ReactOS 0.4.15-dev-7924-g5949c20
Macros | Typedefs | Functions
epsapi.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define FAILED_WITH_STATUS   DEFINE_DBG_MSG("%s() failed, status 0x%08X")
 
#define DEFINE_DBG_MSG(__str__)   "PSAPI: " __str__ "\n"
 

Typedefs

typedef NTSTATUS(NTAPIPPROC_ENUM_ROUTINE) (IN PSYSTEM_PROCESS_INFORMATION CurrentProcess, IN OUT PVOID CallbackContext)
 
typedef NTSTATUS(NTAPIPTHREAD_ENUM_ROUTINE) (IN PSYSTEM_THREAD_INFORMATION CurrentThread, IN OUT PVOID CallbackContext)
 
typedef NTSTATUS(NTAPIPSYSMOD_ENUM_ROUTINE) (IN PRTL_PROCESS_MODULE_INFORMATION CurrentModule, IN OUT PVOID CallbackContext)
 
typedef NTSTATUS(NTAPIPPROCMOD_ENUM_ROUTINE) (IN HANDLE ProcessHandle, IN PLDR_DATA_TABLE_ENTRY CurrentModule, IN OUT PVOID CallbackContext)
 

Functions

NTSTATUS NTAPI PsaEnumerateProcessesAndThreads (IN PPROC_ENUM_ROUTINE ProcessCallback, IN OUT PVOID ProcessCallbackContext, IN PTHREAD_ENUM_ROUTINE ThreadCallback, IN OUT PVOID ThreadCallbackContext)
 
NTSTATUS NTAPI PsaEnumerateProcesses (IN PPROC_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
 
NTSTATUS NTAPI PsaEnumerateThreads (IN PTHREAD_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
 
NTSTATUS NTAPI PsaCaptureProcessesAndThreads (OUT PSYSTEM_PROCESS_INFORMATION *ProcessesAndThreads)
 
NTSTATUS NTAPI PsaWalkProcessesAndThreads (IN PSYSTEM_PROCESS_INFORMATION ProcessesAndThreads, IN PPROC_ENUM_ROUTINE ProcessCallback, IN OUT PVOID ProcessCallbackContext, IN PTHREAD_ENUM_ROUTINE ThreadCallback, IN OUT PVOID ThreadCallbackContext)
 
NTSTATUS NTAPI PsaWalkProcesses (IN PSYSTEM_PROCESS_INFORMATION ProcessesAndThreads, IN PPROC_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
 
NTSTATUS NTAPI PsaWalkThreads (IN PSYSTEM_PROCESS_INFORMATION ProcessesAndThreads, IN PTHREAD_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
 
PSYSTEM_PROCESS_INFORMATION FASTCALL PsaWalkFirstProcess (IN PSYSTEM_PROCESS_INFORMATION ProcessesAndThreads)
 
PSYSTEM_PROCESS_INFORMATION FASTCALL PsaWalkNextProcess (IN PSYSTEM_PROCESS_INFORMATION CurrentProcess)
 
PSYSTEM_THREAD_INFORMATION FASTCALL PsaWalkFirstThread (IN PSYSTEM_PROCESS_INFORMATION CurrentProcess)
 
PSYSTEM_THREAD_INFORMATION FASTCALL PsaWalkNextThread (IN PSYSTEM_THREAD_INFORMATION CurrentThread)
 
NTSTATUS NTAPI PsaEnumerateSystemModules (IN PSYSMOD_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
 
NTSTATUS NTAPI PsaCaptureSystemModules (OUT PRTL_PROCESS_MODULES *SystemModules)
 
NTSTATUS NTAPI PsaWalkSystemModules (IN PRTL_PROCESS_MODULES SystemModules, IN PSYSMOD_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
 
PRTL_PROCESS_MODULE_INFORMATION FASTCALL PsaWalkFirstSystemModule (IN PRTL_PROCESS_MODULES SystemModules)
 
PRTL_PROCESS_MODULE_INFORMATION FASTCALL PsaWalkNextSystemModule (IN PRTL_PROCESS_MODULES CurrentSystemModule)
 
NTSTATUS NTAPI PsaEnumerateProcessModules (IN HANDLE ProcessHandle, IN PPROCMOD_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
 
VOID NTAPI PsaFreeCapture (IN PVOID Capture)
 
voidPsaiMalloc (SIZE_T size)
 
voidPsaiRealloc (void *ptr, SIZE_T size)
 
void PsaiFree (void *ptr)
 

Macro Definition Documentation

◆ DEFINE_DBG_MSG

#define DEFINE_DBG_MSG (   __str__)    "PSAPI: " __str__ "\n"

Definition at line 131 of file epsapi.h.

