Skip to content

Commit 2d9b0d8

Browse files
author
Karel Tuma
committed
get rid of code locking for now.
1 parent 09c8efe commit 2d9b0d8

File tree

1 file changed

+5
-35
lines changed

1 file changed

+5
-35
lines changed

driver.c

Lines changed: 5 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -13,48 +13,19 @@ static KMUTEX ioctl_mutex;
1313
// We temporarily flip the ci_Options to not validate, load driver, flip
1414
// ci_options back.
1515
//
16-
// BUT. Compared to linux, driver pages can be swapped out to disk on windows.
17-
// Worse still, windows will sneakily re-verify pages as they get paged back in.
18-
//
19-
// Obviously our image would fail as the pages will not validate. What we do
20-
// is register a callback for image loading. In there, enumerate all driver sections,
21-
// and lock em in memory via calls to MmLockPagableDataSection -- all the while
22-
// ci_Options is still zero so that everything can be paged in.
23-
24-
static void lock_driver(void *base)
25-
{
26-
IMAGE_DOS_HEADER *mz = base;
27-
IMAGE_NT_HEADERS *pe = base + mz->e_lfanew;
28-
IMAGE_SECTION_HEADER *sec = ((void*)pe) + sizeof(IMAGE_NT_HEADERS);
29-
DBG("Locking driver @ %p\n", base);
30-
for (int i = 0; i < pe->FileHeader.NumberOfSections; i++) {
31-
if (sec[i].SizeOfRawData && sec[i].PointerToRawData) {
32-
DBG("Locking section %p\n",base + sec[i].VirtualAddress);
33-
MmLockPagableDataSection(base + sec[i].VirtualAddress);
34-
}
35-
}
36-
}
37-
38-
static void NTAPI image_notify(PUNICODE_STRING filename, HANDLE pid, PIMAGE_INFO pinfo)
39-
{
40-
if (!pinfo->SystemModeImage)
41-
return;
42-
lock_driver(pinfo->ImageBase);
43-
}
44-
4516
static void ci_restore()
4617
{
47-
DBG("current ci_Options=%08x", *((ULONG*)cfg.ci_opt));
18+
DBG("current ci_Options=%08x\n", *((ULONG*)cfg.ci_opt));
4819
cfg.ci_opt[0] = cfg.ci_guess;
49-
DBG("now restored ci_Options=%08x", *((ULONG*)cfg.ci_opt));
20+
DBG("now restored ci_Options=%08x\n", *((ULONG*)cfg.ci_opt));
5021
}
5122

5223
static NTSTATUS driver_sideload(PUNICODE_STRING svc)
5324
{
5425
NTSTATUS status;
5526

5627
// register notifier routine
57-
PsSetLoadImageNotifyRoutine(&image_notify);
28+
//PsSetLoadImageNotifyRoutine(&image_notify);
5829

5930
// Clear ci_Options. Daaaaanger zone.
6031
cfg.ci_opt[0] = 0;
@@ -66,7 +37,7 @@ static NTSTATUS driver_sideload(PUNICODE_STRING svc)
6637
ci_restore();
6738

6839
// Remove notifier
69-
PsRemoveLoadImageNotifyRoutine(&image_notify);
40+
//PsRemoveLoadImageNotifyRoutine(&image_notify);
7041

7142
return status;
7243
}
@@ -190,7 +161,7 @@ NTSTATUS NTAPI ENTRY(driver_entry)(IN PDRIVER_OBJECT self, IN PUNICODE_STRING re
190161

191162
status = RtlQueryRegistryValues(0, reg->Buffer, tab, NULL, NULL);
192163
if (!NT_SUCCESS(status)) {
193-
DBG("registry read failed=%x",(unsigned)status);
164+
DBG("registry read failed=%x\n",(unsigned)status);
194165
return status;
195166
}
196167
DBG("initializing driver with:\n"
@@ -214,7 +185,6 @@ NTSTATUS NTAPI ENTRY(driver_entry)(IN PDRIVER_OBJECT self, IN PUNICODE_STRING re
214185
}
215186

216187
// Page ourselves in too, and restore ci_Options.
217-
lock_driver(self->DriverStart);
218188
if (cfg.ci_orig)
219189
cfg.ci_guess = *cfg.ci_orig;
220190
ci_restore();

0 commit comments

Comments
 (0)