creasect.c File Reference

#include "mi.h"

Go to the source code of this file.

Classes
struct	_PHARLAP_CONFIG
Defines
#define	MM_SIZE_OF_LARGEST_IMAGE   ((ULONG)0x77000000)
#define	MM_MAXIMUM_IMAGE_HEADER   (2 * PAGE_SIZE)
#define	MM_ALLOCATION_FRAGMENT   (64 * 1024)
#define	MM_MAXIMUM_IMAGE_SECTIONS
#define	INIT_IMAGE_INFORMATION(OptHdr)
#define	VALIDATE_NTHEADER(Hdr)
Typedefs
typedef _PHARLAP_CONFIG	CONFIGPHARLAP
typedef _PHARLAP_CONFIG *	PCONFIGPHARLAP
Functions
CCHAR	MiGetImageProtection (IN ULONG SectionCharacteristics)
NTSTATUS	MiVerifyImageHeader (IN PIMAGE_NT_HEADERS NtHeader, IN PIMAGE_DOS_HEADER DosHeader, IN ULONG NtHeaderSize)
BOOLEAN	MiCheckDosCalls (IN PIMAGE_OS2_HEADER Os2Header, IN ULONG HeaderSize)
PCONTROL_AREA	MiFindImageSectionObject (IN PFILE_OBJECT File, IN PBOOLEAN GlobalNeeded)
VOID	MiInsertImageSectionObject (IN PFILE_OBJECT File, IN PCONTROL_AREA ControlArea)
VOID	MiFlushDataSection (IN PFILE_OBJECT File)
NTSTATUS	NtCreateSection (OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
NTSTATUS	MmCreateSection (OUT PVOID *SectionObject, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER InputMaximumSize, IN ULONG SectionPageProtection, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL, IN PFILE_OBJECT FileObject OPTIONAL)
NTSTATUS	MiCreateImageFileMap (IN PFILE_OBJECT File, OUT PSEGMENT *Segment)
NTSTATUS	MiCreateDataFileMap (IN PFILE_OBJECT File, OUT PSEGMENT *Segment, IN PUINT64 MaximumSize, IN ULONG SectionPageProtection, IN ULONG AllocationAttributes, IN ULONG IgnoreFileSizing)
NTSTATUS	MiCreatePagingFileMap (OUT PSEGMENT *Segment, IN PUINT64 MaximumSize, IN ULONG ProtectionMask, IN ULONG AllocationAttributes)
NTSTATUS	NtOpenSection (OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
PFN_NUMBER	MiGetPageForHeader (VOID)
VOID	MiUpdateImageHeaderPage (IN PMMPTE PointerPte, IN PFN_NUMBER PageFrameNumber, IN PCONTROL_AREA ControlArea)
VOID	MiRemoveImageHeaderPage (IN PFN_NUMBER PageFrameNumber)
PCONTROL_AREA	MiFindImageSectionObject (IN PFILE_OBJECT File, OUT PBOOLEAN GlobalNeeded)
VOID	MiRemoveImageSectionObject (IN PFILE_OBJECT File, IN PCONTROL_AREA InputControlArea)
NTSTATUS	MiGetWritablePagesInSection (IN PSECTION Section, OUT PULONG WritablePages)
Variables
ULONG	MMCONTROL = 'aCmM'
ULONG	MMTEMPORARY = 'xxmM'
ULONG	MMSECT = 'tSmM'
POBJECT_TYPE	IoFileObjectType
CCHAR	MmImageProtectionArray [16]

---

Define Documentation

#define INIT_IMAGE_INFORMATION (  OptHdr   )

Value: { \ NewSegment->ImageInformation->TransferAddress = \ (PVOID)((ULONG_PTR)((OptHdr).ImageBase) + \ (OptHdr).AddressOfEntryPoint); \ NewSegment->ImageInformation->MaximumStackSize = \ (OptHdr).SizeOfStackReserve; \ NewSegment->ImageInformation->CommittedStackSize = \ (OptHdr).SizeOfStackCommit; \ NewSegment->ImageInformation->SubSystemType = \ (OptHdr).Subsystem; \ NewSegment->ImageInformation->SubSystemMajorVersion = (USHORT)((OptHdr).MajorSubsystemVersion); \ NewSegment->ImageInformation->SubSystemMinorVersion = (USHORT)((OptHdr).MinorSubsystemVersion); \ NewSegment->ImageInformation->DllCharacteristics = \ (OptHdr).DllCharacteristics; \ NewSegment->ImageInformation->ImageContainsCode = \ (BOOLEAN)(((OptHdr).SizeOfCode != 0) || \ ((OptHdr).AddressOfEntryPoint != 0)); \ } Referenced by MiCreateImageFileMap().

#define MM_ALLOCATION_FRAGMENT   (64 * 1024)

Definition at line 33 of file creasect.c. Referenced by MiCreateDataFileMap().

#define MM_MAXIMUM_IMAGE_HEADER   (2 * PAGE_SIZE)

Definition at line 31 of file creasect.c. Referenced by MiCreateImageFileMap().

#define MM_MAXIMUM_IMAGE_SECTIONS

Value: ((MM_MAXIMUM_IMAGE_HEADER - (PAGE_SIZE + sizeof(IMAGE_NT_HEADERS))) / \ sizeof(IMAGE_SECTION_HEADER)) Definition at line 41 of file creasect.c.

#define MM_SIZE_OF_LARGEST_IMAGE   ((ULONG)0x77000000)

Definition at line 29 of file creasect.c.

#define VALIDATE_NTHEADER (  Hdr   )

Value: { \ /* File alignment must be multiple of 512 and power of 2. */ \ if (((((Hdr)->OptionalHeader).FileAlignment & 511) != 0) && \ (((Hdr)->OptionalHeader).FileAlignment != \ ((Hdr)->OptionalHeader).SectionAlignment)) { \ return STATUS_INVALID_IMAGE_FORMAT; \ } \ \ if (((Hdr)->OptionalHeader).FileAlignment == 0) { \ return STATUS_INVALID_IMAGE_FORMAT; \ } \ \ if (((((Hdr)->OptionalHeader).FileAlignment - 1) & \ ((Hdr)->OptionalHeader).FileAlignment) != 0) { \ return STATUS_INVALID_IMAGE_FORMAT; \ } \ \ if (((Hdr)->OptionalHeader).SectionAlignment < ((Hdr)->OptionalHeader).FileAlignment) { \ return STATUS_INVALID_IMAGE_FORMAT; \ } \ \ if (((Hdr)->OptionalHeader).SizeOfImage > MM_SIZE_OF_LARGEST_IMAGE) { \ return STATUS_INVALID_IMAGE_FORMAT; \ } \ \ if ((Hdr)->FileHeader.NumberOfSections > MM_MAXIMUM_IMAGE_SECTIONS) { \ return STATUS_INVALID_IMAGE_FORMAT; \ } \ } Referenced by MiVerifyImageHeader().

---

Typedef Documentation

typedef struct _PHARLAP_CONFIG CONFIGPHARLAP

typedef struct _PHARLAP_CONFIG * PCONFIGPHARLAP

Referenced by MiVerifyImageHeader().

---

Function Documentation

BOOLEAN MiCheckDosCalls (  IN PIMAGE_OS2_HEADER  Os2Header, IN ULONG  HeaderSize )

Definition at line 3159 of file creasect.c. References EXCEPTION_EXECUTE_HANDLER, FALSE, PAGED_CODE, PUSHORT, TRUE, and USHORT. Referenced by MiVerifyImageHeader(). : Arguments: Return Value: Returns the status value. --*/ { PUCHAR ImportTable; UCHAR EntrySize; USHORT ModuleCount; USHORT ModuleSize; USHORT i; PUSHORT ModuleTable; PAGED_CODE(); // // If there are no modules to check return immediately. // ModuleCount = Os2Header->ne_cmod; if (ModuleCount == 0) { return FALSE; } // // exe headers are notorious for having junk values for offsets // in the import table and module table. We guard against this // via careful checking plus our exception handler. // try { // // Find out where the Module ref table is. Mod table has two byte // for each entry in import table. These two bytes tell the offset // in the import table for that entry. // ModuleTable = (PUSHORT)((PCHAR)Os2Header + (ULONG)Os2Header->ne_modtab); // // Make sure that the module table fits within the passed-in header. // Note that each module table entry is 2 bytes long. // if (((ULONG)Os2Header->ne_modtab + (ModuleCount * 2)) > HeaderSize) { return FALSE; } // // Now search individual entries for DOSCALLs. // for (i = 0; i < ModuleCount; i += 1) { ModuleSize = *((UNALIGNED USHORT *)ModuleTable); // // Import table has count byte followed by the string where count // is the string length. // ImportTable = (PUCHAR)((PCHAR)Os2Header + (ULONG)Os2Header->ne_imptab + (ULONG)ModuleSize); // // Make sure the offset is within the valid range. // if (((ULONG)Os2Header->ne_imptab + (ULONG)ModuleSize) >= HeaderSize) { return FALSE; } EntrySize = *ImportTable++; // // 0 is a bad size, bail out. // if (EntrySize == 0) { return FALSE; } // // Make sure the offset is within the valid range. // The sizeof(UCHAR) is included in the check because ImportTable // was incremented above and is used in the RtlEqualMemory // comparison below. // if (((ULONG)Os2Header->ne_imptab + (ULONG)ModuleSize + (ULONG)EntrySize + sizeof(UCHAR)) > HeaderSize) { return FALSE; } // // If size matches compare DOSCALLS. // if (EntrySize == 8) { if (RtlEqualMemory (ImportTable, "DOSCALLS", 8) ) { return TRUE; } } // // Move on to the next module table entry. Each entry is 2 bytes. // ModuleTable = (PUSHORT)((PCHAR)ModuleTable + 2); } } except (EXCEPTION_EXECUTE_HANDLER) { return FALSE; } return FALSE; }

NTSTATUS MiCreateDataFileMap (  IN PFILE_OBJECT  File, OUT PSEGMENT *  Segment, IN PUINT64  MaximumSize, IN ULONG  SectionPageProtection, IN ULONG  AllocationAttributes, IN ULONG  IgnoreFileSizing )

Definition at line 3553 of file creasect.c. References ASSERT, _SUBSECTION::ControlArea, EX_REAL_POOL_USAGE, ExAllocatePoolWithTag, ExFreePool(), FALSE, File, _CONTROL_AREA::FilePointer, FsRtlGetFileSize(), FsRtlSetFileSize(), Mi4KStartForSubsection, MI_MAXIMUM_SECTION_SIZE, MiFillMemoryPte, MiGetSubsectionAddressForPte, MM4K_MASK, MM4K_SHIFT, MM_ALLOCATION_FRAGMENT, MM_EXECUTE_READWRITE, MM_PROTO_PTE_ALIGNMENT, MMPTE, MMSECT, _SUBSECTION::NextSubsection, NonPagedPool, NT_SUCCESS, NTSTATUS(), NULL, _SUBSECTION::NumberOfFullSectors, _CONTROL_AREA::NumberOfSectionReferences, _CONTROL_AREA::NumberOfSubsections, _CONTROL_AREA::NumberOfUserReferences, PAGE_SHIFT, PAGE_SIZE, PAGED_CODE, PagedPool, _CONTROL_AREA::PagedPoolUsage, PTE_SHIFT, _SUBSECTION::PtesInSubsection, ROUND_TO_PAGES, _CONTROL_AREA::Segment, SEGMENT, Size, Status, SUBSECTION, _SUBSECTION::SubsectionBase, TRUE, _CONTROL_AREA::u, _MMPTE::u, _SUBSECTION::u, _SUBSECTION::UnusedPtes, USHORT, and X64K. Referenced by MmCreateSection(). 03564 : 03565 03566 This function creates the necessary structures to allow the mapping 03567 of a data file. 03568 03569 The data file is accessed to verify desired access, a segment 03570 object is created and initialized. 03571 03572 Arguments: 03573 03574 File - Supplies the file object for the image file. 03575 03576 Segment - Returns the segment object. 03577 03578 FileHandle - Supplies the handle to the image file. 03579 03580 MaximumSize - Supplies the maximum size for the mapping. 03581 03582 SectionPageProtection - Supplies the initial page protection. 03583 03584 AllocationAttributes - Supplies the allocation attributes for the 03585 mapping. 03586 03587 Return Value: 03588 03589 Returns the status value. 03590 03591 TBS 03592 03593 03594 --*/ 03595 03596 { 03597 03598 NTSTATUS Status; 03599 ULONG NumberOfPtes; 03600 ULONG SizeOfSegment; 03601 ULONG j; 03602 ULONG Size; 03603 ULONG PartialSize; 03604 ULONG First; 03605 PCONTROL_AREA ControlArea; 03606 PSEGMENT NewSegment; 03607 PSUBSECTION Subsection; 03608 PSUBSECTION ExtendedSubsection; 03609 PMMPTE PointerPte; 03610 MMPTE TempPte; 03611 ULONG NumberOfPtesWithAlignment; 03612 UINT64 EndOfFile; 03613 UINT64 LastFileChunk; 03614 UINT64 FileOffset; 03615 UINT64 NumberOfPtesForEntireFile; 03616 ULONG ExtendedSubsections; 03617 PSUBSECTION FirstSubsection; 03618 PSUBSECTION Last; 03619 ULONG NumberOfNewSubsections; 03620 03621 PAGED_CODE(); 03622 03623 ExtendedSubsections = 0; 03624 FirstSubsection = NULL; 03625 NumberOfNewSubsections = 0; 03626 03627 // ************************************************************* 03628 // Create mapped file section. 03629 // ************************************************************* 03630 03631 if (!IgnoreFileSizing) { 03632 03633 Status = FsRtlGetFileSize (File, (PLARGE_INTEGER)&EndOfFile); 03634 03635 if (Status == STATUS_FILE_IS_A_DIRECTORY) { 03636 03637 // 03638 // Can't map a directory as a section. Return error. 03639 // 03640 03641 return STATUS_INVALID_FILE_FOR_SECTION; 03642 } 03643 03644 if (!NT_SUCCESS (Status)) { 03645 return Status; 03646 } 03647 03648 if (EndOfFile == 0 && *MaximumSize == 0) { 03649 03650 // 03651 // Can't map a zero length without specifying the maximum 03652 // size as non-zero. 03653 // 03654 03655 return STATUS_MAPPED_FILE_SIZE_ZERO; 03656 } 03657 03658 // 03659 // Make sure this file is big enough for the section. 03660 // 03661 03662 if (*MaximumSize > EndOfFile) { 03663 03664 // 03665 // If the maximum size is greater than the end-of-file, 03666 // and the user did not request page_write or page_execute_readwrite 03667 // to the section, reject the request. 03668 // 03669 03670 if (((SectionPageProtection & PAGE_READWRITE) | 03671 (SectionPageProtection & PAGE_EXECUTE_READWRITE)) == 0) { 03672 03673 return STATUS_SECTION_TOO_BIG; 03674 } 03675 03676 // 03677 // Check to make sure that the allocation size large enough 03678 // to contain all the data, if not set a new allocation size. 03679 // 03680 03681 EndOfFile = *MaximumSize; 03682 03683 Status = FsRtlSetFileSize (File, (PLARGE_INTEGER)&EndOfFile); 03684 03685 if (!NT_SUCCESS (Status)) { 03686 return Status; 03687 } 03688 } 03689 } else { 03690 03691 // 03692 // Ignore the file size, this call is from the cache manager. 03693 // 03694 03695 EndOfFile = *MaximumSize; 03696 } 03697 03698 // 03699 // Calculate the number of prototype PTEs to build for this section. 03700 // 03701 03702 // 03703 // Each subsection is limited to 16TB - 64K because the NumberOfFullSectors 03704 // and various other fields in the subsection are ULONGs. For NT64, the 03705 // allocation could be split into multiple subsections as needed to 03706 // conform to this limit - this is not worth doing for NT32 unless 03707 // sparse prototype PTE allocations are supported. 03708 // 03709 // This must be a multiple of the size of prototype pte allocation so any 03710 // given prototype pte allocation will have the same subsection for all 03711 // PTEs. 03712 // 03713 // The total section size is limited to 16PB - 4K because of the 03714 // StartingSector4132 field in each subsection. 03715 // 03716 03717 NumberOfPtesForEntireFile = (EndOfFile + PAGE_SIZE - 1) >> PAGE_SHIFT; 03718 03719 NumberOfPtes = (ULONG)NumberOfPtesForEntireFile; 03720 03721 if (EndOfFile > MI_MAXIMUM_SECTION_SIZE) { 03722 return STATUS_SECTION_TOO_BIG; 03723 } 03724 03725 if (NumberOfPtesForEntireFile > (UINT64)((MAXULONG_PTR / sizeof(MMPTE)) - sizeof (SEGMENT))) { 03726 return STATUS_SECTION_TOO_BIG; 03727 } 03728 03729 if (NumberOfPtesForEntireFile > EndOfFile) { 03730 return STATUS_SECTION_TOO_BIG; 03731 } 03732 03733 // 03734 // Calculate the number of PTEs to allocate to maintain the 03735 // desired alignment. On x86 and R3000 no additional PTEs are 03736 // needed; on MIPS, the desired alignment is 64k to avoid cache 03737 // problems. 03738 // 03739 03740 NumberOfPtesWithAlignment = (NumberOfPtes + 03741 ((MM_PROTO_PTE_ALIGNMENT >> PAGE_SHIFT) - 1)) & 03742 (~((MM_PROTO_PTE_ALIGNMENT >> PAGE_SHIFT) - 1)); 03743 03744 if (NumberOfPtesWithAlignment < NumberOfPtes) { 03745 return STATUS_SECTION_TOO_BIG; 03746 } 03747 03748 SizeOfSegment = sizeof(SEGMENT) + sizeof(MMPTE) * 03749 (NumberOfPtesWithAlignment - 1); 03750 03751 NewSegment = ExAllocatePoolWithTag (PagedPool, 03752 SizeOfSegment, 03753 MMSECT); 03754 if (NewSegment == NULL) { 03755 03756 // 03757 // The requested pool could not be allocated. 03758 // Try to allocate the memory in smaller sizes. 03759 // 03760 03761 if (SizeOfSegment < MM_ALLOCATION_FRAGMENT) { 03762 return STATUS_INSUFFICIENT_RESOURCES; 03763 } 03764 03765 Size = MM_ALLOCATION_FRAGMENT; 03766 PartialSize = SizeOfSegment; 03767 03768 do { 03769 03770 if (PartialSize < MM_ALLOCATION_FRAGMENT) { 03771 PartialSize = (ULONG) ROUND_TO_PAGES (PartialSize); 03772 Size = PartialSize; 03773 } 03774 03775 NewSegment = ExAllocatePoolWithTag (PagedPool, 03776 Size, 03777 MMSECT); 03778 ExtendedSubsection = ExAllocatePoolWithTag (NonPagedPool, 03779 sizeof(SUBSECTION), 03780 'bSmM'); 03781 03782 if ((NewSegment == NULL) || (ExtendedSubsection == NULL)) { 03783 if (NewSegment) { 03784 ExFreePool (NewSegment); 03785 } 03786 if (ExtendedSubsection) { 03787 ExFreePool (ExtendedSubsection); 03788 } 03789 03790 // 03791 // Free all the previous allocations and return an error. 03792 // 03793 03794 while (FirstSubsection != NULL) { 03795 ExFreePool (FirstSubsection->SubsectionBase); 03796 Last = FirstSubsection->NextSubsection; 03797 ExFreePool (FirstSubsection); 03798 FirstSubsection = Last; 03799 } 03800 return STATUS_INSUFFICIENT_RESOURCES; 03801 } 03802 03803 NumberOfNewSubsections += 1; 03804 RtlZeroMemory (ExtendedSubsection, sizeof(SUBSECTION)); 03805 03806 if (FirstSubsection == NULL) { 03807 FirstSubsection = ExtendedSubsection; 03808 Last = ExtendedSubsection; 03809 NumberOfNewSubsections = 0; 03810 } else { 03811 Last->NextSubsection = ExtendedSubsection; 03812 } 03813 03814 ExtendedSubsection->PtesInSubsection = Size / sizeof(MMPTE); 03815 ExtendedSubsection->SubsectionBase = (PMMPTE)NewSegment; 03816 Last = ExtendedSubsection; 03817 PartialSize -= Size; 03818 } while (PartialSize != 0); 03819 03820 // 03821 // Reset new segment and free the first subsection, as 03822 // the subsection after the control area will become the 03823 // first subsection. 03824 // 03825 03826 NewSegment = (PSEGMENT)FirstSubsection->SubsectionBase; 03827 } 03828 03829 *Segment = NewSegment; 03830 RtlZeroMemory (NewSegment, sizeof(SEGMENT)); 03831 03832 ControlArea = 03833 (PCONTROL_AREA)File->SectionObjectPointer->DataSectionObject; 03834 03835 // 03836 // Control area and first subsection have been zeroed when allocated. 03837 // 03838 03839 ControlArea->Segment = NewSegment; 03840 ControlArea->NumberOfSectionReferences = 1; 03841 03842 if (IgnoreFileSizing == FALSE) { 03843 03844 // 03845 // This reference is not from the cache manager. 03846 // 03847 03848 ControlArea->NumberOfUserReferences = 1; 03849 } 03850 03851 ControlArea->u.Flags.BeingCreated = 1; 03852 ControlArea->u.Flags.File = 1; 03853 03854 if (FILE_REMOTE_DEVICE & File->DeviceObject->Characteristics) { 03855 03856 // 03857 // This file resides on a redirected drive. 03858 // 03859 03860 ControlArea->u.Flags.Networked = 1; 03861 } 03862 03863 if (AllocationAttributes & SEC_NOCACHE) { 03864 ControlArea->u.Flags.NoCache = 1; 03865 } 03866 03867 if (IgnoreFileSizing) { 03868 // Set the was purged flag to indicate that the 03869 // file size was not explicitly set. 03870 // 03871 03872 ControlArea->u.Flags.WasPurged = 1; 03873 } 03874 03875 ControlArea->NumberOfSubsections = (USHORT)(1 + NumberOfNewSubsections); 03876 ControlArea->FilePointer = File; 03877 03878 ASSERT (ControlArea->u.Flags.GlobalOnlyPerSession == 0); 03879 03880 Subsection = (PSUBSECTION)(ControlArea + 1); 03881 03882 if (FirstSubsection) { 03883 03884 Subsection->NextSubsection = FirstSubsection->NextSubsection; 03885 Subsection->PtesInSubsection = FirstSubsection->PtesInSubsection; 03886 ExFreePool (FirstSubsection); 03887 #if DBG 03888 FirstSubsection = NULL; 03889 #endif //DBG 03890 } else { 03891 ASSERT (Subsection->NextSubsection == NULL); 03892 } 03893 03894 First = TRUE; 03895 03896 FileOffset = 0; 03897 03898 do { 03899 03900 // 03901 // Loop through all the subsections and fill in the PTEs. 03902 // 03903 03904 03905 TempPte.u.Long = MiGetSubsectionAddressForPte (Subsection); 03906 TempPte.u.Soft.Prototype = 1; 03907 03908 // 03909 // Set all the PTEs to the execute-read-write protection. 03910 // The section will control access to these and the segment 03911 // must provide a method to allow other users to map the file 03912 // for various protections. 03913 // 03914 03915 TempPte.u.Soft.Protection = MM_EXECUTE_READWRITE; 03916 03917 // 03918 // Align the prototype PTEs on the proper boundary. 03919 // 03920 03921 if (First) { 03922 03923 PointerPte = &NewSegment->ThePtes[0]; 03924 j = (ULONG) (((ULONG_PTR)PointerPte >> PTE_SHIFT) & 03925 ((MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - 1)); 03926 03927 if (j != 0) { 03928 j = (MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - j; 03929 } 03930 03931 NewSegment->PrototypePte = &NewSegment->ThePtes[j]; 03932 NewSegment->ControlArea = ControlArea; 03933 NewSegment->SizeOfSegment = EndOfFile; 03934 NewSegment->TotalNumberOfPtes = NumberOfPtes; 03935 NewSegment->SegmentPteTemplate = TempPte; 03936 PointerPte = NewSegment->PrototypePte; 03937 Subsection->SubsectionBase = PointerPte; 03938 ControlArea->PagedPoolUsage = EX_REAL_POOL_USAGE((sizeof(SEGMENT) + (NumberOfPtes * sizeof(MMPTE)))); 03939 03940 if (Subsection->NextSubsection != NULL) { 03941 03942 // 03943 // Multiple segments and subsections. 03944 // Align first so it is a multiple of 64k sizes. 03945 // 03946 // 03947 03948 NewSegment->NonExtendedPtes = (ULONG) 03949 ((((Subsection->PtesInSubsection * sizeof(MMPTE)) - 03950 ((PCHAR)NewSegment->PrototypePte - (PCHAR)NewSegment)) 03951 / sizeof(MMPTE)) & ~((X64K >> PAGE_SHIFT) - 1)); 03952 } else { 03953 NewSegment->NonExtendedPtes = NumberOfPtesWithAlignment; 03954 } 03955 Subsection->PtesInSubsection = NewSegment->NonExtendedPtes; 03956 03957 First = FALSE; 03958 } else { 03959 PointerPte = (PMMPTE)Subsection->SubsectionBase; 03960 } 03961 03962 Subsection->ControlArea = ControlArea; 03963 03964 Mi4KStartForSubsection(&FileOffset, Subsection); 03965 03966 Subsection->u.SubsectionFlags.Protection = MM_EXECUTE_READWRITE; 03967 03968 if (Subsection->NextSubsection == NULL) { 03969 03970 LastFileChunk = (EndOfFile >> MM4K_SHIFT) - FileOffset; 03971 03972 // 03973 // Note this next line restricts the number of bytes mapped by 03974 // a single subsection to 16TB-4K. multiple subsections can always 03975 // be chained together to support an overall file of size 16K TB. 03976 // 03977 03978 Subsection->NumberOfFullSectors = (ULONG)LastFileChunk; 03979 03980 Subsection->u.SubsectionFlags.SectorEndOffset = 03981 (ULONG) EndOfFile & MM4K_MASK; 03982 03983 j = Subsection->PtesInSubsection; 03984 03985 Subsection->PtesInSubsection = (ULONG)( 03986 NumberOfPtesForEntireFile - 03987 (FileOffset >> (PAGE_SHIFT - MM4K_SHIFT))); 03988 03989 #if DBG 03990 MiSubsectionConsistent(Subsection); 03991 #endif 03992 03993 Subsection->UnusedPtes = j - Subsection->PtesInSubsection; 03994 } else { 03995 03996 Subsection->NumberOfFullSectors = 03997 Subsection->PtesInSubsection << (PAGE_SHIFT - MM4K_SHIFT); 03998 #if DBG 03999 MiSubsectionConsistent(Subsection); 04000 #endif 04001 04002 } 04003 04004 MiFillMemoryPte (PointerPte, 04005 (Subsection->PtesInSubsection + 04006 Subsection->UnusedPtes) * sizeof(MMPTE), 04007 TempPte.u.Long); 04008 04009 FileOffset += Subsection->PtesInSubsection << 04010 (PAGE_SHIFT - MM4K_SHIFT); 04011 Subsection = Subsection->NextSubsection; 04012 } while (Subsection != NULL); 04013 04014 return STATUS_SUCCESS; 04015 }

