1 /* 2 * PROJECT: ReactOS Kernel 3 * LICENSE: GPL - See COPYING in the top level directory 4 * FILE: ntoskrnl/io/iomgr/driver.c 5 * PURPOSE: Driver Object Management 6 * PROGRAMMERS: Alex Ionescu (alex.ionescu@reactos.org) 7 * Filip Navara (navaraf@reactos.org) 8 * Herv� Poussineau (hpoussin@reactos.org) 9 */ 10 11 /* INCLUDES *******************************************************************/ 12 13 #include <ntoskrnl.h> 14 #define NDEBUG 15 #include <debug.h> 16 17 /* GLOBALS ********************************************************************/ 18 19 ERESOURCE IopDriverLoadResource; 20 21 LIST_ENTRY DriverReinitListHead; 22 KSPIN_LOCK DriverReinitListLock; 23 PLIST_ENTRY DriverReinitTailEntry; 24 25 PLIST_ENTRY DriverBootReinitTailEntry; 26 LIST_ENTRY DriverBootReinitListHead; 27 KSPIN_LOCK DriverBootReinitListLock; 28 29 UNICODE_STRING IopHardwareDatabaseKey = 30 RTL_CONSTANT_STRING(L"\\REGISTRY\\MACHINE\\HARDWARE\\DESCRIPTION\\SYSTEM"); 31 32 POBJECT_TYPE IoDriverObjectType = NULL; 33 34 #define TAG_RTLREGISTRY 'vrqR' 35 36 extern BOOLEAN ExpInTextModeSetup; 37 extern BOOLEAN PnpSystemInit; 38 39 USHORT IopGroupIndex; 40 PLIST_ENTRY IopGroupTable; 41 42 /* PRIVATE FUNCTIONS **********************************************************/ 43 44 NTSTATUS 45 NTAPI 46 IopInvalidDeviceRequest( 47 PDEVICE_OBJECT DeviceObject, 48 PIRP Irp) 49 { 50 Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST; 51 Irp->IoStatus.Information = 0; 52 IoCompleteRequest(Irp, IO_NO_INCREMENT); 53 return STATUS_INVALID_DEVICE_REQUEST; 54 } 55 56 VOID 57 NTAPI 58 IopDeleteDriver(IN PVOID ObjectBody) 59 { 60 PDRIVER_OBJECT DriverObject = ObjectBody; 61 PIO_CLIENT_EXTENSION DriverExtension, NextDriverExtension; 62 PAGED_CODE(); 63 64 DPRINT1("Deleting driver object '%wZ'\n", &DriverObject->DriverName); 65 66 /* There must be no device objects remaining at this point */ 67 ASSERT(!DriverObject->DeviceObject); 68 69 /* Get the extension and loop them */ 70 DriverExtension = IoGetDrvObjExtension(DriverObject)->ClientDriverExtension; 71 while (DriverExtension) 72 { 73 /* Get the next one */ 74 NextDriverExtension = DriverExtension->NextExtension; 75 ExFreePoolWithTag(DriverExtension, TAG_DRIVER_EXTENSION); 76 77 /* Move on */ 78 DriverExtension = NextDriverExtension; 79 } 80 81 /* Check if the driver image is still loaded */ 82 if (DriverObject->DriverSection) 83 { 84 /* Unload it */ 85 MmUnloadSystemImage(DriverObject->DriverSection); 86 } 87 88 /* Check if it has a name */ 89 if (DriverObject->DriverName.Buffer) 90 { 91 /* Free it */ 92 ExFreePool(DriverObject->DriverName.Buffer); 93 } 94 95 /* Check if it has a service key name */ 96 if (DriverObject->DriverExtension->ServiceKeyName.Buffer) 97 { 98 /* Free it */ 99 ExFreePool(DriverObject->DriverExtension->ServiceKeyName.Buffer); 100 } 101 } 102 103 NTSTATUS 104 FASTCALL 105 IopGetDriverObject( 106 PDRIVER_OBJECT *DriverObject, 107 PUNICODE_STRING ServiceName, 108 BOOLEAN FileSystem) 109 { 110 PDRIVER_OBJECT Object; 111 WCHAR NameBuffer[MAX_PATH]; 112 UNICODE_STRING DriverName; 113 NTSTATUS Status; 114 115 DPRINT("IopGetDriverObject(%p '%wZ' %x)\n", 116 DriverObject, ServiceName, FileSystem); 117 118 ASSERT(ExIsResourceAcquiredExclusiveLite(&IopDriverLoadResource)); 119 *DriverObject = NULL; 120 121 /* Create ModuleName string */ 122 if (ServiceName == NULL || ServiceName->Buffer == NULL) 123 /* We don't know which DriverObject we have to open */ 124 return STATUS_INVALID_PARAMETER_2; 125 126 DriverName.Buffer = NameBuffer; 127 DriverName.Length = 0; 128 DriverName.MaximumLength = sizeof(NameBuffer); 129 130 if (FileSystem != FALSE) 131 RtlAppendUnicodeToString(&DriverName, FILESYSTEM_ROOT_NAME); 132 else 133 RtlAppendUnicodeToString(&DriverName, DRIVER_ROOT_NAME); 134 RtlAppendUnicodeStringToString(&DriverName, ServiceName); 135 136 DPRINT("Driver name: '%wZ'\n", &DriverName); 137 138 /* Open driver object */ 139 Status = ObReferenceObjectByName(&DriverName, 140 OBJ_OPENIF | OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, /* Attributes */ 141 NULL, /* PassedAccessState */ 142 0, /* DesiredAccess */ 143 IoDriverObjectType, 144 KernelMode, 145 NULL, /* ParseContext */ 146 (PVOID*)&Object); 147 if (!NT_SUCCESS(Status)) 148 { 149 DPRINT("Failed to reference driver object, status=0x%08x\n", Status); 150 return Status; 151 } 152 153 *DriverObject = Object; 154 155 DPRINT("Driver Object: %p\n", Object); 156 157 return STATUS_SUCCESS; 158 } 159 160 /* 161 * RETURNS 162 * TRUE if String2 contains String1 as a suffix. 163 */ 164 BOOLEAN 165 NTAPI 166 IopSuffixUnicodeString( 167 IN PCUNICODE_STRING String1, 168 IN PCUNICODE_STRING String2) 169 { 170 PWCHAR pc1; 171 PWCHAR pc2; 172 ULONG Length; 173 174 if (String2->Length < String1->Length) 175 return FALSE; 176 177 Length = String1->Length / 2; 178 pc1 = String1->Buffer; 179 pc2 = &String2->Buffer[String2->Length / sizeof(WCHAR) - Length]; 180 181 if (pc1 && pc2) 182 { 183 while (Length--) 184 { 185 if( *pc1++ != *pc2++ ) 186 return FALSE; 187 } 188 return TRUE; 189 } 190 return FALSE; 191 } 192 193 /* 194 * IopDisplayLoadingMessage 195 * 196 * Display 'Loading XXX...' message. 197 */ 198 VOID 199 FASTCALL 200 IopDisplayLoadingMessage(PUNICODE_STRING ServiceName) 201 { 202 CHAR TextBuffer[256]; 203 UNICODE_STRING DotSys = RTL_CONSTANT_STRING(L".SYS"); 204 205 if (ExpInTextModeSetup) return; 206 if (!KeLoaderBlock) return; 207 RtlUpcaseUnicodeString(ServiceName, ServiceName, FALSE); 208 snprintf(TextBuffer, sizeof(TextBuffer), 209 "%s%sSystem32\\Drivers\\%wZ%s\r\n", 210 KeLoaderBlock->ArcBootDeviceName, 211 KeLoaderBlock->NtBootPathName, 212 ServiceName, 213 IopSuffixUnicodeString(&DotSys, ServiceName) ? "" : ".SYS"); 214 HalDisplayString(TextBuffer); 215 } 216 217 /* 218 * IopNormalizeImagePath 219 * 220 * Normalize an image path to contain complete path. 221 * 222 * Parameters 223 * ImagePath 224 * The input path and on exit the result path. ImagePath.Buffer 225 * must be allocated by ExAllocatePool on input. Caller is responsible 226 * for freeing the buffer when it's no longer needed. 227 * 228 * ServiceName 229 * Name of the service that ImagePath belongs to. 230 * 231 * Return Value 232 * Status 233 * 234 * Remarks 235 * The input image path isn't freed on error. 236 */ 237 NTSTATUS 238 FASTCALL 239 IopNormalizeImagePath( 240 _Inout_ _When_(return>=0, _At_(ImagePath->Buffer, _Post_notnull_ __drv_allocatesMem(Mem))) 241 PUNICODE_STRING ImagePath, 242 _In_ PUNICODE_STRING ServiceName) 243 { 244 UNICODE_STRING SystemRootString = RTL_CONSTANT_STRING(L"\\SystemRoot\\"); 245 UNICODE_STRING DriversPathString = RTL_CONSTANT_STRING(L"\\SystemRoot\\System32\\drivers\\"); 246 UNICODE_STRING DotSysString = RTL_CONSTANT_STRING(L".sys"); 247 UNICODE_STRING InputImagePath; 248 249 DPRINT("Normalizing image path '%wZ' for service '%wZ'\n", ImagePath, ServiceName); 250 251 InputImagePath = *ImagePath; 252 if (InputImagePath.Length == 0) 253 { 254 ImagePath->Length = 0; 255 ImagePath->MaximumLength = DriversPathString.Length + 256 ServiceName->Length + 257 DotSysString.Length + 258 sizeof(UNICODE_NULL); 259 ImagePath->Buffer = ExAllocatePoolWithTag(NonPagedPool, 260 ImagePath->MaximumLength, 261 TAG_IO); 262 if (ImagePath->Buffer == NULL) 263 return STATUS_NO_MEMORY; 264 265 RtlCopyUnicodeString(ImagePath, &DriversPathString); 266 RtlAppendUnicodeStringToString(ImagePath, ServiceName); 267 RtlAppendUnicodeStringToString(ImagePath, &DotSysString); 268 } 269 else if (InputImagePath.Buffer[0] != L'\\') 270 { 271 ImagePath->Length = 0; 272 ImagePath->MaximumLength = SystemRootString.Length + 273 InputImagePath.Length + 274 sizeof(UNICODE_NULL); 275 ImagePath->Buffer = ExAllocatePoolWithTag(NonPagedPool, 276 ImagePath->MaximumLength, 277 TAG_IO); 278 if (ImagePath->Buffer == NULL) 279 return STATUS_NO_MEMORY; 280 281 RtlCopyUnicodeString(ImagePath, &SystemRootString); 282 RtlAppendUnicodeStringToString(ImagePath, &InputImagePath); 283 284 /* Free caller's string */ 285 ExFreePoolWithTag(InputImagePath.Buffer, TAG_RTLREGISTRY); 286 } 287 288 DPRINT("Normalized image path is '%wZ' for service '%wZ'\n", ImagePath, ServiceName); 289 290 return STATUS_SUCCESS; 291 } 292 293 /* 294 * IopLoadServiceModule 295 * 296 * Load a module specified by registry settings for service. 