xref: /reactos/ntoskrnl/io/iomgr/driver.c (revision 279107d5)
1 /*
2  * PROJECT:         ReactOS Kernel
3  * LICENSE:         GPL - See COPYING in the top level directory
4  * FILE:            ntoskrnl/io/iomgr/driver.c
5  * PURPOSE:         Driver Object Management
6  * PROGRAMMERS:     Alex Ionescu (alex.ionescu@reactos.org)
7  *                  Filip Navara (navaraf@reactos.org)
8  *                  Herv� Poussineau (hpoussin@reactos.org)
9  */
10 
11 /* INCLUDES *******************************************************************/
12 
13 #include <ntoskrnl.h>
14 #define NDEBUG
15 #include <debug.h>
16 
17 /* GLOBALS ********************************************************************/
18 
19 ERESOURCE IopDriverLoadResource;
20 
21 LIST_ENTRY DriverReinitListHead;
22 KSPIN_LOCK DriverReinitListLock;
23 PLIST_ENTRY DriverReinitTailEntry;
24 
25 PLIST_ENTRY DriverBootReinitTailEntry;
26 LIST_ENTRY DriverBootReinitListHead;
27 KSPIN_LOCK DriverBootReinitListLock;
28 
29 UNICODE_STRING IopHardwareDatabaseKey =
30    RTL_CONSTANT_STRING(L"\\REGISTRY\\MACHINE\\HARDWARE\\DESCRIPTION\\SYSTEM");
31 
32 POBJECT_TYPE IoDriverObjectType = NULL;
33 
34 #define TAG_RTLREGISTRY 'vrqR'
35 
36 extern BOOLEAN ExpInTextModeSetup;
37 extern BOOLEAN PnpSystemInit;
38 
39 USHORT IopGroupIndex;
40 PLIST_ENTRY IopGroupTable;
41 
42 /* PRIVATE FUNCTIONS **********************************************************/
43 
44 NTSTATUS
45 NTAPI
46 IopInvalidDeviceRequest(
47     PDEVICE_OBJECT DeviceObject,
48     PIRP Irp)
49 {
50     Irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
51     Irp->IoStatus.Information = 0;
52     IoCompleteRequest(Irp, IO_NO_INCREMENT);
53     return STATUS_INVALID_DEVICE_REQUEST;
54 }
55 
56 VOID
57 NTAPI
58 IopDeleteDriver(IN PVOID ObjectBody)
59 {
60     PDRIVER_OBJECT DriverObject = ObjectBody;
61     PIO_CLIENT_EXTENSION DriverExtension, NextDriverExtension;
62     PAGED_CODE();
63 
64     DPRINT1("Deleting driver object '%wZ'\n", &DriverObject->DriverName);
65 
66     /* There must be no device objects remaining at this point */
67     ASSERT(!DriverObject->DeviceObject);
68 
69     /* Get the extension and loop them */
70     DriverExtension = IoGetDrvObjExtension(DriverObject)->ClientDriverExtension;
71     while (DriverExtension)
72     {
73         /* Get the next one */
74         NextDriverExtension = DriverExtension->NextExtension;
75         ExFreePoolWithTag(DriverExtension, TAG_DRIVER_EXTENSION);
76 
77         /* Move on */
78         DriverExtension = NextDriverExtension;
79     }
80 
81     /* Check if the driver image is still loaded */
82     if (DriverObject->DriverSection)
83     {
84         /* Unload it */
85         MmUnloadSystemImage(DriverObject->DriverSection);
86     }
87 
88     /* Check if it has a name */
89     if (DriverObject->DriverName.Buffer)
90     {
91         /* Free it */
92         ExFreePool(DriverObject->DriverName.Buffer);
93     }
94 
95     /* Check if it has a service key name */
96     if (DriverObject->DriverExtension->ServiceKeyName.Buffer)
97     {
98         /* Free it */
99         ExFreePool(DriverObject->DriverExtension->ServiceKeyName.Buffer);
100     }
101 }
102 
103 NTSTATUS
104 FASTCALL
105 IopGetDriverObject(
106     PDRIVER_OBJECT *DriverObject,
107     PUNICODE_STRING ServiceName,
108     BOOLEAN FileSystem)
109 {
110     PDRIVER_OBJECT Object;
111     WCHAR NameBuffer[MAX_PATH];
112     UNICODE_STRING DriverName;
113     NTSTATUS Status;
114 
115     DPRINT("IopGetDriverObject(%p '%wZ' %x)\n",
116            DriverObject, ServiceName, FileSystem);
117 
118     ASSERT(ExIsResourceAcquiredExclusiveLite(&IopDriverLoadResource));
119     *DriverObject = NULL;
120 
121     /* Create ModuleName string */
122     if (ServiceName == NULL || ServiceName->Buffer == NULL)
123         /* We don't know which DriverObject we have to open */
124         return STATUS_INVALID_PARAMETER_2;
125 
126     DriverName.Buffer = NameBuffer;
127     DriverName.Length = 0;
128     DriverName.MaximumLength = sizeof(NameBuffer);
129 
130     if (FileSystem != FALSE)
131         RtlAppendUnicodeToString(&DriverName, FILESYSTEM_ROOT_NAME);
132     else
133         RtlAppendUnicodeToString(&DriverName, DRIVER_ROOT_NAME);
134     RtlAppendUnicodeStringToString(&DriverName, ServiceName);
135 
136     DPRINT("Driver name: '%wZ'\n", &DriverName);
137 
138     /* Open driver object */
139     Status = ObReferenceObjectByName(&DriverName,
140                                      OBJ_OPENIF | OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, /* Attributes */
141                                      NULL, /* PassedAccessState */
142                                      0, /* DesiredAccess */
143                                      IoDriverObjectType,
144                                      KernelMode,
145                                      NULL, /* ParseContext */
146                                      (PVOID*)&Object);
147     if (!NT_SUCCESS(Status))
148     {
149         DPRINT("Failed to reference driver object, status=0x%08x\n", Status);
150         return Status;
151     }
152 
153     *DriverObject = Object;
154 
155     DPRINT("Driver Object: %p\n", Object);
156 
157     return STATUS_SUCCESS;
158 }
159 
160 /*
161  * RETURNS
162  *  TRUE if String2 contains String1 as a suffix.
163  */
164 BOOLEAN
165 NTAPI
166 IopSuffixUnicodeString(
167     IN PCUNICODE_STRING String1,
168     IN PCUNICODE_STRING String2)
169 {
170     PWCHAR pc1;
171     PWCHAR pc2;
172     ULONG Length;
173 
174     if (String2->Length < String1->Length)
175         return FALSE;
176 
177     Length = String1->Length / 2;
178     pc1 = String1->Buffer;
179     pc2 = &String2->Buffer[String2->Length / sizeof(WCHAR) - Length];
180 
181     if (pc1 && pc2)
182     {
183         while (Length--)
184         {
185             if( *pc1++ != *pc2++ )
186                 return FALSE;
187         }
188         return TRUE;
189     }
190     return FALSE;
191 }
192 
193 /*
194  * IopDisplayLoadingMessage
195  *
196  * Display 'Loading XXX...' message.
197  */
198 VOID
199 FASTCALL
200 IopDisplayLoadingMessage(PUNICODE_STRING ServiceName)
201 {
202     CHAR TextBuffer[256];
203     UNICODE_STRING DotSys = RTL_CONSTANT_STRING(L".SYS");
204 
205     if (ExpInTextModeSetup) return;
206     if (!KeLoaderBlock) return;
207     RtlUpcaseUnicodeString(ServiceName, ServiceName, FALSE);
208     snprintf(TextBuffer, sizeof(TextBuffer),
209             "%s%sSystem32\\Drivers\\%wZ%s\r\n",
210             KeLoaderBlock->ArcBootDeviceName,
211             KeLoaderBlock->NtBootPathName,
212             ServiceName,
213             IopSuffixUnicodeString(&DotSys, ServiceName) ? "" : ".SYS");
214     HalDisplayString(TextBuffer);
215 }
216 
217 /*
218  * IopNormalizeImagePath
219  *
220  * Normalize an image path to contain complete path.
221  *
222  * Parameters
223  *    ImagePath
224  *       The input path and on exit the result path. ImagePath.Buffer
225  *       must be allocated by ExAllocatePool on input. Caller is responsible
226  *       for freeing the buffer when it's no longer needed.
227  *
228  *    ServiceName
229  *       Name of the service that ImagePath belongs to.
230  *
231  * Return Value
232  *    Status
233  *
234  * Remarks
235  *    The input image path isn't freed on error.
236  */
237 NTSTATUS
238 FASTCALL
239 IopNormalizeImagePath(
240     _Inout_ _When_(return>=0, _At_(ImagePath->Buffer, _Post_notnull_ __drv_allocatesMem(Mem)))
241          PUNICODE_STRING ImagePath,
242     _In_ PUNICODE_STRING ServiceName)
243 {
244     UNICODE_STRING SystemRootString = RTL_CONSTANT_STRING(L"\\SystemRoot\\");
245     UNICODE_STRING DriversPathString = RTL_CONSTANT_STRING(L"\\SystemRoot\\System32\\drivers\\");
246     UNICODE_STRING DotSysString = RTL_CONSTANT_STRING(L".sys");
247     UNICODE_STRING InputImagePath;
248 
249     DPRINT("Normalizing image path '%wZ' for service '%wZ'\n", ImagePath, ServiceName);
250 
251     InputImagePath = *ImagePath;
252     if (InputImagePath.Length == 0)
253     {
254         ImagePath->Length = 0;
255         ImagePath->MaximumLength = DriversPathString.Length +
256                                    ServiceName->Length +
257                                    DotSysString.Length +
258                                    sizeof(UNICODE_NULL);
259         ImagePath->Buffer = ExAllocatePoolWithTag(NonPagedPool,
260                                                   ImagePath->MaximumLength,
261                                                   TAG_IO);
262         if (ImagePath->Buffer == NULL)
263             return STATUS_NO_MEMORY;
264 
265         RtlCopyUnicodeString(ImagePath, &DriversPathString);
266         RtlAppendUnicodeStringToString(ImagePath, ServiceName);
267         RtlAppendUnicodeStringToString(ImagePath, &DotSysString);
268     }
269     else if (InputImagePath.Buffer[0] != L'\\')
270     {
271         ImagePath->Length = 0;
272         ImagePath->MaximumLength = SystemRootString.Length +
273                                    InputImagePath.Length +
274                                    sizeof(UNICODE_NULL);
275         ImagePath->Buffer = ExAllocatePoolWithTag(NonPagedPool,
276                                                   ImagePath->MaximumLength,
277                                                   TAG_IO);
278         if (ImagePath->Buffer == NULL)
279             return STATUS_NO_MEMORY;
280 
281         RtlCopyUnicodeString(ImagePath, &SystemRootString);
282         RtlAppendUnicodeStringToString(ImagePath, &InputImagePath);
283 
284         /* Free caller's string */
285         ExFreePoolWithTag(InputImagePath.Buffer, TAG_RTLREGISTRY);
286     }
287 
288     DPRINT("Normalized image path is '%wZ' for service '%wZ'\n", ImagePath, ServiceName);
289 
290     return STATUS_SUCCESS;
291 }
292 
293 /*
294  * IopLoadServiceModule
295  *
296  * Load a module specified by registry settings for service.
