[Wine-patches] [eterhack 20/23] ntoskrnl.exe: Prevent crash of some Katran programs.
Alexander Morozov
=?iso-8859-1?q?amorozov_=CE=C1_etersoft=2Eru?=
Пт Июн 5 13:00:20 MSD 2009
---
dlls/ntoskrnl.exe/ntoskrnl.c | 48 ++++++++++++++++++++++++++++--------------
1 files changed, 32 insertions(+), 16 deletions(-)
diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
index 54d3826..69bbf03 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.c
+++ b/dlls/ntoskrnl.exe/ntoskrnl.c
@@ -139,6 +139,8 @@ struct HandleInstance
#define IOCTL_WINE_DRIVER_WRITE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x101, \
METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define UPKEY_NKEY_DATA_SIZE 8192
+
#ifdef __i386__
#define DEFINE_FASTCALL1_ENTRYPOINT( name ) \
__ASM_GLOBAL_FUNC( name, \
@@ -518,40 +520,52 @@ static NTSTATUS process_ioctl( DEVICE_OBJECT *device, ULONG code, void *in_buff,
LARGE_INTEGER count;
IO_STATUS_BLOCK iosb;
HANDLE process = NULL;
- CHAR data[146];
+ CHAR *data = NULL;
void *saved_ptr = NULL;
- ULONG offset = 0;
+ ULONG offset = 0, offset2 = 0;
TRACE( "ioctl %x device %p in_size %u out_size %u\n", code, device, in_size, *out_size );
- /* HACK for UPKey.sys */
+ /* HACK for UPKey.sys and NKey.sys */
if (0x3fc == code) offset = 2;
- if (0x222044 == code || 0x222060 == code || 0x44c == code || 0x456 == code) offset = 8;
+ else if (0x222040 == code || 0x222044 == code || 0x222048 == code ||
+ 0x22204c == code || 0x222060 == code || 0x222100 == code ||
+ 0x222104 == code || 0x222108 == code || 0x222110 == code ||
+ 0x222118 == code || 0x222120 == code ||
+ 0x44c == code || 0x456 == code)
+ offset = 8;
+ else if (0x2220d8 == code)
+ {
+ offset = 14;
+ offset2 = 8;
+ }
if (offset && in_buff)
{
+ data = HeapAlloc( GetProcessHeap(), 0, UPKEY_NKEY_DATA_SIZE );
+ if (data == NULL) return STATUS_NO_MEMORY;
saved_ptr = *(void**)((char *)in_buff + offset);
- if (saved_ptr)
- {
- *(void**)((char *)in_buff + offset) = &data;
- process = OpenProcess( PROCESS_ALL_ACCESS, FALSE, get_pid() );
- if (process != NULL)
- NtReadVirtualMemory( process, saved_ptr, data, sizeof(data), NULL );
- }
+ *(void**)((char *)in_buff + offset) = data;
+ if (offset2)
+ *(void**)((char *)in_buff + offset2) = data +
+ (*(char**)((char *)in_buff + offset2) - (char *)saved_ptr);
+ process = OpenProcess( PROCESS_ALL_ACCESS, FALSE, get_pid() );
+ if (process != NULL)
+ NtReadVirtualMemory( process, saved_ptr, data, UPKEY_NKEY_DATA_SIZE, NULL );
}
file = ExAllocatePool( NonPagedPool, sizeof(*file) );
if (file == NULL)
{
- if (process) CloseHandle( process );
- return STATUS_NO_MEMORY;
+ status = STATUS_NO_MEMORY;
+ goto end;
}
irp = IoBuildDeviceIoControlRequest( code, device, in_buff, in_size,
out_buff, *out_size, FALSE, NULL, &iosb );
if (irp == NULL)
{
ExFreePool( file );
- if (process) CloseHandle( process );
- return STATUS_NO_MEMORY;
+ status = STATUS_NO_MEMORY;
+ goto end;
}
irpsp = irp->Tail.Overlay.s.u.CurrentStackLocation - 1;
irp->RequestorMode = UserMode;
@@ -564,11 +578,13 @@ static NTSTATUS process_ioctl( DEVICE_OBJECT *device, ULONG code, void *in_buff,
KeQueryTickCount( &count ); /* update the global KeTickCount */
status = IoCallDriver( device, irp );
+end:
if (process)
{
- NtWriteVirtualMemory( process, saved_ptr, data, sizeof(data), NULL );
+ NtWriteVirtualMemory( process, saved_ptr, data, UPKEY_NKEY_DATA_SIZE, NULL );
CloseHandle( process );
}
+ if (data) HeapFree( GetProcessHeap(), 0, data );
*out_size = (status >= 0) ? iosb.Information : 0;
return status;
}
--
1.6.3.1
Подробная информация о списке рассылки Wine-patches