297 * 298 * Parameters 299 * ServiceName 300 * Name of the service to load. 301 * 302 * Return Value 303 * Status 304 */ 305 NTSTATUS 306 FASTCALL 307 IopLoadServiceModule( 308 IN PUNICODE_STRING ServiceName, 309 OUT PLDR_DATA_TABLE_ENTRY *ModuleObject) 310 { 311 RTL_QUERY_REGISTRY_TABLE QueryTable[3]; 312 ULONG ServiceStart; 313 UNICODE_STRING ServiceImagePath, CCSName; 314 NTSTATUS Status; 315 HANDLE CCSKey, ServiceKey; 316 PVOID BaseAddress; 317 318 ASSERT(ExIsResourceAcquiredExclusiveLite(&IopDriverLoadResource)); 319 ASSERT(ServiceName->Length); 320 DPRINT("IopLoadServiceModule(%wZ, 0x%p)\n", ServiceName, ModuleObject); 321 322 if (ExpInTextModeSetup) 323 { 324 /* We have no registry, but luckily we know where all the drivers are */ 325 DPRINT1("IopLoadServiceModule(%wZ, 0x%p) called in ExpInTextModeSetup mode...\n", ServiceName, ModuleObject); 326 327 /* ServiceStart < 4 is all that matters */ 328 ServiceStart = 0; 329 330 /* IopNormalizeImagePath will do all of the work for us if we give it an empty string */ 331 RtlInitEmptyUnicodeString(&ServiceImagePath, NULL, 0); 332 } 333 else 334 { 335 /* Open CurrentControlSet */ 336 RtlInitUnicodeString(&CCSName, 337 L"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services"); 338 Status = IopOpenRegistryKeyEx(&CCSKey, NULL, &CCSName, KEY_READ); 339 if (!NT_SUCCESS(Status)) 340 { 341 DPRINT1("IopOpenRegistryKeyEx() failed for '%wZ' with status 0x%lx\n", 342 &CCSName, Status); 343 return Status; 344 } 345 346 /* Open service key */ 347 Status = IopOpenRegistryKeyEx(&ServiceKey, CCSKey, ServiceName, KEY_READ); 348 if (!NT_SUCCESS(Status)) 349 { 350 DPRINT1("IopOpenRegistryKeyEx() failed for '%wZ' with status 0x%lx\n", 351 ServiceName, Status); 352 ZwClose(CCSKey); 353 return Status; 354 } 355 356 /* 357 * Get information about the service. 358 */ 359 RtlZeroMemory(QueryTable, sizeof(QueryTable)); 360 361 RtlInitUnicodeString(&ServiceImagePath, NULL); 362 363 QueryTable[0].Name = L"Start"; 364 QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT; 365 QueryTable[0].EntryContext = &ServiceStart; 366 367 QueryTable[1].Name = L"ImagePath"; 368 QueryTable[1].Flags = RTL_QUERY_REGISTRY_DIRECT; 369 QueryTable[1].EntryContext = &ServiceImagePath; 370 371 Status = RtlQueryRegistryValues(RTL_REGISTRY_HANDLE, 372 (PWSTR)ServiceKey, 373 QueryTable, 374 NULL, 375 NULL); 376 377 ZwClose(ServiceKey); 378 ZwClose(CCSKey); 379 380 if (!NT_SUCCESS(Status)) 381 { 382 DPRINT1("RtlQueryRegistryValues() failed (Status %x)\n", Status); 383 return Status; 384 } 385 } 386 387 /* 388 * Normalize the image path for all later processing. 389 */ 390 Status = IopNormalizeImagePath(&ServiceImagePath, ServiceName); 391 392 if (!NT_SUCCESS(Status)) 393 { 394 DPRINT("IopNormalizeImagePath() failed (Status %x)\n", Status); 395 return Status; 396 } 397 398 /* 399 * Case for disabled drivers 400 */ 401 if (ServiceStart >= 4) 402 { 403 /* We can't load this */ 404 Status = STATUS_DRIVER_UNABLE_TO_LOAD; 405 } 406 else 407 { 408 DPRINT("Loading module from %wZ\n", &ServiceImagePath); 409 Status = MmLoadSystemImage(&ServiceImagePath, NULL, NULL, 0, (PVOID)ModuleObject, &BaseAddress); 410 if (NT_SUCCESS(Status)) 411 { 412 IopDisplayLoadingMessage(ServiceName); 413 } 414 } 415 416 ExFreePool(ServiceImagePath.Buffer); 417 418 /* 419 * Now check if the module was loaded successfully. 420 */ 421 if (!NT_SUCCESS(Status)) 422 { 423 DPRINT("Module loading failed (Status %x)\n", Status); 424 } 425 426 DPRINT("Module loading (Status %x)\n", Status); 427 428 return Status; 429 } 430 431 VOID 432 NTAPI 433 MmFreeDriverInitialization(IN PLDR_DATA_TABLE_ENTRY LdrEntry); 434 435 /* 436 * IopInitializeDriverModule 437 * 438 * Initialize a loaded driver. 439 * 440 * Parameters 441 * DeviceNode 442 * Pointer to device node. 443 * 444 * ModuleObject 445 * Module object representing the driver. It can be retrieve by 446 * IopLoadServiceModule. 447 * 448 * ServiceName 449 * Name of the service (as in registry). 450 * 451 * FileSystemDriver 452 * Set to TRUE for file system drivers. 453 * 454 * DriverObject 455 * On successful return this contains the driver object representing 456 * the loaded driver. 457 */ 458 NTSTATUS 459 FASTCALL 460 IopInitializeDriverModule( 461 IN PDEVICE_NODE DeviceNode, 462 IN PLDR_DATA_TABLE_ENTRY ModuleObject, 463 IN PUNICODE_STRING ServiceName, 464 IN BOOLEAN FileSystemDriver, 465 OUT PDRIVER_OBJECT *DriverObject) 466 { 467 static const WCHAR ServicesKeyName[] = L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\"; 468 UNICODE_STRING DriverName; 469 UNICODE_STRING RegistryKey; 470 PDRIVER_INITIALIZE DriverEntry; 471 PDRIVER_OBJECT Driver; 472 NTSTATUS Status; 473 474 DriverEntry = ModuleObject->EntryPoint; 475 476 if (ServiceName != NULL && ServiceName->Length != 0) 477 { 478 RegistryKey.Length = 0; 479 RegistryKey.MaximumLength = sizeof(ServicesKeyName) + ServiceName->Length; 480 RegistryKey.Buffer = ExAllocatePoolWithTag(PagedPool, 481 RegistryKey.MaximumLength, 482 TAG_IO); 483 if (RegistryKey.Buffer == NULL) 484 { 485 return STATUS_INSUFFICIENT_RESOURCES; 486 } 487 RtlAppendUnicodeToString(&RegistryKey, ServicesKeyName); 488 RtlAppendUnicodeStringToString(&RegistryKey, ServiceName); 489 } 490 else 491 { 492 RtlInitEmptyUnicodeString(&RegistryKey, NULL, 0); 493 } 494 495 /* Create ModuleName string */ 496 if (ServiceName && ServiceName->Length > 0) 497 { 498 DriverName.Length = 0; 499 DriverName.MaximumLength = sizeof(FILESYSTEM_ROOT_NAME) + ServiceName->Length; 500 DriverName.Buffer = ExAllocatePoolWithTag(PagedPool, 501 DriverName.MaximumLength, 502 TAG_IO); 503 if (DriverName.Buffer == NULL) 504 { 505 RtlFreeUnicodeString(&RegistryKey); 506 return STATUS_INSUFFICIENT_RESOURCES; 507 } 508 509 if (FileSystemDriver != FALSE) 510 RtlAppendUnicodeToString(&DriverName, FILESYSTEM_ROOT_NAME); 511 else 512 RtlAppendUnicodeToString(&DriverName, DRIVER_ROOT_NAME); 513 RtlAppendUnicodeStringToString(&DriverName, ServiceName); 514 515 DPRINT("Driver name: '%wZ'\n", &DriverName); 516 } 517 else 518 { 519 RtlInitEmptyUnicodeString(&DriverName, NULL, 0); 520 } 521 522 Status = IopCreateDriver(DriverName.Length > 0 ? &DriverName : NULL, 523 DriverEntry, 524 &RegistryKey, 525 ServiceName, 526 ModuleObject, 527 &Driver); 528 RtlFreeUnicodeString(&RegistryKey); 529 RtlFreeUnicodeString(&DriverName); 530 531 if (!NT_SUCCESS(Status)) 532 { 533 DPRINT("IopCreateDriver() failed (Status 0x%08lx)\n", Status); 534 return Status; 535 } 536 537 *DriverObject = Driver; 538 539 MmFreeDriverInitialization((PLDR_DATA_TABLE_ENTRY)Driver->DriverSection); 540 541 /* Set the driver as initialized */ 542 IopReadyDeviceObjects(Driver); 543 544 if (PnpSystemInit) IopReinitializeDrivers(); 545 546 return STATUS_SUCCESS; 547 } 548 549 /* 550 * IopAttachFilterDriversCallback 551 * 552 * Internal routine used by IopAttachFilterDrivers. 