ReactOS 0.4.15-dev-8100-g1887773
ps.h File Reference
#include "ps_x.h"
Include dependency graph for ps.h:

Go to the source code of this file.

Classes

struct  _GET_SET_CTX_CONTEXT
 

Macros

#define _PS_DEBUG_   0x00
 
#define PS_THREAD_DEBUG   0x01
 
#define PS_PROCESS_DEBUG   0x02
 
#define PS_SECURITY_DEBUG   0x04
 
#define PS_JOB_DEBUG   0x08
 
#define PS_NOTIFICATIONS_DEBUG   0x10
 
#define PS_WIN32K_DEBUG   0x20
 
#define PS_STATE_DEBUG   0x40
 
#define PS_QUOTA_DEBUG   0x80
 
#define PS_KILL_DEBUG   0x100
 
#define PS_REF_DEBUG   0x200
 
#define PSTRACE(x, fmt, ...)   DPRINT(fmt, ##__VA_ARGS__)
 
#define PSREFTRACE(x)
 
#define PSP_MAX_CREATE_THREAD_NOTIFY   8
 
#define PSP_MAX_LOAD_IMAGE_NOTIFY   8
 
#define PSP_MAX_CREATE_PROCESS_NOTIFY   8
 
#define PSP_JOB_SCHEDULING_CLASSES   10
 
#define PSP_NON_PAGED_POOL_QUOTA_THRESHOLD   0x10000
 
#define PSP_PAGED_POOL_QUOTA_THRESHOLD   0x80000
 

Typedefs

typedef struct _GET_SET_CTX_CONTEXT GET_SET_CTX_CONTEXT
 
typedef struct _GET_SET_CTX_CONTEXTPGET_SET_CTX_CONTEXT
 

Functions

VOID NTAPI PspShutdownProcessManager (VOID)
 
BOOLEAN NTAPI PsInitSystem (IN PLOADER_PARAMETER_BLOCK LoaderBlock)
 
PETHREAD NTAPI PsGetNextProcessThread (IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
 
PEPROCESS NTAPI PsGetNextProcess (IN PEPROCESS OldProcess OPTIONAL)
 
NTSTATUS NTAPI PspMapSystemDll (IN PEPROCESS Process, OUT PVOID *DllBase, IN BOOLEAN UseLargePages)
 
NTSTATUS NTAPI PsLocateSystemDll (VOID)
 
VOID NTAPI PsChangeQuantumTable (IN BOOLEAN Immediate, IN ULONG PrioritySeparation)
 
NTSTATUS NTAPI PsReferenceProcessFilePointer (IN PEPROCESS Process, OUT PFILE_OBJECT *FileObject)
 
NTSTATUS NTAPI PspCreateProcess (OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ParentProcess OPTIONAL, IN ULONG Flags, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, IN BOOLEAN InJob)
 
PACCESS_TOKEN NTAPI PsReferenceEffectiveToken (IN PETHREAD Thread, OUT IN PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 
NTSTATUS NTAPI PsOpenTokenOfProcess (IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)
 
NTSTATUS NTAPI PspSetPrimaryToken (IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
 
NTSTATUS NTAPI PspInitializeProcessSecurity (IN PEPROCESS Process, IN PEPROCESS Parent OPTIONAL)
 
VOID NTAPI PspDeleteProcessSecurity (IN PEPROCESS Process)
 
VOID NTAPI PspDeleteThreadSecurity (IN PETHREAD Thread)
 
VOID NTAPI PsExitSpecialApc (PKAPC Apc, PKNORMAL_ROUTINE *NormalRoutine, PVOID *NormalContext, PVOID *SystemArgument1, PVOID *SystemArgument2)
 
VOID NTAPI PspReapRoutine (IN PVOID Context)
 
VOID NTAPI PspExitThread (IN NTSTATUS ExitStatus)
 
NTSTATUS NTAPI PspTerminateThreadByPointer (IN PETHREAD Thread, IN NTSTATUS ExitStatus, IN BOOLEAN bSelf)
 
VOID NTAPI PspExitProcess (IN BOOLEAN LastThread, IN PEPROCESS Process)
 
NTSTATUS NTAPI PsTerminateProcess (IN PEPROCESS Process, IN NTSTATUS ExitStatus)
 
VOID NTAPI PspDeleteProcess (IN PVOID ObjectBody)
 
VOID NTAPI PspDeleteThread (IN PVOID ObjectBody)
 
VOID NTAPI PspSystemThreadStartup (PKSTART_ROUTINE StartRoutine, PVOID StartContext)
 
VOID NTAPI PsIdleThreadMain (IN PVOID Context)
 
VOID NTAPI PspInheritQuota (_In_ PEPROCESS Process, _In_ PEPROCESS ParentProcess)
 
VOID NTAPI PspDereferenceQuotaBlock (_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock)
 De-references a quota block when quotas have been returned back because of an object de-allocation or when a process gets destroyed. If the last instance that held up the block gets de-referenced the function will perform a cleanup against that block and it'll free the quota block from memory.
 
NTSTATUS NTAPI PsReturnProcessPageFileQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Returns the page file quota that the process was taking up. The function is used exclusively by the kernel.
 
NTSTATUS NTAPI PsChargeProcessPageFileQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Charges the process page file quota. The function is used internally by the kernel.
 
VOID NTAPI PsReturnSharedPoolQuota (_In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ SIZE_T AmountToReturnPaged, _In_ SIZE_T AmountToReturnNonPaged)
 Returns the shared (paged and non paged) pool quotas. The function is used exclusively by the Object Manager to manage quota returns handling of objects.
 
PEPROCESS_QUOTA_BLOCK NTAPI PsChargeSharedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T AmountToChargePaged, _In_ SIZE_T AmountToChargeNonPaged)
 Charges the shared (paged and non paged) pool quotas. The function is used exclusively by the Object Manager to manage quota charges handling of objects.
 
NTSTATUS NTAPI PspSetQuotaLimits (_In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode)
 This function adjusts the working set limits of a process and sets up new quota limits when necessary. The function is used when the caller requests to set up new working set sizes.
 
VOID NTAPI PspExitProcessFromJob (IN PEJOB Job, IN PEPROCESS Process)
 
VOID NTAPI PspRemoveProcessFromJob (IN PEPROCESS Process, IN PEJOB Job)
 
VOID NTAPI PspInitializeJobStructures (VOID)
 
VOID NTAPI PspDeleteJob (IN PVOID ObjectBody)
 
NTSTATUS NTAPI PsResumeThread (IN PETHREAD Thread, OUT PULONG PreviousCount OPTIONAL)
 
NTSTATUS NTAPI PsSuspendThread (IN PETHREAD Thread, OUT PULONG PreviousCount OPTIONAL)
 
VOID NTAPI PspGetOrSetContextKernelRoutine (IN PKAPC Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine, IN OUT PVOID *NormalContext, IN OUT PVOID *SystemArgument1, IN OUT PVOID *SystemArgument2)
 
BOOLEAN NTAPI PspIsProcessExiting (IN PEPROCESS Process)
 
NTSTATUS NTAPI ApphelpCacheInitialize (VOID)
 
VOID NTAPI ApphelpCacheShutdown (VOID)
 

Variables

ULONG PspTraceLevel
 
LCID PsDefaultThreadLocaleId
 
LCID PsDefaultSystemLocaleId
 
LIST_ENTRY PspReaperListHead
 
WORK_QUEUE_ITEM PspReaperWorkItem
 
BOOLEAN PspReaping
 
PEPROCESS PsIdleProcess
 
LIST_ENTRY PsActiveProcessHead
 
KGUARDED_MUTEX PspActiveProcessMutex
 
LARGE_INTEGER ShortPsLockDelay
 
EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock
 
PHANDLE_TABLE PspCidTable
 
EX_CALLBACK PspThreadNotifyRoutine [PSP_MAX_CREATE_THREAD_NOTIFY]
 
EX_CALLBACK PspProcessNotifyRoutine [PSP_MAX_CREATE_PROCESS_NOTIFY]
 
EX_CALLBACK PspLoadImageNotifyRoutine [PSP_MAX_LOAD_IMAGE_NOTIFY]
 
PLEGO_NOTIFY_ROUTINE PspLegoNotifyRoutine
 
ULONG PspThreadNotifyRoutineCount
 
ULONG PspProcessNotifyRoutineCount
 
BOOLEAN PsImageNotifyEnabled
 
PKWIN32_PROCESS_CALLOUT PspW32ProcessCallout
 
PKWIN32_THREAD_CALLOUT PspW32ThreadCallout
 
PVOID PspSystemDllEntryPoint
 
PVOID PspSystemDllBase
 
BOOLEAN PspUseJobSchedulingClasses
 
CHAR PspJobSchedulingClasses [PSP_JOB_SCHEDULING_CLASSES]
 
ULONG PsRawPrioritySeparation
 
ULONG PsPrioritySeparation
 
POBJECT_TYPE _PsThreadType
 
POBJECT_TYPE _PsProcessType
 
PTOKEN PspBootAccessToken
 
GENERIC_MAPPING PspJobMapping
 
POBJECT_TYPE PsJobType
 
UNICODE_STRING PsNtDllPathName
 
LIST_ENTRY PsLoadedModuleList
 
KSPIN_LOCK PsLoadedModuleSpinLock
 
ERESOURCE PsLoadedModuleResource
 
ULONG_PTR PsNtosImageBase
 

Macro Definition Documentation

◆ _PS_DEBUG_

#define _PS_DEBUG_   0x00

Definition at line 12 of file ps.h.

◆ PS_JOB_DEBUG

#define PS_JOB_DEBUG   0x08

Definition at line 20 of file ps.h.

◆ PS_KILL_DEBUG

#define PS_KILL_DEBUG   0x100

Definition at line 25 of file ps.h.

◆ PS_NOTIFICATIONS_DEBUG

#define PS_NOTIFICATIONS_DEBUG   0x10

Definition at line 21 of file ps.h.

◆ PS_PROCESS_DEBUG

#define PS_PROCESS_DEBUG   0x02

Definition at line 18 of file ps.h.

◆ PS_QUOTA_DEBUG

#define PS_QUOTA_DEBUG   0x80

Definition at line 24 of file ps.h.

◆ PS_REF_DEBUG

#define PS_REF_DEBUG   0x200

Definition at line 26 of file ps.h.

◆ PS_SECURITY_DEBUG

#define PS_SECURITY_DEBUG   0x04

Definition at line 19 of file ps.h.

◆ PS_STATE_DEBUG

#define PS_STATE_DEBUG   0x40

Definition at line 23 of file ps.h.

◆ PS_THREAD_DEBUG

#define PS_THREAD_DEBUG   0x01

Definition at line 17 of file ps.h.

◆ PS_WIN32K_DEBUG

#define PS_WIN32K_DEBUG   0x20

Definition at line 22 of file ps.h.

◆ PSP_JOB_SCHEDULING_CLASSES

#define PSP_JOB_SCHEDULING_CLASSES   10

Definition at line 71 of file ps.h.

◆ PSP_MAX_CREATE_PROCESS_NOTIFY

#define PSP_MAX_CREATE_PROCESS_NOTIFY   8

Definition at line 66 of file ps.h.

◆ PSP_MAX_CREATE_THREAD_NOTIFY

#define PSP_MAX_CREATE_THREAD_NOTIFY   8

Definition at line 64 of file ps.h.

◆ PSP_MAX_LOAD_IMAGE_NOTIFY

#define PSP_MAX_LOAD_IMAGE_NOTIFY   8

Definition at line 65 of file ps.h.

◆ PSP_NON_PAGED_POOL_QUOTA_THRESHOLD

#define PSP_NON_PAGED_POOL_QUOTA_THRESHOLD   0x10000

Definition at line 76 of file ps.h.

◆ PSP_PAGED_POOL_QUOTA_THRESHOLD

#define PSP_PAGED_POOL_QUOTA_THRESHOLD   0x80000

Definition at line 77 of file ps.h.

◆ PSREFTRACE

#define PSREFTRACE (   x)

Definition at line 58 of file ps.h.

◆ PSTRACE

#define PSTRACE (   x,
  fmt,
  ... 
)    DPRINT(fmt, ##__VA_ARGS__)

Definition at line 57 of file ps.h.

Typedef Documentation

◆ GET_SET_CTX_CONTEXT

◆ PGET_SET_CTX_CONTEXT

Function Documentation

◆ ApphelpCacheInitialize()

NTSTATUS NTAPI ApphelpCacheInitialize ( VOID  )

Definition at line 439 of file apphelp.c.

440{
441 DPRINT("SHIMS: ApphelpCacheInitialize\n");
442 /* If we are booting in safemode we do not want to use the apphelp cache */
444 {
445 DPRINT1("SHIMS: Safe mode detected, disabling cache.\n");
447 }
448 else
449 {
455 NULL);
458 }
459 DPRINT("SHIMS: ApphelpCacheInitialize: %d\n", ApphelpCacheEnabled);
460 return STATUS_SUCCESS;
461}
VOID NTAPI RtlInitializeGenericTableAvl(IN OUT PRTL_AVL_TABLE Table, IN PRTL_AVL_COMPARE_ROUTINE CompareRoutine, IN PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine, IN PRTL_AVL_FREE_ROUTINE FreeRoutine, IN PVOID TableContext)
Definition: avltable.c:26
#define DPRINT1
Definition: precomp.h:8
#define NULL
Definition: types.h:112
#define FALSE
Definition: types.h:117
NTSTATUS ExInitializeResourceLite(PULONG res)
Definition: env_spec_w32.h:641
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
RTL_GENERIC_COMPARE_RESULTS NTAPI ApphelpShimCacheCompareRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID FirstStruct, _In_ PVOID SecondStruct)
Definition: apphelp.c:209
static BOOLEAN ApphelpCacheEnabled
Definition: apphelp.c:29
PVOID NTAPI ApphelpShimCacheAllocateRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ CLONG ByteSize)
Definition: apphelp.c:234
BOOLEAN ApphelpCacheRead(VOID)
Definition: apphelp.c:306
static LIST_ENTRY ApphelpShimCacheAge
Definition: apphelp.c:32
static RTL_AVL_TABLE ApphelpShimCache
Definition: apphelp.c:31
ULONG InitSafeBootMode
Definition: init.c:71
static ERESOURCE ApphelpCacheLock
Definition: apphelp.c:30
VOID NTAPI ApphelpShimCacheFreeRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID Buffer)
Definition: apphelp.c:243
#define STATUS_SUCCESS
Definition: shellext.h:65
#define DPRINT
Definition: sndvol32.h:73

Referenced by IoInitSystem().

◆ ApphelpCacheShutdown()

VOID NTAPI ApphelpCacheShutdown ( VOID  )

Definition at line 465 of file apphelp.c.

466{
468 {
470 }
471}
BOOLEAN ApphelpCacheWrite(VOID)
Definition: apphelp.c:362

Referenced by PopGracefulShutdown().

◆ PsChangeQuantumTable()

VOID NTAPI PsChangeQuantumTable ( IN BOOLEAN  Immediate,
IN ULONG  PrioritySeparation 
)

Definition at line 235 of file process.c.