◆ FAILED_WITH_STATUS

#define FAILED_WITH_STATUS   DEFINE_DBG_MSG("%s() failed, status 0x%08X")

Definition at line 41 of file epsapi.h.

Typedef Documentation

◆ PPROC_ENUM_ROUTINE

typedef NTSTATUS(NTAPI * PPROC_ENUM_ROUTINE) (IN PSYSTEM_PROCESS_INFORMATION CurrentProcess, IN OUT PVOID CallbackContext)

Definition at line 27 of file epsapi.h.

◆ PPROCMOD_ENUM_ROUTINE

typedef NTSTATUS(NTAPI * PPROCMOD_ENUM_ROUTINE) (IN HANDLE ProcessHandle, IN PLDR_DATA_TABLE_ENTRY CurrentModule, IN OUT PVOID CallbackContext)

Definition at line 36 of file epsapi.h.

◆ PSYSMOD_ENUM_ROUTINE

typedef NTSTATUS(NTAPI * PSYSMOD_ENUM_ROUTINE) (IN PRTL_PROCESS_MODULE_INFORMATION CurrentModule, IN OUT PVOID CallbackContext)

Definition at line 33 of file epsapi.h.

◆ PTHREAD_ENUM_ROUTINE

typedef NTSTATUS(NTAPI * PTHREAD_ENUM_ROUTINE) (IN PSYSTEM_THREAD_INFORMATION CurrentThread, IN OUT PVOID CallbackContext)

Definition at line 30 of file epsapi.h.

Function Documentation

◆ PsaCaptureProcessesAndThreads()

NTSTATUS NTAPI PsaCaptureProcessesAndThreads ( OUT PSYSTEM_PROCESS_INFORMATION ProcessesAndThreads)

Definition at line 38 of file processes.c.

39{
40 PSYSTEM_PROCESS_INFORMATION pInfoBuffer = NULL;
41 SIZE_T nSize = 0x8000;
42 NTSTATUS Status;
43
44 if(ProcessesAndThreads == NULL)
45 {
46 return STATUS_INVALID_PARAMETER_1;
47 }
48
49 /* FIXME: if the system has loaded several processes and threads, the buffer
50 could get really big. But if there's several processes and threads, the
51 system is already under stress, and a huge buffer could only make things
52 worse. The function should be profiled to see what's the average minimum
53 buffer size, to succeed on the first shot */
54 do
55 {
56 PVOID pTmp;
57
58 /* free the buffer, and reallocate it to the new size. RATIONALE: since we
59 ignore the buffer's contents at this point, there's no point in a realloc()
60 that could end up copying a large chunk of data we'd discard anyway */
61 PsaiFree(pInfoBuffer);
62 pTmp = PsaiMalloc(nSize);
63
64 if(pTmp == NULL)
65 {
66 DPRINT(FAILED_WITH_STATUS, "PsaiMalloc", STATUS_NO_MEMORY);
67 Status = STATUS_NO_MEMORY;
68 break;
69 }
70
71 pInfoBuffer = pTmp;
72
73 /* query the information */
74 Status = NtQuerySystemInformation(SystemProcessInformation,
75 pInfoBuffer,
76 nSize,
77 NULL);
78
79 /* double the buffer size */
80 nSize *= 2;
81 } while(Status == STATUS_INFO_LENGTH_MISMATCH);
82
83 if(!NT_SUCCESS(Status))
84 {
85 DPRINT(FAILED_WITH_STATUS, "NtQuerySystemInformation", Status);
86 return Status;
87 }
88
89 *ProcessesAndThreads = pInfoBuffer;
90 return STATUS_SUCCESS;
91}
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
PsaiFree
void PsaiFree(void *ptr)
Definition: ctm.c:103
PsaiMalloc
void * PsaiMalloc(SIZE_T size)
Definition: ctm.c:101
NULL
#define NULL
Definition: types.h:112
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SystemProcessInformation
@ SystemProcessInformation
Definition: ntddk_ex.h:16
Status
Status
Definition: gdiplustypes.h:25
FAILED_WITH_STATUS
#define FAILED_WITH_STATUS
Definition: test.h:95
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
STATUS_INVALID_PARAMETER_1
#define STATUS_INVALID_PARAMETER_1
Definition: ntstatus.h:475
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
DPRINT
#define DPRINT
Definition: sndvol32.h:71
NtQuerySystemInformation
NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInfoClass, OUT PVOID SystemInfoBuffer, IN ULONG SystemInfoBufferSize, OUT PULONG BytesReturned OPTIONAL)
_SYSTEM_PROCESS_INFORMATION
Definition: extypes.h:892
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
nSize
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2084