297  *
298  * Parameters
299  *    ServiceName
300  *       Name of the service to load.
301  *
302  * Return Value
303  *    Status
304  */
305 NTSTATUS
306 FASTCALL
307 IopLoadServiceModule(
308     IN PUNICODE_STRING ServiceName,
309     OUT PLDR_DATA_TABLE_ENTRY *ModuleObject)
310 {
311     RTL_QUERY_REGISTRY_TABLE QueryTable[3];
312     ULONG ServiceStart;
313     UNICODE_STRING ServiceImagePath, CCSName;
314     NTSTATUS Status;
315     HANDLE CCSKey, ServiceKey;
316     PVOID BaseAddress;
317 
318     ASSERT(ExIsResourceAcquiredExclusiveLite(&IopDriverLoadResource));
319     ASSERT(ServiceName->Length);
320     DPRINT("IopLoadServiceModule(%wZ, 0x%p)\n", ServiceName, ModuleObject);
321 
322     if (ExpInTextModeSetup)
323     {
324         /* We have no registry, but luckily we know where all the drivers are */
325         DPRINT1("IopLoadServiceModule(%wZ, 0x%p) called in ExpInTextModeSetup mode...\n", ServiceName, ModuleObject);
326 
327         /* ServiceStart < 4 is all that matters */
328         ServiceStart = 0;
329 
330         /* IopNormalizeImagePath will do all of the work for us if we give it an empty string */
331         RtlInitEmptyUnicodeString(&ServiceImagePath, NULL, 0);
332     }
333     else
334     {
335         /* Open CurrentControlSet */
336         RtlInitUnicodeString(&CCSName,
337                              L"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services");
338         Status = IopOpenRegistryKeyEx(&CCSKey, NULL, &CCSName, KEY_READ);
339         if (!NT_SUCCESS(Status))
340         {
341             DPRINT1("IopOpenRegistryKeyEx() failed for '%wZ' with status 0x%lx\n",
342                     &CCSName, Status);
343             return Status;
344         }
345 
346         /* Open service key */
347         Status = IopOpenRegistryKeyEx(&ServiceKey, CCSKey, ServiceName, KEY_READ);
348         if (!NT_SUCCESS(Status))
349         {
350             DPRINT1("IopOpenRegistryKeyEx() failed for '%wZ' with status 0x%lx\n",
351                     ServiceName, Status);
352             ZwClose(CCSKey);
353             return Status;
354         }
355 
356         /*
357          * Get information about the service.
358          */
359         RtlZeroMemory(QueryTable, sizeof(QueryTable));
360 
361         RtlInitUnicodeString(&ServiceImagePath, NULL);
362 
363         QueryTable[0].Name = L"Start";
364         QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
365         QueryTable[0].EntryContext = &ServiceStart;
366 
367         QueryTable[1].Name = L"ImagePath";
368         QueryTable[1].Flags = RTL_QUERY_REGISTRY_DIRECT;
369         QueryTable[1].EntryContext = &ServiceImagePath;
370 
371         Status = RtlQueryRegistryValues(RTL_REGISTRY_HANDLE,
372                                         (PWSTR)ServiceKey,
373                                         QueryTable,
374                                         NULL,
375                                         NULL);
376 
377         ZwClose(ServiceKey);
378         ZwClose(CCSKey);
379 
380         if (!NT_SUCCESS(Status))
381         {
382             DPRINT1("RtlQueryRegistryValues() failed (Status %x)\n", Status);
383             return Status;
384         }
385     }
386 
387     /*
388      * Normalize the image path for all later processing.
389      */
390     Status = IopNormalizeImagePath(&ServiceImagePath, ServiceName);
391 
392     if (!NT_SUCCESS(Status))
393     {
394         DPRINT("IopNormalizeImagePath() failed (Status %x)\n", Status);
395         return Status;
396     }
397 
398     /*
399      * Case for disabled drivers
400      */
401     if (ServiceStart >= 4)
402     {
403         /* We can't load this */
404         Status = STATUS_DRIVER_UNABLE_TO_LOAD;
405     }
406     else
407     {
408         DPRINT("Loading module from %wZ\n", &ServiceImagePath);
409         Status = MmLoadSystemImage(&ServiceImagePath, NULL, NULL, 0, (PVOID)ModuleObject, &BaseAddress);
410         if (NT_SUCCESS(Status))
411         {
412             IopDisplayLoadingMessage(ServiceName);
413         }
414     }
415 
416     ExFreePool(ServiceImagePath.Buffer);
417 
418     /*
419      * Now check if the module was loaded successfully.
420      */
421     if (!NT_SUCCESS(Status))
422     {
423         DPRINT("Module loading failed (Status %x)\n", Status);
424     }
425 
426     DPRINT("Module loading (Status %x)\n", Status);
427 
428     return Status;
429 }
430 
431 VOID
432 NTAPI
433 MmFreeDriverInitialization(IN PLDR_DATA_TABLE_ENTRY LdrEntry);
434 
435 /*
436  * IopInitializeDriverModule
437  *
438  * Initialize a loaded driver.
439  *
440  * Parameters
441  *    DeviceNode
442  *       Pointer to device node.
443  *
444  *    ModuleObject
445  *       Module object representing the driver. It can be retrieve by
446  *       IopLoadServiceModule.
447  *
448  *    ServiceName
449  *       Name of the service (as in registry).
450  *
451  *    FileSystemDriver
452  *       Set to TRUE for file system drivers.
453  *
454  *    DriverObject
455  *       On successful return this contains the driver object representing
456  *       the loaded driver.
457  */
458 NTSTATUS
459 FASTCALL
460 IopInitializeDriverModule(
461     IN PDEVICE_NODE DeviceNode,
462     IN PLDR_DATA_TABLE_ENTRY ModuleObject,
463     IN PUNICODE_STRING ServiceName,
464     IN BOOLEAN FileSystemDriver,
465     OUT PDRIVER_OBJECT *DriverObject)
466 {
467     static const WCHAR ServicesKeyName[] = L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\";
468     UNICODE_STRING DriverName;
469     UNICODE_STRING RegistryKey;
470     PDRIVER_INITIALIZE DriverEntry;
471     PDRIVER_OBJECT Driver;
472     NTSTATUS Status;
473 
474     DriverEntry = ModuleObject->EntryPoint;
475 
476     if (ServiceName != NULL && ServiceName->Length != 0)
477     {
478         RegistryKey.Length = 0;
479         RegistryKey.MaximumLength = sizeof(ServicesKeyName) + ServiceName->Length;
480         RegistryKey.Buffer = ExAllocatePoolWithTag(PagedPool,
481                                                    RegistryKey.MaximumLength,
482                                                    TAG_IO);
483         if (RegistryKey.Buffer == NULL)
484         {
485             return STATUS_INSUFFICIENT_RESOURCES;
486         }
487         RtlAppendUnicodeToString(&RegistryKey, ServicesKeyName);
488         RtlAppendUnicodeStringToString(&RegistryKey, ServiceName);
489     }
490     else
491     {
492         RtlInitEmptyUnicodeString(&RegistryKey, NULL, 0);
493     }
494 
495     /* Create ModuleName string */
496     if (ServiceName && ServiceName->Length > 0)
497     {
498         DriverName.Length = 0;
499         DriverName.MaximumLength = sizeof(FILESYSTEM_ROOT_NAME) + ServiceName->Length;
500         DriverName.Buffer = ExAllocatePoolWithTag(PagedPool,
501                                                   DriverName.MaximumLength,
502                                                   TAG_IO);
503         if (DriverName.Buffer == NULL)
504         {
505             RtlFreeUnicodeString(&RegistryKey);
506             return STATUS_INSUFFICIENT_RESOURCES;
507         }
508 
509         if (FileSystemDriver != FALSE)
510             RtlAppendUnicodeToString(&DriverName, FILESYSTEM_ROOT_NAME);
511         else
512             RtlAppendUnicodeToString(&DriverName, DRIVER_ROOT_NAME);
513         RtlAppendUnicodeStringToString(&DriverName, ServiceName);
514 
515         DPRINT("Driver name: '%wZ'\n", &DriverName);
516     }
517     else
518     {
519         RtlInitEmptyUnicodeString(&DriverName, NULL, 0);
520     }
521 
522     Status = IopCreateDriver(DriverName.Length > 0 ? &DriverName : NULL,
523                              DriverEntry,
524                              &RegistryKey,
525                              ServiceName,
526                              ModuleObject,
527                              &Driver);
528     RtlFreeUnicodeString(&RegistryKey);
529     RtlFreeUnicodeString(&DriverName);
530 
531     if (!NT_SUCCESS(Status))
532     {
533         DPRINT("IopCreateDriver() failed (Status 0x%08lx)\n", Status);
534         return Status;
535     }
536 
537     *DriverObject = Driver;
538 
539     MmFreeDriverInitialization((PLDR_DATA_TABLE_ENTRY)Driver->DriverSection);
540 
541     /* Set the driver as initialized */
542     IopReadyDeviceObjects(Driver);
543 
544     if (PnpSystemInit) IopReinitializeDrivers();
545 
546     return STATUS_SUCCESS;
547 }
548 
549 /*
550  * IopAttachFilterDriversCallback
551  *
552  * Internal routine used by IopAttachFilterDrivers.
