driver.c File Reference

#include <ntoskrnl.h>
#include <debug.h>

Include dependency graph for driver.c:

Go to the source code of this file.

Macros
#define	NDEBUG
#define	TAG_RTLREGISTRY   'vrqR'

Functions
NTSTATUS NTAPI	IopInvalidDeviceRequest (PDEVICE_OBJECT DeviceObject, PIRP Irp)
VOID NTAPI	IopDeleteDriver (IN PVOID ObjectBody)
NTSTATUS FASTCALL	IopGetDriverObject (PDRIVER_OBJECT *DriverObject, PUNICODE_STRING ServiceName, BOOLEAN FileSystem)
BOOLEAN NTAPI	IopSuffixUnicodeString (IN PCUNICODE_STRING String1, IN PCUNICODE_STRING String2)
VOID FASTCALL	IopDisplayLoadingMessage (PUNICODE_STRING ServiceName)
NTSTATUS FASTCALL	IopNormalizeImagePath (_Inout_ _When_(return >=0, _At_(ImagePath->Buffer, _Post_notnull_ __drv_allocatesMem(Mem))) PUNICODE_STRING ImagePath, _In_ PUNICODE_STRING ServiceName)
NTSTATUS FASTCALL	IopLoadServiceModule (IN PUNICODE_STRING ServiceName, OUT PLDR_DATA_TABLE_ENTRY *ModuleObject)
VOID NTAPI	MmFreeDriverInitialization (IN PLDR_DATA_TABLE_ENTRY LdrEntry)
NTSTATUS FASTCALL	IopInitializeDriverModule (IN PDEVICE_NODE DeviceNode, IN PLDR_DATA_TABLE_ENTRY ModuleObject, IN PUNICODE_STRING ServiceName, IN BOOLEAN FileSystemDriver, OUT PDRIVER_OBJECT *DriverObject)
NTSTATUS NTAPI	IopAttachFilterDriversCallback (PWSTR ValueName, ULONG ValueType, PVOID ValueData, ULONG ValueLength, PVOID Context, PVOID EntryContext)
NTSTATUS FASTCALL	IopAttachFilterDrivers (PDEVICE_NODE DeviceNode, HANDLE EnumSubKey, HANDLE ClassKey, BOOLEAN Lower)
NTSTATUS NTAPI	MiResolveImageReferences (IN PVOID ImageBase, IN PUNICODE_STRING ImageFileDirectory, IN PUNICODE_STRING NamePrefix OPTIONAL, OUT PCHAR *MissingApi, OUT PWCHAR *MissingDriver, OUT PLOAD_IMPORTS *LoadImports)
INIT_FUNCTION NTSTATUS NTAPI	LdrProcessDriverModule (PLDR_DATA_TABLE_ENTRY LdrEntry, PUNICODE_STRING FileName, PLDR_DATA_TABLE_ENTRY *ModuleObject)
INIT_FUNCTION NTSTATUS NTAPI	IopInitializeBuiltinDriver (IN PLDR_DATA_TABLE_ENTRY BootLdrEntry)
INIT_FUNCTION VOID FASTCALL	IopInitializeBootDrivers (VOID)
INIT_FUNCTION VOID FASTCALL	IopInitializeSystemDrivers (VOID)
NTSTATUS NTAPI	IopUnloadDriver (PUNICODE_STRING DriverServiceName, BOOLEAN UnloadPnpDrivers)
VOID NTAPI	IopReinitializeDrivers (VOID)
VOID NTAPI	IopReinitializeBootDrivers (VOID)
NTSTATUS NTAPI	IopCreateDriver (IN PUNICODE_STRING DriverName OPTIONAL, IN PDRIVER_INITIALIZE InitializationFunction, IN PUNICODE_STRING RegistryPath OPTIONAL, IN PCUNICODE_STRING ServiceName, IN PLDR_DATA_TABLE_ENTRY ModuleObject OPTIONAL, OUT PDRIVER_OBJECT *pDriverObject)
NTSTATUS NTAPI	IoCreateDriver (IN PUNICODE_STRING DriverName OPTIONAL, IN PDRIVER_INITIALIZE InitializationFunction)
VOID NTAPI	IoDeleteDriver (IN PDRIVER_OBJECT DriverObject)
VOID NTAPI	IoRegisterBootDriverReinitialization (IN PDRIVER_OBJECT DriverObject, IN PDRIVER_REINITIALIZE ReinitRoutine, IN PVOID Context)
VOID NTAPI	IoRegisterDriverReinitialization (IN PDRIVER_OBJECT DriverObject, IN PDRIVER_REINITIALIZE ReinitRoutine, IN PVOID Context)
NTSTATUS NTAPI	IoAllocateDriverObjectExtension (IN PDRIVER_OBJECT DriverObject, IN PVOID ClientIdentificationAddress, IN ULONG DriverObjectExtensionSize, OUT PVOID *DriverObjectExtension)
PVOID NTAPI	IoGetDriverObjectExtension (IN PDRIVER_OBJECT DriverObject, IN PVOID ClientIdentificationAddress)
VOID NTAPI	IopLoadUnloadDriverWorker (_Inout_ PVOID Parameter)
NTSTATUS NTAPI	IopLoadUnloadDriver (_In_opt_ PCUNICODE_STRING RegistryPath, _Inout_ PDRIVER_OBJECT *DriverObject)
NTSTATUS NTAPI	NtLoadDriver (IN PUNICODE_STRING DriverServiceName)
NTSTATUS NTAPI	NtUnloadDriver (IN PUNICODE_STRING DriverServiceName)

Variables
ERESOURCE	IopDriverLoadResource
LIST_ENTRY	DriverReinitListHead
KSPIN_LOCK	DriverReinitListLock
PLIST_ENTRY	DriverReinitTailEntry
PLIST_ENTRY	DriverBootReinitTailEntry
LIST_ENTRY	DriverBootReinitListHead
KSPIN_LOCK	DriverBootReinitListLock
UNICODE_STRING	IopHardwareDatabaseKey
POBJECT_TYPE	IoDriverObjectType = NULL
BOOLEAN	ExpInTextModeSetup
BOOLEAN	PnpSystemInit
USHORT	IopGroupIndex
PLIST_ENTRY	IopGroupTable

Macro Definition Documentation

NDEBUG

#define NDEBUG

Definition at line 14 of file driver.c.

TAG_RTLREGISTRY

#define TAG_RTLREGISTRY   'vrqR'

Definition at line 34 of file driver.c.

Function Documentation

IoAllocateDriverObjectExtension()

NTSTATUS NTAPI IoAllocateDriverObjectExtension	(	IN PDRIVER_OBJECT	DriverObject,
		IN PVOID	ClientIdentificationAddress,
		IN ULONG	DriverObjectExtensionSize,
		OUT PVOID *	DriverObjectExtension
	)

Definition at line 1764 of file driver.c.

{
    KIRQL OldIrql;
    PIO_CLIENT_EXTENSION DriverExtensions, NewDriverExtension;
    BOOLEAN Inserted = FALSE;

    /* Assume failure */
    *DriverObjectExtension = NULL;

    /* Allocate the extension */
    NewDriverExtension = ExAllocatePoolWithTag(NonPagedPool,
                                               sizeof(IO_CLIENT_EXTENSION) +
                                               DriverObjectExtensionSize,
                                               TAG_DRIVER_EXTENSION);
    if (!NewDriverExtension) return STATUS_INSUFFICIENT_RESOURCES;

    /* Clear the extension for teh caller */
    RtlZeroMemory(NewDriverExtension,
                  sizeof(IO_CLIENT_EXTENSION) + DriverObjectExtensionSize);

    /* Acqure lock */
    OldIrql = KeRaiseIrqlToDpcLevel();

    /* Fill out the extension */
    NewDriverExtension->ClientIdentificationAddress = ClientIdentificationAddress;

    /* Loop the current extensions */
    DriverExtensions = IoGetDrvObjExtension(DriverObject)->
                       ClientDriverExtension;
    while (DriverExtensions)
    {
        /* Check if the identifier matches */
        if (DriverExtensions->ClientIdentificationAddress ==
            ClientIdentificationAddress)
        {
            /* We have a collision, break out */
            break;
        }

        /* Go to the next one */
        DriverExtensions = DriverExtensions->NextExtension;
    }

    /* Check if we didn't collide */
    if (!DriverExtensions)
    {
        /* Link this one in */
        NewDriverExtension->NextExtension =
            IoGetDrvObjExtension(DriverObject)->ClientDriverExtension;
        IoGetDrvObjExtension(DriverObject)->ClientDriverExtension =
            NewDriverExtension;
        Inserted = TRUE;
    }

    /* Release the lock */
    KeLowerIrql(OldIrql);

    /* Check if insertion failed */
    if (!Inserted)
    {
        /* Free the entry and fail */
        ExFreePoolWithTag(NewDriverExtension, TAG_DRIVER_EXTENSION);
        return STATUS_OBJECT_NAME_COLLISION;
    }

    /* Otherwise, return the pointer */
    *DriverObjectExtension = NewDriverExtension + 1;
    return STATUS_SUCCESS;
}

Referenced by ClassInitialize(), DriverEntry(), HidRegisterMinidriver(), KoDriverInitialize(), KsInitializeDriver(), NdisMRegisterMiniport(), PciIdeXInitialize(), ScsiClassInitialize(), StorPortInitialize(), StreamClassRegisterAdapter(), and VideoPortInitialize().

IoCreateDriver()

NTSTATUS NTAPI IoCreateDriver	(	IN PUNICODE_STRING DriverName	OPTIONAL,
		IN PDRIVER_INITIALIZE	InitializationFunction
	)

Definition at line 1683 of file driver.c.

{
    PDRIVER_OBJECT DriverObject;
    return IopCreateDriver(DriverName, InitializationFunction, NULL, DriverName, NULL, &DriverObject);
}

Referenced by HaliInitPnpDriver(), IopInitializePlugPlayServices(), and WmiInitialize().

IoDeleteDriver()

VOID NTAPI IoDeleteDriver

(

IN PDRIVER_OBJECT

DriverObject

)

Definition at line 1695 of file driver.c.

{
    /* Simply dereference the Object */
    ObDereferenceObject(DriverObject);
}

IoGetDriverObjectExtension()

PVOID NTAPI IoGetDriverObjectExtension	(	IN PDRIVER_OBJECT	DriverObject,
		IN PVOID	ClientIdentificationAddress
	)

Definition at line 1842 of file driver.c.

{
    KIRQL OldIrql;
    PIO_CLIENT_EXTENSION DriverExtensions;

    /* Acquire lock */
    OldIrql = KeRaiseIrqlToDpcLevel();

    /* Loop the list until we find the right one */
    DriverExtensions = IoGetDrvObjExtension(DriverObject)->ClientDriverExtension;
    while (DriverExtensions)
    {
        /* Check for a match */
        if (DriverExtensions->ClientIdentificationAddress ==
            ClientIdentificationAddress)
        {
            /* Break out */
            break;
        }

        /* Keep looping */
        DriverExtensions = DriverExtensions->NextExtension;
    }

    /* Release lock */
    KeLowerIrql(OldIrql);

    /* Return nothing or the extension */
    if (!DriverExtensions) return NULL;
    return DriverExtensions + 1;
}

Referenced by _Dispatch_type_(), CdRomCreateDeviceObject(), ClassAddDevice(), ClassCreateDeviceObject(), ClassDispatchPnp(), ClassGetDriverExtension(), ClassGetPdoId(), ClassInitialize(), ClassInitializeEx(), ClassInvalidateBusRelations(), ClassPnpQueryFdoRelations(), ClassPnpStartDevice(), ClassQueryTimeOutRegistryValue(), ClassRemoveDevice(), ClassUnload(), ConDrvCreateController(), ConDrvDeleteController(), CreateClassDeviceObject(), CreateGreenFdo(), DestroyPortDriver(), GreenAddDevice(), GreenDispatch(), HidClassAddDevice(), i8042RemoveDevice(), IntVideoPortAddDevice(), IntVideoPortFilterResourceRequirements(), IntVideoPortPnPStartDevice(), KeyboardAddDevice(), KopDispatchCreate(), KsAddDevice(), NdisIAddDevice(), PciIdeXAddDevice(), PciIdeXFdoStartDevice(), PortAddDevice(), PortUnload(), ScreenAddDevice(), ScsiClassAddDevice(), SermouseAddDevice(), StorPortInitialize(), StreamClassAddDevice(), StreamClassStartDevice(), VfdCreateDevice(), VfdDeleteDevice(), VfdStoreLink(), VfdUnloadDriver(), VideoPortGetAccessRanges(), and VideoPortInitialize().

