public static void AssertSuccess(NtStatus status)
{
if(status != NtStatus.Success)
{
Win32ErrorCode code = NativeMethods.RtlNtStatusToDosError(status);
throw new Win32Exception((int) code);
}
}
private NtStatus Trace(string method, string fileName, DokanFileInfo info, NtStatus result, params string[] parameters)
{
var extraParameters = parameters != null && parameters.Length > 0 ? ", " + string.Join(", ", parameters) : string.Empty;
#if TRACE
Console.WriteLine(string.Format(CultureInfo.InvariantCulture, "{0}('{1}', {2}{3}) -> {4}",
method, fileName, ToTrace(info), extraParameters, result));
#endif
return result;
}
private NtStatus Trace(string method, string fileName, DokanFileInfo info,
FileAccess access, FileShare share, FileMode mode, FileOptions options, FileAttributes attributes,
NtStatus result)
{
#if TRACE
Console.WriteLine(string.Format(CultureInfo.InvariantCulture, "{0}('{1}', {2}, [{3}], [{4}], [{5}], [{6}], [{7}]) -> {8}",
method, fileName, ToTrace(info), access, share, mode, options, attributes, result));
#endif
return result;
}
private NtStatus Trace(string method, string fileName, DokanFileInfo info,
FileAccess access, FileShare share, FileMode mode, FileOptions options, FileAttributes attributes,
NtStatus result)
{
#if TRACE
logger.Debug(
DokanFormat(
$"{method}('{fileName}', {info}, [{access}], [{share}], [{mode}], [{options}], [{attributes}]) -> {result}"));
#endif
return result;
}
private NtStatus Trace(string method, string fileName, DokanFileInfo info, NtStatus result,
params object[] parameters)
{
#if TRACE
var extraParameters = parameters != null && parameters.Length > 0
? ", " + string.Join(", ", parameters.Select(x => string.Format(DefaultFormatProvider, "{0}", x)))
: string.Empty;
logger.Debug(DokanFormat($"{method}('{fileName}', {info}{extraParameters}) -> {result}"));
#endif
return result;
}
private NtStatus Trace(string method, string fileName, DokanFileInfo info, FileAccess access, FileShare share, FileMode mode, FileOptions options, FileAttributes attributes, NtStatus result)
{
logger?.Trace($"{System.Threading.Thread.CurrentThread.ManagedThreadId:D2} / {drive.DisplayRoot} {method}({fileName}, {info.ToTrace()}, [{access}], [{share}], [{mode}], [{options}], [{attributes}]) -> {result}".ToString(CultureInfo.CurrentCulture));
return(result);
}
/// <summary>
/// Checks if the NtStatus value is a success
/// </summary>
/// <param name="status">The NtStatus value</param>
/// <returns>True if a success</returns>
public static bool IsSuccess(this NtStatus status)
{
return((int)status >= 0);
}
/// <summary>
/// SmbdEndpoint constructor will load RDMA providers and initialize default connection values.
/// </summary>
/// <param name="inboundEntries">maximum number of outstanding Receive requests.</param>
/// <param name="outboundEntries">maximum number of outstanding Send, SendAndInvalidate
/// , Bind, Invalidate, Read, and Write requests.
/// </param>
/// <param name="inboundSegment">inbound segments limit</param>
/// <param name="outboundSegment">outbound segments limit</param>
/// <param name="inboundReadLimit">maximum inbound read limit for the local Network
/// Direct adapter. This value can be zero if you do not support
/// </param>
/// <param name="outboundReadLimit"></param>
/// <param name="inboundDataSize">Max Size of RDMA inbound data</param>
/// <param name="logEvent">Delegate to log SMBD event</param>
public SmbdConnectionEndpoint(
uint inboundEntries,
uint outboundEntries,
uint inboundSegment,
uint outboundSegment,
uint inboundReadLimit,
uint outboundReadLimit,
uint inboundDataSize,
SmbdLogEvent logEvent = null
)
{
this.logEndpointEvent = logEvent;
LogEvent("Loading the providers of registered network drivers.");
initializeStatus = (NtStatus)RdmaProvider.LoadRdmaProviders(out rdmaProvidersList);
this.inboundEntries = inboundEntries;
this.outboundEntries = outboundEntries;
this.inboundSegment = inboundSegment;
this.outboundSegment = outboundSegment;
this.inboundReadLimit = inboundReadLimit;
this.outboundReadLimit = outboundReadLimit;
this.completionQueueDepth = (inboundEntries + outboundEntries);
this.inboundDataSize = inboundDataSize;
isConnected = false;
memoryWindowList = new List<SmbdMemoryWindow>();
receiveRequestList = new List<SmbdRequest>();
locker = new Object();
otherRequestResult = new SyncFilterQueue<SmbdRequestResult>();
