lpc.h File Reference

Go to the source code of this file.

Classes
struct	_LPCP_NONPAGED_PORT_QUEUE
struct	_LPCP_PORT_QUEUE
struct	_LPCP_PORT_ZONE
struct	_LPCP_PORT_OBJECT
struct	_LPCP_MESSAGE
struct	_LPCP_CONNECTION_MESSAGE
Defines
#define	LPCP_ZONE_ALIGNMENT   16
#define	LPCP_ZONE_ALIGNMENT_MASK   ~(LPCP_ZONE_ALIGNMENT-1)
#define	LPCP_ZONE_MAX_POOL_USAGE   (8*PAGE_SIZE)
#define	PORT_TYPE   0x0000000F
#define	SERVER_CONNECTION_PORT   0x00000001
#define	UNCONNECTED_COMMUNICATION_PORT   0x00000002
#define	SERVER_COMMUNICATION_PORT   0x00000003
#define	CLIENT_COMMUNICATION_PORT   0x00000004
#define	PORT_WAITABLE   0x20000000
#define	PORT_NAME_DELETED   0x40000000
#define	PORT_DYNAMIC_SECURITY   0x80000000
#define	PORT_DELETED   0x10000000
Typedefs
typedef _LPCP_NONPAGED_PORT_QUEUE	LPCP_NONPAGED_PORT_QUEUE
typedef _LPCP_NONPAGED_PORT_QUEUE *	PLPCP_NONPAGED_PORT_QUEUE
typedef _LPCP_PORT_QUEUE	LPCP_PORT_QUEUE
typedef _LPCP_PORT_QUEUE *	PLPCP_PORT_QUEUE
typedef _LPCP_PORT_ZONE	LPCP_PORT_ZONE
typedef _LPCP_PORT_ZONE *	PLPCP_PORT_ZONE
typedef _LPCP_PORT_OBJECT	LPCP_PORT_OBJECT
typedef _LPCP_PORT_OBJECT *	PLPCP_PORT_OBJECT
typedef _LPCP_MESSAGE	LPCP_MESSAGE
typedef _LPCP_MESSAGE *	PLPCP_MESSAGE
typedef _LPCP_CONNECTION_MESSAGE	LPCP_CONNECTION_MESSAGE
typedef _LPCP_CONNECTION_MESSAGE *	PLPCP_CONNECTION_MESSAGE
Functions
BOOLEAN	LpcInitSystem (VOID)
VOID	LpcExitThread (PETHREAD Thread)
VOID	LpcDumpThread (PETHREAD Thread, IN POB_DUMP_CONTROL Control OPTIONAL)
NTKERNELAPI NTSTATUS	LpcRequestPort (IN PVOID PortAddress, IN PPORT_MESSAGE RequestMessage)
NTSTATUS	LpcRequestWaitReplyPort (IN PVOID PortAddress, IN PPORT_MESSAGE RequestMessage, OUT PPORT_MESSAGE ReplyMessage)
Variables
ULONG	LpcCallOperationCount
ULONG	LpcCallBackOperationCount
ULONG	LpcDatagramOperationCount

---

Define Documentation

#define CLIENT_COMMUNICATION_PORT   0x00000004

Definition at line 134 of file lpc.h. Referenced by LpcpDeletePort(), LpcpFreePortClientSecurity(), LpcRequestPort(), LpcRequestWaitReplyPort(), NtReplyWaitReceivePort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), and NtSecureConnectPort().

#define LPCP_ZONE_ALIGNMENT   16

Definition at line 84 of file lpc.h. Referenced by LpcInitSystem().

#define LPCP_ZONE_ALIGNMENT_MASK   ~(LPCP_ZONE_ALIGNMENT-1)

Definition at line 85 of file lpc.h. Referenced by LpcInitSystem().

#define LPCP_ZONE_MAX_POOL_USAGE   (8*PAGE_SIZE)

Definition at line 91 of file lpc.h. Referenced by LpcInitSystem().

#define PORT_DELETED   0x10000000

Definition at line 138 of file lpc.h. Referenced by NtImpersonateClientOfPort(), NtRequestPort(), and ObfDereferenceObject().

#define PORT_DYNAMIC_SECURITY   0x80000000

Definition at line 137 of file lpc.h. Referenced by LpcpFreePortClientSecurity(), NtImpersonateClientOfPort(), and NtSecureConnectPort().

#define PORT_NAME_DELETED   0x40000000

Definition at line 136 of file lpc.h. Referenced by LpcpDestroyPortQueue(), and NtSecureConnectPort().

