ps.h File Reference

#include "ps_x.h"

Include dependency graph for ps.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes
struct	_GET_SET_CTX_CONTEXT

Macros
#define	_PS_DEBUG_   0x00
#define	PS_THREAD_DEBUG   0x01
#define	PS_PROCESS_DEBUG   0x02
#define	PS_SECURITY_DEBUG   0x04
#define	PS_JOB_DEBUG   0x08
#define	PS_NOTIFICATIONS_DEBUG   0x10
#define	PS_WIN32K_DEBUG   0x20
#define	PS_STATE_DEBUG   0x40
#define	PS_QUOTA_DEBUG   0x80
#define	PS_KILL_DEBUG   0x100
#define	PS_REF_DEBUG   0x200
#define	PSTRACE(x, fmt,...)   DPRINT(fmt, ##__VA_ARGS__)
#define	PSREFTRACE(x)
#define	PSP_MAX_CREATE_THREAD_NOTIFY   8
#define	PSP_MAX_LOAD_IMAGE_NOTIFY   8
#define	PSP_MAX_CREATE_PROCESS_NOTIFY   8
#define	PSP_JOB_SCHEDULING_CLASSES   10

Typedefs
typedef struct _GET_SET_CTX_CONTEXT	GET_SET_CTX_CONTEXT
typedef struct _GET_SET_CTX_CONTEXT *	PGET_SET_CTX_CONTEXT

Functions
VOID NTAPI	PspShutdownProcessManager (VOID)
BOOLEAN NTAPI	PsInitSystem (IN PLOADER_PARAMETER_BLOCK LoaderBlock)
PETHREAD NTAPI	PsGetNextProcessThread (IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
PEPROCESS NTAPI	PsGetNextProcess (IN PEPROCESS OldProcess OPTIONAL)
NTSTATUS NTAPI	PspMapSystemDll (IN PEPROCESS Process, OUT PVOID *DllBase, IN BOOLEAN UseLargePages)
NTSTATUS NTAPI	PsLocateSystemDll (VOID)
NTSTATUS NTAPI	PspGetSystemDllEntryPoints (VOID)
VOID NTAPI	PsChangeQuantumTable (IN BOOLEAN Immediate, IN ULONG PrioritySeparation)
NTSTATUS NTAPI	PsReferenceProcessFilePointer (IN PEPROCESS Process, OUT PFILE_OBJECT *FileObject)
NTSTATUS NTAPI	PspCreateProcess (OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ParentProcess OPTIONAL, IN ULONG Flags, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, IN BOOLEAN InJob)
PACCESS_TOKEN NTAPI	PsReferenceEffectiveToken (IN PETHREAD Thread, OUT PTOKEN_TYPE TokenType, OUT PUCHAR b, OUT PSECURITY_IMPERSONATION_LEVEL Level)
NTSTATUS NTAPI	PsOpenTokenOfProcess (IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)
NTSTATUS NTAPI	PspSetPrimaryToken (IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
NTSTATUS NTAPI	PspInitializeProcessSecurity (IN PEPROCESS Process, IN PEPROCESS Parent OPTIONAL)
VOID NTAPI	PspDeleteProcessSecurity (IN PEPROCESS Process)
VOID NTAPI	PspDeleteThreadSecurity (IN PETHREAD Thread)
VOID NTAPI	PsExitSpecialApc (PKAPC Apc, PKNORMAL_ROUTINE *NormalRoutine, PVOID *NormalContext, PVOID *SystemArgument1, PVOID *SystemArgument2)
VOID NTAPI	PspReapRoutine (IN PVOID Context)
VOID NTAPI	PspExitThread (IN NTSTATUS ExitStatus)
NTSTATUS NTAPI	PspTerminateThreadByPointer (IN PETHREAD Thread, IN NTSTATUS ExitStatus, IN BOOLEAN bSelf)
VOID NTAPI	PspExitProcess (IN BOOLEAN LastThread, IN PEPROCESS Process)
NTSTATUS NTAPI	PsTerminateProcess (IN PEPROCESS Process, IN NTSTATUS ExitStatus)
VOID NTAPI	PspDeleteProcess (IN PVOID ObjectBody)
VOID NTAPI	PspDeleteThread (IN PVOID ObjectBody)
VOID NTAPI	PspSystemThreadStartup (PKSTART_ROUTINE StartRoutine, PVOID StartContext)
VOID NTAPI	PsIdleThreadMain (IN PVOID Context)
VOID NTAPI	PspInheritQuota (IN PEPROCESS Process, IN PEPROCESS ParentProcess)
VOID NTAPI	PspDestroyQuotaBlock (IN PEPROCESS Process)
NTSTATUS NTAPI	PspSetQuotaLimits (_In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode)
VOID NTAPI	PspExitProcessFromJob (IN PEJOB Job, IN PEPROCESS Process)
VOID NTAPI	PspRemoveProcessFromJob (IN PEPROCESS Process, IN PEJOB Job)
VOID NTAPI	PspInitializeJobStructures (VOID)
VOID NTAPI	PspDeleteJob (IN PVOID ObjectBody)
NTSTATUS NTAPI	PsResumeThread (IN PETHREAD Thread, OUT PULONG PreviousCount OPTIONAL)
NTSTATUS NTAPI	PsSuspendThread (IN PETHREAD Thread, OUT PULONG PreviousCount OPTIONAL)
VOID NTAPI	PspGetOrSetContextKernelRoutine (IN PKAPC Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine, IN OUT PVOID *NormalContext, IN OUT PVOID *SystemArgument1, IN OUT PVOID *SystemArgument2)
NTSTATUS NTAPI	PsReturnProcessPageFileQuota (IN PEPROCESS Process, IN SIZE_T Amount)
NTSTATUS NTAPI	PsChargeProcessPageFileQuota (IN PEPROCESS Process, IN SIZE_T Amount)
BOOLEAN NTAPI	PspIsProcessExiting (IN PEPROCESS Process)
NTSTATUS NTAPI	ApphelpCacheInitialize (VOID)
VOID NTAPI	ApphelpCacheShutdown (VOID)

Variables
ULONG	PspTraceLevel
LCID	PsDefaultThreadLocaleId
LCID	PsDefaultSystemLocaleId
LIST_ENTRY	PspReaperListHead
WORK_QUEUE_ITEM	PspReaperWorkItem
BOOLEAN	PspReaping
PEPROCESS	PsIdleProcess
LIST_ENTRY	PsActiveProcessHead
KGUARDED_MUTEX	PspActiveProcessMutex
LARGE_INTEGER	ShortPsLockDelay
EPROCESS_QUOTA_BLOCK	PspDefaultQuotaBlock
PHANDLE_TABLE	PspCidTable
EX_CALLBACK	PspThreadNotifyRoutine [PSP_MAX_CREATE_THREAD_NOTIFY]
EX_CALLBACK	PspProcessNotifyRoutine [PSP_MAX_CREATE_PROCESS_NOTIFY]
EX_CALLBACK	PspLoadImageNotifyRoutine [PSP_MAX_LOAD_IMAGE_NOTIFY]
PLEGO_NOTIFY_ROUTINE	PspLegoNotifyRoutine
ULONG	PspThreadNotifyRoutineCount
ULONG	PspProcessNotifyRoutineCount
BOOLEAN	PsImageNotifyEnabled
PKWIN32_PROCESS_CALLOUT	PspW32ProcessCallout
PKWIN32_THREAD_CALLOUT	PspW32ThreadCallout
PVOID	PspSystemDllEntryPoint
PVOID	PspSystemDllBase
BOOLEAN	PspUseJobSchedulingClasses
CHAR	PspJobSchedulingClasses [PSP_JOB_SCHEDULING_CLASSES]
ULONG	PsRawPrioritySeparation
ULONG	PsPrioritySeparation
POBJECT_TYPE	_PsThreadType
POBJECT_TYPE	_PsProcessType
PTOKEN	PspBootAccessToken
GENERIC_MAPPING	PspJobMapping
POBJECT_TYPE	PsJobType
UNICODE_STRING	PsNtDllPathName
LIST_ENTRY	PsLoadedModuleList
KSPIN_LOCK	PsLoadedModuleSpinLock
ERESOURCE	PsLoadedModuleResource
ULONG_PTR	PsNtosImageBase

Macro Definition Documentation

#define _PS_DEBUG_   0x00

Definition at line 12 of file ps.h.

#define PS_JOB_DEBUG   0x08

Definition at line 20 of file ps.h.

#define PS_KILL_DEBUG   0x100

Definition at line 25 of file ps.h.

Referenced by NtRegisterThreadTerminatePort(), NtTerminateProcess(), NtTerminateThread(), PsExitSpecialApc(), PspDeleteProcess(), PspDeleteThread(), PspExitNormalApc(), PspExitProcess(), PspExitThread(), PspReapRoutine(), PspTerminateProcess(), and PspTerminateThreadByPointer().

#define PS_NOTIFICATIONS_DEBUG   0x10

Definition at line 21 of file ps.h.

#define PS_PROCESS_DEBUG   0x02

Definition at line 18 of file ps.h.

Referenced by NtCreateProcess(), NtCreateProcessEx(), NtOpenProcess(), PsChangeQuantumTable(), PsGetNextProcess(), PsGetNextProcessThread(), PsLookupProcessByProcessId(), PsLookupProcessThreadByCid(), PspComputeQuantumAndPriority(), PspCreateProcess(), and PsSetProcessPriorityByClass().

#define PS_QUOTA_DEBUG   0x80

Definition at line 24 of file ps.h.

#define PS_REF_DEBUG   0x200

Definition at line 26 of file ps.h.

#define PS_SECURITY_DEBUG   0x04

Definition at line 19 of file ps.h.

Referenced by NtImpersonateThread(), NtOpenProcessTokenEx(), PsAssignImpersonationToken(), PsDisableImpersonation(), PsImpersonateClient(), PsOpenTokenOfProcess(), PspAssignPrimaryToken(), PspDeleteProcessSecurity(), PspDeleteThreadSecurity(), PspInitializeProcessSecurity(), PspSetPrimaryToken(), PspWriteTebImpersonationInfo(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), PsReferencePrimaryToken(), PsRestoreImpersonation(), and PsRevertThreadToSelf().

#define PS_STATE_DEBUG   0x40

Definition at line 23 of file ps.h.

#define PS_THREAD_DEBUG   0x01

Definition at line 17 of file ps.h.

Referenced by NtCreateThread(), NtOpenThread(), PsCreateSystemThread(), PsLookupThreadByThreadId(), PspCreateThread(), PspSystemThreadStartup(), and PspUserThreadStartup().

#define PS_WIN32K_DEBUG   0x20

Definition at line 22 of file ps.h.

#define PSP_JOB_SCHEDULING_CLASSES   10

Definition at line 71 of file ps.h.

#define PSP_MAX_CREATE_PROCESS_NOTIFY   8

Definition at line 66 of file ps.h.

Referenced by PspInitPhase0(), PspRunCreateProcessNotifyRoutines(), and PsSetCreateProcessNotifyRoutine().

#define PSP_MAX_CREATE_THREAD_NOTIFY   8

Definition at line 64 of file ps.h.

Referenced by PspInitPhase0(), PspRunCreateThreadNotifyRoutines(), PsRemoveCreateThreadNotifyRoutine(), and PsSetCreateThreadNotifyRoutine().

#define PSP_MAX_LOAD_IMAGE_NOTIFY   8

Definition at line 65 of file ps.h.

Referenced by PspInitPhase0(), PspRunLoadImageNotifyRoutines(), PsRemoveLoadImageNotifyRoutine(), and PsSetLoadImageNotifyRoutine().

#define PSREFTRACE

(

x

)

Definition at line 58 of file ps.h.

Referenced by PspCreateThread(), PspDeleteProcess(), PspDeleteThread(), PspExitProcess(), PspTerminateProcess(), and PspTerminateThreadByPointer().

#define PSTRACE	(		x,
			fmt,
			...
	)		DPRINT(fmt, ##__VA_ARGS__)

Definition at line 57 of file ps.h.

Referenced by NtCreateProcess(), NtCreateProcessEx(), NtCreateThread(), NtImpersonateThread(), NtOpenProcess(), NtOpenProcessTokenEx(), NtOpenThread(), NtRegisterThreadTerminatePort(), NtTerminateProcess(), NtTerminateThread(), PsAssignImpersonationToken(), PsChangeQuantumTable(), PsCreateSystemThread(), PsDisableImpersonation(), PsExitSpecialApc(), PsGetNextProcess(), PsGetNextProcessThread(), PsImpersonateClient(), PsLookupProcessByProcessId(), PsLookupProcessThreadByCid(), PsLookupThreadByThreadId(), PsOpenTokenOfProcess(), PspAssignPrimaryToken(), PspComputeQuantumAndPriority(), PspCreateProcess(), PspCreateThread(), PspDeleteProcess(), PspDeleteProcessSecurity(), PspDeleteThread(), PspDeleteThreadSecurity(), PspExitNormalApc(), PspExitProcess(), PspExitThread(), PspInitializeProcessSecurity(), PspReapRoutine(), PspSetPrimaryToken(), PspSystemThreadStartup(), PspTerminateProcess(), PspTerminateThreadByPointer(), PspUserThreadStartup(), PspWriteTebImpersonationInfo(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), PsReferencePrimaryToken(), PsRestoreImpersonation(), PsRevertThreadToSelf(), and PsSetProcessPriorityByClass().

