From abb7ae8b1c1d1bc698d56ea7e4bc7a5f506184a7 Mon Sep 17 00:00:00 2001 From: Paul Gofman Date: Tue, 15 Dec 2020 00:38:50 +0300 Subject: [PATCH] Updated and reenabled ntdll-NtQueryVirtualMemory patchset. --- ...NtQueryVirtualMemory-MemorySectionNa.patch | 85 ++++++++++++------- ...tests-for-NtQueryVirtualMemory-Memor.patch | 10 +-- ...test-to-ensure-section-name-is-full-.patch | 14 +-- ...uery-section-names-from-other-proces.patch | 18 ++-- ...2-Implement-K32GetMappedFileName.-v2.patch | 12 +-- ...ive-symlinks-before-returning-sectio.patch | 44 +++++----- ...uiltin-dll-names-in-get_section_name.patch | 75 ++++++++++++++++ ...ss-access-rights-in-get_mapping_file.patch | 26 ++++++ patches/ntdll-NtQueryVirtualMemory/definition | 4 +- patches/patchinstall.sh | 45 ++++++++++ 10 files changed, 252 insertions(+), 81 deletions(-) create mode 100644 patches/ntdll-NtQueryVirtualMemory/0009-ntdll-Fixup-builtin-dll-names-in-get_section_name.patch create mode 100644 patches/ntdll-NtQueryVirtualMemory/0010-server-Fix-process-access-rights-in-get_mapping_file.patch diff --git a/patches/ntdll-NtQueryVirtualMemory/0003-ntdll-Implement-NtQueryVirtualMemory-MemorySectionNa.patch b/patches/ntdll-NtQueryVirtualMemory/0003-ntdll-Implement-NtQueryVirtualMemory-MemorySectionNa.patch index e09b08f8..5a6da72e 100644 --- a/patches/ntdll-NtQueryVirtualMemory/0003-ntdll-Implement-NtQueryVirtualMemory-MemorySectionNa.patch +++ b/patches/ntdll-NtQueryVirtualMemory/0003-ntdll-Implement-NtQueryVirtualMemory-MemorySectionNa.patch @@ -1,4 +1,4 @@ -From 4ad7e0d2a51606b323cbe2f33c64a99c3666a072 Mon Sep 17 00:00:00 2001 +From 1642fdcb7681919a78d3a776382f8fdc9f5f8b94 Mon Sep 17 00:00:00 2001 From: Dmitry Timoshkov Date: Sun, 28 May 2017 05:19:30 +0200 Subject: [PATCH] ntdll: Implement NtQueryVirtualMemory(MemorySectionName). @@ -6,19 +6,20 @@ Subject: [PATCH] ntdll: Implement NtQueryVirtualMemory(MemorySectionName). Contains several improvements by Sebastian Lackner . --- - dlls/ntdll/unix/file.c | 2 +- - dlls/ntdll/unix/unix_private.h | 1 + - dlls/ntdll/unix/virtual.c | 96 +++++++++++++++++++++++++++++++++- - dlls/psapi/tests/psapi_main.c | 8 +-- - server/mapping.c | 29 ++++++++++ - server/protocol.def | 9 ++++ - 6 files changed, 136 insertions(+), 9 deletions(-) + dlls/ntdll/unix/file.c | 2 +- + dlls/ntdll/unix/process.c | 2 +- + dlls/ntdll/unix/unix_private.h | 2 + + dlls/ntdll/unix/virtual.c | 101 ++++++++++++++++++++++++++++++++- + dlls/psapi/tests/psapi_main.c | 8 +-- + server/mapping.c | 29 ++++++++++ + server/protocol.def | 9 +++ + 7 files changed, 143 insertions(+), 10 deletions(-) diff --git a/dlls/ntdll/unix/file.c b/dlls/ntdll/unix/file.c -index a41deb0881d..06ab827836d 100644 +index 8adb771cde78..d1731f449f7d 100644 --- a/dlls/ntdll/unix/file.c +++ b/dlls/ntdll/unix/file.c -@@ -1835,7 +1835,7 @@ static NTSTATUS fill_file_info( const struct stat *st, ULONG attr, void *ptr, +@@ -2014,7 +2014,7 @@ static NTSTATUS fill_file_info( const struct stat *st, ULONG attr, void *ptr, } @@ -27,23 +28,44 @@ index a41deb0881d..06ab827836d 100644 { data_size_t size = 1024; NTSTATUS ret; +diff --git a/dlls/ntdll/unix/process.c b/dlls/ntdll/unix/process.c +index 0401f8d998e7..200c252469c5 100644 +--- a/dlls/ntdll/unix/process.c ++++ b/dlls/ntdll/unix/process.c +@@ -478,7 +478,7 @@ static ULONG get_env_size( const RTL_USER_PROCESS_PARAMETERS *params, char **win + * + * Simplified version of RtlDosPathNameToNtPathName_U. + */ +-static WCHAR *get_nt_pathname( const UNICODE_STRING *str ) ++WCHAR *get_nt_pathname( const UNICODE_STRING *str ) + { + static const WCHAR ntprefixW[] = {'\\','?','?','\\',0}; + static const WCHAR uncprefixW[] = {'U','N','C','\\',0}; diff --git a/dlls/ntdll/unix/unix_private.h b/dlls/ntdll/unix/unix_private.h -index 3cf9ca66736..a9ce3be82b2 100644 +index 4ef58f73f3b7..2e64c6d334a5 100644 --- a/dlls/ntdll/unix/unix_private.h +++ b/dlls/ntdll/unix/unix_private.h -@@ -171,6 +171,7 @@ extern unsigned int server_queue_process_apc( HANDLE process, const apc_call_t * +@@ -108,6 +108,7 @@ extern void CDECL get_initial_directory( UNICODE_STRING *dir ) DECLSPEC_HIDDEN; + extern void CDECL get_initial_console( RTL_USER_PROCESS_PARAMETERS *params ) DECLSPEC_HIDDEN; + extern USHORT * CDECL get_unix_codepage_data(void) DECLSPEC_HIDDEN; + extern void CDECL get_locales( WCHAR *sys, WCHAR *user ) DECLSPEC_HIDDEN; ++extern WCHAR *get_nt_pathname( const