receiveRequestResult = new SyncFilterQueue<SmbdRequestResult>();
disconnectSemaphore = new Semaphore(0, 1);
//threadStopSemaphore = new Semaphore(0, THREAD_COUNT);
// one more for Semaphore Release when disconnection
rdmaNotificationSemaphore = new Semaphore(0, (int)completionQueueDepth + 1);
requestCount = 0;
ReceivePostedCount = 0;
#region output provider information
if (initializeStatus != NtStatus.STATUS_SUCCESS)
{
LogEvent(string.Format("Load provider with error code: {0}", (NtStatus)initializeStatus));
return;
}
if (rdmaProvidersList == null)
{
LogEvent("The returned providers list is NULL");
return;
}
LogEvent(string.Format("{0} providers of registered network drivers have been load,", rdmaProvidersList.Length));
int providerIndex = 0;
foreach (RdmaProviderInfo info in rdmaProvidersList)
{
if (info != null)
{
LogEvent(string.Format("Load provider {1}: {0}", info.Path, ++providerIndex));
}
}
LogEvent("Loading providers is completed");
#endregion
}
/// <summary>
/// Convert security descriptor to a byte array
/// </summary>
/// <returns>The binary security descriptor</returns>
public byte[] ToByteArray()
{
SafeStructureInOutBuffer <SecurityDescriptorStructure> sd_buffer = null;
SafeHGlobalBuffer dacl_buffer = null;
SafeHGlobalBuffer sacl_buffer = null;
SafeSidBufferHandle owner_buffer = null;
SafeSidBufferHandle group_buffer = null;
try
{
sd_buffer = new SafeStructureInOutBuffer <SecurityDescriptorStructure>();
NtRtl.RtlCreateSecurityDescriptor(sd_buffer, Revision).ToNtException();
SecurityDescriptorControl control = Control & SecurityDescriptorControl.ValidControlSetMask;
NtRtl.RtlSetControlSecurityDescriptor(sd_buffer, control, control).ToNtException();
if (Dacl != null)
{
if (!Dacl.NullAcl)
{
dacl_buffer = new SafeHGlobalBuffer(Dacl.ToByteArray());
}
else
{
dacl_buffer = new SafeHGlobalBuffer(IntPtr.Zero, 0, false);
}
NtRtl.RtlSetDaclSecurityDescriptor(sd_buffer, true, dacl_buffer.DangerousGetHandle(), Dacl.Defaulted).ToNtException();
}
if (Sacl != null)
{
if (!Sacl.NullAcl)
{
sacl_buffer = new SafeHGlobalBuffer(Sacl.ToByteArray());
}
else
{
sacl_buffer = new SafeHGlobalBuffer(IntPtr.Zero, 0, false);
}
NtRtl.RtlSetSaclSecurityDescriptor(sd_buffer, true, sacl_buffer.DangerousGetHandle(), Sacl.Defaulted).ToNtException();
}
if (Owner != null)
{
owner_buffer = Owner.Sid.ToSafeBuffer();
NtRtl.RtlSetOwnerSecurityDescriptor(sd_buffer, owner_buffer.DangerousGetHandle(), Owner.Defaulted);
}
if (Group != null)
{
group_buffer = Group.Sid.ToSafeBuffer();
NtRtl.RtlSetGroupSecurityDescriptor(sd_buffer, group_buffer.DangerousGetHandle(), Group.Defaulted);
}
int total_length = 0;
NtStatus status = NtRtl.RtlAbsoluteToSelfRelativeSD(sd_buffer, new SafeHGlobalBuffer(IntPtr.Zero, 0, false), ref total_length);
if (status != NtStatus.STATUS_BUFFER_TOO_SMALL)
{
status.ToNtException();
}
using (SafeHGlobalBuffer relative_sd = new SafeHGlobalBuffer(total_length))
{
NtRtl.RtlAbsoluteToSelfRelativeSD(sd_buffer, relative_sd, ref total_length).ToNtException();
return(relative_sd.ToArray());
}
}
finally
{
sd_buffer?.Close();
dacl_buffer?.Close();
sacl_buffer?.Close();
owner_buffer?.Close();
group_buffer?.Close();
}
}
/// <summary>
/// Determines whether the NT status value indicates success.
/// </summary>
/// <param name="status">The NT status value.</param>
public static bool IsSuccess(NtStatus status)
{
return status >= NtStatus.Success && status < NtStatus.Informational;
}
internal CreateUserProcessResult(NtStatus status, ProcessCreateInfoData create_info, ProcessCreateState create_state)
{
ImageFile = null;
if (create_state == ProcessCreateState.FailOnSectionCreate)
{
ImageFile = new NtFile(new SafeKernelObjectHandle(create_info.FileHandle, true));
}
else if (create_state == ProcessCreateState.FailExeName)
{
IFEOKeyHandle = RegistryKey.FromHandle(new SafeRegistryHandle(create_info.IFEOKey, true));
}
Status = status;
CreateInfo = create_info;
CreateState = create_state;
Process = null;
Thread = null;
SectionHandle = null;
ImageInfo = new SectionImageInformation();
ClientId = new ClientId();
}
public static extern NtStatus NtTerminateThread(SafeKernelObjectHandle ThreadHandle, NtStatus status);
private void unloadMenuItem_Click(object sender, EventArgs e)
{
if (!PhUtils.ShowConfirmMessage(
"Unload",
_pid != 4 ? "the selected module" : "the selected driver",
_pid != 4 ?