Typedef Documentation

typedef struct _GET_SET_CTX_CONTEXT GET_SET_CTX_CONTEXT

typedef struct _GET_SET_CTX_CONTEXT * PGET_SET_CTX_CONTEXT

Function Documentation

NTSTATUS NTAPI ApphelpCacheInitialize

(

VOID

)

Definition at line 440 of file apphelp.c.

Referenced by IoInitSystem().

{
    DPRINT("SHIMS: ApphelpCacheInitialize\n");
    /* If we are booting in safemode we do not want to use the apphelp cache */
    if (InitSafeBootMode)
    {
        DPRINT1("SHIMS: Safe mode detected, disabling cache.\n");
        ApphelpCacheEnabled = FALSE;
    }
    else
    {
        ExInitializeResourceLite(&ApphelpCacheLock);
        RtlInitializeGenericTableAvl(&ApphelpShimCache,
                                     ApphelpShimCacheCompareRoutine,
                                     ApphelpShimCacheAllocateRoutine,
                                     ApphelpShimCacheFreeRoutine,
                                     NULL);
        InitializeListHead(&ApphelpShimCacheAge);
        ApphelpCacheEnabled = ApphelpCacheRead();
    }
    DPRINT("SHIMS: ApphelpCacheInitialize: %d\n", ApphelpCacheEnabled);
    return STATUS_SUCCESS;
}

VOID NTAPI ApphelpCacheShutdown

(

VOID

)

Definition at line 466 of file apphelp.c.

Referenced by PopGracefulShutdown().

{
    if (ApphelpCacheEnabled)
    {
        ApphelpCacheWrite();
    }
}

VOID NTAPI PsChangeQuantumTable	(	IN BOOLEAN	Immediate,
		IN ULONG	PrioritySeparation
	)

Definition at line 235 of file process.c.

Referenced by PspInitPhase0(), and SSI_DEF().

{
    PEPROCESS Process = NULL;
    ULONG i;
    UCHAR Quantum;
    PCHAR QuantumTable;
    PAGED_CODE();
    PSTRACE(PS_PROCESS_DEBUG,
            "%lx PrioritySeparation: %lx\n", Immediate, PrioritySeparation);

    /* Write the current priority separation */
    PsPrioritySeparation = PspPrioritySeparationFromMask(PrioritySeparation);

    /* Normalize it if it was too high */
    if (PsPrioritySeparation == 3) PsPrioritySeparation = 2;

    /* Get the quantum table to use */
    if (PspQuantumTypeFromMask(PrioritySeparation) == PSP_VARIABLE_QUANTUMS)
    {
        /* Use a variable table */
        QuantumTable = PspVariableQuantums;
    }
    else if (PspQuantumTypeFromMask(PrioritySeparation) == PSP_FIXED_QUANTUMS)
    {
        /* Use fixed table */
        QuantumTable = PspFixedQuantums;
    }
    else
    {
        /* Use default for the type of system we're on */
        QuantumTable = MmIsThisAnNtAsSystem() ? PspFixedQuantums : PspVariableQuantums;
    }

    /* Now check if we should use long or short */
    if (PspQuantumLengthFromMask(PrioritySeparation) == PSP_LONG_QUANTUMS)
    {
        /* Use long quantums */
        QuantumTable += 3;
    }
    else if (PspQuantumLengthFromMask(PrioritySeparation) == PSP_SHORT_QUANTUMS)
    {
        /* Keep existing table */
        NOTHING;
    }
    else
    {
        /* Use default for the type of system we're on */
        QuantumTable += MmIsThisAnNtAsSystem() ? 3 : 0;
    }

    /* Check if we're using long fixed quantums */
    if (QuantumTable == &PspFixedQuantums[3])
    {
        /* Use Job scheduling classes */
         PspUseJobSchedulingClasses = TRUE;
    }
    else
    {
        /* Otherwise, we don't */
        PspUseJobSchedulingClasses = FALSE;
    }

    /* Copy the selected table into the Foreground Quantum table */
    RtlCopyMemory(PspForegroundQuantum,
                  QuantumTable,
                  sizeof(PspForegroundQuantum));

    /* Check if we should apply these changes real-time */
    if (Immediate)
    {
        /* We are...loop every process */
        Process = PsGetNextProcess(Process);
        while (Process)
        {
            /* Use the priority separation if this is a foreground process */
            i = (Process->Vm.Flags.MemoryPriority ==
                 MEMORY_PRIORITY_BACKGROUND) ?
                 0: PsPrioritySeparation;

            /* Make sure that the process isn't idle */
            if (Process->PriorityClass != PROCESS_PRIORITY_CLASS_IDLE)
            {
                /* Does the process have a job? */
                if ((Process->Job) && (PspUseJobSchedulingClasses))
                {
                    /* Use job quantum */
                    Quantum = PspJobSchedulingClasses[Process->Job->SchedulingClass];
                }
                else
                {
                    /* Use calculated quantum */
                    Quantum = PspForegroundQuantum[i];
                }
            }
            else
            {
                /* Process is idle, use default quantum */
                Quantum = 6;
            }

            /* Now set the quantum */
            KeSetQuantumProcess(&Process->Pcb, Quantum);

            /* Get the next process */
            Process = PsGetNextProcess(Process);
        }
    }
}

NTSTATUS NTAPI PsChargeProcessPageFileQuota	(	IN PEPROCESS	Process,
		IN SIZE_T	Amount
	)

Definition at line 162 of file quota.c.

{
    /* Don't do anything for the system process */
    if (Process == PsInitialSystemProcess) return STATUS_SUCCESS;

    return PspChargeProcessQuotaSpecifiedPool(Process, 2, Amount);
}

VOID NTAPI PsExitSpecialApc	(	PKAPC	Apc,
		PKNORMAL_ROUTINE *	NormalRoutine,
		PVOID *	NormalContext,
		PVOID *	SystemArgument1,
		PVOID *	SystemArgument2
	)

Referenced by KiInsertQueueApc().

PEPROCESS NTAPI PsGetNextProcess

(

IN PEPROCESS OldProcess

OPTIONAL

)

Definition at line 128 of file process.c.

Referenced by DbgkpCloseObject(), ExpDebuggerWorker(), PopGracefulShutdown(), PsChangeQuantumTable(), PspShutdownProcessManager(), and QSI_DEF().

{
    PLIST_ENTRY Entry;
    PEPROCESS FoundProcess = NULL;
    PAGED_CODE();
    PSTRACE(PS_PROCESS_DEBUG, "Process: %p\n", OldProcess);

    /* Acquire the Active Process Lock */
    KeAcquireGuardedMutex(&PspActiveProcessMutex);

    /* Check if we're already starting somewhere */
    if (OldProcess)
    {
        /* Start where we left off */
        Entry = OldProcess->ActiveProcessLinks.Flink;
    }
    else
    {
        /* Start at the beginning */
        Entry = PsActiveProcessHead.Flink;
    }

    /* Loop the process list */
    while (Entry != &PsActiveProcessHead)
    {
        /* Get the process */
        FoundProcess = CONTAINING_RECORD(Entry, EPROCESS, ActiveProcessLinks);

        /* Reference the process */
        if (ObReferenceObjectSafe(FoundProcess)) break;

        /* Nothing found, keep trying */
        FoundProcess = NULL;
        Entry = Entry->Flink;
    }

    /* Release the lock */
    KeReleaseGuardedMutex(&PspActiveProcessMutex);

    /* Dereference the Process we had referenced earlier */
    if (OldProcess) ObDereferenceObject(OldProcess);
    return FoundProcess;
}

PETHREAD NTAPI PsGetNextProcessThread	(	IN PEPROCESS	Process,
		IN PETHREAD Thread	OPTIONAL
	)

Definition at line 75 of file process.c.

Referenced by DbgkpPostFakeThreadMessages(), DbgkpSetProcessDebugObject(), ExSwapinWorkerThreads(), NtSetInformationThread(), NtTerminateProcess(), PspTerminateProcess(), PsResumeProcess(), and PsSuspendProcess().

{
    PETHREAD FoundThread = NULL;
    PLIST_ENTRY ListHead, Entry;
    PAGED_CODE();
    PSTRACE(PS_PROCESS_DEBUG,
            "Process: %p Thread: %p\n", Process, Thread);

    /* Lock the process */
    KeEnterCriticalRegion();
    ExAcquirePushLockShared(&Process->ProcessLock);

    /* Check if we're already starting somewhere */
    if (Thread)
    {
        /* Start where we left off */
        Entry = Thread->ThreadListEntry.Flink;
    }
    else
    {
        /* Start at the beginning */
        Entry = Process->ThreadListHead.Flink;
    }

    /* Set the list head and start looping */
    ListHead = &Process->ThreadListHead;
    while (ListHead != Entry)
    {
        /* Get the Thread */
        FoundThread = CONTAINING_RECORD(Entry, ETHREAD, ThreadListEntry);

        /* Safe reference the thread */
        if (ObReferenceObjectSafe(FoundThread)) break;

        /* Nothing found, keep looping */
        FoundThread = NULL;
        Entry = Entry->Flink;
    }

    /* Unlock the process */
    ExReleasePushLockShared(&Process->ProcessLock);
    KeLeaveCriticalRegion();

    /* Check if we had a starting thread, and dereference it */
    if (Thread) ObDereferenceObject(Thread);

    /* Return what we found */
    return FoundThread;
}

VOID NTAPI PsIdleThreadMain

(

IN PVOID

Context

)

BOOLEAN NTAPI PsInitSystem

(

IN PLOADER_PARAMETER_BLOCK

LoaderBlock

)

Definition at line 626 of file psmgr.c.

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

{
    /* Check the initialization phase */
    switch (ExpInitializationPhase)
    {
    case 0:

        /* Do Phase 0 */
        return PspInitPhase0(LoaderBlock);

    case 1:

        /* Do Phase 1 */
        return PspInitPhase1();

    default:

        /* Don't know any other phase! Bugcheck! */
        KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
                     1,
                     ExpInitializationPhase,
                     0,
                     0);
        return FALSE;
    }
}

NTSTATUS NTAPI PsLocateSystemDll

(

VOID

)

Definition at line 279 of file psmgr.c.

Referenced by IoInitSystem().

{
    OBJECT_ATTRIBUTES ObjectAttributes;
    IO_STATUS_BLOCK IoStatusBlock;
    HANDLE FileHandle, SectionHandle;
    NTSTATUS Status;
    ULONG_PTR HardErrorParameters;
    ULONG HardErrorResponse;

    /* Locate and open NTDLL to determine ImageBase and LdrStartup */
    InitializeObjectAttributes(&ObjectAttributes,
                               &PsNtDllPathName,
                               0,
                               NULL,
                               NULL);
    Status = ZwOpenFile(&FileHandle,
                        FILE_READ_ACCESS,
                        &ObjectAttributes,
                        &IoStatusBlock,
                        FILE_SHARE_READ,
                        0);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 2, 0, 0);
    }

    /* Check if the image is valid */
    Status = MmCheckSystemImage(FileHandle, TRUE);
    if (Status == STATUS_IMAGE_CHECKSUM_MISMATCH)
    {
        /* Raise a hard error */
        HardErrorParameters = (ULONG_PTR)&PsNtDllPathName;
        NtRaiseHardError(Status,
                         1,
                         1,
                         &HardErrorParameters,
                         OptionOk,
                         &HardErrorResponse);
        return Status;
    }

    /* Create a section for NTDLL */
    Status = ZwCreateSection(&SectionHandle,
                             SECTION_ALL_ACCESS,
                             NULL,
                             NULL,
                             PAGE_EXECUTE,
                             SEC_IMAGE,
                             FileHandle);
    ZwClose(FileHandle);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 3, 0, 0);
    }

    /* Reference the Section */
    Status = ObReferenceObjectByHandle(SectionHandle,
                                       SECTION_ALL_ACCESS,
                                       MmSectionObjectType,
                                       KernelMode,
                                       (PVOID*)&PspSystemDllSection,
                                       NULL);
    ZwClose(SectionHandle);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 4, 0, 0);
    }

    /* Map it */
    Status = PspMapSystemDll(PsGetCurrentProcess(), &PspSystemDllBase, FALSE);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 5, 0, 0);
    }

    /* Return status */
    return Status;
}

NTSTATUS NTAPI PsOpenTokenOfProcess	(	IN HANDLE	ProcessHandle,
		OUT PACCESS_TOKEN *	Token
	)

Definition at line 449 of file security.c.

