ReactOS  0.4.15-dev-492-ga1108f6
api.c File Reference
#include "srv.h"
#include <ndk/kefuncs.h>
#include <debug.h>
Include dependency graph for api.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

NTSTATUS NTAPI CsrCallServerFromServer (IN PCSR_API_MESSAGE ReceiveMsg, IN OUT PCSR_API_MESSAGE ReplyMsg)
 
NTSTATUS NTAPI CsrApiHandleConnectionRequest (IN PCSR_API_MESSAGE ApiMessage)
 
NTSTATUS NTAPI CsrpCheckRequestThreads (VOID)
 
NTSTATUS NTAPI CsrApiRequestThread (IN PVOID Parameter)
 
NTSTATUS NTAPI CsrApiPortInitialize (VOID)
 
PCSR_THREAD NTAPI CsrConnectToUser (VOID)
 
HANDLE NTAPI CsrQueryApiPort (VOID)
 
BOOLEAN NTAPI CsrCaptureArguments (IN PCSR_THREAD CsrThread, IN PCSR_API_MESSAGE ApiMessage)
 
VOID NTAPI CsrReleaseCapturedArguments (IN PCSR_API_MESSAGE ApiMessage)
 
BOOLEAN NTAPI CsrValidateMessageBuffer (IN PCSR_API_MESSAGE ApiMessage, IN PVOID *Buffer, IN ULONG ElementCount, IN ULONG ElementSize)
 
BOOLEAN NTAPI CsrValidateMessageString (IN PCSR_API_MESSAGE ApiMessage, IN PWSTR *MessageString)
 

Variables

BOOLEAN(* CsrClientThreadSetup )(VOID) = NULL
 
UNICODE_STRING CsrApiPortName
 
volatile ULONG CsrpStaticThreadCount
 
volatile ULONG CsrpDynamicThreadTotal
 
ULONG CsrMaxApiRequestThreads
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 16 of file api.c.

Function Documentation

◆ CsrApiHandleConnectionRequest()

NTSTATUS NTAPI CsrApiHandleConnectionRequest ( IN PCSR_API_MESSAGE  ApiMessage)

Definition at line 140 of file api.c.

141 {
142  PCSR_THREAD CsrThread = NULL;
145  PCSR_API_CONNECTINFO ConnectInfo = &ApiMessage->ConnectionInfo;
146  BOOLEAN AllowConnection = FALSE;
147  REMOTE_PORT_VIEW RemotePortView;
149 
150  /* Acquire the Process Lock */
152 
153  /* Lookup the CSR Thread */
154  CsrThread = CsrLocateThreadByClientId(NULL, &ApiMessage->Header.ClientId);
155 
156  /* Check if we have a thread */
157  if (CsrThread)
158  {
159  /* Get the Process and make sure we have it as well */
160  CsrProcess = CsrThread->Process;
161  if (CsrProcess)
162  {
163  /* Reference the Process */
165 
166  /* Attach the Shared Section */
168  if (NT_SUCCESS(Status))
169  {
170  /* Allow the connection and return debugging flag */
171  ConnectInfo->DebugFlags = CsrDebug;
172  AllowConnection = TRUE;
173  }
174 
175  /* Dereference the Process */
177  }
178  }
179 
180  /* Release the Process Lock */
182 
183  /* Setup the Port View Structure */
184  RemotePortView.Length = sizeof(REMOTE_PORT_VIEW);
185  RemotePortView.ViewSize = 0;
186  RemotePortView.ViewBase = NULL;
187 
188  /* Save the Process ID */
189  ConnectInfo->ServerProcessId = NtCurrentTeb()->ClientId.UniqueProcess;
190 
191  /* Accept the Connection */
192  ASSERT(!AllowConnection || (AllowConnection && CsrProcess));
194  AllowConnection ? UlongToPtr(CsrProcess->SequenceNumber) : 0,
195  &ApiMessage->Header,
196  AllowConnection,
197  NULL,
198  &RemotePortView);
199  if (!NT_SUCCESS(Status))
200  {
201  DPRINT1("CSRSS: NtAcceptConnectPort - failed. Status == %X\n", Status);
202  }
203  else if (AllowConnection)
204  {
205  if (CsrDebug & 2)
206  {
207  DPRINT1("CSRSS: ClientId: %lx.%lx has ClientView: Base=%p, Size=%lx\n",
208  ApiMessage->Header.ClientId.UniqueProcess,
209  ApiMessage->Header.ClientId.UniqueThread,
210  RemotePortView.ViewBase,
211  RemotePortView.ViewSize);
212  }
213 
214  /* Set some Port Data in the Process */
215  CsrProcess->ClientPort = ServerPort;
216  CsrProcess->ClientViewBase = (ULONG_PTR)RemotePortView.ViewBase;
217  CsrProcess->ClientViewBounds = (ULONG_PTR)((ULONG_PTR)RemotePortView.ViewBase +
218  (ULONG_PTR)RemotePortView.ViewSize);
219 
220  /* Complete the connection */
222  if (!NT_SUCCESS(Status))
223  {
224  DPRINT1("CSRSS: NtCompleteConnectPort - failed. Status == %X\n", Status);
225  }
226  }
227  else
228  {
229  DPRINT1("CSRSS: Rejecting Connection Request from ClientId: %lx.%lx\n",
230  ApiMessage->Header.ClientId.UniqueProcess,
231  ApiMessage->Header.ClientId.UniqueThread);
232  }
233 
234  /* Return status to caller */
235  return Status;
236 }
#define TRUE
Definition: types.h:120
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1873
LONG NTSTATUS
Definition: precomp.h:26
ULONG CsrDebug
Definition: init.c:23
PKPROCESS CsrProcess
Definition: videoprt.c:37
#define CsrReleaseProcessLock()
Definition: api.h:15
uint32_t ULONG_PTR
Definition: typedefs.h:64
PCSR_PROCESS Process
Definition: csrsrv.h:69
HANDLE ServerProcessId
Definition: csrmsg.h:57
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
struct _REMOTE_PORT_VIEW REMOTE_PORT_VIEW
#define UlongToPtr(u)
Definition: config.h:106
NTSTATUS NTAPI CsrSrvAttachSharedSection(IN PCSR_PROCESS CsrProcess OPTIONAL, OUT PCSR_API_CONNECTINFO ConnectInfo)
Definition: server.c:472
NTSTATUS NTAPI NtAcceptConnectPort(OUT PHANDLE PortHandle, IN PVOID PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage, IN BOOLEAN AcceptConnection, IN OUT PPORT_VIEW ServerView OPTIONAL, OUT PREMOTE_PORT_VIEW ClientView OPTIONAL)
Definition: complete.c:40
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define CsrAcquireProcessLock()
Definition: api.h:12
PCSR_THREAD NTAPI CsrLocateThreadByClientId(OUT PCSR_PROCESS *Process OPTIONAL, IN PCLIENT_ID ClientId)
Definition: thredsup.c:182
Status
Definition: gdiplustypes.h:24
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
Definition: psfuncs.h:420
#define DPRINT1
Definition: precomp.h:8
NTSTATUS NTAPI NtCompleteConnectPort(IN HANDLE PortHandle)
Definition: complete.c:421
#define ULONG_PTR
Definition: config.h:101
VOID NTAPI CsrLockedReferenceProcess(IN PCSR_PROCESS CsrProcess)
Definition: procsup.c:232
return STATUS_SUCCESS
Definition: btrfs.c:3014
VOID NTAPI CsrLockedDereferenceProcess(PCSR_PROCESS CsrProcess)
Definition: procsup.c:159

Referenced by CsrApiRequestThread().

◆ CsrApiPortInitialize()

NTSTATUS NTAPI CsrApiPortInitialize ( VOID  )

Definition at line 896 of file api.c.

