[ion] 25862: - Properly implement SystemLoadGdiDriverInformation. - Properly implement SystemExtendServiceTableInformation, except that the SE_LOAD_DRIVER_PRIVILEGE check is currently disabled since our smss doesn't acquire it (and we should therefore ban it from loading win32k.sys...). - Delete LdrpLoadImage, LdrpUnlaodImage, LdrpLoadAndCallImage.
21 Feb
2007
21 Feb
'07
2:46 a.m.
Author: ion
Date: Wed Feb 21 05:46:30 2007
New Revision: 25862
URL: http://svn.reactos.org/svn/reactos?rev=25862&view=rev
Log:
- Properly implement SystemLoadGdiDriverInformation.
- Properly implement SystemExtendServiceTableInformation, except that the
SE_LOAD_DRIVER_PRIVILEGE check is currently disabled since our smss doesn't acquire it
(and we should therefore ban it from loading win32k.sys...).
- Delete LdrpLoadImage, LdrpUnlaodImage, LdrpLoadAndCallImage.
Modified:
trunk/reactos/ntoskrnl/ex/sysinfo.c
trunk/reactos/ntoskrnl/io/iomgr/driver.c
trunk/reactos/ntoskrnl/ldr/loader.c
Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/sysinfo.c?rev=…
==============================================================================
--- trunk/reactos/ntoskrnl/ex/sysinfo.c (original)
+++ trunk/reactos/ntoskrnl/ex/sysinfo.c Wed Feb 21 05:46:30 2007
@@ -1137,33 +1137,62 @@
}
/* Class 26 - Load Image */
-SSI_DEF(SystemLoadImage)
-{
- PSYSTEM_GDI_DRIVER_INFORMATION Sli = (PSYSTEM_GDI_DRIVER_INFORMATION)Buffer;
-
- if (sizeof(SYSTEM_GDI_DRIVER_INFORMATION) != Size)
- {
- return(STATUS_INFO_LENGTH_MISMATCH);
- }
-
- return(LdrpLoadImage(&Sli->DriverName,
- &Sli->ImageAddress,
- &Sli->SectionPointer,
- &Sli->EntryPoint,
- (PVOID)&Sli->ExportSectionPointer));
+SSI_DEF(SystemLoadGdiDriverInformation)
+{
+ PSYSTEM_GDI_DRIVER_INFORMATION DriverInfo = (PVOID)Buffer;
+ KPROCESSOR_MODE PreviousMode = KeGetPreviousMode();
+ UNICODE_STRING ImageName;
+ PVOID ImageBase;
+ ULONG_PTR EntryPoint;
+ NTSTATUS Status;
+ PLDR_DATA_TABLE_ENTRY ModuleObject;
+ ULONG DirSize;
+ PIMAGE_NT_HEADERS NtHeader;
+
+ /* Validate size */
+ if (Size != sizeof(SYSTEM_GDI_DRIVER_INFORMATION))
+ {
+ /* Incorrect buffer length, fail */
+ return STATUS_INFO_LENGTH_MISMATCH;
+ }
+
+ /* Only kernel-mode can call this function */
+ if (PreviousMode != KernelMode) return STATUS_PRIVILEGE_NOT_HELD;
+
+ /* Load the driver */
+ ImageName = DriverInfo->DriverName;
+ Status = LdrLoadModule(&ImageName, &ModuleObject);
+ if (!NT_SUCCESS(Status)) return Status;
+
+ /* Return the export pointer */
+ ImageBase = ModuleObject->DllBase;
+ DriverInfo->ExportSectionPointer =
+ RtlImageDirectoryEntryToData(ImageBase,
+ TRUE,
+ IMAGE_DIRECTORY_ENTRY_EXPORT,
+ &DirSize);
+
+ /* Get the entrypoint */
+ NtHeader = RtlImageNtHeader(ImageBase);
+ EntryPoint = NtHeader->OptionalHeader.AddressOfEntryPoint;
+ EntryPoint += (ULONG_PTR)ImageBase;
+
+ /* Save other data */
+ DriverInfo->ImageAddress = ImageBase;
+ DriverInfo->SectionPointer = NULL;
+ DriverInfo->EntryPoint = (PVOID)EntryPoint;
+ DriverInfo->ImageLength = NtHeader->OptionalHeader.SizeOfImage;
+
+ /* All is good */
+ return STATUS_SUCCESS;
}
/* Class 27 - Unload Image */
-SSI_DEF(SystemUnloadImage)
-{
- PVOID Sui = (PVOID)Buffer;
-
- if (sizeof(PVOID) != Size)
