Include dependency graph for process.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ _IRQL_requires_max_()
| _IRQL_requires_max_ | ( | APC_LEVEL | ) |
Definition at line 497 of file process.c.
501{
502 /* Get the current PEB */
505 {
506 /* Default to Server 2003 */
508 }
509
510 /* Calculate OS version from PEB fields */
512}
Definition: btrfs_drv.h:1907
◆ RtlCreateUserProcess()
| NTSTATUS NTAPI RtlCreateUserProcess | ( | IN PUNICODE_STRING | ImageFileName, |
| IN ULONG | Attributes, | ||
| IN OUT PRTL_USER_PROCESS_PARAMETERS | ProcessParameters, | ||
| IN PSECURITY_DESCRIPTOR ProcessSecurityDescriptor | OPTIONAL, | ||
| IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor | OPTIONAL, | ||
| IN HANDLE ParentProcess | OPTIONAL, | ||
| IN BOOLEAN | InheritHandles, | ||
| IN HANDLE DebugPort | OPTIONAL, | ||
| IN HANDLE ExceptionPort | OPTIONAL, | ||
| OUT PRTL_USER_PROCESS_INFORMATION | ProcessInfo | ||
| ) |
Definition at line 194 of file process.c.
204{
207 PROCESS_BASIC_INFORMATION ProcessBasicInfo;
211
212 /* Map and Load the File */
214 Attributes,
215 &hSection);
217 {
220 }
221
222 /* Clean out the current directory handle if we won't use it */
224
225 /* Use us as parent if none other specified */
227
228 /* Initialize the Object Attributes */
230 NULL,
231 0,
232 NULL,
233 ProcessSecurityDescriptor);
234
235 /*
236 * If FLG_ENABLE_CSRDEBUG is used, then CSRSS is created under the
237 * watch of WindowsSS
238 */
241 {
243 }
244
245 /* Create Kernel Process Object */
247 PROCESS_ALL_ACCESS,
248 &ObjectAttributes,
249 ParentProcess,
250 InheritHandles,
251 hSection,
252 DebugPort,
253 ExceptionPort);
255 {
259 }
260
261 /* Get some information on the image */
264 &ProcessInfo->ImageInformation,
266 NULL);
268 {
270 ZwClose(ProcessInfo->ProcessHandle);
273 }
274
275 /* Get some information about the process */
278 &ProcessBasicInfo,
279 sizeof(ProcessBasicInfo),
280 NULL);
282 {
284 ZwClose(ProcessInfo->ProcessHandle);
287 }
288
289 /* Duplicate the standard handles */
291 _SEH2_TRY
292 {
293 if (ProcessParameters->StandardInput)
294 {
295 Status = ZwDuplicateObject(ParentProcess,
296 ProcessParameters->StandardInput,
297 ProcessInfo->ProcessHandle,
298 &ProcessParameters->StandardInput,
299 0,
300 0,
301 DUPLICATE_SAME_ACCESS |
304 {
305 _SEH2_LEAVE;
306 }
307 }
308
309 if (ProcessParameters->StandardOutput)
310 {
311 Status = ZwDuplicateObject(ParentProcess,
312 ProcessParameters->StandardOutput,
313 ProcessInfo->ProcessHandle,
314 &ProcessParameters->StandardOutput,
315 0,
316 0,
317 DUPLICATE_SAME_ACCESS |
320 {
321 _SEH2_LEAVE;
322 }
323 }
324
325 if (ProcessParameters->StandardError)
326 {
327 Status = ZwDuplicateObject(ParentProcess,
328 ProcessParameters->StandardError,
329 ProcessInfo->ProcessHandle,
330 &ProcessParameters->StandardError,
331 0,
332 0,
333 DUPLICATE_SAME_ACCESS |
336 {
337 _SEH2_LEAVE;
338 }
339 }
340 }
341 _SEH2_FINALLY
342 {
344 {
345 ZwClose(ProcessInfo->ProcessHandle);
347 }
348 }
349 _SEH2_END;
350
353
354 /* Create Process Environment */
356 ProcessBasicInfo.PebBaseAddress,
357 ProcessParameters);
359 {
361 ZwClose(ProcessInfo->ProcessHandle);
364 }
365
366 /* Create the first Thread */
368 ThreadSecurityDescriptor,
369 TRUE,
370 ProcessInfo->ImageInformation.ZeroBits,
371 ProcessInfo->ImageInformation.MaximumStackSize,
372 ProcessInfo->ImageInformation.CommittedStackSize,
373 ProcessInfo->ImageInformation.TransferAddress,
374 ProcessBasicInfo.PebBaseAddress,
375 &ProcessInfo->ThreadHandle,
376 &ProcessInfo->ClientId);
378 {
380 ZwClose(ProcessInfo->ProcessHandle);
383 }
384
385 /* Close the Section Handle and return */
388}
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
Definition: nsiface.idl:2307
NTSYSAPI NTSTATUS NTAPI ZwQuerySection(_In_ HANDLE SectionHandle, _In_ SECTION_INFORMATION_CLASS SectionInformationClass, _Out_ PVOID SectionInformation, _In_ SIZE_T Length, _Out_opt_ PSIZE_T ResultLength)
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
NTSYSAPI NTSTATUS NTAPI ZwCreateProcess(_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(_In_ PVOID ThreadContext, _Out_ HANDLE *OutThreadHandle, _Reserved_ PVOID Reserved1, _Reserved_ PVOID Reserved2, _Reserved_ PVOID Reserved3, _Reserved_ PVOID Reserved4, _Reserved_ PVOID Reserved5, _Reserved_ PVOID Reserved6, _Reserved_ PVOID Reserved7, _Reserved_ PVOID Reserved8)
NTSTATUS NTAPI RtlpMapFile(PUNICODE_STRING ImageFileName, ULONG Attributes, PHANDLE Section)
Definition: process.c:22
NTSTATUS NTAPI RtlpInitEnvironment(HANDLE ProcessHandle, PPEB Peb, PRTL_USER_PROCESS_PARAMETERS ProcessParameters)
Definition: process.c:70
Definition: umtypes.h:182
Definition: winternl.h:402
Definition: mmtypes.h:340
Definition: env_spec_w32.h:368
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
Definition: wdfcommonbuffer.h:97
#define DUPLICATE_SAME_ACCESS
◆ RtlDecodePointer()
◆ RtlDecodeSystemPointer()
Definition at line 439 of file process.c.