553  */
554 NTSTATUS
555 NTAPI
556 IopAttachFilterDriversCallback(
557     PWSTR ValueName,
558     ULONG ValueType,
559     PVOID ValueData,
560     ULONG ValueLength,
561     PVOID Context,
562     PVOID EntryContext)
563 {
564     PDEVICE_NODE DeviceNode = Context;
565     UNICODE_STRING ServiceName;
566     PWCHAR Filters;
567     PLDR_DATA_TABLE_ENTRY ModuleObject;
568     PDRIVER_OBJECT DriverObject;
569     NTSTATUS Status;
570 
571     /* No filter value present */
572     if (ValueType == REG_NONE)
573         return STATUS_SUCCESS;
574 
575     for (Filters = ValueData;
576          ((ULONG_PTR)Filters - (ULONG_PTR)ValueData) < ValueLength &&
577          *Filters != 0;
578          Filters += (ServiceName.Length / sizeof(WCHAR)) + 1)
579     {
580         DPRINT("Filter Driver: %S (%wZ)\n", Filters, &DeviceNode->InstancePath);
581 
582         ServiceName.Buffer = Filters;
583         ServiceName.MaximumLength =
584         ServiceName.Length = (USHORT)wcslen(Filters) * sizeof(WCHAR);
585 
586         KeEnterCriticalRegion();
587         ExAcquireResourceExclusiveLite(&IopDriverLoadResource, TRUE);
588         Status = IopGetDriverObject(&DriverObject,
589                                     &ServiceName,
590                                     FALSE);
591         if (!NT_SUCCESS(Status))
592         {
593             /* Load and initialize the filter driver */
594             Status = IopLoadServiceModule(&ServiceName, &ModuleObject);
595             if (!NT_SUCCESS(Status))
596             {
597                 ExReleaseResourceLite(&IopDriverLoadResource);
598                 KeLeaveCriticalRegion();
599                 return Status;
600             }
601 
602             Status = IopInitializeDriverModule(DeviceNode,
603                                                ModuleObject,
604                                                &ServiceName,
605                                                FALSE,
606                                                &DriverObject);
607             if (!NT_SUCCESS(Status))
608             {
609                 ExReleaseResourceLite(&IopDriverLoadResource);
610                 KeLeaveCriticalRegion();
611                 return Status;
612             }
613         }
614 
615         ExReleaseResourceLite(&IopDriverLoadResource);
616         KeLeaveCriticalRegion();
617 
618         Status = IopInitializeDevice(DeviceNode, DriverObject);
619 
620         /* Remove extra reference */
621         ObDereferenceObject(DriverObject);
622 
623         if (!NT_SUCCESS(Status))
624             return Status;
625     }
626 
627     return STATUS_SUCCESS;
628 }
629 
630 /*
631  * IopAttachFilterDrivers
632  *
633  * Load filter drivers for specified device node.
634  *
635  * Parameters
636  *    Lower
637  *       Set to TRUE for loading lower level filters or FALSE for upper
638  *       level filters.
639  */
640 NTSTATUS
641 FASTCALL
642 IopAttachFilterDrivers(
643     PDEVICE_NODE DeviceNode,
644     HANDLE EnumSubKey,
645     HANDLE ClassKey,
646     BOOLEAN Lower)
647 {
648     RTL_QUERY_REGISTRY_TABLE QueryTable[2] = { { NULL, 0, NULL, NULL, 0, NULL, 0 }, };
649     NTSTATUS Status;
650 
651     /*
652      * First load the device filters
653      */
654     QueryTable[0].QueryRoutine = IopAttachFilterDriversCallback;
655     if (Lower)
656         QueryTable[0].Name = L"LowerFilters";
657     else
658         QueryTable[0].Name = L"UpperFilters";
659     QueryTable[0].Flags = 0;
660     QueryTable[0].DefaultType = REG_NONE;
661 
662     Status = RtlQueryRegistryValues(RTL_REGISTRY_HANDLE,
663                                     (PWSTR)EnumSubKey,
664                                     QueryTable,
665                                     DeviceNode,
666                                     NULL);
667     if (!NT_SUCCESS(Status))
668     {
669         DPRINT1("Failed to load device %s filters: %08X\n",
670                 Lower ? "lower" : "upper", Status);
671         return Status;
672     }
673 
674     QueryTable[0].QueryRoutine = IopAttachFilterDriversCallback;
675     if (Lower)
676         QueryTable[0].Name = L"LowerFilters";
677     else
678         QueryTable[0].Name = L"UpperFilters";
679     QueryTable[0].EntryContext = NULL;
680     QueryTable[0].Flags = 0;
681     QueryTable[0].DefaultType = REG_NONE;
682 
683     if (ClassKey == NULL)
684     {
685         return STATUS_SUCCESS;
686     }
687 
688     Status = RtlQueryRegistryValues(RTL_REGISTRY_HANDLE,
689                                     (PWSTR)ClassKey,
690                                     QueryTable,
691                                     DeviceNode,
692                                     NULL);
693 
694     if (!NT_SUCCESS(Status))
695     {
696         DPRINT1("Failed to load class %s filters: %08X\n",
697                 Lower ? "lower" : "upper", Status);
698         return Status;
699     }
700 
701     return STATUS_SUCCESS;
702 }
703 
704 NTSTATUS
705 NTAPI
706 MiResolveImageReferences(IN PVOID ImageBase,
707                          IN PUNICODE_STRING ImageFileDirectory,
708                          IN PUNICODE_STRING NamePrefix OPTIONAL,
709                          OUT PCHAR *MissingApi,
710                          OUT PWCHAR *MissingDriver,
711                          OUT PLOAD_IMPORTS *LoadImports);
712 
713 //
714 // Used for images already loaded (boot drivers)
715 //
716 INIT_FUNCTION
717 NTSTATUS
718 NTAPI
719 LdrProcessDriverModule(PLDR_DATA_TABLE_ENTRY LdrEntry,
720                        PUNICODE_STRING FileName,
721                        PLDR_DATA_TABLE_ENTRY *ModuleObject)
722 {
723     NTSTATUS Status;
724     UNICODE_STRING BaseName, BaseDirectory;
725     PLOAD_IMPORTS LoadedImports = (PVOID)-2;
726     PCHAR MissingApiName, Buffer;
727     PWCHAR MissingDriverName;
728     PVOID DriverBase = LdrEntry->DllBase;
729 
730     /* Allocate a buffer we'll use for names */
731     Buffer = ExAllocatePoolWithTag(NonPagedPool, MAX_PATH, TAG_LDR_WSTR);
732     if (!Buffer)
733     {
734         /* Fail */
735         return STATUS_INSUFFICIENT_RESOURCES;
736     }
737 
738     /* Check for a separator */
739     if (FileName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR)
740     {
741         PWCHAR p;
742         ULONG BaseLength;
743 
744         /* Loop the path until we get to the base name */
745         p = &FileName->Buffer[FileName->Length / sizeof(WCHAR)];
746         while (*(p - 1) != OBJ_NAME_PATH_SEPARATOR) p--;
747 
748         /* Get the length */
749         BaseLength = (ULONG)(&FileName->Buffer[FileName->Length / sizeof(WCHAR)] - p);
750         BaseLength *= sizeof(WCHAR);
751 
752         /* Setup the string */
753         BaseName.Length = (USHORT)BaseLength;
754         BaseName.Buffer = p;
755     }
756     else
757     {
758         /* Otherwise, we already have a base name */
759         BaseName.Length = FileName->Length;
760         BaseName.Buffer = FileName->Buffer;
761     }
762 
763     /* Setup the maximum length */
764     BaseName.MaximumLength = BaseName.Length;
765 
766     /* Now compute the base directory */
767     BaseDirectory = *FileName;
768     BaseDirectory.Length -= BaseName.Length;
769     BaseDirectory.MaximumLength = BaseDirectory.Length;
770 
771     /* Resolve imports */
772     MissingApiName = Buffer;
773     Status = MiResolveImageReferences(DriverBase,
774                                       &BaseDirectory,
775                                       NULL,
776                                       &MissingApiName,
777                                       &MissingDriverName,
778                                       &LoadedImports);
779 
780     /* Free the temporary buffer */
781     ExFreePoolWithTag(Buffer, TAG_LDR_WSTR);
782 
783     /* Check the result of the imports resolution */
784     if (!NT_SUCCESS(Status)) return Status;
785 
786     /* Return */
787     *ModuleObject = LdrEntry;
788     return STATUS_SUCCESS;
789 }
790 
791 /*
792  * IopInitializeBuiltinDriver
793  *
794  * Initialize a driver that is already loaded in memory.