NTSTATUS MiCreateImageFileMap (  IN PFILE_OBJECT  File, OUT PSEGMENT *  Segment )

Definition at line 1424 of file creasect.c. References ASSERT, BYTE_OFFSET, BYTES_TO_PAGES, CcZeroEndOfLastPage(), CONTROL_AREA, _SUBSECTION::ControlArea, EX_REAL_POOL_USAGE, ExAllocatePoolWithTag, ExFreePool(), FALSE, File, _CONTROL_AREA::FilePointer, FsRtlGetFileSize(), _SEGMENT::ImageInformation, INIT_IMAGE_INFORMATION, IoPageRead(), KeClearEvent, KeInitializeEvent, KernelMode, KeWaitForSingleObject(), LARGE_CONTROL_AREA, _MDL::MappedSystemVa, MDL_MAPPED_TO_SYSTEM_VA, MDL_PAGES_LOCKED, _MDL::MdlFlags, MI_GET_PROTECTION_FROM_SOFT_PTE, MI_ROUND_TO_SIZE, MI_WRITE_INVALID_PTE, MiChargeCommitment(), MiFlushDataSection(), MiGetImageProtection(), MiGetPageForHeader(), MiGetSubsectionAddress, MiGetSubsectionAddressForPte, MiHydra, MiMapImageHeaderInHyperSpace(), MiRemoveImageHeaderPage(), MiReturnCommitment(), MiUnmapImageHeaderInHyperSpace(), MiUpdateImageHeaderPage(), MiVerifyImageHeader(), MM_COPY_ON_WRITE_MASK, MM_DBG_COMMIT_IMAGE, MM_DBG_COMMIT_RETURN_IMAGE_NO_LARGE_CA, MM_EXECUTE_WRITECOPY, MM_MAXIMUM_IMAGE_HEADER, MM_PROTECTION_WRITE_MASK, MM_PROTO_PTE_ALIGNMENT, MM_READONLY, MM_TRACK_COMMIT, MmBuildMdlForNonPagedPool(), MMCONTROL, MmCreateMdl(), MMPTE, MMSECT, MmSectionCommitMutex, MMSECTOR_MASK, MMSECTOR_SHIFT, MmSharedCommit, MmSizeOfMdl(), MMTEMPORARY, MmUnmapLockedPages(), _SUBSECTION::NextSubsection, NonPagedPool, _CONTROL_AREA::NonPagedPoolUsage, _LARGE_CONTROL_AREA::NonPagedPoolUsage, NT_SUCCESS, NTSTATUS(), NULL, _SUBSECTION::NumberOfFullSectors, _CONTROL_AREA::NumberOfSectionReferences, _CONTROL_AREA::NumberOfSubsections, _CONTROL_AREA::NumberOfUserReferences, PAGE_ALIGN, PAGE_SHIFT, PAGE_SIZE, PAGED_CODE, PagedPool, _CONTROL_AREA::PagedPoolUsage, PLARGE_CONTROL_AREA, _SEGMENT::PrototypePte, PTE_SHIFT, _SUBSECTION::PtesInSubsection, SectorOffset, SEGMENT, _CONTROL_AREA::Segment, _LARGE_CONTROL_AREA::SessionId, _SUBSECTION::StartingSector, Status, SUBSECTION, _SUBSECTION::SubsectionBase, _SEGMENT::TotalNumberOfPtes, TRUE, _CONTROL_AREA::u, _MMPTE::u, _SUBSECTION::u, _LARGE_CONTROL_AREA::u, _SUBSECTION::UnusedPtes, _LARGE_CONTROL_AREA::UserGlobalList, USHORT, WrPageIn, X64K, ZERO_LARGE, and ZeroPte. Referenced by MmCreateSection(). : This function creates the necessary structures to allow the mapping of an image file. The image file is opened and verified for correctness, a segment object is created and initialized based on data in the image header. Arguments: File - Supplies the file object for the image file. Segment - Returns the segment object. Return Value: Returns the status value. TBS --*/ { NTSTATUS Status; ULONG_PTR EndingAddress; ULONG NumberOfPtes; ULONG SizeOfSegment; ULONG SectionVirtualSize; ULONG i; ULONG j; PCONTROL_AREA ControlArea; PSUBSECTION Subsection; PMMPTE PointerPte; MMPTE TempPte; MMPTE TempPteDemandZero; PVOID Base; PIMAGE_DOS_HEADER DosHeader; PIMAGE_NT_HEADERS NtHeader; PIMAGE_FILE_HEADER FileHeader; ULONG SizeOfImage; ULONG SizeOfHeaders; #if defined(_WIN64) PIMAGE_NT_HEADERS32 NtHeader32; #endif PIMAGE_SECTION_HEADER SectionTableEntry; PSEGMENT NewSegment; ULONG SectorOffset; ULONG NumberOfSubsections; PFN_NUMBER PageFrameNumber; LARGE_INTEGER StartingOffset; PCHAR ExtendedHeader; PPFN_NUMBER Page; ULONG_PTR PreferredImageBase; ULONG_PTR NextVa; PKEVENT InPageEvent; PMDL Mdl; ULONG ImageFileSize; ULONG OffsetToSectionTable; ULONG ImageAlignment; ULONG RoundingAlignment; ULONG FileAlignment; BOOLEAN ImageCommit; BOOLEAN SectionCommit; IO_STATUS_BLOCK IoStatus; LARGE_INTEGER EndOfFile; ULONG NtHeaderSize; ULONG SubsectionsAllocated; PLARGE_CONTROL_AREA LargeControlArea; PSUBSECTION NewSubsection; ULONG OriginalProtection; ULONG LoaderFlags; #if defined (_ALPHA_) || defined(_IA64_) //[barrybo] bugbug: The image alignment code should be switched back // out on IA64 when EMNT supports 4k pages for WOW64. BOOLEAN InvalidAlignmentAllowed = FALSE; ULONG TempNumberOfSubsections; PIMAGE_SECTION_HEADER TempSectionTableEntry; ULONG AdditionalSubsections; ULONG AdditionalPtes; ULONG AdditionalBasePtes; ULONG NewSubsectionsAllocated; PSEGMENT OldSegment; PMMPTE NewPointerPte; PMMPTE OldPointerPte; ULONG OrigNumberOfPtes; PCONTROL_AREA NewControlArea; #endif ExtendedHeader = NULL; // ************************************************************* // Create image file section. // ************************************************************* PAGED_CODE(); Status = FsRtlGetFileSize (File, &EndOfFile); if (Status == STATUS_FILE_IS_A_DIRECTORY) { // // Can't map a directory as a section. Return error. // return STATUS_INVALID_FILE_FOR_SECTION; } if (!NT_SUCCESS (Status)) { return Status; } if (EndOfFile.HighPart != 0) { // // File too big. Return error. // return STATUS_INVALID_FILE_FOR_SECTION; } // // Create a segment which maps an image file. // For now map a COFF image file with the subsections // containing the based address of the file. // // // Read in the file header. // InPageEvent = ExAllocatePoolWithTag (NonPagedPool, sizeof(KEVENT) + MmSizeOfMdl ( NULL, MM_MAXIMUM_IMAGE_HEADER), MMTEMPORARY); if (InPageEvent == NULL) { return STATUS_INSUFFICIENT_RESOURCES; } Mdl = (PMDL)(InPageEvent + 1); // // Create an event for the read operation. // KeInitializeEvent (InPageEvent, NotificationEvent, FALSE); // // Build an MDL for the operation. // MmCreateMdl( Mdl, NULL, PAGE_SIZE); Mdl->MdlFlags |= MDL_PAGES_LOCKED; PageFrameNumber = MiGetPageForHeader(); Page = (PPFN_NUMBER)(Mdl + 1); *Page = PageFrameNumber; ZERO_LARGE (StartingOffset); CcZeroEndOfLastPage (File); // // Flush the data section if there is one. // MiFlushDataSection (File); Mdl->MdlFlags |= MDL_PAGES_LOCKED; Status = IoPageRead (File, Mdl, &StartingOffset, InPageEvent, &IoStatus ); if (Status == STATUS_PENDING) { KeWaitForSingleObject( InPageEvent, WrPageIn, KernelMode, FALSE, (PLARGE_INTEGER)NULL); } if (Mdl->MdlFlags & MDL_MAPPED_TO_SYSTEM_VA) { MmUnmapLockedPages (Mdl->MappedSystemVa, Mdl); } if ((!NT_SUCCESS(Status)) || (!NT_SUCCESS(IoStatus.Status))) { if (Status != STATUS_FILE_LOCK_CONFLICT) { Status = STATUS_INVALID_FILE_FOR_SECTION; } goto BadSection; } Base = MiMapImageHeaderInHyperSpace (PageFrameNumber); DosHeader = (PIMAGE_DOS_HEADER)Base; if (IoStatus.Information != PAGE_SIZE) { // // A full page was not read from the file, zero any remaining // bytes. // RtlZeroMemory ((PVOID)((PCHAR)Base + IoStatus.Information), PAGE_SIZE - IoStatus.Information); } // // Check to determine if this is an NT image (PE format) or // a DOS image, Win-16 image, or OS/2 image. If the image is // not NT format, return an error indicating which image it // appears to be. // if (DosHeader->e_magic != IMAGE_DOS_SIGNATURE) { Status = STATUS_INVALID_IMAGE_NOT_MZ; goto NeImage; } #ifndef i386 if (((ULONG)DosHeader->e_lfanew & 3) != 0) { // // The image header is not aligned on a longword boundary. // Report this as an invalid protect mode image. // Status = STATUS_INVALID_IMAGE_PROTECT; goto NeImage; } #endif if ((ULONG)DosHeader->e_lfanew > EndOfFile.LowPart) { Status = STATUS_INVALID_IMAGE_PROTECT; goto NeImage; } if (((ULONG)DosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS) + (16 * sizeof(IMAGE_SECTION_HEADER))) <= (ULONG)DosHeader->e_lfanew) { Status = STATUS_INVALID_IMAGE_PROTECT; goto NeImage; } if (((ULONG)DosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS) + (16 * sizeof(IMAGE_SECTION_HEADER))) > PAGE_SIZE) { // // The PE header is not within the page already read or the // objects are in another page. // Build another MDL and read an additional 8k. // ExtendedHeader = ExAllocatePoolWithTag (NonPagedPool, MM_MAXIMUM_IMAGE_HEADER, MMTEMPORARY); if (ExtendedHeader == NULL) { Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } // // Build an MDL for the operation. // MmCreateMdl( Mdl, ExtendedHeader, MM_MAXIMUM_IMAGE_HEADER); MmBuildMdlForNonPagedPool (Mdl); StartingOffset.LowPart = PtrToUlong(PAGE_ALIGN ((ULONG)DosHeader->e_lfanew)); KeClearEvent (InPageEvent); Status = IoPageRead (File, Mdl, &StartingOffset, InPageEvent, &IoStatus ); if (Status == STATUS_PENDING) { KeWaitForSingleObject( InPageEvent, WrPageIn, KernelMode, FALSE, (PLARGE_INTEGER)NULL); } if (Mdl->MdlFlags & MDL_MAPPED_TO_SYSTEM_VA) { MmUnmapLockedPages (Mdl->MappedSystemVa, Mdl); } if ((!NT_SUCCESS(Status)) || (!NT_SUCCESS(IoStatus.Status))) { if (Status != STATUS_FILE_LOCK_CONFLICT) { Status = STATUS_INVALID_FILE_FOR_SECTION; } goto NeImage; } NtHeader = (PIMAGE_NT_HEADERS)((PCHAR)ExtendedHeader + BYTE_OFFSET((ULONG)DosHeader->e_lfanew)); NtHeaderSize = MM_MAXIMUM_IMAGE_HEADER - (ULONG)(BYTE_OFFSET((ULONG)DosHeader->e_lfanew)); } else { NtHeader = (PIMAGE_NT_HEADERS)((PCHAR)DosHeader + (ULONG)DosHeader->e_lfanew); NtHeaderSize = PAGE_SIZE - (ULONG)DosHeader->e_lfanew; } FileHeader = &NtHeader->FileHeader; // // Check to see if this is an NT image or a DOS or OS/2 image. // Status = MiVerifyImageHeader (NtHeader, DosHeader, NtHeaderSize); if (Status != STATUS_SUCCESS) { goto NeImage; } #if defined(_WIN64) if (NtHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // // The image is 32-bit. All code below this point must check // if NtHeader is NULL. If it is, then the image is PE32 and // NtHeader32 must be used. // NtHeader32 = (PIMAGE_NT_HEADERS32)NtHeader; NtHeader = NULL; } else { NtHeader32 = NULL; } if (NtHeader) { #endif ImageAlignment = NtHeader->OptionalHeader.SectionAlignment; FileAlignment = NtHeader->OptionalHeader.FileAlignment - 1; SizeOfImage = NtHeader->OptionalHeader.SizeOfImage; LoaderFlags = NtHeader->OptionalHeader.LoaderFlags; #if defined (_WIN64) } else { ImageAlignment = NtHeader32->OptionalHeader.SectionAlignment; FileAlignment = NtHeader32->OptionalHeader.FileAlignment - 1; SizeOfImage = NtHeader32->OptionalHeader.SizeOfImage; LoaderFlags = NtHeader32->OptionalHeader.LoaderFlags; } #endif RoundingAlignment = ImageAlignment; NumberOfSubsections = FileHeader->NumberOfSections; if (ImageAlignment < PAGE_SIZE) { // // The image alignment is less than the page size, // map the image with a single subsection. // ControlArea = ExAllocatePoolWithTag (NonPagedPool, (ULONG)(sizeof(CONTROL_AREA) + (sizeof(SUBSECTION))), MMCONTROL); SubsectionsAllocated = 1; } else { // // Allocate a control area and a subsection for each section // header plus one for the image header which has no section. // ControlArea = ExAllocatePoolWithTag(NonPagedPool, (ULONG)(sizeof(CONTROL_AREA) + (sizeof(SUBSECTION) * (NumberOfSubsections + 1))), 'iCmM'); SubsectionsAllocated = NumberOfSubsections + 1; } if (ControlArea == NULL) { // // The requested pool could not be allocated. // Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } // // Zero the control area and the FIRST subsection. // RtlZeroMemory (ControlArea, sizeof(CONTROL_AREA) + sizeof(SUBSECTION)); ControlArea->NonPagedPoolUsage = EX_REAL_POOL_USAGE(sizeof(CONTROL_AREA) + sizeof(SUBSECTION) * SubsectionsAllocated); ASSERT (ControlArea->u.Flags.GlobalOnlyPerSession == 0); Subsection = (PSUBSECTION)(ControlArea + 1); NumberOfPtes = BYTES_TO_PAGES (SizeOfImage); if (NumberOfPtes == 0) { ExFreePool (ControlArea); Status = STATUS_INVALID_IMAGE_FORMAT; goto NeImage; } #if defined (_ALPHA_) || defined(_IA64_) if (ImageAlignment < PAGE_SIZE && KeGetPreviousMode() != KernelMode && (FileHeader->Machine < USER_SHARED_DATA->ImageNumberLow || FileHeader->Machine > USER_SHARED_DATA->ImageNumberHigh)) { InvalidAlignmentAllowed = TRUE; } OrigNumberOfPtes = NumberOfPtes; #endif SizeOfSegment = sizeof(SEGMENT) + (sizeof(MMPTE) * (NumberOfPtes - 1)) + sizeof(SECTION_IMAGE_INFORMATION); NewSegment = ExAllocatePoolWithTag (PagedPool, SizeOfSegment, MMSECT); if (NewSegment == NULL) { // // The requested pool could not be allocated. // ExFreePool (ControlArea); Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } *Segment = NewSegment; RtlZeroMemory (NewSegment, sizeof(SEGMENT)); // // Align the prototype PTEs on the proper boundary. // PointerPte = &NewSegment->ThePtes[0]; i = (ULONG) (((ULONG_PTR)PointerPte >> PTE_SHIFT) & ((MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - 1)); if (i != 0) { i = (MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - i; } NewSegment->PrototypePte = &NewSegment->ThePtes[i]; NewSegment->ControlArea = ControlArea; NewSegment->ImageInformation = (PSECTION_IMAGE_INFORMATION)((PCHAR)NewSegment + sizeof(SEGMENT) + (sizeof(MMPTE) * (NumberOfPtes - 1))); NewSegment->TotalNumberOfPtes = NumberOfPtes; NewSegment->NonExtendedPtes = NumberOfPtes; NewSegment->SizeOfSegment = (ULONG_PTR)NumberOfPtes * PAGE_SIZE; RtlZeroMemory (NewSegment->ImageInformation, sizeof (SECTION_IMAGE_INFORMATION)); // // This code is built twice on the Win64 build - once for PE32+ and once for // PE32 images. // #define INIT_IMAGE_INFORMATION(OptHdr) { \ NewSegment->ImageInformation->TransferAddress = \ (PVOID)((ULONG_PTR)((OptHdr).ImageBase) + \ (OptHdr).AddressOfEntryPoint); \ NewSegment->ImageInformation->MaximumStackSize = \ (OptHdr).SizeOfStackReserve; \ NewSegment->ImageInformation->CommittedStackSize = \ (OptHdr).SizeOfStackCommit; \ NewSegment->ImageInformation->SubSystemType = \ (OptHdr).Subsystem; \ NewSegment->ImageInformation->SubSystemMajorVersion = (USHORT)((OptHdr).MajorSubsystemVersion); \ NewSegment->ImageInformation->SubSystemMinorVersion = (USHORT)((OptHdr).MinorSubsystemVersion); \ NewSegment->ImageInformation->DllCharacteristics = \ (OptHdr).DllCharacteristics; \ NewSegment->ImageInformation->ImageContainsCode = \ (BOOLEAN)(((OptHdr).SizeOfCode != 0) || \ ((OptHdr).AddressOfEntryPoint != 0)); \ } #if defined (_WIN64) if (NtHeader) { #endif INIT_IMAGE_INFORMATION(NtHeader->OptionalHeader); #if defined (_WIN64) } else { // The image is 32-bit so use the 32-bit header INIT_IMAGE_INFORMATION(NtHeader32->OptionalHeader); } #endif #undef INIT_IMAGE_INFORMATION NewSegment->ImageInformation->ImageCharacteristics = FileHeader->Characteristics; NewSegment->ImageInformation->Machine = FileHeader->Machine; ControlArea->Segment = NewSegment; ControlArea->NumberOfSectionReferences = 1; ControlArea->NumberOfUserReferences = 1; ControlArea->u.Flags.BeingCreated = 1; ControlArea->PagedPoolUsage = EX_REAL_POOL_USAGE((sizeof(SEGMENT) + (NumberOfPtes * sizeof(MMPTE)))); if (ImageAlignment < PAGE_SIZE) { // // Image alignment is less than a page, the number // of subsections is 1. // ControlArea->NumberOfSubsections = 1; } else { ControlArea->NumberOfSubsections = (USHORT)NumberOfSubsections; } ControlArea->u.Flags.Image = 1; ControlArea->u.Flags.File = 1; if ((FILE_FLOPPY_DISKETTE & File->DeviceObject->Characteristics) || ((FileHeader->Characteristics & IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP) && (FILE_REMOVABLE_MEDIA & File->DeviceObject->Characteristics)) || ((FileHeader->Characteristics & IMAGE_FILE_NET_RUN_FROM_SWAP) && (FILE_REMOTE_DEVICE & File->DeviceObject->Characteristics))) { // // This file resides on a floppy disk or a removable media or // network with flags set indicating it should be copied // to the paging file. // ControlArea->u.Flags.FloppyMedia = 1; } if (FILE_REMOTE_DEVICE & File->DeviceObject->Characteristics) { // // This file resides on a redirected drive. // ControlArea->u.Flags.Networked = 1; } ControlArea->FilePointer = File; // // Build the subsection and prototype PTEs for the image header. // Subsection->ControlArea = ControlArea; #if defined(_WIN64) if (NtHeader) { #endif NextVa = NtHeader->OptionalHeader.ImageBase; #if defined(_WIN64) } else { NextVa = NtHeader32->OptionalHeader.ImageBase; } #endif if ((NextVa & (X64K - 1)) != 0) { // // Image header is not aligned on a 64k boundary. // goto BadPeImageSegment; } NewSegment->BasedAddress = (PVOID)NextVa; #if defined(_WIN64) if (NtHeader) { #endif SizeOfHeaders = NtHeader->OptionalHeader.SizeOfHeaders; #if defined(_WIN64) } else { SizeOfHeaders = NtHeader32->OptionalHeader.SizeOfHeaders; } #endif if (SizeOfHeaders >= SizeOfImage) { goto BadPeImageSegment; } Subsection->PtesInSubsection = MI_ROUND_TO_SIZE ( SizeOfHeaders, ImageAlignment ) >> PAGE_SHIFT; PointerPte = NewSegment->PrototypePte; Subsection->SubsectionBase = PointerPte; TempPte.u.Long = MiGetSubsectionAddressForPte (Subsection); TempPte.u.Soft.Prototype = 1; NewSegment->SegmentPteTemplate = TempPte; SectorOffset = 0; if (ImageAlignment < PAGE_SIZE) { // // Aligned on less than a page size boundary. // Build a single subsection to refer to the image. // PointerPte = NewSegment->PrototypePte; Subsection->PtesInSubsection = NumberOfPtes; Subsection->NumberOfFullSectors = (ULONG)(EndOfFile.QuadPart >> MMSECTOR_SHIFT); ASSERT ((ULONG)(EndOfFile.HighPart & 0xFFFFF000) == 0); Subsection->u.SubsectionFlags.SectorEndOffset = EndOfFile.LowPart & MMSECTOR_MASK; Subsection->u.SubsectionFlags.Protection = MM_EXECUTE_WRITECOPY; // // Set all the PTEs to the execute-read-write protection. // The section will control access to these and the segment // must provide a method to allow other users to map the file // for various protections. // TempPte.u.Soft.Protection = MM_EXECUTE_WRITECOPY; NewSegment->SegmentPteTemplate = TempPte; #if defined (_ALPHA_) || defined(_IA64_) // // Invalid image alignments are supported for cross platform // emulation. Only alpha and IA64 require extra handling because page // size is larger than x86. // if (InvalidAlignmentAllowed) { TempPteDemandZero.u.Long = 0; TempPteDemandZero.u.Soft.Protection = MM_EXECUTE_WRITECOPY; SectorOffset = 0; for (i = 0; i < NumberOfPtes; i += 1) { // // Set prototype PTEs. // if (SectorOffset < EndOfFile.LowPart) { // // Data resides on the disk, refer to the control section. // MI_WRITE_INVALID_PTE (PointerPte, TempPte); } else { // // Data does not reside on the disk, use Demand zero pages. // MI_WRITE_INVALID_PTE (PointerPte, TempPteDemandZero); } SectorOffset += PAGE_SIZE; PointerPte += 1; } } else #endif { for (i = 0; i < NumberOfPtes; i += 1) { // // Set all the prototype PTEs to refer to the control section. // MI_WRITE_INVALID_PTE (PointerPte, TempPte); PointerPte += 1; } } NewSegment->ImageCommitment = NumberOfPtes; // // Indicate alignment is less than a page. // TempPte.u.Long = 0; } else { // // Alignment is PAGE_SIZE or greater. // if (Subsection->PtesInSubsection > NumberOfPtes) { // // Inconsistent image, size does not agree with header. // goto BadPeImageSegment; } NumberOfPtes -= Subsection->PtesInSubsection; Subsection->NumberOfFullSectors = SizeOfHeaders >> MMSECTOR_SHIFT; Subsection->u.SubsectionFlags.SectorEndOffset = SizeOfHeaders & MMSECTOR_MASK; Subsection->u.SubsectionFlags.ReadOnly = 1; Subsection->u.SubsectionFlags.CopyOnWrite = 1; Subsection->u.SubsectionFlags.Protection = MM_READONLY; TempPte.u.Soft.Protection = MM_READONLY; NewSegment->SegmentPteTemplate = TempPte; for (i = 0; i < Subsection->PtesInSubsection; i += 1) { // // Set all the prototype PTEs to refer to the control section. // if (SectorOffset < SizeOfHeaders) { MI_WRITE_INVALID_PTE (PointerPte, TempPte); } else { MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); } SectorOffset += PAGE_SIZE; PointerPte += 1; NextVa += PAGE_SIZE; } } // // Build the next subsections. // #if defined(_WIN64) if (NtHeader) { #endif PreferredImageBase = NtHeader->OptionalHeader.ImageBase; #if defined(_WIN64) } else { PreferredImageBase = NtHeader32->OptionalHeader.ImageBase; } #endif // // At this point the object table is read in (if it was not // already read in) and may displace the image header. // SectionTableEntry = NULL; OffsetToSectionTable = sizeof(ULONG) + sizeof(IMAGE_FILE_HEADER) + FileHeader->SizeOfOptionalHeader; if ((BYTE_OFFSET(NtHeader) + OffsetToSectionTable + #if defined (_WIN64) BYTE_OFFSET(NtHeader32) + #endif ((NumberOfSubsections + 1) * sizeof (IMAGE_SECTION_HEADER))) <= PAGE_SIZE) { // // Section tables are within the header which was read. // #if defined(_WIN64) if (NtHeader32) { SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeader32 + OffsetToSectionTable); } else #endif { SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeader + OffsetToSectionTable); } } else { // // Has an extended header been read in and are the object // tables resident? // if (ExtendedHeader != NULL) { #if defined(_WIN64) if (NtHeader32) { SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeader32 + OffsetToSectionTable); } else #endif { SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeader + OffsetToSectionTable); } // // Is the whole range of object tables mapped by the // extended header? // if ((((PCHAR)SectionTableEntry + ((NumberOfSubsections + 1) * sizeof (IMAGE_SECTION_HEADER))) - (PCHAR)ExtendedHeader) > MM_MAXIMUM_IMAGE_HEADER) { SectionTableEntry = NULL; } } } if (SectionTableEntry == NULL) { // // The section table