super.c File Reference

#include "mi.h"
#include "zwapi.h"

Go to the source code of this file.

Classes
struct	_MMSUPER_SECTION
Defines
#define	MM_MAX_SUPERSECTION_COUNT   (32)
#define	STATUS_TOO_MANY_SECTIONS   ((NTSTATUS)0xC0033333)
#define	STATUS_INCOMPLETE_MAP   ((NTSTATUS)0xC0033334)
Typedefs
typedef _MMSUPER_SECTION	MMSUPER_SECTION
typedef _MMSUPER_SECTION *	PMMSUPER_SECTION
Functions
VOID	MiSuperSectionDelete (PVOID Object)
BOOLEAN	MiSuperSectionInitialization ()
NTSTATUS	NtCreateSuperSection (OUT PHANDLE SuperSectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN ULONG Count, IN HANDLE SectionHandles[])
NTSTATUS	NtOpenSuperSection (OUT PHANDLE SuperSectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,)
NTSTATUS	NtMapViewOfSuperSection (IN HANDLE SuperSectionHandle, IN HANDLE ProcessHandle, IN OUT PULONG Count, OUT PVOID BaseAddress[], OUT ULONG ViewSize[], IN SECTION_INHERIT InheritDisposition,)
Variables
POBJECT_TYPE	MmSuperSectionObjectType
GENERIC_MAPPING	MiSectionMapping

---

Define Documentation

#define MM_MAX_SUPERSECTION_COUNT   (32)

Definition at line 39 of file super.c. Referenced by NtCreateSuperSection(), and NtMapViewOfSuperSection().

#define STATUS_INCOMPLETE_MAP   ((NTSTATUS)0xC0033334)

Definition at line 44 of file super.c. Referenced by NtMapViewOfSuperSection().

#define STATUS_TOO_MANY_SECTIONS   ((NTSTATUS)0xC0033333)

Definition at line 43 of file super.c. Referenced by NtCreateSuperSection().

---

Typedef Documentation

typedef struct _MMSUPER_SECTION MMSUPER_SECTION

Referenced by NtCreateSuperSection().

typedef struct _MMSUPER_SECTION * PMMSUPER_SECTION

Referenced by MiSuperSectionDelete(), NtCreateSuperSection(), and NtMapViewOfSuperSection().

---

Function Documentation

VOID MiSuperSectionDelete (  PVOID  Object  )

Definition at line 535 of file super.c. References LOCK_PFN, MiSuperSectionDelete(), ObDereferenceObject, PMMSUPER_SECTION, _MMSUPER_SECTION::SectionPointers, and UNLOCK_PFN. Referenced by MiSuperSectionDelete(), and MiSuperSectionInitialization(). 00541 : 00542 00543 00544 This routine is called by the object management procedures whenever 00545 the last reference to a super section object has been removed. 00546 This routine dereferences the associated segment objects. 00547 00548 Arguments: 00549 00550 Object - a pointer to the body of the supersection object. 00551 00552 Return Value: 00553 00554 None. 00555 00556 --*/ 00557 00558 { 00559 PMMSUPER_SECTION SuperSection; 00560 PCONTROL_AREA ControlArea; 00561 KIRQL OldIrql; 00562 ULONG i = 0; 00563 00564 SuperSection = (PMMSUPER_SECTION)Object; 00565 00566 do { 00567 00568 // 00569 // For each section increment the number of section references 00570 // count. 00571 // 00572 00573 ControlArea = SuperSection->SectionPointers[i]->Segment->ControlArea; 00574 00575 LOCK_PFN (OldIrql); 00576 ControlArea->NumberOfSectionReferences -= 1; 00577 ControlArea->NumberOfUserReferences -= 1; 00578 UNLOCK_PFN (OldIrql); 00579 ObDereferenceObject (SuperSection->SectionPointers[i]); 00580 i++; 00581 00582 } while (i < SuperSection->NumberOfSections); 00583 00584 return; 00585 }

BOOLEAN MiSuperSectionInitialization (   )