UNICODE_STRING *str ) DECLSPEC_HIDDEN; + extern void CDECL virtual_release_address_space(void) DECLSPEC_HIDDEN; + + extern NTSTATUS CDECL unwind_builtin_dll( ULONG type, struct _DISPATCHER_CONTEXT *dispatch, +@@ -159,6 +160,7 @@ extern unsigned int server_queue_process_apc( HANDLE process, const apc_call_t * apc_result_t *result ) DECLSPEC_HIDDEN; extern int server_get_unix_fd( HANDLE handle, unsigned int wanted_access, int *unix_fd, int *needs_close, enum server_fd_type *type, unsigned int *options ) DECLSPEC_HIDDEN; +extern NTSTATUS server_get_unix_name( HANDLE handle, char **unix_name, BOOL nofollow ) DECLSPEC_HIDDEN; extern void server_init_process(void) DECLSPEC_HIDDEN; + extern void server_init_process_done(void) DECLSPEC_HIDDEN; extern size_t server_init_thread( void *entry_point, BOOL *suspend ) DECLSPEC_HIDDEN; - extern int server_pipe( int fd[2] ) DECLSPEC_HIDDEN; diff --git a/dlls/ntdll/unix/virtual.c b/dlls/ntdll/unix/virtual.c -index 9d19a621666..9758b11de74 100644 +index cc1cfce6b093..f041b335a29e 100644 --- a/dlls/ntdll/unix/virtual.c +++ b/dlls/ntdll/unix/virtual.c -@@ -4060,6 +4060,98 @@ static NTSTATUS get_working_set_ex( HANDLE process, LPCVOID addr, +@@ -4024,6 +4024,103 @@ static NTSTATUS get_working_set_ex( HANDLE process, LPCVOID addr, return STATUS_SUCCESS; } @@ -52,7 +74,7 @@ index 9d19a621666..9758b11de74 100644 + MEMORY_SECTION_NAME *info, + SIZE_T len, SIZE_T *res_len ) +{ -+ UNICODE_STRING nt_name; ++ UNICODE_STRING nt_name, dos_path_name; + WCHAR *nt_nameW; + char *unix_name; + data_size_t size = 1024; @@ -71,6 +93,8 @@ index 9d19a621666..9758b11de74 100644 + } + SERVER_END_REQ; + ++ memset( &nt_name, 0, sizeof(nt_name) ); ++ + if (!status && mapping) + { + status = server_get_unix_name( mapping, &unix_name, FALSE ); @@ -82,7 +106,7 @@ index 9d19a621666..9758b11de74 100644 + } + if (!status) + { -+ RtlInitUnicodeString( &nt_name, nt_nameW ); ++ nt_name.Buffer = nt_nameW; + goto found; + } + if (status == STATUS_OBJECT_TYPE_MISMATCH) status = STATUS_FILE_INVALID; @@ -114,13 +138,16 @@ index 9d19a621666..9758b11de74 100644 + if (status != STATUS_BUFFER_TOO_SMALL) return status; + } + -+ if (!RtlDosPathNameToNtPathName_U( name, &nt_name, NULL, NULL )) ++ dos_path_name.Buffer = name; ++ dos_path_name.Length = size * sizeof(WCHAR); ++ ++ if (!(nt_name.Buffer = get_nt_pathname( &dos_path_name ))) + { + free( name ); + return STATUS_INVALID_PARAMETER; + } -+ +found: ++ nt_name.Length = wcslen( nt_name.Buffer ) * sizeof(WCHAR); + *res_len = sizeof(MEMORY_SECTION_NAME) + nt_name.Length + sizeof(WCHAR); + if (len >= *res_len) + { @@ -134,7 +161,7 @@ index 9d19a621666..9758b11de74 100644 + status = (len < sizeof(MEMORY_SECTION_NAME)) ? STATUS_INFO_LENGTH_MISMATCH : STATUS_BUFFER_OVERFLOW; + + free( name ); -+ RtlFreeUnicodeString( &nt_name ); ++ free( nt_name.Buffer ); + return status; +} + @@ -142,7 +169,7 @@ index 9d19a621666..9758b11de74 100644 #define UNIMPLEMENTED_INFO_CLASS(c) \ case c: \ FIXME("(process=%p,addr=%p) Unimplemented information class: " #c "\n", process, addr); \ -@@ -4084,8 +4176,10 @@ NTSTATUS WINAPI NtQueryVirtualMemory( HANDLE process, LPCVOID addr, +@@ -4048,8 +4145,10 @@ NTSTATUS WINAPI NtQueryVirtualMemory( HANDLE process, LPCVOID addr, case MemoryWorkingSetExInformation: return get_working_set_ex( process, addr, buffer, len, res_len ); @@ -155,10 +182,10 @@ index 9d19a621666..9758b11de74 100644 default: diff --git a/dlls/psapi/tests/psapi_main.c b/dlls/psapi/tests/psapi_main.c -index da7524dd60a..bfe14231a9b 100644 +index be12af583112..3e211a771f93 100644 --- a/dlls/psapi/tests/psapi_main.c +++ b/dlls/psapi/tests/psapi_main.c -@@ -372,14 +372,7 @@ static BOOL nt_get_mapped_file_name(HANDLE process, LPVOID addr, LPWSTR name, DW +@@ -384,14 +384,7 @@ static BOOL nt_get_mapped_file_name(HANDLE process, LPVOID addr, LPWSTR name, DW ret_len = 0xdeadbeef; status = pNtQueryVirtualMemory(process, addr, MemorySectionName, buf, buf_len, &ret_len); @@ -173,7 +200,7 @@ index da7524dd60a..bfe14231a9b 100644 section_name = (MEMORY_SECTION_NAME *)buf; ok(ret_len == section_name->SectionFileName.MaximumLength + sizeof(*section_name), "got %lu, %u\n", -@@ -501,6 +494,7 @@ todo_wine { +@@ -513,6 +506,7 @@ todo_wine { { ok(memcmp(map_nameW, nt_map_name, lstrlenW(map_nameW)) == 0, "map name does not start with a device name: %s\n", map_name); WideCharToMultiByte(CP_ACP, 