897 {
898  ULONG Size;
901  HANDLE hRequestEvent, hThread;
903  PLIST_ENTRY ListHead, NextEntry;
905 
906  /* Calculate how much space we'll need for the Port Name */
907  Size = CsrDirectoryName.Length + sizeof(CSR_PORT_NAME) + sizeof(WCHAR);
908 
909  /* Create the buffer for it */
912 
913  /* Setup the rest of the empty string */
919  if (CsrDebug & 1)
920  {
921  DPRINT1("CSRSS: Creating %wZ port and associated threads\n", &CsrApiPortName);
922  DPRINT1("CSRSS: sizeof( CONNECTINFO ) == %ld sizeof( API_MSG ) == %ld\n",
923  sizeof(CSR_API_CONNECTINFO), sizeof(CSR_API_MESSAGE));
924  }
925 
926  /* FIXME: Create a Security Descriptor */
927 
928  /* Initialize the Attributes */
931  0,
932  NULL,
933  NULL /* FIXME: Use the Security Descriptor */);
934 
935  /* Create the Port Object */
938  sizeof(CSR_API_CONNECTINFO),
939  sizeof(CSR_API_MESSAGE),
940  16 * PAGE_SIZE);
941  if (NT_SUCCESS(Status))
942  {
943  /* Create the event the Port Thread will use */
944  Status = NtCreateEvent(&hRequestEvent,
946  NULL,
948  FALSE);
949  if (NT_SUCCESS(Status))
950  {
951  /* Create the Request Thread */
953  NULL,
954  TRUE,
955  0,
956  0,
957  0,
959  (PVOID)hRequestEvent,
960  &hThread,
961  &ClientId);
962  if (NT_SUCCESS(Status))
963  {
964  /* Add this as a static thread to CSRSRV */
966 
967  /* Get the Thread List Pointers */
968  ListHead = &CsrRootProcess->ThreadList;
969  NextEntry = ListHead->Flink;
970 
971  /* Start looping the list */
972  while (NextEntry != ListHead)
973  {
974  /* Get the Thread */
976 
977  /* Start it up */
978  Status = NtResumeThread(ServerThread->ThreadHandle, NULL);
979 
980  /* Is this a Server Thread? */
982  {
983  /* If so, then wait for it to initialize */
984  Status = NtWaitForSingleObject(hRequestEvent, FALSE, NULL);
986  }
987 
988  /* Next thread */
989  NextEntry = NextEntry->Flink;
990  }
991 
992  /* We don't need this anymore */
993  NtClose(hRequestEvent);
994  }
995  }
996  }
997 
998  /* Return */
999  return Status;
1000 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
USHORT MaximumLength
Definition: env_spec_w32.h:370
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS NTAPI NtCreateEvent(OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN EVENT_TYPE EventType, IN BOOLEAN InitialState)
Definition: event.c:100
ULONG CsrDebug
Definition: init.c:23
#define CSR_PORT_NAME
Definition: csrmsg.h:17
static int Link(const char **args)
Definition: vfdcmd.c:2414
PCSR_PROCESS CsrRootProcess
Definition: procsup.c:22
PCSR_THREAD NTAPI CsrAddStaticServerThread(IN HANDLE hThread, IN PCLIENT_ID ClientId, IN ULONG ThreadFlags)
Definition: thredsup.c:511
#define EVENT_ALL_ACCESS
Definition: isotest.c:82
UINT CALLBACK ServerThread(_Inout_ PVOID Parameter)
smooth NULL
Definition: ftsmooth.c:416
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
#define NtCurrentProcess()
Definition: nt_native.h:1657
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
NTSTATUS RtlAppendUnicodeToString(IN PUNICODE_STRING Str1, IN PWSTR Str2)
Definition: string_lib.cpp:62
struct _LIST_ENTRY * Flink
Definition: typedefs.h:120
NTSTATUS NTAPI NtResumeThread(IN HANDLE ThreadHandle, OUT PULONG SuspendCount OPTIONAL)
Definition: state.c:290
_Out_ PCLIENT_ID ClientId
Definition: kefuncs.h:1163
NTSTATUS NTAPI NtCreatePort(OUT PHANDLE PortHandle, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG MaxConnectInfoLength, IN ULONG MaxDataLength, IN ULONG MaxPoolUsage)
Definition: create.c:212
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
NTSTATUS NTAPI CsrApiRequestThread(IN PVOID Parameter)
Definition: api.c:332
#define PAGE_SIZE
Definition: env_spec_w32.h:49
Definition: typedefs.h:118
UNICODE_STRING CsrDirectoryName
Definition: init.c:27
NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(_In_ PVOID ThreadContext, _Out_ HANDLE *OutThreadHandle, _Reserved_ PVOID Reserved1, _Reserved_ PVOID Reserved2, _Reserved_ PVOID Reserved3, _Reserved_ PVOID Reserved4, _Reserved_ PVOID Reserved5, _Reserved_ PVOID Reserved6, _Reserved_ PVOID Reserved7, _Reserved_ PVOID Reserved8)
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
Status
Definition: gdiplustypes.h:24
HANDLE CsrApiPort
Definition: connect.c:21
unsigned short USHORT
Definition: pedump.c:61
LIST_ENTRY ThreadList
Definition: csrsrv.h:40
#define UNICODE_PATH_SEP
Definition: connect.c:33
#define STATUS_NO_MEMORY
Definition: ntstatus.h:246
NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString(PUNICODE_STRING Destination, PUNICODE_STRING Source)
HANDLE hThread
Definition: wizard.c:27
#define DPRINT1
Definition: precomp.h:8
UNICODE_STRING CsrApiPortName
Definition: api.c:22
unsigned int ULONG
Definition: retypes.h:1
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
HANDLE CsrHeap
Definition: init.c:25
NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(IN HANDLE hObject, IN BOOLEAN bAlertable, IN PLARGE_INTEGER Timeout)

Referenced by CsrServerInitialization().

◆ CsrApiRequestThread()

NTSTATUS NTAPI CsrApiRequestThread ( IN PVOID  Parameter)

Definition at line 332 of file api.c.

