本文整理汇总了C++中ProbeForRead函数的典型用法代码示例。如果您正苦于以下问题:C++ ProbeForRead函数的具体用法?C++ ProbeForRead怎么用?C++ ProbeForRead使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ProbeForRead函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: NtGdiEngAlphaBlend
/*
* @implemented
*/
BOOL
APIENTRY
NtGdiEngAlphaBlend(IN SURFOBJ *psoDest,
IN SURFOBJ *psoSource,
IN CLIPOBJ *ClipRegion,
IN XLATEOBJ *ColorTranslation,
IN PRECTL upDestRect,
IN PRECTL upSourceRect,
IN BLENDOBJ *BlendObj)
{
RECTL DestRect;
RECTL SourceRect;
_SEH2_TRY
{
ProbeForRead(upDestRect, sizeof(RECTL), 1);
RtlCopyMemory(&DestRect,upDestRect, sizeof(RECTL));
ProbeForRead(upSourceRect, sizeof(RECTL), 1);
RtlCopyMemory(&SourceRect, upSourceRect, sizeof(RECTL));
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
_SEH2_YIELD(return FALSE);
}
_SEH2_END;
return EngAlphaBlend(psoDest, psoSource, ClipRegion, ColorTranslation, &DestRect, &SourceRect, BlendObj);
}
开发者ID:HBelusca,项目名称:NasuTek-Odyssey,代码行数:33,代码来源:alphablend.c
示例2: renderBITMAPfromDIB
HANDLE FASTCALL
renderBITMAPfromDIB(LPBYTE pDIB)
{
HDC hdc;
HBITMAP hbitmap;
PBITMAPINFO pBmi, pConvertedBmi = NULL;
NTSTATUS Status ;
UINT offset = 0; /* Stupid compiler */
pBmi = (BITMAPINFO*)pDIB;
//hdc = UserGetDCEx(NULL, NULL, DCX_USESTYLE);
hdc = UserGetDCEx(ClipboardWindow, NULL, DCX_USESTYLE);
/* Probe it */
_SEH2_TRY
{
ProbeForRead(&pBmi->bmiHeader.biSize, sizeof(DWORD), 1);
ProbeForRead(pBmi, pBmi->bmiHeader.biSize, 1);
ProbeForRead(pBmi, DIB_BitmapInfoSize(pBmi, DIB_RGB_COLORS), 1);
pConvertedBmi = DIB_ConvertBitmapInfo(pBmi, DIB_RGB_COLORS);
if(!pConvertedBmi)
{
Status = STATUS_INVALID_PARAMETER;
}
else
{
offset = DIB_BitmapInfoSize((BITMAPINFO*)pBmi, DIB_RGB_COLORS);
ProbeForRead(pDIB + offset, pConvertedBmi->bmiHeader.biSizeImage, 1);
}
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
}
_SEH2_END
if(!NT_SUCCESS(Status))
{
UserReleaseDC(ClipboardWindow, hdc, FALSE);
return NULL;
}
hbitmap = GreCreateDIBitmapInternal(hdc,
pConvertedBmi->bmiHeader.biWidth,
pConvertedBmi->bmiHeader.biHeight,
CBM_INIT,
pDIB+offset,
pConvertedBmi,
DIB_RGB_COLORS,
0,
0);
//UserReleaseDC(NULL, hdc, FALSE);
UserReleaseDC(ClipboardWindow, hdc, FALSE);
DIB_FreeConvertedBitmapInfo(pConvertedBmi, pBmi);
return hbitmap;
}
开发者ID:HBelusca,项目名称:NasuTek-Odyssey,代码行数:59,代码来源:clipboard.c
示例3: NtRequestWaitReplyPort
/*
* @implemented
*/
NTSTATUS
NTAPI
NtRequestWaitReplyPort(IN HANDLE PortHandle,
IN PPORT_MESSAGE LpcRequest,
IN OUT PPORT_MESSAGE LpcReply)
{
PORT_MESSAGE LocalLpcRequest;
ULONG NumberOfDataEntries;
PLPCP_PORT_OBJECT Port, QueuePort, ReplyPort, ConnectionPort = NULL;
KPROCESSOR_MODE PreviousMode = KeGetPreviousMode();
NTSTATUS Status;
PLPCP_MESSAGE Message;
PETHREAD Thread = PsGetCurrentThread();
BOOLEAN Callback;
PKSEMAPHORE Semaphore;
ULONG MessageType;
PLPCP_DATA_INFO DataInfo;
PAGED_CODE();
LPCTRACE(LPC_SEND_DEBUG,
"Handle: %p. Messages: %p/%p. Type: %lx\n",
PortHandle,
LpcRequest,
