143 lines
3.2 KiB
C
143 lines
3.2 KiB
C
|
/*++
|
||
|
|
||
|
Copyright (c) 2000 Microsoft Corporation
|
||
|
|
||
|
Module Name:
|
||
|
|
||
|
kevutil.c
|
||
|
|
||
|
Abstract:
|
||
|
|
||
|
This module implements various utilities required to do driver verification.
|
||
|
|
||
|
Author:
|
||
|
|
||
|
Adrian J. Oney (adriao) 20-Apr-1998
|
||
|
|
||
|
Environment:
|
||
|
|
||
|
Kernel mode
|
||
|
|
||
|
Revision History:
|
||
|
|
||
|
AdriaO 02/10/2000 - Seperated out from ntos\io\ioassert.c
|
||
|
|
||
|
--*/
|
||
|
|
||
|
#include "ki.h"
|
||
|
|
||
|
#ifdef ALLOC_PRAGMA
|
||
|
#pragma alloc_text(PAGEVRFY, KevUtilAddressToFileHeader)
|
||
|
#endif // ALLOC_PRAGMA
|
||
|
|
||
|
NTSTATUS
|
||
|
KevUtilAddressToFileHeader(
|
||
|
IN PVOID Address,
|
||
|
OUT UINT_PTR *OffsetIntoImage,
|
||
|
OUT PUNICODE_STRING *DriverName,
|
||
|
OUT BOOLEAN *InVerifierList
|
||
|
)
|
||
|
/*++
|
||
|
|
||
|
Routine Description:
|
||
|
|
||
|
This function returns the name of a driver based on the specified
|
||
|
Address. In addition, the offset into the driver is returned along
|
||
|
with an indication as to whether the driver is among the list of those
|
||
|
being verified.
|
||
|
|
||
|
Arguments:
|
||
|
|
||
|
Address - Supplies an address to resolve to a driver name.
|
||
|
|
||
|
OffsetIntoImage - Recieves the offset relative to the base of the driver.
|
||
|
|
||
|
DriverName - Recieves a pointer to the name of the driver.
|
||
|
|
||
|
InVerifierList - Receives TRUE if the driver is in the verifier list,
|
||
|
FALSE otherwise.
|
||
|
|
||
|
Return Value:
|
||
|
|
||
|
NTSTATUS (On failure, OffsetIntoImage receives NULL, DriverName receives
|
||
|
NULL, and InVerifierList receives FALSE).
|
||
|
|
||
|
--*/
|
||
|
{
|
||
|
PLIST_ENTRY pModuleListHead, next;
|
||
|
PLDR_DATA_TABLE_ENTRY pDataTableEntry;
|
||
|
UINT_PTR bounds, pReturnBase, pCurBase;
|
||
|
|
||
|
//
|
||
|
// Preinit for failure
|
||
|
//
|
||
|
*DriverName = NULL;
|
||
|
*InVerifierList = FALSE;
|
||
|
*OffsetIntoImage = 0;
|
||
|
|
||
|
//
|
||
|
// Set initial values for the module walk
|
||
|
//
|
||
|
pReturnBase = 0;
|
||
|
pModuleListHead = &PsLoadedModuleList;
|
||
|
|
||
|
//
|
||
|
// It would be nice if we could call MiLookupDataTableEntry, but it's
|
||
|
// pageable, so we do what the bugcheck stuff does...
|
||
|
//
|
||
|
next = pModuleListHead->Flink;
|
||
|
if (next != NULL) {
|
||
|
while (next != pModuleListHead) {
|
||
|
|
||
|
//
|
||
|
// Extract the data table entry
|
||
|
//
|
||
|
pDataTableEntry = CONTAINING_RECORD(
|
||
|
next,
|
||
|
LDR_DATA_TABLE_ENTRY,
|
||
|
InLoadOrderLinks
|
||
|
);
|
||
|
|
||
|
next = next->Flink;
|
||
|
pCurBase = (UINT_PTR) pDataTableEntry->DllBase;
|
||
|
bounds = pCurBase + pDataTableEntry->SizeOfImage;
|
||
|
if ((UINT_PTR)Address >= pCurBase && (UINT_PTR)Address < bounds) {
|
||
|
|
||
|
//
|
||
|
// We have a match, record it and get out of here.
|
||
|
//
|
||
|
pReturnBase = pCurBase;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if (!pReturnBase) {
|
||
|
|
||
|
//
|
||
|
// ADRIAO BUGBUG 02/16/2000 -
|
||
|
// Get better error code.
|
||
|
//
|
||
|
return STATUS_UNSUCCESSFUL;
|
||
|
}
|
||
|
|
||
|
//
|
||
|
// Here we go!
|
||
|
//
|
||
|
*OffsetIntoImage = (UINT_PTR) Address - pReturnBase;
|
||
|
*DriverName = &pDataTableEntry->BaseDllName;
|
||
|
|
||
|
//
|
||
|
// Now record whether this is in the verifying table.
|
||
|
//
|
||
|
if (pDataTableEntry->Flags & LDRP_IMAGE_VERIFYING) {
|
||
|
|
||
|
*InVerifierList = TRUE;
|
||
|
}
|
||
|
|
||
|
return STATUS_SUCCESS;
|
||
|
}
|
||
|
|
||
|
|
||
|
|