333 {
334  PTEB Teb = NtCurrentTeb();
335  LARGE_INTEGER TimeOut;
336  PCSR_THREAD CurrentThread, CsrThread;
338  CSR_REPLY_CODE ReplyCode;
339  PCSR_API_MESSAGE ReplyMsg;
340  CSR_API_MESSAGE ReceiveMsg;
342  PHARDERROR_MSG HardErrorMsg;
343  PVOID PortContext;
344  PCSR_SERVER_DLL ServerDll;
345  PCLIENT_DIED_MSG ClientDiedMsg;
346  PDBGKM_MSG DebugMessage;
347  ULONG ServerId, ApiId, MessageType, i;
348  HANDLE ReplyPort;
349 
350  /* Setup LPC loop port and message */
351  ReplyMsg = NULL;
352  ReplyPort = CsrApiPort;
353 
354  /* Connect to user32 */
355  while (!CsrConnectToUser())
356  {
357  /* Set up the timeout for the connect (30 seconds) */
358  TimeOut.QuadPart = -30 * 1000 * 1000 * 10;
359 
360  /* Keep trying until we get a response */
361  Teb->Win32ClientInfo[0] = 0;
362  NtDelayExecution(FALSE, &TimeOut);
363  }
364 
365  /* Get our thread */
366  CurrentThread = Teb->CsrClientThread;
367 
368  /* If we got an event... */
369  if (Parameter)
370  {
371  /* Set it, to let stuff waiting on us load */
374 
375  /* Increase the Thread Counts */
378  }
379 
380  /* Now start the loop */
381  while (TRUE)
382  {
383  /* Make sure the real CID is set */
384  Teb->RealClientId = Teb->ClientId;
385 
386 #ifdef CSR_DBG
387  /* Debug check */
389  {
390  DPRINT1("CSRSRV: FATAL ERROR. CsrThread is Idle while holding %lu critical sections\n",
392  DPRINT1("CSRSRV: Last Receive Message %lx ReplyMessage %lx\n",
393  &ReceiveMsg, ReplyMsg);
394  DbgBreakPoint();
395  }
396 #endif
397 
398  /* Wait for a message to come through */
399  Status = NtReplyWaitReceivePort(ReplyPort,
400  &PortContext,
401  &ReplyMsg->Header,
402  &ReceiveMsg.Header);
403 
404  /* Check if we didn't get success */
405  if (Status != STATUS_SUCCESS)
406  {
407  /* Was it a failure or another success code? */
408  if (!NT_SUCCESS(Status))
409  {
410 #ifdef CSR_DBG
411  /* Check for specific status cases */
412  if ((Status != STATUS_INVALID_CID) &&
414  ((Status != STATUS_INVALID_HANDLE) || (ReplyPort == CsrApiPort)))
415  {
416  /* Notify the debugger */
417  DPRINT1("CSRSS: ReceivePort failed - Status == %X\n", Status);
418  DPRINT1("CSRSS: ReplyPortHandle %lx CsrApiPort %lx\n", ReplyPort, CsrApiPort);
419  }
420 #endif
421 
422  /* We failed big time, so start out fresh */
423  ReplyMsg = NULL;
424  ReplyPort = CsrApiPort;
425  continue;
426  }
427  else
428  {
429  /* A strange "success" code, just try again */
430  DPRINT1("NtReplyWaitReceivePort returned \"success\" status 0x%x\n", Status);
431  continue;
432  }
433  }
434 
435  // ASSERT(ReceiveMsg.Header.u1.s1.TotalLength >= sizeof(PORT_MESSAGE));
436  // ASSERT(ReceiveMsg.Header.u1.s1.TotalLength < sizeof(ReceiveMsg));
437 
438  /* Use whatever Client ID we got */
439  Teb->RealClientId = ReceiveMsg.Header.ClientId;
440 
441  /* Get the Message Type */
442  MessageType = ReceiveMsg.Header.u2.s2.Type;
443 
444  /* Handle connection requests */
445  if (MessageType == LPC_CONNECTION_REQUEST)
446  {
447  /* Handle the Connection Request */
448  CsrApiHandleConnectionRequest(&ReceiveMsg);
449 
450  ReplyMsg = NULL;
451  ReplyPort = CsrApiPort;
452  continue;
453  }
454 
455  /* It's some other kind of request. Get the lock for the lookup */
457 
458  /* Now do the lookup to get the CSR_THREAD */
460  &ReceiveMsg.Header.ClientId);
461 
462  /* Did we find a thread? */
463  if (!CsrThread)
464  {
465  /* This wasn't a CSR Thread, release lock */
467 
468  /* If this was an exception, handle it */
469  if (MessageType == LPC_EXCEPTION)
470  {
471  ReplyMsg = &ReceiveMsg;
472  ReplyPort = CsrApiPort;
473  ReplyMsg->Status = DBG_CONTINUE;
474  }
475  else if (MessageType == LPC_PORT_CLOSED ||
476  MessageType == LPC_CLIENT_DIED)
477  {
478  /* The Client or Port are gone, loop again */
479  ReplyMsg = NULL;
480  ReplyPort = CsrApiPort;
481  }
482  else if (MessageType == LPC_ERROR_EVENT)
483  {
484  /* If it's a hard error, handle this too */
485  HardErrorMsg = (PHARDERROR_MSG)&ReceiveMsg;
486 
487  /* Default it to unhandled */
488  HardErrorMsg->Response = ResponseNotHandled;
489 
490  /* Check if there are free api threads */
493  {
494  /* Loop every Server DLL */
495  for (i = 0; i < CSR_SERVER_DLL_MAX; i++)
496  {
497  /* Get the Server DLL */
498  ServerDll = CsrLoadedServerDll[i];
499 
500  /* Check if it's valid and if it has a Hard Error Callback */
501  if ((ServerDll) && (ServerDll->HardErrorCallback))
502  {
503  /* Call it */
504  ServerDll->HardErrorCallback(NULL /* == CsrThread */, HardErrorMsg);
505 
506  /* If it's handled, get out of here */
507  if (HardErrorMsg->Response != ResponseNotHandled) break;
508  }
509  }
510  }
511 
512  /* Increase the thread count */
514 
515  /* If the response was 0xFFFFFFFF, we'll ignore it */
516  if (HardErrorMsg->Response == 0xFFFFFFFF)
517  {
518  ReplyMsg = NULL;
519  ReplyPort = CsrApiPort;
520  }
521  else
522  {
523  ReplyMsg = &ReceiveMsg;
524  ReplyPort = CsrApiPort;
525  }
526  }
527  else if (MessageType == LPC_REQUEST)
528  {
529  /* This is an API Message coming from a non-CSR Thread */
530  ReplyMsg = &ReceiveMsg;
531  ReplyPort = CsrApiPort;
532  ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
533  }
534  else if (MessageType == LPC_DATAGRAM)
535  {
536  /* This is an API call, get the Server ID */
537  ServerId = CSR_API_NUMBER_TO_SERVER_ID(ReceiveMsg.ApiNumber);
538 
539  /* Make sure that the ID is within limits, and the Server DLL loaded */
540  ServerDll = NULL;
541  if ((ServerId >= CSR_SERVER_DLL_MAX) ||
542  (!(ServerDll = CsrLoadedServerDll[ServerId])))
543  {
544  /* We are beyond the Maximum Server ID */
545 #ifdef CSR_DBG
546  DPRINT1("CSRSS: %lx is invalid ServerDllIndex (%08x)\n",
547  ServerId, ServerDll);
548  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
549 #endif
550 
551  ReplyMsg = NULL;
552  ReplyPort = CsrApiPort;
553  continue;
554  }
555 
556  /* Get the API ID, normalized with our Base ID */
557  ApiId = CSR_API_NUMBER_TO_API_ID(ReceiveMsg.ApiNumber) - ServerDll->ApiBase;
558 
559  /* Make sure that the ID is within limits, and the entry exists */
560  if (ApiId >= ServerDll->HighestApiSupported)
561  {
562  /* We are beyond the Maximum API ID, or it doesn't exist */
563  DPRINT1("CSRSS: %lx is invalid ApiTableIndex for %Z\n",
565  &ServerDll->Name);
566 
567  ReplyPort = CsrApiPort;
568  ReplyMsg = NULL;
569  continue;
570  }
571 
572 #ifdef CSR_DBG
573  if (CsrDebug & 2)
574  {
575  DPRINT1("[%02x] CSRSS: [%02x,%02x] - %s Api called from %08x\n",
576  Teb->ClientId.UniqueThread,
577  ReceiveMsg.Header.ClientId.UniqueProcess,
578  ReceiveMsg.Header.ClientId.UniqueThread,
579  ServerDll->NameTable[ApiId],
580  NULL);
581  }
582 #endif
583 
584  /* Assume success */
585  ReceiveMsg.Status = STATUS_SUCCESS;
586 
587  /* Validation complete, start SEH */
588  _SEH2_TRY
589  {
590  /* Make sure we have enough threads */
592 
593  /* Call the API and get the reply code */
594  ReplyMsg = NULL;
595  ReplyPort = CsrApiPort;
596  ServerDll->DispatchTable[ApiId](&ReceiveMsg, &ReplyCode);
597 
598  /* Increase the static thread count */
600  }
602  {
603  ReplyMsg = NULL;
604  ReplyPort = CsrApiPort;
605  }
606  _SEH2_END;
607  }
608  else
609  {
610  /* Some other ignored message type */
611  ReplyMsg = NULL;
612  ReplyPort = CsrApiPort;
613  }
614 
615  /* Keep going */
616  continue;
617  }
618 
619  /* We have a valid thread, was this an LPC Request? */
620  if (MessageType != LPC_REQUEST)
621  {
622  /* It's not an API, check if the client died */
623  if (MessageType == LPC_CLIENT_DIED)
624  {
625  /* Get the information and check if it matches our thread */
626  ClientDiedMsg = (PCLIENT_DIED_MSG)&ReceiveMsg;
627  if (ClientDiedMsg->CreateTime.QuadPart == CsrThread->CreateTime.QuadPart)
628  {
629  /* Now we reply to the dying client */
630  ReplyPort = CsrThread->Process->ClientPort;
631 
632  /* Reference the thread */
633  CsrLockedReferenceThread(CsrThread);
634 
635  /* Destroy the thread in the API Message */
636  CsrDestroyThread(&ReceiveMsg.Header.ClientId);
637 
638  /* Check if the thread was actually ourselves */
639  if (CsrProcess->ThreadCount == 1)
640  {
641  /* Kill the process manually here */
642  CsrDestroyProcess(&CsrThread->ClientId, 0);
643  }
644 
645  /* Remove our extra reference */
646  CsrLockedDereferenceThread(CsrThread);
647  }
648 
649  /* Release the lock and keep looping */
651 
652  ReplyMsg = NULL;
653  ReplyPort = CsrApiPort;
654  continue;
655  }
656 
657  /* Reference the thread and release the lock */
658  CsrLockedReferenceThread(CsrThread);
660 
661  /* Check if this was an exception */
662  if (MessageType == LPC_EXCEPTION)
663  {
664  /* Kill the process */
666 
667  /* Destroy it from CSR */
669 
670  /* Return a Debug Message */
671  DebugMessage = (PDBGKM_MSG)&ReceiveMsg;
672  DebugMessage->ReturnedStatus = DBG_CONTINUE;
673  ReplyMsg = &ReceiveMsg;
674  ReplyPort = CsrApiPort;
675 
676  /* Remove our extra reference */
677  CsrDereferenceThread(CsrThread);
678  }
679  else if (MessageType == LPC_ERROR_EVENT)
680  {
681  /* If it's a hard error, handle this too */
682  HardErrorMsg = (PHARDERROR_MSG)&ReceiveMsg;
683 
684  /* Default it to unhandled */
685  HardErrorMsg->Response = ResponseNotHandled;
686 
687  /* Check if there are free api threads */
690  {
691  /* Loop every Server DLL */
692  for (i = 0; i < CSR_SERVER_DLL_MAX; i++)
693  {
694  /* Get the Server DLL */
695  ServerDll = CsrLoadedServerDll[i];
696 
697  /* Check if it's valid and if it has a Hard Error Callback */
698  if ((ServerDll) && (ServerDll->HardErrorCallback))
699  {
700  /* Call it */