LpcReply,
LpcpGetMessageType(LpcRequest));
/* Check if the thread is dying */
if (Thread->LpcExitThreadCalled) return STATUS_THREAD_IS_TERMINATING;
/* Check for user mode access */
if (PreviousMode != KernelMode)
{
_SEH2_TRY
{
/* Probe the full request message and copy the base structure */
ProbeForRead(LpcRequest, sizeof(*LpcRequest), sizeof(ULONG));
ProbeForRead(LpcRequest, LpcRequest->u1.s1.TotalLength, sizeof(ULONG));
LocalLpcRequest = *LpcRequest;
/* Probe the reply message for write */
ProbeForWrite(LpcReply, sizeof(*LpcReply), sizeof(ULONG));
/* Make sure the data entries in the request message are valid */
Status = LpcpVerifyMessageDataInfo(LpcRequest, &NumberOfDataEntries);
if (!NT_SUCCESS(Status))
{
DPRINT1("LpcpVerifyMessageDataInfo failed\n");
return Status;
}
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
DPRINT1("Got exception\n");
return _SEH2_GetExceptionCode();
}
_SEH2_END;
}
开发者ID:Nevermore2015,项目名称:reactos,代码行数:59,代码来源:send.c
示例4: KspEnableEvent
NTSTATUS
KspEnableEvent(
IN PIRP Irp,
IN ULONG EventSetsCount,
IN const KSEVENT_SET* EventSet,
IN OUT PLIST_ENTRY EventsList OPTIONAL,
IN KSEVENTS_LOCKTYPE EventsFlags OPTIONAL,
IN PVOID EventsLock OPTIONAL,
IN PFNKSALLOCATOR Allocator OPTIONAL,
IN ULONG EventItemSize OPTIONAL)
{
PIO_STACK_LOCATION IoStack;
NTSTATUS Status;
KSEVENT Event;
PKSEVENT_ITEM EventItem, FoundEventItem;
PKSEVENTDATA EventData;
const KSEVENT_SET *FoundEventSet;
PKSEVENT_ENTRY EventEntry;
ULONG Index, SubIndex, Size;
PVOID Object;
KSEVENT_CTX Ctx;
LPGUID Guid;
/* get current stack location */
IoStack = IoGetCurrentIrpStackLocation(Irp);
if (IoStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(KSEVENT))
{
/* invalid parameter */
return STATUS_NOT_SUPPORTED;
}
if (Irp->RequestorMode == UserMode)
{
_SEH2_TRY
{
ProbeForRead(IoStack->Parameters.DeviceIoControl.Type3InputBuffer, sizeof(KSEVENT), sizeof(UCHAR));
ProbeForRead(Irp->UserBuffer, IoStack->Parameters.DeviceIoControl.OutputBufferLength, sizeof(UCHAR));
RtlMoveMemory(&Event, IoStack->Parameters.DeviceIoControl.Type3InputBuffer, sizeof(KSEVENT));
Status = STATUS_SUCCESS;
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
/* Exception, get the error code */
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
/* check for success */
if (!NT_SUCCESS(Status))
{
/* failed to probe parameters */
return Status;
}
}
开发者ID:hoangduit,项目名称:reactos,代码行数:55,代码来源:event.c
示例5: SepCaptureSid
NTSTATUS
NTAPI
SepCaptureSid(IN PSID InputSid,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
OUT PSID *CapturedSid)
{
ULONG SidSize = 0;
PISID NewSid, Sid = (PISID)InputSid;
NTSTATUS Status;
PAGED_CODE();
if (AccessMode != KernelMode)
{
_SEH2_TRY
{
ProbeForRead(Sid,
FIELD_OFFSET(SID,
SubAuthority),
sizeof(UCHAR));
SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
ProbeForRead(Sid,
SidSize,
sizeof(UCHAR));
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
/* Return the exception code */
