#include "ps_x.h"

Include dependency graph for ps.h:

Classes
struct	_GET_SET_CTX_CONTEXT

Macros
#define	_PS_DEBUG_ 0x00

#define	PS_THREAD_DEBUG 0x01

#define	PS_PROCESS_DEBUG 0x02

#define	PS_SECURITY_DEBUG 0x04

#define	PS_JOB_DEBUG 0x08

#define	PS_NOTIFICATIONS_DEBUG 0x10

#define	PS_WIN32K_DEBUG 0x20

#define	PS_STATE_DEBUG 0x40

#define	PS_QUOTA_DEBUG 0x80

#define	PS_KILL_DEBUG 0x100

#define	PS_REF_DEBUG 0x200

#define	PSTRACE(x, fmt, ...) DPRINT(fmt, ##__VA_ARGS__)

#define	PSREFTRACE(x)

#define	PSP_MAX_CREATE_THREAD_NOTIFY 8

#define	PSP_MAX_LOAD_IMAGE_NOTIFY 8

#define	PSP_MAX_CREATE_PROCESS_NOTIFY 8

#define	PSP_JOB_SCHEDULING_CLASSES 10

#define	PSP_NON_PAGED_POOL_QUOTA_THRESHOLD 0x10000

#define	PSP_PAGED_POOL_QUOTA_THRESHOLD 0x80000

Typedefs
typedef struct _GET_SET_CTX_CONTEXT	GET_SET_CTX_CONTEXT

typedef struct _GET_SET_CTX_CONTEXT *	PGET_SET_CTX_CONTEXT

Functions
VOID NTAPI	PspShutdownProcessManager (VOID)

BOOLEAN NTAPI	PsInitSystem (IN PLOADER_PARAMETER_BLOCK LoaderBlock)

PETHREAD NTAPI	PsGetNextProcessThread (IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)

PEPROCESS NTAPI	PsGetNextProcess (IN PEPROCESS OldProcess OPTIONAL)

NTSTATUS NTAPI	PspMapSystemDll (IN PEPROCESS Process, OUT PVOID *DllBase, IN BOOLEAN UseLargePages)

NTSTATUS NTAPI	PsLocateSystemDll (VOID)

VOID NTAPI	PsChangeQuantumTable (IN BOOLEAN Immediate, IN ULONG PrioritySeparation)

NTSTATUS NTAPI	PsReferenceProcessFilePointer (IN PEPROCESS Process, OUT PFILE_OBJECT *FileObject)

NTSTATUS NTAPI	PspCreateProcess (OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ParentProcess OPTIONAL, IN ULONG Flags, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, IN BOOLEAN InJob)

PACCESS_TOKEN NTAPI	PsReferenceEffectiveToken (IN PETHREAD Thread, OUT IN PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)

NTSTATUS NTAPI	PsOpenTokenOfProcess (IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)

NTSTATUS NTAPI	PspSetPrimaryToken (IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)

NTSTATUS NTAPI	PspInitializeProcessSecurity (IN PEPROCESS Process, IN PEPROCESS Parent OPTIONAL)

VOID NTAPI	PspDeleteProcessSecurity (IN PEPROCESS Process)

VOID NTAPI	PspDeleteThreadSecurity (IN PETHREAD Thread)

VOID NTAPI	PsExitSpecialApc (PKAPC Apc, PKNORMAL_ROUTINE NormalRoutine, PVOID NormalContext, PVOID SystemArgument1, PVOID SystemArgument2)

VOID NTAPI	PspReapRoutine (IN PVOID Context)

VOID NTAPI	PspExitThread (IN NTSTATUS ExitStatus)

NTSTATUS NTAPI	PspTerminateThreadByPointer (IN PETHREAD Thread, IN NTSTATUS ExitStatus, IN BOOLEAN bSelf)

VOID NTAPI	PspExitProcess (IN BOOLEAN LastThread, IN PEPROCESS Process)

NTSTATUS NTAPI	PsTerminateProcess (IN PEPROCESS Process, IN NTSTATUS ExitStatus)

VOID NTAPI	PspDeleteProcess (IN PVOID ObjectBody)

VOID NTAPI	PspDeleteThread (IN PVOID ObjectBody)

VOID NTAPI	PspSystemThreadStartup (PKSTART_ROUTINE StartRoutine, PVOID StartContext)

VOID NTAPI	PsIdleThreadMain (IN PVOID Context)

VOID NTAPI	PspInheritQuota (_In_ PEPROCESS Process, _In_ PEPROCESS ParentProcess)

VOID NTAPI	PspDereferenceQuotaBlock (_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock)
	De-references a quota block when quotas have been returned back because of an object de-allocation or when a process gets destroyed. If the last instance that held up the block gets de-referenced the function will perform a cleanup against that block and it'll free the quota block from memory.

NTSTATUS NTAPI	PsReturnProcessPageFileQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
	Returns the page file quota that the process was taking up. The function is used exclusively by the kernel.

NTSTATUS NTAPI	PsChargeProcessPageFileQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
	Charges the process page file quota. The function is used internally by the kernel.

VOID NTAPI	PsReturnSharedPoolQuota (_In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ SIZE_T AmountToReturnPaged, _In_ SIZE_T AmountToReturnNonPaged)
	Returns the shared (paged and non paged) pool quotas. The function is used exclusively by the Object Manager to manage quota returns handling of objects.

PEPROCESS_QUOTA_BLOCK NTAPI	PsChargeSharedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T AmountToChargePaged, _In_ SIZE_T AmountToChargeNonPaged)
	Charges the shared (paged and non paged) pool quotas. The function is used exclusively by the Object Manager to manage quota charges handling of objects.

NTSTATUS NTAPI	PspSetQuotaLimits (_In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode)
	This function adjusts the working set limits of a process and sets up new quota limits when necessary. The function is used when the caller requests to set up new working set sizes.

VOID NTAPI	PspExitProcessFromJob (IN PEJOB Job, IN PEPROCESS Process)

VOID NTAPI	PspRemoveProcessFromJob (IN PEPROCESS Process, IN PEJOB Job)

VOID NTAPI	PspInitializeJobStructures (VOID)

VOID NTAPI	PspDeleteJob (IN PVOID ObjectBody)

NTSTATUS NTAPI	PsResumeThread (IN PETHREAD Thread, OUT PULONG PreviousCount OPTIONAL)

NTSTATUS NTAPI	PsSuspendThread (IN PETHREAD Thread, OUT PULONG PreviousCount OPTIONAL)

VOID NTAPI	PspGetOrSetContextKernelRoutine (IN PKAPC Apc, IN OUT PKNORMAL_ROUTINE NormalRoutine, IN OUT PVOID NormalContext, IN OUT PVOID SystemArgument1, IN OUT PVOID SystemArgument2)

BOOLEAN NTAPI	PspIsProcessExiting (IN PEPROCESS Process)

NTSTATUS NTAPI	ApphelpCacheInitialize (VOID)

VOID NTAPI	ApphelpCacheShutdown (VOID)

Variables
ULONG	PspTraceLevel

LCID	PsDefaultThreadLocaleId

LCID	PsDefaultSystemLocaleId

LIST_ENTRY	PspReaperListHead

WORK_QUEUE_ITEM	PspReaperWorkItem

BOOLEAN	PspReaping

PEPROCESS	PsIdleProcess

LIST_ENTRY	PsActiveProcessHead

KGUARDED_MUTEX	PspActiveProcessMutex

LARGE_INTEGER	ShortPsLockDelay

EPROCESS_QUOTA_BLOCK	PspDefaultQuotaBlock

PHANDLE_TABLE	PspCidTable

EX_CALLBACK	PspThreadNotifyRoutine [PSP_MAX_CREATE_THREAD_NOTIFY]

EX_CALLBACK	PspProcessNotifyRoutine [PSP_MAX_CREATE_PROCESS_NOTIFY]

EX_CALLBACK	PspLoadImageNotifyRoutine [PSP_MAX_LOAD_IMAGE_NOTIFY]

PLEGO_NOTIFY_ROUTINE	PspLegoNotifyRoutine

ULONG	PspThreadNotifyRoutineCount

ULONG	PspProcessNotifyRoutineCount

BOOLEAN	PsImageNotifyEnabled

PKWIN32_PROCESS_CALLOUT	PspW32ProcessCallout

PKWIN32_THREAD_CALLOUT	PspW32ThreadCallout

PVOID	PspSystemDllEntryPoint

PVOID	PspSystemDllBase

BOOLEAN	PspUseJobSchedulingClasses

CHAR	PspJobSchedulingClasses [PSP_JOB_SCHEDULING_CLASSES]

ULONG	PsRawPrioritySeparation

ULONG	PsPrioritySeparation

POBJECT_TYPE	_PsThreadType

POBJECT_TYPE	_PsProcessType

PTOKEN	PspBootAccessToken

GENERIC_MAPPING	PspJobMapping

POBJECT_TYPE	PsJobType

UNICODE_STRING	PsNtDllPathName

LIST_ENTRY	PsLoadedModuleList

KSPIN_LOCK	PsLoadedModuleSpinLock

ERESOURCE	PsLoadedModuleResource

ULONG_PTR	PsNtosImageBase

Macro Definition Documentation

◆ _PS_DEBUG_

#define _PS_DEBUG_ 0x00

Definition at line 12 of file ps.h.

◆ PS_JOB_DEBUG

#define PS_JOB_DEBUG 0x08

Definition at line 20 of file ps.h.

◆ PS_KILL_DEBUG

#define PS_KILL_DEBUG 0x100

Definition at line 25 of file ps.h.

◆ PS_NOTIFICATIONS_DEBUG

#define PS_NOTIFICATIONS_DEBUG 0x10

Definition at line 21 of file ps.h.

◆ PS_PROCESS_DEBUG

#define PS_PROCESS_DEBUG 0x02

Definition at line 18 of file ps.h.

◆ PS_QUOTA_DEBUG

#define PS_QUOTA_DEBUG 0x80

Definition at line 24 of file ps.h.

◆ PS_REF_DEBUG

#define PS_REF_DEBUG 0x200

Definition at line 26 of file ps.h.

◆ PS_SECURITY_DEBUG

#define PS_SECURITY_DEBUG 0x04

Definition at line 19 of file ps.h.

◆ PS_STATE_DEBUG

#define PS_STATE_DEBUG 0x40

Definition at line 23 of file ps.h.

◆ PS_THREAD_DEBUG

#define PS_THREAD_DEBUG 0x01

Definition at line 17 of file ps.h.

◆ PS_WIN32K_DEBUG

#define PS_WIN32K_DEBUG 0x20

Definition at line 22 of file ps.h.

◆ PSP_JOB_SCHEDULING_CLASSES

#define PSP_JOB_SCHEDULING_CLASSES 10

Definition at line 71 of file ps.h.

◆ PSP_MAX_CREATE_PROCESS_NOTIFY

#define PSP_MAX_CREATE_PROCESS_NOTIFY 8

Definition at line 66 of file ps.h.

◆ PSP_MAX_CREATE_THREAD_NOTIFY

#define PSP_MAX_CREATE_THREAD_NOTIFY 8

Definition at line 64 of file ps.h.

◆ PSP_MAX_LOAD_IMAGE_NOTIFY

#define PSP_MAX_LOAD_IMAGE_NOTIFY 8

Definition at line 65 of file ps.h.

◆ PSP_NON_PAGED_POOL_QUOTA_THRESHOLD

#define PSP_NON_PAGED_POOL_QUOTA_THRESHOLD 0x10000

Definition at line 76 of file ps.h.

◆ PSP_PAGED_POOL_QUOTA_THRESHOLD

#define PSP_PAGED_POOL_QUOTA_THRESHOLD 0x80000

Definition at line 77 of file ps.h.

◆ PSREFTRACE

#define PSREFTRACE ( x )

Definition at line 58 of file ps.h.

◆ PSTRACE

#define PSTRACE	(	x,
		fmt,
		...
	)	DPRINT(fmt, ##__VA_ARGS__)

Definition at line 57 of file ps.h.

Typedef Documentation

◆ GET_SET_CTX_CONTEXT

typedef struct _GET_SET_CTX_CONTEXT GET_SET_CTX_CONTEXT

◆ PGET_SET_CTX_CONTEXT

typedef struct _GET_SET_CTX_CONTEXT * PGET_SET_CTX_CONTEXT

Function Documentation

◆ ApphelpCacheInitialize()

NTSTATUS NTAPI ApphelpCacheInitialize ( VOID )

Definition at line 439 of file apphelp.c.

{
    DPRINT("SHIMS: ApphelpCacheInitialize\n");
    /* If we are booting in safemode we do not want to use the apphelp cache */
    if (InitSafeBootMode)
    {
        DPRINT1("SHIMS: Safe mode detected, disabling cache.\n");
        ApphelpCacheEnabled = FALSE;
    }
    else
    {
        ExInitializeResourceLite(&ApphelpCacheLock);
        RtlInitializeGenericTableAvl(&ApphelpShimCache,
                                     ApphelpShimCacheCompareRoutine,
                                     ApphelpShimCacheAllocateRoutine,
                                     ApphelpShimCacheFreeRoutine,
                                     NULL);
        InitializeListHead(&ApphelpShimCacheAge);
        ApphelpCacheEnabled = ApphelpCacheRead();
    }
    DPRINT("SHIMS: ApphelpCacheInitialize: %d\n", ApphelpCacheEnabled);
    return STATUS_SUCCESS;
}

Referenced by IoInitSystem().

◆ ApphelpCacheShutdown()

VOID NTAPI ApphelpCacheShutdown ( VOID )

Definition at line 465 of file apphelp.c.

{
    if (ApphelpCacheEnabled)
    {
        ApphelpCacheWrite();
    }
}

Referenced by PopGracefulShutdown().

◆ PsChangeQuantumTable()

VOID NTAPI PsChangeQuantumTable	(	IN BOOLEAN	Immediate,
		IN ULONG	PrioritySeparation
	)

Definition at line 235 of file process.c.

