ssend.c File Reference

#include "precomp.h"
#include "callback.h"
#include "ntcb.h"

Go to the source code of this file.

Defines
#define	CALLBACKPROC   1
#define	SERVERSIDE   1
#define	SENDSIDE   1
#define	CBBUFSIZE   512
#define	PADSIZE   (sizeof(ULONG_PTR) - 1)
#define	SMESSAGECALL(api)
#define	SETUP(api)
#define	SETUPDC(api)
#define	SETUPPWND(api)
#define	CALC_SIZE_IN(cb, pstr)
#define	CALC_SIZE_OUT(cb, pstr)
#define	BEGINSEND(api)
#define	BEGINSENDCAPTURE(api, cCapturePointers, cCaptureBytes, fInput)
#define	BEGINSENDCAPTUREVOIDDC(api, cCapturePointers, cCaptureBytes, fInput)
#define	BEGINSENDCAPTUREDC(api, cCapturePointers, cCaptureBytes, fInput)
#define	LOCKPWND()
#define	UNLOCKPWND()
#define	MAKECALL(api)
#define	MAKECALLCAPTURE(api)
#define	MAKECALLCAPTUREDC(api)
#define	CHECKRETURN()
#define	ENDSEND(type, error)
#define	CLEANUPSENDCAPTURECOMMONDC()
#define	BEGIN_ENDSENDCAPTURE(type, error)   exit:
#define	_ENDSENDCAPTURE(type, error)
#define	END_ENDSENDCAPTURE(type, error)   return (type)error
#define	ENDSENDCAPTUREDC(type, error)
#define	ENDSENDCAPTURE(type, error)
#define	BEGIN_ENDSENDCAPTUREVOID()   errorexit:
#define	_ENDSENDCAPTUREVOID()
#define	END_ENDSENDCAPTUREVOID()   return
#define	ENDSENDCAPTUREVOIDDC()
#define	ENDSENDCAPTUREVOID()
#define	ENDSENDVOID()
#define	MSGERROR()   goto errorexit
#define	MSGDATA()   (mp)
#define	COPYSTRUCTOPT(x)
#define	COPYCONSTRECTSTRUCTOPT(x)
#define	COPYBYTES(p, cb)
#define	COPYBYTESOPT(p, cb)
#define	LARGECOPYBYTES(p, cb)
#define	LARGECOPYBYTES2(src, cb, dest)
#define	COPYSTRING(s)
#define	COPYSTRINGOPT(s)
#define	COPYSTRINGID(s)
#define	LARGECOPYSTRINGLPWSTR(ps, psz)
#define	LARGECOPYSTRINGLPSTR(ps, psz)
#define	LARGECOPYSTRINGLPWSTRA(ps, psz)
#define	LARGECOPYSTRINGLPSTRW(ps, psz)
#define	LARGECOPYSTRINGLPWSTROPT(ps, psz)
#define	LARGECOPYSTRINGLPSTROPT(ps, psz)
#define	LARGECOPYSTRINGLPWSTROPTA(ps, psz)
#define	BEGINCOPYOUT()
#define	ENDCOPYOUT()   }
#define	OUTSTRUCT(pstruct, type)
#define	OUTBITMASK(pstruct, type, mask)
#define	COPYOUTLPWSTRLIMIT(pstr, cch)
#define	RESERVEBYTES(cb, dest, cbdest)
Functions
PVOID	AllocCallbackMessage (DWORD cbBaseMsg, DWORD cPointers, SIZE_T cbCapture, PBYTE pStackBuffer, BOOL fInput)
NTSTATUS	CaptureCallbackData (PCAPTUREBUF pcb, PVOID pData, DWORD cbData, PVOID *ppDest)
NTSTATUS	AllocateCallbackData (PCAPTUREBUF pcb, DWORD cbData, PVOID *ppDest)
NTSTATUS	CaptureAnsiCallbackData (PCAPTUREBUF pcb, PVOID pData, DWORD cbData, PVOID *ppDest)
NTSTATUS	CaptureUnicodeCallbackData (PCAPTUREBUF pcb, PVOID pData, DWORD cbData, PVOID *ppDest)
VOID	CopyOutputString (PCALLBACKSTATUS pcbs, PLARGE_STRING pstr, UINT cchLimit, BOOL fAnsi)

---

Define Documentation

#define _ENDSENDCAPTURE (  type, error   )

Value: if (mp != &m && (PVOID)mp != (PVOID)Buffer) { \ if (mp->CaptureBuf.pvVirtualAddress) { \ NTSTATUS Status; \ SIZE_T ulRegionSize = 0; \ \ Status = ZwFreeVirtualMemory(NtCurrentProcess(),\ &mp->CaptureBuf.pvVirtualAddress, \ &ulRegionSize, \ MEM_RELEASE); \ UserAssert(NT_SUCCESS(Status)); \ } \ ThreadUnlockAndFreePool(ptiCurrent, &tlPool); \ } \ return (type)retval; \ goto errorexit; \ } \ errorexit: \ retval = error; \ goto exit; \ errorexitnofreemp: Definition at line 218 of file ssend.c.