701  ServerDll->HardErrorCallback(CsrThread, HardErrorMsg);
702 
703  /* If it's handled, get out of here */
704  if (HardErrorMsg->Response != ResponseNotHandled) break;
705  }
706  }
707  }
708 
709  /* Increase the thread count */
711 
712  /* If the response was 0xFFFFFFFF, we'll ignore it */
713  if (HardErrorMsg->Response == 0xFFFFFFFF)
714  {
715  ReplyMsg = NULL;
716  ReplyPort = CsrApiPort;
717  }
718  else
719  {
720  CsrDereferenceThread(CsrThread);
721  ReplyMsg = &ReceiveMsg;
722  ReplyPort = CsrApiPort;
723  }
724  }
725  else
726  {
727  /* Something else */
728  CsrDereferenceThread(CsrThread);
729  ReplyMsg = NULL;
730  }
731 
732  /* Keep looping */
733  continue;
734  }
735 
736  /* We got an API Request */
737  CsrLockedReferenceThread(CsrThread);
739 
740  /* This is an API call, get the Server ID */
741  ServerId = CSR_API_NUMBER_TO_SERVER_ID(ReceiveMsg.ApiNumber);
742 
743  /* Make sure that the ID is within limits, and the Server DLL loaded */
744  ServerDll = NULL;
745  if ((ServerId >= CSR_SERVER_DLL_MAX) ||
746  (!(ServerDll = CsrLoadedServerDll[ServerId])))
747  {
748  /* We are beyond the Maximum Server ID */
749 #ifdef CSR_DBG
750  DPRINT1("CSRSS: %lx is invalid ServerDllIndex (%08x)\n",
751  ServerId, ServerDll);
752  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
753 #endif
754 
755  ReplyPort = CsrApiPort;
756  ReplyMsg = &ReceiveMsg;
757  ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
758  CsrDereferenceThread(CsrThread);
759  continue;
760  }
761 
762  /* Get the API ID, normalized with our Base ID */
763  ApiId = CSR_API_NUMBER_TO_API_ID(ReceiveMsg.ApiNumber) - ServerDll->ApiBase;
764 
765  /* Make sure that the ID is within limits, and the entry exists */
766  if (ApiId >= ServerDll->HighestApiSupported)
767  {
768  /* We are beyond the Maximum API ID, or it doesn't exist */
769  DPRINT1("CSRSS: %lx is invalid ApiTableIndex for %Z\n",
771  &ServerDll->Name);
772 
773  ReplyPort = CsrApiPort;
774  ReplyMsg = &ReceiveMsg;
775  ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
776  CsrDereferenceThread(CsrThread);
777  continue;
778  }
779 
780 #ifdef CSR_DBG
781  if (CsrDebug & 2)
782  {
783  DPRINT1("[%02x] CSRSS: [%02x,%02x] - %s Api called from %08x, Process %08x - %08x\n",
784  Teb->ClientId.UniqueThread,
785  ReceiveMsg.Header.ClientId.UniqueProcess,
786  ReceiveMsg.Header.ClientId.UniqueThread,
787  ServerDll->NameTable[ApiId],
788  CsrThread,
789  CsrThread->Process,
790  CsrProcess);
791  }
792 #endif
793 
794  /* Assume success */
795  ReplyMsg = &ReceiveMsg;
796  ReceiveMsg.Status = STATUS_SUCCESS;
797 
798  /* Now we reply to a particular client */
799  ReplyPort = CsrThread->Process->ClientPort;
800 
801  /* Check if there's a capture buffer */
802  if (ReceiveMsg.CsrCaptureData)
803  {
804  /* Capture the arguments */
805  if (!CsrCaptureArguments(CsrThread, &ReceiveMsg))
806  {
807  /* Ignore this message if we failed to get the arguments */
808  CsrDereferenceThread(CsrThread);
809  continue;
810  }
811  }
812 
813  /* Validation complete, start SEH */
814  _SEH2_TRY
815  {
816  /* Make sure we have enough threads */
818 
819  Teb->CsrClientThread = CsrThread;
820 
821  /* Call the API, get the reply code and return the result */
822  ReplyCode = CsrReplyImmediately;
823  ReplyMsg->Status = ServerDll->DispatchTable[ApiId](&ReceiveMsg, &ReplyCode);
824 
825  /* Increase the static thread count */
827 
828  Teb->CsrClientThread = CurrentThread;
829 
830  if (ReplyCode == CsrReplyAlreadySent)
831  {
832  if (ReceiveMsg.CsrCaptureData)
833  {
834  CsrReleaseCapturedArguments(&ReceiveMsg);
835  }
836  ReplyMsg = NULL;
837  ReplyPort = CsrApiPort;
838  CsrDereferenceThread(CsrThread);
839  }
840  else if (ReplyCode == CsrReplyDeadClient)
841  {
842  /* Reply to the death message */
843  NTSTATUS Status2;
844  Status2 = NtReplyPort(ReplyPort, &ReplyMsg->Header);
845  if (!NT_SUCCESS(Status2))
846  DPRINT1("CSRSS: Error while replying to the death message, Status 0x%lx\n", Status2);
847 
848  /* Reply back to the API port now */
849  ReplyMsg = NULL;
850  ReplyPort = CsrApiPort;
851  CsrDereferenceThread(CsrThread);
852  }
853  else if (ReplyCode == CsrReplyPending)
854  {
855  ReplyMsg = NULL;
856  ReplyPort = CsrApiPort;
857  }
858  else
859  {
860  if (ReceiveMsg.CsrCaptureData)
861  {
862  CsrReleaseCapturedArguments(&ReceiveMsg);
863  }
864  CsrDereferenceThread(CsrThread);
865  }
866  }
868  {
869  ReplyMsg = NULL;
870  ReplyPort = CsrApiPort;
871  }
872  _SEH2_END;
873  }
874 
875  /* We're out of the loop for some reason, terminate! */
877  return Status;
878 }
ULONG HighestApiSupported
Definition: csrsrv.h:223
VOID NTAPI CsrLockedReferenceThread(IN PCSR_THREAD CsrThread)
Definition: thredsup.c:154
ULONG Win32ClientInfo[31]
Definition: compat.h:505
ULONG Response
Definition: extypes.h:670
#define TRUE
Definition: types.h:120
BOOLEAN NTAPI CsrCaptureArguments(IN PCSR_THREAD CsrThread, IN PCSR_API_MESSAGE ApiMessage)
Definition: api.c:1119
LARGE_INTEGER CreateTime
Definition: lpctypes.h:270
NTSTATUS ReturnedStatus
Definition: dbgktypes.h:210
PVOID CsrClientThread
Definition: compat.h:503
LONG NTSTATUS
Definition: precomp.h:26
#define NtCurrentThread()
ULONG CsrDebug
Definition: init.c:23
NTSTATUS NTAPI CsrDestroyProcess(IN PCLIENT_ID Cid, IN NTSTATUS ExitStatus)
Definition: procsup.c:734
ANSI_STRING Name
Definition: csrsrv.h:218
PKPROCESS CsrProcess
Definition: videoprt.c:37
VOID NTAPI CsrDereferenceThread(IN PCSR_THREAD CsrThread)
Definition: thredsup.c:775
PCSR_CAPTURE_BUFFER CsrCaptureData
Definition: csrmsg.h:110
_In_ PVOID Parameter
Definition: ldrtypes.h:241
HANDLE UniqueProcess
Definition: compat.h:483
void DbgBreakPoint()
Definition: mach.c:553
#define CSR_SERVER_DLL_MAX
Definition: api.h:34
#define CsrReleaseProcessLock()
Definition: api.h:15
PCSR_THREAD NTAPI CsrConnectToUser(VOID)
Definition: api.c:1017
#define DBG_CONTINUE
Definition: ntstatus.h:47
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:231
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI NtReplyPort(IN HANDLE PortHandle, IN PPORT_MESSAGE ReplyMessage)
Definition: reply.c:190
CLIENT_ID ClientId
Definition: compat.h:497
EXCEPTION_DISPOSITION NTAPI CsrUnhandledExceptionFilter(IN PEXCEPTION_POINTERS ExceptionInfo)
Definition: server.c:622
PCSR_PROCESS Process
Definition: csrsrv.h:69
struct _CLIENT_DIED_MSG * PCLIENT_DIED_MSG
NTSTATUS NTAPI CsrApiHandleConnectionRequest(IN PCSR_API_MESSAGE ApiMessage)
Definition: api.c:140
NTSTATUS Status
Definition: csrmsg.h:112
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
VOID NTAPI CsrReleaseCapturedArguments(IN PCSR_API_MESSAGE ApiMessage)
Definition: api.c:1333
#define STATUS_INVALID_CID
Definition: ntstatus.h:234
ULONG CountOfOwnedCriticalSections
Definition: compat.h:502
VOID NTAPI CsrLockedDereferenceThread(IN PCSR_THREAD CsrThread)
Definition: thredsup.c:467
#define _SEH2_GetExceptionInformation()
Definition: pseh2_64.h:11
smooth NULL
Definition: ftsmooth.c:416
CSR_API_NUMBER ApiNumber
Definition: csrmsg.h:111
NTSTATUS NTAPI NtDelayExecution(IN BOOLEAN Alertable, IN PLARGE_INTEGER DelayInterval)
Definition: wait.c:879
NTSTATUS NtTerminateThread(IN HANDLE ThreadHandle OPTIONAL, IN NTSTATUS ExitStatus)
Definition: kill.c:1278
NTSTATUS NTAPI NtSetEvent(IN HANDLE EventHandle, OUT PLONG PreviousState OPTIONAL)
Definition: event.c:458
LARGE_INTEGER CreateTime
Definition: csrsrv.h:65
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
CLIENT_ID ClientId
Definition: csrsrv.h:68
CLIENT_ID RealClientId
Definition: compat.h:519
#define CSR_API_NUMBER_TO_SERVER_ID(ApiNumber)
Definition: csrmsg.h:40
HANDLE UniqueThread
Definition: compat.h:484
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PCSR_HARDERROR_CALLBACK HardErrorCallback
Definition: csrsrv.h:237
#define CsrAcquireProcessLock()
Definition: api.h:12
NTSTATUS NTAPI NtReplyWaitReceivePort(IN HANDLE PortHandle, OUT PVOID *PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage)
Definition: reply.c:743
#define CSR_API_NUMBER_TO_API_ID(ApiNumber)
Definition: csrmsg.h:43
NTSTATUS NTAPI CsrDestroyThread(IN PCLIENT_ID Cid)
Definition: thredsup.c:813
volatile ULONG CsrpStaticThreadCount
Definition: api.c:23
PCSR_THREAD NTAPI CsrLocateThreadByClientId(OUT PCSR_PROCESS *Process OPTIONAL, IN PCLIENT_ID ClientId)
Definition: thredsup.c:182
Status
Definition: gdiplustypes.h:24
HANDLE CsrApiPort
Definition: connect.c:21
ULONG ApiBase
Definition: csrsrv.h:222
Definition: compat.h:493
HANDLE ClientPort
Definition: csrsrv.h:43
_SEH2_END
Definition: create.c:4400
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
Definition: psfuncs.h:420
struct _HARDERROR_MSG * PHARDERROR_MSG
#define NtCurrentPeb()
Definition: FLS.c:20
#define InterlockedIncrementUL(Addend)
Definition: ex.h:1513
struct _DBGKM_MSG * PDBGKM_MSG
volatile ULONG CsrpDynamicThreadTotal
Definition: api.c:24
enum _CSR_REPLY_CODE CSR_REPLY_CODE
CLIENT_ID ClientId
Definition: winternl.h:1751
#define DPRINT1
Definition: precomp.h:8
PCSR_API_ROUTINE * DispatchTable
Definition: csrsrv.h:224
unsigned int ULONG
Definition: retypes.h:1
NTSTATUS NTAPI CsrpCheckRequestThreads(VOID)
Definition: api.c:255
NTSTATUS NTAPI NtTerminateProcess(HANDLE ProcessHandle, LONG ExitStatus)
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
return STATUS_SUCCESS
Definition: btrfs.c:3014
PORT_MESSAGE Header
Definition: csrmsg.h:104
#define STATUS_ILLEGAL_FUNCTION
Definition: ntstatus.h:397
#define STATUS_ABANDONED
Definition: ntstatus.h:75
PCSR_SERVER_DLL CsrLoadedServerDll[CSR_SERVER_DLL_MAX]
Definition: server.c:20
LONGLONG QuadPart
Definition: typedefs.h:113