Definition at line 588 of file super.c. References FALSE, L, MiSectionMapping, MiSuperSectionDelete(), MmSuperSectionObjectType, NT_SUCCESS, NULL, ObCreateObjectType(), PagedPool, RtlInitUnicodeString(), and TRUE. 00593 : 00594 00595 This function creates the section object type descriptor at system 00596 initialization and stores the address of the object type descriptor 00597 in global storage. 00598 00599 Arguments: 00600 00601 None. 00602 00603 Return Value: 00604 00605 TRUE - Initialization was successful. 00606 00607 FALSE - Initialization Failed. 00608 00609 00610 00611 --*/ 00612 00613 { 00614 OBJECT_TYPE_INITIALIZER ObjectTypeInitializer; 00615 UNICODE_STRING TypeName; 00616 00617 // 00618 // Initialize the common fields of the Object Type Initializer record 00619 // 00620 00621 RtlZeroMemory( &ObjectTypeInitializer, sizeof( ObjectTypeInitializer ) ); 00622 ObjectTypeInitializer.Length = sizeof( ObjectTypeInitializer ); 00623 ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK; 00624 ObjectTypeInitializer.GenericMapping = MiSectionMapping; 00625 ObjectTypeInitializer.PoolType = PagedPool; 00626 00627 // 00628 // Initialize string descriptor. 00629 // 00630 00631 RtlInitUnicodeString (&TypeName, L"SuperSection"); 00632 00633 // 00634 // Create the section object type descriptor 00635 // 00636 00637 ObjectTypeInitializer.ValidAccessMask = SECTION_ALL_ACCESS; 00638 ObjectTypeInitializer.DeleteProcedure = MiSuperSectionDelete; 00639 ObjectTypeInitializer.GenericMapping = MiSectionMapping; 00640 ObjectTypeInitializer.UseDefaultObject = TRUE; 00641 if ( !NT_SUCCESS(ObCreateObjectType(&TypeName, 00642 &ObjectTypeInitializer, 00643 (PSECURITY_DESCRIPTOR) NULL, 00644 &MmSuperSectionObjectType 00645 )) ) { 00646 return FALSE; 00647 } 00648 00649 return TRUE; 00650 00651 } }

NTSTATUS NtCreateSuperSection (  OUT PHANDLE  SuperSectionHandle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL, IN ULONG  Count, IN HANDLE  SectionHandles[] )

