validate.c File Reference

#include "precomp.h"
#include <ntsdexts.h>
#include "wow.h"

Go to the source code of this file.

Defines
#define	ClientSharedInfo()   (&gSharedInfo)
#define	ServerInfo()   (gpsi)
#define	INCCRITSECCOUNT
#define	INCDEVICEINFOLISTCRITSECCOUNT
#define	CheckDevLockOut()
Functions
NTSTATUS	ValidateHwinsta (HWINSTA hwinsta, KPROCESSOR_MODE AccessMode, ACCESS_MASK amDesired, PWINDOWSTATION *ppwinsta)
NTSTATUS	ValidateHdesk (HDESK hdesk, KPROCESSOR_MODE AccessMode, ACCESS_MASK amDesired, PDESKTOP *ppdesk)
HRGN	UserValidateCopyRgn (HRGN hrgn)
PMENU	ValidateHmenu (HMENU hmenu)
PMONITOR	ValidateHmonitor (HMONITOR hmonitor)
BOOL	IsHandleEntrySecure (HANDLE h, PHE phe)
BOOL	ValidateHandleSecure (HANDLE h)
PWND FASTCALL	ValidateHwnd (HWND hwnd)
VOID	UserEnterUserCritSec (VOID)
VOID	UserLeaveUserCritSec (VOID)
BOOL	UserGetCurrentDesktopId (DWORD *pdwDesktopId)
BOOL	UserIsUserCritSecIn ()
void	EnterCrit (void)
void	EnterSharedCrit (void)
void	LeaveCrit (void)
VOID	ChangeAcquireResourceType (VOID)
Variables
__int64	gCSTimeExclusiveWhenEntering

---

Define Documentation

#define CheckDevLockOut (   )

Definition at line 795 of file validate.c. Referenced by ChangeAcquireResourceType(), EnterCrit(), EnterSharedCrit(), and LeaveCrit().

#define ClientSharedInfo (   )     (&gSharedInfo)

Definition at line 20 of file validate.c.

#define INCCRITSECCOUNT

Definition at line 768 of file validate.c. Referenced by EnterCrit(), EnterSharedCrit(), and LeaveCrit().

#define INCDEVICEINFOLISTCRITSECCOUNT

Definition at line 769 of file validate.c.

#define ServerInfo (   )     (gpsi)

Definition at line 21 of file validate.c.

---

Function Documentation

VOID ChangeAcquireResourceType (  VOID   )

Definition at line 887 of file validate.c. References CheckDevLockOut, ExAcquireResourceExclusiveLite(), ExReleaseResource, gpresUser, gptiCurrent, ISATOMICCHECK, TRUE, and VOID(). Referenced by NtUserGetKeyState(). { #if DBG FlushCallStack(); CheckDevLockOut(); UserAssert(!ISATOMICCHECK()); #endif // DBG ExReleaseResource(gpresUser); ExAcquireResourceExclusiveLite(gpresUser, TRUE); gptiCurrent = ((PTHREADINFO)(W32GetCurrentThread())); #if DBG GetCallStack(); #endif // DBG }

void EnterCrit (  void   )

Definition at line 798 of file validate.c. References CheckCritOut, CheckDeviceInfoListCritOut, CheckDevLockOut, ExAcquireResourceExclusiveLite(), gCSTimeExclusiveWhenEntering, gpresUser, gptiCurrent, INCCRITSECCOUNT, ISATOMICCHECK, KeEnterCriticalRegion, KeQueryPerformanceCounter(), NULL, and TRUE. { CheckCritOut(); CheckDeviceInfoListCritOut(); KeEnterCriticalRegion(); ExAcquireResourceExclusiveLite(gpresUser, TRUE); CheckDevLockOut(); UserAssert(!ISATOMICCHECK()); UserAssert(gptiCurrent == NULL); gptiCurrent = ((PTHREADINFO)(W32GetCurrentThread())); INCCRITSECCOUNT; #if defined (USER_PERFORMANCE) { __int64 i64Frecv; *(LARGE_INTEGER*)(&gCSTimeExclusiveWhenEntering) = KeQueryPerformanceCounter((LARGE_INTEGER*)&i64Frecv); InterlockedIncrement(&gCSStatistics.cExclusive); } #endif // (USER_PERFORMANCE) #if DBG GetCallStack(); #endif // DBG }

void EnterSharedCrit (  void   )

Definition at line 833 of file validate.c. References CheckDevLockOut, ExAcquireResourceSharedLite(), gpresUser, INCCRITSECCOUNT, ISATOMICCHECK, KeEnterCriticalRegion, and TRUE. Referenced by xxxUserFindHandleForObject(). { KeEnterCriticalRegion(); ExAcquireResourceSharedLite(gpresUser, TRUE); CheckDevLockOut(); UserAssert(!ISATOMICCHECK()); #if defined (USER_PERFORMANCE) InterlockedIncrement(&gCSStatistics.cShared); #endif // (USER_PERFORMANCE) INCCRITSECCOUNT; }

