1 Nov
2022
1 Nov
'22
8:51 p.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e3ac541360d92cd23e383…
commit e3ac541360d92cd23e38383551b8bbb6e7046536
Author: Mark Jansen <mark.jansen(a)reactos.org>
AuthorDate: Sun Oct 23 21:34:04 2022 +0200
Commit: Mark Jansen <mark.jansen(a)reactos.org>
CommitDate: Tue Nov 1 21:26:05 2022 +0100
[RTL] Use RtlApplicationVerifierStop for DPH
---
sdk/include/reactos/verifier.h | 29 +++++++++++++
sdk/lib/rtl/heappage.c | 95 ++++++++++++++++++++++++++++++++++--------
2 files changed, 107 insertions(+), 17 deletions(-)
diff --git a/sdk/include/reactos/verifier.h b/sdk/include/reactos/verifier.h
index b0e8413d158..112f9dd9b92 100644
--- a/sdk/include/reactos/verifier.h
+++ b/sdk/include/reactos/verifier.h
@@ -83,4 +83,33 @@ typedef struct _RTL_VERIFIER_PROVIDER_DESCRIPTOR {
#define RTL_VRF_DBG_ENTRYPOINT_HOOKS 0x10000
#define RTL_VRF_DBG_ENTRYPOINT_CALLS 0x20000
+
+// Verifier stop codes
+
+#define APPLICATION_VERIFIER_CORRUPT_HEAP_POINTER 0x0006
+#define APPLICATION_VERIFIER_DOUBLE_FREE 0x0007
+
+#define APPLICATION_VERIFIER_EXCEPTION_WHILE_VERIFYING_BLOCK_HEADER 0x000B
+#define APPLICATION_VERIFIER_CORRUPTED_HEAP_BLOCK_AFTER_FREE 0x000D
+#define APPLICATION_VERIFIER_CORRUPTED_INFIX_PATTERN 0x000E
+#define APPLICATION_VERIFIER_CORRUPTED_SUFFIX_PATTERN 0x000F
+#define APPLICATION_VERIFIER_CORRUPTED_START_STAMP 0x0010
+#define APPLICATION_VERIFIER_CORRUPTED_END_STAMP 0x0011
+#define APPLICATION_VERIFIER_CORRUPTED_PREFIX_PATTERN 0x0012
+
+
+VOID NTAPI
+RtlApplicationVerifierStop(
+ _In_ ULONG_PTR Code,
+ _In_ PCSTR Message,
+ _In_ PVOID Value1,
+ _In_ PCSTR Description1,
+ _In_ PVOID Value2,
+ _In_ PCSTR Description2,
+ _In_ PVOID Value3,
+ _In_ PCSTR Description3,
+ _In_ PVOID Value4,
+ _In_ PCSTR Description4);
+
+
#endif // REACTOS_VERIFIER_H
diff --git a/sdk/lib/rtl/heappage.c b/sdk/lib/rtl/heappage.c
index 724cccff73f..e15d981e4ef 100644
--- a/sdk/lib/rtl/heappage.c
+++ b/sdk/lib/rtl/heappage.c
@@ -15,6 +15,7 @@
#include <rtl.h>
#include <heap.h>
+#include <reactos/verifier.h>
#define NDEBUG
#include <debug.h>
@@ -192,7 +193,11 @@ BOOLEAN NTAPI
RtlpDphIsNormalFreeHeapBlock(PVOID Block, PULONG ValidationInformation, BOOLEAN
CheckFillers);
VOID NTAPI
-RtlpDphReportCorruptedBlock(PDPH_HEAP_ROOT DphRoot, ULONG Reserved, PVOID Block, ULONG
ValidationInfo);
+RtlpDphReportCorruptedBlock(
+ _In_ PDPH_HEAP_ROOT DphRoot,
+ _In_ ULONG Reserved,
+ _In_ PVOID Block,
+ _In_ ULONG ValidationInfo);
BOOLEAN NTAPI
RtlpDphNormalHeapValidate(PDPH_HEAP_ROOT DphRoot, ULONG Flags, PVOID BaseAddress);
@@ -231,6 +236,27 @@ RtlpDphPointerFromHandle(PVOID Handle)
return NULL;
}
+PVOID NTAPI
+RtlpDphHeapFromPointer(PDPH_HEAP_ROOT DphHeap)
+{
+ return ((PUCHAR)DphHeap) - PAGE_SIZE;
+}
+
+ULONG NTAPI
+RtlpDphGetBlockSizeFromCorruptedBlock(PVOID Block)
+{
+ PDPH_BLOCK_INFORMATION BlockInfo;
+ BlockInfo = (PDPH_BLOCK_INFORMATION)Block - 1;
+
+ /* Check stamps */
+ if (BlockInfo->StartStamp != DPH_FILL_START_STAMP_1 &&
BlockInfo->StartStamp != DPH_FILL_START_STAMP_2)
+ {
+ return 0;
+ }
+
+ return BlockInfo->RequestedSize;
+}
+
VOID NTAPI
RtlpDphEnterCriticalSection(PDPH_HEAP_ROOT DphRoot, ULONG Flags)
{
@@ -1297,59 +1323,94 @@ RtlpDphVerifyIntegrity(PDPH_HEAP_ROOT DphRoot)
}
VOID NTAPI
-RtlpDphReportCorruptedBlock(PDPH_HEAP_ROOT DphRoot,
- ULONG Reserved,
- PVOID Block,
- ULONG ValidationInfo)
+RtlpDphReportCorruptedBlock(
+ _In_ PDPH_HEAP_ROOT DphRoot,
+ _In_ ULONG Reserved,
+ _In_ PVOID Block,
+ _In_ ULONG ValidationInfo)
{
- //RtlpDphGetBlockSizeFromCorruptedBlock();