Referenced by PsaEnumerateProcessesAndThreads().

◆ PsaCaptureSystemModules()

NTSTATUS NTAPI PsaCaptureSystemModules ( OUT PRTL_PROCESS_MODULES SystemModules)

Definition at line 61 of file drivers.c.

62{
63 SIZE_T nSize = 0;
64 PRTL_PROCESS_MODULES psmModules = NULL;
65 NTSTATUS Status;
66
67#if 0
68 __try
69 {
70#else
71 do
72 {
73#endif
74 /* initial probe. We just get the count of system modules */
75 Status = NtQuerySystemInformation(SystemModuleInformation,
76 &nSize,
77 sizeof(nSize),
78 NULL);
79
80 if(!NT_SUCCESS(Status) && (Status != STATUS_INFO_LENGTH_MISMATCH))
81 {
82 DPRINT(FAILED_WITH_STATUS, "NtQuerySystemInformation", Status);
83 break;
84 }
85
86 /* RATIONALE: the loading of a system module is a rare occurrence. To
87 minimize memory operations that could be expensive, or fragment the
88 pool/heap, we try to determine the buffer size in advance, knowing that
89 the number of elements is unlikely to change */
90 nSize = sizeof(RTL_PROCESS_MODULES) +
91 (nSize * sizeof(RTL_PROCESS_MODULES));
92
93 psmModules = NULL;
94
95 do
96 {
97 PVOID pTmp;
98
99 /* free the buffer, and reallocate it to the new size. RATIONALE: since we
100 ignore the buffer's content at this point, there's no point in a realloc,
101 that could end up copying a large chunk of data we'd discard anyway */
102 PsaiFree(psmModules);
103 psmModules = NULL;
104 pTmp = PsaiMalloc(nSize);
105
106 if(pTmp == NULL)
107 {
108 Status = STATUS_NO_MEMORY;
109 DPRINT(FAILED_WITH_STATUS, "PsaiMalloc", Status);
110 break;
111 }
112
113 psmModules = pTmp;
114
115 /* query the information */
116 Status = NtQuerySystemInformation(SystemModuleInformation,
117 psmModules,
118 nSize,
119 NULL);
120
121 /* double the buffer for the next loop */
122 nSize *= 2;
123 } while(Status == STATUS_INFO_LENGTH_MISMATCH);
124
125 if(!NT_SUCCESS(Status))
126 {
127 DPRINT(FAILED_WITH_STATUS, "NtQuerySystemInformation", Status);
128 break;
129 }
130
131 *SystemModules = psmModules;
132
133 Status = STATUS_SUCCESS;
134#if 0
135 }
136 __finally
137 {
138#else
139 } while(0);
140#endif
141 /* in case of failure, free the buffer */
142 if(!NT_SUCCESS(Status) && psmModules != NULL)
143 {
144 PsaiFree(psmModules);
145 }
146#if 0
147 }
148#endif
149
150 return Status;
151}
SystemModuleInformation
@ SystemModuleInformation
Definition: ntddk_ex.h:22
RTL_PROCESS_MODULES
struct _RTL_PROCESS_MODULES RTL_PROCESS_MODULES
_RTL_PROCESS_MODULES
Definition: rtltypes.h:1016

Referenced by PsaEnumerateSystemModules().

