lpcrecv.c File Reference

#include "lpcp.h"

Go to the source code of this file.

Functions
NTSTATUS	NtReplyWaitReceivePort (IN HANDLE PortHandle, OUT PVOID *PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage)
NTSTATUS	NtReplyWaitReceivePortEx (IN HANDLE PortHandle, OUT PVOID *PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage, IN PLARGE_INTEGER Timeout OPTIONAL)

---

Function Documentation

NTSTATUS NtReplyWaitReceivePort (  IN HANDLE  PortHandle, OUT PVOID *PortContext  OPTIONAL, IN PPORT_MESSAGE ReplyMessage  OPTIONAL, OUT PPORT_MESSAGE  ReceiveMessage )

Definition at line 29 of file lpcrecv.c. References _ETHREAD::Cid, CLIENT_COMMUNICATION_PORT, _LPCP_PORT_OBJECT::ConnectionPort, _LPCP_MESSAGE::Entry, EXCEPTION_EXECUTE_HANDLER, FALSE, _LPCP_PORT_OBJECT::Flags, IS_SYSTEM_THREAD, KeReleaseSemaphore(), KeResetEvent(), KernelMode, KeWaitForSingleObject(), KPROCESSOR_MODE, _ETHREAD::LpcExitThreadCalled, LpcpAcquireLpcpLock, LpcpAllocateFromPortZone(), LpcpFreeDataInfoMessage(), LpcpFreeToPortZone(), LpcpGetCreatorName(), LpcpMoveMessage(), LpcpPrint, LpcpReferencePortObject, LpcpReleaseLpcpLock, LpcpSaveDataInfoMessage(), LpcpSaveThread, LpcpTrace, _ETHREAD::LpcReceivedMessageId, _ETHREAD::LpcReceivedMsgIdValid, _ETHREAD::LpcReplyChain, _ETHREAD::LpcReplyMessage, _ETHREAD::LpcReplyMessageId, _ETHREAD::LpcReplySemaphore, LpcWaitablePortObjectType, _LPCP_PORT_OBJECT::MaxMessageLength, _LPCP_PORT_OBJECT::MsgQueue, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObject, ObReferenceObjectByHandle(), PAGED_CODE, PORT_TYPE, PORT_WAITABLE, _LPCP_MESSAGE::PortContext, PortHandle, ProbeForRead, ProbeForWrite(), ProbeForWriteUlong, PsGetCurrentProcess, PsGetCurrentThread, PsLookupProcessThreadByCid(), _LPCP_PORT_QUEUE::ReceiveHead, ReplyMessage(), _LPCP_MESSAGE::Request, _LPCP_PORT_QUEUE::Semaphore, Status, THREAD_TO_PROCESS, TRUE, UserMode, _LPCP_PORT_OBJECT::WaitEvent, and WrLpcReceive. Referenced by DbgSspSrvApiLoop(), NtListenPort(), ServerThread(), UdbgTest1(), and UdbgTest2(). : This procedure is used by the server process to wait for a message from a client process A client and server process can receive messages using the NtReplyWaitReceivePort service: If the ReplyMessage parameter is specified, then the reply will be sent using NtReplyPort. If the PortHandle parameter specifies a connection port, then the receive will return whenever a message is sent to a server communication port that does not have its own receive queue and the message is therefore queued to the receive queue of the connection port. If the PortHandle parameter specifies a server communication port that does not have a receive queue, then behaves as if the associated connection port handle was specified. Otherwise the receive will return whenever message is placed in the receive queue associated with the server communication port. The received message will be returned in the variable specified by the ReceiveMessage parameter. If the MapInfoOffset field of the reply message is non-zero, then the PORT_MAP_INFORMATION structure it points to will be processed and the relevant pages will be mapped into the caller's address space. The service returns an error if there is not enough room in the caller's address space to accomodate the mappings. Arguments: PortHandle - Specifies the handle of the connection or communication port to do the receive from. PortContext - Specifies an optional pointer to a variable that is to receive the context value associated with the communication port that the message is being received from. This context variable was specified on the call to the NtAcceptConnectPort service. ReplyMessage - This optional parameter specifies the address of a reply message to be sent. The ClientId and MessageId fields determine which thread will get the reply. See description of NtReplyPort for how the reply is sent. The reply is sent before blocking for the receive. ReceiveMessage - Specifies