|
|
@ -11,48 +11,7 @@ only takes four parameters, some of the required functions cannot be called sinc
|
|
|
|
```cpp
|
|
|
|
```cpp
|
|
|
|
VOID KiSystemService(IN PKTHREAD Thread, IN PKTRAP_FRAME TrapFrame, IN ULONG Instruction)
|
|
|
|
VOID KiSystemService(IN PKTHREAD Thread, IN PKTRAP_FRAME TrapFrame, IN ULONG Instruction)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
ULONG Id, Number, ArgumentCount, i;
|
|
|
|
// ... etc ....
|
|
|
|
PKPCR Pcr;
|
|
|
|
|
|
|
|
ULONG_PTR ServiceTable, Offset;
|
|
|
|
|
|
|
|
PKSERVICE_TABLE_DESCRIPTOR DescriptorTable;
|
|
|
|
|
|
|
|
PVOID SystemCall;
|
|
|
|
|
|
|
|
PVOID* Argument;
|
|
|
|
|
|
|
|
PVOID Arguments[0x11]; // Maximum 17 arguments
|
|
|
|
|
|
|
|
KIRQL OldIrql;
|
|
|
|
|
|
|
|
ASSERT(TrapFrame->Reserved == 0xBADB0D00);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// Increase count of system calls
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
Pcr = KeGetPcr();
|
|
|
|
|
|
|
|
Pcr->CurrentPrcb->KeSystemCalls++;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// Get the system call ID
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
Id = Instruction & 0xFFFFF;
|
|
|
|
|
|
|
|
//DPRINT1("[SWI] (%x) %p (%d) \n", Id, Thread, Thread->PreviousMode);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// Get the descriptor table
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
ServiceTable = (ULONG_PTR)Thread->ServiceTable;
|
|
|
|
|
|
|
|
Offset = ((Id >> SERVICE_TABLE_SHIFT) & SERVICE_TABLE_MASK);
|
|
|
|
|
|
|
|
ServiceTable += Offset;
|
|
|
|
|
|
|
|
DescriptorTable = (PVOID)ServiceTable;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// Get the service call number and validate it
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
Number = Id & SERVICE_NUMBER_MASK;
|
|
|
|
|
|
|
|
if (Number > DescriptorTable->Limit)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
// Check if this is a GUI call
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
UNIMPLEMENTED;
|
|
|
|
|
|
|
|
ASSERT(FALSE);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
//
|
|
|
|
// Save the function responsible for handling this system call
|
|
|
|
// Save the function responsible for handling this system call
|
|
|
@ -74,7 +33,7 @@ VOID KiSystemService(IN PKTHREAD Thread, IN PKTRAP_FRAME TrapFrame, IN ULONG Ins
|
|
|
|
//
|
|
|
|
//
|
|
|
|
// Check how many arguments this system call takes
|
|
|
|
// Check how many arguments this system call takes
|
|
|
|
//
|
|
|
|
//
|
|
|
|
ArgumentCount = DescriptorTable->Number[Number] / 4;
|
|
|
|
ArgumentCount = DescriptorTable->Number[Number] / 4; // <====== note that each syscall has its own amount of params.. NtShutdownSystem only has 4!
|
|
|
|
ASSERT(ArgumentCount <= 17);
|
|
|
|
ASSERT(ArgumentCount <= 17);
|
|
|
|
|
|
|
|
|
|
|
|
// ... etc ...
|
|
|
|
// ... etc ...
|
|
|
|