entries are not in the same // pages as the other data already read in. Read in // the object table entries. // if (ExtendedHeader == NULL) { ExtendedHeader = ExAllocatePoolWithTag (NonPagedPool, MM_MAXIMUM_IMAGE_HEADER, MMTEMPORARY); if (ExtendedHeader == NULL) { ExFreePool (NewSegment); ExFreePool (ControlArea); Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } // // Build an MDL for the operation. // MmCreateMdl( Mdl, ExtendedHeader, MM_MAXIMUM_IMAGE_HEADER); MmBuildMdlForNonPagedPool (Mdl); } StartingOffset.LowPart = PtrToUlong(PAGE_ALIGN ( (ULONG)DosHeader->e_lfanew + OffsetToSectionTable)); SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)ExtendedHeader + BYTE_OFFSET((ULONG)DosHeader->e_lfanew + OffsetToSectionTable)); KeClearEvent (InPageEvent); Status = IoPageRead (File, Mdl, &StartingOffset, InPageEvent, &IoStatus ); if (Status == STATUS_PENDING) { KeWaitForSingleObject( InPageEvent, WrPageIn, KernelMode, FALSE, (PLARGE_INTEGER)NULL); } if (Mdl->MdlFlags & MDL_MAPPED_TO_SYSTEM_VA) { MmUnmapLockedPages (Mdl->MappedSystemVa, Mdl); } if ((!NT_SUCCESS(Status)) || (!NT_SUCCESS(IoStatus.Status))) { if (Status != STATUS_FILE_LOCK_CONFLICT) { Status = STATUS_INVALID_FILE_FOR_SECTION; } ExFreePool (NewSegment); ExFreePool (ControlArea); goto NeImage; } // // From this point on NtHeader is only valid if it // was in the first 4k of the image, otherwise reading in // the object tables wiped it out. // } if (TempPte.u.Long == 0 #if defined (_ALPHA_) || defined(_IA64_) && (!InvalidAlignmentAllowed) #endif ) { // The image header is no longer valid, TempPte is // used to indicate that this image alignment is // less than a PAGE_SIZE. // // Loop through all sections and make sure there is no // uninitialized data. // Status = STATUS_SUCCESS; while (NumberOfSubsections > 0) { if (SectionTableEntry->Misc.VirtualSize == 0) { SectionVirtualSize = SectionTableEntry->SizeOfRawData; } else { SectionVirtualSize = SectionTableEntry->Misc.VirtualSize; } // // If the raw pointer + raw size overflows a long word, return an error. // if (SectionTableEntry->PointerToRawData + SectionTableEntry->SizeOfRawData < SectionTableEntry->PointerToRawData) { KdPrint(("MMCREASECT: invalid section/file size %Z\n", &File->FileName)); Status = STATUS_INVALID_IMAGE_FORMAT; break; } // // If the virtual size and address does not match the rawdata // and invalid alignments not allowed return an error. // if (((SectionTableEntry->PointerToRawData != SectionTableEntry->VirtualAddress)) || (SectionVirtualSize > SectionTableEntry->SizeOfRawData)) { KdPrint(("MMCREASECT: invalid BSS/Trailingzero %Z\n", &File->FileName)); Status = STATUS_INVALID_IMAGE_FORMAT; break; } SectionTableEntry += 1; NumberOfSubsections -= 1; } if (!NT_SUCCESS(Status)) { ExFreePool (NewSegment); ExFreePool (ControlArea); goto NeImage; } goto PeReturnSuccess; } #if defined (_ALPHA_) || defined(_IA64_) else if (TempPte.u.Long == 0 && InvalidAlignmentAllowed) { TempNumberOfSubsections = NumberOfSubsections; TempSectionTableEntry = SectionTableEntry; // // The image header is no longer valid, TempPte is // used to indicate that this image alignment is // less than a PAGE_SIZE. // // // Loop through all sections and make sure there is no // uninitialized data. // // Also determine if there are shared data sections and // the number of extra ptes they require. // AdditionalSubsections = 0; AdditionalPtes = 0; AdditionalBasePtes = 0; RoundingAlignment = PAGE_SIZE; while (TempNumberOfSubsections > 0) { ULONG EndOfSection; ULONG ExtraPages; if (TempSectionTableEntry->Misc.VirtualSize == 0) { SectionVirtualSize = TempSectionTableEntry->SizeOfRawData; } else { SectionVirtualSize = TempSectionTableEntry->Misc.VirtualSize; } EndOfSection = TempSectionTableEntry->PointerToRawData + TempSectionTableEntry->SizeOfRawData; // // If the raw pointer + raw size overflows a long word, return an error. // if (EndOfSection < TempSectionTableEntry->PointerToRawData) { KdPrint(("MMCREASECT: invalid section/file size %Z\n", &File->FileName)); Status = STATUS_INVALID_IMAGE_FORMAT; ExFreePool (NewSegment); ExFreePool (ControlArea); goto NeImage; } // // If the section goes past SizeOfImage then allocate additional PTEs. // On x86 this is handled by the subsection mapping. On alpha this is handled // by the Wx86 loader extension after the image has been mapped in. But the // additional data must be in memory so it can be shuffled around later. // if ((EndOfSection <= EndOfFile.LowPart) && (EndOfSection > SizeOfImage)) { // // Allocate enough PTEs to cover the end of this section. // Maximize with any other sections that extend beyond SizeOfImage // ExtraPages = MI_ROUND_TO_SIZE (EndOfSection - SizeOfImage, RoundingAlignment) >> PAGE_SHIFT; if (ExtraPages > AdditionalBasePtes) { AdditionalBasePtes = ExtraPages; } } // Count number of shared data sections and additional ptes needed if ((TempSectionTableEntry->Characteristics & IMAGE_SCN_MEM_SHARED) && (!(TempSectionTableEntry->Characteristics & IMAGE_SCN_MEM_EXECUTE) || (TempSectionTableEntry->Characteristics & IMAGE_SCN_MEM_WRITE))) { AdditionalPtes += MI_ROUND_TO_SIZE (SectionVirtualSize, RoundingAlignment) >> PAGE_SHIFT; AdditionalSubsections += 1; } TempSectionTableEntry += 1; TempNumberOfSubsections -= 1; } if (AdditionalBasePtes == 0 && (AdditionalSubsections == 0 || AdditionalPtes == 0)) { // no shared data sections goto PeReturnSuccess; } // // There are additional Base PTEs or shared data sections. // For shared sections, allocate new PTEs for these sections // at the end of the image. The WX86 loader will change // fixups to point to the new pages. // // First reallocate the control area. // NewSubsectionsAllocated = SubsectionsAllocated + AdditionalSubsections; NewControlArea = ExAllocatePoolWithTag(NonPagedPool, (ULONG) (sizeof(CONTROL_AREA) + (sizeof(SUBSECTION) * NewSubsectionsAllocated)), 'iCmM'); if (NewControlArea == NULL) { ExFreePool (NewSegment); ExFreePool (ControlArea); Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } // // Copy the old control area to the new one, modify some fields. // RtlMoveMemory (NewControlArea, ControlArea, sizeof(CONTROL_AREA) + sizeof(SUBSECTION) * SubsectionsAllocated); NewControlArea->NonPagedPoolUsage = EX_REAL_POOL_USAGE(sizeof(CONTROL_AREA) + (sizeof(SUBSECTION) * NewSubsectionsAllocated)); NewControlArea->NumberOfSubsections = (USHORT) NewSubsectionsAllocated; // // Now allocate a new segment that has the newly calculated number // of PTEs, initialize it from the previously allocated new segment, // and overwrite the fields that should be changed. // OldSegment = NewSegment; OrigNumberOfPtes += AdditionalBasePtes; SizeOfSegment = sizeof(SEGMENT) + (sizeof(MMPTE) * (OrigNumberOfPtes + AdditionalPtes - 1)) + sizeof(SECTION_IMAGE_INFORMATION); NewSegment = ExAllocatePoolWithTag (PagedPool, SizeOfSegment, MMSECT); if (NewSegment == NULL) { // // The requested pool could not be allocated. // ExFreePool (ControlArea); ExFreePool (NewControlArea); ExFreePool (OldSegment); Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } *Segment = NewSegment; RtlMoveMemory (NewSegment, OldSegment, sizeof(SEGMENT)); // // Align the prototype PTEs on the proper boundary. // NewPointerPte = &NewSegment->ThePtes[0]; i = (ULONG) (((ULONG_PTR)NewPointerPte >> PTE_SHIFT) & ((MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - 1)); if (i != 0) { i = (MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - i; } NewSegment->PrototypePte = &NewSegment->ThePtes[i]; if (i != 0) { RtlZeroMemory (&NewSegment->ThePtes[0], sizeof(MMPTE) * i); } PointerPte = NewSegment->PrototypePte + (PointerPte - OldSegment->PrototypePte); NewSegment->ControlArea = NewControlArea; NewSegment->ImageInformation = (PSECTION_IMAGE_INFORMATION)((PCHAR)NewSegment + sizeof(SEGMENT) + (sizeof(MMPTE) * (OrigNumberOfPtes + AdditionalPtes - 1))); NewSegment->TotalNumberOfPtes = OrigNumberOfPtes + AdditionalPtes; NewSegment->NonExtendedPtes = OrigNumberOfPtes + AdditionalPtes; NewSegment->SizeOfSegment = (ULONG_PTR)(OrigNumberOfPtes + AdditionalPtes) * PAGE_SIZE; RtlMoveMemory (NewSegment->ImageInformation, OldSegment->ImageInformation, sizeof (SECTION_IMAGE_INFORMATION)); // // Now change the fields in the subsections to account for the new // control area and the new segment. Also change the PTEs in the // newly allocated segment to point to the new subsections. // NewControlArea->Segment = NewSegment; NewControlArea->PagedPoolUsage = EX_REAL_POOL_USAGE((sizeof(SEGMENT) + ((OrigNumberOfPtes + AdditionalPtes) * sizeof(MMPTE)))); Subsection = (PSUBSECTION)(ControlArea + 1); NewSubsection = (PSUBSECTION)(NewControlArea + 1); NewSubsection->PtesInSubsection += AdditionalBasePtes; for (i = 0; i < SubsectionsAllocated; i += 1) { // // Note: SubsectionsAllocated is always 1 (for wx86), so this loop // is executed only once. // NewSubsection->ControlArea = (PCONTROL_AREA) NewControlArea; NewSubsection->SubsectionBase = NewSegment->PrototypePte + (Subsection->SubsectionBase - OldSegment->PrototypePte); NewPointerPte = NewSegment->PrototypePte; OldPointerPte = OldSegment->PrototypePte; TempPte.u.Long = MiGetSubsectionAddressForPte (NewSubsection); TempPte.u.Soft.Prototype = 1; for (j = 0; j < OldSegment->TotalNumberOfPtes+AdditionalBasePtes; j += 1) { if ((OldPointerPte->u.Soft.Prototype == 1) && (MiGetSubsectionAddress (OldPointerPte) == Subsection)) { OriginalProtection = MI_GET_PROTECTION_FROM_SOFT_PTE (OldPointerPte); TempPte.u.Soft.Protection = OriginalProtection; MI_WRITE_INVALID_PTE (NewPointerPte, TempPte); } else if (i == 0) { // // Since the outer for loop is executed only once, there // is no need for the i == 0 above, but it is safer to // have it. If the code changes later and other sections // are added, their PTEs will get initialized here as // DemandZero and if they are not DemandZero, they will be // overwritten in a later iteration of the outer loop. // For now, this else if clause will be executed only // for DemandZero PTEs. // OriginalProtection = MI_GET_PROTECTION_FROM_SOFT_PTE (OldPointerPte); TempPteDemandZero.u.Long = 0; TempPteDemandZero.u.Soft.Protection = OriginalProtection; MI_WRITE_INVALID_PTE (NewPointerPte, TempPteDemandZero); } NewPointerPte += 1; // Stop incrementing the OldPointerPte at the last entry and use it // for the additional Base PTEs if (j < OldSegment->TotalNumberOfPtes-1) { OldPointerPte += 1; } } Subsection += 1; NewSubsection += 1; } RtlZeroMemory (NewSubsection, sizeof(SUBSECTION) * AdditionalSubsections); ExFreePool (OldSegment); ExFreePool (ControlArea); ControlArea = (PCONTROL_AREA) NewControlArea; // // Adjust some variables that are used below. // PointerPte has already been set above before OldSegment was freed. // SubsectionsAllocated = NewSubsectionsAllocated; Subsection = NewSubsection - 1; // Points to last used subsection. NumberOfPtes = AdditionalPtes; // # PTEs that haven't yet been used in // previous subsections. // Additional Base PTEs have been added. Only continue if there are // additional subsections to process if (AdditionalSubsections == 0 || AdditionalPtes == 0) { // no shared data sections goto PeReturnSuccess; } } #endif while (NumberOfSubsections > 0) { #if defined (_ALPHA_) || defined(_IA64_) if (!InvalidAlignmentAllowed || ((SectionTableEntry->Characteristics & IMAGE_SCN_MEM_SHARED) && (!(SectionTableEntry->Characteristics & IMAGE_SCN_MEM_EXECUTE) || (SectionTableEntry->Characteristics & IMAGE_SCN_MEM_WRITE)))) { #endif // // Handle case where virtual size is 0. // if (SectionTableEntry->Misc.VirtualSize == 0) { SectionVirtualSize = SectionTableEntry->SizeOfRawData; } else { SectionVirtualSize = SectionTableEntry->Misc.VirtualSize; } // // Fix for Borland linker problem. The SizeOfRawData can // be a zero, but the PointerToRawData is not zero. // Set it to zero. // if (SectionTableEntry->SizeOfRawData == 0) { SectionTableEntry->PointerToRawData = 0; } // // If the section information wraps return an error. // if (SectionTableEntry->PointerToRawData + SectionTableEntry->SizeOfRawData < SectionTableEntry->PointerToRawData) { goto BadPeImageSegment; } Subsection += 1; Subsection->ControlArea = ControlArea; Subsection->NextSubsection = (PSUBSECTION)NULL; Subsection->UnusedPtes = 0; if (((NextVa != (PreferredImageBase + SectionTableEntry->VirtualAddress)) #if defined (_ALPHA_) || defined(_IA64_) && !InvalidAlignmentAllowed #endif ) || (SectionVirtualSize == 0)) { // // The specified virtual address does not align // with the next prototype PTE. // goto BadPeImageSegment; } Subsection->PtesInSubsection = MI_ROUND_TO_SIZE (SectionVirtualSize, RoundingAlignment) >> PAGE_SHIFT; if (Subsection->PtesInSubsection > NumberOfPtes) { // // Inconsistent image, size does not agree with object tables. // goto BadPeImageSegment; } NumberOfPtes -= Subsection->PtesInSubsection; Subsection->u.LongFlags = 0; Subsection->StartingSector = SectionTableEntry->PointerToRawData >> MMSECTOR_SHIFT; // // Align ending sector on file align boundary. // EndingAddress = (SectionTableEntry->PointerToRawData + SectionTableEntry->SizeOfRawData + FileAlignment) & ~FileAlignment; Subsection->NumberOfFullSectors = (ULONG) ((EndingAddress >> MMSECTOR_SHIFT) - Subsection->StartingSector); Subsection->u.SubsectionFlags.SectorEndOffset = (ULONG) EndingAddress & MMSECTOR_MASK; Subsection->SubsectionBase = PointerPte; // // Build both a demand zero PTE and a PTE pointing to the // subsection. // TempPte.u.Long = 0; TempPteDemandZero.u.Long = 0; TempPte.u.Long = MiGetSubsectionAddressForPte (Subsection); TempPte.u.Soft.Prototype = 1; ImageFileSize = SectionTableEntry->PointerToRawData + SectionTableEntry->SizeOfRawData; TempPte.u.Soft.Protection = MiGetImageProtection (SectionTableEntry->Characteristics); TempPteDemandZero.u.Soft.Protection = TempPte.u.Soft.Protection; if (SectionTableEntry->PointerToRawData == 0) { TempPte = TempPteDemandZero; } Subsection->u.SubsectionFlags.ReadOnly = 1; Subsection->u.SubsectionFlags.CopyOnWrite = 1; Subsection->u.SubsectionFlags.Protection = MI_GET_PROTECTION_FROM_SOFT_PTE (&TempPte); if (TempPte.u.Soft.Protection & MM_PROTECTION_WRITE_MASK) { if ((TempPte.u.Soft.Protection & MM_COPY_ON_WRITE_MASK) == MM_COPY_ON_WRITE_MASK) { // // This page is copy on write, charge ImageCommitment // for all pages in this subsection. // ImageCommit = TRUE; } else { // // This page is write shared, charge commitment when // the mapping completes. // SectionCommit = TRUE; Subsection->u.SubsectionFlags.GlobalMemory = 1; ControlArea->u.Flags.GlobalMemory = 1; } } else { // // Not writable, don't charge commitment at all. // ImageCommit = FALSE; SectionCommit = FALSE; } NewSegment->SegmentPteTemplate = TempPte; SectorOffset = 0; for (i = 0; i < Subsection->PtesInSubsection; i += 1) { // // Set all the prototype PTEs to refer to the control section. // if (SectorOffset < SectionVirtualSize) { // // Make PTE accessible. // if (SectionCommit) { NewSegment->NumberOfCommittedPages += 1; } if (ImageCommit) { NewSegment->ImageCommitment += 1; } if (SectorOffset < SectionTableEntry->SizeOfRawData) { // // Data resides on the disk, use the subsection format PTE. // MI_WRITE_INVALID_PTE (PointerPte, TempPte); } else { // // Demand zero pages. // MI_WRITE_INVALID_PTE (PointerPte, TempPteDemandZero); } } else { // // No access pages. // MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); } SectorOffset += PAGE_SIZE; PointerPte += 1; NextVa += PAGE_SIZE; } #if defined (_ALPHA_) || defined(_IA64_) } #endif SectionTableEntry += 1; NumberOfSubsections -= 1; } #if defined (_ALPHA_) || defined(_IA64_) if (!InvalidAlignmentAllowed) { #endif // // Account for the number of subsections that really are mapped. // ASSERT (ImageAlignment >= PAGE_SIZE); ControlArea->NumberOfSubsections += 1; // // If the file size is not as big as the image claimed to be, // return an error. // if (ImageFileSize > EndOfFile.LowPart) { // // Invalid image size. // KdPrint(("MMCREASECT: invalid image size - file size %lx - image size %lx\n %Z\n", EndOfFile.LowPart, ImageFileSize, &File->FileName)); goto BadPeImageSegment; } // // The total number of PTEs was decremented as sections were built, // make sure that there are less than 64k's worth at this point. // if (NumberOfPtes >= (ImageAlignment >> PAGE_SHIFT)) { // // Inconsistent image, size does not agree with object tables. // KdPrint(("MMCREASECT: invalid image - PTE left %lx\n image name %Z\n", NumberOfPtes, &File->FileName)); goto BadPeImageSegment; } // // Set any remaining PTEs to no access. // while (NumberOfPtes != 0) { MI_WRITE_INVALID_PTE (PointerPte, ZeroPte); PointerPte += 1; NumberOfPtes -= 1; } // // Turn the image header page into a transition page within the // prototype PTEs. // if ((ExtendedHeader == NULL) && (SizeOfHeaders < PAGE_SIZE)) { // // Zero remaining portion of header. // RtlZeroMemory ((PVOID)((PCHAR)Base + SizeOfHeaders), PAGE_SIZE - SizeOfHeaders); } #if defined (_ALPHA_) || defined(_IA64_) } #endif if (NewSegment->NumberOfCommittedPages != 0) { // // Commit the pages for the image section. // if (MiChargeCommitment (NewSegment->NumberOfCommittedPages, NULL) == FALSE) { Status = STATUS_COMMITMENT_LIMIT; ExFreePool (NewSegment); ExFreePool (ControlArea); goto NeImage; } MM_TRACK_COMMIT (MM_DBG_COMMIT_IMAGE, NewSegment->NumberOfCommittedPages); Status = STATUS_SUCCESS; ExAcquireFastMutex (&MmSectionCommitMutex); MmSharedCommit += NewSegment->NumberOfCommittedPages; ExReleaseFastMutex (&MmSectionCommitMutex); } PeReturnSuccess: // // If this image is global per session, then allocate a large control // area. Note this doesn't need to be done for systemwide global control // areas or non-global control areas. // if ((MiHydra == TRUE) && (ControlArea->u.Flags.GlobalMemory) && ((LoaderFlags & IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL) == 0)) { LargeControlArea = ExAllocatePoolWithTag(NonPagedPool, (ULONG)(sizeof(LARGE_CONTROL_AREA) + (sizeof(SUBSECTION) * SubsectionsAllocated)), 'iCmM'); if (LargeControlArea == NULL) { // // The requested pool could not be allocated. // if (NewSegment->NumberOfCommittedPages != 0) { MiReturnCommitment (NewSegment->NumberOfCommittedPages); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_IMAGE_NO_LARGE_CA, NewSegment->NumberOfCommittedPages); ExAcquireFastMutex (&MmSectionCommitMutex); MmSharedCommit -= NewSegment->NumberOfCommittedPages; ExReleaseFastMutex (&MmSectionCommitMutex); } ExFreePool (NewSegment); ExFreePool (ControlArea); Status = STATUS_INSUFFICIENT_RESOURCES; goto NeImage; } // // Copy the normal control area into our larger one, fix the linkages, // Fill in the additional fields in the new one and free the old one. // RtlMoveMemory (LargeControlArea, ControlArea, sizeof(CONTROL_AREA)); LargeControlArea->NonPagedPoolUsage = EX_REAL_POOL_USAGE( sizeof(LARGE_CONTROL_AREA) + (sizeof(SUBSECTION) * SubsectionsAllocated)); ASSERT (ControlArea->u.Flags.GlobalOnlyPerSession == 0); Subsection = (PSUBSECTION)(ControlArea + 1); NewSubsection = (PSUBSECTION)(LargeControlArea + 1); for (i = 0; i < SubsectionsAllocated; i += 1) { RtlMoveMemory (NewSubsection, Subsection, sizeof(SUBSECTION)); NewSubsection->ControlArea = (PCONTROL_AREA) LargeControlArea; PointerPte = NewSegment->PrototypePte; TempPte.u.Long = MiGetSubsectionAddressForPte (NewSubsection); TempPte.u.Soft.Prototype = 1; for (j = 0; j < NewSegment->TotalNumberOfPtes; j += 1) { if ((PointerPte->u.Soft.Prototype == 1) && (MiGetSubsectionAddress (PointerPte) == Subsection)) { OriginalProtection = MI_GET_PROTECTION_FROM_SOFT_PTE (PointerPte); TempPte.u.Soft.Protection = OriginalProtection; MI_WRITE_INVALID_PTE (PointerPte, TempPte); } PointerPte += 1; } Subsection += 1; NewSubsection += 1; } NewSegment->ControlArea = (PCONTROL_AREA) LargeControlArea; LargeControlArea->u.Flags.GlobalOnlyPerSession = 1; LargeControlArea->SessionId = 0; InitializeListHead (&LargeControlArea->UserGlobalList); ExFreePool (ControlArea); ControlArea = (PCONTROL_AREA) LargeControlArea; } MiUnmapImageHeaderInHyperSpace (); // // Set the PFN database entry for this page to look like a transition // page. // PointerPte = NewSegment->PrototypePte; MiUpdateImageHeaderPage (PointerPte, PageFrameNumber, ControlArea); if (ExtendedHeader != NULL) { ExFreePool (ExtendedHeader); } ExFreePool (InPageEvent); return STATUS_SUCCESS; // // Error returns from image verification. // BadPeImageSegment: ExFreePool (NewSegment); ExFreePool (ControlArea); //BadPeImage: Status = STATUS_INVALID_IMAGE_FORMAT; NeImage: MiUnmapImageHeaderInHyperSpace (); BadSection: MiRemoveImageHeaderPage(PageFrameNumber); if (ExtendedHeader != NULL) { ExFreePool (ExtendedHeader); } ExFreePool (InPageEvent); return Status; }