the address of a variable to receive the message. Return Value: Status code that indicates whether or not the operation was successful. --*/ { PLPCP_PORT_OBJECT PortObject; PLPCP_PORT_OBJECT ReceivePort; PORT_MESSAGE CapturedReplyMessage; KPROCESSOR_MODE PreviousMode; KPROCESSOR_MODE WaitMode; NTSTATUS Status; PLPCP_MESSAGE Msg; PETHREAD CurrentThread; PETHREAD WakeupThread; PAGED_CODE(); CurrentThread = PsGetCurrentThread(); // // Get previous processor mode // PreviousMode = KeGetPreviousMode(); WaitMode = PreviousMode; if (PreviousMode != KernelMode) { try { if (ARGUMENT_PRESENT( PortContext )) { ProbeForWriteUlong( (PULONG)PortContext ); } if (ARGUMENT_PRESENT( ReplyMessage)) { ProbeForRead( ReplyMessage, sizeof( *ReplyMessage ), sizeof( ULONG )); CapturedReplyMessage = *ReplyMessage; } ProbeForWrite( ReceiveMessage, sizeof( *ReceiveMessage ), sizeof( ULONG )); } except( EXCEPTION_EXECUTE_HANDLER ) { return GetExceptionCode(); } } else { // // Kernel mode threads call with wait mode of user so that their // kernel stacks are swappable. Main consumer of this is // SepRmCommandThread // if ( IS_SYSTEM_THREAD(CurrentThread) ) { WaitMode = UserMode; } if (ARGUMENT_PRESENT( ReplyMessage )) { CapturedReplyMessage = *ReplyMessage; } } if (ARGUMENT_PRESENT( ReplyMessage )) { // // Make sure DataLength is valid with respect to header size and total // length // if ((((CLONG)CapturedReplyMessage.u1.s1.DataLength) + sizeof( PORT_MESSAGE )) > ((CLONG)CapturedReplyMessage.u1.s1.TotalLength)) { return STATUS_INVALID_PARAMETER; } // // Make sure the user didn't give us a bogus reply message id // if (CapturedReplyMessage.MessageId == 0) { return STATUS_INVALID_PARAMETER; } } // // Reference the port object by handle and if that doesn't work try // a waitable port object type // Status = LpcpReferencePortObject( PortHandle, 0, PreviousMode, &PortObject ); if (!NT_SUCCESS( Status )) { Status = ObReferenceObjectByHandle( PortHandle, 0, LpcWaitablePortObjectType, PreviousMode, &PortObject, NULL ); if ( !NT_SUCCESS( Status )) { return Status; } } LpcpSaveThread (PortObject); // // Validate the message length // if (ARGUMENT_PRESENT( ReplyMessage )) { if (((ULONG)CapturedReplyMessage.u1.s1.TotalLength > PortObject->MaxMessageLength) || ((ULONG)CapturedReplyMessage.u1.s1.TotalLength <= (ULONG)CapturedReplyMessage.u1.s1.DataLength)) { ObDereferenceObject( PortObject ); return STATUS_PORT_MESSAGE_TOO_LONG; } } // // The receive port we use is either the connection port for the port // object we were given if we were given a client communication port then // we expect to recieve the reply on the communication port itself. // if ((PortObject->Flags & PORT_TYPE) != CLIENT_COMMUNICATION_PORT) { ReceivePort = PortObject->ConnectionPort; } else { ReceivePort = PortObject; } // // If ReplyMessage argument present, then send reply // if (ARGUMENT_PRESENT( ReplyMessage )) { // // Translate the ClientId from the connection request into a // thread pointer. This is a referenced pointer to keep the thread // from evaporating out from under us. // Status = PsLookupProcessThreadByCid( &CapturedReplyMessage.ClientId, NULL, &WakeupThread ); if (!NT_SUCCESS( Status )) { ObDereferenceObject( PortObject ); return Status; } // // Acquire the global Lpc mutex that gaurds the LpcReplyMessage // field of the thread and get the pointer to the message that // the thread is waiting for a reply to. // LpcpAcquireLpcpLock(); Msg = (PLPCP_MESSAGE)LpcpAllocateFromPortZone( CapturedReplyMessage.u1.s1.TotalLength ); if (Msg == NULL) { LpcpReleaseLpcpLock(); ObDereferenceObject( WakeupThread ); ObDereferenceObject( PortObject ); return STATUS_NO_MEMORY; } // // See if the thread is waiting for a reply to the message // specified on this call. If not then a bogus message // has been specified, so release the mutex, dereference the thread // and return failure. // // We also fail this request if the caller isn't replying to a request // message. For example, if the caller is replying to a connection // request // if ((WakeupThread->LpcReplyMessageId != CapturedReplyMessage.MessageId) || ((WakeupThread->LpcReplyMessage != NULL) && (((PLPCP_MESSAGE)(WakeupThread->LpcReplyMessage))->Request.u2.s2.Type & ~LPC_KERNELMODE_MESSAGE) != LPC_REQUEST)) { LpcpPrint(( "%s Attempted ReplyWaitReceive to Thread %lx (%s)\n", PsGetCurrentProcess()->ImageFileName, WakeupThread, THREAD_TO_PROCESS( WakeupThread )->ImageFileName )); LpcpPrint(( "failed. MessageId == %u Client Id: %x.