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
/* allocate a SID and copy it */
NewSid = ExAllocatePool(PoolType,
SidSize);
if (NewSid != NULL)
{
_SEH2_TRY
{
RtlCopyMemory(NewSid,
Sid,
SidSize);
*CapturedSid = NewSid;
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
/* Free the SID and return the exception code */
ExFreePoolWithTag(NewSid, TAG_SID);
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
}
开发者ID:HBelusca,项目名称:NasuTek-Odyssey,代码行数:55,代码来源:sid.c
示例6: NtGdiOpenDCW
HDC
APIENTRY
NtGdiOpenDCW(
PUNICODE_STRING pustrDevice,
DEVMODEW *pdmInit,
PUNICODE_STRING pustrLogAddr,
ULONG iType,
BOOL bDisplay,
HANDLE hspool,
VOID *pDriverInfo2,
VOID *pUMdhpdev)
{
UNICODE_STRING ustrDevice;
WCHAR awcDevice[CCHDEVICENAME];
DEVMODEW dmInit;
PVOID dhpdev;
HDC hdc;
/* Only if a devicename is given, we need any data */
if (pustrDevice)
{
/* Initialize destination string */
RtlInitEmptyUnicodeString(&ustrDevice, awcDevice, sizeof(awcDevice));
_SEH2_TRY
{
/* Probe the UNICODE_STRING and the buffer */
ProbeForRead(pustrDevice, sizeof(UNICODE_STRING), 1);
ProbeForRead(pustrDevice->Buffer, pustrDevice->Length, 1);
/* Copy the string */
RtlCopyUnicodeString(&ustrDevice, pustrDevice);
if (pdmInit)
{
/* FIXME: could be larger */
ProbeForRead(pdmInit, sizeof(DEVMODEW), 1);
RtlCopyMemory(&dmInit, pdmInit, sizeof(DEVMODEW));
}
if (pUMdhpdev)
{
ProbeForWrite(pUMdhpdev, sizeof(HANDLE), 1);
}
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
SetLastNtError(_SEH2_GetExceptionCode());
_SEH2_YIELD(return NULL);
}
_SEH2_END
}
else
{
开发者ID:Nevermore2015,项目名称:reactos,代码行数:54,代码来源:dclife.c
示例7: SepCaptureAcl
NTSTATUS
NTAPI
SepCaptureAcl(IN PACL InputAcl,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
OUT PACL *CapturedAcl)
{
PACL NewAcl;
ULONG AclSize = 0;
NTSTATUS Status = STATUS_SUCCESS;
PAGED_CODE();
if (AccessMode != KernelMode)
{
_SEH2_TRY
{
ProbeForRead(InputAcl,
sizeof(ACL),
sizeof(ULONG));
AclSize = InputAcl->AclSize;
ProbeForRead(InputAcl,
AclSize,
sizeof(ULONG));
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
/* Return the exception code */
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
NewAcl = ExAllocatePoolWithTag(PoolType,
AclSize,
TAG_ACL);
if (NewAcl != NULL)
{
_SEH2_TRY
{
RtlCopyMemory(NewAcl,
InputAcl,
AclSize);
*CapturedAcl = NewAcl;
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
/* Free the ACL and return the exception code */
ExFreePoolWithTag(NewAcl, TAG_ACL);
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
}
开发者ID:GYGit,项目名称:reactos,代码行数:54,代码来源:acl.c
示例8: NtGdiEngStretchBlt
BOOL
APIENTRY
NtGdiEngStretchBlt(
IN SURFOBJ *psoDest,
IN SURFOBJ *psoSource,
IN SURFOBJ *Mask,
IN CLIPOBJ *ClipRegion,
IN XLATEOBJ *ColorTranslation,
IN COLORADJUSTMENT *pca,
IN POINTL *BrushOrigin,
IN RECTL *prclDest,
IN RECTL *prclSrc,
IN POINTL *MaskOrigin,
IN ULONG Mode)
{
COLORADJUSTMENT ca;
POINTL lBrushOrigin;
RECTL rclDest;