Definition at line 56 of file super.c. References _SEGMENT::ControlArea, Count, EXCEPTION_EXECUTE_HANDLER, ExSystemExceptionFilter(), FALSE, KernelMode, KPROCESSOR_MODE, LOCK_PFN, MM_MAX_SUPERSECTION_COUNT, MmSectionObjectType, MMSUPER_SECTION, MmSuperSectionObjectType, NT_SUCCESS, NTSTATUS(), NULL, _CONTROL_AREA::NumberOfSectionReferences, _CONTROL_AREA::NumberOfUserReferences, ObCreateObject(), ObDereferenceObject, ObInsertObject(), ObjectAttributes, ObReferenceObjectByHandle(), PMMSUPER_SECTION, ProbeForWriteHandle, PSECTION, RefCount, _CONTROL_AREA::Segment, Status, STATUS_TOO_MANY_SECTIONS, and UNLOCK_PFN. : This routine creates a super section object. A supersection object consists a group of sections that are mapped as images. Arguments: SuperSectionHandle - Returns a handle to the created supersection. DesiredAccess - Supplies the desired access for the super section. ObjectAttributes - Supplies the object attributes for the super section. Count - Supplies the number of sections contained in the section handle array. SectionHandles[] - Supplies the section handles to place into the supersection. Return Value: Returns the status TBS --*/ { NTSTATUS Status; PSECTION Section; PCONTROL_AREA ControlArea; HANDLE CapturedHandle; HANDLE CapturedHandles[MM_MAX_SUPERSECTION_COUNT]; PMMSUPER_SECTION SuperSection; KPROCESSOR_MODE PreviousMode; ULONG RefCount; ULONG i; KIRQL OldIrql; if (Count > MM_MAX_SUPERSECTION_COUNT) { return STATUS_TOO_MANY_SECTIONS; } try { if (PreviousMode != KernelMode) { ProbeForWriteHandle (SuperSectionHandle); } i= 0; do { CapturedHandles[i] = SectionHandles[i]; i += 1; } while (i < Count); } except (ExSystemExceptionFilter()) { // // If an exception occurs during the probe or capture // of the initial values, then handle the exception and // return the exception code as the status value. // return GetExceptionCode(); } Status = ObCreateObject (PreviousMode, MmSuperSectionObjectType, ObjectAttributes, PreviousMode, NULL, sizeof(MMSUPER_SECTION) + (sizeof(PSECTION) * (Count - 1)), sizeof(MMSUPER_SECTION) + (sizeof(PSECTION) * (Count - 1)), 0, (PVOID *)&SuperSection); if (!NT_SUCCESS(Status)) { return Status; } SuperSection->NumberOfSections = Count; i = 0; RefCount = 0; do { // // Get a referenced pointer to the specified objects with // the desired access. // Status = ObReferenceObjectByHandle(CapturedHandles[i], DesiredAccess, MmSectionObjectType, PreviousMode, (PVOID *)&Section, NULL); if (NT_SUCCESS(Status) != FALSE) { if (Section->u.Flags.Image == 0) { // // This is not an image section, return an error. // Status = STATUS_SECTION_NOT_IMAGE; goto ServiceFailed; } RefCount += 1; SuperSection->SectionPointers[i] = Section; } else { goto ServiceFailed; } i += 1; } while (i < Count); i= 0; do { // // For each section increment the number of section references // count. // ControlArea = SuperSection->SectionPointers[i]->Segment->ControlArea; LOCK_PFN (OldIrql); ControlArea->NumberOfSectionReferences += 1; ControlArea->NumberOfUserReferences += 1; UNLOCK_PFN (OldIrql); i++; } while (i < Count); Status = ObInsertObject (SuperSection, NULL, DesiredAccess, 0, (PVOID *)NULL, &CapturedHandle); try { *SuperSectionHandle = CapturedHandle; } except (EXCEPTION_EXECUTE_HANDLER) { return Status; } return Status; ServiceFailed: while (RefCount > 0) { RefCount -= 1; ObDereferenceObject(SuperSection->SectionPointers[RefCount]); } // // Delete the supersection object as it was never inserted into // a handle table. // ObDereferenceObject (SuperSection); return Status; }

NTSTATUS NtMapViewOfSuperSection (  IN HANDLE  SuperSectionHandle, IN HANDLE  ProcessHandle, IN OUT PULONG  Count, OUT PVOID  BaseAddress[], OUT ULONG  ViewSize[], IN SECTION_INHERIT  InheritDisposition )

