     PACL Acl;
     PACE_HEADER Ace;
     BOOLEAN ProtectionRequired = FALSE;
 
     /* Check if this is the first call */
     if (InitialCall)
     {
         /* Create and set the primary descriptor */
         SmpPrimarySecurityDescriptor = &SmpPrimarySDBody;
         Status = RtlCreateSecurityDescriptor(SmpPrimarySecurityDescriptor,
                                              SECURITY_DESCRIPTOR_REVISION);
         ASSERT(NT_SUCCESS(Status));
         Status = RtlSetDaclSecurityDescriptor(SmpPrimarySecurityDescriptor,
                                               TRUE,
                                               NULL,
                                               FALSE);
         ASSERT(NT_SUCCESS(Status));
 
         /* Create and set the liberal descriptor */
         SmpLiberalSecurityDescriptor = &SmpLiberalSDBody;
         Status = RtlCreateSecurityDescriptor(SmpLiberalSecurityDescriptor,
                                              SECURITY_DESCRIPTOR_REVISION);
         ASSERT(NT_SUCCESS(Status));
         Status = RtlSetDaclSecurityDescriptor(SmpLiberalSecurityDescriptor,
                                               TRUE,
                                               NULL,
                                               FALSE);
         ASSERT(NT_SUCCESS(Status));
 
         /* Create and set the \KnownDlls descriptor */
         SmpKnownDllsSecurityDescriptor = &SmpKnownDllsSDBody;
         Status = RtlCreateSecurityDescriptor(SmpKnownDllsSecurityDescriptor,
                                              SECURITY_DESCRIPTOR_REVISION);
         ASSERT(NT_SUCCESS(Status));
         Status = RtlSetDaclSecurityDescriptor(SmpKnownDllsSecurityDescriptor,
                                               TRUE,
                                               NULL,
                                               FALSE);
         ASSERT(NT_SUCCESS(Status));
 
         /* Create and Set the \ApiPort descriptor */
         SmpApiPortSecurityDescriptor = &SmpApiPortSDBody;
         Status = RtlCreateSecurityDescriptor(SmpApiPortSecurityDescriptor,
                                              SECURITY_DESCRIPTOR_REVISION);
         ASSERT(NT_SUCCESS(Status));
         Status = RtlSetDaclSecurityDescriptor(SmpApiPortSecurityDescriptor,
                                               TRUE,
                                               NULL,
                                               FALSE);
         ASSERT(NT_SUCCESS(Status));
     }
 
     /* Check if protection was requested in the registry (on by default) */
     if (SmpProtectionMode & 1) ProtectionRequired = TRUE;
 
     /* Exit if there's nothing to do */
     if (!(InitialCall || ProtectionRequired)) return STATUS_SUCCESS;
 
     /* Build the world SID */
     Status = RtlAllocateAndInitializeSid(&WorldAuthority, 1,
                                          SECURITY_WORLD_RID,
                                          0, 0, 0, 0, 0, 0, 0,
                                          &WorldSid);
     if (!NT_SUCCESS(Status))
     {
         WorldSid = NULL;
         goto Quickie;
     }
 
     /* Build the admin SID */
     Status = RtlAllocateAndInitializeSid(&NtAuthority, 2,
                                          SECURITY_BUILTIN_DOMAIN_RID,
                                          DOMAIN_ALIAS_RID_ADMINS,
                                          0, 0, 0, 0, 0, 0,
                                          &AdminSid);
     if (!NT_SUCCESS(Status))
     {
         AdminSid = NULL;
         goto Quickie;
     }
 
     /* Build the owner SID */
     Status = RtlAllocateAndInitializeSid(&CreatorAuthority, 1,
                                          SECURITY_CREATOR_OWNER_RID,
                                          0, 0, 0, 0, 0, 0, 0,
                                          &OwnerSid);
     if (!NT_SUCCESS(Status))
     {
         OwnerSid = NULL;
         goto Quickie;
     }
 
     /* Build the restricted SID */
     Status = RtlAllocateAndInitializeSid(&NtAuthority, 1,
                                          SECURITY_RESTRICTED_CODE_RID,
                                          0, 0, 0, 0, 0, 0, 0,
                                          &RestrictedSid);
     if (!NT_SUCCESS(Status))
     {
         RestrictedSid = NULL;
         goto Quickie;
     }
 
     /* Build the system SID */
     Status = RtlAllocateAndInitializeSid(&NtAuthority, 1,
                                          SECURITY_LOCAL_SYSTEM_RID,
                                          0, 0, 0, 0, 0, 0, 0,
                                          &SystemSid);
     if (!NT_SUCCESS(Status))
     {
         SystemSid = NULL;
         goto Quickie;
     }
 
     /* Now check if we're creating the core descriptors */
     if (!InitialCall)
     {
         /* We're skipping NextAcl so we have to do this here */
         SidLength = RtlLengthSid(WorldSid) + RtlLengthSid(RestrictedSid) + RtlLengthSid(AdminSid);
         SidLength *= 2;
         goto NotInitial;
     }
 
     /* Allocate an ACL with two ACEs with two SIDs each */
     SidLength = RtlLengthSid(SystemSid) + RtlLengthSid(AdminSid);
     AclLength = sizeof(ACL) + 2 * sizeof(ACCESS_ALLOWED_ACE) + SidLength;
     Acl = RtlAllocateHeap(RtlGetProcessHeap(), 0, AclLength);
     if (!Acl) Status = STATUS_NO_MEMORY;
     if (!NT_SUCCESS(Status)) goto NextAcl;
 
     /* Now build the ACL and add the two ACEs */
     Status = RtlCreateAcl(Acl, AclLength, ACL_REVISION2);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_ALL, AdminSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_ALL, SystemSid);
     ASSERT(NT_SUCCESS(Status));
 
     /* Set this as the DACL */
     Status = RtlSetDaclSecurityDescriptor(SmpApiPortSecurityDescriptor,
                                           TRUE,
                                           Acl,
                                           FALSE);
     ASSERT(NT_SUCCESS(Status));
 
 NextAcl:
     /* Allocate an ACL with 6 ACEs, two ACEs per SID */
     SidLength = RtlLengthSid(WorldSid) + RtlLengthSid(RestrictedSid) + RtlLengthSid(AdminSid);
     SidLength *= 2;
     AclLength = sizeof(ACL) + 6 * sizeof(ACCESS_ALLOWED_ACE) + SidLength;
     Acl = RtlAllocateHeap(RtlGetProcessHeap(), 0, AclLength);
     if (!Acl) Status = STATUS_NO_MEMORY;
     if (!NT_SUCCESS(Status)) goto NotInitial;
 
     /* Now build the ACL and add the six ACEs */
     Status = RtlCreateAcl(Acl, AclLength, ACL_REVISION2);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE, WorldSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE, RestrictedSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_ALL, AdminSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE | GENERIC_READ | GENERIC_WRITE, WorldSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE | GENERIC_READ | GENERIC_WRITE, RestrictedSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_ALL, AdminSid);
     ASSERT(NT_SUCCESS(Status));
 
     /* Now edit the last three ACEs and make them inheritable */
     Status = RtlGetAce(Acl, 3, (PVOID)&Ace);
     ASSERT(NT_SUCCESS(Status));
     Ace->AceFlags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE;
     Status = RtlGetAce(Acl, 4, (PVOID)&Ace);
     ASSERT(NT_SUCCESS(Status));
     Ace->AceFlags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE;
     Status = RtlGetAce(Acl, 5, (PVOID)&Ace);
     ASSERT(NT_SUCCESS(Status));
     Ace->AceFlags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE;
 
     /* Set this as the DACL */
     Status = RtlSetDaclSecurityDescriptor(SmpKnownDllsSecurityDescriptor,
                                           TRUE,
                                           Acl,
                                           FALSE);
     ASSERT(NT_SUCCESS(Status));
 
 NotInitial:
     /* The initial ACLs have been created, are we also protecting objects? */
     if (!ProtectionRequired) goto Quickie;
 
     /* Allocate an ACL with 7 ACEs, two ACEs per SID, and one final owner ACE */
     SidLength += RtlLengthSid(OwnerSid);
     AclLength = sizeof(ACL) + 7 * sizeof (ACCESS_ALLOWED_ACE) + 2 * SidLength;
     Acl = RtlAllocateHeap(RtlGetProcessHeap(), 0, AclLength);
     if (!Acl) Status = STATUS_NO_MEMORY;
     if (!NT_SUCCESS(Status)) goto Quickie;
 
     /* Build the ACL and add the seven ACEs */
     Status = RtlCreateAcl(Acl, AclLength, ACL_REVISION2);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE | GENERIC_READ, WorldSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE | GENERIC_READ, RestrictedSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_ALL, AdminSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE | GENERIC_READ, WorldSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE | GENERIC_READ, RestrictedSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_ALL, AdminSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_ALL, OwnerSid);
     ASSERT(NT_SUCCESS(Status));
 
     /* Edit the last 4 ACEs to make then inheritable */
     Status = RtlGetAce(Acl, 3, (PVOID)&Ace);
     ASSERT(NT_SUCCESS(Status));
     Ace->AceFlags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE;
     Status = RtlGetAce(Acl, 4, (PVOID)&Ace);
     ASSERT(NT_SUCCESS(Status));
     Ace->AceFlags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE;
     Status = RtlGetAce(Acl, 5, (PVOID)&Ace);
     ASSERT(NT_SUCCESS(Status));
     Ace->AceFlags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE;
     Status = RtlGetAce(Acl, 6, (PVOID)&Ace);
     ASSERT(NT_SUCCESS(Status));
     Ace->AceFlags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE;
 
     /* Set this as the DACL for the primary SD */
     Status = RtlSetDaclSecurityDescriptor(SmpPrimarySecurityDescriptor,
                                           TRUE,
                                           Acl,
                                           FALSE);
     ASSERT(NT_SUCCESS(Status));
 
     /* Allocate an ACL with 7 ACEs, two ACEs per SID, and one final owner ACE */
     AclLength = sizeof(ACL) + 7 * sizeof (ACCESS_ALLOWED_ACE) + 2 * SidLength;
     Acl = RtlAllocateHeap(RtlGetProcessHeap(), 0, AclLength);
     if (!Acl) Status = STATUS_NO_MEMORY;
     if (!NT_SUCCESS(Status)) goto Quickie;
 
     /* Build the ACL and add the seven ACEs */
     Status = RtlCreateAcl(Acl, AclLength, ACL_REVISION2);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE | GENERIC_READ | GENERIC_WRITE, WorldSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE | GENERIC_READ | GENERIC_WRITE, RestrictedSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_ALL, AdminSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE | GENERIC_READ | GENERIC_WRITE, WorldSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_EXECUTE | GENERIC_READ | GENERIC_WRITE, RestrictedSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_ALL, AdminSid);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlAddAccessAllowedAce(Acl, ACL_REVISION2, GENERIC_ALL, OwnerSid);
     ASSERT(NT_SUCCESS(Status));
 
     /* Edit the last 4 ACEs to make then inheritable */
     Status = RtlGetAce(Acl, 3, (PVOID)&Ace);
     ASSERT(NT_SUCCESS(Status));
     Ace->AceFlags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE;
     Status = RtlGetAce(Acl, 4, (PVOID)&Ace);
     ASSERT(NT_SUCCESS(Status));
     Ace->AceFlags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE;
     Status = RtlGetAce(Acl, 5, (PVOID)&Ace);
     ASSERT(NT_SUCCESS(Status));
     Ace->AceFlags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE;
     Status = RtlGetAce(Acl, 6, (PVOID)&Ace);
     ASSERT(NT_SUCCESS(Status));
     Ace->AceFlags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE;
 
     /* Now set this as the DACL for the liberal SD */
     Status = RtlSetDaclSecurityDescriptor(SmpLiberalSecurityDescriptor,
                                           TRUE,
                                           Acl,
                                           FALSE);
     ASSERT(NT_SUCCESS(Status));
 
 Quickie:
     /* Cleanup the SIDs */
     if (OwnerSid) RtlFreeHeap(RtlGetProcessHeap(), 0, OwnerSid);
     if (AdminSid) RtlFreeHeap(RtlGetProcessHeap(), 0, AdminSid);
     if (WorldSid) RtlFreeHeap(RtlGetProcessHeap(), 0, WorldSid);
     if (SystemSid) RtlFreeHeap(RtlGetProcessHeap(), 0, SystemSid);
     if (RestrictedSid) RtlFreeHeap(RtlGetProcessHeap(), 0, RestrictedSid);
     return Status;
 }

Referenced by SmpConfigureProtectionMode(), and SmpInit().

