csr.h File Reference

#include <ndk/lpcfuncs.h>
#include <csr/csr.h>
#include <win/winmsg.h>

Include dependency graph for csr.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros
#define	ST_RIT   (1<<0)
#define	ST_DESKTOP_THREAD   (1<<1)
#define	ST_GHOST_THREAD   (1<<2)

Functions
VOID	InitCsrProcess (VOID)
VOID	ResetCsrProcess (VOID)
NTSTATUS	InitCsrApiPort (IN HANDLE CsrPortHandle)
VOID	ResetCsrApiPort (VOID)
NTSTATUS NTAPI	CsrClientCallServer (IN OUT PCSR_API_MESSAGE ApiMessage, IN OUT PCSR_CAPTURE_BUFFER CaptureBuffer OPTIONAL, IN CSR_API_NUMBER ApiNumber, IN ULONG DataLength)
DWORD	UserSystemThreadProc (BOOL bRemoteProcess)
BOOL	UserCreateSystemThread (DWORD Type)

Variables
PEPROCESS	gpepCSRSS
PVOID	CsrApiPort

Macro Definition Documentation

ST_DESKTOP_THREAD

#define ST_DESKTOP_THREAD   (1<<1)

Definition at line 36 of file csr.h.

ST_GHOST_THREAD

#define ST_GHOST_THREAD   (1<<2)

Definition at line 37 of file csr.h.

ST_RIT

#define ST_RIT   (1<<0)

Definition at line 35 of file csr.h.

Function Documentation

CsrClientCallServer()

NTSTATUS NTAPI CsrClientCallServer	(	IN OUT PCSR_API_MESSAGE	ApiMessage,
		IN OUT PCSR_CAPTURE_BUFFER CaptureBuffer	OPTIONAL,
		IN CSR_API_NUMBER	ApiNumber,
		IN ULONG	DataLength
	)

Definition at line 360 of file connect.c.

{
    NTSTATUS Status;
    ULONG PointerCount;
    PULONG_PTR OffsetPointer;

    /* Fill out the Port Message Header */
    ApiMessage->Header.u2.ZeroInit = 0;
    ApiMessage->Header.u1.s1.TotalLength = DataLength +
        sizeof(CSR_API_MESSAGE) - sizeof(ApiMessage->Data); // FIELD_OFFSET(CSR_API_MESSAGE, Data) + DataLength;
    ApiMessage->Header.u1.s1.DataLength = DataLength +
        FIELD_OFFSET(CSR_API_MESSAGE, Data) - sizeof(ApiMessage->Header); // ApiMessage->Header.u1.s1.TotalLength - sizeof(PORT_MESSAGE);

    /* Fill out the CSR Header */
    ApiMessage->ApiNumber = ApiNumber;
    ApiMessage->CsrCaptureData = NULL;

    DPRINT("API: %lx, u1.s1.DataLength: %x, u1.s1.TotalLength: %x\n",
           ApiNumber,
           ApiMessage->Header.u1.s1.DataLength,
           ApiMessage->Header.u1.s1.TotalLength);

    /* Check if we are already inside a CSR Server */
    if (!InsideCsrProcess)
    {
        /* Check if we got a Capture Buffer */
        if (CaptureBuffer)
        {
            /*
             * We have to convert from our local (client) view
             * to the remote (server) view.
             */
            ApiMessage->CsrCaptureData = (PCSR_CAPTURE_BUFFER)
                ((ULONG_PTR)CaptureBuffer + CsrPortMemoryDelta);

            /* Lock the buffer. */
            CaptureBuffer->BufferEnd = NULL;

            /*
             * Each client pointer inside the CSR message is converted into
             * a server pointer, and each pointer to these message pointers
             * is converted into an offset.
             */
            PointerCount  = CaptureBuffer->PointerCount;
            OffsetPointer = CaptureBuffer->PointerOffsetsArray;
            while (PointerCount--)
            {
                if (*OffsetPointer != 0)
                {
                    *(PULONG_PTR)*OffsetPointer += CsrPortMemoryDelta;
                    *OffsetPointer -= (ULONG_PTR)ApiMessage;
                }
                ++OffsetPointer;
            }
        }

        /* Send the LPC Message */
        Status = NtRequestWaitReplyPort(CsrApiPort,
                                        &ApiMessage->Header,
                                        &ApiMessage->Header);

        /* Check if we got a Capture Buffer */
        if (CaptureBuffer)
        {
            /*
             * We have to convert back from the remote (server) view
             * to our local (client) view.
             */
            ApiMessage->CsrCaptureData = (PCSR_CAPTURE_BUFFER)
                ((ULONG_PTR)ApiMessage->CsrCaptureData - CsrPortMemoryDelta);