BOOL IsHandleEntrySecure (  HANDLE  h, PHE  phe )

Definition at line 232 of file validate.c. References tagHANDLETYPEINFO::bObjectCreateFlags, BOOL, _HANDLEENTRY::bType, DWORD, FALSE, gahti, NULL, OCF_PROCESSOWNED, OCF_THREADOWNED, tagW32JOB::pgh, _HANDLEENTRY::pOwner, tagTHREADINFO::ppi, PpiCurrent, tagPROCESSINFO::pW32Job, TRUE, tagW32JOB::ughCrt, and tagW32JOB::ughMax. Referenced by ValidateHandleSecure(), and ValidateHwnd(). { DWORD bCreateFlags; PPROCESSINFO ppiOwner; PPROCESSINFO ppiCurrent; PW32JOB pW32Job; DWORD ind; PULONG_PTR pgh; /* * get the current process */ ppiCurrent = PpiCurrent(); if (ppiCurrent == NULL) return TRUE; UserAssert(ppiCurrent->pW32Job != NULL); UserAssert(ppiCurrent->W32PF_Flags & W32PF_RESTRICTED); /* * get the process that owns the handle */ bCreateFlags = gahti[phe->bType].bObjectCreateFlags; ppiOwner = NULL; if (bCreateFlags & OCF_PROCESSOWNED) { ppiOwner = (PPROCESSINFO)phe->pOwner; } else if (bCreateFlags & OCF_THREADOWNED) { PTHREADINFO pti; pti = (PTHREADINFO)phe->pOwner; if (pti != NULL) { ppiOwner = pti->ppi; } } /* * if the owner is NULL then consider the handle secure */ if (ppiOwner == NULL) return FALSE; /* * if the handle is owned by a process in the same job, then it's secure */ if (ppiOwner->pW32Job == ppiCurrent->pW32Job) return TRUE; /* * the handle is not owned by the current process */ pW32Job = ppiCurrent->pW32Job; if (pW32Job->pgh == NULL) return FALSE; pgh = pW32Job->pgh; UserAssert(pW32Job->ughCrt <= pW32Job->ughMax); for (ind = 0; ind < pW32Job->ughCrt; ind++) { if (*(pgh + ind) == (ULONG_PTR)h) { return TRUE; } } return FALSE; }

void LeaveCrit (  void   )

Definition at line 846 of file validate.c. References CheckCritOut, CheckDevLockOut, ExReleaseResource, gCSTimeExclusiveWhenEntering, gpresUser, gptiCurrent, INCCRITSECCOUNT, ISATOMICCHECK, IsWinEventNotifyDeferredOK, KeLeaveCriticalRegion, KeQueryPerformanceCounter(), and NULL. { INCCRITSECCOUNT; #if DBG UserAssert(!ISATOMICCHECK()); UserAssert(IsWinEventNotifyDeferredOK()); CheckDevLockOut(); FlushCallStack(); gptiCurrent = NULL; #endif // DBG #if defined (USER_PERFORMANCE) /* * A non null gCSTimeExclusiveWhenEntering means the * critical section is owned exclusive */ if (gCSTimeExclusiveWhenEntering) { __int64 i64Temp, i64Frecv; *(LARGE_INTEGER*)(&i64Temp) = KeQueryPerformanceCounter((LARGE_INTEGER*)&i64Frecv); gCSStatistics.i64TimeExclusive += i64Temp - gCSTimeExclusiveWhenEntering; gCSTimeExclusiveWhenEntering = 0; } #endif // (USER_PERFORMANCE) ExReleaseResource(gpresUser); KeLeaveCriticalRegion(); CheckCritOut(); }

VOID UserEnterUserCritSec (  VOID   )

Definition at line 472 of file validate.c. References EnterCrit, and VOID(). { EnterCrit(); }

BOOL UserGetCurrentDesktopId (  DWORD *  pdwDesktopId  )

Definition at line 494 of file validate.c. References BOOL, CheckCritIn, tagDESKTOP::dwDesktopId, FALSE, grpdeskRitInput, PtiCurrent, and TRUE. { PDESKTOP pdesktop; CheckCritIn(); /* * PtiCurrent()->rpdesk can be NULL !!! (in the case of thread shutdown). */ pdesktop = PtiCurrent()->rpdesk; if (pdesktop != grpdeskRitInput) { RIPMSG0(RIP_WARNING, "UserGetCurrentDesktopId on wrong desktop pdesk\n"); return FALSE; } *pdwDesktopId = pdesktop->dwDesktopId; return TRUE; }

