lockvm.c File Reference

#include "mi.h"

Go to the source code of this file.

Functions
NTSTATUS	NtLockVirtualMemory (IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PSIZE_T RegionSize, IN ULONG MapType)
NTSTATUS	NtUnlockVirtualMemory (IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PSIZE_T RegionSize, IN ULONG MapType)
VOID	MiInsertConflictInList (PMMLOCK_CONFLICT Conflict)
VOID	MiRemoveConflictFromList (PMMLOCK_CONFLICT Conflict)

---

Function Documentation

VOID MiInsertConflictInList (  PMMLOCK_CONFLICT  Conflict  )

Definition at line 1051 of file lockvm.c. References _MMLOCK_CONFLICT::List, MmChargeCommitmentLock, MmLockConflictList, PMMLOCK_CONFLICT, PsGetCurrentThread, and _MMLOCK_CONFLICT::Thread. { KIRQL OldIrql; Conflict->Thread = PsGetCurrentThread(); ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql); InsertHeadList ( &MmLockConflictList, &Conflict->List); ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); return; }

VOID MiRemoveConflictFromList (  PMMLOCK_CONFLICT  Conflict  )

Definition at line 1067 of file lockvm.c. References _MMLOCK_CONFLICT::List, and MmChargeCommitmentLock. { KIRQL OldIrql; ExAcquireSpinLock (&MmChargeCommitmentLock, &OldIrql); RemoveEntryList (&Conflict->List); ExReleaseSpinLock (&MmChargeCommitmentLock, OldIrql); return; }

NTSTATUS NtLockVirtualMemory (  IN HANDLE  ProcessHandle, IN OUT PVOID *  BaseAddress, IN OUT PSIZE_T  RegionSize, IN ULONG  MapType )

Definition at line 33 of file lockvm.c. References ASSERT, _MMVAD::EndingVpn, EXCEPTION_EXECUTE_HANDLER, ExSystemExceptionFilter(), FALSE, _MMWSL::FirstDynamic, KeAttachProcess(), KeDetachProcess(), KernelMode, KPROCESSOR_MODE, LOCK_WS_AND_ADDRESS_SPACE, LOCK_WS_UNSAFE, MI_PFN_ELEMENT, MI_VPN_TO_VA, MiDoesPdeExistAndMakeValid(), MiDoesPpeExistAndMakeValid, MiGetPdeAddress, MiGetPteAddress, MiInsertConflictInList(), MiLocateAddress(), MiLocateWsle(), MiLockFor4kPage(), MiRemoveConflictFromList(), MiSwapWslEntries(), MM_FLUID_WORKING_SET, MmIsAddressValid(), MMLOCK_CONFLICT, MmWorkingSetList, MmWsle, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PAGE_4K, PAGE_4K_ALIGN, PAGE_ALIGN, PAGE_SHIFT, PAGE_SIZE, PAGED_CODE, ProbeForWritePointer, ProbeForWriteUlong_ptr, PsProcessType, SeLockMemoryPrivilege, SeSinglePrivilegeCheck(), Status, TRUE, _MMPTE::u, _MMVAD::u, _MMWSLE::u1, _MMPFN::u1, UNLOCK_ADDRESS_SPACE, UNLOCK_WS_AND_ADDRESS_SPACE, UNLOCK_WS_UNSAFE, VOID(), and WSLE_NULL_INDEX. 00042 : 00043 00044 This function locks a region of pages within the working set list 00045 of a subject process. 00046 00047 The caller of this function must have PROCESS_VM_OPERATION access 00048 to the target process. The caller must also have SeLockMemoryPrivilege. 00049 00050 Arguments: 00051 00052 ProcessHandle - Supplies an open handle to a process object. 00053 00054 BaseAddress - The base address of the region of pages 00055 to be locked. This value is rounded down to the 00056 next host page address boundary. 