12 #define _PS_DEBUG_ 0x00 17 #define PS_THREAD_DEBUG 0x01 18 #define PS_PROCESS_DEBUG 0x02 19 #define PS_SECURITY_DEBUG 0x04 20 #define PS_JOB_DEBUG 0x08 21 #define PS_NOTIFICATIONS_DEBUG 0x10 22 #define PS_WIN32K_DEBUG 0x20 23 #define PS_STATE_DEBUG 0x40 24 #define PS_QUOTA_DEBUG 0x80 25 #define PS_KILL_DEBUG 0x100 26 #define PS_REF_DEBUG 0x200 32 #ifdef NEW_DEBUG_SYSTEM_IMPLEMENTED // enable when Debug Filters are implemented 33 #define PSTRACE(x, ...) \ 35 DbgPrintEx("%s [%.16s] - ", \ 37 PsGetCurrentProcess()->ImageFileName); \ 38 DbgPrintEx(__VA_ARGS__); \ 41 #define PSTRACE(x, ...) \ 42 if (x & PspTraceLevel) \ 44 DbgPrint("%s [%.16s] - ", \ 46 PsGetCurrentProcess()->ImageFileName); \ 47 DbgPrint(__VA_ARGS__); \ 50 #define PSREFTRACE(x) \ 51 PSTRACE(PS_REF_DEBUG, \ 52 "Pointer Count [%p] @%d: %lx\n", \ 55 OBJECT_TO_OBJECT_HEADER(x)->PointerCount) 57 #define PSTRACE(x, fmt, ...) DPRINT(fmt, ##__VA_ARGS__) 64 #define PSP_MAX_CREATE_THREAD_NOTIFY 8 65 #define PSP_MAX_LOAD_IMAGE_NOTIFY 8 66 #define PSP_MAX_CREATE_PROCESS_NOTIFY 8 71 #define PSP_JOB_SCHEDULING_CLASSES 10 76 #define PSP_NON_PAGED_POOL_QUOTA_THRESHOLD 0x10000 77 #define PSP_PAGED_POOL_QUOTA_THRESHOLD 0x80000 228 PVOID *NormalContext,
VOID NTAPI PspSystemThreadStartup(PKSTART_ROUTINE StartRoutine, PVOID StartContext)
enum _SECURITY_IMPERSONATION_LEVEL * PSECURITY_IMPERSONATION_LEVEL
VOID NTAPI PspShutdownProcessManager(VOID)
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
#define PSP_MAX_CREATE_PROCESS_NOTIFY
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
_Must_inspect_result_ typedef _In_ PVOID Unused
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
VOID NTAPI PspDeleteVdmObjects(PEPROCESS Process)
PLEGO_NOTIFY_ROUTINE PspLegoNotifyRoutine
VOID NTAPI PspDeleteThread(IN PVOID ObjectBody)
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE StartRoutine
BOOLEAN NTAPI PsInitSystem(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
VOID NTAPI PsIdleThreadMain(IN PVOID Context)
VOID NTAPI PsReturnSharedPoolQuota(_In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ SIZE_T AmountToReturnPaged, _In_ SIZE_T AmountToReturnNonPaged)
Returns the shared (paged and non paged) pool quotas. The function is used exclusively by the Object ...
enum _TOKEN_TYPE * PTOKEN_TYPE
NTSTATUS NTAPI PsOpenTokenOfProcess(IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)
VOID NTAPI PspInitializeJobStructures(VOID)
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI PspReapRoutine(IN PVOID Context)
ULONG PsRawPrioritySeparation
PKWIN32_PROCESS_CALLOUT PspW32ProcessCallout
UNICODE_STRING PsNtDllPathName
NTSTATUS(NTAPI * PKWIN32_THREAD_CALLOUT)(_In_ struct _ETHREAD *Thread, _In_ PSW32THREADCALLOUTTYPE Type)
VOID NTAPI PspDeleteJob(IN PVOID ObjectBody)
NTSTATUS NTAPI PsReturnProcessPageFileQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Returns the page file quota that the process was taking up. The function is used exclusively by the k...
PHANDLE_TABLE PspCidTable
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
PTOKEN PspBootAccessToken
LIST_ENTRY PsActiveProcessHead
NTSTATUS NTAPI PspMapSystemDll(IN PEPROCESS Process, OUT PVOID *DllBase, IN BOOLEAN UseLargePages)
VOID NTAPI PspExitThread(IN NTSTATUS ExitStatus)
NTSTATUS NTAPI PspQueryDescriptorThread(IN PETHREAD Thread, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
ERESOURCE PsLoadedModuleResource
NTSTATUS NTAPI PspSetQuotaLimits(_In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode)
This function adjusts the working set limits of a process and sets up new quota limits when necessary...
WORK_QUEUE_ITEM PspReaperWorkItem
NTSTATUS NTAPI ApphelpCacheInitialize(VOID)
VOID NTAPI PspExitProcess(IN BOOLEAN LastThread, IN PEPROCESS Process)
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
KSPIN_LOCK PsLoadedModuleSpinLock
KSTART_ROUTINE * PKSTART_ROUTINE
NTSTATUS NTAPI PspCreateProcess(OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ParentProcess OPTIONAL, IN ULONG Flags, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, IN BOOLEAN InJob)
PKWIN32_THREAD_CALLOUT PspW32ThreadCallout
EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock
ULONG_PTR PsNtosImageBase
#define PSP_JOB_SCHEDULING_CLASSES
EX_CALLBACK PspProcessNotifyRoutine[PSP_MAX_CREATE_PROCESS_NOTIFY]
VOID NTAPI PspDereferenceQuotaBlock(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock)
De-references a quota block when quotas have been returned back because of an object de-allocation or...