◆ PsaEnumerateProcesses()

NTSTATUS NTAPI PsaEnumerateProcesses ( IN PPROC_ENUM_ROUTINE  Callback,
IN OUT PVOID  CallbackContext 
)

Definition at line 218 of file processes.c.

220{
221 return PsaEnumerateProcessesAndThreads(Callback,
222 CallbackContext,
223 NULL,
224 NULL);
225}
PsaEnumerateProcessesAndThreads
NTSTATUS NTAPI PsaEnumerateProcessesAndThreads(IN PPROC_ENUM_ROUTINE ProcessCallback, IN OUT PVOID ProcessCallbackContext, IN PTHREAD_ENUM_ROUTINE ThreadCallback, IN OUT PVOID ThreadCallbackContext)
Definition: processes.c:153
Callback
_In_ WDFINTERRUPT _In_ PFN_WDF_INTERRUPT_SYNCHRONIZE Callback
Definition: wdfinterrupt.h:458
CallbackContext
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR _In_ ULONGLONG _In_ ULONGLONG _In_opt_ PEVENT_FILTER_DESCRIPTOR _Inout_opt_ PVOID CallbackContext
Definition: wmitypes.h:60

◆ PsaEnumerateProcessesAndThreads()

NTSTATUS NTAPI PsaEnumerateProcessesAndThreads ( IN PPROC_ENUM_ROUTINE  ProcessCallback,
IN OUT PVOID  ProcessCallbackContext,
IN PTHREAD_ENUM_ROUTINE  ThreadCallback,
IN OUT PVOID  ThreadCallbackContext 
)

Definition at line 153 of file processes.c.

157{
158 PSYSTEM_PROCESS_INFORMATION pInfoBuffer = NULL;
159 NTSTATUS Status;
160
161 if(ProcessCallback == NULL && ThreadCallback == NULL)
162 {
163 return STATUS_INVALID_PARAMETER;
164 }
165
166 /* get the processes and threads list */
167 Status = PsaCaptureProcessesAndThreads(&pInfoBuffer);
168
169 if(!NT_SUCCESS(Status))
170 {
171 goto Bail;
172 }
173
174 /* walk the processes and threads list */
175 Status = PsaWalkProcessesAndThreads(pInfoBuffer,
176 ProcessCallback,
177 ProcessCallbackContext,
178 ThreadCallback,
179 ThreadCallbackContext);
180
181Bail:
182 PsaFreeCapture(pInfoBuffer);
183
184 return Status;
185}
ThreadCallback
@ ThreadCallback
Definition: dbghelp.h:626
PsaFreeCapture
VOID NTAPI PsaFreeCapture(IN PVOID Capture)
Definition: processes.c:188
PsaWalkProcessesAndThreads
NTSTATUS NTAPI PsaWalkProcessesAndThreads(IN PSYSTEM_PROCESS_INFORMATION ProcessesAndThreads, IN PPROC_ENUM_ROUTINE ProcessCallback, IN OUT PVOID ProcessCallbackContext, IN PTHREAD_ENUM_ROUTINE ThreadCallback, IN OUT PVOID ThreadCallbackContext)
Definition: processes.c:94
PsaCaptureProcessesAndThreads
NTSTATUS NTAPI PsaCaptureProcessesAndThreads(OUT PSYSTEM_PROCESS_INFORMATION *ProcessesAndThreads)
Definition: processes.c:38
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

Referenced by PsaEnumerateProcesses(), and PsaEnumerateThreads().

◆ PsaEnumerateProcessModules()

NTSTATUS NTAPI PsaEnumerateProcessModules ( IN HANDLE  ProcessHandle,
IN PPROCMOD_ENUM_ROUTINE  Callback,
IN OUT PVOID  CallbackContext 
)

Definition at line 30 of file modules.c.