"Unloading a module may cause the process to crash." :
"Unloading a driver may cause system instability.",
true
))
{
return;
}
if (_pid == 4)
{
try
{
var moduleItem = (ModuleItem)listModules.SelectedItems[0].Tag;
string serviceName = null;
// Try to find the name of the service key for the driver by
// looping through the objects in the Driver directory and
// opening each one.
using (var dhandle = new DirectoryHandle("\\Driver", DirectoryAccess.Query))
{
foreach (var obj in dhandle.GetObjects())
{
try
{
using (var driverHandle = new DriverHandle("\\Driver\\" + obj.Name))
{
if (driverHandle.GetBasicInformation().DriverStart == moduleItem.BaseAddress.ToIntPtr())
{
serviceName = driverHandle.GetServiceKeyName();
break;
}
}
}
catch
{ }
}
}
// If we didn't find the service name, use the driver base name.
if (serviceName == null)
{
if (moduleItem.Name.EndsWith(".sys", StringComparison.OrdinalIgnoreCase))
{
serviceName = moduleItem.Name.Remove(moduleItem.Name.Length - 4, 4);
}
else
{
serviceName = moduleItem.Name;
}
}
RegistryKey servicesKey =
Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Services", true);
bool serviceKeyCreated;
RegistryKey serviceKey;
// Check if the service key exists so that we don't delete it
// later if it does.
if (Array.Exists <string>(servicesKey.GetSubKeyNames(),
(keyName) => (string.Compare(keyName, serviceName, true) == 0)))
{
serviceKeyCreated = false;
}
else
{
serviceKeyCreated = true;
// Create the service key.
serviceKey = servicesKey.CreateSubKey(serviceName);
serviceKey.SetValue("ErrorControl", 1, RegistryValueKind.DWord);
serviceKey.SetValue("ImagePath", "\\??\\" + moduleItem.FileName, RegistryValueKind.ExpandString);
serviceKey.SetValue("Start", 1, RegistryValueKind.DWord);
serviceKey.SetValue("Type", 1, RegistryValueKind.DWord);
serviceKey.Close();
servicesKey.Flush();
}
try
{
Windows.UnloadDriver(serviceName);
}
finally
{
if (serviceKeyCreated)
{
servicesKey.DeleteSubKeyTree(serviceName);
}
servicesKey.Close();
}
listModules.SelectedItems.Clear();
}
catch (Exception ex)
{
MessageBox.Show("Unable to unload the driver. Make sure Process Hacker " +
"is running with administrative privileges. Error:\n\n" +
ex.Message, "Process Hacker", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
else
{
try
{
using (ProcessHandle phandle = new ProcessHandle(_pid,
Program.MinProcessQueryRights | ProcessAccess.VmOperation |
ProcessAccess.VmRead | ProcessAccess.VmWrite | ProcessAccess.CreateThread))
{
IntPtr baseAddress = ((ModuleItem)listModules.SelectedItems[0].Tag).BaseAddress.ToIntPtr();
phandle.SetModuleReferenceCount(baseAddress, 1);
ThreadHandle thread;
if (OSVersion.IsAboveOrEqual(WindowsVersion.Vista))
{
// Use RtlCreateUserThread to bypass session boundaries. Since
// LdrUnloadDll is a native function we don't need to notify CSR.
thread = phandle.CreateThread(
Loader.GetProcedure("ntdll.dll", "LdrUnloadDll"),
baseAddress
);
}
else
{
// On XP it seems we need to notify CSR...