553 */ 554 NTSTATUS 555 NTAPI 556 IopAttachFilterDriversCallback( 557 PWSTR ValueName, 558 ULONG ValueType, 559 PVOID ValueData, 560 ULONG ValueLength, 561 PVOID Context, 562 PVOID EntryContext) 563 { 564 PDEVICE_NODE DeviceNode = Context; 565 UNICODE_STRING ServiceName; 566 PWCHAR Filters; 567 PLDR_DATA_TABLE_ENTRY ModuleObject; 568 PDRIVER_OBJECT DriverObject; 569 NTSTATUS Status; 570 571 /* No filter value present */ 572 if (ValueType == REG_NONE) 573 return STATUS_SUCCESS; 574 575 for (Filters = ValueData; 576 ((ULONG_PTR)Filters - (ULONG_PTR)ValueData) < ValueLength && 577 *Filters != 0; 578 Filters += (ServiceName.Length / sizeof(WCHAR)) + 1) 579 { 580 DPRINT("Filter Driver: %S (%wZ)\n", Filters, &DeviceNode->InstancePath); 581 582 ServiceName.Buffer = Filters; 583 ServiceName.MaximumLength = 584 ServiceName.Length = (USHORT)wcslen(Filters) * sizeof(WCHAR); 585 586 KeEnterCriticalRegion(); 587 ExAcquireResourceExclusiveLite(&IopDriverLoadResource, TRUE); 588 Status = IopGetDriverObject(&DriverObject, 589 &ServiceName, 590 FALSE); 591 if (!NT_SUCCESS(Status)) 592 { 593 /* Load and initialize the filter driver */ 594 Status = IopLoadServiceModule(&ServiceName, &ModuleObject); 595 if (!NT_SUCCESS(Status)) 596 { 597 ExReleaseResourceLite(&IopDriverLoadResource); 598 KeLeaveCriticalRegion(); 599 return Status; 600 } 601 602 Status = IopInitializeDriverModule(DeviceNode, 603 ModuleObject, 604 &ServiceName, 605 FALSE, 606 &DriverObject); 607 if (!NT_SUCCESS(Status)) 608 { 609 ExReleaseResourceLite(&IopDriverLoadResource); 610 KeLeaveCriticalRegion(); 611 return Status; 612 } 613 } 614 615 ExReleaseResourceLite(&IopDriverLoadResource); 616 KeLeaveCriticalRegion(); 617 618 Status = IopInitializeDevice(DeviceNode, DriverObject); 619 620 /* Remove extra reference */ 621 ObDereferenceObject(DriverObject); 622 623 if (!NT_SUCCESS(Status)) 624 return Status; 625 } 626 627 return STATUS_SUCCESS; 628 } 629 630 /* 631 * IopAttachFilterDrivers 632 * 633 * Load filter drivers for specified device node. 634 * 635 * Parameters 636 * Lower 637 * Set to TRUE for loading lower level filters or FALSE for upper 638 * level filters. 639 */ 640 NTSTATUS 641 FASTCALL 642 IopAttachFilterDrivers( 643 PDEVICE_NODE DeviceNode, 644 HANDLE EnumSubKey, 645 HANDLE ClassKey, 646 BOOLEAN Lower) 647 { 648 RTL_QUERY_REGISTRY_TABLE QueryTable[2] = { { NULL, 0, NULL, NULL, 0, NULL, 0 }, }; 649 NTSTATUS Status; 650 651 /* 652 * First load the device filters 653 */ 654 QueryTable[0].QueryRoutine = IopAttachFilterDriversCallback; 655 if (Lower) 656 QueryTable[0].Name = L"LowerFilters"; 657 else 658 QueryTable[0].Name = L"UpperFilters"; 659 QueryTable[0].Flags = 0; 660 QueryTable[0].DefaultType = REG_NONE; 661 662 Status = RtlQueryRegistryValues(RTL_REGISTRY_HANDLE, 663 (PWSTR)EnumSubKey, 664 QueryTable, 665 DeviceNode, 666 NULL); 667 if (!NT_SUCCESS(Status)) 668 { 669 DPRINT1("Failed to load device %s filters: %08X\n", 670 Lower ? "lower" : "upper", Status); 671 return Status; 672 } 673 674 QueryTable[0].QueryRoutine = IopAttachFilterDriversCallback; 675 if (Lower) 676 QueryTable[0].Name = L"LowerFilters"; 677 else 678 QueryTable[0].Name = L"UpperFilters"; 679 QueryTable[0].EntryContext = NULL; 680 QueryTable[0].Flags = 0; 681 QueryTable[0].DefaultType = REG_NONE; 682 683 if (ClassKey == NULL) 684 { 685 return STATUS_SUCCESS; 686 } 687 688 Status = RtlQueryRegistryValues(RTL_REGISTRY_HANDLE, 689 (PWSTR)ClassKey, 690 QueryTable, 691 DeviceNode, 692 NULL); 693 694 if (!NT_SUCCESS(Status)) 695 { 696 DPRINT1("Failed to load class %s filters: %08X\n", 697 Lower ? "lower" : "upper", Status); 698 return Status; 699 } 700 701 return STATUS_SUCCESS; 702 } 703 704 NTSTATUS 705 NTAPI 706 MiResolveImageReferences(IN PVOID ImageBase, 707 IN PUNICODE_STRING ImageFileDirectory, 708 IN PUNICODE_STRING NamePrefix OPTIONAL, 709 OUT PCHAR *MissingApi, 710 OUT PWCHAR *MissingDriver, 711 OUT PLOAD_IMPORTS *LoadImports); 712 713 // 714 // Used for images already loaded (boot drivers) 715 // 716 INIT_FUNCTION 717 NTSTATUS 718 NTAPI 719 LdrProcessDriverModule(PLDR_DATA_TABLE_ENTRY LdrEntry, 720 PUNICODE_STRING FileName, 721 PLDR_DATA_TABLE_ENTRY *ModuleObject) 722 { 723 NTSTATUS Status; 724 UNICODE_STRING BaseName, BaseDirectory; 725 PLOAD_IMPORTS LoadedImports = (PVOID)-2; 726 PCHAR MissingApiName, Buffer; 727 PWCHAR MissingDriverName; 728 PVOID DriverBase = LdrEntry->DllBase; 729 730 /* Allocate a buffer we'll use for names */ 731 Buffer = ExAllocatePoolWithTag(NonPagedPool, MAX_PATH, TAG_LDR_WSTR); 732 if (!Buffer) 733 { 734 /* Fail */ 735 return STATUS_INSUFFICIENT_RESOURCES; 736 } 737 738 /* Check for a separator */ 739 if (FileName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR) 740 { 741 PWCHAR p; 742 ULONG BaseLength; 743 744 /* Loop the path until we get to the base name */ 745 p = &FileName->Buffer[FileName->Length / sizeof(WCHAR)]; 746 while (*(p - 1) != OBJ_NAME_PATH_SEPARATOR) p--; 747 748 /* Get the length */ 749 BaseLength = (ULONG)(&FileName->Buffer[FileName->Length / sizeof(WCHAR)] - p); 750 BaseLength *= sizeof(WCHAR); 751 752 /* Setup the string */ 753 BaseName.Length = (USHORT)BaseLength; 754 BaseName.Buffer = p; 755 } 756 else 757 { 758 /* Otherwise, we already have a base name */ 759 BaseName.Length = FileName->Length; 760 BaseName.Buffer = FileName->Buffer; 761 } 762 763 /* Setup the maximum length */ 764 BaseName.MaximumLength = BaseName.Length; 765 766 /* Now compute the base directory */ 767 BaseDirectory = *FileName; 768 BaseDirectory.Length -= BaseName.Length; 769 BaseDirectory.MaximumLength = BaseDirectory.Length; 770 771 /* Resolve imports */ 772 MissingApiName = Buffer; 773 Status = MiResolveImageReferences(DriverBase, 774 &BaseDirectory, 775 NULL, 776 &MissingApiName, 777 &MissingDriverName, 778 &LoadedImports); 779 780 /* Free the temporary buffer */ 781 ExFreePoolWithTag(Buffer, TAG_LDR_WSTR); 782 783 /* Check the result of the imports resolution */ 784 if (!NT_SUCCESS(Status)) return Status; 785 786 /* Return */ 787 *ModuleObject = LdrEntry; 788 return STATUS_SUCCESS; 789 } 790 791 /* 792 * IopInitializeBuiltinDriver 793 * 794 * Initialize a driver that is already loaded in memory. 