#define PORT_TYPE   0x0000000F

Definition at line 130 of file lpc.h. Referenced by LpcpClosePort(), LpcpDeletePort(), LpcpDestroyPortQueue(), LpcpFindDataInfoMessage(), LpcpFreeDataInfoMessage(), LpcpFreePortClientSecurity(), LpcpSaveDataInfoMessage(), LpcRequestPort(), LpcRequestWaitReplyPort(), NtCompleteConnectPort(), NtImpersonateClientOfPort(), NtReplyWaitReceivePort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), and NtSecureConnectPort().

#define PORT_WAITABLE   0x20000000

Definition at line 135 of file lpc.h. Referenced by LpcpCreatePort(), LpcRequestPort(), LpcRequestWaitReplyPort(), NtReplyWaitReceivePort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), and NtSecureConnectPort().

#define SERVER_COMMUNICATION_PORT   0x00000003

Definition at line 133 of file lpc.h. Referenced by LpcpDeletePort(), LpcRequestPort(), LpcRequestWaitReplyPort(), NtAcceptConnectPort(), NtCompleteConnectPort(), NtImpersonateClientOfPort(), NtRequestPort(), and NtRequestWaitReplyPort().

#define SERVER_CONNECTION_PORT   0x00000001

Definition at line 131 of file lpc.h. Referenced by LpcpClosePort(), LpcpCreatePort(), LpcpDeletePort(), LpcpDestroyPortQueue(), LpcRequestPort(), LpcRequestWaitReplyPort(), NtRequestPort(), NtRequestWaitReplyPort(), and NtSecureConnectPort().

#define UNCONNECTED_COMMUNICATION_PORT   0x00000002

Definition at line 132 of file lpc.h. Referenced by LpcpCreatePort(), LpcpFindDataInfoMessage(), LpcpFreeDataInfoMessage(), and LpcpSaveDataInfoMessage().

---

Typedef Documentation

typedef struct _LPCP_CONNECTION_MESSAGE LPCP_CONNECTION_MESSAGE

typedef struct _LPCP_MESSAGE LPCP_MESSAGE

typedef struct _LPCP_NONPAGED_PORT_QUEUE LPCP_NONPAGED_PORT_QUEUE

typedef struct _LPCP_PORT_OBJECT LPCP_PORT_OBJECT

Referenced by LpcpCreatePort(), NtAcceptConnectPort(), and NtSecureConnectPort().

typedef struct _LPCP_PORT_QUEUE LPCP_PORT_QUEUE

typedef struct _LPCP_PORT_ZONE LPCP_PORT_ZONE

typedef struct _LPCP_CONNECTION_MESSAGE * PLPCP_CONNECTION_MESSAGE

typedef struct _LPCP_MESSAGE * PLPCP_MESSAGE

typedef struct _LPCP_NONPAGED_PORT_QUEUE * PLPCP_NONPAGED_PORT_QUEUE

typedef struct _LPCP_PORT_OBJECT * PLPCP_PORT_OBJECT

typedef struct _LPCP_PORT_QUEUE * PLPCP_PORT_QUEUE

typedef struct _LPCP_PORT_ZONE * PLPCP_PORT_ZONE

---

Function Documentation

VOID LpcDumpThread (  PETHREAD  Thread, IN POB_DUMP_CONTROL Control  OPTIONAL )

VOID LpcExitThread (  PETHREAD  Thread  )

Definition at line 281 of file lpcclose.c. References _LPCP_MESSAGE::Entry, _ETHREAD::LpcExitThreadCalled, LpcpAcquireLpcpLock, LpcpFreeToPortZone(), LpcpReleaseLpcpLock, LpcpTrace, _ETHREAD::LpcReplyChain, _ETHREAD::LpcReplyMessage, _ETHREAD::LpcReplyMessageId, NULL, ObDereferenceObject, _LPCP_MESSAGE::RepliedToThread, and TRUE. Referenced by PspExitThread(). 00287 : 00288 00289 This routine is called whenever a thread is exiting and need to cleanup the 00290 lpc port for the thread. 00291 00292 Arguments: 00293 00294 Thread - Supplies the thread being terminated 00295 00296 Return Value: 00297 00298 None. 00299 00300 --*/ 00301 00302 { 00303 PLPCP_MESSAGE Msg; 00304 00305 // 00306 // Acquire the mutex that protects the LpcReplyMessage field of 00307 // the thread. Zero the field so nobody else tries to process it 00308 // when we release the lock. 00309 // 00310 00311 LpcpAcquireLpcpLock(); 00312 00313 if (!IsListEmpty( &Thread->LpcReplyChain )) { 00314 00315 RemoveEntryList( &Thread->LpcReplyChain ); 00316 } 00317 00318 // 00319 // Indicate that this thread is exiting 00320 // 00321 00322 Thread->LpcExitThreadCalled = TRUE; 00323 Thread->LpcReplyMessageId = 0; 00324 00325 // 00326 // If we need to reply to a message then if the thread that we need to reply 00327 // to is still around we want to dereference the thread and free the message 00328 // 00329 00330 Msg = Thread->LpcReplyMessage; 00331 00332 if (Msg != NULL) { 00333 00334 Thread->LpcReplyMessage = NULL; 00335 00336 if (Msg->RepliedToThread != NULL) { 00337 00338 ObDereferenceObject( Msg->RepliedToThread ); 00339 00340 Msg->RepliedToThread = NULL; 00341 } 00342 00343 LpcpTrace(( "Cleanup Msg %lx (%d) for Thread %lx allocated\n", Msg, IsListEmpty( &Msg->Entry ), Thread )); 00344 00345 LpcpFreeToPortZone( Msg, TRUE ); 00346 } 00347 00348 // 00349 // Free the global lpc lock 00350 // 00351 00352 LpcpReleaseLpcpLock(); 00353 00354 // 00355 // And return to our caller 00356 // 00357 00358 return; 00359 } }