NTSTATUS MiCreatePagingFileMap (  OUT PSEGMENT *  Segment, IN PUINT64  MaximumSize, IN ULONG  ProtectionMask, IN ULONG  AllocationAttributes )

Definition at line 4018 of file creasect.c. References BYTES_TO_PAGES, CONTROL_AREA, _SUBSECTION::ControlArea, EX_REAL_POOL_USAGE, ExAllocatePoolWithTag, ExFreePool(), FALSE, MI_WRITE_INVALID_PTE, MiChargeCommitment(), MiReturnCommitment(), MM_DBG_COMMIT_PAGEFILE_BACKED_SHMEM, MM_DBG_COMMIT_RETURN_PAGEFILE_BACKED_SHMEM, MM_PROTO_PTE_ALIGNMENT, MM_TRACK_COMMIT, MMCONTROL, MMSECT, MmSectionCommitMutex, MmSharedCommit, NonPagedPool, _CONTROL_AREA::NonPagedPoolUsage, NULL, _CONTROL_AREA::NumberOfSectionReferences, _CONTROL_AREA::NumberOfSubsections, _CONTROL_AREA::NumberOfUserReferences, PAGE_SHIFT, PAGE_SIZE, PAGED_CODE, PagedPool, _CONTROL_AREA::PagedPoolUsage, PTE_SHIFT, _SUBSECTION::PtesInSubsection, ROUND_TO_PAGES, _CONTROL_AREA::Segment, SEGMENT, SUBSECTION, _SUBSECTION::SubsectionBase, _CONTROL_AREA::u, _SUBSECTION::u, _MMPTE::u, and ZeroPte. Referenced by MmCreateSection(). : This function creates the necessary structures to allow the mapping of a paging file. Arguments: Segment - Returns the segment object. MaximumSize - Supplies the maximum size for the mapping. ProtectionMask - Supplies the initial page protection. AllocationAttributes - Supplies the allocation attributes for the mapping. Return Value: Returns the status value. TBS --*/ { PFN_NUMBER NumberOfPtes; ULONG SizeOfSegment; ULONG i; PCONTROL_AREA ControlArea; PSEGMENT NewSegment; PMMPTE PointerPte; PSUBSECTION Subsection; MMPTE TempPte; LARGE_INTEGER SpecifiedSize; PAGED_CODE(); //******************************************************************* // Create a section backed by paging file. //******************************************************************* if (*MaximumSize == 0) { return STATUS_INVALID_PARAMETER_4; } // // Limit page file backed sections to the pagefile maximum size. // #if defined (_WIN64) || defined (_X86PAE_) SpecifiedSize.QuadPart = (ROUND_TO_PAGES (*MaximumSize)) >> PAGE_SHIFT; if (SpecifiedSize.HighPart != 0) #else if (*MaximumSize > (((ULONGLONG) 4 * 1024 * 1024 * 1024)) - (1024 * 1024)) #endif { return STATUS_SECTION_TOO_BIG; } // // Create the segment object. // // // Calculate the number of prototype PTEs to build for this segment. // NumberOfPtes = BYTES_TO_PAGES (*MaximumSize); if (AllocationAttributes & SEC_COMMIT) { // // Commit the pages for the section. // if (MiChargeCommitment (NumberOfPtes, NULL) == FALSE) { return STATUS_COMMITMENT_LIMIT; } MM_TRACK_COMMIT (MM_DBG_COMMIT_PAGEFILE_BACKED_SHMEM, NumberOfPtes); } SizeOfSegment = sizeof(SEGMENT) + sizeof(MMPTE) * ((ULONG)NumberOfPtes - 1); NewSegment = ExAllocatePoolWithTag (PagedPool, SizeOfSegment, MMSECT); if (NewSegment == NULL) { // // The requested pool could not be allocated. // if (AllocationAttributes & SEC_COMMIT) { MiReturnCommitment (NumberOfPtes); MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_PAGEFILE_BACKED_SHMEM, NumberOfPtes); } return STATUS_INSUFFICIENT_RESOURCES; } *Segment = NewSegment; ControlArea = ExAllocatePoolWithTag (NonPagedPool, (ULONG)sizeof(CONTROL_AREA) + (ULONG)sizeof(SUBSECTION), MMCONTROL); if (ControlArea == NULL) { // // The requested pool could not be allocated. // ExFreePool (NewSegment); if (AllocationAttributes & SEC_COMMIT) { MM_TRACK_COMMIT (MM_DBG_COMMIT_RETURN_PAGEFILE_BACKED_SHMEM, NumberOfPtes); MiReturnCommitment (NumberOfPtes); } return STATUS_INSUFFICIENT_RESOURCES; } // // Zero control area and first subsection. // RtlZeroMemory (ControlArea, sizeof(CONTROL_AREA) + sizeof(SUBSECTION)); ControlArea->NonPagedPoolUsage = EX_REAL_POOL_USAGE(sizeof(CONTROL_AREA) + sizeof(SUBSECTION)); ControlArea->Segment = NewSegment; ControlArea->NumberOfSectionReferences = 1; ControlArea->NumberOfUserReferences = 1; ControlArea->NumberOfSubsections = 1; if (AllocationAttributes & SEC_BASED) { ControlArea->u.Flags.Based = 1; } if (AllocationAttributes & SEC_RESERVE) { ControlArea->u.Flags.Reserve = 1; } if (AllocationAttributes & SEC_COMMIT) { ControlArea->u.Flags.Commit = 1; } Subsection = (PSUBSECTION)(ControlArea + 1); Subsection->ControlArea = ControlArea; Subsection->PtesInSubsection = (ULONG)NumberOfPtes; Subsection->u.SubsectionFlags.Protection = ProtectionMask; // // Align the prototype PTEs on the proper boundary. // PointerPte = &NewSegment->ThePtes[0]; i = (ULONG) (((ULONG_PTR)PointerPte >> PTE_SHIFT) & ((MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - 1)); if (i != 0) { i = (MM_PROTO_PTE_ALIGNMENT / PAGE_SIZE) - i; } // // Zero the segment header. // RtlZeroMemory (NewSegment, sizeof(SEGMENT)); NewSegment->PrototypePte = &NewSegment->ThePtes[i]; NewSegment->ControlArea = ControlArea; // // As size is limited to 2gb, ignore the high part. // NewSegment->SizeOfSegment = (ULONG_PTR)NumberOfPtes * PAGE_SIZE; NewSegment->TotalNumberOfPtes = (ULONG)NumberOfPtes; NewSegment->NonExtendedPtes = (ULONG)NumberOfPtes; ControlArea->PagedPoolUsage = EX_REAL_POOL_USAGE((sizeof(SEGMENT) + (NumberOfPtes * sizeof(MMPTE)))); PointerPte = NewSegment->PrototypePte; Subsection->SubsectionBase = PointerPte; TempPte = ZeroPte; if (AllocationAttributes & SEC_COMMIT) { TempPte.u.Soft.Protection = ProtectionMask; // // Record commitment charging. // NewSegment->NumberOfCommittedPages = NumberOfPtes; ExAcquireFastMutex (&MmSectionCommitMutex); MmSharedCommit += NewSegment->NumberOfCommittedPages; ExReleaseFastMutex (&MmSectionCommitMutex); } NewSegment->SegmentPteTemplate.u.Soft.Protection = ProtectionMask; for (i = 0; i < NumberOfPtes; i += 1) { // // Set all the prototype PTEs to either no access or demand zero // depending on the commit flag. // MI_WRITE_INVALID_PTE (PointerPte, TempPte); PointerPte += 1; } return STATUS_SUCCESS; }

