![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to mapmem.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [WindowsNT SDKs] / q_a / samples / ddk / mapmem|
Return to mapmem.c CVS log | Up to [WindowsNT SDKs] / q_a / samples / ddk / mapmem |
1.1 root 1: /*++
2:
3: Copyright (c) 1993 Microsoft Corporation
4:
5: Module Name:
6:
7: mapmem.c
8:
9: Abstract:
10:
11: A simple driver sample which shows how to map physical memory
12: into a user-mode process's adrress space using the
13: Zw*MapViewOfSection APIs.
14:
15: Environment:
16:
17: kernel mode only
18:
19: Notes:
20:
21: For the sake of simplicity this sample does not attempt to
22: recognize resource conflicts with other drivers/devices. A
23: real-world driver would call IoReportResource usage to
24: determine whether or not the resource is available, and if
25: so, register the resource under it's name.
26:
27: Revision History:
28:
29: --*/
30:
31:
32: #include "ntddk.h"
33: #include "mapmem.h"
34: #include "stdarg.h"
35:
36:
37:
38: NTSTATUS
39: MapMemDispatch(
40: IN PDEVICE_OBJECT DeviceObject,
41: IN PIRP Irp
42: );
43:
44: VOID
45: MapMemUnload(
46: IN PDRIVER_OBJECT DriverObject
47: );
48:
49: NTSTATUS
50: MapMemMapTheMemory(
51: IN PDEVICE_OBJECT DeviceObject,
52: IN OUT PVOID ioBuffer,
53: IN ULONG inputBufferLength,
54: IN ULONG outputBufferLength
55: );
56:
57:
58:
59: #if DBG
60: #define MapMemKdPrint(arg) DbgPrint arg
61: #else
62: #define MapMemKdPrint(arg)
63: #endif
64:
65:
66:
67: NTSTATUS
68: DriverEntry(
69: IN PDRIVER_OBJECT DriverObject,
70: IN PUNICODE_STRING RegistryPath
71: )
72: /*++
73:
74: Routine Description:
75:
76: Installable driver initialization entry point.
77: This entry point is called directly by the I/O system.
78:
79: Arguments:
80:
81: DriverObject - pointer to the driver object
82:
83: RegistryPath - pointer to a unicode string representing the path
84: to driver-specific key in the registry
85:
86: Return Value:
87:
88: STATUS_SUCCESS if successful,
89: STATUS_UNSUCCESSFUL otherwise
90:
91: --*/
92: {
93:
94: PDEVICE_OBJECT deviceObject = NULL;
95: NTSTATUS ntStatus;
96: WCHAR deviceNameBuffer[] = L"\\Device\\MapMem";
97: UNICODE_STRING deviceNameUnicodeString;
98: WCHAR deviceLinkBuffer[] = L"\\DosDevices\\MAPMEM";
99: UNICODE_STRING deviceLinkUnicodeString;
100:
101:
102:
103: MapMemKdPrint (("MAPMEM.SYS: entering DriverEntry\n"));
104:
105:
106: //
107: // Create an EXCLUSIVE device object (only 1 thread at a time
108: // can make requests to this device)
109: //
110:
111: RtlInitUnicodeString (&deviceNameUnicodeString,
112: deviceNameBuffer);
113:
114: ntStatus = IoCreateDevice (DriverObject,
115: 0,
116: &deviceNameUnicodeString,
117: FILE_DEVICE_MAPMEM,
118: 0,
119: TRUE,
120: &deviceObject
121: );
122:
123: if (NT_SUCCESS(ntStatus))
124: {
125: //
126: // Create dispatch points for device control, create, close.
127: //
128:
129: DriverObject->MajorFunction[IRP_MJ_CREATE] =
130: DriverObject->MajorFunction[IRP_MJ_CLOSE] =
131: DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = MapMemDispatch;
132: DriverObject->DriverUnload = MapMemUnload;
133:
134:
135:
136: //
137: // Create a symbolic link, e.g. a name that a Win32 app can specify
138: // to open the device
139: //
140:
141: RtlInitUnicodeString(&deviceLinkUnicodeString,
142: deviceLinkBuffer);
143:
144: ntStatus = IoCreateSymbolicLink (&deviceLinkUnicodeString,
145: &deviceNameUnicodeString);
146:
147: if (!NT_SUCCESS(ntStatus))
148: {
149: //
150: // Symbolic link creation failed- note this & then delete the
151: // device object (it's useless if a Win32 app can't get at it).