%x\n", CapturedReplyMessage.MessageId, CapturedReplyMessage.ClientId.UniqueProcess, CapturedReplyMessage.ClientId.UniqueThread )); LpcpPrint(( " Thread MessageId == %u Client Id: %x.%x\n", WakeupThread->LpcReplyMessageId, WakeupThread->Cid.UniqueProcess, WakeupThread->Cid.UniqueThread )); #if DBG if (LpcpStopOnReplyMismatch) { DbgBreakPoint(); } #endif LpcpFreeToPortZone( Msg, TRUE ); LpcpReleaseLpcpLock(); ObDereferenceObject( WakeupThread ); ObDereferenceObject( PortObject ); return STATUS_REPLY_MESSAGE_MISMATCH; } // // Copy the reply message to the request message buffer. Do this before // we actually fiddle with the wakeup threads fields. Otherwise we // could mess up its state // try { LpcpMoveMessage( &Msg->Request, &CapturedReplyMessage, (ReplyMessage + 1), LPC_REPLY, NULL ); } except( EXCEPTION_EXECUTE_HANDLER ) { LpcpFreeToPortZone( Msg, TRUE ); LpcpReleaseLpcpLock(); ObDereferenceObject( WakeupThread ); ObDereferenceObject( PortObject ); return (Status = GetExceptionCode()); } LpcpTrace(( "%s Sending Reply Msg %lx (%u.%u, %x) [%08x %08x %08x %08x] to Thread %lx (%s)\n", PsGetCurrentProcess()->ImageFileName, Msg, CapturedReplyMessage.MessageId, CapturedReplyMessage.CallbackId, CapturedReplyMessage.u2.s2.DataInfoOffset, *((PULONG)(Msg+1)+0), *((PULONG)(Msg+1)+1), *((PULONG)(Msg+1)+2), *((PULONG)(Msg+1)+3), WakeupThread, THREAD_TO_PROCESS( WakeupThread )->ImageFileName )); // // Locate and free the messsage from the port. This call use to // test for (CapturedReplyMessage.u2.s2.DataInfoOffset != 0) as a // prerequisite for doing the call. // LpcpFreeDataInfoMessage( PortObject, CapturedReplyMessage.MessageId, CapturedReplyMessage.CallbackId ); // // Add an extra reference so LpcExitThread does not evaporate // the pointer before we get to the wait below // ObReferenceObject( WakeupThread ); // // Release the mutex that guards the LpcReplyMessage field // after marking message as being replied to. // Msg->RepliedToThread = WakeupThread; WakeupThread->LpcReplyMessageId = 0; WakeupThread->LpcReplyMessage = (PVOID)Msg; // // Remove the thread from the reply rundown list as we are sending the reply. // if (!WakeupThread->LpcExitThreadCalled && !IsListEmpty( &WakeupThread->LpcReplyChain )) { RemoveEntryList( &WakeupThread->LpcReplyChain ); InitializeListHead( &WakeupThread->LpcReplyChain ); } if ((CurrentThread->LpcReceivedMsgIdValid) && (CurrentThread->LpcReceivedMessageId == CapturedReplyMessage.MessageId)) { CurrentThread->LpcReceivedMessageId = 0; CurrentThread->LpcReceivedMsgIdValid = FALSE; } LpcpTrace(( "%s Waiting for message to Port %x (%s)\n", PsGetCurrentProcess()->ImageFileName, ReceivePort, LpcpGetCreatorName( ReceivePort ))); LpcpReleaseLpcpLock(); // // Wake up the thread that is waiting for an answer to its request // inside of NtRequestWaitReplyPort or NtReplyWaitReplyPort // KeReleaseSemaphore( &WakeupThread->LpcReplySemaphore, 1, 1, FALSE ); ObDereferenceObject( WakeupThread ); Status = KeWaitForSingleObject( ReceivePort->MsgQueue.Semaphore, WrLpcReceive, WaitMode, FALSE, NULL ); // // Fall into receive code. Client thread reference will be // returned by the client when it wakes up. // } else { // // The user did not give us a reply message to send off // // **** it looks like the only reason to have the then and else // clause both do a wait it to have the lpcp trace denote // the wait without a preceeding reply // // Wait for