Author: fireball Date: Sun Oct 11 12:00:56 2009 New Revision: 43371 URL: http://svn.reactos.org/svn/reactos?rev=43371&view=rev Log: - Implement pool corruption tests for testing pool overrun/underrun detectors. Tests invocation is commented out by default.
Modified: trunk/rostests/drivers/kmtest/kmtest.rbuild trunk/rostests/drivers/kmtest/ntos_pools.c Modified: trunk/rostests/drivers/kmtest/kmtest.rbuild URL: http://svn.reactos.org/svn/reactos/trunk/rostests/drivers/kmtest/kmtest.rbuild?rev=43371&r1=43370&r2=43371&view=diff ============================================================================== --- trunk/rostests/drivers/kmtest/kmtest.rbuild [iso-8859-1] (original) +++ trunk/rostests/drivers/kmtest/kmtest.rbuild [iso-8859-1] Sun Oct 11 12:00:56 2009 @@ -3,6 +3,7 @@ <include base="ReactOS">include/reactos/drivers</include> <library>ntoskrnl</library> <library>hal</library> + <library>pseh</library> <file>kmtest.c</file> <file>deviface.c</file> <file>deviface_test.c</file> Modified: trunk/rostests/drivers/kmtest/ntos_pools.c URL: http://svn.reactos.org/svn/reactos/trunk/rostests/drivers/kmtest/ntos_pools.c?rev=43371&r1=43370&r2=43371&view=diff ============================================================================== --- trunk/rostests/drivers/kmtest/ntos_pools.c [iso-8859-1] (original) +++ trunk/rostests/drivers/kmtest/ntos_pools.c [iso-8859-1] Sun Oct 11 12:00:56 2009 @@ -25,6 +25,8 @@ #include <ddk/ntddk.h> #include <ntifs.h> #include <ndk/ntndk.h> +/* SEH support with PSEH */ +#include <pseh/pseh2.h> #include "kmtest.h" //#define NDEBUG @@ -125,10 +127,61 @@ FinishTest("NTOSKRNL Pools Tests"); } +VOID +PoolsCorruption() +{ + PULONG Ptr, TestPtr; + ULONG AllocSize; + NTSTATUS Status = STATUS_SUCCESS; + + StartTest(); + + // start with non-paged pool + AllocSize = 4096 + 0x10; + Ptr = ExAllocatePoolWithTag(NonPagedPool, AllocSize, TAG_POOLTEST); + + // touch all bytes, it shouldn't cause an exception + RtlZeroMemory(Ptr, AllocSize); + + // test buffer overrun, right after our allocation ends + _SEH2_TRY + { + TestPtr = (PULONG)((PUCHAR)Ptr + AllocSize); + //Ptr[4] = 0xd33dbeef; + *TestPtr = 0xd33dbeef; + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + /* Get the status */ + Status = _SEH2_GetExceptionCode(); + } _SEH2_END; + + ok(Status == STATUS_ACCESS_VIOLATION, "Exception should occur, but got Status 0x%08lX\n", Status); + + // test overrun in a distant byte range, but within 4096KB + _SEH2_TRY + { + Ptr[2020] = 0xdeadb33f; + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + /* Get the status */ + Status = _SEH2_GetExceptionCode(); + } _SEH2_END; + + ok(Status == STATUS_ACCESS_VIOLATION, "Exception should occur, but got Status 0x%08lX\n", Status); + + // free the pool + ExFreePoolWithTag(Ptr, TAG_POOLTEST); + + FinishTest("NTOSKRNL Pool Corruption"); +} + /* PUBLIC FUNCTIONS ***********************************************************/ VOID NtoskrnlPoolsTest() { PoolsTest(); + //PoolsCorruption(); }