*/
NTSTATUS STDCALL
LpcSendTerminationPort (IN PEPORT Port,
- IN LARGE_INTEGER CreationTime)
+ IN LARGE_INTEGER CreateTime)
{
NTSTATUS Status;
- LPC_TERMINATION_MESSAGE Msg;
+ CLIENT_DIED_MSG Msg;
#ifdef __USE_NT_LPC__
- Msg.Header.MessageType = LPC_NEW_MESSAGE;
+ Msg.h.u2.s2.Type = LPC_CLIENT_DIED;
#endif
- Msg.CreationTime = CreationTime;
- Status = LpcRequestPort (Port, &Msg.Header);
+ Msg.h.u1.s1.TotalLength = sizeof(Msg);
+ Msg.h.u1.s1.DataLength = sizeof(Msg) - sizeof(PORT_MESSAGE);
+ Msg.CreateTime = CreateTime;
+ Status = LpcRequestPort (Port, &Msg.h);
return(Status);
}
*/
NTSTATUS STDCALL
LpcSendDebugMessagePort (IN PEPORT Port,
- IN PLPC_DBG_MESSAGE Message,
- OUT PLPC_DBG_MESSAGE Reply)
+ IN PDBGKM_MSG Message,
+ OUT PDBGKM_MSG Reply)
{
NTSTATUS Status;
KIRQL oldIrql;
PQUEUEDMESSAGE ReplyMessage;
Status = EiReplyOrRequestPort(Port,
- &Message->Header,
+ &Message->h,
LPC_REQUEST,
Port);
if (!NT_SUCCESS(Status))
KeAcquireSpinLock(&Port->Lock, &oldIrql);
ReplyMessage = EiDequeueMessagePort(Port);
KeReleaseSpinLock(&Port->Lock, oldIrql);
- memcpy(Reply, &ReplyMessage->Message, ReplyMessage->Message.MessageSize);
+ memcpy(Reply, &ReplyMessage->Message, ReplyMessage->Message.u1.s1.TotalLength);
ExFreePool(ReplyMessage);
return(STATUS_SUCCESS);
* @implemented
*/
NTSTATUS STDCALL LpcRequestPort (IN PEPORT Port,
- IN PLPC_MESSAGE LpcMessage)
+ IN PPORT_MESSAGE LpcMessage)
{
NTSTATUS Status;
#ifdef __USE_NT_LPC__
/* Check the message's type */
- if (LPC_NEW_MESSAGE == LpcMessage->MessageType)
+ if (LPC_NEW_MESSAGE == LpcMessage->u2.s2.Type)
{
- LpcMessage->MessageType = LPC_DATAGRAM;
+ LpcMessage->u2.s2.Type = LPC_DATAGRAM;
}
- else if (LPC_DATAGRAM == LpcMessage->MessageType)
+ else if (LPC_DATAGRAM == LpcMessage->u2.s2.Type)
{
return STATUS_INVALID_PARAMETER;
}
- else if (LpcMessage->MessageType > LPC_CLIENT_DIED)
+ else if (LpcMessage->u2.s2.Type > LPC_CLIENT_DIED)
{
return STATUS_INVALID_PARAMETER;
}
* @implemented
*/
NTSTATUS STDCALL NtRequestPort (IN HANDLE PortHandle,
- IN PLPC_MESSAGE LpcMessage)
+ IN PPORT_MESSAGE LpcMessage)
{
NTSTATUS Status;
PEPORT Port;
*/
NTSTATUS STDCALL
NtRequestWaitReplyPort (IN HANDLE PortHandle,
- PLPC_MESSAGE UnsafeLpcRequest,
- PLPC_MESSAGE UnsafeLpcReply)
+ PPORT_MESSAGE UnsafeLpcRequest,
+ PPORT_MESSAGE UnsafeLpcReply)
{
PETHREAD CurrentThread;
struct _KPROCESS *AttachedProcess;
- NTSTATUS Status;
PEPORT Port;
PQUEUEDMESSAGE Message;
KIRQL oldIrql;
- PLPC_MESSAGE LpcRequest;
- USHORT LpcRequestMessageSize;
+ PPORT_MESSAGE LpcRequest;
+ USHORT LpcRequestMessageSize = 0, LpcRequestDataSize = 0;
+ KPROCESSOR_MODE PreviousMode;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ PreviousMode = ExGetPreviousMode();
+
+ if (PreviousMode != KernelMode)
+ {
+ _SEH_TRY
+ {
+ ProbeForRead(UnsafeLpcRequest,
+ sizeof(PORT_MESSAGE),
+ 1);
+ ProbeForWrite(UnsafeLpcReply,
+ sizeof(PORT_MESSAGE),
+ 1);
+ LpcRequestMessageSize = UnsafeLpcRequest->u1.s1.TotalLength;
+ }
+ _SEH_HANDLE
+ {
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
+