33{
34 NTSTATUS Status;
35
36 /* current process - use direct memory copy */
37 /* FIXME - compare process id instead of a handle */
38 if(ProcessHandle == NtCurrentProcess())
39 {
40 PLIST_ENTRY ListHead, Current;
41
42#if 0
43 __try
44 {
45#endif
46 ListHead = &(NtCurrentPeb()->Ldr->InLoadOrderModuleList);
47 Current = ListHead->Flink;
48
49 while(Current != ListHead)
50 {
51 PLDR_DATA_TABLE_ENTRY LoaderModule = CONTAINING_RECORD(Current, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
52
53 /* return the current module to the callback */
54 Status = Callback(ProcessHandle, LoaderModule, CallbackContext);
55
56 if(!NT_SUCCESS(Status))
57 {
58 goto Failure;
59 }
60
61 Current = LoaderModule->InLoadOrderLinks.Flink;
62 }
63#if 0
64 }
65 __except(EXCEPTION_EXECUTE_HANDLER)
66 {
67 return GetExceptionCode();
68 }
69#endif
70 }
71 else
72 {
73 PROCESS_BASIC_INFORMATION BasicInformation;
74 PPEB_LDR_DATA LoaderData;
75 LDR_DATA_TABLE_ENTRY LoaderModule;
76 PLIST_ENTRY ListHead, Current;
77
78 /* query the process basic information (includes the PEB address) */
79 Status = NtQueryInformationProcess(ProcessHandle,
80 ProcessBasicInformation,
81 &BasicInformation,
82 sizeof(BasicInformation),
83 NULL);
84
85 if(!NT_SUCCESS(Status))
86 {
87 DPRINT(FAILED_WITH_STATUS, "NtQueryInformationProcess", Status);
88 goto Failure;
89 }
90
91 /* get the address of the PE Loader data */
92 Status = NtReadVirtualMemory(ProcessHandle,
93 &(BasicInformation.PebBaseAddress->Ldr),
94 &LoaderData,
95 sizeof(LoaderData),
96 NULL);
97
98 if(!NT_SUCCESS(Status))
99 {
100 DPRINT(FAILED_WITH_STATUS, "NtReadVirtualMemory", Status);
101 goto Failure;
102 }
103
104 /* head of the module list: the last element in the list will point to this */
105 ListHead = &LoaderData->InLoadOrderModuleList;
106
107 /* get the address of the first element in the list */
108 Status = NtReadVirtualMemory(ProcessHandle,
109 &(LoaderData->InLoadOrderModuleList.Flink),
110 &Current,
111 sizeof(Current),
112 NULL);
113
114 while(Current != ListHead)
115 {
116 /* read the current module */
117 Status = NtReadVirtualMemory(ProcessHandle,
118 CONTAINING_RECORD(Current, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks),
119 &LoaderModule,
120 sizeof(LoaderModule),
121 NULL);
122
123 if(!NT_SUCCESS(Status))
124 {
125 DPRINT(FAILED_WITH_STATUS, "NtReadVirtualMemory", Status);
126 goto Failure;
127 }
128
129 /* return the current module to the callback */
130 Status = Callback(ProcessHandle, &LoaderModule, CallbackContext);
131
132 if(!NT_SUCCESS(Status))
133 {
134 goto Failure;
135 }
136
137 /* address of the next module in the list */
138 Current = LoaderModule.InLoadOrderLinks.Flink;
139 }
140 }
141
142 return STATUS_SUCCESS;
143
144Failure:
145 return Status;
146}
NtCurrentPeb
#define NtCurrentPeb()
Definition: FLS.c:22
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
ProcessBasicInformation
@ ProcessBasicInformation
Definition: winternl.h:394
ProcessHandle
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
NtReadVirtualMemory
NTSTATUS NTAPI NtReadVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN SIZE_T NumberOfBytesToRead, OUT PSIZE_T NumberOfBytesRead OPTIONAL)
Definition: virtual.c:2816
NtQueryInformationProcess
NTSTATUS NTAPI NtQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
Definition: query.c:59
GetExceptionCode
#define GetExceptionCode()
Definition: seh.h:27
_LDR_DATA_TABLE_ENTRY
Definition: btrfs_drv.h:1876
_LDR_DATA_TABLE_ENTRY::InLoadOrderLinks
LIST_ENTRY InLoadOrderLinks
Definition: ldrtypes.h:138
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
_PEB_LDR_DATA
Definition: btrfs_drv.h:1892
_PEB_LDR_DATA::InLoadOrderModuleList
LIST_ENTRY InLoadOrderModuleList
Definition: ldrtypes.h:120
_PEB::Ldr
PPEB_LDR_DATA Ldr
Definition: btrfs_drv.h:1912
_PROCESS_BASIC_INFORMATION
Definition: winternl.h:402
_PROCESS_BASIC_INFORMATION::PebBaseAddress
PPEB PebBaseAddress
Definition: winternl.h:404
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260