Referenced by CsrApiPortInitialize(), and CsrpCheckRequestThreads().

◆ CsrCallServerFromServer()

NTSTATUS NTAPI CsrCallServerFromServer ( IN PCSR_API_MESSAGE  ReceiveMsg,
IN OUT PCSR_API_MESSAGE  ReplyMsg 
)

Definition at line 51 of file api.c.

53 {
54  ULONG ServerId;
55  PCSR_SERVER_DLL ServerDll;
56  ULONG ApiId;
58 
59  /* Get the Server ID */
60  ServerId = CSR_API_NUMBER_TO_SERVER_ID(ReceiveMsg->ApiNumber);
61 
62  /* Make sure that the ID is within limits, and the Server DLL loaded */
63  if ((ServerId >= CSR_SERVER_DLL_MAX) ||
64  (!(ServerDll = CsrLoadedServerDll[ServerId])))
65  {
66  /* We are beyond the Maximum Server ID */
67  DPRINT1("CSRSS: %lx is invalid ServerDllIndex (%08x)\n", ServerId, ServerDll);
68  ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
70  }
71  else
72  {
73  /* Get the API ID, normalized with our Base ID */
74  ApiId = CSR_API_NUMBER_TO_API_ID(ReceiveMsg->ApiNumber) - ServerDll->ApiBase;
75 
76  /* Make sure that the ID is within limits, and the entry exists */
77  if ((ApiId >= ServerDll->HighestApiSupported) ||
78  ((ServerDll->ValidTable) && !(ServerDll->ValidTable[ApiId])))
79  {
80  /* We are beyond the Maximum API ID, or it doesn't exist */
81 #ifdef CSR_DBG
82  DPRINT1("API: %d\n", ApiId);
83  DPRINT1("CSRSS: %lx (%s) is invalid ApiTableIndex for %Z or is an "
84  "invalid API to call from the server.\n",
85  ApiId,
86  ((ServerDll->NameTable) && (ServerDll->NameTable[ApiId])) ?
87  ServerDll->NameTable[ApiId] : "*** UNKNOWN ***",
88  &ServerDll->Name);
89  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
90 #endif
91  ReplyMsg->Status = STATUS_ILLEGAL_FUNCTION;
93  }
94  }
95 
96 #ifdef CSR_DBG
97  if (CsrDebug & 2)
98  {
99  DPRINT1("CSRSS: %s Api Request received from server process\n",
100  ServerDll->NameTable[ApiId]);
101  }
102 #endif
103 
104  /* Validation complete, start SEH */
105  _SEH2_TRY
106  {
107  /* Call the API, get the reply code and return the result */
108  ReplyMsg->Status = ServerDll->DispatchTable[ApiId](ReceiveMsg, &ReplyCode);
109  }
111  {
112  /* If we got an exception, return access violation */
113  ReplyMsg->Status = STATUS_ACCESS_VIOLATION;
114  }
115  _SEH2_END;
116 
117  /* Return success */
118  return STATUS_SUCCESS;
119 }
ULONG HighestApiSupported
Definition: csrsrv.h:223
ULONG CsrDebug
Definition: init.c:23
ANSI_STRING Name
Definition: csrsrv.h:218
void DbgBreakPoint()
Definition: mach.c:553
#define CSR_SERVER_DLL_MAX
Definition: api.h:34
_SEH2_TRY
Definition: create.c:4226
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define CSR_API_NUMBER_TO_SERVER_ID(ApiNumber)
Definition: csrmsg.h:40
#define CSR_API_NUMBER_TO_API_ID(ApiNumber)
Definition: csrmsg.h:43
ULONG ApiBase
Definition: csrsrv.h:222
_SEH2_END
Definition: create.c:4400
#define NtCurrentPeb()
Definition: FLS.c:20
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:228
enum _CSR_REPLY_CODE CSR_REPLY_CODE
#define DPRINT1
Definition: precomp.h:8
PCSR_API_ROUTINE * DispatchTable
Definition: csrsrv.h:224
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
return STATUS_SUCCESS
Definition: btrfs.c:3014
#define STATUS_ILLEGAL_FUNCTION
Definition: ntstatus.h:397
PBOOLEAN ValidTable
Definition: csrsrv.h:225
PCSR_SERVER_DLL CsrLoadedServerDll[CSR_SERVER_DLL_MAX]
Definition: server.c:20

◆ CsrCaptureArguments()

BOOLEAN NTAPI CsrCaptureArguments ( IN PCSR_THREAD  CsrThread,
IN PCSR_API_MESSAGE  ApiMessage 
)

Definition at line 1119 of file api.c.