#define _ENDSENDCAPTUREVOID (   )

Value: if (mp != &m && (PVOID)mp != (PVOID)Buffer) { \ if (mp->CaptureBuf.pvVirtualAddress) { \ NTSTATUS Status; \ SIZE_T ulRegionSize = 0; \ \ Status = ZwFreeVirtualMemory(NtCurrentProcess(),\ &mp->CaptureBuf.pvVirtualAddress, \ &ulRegionSize, \ MEM_RELEASE); \ UserAssert(NT_SUCCESS(Status)); \ } \ ThreadUnlockAndFreePool(ptiCurrent, &tlPool); \ } \ return; \ } \ errorexitnofreemp: Definition at line 288 of file ssend.c.

#define BEGIN_ENDSENDCAPTURE (  type, error   )     exit:

Definition at line 216 of file ssend.c.

#define BEGIN_ENDSENDCAPTUREVOID (   )     errorexit:

Definition at line 286 of file ssend.c.

#define BEGINCOPYOUT (   )

Value: if ((psms == NULL || ((psms->flags & (SMF_SENDERDIED | SMF_REPLY)) == 0)) \ && !(dwSCMSFlags & SCMS_FLAGS_INONLY)) { Definition at line 484 of file ssend.c.

#define BEGINSEND (  api   )

Value: mp = &m; \ Buffer; \ { Definition at line 98 of file ssend.c.

#define BEGINSENDCAPTURE (  api, cCapturePointers, cCaptureBytes, fInput   )

Value: if (cCapturePointers) { \ mp = AllocCallbackMessage(sizeof(m), \ (cCapturePointers), \ (cCaptureBytes), \ Buffer, \ fInput); \ if (mp == NULL) \ goto errorexitnofreemp; \ } else { \ m.CaptureBuf.cbCallback = sizeof(m); \ m.CaptureBuf.cbCapture = 0; \ m.CaptureBuf.cCapturedPointers = 0; \ mp = &m; \ } \ { \ PTHREADINFO ptiCurrent = PtiCurrent(); \ TL tlPool; \ \ if (mp != &m && (PVOID)mp != (PVOID)Buffer) \ ThreadLockPool(ptiCurrent, mp, &tlPool); Definition at line 103 of file ssend.c.

#define BEGINSENDCAPTUREDC (  api, cCapturePointers, cCaptureBytes, fInput   )

Value: hdcUse = CreateCompatiblePublicDC(hdc,&hbmDCGray); \ if (hdcUse == (HDC)NULL) { \ return FALSE; \ } \ BEGINSENDCAPTURE(api, cCapturePointers, cCaptureBytes, fInput); \ Definition at line 132 of file ssend.c.

#define BEGINSENDCAPTUREVOIDDC (  api, cCapturePointers, cCaptureBytes, fInput   )

Value: hdcUse = CreateCompatiblePublicDC(hdc,&hbmDCGray); \ if (hdcUse == (HDC)NULL) { \ return; \ } \ BEGINSENDCAPTURE(api, cCapturePointers, cCaptureBytes, fInput); \ Definition at line 125 of file ssend.c.

#define CALC_SIZE_IN (  cb, pstr   )

Value: cb = (pstr)->Length + sizeof(WCHAR); \ if ((pstr)->bAnsi && !fAnsiReceiver) \ cb *= sizeof(WCHAR); Definition at line 69 of file ssend.c.

#define CALC_SIZE_OUT (  cb, pstr   )

Value: cb = (pstr)->MaximumLength + sizeof(WCHAR); \ if ((pstr)->bAnsi && !fAnsiReceiver) \ cb *= sizeof(WCHAR); Definition at line 74 of file ssend.c.

#define CALLBACKPROC   1

Definition at line 14 of file ssend.c.

#define CBBUFSIZE   512

Definition at line 21 of file ssend.c. Referenced by AllocCallbackMessage().