+ if (!NT_SUCCESS(Status))
+ {
+ return Status;
+ }
+ }
+ else
+ {
+ LpcRequestMessageSize = UnsafeLpcRequest->u1.s1.TotalLength;
+ }
DPRINT("NtRequestWaitReplyPort(PortHandle %x, LpcRequest %x, "
"LpcReply %x)\n", PortHandle, UnsafeLpcRequest, UnsafeLpcReply);
KeDetachProcess();
}
- Status = MmCopyFromCaller(&LpcRequestMessageSize,
- &UnsafeLpcRequest->MessageSize,
- sizeof(USHORT));
- if (!NT_SUCCESS(Status))
- {
- if (NULL != AttachedProcess)
- {
- KeAttachProcess(AttachedProcess);
- }
- ObDereferenceObject(Port);
- return(Status);
- }
- if (LpcRequestMessageSize > (sizeof(LPC_MESSAGE) + MAX_MESSAGE_DATA))
+ if (LpcRequestMessageSize > LPC_MAX_MESSAGE_LENGTH)
{
if (NULL != AttachedProcess)
{
ObDereferenceObject(Port);
return(STATUS_NO_MEMORY);
}
- Status = MmCopyFromCaller(LpcRequest, UnsafeLpcRequest,
- LpcRequestMessageSize);
- if (!NT_SUCCESS(Status))
+ if (PreviousMode != KernelMode)
{
- ExFreePool(LpcRequest);
- if (NULL != AttachedProcess)
+ _SEH_TRY
{
- KeAttachProcess(AttachedProcess);
+ RtlCopyMemory(LpcRequest,
+ UnsafeLpcRequest,
+ LpcRequestMessageSize);
+ LpcRequestMessageSize = LpcRequest->u1.s1.TotalLength;
+ LpcRequestDataSize = LpcRequest->u1.s1.DataLength;
+ }
+ _SEH_HANDLE
+ {
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
+
+ if (!NT_SUCCESS(Status))
+ {
+ ExFreePool(LpcRequest);
+ if (NULL != AttachedProcess)
+ {
+ KeAttachProcess(AttachedProcess);
+ }
+ ObDereferenceObject(Port);
+ return(Status);
}
- ObDereferenceObject(Port);
- return(Status);
}
- LpcRequestMessageSize = LpcRequest->MessageSize;
- if (LpcRequestMessageSize > (sizeof(LPC_MESSAGE) + MAX_MESSAGE_DATA))
+ else
+ {
+ RtlCopyMemory(LpcRequest,
+ UnsafeLpcRequest,
+ LpcRequestMessageSize);
+ LpcRequestMessageSize = LpcRequest->u1.s1.TotalLength;
+ LpcRequestDataSize = LpcRequest->u1.s1.DataLength;
+ }
+
+ if (LpcRequestMessageSize > LPC_MAX_MESSAGE_LENGTH)
{
ExFreePool(LpcRequest);
if (NULL != AttachedProcess)
ObDereferenceObject(Port);
return(STATUS_PORT_MESSAGE_TOO_LONG);
}
- if (LpcRequest->DataSize != (LpcRequest->MessageSize - sizeof(LPC_MESSAGE)))
+ if (LpcRequestDataSize > LPC_MAX_DATA_LENGTH)
{
ExFreePool(LpcRequest);
if (NULL != AttachedProcess)
KeReleaseSpinLock(&Port->Lock, oldIrql);
if (Message)
{
- DPRINT("Message->Message.MessageSize %d\n",
- Message->Message.MessageSize);
- Status = MmCopyToCaller(UnsafeLpcReply, &Message->Message,
- Message->Message.MessageSize);
+ DPRINT("Message->Message.u1.s1.TotalLength %d\n",
+ Message->Message.u1.s1.TotalLength);
+ if (PreviousMode != KernelMode)
+ {
+ _SEH_TRY
+ {
+ RtlCopyMemory(UnsafeLpcReply,
+ &Message->Message,
+ Message->Message.u1.s1.TotalLength);
+ }
+ _SEH_HANDLE
+ {
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
+ }
+ else
+ {
+ RtlCopyMemory(UnsafeLpcReply,
+ &Message->Message,
+ Message->Message.u1.s1.TotalLength);
+ }
ExFreePool(Message);
}
else
* REVISIONS
*/
NTSTATUS STDCALL NtWriteRequestData (HANDLE PortHandle,
- PLPC_MESSAGE Message,
+ PPORT_MESSAGE Message,
ULONG Index,
PVOID Buffer,
ULONG BufferLength,