IopAttachFilterDrivers()

NTSTATUS FASTCALL IopAttachFilterDrivers	(	PDEVICE_NODE	DeviceNode,
		HANDLE	EnumSubKey,
		HANDLE	ClassKey,
		BOOLEAN	Lower
	)

Definition at line 649 of file driver.c.

{
    RTL_QUERY_REGISTRY_TABLE QueryTable[2] = { { NULL, 0, NULL, NULL, 0, NULL, 0 }, };
    NTSTATUS Status;

    /*
     * First load the device filters
     */
    QueryTable[0].QueryRoutine = IopAttachFilterDriversCallback;
    if (Lower)
        QueryTable[0].Name = L"LowerFilters";
    else
        QueryTable[0].Name = L"UpperFilters";
    QueryTable[0].Flags = 0;
    QueryTable[0].DefaultType = REG_NONE;

    Status = RtlQueryRegistryValues(RTL_REGISTRY_HANDLE,
                                    (PWSTR)EnumSubKey,
                                    QueryTable,
                                    DeviceNode,
                                    NULL);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to load device %s filters: %08X\n",
                Lower ? "lower" : "upper", Status);
        return Status;
    }

    QueryTable[0].QueryRoutine = IopAttachFilterDriversCallback;
    if (Lower)
        QueryTable[0].Name = L"LowerFilters";
    else
        QueryTable[0].Name = L"UpperFilters";
    QueryTable[0].EntryContext = NULL;
    QueryTable[0].Flags = 0;
    QueryTable[0].DefaultType = REG_NONE;

    if (ClassKey == NULL)
    {
        return STATUS_SUCCESS;
    }

    Status = RtlQueryRegistryValues(RTL_REGISTRY_HANDLE,
                                    (PWSTR)ClassKey,
                                    QueryTable,
                                    DeviceNode,
                                    NULL);

    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to load class %s filters: %08X\n",
                Lower ? "lower" : "upper", Status);
        return Status;
    }

    return STATUS_SUCCESS;
}

IopAttachFilterDriversCallback()

NTSTATUS NTAPI IopAttachFilterDriversCallback	(	PWSTR	ValueName,
		ULONG	ValueType,
		PVOID	ValueData,
		ULONG	ValueLength,
		PVOID	Context,
		PVOID	EntryContext
	)

Definition at line 563 of file driver.c.

{
    PDEVICE_NODE DeviceNode = Context;
    UNICODE_STRING ServiceName;
    PWCHAR Filters;
    PLDR_DATA_TABLE_ENTRY ModuleObject;
    PDRIVER_OBJECT DriverObject;
    NTSTATUS Status;

    /* No filter value present */
    if (ValueType == REG_NONE)
        return STATUS_SUCCESS;

    for (Filters = ValueData;
         ((ULONG_PTR)Filters - (ULONG_PTR)ValueData) < ValueLength &&
         *Filters != 0;
         Filters += (ServiceName.Length / sizeof(WCHAR)) + 1)
    {
        DPRINT("Filter Driver: %S (%wZ)\n", Filters, &DeviceNode->InstancePath);

        ServiceName.Buffer = Filters;
        ServiceName.MaximumLength =
        ServiceName.Length = (USHORT)wcslen(Filters) * sizeof(WCHAR);

        KeEnterCriticalRegion();
        ExAcquireResourceExclusiveLite(&IopDriverLoadResource, TRUE);
        Status = IopGetDriverObject(&DriverObject,
                                    &ServiceName,
                                    FALSE);
        if (!NT_SUCCESS(Status))
        {
            /* Load and initialize the filter driver */
            Status = IopLoadServiceModule(&ServiceName, &ModuleObject);
            if (!NT_SUCCESS(Status))
            {
                ExReleaseResourceLite(&IopDriverLoadResource);
                KeLeaveCriticalRegion();
                return Status;
            }

            Status = IopInitializeDriverModule(DeviceNode,
                                               ModuleObject,
                                               &ServiceName,
                                               FALSE,
                                               &DriverObject);
            if (!NT_SUCCESS(Status))
            {
                ExReleaseResourceLite(&IopDriverLoadResource);
                KeLeaveCriticalRegion();
                return Status;
            }
        }

        ExReleaseResourceLite(&IopDriverLoadResource);
        KeLeaveCriticalRegion();

        Status = IopInitializeDevice(DeviceNode, DriverObject);

        /* Remove extra reference */
        ObDereferenceObject(DriverObject);

        if (!NT_SUCCESS(Status))
            return Status;
    }

    return STATUS_SUCCESS;
}

Referenced by IopAttachFilterDrivers().

IopCreateDriver()

NTSTATUS NTAPI IopCreateDriver	(	IN PUNICODE_STRING DriverName	OPTIONAL,
		IN PDRIVER_INITIALIZE	InitializationFunction,
		IN PUNICODE_STRING RegistryPath	OPTIONAL,
		IN PCUNICODE_STRING	ServiceName,
		IN PLDR_DATA_TABLE_ENTRY ModuleObject	OPTIONAL,
		OUT PDRIVER_OBJECT *	pDriverObject
	)

Definition at line 1470 of file driver.c.

{
    WCHAR NameBuffer[100];
    USHORT NameLength;
    UNICODE_STRING LocalDriverName;
    NTSTATUS Status;
    OBJECT_ATTRIBUTES ObjectAttributes;
    ULONG ObjectSize;
    PDRIVER_OBJECT DriverObject;
    UNICODE_STRING ServiceKeyName;
    HANDLE hDriver;
    ULONG i, RetryCount = 0;

try_again:
    /* First, create a unique name for the driver if we don't have one */
    if (!DriverName)
    {
        /* Create a random name and set up the string */
        NameLength = (USHORT)swprintf(NameBuffer,
                                      DRIVER_ROOT_NAME L"%08u",
                                      KeTickCount.LowPart);
        LocalDriverName.Length = NameLength * sizeof(WCHAR);
        LocalDriverName.MaximumLength = LocalDriverName.Length + sizeof(UNICODE_NULL);
        LocalDriverName.Buffer = NameBuffer;
    }
    else
    {
        /* So we can avoid another code path, use a local var */
        LocalDriverName = *DriverName;
    }

    /* Initialize the Attributes */
    ObjectSize = sizeof(DRIVER_OBJECT) + sizeof(EXTENDED_DRIVER_EXTENSION);
    InitializeObjectAttributes(&ObjectAttributes,
                               &LocalDriverName,
                               OBJ_PERMANENT | OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
                               NULL,
                               NULL);

    /* Create the Object */
    Status = ObCreateObject(KernelMode,
                            IoDriverObjectType,
                            &ObjectAttributes,
                            KernelMode,
                            NULL,
                            ObjectSize,
                            0,
                            0,
                            (PVOID*)&DriverObject);
    if (!NT_SUCCESS(Status)) return Status;

    DPRINT("IopCreateDriver(): created DO %p\n", DriverObject);

    /* Set up the Object */
    RtlZeroMemory(DriverObject, ObjectSize);
    DriverObject->Type = IO_TYPE_DRIVER;
    DriverObject->Size = sizeof(DRIVER_OBJECT);

    /*
     * Check whether RegistryPath and ModuleObject are both NULL because
     * IoCreateDriver() was called to initialize a built-in driver.
     */
    if ((RegistryPath != NULL) || (ModuleObject != NULL))
        DriverObject->Flags = DRVO_LEGACY_DRIVER;
    else
        DriverObject->Flags = DRVO_BUILTIN_DRIVER;

    DriverObject->DriverExtension = (PDRIVER_EXTENSION)(DriverObject + 1);
    DriverObject->DriverExtension->DriverObject = DriverObject;
    DriverObject->DriverInit = InitializationFunction;
    DriverObject->DriverSection = ModuleObject;
    /* Loop all Major Functions */
    for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
    {
        /* Invalidate each function */
        DriverObject->MajorFunction[i] = IopInvalidDeviceRequest;
    }

    /* Set up the service key name buffer */
    ServiceKeyName.MaximumLength = ServiceName->Length + sizeof(UNICODE_NULL);
    ServiceKeyName.Buffer = ExAllocatePoolWithTag(NonPagedPool,
                                                  ServiceKeyName.MaximumLength,
                                                  TAG_IO);
    if (!ServiceKeyName.Buffer)
    {
        /* Fail */
        ObMakeTemporaryObject(DriverObject);
        ObDereferenceObject(DriverObject);
        return STATUS_INSUFFICIENT_RESOURCES;
    }

    /* Copy the name and set it in the driver extension */
    RtlCopyUnicodeString(&ServiceKeyName,
                         ServiceName);
    DriverObject->DriverExtension->ServiceKeyName = ServiceKeyName;

    /* Make a copy of the driver name to store in the driver object */
    DriverObject->DriverName.MaximumLength = LocalDriverName.Length;
    DriverObject->DriverName.Buffer = ExAllocatePoolWithTag(PagedPool,
                                                            DriverObject->DriverName.MaximumLength,
                                                            TAG_IO);
    if (!DriverObject->DriverName.Buffer)
    {
        /* Fail */
        ObMakeTemporaryObject(DriverObject);
        ObDereferenceObject(DriverObject);
        return STATUS_INSUFFICIENT_RESOURCES;
    }

    RtlCopyUnicodeString(&DriverObject->DriverName,
                         &LocalDriverName);

    /* Add the Object and get its handle */
    Status = ObInsertObject(DriverObject,
                            NULL,
                            FILE_READ_DATA,
                            0,
                            NULL,
                            &hDriver);

    /* Eliminate small possibility when this function is called more than
       once in a row, and KeTickCount doesn't get enough time to change */
    if (!DriverName && (Status == STATUS_OBJECT_NAME_COLLISION) && (RetryCount < 100))
    {
        RetryCount++;
        goto try_again;
    }

    if (!NT_SUCCESS(Status)) return Status;

    /* Now reference it */
    Status = ObReferenceObjectByHandle(hDriver,
                                       0,
                                       IoDriverObjectType,
                                       KernelMode,
                                       (PVOID*)&DriverObject,
                                       NULL);

    /* Close the extra handle */
    ZwClose(hDriver);

    if (!NT_SUCCESS(Status))
    {
        /* Fail */
        ObMakeTemporaryObject(DriverObject);
        ObDereferenceObject(DriverObject);
        return Status;
    }

    DriverObject->HardwareDatabase = &IopHardwareDatabaseKey;
    DriverObject->DriverStart = ModuleObject ? ModuleObject->DllBase : 0;
    DriverObject->DriverSize = ModuleObject ? ModuleObject->SizeOfImage : 0;

    /* Finally, call its init function */
    DPRINT("RegistryKey: %wZ\n", RegistryPath);
    DPRINT("Calling driver entrypoint at %p\n", InitializationFunction);
    Status = (*InitializationFunction)(DriverObject, RegistryPath);
    if (!NT_SUCCESS(Status))
    {
        /* If it didn't work, then kill the object */
        DPRINT1("'%wZ' initialization failed, status (0x%08lx)\n", DriverName, Status);
        DriverObject->DriverSection = NULL;
        ObMakeTemporaryObject(DriverObject);
        ObDereferenceObject(DriverObject);
        return Status;
    }
    else
    {
        /* Returns to caller the object */
        *pDriverObject = DriverObject;
    }

    /* We're going to say if we don't have any DOs from DriverEntry, then we're not legacy.
     * Other parts of the I/O manager depend on this behavior */
    if (!DriverObject->DeviceObject) DriverObject->Flags &= ~DRVO_LEGACY_DRIVER;

    /* Loop all Major Functions */
    for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
    {
        /*
         * Make sure the driver didn't set any dispatch entry point to NULL!
         * Doing so is illegal; drivers shouldn't touch entry points they
         * do not implement.
         */

        /* Check if it did so anyway */
        if (!DriverObject->MajorFunction[i])
        {
            /* Print a warning in the debug log */
            DPRINT1("Driver <%wZ> set DriverObject->MajorFunction[%lu] to NULL!\n",
                    &DriverObject->DriverName, i);

            /* Fix it up */
            DriverObject->MajorFunction[i] = IopInvalidDeviceRequest;
        }
    }

    /* Return the Status */
    return Status;
}

Referenced by IoCreateDriver(), and IopInitializeDriverModule().