00057 00058 RegionSize - A pointer to a variable that will receive 00059 the actual size in bytes of the locked region of 00060 pages. The initial value of this argument is 00061 rounded up to the next host page size boundary. 00062 00063 MapType - A set of flags that describe the type of locking to 00064 perform. One of MAP_PROCESS or MAP_SYSTEM. 00065 00066 Return Value: 00067 00068 Returns the status 00069 00070 STATUS_PRIVILEGE_NOT_HELD - The caller did not have sufficient 00071 privilege to perform the requested operation. 00072 00073 TBS 00074 00075 00076 --*/ 00077 00078 { 00079 PVOID Va; 00080 PVOID EndingAddress; 00081 PMMPTE PointerPte; 00082 PMMPTE PointerPte1; 00083 PMMPFN Pfn1; 00084 PMMPTE PointerPde; 00085 PMMPTE PointerPpe; 00086 ULONG_PTR CapturedRegionSize; 00087 PVOID CapturedBase; 00088 PEPROCESS TargetProcess; 00089 NTSTATUS Status; 00090 BOOLEAN WasLocked; 00091 KPROCESSOR_MODE PreviousMode; 00092 ULONG Entry; 00093 ULONG SwapEntry; 00094 SIZE_T NumberOfAlreadyLocked; 00095 SIZE_T NumberToLock; 00096 ULONG WorkingSetIndex; 00097 PMMVAD Vad; 00098 PVOID LastVa; 00099 MMLOCK_CONFLICT Conflict; 00100 ULONG Waited; 00101 LOGICAL Attached; 00102 #if defined(_MIALT4K_) 00103 BOOLEAN IsWow64Process = FALSE; 00104 #endif 00105 00106 PAGED_CODE(); 00107 00108 WasLocked = FALSE; 00109 LastVa = NULL; 00110 00111 // 00112 // Validate the flags in MapType. 00113 // 00114 00115 if ((MapType & ~(MAP_PROCESS | MAP_SYSTEM)) != 0) { 00116 return STATUS_INVALID_PARAMETER; 00117 } 00118 00119 if ((MapType & (MAP_PROCESS | MAP_SYSTEM)) == 0) { 00120 return STATUS_INVALID_PARAMETER; 00121 } 00122 00123 PreviousMode = KeGetPreviousMode(); 00124 00125 try { 00126 00127 if (PreviousMode != KernelMode) { 00128 00129 ProbeForWritePointer ((PULONG)BaseAddress); 00130 ProbeForWriteUlong_ptr (RegionSize); 00131 } 00132 00133 // 00134 // Capture the base address. 00135 // 00136 00137 CapturedBase = *BaseAddress; 00138 00139 // 00140 // Capture the region size. 00141 // 00142 00143 CapturedRegionSize = *RegionSize; 00144 00145 } except (ExSystemExceptionFilter()) { 00146 00147 // 00148 // If an exception occurs during the probe or capture 00149 // of the initial values, then handle the exception and 00150 // return the exception code as the status value. 00151 // 00152 00153 return GetExceptionCode(); 00154 } 00155 00156 // 00157 // Make sure the specified starting and ending addresses are 00158 // within the user part of the virtual address space. 00159 // 00160 00161 if (CapturedBase > MM_HIGHEST_USER_ADDRESS) { 00162 00163 // 00164 // Invalid base address. 00165 // 00166 00167 return STATUS_INVALID_PARAMETER; 00168 } 00169 00170 if ((ULONG_PTR)MM_HIGHEST_USER_ADDRESS - (ULONG_PTR)CapturedBase < 00171 CapturedRegionSize) { 00172 00173 // 00174 // Invalid region size; 00175 // 00176 00177 return STATUS_INVALID_PARAMETER; 00178 00179 } 00180 00181 if (CapturedRegionSize == 0) { 00182 return STATUS_INVALID_PARAMETER; 00183 } 00184 00185 // 00186 // Reference the specified process. 