a message // LpcpTrace(( "%s Waiting for message to Port %x (%s)\n", PsGetCurrentProcess()->ImageFileName, ReceivePort, LpcpGetCreatorName( ReceivePort ))); Status = KeWaitForSingleObject( ReceivePort->MsgQueue.Semaphore, WrLpcReceive, WaitMode, FALSE, NULL ); } // // At this point we've awoke from our wait for a receive // if (Status == STATUS_SUCCESS) { LpcpAcquireLpcpLock(); // // See if we awoke without a message in our receive port // if (IsListEmpty( &ReceivePort->MsgQueue.ReceiveHead )) { if ( ReceivePort->Flags & PORT_WAITABLE ) { KeResetEvent( &ReceivePort->WaitEvent ); } LpcpReleaseLpcpLock(); ObDereferenceObject( PortObject ); return STATUS_UNSUCCESSFUL; } // // We have a message in our recieve port. So let's pull it out // Msg = (PLPCP_MESSAGE)RemoveHeadList( &ReceivePort->MsgQueue.ReceiveHead ); if ( IsListEmpty( &ReceivePort->MsgQueue.ReceiveHead)) { if ( ReceivePort->Flags & PORT_WAITABLE ) { KeResetEvent( &ReceivePort->WaitEvent ); } } InitializeListHead( &Msg->Entry ); LpcpTrace(( "%s Receive Msg %lx (%u) from Port %lx (%s)\n", PsGetCurrentProcess()->ImageFileName, Msg, Msg->Request.MessageId, ReceivePort, LpcpGetCreatorName( ReceivePort ))); // // Now make the thread state to be the message we're currently // working on // CurrentThread->LpcReceivedMessageId = Msg->Request.MessageId; CurrentThread->LpcReceivedMsgIdValid = TRUE; LpcpReleaseLpcpLock(); try { // // Check if the message is a connection request // if ((Msg->Request.u2.s2.Type & ~LPC_KERNELMODE_MESSAGE) == LPC_CONNECTION_REQUEST) { PLPCP_CONNECTION_MESSAGE ConnectMsg; ULONG ConnectionInfoLength; PLPCP_MESSAGE TempMsg; ConnectMsg = (PLPCP_CONNECTION_MESSAGE)(Msg + 1); ConnectionInfoLength = Msg->Request.u1.s1.DataLength - sizeof( *ConnectMsg ); // // Dont free message until NtAcceptConnectPort called, and if it's never called // then we'll keep the message until the client exits. // TempMsg = Msg; Msg = NULL; *ReceiveMessage = TempMsg->Request; ReceiveMessage->u1.s1.TotalLength = (CSHORT)(sizeof( *ReceiveMessage ) + ConnectionInfoLength); ReceiveMessage->u1.s1.DataLength = (CSHORT)ConnectionInfoLength; RtlMoveMemory( ReceiveMessage+1, ConnectMsg + 1, ConnectionInfoLength ); if (ARGUMENT_PRESENT( PortContext )) { *PortContext = NULL; } // // Check if the message is not a reply // } else if ((Msg->Request.u2.s2.Type & ~LPC_KERNELMODE_MESSAGE) != LPC_REPLY) { LpcpMoveMessage( ReceiveMessage, &Msg->Request, (&Msg->Request) + 1, 0, NULL ); if (ARGUMENT_PRESENT( PortContext )) { *PortContext = Msg->PortContext; } // // If message contains DataInfo for access via NtRead/WriteRequestData // then put the message on a list in the communication port and dont // free it. It will be freed when the server replies to the message. // if (Msg->Request.u2.s2.DataInfoOffset != 0) { LpcpSaveDataInfoMessage( PortObject, Msg ); Msg = NULL; } // // Otherwise this is a reply message we just recieved // } else { LpcpPrint(( "LPC: Bogus reply message (%08x) in receive queue of connection port %08x\n", Msg, ReceivePort )); KdBreakPoint(); } } except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); // FIX, FIX } // // Acquire the LPC mutex and decrement the reference count for the // message. If the reference count goes to zero the message will be // deleted. // if (Msg != NULL) { LpcpFreeToPortZone( Msg, FALSE ); } } ObDereferenceObject( PortObject ); // // And return to our caller // return Status; }

NTSTATUS NtReplyWaitReceivePortEx (  IN HANDLE  PortHandle, OUT PVOID *PortContext  OPTIONAL, IN PPORT_MESSAGE ReplyMessage  OPTIONAL, OUT PPORT_MESSAGE  ReceiveMessage, IN PLARGE_INTEGER Timeout  OPTIONAL )