◆ PsaEnumerateSystemModules()

NTSTATUS NTAPI PsaEnumerateSystemModules ( IN PSYSMOD_ENUM_ROUTINE  Callback,
IN OUT PVOID  CallbackContext 
)

Definition at line 21 of file drivers.c.

23{
24 PRTL_PROCESS_MODULES psmModules;
25 NTSTATUS Status = STATUS_SUCCESS;
26
27#if 0
28 __try
29 {
30#else
31 do
32 {
33#endif
34 /* capture the system modules */
35 Status = PsaCaptureSystemModules(&psmModules);
36
37 if(!NT_SUCCESS(Status))
38 {
39 break;
40 }
41
42 /* walk the system modules */
43 Status = PsaWalkSystemModules(psmModules, Callback, CallbackContext);
44#if 0
45 }
46 __finally
47 {
48#else
49 } while(0);
50#endif
51 /* free the capture */
52 PsaFreeCapture(psmModules);
53#if 0
54 }
55#endif
56
57 return Status;
58}
PsaWalkSystemModules
NTSTATUS NTAPI PsaWalkSystemModules(IN PRTL_PROCESS_MODULES SystemModules, IN PSYSMOD_ENUM_ROUTINE Callback, IN OUT PVOID CallbackContext)
Definition: drivers.c:154
PsaCaptureSystemModules
NTSTATUS NTAPI PsaCaptureSystemModules(OUT PRTL_PROCESS_MODULES *SystemModules)
Definition: drivers.c:61
PsaFreeCapture
VOID NTAPI PsaFreeCapture(IN PVOID Capture)
Definition: processes.c:188

◆ PsaEnumerateThreads()

NTSTATUS NTAPI PsaEnumerateThreads ( IN PTHREAD_ENUM_ROUTINE  Callback,
IN OUT PVOID  CallbackContext 
)

Definition at line 228 of file processes.c.

230{
231 return PsaEnumerateProcessesAndThreads(NULL,
232 NULL,
233 Callback,
234 CallbackContext);
235}

◆ PsaFreeCapture()

VOID NTAPI PsaFreeCapture ( IN PVOID  Capture)

Definition at line 188 of file processes.c.

189{
190 PsaiFree(Capture);
191}
Capture
struct _Capture Capture
Definition: capture.h:24

Referenced by PsaEnumerateProcessesAndThreads().

◆ PsaiFree()

void PsaiFree ( void ptr)

Definition at line 103 of file ctm.c.

103{ free(ptr); }
free
#define free
Definition: debug_ros.c:5
ptr
static PVOID ptr
Definition: dispmode.c:27

Referenced by PsaCaptureProcessesAndThreads(), PsaCaptureSystemModules(), and PsaFreeCapture().

◆ PsaiMalloc()

void * PsaiMalloc ( SIZE_T  size)

Definition at line 101 of file ctm.c.

101{ return malloc(size); }
malloc
#define malloc
Definition: debug_ros.c:4
size
GLsizeiptr size
Definition: glext.h:5919

Referenced by PsaCaptureProcessesAndThreads(), and PsaCaptureSystemModules().

◆ PsaiRealloc()

void * PsaiRealloc ( void ptr,
SIZE_T  size 
)

Definition at line 102 of file ctm.c.

102{ return realloc(ptr, size); }
realloc
#define realloc
Definition: debug_ros.c:6

◆ PsaWalkFirstProcess()

PSYSTEM_PROCESS_INFORMATION FASTCALL PsaWalkFirstProcess ( IN PSYSTEM_PROCESS_INFORMATION  ProcessesAndThreads)

Definition at line 238 of file processes.c.