thread = phandle.CreateThreadWin32(
Loader.GetProcedure("kernel32.dll", "FreeLibrary"),
baseAddress
);
}
thread.Wait(1000 * Win32.TimeMsTo100Ns);
NtStatus exitStatus = thread.GetExitStatus();
if (exitStatus == NtStatus.DllNotFound)
{
if (OSVersion.Architecture == OSArch.Amd64)
{
PhUtils.ShowError("Unable to find the module to unload. This may be caused " +
"by an attempt to unload a mapped file or a 32-bit module.");
}
else
{
PhUtils.ShowError("Unable to find the module to unload. This may be caused " +
"by an attempt to unload a mapped file.");
}
}
else
{
exitStatus.ThrowIf();
}
thread.Dispose();
}
listModules.SelectedItems.Clear();
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to unload the module", ex);
}
}
}
internal NtResult(NtStatus status, T result)
{
Status = status;
_result = result;
}
internal static extern int RtlNtStatusToDosError(NtStatus ntStatus);
public NtStatus CreateFile(string filename, FileAccess access, System.IO.FileShare share, System.IO.FileMode mode, System.IO.FileOptions options, System.IO.FileAttributes attributes, IDokanFileInfo info)
{
var node = GetNodeFast(filename, info);
if (node == null)
{
if (access == FileAccess.Delete)
{
return(DokanResult.Success); //already gone
}
switch (mode)
{
case FileMode.CreateNew:
case FileMode.Create:
case FileMode.OpenOrCreate:
if (filename.Length == 0)
{
return(NtStatus.Success);
}
string Directory = filename;
if (!info.IsDirectory) //Directory doesn't have a filename that we want to cut off
{
Directory = filename.Substring(0, filename.LastIndexOf('\\'));
if (Directory.Length == 0)
{
Directory = "\\";
}
}
var nodeDirectory = CreateOrFindDirectoryRecursive(Directory);
if (!(nodeDirectory is PboFsRealFolder) && nodeDirectory is PboFsFolder virtualFolder)
{
nodeDirectory = fileTree.MakeDirectoryWriteable(virtualFolder);
}
if (nodeDirectory is PboFsRealFolder folder)
{
if (info.IsDirectory)
{
info.Context = nodeDirectory;
//Nothing else to do as full path is already included in DirectoryPath
}
else
{
//Filename without folder path
var FileNameDirect = filename.Substring(filename.LastIndexOf('\\'));
var FileNameDirectNoLeadingSlash = filename.Substring(filename.LastIndexOf('\\') + 1);
FileStream newStream = null;
try
{
newStream = System.IO.File.Create(folder.path + FileNameDirect);
}
catch (Exception e)
{
Console.WriteLine(e);
return(DokanResult.AccessDenied); //#TODO correct result for exception type
}
var rlFile = new PboFsRealFile(new System.IO.FileInfo(folder.path + FileNameDirect), folder, newStream);
folder.Children[FileNameDirectNoLeadingSlash.ToLower()] = rlFile;
fileTree.AddNode(rlFile);
info.Context = rlFile;
}
return(DokanResult.Success);
}
return(DokanResult.DiskFull);
case FileMode.Open:
case FileMode.Truncate:
case FileMode.Append:
return(DokanResult.FileNotFound);
}
}
info.Context = node;
if (node is PboFsFolder && !info.IsDirectory)
{
info.IsDirectory = true; //Dokan documentation says we need to do that.
}
if (mode == FileMode.CreateNew)
{
return(DokanResult.FileExists);
}
if (access == FileAccess.Delete)
{
NtStatus deleteResult = DokanResult.NotImplemented;
if (node is PboFsRealFile)
{
deleteResult = DeleteFile(filename, info);
}
else if (node is PboFsRealFolder)
{
deleteResult = DeleteDirectory(filename, info);
}
return(deleteResult);
}
bool wantsWrite = (access &
(FileAccess.WriteData | FileAccess.AppendData | FileAccess.Delete | FileAccess.GenericWrite)
) != 0;
bool wantsRead = (access &
(FileAccess.ReadData | FileAccess.GenericRead | FileAccess.Execute | FileAccess.GenericExecute)
) != 0;
if (wantsWrite && !(node is IPboFsRealObject))
{
return(DokanResult.AccessDenied);
}
if (node is IPboFsFile file && (wantsRead || wantsWrite))
{
return(file.Open(wantsWrite, mode));
}
return(DokanResult.Success);
}
protected NtStatus Trace(string method, string fileName, IDokanFileInfo info, NtStatus result,
params object[] parameters)
{
#if TRACE
var extraParameters = parameters != null && parameters.Length > 0
? ", " + string.Join(", ", parameters.Select(x => string.Format(DefaultFormatProvider, "{0}", x)))
: string.Empty;
logger.Debug(DokanFormat($"{method}('{fileName}', {info}{extraParameters}) -> {result}"));
#endif
return(result);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="status">Status result</param>
public NtException(NtStatus status)
{
Status = status;
}
/// <summary>
/// Checks if the NtStatus value is an error.
/// </summary>
/// <param name="status">The NtStatus value</param>
/// <returns>True if an error.</returns>
public static bool IsError(this NtStatus status)
{
return(status.GetSeverity() == NtStatusSeverity.STATUS_SEVERITY_ERROR);
}
/// <summary>
/// Add a queued status to the queue.
/// </summary>
/// <param name="key_context">The optional key context.</param>
/// <param name="apc_context">The optional APC context.</param>
/// <param name="status">Status code</param>
/// <param name="information">The information context.</param>
public void Set(IntPtr key_context, IntPtr apc_context, NtStatus status, IntPtr information)
{
NtSystemCalls.NtSetIoCompletion(Handle, key_context,
apc_context, status, information).ToNtException();
}
public void KphTerminateProcess(ProcessHandle processHandle, NtStatus exitStatus)
{
byte* inData = stackalloc byte[8];
*(int*)inData = processHandle;
*(int*)(inData + 4) = (int)exitStatus;
try
{
_fileHandle.IoControl(CtlCode(Control.KphTerminateProcess), inData, 8, null, 0);
}
catch (WindowsException ex)
{
// STATUS_CANT_TERMINATE_SELF means we tried to terminate ourself. Kernel-mode can't do it,
// so we do it now.
if (ex.Status == NtStatus.CantTerminateSelf)
Win32.TerminateProcess(new IntPtr(-1), (int)exitStatus);
else
throw ex;
}
}
/// <summary>
/// Terminate the process
/// </summary>
/// <param name="exitcode">The exit code for the termination</param>
public void Terminate(NtStatus exitcode)
{
NtSystemCalls.NtTerminateProcess(Handle, exitcode).ToNtException();
}
/// <summary>
/// Determines whether the NT status value indicates an error.