#define CHECKRETURN (   )

Value: if (!NT_SUCCESS(Status) || \ cbCBStatus != sizeof(*pcbs)) { \ goto errorexit; \ } \ try { \ retval = ProbeAndReadStructure(&pcbs->retval, ULONG_PTR); \ } except (W32ExceptionHandler(FALSE, RIP_ERROR)) { \ MSGERROR(); \ } Definition at line 189 of file ssend.c.

#define CLEANUPSENDCAPTURECOMMONDC (   )

Value: if(iDC) { \ GreRestoreDC(hdc, iDC); \ } \ if (hdcUse != hdc) { \ GreDeleteDC(hdcUse); \ GreDeleteObject(hbmDCGray); \ } \ Definition at line 207 of file ssend.c.

#define COPYBYTES (  p, cb   )

Value: if (!NT_SUCCESS(CaptureCallbackData(&mp->CaptureBuf, p, cb, &mp->p))) \ goto errorexit; Definition at line 364 of file ssend.c.

#define COPYBYTESOPT (  p, cb   )

Value: if (p) { \ if (!NT_SUCCESS(CaptureCallbackData(&mp->CaptureBuf, p, cb, &mp->p))) \ goto errorexit; \ } else { \ mp->p = NULL; \ } Definition at line 368 of file ssend.c.

#define COPYCONSTRECTSTRUCTOPT (  x   )

Value: MSGDATA()->p ## x = (LPRECT)(p ## x); \ if (p ## x) MSGDATA()->x = *(p ## x); Definition at line 360 of file ssend.c.

#define COPYOUTLPWSTRLIMIT (  pstr, cch   )

Value: try { \ CopyOutputString(pcbs, pstr, cch, fAnsiReceiver); \ } except (W32ExceptionHandler(FALSE, RIP_ERROR)) { \ MSGERROR(); \ } Definition at line 522 of file ssend.c.

#define COPYSTRING (  s   )

Value: mp->s.Length = (p ## s)->Length; \ mp->s.MaximumLength = (p ## s)->MaximumLength; \ if (!NT_SUCCESS(CaptureCallbackData(&mp->CaptureBuf, \ (p ## s)->Buffer, \ (p ## s)->Length + sizeof(WCHAR), \ &mp->s.Buffer))) \ goto errorexit; Definition at line 384 of file ssend.c.

#define COPYSTRINGID (  s   )

Value: mp->s.Length = (p ## s)->Length; \ mp->s.MaximumLength = (p ## s)->MaximumLength; \ if (mp->s.MaximumLength) { \ if (!NT_SUCCESS(CaptureCallbackData(&mp->CaptureBuf, \ (p ## s)->Buffer, \ (p ## s)->Length + sizeof(WCHAR), \ &mp->s.Buffer))) \ goto errorexit; \ } else { \ mp->s.Buffer = (p ## s)->Buffer; \ } Definition at line 407 of file ssend.c.

#define COPYSTRINGOPT (  s   )

Value: if (p ## s) { \ mp->s.Length = (p ## s)->Length; \ mp->s.MaximumLength = (p ## s)->MaximumLength; \ if (!NT_SUCCESS(CaptureCallbackData(&mp->CaptureBuf, \ (p ## s)->Buffer, \ (p ## s)->Length + sizeof(WCHAR), \ &mp->s.Buffer))) \ goto errorexit; \ } else { \ mp->s.Length = 0; \ mp->s.Buffer = NULL; \ } Definition at line 393 of file ssend.c.

#define COPYSTRUCTOPT (  x   )

Value: MSGDATA()->p ## x = (p ## x); \ if (p ## x) MSGDATA()->x = *(p ## x); Definition at line 356 of file ssend.c.

#define END_ENDSENDCAPTURE (  type, error   )     return (type)error

Definition at line 239 of file ssend.c.

#define END_ENDSENDCAPTUREVOID (   )     return

Definition at line 305 of file ssend.c.

#define ENDCOPYOUT (   )     }

Definition at line 488 of file ssend.c.

#define ENDSEND (  type, error   )

Value: return (type)retval; \ goto errorexit; \ } \ errorexit: \ return (type)error Definition at line 200 of file ssend.c.

#define ENDSENDCAPTURE (  type, error   )

Value: BEGIN_ENDSENDCAPTURE(type, error); \ _ENDSENDCAPTURE(type, error); \ END_ENDSENDCAPTURE(type, error) Definition at line 250 of file ssend.c.