Referenced by NtOpenProcessTokenEx().

{
    PEPROCESS Process;
    NTSTATUS Status;
    PAGED_CODE();
    PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", ProcessHandle);

    /* Get the Token */
    Status = ObReferenceObjectByHandle(ProcessHandle,
                                       PROCESS_QUERY_INFORMATION,
                                       PsProcessType,
                                       ExGetPreviousMode(),
                                       (PVOID*)&Process,
                                       NULL);
    if (NT_SUCCESS(Status))
    {
        /* Reference the token and dereference the process */
        *Token = PsReferencePrimaryToken(Process);
        ObDereferenceObject(Process);
    }

    /* Return */
    return Status;
}

NTSTATUS NTAPI PspCreateProcess	(	OUT PHANDLE	ProcessHandle,
		IN ACCESS_MASK	DesiredAccess,
		IN POBJECT_ATTRIBUTES ObjectAttributes	OPTIONAL,
		IN HANDLE ParentProcess	OPTIONAL,
		IN ULONG	Flags,
		IN HANDLE SectionHandle	OPTIONAL,
		IN HANDLE DebugPort	OPTIONAL,
		IN HANDLE ExceptionPort	OPTIONAL,
		IN BOOLEAN	InJob
	)

Definition at line 347 of file process.c.

Referenced by NtCreateProcessEx(), PsCreateSystemProcess(), and PspInitPhase0().

{
    HANDLE hProcess;
    PEPROCESS Process, Parent;
    PVOID ExceptionPortObject;
    PDEBUG_OBJECT DebugObject;
    PSECTION_OBJECT SectionObject;
    NTSTATUS Status, AccessStatus;
    ULONG_PTR DirectoryTableBase[2] = {0,0};
    KAFFINITY Affinity;
    HANDLE_TABLE_ENTRY CidEntry;
    PETHREAD CurrentThread = PsGetCurrentThread();
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
    PEPROCESS CurrentProcess = PsGetCurrentProcess();
    ULONG MinWs, MaxWs;
    ACCESS_STATE LocalAccessState;
    PACCESS_STATE AccessState = &LocalAccessState;
    AUX_ACCESS_DATA AuxData;
    UCHAR Quantum;
    BOOLEAN Result, SdAllocated;
    PSECURITY_DESCRIPTOR SecurityDescriptor;
    SECURITY_SUBJECT_CONTEXT SubjectContext;
    BOOLEAN NeedsPeb = FALSE;
    INITIAL_PEB InitialPeb;
    PAGED_CODE();
    PSTRACE(PS_PROCESS_DEBUG,
            "ProcessHandle: %p Parent: %p\n", ProcessHandle, ParentProcess);

    /* Validate flags */
    if (Flags & ~PROCESS_CREATE_FLAGS_LEGAL_MASK) return STATUS_INVALID_PARAMETER;

    /* Check for parent */
    if (ParentProcess)
    {
        /* Reference it */
        Status = ObReferenceObjectByHandle(ParentProcess,
                                           PROCESS_CREATE_PROCESS,
                                           PsProcessType,
                                           PreviousMode,
                                           (PVOID*)&Parent,
                                           NULL);
        if (!NT_SUCCESS(Status)) return Status;

        /* If this process should be in a job but the parent isn't */
        if ((InJob) && (!Parent->Job))
        {
            /* This is illegal. Dereference the parent and fail */
            ObDereferenceObject(Parent);
            return STATUS_INVALID_PARAMETER;
        }

        /* Inherit Parent process's Affinity. */
        Affinity = Parent->Pcb.Affinity;
    }
    else
    {
        /* We have no parent */
        Parent = NULL;
        Affinity = KeActiveProcessors;
    }

    /* Save working set data */
    MinWs = PsMinimumWorkingSet;
    MaxWs = PsMaximumWorkingSet;

    /* Create the Object */
    Status = ObCreateObject(PreviousMode,
                            PsProcessType,
                            ObjectAttributes,
                            PreviousMode,
                            NULL,
                            sizeof(EPROCESS),
                            0,
                            0,
                            (PVOID*)&Process);
    if (!NT_SUCCESS(Status)) goto Cleanup;

    /* Clean up the Object */
    RtlZeroMemory(Process, sizeof(EPROCESS));

    /* Initialize pushlock and rundown protection */
    ExInitializeRundownProtection(&Process->RundownProtect);
    Process->ProcessLock.Value = 0;

    /* Setup the Thread List Head */
    InitializeListHead(&Process->ThreadListHead);

    /* Set up the Quota Block from the Parent */
    PspInheritQuota(Process, Parent);

    /* Set up Dos Device Map from the Parent */
    ObInheritDeviceMap(Parent, Process);

    /* Check if we have a parent */
    if (Parent)
    {
        /* Inherit PID and Hard Error Processing */
        Process->InheritedFromUniqueProcessId = Parent->UniqueProcessId;
        Process->DefaultHardErrorProcessing = Parent->
                                              DefaultHardErrorProcessing;
    }
    else
    {
        /* Use default hard error processing */
        Process->DefaultHardErrorProcessing = TRUE;
    }

    /* Check for a section handle */
    if (SectionHandle)
    {
        /* Get a pointer to it */
        Status = ObReferenceObjectByHandle(SectionHandle,
                                           SECTION_MAP_EXECUTE,
                                           MmSectionObjectType,
                                           PreviousMode,
                                           (PVOID*)&SectionObject,
                                           NULL);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;
    }
    else
    {
        /* Assume no section object */
        SectionObject = NULL;

        /* Is the parent the initial process?
         * Check for NULL also, as at initialization PsInitialSystemProcess is NULL */
        if (Parent != PsInitialSystemProcess && (Parent != NULL))
        {
            /* It's not, so acquire the process rundown */
            if (ExAcquireRundownProtection(&Parent->RundownProtect))
            {
                /* If the parent has a section, use it */
                SectionObject = Parent->SectionObject;
                if (SectionObject) ObReferenceObject(SectionObject);

                /* Release process rundown */
                ExReleaseRundownProtection(&Parent->RundownProtect);
            }

            /* If we don't have a section object */
            if (!SectionObject)
            {
                /* Then the process is in termination, so fail */
                Status = STATUS_PROCESS_IS_TERMINATING;
                goto CleanupWithRef;
            }
        }
    }

    /* Save the pointer to the section object */
    Process->SectionObject = SectionObject;

    /* Check for the debug port */
    if (DebugPort)
    {
        /* Reference it */
        Status = ObReferenceObjectByHandle(DebugPort,
                                           DEBUG_OBJECT_ADD_REMOVE_PROCESS,
                                           DbgkDebugObjectType,
                                           PreviousMode,
                                           (PVOID*)&DebugObject,
                                           NULL);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;

        /* Save the debug object */
        Process->DebugPort = DebugObject;

        /* Check if the caller doesn't want the debug stuff inherited */
        if (Flags & PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT)
        {
            /* Set the process flag */
            InterlockedOr((PLONG)&Process->Flags, PSF_NO_DEBUG_INHERIT_BIT);
        }
    }
    else
    {
        /* Do we have a parent? Copy his debug port */
        if (Parent) DbgkCopyProcessDebugPort(Process, Parent);
    }

    /* Now check for an exception port */
    if (ExceptionPort)
    {
        /* Reference it */
        Status = ObReferenceObjectByHandle(ExceptionPort,
                                           PORT_ALL_ACCESS,
                                           LpcPortObjectType,
                                           PreviousMode,
                                           (PVOID*)&ExceptionPortObject,
                                           NULL);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;

        /* Save the exception port */
        Process->ExceptionPort = ExceptionPortObject;
    }

    /* Save the pointer to the section object */
    Process->SectionObject = SectionObject;

    /* Set default exit code */
    Process->ExitStatus = STATUS_PENDING;

    /* Check if this is the initial process being built */
    if (Parent)
    {
        /* Create the address space for the child */
        if (!MmCreateProcessAddressSpace(MinWs,
                                         Process,
                                         DirectoryTableBase))
        {
            /* Failed */
            Status = STATUS_INSUFFICIENT_RESOURCES;
            goto CleanupWithRef;
        }
    }
    else
    {
        /* Otherwise, we are the boot process, we're already semi-initialized */
        Process->ObjectTable = CurrentProcess->ObjectTable;
        Status = MmInitializeHandBuiltProcess(Process, DirectoryTableBase);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;
    }

    /* We now have an address space */
    InterlockedOr((PLONG)&Process->Flags, PSF_HAS_ADDRESS_SPACE_BIT);

    /* Set the maximum WS */
    Process->Vm.MaximumWorkingSetSize = MaxWs;

    /* Now initialize the Kernel Process */
    KeInitializeProcess(&Process->Pcb,
                        PROCESS_PRIORITY_NORMAL,
                        Affinity,
                        DirectoryTableBase,
                        (BOOLEAN)(Process->DefaultHardErrorProcessing & 4));

    /* Duplicate Parent Token */
    Status = PspInitializeProcessSecurity(Process, Parent);
    if (!NT_SUCCESS(Status)) goto CleanupWithRef;

    /* Set default priority class */
    Process->PriorityClass = PROCESS_PRIORITY_CLASS_NORMAL;

    /* Check if we have a parent */
    if (Parent)
    {
        /* Check our priority class */
        if (Parent->PriorityClass == PROCESS_PRIORITY_CLASS_IDLE ||
            Parent->PriorityClass == PROCESS_PRIORITY_CLASS_BELOW_NORMAL)
        {
            /* Normalize it */
            Process->PriorityClass = Parent->PriorityClass;
        }

        /* Initialize object manager for the process */
        Status = ObInitProcess(Flags & PROCESS_CREATE_FLAGS_INHERIT_HANDLES ?
                               Parent : NULL,
                               Process);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;
    }
    else
    {
        /* Do the second part of the boot process memory setup */
        Status = MmInitializeHandBuiltProcess2(Process);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;
    }

    /* Set success for now */
    Status = STATUS_SUCCESS;

    /* Check if this is a real user-mode process */
    if (SectionHandle)
    {
        /* Initialize the address space */
        Status = MmInitializeProcessAddressSpace(Process,
                                                 NULL,
                                                 SectionObject,
                                                 &Flags,
                                                 &Process->
                                                 SeAuditProcessCreationInfo.
                                                 ImageFileName);
        if (!NT_SUCCESS(Status)) goto CleanupWithRef;

        //
        // We need a PEB
        //
        NeedsPeb = TRUE;
    }
    else if (Parent)
    {
        /* Check if this is a child of the system process */
        if (Parent != PsInitialSystemProcess)
        {
            //
            // We need a PEB
            //
            NeedsPeb = TRUE;

            /* This is a clone! */
            ASSERTMSG("No support for cloning yet\n", FALSE);
        }
        else
        {
            /* This is the initial system process */
            Flags &= ~PROCESS_CREATE_FLAGS_LARGE_PAGES;
            Status = MmInitializeProcessAddressSpace(Process,
                                                     NULL,
                                                     NULL,
                                                     &Flags,
                                                     NULL);
            if (!NT_SUCCESS(Status)) goto CleanupWithRef;

            /* Create a dummy image file name */
            Process->SeAuditProcessCreationInfo.ImageFileName =
                ExAllocatePoolWithTag(PagedPool,
                                      sizeof(OBJECT_NAME_INFORMATION),
                                      TAG_SEPA);
            if (!Process->SeAuditProcessCreationInfo.ImageFileName)
            {
                /* Fail */
                Status = STATUS_INSUFFICIENT_RESOURCES;
                goto CleanupWithRef;
            }

            /* Zero it out */
            RtlZeroMemory(Process->SeAuditProcessCreationInfo.ImageFileName,
                          sizeof(OBJECT_NAME_INFORMATION));
        }
    }

#if MI_TRACE_PFNS
    /* Copy the process name now that we have it */
    memcpy(MiGetPfnEntry(Process->Pcb.DirectoryTableBase[0] >> PAGE_SHIFT)->ProcessName, Process->ImageFileName, 16);
    if (Process->Pcb.DirectoryTableBase[1]) memcpy(MiGetPfnEntry(Process->Pcb.DirectoryTableBase[1] >> PAGE_SHIFT)->ProcessName, Process->ImageFileName, 16);
    if (Process->WorkingSetPage) memcpy(MiGetPfnEntry(Process->WorkingSetPage)->ProcessName, Process->ImageFileName, 16);
#endif

    /* Check if we have a section object and map the system DLL */
    if (SectionObject) PspMapSystemDll(Process, NULL, FALSE);

