From 6866c0aededf893d0f2fbebf3164a0ef5a7cdbaf Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Wed, 12 Jun 2019 13:46:13 +0200 Subject: [PATCH] [NTOSKRNL][USETUP][UMPNPMGR] Pass user response data to NtPlugPlayControl(PlugPlayControlUserResponse). - Windows requires 16 bytes of response data. - Add the PLUGPLAY_CONTROL_USER_RESPONSE_DATA type. - Usetup and Umpnpmgr must fail if NtPlugPlayControl(PlugPlayControlUserResponse) does not return STATUS_SUCCESS. --- base/services/umpnpmgr/umpnpmgr.c | 10 +++++++++- base/setup/usetup/devinst.c | 10 +++++++++- ntoskrnl/io/pnpmgr/plugplay.c | 2 +- sdk/include/ndk/cmtypes.h | 11 ++++++++++- 4 files changed, 29 insertions(+), 4 deletions(-) diff --git a/base/services/umpnpmgr/umpnpmgr.c b/base/services/umpnpmgr/umpnpmgr.c index e26fa2f64d1..7aa64813c75 100644 --- a/base/services/umpnpmgr/umpnpmgr.c +++ b/base/services/umpnpmgr/umpnpmgr.c @@ -50,6 +50,7 @@ HKEY hClassKey = NULL; static DWORD WINAPI PnpEventThread(LPVOID lpParameter) { + PLUGPLAY_CONTROL_USER_RESPONSE_DATA ResponseData = {0, 0, 0, 0}; DWORD dwRet = ERROR_SUCCESS; NTSTATUS Status; RPC_STATUS RpcStatus; @@ -182,7 +183,14 @@ PnpEventThread(LPVOID lpParameter) } /* Dequeue the current PnP event and signal the next one */ - NtPlugPlayControl(PlugPlayControlUserResponse, NULL, 0); + Status = NtPlugPlayControl(PlugPlayControlUserResponse, + &ResponseData, + sizeof(ResponseData)); + if (!NT_SUCCESS(Status)) + { + DPRINT1("NtPlugPlayControl(PlugPlayControlUserResponse) failed (Status 0x%08lx)\n", Status); + break; + } } HeapFree(GetProcessHeap(), 0, PnpEvent); diff --git a/base/setup/usetup/devinst.c b/base/setup/usetup/devinst.c index ea4333c5a93..d9fc5c2a576 100644 --- a/base/setup/usetup/devinst.c +++ b/base/setup/usetup/devinst.c @@ -405,6 +405,7 @@ static ULONG NTAPI PnpEventThread(IN PVOID Parameter) { NTSTATUS Status; + PLUGPLAY_CONTROL_USER_RESPONSE_DATA ResponseData = {0, 0, 0, 0}; PPLUGPLAY_EVENT_BLOCK PnpEvent, NewPnpEvent; ULONG PnpEventSize; @@ -483,7 +484,14 @@ PnpEventThread(IN PVOID Parameter) } /* Dequeue the current PnP event and signal the next one */ - NtPlugPlayControl(PlugPlayControlUserResponse, NULL, 0); + Status = NtPlugPlayControl(PlugPlayControlUserResponse, + &ResponseData, + sizeof(ResponseData)); + if (!NT_SUCCESS(Status)) + { + DPRINT1("NtPlugPlayControl(PlugPlayControlUserResponse) failed (Status 0x%08lx)\n", Status); + goto Quit; + } } Status = STATUS_SUCCESS; diff --git a/ntoskrnl/io/pnpmgr/plugplay.c b/ntoskrnl/io/pnpmgr/plugplay.c index 50331e21191..8526817c3c7 100644 --- a/ntoskrnl/io/pnpmgr/plugplay.c +++ b/ntoskrnl/io/pnpmgr/plugplay.c @@ -1346,7 +1346,7 @@ NtPlugPlayControl(IN PLUGPLAY_CONTROL_CLASS PlugPlayControlClass, // case PlugPlayControlQueryAndRemoveDevice: case PlugPlayControlUserResponse: - if (Buffer || BufferLength != 0) + if (!Buffer || BufferLength < sizeof(PLUGPLAY_CONTROL_USER_RESPONSE_DATA)) return STATUS_INVALID_PARAMETER; return IopRemovePlugPlayEvent(); diff --git a/sdk/include/ndk/cmtypes.h b/sdk/include/ndk/cmtypes.h index 2b854923cf6..7eed8145d14 100644 --- a/sdk/include/ndk/cmtypes.h +++ b/sdk/include/ndk/cmtypes.h @@ -452,7 +452,16 @@ typedef struct _PLUGPLAY_CONTROL_ENUMERATE_DEVICE_DATA ULONG Flags; } PLUGPLAY_CONTROL_ENUMERATE_DEVICE_DATA, *PPLUGPLAY_CONTROL_ENUMERATE_DEVICE_DATA; -//Class 0x09 +// Class 0x07 +typedef struct _PLUGPLAY_CONTROL_USER_RESPONSE_DATA +{ + ULONG Unknown1; + ULONG Unknown2; + ULONG Unknown3; + ULONG Unknown4; +} PLUGPLAY_CONTROL_USER_RESPONSE_DATA, *PPLUGPLAY_CONTROL_USER_RESPONSE_DATA; + +// Class 0x09 typedef struct _PLUGPLAY_CONTROL_INTERFACE_DEVICE_LIST_DATA { UNICODE_STRING DeviceInstance; -- 2.17.1