/// </summary>
/// <param name="status">The NT status value.</param>
public static bool IsError(NtStatus status)
{
return status >= NtStatus.Error && status <= NtStatus.MaximumNtStatus;
}
private NtStatus Trace(string method, string fileName, DokanFileInfo info, NtStatus result, params string[] parameters)
{
var extraParameters = parameters != null && parameters.Length > 0 ? ", " + string.Join(", ", parameters) : string.Empty;
logger?.Trace($"{System.Threading.Thread.CurrentThread.ManagedThreadId:D2} / {method}({fileName}, {ToTrace(info)}{extraParameters}) -> {result}");
return result;
}
public TokenHandle LogonUser(
string originName,
SecurityLogonType logonType,
IAuthenticationPackage package,
TokenSource source,
out object profileData,
out Luid logonId,
out NtStatus subStatus
)
{
IntPtr profileBuffer;
int profileBufferLength;
IntPtr token;
QuotaLimits quotas;
AnsiString originNameStr = new AnsiString(originName);
try
{
using (MemoryRegion logonData = package.GetAuthData())
{
Win32.LsaLogonUser(
this,
ref originNameStr,
logonType,
this.LookupAuthenticationPackage(package.PackageName),
logonData,
logonData.Size,
IntPtr.Zero,
ref source,
out profileBuffer,
out profileBufferLength,
out logonId,
out token,
out quotas,
out subStatus
).ThrowIf();
using (new LsaMemoryAlloc(profileBuffer, true))
{
profileData = package.GetProfileData(new MemoryRegion(profileBuffer, 0, profileBufferLength));
}
return new TokenHandle(token, true);
}
}
finally
{
originNameStr.Dispose();
}
}
private NtStatus Trace(string method, string fileName, DokanFileInfo info, FileAccess access, FileShare share, FileMode mode, FileOptions options, FileAttributes attributes, NtStatus result)
{
logger?.Trace($"{System.Threading.Thread.CurrentThread.ManagedThreadId:D2} / {method}({fileName}, {ToTrace(info)}, [{access}], [{share}], [{mode}], [{options}], [{attributes}]) -> {result}");
return result;
}
static extern NtStatus LsaLogonUser(SafeLsaHandle LsaHandle, LsaString OriginName, SecurityLogonType LogonType, uint AuthenticationPackage,
SafeBuffer AuthenticationInformation,
int AuthenticationInformationLength,
IntPtr LocalGroups,
TOKEN_SOURCE SourceContext,
out IntPtr ProfileBuffer,
out int ProfileBufferLength,
out Luid LogonId,
out SafeKernelObjectHandle Token,
out QUOTA_LIMITS Quotas,
out NtStatus SubStatus
);
/// <summary>
/// Terminate the process
/// </summary>
/// <param name="exitcode">The exit code for the termination</param>
public void Terminate(NtStatus exitcode)
{
Process?.Terminate(exitcode);
}
public static extern int RtlNtStatusToDosErrorNoTeb(NtStatus status);
public static extern int LsaNtStatusToWinError(
[In] NtStatus Status
);
public static extern NtStatus NtTerminateProcess(SafeKernelObjectHandle ProcessHandle, NtStatus ExitCode);
public void CompleteCommand(int commandId, NtStatus completionStatus)
{
this.CompletionStatus = completionStatus;
this.commandCompleted.Set();
}
public static void AssertSuccess(NtStatus status)
{
Win32ErrorCode code = NativeMethods.RtlNtStatusToDosError(status);
AssertSuccess(code);
}
internal static extern Win32ErrorCode RtlNtStatusToDosError(NtStatus status);
/// <summary>
/// Convert an NtStatus to an exception if the status is an error
/// </summary>
/// <param name="status">The NtStatus</param>
/// <returns>The original NtStatus if not an error</returns>
/// <exception cref="NtException">Thrown if status is an error.</exception>
public static NtStatus ToNtException(this NtStatus status)
{
return(status.ToNtException(true));
}
public void KphDangerousTerminateThread(ThreadHandle threadHandle, NtStatus exitStatus)
{
byte* inData = stackalloc byte[8];
*(int*)inData = threadHandle;
*(int*)(inData + 4) = (int)exitStatus;
_fileHandle.IoControl(CtlCode(Control.KphDangerousTerminateThread), inData, 8, null, 0);
}
/// <summary>
/// Get the severity of the NTSTATUS.