    /* Create a handle for the Process */
    CidEntry.Object = Process;
    CidEntry.GrantedAccess = 0;
    Process->UniqueProcessId = ExCreateHandle(PspCidTable, &CidEntry);
    if (!Process->UniqueProcessId)
    {
        /* Fail */
        Status = STATUS_INSUFFICIENT_RESOURCES;
        goto CleanupWithRef;
    }

    /* Set the handle table PID */
    Process->ObjectTable->UniqueProcessId = Process->UniqueProcessId;

    /* Check if we need to audit */
    if (SeDetailedAuditingWithToken(NULL)) SeAuditProcessCreate(Process);

    /* Check if the parent had a job */
    if ((Parent) && (Parent->Job))
    {
        /* FIXME: We need to insert this process */
        DPRINT1("Jobs not yet supported\n");
    }

    /* Create PEB only for User-Mode Processes */
    if ((Parent) && (NeedsPeb))
    {
        //
        // Set up the initial PEB
        //
        RtlZeroMemory(&InitialPeb, sizeof(INITIAL_PEB));
        InitialPeb.Mutant = (HANDLE)-1;
        InitialPeb.ImageUsesLargePages = 0; // FIXME: Not yet supported

        //
        // Create it only if we have an image section
        //
        if (SectionHandle)
        {
            //
            // Create it
            //
            Status = MmCreatePeb(Process, &InitialPeb, &Process->Peb);
            if (!NT_SUCCESS(Status)) goto CleanupWithRef;
        }
        else
        {
            //
            // We have to clone it
            //
            ASSERTMSG("No support for cloning yet\n", FALSE);
        }

    }

    /* The process can now be activated */
    KeAcquireGuardedMutex(&PspActiveProcessMutex);
    InsertTailList(&PsActiveProcessHead, &Process->ActiveProcessLinks);
    KeReleaseGuardedMutex(&PspActiveProcessMutex);

    /* Create an access state */
    Status = SeCreateAccessStateEx(CurrentThread,
                                   ((Parent) &&
                                   (Parent == PsInitialSystemProcess)) ?
                                    Parent : CurrentProcess,
                                   &LocalAccessState,
                                   &AuxData,
                                   DesiredAccess,
                                   &PsProcessType->TypeInfo.GenericMapping);
    if (!NT_SUCCESS(Status)) goto CleanupWithRef;

    /* Insert the Process into the Object Directory */
    Status = ObInsertObject(Process,
                            AccessState,
                            DesiredAccess,
                            1,
                            NULL,
                            &hProcess);

    /* Free the access state */
    if (AccessState) SeDeleteAccessState(AccessState);

    /* Cleanup on failure */
    if (!NT_SUCCESS(Status)) goto Cleanup;

    /* Compute Quantum and Priority */
    ASSERT(IsListEmpty(&Process->ThreadListHead) == TRUE);
    Process->Pcb.BasePriority =
        (SCHAR)PspComputeQuantumAndPriority(Process,
                                            PsProcessPriorityBackground,
                                            &Quantum);
    Process->Pcb.QuantumReset = Quantum;

    /* Check if we have a parent other then the initial system process */
    Process->GrantedAccess = PROCESS_TERMINATE;
    if ((Parent) && (Parent != PsInitialSystemProcess))
    {
        /* Get the process's SD */
        Status = ObGetObjectSecurity(Process,
                                     &SecurityDescriptor,
                                     &SdAllocated);
        if (!NT_SUCCESS(Status))
        {
            /* We failed, close the handle and clean up */
            ObCloseHandle(hProcess, PreviousMode);
            goto CleanupWithRef;
        }

        /* Create the subject context */
        SubjectContext.ProcessAuditId = Process;
        SubjectContext.PrimaryToken = PsReferencePrimaryToken(Process);
        SubjectContext.ClientToken = NULL;

        /* Do the access check */
        Result = SeAccessCheck(SecurityDescriptor,
                               &SubjectContext,
                               FALSE,
                               MAXIMUM_ALLOWED,
                               0,
                               NULL,
                               &PsProcessType->TypeInfo.GenericMapping,
                               PreviousMode,
                               &Process->GrantedAccess,
                               &AccessStatus);

        /* Dereference the token and let go the SD */
        ObFastDereferenceObject(&Process->Token,
                                SubjectContext.PrimaryToken);
        ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);

        /* Remove access if it failed */
        if (!Result) Process->GrantedAccess = 0;

        /* Give the process some basic access */
        Process->GrantedAccess |= (PROCESS_VM_OPERATION |
                                   PROCESS_VM_READ |
                                   PROCESS_VM_WRITE |
                                   PROCESS_QUERY_INFORMATION |
                                   PROCESS_TERMINATE |
                                   PROCESS_CREATE_THREAD |
                                   PROCESS_DUP_HANDLE |
                                   PROCESS_CREATE_PROCESS |
                                   PROCESS_SET_INFORMATION |
                                   STANDARD_RIGHTS_ALL |
                                   PROCESS_SET_QUOTA);
    }
    else
    {
        /* Set full granted access */
        Process->GrantedAccess = PROCESS_ALL_ACCESS;
    }

    /* Set the Creation Time */
    KeQuerySystemTime(&Process->CreateTime);

    /* Protect against bad user-mode pointer */
    _SEH2_TRY
    {
        /* Hacky way of returning the PEB to the user-mode creator */
        if ((Process->Peb) && (CurrentThread->Tcb.Teb))
        {
            CurrentThread->Tcb.Teb->NtTib.ArbitraryUserPointer = Process->Peb;
        }

        /* Save the process handle */
       *ProcessHandle = hProcess;
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        /* Get the exception code */
       Status = _SEH2_GetExceptionCode();
    }
    _SEH2_END;

    /* Run the Notification Routines */
    PspRunCreateProcessNotifyRoutines(Process, TRUE);

    /* If 12 processes have been created, enough of user-mode is ready */
    if (++ProcessCount == 12) Ki386PerfEnd();

CleanupWithRef:
    /*
     * Dereference the process. For failures, kills the process and does
     * cleanup present in PspDeleteProcess. For success, kills the extra
     * reference added by ObInsertObject.
     */
    ObDereferenceObject(Process);

Cleanup:
    /* Dereference the parent */
    if (Parent) ObDereferenceObject(Parent);

    /* Return status to caller */
    return Status;
}

VOID NTAPI PspDeleteJob

(

IN PVOID

ObjectBody

)

Referenced by PspInitPhase0().

VOID NTAPI PspDeleteProcess

(

IN PVOID

ObjectBody

)

Definition at line 256 of file kill.c.

Referenced by PspInitPhase0().

{
    PEPROCESS Process = (PEPROCESS)ObjectBody;
    KAPC_STATE ApcState;
    PAGED_CODE();
    PSTRACE(PS_KILL_DEBUG, "ObjectBody: %p\n", ObjectBody);
    PSREFTRACE(Process);

    /* Check if it has an Active Process Link */
    if (Process->ActiveProcessLinks.Flink)
    {
        /* Remove it from the Active List */
        KeAcquireGuardedMutex(&PspActiveProcessMutex);
        RemoveEntryList(&Process->ActiveProcessLinks);
        Process->ActiveProcessLinks.Flink = NULL;
        Process->ActiveProcessLinks.Blink = NULL;
        KeReleaseGuardedMutex(&PspActiveProcessMutex);
    }

    /* Check for Auditing information */
    if (Process->SeAuditProcessCreationInfo.ImageFileName)
    {
        /* Free it */
        ExFreePoolWithTag(Process->SeAuditProcessCreationInfo.ImageFileName,
                          TAG_SEPA);
        Process->SeAuditProcessCreationInfo.ImageFileName = NULL;
    }

    /* Check if we have a job */
    if (Process->Job)
    {
        /* Remove the process from the job */
        PspRemoveProcessFromJob(Process, Process->Job);

        /* Dereference it */
        ObDereferenceObject(Process->Job);
        Process->Job = NULL;
    }

    /* Increase the stack count */
    Process->Pcb.StackCount++;

    /* Check if we have a debug port */
    if (Process->DebugPort)
    {
        /* Deference the Debug Port */
        ObDereferenceObject(Process->DebugPort);
        Process->DebugPort = NULL;
    }

    /* Check if we have an exception port */
    if (Process->ExceptionPort)
    {
        /* Deference the Exception Port */
        ObDereferenceObject(Process->ExceptionPort);
        Process->ExceptionPort = NULL;
    }

    /* Check if we have a section object */
    if (Process->SectionObject)
    {
        /* Deference the Section Object */
        ObDereferenceObject(Process->SectionObject);
        Process->SectionObject = NULL;
    }

#if defined(_X86_)
    /* Clean Ldt and Vdm objects */
    PspDeleteLdt(Process);
    PspDeleteVdmObjects(Process);
#endif

    /* Delete the Object Table */
    if (Process->ObjectTable)
    {
        /* Attach to the process */
        KeStackAttachProcess(&Process->Pcb, &ApcState);

        /* Kill the Object Info */
        ObKillProcess(Process);

        /* Detach */
        KeUnstackDetachProcess(&ApcState);
    }

    /* Check if we have an address space, and clean it */
    if (Process->HasAddressSpace)
    {
        /* Attach to the process */
        KeStackAttachProcess(&Process->Pcb, &ApcState);

        /* Clean the Address Space */
        PspExitProcess(FALSE, Process);

        /* Detach */
        KeUnstackDetachProcess(&ApcState);

        /* Completely delete the Address Space */
        MmDeleteProcessAddressSpace(Process);
    }

    /* See if we have a PID */
    if (Process->UniqueProcessId)
    {
        /* Delete the PID */
        if (!(ExDestroyHandle(PspCidTable, Process->UniqueProcessId, NULL)))
        {
            /* Something wrong happened, bugcheck */
            KeBugCheck(CID_HANDLE_DELETION);
        }
    }

    /* Cleanup security information */
    PspDeleteProcessSecurity(Process);

    /* Check if we have kept information on the Working Set */
    if (Process->WorkingSetWatch)
    {
        /* Free it */
        ExFreePool(Process->WorkingSetWatch);

        /* And return the quota it was taking up */
        PsReturnProcessNonPagedPoolQuota(Process, 0x2000);
    }

    /* Dereference the Device Map */
    ObDereferenceDeviceMap(Process);

    /* Destroy the Quota Block */
    PspDestroyQuotaBlock(Process);
}

VOID NTAPI PspDeleteProcessSecurity

(

IN PEPROCESS

Process

)

Definition at line 30 of file security.c.

Referenced by PspDeleteProcess().

{
    PAGED_CODE();
    PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);

    /* Check if we have a token */
    if (Process->Token.Object)
    {
        /* Deassign it */
        SeDeassignPrimaryToken(Process);
        Process->Token.Object = NULL;
    }
}

VOID NTAPI PspDeleteThread

(

IN PVOID

ObjectBody

)

Definition at line 390 of file kill.c.

Referenced by PspInitPhase0().

{
    PETHREAD Thread = (PETHREAD)ObjectBody;
    PEPROCESS Process = Thread->ThreadsProcess;
    PAGED_CODE();
    PSTRACE(PS_KILL_DEBUG, "ObjectBody: %p\n", ObjectBody);
    PSREFTRACE(Thread);
    ASSERT(Thread->Tcb.Win32Thread == NULL);

    /* Check if we have a stack */
    if (Thread->Tcb.InitialStack)
    {
        /* Release it */
        MmDeleteKernelStack((PVOID)Thread->Tcb.StackBase,
                            Thread->Tcb.LargeStack);
    }

    /* Check if we have a CID Handle */
    if (Thread->Cid.UniqueThread)
    {
        /* Delete the CID Handle */
        if (!(ExDestroyHandle(PspCidTable, Thread->Cid.UniqueThread, NULL)))
        {
            /* Something wrong happened, bugcheck */
            KeBugCheck(CID_HANDLE_DELETION);
        }
    }

    /* Cleanup impersionation information */
    PspDeleteThreadSecurity(Thread);

    /* Make sure the thread was inserted, before continuing */
    if (!Process) return;

    /* Check if the thread list is valid */
    if (Thread->ThreadListEntry.Flink)
    {
        /* Lock the thread's process */
        KeEnterCriticalRegion();
        ExAcquirePushLockExclusive(&Process->ProcessLock);

        /* Remove us from the list */
        RemoveEntryList(&Thread->ThreadListEntry);

        /* Release the lock */
        ExReleasePushLockExclusive(&Process->ProcessLock);
        KeLeaveCriticalRegion();
    }

    /* Dereference the Process */
    ObDereferenceObject(Process);
}

VOID NTAPI PspDeleteThreadSecurity

(

IN PETHREAD

Thread

)

Definition at line 46 of file security.c.

Referenced by PspDeleteThread().