{
    PEPROCESS Process = NULL;
    ULONG i;
    UCHAR Quantum;
    PCHAR QuantumTable;
    PAGED_CODE();
    PSTRACE(PS_PROCESS_DEBUG,
            "%lx PrioritySeparation: %lx\n", Immediate, PrioritySeparation);
 
    /* Write the current priority separation */
    PsPrioritySeparation = PspPrioritySeparationFromMask(PrioritySeparation);
 
    /* Normalize it if it was too high */
    if (PsPrioritySeparation == 3) PsPrioritySeparation = 2;
 
    /* Get the quantum table to use */
    if (PspQuantumTypeFromMask(PrioritySeparation) == PSP_VARIABLE_QUANTUMS)
    {
        /* Use a variable table */
        QuantumTable = PspVariableQuantums;
    }
    else if (PspQuantumTypeFromMask(PrioritySeparation) == PSP_FIXED_QUANTUMS)
    {
        /* Use fixed table */
        QuantumTable = PspFixedQuantums;
    }
    else
    {
        /* Use default for the type of system we're on */
        QuantumTable = MmIsThisAnNtAsSystem() ? PspFixedQuantums : PspVariableQuantums;
    }
 
    /* Now check if we should use long or short */
    if (PspQuantumLengthFromMask(PrioritySeparation) == PSP_LONG_QUANTUMS)
    {
        /* Use long quantums */
        QuantumTable += 3;
    }
    else if (PspQuantumLengthFromMask(PrioritySeparation) == PSP_SHORT_QUANTUMS)
    {
        /* Keep existing table */
        NOTHING;
    }
    else
    {
        /* Use default for the type of system we're on */
        QuantumTable += MmIsThisAnNtAsSystem() ? 3 : 0;
    }
 
    /* Check if we're using long fixed quantums */
    if (QuantumTable == &PspFixedQuantums[3])
    {
        /* Use Job scheduling classes */
         PspUseJobSchedulingClasses = TRUE;
    }
    else
    {
        /* Otherwise, we don't */
        PspUseJobSchedulingClasses = FALSE;
    }
 
    /* Copy the selected table into the Foreground Quantum table */
    RtlCopyMemory(PspForegroundQuantum,
                  QuantumTable,
                  sizeof(PspForegroundQuantum));
 
    /* Check if we should apply these changes real-time */
    if (Immediate)
    {
        /* We are...loop every process */
        Process = PsGetNextProcess(Process);
        while (Process)
        {
            /* Use the priority separation if this is a foreground process */
            i = (Process->Vm.Flags.MemoryPriority ==
                 MEMORY_PRIORITY_BACKGROUND) ?
                 0: PsPrioritySeparation;
 
            /* Make sure that the process isn't idle */
            if (Process->PriorityClass != PROCESS_PRIORITY_CLASS_IDLE)
            {
                /* Does the process have a job? */
                if ((Process->Job) && (PspUseJobSchedulingClasses))
                {
                    /* Use job quantum */
                    Quantum = PspJobSchedulingClasses[Process->Job->SchedulingClass];
                }
                else
                {
                    /* Use calculated quantum */
                    Quantum = PspForegroundQuantum[i];
                }
            }
            else
            {
                /* Process is idle, use default quantum */
                Quantum = 6;
            }
 
            /* Now set the quantum */
            KeSetQuantumProcess(&Process->Pcb, Quantum);
 
            /* Get the next process */
            Process = PsGetNextProcess(Process);
        }
    }
}

Referenced by PspInitPhase0(), and SSI_DEF().

◆ PsChargeProcessPageFileQuota()

NTSTATUS NTAPI PsChargeProcessPageFileQuota	(	_In_ PEPROCESS	Process,
		_In_ SIZE_T	Amount
	)

Charges the process page file quota. The function is used internally by the kernel.

Parameters

[in]	Process	The process which page file quota is to be charged.
[in]	Amount	The amount of page file quota to charge.

Returns: Returns STATUS_SUCCESS if quota charging has been done with success, otherwise a NTSTATUS code of STATUS_PAGEFILE_QUOTA_EXCEEDED is returned.

Definition at line 738 of file quota.c.

{
    /* Don't do anything for the system process */
    if (Process == PsInitialSystemProcess) return STATUS_SUCCESS;
 
    return PspChargeProcessQuotaSpecifiedPool(Process, Process->QuotaBlock, PsPageFile, Amount);
}

◆ PsChargeSharedPoolQuota()

PEPROCESS_QUOTA_BLOCK NTAPI PsChargeSharedPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ SIZE_T	AmountToChargePaged,
		_In_ SIZE_T	AmountToChargeNonPaged
	)

Charges the shared (paged and non paged) pool quotas. The function is used exclusively by the Object Manager to manage quota charges handling of objects.

Parameters

[in]	Process	The process which quotas are to be charged within its quota block.
[in]	AmountToChargePaged	The amount of paged quotas quotas to be charged.
[in]	AmountToChargeNonPaged	The amount of non paged quotas to be charged.

Returns: Returns the charged quota block, which it'll be used by the Object Manager to attach the charged quotas information to the object. If the function fails to charge quotas, NULL is returned to the caller.

Definition at line 674 of file quota.c.

{
    NTSTATUS Status;
 
    /* Sanity checks */
    ASSERT(Process);
    ASSERT(Process->QuotaBlock);
 
    /* Do we have some paged pool quota to charge? */
    if (AmountToChargePaged != 0)
    {
        /* We do, charge! */
        Status = PspChargeProcessQuotaSpecifiedPool(NULL, Process->QuotaBlock, PsPagedPool, AmountToChargePaged);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("PsChargeSharedPoolQuota(): Failed to charge the shared pool quota (Status 0x%lx)\n", Status);
            return NULL;
        }
    }
 
    /* Do we have some non paged pool quota to charge? */
    if (AmountToChargeNonPaged != 0)
    {
        /* We do, charge! */
        Status = PspChargeProcessQuotaSpecifiedPool(NULL, Process->QuotaBlock, PsNonPagedPool, AmountToChargeNonPaged);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("PsChargeSharedPoolQuota(): Failed to charge the shared pool quota (Status 0x%lx). Attempting to return some paged pool back...\n", Status);
            PspReturnProcessQuotaSpecifiedPool(NULL, Process->QuotaBlock, PsPagedPool, AmountToChargePaged);
            return NULL;
        }
    }
 
    /* We have charged the quotas of an object, increment the reference */
    InterlockedIncrementSizeT(&Process->QuotaBlock->ReferenceCount);
 
    DPRINT("PsChargeSharedPoolQuota(): Amount charged (paged %lu --  non paged %lu)\n", AmountToChargePaged, AmountToChargeNonPaged);
    return Process->QuotaBlock;
}

Referenced by ObpChargeQuotaForObject().

◆ PsExitSpecialApc()

VOID NTAPI PsExitSpecialApc	(	PKAPC	Apc,
		PKNORMAL_ROUTINE *	NormalRoutine,
		PVOID *	NormalContext,
		PVOID *	SystemArgument1,
		PVOID *	SystemArgument2
	)

Referenced by KiInsertQueueApc().

◆ PsGetNextProcess()

PEPROCESS NTAPI PsGetNextProcess ( IN PEPROCESS OldProcess OPTIONAL )

Definition at line 128 of file process.c.

{
    PLIST_ENTRY Entry;
    PEPROCESS FoundProcess = NULL;
    PAGED_CODE();
    PSTRACE(PS_PROCESS_DEBUG, "Process: %p\n", OldProcess);
 
    /* Acquire the Active Process Lock */
    KeAcquireGuardedMutex(&PspActiveProcessMutex);
 
    /* Check if we're already starting somewhere */
    if (OldProcess)
    {
        /* Start where we left off */
        Entry = OldProcess->ActiveProcessLinks.Flink;
    }
    else
    {
        /* Start at the beginning */
        Entry = PsActiveProcessHead.Flink;
    }
 
    /* Loop the process list */
    while (Entry != &PsActiveProcessHead)
    {
        /* Get the process */
        FoundProcess = CONTAINING_RECORD(Entry, EPROCESS, ActiveProcessLinks);
 
        /* Reference the process */
        if (ObReferenceObjectSafe(FoundProcess)) break;
 
        /* Nothing found, keep trying */
        FoundProcess = NULL;
        Entry = Entry->Flink;
    }
 
    /* Release the lock */
    KeReleaseGuardedMutex(&PspActiveProcessMutex);
 
    /* Dereference the Process we had referenced earlier */
    if (OldProcess) ObDereferenceObject(OldProcess);
    return FoundProcess;
}

Referenced by DbgkpCloseObject(), ExpDebuggerWorker(), PopGracefulShutdown(), PsChangeQuantumTable(), PspShutdownProcessManager(), and QSI_DEF().

◆ PsGetNextProcessThread()

PETHREAD NTAPI PsGetNextProcessThread	(	IN PEPROCESS	Process,
		IN PETHREAD Thread	OPTIONAL
	)

Definition at line 75 of file process.c.

{
    PETHREAD FoundThread = NULL;
    PLIST_ENTRY ListHead, Entry;
    PAGED_CODE();
    PSTRACE(PS_PROCESS_DEBUG,
            "Process: %p Thread: %p\n", Process, Thread);
 
    /* Lock the process */
    KeEnterCriticalRegion();
    ExAcquirePushLockShared(&Process->ProcessLock);
 
    /* Check if we're already starting somewhere */
    if (Thread)
    {
        /* Start where we left off */
        Entry = Thread->ThreadListEntry.Flink;
    }
    else
    {
        /* Start at the beginning */
        Entry = Process->ThreadListHead.Flink;
    }
 
    /* Set the list head and start looping */
    ListHead = &Process->ThreadListHead;
    while (ListHead != Entry)
    {
        /* Get the Thread */
        FoundThread = CONTAINING_RECORD(Entry, ETHREAD, ThreadListEntry);
 
        /* Safe reference the thread */
        if (ObReferenceObjectSafe(FoundThread)) break;
 
        /* Nothing found, keep looping */
        FoundThread = NULL;
        Entry = Entry->Flink;
    }
 
    /* Unlock the process */
    ExReleasePushLockShared(&Process->ProcessLock);
    KeLeaveCriticalRegion();
 
    /* Check if we had a starting thread, and dereference it */
    if (Thread) ObDereferenceObject(Thread);
 
    /* Return what we found */
    return FoundThread;
}

Referenced by DbgkpPostFakeThreadMessages(), DbgkpSetProcessDebugObject(), ExSwapinWorkerThreads(), NtSetInformationThread(), NtTerminateProcess(), PspTerminateProcess(), PsResumeProcess(), and PsSuspendProcess().

◆ PsIdleThreadMain()

VOID NTAPI PsIdleThreadMain ( IN PVOID Context )

◆ PsInitSystem()

BOOLEAN NTAPI PsInitSystem ( IN PLOADER_PARAMETER_BLOCK LoaderBlock )

Definition at line 532 of file psmgr.c.

{
    /* Check the initialization phase */
    switch (ExpInitializationPhase)
    {
    case 0:
 
        /* Do Phase 0 */
        return PspInitPhase0(LoaderBlock);
 
    case 1:
 
        /* Do Phase 1 */
        return PspInitPhase1();
 
    default:
 
        /* Don't know any other phase! Bugcheck! */
        KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
                     1,
                     ExpInitializationPhase,
                     0,
                     0);
        return FALSE;
    }
}

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ PsLocateSystemDll()

NTSTATUS NTAPI PsLocateSystemDll ( VOID )

Definition at line 187 of file psmgr.c.

{
    OBJECT_ATTRIBUTES ObjectAttributes;
    IO_STATUS_BLOCK IoStatusBlock;
    HANDLE FileHandle, SectionHandle;
    NTSTATUS Status;
    ULONG_PTR HardErrorParameters;
    ULONG HardErrorResponse;
 
    /* Locate and open NTDLL to determine ImageBase and LdrStartup */
    InitializeObjectAttributes(&ObjectAttributes,
                               &PsNtDllPathName,
                               OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
                               NULL,
                               NULL);
    Status = ZwOpenFile(&FileHandle,
                        FILE_READ_ACCESS,
                        &ObjectAttributes,
                        &IoStatusBlock,
                        FILE_SHARE_READ,
                        0);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 2, 0, 0);
    }
 
    /* Check if the image is valid */
    Status = MmCheckSystemImage(FileHandle);
    if (Status == STATUS_IMAGE_CHECKSUM_MISMATCH || Status == STATUS_INVALID_IMAGE_PROTECT)
    {
        /* Raise a hard error */
        HardErrorParameters = (ULONG_PTR)&PsNtDllPathName;
        NtRaiseHardError(Status,
                         1,
                         1,
                         &HardErrorParameters,
                         OptionOk,
                         &HardErrorResponse);
        return Status;
    }
 
    /* Create a section for NTDLL */
    Status = ZwCreateSection(&SectionHandle,
                             SECTION_ALL_ACCESS,
                             NULL,
                             NULL,
                             PAGE_EXECUTE,
                             SEC_IMAGE,
                             FileHandle);
    ZwClose(FileHandle);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 3, 0, 0);
    }
 
    /* Reference the Section */
    Status = ObReferenceObjectByHandle(SectionHandle,
                                       SECTION_ALL_ACCESS,
                                       MmSectionObjectType,
                                       KernelMode,
                                       (PVOID*)&PspSystemDllSection,
                                       NULL);
    ZwClose(SectionHandle);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 4, 0, 0);
    }
 
    /* Map it */
    Status = PspMapSystemDll(PsGetCurrentProcess(), &PspSystemDllBase, FALSE);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 5, 0, 0);
    }
 
    /* Return status */
    return Status;
}

Referenced by IoInitSystem().

◆ PsOpenTokenOfProcess()

NTSTATUS NTAPI PsOpenTokenOfProcess	(	IN HANDLE	ProcessHandle,
		OUT PACCESS_TOKEN *	Token
	)

Definition at line 471 of file security.c.

{
    PEPROCESS Process;
    NTSTATUS Status;
    PAGED_CODE();
    PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", ProcessHandle);
 
    /* Get the Token */
    Status = ObReferenceObjectByHandle(ProcessHandle,
                                       PROCESS_QUERY_INFORMATION,
                                       PsProcessType,
                                       ExGetPreviousMode(),
                                       (PVOID*)&Process,
                                       NULL);
    if (NT_SUCCESS(Status))
    {
        /* Reference the token and dereference the process */
        *Token = PsReferencePrimaryToken(Process);
        ObDereferenceObject(Process);
    }
 
    /* Return */
    return Status;
}

Referenced by NtOpenProcessTokenEx().

◆ PspCreateProcess()

NTSTATUS NTAPI PspCreateProcess	(	OUT PHANDLE	ProcessHandle,
		IN ACCESS_MASK	DesiredAccess,
		IN POBJECT_ATTRIBUTES ObjectAttributes	OPTIONAL,
		IN HANDLE ParentProcess	OPTIONAL,
		IN ULONG	Flags,
		IN HANDLE SectionHandle	OPTIONAL,
		IN HANDLE DebugPort	OPTIONAL,
		IN HANDLE ExceptionPort	OPTIONAL,
		IN BOOLEAN	InJob
	)

Definition at line 347 of file process.c.