IopDeleteDriver()

VOID NTAPI IopDeleteDriver

(

IN PVOID

ObjectBody

)

Definition at line 58 of file driver.c.

{
    PDRIVER_OBJECT DriverObject = ObjectBody;
    PIO_CLIENT_EXTENSION DriverExtension, NextDriverExtension;
    PAGED_CODE();

    DPRINT1("Deleting driver object '%wZ'\n", &DriverObject->DriverName);

    /* There must be no device objects remaining at this point */
    ASSERT(!DriverObject->DeviceObject);

    /* Get the extension and loop them */
    DriverExtension = IoGetDrvObjExtension(DriverObject)->ClientDriverExtension;
    while (DriverExtension)
    {
        /* Get the next one */
        NextDriverExtension = DriverExtension->NextExtension;
        ExFreePoolWithTag(DriverExtension, TAG_DRIVER_EXTENSION);

        /* Move on */
        DriverExtension = NextDriverExtension;
    }

    /* Check if the driver image is still loaded */
    if (DriverObject->DriverSection)
    {
        /* Unload it */
        MmUnloadSystemImage(DriverObject->DriverSection);
    }

    /* Check if it has a name */
    if (DriverObject->DriverName.Buffer)
    {
        /* Free it */
        ExFreePool(DriverObject->DriverName.Buffer);
    }

    /* Check if it has a service key name */
    if (DriverObject->DriverExtension->ServiceKeyName.Buffer)
    {
        /* Free it */
        ExFreePool(DriverObject->DriverExtension->ServiceKeyName.Buffer);
    }
}

Referenced by IopCreateObjectTypes().

IopDisplayLoadingMessage()

VOID FASTCALL IopDisplayLoadingMessage

(

PUNICODE_STRING

ServiceName

)

Definition at line 207 of file driver.c.

{
    CHAR TextBuffer[256];
    UNICODE_STRING DotSys = RTL_CONSTANT_STRING(L".SYS");

    if (ExpInTextModeSetup) return;
    if (!KeLoaderBlock) return;
    RtlUpcaseUnicodeString(ServiceName, ServiceName, FALSE);
    snprintf(TextBuffer, sizeof(TextBuffer),
            "%s%sSystem32\\Drivers\\%wZ%s\r\n",
            KeLoaderBlock->ArcBootDeviceName,
            KeLoaderBlock->NtBootPathName,
            ServiceName,
            IopSuffixUnicodeString(&DotSys, ServiceName) ? "" : ".SYS");
    HalDisplayString(TextBuffer);
}

Referenced by IopInitializeBuiltinDriver(), IopLoadServiceModule(), and IopLoadUnloadDriver().

IopGetDriverObject()

NTSTATUS FASTCALL IopGetDriverObject	(	PDRIVER_OBJECT *	DriverObject,
		PUNICODE_STRING	ServiceName,
		BOOLEAN	FileSystem
	)

Definition at line 105 of file driver.c.

{
    PDRIVER_OBJECT Object;
    UNICODE_STRING Prefix;
    UNICODE_STRING DriverName;
    NTSTATUS Status;

    DPRINT("IopGetDriverObject(%p '%wZ' %x)\n",
           DriverObject, ServiceName, FileSystem);

    ASSERT(ExIsResourceAcquiredExclusiveLite(&IopDriverLoadResource));
    *DriverObject = NULL;

    /* Create ModuleName string */
    if (ServiceName == NULL || ServiceName->Buffer == NULL)
        /* We don't know which DriverObject we have to open */
        return STATUS_INVALID_PARAMETER_2;

    if (FileSystem != FALSE)
        RtlInitUnicodeString(&Prefix, FILESYSTEM_ROOT_NAME);
    else
        RtlInitUnicodeString(&Prefix, DRIVER_ROOT_NAME);

    DriverName.Length = 0;
    DriverName.MaximumLength = Prefix.Length + ServiceName->Length + sizeof(UNICODE_NULL);
    ASSERT(DriverName.MaximumLength > ServiceName->Length);
    DriverName.Buffer = ExAllocatePoolWithTag(PagedPool, DriverName.MaximumLength, TAG_IO);
    if (DriverName.Buffer == NULL)
    {
        return STATUS_INSUFFICIENT_RESOURCES;
    }
    RtlAppendUnicodeStringToString(&DriverName, &Prefix);
    RtlAppendUnicodeStringToString(&DriverName, ServiceName);

    DPRINT("Driver name: '%wZ'\n", &DriverName);

    /* Open driver object */
    Status = ObReferenceObjectByName(&DriverName,
                                     OBJ_OPENIF | OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, /* Attributes */
                                     NULL, /* PassedAccessState */
                                     0, /* DesiredAccess */
                                     IoDriverObjectType,
                                     KernelMode,
                                     NULL, /* ParseContext */
                                     (PVOID*)&Object);
    ExFreePoolWithTag(DriverName.Buffer, TAG_IO);
    if (!NT_SUCCESS(Status))
    {
        DPRINT("Failed to reference driver object, status=0x%08x\n", Status);
        return Status;
    }

    *DriverObject = Object;

    DPRINT("Driver Object: %p\n", Object);

    return STATUS_SUCCESS;
}

Referenced by IopAttachFilterDriversCallback(), and IopLoadUnloadDriver().

IopInitializeBootDrivers()

INIT_FUNCTION VOID FASTCALL IopInitializeBootDrivers

(

VOID

)

Definition at line 939 of file driver.c.

{
    PLIST_ENTRY ListHead, NextEntry, NextEntry2;
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    PDEVICE_NODE DeviceNode;
    PDRIVER_OBJECT DriverObject;
    LDR_DATA_TABLE_ENTRY ModuleObject;
    NTSTATUS Status;
    UNICODE_STRING DriverName;
    ULONG i, Index;
    PDRIVER_INFORMATION DriverInfo, DriverInfoTag;
    HANDLE KeyHandle;
    PBOOT_DRIVER_LIST_ENTRY BootEntry;
    DPRINT("IopInitializeBootDrivers()\n");

    /* Use IopRootDeviceNode for now */
    Status = IopCreateDeviceNode(IopRootDeviceNode, NULL, NULL, &DeviceNode);
    if (!NT_SUCCESS(Status)) return;

    /* Setup the module object for the RAW FS Driver */
    ModuleObject.DllBase = NULL;
    ModuleObject.SizeOfImage = 0;
    ModuleObject.EntryPoint = RawFsDriverEntry;
    RtlInitUnicodeString(&DriverName, L"RAW");

    /* Initialize it */
    Status = IopInitializeDriverModule(DeviceNode,
                                       &ModuleObject,
                                       &DriverName,
                                       TRUE,
                                       &DriverObject);
    if (!NT_SUCCESS(Status))
    {
        /* Fail */
        return;
    }

    /* Now initialize the associated device */
    Status = IopInitializeDevice(DeviceNode, DriverObject);
    if (!NT_SUCCESS(Status))
    {
        /* Fail */
        ObDereferenceObject(DriverObject);
        return;
    }

    /* Start it up */
    Status = IopStartDevice(DeviceNode);
    if (!NT_SUCCESS(Status))
    {
        /* Fail */
        ObDereferenceObject(DriverObject);
        return;
    }

    /* Get highest group order index */
    IopGroupIndex = PpInitGetGroupOrderIndex(NULL);
    if (IopGroupIndex == 0xFFFF) ASSERT(FALSE);

    /* Allocate the group table */
    IopGroupTable = ExAllocatePoolWithTag(PagedPool,
                                          IopGroupIndex * sizeof(LIST_ENTRY),
                                          TAG_IO);
    if (IopGroupTable == NULL) ASSERT(FALSE);

    /* Initialize the group table lists */
    for (i = 0; i < IopGroupIndex; i++) InitializeListHead(&IopGroupTable[i]);

    /* Loop the boot modules */
    ListHead = &KeLoaderBlock->LoadOrderListHead;
    NextEntry = ListHead->Flink;
    while (ListHead != NextEntry)
    {
        /* Get the entry */
        LdrEntry = CONTAINING_RECORD(NextEntry,
                                     LDR_DATA_TABLE_ENTRY,
                                     InLoadOrderLinks);

        /* Check if the DLL needs to be initialized */
        if (LdrEntry->Flags & LDRP_DRIVER_DEPENDENT_DLL)
        {
            /* Call its entrypoint */
            MmCallDllInitialize(LdrEntry, NULL);
        }

        /* Go to the next driver */
        NextEntry = NextEntry->Flink;
    }

    /* Loop the boot drivers */
    ListHead = &KeLoaderBlock->BootDriverListHead;
    NextEntry = ListHead->Flink;
    while (ListHead != NextEntry)
    {
        /* Get the entry */
        BootEntry = CONTAINING_RECORD(NextEntry,
                                      BOOT_DRIVER_LIST_ENTRY,
                                      Link);

        /* Get the driver loader entry */
        LdrEntry = BootEntry->LdrEntry;

        /* Allocate our internal accounting structure */
        DriverInfo = ExAllocatePoolWithTag(PagedPool,
                                           sizeof(DRIVER_INFORMATION),
                                           TAG_IO);
        if (DriverInfo)
        {
            /* Zero it and initialize it */
            RtlZeroMemory(DriverInfo, sizeof(DRIVER_INFORMATION));
            InitializeListHead(&DriverInfo->Link);
            DriverInfo->DataTableEntry = BootEntry;

            /* Open the registry key */
            Status = IopOpenRegistryKeyEx(&KeyHandle,
                                          NULL,
                                          &BootEntry->RegistryPath,
                                          KEY_READ);
            DPRINT("IopOpenRegistryKeyEx(%wZ) returned 0x%08lx\n", &BootEntry->RegistryPath, Status);
#if 0
            if (NT_SUCCESS(Status))
#else // Hack still needed...
            if ((NT_SUCCESS(Status)) || /* ReactOS HACK for SETUPLDR */
                ((KeLoaderBlock->SetupLdrBlock) && ((KeyHandle = (PVOID)1)))) // yes, it's an assignment!
#endif
            {
                /* Save the handle */
                DriverInfo->ServiceHandle = KeyHandle;

                /* Get the group oder index */
                Index = PpInitGetGroupOrderIndex(KeyHandle);

                /* Get the tag position */
                DriverInfo->TagPosition = PipGetDriverTagPriority(KeyHandle);

                /* Insert it into the list, at the right place */
                ASSERT(Index < IopGroupIndex);
                NextEntry2 = IopGroupTable[Index].Flink;
                while (NextEntry2 != &IopGroupTable[Index])
                {
                    /* Get the driver info */
                    DriverInfoTag = CONTAINING_RECORD(NextEntry2,
                                                      DRIVER_INFORMATION,
                                                      Link);

                    /* Check if we found the right tag position */
                    if (DriverInfoTag->TagPosition > DriverInfo->TagPosition)
                    {
                        /* We're done */
                        break;
                    }

                    /* Next entry */
                    NextEntry2 = NextEntry2->Flink;
                }

                /* Insert us right before the next entry */
                NextEntry2 = NextEntry2->Blink;
                InsertHeadList(NextEntry2, &DriverInfo->Link);
            }
        }

        /* Go to the next driver */
        NextEntry = NextEntry->Flink;
    }

    /* Loop each group index */
    for (i = 0; i < IopGroupIndex; i++)
    {
        /* Loop each group table */
        NextEntry = IopGroupTable[i].Flink;
        while (NextEntry != &IopGroupTable[i])
        {
            /* Get the entry */
            DriverInfo = CONTAINING_RECORD(NextEntry,
                                           DRIVER_INFORMATION,
                                           Link);

            /* Get the driver loader entry */
            LdrEntry = DriverInfo->DataTableEntry->LdrEntry;

            /* Initialize it */
            IopInitializeBuiltinDriver(LdrEntry);

            /* Next entry */
            NextEntry = NextEntry->Flink;
        }
    }

    /* In old ROS, the loader list became empty after this point. Simulate. */
    InitializeListHead(&KeLoaderBlock->LoadOrderListHead);
}

Referenced by IoInitSystem().