00187 // 00188 00189 Status = ObReferenceObjectByHandle ( ProcessHandle, 00190 PROCESS_VM_OPERATION, 00191 PsProcessType, 00192 PreviousMode, 00193 (PVOID *)&TargetProcess, 00194 NULL ); 00195 00196 if (!NT_SUCCESS(Status)) { 00197 return Status; 00198 } 00199 00200 if ((MapType & MAP_SYSTEM) != 0) { 00201 00202 // 00203 // In addition to PROCESS_VM_OPERATION access to the target 00204 // process, the caller must have SE_LOCK_MEMORY_PRIVILEGE. 00205 // 00206 00207 if (!SeSinglePrivilegeCheck( 00208 SeLockMemoryPrivilege, 00209 PreviousMode 00210 )) { 00211 00212 ObDereferenceObject( TargetProcess ); 00213 return( STATUS_PRIVILEGE_NOT_HELD ); 00214 } 00215 } 00216 00217 // 00218 // Attach to the specified process. 00219 // 00220 00221 if (ProcessHandle != NtCurrentProcess()) { 00222 KeAttachProcess (&TargetProcess->Pcb); 00223 Attached = TRUE; 00224 } 00225 else { 00226 Attached = FALSE; 00227 } 00228 00229 // 00230 // Get address creation mutex, this prevents the 00231 // address range from being modified while it is examined. Raise 00232 // to APC level to prevent an APC routine from acquiring the 00233 // address creation mutex. Get the working set mutex so the 00234 // number of already locked pages in the request can be determined. 00235 // 00236 00237 #if defined(_MIALT4K_) 00238 00239 // 00240 // changing to 4k aligned should not change the correctness. 00241 // 00242 00243 EndingAddress = PAGE_4K_ALIGN((PCHAR)CapturedBase + CapturedRegionSize - 1); 00244 #else 00245 EndingAddress = PAGE_ALIGN((PCHAR)CapturedBase + CapturedRegionSize - 1); 00246 #endif 00247 00248 Va = PAGE_ALIGN (CapturedBase); 00249 NumberOfAlreadyLocked = 0; 00250 NumberToLock = ((ULONG_PTR)EndingAddress - (ULONG_PTR)Va) >> PAGE_SHIFT; 00251 00252 LOCK_WS_AND_ADDRESS_SPACE (TargetProcess); 00253 00254 // 00255 // Make sure the address space was not deleted, if so, return an error. 00256 // 00257 00258 if (TargetProcess->AddressSpaceDeleted != 0) { 00259 Status = STATUS_PROCESS_IS_TERMINATING; 00260 goto ErrorReturn; 00261 } 00262 00263 if (NumberToLock + MM_FLUID_WORKING_SET > 00264 TargetProcess->Vm.MinimumWorkingSetSize) { 00265 Status = STATUS_WORKING_SET_QUOTA; 00266 goto ErrorReturn; 00267 } 00268 00269 while (Va <= EndingAddress) { 00270 00271 if (Va > LastVa) { 00272 00273 // 00274 // Don't lock physically mapped views. 00275 // 00276 00277 Vad = MiLocateAddress (Va); 00278 if (Vad == NULL) { 00279 Status = STATUS_ACCESS_VIOLATION; 00280 goto ErrorReturn; 00281 } 00282 00283 if ((Vad->u.VadFlags.PhysicalMapping == 1) || 00284 (Vad->u.VadFlags.UserPhysicalPages == 1)) { 00285 Status = STATUS_INCOMPATIBLE_FILE_MAP; 00286 goto ErrorReturn; 00287 } 00288 LastVa = MI_VPN_TO_VA (Vad->EndingVpn); 00289 } 00290 00291 if (MmIsAddressValid (Va)) { 00292 00293 // 00294 // The page is valid, therefore it is in the working set. 00295 // Locate the WSLE for the page and see if it is locked. 00296 // 00297 00298 PointerPte1 = MiGetPteAddress (Va); 00299 Pfn1 = MI_PFN_ELEMENT (PointerPte1->u.Hard.PageFrameNumber); 00300 00301 WorkingSetIndex = MiLocateWsle (Va, 00302 MmWorkingSetList, 00303 Pfn1->u1.WsIndex); 00304 00305 ASSERT (WorkingSetIndex != WSLE_NULL_INDEX); 00306 00307 if (WorkingSetIndex < MmWorkingSetList->FirstDynamic) { 00308 00309 // 00310 // This page is locked in the working set. 00311 // 00312 00313 NumberOfAlreadyLocked += 1; 00314 00315 // 00316 // Check to see if the WAS_LOCKED status should be returned. 