795  */
796 INIT_FUNCTION
797 NTSTATUS
798 NTAPI
799 IopInitializeBuiltinDriver(IN PLDR_DATA_TABLE_ENTRY BootLdrEntry)
800 {
801     PDEVICE_NODE DeviceNode;
802     PDRIVER_OBJECT DriverObject;
803     NTSTATUS Status;
804     PWCHAR Buffer, FileNameWithoutPath;
805     PWSTR FileExtension;
806     PUNICODE_STRING ModuleName = &BootLdrEntry->BaseDllName;
807     PLDR_DATA_TABLE_ENTRY LdrEntry;
808     PLIST_ENTRY NextEntry;
809     UNICODE_STRING ServiceName;
810     BOOLEAN Success;
811 
812     /*
813      * Display 'Loading XXX...' message
814      */
815     IopDisplayLoadingMessage(ModuleName);
816     InbvIndicateProgress();
817 
818     Buffer = ExAllocatePoolWithTag(PagedPool,
819                                    ModuleName->Length + sizeof(UNICODE_NULL),
820                                    TAG_IO);
821     if (Buffer == NULL)
822     {
823         return STATUS_INSUFFICIENT_RESOURCES;
824     }
825 
826     RtlCopyMemory(Buffer, ModuleName->Buffer, ModuleName->Length);
827     Buffer[ModuleName->Length / sizeof(WCHAR)] = UNICODE_NULL;
828 
829     /*
830      * Generate filename without path (not needed by freeldr)
831      */
832     FileNameWithoutPath = wcsrchr(Buffer, L'\\');
833     if (FileNameWithoutPath == NULL)
834     {
835         FileNameWithoutPath = Buffer;
836     }
837     else
838     {
839         FileNameWithoutPath++;
840     }
841 
842     /*
843      * Strip the file extension from ServiceName
844      */
845     Success = RtlCreateUnicodeString(&ServiceName, FileNameWithoutPath);
846     ExFreePoolWithTag(Buffer, TAG_IO);
847     if (!Success)
848     {
849         return STATUS_INSUFFICIENT_RESOURCES;
850     }
851 
852     FileExtension = wcsrchr(ServiceName.Buffer, L'.');
853     if (FileExtension != NULL)
854     {
855         ServiceName.Length -= (USHORT)wcslen(FileExtension) * sizeof(WCHAR);
856         FileExtension[0] = UNICODE_NULL;
857     }
858 
859     /*
860      * Determine the right device object
861      */
862     /* Use IopRootDeviceNode for now */
863     Status = IopCreateDeviceNode(IopRootDeviceNode,
864                                  NULL,
865                                  &ServiceName,
866                                  &DeviceNode);
867     RtlFreeUnicodeString(&ServiceName);
868     if (!NT_SUCCESS(Status))
869     {
870         DPRINT1("Driver '%wZ' load failed, status (%x)\n", ModuleName, Status);
871         return Status;
872     }
873 
874     /* Lookup the new Ldr entry in PsLoadedModuleList */
875     NextEntry = PsLoadedModuleList.Flink;
876     while (NextEntry != &PsLoadedModuleList)
877     {
878         LdrEntry = CONTAINING_RECORD(NextEntry,
879                                      LDR_DATA_TABLE_ENTRY,
880                                      InLoadOrderLinks);
881         if (RtlEqualUnicodeString(ModuleName, &LdrEntry->BaseDllName, TRUE))
882         {
883             break;
884         }
885 
886         NextEntry = NextEntry->Flink;
887     }
888     ASSERT(NextEntry != &PsLoadedModuleList);
889 
890     /*
891      * Initialize the driver
892      */
893     Status = IopInitializeDriverModule(DeviceNode,
894                                        LdrEntry,
895                                        &DeviceNode->ServiceName,
896                                        FALSE,
897                                        &DriverObject);
898 
899     if (!NT_SUCCESS(Status))
900     {
901         return Status;
902     }
903 
904     Status = IopInitializeDevice(DeviceNode, DriverObject);
905     if (NT_SUCCESS(Status))
906     {
907         Status = IopStartDevice(DeviceNode);
908     }
909 
910     /* Remove extra reference from IopInitializeDriverModule */
911     ObDereferenceObject(DriverObject);
912 
913     return Status;
914 }
915 
916 /*
917  * IopInitializeBootDrivers
918  *
919  * Initialize boot drivers and free memory for boot files.
920  *
921  * Parameters
922  *    None
923  *
924  * Return Value
925  *    None
926  */
927 INIT_FUNCTION
928 VOID
929 FASTCALL
930 IopInitializeBootDrivers(VOID)
931 {
932     PLIST_ENTRY ListHead, NextEntry, NextEntry2;
933     PLDR_DATA_TABLE_ENTRY LdrEntry;
934     PDEVICE_NODE DeviceNode;
935     PDRIVER_OBJECT DriverObject;
936     LDR_DATA_TABLE_ENTRY ModuleObject;
937     NTSTATUS Status;
938     UNICODE_STRING DriverName;
939     ULONG i, Index;
940     PDRIVER_INFORMATION DriverInfo, DriverInfoTag;
941     HANDLE KeyHandle;
942     PBOOT_DRIVER_LIST_ENTRY BootEntry;
943     DPRINT("IopInitializeBootDrivers()\n");
944 
945     /* Use IopRootDeviceNode for now */
946     Status = IopCreateDeviceNode(IopRootDeviceNode, NULL, NULL, &DeviceNode);
947     if (!NT_SUCCESS(Status)) return;
948 
949     /* Setup the module object for the RAW FS Driver */
950     ModuleObject.DllBase = NULL;
951     ModuleObject.SizeOfImage = 0;
952     ModuleObject.EntryPoint = RawFsDriverEntry;
953     RtlInitUnicodeString(&DriverName, L"RAW");
954 
955     /* Initialize it */
956     Status = IopInitializeDriverModule(DeviceNode,
957                                        &ModuleObject,
958                                        &DriverName,
959                                        TRUE,
960                                        &DriverObject);
961     if (!NT_SUCCESS(Status))
962     {
963         /* Fail */
964         return;
965     }
966 
967     /* Now initialize the associated device */
968     Status = IopInitializeDevice(DeviceNode, DriverObject);
969     if (!NT_SUCCESS(Status))
970     {
971         /* Fail */
972         ObDereferenceObject(DriverObject);
973         return;
974     }
975 
976     /* Start it up */
977     Status = IopStartDevice(DeviceNode);
978     if (!NT_SUCCESS(Status))
979     {
980         /* Fail */
981         ObDereferenceObject(DriverObject);
982         return;
983     }
984 
985     /* Get highest group order index */
986     IopGroupIndex = PpInitGetGroupOrderIndex(NULL);
987     if (IopGroupIndex == 0xFFFF) ASSERT(FALSE);
988 
989     /* Allocate the group table */
990     IopGroupTable = ExAllocatePoolWithTag(PagedPool,
991                                           IopGroupIndex * sizeof(LIST_ENTRY),
992                                           TAG_IO);
993     if (IopGroupTable == NULL) ASSERT(FALSE);
994 
995     /* Initialize the group table lists */
996     for (i = 0; i < IopGroupIndex; i++) InitializeListHead(&IopGroupTable[i]);
997 
998     /* Loop the boot modules */
999     ListHead = &KeLoaderBlock->LoadOrderListHead;
1000     NextEntry = ListHead->Flink;
1001     while (ListHead != NextEntry)
1002     {
1003         /* Get the entry */
1004         LdrEntry = CONTAINING_RECORD(NextEntry,
1005                                      LDR_DATA_TABLE_ENTRY,
1006                                      InLoadOrderLinks);
1007 
1008         /* Check if the DLL needs to be initialized */
1009         if (LdrEntry->Flags & LDRP_DRIVER_DEPENDENT_DLL)
1010         {
1011             /* Call its entrypoint */
1012             MmCallDllInitialize(LdrEntry, NULL);
1013         }
1014 
1015         /* Go to the next driver */
1016         NextEntry = NextEntry->Flink;
1017     }
1018 
1019     /* Loop the boot drivers */
1020     ListHead = &KeLoaderBlock->BootDriverListHead;
1021     NextEntry = ListHead->Flink;
1022     while (ListHead != NextEntry)
1023     {
1024         /* Get the entry */
1025         BootEntry = CONTAINING_RECORD(NextEntry,
1026                                       BOOT_DRIVER_LIST_ENTRY,
1027                                       Link);
1028 
1029         /* Get the driver loader entry */
1030         LdrEntry = BootEntry->LdrEntry;
1031 
1032         /* Allocate our internal accounting structure */
1033         DriverInfo = ExAllocatePoolWithTag(PagedPool,
1034                                            sizeof(DRIVER_INFORMATION),
1035                                            TAG_IO);
1036         if (DriverInfo)
1037         {
1038             /* Zero it and initialize it */
1039             RtlZeroMemory(DriverInfo, sizeof(DRIVER_INFORMATION));
1040             InitializeListHead(&DriverInfo->Link);
1041             DriverInfo->DataTableEntry = BootEntry;
1042 
1043             /* Open the registry key */
1044             Status = IopOpenRegistryKeyEx(&KeyHandle,
1045                                           NULL,
1046                                           &BootEntry->RegistryPath,
1047                                           KEY_READ);
1048             DPRINT("IopOpenRegistryKeyEx(%wZ) returned 0x%08lx\n", &BootEntry->RegistryPath, Status);
1049 #if 0
1050             if (NT_SUCCESS(Status))
1051 #else // Hack still needed...
1052             if ((NT_SUCCESS(Status)) || /* ReactOS HACK for SETUPLDR */
1053                 ((KeLoaderBlock->SetupLdrBlock) && ((KeyHandle = (PVOID)1)))) // yes, it's an assignment!