{
    HANDLE hProcess;
    PEPROCESS Process, Parent;
    PVOID ExceptionPortObject;
    PDEBUG_OBJECT DebugObject;
    PSECTION SectionObject;
    NTSTATUS Status, AccessStatus;
    ULONG_PTR DirectoryTableBase[2] = {0,0};
    KAFFINITY Affinity;
    HANDLE_TABLE_ENTRY CidEntry;
    PETHREAD CurrentThread = PsGetCurrentThread();
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
    PEPROCESS CurrentProcess = PsGetCurrentProcess();
    ULONG MinWs, MaxWs;
    ACCESS_STATE LocalAccessState;
    PACCESS_STATE AccessState = &LocalAccessState;
    AUX_ACCESS_DATA AuxData;
    UCHAR Quantum;
    BOOLEAN Result, SdAllocated;
    PSECURITY_DESCRIPTOR SecurityDescriptor;
    SECURITY_SUBJECT_CONTEXT SubjectContext;
    BOOLEAN NeedsPeb = FALSE;
    INITIAL_PEB InitialPeb;
    PAGED_CODE();
    PSTRACE(PS_PROCESS_DEBUG,
            "ProcessHandle: %p Parent: %p\n", ProcessHandle, ParentProcess);
 
    /* Validate flags */
    if (Flags & ~PROCESS_CREATE_FLAGS_LEGAL_MASK) return STATUS_INVALID_PARAMETER;
 
    /* Check for parent */
    if (ParentProcess)
    {
        /* Reference it */
        Status = ObReferenceObjectByHandle(ParentProcess,
                                           PROCESS_CREATE_PROCESS,
                                           PsProcessType,
                                           PreviousMode,
                                           (PVOID*)&Parent,
                                           NULL);
        if (!NT_SUCCESS(Status)) return Status;
 
        /* If this process should be in a job but the parent isn't */
        if ((InJob) && (!Parent->Job))
        {
            /* This is illegal. Dereference the parent and fail */
            ObDereferenceObject(Parent);
            return STATUS_INVALID_PARAMETER;
        }
 
        /* Inherit Parent process's Affinity. */
        Affinity = Parent->Pcb.Affinity;
    }
    else
    {
        /* We have no parent */
        Parent = NULL;
        Affinity = KeActiveProcessors;
    }
 
    /* Save working set data */
    MinWs = PsMinimumWorkingSet;
    MaxWs = PsMaximumWorkingSet;
 
    /* Create the Object */
    Status = ObCreateObject(PreviousMode,
                            PsProcessType,
                            ObjectAttributes,
                            PreviousMode,
                            NULL,
                            sizeof(EPROCESS),
                            0,
                            0,
                            (PVOID*)&Process);
    if (!NT_SUCCESS(Status)) goto Cleanup;
 
    /* Clean up the Object */
    RtlZeroMemory(Process, sizeof(EPROCESS));
 
    /* Initialize pushlock and rundown protection */
    ExInitializeRundownProtection(&Process->RundownProtect);
    Process->ProcessLock.Value = 0;
 
    /* Setup the Thread List Head */
    InitializeListHead(&Process->ThreadListHead);
 
    /* Set up the Quota Block from the Parent */
    PspInheritQuota(Process, Parent);
 
    /* Set up Dos Device Map from the Parent */
    ObInheritDeviceMap(Parent, Process);
 
    /* Check if we have a parent */
    if (Parent)
    {
        /* Inherit PID and hard-error processing */
        Process->InheritedFromUniqueProcessId = Parent->UniqueProcessId;
        Process->DefaultHardErrorProcessing = Parent->DefaultHardErrorProcessing;
    }
    else
    {
        /* Use default hard-error processing */
        Process->DefaultHardErrorProcessing = SEM_FAILCRITICALERRORS;
    }
 
    /* Check for a section handle */
    if (SectionHandle)
    {
        /* Get a pointer to it */
        Status = ObReferenceObjectByHandle(SectionHandle,
                                           SECTION_MAP_EXECUTE,
                                           MmSectionObjectType,
                                           PreviousMode,
                                           (PVOID*)&SectionObject,
                                           NULL);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;
    }
    else
    {
        /* Assume no section object */
        SectionObject = NULL;
 
        /* Is the parent the initial process?
         * Check for NULL also, as at initialization PsInitialSystemProcess is NULL */
        if (Parent != PsInitialSystemProcess && (Parent != NULL))
        {
            /* It's not, so acquire the process rundown */
            if (ExAcquireRundownProtection(&Parent->RundownProtect))
            {
                /* If the parent has a section, use it */
                SectionObject = Parent->SectionObject;
                if (SectionObject) ObReferenceObject(SectionObject);
 
                /* Release process rundown */
                ExReleaseRundownProtection(&Parent->RundownProtect);
            }
 
            /* If we don't have a section object */
            if (!SectionObject)
            {
                /* Then the process is in termination, so fail */
                Status = STATUS_PROCESS_IS_TERMINATING;
                goto CleanupWithRef;
            }
        }
    }
 
    /* Save the pointer to the section object */
    Process->SectionObject = SectionObject;
 
    /* Check for the debug port */
    if (DebugPort)
    {
        /* Reference it */
        Status = ObReferenceObjectByHandle(DebugPort,
                                           DEBUG_OBJECT_ADD_REMOVE_PROCESS,
                                           DbgkDebugObjectType,
                                           PreviousMode,
                                           (PVOID*)&DebugObject,
                                           NULL);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;
 
        /* Save the debug object */
        Process->DebugPort = DebugObject;
 
        /* Check if the caller doesn't want the debug stuff inherited */
        if (Flags & PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT)
        {
            /* Set the process flag */
            InterlockedOr((PLONG)&Process->Flags, PSF_NO_DEBUG_INHERIT_BIT);
        }
    }
    else
    {
        /* Do we have a parent? Copy his debug port */
        if (Parent) DbgkCopyProcessDebugPort(Process, Parent);
    }
 
    /* Now check for an exception port */
    if (ExceptionPort)
    {
        /* Reference it */
        Status = ObReferenceObjectByHandle(ExceptionPort,
                                           PORT_ALL_ACCESS,
                                           LpcPortObjectType,
                                           PreviousMode,
                                           (PVOID*)&ExceptionPortObject,
                                           NULL);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;
 
        /* Save the exception port */
        Process->ExceptionPort = ExceptionPortObject;
    }
 
    /* Save the pointer to the section object */
    Process->SectionObject = SectionObject;
 
    /* Set default exit code */
    Process->ExitStatus = STATUS_PENDING;
 
    /* Check if this is the initial process being built */
    if (Parent)
    {
        /* Create the address space for the child */
        if (!MmCreateProcessAddressSpace(MinWs,
                                         Process,
                                         DirectoryTableBase))
        {
            /* Failed */
            Status = STATUS_INSUFFICIENT_RESOURCES;
            goto CleanupWithRef;
        }
    }
    else
    {
        /* Otherwise, we are the boot process, we're already semi-initialized */
        Process->ObjectTable = CurrentProcess->ObjectTable;
        Status = MmInitializeHandBuiltProcess(Process, DirectoryTableBase);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;
    }
 
    /* We now have an address space */
    InterlockedOr((PLONG)&Process->Flags, PSF_HAS_ADDRESS_SPACE_BIT);
 
    /* Set the maximum WS */
    Process->Vm.MaximumWorkingSetSize = MaxWs;
 
    /* Now initialize the Kernel Process */
    KeInitializeProcess(&Process->Pcb,
                        PROCESS_PRIORITY_NORMAL,
                        Affinity,
                        DirectoryTableBase,
                        BooleanFlagOn(Process->DefaultHardErrorProcessing,
                                      SEM_NOALIGNMENTFAULTEXCEPT));
 
    /* Duplicate Parent Token */
    Status = PspInitializeProcessSecurity(Process, Parent);
    if (!NT_SUCCESS(Status)) goto CleanupWithRef;
 
    /* Set default priority class */
    Process->PriorityClass = PROCESS_PRIORITY_CLASS_NORMAL;
 
    /* Check if we have a parent */
    if (Parent)
    {
        /* Check our priority class */
        if (Parent->PriorityClass == PROCESS_PRIORITY_CLASS_IDLE ||
            Parent->PriorityClass == PROCESS_PRIORITY_CLASS_BELOW_NORMAL)
        {
            /* Normalize it */
            Process->PriorityClass = Parent->PriorityClass;
        }
 
        /* Initialize object manager for the process */
        Status = ObInitProcess(Flags & PROCESS_CREATE_FLAGS_INHERIT_HANDLES ?
                               Parent : NULL,
                               Process);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;
    }
    else
    {
        /* Do the second part of the boot process memory setup */
        Status = MmInitializeHandBuiltProcess2(Process);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;
    }
 
    /* Set success for now */
    Status = STATUS_SUCCESS;
 
    /* Check if this is a real user-mode process */
    if (SectionHandle)
    {
        /* Initialize the address space */
        Status = MmInitializeProcessAddressSpace(Process,
                                                 NULL,
                                                 SectionObject,
                                                 &Flags,
                                                 &Process->
                                                 SeAuditProcessCreationInfo.
                                                 ImageFileName);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;
 
        //
        // We need a PEB
        //
        NeedsPeb = TRUE;
    }
    else if (Parent)
    {
        /* Check if this is a child of the system process */
        if (Parent != PsInitialSystemProcess)
        {
            //
            // We need a PEB
            //
            NeedsPeb = TRUE;
 
            /* This is a clone! */
            ASSERTMSG("No support for cloning yet\n", FALSE);
        }
        else
        {
            /* This is the initial system process */
            Flags &= ~PROCESS_CREATE_FLAGS_LARGE_PAGES;
            Status = MmInitializeProcessAddressSpace(Process,
                                                     NULL,
                                                     NULL,
                                                     &Flags,
                                                     NULL);
            if (!NT_SUCCESS(Status)) goto CleanupWithRef;
 
            /* Create a dummy image file name */
            Process->SeAuditProcessCreationInfo.ImageFileName =
                ExAllocatePoolWithTag(PagedPool,
                                      sizeof(OBJECT_NAME_INFORMATION),
                                      TAG_SEPA);
            if (!Process->SeAuditProcessCreationInfo.ImageFileName)
            {
                /* Fail */
                Status = STATUS_INSUFFICIENT_RESOURCES;
                goto CleanupWithRef;
            }
 
            /* Zero it out */
            RtlZeroMemory(Process->SeAuditProcessCreationInfo.ImageFileName,
                          sizeof(OBJECT_NAME_INFORMATION));
        }
    }
 
#if MI_TRACE_PFNS
    /* Copy the process name now that we have it */
    memcpy(MiGetPfnEntry(Process->Pcb.DirectoryTableBase[0] >> PAGE_SHIFT)->ProcessName, Process->ImageFileName, 16);
    if (Process->Pcb.DirectoryTableBase[1]) memcpy(MiGetPfnEntry(Process->Pcb.DirectoryTableBase[1] >> PAGE_SHIFT)->ProcessName, Process->ImageFileName, 16);
    if (Process->WorkingSetPage) memcpy(MiGetPfnEntry(Process->WorkingSetPage)->ProcessName, Process->ImageFileName, 16);
#endif
 
    /* Check if we have a section object and map the system DLL */
    if (SectionObject) PspMapSystemDll(Process, NULL, FALSE);
 
    /* Create a handle for the Process */
    CidEntry.Object = Process;
    CidEntry.GrantedAccess = 0;
    Process->UniqueProcessId = ExCreateHandle(PspCidTable, &CidEntry);
    if (!Process->UniqueProcessId)
    {
        /* Fail */
        Status = STATUS_INSUFFICIENT_RESOURCES;
        goto CleanupWithRef;
    }
 
    /* Set the handle table PID */
    Process->ObjectTable->UniqueProcessId = Process->UniqueProcessId;
 
    /* Check if we need to audit */
    if (SeDetailedAuditingWithToken(NULL)) SeAuditProcessCreate(Process);
 
    /* Check if the parent had a job */
    if ((Parent) && (Parent->Job))
    {
        /* FIXME: We need to insert this process */
        DPRINT1("Jobs not yet supported\n");
    }
 
    /* Create PEB only for User-Mode Processes */
    if ((Parent) && (NeedsPeb))
    {
        //
        // Set up the initial PEB
        //
        RtlZeroMemory(&InitialPeb, sizeof(INITIAL_PEB));
        InitialPeb.Mutant = (HANDLE)-1;
        InitialPeb.ImageUsesLargePages = 0; // FIXME: Not yet supported
 
        //
        // Create it only if we have an image section
        //
        if (SectionHandle)
        {
            //
            // Create it
            //
            Status = MmCreatePeb(Process, &InitialPeb, &Process->Peb);
            if (!NT_SUCCESS(Status)) goto CleanupWithRef;
        }
        else
        {
            //
            // We have to clone it
            //
            ASSERTMSG("No support for cloning yet\n", FALSE);
        }
 
    }
 
    /* The process can now be activated */
    KeAcquireGuardedMutex(&PspActiveProcessMutex);
    InsertTailList(&PsActiveProcessHead, &Process->ActiveProcessLinks);
    KeReleaseGuardedMutex(&PspActiveProcessMutex);
 
    /* Create an access state */
    Status = SeCreateAccessStateEx(CurrentThread,
                                   ((Parent) &&
                                   (Parent == PsInitialSystemProcess)) ?
                                    Parent : CurrentProcess,
                                   &LocalAccessState,
                                   &AuxData,
                                   DesiredAccess,
                                   &PsProcessType->TypeInfo.GenericMapping);
    if (!NT_SUCCESS(Status)) goto CleanupWithRef;
 
    /* Insert the Process into the Object Directory */
    Status = ObInsertObject(Process,
                            AccessState,
                            DesiredAccess,
                            1,
                            NULL,
                            &hProcess);
 
    /* Free the access state */
    if (AccessState) SeDeleteAccessState(AccessState);
 
    /* Cleanup on failure */
    if (!NT_SUCCESS(Status)) goto Cleanup;
 
    /* Compute Quantum and Priority */
    ASSERT(IsListEmpty(&Process->ThreadListHead) == TRUE);
    Process->Pcb.BasePriority =
        (SCHAR)PspComputeQuantumAndPriority(Process,
                                            PsProcessPriorityBackground,
                                            &Quantum);
    Process->Pcb.QuantumReset = Quantum;
 
    /* Check if we have a parent other then the initial system process */
    Process->GrantedAccess = PROCESS_TERMINATE;
    if ((Parent) && (Parent != PsInitialSystemProcess))
    {
        /* Get the process's SD */
        Status = ObGetObjectSecurity(Process,
                                     &SecurityDescriptor,
                                     &SdAllocated);
        if (!NT_SUCCESS(Status))
        {
            /* We failed, close the handle and clean up */
            ObCloseHandle(hProcess, PreviousMode);
            goto CleanupWithRef;
        }
 
        /* Create the subject context */
        SubjectContext.ProcessAuditId = Process;
        SubjectContext.PrimaryToken = PsReferencePrimaryToken(Process);
        SubjectContext.ClientToken = NULL;
 