152: //
153:
154: MapMemKdPrint (("MAPMEM.SYS: IoCreateSymbolicLink failed\n"));
155:
156: IoDeleteDevice (deviceObject);
157: }
158: }
159: else
160: {
161: MapMemKdPrint (("MAPMEM.SYS: IoCreateDevice failed\n"));
162: }
163:
164: return ntStatus;
165: }
166:
167:
168:
169: NTSTATUS
170: MapMemDispatch(
171: IN PDEVICE_OBJECT DeviceObject,
172: IN PIRP Irp
173: )
174: /*++
175:
176: Routine Description:
177:
178: Process the IRPs sent to this device.
179:
180: Arguments:
181:
182: DeviceObject - pointer to a device object
183:
184: Irp - pointer to an I/O Request Packet
185:
186: Return Value:
187:
188:
189: --*/
190: {
191: PIO_STACK_LOCATION irpStack;
192: PVOID ioBuffer;
193: ULONG inputBufferLength;
194: ULONG outputBufferLength;
195: ULONG ioControlCode;
196: NTSTATUS ntStatus;
197:
198:
199: //
200: // Init to default settings- we only expect 1 type of
201: // IOCTL to roll through here, all others an error.
202: //
203:
204: Irp->IoStatus.Status = STATUS_SUCCESS;
205: Irp->IoStatus.Information = 0;
206:
207:
208: //
209: // Get a pointer to the current location in the Irp. This is where
210: // the function codes and parameters are located.
211: //
212:
213: irpStack = IoGetCurrentIrpStackLocation(Irp);
214:
215:
216: //
217: // Get the pointer to the input/output buffer and it's length
218: //
219:
220: ioBuffer = Irp->AssociatedIrp.SystemBuffer;
221: inputBufferLength = irpStack->Parameters.DeviceIoControl.InputBufferLength;
222: outputBufferLength = irpStack->Parameters.DeviceIoControl.OutputBufferLength;
223:
224:
225: switch (irpStack->MajorFunction)
226: {
227: case IRP_MJ_CREATE:
228:
229: MapMemKdPrint (("MAPMEM.SYS: IRP_MJ_CREATE\n"));
230:
231: break;
232:
233:
234:
235: case IRP_MJ_CLOSE:
236:
237: MapMemKdPrint (("MAPMEM.SYS: IRP_MJ_CLOSE\n"));
238:
239: break;
240:
241:
242:
243: case IRP_MJ_DEVICE_CONTROL:
244:
245: ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;
246:
247: switch (ioControlCode)
248: {
249: case IOCTL_MAPMEM_MAP_USER_PHYSICAL_MEMORY:
250:
251: Irp->IoStatus.Status = MapMemMapTheMemory (DeviceObject,
252: ioBuffer,
253: inputBufferLength,
254: outputBufferLength
255: );
256:
257: if (NT_SUCCESS(Irp->IoStatus.Status))
258: {
259: //
260: // Success! Set the following to sizeof(PVOID) to
261: // indicate we're passing valid data back.
262: //
263:
264: Irp->IoStatus.Information = sizeof(PVOID);
265:
266: MapMemKdPrint (("MAPMEM.SYS: memory successfully mapped\n"));
267: }
268:
269: else
270: {
271: Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
272:
273: MapMemKdPrint (("MAPMEM.SYS: memory map failed :(\n"));
274: }
275:
276: break;
277:
278:
279:
280: case IOCTL_MAPMEM_UNMAP_USER_PHYSICAL_MEMORY:
281:
282: if (inputBufferLength >= sizeof(PVOID))
283: {
284: Irp->IoStatus.Status = ZwUnmapViewOfSection ((HANDLE) -1,
285: *((PVOID *) ioBuffer)
286: );
287:
288: MapMemKdPrint (("MAPMEM.SYS: memory successfully unmapped\n"));
289: }
290: else
291: {
292: Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
293:
294: MapMemKdPrint (("MAPMEM.SYS: ZwUnmapViewOfSection failed\n"));
295: }
296:
297: break;
298:
299:
300:
301: default:
302:
303: MapMemKdPrint (("MAPMEM.SYS: unknown IRP_MJ_DEVICE_CONTROL\n"));
304:
305: Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
306:
307: break;
308:
309: }
310:
311: break;
312: }
313:
314:
315: //
316: // DON'T get cute and try to use the status field of
317: // the irp in the return status. That IRP IS GONE as
318: // soon as you call IoCompleteRequest.
319: //
320:
321: ntStatus = Irp->IoStatus.Status;
322:
323: IoCompleteRequest(Irp,
324: IO_NO_INCREMENT);
325:
326:
327: //
328: // We never have pending operation so always return the status code.