1054 #endif
1055             {
1056                 /* Save the handle */
1057                 DriverInfo->ServiceHandle = KeyHandle;
1058 
1059                 /* Get the group oder index */
1060                 Index = PpInitGetGroupOrderIndex(KeyHandle);
1061 
1062                 /* Get the tag position */
1063                 DriverInfo->TagPosition = PipGetDriverTagPriority(KeyHandle);
1064 
1065                 /* Insert it into the list, at the right place */
1066                 ASSERT(Index < IopGroupIndex);
1067                 NextEntry2 = IopGroupTable[Index].Flink;
1068                 while (NextEntry2 != &IopGroupTable[Index])
1069                 {
1070                     /* Get the driver info */
1071                     DriverInfoTag = CONTAINING_RECORD(NextEntry2,
1072                                                       DRIVER_INFORMATION,
1073                                                       Link);
1074 
1075                     /* Check if we found the right tag position */
1076                     if (DriverInfoTag->TagPosition > DriverInfo->TagPosition)
1077                     {
1078                         /* We're done */
1079                         break;
1080                     }
1081 
1082                     /* Next entry */
1083                     NextEntry2 = NextEntry2->Flink;
1084                 }
1085 
1086                 /* Insert us right before the next entry */
1087                 NextEntry2 = NextEntry2->Blink;
1088                 InsertHeadList(NextEntry2, &DriverInfo->Link);
1089             }
1090         }
1091 
1092         /* Go to the next driver */
1093         NextEntry = NextEntry->Flink;
1094     }
1095 
1096     /* Loop each group index */
1097     for (i = 0; i < IopGroupIndex; i++)
1098     {
1099         /* Loop each group table */
1100         NextEntry = IopGroupTable[i].Flink;
1101         while (NextEntry != &IopGroupTable[i])
1102         {
1103             /* Get the entry */
1104             DriverInfo = CONTAINING_RECORD(NextEntry,
1105                                            DRIVER_INFORMATION,
1106                                            Link);
1107 
1108             /* Get the driver loader entry */
1109             LdrEntry = DriverInfo->DataTableEntry->LdrEntry;
1110 
1111             /* Initialize it */
1112             IopInitializeBuiltinDriver(LdrEntry);
1113 
1114             /* Next entry */
1115             NextEntry = NextEntry->Flink;
1116         }
1117     }
1118 
1119     /* In old ROS, the loader list became empty after this point. Simulate. */
1120     InitializeListHead(&KeLoaderBlock->LoadOrderListHead);
1121 }
1122 
1123 INIT_FUNCTION
1124 VOID
1125 FASTCALL
1126 IopInitializeSystemDrivers(VOID)
1127 {
1128     PUNICODE_STRING *DriverList, *SavedList;
1129 
1130     /* No system drivers on the boot cd */
1131     if (KeLoaderBlock->SetupLdrBlock) return; // ExpInTextModeSetup
1132 
1133     /* Get the driver list */
1134     SavedList = DriverList = CmGetSystemDriverList();
1135     ASSERT(DriverList);
1136 
1137     /* Loop it */
1138     while (*DriverList)
1139     {
1140         /* Load the driver */
1141         ZwLoadDriver(*DriverList);
1142 
1143         /* Free the entry */
1144         RtlFreeUnicodeString(*DriverList);
1145         ExFreePool(*DriverList);
1146 
1147         /* Next entry */
1148         InbvIndicateProgress();
1149         DriverList++;
1150     }
1151 
1152     /* Free the list */
1153     ExFreePool(SavedList);
1154 }
1155 
1156 /*
1157  * IopUnloadDriver
1158  *
1159  * Unloads a device driver.
1160  *
1161  * Parameters
1162  *    DriverServiceName
1163  *       Name of the service to unload (registry key).
1164  *
1165  *    UnloadPnpDrivers
1166  *       Whether to unload Plug & Plug or only legacy drivers. If this
1167  *       parameter is set to FALSE, the routine will unload only legacy
1168  *       drivers.
1169  *
1170  * Return Value
1171  *    Status
1172  *
1173  * To do
1174  *    Guard the whole function by SEH.
1175  */
1176 
1177 NTSTATUS NTAPI
1178 IopUnloadDriver(PUNICODE_STRING DriverServiceName, BOOLEAN UnloadPnpDrivers)
1179 {
1180     RTL_QUERY_REGISTRY_TABLE QueryTable[2];
1181     UNICODE_STRING ImagePath;
1182     UNICODE_STRING ServiceName;
1183     UNICODE_STRING ObjectName;
1184     PDRIVER_OBJECT DriverObject;
1185     PDEVICE_OBJECT DeviceObject;
1186     PEXTENDED_DEVOBJ_EXTENSION DeviceExtension;
1187     NTSTATUS Status;
1188     PWSTR Start;
1189     BOOLEAN SafeToUnload = TRUE;
1190     KPROCESSOR_MODE PreviousMode;
1191     UNICODE_STRING CapturedServiceName;
1192 
1193     PAGED_CODE();
1194 
1195     PreviousMode = ExGetPreviousMode();
1196 
1197     /* Need the appropriate priviliege */
1198     if (!SeSinglePrivilegeCheck(SeLoadDriverPrivilege, PreviousMode))
1199     {
1200         DPRINT1("No unload privilege!\n");
1201         return STATUS_PRIVILEGE_NOT_HELD;
1202     }
1203 
1204     /* Capture the service name */
1205     Status = ProbeAndCaptureUnicodeString(&CapturedServiceName, PreviousMode, DriverServiceName);
1206     if (!NT_SUCCESS(Status))
1207     {
1208         return Status;
1209     }
1210 
1211     DPRINT("IopUnloadDriver('%wZ', %u)\n", &CapturedServiceName, UnloadPnpDrivers);
1212 
1213 
1214     /* We need a service name */
1215     if (CapturedServiceName.Length == 0)
1216     {
1217         ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
1218         return STATUS_INVALID_PARAMETER;
1219     }
1220 
1221     /*
1222      * Get the service name from the registry key name
1223      */
1224     Start = wcsrchr(CapturedServiceName.Buffer, L'\\');
1225     if (Start == NULL)
1226         Start = CapturedServiceName.Buffer;
1227     else
1228         Start++;
1229 
1230     RtlInitUnicodeString(&ServiceName, Start);
1231 
1232     /*
1233      * Construct the driver object name
1234      */
1235     ObjectName.Length = ((USHORT)wcslen(Start) + 8) * sizeof(WCHAR);
1236     ObjectName.MaximumLength = ObjectName.Length + sizeof(WCHAR);
1237     ObjectName.Buffer = ExAllocatePoolWithTag(PagedPool,
1238                                               ObjectName.MaximumLength,
1239                                               TAG_IO);
1240     if (!ObjectName.Buffer)
1241     {
1242         ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
1243         return STATUS_INSUFFICIENT_RESOURCES;
1244     }
1245     wcscpy(ObjectName.Buffer, DRIVER_ROOT_NAME);
1246     memcpy(ObjectName.Buffer + 8, Start, ObjectName.Length - 8 * sizeof(WCHAR));
1247     ObjectName.Buffer[ObjectName.Length/sizeof(WCHAR)] = UNICODE_NULL;
1248 
1249     /*
1250      * Find the driver object
1251      */
1252     Status = ObReferenceObjectByName(&ObjectName,
1253                                      0,
1254                                      0,
1255                                      0,
1256                                      IoDriverObjectType,
1257                                      KernelMode,
1258                                      0,
1259                                      (PVOID*)&DriverObject);
1260 
1261     if (!NT_SUCCESS(Status))
1262     {
1263         DPRINT1("Can't locate driver object for %wZ\n", &ObjectName);
1264         ExFreePoolWithTag(ObjectName.Buffer, TAG_IO);
1265         ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
1266         return Status;
1267     }
1268 
1269     /* Free the buffer for driver object name */
1270     ExFreePoolWithTag(ObjectName.Buffer, TAG_IO);
1271 
1272     /* Check that driver is not already unloading */
1273     if (DriverObject->Flags & DRVO_UNLOAD_INVOKED)
1274     {
1275         DPRINT1("Driver deletion pending\n");
1276         ObDereferenceObject(DriverObject);
1277         ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
1278         return STATUS_DELETE_PENDING;
1279     }
1280 
1281     /*
1282      * Get path of service...
1283      */
1284     RtlZeroMemory(QueryTable, sizeof(QueryTable));
1285 
1286     RtlInitUnicodeString(&ImagePath, NULL);
1287 
1288     QueryTable[0].Name = L"ImagePath";
1289     QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
1290     QueryTable[0].EntryContext = &ImagePath;
1291 
1292     Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
1293                                     CapturedServiceName.Buffer,
1294                                     QueryTable,
1295                                     NULL,
1296                                     NULL);
1297 
1298     /* We no longer need service name */
1299     ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
1300 
1301     if (!NT_SUCCESS(Status))
1302     {
1303         DPRINT1("RtlQueryRegistryValues() failed (Status %x)\n", Status);
1304         ObDereferenceObject(DriverObject);
1305         return Status;
1306     }
1307 
1308     /*
1309      * Normalize the image path for all later processing.