        /* Do the access check */
        Result = SeAccessCheck(SecurityDescriptor,
                               &SubjectContext,
                               FALSE,
                               MAXIMUM_ALLOWED,
                               0,
                               NULL,
                               &PsProcessType->TypeInfo.GenericMapping,
                               PreviousMode,
                               &Process->GrantedAccess,
                               &AccessStatus);
 
        /* Dereference the token and let go the SD */
        ObFastDereferenceObject(&Process->Token,
                                SubjectContext.PrimaryToken);
        ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
 
        /* Remove access if it failed */
        if (!Result) Process->GrantedAccess = 0;
 
        /* Give the process some basic access */
        Process->GrantedAccess |= (PROCESS_VM_OPERATION |
                                   PROCESS_VM_READ |
                                   PROCESS_VM_WRITE |
                                   PROCESS_QUERY_INFORMATION |
                                   PROCESS_TERMINATE |
                                   PROCESS_CREATE_THREAD |
                                   PROCESS_DUP_HANDLE |
                                   PROCESS_CREATE_PROCESS |
                                   PROCESS_SET_INFORMATION |
                                   STANDARD_RIGHTS_ALL |
                                   PROCESS_SET_QUOTA);
    }
    else
    {
        /* Set full granted access */
        Process->GrantedAccess = PROCESS_ALL_ACCESS;
    }
 
    /* Set the Creation Time */
    KeQuerySystemTime(&Process->CreateTime);
 
    /* Protect against bad user-mode pointer */
    _SEH2_TRY
    {
        /* Hacky way of returning the PEB to the user-mode creator */
        if ((Process->Peb) && (CurrentThread->Tcb.Teb))
        {
            CurrentThread->Tcb.Teb->NtTib.ArbitraryUserPointer = Process->Peb;
        }
 
        /* Save the process handle */
       *ProcessHandle = hProcess;
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        /* Get the exception code */
       Status = _SEH2_GetExceptionCode();
    }
    _SEH2_END;
 
    /* Run the Notification Routines */
    PspRunCreateProcessNotifyRoutines(Process, TRUE);
 
    /* If 12 processes have been created, enough of user-mode is ready */
    if (++ProcessCount == 12) Ki386PerfEnd();
 
CleanupWithRef:
    /*
     * Dereference the process. For failures, kills the process and does
     * cleanup present in PspDeleteProcess. For success, kills the extra
     * reference added by ObInsertObject.
     */
    ObDereferenceObject(Process);
 
Cleanup:
    /* Dereference the parent */
    if (Parent) ObDereferenceObject(Parent);
 
    /* Return status to caller */
    return Status;
}

Referenced by NtCreateProcessEx(), PsCreateSystemProcess(), and PspInitPhase0().

◆ PspDeleteJob()

VOID NTAPI PspDeleteJob ( IN PVOID ObjectBody )

Referenced by PspInitPhase0().

◆ PspDeleteProcess()

VOID NTAPI PspDeleteProcess ( IN PVOID ObjectBody )

Definition at line 253 of file kill.c.

{
    PEPROCESS Process = (PEPROCESS)ObjectBody;
    KAPC_STATE ApcState;
    PAGED_CODE();
    PSTRACE(PS_KILL_DEBUG, "ObjectBody: %p\n", ObjectBody);
    PSREFTRACE(Process);
 
    /* Check if it has an Active Process Link */
    if (Process->ActiveProcessLinks.Flink)
    {
        /* Remove it from the Active List */
        KeAcquireGuardedMutex(&PspActiveProcessMutex);
        RemoveEntryList(&Process->ActiveProcessLinks);
        Process->ActiveProcessLinks.Flink = NULL;
        Process->ActiveProcessLinks.Blink = NULL;
        KeReleaseGuardedMutex(&PspActiveProcessMutex);
    }
 
    /* Check for Auditing information */
    if (Process->SeAuditProcessCreationInfo.ImageFileName)
    {
        /* Free it */
        ExFreePoolWithTag(Process->SeAuditProcessCreationInfo.ImageFileName,
                          TAG_SEPA);
        Process->SeAuditProcessCreationInfo.ImageFileName = NULL;
    }
 
    /* Check if we have a job */
    if (Process->Job)
    {
        /* Remove the process from the job */
        PspRemoveProcessFromJob(Process, Process->Job);
 
        /* Dereference it */
        ObDereferenceObject(Process->Job);
        Process->Job = NULL;
    }
 
    /* Increase the stack count */
    Process->Pcb.StackCount++;
 
    /* Check if we have a debug port */
    if (Process->DebugPort)
    {
        /* Deference the Debug Port */
        ObDereferenceObject(Process->DebugPort);
        Process->DebugPort = NULL;
    }
 
    /* Check if we have an exception port */
    if (Process->ExceptionPort)
    {
        /* Deference the Exception Port */
        ObDereferenceObject(Process->ExceptionPort);
        Process->ExceptionPort = NULL;
    }
 
    /* Check if we have a section object */
    if (Process->SectionObject)
    {
        /* Deference the Section Object */
        ObDereferenceObject(Process->SectionObject);
        Process->SectionObject = NULL;
    }
 
#if defined(_X86_)
    /* Clean Ldt and Vdm objects */
    PspDeleteLdt(Process);
    PspDeleteVdmObjects(Process);
#endif
 
    /* Delete the Object Table */
    if (Process->ObjectTable)
    {
        /* Attach to the process */
        KeStackAttachProcess(&Process->Pcb, &ApcState);
 
        /* Kill the Object Info */
        ObKillProcess(Process);
 
        /* Detach */
        KeUnstackDetachProcess(&ApcState);
    }
 
    /* Check if we have an address space, and clean it */
    if (Process->HasAddressSpace)
    {
        /* Attach to the process */
        KeStackAttachProcess(&Process->Pcb, &ApcState);
 
        /* Clean the Address Space */
        PspExitProcess(FALSE, Process);
 
        /* Detach */
        KeUnstackDetachProcess(&ApcState);
 
        /* Completely delete the Address Space */
        MmDeleteProcessAddressSpace(Process);
    }
 
    /* See if we have a PID */
    if (Process->UniqueProcessId)
    {
        /* Delete the PID */
        if (!(ExDestroyHandle(PspCidTable, Process->UniqueProcessId, NULL)))
        {
            /* Something wrong happened, bugcheck */
            KeBugCheck(CID_HANDLE_DELETION);
        }
    }
 
    /* Cleanup security information */
    PspDeleteProcessSecurity(Process);
 
    /* Check if we have kept information on the Working Set */
    if (Process->WorkingSetWatch)
    {
        /* Free it */
        ExFreePool(Process->WorkingSetWatch);
 
        /* And return the quota it was taking up */
        PsReturnProcessNonPagedPoolQuota(Process, 0x2000);
    }
 
    /* Dereference the Device Map */
    ObDereferenceDeviceMap(Process);
 
    /*
     * Dereference the quota block, the function
     * will invoke a quota block cleanup if the
     * block itself is no longer used by anybody.
     */
    PspDereferenceQuotaBlock(Process, Process->QuotaBlock);
}

Referenced by PspInitPhase0().

◆ PspDeleteProcessSecurity()

VOID NTAPI PspDeleteProcessSecurity ( IN PEPROCESS Process )

Definition at line 30 of file security.c.

{
    PAGED_CODE();
    PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
 
    /* Check if we have a token */
    if (Process->Token.Object)
    {
        /* Deassign it */
        SeDeassignPrimaryToken(Process);
        Process->Token.Object = NULL;
    }
}

Referenced by PspDeleteProcess().

◆ PspDeleteThread()

VOID NTAPI PspDeleteThread ( IN PVOID ObjectBody )

Definition at line 391 of file kill.c.

{
    PETHREAD Thread = (PETHREAD)ObjectBody;
    PEPROCESS Process = Thread->ThreadsProcess;
    PAGED_CODE();
    PSTRACE(PS_KILL_DEBUG, "ObjectBody: %p\n", ObjectBody);
    PSREFTRACE(Thread);
    ASSERT(Thread->Tcb.Win32Thread == NULL);
 
    /* Check if we have a stack */
    if (Thread->Tcb.InitialStack)
    {
        /* Release it */
        MmDeleteKernelStack((PVOID)Thread->Tcb.StackBase,
                            Thread->Tcb.LargeStack);
    }
 
    /* Check if we have a CID Handle */
    if (Thread->Cid.UniqueThread)
    {
        /* Delete the CID Handle */
        if (!(ExDestroyHandle(PspCidTable, Thread->Cid.UniqueThread, NULL)))
        {
            /* Something wrong happened, bugcheck */
            KeBugCheck(CID_HANDLE_DELETION);
        }
    }
 
    /* Cleanup impersionation information */
    PspDeleteThreadSecurity(Thread);
 
    /* Make sure the thread was inserted, before continuing */
    if (!Process) return;
 
    /* Check if the thread list is valid */
    if (Thread->ThreadListEntry.Flink)
    {
        /* Lock the thread's process */
        KeEnterCriticalRegion();
        ExAcquirePushLockExclusive(&Process->ProcessLock);
 
        /* Remove us from the list */
        RemoveEntryList(&Thread->ThreadListEntry);
 
        /* Release the lock */
        ExReleasePushLockExclusive(&Process->ProcessLock);
        KeLeaveCriticalRegion();
    }
 
    /* Dereference the Process */
    ObDereferenceObject(Process);
}

Referenced by PspInitPhase0().

◆ PspDeleteThreadSecurity()

VOID NTAPI PspDeleteThreadSecurity ( IN PETHREAD Thread )

Definition at line 46 of file security.c.

{
    PPS_IMPERSONATION_INFORMATION ImpersonationInfo = Thread->ImpersonationInfo;
    PAGED_CODE();
    PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);
 
    /* Check if we have active impersonation info */
    if (Thread->ActiveImpersonationInfo)
    {
        /* Dereference its token */
        ObDereferenceObject(ImpersonationInfo->Token);
    }
 
    /* Check if we have impersonation info */
    if (ImpersonationInfo)
    {
        /* Free it */
        ExFreePool(ImpersonationInfo);
        PspClearCrossThreadFlag(Thread, CT_ACTIVE_IMPERSONATION_INFO_BIT);
        Thread->ImpersonationInfo = NULL;
    }
}

Referenced by PspDeleteThread().

◆ PspDereferenceQuotaBlock()

VOID NTAPI PspDereferenceQuotaBlock	(	_In_opt_ PEPROCESS	Process,
		_In_ PEPROCESS_QUOTA_BLOCK	QuotaBlock
	)

De-references a quota block when quotas have been returned back because of an object de-allocation or when a process gets destroyed. If the last instance that held up the block gets de-referenced the function will perform a cleanup against that block and it'll free the quota block from memory.

Parameters

[in]	Process	A pointer to a process that de-references the quota block.
[in]	QuotaBlock	A pointer to a quota block that is to be de-referenced. This block can come from a process that references it or an object.

Returns: Nothing.

Definition at line 553 of file quota.c.

{
    ULONG PsQuotaTypeIndex;
    KIRQL OldIrql;
 
    /* Make sure the quota block is not trash */
    ASSERT(QuotaBlock);
 
    /* Iterate over the process quota types if we have a process */
    if (Process)
    {
        for (PsQuotaTypeIndex = PsNonPagedPool; PsQuotaTypeIndex < PsQuotaTypes; PsQuotaTypeIndex++)
        {
            /*
             * We need to make sure that the quota usage
             * uniquely associated with the process is 0
             * on that moment the process gets destroyed.
             */
            ASSERT(Process->QuotaUsage[PsQuotaTypeIndex] == 0);
        }
 
        /* As the process is now gone, decrement the process count */
        InterlockedDecrementUL(&QuotaBlock->ProcessCount);
    }
 
    /* If no one is using this block, begin to destroy it */
    if (QuotaBlock != &PspDefaultQuotaBlock &&
        InterlockedDecrementUL(&QuotaBlock->ReferenceCount) == 0)
    {
        /* Acquire the quota lock */
        KeAcquireSpinLock(&PspQuotaLock, &OldIrql);
 
        /* Return all the quotas back to Mm and remove the quota from list */
        PspReturnQuotasOnDestroy(QuotaBlock);
        RemoveEntryList(&QuotaBlock->QuotaList);
 
        /* Release the lock and free the block */
        KeReleaseSpinLock(&PspQuotaLock, OldIrql);
        ExFreePoolWithTag(QuotaBlock, TAG_QUOTA_BLOCK);
    }
}

Referenced by PspDeleteProcess(), and PsReturnSharedPoolQuota().

◆ PspExitProcess()

VOID NTAPI PspExitProcess	(	IN BOOLEAN	LastThread,
		IN PEPROCESS	Process
	)

Definition at line 1075 of file kill.c.

{
    ULONG Actual;
    PAGED_CODE();
    PSTRACE(PS_KILL_DEBUG,
            "LastThread: %u Process: %p\n", LastThread, Process);
    PSREFTRACE(Process);
 
    /* Set Process Exit flag */
    InterlockedOr((PLONG)&Process->Flags, PSF_PROCESS_EXITING_BIT);
 
    /* Check if we are the last thread */
    if (LastThread)
    {
        /* Notify the WMI Process Callback */
        //WmiTraceProcess(Process, FALSE);
 
        /* Run the Notification Routines */
        PspRunCreateProcessNotifyRoutines(Process, FALSE);
    }
 
    /* Cleanup the power state */
    PopCleanupPowerState((PPOWER_STATE)&Process->Pcb.PowerState);
 
    /* Clear the security port */
    if (!Process->SecurityPort)
    {
        /* So we don't double-dereference */
        Process->SecurityPort = (PVOID)1;
    }
    else if (Process->SecurityPort != (PVOID)1)
    {
        /* Dereference it */
        ObDereferenceObject(Process->SecurityPort);
        Process->SecurityPort = (PVOID)1;
    }
 
    /* Check if we are the last thread */
    if (LastThread)
    {
        /* Check if we have to set the Timer Resolution */
        if (Process->SetTimerResolution)
        {
            /* Set it to default */
            ZwSetTimerResolution(KeMaximumIncrement, 0, &Actual);
        }
 
        /* Check if we are part of a Job that has a completion port */
        if ((Process->Job) && (Process->Job->CompletionPort))
        {
            /* FIXME: Check job status code and do I/O completion if needed */
        }
 
        /* FIXME: Notify the Prefetcher */
    }
    else
    {
        /* Clear process' address space here */
        MmCleanProcessAddressSpace(Process);
    }
}

Referenced by PspDeleteProcess(), and PspExitThread().

◆ PspExitProcessFromJob()

VOID NTAPI PspExitProcessFromJob	(	IN PEJOB	Job,
		IN PEPROCESS	Process
	)

Definition at line 146 of file job.c.

{
    /* FIXME */
}

Referenced by PspExitThread().