PCONTROL_AREA MiFindImageSectionObject (  IN PFILE_OBJECT  File, OUT PBOOLEAN  GlobalNeeded )

Definition at line 4532 of file creasect.c. References ASSERT, FALSE, File, MM_PFN_LOCK_ASSERT, NULL, PsGetCurrentProcess, _LARGE_CONTROL_AREA::SessionId, TRUE, _LARGE_CONTROL_AREA::u, _CONTROL_AREA::u, and _LARGE_CONTROL_AREA::UserGlobalList. Referenced by MmCreateSection(). : This function searches the control area chains (if any) for an existing cache of the specified image file. For non-global control areas, there is no chain and the control area is shared for all callers and sessions. Likewise for systemwide global control areas. However, for global PER-SESSION control areas, we must do the walk. Arguments: File - Supplies the file object for the image file. GlobalNeeded - Supplies a pointer to store whether a global control area is required as a placeholder. This can only be set when there is already some global control area in the list - ie: our caller should only rely on this when this function returns NULL so the caller knows what kind of control area to insert. Return Value: Returns the matching control area or NULL if one does not exist. Environment: Must be holding the PFN lock. --*/ { PCONTROL_AREA ControlArea; PLARGE_CONTROL_AREA LargeControlArea; PLIST_ENTRY Head, Next; ULONG SessionId; MM_PFN_LOCK_ASSERT(); *GlobalNeeded = FALSE; // // Get first (if any) control area pointer. // ControlArea = (PCONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject); // // If no control area, or the control area is not session global, // then our job is easy. Note, however, that they each require different // return values as they represent different states. // if (ControlArea == NULL) { return NULL; } if (ControlArea->u.Flags.GlobalOnlyPerSession == 0) { return ControlArea; } LargeControlArea = (PLARGE_CONTROL_AREA) ControlArea; // // Get the current session ID and search for a matching control area. // SessionId = PsGetCurrentProcess()->SessionId; if (LargeControlArea->SessionId == SessionId) { return (PCONTROL_AREA) LargeControlArea; } // // Must search the control area list for a matching session ID. // Head = &LargeControlArea->UserGlobalList; for (Next = Head->Flink; Next != Head; Next = Next->Flink) { LargeControlArea = CONTAINING_RECORD (Next, LARGE_CONTROL_AREA, UserGlobalList); ASSERT (LargeControlArea->u.Flags.GlobalOnlyPerSession == 1); if (LargeControlArea->SessionId == SessionId) { return (PCONTROL_AREA) LargeControlArea; } } // // No match, so tell our caller to create a new global control area. // *GlobalNeeded = TRUE; return NULL; }

PCONTROL_AREA MiFindImageSectionObject (  IN PFILE_OBJECT  File, IN PBOOLEAN  GlobalNeeded )

VOID MiFlushDataSection (  IN PFILE_OBJECT  File  )

Definition at line 4999 of file creasect.c. References CcFlushCache(), File, LOCK_PFN, MmFlushSection(), NULL, _CONTROL_AREA::NumberOfSystemCacheViews, TRUE, and UNLOCK_PFN. Referenced by MiCreateImageFileMap(), and MmCreateSection(). 05005 : 05006 05007 This routine flushes the data section if there is one. 05008 05009 Arguments: 05010 05011 File - Supplies the file object. 05012 05013 Return Value: 05014 05015 None. 05016 05017 Environment: 05018 05019 Kernel mode, APC_LEVEL and below. 05020 05021 --*/ 05022 05023 { 05024 KIRQL OldIrql; 05025 IO_STATUS_BLOCK IoStatus; 05026 PCONTROL_AREA ControlArea; 05027 05028 LOCK_PFN (OldIrql); 05029 05030 ControlArea = (PCONTROL_AREA) File->SectionObjectPointer->DataSectionObject; 05031 05032 if (ControlArea) { 05033 if (ControlArea->NumberOfSystemCacheViews) { 05034 UNLOCK_PFN (OldIrql); 05035 CcFlushCache (File->SectionObjectPointer, 05036 NULL, 05037 0, 05038 &IoStatus); 05039 05040 } else { 05041 UNLOCK_PFN (OldIrql); 05042 MmFlushSection (File->SectionObjectPointer, 05043 NULL, 05044 0, 05045 &IoStatus, 05046 TRUE); 05047 } 05048 } 05049 else { 05050 UNLOCK_PFN (OldIrql); 05051 } 05052 } }

CCHAR MiGetImageProtection (  IN ULONG  SectionCharacteristics  )

Definition at line 4334 of file creasect.c. References Index, MmImageProtectionArray, and PAGED_CODE. Referenced by MiCreateImageFileMap(), and MiGetWritablePagesInSection(). 04340 : 04341 04342 This function takes a section characteristic mask from the 04343 image and converts it to an PTE protection mask. 04344 04345 Arguments: 04346 04347 SectionCharacteristics - Supplies the characteristics mask from the 04348 image. 04349 04350 Return Value: 04351 04352 Returns the protection mask for the PTE. 04353 04354 --*/ 04355 04356 { 04357 ULONG Index; 04358 PAGED_CODE(); 04359 04360 Index = 0; 04361 if (SectionCharacteristics & IMAGE_SCN_MEM_EXECUTE) { 04362 Index |= 1; 04363 } 04364 if (SectionCharacteristics & IMAGE_SCN_MEM_READ) { 04365 Index |= 2; 04366 } 04367 if (SectionCharacteristics & IMAGE_SCN_MEM_WRITE) { 04368 Index |= 4; 04369 } 04370 if (SectionCharacteristics & IMAGE_SCN_MEM_SHARED) { 04371 Index |= 8; 04372 } 04373 04374 return MmImageProtectionArray[Index]; 04375 }

PFN_NUMBER MiGetPageForHeader (  VOID   )

Definition at line 4378 of file creasect.c. References CONSISTENCY_UNLOCK_PFN, LOCK_PFN, MI_PAGE_COLOR_VA_PROCESS, MI_PFN_ELEMENT, MI_SET_PFN_DELETED, MiEnsureAvailablePageOrWait(), MiRemoveAnyPage(), _EPROCESS::NextPageColor, NULL, _MMPFN::OriginalPte, PsGetCurrentProcess, _MMPFN::PteAddress, _MMPFN::u3, UNLOCK_PFN, X64K, and ZeroPte. Referenced by MiCheckForCrashDump(), and MiCreateImageFileMap(). 04384 : 04385 04386 This non-pagable function acquires the PFN lock, removes 04387 a page and updates the PFN database as though the page was 04388 ready to be deleted if the reference count is decremented. 04389 04390 Arguments: 04391 04392 None. 04393 04394 Return Value: 04395 04396 Returns the physical page frame number. 04397 04398 --*/ 04399 04400 { 04401 KIRQL OldIrql; 04402 PFN_NUMBER PageFrameNumber; 04403 PMMPFN Pfn1; 04404 PEPROCESS Process; 04405 ULONG PageColor; 04406 04407 Process = PsGetCurrentProcess(); 04408 PageColor = MI_PAGE_COLOR_VA_PROCESS ((PVOID)X64K, 04409 &Process->NextPageColor); 04410 04411 // 04412 // Lock the PFN database and get a page. 04413 // 04414 04415 LOCK_PFN (OldIrql); 04416 04417 MiEnsureAvailablePageOrWait (NULL, NULL); 04418 04419 // 04420 // Remove page for 64k alignment. 04421 // 04422 04423 PageFrameNumber = MiRemoveAnyPage (PageColor); 04424 04425 // 04426 // Increment the reference count for the page so the 04427 // paging I/O will work, and so this page cannot be stolen from us. 04428 // 04429 04430 Pfn1 = MI_PFN_ELEMENT (PageFrameNumber); 04431 Pfn1->u3.e2.ReferenceCount += 1; 04432 04433 #ifndef PFN_CONSISTENCY 04434 // 04435 // Don't need the PFN lock for the fields below... 04436 // 04437 UNLOCK_PFN (OldIrql); 04438 #endif 04439 04440 Pfn1->OriginalPte = ZeroPte; 04441 Pfn1->PteAddress = (PVOID) (ULONG_PTR)X64K; 04442 MI_SET_PFN_DELETED (Pfn1); 04443 04444 CONSISTENCY_UNLOCK_PFN (OldIrql); 04445 04446 return PageFrameNumber; 04447 }

NTSTATUS MiGetWritablePagesInSection (  IN PSECTION  Section, OUT PULONG  WritablePages )

Definition at line 4868 of file creasect.c. References ASSERT, MI_ROUND_TO_SIZE, MiGetImageProtection(), MM_PROTECTION_WRITE_MASK, MmMapViewOfSection(), MmUnmapViewOfSection(), NT_SUCCESS, NTSTATUS(), NULL, PAGE_SHIFT, PAGE_SIZE, PAGED_CODE, PsGetCurrentProcess, and Status. Referenced by MiSessionWideReserveImageAddress(). : This routine calculates the number of writable pages in the image. Arguments: Section - Supplies the section for the image. WritablePages - Supplies a pointer to fill with the number of writable pages. Return Value: STATUS_SUCCESS if all went well, otherwise various NTSTATUS error codes. Environment: Kernel mode, APC_LEVEL and below, MmSystemLoadLock held. --*/ { NTSTATUS Status; PVOID ViewBase; SIZE_T ViewSize; ULONG PagesInSubsection; ULONG Protection; ULONG NumberOfSubsections; ULONG OffsetToSectionTable; ULONG SectionVirtualSize; PEPROCESS Process; LARGE_INTEGER SectionOffset; PIMAGE_DOS_HEADER DosHeader; PIMAGE_NT_HEADERS NtHeader; PIMAGE_SECTION_HEADER SectionTableEntry; PAGED_CODE(); ViewBase = NULL; ViewSize = 0; SectionOffset.QuadPart = 0; *WritablePages = 0; Process = PsGetCurrentProcess(); Status = MmMapViewOfSection (Section, Process, &ViewBase, 0, 0, &SectionOffset, &ViewSize, ViewUnmap, 0, PAGE_EXECUTE); if (!NT_SUCCESS(Status)) { return Status; } // // The DLL is mapped as a data file not as an image. Pull apart the // executable header. The security checks have already been // done as part of creating the section in the first place. // DosHeader = (PIMAGE_DOS_HEADER) ViewBase; ASSERT (DosHeader->e_magic == IMAGE_DOS_SIGNATURE); #ifndef i386 ASSERT (((ULONG)DosHeader->e_lfanew & 3) == 0); #endif ASSERT ((ULONG)DosHeader->e_lfanew <= ViewSize); NtHeader = (PIMAGE_NT_HEADERS)((PCHAR)DosHeader + (ULONG)DosHeader->e_lfanew); OffsetToSectionTable = sizeof(ULONG) + sizeof(IMAGE_FILE_HEADER) + NtHeader->FileHeader.SizeOfOptionalHeader; SectionTableEntry = (PIMAGE_SECTION_HEADER)((PCHAR)NtHeader + OffsetToSectionTable); NumberOfSubsections = NtHeader->FileHeader.NumberOfSections; while (NumberOfSubsections > 0) { Protection = MiGetImageProtection (SectionTableEntry->Characteristics); if (Protection & MM_PROTECTION_WRITE_MASK) { // // Handle the case where the virtual size is 0. // if (SectionTableEntry->Misc.VirtualSize == 0) { SectionVirtualSize = SectionTableEntry->SizeOfRawData; } else { SectionVirtualSize = SectionTableEntry->Misc.VirtualSize; } PagesInSubsection = MI_ROUND_TO_SIZE (SectionVirtualSize, PAGE_SIZE) >> PAGE_SHIFT; *WritablePages += PagesInSubsection; } SectionTableEntry += 1; NumberOfSubsections -= 1; } Status = MmUnmapViewOfSection (Process, ViewBase); ASSERT (NT_SUCCESS(Status)); return Status; }

VOID MiInsertImageSectionObject (  IN PFILE_OBJECT  File, IN PCONTROL_AREA  ControlArea )

Definition at line 4638 of file creasect.c. References ASSERT, File, MM_PFN_LOCK_ASSERT, NULL, PsGetCurrentProcess, _LARGE_CONTROL_AREA::SessionId, _LARGE_CONTROL_AREA::u, and _LARGE_CONTROL_AREA::UserGlobalList. Referenced by MmCreateSection(). : This function inserts the control area into the file's section object pointers. For non-global control areas, there is no chain and the control area is shared for all callers and sessions. Likewise for systemwide global control areas. However, for global PER-SESSION control areas, we must do a list insertion. Arguments: File - Supplies the file object for the image file. InputControlArea - Supplies the control area to insert. Return Value: None. Environment: Must be holding the PFN lock. --*/ { PLIST_ENTRY Head; PLARGE_CONTROL_AREA ControlArea; PLARGE_CONTROL_AREA FirstControlArea; #if DBG PLIST_ENTRY Next; PLARGE_CONTROL_AREA NextControlArea; #endif MM_PFN_LOCK_ASSERT(); ControlArea = (PLARGE_CONTROL_AREA) InputControlArea; // // If this is not a global-per-session control area or just a placeholder // control area (with no chain already in place) then just put it in. // FirstControlArea = (PLARGE_CONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject); if (FirstControlArea == NULL) { if (ControlArea->u.Flags.GlobalOnlyPerSession == 0) { (PCONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject) = (PCONTROL_AREA) ControlArea; return; } } // // A per-session control area needs to be inserted... // ASSERT (ControlArea->u.Flags.GlobalOnlyPerSession == 1); ControlArea->SessionId = PsGetCurrentProcess()->SessionId; // // If the control area list is empty, just initialize links for this entry. // if (File->SectionObjectPointer->ImageSectionObject == NULL) { InitializeListHead (&ControlArea->UserGlobalList); } else { // // Insert new entry before the current first entry. The control area // must be in the midst of creation/deletion or have a valid session // ID to be inserted. // ASSERT (ControlArea->u.Flags.BeingDeleted || ControlArea->u.Flags.BeingCreated || ControlArea->SessionId != (ULONG)-1); FirstControlArea = (PLARGE_CONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject); Head = &FirstControlArea->UserGlobalList; #if DBG // // Ensure no duplicate session IDs exist in the list. // for (Next = Head->Flink; Next != Head; Next = Next->Flink) { NextControlArea = CONTAINING_RECORD (Next, LARGE_CONTROL_AREA, UserGlobalList); ASSERT (NextControlArea->SessionId != (ULONG)-1 && NextControlArea->SessionId != ControlArea->SessionId); } #endif InsertTailList (Head, &ControlArea->UserGlobalList); } // // Update first control area pointer. // (PCONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject) = (PCONTROL_AREA) ControlArea; }

VOID MiRemoveImageHeaderPage (  IN PFN_NUMBER  PageFrameNumber  )

Definition at line 4501 of file creasect.c. References LOCK_PFN, MiDecrementReferenceCount(), and UNLOCK_PFN. Referenced by MiCheckForCrashDump(), and MiCreateImageFileMap(). : This non-pagable function acquires the PFN lock, and decrements the reference count thereby causing the physical page to be deleted. Arguments: PageFrameNumber - Supplies the PFN to decrement. Return Value: None. --*/ { KIRQL OldIrql; LOCK_PFN (OldIrql); MiDecrementReferenceCount (PageFrameNumber); UNLOCK_PFN (OldIrql); return; }

VOID MiRemoveImageSectionObject (  IN PFILE_OBJECT  File, IN PCONTROL_AREA  InputControlArea )

Definition at line 4753 of file creasect.c. References ASSERT, File, MM_PFN_LOCK_ASSERT, NULL, _LARGE_CONTROL_AREA::u, and _LARGE_CONTROL_AREA::UserGlobalList. Referenced by MiCheckControlArea(), MiCheckForControlAreaDeletion(), MiCleanSection(), and MmCreateSection(). : This function searches the control area chains (if any) for an existing cache of the specified image file. For non-global control areas, there is no chain and the control area is shared for all callers and sessions. Likewise for systemwide global control areas. However, for global PER-SESSION control areas, we must do the walk. Upon finding the specified control area, we unlink it. Arguments: File - Supplies the file object for the image file. InputControlArea - Supplies the control area to remove. Return Value: None. Environment: Must be holding the PFN lock. --*/ { PLIST_ENTRY Head, Next; PLARGE_CONTROL_AREA ControlArea; PLARGE_CONTROL_AREA FirstControlArea; PLARGE_CONTROL_AREA NextControlArea; MM_PFN_LOCK_ASSERT(); ControlArea = (PLARGE_CONTROL_AREA) InputControlArea; FirstControlArea = (PLARGE_CONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject); // // Get a pointer to the first control area. If this is not a // global-per-session control area, then there is no list, so we're done. // if (FirstControlArea->u.Flags.GlobalOnlyPerSession == 0) { ASSERT (ControlArea->u.Flags.GlobalOnlyPerSession == 0); (PCONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject) = NULL; return; } // // A list may exist. Walk it as necessary and delete the requested entry. // if (FirstControlArea == ControlArea) { // // The first entry is the one to remove. If it is the only entry // in the list, then the new first entry pointer will be NULL. // Otherwise, get a pointer to the next entry and unlink the current. // if (IsListEmpty (&FirstControlArea->UserGlobalList)) { NextControlArea = NULL; } else { Next = FirstControlArea->UserGlobalList.Flink; RemoveEntryList (&FirstControlArea->UserGlobalList); NextControlArea = CONTAINING_RECORD (Next, LARGE_CONTROL_AREA, UserGlobalList); ASSERT (NextControlArea->u.Flags.GlobalOnlyPerSession == 1); } (PCONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject) = (PCONTROL_AREA) NextControlArea; return; } // // Remove the entry, note that the ImageSectionObject need not be updated // as the entry is not at the head. // #if DBG Head = &FirstControlArea->UserGlobalList; for (Next = Head->Flink; Next != Head; Next = Next->Flink) { NextControlArea = CONTAINING_RECORD (Next, LARGE_CONTROL_AREA, UserGlobalList); ASSERT (NextControlArea->u.Flags.GlobalOnlyPerSession == 1); if (NextControlArea == ControlArea) { break; } } ASSERT (Next != Head); #endif RemoveEntryList (&ControlArea->UserGlobalList); }

VOID MiUpdateImageHeaderPage (  IN PMMPTE  PointerPte, IN PFN_NUMBER  PageFrameNumber, IN PCONTROL_AREA  ControlArea )