0, map_nameW, -1, map_name, MAX_PATH, NULL, NULL); @@ -182,10 +209,10 @@ index da7524dd60a..bfe14231a9b 100644 } diff --git a/server/mapping.c b/server/mapping.c -index db0debe0af5..6e74f5b770f 100644 +index 7729d9582477..d5f889771e50 100644 --- a/server/mapping.c +++ b/server/mapping.c -@@ -1099,6 +1099,35 @@ DECL_HANDLER(unmap_view) +@@ -1139,6 +1139,35 @@ DECL_HANDLER(unmap_view) if (view) free_memory_view( view ); } @@ -222,10 +249,10 @@ index db0debe0af5..6e74f5b770f 100644 DECL_HANDLER(get_mapping_committed_range) { diff --git a/server/protocol.def b/server/protocol.def -index faf4891a01e..0d98d9413e4 100644 +index f1092a00da87..723425c053fc 100644 --- a/server/protocol.def +++ b/server/protocol.def -@@ -1691,6 +1691,15 @@ enum char_info_mode +@@ -1549,6 +1549,15 @@ enum server_fd_type @END @@ -242,5 +269,5 @@ index faf4891a01e..0d98d9413e4 100644 @REQ(get_mapping_committed_range) client_ptr_t base; /* view base address */ -- -2.27.0 +2.29.2 diff --git a/patches/ntdll-NtQueryVirtualMemory/0004-ntdll-tests-Add-tests-for-NtQueryVirtualMemory-Memor.patch b/patches/ntdll-NtQueryVirtualMemory/0004-ntdll-tests-Add-tests-for-NtQueryVirtualMemory-Memor.patch index 00610677..4dc960a4 100644 --- a/patches/ntdll-NtQueryVirtualMemory/0004-ntdll-tests-Add-tests-for-NtQueryVirtualMemory-Memor.patch +++ b/patches/ntdll-NtQueryVirtualMemory/0004-ntdll-tests-Add-tests-for-NtQueryVirtualMemory-Memor.patch @@ -1,4 +1,4 @@ -From 8ea8ef48ce50b357f04664c70c3c86ea40c654ec Mon Sep 17 00:00:00 2001 +From 3c24fb315d12b0f5f052cfe5d885947adc5be75c Mon Sep 17 00:00:00 2001 From: Dmitry Timoshkov Date: Sun, 28 May 2017 10:30:43 +0200 Subject: [PATCH] ntdll/tests: Add tests for @@ -9,10 +9,10 @@ Subject: [PATCH] ntdll/tests: Add tests for 1 file changed, 30 insertions(+) diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c -index e5137ef5a45..e06a229e6cd 100644 +index 974db1badf09..ff2d388399da 100644 --- a/dlls/ntdll/tests/info.c +++ b/dlls/ntdll/tests/info.c -@@ -2092,6 +2092,8 @@ static void test_queryvirtualmemory(void) +@@ -2239,6 +2239,8 @@ static void test_queryvirtualmemory(void) char stackbuf[42]; HMODULE module; void *user_shared_data = (void *)0x7ffe0000; @@ -21,7 +21,7 @@ index e5137ef5a45..e06a229e6cd 100644 module = GetModuleHandleA( "ntdll.dll" ); status = pNtQueryVirtualMemory(NtCurrentProcess(), module, MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION), &readcount); -@@ -2174,6 +2176,34 @@ static void test_queryvirtualmemory(void) +@@ -2321,6 +2323,34 @@ static void test_queryvirtualmemory(void) /* check error code when len is less than MEMORY_BASIC_INFORMATION size */ status = pNtQueryVirtualMemory(NtCurrentProcess(), GetProcessHeap(), MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION) - 1, &readcount); ok(status == STATUS_INFO_LENGTH_MISMATCH, "Expected STATUS_INFO_LENGTH_MISMATCH, got %08x\n", status); @@ -57,5 +57,5 @@ index e5137ef5a45..e06a229e6cd 100644 static void test_affinity(void) -- -2.27.0 +2.29.2 diff --git a/patches/ntdll-NtQueryVirtualMemory/0005-ntdll-tests-Add-test-to-ensure-section-name-is-full-.patch b/patches/ntdll-NtQueryVirtualMemory/0005-ntdll-tests-Add-test-to-ensure-section-name-is-full-.patch index 1a7b9f1f..30320a3d 100644 --- a/patches/ntdll-NtQueryVirtualMemory/0005-ntdll-tests-Add-test-to-ensure-section-name-is-full-.patch +++ b/patches/ntdll-NtQueryVirtualMemory/0005-ntdll-tests-Add-test-to-ensure-section-name-is-full-.patch @@ -1,4 +1,4 @@ -From 451efee77500173d36ddd16f39cf3ee2df498a93 Mon Sep 17 00:00:00 2001 +From 9981ac1cf89d5331f7689519935cb1ded795f4ee Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Sun, 28 May 2017 10:33:40 +0200 Subject: [PATCH] ntdll/tests: Add test to ensure section name is full path. @@ -8,7 +8,7 @@ Subject: [PATCH] ntdll/tests: Add test to ensure section name is full path. 1 file changed, 9 insertions(+) diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c -index e06a229e6cd..02538e6f49a 100644 +index ff2d388399da..d9531e465c1a 100644 --- a/dlls/ntdll/tests/info.c +++ b/dlls/ntdll/tests/info.c @@ -22,6 +22,7 @@ @@ -19,7 +19,7 @@ index e06a229e6cd..02538e6f49a 100644 static NTSTATUS (WINAPI * pNtQuerySystemInformation)(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG); static NTSTATUS (WINAPI * pNtSetSystemInformation)(SYSTEM_INFORMATION_CLASS, PVOID, ULONG); static NTSTATUS (WINAPI * pRtlGetNativeSystemInformation)(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG); -@@ -70,6 +71,7 @@ static BOOL InitFunctionPtrs(void) +@@ -76,6 +77,7 @@ static BOOL InitFunctionPtrs(void) HMODULE hntdll = GetModuleHandleA("ntdll"); HMODULE hkernel32 = GetModuleHandleA("kernel32"); @@ -27,7 +27,7 @@ index e06a229e6cd..02538e6f49a 100644 NTDLL_GET_PROC(NtQuerySystemInformation); NTDLL_GET_PROC(NtSetSystemInformation); NTDLL_GET_PROC(RtlGetNativeSystemInformation); -@@ -2085,6 +2087,7 @@ static void test_queryvirtualmemory(void) +@@ -2232,6 +2234,7 @@ static void test_queryvirtualmemory(void) { NTSTATUS status; SIZE_T readcount; @@ -35,7 +35,7 @@ index e06a229e6cd..02538e6f49a 100644 static const char teststring[] = "test string"; static char datatestbuf[42] = "abc"; static char rwtestbuf[42]; -@@ -2094,6 +2097,8 @@ static void test_queryvirtualmemory(void) +@@ -2241,6 +2244,8 @@ static void test_queryvirtualmemory(void) void *user_shared_data = (void *)0x7ffe0000; char buffer_name[sizeof(MEMORY_SECTION_NAME) + MAX_PATH * sizeof(WCHAR)]; MEMORY_SECTION_NAME *msn = (MEMORY_SECTION_NAME *)buffer_name; @@ -44,7 +44,7 @@ index e06a229e6cd..02538e6f49a 100644 module = GetModuleHandleA( "ntdll.dll" ); status = pNtQueryVirtualMemory(NtCurrentProcess(), module, MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION), &readcount); -@@ -2198,6 +2203,10 @@ static void test_queryvirtualmemory(void) +@@ -2345,6 +2350,10 @@ static void test_queryvirtualmemory(void) status = pNtQueryVirtualMemory(NtCurrentProcess(), module, MemorySectionName, msn, sizeof(buffer_name), &readcount); ok( status == STATUS_SUCCESS, "Expected STATUS_SUCCESS, got %08x\n", status); ok( readcount > 0, "Expected readcount to be > 0\n"); @@ -56,5 +56,5 @@ index e06a229e6cd..02538e6f49a 100644 memset(msn, 0, sizeof(*msn)); readcount = 0; -- -2.27.0 +2.29.2 diff --git a/patches/ntdll-NtQueryVirtualMemory/0006-ntdll-Allow-to-query-section-names-from-other-proces.patch b/patches/ntdll-NtQueryVirtualMemory/0006-ntdll-Allow-to-query-section-names-from-other-proces.patch index 12ca3524..8d015dd4 100644 --- a/patches/ntdll-NtQueryVirtualMemory/0006-ntdll-Allow-to-query-section-names-from-other-proces.patch +++ b/patches/ntdll-NtQueryVirtualMemory/0006-ntdll-Allow-to-query-section-names-from-other-proces.patch @@ -1,4 +1,4 @@ -From 25d22ac6fe6c84742dedf45a6b9115b4ba1bbf6c Mon Sep 17 00:00:00 2001 +From 6c2aad105cc878f2a0c3777a9a72fa63361d1ce8 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Sun, 28 May 2017 05:44:38 +0200 Subject: [PATCH] ntdll: Allow to query section names from other processes. @@ -9,10 +9,10 @@ Subject: [PATCH] ntdll: Allow to query section names from other processes. 1 file changed, 19 insertions(+) diff --git a/dlls/psapi/tests/psapi_main.c b/dlls/psapi/tests/psapi_main.c -index b9d8576..af69646 100644 +index 3e211a771f93..40fd08e6adbc 100644 --- a/dlls/psapi/tests/psapi_main.c +++ b/dlls/psapi/tests/psapi_main.c -@@ -399,6 +399,10 @@ static void test_GetMappedFileName(void) +@@ -410,6 +410,10 @@ static void test_GetMappedFileName(void) char temp_path[MAX_PATH], file_name[MAX_PATH], map_name[MAX_PATH], device_name[MAX_PATH], drive[3]; WCHAR map_nameW[MAX_PATH], nt_map_name[MAX_PATH]; HANDLE hfile, hmap; @@ -23,10 +23,11 @@ index b9d8576..af69646 100644 SetLastError(0xdeadbeef); ret = GetMappedFileNameA(NULL, hMod, szMapPath, sizeof(szMapPath)); -@@ -500,6 +504,20 @@ todo_wine +@@ -510,6 +514,20 @@ todo_wine + ok(memcmp(map_name, device_name, strlen(device_name)) == 0, "map name does not start with a device name: %s\n", map_name); } - SetLastError(0xdeadbeef); ++ SetLastError(0xdeadbeef); + ret = GetMappedFileNameW(current_process, base, map_nameW, sizeof(map_nameW)/sizeof(map_nameW[0])); +todo_wine { + ok(ret, "GetMappedFileNameW error %d\n", GetLastError()); @@ -40,11 +41,10 @@ index b9d8576..af69646 100644 + ok(memcmp(map_name, device_name, strlen(device_name)) == 0, "map name does not start with a device name: %s\n", map_name); + } + -+ SetLastError(0xdeadbeef); + SetLastError(0xdeadbeef); ret = GetMappedFileNameA(GetCurrentProcess(), base + 0x2000, map_name, sizeof(map_name)); todo_wine { - ok(ret, "GetMappedFileName error %d\n", GetLastError()); -@@ -544,6 +562,7 @@ todo_wine +@@ -555,6 +573,7 @@ todo_wine todo_wine ok(GetLastError() == ERROR_FILE_INVALID, "expected ERROR_FILE_INVALID, got %d\n", GetLastError()); @@ -53,5 +53,5 @@ index b9d8576..af69646 100644 CloseHandle(hmap); } -- -2.7.4 +2.29.2 diff --git a/patches/ntdll-NtQueryVirtualMemory/0007-kernel32-Implement-K32GetMappedFileName.