00317 // 00318 00319 if ((MapType & MAP_PROCESS) && 00320 (MmWsle[WorkingSetIndex].u1.e1.LockedInWs == 1)) { 00321 WasLocked = TRUE; 00322 } 00323 00324 if ((MapType & MAP_SYSTEM) && 00325 (MmWsle[WorkingSetIndex].u1.e1.LockedInMemory == 1)) { 00326 WasLocked = TRUE; 00327 } 00328 } 00329 } 00330 Va = (PVOID)((PCHAR)Va + PAGE_SIZE); 00331 } 00332 00333 UNLOCK_WS_UNSAFE (TargetProcess); 00334 00335 // 00336 // Check to ensure the working set list is still fluid after 00337 // the requested number of pages are locked. 00338 // 00339 00340 if (TargetProcess->Vm.MinimumWorkingSetSize < 00341 ((MmWorkingSetList->FirstDynamic + NumberToLock + 00342 MM_FLUID_WORKING_SET) - NumberOfAlreadyLocked)) { 00343 00344 Status = STATUS_WORKING_SET_QUOTA; 00345 UNLOCK_ADDRESS_SPACE (TargetProcess); 00346 goto ErrorReturn1; 00347 } 00348 00349 Va = PAGE_ALIGN (CapturedBase); 00350 00351 #if defined(_MIALT4K_) 00352 00353 if (TargetProcess->Wow64Process != NULL) { 00354 00355 IsWow64Process = TRUE; 00356 Va = PAGE_4K_ALIGN (CapturedBase); 00357 00358 } 00359 00360 #endif 00361 00362 // 00363 // Set up an exception handler and touch each page in the specified 00364 // range. 00365 // 00366 00367 MiInsertConflictInList (&Conflict); 00368 00369 try { 00370 00371 while (Va <= EndingAddress) { 00372 *(volatile ULONG *)Va; 00373 Va = (PVOID)((PCHAR)Va + PAGE_SIZE); 00374 } 00375 00376 } except (EXCEPTION_EXECUTE_HANDLER) { 00377 Status = GetExceptionCode(); 00378 MiRemoveConflictFromList (&Conflict); 00379 UNLOCK_ADDRESS_SPACE (TargetProcess); 00380 goto ErrorReturn1; 00381 } 00382 00383 MiRemoveConflictFromList (&Conflict); 00384 00385 // 00386 // The complete address range is accessible, lock the pages into 00387 // the working set. 00388 // 00389 00390 PointerPte = MiGetPteAddress (CapturedBase); 00391 Va = PAGE_ALIGN (CapturedBase); 00392 00393 #if defined(_MIALT4K_) 00394 00395 if (IsWow64Process) { 00396 00397 Va = PAGE_4K_ALIGN (CapturedBase); 00398 00399 } 00400 00401 #endif 00402 00403 // 00404 // Acquire the working set mutex, no page faults are allowed. 00405 // 00406 00407 LOCK_WS_UNSAFE (TargetProcess); 00408 00409 while (Va <= EndingAddress) { 00410 00411 // 00412 // Make sure the PDE is valid. 00413 // 00414 00415 PointerPde = MiGetPdeAddress (Va); 00416 PointerPpe = MiGetPteAddress (PointerPde); 00417 00418 do { 00419 00420 (VOID)MiDoesPpeExistAndMakeValid (PointerPpe, 00421 TargetProcess, 00422 FALSE, 00423 &Waited); 00424 00425 Waited = 0; 00426 00427 (VOID)MiDoesPdeExistAndMakeValid (PointerPde, 00428 TargetProcess, 00429 FALSE, 00430 &Waited); 00431 00432 } while (Waited != 0); 00433 00434 // 00435 // Make sure the page is in the working set. 00436 // 00437 00438 while (PointerPte->u.Hard.Valid == 0) { 00439 00440 // 00441 // Release the working set mutex and fault in the page. 00442 // 00443 00444 UNLOCK_WS_UNSAFE (TargetProcess); 00445 00446 // 00447 // Page in the PDE and make the PTE valid. 