Definition at line 4450 of file creasect.c. References LOCK_PFN, MiDecrementReferenceCount(), MiInitializeTransitionPfn(), MiMakeSystemAddressValidPfn(), and UNLOCK_PFN. Referenced by MiCheckForCrashDump(), and MiCreateImageFileMap(). 04458 : 04459 04460 This non-pagable function acquires the PFN lock, and 04461 turns the specified prototype PTE into a transition PTE 04462 referring to the specified physical page. It then 04463 decrements the reference count causing the page to 04464 be placed on the standby or modified list. 04465 04466 Arguments: 04467 04468 PointerPte - Supplies the PTE to set into the transition state. 04469 04470 PageFrameNumber - Supplies the physical page. 04471 04472 ControlArea - Supplies the control area for the prototype PTEs. 04473 04474 Return Value: 04475 04476 None. 04477 04478 --*/ 04479 04480 { 04481 KIRQL OldIrql; 04482 04483 LOCK_PFN (OldIrql); 04484 04485 MiMakeSystemAddressValidPfn (PointerPte); 04486 04487 MiInitializeTransitionPfn (PageFrameNumber, PointerPte, 0xFFFFFFFF); 04488 ControlArea->NumberOfPfnReferences += 1; 04489 04490 // 04491 // Add the page to the standby list. 04492 // 04493 04494 MiDecrementReferenceCount (PageFrameNumber); 04495 04496 UNLOCK_PFN (OldIrql); 04497 return; 04498 }

NTSTATUS MiVerifyImageHeader (  IN PIMAGE_NT_HEADERS  NtHeader, IN PIMAGE_DOS_HEADER  DosHeader, IN ULONG  NtHeaderSize )

Definition at line 3295 of file creasect.c. References MiCheckDosCalls(), PAGE_SIZE, PAGED_CODE, PCONFIGPHARLAP, PUSHORT, _PHARLAP_CONFIG::uchCopyRight, USHORT, _PHARLAP_CONFIG::usSign, and VALIDATE_NTHEADER. Referenced by MiCreateImageFileMap(). 03303 : 03304 03305 03306 Arguments: 03307 03308 Return Value: 03309 03310 Returns the status value. 03311 03312 TBS 03313 03314 --*/ 03315 03316 03317 03318 { 03319 PCONFIGPHARLAP PharLapConfigured; 03320 PUCHAR pb; 03321 LONG pResTableAddress; 03322 03323 PAGED_CODE(); 03324 03325 if (NtHeader->Signature != IMAGE_NT_SIGNATURE) { 03326 if ((USHORT)NtHeader->Signature == (USHORT)IMAGE_OS2_SIGNATURE) { 03327 03328 // 03329 // Check to see if this is a win-16 image. 03330 // 03331 03332 if ((!MiCheckDosCalls ((PIMAGE_OS2_HEADER)NtHeader, NtHeaderSize)) && 03333 ((((PIMAGE_OS2_HEADER)NtHeader)->ne_exetyp == 2) 03334 || 03335 ((((PIMAGE_OS2_HEADER)NtHeader)->ne_exetyp == 0) && 03336 (((((PIMAGE_OS2_HEADER)NtHeader)->ne_expver & 0xff00) == 03337 0x200) || 03338 ((((PIMAGE_OS2_HEADER)NtHeader)->ne_expver & 0xff00) == 03339 0x300))))) { 03340 03341 // 03342 // This is a win-16 image. 03343 // 03344 03345 return STATUS_INVALID_IMAGE_WIN_16; 03346 } 03347 03348 // The following OS/2 headers types go to NTDOS 03349 // 03350 // - exetype == 5 means binary is for Dos 4.0. 03351 // e.g Borland Dos extender type 03352 // 03353 // - OS/2 apps which have no import table entries 03354 // cannot be meant for the OS/2 ss. 03355 // e.g. QuickC for dos binaries 03356 // 03357 // - "old" Borland Dosx BC++ 3.x, Paradox 4.x 03358 // exe type == 1 03359 // DosHeader->e_cs * 16 + DosHeader->e_ip + 0x200 - 10 03360 // contains the string " mode EXE$" 03361 // but import table is empty, so we don't make special check 03362 // 03363 03364 if (((PIMAGE_OS2_HEADER)NtHeader)->ne_exetyp == 5 || 03365 ((PIMAGE_OS2_HEADER)NtHeader)->ne_enttab == 03366 ((PIMAGE_OS2_HEADER)NtHeader)->ne_imptab ) 03367 { 03368 return STATUS_INVALID_IMAGE_PROTECT; 03369 } 03370 03371 03372 // 03373 // Borland Dosx types: exe type 1 03374 // 03375 // - "new" Borland Dosx BP7.0 03376 // exe type == 1 03377 // DosHeader + 0x200 contains the string "16STUB" 03378 // 0x200 happens to be e_parhdr*16 03379 // 03380 03381 if (((PIMAGE_OS2_HEADER)NtHeader)->ne_exetyp == 1 && 03382 RtlEqualMemory((PUCHAR)DosHeader + 0x200, "16STUB", 6) ) 03383 { 03384 return STATUS_INVALID_IMAGE_PROTECT; 03385 } 03386 03387 // 03388 // Check for PharLap extended header which we run as a dos app. 03389 // The PharLap config block is pointed to by the SizeofHeader 03390 // field in the DosHdr. 03391 // The following algorithm for detecting a pharlap exe 03392 // was recommended by PharLap Software Inc. 03393 // 03394 03395 PharLapConfigured =(PCONFIGPHARLAP) ((PCHAR)DosHeader + 03396 ((ULONG)DosHeader->e_cparhdr << 4)); 03397 03398 if ((PCHAR)PharLapConfigured < 03399 (PCHAR)DosHeader + PAGE_SIZE - sizeof(CONFIGPHARLAP)) { 03400 if (RtlEqualMemory(&PharLapConfigured->uchCopyRight[0x18], 03401 "Phar Lap Software, Inc.", 24) && 03402 (PharLapConfigured->usSign == 0x4b50 || // stub loader type 2 03403 PharLapConfigured->usSign == 0x4f50 || // bindable 286|DosExtender 03404 PharLapConfigured->usSign == 0x5650 )) // bindable 286|DosExtender (Adv) 03405 { 03406 return STATUS_INVALID_IMAGE_PROTECT; 03407 } 03408 } 03409 03410 03411 03412 // 03413 // Check for Rational extended header which we run as a dos app. 03414 // We look for the rational copyright at: 03415 // wCopyRight = *(DosHeader->e_cparhdr*16 + 30h) 03416 // pCopyRight = wCopyRight + DosHeader->e_cparhdr*16 03417 // "Copyright (C) Rational Systems, Inc." 03418 // 03419 03420 pb = ((PUCHAR)DosHeader + ((ULONG)DosHeader->e_cparhdr << 4)); 03421 03422 if ((ULONG_PTR)pb < (ULONG_PTR)DosHeader + PAGE_SIZE - 0x30 - sizeof(USHORT)) { 03423 pb += *(PUSHORT)(pb + 0x30); 03424 if ( (ULONG_PTR)pb < (ULONG_PTR)DosHeader + PAGE_SIZE - 36 && 03425 RtlEqualMemory(pb, 03426 "Copyright (C) Rational Systems, Inc.", 03427 36) ) 03428 { 03429 return STATUS_INVALID_IMAGE_PROTECT; 03430 } 03431 } 03432 03433 // 03434 // Check for lotus 123 family of applications. Starting 03435 // with 123 3.0 (till recently shipped 123 3.4), every 03436 // exe header is bound but is meant for DOS. This can 03437 // be checked via, a string signature in the extended 03438 // header. <len byte>"1-2-3 Preloader" is the string 03439 // at ne_nrestab offset. 03440 // 03441 03442 pResTableAddress = ((PIMAGE_OS2_HEADER)NtHeader)->ne_nrestab; 03443 if (pResTableAddress > DosHeader->e_lfanew && 03444 ((ULONG)((pResTableAddress+16) - DosHeader->e_lfanew) < 03445 NtHeaderSize) && 03446 RtlEqualMemory( 03447 ((PUCHAR)NtHeader + 1 + 03448 (ULONG)(pResTableAddress - DosHeader->e_lfanew)), 03449 "1-2-3 Preloader", 03450 15) ) { 03451 return STATUS_INVALID_IMAGE_PROTECT; 03452 } 03453 03454 return STATUS_INVALID_IMAGE_NE_FORMAT; 03455 } 03456 03457 if ((USHORT)NtHeader->Signature == (USHORT)IMAGE_OS2_SIGNATURE_LE) { 03458 03459 // 03460 // This is a LE (OS/2) image. We don't support it, so give it to 03461 // DOS subsystem. There are cases (Rbase.exe) which have a LE 03462 // header but actually it is suppose to run under DOS. When we 03463 // do support LE format, some work needs to be done here to 03464 // decide whether to give it to VDM or OS/2. 03465 // 03466 03467 return STATUS_INVALID_IMAGE_PROTECT; 03468 } 03469 return STATUS_INVALID_IMAGE_PROTECT; 03470 } 03471 03472 if ((NtHeader->FileHeader.Machine == 0) && 03473 (NtHeader->FileHeader.SizeOfOptionalHeader == 0)) { 03474 03475 // 03476 // This is a bogus DOS app which has a 32-bit portion 03477 // masquerading as a PE image. 03478 // 03479 03480 return STATUS_INVALID_IMAGE_PROTECT; 03481 } 03482 03483 if (!(NtHeader->FileHeader.Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE)) { 03484 return STATUS_INVALID_IMAGE_FORMAT; 03485 } 03486 03487 #ifdef i386 03488 03489 // 03490 // Make sure the image header is aligned on a Long word boundary. 03491 // 03492 03493 if (((ULONG_PTR)NtHeader & 3) != 0) { 03494 return STATUS_INVALID_IMAGE_FORMAT; 03495 } 03496 #endif 03497 03498 #define VALIDATE_NTHEADER(Hdr) { \ 03499 /* File alignment must be multiple of 512 and power of 2. */ \ 03500 if (((((Hdr)->OptionalHeader).FileAlignment & 511) != 0) && \ 03501 (((Hdr)->OptionalHeader).FileAlignment != \ 03502 ((Hdr)->OptionalHeader).SectionAlignment)) { \ 03503 return STATUS_INVALID_IMAGE_FORMAT; \ 03504 } \ 03505 \ 03506 if (((Hdr)->OptionalHeader).FileAlignment == 0) { \ 03507 return STATUS_INVALID_IMAGE_FORMAT; \ 03508 } \ 03509 \ 03510 if (((((Hdr)->OptionalHeader).FileAlignment - 1) & \ 03511 ((Hdr)->OptionalHeader).FileAlignment) != 0) { \ 03512 return STATUS_INVALID_IMAGE_FORMAT; \ 03513 } \ 03514 \ 03515 if (((Hdr)->OptionalHeader).SectionAlignment < ((Hdr)->OptionalHeader).FileAlignment) { \ 03516 return STATUS_INVALID_IMAGE_FORMAT; \ 03517 } \ 03518 \ 03519 if (((Hdr)->OptionalHeader).SizeOfImage > MM_SIZE_OF_LARGEST_IMAGE) { \ 03520 return STATUS_INVALID_IMAGE_FORMAT; \ 03521 } \ 03522 \ 03523 if ((Hdr)->FileHeader.NumberOfSections > MM_MAXIMUM_IMAGE_SECTIONS) { \ 03524 return STATUS_INVALID_IMAGE_FORMAT; \ 03525 } \ 03526 } 03527 03528 if (NtHeader->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR_MAGIC) { 03529 // 03530 // Image doesn't have the right magic value in its optional header 03531 // 03532 #if defined (_WIN64) 03533 if (NtHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { 03534 // 03535 // PE32 image. Validate it as such. 03536 // 03537 PIMAGE_NT_HEADERS32 NtHeader32 = (PIMAGE_NT_HEADERS32)NtHeader; 03538 03539 VALIDATE_NTHEADER(NtHeader32); 03540 return STATUS_SUCCESS; 03541 } 03542 #endif 03543 return STATUS_INVALID_IMAGE_FORMAT; 03544 } 03545 03546 VALIDATE_NTHEADER(NtHeader); 03547 #undef VALIDATE_NTHEADER 03548 03549 return STATUS_SUCCESS; 03550 }

NTSTATUS MmCreateSection (  OUT PVOID *  SectionObject, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL, IN PLARGE_INTEGER  InputMaximumSize, IN ULONG  SectionPageProtection, IN ULONG  AllocationAttributes, IN HANDLE FileHandle  OPTIONAL, IN PFILE_OBJECT FileObject  OPTIONAL )