◆ SmpDeleteSession()

VOID NTAPI SmpDeleteSession ( IN ULONG SessionId )

Definition at line 98 of file smsessn.c.

 {
     PSMP_SESSION Session;
 
     /* Enter the lock and get the session structure */
     RtlEnterCriticalSection(&SmpSessionListLock);
     Session = SmpSessionIdToSession(SessionId);
     if (Session)
     {
         /* Remove it from the list */
         RemoveEntryList(&Session->Entry);
         RtlLeaveCriticalSection(&SmpSessionListLock);
 
         /* Now free the structure outside of the lock */
         RtlFreeHeap(SmpHeap, 0, Session);
     }
     else
     {
         /* ID doesn't map to one of our structures, nothing to do... */
         RtlLeaveCriticalSection(&SmpSessionListLock);
     }
 }

Referenced by SmpLoadSubSystem(), and SmpSbCreateSession().

◆ SmpDereferenceSubsystem()

VOID NTAPI SmpDereferenceSubsystem ( IN PSMP_SUBSYSTEM SubSystem )

Definition at line 47 of file smsubsys.c.

 {
     /* Acquire the database lock while we (potentially) destroy this subsystem */
     RtlEnterCriticalSection(&SmpKnownSubSysLock);
 
     /* Drop the reference and see if it's terminating */
     if (!(--SubSystem->ReferenceCount) && (SubSystem->Terminating))
     {
         /* Close all handles and free it */
         if (SubSystem->Event) NtClose(SubSystem->Event);
         if (SubSystem->ProcessHandle) NtClose(SubSystem->ProcessHandle);
         if (SubSystem->SbApiPort) NtClose(SubSystem->SbApiPort);
         RtlFreeHeap(SmpHeap, 0, SubSystem);
     }
 
     /* Release the database lock */
     RtlLeaveCriticalSection(&SmpKnownSubSysLock);
 }

Referenced by SmpHandleConnectionRequest(), SmpLoadSubSystem(), and SmpSbCreateSession().

◆ SmpExecuteCommand()

NTSTATUS NTAPI SmpExecuteCommand	(	IN PUNICODE_STRING	CommandLine,
		IN ULONG	MuSessionId,
		OUT PHANDLE	ProcessId,
		IN ULONG	Flags
	)

Definition at line 221 of file smss.c.

 {
     NTSTATUS Status;
     UNICODE_STRING Arguments, Directory, FileName;
 
     /* There's no longer a debugging subsystem */
     if (Flags & SMP_DEBUG_FLAG) return STATUS_SUCCESS;
 
     /* Parse the command line to see what execution flags are requested */
     Status = SmpParseCommandLine(CommandLine,
                                  &Flags,
                                  &FileName,
                                  &Directory,
                                  &Arguments);
     if (!NT_SUCCESS(Status))
     {
         /* Fail if we couldn't do that */
         DPRINT1("SMSS: SmpParseCommandLine( %wZ ) failed - Status == %lx\n",
                 CommandLine, Status);
         return Status;
     }
 
     /* Check if autochk is requested */
     if (Flags & SMP_AUTOCHK_FLAG)
     {
         /* Run it */
         Status = SmpInvokeAutoChk(&FileName, &Directory, &Arguments, Flags);
     }
     else if (Flags & SMP_SUBSYSTEM_FLAG)
     {
         Status = SmpLoadSubSystem(&FileName,
                                   &Directory,
                                   CommandLine,
                                   MuSessionId,
                                   ProcessId,
                                   Flags);
     }
     else if (Flags & SMP_INVALID_PATH)
     {
         /* An invalid image was specified, fail */
         DPRINT1("SMSS: Image file (%wZ) not found\n", &FileName);
         Status = STATUS_OBJECT_NAME_NOT_FOUND;
     }
     else
     {
         /* An actual image name was present -- execute it */
         Status = SmpExecuteImage(&FileName,
                                  &Directory,
                                  CommandLine,
                                  MuSessionId,
                                  Flags,
                                  NULL);
     }
 
     /* Free all the token parameters */
     if (FileName.Buffer) RtlFreeHeap(RtlGetProcessHeap(), 0, FileName.Buffer);
     if (Directory.Buffer) RtlFreeHeap(RtlGetProcessHeap(), 0, Directory.Buffer);
     if (Arguments.Buffer) RtlFreeHeap(RtlGetProcessHeap(), 0, Arguments.Buffer);
 
     /* Return to the caller */
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("SMSS: Command '%wZ' failed - Status == %x\n",
                 CommandLine, Status);
     }
     return Status;
 }

Referenced by SmpLoadDataFromRegistry(), and SmpLoadSubSystemsForMuSession().

◆ SmpExecuteImage()

NTSTATUS NTAPI SmpExecuteImage	(	IN PUNICODE_STRING	FileName,
		IN PUNICODE_STRING	Directory,
		IN PUNICODE_STRING	CommandLine,
		IN ULONG	MuSessionId,
		IN ULONG	Flags,
		IN PRTL_USER_PROCESS_INFORMATION	ProcessInformation
	)

Definition at line 42 of file smss.c.

 {
     PRTL_USER_PROCESS_INFORMATION ProcessInfo;
     NTSTATUS Status;
     RTL_USER_PROCESS_INFORMATION LocalProcessInfo;
     PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
 
     /* Use the input process information if we have it, otherwise use local */
     ProcessInfo = ProcessInformation;
     if (!ProcessInfo) ProcessInfo = &LocalProcessInfo;
 
     /* Create parameters for the target process */
     Status = RtlCreateProcessParameters(&ProcessParameters,
                                         FileName,
                                         SmpDefaultLibPath.Length ?
                                         &SmpDefaultLibPath : NULL,
                                         Directory,
                                         CommandLine,
                                         SmpDefaultEnvironment,
                                         NULL,
                                         NULL,
                                         NULL,
                                         0);
     if (!NT_SUCCESS(Status))
     {
         /* This is a pretty bad failure. ASSERT on checked builds and exit */
         ASSERTMSG("RtlCreateProcessParameters failed.\n", NT_SUCCESS(Status));
         DPRINT1("SMSS: RtlCreateProcessParameters failed for %wZ - Status == %lx\n",
                 FileName, Status);
         return Status;
     }
 
     /* Set the size field as required */
     ProcessInfo->Size = sizeof(RTL_USER_PROCESS_INFORMATION);
 
     /* Check if the debug flag was requested */
     if (Flags & SMP_DEBUG_FLAG)
     {
         /* Write it in the process parameters */
         ProcessParameters->DebugFlags = 1;
     }
     else
     {
         /* Otherwise inherit the flag that was passed to SMSS itself */
         ProcessParameters->DebugFlags = SmpDebug;
     }
 
     /* Subsystems get the first 1MB of memory reserved for DOS/IVT purposes */
     if (Flags & SMP_SUBSYSTEM_FLAG)
     {
         ProcessParameters->Flags |= RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB;
     }
 
     /* And always force NX for anything that SMSS launches */
     ProcessParameters->Flags |= RTL_USER_PROCESS_PARAMETERS_NX;
 
     /* Now create the process */
     Status = RtlCreateUserProcess(FileName,
                                   OBJ_CASE_INSENSITIVE,
                                   ProcessParameters,
                                   NULL,
                                   NULL,
                                   NULL,
                                   FALSE,
                                   NULL,
                                   NULL,
                                   ProcessInfo);
     RtlDestroyProcessParameters(ProcessParameters);
     if (!NT_SUCCESS(Status))
     {
         /* If we couldn't create it, fail back to the caller */
         DPRINT1("SMSS: Failed load of %wZ - Status  == %lx\n",
                 FileName, Status);
         return Status;
     }
 
     /* Associate a session with this process */
     Status = SmpSetProcessMuSessionId(ProcessInfo->ProcessHandle, MuSessionId);
 
     /* If the application is deferred (suspended), there's nothing to do */
     if (Flags & SMP_DEFERRED_FLAG) return Status;
 
     /* Otherwise, get ready to start it, but make sure it's a native app */
     if (ProcessInfo->ImageInformation.SubSystemType == IMAGE_SUBSYSTEM_NATIVE)
     {
         /* Resume it */
         NtResumeThread(ProcessInfo->ThreadHandle, NULL);
         if (!(Flags & SMP_ASYNC_FLAG))
         {
             /* Block on it unless Async was requested */
             NtWaitForSingleObject(ProcessInfo->ThreadHandle, FALSE, NULL);
         }
 
         /* It's up and running now, close our handles */
         NtClose(ProcessInfo->ThreadHandle);
         NtClose(ProcessInfo->ProcessHandle);
     }
     else
     {
         /* This image is invalid, so kill it, close our handles, and fail */
         Status = STATUS_INVALID_IMAGE_FORMAT;
         NtTerminateProcess(ProcessInfo->ProcessHandle, Status);
         NtWaitForSingleObject(ProcessInfo->ThreadHandle, 0, 0);
         NtClose(ProcessInfo->ThreadHandle);
         NtClose(ProcessInfo->ProcessHandle);
         DPRINT1("SMSS: Not an NT image - %wZ\n", FileName);
     }
 
     /* Return the outcome of the process create */
     return Status;
 }

Referenced by SmpExecuteCommand(), SmpExecuteInitialCommand(), SmpInvokeAutoChk(), and SmpLoadSubSystem().

◆ SmpExecuteInitialCommand()

NTSTATUS NTAPI SmpExecuteInitialCommand	(	IN ULONG	MuSessionId,
		IN PUNICODE_STRING	InitialCommand,
		IN HANDLE	InitialCommandProcess,
		OUT PHANDLE	ReturnPid
	)

Definition at line 294 of file smss.c.