Definition at line 635 of file lpcrecv.c. References _ETHREAD::Cid, CLIENT_COMMUNICATION_PORT, _LPCP_PORT_OBJECT::ConnectionPort, _LPCP_MESSAGE::Entry, EXCEPTION_EXECUTE_HANDLER, FALSE, _LPCP_PORT_OBJECT::Flags, IS_SYSTEM_THREAD, KeReleaseSemaphore(), KeResetEvent(), KernelMode, KeWaitForSingleObject(), KPROCESSOR_MODE, _ETHREAD::LpcExitThreadCalled, LpcpAcquireLpcpLock, LpcpAllocateFromPortZone(), LpcpFreeDataInfoMessage(), LpcpFreeToPortZone(), LpcpGetCreatorName(), LpcpMoveMessage(), LpcpPrint, LpcpReferencePortObject, LpcpReleaseLpcpLock, LpcpSaveDataInfoMessage(), LpcpSaveThread, LpcpTrace, _ETHREAD::LpcReceivedMessageId, _ETHREAD::LpcReceivedMsgIdValid, _ETHREAD::LpcReplyChain, _ETHREAD::LpcReplyMessage, _ETHREAD::LpcReplyMessageId, _ETHREAD::LpcReplySemaphore, LpcWaitablePortObjectType, _LPCP_PORT_OBJECT::MsgQueue, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObject, ObReferenceObjectByHandle(), PAGED_CODE, PORT_TYPE, PORT_WAITABLE, _LPCP_MESSAGE::PortContext, PortHandle, ProbeAndReadLargeInteger, ProbeForRead, ProbeForWrite(), ProbeForWriteUlong, PsGetCurrentProcess, PsGetCurrentThread, PsLookupProcessThreadByCid(), _LPCP_PORT_QUEUE::ReceiveHead, ReplyMessage(), _LPCP_MESSAGE::Request, _LPCP_PORT_QUEUE::Semaphore, Status, THREAD_TO_PROCESS, TRUE, UserMode, _LPCP_PORT_OBJECT::WaitEvent, and WrLpcReceive. Referenced by RtlpLpcServerCallback(). 00645 : 00646 00647 See NtReplyWaitReceivePort. 00648 00649 Arguments: 00650 00651 See NtReplyWaitReceivePort. 00652 00653 Timeout - Supplies an optional timeout value to use when waiting for a 00654 receive. 00655 00656 Return Value: 00657 00658 See NtReplyWaitReceivePort. 00659 00660 --*/ 00661 00662 { 00663 PLPCP_PORT_OBJECT PortObject; 00664 PLPCP_PORT_OBJECT ReceivePort; 00665 PORT_MESSAGE CapturedReplyMessage; 00666 KPROCESSOR_MODE PreviousMode; 00667 KPROCESSOR_MODE WaitMode; 00668 NTSTATUS Status; 00669 PLPCP_MESSAGE Msg; 00670 PETHREAD CurrentThread; 00671 PETHREAD WakeupThread; 00672 LARGE_INTEGER TimeoutValue ; 00673 00674 PAGED_CODE(); 00675 00676 CurrentThread = PsGetCurrentThread(); 00677 00678 TimeoutValue.QuadPart = 0 ; 00679 00680 // 00681 // Get previous processor mode 00682 // 00683 00684 PreviousMode = KeGetPreviousMode(); 00685 WaitMode = PreviousMode; 00686 00687 if (PreviousMode != KernelMode) { 00688 00689 try { 00690 00691 if (ARGUMENT_PRESENT( PortContext )) { 00692 00693 ProbeForWriteUlong( (PULONG)PortContext ); 00694 } 00695 00696 if (ARGUMENT_PRESENT( ReplyMessage)) { 00697 00698 ProbeForRead( ReplyMessage, 00699 sizeof( *ReplyMessage ), 00700 sizeof( ULONG )); 00701 00702 CapturedReplyMessage = *ReplyMessage; 00703 } 00704 00705 if (ARGUMENT_PRESENT( Timeout )) { 00706 00707 TimeoutValue = ProbeAndReadLargeInteger( Timeout ); 00708 00709 Timeout = &TimeoutValue ; 00710 } 00711 00712 ProbeForWrite( ReceiveMessage, 00713 sizeof( *ReceiveMessage ), 00714 sizeof( ULONG )); 00715 00716 } except( EXCEPTION_EXECUTE_HANDLER ) { 00717 00718 return GetExceptionCode(); 00719 } 00720 00721 } else { 00722 00723 // 00724 // Kernel mode threads call with wait mode of user so that their 00725 // kernel // stacks are swappable. Main consumer of this is 00726 // SepRmCommandThread 00727 // 00728 00729 if ( IS_SYSTEM_THREAD(CurrentThread) ) { 00730 00731 WaitMode = UserMode; 00732 } 00733 00734 if (ARGUMENT_PRESENT( ReplyMessage)) { 00735 00736 CapturedReplyMessage = *ReplyMessage; 00737 } 00738 } 00739 00740 if (ARGUMENT_PRESENT( ReplyMessage)) { 00741 00742 // 00743 // Make sure DataLength is valid with respect to header size and total 00744 // length 00745 // 00746 00747 if ((((CLONG)CapturedReplyMessage.u1.s1.DataLength) + sizeof( PORT_MESSAGE )) > 00748 ((CLONG)CapturedReplyMessage.u1.s1.TotalLength)) { 00749 00750 return STATUS_INVALID_PARAMETER; 00751 } 00752 00753 // 00754 // Make sure the user didn't give us a bogus reply message id 00755 // 00756 00757 if (CapturedReplyMessage.MessageId == 0) { 00758 00759 return STATUS_INVALID_PARAMETER; 00760 } 00761 } 00762 00763 // 00764 // Reference the port object by handle and if that doesn't work try 00765 // a waitable port object type 00766 // 00767 00768 Status = LpcpReferencePortObject( PortHandle, 00769 0, 00770 PreviousMode, 00771 &PortObject ); 00772 00773 if (!NT_SUCCESS( Status )) { 00774 00775 Status = ObReferenceObjectByHandle( PortHandle, 00776 0, 00777 LpcWaitablePortObjectType, 00778 PreviousMode, 00779 &PortObject, 00780 NULL ); 00781 00782 if ( !NT_SUCCESS( Status ) ) { 00783 00784 return Status; 00785 } 00786 } 00787 00788 LpcpSaveThread (PortObject); 00789 00790 // 00791 // The receive port we use is either the connection port for the port 00792 // object we were given if we were given a client communication port then 00793 // we expect to recieve the reply on the communication port itself. 