RECTL rclSrc;
POINTL lMaskOrigin;
_SEH2_TRY
{
if (pca)
{
ProbeForRead(pca, sizeof(COLORADJUSTMENT), 1);
RtlCopyMemory(&ca,pca, sizeof(COLORADJUSTMENT));
pca = &ca;
}
ProbeForRead(BrushOrigin, sizeof(POINTL), 1);
RtlCopyMemory(&lBrushOrigin, BrushOrigin, sizeof(POINTL));
ProbeForRead(prclDest, sizeof(RECTL), 1);
RtlCopyMemory(&rclDest, prclDest, sizeof(RECTL));
ProbeForRead(prclSrc, sizeof(RECTL), 1);
RtlCopyMemory(&rclSrc, prclSrc, sizeof(RECTL));
ProbeForRead(MaskOrigin, sizeof(POINTL), 1);
RtlCopyMemory(&lMaskOrigin, MaskOrigin, sizeof(POINTL));
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
_SEH2_YIELD(return FALSE);
}
_SEH2_END;
return EngStretchBlt(psoDest, psoSource, Mask, ClipRegion, ColorTranslation, pca, &lBrushOrigin, &rclDest, &rclSrc, &lMaskOrigin, Mode);
}
开发者ID:hoangduit,项目名称:reactos,代码行数:51,代码来源:stretchblt.c
示例9: KiRaiseException
NTSTATUS
NTAPI
KiRaiseException(IN PEXCEPTION_RECORD ExceptionRecord,
IN PCONTEXT Context,
IN PKEXCEPTION_FRAME ExceptionFrame,
IN PKTRAP_FRAME TrapFrame,
IN BOOLEAN SearchFrames)
{
KPROCESSOR_MODE PreviousMode = KeGetPreviousMode();
CONTEXT LocalContext;
EXCEPTION_RECORD LocalExceptionRecord;
ULONG ParameterCount, Size;
/* Check if we need to probe */
if (PreviousMode != KernelMode)
{
/* Set up SEH */
_SEH2_TRY
{
/* Probe the context */
ProbeForRead(Context, sizeof(CONTEXT), sizeof(ULONG));
/* Probe the Exception Record */
ProbeForRead(ExceptionRecord,
FIELD_OFFSET(EXCEPTION_RECORD, NumberParameters) +
sizeof(ULONG),
sizeof(ULONG));
/* Validate the maximum parameters */
if ((ParameterCount = ExceptionRecord->NumberParameters) >
EXCEPTION_MAXIMUM_PARAMETERS)
{
/* Too large */
_SEH2_YIELD(return STATUS_INVALID_PARAMETER);
}
/* Probe the entire parameters now*/
Size = (sizeof(EXCEPTION_RECORD) -
((EXCEPTION_MAXIMUM_PARAMETERS - ParameterCount) * sizeof(ULONG)));
ProbeForRead(ExceptionRecord, Size, sizeof(ULONG));
/* Now make copies in the stack */
RtlCopyMemory(&LocalContext, Context, sizeof(CONTEXT));
RtlCopyMemory(&LocalExceptionRecord, ExceptionRecord, Size);
Context = &LocalContext;
ExceptionRecord = &LocalExceptionRecord;
/* Update the parameter count */
ExceptionRecord->NumberParameters = ParameterCount;
}
开发者ID:hoangduit,项目名称:reactos,代码行数:50,代码来源:except.c
示例10: DispatchProtectObject
//保护对象
//InputBuffer[0] == Object
//InputBuffer[1] == 是否删除
NTSTATUS
DispatchProtectObject(PVOID InputBuffer, ULONG InputLength,
PVOID OutputBuffer, ULONG OutputLength,
PULONG Information)
{
PVOID object;
BOOLEAN remove;
NTSTATUS status;
*Information = 0;
if(InputBuffer == NULL ||
InputLength != sizeof(ULONG) * 2)
{
KdPrint(("DispatchProtectObject Param length mismatch\n"));
return STATUS_INVALID_PARAMETER;
}
try {
ProbeForRead(InputBuffer, sizeof(ULONG) * 2, 1);
object = *(PVOID*)InputBuffer;
remove = (BOOLEAN)(*(PULONG)((ULONG)InputBuffer + 4));
status = STATUS_SUCCESS;
} except(EXCEPTION_CONTINUE_EXECUTION) {
status = STATUS_ACCESS_VIOLATION;