 {
     NTSTATUS Status;
     RTL_USER_PROCESS_INFORMATION ProcessInfo;
     UNICODE_STRING Arguments, ImageFileDirectory, ImageFileName;
     ULONG Flags = 0;
 
     /* Check if we haven't yet connected to ourselves */
     if (!SmApiPort)
     {
         /* Connect to ourselves, as a client */
         Status = SmConnectToSm(NULL, NULL, 0, &SmApiPort);
         if (!NT_SUCCESS(Status))
         {
             DPRINT1("SMSS: Unable to connect to SM - Status == %lx\n", Status);
             return Status;
         }
     }
 
     /* Parse the initial command line */
     Status = SmpParseCommandLine(InitialCommand,
                                  &Flags,
                                  &ImageFileName,
                                  &ImageFileDirectory,
                                  &Arguments);
     if (Flags & SMP_INVALID_PATH)
     {
         /* Fail if it doesn't exist */
         DPRINT1("SMSS: Initial command image (%wZ) not found\n", &ImageFileName);
         if (ImageFileName.Buffer) RtlFreeHeap(RtlGetProcessHeap(), 0, ImageFileName.Buffer);
         return STATUS_OBJECT_NAME_NOT_FOUND;
     }
 
     /* And fail if any other reason is also true */
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("SMSS: SmpParseCommandLine( %wZ ) failed - Status == %lx\n",
                 InitialCommand, Status);
         return Status;
     }
 
     /* Execute the initial command -- but defer its full execution */
     Status = SmpExecuteImage(&ImageFileName,
                              &ImageFileDirectory,
                              InitialCommand,
                              MuSessionId,
                              SMP_DEFERRED_FLAG,
                              &ProcessInfo);
 
     /* Free any buffers we had lying around */
     if (ImageFileName.Buffer)
     {
         RtlFreeHeap(RtlGetProcessHeap(), 0, ImageFileName.Buffer);
     }
     if (ImageFileDirectory.Buffer)
     {
         RtlFreeHeap(RtlGetProcessHeap(), 0, ImageFileDirectory.Buffer);
     }
     if (Arguments.Buffer) RtlFreeHeap(RtlGetProcessHeap(), 0, Arguments.Buffer);
 
     /* Bail out if we couldn't execute the initial command */
     if (!NT_SUCCESS(Status)) return Status;
 
     /* Now duplicate the handle to this process */
     Status = NtDuplicateObject(NtCurrentProcess(),
                                ProcessInfo.ProcessHandle,
                                NtCurrentProcess(),
                                InitialCommandProcess,
                                PROCESS_ALL_ACCESS,
                                0,
                                0);
     if (!NT_SUCCESS(Status))
     {
         /* Kill it utterly if duplication failed */
         DPRINT1("SMSS: DupObject Failed. Status == %lx\n", Status);
         NtTerminateProcess(ProcessInfo.ProcessHandle, Status);
         NtResumeThread(ProcessInfo.ThreadHandle, NULL);
         NtClose(ProcessInfo.ThreadHandle);
         NtClose(ProcessInfo.ProcessHandle);
         return Status;
     }
 
     /* Return PID to the caller, and set this as the initial command PID */
     if (ReturnPid) *ReturnPid = ProcessInfo.ClientId.UniqueProcess;
     if (!MuSessionId) SmpInitialCommandProcessId = ProcessInfo.ClientId.UniqueProcess;
 
     /* Now call our server execution function to wrap up its initialization */
     Status = SmExecPgm(SmApiPort, &ProcessInfo, FALSE);
     if (!NT_SUCCESS(Status)) DPRINT1("SMSS: SmExecPgm Failed. Status == %lx\n", Status);
     return Status;
 }

Referenced by _main(), and SmpStartCsr().

◆ SmpGetProcessMuSessionId()

NTSTATUS NTAPI SmpGetProcessMuSessionId	(	IN HANDLE	ProcessHandle,
		OUT PULONG	SessionId
	)

Definition at line 168 of file smsessn.c.

 {
     NTSTATUS Status;
     ULONG ProcessSession;
 
     /* Query the kernel for the session ID */
     Status = NtQueryInformationProcess(ProcessHandle,
                                        ProcessSessionInformation,
                                        &ProcessSession,
                                        sizeof(ProcessSession),
                                        NULL);
     if (NT_SUCCESS(Status))
     {
         /* Copy it back into the buffer */
         *SessionId = ProcessSession;
     }
     else
     {
         /* Failure -- assume session zero */
         DPRINT1("SMSS: GetProcessMuSessionId, Process=%p, Status=%x\n",
                 ProcessHandle, Status);
         *SessionId = 0;
     }
 
     /* Return result */
     return Status;
 }

Referenced by SmpHandleConnectionRequest(), and SmpSbCreateSession().

◆ SmpInit()

NTSTATUS NTAPI SmpInit	(	IN PUNICODE_STRING	InitialCommand,
		OUT PHANDLE	ProcessHandle
	)

Definition at line 2423 of file sminit.c.

 {
     NTSTATUS Status, Status2;
     OBJECT_ATTRIBUTES ObjectAttributes;
     UNICODE_STRING PortName, EventName;
     HANDLE EventHandle, PortHandle;
     ULONG HardErrorMode;
 
     /* Create the SMSS Heap */
     SmBaseTag = RtlCreateTagHeap(RtlGetProcessHeap(),
                                  0,
                                  L"SMSS!",
                                  L"INIT");
     SmpHeap = RtlGetProcessHeap();
 
     /* Enable hard errors */
     HardErrorMode = TRUE;
     NtSetInformationProcess(NtCurrentProcess(),
                             ProcessDefaultHardErrorMode,
                             &HardErrorMode,
                             sizeof(HardErrorMode));
 
     /* Initialize the subsystem list and the session list, plus their locks */
     RtlInitializeCriticalSection(&SmpKnownSubSysLock);
     InitializeListHead(&SmpKnownSubSysHead);
     RtlInitializeCriticalSection(&SmpSessionListLock);
     InitializeListHead(&SmpSessionListHead);
 
     /* Initialize the process list */
     InitializeListHead(&NativeProcessList);
 
     /* Initialize session parameters */
     SmpNextSessionId = 1;
     SmpNextSessionIdScanMode = 0;
     SmpDbgSsLoaded = FALSE;
 
     /* Create the initial security descriptors */
     Status = SmpCreateSecurityDescriptors(TRUE);
     if (!NT_SUCCESS(Status))
     {
         /* Fail */
         SMSS_CHECKPOINT(SmpCreateSecurityDescriptors, Status);
         return Status;
     }
 
     /* Initialize subsystem names */
     RtlInitUnicodeString(&SmpSubsystemName, L"NT-Session Manager");
     RtlInitUnicodeString(&PosixName, L"POSIX");
     RtlInitUnicodeString(&Os2Name, L"OS2");
 
     /* Create the SM API Port */
     RtlInitUnicodeString(&PortName, L"\\SmApiPort");
     InitializeObjectAttributes(&ObjectAttributes, &PortName, 0, NULL, SmpApiPortSecurityDescriptor);
     Status = NtCreatePort(&PortHandle,
                           &ObjectAttributes,
                           sizeof(SB_CONNECTION_INFO),
                           sizeof(SM_API_MSG),
                           sizeof(SB_API_MSG) * 32);
     ASSERT(NT_SUCCESS(Status));
     SmpDebugPort = PortHandle;
 
     /* Create two SM API threads */
     Status = RtlCreateUserThread(NtCurrentProcess(),
                                  NULL,
                                  FALSE,
                                  0,
                                  0,
                                  0,
                                  SmpApiLoop,
                                  PortHandle,
                                  NULL,
                                  NULL);
     ASSERT(NT_SUCCESS(Status));
     Status = RtlCreateUserThread(NtCurrentProcess(),
                                  NULL,
                                  FALSE,
                                  0,
                                  0,
                                  0,
                                  SmpApiLoop,
                                  PortHandle,
                                  NULL,
                                  NULL);
     ASSERT(NT_SUCCESS(Status));
 
     /* Create the write event that autochk can set after running */
     RtlInitUnicodeString(&EventName, L"\\Device\\VolumesSafeForWriteAccess");
     InitializeObjectAttributes(&ObjectAttributes,
                                &EventName,
                                OBJ_PERMANENT,
                                NULL,
                                NULL);
     Status2 = NtCreateEvent(&EventHandle,
                             EVENT_ALL_ACCESS,
                             &ObjectAttributes,
                             0,
                             0);
     if (!NT_SUCCESS(Status2))
     {
         /* Should never really fail */
         DPRINT1("SMSS: Unable to create %wZ event - Status == %lx\n",
                 &EventName, Status2);
         ASSERT(NT_SUCCESS(Status2));
     }
 
     /* Now initialize everything else based on the registry parameters */
     Status = SmpLoadDataFromRegistry(InitialCommand);
     if (NT_SUCCESS(Status))
     {
         /* Autochk should've run now. Set the event and save the CSRSS handle */
         *ProcessHandle = SmpWindowsSubSysProcess;
         NtSetEvent(EventHandle, 0);
         NtClose(EventHandle);
     }
 
     /* All done */
     return Status;
 }

Referenced by _main().

◆ SmpLoadSubSystem()

NTSTATUS NTAPI SmpLoadSubSystem	(	IN PUNICODE_STRING	FileName,
		IN PUNICODE_STRING	Directory,
		IN PUNICODE_STRING	CommandLine,
		IN ULONG	MuSessionId,
		OUT PHANDLE	ProcessId,
		IN ULONG	Flags
	)

Definition at line 138 of file smsubsys.c.

 {
     PSMP_SUBSYSTEM Subsystem, NewSubsystem, KnownSubsystem = NULL;
     HANDLE SubSysProcessId;
     NTSTATUS Status = STATUS_SUCCESS;
     SB_API_MSG SbApiMsg, SbApiMsg2;
     RTL_USER_PROCESS_INFORMATION ProcessInformation;
     LARGE_INTEGER Timeout;
     PVOID State;
     PSB_CREATE_PROCESS_MSG CreateProcess = &SbApiMsg.CreateProcess;
     PSB_CREATE_SESSION_MSG CreateSession = &SbApiMsg.CreateSession;
 
     /* Make sure this is a found subsystem */
     if (Flags & SMP_INVALID_PATH)
     {
         DPRINT1("SMSS: Unable to find subsystem - %wZ\n", FileName);
         return STATUS_OBJECT_NAME_NOT_FOUND;
     }
 
     /* Don't use a session if the flag is set */
     if (Flags & 0x80) MuSessionId = 0;
 
     /* Lock the subsystems while we do a look up */
     RtlEnterCriticalSection(&SmpKnownSubSysLock);
     while (TRUE)
     {
         /* Check if we found a subsystem not yet fully initialized */
         Subsystem = SmpLocateKnownSubSysByType(MuSessionId, -1);
         if (!Subsystem) break;
         RtlLeaveCriticalSection(&SmpKnownSubSysLock);
 
         /* Wait on it to initialize */
         NtWaitForSingleObject(Subsystem->Event, FALSE, NULL);
 
         /* Dereference it and try the next one */
         RtlEnterCriticalSection(&SmpKnownSubSysLock);
         SmpDereferenceSubsystem(Subsystem);
     }
 