1310      */
1311     Status = IopNormalizeImagePath(&ImagePath, &ServiceName);
1312 
1313     if (!NT_SUCCESS(Status))
1314     {
1315         DPRINT1("IopNormalizeImagePath() failed (Status %x)\n", Status);
1316         ObDereferenceObject(DriverObject);
1317         return Status;
1318     }
1319 
1320     /* Free the service path */
1321     ExFreePool(ImagePath.Buffer);
1322 
1323     /*
1324      * Unload the module and release the references to the device object
1325      */
1326 
1327     /* Call the load/unload routine, depending on current process */
1328     if (DriverObject->DriverUnload && DriverObject->DriverSection &&
1329         (UnloadPnpDrivers || (DriverObject->Flags & DRVO_LEGACY_DRIVER)))
1330     {
1331         /* Loop through each device object of the driver
1332            and set DOE_UNLOAD_PENDING flag */
1333         DeviceObject = DriverObject->DeviceObject;
1334         while (DeviceObject)
1335         {
1336             /* Set the unload pending flag for the device */
1337             DeviceExtension = IoGetDevObjExtension(DeviceObject);
1338             DeviceExtension->ExtensionFlags |= DOE_UNLOAD_PENDING;
1339 
1340             /* Make sure there are no attached devices or no reference counts */
1341             if ((DeviceObject->ReferenceCount) || (DeviceObject->AttachedDevice))
1342             {
1343                 /* Not safe to unload */
1344                 DPRINT1("Drivers device object is referenced or has attached devices\n");
1345 
1346                 SafeToUnload = FALSE;
1347             }
1348 
1349             DeviceObject = DeviceObject->NextDevice;
1350         }
1351 
1352         /* If not safe to unload, then return success */
1353         if (!SafeToUnload)
1354         {
1355             ObDereferenceObject(DriverObject);
1356             return STATUS_SUCCESS;
1357         }
1358 
1359         DPRINT1("Unloading driver '%wZ' (manual)\n", &DriverObject->DriverName);
1360 
1361         /* Set the unload invoked flag and call the unload routine */
1362         DriverObject->Flags |= DRVO_UNLOAD_INVOKED;
1363         Status = IopLoadUnloadDriver(NULL, &DriverObject);
1364         ASSERT(Status == STATUS_SUCCESS);
1365 
1366         /* Mark the driver object temporary, so it could be deleted later */
1367         ObMakeTemporaryObject(DriverObject);
1368 
1369         /* Dereference it 2 times */
1370         ObDereferenceObject(DriverObject);
1371         ObDereferenceObject(DriverObject);
1372 
1373         return Status;
1374     }
1375     else
1376     {
1377         DPRINT1("No DriverUnload function! '%wZ' will not be unloaded!\n", &DriverObject->DriverName);
1378 
1379         /* Dereference one time (refd inside this function) */
1380         ObDereferenceObject(DriverObject);
1381 
1382         /* Return unloading failure */
1383         return STATUS_INVALID_DEVICE_REQUEST;
1384     }
1385 }
1386 
1387 VOID
1388 NTAPI
1389 IopReinitializeDrivers(VOID)
1390 {
1391     PDRIVER_REINIT_ITEM ReinitItem;
1392     PLIST_ENTRY Entry;
1393 
1394     /* Get the first entry and start looping */
1395     Entry = ExInterlockedRemoveHeadList(&DriverReinitListHead,
1396                                         &DriverReinitListLock);
1397     while (Entry)
1398     {
1399         /* Get the item */
1400         ReinitItem = CONTAINING_RECORD(Entry, DRIVER_REINIT_ITEM, ItemEntry);
1401 
1402         /* Increment reinitialization counter */
1403         ReinitItem->DriverObject->DriverExtension->Count++;
1404 
1405         /* Remove the device object flag */
1406         ReinitItem->DriverObject->Flags &= ~DRVO_REINIT_REGISTERED;
1407 
1408         /* Call the routine */
1409         ReinitItem->ReinitRoutine(ReinitItem->DriverObject,
1410                                   ReinitItem->Context,
1411                                   ReinitItem->DriverObject->
1412                                   DriverExtension->Count);
1413 
1414         /* Free the entry */
1415         ExFreePool(Entry);
1416 
1417         /* Move to the next one */
1418         Entry = ExInterlockedRemoveHeadList(&DriverReinitListHead,
1419                                             &DriverReinitListLock);
1420     }
1421 }
1422 
1423 VOID
1424 NTAPI
1425 IopReinitializeBootDrivers(VOID)
1426 {
1427     PDRIVER_REINIT_ITEM ReinitItem;
1428     PLIST_ENTRY Entry;
1429 
1430     /* Get the first entry and start looping */
1431     Entry = ExInterlockedRemoveHeadList(&DriverBootReinitListHead,
1432                                         &DriverBootReinitListLock);
1433     while (Entry)
1434     {
1435         /* Get the item */
1436         ReinitItem = CONTAINING_RECORD(Entry, DRIVER_REINIT_ITEM, ItemEntry);
1437 
1438         /* Increment reinitialization counter */
1439         ReinitItem->DriverObject->DriverExtension->Count++;
1440 
1441         /* Remove the device object flag */
1442         ReinitItem->DriverObject->Flags &= ~DRVO_BOOTREINIT_REGISTERED;
1443 
1444         /* Call the routine */
1445         ReinitItem->ReinitRoutine(ReinitItem->DriverObject,
1446                                   ReinitItem->Context,
1447                                   ReinitItem->DriverObject->
1448                                   DriverExtension->Count);
1449 
1450         /* Free the entry */
1451         ExFreePool(Entry);
1452 
1453         /* Move to the next one */
1454         Entry = ExInterlockedRemoveHeadList(&DriverBootReinitListHead,
1455                                             &DriverBootReinitListLock);
1456     }
1457 }
1458 
1459 NTSTATUS
1460 NTAPI
1461 IopCreateDriver(IN PUNICODE_STRING DriverName OPTIONAL,
1462                 IN PDRIVER_INITIALIZE InitializationFunction,
1463                 IN PUNICODE_STRING RegistryPath OPTIONAL,
1464                 IN PCUNICODE_STRING ServiceName,
1465                 IN PLDR_DATA_TABLE_ENTRY ModuleObject OPTIONAL,
1466                 OUT PDRIVER_OBJECT *pDriverObject)
1467 {
1468     WCHAR NameBuffer[100];
1469     USHORT NameLength;
1470     UNICODE_STRING LocalDriverName;
1471     NTSTATUS Status;
1472     OBJECT_ATTRIBUTES ObjectAttributes;
1473     ULONG ObjectSize;
1474     PDRIVER_OBJECT DriverObject;
1475     UNICODE_STRING ServiceKeyName;
1476     HANDLE hDriver;
1477     ULONG i, RetryCount = 0;
1478 
1479 try_again:
1480     /* First, create a unique name for the driver if we don't have one */
1481     if (!DriverName)
1482     {
1483         /* Create a random name and set up the string */
1484         NameLength = (USHORT)swprintf(NameBuffer,
1485                                       DRIVER_ROOT_NAME L"%08u",
1486                                       KeTickCount.LowPart);
1487         LocalDriverName.Length = NameLength * sizeof(WCHAR);
1488         LocalDriverName.MaximumLength = LocalDriverName.Length + sizeof(UNICODE_NULL);
1489         LocalDriverName.Buffer = NameBuffer;
1490     }
1491     else
1492     {
1493         /* So we can avoid another code path, use a local var */
1494         LocalDriverName = *DriverName;
1495     }
1496 
1497     /* Initialize the Attributes */
1498     ObjectSize = sizeof(DRIVER_OBJECT) + sizeof(EXTENDED_DRIVER_EXTENSION);
1499     InitializeObjectAttributes(&ObjectAttributes,
1500                                &LocalDriverName,
1501                                OBJ_PERMANENT | OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
1502                                NULL,
1503                                NULL);
1504 
1505     /* Create the Object */
1506     Status = ObCreateObject(KernelMode,
1507                             IoDriverObjectType,
1508                             &ObjectAttributes,
1509                             KernelMode,
1510                             NULL,
1511                             ObjectSize,
1512                             0,
1513                             0,
1514                             (PVOID*)&DriverObject);
1515     if (!NT_SUCCESS(Status)) return Status;
1516 
1517     DPRINT("IopCreateDriver(): created DO %p\n", DriverObject);
1518 
1519     /* Set up the Object */
1520     RtlZeroMemory(DriverObject, ObjectSize);
1521     DriverObject->Type = IO_TYPE_DRIVER;
1522     DriverObject->Size = sizeof(DRIVER_OBJECT);
1523 
1524     /*
1525      * Check whether RegistryPath and ModuleObject are both NULL because
1526      * IoCreateDriver() was called to initialize a built-in driver.
1527      */
1528     if ((RegistryPath != NULL) || (ModuleObject != NULL))
1529         DriverObject->Flags = DRVO_LEGACY_DRIVER;
1530     else
1531         DriverObject->Flags = DRVO_BUILTIN_DRIVER;
1532 
1533     DriverObject->DriverExtension = (PDRIVER_EXTENSION)(DriverObject + 1);
1534     DriverObject->DriverExtension->DriverObject = DriverObject;
1535     DriverObject->DriverInit = InitializationFunction;
1536     DriverObject->DriverSection = ModuleObject;
1537     /* Loop all Major Functions */
1538     for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
1539     {
1540         /* Invalidate each function */
1541         DriverObject->MajorFunction[i] = IopInvalidDeviceRequest;
1542     }
1543 
1544     /* Set up the service key name buffer */
1545     ServiceKeyName.MaximumLength = ServiceName->Length + sizeof(UNICODE_NULL);
1546     ServiceKeyName.Buffer = ExAllocatePoolWithTag(NonPagedPool,
1547                                                   ServiceKeyName.MaximumLength,
1548                                                   TAG_IO);
1549     if (!ServiceKeyName.Buffer)
1550     {
1551         /* Fail */
1552         ObMakeTemporaryObject(DriverObject);
1553         ObDereferenceObject(DriverObject);
1554         return STATUS_INSUFFICIENT_RESOURCES;
1555     }
1556 
1557     /* Copy the name and set it in the driver extension */
1558     RtlCopyUnicodeString(&ServiceKeyName,
1559                          ServiceName);
1560     DriverObject->DriverExtension->ServiceKeyName = ServiceKeyName;
1561 
1562     /* Make a copy of the driver name to store in the driver object */
1563     DriverObject->DriverName.MaximumLength = LocalDriverName.Length;
1564     DriverObject->DriverName.Buffer = ExAllocatePoolWithTag(PagedPool,
1565                                                             DriverObject->DriverName.MaximumLength,
1566                                                             TAG_IO);
1567     if (!DriverObject->DriverName.Buffer)
1568     {
1569         /* Fail */
1570         ObMakeTemporaryObject(DriverObject);
1571         ObDereferenceObject(DriverObject);
1572         return STATUS_INSUFFICIENT_RESOURCES;
1573     }
1574 
1575     RtlCopyUnicodeString(&DriverObject->DriverName,
1576                          &LocalDriverName);
1577 
1578     /* Add the Object and get its handle */
1579     Status = ObInsertObject(DriverObject,
1580                             NULL,
1581                             FILE_READ_DATA,
1582                             0,
1583                             NULL,
1584                             &hDriver);
1585 
1586     /* Eliminate small possibility when this function is called more than
1587        once in a row, and KeTickCount doesn't get enough time to change */
1588     if (!DriverName && (Status == STATUS_OBJECT_NAME_COLLISION) && (RetryCount < 100))
1589     {
1590         RetryCount++;
1591         goto try_again;
1592     }
1593 
1594     if (!NT_SUCCESS(Status)) return Status;
1595 
1596     /* Now reference it */
1597     Status = ObReferenceObjectByHandle(hDriver,
1598                                        0,
1599                                        IoDriverObjectType,
1600                                        KernelMode,
1601                                        (PVOID*)&DriverObject,
1602                                        NULL);
1603 
1604     /* Close the extra handle */
1605     ZwClose(hDriver);
1606 
1607     if (!NT_SUCCESS(Status))
1608     {
1609         /* Fail */
1610         ObMakeTemporaryObject(DriverObject);
1611         ObDereferenceObject(DriverObject);
1612         return Status;
1613     }
1614 
1615     DriverObject->HardwareDatabase = &IopHardwareDatabaseKey;
1616     DriverObject->DriverStart = ModuleObject ? ModuleObject->DllBase : 0;
1617     DriverObject->DriverSize = ModuleObject ? ModuleObject->SizeOfImage : 0;
1618 
1619     /* Finally, call its init function */
1620     DPRINT("RegistryKey: %wZ\n", RegistryPath);
1621     DPRINT("Calling driver entrypoint at %p\n", InitializationFunction);
1622     Status = (*InitializationFunction)(DriverObject, RegistryPath);
1623     if (!NT_SUCCESS(Status))
1624     {
1625         /* If it didn't work, then kill the object */
1626         DPRINT1("'%wZ' initialization failed, status (0x%08lx)\n", DriverName, Status);
1627         DriverObject->DriverSection = NULL;
1628         ObMakeTemporaryObject(DriverObject);
1629         ObDereferenceObject(DriverObject);
1630         return Status;
1631     }
1632     else
1633     {
1634         /* Returns to caller the object */
1635         *pDriverObject = DriverObject;
1636     }
1637 
1638     /* We're going to say if we don't have any DOs from DriverEntry, then we're not legacy.