BOOLEAN LpcInitSystem (  VOID   )

Definition at line 76 of file lpcinit.c. References FALSE, L, LPCP_ZONE_ALIGNMENT, LPCP_ZONE_ALIGNMENT_MASK, LPCP_ZONE_MAX_POOL_USAGE, LpcpClosePort(), LpcpDeletePort(), LpcpInitializeLpcpLock, LpcpInitializePortZone(), LpcpNextCallbackId, LpcpNextMessageId, LpcPortObjectType, LpcpPortMapping, LpcWaitablePortObjectType, NonPagedPool, NT_SUCCESS, NTSTATUS(), NULL, ObCreateObjectType(), PAGE_SIZE, PagedPool, RtlInitUnicodeString(), Status, and TRUE. : This function performs the system initialization for the LPC package. LPC stands for Local Inter-Process Communication. Arguments: None. Return Value: TRUE if successful and FALSE if an error occurred. The following errors can occur: - insufficient memory --*/ { OBJECT_TYPE_INITIALIZER ObjectTypeInitializer; UNICODE_STRING PortTypeName; ULONG ZoneElementSize; NTSTATUS Status; // // Initialize our global lpc lock // LpcpInitializeLpcpLock(); // // Create the object type for the port object // RtlInitUnicodeString( &PortTypeName, L"Port" ); RtlZeroMemory( &ObjectTypeInitializer, sizeof( ObjectTypeInitializer )); ObjectTypeInitializer.Length = sizeof( ObjectTypeInitializer ); ObjectTypeInitializer.GenericMapping = LpcpPortMapping; ObjectTypeInitializer.MaintainTypeList = TRUE; ObjectTypeInitializer.PoolType = PagedPool; ObjectTypeInitializer.DefaultPagedPoolCharge = sizeof( LPCP_PORT_OBJECT ); ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof( LPCP_NONPAGED_PORT_QUEUE ); ObjectTypeInitializer.InvalidAttributes = OBJ_VALID_ATTRIBUTES ^ PORT_VALID_OBJECT_ATTRIBUTES; ObjectTypeInitializer.ValidAccessMask = PORT_ALL_ACCESS; ObjectTypeInitializer.CloseProcedure = LpcpClosePort; ObjectTypeInitializer.DeleteProcedure = LpcpDeletePort; ObjectTypeInitializer.UseDefaultObject = TRUE ; ObCreateObjectType( &PortTypeName, &ObjectTypeInitializer, (PSECURITY_DESCRIPTOR)NULL, &LpcPortObjectType ); // // Create the object type for the waitable port object // RtlInitUnicodeString( &PortTypeName, L"WaitablePort" ); ObjectTypeInitializer.PoolType = NonPagedPool ; ObjectTypeInitializer.UseDefaultObject = FALSE ; ObCreateObjectType( &PortTypeName, &ObjectTypeInitializer, (PSECURITY_DESCRIPTOR)NULL, &LpcWaitablePortObjectType ); // // Initialize the lpc message and callback id counters // LpcpNextMessageId = 1; LpcpNextCallbackId = 1; // // Initialize the lpc port zone. Each element can contain a max // message, plus an LPCP message structure, plus an LPCP connection // message // ZoneElementSize = PORT_MAXIMUM_MESSAGE_LENGTH + sizeof( LPCP_MESSAGE ) + sizeof( LPCP_CONNECTION_MESSAGE ); // // Round up the size to the next 16 byte alignment // ZoneElementSize = (ZoneElementSize + LPCP_ZONE_ALIGNMENT - 1) & LPCP_ZONE_ALIGNMENT_MASK; // // Initialize the zone // Status = LpcpInitializePortZone( ZoneElementSize, PAGE_SIZE, LPCP_ZONE_MAX_POOL_USAGE ); if (!NT_SUCCESS( Status )) { return( FALSE ); } return( TRUE ); }