795 */ 796 INIT_FUNCTION 797 NTSTATUS 798 NTAPI 799 IopInitializeBuiltinDriver(IN PLDR_DATA_TABLE_ENTRY BootLdrEntry) 800 { 801 PDEVICE_NODE DeviceNode; 802 PDRIVER_OBJECT DriverObject; 803 NTSTATUS Status; 804 PWCHAR Buffer, FileNameWithoutPath; 805 PWSTR FileExtension; 806 PUNICODE_STRING ModuleName = &BootLdrEntry->BaseDllName; 807 PLDR_DATA_TABLE_ENTRY LdrEntry; 808 PLIST_ENTRY NextEntry; 809 UNICODE_STRING ServiceName; 810 BOOLEAN Success; 811 812 /* 813 * Display 'Loading XXX...' message 814 */ 815 IopDisplayLoadingMessage(ModuleName); 816 InbvIndicateProgress(); 817 818 Buffer = ExAllocatePoolWithTag(PagedPool, 819 ModuleName->Length + sizeof(UNICODE_NULL), 820 TAG_IO); 821 if (Buffer == NULL) 822 { 823 return STATUS_INSUFFICIENT_RESOURCES; 824 } 825 826 RtlCopyMemory(Buffer, ModuleName->Buffer, ModuleName->Length); 827 Buffer[ModuleName->Length / sizeof(WCHAR)] = UNICODE_NULL; 828 829 /* 830 * Generate filename without path (not needed by freeldr) 831 */ 832 FileNameWithoutPath = wcsrchr(Buffer, L'\\'); 833 if (FileNameWithoutPath == NULL) 834 { 835 FileNameWithoutPath = Buffer; 836 } 837 else 838 { 839 FileNameWithoutPath++; 840 } 841 842 /* 843 * Strip the file extension from ServiceName 844 */ 845 Success = RtlCreateUnicodeString(&ServiceName, FileNameWithoutPath); 846 ExFreePoolWithTag(Buffer, TAG_IO); 847 if (!Success) 848 { 849 return STATUS_INSUFFICIENT_RESOURCES; 850 } 851 852 FileExtension = wcsrchr(ServiceName.Buffer, L'.'); 853 if (FileExtension != NULL) 854 { 855 ServiceName.Length -= (USHORT)wcslen(FileExtension) * sizeof(WCHAR); 856 FileExtension[0] = UNICODE_NULL; 857 } 858 859 /* 860 * Determine the right device object 861 */ 862 /* Use IopRootDeviceNode for now */ 863 Status = IopCreateDeviceNode(IopRootDeviceNode, 864 NULL, 865 &ServiceName, 866 &DeviceNode); 867 RtlFreeUnicodeString(&ServiceName); 868 if (!NT_SUCCESS(Status)) 869 { 870 DPRINT1("Driver '%wZ' load failed, status (%x)\n", ModuleName, Status); 871 return Status; 872 } 873 874 /* Lookup the new Ldr entry in PsLoadedModuleList */ 875 NextEntry = PsLoadedModuleList.Flink; 876 while (NextEntry != &PsLoadedModuleList) 877 { 878 LdrEntry = CONTAINING_RECORD(NextEntry, 879 LDR_DATA_TABLE_ENTRY, 880 InLoadOrderLinks); 881 if (RtlEqualUnicodeString(ModuleName, &LdrEntry->BaseDllName, TRUE)) 882 { 883 break; 884 } 885 886 NextEntry = NextEntry->Flink; 887 } 888 ASSERT(NextEntry != &PsLoadedModuleList); 889 890 /* 891 * Initialize the driver 892 */ 893 Status = IopInitializeDriverModule(DeviceNode, 894 LdrEntry, 895 &DeviceNode->ServiceName, 896 FALSE, 897 &DriverObject); 898 899 if (!NT_SUCCESS(Status)) 900 { 901 return Status; 902 } 903 904 Status = IopInitializeDevice(DeviceNode, DriverObject); 905 if (NT_SUCCESS(Status)) 906 { 907 Status = IopStartDevice(DeviceNode); 908 } 909 910 /* Remove extra reference from IopInitializeDriverModule */ 911 ObDereferenceObject(DriverObject); 912 913 return Status; 914 } 915 916 /* 917 * IopInitializeBootDrivers 918 * 919 * Initialize boot drivers and free memory for boot files. 920 * 921 * Parameters 922 * None 923 * 924 * Return Value 925 * None 926 */ 927 INIT_FUNCTION 928 VOID 929 FASTCALL 930 IopInitializeBootDrivers(VOID) 931 { 932 PLIST_ENTRY ListHead, NextEntry, NextEntry2; 933 PLDR_DATA_TABLE_ENTRY LdrEntry; 934 PDEVICE_NODE DeviceNode; 935 PDRIVER_OBJECT DriverObject; 936 LDR_DATA_TABLE_ENTRY ModuleObject; 937 NTSTATUS Status; 938 UNICODE_STRING DriverName; 939 ULONG i, Index; 940 PDRIVER_INFORMATION DriverInfo, DriverInfoTag; 941 HANDLE KeyHandle; 942 PBOOT_DRIVER_LIST_ENTRY BootEntry; 943 DPRINT("IopInitializeBootDrivers()\n"); 944 945 /* Use IopRootDeviceNode for now */ 946 Status = IopCreateDeviceNode(IopRootDeviceNode, NULL, NULL, &DeviceNode); 947 if (!NT_SUCCESS(Status)) return; 948 949 /* Setup the module object for the RAW FS Driver */ 950 ModuleObject.DllBase = NULL; 951 ModuleObject.SizeOfImage = 0; 952 ModuleObject.EntryPoint = RawFsDriverEntry; 953 RtlInitUnicodeString(&DriverName, L"RAW"); 954 955 /* Initialize it */ 956 Status = IopInitializeDriverModule(DeviceNode, 957 &ModuleObject, 958 &DriverName, 959 TRUE, 960 &DriverObject); 961 if (!NT_SUCCESS(Status)) 962 { 963 /* Fail */ 964 return; 965 } 966 967 /* Now initialize the associated device */ 968 Status = IopInitializeDevice(DeviceNode, DriverObject); 969 if (!NT_SUCCESS(Status)) 970 { 971 /* Fail */ 972 ObDereferenceObject(DriverObject); 973 return; 974 } 975 976 /* Start it up */ 977 Status = IopStartDevice(DeviceNode); 978 if (!NT_SUCCESS(Status)) 979 { 980 /* Fail */ 981 ObDereferenceObject(DriverObject); 982 return; 983 } 984 985 /* Get highest group order index */ 986 IopGroupIndex = PpInitGetGroupOrderIndex(NULL); 987 if (IopGroupIndex == 0xFFFF) ASSERT(FALSE); 988 989 /* Allocate the group table */ 990 IopGroupTable = ExAllocatePoolWithTag(PagedPool, 991 IopGroupIndex * sizeof(LIST_ENTRY), 992 TAG_IO); 993 if (IopGroupTable == NULL) ASSERT(FALSE); 994 995 /* Initialize the group table lists */ 996 for (i = 0; i < IopGroupIndex; i++) InitializeListHead(&IopGroupTable[i]); 997 998 /* Loop the boot modules */ 999 ListHead = &KeLoaderBlock->LoadOrderListHead; 1000 NextEntry = ListHead->Flink; 1001 while (ListHead != NextEntry) 1002 { 1003 /* Get the entry */ 1004 LdrEntry = CONTAINING_RECORD(NextEntry, 1005 LDR_DATA_TABLE_ENTRY, 1006 InLoadOrderLinks); 1007 1008 /* Check if the DLL needs to be initialized */ 1009 if (LdrEntry->Flags & LDRP_DRIVER_DEPENDENT_DLL) 1010 { 1011 /* Call its entrypoint */ 1012 MmCallDllInitialize(LdrEntry, NULL); 1013 } 1014 1015 /* Go to the next driver */ 1016 NextEntry = NextEntry->Flink; 1017 } 1018 1019 /* Loop the boot drivers */ 1020 ListHead = &KeLoaderBlock->BootDriverListHead; 1021 NextEntry = ListHead->Flink; 1022 while (ListHead != NextEntry) 1023 { 1024 /* Get the entry */ 1025 BootEntry = CONTAINING_RECORD(NextEntry, 1026 BOOT_DRIVER_LIST_ENTRY, 1027 Link); 1028 1029 /* Get the driver loader entry */ 1030 LdrEntry = BootEntry->LdrEntry; 1031 1032 /* Allocate our internal accounting structure */ 1033 DriverInfo = ExAllocatePoolWithTag(PagedPool, 1034 sizeof(DRIVER_INFORMATION), 1035 TAG_IO); 1036 if (DriverInfo) 1037 { 1038 /* Zero it and initialize it */ 1039 RtlZeroMemory(DriverInfo, sizeof(DRIVER_INFORMATION)); 1040 InitializeListHead(&DriverInfo->Link); 1041 DriverInfo->DataTableEntry = BootEntry; 1042 1043 /* Open the registry key */ 1044 Status = IopOpenRegistryKeyEx(&KeyHandle, 1045 NULL, 1046 &BootEntry->RegistryPath, 1047 KEY_READ); 1048 DPRINT("IopOpenRegistryKeyEx(%wZ) returned 0x%08lx\n", &BootEntry->RegistryPath, Status); 1049 #if 0 1050 if (NT_SUCCESS(Status)) 1051 #else // Hack still needed... 1052 if ((NT_SUCCESS(Status)) || /* ReactOS HACK for SETUPLDR */ 1053 ((KeLoaderBlock->SetupLdrBlock) && ((KeyHandle = (PVOID)1)))) // yes, it's an assignment! 1054 #endif 1055 { 1056 /* Save the handle */ 1057 DriverInfo->ServiceHandle = KeyHandle; 1058 1059 /* Get the group oder index */ 1060 Index = PpInitGetGroupOrderIndex(KeyHandle); 1061 1062 /* Get the tag position */ 1063 DriverInfo->TagPosition = PipGetDriverTagPriority(KeyHandle); 1064 1065 /* Insert it into the list, at the right place */ 1066 ASSERT(Index < IopGroupIndex); 1067 NextEntry2 = IopGroupTable[Index].Flink; 1068 while (NextEntry2 != &IopGroupTable[Index]) 1069 { 1070 /* Get the driver info */ 1071 DriverInfoTag = CONTAINING_RECORD(NextEntry2, 1072 DRIVER_INFORMATION, 1073 Link); 1074 1075 /* Check if we found the right tag position */ 1076 if (DriverInfoTag->TagPosition > DriverInfo->TagPosition) 1077 { 1078 /* We're done */ 1079 break; 1080 } 1081 1082 /* Next entry */ 1083 NextEntry2 = NextEntry2->Flink; 1084 } 1085 1086 /* Insert us right before the next entry */ 1087 NextEntry2 = NextEntry2->Blink; 1088 InsertHeadList(NextEntry2, &DriverInfo->Link); 1089 } 1090 } 1091 1092 /* Go to the next driver */ 1093 NextEntry = NextEntry->Flink; 1094 } 1095 1096 /* Loop each group index */ 1097 for (i = 0; i < IopGroupIndex; i++) 1098 { 1099 /* Loop each group table */ 1100 NextEntry = IopGroupTable[i].Flink; 1101 while (NextEntry != &IopGroupTable[i]) 1102 { 1103 /* Get the entry */ 1104 DriverInfo = CONTAINING_RECORD(NextEntry, 1105 DRIVER_INFORMATION, 1106 Link); 1107 1108 /* Get the driver loader entry */ 1109 LdrEntry = DriverInfo->DataTableEntry->LdrEntry; 1110 1111 /* Initialize it */ 1112 IopInitializeBuiltinDriver(LdrEntry); 1113 1114 /* Next entry */ 1115 NextEntry = NextEntry->Flink; 1116 } 1117 } 1118 1119 /* In old ROS, the loader list became empty after this point. Simulate. */ 1120 InitializeListHead(&KeLoaderBlock->LoadOrderListHead); 1121 } 1122 1123 INIT_FUNCTION 1124 VOID 1125 FASTCALL 1126 IopInitializeSystemDrivers(VOID) 1127 { 1128 PUNICODE_STRING *DriverList, *SavedList; 1129 1130 /* No system drivers on the boot cd */ 1131 if (KeLoaderBlock->SetupLdrBlock) return; // ExpInTextModeSetup 1132 1133 /* Get the driver list */ 1134 SavedList = DriverList = CmGetSystemDriverList(); 1135 ASSERT(DriverList); 1136 1137 /* Loop it */ 1138 while (*DriverList) 1139 { 1140 /* Load the driver */ 1141 ZwLoadDriver(*DriverList); 1142 1143 /* Free the entry */ 1144 RtlFreeUnicodeString(*DriverList); 1145 ExFreePool(*DriverList); 1146 1147 /* Next entry */ 1148 InbvIndicateProgress(); 1149 DriverList++; 1150 } 1151 1152 /* Free the list */ 1153 ExFreePool(SavedList); 1154 } 1155 1156 /* 1157 * IopUnloadDriver 1158 * 1159 * Unloads a device driver. 