1121 {
1122  PCSR_PROCESS CsrProcess = CsrThread->Process;
1123  PCSR_CAPTURE_BUFFER ClientCaptureBuffer, ServerCaptureBuffer = NULL;
1124  ULONG_PTR EndOfClientBuffer;
1125  SIZE_T SizeOfBufferThroughOffsetsArray;
1126  SIZE_T BufferDistance;
1127  ULONG Length;
1128  ULONG PointerCount;
1129  PULONG_PTR OffsetPointer;
1130  ULONG_PTR CurrentOffset;
1131 
1132  /* Get the buffer we got from whoever called NTDLL */
1133  ClientCaptureBuffer = ApiMessage->CsrCaptureData;
1134 
1135  /* Use SEH to validate and capture the client buffer */
1136  _SEH2_TRY
1137  {
1138  /* Check whether at least the buffer's header is inside our mapped section */
1139  if ( ((ULONG_PTR)ClientCaptureBuffer < CsrProcess->ClientViewBase) ||
1140  (((ULONG_PTR)ClientCaptureBuffer + FIELD_OFFSET(CSR_CAPTURE_BUFFER, PointerOffsetsArray))
1141  >= CsrProcess->ClientViewBounds) )
1142  {
1143 #ifdef CSR_DBG
1144  DPRINT1("*** CSRSS: CaptureBuffer outside of ClientView 1\n");
1145  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
1146 #endif
1147  /* Return failure */
1148  ApiMessage->Status = STATUS_INVALID_PARAMETER;
1149  _SEH2_YIELD(return FALSE);
1150  }
1151 
1152  /* Capture the buffer length */
1153  Length = ((volatile CSR_CAPTURE_BUFFER*)ClientCaptureBuffer)->Size;
1154 
1155  /*
1156  * Now check if the remaining of the buffer is inside our mapped section.
1157  * Take also care for any possible wrap-around of the buffer end-address.
1158  */
1159  EndOfClientBuffer = (ULONG_PTR)ClientCaptureBuffer + Length;
1160  if ( (EndOfClientBuffer < (ULONG_PTR)ClientCaptureBuffer) ||
1161  (EndOfClientBuffer >= CsrProcess->ClientViewBounds) )
1162  {
1163 #ifdef CSR_DBG
1164  DPRINT1("*** CSRSS: CaptureBuffer outside of ClientView 2\n");
1165  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
1166 #endif
1167  /* Return failure */
1168  ApiMessage->Status = STATUS_INVALID_PARAMETER;
1169  _SEH2_YIELD(return FALSE);
1170  }
1171 
1172  /* Capture the pointer count */
1173  PointerCount = ((volatile CSR_CAPTURE_BUFFER*)ClientCaptureBuffer)->PointerCount;
1174 
1175  /*
1176  * Check whether the total buffer size and the pointer count are consistent
1177  * -- the array of offsets must be contained inside the buffer.
1178  */
1179  SizeOfBufferThroughOffsetsArray =
1180  FIELD_OFFSET(CSR_CAPTURE_BUFFER, PointerOffsetsArray) +
1181  (PointerCount * sizeof(PVOID));
1182  if ( (PointerCount > MAXUSHORT) ||
1183  (SizeOfBufferThroughOffsetsArray > Length) )
1184  {
1185 #ifdef CSR_DBG
1186  DPRINT1("*** CSRSS: CaptureBuffer %p has bad length\n", ClientCaptureBuffer);
1187  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
1188 #endif
1189  /* Return failure */
1190  ApiMessage->Status = STATUS_INVALID_PARAMETER;
1191  _SEH2_YIELD(return FALSE);
1192  }
1193  }
1195  {
1196 #ifdef CSR_DBG
1197  DPRINT1("*** CSRSS: Took exception during capture %x\n", _SEH2_GetExceptionCode());
1198  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
1199 #endif
1200  /* Return failure */
1201  ApiMessage->Status = STATUS_INVALID_PARAMETER;
1202  _SEH2_YIELD(return FALSE);
1203  }
1204  _SEH2_END;
1205 
1206  /* We validated the client buffer, now allocate the server buffer */
1207  ServerCaptureBuffer = RtlAllocateHeap(CsrHeap, HEAP_ZERO_MEMORY, Length);
1208  if (!ServerCaptureBuffer)
1209  {
1210  /* We're out of memory */
1211  ApiMessage->Status = STATUS_NO_MEMORY;
1212  return FALSE;
1213  }
1214 
1215  /*
1216  * Copy the client's buffer and ensure we use the correct buffer length
1217  * and pointer count we captured and used for validation earlier on.
1218  */
1219  _SEH2_TRY
1220  {
1221  RtlMoveMemory(ServerCaptureBuffer, ClientCaptureBuffer, Length);
1222  }
1224  {
1225 #ifdef CSR_DBG
1226  DPRINT1("*** CSRSS: Took exception during capture %x\n", _SEH2_GetExceptionCode());
1227  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
1228 #endif
1229  /* Failure, free the buffer and return */
1230  RtlFreeHeap(CsrHeap, 0, ServerCaptureBuffer);
1231  ApiMessage->Status = STATUS_INVALID_PARAMETER;
1232  _SEH2_YIELD(return FALSE);
1233  }
1234  _SEH2_END;
1235 
1236  ServerCaptureBuffer->Size = Length;
1237  ServerCaptureBuffer->PointerCount = PointerCount;
1238 
1239  /* Calculate the difference between our buffer and the client's */
1240  BufferDistance = (ULONG_PTR)ServerCaptureBuffer - (ULONG_PTR)ClientCaptureBuffer;
1241 
1242  /*
1243  * All the pointer offsets correspond to pointers which point
1244  * to the server data buffer instead of the client one.
1245  */
1246  // PointerCount = ServerCaptureBuffer->PointerCount;
1247  OffsetPointer = ServerCaptureBuffer->PointerOffsetsArray;
1248  while (PointerCount--)
1249  {
1250  CurrentOffset = *OffsetPointer;
1251 
1252  if (CurrentOffset != 0)
1253  {
1254  /*
1255  * Check whether the offset is pointer-aligned and whether
1256  * it points inside CSR_API_MESSAGE::Data.ApiMessageData.
1257  */
1258  if ( ((CurrentOffset & (sizeof(PVOID)-1)) != 0) ||
1259  (CurrentOffset < FIELD_OFFSET(CSR_API_MESSAGE, Data.ApiMessageData)) ||
1260  (CurrentOffset >= sizeof(CSR_API_MESSAGE)) )
1261  {
1262 #ifdef CSR_DBG
1263  DPRINT1("*** CSRSS: CaptureBuffer MessagePointer outside of message\n");
1264  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
1265 #endif
1266  /* Invalid pointer, fail */
1267  ApiMessage->Status = STATUS_INVALID_PARAMETER;
1268  break;
1269  }
1270 
1271  /* Get the pointer corresponding to the offset */
1272  CurrentOffset += (ULONG_PTR)ApiMessage;
1273 
1274  /* Validate the bounds of the current pointed pointer */
1275  if ( (*(PULONG_PTR)CurrentOffset >= ((ULONG_PTR)ClientCaptureBuffer +
1276  SizeOfBufferThroughOffsetsArray)) &&
1277  (*(PULONG_PTR)CurrentOffset <= (EndOfClientBuffer - sizeof(PVOID))) )
1278  {
1279  /* Modify the pointed pointer to take into account its new position */
1280  *(PULONG_PTR)CurrentOffset += BufferDistance;
1281  }
1282  else
1283  {
1284 #ifdef CSR_DBG
1285  DPRINT1("*** CSRSS: CaptureBuffer MessagePointer outside of ClientView\n");
1286  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
1287 #endif
1288  /* Invalid pointer, fail */
1289  ApiMessage->Status = STATUS_INVALID_PARAMETER;
1290  break;
1291  }
1292  }
1293 
1294  ++OffsetPointer;
1295  }
1296 
1297  /* Check if we got success */
1298  if (ApiMessage->Status != STATUS_SUCCESS)
1299  {
1300  /* Failure, free the buffer and return */
1301  RtlFreeHeap(CsrHeap, 0, ServerCaptureBuffer);
1302  return FALSE;
1303  }
1304  else
1305  {
1306  /* Success, save the previous buffer and use the server capture buffer */
1307  ServerCaptureBuffer->PreviousCaptureBuffer = ClientCaptureBuffer;
1308  ApiMessage->CsrCaptureData = ServerCaptureBuffer;
1309  }
1310 
1311  /* Success */
1312  return TRUE;
1313 }
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
PKPROCESS CsrProcess
Definition: videoprt.c:37
void DbgBreakPoint()
Definition: mach.c:553
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_TRY
Definition: create.c:4226
uint32_t ULONG_PTR
Definition: typedefs.h:64
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
void * PVOID
Definition: retypes.h:9
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
struct _CSR_CAPTURE_BUFFER * PreviousCaptureBuffer
Definition: csrmsg.h:95
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
ULONG PointerCount
Definition: csrmsg.h:96
ULONG_PTR SIZE_T
Definition: typedefs.h:79
_SEH2_END
Definition: create.c:4400
#define NtCurrentPeb()
Definition: FLS.c:20
#define STATUS_NO_MEMORY
Definition: ntstatus.h:246
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define MAXUSHORT
Definition: typedefs.h:82
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
#define ULONG_PTR
Definition: config.h:101
uint32_t * PULONG_PTR
Definition: typedefs.h:64
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
HANDLE CsrHeap
Definition: init.c:25
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
return STATUS_SUCCESS
Definition: btrfs.c:3014
ULONG_PTR PointerOffsetsArray[ANYSIZE_ARRAY]
Definition: csrmsg.h:98

