i#1885: false pos in TppIsWorkerThread

derekbruening · derekbruening · commit 72067db32fdb · 2016-05-02T01:10:55.000-04:00
Adds handling of the special extra write in NtQueryInformationThread.ThreadTebInformation. Fixes DynamoRIO#1885 Review-URL: https://codereview.appspot.com/292610043
diff --git a/drsyscall/drsyscall_windows.c b/drsyscall/drsyscall_windows.c
@@ -40,6 +40,7 @@
 #include "../wininc/ntddk.h"
 #include "../wininc/ntifs.h"
 #include "../wininc/tls.h"
+#include "../wininc/ntpsapi.h"
 
 static app_pc ntdll_base;
 dr_os_version_info_t win_ver = {sizeof(win_ver),};
@@ -329,6 +330,7 @@ drsys_sysnum_t sysnum_CreateThread = {-1,0};
 drsys_sysnum_t sysnum_CreateThreadEx = {-1,0};
 drsys_sysnum_t sysnum_CreateUserProcess = {-1,0};
 drsys_sysnum_t sysnum_DeviceIoControlFile = {-1,0};
+drsys_sysnum_t sysnum_QueryInformationThread = {-1,0};
 drsys_sysnum_t sysnum_QuerySystemInformation = {-1,0};
 drsys_sysnum_t sysnum_QuerySystemInformationWow64 = {-1,0};
 drsys_sysnum_t sysnum_QuerySystemInformationEx = {-1,0};
@@ -1877,6 +1879,24 @@ handle_post_CreateUserProcess(void *drcontext, cls_syscall_t *pt, sysarg_iter_in
     }
 }
 
+static void
+handle_QueryInformationThread(void *drcontext, cls_syscall_t *pt, sysarg_iter_info_t *ii)
+{
+    /* Some cases are more complex than a single write. */
+    THREADINFOCLASS cls = (THREADINFOCLASS) pt->sysarg[1];
+    if (cls == ThreadTebInformation) { /* i#1885 */
+        THREAD_TEB_INFORMATION info;
+        if (!ii->arg->pre &&
+            NT_SUCCESS(dr_syscall_get_result(drcontext)) &&
+            safe_read((byte *) pt->sysarg[2], sizeof(info), &info)) {
+            if (!report_memarg_type(ii, 1, SYSARG_WRITE,
+                                    info.OutputBuffer, info.BytesToRead, "TebInfo",
+                                    DRSYS_TYPE_STRUCT, NULL))
+                return;
+        }
+    }
+}
+
 static void
 handle_QuerySystemInformation(void *drcontext, cls_syscall_t *pt, sysarg_iter_info_t *ii)
 {
@@ -3036,6 +3056,8 @@ os_handle_pre_syscall(void *drcontext, cls_syscall_t *pt, sysarg_iter_info_t *ii
         handle_SetInformationProcess(drcontext, pt, ii);
     else if (drsys_sysnums_equal(&ii->arg->sysnum, &sysnum_SetInformationFile))
         handle_SetInformationFile(drcontext, pt, ii);
+    else if (drsys_sysnums_equal(&ii->arg->sysnum, &sysnum_QueryInformationThread))
+        handle_QueryInformationThread(drcontext, pt, ii);
     else if (drsys_sysnums_equal(&ii->arg->sysnum, &sysnum_QuerySystemInformation) ||
              drsys_sysnums_equal(&ii->arg->sysnum, &sysnum_QuerySystemInformationWow64) ||
              drsys_sysnums_equal(&ii->arg->sysnum, &sysnum_QuerySystemInformationEx))
@@ -3121,6 +3143,8 @@ os_handle_post_syscall(void *drcontext, cls_syscall_t *pt, sysarg_iter_info_t *i
         handle_post_CreateUserProcess(drcontext, pt, ii);
     else if (drsys_sysnums_equal(&ii->arg->sysnum, &sysnum_DeviceIoControlFile))
         handle_DeviceIoControlFile(drcontext, pt, ii);
+    else if (drsys_sysnums_equal(&ii->arg->sysnum, &sysnum_QueryInformationThread))
+        handle_QueryInformationThread(drcontext, pt, ii);
     else if (drsys_sysnums_equal(&ii->arg->sysnum, &sysnum_SetSystemInformation))
         handle_SetSystemInformation(drcontext, pt, ii);
     else if (drsys_sysnums_equal(&ii->arg->sysnum, &sysnum_SetInformationProcess))
diff --git a/drsyscall/table_windows_ntoskrnl.c b/drsyscall/table_windows_ntoskrnl.c
@@ -87,6 +87,7 @@ extern drsys_sysnum_t sysnum_CreateThread;
 extern drsys_sysnum_t sysnum_CreateThreadEx;
 extern drsys_sysnum_t sysnum_CreateUserProcess;
 extern drsys_sysnum_t sysnum_DeviceIoControlFile;
+extern drsys_sysnum_t sysnum_QueryInformationThread;
 extern drsys_sysnum_t sysnum_QuerySystemInformation;
 extern drsys_sysnum_t sysnum_QuerySystemInformationWow64;
 extern drsys_sysnum_t sysnum_QuerySystemInformationEx;
@@ -1535,7 +1536,7 @@ syscall_info_t syscall_ntdll_info[] = {
          {2, -4, WI},
          {3, sizeof(ULONG), SYSARG_INLINED, DRSYS_TYPE_UNSIGNED_INT},
          {4, sizeof(ULONG), W|HT, DRSYS_TYPE_UNSIGNED_INT},
-     }
+     }, &sysnum_QueryInformationThread
     },
     {{0,0},"NtQueryInformationToken", OK|SYSINFO_RET_SMALL_WRITE_LAST, RNTST, 5,
      {
diff --git a/wininc/ndk_psfuncs.h b/wininc/ndk_psfuncs.h
@@ -111,6 +111,11 @@ typedef enum _THREADINFOCLASS
     ThreadActualBasePriority,
     ThreadTebInformation,
     ThreadCSwitchMon,
+    ThreadWow64Context,
+    ThreadGroupInformation,
+    ThreadUmsInformation,
+    ThreadCounterProfiling,
+    ThreadIdealProcessorEx,
     MaxThreadInfoClass
 } THREADINFOCLASS;
 
diff --git a/wininc/ntpsapi.h b/wininc/ntpsapi.h
@@ -15,6 +15,9 @@
 #ifndef __PHLIB_NTPSAPI_H
 #define __PHLIB_NTPSAPI_H
 
+typedef DWORD MEMORY_RESERVE_TYPE;
+typedef PVOID PPS_APC_ROUTINE;
+
 /**************************************************
  * Syscalls added in Win7
  */
@@ -63,6 +66,16 @@ NtUmsThreadYield(
     __in  PVOID SchedulerParam
     );
 
+/**************************************************
+ * NtQueryThreadInformation
+ */
+
+typedef struct _THREAD_TEB_INFORMATION {
+    PVOID OutputBuffer;
+    ULONG TebOffset;
+    ULONG BytesToRead;
+} THREAD_TEB_INFORMATION, *PTHREAD_TEB_INFORMATION;
+
 #endif /* __PHLIB_NTPSAPI_H */
 
 /* EOF */
