staticSTATUS_ThreadSetupMainThreadUserStack( IN PVOID I

1. static
2. STATUS
3. _ThreadSetupMainThreadUserStack(
4.     IN      PVOID               InitialStack,
5.     OUT     PVOID*              ResultingStack,
6.     IN      PPROCESS            Process
7.     )
8. {
9.     ASSERT(InitialStack != NULL);
10.     ASSERT(ResultingStack != NULL);
11.     ASSERT(Process != NULL);
12.  
13.  
14.     PVOID pStack = NULL;
15.  
16.     LOG("GETS HERE 1 \n");
17.  
18.     PVOID topStack = (PVOID)PtrDiff(InitialStack, 0x308);
19.  
20.     MmuGetSystemVirtualAddressForUserBuffer(topStack,50*sizeof(QWORD), PAGE_RIGHTS_READWRITE,Process,&pStack);
21.  
22.     LOG("GETS HERE 2 \n");
23.  
24.     char* cmdLine = Process->FullCommandLine;
25.     QWORD argc = Process->NumberOfArguments;
26.  
27.     LOG("Argc = %d \n", argc);
28.     LOG("Argv = %s \n", cmdLine);
29.  
30.     PVOID argAddresses[30];
31.     char *argValues[30];
32.  
33.     char* currentArg;
34.     char* context;
35.     currentArg = NULL;
36.     context = NULL;
37.  
38.     int i = 0;
39.  
40.     LOG("GETS HERE 4 \n");
41. #pragma warning(suppress:4127)
42.     while (TRUE){
43.        
44.         currentArg = (char*)strtok_s(cmdLine, " ", &context);
45.  
46.         if (currentArg == NULL) {
47.             break;
48.         }
49.  
50.         int sizeOfArg = strlen(currentArg) + 1;
51.        
52.         LOG("Arg = %s with size %d \n", currentArg, sizeOfArg);
53.  
54.  
55.         pStack = (PVOID)PtrDiff(pStack, sizeof(char)*sizeOfArg);
56.         topStack = (PVOID)PtrDiff(topStack, sizeof(char)*sizeOfArg);
57.  
58.         strcpy(pStack, currentArg);
59.  
60.  
61.         //PVOID argAddress = pStack;
62.         PVOID argAddress = topStack;
63.         argAddresses[i] = argAddress;
64.         argValues[i] = currentArg;
65.         i++;
66.  
67.     }
68.  
69.     LOG("DONE WRITING STRINGS \n");
70.  
71.  
72.     PVOID argvAddress;
73.  
74.     for (int j = i-1; j >= 0; j--) {
75.        
76.         LOG("Processing arg = %s at address 0x%X \n", argValues[j], argAddresses[j]);
77.  
78.         pStack = (PVOID)PtrDiff(pStack, sizeof(QWORD));
79.         topStack = (PVOID)PtrDiff(topStack, sizeof(QWORD));
80.         memcpy(pStack, &argAddresses[j], sizeof(QWORD));
81.  
82.         if (j == 0) {
83.             argvAddress = topStack;
84.         }
85.  
86.     }
87.  
88.     LOG(" END OF WHILE \n");
89.  
90.  
91.     //allign stack
92.     pStack = (PVOID)PtrDiff(AlignAddressUpper(pStack, 0x10), 0x08);
93.     topStack = (PVOID)PtrDiff(AlignAddressUpper(topStack, 0x10), 0x08);
94.  
95.  
96.  
97.     //shadow space ?
98.     pStack = (PVOID)PtrDiff(pStack, 2*sizeof(QWORD));
99.     topStack = (PVOID)PtrDiff(topStack, 2 * sizeof(QWORD));
100.  
101.     LOG("argvAddress is 0x%X \n", argvAddress);
102.  
103.     ////argv & argc
104.     pStack = (PVOID)PtrDiff(pStack, sizeof(QWORD));
105.     topStack = (PVOID)PtrDiff(topStack, sizeof(QWORD));
106.     memcpy(pStack, &argvAddress, sizeof(QWORD));
107.  
108.     LOG("Done with argv \n");
109.  
110.     pStack = (PVOID)PtrDiff(pStack, sizeof(QWORD));
111.     topStack = (PVOID)PtrDiff(topStack, sizeof(QWORD));
112.     memcpy(pStack, &argc, sizeof(QWORD));
113.  
114.     LOG("Done with argc \n");
115.  
116.     ////last one
117.     pStack = (PVOID)PtrDiff(pStack, sizeof(QWORD));
118.     topStack = (PVOID)PtrDiff(topStack, sizeof(QWORD));
119.  
120.     MmuFreeSystemVirtualAddressForUserBuffer(pStack);
121.    
122.     *ResultingStack = topStack;
123.  
124.  
125.     LOG("END \n");
126.  
127.     return STATUS_SUCCESS;
128.  
129.    
130. }