============================================================== = = = NOTES FROM THE UNDERGROUND = = = ============================================================== Below are some of Alex's notes on the mysterious LPC Subsystem ========================= 1. Sizes, sizes, sizes... ========================= There are four imporant LPC Sizes to keep in mind. Try to understand them: /* * This determines the absolute maximum message size (0x100 bytes). For * larger values, use a section-backed message. */ #define PORT_MAXIMUM_MESSAGE_LENGTH 256 /* * This determines the maximum length of an LPC request. It is the largest * amount of bytes that an LPC request can take. To calculate this, assume * that this is a CONNECTION_REQUEST message, which includes the additionnal * LPCP_CONNECTION_MESSAGE structure as well. Therefore, we add the kernel LPC, * header, the maximum port size and the size of the connection request * structure. This gives a value of 0x15C. However, one must note that NT * allocates the Lookaside List using a 16-byte aligned value, making this * number 0x160. */ #define LPCP_MAX_MESSAGE_SIZE ROUND_UP(PORT_MAXIMUM_MESSAGE_LENGTH + \ sizeof(LPCP_MESSAGE) + \ sizeof(LPCP_CONNECTION_MESSAGE), 16) /* * Now, for an actual LPC Request size, we remove the kernel LPC header, which * yields the size of the actual LPC Data that follows the Header, making this * number 0x148. */ #define LPC_MAX_MESSAGE_LENGTH (LPCP_MAX_MESSAGE_SIZE - \ FIELD_OFFSET(LPCP_MESSAGE, Request)) /* * Finally, we'll calculate the maximum size of the Connection Info, giving us * 0x104 */ #define LPC_MAX_DATA_LENGTH (LPC_MAX_MESSAGE_LENGTH - \ sizeof(PORT_MESSAGE) - \ sizeof(LPCP_CONNECTION_MESSAGE)) ========================== 2. Structures ========================== SOON. TODO.