- {
- return(STATUS_INFO_LENGTH_MISMATCH);
- }
-
- return(LdrpUnloadImage(Sui));
+SSI_DEF(SystemUnloadGdiDriverInformation)
+{
+ /* FIXME: TODO */
+ if (Size != sizeof(PVOID)) return STATUS_INFO_LENGTH_MISMATCH;
+ return STATUS_NOT_IMPLEMENTED;
}
/* Class 28 - Time Adjustment Information */
@@ -1290,16 +1319,74 @@
}
/* Class 38 - Load And Call Image */
-SSI_DEF(SystemLoadAndCallImage)
-{
- PUNICODE_STRING Slci = (PUNICODE_STRING)Buffer;
-
- if (sizeof(UNICODE_STRING) != Size)
- {
- return(STATUS_INFO_LENGTH_MISMATCH);
- }
-
- return(LdrpLoadAndCallImage(Slci));
+SSI_DEF(SystemExtendServiceTableInformation)
+{
+ UNICODE_STRING ImageName;
+ KPROCESSOR_MODE PreviousMode = KeGetPreviousMode();
+ PLDR_DATA_TABLE_ENTRY ModuleObject;
+ NTSTATUS Status;
+ PIMAGE_NT_HEADERS NtHeader;
+ DRIVER_OBJECT Win32k;
+ PDRIVER_INITIALIZE DriverInit;
+ PVOID ImageBase;
+ ULONG_PTR EntryPoint;
+
+ /* Validate the size */
+ if (Size != sizeof(UNICODE_STRING)) return STATUS_INFO_LENGTH_MISMATCH;
+
+ /* Check who is calling */
+ if (PreviousMode != KernelMode)
+ {
+ /* Make sure we can load drivers */
+ if (!SeSinglePrivilegeCheck(SeLoadDriverPrivilege, UserMode))
+ {
+ /* FIXME: We can't, fail */
+ //return STATUS_PRIVILEGE_NOT_HELD;
+ }
+
+ /* Probe and capture the driver name */
+ ProbeAndCaptureUnicodeString(&ImageName, UserMode, Buffer);
+
+ /* Force kernel as previous mode */
+ return ZwSetSystemInformation(SystemExtendServiceTableInformation,
+ &ImageName,
+ sizeof(ImageName));
+ }
+
+ /* Just copy the string */
+ ImageName = *(PUNICODE_STRING)Buffer;
+
+ /* Load the image */
+ Status = LdrLoadModule(&ImageName, &ModuleObject);
+ if (!NT_SUCCESS(Status)) return Status;
+
+ /* Get the headers */
+ ImageBase = ModuleObject->DllBase;
+ NtHeader = RtlImageNtHeader(ImageBase);
+ if (!NtHeader)
+ {
+ /* Fail */
+ LdrUnloadModule(ModuleObject);
+ return STATUS_INVALID_IMAGE_FORMAT;
+ }
+
+ /* Get the entrypoint */
+ EntryPoint = NtHeader->OptionalHeader.AddressOfEntryPoint;
+ EntryPoint += (ULONG_PTR)ImageBase;
+ DriverInit = (PDRIVER_INITIALIZE)EntryPoint;
+
+ /* Create a dummy device */
+ RtlZeroMemory(&Win32k, sizeof(Win32k));
+ ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
+ Win32k.DriverStart = ImageBase;
+
+ /* Call it */
+ Status = (DriverInit)(&Win32k, NULL);
+ ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
+
+ /* Unload if we failed */
+ if (!NT_SUCCESS(Status)) LdrUnloadModule(ModuleObject);
+ return Status;
}
/* Class 39 - Priority Separation */
@@ -1511,8 +1598,8 @@
SI_QX(SystemInterruptInformation),
SI_QS(SystemDpcBehaviourInformation),
SI_QX(SystemFullMemoryInformation), /* it should be SI_XX */
- SI_XS(SystemLoadImage),
- SI_XS(SystemUnloadImage),
+ SI_XS(SystemLoadGdiDriverInformation),
+ SI_XS(SystemUnloadGdiDriverInformation),
SI_QS(SystemTimeAdjustmentInformation),
SI_QX(SystemSummaryMemoryInformation), /* it should be SI_XX */
SI_QX(SystemNextEventIdInformation), /* it should be SI_XX */
@@ -1523,7 +1610,7 @@
SI_QX(SystemKernelDebuggerInformation),
SI_QX(SystemContextSwitchInformation),
SI_QS(SystemRegistryQuotaInformation),
- SI_XS(SystemLoadAndCallImage),
+ SI_XS(SystemExtendServiceTableInformation),