1160 * 1161 * Parameters 1162 * DriverServiceName 1163 * Name of the service to unload (registry key). 1164 * 1165 * UnloadPnpDrivers 1166 * Whether to unload Plug & Plug or only legacy drivers. If this 1167 * parameter is set to FALSE, the routine will unload only legacy 1168 * drivers. 1169 * 1170 * Return Value 1171 * Status 1172 * 1173 * To do 1174 * Guard the whole function by SEH. 1175 */ 1176 1177 NTSTATUS NTAPI 1178 IopUnloadDriver(PUNICODE_STRING DriverServiceName, BOOLEAN UnloadPnpDrivers) 1179 { 1180 RTL_QUERY_REGISTRY_TABLE QueryTable[2]; 1181 UNICODE_STRING ImagePath; 1182 UNICODE_STRING ServiceName; 1183 UNICODE_STRING ObjectName; 1184 PDRIVER_OBJECT DriverObject; 1185 PDEVICE_OBJECT DeviceObject; 1186 PEXTENDED_DEVOBJ_EXTENSION DeviceExtension; 1187 NTSTATUS Status; 1188 PWSTR Start; 1189 BOOLEAN SafeToUnload = TRUE; 1190 KPROCESSOR_MODE PreviousMode; 1191 UNICODE_STRING CapturedServiceName; 1192 1193 PAGED_CODE(); 1194 1195 PreviousMode = ExGetPreviousMode(); 1196 1197 /* Need the appropriate priviliege */ 1198 if (!SeSinglePrivilegeCheck(SeLoadDriverPrivilege, PreviousMode)) 1199 { 1200 DPRINT1("No unload privilege!\n"); 1201 return STATUS_PRIVILEGE_NOT_HELD; 1202 } 1203 1204 /* Capture the service name */ 1205 Status = ProbeAndCaptureUnicodeString(&CapturedServiceName, PreviousMode, DriverServiceName); 1206 if (!NT_SUCCESS(Status)) 1207 { 1208 return Status; 1209 } 1210 1211 DPRINT("IopUnloadDriver('%wZ', %u)\n", &CapturedServiceName, UnloadPnpDrivers); 1212 1213 1214 /* We need a service name */ 1215 if (CapturedServiceName.Length == 0) 1216 { 1217 ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode); 1218 return STATUS_INVALID_PARAMETER; 1219 } 1220 1221 /* 1222 * Get the service name from the registry key name 1223 */ 1224 Start = wcsrchr(CapturedServiceName.Buffer, L'\\'); 1225 if (Start == NULL) 1226 Start = CapturedServiceName.Buffer; 1227 else 1228 Start++; 1229 1230 RtlInitUnicodeString(&ServiceName, Start); 1231 1232 /* 1233 * Construct the driver object name 1234 */ 1235 ObjectName.Length = ((USHORT)wcslen(Start) + 8) * sizeof(WCHAR); 1236 ObjectName.MaximumLength = ObjectName.Length + sizeof(WCHAR); 1237 ObjectName.Buffer = ExAllocatePoolWithTag(PagedPool, 1238 ObjectName.MaximumLength, 1239 TAG_IO); 1240 if (!ObjectName.Buffer) 1241 { 1242 ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode); 1243 return STATUS_INSUFFICIENT_RESOURCES; 1244 } 1245 wcscpy(ObjectName.Buffer, DRIVER_ROOT_NAME); 1246 memcpy(ObjectName.Buffer + 8, Start, ObjectName.Length - 8 * sizeof(WCHAR)); 1247 ObjectName.Buffer[ObjectName.Length/sizeof(WCHAR)] = UNICODE_NULL; 1248 1249 /* 1250 * Find the driver object 1251 */ 1252 Status = ObReferenceObjectByName(&ObjectName, 1253 0, 1254 0, 1255 0, 1256 IoDriverObjectType, 1257 KernelMode, 1258 0, 1259 (PVOID*)&DriverObject); 1260 1261 if (!NT_SUCCESS(Status)) 1262 { 1263 DPRINT1("Can't locate driver object for %wZ\n", &ObjectName); 1264 ExFreePoolWithTag(ObjectName.Buffer, TAG_IO); 1265 ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode); 1266 return Status; 1267 } 1268 1269 /* Free the buffer for driver object name */ 1270 ExFreePoolWithTag(ObjectName.Buffer, TAG_IO); 1271 1272 /* Check that driver is not already unloading */ 1273 if (DriverObject->Flags & DRVO_UNLOAD_INVOKED) 1274 { 1275 DPRINT1("Driver deletion pending\n"); 1276 ObDereferenceObject(DriverObject); 1277 ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode); 1278 return STATUS_DELETE_PENDING; 1279 } 1280 1281 /* 1282 * Get path of service... 1283 */ 1284 RtlZeroMemory(QueryTable, sizeof(QueryTable)); 1285 1286 RtlInitUnicodeString(&ImagePath, NULL); 1287 1288 QueryTable[0].Name = L"ImagePath"; 1289 QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT; 1290 QueryTable[0].EntryContext = &ImagePath; 1291 1292 Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE, 1293 CapturedServiceName.Buffer, 1294 QueryTable, 1295 NULL, 1296 NULL); 1297 1298 /* We no longer need service name */ 1299 ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode); 1300 1301 if (!NT_SUCCESS(Status)) 1302 { 1303 DPRINT1("RtlQueryRegistryValues() failed (Status %x)\n", Status); 1304 ObDereferenceObject(DriverObject); 1305 return Status; 1306 } 1307 1308 /* 1309 * Normalize the image path for all later processing. 1310 */ 1311 Status = IopNormalizeImagePath(&ImagePath, &ServiceName); 1312 1313 if (!NT_SUCCESS(Status)) 1314 { 1315 DPRINT1("IopNormalizeImagePath() failed (Status %x)\n", Status); 1316 ObDereferenceObject(DriverObject); 1317 return Status; 1318 } 1319 1320 /* Free the service path */ 1321 ExFreePool(ImagePath.Buffer); 1322 1323 /* 1324 * Unload the module and release the references to the device object 1325 */ 1326 1327 /* Call the load/unload routine, depending on current process */ 1328 if (DriverObject->DriverUnload && DriverObject->DriverSection && 1329 (UnloadPnpDrivers || (DriverObject->Flags & DRVO_LEGACY_DRIVER))) 1330 { 1331 /* Loop through each device object of the driver 1332 and set DOE_UNLOAD_PENDING flag */ 1333 DeviceObject = DriverObject->DeviceObject; 1334 while (DeviceObject) 1335 { 1336 /* Set the unload pending flag for the device */ 1337 DeviceExtension = IoGetDevObjExtension(DeviceObject); 1338 DeviceExtension->ExtensionFlags |= DOE_UNLOAD_PENDING; 1339 1340 /* Make sure there are no attached devices or no reference counts */ 1341 if ((DeviceObject->ReferenceCount) || (DeviceObject->AttachedDevice)) 1342 { 1343 /* Not safe to unload */ 1344 DPRINT1("Drivers device object is referenced or has attached devices\n"); 1345 1346 SafeToUnload = FALSE; 1347 } 1348 1349 DeviceObject = DeviceObject->NextDevice; 1350 } 1351 1352 /* If not safe to unload, then return success */ 1353 if (!SafeToUnload) 1354 { 1355 ObDereferenceObject(DriverObject); 1356 return STATUS_SUCCESS; 1357 } 1358 1359 DPRINT1("Unloading driver '%wZ' (manual)\n", &DriverObject->DriverName); 1360 1361 /* Set the unload invoked flag and call the unload routine */ 1362 DriverObject->Flags |= DRVO_UNLOAD_INVOKED; 1363 Status = IopLoadUnloadDriver(NULL, &DriverObject); 1364 ASSERT(Status == STATUS_SUCCESS); 1365 1366 /* Mark the driver object temporary, so it could be deleted later */ 1367 ObMakeTemporaryObject(DriverObject); 1368 1369 /* Dereference it 2 times */ 1370 ObDereferenceObject(DriverObject); 1371 ObDereferenceObject(DriverObject); 1372 1373 return Status; 1374 } 1375 else 1376 { 1377 DPRINT1("No DriverUnload function! '%wZ' will not be unloaded!