Definition at line 311 of file super.c. References Count, ExSystemExceptionFilter(), FALSE, KernelMode, KPROCESSOR_MODE, MM_MAX_SUPERSECTION_COUNT, MmMapViewOfSection(), MmSuperSectionObjectType, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PMMSUPER_SECTION, ProbeForWrite(), ProbeForWriteUlong, PsProcessType, Status, and STATUS_INCOMPLETE_MAP. : This routine maps into the specified process a view of each section contained within the supersection. Arguments: SuperSectionHandle - Supplies a handle to the supersection. ProcessHandle - Supplies a handle to the process in which to map the supersection's sections. Count - Supplies the number of elements in the BaseAddress and ViewSize arrays, returns the number of views actually mapped. BaseAddresses[] - Returns the base address of each view that was mapped. ViewSize[] - Returns the view size of each view that was mapped. InheritDisposition - Supplies the inherit disposition to be applied to each section which is contained in the super section. Return Value: Returns the status TBS --*/ { NTSTATUS Status; PVOID CapturedBases[MM_MAX_SUPERSECTION_COUNT]; ULONG CapturedViews[MM_MAX_SUPERSECTION_COUNT]; PMMSUPER_SECTION SuperSection; KPROCESSOR_MODE PreviousMode; ULONG i; ULONG CapturedCount; ULONG NumberMapped; PEPROCESS Process; LARGE_INTEGER LargeZero = {0,0}; PreviousMode = KeGetPreviousMode(); try { ProbeForWriteUlong (Count); CapturedCount = *Count; if (PreviousMode != KernelMode) { ProbeForWrite (BaseAddress, sizeof(PVOID) * CapturedCount, sizeof(PVOID)); ProbeForWrite (ViewSize, sizeof(ULONG) * CapturedCount, sizeof(ULONG)); } } except (ExSystemExceptionFilter()) { // // If an exception occurs during the probe or capture // of the initial values, then handle the exception and // return the exception code as the status value. // return GetExceptionCode(); } Status = ObReferenceObjectByHandle ( ProcessHandle, PROCESS_VM_OPERATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if (!NT_SUCCESS(Status)) { return Status; } // // Reference the supersection object. // Status = ObReferenceObjectByHandle ( SuperSectionHandle, SECTION_MAP_EXECUTE, MmSuperSectionObjectType, PreviousMode, (PVOID *)&SuperSection, NULL ); if (!NT_SUCCESS(Status)) { ObDereferenceObject (Process); return Status; } if (CapturedCount < SuperSection->NumberOfSections) { ObDereferenceObject (Process); ObDereferenceObject (SuperSection); return STATUS_BUFFER_TOO_SMALL; } NumberMapped = 0; do { // // For each section within the supersection, map a view in // the specified process. // Status = MmMapViewOfSection (SuperSection->SectionPointers[i], Process, &CapturedBases[i], 0, 0, &LargeZero, &CapturedViews[i], InheritDisposition, 0, PAGE_EXECUTE); if (NT_SUCCESS (Status) == FALSE) { Status = STATUS_INCOMPLETE_MAP; break; } NumberMapped++; } while (NumberMapped < SuperSection->NumberOfSections); // // Dereference the supersection and the process. // ObDereferenceObject (SuperSection); ObDereferenceObject (Process); try { *Count = NumberMapped; i = 0; do { // // Store the captured view base and sizes for each section // that was mapped. // BaseAddress[i] = CapturedBases[i]; ViewSize[i] = CapturedViews[i]; i++; } while (i < NumberMapped); } except (ExSystemExceptionFilter()) { NOTHING; } return(Status); }

NTSTATUS NtOpenSuperSection (  OUT PHANDLE  SuperSectionHandle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL )

Definition at line 237 of file super.c. References EXCEPTION_EXECUTE_HANDLER, Handle, KernelMode, KPROCESSOR_MODE, MmSuperSectionObjectType, NTSTATUS(), NULL, ObjectAttributes, ObOpenObjectByName(), ProbeForWriteHandle, and Status. : This routine opens a super section object. A supersection object consists a group of sections that are mapped as images. Arguments: SuperSectionHandle - Returns a handle to the created supersection. DesiredAccess - Supplies the desired access for the super section. ObjectAttributes - Supplies the object attributes for the super section. Return Value: Returns the status TBS --*/ { HANDLE Handle; KPROCESSOR_MODE PreviousMode; NTSTATUS Status; // // Get previous processor mode and probe output arguments if necessary. // PreviousMode = KeGetPreviousMode(); if (PreviousMode != KernelMode) { try { ProbeForWriteHandle(SuperSectionHandle); } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } } // // Open handle to the super section object with the specified desired // access. // Status = ObOpenObjectByName (ObjectAttributes, MmSuperSectionObjectType, PreviousMode, NULL, DesiredAccess, NULL, &Handle ); try { *SuperSectionHandle = Handle; } except (EXCEPTION_EXECUTE_HANDLER) { return Status; } return Status; }

---

Variable Documentation

GENERIC_MAPPING MiSectionMapping

Definition at line 47 of file super.c. Referenced by MiSectionInitialization(), and MiSuperSectionInitialization().

POBJECT_TYPE MmSuperSectionObjectType

Definition at line 41 of file super.c. Referenced by MiSuperSectionInitialization(), NtCreateSuperSection(), NtMapViewOfSuperSection(), and NtOpenSuperSection().

---