-v2.patch b/patches/ntdll-NtQueryVirtualMemory/0007-kernel32-Implement-K32GetMappedFileName.-v2.patch index f042ae37..15ecef95 100644 --- a/patches/ntdll-NtQueryVirtualMemory/0007-kernel32-Implement-K32GetMappedFileName.-v2.patch +++ b/patches/ntdll-NtQueryVirtualMemory/0007-kernel32-Implement-K32GetMappedFileName.-v2.patch @@ -1,4 +1,4 @@ -From 4c2836f5afe797f9b5cbe7efd37b9879abe623db Mon Sep 17 00:00:00 2001 +From c56c02183daf0cc5c15e5bfde75e87aa46dcd846 Mon Sep 17 00:00:00 2001 From: Dmitry Timoshkov Date: Wed, 16 Mar 2016 20:23:28 +0800 Subject: [PATCH] kernel32: Implement K32GetMappedFileName. (v2) @@ -9,10 +9,10 @@ Subject: [PATCH] kernel32: Implement K32GetMappedFileName. (v2) 2 files changed, 85 insertions(+), 24 deletions(-) diff --git a/dlls/kernelbase/debug.c b/dlls/kernelbase/debug.c -index 48c949355ad7..92f5750aa580 100644 +index 0a3bf397725f..aa8d9596acc1 100644 --- a/dlls/kernelbase/debug.c +++ b/dlls/kernelbase/debug.c -@@ -1247,15 +1247,59 @@ DWORD WINAPI DECLSPEC_HOTPATCH K32GetDeviceDriverFileNameW( void *image_base, WC +@@ -1248,15 +1248,59 @@ DWORD WINAPI DECLSPEC_HOTPATCH K32GetDeviceDriverFileNameW( void *image_base, WC return 0; } @@ -75,7 +75,7 @@ index 48c949355ad7..92f5750aa580 100644 } -@@ -1264,9 +1308,40 @@ DWORD WINAPI DECLSPEC_HOTPATCH K32GetMappedFileNameA( HANDLE process, void *addr +@@ -1265,9 +1309,40 @@ DWORD WINAPI DECLSPEC_HOTPATCH K32GetMappedFileNameA( HANDLE process, void *addr */ DWORD WINAPI DECLSPEC_HOTPATCH K32GetMappedFileNameW( HANDLE process, void *addr, WCHAR *name, DWORD size ) { @@ -120,7 +120,7 @@ index 48c949355ad7..92f5750aa580 100644 diff --git a/dlls/psapi/tests/psapi_main.c b/dlls/psapi/tests/psapi_main.c -index 9886bc476740..99e87db9543e 100644 +index 40fd08e6adbc..dc19bed27d66 100644 --- a/dlls/psapi/tests/psapi_main.c +++ b/dlls/psapi/tests/psapi_main.c @@ -418,27 +418,22 @@ static void test_GetMappedFileName(void) @@ -238,5 +238,5 @@ index 9886bc476740..99e87db9543e 100644 } -- -2.26.2 +2.29.2 diff --git a/patches/ntdll-NtQueryVirtualMemory/0008-ntdll-Resolve-drive-symlinks-before-returning-sectio.patch b/patches/ntdll-NtQueryVirtualMemory/0008-ntdll-Resolve-drive-symlinks-before-returning-sectio.patch index e66390a1..caf214a5 100644 --- a/patches/ntdll-NtQueryVirtualMemory/0008-ntdll-Resolve-drive-symlinks-before-returning-sectio.patch +++ b/patches/ntdll-NtQueryVirtualMemory/0008-ntdll-Resolve-drive-symlinks-before-returning-sectio.patch @@ -1,4 +1,4 @@ -From bb973ee8d79d0a1117c437afe8d62f34b9d9d3c8 Mon Sep 17 00:00:00 2001 +From 456aa529ef87acd0dd717572c1b7b57a3584d8a8 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Sun, 28 May 2017 11:17:26 +0200 Subject: [PATCH] ntdll: Resolve drive symlinks before returning section name. @@ -11,10 +11,10 @@ Subject: [PATCH] ntdll: Resolve drive symlinks before returning section name. 4 files changed, 34 insertions(+), 12 deletions(-) diff --git a/dlls/ntdll/unix/file.c b/dlls/ntdll/unix/file.c -index 2ac7fcaae35..d39c98b2e49 100644 +index d1731f449f7d..aa7da1034141 100644 --- a/dlls/ntdll/unix/file.c +++ b/dlls/ntdll/unix/file.c -@@ -3418,7 +3418,7 @@ NTSTATUS CDECL wine_nt_to_unix_file_name( const UNICODE_STRING *nameW, char *nam +@@ -3645,7 +3645,7 @@ NTSTATUS CDECL wine_nt_to_unix_file_name( const UNICODE_STRING *nameW, char *nam } /* read the contents of an NT symlink object */ @@ -24,22 +24,22 @@ index 2ac7fcaae35..d39c98b2e49 100644 OBJECT_ATTRIBUTES attr; UNICODE_STRING targetW; diff --git a/dlls/ntdll/unix/unix_private.h b/dlls/ntdll/unix/unix_private.h -index 466c59da75a..884dff1e1b1 100644 +index 2e64c6d334a5..00782f39570a 100644 --- a/dlls/ntdll/unix/unix_private.h +++ b/dlls/ntdll/unix/unix_private.h -@@ -103,6 +103,7 @@ extern void CDECL get_initial_directory( UNICODE_STRING *dir ) DECLSPEC_HIDDEN; - extern void CDECL get_initial_console( HANDLE *handle, HANDLE *std_in, HANDLE *std_out, HANDLE *std_err ) DECLSPEC_HIDDEN; +@@ -109,6 +109,7 @@ extern void CDECL get_initial_console( RTL_USER_PROCESS_PARAMETERS *params ) DEC extern USHORT * CDECL get_unix_codepage_data(void) DECLSPEC_HIDDEN; extern void CDECL get_locales( WCHAR *sys, WCHAR *user ) DECLSPEC_HIDDEN; + extern WCHAR *get_nt_pathname( const UNICODE_STRING *str ) DECLSPEC_HIDDEN; +extern NTSTATUS