#define ENDSENDCAPTUREDC (  type, error   )

Value: BEGIN_ENDSENDCAPTURE(type, error); \ CLEANUPSENDCAPTURECOMMONDC(); \ _ENDSENDCAPTURE(type, error); \ CLEANUPSENDCAPTURECOMMONDC(); \ END_ENDSENDCAPTURE(type, error) Definition at line 243 of file ssend.c.

#define ENDSENDCAPTUREVOID (   )

Value: BEGIN_ENDSENDCAPTUREVOID(); \ CLEANUPSENDCAPTURECOMMON(); \ _ENDSENDCAPTUREVOID(); \ CLEANUPSENDCAPTURECOMMON(); \ END_ENDSENDCAPTUREVOID() Definition at line 315 of file ssend.c.

#define ENDSENDCAPTUREVOIDDC (   )

Value: BEGIN_ENDSENDCAPTUREVOID(); \ CLEANUPSENDCAPTURECOMMONDC(); \ _ENDSENDCAPTUREVOID(); \ CLEANUPSENDCAPTURECOMMONDC(); \ END_ENDSENDCAPTUREVOID() Definition at line 308 of file ssend.c.

#define ENDSENDVOID (   )

Value: } \ return Definition at line 323 of file ssend.c.

#define LARGECOPYBYTES (  p, cb   )

Value: if (!NT_SUCCESS(CaptureCallbackData(&mp->CaptureBuf, p, cb, &mp->p))) \ goto errorexit; Definition at line 376 of file ssend.c.

#define LARGECOPYBYTES2 (  src, cb, dest   )

Value: if (!NT_SUCCESS(CaptureCallbackData(&mp->CaptureBuf, src, cb, &mp->dest))) \ goto errorexit; Definition at line 380 of file ssend.c.

#define LARGECOPYSTRINGLPSTR (  ps, psz   )

Value: if (!NT_SUCCESS(CaptureCallbackData(&mp->CaptureBuf, \ (ps)->Buffer, \ (ps)->Length + 1, \ (PVOID *)&mp->psz))) \ goto errorexit; Definition at line 427 of file ssend.c.

#define LARGECOPYSTRINGLPSTROPT (  ps, psz   )

Value: if (ps) { \ if (!NT_SUCCESS(CaptureCallbackData(&mp->CaptureBuf, \ (ps)->Buffer, \ (ps)->Length + sizeof(UCHAR), \ (PVOID *)&mp->psz))) \ goto errorexit; \ } else { \ mp->psz = NULL; \ } Definition at line 459 of file ssend.c.

#define LARGECOPYSTRINGLPSTRW (  ps, psz   )

Value: if (!NT_SUCCESS(CaptureUnicodeCallbackData(&mp->CaptureBuf, \ (ps)->Buffer, \ ((ps)->Length + 1) * sizeof(WCHAR), \ (PVOID *)&mp->psz))) \ goto errorexit; \ Definition at line 441 of file ssend.c.

#define LARGECOPYSTRINGLPWSTR (  ps, psz   )

Value: if (!NT_SUCCESS(CaptureCallbackData(&mp->CaptureBuf, \ (ps)->Buffer, \ (ps)->Length + sizeof(WCHAR), \ (PVOID *)&mp->psz))) \ goto errorexit; Definition at line 420 of file ssend.c.

#define LARGECOPYSTRINGLPWSTRA (  ps, psz   )

Value: if (!NT_SUCCESS(CaptureAnsiCallbackData(&mp->CaptureBuf, \ (ps)->Buffer, \ ((ps)->Length / sizeof(WCHAR)) + 1, \ (PVOID *)&mp->psz))) \ goto errorexit; Definition at line 434 of file ssend.c.

#define LARGECOPYSTRINGLPWSTROPT (  ps, psz   )

Value: if (ps) { \ if (!NT_SUCCESS(CaptureCallbackData(&mp->CaptureBuf, \ (ps)->Buffer, \ (ps)->Length + sizeof(WCHAR), \ (PVOID *)&mp->psz))) \ goto errorexit; \ } else { \ mp->psz = NULL; \ } Definition at line 448 of file ssend.c.

#define LARGECOPYSTRINGLPWSTROPTA (  ps, psz   )

Value: if (ps) { \ if (!NT_SUCCESS(CaptureAnsiCallbackData(&mp->CaptureBuf, \ (ps)->Buffer, \ ((ps)->Length / sizeof(WCHAR)) + 1, \ (PVOID *)&mp->psz))) \ goto errorexit; \ } else { \ mp->psz = NULL; \ } Definition at line 470 of file ssend.c.