BOOL UserIsUserCritSecIn (   )

Definition at line 773 of file validate.c. References BOOL, ExIsResourceAcquiredExclusiveLite(), ExIsResourceAcquiredSharedLite(), gpresUser, NULL, and TRUE. { UserAssert(gpresUser != NULL); return( (ExIsResourceAcquiredExclusiveLite(gpresUser) == TRUE) || (ExIsResourceAcquiredSharedLite(gpresUser) == TRUE)); return(TRUE); }

VOID UserLeaveUserCritSec (  VOID   )

Definition at line 477 of file validate.c. References LeaveCrit, and VOID(). { LeaveCrit(); }

HRGN UserValidateCopyRgn (  HRGN  hrgn  )

Definition at line 151 of file validate.c. References CopyRgn, CreateEmptyRgn(), and NULL. Referenced by xxxDWP_DoNCActivate(), and xxxSetWindowRgn(). { HRGN hrgnCopy = NULL; if (hrgn && (GreValidateServerHandle(hrgn, RGN_TYPE))) { hrgnCopy = CreateEmptyRgn(); if (CopyRgn(hrgnCopy, hrgn) == ERROR) { GreDeleteObject(hrgnCopy); hrgnCopy = NULL; } } return hrgnCopy; }

BOOL ValidateHandleSecure (  HANDLE  h  )

Definition at line 321 of file validate.c. References BeginTypeValidateHandleMacro, BOOL, CheckCritInShared, EndTypeValidateHandleMacro, EndValidateHandleMacro, FALSE, IsHandleEntrySecure(), StartValidateHandleMacro, TRUE, and TYPE_GENERIC. Referenced by NtUserValidateHandleSecure(). { PVOID pobj; CheckCritInShared(); StartValidateHandleMacro(h) BeginTypeValidateHandleMacro(pobj, TYPE_GENERIC) if (IsHandleEntrySecure(h, phe)) { return TRUE; } EndTypeValidateHandleMacro EndValidateHandleMacro return FALSE; }

NTSTATUS ValidateHdesk (  HDESK  hdesk, KPROCESSOR_MODE  AccessMode, ACCESS_MASK  amDesired, PDESKTOP *  ppdesk )

Definition at line 92 of file validate.c. References DF_DESKWNDDESTROYED, DF_DESTROYED, DF_DYING, Error, ExDesktopObjectType, gSessionId, LogDesktop, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PtiCurrent, Status, and TRUE. Referenced by NtUserBuildHwndList(), NtUserSetThreadDesktop(), and NtUserSwitchDesktop(). { NTSTATUS Status; Status = ObReferenceObjectByHandle( hdesk, amDesired, *ExDesktopObjectType, AccessMode, ppdesk, NULL); if (NT_SUCCESS(Status)) { if ((*ppdesk)->dwSessionId != gSessionId) { RIPNTERR3(STATUS_INVALID_HANDLE, RIP_WARNING, "SessionId %d. Wrong session id %d for pdesk %#p", gSessionId, (*ppdesk)->dwSessionId, *ppdesk); goto Error; } LogDesktop(*ppdesk, LDL_VALIDATE_HDESK, TRUE, (ULONG_PTR)PtiCurrent()); if ((*ppdesk)->dwDTFlags & (DF_DESTROYED | DF_DESKWNDDESTROYED | DF_DYING)) { RIPNTERR1(STATUS_INVALID_HANDLE, RIP_ERROR, "ValidateHdesk: destroyed desktop %#p", *ppdesk); Error: ObDereferenceObject(*ppdesk); #if DBG *ppdesk = NULL; #endif // DBG return STATUS_INVALID_HANDLE; } } else { RIPNTERR1(Status, RIP_VERBOSE, "ValidateHdesk failed for %#p", hdesk); } return Status; }

PMENU ValidateHmenu (  HMENU  hmenu  )

Definition at line 181 of file validate.c. References tagMENU::head, HMValidateHandle(), NULL, PtiCurrentShared, tagTHREADINFO::rpdesk, and TYPE_MENU. Referenced by xxxMenuWindowProc(), xxxSetLPITEMInfo(), and xxxSetWindowData(). { PTHREADINFO pti = PtiCurrentShared(); PMENU pmenuRet; pmenuRet = (PMENU)HMValidateHandle(hmenu, TYPE_MENU); if (pmenuRet != NULL && ((pti->rpdesk != NULL && // hack so console initialization works. pmenuRet->head.rpdesk != pti->rpdesk))) { RIPERR1(ERROR_INVALID_MENU_HANDLE, RIP_WARNING, "Invalid menu handle (%#p)", hmenu); return NULL; } return pmenuRet; }