/// </summary>
/// <param name="status">The NtStatus value</param>
/// <returns>The severity.</returns>
public static NtStatusSeverity GetSeverity(this NtStatus status)
{
return((NtStatusSeverity)((uint)status >> 30));
}
internal static extern NtStatus LsaCallAuthenticationPackage(
IntPtr LsaHandle,
uint AuthenticationPackage,
IntPtr ProtocolSubmitBuffer,
int SubmitBufferLength,
out IntPtr ProtocolReturnBuffer,
out ulong ReturnBufferLength,
out NtStatus ProtocolStatus
);
/// <summary>
/// Get the facility of the NTSTATUS.
/// </summary>
/// <param name="status">The NtStatus value</param>
/// <returns>The facility.</returns>
public static NtStatusFacility GetFacility(this NtStatus status)
{
return((NtStatusFacility)(((uint)status >> 16) & 0xFFF));
}
private protected void WriteAccessWarning(NtObject root, string path, NtStatus status)
{
WriteAccessWarning($@"{root.FullPath.TrimEnd('\\')}\{path}", status);
}
public void KphTerminateProcess(ProcessHandle processHandle, NtStatus exitStatus)
{
KphTerminateProcessInput input;
input.ProcessHandle = processHandle;
input.ExitStatus = exitStatus;
_fileHandle.IoControl(IoCtlTerminateProcess, &input, sizeof(KphTerminateProcessInput), null, 0);
}
/// <summary>
/// Get the status code of the NTSTATUS.
/// </summary>
/// <param name="status">The NtStatus value.</param>
/// <returns>The static code.</returns>
public static int GetStatusCode(this NtStatus status)
{
return((int)((uint)status & 0xFFFF));
}
public void KphTerminateThread(ThreadHandle threadHandle, NtStatus exitStatus)
{
byte* inData = stackalloc byte[8];
*(int*)inData = threadHandle;
*(int*)(inData + 4) = (int)exitStatus;
try
{
_fileHandle.IoControl(CtlCode(Control.KphTerminateThread), inData, 8, null, 0);
}
catch (WindowsException ex)
{
if (ex.Status == NtStatus.CantTerminateSelf)
Win32.TerminateThread(new IntPtr(-2), (int)exitStatus);
else
throw ex;
}
}
/// <summary>
/// Is an NTSTATUS a customer code.
/// </summary>
/// <param name="status">The NtStatus value</param>
/// <returns>True if is a customer code.</returns>
public static bool IsCustomerCode(this NtStatus status)
{
return((((uint)status >> 29) & 1) != 0);
}
public static void ThrowLastError(NtStatus status)
{
throw new WindowsException(status);
}
/// <summary>
/// Is an NTSTATUS reserved.
/// </summary>
/// <param name="status">The NtStatus value</param>
/// <returns>True if reserved.</returns>
public static bool IsReserved(this NtStatus status)
{
return((((uint)status >> 28) & 1) != 0);
}
/// <summary>
/// Determines whether the NT status value indicates information.
/// </summary>
/// <param name="status">The NT status value.</param>
public static bool IsInformational(NtStatus status)
{
return status >= NtStatus.Informational && status < NtStatus.Warning;
}
/// <summary>
/// Create an NT result object. If status is successful then call function otherwise use default value.
/// </summary>
/// <typeparam name="T">The result type.</typeparam>
/// <param name="status">The associated status code.</param>
/// <param name="throw_on_error">Throw an exception on error.</param>
/// <param name="create_func">Function to call to create an instance of the result</param>
/// <returns>The created result.</returns>
internal static NtResult <T> CreateResult <T>(this NtStatus status, bool throw_on_error, Func <NtStatus, T> create_func)
{
return(CreateResult(status, throw_on_error, create_func, null));
}
/// <summary>
/// Determines whether the NT status value indicates a warning.