     /* Check if this is a POSIX subsystem */
     if (Flags & SMP_POSIX_FLAG)
     {
         /* Do we already have it? */
         Subsystem = SmpLocateKnownSubSysByType(MuSessionId, IMAGE_SUBSYSTEM_POSIX_CUI);
     }
     else if (Flags & SMP_OS2_FLAG)
     {
         /* This is an OS/2 subsystem, do we we already have it? */
         Subsystem = SmpLocateKnownSubSysByType(MuSessionId, IMAGE_SUBSYSTEM_OS2_CUI);
     }
 
     /* Check if we already have one of the optional subsystems for the session */
     if (Subsystem)
     {
         /* Dereference and return, no work to do */
         SmpDereferenceSubsystem(Subsystem);
         RtlLeaveCriticalSection(&SmpKnownSubSysLock);
         return STATUS_SUCCESS;
     }
 
     /* Allocate a new subsystem! */
     NewSubsystem = RtlAllocateHeap(SmpHeap, SmBaseTag, sizeof(SMP_SUBSYSTEM));
     if (!NewSubsystem)
     {
         RtlLeaveCriticalSection(&SmpKnownSubSysLock);
         return STATUS_NO_MEMORY;
     }
 
     /* Initialize its header and reference count */
     NewSubsystem->ReferenceCount = 1;
     NewSubsystem->MuSessionId = MuSessionId;
     NewSubsystem->ImageType = -1;
 
     /* Clear out all the other data for now */
     NewSubsystem->Terminating = FALSE;
     NewSubsystem->ProcessHandle = NULL;
     NewSubsystem->Event = NULL;
     NewSubsystem->PortHandle = NULL;
     NewSubsystem->SbApiPort = NULL;
 
     /* Create the event we'll be waiting on for initialization */
     Status = NtCreateEvent(&NewSubsystem->Event,
                            EVENT_ALL_ACCESS,
                            NULL,
                            NotificationEvent,
                            FALSE);
     if (!NT_SUCCESS(Status))
     {
         /* This failed, bail out */
         RtlFreeHeap(SmpHeap, 0, NewSubsystem);
         RtlLeaveCriticalSection(&SmpKnownSubSysLock);
         return STATUS_NO_MEMORY;
     }
 
     /* Insert the subsystem and release the lock. It can now be found */
     InsertTailList(&SmpKnownSubSysHead, &NewSubsystem->Entry);
     RtlLeaveCriticalSection(&SmpKnownSubSysLock);
 
     /* The OS/2 and POSIX subsystems are actually Windows applications! */
     if (Flags & (SMP_POSIX_FLAG | SMP_OS2_FLAG))
     {
         /* Locate the Windows subsystem for this session */
         KnownSubsystem = SmpLocateKnownSubSysByType(MuSessionId,
                                                     IMAGE_SUBSYSTEM_WINDOWS_GUI);
         if (!KnownSubsystem)
         {
             DPRINT1("SMSS: SmpLoadSubSystem - SmpLocateKnownSubSysByType Failed\n");
             goto Quickie2;
         }
 
         /* Fill out all the process details and call CSRSS to launch it */
         CreateProcess->In.ImageName = FileName;
         CreateProcess->In.CurrentDirectory = Directory;
         CreateProcess->In.CommandLine = CommandLine;
         CreateProcess->In.DllPath = SmpDefaultLibPath.Length ?
                                     &SmpDefaultLibPath : NULL;
         CreateProcess->In.Flags = Flags | SMP_DEFERRED_FLAG;
         CreateProcess->In.DebugFlags = SmpDebug;
         Status = SmpCallCsrCreateProcess(&SbApiMsg,
                                          sizeof(*CreateProcess),
                                          KnownSubsystem->SbApiPort);
         if (!NT_SUCCESS(Status))
         {
             /* Handle failures */
             DPRINT1("SMSS: SmpLoadSubSystem - SmpCallCsrCreateProcess Failed with  Status %lx\n",
                     Status);
             goto Quickie2;
         }
 
         /* Save the process information we'll need for the create session */
         ProcessInformation.ProcessHandle = CreateProcess->Out.ProcessHandle;
         ProcessInformation.ThreadHandle = CreateProcess->Out.ThreadHandle;
         ProcessInformation.ClientId = CreateProcess->Out.ClientId;
         ProcessInformation.ImageInformation.SubSystemType = CreateProcess->Out.SubsystemType;
     }
     else
     {
         /* This must be CSRSS itself, so just launch it and that's it */
         Status = SmpExecuteImage(FileName,
                                  Directory,
                                  CommandLine,
                                  MuSessionId,
                                  Flags | SMP_DEFERRED_FLAG,
                                  &ProcessInformation);
         if (!NT_SUCCESS(Status))
         {
             /* Handle failures */
             DPRINT1("SMSS: SmpLoadSubSystem - SmpExecuteImage Failed with  Status %lx\n",
                     Status);
             goto Quickie2;
         }
     }
 
     /* Fill out the handle and client ID in the subsystem structure now */
     NewSubsystem->ProcessHandle = ProcessInformation.ProcessHandle;
     NewSubsystem->ClientId = ProcessInformation.ClientId;
 
     /* Check if we launched a native image or a subsystem-backed image */
     if (ProcessInformation.ImageInformation.SubSystemType == IMAGE_SUBSYSTEM_NATIVE)
     {
         /* This must be CSRSS itself, since it's a native subsystem image */
         SubSysProcessId = ProcessInformation.ClientId.UniqueProcess;
         if ((ProcessId) && !(*ProcessId)) *ProcessId = SubSysProcessId;
 
         /* Was this the initial CSRSS on Session 0? */
         if (!MuSessionId)
         {
             /* Then save it in the global variables */
             SmpWindowsSubSysProcessId = SubSysProcessId;
             SmpWindowsSubSysProcess = ProcessInformation.ProcessHandle;
         }
         ASSERT(NT_SUCCESS(Status));
     }
     else
     {
         /* This is the POSIX or OS/2 subsystem process, copy its information */
         RtlCopyMemory(&CreateSession->ProcessInfo,
                       &ProcessInformation,
                       sizeof(CreateSession->ProcessInfo));
 
         /* Not sure these field mean what I think they do -- but clear them */
         *(PULONGLONG)&CreateSession->ClientId = 0;
         CreateSession->MuSessionId = 0;
 
         /* This should find CSRSS because they are POSIX or OS/2 subsystems */
         Subsystem = SmpLocateKnownSubSysByType(MuSessionId,
                                                ProcessInformation.ImageInformation.SubSystemType);
         if (!Subsystem)
         {
             /* Odd failure -- but handle it anyway */
             Status = STATUS_NO_SUCH_PACKAGE;
             DPRINT1("SMSS: SmpLoadSubSystem - SmpLocateKnownSubSysByType Failed with  Status %lx for sessionid %lu\n",
                     Status,
                     MuSessionId);
             goto Quickie;
         }
 
         /* Duplicate the parent process handle for the subsystem to have */
         Status = NtDuplicateObject(NtCurrentProcess(),
                                    ProcessInformation.ProcessHandle,
                                    Subsystem->ProcessHandle,
                                    &CreateSession->ProcessInfo.ProcessHandle,
                                    PROCESS_ALL_ACCESS,
                                    0,
                                    0);
         if (!NT_SUCCESS(Status))
         {
             /* Fail since this is critical */
             DPRINT1("SMSS: SmpLoadSubSystem - NtDuplicateObject Failed with  Status %lx for sessionid %lu\n",
                     Status,
                     MuSessionId);
             goto Quickie;
         }
 
         /* Duplicate the initial thread handle for the subsystem to have */
         Status = NtDuplicateObject(NtCurrentProcess(),
                                    ProcessInformation.ThreadHandle,
                                    Subsystem->ProcessHandle,
                                    &CreateSession->ProcessInfo.ThreadHandle,
                                    THREAD_ALL_ACCESS,
                                    0,
                                    0);
         if (!NT_SUCCESS(Status))
         {
             /* Fail since this is critical */
             DPRINT1("SMSS: SmpLoadSubSystem - NtDuplicateObject Failed with  Status %lx for sessionid %lu\n",
                     Status,
                     MuSessionId);
             goto Quickie;
         }
 
         /* Allocate an internal Session ID for this subsystem */
         MuSessionId = SmpAllocateSessionId(Subsystem, 0);
         CreateSession->SessionId = MuSessionId;
 
         /* Send the create session message to the subsystem */
         SbApiMsg2.ReturnValue = STATUS_SUCCESS;
         SbApiMsg2.h.u2.ZeroInit = 0;
         SbApiMsg2.h.u1.s1.DataLength = sizeof(SB_CREATE_SESSION_MSG) + 8;
         SbApiMsg2.h.u1.s1.TotalLength = sizeof(SB_API_MSG);
         Status = NtRequestWaitReplyPort(Subsystem->SbApiPort,
                                         &SbApiMsg2.h,
                                         &SbApiMsg2.h);
         if (NT_SUCCESS(Status)) Status = SbApiMsg2.ReturnValue;
         if (!NT_SUCCESS(Status))
         {
             /* Delete the session and handle failure if the LPC call failed */
             SmpDeleteSession(CreateSession->SessionId);
             DPRINT1("SMSS: SmpLoadSubSystem - NtRequestWaitReplyPort Failed with  Status %lx for sessionid %lu\n",
                     Status,
                     CreateSession->SessionId);
             goto Quickie;
         }
     }
 
     /* Okay, everything looks good to go, initialize this subsystem now! */
     Status = NtResumeThread(ProcessInformation.ThreadHandle, NULL);
     if (!NT_SUCCESS(Status))
     {
         /* That didn't work -- back out of everything */
         DPRINT1("SMSS: SmpLoadSubSystem - NtResumeThread failed Status %lx\n", Status);
         goto Quickie;
     }
 
     /* Check if this was the subsystem for a different session */
     if (MuSessionId)
     {
         /* Wait up to 60 seconds for it to initialize */
         Timeout.QuadPart = -600000000;
         Status = NtWaitForSingleObject(NewSubsystem->Event, FALSE, &Timeout);
 
         /* Timeout is done -- does this session still exist? */
         if (!SmpCheckDuplicateMuSessionId(MuSessionId))
         {
             /* Nope, it died. Cleanup should've ocurred in a different path. */
             DPRINT1("SMSS: SmpLoadSubSystem - session deleted\n");
             return STATUS_DELETE_PENDING;
         }
 
         /* Check if we timed our or there was another error with the wait */
         if (Status != STATUS_WAIT_0)
         {
             /* Something is wrong with the subsystem, so back out of everything */
             DPRINT1("SMSS: SmpLoadSubSystem - Timeout waiting for subsystem connect with Status %lx for sessionid %lu\n",
                     Status,
                     MuSessionId);
             goto Quickie;
         }
     }
     else
     {
         /* This a session 0 subsystem, just wait for it to initialize */
         NtWaitForSingleObject(NewSubsystem->Event, FALSE, NULL);
     }
 
     /* Subsystem is created, resumed, and initialized. Close handles and exit */
     NtClose(ProcessInformation.ThreadHandle);
     Status = STATUS_SUCCESS;
     goto Quickie2;
 
