52 AclSize =
sizeof(
ACL) +
114 AclSize =
sizeof(
ACL) +
330 &ObjectNameInfo->
Name,
355 if ((ObjectNameInfo) &&
400 PWSTR UnsecureBuffer;
418 if (UnsecureName.
Length == 0)
470 ULONG MaxReparse = 30;
475 "%s - Finding Object: %wZ. Expecting: %p\n",
594 else if (--MaxReparse)
683 if (DeviceMap !=
NULL)
755 while (Reparse && MaxReparse)
792 if (!ComponentName.
Length)
834 if (!ReferencedDirectory)
864 else if (!InsertObject)
971 if ((ParseRoutine) &&
984 if (ReferencedDirectory)
988 ReferencedDirectory =
NULL;
992 if (ReferencedParentDirectory)
996 ReferencedParentDirectory =
NULL;
1023 if (MaxReparse == 0)
1135 if (ReferencedParentDirectory)
1142 ReferencedParentDirectory = ReferencedDirectory;
1145 ReferencedDirectory =
NULL;
1173 if (ReferencedParentDirectory)
1196 "%s - Found Object: %p. Expected: %p\n",
1228 ObjectIsNamed = ((LocalInfo) && (LocalInfo->
Name.
Length > 0));
1250 if (!(LocalInfo) || !(LocalInfo->
Name.
Buffer))
1267 RtlInitEmptyUnicodeString(&ObjectNameInfo->Name,
NULL, 0);
1348 ObjectNameInfo->Name.Length = (
USHORT)NameSize;
1349 ObjectNameInfo->Name.MaximumLength = (
USHORT)(NameSize +
1400 ObjectNameInfo->Name.Length = (
USHORT)NameSize;
1401 ObjectNameInfo->Name.MaximumLength =
#define ObpDirectoryObjectType
#define ObpSymbolicLinkObjectType
#define OBJ_NAME_PATH_SEPARATOR
static const LUID SeCreateGlobalPrivilege
while(CdLookupNextInitialFileDirent(IrpContext, Fcb, FileContext))
_Inout_ PFCB _Inout_ PUNICODE_STRING RemainingName
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
#define STATUS_INVALID_HANDLE
#define STATUS_OBJECT_TYPE_MISMATCH
#define NT_SUCCESS(StatCode)
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
#define ExAllocatePoolWithTag(hernya, size, tag)
#define BooleanFlagOn(F, SF)
#define OBJ_CASE_INSENSITIVE
#define OBJ_FORCE_ACCESS_CHECK
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
#define EXCEPTION_EXECUTE_HANDLER
#define InterlockedExchangeAdd
#define InterlockedExchangeAddSizeT(a, b)
POBJECT_TYPE IoFileObjectType
#define ExFreePoolWithTag(_P, _T)
#define InitializeObjectAttributes(p, n, a, r, s)
#define OB_FLAG_KERNEL_EXCLUSIVE
#define OBJECT_HEADER_TO_NAME_INFO(h)
#define OB_FLAG_PERMANENT
NTSTATUS(NTAPI * OB_PARSE_METHOD)(_In_ PVOID ParseObject, _In_ PVOID ObjectType, _Inout_ PACCESS_STATE AccessState, _In_ KPROCESSOR_MODE AccessMode, _In_ ULONG Attributes, _Inout_ PUNICODE_STRING CompleteName, _Inout_ PUNICODE_STRING RemainingName, _Inout_opt_ PVOID Context, _In_opt_ PSECURITY_QUALITY_OF_SERVICE SecurityQos, _Out_ PVOID *Object)
#define OBJECT_TO_OBJECT_HEADER(o)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
_In_ const STRING _In_ BOOLEAN CaseInSensitive
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
_In_ BOOLEAN _In_opt_ PACL _In_opt_ BOOLEAN DaclDefaulted
#define SYMBOLIC_LINK_ALL_ACCESS
#define DIRECTORY_CREATE_OBJECT
#define DIRECTORY_TRAVERSE
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
NTSYSAPI BOOLEAN NTAPI RtlPrefixUnicodeString(IN PUNICODE_STRING String1, IN PUNICODE_STRING String2, IN BOOLEAN CaseInSensitive)
#define DIRECTORY_ALL_ACCESS
#define DIRECTORY_CREATE_SUBDIRECTORY
__GNU_EXTENSION typedef unsigned __int64 * PULONGLONG
_In_ ULONG _In_ ULONG _In_ ULONG Length
ULONG NTAPI PsGetCurrentProcessSessionId(VOID)
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
#define STATUS_OBJECT_PATH_SYNTAX_BAD
#define STATUS_REPARSE_OBJECT
PDEVICE_MAP NTAPI ObpReferenceDeviceMap(VOID)
BOOLEAN NTAPI ObpCheckTraverseAccess(IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
#define OBTRACE(x, fmt,...)