#define LOCKPWND (   )

Value: ThreadLock(pwnd, &tlpwnd); \ cbwin = pci->CallbackWnd; \ pci->CallbackWnd.pwnd = pwndClient; \ pci->CallbackWnd.hwnd = HW(pwnd); Definition at line 139 of file ssend.c.

#define MAKECALL (  api   )

Value: UserAssert(!(PtiCurrent()->TIF_flags & TIF_INCLEANUP)); \ LeaveCrit(); \ Status = KeUserModeCallback( \ FI_ ## api, \ mp, \ sizeof(*mp), \ &pcbs, \ &cbCBStatus); \ EnterCrit(); Definition at line 149 of file ssend.c.

#define MAKECALLCAPTURE (  api   )

Value: UserAssert(!(PtiCurrent()->TIF_flags & TIF_INCLEANUP)); \ LeaveCrit(); \ Status = (DWORD)KeUserModeCallback( \ FI_ ## api, \ mp, \ mp->CaptureBuf.cbCallback, \ &pcbs, \ &cbCBStatus); \ EnterCrit(); Definition at line 160 of file ssend.c.

#define MAKECALLCAPTUREDC (  api   )

Value: iDC = GreSaveDC(hdc); \ MAKECALLCAPTURE(api) \ GreRestoreDC(hdc, iDC); \ iDC = 0; \ if ((hdcUse != hdc) && NT_SUCCESS(Status)) { \ GreBitBlt(hdc, \ 0, \ 0, \ gpDispInfo->cxGray, \ gpDispInfo->cyGray, \ hdcUse, \ 0, \ 0, \ SRCCOPY, \ 0); \ } Definition at line 171 of file ssend.c.

#define MSGDATA (   )     (mp)

Definition at line 354 of file ssend.c.

#define MSGERROR (   )     goto errorexit

Definition at line 327 of file ssend.c.

#define OUTBITMASK (  pstruct, type, mask   )

Value: try { \ type flags = ProbeAndReadStructure(((type *)pcbs->pOutput), type); \ COPY_FLAG(*(pstruct), flags, mask); \ } except (W32ExceptionHandler(FALSE, RIP_ERROR)) { \ MSGERROR(); \ } Definition at line 504 of file ssend.c.

#define OUTSTRUCT (  pstruct, type   )

Value: try { \ *(pstruct) = ProbeAndReadStructure(((type *)pcbs->pOutput), type); \ } except (W32ExceptionHandler(FALSE, RIP_ERROR)) { \ MSGERROR(); \ } Definition at line 494 of file ssend.c.

#define PADSIZE   (sizeof(ULONG_PTR) - 1)

Definition at line 23 of file ssend.c. Referenced by AllocateCallbackData(), AllocCallbackMessage(), CaptureAnsiCallbackData(), CaptureCallbackData(), and CaptureUnicodeCallbackData().

#define RESERVEBYTES (  cb, dest, cbdest   )

Value: if (!NT_SUCCESS(AllocateCallbackData(&mp->CaptureBuf, \ cb, (PVOID *)&mp->dest))) \ goto errorexit; \ mp->cbdest = cb; Definition at line 530 of file ssend.c.

#define SENDSIDE   1

Definition at line 19 of file ssend.c.

#define SERVERSIDE   1

Definition at line 15 of file ssend.c.

#define SETUP (  api   )

Value: api ## MSG m; \ api ## MSG *mp = &m; \ BYTE Buffer[CBBUFSIZE]; \ PCALLBACKSTATUS pcbs; \ ULONG cbCBStatus; \ ULONG_PTR retval; \ NTSTATUS Status; Definition at line 39 of file ssend.c.

#define SETUPDC (  api   )

Value: SETUP(api) \ int iDC = 0; \ HDC hdcUse; \ HBITMAP hbmDCGray = NULL; Definition at line 48 of file ssend.c.

#define SETUPPWND (  api   )

Value: api ## MSG m; \ api ## MSG *mp = &m; \ BYTE Buffer[CBBUFSIZE]; \ PCALLBACKSTATUS pcbs; \ ULONG cbCBStatus; \ ULONG_PTR retval; \ NTSTATUS Status; \ TL tlpwnd; \ CALLBACKWND cbwin; \ PCLIENTINFO pci = PtiCurrent()->pClientInfo; \ PWND pwndClient = pwnd ? (PWND)((PBYTE)pwnd - pci->ulClientDelta) : NULL; \ UserAssert(pci->ulClientDelta != 0); Definition at line 55 of file ssend.c.