00448 // 00449 00450 *(volatile ULONG *)Va; 00451 00452 // 00453 // Reacquire the working set mutex. 00454 // 00455 00456 LOCK_WS_UNSAFE (TargetProcess); 00457 00458 // 00459 // Make sure the page directory & table pages are still valid. 00460 // Trimming could occur if either of the pages that were just 00461 // made valid were removed from the working set before the 00462 // working set lock was acquired. 00463 // 00464 00465 do { 00466 00467 (VOID)MiDoesPpeExistAndMakeValid (PointerPpe, 00468 TargetProcess, 00469 FALSE, 00470 &Waited); 00471 00472 Waited = 0; 00473 00474 (VOID)MiDoesPdeExistAndMakeValid (PointerPde, 00475 TargetProcess, 00476 FALSE, 00477 &Waited); 00478 } while (Waited != 0); 00479 } 00480 00481 // 00482 // The page is now in the working set, lock the page into 00483 // the working set. 00484 // 00485 00486 PointerPte1 = MiGetPteAddress (Va); 00487 Pfn1 = MI_PFN_ELEMENT (PointerPte1->u.Hard.PageFrameNumber); 00488 00489 Entry = MiLocateWsle (Va, MmWorkingSetList, Pfn1->u1.WsIndex); 00490 00491 if (Entry >= MmWorkingSetList->FirstDynamic) { 00492 00493 SwapEntry = MmWorkingSetList->FirstDynamic; 00494 00495 if (Entry != MmWorkingSetList->FirstDynamic) { 00496 00497 // 00498 // Swap this entry with the one at first dynamic. 00499 // 00500 00501 MiSwapWslEntries (Entry, SwapEntry, &TargetProcess->Vm); 00502 } 00503 00504 MmWorkingSetList->FirstDynamic += 1; 00505 } else { 00506 SwapEntry = Entry; 00507 } 00508 00509 // 00510 // Indicate that the page is locked. 00511 // 00512 00513 if (MapType & MAP_PROCESS) { 00514 MmWsle[SwapEntry].u1.e1.LockedInWs = 1; 00515 } 00516 00517 if (MapType & MAP_SYSTEM) { 00518 MmWsle[SwapEntry].u1.e1.LockedInMemory = 1; 00519 } 00520 00521 // 00522 // Increment to the next va and PTE. 00523 // 00524 00525 PointerPte += 1; 00526 Va = (PVOID)((PCHAR)Va + PAGE_SIZE); 00527 } 00528 00529 #if !(defined(_MIALT4K_)) 00530 00531 UNLOCK_WS_AND_ADDRESS_SPACE (TargetProcess); 00532 00533 #else 00534 00535 UNLOCK_WS_UNSAFE (TargetProcess); 00536 00537 if (IsWow64Process) { 00538 00539 MiLockFor4kPage(CapturedBase, CapturedRegionSize, TargetProcess); 00540 00541 } 00542 00543 UNLOCK_ADDRESS_SPACE (TargetProcess); 00544 00545 #endif 00546 00547 if (Attached == TRUE) { 00548 KeDetachProcess(); 00549 } 00550 ObDereferenceObject (TargetProcess); 00551 00552 // 00553 // Update return arguments. 00554 // 00555 00556 // 00557 // Establish an exception handler and write the size and base 00558 // address. 00559 // 00560 00561 try { 00562 00563 #if defined(_MIALT4K_) 00564 00565 if (IsWow64Process) { 00566 00567 *RegionSize = ((PCHAR)EndingAddress - 00568 (PCHAR)PAGE_4K_ALIGN(CapturedBase)) + PAGE_4K; 00569 00570 *BaseAddress = PAGE_4K_ALIGN(CapturedBase); 00571 00572 00573 } else { 00574 00575 #endif 00576 *RegionSize = ((PCHAR)EndingAddress - (PCHAR)PAGE_ALIGN(CapturedBase)) + 00577 PAGE_SIZE; 00578 *BaseAddress = PAGE_ALIGN(CapturedBase); 00579 00580 #if defined(_MIALT4K_) 00581 } 00582 #endif 00583 00584 } except (EXCEPTION_EXECUTE_HANDLER) { 00585 return GetExceptionCode(); 00586 } 00587 00588 if (WasLocked) { 00589 return STATUS_WAS_LOCKED; 00590 } 00591 00592 return STATUS_SUCCESS; 00593 00594 ErrorReturn: 00595 UNLOCK_WS_AND_ADDRESS_SPACE (TargetProcess); 00596 ErrorReturn1: 00597 if (Attached == TRUE) { 00598 KeDetachProcess(); 00599 } 00600 ObDereferenceObject (TargetProcess); 00601 return Status; 00602 }

