00001 /*++ 00002 00003 Copyright (c) 1994 Microsoft Corporation 00004 00005 Module Name: 00006 00007 callback.c 00008 00009 Abstract: 00010 00011 This module implements user mode call back services. 00012 00013 Author: 00014 00015 David N. Cutler (davec) 29-Oct-1994 00016 00017 Environment: 00018 00019 Kernel mode only. 00020 00021 Revision History: 00022 00023 --*/ 00024 00025 #include "ki.h" 00026 00027 NTSTATUS 00028 KeUserModeCallback ( 00029 IN ULONG ApiNumber, 00030 IN PVOID InputBuffer, 00031 IN ULONG InputLength, 00032 OUT PVOID *OutputBuffer, 00033 IN PULONG OutputLength 00034 ) 00035 00036 /*++ 00037 00038 Routine Description: 00039 00040 This function call out from kernel mode to a user mode function. 00041 00042 Arguments: 00043 00044 ApiNumber - Supplies the API number. 00045 00046 InputBuffer - Supplies a pointer to a structure that is copied 00047 to the user stack. 00048 00049 InputLength - Supplies the length of the input structure. 00050 00051 Outputbuffer - Supplies a pointer to a variable that receives 00052 the address of the output buffer. 00053 00054 Outputlength - Supplies a pointer to a variable that receives 00055 the length of the output buffer. 00056 00057 Return Value: 00058 00059 If the callout cannot be executed, then an error status is 00060 returned. Otherwise, the status returned by the callback function 00061 is returned. 00062 00063 --*/ 00064 00065 { 00066 00067 PUCALLOUT_FRAME CalloutFrame; 00068 ULONG Length; 00069 ULONG OldStack; 00070 NTSTATUS Status; 00071 PKTRAP_FRAME TrapFrame; 00072 PULONG UserStack; 00073 PVOID ValueBuffer; 00074 ULONG ValueLength; 00075 00076 ASSERT(KeGetPreviousMode() == UserMode); 00077 00078 // 00079 // Get the user mode stack pointer and attempt to copy input buffer 00080 // to the user stack. 00081 // 00082 00083 TrapFrame = KeGetCurrentThread()->TrapFrame; 00084 OldStack = (ULONG)TrapFrame->XIntSp; 00085 try { 00086 00087 // 00088 // Compute new user mode stack address, probe for writability, 00089 // and copy the input buffer to the user stack. 00090 // 00091 00092 Length = (InputLength + 00093 sizeof(QUAD) - 1 + sizeof(UCALLOUT_FRAME)) & ~(sizeof(QUAD) - 1); 00094 00095 CalloutFrame = (PUCALLOUT_FRAME)(OldStack - Length); 00096 ProbeForWrite(CalloutFrame, Length, sizeof(QUAD)); 00097 RtlMoveMemory(CalloutFrame + 1, InputBuffer, InputLength); 00098 00099 // 00100 // Allocate stack frame fill in callout arguments. 00101 // 00102 00103 CalloutFrame->Buffer = (PVOID)(CalloutFrame + 1); 00104 CalloutFrame->Length = InputLength; 00105 CalloutFrame->ApiNumber = ApiNumber; 00106 CalloutFrame->Pad = 0; 00107 CalloutFrame->Sp = TrapFrame->XIntSp; 00108 CalloutFrame->Ra = TrapFrame->XIntRa; 00109 00110 // 00111 // If an exception occurs during the probe of the user stack, then 00112 // always handle the exception and return the exception code as the 00113 // status value. 00114 // 00115 00116 } except (EXCEPTION_EXECUTE_HANDLER) { 00117 return GetExceptionCode(); 00118 } 00119 00120 // 00121 // Call user mode. 00122 // 00123 00124 TrapFrame->XIntSp = (LONG)CalloutFrame; 00125 Status = KiCallUserMode(OutputBuffer, OutputLength); 00126 TrapFrame->XIntSp = (LONG)OldStack; 00127 00128 // 00129 // If the GDI TEB batch contains any entries, it must be flushed. 00130 // 00131 00132 if (((PTEB)KeGetCurrentThread()->Teb)->GdiBatchCount > 0) { 00133 KeGdiFlushUserBatch(); 00134 } 00135 00136 return Status; 00137 } 00138 00139 NTSTATUS 00140 NtW32Call ( 00141 IN ULONG ApiNumber, 00142 IN PVOID InputBuffer, 00143 IN ULONG InputLength, 00144 OUT PVOID *OutputBuffer, 00145 OUT PULONG OutputLength 00146 ) 00147 00148 /*++ 00149 00150 Routine Description: 00151 00152 This function calls a W32 function. 00153 00154 N.B. ************** This is a temporary service ***************** 00155 00156 Arguments: 00157 00158 ApiNumber - Supplies the API number. 00159 00160 InputBuffer - Supplies a pointer to a structure that is copied to 00161 the user stack. 00162 00163 InputLength - Supplies the length of the input structure. 00164 00165 Outputbuffer - Supplies a pointer to a variable that recevies the 00166 output buffer address. 00167 00168 Outputlength - Supplies a pointer to a variable that recevies the 00169 output buffer length. 00170 00171 Return Value: 00172 00173 TBS. 00174 00175 --*/ 00176 00177 { 00178 00179 PVOID ValueBuffer; 00180 ULONG ValueLength; 00181 NTSTATUS Status; 00182 00183 ASSERT(KeGetPreviousMode() == UserMode); 00184 00185 // 00186 // If the current thread is not a GUI thread, then fail the service 00187 // since the thread does not have a large stack. 00188 // 00189 00190 if (KeGetCurrentThread()->Win32Thread == (PVOID)&KeServiceDescriptorTable[0]) { 00191 return STATUS_NOT_IMPLEMENTED; 00192 } 00193 00194 // 00195 // Probe the output buffer address and length for writeability. 00196 // 00197 00198 try { 00199 ProbeForWriteUlong((PULONG)OutputBuffer); 00200 ProbeForWriteUlong(OutputLength); 00201 00202 // 00203 // If an exception occurs during the probe of the output buffer or 00204 // length, then always handle the exception and return the exception 00205 // code as the status value. 00206 // 00207 00208 } except(EXCEPTION_EXECUTE_HANDLER) { 00209 return GetExceptionCode(); 00210 } 00211 00212 // 00213 // Call out to user mode specifying the input buffer and API number. 00214 // 00215 00216 Status = KeUserModeCallback(ApiNumber, 00217 InputBuffer, 00218 InputLength, 00219 &ValueBuffer, 00220 &ValueLength); 00221 00222 // 00223 // If the callout is successful, then the output buffer address and 00224 // length. 00225 // 00226 00227 if (NT_SUCCESS(Status)) { 00228 try { 00229 *OutputBuffer = ValueBuffer; 00230 *OutputLength = ValueLength; 00231 00232 } except(EXCEPTION_EXECUTE_HANDLER) { 00233 } 00234 } 00235 00236 return Status; 00237 }
1.3.7