◆ PspExitThread()

VOID NTAPI PspExitThread ( IN NTSTATUS ExitStatus )

Definition at line 450 of file kill.c.

{
    CLIENT_DIED_MSG TerminationMsg;
    NTSTATUS Status;
    PTEB Teb;
    PEPROCESS CurrentProcess;
    PETHREAD Thread, OtherThread, PreviousThread = NULL;
    PVOID DeallocationStack;
    SIZE_T Dummy;
    BOOLEAN Last = FALSE;
    PTERMINATION_PORT TerminationPort, NextPort;
    PLIST_ENTRY FirstEntry, CurrentEntry;
    PKAPC Apc;
    PTOKEN PrimaryToken;
    PAGED_CODE();
    PSTRACE(PS_KILL_DEBUG, "ExitStatus: %d\n", ExitStatus);
 
    /* Get the Current Thread and Process */
    Thread = PsGetCurrentThread();
    CurrentProcess = Thread->ThreadsProcess;
    ASSERT((Thread) == PsGetCurrentThread());
 
    /* Can't terminate a thread if it attached another process */
    if (KeIsAttachedProcess())
    {
        /* Bugcheck */
        KeBugCheckEx(INVALID_PROCESS_ATTACH_ATTEMPT,
                     (ULONG_PTR)CurrentProcess,
                     (ULONG_PTR)Thread->Tcb.ApcState.Process,
                     (ULONG_PTR)Thread->Tcb.ApcStateIndex,
                     (ULONG_PTR)Thread);
    }
 
    /* Lower to Passive Level */
    KeLowerIrql(PASSIVE_LEVEL);
 
    /* Can't be a worker thread */
    if (Thread->ActiveExWorker)
    {
        /* Bugcheck */
        KeBugCheckEx(ACTIVE_EX_WORKER_THREAD_TERMINATION,
                     (ULONG_PTR)Thread,
                     0,
                     0,
                     0);
    }
 
    /* Can't have pending APCs */
    if (Thread->Tcb.CombinedApcDisable != 0)
    {
        /* Bugcheck */
        KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
                     0,
                     Thread->Tcb.CombinedApcDisable,
                     0,
                     1);
    }
 
    /* Lock the thread */
    ExWaitForRundownProtectionRelease(&Thread->RundownProtect);
 
    /* Cleanup the power state */
    PopCleanupPowerState((PPOWER_STATE)&Thread->Tcb.PowerState);
 
    /* Call the WMI Callback for Threads */
    //WmiTraceThread(Thread, NULL, FALSE);
 
    /* Run Thread Notify Routines before we desintegrate the thread */
    PspRunCreateThreadNotifyRoutines(Thread, FALSE);
 
    /* Lock the Process before we modify its thread entries */
    KeEnterCriticalRegion();
    ExAcquirePushLockExclusive(&CurrentProcess->ProcessLock);
 
    /* Decrease the active thread count, and check if it's 0 */
    if (!(--CurrentProcess->ActiveThreads))
    {
        /* Set the delete flag */
        InterlockedOr((PLONG)&CurrentProcess->Flags, PSF_PROCESS_DELETE_BIT);
 
        /* Remember we are last */
        Last = TRUE;
 
        /* Check if this termination is due to the thread dying */
        if (ExitStatus == STATUS_THREAD_IS_TERMINATING)
        {
            /* Check if the last thread was pending */
            if (CurrentProcess->ExitStatus == STATUS_PENDING)
            {
                /* Use the last exit status */
                CurrentProcess->ExitStatus = CurrentProcess->
                                             LastThreadExitStatus;
            }
        }
        else
        {
            /* Just a normal exit, write the code */
            CurrentProcess->ExitStatus = ExitStatus;
        }
 
        /* Loop all the current threads */
        FirstEntry = &CurrentProcess->ThreadListHead;
        CurrentEntry = FirstEntry->Flink;
        while (FirstEntry != CurrentEntry)
        {
            /* Get the thread on the list */
            OtherThread = CONTAINING_RECORD(CurrentEntry,
                                            ETHREAD,
                                            ThreadListEntry);
 
            /* Check if it's a thread that's still alive */
            if ((OtherThread != Thread) &&
                !(KeReadStateThread(&OtherThread->Tcb)) &&
                (ObReferenceObjectSafe(OtherThread)))
            {
                /* It's a live thread and we referenced it, unlock process */
                ExReleasePushLockExclusive(&CurrentProcess->ProcessLock);
                KeLeaveCriticalRegion();
 
                /* Wait on the thread */
                KeWaitForSingleObject(OtherThread,
                                      Executive,
                                      KernelMode,
                                      FALSE,
                                      NULL);
 
                /* Check if we had a previous thread to dereference */
                if (PreviousThread) ObDereferenceObject(PreviousThread);
 
                /* Remember the thread and re-lock the process */
                PreviousThread = OtherThread;
                KeEnterCriticalRegion();
                ExAcquirePushLockExclusive(&CurrentProcess->ProcessLock);
            }
 
            /* Go to the next thread */
            CurrentEntry = CurrentEntry->Flink;
        }
    }
    else if (ExitStatus != STATUS_THREAD_IS_TERMINATING)
    {
        /* Write down the exit status of the last thread to get killed */
        CurrentProcess->LastThreadExitStatus = ExitStatus;
    }
 
    /* Unlock the Process */
    ExReleasePushLockExclusive(&CurrentProcess->ProcessLock);
    KeLeaveCriticalRegion();
 
    /* Check if we had a previous thread to dereference */
    if (PreviousThread) ObDereferenceObject(PreviousThread);
 
    /* Check if the process has a debug port and if this is a user thread */
    if ((CurrentProcess->DebugPort) && !(Thread->SystemThread))
    {
        /* Notify the Debug API. */
        Last ? DbgkExitProcess(CurrentProcess->ExitStatus) :
               DbgkExitThread(ExitStatus);
    }
 
    /* Check if this is a Critical Thread */
    if ((KdDebuggerEnabled) && (Thread->BreakOnTermination))
    {
        /* Break to debugger */
        PspCatchCriticalBreak("Critical thread 0x%p (in %s) exited\n",
                              Thread,
                              CurrentProcess->ImageFileName);
    }
 
    /* Check if it's the last thread and this is a Critical Process */
    if ((Last) && (CurrentProcess->BreakOnTermination))
    {
        /* Check if a debugger is here to handle this */
        if (KdDebuggerEnabled)
        {
            /* Break to debugger */
            PspCatchCriticalBreak("Critical  process 0x%p (in %s) exited\n",
                                  CurrentProcess,
                                  CurrentProcess->ImageFileName);
        }
        else
        {
            /* Bugcheck, we can't allow this */
            KeBugCheckEx(CRITICAL_PROCESS_DIED,
                         (ULONG_PTR)CurrentProcess,
                         0,
                         0,
                         0);
        }
    }
 
    /* Sanity check */
    ASSERT(Thread->Tcb.CombinedApcDisable == 0);
 
    /* Process the Termination Ports */
    TerminationPort = Thread->TerminationPort;
    if (TerminationPort)
    {
        /* Setup the message header */
        TerminationMsg.h.u2.ZeroInit = 0;
        TerminationMsg.h.u2.s2.Type = LPC_CLIENT_DIED;
        TerminationMsg.h.u1.s1.TotalLength = sizeof(TerminationMsg);
        TerminationMsg.h.u1.s1.DataLength = sizeof(TerminationMsg) -
                                            sizeof(PORT_MESSAGE);
 
        /* Loop each port */
        do
        {
            /* Save the Create Time */
            TerminationMsg.CreateTime = Thread->CreateTime;
 
            /* Loop trying to send message */
            while (TRUE)
            {
                /* Send the LPC Message */
                Status = LpcRequestPort(TerminationPort->Port,
                                        &TerminationMsg.h);
                if ((Status == STATUS_NO_MEMORY) ||
                    (Status == STATUS_INSUFFICIENT_RESOURCES))
                {
                    /* Wait a bit and try again */
                    KeDelayExecutionThread(KernelMode, FALSE, &ShortTime);
                    continue;
                }
                break;
            }
 
            /* Dereference this LPC Port */
            ObDereferenceObject(TerminationPort->Port);
 
            /* Move to the next one */
            NextPort = TerminationPort->Next;
 
            /* Free the Termination Port Object */
            ExFreePoolWithTag(TerminationPort, '=TsP');
 
            /* Keep looping as long as there is a port */
            TerminationPort = NextPort;
        } while (TerminationPort);
    }
    else if (((ExitStatus == STATUS_THREAD_IS_TERMINATING) &&
              (Thread->DeadThread)) ||
             !(Thread->DeadThread))
    {
        /*
         * This case is special and deserves some extra comments. What
         * basically happens here is that this thread doesn't have a termination
         * port, which means that it died before being fully created. Since we
         * still have to notify an LPC Server, we'll use the exception port,
         * which we know exists. However, we need to know how far the thread
         * actually got created. We have three possibilities:
         *
         *  - NtCreateThread returned an error really early: DeadThread is set.
         *  - NtCreateThread managed to create the thread: DeadThread is off.
         *  - NtCreateThread was creating the thread (with DeadThread set,
         *    but the thread got killed prematurely: STATUS_THREAD_IS_TERMINATING
         *    is our exit code.)
         *
         * For the 2 & 3rd scenarios, the thread has been created far enough to
         * warrant notification to the LPC Server.
         */
 
        /* Setup the message header */
        TerminationMsg.h.u2.ZeroInit = 0;
        TerminationMsg.h.u2.s2.Type = LPC_CLIENT_DIED;
        TerminationMsg.h.u1.s1.TotalLength = sizeof(TerminationMsg);
        TerminationMsg.h.u1.s1.DataLength = sizeof(TerminationMsg) -
                                            sizeof(PORT_MESSAGE);
 
        /* Make sure the process has an exception port */
        if (CurrentProcess->ExceptionPort)
        {
            /* Save the Create Time */
            TerminationMsg.CreateTime = Thread->CreateTime;
 
            /* Loop trying to send message */
            while (TRUE)
            {
                /* Send the LPC Message */
                Status = LpcRequestPort(CurrentProcess->ExceptionPort,
                                        &TerminationMsg.h);
                if ((Status == STATUS_NO_MEMORY) ||
                    (Status == STATUS_INSUFFICIENT_RESOURCES))
                {
                    /* Wait a bit and try again */
                    KeDelayExecutionThread(KernelMode, FALSE, &ShortTime);
                    continue;
                }
                break;
            }
        }
    }
 
    /* Rundown Win32 Thread if there is one */
    if (Thread->Tcb.Win32Thread) PspW32ThreadCallout(Thread,
                                                     PsW32ThreadCalloutExit);
 
    /* If we are the last thread and have a W32 Process */
    if ((Last) && (CurrentProcess->Win32Process))
    {
        /* Run it down too */
        PspW32ProcessCallout(CurrentProcess, FALSE);
    }
 
    /* Make sure Stack Swap is enabled */
    if (!Thread->Tcb.EnableStackSwap)
    {
        /* Stack swap really shouldn't be disabled during exit! */
        KeBugCheckEx(KERNEL_STACK_LOCKED_AT_EXIT, 0, 0, 0, 0);
    }
 
    /* Cancel I/O for the thread. */
    IoCancelThreadIo(Thread);
 
    /* Rundown Timers */
    ExTimerRundown();
 
    /* FIXME: Rundown Registry Notifications (NtChangeNotify)
    CmNotifyRunDown(Thread); */
 
    /* Rundown Mutexes */
    KeRundownThread();
 
    /* Check if we have a TEB */
    Teb = Thread->Tcb.Teb;
    if (Teb)
    {
        /* Check if the thread is still alive */
        if (!Thread->DeadThread)
        {
            /* Check if we need to free its stack */
            if (Teb->FreeStackOnTermination)
            {
                /* Set the TEB's Deallocation Stack as the Base Address */
                Dummy = 0;
                DeallocationStack = Teb->DeallocationStack;
 
                /* Free the Thread's Stack */
                ZwFreeVirtualMemory(NtCurrentProcess(),
                                    &DeallocationStack,
                                    &Dummy,
                                    MEM_RELEASE);
            }
 
            /* Free the debug handle */
            if (Teb->DbgSsReserved[1]) ObCloseHandle(Teb->DbgSsReserved[1],
                                                     UserMode);
        }
 
        /* Decommit the TEB */
        MmDeleteTeb(CurrentProcess, Teb);
        Thread->Tcb.Teb = NULL;
    }
 
    /* Free LPC Data */
    LpcExitThread(Thread);
 
    /* Save the exit status and exit time */
    Thread->ExitStatus = ExitStatus;
    KeQuerySystemTime(&Thread->ExitTime);
 
    /* Sanity check */
    ASSERT(Thread->Tcb.CombinedApcDisable == 0);
 
    /* Check if this is the final thread or not */
    if (Last)
    {
        /* Set the process exit time */
        CurrentProcess->ExitTime = Thread->ExitTime;
 
        /* Exit the process */
        PspExitProcess(TRUE, CurrentProcess);
 
        /* Get the process token and check if we need to audit */
        PrimaryToken = PsReferencePrimaryToken(CurrentProcess);
        if (SeDetailedAuditingWithToken(PrimaryToken))
        {
            /* Audit the exit */
            SeAuditProcessExit(CurrentProcess);
        }
 
        /* Dereference the process token */
        ObFastDereferenceObject(&CurrentProcess->Token, PrimaryToken);
 
        /* Check if this is a VDM Process and rundown the VDM DPCs if so */
        if (CurrentProcess->VdmObjects) { /* VdmRundownDpcs(CurrentProcess); */ }
 
        /* Kill the process in the Object Manager */
        ObKillProcess(CurrentProcess);
 
        /* Check if we have a section object */
        if (CurrentProcess->SectionObject)
        {
            /* Dereference and clear the Section Object */
            ObDereferenceObject(CurrentProcess->SectionObject);
            CurrentProcess->SectionObject = NULL;
        }
 
        /* Check if the process is part of a job */
        if (CurrentProcess->Job)
        {
            /* Remove the process from the job */
            PspExitProcessFromJob(CurrentProcess->Job, CurrentProcess);
        }
    }
 
    /* Disable APCs */
    KeEnterCriticalRegion();
 
    /* Disable APC queueing, force a resumption */
    Thread->Tcb.ApcQueueable = FALSE;
    KeForceResumeThread(&Thread->Tcb);
 
    /* Re-enable APCs */
    KeLeaveCriticalRegion();
 
    /* Flush the User APCs */
    FirstEntry = KeFlushQueueApc(&Thread->Tcb, UserMode);
    if (FirstEntry)
    {
        /* Start with the first entry */
        CurrentEntry = FirstEntry;
        do
        {
           /* Get the APC */
           Apc = CONTAINING_RECORD(CurrentEntry, KAPC, ApcListEntry);
 
           /* Move to the next one */
           CurrentEntry = CurrentEntry->Flink;
 
           /* Rundown the APC or de-allocate it */
           if (Apc->RundownRoutine)
           {
              /* Call its own routine */
              Apc->RundownRoutine(Apc);
           }
           else
           {
              /* Do it ourselves */
              ExFreePool(Apc);
           }
        }
        while (CurrentEntry != FirstEntry);
    }
 
    /* Clean address space if this was the last thread */
    if (Last) MmCleanProcessAddressSpace(CurrentProcess);
 
    /* Call the Lego routine */
    if (Thread->Tcb.LegoData) PspRunLegoRoutine(&Thread->Tcb);
 
    /* Flush the APC queue, which should be empty */
    FirstEntry = KeFlushQueueApc(&Thread->Tcb, KernelMode);
    if ((FirstEntry) || (Thread->Tcb.CombinedApcDisable != 0))
    {
        /* Bugcheck time */
        KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
                     (ULONG_PTR)FirstEntry,
                     Thread->Tcb.CombinedApcDisable,
                     KeGetCurrentIrql(),
                     0);
    }
 
    /* Signal the process if this was the last thread */
    if (Last) KeSetProcess(&CurrentProcess->Pcb, 0, FALSE);
 
    /* Terminate the Thread from the Scheduler */
    KeTerminateThread(0);
}

Referenced by PsExitSpecialApc(), and PspTerminateThreadByPointer().