/// </summary>
/// <param name="status">The NT status value.</param>
public static bool IsWarning(NtStatus status)
{
return status >= NtStatus.Warning && status < NtStatus.Error;
}
private NtStatus ReadFile(IntPtr handle, IntPtr hEvent, IntPtr *apcRoutine, IntPtr *apcContext,
ref Native.IO_STATUS_BLOCK ioStatus, byte *buffer, uint length, LARGE_INTEGER *byteOffset, IntPtr key,
VirtualDwPack pack, long offset, long effOffset)
{
// File data read
NtStatus result = NtStatus.Success;
for (int i = 0; i < pack.Entries.Count; i++)
{
var entry = pack.Entries[i];
var dataOffset = (pack.Native.Data + entry.Native->DataOffset) - pack.Native.Ptr;
if (effOffset < dataOffset || effOffset >= (dataOffset + entry.Native->CompressedSize))
{
continue;
}
var fileDataOffset = effOffset - dataOffset;
var readEndOffset = fileDataOffset + length;
if (readEndOffset > entry.Native->CompressedSize)
{
continue;
}
// Make sure the file has been redirected
// This is done as late as possible to improve startup times
if (!entry.IsRedirected)
{
mLogger.Info($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Data access Offset: 0x{effOffset:X8} Length: 0x{length:X8}");
result = mHooks.NtReadFileHook.OriginalFunction(handle, hEvent, apcRoutine, apcContext, ref ioStatus, buffer, length, byteOffset, key);
}
else
{
mLogger.Info($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Data access Offset: 0x{effOffset:X8} Length: 0x{length:X8} redirected to {entry.RedirectedFilePath}");
result = NtStatus.Success;
if (fileDataOffset < 0)
{
mLogger.Error($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Offset is before start of data!!!");
}
else if (fileDataOffset > entry.RedirectedFileSize)
{
mLogger.Error($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Offset is after end of data!!!");
}
mLogger.Debug($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Reading 0x{length:X8} bytes from redirected file at offset 0x{fileDataOffset:X8}");
// Get cached file stream if the file was previously opened or open a new file
Stream redirectedStream;
if (mCachedFile == entry)
{
redirectedStream = mCachedFileStream;
}
else
{
mCachedFileStream?.Close();
mCachedFile = entry;
mCachedFileStream = redirectedStream = entry.OpenRead();
}
// Read from redirected file into the buffer
try
{
redirectedStream.Seek(fileDataOffset, SeekOrigin.Begin);
var readBytes = redirectedStream.Read(new Span <byte>(( void * )buffer, ( int )length));
SetBytesRead(handle, ( int )offset, ( int )length, ref ioStatus);
if (readBytes != length)
{
mLogger.Error($"{pack.FileName} Hnd: {handle} {entry.Native->Path} File read length doesnt match requested read length!! Expected 0x{length:X8}, Actual 0x{readBytes:X8}");
}
mLogger.Debug($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Wrote redirected file to buffer");
}
catch (Exception e)
{
mLogger.Debug($"{pack.FileName} Hnd: {handle} Index: {i} {entry.Native->Path} Unhandled exception thrown during reading {entry.RedirectedFilePath}: {e}");
}
}
// Return early, we're done here
return(result);
}
mLogger.Error($"{pack.FileName} Hnd: {handle} Unhandled file data read request!! Offset: 0x{effOffset:X8} Length: 0x{length:X8}");
return(mHooks.NtReadFileHook.OriginalFunction(handle, hEvent, apcRoutine, apcContext, ref ioStatus, buffer, length, byteOffset, key));
}
private void ReconnectResilientHandle(
Smb2FunctionalClient client,
Guid clientGuid,
string fileName,
FILEID fileId,
NtStatus expectedReconnectStatus,
string message)
{
uint treeId;
ConnectToShare(
client,
clientGuid,
out treeId);
BaseTestSite.Log.Add(
LogEntryKind.Debug,
"Reconnect to resilient handle");
Smb2CreateContextResponse[] createContextResponse;
uint status = client.Create(
treeId,
fileName,
CreateOptions_Values.NONE,
out fileId,
out createContextResponse,
createContexts: new Smb2CreateContextRequest[]
{
new Smb2CreateDurableHandleReconnect()
{
Data = fileId
}
},
checker: (header, response) =>
{
// do nothing, skip the exception
}
);
BaseTestSite.Assert.AreEqual<NtStatus>(
expectedReconnectStatus,
(NtStatus)status,
message);
}
public void Smb2OverRdma_Read_SMB2_CHANNEL_RDMA_V1()
{
EstablishConnectionAndOpenFile(fileName);
uint fileSize = smbdAdapter.Smb2MaxReadSize;
byte[] fileContent = Smb2Utility.CreateRandomByteArray((int)fileSize);
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Register memory and get buffer descriptor for SMB2 WRITE");
SmbdBufferDescriptorV1 descp;
NtStatus status = smbdAdapter.SmbdRegisterBuffer(
fileSize,
SmbdBufferReadWrite.RDMA_READ_PERMISSION_FOR_WRITE_FILE,
out descp);
BaseTestSite.Assert.AreEqual(
NtStatus.STATUS_SUCCESS,
status,
"Register buffer should succeed.");
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Write content to file over RDMA.");
status = Smb2WriteOverRdma(fileName, fileContent, Channel_Values.CHANNEL_RDMA_V1_INVALIDATE, descp);
BaseTestSite.Assert.AreEqual <NtStatus>(
NtStatus.STATUS_SUCCESS,
status,