#define SMESSAGECALL (  api   )

Value: LRESULT Sfn ## api( \ PWND pwnd, \ UINT msg, \ WPARAM wParam, \ LPARAM lParam, \ ULONG_PTR xParam, \ PROC xpfnProc, \ DWORD dwSCMSFlags, \ PSMS psms) Definition at line 28 of file ssend.c.

#define UNLOCKPWND (   )

Value: pci->CallbackWnd = cbwin; \ ThreadUnlock(&tlpwnd); Definition at line 145 of file ssend.c.

---

Function Documentation

NTSTATUS AllocateCallbackData (  PCAPTUREBUF  pcb, DWORD  cbData, PVOID *  ppDest )

Definition at line 695 of file ssend.c. References _CAPTUREBUF::cbCapture, _CAPTUREBUF::cCapturedPointers, DWORD, NTSTATUS(), _CAPTUREBUF::offPointers, PADSIZE, _CAPTUREBUF::pbFree, PBYTE, and _CAPTUREBUF::pvVirtualAddress. { PBYTE pbBuffer; /* * Allocate space from the message buffer */ if (cbData > pcb->cbCapture) { return STATUS_BUFFER_OVERFLOW; } pbBuffer = pcb->pbFree; pcb->pbFree = pbBuffer + ((cbData + PADSIZE) & ~PADSIZE); /* * Fix up offsets to data. If the data is going into a section * use the real pointer and don't compute offsets. */ if (pcb->pvVirtualAddress) *ppDest = pbBuffer; else { *ppDest = (PBYTE)(pbBuffer - (PBYTE)pcb); ((LPDWORD)((PBYTE)pcb + pcb->offPointers))[pcb->cCapturedPointers++] = (DWORD)((PBYTE)ppDest - (PBYTE)pcb); } return STATUS_SUCCESS; }

PVOID AllocCallbackMessage (  DWORD  cbBaseMsg, DWORD  cPointers, SIZE_T  cbCapture, PBYTE  pStackBuffer, BOOL  fInput )

Definition at line 545 of file ssend.c. References CALLBACKSTACKLIMIT, CBBUFSIZE, _CAPTUREBUF::cbCallback, _CAPTUREBUF::cbCapture, _CAPTUREBUF::cCapturedPointers, NT_SUCCESS, NTSTATUS(), NULL, _CAPTUREBUF::offPointers, PADSIZE, _CAPTUREBUF::pbFree, PBYTE, PCAPTUREBUF, _CAPTUREBUF::pvVirtualAddress, and Status. { PCAPTUREBUF pcb; if (cPointers == 0) return NULL; /* * Compute allocation sizes */ cbBaseMsg = (cbBaseMsg + PADSIZE) & ~PADSIZE; cbBaseMsg += (cPointers * sizeof(PVOID)); cbCapture = (cbCapture + (PADSIZE * cPointers)) & ~PADSIZE; /* * If the captured data is greater than a page, place it * in a section. Otherwise, put the message and the * data in a single block of pool */ if (cbCapture > CALLBACKSTACKLIMIT) { NTSTATUS Status; /* * Allocate the message buffer */ pcb = UserAllocPoolWithQuota(cbBaseMsg, TAG_CALLBACK); if (pcb == NULL) return NULL; /* * Allocate the virtual memory */ pcb->pvVirtualAddress = NULL; Status = ZwAllocateVirtualMemory(NtCurrentProcess(), &pcb->pvVirtualAddress, 0, &cbCapture, MEM_COMMIT, PAGE_READWRITE); if (!NT_SUCCESS(Status)) { RIPMSG2(RIP_WARNING, "AllocCallbackMessage: ZwAllocateVirtualMemory failed. Status:%#lx. Size:%#lx", Status, cbCapture); UserFreePool(pcb); return NULL; } pcb->pbFree = pcb->pvVirtualAddress; pcb->cbCallback = cbBaseMsg; } else { /* * If the message is too big to save on the stack, allocate * the buffer from pool. */ if (cbBaseMsg + cbCapture > CBBUFSIZE) { pcb = UserAllocPoolWithQuota((ULONG)(cbBaseMsg + cbCapture), TAG_CALLBACK); if (pcb == NULL) return NULL; } else { pcb = (PCAPTUREBUF)pStackBuffer; } pcb->pbFree = (PBYTE)pcb + cbBaseMsg; pcb->pvVirtualAddress = NULL; /* * If this callback is passing data to the client, include the * captured data in the message. Otherwise, only pass the message. */ if (fInput) pcb->cbCallback = cbBaseMsg + (ULONG)cbCapture; else pcb->cbCallback = cbBaseMsg; } /* * Initialize the capture buffer */ pcb->cbCapture = (ULONG)cbCapture; pcb->cCapturedPointers = 0; pcb->offPointers = cbBaseMsg - (cPointers * sizeof(PVOID)); return (PVOID)pcb; }