{
    PPS_IMPERSONATION_INFORMATION ImpersonationInfo = Thread->ImpersonationInfo;
    PAGED_CODE();
    PSTRACE(PS_SECURITY_DEBUG, "Thread: %p\n", Thread);

    /* Check if we have active impersonation info */
    if (Thread->ActiveImpersonationInfo)
    {
        /* Dereference its token */
        ObDereferenceObject(ImpersonationInfo->Token);
    }

    /* Check if we have impersonation info */
    if (ImpersonationInfo)
    {
        /* Free it */
        ExFreePool(ImpersonationInfo);
        PspClearCrossThreadFlag(Thread, CT_ACTIVE_IMPERSONATION_INFO_BIT);
        Thread->ImpersonationInfo = NULL;
    }
}

VOID NTAPI PspDestroyQuotaBlock

(

IN PEPROCESS

Process

)

Referenced by PspDeleteProcess().

VOID NTAPI PspExitProcess	(	IN BOOLEAN	LastThread,
		IN PEPROCESS	Process
	)

Definition at line 1074 of file kill.c.

Referenced by PspDeleteProcess(), and PspExitThread().

{
    ULONG Actual;
    PAGED_CODE();
    PSTRACE(PS_KILL_DEBUG,
            "LastThread: %u Process: %p\n", LastThread, Process);
    PSREFTRACE(Process);

    /* Set Process Exit flag */
    InterlockedOr((PLONG)&Process->Flags, PSF_PROCESS_EXITING_BIT);

    /* Check if we are the last thread */
    if (LastThread)
    {
        /* Notify the WMI Process Callback */
        //WmiTraceProcess(Process, FALSE);

        /* Run the Notification Routines */
        PspRunCreateProcessNotifyRoutines(Process, FALSE);
    }

    /* Cleanup the power state */
    PopCleanupPowerState((PPOWER_STATE)&Process->Pcb.PowerState);

    /* Clear the security port */
    if (!Process->SecurityPort)
    {
        /* So we don't double-dereference */
        Process->SecurityPort = (PVOID)1;
    }
    else if (Process->SecurityPort != (PVOID)1)
    {
        /* Dereference it */
        ObDereferenceObject(Process->SecurityPort);
        Process->SecurityPort = (PVOID)1;
    }

    /* Check if we are the last thread */
    if (LastThread)
    {
        /* Check if we have to set the Timer Resolution */
        if (Process->SetTimerResolution)
        {
            /* Set it to default */
            ZwSetTimerResolution(KeMaximumIncrement, 0, &Actual);
        }

        /* Check if we are part of a Job that has a completion port */
        if ((Process->Job) && (Process->Job->CompletionPort))
        {
            /* FIXME: Check job status code and do I/O completion if needed */
        }

        /* FIXME: Notify the Prefetcher */
    }
    else
    {
        /* Clear process' address space here */
        MmCleanProcessAddressSpace(Process);
    }
}

VOID NTAPI PspExitProcessFromJob	(	IN PEJOB	Job,
		IN PEPROCESS	Process
	)

Definition at line 115 of file job.c.

Referenced by PspExitThread().

{
    /* FIXME */
}

VOID NTAPI PspExitThread

(

IN NTSTATUS

ExitStatus

)

Definition at line 449 of file kill.c.

Referenced by PsExitSpecialApc(), and PspTerminateThreadByPointer().

{
    CLIENT_DIED_MSG TerminationMsg;
    NTSTATUS Status;
    PTEB Teb;
    PEPROCESS CurrentProcess;
    PETHREAD Thread, OtherThread, PreviousThread = NULL;
    PVOID DeallocationStack;
    SIZE_T Dummy;
    BOOLEAN Last = FALSE;
    PTERMINATION_PORT TerminationPort, NextPort;
    PLIST_ENTRY FirstEntry, CurrentEntry;
    PKAPC Apc;
    PTOKEN PrimaryToken;
    PAGED_CODE();
    PSTRACE(PS_KILL_DEBUG, "ExitStatus: %d\n", ExitStatus);

    /* Get the Current Thread and Process */
    Thread = PsGetCurrentThread();
    CurrentProcess = Thread->ThreadsProcess;
    ASSERT((Thread) == PsGetCurrentThread());

    /* Can't terminate a thread if it attached another process */
    if (KeIsAttachedProcess())
    {
        /* Bugcheck */
        KeBugCheckEx(INVALID_PROCESS_ATTACH_ATTEMPT,
                     (ULONG_PTR)CurrentProcess,
                     (ULONG_PTR)Thread->Tcb.ApcState.Process,
                     (ULONG_PTR)Thread->Tcb.ApcStateIndex,
                     (ULONG_PTR)Thread);
    }

    /* Lower to Passive Level */
    KeLowerIrql(PASSIVE_LEVEL);

    /* Can't be a worker thread */
    if (Thread->ActiveExWorker)
    {
        /* Bugcheck */
        KeBugCheckEx(ACTIVE_EX_WORKER_THREAD_TERMINATION,
                     (ULONG_PTR)Thread,
                     0,
                     0,
                     0);
    }

    /* Can't have pending APCs */
    if (Thread->Tcb.CombinedApcDisable != 0)
    {
        /* Bugcheck */
        KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
                     0,
                     Thread->Tcb.CombinedApcDisable,
                     0,
                     1);
    }

    /* Lock the thread */
    ExWaitForRundownProtectionRelease(&Thread->RundownProtect);

    /* Cleanup the power state */
    PopCleanupPowerState((PPOWER_STATE)&Thread->Tcb.PowerState);

    /* Call the WMI Callback for Threads */
    //WmiTraceThread(Thread, NULL, FALSE);

    /* Run Thread Notify Routines before we desintegrate the thread */
    PspRunCreateThreadNotifyRoutines(Thread, FALSE);

    /* Lock the Process before we modify its thread entries */
    KeEnterCriticalRegion();
    ExAcquirePushLockExclusive(&CurrentProcess->ProcessLock);

    /* Decrease the active thread count, and check if it's 0 */
    if (!(--CurrentProcess->ActiveThreads))
    {
        /* Set the delete flag */
        InterlockedOr((PLONG)&CurrentProcess->Flags, PSF_PROCESS_DELETE_BIT);

        /* Remember we are last */
        Last = TRUE;

        /* Check if this termination is due to the thread dying */
        if (ExitStatus == STATUS_THREAD_IS_TERMINATING)
        {
            /* Check if the last thread was pending */
            if (CurrentProcess->ExitStatus == STATUS_PENDING)
            {
                /* Use the last exit status */
                CurrentProcess->ExitStatus = CurrentProcess->
                                             LastThreadExitStatus;
            }
        }
        else
        {
            /* Just a normal exit, write the code */
            CurrentProcess->ExitStatus = ExitStatus;
        }

        /* Loop all the current threads */
        FirstEntry = &CurrentProcess->ThreadListHead;
        CurrentEntry = FirstEntry->Flink;
        while (FirstEntry != CurrentEntry)
        {
            /* Get the thread on the list */
            OtherThread = CONTAINING_RECORD(CurrentEntry,
                                            ETHREAD,
                                            ThreadListEntry);

            /* Check if it's a thread that's still alive */
            if ((OtherThread != Thread) &&
                !(KeReadStateThread(&OtherThread->Tcb)) &&
                (ObReferenceObjectSafe(OtherThread)))
            {
                /* It's a live thread and we referenced it, unlock process */
                ExReleasePushLockExclusive(&CurrentProcess->ProcessLock);
                KeLeaveCriticalRegion();

                /* Wait on the thread */
                KeWaitForSingleObject(OtherThread,
                                      Executive,
                                      KernelMode,
                                      FALSE,
                                      NULL);

                /* Check if we had a previous thread to dereference */
                if (PreviousThread) ObDereferenceObject(PreviousThread);

                /* Remember the thread and re-lock the process */
                PreviousThread = OtherThread;
                KeEnterCriticalRegion();
                ExAcquirePushLockExclusive(&CurrentProcess->ProcessLock);
            }

            /* Go to the next thread */
            CurrentEntry = CurrentEntry->Flink;
        }
    }
    else if (ExitStatus != STATUS_THREAD_IS_TERMINATING)
    {
        /* Write down the exit status of the last thread to get killed */
        CurrentProcess->LastThreadExitStatus = ExitStatus;
    }

    /* Unlock the Process */
    ExReleasePushLockExclusive(&CurrentProcess->ProcessLock);
    KeLeaveCriticalRegion();

    /* Check if we had a previous thread to dereference */
    if (PreviousThread) ObDereferenceObject(PreviousThread);

    /* Check if the process has a debug port and if this is a user thread */
    if ((CurrentProcess->DebugPort) && !(Thread->SystemThread))
    {
        /* Notify the Debug API. */
        Last ? DbgkExitProcess(CurrentProcess->ExitStatus) :
               DbgkExitThread(ExitStatus);
    }

    /* Check if this is a Critical Thread */
    if ((KdDebuggerEnabled) && (Thread->BreakOnTermination))
    {
        /* Break to debugger */
        PspCatchCriticalBreak("Critical thread 0x%p (in %s) exited\n",
                              Thread,
                              CurrentProcess->ImageFileName);
    }

    /* Check if it's the last thread and this is a Critical Process */
    if ((Last) && (CurrentProcess->BreakOnTermination))
    {
        /* Check if a debugger is here to handle this */
        if (KdDebuggerEnabled)
        {
            /* Break to debugger */
            PspCatchCriticalBreak("Critical  process 0x%p (in %s) exited\n",
                                  CurrentProcess,
                                  CurrentProcess->ImageFileName);
        }
        else
        {
            /* Bugcheck, we can't allow this */
            KeBugCheckEx(CRITICAL_PROCESS_DIED,
                         (ULONG_PTR)CurrentProcess,
                         0,
                         0,
                         0);
        }
    }

    /* Sanity check */
    ASSERT(Thread->Tcb.CombinedApcDisable == 0);

    /* Process the Termination Ports */
    TerminationPort = Thread->TerminationPort;
    if (TerminationPort)
    {
        /* Setup the message header */
        TerminationMsg.h.u2.ZeroInit = 0;
        TerminationMsg.h.u2.s2.Type = LPC_CLIENT_DIED;
        TerminationMsg.h.u1.s1.TotalLength = sizeof(TerminationMsg);
        TerminationMsg.h.u1.s1.DataLength = sizeof(TerminationMsg) -
                                            sizeof(PORT_MESSAGE);

        /* Loop each port */
        do
        {
            /* Save the Create Time */
            TerminationMsg.CreateTime = Thread->CreateTime;

            /* Loop trying to send message */
            while (TRUE)
            {
                /* Send the LPC Message */
                Status = LpcRequestPort(TerminationPort->Port,
                                        &TerminationMsg.h);
                if ((Status == STATUS_NO_MEMORY) ||
                    (Status == STATUS_INSUFFICIENT_RESOURCES))
                {
                    /* Wait a bit and try again */
                    KeDelayExecutionThread(KernelMode, FALSE, &ShortTime);
                    continue;
                }
                break;
            }

            /* Dereference this LPC Port */
            ObDereferenceObject(TerminationPort->Port);

            /* Move to the next one */
            NextPort = TerminationPort->Next;

            /* Free the Termination Port Object */
            ExFreePoolWithTag(TerminationPort, '=TsP');

            /* Keep looping as long as there is a port */
            TerminationPort = NextPort;
        } while (TerminationPort);
    }
    else if (((ExitStatus == STATUS_THREAD_IS_TERMINATING) &&
              (Thread->DeadThread)) ||
             !(Thread->DeadThread))
    {
        /*
         * This case is special and deserves some extra comments. What
         * basically happens here is that this thread doesn't have a termination
         * port, which means that it died before being fully created. Since we
         * still have to notify an LPC Server, we'll use the exception port,
         * which we know exists. However, we need to know how far the thread
         * actually got created. We have three possibilities:
         *
         *  - NtCreateThread returned an error really early: DeadThread is set.
         *  - NtCreateThread managed to create the thread: DeadThread is off.
         *  - NtCreateThread was creating the thread (with DeadThread set,
         *    but the thread got killed prematurely: STATUS_THREAD_IS_TERMINATING
         *    is our exit code.)
         *
         * For the 2 & 3rd scenarios, the thread has been created far enough to
         * warrant notification to the LPC Server.
         */

        /* Setup the message header */
        TerminationMsg.h.u2.ZeroInit = 0;
        TerminationMsg.h.u2.s2.Type = LPC_CLIENT_DIED;
        TerminationMsg.h.u1.s1.TotalLength = sizeof(TerminationMsg);
        TerminationMsg.h.u1.s1.DataLength = sizeof(TerminationMsg) -
                                            sizeof(PORT_MESSAGE);