}
if(!NT_SUCCESS(status))
return status;
ProtectAddObject(object, remove);
return status;
}
开发者ID:yax571,项目名称:cr-ark,代码行数:35,代码来源:Dispatch.c
示例11: DispatchUnmapProcessModule
//卸载Process进程中的指定模块
//InputBuffer[0] == Process PEPROCESS指针
//InputBuffer[1] == BaseAddress 模块起始地址
NTSTATUS
DispatchUnmapProcessModule(PVOID InputBuffer, ULONG InputLength,
PVOID OutputBuffer, ULONG OutputLength,
PULONG Information)
{
PEPROCESS process;
PVOID baseAddress;
NTSTATUS status;
BOOLEAN bRet;
*Information = 0;
if(InputBuffer == NULL ||
InputLength != sizeof(ULONG) * 2)
{
KdPrint(("DispatchUnmapProcessModule Param length mismatch\n"));
return STATUS_INVALID_PARAMETER;
}
try {
ProbeForRead(InputBuffer, sizeof(ULONG) * 2, 1);
process = *(PEPROCESS*)InputBuffer;
baseAddress = *(PVOID*)((ULONG)InputBuffer + 4);
status = STATUS_SUCCESS;
} except(EXCEPTION_CONTINUE_EXECUTION) {
status = STATUS_ACCESS_VIOLATION;
}
if(!NT_SUCCESS(status))
return status;
bRet = UnmapProcessModule(process, baseAddress);
return STATUS_SUCCESS;
}
开发者ID:yax571,项目名称:cr-ark,代码行数:37,代码来源:Dispatch.c
示例12: DispatchSpecialInitialize
//初始化APC
//InputBuffer[0] == ThreadHandle
NTSTATUS
DispatchSpecialInitialize(PVOID InputBuffer, ULONG InputLength,
PVOID OutputBuffer, ULONG OutputLength,
PULONG Information)
{
HANDLE threadHandle;
NTSTATUS status;
//验证
if(InputBuffer == NULL ||
InputLength != sizeof(HANDLE))
return STATUS_INVALID_PARAMETER;
*Information = 0;
status = STATUS_SUCCESS;
try{
ProbeForRead(InputBuffer, 4, 1);
threadHandle = *(HANDLE*)(InputBuffer);
}except(EXCEPTION_CONTINUE_EXECUTION){
status = STATUS_ACCESS_VIOLATION;
}
if(!NT_SUCCESS(status))
return status;
if(!EnviromentSpecialInitialize(threadHandle, NULL, TRUE))
return STATUS_UNSUCCESSFUL;
return STATUS_SUCCESS;
}
开发者ID:yax571,项目名称:cr-ark,代码行数:32,代码来源:Dispatch.c
示例13: NtUserSetClipboardData
HANDLE APIENTRY
NtUserSetClipboardData(UINT fmt, HANDLE hData, PSETCLIPBDATA pUnsafeScd)
{
SETCLIPBDATA scd;
HANDLE hRet;
TRACE("NtUserSetClipboardData(%x %p %p)\n", fmt, hData, pUnsafeScd);
_SEH2_TRY
{
ProbeForRead(pUnsafeScd, sizeof(*pUnsafeScd), 1);
RtlCopyMemory(&scd, pUnsafeScd, sizeof(scd));
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
SetLastNtError(_SEH2_GetExceptionCode());
_SEH2_YIELD(return NULL;)
}
_SEH2_END
UserEnterExclusive();
/* Call internal function */
hRet = UserSetClipboardData(fmt, hData, &scd);
UserLeave();
return hRet;
}
开发者ID:CSRedRat,项目名称:reactos-playground,代码行数:29,代码来源:clipboard.c
示例14: KpiOpenProcess
/**
* Opens a process.
*
* \param ProcessHandle A variable which receives the process handle.
* \param DesiredAccess The desired access to the process.
* \param ClientId The identifier of a process or thread. If \a UniqueThread
* is present, the process of the identified thread will be opened. If
* \a UniqueProcess is present, the identified process will be opened.
* \param AccessMode The mode in which to perform access checks.