 Quickie:
     /* This is the failure path. First check if we need to detach from session */
     if ((AttachedSessionId == -1) || (Flags & (SMP_POSIX_FLAG | SMP_OS2_FLAG)))
     {
         /* We were not attached, or did not launch subsystems that required it */
         DPRINT1("SMSS: Did not detach from Session Space: SessionId=%x Flags=%x Status=%x\n",
                 AttachedSessionId,
                 Flags | SMP_DEFERRED_FLAG,
                 Status);
     }
     else
     {
         /* Get the privilege we need for detachment */
         Status = SmpAcquirePrivilege(SE_LOAD_DRIVER_PRIVILEGE, &State);
         if (!NT_SUCCESS(Status))
         {
             /* We can't detach without it */
             DPRINT1("SMSS: Did not detach from Session Space: SessionId=%x Flags=%x Status=%x\n",
                     AttachedSessionId,
                     Flags | SMP_DEFERRED_FLAG,
                     Status);
         }
         else
         {
             /* Now detach from the session */
             Status = NtSetSystemInformation(SystemSessionDetach,
                                             &AttachedSessionId,
                                             sizeof(AttachedSessionId));
             if (!NT_SUCCESS(Status))
             {
                 /* Failed to detach. Note the DPRINT1 has a typo in Windows */
                 DPRINT1("SMSS: SmpStartCsr, Couldn't Detach from Session Space. Status=%x\n", Status);
                 ASSERT(NT_SUCCESS(Status));
             }
             else
             {
                 /* Detachment worked, reset our attached session ID */
                 AttachedSessionId = -1;
             }
 
             /* And release the privilege we acquired */
             SmpReleasePrivilege(State);
         }
     }
 
     /* Since this is the failure path, terminate the subsystem process */
     NtTerminateProcess(ProcessInformation.ProcessHandle, Status);
     NtClose(ProcessInformation.ThreadHandle);
 
 Quickie2:
     /* This is the cleanup path -- first dereference our subsystems */
     RtlEnterCriticalSection(&SmpKnownSubSysLock);
     if (Subsystem) SmpDereferenceSubsystem(Subsystem);
     if (KnownSubsystem) SmpDereferenceSubsystem(KnownSubsystem);
 
     /* In the failure case, destroy the new subsystem we just created */
     if (!NT_SUCCESS(Status))
     {
         RemoveEntryList(&NewSubsystem->Entry);
         NtSetEvent(NewSubsystem->Event, 0);
         SmpDereferenceSubsystem(NewSubsystem);
     }
 
     /* Finally, we're all done! */
     RtlLeaveCriticalSection(&SmpKnownSubSysLock);
     return Status;
 }

Referenced by SmpExecuteCommand().

◆ SmpLoadSubSystemsForMuSession()

NTSTATUS NTAPI SmpLoadSubSystemsForMuSession	(	IN PULONG	MuSessionId,
		OUT PHANDLE	ProcessId,
		IN PUNICODE_STRING	InitialCommand
	)

Definition at line 513 of file smsubsys.c.

 {
     NTSTATUS Status = STATUS_SUCCESS, Status2;
     PSMP_REGISTRY_VALUE RegEntry;
     UNICODE_STRING DestinationString, NtPath;
     PLIST_ENTRY NextEntry;
     LARGE_INTEGER Timeout;
     PVOID State;
 
     /* Write a few last registry keys with the boot partition information */
     SmpTranslateSystemPartitionInformation();
 
     /* Process "SetupExecute" values */
     NextEntry = SmpSetupExecuteList.Flink;
     while (NextEntry != &SmpSetupExecuteList)
     {
         /* Execute each one and move on */
         RegEntry = CONTAINING_RECORD(NextEntry, SMP_REGISTRY_VALUE, Entry);
         SmpExecuteCommand(&RegEntry->Name, 0, NULL, 0);
         NextEntry = NextEntry->Flink;
     }
 
     /* Now process the subsystems */
     NextEntry = SmpSubSystemList.Flink;
     while (NextEntry != &SmpSubSystemList)
     {
         /* Get the entry and check if this is the special Win32k entry */
         RegEntry = CONTAINING_RECORD(NextEntry, SMP_REGISTRY_VALUE, Entry);
         if (_wcsicmp(RegEntry->Name.Buffer, L"Kmode") == 0)
         {
             /* Translate it */
             if (!RtlDosPathNameToNtPathName_U(RegEntry->Value.Buffer,
                                               &NtPath,
                                               NULL,
                                               NULL))
             {
                 Status = STATUS_OBJECT_PATH_SYNTAX_BAD;
                 DPRINT1("Failed: %lx\n", Status);
             }
             else
             {
                 /* Get the driver privilege */
                 Status = SmpAcquirePrivilege(SE_LOAD_DRIVER_PRIVILEGE, &State);
                 if (NT_SUCCESS(Status))
                 {
                     /* Create the new session */
                     ASSERT(AttachedSessionId == -1);
                     Status = NtSetSystemInformation(SystemSessionCreate,
                                                     MuSessionId,
                                                     sizeof(*MuSessionId));
                     if (!NT_SUCCESS(Status))
                     {
                         DPRINT1("SMSS: Session space creation failed\n");
                         SmpReleasePrivilege(State);
                         RtlFreeHeap(RtlGetProcessHeap(), 0, NtPath.Buffer);
                         return Status;
                     }
                     AttachedSessionId = *MuSessionId;
 
                     /*
                      * Start Win32k.sys on this session. Use a hardcoded value
                      * instead of the Kmode one...
                      */
                     RtlInitUnicodeString(&DestinationString,
                                          L"\\SystemRoot\\System32\\win32k.sys");
                     Status = NtSetSystemInformation(SystemExtendServiceTableInformation,
                                                     &DestinationString,
                                                     sizeof(DestinationString));
                     RtlFreeHeap(RtlGetProcessHeap(), 0, NtPath.Buffer);
                     SmpReleasePrivilege(State);
                     if (!NT_SUCCESS(Status))
                     {
                         DPRINT1("SMSS: Load of WIN32K failed.\n");
                         return Status;
                     }
                 }
             }
         }
 
         /* Next entry */
         NextEntry = NextEntry->Flink;
     }
 
     /* Now parse the required subsystem list */
     NextEntry = SmpSubSystemsToLoad.Flink;
     while (NextEntry != &SmpSubSystemsToLoad)
     {
         /* Get each entry and check if it's the internal debug or not */
         RegEntry = CONTAINING_RECORD(NextEntry, SMP_REGISTRY_VALUE, Entry);
         if (_wcsicmp(RegEntry->Name.Buffer, L"Debug") == 0)
         {
             /* Load the internal debug system */
             Status = SmpExecuteCommand(&RegEntry->Value,
                                        *MuSessionId,
                                        ProcessId,
                                        SMP_DEBUG_FLAG | SMP_SUBSYSTEM_FLAG);
         }
         else
         {
             /* Load the required subsystem */
             Status = SmpExecuteCommand(&RegEntry->Value,
                                        *MuSessionId,
                                        ProcessId,
                                        SMP_SUBSYSTEM_FLAG);
         }
         if (!NT_SUCCESS(Status))
         {
             DbgPrint("SMSS: Subsystem execute failed (%wZ)\n", &RegEntry->Value);
             return Status;
         }
 
         /* Move to the next entry */
         NextEntry = NextEntry->Flink;
     }
 
     /* Process the "Execute" list now */
     NextEntry = SmpExecuteList.Blink;
     if (NextEntry != &SmpExecuteList)
     {
         /* Get the custom initial command */
         RegEntry = CONTAINING_RECORD(NextEntry, SMP_REGISTRY_VALUE, Entry);
 
         /* Write the initial command and wait for 5 seconds (why??!) */
         *InitialCommand = RegEntry->Name;
         Timeout.QuadPart = -50000000;
         NtDelayExecution(FALSE, &Timeout);
     }
     else
     {
         /* Use the default Winlogon initial command */
         RtlInitUnicodeString(InitialCommand, L"winlogon.exe");
         InitialCommandBuffer[0] = UNICODE_NULL;
 
         /* Check if there's a debugger for Winlogon */
         Status2 = LdrQueryImageFileExecutionOptions(InitialCommand,
                                                     L"Debugger",
                                                     REG_SZ,
                                                     InitialCommandBuffer,
                                                     sizeof(InitialCommandBuffer) -
                                                     InitialCommand->Length,
                                                     NULL);
         if ((NT_SUCCESS(Status2)) && (InitialCommandBuffer[0]))
         {
             /* Put the debugger string with the Winlogon string */
             RtlStringCbCatW(InitialCommandBuffer, sizeof(InitialCommandBuffer), L" ");
             RtlStringCbCatW(InitialCommandBuffer, sizeof(InitialCommandBuffer), InitialCommand->Buffer);
             RtlInitUnicodeString(InitialCommand, InitialCommandBuffer);
         }
     }
 
     /* Finally check if there was a custom initial command */
     NextEntry = SmpExecuteList.Flink;
     while (NextEntry != &SmpExecuteList)
     {
         /* Execute each one */
         RegEntry = CONTAINING_RECORD(NextEntry, SMP_REGISTRY_VALUE, Entry);
         SmpExecuteCommand(&RegEntry->Name, *MuSessionId, NULL, 0);
         NextEntry = NextEntry->Flink;
     }
 
     /* Return status */
     return Status;
 }

Referenced by SmpLoadDataFromRegistry(), and SmpStartCsr().

◆ SmpLocateKnownSubSysByCid()

PSMP_SUBSYSTEM NTAPI SmpLocateKnownSubSysByCid ( IN PCLIENT_ID ClientId )

Definition at line 68 of file smsubsys.c.

 {
     PSMP_SUBSYSTEM Subsystem = NULL;
     PLIST_ENTRY NextEntry;
 
     /* Lock the subsystem database */
     RtlEnterCriticalSection(&SmpKnownSubSysLock);
 
     /* Loop each subsystem in the database */
     NextEntry = SmpKnownSubSysHead.Flink;
     while (NextEntry != &SmpKnownSubSysHead)
     {
         /* Check if this one matches the client ID and is still valid */
         Subsystem = CONTAINING_RECORD(NextEntry, SMP_SUBSYSTEM, Entry);
         if ((*(PULONGLONG)&Subsystem->ClientId == *(PULONGLONG)ClientId) &&
             !(Subsystem->Terminating))
         {
             /* Add a reference and return it */
             Subsystem->ReferenceCount++;
             break;
         }
 
         /* Reset the current pointer and keep earching */
         Subsystem = NULL;
         NextEntry = NextEntry->Flink;
     }
 
     /* Release the lock and return the subsystem we found */
     RtlLeaveCriticalSection(&SmpKnownSubSysLock);
     return Subsystem;
 }

Referenced by SmpHandleConnectionRequest().

◆ SmpLocateKnownSubSysByType()

PSMP_SUBSYSTEM NTAPI SmpLocateKnownSubSysByType	(	IN ULONG	MuSessionId,
		IN ULONG	ImageType
	)

Definition at line 102 of file smsubsys.c.

