Description
[NTOS:IO]: Fix/improve kernel event log support:
- Nt/ZwConnectPort must always be called with a valid (non NULL) security quality-of-service structure (otherwise: kaboom);
- Use explicitely-tagged pool buffers;
- Change the order of checks in IoAllocateErrorLogEntry in order to first analyse the type of device/driver object passed in argument, then do the rest (allocate a log entry if we have available size, etc...);
- The buffer size given to IoAllocateErrorLogEntry is limited to ERROR_LOG_MAXIMUM_SIZE (as mentioned in msdn);
- Fix the bug in IoAllocateErrorLogEntry concerning saving the correct aka. full size of the allocated log entry in the structure itself, as well as counting it as allocated in the global log pool counter, etc... . This fixes data corruption observed when retrieving the log entry in the worker thread.
- Reenable code for starting up the log worker thread.
[INCLUDES]: Host the "ELF_API_MSG" structure, and the port name itself (used by the clients of the LPC port maintained by the event log service) in a global accessible header ("iolog.h").
[EVENTLOG]
- Use the previously-created "iolog.h" header to get the correct definition of the LPC port structure used for communications (instead of a not-compatible one);
- Un-hardcode some magical size values for initializing the LPC port;
- 3rd parameter (request) of NtAcceptConnectPort must not be null (otherwise: invalid parameter status is returned);
- When listening for incoming data from the LPC port, use a correctly sized buffer (of maximum possible size), otherwise you corrupt the other stack variables!!
- Correctly set up the different strings (source, computer name) and the event type (based from the NT error code severity) from the data coming from the LPC port;
- Feature: Dump the received log events to the debugger only if they cannot be written to the event log file (e.g. because we are running from a LiveCD).
- Refactor the callers of LogfAllocAndBuildNewRecord (and the function itself) to take the source and computer name as UNICODE_STRING pointers. Check also whether LogfAllocAndBuildNewRecord succeeded before writing the log event record.
Attachments
Issue Links
- relates to
-
CORE-11840 NDK/XDK includes fixes
- Resolved