00001 /*++ 00002 00003 Copyright (c) 1994 Microsoft Corporation 00004 00005 Module Name: 00006 00007 callback.c 00008 00009 Abstract: 00010 00011 This module implements user mode call back services. 00012 00013 Author: 00014 00015 David N. Cutler (davec) 29-Oct-1994 00016 00017 Environment: 00018 00019 Kernel mode only. 00020 00021 Revision History: 00022 00023 --*/ 00024 00025 #include "ki.h" 00026 00027 NTSTATUS 00028 KeUserModeCallback ( 00029 IN ULONG ApiNumber, 00030 IN PVOID InputBuffer, 00031 IN ULONG InputLength, 00032 OUT PVOID *OutputBuffer, 00033 IN PULONG OutputLength 00034 ) 00035 00036 /*++ 00037 00038 Routine Description: 00039 00040 This function call out from kernel mode to a user mode function. 00041 00042 Arguments: 00043 00044 ApiNumber - Supplies the API number. 00045 00046 InputBuffer - Supplies a pointer to a structure that is copied 00047 to the user stack. 00048 00049 InputLength - Supplies the length of the input structure. 00050 00051 Outputbuffer - Supplies a pointer to a variable that receives 00052 the address of the output buffer. 00053 00054 Outputlength - Supplies a pointer to a variable that receives 00055 the length of the output buffer. 00056 00057 Return Value: 00058 00059 If the callout cannot be executed, then an error status is 00060 returned. Otherwise, the status returned by the callback function 00061 is returned. 00062 00063 --*/ 00064 00065 { 00066 PUCALLOUT_FRAME CalloutFrame; 00067 ULONG Length; 00068 ULONG OldStack; 00069 NTSTATUS Status; 00070 PKTRAP_FRAME TrapFrame; 00071 PULONG UserStack; 00072 PVOID ValueBuffer; 00073 ULONG ValueLength; 00074 00075 ASSERT(KeGetPreviousMode() == UserMode); 00076 00077 // 00078 // Get the user mode stack pointer and attempt to copy input buffer 00079 // to the user stack. 00080 // 00081 00082 TrapFrame = KeGetCurrentThread()->TrapFrame; 00083 OldStack = (ULONG)TrapFrame->Gpr1; 00084 try { 00085 00086 // 00087 // Compute new user mode stack address, probe for writability, 00088 // and copy the input buffer to the user stack. 00089 // 00090 00091 Length = (InputLength + 00092 sizeof(QUAD) - 1 + sizeof(UCALLOUT_FRAME)) & ~(sizeof(QUAD) - 1); 00093 00094 CalloutFrame = (PUCALLOUT_FRAME)(OldStack - Length); 00095 ProbeForWrite(CalloutFrame, Length, sizeof(QUAD)); 00096 RtlMoveMemory(CalloutFrame + 1, InputBuffer, InputLength); 00097 00098 // 00099 // Allocate stack frame fill in callout arguments. 00100 // 00101 00102 CalloutFrame->Buffer = (PVOID)(CalloutFrame + 1); 00103 CalloutFrame->Length = InputLength; 00104 CalloutFrame->ApiNumber = ApiNumber; 00105 CalloutFrame->Frame.BackChain = TrapFrame->Gpr1; 00106 CalloutFrame->Lr = TrapFrame->Lr; 00107 00108 // 00109 // If an exception occurs during the probe of the user stack, then 00110 // always handle the exception and return the exception code as the 00111 // status value. 00112 // 00113 00114 } except (EXCEPTION_EXECUTE_HANDLER) { 00115 return GetExceptionCode(); 00116 } 00117 00118 // 00119 // Call user mode. 00120 // 00121 00122 TrapFrame->Gpr1 = (ULONG)CalloutFrame; 00123 Status = KiCallUserMode(OutputBuffer, OutputLength); 00124 TrapFrame->Gpr1 = OldStack; 00125 00126 // 00127 // When returning from user mode, any drawing done to the GDI TEB 00128 // batch must be flushed. 00129 // 00130 00131 if (((PTEB)KeGetCurrentThread()->Teb)->GdiBatchCount > 0) { 00132 00133 // 00134 // call GDI batch flush routine 00135 // 00136 00137 KeGdiFlushUserBatch(); 00138 } 00139 00140 return Status; 00141 } 00142 00143 NTSTATUS 00144 NtW32Call ( 00145 IN ULONG ApiNumber, 00146 IN PVOID InputBuffer, 00147 IN ULONG InputLength, 00148 OUT PVOID *OutputBuffer, 00149 OUT PULONG OutputLength 00150 ) 00151 00152 /*++ 00153 00154 Routine Description: 00155 00156 This function calls a W32 function. 00157 00158 N.B. ************** This is a temporary service ***************** 00159 00160 Arguments: 00161 00162 ApiNumber - Supplies the API number. 00163 00164 InputBuffer - Supplies a pointer to a structure that is copied to 00165 the user stack. 00166 00167 InputLength - Supplies the length of the input structure. 00168 00169 Outputbuffer - Supplies a pointer to a variable that recevies the 00170 output buffer address. 00171 00172 Outputlength - Supplies a pointer to a variable that recevies the 00173 output buffer length. 00174 00175 Return Value: 00176 00177 TBS. 00178 00179 --*/ 00180 00181 { 00182 00183 PVOID ValueBuffer; 00184 ULONG ValueLength; 00185 NTSTATUS Status; 00186 00187 ASSERT(KeGetPreviousMode() == UserMode); 00188 00189 // 00190 // If the current thread is not a GUI thread, then fail the service 00191 // since the thread does not have a large stack. 00192 // 00193 00194 if (KeGetCurrentThread()->Win32Thread == (PVOID)&KeServiceDescriptorTable[0]) { 00195 return STATUS_NOT_IMPLEMENTED; 00196 } 00197 00198 // 00199 // Probe the output buffer address and length for writeability. 00200 // 00201 00202 try { 00203 ProbeForWriteUlong((PULONG)OutputBuffer); 00204 ProbeForWriteUlong(OutputLength); 00205 00206 // 00207 // If an exception occurs during the probe of the output buffer or 00208 // length, then always handle the exception and return the exception 00209 // code as the status value. 00210 // 00211 00212 } except(EXCEPTION_EXECUTE_HANDLER) { 00213 return GetExceptionCode(); 00214 } 00215 00216 // 00217 // Call out to user mode specifying the input buffer and API number. 00218 // 00219 00220 Status = KeUserModeCallback(ApiNumber, 00221 InputBuffer, 00222 InputLength, 00223 &ValueBuffer, 00224 &ValueLength); 00225 00226 // 00227 // If the callout is successful, then the output buffer address and 00228 // length. 00229 // 00230 00231 if (NT_SUCCESS(Status)) { 00232 try { 00233 *OutputBuffer = ValueBuffer; 00234 *OutputLength = ValueLength; 00235 00236 } except(EXCEPTION_EXECUTE_HANDLER) { 00237 } 00238 } 00239 00240 return Status; 00241 }
1.3.7