 {
     PSMP_SUBSYSTEM Subsystem = NULL;
     PLIST_ENTRY NextEntry;
 
     /* Lock the subsystem database */
     RtlEnterCriticalSection(&SmpKnownSubSysLock);
 
     /* Loop each subsystem in the database */
     NextEntry = SmpKnownSubSysHead.Flink;
     while (NextEntry != &SmpKnownSubSysHead)
     {
         /* Check if this one matches the image and uID, and is still valid */
         Subsystem = CONTAINING_RECORD(NextEntry, SMP_SUBSYSTEM, Entry);
         if ((Subsystem->ImageType == ImageType) &&
             !(Subsystem->Terminating) &&
             (Subsystem->MuSessionId == MuSessionId))
         {
             /* Return it referenced for the caller */
             Subsystem->ReferenceCount++;
             break;
         }
 
         /* Reset the current pointer and keep earching */
         Subsystem = NULL;
         NextEntry = NextEntry->Flink;
     }
 
     /* Release the lock and return the subsystem we found */
     RtlLeaveCriticalSection(&SmpKnownSubSysLock);
     return Subsystem;
 }

Referenced by SmpHandleConnectionRequest(), SmpLoadSubSystem(), and SmpSbCreateSession().

◆ SmpPagingFileInitialize()

VOID NTAPI SmpPagingFileInitialize ( VOID )

Definition at line 75 of file pagefile.c.

 {
     /* Initialize the two lists */
     InitializeListHead(&SmpPagingFileDescriptorList);
     InitializeListHead(&SmpVolumeDescriptorList);
 }

Referenced by SmpLoadDataFromRegistry().

◆ SmpParseCommandLine()

NTSTATUS NTAPI SmpParseCommandLine	(	IN PUNICODE_STRING	CommandLine,
		OUT PULONG	Flags,
		OUT PUNICODE_STRING	FileName,
		OUT PUNICODE_STRING	Directory,
		OUT PUNICODE_STRING	Arguments
	)

Definition at line 233 of file smutil.c.

 {
     ULONG Length;
     UNICODE_STRING EnvString, PathString, CmdLineCopy, Token;
     WCHAR PathBuffer[MAX_PATH];
     PWCHAR FilePart;
     NTSTATUS Status;
     UNICODE_STRING FullPathString;
 
     /* Initialize output arguments to NULL */
     RtlInitUnicodeString(FileName, NULL);
     RtlInitUnicodeString(Arguments, NULL);
     if (Directory) RtlInitUnicodeString(Directory, NULL);
 
     /* Check if we haven't yet built a full default path or system root yet */
     if (!SmpSystemRoot.Length)
     {
         /* Initialize it based on shared user data string */
         RtlInitUnicodeString(&SmpSystemRoot, SharedUserData->NtSystemRoot);
 
         /* Allocate an empty string for the path */
         Length = SmpDefaultLibPath.MaximumLength + SmpSystemRoot.MaximumLength +
                  sizeof(L"\\system32;");
         RtlInitEmptyUnicodeString(&FullPathString,
                                   RtlAllocateHeap(SmpHeap, SmBaseTag, Length),
                                   (USHORT)Length);
         if (FullPathString.Buffer)
         {
             /* Append the root, system32;, and then the current library path */
             RtlAppendUnicodeStringToString(&FullPathString, &SmpSystemRoot);
             RtlAppendUnicodeToString(&FullPathString, L"\\system32;");
             RtlAppendUnicodeStringToString(&FullPathString, &SmpDefaultLibPath);
             RtlFreeHeap(SmpHeap, 0, SmpDefaultLibPath.Buffer);
             SmpDefaultLibPath = FullPathString;
         }
     }
 
     /* Consume the command line */
     CmdLineCopy = *CommandLine;
     while (TRUE)
     {
         /* Parse the first token and check for modifiers/specifiers */
         Status = SmpParseToken(&CmdLineCopy, FALSE, &Token);
         if (!(NT_SUCCESS(Status)) || !(Token.Buffer)) return STATUS_UNSUCCESSFUL;
         if (!Flags) break;
 
         /* Debug requested? */
         if (RtlEqualUnicodeString(&Token, &SmpDebugKeyword, TRUE))
         {
             /* Convert into a flag */
             *Flags |= SMP_DEBUG_FLAG;
         }
         else if (RtlEqualUnicodeString(&Token, &SmpASyncKeyword, TRUE))
         {
             /* Asynch requested, convert into a flag */
             *Flags |= SMP_ASYNC_FLAG;
         }
         else if (RtlEqualUnicodeString(&Token, &SmpAutoChkKeyword, TRUE))
         {
             /* Autochk requested, convert into a flag */
             *Flags |= SMP_AUTOCHK_FLAG;
         }
         else
         {
             /* No specifier found, keep going */
             break;
         }
 
         /* Get rid of this token and get the next */
         RtlFreeHeap(SmpHeap, 0, Token.Buffer);
     }
 
     /* Initialize a string to hold the current path */
     RtlInitUnicodeString(&EnvString, L"Path");
     Length = PAGE_SIZE;
     RtlInitEmptyUnicodeString(&PathString,
                               RtlAllocateHeap(SmpHeap, SmBaseTag, Length),
                               (USHORT)Length);
     if (!PathString.Buffer)
     {
         /* Fail if we have no memory for this */
         RtlFreeHeap(SmpHeap, 0, Token.Buffer);
         return STATUS_INSUFFICIENT_RESOURCES;
     }
 
     /* Query the path from the environment */
     Status = RtlQueryEnvironmentVariable_U(SmpDefaultEnvironment,
                                            &EnvString,
                                            &PathString);
     if (Status == STATUS_BUFFER_TOO_SMALL)
     {
         /* Our buffer was too small, free it */
         RtlFreeHeap(SmpHeap, 0, PathString.Buffer);
 
         /* And allocate one big enough */
         Length = PathString.Length + sizeof(UNICODE_NULL);
         RtlInitEmptyUnicodeString(&PathString,
                                   RtlAllocateHeap(SmpHeap, SmBaseTag, Length),
                                   (USHORT)Length);
         if (!PathString.Buffer)
         {
             /* Fail if we have no memory for this */
             RtlFreeHeap(SmpHeap, 0, Token.Buffer);
             return STATUS_INSUFFICIENT_RESOURCES;
         }
 
         /* Now try again, this should work */
         Status = RtlQueryEnvironmentVariable_U(SmpDefaultEnvironment,
                                                &EnvString,
                                                &PathString);
     }
     if (!NT_SUCCESS(Status))
     {
         /* Another failure means that the kernel hasn't passed the path correctly */
         DPRINT1("SMSS: %wZ environment variable not defined.\n", &EnvString);
         Status = STATUS_OBJECT_NAME_NOT_FOUND;
     }
     else
     {
         /* Check if the caller expects any flags out of here */
         if (Flags)
         {
             /* We can return the image not found flag -- so does the image exist */
             if (!(RtlDosSearchPath_U(PathString.Buffer,
                                      Token.Buffer,
                                      L".exe",
                                      sizeof(PathBuffer),
                                      PathBuffer,
                                      &FilePart)) &&
                 !(RtlDosSearchPath_U(SmpDefaultLibPath.Buffer,
                                      Token.Buffer,
                                      L".exe",
                                      sizeof(PathBuffer),
                                      PathBuffer,
                                      &FilePart)))
             {
                 /* It doesn't, let the caller know about it and exit */
                 *Flags |= SMP_INVALID_PATH;
                 *FileName = Token;
                 RtlFreeHeap(SmpHeap, 0, PathString.Buffer);
                 return STATUS_SUCCESS;
             }
         }
         else
         {
             /* Caller doesn't want flags, probably wants the image itself */
             RtlStringCbCopyW(PathBuffer, sizeof(PathBuffer), Token.Buffer);
         }
     }
 
     /* Free tokens and such, all that's left is to convert the image name */
     RtlFreeHeap(SmpHeap, 0, Token.Buffer);
     RtlFreeHeap(SmpHeap, 0, PathString.Buffer);
     if (!NT_SUCCESS(Status)) return Status;
 
     /* Convert it and bail out if this failed */
     if (!RtlDosPathNameToNtPathName_U(PathBuffer, FileName, NULL, NULL))
     {
         DPRINT1("SMSS: Unable to translate %ws into an NT File Name\n",
                 &PathBuffer);
         Status = STATUS_OBJECT_PATH_INVALID;
     }
     if (!NT_SUCCESS(Status)) return Status;
 
     /* Finally, check if the caller also wanted the directory */
     if (Directory)
     {
         /* Is the file a relative name with no directory? */
         if (FilePart <= PathBuffer)
         {
             /* Clear it */
             RtlInitUnicodeString(Directory, NULL);
         }
         else
         {
             /* There is a directory, and a filename -- separate those two */
             *--FilePart = UNICODE_NULL;
             RtlCreateUnicodeString(Directory, PathBuffer);
         }
     }
 
     /* We are done -- move on to the second pass to get the arguments */
     return SmpParseToken(&CmdLineCopy, TRUE, Arguments);
 }

Referenced by SmpCreatePagingFileDescriptor(), SmpExecuteCommand(), and SmpExecuteInitialCommand().

◆ SmpQueryRegistrySosOption()

BOOLEAN NTAPI SmpQueryRegistrySosOption ( VOID )

Definition at line 424 of file smutil.c.

 {
     NTSTATUS Status;
     UNICODE_STRING KeyName, ValueName;
     OBJECT_ATTRIBUTES ObjectAttributes;
     HANDLE KeyHandle;
     ULONG Length;
     WCHAR ValueBuffer[VALUE_BUFFER_SIZE];
     PKEY_VALUE_PARTIAL_INFORMATION PartialInfo = (PVOID)ValueBuffer;
 
     /* Open the key */
     RtlInitUnicodeString(&KeyName,
                          L"\\Registry\\Machine\\System\\CurrentControlSet\\Control");
     InitializeObjectAttributes(&ObjectAttributes,
                                &KeyName,
                                OBJ_CASE_INSENSITIVE,
                                NULL,
                                NULL);
     Status = NtOpenKey(&KeyHandle, KEY_READ, &ObjectAttributes);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("SMSS: Cannot open control key (Status 0x%x)\n", Status);
         return FALSE;
     }
 
     /* Query the value */
     RtlInitUnicodeString(&ValueName, L"SystemStartOptions");
     Status = NtQueryValueKey(KeyHandle,
                              &ValueName,
                              KeyValuePartialInformation,
                              PartialInfo,
                              sizeof(ValueBuffer),
                              &Length);
     ASSERT(Length < VALUE_BUFFER_SIZE);
     NtClose(KeyHandle);
     if (!NT_SUCCESS(Status) ||
         ((PartialInfo->Type != REG_SZ) && (PartialInfo->Type != REG_EXPAND_SZ)))
     {
         DPRINT1("SMSS: Cannot query value key (Type %lu, Status 0x%x)\n",
                 PartialInfo->Type, Status);
         return FALSE;
     }
 
     /* Check if it's set to SOS or sos */
     if (!(wcsstr((PWCHAR)PartialInfo->Data, L"SOS")) ||
          (wcsstr((PWCHAR)PartialInfo->Data, L"sos")))
     {
         /* It's not set, return FALSE */
         return FALSE;
     }
 
     /* It's set, return TRUE */
     return TRUE;
 }

Referenced by SmpInvokeAutoChk().