Definition at line 390 of file creasect.c. References ASSERT, CONTROL_AREA, _SEGMENT::ControlArea, DbgPrint, _CONTROL_AREA::DereferenceList, Event(), EX_REAL_POOL_USAGE, ExAllocatePoolWithTag, EXCEPTION_EXECUTE_HANDLER, ExFreePool(), FALSE, File, _CONTROL_AREA::FilePointer, FSRTL_FSP_TOP_LEVEL_IRP, FsRtlAcquireFileExclusive(), FsRtlGetFileSize(), FsRtlReleaseFile(), _SECTION::InitialPageProtection, IoFileObjectType, IoSetTopLevelIrp(), KernelMode, KeSetEvent(), KeWaitForSingleObject(), KPROCESSOR_MODE, LARGE_CONTROL_AREA, LOCK_PFN, MI_UNUSED_SEGMENTS_REMOVE_CHARGE, MiCheckControlArea(), MiCreateDataFileMap(), MiCreateImageFileMap(), MiCreatePagingFileMap(), MiFindEmptySectionBaseDown(), MiFindImageSectionObject(), MiFlushDataSection(), MiFreeEventCounter(), MiGetEventCounter(), MiHydra, MiInsertBasedSection(), MiInsertImageSectionObject(), MiMakeProtectionMask(), MiRemoveImageSectionObject(), MM_DBG_SECTIONS, MM_DBG_SHOW_NT_CALLS, MMCONTROL, MmExtendSection(), MmHighSectionBase, MmMakeFileAccess, MmSectionBasedMutex, MmSectionBasedRoot, MmSectionObjectType, _CONTROL_AREA::ModifiedWriteCount, NonPagedPool, _CONTROL_AREA::NonPagedPoolUsage, NT_SUCCESS, NTSTATUS(), NULL, _CONTROL_AREA::NumberOfMappedViews, _CONTROL_AREA::NumberOfSectionReferences, _CONTROL_AREA::NumberOfSubsections, _CONTROL_AREA::NumberOfUserReferences, ObCreateObject(), ObDereferenceObject, ObjectAttributes, ObReferenceObject, ObReferenceObjectByHandle(), PERFINFO_SECTION_CREATE, PSECTION, SECTION, _CONTROL_AREA::Segment, _SECTION::Segment, _SECTION::SizeOfSection, _SEGMENT::SizeOfSegment, Status, SUBSECTION, _SEGMENT::TotalNumberOfPtes, TRUE, _SECTION::u, _CONTROL_AREA::u, UNLOCK_PFN, _CONTROL_AREA::WaitingForDeletion, and WrVirtualMemory. Referenced by CcInitializeCacheMap(), MiCrashDumpWorker(), and NtCreateSection(). 00403 : 00404 00405 This function creates a section object and opens a handle to the object 00406 with the specified desired access. 00407 00408 Arguments: 00409 00410 Section - A pointer to a variable that will 00411 receive the section object address. 00412 00413 DesiredAccess - The desired types of access for the section. 00414 00415 DesiredAccess Flags 00416 00417 EXECUTE - Execute access to the section is desired. 00418 00419 READ - Read access to the section is desired. 00420 00421 WRITE - Write access to the section is desired. 00422 00423 ObjectAttributes - Supplies a pointer to an object attributes structure. 00424 00425 InputMaximumSize - Supplies the maximum size of the section in bytes. 00426 This value is rounded up to the host page size and 00427 specifies the size of the section (page file 00428 backed section) or the maximum size to which a 00429 file can be extended or mapped (file backed 00430 section). 00431 00432 SectionPageProtection - Supplies the protection to place on each page 00433 in the section. One of PAGE_READ, PAGE_READWRITE, 00434 PAGE_EXECUTE, or PAGE_WRITECOPY and, optionally, 00435 PAGE_NOCACHE may be specified. 00436 00437 AllocationAttributes - Supplies a set of flags that describe the 00438 allocation attributes of the section. 00439 00440 AllocationAttributes Flags 00441 00442 SEC_BASED - The section is a based section and will be 00443 allocated at the same virtual address in each process 00444 address space that receives the section. This does not 00445 imply that addresses are reserved for based sections. 00446 Rather if the section cannot be mapped at the based address 00447 an error is returned. 00448 00449 SEC_RESERVE - All pages of the section are set to the 00450 reserved state. 00451 00452 SEC_COMMIT - All pages of the section are set to the commit state. 00453 00454 SEC_IMAGE - The file specified by the file handle is an 00455 executable image file. 00456 00457 SEC_FILE - The file specified by the file handle is a mapped 00458 file. If a file handle is supplied and neither 00459 SEC_IMAGE or SEC_FILE is supplied, SEC_FILE is 00460 assumed. 00461 00462 FileHandle - Supplies an optional handle of an open file object. 00463 If the value of this handle is null, then the 00464 section will be backed by a paging file. Otherwise 00465 the section is backed by the specified data file. 00466 00467 FileObject - Supplies an optional pointer to the file object. If this 00468 value is NULL and the FileHandle is NULL, then there is 00469 no file to map (image or mapped file). If this value 00470 is specified, then the File is to be mapped as a MAPPED FILE 00471 and NO file size checking will be performed. 00472 00473 ONLY THE SYSTEM CACHE SHOULD PROVIDE A FILE OBJECT WITH THE 00474 CALL!! as this is optimized to not check the size, only do 00475 data mapping, no protection check, etc. 00476 00477 Note - Only one of FileHandle or File should be specified! 00478 00479 Return Value: 00480 00481 Returns the relevant NTSTATUS code. 00482 00483 --*/ 00484 00485 { 00486 SECTION Section; 00487 PSECTION NewSection; 00488 PSEGMENT Segment; 00489 PSEGMENT NewSegment; 00490 KPROCESSOR_MODE PreviousMode; 00491 KIRQL OldIrql; 00492 NTSTATUS Status; 00493 PCONTROL_AREA ControlArea; 00494 PCONTROL_AREA NewControlArea; 00495 PCONTROL_AREA SegmentControlArea; 00496 ACCESS_MASK FileDesiredAccess; 00497 PFILE_OBJECT File; 00498 PEVENT_COUNTER Event; 00499 ULONG IgnoreFileSizing; 00500 ULONG ProtectionMask; 00501 ULONG ProtectMaskForAccess; 00502 ULONG FileAcquired; 00503 PEVENT_COUNTER SegmentEvent; 00504 BOOLEAN FileSizeChecked; 00505 LARGE_INTEGER TempSectionSize; 00506 UINT64 EndOfFile; 00507 ULONG IncrementedRefCount; 00508 ULONG ControlAreaSize; 00509 PUINT64 MaximumSize; 00510 PMMADDRESS_NODE *SectionBasedRoot; 00511 BOOLEAN GlobalNeeded; 00512 PFILE_OBJECT ChangeFileReference; 00513 #if DBG 00514 PVOID PreviousSectionPointer; 00515 #endif //DBG 00516 00517 DesiredAccess; 00518 00519 IgnoreFileSizing = FALSE; 00520 FileAcquired = FALSE; 00521 FileSizeChecked = FALSE; 00522 IncrementedRefCount = FALSE; 00523 ChangeFileReference = NULL; 00524 00525 MaximumSize = (PUINT64) InputMaximumSize; 00526 00527 #if DBG 00528 if (MmDebug & MM_DBG_SHOW_NT_CALLS) { 00529 if ( !MmWatchProcess ) { 00530 DbgPrint("crea sect access mask %lx maxsize %I64X page prot %lx\n", 00531 DesiredAccess, *MaximumSize, SectionPageProtection); 00532 DbgPrint(" allocation attributes %lx file handle %lx\n", 00533 AllocationAttributes, FileHandle); 00534 } 00535 } 00536 #endif 00537 00538 // 00539 // Check allocation attributes flags. 00540 // 00541 00542 File = (PFILE_OBJECT)NULL; 00543 00544 ASSERT ((AllocationAttributes & ~(SEC_COMMIT | SEC_RESERVE | SEC_BASED | 00545 SEC_IMAGE | SEC_NOCACHE | SEC_NO_CHANGE)) == 0); 00546 00547 ASSERT ((AllocationAttributes & (SEC_COMMIT | SEC_RESERVE | SEC_IMAGE)) != 0); 00548 00549 ASSERT (!((AllocationAttributes & SEC_IMAGE) && 00550 (AllocationAttributes & (SEC_COMMIT | SEC_RESERVE | 00551 SEC_NOCACHE | SEC_NO_CHANGE)))); 00552 00553 ASSERT (!((AllocationAttributes & SEC_COMMIT) && 00554 (AllocationAttributes & SEC_RESERVE))); 00555 00556 ASSERT (!((SectionPageProtection & PAGE_NOCACHE) || 00557 (SectionPageProtection & PAGE_GUARD) || 00558 (SectionPageProtection & PAGE_NOACCESS))); 00559 00560 if (AllocationAttributes & SEC_NOCACHE) { 00561 SectionPageProtection |= PAGE_NOCACHE; 00562 } 00563 00564 // 00565 // Check the protection field. This could raise an exception. 00566 // 00567 00568 try { 00569 ProtectionMask = MiMakeProtectionMask (SectionPageProtection); 00570 } except (EXCEPTION_EXECUTE_HANDLER) { 00571 return GetExceptionCode(); 00572 } 00573 00574 ProtectMaskForAccess = ProtectionMask & 0x7; 00575 00576 FileDesiredAccess = MmMakeFileAccess[ProtectMaskForAccess]; 00577 00578 // 00579 // Get previous processor mode and probe output arguments if necessary. 00580 // 00581 00582 PreviousMode = KeGetPreviousMode(); 00583 00584 Section.InitialPageProtection = SectionPageProtection; 00585 Section.Segment = (PSEGMENT)NULL; 00586 00587 if (ARGUMENT_PRESENT(FileHandle) || ARGUMENT_PRESENT(FileObject)) { 00588 00589 if (ARGUMENT_PRESENT(FileObject)) { 00590 IgnoreFileSizing = TRUE; 00591 File = FileObject; 00592 00593 // 00594 // Quick check to see if a control area already exists. 00595 // 00596 00597 if (File->SectionObjectPointer->DataSectionObject) { 00598 00599 LOCK_PFN (OldIrql); 00600 ControlArea = 00601 (PCONTROL_AREA)(File->SectionObjectPointer->DataSectionObject); 00602 00603 if ((ControlArea != NULL) && 00604 (!ControlArea->u.Flags.BeingDeleted) && 00605 (!ControlArea->u.Flags.BeingCreated)) { 00606 00607 // 00608 // Control area exists and is not being deleted, 00609 // reference it. 00610 // 00611 00612 NewSegment = ControlArea->Segment; 00613 if ((ControlArea->NumberOfSectionReferences == 0) && 00614 (ControlArea->NumberOfMappedViews == 0) && 00615 (ControlArea->ModifiedWriteCount == 0)) { 00616 00617 // 00618 // Dereference the current file object and 00619 // reference this one. 00620 // 00621 00622 ChangeFileReference = ControlArea->FilePointer; 00623 ControlArea->FilePointer = FileObject; 00624 00625 // 00626 // This dereference is purposely at DPC_LEVEL 00627 // so the object manager queues it to another 00628 // thread thereby eliminating deadlocks with 00629 // the redirector. 00630 // 00631 00632 ObDereferenceObject (ChangeFileReference); 00633 } 00634 ControlArea->u.Flags.Accessed = 1; 00635 ControlArea->NumberOfSectionReferences += 1; 00636 if (ControlArea->DereferenceList.Flink != NULL) { 00637 00638 // 00639 // Remove this from the list of unused segments. 00640 // 00641 00642 RemoveEntryList (&ControlArea->DereferenceList); 00643 00644 MI_UNUSED_SEGMENTS_REMOVE_CHARGE (ControlArea); 00645 00646 ControlArea->DereferenceList.Flink = NULL; 00647 ControlArea->DereferenceList.Blink = NULL; 00648 } 00649 UNLOCK_PFN (OldIrql); 00650 IncrementedRefCount = TRUE; 00651 Section.SizeOfSection.QuadPart = (LONGLONG)*MaximumSize; 00652 00653 goto ReferenceObject; 00654 } 00655 UNLOCK_PFN (OldIrql); 00656 } 00657 00658 ObReferenceObject (FileObject); 00659 00660 } else { 00661 00662 // 00663 // Only one of FileHandle or FileObject should be supplied 00664 // if a FileObject is supplied, this must be from the 00665 // file system and therefore the file's size should not 00666 // be checked. 00667 // 00668 00669 Status = ObReferenceObjectByHandle ( FileHandle, 00670 FileDesiredAccess, 00671 IoFileObjectType, 00672 PreviousMode, 00673 (PVOID *)&File, 00674 NULL ); 00675 if (!NT_SUCCESS(Status)) { 00676 return Status; 00677 } 00678 00679 // 00680 // If this file doesn't have a section object pointer, 00681 // return an error. 00682 // 00683 00684 if (File->SectionObjectPointer == NULL) { 00685 ObDereferenceObject (File); 00686 return STATUS_INVALID_FILE_FOR_SECTION; 00687 } 00688 } 00689 00690 // 00691 // Check to see if the specified file already has a section. 00692 // If not, indicate in the file object's pointer to an FCB that 00693 // a section is being built. This synchronizes segment creation 00694 // for the file. 00695 // 00696 00697 if (MiHydra == TRUE && (AllocationAttributes & SEC_IMAGE)) { 00698 00699 // 00700 // This control area is always just a place holder - the real one 00701 // is allocated in MiCreateImageFileMap and will be allocated 00702 // with the correct size and this one freed in a short while. 00703 // 00704 // This place holder must always be allocated as a large control 00705 // area so that it can be chained for the per-session case. 00706 // 00707 // This may need revisiting for wx86. 00708 // 00709 00710 ControlAreaSize = (ULONG)sizeof(LARGE_CONTROL_AREA) + 00711 (ULONG)sizeof(SUBSECTION); 00712 } 00713 else { 00714 ControlAreaSize = (ULONG)sizeof(CONTROL_AREA) + 00715 (ULONG)sizeof(SUBSECTION); 00716 } 00717 00718 NewControlArea = ExAllocatePoolWithTag (NonPagedPool, 00719 ControlAreaSize, 00720 MMCONTROL); 00721 00722 if (NewControlArea == NULL) { 00723 ObDereferenceObject (File); 00724 return STATUS_INSUFFICIENT_RESOURCES; 00725 } 00726 00727 RtlZeroMemory (NewControlArea, ControlAreaSize); 00728 00729 NewControlArea->NonPagedPoolUsage = EX_REAL_POOL_USAGE(ControlAreaSize); 00730 00731 NewSegment = (PSEGMENT)NULL; 00732 00733 // 00734 // We only need the file resource if the was a user request, i.e. not 00735 // a call from the cache manager or file system. 00736 // 00737 00738 if (ARGUMENT_PRESENT(FileHandle)) { 00739 00740 FsRtlAcquireFileExclusive (File); 00741 IoSetTopLevelIrp((PIRP)FSRTL_FSP_TOP_LEVEL_IRP); 00742 FileAcquired = TRUE; 00743 } 00744 00745 LOCK_PFN (OldIrql); 00746 00747 // 00748 // Allocate an event to wait on in case the segment is in the 00749 // process of being deleted. This event cannot be allocated 00750 // with the PFN database locked as pool expansion would deadlock. 00751 // 00752 00753 ReallocateandcheckSegment: 00754 00755 SegmentEvent = MiGetEventCounter(); 00756 00757 if (SegmentEvent == NULL) { 00758 UNLOCK_PFN (OldIrql); 00759 if (FileAcquired) { 00760 IoSetTopLevelIrp((PIRP)NULL); 00761 FsRtlReleaseFile (File); 00762 } 00763 ExFreePool (NewControlArea); 00764 ObDereferenceObject (File); 00765 return STATUS_INSUFFICIENT_RESOURCES; 00766 } 00767 00768 RecheckSegment: 00769 00770 if (AllocationAttributes & SEC_IMAGE) { 00771 00772 if (MiHydra == TRUE) { 00773 ControlArea = MiFindImageSectionObject (File, &GlobalNeeded); 00774 } 00775 else { 00776 ControlArea = 00777 (PCONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject); 00778 } 00779 } else { 00780 ControlArea = 00781 (PCONTROL_AREA)(File->SectionObjectPointer->DataSectionObject); 00782 } 00783 00784 if (ControlArea != NULL) { 00785 00786 // 00787 // A segment already exists for this file. Make sure that it 00788 // is not in the process of being deleted, or being created. 00789 // 00790 00791 00792 if ((ControlArea->u.Flags.BeingDeleted) || 00793 (ControlArea->u.Flags.BeingCreated)) { 00794 00795 // 00796 // The segment object is in the process of being deleted or 00797 // created. 00798 // Check to see if another thread is waiting for the deletion, 00799 // otherwise create an event object to wait upon. 00800 // 00801 00802 if (ControlArea->WaitingForDeletion == NULL) { 00803 00804 // 00805 // Initialize an event and put its address in the control area. 00806 // 00807 00808 ControlArea->WaitingForDeletion = SegmentEvent; 00809 Event = SegmentEvent; 00810 SegmentEvent = NULL; 00811 } else { 00812 Event = ControlArea->WaitingForDeletion; 00813 Event->RefCount += 1; 00814 } 00815 00816 // 00817 // Release the pfn lock, the file lock, and wait for the event. 00818 // 00819 00820 UNLOCK_PFN (OldIrql); 00821 if (FileAcquired) { 00822 IoSetTopLevelIrp((PIRP)NULL); 00823 FsRtlReleaseFile (File); 00824 } 00825 00826 KeWaitForSingleObject(&Event->Event, 00827 WrVirtualMemory, 00828 KernelMode, 00829 FALSE, 00830 (PLARGE_INTEGER)NULL); 00831 00832 if (FileAcquired) { 00833 FsRtlAcquireFileExclusive (File); 00834 IoSetTopLevelIrp((PIRP)FSRTL_FSP_TOP_LEVEL_IRP); 00835 } 00836 00837 LOCK_PFN (OldIrql); 00838 MiFreeEventCounter (Event, TRUE); 00839 00840 if (SegmentEvent == NULL) { 00841 00842 // 00843 // The event was freed from pool, allocate another 00844 // event in case we have to synchronize one more time. 00845 // 00846 00847 goto ReallocateandcheckSegment; 00848 } 00849 goto RecheckSegment; 00850 00851 } else { 00852 00853 // 00854 // There is already a segment for this file, have 00855 // this section refer to that segment. 00856 // No need to reference the file object any more. 00857 // 00858 00859 NewSegment = ControlArea->Segment; 00860 ControlArea->u.Flags.Accessed = 1; 00861 ControlArea->NumberOfSectionReferences += 1; 00862 if (ControlArea->DereferenceList.Flink != NULL) { 00863 00864 // 00865 // Remove this from the list of unused segments. 00866 // 00867 00868 RemoveEntryList (&ControlArea->DereferenceList); 00869 00870 MI_UNUSED_SEGMENTS_REMOVE_CHARGE (ControlArea); 00871 00872 ControlArea->DereferenceList.Flink = NULL; 00873 ControlArea->DereferenceList.Blink = NULL; 00874 } 00875 IncrementedRefCount = TRUE; 00876 00877 // 00878 // If this reference was not from the cache manager 00879 // up the count of user references. 00880 // 00881 00882 if (IgnoreFileSizing == FALSE) { 00883 ControlArea->NumberOfUserReferences += 1; 00884 } 00885 } 00886 } else { 00887 00888 // 00889 // There is no segment associated with this file object. 00890 // Set the file object to refer to the new control area. 00891 // 00892 00893 ControlArea = NewControlArea; 00894 ControlArea->u.Flags.BeingCreated = 1; 00895 00896 if (AllocationAttributes & SEC_IMAGE) { 00897 if (MiHydra == TRUE) { 00898 if (GlobalNeeded == TRUE) { 00899 ControlArea->u.Flags.GlobalOnlyPerSession = 1; 00900 } 00901 00902 MiInsertImageSectionObject (File, ControlArea); 00903 } 00904 else { 00905 ((PCONTROL_AREA)((File->SectionObjectPointer->ImageSectionObject))) = 00906 ControlArea; 00907 } 00908 } else { 00909 #if DBG 00910 PreviousSectionPointer = File->SectionObjectPointer; 00911 #endif //DBG 00912 ((PCONTROL_AREA)((File->SectionObjectPointer->DataSectionObject))) = 00913 ControlArea; 00914 } 00915 } 00916 00917 if (SegmentEvent != NULL) { 00918 MiFreeEventCounter (SegmentEvent, TRUE); 00919 } 00920 00921 UNLOCK_PFN (OldIrql); 00922 00923 if (NewSegment != (PSEGMENT)NULL) { 00924 00925 // 00926 // Whether we created a segment or not, flush the data section 00927 // if there is one. 00928 // 00929 00930 if (AllocationAttributes & SEC_IMAGE) { 00931 MiFlushDataSection (File); 00932 } 00933 00934 // 00935 // A segment already exists for this file object. 00936 // Deallocate the new control area as it is no longer required. 00937 // Dereference the file object later when we're done with it. 00938 // 00939 00940 ExFreePool (NewControlArea); 00941 00942 // 00943 // The section is in paged pool, this can't be set until 00944 // the PFN mutex has been released. 00945 // 00946 00947 if ((!IgnoreFileSizing) && (ControlArea->u.Flags.Image == 0)) { 00948 00949 // 00950 // The file size in the segment may not match the current 00951 // file size, query the file system and get the file 00952 // size. 00953 // 00954 00955 Status = FsRtlGetFileSize (File, (PLARGE_INTEGER)&EndOfFile ); 00956 00957 if (!NT_SUCCESS (Status)) { 00958 00959 if (FileAcquired) { 00960 IoSetTopLevelIrp((PIRP)NULL); 00961 FsRtlReleaseFile (File); 00962 FileAcquired = FALSE; 00963 } 00964 00965 ObDereferenceObject (File); 00966 goto UnrefAndReturn; 00967 } 00968 00969 if (EndOfFile == 0 && *MaximumSize == 0) { 00970 00971 // 00972 // Can't map a zero length without specifying the maximum 00973 // size as non-zero. 00974 // 00975 00976 Status = STATUS_MAPPED_FILE_SIZE_ZERO; 00977 00978 if (FileAcquired) { 00979 IoSetTopLevelIrp((PIRP)NULL); 00980 FsRtlReleaseFile (File); 00981 FileAcquired = FALSE; 00982 } 00983 00984 ObDereferenceObject (File); 00985 goto UnrefAndReturn; 00986 } 00987 } else { 00988 00989 // 00990 // The size is okay in the segment. 00991 // 00992 00993 EndOfFile = (UINT64) NewSegment->SizeOfSegment; 00994 } 00995 00996 if (FileAcquired) { 00997 IoSetTopLevelIrp((PIRP)NULL); 00998 FsRtlReleaseFile (File); 00999 FileAcquired = FALSE; 01000 } 01001 01002 ObDereferenceObject (File); 01003 01004 if (*MaximumSize == 0) { 01005 01006 Section.SizeOfSection.QuadPart = (LONGLONG)EndOfFile; 01007 FileSizeChecked = TRUE; 01008 01009 } else if (EndOfFile >= *MaximumSize) { 01010 01011 // 01012 // EndOfFile is greater than the MaximumSize, 01013 // use the specified maximum size. 01014 // 01015 01016 Section.SizeOfSection.QuadPart = (LONGLONG)*MaximumSize; 01017 FileSizeChecked = TRUE; 01018 01019 } else { 01020 01021 // 01022 // Need to extend the section, make sure the file was 01023 // opened for write access. 01024 // 01025 01026 if (((SectionPageProtection & PAGE_READWRITE) | 01027 (SectionPageProtection & PAGE_EXECUTE_READWRITE)) == 0) { 01028 01029 Status = STATUS_SECTION_TOO_BIG; 01030 goto UnrefAndReturn; 01031 } 01032 Section.SizeOfSection.QuadPart = (LONGLONG)*MaximumSize; 01033 } 01034 01035 } else { 01036 01037 // 01038 // The file does not have an associated segment, create a segment 01039 // object. 01040 // 01041 01042 if (AllocationAttributes & SEC_IMAGE) { 01043 01044 Status = MiCreateImageFileMap (File, &Segment); 01045 01046 } else { 01047 01048 Status = MiCreateDataFileMap (File, 01049 &Segment, 01050 MaximumSize, 01051 SectionPageProtection, 01052 AllocationAttributes, 01053 IgnoreFileSizing ); 01054 ASSERT (PreviousSectionPointer == File->SectionObjectPointer); 01055 } 01056 01057 if (!NT_SUCCESS(Status)) { 01058 01059 // 01060 // Lock the PFN database and check to see if another thread has 01061 // tried to create a segment to the file object at the same 01062 // time. 01063 // 01064 01065 LOCK_PFN (OldIrql); 01066 01067 Event = ControlArea->WaitingForDeletion; 01068 ControlArea->WaitingForDeletion = NULL; 01069 ASSERT (ControlArea->u.Flags.FilePointerNull == 0); 01070 ControlArea->u.Flags.FilePointerNull = 1; 01071 01072 if (AllocationAttributes & SEC_IMAGE) { 01073 if (MiHydra == TRUE) { 01074 MiRemoveImageSectionObject (File, ControlArea); 01075 } 01076 else { 01077 (PCONTROL_AREA)((File->SectionObjectPointer->ImageSectionObject)) = 01078 NULL; 01079 } 01080 } else { 01081 (PCONTROL_AREA)((File->SectionObjectPointer->DataSectionObject)) = 01082 NULL; 01083 } 01084 ControlArea->u.Flags.BeingCreated = 0; 01085 01086 UNLOCK_PFN (OldIrql); 01087 01088 if (FileAcquired) { 01089 IoSetTopLevelIrp((PIRP)NULL); 01090 FsRtlReleaseFile (File); 01091 } 01092 01093 ExFreePool (NewControlArea); 01094 01095 ObDereferenceObject (File); 01096 01097 if (Event != NULL) { 01098 01099 // 01100 // Signal any waiters that the segment structure exists. 01101 // 01102 01103 KeSetEvent (&Event->Event, 0, FALSE); 01104 } 01105 01106 return Status; 01107 } 01108 01109 // 01110 // If the size was specified as zero, set the section size 01111 // from the created segment size. This solves problems with 01112 // race conditions when multiple sections 01113 // are created for the same mapped file with varying sizes. 01114 // 01115 01116 if (*MaximumSize == 0) { 01117 Section.SizeOfSection.QuadPart = (LONGLONG)Segment->SizeOfSegment; 01118 } else { 01119 Section.SizeOfSection.QuadPart = (LONGLONG)*MaximumSize; 01120 } 01121 } 01122 01123 } else { 01124 01125 // 01126 // No file handle exists, this is a page file backed section. 01127 // 01128 01129 if (AllocationAttributes & SEC_IMAGE) { 01130 return STATUS_INVALID_FILE_FOR_SECTION; 01131 } 01132 01133 Status = MiCreatePagingFileMap ( &NewSegment, 01134 MaximumSize, 01135 ProtectionMask, 01136 AllocationAttributes); 01137 01138 if (!NT_SUCCESS(Status)) { 01139 return Status; 01140 } 01141 01142 // 01143 // Set the section size from the created segment size. This 01144 // solves problems with race conditions when multiple sections 01145 // are created for the same mapped file with varying sizes. 01146 // 01147 01148 Section.SizeOfSection.QuadPart = (LONGLONG)NewSegment->SizeOfSegment; 01149 ControlArea = NewSegment->ControlArea; 01150 } 01151 01152 #if DBG 01153 if (MmDebug & MM_DBG_SECTIONS) { 01154 if (NewSegment == (PSEGMENT)NULL) { 01155 DbgPrint("inserting segment %lx control %lx\n",Segment, 01156 Segment->ControlArea); 01157 } else { 01158 DbgPrint("inserting segment %lx control %lx\n",NewSegment, 01159 NewSegment->ControlArea); 01160 } 01161 } 01162 #endif 01163 01164 01165 if (NewSegment == (PSEGMENT)NULL) { 01166 NewSegment = Segment; 01167 01168 // 01169 // Lock the PFN database and check to see if another thread has 01170 // tried to create a segment to the file object at the same time. 01171 // 01172 01173 SegmentControlArea = Segment->ControlArea; 01174 01175 ASSERT (File != NULL); 01176 01177 LOCK_PFN (OldIrql); 01178 01179 Event = ControlArea->WaitingForDeletion; 01180 ControlArea->WaitingForDeletion = NULL; 01181 01182 if (AllocationAttributes & SEC_IMAGE) { 01183 01184 // 01185 // Change the control area in the file object pointer. 01186 // 01187 01188 if (MiHydra == TRUE) { 01189 MiRemoveImageSectionObject (File, NewControlArea); 01190 MiInsertImageSectionObject (File, SegmentControlArea); 01191 } 01192 else { 01193 ((PCONTROL_AREA)(File->SectionObjectPointer->ImageSectionObject)) = 01194 SegmentControlArea; 01195 } 01196 01197 ControlArea = SegmentControlArea; 01198 } 01199 01200 ControlArea->u.Flags.BeingCreated = 0; 01201 01202 UNLOCK_PFN (OldIrql); 01203 01204 if (AllocationAttributes & SEC_IMAGE) { 01205 01206 // 01207 // Deallocate the pool used for the original control area. 01208 // 01209 01210 ExFreePool (NewControlArea); 01211 } 01212 01213 if (Event != NULL) { 01214 01215 // 01216 // Signal any waiters that the segment structure exists. 01217 // 01218 01219 KeSetEvent (&Event->Event, 0, FALSE); 01220 } 01221 01222 PERFINFO_SECTION_CREATE(ControlArea); 01223 } 01224 01225 // 01226 // Being created has now been cleared allowing other threads 01227 // to reference the segment. Release the resource on the file. 01228 // 01229 01230 if (FileAcquired) { 01231 IoSetTopLevelIrp((PIRP)NULL); 01232 FsRtlReleaseFile (File); 01233 FileAcquired = FALSE; 01234 } 01235 01236 ReferenceObject: 01237 01238 if (ChangeFileReference) { 01239 ObReferenceObject (FileObject); 01240 } 01241 01242 // 01243 // Now that the segment object is created, make the section object 01244 // refer to the segment object. 01245 // 01246 01247 Section.Segment = NewSegment; 01248 Section.u.LongFlags = ControlArea->u.LongFlags; 01249 01250 // 01251 // Create the section object now. The section object is created 01252 // now so that the error handling when the section object cannot 01253 // be created is simplified. 01254 // 01255 01256 Status = ObCreateObject (PreviousMode, 01257 MmSectionObjectType, 01258 ObjectAttributes, 01259 PreviousMode, 01260 NULL, 01261 sizeof(SECTION), 01262 sizeof(SECTION) + 01263 NewSegment->TotalNumberOfPtes * sizeof(MMPTE), 01264 sizeof(CONTROL_AREA) + 01265 NewSegment->ControlArea->NumberOfSubsections * 01266 sizeof(SUBSECTION), 01267 (PVOID *)&NewSection); 01268 01269 if (!NT_SUCCESS(Status)) { 01270 goto UnrefAndReturn; 01271 } 01272 01273 RtlMoveMemory (NewSection, &Section, sizeof(SECTION)); 01274 NewSection->Address.StartingVpn = 0; 01275 01276 if (!IgnoreFileSizing) { 01277 01278 // 01279 // Indicate that the cache manager is not the owner of this 01280 // section. 01281 // 01282 01283 NewSection->u.Flags.UserReference = 1; 01284 01285 if (AllocationAttributes & SEC_NO_CHANGE) { 01286 01287 // 01288 // Indicate that once the section is mapped, no protection 01289 // changes or freeing the mapping is allowed. 01290 // 01291 01292 NewSection->u.Flags.NoChange = 1; 01293 } 01294 01295 if (((SectionPageProtection & PAGE_READWRITE) | 01296 (SectionPageProtection & PAGE_EXECUTE_READWRITE)) == 0) { 01297 01298 // 01299 // This section does not support WRITE access, indicate 01300 // that changing the protection to WRITE results in COPY_ON_WRITE. 01301 // 01302 01303 NewSection->u.Flags.CopyOnWrite = 1; 01304 } 01305 01306 if (AllocationAttributes & SEC_BASED) { 01307 01308 NewSection->u.Flags.Based = 1; 01309 01310 SectionBasedRoot = &MmSectionBasedRoot; 01311 01312 // 01313 // Get the allocation base mutex. 01314 // 01315 01316 ExAcquireFastMutex (&MmSectionBasedMutex); 01317 01318 // 01319 // This section is based at a unique address system wide. 01320 // 01321 01322 try { 01323 NewSection->Address.StartingVpn = (ULONG_PTR)MiFindEmptySectionBaseDown ( 01324 NewSection->SizeOfSection.LowPart, 01325 MmHighSectionBase); 01326 01327 } except (EXCEPTION_EXECUTE_HANDLER) { 01328 ExReleaseFastMutex (&MmSectionBasedMutex); 01329 ObDereferenceObject (NewSection); 01330 return Status; 01331 } 01332 01333 NewSection->Address.EndingVpn = NewSection->Address.StartingVpn + 01334 NewSection->SizeOfSection.LowPart - 1; 01335 01336 MiInsertBasedSection (NewSection); 01337 ExReleaseFastMutex (&MmSectionBasedMutex); 01338 } 01339 } 01340 01341 // 01342 // If the cache manager is creating the section, set the was 01343 // purged flag as the file size can change. 01344 // 01345 01346 ControlArea->u.Flags.WasPurged |= IgnoreFileSizing; 01347 01348 // 01349 // Check to see if the section is for a data file and the size 01350 // of the section is greater than the current size of the 01351 // segment. 01352 // 01353 01354 if (((ControlArea->u.Flags.WasPurged == 1) && (!IgnoreFileSizing)) && 01355 (!FileSizeChecked) 01356 || 01357 ((UINT64)NewSection->SizeOfSection.QuadPart > 01358 NewSection->Segment->SizeOfSegment)) { 01359 01360 TempSectionSize = NewSection->SizeOfSection; 01361 01362 NewSection->SizeOfSection.QuadPart = (LONGLONG)NewSection->Segment->SizeOfSegment; 01363 01364 // 01365 // Even if the caller didn't specify extension rights, we enable it here 01366 // temporarily to make the section correct. Use a temporary section 01367 // instead of temporarily editing the real section to avoid opening 01368 // a security window that other concurrent threads could exploit. 01369 // 01370 01371 if (((NewSection->InitialPageProtection & PAGE_READWRITE) | 01372 (NewSection->InitialPageProtection & PAGE_EXECUTE_READWRITE)) == 0) { 01373 SECTION WritableSection; 01374 01375 *(PSECTION)&WritableSection = *NewSection; 01376 01377 Status = MmExtendSection (&WritableSection, 01378 &TempSectionSize, 01379 IgnoreFileSizing); 01380 01381 NewSection->SizeOfSection = WritableSection.SizeOfSection; 01382 } 01383 else { 01384 Status = MmExtendSection (NewSection, 01385 &TempSectionSize, 01386 IgnoreFileSizing); 01387 } 01388 01389 if (!NT_SUCCESS(Status)) { 01390 ObDereferenceObject (NewSection); 01391 return Status; 01392 } 01393 } 01394 01395 *SectionObject = (PVOID)NewSection; 01396 01397 return Status; 01398 01399 UnrefAndReturn: 01400 01401 // 01402 // Unreference the control area, if it was referenced and return 01403 // the error status. 01404 // 01405 01406 if (FileAcquired) { 01407 IoSetTopLevelIrp((PIRP)NULL); 01408 FsRtlReleaseFile (File); 01409 } 01410 01411 if (IncrementedRefCount) { 01412 LOCK_PFN (OldIrql); 01413 ControlArea->NumberOfSectionReferences -= 1; 01414 if (!IgnoreFileSizing) { 01415 ASSERT ((LONG)ControlArea->NumberOfUserReferences > 0); 01416 ControlArea->NumberOfUserReferences -= 1; 01417 } 01418 MiCheckControlArea (ControlArea, NULL, OldIrql); 01419 } 01420 return Status; 01421 }