\n", &DriverObject->DriverName); 1378 1379 /* Dereference one time (refd inside this function) */ 1380 ObDereferenceObject(DriverObject); 1381 1382 /* Return unloading failure */ 1383 return STATUS_INVALID_DEVICE_REQUEST; 1384 } 1385 } 1386 1387 VOID 1388 NTAPI 1389 IopReinitializeDrivers(VOID) 1390 { 1391 PDRIVER_REINIT_ITEM ReinitItem; 1392 PLIST_ENTRY Entry; 1393 1394 /* Get the first entry and start looping */ 1395 Entry = ExInterlockedRemoveHeadList(&DriverReinitListHead, 1396 &DriverReinitListLock); 1397 while (Entry) 1398 { 1399 /* Get the item */ 1400 ReinitItem = CONTAINING_RECORD(Entry, DRIVER_REINIT_ITEM, ItemEntry); 1401 1402 /* Increment reinitialization counter */ 1403 ReinitItem->DriverObject->DriverExtension->Count++; 1404 1405 /* Remove the device object flag */ 1406 ReinitItem->DriverObject->Flags &= ~DRVO_REINIT_REGISTERED; 1407 1408 /* Call the routine */ 1409 ReinitItem->ReinitRoutine(ReinitItem->DriverObject, 1410 ReinitItem->Context, 1411 ReinitItem->DriverObject-> 1412 DriverExtension->Count); 1413 1414 /* Free the entry */ 1415 ExFreePool(Entry); 1416 1417 /* Move to the next one */ 1418 Entry = ExInterlockedRemoveHeadList(&DriverReinitListHead, 1419 &DriverReinitListLock); 1420 } 1421 } 1422 1423 VOID 1424 NTAPI 1425 IopReinitializeBootDrivers(VOID) 1426 { 1427 PDRIVER_REINIT_ITEM ReinitItem; 1428 PLIST_ENTRY Entry; 1429 1430 /* Get the first entry and start looping */ 1431 Entry = ExInterlockedRemoveHeadList(&DriverBootReinitListHead, 1432 &DriverBootReinitListLock); 1433 while (Entry) 1434 { 1435 /* Get the item */ 1436 ReinitItem = CONTAINING_RECORD(Entry, DRIVER_REINIT_ITEM, ItemEntry); 1437 1438 /* Increment reinitialization counter */ 1439 ReinitItem->DriverObject->DriverExtension->Count++; 1440 1441 /* Remove the device object flag */ 1442 ReinitItem->DriverObject->Flags &= ~DRVO_BOOTREINIT_REGISTERED; 1443 1444 /* Call the routine */ 1445 ReinitItem->ReinitRoutine(ReinitItem->DriverObject, 1446 ReinitItem->Context, 1447 ReinitItem->DriverObject-> 1448 DriverExtension->Count); 1449 1450 /* Free the entry */ 1451 ExFreePool(Entry); 1452 1453 /* Move to the next one */ 1454 Entry = ExInterlockedRemoveHeadList(&DriverBootReinitListHead, 1455 &DriverBootReinitListLock); 1456 } 1457 } 1458 1459 NTSTATUS 1460 NTAPI 1461 IopCreateDriver(IN PUNICODE_STRING DriverName OPTIONAL, 1462 IN PDRIVER_INITIALIZE InitializationFunction, 1463 IN PUNICODE_STRING RegistryPath OPTIONAL, 1464 IN PCUNICODE_STRING ServiceName, 1465 IN PLDR_DATA_TABLE_ENTRY ModuleObject OPTIONAL, 1466 OUT PDRIVER_OBJECT *pDriverObject) 1467 { 1468 WCHAR NameBuffer[100]; 1469 USHORT NameLength; 1470 UNICODE_STRING LocalDriverName; 1471 NTSTATUS Status; 1472 OBJECT_ATTRIBUTES ObjectAttributes; 1473 ULONG ObjectSize; 1474 PDRIVER_OBJECT DriverObject; 1475 UNICODE_STRING ServiceKeyName; 1476 HANDLE hDriver; 1477 ULONG i, RetryCount = 0; 1478 1479 try_again: 1480 /* First, create a unique name for the driver if we don't have one */ 1481 if (!DriverName) 1482 { 1483 /* Create a random name and set up the string */ 1484 NameLength = (USHORT)swprintf(NameBuffer, 1485 DRIVER_ROOT_NAME L"%08u", 1486 KeTickCount.LowPart); 1487 LocalDriverName.Length = NameLength * sizeof(WCHAR); 1488 LocalDriverName.MaximumLength = LocalDriverName.Length + sizeof(UNICODE_NULL); 1489 LocalDriverName.Buffer = NameBuffer; 1490 } 1491 else 1492 { 1493 /* So we can avoid another code path, use a local var */ 1494 LocalDriverName = *DriverName; 1495 } 1496 1497 /* Initialize the Attributes */ 1498 ObjectSize = sizeof(DRIVER_OBJECT) + sizeof(EXTENDED_DRIVER_EXTENSION); 1499 InitializeObjectAttributes(&ObjectAttributes, 1500 &LocalDriverName, 1501 OBJ_PERMANENT | OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, 1502 NULL, 1503 NULL); 1504 1505 /* Create the Object */ 1506 Status = ObCreateObject(KernelMode, 1507 IoDriverObjectType, 1508 &ObjectAttributes, 1509 KernelMode, 1510 NULL, 1511 ObjectSize, 1512 0, 1513 0, 1514 (PVOID*)&DriverObject); 1515 if (!NT_SUCCESS(Status)) return Status; 1516 1517 DPRINT("IopCreateDriver(): created DO %p\n", DriverObject); 1518 1519 /* Set up the Object */ 1520 RtlZeroMemory(DriverObject, ObjectSize); 1521 DriverObject->Type = IO_TYPE_DRIVER; 1522 DriverObject->Size = sizeof(DRIVER_OBJECT); 1523 1524 /* 1525 * Check whether RegistryPath and ModuleObject are both NULL because 1526 * IoCreateDriver() was called to initialize a built-in driver. 1527 */ 1528 if ((RegistryPath != NULL) || (ModuleObject != NULL)) 1529 DriverObject->Flags = DRVO_LEGACY_DRIVER; 1530 else 1531 DriverObject->Flags = DRVO_BUILTIN_DRIVER; 1532 1533 DriverObject->DriverExtension = (PDRIVER_EXTENSION)(DriverObject + 1); 1534 DriverObject->DriverExtension->DriverObject = DriverObject; 1535 DriverObject->DriverInit = InitializationFunction; 1536 DriverObject->DriverSection = ModuleObject; 1537 /* Loop all Major Functions */ 1538 for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++) 1539 { 1540 /* Invalidate each function */ 1541 DriverObject->MajorFunction[i] = IopInvalidDeviceRequest; 1542 } 1543 1544 /* Set up the service key name buffer */ 1545 ServiceKeyName.MaximumLength = ServiceName->Length + sizeof(UNICODE_NULL); 1546 ServiceKeyName.Buffer = ExAllocatePoolWithTag(NonPagedPool, 1547 ServiceKeyName.MaximumLength, 1548 TAG_IO); 1549 if (!ServiceKeyName.Buffer) 1550 { 1551 /* Fail */ 1552 ObMakeTemporaryObject(DriverObject); 1553 ObDereferenceObject(DriverObject); 1554 return STATUS_INSUFFICIENT_RESOURCES; 1555 } 1556 1557 /* Copy the name and set it in the driver extension */ 1558 RtlCopyUnicodeString(&ServiceKeyName, 1559 ServiceName); 1560 DriverObject->DriverExtension->ServiceKeyName = ServiceKeyName; 1561 1562 /* Make a copy of the driver name to store in the driver object */ 1563 DriverObject->DriverName.MaximumLength = LocalDriverName.Length; 1564 DriverObject->DriverName.Buffer = ExAllocatePoolWithTag(PagedPool, 1565 DriverObject->DriverName.MaximumLength, 1566 TAG_IO); 1567 if (!DriverObject->DriverName.Buffer) 1568 { 1569 /* Fail */ 1570 ObMakeTemporaryObject(DriverObject); 1571 ObDereferenceObject(DriverObject); 1572 return STATUS_INSUFFICIENT_RESOURCES; 1573 } 1574 1575 RtlCopyUnicodeString(&DriverObject->DriverName, 1576 &LocalDriverName); 1577 1578 /* Add the Object and get its handle */ 1579 Status = ObInsertObject(DriverObject, 1580 NULL, 1581 FILE_READ_DATA, 1582 0, 1583 NULL, 1584 &hDriver); 1585 1586 /* Eliminate small possibility when this function is called more than 1587 once in a row, and KeTickCount doesn't get enough time to change */ 1588 if (!DriverName && (Status == STATUS_OBJECT_NAME_COLLISION) && (RetryCount < 100)) 1589 { 1590 RetryCount++; 1591 goto try_again; 1592 } 1593 1594 if (!NT_SUCCESS(Status)) return Status; 1595 1596 /* Now reference it */ 1597 Status = ObReferenceObjectByHandle(hDriver, 1598 0, 1599 IoDriverObjectType, 1600 KernelMode, 1601 (PVOID*)&DriverObject, 1602 NULL); 1603 1604 /* Close the extra handle */ 1605 ZwClose(hDriver); 1606 1607 if (!NT_SUCCESS(Status)) 1608 { 1609 /* Fail */ 1610 ObMakeTemporaryObject(DriverObject); 1611 ObDereferenceObject(DriverObject); 1612 return Status; 1613 } 1614 1615 DriverObject->HardwareDatabase = &IopHardwareDatabaseKey; 1616 DriverObject->DriverStart = ModuleObject ? ModuleObject->DllBase : 0; 1617 DriverObject->DriverSize = ModuleObject ? ModuleObject->SizeOfImage : 0; 1618 1619 /* Finally, call its init function */ 1620 DPRINT("RegistryKey: %wZ\n", RegistryPath); 1621 DPRINT("Calling driver entrypoint at %p\n", InitializationFunction); 1622 Status = (*InitializationFunction)(DriverObject, RegistryPath); 1623 if (!NT_SUCCESS(Status)) 1624 { 1625 /* If it didn't work, then kill the object */ 1626 DPRINT1("'%wZ' initialization failed, status (0x%08lx)\n", DriverName, Status); 1627 DriverObject->DriverSection = NULL; 1628 ObMakeTemporaryObject(DriverObject); 1629 ObDereferenceObject(DriverObject); 1630 return Status; 1631 } 1632 else 1633 { 1634 /* Returns to caller the object */ 1635 *pDriverObject = DriverObject; 1636 } 1637 1638 /* We're going to say if we don't have any DOs from DriverEntry, then we're not legacy. 