+ PVOID Size = (PVOID)(ULONG_PTR)RtlpDphGetBlockSizeFromCorruptedBlock(Block);
+ DPH_BLOCK_INFORMATION SafeInfo = {0};
+
+ DPRINT1("Corrupted heap block %p\n", Block);
+
+ _SEH2_TRY
+ {
+ PDPH_BLOCK_INFORMATION BlockInfo = (PDPH_BLOCK_INFORMATION)Block - 1;
+ RtlCopyMemory(&SafeInfo, BlockInfo, sizeof(SafeInfo));
+ }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ DPRINT1("ERROR: Could not read DPH_BLOCK_INFORMATION\n");
+ RtlZeroMemory(&SafeInfo, sizeof(SafeInfo));
+ }
+ _SEH2_END;
if (ValidationInfo & DPH_VALINFO_CORRUPTED_AFTER_FREE)
{
- DPRINT1("block corrupted after having been freed\n");
+ RtlApplicationVerifierStop(
+ APPLICATION_VERIFIER_CORRUPTED_HEAP_BLOCK_AFTER_FREE, "block corrupted
after having been freed",
+ RtlpDphHeapFromPointer(DphRoot), "Heap handle", Block, "Heap
block", (PVOID)Size, "Block size", 0, "");
}
if (ValidationInfo & DPH_VALINFO_ALREADY_FREED)
{
- DPRINT1("block already freed\n");
+ RtlApplicationVerifierStop(
+ APPLICATION_VERIFIER_DOUBLE_FREE, "block already freed",
RtlpDphHeapFromPointer(DphRoot), "Heap handle",
+ Block, "Heap block", Size, "Block size", 0,
"");
}
if (ValidationInfo & DPH_VALINFO_BAD_INFIX_PATTERN)
{
- DPRINT1("corrupted infix pattern for freed block\n");
+ RtlApplicationVerifierStop(
+ APPLICATION_VERIFIER_CORRUPTED_INFIX_PATTERN, "corrupted infix pattern
for freed block",
+ RtlpDphHeapFromPointer(DphRoot), "Heap handle", Block, "Heap
block", Size, "Block size", 0, "");
}
if (ValidationInfo & DPH_VALINFO_BAD_POINTER)
{
- DPRINT1("corrupted heap pointer or using wrong heap\n");
+ RtlApplicationVerifierStop(
+ APPLICATION_VERIFIER_CORRUPT_HEAP_POINTER, "corrupted heap pointer or
using wrong heap",
+ RtlpDphHeapFromPointer(DphRoot), "Heap handle used", Block,
"Heap block", Size, "Block size",
+ SafeInfo.Heap, "Actual heap handle");
}
if (ValidationInfo & DPH_VALINFO_BAD_SUFFIX_PATTERN)
{
- DPRINT1("corrupted suffix pattern\n");
+ RtlApplicationVerifierStop(
+ APPLICATION_VERIFIER_CORRUPTED_SUFFIX_PATTERN, "corrupted suffix
pattern", RtlpDphHeapFromPointer(DphRoot),
+ "Heap handle used", Block, "Heap block", Size,
"Block size", 0, "");
}
if (ValidationInfo & DPH_VALINFO_BAD_PREFIX_PATTERN)
{
- DPRINT1("corrupted prefix pattern\n");
+ RtlApplicationVerifierStop(
+ APPLICATION_VERIFIER_CORRUPTED_PREFIX_PATTERN, "corrupted prefix
pattern", RtlpDphHeapFromPointer(DphRoot),
+ "Heap handle used", Block, "Heap block", Size,
"Block size", 0, "");
}
if (ValidationInfo & DPH_VALINFO_BAD_START_STAMP)
{
- DPRINT1("corrupted start stamp\n");
+ RtlApplicationVerifierStop(
+ APPLICATION_VERIFIER_CORRUPTED_START_STAMP, "corrupted start
stamp", RtlpDphHeapFromPointer(DphRoot),
+ "Heap handle used", Block, "Heap block", Size,
"Block size", (PVOID)(ULONG_PTR)SafeInfo.StartStamp,
+ "Corrupted start stamp");
}
if (ValidationInfo & DPH_VALINFO_BAD_END_STAMP)
{
- DPRINT1("corrupted end stamp\n");
+ RtlApplicationVerifierStop(
+ APPLICATION_VERIFIER_CORRUPTED_END_STAMP, "corrupted end stamp",
RtlpDphHeapFromPointer(DphRoot),
+ "Heap handle used", Block, "Heap block", Size,
"Block size", (PVOID)(ULONG_PTR)SafeInfo.EndStamp,
+ "Corrupted end stamp");
}
if (ValidationInfo & DPH_VALINFO_EXCEPTION)
{
- DPRINT1("exception raised while verifying block\n");
+ RtlApplicationVerifierStop(
+ APPLICATION_VERIFIER_EXCEPTION_WHILE_VERIFYING_BLOCK_HEADER, "exception
raised while verifying block",
+ RtlpDphHeapFromPointer(DphRoot), "Heap handle used", Block,
"Heap block", Size, "Block size", 0, "");
}
-
- DPRINT1("Corrupted heap block %p\n", Block);
}
BOOLEAN NTAPI