440{
442}
Referenced by BaseCheckRunApp(), LdrpInitializeProcess(), LdrpLoadDll(), LdrpLoadShimEngine(), LdrShutdownProcess(), and LdrUnloadDll().
◆ RtlEncodePointer()
Definition at line 395 of file process.c.
Referenced by RtlDecodePointer().
◆ RtlEncodeSystemPointer()
Definition at line 429 of file process.c.
430{
432}
#define SharedUserData
Referenced by BaseInitApphelp(), LdrpGetShimEngineInterface(), and RtlDecodeSystemPointer().
◆ RtlGetCurrentProcessorNumber()
Definition at line 491 of file process.c.
492{
493 /* Forward to kernel */
495}
NTSYSAPI ULONG WINAPI NtGetCurrentProcessorNumber(void)
Definition: sysinfo.c:3055
◆ RtlpInitEnvironment()
| NTSTATUS NTAPI RtlpInitEnvironment | ( | HANDLE | ProcessHandle, |
| PPEB | Peb, | ||
| PRTL_USER_PROCESS_PARAMETERS | ProcessParameters | ||
| ) |
Definition at line 70 of file process.c.
73{
76 SIZE_T EnviroSize;
81
82 /* Give the caller 1MB if he requested it */
84 {
85 /* Give 1MB starting at 0x4 */
87 EnviroSize = (1024 * 1024) - 256;
89 &BaseAddress,
90 0,
91 &EnviroSize,
92 MEM_RESERVE,
93 PAGE_READWRITE);
95 {
98 }
99 }
100
101 /* Find the end of the Enviroment Block */
103 {
105
106 /* Calculate the size of the block */
109
110 /* Allocate and Initialize new Environment Block */
111 Size = EnviroSize;
113 &BaseAddress,
114 0,
115 &Size,
117 PAGE_READWRITE);
119 {
122 }
123
124 /* Write the Environment Block */
126 BaseAddress,
127 ProcessParameters->Environment,
128 EnviroSize,
129 NULL);
130
131 /* Save pointer */
133 }
134
135 /* Now allocate space for the Parameter Block */
139 &BaseAddress,
140 0,
141 &Size,
142 MEM_COMMIT,
143 PAGE_READWRITE);
145 {
148 }
149
150 /* Write the Parameter Block */
152 BaseAddress,
153 ProcessParameters,
154 ProcessParameters->Length,
155 NULL);
157 {
160 }
161
162 /* Write pointer to Parameter Block */
165 &BaseAddress,
167 NULL);
169 {
172 }
173
174 /* Return */
176}
NTSYSAPI NTSTATUS NTAPI ZwWriteVirtualMemory(_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ PVOID Buffer, _In_ SIZE_T NumberOfBytesToWrite, _Out_opt_ PSIZE_T NumberOfBytesWritten)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
#define RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB
Definition: rtltypes.h:46
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
Referenced by RtlCreateUserProcess().
◆ RtlpMapFile()
| NTSTATUS NTAPI RtlpMapFile | ( | PUNICODE_STRING | ImageFileName, |
| ULONG | Attributes, | ||
| PHANDLE | Section | ||
| ) |
Definition at line 22 of file process.c.
25{
30
31 /* Open the Image File */
33 ImageFileName,
35 NULL,
36 NULL);
39 &ObjectAttributes,
40 &IoStatusBlock,
44 {
47 }
48
49 /* Now create a section for this image */
50 Status = ZwCreateSection(Section,
52 NULL,
53 NULL,
54 PAGE_EXECUTE,
55 SEC_IMAGE,
56 hFile);
58 {
60 }
61
64}
NTSYSAPI NTSTATUS NTAPI ZwOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
Definition: env_spec_w32.h:870
Referenced by RtlCreateUserProcess().
◆ RtlSetProcessIsCritical()
| NTSTATUS __cdecl RtlSetProcessIsCritical | ( | IN BOOLEAN | NewValue, |
| OUT PBOOLEAN OldValue | OPTIONAL, | ||
| IN BOOLEAN | NeedBreaks | ||
| ) |
Definition at line 453 of file process.c.
456{
457 ULONG BreakOnTermination;
458
459 /* Initialize to FALSE */
461
462 /* Fail, if the critical breaks flag is required but is not set */
463 if ((NeedBreaks) &&
465 {
467 }
468
469 /* Check if the caller wants the old value */
470 if (OldValue)
471 {
472 /* Query and return the old break on termination flag for the process */
475 &BreakOnTermination,
477 NULL);
478 *OldValue = (BOOLEAN)BreakOnTermination;
479 }
480
481 /* Set the break on termination flag for the process */
482 BreakOnTermination = NewValue;
485 &BreakOnTermination,
487}
NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