00794 // 00795 00796 if ((PortObject->Flags & PORT_TYPE) != CLIENT_COMMUNICATION_PORT) { 00797 00798 ReceivePort = PortObject->ConnectionPort; 00799 00800 } else { 00801 00802 ReceivePort = PortObject; 00803 } 00804 00805 // 00806 // If ReplyMessage argument present, then send reply 00807 // 00808 00809 if (ARGUMENT_PRESENT( ReplyMessage )) { 00810 00811 // 00812 // Translate the ClientId from the connection request into a 00813 // thread pointer. This is a referenced pointer to keep the thread 00814 // from evaporating out from under us. 00815 // 00816 00817 Status = PsLookupProcessThreadByCid( &CapturedReplyMessage.ClientId, 00818 NULL, 00819 &WakeupThread ); 00820 00821 if (!NT_SUCCESS( Status )) { 00822 00823 ObDereferenceObject( PortObject ); 00824 return Status; 00825 } 00826 00827 // 00828 // Acquire the global Lpc mutex that gaurds the LpcReplyMessage 00829 // field of the thread and get the pointer to the message that 00830 // the thread is waiting for a reply to. 00831 // 00832 00833 LpcpAcquireLpcpLock(); 00834 00835 Msg = (PLPCP_MESSAGE)LpcpAllocateFromPortZone( CapturedReplyMessage.u1.s1.TotalLength ); 00836 00837 if (Msg == NULL) { 00838 00839 LpcpReleaseLpcpLock(); 00840 00841 ObDereferenceObject( WakeupThread ); 00842 ObDereferenceObject( PortObject ); 00843 00844 return STATUS_NO_MEMORY; 00845 } 00846 00847 // 00848 // See if the thread is waiting for a reply to the message 00849 // specified on this call. If not then a bogus message 00850 // has been specified, so release the mutex, dereference the thread 00851 // and return failure. 00852 // 00853 // We also fail this request if the caller isn't replying to a request 00854 // message. For example, if the caller is replying to a connection 00855 // request 00856 // 00857 00858 if ((WakeupThread->LpcReplyMessageId != CapturedReplyMessage.MessageId) 00859 00860 || 00861 00862 ((WakeupThread->LpcReplyMessage != NULL) && 00863 (((PLPCP_MESSAGE)(WakeupThread->LpcReplyMessage))->Request.u2.s2.Type & ~LPC_KERNELMODE_MESSAGE) != LPC_REQUEST)) { 00864 00865 LpcpPrint(( "%s Attempted ReplyWaitReceive to Thread %lx (%s)\n", 00866 PsGetCurrentProcess()->ImageFileName, 00867 WakeupThread, 00868 THREAD_TO_PROCESS( WakeupThread )->ImageFileName )); 00869 00870 LpcpPrint(( "failed. MessageId == %u Client Id: %x.%x\n", 00871 CapturedReplyMessage.MessageId, 00872 CapturedReplyMessage.ClientId.UniqueProcess, 00873 CapturedReplyMessage.ClientId.UniqueThread )); 00874 00875 LpcpPrint(( " Thread MessageId == %u Client Id: %x.%x\n", 00876 WakeupThread->LpcReplyMessageId, 00877 WakeupThread->Cid.UniqueProcess, 00878 WakeupThread->Cid.UniqueThread )); 00879 00880 #if DBG 00881 if (LpcpStopOnReplyMismatch) { 00882 00883 DbgBreakPoint(); 00884 } 00885 #endif 00886 00887 LpcpFreeToPortZone( Msg, TRUE ); 00888 00889 LpcpReleaseLpcpLock(); 00890 00891 ObDereferenceObject( WakeupThread ); 00892 ObDereferenceObject( PortObject ); 00893 00894 return STATUS_REPLY_MESSAGE_MISMATCH; 00895 } 00896 00897 // 00898 // Copy the reply message to the request message buffer. Do this before 00899 // we actually fiddle with the wakeup threads fields. Otherwise we 00900 // could mess up its state 00901 // 00902 00903 try { 00904 00905 LpcpMoveMessage( &Msg->Request, 00906 &CapturedReplyMessage, 00907 (ReplyMessage + 1), 00908 LPC_REPLY, 00909 NULL ); 00910 00911 } except( EXCEPTION_EXECUTE_HANDLER ) { 00912 00913 LpcpFreeToPortZone( Msg, TRUE ); 00914 00915 LpcpReleaseLpcpLock(); 00916 00917 ObDereferenceObject( WakeupThread ); 00918 ObDereferenceObject( PortObject ); 00919 00920 return (Status = GetExceptionCode()); 00921 } 00922 00923 LpcpTrace(( "%s Sending Reply Msg %lx (%u.