1639      * Other parts of the I/O manager depend on this behavior */
1640     if (!DriverObject->DeviceObject) DriverObject->Flags &= ~DRVO_LEGACY_DRIVER;
1641 
1642     /* Loop all Major Functions */
1643     for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
1644     {
1645         /*
1646          * Make sure the driver didn't set any dispatch entry point to NULL!
1647          * Doing so is illegal; drivers shouldn't touch entry points they
1648          * do not implement.
1649          */
1650 
1651         /* Check if it did so anyway */
1652         if (!DriverObject->MajorFunction[i])
1653         {
1654             /* Print a warning in the debug log */
1655             DPRINT1("Driver <%wZ> set DriverObject->MajorFunction[%lu] to NULL!\n",
1656                     &DriverObject->DriverName, i);
1657 
1658             /* Fix it up */
1659             DriverObject->MajorFunction[i] = IopInvalidDeviceRequest;
1660         }
1661     }
1662 
1663     /* Return the Status */
1664     return Status;
1665 }
1666 
1667 /* PUBLIC FUNCTIONS ***********************************************************/
1668 
1669 /*
1670  * @implemented
1671  */
1672 NTSTATUS
1673 NTAPI
1674 IoCreateDriver(IN PUNICODE_STRING DriverName OPTIONAL,
1675                IN PDRIVER_INITIALIZE InitializationFunction)
1676 {
1677     PDRIVER_OBJECT DriverObject;
1678     return IopCreateDriver(DriverName, InitializationFunction, NULL, DriverName, NULL, &DriverObject);
1679 }
1680 
1681 /*
1682  * @implemented
1683  */
1684 VOID
1685 NTAPI
1686 IoDeleteDriver(IN PDRIVER_OBJECT DriverObject)
1687 {
1688     /* Simply dereference the Object */
1689     ObDereferenceObject(DriverObject);
1690 }
1691 
1692 /*
1693  * @implemented
1694  */
1695 VOID
1696 NTAPI
1697 IoRegisterBootDriverReinitialization(IN PDRIVER_OBJECT DriverObject,
1698                                      IN PDRIVER_REINITIALIZE ReinitRoutine,
1699                                      IN PVOID Context)
1700 {
1701     PDRIVER_REINIT_ITEM ReinitItem;
1702 
1703     /* Allocate the entry */
1704     ReinitItem = ExAllocatePoolWithTag(NonPagedPool,
1705                                        sizeof(DRIVER_REINIT_ITEM),
1706                                        TAG_REINIT);
1707     if (!ReinitItem) return;
1708 
1709     /* Fill it out */
1710     ReinitItem->DriverObject = DriverObject;
1711     ReinitItem->ReinitRoutine = ReinitRoutine;
1712     ReinitItem->Context = Context;
1713 
1714     /* Set the Driver Object flag and insert the entry into the list */
1715     DriverObject->Flags |= DRVO_BOOTREINIT_REGISTERED;
1716     ExInterlockedInsertTailList(&DriverBootReinitListHead,
1717                                 &ReinitItem->ItemEntry,
1718                                 &DriverBootReinitListLock);
1719 }
1720 
1721 /*
1722  * @implemented
1723  */
1724 VOID
1725 NTAPI
1726 IoRegisterDriverReinitialization(IN PDRIVER_OBJECT DriverObject,
1727                                  IN PDRIVER_REINITIALIZE ReinitRoutine,
1728                                  IN PVOID Context)
1729 {
1730     PDRIVER_REINIT_ITEM ReinitItem;
1731 
1732     /* Allocate the entry */
1733     ReinitItem = ExAllocatePoolWithTag(NonPagedPool,
1734                                        sizeof(DRIVER_REINIT_ITEM),
1735                                        TAG_REINIT);
1736     if (!ReinitItem) return;
1737 
1738     /* Fill it out */
1739     ReinitItem->DriverObject = DriverObject;
1740     ReinitItem->ReinitRoutine = ReinitRoutine;
1741     ReinitItem->Context = Context;
1742 
1743     /* Set the Driver Object flag and insert the entry into the list */
1744     DriverObject->Flags |= DRVO_REINIT_REGISTERED;
1745     ExInterlockedInsertTailList(&DriverReinitListHead,
1746                                 &ReinitItem->ItemEntry,
1747                                 &DriverReinitListLock);
1748 }
1749 
1750 /*
1751  * @implemented
1752  */
1753 NTSTATUS
1754 NTAPI
1755 IoAllocateDriverObjectExtension(IN PDRIVER_OBJECT DriverObject,
1756                                 IN PVOID ClientIdentificationAddress,
1757                                 IN ULONG DriverObjectExtensionSize,
1758                                 OUT PVOID *DriverObjectExtension)
1759 {
1760     KIRQL OldIrql;
1761     PIO_CLIENT_EXTENSION DriverExtensions, NewDriverExtension;
1762     BOOLEAN Inserted = FALSE;
1763 
1764     /* Assume failure */
1765     *DriverObjectExtension = NULL;
1766 
1767     /* Allocate the extension */
1768     NewDriverExtension = ExAllocatePoolWithTag(NonPagedPool,
1769                                                sizeof(IO_CLIENT_EXTENSION) +
1770                                                DriverObjectExtensionSize,
1771                                                TAG_DRIVER_EXTENSION);
1772     if (!NewDriverExtension) return STATUS_INSUFFICIENT_RESOURCES;
1773 
1774     /* Clear the extension for teh caller */
1775     RtlZeroMemory(NewDriverExtension,
1776                   sizeof(IO_CLIENT_EXTENSION) + DriverObjectExtensionSize);
1777 
1778     /* Acqure lock */
1779     OldIrql = KeRaiseIrqlToDpcLevel();
1780 
1781     /* Fill out the extension */
1782     NewDriverExtension->ClientIdentificationAddress = ClientIdentificationAddress;
1783 
1784     /* Loop the current extensions */
1785     DriverExtensions = IoGetDrvObjExtension(DriverObject)->
1786                        ClientDriverExtension;
1787     while (DriverExtensions)
1788     {
1789         /* Check if the identifier matches */
1790         if (DriverExtensions->ClientIdentificationAddress ==
1791             ClientIdentificationAddress)
1792         {
1793             /* We have a collision, break out */
1794             break;
1795         }
1796 
1797         /* Go to the next one */
1798         DriverExtensions = DriverExtensions->NextExtension;
1799     }
1800 
1801     /* Check if we didn't collide */
1802     if (!DriverExtensions)
1803     {
1804         /* Link this one in */
1805         NewDriverExtension->NextExtension =
1806             IoGetDrvObjExtension(DriverObject)->ClientDriverExtension;
1807         IoGetDrvObjExtension(DriverObject)->ClientDriverExtension =
1808             NewDriverExtension;
1809         Inserted = TRUE;
1810     }
1811 
1812     /* Release the lock */
1813     KeLowerIrql(OldIrql);
1814 
1815     /* Check if insertion failed */
1816     if (!Inserted)
1817     {
1818         /* Free the entry and fail */
1819         ExFreePoolWithTag(NewDriverExtension, TAG_DRIVER_EXTENSION);
1820         return STATUS_OBJECT_NAME_COLLISION;
1821     }
1822 
1823     /* Otherwise, return the pointer */
1824     *DriverObjectExtension = NewDriverExtension + 1;
1825     return STATUS_SUCCESS;
1826 }
1827 
1828 /*
1829  * @implemented
1830  */
1831 PVOID
1832 NTAPI
1833 IoGetDriverObjectExtension(IN PDRIVER_OBJECT DriverObject,
1834                            IN PVOID ClientIdentificationAddress)
1835 {
1836     KIRQL OldIrql;
1837     PIO_CLIENT_EXTENSION DriverExtensions;
1838 
1839     /* Acquire lock */
1840     OldIrql = KeRaiseIrqlToDpcLevel();
1841 
1842     /* Loop the list until we find the right one */
1843     DriverExtensions = IoGetDrvObjExtension(DriverObject)->ClientDriverExtension;
1844     while (DriverExtensions)
1845     {
1846         /* Check for a match */
1847         if (DriverExtensions->ClientIdentificationAddress ==
1848             ClientIdentificationAddress)
1849         {
1850             /* Break out */
1851             break;
1852         }
1853 
1854         /* Keep looping */
1855         DriverExtensions = DriverExtensions->NextExtension;
1856     }
1857 
1858     /* Release lock */
1859     KeLowerIrql(OldIrql);
1860 
1861     /* Return nothing or the extension */
1862     if (!DriverExtensions) return NULL;
1863     return DriverExtensions + 1;
1864 }
1865 
1866 VOID
1867 NTAPI
1868 IopLoadUnloadDriverWorker(
1869     _Inout_ PVOID Parameter)
1870 {
1871     PLOAD_UNLOAD_PARAMS LoadParams = Parameter;
1872 
1873     ASSERT(PsGetCurrentProcess() == PsInitialSystemProcess);
1874     LoadParams->Status = IopLoadUnloadDriver(LoadParams->RegistryPath,
1875                                              &LoadParams->DriverObject);
1876     KeSetEvent(&LoadParams->Event, 0, FALSE);
1877 }
1878 
1879 NTSTATUS
1880 NTAPI
1881 IopLoadUnloadDriver(
1882     _In_opt_ PCUNICODE_STRING RegistryPath,
1883     _Inout_ PDRIVER_OBJECT *DriverObject)
1884 {
1885     RTL_QUERY_REGISTRY_TABLE QueryTable[3];
1886     UNICODE_STRING ImagePath;
1887     UNICODE_STRING ServiceName;
1888     NTSTATUS Status;
1889     ULONG Type;
1890     PDEVICE_NODE DeviceNode;
1891     PLDR_DATA_TABLE_ENTRY ModuleObject;
1892     PVOID BaseAddress;
1893     WCHAR *cur;
1894 
1895     /* Load/Unload must be called from system process */
1896     if (PsGetCurrentProcess() != PsInitialSystemProcess)
1897     {
1898         LOAD_UNLOAD_PARAMS LoadParams;
1899 
1900         /* Prepare parameters block */
1901         LoadParams.RegistryPath = RegistryPath;
1902         LoadParams.DriverObject = *DriverObject;
1903         KeInitializeEvent(&LoadParams.Event, NotificationEvent, FALSE);
1904 
1905         /* Initialize and queue a work item */
1906         ExInitializeWorkItem(&LoadParams.WorkItem,
1907                              IopLoadUnloadDriverWorker,
1908                              &LoadParams);
1909         ExQueueWorkItem(&LoadParams.WorkItem, DelayedWorkQueue);
1910 
1911         /* And wait till it completes */
1912         KeWaitForSingleObject(&LoadParams.Event,
1913                               UserRequest,
1914                               KernelMode,
1915                               FALSE,
1916                               NULL);
1917         return LoadParams.Status;
1918     }
1919 
1920     /* Check if it's an unload request */
1921     if (*DriverObject)
1922     {
1923         (*DriverObject)->DriverUnload(*DriverObject);
1924         return STATUS_SUCCESS;
1925     }
1926 
1927     RtlInitUnicodeString(&ImagePath, NULL);
1928 
1929     /*
1930      * Get the service name from the registry key name.
