[ion] 25862: - Properly implement SystemLoadGdiDriverInformation. - Properly implement SystemExtendServiceTableInformation, except that the SE_LOAD_DRIVER_PRIVILEGE check is currently disabled since our smss doesn't acquire it (and we should therefore ban it from loading win32k.sys...). - Delete LdrpLoadImage, LdrpUnlaodImage, LdrpLoadAndCallImage.
Author: ion Date: Wed Feb 21 05:46:30 2007 New Revision: 25862
URL: http://svn.reactos.org/svn/reactos?rev=25862&view=rev Log: - Properly implement SystemLoadGdiDriverInformation. - Properly implement SystemExtendServiceTableInformation, except that the SE_LOAD_DRIVER_PRIVILEGE check is currently disabled since our smss doesn't acquire it (and we should therefore ban it from loading win32k.sys...). - Delete LdrpLoadImage, LdrpUnlaodImage, LdrpLoadAndCallImage.
Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c trunk/reactos/ntoskrnl/io/iomgr/driver.c trunk/reactos/ntoskrnl/ldr/loader.c
Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/sysinfo.c?rev=2... ============================================================================== --- trunk/reactos/ntoskrnl/ex/sysinfo.c (original) +++ trunk/reactos/ntoskrnl/ex/sysinfo.c Wed Feb 21 05:46:30 2007 @@ -1137,33 +1137,62 @@ }
/* Class 26 - Load Image */ -SSI_DEF(SystemLoadImage) -{ - PSYSTEM_GDI_DRIVER_INFORMATION Sli = (PSYSTEM_GDI_DRIVER_INFORMATION)Buffer; - - if (sizeof(SYSTEM_GDI_DRIVER_INFORMATION) != Size) - { - return(STATUS_INFO_LENGTH_MISMATCH); - } - - return(LdrpLoadImage(&Sli->DriverName, - &Sli->ImageAddress, - &Sli->SectionPointer, - &Sli->EntryPoint, - (PVOID)&Sli->ExportSectionPointer)); +SSI_DEF(SystemLoadGdiDriverInformation) +{ + PSYSTEM_GDI_DRIVER_INFORMATION DriverInfo = (PVOID)Buffer; + KPROCESSOR_MODE PreviousMode = KeGetPreviousMode(); + UNICODE_STRING ImageName; + PVOID ImageBase; + ULONG_PTR EntryPoint; + NTSTATUS Status; + PLDR_DATA_TABLE_ENTRY ModuleObject; + ULONG DirSize; + PIMAGE_NT_HEADERS NtHeader; + + /* Validate size */ + if (Size != sizeof(SYSTEM_GDI_DRIVER_INFORMATION)) + { + /* Incorrect buffer length, fail */ + return STATUS_INFO_LENGTH_MISMATCH; + } + + /* Only kernel-mode can call this function */ + if (PreviousMode != KernelMode) return STATUS_PRIVILEGE_NOT_HELD; + + /* Load the driver */ + ImageName = DriverInfo->DriverName; + Status = LdrLoadModule(&ImageName, &ModuleObject); + if (!NT_SUCCESS(Status)) return Status; + + /* Return the export pointer */ + ImageBase = ModuleObject->DllBase; + DriverInfo->ExportSectionPointer = + RtlImageDirectoryEntryToData(ImageBase, + TRUE, + IMAGE_DIRECTORY_ENTRY_EXPORT, + &DirSize); + + /* Get the entrypoint */ + NtHeader = RtlImageNtHeader(ImageBase); + EntryPoint = NtHeader->OptionalHeader.AddressOfEntryPoint; + EntryPoint += (ULONG_PTR)ImageBase; + + /* Save other data */ + DriverInfo->ImageAddress = ImageBase; + DriverInfo->SectionPointer = NULL; + DriverInfo->EntryPoint = (PVOID)EntryPoint; + DriverInfo->ImageLength = NtHeader->OptionalHeader.SizeOfImage; + + /* All is good */ + return STATUS_SUCCESS; }