NTKERNELAPI NTSTATUS LpcRequestPort (  IN PVOID  PortAddress, IN PPORT_MESSAGE  RequestMessage )

Definition at line 1181 of file lpcsend.c. References CLIENT_COMMUNICATION_PORT, _LPCP_PORT_OBJECT::ConnectedPort, _LPCP_PORT_OBJECT::ConnectionPort, _LPCP_MESSAGE::Entry, FALSE, _LPCP_PORT_OBJECT::Flags, KeEnterCriticalRegion, KeLeaveCriticalRegion, KeReleaseSemaphore(), KernelMode, KeSetEvent(), KPROCESSOR_MODE, L, LPC_RELEASE_WAIT_INCREMENT, LpcpAcquireLpcpLock, LpcpAllocateFromPortZone(), LpcpFreeToPortZone(), LpcpGenerateMessageId, LpcpGetCreatorName(), LpcpMoveMessage(), LpcpReleaseLpcpLock, LpcpTrace, _LPCP_PORT_OBJECT::MaxMessageLength, _LPCP_PORT_OBJECT::MsgQueue, NULL, PAGED_CODE, PORT_TYPE, PORT_WAITABLE, _LPCP_MESSAGE::PortContext, _LPCP_PORT_OBJECT::PortContext, PsGetCurrentProcess, PsGetCurrentThread, _LPCP_PORT_QUEUE::ReceiveHead, _LPCP_MESSAGE::RepliedToThread, _LPCP_MESSAGE::Request, RequestMessage, _LPCP_PORT_QUEUE::Semaphore, SERVER_COMMUNICATION_PORT, SERVER_CONNECTION_PORT, TRUE, and _LPCP_PORT_OBJECT::WaitEvent. Referenced by LpcpDeletePort(), PspExitThread(), and xxxActivateDebugger(). : This procedure is similar to NtRequestPort but without the Handle based interface. Arguments: PortAddress - Supplies a pointer to the communication port to send the request message to. RequestMessage - Specifies a pointer to the request message. The Type field of the message is set to LPC_DATAGRAM by the service. Return Value: NTSTATUS - A status code that indicates whether or not the operation was successful. --*/ { PLPCP_PORT_OBJECT PortObject = (PLPCP_PORT_OBJECT)PortAddress; PLPCP_PORT_OBJECT QueuePort; ULONG MsgType; PLPCP_MESSAGE Msg; KPROCESSOR_MODE PreviousMode; PAGED_CODE(); // // Get previous processor mode and validate parameters // PreviousMode = KeGetPreviousMode(); if (RequestMessage->u2.s2.Type != 0) { MsgType = RequestMessage->u2.s2.Type & ~LPC_KERNELMODE_MESSAGE; if ((MsgType < LPC_DATAGRAM) || (MsgType > LPC_CLIENT_DIED)) { return STATUS_INVALID_PARAMETER; } // // If previous mode is kernel, allow the LPC_KERNELMODE_MESSAGE // bit to be passed in message type field. // if ((PreviousMode == KernelMode) && (RequestMessage->u2.s2.Type & LPC_KERNELMODE_MESSAGE)) { MsgType |= LPC_KERNELMODE_MESSAGE; } } else { MsgType = LPC_DATAGRAM; } if (RequestMessage->u2.s2.DataInfoOffset != 0) { return STATUS_INVALID_PARAMETER; } // // Validate the message length // if (((ULONG)RequestMessage->u1.s1.TotalLength > PortObject->MaxMessageLength) || ((ULONG)RequestMessage->u1.s1.TotalLength <= (ULONG)RequestMessage->u1.s1.DataLength)) { return STATUS_PORT_MESSAGE_TOO_LONG; } // // Allocate a message block // LpcpAcquireLpcpLock(); Msg = (PLPCP_MESSAGE)LpcpAllocateFromPortZone( RequestMessage->u1.s1.TotalLength ); LpcpReleaseLpcpLock(); if (Msg == NULL) { return STATUS_NO_MEMORY; } // // Fill in the message block. // Msg->RepliedToThread = NULL; Msg->PortContext = NULL; LpcpMoveMessage( &Msg->Request, RequestMessage, (RequestMessage + 1), MsgType, &PsGetCurrentThread()->Cid ); // // Acquire the global Lpc mutex that guards the LpcReplyMessage // field of the thread and the request message queue. Stamp the // request message with a serial number, insert the message at // the tail of the request message queue // // This all needs to be performed with APCs disabled to avoid // the situation where something gets put on the queue and this // thread gets suspended before being able to release the semaphore. // KeEnterCriticalRegion(); LpcpAcquireLpcpLock(); if ((PortObject->Flags & PORT_TYPE) != SERVER_CONNECTION_PORT) { QueuePort = PortObject->ConnectedPort; if (QueuePort != NULL) { if ((PortObject->Flags & PORT_TYPE) == CLIENT_COMMUNICATION_PORT) { Msg->PortContext = QueuePort->PortContext; QueuePort = PortObject->ConnectionPort; // // **** this test and assignment are bogus because we earlier // unconditionally set the QueuePort value // } else if ((PortObject->Flags & PORT_TYPE) != SERVER_COMMUNICATION_PORT) { QueuePort = PortObject->ConnectionPort; } } } else { QueuePort = PortObject; } // // At this point we have an LPC message ready to send and if queue port is // not null then we have a port to actually send the message off to // if (QueuePort != NULL) { Msg->Request.MessageId = LpcpGenerateMessageId(); Msg->Request.CallbackId = 0; PsGetCurrentThread()->LpcReplyMessageId = 0; InsertTailList( &QueuePort->MsgQueue.ReceiveHead, &Msg->Entry ); LpcpTrace(( "%s Send DataGram (%s) Msg %lx [%08x %08x %08x %08x] to Port %lx (%s)\n", PsGetCurrentProcess()->ImageFileName, LpcpMessageTypeName[ Msg->Request.u2.s2.Type & ~LPC_KERNELMODE_MESSAGE ], Msg, *((PULONG)(Msg+1)+0), *((PULONG)(Msg+1)+1), *((PULONG)(Msg+1)+2), *((PULONG)(Msg+1)+3), QueuePort, LpcpGetCreatorName( QueuePort ))); // // Release the mutex, increment the request message queue // semaphore by one for the newly inserted request message, // then exit the critical region. // LpcpReleaseLpcpLock(); KeReleaseSemaphore( QueuePort->MsgQueue.Semaphore, LPC_RELEASE_WAIT_INCREMENT, 1L, FALSE ); if ( QueuePort->Flags & PORT_WAITABLE ) { KeSetEvent( &QueuePort->WaitEvent, LPC_RELEASE_WAIT_INCREMENT, FALSE ); } KeLeaveCriticalRegion(); return STATUS_SUCCESS; } // // At this point we have a message but not a valid port to queue it off // to so we'll release the unused message, release our lock and enable // APC again // LpcpFreeToPortZone( Msg, TRUE ); LpcpReleaseLpcpLock(); KeLeaveCriticalRegion(); // // And return the error status to our caller // return STATUS_PORT_DISCONNECTED; }