            /*
             * Convert back the offsets into pointers to CSR message
             * pointers, and convert back these message server pointers
             * into client pointers.
             */
            PointerCount  = CaptureBuffer->PointerCount;
            OffsetPointer = CaptureBuffer->PointerOffsetsArray;
            while (PointerCount--)
            {
                if (*OffsetPointer != 0)
                {
                    *OffsetPointer += (ULONG_PTR)ApiMessage;
                    *(PULONG_PTR)*OffsetPointer -= CsrPortMemoryDelta;
                }
                ++OffsetPointer;
            }
        }

        /* Check for success */
        if (!NT_SUCCESS(Status))
        {
            /* We failed. Overwrite the return value with the failure. */
            DPRINT1("LPC Failed: %lx\n", Status);
            ApiMessage->Status = Status;
        }
    }
    else
    {
        /* This is a server-to-server call. Save our CID and do a direct call. */
        DPRINT("Next gen server-to-server call\n");

        /* We check this equality inside CsrValidateMessageBuffer */
        ApiMessage->Header.ClientId = NtCurrentTeb()->ClientId;

        Status = CsrServerApiRoutine(&ApiMessage->Header,
                                     &ApiMessage->Header);

        /* Check for success */
        if (!NT_SUCCESS(Status))
        {
            /* We failed. Overwrite the return value with the failure. */
            ApiMessage->Status = Status;
        }
    }

    /* Return the CSR Result */
    DPRINT("Got back: 0x%lx\n", ApiMessage->Status);
    return ApiMessage->Status;
}

Referenced by BaseCheckForVDM(), BaseCheckVDM(), BasepNotifyCsrOfThread(), BaseUpdateVDMEntry(), CloseConsoleHandle(), ConsoleMenuControl(), CreateConsoleScreenBuffer(), CreateProcessInternalW(), CsrClientConnectToServer(), CsrIdentifyAlertableThread(), CsrSetPriorityClass(), DefineDosDeviceW(), DuplicateConsoleHandle(), EndTask(), ExitProcess(), ExitVDM(), ExitWindowsWorker(), FlushConsoleInputBuffer(), FreeConsole(), GenerateConsoleCtrlEvent(), GetConsoleCP(), GetConsoleCursorInfo(), GetConsoleDisplayMode(), GetConsoleFontInfo(), GetConsoleFontSize(), GetConsoleHandleInformation(), GetConsoleHardwareState(), GetConsoleMode(), GetConsoleOutputCP(), GetConsoleProcessList(), GetConsoleScreenBufferInfo(), GetConsoleSelectionInfo(), GetConsoleWindow(), GetCurrentConsoleFont(), GetLargestConsoleWindowSize(), GetNextVDMCommand(), GetNumberOfConsoleFonts(), GetNumberOfConsoleInputEvents(), GetNumberOfConsoleMouseButtons(), GetProcessShutdownParameters(), GetTempFileNameW(), GetThreadDesktop(), GetVDMCurrentDirectories(), IntAddConsoleAlias(), IntAllocConsole(), IntAttachConsole(), IntExpungeConsoleCommandHistory(), IntFillConsoleOutputCode(), IntGetConsoleAlias(), IntGetConsoleAliases(), IntGetConsoleAliasesLength(), IntGetConsoleAliasExes(), IntGetConsoleAliasExesLength(), IntGetConsoleCommandHistory(), IntGetConsoleCommandHistoryLength(), IntGetConsoleInput(), IntGetConsoleKeyboardLayoutName(), IntGetConsoleTitle(), IntReadConsole(), IntReadConsoleOutput(), IntReadConsoleOutputCode(), IntScrollConsoleScreenBuffer(), IntSetConsoleNumberOfCommands(), IntSetConsoleTitle(), IntWriteConsole(), IntWriteConsoleInput(), IntWriteConsoleOutput(), IntWriteConsoleOutputCode(), InvalidateConsoleDIBits(), Logon(), NotifySoundSentry(), OpenConsoleW(), RegisterConsoleVDM(), RegisterLogonProcess(), RegisterServicesProcess(), SetConsoleActiveScreenBuffer(), SetConsoleCommandHistoryMode(), SetConsoleCP(), SetConsoleCursor(), SetConsoleCursorInfo(), SetConsoleCursorPosition(), SetConsoleDisplayMode(), SetConsoleFont(), SetConsoleHandleInformation(), SetConsoleHardwareState(), SetConsoleIcon(), SetConsoleMenuClose(), SetConsoleMode(), SetConsoleOutputCP(), SetConsolePalette(), SetConsoleScreenBufferSize(), SetConsoleTextAttribute(), SetConsoleWindowInfo(), SetLastConsoleEventActive(), SetProcessShutdownParameters(), SetVDMCurrentDirectories(), ShowConsoleCursor(), UserCreateSystemThread(), and VerifyConsoleIoHandle().

InitCsrApiPort()

NTSTATUS InitCsrApiPort

(

IN HANDLE

CsrPortHandle

)

Definition at line 38 of file csr.c.