VOID NTAPI PspExitProcessFromJob(IN PEJOB Job, IN PEPROCESS Process)
CHAR PspJobSchedulingClasses[PSP_JOB_SCHEDULING_CLASSES]
NTSTATUS NTAPI PspSetPrimaryToken(IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
VOID(NTAPI * PLEGO_NOTIFY_ROUTINE)(_In_ PKTHREAD Thread)
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
VOID NTAPI PsChangeQuantumTable(IN BOOLEAN Immediate, IN ULONG PrioritySeparation)
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
VOID NTAPI PspInheritQuota(_In_ PEPROCESS Process, _In_ PEPROCESS ParentProcess)
#define PSP_MAX_CREATE_THREAD_NOTIFY
_In_opt_ PVOID _In_opt_ PVOID SystemArgument1
_In_ KPROCESSOR_MODE PreviousMode
#define PSP_MAX_LOAD_IMAGE_NOTIFY
_Must_inspect_result_ _In_ ULONG Flags
NTSTATUS NTAPI PsSuspendThread(IN PETHREAD Thread, OUT PULONG PreviousCount OPTIONAL)
BOOLEAN PsImageNotifyEnabled
ULONG PspProcessNotifyRoutineCount
GENERIC_MAPPING PspJobMapping
NTSTATUS NTAPI PsTerminateProcess(IN PEPROCESS Process, IN NTSTATUS ExitStatus)
LIST_ENTRY PsLoadedModuleList
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
LCID PsDefaultSystemLocaleId
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
POBJECT_TYPE _PsProcessType
struct _GET_SET_CTX_CONTEXT * PGET_SET_CTX_CONTEXT
VOID NTAPI PspDeleteLdt(PEPROCESS Process)
BOOLEAN NTAPI PspIsProcessExiting(IN PEPROCESS Process)
EX_CALLBACK PspThreadNotifyRoutine[PSP_MAX_CREATE_THREAD_NOTIFY]
PETHREAD NTAPI PsGetNextProcessThread(IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
VOID NTAPI PspDeleteProcess(IN PVOID ObjectBody)
NTSTATUS NTAPI PsChargeProcessPageFileQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Charges the process page file quota. The function is used internally by the kernel.
PEPROCESS NTAPI PsGetNextProcess(IN PEPROCESS OldProcess OPTIONAL)
PACCESS_TOKEN NTAPI PsReferenceEffectiveToken(IN PETHREAD Thread, OUT IN PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
VOID NTAPI PspDeleteProcessSecurity(IN PEPROCESS Process)
NTSTATUS NTAPI PsLocateSystemDll(VOID)
_In_opt_ PVOID _In_opt_ PVOID _In_opt_ PVOID SystemArgument2
VOID NTAPI PspDeleteThreadSecurity(IN PETHREAD Thread)
VOID NTAPI PspRemoveProcessFromJob(IN PEPROCESS Process, IN PEJOB Job)
PEPROCESS_QUOTA_BLOCK NTAPI PsChargeSharedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T AmountToChargePaged, _In_ SIZE_T AmountToChargeNonPaged)
Charges the shared (paged and non paged) pool quotas. The function is used exclusively by the Object ...
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
ULONG PspThreadNotifyRoutineCount
BOOLEAN PspUseJobSchedulingClasses
KGUARDED_MUTEX PspActiveProcessMutex
ULONG PsPrioritySeparation
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
NTSTATUS NTAPI PsResumeThread(IN PETHREAD Thread, OUT PULONG PreviousCount OPTIONAL)
PVOID PspSystemDllEntryPoint
NTSTATUS NTAPI PspInitializeProcessSecurity(IN PEPROCESS Process, IN PEPROCESS Parent OPTIONAL)
LIST_ENTRY PspReaperListHead
struct _GET_SET_CTX_CONTEXT GET_SET_CTX_CONTEXT
NTSTATUS NTAPI PspTerminateThreadByPointer(IN PETHREAD Thread, IN NTSTATUS ExitStatus, IN BOOLEAN bSelf)
VOID(NTAPI * PKNORMAL_ROUTINE)(IN PVOID NormalContext OPTIONAL, IN PVOID SystemArgument1 OPTIONAL, IN PVOID SystemArgument2 OPTIONAL)
VOID NTAPI PsExitSpecialApc(PKAPC Apc, PKNORMAL_ROUTINE *NormalRoutine, PVOID *NormalContext, PVOID *SystemArgument1, PVOID *SystemArgument2)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
_In_ HANDLE ProcessHandle
NTSTATUS NTAPI PspGetSystemDllEntryPoints(VOID)
LARGE_INTEGER ShortPsLockDelay
VOID NTAPI ApphelpCacheShutdown(VOID)
POBJECT_TYPE _PsThreadType
NTSTATUS NTAPI PsReferenceProcessFilePointer(IN PEPROCESS Process, OUT PFILE_OBJECT *FileObject)
EX_CALLBACK PspLoadImageNotifyRoutine[PSP_MAX_LOAD_IMAGE_NOTIFY]
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
LCID PsDefaultThreadLocaleId
VOID NTAPI PspGetOrSetContextKernelRoutine(IN PKAPC Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine, IN OUT PVOID *NormalContext, IN OUT PVOID *SystemArgument1, IN OUT PVOID *SystemArgument2)
PULONG MinorVersion OPTIONAL
1.8.15