*/
NTSTATUS KpiOpenProcess(
__out PHANDLE ProcessHandle,
__in ACCESS_MASK DesiredAccess,
__in PCLIENT_ID ClientId,
__in KPROCESSOR_MODE AccessMode
)
{
NTSTATUS status;
CLIENT_ID clientId;
PEPROCESS process;
PETHREAD thread;
HANDLE processHandle;
PAGED_CODE();
if (AccessMode != KernelMode)
{
__try
{
ProbeForWrite(ProcessHandle, sizeof(HANDLE), sizeof(HANDLE));
ProbeForRead(ClientId, sizeof(CLIENT_ID), sizeof(ULONG));
clientId = *ClientId;
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return GetExceptionCode();
}
}
开发者ID:john-peterson,项目名称:processhacker,代码行数:38,代码来源:process.c
示例15: NtGdiCreateColorSpace
HANDLE
APIENTRY
NtGdiCreateColorSpace(
IN PLOGCOLORSPACEEXW pLogColorSpace)
{
LOGCOLORSPACEEXW Safelcs;
NTSTATUS Status = STATUS_SUCCESS;
_SEH2_TRY
{
ProbeForRead( pLogColorSpace,
sizeof(LOGCOLORSPACEEXW),
1);
RtlCopyMemory(&Safelcs, pLogColorSpace, sizeof(LOGCOLORSPACEEXW));
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
if (!NT_SUCCESS(Status))
{
SetLastNtError(Status);
return NULL;
}
return IntGdiCreateColorSpace(&Safelcs);
}
开发者ID:HBelusca,项目名称:NasuTek-Odyssey,代码行数:28,代码来源:icm.c
示例16: NtGdiGetFontData
DWORD
APIENTRY
NtGdiGetFontData(
HDC hDC,
DWORD Table,
DWORD Offset,
LPVOID Buffer,
DWORD Size)
{
PDC Dc;
PDC_ATTR pdcattr;
HFONT hFont;
PTEXTOBJ TextObj;
PFONTGDI FontGdi;
DWORD Result = GDI_ERROR;
NTSTATUS Status = STATUS_SUCCESS;
if (Buffer && Size)
{
_SEH2_TRY
{
ProbeForRead(Buffer, Size, 1);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
}
_SEH2_END
}
开发者ID:GYGit,项目名称:reactos,代码行数:29,代码来源:font.c
示例17: NtReplyPort
/*
* @implemented
*/
NTSTATUS
NTAPI
NtReplyPort(IN HANDLE PortHandle,
IN PPORT_MESSAGE ReplyMessage)
{
NTSTATUS Status;
KPROCESSOR_MODE PreviousMode = KeGetPreviousMode();
PORT_MESSAGE CapturedReplyMessage;
PLPCP_PORT_OBJECT Port;
PLPCP_MESSAGE Message;
PETHREAD Thread = PsGetCurrentThread(), WakeupThread;
PAGED_CODE();
LPCTRACE(LPC_REPLY_DEBUG,
"Handle: %p. Message: %p.\n",
PortHandle,
ReplyMessage);
/* Check if the call comes from user mode */
if (PreviousMode != KernelMode)
{
_SEH2_TRY
{
ProbeForRead(ReplyMessage, sizeof(*ReplyMessage), sizeof(ULONG));
CapturedReplyMessage = *(volatile PORT_MESSAGE*)ReplyMessage;
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
}
开发者ID:reactos,项目名称:reactos,代码行数:35,代码来源:reply.c
示例18: NtReplyPort
/*
* @implemented
*/
NTSTATUS
NTAPI
NtReplyPort(IN HANDLE PortHandle,
IN PPORT_MESSAGE ReplyMessage)
{
PLPCP_PORT_OBJECT Port;
KPROCESSOR_MODE PreviousMode = KeGetPreviousMode();
NTSTATUS Status;
PLPCP_MESSAGE Message;
PETHREAD Thread = PsGetCurrentThread(), WakeupThread;
//PORT_MESSAGE CapturedReplyMessage;
PAGED_CODE();
LPCTRACE(LPC_REPLY_DEBUG,
"Handle: %p. Message: %p.\n",
PortHandle,
ReplyMessage);
if (KeGetPreviousMode() == UserMode)
{
_SEH2_TRY
{
ProbeForRead(ReplyMessage, sizeof(PORT_MESSAGE), sizeof(ULONG));
/*RtlCopyMemory(&CapturedReplyMessage, ReplyMessage, sizeof(PORT_MESSAGE));
ReplyMessage = &CapturedReplyMessage;*/
}
_SEH2_EXCEPT(ExSystemExceptionFilter())
{