329: //
330:
331: return ntStatus;
332: }
333:
334:
335:
336: VOID
337: MapMemUnload(
338: IN PDRIVER_OBJECT DriverObject
339: )
340: /*++
341:
342: Routine Description:
343:
344: Just delete the associated device & return.
345:
346: Arguments:
347:
348: DriverObject - pointer to a driver object
349:
350: Return Value:
351:
352:
353: --*/
354: {
355: WCHAR deviceLinkBuffer[] = L"\\DosDevices\\MAPMEM";
356: UNICODE_STRING deviceLinkUnicodeString;
357:
358:
359:
360: //
361: // Free any resources
362: //
363:
364:
365:
366: //
367: // Delete the symbolic link
368: //
369:
370: RtlInitUnicodeString (&deviceLinkUnicodeString,
371: deviceLinkBuffer
372: );
373:
374: IoDeleteSymbolicLink (&deviceLinkUnicodeString);
375:
376:
377:
378: //
379: // Delete the device object
380: //
381:
382: MapMemKdPrint (("MAPMEM.SYS: unloading\n"));
383:
384: IoDeleteDevice (DriverObject->DeviceObject);
385: }
386:
387:
388:
389: NTSTATUS
390: MapMemMapTheMemory(
391: IN PDEVICE_OBJECT DeviceObject,
392: IN OUT PVOID IoBuffer,
393: IN ULONG InputBufferLength,
394: IN ULONG OutputBufferLength
395: )
396: /*++
397:
398: Routine Description:
399:
400: Given a physical address, maps this address into a user mode process's
401: address space
402:
403: Arguments:
404:
405: DeviceObject - pointer to a device object
406:
407: IoBuffer - pointer to the I/O buffer
408:
409: InputBufferLength - input buffer length
410:
411: OutputBufferLength - output buffer length
412:
413: Return Value:
414:
415: STATUS_SUCCESS if sucessful, otherwise
416: STATUS_UNSUCCESSFUL,
417: STATUS_INSUFFICIENT_RESOURCES,
418: (other STATUS_* as returned by kernel APIs)
419:
420: --*/
421: {
422:
423: PPHYSICAL_MEMORY_INFO ppmi = (PPHYSICAL_MEMORY_INFO) IoBuffer;
424:
425: INTERFACE_TYPE interfaceType;
426: ULONG busNumber;
427: PHYSICAL_ADDRESS physicalAddress;
428: ULONG length;
429: UNICODE_STRING physicalMemoryUnicodeString;
430: OBJECT_ATTRIBUTES objectAttributes;
431: HANDLE physicalMemoryHandle = NULL;
432: PVOID PhysicalMemorySection = NULL;
433: ULONG inIoSpace, inIoSpace2;
434: NTSTATUS ntStatus;
435: PHYSICAL_ADDRESS physicalAddressBase;
436: PHYSICAL_ADDRESS physicalAddressEnd;
437: PHYSICAL_ADDRESS viewBase;
438: PHYSICAL_ADDRESS mappedLength;
439: BOOLEAN translateBaseAddress;
440: BOOLEAN translateEndAddress;
441: PVOID virtualAddress;
442:
443:
444:
445: if ( ( InputBufferLength < sizeof (PHYSICAL_MEMORY_INFO) ) ||
446: ( OutputBufferLength < sizeof (PVOID) ) )
447: {
448: MapMemKdPrint (("MAPMEM.SYS: Insufficient input or output buffer\n"));
449:
450: ntStatus = STATUS_INSUFFICIENT_RESOURCES;
451:
452: goto done;
453: }
454:
455: interfaceType = ppmi->InterfaceType;
456: busNumber = ppmi->BusNumber;
457: physicalAddress = ppmi->BusAddress;
458: inIoSpace = inIoSpace2 = ppmi->AddressSpace;
459: length = ppmi->Length;
460:
461:
462: //
463: // Get a pointer to physical memory...