◆ SmpReleasePrivilege()

VOID NTAPI SmpReleasePrivilege ( IN PVOID State )

Definition at line 129 of file smutil.c.

 {
     PSMP_PRIVILEGE_STATE State = (PSMP_PRIVILEGE_STATE)PrivState;
 
     /* Adjust the privileges in the token */
     NtAdjustPrivilegesToken(State->TokenHandle,
                             FALSE,
                             State->OldPrivileges,
                             0,
                             NULL,
                             NULL);
 
     /* Check if we used a dynamic buffer */
     if (State->OldPrivileges != (PTOKEN_PRIVILEGES)&State->OldBuffer)
     {
         /* Free it */
         RtlFreeHeap(SmpHeap, 0, State->OldPrivileges);
     }
 
     /* Close the token handle and free the state structure */
     NtClose(State->TokenHandle);
     RtlFreeHeap(SmpHeap, 0, State);
 }

Referenced by _main(), SmpLoadSubSystem(), and SmpLoadSubSystemsForMuSession().

◆ SmpRestoreBootStatusData()

VOID NTAPI SmpRestoreBootStatusData	(	IN BOOLEAN	BootOkay,
		IN BOOLEAN	ShutdownOkay
	)

Definition at line 531 of file smutil.c.

 {
     NTSTATUS Status;
     PVOID BootState;
 
     /* Lock the BSD */
     Status = RtlLockBootStatusData(&BootState);
     if (NT_SUCCESS(Status))
     {
         /* Write the bootokay and bootshutdown values */
         RtlGetSetBootStatusData(BootState,
                                 FALSE,
                                 RtlBsdItemBootGood,
                                 &BootOkay,
                                 sizeof(BootOkay),
                                 NULL);
         RtlGetSetBootStatusData(BootState,
                                 FALSE,
                                 RtlBsdItemBootShutdown,
                                 &ShutdownOkay,
                                 sizeof(ShutdownOkay),
                                 NULL);
 
         /* Unlock the BSD and return */
         RtlUnlockBootStatusData(BootState);
     }
 }

Referenced by SmpInvokeAutoChk().

◆ SmpSaveAndClearBootStatusData()

BOOLEAN NTAPI SmpSaveAndClearBootStatusData	(	OUT PBOOLEAN	BootOkay,
		OUT PBOOLEAN	ShutdownOkay
	)

Definition at line 481 of file smutil.c.

 {
     NTSTATUS Status;
     BOOLEAN Value = TRUE;
     PVOID BootStatusDataHandle;
 
     /* Assume failure */
     *BootOkay = FALSE;
     *ShutdownOkay = FALSE;
 
     /* Lock the BSD and fail if we couldn't */
     Status = RtlLockBootStatusData(&BootStatusDataHandle);
     if (!NT_SUCCESS(Status)) return FALSE;
 
     /* Read the old settings */
     RtlGetSetBootStatusData(BootStatusDataHandle,
                             TRUE,
                             RtlBsdItemBootGood,
                             BootOkay,
                             sizeof(BOOLEAN),
                             NULL);
     RtlGetSetBootStatusData(BootStatusDataHandle,
                             TRUE,
                             RtlBsdItemBootShutdown,
                             ShutdownOkay,
                             sizeof(BOOLEAN),
                             NULL);
 
     /* Set new ones indicating we got at least this far */
     RtlGetSetBootStatusData(BootStatusDataHandle,
                             FALSE,
                             RtlBsdItemBootGood,
                             &Value,
                             sizeof(Value),
                             NULL);
     RtlGetSetBootStatusData(BootStatusDataHandle,
                             FALSE,
                             RtlBsdItemBootShutdown,
                             &Value,
                             sizeof(Value),
                             NULL);
 
     /* Unlock the BSD and return */
     RtlUnlockBootStatusData(BootStatusDataHandle);
     return TRUE;
 }

Referenced by SmpInvokeAutoChk().

◆ SmpSbCreateSession()

NTSTATUS NTAPI SmpSbCreateSession	(	IN PVOID	Reserved,
		IN PSMP_SUBSYSTEM	OtherSubsystem,
		IN PRTL_USER_PROCESS_INFORMATION	ProcessInformation,
		IN ULONG	MuSessionId,
		IN PCLIENT_ID	DbgClientId
	)

Definition at line 31 of file smsbapi.c.

 {
     NTSTATUS Status;
     PSMP_SUBSYSTEM KnownSubsys;
     SB_API_MSG SbApiMsg;
     ULONG SessionId;
     PSB_CREATE_SESSION_MSG CreateSessionMsg;
 
     /* Write out the create session message including its initial process */
     CreateSessionMsg = &SbApiMsg.CreateSession;
     CreateSessionMsg->ProcessInfo = *ProcessInformation;
     CreateSessionMsg->MuSessionId = MuSessionId;
     if (DbgClientId)
     {
         CreateSessionMsg->ClientId = *DbgClientId;
     }
     else
     {
         CreateSessionMsg->ClientId.UniqueThread = NULL;
         CreateSessionMsg->ClientId.UniqueProcess = NULL;
     }
 
     /* Find a subsystem responsible for this session */
     SmpGetProcessMuSessionId(ProcessInformation->ProcessHandle, &MuSessionId);
     if (!SmpCheckDuplicateMuSessionId(MuSessionId))
     {
         NtClose(ProcessInformation->ProcessHandle);
         NtClose(ProcessInformation->ThreadHandle);
         DPRINT1("SMSS: CreateSession status=%x\n", STATUS_OBJECT_NAME_NOT_FOUND);
         return STATUS_OBJECT_NAME_NOT_FOUND;
     }
 
     /* Find the subsystem we have for this initial process */
     KnownSubsys = SmpLocateKnownSubSysByType(MuSessionId,
                                              ProcessInformation->
                                              ImageInformation.SubSystemType);
     if (KnownSubsys)
     {
         /* Duplicate the process handle into the message */
         Status = NtDuplicateObject(NtCurrentProcess(),
                                    ProcessInformation->ProcessHandle,
                                    KnownSubsys->ProcessHandle,
                                    &CreateSessionMsg->ProcessInfo.ProcessHandle,
                                    PROCESS_ALL_ACCESS,
                                    0,
                                    0);
         if (NT_SUCCESS(Status))
         {
             /* Duplicate the thread handle into the message */
             Status = NtDuplicateObject(NtCurrentProcess(),
                                        ProcessInformation->ThreadHandle,
                                        KnownSubsys->ProcessHandle,
                                        &CreateSessionMsg->ProcessInfo.ThreadHandle,
                                        THREAD_ALL_ACCESS,
                                        0,
                                        0);
             if (!NT_SUCCESS(Status))
             {
                 /* Close everything on failure */
                 NtClose(ProcessInformation->ProcessHandle);
                 NtClose(ProcessInformation->ThreadHandle);
                 SmpDereferenceSubsystem(KnownSubsys);
                 DPRINT1("SmpSbCreateSession: NtDuplicateObject (Thread) Failed %lx\n", Status);
                 return Status;
             }
 
             /* Close the original handles as they are no longer needed */
             NtClose(ProcessInformation->ProcessHandle);
             NtClose(ProcessInformation->ThreadHandle);
 
             /* Finally, allocate a new SMSS session ID for this session */
             SessionId = SmpAllocateSessionId(KnownSubsys, OtherSubsystem);
             CreateSessionMsg->SessionId = SessionId;
 
             /* Fill out the LPC message header and send it to the client! */
             SbApiMsg.ApiNumber = SbpCreateSession;
             SbApiMsg.h.u2.ZeroInit = 0;
             SbApiMsg.h.u1.s1.DataLength = sizeof(SB_CREATE_SESSION_MSG) + 8;
             SbApiMsg.h.u1.s1.TotalLength = sizeof(SbApiMsg);
             Status = NtRequestWaitReplyPort(KnownSubsys->SbApiPort,
                                             &SbApiMsg.h,
                                             &SbApiMsg.h);
             if (!NT_SUCCESS(Status))
             {
                 /* Bail out */
                 DPRINT1("SmpSbCreateSession: NtRequestWaitReply Failed %lx\n", Status);
             }
             else
             {
                 /* If the API succeeded, get the result value from the LPC */
                 Status = SbApiMsg.ReturnValue;
             }
 
             /* Delete the session on any kind of failure */
             if (!NT_SUCCESS(Status)) SmpDeleteSession(SessionId);
         }
         else
         {
             /* Close the handles on failure */
             DPRINT1("SmpSbCreateSession: NtDuplicateObject (Process) Failed %lx\n", Status);
             NtClose(ProcessInformation->ProcessHandle);
             NtClose(ProcessInformation->ThreadHandle);
         }
 
         /* Dereference the subsystem and return the status of the LPC call */
         SmpDereferenceSubsystem(KnownSubsys);
         return Status;
     }
 
     /* If we don't yet have a subsystem, only native images can be launched */
     if (ProcessInformation->ImageInformation.SubSystemType != IMAGE_SUBSYSTEM_NATIVE)
     {
         /* Fail */
         DPRINT1("SMSS: %s SubSystem has not been started.\n",
                 SmpSubSystemNames[ProcessInformation->ImageInformation.SubSystemType]);
         Status = STATUS_UNSUCCESSFUL;
         NtClose(ProcessInformation->ProcessHandle);
         NtClose(ProcessInformation->ThreadHandle);
         return Status;
     }
 
 #if 0
     /* This code handles debug applications, but it seems vestigial... */
     if ((*(ULONGLONG)&CreateSessionMsg.ClientId) && (SmpDbgSsLoaded))
     {
         Process = RtlAllocateHeap(SmpHeap, SmBaseTag, sizeof(SMP_PROCESS));
         if (!Process)
         {
             DPRINT1("Unable to initialize debugging for Native App %lx.%lx -- out of memory\n",
                     ProcessInformation->ClientId.UniqueProcess,
                     ProcessInformation->ClientId.UniqueThread);
             NtClose(ProcessInformation->ProcessHandle);
             NtClose(ProcessInformation->ThreadHandle);
             return STATUS_NO_MEMORY;
         }
 
         Process->DbgClientId = CreateSessionMsg->ClientId;
         Process->ClientId = ProcessInformation->ClientId;
         InsertHeadList(&NativeProcessList, &Process->Entry);
         DPRINT1("Native Debug App %lx.%lx\n", Process->ClientId.UniqueProcess, Process->ClientId.UniqueThread);
 
         Status = NtSetInformationProcess(ProcessInformation->ProcessHandle, 7, &SmpDebugPort, 4);
         ASSERT(NT_SUCCESS(Status));
     }
 #endif
 
     /* This is a native application being started as the initial command */
     DPRINT("Subsystem active, starting thread\n");
     NtClose(ProcessInformation->ProcessHandle);
     NtResumeThread(ProcessInformation->ThreadHandle, NULL);
     NtClose(ProcessInformation->ThreadHandle);
     return STATUS_SUCCESS;
 }

Referenced by SmpExecPgm().

◆ SmpSetProcessMuSessionId()

NTSTATUS NTAPI SmpSetProcessMuSessionId	(	IN HANDLE	ProcessHandle,
		IN ULONG	SessionId
	)

Definition at line 199 of file smsessn.c.