NTSTATUS LpcRequestWaitReplyPort (  IN PVOID  PortAddress, IN PPORT_MESSAGE  RequestMessage, OUT PPORT_MESSAGE  ReplyMessage )

Definition at line 1407 of file lpcsend.c. References _ETHREAD::Cid, CLIENT_COMMUNICATION_PORT, _LPCP_PORT_OBJECT::ConnectedPort, _LPCP_PORT_OBJECT::ConnectionPort, _LPCP_MESSAGE::Entry, FALSE, _LPCP_PORT_OBJECT::Flags, KeReadStateSemaphore(), KeReleaseSemaphore(), KernelMode, KeSetEvent(), KeWaitForSingleObject(), KPROCESSOR_MODE, LPC_RELEASE_WAIT_INCREMENT, _ETHREAD::LpcExitThreadCalled, LpcpAcquireLpcpLock, LpcpAllocateFromPortZone(), LpcpFreeToPortZone(), LpcpGenerateCallbackId, LpcpGenerateMessageId, LpcpGetCreatorName(), LpcpMoveMessage(), LpcpReleaseLpcpLock, LpcpTrace, _ETHREAD::LpcReplyChain, _LPCP_PORT_OBJECT::LpcReplyChainHead, _ETHREAD::LpcReplyMessage, _ETHREAD::LpcReplyMessageId, _ETHREAD::LpcReplySemaphore, _LPCP_PORT_OBJECT::MaxMessageLength, _LPCP_PORT_OBJECT::MsgQueue, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObject, PAGED_CODE, PORT_TYPE, PORT_WAITABLE, _LPCP_MESSAGE::PortContext, _LPCP_PORT_OBJECT::PortContext, PsGetCurrentProcess, PsGetCurrentThread, PsLookupProcessThreadByCid(), _LPCP_PORT_QUEUE::ReceiveHead, _LPCP_MESSAGE::RepliedToThread, ReplyMessage(), _LPCP_MESSAGE::Request, RequestMessage, _LPCP_PORT_QUEUE::Semaphore, SERVER_COMMUNICATION_PORT, SERVER_CONNECTION_PORT, Status, THREAD_TO_PROCESS, TRUE, _LPCP_PORT_OBJECT::WaitEvent, WrExecutive, and WrLpcReply. Referenced by DbgkpSendApiMessage(), ExpRaiseHardError(), and IopSendMessageToTrackService(). : This procedure is similar to NtRequestWaitReplyPort but without the handle based interface Arguments: PortAddress - Supplies the communication port object to send the request message to. RequestMessage - Specifies a pointer to a request message to send. ReplyMessage - Specifies the address of a variable that will receive the reply message. This parameter may point to the same buffer as the RequestMessage parameter. Return Value: NTSTATUS - A status code that indicates whether or not the operation was successful. --*/ { PLPCP_PORT_OBJECT PortObject = (PLPCP_PORT_OBJECT)PortAddress; PLPCP_PORT_OBJECT QueuePort; PLPCP_PORT_OBJECT RundownPort; PKSEMAPHORE ReleaseSemaphore; NTSTATUS Status; ULONG MsgType; PLPCP_MESSAGE Msg; PETHREAD CurrentThread; PETHREAD WakeupThread; BOOLEAN CallbackRequest; KPROCESSOR_MODE PreviousMode; PAGED_CODE(); CurrentThread = PsGetCurrentThread(); if (CurrentThread->LpcExitThreadCalled) { return STATUS_THREAD_IS_TERMINATING; } // // Get previous processor mode and validate parameters // PreviousMode = KeGetPreviousMode(); MsgType = RequestMessage->u2.s2.Type & ~LPC_KERNELMODE_MESSAGE; CallbackRequest = FALSE; switch (MsgType) { case 0: MsgType = LPC_REQUEST; break; case LPC_REQUEST: CallbackRequest = TRUE; break; case LPC_CLIENT_DIED: case LPC_PORT_CLOSED: case LPC_EXCEPTION: case LPC_DEBUG_EVENT: case LPC_ERROR_EVENT: break; default : return STATUS_INVALID_PARAMETER; } // // Allow the LPC_KERNELMODE_MESSAGE // bit to be passed in message type field. Don't check the previous mode !!! // if ( RequestMessage->u2.s2.Type & LPC_KERNELMODE_MESSAGE) { MsgType |= LPC_KERNELMODE_MESSAGE; } RequestMessage->u2.s2.Type = (CSHORT)MsgType; // // Validate the message length // if (((ULONG)RequestMessage->u1.s1.TotalLength > PortObject->MaxMessageLength) || ((ULONG)RequestMessage->u1.s1.TotalLength <= (ULONG)RequestMessage->u1.s1.DataLength)) { return STATUS_PORT_MESSAGE_TOO_LONG; } // // Determine which port to queue the message to and get client // port context if client sending to server. Also validate // length of message being sent. // LpcpAcquireLpcpLock(); Msg = (PLPCP_MESSAGE)LpcpAllocateFromPortZone( RequestMessage->u1.s1.TotalLength ); LpcpReleaseLpcpLock(); if (Msg == NULL) { return STATUS_NO_MEMORY; } if (CallbackRequest) { // // Check for a valid request message id // if (RequestMessage->MessageId == 0) { LpcpFreeToPortZone( Msg, FALSE ); return