IopInitializeBuiltinDriver()

INIT_FUNCTION NTSTATUS NTAPI IopInitializeBuiltinDriver

(

IN PLDR_DATA_TABLE_ENTRY

BootLdrEntry

)

Definition at line 808 of file driver.c.

{
    PDEVICE_NODE DeviceNode;
    PDRIVER_OBJECT DriverObject;
    NTSTATUS Status;
    PWCHAR Buffer, FileNameWithoutPath;
    PWSTR FileExtension;
    PUNICODE_STRING ModuleName = &BootLdrEntry->BaseDllName;
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    PLIST_ENTRY NextEntry;
    UNICODE_STRING ServiceName;
    BOOLEAN Success;

    /*
     * Display 'Loading XXX...' message
     */
    IopDisplayLoadingMessage(ModuleName);
    InbvIndicateProgress();

    Buffer = ExAllocatePoolWithTag(PagedPool,
                                   ModuleName->Length + sizeof(UNICODE_NULL),
                                   TAG_IO);
    if (Buffer == NULL)
    {
        return STATUS_INSUFFICIENT_RESOURCES;
    }

    RtlCopyMemory(Buffer, ModuleName->Buffer, ModuleName->Length);
    Buffer[ModuleName->Length / sizeof(WCHAR)] = UNICODE_NULL;

    /*
     * Generate filename without path (not needed by freeldr)
     */
    FileNameWithoutPath = wcsrchr(Buffer, L'\\');
    if (FileNameWithoutPath == NULL)
    {
        FileNameWithoutPath = Buffer;
    }
    else
    {
        FileNameWithoutPath++;
    }

    /*
     * Strip the file extension from ServiceName
     */
    Success = RtlCreateUnicodeString(&ServiceName, FileNameWithoutPath);
    ExFreePoolWithTag(Buffer, TAG_IO);
    if (!Success)
    {
        return STATUS_INSUFFICIENT_RESOURCES;
    }

    FileExtension = wcsrchr(ServiceName.Buffer, L'.');
    if (FileExtension != NULL)
    {
        ServiceName.Length -= (USHORT)wcslen(FileExtension) * sizeof(WCHAR);
        FileExtension[0] = UNICODE_NULL;
    }

    /*
     * Determine the right device object
     */
    /* Use IopRootDeviceNode for now */
    Status = IopCreateDeviceNode(IopRootDeviceNode,
                                 NULL,
                                 &ServiceName,
                                 &DeviceNode);
    RtlFreeUnicodeString(&ServiceName);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Driver '%wZ' load failed, status (%x)\n", ModuleName, Status);
        return Status;
    }

    /* Lookup the new Ldr entry in PsLoadedModuleList */
    NextEntry = PsLoadedModuleList.Flink;
    while (NextEntry != &PsLoadedModuleList)
    {
        LdrEntry = CONTAINING_RECORD(NextEntry,
                                     LDR_DATA_TABLE_ENTRY,
                                     InLoadOrderLinks);
        if (RtlEqualUnicodeString(ModuleName, &LdrEntry->BaseDllName, TRUE))
        {
            break;
        }

        NextEntry = NextEntry->Flink;
    }
    ASSERT(NextEntry != &PsLoadedModuleList);

    /*
     * Initialize the driver
     */
    Status = IopInitializeDriverModule(DeviceNode,
                                       LdrEntry,
                                       &DeviceNode->ServiceName,
                                       FALSE,
                                       &DriverObject);

    if (!NT_SUCCESS(Status))
    {
        return Status;
    }

    Status = IopInitializeDevice(DeviceNode, DriverObject);
    if (NT_SUCCESS(Status))
    {
        Status = IopStartDevice(DeviceNode);
    }

    /* Remove extra reference from IopInitializeDriverModule */
    ObDereferenceObject(DriverObject);

    return Status;
}

Referenced by IopInitializeBootDrivers().

IopInitializeDriverModule()

NTSTATUS FASTCALL IopInitializeDriverModule	(	IN PDEVICE_NODE	DeviceNode,
		IN PLDR_DATA_TABLE_ENTRY	ModuleObject,
		IN PUNICODE_STRING	ServiceName,
		IN BOOLEAN	FileSystemDriver,
		OUT PDRIVER_OBJECT *	DriverObject
	)

Definition at line 467 of file driver.c.

{
    static const WCHAR ServicesKeyName[] = L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\";
    UNICODE_STRING DriverName;
    UNICODE_STRING RegistryKey;
    PDRIVER_INITIALIZE DriverEntry;
    PDRIVER_OBJECT Driver;
    NTSTATUS Status;

    DriverEntry = ModuleObject->EntryPoint;

    if (ServiceName != NULL && ServiceName->Length != 0)
    {
        RegistryKey.Length = 0;
        RegistryKey.MaximumLength = sizeof(ServicesKeyName) + ServiceName->Length;
        RegistryKey.Buffer = ExAllocatePoolWithTag(PagedPool,
                                                   RegistryKey.MaximumLength,
                                                   TAG_IO);
        if (RegistryKey.Buffer == NULL)
        {
            return STATUS_INSUFFICIENT_RESOURCES;
        }
        RtlAppendUnicodeToString(&RegistryKey, ServicesKeyName);
        RtlAppendUnicodeStringToString(&RegistryKey, ServiceName);
    }
    else
    {
        RtlInitEmptyUnicodeString(&RegistryKey, NULL, 0);
    }

    /* Create ModuleName string */
    if (ServiceName && ServiceName->Length > 0)
    {
        DriverName.Length = 0;
        DriverName.MaximumLength = sizeof(FILESYSTEM_ROOT_NAME) + ServiceName->Length;
        DriverName.Buffer = ExAllocatePoolWithTag(PagedPool,
                                                  DriverName.MaximumLength,
                                                  TAG_IO);
        if (DriverName.Buffer == NULL)
        {
            RtlFreeUnicodeString(&RegistryKey);
            return STATUS_INSUFFICIENT_RESOURCES;
        }

        if (FileSystemDriver != FALSE)
            RtlAppendUnicodeToString(&DriverName, FILESYSTEM_ROOT_NAME);
        else
            RtlAppendUnicodeToString(&DriverName, DRIVER_ROOT_NAME);
        RtlAppendUnicodeStringToString(&DriverName, ServiceName);

        DPRINT("Driver name: '%wZ'\n", &DriverName);
    }
    else
    {
        RtlInitEmptyUnicodeString(&DriverName, NULL, 0);
    }

    Status = IopCreateDriver(DriverName.Length > 0 ? &DriverName : NULL,
                             DriverEntry,
                             &RegistryKey,
                             ServiceName,
                             ModuleObject,
                             &Driver);
    RtlFreeUnicodeString(&RegistryKey);
    RtlFreeUnicodeString(&DriverName);

    if (!NT_SUCCESS(Status))
    {
        DPRINT("IopCreateDriver() failed (Status 0x%08lx)\n", Status);
        return Status;
    }

    *DriverObject = Driver;

    MmFreeDriverInitialization((PLDR_DATA_TABLE_ENTRY)Driver->DriverSection);

    /* Set the driver as initialized */
    IopReadyDeviceObjects(Driver);

    if (PnpSystemInit) IopReinitializeDrivers();

    return STATUS_SUCCESS;
}

Referenced by IopActionInitChildServices(), IopAttachFilterDriversCallback(), IopInitializeBootDrivers(), IopInitializeBuiltinDriver(), and IopLoadUnloadDriver().

IopInitializeSystemDrivers()

INIT_FUNCTION VOID FASTCALL IopInitializeSystemDrivers

(

VOID

)

Definition at line 1135 of file driver.c.

{
    PUNICODE_STRING *DriverList, *SavedList;

    /* No system drivers on the boot cd */
    if (KeLoaderBlock->SetupLdrBlock) return; // ExpInTextModeSetup

    /* Get the driver list */
    SavedList = DriverList = CmGetSystemDriverList();
    ASSERT(DriverList);

    /* Loop it */
    while (*DriverList)
    {
        /* Load the driver */
        ZwLoadDriver(*DriverList);

        /* Free the entry */
        RtlFreeUnicodeString(*DriverList);
        ExFreePool(*DriverList);

        /* Next entry */
        InbvIndicateProgress();
        DriverList++;
    }

    /* Free the list */
    ExFreePool(SavedList);
}

Referenced by IoInitSystem().

IopInvalidDeviceRequest()

NTSTATUS NTAPI IopInvalidDeviceRequest	(	PDEVICE_OBJECT	DeviceObject,
		PIRP	Irp
	)

Definition at line 46 of file driver.c.

{
    Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
    Irp->IoStatus.Information = 0;
    IoCompleteRequest(Irp, IO_NO_INCREMENT);
    return STATUS_INVALID_DEVICE_REQUEST;
}

Referenced by IopCreateDriver().

IopLoadServiceModule()

NTSTATUS FASTCALL IopLoadServiceModule	(	IN PUNICODE_STRING	ServiceName,
		OUT PLDR_DATA_TABLE_ENTRY *	ModuleObject
	)

Definition at line 314 of file driver.c.

{
    RTL_QUERY_REGISTRY_TABLE QueryTable[3];
    ULONG ServiceStart;
    UNICODE_STRING ServiceImagePath, CCSName;
    NTSTATUS Status;
    HANDLE CCSKey, ServiceKey;
    PVOID BaseAddress;

    ASSERT(ExIsResourceAcquiredExclusiveLite(&IopDriverLoadResource));
    ASSERT(ServiceName->Length);
    DPRINT("IopLoadServiceModule(%wZ, 0x%p)\n", ServiceName, ModuleObject);

    if (ExpInTextModeSetup)
    {
        /* We have no registry, but luckily we know where all the drivers are */
        DPRINT1("IopLoadServiceModule(%wZ, 0x%p) called in ExpInTextModeSetup mode...\n", ServiceName, ModuleObject);

        /* ServiceStart < 4 is all that matters */
        ServiceStart = 0;

        /* IopNormalizeImagePath will do all of the work for us if we give it an empty string */
        RtlInitEmptyUnicodeString(&ServiceImagePath, NULL, 0);
    }
    else
    {
        /* Open CurrentControlSet */
        RtlInitUnicodeString(&CCSName,
                             L"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services");
        Status = IopOpenRegistryKeyEx(&CCSKey, NULL, &CCSName, KEY_READ);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("IopOpenRegistryKeyEx() failed for '%wZ' with status 0x%lx\n",
                    &CCSName, Status);
            return Status;
        }

        /* Open service key */
        Status = IopOpenRegistryKeyEx(&ServiceKey, CCSKey, ServiceName, KEY_READ);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("IopOpenRegistryKeyEx() failed for '%wZ' with status 0x%lx\n",
                    ServiceName, Status);
            ZwClose(CCSKey);
            return Status;
        }

        /*
         * Get information about the service.
         */
        RtlZeroMemory(QueryTable, sizeof(QueryTable));

        RtlInitUnicodeString(&ServiceImagePath, NULL);

        QueryTable[0].Name = L"Start";
        QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
        QueryTable[0].EntryContext = &ServiceStart;

        QueryTable[1].Name = L"ImagePath";
        QueryTable[1].Flags = RTL_QUERY_REGISTRY_DIRECT;
        QueryTable[1].EntryContext = &ServiceImagePath;

        Status = RtlQueryRegistryValues(RTL_REGISTRY_HANDLE,
                                        (PWSTR)ServiceKey,
                                        QueryTable,
                                        NULL,
                                        NULL);

        ZwClose(ServiceKey);
        ZwClose(CCSKey);

        if (!NT_SUCCESS(Status))
        {
            DPRINT1("RtlQueryRegistryValues() failed (Status %x)\n", Status);
            return Status;
        }
    }

    /*
     * Normalize the image path for all later processing.
     */
    Status = IopNormalizeImagePath(&ServiceImagePath, ServiceName);

    if (!NT_SUCCESS(Status))
    {
        DPRINT("IopNormalizeImagePath() failed (Status %x)\n", Status);
        return Status;
    }

    /*
     * Case for disabled drivers
     */
    if (ServiceStart >= 4)
    {
        /* We can't load this */
        Status = STATUS_DRIVER_UNABLE_TO_LOAD;
    }
    else
    {
        DPRINT("Loading module from %wZ\n", &ServiceImagePath);
        Status = MmLoadSystemImage(&ServiceImagePath, NULL, NULL, 0, (PVOID)ModuleObject, &BaseAddress);
        if (NT_SUCCESS(Status))
        {
            IopDisplayLoadingMessage(ServiceName);
        }
    }

    ExFreePool(ServiceImagePath.Buffer);

    /*
     * Now check if the module was loaded successfully.
     */
    if (!NT_SUCCESS(Status))
    {
        DPRINT("Module loading failed (Status %x)\n", Status);
    }

    DPRINT("Module loading (Status %x)\n", Status);

    return Status;
}

Referenced by IopActionInitChildServices(), and IopAttachFilterDriversCallback().