 {
     NTSTATUS Status;
 
     /* Tell the kernel about the session ID */
     Status = NtSetInformationProcess(ProcessHandle,
                                      ProcessSessionInformation,
                                      &SessionId,
                                      sizeof(SessionId));
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("SMSS: SetProcessMuSessionId, Process=%p, Status=%x\n",
                 ProcessHandle, Status);
     }
 
     /* Return */
     return Status;
 }

Referenced by SmpExecuteImage().

◆ SmpTerminate()

NTSTATUS NTAPI SmpTerminate	(	IN PULONG_PTR	Parameters,
		IN ULONG	ParameterMask,
		IN ULONG	ParameterCount
	)

Definition at line 391 of file smss.c.

 {
     NTSTATUS Status;
     BOOLEAN Old;
     ULONG Response;
 
     /* Give the shutdown privilege to the thread */
     if (RtlAdjustPrivilege(SE_SHUTDOWN_PRIVILEGE, TRUE, TRUE, &Old) ==
         STATUS_NO_TOKEN)
     {
         /* Thread doesn't have a token, give it to the entire process */
         RtlAdjustPrivilege(SE_SHUTDOWN_PRIVILEGE, TRUE, FALSE, &Old);
     }
 
     /* Take down the process/machine with a hard error */
     Status = NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED,
                               ParameterCount,
                               ParameterMask,
                               Parameters,
                               OptionShutdownSystem,
                               &Response);
 
     /* Terminate the process if the hard error didn't already */
     return NtTerminateProcess(NtCurrentProcess(), Status);
 }

Referenced by _main(), SmpInitializeKnownDllsInternal(), and SmpUnhandledExceptionFilter().

◆ SmpTranslateSystemPartitionInformation()

VOID NTAPI SmpTranslateSystemPartitionInformation ( VOID )

Definition at line 786 of file sminit.c.

 {
     NTSTATUS Status;
     UNICODE_STRING UnicodeString, LinkTarget, SearchString, SystemPartition;
     OBJECT_ATTRIBUTES ObjectAttributes;
     HANDLE KeyHandle, LinkHandle;
     ULONG Length, Context;
     size_t StrLength;
     WCHAR LinkBuffer[MAX_PATH];
     CHAR ValueBuffer[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 512];
     PKEY_VALUE_PARTIAL_INFORMATION PartialInfo = (PVOID)ValueBuffer;
     CHAR DirInfoBuffer[sizeof(OBJECT_DIRECTORY_INFORMATION) + 512];
     POBJECT_DIRECTORY_INFORMATION DirInfo = (PVOID)DirInfoBuffer;
 
     /* Open the setup key */
     RtlInitUnicodeString(&UnicodeString, L"\\Registry\\Machine\\System\\Setup");
     InitializeObjectAttributes(&ObjectAttributes,
                                &UnicodeString,
                                OBJ_CASE_INSENSITIVE,
                                NULL,
                                NULL);
     Status = NtOpenKey(&KeyHandle, KEY_READ, &ObjectAttributes);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("SMSS: Cannot open system setup key for reading: 0x%x\n", Status);
         return;
     }
 
     /* Query the system partition */
     RtlInitUnicodeString(&UnicodeString, L"SystemPartition");
     Status = NtQueryValueKey(KeyHandle,
                              &UnicodeString,
                              KeyValuePartialInformation,
                              PartialInfo,
                              sizeof(ValueBuffer),
                              &Length);
     NtClose(KeyHandle);
     if (!NT_SUCCESS(Status) ||
         ((PartialInfo->Type != REG_SZ) && (PartialInfo->Type != REG_EXPAND_SZ)))
     {
         DPRINT1("SMSS: Cannot query SystemPartition value (Type %lu, Status 0x%x)\n",
                 PartialInfo->Type, Status);
         return;
     }
 
     /* Initialize the system partition string */
     RtlInitEmptyUnicodeString(&SystemPartition,
                               (PWCHAR)PartialInfo->Data,
                               PartialInfo->DataLength);
     RtlStringCbLengthW(SystemPartition.Buffer,
                        SystemPartition.MaximumLength,
                        &StrLength);
     SystemPartition.Length = (USHORT)StrLength;
 
     /* Enumerate the directory looking for the symbolic link string */
     RtlInitUnicodeString(&SearchString, L"SymbolicLink");
     RtlInitEmptyUnicodeString(&LinkTarget, LinkBuffer, sizeof(LinkBuffer));
     Status = NtQueryDirectoryObject(SmpDosDevicesObjectDirectory,
                                     DirInfo,
                                     sizeof(DirInfoBuffer),
                                     TRUE,
                                     TRUE,
                                     &Context,
                                     NULL);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("SMSS: Cannot find drive letter for system partition\n");
         return;
     }
 
     /* Keep searching until we find it */
     do
     {
         /* Is this it? */
         if ((RtlEqualUnicodeString(&DirInfo->TypeName, &SearchString, TRUE)) &&
             (DirInfo->Name.Length == 2 * sizeof(WCHAR)) &&
             (DirInfo->Name.Buffer[1] == L':'))
         {
             /* Looks like we found it, open the link to get its target */
             InitializeObjectAttributes(&ObjectAttributes,
                                        &DirInfo->Name,
                                        OBJ_CASE_INSENSITIVE,
                                        SmpDosDevicesObjectDirectory,
                                        NULL);
             Status = NtOpenSymbolicLinkObject(&LinkHandle,
                                               SYMBOLIC_LINK_ALL_ACCESS,
                                               &ObjectAttributes);
             if (NT_SUCCESS(Status))
             {
                 /* Open worked, query the target now */
                 Status = NtQuerySymbolicLinkObject(LinkHandle,
                                                    &LinkTarget,
                                                    NULL);
                 NtClose(LinkHandle);
 
                 /* Check if it matches the string we had found earlier */
                 if ((NT_SUCCESS(Status)) &&
                     ((RtlEqualUnicodeString(&SystemPartition,
                                             &LinkTarget,
                                             TRUE)) ||
                     ((RtlPrefixUnicodeString(&SystemPartition,
                                              &LinkTarget,
                                              TRUE)) &&
                      (LinkTarget.Buffer[SystemPartition.Length / sizeof(WCHAR)] == L'\\'))))
                 {
                     /* All done */
                     break;
                 }
             }
         }
 
         /* Couldn't find it, try again */
         Status = NtQueryDirectoryObject(SmpDosDevicesObjectDirectory,
                                         DirInfo,
                                         sizeof(DirInfoBuffer),
                                         TRUE,
                                         FALSE,
                                         &Context,
                                         NULL);
     } while (NT_SUCCESS(Status));
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("SMSS: Cannot find drive letter for system partition\n");
         return;
     }
 
     /* Open the setup key again, for full access this time */
     RtlInitUnicodeString(&UnicodeString,
                          L"\\Registry\\Machine\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup");
     InitializeObjectAttributes(&ObjectAttributes,
                                &UnicodeString,
                                OBJ_CASE_INSENSITIVE,
                                NULL,
                                NULL);
     Status = NtOpenKey(&KeyHandle, KEY_ALL_ACCESS, &ObjectAttributes);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("SMSS: Cannot open software setup key for writing: 0x%x\n",
                 Status);
         return;
     }
 
     /* Wrap up the end of the link buffer */
     wcsncpy(LinkBuffer, DirInfo->Name.Buffer, 2);
     LinkBuffer[2] = L'\\';
     LinkBuffer[3] = L'\0';
 
     /* Now set this as the "BootDir" */
     RtlInitUnicodeString(&UnicodeString, L"BootDir");
     Status = NtSetValueKey(KeyHandle,
                            &UnicodeString,
                            0,
                            REG_SZ,
                            LinkBuffer,
                            4 * sizeof(WCHAR));
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("SMSS: couldn't write BootDir value: 0x%x\n", Status);
     }
     NtClose(KeyHandle);
 }

Variables
RTL_CRITICAL_SECTION	SmpKnownSubSysLock

LIST_ENTRY	SmpKnownSubSysHead

RTL_CRITICAL_SECTION	SmpSessionListLock

LIST_ENTRY	SmpSessionListHead

ULONG	SmpNextSessionId

ULONG	SmpNextSessionIdScanMode

BOOLEAN	SmpDbgSsLoaded

HANDLE	SmpWindowsSubSysProcess

HANDLE	SmpSessionsObjectDirectory

HANDLE	SmpWindowsSubSysProcessId

BOOLEAN	RegPosixSingleInstance

UNICODE_STRING	SmpDebugKeyword

UNICODE_STRING	SmpASyncKeyword

UNICODE_STRING	SmpAutoChkKeyword

PVOID	SmpHeap

ULONG	SmBaseTag

UNICODE_STRING	SmpSystemRoot

PWCHAR	SmpDefaultEnvironment

UNICODE_STRING	SmpDefaultLibPath

LIST_ENTRY	SmpSetupExecuteList

LIST_ENTRY	SmpSubSystemsToLoad

LIST_ENTRY	SmpExecuteList

LIST_ENTRY	SmpSubSystemList

ULONG	AttachedSessionId

BOOLEAN	SmpDebug

Classes

Macros

Typedefs

Functions

Variables

Macro Definition Documentation

◆ NTOS_MODE_USER

◆ SMP_ASYNC_FLAG

◆ SMP_AUTOCHK_FLAG

◆ SMP_DEBUG_FLAG

◆ SMP_DEFERRED_FLAG

◆ SMP_INVALID_PATH

◆ SMP_OS2_FLAG

◆ SMP_POSIX_FLAG

◆ SMP_SUBSYSTEM_FLAG

◆ WIN32_NO_STATUS

Typedef Documentation

◆ PSMP_REGISTRY_VALUE

◆ PSMP_SUBSYSTEM

◆ SMP_REGISTRY_VALUE

◆ SMP_SUBSYSTEM

Function Documentation

◆ SmpAcquirePrivilege()

◆ SmpAllocateSessionId()

◆ SmpApiLoop()

◆ SmpCheckDuplicateMuSessionId()

◆ SmpCheckForCrashDump()

◆ SmpCreatePagingFileDescriptor()

◆ SmpCreatePagingFiles()

◆ SmpCreateSecurityDescriptors()

◆ SmpDeleteSession()

◆ SmpDereferenceSubsystem()

◆ SmpExecuteCommand()

◆ SmpExecuteImage()

◆ SmpExecuteInitialCommand()

◆ SmpGetProcessMuSessionId()

◆ SmpInit()

◆ SmpLoadSubSystem()

◆ SmpLoadSubSystemsForMuSession()

◆ SmpLocateKnownSubSysByCid()

◆ SmpLocateKnownSubSysByType()

◆ SmpPagingFileInitialize()

◆ SmpParseCommandLine()

◆ SmpQueryRegistrySosOption()

◆ SmpReleasePrivilege()

◆ SmpRestoreBootStatusData()

◆ SmpSaveAndClearBootStatusData()

◆ SmpSbCreateSession()

◆ SmpSetProcessMuSessionId()

◆ SmpTerminate()

◆ SmpTranslateSystemPartitionInformation()