NTSTATUS CaptureAnsiCallbackData (  PCAPTUREBUF  pcb, PVOID  pData, DWORD  cbData, PVOID *  ppDest )

Definition at line 736 of file ssend.c. References _CAPTUREBUF::cbCapture, _CAPTUREBUF::cCapturedPointers, DBCS_CHARSIZE, DWORD, FALSE, IS_DBCS_ENABLED, NT_SUCCESS, NTSTATUS(), NULL, _CAPTUREBUF::offPointers, PADSIZE, _CAPTUREBUF::pbFree, PBYTE, _CAPTUREBUF::pvVirtualAddress, and RtlUnicodeToMultiByteN(). { PBYTE pbBuffer; ULONG nCharsInAnsiString; /* * If the data pointer is NULL, the out pointer will be * NULL */ if (pData == NULL) { *ppDest = NULL; return STATUS_SUCCESS; } /* * Allocate space from the message buffer */ #ifdef FE_SB // CaptureAnsiCallbackData() /* * Reserve enough space for DBCS. */ if ((cbData * sizeof(WORD)) > pcb->cbCapture) { #else if (cbData > pcb->cbCapture) { #endif // FE_SB return STATUS_BUFFER_OVERFLOW; } pbBuffer = pcb->pbFree; /* * Convert the unicode string to ANSI */ try { #ifdef FE_SB // CaptureAnsiCallbackData() /* * Enough space for keep DBCS string. */ if (!NT_SUCCESS(RtlUnicodeToMultiByteN( (PCH)pbBuffer, IS_DBCS_ENABLED() ? cbData * DBCS_CHARSIZE : cbData, &nCharsInAnsiString, (PWCH)pData, cbData * sizeof(WCHAR) ))) { #else if (!NT_SUCCESS(RtlUnicodeToMultiByteN( (PCH)pbBuffer, cbData, &nCharsInAnsiString, (PWCH)pData, cbData * sizeof(WCHAR) ))) { #endif // FE_SB return STATUS_UNSUCCESSFUL; } } except (W32ExceptionHandler(FALSE, RIP_WARNING)) { return STATUS_ACCESS_VIOLATION; } /* * Translation succeeded. */ #ifdef FE_SB // CaptureAnsiCallbackData() /* * nCharsInAnsiString is actual bytes wriiten in message area. */ pcb->pbFree = pbBuffer + ((nCharsInAnsiString + PADSIZE) & ~PADSIZE); pcb->cbCapture -= nCharsInAnsiString; #else pcb->pbFree = pbBuffer + ((cbData + PADSIZE) & ~PADSIZE); pcb->cbCapture -= cbData; #endif // FE_SB /* * Fix up offsets to data. If the data is going into a section * use the real pointer and don't compute offsets. */ if (pcb->pvVirtualAddress) *ppDest = pbBuffer; else { *ppDest = (PBYTE)(pbBuffer - (PBYTE)pcb); ((LPDWORD)((PBYTE)pcb + pcb->offPointers))[pcb->cCapturedPointers++] = (DWORD)((PBYTE)ppDest - (PBYTE)pcb); } return STATUS_SUCCESS; }

NTSTATUS CaptureCallbackData (  PCAPTUREBUF  pcb, PVOID  pData, DWORD  cbData, PVOID *  ppDest )

Definition at line 639 of file ssend.c. References _CAPTUREBUF::cbCapture, _CAPTUREBUF::cCapturedPointers, DWORD, FALSE, NTSTATUS(), NULL, _CAPTUREBUF::offPointers, PADSIZE, _CAPTUREBUF::pbFree, PBYTE, and _CAPTUREBUF::pvVirtualAddress. { PBYTE pbBuffer; /* * If the data pointer is NULL, the out pointer will be * NULL */ if (pData == NULL) { *ppDest = NULL; return STATUS_SUCCESS; } /* * Allocate space from the message buffer */ if (cbData > pcb->cbCapture) { return STATUS_BUFFER_OVERFLOW; } pbBuffer = pcb->pbFree; pcb->pbFree = pbBuffer + ((cbData + PADSIZE) & ~PADSIZE); try { RtlCopyMemory(pbBuffer, pData, cbData); } except (W32ExceptionHandler(FALSE, RIP_WARNING)) { return STATUS_ACCESS_VIOLATION; } /* * Fix up offsets to data. If the data is going into a section * use the real pointer and don't compute offsets. */ if (pcb->pvVirtualAddress) *ppDest = pbBuffer; else { *ppDest = (PBYTE)(pbBuffer - (PBYTE)pcb); ((LPDWORD)((PBYTE)pcb + pcb->offPointers))[pcb->cCapturedPointers++] = (DWORD)((PBYTE)ppDest - (PBYTE)pcb); } return STATUS_SUCCESS; }