        /* Make sure the process has an exception port */
        if (CurrentProcess->ExceptionPort)
        {
            /* Save the Create Time */
            TerminationMsg.CreateTime = Thread->CreateTime;

            /* Loop trying to send message */
            while (TRUE)
            {
                /* Send the LPC Message */
                Status = LpcRequestPort(CurrentProcess->ExceptionPort,
                                        &TerminationMsg.h);
                if ((Status == STATUS_NO_MEMORY) ||
                    (Status == STATUS_INSUFFICIENT_RESOURCES))
                {
                    /* Wait a bit and try again */
                    KeDelayExecutionThread(KernelMode, FALSE, &ShortTime);
                    continue;
                }
                break;
            }
        }
    }

    /* Rundown Win32 Thread if there is one */
    if (Thread->Tcb.Win32Thread) PspW32ThreadCallout(Thread,
                                                     PsW32ThreadCalloutExit);

    /* If we are the last thread and have a W32 Process */
    if ((Last) && (CurrentProcess->Win32Process))
    {
        /* Run it down too */
        PspW32ProcessCallout(CurrentProcess, FALSE);
    }

    /* Make sure Stack Swap is enabled */
    if (!Thread->Tcb.EnableStackSwap)
    {
        /* Stack swap really shouldn't be disabled during exit! */
        KeBugCheckEx(KERNEL_STACK_LOCKED_AT_EXIT, 0, 0, 0, 0);
    }

    /* Cancel I/O for the thread. */
    IoCancelThreadIo(Thread);

    /* Rundown Timers */
    ExTimerRundown();

    /* FIXME: Rundown Registry Notifications (NtChangeNotify)
    CmNotifyRunDown(Thread); */

    /* Rundown Mutexes */
    KeRundownThread();

    /* Check if we have a TEB */
    Teb = Thread->Tcb.Teb;
    if (Teb)
    {
        /* Check if the thread is still alive */
        if (!Thread->DeadThread)
        {
            /* Check if we need to free its stack */
            if (Teb->FreeStackOnTermination)
            {
                /* Set the TEB's Deallocation Stack as the Base Address */
                Dummy = 0;
                DeallocationStack = Teb->DeallocationStack;

                /* Free the Thread's Stack */
                ZwFreeVirtualMemory(NtCurrentProcess(),
                                    &DeallocationStack,
                                    &Dummy,
                                    MEM_RELEASE);
            }

            /* Free the debug handle */
            if (Teb->DbgSsReserved[1]) ObCloseHandle(Teb->DbgSsReserved[1],
                                                     UserMode);
        }

        /* Decommit the TEB */
        MmDeleteTeb(CurrentProcess, Teb);
        Thread->Tcb.Teb = NULL;
    }

    /* Free LPC Data */
    LpcExitThread(Thread);

    /* Save the exit status and exit time */
    Thread->ExitStatus = ExitStatus;
    KeQuerySystemTime(&Thread->ExitTime);

    /* Sanity check */
    ASSERT(Thread->Tcb.CombinedApcDisable == 0);

    /* Check if this is the final thread or not */
    if (Last)
    {
        /* Set the process exit time */
        CurrentProcess->ExitTime = Thread->ExitTime;

        /* Exit the process */
        PspExitProcess(TRUE, CurrentProcess);

        /* Get the process token and check if we need to audit */
        PrimaryToken = PsReferencePrimaryToken(CurrentProcess);
        if (SeDetailedAuditingWithToken(PrimaryToken))
        {
            /* Audit the exit */
            SeAuditProcessExit(CurrentProcess);
        }

        /* Dereference the process token */
        ObFastDereferenceObject(&CurrentProcess->Token, PrimaryToken);

        /* Check if this is a VDM Process and rundown the VDM DPCs if so */
        if (CurrentProcess->VdmObjects) { /* VdmRundownDpcs(CurrentProcess); */ }

        /* Kill the process in the Object Manager */
        ObKillProcess(CurrentProcess);

        /* Check if we have a section object */
        if (CurrentProcess->SectionObject)
        {
            /* Dereference and clear the Section Object */
            ObDereferenceObject(CurrentProcess->SectionObject);
            CurrentProcess->SectionObject = NULL;
        }

        /* Check if the process is part of a job */
        if (CurrentProcess->Job)
        {
            /* Remove the process from the job */
            PspExitProcessFromJob(CurrentProcess->Job, CurrentProcess);
        }
    }

    /* Disable APCs */
    KeEnterCriticalRegion();

    /* Disable APC queueing, force a resumption */
    Thread->Tcb.ApcQueueable = FALSE;
    KeForceResumeThread(&Thread->Tcb);

    /* Re-enable APCs */
    KeLeaveCriticalRegion();

    /* Flush the User APCs */
    FirstEntry = KeFlushQueueApc(&Thread->Tcb, UserMode);
    if (FirstEntry)
    {
        /* Start with the first entry */
        CurrentEntry = FirstEntry;
        do
        {
           /* Get the APC */
           Apc = CONTAINING_RECORD(CurrentEntry, KAPC, ApcListEntry);

           /* Move to the next one */
           CurrentEntry = CurrentEntry->Flink;

           /* Rundown the APC or de-allocate it */
           if (Apc->RundownRoutine)
           {
              /* Call its own routine */
              Apc->RundownRoutine(Apc);
           }
           else
           {
              /* Do it ourselves */
              ExFreePool(Apc);
           }
        }
        while (CurrentEntry != FirstEntry);
    }

    /* Clean address space if this was the last thread */
    if (Last) MmCleanProcessAddressSpace(CurrentProcess);

    /* Call the Lego routine */
    if (Thread->Tcb.LegoData) PspRunLegoRoutine(&Thread->Tcb);

    /* Flush the APC queue, which should be empty */
    FirstEntry = KeFlushQueueApc(&Thread->Tcb, KernelMode);
    if ((FirstEntry) || (Thread->Tcb.CombinedApcDisable != 0))
    {
        /* Bugcheck time */
        KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
                     (ULONG_PTR)FirstEntry,
                     Thread->Tcb.CombinedApcDisable,
                     KeGetCurrentIrql(),
                     0);
    }

    /* Signal the process if this was the last thread */
    if (Last) KeSetProcess(&CurrentProcess->Pcb, 0, FALSE);

    /* Terminate the Thread from the Scheduler */
    KeTerminateThread(0);
}

VOID NTAPI PspGetOrSetContextKernelRoutine	(	IN PKAPC	Apc,
		IN OUT PKNORMAL_ROUTINE *	NormalRoutine,
		IN OUT PVOID *	NormalContext,
		IN OUT PVOID *	SystemArgument1,
		IN OUT PVOID *	SystemArgument2
	)

Definition at line 45 of file psctx.c.

Referenced by PsGetContextThread(), and PsSetContextThread().

{
    PGET_SET_CTX_CONTEXT GetSetContext;
    PKEVENT Event;
    PCONTEXT Context;
    PKTHREAD Thread;
    KPROCESSOR_MODE Mode;
    PKTRAP_FRAME TrapFrame = NULL;
    PAGED_CODE();

    /* Get the Context Structure */
    GetSetContext = CONTAINING_RECORD(Apc, GET_SET_CTX_CONTEXT, Apc);
    Context = &GetSetContext->Context;
    Event = &GetSetContext->Event;
    Mode = GetSetContext->Mode;
    Thread = Apc->SystemArgument2;
    
    /* If this is a kernel-mode request, grab the saved trap frame */
    if (Mode == KernelMode) TrapFrame = Thread->TrapFrame;
    
    /* If we don't have one, grab it from the stack */
    if (!TrapFrame)
    {
        DPRINT1("FIXME!!!!\n");
        /* Trap frame is right under our initial stack */
//        TrapFrame = (PKTRAP_FRAME)((ULONG_PTR)Thread->InitialStack -
//                                   ROUND_UP(sizeof(KTRAP_FRAME), KTRAP_FRAME_ALIGN) -
//                                   sizeof(FX_SAVE_AREA));
    }

    /* Check if it's a set or get */
    if (Apc->SystemArgument1)
    {
        /* Get the Context */
        PspSetContext(TrapFrame, NULL, Context, Mode);
    }
    else
    {
        /* Set the Context */
        PspGetContext(TrapFrame, NULL, Context);
    }

    /* Notify the Native API that we are done */
    KeSetEvent(Event, IO_NO_INCREMENT, FALSE);
}

NTSTATUS NTAPI PspGetSystemDllEntryPoints

(

VOID

)

VOID NTAPI PspInheritQuota	(	IN PEPROCESS	Process,
		IN PEPROCESS	ParentProcess
	)

Referenced by PspCreateProcess().

VOID NTAPI PspInitializeJobStructures

(

VOID

)

Definition at line 80 of file job.c.

Referenced by PspInitPhase0().

{
    InitializeListHead(&PsJobListHead);
    ExInitializeFastMutex(&PsJobListLock);
}

NTSTATUS NTAPI PspInitializeProcessSecurity	(	IN PEPROCESS	Process,
		IN PEPROCESS Parent	OPTIONAL
	)

Definition at line 71 of file security.c.

Referenced by PspCreateProcess().

{
    NTSTATUS Status = STATUS_SUCCESS;
    PTOKEN NewToken, ParentToken;
    PAGED_CODE();
    PSTRACE(PS_SECURITY_DEBUG, "Process: %p\n", Process);

    /* If we have a parent, then duplicate the Token */
    if (Parent)
    {
        /* Get the Parent Token */
        ParentToken = PsReferencePrimaryToken(Parent);

        /* Duplicate it */
        Status = SeSubProcessToken(ParentToken,
                                   &NewToken,
                                   TRUE,
                                   MmGetSessionId(Process));

        /* Dereference the Parent */
        ObFastDereferenceObject(&Parent->Token, ParentToken);

        /* Set the new Token */
        if (NT_SUCCESS(Status))
        {
            /* Initailize the fast reference */
            ObInitializeFastReference(&Process->Token, NewToken);
        }
    }
    else
    {
        /* No parent, assign the Boot Token */
        ObInitializeFastReference(&Process->Token, NULL);
        SeAssignPrimaryToken(Process, PspBootAccessToken);
    }

    /* Return to caller */
    return Status;
}

BOOLEAN NTAPI PspIsProcessExiting

(

IN PEPROCESS

Process

)

Definition at line 1067 of file kill.c.

Referenced by MmpPageOutPhysicalAddress().

{
    return Process->Flags & PSF_PROCESS_EXITING_BIT;
}

NTSTATUS NTAPI PspMapSystemDll	(	IN PEPROCESS	Process,
		OUT PVOID *	DllBase,
		IN BOOLEAN	UseLargePages
	)

Referenced by PspCreateProcess().

VOID NTAPI PspReapRoutine

(

IN PVOID

Context

)

Definition at line 170 of file kill.c.

Referenced by PspInitPhase0().

{
    PSINGLE_LIST_ENTRY NextEntry;
    PETHREAD Thread;
    PSTRACE(PS_KILL_DEBUG, "Context: %p\n", Context);

    /* Start main loop */
    do
    {
        /* Write magic value and return the next entry to process */
        NextEntry = InterlockedExchangePointer((PVOID*)&PspReaperListHead.Flink,
                                               (PVOID)1);
        ASSERT((NextEntry != NULL) && (NextEntry != (PVOID)1));

        /* Start inner loop */
        do
        {
            /* Get the first Thread Entry */
            Thread = CONTAINING_RECORD(NextEntry, ETHREAD, ReaperLink);

            /* Delete this entry's kernel stack */
            MmDeleteKernelStack((PVOID)Thread->Tcb.StackBase,
                                Thread->Tcb.LargeStack);
            Thread->Tcb.InitialStack = NULL;

            /* Move to the next entry */
            NextEntry = NextEntry->Next;

            /* Dereference this thread */
            ObDereferenceObject(Thread);
        } while ((NextEntry != NULL) && (NextEntry != (PVOID)1));

        /* Remove magic value, keep looping if it got changed */
    } while (InterlockedCompareExchangePointer((PVOID*)&PspReaperListHead.Flink,
                                               0,
                                               (PVOID)1) != (PVOID)1);
}

VOID NTAPI PspRemoveProcessFromJob	(	IN PEPROCESS	Process,
		IN PEJOB	Job
	)

Definition at line 107 of file job.c.

Referenced by PspDeleteProcess().

{
    /* FIXME */
}

NTSTATUS NTAPI PspSetPrimaryToken	(	IN PEPROCESS	Process,
		IN HANDLE TokenHandle	OPTIONAL,
		IN PACCESS_TOKEN Token	OPTIONAL
	)

Definition at line 215 of file security.c.

Referenced by NtSetInformationProcess().

