windows-nt/Source/XPSP1/NT/base/ntos/ke/kevutil.c

143 lines
3.2 KiB
C
Raw Normal View History

2020-09-26 03:20:57 -05:00
/*++
Copyright (c) 2000 Microsoft Corporation
Module Name:
kevutil.c
Abstract:
This module implements various utilities required to do driver verification.
Author:
Adrian J. Oney (adriao) 20-Apr-1998
Environment:
Kernel mode
Revision History:
AdriaO 02/10/2000 - Seperated out from ntos\io\ioassert.c
--*/
#include "ki.h"
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGEVRFY, KevUtilAddressToFileHeader)
#endif // ALLOC_PRAGMA
NTSTATUS
KevUtilAddressToFileHeader(
IN PVOID Address,
OUT UINT_PTR *OffsetIntoImage,
OUT PUNICODE_STRING *DriverName,
OUT BOOLEAN *InVerifierList
)
/*++
Routine Description:
This function returns the name of a driver based on the specified
Address. In addition, the offset into the driver is returned along
with an indication as to whether the driver is among the list of those
being verified.
Arguments:
Address - Supplies an address to resolve to a driver name.
OffsetIntoImage - Recieves the offset relative to the base of the driver.
DriverName - Recieves a pointer to the name of the driver.
InVerifierList - Receives TRUE if the driver is in the verifier list,
FALSE otherwise.
Return Value:
NTSTATUS (On failure, OffsetIntoImage receives NULL, DriverName receives
NULL, and InVerifierList receives FALSE).
--*/
{
PLIST_ENTRY pModuleListHead, next;
PLDR_DATA_TABLE_ENTRY pDataTableEntry;
UINT_PTR bounds, pReturnBase, pCurBase;
//
// Preinit for failure
//
*DriverName = NULL;
*InVerifierList = FALSE;
*OffsetIntoImage = 0;
//
// Set initial values for the module walk
//
pReturnBase = 0;
pModuleListHead = &PsLoadedModuleList;
//
// It would be nice if we could call MiLookupDataTableEntry, but it's
// pageable, so we do what the bugcheck stuff does...
//
next = pModuleListHead->Flink;
if (next != NULL) {
while (next != pModuleListHead) {
//
// Extract the data table entry
//
pDataTableEntry = CONTAINING_RECORD(
next,
LDR_DATA_TABLE_ENTRY,
InLoadOrderLinks
);
next = next->Flink;
pCurBase = (UINT_PTR) pDataTableEntry->DllBase;
bounds = pCurBase + pDataTableEntry->SizeOfImage;
if ((UINT_PTR)Address >= pCurBase && (UINT_PTR)Address < bounds) {
//
// We have a match, record it and get out of here.
//
pReturnBase = pCurBase;
break;
}
}
}
if (!pReturnBase) {
//
// ADRIAO BUGBUG 02/16/2000 -
// Get better error code.
//
return STATUS_UNSUCCESSFUL;
}
//
// Here we go!
//
*OffsetIntoImage = (UINT_PTR) Address - pReturnBase;
*DriverName = &pDataTableEntry->BaseDllName;
//
// Now record whether this is in the verifying table.
//
if (pDataTableEntry->Flags & LDRP_IMAGE_VERIFYING) {
*InVerifierList = TRUE;
}
return STATUS_SUCCESS;
}