1931      */
1932     ASSERT(RegistryPath->Length >= sizeof(WCHAR));
1933 
1934     ServiceName = *RegistryPath;
1935     cur = RegistryPath->Buffer + RegistryPath->Length / sizeof(WCHAR) - 1;
1936     while (RegistryPath->Buffer != cur)
1937     {
1938         if (*cur == L'\\')
1939         {
1940             ServiceName.Buffer = cur + 1;
1941             ServiceName.Length = RegistryPath->Length -
1942                                  (USHORT)((ULONG_PTR)ServiceName.Buffer -
1943                                           (ULONG_PTR)RegistryPath->Buffer);
1944             break;
1945         }
1946         cur--;
1947     }
1948 
1949     /*
1950      * Get service type.
1951      */
1952     RtlZeroMemory(&QueryTable, sizeof(QueryTable));
1953 
1954     RtlInitUnicodeString(&ImagePath, NULL);
1955 
1956     QueryTable[0].Name = L"Type";
1957     QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT | RTL_QUERY_REGISTRY_REQUIRED;
1958     QueryTable[0].EntryContext = &Type;
1959 
1960     QueryTable[1].Name = L"ImagePath";
1961     QueryTable[1].Flags = RTL_QUERY_REGISTRY_DIRECT;
1962     QueryTable[1].EntryContext = &ImagePath;
1963 
1964     Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
1965                                     RegistryPath->Buffer,
1966                                     QueryTable, NULL, NULL);
1967     if (!NT_SUCCESS(Status))
1968     {
1969         DPRINT("RtlQueryRegistryValues() failed (Status %lx)\n", Status);
1970         if (ImagePath.Buffer) ExFreePool(ImagePath.Buffer);
1971         return Status;
1972     }
1973 
1974     /*
1975      * Normalize the image path for all later processing.
1976      */
1977     Status = IopNormalizeImagePath(&ImagePath, &ServiceName);
1978     if (!NT_SUCCESS(Status))
1979     {
1980         DPRINT("IopNormalizeImagePath() failed (Status %x)\n", Status);
1981         return Status;
1982     }
1983 
1984     DPRINT("FullImagePath: '%wZ'\n", &ImagePath);
1985     DPRINT("Type: %lx\n", Type);
1986 
1987     KeEnterCriticalRegion();
1988     ExAcquireResourceExclusiveLite(&IopDriverLoadResource, TRUE);
1989     /*
1990      * Get existing DriverObject pointer (in case the driver
1991      * has already been loaded and initialized).
1992      */
1993     Status = IopGetDriverObject(DriverObject,
1994                                 &ServiceName,
1995                                 (Type == SERVICE_FILE_SYSTEM_DRIVER ||
1996                                  Type == SERVICE_RECOGNIZER_DRIVER));
1997 
1998     if (!NT_SUCCESS(Status))
1999     {
2000         /*
2001          * Load the driver module
2002          */
2003         DPRINT("Loading module from %wZ\n", &ImagePath);
2004         Status = MmLoadSystemImage(&ImagePath, NULL, NULL, 0, (PVOID)&ModuleObject, &BaseAddress);
2005         if (!NT_SUCCESS(Status))
2006         {
2007             DPRINT("MmLoadSystemImage() failed (Status %lx)\n", Status);
2008             ExReleaseResourceLite(&IopDriverLoadResource);
2009             KeLeaveCriticalRegion();
2010             return Status;
2011         }
2012 
2013         /*
2014          * Initialize the driver module if it's loaded for the first time
2015          */
2016         Status = IopCreateDeviceNode(IopRootDeviceNode, NULL, &ServiceName, &DeviceNode);
2017         if (!NT_SUCCESS(Status))
2018         {
2019             DPRINT1("IopCreateDeviceNode() failed (Status %lx)\n", Status);
2020             ExReleaseResourceLite(&IopDriverLoadResource);
2021             KeLeaveCriticalRegion();
2022             MmUnloadSystemImage(ModuleObject);
2023             return Status;
2024         }
2025 
2026         IopDisplayLoadingMessage(&DeviceNode->ServiceName);
2027 
2028         Status = IopInitializeDriverModule(DeviceNode,
2029                                            ModuleObject,
2030                                            &DeviceNode->ServiceName,
2031                                            (Type == SERVICE_FILE_SYSTEM_DRIVER ||
2032                                             Type == SERVICE_RECOGNIZER_DRIVER),
2033                                            DriverObject);
2034         if (!NT_SUCCESS(Status))
2035         {
2036             DPRINT1("IopInitializeDriverModule() failed (Status %lx)\n", Status);
2037             ExReleaseResourceLite(&IopDriverLoadResource);
2038             KeLeaveCriticalRegion();
2039             MmUnloadSystemImage(ModuleObject);
2040             return Status;
2041         }
2042 
2043         ExReleaseResourceLite(&IopDriverLoadResource);
2044         KeLeaveCriticalRegion();
2045 
2046         /* Initialize and start device */
2047         IopInitializeDevice(DeviceNode, *DriverObject);
2048         Status = IopStartDevice(DeviceNode);
2049     }
2050     else
2051     {
2052         ExReleaseResourceLite(&IopDriverLoadResource);
2053         KeLeaveCriticalRegion();
2054 
2055         DPRINT("DriverObject already exist in ObjectManager\n");
2056         Status = STATUS_IMAGE_ALREADY_LOADED;
2057 
2058         /* IopGetDriverObject references the DriverObject, so dereference it */
2059         ObDereferenceObject(*DriverObject);
2060     }
2061 
2062     return Status;
2063 }
2064 
2065 /*
2066  * NtLoadDriver
2067  *
2068  * Loads a device driver.
2069  *
2070  * Parameters
2071  *    DriverServiceName
2072  *       Name of the service to load (registry key).
2073  *
2074  * Return Value
2075  *    Status
2076  *
2077  * Status
2078  *    implemented
2079  */
2080 NTSTATUS NTAPI
2081 NtLoadDriver(IN PUNICODE_STRING DriverServiceName)
2082 {
2083     UNICODE_STRING CapturedDriverServiceName = { 0, 0, NULL };
2084     KPROCESSOR_MODE PreviousMode;
2085     PDRIVER_OBJECT DriverObject;
2086     NTSTATUS Status;
2087 
2088     PAGED_CODE();
2089 
2090     PreviousMode = KeGetPreviousMode();
2091 
2092     /*
2093      * Check security privileges
2094      */
2095 
2096     /* FIXME: Uncomment when privileges will be correctly implemented. */
2097 #if 0
2098     if (!SeSinglePrivilegeCheck(SeLoadDriverPrivilege, PreviousMode))
2099     {
2100         DPRINT("Privilege not held\n");
2101         return STATUS_PRIVILEGE_NOT_HELD;
2102     }
2103 #endif
2104 
2105     Status = ProbeAndCaptureUnicodeString(&CapturedDriverServiceName,
2106                                           PreviousMode,
2107                                           DriverServiceName);
2108     if (!NT_SUCCESS(Status))
2109     {
2110         return Status;
2111     }
2112 
2113     DPRINT("NtLoadDriver('%wZ')\n", &CapturedDriverServiceName);
2114 
2115     /* Load driver and call its entry point */
2116     DriverObject = NULL;
2117     Status = IopLoadUnloadDriver(&CapturedDriverServiceName, &DriverObject);
2118 
2119     ReleaseCapturedUnicodeString(&CapturedDriverServiceName,
2120                                  PreviousMode);
2121 
2122     return Status;
2123 }
2124 
2125 /*
2126  * NtUnloadDriver
2127  *
2128  * Unloads a legacy device driver.
2129  *
2130  * Parameters
2131  *    DriverServiceName
2132  *       Name of the service to unload (registry key).
2133  *
2134  * Return Value
2135  *    Status
2136  *
2137  * Status
2138  *    implemented
2139  */
2140 
2141 NTSTATUS NTAPI
2142 NtUnloadDriver(IN PUNICODE_STRING DriverServiceName)
2143 {
2144     return IopUnloadDriver(DriverServiceName, FALSE);
2145 }
2146 
2147 /* EOF */
2148