237{
239 ULONG i;
240 UCHAR Quantum;
241 PCHAR QuantumTable;
242 PAGED_CODE();
244 "%lx PrioritySeparation: %lx\n", Immediate, PrioritySeparation);
245
246 /* Write the current priority separation */
248
249 /* Normalize it if it was too high */
251
252 /* Get the quantum table to use */
253 if (PspQuantumTypeFromMask(PrioritySeparation) == PSP_VARIABLE_QUANTUMS)
254 {
255 /* Use a variable table */
256 QuantumTable = PspVariableQuantums;
257 }
258 else if (PspQuantumTypeFromMask(PrioritySeparation) == PSP_FIXED_QUANTUMS)
259 {
260 /* Use fixed table */
261 QuantumTable = PspFixedQuantums;
262 }
263 else
264 {
265 /* Use default for the type of system we're on */
267 }
268
269 /* Now check if we should use long or short */
270 if (PspQuantumLengthFromMask(PrioritySeparation) == PSP_LONG_QUANTUMS)
271 {
272 /* Use long quantums */
273 QuantumTable += 3;
274 }
275 else if (PspQuantumLengthFromMask(PrioritySeparation) == PSP_SHORT_QUANTUMS)
276 {
277 /* Keep existing table */
278 NOTHING;
279 }
280 else
281 {
282 /* Use default for the type of system we're on */
283 QuantumTable += MmIsThisAnNtAsSystem() ? 3 : 0;
284 }
285
286 /* Check if we're using long fixed quantums */
287 if (QuantumTable == &PspFixedQuantums[3])
288 {
289 /* Use Job scheduling classes */
291 }
292 else
293 {
294 /* Otherwise, we don't */
296 }
297
298 /* Copy the selected table into the Foreground Quantum table */
300 QuantumTable,
301 sizeof(PspForegroundQuantum));
302
303 /* Check if we should apply these changes real-time */
304 if (Immediate)
305 {
306 /* We are...loop every process */
308 while (Process)
309 {
310 /* Use the priority separation if this is a foreground process */
311 i = (Process->Vm.Flags.MemoryPriority ==
314
315 /* Make sure that the process isn't idle */
316 if (Process->PriorityClass != PROCESS_PRIORITY_CLASS_IDLE)
317 {
318 /* Does the process have a job? */
319 if ((Process->Job) && (PspUseJobSchedulingClasses))
320 {
321 /* Use job quantum */
322 Quantum = PspJobSchedulingClasses[Process->Job->SchedulingClass];
323 }
324 else
325 {
326 /* Use calculated quantum */
327 Quantum = PspForegroundQuantum[i];
328 }
329 }
330 else
331 {
332 /* Process is idle, use default quantum */
333 Quantum = 6;
334 }
335
336 /* Now set the quantum */
337 KeSetQuantumProcess(&Process->Pcb, Quantum);
338
339 /* Get the next process */
341 }
342 }
343}
#define PAGED_CODE()
#define TRUE
Definition: types.h:120
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define PROCESS_PRIORITY_CLASS_IDLE
Definition: pstypes.h:107
#define PSP_VARIABLE_QUANTUMS
Definition: pstypes.h:132
#define PSP_LONG_QUANTUMS
Definition: pstypes.h:134
#define PSP_FIXED_QUANTUMS
Definition: pstypes.h:133
#define MEMORY_PRIORITY_BACKGROUND
Definition: pstypes.h:124
#define PSP_SHORT_QUANTUMS
Definition: pstypes.h:135
#define NOTHING
Definition: input_list.c:10
BOOLEAN NTAPI MmIsThisAnNtAsSystem(VOID)
Definition: mmsup.c:246
VOID NTAPI KeSetQuantumProcess(IN PKPROCESS Process, IN UCHAR Quantum)
Definition: procobj.c:229
PEPROCESS NTAPI PsGetNextProcess(IN PEPROCESS OldProcess)
Definition: process.c:128
CHAR PspForegroundQuantum[3]
Definition: process.c:29
ULONG PsPrioritySeparation
Definition: process.c:28
CHAR PspFixedQuantums[6]
Definition: process.c:32
CHAR PspVariableQuantums[6]
Definition: process.c:46
#define PSTRACE(x, fmt,...)
Definition: ps.h:57
#define PS_PROCESS_DEBUG
Definition: ps.h:18
BOOLEAN PspUseJobSchedulingClasses
Definition: job.c:25
CHAR PspJobSchedulingClasses[PSP_JOB_SCHEDULING_CLASSES]
Definition: job.c:27
#define PspPrioritySeparationFromMask(Mask)
Definition: ps_x.h:13
#define PspQuantumTypeFromMask(Mask)
Definition: ps_x.h:16
#define PspQuantumLengthFromMask(Mask)
Definition: ps_x.h:19
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
uint32_t ULONG
Definition: typedefs.h:59
char * PCHAR
Definition: typedefs.h:51
unsigned char UCHAR
Definition: xmlstorage.h:181

Referenced by PspInitPhase0(), and SSI_DEF().

◆ PsChargeProcessPageFileQuota()

NTSTATUS NTAPI PsChargeProcessPageFileQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Charges the process page file quota. The function is used internally by the kernel.

Parameters
[in]ProcessThe process which page file quota is to be charged.
[in]AmountThe amount of page file quota to charge.
Returns
Returns STATUS_SUCCESS if quota charging has been done with success, otherwise a NTSTATUS code of STATUS_PAGEFILE_QUOTA_EXCEEDED is returned.

Definition at line 738 of file quota.c.

741{
742 /* Don't do anything for the system process */
744
746}
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
Definition: fsrtlfuncs.h:551
@ PsPageFile
Definition: pstypes.h:1023
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
NTSTATUS NTAPI PspChargeProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota charging, necessary for export...
Definition: quota.c:195

◆ PsChargeSharedPoolQuota()

PEPROCESS_QUOTA_BLOCK NTAPI PsChargeSharedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  AmountToChargePaged,
_In_ SIZE_T  AmountToChargeNonPaged 
)

Charges the shared (paged and non paged) pool quotas. The function is used exclusively by the Object Manager to manage quota charges handling of objects.

Parameters
[in]ProcessThe process which quotas are to be charged within its quota block.
[in]AmountToChargePagedThe amount of paged quotas quotas to be charged.
[in]AmountToChargeNonPagedThe amount of non paged quotas to be charged.
Returns
Returns the charged quota block, which it'll be used by the Object Manager to attach the charged quotas information to the object. If the function fails to charge quotas, NULL is returned to the caller.

Definition at line 674 of file quota.c.

678{
680
681 /* Sanity checks */
683 ASSERT(Process->QuotaBlock);
684
685 /* Do we have some paged pool quota to charge? */
686 if (AmountToChargePaged != 0)
687 {
688 /* We do, charge! */
689 Status = PspChargeProcessQuotaSpecifiedPool(NULL, Process->QuotaBlock, PsPagedPool, AmountToChargePaged);
690 if (!NT_SUCCESS(Status))
691 {
692 DPRINT1("PsChargeSharedPoolQuota(): Failed to charge the shared pool quota (Status 0x%lx)\n", Status);
693 return NULL;
694 }
695 }
696
697 /* Do we have some non paged pool quota to charge? */
698 if (AmountToChargeNonPaged != 0)
699 {
700 /* We do, charge! */
701 Status = PspChargeProcessQuotaSpecifiedPool(NULL, Process->QuotaBlock, PsNonPagedPool, AmountToChargeNonPaged);
702 if (!NT_SUCCESS(Status))
703 {
704 DPRINT1("PsChargeSharedPoolQuota(): Failed to charge the shared pool quota (Status 0x%lx). Attempting to return some paged pool back...\n", Status);
705 PspReturnProcessQuotaSpecifiedPool(NULL, Process->QuotaBlock, PsPagedPool, AmountToChargePaged);
706 return NULL;
707 }
708 }
709
710 /* We have charged the quotas of an object, increment the reference */
711 InterlockedIncrementSizeT(&Process->QuotaBlock->ReferenceCount);
712
713 DPRINT("PsChargeSharedPoolQuota(): Amount charged (paged %lu -- non paged %lu)\n", AmountToChargePaged, AmountToChargeNonPaged);
714 return Process->QuotaBlock;
715}
LONG NTSTATUS
Definition: precomp.h:26
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
Status
Definition: gdiplustypes.h:25
@ PsNonPagedPool
Definition: pstypes.h:1021
@ PsPagedPool
Definition: pstypes.h:1022
#define InterlockedIncrementSizeT(a)
Definition: interlocked.h:220
#define ASSERT(a)
Definition: mode.c:44
VOID NTAPI PspReturnProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota returning. It returns (takes a...
Definition: quota.c:345

Referenced by ObpChargeQuotaForObject().

◆ PsExitSpecialApc()

VOID NTAPI PsExitSpecialApc ( PKAPC  Apc,
PKNORMAL_ROUTINE NormalRoutine,
PVOID NormalContext,
PVOID SystemArgument1,
PVOID SystemArgument2 
)

Referenced by KiInsertQueueApc().

◆ PsGetNextProcess()

PEPROCESS NTAPI PsGetNextProcess ( IN PEPROCESS OldProcess  OPTIONAL)

Definition at line 128 of file process.c.

129{
131 PEPROCESS FoundProcess = NULL;
132 PAGED_CODE();
133 PSTRACE(PS_PROCESS_DEBUG, "Process: %p\n", OldProcess);
134
135 /* Acquire the Active Process Lock */
137
138 /* Check if we're already starting somewhere */
139 if (OldProcess)
140 {
141 /* Start where we left off */
142 Entry = OldProcess->ActiveProcessLinks.Flink;
143 }
144 else
145 {
146 /* Start at the beginning */
148 }
149
150 /* Loop the process list */
151 while (Entry != &PsActiveProcessHead)
152 {
153 /* Get the process */
154 FoundProcess = CONTAINING_RECORD(Entry, EPROCESS, ActiveProcessLinks);
155
156 /* Reference the process */
157 if (ObReferenceObjectSafe(FoundProcess)) break;
158
159 /* Nothing found, keep trying */
160 FoundProcess = NULL;
161 Entry = Entry->Flink;
162 }
163
164 /* Release the lock */
166
167 /* Dereference the Process we had referenced earlier */
168 if (OldProcess) ObDereferenceObject(OldProcess);
169 return FoundProcess;
170}
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
LIST_ENTRY PsActiveProcessHead
Definition: process.c:22
KGUARDED_MUTEX PspActiveProcessMutex
Definition: process.c:23
BOOLEAN FASTCALL ObReferenceObjectSafe(IN PVOID Object)
Definition: obref.c:22
base of all file and directory entries
Definition: entries.h:83
Definition: typedefs.h:120
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260
#define ObDereferenceObject
Definition: obfuncs.h:203

Referenced by DbgkpCloseObject(), ExpDebuggerWorker(), PopGracefulShutdown(), PsChangeQuantumTable(), PspShutdownProcessManager(), and QSI_DEF().

◆ PsGetNextProcessThread()

PETHREAD NTAPI PsGetNextProcessThread ( IN PEPROCESS  Process,
IN PETHREAD Thread  OPTIONAL 
)

Definition at line 75 of file process.c.

77{
78 PETHREAD FoundThread = NULL;
79 PLIST_ENTRY ListHead, Entry;
80 PAGED_CODE();
82 "Process: %p Thread: %p\n", Process, Thread);
83
84 /* Lock the process */
86 ExAcquirePushLockShared(&Process->ProcessLock);
87
88 /* Check if we're already starting somewhere */
89 if (Thread)
90 {
91 /* Start where we left off */
93 }
94 else
95 {
96 /* Start at the beginning */
97 Entry = Process->ThreadListHead.Flink;
98 }
99
100 /* Set the list head and start looping */
101 ListHead = &Process->ThreadListHead;
102 while (ListHead != Entry)
103 {
104 /* Get the Thread */
105 FoundThread = CONTAINING_RECORD(Entry, ETHREAD, ThreadListEntry);
106
107 /* Safe reference the thread */
108 if (ObReferenceObjectSafe(FoundThread)) break;
109
110 /* Nothing found, keep looping */
111 FoundThread = NULL;
112 Entry = Entry->Flink;
113 }
114
115 /* Unlock the process */
116 ExReleasePushLockShared(&Process->ProcessLock);
118
119 /* Check if we had a starting thread, and dereference it */
121
122 /* Return what we found */
123 return FoundThread;
124}
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1105
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1213
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
LIST_ENTRY ThreadListEntry
Definition: pstypes.h:1158

Referenced by DbgkpPostFakeThreadMessages(), DbgkpSetProcessDebugObject(), ExSwapinWorkerThreads(), NtSetInformationThread(), NtTerminateProcess(), PspTerminateProcess(), PsResumeProcess(), and PsSuspendProcess().

◆ PsIdleThreadMain()

VOID NTAPI PsIdleThreadMain ( IN PVOID  Context)

◆ PsInitSystem()

BOOLEAN NTAPI PsInitSystem ( IN PLOADER_PARAMETER_BLOCK  LoaderBlock)

Definition at line 532 of file psmgr.c.

533{
534 /* Check the initialization phase */
536 {
537 case 0:
538
539 /* Do Phase 0 */
540 return PspInitPhase0(LoaderBlock);
541
542 case 1:
543
544 /* Do Phase 1 */
545 return PspInitPhase1();
546
547 default:
548
549 /* Don't know any other phase! Bugcheck! */
550 KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
551 1,
553 0,
554 0);
555 return FALSE;
556 }
557}
ULONG ExpInitializationPhase
Definition: init.c:68
BOOLEAN NTAPI PspInitPhase1(VOID)
Definition: psmgr.c:304
BOOLEAN NTAPI PspInitPhase0(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
Definition: psmgr.c:314
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ PsLocateSystemDll()

NTSTATUS NTAPI PsLocateSystemDll ( VOID  )

Definition at line 187 of file psmgr.c.

188{
191 HANDLE FileHandle, SectionHandle;
193 ULONG_PTR HardErrorParameters;
194 ULONG HardErrorResponse;
195
196 /* Locate and open NTDLL to determine ImageBase and LdrStartup */
199 0,
200 NULL,
201 NULL);
207 0);
208 if (!NT_SUCCESS(Status))
209 {
210 /* Failed, bugcheck */
211 KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 2, 0, 0);
212 }
213
214 /* Check if the image is valid */
217 {
218 /* Raise a hard error */
219 HardErrorParameters = (ULONG_PTR)&PsNtDllPathName;
221 1,
222 1,
223 &HardErrorParameters,
224 OptionOk,
225 &HardErrorResponse);
226 return Status;
227 }
228
229 /* Create a section for NTDLL */
230 Status = ZwCreateSection(&SectionHandle,
232 NULL,
233 NULL,
235 SEC_IMAGE,
236 FileHandle);
238 if (!NT_SUCCESS(Status))
239 {
240 /* Failed, bugcheck */
241 KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 3, 0, 0);
242 }
243
244 /* Reference the Section */
245 Status = ObReferenceObjectByHandle(SectionHandle,
250 NULL);
251 ZwClose(SectionHandle);
252 if (!NT_SUCCESS(Status))
253 {
254 /* Failed, bugcheck */
255 KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 4, 0, 0);
256 }
257
258 /* Map it */
260 if (!NT_SUCCESS(Status))
261 {
262 /* Failed, bugcheck */
263 KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 5, 0, 0);
264 }
265
266 /* Return status */
267 return Status;
268}
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define FILE_SHARE_READ
Definition: compat.h:136
#define ULONG_PTR
Definition: config.h:101
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
NTSTATUS NTAPI NtRaiseHardError(IN NTSTATUS ErrorStatus, IN ULONG NumberOfParameters, IN ULONG UnicodeStringParameterMask, IN PULONG_PTR Parameters, IN ULONG ValidResponseOptions, OUT PULONG Response)
Definition: harderr.c:551
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define KernelMode
Definition: asm.h:34
@ OptionOk
Definition: extypes.h:187
NTSYSAPI NTSTATUS NTAPI ZwOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
#define SEC_IMAGE
Definition: mmtypes.h:97
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
#define SECTION_ALL_ACCESS
Definition: nt_native.h:1293
#define PAGE_EXECUTE
Definition: nt_native.h:1306
#define FILE_READ_ACCESS
Definition: nt_native.h:610
NTSTATUS NTAPI MmCheckSystemImage(IN HANDLE ImageHandle, IN BOOLEAN PurgeSection)
Definition: sysldr.c:2745
#define STATUS_IMAGE_CHECKSUM_MISMATCH
Definition: ntstatus.h:677
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
NTSTATUS NTAPI PspMapSystemDll(IN PEPROCESS Process, IN PVOID *DllBase, IN BOOLEAN UseLargePages)
Definition: psmgr.c:153
UNICODE_STRING PsNtDllPathName
Definition: psmgr.c:45
PVOID PspSystemDllSection
Definition: psmgr.c:42
PVOID PspSystemDllBase
Definition: psmgr.c:41
POBJECT_TYPE MmSectionObjectType
Definition: section.c:194
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define PsGetCurrentProcess
Definition: psfuncs.h:17

Referenced by IoInitSystem().

◆ PsOpenTokenOfProcess()

NTSTATUS NTAPI PsOpenTokenOfProcess ( IN HANDLE  ProcessHandle,
OUT PACCESS_TOKEN Token 
)

Definition at line 471 of file security.c.

473{
476 PAGED_CODE();
477 PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", ProcessHandle);
478
479 /* Get the Token */
484 (PVOID*)&Process,
485 NULL);
486 if (NT_SUCCESS(Status))
487 {
488 /* Reference the token and dereference the process */
491 }
492
493 /* Return */
494 return Status;
495}
#define ExGetPreviousMode
Definition: ex.h:140
#define PROCESS_QUERY_INFORMATION
Definition: pstypes.h:166
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
POBJECT_TYPE PsProcessType
Definition: process.c:20
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
#define PS_SECURITY_DEBUG
Definition: ps.h:19

Referenced by NtOpenProcessTokenEx().

◆ PspCreateProcess()

NTSTATUS NTAPI PspCreateProcess ( OUT PHANDLE  ProcessHandle,
IN ACCESS_MASK  DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL,
IN HANDLE ParentProcess  OPTIONAL,
IN ULONG  Flags,
IN HANDLE SectionHandle  OPTIONAL,
IN HANDLE DebugPort  OPTIONAL,
IN HANDLE ExceptionPort  OPTIONAL,
IN BOOLEAN  InJob 
)

Definition at line 347 of file process.c.

356{
359 PVOID ExceptionPortObject;
360 PDEBUG_OBJECT DebugObject;
363 ULONG_PTR DirectoryTableBase[2] = {0,0};
365 HANDLE_TABLE_ENTRY CidEntry;
366 PETHREAD CurrentThread = PsGetCurrentThread();
368 PEPROCESS CurrentProcess = PsGetCurrentProcess();
369 ULONG MinWs, MaxWs;
370 ACCESS_STATE LocalAccessState;
371 PACCESS_STATE AccessState = &LocalAccessState;
372 AUX_ACCESS_DATA AuxData;
373 UCHAR Quantum;
374 BOOLEAN Result, SdAllocated;
377 BOOLEAN NeedsPeb = FALSE;
378 INITIAL_PEB InitialPeb;
379 PAGED_CODE();
381 "ProcessHandle: %p Parent: %p\n", ProcessHandle, ParentProcess);
382
383 /* Validate flags */
385
386 /* Check for parent */
387 if (ParentProcess)
388 {
389 /* Reference it */
390 Status = ObReferenceObjectByHandle(ParentProcess,
394 (PVOID*)&Parent,
395 NULL);
396 if (!NT_SUCCESS(Status)) return Status;
397
398 /* If this process should be in a job but the parent isn't */
399 if ((InJob) && (!Parent->Job))
400 {
401 /* This is illegal. Dereference the parent and fail */
404 }
405
406 /* Inherit Parent process's Affinity. */
407 Affinity = Parent->Pcb.Affinity;
408 }
409 else
410 {
411 /* We have no parent */
412 Parent = NULL;
414 }
415
416 /* Save working set data */
417 MinWs = PsMinimumWorkingSet;
418 MaxWs = PsMaximumWorkingSet;
419
420 /* Create the Object */
425 NULL,
426 sizeof(EPROCESS),
427 0,
428 0,
429 (PVOID*)&Process);
430 if (!NT_SUCCESS(Status)) goto Cleanup;
431
432 /* Clean up the Object */
434
435 /* Initialize pushlock and rundown protection */
436 ExInitializeRundownProtection(&Process->RundownProtect);
437 Process->ProcessLock.Value = 0;
438
439 /* Setup the Thread List Head */
440 InitializeListHead(&Process->ThreadListHead);
441
442 /* Set up the Quota Block from the Parent */
444
445 /* Set up Dos Device Map from the Parent */
447
448 /* Check if we have a parent */
449 if (Parent)
450 {
451 /* Inherit PID and hard-error processing */
452 Process->InheritedFromUniqueProcessId = Parent->UniqueProcessId;
453 Process->DefaultHardErrorProcessing = Parent->DefaultHardErrorProcessing;
454 }
455 else
456 {
457 /* Use default hard-error processing */
458 Process->DefaultHardErrorProcessing = SEM_FAILCRITICALERRORS;
459 }
460
461 /* Check for a section handle */
462 if (SectionHandle)
463 {
464 /* Get a pointer to it */
465 Status = ObReferenceObjectByHandle(SectionHandle,
470 NULL);
471 if (!NT_SUCCESS(Status)) goto CleanupWithRef;
472 }
473 else
474 {
475 /* Assume no section object */
477
478 /* Is the parent the initial process?
479 * Check for NULL also, as at initialization PsInitialSystemProcess is NULL */
481 {
482 /* It's not, so acquire the process rundown */
483 if (ExAcquireRundownProtection(&Parent->RundownProtect))
484 {
485 /* If the parent has a section, use it */
486 SectionObject = Parent->SectionObject;
488
489 /* Release process rundown */
490 ExReleaseRundownProtection(&Parent->RundownProtect);
491 }
492
493 /* If we don't have a section object */
494 if (!SectionObject)
495 {
496 /* Then the process is in termination, so fail */
498 goto CleanupWithRef;
499 }
500 }
501 }
502
503 /* Save the pointer to the section object */
504 Process->SectionObject = SectionObject;
505
506 /* Check for the debug port */
507 if (DebugPort)
508 {
509 /* Reference it */
514 (PVOID*)&DebugObject,
515 NULL);
516 if (!NT_SUCCESS(Status)) goto CleanupWithRef;
517
518 /* Save the debug object */
519 Process->DebugPort = DebugObject;
520
521 /* Check if the caller doesn't want the debug stuff inherited */
523 {
524 /* Set the process flag */
526 }
527 }
528 else
529 {
530 /* Do we have a parent? Copy his debug port */
532 }
533
534 /* Now check for an exception port */
535 if (ExceptionPort)
536 {
537 /* Reference it */
538 Status = ObReferenceObjectByHandle(ExceptionPort,
542 (PVOID*)&ExceptionPortObject,
543 NULL);
544 if (!NT_SUCCESS(Status)) goto CleanupWithRef;
545
546 /* Save the exception port */
547 Process->ExceptionPort = ExceptionPortObject;
548 }
549
550 /* Save the pointer to the section object */
551 Process->SectionObject = SectionObject;
552
553 /* Set default exit code */
554 Process->ExitStatus = STATUS_PENDING;
555
556 /* Check if this is the initial process being built */
557 if (Parent)
558 {
559 /* Create the address space for the child */
561 Process,
562 DirectoryTableBase))
563 {
564 /* Failed */
566 goto CleanupWithRef;
567 }
568 }
569 else
570 {
571 /* Otherwise, we are the boot process, we're already semi-initialized */
572 Process->ObjectTable = CurrentProcess->ObjectTable;
573 Status = MmInitializeHandBuiltProcess(Process, DirectoryTableBase);
574 if (!NT_SUCCESS(Status)) goto CleanupWithRef;
575 }
576
577 /* We now have an address space */
579
580 /* Set the maximum WS */
581 Process->Vm.MaximumWorkingSetSize = MaxWs;
582
583 /* Now initialize the Kernel Process */
586 Affinity,
587 DirectoryTableBase,
588 BooleanFlagOn(Process->DefaultHardErrorProcessing,
590
591 /* Duplicate Parent Token */
593 if (!NT_SUCCESS(Status)) goto CleanupWithRef;
594
595 /* Set default priority class */
596 Process->PriorityClass = PROCESS_PRIORITY_CLASS_NORMAL;
597
598 /* Check if we have a parent */
599 if (Parent)
600 {
601 /* Check our priority class */
602 if (Parent->PriorityClass == PROCESS_PRIORITY_CLASS_IDLE ||
604 {
605 /* Normalize it */
606 Process->PriorityClass = Parent->PriorityClass;
607 }
608
609 /* Initialize object manager for the process */
611 Parent : NULL,
612 Process);
613 if (!NT_SUCCESS(Status)) goto CleanupWithRef;
614 }
615 else
616 {
617 /* Do the second part of the boot process memory setup */
619 if (!NT_SUCCESS(Status)) goto CleanupWithRef;
620 }
621
622 /* Set success for now */
624
625 /* Check if this is a real user-mode process */
626 if (SectionHandle)
627 {
628 /* Initialize the address space */
630 NULL,
632 &Flags,
633 &Process->
634 SeAuditProcessCreationInfo.
635 ImageFileName);
636 if (!NT_SUCCESS(Status)) goto CleanupWithRef;
637
638 //
639 // We need a PEB
640 //
641 NeedsPeb = TRUE;
642 }
643 else if (Parent)
644 {
645 /* Check if this is a child of the system process */
647 {
648 //
649 // We need a PEB
650 //
651 NeedsPeb = TRUE;
652
653 /* This is a clone! */
654 ASSERTMSG("No support for cloning yet\n", FALSE);
655 }
656 else
657 {
658 /* This is the initial system process */
659 Flags &= ~PROCESS_CREATE_FLAGS_LARGE_PAGES;
661 NULL,
662 NULL,
663 &Flags,
664 NULL);
665 if (!NT_SUCCESS(Status)) goto CleanupWithRef;
666
667 /* Create a dummy image file name */
668 Process->SeAuditProcessCreationInfo.ImageFileName =
671 TAG_SEPA);
672 if (!Process->SeAuditProcessCreationInfo.ImageFileName)
673 {
674 /* Fail */
676 goto CleanupWithRef;
677 }
678
679 /* Zero it out */
680 RtlZeroMemory(Process->SeAuditProcessCreationInfo.ImageFileName,
682 }
683 }
684
685#if MI_TRACE_PFNS
686 /* Copy the process name now that we have it */
687 memcpy(MiGetPfnEntry(Process->Pcb.DirectoryTableBase[0] >> PAGE_SHIFT)->ProcessName, Process->ImageFileName, 16);
688 if (Process->Pcb.DirectoryTableBase[1]) memcpy(MiGetPfnEntry(Process->Pcb.DirectoryTableBase[1] >> PAGE_SHIFT)->ProcessName, Process->ImageFileName, 16);
689 if (Process->WorkingSetPage) memcpy(MiGetPfnEntry(Process->WorkingSetPage)->ProcessName, Process->ImageFileName, 16);
690#endif
691
692 /* Check if we have a section object and map the system DLL */
694
695 /* Create a handle for the Process */
696 CidEntry.Object = Process;
697 CidEntry.GrantedAccess = 0;
698 Process->UniqueProcessId = ExCreateHandle(PspCidTable, &CidEntry);
699 if (!Process->UniqueProcessId)
700 {
701 /* Fail */
703 goto CleanupWithRef;
704 }
705
706 /* Set the handle table PID */
707 Process->ObjectTable->UniqueProcessId = Process->UniqueProcessId;
708
709 /* Check if we need to audit */
711
712 /* Check if the parent had a job */
713 if ((Parent) && (Parent->Job))
714 {
715 /* FIXME: We need to insert this process */
716 DPRINT1("Jobs not yet supported\n");
717 }
718
719 /* Create PEB only for User-Mode Processes */
720 if ((Parent) && (NeedsPeb))
721 {
722 //
723 // Set up the initial PEB
724 //
725 RtlZeroMemory(&InitialPeb, sizeof(INITIAL_PEB));
726 InitialPeb.Mutant = (HANDLE)-1;
727 InitialPeb.ImageUsesLargePages = 0; // FIXME: Not yet supported
728
729 //
730 // Create it only if we have an image section
731 //
732 if (SectionHandle)
733 {
734 //
735 // Create it
736 //
737 Status = MmCreatePeb(Process, &InitialPeb, &Process->Peb);
738 if (!NT_SUCCESS(Status)) goto CleanupWithRef;
739 }
740 else
741 {
742 //
743 // We have to clone it
744 //
745 ASSERTMSG("No support for cloning yet\n", FALSE);
746 }
747
748 }
749
750 /* The process can now be activated */
752 InsertTailList(&PsActiveProcessHead, &Process->ActiveProcessLinks);
754
755 /* Create an access state */
756 Status = SeCreateAccessStateEx(CurrentThread,
757 ((Parent) &&
759 Parent : CurrentProcess,
760 &LocalAccessState,
761 &AuxData,
764 if (!NT_SUCCESS(Status)) goto CleanupWithRef;
765
766 /* Insert the Process into the Object Directory */
770 1,
771 NULL,
772 &hProcess);
773
774 /* Free the access state */
776
777 /* Cleanup on failure */
778 if (!NT_SUCCESS(Status)) goto Cleanup;
779
780 /* Compute Quantum and Priority */
781 ASSERT(IsListEmpty(&Process->ThreadListHead) == TRUE);
782 Process->Pcb.BasePriority =
785 &Quantum);
786 Process->Pcb.QuantumReset = Quantum;
787
788 /* Check if we have a parent other then the initial system process */
789 Process->GrantedAccess = PROCESS_TERMINATE;
791 {
792 /* Get the process's SD */
795 &SdAllocated);
796 if (!NT_SUCCESS(Status))
797 {
798 /* We failed, close the handle and clean up */
800 goto CleanupWithRef;
801 }
802
803 /* Create the subject context */
804 SubjectContext.ProcessAuditId = Process;
806 SubjectContext.ClientToken = NULL;
807
808 /* Do the access check */
811 FALSE,
813 0,
814 NULL,
817 &Process->GrantedAccess,
818 &AccessStatus);
819
820 /* Dereference the token and let go the SD */
822 SubjectContext.PrimaryToken);
824
825 /* Remove access if it failed */
826 if (!Result) Process->GrantedAccess = 0;
827
828 /* Give the process some basic access */
829 Process->GrantedAccess |= (PROCESS_VM_OPERATION |
840 }
841 else
842 {
843 /* Set full granted access */
844 Process->GrantedAccess = PROCESS_ALL_ACCESS;
845 }
846
847 /* Set the Creation Time */
848 KeQuerySystemTime(&Process->CreateTime);
849
850 /* Protect against bad user-mode pointer */
852 {
853 /* Hacky way of returning the PEB to the user-mode creator */
854 if ((Process->Peb) && (CurrentThread->Tcb.Teb))
855 {
856 CurrentThread->Tcb.Teb->NtTib.ArbitraryUserPointer = Process->Peb;
857 }
858
859 /* Save the process handle */
861 }
863 {
864 /* Get the exception code */
866 }
867 _SEH2_END;
868
869 /* Run the Notification Routines */
871
872 /* If 12 processes have been created, enough of user-mode is ready */
873 if (++ProcessCount == 12) Ki386PerfEnd();
874
875CleanupWithRef:
876 /*
877 * Dereference the process. For failures, kills the process and does
878 * cleanup present in PspDeleteProcess. For success, kills the extra
879 * reference added by ObInsertObject.
880 */
882
883Cleanup:
884 /* Dereference the parent */
886
887 /* Return status to caller */
888 return Status;
889}
#define DbgkDebugObjectType
Definition: ObTypes.c:120
unsigned char BOOLEAN
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1994
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:732
VOID NTAPI DbgkCopyProcessDebugPort(IN PEPROCESS Process, IN PEPROCESS Parent)
Definition: dbgkobj.c:276
#define DEBUG_OBJECT_ADD_REMOVE_PROCESS
Definition: dbgktypes.h:32
ULONG_PTR KAFFINITY
Definition: compat.h:85
static const WCHAR Cleanup[]
Definition: register.c:80
#define InsertTailList(ListHead, Entry)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define IsListEmpty(ListHead)
Definition: env_spec_w32.h:954
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define PAGE_SHIFT
Definition: env_spec_w32.h:45
#define KeQuerySystemTime(t)
Definition: env_spec_w32.h:570
#define PagedPool
Definition: env_spec_w32.h:308
#define ExReleaseRundownProtection
Definition: ex.h:136
#define ExInitializeRundownProtection
Definition: ex.h:137
#define ExAcquireRundownProtection
Definition: ex.h:135
#define BooleanFlagOn(F, SF)
Definition: ext2fs.h:183
#define _SEH2_END
Definition: filesup.c:22
#define _SEH2_TRY
Definition: filesup.c:19
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
_Must_inspect_result_ _Outptr_ PVOID * SectionObject
Definition: fsrtlfuncs.h:860
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define PROCESS_TERMINATE
Definition: pstypes.h:157
#define PROCESS_VM_READ
Definition: pstypes.h:161
#define PROCESS_VM_WRITE
Definition: pstypes.h:162
#define PROCESS_CREATE_FLAGS_INHERIT_HANDLES
Definition: pstypes.h:93
#define PROCESS_CREATE_THREAD
Definition: pstypes.h:158
#define PROCESS_PRIORITY_CLASS_NORMAL
Definition: pstypes.h:108
#define PSF_NO_DEBUG_INHERIT_BIT
Definition: pstypes.h:274
#define PROCESS_VM_OPERATION
Definition: pstypes.h:160
@ PsProcessPriorityBackground
Definition: pstypes.h:422
#define PROCESS_PRIORITY_CLASS_BELOW_NORMAL
Definition: pstypes.h:111
#define PROCESS_SET_INFORMATION
Definition: pstypes.h:165
#define PROCESS_PRIORITY_NORMAL
Definition: pstypes.h:118
#define PROCESS_CREATE_PROCESS
Definition: pstypes.h:163
#define PSF_HAS_ADDRESS_SPACE_BIT
Definition: pstypes.h:290
#define PROCESS_CREATE_FLAGS_LEGAL_MASK
Definition: pstypes.h:97
#define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT
Definition: pstypes.h:92
#define PROCESS_SET_QUOTA
Definition: pstypes.h:164
#define PROCESS_DUP_HANDLE
#define InterlockedOr
Definition: interlocked.h:224
POBJECT_TYPE LpcPortObjectType
Definition: port.c:17
#define PORT_ALL_ACCESS
Definition: lpctypes.h:47
_In_ BOOL _In_ HANDLE hProcess
Definition: mapping.h:71
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
#define SEM_NOALIGNMENTFAULTEXCEPT
Definition: rtltypes.h:71
#define SEM_FAILCRITICALERRORS
Definition: rtltypes.h:69
#define SECTION_MAP_EXECUTE
Definition: nt_native.h:1290
#define ASSERTMSG(msg, exp)
Definition: nt_native.h:431
#define PROCESS_ALL_ACCESS
Definition: nt_native.h:1324
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:827
#define Ki386PerfEnd()
Definition: ke.h:174
KAFFINITY KeActiveProcessors
Definition: krnlinit.c:23
VOID NTAPI KeInitializeProcess(struct _KPROCESS *Process, KPRIORITY Priority, KAFFINITY Affinity, PULONG_PTR DirectoryTableBase, IN BOOLEAN Enable)
NTSTATUS NTAPI MmInitializeHandBuiltProcess2(IN PEPROCESS Process)
Definition: procsup.c:1157
FORCEINLINE PMMPFN MiGetPfnEntry(IN PFN_NUMBER Pfn)
Definition: mm.h:1047
NTSTATUS NTAPI MmInitializeProcessAddressSpace(IN PEPROCESS Process, IN PEPROCESS Clone OPTIONAL, IN PVOID Section OPTIONAL, IN OUT PULONG Flags, IN POBJECT_NAME_INFORMATION *AuditName OPTIONAL)
NTSTATUS NTAPI MmCreatePeb(IN PEPROCESS Process, IN PINITIAL_PEB InitialPeb, OUT PPEB *BasePeb)
Definition: procsup.c:517
NTSTATUS NTAPI MmInitializeHandBuiltProcess(IN PEPROCESS Process, IN PULONG_PTR DirectoryTableBase)
Definition: procsup.c:1131
BOOLEAN NTAPI MmCreateProcessAddressSpace(IN ULONG MinWs, IN PEPROCESS Dest, IN PULONG_PTR DirectoryTableBase)
Definition: page.c:136
NTSTATUS NTAPI SeCreateAccessStateEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _In_ OUT PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
Definition: audit.c:34
VOID NTAPI SeAuditProcessCreate(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be created.
Definition: audit.c:56
KPRIORITY NTAPI PspComputeQuantumAndPriority(IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE Mode, OUT PUCHAR Quantum)
Definition: process.c:174
ULONG PsMaximumWorkingSet
Definition: process.c:18
ULONG PsMinimumWorkingSet
Definition: psmgr.c:54
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:150
#define STATUS_PENDING
Definition: ntstatus.h:82
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:502
VOID NTAPI ObInheritDeviceMap(IN PEPROCESS Parent, IN PEPROCESS Process)
Definition: devicemap.c:511
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
NTSTATUS NTAPI ObInitProcess(IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
Definition: obhandle.c:2090
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
ULONG ProcessCount
Definition: perfdata.c:22
NTSTATUS NTAPI PspInitializeProcessSecurity(IN PEPROCESS Process, IN PEPROCESS Parent OPTIONAL)
Definition: security.c:71
PHANDLE_TABLE PspCidTable
Definition: psmgr.c:48
NTSTATUS NTAPI PspMapSystemDll(IN PEPROCESS Process, OUT PVOID *DllBase, IN BOOLEAN UseLargePages)
VOID NTAPI PspInheritQuota(_In_ PEPROCESS Process, _In_ PEPROCESS ParentProcess)
FORCEINLINE VOID PspRunCreateProcessNotifyRoutines(IN PEPROCESS CurrentProcess, IN BOOLEAN Create)
Definition: ps_x.h:62
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:66
signed char SCHAR
Definition: sqltypes.h:14
PHANDLE_TABLE ObjectTable
Definition: pstypes.h:1286
KTHREAD Tcb
Definition: pstypes.h:1103
Definition: extypes.h:596
PVOID Object
Definition: extypes.h:599
ULONG GrantedAccess
Definition: extypes.h:606
BOOLEAN ImageUsesLargePages
Definition: pstypes.h:671
HANDLE Mutant
Definition: pstypes.h:684
PVOID Teb
Definition: ketypes.h:1807
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
#define TAG_SEPA
Definition: tag.h:156
PVOID HANDLE
Definition: typedefs.h:73
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
int32_t * PLONG
Definition: typedefs.h:58
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
Definition: halfuncs.h:174
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ObReferenceObject
Definition: obfuncs.h:204
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417

Referenced by NtCreateProcessEx(), PsCreateSystemProcess(), and PspInitPhase0().

◆ PspDeleteJob()

VOID NTAPI PspDeleteJob ( IN PVOID  ObjectBody)

Referenced by PspInitPhase0().

◆ PspDeleteProcess()

VOID NTAPI PspDeleteProcess ( IN PVOID  ObjectBody)

Definition at line 253 of file kill.c.

254{
255 PEPROCESS Process = (PEPROCESS)ObjectBody;
257 PAGED_CODE();
258 PSTRACE(PS_KILL_DEBUG, "ObjectBody: %p\n", ObjectBody);
260
261 /* Check if it has an Active Process Link */
262 if (Process->ActiveProcessLinks.Flink)
263 {
264 /* Remove it from the Active List */
266 RemoveEntryList(&Process->ActiveProcessLinks);
267 Process->ActiveProcessLinks.Flink = NULL;
268 Process->ActiveProcessLinks.Blink = NULL;
270 }
271
272 /* Check for Auditing information */
273 if (Process->SeAuditProcessCreationInfo.ImageFileName)
274 {
275 /* Free it */
276 ExFreePoolWithTag(Process->SeAuditProcessCreationInfo.ImageFileName,
277 TAG_SEPA);
278 Process->SeAuditProcessCreationInfo.ImageFileName = NULL;
279 }
280
281 /* Check if we have a job */
282 if (Process->Job)
283 {
284 /* Remove the process from the job */
286
287 /* Dereference it */
289 Process->Job = NULL;
290 }
291
292 /* Increase the stack count */
293 Process->Pcb.StackCount++;
294
295 /* Check if we have a debug port */
296 if (Process->DebugPort)
297 {
298 /* Deference the Debug Port */
299 ObDereferenceObject(Process->DebugPort);
300 Process->DebugPort = NULL;
301 }
302
303 /* Check if we have an exception port */
304 if (Process->ExceptionPort)
305 {
306 /* Deference the Exception Port */
307 ObDereferenceObject(Process->ExceptionPort);
308 Process->ExceptionPort = NULL;
309 }
310
311 /* Check if we have a section object */
312 if (Process->SectionObject)
313 {
314 /* Deference the Section Object */
315 ObDereferenceObject(Process->SectionObject);
316 Process->SectionObject = NULL;
317 }
318
319#if defined(_X86_)
320 /* Clean Ldt and Vdm objects */
323#endif
324
325 /* Delete the Object Table */
326 if (Process->ObjectTable)
327 {
328 /* Attach to the process */
330
331 /* Kill the Object Info */
333
334 /* Detach */
336 }
337
338 /* Check if we have an address space, and clean it */
339 if (Process->HasAddressSpace)
340 {
341 /* Attach to the process */
343
344 /* Clean the Address Space */
346
347 /* Detach */
349
350 /* Completely delete the Address Space */
352 }
353
354 /* See if we have a PID */
355 if (Process->UniqueProcessId)
356 {
357 /* Delete the PID */
358 if (!(ExDestroyHandle(PspCidTable, Process->UniqueProcessId, NULL)))
359 {
360 /* Something wrong happened, bugcheck */
361 KeBugCheck(CID_HANDLE_DELETION);
362 }
363 }
364
365 /* Cleanup security information */
367
368 /* Check if we have kept information on the Working Set */
369 if (Process->WorkingSetWatch)
370 {
371 /* Free it */
372 ExFreePool(Process->WorkingSetWatch);
373
374 /* And return the quota it was taking up */
376 }
377
378 /* Dereference the Device Map */
380
381 /*
382 * Dereference the quota block, the function
383 * will invoke a quota block cleanup if the
384 * block itself is no longer used by anybody.
385 */
387}
DECLSPEC_NORETURN VOID NTAPI KeBugCheck(ULONG BugCheckCode)
Definition: bug.c:1430
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
struct _EPROCESS * PEPROCESS
Definition: nt_native.h:30
BOOLEAN NTAPI ExDestroyHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PHANDLE_TABLE_ENTRY HandleTableEntry OPTIONAL)
Definition: handle.c:984
VOID NTAPI MmDeleteProcessAddressSpace(IN PEPROCESS Process)
Definition: procsup.c:1366
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1765
VOID NTAPI PspExitProcess(IN BOOLEAN LastThread, IN PEPROCESS Process)
Definition: kill.c:1075
VOID NTAPI ObKillProcess(IN PEPROCESS Process)
Definition: obhandle.c:2160
VOID NTAPI ObDereferenceDeviceMap(IN PEPROCESS Process)
Definition: devicemap.c:456
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
#define PS_KILL_DEBUG
Definition: ps.h:25
VOID NTAPI PspRemoveProcessFromJob(IN PEPROCESS Process, IN PEJOB Job)
Definition: job.c:138
#define PSREFTRACE(x)
Definition: ps.h:58
VOID NTAPI PspDereferenceQuotaBlock(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock)
De-references a quota block when quotas have been returned back because of an object de-allocation or...
Definition: quota.c:553
VOID NTAPI PspDeleteProcessSecurity(IN PEPROCESS Process)
Definition: security.c:30
KGUARDED_MUTEX PspActiveProcessMutex
Definition: process.c:23
VOID NTAPI PspDeleteLdt(PEPROCESS Process)
Definition: psldt.c:19
VOID NTAPI PspDeleteVdmObjects(PEPROCESS Process)
Definition: psldt.c:27
VOID NTAPI PsReturnProcessNonPagedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Returns the non paged quota pool that the process was taking up.
Definition: quota.c:938
KAPC_STATE
Definition: ketypes.h:1409

Referenced by PspInitPhase0().

◆ PspDeleteProcessSecurity()

VOID NTAPI PspDeleteProcessSecurity ( IN PEPROCESS  Process)

Definition at line 30 of file security.c.

31{
32 PAGED_CODE();
33 PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
34
35 /* Check if we have a token */
36 if (Process->Token.Object)
37 {
38 /* Deassign it */
40 Process->Token.Object = NULL;
41 }
42}
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
Definition: token.c:936

Referenced by PspDeleteProcess().

◆ PspDeleteThread()

VOID NTAPI PspDeleteThread ( IN PVOID  ObjectBody)

Definition at line 391 of file kill.c.

392{
393 PETHREAD Thread = (PETHREAD)ObjectBody;
394 PEPROCESS Process = Thread->ThreadsProcess;
395 PAGED_CODE();
396 PSTRACE(PS_KILL_DEBUG, "ObjectBody: %p\n", ObjectBody);
399
400 /* Check if we have a stack */
402 {
403 /* Release it */
405 Thread->Tcb.LargeStack);
406 }
407
408 /* Check if we have a CID Handle */
410 {
411 /* Delete the CID Handle */
413 {
414 /* Something wrong happened, bugcheck */
415 KeBugCheck(CID_HANDLE_DELETION);
416 }
417 }
418
419 /* Cleanup impersionation information */
421
422 /* Make sure the thread was inserted, before continuing */
423 if (!Process) return;
424
425 /* Check if the thread list is valid */
427 {
428 /* Lock the thread's process */
430 ExAcquirePushLockExclusive(&Process->ProcessLock);
431
432 /* Remove us from the list */
434
435 /* Release the lock */
436 ExReleasePushLockExclusive(&Process->ProcessLock);
438 }
439
440 /* Dereference the Process */
442}
FORCEINLINE VOID ExAcquirePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1036
FORCEINLINE VOID ExReleasePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1252
struct _ETHREAD * PETHREAD
Definition: nt_native.h:29
VOID NTAPI MmDeleteKernelStack(PVOID Stack, BOOLEAN GuiStack)
VOID NTAPI PspDeleteThreadSecurity(IN PETHREAD Thread)
Definition: security.c:46
HANDLE UniqueThread
Definition: compat.h:826
CLIENT_ID Cid
Definition: pstypes.h:1128
PVOID InitialStack
Definition: ketypes.h:1664
PVOID Win32Thread
Definition: ketypes.h:1866
PVOID StackBase
Definition: ketypes.h:1666

Referenced by PspInitPhase0().

◆ PspDeleteThreadSecurity()

VOID NTAPI PspDeleteThreadSecurity ( IN PETHREAD  Thread)

Definition at line 46 of file security.c.

47{
49 PAGED_CODE();
50 PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
51
52 /* Check if we have active impersonation info */
54 {
55 /* Dereference its token */
56 ObDereferenceObject(ImpersonationInfo->Token);
57 }
58
59 /* Check if we have impersonation info */
60 if (ImpersonationInfo)
61 {
62 /* Free it */
63 ExFreePool(ImpersonationInfo);
66 }
67}
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
Definition: pstypes.h:241
#define PspClearCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:27
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
Definition: pstypes.h:1143
ULONG ActiveImpersonationInfo
Definition: pstypes.h:1181

Referenced by PspDeleteThread().

◆ PspDereferenceQuotaBlock()

VOID NTAPI PspDereferenceQuotaBlock ( _In_opt_ PEPROCESS  Process,
_In_ PEPROCESS_QUOTA_BLOCK  QuotaBlock 
)

De-references a quota block when quotas have been returned back because of an object de-allocation or when a process gets destroyed. If the last instance that held up the block gets de-referenced the function will perform a cleanup against that block and it'll free the quota block from memory.

Parameters
[in]ProcessA pointer to a process that de-references the quota block.
[in]QuotaBlockA pointer to a quota block that is to be de-referenced. This block can come from a process that references it or an object.
Returns
Nothing.

Definition at line 553 of file quota.c.

556{
557 ULONG PsQuotaTypeIndex;
559
560 /* Make sure the quota block is not trash */
561 ASSERT(QuotaBlock);
562
563 /* Iterate over the process quota types if we have a process */
564 if (Process)
565 {
566 for (PsQuotaTypeIndex = PsNonPagedPool; PsQuotaTypeIndex < PsQuotaTypes; PsQuotaTypeIndex++)
567 {
568 /*
569 * We need to make sure that the quota usage
570 * uniquely associated with the process is 0
571 * on that moment the process gets destroyed.
572 */
573 ASSERT(Process->QuotaUsage[PsQuotaTypeIndex] == 0);
574 }
575
576 /* As the process is now gone, decrement the process count */
577 InterlockedDecrementUL(&QuotaBlock->ProcessCount);
578 }
579
580 /* If no one is using this block, begin to destroy it */
581 if (QuotaBlock != &PspDefaultQuotaBlock &&
582 InterlockedDecrementUL(&QuotaBlock->ReferenceCount) == 0)
583 {
584 /* Acquire the quota lock */
586
587 /* Return all the quotas back to Mm and remove the quota from list */
588 PspReturnQuotasOnDestroy(QuotaBlock);
589 RemoveEntryList(&QuotaBlock->QuotaList);
590
591 /* Release the lock and free the block */
594 }
595}
UCHAR KIRQL
Definition: env_spec_w32.h:591
#define KeReleaseSpinLock(sl, irql)
Definition: env_spec_w32.h:627
#define KeAcquireSpinLock(sl, irql)
Definition: env_spec_w32.h:609
#define InterlockedDecrementUL(Addend)
Definition: ex.h:1524
@ PsQuotaTypes
Definition: pstypes.h:1030
EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock
Definition: quota.c:16
static KSPIN_LOCK PspQuotaLock
Definition: quota.c:18
#define TAG_QUOTA_BLOCK
Definition: tag.h:139
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
Definition: kefuncs.h:778

Referenced by PspDeleteProcess(), and PsReturnSharedPoolQuota().

◆ PspExitProcess()

VOID NTAPI PspExitProcess ( IN BOOLEAN  LastThread,
IN PEPROCESS  Process 
)

Definition at line 1075 of file kill.c.

1077{
1078 ULONG Actual;
1079 PAGED_CODE();
1081 "LastThread: %u Process: %p\n", LastThread, Process);
1083
1084 /* Set Process Exit flag */
1086
1087 /* Check if we are the last thread */
1088 if (LastThread)
1089 {
1090 /* Notify the WMI Process Callback */
1091 //WmiTraceProcess(Process, FALSE);
1092
1093 /* Run the Notification Routines */
1095 }
1096
1097 /* Cleanup the power state */
1098 PopCleanupPowerState((PPOWER_STATE)&Process->Pcb.PowerState);
1099
1100 /* Clear the security port */
1101 if (!Process->SecurityPort)
1102 {
1103 /* So we don't double-dereference */
1104 Process->SecurityPort = (PVOID)1;
1105 }
1106 else if (Process->SecurityPort != (PVOID)1)
1107 {
1108 /* Dereference it */
1109 ObDereferenceObject(Process->SecurityPort);
1110 Process->SecurityPort = (PVOID)1;
1111 }
1112
1113 /* Check if we are the last thread */
1114 if (LastThread)
1115 {
1116 /* Check if we have to set the Timer Resolution */
1117 if (Process->SetTimerResolution)
1118 {
1119 /* Set it to default */
1121 }
1122
1123 /* Check if we are part of a Job that has a completion port */
1124 if ((Process->Job) && (Process->Job->CompletionPort))
1125 {
1126 /* FIXME: Check job status code and do I/O completion if needed */
1127 }
1128
1129 /* FIXME: Notify the Prefetcher */
1130 }
1131 else
1132 {
1133 /* Clear process' address space here */
1135 }
1136}
#define PSF_PROCESS_EXITING_BIT
Definition: pstypes.h:275
NTSYSAPI NTSTATUS NTAPI ZwSetTimerResolution(_In_ ULONG RequestedResolution, _In_ BOOLEAN SetOrUnset, _Out_ PULONG ActualResolution)
VOID NTAPI MmCleanProcessAddressSpace(IN PEPROCESS Process)
Definition: procsup.c:1267
ULONG KeMaximumIncrement
Definition: clock.c:20
PETHREAD LastThread
Definition: pinsup.c:109
VOID NTAPI PopCleanupPowerState(IN PPOWER_STATE PowerState)
Definition: power.c:164
void * PVOID
Definition: typedefs.h:50

Referenced by PspDeleteProcess(), and PspExitThread().

◆ PspExitProcessFromJob()

VOID NTAPI PspExitProcessFromJob ( IN PEJOB  Job,
IN PEPROCESS  Process 
)

Definition at line 146 of file job.c.

148{
149 /* FIXME */
150}

Referenced by PspExitThread().

◆ PspExitThread()

VOID NTAPI PspExitThread ( IN NTSTATUS  ExitStatus)

Definition at line 450 of file kill.c.

451{
452 CLIENT_DIED_MSG TerminationMsg;
454 PTEB Teb;
455 PEPROCESS CurrentProcess;
456 PETHREAD Thread, OtherThread, PreviousThread = NULL;
457 PVOID DeallocationStack;
458 SIZE_T Dummy;
459 BOOLEAN Last = FALSE;
460 PTERMINATION_PORT TerminationPort, NextPort;
461 PLIST_ENTRY FirstEntry, CurrentEntry;
462 PKAPC Apc;
463 PTOKEN PrimaryToken;
464 PAGED_CODE();
465 PSTRACE(PS_KILL_DEBUG, "ExitStatus: %d\n", ExitStatus);
466
467 /* Get the Current Thread and Process */
469 CurrentProcess = Thread->ThreadsProcess;
471
472 /* Can't terminate a thread if it attached another process */
474 {
475 /* Bugcheck */
476 KeBugCheckEx(INVALID_PROCESS_ATTACH_ATTEMPT,
477 (ULONG_PTR)CurrentProcess,
478 (ULONG_PTR)Thread->Tcb.ApcState.Process,
481 }
482
483 /* Lower to Passive Level */
485
486 /* Can't be a worker thread */
488 {
489 /* Bugcheck */
490 KeBugCheckEx(ACTIVE_EX_WORKER_THREAD_TERMINATION,
492 0,
493 0,
494 0);
495 }
496
497 /* Can't have pending APCs */
498 if (Thread->Tcb.CombinedApcDisable != 0)
499 {
500 /* Bugcheck */
501 KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
502 0,
504 0,
505 1);
506 }
507
508 /* Lock the thread */
510
511 /* Cleanup the power state */
513
514 /* Call the WMI Callback for Threads */
515 //WmiTraceThread(Thread, NULL, FALSE);
516
517 /* Run Thread Notify Routines before we desintegrate the thread */
519
520 /* Lock the Process before we modify its thread entries */
522 ExAcquirePushLockExclusive(&CurrentProcess->ProcessLock);
523
524 /* Decrease the active thread count, and check if it's 0 */
525 if (!(--CurrentProcess->ActiveThreads))
526 {
527 /* Set the delete flag */
529
530 /* Remember we are last */
531 Last = TRUE;
532
533 /* Check if this termination is due to the thread dying */
535 {
536 /* Check if the last thread was pending */
537 if (CurrentProcess->ExitStatus == STATUS_PENDING)
538 {
539 /* Use the last exit status */
540 CurrentProcess->ExitStatus = CurrentProcess->
541 LastThreadExitStatus;
542 }
543 }
544 else
545 {
546 /* Just a normal exit, write the code */
547 CurrentProcess->ExitStatus = ExitStatus;
548 }
549
550 /* Loop all the current threads */
551 FirstEntry = &CurrentProcess->ThreadListHead;
552 CurrentEntry = FirstEntry->Flink;
553 while (FirstEntry != CurrentEntry)
554 {
555 /* Get the thread on the list */
556 OtherThread = CONTAINING_RECORD(CurrentEntry,
557 ETHREAD,
558 ThreadListEntry);
559
560 /* Check if it's a thread that's still alive */
561 if ((OtherThread != Thread) &&
562 !(KeReadStateThread(&OtherThread->Tcb)) &&
563 (ObReferenceObjectSafe(OtherThread)))
564 {
565 /* It's a live thread and we referenced it, unlock process */
566 ExReleasePushLockExclusive(&CurrentProcess->ProcessLock);
568
569 /* Wait on the thread */
570 KeWaitForSingleObject(OtherThread,
571 Executive,
573 FALSE,
574 NULL);
575
576 /* Check if we had a previous thread to dereference */
577 if (PreviousThread) ObDereferenceObject(PreviousThread);
578
579 /* Remember the thread and re-lock the process */
580 PreviousThread = OtherThread;
582 ExAcquirePushLockExclusive(&CurrentProcess->ProcessLock);
583 }
584
585 /* Go to the next thread */
586 CurrentEntry = CurrentEntry->Flink;
587 }
588 }
590 {
591 /* Write down the exit status of the last thread to get killed */
592 CurrentProcess->LastThreadExitStatus = ExitStatus;
593 }
594
595 /* Unlock the Process */
596 ExReleasePushLockExclusive(&CurrentProcess->ProcessLock);
598
599 /* Check if we had a previous thread to dereference */
600 if (PreviousThread) ObDereferenceObject(PreviousThread);
601
602 /* Check if the process has a debug port and if this is a user thread */
603 if ((CurrentProcess->DebugPort) && !(Thread->SystemThread))
604 {
605 /* Notify the Debug API. */
606 Last ? DbgkExitProcess(CurrentProcess->ExitStatus) :
608 }
609
610 /* Check if this is a Critical Thread */
612 {
613 /* Break to debugger */
614 PspCatchCriticalBreak("Critical thread 0x%p (in %s) exited\n",
615 Thread,
616 CurrentProcess->ImageFileName);
617 }
618
619 /* Check if it's the last thread and this is a Critical Process */
620 if ((Last) && (CurrentProcess->BreakOnTermination))
621 {
622 /* Check if a debugger is here to handle this */
624 {
625 /* Break to debugger */
626 PspCatchCriticalBreak("Critical process 0x%p (in %s) exited\n",
627 CurrentProcess,
628 CurrentProcess->ImageFileName);
629 }
630 else
631 {
632 /* Bugcheck, we can't allow this */
633 KeBugCheckEx(CRITICAL_PROCESS_DIED,
634 (ULONG_PTR)CurrentProcess,
635 0,
636 0,
637 0);
638 }
639 }
640
641 /* Sanity check */
643
644 /* Process the Termination Ports */
645 TerminationPort = Thread->TerminationPort;
646 if (TerminationPort)
647 {
648 /* Setup the message header */
649 TerminationMsg.h.u2.ZeroInit = 0;
650 TerminationMsg.h.u2.s2.Type = LPC_CLIENT_DIED;
651 TerminationMsg.h.u1.s1.TotalLength = sizeof(TerminationMsg);
652 TerminationMsg.h.u1.s1.DataLength = sizeof(TerminationMsg) -
653 sizeof(PORT_MESSAGE);
654
655 /* Loop each port */
656 do
657 {
658 /* Save the Create Time */
659 TerminationMsg.CreateTime = Thread->CreateTime;
660
661 /* Loop trying to send message */
662 while (TRUE)
663 {
664 /* Send the LPC Message */
665 Status = LpcRequestPort(TerminationPort->Port,
666 &TerminationMsg.h);
667 if ((Status == STATUS_NO_MEMORY) ||
669 {
670 /* Wait a bit and try again */
672 continue;
673 }
674 break;
675 }
676
677 /* Dereference this LPC Port */
678 ObDereferenceObject(TerminationPort->Port);
679
680 /* Move to the next one */
681 NextPort = TerminationPort->Next;
682
683 /* Free the Termination Port Object */
684 ExFreePoolWithTag(TerminationPort, '=TsP');
685
686 /* Keep looping as long as there is a port */
687 TerminationPort = NextPort;
688 } while (TerminationPort);
689 }
691 (Thread->DeadThread)) ||
692 !(Thread->DeadThread))
693 {
694 /*
695 * This case is special and deserves some extra comments. What
696 * basically happens here is that this thread doesn't have a termination
697 * port, which means that it died before being fully created. Since we
698 * still have to notify an LPC Server, we'll use the exception port,
699 * which we know exists. However, we need to know how far the thread
700 * actually got created. We have three possibilities:
701 *
702 * - NtCreateThread returned an error really early: DeadThread is set.
703 * - NtCreateThread managed to create the thread: DeadThread is off.
704 * - NtCreateThread was creating the thread (with DeadThread set,
705 * but the thread got killed prematurely: STATUS_THREAD_IS_TERMINATING
706 * is our exit code.)
707 *
708 * For the 2 & 3rd scenarios, the thread has been created far enough to
709 * warrant notification to the LPC Server.
710 */
711
712 /* Setup the message header */
713 TerminationMsg.h.u2.ZeroInit = 0;
714 TerminationMsg.h.u2.s2.Type = LPC_CLIENT_DIED;
715 TerminationMsg.h.u1.s1.TotalLength = sizeof(TerminationMsg);
716 TerminationMsg.h.u1.s1.DataLength = sizeof(TerminationMsg) -
717 sizeof(PORT_MESSAGE);
718
719 /* Make sure the process has an exception port */
720 if (CurrentProcess->ExceptionPort)
721 {
722 /* Save the Create Time */
723 TerminationMsg.CreateTime = Thread->CreateTime;
724
725 /* Loop trying to send message */
726 while (TRUE)
727 {
728 /* Send the LPC Message */
729 Status = LpcRequestPort(CurrentProcess->ExceptionPort,
730 &TerminationMsg.h);
731 if ((Status == STATUS_NO_MEMORY) ||
733 {
734 /* Wait a bit and try again */
736 continue;
737 }
738 break;
739 }
740 }
741 }
742
743 /* Rundown Win32 Thread if there is one */
746
747 /* If we are the last thread and have a W32 Process */
748 if ((Last) && (CurrentProcess->Win32Process))
749 {
750 /* Run it down too */
751 PspW32ProcessCallout(CurrentProcess, FALSE);
752 }
753
754 /* Make sure Stack Swap is enabled */
756 {
757 /* Stack swap really shouldn't be disabled during exit! */
758 KeBugCheckEx(KERNEL_STACK_LOCKED_AT_EXIT, 0, 0, 0, 0);
759 }
760
761 /* Cancel I/O for the thread. */
763
764 /* Rundown Timers */
766
767 /* FIXME: Rundown Registry Notifications (NtChangeNotify)
768 CmNotifyRunDown(Thread); */
769
770 /* Rundown Mutexes */
772
773 /* Check if we have a TEB */
774 Teb = Thread->Tcb.Teb;
775 if (Teb)
776 {
777 /* Check if the thread is still alive */
778 if (!Thread->DeadThread)
779 {
780 /* Check if we need to free its stack */
781 if (Teb->FreeStackOnTermination)
782 {
783 /* Set the TEB's Deallocation Stack as the Base Address */
784 Dummy = 0;
785 DeallocationStack = Teb->DeallocationStack;
786
787 /* Free the Thread's Stack */
788 ZwFreeVirtualMemory(NtCurrentProcess(),
789 &DeallocationStack,
790 &Dummy,
792 }
793
794 /* Free the debug handle */
795 if (Teb->DbgSsReserved[1]) ObCloseHandle(Teb->DbgSsReserved[1],
796 UserMode);
797 }
798
799 /* Decommit the TEB */
800 MmDeleteTeb(CurrentProcess, Teb);
801 Thread->Tcb.Teb = NULL;
802 }
803
804 /* Free LPC Data */
806
807 /* Save the exit status and exit time */
810
811 /* Sanity check */
813
814 /* Check if this is the final thread or not */
815 if (Last)
816 {
817 /* Set the process exit time */
818 CurrentProcess->ExitTime = Thread->ExitTime;
819
820 /* Exit the process */
821 PspExitProcess(TRUE, CurrentProcess);
822
823 /* Get the process token and check if we need to audit */
824 PrimaryToken = PsReferencePrimaryToken(CurrentProcess);
825 if (SeDetailedAuditingWithToken(PrimaryToken))
826 {
827 /* Audit the exit */
828 SeAuditProcessExit(CurrentProcess);
829 }
830
831 /* Dereference the process token */
832 ObFastDereferenceObject(&CurrentProcess->Token, PrimaryToken);
833
834 /* Check if this is a VDM Process and rundown the VDM DPCs if so */
835 if (CurrentProcess->VdmObjects) { /* VdmRundownDpcs(CurrentProcess); */ }
836
837 /* Kill the process in the Object Manager */
838 ObKillProcess(CurrentProcess);
839
840 /* Check if we have a section object */
841 if (CurrentProcess->SectionObject)
842 {
843 /* Dereference and clear the Section Object */
844 ObDereferenceObject(CurrentProcess->SectionObject);
845 CurrentProcess->SectionObject = NULL;
846 }
847
848 /* Check if the process is part of a job */
849 if (CurrentProcess->Job)
850 {
851 /* Remove the process from the job */
852 PspExitProcessFromJob(CurrentProcess->Job, CurrentProcess);
853 }
854 }
855
856 /* Disable APCs */
858
859 /* Disable APC queueing, force a resumption */
862
863 /* Re-enable APCs */
865
866 /* Flush the User APCs */
867 FirstEntry = KeFlushQueueApc(&Thread->Tcb, UserMode);
868 if (FirstEntry)
869 {
870 /* Start with the first entry */
871 CurrentEntry = FirstEntry;
872 do
873 {
874 /* Get the APC */
875 Apc = CONTAINING_RECORD(CurrentEntry, KAPC, ApcListEntry);
876
877 /* Move to the next one */
878 CurrentEntry = CurrentEntry->Flink;
879
880 /* Rundown the APC or de-allocate it */
881 if (Apc->RundownRoutine)
882 {
883 /* Call its own routine */
884 Apc->RundownRoutine(Apc);
885 }
886 else
887 {
888 /* Do it ourselves */
889 ExFreePool(Apc);
890 }
891 }
892 while (CurrentEntry != FirstEntry);
893 }
894
895 /* Clean address space if this was the last thread */
896 if (Last) MmCleanProcessAddressSpace(CurrentProcess);
897
898 /* Call the Lego routine */
900
901 /* Flush the APC queue, which should be empty */
902 FirstEntry = KeFlushQueueApc(&Thread->Tcb, KernelMode);
903 if ((FirstEntry) || (Thread->Tcb.CombinedApcDisable != 0))
904 {
905 /* Bugcheck time */
906 KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
907 (ULONG_PTR)FirstEntry,
910 0);
911 }
912
913 /* Signal the process if this was the last thread */
914 if (Last) KeSetProcess(&CurrentProcess->Pcb, 0, FALSE);
915
916 /* Terminate the Thread from the Scheduler */
918}
VOID NTAPI DbgkExitThread(IN NTSTATUS ExitStatus)
Definition: dbgkutil.c:340
VOID NTAPI DbgkExitProcess(IN NTSTATUS ExitStatus)
Definition: dbgkutil.c:304
#define PASSIVE_LEVEL
Definition: env_spec_w32.h:693
#define KeWaitForSingleObject(pEvt, foo, a, b, c)
Definition: env_spec_w32.h:478
#define KeLowerIrql(oldIrql)
Definition: env_spec_w32.h:602
#define KeGetCurrentIrql()
Definition: env_spec_w32.h:706
#define KeDelayExecutionThread(mode, foo, t)
Definition: env_spec_w32.h:484
#define ExWaitForRundownProtectionRelease
Definition: ex.h:138
#define PSF_PROCESS_DELETE_BIT
Definition: pstypes.h:276
@ PsW32ThreadCalloutExit
Definition: pstypes.h:500
BOOLEAN KdDebuggerEnabled
Definition: kddata.c:82
VOID NTAPI LpcExitThread(IN PETHREAD Thread)
Definition: close.c:19
#define LPC_CLIENT_DIED
Definition: port.c:98
#define UserMode
Definition: asm.h:35
_In_ NTSTATUS ExitStatus
Definition: psfuncs.h:867
#define NtCurrentProcess()
Definition: nt_native.h:1657
#define MEM_RELEASE
Definition: nt_native.h:1316
VOID NTAPI ExTimerRundown(VOID)
Definition: timer.c:43
VOID NTAPI IoCancelThreadIo(IN PETHREAD Thread)
Definition: irp.c:1146
ULONG NTAPI KeForceResumeThread(IN PKTHREAD Thread)
Definition: thrdobj.c:267
ULONG NTAPI KeSetProcess(struct _KPROCESS *Process, KPRIORITY Increment, BOOLEAN InWait)
PLIST_ENTRY NTAPI KeFlushQueueApc(IN PKTHREAD Thread, IN KPROCESSOR_MODE PreviousMode)
Definition: apc.c:793
VOID NTAPI KeRundownThread(VOID)
Definition: thrdobj.c:430
BOOLEAN NTAPI KeReadStateThread(IN PKTHREAD Thread)
Definition: thrdobj.c:42
VOID NTAPI MmDeleteTeb(struct _EPROCESS *Process, PTEB Teb)
VOID NTAPI SeAuditProcessExit(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be terminated.
Definition: audit.c:77
NTSTATUS NTAPI LpcRequestPort(IN PVOID PortObject, IN PPORT_MESSAGE LpcMessage)
Definition: send.c:22
LARGE_INTEGER ShortTime
Definition: kill.c:21
VOID NTAPI PspCatchCriticalBreak(IN PCHAR Message, IN PVOID ProcessOrThread, IN PCHAR ImageName)
Definition: kill.c:27
#define STATUS_THREAD_IS_TERMINATING
Definition: ntstatus.h:311
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
BOOLEAN NTAPI KeIsAttachedProcess(VOID)
Definition: procobj.c:693
PKWIN32_THREAD_CALLOUT PspW32ThreadCallout
Definition: win32.c:19
VOID NTAPI PspExitProcessFromJob(IN PEJOB Job, IN PEPROCESS Process)
Definition: job.c:146
PKWIN32_PROCESS_CALLOUT PspW32ProcessCallout
Definition: win32.c:18
FORCEINLINE VOID PspRunLegoRoutine(IN PKTHREAD Thread)
Definition: ps_x.h:103
FORCEINLINE VOID PspRunCreateThreadNotifyRoutines(IN PETHREAD CurrentThread, IN BOOLEAN Create)
Definition: ps_x.h:40
PORT_MESSAGE h
Definition: lpctypes.h:269
LARGE_INTEGER CreateTime
Definition: lpctypes.h:270
PVOID SectionObject
Definition: pstypes.h:1304
LIST_ENTRY ThreadListHead
Definition: pstypes.h:1329
PVOID VdmObjects
Definition: pstypes.h:1312
NTSTATUS ExitStatus
Definition: pstypes.h:1437
PVOID DebugPort
Definition: pstypes.h:1275
KPROCESS Pcb
Definition: pstypes.h:1262
EX_FAST_REF Token
Definition: pstypes.h:1287
struct _EJOB * Job
Definition: pstypes.h:1303
EX_PUSH_LOCK ProcessLock
Definition: pstypes.h:1263
ULONG Flags
Definition: pstypes.h:1435
PVOID * Win32Process
Definition: pstypes.h:1302
NTSTATUS LastThreadExitStatus
Definition: pstypes.h:1343
CHAR ImageFileName[16]
Definition: pstypes.h:1326
LARGE_INTEGER ExitTime
Definition: pstypes.h:1265
ULONG BreakOnTermination
Definition: pstypes.h:1405
ULONG ActiveThreads
Definition: pstypes.h:1336
LARGE_INTEGER ExitTime
Definition: pstypes.h:1107
NTSTATUS ExitStatus
Definition: pstypes.h:1113
EX_RUNDOWN_REF RundownProtect
Definition: pstypes.h:1159
struct _TERMINATION_PORT * TerminationPort
Definition: pstypes.h:1119
ULONG ActiveExWorker
Definition: pstypes.h:1200
LARGE_INTEGER CreateTime
Definition: pstypes.h:1104
ULONG BreakOnTermination
Definition: pstypes.h:1184
ULONG SystemThread
Definition: pstypes.h:1182
Definition: ketypes.h:547
ULONG CombinedApcDisable
Definition: ketypes.h:1883
UCHAR ApcStateIndex
Definition: ketypes.h:1942
PVOID LegoData
Definition: ketypes.h:1997
ULONG EnableStackSwap
Definition: ketypes.h:1729
KAPC_STATE ApcState
Definition: ketypes.h:1778
ULONG ApcQueueable
Definition: ketypes.h:1711
Definition: compat.h:836
PVOID DbgSsReserved[2]
Definition: compat.h:883
PVOID DeallocationStack
Definition: compat.h:878
struct _TERMINATION_PORT * Next
Definition: pstypes.h:1080
VOID NTAPI KeTerminateThread(IN KPRIORITY Increment)
Definition: thrdobj.c:1367
ULONG_PTR SIZE_T
Definition: typedefs.h:80
@ Executive
Definition: ketypes.h:415

Referenced by PsExitSpecialApc(), and PspTerminateThreadByPointer().

◆ PspGetOrSetContextKernelRoutine()

VOID NTAPI PspGetOrSetContextKernelRoutine ( IN PKAPC  Apc,
IN OUT PKNORMAL_ROUTINE NormalRoutine,
IN OUT PVOID NormalContext,
IN OUT PVOID SystemArgument1,
IN OUT PVOID SystemArgument2 
)

Definition at line 38 of file psctx.c.

43{
45}
#define UNIMPLEMENTED
Definition: debug.h:118

Referenced by PsGetContextThread(), and PsSetContextThread().

◆ PspInheritQuota()

VOID NTAPI PspInheritQuota ( _In_ PEPROCESS  Process,
_In_ PEPROCESS  ParentProcess 
)

Referenced by PspCreateProcess().

◆ PspInitializeJobStructures()

VOID NTAPI PspInitializeJobStructures ( VOID  )

Definition at line 111 of file job.c.

112{
115}
static FAST_MUTEX PsJobListLock
Definition: job.c:23
LIST_ENTRY PsJobListHead
Definition: job.c:22
FORCEINLINE VOID ExInitializeFastMutex(_Out_ PFAST_MUTEX FastMutex)
Definition: exfuncs.h:274

Referenced by PspInitPhase0().

◆ PspInitializeProcessSecurity()

NTSTATUS NTAPI PspInitializeProcessSecurity ( IN PEPROCESS  Process,
IN PEPROCESS Parent  OPTIONAL 
)

Definition at line 71 of file security.c.

73{
75 PTOKEN NewToken, ParentToken;
76 PAGED_CODE();
77 PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
78
79 /* If we have a parent, then duplicate the Token */
80 if (Parent)
81 {
82 /* Get the Parent Token */
83 ParentToken = PsReferencePrimaryToken(Parent);
84
85 /* Duplicate it */
86 Status = SeSubProcessToken(ParentToken,
87 &NewToken,
88 TRUE,
90
91 /* Dereference the Parent */
92 ObFastDereferenceObject(&Parent->Token, ParentToken);
93
94 /* Set the new Token */
95 if (NT_SUCCESS(Status))
96 {
97 /* Initailize the fast reference */
98 ObInitializeFastReference(&Process->Token, NewToken);
99 }
100 }
101 else
102 {
103 /* No parent, assign the Boot Token */
106 }
107
108 /* Return to caller */
109 return Status;
110}
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
Definition: session.c:179
NTSTATUS NTAPI SeSubProcessToken(_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
Subtracts a token in exchange of duplicating a new one.
Definition: token.c:1373
VOID NTAPI SeAssignPrimaryToken(IN PEPROCESS Process, IN PTOKEN Token)
PTOKEN PspBootAccessToken
Definition: security.c:17
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107

Referenced by PspCreateProcess().

◆ PspIsProcessExiting()

BOOLEAN NTAPI PspIsProcessExiting ( IN PEPROCESS  Process)

Definition at line 1068 of file kill.c.

1069{
1070 return Process->Flags & PSF_PROCESS_EXITING_BIT;
1071}

Referenced by MmpPageOutPhysicalAddress().

◆ PspMapSystemDll()

NTSTATUS NTAPI PspMapSystemDll ( IN PEPROCESS  Process,
OUT PVOID DllBase,
IN BOOLEAN  UseLargePages 
)

Referenced by PspCreateProcess().

◆ PspReapRoutine()

VOID NTAPI PspReapRoutine ( IN PVOID  Context)

Definition at line 167 of file kill.c.

168{
169 PSINGLE_LIST_ENTRY NextEntry;
171 PSTRACE(PS_KILL_DEBUG, "Context: %p\n", Context);
172
173 /* Start main loop */
174 do
175 {
176 /* Write magic value and return the next entry to process */
178 (PVOID)1);
179 ASSERT((NextEntry != NULL) && (NextEntry != (PVOID)1));
180
181 /* Start inner loop */
182 do
183 {
184 /* Get the first Thread Entry */
185 Thread = CONTAINING_RECORD(NextEntry, ETHREAD, ReaperLink);
186
187 /* Delete this entry's kernel stack */
189 Thread->Tcb.LargeStack);
191
192 /* Move to the next entry */
193 NextEntry = NextEntry->Next;
194
195 /* Dereference this thread */
197 } while ((NextEntry != NULL) && (NextEntry != (PVOID)1));
198
199 /* Remove magic value, keep looping if it got changed */
201 NULL,
202 (PVOID)1) != (PVOID)1);
203}
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
LIST_ENTRY PspReaperListHead
Definition: kill.c:19
Definition: ntbasedef.h:628
struct _SINGLE_LIST_ENTRY * Next
Definition: ntbasedef.h:629

Referenced by PspInitPhase0().

◆ PspRemoveProcessFromJob()

VOID NTAPI PspRemoveProcessFromJob ( IN PEPROCESS  Process,
IN PEJOB  Job 
)

Definition at line 138 of file job.c.

140{
141 /* FIXME */
142}

Referenced by PspDeleteProcess().

◆ PspSetPrimaryToken()

NTSTATUS NTAPI PspSetPrimaryToken ( IN PEPROCESS  Process,
IN HANDLE TokenHandle  OPTIONAL,
IN PACCESS_TOKEN Token  OPTIONAL 
)

Definition at line 215 of file security.c.

218{
220 BOOLEAN IsChildOrSibling;
221 PACCESS_TOKEN NewToken = Token;
223 BOOLEAN Result, SdAllocated;
226
227 PSTRACE(PS_SECURITY_DEBUG, "Process: %p Token: %p\n", Process, Token);
228
229 /* Reference the token by handle if we don't already have a token object */
230 if (!Token)
231 {
236 (PVOID*)&NewToken,
237 NULL);
238 if (!NT_SUCCESS(Status)) return Status;
239 }
240
241 /*
242 * Check whether this token is a child or sibling of the current process token.
243 * NOTE: On Windows Vista+ both of these checks (together with extra steps)
244 * are now performed by a new SeIsTokenAssignableToProcess() helper.
245 */
246 Status = SeIsTokenChild(NewToken, &IsChildOrSibling);
247 if (!NT_SUCCESS(Status))
248 {
249 /* Failed, dereference */
250 if (!Token) ObDereferenceObject(NewToken);
251 return Status;
252 }
253 if (!IsChildOrSibling)
254 {
255 Status = SeIsTokenSibling(NewToken, &IsChildOrSibling);
256 if (!NT_SUCCESS(Status))
257 {
258 /* Failed, dereference */
259 if (!Token) ObDereferenceObject(NewToken);
260 return Status;
261 }
262 }
263
264 /* Check if this was an independent token */
265 if (!IsChildOrSibling)
266 {
267 /* Make sure we have the privilege to assign a new one */
270 {
271 /* Failed, dereference */
272 if (!Token) ObDereferenceObject(NewToken);
274 }
275 }
276
277 /* Assign the token */
279 if (NT_SUCCESS(Status))
280 {
281 /*
282 * We need to completely reverify if the process still has access to
283 * itself under this new token.
284 */
287 &SdAllocated);
288 if (NT_SUCCESS(Status))
289 {
290 /* Setup the security context */
291 SubjectContext.ProcessAuditId = Process;
293 SubjectContext.ClientToken = NULL;
294
295 /* Do the access check */
298 FALSE,
300 0,
301 NULL,
304 &Process->GrantedAccess,
305 &AccessStatus);
306
307 /* Dereference the token and let go the SD */
309 SubjectContext.PrimaryToken);
311
312 /* Remove access if it failed */
313 if (!Result) Process->GrantedAccess = 0;
314
315 /* Setup granted access */
316 Process->GrantedAccess |= (PROCESS_VM_OPERATION |
327 }
328
329 /*
330 * In case LUID device maps are enable, we may not be using
331 * system device map for this process, but a logon LUID based
332 * device map. Because we change primary token, this usage is
333 * no longer valid, so dereference the process device map
334 */
336 }
337
338 /* Dereference the token */
339 if (!Token) ObDereferenceObject(NewToken);
340 return Status;
341}
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:22
NTSTATUS NTAPI SeIsTokenSibling(_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
Checks if the token is a sibling of the other token of the current process that the calling thread is...
Definition: token.c:1482
NTSTATUS NTAPI SeIsTokenChild(_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
Checks if the token is a child of the other token of the current process that the calling thread is i...
Definition: token.c:1433
NTSTATUS NTAPI PspAssignPrimaryToken(IN PEPROCESS Process, IN HANDLE Token, IN PACCESS_TOKEN AccessToken OPTIONAL)
Definition: security.c:178
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
Definition: devicemap.c:662
#define TOKEN_ASSIGN_PRIMARY
Definition: setypes.h:925

Referenced by NtSetInformationProcess().

◆ PspSetQuotaLimits()

NTSTATUS NTAPI PspSetQuotaLimits ( _In_ PEPROCESS  Process,
_In_ ULONG  Unused,
_In_ PVOID  QuotaLimits,
_In_ ULONG  QuotaLimitsLength,
_In_ KPROCESSOR_MODE  PreviousMode 
)

This function adjusts the working set limits of a process and sets up new quota limits when necessary. The function is used when the caller requests to set up new working set sizes.

Parameters
[in]ProcessThe process which quota limits or working set sizes are to be changed.
[in]UnusedThis parameter is unused.
[in]QuotaLimitsAn arbitrary pointer that points to a quota limits structure, needed to determine on setting up new working set sizes.
[in]QuotaLimitsLengthThe length of QuotaLimits buffer, which size is expressed in bytes.
[in]PreviousModeThe processor level access mode.
Returns
Returns STATUS_SUCCESS if the function has completed successfully. STATUS_INVALID_PARAMETER is returned if the caller has given a quota limits structure with invalid data. STATUS_INFO_LENGTH_MISMATCH is returned if the length of QuotaLimits pointed by QuotaLimitsLength is not right. STATUS_PRIVILEGE_NOT_HELD is returned if the calling thread of the process doesn't hold the necessary right privilege to increase quotas. STATUS_NO_MEMORY is returned if a memory pool allocation has failed. A failure NTSTATUS code is returned otherwise.

Definition at line 1045 of file quota.c.

1051{
1052 QUOTA_LIMITS_EX CapturedQuotaLimits;
1053 PEPROCESS_QUOTA_BLOCK QuotaBlock, OldQuotaBlock;
1054 BOOLEAN IncreaseOkay;
1055 KAPC_STATE SavedApcState;
1057
1059
1060 _SEH2_TRY
1061 {
1062 ProbeForRead(QuotaLimits, QuotaLimitsLength, sizeof(ULONG));
1063
1064 /* Check if we have the basic or extended structure */
1065 if (QuotaLimitsLength == sizeof(QUOTA_LIMITS))
1066 {
1067 /* Copy the basic structure, zero init the remaining fields */
1068 RtlCopyMemory(&CapturedQuotaLimits, QuotaLimits, sizeof(QUOTA_LIMITS));
1069 CapturedQuotaLimits.WorkingSetLimit = 0;
1070 CapturedQuotaLimits.Reserved2 = 0;
1071 CapturedQuotaLimits.Reserved3 = 0;
1072 CapturedQuotaLimits.Reserved4 = 0;
1073 CapturedQuotaLimits.CpuRateLimit.RateData = 0;
1074 CapturedQuotaLimits.Flags = 0;
1075 }
1076 else if (QuotaLimitsLength == sizeof(QUOTA_LIMITS_EX))
1077 {
1078 /* Copy the full structure */
1079 RtlCopyMemory(&CapturedQuotaLimits, QuotaLimits, sizeof(QUOTA_LIMITS_EX));
1080
1081 /* Verify that the caller passed valid flags */
1082 if ((CapturedQuotaLimits.Flags & ~VALID_QUOTA_FLAGS) ||
1083 ((CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MIN_ENABLE) &&
1084 (CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MIN_DISABLE)) ||
1085 ((CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MAX_ENABLE) &&
1086 (CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MAX_DISABLE)))
1087 {
1088 DPRINT1("Invalid quota flags: 0x%lx\n", CapturedQuotaLimits.Flags);
1090 }
1091
1092 /* Verify that the caller didn't pass reserved values */
1093 if ((CapturedQuotaLimits.WorkingSetLimit != 0) ||
1094 (CapturedQuotaLimits.Reserved2 != 0) ||
1095 (CapturedQuotaLimits.Reserved3 != 0) ||
1096 (CapturedQuotaLimits.Reserved4 != 0) ||
1097 (CapturedQuotaLimits.CpuRateLimit.RateData != 0))
1098 {
1099 DPRINT1("Invalid value: (%lx,%lx,%lx,%lx,%lx)\n",
1100 CapturedQuotaLimits.WorkingSetLimit,
1101 CapturedQuotaLimits.Reserved2,
1102 CapturedQuotaLimits.Reserved3,
1103 CapturedQuotaLimits.Reserved4,
1104 CapturedQuotaLimits.CpuRateLimit.RateData);
1106 }
1107 }
1108 else
1109 {
1110 DPRINT1("Invalid quota size: 0x%lx\n", QuotaLimitsLength);
1112 }
1113 }
1115 {
1116 DPRINT1("Exception while copying data\n");
1118 }
1119 _SEH2_END;
1120
1121 /* Check the caller changes the working set size limits */
1122 if ((CapturedQuotaLimits.MinimumWorkingSetSize != 0) &&
1123 (CapturedQuotaLimits.MaximumWorkingSetSize != 0))
1124 {
1125 /* Check for special case: trimming the WS */
1126 if ((CapturedQuotaLimits.MinimumWorkingSetSize == SIZE_T_MAX) &&
1127 (CapturedQuotaLimits.MaximumWorkingSetSize == SIZE_T_MAX))
1128 {
1129 /* No increase allowed */
1130 IncreaseOkay = FALSE;
1131 }
1132 else
1133 {
1134 /* Check if the caller has the required privilege */
1136 PreviousMode);
1137 }
1138
1139 /* Attach to the target process and disable APCs */
1140 KeStackAttachProcess(&Process->Pcb, &SavedApcState);
1142
1143 /* Call Mm to adjust the process' working set size */
1145 CapturedQuotaLimits.MaximumWorkingSetSize,
1146 0,
1147 IncreaseOkay);
1148
1149 /* Bring back APCs and detach from the process */
1151 KeUnstackDetachProcess(&SavedApcState);
1152 }
1153 else if (Process->QuotaBlock == &PspDefaultQuotaBlock)
1154 {
1155 /* Check if the caller has the required privilege */
1157 {
1159 }
1160
1161 /* Allocate a new quota block */
1163 sizeof(EPROCESS_QUOTA_BLOCK),
1165 if (QuotaBlock == NULL)
1166 {
1168 return STATUS_NO_MEMORY;
1169 }
1170
1171 /* Initialize the quota block */
1172 QuotaBlock->ReferenceCount = 1;
1173 QuotaBlock->ProcessCount = 1;
1174 QuotaBlock->QuotaEntry[PsNonPagedPool].Peak = Process->QuotaPeak[PsNonPagedPool];
1175 QuotaBlock->QuotaEntry[PsPagedPool].Peak = Process->QuotaPeak[PsPagedPool];
1176 QuotaBlock->QuotaEntry[PsPageFile].Peak = Process->QuotaPeak[PsPageFile];
1180
1181 /* Try to exchange the quota block, if that failed, just drop it */
1182 OldQuotaBlock = InterlockedCompareExchangePointer((PVOID*)&Process->QuotaBlock,
1183 QuotaBlock,
1185 if (OldQuotaBlock == &PspDefaultQuotaBlock)
1186 {
1187 /* Success, insert the new quota block */
1188 PspInsertQuotaBlock(QuotaBlock);
1189 }
1190 else
1191 {
1192 /* Failed, free the quota block and ignore it */
1194 }
1195
1197 }
1198 else
1199 {
1201 }
1202
1203 return Status;
1204}
#define SIZE_T_MAX
Definition: dhcpd.h:91
#define NonPagedPool
Definition: env_spec_w32.h:307
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define QUOTA_LIMITS_HARDWS_MIN_DISABLE
#define QUOTA_LIMITS_HARDWS_MAX_DISABLE
#define QUOTA_LIMITS_HARDWS_MAX_ENABLE
#define QUOTA_LIMITS_HARDWS_MIN_ENABLE
#define KeLeaveGuardedRegion()
Definition: ke_x.h:68
#define KeEnterGuardedRegion()
Definition: ke_x.h:39
#define Unused(x)
Definition: atlwin.h:28
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317
NTSTATUS NTAPI MmAdjustWorkingSetSize(IN SIZE_T WorkingSetMinimumInBytes, IN SIZE_T WorkingSetMaximumInBytes, IN ULONG SystemCache, IN BOOLEAN IncreaseOkay)
Definition: mmsup.c:44
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:24
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define VALID_QUOTA_FLAGS
Definition: quota.c:20
VOID NTAPI PspInsertQuotaBlock(_In_ PEPROCESS_QUOTA_BLOCK QuotaBlock)
Inserts the new quota block into the quota list.
Definition: quota.c:518
EPROCESS_QUOTA_ENTRY QuotaEntry[PsQuotaTypes]
Definition: pstypes.h:1046
SIZE_T Limit
Definition: pstypes.h:1039
SIZE_T Peak
Definition: pstypes.h:1040
SIZE_T MaximumWorkingSetSize
Definition: pstypes.h:71
SIZE_T WorkingSetLimit
Definition: pstypes.h:74
SIZE_T Reserved3
Definition: pstypes.h:76
SIZE_T Reserved4
Definition: pstypes.h:77
RATE_QUOTA_LIMIT CpuRateLimit
Definition: pstypes.h:79
SIZE_T MinimumWorkingSetSize
Definition: pstypes.h:70
SIZE_T Reserved2
Definition: pstypes.h:75
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
ULONG RateData
Definition: pstypes.h:60

Referenced by NtSetInformationProcess().

◆ PspShutdownProcessManager()

VOID NTAPI PspShutdownProcessManager ( VOID  )

Definition at line 135 of file kill.c.

136{
138
139 /* Loop every process */
141 while (Process)
142 {
143 /* Make sure this isn't the idle or initial process */
145 {
146 /* Kill it */
148 }
149
150 /* Get the next process */
152 }
153}
NTSTATUS NTAPI PspTerminateProcess(IN PEPROCESS Process, IN NTSTATUS ExitStatus)
Definition: kill.c:79
#define STATUS_SYSTEM_SHUTDOWN
Definition: ntstatus.h:855
PEPROCESS NTAPI PsGetNextProcess(IN PEPROCESS OldProcess OPTIONAL)
Definition: process.c:128
PEPROCESS PsIdleProcess
Definition: psmgr.c:51

◆ PspSystemThreadStartup()

VOID NTAPI PspSystemThreadStartup ( PKSTART_ROUTINE  StartRoutine,
PVOID  StartContext 
)

◆ PspTerminateThreadByPointer()

NTSTATUS NTAPI PspTerminateThreadByPointer ( IN PETHREAD  Thread,
IN NTSTATUS  ExitStatus,
IN BOOLEAN  bSelf 
)

Definition at line 988 of file kill.c.

991{
992 PKAPC Apc;
994 ULONG Flags;
995 PAGED_CODE();
996 PSTRACE(PS_KILL_DEBUG, "Thread: %p ExitStatus: %d\n", Thread, ExitStatus);
998
999 /* Check if this is a Critical Thread, and Bugcheck */
1001 {
1002 /* Break to debugger */
1003 PspCatchCriticalBreak("Terminating critical thread 0x%p (%s)\n",
1004 Thread,
1005 Thread->ThreadsProcess->ImageFileName);
1006 }
1007
1008 /* Check if we are already inside the thread */
1009 if ((bSelf) || (PsGetCurrentThread() == Thread))
1010 {
1011 /* This should only happen at passive */
1013
1014 /* Mark it as terminated */
1016
1017 /* Directly terminate the thread */
1019 }
1020
1021 /* This shouldn't be a system thread */
1023
1024 /* Allocate the APC */
1026 if (!Apc) return STATUS_INSUFFICIENT_RESOURCES;
1027
1028 /* Set the Terminated Flag */
1030
1031 /* Set it, and check if it was already set while we were running */
1034 {
1035 /* Initialize a Kernel Mode APC to Kill the Thread */
1036 KeInitializeApc(Apc,
1037 &Thread->Tcb,
1042 KernelMode,
1044
1045 /* Insert it into the APC Queue */
1046 if (!KeInsertQueueApc(Apc, Apc, NULL, 2))
1047 {
1048 /* The APC was already in the queue, fail */
1050 }
1051 else
1052 {
1053 /* Forcefully resume the thread and return */
1055 return Status;
1056 }
1057 }
1058
1059 /* We failed, free the APC */
1061
1062 /* Return Status */
1063 return Status;
1064}
#define InterlockedExchange
Definition: armddk.h:54
#define ASSERT_IRQL_EQUAL(x)
Definition: debug.h:43
#define UlongToPtr(u)
Definition: config.h:106
#define CT_TERMINATED_BIT
Definition: pstypes.h:238
@ OriginalApcEnvironment
Definition: ketypes.h:767
BOOLEAN NTAPI KeInsertQueueApc(IN PKAPC Apc, IN PVOID SystemArgument1, IN PVOID SystemArgument2, IN KPRIORITY PriorityBoost)
Definition: apc.c:735
VOID NTAPI KeInitializeApc(IN PKAPC Apc, IN PKTHREAD Thread, IN KAPC_ENVIRONMENT TargetEnvironment, IN PKKERNEL_ROUTINE KernelRoutine, IN PKRUNDOWN_ROUTINE RundownRoutine OPTIONAL, IN PKNORMAL_ROUTINE NormalRoutine, IN KPROCESSOR_MODE Mode, IN PVOID Context)
Definition: apc.c:651
VOID NTAPI PspExitNormalApc(IN PVOID NormalContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2)
Definition: kill.c:947
VOID NTAPI PspExitThread(IN NTSTATUS ExitStatus)
Definition: kill.c:450
VOID NTAPI PsExitSpecialApc(IN PKAPC Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine, IN OUT PVOID *NormalContext, IN OUT PVOID *SystemArgument1, IN OUT PVOID *SystemArgument2)
Definition: kill.c:922
VOID NTAPI PspExitApcRundown(IN PKAPC Apc)
Definition: kill.c:157
#define PspSetCrossThreadFlag(Thread, Flag)
Definition: ps_x.h:25
ULONG CrossThreadFlags
Definition: pstypes.h:1194
#define TAG_TERMINATE_APC
Definition: tag.h:135
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132

Referenced by NtTerminateProcess(), NtTerminateThread(), PspSystemThreadStartup(), PspTerminateProcess(), PspUserThreadStartup(), and PsTerminateSystemThread().

◆ PsReferenceEffectiveToken()

PACCESS_TOKEN NTAPI PsReferenceEffectiveToken ( IN PETHREAD  Thread,
OUT IN PTOKEN_TYPE  TokenType,
OUT PBOOLEAN  EffectiveOnly,
OUT PSECURITY_IMPERSONATION_LEVEL  ImpersonationLevel 
)

Definition at line 802 of file security.c.

806{
809
810 PAGED_CODE();
811
813 "Thread: %p, TokenType: %p\n", Thread, TokenType);
814
815 /* Check if we don't have impersonation info */
816 Process = Thread->ThreadsProcess;
818 {
819 /* Lock the Process */
821
822 /* Make sure impersonation is still active */
824 {
825 /* Get the token */
828
829 /* Return data to caller */
833
834 /* Unlock the Process */
836 return Token;
837 }
838
839 /* Unlock the Process */
841 }
842
843 /* Fast Reference the Token */
845
846 /* Check if we got the Token or if we got locked */
847 if (!Token)
848 {
849 /* Lock the Process */
851
852 /* Do a Locked Fast Reference */
854
855 /* Unlock the Process */
857 }
858
859 /* Return the token */
862 // NOTE: ImpersonationLevel is left untouched on purpose!
863 return Token;
864}
@ TokenImpersonation
Definition: imports.h:274
@ TokenPrimary
Definition: imports.h:273
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:410
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
PVOID FASTCALL ObFastReferenceObject(IN PEX_FAST_REF FastRef)
Definition: obref.c:132
PVOID FASTCALL ObFastReferenceObjectLocked(IN PEX_FAST_REF FastRef)
Definition: obref.c:119
FORCEINLINE VOID PspUnlockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:122
FORCEINLINE VOID PspLockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:111
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: pstypes.h:1072
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156

Referenced by SeCreateClientSecurity().

◆ PsReferenceProcessFilePointer()

NTSTATUS NTAPI PsReferenceProcessFilePointer ( IN PEPROCESS  Process,
OUT PFILE_OBJECT FileObject 
)

Definition at line 24 of file query.c.

26{
27 PSECTION Section;
28 PAGED_CODE();
29
30 /* Lock the process */
31 if (!ExAcquireRundownProtection(&Process->RundownProtect))
32 {
34 }
35
36 /* Get the section */
37 Section = Process->SectionObject;
38 if (Section)
39 {
40 /* Get the file object and reference it */
43 }
44
45 /* Release the protection */
46 ExReleaseRundownProtection(&Process->RundownProtect);
47
48 /* Return status */
49 return Section ? STATUS_SUCCESS : STATUS_UNSUCCESSFUL;
50}
PFILE_OBJECT NTAPI MmGetFileObjectForSection(IN PVOID Section)
Definition: section.c:1737
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:550

Referenced by SeLocateProcessImageName().

◆ PsResumeThread()

NTSTATUS NTAPI PsResumeThread ( IN PETHREAD  Thread,
OUT PULONG PreviousCount  OPTIONAL 
)

Definition at line 32 of file state.c.

34{
35 ULONG OldCount;
36 PAGED_CODE();
37
38 /* Resume the thread */
39 OldCount = KeResumeThread(&Thread->Tcb);
40
41 /* Return the count if asked */
42 if (PreviousCount) *PreviousCount = OldCount;
43 return STATUS_SUCCESS;
44}
ULONG NTAPI KeResumeThread(IN PKTHREAD Thread)
Definition: thrdobj.c:388

Referenced by DbgkpPostFakeThreadMessages(), DbgkpWakeTarget(), and NtResumeThread().

◆ PsReturnProcessPageFileQuota()

NTSTATUS NTAPI PsReturnProcessPageFileQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Returns the page file quota that the process was taking up. The function is used exclusively by the kernel.

Parameters
[in]ProcessThe process which pagefile quota is to be returned.
[in]AmountThe amount of quotas to return from a process.
Returns
Returns STATUS_SUCCESS.

Definition at line 993 of file quota.c.

996{
997 /* Don't do anything for the system process */
999
1001 return STATUS_SUCCESS;
1002}

◆ PsReturnSharedPoolQuota()

VOID NTAPI PsReturnSharedPoolQuota ( _In_ PEPROCESS_QUOTA_BLOCK  QuotaBlock,
_In_ SIZE_T  AmountToReturnPaged,
_In_ SIZE_T  AmountToReturnNonPaged 
)

Returns the shared (paged and non paged) pool quotas. The function is used exclusively by the Object Manager to manage quota returns handling of objects.

Parameters
[in]QuotaBlockThe quota block which quotas are to be returned.
[in]AmountToReturnPagedThe amount of paged quotas quotas to be returned.
[in]AmountToReturnNonPagedThe amount of non paged quotas to be returned.
Returns
Nothing.

Definition at line 621 of file quota.c.

625{
626 /* Sanity check */
627 ASSERT(QuotaBlock);
628
629 /* Return the pool quotas if there're any */
630 if (AmountToReturnPaged != 0)
631 {
632 PspReturnProcessQuotaSpecifiedPool(NULL, QuotaBlock, PsPagedPool, AmountToReturnPaged);
633 }
634
635 if (AmountToReturnNonPaged != 0)
636 {
637 PspReturnProcessQuotaSpecifiedPool(NULL, QuotaBlock, PsNonPagedPool, AmountToReturnNonPaged);
638 }
639
640 DPRINT("PsReturnSharedPoolQuota(): Amount returned back (paged %lu -- non paged %lu)\n", AmountToReturnPaged, AmountToReturnNonPaged);
641
642 /* Dereference the quota block */
643 PspDereferenceQuotaBlock(NULL, QuotaBlock);
644}
VOID NTAPI PspDereferenceQuotaBlock(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock)
De-references a quota block when quotas have been returned back because of an object de-allocation or...
Definition: quota.c:553

Referenced by ObpDeallocateObject().

◆ PsSuspendThread()

NTSTATUS NTAPI PsSuspendThread ( IN PETHREAD  Thread,
OUT PULONG PreviousCount  OPTIONAL 
)

Definition at line 48 of file state.c.

51{
53 ULONG OldCount = 0;
54 PAGED_CODE();
55
56 /* Assume success */
58
59 /* Check if we're suspending ourselves */
61 {
62 /* Guard with SEH because KeSuspendThread can raise an exception */
64 {
65 /* Do the suspend */
66 OldCount = KeSuspendThread(&Thread->Tcb);
67 }
69 {
70 /* Get the exception code */
72 }
74 }
75 else
76 {
77 /* Acquire rundown protection */
79 {
80 /* Make sure the thread isn't terminating */
81 if (Thread->Terminated)
82 {
83 /* Fail */
85 }
86 else
87 {
88 /* Guard with SEH because KeSuspendThread can raise an exception */
90 {
91 /* Do the suspend */
92 OldCount = KeSuspendThread(&Thread->Tcb);
93 }
95 {
96 /* Get the exception code */
98 }
100
101 /* Check if it was terminated during the suspend */
102 if (Thread->Terminated)
103 {
104 /* Wake it back up and fail */
107 OldCount = 0;
108 }
109 }
110
111 /* Release rundown protection */
113 }
114 else
115 {
116 /* Thread is terminating */
118 }
119 }
120
121 /* Write back the previous count */
122 if (PreviousCount) *PreviousCount = OldCount;
123 return Status;
124}
ULONG NTAPI KeSuspendThread(PKTHREAD Thread)
Definition: thrdobj.c:601
#define STATUS_SUSPEND_COUNT_EXCEEDED
Definition: ntstatus.h:310
ULONG Terminated
Definition: pstypes.h:1174

Referenced by DbgkpPostFakeThreadMessages(), NtSuspendThread(), and PsSuspendProcess().

◆ PsTerminateProcess()

NTSTATUS NTAPI PsTerminateProcess ( IN PEPROCESS  Process,
IN NTSTATUS  ExitStatus 
)

Definition at line 126 of file kill.c.

128{
129 /* Call the internal API */
131}

Referenced by DbgkpCloseObject(), and ExpDebuggerWorker().

Variable Documentation

◆ _PsProcessType

POBJECT_TYPE _PsProcessType

Definition at line 473 of file ps.h.

◆ _PsThreadType

POBJECT_TYPE _PsThreadType
extern

◆ PsActiveProcessHead

LIST_ENTRY PsActiveProcessHead
extern

Definition at line 22 of file process.c.

Referenced by KdbpCmdProc(), PsGetNextProcess(), PspCreateProcess(), and PspInitPhase0().

◆ PsDefaultSystemLocaleId

LCID PsDefaultSystemLocaleId
extern

◆ PsDefaultThreadLocaleId

LCID PsDefaultThreadLocaleId
extern

◆ PsIdleProcess

PEPROCESS PsIdleProcess
extern

◆ PsImageNotifyEnabled

BOOLEAN PsImageNotifyEnabled
extern

Definition at line 18 of file psnotify.c.

Referenced by DbgkCreateThread(), MmLoadSystemImage(), and PsSetLoadImageNotifyRoutine().

◆ PsJobType

POBJECT_TYPE PsJobType
extern

Definition at line 20 of file job.c.

Referenced by PspInitPhase0(), and TestObjectTypes().

◆ PsLoadedModuleList

◆ PsLoadedModuleResource

◆ PsLoadedModuleSpinLock

KSPIN_LOCK PsLoadedModuleSpinLock
extern

◆ PsNtDllPathName

UNICODE_STRING PsNtDllPathName
extern

Definition at line 45 of file psmgr.c.

Referenced by DbgkCreateThread(), and PsLocateSystemDll().

◆ PsNtosImageBase

ULONG_PTR PsNtosImageBase
extern

Definition at line 25 of file sysldr.c.

Referenced by KdInitSystem(), and MiInitializeLoadedModuleList().

◆ PspActiveProcessMutex

KGUARDED_MUTEX PspActiveProcessMutex
extern

Definition at line 23 of file process.c.

Referenced by PsGetNextProcess(), PspCreateProcess(), PspDeleteProcess(), and PspInitPhase0().

◆ PspBootAccessToken

PTOKEN PspBootAccessToken
extern

Definition at line 17 of file security.c.

Referenced by PspInitializeProcessSecurity(), and PspInitPhase0().

◆ PspCidTable

◆ PspDefaultQuotaBlock

◆ PspJobMapping

GENERIC_MAPPING PspJobMapping
extern

Definition at line 41 of file job.c.

Referenced by PspInitPhase0().

◆ PspJobSchedulingClasses

CHAR PspJobSchedulingClasses[PSP_JOB_SCHEDULING_CLASSES]
extern

Definition at line 27 of file job.c.

Referenced by PsChangeQuantumTable(), and PspComputeQuantumAndPriority().

◆ PspLegoNotifyRoutine

PLEGO_NOTIFY_ROUTINE PspLegoNotifyRoutine
extern

Definition at line 24 of file psnotify.c.

Referenced by PspRunLegoRoutine(), and PsSetLegoNotifyRoutine().

◆ PspLoadImageNotifyRoutine

◆ PspProcessNotifyRoutine

◆ PspProcessNotifyRoutineCount

ULONG PspProcessNotifyRoutineCount

Definition at line 463 of file ps.h.

Referenced by PspRunCreateProcessNotifyRoutines().

◆ PspReaperListHead

LIST_ENTRY PspReaperListHead
extern

Definition at line 19 of file kill.c.

◆ PspReaperWorkItem

WORK_QUEUE_ITEM PspReaperWorkItem
extern

Definition at line 20 of file kill.c.

Referenced by KeTerminateThread(), and PspInitPhase0().

◆ PspReaping

BOOLEAN PspReaping
extern

◆ PsPrioritySeparation

ULONG PsPrioritySeparation
extern

◆ PspSystemDllBase

PVOID PspSystemDllBase
extern

Definition at line 41 of file psmgr.c.

Referenced by CODE_SEG(), DbgkCreateThread(), PsLocateSystemDll(), and PspUserThreadStartup().

◆ PspSystemDllEntryPoint

PVOID PspSystemDllEntryPoint
extern

Definition at line 43 of file psmgr.c.

Referenced by PspInitializeSystemDll(), and PspUserThreadStartup().

◆ PspThreadNotifyRoutine

◆ PspThreadNotifyRoutineCount

ULONG PspThreadNotifyRoutineCount
extern

◆ PspTraceLevel

ULONG PspTraceLevel
extern

Definition at line 18 of file query.c.

◆ PspUseJobSchedulingClasses

BOOLEAN PspUseJobSchedulingClasses
extern

Definition at line 25 of file job.c.

Referenced by PsChangeQuantumTable(), and PspComputeQuantumAndPriority().

◆ PspW32ProcessCallout

PKWIN32_PROCESS_CALLOUT PspW32ProcessCallout
extern

Definition at line 18 of file win32.c.

Referenced by PsConvertToGuiThread(), PsEstablishWin32Callouts(), and PspExitThread().

◆ PspW32ThreadCallout

PKWIN32_THREAD_CALLOUT PspW32ThreadCallout
extern

Definition at line 19 of file win32.c.

Referenced by PsConvertToGuiThread(), PsEstablishWin32Callouts(), and PspExitThread().

◆ PsRawPrioritySeparation

ULONG PsRawPrioritySeparation
extern

Definition at line 27 of file process.c.

Referenced by PspInitPhase0().

◆ ShortPsLockDelay

LARGE_INTEGER ShortPsLockDelay
extern

Definition at line 477 of file ps.h.