◆ PspGetOrSetContextKernelRoutine()

VOID NTAPI PspGetOrSetContextKernelRoutine	(	IN PKAPC	Apc,
		IN OUT PKNORMAL_ROUTINE *	NormalRoutine,
		IN OUT PVOID *	NormalContext,
		IN OUT PVOID *	SystemArgument1,
		IN OUT PVOID *	SystemArgument2
	)

Definition at line 38 of file psctx.c.

{
    UNIMPLEMENTED;
}

Referenced by PsGetContextThread(), and PsSetContextThread().

◆ PspInheritQuota()

VOID NTAPI PspInheritQuota	(	_In_ PEPROCESS	Process,
		_In_ PEPROCESS	ParentProcess
	)

Referenced by PspCreateProcess().

◆ PspInitializeJobStructures()

VOID NTAPI PspInitializeJobStructures ( VOID )

Definition at line 111 of file job.c.

{
    InitializeListHead(&PsJobListHead);
    ExInitializeFastMutex(&PsJobListLock);
}

Referenced by PspInitPhase0().

◆ PspInitializeProcessSecurity()

NTSTATUS NTAPI PspInitializeProcessSecurity	(	IN PEPROCESS	Process,
		IN PEPROCESS Parent	OPTIONAL
	)

Definition at line 71 of file security.c.

{
    NTSTATUS Status = STATUS_SUCCESS;
    PTOKEN NewToken, ParentToken;
    PAGED_CODE();
    PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);
 
    /* If we have a parent, then duplicate the Token */
    if (Parent)
    {
        /* Get the Parent Token */
        ParentToken = PsReferencePrimaryToken(Parent);
 
        /* Duplicate it */
        Status = SeSubProcessToken(ParentToken,
                                   &NewToken,
                                   TRUE,
                                   MmGetSessionId(Process));
 
        /* Dereference the Parent */
        ObFastDereferenceObject(&Parent->Token, ParentToken);
 
        /* Set the new Token */
        if (NT_SUCCESS(Status))
        {
            /* Initailize the fast reference */
            ObInitializeFastReference(&Process->Token, NewToken);
        }
    }
    else
    {
        /* No parent, assign the Boot Token */
        ObInitializeFastReference(&Process->Token, NULL);
        SeAssignPrimaryToken(Process, PspBootAccessToken);
    }
 
    /* Return to caller */
    return Status;
}

Referenced by PspCreateProcess().

◆ PspIsProcessExiting()

BOOLEAN NTAPI PspIsProcessExiting ( IN PEPROCESS Process )

Definition at line 1068 of file kill.c.

{
    return Process->Flags & PSF_PROCESS_EXITING_BIT;
}

Referenced by MmpPageOutPhysicalAddress().

◆ PspMapSystemDll()

NTSTATUS NTAPI PspMapSystemDll	(	IN PEPROCESS	Process,
		OUT PVOID *	DllBase,
		IN BOOLEAN	UseLargePages
	)

Referenced by PspCreateProcess().

◆ PspReapRoutine()

VOID NTAPI PspReapRoutine ( IN PVOID Context )

Definition at line 167 of file kill.c.

{
    PSINGLE_LIST_ENTRY NextEntry;
    PETHREAD Thread;
    PSTRACE(PS_KILL_DEBUG, "Context: %p\n", Context);
 
    /* Start main loop */
    do
    {
        /* Write magic value and return the next entry to process */
        NextEntry = InterlockedExchangePointer((PVOID*)&PspReaperListHead.Flink,
                                               (PVOID)1);
        ASSERT((NextEntry != NULL) && (NextEntry != (PVOID)1));
 
        /* Start inner loop */
        do
        {
            /* Get the first Thread Entry */
            Thread = CONTAINING_RECORD(NextEntry, ETHREAD, ReaperLink);
 
            /* Delete this entry's kernel stack */
            MmDeleteKernelStack((PVOID)Thread->Tcb.StackBase,
                                Thread->Tcb.LargeStack);
            Thread->Tcb.InitialStack = NULL;
 
            /* Move to the next entry */
            NextEntry = NextEntry->Next;
 
            /* Dereference this thread */
            ObDereferenceObject(Thread);
        } while ((NextEntry != NULL) && (NextEntry != (PVOID)1));
 
        /* Remove magic value, keep looping if it got changed */
    } while (InterlockedCompareExchangePointer((PVOID*)&PspReaperListHead.Flink,
                                               NULL,
                                               (PVOID)1) != (PVOID)1);
}

Referenced by PspInitPhase0().

◆ PspRemoveProcessFromJob()

VOID NTAPI PspRemoveProcessFromJob	(	IN PEPROCESS	Process,
		IN PEJOB	Job
	)

Definition at line 138 of file job.c.

{
    /* FIXME */
}

Referenced by PspDeleteProcess().

◆ PspSetPrimaryToken()

NTSTATUS NTAPI PspSetPrimaryToken	(	IN PEPROCESS	Process,
		IN HANDLE TokenHandle	OPTIONAL,
		IN PACCESS_TOKEN Token	OPTIONAL
	)

Definition at line 215 of file security.c.

{
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
    BOOLEAN IsChildOrSibling;
    PACCESS_TOKEN NewToken = Token;
    NTSTATUS Status, AccessStatus;
    BOOLEAN Result, SdAllocated;
    PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
    SECURITY_SUBJECT_CONTEXT SubjectContext;
 
    PSTRACE(PS_SECURITY_DEBUG, "Process: %p Token: %p\n", Process, Token);
 
    /* Reference the token by handle if we don't already have a token object */
    if (!Token)
    {
        Status = ObReferenceObjectByHandle(TokenHandle,
                                           TOKEN_ASSIGN_PRIMARY,
                                           SeTokenObjectType,
                                           PreviousMode,
                                           (PVOID*)&NewToken,
                                           NULL);
        if (!NT_SUCCESS(Status)) return Status;
    }
 
    /*
     * Check whether this token is a child or sibling of the current process token.
     * NOTE: On Windows Vista+ both of these checks (together with extra steps)
     * are now performed by a new SeIsTokenAssignableToProcess() helper.
     */
    Status = SeIsTokenChild(NewToken, &IsChildOrSibling);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, dereference */
        if (!Token) ObDereferenceObject(NewToken);
        return Status;
    }
    if (!IsChildOrSibling)
    {
        Status = SeIsTokenSibling(NewToken, &IsChildOrSibling);
        if (!NT_SUCCESS(Status))
        {
            /* Failed, dereference */
            if (!Token) ObDereferenceObject(NewToken);
            return Status;
        }
    }
 
    /* Check if this was an independent token */
    if (!IsChildOrSibling)
    {
        /* Make sure we have the privilege to assign a new one */
        if (!SeSinglePrivilegeCheck(SeAssignPrimaryTokenPrivilege,
                                    PreviousMode))
        {
            /* Failed, dereference */
            if (!Token) ObDereferenceObject(NewToken);
            return STATUS_PRIVILEGE_NOT_HELD;
        }
    }
 
    /* Assign the token */
    Status = PspAssignPrimaryToken(Process, NULL, NewToken);
    if (NT_SUCCESS(Status))
    {
        /*
         * We need to completely reverify if the process still has access to
         * itself under this new token.
         */
        Status = ObGetObjectSecurity(Process,
                                     &SecurityDescriptor,
                                     &SdAllocated);
        if (NT_SUCCESS(Status))
        {
            /* Setup the security context */
            SubjectContext.ProcessAuditId = Process;
            SubjectContext.PrimaryToken = PsReferencePrimaryToken(Process);
            SubjectContext.ClientToken = NULL;
 
            /* Do the access check */
            Result = SeAccessCheck(SecurityDescriptor,
                                   &SubjectContext,
                                   FALSE,
                                   MAXIMUM_ALLOWED,
                                   0,
                                   NULL,
                                   &PsProcessType->TypeInfo.GenericMapping,
                                   PreviousMode,
                                   &Process->GrantedAccess,
                                   &AccessStatus);
 
            /* Dereference the token and let go the SD */
            ObFastDereferenceObject(&Process->Token,
                                    SubjectContext.PrimaryToken);
            ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
 
            /* Remove access if it failed */
            if (!Result) Process->GrantedAccess = 0;
 
            /* Setup granted access */
            Process->GrantedAccess |= (PROCESS_VM_OPERATION |
                                       PROCESS_VM_READ |
                                       PROCESS_VM_WRITE |
                                       PROCESS_QUERY_INFORMATION |
                                       PROCESS_TERMINATE |
                                       PROCESS_CREATE_THREAD |
                                       PROCESS_DUP_HANDLE |
                                       PROCESS_CREATE_PROCESS |
                                       PROCESS_SET_INFORMATION |
                                       STANDARD_RIGHTS_ALL |
                                       PROCESS_SET_QUOTA);
        }
 
        /*
         * In case LUID device maps are enable, we may not be using
         * system device map for this process, but a logon LUID based
         * device map. Because we change primary token, this usage is
         * no longer valid, so dereference the process device map
         */
        if (ObIsLUIDDeviceMapsEnabled()) ObDereferenceDeviceMap(Process);
    }
 
    /* Dereference the token */
    if (!Token) ObDereferenceObject(NewToken);
    return Status;
}

Referenced by NtSetInformationProcess().

◆ PspSetQuotaLimits()

NTSTATUS NTAPI PspSetQuotaLimits	(	_In_ PEPROCESS	Process,
		_In_ ULONG	Unused,
		_In_ PVOID	QuotaLimits,
		_In_ ULONG	QuotaLimitsLength,
		_In_ KPROCESSOR_MODE	PreviousMode
	)

This function adjusts the working set limits of a process and sets up new quota limits when necessary. The function is used when the caller requests to set up new working set sizes.

Parameters

[in]	Process	The process which quota limits or working set sizes are to be changed.
[in]	Unused	This parameter is unused.
[in]	QuotaLimits	An arbitrary pointer that points to a quota limits structure, needed to determine on setting up new working set sizes.
[in]	QuotaLimitsLength	The length of QuotaLimits buffer, which size is expressed in bytes.
[in]	PreviousMode	The processor level access mode.

Returns: Returns STATUS_SUCCESS if the function has completed successfully. STATUS_INVALID_PARAMETER is returned if the caller has given a quota limits structure with invalid data. STATUS_INFO_LENGTH_MISMATCH is returned if the length of QuotaLimits pointed by QuotaLimitsLength is not right. STATUS_PRIVILEGE_NOT_HELD is returned if the calling thread of the process doesn't hold the necessary right privilege to increase quotas. STATUS_NO_MEMORY is returned if a memory pool allocation has failed. A failure NTSTATUS code is returned otherwise.

Definition at line 1045 of file quota.c.

{
    QUOTA_LIMITS_EX CapturedQuotaLimits;
    PEPROCESS_QUOTA_BLOCK QuotaBlock, OldQuotaBlock;
    BOOLEAN IncreaseOkay;
    KAPC_STATE SavedApcState;
    NTSTATUS Status;
 
    UNREFERENCED_PARAMETER(Unused);
 
    _SEH2_TRY
    {
        ProbeForRead(QuotaLimits, QuotaLimitsLength, sizeof(ULONG));
 
        /* Check if we have the basic or extended structure */
        if (QuotaLimitsLength == sizeof(QUOTA_LIMITS))
        {
            /* Copy the basic structure, zero init the remaining fields */
            RtlCopyMemory(&CapturedQuotaLimits, QuotaLimits, sizeof(QUOTA_LIMITS));
            CapturedQuotaLimits.WorkingSetLimit = 0;
            CapturedQuotaLimits.Reserved2 = 0;
            CapturedQuotaLimits.Reserved3 = 0;
            CapturedQuotaLimits.Reserved4 = 0;
            CapturedQuotaLimits.CpuRateLimit.RateData = 0;
            CapturedQuotaLimits.Flags = 0;
        }
        else if (QuotaLimitsLength == sizeof(QUOTA_LIMITS_EX))
        {
            /* Copy the full structure */
            RtlCopyMemory(&CapturedQuotaLimits, QuotaLimits, sizeof(QUOTA_LIMITS_EX));
 
            /* Verify that the caller passed valid flags */
            if ((CapturedQuotaLimits.Flags & ~VALID_QUOTA_FLAGS) ||
                ((CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MIN_ENABLE) &&
                 (CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MIN_DISABLE)) ||
                ((CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MAX_ENABLE) &&
                 (CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MAX_DISABLE)))
            {
                DPRINT1("Invalid quota flags: 0x%lx\n", CapturedQuotaLimits.Flags);
                _SEH2_YIELD(return STATUS_INVALID_PARAMETER);
            }
 
            /* Verify that the caller didn't pass reserved values */
            if ((CapturedQuotaLimits.WorkingSetLimit != 0) ||
                (CapturedQuotaLimits.Reserved2 != 0) ||
                (CapturedQuotaLimits.Reserved3 != 0) ||
                (CapturedQuotaLimits.Reserved4 != 0) ||
                (CapturedQuotaLimits.CpuRateLimit.RateData != 0))
            {
                DPRINT1("Invalid value: (%lx,%lx,%lx,%lx,%lx)\n",
                        CapturedQuotaLimits.WorkingSetLimit,
                        CapturedQuotaLimits.Reserved2,
                        CapturedQuotaLimits.Reserved3,
                        CapturedQuotaLimits.Reserved4,
                        CapturedQuotaLimits.CpuRateLimit.RateData);
                _SEH2_YIELD(return STATUS_INVALID_PARAMETER);
            }
        }
        else
        {
            DPRINT1("Invalid quota size: 0x%lx\n", QuotaLimitsLength);
            _SEH2_YIELD(return STATUS_INFO_LENGTH_MISMATCH);
        }
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        DPRINT1("Exception while copying data\n");
        _SEH2_YIELD(return _SEH2_GetExceptionCode());
    }
    _SEH2_END;
 
