Rizin
unix-like reverse engineering framework and cli tools
winkernel_mm.c File Reference
#include "winkernel_mm.h"
#include <ntddk.h>
#include <Ntintsafe.h>

Go to the source code of this file.

Classes

struct  _CS_WINKERNEL_MEMBLOCK
 

Typedefs

typedef struct _CS_WINKERNEL_MEMBLOCK CS_WINKERNEL_MEMBLOCK
 

Functions

void CAPSTONE_API cs_winkernel_free (void *ptr)
 
void *CAPSTONE_API cs_winkernel_malloc (size_t size)
 
void *CAPSTONE_API cs_winkernel_calloc (size_t n, size_t size)
 
void *CAPSTONE_API cs_winkernel_realloc (void *ptr, size_t size)
 
int CAPSTONE_API cs_winkernel_vsnprintf (char *buffer, size_t count, const char *format, va_list argptr)
 

Variables

static const ULONG CS_WINKERNEL_POOL_TAG = 'kwsC'
 

Typedef Documentation

◆ CS_WINKERNEL_MEMBLOCK

Function Documentation

◆ cs_winkernel_calloc()

void* CAPSTONE_API cs_winkernel_calloc ( size_t  n,
size_t  size 
)

Definition at line 56 of file winkernel_mm.c.

57 {
58  size_t total = n * size;
59 
60  void *new_ptr = cs_winkernel_malloc(total);
61  if (!new_ptr) {
62  return NULL;
63  }
64 
65  return RtlFillMemory(new_ptr, total, 0);
66 }
#define NULL
Definition: cris-opc.c:27
voidpf void uLong size
Definition: ioapi.h:138
RtlFillMemory
Definition: kernel.h:287
int n
Definition: mipsasm.c:19
void *CAPSTONE_API cs_winkernel_malloc(size_t size)
Definition: winkernel_mm.c:29

References cs_winkernel_malloc(), n, NULL, and RtlFillMemory.

◆ cs_winkernel_free()

void CAPSTONE_API cs_winkernel_free ( void *  ptr)

Definition at line 21 of file winkernel_mm.c.

22 {
23  if (ptr) {
24  ExFreePoolWithTag(CONTAINING_RECORD(ptr, CS_WINKERNEL_MEMBLOCK, data), CS_WINKERNEL_POOL_TAG);
25  }
26 }
static const ULONG CS_WINKERNEL_POOL_TAG
Definition: winkernel_mm.c:9

References CS_WINKERNEL_POOL_TAG.

Referenced by cs_winkernel_realloc(), and cs_winkernel_vsnprintf().

◆ cs_winkernel_malloc()

void* CAPSTONE_API cs_winkernel_malloc ( size_t  size)

Definition at line 29 of file winkernel_mm.c.

30 {
31  // Disallow zero length allocation because they waste pool header space and,
32  // in many cases, indicate a potential validation issue in the calling code.
33  NT_ASSERT(size);
34 
35  // FP; a use of NonPagedPool is required for Windows 7 support
36  size_t number_of_bytes = 0;
37  CS_WINKERNEL_MEMBLOCK *block = NULL;
38  // A specially crafted size value can trigger the overflow.
39  // If the sum in a value that overflows or underflows the capacity of the type,
40  // the function returns NULL.
41  if (!NT_SUCCESS(RtlSizeTAdd(size, FIELD_OFFSET(CS_WINKERNEL_MEMBLOCK, data), &number_of_bytes))) {
42  return NULL;
43  }
44 #pragma prefast(suppress : 30030) // Allocating executable POOL_TYPE memory
46  NonPagedPool, number_of_bytes, CS_WINKERNEL_POOL_TAG);
47  if (!block) {
48  return NULL;
49  }
50  block->size = size;
51 
52  return block->data;
53 }
ExAllocatePoolWithTag
Definition: kernel.h:18
#define NT_SUCCESS(status)
Definition: winapi.h:52
@ NonPagedPool
Definition: windows_debug.h:61

References CS_WINKERNEL_POOL_TAG, ExAllocatePoolWithTag, NonPagedPool, NT_SUCCESS, NULL, and _CS_WINKERNEL_MEMBLOCK::size.

Referenced by cs_winkernel_calloc(), cs_winkernel_realloc(), and cs_winkernel_vsnprintf().

◆ cs_winkernel_realloc()

void* CAPSTONE_API cs_winkernel_realloc ( void *  ptr,
size_t  size 
)

Definition at line 69 of file winkernel_mm.c.

70 {
71  void *new_ptr = NULL;
72  size_t current_size = 0;
73  size_t smaller_size = 0;
74 
75  if (!ptr) {
76  return cs_winkernel_malloc(size);
77  }
78 
79  new_ptr = cs_winkernel_malloc(size);
80  if (!new_ptr) {
81  return NULL;
82  }
83 
84  current_size = CONTAINING_RECORD(ptr, CS_WINKERNEL_MEMBLOCK, data)->size;
85  smaller_size = (current_size < size) ? current_size : size;
86  RtlCopyMemory(new_ptr, ptr, smaller_size);
87  cs_winkernel_free(ptr);
88 
89  return new_ptr;
90 }
void CAPSTONE_API cs_winkernel_free(void *ptr)
Definition: winkernel_mm.c:21

References cs_winkernel_free(), cs_winkernel_malloc(), and NULL.

◆ cs_winkernel_vsnprintf()

int CAPSTONE_API cs_winkernel_vsnprintf ( char *  buffer,
size_t  count,
const char *  format,
va_list  argptr 
)

Definition at line 99 of file winkernel_mm.c.

100 {
101  int result = _vsnprintf(buffer, count, format, argptr);
102 
103  // _vsnprintf() returns -1 when a string is truncated, and returns "count"
104  // when an entire string is stored but without '\0' at the end of "buffer".
105  // In both cases, null-terminator needs to be added manually.
106  if (result == -1 || (size_t)result == count) {
107  buffer[count - 1] = '\0';
108  }
109 
110  if (result == -1) {
111  // In case when -1 is returned, the function has to get and return a number
112  // of characters that would have been written. This attempts so by retrying
113  // the same conversion with temp buffer that is most likely big enough to
114  // complete formatting and get a number of characters that would have been
115  // written.
116  char* tmp = cs_winkernel_malloc(0x1000);
117  if (!tmp) {
118  return result;
119  }
120 
121  result = _vsnprintf(tmp, 0x1000, format, argptr);
122  NT_ASSERT(result != -1);
124  }
125 
126  return result;
127 }
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void count
Definition: sflib.h:98
Definition: buffer.h:15

References count, cs_winkernel_free(), cs_winkernel_malloc(), and autogen_x86imm::tmp.

Variable Documentation

◆ CS_WINKERNEL_POOL_TAG

const ULONG CS_WINKERNEL_POOL_TAG = 'kwsC'
static

Definition at line 9 of file winkernel_mm.c.

Referenced by cs_winkernel_free(), and cs_winkernel_malloc().