239{
240 return ProcessesAndThreads;
241}

Referenced by PsaWalkProcessesAndThreads().

◆ PsaWalkFirstSystemModule()

PRTL_PROCESS_MODULE_INFORMATION FASTCALL PsaWalkFirstSystemModule ( IN PRTL_PROCESS_MODULES  SystemModules)

Definition at line 177 of file drivers.c.

178{
179 return &(SystemModules->Modules[0]);
180}

◆ PsaWalkFirstThread()

PSYSTEM_THREAD_INFORMATION FASTCALL PsaWalkFirstThread ( IN PSYSTEM_PROCESS_INFORMATION  CurrentProcess)

Definition at line 257 of file processes.c.

258{
259 static SIZE_T nOffsetOfThreads = 0;
260
261 /* get the offset of the Threads field */
262 nOffsetOfThreads = sizeof(SYSTEM_PROCESS_INFORMATION);
263
264 return (PSYSTEM_THREAD_INFORMATION)((ULONG_PTR)CurrentProcess + nOffsetOfThreads);
265}
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
SYSTEM_PROCESS_INFORMATION
struct _SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION
_SYSTEM_THREAD_INFORMATION
Definition: extypes.h:873

Referenced by PsaWalkProcessesAndThreads().

◆ PsaWalkNextProcess()

PSYSTEM_PROCESS_INFORMATION FASTCALL PsaWalkNextProcess ( IN PSYSTEM_PROCESS_INFORMATION  CurrentProcess)

Definition at line 244 of file processes.c.

245{
246 if(CurrentProcess->NextEntryOffset == 0)
247 {
248 return NULL;
249 }
250 else
251 {
252 return (PSYSTEM_PROCESS_INFORMATION)((ULONG_PTR)CurrentProcess + CurrentProcess->NextEntryOffset);
253 }
254}

Referenced by PsaWalkProcessesAndThreads().

◆ PsaWalkNextSystemModule()

PRTL_PROCESS_MODULE_INFORMATION FASTCALL PsaWalkNextSystemModule ( IN PRTL_PROCESS_MODULES  CurrentSystemModule)

Definition at line 183 of file drivers.c.

184{
185 return (PRTL_PROCESS_MODULE_INFORMATION)((ULONG_PTR)CurrentSystemModule +
186 (FIELD_OFFSET(RTL_PROCESS_MODULES, Modules[1]) -
187 FIELD_OFFSET(RTL_PROCESS_MODULES, Modules[0])));
188}
_RTL_PROCESS_MODULE_INFORMATION
Definition: rtltypes.h:1002
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255

◆ PsaWalkNextThread()

PSYSTEM_THREAD_INFORMATION FASTCALL PsaWalkNextThread ( IN PSYSTEM_THREAD_INFORMATION  CurrentThread)

Definition at line 268 of file processes.c.

269{
270 return (PSYSTEM_THREAD_INFORMATION)((ULONG_PTR)CurrentThread +
271 ((sizeof(SYSTEM_PROCESS_INFORMATION) + sizeof(SYSTEM_THREAD_INFORMATION)) -
272 sizeof(SYSTEM_PROCESS_INFORMATION)));
273}

Referenced by PsaWalkProcessesAndThreads().

◆ PsaWalkProcesses()

NTSTATUS NTAPI PsaWalkProcesses ( IN PSYSTEM_PROCESS_INFORMATION  ProcessesAndThreads,
IN PPROC_ENUM_ROUTINE  Callback,
IN OUT PVOID  CallbackContext 
)

Definition at line 194 of file processes.c.

197{
198 return PsaWalkProcessesAndThreads(ProcessesAndThreads,
199 Callback,
200 CallbackContext,
201 NULL,
202 NULL);
203}

◆ PsaWalkProcessesAndThreads()

NTSTATUS NTAPI PsaWalkProcessesAndThreads ( IN PSYSTEM_PROCESS_INFORMATION  ProcessesAndThreads,
IN PPROC_ENUM_ROUTINE  ProcessCallback,
IN OUT PVOID  ProcessCallbackContext,
IN PTHREAD_ENUM_ROUTINE  ThreadCallback,
IN OUT PVOID  ThreadCallbackContext 
)

Definition at line 94 of file processes.c.