{
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
    BOOLEAN IsChild;
    PACCESS_TOKEN NewToken = Token;
    NTSTATUS Status, AccessStatus;
    BOOLEAN Result, SdAllocated;
    PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
    SECURITY_SUBJECT_CONTEXT SubjectContext;
    PSTRACE(PS_SECURITY_DEBUG, "Process: %p Token: %p\n", Process, Token);

    /* Make sure we got a handle */
    if (TokenHandle)
    {
        /* Reference it */
        Status = ObReferenceObjectByHandle(TokenHandle,
                                           TOKEN_ASSIGN_PRIMARY,
                                           SeTokenObjectType,
                                           PreviousMode,
                                           (PVOID*)&NewToken,
                                           NULL);
        if (!NT_SUCCESS(Status)) return Status;
    }

    /* Check if this is a child */
    Status = SeIsTokenChild(NewToken, &IsChild);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, dereference */
        if (TokenHandle) ObDereferenceObject(NewToken);
        return Status;
    }

    /* Check if this was an independent token */
    if (!IsChild)
    {
        /* Make sure we have the privilege to assign a new one */
        if (!SeSinglePrivilegeCheck(SeAssignPrimaryTokenPrivilege,
                                    PreviousMode))
        {
            /* Failed, dereference */
            if (TokenHandle) ObDereferenceObject(NewToken);
            return STATUS_PRIVILEGE_NOT_HELD;
        }
    }

    /* Assign the token */
    Status = PspAssignPrimaryToken(Process, NULL, NewToken);
    if (NT_SUCCESS(Status))
    {
        /*
         * We need to completely reverify if the process still has access to
         * itself under this new token.
         */
        Status = ObGetObjectSecurity(Process,
                                     &SecurityDescriptor,
                                     &SdAllocated);
        if (NT_SUCCESS(Status))
        {
            /* Setup the security context */
            SubjectContext.ProcessAuditId = Process;
            SubjectContext.PrimaryToken = PsReferencePrimaryToken(Process);
            SubjectContext.ClientToken = NULL;

            /* Do the access check */
            Result = SeAccessCheck(SecurityDescriptor,
                                   &SubjectContext,
                                   FALSE,
                                   MAXIMUM_ALLOWED,
                                   0,
                                   NULL,
                                   &PsProcessType->TypeInfo.GenericMapping,
                                   PreviousMode,
                                   &Process->GrantedAccess,
                                   &AccessStatus);

            /* Dereference the token and let go the SD */
            ObFastDereferenceObject(&Process->Token,
                                    SubjectContext.PrimaryToken);
            ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);

            /* Remove access if it failed */
            if (!Result) Process->GrantedAccess = 0;

            /* Setup granted access */
            Process->GrantedAccess |= (PROCESS_VM_OPERATION |
                                       PROCESS_VM_READ |
                                       PROCESS_VM_WRITE |
                                       PROCESS_QUERY_INFORMATION |
                                       PROCESS_TERMINATE |
                                       PROCESS_CREATE_THREAD |
                                       PROCESS_DUP_HANDLE |
                                       PROCESS_CREATE_PROCESS |
                                       PROCESS_SET_INFORMATION |
                                       STANDARD_RIGHTS_ALL |
                                       PROCESS_SET_QUOTA);
        }
    }

    /* Dereference the token */
    if (TokenHandle) ObDereferenceObject(NewToken);
    return Status;
}

NTSTATUS NTAPI PspSetQuotaLimits	(	_In_ PEPROCESS	Process,
		_In_ ULONG	Unused,
		_In_ PVOID	QuotaLimits,
		_In_ ULONG	QuotaLimitsLength,
		_In_ KPROCESSOR_MODE	PreviousMode
	)

Definition at line 294 of file quota.c.

Referenced by NtSetInformationProcess().

{
    QUOTA_LIMITS_EX CapturedQuotaLimits;
    PEPROCESS_QUOTA_BLOCK QuotaBlock, OldQuotaBlock;
    BOOLEAN IncreaseOkay;
    KAPC_STATE SavedApcState;
    NTSTATUS Status;

    UNREFERENCED_PARAMETER(Unused);

    _SEH2_TRY
    {
        ProbeForRead(QuotaLimits, QuotaLimitsLength, sizeof(ULONG));

        /* Check if we have the basic or extended structure */
        if (QuotaLimitsLength == sizeof(QUOTA_LIMITS))
        {
            /* Copy the basic structure, zero init the remaining fields */
            RtlCopyMemory(&CapturedQuotaLimits, QuotaLimits, sizeof(QUOTA_LIMITS));
            CapturedQuotaLimits.WorkingSetLimit = 0;
            CapturedQuotaLimits.Reserved2 = 0;
            CapturedQuotaLimits.Reserved3 = 0;
            CapturedQuotaLimits.Reserved4 = 0;
            CapturedQuotaLimits.CpuRateLimit.RateData = 0;
            CapturedQuotaLimits.Flags = 0;
        }
        else if (QuotaLimitsLength == sizeof(QUOTA_LIMITS_EX))
        {
            /* Copy the full structure */
            RtlCopyMemory(&CapturedQuotaLimits, QuotaLimits, sizeof(QUOTA_LIMITS_EX));

            /* Verify that the caller passed valid flags */
            if ((CapturedQuotaLimits.Flags & ~VALID_QUOTA_FLAGS) ||
                ((CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MIN_ENABLE) &&
                 (CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MIN_DISABLE)) ||
                ((CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MAX_ENABLE) &&
                 (CapturedQuotaLimits.Flags & QUOTA_LIMITS_HARDWS_MAX_DISABLE)))
            {
                DPRINT1("Invalid quota flags: 0x%lx\n", CapturedQuotaLimits.Flags);
                _SEH2_YIELD(return STATUS_INVALID_PARAMETER);
            }

            /* Verify that the caller didn't pass reserved values */
            if ((CapturedQuotaLimits.WorkingSetLimit != 0) ||
                (CapturedQuotaLimits.Reserved2 != 0) ||
                (CapturedQuotaLimits.Reserved3 != 0) ||
                (CapturedQuotaLimits.Reserved4 != 0) ||
                (CapturedQuotaLimits.CpuRateLimit.RateData != 0))
            {
                DPRINT1("Invalid value: (%lx,%lx,%lx,%lx,%lx)\n",
                        CapturedQuotaLimits.WorkingSetLimit,
                        CapturedQuotaLimits.Reserved2,
                        CapturedQuotaLimits.Reserved3,
                        CapturedQuotaLimits.Reserved4,
                        CapturedQuotaLimits.CpuRateLimit.RateData);
                _SEH2_YIELD(return STATUS_INVALID_PARAMETER);
            }
        }
        else
        {
            DPRINT1("Invalid quota size: 0x%lx\n", QuotaLimitsLength);
            _SEH2_YIELD(return STATUS_INFO_LENGTH_MISMATCH);
        }
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        DPRINT1("Exception while copying data\n");
        _SEH2_YIELD(return _SEH2_GetExceptionCode());
    }
    _SEH2_END;

    /* Check the caller changes the working set size limits */
    if ((CapturedQuotaLimits.MinimumWorkingSetSize != 0) &&
        (CapturedQuotaLimits.MaximumWorkingSetSize != 0))
    {
        /* Check for special case: trimming the WS */
        if ((CapturedQuotaLimits.MinimumWorkingSetSize == SIZE_T_MAX) &&
            (CapturedQuotaLimits.MaximumWorkingSetSize == SIZE_T_MAX))
        {
            /* No increase allowed */
            IncreaseOkay = FALSE;
        }
        else
        {
            /* Check if the caller has the required privilege */
            IncreaseOkay = SeSinglePrivilegeCheck(SeIncreaseQuotaPrivilege,
                                                  PreviousMode);
        }

        /* Attach to the target process and disable APCs */
        KeStackAttachProcess(&Process->Pcb, &SavedApcState);
        KeEnterGuardedRegion();

        /* Call Mm to adjust the process' working set size */
        Status = MmAdjustWorkingSetSize(CapturedQuotaLimits.MinimumWorkingSetSize,
                                        CapturedQuotaLimits.MaximumWorkingSetSize,
                                        0,
                                        IncreaseOkay);

        /* Bring back APCs and detach from the process */
        KeLeaveGuardedRegion();
        KeUnstackDetachProcess(&SavedApcState);
    }
    else if (Process->QuotaBlock == &PspDefaultQuotaBlock)
    {
        /* Check if the caller has the required privilege */
        if (!SeSinglePrivilegeCheck(SeIncreaseQuotaPrivilege, PreviousMode))
        {
            return STATUS_PRIVILEGE_NOT_HELD;
        }

        /* Allocate a new quota block */
        QuotaBlock = ExAllocatePoolWithTag(NonPagedPool,
                                           sizeof(EPROCESS_QUOTA_BLOCK),
                                           TAG_QUOTA_BLOCK);
        if (QuotaBlock == NULL)
        {
            ObDereferenceObject(Process);
            return STATUS_NO_MEMORY;
        }

        /* Initialize the quota block */
        QuotaBlock->ReferenceCount = 1;
        QuotaBlock->ProcessCount = 1;
        QuotaBlock->QuotaEntry[0].Peak = Process->QuotaPeak[0];
        QuotaBlock->QuotaEntry[1].Peak = Process->QuotaPeak[1];
        QuotaBlock->QuotaEntry[2].Peak = Process->QuotaPeak[2];
        QuotaBlock->QuotaEntry[0].Limit = PspDefaultQuotaBlock.QuotaEntry[0].Limit;
        QuotaBlock->QuotaEntry[1].Limit = PspDefaultQuotaBlock.QuotaEntry[1].Limit;
        QuotaBlock->QuotaEntry[2].Limit = PspDefaultQuotaBlock.QuotaEntry[2].Limit;

        /* Try to exchange the quota block, if that failed, just drop it */
        OldQuotaBlock = InterlockedCompareExchangePointer((PVOID*)&Process->QuotaBlock,
                                                          QuotaBlock,
                                                          &PspDefaultQuotaBlock);
        if (OldQuotaBlock == &PspDefaultQuotaBlock)
        {
            /* Success, insert the new quota block */
            PspInsertQuotaBlock(QuotaBlock);
        }
        else
        {
            /* Failed, free the quota block and ignore it */
            ExFreePoolWithTag(QuotaBlock, TAG_QUOTA_BLOCK);
        }

        Status = STATUS_SUCCESS;
    }

    return Status;
}

VOID NTAPI PspShutdownProcessManager

(

VOID

)

Definition at line 138 of file kill.c.

{
    PEPROCESS Process = NULL;

    /* Loop every process */
    Process = PsGetNextProcess(Process);
    while (Process)
    {
        /* Make sure this isn't the idle or initial process */
        if ((Process != PsInitialSystemProcess) && (Process != PsIdleProcess))
        {
            /* Kill it */
            PspTerminateProcess(Process, STATUS_SYSTEM_SHUTDOWN);
        }

        /* Get the next process */
        Process = PsGetNextProcess(Process);
    }
}

VOID NTAPI PspSystemThreadStartup	(	PKSTART_ROUTINE	StartRoutine,
		PVOID	StartContext
	)

NTSTATUS NTAPI PspTerminateThreadByPointer	(	IN PETHREAD	Thread,
		IN NTSTATUS	ExitStatus,
		IN BOOLEAN	bSelf
	)

Definition at line 987 of file kill.c.

Referenced by KiThreadStartup(), NtTerminateProcess(), NtTerminateThread(), PspSystemThreadStartup(), PspTerminateProcess(), PspUserThreadStartup(), and PsTerminateSystemThread().