DPRINT1("SEH crash [1]\n");
DbgBreakPoint();
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
}
开发者ID:hoangduit,项目名称:reactos,代码行数:37,代码来源:reply.c
示例19: MuLocateCharacteristicCode
PVOID
MuLocateCharacteristicCode (
PVOID ImageBase,
ULONG ImageSize,
PUCHAR VerifyCode,
PUCHAR VerifyMask,
ULONG CodeLength
)
{
ULONG i, Found = 0;
PUCHAR ImageNow = (PUCHAR)ImageBase;
PVOID Offset;
g_DebugValue += 1000;
__try
{
if ((ULONG)ImageBase + ImageSize < (ULONG)MmHighestUserAddress)
ProbeForRead((PUCHAR)ImageBase, ImageSize, 1);
while ((ULONG)ImageNow < (ULONG)ImageBase + ImageSize)
{
for (i = 0 ; i < CodeLength ; i++)
{
if (!VerifyMask[i])
{
if (*ImageNow++ != VerifyCode[i])
break;
}
else
{
ImageNow++;
}
if ((ULONG)ImageNow >= (ULONG)ImageBase + ImageSize)
break;
}
if (i == CodeLength)
{
Offset = (PVOID)((ULONG)ImageNow - CodeLength);
Found++;
break; // BUGBUG
}
}
}
__except (1)
{
}
if (Found != 1)
{
MuWriteDebugLog(g_DebugValue + (Found * 100));
}
return Found == 1 ? Offset : NULL;
}
开发者ID:av233max,项目名称:NTLER,代码行数:59,代码来源:init.c
示例20: TriggerArbitraryOverwrite
/// <summary>
/// Trigger the Arbitrary Overwrite Vulnerability
/// </summary>
/// <param name="UserWriteWhatWhere">The pointer to WRITE_WHAT_WHERE structure</param>
/// <returns>NTSTATUS</returns>
NTSTATUS TriggerArbitraryOverwrite(IN PWRITE_WHAT_WHERE UserWriteWhatWhere) {
PULONG_PTR What = NULL;
PULONG_PTR Where = NULL;
NTSTATUS Status = STATUS_SUCCESS;
PAGED_CODE();
__try {
// Verify if the buffer resides in user mode
ProbeForRead((PVOID)UserWriteWhatWhere,
sizeof(WRITE_WHAT_WHERE),
(ULONG)__alignof(WRITE_WHAT_WHERE));
What = UserWriteWhatWhere->What;
Where = UserWriteWhatWhere->Where;
DbgPrint("[+] UserWriteWhatWhere: 0x%p\n", UserWriteWhatWhere);
DbgPrint("[+] WRITE_WHAT_WHERE Size: 0x%X\n", sizeof(WRITE_WHAT_WHERE));
DbgPrint("[+] UserWriteWhatWhere->What: 0x%p\n", What);
DbgPrint("[+] UserWriteWhatWhere->Where: 0x%p\n", Where);
#ifdef SECURE
// Secure Note: This is secure because the developer is properly validating if address
// pointed by 'Where' and 'What' value resides in User mode by calling ProbeForRead()
// routine before performing the write operation
ProbeForRead((PVOID)Where, sizeof(PULONG_PTR), (ULONG)__alignof(PULONG_PTR));
ProbeForRead((PVOID)What, sizeof(PULONG_PTR), (ULONG)__alignof(PULONG_PTR));
*(Where) = *(What);
#else
DbgPrint("[+] Triggering Arbitrary Overwrite\n");
// Vulnerability Note: This is a vanilla Arbitrary Memory Overwrite vulnerability
// because the developer is writing the value pointed by 'What' to memory location
// pointed by 'Where' without properly validating if the values pointed by 'Where'
// and 'What' resides in User mode
*(Where) = *(What);
#endif
}
__except (EXCEPTION_EXECUTE_HANDLER) {
Status = GetExceptionCode();
DbgPrint("[-] Exception Code: 0x%X\n", Status);
}
return Status;
}
开发者ID:hacksysteam,项目名称:HackSysExtremeVulnerableDriver,代码行数:51,代码来源:ArbitraryOverwrite.c
注:本文中的ProbeForRead函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论