IopLoadUnloadDriver()

NTSTATUS NTAPI IopLoadUnloadDriver	(	_In_opt_ PCUNICODE_STRING	RegistryPath,
		_Inout_ PDRIVER_OBJECT *	DriverObject
	)

Definition at line 1890 of file driver.c.

{
    RTL_QUERY_REGISTRY_TABLE QueryTable[3];
    UNICODE_STRING ImagePath;
    UNICODE_STRING ServiceName;
    NTSTATUS Status;
    ULONG Type;
    PDEVICE_NODE DeviceNode;
    PLDR_DATA_TABLE_ENTRY ModuleObject;
    PVOID BaseAddress;
    WCHAR *cur;

    /* Load/Unload must be called from system process */
    if (PsGetCurrentProcess() != PsInitialSystemProcess)
    {
        LOAD_UNLOAD_PARAMS LoadParams;

        /* Prepare parameters block */
        LoadParams.RegistryPath = RegistryPath;
        LoadParams.DriverObject = *DriverObject;
        KeInitializeEvent(&LoadParams.Event, NotificationEvent, FALSE);

        /* Initialize and queue a work item */
        ExInitializeWorkItem(&LoadParams.WorkItem,
                             IopLoadUnloadDriverWorker,
                             &LoadParams);
        ExQueueWorkItem(&LoadParams.WorkItem, DelayedWorkQueue);

        /* And wait till it completes */
        KeWaitForSingleObject(&LoadParams.Event,
                              UserRequest,
                              KernelMode,
                              FALSE,
                              NULL);
        return LoadParams.Status;
    }

    /* Check if it's an unload request */
    if (*DriverObject)
    {
        (*DriverObject)->DriverUnload(*DriverObject);
        return STATUS_SUCCESS;
    }

    RtlInitUnicodeString(&ImagePath, NULL);

    /*
     * Get the service name from the registry key name.
     */
    ASSERT(RegistryPath->Length >= sizeof(WCHAR));

    ServiceName = *RegistryPath;
    cur = RegistryPath->Buffer + RegistryPath->Length / sizeof(WCHAR) - 1;
    while (RegistryPath->Buffer != cur)
    {
        if (*cur == L'\\')
        {
            ServiceName.Buffer = cur + 1;
            ServiceName.Length = RegistryPath->Length -
                                 (USHORT)((ULONG_PTR)ServiceName.Buffer -
                                          (ULONG_PTR)RegistryPath->Buffer);
            break;
        }
        cur--;
    }

    /*
     * Get service type.
     */
    RtlZeroMemory(&QueryTable, sizeof(QueryTable));

    RtlInitUnicodeString(&ImagePath, NULL);

    QueryTable[0].Name = L"Type";
    QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT | RTL_QUERY_REGISTRY_REQUIRED;
    QueryTable[0].EntryContext = &Type;

    QueryTable[1].Name = L"ImagePath";
    QueryTable[1].Flags = RTL_QUERY_REGISTRY_DIRECT;
    QueryTable[1].EntryContext = &ImagePath;

    Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
                                    RegistryPath->Buffer,
                                    QueryTable, NULL, NULL);
    if (!NT_SUCCESS(Status))
    {
        DPRINT("RtlQueryRegistryValues() failed (Status %lx)\n", Status);
        if (ImagePath.Buffer) ExFreePool(ImagePath.Buffer);
        return Status;
    }

    /*
     * Normalize the image path for all later processing.
     */
    Status = IopNormalizeImagePath(&ImagePath, &ServiceName);
    if (!NT_SUCCESS(Status))
    {
        DPRINT("IopNormalizeImagePath() failed (Status %x)\n", Status);
        return Status;
    }

    DPRINT("FullImagePath: '%wZ'\n", &ImagePath);
    DPRINT("Type: %lx\n", Type);

    KeEnterCriticalRegion();
    ExAcquireResourceExclusiveLite(&IopDriverLoadResource, TRUE);
    /*
     * Get existing DriverObject pointer (in case the driver
     * has already been loaded and initialized).
     */
    Status = IopGetDriverObject(DriverObject,
                                &ServiceName,
                                (Type == SERVICE_FILE_SYSTEM_DRIVER ||
                                 Type == SERVICE_RECOGNIZER_DRIVER));

    if (!NT_SUCCESS(Status))
    {
        /*
         * Load the driver module
         */
        DPRINT("Loading module from %wZ\n", &ImagePath);
        Status = MmLoadSystemImage(&ImagePath, NULL, NULL, 0, (PVOID)&ModuleObject, &BaseAddress);
        if (!NT_SUCCESS(Status))
        {
            DPRINT("MmLoadSystemImage() failed (Status %lx)\n", Status);
            ExReleaseResourceLite(&IopDriverLoadResource);
            KeLeaveCriticalRegion();
            return Status;
        }

        /*
         * Initialize the driver module if it's loaded for the first time
         */
        Status = IopCreateDeviceNode(IopRootDeviceNode, NULL, &ServiceName, &DeviceNode);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("IopCreateDeviceNode() failed (Status %lx)\n", Status);
            ExReleaseResourceLite(&IopDriverLoadResource);
            KeLeaveCriticalRegion();
            MmUnloadSystemImage(ModuleObject);
            return Status;
        }

        IopDisplayLoadingMessage(&DeviceNode->ServiceName);

        Status = IopInitializeDriverModule(DeviceNode,
                                           ModuleObject,
                                           &DeviceNode->ServiceName,
                                           (Type == SERVICE_FILE_SYSTEM_DRIVER ||
                                            Type == SERVICE_RECOGNIZER_DRIVER),
                                           DriverObject);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("IopInitializeDriverModule() failed (Status %lx)\n", Status);
            ExReleaseResourceLite(&IopDriverLoadResource);
            KeLeaveCriticalRegion();
            MmUnloadSystemImage(ModuleObject);
            return Status;
        }

        ExReleaseResourceLite(&IopDriverLoadResource);
        KeLeaveCriticalRegion();

        /* Initialize and start device */
        IopInitializeDevice(DeviceNode, *DriverObject);
        Status = IopStartDevice(DeviceNode);
    }
    else
    {
        ExReleaseResourceLite(&IopDriverLoadResource);
        KeLeaveCriticalRegion();

        DPRINT("DriverObject already exist in ObjectManager\n");
        Status = STATUS_IMAGE_ALREADY_LOADED;

        /* IopGetDriverObject references the DriverObject, so dereference it */
        ObDereferenceObject(*DriverObject);
    }

    return Status;
}

Referenced by IopLoadUnloadDriverWorker(), IopUnloadDriver(), and NtLoadDriver().

IopLoadUnloadDriverWorker()

VOID NTAPI IopLoadUnloadDriverWorker

(

_Inout_ PVOID

Parameter

)

Definition at line 1877 of file driver.c.

{
    PLOAD_UNLOAD_PARAMS LoadParams = Parameter;

    ASSERT(PsGetCurrentProcess() == PsInitialSystemProcess);
    LoadParams->Status = IopLoadUnloadDriver(LoadParams->RegistryPath,
                                             &LoadParams->DriverObject);
    KeSetEvent(&LoadParams->Event, 0, FALSE);
}

Referenced by IopLoadUnloadDriver().

IopNormalizeImagePath()

NTSTATUS FASTCALL IopNormalizeImagePath	(	_Inout_ _When_(return >=0, _At_(ImagePath->Buffer, _Post_notnull_ __drv_allocatesMem(Mem))) PUNICODE_STRING	ImagePath,
		_In_ PUNICODE_STRING	ServiceName
	)

Definition at line 246 of file driver.c.

{
    UNICODE_STRING SystemRootString = RTL_CONSTANT_STRING(L"\\SystemRoot\\");
    UNICODE_STRING DriversPathString = RTL_CONSTANT_STRING(L"\\SystemRoot\\System32\\drivers\\");
    UNICODE_STRING DotSysString = RTL_CONSTANT_STRING(L".sys");
    UNICODE_STRING InputImagePath;

    DPRINT("Normalizing image path '%wZ' for service '%wZ'\n", ImagePath, ServiceName);

    InputImagePath = *ImagePath;
    if (InputImagePath.Length == 0)
    {
        ImagePath->Length = 0;
        ImagePath->MaximumLength = DriversPathString.Length +
                                   ServiceName->Length +
                                   DotSysString.Length +
                                   sizeof(UNICODE_NULL);
        ImagePath->Buffer = ExAllocatePoolWithTag(NonPagedPool,
                                                  ImagePath->MaximumLength,
                                                  TAG_IO);
        if (ImagePath->Buffer == NULL)
            return STATUS_NO_MEMORY;

        RtlCopyUnicodeString(ImagePath, &DriversPathString);
        RtlAppendUnicodeStringToString(ImagePath, ServiceName);
        RtlAppendUnicodeStringToString(ImagePath, &DotSysString);
    }
    else if (InputImagePath.Buffer[0] != L'\\')
    {
        ImagePath->Length = 0;
        ImagePath->MaximumLength = SystemRootString.Length +
                                   InputImagePath.Length +
                                   sizeof(UNICODE_NULL);
        ImagePath->Buffer = ExAllocatePoolWithTag(NonPagedPool,
                                                  ImagePath->MaximumLength,
                                                  TAG_IO);
        if (ImagePath->Buffer == NULL)
            return STATUS_NO_MEMORY;

        RtlCopyUnicodeString(ImagePath, &SystemRootString);
        RtlAppendUnicodeStringToString(ImagePath, &InputImagePath);

        /* Free caller's string */
        ExFreePoolWithTag(InputImagePath.Buffer, TAG_RTLREGISTRY);
    }

    DPRINT("Normalized image path is '%wZ' for service '%wZ'\n", ImagePath, ServiceName);

    return STATUS_SUCCESS;
}

Referenced by IopLoadServiceModule(), IopLoadUnloadDriver(), and IopUnloadDriver().

IopReinitializeBootDrivers()

VOID NTAPI IopReinitializeBootDrivers

(

VOID

)

Definition at line 1434 of file driver.c.

{
    PDRIVER_REINIT_ITEM ReinitItem;
    PLIST_ENTRY Entry;

    /* Get the first entry and start looping */
    Entry = ExInterlockedRemoveHeadList(&DriverBootReinitListHead,
                                        &DriverBootReinitListLock);
    while (Entry)
    {
        /* Get the item */
        ReinitItem = CONTAINING_RECORD(Entry, DRIVER_REINIT_ITEM, ItemEntry);

        /* Increment reinitialization counter */
        ReinitItem->DriverObject->DriverExtension->Count++;

        /* Remove the device object flag */
        ReinitItem->DriverObject->Flags &= ~DRVO_BOOTREINIT_REGISTERED;

        /* Call the routine */
        ReinitItem->ReinitRoutine(ReinitItem->DriverObject,
                                  ReinitItem->Context,
                                  ReinitItem->DriverObject->
                                  DriverExtension->Count);

        /* Free the entry */
        ExFreePool(Entry);

        /* Move to the next one */
        Entry = ExInterlockedRemoveHeadList(&DriverBootReinitListHead,
                                            &DriverBootReinitListLock);
    }
}

Referenced by IoInitSystem().

