Author: tkreuzer Date: Wed Oct 23 19:31:41 2013 New Revision: 60737 URL: http://svn.reactos.org/svn/reactos?rev=60737&view=rev Log: [NTDLL] Use LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS flag instead of TRUE [RTL] Fix RtlAddAce (the version checks were inverted.) [NTOSKRNL] Make SystemExtendServiceTableInformation case of NtSetSystemInformation behave more like Windows [NTOSKRNL] Fix PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion Modified: trunk/reactos/dll/ntdll/ldr/ldrapi.c trunk/reactos/lib/rtl/acl.c trunk/reactos/lib/rtl/memstream.c trunk/reactos/ntoskrnl/ex/sysinfo.c trunk/reactos/ntoskrnl/ps/thread.c Modified: trunk/reactos/dll/ntdll/ldr/ldrapi.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/ntdll/ldr/ldrapi.c?rev… ============================================================================== --- trunk/reactos/dll/ntdll/ldr/ldrapi.c [iso-8859-1] (original) +++ trunk/reactos/dll/ntdll/ldr/ldrapi.c [iso-8859-1] Wed Oct 23 19:31:41 2013 @@ -1610,7 +1610,7 @@ ULONG_PTR Cookie; /* Acquire the loader lock */ - LdrLockLoaderLock(TRUE, NULL, &Cookie); + LdrLockLoaderLock(LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, NULL, &Cookie); /* Check if there's any alternate resources loaded */ if (AlternateResourceModuleCount) Modified: trunk/reactos/lib/rtl/acl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/acl.c?rev=60737&am… ============================================================================== --- trunk/reactos/lib/rtl/acl.c [iso-8859-1] (original) +++ trunk/reactos/lib/rtl/acl.c [iso-8859-1] Wed Oct 23 19:31:41 2013 @@ -579,22 +579,23 @@ /* Bail out if there's no space */ if (!RtlFirstFreeAce(Acl, &FreeAce)) return STATUS_INVALID_PARAMETER; - /* Always use the smaller revision */ - if (Acl->AclRevision <= AclRevision) AclRevision = Acl->AclRevision; - /* Loop over all the ACEs, keeping track of new ACEs as we go along */ for (Ace = AceList, NewAceCount = 0; Ace < (PACE)((ULONG_PTR)AceList + AceListLength); NewAceCount++) { - /* Make sure that the revision of this ACE is valid in this list */ - if (Ace->Header.AceType <= ACCESS_MAX_MS_V3_ACE_TYPE) + /* Make sure that the revision of this ACE is valid in this list. + The initial check looks strange, but it is what Windows does. */ + if (Ace->Header.AceType <= ACCESS_MAX_MS_ACE_TYPE) { - if (AclRevision < ACL_REVISION3) return STATUS_INVALID_PARAMETER; - } - else if (Ace->Header.AceType <= ACCESS_MAX_MS_V4_ACE_TYPE) - { - if (AclRevision < ACL_REVISION4) return STATUS_INVALID_PARAMETER; + if (Ace->Header.AceType > ACCESS_MAX_MS_V3_ACE_TYPE) + { + if (AclRevision < ACL_REVISION4) return STATUS_INVALID_PARAMETER; + } + else if (Ace->Header.AceType > ACCESS_MAX_MS_V2_ACE_TYPE) + { + if (AclRevision < ACL_REVISION3) return STATUS_INVALID_PARAMETER; + } } /* Move to the next ACE */ @@ -627,9 +628,9 @@ Ace, (ULONG_PTR)FreeAce - (ULONG_PTR)Ace); - /* Fill out the header and return */ - Acl->AceCount = Acl->AceCount + NewAceCount; - Acl->AclRevision = (UCHAR)AclRevision; + /* Update the header and return */ + Acl->AceCount += NewAceCount; + Acl->AclRevision = (UCHAR)min(Acl->AclRevision, AclRevision); return STATUS_SUCCESS; } @@ -846,21 +847,21 @@ (Acl->AclRevision > MAX_ACL_REVISION)) { DPRINT1("Invalid ACL revision\n"); - _SEH2_YIELD(return FALSE); + return FALSE; } /* Next, validate that the ACL is USHORT-aligned */ if (ROUND_DOWN(Acl->AclSize, sizeof(USHORT)) != Acl->AclSize) { DPRINT1("Invalid ACL size\n"); - _SEH2_YIELD(return FALSE); + return FALSE; } /* And that it's big enough */ if (Acl->AclSize < sizeof(ACL)) { DPRINT1("Invalid ACL size\n"); - _SEH2_YIELD(return FALSE); + return FALSE; } /* Loop each ACE */ @@ -871,21 +872,21 @@ if (((ULONG_PTR)Ace + sizeof(ACE_HEADER)) >= ((ULONG_PTR)Acl + Acl->AclSize)) { DPRINT1("Invalid ACE size\n"); - _SEH2_YIELD(return FALSE); + return FALSE; } /* Validate the length of this ACE */ if (ROUND_DOWN(Ace->AceSize, sizeof(USHORT)) != Ace->AceSize) { DPRINT1("Invalid ACE size: %lx\n", Ace->AceSize); - _SEH2_YIELD(return FALSE); + return FALSE; } /* Validate we have space for the entire ACE */ if (((ULONG_PTR)Ace + Ace->AceSize) > ((ULONG_PTR)Acl + Acl->AclSize)) { DPRINT1("Invalid ACE size %lx %lx\n", Ace->AceSize, Acl->AclSize); - _SEH2_YIELD(return FALSE); + return FALSE; } /* Check what kind of ACE this is */ @@ -895,14 +896,14 @@ if (ROUND_DOWN(Ace->AceSize, sizeof(ULONG)) != Ace->AceSize) { DPRINT1("Invalid ACE size\n"); - _SEH2_YIELD(return FALSE); + return FALSE; } /* The ACE size should at least have enough for the header */ if (Ace->AceSize < sizeof(ACE_HEADER)) { DPRINT1("Invalid ACE size: %lx %lx\n", Ace->AceSize, sizeof(ACE_HEADER)); - _SEH2_YIELD(return FALSE); + return FALSE; } /* Check if the SID revision is valid */ @@ -910,21 +911,21 @@ if (Sid->Revision != SID_REVISION) { DPRINT1("Invalid SID\n"); - _SEH2_YIELD(return FALSE); + return FALSE; } /* Check if the SID is out of bounds */ if (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES) { DPRINT1("Invalid SID\n"); - _SEH2_YIELD(return FALSE); + return FALSE; } /* The ACE size should at least have enough for the header and SID */ if (Ace->AceSize < (sizeof(ACE_HEADER) + RtlLengthSid(Sid))) { DPRINT1("Invalid ACE size\n"); - _SEH2_YIELD(return FALSE); + return FALSE; } } else if (Ace->AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE) @@ -942,7 +943,7 @@ if (Ace->AceSize < sizeof(ACE_HEADER)) { DPRINT1("Unknown ACE\n"); - _SEH2_YIELD(return FALSE); + return FALSE; } } @@ -953,7 +954,7 @@ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { /* Something was invalid, fail */ - _SEH2_YIELD(return FALSE); + return FALSE; } _SEH2_END; Modified: trunk/reactos/lib/rtl/memstream.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/memstream.c?rev=60… ============================================================================== --- trunk/reactos/lib/rtl/memstream.c [iso-8859-1] (original) +++ trunk/reactos/lib/rtl/memstream.c [iso-8859-1] Wed Oct 23 19:31:41 2013 @@ -303,7 +303,7 @@ TotalSize = Length.QuadPart; while (TotalSize) { - Left = min(TotalSize, sizeof(Buffer)); + Left = (ULONG)min(TotalSize, sizeof(Buffer)); /* Read */ Result = IStream_Read(This, Buffer, Left, &Amount); Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/sysinfo.c?rev=… ============================================================================== --- trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] Wed Oct 23 19:31:41 2013 @@ -1612,28 +1612,51 @@ /* Check who is calling */ if (PreviousMode != KernelMode) { + static const UNICODE_STRING Win32kName = + RTL_CONSTANT_STRING(L"\\SystemRoot\\System32\\win32k.sys"); + /* Make sure we can load drivers */ if (!SeSinglePrivilegeCheck(SeLoadDriverPrivilege, UserMode)) { /* FIXME: We can't, fail */ - //return STATUS_PRIVILEGE_NOT_HELD; + return STATUS_PRIVILEGE_NOT_HELD; } - } - - /* Probe and capture the driver name */ - ProbeAndCaptureUnicodeString(&ImageName, PreviousMode, Buffer); + + _SEH2_TRY + { + /* Probe and copy the unicode string */ + ProbeForRead(Buffer, sizeof(ImageName), 1); + ImageName = *(PUNICODE_STRING)Buffer; + + /* Probe the string buffer */ + ProbeForRead(ImageName.Buffer, ImageName.Length, sizeof(WCHAR)); + + /* Check if we have the correct name (nothing else is allowed!) */ + if (!RtlEqualUnicodeString(&ImageName, &Win32kName, FALSE)) + { + _SEH2_YIELD(return STATUS_PRIVILEGE_NOT_HELD); + } + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + _SEH2_YIELD(return _SEH2_GetExceptionCode()); + } + _SEH2_END; + + /* Recursively call the function, so that we are from kernel mode */ + return ZwSetSystemInformation(SystemExtendServiceTableInformation, + (PVOID)&Win32kName, + sizeof(Win32kName)); + } /* Load the image */ - Status = MmLoadSystemImage(&ImageName, + Status = MmLoadSystemImage((PUNICODE_STRING)Buffer, NULL, NULL, 0, (PVOID)&ModuleObject, &ImageBase); - /* Release String */ - ReleaseCapturedUnicodeString(&ImageName, PreviousMode); - if (!NT_SUCCESS(Status)) return Status; /* Get the headers */ @@ -1658,7 +1681,7 @@ /* Call it */ Status = (DriverInit)(&Win32k, NULL); ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL); - +__debugbreak();__debugbreak(); /* Unload if we failed */ if (!NT_SUCCESS(Status)) MmUnloadSystemImage(ModuleObject); return Status; Modified: trunk/reactos/ntoskrnl/ps/thread.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ps/thread.c?rev=6… ============================================================================== --- trunk/reactos/ntoskrnl/ps/thread.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ps/thread.c [iso-8859-1] Wed Oct 23 19:31:41 2013 @@ -812,10 +812,22 @@ */ PVOID NTAPI -PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion(VOID) -{ +PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion( + _Out_ HANDLE* OutProcessId) +{ + PETHREAD CurrentThread; + + /* Get the current thread */ + CurrentThread = PsGetCurrentThread(); + + /* Return the process id */ + *OutProcessId = CurrentThread->Cid.UniqueProcess; + + /* Enter critical region */ KeEnterCriticalRegion(); - return PsGetCurrentThread()->Tcb.Win32Thread; + + /* Return the win32 thread */ + return CurrentThread->Tcb.Win32Thread; } /*