Referenced by CsrApiRequestThread().

◆ CsrConnectToUser()

PCSR_THREAD NTAPI CsrConnectToUser ( VOID  )

Definition at line 1017 of file api.c.

1018 {
1019  NTSTATUS Status;
1020  ANSI_STRING DllName;
1021  UNICODE_STRING TempName;
1022  HANDLE hUser32;
1023  STRING StartupName;
1024  PTEB Teb = NtCurrentTeb();
1025  PCSR_THREAD CsrThread;
1026  BOOLEAN Connected;
1027 
1028  /* Check if we didn't already find it */
1029  if (!CsrClientThreadSetup)
1030  {
1031  /* Get the DLL Handle for user32.dll */
1032  RtlInitAnsiString(&DllName, "user32");
1033  RtlAnsiStringToUnicodeString(&TempName, &DllName, TRUE);
1035  NULL,
1036  &TempName,
1037  &hUser32);
1038  RtlFreeUnicodeString(&TempName);
1039 
1040  /* If we got the handle, get the Client Thread Startup Entrypoint */
1041  if (NT_SUCCESS(Status))
1042  {
1043  RtlInitAnsiString(&StartupName,"ClientThreadSetup");
1044  Status = LdrGetProcedureAddress(hUser32,
1045  &StartupName,
1046  0,
1048  }
1049  }
1050 
1051  /* Connect to user32 */
1052  _SEH2_TRY
1053  {
1054  Connected = CsrClientThreadSetup();
1055  }
1057  {
1058  Connected = FALSE;
1059  }
1060  _SEH2_END;
1061 
1062  if (!Connected)
1063  {
1064  DPRINT1("CSRSS: CsrConnectToUser failed\n");
1065  return NULL;
1066  }
1067 
1068  /* Save pointer to this thread in TEB */
1070  CsrThread = CsrLocateThreadInProcess(NULL, &Teb->ClientId);
1072  if (CsrThread) Teb->CsrClientThread = CsrThread;
1073 
1074  /* Return it */
1075  return CsrThread;
1076 }
#define TRUE
Definition: types.h:120
NTSTATUS NTAPI LdrGetDllHandle(IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *DllHandle)
Definition: ldrapi.c:805
PVOID CsrClientThread
Definition: compat.h:503
BOOLEAN(* CsrClientThreadSetup)(VOID)
Definition: api.c:21
LONG NTSTATUS
Definition: precomp.h:26
#define CsrReleaseProcessLock()
Definition: api.h:15
_SEH2_TRY
Definition: create.c:4226
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
CLIENT_ID ClientId
Definition: compat.h:497
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
NTSTATUS NTAPI LdrGetProcedureAddress(IN PVOID BaseAddress, IN PANSI_STRING Name, IN ULONG Ordinal, OUT PVOID *ProcedureAddress)
Definition: ldrapi.c:823
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
std::wstring STRING
Definition: fontsub.cpp:33
#define CsrAcquireProcessLock()
Definition: api.h:12
PCSR_THREAD NTAPI CsrLocateThreadInProcess(IN PCSR_PROCESS CsrProcess OPTIONAL, IN PCLIENT_ID Cid)
Definition: thredsup.c:248
Status
Definition: gdiplustypes.h:24
Definition: compat.h:493
_SEH2_END
Definition: create.c:4400
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
Definition: psfuncs.h:420
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
#define DPRINT1
Definition: precomp.h:8
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6

Referenced by CsrApiRequestThread(), and GuiConsoleInputThread().

◆ CsrpCheckRequestThreads()

NTSTATUS NTAPI CsrpCheckRequestThreads ( VOID  )

Definition at line 255 of file api.c.

256 {
257  HANDLE hThread;
260 
261  /* Decrease the count, and see if we're out */
263  {
264  /* Check if we've still got space for a Dynamic Thread */
266  {
267  /* Create a new dynamic thread */
269  NULL,
270  TRUE,
271  0,
272  0,
273  0,
275  NULL,
276  &hThread,
277  &ClientId);
278  /* Check success */
279  if (NT_SUCCESS(Status))
280  {
281  /* Increase the thread counts */
284 
285  /* Add a new server thread */
287  &ClientId,
289  {
290  /* Activate it */
292  }
293  else
294  {
295  /* Failed to create a new static thread */
298 
299  /* Terminate it */
300  DPRINT1("Failing\n");
302  NtClose(hThread);
303 
304  /* Return */
305  return STATUS_UNSUCCESSFUL;
306  }
307  }
308  }
309  }
310 
311  /* Success */
312  return STATUS_SUCCESS;
313 }
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
PCSR_THREAD NTAPI CsrAddStaticServerThread(IN HANDLE hThread, IN PCLIENT_ID ClientId, IN ULONG ThreadFlags)
Definition: thredsup.c:511
smooth NULL
Definition: ftsmooth.c:416
#define NtCurrentProcess()
Definition: nt_native.h:1657
NTSTATUS NtTerminateThread(IN HANDLE ThreadHandle OPTIONAL, IN NTSTATUS ExitStatus)
Definition: kill.c:1278
NTSTATUS NTAPI NtResumeThread(IN HANDLE ThreadHandle, OUT PULONG SuspendCount OPTIONAL)
Definition: state.c:290
_Out_ PCLIENT_ID ClientId
Definition: kefuncs.h:1163
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ULONG CsrMaxApiRequestThreads
Definition: init.c:34
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
NTSTATUS NTAPI CsrApiRequestThread(IN PVOID Parameter)
Definition: api.c:332
#define InterlockedDecrementUL(Addend)
Definition: ex.h:1510
volatile ULONG CsrpStaticThreadCount
Definition: api.c:23
NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(_In_ PVOID ThreadContext, _Out_ HANDLE *OutThreadHandle, _Reserved_ PVOID Reserved1, _Reserved_ PVOID Reserved2, _Reserved_ PVOID Reserved3, _Reserved_ PVOID Reserved4, _Reserved_ PVOID Reserved5, _Reserved_ PVOID Reserved6, _Reserved_ PVOID Reserved7, _Reserved_ PVOID Reserved8)
Status
Definition: gdiplustypes.h:24
#define InterlockedIncrementUL(Addend)
Definition: ex.h:1513
volatile ULONG CsrpDynamicThreadTotal
Definition: api.c:24
HANDLE hThread
Definition: wizard.c:27
#define DPRINT1
Definition: precomp.h:8
return STATUS_SUCCESS
Definition: btrfs.c:3014

Referenced by CsrApiRequestThread().

◆ CsrQueryApiPort()

HANDLE NTAPI CsrQueryApiPort ( VOID  )

Definition at line 1093 of file api.c.

1094 {
1095  return CsrApiPort;
1096 }
HANDLE CsrApiPort
Definition: connect.c:21

Referenced by CSR_API(), and UserClientConnect().

◆ CsrReleaseCapturedArguments()

VOID NTAPI CsrReleaseCapturedArguments ( IN PCSR_API_MESSAGE  ApiMessage)

Definition at line 1333 of file api.c.