IopReinitializeDrivers()

VOID NTAPI IopReinitializeDrivers

(

VOID

)

Definition at line 1398 of file driver.c.

{
    PDRIVER_REINIT_ITEM ReinitItem;
    PLIST_ENTRY Entry;

    /* Get the first entry and start looping */
    Entry = ExInterlockedRemoveHeadList(&DriverReinitListHead,
                                        &DriverReinitListLock);
    while (Entry)
    {
        /* Get the item */
        ReinitItem = CONTAINING_RECORD(Entry, DRIVER_REINIT_ITEM, ItemEntry);

        /* Increment reinitialization counter */
        ReinitItem->DriverObject->DriverExtension->Count++;

        /* Remove the device object flag */
        ReinitItem->DriverObject->Flags &= ~DRVO_REINIT_REGISTERED;

        /* Call the routine */
        ReinitItem->ReinitRoutine(ReinitItem->DriverObject,
                                  ReinitItem->Context,
                                  ReinitItem->DriverObject->
                                  DriverExtension->Count);

        /* Free the entry */
        ExFreePool(Entry);

        /* Move to the next one */
        Entry = ExInterlockedRemoveHeadList(&DriverReinitListHead,
                                            &DriverReinitListLock);
    }
}

Referenced by IoInitSystem(), and IopInitializeDriverModule().

IopSuffixUnicodeString()

BOOLEAN NTAPI IopSuffixUnicodeString	(	IN PCUNICODE_STRING	String1,
		IN PCUNICODE_STRING	String2
	)

Definition at line 173 of file driver.c.

{
    PWCHAR pc1;
    PWCHAR pc2;
    ULONG Length;

    if (String2->Length < String1->Length)
        return FALSE;

    Length = String1->Length / 2;
    pc1 = String1->Buffer;
    pc2 = &String2->Buffer[String2->Length / sizeof(WCHAR) - Length];

    if (pc1 && pc2)
    {
        while (Length--)
        {
            if( *pc1++ != *pc2++ )
                return FALSE;
        }
        return TRUE;
    }
    return FALSE;
}

Referenced by IopDisplayLoadingMessage().

IopUnloadDriver()

NTSTATUS NTAPI IopUnloadDriver	(	PUNICODE_STRING	DriverServiceName,
		BOOLEAN	UnloadPnpDrivers
	)

Definition at line 1187 of file driver.c.

{
    RTL_QUERY_REGISTRY_TABLE QueryTable[2];
    UNICODE_STRING ImagePath;
    UNICODE_STRING ServiceName;
    UNICODE_STRING ObjectName;
    PDRIVER_OBJECT DriverObject;
    PDEVICE_OBJECT DeviceObject;
    PEXTENDED_DEVOBJ_EXTENSION DeviceExtension;
    NTSTATUS Status;
    PWSTR Start;
    BOOLEAN SafeToUnload = TRUE;
    KPROCESSOR_MODE PreviousMode;
    UNICODE_STRING CapturedServiceName;

    PAGED_CODE();

    PreviousMode = ExGetPreviousMode();

    /* Need the appropriate priviliege */
    if (!SeSinglePrivilegeCheck(SeLoadDriverPrivilege, PreviousMode))
    {
        DPRINT1("No unload privilege!\n");
        return STATUS_PRIVILEGE_NOT_HELD;
    }

    /* Capture the service name */
    Status = ProbeAndCaptureUnicodeString(&CapturedServiceName, PreviousMode, DriverServiceName);
    if (!NT_SUCCESS(Status))
    {
        return Status;
    }

    DPRINT("IopUnloadDriver('%wZ', %u)\n", &CapturedServiceName, UnloadPnpDrivers);


    /* We need a service name */
    if (CapturedServiceName.Length == 0)
    {
        ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
        return STATUS_INVALID_PARAMETER;
    }

    /*
     * Get the service name from the registry key name
     */
    Start = wcsrchr(CapturedServiceName.Buffer, L'\\');
    if (Start == NULL)
        Start = CapturedServiceName.Buffer;
    else
        Start++;

    RtlInitUnicodeString(&ServiceName, Start);

    /*
     * Construct the driver object name
     */
    ObjectName.Length = ((USHORT)wcslen(Start) + 8) * sizeof(WCHAR);
    ObjectName.MaximumLength = ObjectName.Length + sizeof(WCHAR);
    ObjectName.Buffer = ExAllocatePoolWithTag(PagedPool,
                                              ObjectName.MaximumLength,
                                              TAG_IO);
    if (!ObjectName.Buffer)
    {
        ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
        return STATUS_INSUFFICIENT_RESOURCES;
    }
    wcscpy(ObjectName.Buffer, DRIVER_ROOT_NAME);
    memcpy(ObjectName.Buffer + 8, Start, ObjectName.Length - 8 * sizeof(WCHAR));
    ObjectName.Buffer[ObjectName.Length/sizeof(WCHAR)] = UNICODE_NULL;

    /*
     * Find the driver object
     */
    Status = ObReferenceObjectByName(&ObjectName,
                                     0,
                                     0,
                                     0,
                                     IoDriverObjectType,
                                     KernelMode,
                                     0,
                                     (PVOID*)&DriverObject);

    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Can't locate driver object for %wZ\n", &ObjectName);
        ExFreePoolWithTag(ObjectName.Buffer, TAG_IO);
        ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
        return Status;
    }

    /* Free the buffer for driver object name */
    ExFreePoolWithTag(ObjectName.Buffer, TAG_IO);

    /* Check that driver is not already unloading */
    if (DriverObject->Flags & DRVO_UNLOAD_INVOKED)
    {
        DPRINT1("Driver deletion pending\n");
        ObDereferenceObject(DriverObject);
        ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
        return STATUS_DELETE_PENDING;
    }

    /*
     * Get path of service...
     */
    RtlZeroMemory(QueryTable, sizeof(QueryTable));

    RtlInitUnicodeString(&ImagePath, NULL);

    QueryTable[0].Name = L"ImagePath";
    QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
    QueryTable[0].EntryContext = &ImagePath;

    Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
                                    CapturedServiceName.Buffer,
                                    QueryTable,
                                    NULL,
                                    NULL);

    /* We no longer need service name */
    ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);

    if (!NT_SUCCESS(Status))
    {
        DPRINT1("RtlQueryRegistryValues() failed (Status %x)\n", Status);
        ObDereferenceObject(DriverObject);
        return Status;
    }

    /*
     * Normalize the image path for all later processing.
     */
    Status = IopNormalizeImagePath(&ImagePath, &ServiceName);

    if (!NT_SUCCESS(Status))
    {
        DPRINT1("IopNormalizeImagePath() failed (Status %x)\n", Status);
        ObDereferenceObject(DriverObject);
        return Status;
    }

    /* Free the service path */
    ExFreePool(ImagePath.Buffer);

    /*
     * Unload the module and release the references to the device object
     */

    /* Call the load/unload routine, depending on current process */
    if (DriverObject->DriverUnload && DriverObject->DriverSection &&
        (UnloadPnpDrivers || (DriverObject->Flags & DRVO_LEGACY_DRIVER)))
    {
        /* Loop through each device object of the driver
           and set DOE_UNLOAD_PENDING flag */
        DeviceObject = DriverObject->DeviceObject;
        while (DeviceObject)
        {
            /* Set the unload pending flag for the device */
            DeviceExtension = IoGetDevObjExtension(DeviceObject);
            DeviceExtension->ExtensionFlags |= DOE_UNLOAD_PENDING;

            /* Make sure there are no attached devices or no reference counts */
            if ((DeviceObject->ReferenceCount) || (DeviceObject->AttachedDevice))
            {
                /* Not safe to unload */
                DPRINT1("Drivers device object is referenced or has attached devices\n");

                SafeToUnload = FALSE;
            }

            DeviceObject = DeviceObject->NextDevice;
        }

        /* If not safe to unload, then return success */
        if (!SafeToUnload)
        {
            ObDereferenceObject(DriverObject);
            return STATUS_SUCCESS;
        }

        DPRINT1("Unloading driver '%wZ' (manual)\n", &DriverObject->DriverName);

        /* Set the unload invoked flag and call the unload routine */
        DriverObject->Flags |= DRVO_UNLOAD_INVOKED;
        Status = IopLoadUnloadDriver(NULL, &DriverObject);
        ASSERT(Status == STATUS_SUCCESS);

        /* Mark the driver object temporary, so it could be deleted later */
        ObMakeTemporaryObject(DriverObject);

        /* Dereference it 2 times */
        ObDereferenceObject(DriverObject);
        ObDereferenceObject(DriverObject);

        return Status;
    }
    else
    {
        DPRINT1("No DriverUnload function! '%wZ' will not be unloaded!\n", &DriverObject->DriverName);

        /* Dereference one time (refd inside this function) */
        ObDereferenceObject(DriverObject);

        /* Return unloading failure */
        return STATUS_INVALID_DEVICE_REQUEST;
    }
}

Referenced by NtUnloadDriver().

IoRegisterBootDriverReinitialization()

VOID NTAPI IoRegisterBootDriverReinitialization	(	IN PDRIVER_OBJECT	DriverObject,
		IN PDRIVER_REINITIALIZE	ReinitRoutine,
		IN PVOID	Context
	)

Definition at line 1706 of file driver.c.

{
    PDRIVER_REINIT_ITEM ReinitItem;

    /* Allocate the entry */
    ReinitItem = ExAllocatePoolWithTag(NonPagedPool,
                                       sizeof(DRIVER_REINIT_ITEM),
                                       TAG_REINIT);
    if (!ReinitItem) return;

    /* Fill it out */
    ReinitItem->DriverObject = DriverObject;
    ReinitItem->ReinitRoutine = ReinitRoutine;
    ReinitItem->Context = Context;

    /* Set the Driver Object flag and insert the entry into the list */
    DriverObject->Flags |= DRVO_BOOTREINIT_REGISTERED;
    ExInterlockedInsertTailList(&DriverBootReinitListHead,
                                &ReinitItem->ItemEntry,
                                &DriverBootReinitListLock);
}

Referenced by DriverEntry(), and HalpAddDevice().

IoRegisterDriverReinitialization()

VOID NTAPI IoRegisterDriverReinitialization	(	IN PDRIVER_OBJECT	DriverObject,
		IN PDRIVER_REINITIALIZE	ReinitRoutine,
		IN PVOID	Context
	)

Definition at line 1735 of file driver.c.

{
    PDRIVER_REINIT_ITEM ReinitItem;

    /* Allocate the entry */
    ReinitItem = ExAllocatePoolWithTag(NonPagedPool,
                                       sizeof(DRIVER_REINIT_ITEM),
                                       TAG_REINIT);
    if (!ReinitItem) return;

    /* Fill it out */
    ReinitItem->DriverObject = DriverObject;
    ReinitItem->ReinitRoutine = ReinitRoutine;
    ReinitItem->Context = Context;

    /* Set the Driver Object flag and insert the entry into the list */
    DriverObject->Flags |= DRVO_REINIT_REGISTERED;
    ExInterlockedInsertTailList(&DriverReinitListHead,
                                &ReinitItem->ItemEntry,
                                &DriverReinitListLock);
}

Referenced by DriverEntry().

LdrProcessDriverModule()

INIT_FUNCTION NTSTATUS NTAPI LdrProcessDriverModule	(	PLDR_DATA_TABLE_ENTRY	LdrEntry,
		PUNICODE_STRING	FileName,
		PLDR_DATA_TABLE_ENTRY *	ModuleObject
	)

Definition at line 726 of file driver.c.