NTSTATUS NtCreateSection (  OUT PHANDLE  SectionHandle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL, IN PLARGE_INTEGER MaximumSize  OPTIONAL, IN ULONG  SectionPageProtection, IN ULONG  AllocationAttributes, IN HANDLE FileHandle  OPTIONAL )

Definition at line 134 of file creasect.c. References ASSERT, CcZeroEndOfLastPage(), _SEGMENT::ControlArea, DbgPrint, DISPATCH_LEVEL, EXCEPTION_EXECUTE_HANDLER, FALSE, _CONTROL_AREA::FilePointer, Handle, KeDelayExecutionThread(), KernelMode, MM_DBG_SECTIONS, MM_DBG_SHOW_NT_CALLS, MmCreateSection(), MmHalfSecond, NT_SUCCESS, NTSTATUS(), NULL, ObInsertObject(), ObjectAttributes, ProbeForRead, ProbeForWriteHandle, PSECTION, _CONTROL_AREA::Segment, Status, and ZERO_LARGE. Referenced by CreateConsoleBitmap(), CsrpConnectToServer(), LdrLoadAlternateResourceModule(), LdrpCheckForLoadedDll(), LdrpCreateDllSection(), LdrVerifyImageMatchesChecksum(), main(), MapViewOfSection(), NapCreateDataSection(), PropertiesDlgShow(), RtlCreateQueryDebugBuffer(), ServerHandleConnectionRequest(), and TestParent(). 00146 : 00147 00148 This function creates a section object and opens a handle to the object 00149 with the specified desired access. 00150 00151 Arguments: 00152 00153 SectionHandle - A pointer to a variable that will 00154 receive the section object handle value. 00155 00156 DesiredAccess - The desired types of access for the section. 00157 00158 DesiredAccess Flags 00159 00160 EXECUTE - Execute access to the section is 00161 desired. 00162 00163 READ - Read access to the section is desired. 00164 00165 WRITE - Write access to the section is desired. 00166 00167 00168 ObjectAttributes - Supplies a pointer to an object attributes structure. 00169 00170 MaximumSize - Supplies the maximum size of the section in bytes. 00171 This value is rounded up to the host page size and 00172 specifies the size of the section (page file 00173 backed section) or the maximum size to which a 00174 file can be extended or mapped (file backed 00175 section). 00176 00177 SectionPageProtection - Supplies the protection to place on each page 00178 in the section. One of PAGE_READ, PAGE_READWRITE, PAGE_EXECUTE, 00179 or PAGE_WRITECOPY and, optionally, PAGE_NOCACHE may be specified. 00180 00181 AllocationAttributes - Supplies a set of flags that describe the 00182 allocation attributes of the section. 00183 00184 AllocationAttributes Flags 00185 00186 SEC_BASED - The section is a based section and will be 00187 allocated at the same virtual address in each process 00188 address space that receives the section. This does not 00189 imply that addresses are reserved for based sections. 00190 Rather if the section cannot be mapped at the based address 00191 an error is returned. 00192 00193 00194 SEC_RESERVE - All pages of the section are set to the 00195 reserved state. 00196 00197 SEC_COMMIT - All pages of the section are set to the commit 00198 state. 00199 00200 SEC_IMAGE - The file specified by the file handle is an 00201 executable image file. 00202 00203 SEC_FILE - The file specified by the file handle is a mapped 00204 file. If a file handle is supplied and neither 00205 SEC_IMAGE or SEC_FILE is supplied, SEC_FILE is 00206 assumed. 00207 00208 SEC_NO_CHANGE - Once the file is mapped, the protection cannot 00209 be changed nor can the view be unmapped. The 00210 view is unmapped when the process is deleted. 00211 Cannot be used with SEC_IMAGE. 00212 00213 FileHandle - Supplies an optional handle of an open file object. 00214 If the value of this handle is null, then the 00215 section will be backed by a paging file. Otherwise 00216 the section is backed by the specified data file. 00217 00218 Return Value: 00219 00220 Returns the status of the operation. 00221 00222 TBS 00223 00224 --*/ 00225 00226 { 00227 NTSTATUS Status; 00228 PVOID Section; 00229 HANDLE Handle; 00230 LARGE_INTEGER LargeSize; 00231 LARGE_INTEGER CapturedSize; 00232 ULONG RetryCount; 00233 00234 if ((AllocationAttributes & ~(SEC_COMMIT | SEC_RESERVE | SEC_BASED | 00235 SEC_IMAGE | SEC_NOCACHE | SEC_NO_CHANGE)) != 0) { 00236 return STATUS_INVALID_PARAMETER_6; 00237 } 00238 00239 if ((AllocationAttributes & (SEC_COMMIT | SEC_RESERVE | SEC_IMAGE)) == 0) { 00240 return STATUS_INVALID_PARAMETER_6; 00241 } 00242 00243 if ((AllocationAttributes & SEC_IMAGE) && 00244 (AllocationAttributes & (SEC_COMMIT | SEC_RESERVE | 00245 SEC_NOCACHE | SEC_NO_CHANGE))) { 00246 00247 return STATUS_INVALID_PARAMETER_6; 00248 } 00249 00250 if ((AllocationAttributes & SEC_COMMIT) && 00251 (AllocationAttributes & SEC_RESERVE)) { 00252 return STATUS_INVALID_PARAMETER_6; 00253 } 00254 00255 // 00256 // Check the SectionProtection Flag. 00257 // 00258 00259 if ((SectionPageProtection & PAGE_NOCACHE) || 00260 (SectionPageProtection & PAGE_GUARD) || 00261 (SectionPageProtection & PAGE_NOACCESS)) { 00262 00263 // 00264 // No cache is only specified through SEC_NOCACHE option in the 00265 // allocation attributes. 00266 // 00267 00268 return STATUS_INVALID_PAGE_PROTECTION; 00269 } 00270 00271 00272 if (KeGetPreviousMode() != KernelMode) { 00273 try { 00274 ProbeForWriteHandle(SectionHandle); 00275 00276 if (ARGUMENT_PRESENT (MaximumSize)) { 00277 00278 // 00279 // Note we only probe for byte alignment because prior to NT 5, 00280 // we never probed at all. We don't want to break user apps 00281 // that had bad alignment if they worked before. 00282 // 00283 00284 ProbeForRead(MaximumSize, sizeof(LARGE_INTEGER), sizeof(UCHAR)); 00285 LargeSize = *MaximumSize; 00286 } else { 00287 ZERO_LARGE (LargeSize); 00288 } 00289 00290 } except (EXCEPTION_EXECUTE_HANDLER) { 00291 return GetExceptionCode(); 00292 } 00293 } else { 00294 if (ARGUMENT_PRESENT (MaximumSize)) { 00295 LargeSize = *MaximumSize; 00296 } else { 00297 ZERO_LARGE (LargeSize); 00298 } 00299 } 00300 00301 RetryCount = 0; 00302 00303 retry: 00304 00305 CapturedSize = LargeSize; 00306 00307 ASSERT (KeGetCurrentIrql() < DISPATCH_LEVEL); 00308 Status = MmCreateSection ( &Section, 00309 DesiredAccess, 00310 ObjectAttributes, 00311 &CapturedSize, 00312 SectionPageProtection, 00313 AllocationAttributes, 00314 FileHandle, 00315 NULL ); 00316 00317 00318 ASSERT (KeGetCurrentIrql() < DISPATCH_LEVEL); 00319 if (!NT_SUCCESS(Status)) { 00320 if ((Status == STATUS_FILE_LOCK_CONFLICT) && 00321 (RetryCount < 3)) { 00322 00323 // 00324 // The file system may have prevented this from working 00325 // due to log file flushing. Delay and try again. 00326 // 00327 00328 RetryCount += 1; 00329 00330 KeDelayExecutionThread (KernelMode, 00331 FALSE, 00332 &MmHalfSecond); 00333 00334 goto retry; 00335 00336 } 00337 return Status; 00338 } 00339 00340 #if DBG 00341 if (MmDebug & MM_DBG_SECTIONS) { 00342 DbgPrint("inserting section %lx control %lx\n",Section, 00343 ((PSECTION)Section)->Segment->ControlArea); 00344 } 00345 #endif 00346 00347 { 00348 PCONTROL_AREA ControlArea; 00349 ControlArea = ((PSECTION)Section)->Segment->ControlArea; 00350 if ((ControlArea != NULL) && (ControlArea->FilePointer != NULL)) { 00351 CcZeroEndOfLastPage (ControlArea->FilePointer); 00352 } 00353 } 00354 00355 // 00356 // Note if the insertion fails, Ob will dereference the object for us. 00357 // 00358 00359 Status = ObInsertObject (Section, 00360 NULL, 00361 DesiredAccess, 00362 0, 00363 (PVOID *)NULL, 00364 &Handle); 00365 00366 if (NT_SUCCESS(Status)) { 00367 try { 00368 *SectionHandle = Handle; 00369 } except (EXCEPTION_EXECUTE_HANDLER) { 00370 00371 // 00372 // If the write attempt fails, then do not report an error. 00373 // When the caller attempts to access the handle value, 00374 // an access violation will occur. 00375 // 00376 } 00377 } 00378 00379 #if DBG 00380 if (MmDebug & MM_DBG_SHOW_NT_CALLS) { 00381 if ( !MmWatchProcess ) 00382 DbgPrint("return creasect handle %lx status %lx\n",Handle, Status); 00383 } 00384 #endif 00385 00386 return Status; 00387 }

NTSTATUS NtOpenSection (  OUT PHANDLE  SectionHandle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES  ObjectAttributes )

Definition at line 4250 of file creasect.c. References EXCEPTION_EXECUTE_HANDLER, Handle, KernelMode, KPROCESSOR_MODE, MmSectionObjectType, NTSTATUS(), NULL, ObjectAttributes, ObOpenObjectByName(), PAGED_CODE, ProbeForWriteHandle, and Status. Referenced by LdrpCheckForKnownDll(). 04258 : 04259 04260 This function opens a handle to a section object with the specified 04261 desired access. 04262 04263 Arguments: 04264 04265 04266 Sectionhandle - Supplies a pointer to a variable that will 04267 receive the section object handle value. 04268 04269 DesiredAccess - Supplies the desired types of access for the 04270 section. 04271 04272 DesiredAccess Flags 04273 04274 EXECUTE - Execute access to the section is desired. 04275 04276 READ - Read access to the section is desired. 04277 04278 WRITE - Write access to the section is desired. 04279 04280 ObjectAttributes - Supplies a pointer to an object attributes structure. 04281 04282 Return Value: 04283 04284 Returns the status 04285 04286 TBS 04287 04288 04289 --*/ 04290 04291 { 04292 HANDLE Handle; 04293 KPROCESSOR_MODE PreviousMode; 04294 NTSTATUS Status; 04295 04296 PAGED_CODE(); 04297 // 04298 // Get previous processor mode and probe output arguments if necessary. 04299 // 04300 04301 PreviousMode = KeGetPreviousMode(); 04302 if (PreviousMode != KernelMode) { 04303 try { 04304 ProbeForWriteHandle(SectionHandle); 04305 } except (EXCEPTION_EXECUTE_HANDLER) { 04306 return GetExceptionCode(); 04307 } 04308 } 04309 04310 // 04311 // Open handle to the section object with the specified desired 04312 // access. 04313 // 04314 04315 Status = ObOpenObjectByName (ObjectAttributes, 04316 MmSectionObjectType, 04317 PreviousMode, 04318 NULL, 04319 DesiredAccess, 04320 NULL, 04321 &Handle 04322 ); 04323 04324 try { 04325 *SectionHandle = Handle; 04326 } except (EXCEPTION_EXECUTE_HANDLER) { 04327 return Status; 04328 } 04329 04330 return Status; 04331 }

---

Variable Documentation

POBJECT_TYPE IoFileObjectType

Definition at line 50 of file creasect.c.

ULONG MMCONTROL = 'aCmM'

Definition at line 25 of file creasect.c. Referenced by MiCreateImageFileMap(), MiCreatePagingFileMap(), MiSectionInitialization(), and MmCreateSection().

CCHAR MmImageProtectionArray[16]

Initial value: { MM_NOACCESS, MM_EXECUTE, MM_READONLY, MM_EXECUTE_READ, MM_WRITECOPY, MM_EXECUTE_WRITECOPY, MM_WRITECOPY, MM_EXECUTE_WRITECOPY, MM_NOACCESS, MM_EXECUTE, MM_READONLY, MM_EXECUTE_READ, MM_READWRITE, MM_EXECUTE_READWRITE, MM_READWRITE, MM_EXECUTE_READWRITE } Definition at line 52 of file creasect.c. Referenced by MiGetImageProtection().

ULONG MMSECT = 'tSmM'

Definition at line 27 of file creasect.c. Referenced by MiAllocateSpecialPool(), MiCreateDataFileMap(), MiCreateImageFileMap(), and MiCreatePagingFileMap().

ULONG MMTEMPORARY = 'xxmM'

Definition at line 26 of file creasect.c. Referenced by MiCreateImageFileMap().

---