STATUS_INVALID_PARAMETER; } // // Translate the ClientId from the request into a // thread pointer. This is a referenced pointer to keep the thread // from evaporating out from under us. // Status = PsLookupProcessThreadByCid( &RequestMessage->ClientId, NULL, &WakeupThread ); if (!NT_SUCCESS( Status )) { LpcpFreeToPortZone( Msg, FALSE ); return Status; } // // Acquire the mutex that gaurds the LpcReplyMessage field of // the thread and get the pointer to the message that the thread // is waiting for a reply to. // LpcpAcquireLpcpLock(); // // See if the thread is waiting for a reply to the message // specified on this call. If not then a bogus message // has been specified, so release the mutex, dereference the thread // and return failure. // if ((WakeupThread->LpcReplyMessageId != RequestMessage->MessageId) || ((WakeupThread->LpcReplyMessage != NULL) && (((PLPCP_MESSAGE)(WakeupThread->LpcReplyMessage))->Request.u2.s2.Type & ~LPC_KERNELMODE_MESSAGE) != LPC_REQUEST)) { LpcpFreeToPortZone( Msg, TRUE ); LpcpReleaseLpcpLock(); ObDereferenceObject( WakeupThread ); return STATUS_REPLY_MESSAGE_MISMATCH; } QueuePort = NULL; Msg->PortContext = NULL; if ((PortObject->Flags & PORT_TYPE) == SERVER_CONNECTION_PORT) { RundownPort = PortObject; } else { RundownPort = PortObject->ConnectedPort; if (RundownPort == NULL) { LpcpFreeToPortZone( Msg, TRUE ); LpcpReleaseLpcpLock(); ObDereferenceObject( WakeupThread ); return STATUS_PORT_DISCONNECTED; } if ((PortObject->Flags & PORT_TYPE) == CLIENT_COMMUNICATION_PORT) { Msg->PortContext = RundownPort->PortContext; } } // // Allocate and initialize a request message // LpcpMoveMessage( &Msg->Request, RequestMessage, (RequestMessage + 1), 0, &CurrentThread->Cid ); Msg->Request.CallbackId = LpcpGenerateCallbackId(); LpcpTrace(( "%s CallBack Request (%s) Msg %lx (%u.%u) [%08x %08x %08x %08x] to Thread %lx (%s)\n", PsGetCurrentProcess()->ImageFileName, LpcpMessageTypeName[ Msg->Request.u2.s2.Type & ~LPC_KERNELMODE_MESSAGE ], Msg, Msg->Request.MessageId, Msg->Request.CallbackId, *((PULONG)(Msg+1)+0), *((PULONG)(Msg+1)+1), *((PULONG)(Msg+1)+2), *((PULONG)(Msg+1)+3), WakeupThread, THREAD_TO_PROCESS( WakeupThread )->ImageFileName )); // // Add an extra reference so LpcExitThread does not evaporate // the pointer before we get to the wait below // ObReferenceObject( WakeupThread ); Msg->RepliedToThread = WakeupThread; WakeupThread->LpcReplyMessageId = 0; WakeupThread->LpcReplyMessage = (PVOID)Msg; // // Remove the thread from the reply rundown list as we are sending a callback // if (!IsListEmpty( &WakeupThread->LpcReplyChain )) { RemoveEntryList( &WakeupThread->LpcReplyChain ); InitializeListHead( &WakeupThread->LpcReplyChain ); } CurrentThread->LpcReplyMessageId = Msg->Request.MessageId; CurrentThread->LpcReplyMessage = NULL; InsertTailList( &RundownPort->LpcReplyChainHead, &CurrentThread->LpcReplyChain ); LpcpReleaseLpcpLock(); // // Wake up the thread that is waiting for an answer to its request // inside of NtRequestWaitReplyPort or NtReplyWaitReplyPort // ReleaseSemaphore = &WakeupThread->LpcReplySemaphore; } else { // // There is no callbreak requested // LpcpMoveMessage( &Msg->Request, RequestMessage, (RequestMessage + 1), 0, &CurrentThread->Cid ); // // Acquire the global Lpc mutex that gaurds the LpcReplyMessage // field of the thread and the request message queue. Stamp the // request message with a serial number, insert the message at // the tail of the request message queue and remember the address // of the message in the LpcReplyMessage field for the current thread. // LpcpAcquireLpcpLock(); Msg->PortContext = NULL; if ((PortObject->Flags & PORT_TYPE) != SERVER_CONNECTION_PORT) { QueuePort = PortObject->ConnectedPort; if (QueuePort == NULL) { LpcpFreeToPortZone( Msg, TRUE ); LpcpReleaseLpcpLock(); return STATUS_PORT_DISCONNECTED; } RundownPort = QueuePort; if ((PortObject->Flags & PORT_TYPE) == CLIENT_COMMUNICATION_PORT) { Msg->PortContext = QueuePort->PortContext; QueuePort = PortObject->ConnectionPort; } else if ((PortObject->Flags & PORT_TYPE) != SERVER_COMMUNICATION_PORT) { QueuePort = PortObject->ConnectionPort; } } else { QueuePort = PortObject; RundownPort = PortObject; } Msg->RepliedToThread = NULL; Msg->Request.MessageId = LpcpGenerateMessageId(); Msg->Request.CallbackId = 0; CurrentThread->LpcReplyMessageId = Msg->Request.MessageId; CurrentThread->LpcReplyMessage = NULL; InsertTailList( &QueuePort->MsgQueue.ReceiveHead, &Msg->Entry ); InsertTailList( &RundownPort->LpcReplyChainHead, &CurrentThread->LpcReplyChain ); LpcpTrace(( "%s Send Request (%s) Msg %lx (%u) [%08x %08x %08x %08x] to Port %lx (%s)\n", PsGetCurrentProcess()->ImageFileName, LpcpMessageTypeName[ Msg->Request.u2.s2.Type & ~LPC_KERNELMODE_MESSAGE ], Msg, Msg->Request.MessageId, *((PULONG)(Msg+1)+0), *((PULONG)(Msg+1)+1), *((PULONG)(Msg+1)+2), *((PULONG)(Msg+1)+3), QueuePort, LpcpGetCreatorName( QueuePort ))); LpcpReleaseLpcpLock(); // // Increment the request message queue semaphore by one for // the newly inserted request message. Release the spin // lock, while remaining at the dispatcher IRQL. Then wait for the // reply to this request by waiting on the LpcReplySemaphore // for the current thread. // ReleaseSemaphore = QueuePort->MsgQueue.Semaphore; if ( QueuePort->Flags & PORT_WAITABLE ) { KeSetEvent( &QueuePort->WaitEvent, LPC_RELEASE_WAIT_INCREMENT, FALSE ); } } // // At this point we've enqueued our request and if necessary // set ourselves up for the callback or reply. // // So now wake up the other end // Status = KeReleaseSemaphore( ReleaseSemaphore, 1, 1, FALSE ); if (CallbackRequest) { ObDereferenceObject( WakeupThread ); } // // And wait for a reply // Status = KeWaitForSingleObject( &CurrentThread->LpcReplySemaphore, WrLpcReply, KernelMode, FALSE, NULL ); if (Status == STATUS_USER_APC) { // // if the semaphore is signaled, then clear it // if (KeReadStateSemaphore( &CurrentThread->LpcReplySemaphore )) { KeWaitForSingleObject( &CurrentThread->LpcReplySemaphore, WrExecutive, KernelMode, FALSE, NULL ); Status = STATUS_SUCCESS; } } // // Acquire the LPC mutex. Remove the reply message from the current thread // LpcpAcquireLpcpLock(); Msg = CurrentThread->LpcReplyMessage; CurrentThread->LpcReplyMessage = NULL; CurrentThread->LpcReplyMessageId = 0; // // Remove the thread from the reply rundown list in case we did not wakeup due to // a reply // if (!IsListEmpty( &CurrentThread->LpcReplyChain )) { RemoveEntryList( &CurrentThread->LpcReplyChain ); InitializeListHead( &CurrentThread->LpcReplyChain ); } #if DBG if (Msg != NULL) { LpcpTrace(( "%s Got Reply Msg %lx (%u) [%08x %08x %08x %08x] for Thread %lx (%s)\n", PsGetCurrentProcess()->ImageFileName, Msg, Msg->Request.MessageId, *((PULONG)(Msg+1)+0), *((PULONG)(Msg+1)+1), *((PULONG)(Msg+1)+2), *((PULONG)(Msg+1)+3), CurrentThread, THREAD_TO_PROCESS( CurrentThread )->ImageFileName )); } #endif LpcpReleaseLpcpLock(); // // If the wait succeeded, copy the reply to the reply buffer. // if (Status == STATUS_SUCCESS) { if (Msg != NULL) { LpcpMoveMessage( ReplyMessage, &Msg->Request, (&Msg->Request) + 1, 0, NULL ); // // Acquire the LPC mutex and decrement the reference count for the // message. If the reference count goes to zero the message will be // deleted. // LpcpAcquireLpcpLock(); if (Msg->RepliedToThread != NULL) { ObDereferenceObject( Msg->RepliedToThread ); Msg->RepliedToThread = NULL; } LpcpFreeToPortZone( Msg, TRUE ); LpcpReleaseLpcpLock(); } else { Status = STATUS_LPC_REPLY_LOST; } } else { // // Wait failed, acquire the LPC mutex and free the message. // LpcpAcquireLpcpLock(); if (Msg != NULL) { LpcpFreeToPortZone( Msg, TRUE ); } LpcpReleaseLpcpLock(); } // // And return to our caller // return Status; }

---

Variable Documentation

ULONG LpcCallBackOperationCount

Definition at line 65 of file lpc.h.

ULONG LpcCallOperationCount

Definition at line 64 of file lpc.h.

ULONG LpcDatagramOperationCount

Definition at line 66 of file lpc.h.

---