{
    NTSTATUS Status;
    UNICODE_STRING BaseName, BaseDirectory;
    PLOAD_IMPORTS LoadedImports = (PVOID)-2;
    PCHAR MissingApiName, Buffer;
    PWCHAR MissingDriverName;
    PVOID DriverBase = LdrEntry->DllBase;

    /* Allocate a buffer we'll use for names */
    Buffer = ExAllocatePoolWithTag(NonPagedPool,
                                   MAXIMUM_FILENAME_LENGTH,
                                   TAG_LDR_WSTR);
    if (!Buffer)
    {
        /* Fail */
        return STATUS_INSUFFICIENT_RESOURCES;
    }

    /* Check for a separator */
    if (FileName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR)
    {
        PWCHAR p;
        ULONG BaseLength;

        /* Loop the path until we get to the base name */
        p = &FileName->Buffer[FileName->Length / sizeof(WCHAR)];
        while (*(p - 1) != OBJ_NAME_PATH_SEPARATOR) p--;

        /* Get the length */
        BaseLength = (ULONG)(&FileName->Buffer[FileName->Length / sizeof(WCHAR)] - p);
        BaseLength *= sizeof(WCHAR);

        /* Setup the string */
        BaseName.Length = (USHORT)BaseLength;
        BaseName.Buffer = p;
    }
    else
    {
        /* Otherwise, we already have a base name */
        BaseName.Length = FileName->Length;
        BaseName.Buffer = FileName->Buffer;
    }

    /* Setup the maximum length */
    BaseName.MaximumLength = BaseName.Length;

    /* Now compute the base directory */
    BaseDirectory = *FileName;
    BaseDirectory.Length -= BaseName.Length;
    BaseDirectory.MaximumLength = BaseDirectory.Length;

    /* Resolve imports */
    MissingApiName = Buffer;
    Status = MiResolveImageReferences(DriverBase,
                                      &BaseDirectory,
                                      NULL,
                                      &MissingApiName,
                                      &MissingDriverName,
                                      &LoadedImports);

    /* Free the temporary buffer */
    ExFreePoolWithTag(Buffer, TAG_LDR_WSTR);

    /* Check the result of the imports resolution */
    if (!NT_SUCCESS(Status)) return Status;

    /* Return */
    *ModuleObject = LdrEntry;
    return STATUS_SUCCESS;
}

MiResolveImageReferences()

NTSTATUS NTAPI MiResolveImageReferences	(	IN PVOID	ImageBase,
		IN PUNICODE_STRING	ImageFileDirectory,
		IN PUNICODE_STRING NamePrefix	OPTIONAL,
		OUT PCHAR *	MissingApi,
		OUT PWCHAR *	MissingDriver,
		OUT PLOAD_IMPORTS *	LoadImports
	)

Definition at line 1000 of file sysldr.c.

{
    static UNICODE_STRING DriversFolderName = RTL_CONSTANT_STRING(L"drivers\\");
    PCHAR MissingApiBuffer = *MissingApi, ImportName;
    PIMAGE_IMPORT_DESCRIPTOR ImportDescriptor, CurrentImport;
    ULONG ImportSize, ImportCount = 0, LoadedImportsSize, ExportSize;
    PLOAD_IMPORTS LoadedImports, NewImports;
    ULONG GdiLink, NormalLink, i;
    BOOLEAN ReferenceNeeded, Loaded;
    ANSI_STRING TempString;
    UNICODE_STRING NameString, DllName;
    PLDR_DATA_TABLE_ENTRY LdrEntry = NULL, DllEntry, ImportEntry = NULL;
    PVOID ImportBase, DllBase;
    PLIST_ENTRY NextEntry;
    PIMAGE_EXPORT_DIRECTORY ExportDirectory;
    NTSTATUS Status;
    PIMAGE_THUNK_DATA OrigThunk, FirstThunk;
    PAGED_CODE();
    DPRINT("%s - ImageBase: %p. ImageFileDirectory: %wZ\n",
           __FUNCTION__, ImageBase, ImageFileDirectory);

    /* No name string buffer yet */
    NameString.Buffer = NULL;

    /* Assume no imports */
    *LoadImports = MM_SYSLDR_NO_IMPORTS;

    /* Get the import descriptor */
    ImportDescriptor = RtlImageDirectoryEntryToData(ImageBase,
                                                    TRUE,
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT,
                                                    &ImportSize);
    if (!ImportDescriptor) return STATUS_SUCCESS;

    /* Loop all imports to count them */
    for (CurrentImport = ImportDescriptor;
         (CurrentImport->Name) && (CurrentImport->OriginalFirstThunk);
         CurrentImport++)
    {
        /* One more */
        ImportCount++;
    }

    /* Make sure we have non-zero imports */
    if (ImportCount)
    {
        /* Calculate and allocate the list we'll need */
        LoadedImportsSize = ImportCount * sizeof(PVOID) + sizeof(SIZE_T);
        LoadedImports = ExAllocatePoolWithTag(PagedPool,
                                              LoadedImportsSize,
                                              TAG_LDR_IMPORTS);
        if (LoadedImports)
        {
            /* Zero it */
            RtlZeroMemory(LoadedImports, LoadedImportsSize);
            LoadedImports->Count = ImportCount;
        }
    }
    else
    {
        /* No table */
        LoadedImports = NULL;
    }

    /* Reset the import count and loop descriptors again */
    ImportCount = GdiLink = NormalLink = 0;
    while ((ImportDescriptor->Name) && (ImportDescriptor->OriginalFirstThunk))
    {
        /* Get the name */
        ImportName = (PCHAR)((ULONG_PTR)ImageBase + ImportDescriptor->Name);

        /* Check if this is a GDI driver */
        GdiLink = GdiLink |
                  !(_strnicmp(ImportName, "win32k", sizeof("win32k") - 1));

        /* We can also allow dxapi (for Windows compat, allow IRT and coverage )*/
        NormalLink = NormalLink |
                     ((_strnicmp(ImportName, "win32k", sizeof("win32k") - 1)) &&
                      (_strnicmp(ImportName, "dxapi", sizeof("dxapi") - 1)) &&
                      (_strnicmp(ImportName, "coverage", sizeof("coverage") - 1)) &&
                      (_strnicmp(ImportName, "irt", sizeof("irt") - 1)));

        /* Check if this is a valid GDI driver */
        if ((GdiLink) && (NormalLink))
        {
            /* It's not, it's importing stuff it shouldn't be! */
            Status = STATUS_PROCEDURE_NOT_FOUND;
            goto Failure;
        }

        /* Check for user-mode printer or video card drivers, which don't belong */
        if (!(_strnicmp(ImportName, "ntdll", sizeof("ntdll") - 1)) ||
            !(_strnicmp(ImportName, "winsrv", sizeof("winsrv") - 1)) ||
            !(_strnicmp(ImportName, "advapi32", sizeof("advapi32") - 1)) ||
            !(_strnicmp(ImportName, "kernel32", sizeof("kernel32") - 1)) ||
            !(_strnicmp(ImportName, "user32", sizeof("user32") - 1)) ||
            !(_strnicmp(ImportName, "gdi32", sizeof("gdi32") - 1)))
        {
            /* This is not kernel code */
            Status = STATUS_PROCEDURE_NOT_FOUND;
            goto Failure;
        }

        /* Check if this is a "core" import, which doesn't get referenced */
        if (!(_strnicmp(ImportName, "ntoskrnl", sizeof("ntoskrnl") - 1)) ||
            !(_strnicmp(ImportName, "win32k", sizeof("win32k") - 1)) ||
            !(_strnicmp(ImportName, "hal", sizeof("hal") - 1)))
        {
            /* Don't reference this */
            ReferenceNeeded = FALSE;
        }
        else
        {
            /* Reference these modules */
            ReferenceNeeded = TRUE;
        }

        /* Now setup a unicode string for the import */
        RtlInitAnsiString(&TempString, ImportName);
        Status = RtlAnsiStringToUnicodeString(&NameString, &TempString, TRUE);
        if (!NT_SUCCESS(Status))
        {
            /* Failed */
            goto Failure;
        }

        /* We don't support name prefixes yet */
        if (NamePrefix) DPRINT1("Name Prefix not yet supported!\n");

        /* Remember that we haven't loaded the import at this point */
CheckDllState:
        Loaded = FALSE;
        ImportBase = NULL;

        /* Loop the driver list */
        NextEntry = PsLoadedModuleList.Flink;
        while (NextEntry != &PsLoadedModuleList)
        {
            /* Get the loader entry and compare the name */
            LdrEntry = CONTAINING_RECORD(NextEntry,
                                         LDR_DATA_TABLE_ENTRY,
                                         InLoadOrderLinks);
            if (RtlEqualUnicodeString(&NameString,
                                      &LdrEntry->BaseDllName,
                                      TRUE))
            {
                /* Get the base address */
                ImportBase = LdrEntry->DllBase;

                /* Check if we haven't loaded yet, and we need references */
                if (!(Loaded) && (ReferenceNeeded))
                {
                    /* Make sure we're not already loading */
                    if (!(LdrEntry->Flags & LDRP_LOAD_IN_PROGRESS))
                    {
                        /* Increase the load count */
                        LdrEntry->LoadCount++;
                    }
                }

                /* Done, break out */
                break;
            }

            /* Go to the next entry */
            NextEntry = NextEntry->Flink;
        }

        /* Check if we haven't loaded the import yet */
        if (!ImportBase)
        {
            /* Setup the import DLL name */
            DllName.MaximumLength = NameString.Length +
                                    ImageFileDirectory->Length +
                                    sizeof(UNICODE_NULL);
            DllName.Buffer = ExAllocatePoolWithTag(NonPagedPool,
                                                   DllName.MaximumLength,
                                                   TAG_LDR_WSTR);
            if (!DllName.Buffer)
            {
                /* We're out of resources */
                Status = STATUS_INSUFFICIENT_RESOURCES;
                goto Failure;
            }

            /* Add the import name to the base directory */
            RtlCopyUnicodeString(&DllName, ImageFileDirectory);
            RtlAppendUnicodeStringToString(&DllName,
                                           &NameString);

            /* Load the image */
            Status = MmLoadSystemImage(&DllName,
                                       NamePrefix,
                                       NULL,
                                       FALSE,
                                       (PVOID *)&DllEntry,
                                       &DllBase);

            /* win32k / GDI drivers can also import from system32 folder */
            if ((Status == STATUS_OBJECT_NAME_NOT_FOUND) &&
                (MI_IS_SESSION_ADDRESS(ImageBase) || 1)) // HACK
            {
                /* Free the old name buffer */
                ExFreePoolWithTag(DllName.Buffer, TAG_LDR_WSTR);

                /* Calculate size for a string the adds 'drivers\' */
                DllName.MaximumLength += DriversFolderName.Length;

                /* Allocate the new buffer */
                DllName.Buffer = ExAllocatePoolWithTag(NonPagedPool,
                                                       DllName.MaximumLength,
                                                       TAG_LDR_WSTR);
                if (!DllName.Buffer)
                {
                    /* We're out of resources */
                    Status = STATUS_INSUFFICIENT_RESOURCES;
                    goto Failure;
                }

                /* Copy image directory and append 'drivers\' folder name */
                RtlCopyUnicodeString(&DllName, ImageFileDirectory);
                RtlAppendUnicodeStringToString(&DllName, &DriversFolderName);

                /* Now add the import name */
                RtlAppendUnicodeStringToString(&DllName, &NameString);

                /* Try once again to load the image */
                Status = MmLoadSystemImage(&DllName,
                                           NamePrefix,
                                           NULL,
                                           FALSE,
                                           (PVOID *)&DllEntry,
                                           &DllBase);
            }

            if (!NT_SUCCESS(Status))
            {
                /* Fill out the information for the error */
                *MissingDriver = DllName.Buffer;
                *(PULONG)MissingDriver |= 1;
                *MissingApi = NULL;

                DPRINT1("Failed to load dependency: %wZ\n", &DllName);

                /* Don't free the name */
                DllName.Buffer = NULL;

                /* Cleanup and return */
                goto Failure;
            }

            /* We can free the DLL Name */
            ExFreePoolWithTag(DllName.Buffer, TAG_LDR_WSTR);
            DllName.Buffer = NULL;