read_nt_symlink( HANDLE root, UNICODE_STRING *name, WCHAR *target, size_t length ) DECLSPEC_HIDDEN; - extern NTSTATUS CDECL virtual_map_section( HANDLE handle, PVOID *addr_ptr, unsigned short zero_bits_64, SIZE_T commit_size, - const LARGE_INTEGER *offset_ptr, SIZE_T *size_ptr, ULONG alloc_type, - ULONG protect, pe_image_info_t *image_info ) DECLSPEC_HIDDEN; + extern void CDECL virtual_release_address_space(void) DECLSPEC_HIDDEN; + + extern NTSTATUS CDECL unwind_builtin_dll( ULONG type, struct _DISPATCHER_CONTEXT *dispatch, diff --git a/dlls/ntdll/unix/virtual.c b/dlls/ntdll/unix/virtual.c -index 570a8a3bf49..c040adfaf23 100644 +index f041b335a29e..3d1b3cecacb8 100644 --- a/dlls/ntdll/unix/virtual.c +++ b/dlls/ntdll/unix/virtual.c -@@ -188,6 +188,8 @@ static BYTE **pages_vprot; +@@ -184,6 +184,8 @@ static BYTE **pages_vprot; static BYTE *pages_vprot; #endif @@ -48,13 +48,13 @@ index 570a8a3bf49..c040adfaf23 100644 static struct file_view *view_block_start, *view_block_end, *next_free_view; #ifdef _WIN64 static const size_t view_block_size = 0x200000; -@@ -4018,13 +4020,16 @@ static NTSTATUS get_section_name( HANDLE process, LPCVOID addr, +@@ -4029,13 +4031,16 @@ static NTSTATUS get_section_name( HANDLE process, LPCVOID addr, MEMORY_SECTION_NAME *info, SIZE_T len, SIZE_T *res_len ) { + static const WCHAR dosprefixW[] = {'\\','?','?','\\'}; + WCHAR symlinkW[MAX_DIR_ENTRY_LEN] = {0}; - UNICODE_STRING nt_name; + UNICODE_STRING nt_name, dos_path_name; WCHAR *nt_nameW; char *unix_name; data_size_t size = 1024; @@ -66,10 +66,10 @@ index 570a8a3bf49..c040adfaf23 100644 if (!addr || !info || !res_len) return STATUS_INVALID_PARAMETER; -@@ -4087,14 +4092,34 @@ static NTSTATUS get_section_name( HANDLE process, LPCVOID addr, +@@ -4103,14 +4108,34 @@ static NTSTATUS get_section_name( HANDLE process, LPCVOID addr, } - found: + nt_name.Length = wcslen( nt_name.Buffer ) * sizeof(WCHAR); - *res_len = sizeof(MEMORY_SECTION_NAME) + nt_name.Length + sizeof(WCHAR); + if (nt_name.Length >= sizeof(dosprefixW) && + !memcmp( nt_name.Buffer, dosprefixW, sizeof(dosprefixW) )) @@ -107,10 +107,10 @@ index 570a8a3bf49..c040adfaf23 100644 else status = (len < sizeof(MEMORY_SECTION_NAME)) ? STATUS_INFO_LENGTH_MISMATCH : STATUS_BUFFER_OVERFLOW; diff --git a/dlls/psapi/tests/psapi_main.c b/dlls/psapi/tests/psapi_main.c -index f6a7b69eca0..a8263a2f44b 100644 +index dc19bed27d66..c61d88bf0d6a 100644 --- a/dlls/psapi/tests/psapi_main.c +++ b/dlls/psapi/tests/psapi_main.c -@@ -476,7 +476,6 @@ static void test_GetMappedFileName(void) +@@ -488,7 +488,6 @@ static void test_GetMappedFileName(void) ret = GetMappedFileNameA(GetCurrentProcess(), base, map_name, sizeof(map_name)); ok(ret, "GetMappedFileName error %d\n", GetLastError()); ok(ret > strlen(device_name), "map_name should be longer than device_name\n"); @@ -118,7 +118,7 @@ index f6a7b69eca0..a8263a2f44b 100644 ok(memcmp(map_name, device_name, strlen(device_name)) == 0, "map name does not start with a device name: %s\n", map_name); SetLastError(0xdeadbeef); -@@ -489,7 +488,6 @@ todo_wine { +@@ -501,7 +500,6 @@ todo_wine { { ok(memcmp(map_nameW, nt_map_name, lstrlenW(map_nameW)) == 0, "map name does not start with a device name: %s\n", map_name); WideCharToMultiByte(CP_ACP, 0, map_nameW, -1, map_name, MAX_PATH, NULL, NULL); @@ -126,7 +126,7 @@ index f6a7b69eca0..a8263a2f44b 100644 ok(memcmp(map_name, device_name, strlen(device_name)) == 0, "map name does not start with a device name: %s\n", map_name); } -@@ -502,7 +500,6 @@ todo_wine +@@ -514,7 +512,6 @@ todo_wine { ok(memcmp(map_nameW, nt_map_name, lstrlenW(map_nameW)) == 0, "map name does not start with a device name: %s\n", map_name); WideCharToMultiByte(CP_ACP, 0, map_nameW, -1, map_name, MAX_PATH, NULL, NULL); @@ -134,7 +134,7 @@ index f6a7b69eca0..a8263a2f44b 100644 ok(memcmp(map_name, device_name, strlen(device_name)) == 0, "map name does not start with a device name: %s\n", map_name); } -@@ -510,7 +507,6 @@ todo_wine +@@ -522,7 +519,6 @@ todo_wine ret = GetMappedFileNameA(GetCurrentProcess(), base + 0x2000, map_name, sizeof(map_name)); ok(ret, "GetMappedFileName error %d\n", GetLastError()); ok(ret > strlen(device_name), "map_name should be longer than device_name\n"); @@ -142,7 +142,7 @@ index f6a7b69eca0..a8263a2f44b 100644 ok(memcmp(map_name, device_name, strlen(device_name)) == 0, "map name does not start with a device name: %s\n", map_name); SetLastError(0xdeadbeef); -@@ -592,7 +588,7 @@ static void test_GetProcessImageFileName(void) +@@ -604,7 +600,7 @@ static void test_GetProcessImageFileName(void) { /* Windows returns 2*strlen-1 */ ok(ret >= strlen(szImgPath), "szImgPath=\"%s\" ret=%d\n", szImgPath, ret); @@ -152,5 +152,5 @@ index f6a7b69eca0..a8263a2f44b 100644 SetLastError(0xdeadbeef); -- -2.27.0 +2.29.2 diff --git a/patches/ntdll-NtQueryVirtualMemory/0009-ntdll-Fixup-builtin-dll-names-in-get_section_name.patch b/patches/ntdll-NtQueryVirtualMemory/0009-ntdll-Fixup-builtin-dll-names-in-get_section_name.patch new file mode 100644 index 00000000..5748a655 --- /dev/null +++ b/patches/ntdll-NtQueryVirtualMemory/0009-ntdll-Fixup-builtin-dll-names-in-get_section_name.patch @@ -0,0 +1,75 @@ +From 08a817b27bb7ec023d740bc6cfe94c1cdf30fb50 Mon Sep 17 00:00:00 2001 +From: Paul Gofman +Date: Tue, 15 Dec 2020 00:09:55 +0300 +Subject: [PATCH] ntdll: Fixup builtin dll names in get_section_name(). + +--- + dlls/ntdll/tests/info.c | 2 +- + dlls/ntdll/unix/virtual.c | 31 +++++++++++++++++++++++++++++++ + 2 files changed, 32 insertions(+), 1 deletion(-) + +diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c +index d9531e465c1a..3083dbb3d18f 100644 +--- a/dlls/ntdll/tests/info.c ++++ b/dlls/ntdll/tests/info.c +@@ -2347,7 +2347,7 @@ static void test_queryvirtualmemory(void) + memset(msn, 0x55, sizeof(*msn)); + memset(buffer_name, 0x77, sizeof(buffer_name)); + readcount = 0; +- status = pNtQueryVirtualMemory(NtCurrentProcess(), module, MemorySectionName, msn, sizeof(buffer_name), &readcount); ++ status = pNtQueryVirtualMemory(NtCurrentProcess(), (char *)module + 0x100, MemorySectionName, msn, sizeof(buffer_name), &readcount); + ok( status == STATUS_SUCCESS, "Expected STATUS_SUCCESS, got %08x\n", status); + ok( readcount > 0, "Expected readcount to be > 0\n"); + pRtlDowncaseUnicodeString( &msn->SectionFileName, &msn->SectionFileName, FALSE ); +diff --git a/dlls/ntdll/unix/virtual.c b/dlls/ntdll/unix/virtual.c +index 3d1b3cecacb8..4f5d213285cb 100644 +--- a/dlls/ntdll/unix/virtual.c ++++ b/dlls/ntdll/unix/virtual.c +@@ -4026,6 +4026,36 @@ static NTSTATUS get_working_set_ex( HANDLE process, LPCVOID addr, + return STATUS_SUCCESS; + } + ++static char *replace_wine_dir_with_system_dir( char *name ) ++{ ++ static const char system32_dir_suffix[] = "drive_c/Windows/System32"; ++ static const char syswow64_dir_suffix[] = "drive_c/Windows/SysWOW64"; ++ unsigned int i, sysdir_length, dll_path_length, size; ++ const char *system_dir; ++ char *new_name; ++ ++ for (i = 0; dll_paths[i]; ++i) ++ { ++ dll_path_length = strlen( dll_paths[i] ); ++ if (!strncmp( name, dll_paths[i], dll_path_length)) ++ { ++ system_dir = is_wow64 ? syswow64_dir_suffix : system32_dir_suffix; ++ sysdir_length = strlen( config_dir ) + 1 + strlen( system_dir ); ++ size = strlen( name ) - dll_path_length + sysdir_length + 1; ++ if (!(new_name = malloc( size ))) ++ { ++ ERR("No memory.\n"); ++ return name; ++ } ++ sprintf( new_name, "%s/%s", config_dir, system_dir ); ++ strcat( new_name, name + dll_path_length ); ++ free( name ); ++ return new_name; ++ } ++ } ++ return name; ++} ++ + /* get file name for mapped section */ + static NTSTATUS get_section_name( HANDLE process, LPCVOID addr, + MEMORY_SECTION_NAME *info, +@@ -4061,6 +4091,7 @@ static NTSTATUS get_section_name( HANDLE process, LPCVOID addr, + NtClose( mapping ); + if (!status) + { ++ unix_name = replace_wine_dir_with_system_dir( unix_name ); + status = unix_to_nt_file_name( unix_name, &nt_nameW ); + free( unix_name ); + } +-- +2.29.2 + diff --git a/patches/ntdll-NtQueryVirtualMemory/0010-server-Fix-process-access-rights-in-get_mapping_file.patch b/patches/ntdll-NtQueryVirtualMemory/0010-server-Fix-process-access-rights-in-get_mapping_file.patch new file mode 100644 index 00000000..af0b8aa3 --- /dev/null +++ b/patches/ntdll-NtQueryVirtualMemory/0010-server-Fix-process-access-rights-in-get_mapping_file.patch @@ -0,0 +1,26 @@ +From e2a538dcaee4c59055b877b63d143a93a6e6abdb Mon Sep 17 00:00:00 2001 +From: Paul Gofman +Date: Tue, 15 Dec 2020 00:20:43 +0300 +Subject: [PATCH] server: Fix process access rights in get_mapping_file + handler. + +--- + server/mapping.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/server/mapping.c b/server/mapping.c +index d5f889771e50..3df9fb97a1c5 100644 +--- a/server/mapping.c ++++ b/server/mapping.c +@@ -1146,7 +1146,7 @@ DECL_HANDLER(get_mapping_file) + struct process *process; + struct file *file; + +- if (!