%u, %x) [%08x %08x %08x %08x] to Thread %lx (%s)\n", 00924 PsGetCurrentProcess()->ImageFileName, 00925 Msg, 00926 CapturedReplyMessage.MessageId, 00927 CapturedReplyMessage.CallbackId, 00928 CapturedReplyMessage.u2.s2.DataInfoOffset, 00929 *((PULONG)(Msg+1)+0), 00930 *((PULONG)(Msg+1)+1), 00931 *((PULONG)(Msg+1)+2), 00932 *((PULONG)(Msg+1)+3), 00933 WakeupThread, 00934 THREAD_TO_PROCESS( WakeupThread )->ImageFileName )); 00935 00936 // 00937 // Locate and free the messsage from the port. This call use to 00938 // test for (CapturedReplyMessage.u2.s2.DataInfoOffset != 0) as a 00939 // prerequisite for doing the call. 00940 // 00941 00942 LpcpFreeDataInfoMessage( PortObject, 00943 CapturedReplyMessage.MessageId, 00944 CapturedReplyMessage.CallbackId ); 00945 00946 // 00947 // Add an extra reference so LpcExitThread does not evaporate 00948 // the pointer before we get to the wait below 00949 // 00950 00951 ObReferenceObject( WakeupThread ); 00952 00953 // 00954 // Release the mutex that guards the LpcReplyMessage field 00955 // after marking message as being replied to. 00956 // 00957 00958 Msg->RepliedToThread = WakeupThread; 00959 00960 WakeupThread->LpcReplyMessageId = 0; 00961 WakeupThread->LpcReplyMessage = (PVOID)Msg; 00962 00963 // 00964 // Remove the thread from the reply rundown list as we are sending the reply. 00965 // 00966 00967 if ((!WakeupThread->LpcExitThreadCalled) && (!IsListEmpty( &WakeupThread->LpcReplyChain ))) { 00968 00969 RemoveEntryList( &WakeupThread->LpcReplyChain ); 00970 00971 InitializeListHead( &WakeupThread->LpcReplyChain ); 00972 } 00973 00974 if ((CurrentThread->LpcReceivedMsgIdValid) && 00975 (CurrentThread->LpcReceivedMessageId == CapturedReplyMessage.MessageId)) { 00976 00977 CurrentThread->LpcReceivedMessageId = 0; 00978 00979 CurrentThread->LpcReceivedMsgIdValid = FALSE; 00980 } 00981 00982 LpcpTrace(( "%s Waiting for message to Port %x (%s)\n", 00983 PsGetCurrentProcess()->ImageFileName, 00984 ReceivePort, 00985 LpcpGetCreatorName( ReceivePort ))); 00986 00987 LpcpReleaseLpcpLock(); 00988 00989 // 00990 // Wake up the thread that is waiting for an answer to its request 00991 // inside of NtRequestWaitReplyPort or NtReplyWaitReplyPort 00992 // 00993 00994 KeReleaseSemaphore( &WakeupThread->LpcReplySemaphore, 00995 1, 00996 1, 00997 FALSE ); 00998 00999 ObDereferenceObject( WakeupThread ); 01000 01001 // 01002 // **** the timeout on this wait and the next wait appear to be the 01003 // only substantial difference between NtReplyWaitReceivePort 01004 // and NtReplyWaitReceivePortEx 01005 01006 Status = KeWaitForSingleObject( ReceivePort->MsgQueue.Semaphore, 01007 WrLpcReceive, 01008 WaitMode, 01009 FALSE, 01010 Timeout ); 01011 01012 // 01013 // Fall into receive code. Client thread reference will be 01014 // returned by the client when it wakes up. 01015 // 01016 01017 } else { 01018 01019 // 01020 // The user did not give us a reply message to send off 01021 // 01022 // **** it looks like the only reason to have the then and else 01023 // clause both do a wait it to have the lpcp trace denote 01024 // the wait without a preceeding reply 01025 // 01026 // Wait for a message 01027 // 01028 01029 LpcpTrace(( "%s Waiting for message to Port %x (%s)\n", 01030 PsGetCurrentProcess()->ImageFileName, 01031 ReceivePort, 01032 LpcpGetCreatorName( ReceivePort ))); 01033 01034 Status = KeWaitForSingleObject( ReceivePort->MsgQueue.Semaphore, 01035 WrLpcReceive, 01036 WaitMode, 01037 FALSE, 01038 Timeout ); 01039 } 01040 01041 // 01042 // At this point we've awoke from our wait for a receive 01043 // 01044 01045 if (Status == STATUS_SUCCESS) { 01046 01047 LpcpAcquireLpcpLock(); 01048 01049 // 01050 // See if we