PMONITOR ValidateHmonitor (  HMONITOR  hmonitor  )

Definition at line 210 of file validate.c. References HMValidateSharedHandle(), and TYPE_MONITOR. Referenced by GetHDevName(), xxxCreateThreadInfo(), and xxxCreateWindowEx(). { return (PMONITOR)HMValidateSharedHandle(hmonitor, TYPE_MONITOR); }

NTSTATUS ValidateHwinsta (  HWINSTA  hwinsta, KPROCESSOR_MODE  AccessMode, ACCESS_MASK  amDesired, PWINDOWSTATION *  ppwinsta )

Definition at line 46 of file validate.c. References ExWindowStationObjectType, gSessionId, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), and Status. Referenced by NtUserBuildNameList(), NtUserCloseWindowStation(), NtUserLockWindowStation(), NtUserSetWindowStationUser(), and NtUserUnlockWindowStation(). { NTSTATUS Status; Status = ObReferenceObjectByHandle( hwinsta, amDesired, *ExWindowStationObjectType, AccessMode, ppwinsta, NULL); if (!NT_SUCCESS(Status)) { RIPNTERR1(Status, RIP_VERBOSE, "ValidateHwinsta failed for %#p", hwinsta); } else if ((*ppwinsta)->dwSessionId != gSessionId) { RIPNTERR3(STATUS_INVALID_HANDLE, RIP_WARNING, "SessionId %d. Wrong session id %d for pwinsta %#p", gSessionId, (*ppwinsta)->dwSessionId, *ppwinsta); ObDereferenceObject(*ppwinsta); #if DBG *ppwinsta = NULL; #endif // DBG return STATUS_INVALID_HANDLE; } return Status; }

PWND FASTCALL ValidateHwnd (  HWND  hwnd  )

Definition at line 348 of file validate.c. References _CLIENTINFO::CallbackWnd, EndValidateHandleMacro, FASTCALL, GetClientInfo, GetDesktopView(), GETPTI, HANDLEF_DESTROY, tagWND::head, HMValidateHandle(), _CALLBACKWND::hwnd, IS_THREAD_RESTRICTED, IsHandleEntrySecure(), NULL, tagTHREADINFO::ppi, PtiCurrentShared, _CALLBACKWND::pwnd, tagTHREADINFO::rpdesk, StartValidateHandleMacro, tagTHREADINFO::TIF_flags, TIF_SYSTEMTHREAD, and TYPE_WINDOW. { StartValidateHandleMacro(hwnd) /* * Now make sure the app is * passing the right handle * type for this api. If the * handle is TYPE_FREE, this'll * catch it. */ if (phe->bType == TYPE_WINDOW) { PTHREADINFO pti = PtiCurrentShared(); /* * This is called from thunks for routines in the shared critsec. */ PWND pwndRet = (PWND)phe->phead; /* * This test establishes that the window belongs to the current * 'desktop'.. The two exceptions are for the desktop-window of * the current desktop, which ends up belonging to another desktop, * and when pti->rpdesk is NULL. This last case happens for * initialization of TIF_SYSTEMTHREAD threads (ie. console windows). * IanJa doesn't know if we should be test TIF_CSRSSTHREAD here, but * JohnC thinks the whole test below is no longer required ??? LATER */ if (pwndRet != NULL) { if (phe->bFlags & HANDLEF_DESTROY) { RIPERR2(ERROR_INVALID_WINDOW_HANDLE, RIP_WARNING,"ValidateHwnd, hwnd %#p, pwnd %#p already destroyed\n", hwnd, pwndRet); return NULL; } if (GETPTI(pwndRet) == pti || ( (pwndRet->head.rpdesk == pti->rpdesk || (pti->TIF_flags & TIF_SYSTEMTHREAD) || // | TIF_CSRSSTHREAD I think GetDesktopView(pti->ppi, pwndRet->head.rpdesk) != NULL))) { if (IS_THREAD_RESTRICTED(pti, JOB_OBJECT_UILIMIT_HANDLES)) { /* * make sure this window belongs to this process */ if (!IsHandleEntrySecure(hwnd, phe)) { RIPERR1(ERROR_INVALID_WINDOW_HANDLE, RIP_WARNING, "ValidateHwnd: Invalid hwnd (%#p) for restricted process\n", hwnd); pwndRet = NULL; } } return pwndRet; } } } EndValidateHandleMacro RIPERR1(ERROR_INVALID_WINDOW_HANDLE, RIP_WARNING, "ValidateHwnd: Invalid hwnd (%#p)", hwnd); return NULL; }

---

Variable Documentation

__int64 gCSTimeExclusiveWhenEntering

Definition at line 34 of file validate.c. Referenced by EnterCrit(), and LeaveCrit().

---