{
    NTSTATUS Status;

    Status = ObReferenceObjectByHandle(CsrPortHandle,
                                       0,
                                       /* * */LpcPortObjectType, // or NULL,
                                       UserMode,
                                       &CsrApiPort,
                                       NULL);
    if (!NT_SUCCESS(Status))
    {
        CsrApiPort = NULL;
        ERR("Failed to set CSR API Port.\n");
    }

    return Status;
}

Referenced by NtUserSetInformationThread().

InitCsrProcess()

VOID InitCsrProcess

(

VOID

)

Definition at line 20 of file csr.c.

{
    /* Save the EPROCESS of CSRSS */
    gpepCSRSS = PsGetCurrentProcess();
    // gpepCSRSS = CsrProcess;
    ObReferenceObject(gpepCSRSS);
}

Referenced by NtUserInitialize().

ResetCsrApiPort()

VOID ResetCsrApiPort

(

VOID

)

Definition at line 58 of file csr.c.

{
    if (CsrApiPort)
        ObDereferenceObject(CsrApiPort);

    CsrApiPort = NULL;
}

Referenced by _Function_class_().

ResetCsrProcess()

VOID ResetCsrProcess

(

VOID

)

Definition at line 29 of file csr.c.

{
    if (gpepCSRSS)
        ObDereferenceObject(gpepCSRSS);

    gpepCSRSS = NULL;
}

Referenced by _Function_class_().

UserCreateSystemThread()

BOOL UserCreateSystemThread

(

DWORD

Type

)

Definition at line 247 of file csr.c.

{
    USER_API_MESSAGE ApiMessage;
    PUSER_CREATE_SYSTEM_THREAD pCreateThreadRequest = &ApiMessage.Data.CreateSystemThreadRequest;

    TRACE("UserCreateSystemThread: %d\n", Type);

    ASSERT(UserIsEnteredExclusive());

    if (gdwPendingSystemThreads & Type)
    {
        ERR("System thread 0x%x already pending for creation\n", Type);
        return TRUE;
    }

    /* We can't pass a parameter to the new thread so mark what the new thread needs to do */
    gdwPendingSystemThreads |= Type;

    /* Ask winsrv to create a new system thread. This new thread will enter win32k again calling UserSystemThreadProc */
    pCreateThreadRequest->bRemote = FALSE;
    CsrClientCallServer((PCSR_API_MESSAGE)&ApiMessage,
                        NULL,
                        CSR_CREATE_API_NUMBER(USERSRV_SERVERDLL_INDEX, UserpCreateSystemThreads),
                        sizeof(USER_CREATE_SYSTEM_THREAD));
    if (!NT_SUCCESS(ApiMessage.Status))
    {
        ERR("Csr call failed!\n");
        return FALSE;
    }

    return TRUE;
}

Referenced by IntCreateWindowStation(), and IntMakeHungWindowGhosted().

UserSystemThreadProc()

DWORD UserSystemThreadProc

(

BOOL

bRemoteProcess

)

Definition at line 207 of file csr.c.

{
    DWORD Type;

    if (!gdwPendingSystemThreads)
    {
        ERR("gdwPendingSystemThreads is 0!\n");
        return 0;
    }

    /* Decide which thread this will be */
    if (gdwPendingSystemThreads & ST_RIT)
        Type = ST_RIT;
    else if (gdwPendingSystemThreads & ST_DESKTOP_THREAD)
        Type = ST_DESKTOP_THREAD;
    else 
        Type = ST_GHOST_THREAD;

    ASSERT(Type);

    /* We will handle one of these threads right here so unmark it as pending */
    gdwPendingSystemThreads &= ~Type;

    UserLeave();

    TRACE("UserSystemThreadProc: %d\n", Type);

    switch (Type)
    {
        case ST_RIT: RawInputThreadMain(); break;
        case ST_DESKTOP_THREAD: DesktopThreadMain(); break;
        case ST_GHOST_THREAD: UserGhostThreadEntry(); break;
        default: ERR("Wrong type: %x\n", Type);
    }

    UserEnterShared();

    return 0;
}

Referenced by NtUserCallOneParam().

Variable Documentation

CsrApiPort

PVOID CsrApiPort

Definition at line 21 of file connect.c.

gpepCSRSS

PEPROCESS gpepCSRSS

Definition at line 15 of file csr.c.

Referenced by CsrClientCallServer(), InitCsrProcess(), InitThreadCallback(), IntHookModuleUnloaded(), KdbCommand_Gdi_dumpht(), KdbCommand_Gdi_entry(), KdbCommand_Gdi_handle(), NtUserCallOneParam(), NtUserConsoleControl(), NtUserInitialize(), NtUserQueryInformationThread(), NtUserResolveDesktop(), NtUserSetInformationThread(), NtUserSetThreadDesktop(), ResetCsrProcess(), UserCreateMenu(), and UserRegisterUserApiHook().