/* Class 27 - Unload Image */ -SSI_DEF(SystemUnloadImage) -{ - PVOID Sui = (PVOID)Buffer; - - if (sizeof(PVOID) != Size) - { - return(STATUS_INFO_LENGTH_MISMATCH); - } - - return(LdrpUnloadImage(Sui)); +SSI_DEF(SystemUnloadGdiDriverInformation) +{ + /* FIXME: TODO */ + if (Size != sizeof(PVOID)) return STATUS_INFO_LENGTH_MISMATCH; + return STATUS_NOT_IMPLEMENTED; }
/* Class 28 - Time Adjustment Information */ @@ -1290,16 +1319,74 @@ }
/* Class 38 - Load And Call Image */ -SSI_DEF(SystemLoadAndCallImage) -{ - PUNICODE_STRING Slci = (PUNICODE_STRING)Buffer; - - if (sizeof(UNICODE_STRING) != Size) - { - return(STATUS_INFO_LENGTH_MISMATCH); - } - - return(LdrpLoadAndCallImage(Slci)); +SSI_DEF(SystemExtendServiceTableInformation) +{ + UNICODE_STRING ImageName; + KPROCESSOR_MODE PreviousMode = KeGetPreviousMode(); + PLDR_DATA_TABLE_ENTRY ModuleObject; + NTSTATUS Status; + PIMAGE_NT_HEADERS NtHeader; + DRIVER_OBJECT Win32k; + PDRIVER_INITIALIZE DriverInit; + PVOID ImageBase; + ULONG_PTR EntryPoint; + + /* Validate the size */ + if (Size != sizeof(UNICODE_STRING)) return STATUS_INFO_LENGTH_MISMATCH; + + /* Check who is calling */ + if (PreviousMode != KernelMode) + { + /* Make sure we can load drivers */ + if (!SeSinglePrivilegeCheck(SeLoadDriverPrivilege, UserMode)) + { + /* FIXME: We can't, fail */ + //return STATUS_PRIVILEGE_NOT_HELD; + } + + /* Probe and capture the driver name */ + ProbeAndCaptureUnicodeString(&ImageName, UserMode, Buffer); + + /* Force kernel as previous mode */ + return ZwSetSystemInformation(SystemExtendServiceTableInformation, + &ImageName, + sizeof(ImageName)); + } + + /* Just copy the string */ + ImageName = *(PUNICODE_STRING)Buffer; + + /* Load the image */ + Status = LdrLoadModule(&ImageName, &ModuleObject); + if (!NT_SUCCESS(Status)) return Status; + + /* Get the headers */ + ImageBase = ModuleObject->DllBase; + NtHeader = RtlImageNtHeader(ImageBase); + if (!NtHeader) + { + /* Fail */ + LdrUnloadModule(ModuleObject); + return STATUS_INVALID_IMAGE_FORMAT; + } + + /* Get the entrypoint */ + EntryPoint = NtHeader->OptionalHeader.AddressOfEntryPoint; + EntryPoint += (ULONG_PTR)ImageBase; + DriverInit = (PDRIVER_INITIALIZE)EntryPoint; + + /* Create a dummy device */ + RtlZeroMemory(&Win32k, sizeof(Win32k)); + ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL); + Win32k.DriverStart = ImageBase; + + /* Call it */ + Status = (DriverInit)(&Win32k, NULL); + ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL); + + /* Unload if we failed */ + if (!NT_SUCCESS(Status)) LdrUnloadModule(ModuleObject); + return Status; }
/* Class 39 - Priority Separation */ @@ -1511,8 +1598,8 @@ SI_QX(SystemInterruptInformation), SI_QS(SystemDpcBehaviourInformation), SI_QX(SystemFullMemoryInformation), /* it should be SI_XX */ - SI_XS(SystemLoadImage), - SI_XS(SystemUnloadImage), + SI_XS(SystemLoadGdiDriverInformation), + SI_XS(SystemUnloadGdiDriverInformation), SI_QS(SystemTimeAdjustmentInformation), SI_QX(SystemSummaryMemoryInformation), /* it should be SI_XX */ SI_QX(SystemNextEventIdInformation), /* it should be SI_XX */ @@ -1523,7 +1610,7 @@ SI_QX(SystemKernelDebuggerInformation), SI_QX(SystemContextSwitchInformation), SI_QS(SystemRegistryQuotaInformation), - SI_XS(SystemLoadAndCallImage), + SI_XS(SystemExtendServiceTableInformation), SI_XS(SystemPrioritySeperation), SI_QX(SystemPlugPlayBusInformation), /* it should be SI_XX */ SI_QX(SystemDockInformation), /* it should be SI_XX */
