[dchapyshev] 41406: - Add probing of the result buffer - Add missing target process reference/dereference in MemorySectionName case of NtQueryVirtualMemory. Fixes 2 "psapi_winetest" failures. - Ros-diffs

14 Jun 2009

Author: dchapyshev
Date: Sun Jun 14 12:30:22 2009
New Revision: 41406

URL: http://svn.reactos.org/svn/reactos?rev=41406&view=rev
Log:
- Add probing of the result buffer
- Add missing target process reference/dereference in MemorySectionName case of
NtQueryVirtualMemory. Fixes 2 "psapi_winetest" failures.

Modified:
    trunk/reactos/ntoskrnl/mm/virtual.c

Modified: trunk/reactos/ntoskrnl/mm/virtual.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/virtual.c?rev=…
==============================================================================

--- trunk/reactos/ntoskrnl/mm/virtual.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/virtual.c [iso-8859-1] Sun Jun 14 12:30:22 2009
@@ -849,6 +849,7 @@
     SIZE_T NumberOfBytesToProtect = 0;
     KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
     NTSTATUS Status = STATUS_SUCCESS;
+    PAGED_CODE();
 
     /* Check for valid protection flags */
     Protection = NewAccessProtection & ~(PAGE_GUARD|PAGE_NOCACHE);
@@ -961,6 +962,7 @@
     WCHAR ModuleFileNameBuffer[MAX_PATH] = {0};
     UNICODE_STRING ModuleFileName;
     PMEMORY_SECTION_NAME SectionName = NULL;
+    PEPROCESS Process;
     union
     {
         MEMORY_BASIC_INFORMATION BasicInfo;
@@ -975,11 +977,15 @@
 
     PreviousMode =  ExGetPreviousMode();
 
-    if (PreviousMode != KernelMode && UnsafeResultLength != NULL)
+    if (PreviousMode != KernelMode)
     {
         _SEH2_TRY
         {
-            ProbeForWriteSize_t(UnsafeResultLength);
+            ProbeForWrite(VirtualMemoryInformation,
+                          Length,
+                          sizeof(ULONG_PTR));
+
+            if (UnsafeResultLength) ProbeForWriteSize_t(UnsafeResultLength);
         }
         _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
         {
@@ -1002,6 +1008,19 @@
     /* FIXME: Move this inside MiQueryVirtualMemory */
     if (VirtualMemoryInformationClass == MemorySectionName)
     {
+        Status = ObReferenceObjectByHandle(ProcessHandle,
+                                           PROCESS_QUERY_INFORMATION,
+                                           NULL,
+                                           PreviousMode,
+                                           (PVOID*)(&Process),
+                                           NULL);
+
+        if (!NT_SUCCESS(Status))
+        {
+            DPRINT("NtQueryVirtualMemory() = %x\n",Status);
+            return(Status);
+        }
+
         RtlInitEmptyUnicodeString(&ModuleFileName, ModuleFileNameBuffer,
sizeof(ModuleFileNameBuffer));
         Status = MmGetFileNameForAddress(Address, &ModuleFileName);
 
@@ -1039,6 +1058,7 @@
                 }
             }
         }
+        ObDereferenceObject(Process);
         return Status;
     }
     else


    