1639 * Other parts of the I/O manager depend on this behavior */ 1640 if (!DriverObject->DeviceObject) DriverObject->Flags &= ~DRVO_LEGACY_DRIVER; 1641 1642 /* Loop all Major Functions */ 1643 for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++) 1644 { 1645 /* 1646 * Make sure the driver didn't set any dispatch entry point to NULL! 1647 * Doing so is illegal; drivers shouldn't touch entry points they 1648 * do not implement. 1649 */ 1650 1651 /* Check if it did so anyway */ 1652 if (!DriverObject->MajorFunction[i]) 1653 { 1654 /* Print a warning in the debug log */ 1655 DPRINT1("Driver <%wZ> set DriverObject->MajorFunction[%lu] to NULL!\n", 1656 &DriverObject->DriverName, i); 1657 1658 /* Fix it up */ 1659 DriverObject->MajorFunction[i] = IopInvalidDeviceRequest; 1660 } 1661 } 1662 1663 /* Return the Status */ 1664 return Status; 1665 } 1666 1667 /* PUBLIC FUNCTIONS ***********************************************************/ 1668 1669 /* 1670 * @implemented 1671 */ 1672 NTSTATUS 1673 NTAPI 1674 IoCreateDriver(IN PUNICODE_STRING DriverName OPTIONAL, 1675 IN PDRIVER_INITIALIZE InitializationFunction) 1676 { 1677 PDRIVER_OBJECT DriverObject; 1678 return IopCreateDriver(DriverName, InitializationFunction, NULL, DriverName, NULL, &DriverObject); 1679 } 1680 1681 /* 1682 * @implemented 1683 */ 1684 VOID 1685 NTAPI 1686 IoDeleteDriver(IN PDRIVER_OBJECT DriverObject) 1687 { 1688 /* Simply dereference the Object */ 1689 ObDereferenceObject(DriverObject); 1690 } 1691 1692 /* 1693 * @implemented 1694 */ 1695 VOID 1696 NTAPI 1697 IoRegisterBootDriverReinitialization(IN PDRIVER_OBJECT DriverObject, 1698 IN PDRIVER_REINITIALIZE ReinitRoutine, 1699 IN PVOID Context) 1700 { 1701 PDRIVER_REINIT_ITEM ReinitItem; 1702 1703 /* Allocate the entry */ 1704 ReinitItem = ExAllocatePoolWithTag(NonPagedPool, 1705 sizeof(DRIVER_REINIT_ITEM), 1706 TAG_REINIT); 1707 if (!ReinitItem) return; 1708 1709 /* Fill it out */ 1710 ReinitItem->DriverObject = DriverObject; 1711 ReinitItem->ReinitRoutine = ReinitRoutine; 1712 ReinitItem->Context = Context; 1713 1714 /* Set the Driver Object flag and insert the entry into the list */ 1715 DriverObject->Flags |= DRVO_BOOTREINIT_REGISTERED; 1716 ExInterlockedInsertTailList(&DriverBootReinitListHead, 1717 &ReinitItem->ItemEntry, 1718 &DriverBootReinitListLock); 1719 } 1720 1721 /* 1722 * @implemented 1723 */ 1724 VOID 1725 NTAPI 1726 IoRegisterDriverReinitialization(IN PDRIVER_OBJECT DriverObject, 1727 IN PDRIVER_REINITIALIZE ReinitRoutine, 1728 IN PVOID Context) 1729 { 1730 PDRIVER_REINIT_ITEM ReinitItem; 1731 1732 /* Allocate the entry */ 1733 ReinitItem = ExAllocatePoolWithTag(NonPagedPool, 1734 sizeof(DRIVER_REINIT_ITEM), 1735 TAG_REINIT); 1736 if (!ReinitItem) return; 1737 1738 /* Fill it out */ 1739 ReinitItem->DriverObject = DriverObject; 1740 ReinitItem->ReinitRoutine = ReinitRoutine; 1741 ReinitItem->Context = Context; 1742 1743 /* Set the Driver Object flag and insert the entry into the list */ 1744 DriverObject->Flags |= DRVO_REINIT_REGISTERED; 1745 ExInterlockedInsertTailList(&DriverReinitListHead, 1746 &ReinitItem->ItemEntry, 1747 &DriverReinitListLock); 1748 } 1749 1750 /* 1751 * @implemented 1752 */ 1753 NTSTATUS 1754 NTAPI 1755 IoAllocateDriverObjectExtension(IN PDRIVER_OBJECT DriverObject, 1756 IN PVOID ClientIdentificationAddress, 1757 IN ULONG DriverObjectExtensionSize, 1758 OUT PVOID *DriverObjectExtension) 1759 { 1760 KIRQL OldIrql; 1761 PIO_CLIENT_EXTENSION DriverExtensions, NewDriverExtension; 1762 BOOLEAN Inserted = FALSE; 1763 1764 /* Assume failure */ 1765 *DriverObjectExtension = NULL; 1766 1767 /* Allocate the extension */ 1768 NewDriverExtension = ExAllocatePoolWithTag(NonPagedPool, 1769 sizeof(IO_CLIENT_EXTENSION) + 1770 DriverObjectExtensionSize, 1771 TAG_DRIVER_EXTENSION); 1772 if (!NewDriverExtension) return STATUS_INSUFFICIENT_RESOURCES; 1773 1774 /* Clear the extension for teh caller */ 1775 RtlZeroMemory(NewDriverExtension, 1776 sizeof(IO_CLIENT_EXTENSION) + DriverObjectExtensionSize); 1777 1778 /* Acqure lock */ 1779 OldIrql = KeRaiseIrqlToDpcLevel(); 1780 1781 /* Fill out the extension */ 1782 NewDriverExtension->ClientIdentificationAddress = ClientIdentificationAddress; 1783 1784 /* Loop the current extensions */ 1785 DriverExtensions = IoGetDrvObjExtension(DriverObject)-> 1786 ClientDriverExtension; 1787 while (DriverExtensions) 1788 { 1789 /* Check if the identifier matches */ 1790 if (DriverExtensions->ClientIdentificationAddress == 1791 ClientIdentificationAddress) 1792 { 1793 /* We have a collision, break out */ 1794 break; 1795 } 1796 1797 /* Go to the next one */ 1798 DriverExtensions = DriverExtensions->NextExtension; 1799 } 1800 1801 /* Check if we didn't collide */ 1802 if (!DriverExtensions) 1803 { 1804 /* Link this one in */ 1805 NewDriverExtension->NextExtension = 1806 IoGetDrvObjExtension(DriverObject)->ClientDriverExtension; 1807 IoGetDrvObjExtension(DriverObject)->ClientDriverExtension = 1808 NewDriverExtension; 1809 Inserted = TRUE; 1810 } 1811 1812 /* Release the lock */ 1813 KeLowerIrql(OldIrql); 1814 1815 /* Check if insertion failed */ 1816 if (!Inserted) 1817 { 1818 /* Free the entry and fail */ 1819 ExFreePoolWithTag(NewDriverExtension, TAG_DRIVER_EXTENSION); 1820 return STATUS_OBJECT_NAME_COLLISION; 1821 } 1822 1823 /* Otherwise, return the pointer */ 1824 *DriverObjectExtension = NewDriverExtension + 1; 1825 return STATUS_SUCCESS; 1826 } 1827 1828 /* 1829 * @implemented 1830 */ 1831 PVOID 1832 NTAPI 1833 IoGetDriverObjectExtension(IN PDRIVER_OBJECT DriverObject, 1834 IN PVOID ClientIdentificationAddress) 1835 { 1836 KIRQL OldIrql; 1837 PIO_CLIENT_EXTENSION DriverExtensions; 1838 1839 /* Acquire lock */ 1840 OldIrql = KeRaiseIrqlToDpcLevel(); 1841 1842 /* Loop the list until we find the right one */ 1843 DriverExtensions = IoGetDrvObjExtension(DriverObject)->ClientDriverExtension; 1844 while (DriverExtensions) 1845 { 1846 /* Check for a match */ 1847 if (DriverExtensions->ClientIdentificationAddress == 1848 ClientIdentificationAddress) 1849 { 1850 /* Break out */ 1851 break; 1852 } 1853 1854 /* Keep looping */ 1855 DriverExtensions = DriverExtensions->NextExtension; 1856 } 1857 1858 /* Release lock */ 1859 KeLowerIrql(OldIrql); 1860 1861 /* Return nothing or the extension */ 1862 if (!DriverExtensions) return NULL; 1863 return DriverExtensions + 1; 1864 } 1865 1866 VOID 1867 NTAPI 1868 IopLoadUnloadDriverWorker( 1869 _Inout_ PVOID Parameter) 1870 { 1871 PLOAD_UNLOAD_PARAMS LoadParams = Parameter; 1872 1873 ASSERT(PsGetCurrentProcess() == PsInitialSystemProcess); 1874 LoadParams->Status = IopLoadUnloadDriver(LoadParams->RegistryPath, 