Modified: trunk/reactos/ntoskrnl/io/iomgr/driver.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/driver.c?... ============================================================================== --- trunk/reactos/ntoskrnl/io/iomgr/driver.c (original) +++ trunk/reactos/ntoskrnl/io/iomgr/driver.c Wed Feb 21 05:46:30 2007 @@ -78,7 +78,7 @@ if (DriverObject->DriverSection) { /* Unload it */ - LdrpUnloadImage(DriverObject->DriverSection); + //LdrpUnloadImage(DriverObject->DriverSection); }
/* Check if it has a name */
Modified: trunk/reactos/ntoskrnl/ldr/loader.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ldr/loader.c?rev=2... ============================================================================== --- trunk/reactos/ntoskrnl/ldr/loader.c (original) +++ trunk/reactos/ntoskrnl/ldr/loader.c Wed Feb 21 05:46:30 2007 @@ -556,7 +556,7 @@ DPRINT("Failed to allocate a virtual section for driver\n"); return STATUS_UNSUCCESSFUL; } - DPRINT1("DriverBase for %wZ: %x\n", FileName, DriverBase); + DPRINT("DriverBase for %wZ: %x\n", FileName, DriverBase);
/* Copy headers over */ memcpy(DriverBase, ModuleLoadBase, PENtHeaders->OptionalHeader.SizeOfHeaders); @@ -738,94 +738,6 @@ DPRINT("Could not find module '%wZ'\n", ModuleName);
return(NULL); -} - -// -// Used by NtSetSystemInformation -// -NTSTATUS -NTAPI -LdrpLoadImage ( - PUNICODE_STRING DriverName, - PVOID *ModuleBase, - PVOID *SectionPointer, - PVOID *EntryPoint, - PVOID *ExportSectionPointer ) -{ - PLDR_DATA_TABLE_ENTRY ModuleObject; - NTSTATUS Status; - - ModuleObject = LdrGetModuleObject(DriverName); - if (ModuleObject == NULL) - { - Status = LdrLoadModule(DriverName, &ModuleObject); - if (!NT_SUCCESS(Status)) - { - return(Status); - } - } - - if (ModuleBase) - *ModuleBase = ModuleObject->DllBase; - - if (SectionPointer) - *SectionPointer = ModuleObject; - - if (EntryPoint) - *EntryPoint = ModuleObject->EntryPoint; - - //if (ExportSectionPointer) - // *ExportSectionPointer = ModuleObject-> - - return(STATUS_SUCCESS); -} - -// -// Used by NtSetSystemInformation -// -NTSTATUS -NTAPI -LdrpUnloadImage ( PVOID ModuleBase ) -{ - return(STATUS_NOT_IMPLEMENTED); -} - -// -// Used by NtSetSystemInformation -// -NTSTATUS -NTAPI -LdrpLoadAndCallImage ( PUNICODE_STRING ModuleName ) -{ - PDRIVER_INITIALIZE DriverEntry; - PLDR_DATA_TABLE_ENTRY ModuleObject; - DRIVER_OBJECT DriverObject; - NTSTATUS Status; - - ModuleObject = LdrGetModuleObject(ModuleName); - if (ModuleObject != NULL) - { - return(STATUS_IMAGE_ALREADY_LOADED); - } - - Status = LdrLoadModule(ModuleName, &ModuleObject); - if (!NT_SUCCESS(Status)) - { - return(Status); - } - - DriverEntry = (PDRIVER_INITIALIZE)ModuleObject->EntryPoint; - - RtlZeroMemory(&DriverObject, sizeof(DriverObject)); -// DriverObject.DriverStart = ModuleObject->DllBase; - - Status = DriverEntry(&DriverObject, NULL); - if (!NT_SUCCESS(Status)) - { - LdrUnloadModule(ModuleObject); - } - - return(Status); }
//
-
ion@svn.reactos.org