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
#define OB_NAMESPACE_DEBUG
BOOLEAN NTAPI ObpDeleteEntryDirectory(IN POBP_LOOKUP_CONTEXT Context)
VOID NTAPI ObpDeleteSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
PVOID NTAPI ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
BOOLEAN NTAPI ObpInsertEntryDirectory(IN POBJECT_DIRECTORY Parent, IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_HEADER ObjectHeader)
BOOLEAN NTAPI ObCheckCreateObjectAccess(IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
NTSTATUS NTAPI ObpParseSymbolicLink(IN PVOID ParsedObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING FullPath, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *NextObject)
ULONG ObpLUIDDeviceMapsEnabled
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
ULONG ObpLUIDDeviceMapsDisabled
FORCEINLINE VOID ObpAcquireLookupContextLock(IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_DIRECTORY Directory)
Locks an object directory lookup context for performing lookup operations (insertions/deletions) in a...
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Initializes a new object directory lookup context. Used for lookup operations (insertions/deletions) ...
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Releases an initialized object directory lookup context. Unlocks it if necessary, and dereferences th...
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
NTSTATUS NTAPI NtCreateDirectoryObject(OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
NTSTATUS NTAPI NtCreateSymbolicLinkObject(OUT PHANDLE LinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PUNICODE_STRING LinkTarget)
NTSTATUS NTAPI ObQueryNameString(IN PVOID Object, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength)
BOOLEAN NTAPI ObpIsUnsecureName(IN PUNICODE_STRING ObjectName, IN BOOLEAN CaseInSensitive)
ALIGNEDNAME ObpDosDevicesShortNamePrefix
BOOLEAN ObpCaseInsensitive
POBJECT_DIRECTORY ObpTypeDirectoryObject
UNICODE_STRING ObpDosDevicesShortName
WCHAR ObpUnsecureGlobalNamesBuffer[128]
NTSTATUS NTAPI ObpCreateDosDevicesDirectory(VOID)
ULONG ObpUnsecureGlobalNamesLength
POBJECT_DIRECTORY ObpRootDirectoryObject
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
NTSTATUS NTAPI ObpGetDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
ALIGNEDNAME ObpDosDevicesShortNameRoot
VOID NTAPI ObpFreeDosDevicesProtection(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
POBJECT_TYPE MmSectionObjectType
PULONG MinorVersion OPTIONAL
base for all directory entries
POBJECT_DIRECTORY DosDevicesDirectory
OB_QUERYNAME_METHOD QueryNameProcedure
OB_PARSE_METHOD ParseProcedure
OBJECT_TYPE_INITIALIZER TypeInfo
#define RtlCopyMemory(Destination, Source, Length)
#define STATUS_ACCESS_DENIED
#define STATUS_OBJECT_PATH_NOT_FOUND
#define STATUS_INVALID_PARAMETER
#define STATUS_INFO_LENGTH_MISMATCH
#define STATUS_OBJECT_NAME_INVALID
#define STATUS_INSUFFICIENT_RESOURCES
#define STATUS_OBJECT_NAME_NOT_FOUND
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
#define ObDereferenceObject
#define ObReferenceObject
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
#define CONTAINER_INHERIT_ACE
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
#define OBJECT_INHERIT_ACE
#define SECURITY_DESCRIPTOR_REVISION
_In_ PUNICODE_STRING NewName