1334 {
1335  PCSR_CAPTURE_BUFFER ServerCaptureBuffer, ClientCaptureBuffer;
1336  SIZE_T BufferDistance;
1337  ULONG PointerCount;
1338  PULONG_PTR OffsetPointer;
1339  ULONG_PTR CurrentOffset;
1340 
1341  /* Get the server capture buffer */
1342  ServerCaptureBuffer = ApiMessage->CsrCaptureData;
1343 
1344  /* Do not continue if there is no captured buffer */
1345  if (!ServerCaptureBuffer) return;
1346 
1347  /* If there is one, get the corresponding client capture buffer */
1348  ClientCaptureBuffer = ServerCaptureBuffer->PreviousCaptureBuffer;
1349 
1350  /* Free the previous one and use again the client capture buffer */
1351  ServerCaptureBuffer->PreviousCaptureBuffer = NULL;
1352  ApiMessage->CsrCaptureData = ClientCaptureBuffer;
1353 
1354  /* Calculate the difference between our buffer and the client's */
1355  BufferDistance = (ULONG_PTR)ServerCaptureBuffer - (ULONG_PTR)ClientCaptureBuffer;
1356 
1357  /*
1358  * All the pointer offsets correspond to pointers which point
1359  * to the client data buffer instead of the server one (reverse
1360  * the logic of CsrCaptureArguments()).
1361  */
1362  PointerCount = ServerCaptureBuffer->PointerCount;
1363  OffsetPointer = ServerCaptureBuffer->PointerOffsetsArray;
1364  while (PointerCount--)
1365  {
1366  CurrentOffset = *OffsetPointer;
1367 
1368  if (CurrentOffset != 0)
1369  {
1370  /* Get the pointer corresponding to the offset */
1371  CurrentOffset += (ULONG_PTR)ApiMessage;
1372 
1373  /* Modify the pointed pointer to take into account its new position */
1374  *(PULONG_PTR)CurrentOffset -= BufferDistance;
1375  }
1376 
1377  ++OffsetPointer;
1378  }
1379 
1380  /* Copy the data back into the client buffer */
1381  _SEH2_TRY
1382  {
1383  RtlMoveMemory(ClientCaptureBuffer, ServerCaptureBuffer, ServerCaptureBuffer->Size);
1384  }
1386  {
1387 #ifdef CSR_DBG
1388  DPRINT1("*** CSRSS: Took exception during release %x\n", _SEH2_GetExceptionCode());
1389  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
1390 #endif
1391  /* Return failure */
1392  ApiMessage->Status = _SEH2_GetExceptionCode();
1393  }
1394  _SEH2_END;
1395 
1396  /* Free our allocated buffer */
1397  RtlFreeHeap(CsrHeap, 0, ServerCaptureBuffer);
1398 }
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
void DbgBreakPoint()
Definition: mach.c:553
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_TRY
Definition: create.c:4226
uint32_t ULONG_PTR
Definition: typedefs.h:64
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
struct _CSR_CAPTURE_BUFFER * PreviousCaptureBuffer
Definition: csrmsg.h:95
ULONG PointerCount
Definition: csrmsg.h:96
ULONG_PTR SIZE_T
Definition: typedefs.h:79
_SEH2_END
Definition: create.c:4400
#define NtCurrentPeb()
Definition: FLS.c:20
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
#define ULONG_PTR
Definition: config.h:101
uint32_t * PULONG_PTR
Definition: typedefs.h:64
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
HANDLE CsrHeap
Definition: init.c:25
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
ULONG_PTR PointerOffsetsArray[ANYSIZE_ARRAY]
Definition: csrmsg.h:98

Referenced by CsrApiRequestThread(), and CsrNotifyWaitBlock().

◆ CsrValidateMessageBuffer()

BOOLEAN NTAPI CsrValidateMessageBuffer ( IN PCSR_API_MESSAGE  ApiMessage,
IN PVOID Buffer,
IN ULONG  ElementCount,
IN ULONG  ElementSize 
)

Definition at line 1426 of file api.c.

1430 {
1431  PCSR_CAPTURE_BUFFER CaptureBuffer = ApiMessage->CsrCaptureData;
1432  SIZE_T BufferDistance = (ULONG_PTR)Buffer - (ULONG_PTR)ApiMessage;
1433  ULONG PointerCount;
1434  PULONG_PTR OffsetPointer;
1435 
1436  /*
1437  * Check whether we have a valid buffer pointer, elements
1438  * of non-trivial size and that we don't overflow.
1439  */
1440  if (!Buffer || ElementSize == 0 ||
1441  (ULONGLONG)ElementCount * ElementSize > (ULONGLONG)0xFFFFFFFF)
1442  {
1443  return FALSE;
1444  }
1445 
1446  /* Check if didn't get a buffer and there aren't any arguments to check */
1447  // if (!*Buffer && (ElementCount * ElementSize == 0))
1448  if (!*Buffer && ElementCount == 0) // Here ElementSize != 0 therefore only ElementCount can be == 0
1449  return TRUE;
1450 
1451  /* Check if we have no capture buffer */
1452  if (!CaptureBuffer)
1453  {
1454  /*
1455  * In this case, check only the Process ID
1456  * and if there is a match, we succeed.
1457  */
1458  if (NtCurrentTeb()->ClientId.UniqueProcess ==
1459  ApiMessage->Header.ClientId.UniqueProcess)
1460  {
1461  return TRUE;
1462  }
1463  }
1464  else
1465  {
1466  /* Make sure that there is still space left in the buffer */
1467  if ((CaptureBuffer->Size - (ULONG_PTR)*Buffer + (ULONG_PTR)CaptureBuffer) >=
1468  (ElementCount * ElementSize))
1469  {
1470  /* Perform the validation test */
1471  PointerCount = CaptureBuffer->PointerCount;
1472  OffsetPointer = CaptureBuffer->PointerOffsetsArray;
1473  while (PointerCount--)
1474  {
1475  /*
1476  * The pointer offset must be equal to the delta between
1477  * the addresses of the buffer and of the API message.
1478  */
1479  if (*OffsetPointer == BufferDistance)
1480  {
1481  return TRUE;
1482  }
1483  ++OffsetPointer;
1484  }
1485  }
1486  }
1487 
1488  /* Failure */
1489 #ifdef CSR_DBG
1490  DPRINT1("CSRSRV: Bad message buffer %p\n", ApiMessage);
1491  if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
1492 #endif
1493  return FALSE;
1494 }
#define TRUE
Definition: types.h:120
void DbgBreakPoint()
Definition: mach.c:553
uint32_t ULONG_PTR
Definition: typedefs.h:64
Definition: bufpool.h:45
uint64_t ULONGLONG
Definition: typedefs.h:66
ULONG_PTR SIZE_T
Definition: typedefs.h:79
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
Definition: psfuncs.h:420
#define NtCurrentPeb()
Definition: FLS.c:20
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
#define ULONG_PTR
Definition: config.h:101
uint32_t * PULONG_PTR
Definition: typedefs.h:64

Referenced by CON_API(), CON_API_NOCONSOLE(), CSR_API(), and CsrValidateMessageString().

◆ CsrValidateMessageString()

BOOLEAN NTAPI CsrValidateMessageString ( IN PCSR_API_MESSAGE  ApiMessage,
IN PWSTR MessageString 
)

Definition at line 1516 of file api.c.

1518 {
1519  if (MessageString)
1520  {
1521  return CsrValidateMessageBuffer(ApiMessage,
1522  (PVOID*)MessageString,
1523  wcslen(*MessageString) + 1,
1524  sizeof(WCHAR));
1525  }
1526  else
1527  {
1528  return FALSE;
1529  }
1530 }
BOOLEAN NTAPI CsrValidateMessageBuffer(IN PCSR_API_MESSAGE ApiMessage, IN PVOID *Buffer, IN ULONG ElementCount, IN ULONG ElementSize)
Definition: api.c:1426
__wchar_t WCHAR
Definition: xmlstorage.h:180
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

Variable Documentation

◆ CsrApiPortName

UNICODE_STRING CsrApiPortName

Definition at line 22 of file api.c.

Referenced by CsrApiPortInitialize().

◆ CsrClientThreadSetup

BOOLEAN(* CsrClientThreadSetup) (VOID) = NULL

Definition at line 21 of file api.c.

Referenced by CsrConnectToUser().

◆ CsrMaxApiRequestThreads

ULONG CsrMaxApiRequestThreads

Definition at line 34 of file init.c.

Referenced by CsrpCheckRequestThreads().

◆ CsrpDynamicThreadTotal

volatile ULONG CsrpDynamicThreadTotal

Definition at line 24 of file api.c.

Referenced by CsrApiRequestThread(), and CsrpCheckRequestThreads().

◆ CsrpStaticThreadCount

volatile ULONG CsrpStaticThreadCount

Definition at line 23 of file api.c.

Referenced by CsrApiRequestThread(), and CsrpCheckRequestThreads().