{
    PKAPC Apc;
    NTSTATUS Status = STATUS_SUCCESS;
    ULONG Flags;
    PAGED_CODE();
    PSTRACE(PS_KILL_DEBUG, "Thread: %p ExitStatus: %d\n", Thread, ExitStatus);
    PSREFTRACE(Thread);

    /* Check if this is a Critical Thread, and Bugcheck */
    if (Thread->BreakOnTermination)
    {
        /* Break to debugger */
        PspCatchCriticalBreak("Terminating critical thread 0x%p (%s)\n",
                              Thread,
                              Thread->ThreadsProcess->ImageFileName);
    }

    /* Check if we are already inside the thread */
    if ((bSelf) || (PsGetCurrentThread() == Thread))
    {
        /* This should only happen at passive */
        ASSERT_IRQL_EQUAL(PASSIVE_LEVEL);

        /* Mark it as terminated */
        PspSetCrossThreadFlag(Thread, CT_TERMINATED_BIT);

        /* Directly terminate the thread */
        PspExitThread(ExitStatus);
    }

    /* This shouldn't be a system thread */
    if (Thread->SystemThread) return STATUS_ACCESS_DENIED;

    /* Allocate the APC */
    Apc = ExAllocatePoolWithTag(NonPagedPool, sizeof(KAPC), TAG_TERMINATE_APC);
    if (!Apc) return STATUS_INSUFFICIENT_RESOURCES;

    /* Set the Terminated Flag */
    Flags = Thread->CrossThreadFlags | CT_TERMINATED_BIT;

    /* Set it, and check if it was already set while we were running */
    if (!(InterlockedExchange((PLONG)&Thread->CrossThreadFlags, Flags) &
          CT_TERMINATED_BIT))
    {
        /* Initialize a Kernel Mode APC to Kill the Thread */
        KeInitializeApc(Apc,
                        &Thread->Tcb,
                        OriginalApcEnvironment,
                        PsExitSpecialApc,
                        PspExitApcRundown,
                        PspExitNormalApc,
                        KernelMode,
                        (PVOID)ExitStatus);

        /* Insert it into the APC Queue */
        if (!KeInsertQueueApc(Apc, Apc, NULL, 2))
        {
            /* The APC was already in the queue, fail */
            Status = STATUS_UNSUCCESSFUL;
        }
        else
        {
            /* Forcefully resume the thread and return */
            KeForceResumeThread(&Thread->Tcb);
            return Status;
        }
    }

    /* We failed, free the APC */
    ExFreePoolWithTag(Apc, TAG_TERMINATE_APC);

    /* Return Status */
    return Status;
}

PACCESS_TOKEN NTAPI PsReferenceEffectiveToken	(	IN PETHREAD	Thread,
		OUT PTOKEN_TYPE	TokenType,
		OUT PUCHAR	b,
		OUT PSECURITY_IMPERSONATION_LEVEL	Level
	)

Referenced by SeCreateClientSecurity().

NTSTATUS NTAPI PsReferenceProcessFilePointer	(	IN PEPROCESS	Process,
		OUT PFILE_OBJECT *	FileObject
	)

Definition at line 24 of file query.c.

Referenced by SeLocateProcessImageName().

{
    PSECTION Section;
    PAGED_CODE();

    /* Lock the process */
    ExAcquireRundownProtection(&Process->RundownProtect);

    /* Get the section */
    Section = Process->SectionObject;
    if (Section)
    {
        /* Get the file object and reference it */
        *FileObject = MmGetFileObjectForSection((PVOID)Section);
        ObReferenceObject(*FileObject);
    }

    /* Release the protection */
    ExReleaseRundownProtection(&Process->RundownProtect);

    /* Return status */
    return Section ? STATUS_SUCCESS : STATUS_UNSUCCESSFUL;
}

NTSTATUS NTAPI PsResumeThread	(	IN PETHREAD	Thread,
		OUT PULONG PreviousCount	OPTIONAL
	)

Definition at line 32 of file state.c.

Referenced by DbgkpPostFakeThreadMessages(), DbgkpWakeTarget(), and NtResumeThread().

{
    ULONG OldCount;
    PAGED_CODE();

    /* Resume the thread */
    OldCount = KeResumeThread(&Thread->Tcb);

    /* Return the count if asked */
    if (PreviousCount) *PreviousCount = OldCount;
    return STATUS_SUCCESS;
}

NTSTATUS NTAPI PsReturnProcessPageFileQuota	(	IN PEPROCESS	Process,
		IN SIZE_T	Amount
	)

Definition at line 282 of file quota.c.

{
    /* Don't do anything for the system process */
    if (Process == PsInitialSystemProcess) return STATUS_SUCCESS;

    PspReturnProcessQuotaSpecifiedPool(Process, 2, Amount);
    return STATUS_SUCCESS;
}

NTSTATUS NTAPI PsSuspendThread	(	IN PETHREAD	Thread,
		OUT PULONG PreviousCount	OPTIONAL
	)

Definition at line 48 of file state.c.

Referenced by DbgkpPostFakeThreadMessages(), NtSuspendThread(), and PsSuspendProcess().

{
    NTSTATUS Status;
    ULONG OldCount = 0;
    PAGED_CODE();

    /* Assume success */
    Status = STATUS_SUCCESS;

    /* Check if we're suspending ourselves */
    if (Thread == PsGetCurrentThread())
    {
        /* Guard with SEH because KeSuspendThread can raise an exception */
        _SEH2_TRY
        {
            /* Do the suspend */
            OldCount = KeSuspendThread(&Thread->Tcb);
        }
        _SEH2_EXCEPT(_SEH2_GetExceptionCode() == STATUS_SUSPEND_COUNT_EXCEEDED)
        {
            /* Get the exception code */
            Status = _SEH2_GetExceptionCode();
        }
        _SEH2_END;
    }
    else
    {
        /* Acquire rundown protection */
        if (ExAcquireRundownProtection(&Thread->RundownProtect))
        {
            /* Make sure the thread isn't terminating */
            if (Thread->Terminated)
            {
                /* Fail */
                Status = STATUS_THREAD_IS_TERMINATING;
            }
            else
            {
                /* Guard with SEH because KeSuspendThread can raise an exception */
                _SEH2_TRY
                {
                    /* Do the suspend */
                    OldCount = KeSuspendThread(&Thread->Tcb);
                }
                _SEH2_EXCEPT(_SEH2_GetExceptionCode() == STATUS_SUSPEND_COUNT_EXCEEDED)
                {
                    /* Get the exception code */
                    Status = _SEH2_GetExceptionCode();
                }
                _SEH2_END;

                /* Check if it was terminated during the suspend */
                if (Thread->Terminated)
                {
                    /* Wake it back up and fail */
                    KeForceResumeThread(&Thread->Tcb);
                    Status = STATUS_THREAD_IS_TERMINATING;
                    OldCount = 0;
                }
            }

            /* Release rundown protection */
            ExReleaseRundownProtection(&Thread->RundownProtect);
        }
        else
        {
            /* Thread is terminating */
            Status = STATUS_THREAD_IS_TERMINATING;
        }
    }

    /* Write back the previous count */
    if (PreviousCount) *PreviousCount = OldCount;
    return Status;
}

NTSTATUS NTAPI PsTerminateProcess	(	IN PEPROCESS	Process,
		IN NTSTATUS	ExitStatus
	)

Definition at line 129 of file kill.c.

Referenced by DbgkpCloseObject(), and ExpDebuggerWorker().

{
    /* Call the internal API */
    return PspTerminateProcess(Process, ExitStatus);
}

Variable Documentation

POBJECT_TYPE _PsProcessType

POBJECT_TYPE _PsThreadType

LIST_ENTRY PsActiveProcessHead

Definition at line 22 of file process.c.

Referenced by KdbpCmdProc(), and PspInitPhase0().

LCID PsDefaultSystemLocaleId

Definition at line 20 of file locale.c.

Referenced by CmGetSystemControlValues(), MiSessionCreateInternal(), NtQueryDefaultLocale(), and NtSetDefaultLocale().

LCID PsDefaultThreadLocaleId

Definition at line 25 of file locale.c.

Referenced by _IRQL_requires_max_(), CmGetSystemControlValues(), MmCreateTeb(), and MmGetSessionLocaleId().

PEPROCESS PsIdleProcess

Definition at line 51 of file psmgr.c.

Referenced by MmInitSystem(), PopGracefulShutdown(), PspShutdownProcessManager(), and QSI_DEF().

BOOLEAN PsImageNotifyEnabled

Definition at line 18 of file psnotify.c.

Referenced by DbgkCreateThread(), MmLoadSystemImage(), and PsSetLoadImageNotifyRoutine().

POBJECT_TYPE PsJobType

Definition at line 19 of file job.c.

Referenced by PspInitPhase0(), and TestObjectTypes().

LIST_ENTRY PsLoadedModuleList

Definition at line 34 of file sysldr.c.

Referenced by IopInitializeBuiltinDriver(), KdbInitialize(), KdbpSymFindModule(), KdInitSystem(), KiInitModuleList(), KiPcToFileHeader(), and QSI_DEF().

ERESOURCE PsLoadedModuleResource

Definition at line 37 of file sysldr.c.

Referenced by MiInitializeLoadedModuleList(), MiLoadUserSymbols(), MiProcessLoaderEntry(), MmGetSystemRoutineAddress(), and QSI_DEF().

KSPIN_LOCK PsLoadedModuleSpinLock

Definition at line 36 of file sysldr.c.

Referenced by MiInitializeLoadedModuleList(), and MiProcessLoaderEntry().

UNICODE_STRING PsNtDllPathName

Definition at line 45 of file psmgr.c.

Referenced by DbgkCreateThread().

ULONG_PTR PsNtosImageBase

Definition at line 38 of file sysldr.c.

Referenced by KdInitSystem(), MiInitializeLoadedModuleList(), and PspLookupKernelUserEntryPoints().

KGUARDED_MUTEX PspActiveProcessMutex

Definition at line 23 of file process.c.

Referenced by PspDeleteProcess(), and PspInitPhase0().

PTOKEN PspBootAccessToken

Definition at line 17 of file security.c.

Referenced by PspInitPhase0().

PHANDLE_TABLE PspCidTable

Definition at line 48 of file psmgr.c.

Referenced by PsLookupProcessByProcessId(), PsLookupProcessThreadByCid(), PsLookupThreadByThreadId(), PspCreateProcess(), PspCreateThread(), PspDeleteProcess(), and PspDeleteThread().

EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock

Definition at line 18 of file quota.c.

Referenced by NtQueryInformationProcess(), PsInitializeQuotaSystem(), and PspInheritQuota().

GENERIC_MAPPING PspJobMapping

Definition at line 40 of file job.c.

Referenced by PspInitPhase0().

CHAR PspJobSchedulingClasses[PSP_JOB_SCHEDULING_CLASSES]

Definition at line 26 of file job.c.

Referenced by PsChangeQuantumTable(), and PspComputeQuantumAndPriority().

PLEGO_NOTIFY_ROUTINE PspLegoNotifyRoutine

Definition at line 24 of file psnotify.c.

Referenced by PspRunLegoRoutine(), and PsSetLegoNotifyRoutine().

EX_CALLBACK PspLoadImageNotifyRoutine[PSP_MAX_LOAD_IMAGE_NOTIFY]

Definition at line 23 of file psnotify.c.

Referenced by PspInitPhase0(), and PspRunLoadImageNotifyRoutines().

EX_CALLBACK PspProcessNotifyRoutine[PSP_MAX_CREATE_PROCESS_NOTIFY]

Definition at line 22 of file psnotify.c.

Referenced by PspInitPhase0(), and PspRunCreateProcessNotifyRoutines().

ULONG PspProcessNotifyRoutineCount

Definition at line 19 of file psnotify.c.

Referenced by PspRunCreateProcessNotifyRoutines(), and PsSetCreateProcessNotifyRoutine().

LIST_ENTRY PspReaperListHead

Definition at line 19 of file kill.c.

WORK_QUEUE_ITEM PspReaperWorkItem

Definition at line 20 of file kill.c.

Referenced by KeTerminateThread(), and PspInitPhase0().

BOOLEAN PspReaping

ULONG PsPrioritySeparation

Definition at line 28 of file process.c.

Referenced by KiDeferredReadyThread(), PsChangeQuantumTable(), and PspComputeQuantumAndPriority().

PVOID PspSystemDllBase

Definition at line 41 of file psmgr.c.

Referenced by DbgkCreateThread(), PsLocateSystemDll(), PspLookupSystemDllEntryPoint(), and PspUserThreadStartup().

PVOID PspSystemDllEntryPoint

Definition at line 43 of file psmgr.c.

Referenced by PspInitializeSystemDll(), and PspUserThreadStartup().

EX_CALLBACK PspThreadNotifyRoutine[PSP_MAX_CREATE_THREAD_NOTIFY]

Definition at line 21 of file psnotify.c.

Referenced by PspInitPhase0(), and PspRunCreateThreadNotifyRoutines().

ULONG PspThreadNotifyRoutineCount

Definition at line 19 of file psnotify.c.

Referenced by PspRunCreateThreadNotifyRoutines(), PsRemoveCreateThreadNotifyRoutine(), and PsSetCreateThreadNotifyRoutine().

ULONG PspTraceLevel

Definition at line 18 of file query.c.

BOOLEAN PspUseJobSchedulingClasses

Definition at line 24 of file job.c.

Referenced by PsChangeQuantumTable(), and PspComputeQuantumAndPriority().

PKWIN32_PROCESS_CALLOUT PspW32ProcessCallout

Definition at line 18 of file win32.c.

Referenced by PsConvertToGuiThread(), PsEstablishWin32Callouts(), and PspExitThread().

PKWIN32_THREAD_CALLOUT PspW32ThreadCallout

Definition at line 19 of file win32.c.

Referenced by PsConvertToGuiThread(), PsEstablishWin32Callouts(), and PspExitThread().

ULONG PsRawPrioritySeparation

Definition at line 27 of file process.c.

Referenced by PspInitPhase0().

LARGE_INTEGER ShortPsLockDelay

Definition at line 459 of file ps.h.