#include <win32k.h>
#include <debug.h>

Include dependency graph for mem.c:

Macros
#define	NDEBUG

Functions
_Must_inspect_result_	_When_ (fl &FL_ZERO_MEMORY, _Ret_opt_bytecount_(cjMemSize)) _When_(!(fl &FL_ZERO_MEMORY)

_Must_inspect_result_	_Ret_opt_bytecap_ (cjMemSize)

VOID APIENTRY	EngFreeMem (PVOID pvBaseAddress)

_Must_inspect_result_	_Ret_opt_bytecount_ (cjMemSize)

VOID APIENTRY	EngFreeUserMem (PVOID pvBaseAddress)

PVOID APIENTRY	HackSecureVirtualMemory (IN PVOID Address, IN SIZE_T Size, IN ULONG ProbeMode, OUT PVOID *SafeAddress)

VOID APIENTRY	HackUnsecureVirtualMemory (IN PVOID SecureHandle)

HANDLE APIENTRY	EngSecureMem (PVOID Address, ULONG Length)

HANDLE APIENTRY	EngSecureMemForRead (PVOID Address, ULONG Length)

VOID APIENTRY	EngUnsecureMem (HANDLE Mem)

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 11 of file mem.c.

Function Documentation

◆ _Ret_opt_bytecap_()

_Must_inspect_result_ _Ret_opt_bytecap_ ( cjMemSize )

Definition at line 19 of file mem.c.

 {
     PVOID pvBaseAddress;
 
     pvBaseAddress = ExAllocatePoolWithTag((fl & FL_NONPAGED_MEMORY) ?
                                                     NonPagedPool : PagedPool,
                                           cjMemSize,
                                           ulTag);
 
     if (pvBaseAddress == NULL)
         return NULL;
 
     if (fl & FL_ZERO_MEMORY)
         RtlZeroMemory(pvBaseAddress, cjMemSize);
 
     return pvBaseAddress;
 }

◆ _Ret_opt_bytecount_()

_Must_inspect_result_ _Ret_opt_bytecount_ ( cjMemSize )

Definition at line 64 of file mem.c.

 {
     PVOID pvBaseAddress = NULL;
     NTSTATUS Status;
 
     Status = ZwAllocateVirtualMemory(NtCurrentProcess(),
                                      &pvBaseAddress,
                                      0,
                                      &cjMemSize,
                                      MEM_COMMIT | MEM_RESERVE,
                                      PAGE_READWRITE);
 
     if (!NT_SUCCESS(Status))
     {
         return NULL;
     }
 
     /* TODO: Add allocation info to AVL tree (stored inside W32PROCESS structure) */
     //hSecure = EngSecureMem(pvBaseAddress, cj);
 
     return pvBaseAddress;
 }

◆ _When_()

_Must_inspect_result_ _When_	(	fl &	FL_ZERO_MEMORY,
		_Ret_opt_bytecount_(cjMemSize)
	)		&

◆ EngFreeMem()

VOID APIENTRY EngFreeMem ( PVOID pvBaseAddress )

Definition at line 50 of file mem.c.

 {
     /* Windows allows to pass NULL */
     if (pvBaseAddress)
     {
         /* Use 0 as tag, which equals a call to ExFreePool */
         ExFreePoolWithTag(pvBaseAddress, 0);
     }
 }

◆ EngFreeUserMem()

VOID APIENTRY EngFreeUserMem ( PVOID pvBaseAddress )

Definition at line 99 of file mem.c.

 {
     SIZE_T cjSize = 0;
 
     ZwFreeVirtualMemory(NtCurrentProcess(),
                         &pvBaseAddress,
                         &cjSize,
                         MEM_RELEASE);
 
   /* TODO: Remove allocation info from AVL tree */
 }

◆ EngSecureMem()

HANDLE APIENTRY EngSecureMem	(	PVOID	Address,
		ULONG	Length
	)

Definition at line 177 of file mem.c.

 {
     {// HACK!!!
         _SEH2_TRY
         {
             ProbeForWrite(Address, Length, 1);
         }
         _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
         {
             _SEH2_YIELD(return NULL);
         }
         _SEH2_END;
         return (HANDLE)-1;
     }
     return MmSecureVirtualMemory(Address, Length, PAGE_READWRITE);
 }

◆ EngSecureMemForRead()

HANDLE APIENTRY EngSecureMemForRead	(	PVOID	Address,
		ULONG	Length
	)

Definition at line 196 of file mem.c.

 {
     {// HACK!!!
         ULONG cPages;
         volatile BYTE *pjProbe;
 
         _SEH2_TRY
         {
             ProbeForRead(Address, Length, 1);
             cPages = ADDRESS_AND_SIZE_TO_SPAN_PAGES(Address, Length);
             pjProbe = ALIGN_DOWN_POINTER_BY(Address, PAGE_SIZE);
             while(cPages--)
             {
                 /* Do a read probe */
                 (void)*pjProbe;
                 pjProbe += PAGE_SIZE;
             }
         }
         _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
         {
             _SEH2_YIELD(return NULL);
         }
         _SEH2_END;
         return (HANDLE)-1;
     }
     return MmSecureVirtualMemory(Address, Length, PAGE_READONLY);
 }

◆ EngUnsecureMem()

VOID APIENTRY EngUnsecureMem ( HANDLE Mem )

Definition at line 228 of file mem.c.

 {
     if (Mem == (HANDLE)-1) return;  // HACK!!!
     MmUnsecureVirtualMemory((PVOID) Mem);
 }

◆ HackSecureVirtualMemory()

PVOID APIENTRY HackSecureVirtualMemory	(	IN PVOID	Address,
		IN SIZE_T	Size,
		IN ULONG	ProbeMode,
		OUT PVOID *	SafeAddress
	)

Definition at line 113 of file mem.c.

 {
     NTSTATUS Status = STATUS_SUCCESS;
     PMDL pmdl;
     LOCK_OPERATION Operation;
 
     if (ProbeMode == PAGE_READONLY) Operation = IoReadAccess;
     else if (ProbeMode == PAGE_READWRITE) Operation = IoModifyAccess;
     else return NULL;
 
     pmdl = IoAllocateMdl(Address, (ULONG)Size, FALSE, TRUE, NULL);
     if (pmdl == NULL)
     {
         return NULL;
     }
 
     _SEH2_TRY
     {
         MmProbeAndLockPages(pmdl, UserMode, Operation);
     }
     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
     {
         Status = _SEH2_GetExceptionCode();
     }
     _SEH2_END
 
     if (!NT_SUCCESS(Status))
     {
         IoFreeMdl(pmdl);
         return NULL;
     }
 
     *SafeAddress = MmGetSystemAddressForMdlSafe(pmdl, NormalPagePriority);
 
     if(!*SafeAddress)
     {
         MmUnlockPages(pmdl);
         IoFreeMdl(pmdl);
         return NULL;
     }
 
     return pmdl;
 }

◆ HackUnsecureVirtualMemory()

VOID APIENTRY HackUnsecureVirtualMemory ( IN PVOID SecureHandle )

Definition at line 163 of file mem.c.

 {
     PMDL pmdl = (PMDL)SecureHandle;
 
     MmUnlockPages(pmdl);
     IoFreeMdl(pmdl);
 }

Macros

Functions