1875 &LoadParams->DriverObject); 1876 KeSetEvent(&LoadParams->Event, 0, FALSE); 1877 } 1878 1879 NTSTATUS 1880 NTAPI 1881 IopLoadUnloadDriver( 1882 _In_opt_ PCUNICODE_STRING RegistryPath, 1883 _Inout_ PDRIVER_OBJECT *DriverObject) 1884 { 1885 RTL_QUERY_REGISTRY_TABLE QueryTable[3]; 1886 UNICODE_STRING ImagePath; 1887 UNICODE_STRING ServiceName; 1888 NTSTATUS Status; 1889 ULONG Type; 1890 PDEVICE_NODE DeviceNode; 1891 PLDR_DATA_TABLE_ENTRY ModuleObject; 1892 PVOID BaseAddress; 1893 WCHAR *cur; 1894 1895 /* Load/Unload must be called from system process */ 1896 if (PsGetCurrentProcess() != PsInitialSystemProcess) 1897 { 1898 LOAD_UNLOAD_PARAMS LoadParams; 1899 1900 /* Prepare parameters block */ 1901 LoadParams.RegistryPath = RegistryPath; 1902 LoadParams.DriverObject = *DriverObject; 1903 KeInitializeEvent(&LoadParams.Event, NotificationEvent, FALSE); 1904 1905 /* Initialize and queue a work item */ 1906 ExInitializeWorkItem(&LoadParams.WorkItem, 1907 IopLoadUnloadDriverWorker, 1908 &LoadParams); 1909 ExQueueWorkItem(&LoadParams.WorkItem, DelayedWorkQueue); 1910 1911 /* And wait till it completes */ 1912 KeWaitForSingleObject(&LoadParams.Event, 1913 UserRequest, 1914 KernelMode, 1915 FALSE, 1916 NULL); 1917 return LoadParams.Status; 1918 } 1919 1920 /* Check if it's an unload request */ 1921 if (*DriverObject) 1922 { 1923 (*DriverObject)->DriverUnload(*DriverObject); 1924 return STATUS_SUCCESS; 1925 } 1926 1927 RtlInitUnicodeString(&ImagePath, NULL); 1928 1929 /* 1930 * Get the service name from the registry key name. 1931 */ 1932 ASSERT(RegistryPath->Length >= sizeof(WCHAR)); 1933 1934 ServiceName = *RegistryPath; 1935 cur = RegistryPath->Buffer + RegistryPath->Length / sizeof(WCHAR) - 1; 1936 while (RegistryPath->Buffer != cur) 1937 { 1938 if (*cur == L'\\') 1939 { 1940 ServiceName.Buffer = cur + 1; 1941 ServiceName.Length = RegistryPath->Length - 1942 (USHORT)((ULONG_PTR)ServiceName.Buffer - 1943 (ULONG_PTR)RegistryPath->Buffer); 1944 break; 1945 } 1946 cur--; 1947 } 1948 1949 /* 1950 * Get service type. 1951 */ 1952 RtlZeroMemory(&QueryTable, sizeof(QueryTable)); 1953 1954 RtlInitUnicodeString(&ImagePath, NULL); 1955 1956 QueryTable[0].Name = L"Type"; 1957 QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT | RTL_QUERY_REGISTRY_REQUIRED; 1958 QueryTable[0].EntryContext = &Type; 1959 1960 QueryTable[1].Name = L"ImagePath"; 1961 QueryTable[1].Flags = RTL_QUERY_REGISTRY_DIRECT; 1962 QueryTable[1].EntryContext = &ImagePath; 1963 1964 Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE, 1965 RegistryPath->Buffer, 1966 QueryTable, NULL, NULL); 1967 if (!NT_SUCCESS(Status)) 1968 { 1969 DPRINT("RtlQueryRegistryValues() failed (Status %lx)\n", Status); 1970 if (ImagePath.Buffer) ExFreePool(ImagePath.Buffer); 1971 return Status; 1972 } 1973 1974 /* 1975 * Normalize the image path for all later processing. 1976 */ 1977 Status = IopNormalizeImagePath(&ImagePath, &ServiceName); 1978 if (!NT_SUCCESS(Status)) 1979 { 1980 DPRINT("IopNormalizeImagePath() failed (Status %x)\n", Status); 1981 return Status; 1982 } 1983 1984 DPRINT("FullImagePath: '%wZ'\n", &ImagePath); 1985 DPRINT("Type: %lx\n", Type); 1986 1987 KeEnterCriticalRegion(); 1988 ExAcquireResourceExclusiveLite(&IopDriverLoadResource, TRUE); 1989 /* 1990 * Get existing DriverObject pointer (in case the driver 1991 * has already been loaded and initialized). 1992 */ 1993 Status = IopGetDriverObject(DriverObject, 1994 &ServiceName, 1995 (Type == SERVICE_FILE_SYSTEM_DRIVER || 1996 Type == SERVICE_RECOGNIZER_DRIVER)); 1997 1998 if (!NT_SUCCESS(Status)) 1999 { 2000 /* 2001 * Load the driver module 2002 */ 2003 DPRINT("Loading module from %wZ\n", &ImagePath); 2004 Status = MmLoadSystemImage(&ImagePath, NULL, NULL, 0, (PVOID)&ModuleObject, &BaseAddress); 2005 if (!NT_SUCCESS(Status)) 2006 { 2007 DPRINT("MmLoadSystemImage() failed (Status %lx)\n", Status); 2008 ExReleaseResourceLite(&IopDriverLoadResource); 2009 KeLeaveCriticalRegion(); 2010 return Status; 2011 } 2012 2013 /* 2014 * Initialize the driver module if it's loaded for the first time 2015 */ 2016 Status = IopCreateDeviceNode(IopRootDeviceNode, NULL, &ServiceName, &DeviceNode); 2017 if (!NT_SUCCESS(Status)) 2018 { 2019 DPRINT1("IopCreateDeviceNode() failed (Status %lx)\n", Status); 2020 ExReleaseResourceLite(&IopDriverLoadResource); 2021 KeLeaveCriticalRegion(); 2022 MmUnloadSystemImage(ModuleObject); 2023 return Status; 2024 } 2025 2026 IopDisplayLoadingMessage(&DeviceNode->ServiceName); 2027 2028 Status = IopInitializeDriverModule(DeviceNode, 2029 ModuleObject, 2030 &DeviceNode->ServiceName, 2031 (Type == SERVICE_FILE_SYSTEM_DRIVER || 2032 Type == SERVICE_RECOGNIZER_DRIVER), 2033 DriverObject); 2034 if (!NT_SUCCESS(Status)) 2035 { 2036 DPRINT1("IopInitializeDriverModule() failed (Status %lx)\n", Status); 2037 ExReleaseResourceLite(&IopDriverLoadResource); 2038 KeLeaveCriticalRegion(); 2039 MmUnloadSystemImage(ModuleObject); 2040 return Status; 2041 } 2042 2043 ExReleaseResourceLite(&IopDriverLoadResource); 2044 KeLeaveCriticalRegion(); 2045 2046 /* Initialize and start device */ 2047 IopInitializeDevice(DeviceNode, *DriverObject); 2048 Status = IopStartDevice(DeviceNode); 2049 } 2050 else 2051 { 2052 ExReleaseResourceLite(&IopDriverLoadResource); 2053 KeLeaveCriticalRegion(); 2054 2055 DPRINT("DriverObject already exist in ObjectManager\n"); 2056 Status = STATUS_IMAGE_ALREADY_LOADED; 2057 2058 /* IopGetDriverObject references the DriverObject, so dereference it */ 2059 ObDereferenceObject(*DriverObject); 2060 } 2061 2062 return Status; 2063 } 2064 2065 /* 2066 * NtLoadDriver 2067 * 2068 * Loads a device driver. 2069 * 2070 * Parameters 2071 * DriverServiceName 2072 * Name of the service to load (registry key). 2073 * 2074 * Return Value 2075 * Status 2076 * 2077 * Status 2078 * implemented 2079 */ 2080 NTSTATUS NTAPI 2081 NtLoadDriver(IN PUNICODE_STRING DriverServiceName) 2082 { 2083 UNICODE_STRING CapturedDriverServiceName = { 0, 0, NULL }; 2084 KPROCESSOR_MODE PreviousMode; 2085 PDRIVER_OBJECT DriverObject; 2086 NTSTATUS Status; 2087 2088 PAGED_CODE(); 2089 2090 PreviousMode = KeGetPreviousMode(); 2091 2092 /* 2093 * Check security privileges 2094 */ 2095 2096 /* FIXME: Uncomment when privileges will be correctly implemented. */ 2097 #if 0 2098 if (!SeSinglePrivilegeCheck(SeLoadDriverPrivilege, PreviousMode)) 2099 { 2100 DPRINT("Privilege not held\n"); 2101 return STATUS_PRIVILEGE_NOT_HELD; 2102 } 2103 #endif 2104 2105 Status = ProbeAndCaptureUnicodeString(&CapturedDriverServiceName, 2106 PreviousMode, 2107 DriverServiceName); 2108 if (!NT_SUCCESS(Status)) 2109 { 2110 return Status; 2111 } 2112 2113 DPRINT("NtLoadDriver('%wZ')\n", &CapturedDriverServiceName); 2114 2115 /* Load driver and call its entry point */ 2116 DriverObject = NULL; 2117 Status = IopLoadUnloadDriver(&CapturedDriverServiceName, &DriverObject); 2118 2119 ReleaseCapturedUnicodeString(&CapturedDriverServiceName, 2120 PreviousMode); 2121 2122 return Status; 2123 } 2124 2125 /* 2126 * NtUnloadDriver 2127 * 2128 * Unloads a legacy device driver. 2129 * 2130 * Parameters 2131 * DriverServiceName 2132 * Name of the service to unload (registry key). 2133 * 2134 * Return Value 2135 * Status 2136 * 2137 * Status 2138 * implemented 2139 */ 2140 2141 NTSTATUS NTAPI 2142 NtUnloadDriver(IN PUNICODE_STRING DriverServiceName) 2143 { 2144 return IopUnloadDriver(DriverServiceName, FALSE); 2145 } 2146 2147 /* EOF */ 2148