    /* Check the caller changes the working set size limits */
    if ((CapturedQuotaLimits.MinimumWorkingSetSize != 0) &&
        (CapturedQuotaLimits.MaximumWorkingSetSize != 0))
    {
        /* Check for special case: trimming the WS */
        if ((CapturedQuotaLimits.MinimumWorkingSetSize == SIZE_T_MAX) &&
            (CapturedQuotaLimits.MaximumWorkingSetSize == SIZE_T_MAX))
        {
            /* No increase allowed */
            IncreaseOkay = FALSE;
        }
        else
        {
            /* Check if the caller has the required privilege */
            IncreaseOkay = SeSinglePrivilegeCheck(SeIncreaseQuotaPrivilege,
                                                  PreviousMode);
        }
 
        /* Attach to the target process and disable APCs */
        KeStackAttachProcess(&Process->Pcb, &SavedApcState);
        KeEnterGuardedRegion();
 
        /* Call Mm to adjust the process' working set size */
        Status = MmAdjustWorkingSetSize(CapturedQuotaLimits.MinimumWorkingSetSize,
                                        CapturedQuotaLimits.MaximumWorkingSetSize,
                                        0,
                                        IncreaseOkay);
 
        /* Bring back APCs and detach from the process */
        KeLeaveGuardedRegion();
        KeUnstackDetachProcess(&SavedApcState);
    }
    else if (Process->QuotaBlock == &PspDefaultQuotaBlock)
    {
        /* Check if the caller has the required privilege */
        if (!SeSinglePrivilegeCheck(SeIncreaseQuotaPrivilege, PreviousMode))
        {
            return STATUS_PRIVILEGE_NOT_HELD;
        }
 
        /* Allocate a new quota block */
        QuotaBlock = ExAllocatePoolWithTag(NonPagedPool,
                                           sizeof(EPROCESS_QUOTA_BLOCK),
                                           TAG_QUOTA_BLOCK);
        if (QuotaBlock == NULL)
        {
            ObDereferenceObject(Process);
            return STATUS_NO_MEMORY;
        }
 
        /* Initialize the quota block */
        QuotaBlock->ReferenceCount = 1;
        QuotaBlock->ProcessCount = 1;
        QuotaBlock->QuotaEntry[PsNonPagedPool].Peak = Process->QuotaPeak[PsNonPagedPool];
        QuotaBlock->QuotaEntry[PsPagedPool].Peak = Process->QuotaPeak[PsPagedPool];
        QuotaBlock->QuotaEntry[PsPageFile].Peak = Process->QuotaPeak[PsPageFile];
        QuotaBlock->QuotaEntry[PsNonPagedPool].Limit = PspDefaultQuotaBlock.QuotaEntry[PsNonPagedPool].Limit;
        QuotaBlock->QuotaEntry[PsPagedPool].Limit = PspDefaultQuotaBlock.QuotaEntry[PsPagedPool].Limit;
        QuotaBlock->QuotaEntry[PsPageFile].Limit = PspDefaultQuotaBlock.QuotaEntry[PsPageFile].Limit;
 
        /* Try to exchange the quota block, if that failed, just drop it */
        OldQuotaBlock = InterlockedCompareExchangePointer((PVOID*)&Process->QuotaBlock,
                                                          QuotaBlock,
                                                          &PspDefaultQuotaBlock);
        if (OldQuotaBlock == &PspDefaultQuotaBlock)
        {
            /* Success, insert the new quota block */
            PspInsertQuotaBlock(QuotaBlock);
        }
        else
        {
            /* Failed, free the quota block and ignore it */
            ExFreePoolWithTag(QuotaBlock, TAG_QUOTA_BLOCK);
        }
 
        Status = STATUS_SUCCESS;
    }
    else
    {
        Status = STATUS_SUCCESS;
    }
 
    return Status;
}

Referenced by NtSetInformationProcess().

◆ PspShutdownProcessManager()

VOID NTAPI PspShutdownProcessManager ( VOID )

Definition at line 135 of file kill.c.

{
    PEPROCESS Process = NULL;
 
    /* Loop every process */
    Process = PsGetNextProcess(Process);
    while (Process)
    {
        /* Make sure this isn't the idle or initial process */
        if ((Process != PsInitialSystemProcess) && (Process != PsIdleProcess))
        {
            /* Kill it */
            PspTerminateProcess(Process, STATUS_SYSTEM_SHUTDOWN);
        }
 
        /* Get the next process */
        Process = PsGetNextProcess(Process);
    }
}

◆ PspSystemThreadStartup()

VOID NTAPI PspSystemThreadStartup	(	PKSTART_ROUTINE	StartRoutine,
		PVOID	StartContext
	)

◆ PspTerminateThreadByPointer()

NTSTATUS NTAPI PspTerminateThreadByPointer	(	IN PETHREAD	Thread,
		IN NTSTATUS	ExitStatus,
		IN BOOLEAN	bSelf
	)

Definition at line 988 of file kill.c.

{
    PKAPC Apc;
    NTSTATUS Status = STATUS_SUCCESS;
    ULONG Flags;
    PAGED_CODE();
    PSTRACE(PS_KILL_DEBUG, "Thread: %p ExitStatus: %d\n", Thread, ExitStatus);
    PSREFTRACE(Thread);
 
    /* Check if this is a Critical Thread, and Bugcheck */
    if (Thread->BreakOnTermination)
    {
        /* Break to debugger */
        PspCatchCriticalBreak("Terminating critical thread 0x%p (%s)\n",
                              Thread,
                              Thread->ThreadsProcess->ImageFileName);
    }
 
    /* Check if we are already inside the thread */
    if ((bSelf) || (PsGetCurrentThread() == Thread))
    {
        /* This should only happen at passive */
        ASSERT_IRQL_EQUAL(PASSIVE_LEVEL);
 
        /* Mark it as terminated */
        PspSetCrossThreadFlag(Thread, CT_TERMINATED_BIT);
 
        /* Directly terminate the thread */
        PspExitThread(ExitStatus);
    }
 
    /* This shouldn't be a system thread */
    if (Thread->SystemThread) return STATUS_ACCESS_DENIED;
 
    /* Allocate the APC */
    Apc = ExAllocatePoolWithTag(NonPagedPool, sizeof(KAPC), TAG_TERMINATE_APC);
    if (!Apc) return STATUS_INSUFFICIENT_RESOURCES;
 
    /* Set the Terminated Flag */
    Flags = Thread->CrossThreadFlags | CT_TERMINATED_BIT;
 
    /* Set it, and check if it was already set while we were running */
    if (!(InterlockedExchange((PLONG)&Thread->CrossThreadFlags, Flags) &
          CT_TERMINATED_BIT))
    {
        /* Initialize a Kernel Mode APC to Kill the Thread */
        KeInitializeApc(Apc,
                        &Thread->Tcb,
                        OriginalApcEnvironment,
                        PsExitSpecialApc,
                        PspExitApcRundown,
                        PspExitNormalApc,
                        KernelMode,
                        UlongToPtr(ExitStatus));
 
        /* Insert it into the APC Queue */
        if (!KeInsertQueueApc(Apc, Apc, NULL, 2))
        {
            /* The APC was already in the queue, fail */
            Status = STATUS_UNSUCCESSFUL;
        }
        else
        {
            /* Forcefully resume the thread and return */
            KeForceResumeThread(&Thread->Tcb);
            return Status;
        }
    }
 
    /* We failed, free the APC */
    ExFreePoolWithTag(Apc, TAG_TERMINATE_APC);
 
    /* Return Status */
    return Status;
}

Referenced by NtTerminateProcess(), NtTerminateThread(), PspSystemThreadStartup(), PspTerminateProcess(), PspUserThreadStartup(), and PsTerminateSystemThread().

◆ PsReferenceEffectiveToken()

PACCESS_TOKEN NTAPI PsReferenceEffectiveToken	(	IN PETHREAD	Thread,
		OUT IN PTOKEN_TYPE	TokenType,
		OUT PBOOLEAN	EffectiveOnly,
		OUT PSECURITY_IMPERSONATION_LEVEL	ImpersonationLevel
	)

Definition at line 802 of file security.c.

{
    PEPROCESS Process;
    PACCESS_TOKEN Token = NULL;
 
    PAGED_CODE();
 
    PSTRACE(PS_SECURITY_DEBUG,
            "Thread: %p, TokenType: %p\n", Thread, TokenType);
 
    /* Check if we don't have impersonation info */
    Process = Thread->ThreadsProcess;
    if (Thread->ActiveImpersonationInfo)
    {
        /* Lock the Process */
        PspLockProcessSecurityShared(Process);
 
        /* Make sure impersonation is still active */
        if (Thread->ActiveImpersonationInfo)
        {
            /* Get the token */
            Token = Thread->ImpersonationInfo->Token;
            ObReferenceObject(Token);
 
            /* Return data to caller */
            *TokenType = TokenImpersonation;
            *EffectiveOnly = Thread->ImpersonationInfo->EffectiveOnly;
            *ImpersonationLevel = Thread->ImpersonationInfo->ImpersonationLevel;
 
            /* Unlock the Process */
            PspUnlockProcessSecurityShared(Process);
            return Token;
        }
 
        /* Unlock the Process */
        PspUnlockProcessSecurityShared(Process);
    }
 
    /* Fast Reference the Token */
    Token = ObFastReferenceObject(&Process->Token);
 
    /* Check if we got the Token or if we got locked */
    if (!Token)
    {
        /* Lock the Process */
        PspLockProcessSecurityShared(Process);
 
        /* Do a Locked Fast Reference */
        Token = ObFastReferenceObjectLocked(&Process->Token);
 
        /* Unlock the Process */
        PspUnlockProcessSecurityShared(Process);
    }
 
    /* Return the token */
    *TokenType = TokenPrimary;
    *EffectiveOnly = FALSE;
    // NOTE: ImpersonationLevel is left untouched on purpose!
    return Token;
}

Referenced by SeCreateClientSecurity().

◆ PsReferenceProcessFilePointer()

NTSTATUS NTAPI PsReferenceProcessFilePointer	(	IN PEPROCESS	Process,
		OUT PFILE_OBJECT *	FileObject
	)

Definition at line 24 of file query.c.

{
    PSECTION Section;
    PAGED_CODE();
 
    /* Lock the process */
    if (!ExAcquireRundownProtection(&Process->RundownProtect))
    {
        return STATUS_PROCESS_IS_TERMINATING;
    }
 
    /* Get the section */
    Section = Process->SectionObject;
    if (Section)
    {
        /* Get the file object and reference it */
        *FileObject = MmGetFileObjectForSection((PVOID)Section);
        ObReferenceObject(*FileObject);
    }
 
    /* Release the protection */
    ExReleaseRundownProtection(&Process->RundownProtect);
 
    /* Return status */
    return Section ? STATUS_SUCCESS : STATUS_UNSUCCESSFUL;
}

Referenced by SeLocateProcessImageName().

◆ PsResumeThread()

NTSTATUS NTAPI PsResumeThread	(	IN PETHREAD	Thread,
		OUT PULONG PreviousCount	OPTIONAL
	)

Definition at line 32 of file state.c.

{
    ULONG OldCount;
    PAGED_CODE();
 
    /* Resume the thread */
    OldCount = KeResumeThread(&Thread->Tcb);
 
    /* Return the count if asked */
    if (PreviousCount) *PreviousCount = OldCount;
    return STATUS_SUCCESS;
}

Referenced by DbgkpPostFakeThreadMessages(), DbgkpWakeTarget(), and NtResumeThread().

◆ PsReturnProcessPageFileQuota()

NTSTATUS NTAPI PsReturnProcessPageFileQuota	(	_In_ PEPROCESS	Process,
		_In_ SIZE_T	Amount
	)

Returns the page file quota that the process was taking up. The function is used exclusively by the kernel.

Parameters

[in]	Process	The process which pagefile quota is to be returned.
[in]	Amount	The amount of quotas to return from a process.

Returns: Returns STATUS_SUCCESS.

Definition at line 993 of file quota.c.

{
    /* Don't do anything for the system process */
    if (Process == PsInitialSystemProcess) return STATUS_SUCCESS;
 
    PspReturnProcessQuotaSpecifiedPool(Process, Process->QuotaBlock, PsPageFile, Amount);
    return STATUS_SUCCESS;
}

◆ PsReturnSharedPoolQuota()

VOID NTAPI PsReturnSharedPoolQuota	(	_In_ PEPROCESS_QUOTA_BLOCK	QuotaBlock,
		_In_ SIZE_T	AmountToReturnPaged,
		_In_ SIZE_T	AmountToReturnNonPaged
	)

Returns the shared (paged and non paged) pool quotas. The function is used exclusively by the Object Manager to manage quota returns handling of objects.

Parameters

[in]	QuotaBlock	The quota block which quotas are to be returned.
[in]	AmountToReturnPaged	The amount of paged quotas quotas to be returned.
[in]	AmountToReturnNonPaged	The amount of non paged quotas to be returned.

Returns: Nothing.

Definition at line 621 of file quota.c.

{
    /* Sanity check */
    ASSERT(QuotaBlock);
 
    /* Return the pool quotas if there're any */
    if (AmountToReturnPaged != 0)
    {
        PspReturnProcessQuotaSpecifiedPool(NULL, QuotaBlock, PsPagedPool, AmountToReturnPaged);
    }
 
    if (AmountToReturnNonPaged != 0)
    {
        PspReturnProcessQuotaSpecifiedPool(NULL, QuotaBlock, PsNonPagedPool, AmountToReturnNonPaged);
    }
 
    DPRINT("PsReturnSharedPoolQuota(): Amount returned back (paged %lu -- non paged %lu)\n", AmountToReturnPaged, AmountToReturnNonPaged);
 
    /* Dereference the quota block */
    PspDereferenceQuotaBlock(NULL, QuotaBlock);
}

Referenced by ObpDeallocateObject().

◆ PsSuspendThread()

NTSTATUS NTAPI PsSuspendThread	(	IN PETHREAD	Thread,
		OUT PULONG PreviousCount	OPTIONAL
	)

Definition at line 48 of file state.c.