awoke without a message in our receive port 01051 // 01052 01053 if (IsListEmpty( &ReceivePort->MsgQueue.ReceiveHead )) { 01054 01055 if ( ReceivePort->Flags & PORT_WAITABLE ) { 01056 01057 KeResetEvent( &ReceivePort->WaitEvent ); 01058 } 01059 01060 LpcpReleaseLpcpLock(); 01061 01062 ObDereferenceObject( PortObject ); 01063 01064 return STATUS_UNSUCCESSFUL; 01065 } 01066 01067 // 01068 // We have a message in our recieve port. So let's pull it out 01069 // 01070 01071 Msg = (PLPCP_MESSAGE)RemoveHeadList( &ReceivePort->MsgQueue.ReceiveHead ); 01072 01073 if ( IsListEmpty( &ReceivePort->MsgQueue.ReceiveHead ) ) { 01074 01075 if ( ReceivePort->Flags & PORT_WAITABLE ) { 01076 01077 KeResetEvent( &ReceivePort->WaitEvent ); 01078 } 01079 } 01080 01081 InitializeListHead( &Msg->Entry ); 01082 01083 LpcpTrace(( "%s Receive Msg %lx (%u) from Port %lx (%s)\n", 01084 PsGetCurrentProcess()->ImageFileName, 01085 Msg, 01086 Msg->Request.MessageId, 01087 ReceivePort, 01088 LpcpGetCreatorName( ReceivePort ))); 01089 01090 // 01091 // Now make the thread state to be the message we're currently 01092 // working on 01093 // 01094 01095 CurrentThread->LpcReceivedMessageId = Msg->Request.MessageId; 01096 CurrentThread->LpcReceivedMsgIdValid = TRUE; 01097 01098 LpcpReleaseLpcpLock(); 01099 01100 try { 01101 01102 // 01103 // Check if the message is a connection request 01104 // 01105 01106 if ((Msg->Request.u2.s2.Type & ~LPC_KERNELMODE_MESSAGE) == LPC_CONNECTION_REQUEST) { 01107 01108 PLPCP_CONNECTION_MESSAGE ConnectMsg; 01109 ULONG ConnectionInfoLength; 01110 PLPCP_MESSAGE TempMsg; 01111 01112 ConnectMsg = (PLPCP_CONNECTION_MESSAGE)(Msg + 1); 01113 01114 ConnectionInfoLength = Msg->Request.u1.s1.DataLength - sizeof( *ConnectMsg ); 01115 01116 // 01117 // Dont free message until NtAcceptConnectPort called, and if it's never called 01118 // then we'll keep the message until the client exits. 01119 // 01120 01121 TempMsg = Msg; 01122 Msg = NULL; 01123 01124 *ReceiveMessage = TempMsg->Request; 01125 01126 ReceiveMessage->u1.s1.TotalLength = (CSHORT)(sizeof( *ReceiveMessage ) + ConnectionInfoLength); 01127 ReceiveMessage->u1.s1.DataLength = (CSHORT)ConnectionInfoLength; 01128 01129 RtlMoveMemory( ReceiveMessage+1, 01130 ConnectMsg + 1, 01131 ConnectionInfoLength ); 01132 01133 if (ARGUMENT_PRESENT( PortContext )) { 01134 01135 *PortContext = NULL; 01136 } 01137 01138 // 01139 // Check if the message is not a reply 01140 // 01141 01142 } else if ((Msg->Request.u2.s2.Type & ~LPC_KERNELMODE_MESSAGE) != LPC_REPLY) { 01143 01144 LpcpMoveMessage( ReceiveMessage, 01145 &Msg->Request, 01146 (&Msg->Request) + 1, 01147 0, 01148 NULL ); 01149 01150 if (ARGUMENT_PRESENT( PortContext )) { 01151 01152 *PortContext = Msg->PortContext; 01153 } 01154 01155 // 01156 // If message contains DataInfo for access via NtRead/WriteRequestData 01157 // then put the message on a list in the communication port and dont 01158 // free it. It will be freed when the server replies to the message. 01159 // 01160 01161 if (Msg->Request.u2.s2.DataInfoOffset != 0) { 01162 01163 LpcpSaveDataInfoMessage( PortObject, Msg ); 01164 Msg = NULL; 01165 } 01166 01167 // 01168 // Otherwise this is a reply message we just recieved 01169 // 01170 01171 } else { 01172 01173 LpcpPrint(( "LPC: Bogus reply message (%08x) in receive queue of connection port %08x\n", 01174 Msg, ReceivePort )); 01175 01176 KdBreakPoint(); 01177 } 01178 01179 } except( EXCEPTION_EXECUTE_HANDLER ) { 01180 01181 Status = GetExceptionCode(); // FIX, FIX 01182 } 01183 01184 // 01185 // Acquire the LPC mutex and decrement the reference count for the 01186 // message. If the reference count goes to zero the message will be 01187 // deleted. 01188 // 01189 01190 if (Msg != NULL) { 01191 01192 LpcpFreeToPortZone( Msg, FALSE ); 01193 } 01194 } 01195 01196 ObDereferenceObject( PortObject ); 01197 01198 // 01199 // And return to our caller 01200 // 01201 01202 return Status; 01203 } }

---