NTSTATUS NtUnlockVirtualMemory (  IN HANDLE  ProcessHandle, IN OUT PVOID *  BaseAddress, IN OUT PSIZE_T  RegionSize, IN ULONG  MapType )

Definition at line 605 of file lockvm.c. References ASSERT, _MMVAD::EndingVpn, EXCEPTION_EXECUTE_HANDLER, ExSystemExceptionFilter(), FALSE, _MMWSL::FirstDynamic, KeAttachProcess(), KeDetachProcess(), KernelMode, KPROCESSOR_MODE, LOCK_WS_AND_ADDRESS_SPACE, MI_PFN_ELEMENT, MI_VPN_TO_VA, MiFreeWsle(), MiGetPteAddress, MiLocateAddress(), MiLocateWsle(), MiShouldBeUnlockedFor4kPage(), MiSwapWslEntries(), MiUnlockFor4kPage(), MmIsAddressValid(), MmWorkingSetList, MmWsle, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PAGE_4K, PAGE_4K_ALIGN, PAGE_ALIGN, PAGE_SIZE, PAGED_CODE, PERFINFO_GET_PAGE_INFO, PERFINFO_LOG_WS_REMOVAL, PERFINFO_PAGE_INFO_DECL, ProbeForWritePointer, ProbeForWriteUlong_ptr, PsProcessType, SeLockMemoryPrivilege, SeSinglePrivilegeCheck(), Status, TRUE, _MMPTE::u, _MMVAD::u, _MMWSLE::u1, _MMPFN::u1, UNLOCK_WS_AND_ADDRESS_SPACE, and WSLE_NULL_INDEX. : This function unlocks a region of pages within the working set list of a subject process. As a side effect, any pages which are not locked and are in the process's working set are removed from the process's working set. This allows NtUnlockVirtualMemory to remove a range of pages from the working set. The caller of this function must have PROCESS_VM_OPERATION access to the target process. The caller must also have SeLockMemoryPrivilege for MAP_SYSTEM. Arguments: ProcessHandle - Supplies an open handle to a process object. BaseAddress - The base address of the region of pages to be unlocked. This value is rounded down to the next host page address boundary. RegionSize - A pointer to a variable that will receive the actual size in bytes of the unlocked region of pages. The initial value of this argument is rounded up to the next host page size boundary. MapType - A set of flags that describe the type of unlocking to perform. One of MAP_PROCESS or MAP_SYSTEM. Return Value: Returns the status TBS --*/ { PVOID Va; PVOID EndingAddress; SIZE_T CapturedRegionSize; PVOID CapturedBase; PEPROCESS TargetProcess; NTSTATUS Status; KPROCESSOR_MODE PreviousMode; ULONG Entry; PMMPTE PointerPte; PMMPFN Pfn1; PMMVAD Vad; PVOID LastVa; LOGICAL Attached; #if defined(_MIALT4K_) BOOLEAN IsWow64Process = FALSE; #endif PAGED_CODE(); LastVa = NULL; // // Validate the flags in MapType. // if ((MapType & ~(MAP_PROCESS | MAP_SYSTEM)) != 0) { return STATUS_INVALID_PARAMETER; } if ((MapType & (MAP_PROCESS | MAP_SYSTEM)) == 0) { return STATUS_INVALID_PARAMETER; } PreviousMode = KeGetPreviousMode(); try { if (PreviousMode != KernelMode) { ProbeForWritePointer (BaseAddress); ProbeForWriteUlong_ptr (RegionSize); } // // Capture the base address. // CapturedBase = *BaseAddress; // // Capture the region size. // CapturedRegionSize = *RegionSize; } except (ExSystemExceptionFilter()) { // // If an exception occurs during the probe or capture // of the initial values, then handle the exception and // return the exception code as the status value. // return GetExceptionCode(); } // // Make sure the specified starting and ending addresses are // within the user part of the virtual address space. // if (CapturedBase > MM_HIGHEST_USER_ADDRESS) { // // Invalid base address. // return STATUS_INVALID_PARAMETER; } if ((ULONG_PTR)MM_HIGHEST_USER_ADDRESS - (ULONG_PTR)CapturedBase < CapturedRegionSize) { // // Invalid region size; // return STATUS_INVALID_PARAMETER; } if (CapturedRegionSize == 0) { return STATUS_INVALID_PARAMETER; } Status = ObReferenceObjectByHandle ( ProcessHandle, PROCESS_VM_OPERATION, PsProcessType, PreviousMode, (PVOID *)&TargetProcess, NULL ); if (!NT_SUCCESS(Status)) { return Status; } if ((MapType & MAP_SYSTEM) != 0) { // // In addition to PROCESS_VM_OPERATION access to the target // process, the caller must have SE_LOCK_MEMORY_PRIVILEGE. // if (!SeSinglePrivilegeCheck( SeLockMemoryPrivilege, PreviousMode )) { ObDereferenceObject( TargetProcess ); return STATUS_PRIVILEGE_NOT_HELD; } } // // Attach to the specified process. // if (ProcessHandle != NtCurrentProcess()) { KeAttachProcess (&TargetProcess->Pcb); Attached = TRUE; } else { Attached = FALSE; } // // Get address creation mutex, this prevents the // address range from being modified while it is examined. // Block APCs so an APC routine can't get a page fault and // corrupt the working set list, etc. // LOCK_WS_AND_ADDRESS_SPACE (TargetProcess); // // Make sure the address space was not deleted, if so, return an error. // if (TargetProcess->AddressSpaceDeleted != 0) { Status = STATUS_PROCESS_IS_TERMINATING; goto ErrorReturn; } EndingAddress = PAGE_ALIGN((PCHAR)CapturedBase + CapturedRegionSize - 1); Va = PAGE_ALIGN (CapturedBase); while (Va <= EndingAddress) { // // Check to ensure all the specified pages are locked. // // // Don't unlock physically mapped views. // if (Va > LastVa) { Vad = MiLocateAddress (Va); if (Vad == NULL) { Va = (PVOID)((PCHAR)Va + PAGE_SIZE); Status = STATUS_NOT_LOCKED; break; } if ((Vad->u.VadFlags.PhysicalMapping == 1) || (Vad->u.VadFlags.UserPhysicalPages == 1)) { Va = MI_VPN_TO_VA (Vad->EndingVpn); break; } LastVa = MI_VPN_TO_VA (Vad->EndingVpn); } if (!MmIsAddressValid (Va)) { // // This page is not valid, therefore not in working set. // Status = STATUS_NOT_LOCKED; } else { PointerPte = MiGetPteAddress (Va); ASSERT (PointerPte->u.Hard.Valid != 0); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); Entry = MiLocateWsle (Va, MmWorkingSetList, Pfn1->u1.WsIndex); ASSERT (Entry != WSLE_NULL_INDEX); if ((MmWsle[Entry].u1.e1.LockedInWs == 0) && (MmWsle[Entry].u1.e1.LockedInMemory == 0)) { // // Not locked in memory or system, remove from working // set. // PERFINFO_PAGE_INFO_DECL(); PERFINFO_GET_PAGE_INFO(PointerPte); if (MiFreeWsle (Entry, &TargetProcess->Vm, PointerPte)) { PERFINFO_LOG_WS_REMOVAL(PERFINFO_LOG_TYPE_OUTWS_EMPTYQ, &TargetProcess->Vm); } Status = STATUS_NOT_LOCKED; } else if (MapType & MAP_PROCESS) { if (MmWsle[Entry].u1.e1.LockedInWs == 0) { // // This page is not locked. // Status = STATUS_NOT_LOCKED; } } else { if (MmWsle[Entry].u1.e1.LockedInMemory == 0) { // // This page is not locked. // Status = STATUS_NOT_LOCKED; } } } Va = (PVOID)((PCHAR)Va + PAGE_SIZE); } // end while #if defined(_MIALT4K_) if (TargetProcess->Wow64Process != NULL) { IsWow64Process = TRUE; Status = MiUnlockFor4kPage(CapturedBase, CapturedRegionSize, TargetProcess); } #endif if (Status == STATUS_NOT_LOCKED) { goto ErrorReturn; } // // The complete address range is locked, unlock them. // Va = PAGE_ALIGN (CapturedBase); LastVa = NULL; while (Va <= EndingAddress) { #if defined(_MIALT4K_) if (IsWow64Process) { if (!MiShouldBeUnlockedFor4kPage(Va, TargetProcess)) { // // The other 4k pages in the native page still hold the page lock. // Should skip unlocking. Va = (PVOID)((PCHAR)Va + PAGE_SIZE); continue; } } #endif // // Don't unlock physically mapped views. // if (Va > LastVa) { Vad = MiLocateAddress (Va); ASSERT (Vad != NULL); if ((Vad->u.VadFlags.PhysicalMapping == 1) || (Vad->u.VadFlags.UserPhysicalPages == 1)) { Va = MI_VPN_TO_VA (Vad->EndingVpn); break; } LastVa = MI_VPN_TO_VA (Vad->EndingVpn); } PointerPte = MiGetPteAddress (Va); ASSERT (PointerPte->u.Hard.Valid == 1); Pfn1 = MI_PFN_ELEMENT (PointerPte->u.Hard.PageFrameNumber); Entry = MiLocateWsle (Va, MmWorkingSetList, Pfn1->u1.WsIndex); if (MapType & MAP_PROCESS) { MmWsle[Entry].u1.e1.LockedInWs = 0; } if (MapType & MAP_SYSTEM) { MmWsle[Entry].u1.e1.LockedInMemory = 0; } if ((MmWsle[Entry].u1.e1.LockedInMemory == 0) && MmWsle[Entry].u1.e1.LockedInWs == 0) { // // The page is no longer should be locked, move // it to the dynamic part of the working set. // MmWorkingSetList->FirstDynamic -= 1; if (Entry != MmWorkingSetList->FirstDynamic) { // // Swap this element with the last locked page, making // this element the new first dynamic entry. // MiSwapWslEntries (Entry, MmWorkingSetList->FirstDynamic, &TargetProcess->Vm); } } Va = (PVOID)((PCHAR)Va + PAGE_SIZE); } UNLOCK_WS_AND_ADDRESS_SPACE (TargetProcess); if (Attached == TRUE) { KeDetachProcess(); } ObDereferenceObject (TargetProcess); // // Update return arguments. // // // Establish an exception handler and write the size and base // address. // try { #if defined(_MIALT4K_) if (IsWow64Process) { *RegionSize = ((PCHAR)EndingAddress - (PCHAR)PAGE_4K_ALIGN(CapturedBase)) + PAGE_4K; *BaseAddress = PAGE_4K_ALIGN(CapturedBase); } else { #endif *RegionSize = ((PCHAR)EndingAddress - (PCHAR)PAGE_ALIGN(CapturedBase)) + PAGE_SIZE; *BaseAddress = PAGE_ALIGN(CapturedBase); #if defined(_MIALT4K_) } #endif } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } return STATUS_SUCCESS; ErrorReturn: UNLOCK_WS_AND_ADDRESS_SPACE (TargetProcess); if (Attached == TRUE) { KeDetachProcess(); } ObDereferenceObject (TargetProcess); return Status; }

---