NTSTATUS CaptureUnicodeCallbackData (  PCAPTUREBUF  pcb, PVOID  pData, DWORD  cbData, PVOID *  ppDest )

Definition at line 839 of file ssend.c. References _CAPTUREBUF::cbCapture, _CAPTUREBUF::cCapturedPointers, DWORD, FALSE, NT_SUCCESS, NTSTATUS(), NULL, _CAPTUREBUF::offPointers, PADSIZE, _CAPTUREBUF::pbFree, PBYTE, _CAPTUREBUF::pvVirtualAddress, and RtlMultiByteToUnicodeN(). { PBYTE pbBuffer; ULONG nCharsInUnicodeString; /* * If the data pointer is NULL, the out pointer will be * NULL */ if (pData == NULL) { *ppDest = NULL; return STATUS_SUCCESS; } /* * Allocate space from the message buffer */ if (cbData > pcb->cbCapture) { return STATUS_BUFFER_OVERFLOW; } pbBuffer = pcb->pbFree; /* * Convert the ANSI string to unicode */ try { if (!NT_SUCCESS(RtlMultiByteToUnicodeN( (PWCH)pbBuffer, cbData, &nCharsInUnicodeString, (PCH)pData, cbData / sizeof(WCHAR) ))) { return STATUS_UNSUCCESSFUL; } } except (W32ExceptionHandler(FALSE, RIP_WARNING)) { return STATUS_ACCESS_VIOLATION; } /* * Translation succeeded. */ pcb->pbFree = pbBuffer + ((cbData + PADSIZE) & ~PADSIZE); pcb->cbCapture -= cbData; /* * Fix up offsets to data. If the data is going into a section * use the real pointer and don't compute offsets. */ if (pcb->pvVirtualAddress) *ppDest = pbBuffer; else { *ppDest = (PBYTE)(pbBuffer - (PBYTE)pcb); ((LPDWORD)((PBYTE)pcb + pcb->offPointers))[pcb->cCapturedPointers++] = (DWORD)((PBYTE)ppDest - (PBYTE)pcb); } return STATUS_SUCCESS; }

VOID CopyOutputString (  PCALLBACKSTATUS  pcbs, PLARGE_STRING  pstr, UINT  cchLimit, BOOL  fAnsi )

Definition at line 922 of file ssend.c. References _LARGE_STRING::bAnsi, _LARGE_STRING::Buffer, BYTE, FALSE, _LARGE_STRING::Length, PCALLBACKSTATUS, pcbs, ProbeForRead, strncpycch(), UINT, VOID(), and wcsncpycch(). { UINT cch; ProbeForRead(pcbs->pOutput, pcbs->cbOutput, fAnsi ? sizeof(BYTE) : sizeof(WORD)); if (!pstr->bAnsi) { if (fAnsi) { cch = MBToWCS((LPSTR)pcbs->pOutput, (UINT)pcbs->retval, (LPWSTR *)&pstr->Buffer, cchLimit, FALSE); if (cch < cchLimit) { /* * Add a null terminator and ensure an accurate pstr->Length */ ((LPWSTR)pstr->Buffer)[cch] = 0; cchLimit = cch; } } else { cchLimit = wcsncpycch(pstr->Buffer, (LPWSTR)pcbs->pOutput, cchLimit); // wcsncpy(pstr->Buffer, (LPWSTR)pcbs->pOutput, cchLimit); } pstr->Length = cchLimit * sizeof(WCHAR); } else { if (fAnsi) { cchLimit = strncpycch((LPSTR)pstr->Buffer, // strncpy((LPSTR)pstr->Buffer, (LPSTR)pcbs->pOutput, cchLimit); } else { cch = WCSToMB((LPWSTR)pcbs->pOutput, (UINT)pcbs->retval, (LPSTR *)&pstr->Buffer, cchLimit, FALSE); if (cch < cchLimit) { /* * Add a null terminator and ensure an accurate pstr->Length */ ((LPSTR)pstr->Buffer)[cch] = 0; cchLimit = cch; } } pstr->Length = cchLimit; } }

---