(process = get_process_from_handle( req->process, 0 ))) return; ++ if (!(process = get_process_from_handle( req->process, PROCESS_QUERY_INFORMATION ))) return; + + LIST_FOR_EACH_ENTRY( view, &process->views, struct memory_view, entry ) + if (req->addr >= view->base && req->addr < view->base + view->size) break; +-- +2.29.2 + diff --git a/patches/ntdll-NtQueryVirtualMemory/definition b/patches/ntdll-NtQueryVirtualMemory/definition index 2368120a..1d59ce18 100644 --- a/patches/ntdll-NtQueryVirtualMemory/definition +++ b/patches/ntdll-NtQueryVirtualMemory/definition @@ -3,6 +3,4 @@ Fixes: [27248] Implement K32GetMappedFileName Depends: ntdll-NtDevicePath Depends: ntdll-ForceBottomUpAlloc Depends: ntdll-Junction_Points -# This uses RtlDosPathNameToNtPathName_U (and RtlInitUnicodeString) from -# ntdll.so, and needs to stop. -Disabled: true + diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index 87df542d..a85cf7e4 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -172,6 +172,7 @@ patch_enable_all () enable_ntdll_NtDevicePath="$1" enable_ntdll_NtQueryEaFile="$1" enable_ntdll_NtQuerySection="$1" + enable_ntdll_NtQueryVirtualMemory="$1" enable_ntdll_NtSetLdtEntries="$1" enable_ntdll_Pipe_SpecialCharacters="$1" enable_ntdll_ProcessQuotaLimits="$1" @@ -598,6 +599,9 @@ patch_enable () ntdll-NtQuerySection) enable_ntdll_NtQuerySection="$2" ;; + ntdll-NtQueryVirtualMemory) + enable_ntdll_NtQueryVirtualMemory="$2" + ;; ntdll-NtSetLdtEntries) enable_ntdll_NtSetLdtEntries="$2" ;; @@ -1554,6 +1558,21 @@ if test "$enable_nvcuvid_CUDA_Video_Support" -eq 1; then enable_nvapi_Stub_DLL=1 fi +if test "$enable_ntdll_NtQueryVirtualMemory" -eq 1; then + if test "$enable_ntdll_ForceBottomUpAlloc" -gt 1; then + abort "Patchset ntdll-ForceBottomUpAlloc disabled, but ntdll-NtQueryVirtualMemory depends on that." + fi + if test "$enable_ntdll_Junction_Points" -gt 1; then + abort "Patchset ntdll-Junction_Points disabled, but ntdll-NtQueryVirtualMemory depends on that." + fi + if test "$enable_ntdll_NtDevicePath" -gt 1; then + abort "Patchset ntdll-NtDevicePath disabled, but ntdll-NtQueryVirtualMemory depends on that." + fi + enable_ntdll_ForceBottomUpAlloc=1 + enable_ntdll_Junction_Points=1 + enable_ntdll_NtDevicePath=1 +fi + if test "$enable_ntdll_NtDevicePath" -eq 1; then if test "$enable_ntdll_Pipe_SpecialCharacters" -gt 1; then abort "Patchset ntdll-Pipe_SpecialCharacters disabled, but ntdll-NtDevicePath depends on that." @@ -3127,6 +3146,32 @@ if test "$enable_ntdll_NtQuerySection" -eq 1; then patch_apply ntdll-NtQuerySection/0002-kernel32-tests-Add-tests-for-NtQuerySection.patch fi +# Patchset ntdll-NtQueryVirtualMemory +# | +# | This patchset has the following (direct or indirect) dependencies: +# | * ntdll-ForceBottomUpAlloc, ntdll-DOS_Attributes, ntdll-NtQueryEaFile, ntdll-Junction_Points, ntdll- +# | Pipe_SpecialCharacters, ntdll-NtDevicePath +# | +# | This patchset fixes the following Wine bugs: +# | * [#23999] Implement MemorySectionName class in NtQueryVirtualMemory +# | * [#27248] Implement K32GetMappedFileName +# | +# | Modified files: +# | * dlls/kernelbase/debug.c, dlls/ntdll/tests/info.c, dlls/ntdll/unix/file.c, dlls/ntdll/unix/process.c, +# | dlls/ntdll/unix/unix_private.h, dlls/ntdll/unix/virtual.c, dlls/psapi/tests/psapi_main.c, server/mapping.c, +# | server/protocol.def +# | +if test "$enable_ntdll_NtQueryVirtualMemory" -eq 1; then + patch_apply ntdll-NtQueryVirtualMemory/0003-ntdll-Implement-NtQueryVirtualMemory-MemorySectionNa.patch + patch_apply ntdll-NtQueryVirtualMemory/0004-ntdll-tests-Add-tests-for-NtQueryVirtualMemory-Memor.patch + patch_apply ntdll-NtQueryVirtualMemory/0005-ntdll-tests-Add-test-to-ensure-section-name-is-full-.patch + patch_apply ntdll-NtQueryVirtualMemory/0006-ntdll-Allow-to-query-section-names-from-other-proces.patch + patch_apply ntdll-NtQueryVirtualMemory/0007-kernel32-Implement-K32GetMappedFileName.-v2.patch + patch_apply ntdll-NtQueryVirtualMemory/0008-ntdll-Resolve-drive-symlinks-before-returning-sectio.patch + patch_apply ntdll-NtQueryVirtualMemory/0009-ntdll-Fixup-builtin-dll-names-in-get_section_name.patch + patch_apply ntdll-NtQueryVirtualMemory/0010-server-Fix-process-access-rights-in-get_mapping_file.patch +fi + # Patchset ntdll-NtSetLdtEntries # | # | Modified files: