#include "ps_x.h"
Include dependency graph for ps.h:
Go to the source code of this file.
Classes | |
| struct | _GET_SET_CTX_CONTEXT |
Macros | |
| #define | _PS_DEBUG_ 0x00 |
| #define | PS_THREAD_DEBUG 0x01 |
| #define | PS_PROCESS_DEBUG 0x02 |
| #define | PS_SECURITY_DEBUG 0x04 |
| #define | PS_JOB_DEBUG 0x08 |
| #define | PS_NOTIFICATIONS_DEBUG 0x10 |
| #define | PS_WIN32K_DEBUG 0x20 |
| #define | PS_STATE_DEBUG 0x40 |
| #define | PS_QUOTA_DEBUG 0x80 |
| #define | PS_KILL_DEBUG 0x100 |
| #define | PS_REF_DEBUG 0x200 |
| #define | PSTRACE(x, fmt, ...) DPRINT(fmt, ##__VA_ARGS__) |
| #define | PSREFTRACE(x) |
| #define | PSP_MAX_CREATE_THREAD_NOTIFY 8 |
| #define | PSP_MAX_LOAD_IMAGE_NOTIFY 8 |
| #define | PSP_MAX_CREATE_PROCESS_NOTIFY 8 |
| #define | PSP_JOB_SCHEDULING_CLASSES 10 |
| #define | PSP_NON_PAGED_POOL_QUOTA_THRESHOLD 0x10000 |
| #define | PSP_PAGED_POOL_QUOTA_THRESHOLD 0x80000 |
Typedefs | |
| typedef struct _GET_SET_CTX_CONTEXT | GET_SET_CTX_CONTEXT |
| typedef struct _GET_SET_CTX_CONTEXT * | PGET_SET_CTX_CONTEXT |
Macro Definition Documentation
◆ _PS_DEBUG_
◆ PS_JOB_DEBUG
◆ PS_KILL_DEBUG
◆ PS_NOTIFICATIONS_DEBUG
◆ PS_PROCESS_DEBUG
◆ PS_QUOTA_DEBUG
◆ PS_REF_DEBUG
◆ PS_SECURITY_DEBUG
◆ PS_STATE_DEBUG
◆ PS_THREAD_DEBUG
◆ PS_WIN32K_DEBUG
◆ PSP_JOB_SCHEDULING_CLASSES
◆ PSP_MAX_CREATE_PROCESS_NOTIFY
◆ PSP_MAX_CREATE_THREAD_NOTIFY
◆ PSP_MAX_LOAD_IMAGE_NOTIFY
◆ PSP_NON_PAGED_POOL_QUOTA_THRESHOLD
◆ PSP_PAGED_POOL_QUOTA_THRESHOLD
◆ PSREFTRACE
◆ PSTRACE
Typedef Documentation
◆ GET_SET_CTX_CONTEXT
◆ PGET_SET_CTX_CONTEXT
| typedef struct _GET_SET_CTX_CONTEXT * PGET_SET_CTX_CONTEXT |
Function Documentation
◆ ApphelpCacheInitialize()
Definition at line 439 of file apphelp.c.
440{
442 /* If we are booting in safemode we do not want to use the apphelp cache */
444 {
447 }
448 else
449 {
455 NULL);
458 }
461}
VOID NTAPI RtlInitializeGenericTableAvl(IN OUT PRTL_AVL_TABLE Table, IN PRTL_AVL_COMPARE_ROUTINE CompareRoutine, IN PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine, IN PRTL_AVL_FREE_ROUTINE FreeRoutine, IN PVOID TableContext)
Definition: avltable.c:26
RTL_GENERIC_COMPARE_RESULTS NTAPI ApphelpShimCacheCompareRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID FirstStruct, _In_ PVOID SecondStruct)
Definition: apphelp.c:209
PVOID NTAPI ApphelpShimCacheAllocateRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ CLONG ByteSize)
Definition: apphelp.c:234
VOID NTAPI ApphelpShimCacheFreeRoutine(_In_ struct _RTL_AVL_TABLE *Table, _In_ PVOID Buffer)
Definition: apphelp.c:243
Referenced by IoInitSystem().
◆ ApphelpCacheShutdown()
Definition at line 465 of file apphelp.c.
Referenced by PopGracefulShutdown().
◆ PsChangeQuantumTable()
Definition at line 235 of file process.c.
237{
240 UCHAR Quantum;
241 PCHAR QuantumTable;
242 PAGED_CODE();
244 "%lx PrioritySeparation: %lx\n", Immediate, PrioritySeparation);
245
246 /* Write the current priority separation */
248
249 /* Normalize it if it was too high */
251
252 /* Get the quantum table to use */
254 {
255 /* Use a variable table */
256 QuantumTable = PspVariableQuantums;
257 }
259 {
260 /* Use fixed table */
261 QuantumTable = PspFixedQuantums;
262 }
263 else
264 {
265 /* Use default for the type of system we're on */
267 }
268
269 /* Now check if we should use long or short */
271 {
272 /* Use long quantums */
273 QuantumTable += 3;
274 }
276 {
277 /* Keep existing table */
278 NOTHING;
279 }
280 else
281 {
282 /* Use default for the type of system we're on */
283 QuantumTable += MmIsThisAnNtAsSystem() ? 3 : 0;
284 }
285
286 /* Check if we're using long fixed quantums */
288 {
289 /* Use Job scheduling classes */
291 }
292 else
293 {
294 /* Otherwise, we don't */
296 }
297
298 /* Copy the selected table into the Foreground Quantum table */
300 QuantumTable,
302
303 /* Check if we should apply these changes real-time */
304 if (Immediate)
305 {
306 /* We are...loop every process */
309 {
310 /* Use the priority separation if this is a foreground process */
312 MEMORY_PRIORITY_BACKGROUND) ?
313 0: PsPrioritySeparation;
314
315 /* Make sure that the process isn't idle */
317 {
318 /* Does the process have a job? */
320 {
321 /* Use job quantum */
323 }
324 else
325 {
326 /* Use calculated quantum */
328 }
329 }
330 else
331 {
332 /* Process is idle, use default quantum */
333 Quantum = 6;
334 }
335
336 /* Now set the quantum */
338
339 /* Get the next process */
341 }
342 }
343}
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
VOID NTAPI KeSetQuantumProcess(IN PKPROCESS Process, IN UCHAR Quantum)
Definition: procobj.c:229
Definition: pstypes.h:1261
Referenced by PspInitPhase0(), and SSI_DEF().
◆ PsChargeProcessPageFileQuota()
Charges the process page file quota. The function is used internally by the kernel.
- Parameters
-
[in] Process The process which page file quota is to be charged. [in] Amount The amount of page file quota to charge.
- Returns
- Returns STATUS_SUCCESS if quota charging has been done with success, otherwise a NTSTATUS code of STATUS_PAGEFILE_QUOTA_EXCEEDED is returned.
Definition at line 738 of file quota.c.
741{
742 /* Don't do anything for the system process */
744
746}
NTSTATUS NTAPI PspChargeProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota charging, necessary for export...
Definition: quota.c:195
◆ PsChargeSharedPoolQuota()
| PEPROCESS_QUOTA_BLOCK NTAPI PsChargeSharedPoolQuota | ( | _In_ PEPROCESS | Process, |
| _In_ SIZE_T | AmountToChargePaged, | ||
| _In_ SIZE_T | AmountToChargeNonPaged | ||
| ) |
Charges the shared (paged and non paged) pool quotas. The function is used exclusively by the Object Manager to manage quota charges handling of objects.
- Parameters
-
[in] Process The process which quotas are to be charged within its quota block. [in] AmountToChargePaged The amount of paged quotas quotas to be charged. [in] AmountToChargeNonPaged The amount of non paged quotas to be charged.
- Returns
- Returns the charged quota block, which it'll be used by the Object Manager to attach the charged quotas information to the object. If the function fails to charge quotas, NULL is returned to the caller.
Definition at line 674 of file quota.c.
678{
680
681 /* Sanity checks */
684
685 /* Do we have some paged pool quota to charge? */
686 if (AmountToChargePaged != 0)
687 {
688 /* We do, charge! */
689 Status = PspChargeProcessQuotaSpecifiedPool(NULL, Process->QuotaBlock, PsPagedPool, AmountToChargePaged);
691 {
692 DPRINT1("PsChargeSharedPoolQuota(): Failed to charge the shared pool quota (Status 0x%lx)\n", Status);
694 }
695 }
696
697 /* Do we have some non paged pool quota to charge? */
698 if (AmountToChargeNonPaged != 0)
699 {
700 /* We do, charge! */
701 Status = PspChargeProcessQuotaSpecifiedPool(NULL, Process->QuotaBlock, PsNonPagedPool, AmountToChargeNonPaged);
703 {
704 DPRINT1("PsChargeSharedPoolQuota(): Failed to charge the shared pool quota (Status 0x%lx). Attempting to return some paged pool back...\n", Status);
705 PspReturnProcessQuotaSpecifiedPool(NULL, Process->QuotaBlock, PsPagedPool, AmountToChargePaged);
707 }
708 }
709
710 /* We have charged the quotas of an object, increment the reference */
712
713 DPRINT("PsChargeSharedPoolQuota(): Amount charged (paged %lu -- non paged %lu)\n", AmountToChargePaged, AmountToChargeNonPaged);
715}
VOID NTAPI PspReturnProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota returning. It returns (takes a...
Definition: quota.c:345
Referenced by ObpChargeQuotaForObject().
◆ PsExitSpecialApc()
| VOID NTAPI PsExitSpecialApc | ( | PKAPC | Apc, |
| PKNORMAL_ROUTINE * | NormalRoutine, | ||
| PVOID * | NormalContext, | ||
| PVOID * | SystemArgument1, | ||
| PVOID * | SystemArgument2 | ||
| ) |
Referenced by KiInsertQueueApc().
◆ PsGetNextProcess()
Definition at line 128 of file process.c.
129{
132 PAGED_CODE();
134
135 /* Acquire the Active Process Lock */
137
138 /* Check if we're already starting somewhere */
139 if (OldProcess)
140 {
141 /* Start where we left off */
142 Entry = OldProcess->ActiveProcessLinks.Flink;
143 }
144 else
145 {
146 /* Start at the beginning */
148 }
149
150 /* Loop the process list */
152 {
153 /* Get the process */
155
156 /* Reference the process */
158
159 /* Nothing found, keep trying */
160 FoundProcess = NULL;
162 }
163
164 /* Release the lock */
166
167 /* Dereference the Process we had referenced earlier */
169 return FoundProcess;
170}
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
Definition: typedefs.h:120
Referenced by DbgkpCloseObject(), ExpDebuggerWorker(), PopGracefulShutdown(), PsChangeQuantumTable(), PspShutdownProcessManager(), and QSI_DEF().
◆ PsGetNextProcessThread()
Definition at line 75 of file process.c.
77{
80 PAGED_CODE();
83
84 /* Lock the process */
85 KeEnterCriticalRegion();
87
88 /* Check if we're already starting somewhere */
90 {
91 /* Start where we left off */
93 }
94 else
95 {
96 /* Start at the beginning */
98 }
99
100 /* Set the list head and start looping */
101 ListHead = &Process->ThreadListHead;
103 {
104 /* Get the Thread */
106
107 /* Safe reference the thread */
109
110 /* Nothing found, keep looping */
111 FoundThread = NULL;
113 }
114
115 /* Unlock the process */
117 KeLeaveCriticalRegion();
118
119 /* Check if we had a starting thread, and dereference it */
121
122 /* Return what we found */
123 return FoundThread;
124}
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1104
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1212
Definition: pstypes.h:1102
Referenced by DbgkpPostFakeThreadMessages(), DbgkpSetProcessDebugObject(), ExSwapinWorkerThreads(), NtSetInformationThread(), NtTerminateProcess(), PspTerminateProcess(), PsResumeProcess(), and PsSuspendProcess().
◆ PsIdleThreadMain()
◆ PsInitSystem()
| BOOLEAN NTAPI PsInitSystem | ( | IN PLOADER_PARAMETER_BLOCK | LoaderBlock | ) |
Definition at line 624 of file psmgr.c.
625{
626 /* Check the initialization phase */
628 {
629 case 0:
630
631 /* Do Phase 0 */
633
634 case 1:
635
636 /* Do Phase 1 */
638
639 default:
640
641 /* Don't know any other phase! Bugcheck! */
642 KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
643 1,
645 0,
646 0);
648 }
649}
BOOLEAN NTAPI PspInitPhase0(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
Definition: psmgr.c:406
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().
◆ PsLocateSystemDll()
Definition at line 279 of file psmgr.c.
280{
285 ULONG_PTR HardErrorParameters;
286 ULONG HardErrorResponse;
287
288 /* Locate and open NTDLL to determine ImageBase and LdrStartup */
290 &PsNtDllPathName,
291 0,
292 NULL,
293 NULL);
295 FILE_READ_ACCESS,
296 &ObjectAttributes,
297 &IoStatusBlock,
298 FILE_SHARE_READ,
299 0);
301 {
302 /* Failed, bugcheck */
304 }
305
306 /* Check if the image is valid */
309 {
310 /* Raise a hard error */
313 1,
314 1,
315 &HardErrorParameters,
316 OptionOk,
317 &HardErrorResponse);
319 }
320
321 /* Create a section for NTDLL */
322 Status = ZwCreateSection(&SectionHandle,
323 SECTION_ALL_ACCESS,
324 NULL,
325 NULL,
326 PAGE_EXECUTE,
327 SEC_IMAGE,
328 FileHandle);
331 {
332 /* Failed, bugcheck */
334 }
335
336 /* Reference the Section */
338 SECTION_ALL_ACCESS,
339 MmSectionObjectType,
340 KernelMode,
342 NULL);
343 ZwClose(SectionHandle);
345 {
346 /* Failed, bugcheck */
348 }
349
350 /* Map it */
353 {
354 /* Failed, bugcheck */
356 }
357
358 /* Return status */
360}
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
NTSTATUS NTAPI NtRaiseHardError(IN NTSTATUS ErrorStatus, IN ULONG NumberOfParameters, IN ULONG UnicodeStringParameterMask, IN PULONG_PTR Parameters, IN ULONG ValidResponseOptions, OUT PULONG Response)
Definition: harderr.c:551
Definition: nsiface.idl:2307
NTSYSAPI NTSTATUS NTAPI ZwOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
NTSTATUS NTAPI MmCheckSystemImage(IN HANDLE ImageHandle, IN BOOLEAN PurgeSection)
Definition: sysldr.c:2694
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
NTSTATUS NTAPI PspMapSystemDll(IN PEPROCESS Process, IN PVOID *DllBase, IN BOOLEAN UseLargePages)
Definition: psmgr.c:245
Definition: env_spec_w32.h:870
Definition: umtypes.h:182
Referenced by IoInitSystem().
◆ PsOpenTokenOfProcess()
Definition at line 471 of file security.c.
473{
476 PAGED_CODE();
478
479 /* Get the Token */
482 PsProcessType,
483 ExGetPreviousMode(),
485 NULL);
487 {
488 /* Reference the token and dereference the process */
491 }
492
493 /* Return */
495}
Definition: tokenizer.hpp:28
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
Referenced by NtOpenProcessTokenEx().
◆ PspCreateProcess()
| NTSTATUS NTAPI PspCreateProcess | ( | OUT PHANDLE | ProcessHandle, |
| IN ACCESS_MASK | DesiredAccess, | ||
| IN POBJECT_ATTRIBUTES ObjectAttributes | OPTIONAL, | ||
| IN HANDLE ParentProcess | OPTIONAL, | ||
| IN ULONG | Flags, | ||
| IN HANDLE SectionHandle | OPTIONAL, | ||
| IN HANDLE DebugPort | OPTIONAL, | ||
| IN HANDLE ExceptionPort | OPTIONAL, | ||
| IN BOOLEAN | InJob | ||
| ) |
Definition at line 347 of file process.c.
356{
359 PVOID ExceptionPortObject;
360 PDEBUG_OBJECT DebugObject;
363 ULONG_PTR DirectoryTableBase[2] = {0,0};
365 HANDLE_TABLE_ENTRY CidEntry;
369 ULONG MinWs, MaxWs;
370 ACCESS_STATE LocalAccessState;
372 AUX_ACCESS_DATA AuxData;
373 UCHAR Quantum;
378 INITIAL_PEB InitialPeb;
379 PAGED_CODE();
382
383 /* Validate flags */
385
386 /* Check for parent */
387 if (ParentProcess)
388 {
389 /* Reference it */
392 PsProcessType,
393 PreviousMode,
395 NULL);
397
398 /* If this process should be in a job but the parent isn't */
400 {
401 /* This is illegal. Dereference the parent and fail */
404 }
405
406 /* Inherit Parent process's Affinity. */
408 }
409 else
410 {
411 /* We have no parent */
414 }
415
416 /* Save working set data */
417 MinWs = PsMinimumWorkingSet;
418 MaxWs = PsMaximumWorkingSet;
419
420 /* Create the Object */
422 PsProcessType,
423 ObjectAttributes,
424 PreviousMode,
425 NULL,
427 0,
428 0,
431
432 /* Clean up the Object */
434
435 /* Initialize pushlock and rundown protection */
437 Process->ProcessLock.Value = 0;
438
439 /* Setup the Thread List Head */
441
442 /* Set up the Quota Block from the Parent */
444
445 /* Set up Dos Device Map from the Parent */
447
448 /* Check if we have a parent */
450 {
451 /* Inherit PID and hard-error processing */
454 }
455 else
456 {
457 /* Use default hard-error processing */
459 }
460
461 /* Check for a section handle */
462 if (SectionHandle)
463 {
464 /* Get a pointer to it */
466 SECTION_MAP_EXECUTE,
467 MmSectionObjectType,
468 PreviousMode,
470 NULL);
472 }
473 else
474 {
475 /* Assume no section object */
477
478 /* Is the parent the initial process?
479 * Check for NULL also, as at initialization PsInitialSystemProcess is NULL */
481 {
482 /* It's not, so acquire the process rundown */
484 {
485 /* If the parent has a section, use it */
488
489 /* Release process rundown */
491 }
492
493 /* If we don't have a section object */
495 {
496 /* Then the process is in termination, so fail */
498 goto CleanupWithRef;
499 }
500 }
501 }
502
503 /* Save the pointer to the section object */
505
506 /* Check for the debug port */
507 if (DebugPort)
508 {
509 /* Reference it */
512 DbgkDebugObjectType,
513 PreviousMode,
514 (PVOID*)&DebugObject,
515 NULL);
517
518 /* Save the debug object */
519 Process->DebugPort = DebugObject;
520
521 /* Check if the caller doesn't want the debug stuff inherited */
523 {
524 /* Set the process flag */
526 }
527 }
528 else
529 {
530 /* Do we have a parent? Copy his debug port */
532 }
533
534 /* Now check for an exception port */
535 if (ExceptionPort)
536 {
537 /* Reference it */
539 PORT_ALL_ACCESS,
540 LpcPortObjectType,
541 PreviousMode,
542 (PVOID*)&ExceptionPortObject,
543 NULL);
545
546 /* Save the exception port */
547 Process->ExceptionPort = ExceptionPortObject;
548 }
549
550 /* Save the pointer to the section object */
552
553 /* Set default exit code */
555
556 /* Check if this is the initial process being built */
558 {
559 /* Create the address space for the child */
561 Process,
562 DirectoryTableBase))
563 {
564 /* Failed */
566 goto CleanupWithRef;
567 }
568 }
569 else
570 {
571 /* Otherwise, we are the boot process, we're already semi-initialized */
575 }
576
577 /* We now have an address space */
579
580 /* Set the maximum WS */
581 Process->Vm.MaximumWorkingSetSize = MaxWs;
582
583 /* Now initialize the Kernel Process */
586 Affinity,
587 DirectoryTableBase,
589 SEM_NOALIGNMENTFAULTEXCEPT));
590
591 /* Duplicate Parent Token */
594
595 /* Set default priority class */
597
598 /* Check if we have a parent */
600 {
601 /* Check our priority class */
604 {
605 /* Normalize it */
607 }
608
609 /* Initialize object manager for the process */
612 Process);
614 }
615 else
616 {
617 /* Do the second part of the boot process memory setup */
620 }
621
622 /* Set success for now */
624
625 /* Check if this is a real user-mode process */
626 if (SectionHandle)
627 {
628 /* Initialize the address space */
630 NULL,
631 SectionObject,
632 &Flags,
633 &Process->
634 SeAuditProcessCreationInfo.
635 ImageFileName);
637
638 //
639 // We need a PEB
640 //
641 NeedsPeb = TRUE;
642 }
644 {
645 /* Check if this is a child of the system process */
647 {
648 //
649 // We need a PEB
650 //
651 NeedsPeb = TRUE;
652
653 /* This is a clone! */
655 }
656 else
657 {
658 /* This is the initial system process */
659 Flags &= ~PROCESS_CREATE_FLAGS_LARGE_PAGES;
661 NULL,
662 NULL,
663 &Flags,
664 NULL);
666
667 /* Create a dummy image file name */
668 Process->SeAuditProcessCreationInfo.ImageFileName =
671 TAG_SEPA);
673 {
674 /* Fail */
676 goto CleanupWithRef;
677 }
678
679 /* Zero it out */
682 }
683 }
684
685#if MI_TRACE_PFNS
686 /* Copy the process name now that we have it */
687 memcpy(MiGetPfnEntry(Process->Pcb.DirectoryTableBase[0] >> PAGE_SHIFT)->ProcessName, Process->ImageFileName, 16);
688 if (Process->Pcb.DirectoryTableBase[1]) memcpy(MiGetPfnEntry(Process->Pcb.DirectoryTableBase[1] >> PAGE_SHIFT)->ProcessName, Process->ImageFileName, 16);
689 if (Process->WorkingSetPage) memcpy(MiGetPfnEntry(Process->WorkingSetPage)->ProcessName, Process->ImageFileName, 16);
690#endif
691
692 /* Check if we have a section object and map the system DLL */
694
695 /* Create a handle for the Process */
697 CidEntry.GrantedAccess = 0;
700 {
701 /* Fail */
703 goto CleanupWithRef;
704 }
705
706 /* Set the handle table PID */
708
709 /* Check if we need to audit */
711
712 /* Check if the parent had a job */
714 {
715 /* FIXME: We need to insert this process */
717 }
718
719 /* Create PEB only for User-Mode Processes */
721 {
722 //
723 // Set up the initial PEB
724 //
728
729 //
730 // Create it only if we have an image section
731 //
732 if (SectionHandle)
733 {
734 //
735 // Create it
736 //
739 }
740 else
741 {
742 //
743 // We have to clone it
744 //
746 }
747
748 }
749
750 /* The process can now be activated */
754
755 /* Create an access state */
757 ((Parent) &&
759 Parent : CurrentProcess,
760 &LocalAccessState,
761 &AuxData,
762 DesiredAccess,
765
766 /* Insert the Process into the Object Directory */
768 AccessState,
769 DesiredAccess,
770 1,
771 NULL,
772 &hProcess);
773
774 /* Free the access state */
776
777 /* Cleanup on failure */
779
780 /* Compute Quantum and Priority */
782 Process->Pcb.BasePriority =
785 &Quantum);
786 Process->Pcb.QuantumReset = Quantum;
787
788 /* Check if we have a parent other then the initial system process */
791 {
792 /* Get the process's SD */
794 &SecurityDescriptor,
795 &SdAllocated);
797 {
798 /* We failed, close the handle and clean up */
800 goto CleanupWithRef;
801 }
802
803 /* Create the subject context */
807
808 /* Do the access check */
810 &SubjectContext,
811 FALSE,
812 MAXIMUM_ALLOWED,
813 0,
814 NULL,
816 PreviousMode,
817 &Process->GrantedAccess,
818 &AccessStatus);
819
820 /* Dereference the token and let go the SD */
822 SubjectContext.PrimaryToken);
824
825 /* Remove access if it failed */
827
828 /* Give the process some basic access */
830 PROCESS_VM_READ |
831 PROCESS_VM_WRITE |
833 PROCESS_TERMINATE |
834 PROCESS_CREATE_THREAD |
835 PROCESS_DUP_HANDLE |
836 PROCESS_CREATE_PROCESS |
837 PROCESS_SET_INFORMATION |
838 STANDARD_RIGHTS_ALL |
839 PROCESS_SET_QUOTA);
840 }
841 else
842 {
843 /* Set full granted access */
845 }
846
847 /* Set the Creation Time */
849
850 /* Protect against bad user-mode pointer */
851 _SEH2_TRY
852 {
853 /* Hacky way of returning the PEB to the user-mode creator */
855 {
857 }
858
859 /* Save the process handle */
861 }
863 {
864 /* Get the exception code */
866 }
867 _SEH2_END;
868
869 /* Run the Notification Routines */
871
872 /* If 12 processes have been created, enough of user-mode is ready */
874
875CleanupWithRef:
876 /*
877 * Dereference the process. For failures, kills the process and does
878 * cleanup present in PspDeleteProcess. For success, kills the extra
879 * reference added by ObInsertObject.
880 */
882
883Cleanup:
884 /* Dereference the parent */
886
887 /* Return status to caller */
889}
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:786
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:732
VOID NTAPI DbgkCopyProcessDebugPort(IN PEPROCESS Process, IN PEPROCESS Parent)
Definition: dbgkobj.c:276
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
#define PROCESS_CREATE_FLAGS_INHERIT_HANDLES
Definition: pstypes.h:93
#define PROCESS_PRIORITY_CLASS_BELOW_NORMAL
Definition: pstypes.h:111
#define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT
Definition: pstypes.h:92
#define PROCESS_DUP_HANDLE
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:827
VOID NTAPI KeInitializeProcess(struct _KPROCESS *Process, KPRIORITY Priority, KAFFINITY Affinity, PULONG_PTR DirectoryTableBase, IN BOOLEAN Enable)
NTSTATUS NTAPI MmInitializeHandBuiltProcess2(IN PEPROCESS Process)
Definition: procsup.c:1157
NTSTATUS NTAPI MmInitializeProcessAddressSpace(IN PEPROCESS Process, IN PEPROCESS Clone OPTIONAL, IN PVOID Section OPTIONAL, IN OUT PULONG Flags, IN POBJECT_NAME_INFORMATION *AuditName OPTIONAL)
NTSTATUS NTAPI MmCreatePeb(IN PEPROCESS Process, IN PINITIAL_PEB InitialPeb, OUT PPEB *BasePeb)
Definition: procsup.c:517
NTSTATUS NTAPI MmInitializeHandBuiltProcess(IN PEPROCESS Process, IN PULONG_PTR DirectoryTableBase)
Definition: procsup.c:1131
BOOLEAN NTAPI MmCreateProcessAddressSpace(IN ULONG MinWs, IN PEPROCESS Dest, IN PULONG_PTR DirectoryTableBase)
Definition: page.c:136
NTSTATUS NTAPI SeCreateAccessStateEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _In_ OUT PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
Definition: audit.c:34
VOID NTAPI SeAuditProcessCreate(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be created.
Definition: audit.c:56
KPRIORITY NTAPI PspComputeQuantumAndPriority(IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE Mode, OUT PUCHAR Quantum)
Definition: process.c:174
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:150
VOID NTAPI ObInheritDeviceMap(IN PEPROCESS Parent, IN PEPROCESS Process)
Definition: devicemap.c:511
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
NTSTATUS NTAPI ObInitProcess(IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
Definition: obhandle.c:2090
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1024
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
NTSTATUS NTAPI PspInitializeProcessSecurity(IN PEPROCESS Process, IN PEPROCESS Parent OPTIONAL)
Definition: security.c:71
NTSTATUS NTAPI PspMapSystemDll(IN PEPROCESS Process, OUT PVOID *DllBase, IN BOOLEAN UseLargePages)
VOID NTAPI PspInheritQuota(_In_ PEPROCESS Process, _In_ PEPROCESS ParentProcess)
FORCEINLINE VOID PspRunCreateProcessNotifyRoutines(IN PEPROCESS CurrentProcess, IN BOOLEAN Create)
Definition: ps_x.h:62
Definition: setypes.h:224
Definition: setypes.h:257
Definition: dbgktypes.h:91
Definition: extypes.h:596
Definition: pstypes.h:661
Definition: nt_native.h:1269
Definition: mmtypes.h:807
Definition: ms-dtyp.idl:301
Definition: setypes.h:217
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
Definition: halfuncs.h:174
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
Referenced by NtCreateProcessEx(), PsCreateSystemProcess(), and PspInitPhase0().
◆ PspDeleteJob()
Referenced by PspInitPhase0().
◆ PspDeleteProcess()
Definition at line 253 of file kill.c.
254{
257 PAGED_CODE();
260
261 /* Check if it has an Active Process Link */
263 {
264 /* Remove it from the Active List */
270 }
271
272 /* Check for Auditing information */
274 {
275 /* Free it */
277 TAG_SEPA);
279 }
280
281 /* Check if we have a job */
283 {
284 /* Remove the process from the job */
286
287 /* Dereference it */
290 }
291
292 /* Increase the stack count */
293 Process->Pcb.StackCount++;
294
295 /* Check if we have a debug port */
297 {
298 /* Deference the Debug Port */
301 }
302
303 /* Check if we have an exception port */
305 {
306 /* Deference the Exception Port */
309 }
310
311 /* Check if we have a section object */
313 {
314 /* Deference the Section Object */
317 }
318
319#if defined(_X86_)
320 /* Clean Ldt and Vdm objects */
323#endif
324
325 /* Delete the Object Table */
327 {
328 /* Attach to the process */
330
331 /* Kill the Object Info */
333
334 /* Detach */
336 }
337
338 /* Check if we have an address space, and clean it */
340 {
341 /* Attach to the process */
343
344 /* Clean the Address Space */
346
347 /* Detach */
349
350 /* Completely delete the Address Space */
352 }
353
354 /* See if we have a PID */
356 {
357 /* Delete the PID */
359 {
360 /* Something wrong happened, bugcheck */
361 KeBugCheck(CID_HANDLE_DELETION);
362 }
363 }
364
365 /* Cleanup security information */
367
368 /* Check if we have kept information on the Working Set */
370 {
371 /* Free it */
373
374 /* And return the quota it was taking up */
376 }
377
378 /* Dereference the Device Map */
380
381 /*
382 * Dereference the quota block, the function
383 * will invoke a quota block cleanup if the
384 * block itself is no longer used by anybody.
385 */
387}
BOOLEAN NTAPI ExDestroyHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PHANDLE_TABLE_ENTRY HandleTableEntry OPTIONAL)
Definition: handle.c:984
VOID NTAPI MmDeleteProcessAddressSpace(IN PEPROCESS Process)
Definition: procsup.c:1366
VOID NTAPI PspExitProcess(IN BOOLEAN LastThread, IN PEPROCESS Process)
Definition: kill.c:1075
VOID NTAPI ObDereferenceDeviceMap(IN PEPROCESS Process)
Definition: devicemap.c:456
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
VOID NTAPI PspRemoveProcessFromJob(IN PEPROCESS Process, IN PEJOB Job)
Definition: job.c:138
VOID NTAPI PspDereferenceQuotaBlock(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock)
De-references a quota block when quotas have been returned back because of an object de-allocation or...
Definition: quota.c:553
VOID NTAPI PspDeleteProcessSecurity(IN PEPROCESS Process)
Definition: security.c:30
VOID NTAPI PsReturnProcessNonPagedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Returns the non paged quota pool that the process was taking up.
Definition: quota.c:938
Referenced by PspInitPhase0().
◆ PspDeleteProcessSecurity()
Definition at line 30 of file security.c.
31{
32 PAGED_CODE();
34
35 /* Check if we have a token */
37 {
38 /* Deassign it */
41 }
42}
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
Definition: token.c:936
Referenced by PspDeleteProcess().
◆ PspDeleteThread()
Definition at line 391 of file kill.c.
392{
395 PAGED_CODE();
399
400 /* Check if we have a stack */
402 {
403 /* Release it */
406 }
407
408 /* Check if we have a CID Handle */
410 {
411 /* Delete the CID Handle */
413 {
414 /* Something wrong happened, bugcheck */
415 KeBugCheck(CID_HANDLE_DELETION);
416 }
417 }
418
419 /* Cleanup impersionation information */
421
422 /* Make sure the thread was inserted, before continuing */
424
425 /* Check if the thread list is valid */
427 {
428 /* Lock the thread's process */
429 KeEnterCriticalRegion();
431
432 /* Remove us from the list */
434
435 /* Release the lock */
437 KeLeaveCriticalRegion();
438 }
439
440 /* Dereference the Process */
442}
FORCEINLINE VOID ExAcquirePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1035
FORCEINLINE VOID ExReleasePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1251
VOID NTAPI MmDeleteKernelStack(PVOID Stack, BOOLEAN GuiStack)
VOID NTAPI PspDeleteThreadSecurity(IN PETHREAD Thread)
Definition: security.c:46
Referenced by PspInitPhase0().
◆ PspDeleteThreadSecurity()
Definition at line 46 of file security.c.
47{
49 PAGED_CODE();
51
52 /* Check if we have active impersonation info */
54 {
55 /* Dereference its token */
57 }
58
59 /* Check if we have impersonation info */
60 if (ImpersonationInfo)
61 {
62 /* Free it */
63 ExFreePool(ImpersonationInfo);
66 }
67}
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
Definition: pstypes.h:1143
Definition: pstypes.h:1068
Referenced by PspDeleteThread().
◆ PspDereferenceQuotaBlock()
| VOID NTAPI PspDereferenceQuotaBlock | ( | _In_opt_ PEPROCESS | Process, |
| _In_ PEPROCESS_QUOTA_BLOCK | QuotaBlock | ||
| ) |
De-references a quota block when quotas have been returned back because of an object de-allocation or when a process gets destroyed. If the last instance that held up the block gets de-referenced the function will perform a cleanup against that block and it'll free the quota block from memory.
- Parameters
-
[in] Process A pointer to a process that de-references the quota block. [in] QuotaBlock A pointer to a quota block that is to be de-referenced. This block can come from a process that references it or an object.
- Returns
- Nothing.
Definition at line 553 of file quota.c.
556{
557 ULONG PsQuotaTypeIndex;
559
560 /* Make sure the quota block is not trash */
561 ASSERT(QuotaBlock);
562
563 /* Iterate over the process quota types if we have a process */
565 {
567 {
568 /*
569 * We need to make sure that the quota usage
570 * uniquely associated with the process is 0
571 * on that moment the process gets destroyed.
572 */
574 }
575
576 /* As the process is now gone, decrement the process count */
577 InterlockedDecrementUL(&QuotaBlock->ProcessCount);
578 }
579
580 /* If no one is using this block, begin to destroy it */
582 InterlockedDecrementUL(&QuotaBlock->ReferenceCount) == 0)
583 {
584 /* Acquire the quota lock */
586
587 /* Return all the quotas back to Mm and remove the quota from list */
588 PspReturnQuotasOnDestroy(QuotaBlock);
589 RemoveEntryList(&QuotaBlock->QuotaList);
590
591 /* Release the lock and free the block */
594 }
595}
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
Definition: kefuncs.h:792
Referenced by PspDeleteProcess(), and PsReturnSharedPoolQuota().
◆ PspExitProcess()
Definition at line 1075 of file kill.c.
1077{
1078 ULONG Actual;
1079 PAGED_CODE();
1083
1084 /* Set Process Exit flag */
1086
1087 /* Check if we are the last thread */
1089 {
1090 /* Notify the WMI Process Callback */
1091 //WmiTraceProcess(Process, FALSE);
1092
1093 /* Run the Notification Routines */
1095 }
1096
1097 /* Cleanup the power state */
1099
1100 /* Clear the security port */
1102 {
1103 /* So we don't double-dereference */
1105 }
1107 {
1108 /* Dereference it */
1111 }
1112
1113 /* Check if we are the last thread */
1115 {
1116 /* Check if we have to set the Timer Resolution */
1118 {
1119 /* Set it to default */
1121 }
1122
1123 /* Check if we are part of a Job that has a completion port */
1125 {
1126 /* FIXME: Check job status code and do I/O completion if needed */
1127 }
1128
1129 /* FIXME: Notify the Prefetcher */
1130 }
1131 else
1132 {
1133 /* Clear process' address space here */
1135 }
1136}
NTSYSAPI NTSTATUS NTAPI ZwSetTimerResolution(_In_ ULONG RequestedResolution, _In_ BOOLEAN SetOrUnset, _Out_ PULONG ActualResolution)
VOID NTAPI MmCleanProcessAddressSpace(IN PEPROCESS Process)
Definition: procsup.c:1267
VOID NTAPI PopCleanupPowerState(IN PPOWER_STATE PowerState)
Definition: power.c:164
Definition: ntpoapi.h:56
Referenced by PspDeleteProcess(), and PspExitThread().
◆ PspExitProcessFromJob()
◆ PspExitThread()
Definition at line 450 of file kill.c.
451{
452 CLIENT_DIED_MSG TerminationMsg;
454 PTEB Teb;
455 PEPROCESS CurrentProcess;
457 PVOID DeallocationStack;
458 SIZE_T Dummy;
460 PTERMINATION_PORT TerminationPort, NextPort;
461 PLIST_ENTRY FirstEntry, CurrentEntry;
462 PKAPC Apc;
463 PTOKEN PrimaryToken;
464 PAGED_CODE();
466
467 /* Get the Current Thread and Process */
469 CurrentProcess = Thread->ThreadsProcess;
471
472 /* Can't terminate a thread if it attached another process */
474 {
475 /* Bugcheck */
476 KeBugCheckEx(INVALID_PROCESS_ATTACH_ATTEMPT,
477 (ULONG_PTR)CurrentProcess,
481 }
482
483 /* Lower to Passive Level */
485
486 /* Can't be a worker thread */
488 {
489 /* Bugcheck */
490 KeBugCheckEx(ACTIVE_EX_WORKER_THREAD_TERMINATION,
492 0,
493 0,
494 0);
495 }
496
497 /* Can't have pending APCs */
499 {
500 /* Bugcheck */
501 KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
502 0,
504 0,
505 1);
506 }
507
508 /* Lock the thread */
510
511 /* Cleanup the power state */
513
514 /* Call the WMI Callback for Threads */
515 //WmiTraceThread(Thread, NULL, FALSE);
516
517 /* Run Thread Notify Routines before we desintegrate the thread */
519
520 /* Lock the Process before we modify its thread entries */
521 KeEnterCriticalRegion();
523
524 /* Decrease the active thread count, and check if it's 0 */
526 {
527 /* Set the delete flag */
529
530 /* Remember we are last */
531 Last = TRUE;
532
533 /* Check if this termination is due to the thread dying */
535 {
536 /* Check if the last thread was pending */
538 {
539 /* Use the last exit status */
540 CurrentProcess->ExitStatus = CurrentProcess->
541 LastThreadExitStatus;
542 }
543 }
544 else
545 {
546 /* Just a normal exit, write the code */
548 }
549
550 /* Loop all the current threads */
551 FirstEntry = &CurrentProcess->ThreadListHead;
552 CurrentEntry = FirstEntry->Flink;
553 while (FirstEntry != CurrentEntry)
554 {
555 /* Get the thread on the list */
556 OtherThread = CONTAINING_RECORD(CurrentEntry,
557 ETHREAD,
558 ThreadListEntry);
559
560 /* Check if it's a thread that's still alive */
563 (ObReferenceObjectSafe(OtherThread)))
564 {
565 /* It's a live thread and we referenced it, unlock process */
567 KeLeaveCriticalRegion();
568
569 /* Wait on the thread */
570 KeWaitForSingleObject(OtherThread,
571 Executive,
572 KernelMode,
573 FALSE,
574 NULL);
575
576 /* Check if we had a previous thread to dereference */
578
579 /* Remember the thread and re-lock the process */
580 PreviousThread = OtherThread;
581 KeEnterCriticalRegion();
583 }
584
585 /* Go to the next thread */
586 CurrentEntry = CurrentEntry->Flink;
587 }
588 }
590 {
591 /* Write down the exit status of the last thread to get killed */
593 }
594
595 /* Unlock the Process */
597 KeLeaveCriticalRegion();
598
599 /* Check if we had a previous thread to dereference */
601
602 /* Check if the process has a debug port and if this is a user thread */
604 {
605 /* Notify the Debug API. */
608 }
609
610 /* Check if this is a Critical Thread */
612 {
613 /* Break to debugger */
615 Thread,
616 CurrentProcess->ImageFileName);
617 }
618
619 /* Check if it's the last thread and this is a Critical Process */
621 {
622 /* Check if a debugger is here to handle this */
624 {
625 /* Break to debugger */
627 CurrentProcess,
628 CurrentProcess->ImageFileName);
629 }
630 else
631 {
632 /* Bugcheck, we can't allow this */
633 KeBugCheckEx(CRITICAL_PROCESS_DIED,
634 (ULONG_PTR)CurrentProcess,
635 0,
636 0,
637 0);
638 }
639 }
640
641 /* Sanity check */
643
644 /* Process the Termination Ports */
646 if (TerminationPort)
647 {
648 /* Setup the message header */
649 TerminationMsg.h.u2.ZeroInit = 0;
654
655 /* Loop each port */
656 do
657 {
658 /* Save the Create Time */
660
661 /* Loop trying to send message */
663 {
664 /* Send the LPC Message */
666 &TerminationMsg.h);
669 {
670 /* Wait a bit and try again */
672 continue;
673 }
674 break;
675 }
676
677 /* Dereference this LPC Port */
679
680 /* Move to the next one */
681 NextPort = TerminationPort->Next;
682
683 /* Free the Termination Port Object */
685
686 /* Keep looping as long as there is a port */
687 TerminationPort = NextPort;
688 } while (TerminationPort);
689 }
691 (Thread->DeadThread)) ||
692 !(Thread->DeadThread))
693 {
694 /*
695 * This case is special and deserves some extra comments. What
696 * basically happens here is that this thread doesn't have a termination
697 * port, which means that it died before being fully created. Since we
698 * still have to notify an LPC Server, we'll use the exception port,
699 * which we know exists. However, we need to know how far the thread
700 * actually got created. We have three possibilities:
701 *
702 * - NtCreateThread returned an error really early: DeadThread is set.
703 * - NtCreateThread managed to create the thread: DeadThread is off.
704 * - NtCreateThread was creating the thread (with DeadThread set,
705 * but the thread got killed prematurely: STATUS_THREAD_IS_TERMINATING
706 * is our exit code.)
707 *
708 * For the 2 & 3rd scenarios, the thread has been created far enough to
709 * warrant notification to the LPC Server.
710 */
711
712 /* Setup the message header */
713 TerminationMsg.h.u2.ZeroInit = 0;
718
719 /* Make sure the process has an exception port */
720 if (CurrentProcess->ExceptionPort)
721 {
722 /* Save the Create Time */
724
725 /* Loop trying to send message */
727 {
728 /* Send the LPC Message */
730 &TerminationMsg.h);
733 {
734 /* Wait a bit and try again */
736 continue;
737 }
738 break;
739 }
740 }
741 }
742
743 /* Rundown Win32 Thread if there is one */
745 PsW32ThreadCalloutExit);
746
747 /* If we are the last thread and have a W32 Process */
749 {
750 /* Run it down too */
752 }
753
754 /* Make sure Stack Swap is enabled */
756 {
757 /* Stack swap really shouldn't be disabled during exit! */
758 KeBugCheckEx(KERNEL_STACK_LOCKED_AT_EXIT, 0, 0, 0, 0);
759 }
760
761 /* Cancel I/O for the thread. */
763
764 /* Rundown Timers */
765 ExTimerRundown();
766
767 /* FIXME: Rundown Registry Notifications (NtChangeNotify)
768 CmNotifyRunDown(Thread); */
769
770 /* Rundown Mutexes */
771 KeRundownThread();
772
773 /* Check if we have a TEB */
775 if (Teb)
776 {
777 /* Check if the thread is still alive */
779 {
780 /* Check if we need to free its stack */
781 if (Teb->FreeStackOnTermination)
782 {
783 /* Set the TEB's Deallocation Stack as the Base Address */
784 Dummy = 0;
785 DeallocationStack = Teb->DeallocationStack;
786
787 /* Free the Thread's Stack */
788 ZwFreeVirtualMemory(NtCurrentProcess(),
789 &DeallocationStack,
790 &Dummy,
791 MEM_RELEASE);
792 }
793
794 /* Free the debug handle */
796 UserMode);
797 }
798
799 /* Decommit the TEB */
800 MmDeleteTeb(CurrentProcess, Teb);
802 }
803
804 /* Free LPC Data */
806
807 /* Save the exit status and exit time */
810
811 /* Sanity check */
813
814 /* Check if this is the final thread or not */
815 if (Last)
816 {
817 /* Set the process exit time */
819
820 /* Exit the process */
822
823 /* Get the process token and check if we need to audit */
824 PrimaryToken = PsReferencePrimaryToken(CurrentProcess);
826 {
827 /* Audit the exit */
828 SeAuditProcessExit(CurrentProcess);
829 }
830
831 /* Dereference the process token */
833
834 /* Check if this is a VDM Process and rundown the VDM DPCs if so */
836
837 /* Kill the process in the Object Manager */
838 ObKillProcess(CurrentProcess);
839
840 /* Check if we have a section object */
842 {
843 /* Dereference and clear the Section Object */
846 }
847
848 /* Check if the process is part of a job */
850 {
851 /* Remove the process from the job */
853 }
854 }
855
856 /* Disable APCs */
857 KeEnterCriticalRegion();
858
859 /* Disable APC queueing, force a resumption */
862
863 /* Re-enable APCs */
864 KeLeaveCriticalRegion();
865
866 /* Flush the User APCs */
868 if (FirstEntry)
869 {
870 /* Start with the first entry */
871 CurrentEntry = FirstEntry;
872 do
873 {
874 /* Get the APC */
876
877 /* Move to the next one */
878 CurrentEntry = CurrentEntry->Flink;
879
880 /* Rundown the APC or de-allocate it */
881 if (Apc->RundownRoutine)
882 {
883 /* Call its own routine */
884 Apc->RundownRoutine(Apc);
885 }
886 else
887 {
888 /* Do it ourselves */
889 ExFreePool(Apc);
890 }
891 }
892 while (CurrentEntry != FirstEntry);
893 }
894
895 /* Clean address space if this was the last thread */
897
898 /* Call the Lego routine */
900
901 /* Flush the APC queue, which should be empty */
904 {
905 /* Bugcheck time */
906 KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
907 (ULONG_PTR)FirstEntry,
909 KeGetCurrentIrql(),
910 0);
911 }
912
913 /* Signal the process if this was the last thread */
915
916 /* Terminate the Thread from the Scheduler */
917 KeTerminateThread(0);
918}
#define KeWaitForSingleObject(pEvt, foo, a, b, c)
Definition: env_spec_w32.h:478
ULONG NTAPI KeSetProcess(struct _KPROCESS *Process, KPRIORITY Increment, BOOLEAN InWait)
PLIST_ENTRY NTAPI KeFlushQueueApc(IN PKTHREAD Thread, IN KPROCESSOR_MODE PreviousMode)
Definition: apc.c:793
VOID NTAPI MmDeleteTeb(struct _EPROCESS *Process, PTEB Teb)
VOID NTAPI SeAuditProcessExit(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be terminated.
Definition: audit.c:77
NTSTATUS NTAPI LpcRequestPort(IN PVOID PortObject, IN PPORT_MESSAGE LpcMessage)
Definition: send.c:22
VOID NTAPI PspCatchCriticalBreak(IN PCHAR Message, IN PVOID ProcessOrThread, IN PCHAR ImageName)
Definition: kill.c:27
VOID NTAPI PspExitProcessFromJob(IN PEJOB Job, IN PEPROCESS Process)
Definition: job.c:146
FORCEINLINE VOID PspRunCreateThreadNotifyRoutines(IN PETHREAD CurrentThread, IN BOOLEAN Create)
Definition: ps_x.h:40
Definition: lpctypes.h:268
Definition: ketypes.h:535
Definition: winternl.h:1746
Definition: compat.h:836
Definition: pstypes.h:1079
Definition: setypes.h:216
Referenced by PsExitSpecialApc(), and PspTerminateThreadByPointer().
◆ PspGetOrSetContextKernelRoutine()
| VOID NTAPI PspGetOrSetContextKernelRoutine | ( | IN PKAPC | Apc, |
| IN OUT PKNORMAL_ROUTINE * | NormalRoutine, | ||
| IN OUT PVOID * | NormalContext, | ||
| IN OUT PVOID * | SystemArgument1, | ||
| IN OUT PVOID * | SystemArgument2 | ||
| ) |
Definition at line 38 of file psctx.c.
Referenced by PsGetContextThread(), and PsSetContextThread().
◆ PspGetSystemDllEntryPoints()
◆ PspInheritQuota()
Referenced by PspCreateProcess().
◆ PspInitializeJobStructures()
Definition at line 111 of file job.c.
112{
115}
FORCEINLINE VOID ExInitializeFastMutex(_Out_ PFAST_MUTEX FastMutex)
Definition: exfuncs.h:274
Referenced by PspInitPhase0().
◆ PspInitializeProcessSecurity()
Definition at line 71 of file security.c.
73{
75 PTOKEN NewToken, ParentToken;
76 PAGED_CODE();
78
79 /* If we have a parent, then duplicate the Token */
81 {
82 /* Get the Parent Token */
84
85 /* Duplicate it */
87 &NewToken,
88 TRUE,
90
91 /* Dereference the Parent */
93
94 /* Set the new Token */
96 {
97 /* Initailize the fast reference */
99 }
100 }
101 else
102 {
103 /* No parent, assign the Boot Token */
106 }
107
108 /* Return to caller */
110}
NTSTATUS NTAPI SeSubProcessToken(_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
Subtracts a token in exchange of duplicating a new one.
Definition: token.c:1127
VOID NTAPI SeAssignPrimaryToken(IN PEPROCESS Process, IN PTOKEN Token)
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:107
Referenced by PspCreateProcess().
◆ PspIsProcessExiting()
Definition at line 1068 of file kill.c.
Referenced by MmpPageOutPhysicalAddress().
◆ PspMapSystemDll()
| NTSTATUS NTAPI PspMapSystemDll | ( | IN PEPROCESS | Process, |
| OUT PVOID * | DllBase, | ||
| IN BOOLEAN | UseLargePages | ||
| ) |
Referenced by PspCreateProcess().
◆ PspReapRoutine()
Definition at line 167 of file kill.c.
168{
169 PSINGLE_LIST_ENTRY NextEntry;
172
173 /* Start main loop */
174 do
175 {
176 /* Write magic value and return the next entry to process */
178 (PVOID)1);
180
181 /* Start inner loop */
182 do
183 {
184 /* Get the first Thread Entry */
186
187 /* Delete this entry's kernel stack */
191
192 /* Move to the next entry */
193 NextEntry = NextEntry->Next;
194
195 /* Dereference this thread */
198
199 /* Remove magic value, keep looping if it got changed */
201 NULL,
203}
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
Definition: compobj.c:4795
Definition: ntbasedef.h:628
Referenced by PspInitPhase0().
◆ PspRemoveProcessFromJob()
◆ PspSetPrimaryToken()
| NTSTATUS NTAPI PspSetPrimaryToken | ( | IN PEPROCESS | Process, |
| IN HANDLE TokenHandle | OPTIONAL, | ||
| IN PACCESS_TOKEN Token | OPTIONAL | ||
| ) |
Definition at line 215 of file security.c.
218{
220 BOOLEAN IsChildOrSibling;
226
228
229 /* Reference the token by handle if we don't already have a token object */
231 {
233 TOKEN_ASSIGN_PRIMARY,
234 SeTokenObjectType,
235 PreviousMode,
236 (PVOID*)&NewToken,
237 NULL);
239 }
240
241 /*
242 * Check whether this token is a child or sibling of the current process token.
243 * NOTE: On Windows Vista+ both of these checks (together with extra steps)
244 * are now performed by a new SeIsTokenAssignableToProcess() helper.
245 */
248 {
249 /* Failed, dereference */
252 }
253 if (!IsChildOrSibling)
254 {
257 {
258 /* Failed, dereference */
261 }
262 }
263
264 /* Check if this was an independent token */
265 if (!IsChildOrSibling)
266 {
267 /* Make sure we have the privilege to assign a new one */
269 PreviousMode))
270 {
271 /* Failed, dereference */
274 }
275 }
276
277 /* Assign the token */
280 {
281 /*
282 * We need to completely reverify if the process still has access to
283 * itself under this new token.
284 */
286 &SecurityDescriptor,
287 &SdAllocated);
289 {
290 /* Setup the security context */
294
295 /* Do the access check */
297 &SubjectContext,
298 FALSE,
299 MAXIMUM_ALLOWED,
300 0,
301 NULL,
303 PreviousMode,
304 &Process->GrantedAccess,
305 &AccessStatus);
306
307 /* Dereference the token and let go the SD */
309 SubjectContext.PrimaryToken);
311
312 /* Remove access if it failed */
314
315 /* Setup granted access */
317 PROCESS_VM_READ |
318 PROCESS_VM_WRITE |
320 PROCESS_TERMINATE |
321 PROCESS_CREATE_THREAD |
322 PROCESS_DUP_HANDLE |
323 PROCESS_CREATE_PROCESS |
324 PROCESS_SET_INFORMATION |
325 STANDARD_RIGHTS_ALL |
326 PROCESS_SET_QUOTA);
327 }
328
329 /*
330 * In case LUID device maps are enable, we may not be using
331 * system device map for this process, but a logon LUID based
332 * device map. Because we change primary token, this usage is
333 * no longer valid, so dereference the process device map
334 */
336 }
337
338 /* Dereference the token */
341}
NTSTATUS NTAPI SeIsTokenSibling(_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
Checks if the token is a sibling of the other token of the current process that the calling thread is...
Definition: token.c:1236
NTSTATUS NTAPI SeIsTokenChild(_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
Checks if the token is a child of the other token of the current process that the calling thread is i...
Definition: token.c:1187
NTSTATUS NTAPI PspAssignPrimaryToken(IN PEPROCESS Process, IN HANDLE Token, IN PACCESS_TOKEN AccessToken OPTIONAL)
Definition: security.c:178
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
Referenced by NtSetInformationProcess().
◆ PspSetQuotaLimits()
| NTSTATUS NTAPI PspSetQuotaLimits | ( | _In_ PEPROCESS | Process, |
| _In_ ULONG | Unused, | ||
| _In_ PVOID | QuotaLimits, | ||
| _In_ ULONG | QuotaLimitsLength, | ||
| _In_ KPROCESSOR_MODE | PreviousMode | ||
| ) |
This function adjusts the working set limits of a process and sets up new quota limits when necessary. The function is used when the caller requests to set up new working set sizes.
- Parameters
-
[in] Process The process which quota limits or working set sizes are to be changed. [in] Unused This parameter is unused. [in] QuotaLimits An arbitrary pointer that points to a quota limits structure, needed to determine on setting up new working set sizes. [in] QuotaLimitsLength The length of QuotaLimits buffer, which size is expressed in bytes. [in] PreviousMode The processor level access mode.
- Returns
- Returns STATUS_SUCCESS if the function has completed successfully. STATUS_INVALID_PARAMETER is returned if the caller has given a quota limits structure with invalid data. STATUS_INFO_LENGTH_MISMATCH is returned if the length of QuotaLimits pointed by QuotaLimitsLength is not right. STATUS_PRIVILEGE_NOT_HELD is returned if the calling thread of the process doesn't hold the necessary right privilege to increase quotas. STATUS_NO_MEMORY is returned if a memory pool allocation has failed. A failure NTSTATUS code is returned otherwise.
Definition at line 1045 of file quota.c.
1051{
1052 QUOTA_LIMITS_EX CapturedQuotaLimits;
1053 PEPROCESS_QUOTA_BLOCK QuotaBlock, OldQuotaBlock;
1054 BOOLEAN IncreaseOkay;
1055 KAPC_STATE SavedApcState;
1057
1059
1060 _SEH2_TRY
1061 {
1063
1064 /* Check if we have the basic or extended structure */
1066 {
1067 /* Copy the basic structure, zero init the remaining fields */
1069 CapturedQuotaLimits.WorkingSetLimit = 0;
1070 CapturedQuotaLimits.Reserved2 = 0;
1071 CapturedQuotaLimits.Reserved3 = 0;
1072 CapturedQuotaLimits.Reserved4 = 0;
1074 CapturedQuotaLimits.Flags = 0;
1075 }
1077 {
1078 /* Copy the full structure */
1080
1081 /* Verify that the caller passed valid flags */
1087 {
1090 }
1091
1092 /* Verify that the caller didn't pass reserved values */
1094 (CapturedQuotaLimits.Reserved2 != 0) ||
1095 (CapturedQuotaLimits.Reserved3 != 0) ||
1096 (CapturedQuotaLimits.Reserved4 != 0) ||
1098 {
1100 CapturedQuotaLimits.WorkingSetLimit,
1101 CapturedQuotaLimits.Reserved2,
1102 CapturedQuotaLimits.Reserved3,
1103 CapturedQuotaLimits.Reserved4,
1106 }
1107 }
1108 else
1109 {
1112 }
1113 }
1115 {
1118 }
1119 _SEH2_END;
1120
1121 /* Check the caller changes the working set size limits */
1123 (CapturedQuotaLimits.MaximumWorkingSetSize != 0))
1124 {
1125 /* Check for special case: trimming the WS */
1128 {
1129 /* No increase allowed */
1130 IncreaseOkay = FALSE;
1131 }
1132 else
1133 {
1134 /* Check if the caller has the required privilege */
1136 PreviousMode);
1137 }
1138
1139 /* Attach to the target process and disable APCs */
1141 KeEnterGuardedRegion();
1142
1143 /* Call Mm to adjust the process' working set size */
1145 CapturedQuotaLimits.MaximumWorkingSetSize,
1146 0,
1147 IncreaseOkay);
1148
1149 /* Bring back APCs and detach from the process */
1150 KeLeaveGuardedRegion();
1151 KeUnstackDetachProcess(&SavedApcState);
1152 }
1154 {
1155 /* Check if the caller has the required privilege */
1157 {
1159 }
1160
1161 /* Allocate a new quota block */
1164 TAG_QUOTA_BLOCK);
1166 {
1169 }
1170
1171 /* Initialize the quota block */
1172 QuotaBlock->ReferenceCount = 1;
1173 QuotaBlock->ProcessCount = 1;
1177 QuotaBlock->QuotaEntry[PsNonPagedPool].Limit = PspDefaultQuotaBlock.QuotaEntry[PsNonPagedPool].Limit;
1178 QuotaBlock->QuotaEntry[PsPagedPool].Limit = PspDefaultQuotaBlock.QuotaEntry[PsPagedPool].Limit;
1180
1181 /* Try to exchange the quota block, if that failed, just drop it */
1183 QuotaBlock,
1184 &PspDefaultQuotaBlock);
1186 {
1187 /* Success, insert the new quota block */
1188 PspInsertQuotaBlock(QuotaBlock);
1189 }
1190 else
1191 {
1192 /* Failed, free the quota block and ignore it */
1194 }
1195
1197 }
1198 else
1199 {
1201 }
1202
1204}
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define QUOTA_LIMITS_HARDWS_MIN_DISABLE
#define QUOTA_LIMITS_HARDWS_MAX_DISABLE
#define QUOTA_LIMITS_HARDWS_MAX_ENABLE
#define QUOTA_LIMITS_HARDWS_MIN_ENABLE
NTSTATUS NTAPI MmAdjustWorkingSetSize(IN SIZE_T WorkingSetMinimumInBytes, IN SIZE_T WorkingSetMaximumInBytes, IN ULONG SystemCache, IN BOOLEAN IncreaseOkay)
Definition: mmsup.c:44
VOID NTAPI PspInsertQuotaBlock(_In_ PEPROCESS_QUOTA_BLOCK QuotaBlock)
Inserts the new quota block into the quota list.
Definition: quota.c:518
Definition: pstypes.h:1045
EPROCESS_QUOTA_ENTRY QuotaEntry[PsQuotaTypes]
Definition: pstypes.h:1046
Definition: pstypes.h:67
Definition: lsa.idl:286
Referenced by NtSetInformationProcess().
◆ PspShutdownProcessManager()
Definition at line 135 of file kill.c.
136{
138
139 /* Loop every process */
142 {
143 /* Make sure this isn't the idle or initial process */
145 {
146 /* Kill it */
148 }
149
150 /* Get the next process */
152 }
153}
NTSTATUS NTAPI PspTerminateProcess(IN PEPROCESS Process, IN NTSTATUS ExitStatus)
Definition: kill.c:79
PEPROCESS NTAPI PsGetNextProcess(IN PEPROCESS OldProcess OPTIONAL)
Definition: process.c:128
◆ PspSystemThreadStartup()
| VOID NTAPI PspSystemThreadStartup | ( | PKSTART_ROUTINE | StartRoutine, |
| PVOID | StartContext | ||
| ) |
◆ PspTerminateThreadByPointer()
| NTSTATUS NTAPI PspTerminateThreadByPointer | ( | IN PETHREAD | Thread, |
| IN NTSTATUS | ExitStatus, | ||
| IN BOOLEAN | bSelf | ||
| ) |
Definition at line 988 of file kill.c.
991{
992 PKAPC Apc;
995 PAGED_CODE();
998
999 /* Check if this is a Critical Thread, and Bugcheck */
1001 {
1002 /* Break to debugger */
1004 Thread,
1005 Thread->ThreadsProcess->ImageFileName);
1006 }
1007
1008 /* Check if we are already inside the thread */
1010 {
1011 /* This should only happen at passive */
1013
1014 /* Mark it as terminated */
1016
1017 /* Directly terminate the thread */
1019 }
1020
1021 /* This shouldn't be a system thread */
1023
1024 /* Allocate the APC */
1027
1028 /* Set the Terminated Flag */
1030
1031 /* Set it, and check if it was already set while we were running */
1033 CT_TERMINATED_BIT))
1034 {
1035 /* Initialize a Kernel Mode APC to Kill the Thread */
1036 KeInitializeApc(Apc,
1038 OriginalApcEnvironment,
1039 PsExitSpecialApc,
1040 PspExitApcRundown,
1041 PspExitNormalApc,
1042 KernelMode,
1044
1045 /* Insert it into the APC Queue */
1047 {
1048 /* The APC was already in the queue, fail */
1050 }
1051 else
1052 {
1053 /* Forcefully resume the thread and return */
1056 }
1057 }
1058
1059 /* We failed, free the APC */
1061
1062 /* Return Status */
1064}
BOOLEAN NTAPI KeInsertQueueApc(IN PKAPC Apc, IN PVOID SystemArgument1, IN PVOID SystemArgument2, IN KPRIORITY PriorityBoost)
Definition: apc.c:735
VOID NTAPI KeInitializeApc(IN PKAPC Apc, IN PKTHREAD Thread, IN KAPC_ENVIRONMENT TargetEnvironment, IN PKKERNEL_ROUTINE KernelRoutine, IN PKRUNDOWN_ROUTINE RundownRoutine OPTIONAL, IN PKNORMAL_ROUTINE NormalRoutine, IN KPROCESSOR_MODE Mode, IN PVOID Context)
Definition: apc.c:651
VOID NTAPI PspExitNormalApc(IN PVOID NormalContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2)
Definition: kill.c:947
VOID NTAPI PsExitSpecialApc(IN PKAPC Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine, IN OUT PVOID *NormalContext, IN OUT PVOID *SystemArgument1, IN OUT PVOID *SystemArgument2)
Definition: kill.c:922
Referenced by NtTerminateProcess(), NtTerminateThread(), PspSystemThreadStartup(), PspTerminateProcess(), PspUserThreadStartup(), and PsTerminateSystemThread().
◆ PsReferenceEffectiveToken()
| PACCESS_TOKEN NTAPI PsReferenceEffectiveToken | ( | IN PETHREAD | Thread, |
| OUT IN PTOKEN_TYPE | TokenType, | ||
| OUT PBOOLEAN | EffectiveOnly, | ||
| OUT PSECURITY_IMPERSONATION_LEVEL | ImpersonationLevel | ||
| ) |
Definition at line 780 of file security.c.
784{
787
788 PAGED_CODE();
789
792
793 /* Check if we don't have impersonation info */
796 {
797 /* Lock the Process */
799
800 /* Make sure impersonation is still active */
802 {
803 /* Get the token */
806
807 /* Return data to caller */
811
812 /* Unlock the Process */
815 }
816
817 /* Unlock the Process */
819 }
820
821 /* Fast Reference the Token */
823
824 /* Check if we got the Token or if we got locked */
826 {
827 /* Lock the Process */
829
830 /* Do a Locked Fast Reference */
832
833 /* Unlock the Process */
835 }
836
837 /* Return the token */
840 // NOTE: ImpersonationLevel is left untouched on purpose!
842}
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:403
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:404
PVOID FASTCALL ObFastReferenceObject(IN PEX_FAST_REF FastRef)
Definition: obref.c:132
PVOID FASTCALL ObFastReferenceObjectLocked(IN PEX_FAST_REF FastRef)
Definition: obref.c:119
FORCEINLINE VOID PspUnlockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:122
FORCEINLINE VOID PspLockProcessSecurityShared(IN PEPROCESS Process)
Definition: ps_x.h:111
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: pstypes.h:1072
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156
Referenced by SeCreateClientSecurity().
◆ PsReferenceProcessFilePointer()
| NTSTATUS NTAPI PsReferenceProcessFilePointer | ( | IN PEPROCESS | Process, |
| OUT PFILE_OBJECT * | FileObject | ||
| ) |
Definition at line 24 of file query.c.
26{
27 PSECTION Section;
28 PAGED_CODE();
29
30 /* Lock the process */
32 {
34 }
35
36 /* Get the section */
37 Section = Process->SectionObject;
38 if (Section)
39 {
40 /* Get the file object and reference it */
43 }
44
45 /* Release the protection */
47
48 /* Return status */
50}
PFILE_OBJECT NTAPI MmGetFileObjectForSection(IN PVOID Section)
Definition: section.c:1737
Referenced by SeLocateProcessImageName().
◆ PsResumeThread()
Definition at line 32 of file state.c.
34{
35 ULONG OldCount;
36 PAGED_CODE();
37
38 /* Resume the thread */
40
41 /* Return the count if asked */
42 if (PreviousCount) *PreviousCount = OldCount;
44}
Referenced by DbgkpPostFakeThreadMessages(), DbgkpWakeTarget(), and NtResumeThread().
◆ PsReturnProcessPageFileQuota()
Returns the page file quota that the process was taking up. The function is used exclusively by the kernel.
- Parameters
-
[in] Process The process which pagefile quota is to be returned. [in] Amount The amount of quotas to return from a process.
- Returns
- Returns STATUS_SUCCESS.
Definition at line 993 of file quota.c.
996{
997 /* Don't do anything for the system process */
999
1002}
◆ PsReturnSharedPoolQuota()
| VOID NTAPI PsReturnSharedPoolQuota | ( | _In_ PEPROCESS_QUOTA_BLOCK | QuotaBlock, |
| _In_ SIZE_T | AmountToReturnPaged, | ||
| _In_ SIZE_T | AmountToReturnNonPaged | ||
| ) |
Returns the shared (paged and non paged) pool quotas. The function is used exclusively by the Object Manager to manage quota returns handling of objects.
- Parameters
-
[in] QuotaBlock The quota block which quotas are to be returned. [in] AmountToReturnPaged The amount of paged quotas quotas to be returned. [in] AmountToReturnNonPaged The amount of non paged quotas to be returned.
- Returns
- Nothing.
Definition at line 621 of file quota.c.
625{
626 /* Sanity check */
627 ASSERT(QuotaBlock);
628
629 /* Return the pool quotas if there're any */
630 if (AmountToReturnPaged != 0)
631 {
633 }
634
635 if (AmountToReturnNonPaged != 0)
636 {
638 }
639
640 DPRINT("PsReturnSharedPoolQuota(): Amount returned back (paged %lu -- non paged %lu)\n", AmountToReturnPaged, AmountToReturnNonPaged);
641
642 /* Dereference the quota block */
644}
VOID NTAPI PspDereferenceQuotaBlock(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock)
De-references a quota block when quotas have been returned back because of an object de-allocation or...
Definition: quota.c:553
Referenced by ObpDeallocateObject().
◆ PsSuspendThread()
Definition at line 48 of file state.c.
51{
53 ULONG OldCount = 0;
54 PAGED_CODE();
55
56 /* Assume success */
58
59 /* Check if we're suspending ourselves */
61 {
62 /* Guard with SEH because KeSuspendThread can raise an exception */
63 _SEH2_TRY
64 {
65 /* Do the suspend */
67 }
69 {
70 /* Get the exception code */
72 }
73 _SEH2_END;
74 }
75 else
76 {
77 /* Acquire rundown protection */
79 {
80 /* Make sure the thread isn't terminating */
82 {
83 /* Fail */
85 }
86 else
87 {
88 /* Guard with SEH because KeSuspendThread can raise an exception */
89 _SEH2_TRY
90 {
91 /* Do the suspend */
93 }
95 {
96 /* Get the exception code */
98 }
99 _SEH2_END;
100
101 /* Check if it was terminated during the suspend */
103 {
104 /* Wake it back up and fail */
107 OldCount = 0;
108 }
109 }
110
111 /* Release rundown protection */
113 }
114 else
115 {
116 /* Thread is terminating */
118 }
119 }
120
121 /* Write back the previous count */
122 if (PreviousCount) *PreviousCount = OldCount;
124}
Referenced by DbgkpPostFakeThreadMessages(), NtSuspendThread(), and PsSuspendProcess().
◆ PsTerminateProcess()
Definition at line 126 of file kill.c.
Referenced by DbgkpCloseObject(), and ExpDebuggerWorker().
Variable Documentation
◆ _PsProcessType
| POBJECT_TYPE _PsProcessType |
◆ _PsThreadType
|
extern |
◆ PsActiveProcessHead
|
extern |
Definition at line 22 of file process.c.
Referenced by KdbpCmdProc(), PsGetNextProcess(), PspCreateProcess(), and PspInitPhase0().
◆ PsDefaultSystemLocaleId
|
extern |
Definition at line 20 of file locale.c.
Referenced by CmGetSystemControlValues(), MiSessionCreateInternal(), NtQueryDefaultLocale(), and NtSetDefaultLocale().
◆ PsDefaultThreadLocaleId
|
extern |
Definition at line 24 of file locale.c.
Referenced by _IRQL_requires_max_(), CmGetSystemControlValues(), MmCreateTeb(), and MmGetSessionLocaleId().
◆ PsIdleProcess
|
extern |
Definition at line 51 of file psmgr.c.
Referenced by MmInitSystem(), PopGracefulShutdown(), PspInitPhase0(), PspShutdownProcessManager(), and QSI_DEF().
◆ PsImageNotifyEnabled
|
extern |
Definition at line 18 of file psnotify.c.
Referenced by DbgkCreateThread(), MmLoadSystemImage(), and PsSetLoadImageNotifyRoutine().
◆ PsJobType
|
extern |
Definition at line 20 of file job.c.
Referenced by PspInitPhase0(), and TestObjectTypes().
◆ PsLoadedModuleList
|
extern |
Definition at line 21 of file sysldr.c.
Referenced by IopInitializeBuiltinDriver(), KdbpSymFindModule(), KdbSymInit(), KdInitSystem(), KiInitModuleList(), KiPcToFileHeader(), MiBuildImportsForBootDrivers(), MiFindInitializationCode(), MiInitializeLoadedModuleList(), MiLookupDataTableEntry(), MiProcessLoaderEntry(), MiResolveImageReferences(), MiSnapThunk(), MmGetSystemRoutineAddress(), MmInitSystem(), MmLoadSystemImage(), and QSI_DEF().
◆ PsLoadedModuleResource
|
extern |
Definition at line 24 of file sysldr.c.
Referenced by MiFindInitializationCode(), MiInitializeLoadedModuleList(), MiLoadUserSymbols(), MiProcessLoaderEntry(), MmGetSystemRoutineAddress(), MmInitSystem(), and QSI_DEF().
◆ PsLoadedModuleSpinLock
|
extern |
Definition at line 23 of file sysldr.c.
Referenced by KdbpSymFindModule(), KdbSymInit(), MiInitializeLoadedModuleList(), MiProcessLoaderEntry(), and RtlPcToFileHeader().
◆ PsNtDllPathName
|
extern |
Definition at line 45 of file psmgr.c.
Referenced by DbgkCreateThread(), and PsLocateSystemDll().
◆ PsNtosImageBase
|
extern |
Definition at line 25 of file sysldr.c.
Referenced by KdInitSystem(), MiInitializeLoadedModuleList(), and PspLookupKernelUserEntryPoints().
◆ PspActiveProcessMutex
|
extern |
Definition at line 23 of file process.c.
Referenced by PsGetNextProcess(), PspCreateProcess(), PspDeleteProcess(), and PspInitPhase0().
◆ PspBootAccessToken
|
extern |
Definition at line 17 of file security.c.
Referenced by PspInitializeProcessSecurity(), and PspInitPhase0().
◆ PspCidTable
|
extern |
Definition at line 48 of file psmgr.c.
Referenced by PsLookupProcessByProcessId(), PsLookupProcessThreadByCid(), PsLookupThreadByThreadId(), PspCreateProcess(), PspCreateThread(), PspDeleteProcess(), PspDeleteThread(), and PspInitPhase0().
◆ PspDefaultQuotaBlock
|
extern |
Definition at line 16 of file quota.c.
Referenced by NtQueryInformationProcess(), PsInitializeQuotaSystem(), PspChargeProcessQuotaSpecifiedPool(), PspDereferenceQuotaBlock(), PspInheritQuota(), PspReturnProcessQuotaSpecifiedPool(), and PspSetQuotaLimits().
◆ PspJobMapping
|
extern |
Definition at line 41 of file job.c.
Referenced by PspInitPhase0().
◆ PspJobSchedulingClasses
|
extern |
Definition at line 27 of file job.c.
Referenced by PsChangeQuantumTable(), and PspComputeQuantumAndPriority().
◆ PspLegoNotifyRoutine
|
extern |
Definition at line 24 of file psnotify.c.
Referenced by PspRunLegoRoutine(), and PsSetLegoNotifyRoutine().
◆ PspLoadImageNotifyRoutine
|
extern |
Definition at line 23 of file psnotify.c.
Referenced by PspInitPhase0(), PspRunLoadImageNotifyRoutines(), PsRemoveLoadImageNotifyRoutine(), and PsSetLoadImageNotifyRoutine().
◆ PspProcessNotifyRoutine
|
extern |
Definition at line 22 of file psnotify.c.
Referenced by PspInitPhase0(), PspRunCreateProcessNotifyRoutines(), and PsSetCreateProcessNotifyRoutine().
◆ PspProcessNotifyRoutineCount
| ULONG PspProcessNotifyRoutineCount |
Definition at line 469 of file ps.h.
Referenced by PspRunCreateProcessNotifyRoutines().
◆ PspReaperListHead
|
extern |
◆ PspReaperWorkItem
|
extern |
Definition at line 20 of file kill.c.
Referenced by KeTerminateThread(), and PspInitPhase0().
◆ PspReaping
|
extern |
◆ PsPrioritySeparation
|
extern |
Definition at line 28 of file process.c.
Referenced by KiDeferredReadyThread(), PsChangeQuantumTable(), and PspComputeQuantumAndPriority().
◆ PspSystemDllBase
|
extern |
Definition at line 41 of file psmgr.c.
Referenced by DbgkCreateThread(), PsLocateSystemDll(), PspLookupSystemDllEntryPoint(), and PspUserThreadStartup().
◆ PspSystemDllEntryPoint
|
extern |
Definition at line 43 of file psmgr.c.
Referenced by PspInitializeSystemDll(), and PspUserThreadStartup().
◆ PspThreadNotifyRoutine
|
extern |
Definition at line 21 of file psnotify.c.
Referenced by PspInitPhase0(), PspRunCreateThreadNotifyRoutines(), PsRemoveCreateThreadNotifyRoutine(), and PsSetCreateThreadNotifyRoutine().
◆ PspThreadNotifyRoutineCount
|
extern |
Definition at line 19 of file psnotify.c.
Referenced by PspRunCreateThreadNotifyRoutines(), PsRemoveCreateThreadNotifyRoutine(), and PsSetCreateThreadNotifyRoutine().
◆ PspTraceLevel
◆ PspUseJobSchedulingClasses
|
extern |
Definition at line 25 of file job.c.
Referenced by PsChangeQuantumTable(), and PspComputeQuantumAndPriority().
◆ PspW32ProcessCallout
|
extern |
Definition at line 18 of file win32.c.
Referenced by PsConvertToGuiThread(), PsEstablishWin32Callouts(), and PspExitThread().
◆ PspW32ThreadCallout
|
extern |
Definition at line 19 of file win32.c.
Referenced by PsConvertToGuiThread(), PsEstablishWin32Callouts(), and PspExitThread().
◆ PsRawPrioritySeparation
|
extern |
Definition at line 27 of file process.c.
Referenced by PspInitPhase0().
◆ ShortPsLockDelay
|
extern |