464: //
465: // - Create the name
466: // - Initialize the data to find the object
467: // - Open a handle to the oject and check the status
468: // - Get a pointer to the object
469: // - Free the handle
470: //
471:
472: RtlInitUnicodeString (&physicalMemoryUnicodeString,
473: L"\\Device\\PhysicalMemory");
474:
475: InitializeObjectAttributes (&objectAttributes,
476: &physicalMemoryUnicodeString,
477: OBJ_CASE_INSENSITIVE,
478: (HANDLE) NULL,
479: (PSECURITY_DESCRIPTOR) NULL);
480:
481: ntStatus = ZwOpenSection (&physicalMemoryHandle,
482: SECTION_ALL_ACCESS,
483: &objectAttributes);
484:
485: if (!NT_SUCCESS(ntStatus))
486: {
487: MapMemKdPrint (("MAPMEM.SYS: ZwOpenSection failed\n"));
488:
489: goto done;
490: }
491:
492: ntStatus = ObReferenceObjectByHandle (physicalMemoryHandle,
493: SECTION_ALL_ACCESS,
494: (POBJECT_TYPE) NULL,
495: KernelMode,
496: &PhysicalMemorySection,
497: (POBJECT_HANDLE_INFORMATION) NULL);
498:
499: if (!NT_SUCCESS(ntStatus))
500: {
501: MapMemKdPrint (("MAPMEM.SYS: ObReferenceObjectByHandle failed\n"));
502:
503: goto close_handle;
504: }
505:
506:
507: //
508: // Initialize the physical addresses that will be translated
509: //
510:
511: physicalAddressEnd = RtlLargeIntegerAdd (physicalAddress,
512: RtlConvertUlongToLargeInteger(
513: length));
514:
515: //
516: // Translate the physical addresses.
517: //
518:
519: translateBaseAddress =
520: HalTranslateBusAddress (interfaceType,
521: busNumber,
522: physicalAddress,
523: &inIoSpace,
524: &physicalAddressBase);
525:
526: translateEndAddress =
527: HalTranslateBusAddress (interfaceType,
528: busNumber,
529: physicalAddressEnd,
530: &inIoSpace2,
531: &physicalAddressEnd);
532:
533: if ( !(translateBaseAddress && translateEndAddress) )
534: {
535: MapMemKdPrint (("MAPMEM.SYS: HalTranslatephysicalAddress failed\n"));
536:
537: ntStatus = STATUS_UNSUCCESSFUL;
538:
539: goto close_handle;
540: }
541:
542: //
543: // Calculate the length of the memory to be mapped
544: //
545:
546: mappedLength = RtlLargeIntegerSubtract (physicalAddressEnd,
547: physicalAddressBase);
548:
549:
550: //
551: // If the mappedlength is zero, somthing very weird happened in the HAL
552: // since the Length was checked against zero.
553: //
554:
555: if (mappedLength.LowPart == 0)
556: {
557: MapMemKdPrint (("MAPMEM.SYS: mappedLength.LowPart == 0\n"));
558:
559: ntStatus = STATUS_UNSUCCESSFUL;
560:
561: goto close_handle;
562: }
563:
564: length = mappedLength.LowPart;
565:
566:
567: //
568: // If the address is in io space, just return the address, otherwise
569: // go through the mapping mechanism
570: //
571:
572: if (inIoSpace)
573: {
574: *((PVOID *) IoBuffer) = (PVOID) physicalAddressBase.LowPart;
575: }
576:
577: else
578: {
579: //
580: // initialize view base that will receive the physical mapped
581: // address after the MapViewOfSection call.
582: //
583:
584: viewBase = physicalAddressBase;
585:
586:
587: //
588: // Let ZwMapViewOfSection pick an address
589: //
590:
591: virtualAddress = NULL;
592:
593:
594:
595: //
596: // Map the section
597: //
598:
599: ntStatus = ZwMapViewOfSection (physicalMemoryHandle,
600: (HANDLE) -1,
601: &virtualAddress,
602: 0L,
603: length,
604: &viewBase,
605: &length,
606: ViewShare,
607: 0,
608: PAGE_READWRITE | PAGE_NOCACHE);
609:
610: if (!NT_SUCCESS(ntStatus))
611: {
612: MapMemKdPrint (("MAPMEM.SYS: ZwMapViewOfSection failed\n"));
613:
614: goto close_handle;
615: }
616:
617: //
618: // Mapping the section above rounded the physical address down to the
619: // nearest 64 K boundary. Now return a virtual address that sits where
620: // we wnat by adding in the offset from the beginning of the section.
621: //
622:
623:
624: (ULONG) virtualAddress += (ULONG)physicalAddressBase.LowPart -
625: (ULONG)viewBase.LowPart;
626:
627: *((PVOID *) IoBuffer) = virtualAddress;
628:
629: }
630:
631: ntStatus = STATUS_SUCCESS;
632:
633:
634:
635: close_handle:
636:
637: ZwClose (physicalMemoryHandle);
638:
639:
640:
641: done:
642:
643: return ntStatus;
644: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.