"SMB2 WRITE over RDMA should succeed.");
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Register memory and get buffer descriptor for SMB2 READ.");
status = smbdAdapter.SmbdRegisterBuffer(
fileSize,
SmbdBufferReadWrite.RDMA_WRITE_PERMISSION_FOR_READ_FILE,
out descp);
BaseTestSite.Assert.AreEqual(
NtStatus.STATUS_SUCCESS,
status,
"Register buffer should succeed.");
byte[] channelInfo = TypeMarshal.ToBytes <SmbdBufferDescriptorV1>(descp);
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Read content from file over RDMA.");
READ_Response readResponse;
byte[] readData;
status = (NtStatus)smbdAdapter.Smb2ReadOverRdmaChannel(
0,
(uint)fileSize,
channelInfo,
out readResponse,
out readData,
Channel_Values.CHANNEL_RDMA_V1);
BaseTestSite.Assert.AreEqual <NtStatus>(
NtStatus.STATUS_SUCCESS,
status,
"SMB2 READ over RDMA should succeed.");
byte[] readContent = new byte[fileSize];
smbdAdapter.SmbdReadRegisteredBuffer(readContent, descp);
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Verify the read content same as the original one on server.");
BaseTestSite.Assert.IsTrue(
SmbdUtilities.CompareByteArray(fileContent, readContent),
"Content read should be identical with original on server.");
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Send SMB2 READ using same descriptor.");
status = (NtStatus)smbdAdapter.Smb2ReadOverRdmaChannel(
0,
(uint)fileSize,
channelInfo,
out readResponse,
out readData,
Channel_Values.CHANNEL_RDMA_V1);
BaseTestSite.Assert.AreEqual <NtStatus>(
NtStatus.STATUS_SUCCESS,
status,
"SMB2 READ over RDMA should succeed.");
smbdAdapter.SmbdReadRegisteredBuffer(readContent, descp);
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Verify the read content same as the original one on server.");
BaseTestSite.Assert.IsTrue(
SmbdUtilities.CompareByteArray(fileContent, readContent),
"Content read should be identical with original on server.");
}
/// <summary>
/// Terminate the process
/// </summary>
/// <param name="exitcode">Exit code for termination</param>
public void Terminate(NtStatus exitcode)
{
if (Process != null)
Process.Terminate(exitcode);
}
public void BVT_Smb2OverRdma_Smb302_Read_SMB2_CHANNEL_RDMA_V1_INVALIDATE()
{
EstablishConnectionAndOpenFile(fileName, Smb302AboveDialects);
uint fileSize = smbdAdapter.Smb2MaxReadSize;
byte[] fileContent = Smb2Utility.CreateRandomByteArray((int)fileSize);
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Register memory and get buffer descriptor for SMB2 WRITE");
SmbdBufferDescriptorV1 descp;
NtStatus status = smbdAdapter.SmbdRegisterBuffer(
fileSize,
SmbdBufferReadWrite.RDMA_READ_PERMISSION_FOR_WRITE_FILE,
out descp);
BaseTestSite.Assert.AreEqual(
NtStatus.STATUS_SUCCESS,
status,
"Register buffer should succeed.");
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Write content to file over RDMA.");
status = Smb2WriteOverRdma(fileName, fileContent, Channel_Values.CHANNEL_RDMA_V1_INVALIDATE, descp);
BaseTestSite.Assert.AreEqual <NtStatus>(
NtStatus.STATUS_SUCCESS,
status,
"SMB2 WRITE over RDMA should succeed.");
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Register memory and get buffer descriptor for SMB2 READ.");
status = smbdAdapter.SmbdRegisterBuffer(
fileSize,
SmbdBufferReadWrite.RDMA_WRITE_PERMISSION_FOR_READ_FILE,
out descp);
BaseTestSite.Assert.AreEqual(
NtStatus.STATUS_SUCCESS,
status,
"Register buffer should succeed.");
byte[] channelInfo = TypeMarshal.ToBytes <SmbdBufferDescriptorV1>(descp);
BaseTestSite.Log.Add(LogEntryKind.TestStep, "Read content from file over RDMA.");
READ_Response readResponse;
byte[] readData;
status = (NtStatus)smbdAdapter.Smb2ReadOverRdmaChannel(
0,
(uint)fileSize,
channelInfo,
out readResponse,
out readData,
Channel_Values.CHANNEL_RDMA_V1_INVALIDATE);
BaseTestSite.Assert.AreEqual <NtStatus>(
NtStatus.STATUS_SUCCESS,
status,
"SMB2 READ over RDMA should succeed.");
byte[] readContent = new byte[fileSize];
smbdAdapter.SmbdReadRegisteredBuffer(readContent, descp);
BaseTestSite.Assert.IsTrue(
SmbdUtilities.CompareByteArray(fileContent, readContent),
"Content read should be identical with original on server.");
try
{
status = (NtStatus)smbdAdapter.Smb2ReadOverRdmaChannel(
0,
(uint)fileSize,
channelInfo,
out readResponse,
out readData,
Channel_Values.CHANNEL_RDMA_V1_INVALIDATE);
}
catch
{
BaseTestSite.Log.Add(LogEntryKind.Debug, "Wait for connection to be terminated ");
smbdAdapter.WaitRdmaDisconnect();
}
BaseTestSite.Assert.IsFalse(smbdAdapter.ClientConnection.Endpoint.IsConnected, "Connection should be terminated when accessing a memory window which is already invalidated.");
}
public static extern int RtlNtStatusToDosError(NtStatus status);
/// <summary>
/// Creates an exception from a NT status value.
/// </summary>
/// <param name="status">The NT status value.</param>
public WindowsException(NtStatus status)
{
_status = status;
_errorCode = status.ToDosError();
_isNtStatus = true;
}
