Include dependency graph for smsubsys.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Functions | |
| NTSTATUS NTAPI | SmpCallCsrCreateProcess (IN PSB_API_MSG SbApiMsg, IN USHORT MessageLength, IN HANDLE PortHandle) |
| VOID NTAPI | SmpDereferenceSubsystem (IN PSMP_SUBSYSTEM SubSystem) |
| PSMP_SUBSYSTEM NTAPI | SmpLocateKnownSubSysByCid (IN PCLIENT_ID ClientId) |
| PSMP_SUBSYSTEM NTAPI | SmpLocateKnownSubSysByType (IN ULONG MuSessionId, IN ULONG ImageType) |
| NTSTATUS NTAPI | SmpLoadSubSystem (IN PUNICODE_STRING FileName, IN PUNICODE_STRING Directory, IN PUNICODE_STRING CommandLine, IN ULONG MuSessionId, OUT PHANDLE ProcessId, IN ULONG Flags) |
| NTSTATUS NTAPI | SmpLoadSubSystemsForMuSession (IN PULONG MuSessionId, OUT PHANDLE ProcessId, IN PUNICODE_STRING InitialCommand) |
Macro Definition Documentation
◆ NDEBUG
| #define NDEBUG |
Definition at line 13 of file smsubsys.c.
Function Documentation
◆ SmpCallCsrCreateProcess()
| NTSTATUS NTAPI SmpCallCsrCreateProcess | ( | IN PSB_API_MSG | SbApiMsg, |
| IN USHORT | MessageLength, | ||
| IN HANDLE | PortHandle | ||
| ) |
Definition at line 29 of file smsubsys.c.
32{
34
35 /* Initialize the header and send the message to CSRSS */
36 SbApiMsg->h.u2.ZeroInit = 0;
37 SbApiMsg->h.u1.s1.DataLength = MessageLength + 8;
39 SbApiMsg->ApiNumber = SbpCreateProcess;
43}
NTSTATUS NTAPI NtRequestWaitReplyPort(IN HANDLE PortHandle, IN PPORT_MESSAGE LpcRequest, IN OUT PPORT_MESSAGE LpcReply)
Definition: send.c:696
struct _SB_API_MSG SB_API_MSG
Referenced by SmpLoadSubSystem().
◆ SmpDereferenceSubsystem()
| VOID NTAPI SmpDereferenceSubsystem | ( | IN PSMP_SUBSYSTEM | SubSystem | ) |
Definition at line 47 of file smsubsys.c.
48{
49 /* Acquire the database lock while we (potentially) destroy this subsystem */
51
52 /* Drop the reference and see if it's terminating */
53 if (!(--SubSystem->ReferenceCount) && (SubSystem->Terminating))
54 {
55 /* Close all handles and free it */
60 }
61
62 /* Release the database lock */
64}
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:634
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
Referenced by SmpHandleConnectionRequest(), SmpLoadSubSystem(), and SmpSbCreateSession().
◆ SmpLoadSubSystem()
| NTSTATUS NTAPI SmpLoadSubSystem | ( | IN PUNICODE_STRING | FileName, |
| IN PUNICODE_STRING | Directory, | ||
| IN PUNICODE_STRING | CommandLine, | ||
| IN ULONG | MuSessionId, | ||
| OUT PHANDLE | ProcessId, | ||
| IN ULONG | Flags | ||
| ) |
Definition at line 138 of file smsubsys.c.
144{
146 HANDLE SubSysProcessId;
148 SB_API_MSG SbApiMsg;
149 RTL_USER_PROCESS_INFORMATION ProcessInformation;
154
155 /* Make sure this is a found subsystem */
157 {
160 }
161
162 /* Don't use a session if the flag is set */
164
165 /* Lock the subsystems while we do a look up */
168 {
169 /* Check if we found a subsystem not yet fully initialized */
170 Subsystem = SmpLocateKnownSubSysByType(MuSessionId, -1);
171 if (!Subsystem) break;
173
174 /* Wait on it to initialize */
176
177 /* Dereference it and try the next one */
179 SmpDereferenceSubsystem(Subsystem);
180 }
181
182 /* Check if this is a POSIX subsystem */
184 {
185 /* Do we already have it? */
187 }
189 {
190 /* This is an OS/2 subsystem, do we we already have it? */
192 }
193
194 /* Check if we already have one of the optional subsystems for the session */
195 if (Subsystem)
196 {
197 /* Dereference and return, no work to do */
198 SmpDereferenceSubsystem(Subsystem);
201 }
202
203 /* Allocate a new subsystem! */
205 if (!NewSubsystem)
206 {
209 }
210
211 /* Initialize its header and reference count */
212 NewSubsystem->ReferenceCount = 1;
213 NewSubsystem->MuSessionId = MuSessionId;
214 NewSubsystem->ImageType = -1;
215
216 /* Clear out all the other data for now */
222
223 /* Create the event we'll be waiting on for initialization */
225 EVENT_ALL_ACCESS,
226 NULL,
227 NotificationEvent,
228 FALSE);
230 {
231 /* This failed, bail out */
235 }
236
237 /* Insert the subsystem and release the lock. It can now be found */
240
241 /* The OS/2 and POSIX subsystems are actually Windows applications! */
243 {
244 /* Locate the Windows subsystem for this session */
245 KnownSubsystem = SmpLocateKnownSubSysByType(MuSessionId,
247 if (!KnownSubsystem)
248 {
250 goto Quickie2;
251 }
252
253 /* Fill out all the process details and call CSRSS to launch it */
256 CreateProcess->In.CommandLine = CommandLine;
263 KnownSubsystem->SbApiPort);
265 {
266 /* Handle failures */
268 Status);
269 goto Quickie2;
270 }
271
272 /* Save the process information we'll need for the create session */
277 }
278 else
279 {
280 /* This must be CSRSS itself, so just launch it and that's it */
282 Directory,
283 CommandLine,
284 MuSessionId,
286 &ProcessInformation);
288 {
289 /* Handle failures */
291 Status);
292 goto Quickie2;
293 }
294 }
295
296 /* Fill out the handle and client ID in the subsystem structure now */
299
300 /* Check if we launched a native image or a subsystem-backed image */
302 {
303 /* This must be CSRSS itself, since it's a native subsystem image */
306
307 /* Was this the initial CSRSS on Session 0? */
308 if (!MuSessionId)
309 {
310 /* Then save it in the global variables */
311 SmpWindowsSubSysProcessId = SubSysProcessId;
313 }
315 }
316 else
317 {
318 /* This is the POSIX or OS/2 subsystem process, copy its information */
319 CreateSession->ProcessInfo = ProcessInformation;
320
321 CreateSession->DbgSessionId = 0;
323
324 /* This should find CSRSS because they are POSIX or OS/2 subsystems */
325 Subsystem = SmpLocateKnownSubSysByType(MuSessionId,
327 if (!Subsystem)
328 {
329 /* Odd failure -- but handle it anyway */
331 DPRINT1("SMSS: SmpLoadSubSystem - SmpLocateKnownSubSysByType Failed with Status %lx for sessionid %lu\n",
332 Status,
333 MuSessionId);
334 goto Quickie;
335 }
336
337 /* Duplicate the parent process handle for the subsystem to have */
339 ProcessInformation.ProcessHandle,
340 Subsystem->ProcessHandle,
341 &CreateSession->ProcessInfo.ProcessHandle,
342 PROCESS_ALL_ACCESS,
343 0,
344 0);
346 {
347 /* Fail since this is critical */
348 DPRINT1("SMSS: SmpLoadSubSystem - NtDuplicateObject Failed with Status %lx for sessionid %lu\n",
349 Status,
350 MuSessionId);
351 goto Quickie;
352 }
353
354 /* Duplicate the initial thread handle for the subsystem to have */
356 ProcessInformation.ThreadHandle,
357 Subsystem->ProcessHandle,
358 &CreateSession->ProcessInfo.ThreadHandle,
359 THREAD_ALL_ACCESS,
360 0,
361 0);
363 {
364 /* Fail since this is critical */
365 DPRINT1("SMSS: SmpLoadSubSystem - NtDuplicateObject Failed with Status %lx for sessionid %lu\n",
366 Status,
367 MuSessionId);
368 goto Quickie;
369 }
370
371 /* Allocate an internal Session ID for this subsystem */
373
374 /* Send the create session message to the subsystem */
376 SbApiMsg.h.u2.ZeroInit = 0;
381 &SbApiMsg.h,
382 &SbApiMsg.h);
385 {
386 /* Delete the session and handle failure if the LPC call failed */
388 DPRINT1("SMSS: SmpLoadSubSystem - NtRequestWaitReplyPort Failed with Status %lx for sessionid %lu\n",
389 Status,
390 MuSessionId);
391 goto Quickie;
392 }
393 }
394
395 /* Okay, everything looks good to go, initialize this subsystem now! */
398 {
399 /* That didn't work -- back out of everything */
401 goto Quickie;
402 }
403
404 /* Check if this was the subsystem for a different session */
405 if (MuSessionId)
406 {
407 /* Wait up to 60 seconds for it to initialize */
408 Timeout.QuadPart = -600000000;
410
411 /* Timeout is done -- does this session still exist? */
413 {
414 /* Nope, it died. Cleanup should've ocurred in a different path. */
417 }
418
419 /* Check if we timed our or there was another error with the wait */
421 {
422 /* Something is wrong with the subsystem, so back out of everything */
423 DPRINT1("SMSS: SmpLoadSubSystem - Timeout waiting for subsystem connect with Status %lx for sessionid %lu\n",
424 Status,
425 MuSessionId);
426 goto Quickie;
427 }
428 }
429 else
430 {
431 /* This a session 0 subsystem, just wait for it to initialize */
433 }
434
435 /* Subsystem is created, resumed, and initialized. Close handles and exit */
438 goto Quickie2;
439
440Quickie:
441 /* This is the failure path. First check if we need to detach from session */
443 {
444 /* We were not attached, or did not launch subsystems that required it */
446 AttachedSessionId,
448 Status);
449 }
450 else
451 {
452 /* Get the privilege we need for detachment */
455 {
456 /* We can't detach without it */
458 AttachedSessionId,
460 Status);
461 }
462 else
463 {
464 /* Now detach from the session */
466 &AttachedSessionId,
469 {
470 /* Failed to detach. Note the DPRINT1 has a typo in Windows */
473 }
474 else
475 {
476 /* Detachment worked, reset our attached session ID */
477 AttachedSessionId = -1;
478 }
479
480 /* And release the privilege we acquired */
482 }
483 }
484
485 /* Since this is the failure path, terminate the subsystem process */
488
489Quickie2:
490 /* This is the cleanup path -- first dereference our subsystems */
494
495 /* In the failure case, destroy the new subsystem we just created */
497 {
500 SmpDereferenceSubsystem(NewSubsystem);
501 }
502
503 /* Finally, we're all done! */
506}
NTSYSAPI NTSTATUS NTAPI NtSetSystemInformation(IN INT SystemInformationClass, IN PVOID SystemInformation, IN ULONG SystemInformationLength)
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:616
Definition: nsiface.idl:2307
MMRESULT CreateSession(DeviceType device_type, UINT device_id, SessionInfo **session_info)
Definition: session.c:63
NTSTATUS NTAPI NtTerminateProcess(HANDLE ProcessHandle, LONG ExitStatus)
NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(IN HANDLE hObject, IN BOOLEAN bAlertable, IN PLARGE_INTEGER Timeout)
NTSTATUS NTAPI NtSetEvent(IN HANDLE EventHandle, OUT PLONG PreviousState OPTIONAL)
Definition: event.c:463
NTSTATUS NTAPI NtCreateEvent(OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN EVENT_TYPE EventType, IN BOOLEAN InitialState)
Definition: event.c:96
NTSTATUS NTAPI NtResumeThread(IN HANDLE ThreadHandle, OUT PULONG SuspendCount OPTIONAL)
Definition: state.c:290
NTSTATUS NTAPI NtDuplicateObject(IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options)
Definition: obhandle.c:3410
struct _SB_CREATE_SESSION_MSG SB_CREATE_SESSION_MSG
BOOLEAN NTAPI SmpCheckDuplicateMuSessionId(IN ULONG MuSessionId)
Definition: smsessn.c:37
ULONG NTAPI SmpAllocateSessionId(IN PSMP_SUBSYSTEM Subsystem, IN PSMP_SUBSYSTEM OtherSubsystem)
Definition: smsessn.c:123
NTSTATUS NTAPI SmpExecuteImage(IN PUNICODE_STRING FileName, IN PUNICODE_STRING Directory, IN PUNICODE_STRING CommandLine, IN ULONG MuSessionId, IN ULONG Flags, IN PRTL_USER_PROCESS_INFORMATION ProcessInformation)
Definition: smss.c:30
NTSTATUS NTAPI SmpAcquirePrivilege(IN ULONG Privilege, OUT PVOID *PrivilegeStat)
Definition: smutil.c:40
NTSTATUS NTAPI SmpCallCsrCreateProcess(IN PSB_API_MSG SbApiMsg, IN USHORT MessageLength, IN HANDLE PortHandle)
Definition: smsubsys.c:29
VOID NTAPI SmpDereferenceSubsystem(IN PSMP_SUBSYSTEM SubSystem)
Definition: smsubsys.c:47
PSMP_SUBSYSTEM NTAPI SmpLocateKnownSubSysByType(IN ULONG MuSessionId, IN ULONG ImageType)
Definition: smsubsys.c:102
Definition: stack_allocator.h:18
Definition: filecomp.c:348
Definition: rtltypes.h:1587
SECTION_IMAGE_INFORMATION ImageInformation
Definition: rtltypes.h:1592
Definition: smmsg.h:231
union _SB_API_MSG::@3728::@3730::@3732 u
Definition: smmsg.h:187
Definition: smmsg.h:159
Definition: smss.h:64
Definition: typedefs.h:103
Referenced by SmpExecuteCommand().
◆ SmpLoadSubSystemsForMuSession()
| NTSTATUS NTAPI SmpLoadSubSystemsForMuSession | ( | IN PULONG | MuSessionId, |
| OUT PHANDLE | ProcessId, | ||
| IN PUNICODE_STRING | InitialCommand | ||
| ) |
Definition at line 510 of file smsubsys.c.
513{
517 PLIST_ENTRY NextEntry;
520
521 /* Write a few last registry keys with the boot partition information */
523
524 /* Process "SetupExecute" values */
527 {
528 /* Execute each one and move on */
531 NextEntry = NextEntry->Flink;
532 }
533
534 /* Now process the subsystems */
537 {
538 /* Get the entry and check if this is the special Win32k entry */
541 {
542 /* Translate it */
544 &NtPath,
545 NULL,
546 NULL))
547 {
550 }
551 else
552 {
553 /* Get the driver privilege */
556 {
557 /* Create the new session */
560 MuSessionId,
561 sizeof(*MuSessionId));
563 {
568 }
569 AttachedSessionId = *MuSessionId;
570
571 /*
572 * Start Win32k.sys on this session. Use a hardcoded value
573 * instead of the Kmode one...
574 */
578 &DestinationString,
583 {
586 }
587 }
588 }
589 }
590
591 /* Next entry */
592 NextEntry = NextEntry->Flink;
593 }
594
595 /* Now parse the required subsystem list */
598 {
599 /* Get each entry and check if it's the internal debug or not */
602 {
603 /* Load the internal debug system */
605 *MuSessionId,
606 ProcessId,
608 }
609 else
610 {
611 /* Load the required subsystem */
613 *MuSessionId,
614 ProcessId,
615 SMP_SUBSYSTEM_FLAG);
616 }
618 {
621 }
622
623 /* Move to the next entry */
624 NextEntry = NextEntry->Flink;
625 }
626
627 /* Process the "Execute" list now */
630 {
631 /* Get the custom initial command */
633
634 /* Write the initial command and wait for 5 seconds (why??!) */
635 *InitialCommand = RegEntry->Name;
636 Timeout.QuadPart = -50000000;
638 }
639 else
640 {
641 /* Use the default Winlogon initial command */
644
645 /* Check if there's a debugger for Winlogon */
646 Status2 = LdrQueryImageFileExecutionOptions(InitialCommand,
648 REG_SZ,
649 InitialCommandBuffer,
651 InitialCommand->Length,
652 NULL);
654 {
655 /* Put the debugger string with the Winlogon string */
659 }
660 }
661
662 /* Finally check if there was a custom initial command */
665 {
666 /* Execute each one */
669 NextEntry = NextEntry->Flink;
670 }
671
672 /* Return status */
674}
#define SystemExtendServiceTableInformation
Definition: DriverTester.h:35
NTSTATUS NTAPI LdrQueryImageFileExecutionOptions(_In_ PUNICODE_STRING SubKey, _In_ PCWSTR ValueName, _In_ ULONG Type, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnedLength)
Definition: ldrinit.c:388
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NTSTATUS NTAPI NtDelayExecution(IN BOOLEAN Alertable, IN PLARGE_INTEGER DelayInterval)
Definition: wait.c:876
#define UNICODE_NULL
NTSTRSAFEAPI RtlStringCbCatW(_Inout_updates_bytes_(cbDest) _Always_(_Post_z_) NTSTRSAFE_PWSTR pszDest, _In_ size_t cbDest, _In_ NTSTRSAFE_PCWSTR pszSrc)
Definition: ntstrsafe.h:636
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
VOID NTAPI SmpTranslateSystemPartitionInformation(VOID)
Definition: sminit.c:811
NTSTATUS NTAPI SmpExecuteCommand(IN PUNICODE_STRING CommandLine, IN ULONG MuSessionId, OUT PHANDLE ProcessId, IN ULONG Flags)
Definition: smss.c:210
Definition: typedefs.h:120
Definition: smss.h:56
Definition: env_spec_w32.h:368
Referenced by SmpLoadDataFromRegistry(), and SmpStartCsr().
◆ SmpLocateKnownSubSysByCid()
| PSMP_SUBSYSTEM NTAPI SmpLocateKnownSubSysByCid | ( | IN PCLIENT_ID | ClientId | ) |
Definition at line 68 of file smsubsys.c.
69{
71 PLIST_ENTRY NextEntry;
72
73 /* Lock the subsystem database */
75
76 /* Loop each subsystem in the database */
79 {
80 /* Check if this one matches the client ID and is still valid */
83 !(Subsystem->Terminating))
84 {
85 /* Add a reference and return it */
86 Subsystem->ReferenceCount++;
87 break;
88 }
89
90 /* Reset the current pointer and keep searching */
91 Subsystem = NULL;
92 NextEntry = NextEntry->Flink;
93 }
94
95 /* Release the lock and return the subsystem we found */
97 return Subsystem;
98}
Referenced by SmpHandleConnectionRequest().
◆ SmpLocateKnownSubSysByType()
Definition at line 102 of file smsubsys.c.
104{
106 PLIST_ENTRY NextEntry;
107
108 /* Lock the subsystem database */
110
111 /* Loop each subsystem in the database */
114 {
115 /* Check if this one matches the image and uID, and is still valid */
118 !(Subsystem->Terminating) &&
119 (Subsystem->MuSessionId == MuSessionId))
120 {
121 /* Return it referenced for the caller */
122 Subsystem->ReferenceCount++;
123 break;
124 }
125
126 /* Reset the current pointer and keep searching */
127 Subsystem = NULL;
128 NextEntry = NextEntry->Flink;
129 }
130
131 /* Release the lock and return the subsystem we found */
133 return Subsystem;
134}
Referenced by SmpHandleConnectionRequest(), SmpLoadSubSystem(), and SmpSbCreateSession().
Variable Documentation
◆ InitialCommandBuffer
| WCHAR InitialCommandBuffer[256] |
Definition at line 23 of file smsubsys.c.
Referenced by SmpLoadSubSystemsForMuSession().
◆ RegPosixSingleInstance
| BOOLEAN RegPosixSingleInstance |
Definition at line 22 of file smsubsys.c.
Referenced by SmpConfigureSubSystems().
◆ SmpKnownSubSysHead
| LIST_ENTRY SmpKnownSubSysHead |
Definition at line 19 of file smsubsys.c.
Referenced by SmpCheckDuplicateMuSessionId(), SmpInit(), SmpLoadSubSystem(), SmpLocateKnownSubSysByCid(), and SmpLocateKnownSubSysByType().
◆ SmpKnownSubSysLock
| RTL_CRITICAL_SECTION SmpKnownSubSysLock |
Definition at line 18 of file smsubsys.c.
Referenced by SmpCheckDuplicateMuSessionId(), SmpDereferenceSubsystem(), SmpInit(), SmpLoadSubSystem(), SmpLocateKnownSubSysByCid(), and SmpLocateKnownSubSysByType().
◆ SmpWindowsSubSysProcess
| HANDLE SmpWindowsSubSysProcess |
Definition at line 20 of file smsubsys.c.
Referenced by SmpInit(), and SmpLoadSubSystem().
◆ SmpWindowsSubSysProcessId
| HANDLE SmpWindowsSubSysProcessId |
Definition at line 21 of file smsubsys.c.
Referenced by SmpLoadDataFromRegistry(), and SmpLoadSubSystem().