            /* We're now loaded */
            Loaded = TRUE;

            /* Sanity check */
            ASSERT(DllBase == DllEntry->DllBase);

            /* Call the initialization routines */
            Status = MmCallDllInitialize(DllEntry, &PsLoadedModuleList);
            if (!NT_SUCCESS(Status))
            {
                /* We failed, unload the image */
                MmUnloadSystemImage(DllEntry);
                ERROR_DBGBREAK("MmCallDllInitialize failed with status 0x%x\n", Status);
                Loaded = FALSE;
            }

            /* Loop again to make sure that everything is OK */
            goto CheckDllState;
        }

        /* Check if we're support to reference this import */
        if ((ReferenceNeeded) && (LoadedImports))
        {
            /* Make sure we're not already loading */
            if (!(LdrEntry->Flags & LDRP_LOAD_IN_PROGRESS))
            {
                /* Add the entry */
                LoadedImports->Entry[ImportCount] = LdrEntry;
                ImportCount++;
            }
        }

        /* Free the import name */
        RtlFreeUnicodeString(&NameString);

        /* Set the missing driver name and get the export directory */
        *MissingDriver = LdrEntry->BaseDllName.Buffer;
        ExportDirectory = RtlImageDirectoryEntryToData(ImportBase,
                                                       TRUE,
                                                       IMAGE_DIRECTORY_ENTRY_EXPORT,
                                                       &ExportSize);
        if (!ExportDirectory)
        {
            /* Cleanup and return */
            DPRINT1("Warning: Driver failed to load, %S not found\n", *MissingDriver);
            Status = STATUS_DRIVER_ENTRYPOINT_NOT_FOUND;
            goto Failure;
        }

        /* Make sure we have an IAT */
        if (ImportDescriptor->OriginalFirstThunk)
        {
            /* Get the first thunks */
            OrigThunk = (PVOID)((ULONG_PTR)ImageBase +
                                ImportDescriptor->OriginalFirstThunk);
            FirstThunk = (PVOID)((ULONG_PTR)ImageBase +
                                 ImportDescriptor->FirstThunk);

            /* Loop the IAT */
            while (OrigThunk->u1.AddressOfData)
            {
                /* Snap thunk */
                Status = MiSnapThunk(ImportBase,
                                     ImageBase,
                                     OrigThunk++,
                                     FirstThunk++,
                                     ExportDirectory,
                                     ExportSize,
                                     FALSE,
                                     MissingApi);
                if (!NT_SUCCESS(Status))
                {
                    /* Cleanup and return */
                    goto Failure;
                }

                /* Reset the buffer */
                *MissingApi = MissingApiBuffer;
            }
        }

        /* Go to the next import */
        ImportDescriptor++;
    }

    /* Check if we have an import list */
    if (LoadedImports)
    {
        /* Reset the count again, and loop entries */
        ImportCount = 0;
        for (i = 0; i < LoadedImports->Count; i++)
        {
            if (LoadedImports->Entry[i])
            {
                /* Got an entry, OR it with 1 in case it's the single entry */
                ImportEntry = (PVOID)((ULONG_PTR)LoadedImports->Entry[i] |
                                      MM_SYSLDR_SINGLE_ENTRY);
                ImportCount++;
            }
        }

        /* Check if we had no imports */
        if (!ImportCount)
        {
            /* Free the list and set it to no imports */
            ExFreePoolWithTag(LoadedImports, TAG_LDR_IMPORTS);
            LoadedImports = MM_SYSLDR_NO_IMPORTS;
        }
        else if (ImportCount == 1)
        {
            /* Just one entry, we can free the table and only use our entry */
            ExFreePoolWithTag(LoadedImports, TAG_LDR_IMPORTS);
            LoadedImports = (PLOAD_IMPORTS)ImportEntry;
        }
        else if (ImportCount != LoadedImports->Count)
        {
            /* Allocate a new list */
            LoadedImportsSize = ImportCount * sizeof(PVOID) + sizeof(SIZE_T);
            NewImports = ExAllocatePoolWithTag(PagedPool,
                                               LoadedImportsSize,
                                               TAG_LDR_IMPORTS);
            if (NewImports)
            {
                /* Set count */
                NewImports->Count = 0;

                /* Loop all the imports */
                for (i = 0; i < LoadedImports->Count; i++)
                {
                    /* Make sure it's valid */
                    if (LoadedImports->Entry[i])
                    {
                        /* Copy it */
                        NewImports->Entry[NewImports->Count] = LoadedImports->Entry[i];
                        NewImports->Count++;
                    }
                }

                /* Free the old copy */
                ExFreePoolWithTag(LoadedImports, TAG_LDR_IMPORTS);
                LoadedImports = NewImports;
            }
        }

        /* Return the list */
        *LoadImports = LoadedImports;
    }

    /* Return success */
    return STATUS_SUCCESS;

Failure:

    /* Cleanup and return */
    RtlFreeUnicodeString(&NameString);

    if (LoadedImports)
    {
        MiDereferenceImports(LoadedImports);
        ExFreePoolWithTag(LoadedImports, TAG_LDR_IMPORTS);
    }

    return Status;
}

Referenced by LdrProcessDriverModule(), and MmLoadSystemImage().

MmFreeDriverInitialization()

VOID NTAPI MmFreeDriverInitialization

(

IN PLDR_DATA_TABLE_ENTRY

LdrEntry

)

Definition at line 1627 of file sysldr.c.

{
    PMMPTE StartPte, EndPte;
    PFN_NUMBER PageCount;
    PVOID DllBase;
    ULONG i;
    PIMAGE_NT_HEADERS NtHeader;
    PIMAGE_SECTION_HEADER Section, DiscardSection;

    /* Get the base address and the page count */
    DllBase = LdrEntry->DllBase;
    PageCount = LdrEntry->SizeOfImage >> PAGE_SHIFT;

    /* Get the last PTE in this image */
    EndPte = MiAddressToPte(DllBase) + PageCount;

    /* Get the NT header */
    NtHeader = RtlImageNtHeader(DllBase);
    if (!NtHeader) return;

    /* Get the last section and loop each section backwards */
    Section = IMAGE_FIRST_SECTION(NtHeader) + NtHeader->FileHeader.NumberOfSections;
    DiscardSection = NULL;
    for (i = 0; i < NtHeader->FileHeader.NumberOfSections; i++)
    {
        /* Go back a section and check if it's discardable */
        Section--;
        if (Section->Characteristics & IMAGE_SCN_MEM_DISCARDABLE)
        {
            /* It is, select it for freeing */
            DiscardSection = Section;
        }
        else
        {
            /* No more discardable sections exist, bail out */
            break;
        }
    }

    /* Bail out if there's nothing to free */
    if (!DiscardSection) return;

    /* Push the DLL base to the first disacrable section, and get its PTE */
    DllBase = (PVOID)ROUND_TO_PAGES((ULONG_PTR)DllBase + DiscardSection->VirtualAddress);
    ASSERT(MI_IS_PHYSICAL_ADDRESS(DllBase) == FALSE);
    StartPte = MiAddressToPte(DllBase);

    /* Check how many pages to free total */
    PageCount = (PFN_NUMBER)(EndPte - StartPte);
    if (!PageCount) return;

    /* Delete this many PTEs */
    MiDeleteSystemPageableVm(StartPte, PageCount, 0, NULL);
}

Referenced by IopInitializeDriverModule().

NtLoadDriver()

NTSTATUS NTAPI NtLoadDriver

(

IN PUNICODE_STRING

DriverServiceName

)

Definition at line 2090 of file driver.c.

{
    UNICODE_STRING CapturedDriverServiceName = { 0, 0, NULL };
    KPROCESSOR_MODE PreviousMode;
    PDRIVER_OBJECT DriverObject;
    NTSTATUS Status;

    PAGED_CODE();

    PreviousMode = KeGetPreviousMode();

    /*
     * Check security privileges
     */
    if (!SeSinglePrivilegeCheck(SeLoadDriverPrivilege, PreviousMode))
    {
        DPRINT("Privilege not held\n");
        return STATUS_PRIVILEGE_NOT_HELD;
    }

    Status = ProbeAndCaptureUnicodeString(&CapturedDriverServiceName,
                                          PreviousMode,
                                          DriverServiceName);
    if (!NT_SUCCESS(Status))
    {
        return Status;
    }

    DPRINT("NtLoadDriver('%wZ')\n", &CapturedDriverServiceName);

    /* Load driver and call its entry point */
    DriverObject = NULL;
    Status = IopLoadUnloadDriver(&CapturedDriverServiceName, &DriverObject);

    ReleaseCapturedUnicodeString(&CapturedDriverServiceName,
                                 PreviousMode);

    return Status;
}

Referenced by NtStartDriver(), ScmLoadDriver(), and wmain().

NtUnloadDriver()

NTSTATUS NTAPI NtUnloadDriver

(

IN PUNICODE_STRING

DriverServiceName

)

Definition at line 2147 of file driver.c.

{
    return IopUnloadDriver(DriverServiceName, FALSE);
}

Referenced by LoadVia_SystemExtendServiceTableInformation(), LoadVia_SystemLoadGdiDriverInformation(), NtStopDriver(), ScmUnloadDriver(), and wmain().

Variable Documentation

DriverBootReinitListHead

LIST_ENTRY DriverBootReinitListHead

Definition at line 26 of file driver.c.

Referenced by IoInitSystem(), IopReinitializeBootDrivers(), and IoRegisterBootDriverReinitialization().

DriverBootReinitListLock

KSPIN_LOCK DriverBootReinitListLock

Definition at line 27 of file driver.c.

Referenced by IoInitSystem(), IopReinitializeBootDrivers(), and IoRegisterBootDriverReinitialization().

DriverBootReinitTailEntry

PLIST_ENTRY DriverBootReinitTailEntry

Definition at line 25 of file driver.c.

DriverReinitListHead

LIST_ENTRY DriverReinitListHead

Definition at line 21 of file driver.c.

Referenced by IoInitSystem(), IopReinitializeDrivers(), and IoRegisterDriverReinitialization().

DriverReinitListLock

KSPIN_LOCK DriverReinitListLock

Definition at line 22 of file driver.c.

Referenced by IoInitSystem(), IopReinitializeDrivers(), and IoRegisterDriverReinitialization().

DriverReinitTailEntry

PLIST_ENTRY DriverReinitTailEntry

Definition at line 23 of file driver.c.

ExpInTextModeSetup

BOOLEAN ExpInTextModeSetup

Definition at line 66 of file init.c.

Referenced by CmpGetRegistryPath(), DisplayBootBitmap(), ExpInitializeExecutive(), IopDisplayLoadingMessage(), and IopLoadServiceModule().

IoDriverObjectType

POBJECT_TYPE IoDriverObjectType = NULL

Definition at line 32 of file driver.c.

Referenced by IopCreateDriver(), IopCreateObjectTypes(), IopGetDriverObject(), IopGetDriverPathInformation(), IopUnloadDriver(), and TestObjectTypes().

IopDriverLoadResource

ERESOURCE IopDriverLoadResource

Definition at line 19 of file driver.c.

Referenced by IoInitSystem(), IopActionInitChildServices(), IopAttachFilterDriversCallback(), IopGetDriverObject(), IopLoadServiceModule(), and IopLoadUnloadDriver().

IopGroupIndex

USHORT IopGroupIndex

Definition at line 39 of file driver.c.

Referenced by IopInitializeBootDrivers().

IopGroupTable

PLIST_ENTRY IopGroupTable

Definition at line 40 of file driver.c.

Referenced by IopInitializeBootDrivers().

IopHardwareDatabaseKey

UNICODE_STRING IopHardwareDatabaseKey

Initial value:

=
   RTL_CONSTANT_STRING(L"\\REGISTRY\\MACHINE\\HARDWARE\\DESCRIPTION\\SYSTEM")

Definition at line 29 of file driver.c.

Referenced by IopCreateDriver().

PnpSystemInit

BOOLEAN PnpSystemInit

Definition at line 17 of file iomgr.c.

Referenced by IopInitializeDriverModule().