99{
100 NTSTATUS Status;
101
102 if(ProcessCallback == NULL && ThreadCallback == NULL)
103 {
104 return STATUS_INVALID_PARAMETER;
105 }
106
107 Status = STATUS_SUCCESS;
108
109 ProcessesAndThreads = PsaWalkFirstProcess(ProcessesAndThreads);
110
111 /* scan the process list */
112 do
113 {
114 if(ProcessCallback)
115 {
116 Status = ProcessCallback(ProcessesAndThreads, ProcessCallbackContext);
117
118 if(!NT_SUCCESS(Status))
119 {
120 break;
121 }
122 }
123
124 /* if the caller provided a thread callback */
125 if(ThreadCallback)
126 {
127 ULONG i;
128 PSYSTEM_THREAD_INFORMATION pCurThread;
129
130 /* scan the current process's thread list */
131 for(i = 0, pCurThread = PsaWalkFirstThread(ProcessesAndThreads);
132 i < ProcessesAndThreads->NumberOfThreads;
133 i++, pCurThread = PsaWalkNextThread(pCurThread))
134 {
135 Status = ThreadCallback(pCurThread, ThreadCallbackContext);
136
137 if(!NT_SUCCESS(Status))
138 {
139 goto Bail;
140 }
141 }
142 }
143
144 /* move to the next process */
145 ProcessesAndThreads = PsaWalkNextProcess(ProcessesAndThreads);
146 } while(ProcessesAndThreads);
147
148Bail:
149 return Status;
150}
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
PsaWalkNextProcess
PSYSTEM_PROCESS_INFORMATION FASTCALL PsaWalkNextProcess(IN PSYSTEM_PROCESS_INFORMATION CurrentProcess)
Definition: processes.c:244
PsaWalkFirstThread
PSYSTEM_THREAD_INFORMATION FASTCALL PsaWalkFirstThread(IN PSYSTEM_PROCESS_INFORMATION CurrentProcess)
Definition: processes.c:257
PsaWalkFirstProcess
PSYSTEM_PROCESS_INFORMATION FASTCALL PsaWalkFirstProcess(IN PSYSTEM_PROCESS_INFORMATION ProcessesAndThreads)
Definition: processes.c:238
PsaWalkNextThread
PSYSTEM_THREAD_INFORMATION FASTCALL PsaWalkNextThread(IN PSYSTEM_THREAD_INFORMATION CurrentThread)
Definition: processes.c:268
ULONG
uint32_t ULONG
Definition: typedefs.h:59

Referenced by PsaEnumerateProcessesAndThreads(), PsaWalkProcesses(), and PsaWalkThreads().

◆ PsaWalkSystemModules()

NTSTATUS NTAPI PsaWalkSystemModules ( IN PRTL_PROCESS_MODULES  SystemModules,
IN PSYSMOD_ENUM_ROUTINE  Callback,
IN OUT PVOID  CallbackContext 
)

Definition at line 154 of file drivers.c.

157{
158 ULONG i;
159 NTSTATUS Status;
160
161 /* repeat until all modules have been returned */
162 for(i = 0; i < SystemModules->NumberOfModules; i++)
163 {
164 /* return current module to the callback */
165 Status = Callback(&(SystemModules->Modules[i]), CallbackContext);
166
167 if(!NT_SUCCESS(Status))
168 {
169 return Status;
170 }
171 }
172
173 return STATUS_SUCCESS;
174}

Referenced by PsaEnumerateSystemModules().

◆ PsaWalkThreads()

NTSTATUS NTAPI PsaWalkThreads ( IN PSYSTEM_PROCESS_INFORMATION  ProcessesAndThreads,
IN PTHREAD_ENUM_ROUTINE  Callback,
IN OUT PVOID  CallbackContext 
)

Definition at line 206 of file processes.c.

209{
210 return PsaWalkProcessesAndThreads(ProcessesAndThreads,
211 NULL,
212 NULL,
213 Callback,
214 CallbackContext);
215}