SI_XS(SystemPrioritySeperation),
SI_QX(SystemPlugPlayBusInformation), /* it should be SI_XX */
SI_QX(SystemDockInformation), /* it should be SI_XX */
Modified: trunk/reactos/ntoskrnl/io/iomgr/driver.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/driver.c…
==============================================================================
--- trunk/reactos/ntoskrnl/io/iomgr/driver.c (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/driver.c Wed Feb 21 05:46:30 2007
@@ -78,7 +78,7 @@
if (DriverObject->DriverSection)
{
/* Unload it */
- LdrpUnloadImage(DriverObject->DriverSection);
+ //LdrpUnloadImage(DriverObject->DriverSection);
}
/* Check if it has a name */
Modified: trunk/reactos/ntoskrnl/ldr/loader.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ldr/loader.c?rev=…
==============================================================================
--- trunk/reactos/ntoskrnl/ldr/loader.c (original)
+++ trunk/reactos/ntoskrnl/ldr/loader.c Wed Feb 21 05:46:30 2007
@@ -556,7 +556,7 @@
DPRINT("Failed to allocate a virtual section for driver\n");
return STATUS_UNSUCCESSFUL;
}
- DPRINT1("DriverBase for %wZ: %x\n", FileName, DriverBase);
+ DPRINT("DriverBase for %wZ: %x\n", FileName, DriverBase);
/* Copy headers over */
memcpy(DriverBase, ModuleLoadBase, PENtHeaders->OptionalHeader.SizeOfHeaders);
@@ -738,94 +738,6 @@
DPRINT("Could not find module '%wZ'\n", ModuleName);
return(NULL);
-}
-
-//
-// Used by NtSetSystemInformation
-//
-NTSTATUS
-NTAPI
-LdrpLoadImage (
- PUNICODE_STRING DriverName,
- PVOID *ModuleBase,
- PVOID *SectionPointer,
- PVOID *EntryPoint,
- PVOID *ExportSectionPointer )
-{
- PLDR_DATA_TABLE_ENTRY ModuleObject;
- NTSTATUS Status;
-
- ModuleObject = LdrGetModuleObject(DriverName);
- if (ModuleObject == NULL)
- {
- Status = LdrLoadModule(DriverName, &ModuleObject);
- if (!NT_SUCCESS(Status))
- {
- return(Status);
- }
- }
-
- if (ModuleBase)
- *ModuleBase = ModuleObject->DllBase;
-
- if (SectionPointer)
- *SectionPointer = ModuleObject;
-
- if (EntryPoint)
- *EntryPoint = ModuleObject->EntryPoint;
-
- //if (ExportSectionPointer)
- // *ExportSectionPointer = ModuleObject->
-
- return(STATUS_SUCCESS);
-}
-
-//
-// Used by NtSetSystemInformation
-//
-NTSTATUS
-NTAPI
-LdrpUnloadImage ( PVOID ModuleBase )
-{
- return(STATUS_NOT_IMPLEMENTED);
-}
-
-//
-// Used by NtSetSystemInformation
-//
-NTSTATUS
-NTAPI
-LdrpLoadAndCallImage ( PUNICODE_STRING ModuleName )
-{
- PDRIVER_INITIALIZE DriverEntry;
- PLDR_DATA_TABLE_ENTRY ModuleObject;
- DRIVER_OBJECT DriverObject;
- NTSTATUS Status;
-
- ModuleObject = LdrGetModuleObject(ModuleName);
- if (ModuleObject != NULL)
- {
- return(STATUS_IMAGE_ALREADY_LOADED);
- }
-
- Status = LdrLoadModule(ModuleName, &ModuleObject);
- if (!NT_SUCCESS(Status))
- {
- return(Status);
- }
-
- DriverEntry = (PDRIVER_INITIALIZE)ModuleObject->EntryPoint;
-
- RtlZeroMemory(&DriverObject, sizeof(DriverObject));
-// DriverObject.DriverStart = ModuleObject->DllBase;
-
- Status = DriverEntry(&DriverObject, NULL);
- if (!NT_SUCCESS(Status))
- {
- LdrUnloadModule(ModuleObject);
- }
-
- return(Status);
}
//
6518
days inactive
6518
days old
0 comments
1 participants
participants (1)
-
ion@svn.reactos.org