{
    NTSTATUS Status;
    ULONG OldCount = 0;
    PAGED_CODE();
 
    /* Assume success */
    Status = STATUS_SUCCESS;
 
    /* Check if we're suspending ourselves */
    if (Thread == PsGetCurrentThread())
    {
        /* Guard with SEH because KeSuspendThread can raise an exception */
        _SEH2_TRY
        {
            /* Do the suspend */
            OldCount = KeSuspendThread(&Thread->Tcb);
        }
        _SEH2_EXCEPT(_SEH2_GetExceptionCode() == STATUS_SUSPEND_COUNT_EXCEEDED)
        {
            /* Get the exception code */
            Status = _SEH2_GetExceptionCode();
        }
        _SEH2_END;
    }
    else
    {
        /* Acquire rundown protection */
        if (ExAcquireRundownProtection(&Thread->RundownProtect))
        {
            /* Make sure the thread isn't terminating */
            if (Thread->Terminated)
            {
                /* Fail */
                Status = STATUS_THREAD_IS_TERMINATING;
            }
            else
            {
                /* Guard with SEH because KeSuspendThread can raise an exception */
                _SEH2_TRY
                {
                    /* Do the suspend */
                    OldCount = KeSuspendThread(&Thread->Tcb);
                }
                _SEH2_EXCEPT(_SEH2_GetExceptionCode() == STATUS_SUSPEND_COUNT_EXCEEDED)
                {
                    /* Get the exception code */
                    Status = _SEH2_GetExceptionCode();
                }
                _SEH2_END;
 
                /* Check if it was terminated during the suspend */
                if (Thread->Terminated)
                {
                    /* Wake it back up and fail */
                    KeForceResumeThread(&Thread->Tcb);
                    Status = STATUS_THREAD_IS_TERMINATING;
                    OldCount = 0;
                }
            }
 
            /* Release rundown protection */
            ExReleaseRundownProtection(&Thread->RundownProtect);
        }
        else
        {
            /* Thread is terminating */
            Status = STATUS_THREAD_IS_TERMINATING;
        }
    }
 
    /* Write back the previous count */
    if (PreviousCount) *PreviousCount = OldCount;
    return Status;
}

Referenced by DbgkpPostFakeThreadMessages(), NtSuspendThread(), and PsSuspendProcess().

◆ PsTerminateProcess()

NTSTATUS NTAPI PsTerminateProcess	(	IN PEPROCESS	Process,
		IN NTSTATUS	ExitStatus
	)

Definition at line 126 of file kill.c.

{
    /* Call the internal API */
    return PspTerminateProcess(Process, ExitStatus);
}

Referenced by DbgkpCloseObject(), and ExpDebuggerWorker().

Variable Documentation

◆ _PsProcessType

POBJECT_TYPE _PsProcessType

Definition at line 473 of file ps.h.

◆ _PsThreadType

POBJECT_TYPE _PsThreadType

extern

◆ PsActiveProcessHead

LIST_ENTRY PsActiveProcessHead

extern

Definition at line 22 of file process.c.

Referenced by KdbpCmdProc(), PsGetNextProcess(), PspCreateProcess(), and PspInitPhase0().

◆ PsDefaultSystemLocaleId

LCID PsDefaultSystemLocaleId

extern

Definition at line 20 of file locale.c.

Referenced by CmGetSystemControlValues(), MiSessionCreateInternal(), NtQueryDefaultLocale(), and NtSetDefaultLocale().

◆ PsDefaultThreadLocaleId

LCID PsDefaultThreadLocaleId

extern

Definition at line 24 of file locale.c.

Referenced by _IRQL_requires_max_(), CmGetSystemControlValues(), MmCreateTeb(), and MmGetSessionLocaleId().

◆ PsIdleProcess

PEPROCESS PsIdleProcess

extern

Definition at line 51 of file psmgr.c.

Referenced by MmInitSystem(), PopGracefulShutdown(), PspInitPhase0(), PspShutdownProcessManager(), and QSI_DEF().

◆ PsImageNotifyEnabled

BOOLEAN PsImageNotifyEnabled

extern

Definition at line 18 of file psnotify.c.

Referenced by DbgkCreateThread(), MmLoadSystemImage(), and PsSetLoadImageNotifyRoutine().

◆ PsJobType

POBJECT_TYPE PsJobType

extern

Definition at line 20 of file job.c.

Referenced by PspInitPhase0(), and TestWin2003ObjectTypes().

◆ PsLoadedModuleList

LIST_ENTRY PsLoadedModuleList

extern

Definition at line 21 of file sysldr.c.

Referenced by IopInitializeBuiltinDriver(), KdbpSymFindModule(), KdbSymInit(), KdInitSystem(), KiInitModuleList(), KiPcToFileHeader(), MiBuildImportsForBootDrivers(), MiFindInitializationCode(), MiInitializeLoadedModuleList(), MiLookupDataTableEntry(), MiProcessLoaderEntry(), MiResolveImageReferences(), MiSnapThunk(), MmGetSystemRoutineAddress(), MmInitSystem(), MmLoadSystemImage(), and QSI_DEF().

◆ PsLoadedModuleResource

ERESOURCE PsLoadedModuleResource

extern

Definition at line 24 of file sysldr.c.

Referenced by MiFindInitializationCode(), MiInitializeLoadedModuleList(), MiProcessLoaderEntry(), MmGetSystemRoutineAddress(), MmInitSystem(), and QSI_DEF().

◆ PsLoadedModuleSpinLock

KSPIN_LOCK PsLoadedModuleSpinLock

extern

Definition at line 23 of file sysldr.c.

Referenced by KdbpSymFindModule(), KdbSymInit(), MiInitializeLoadedModuleList(), MiProcessLoaderEntry(), and RtlPcToFileHeader().

◆ PsNtDllPathName

UNICODE_STRING PsNtDllPathName

extern

Definition at line 45 of file psmgr.c.

Referenced by DbgkCreateThread(), and PsLocateSystemDll().

◆ PsNtosImageBase

ULONG_PTR PsNtosImageBase

extern

Definition at line 25 of file sysldr.c.

Referenced by KdInitSystem(), and MiInitializeLoadedModuleList().

◆ PspActiveProcessMutex

KGUARDED_MUTEX PspActiveProcessMutex

extern

Definition at line 23 of file process.c.

Referenced by PsGetNextProcess(), PspCreateProcess(), PspDeleteProcess(), and PspInitPhase0().

◆ PspBootAccessToken

PTOKEN PspBootAccessToken

extern

Definition at line 17 of file security.c.

Referenced by PspInitializeProcessSecurity(), and PspInitPhase0().

◆ PspCidTable

PHANDLE_TABLE PspCidTable

extern

Definition at line 48 of file psmgr.c.

Referenced by PsLookupProcessByProcessId(), PsLookupProcessThreadByCid(), PsLookupThreadByThreadId(), PspCreateProcess(), PspCreateThread(), PspDeleteProcess(), PspDeleteThread(), and PspInitPhase0().

◆ PspDefaultQuotaBlock

EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock

extern

Definition at line 16 of file quota.c.

Referenced by NtQueryInformationProcess(), PsInitializeQuotaSystem(), PspChargeProcessQuotaSpecifiedPool(), PspDereferenceQuotaBlock(), PspInheritQuota(), PspReturnProcessQuotaSpecifiedPool(), and PspSetQuotaLimits().

◆ PspJobMapping

GENERIC_MAPPING PspJobMapping

extern

Definition at line 41 of file job.c.

Referenced by PspInitPhase0().

◆ PspJobSchedulingClasses

CHAR PspJobSchedulingClasses[PSP_JOB_SCHEDULING_CLASSES]

extern

Definition at line 27 of file job.c.

Referenced by PsChangeQuantumTable(), and PspComputeQuantumAndPriority().

◆ PspLegoNotifyRoutine

PLEGO_NOTIFY_ROUTINE PspLegoNotifyRoutine

extern

Definition at line 24 of file psnotify.c.

Referenced by PspRunLegoRoutine(), and PsSetLegoNotifyRoutine().

◆ PspLoadImageNotifyRoutine

EX_CALLBACK PspLoadImageNotifyRoutine[PSP_MAX_LOAD_IMAGE_NOTIFY]

extern

Definition at line 23 of file psnotify.c.

Referenced by PspInitPhase0(), PspRunLoadImageNotifyRoutines(), PsRemoveLoadImageNotifyRoutine(), and PsSetLoadImageNotifyRoutine().

◆ PspProcessNotifyRoutine

EX_CALLBACK PspProcessNotifyRoutine[PSP_MAX_CREATE_PROCESS_NOTIFY]

extern

Definition at line 22 of file psnotify.c.

Referenced by PspInitPhase0(), PspRunCreateProcessNotifyRoutines(), and PsSetCreateProcessNotifyRoutine().

◆ PspProcessNotifyRoutineCount

ULONG PspProcessNotifyRoutineCount

Definition at line 463 of file ps.h.

Referenced by PspRunCreateProcessNotifyRoutines().

◆ PspReaperListHead

LIST_ENTRY PspReaperListHead

extern

Definition at line 19 of file kill.c.

◆ PspReaperWorkItem

WORK_QUEUE_ITEM PspReaperWorkItem

extern

Definition at line 20 of file kill.c.

Referenced by KeTerminateThread(), and PspInitPhase0().

◆ PspReaping

BOOLEAN PspReaping

extern

◆ PsPrioritySeparation

ULONG PsPrioritySeparation

extern

Definition at line 28 of file process.c.

Referenced by KiDeferredReadyThread(), PsChangeQuantumTable(), and PspComputeQuantumAndPriority().

◆ PspSystemDllBase

PVOID PspSystemDllBase

extern

Definition at line 41 of file psmgr.c.

Referenced by CODE_SEG(), DbgkCreateThread(), PsLocateSystemDll(), and PspUserThreadStartup().

◆ PspSystemDllEntryPoint

PVOID PspSystemDllEntryPoint

extern

Definition at line 43 of file psmgr.c.

Referenced by PspInitializeSystemDll(), and PspUserThreadStartup().

◆ PspThreadNotifyRoutine

EX_CALLBACK PspThreadNotifyRoutine[PSP_MAX_CREATE_THREAD_NOTIFY]

extern

Definition at line 21 of file psnotify.c.

Referenced by PspInitPhase0(), PspRunCreateThreadNotifyRoutines(), PsRemoveCreateThreadNotifyRoutine(), and PsSetCreateThreadNotifyRoutine().

◆ PspThreadNotifyRoutineCount

ULONG PspThreadNotifyRoutineCount

extern

Definition at line 19 of file psnotify.c.

Referenced by PspRunCreateThreadNotifyRoutines(), PsRemoveCreateThreadNotifyRoutine(), and PsSetCreateThreadNotifyRoutine().

◆ PspTraceLevel

ULONG PspTraceLevel

extern

Definition at line 18 of file query.c.

◆ PspUseJobSchedulingClasses

BOOLEAN PspUseJobSchedulingClasses

extern

Definition at line 25 of file job.c.

Referenced by PsChangeQuantumTable(), and PspComputeQuantumAndPriority().

◆ PspW32ProcessCallout

PKWIN32_PROCESS_CALLOUT PspW32ProcessCallout

extern

Definition at line 18 of file win32.c.

Referenced by PsConvertToGuiThread(), PsEstablishWin32Callouts(), and PspExitThread().

◆ PspW32ThreadCallout

PKWIN32_THREAD_CALLOUT PspW32ThreadCallout

extern

Definition at line 19 of file win32.c.

Referenced by PsConvertToGuiThread(), PsEstablishWin32Callouts(), and PspExitThread().

◆ PsRawPrioritySeparation

ULONG PsRawPrioritySeparation

extern

Definition at line 27 of file process.c.

Referenced by PspInitPhase0().

◆ ShortPsLockDelay

LARGE_INTEGER ShortPsLockDelay

extern

Definition at line 477 of file ps.h.

Classes

Macros

Typedefs

Functions

Variables

Macro Definition Documentation

◆ _PS_DEBUG_

◆ PS_JOB_DEBUG

◆ PS_KILL_DEBUG

◆ PS_NOTIFICATIONS_DEBUG

◆ PS_PROCESS_DEBUG

◆ PS_QUOTA_DEBUG

◆ PS_REF_DEBUG

◆ PS_SECURITY_DEBUG

◆ PS_STATE_DEBUG

◆ PS_THREAD_DEBUG

◆ PS_WIN32K_DEBUG

◆ PSP_JOB_SCHEDULING_CLASSES

◆ PSP_MAX_CREATE_PROCESS_NOTIFY

◆ PSP_MAX_CREATE_THREAD_NOTIFY

◆ PSP_MAX_LOAD_IMAGE_NOTIFY

◆ PSP_NON_PAGED_POOL_QUOTA_THRESHOLD

◆ PSP_PAGED_POOL_QUOTA_THRESHOLD

◆ PSREFTRACE

◆ PSTRACE

Typedef Documentation

◆ GET_SET_CTX_CONTEXT

◆ PGET_SET_CTX_CONTEXT

Function Documentation

◆ ApphelpCacheInitialize()

◆ ApphelpCacheShutdown()

◆ PsChangeQuantumTable()

◆ PsChargeProcessPageFileQuota()

◆ PsChargeSharedPoolQuota()

◆ PsExitSpecialApc()

◆ PsGetNextProcess()

◆ PsGetNextProcessThread()

◆ PsIdleThreadMain()

◆ PsInitSystem()

◆ PsLocateSystemDll()

◆ PsOpenTokenOfProcess()

◆ PspCreateProcess()

◆ PspDeleteJob()

◆ PspDeleteProcess()

◆ PspDeleteProcessSecurity()

◆ PspDeleteThread()

◆ PspDeleteThreadSecurity()

◆ PspDereferenceQuotaBlock()

◆ PspExitProcess()

◆ PspExitProcessFromJob()

◆ PspExitThread()

◆ PspGetOrSetContextKernelRoutine()

◆ PspInheritQuota()

◆ PspInitializeJobStructures()

◆ PspInitializeProcessSecurity()

◆ PspIsProcessExiting()

◆ PspMapSystemDll()

◆ PspReapRoutine()

◆ PspRemoveProcessFromJob()

◆ PspSetPrimaryToken()

◆ PspSetQuotaLimits()

◆ PspShutdownProcessManager()

◆ PspSystemThreadStartup()

◆ PspTerminateThreadByPointer()

◆ PsReferenceEffectiveToken()

◆ PsReferenceProcessFilePointer()

◆ PsResumeThread()

◆ PsReturnProcessPageFileQuota()

◆ PsReturnSharedPoolQuota()

◆ PsSuspendThread()

◆ PsTerminateProcess()

Variable Documentation

◆ _PsProcessType

◆ _PsThreadType

◆ PsActiveProcessHead

◆ PsDefaultSystemLocaleId

◆ PsDefaultThreadLocaleId

◆ PsIdleProcess

◆ PsImageNotifyEnabled

◆ PsJobType