ReactOS  0.4.15-dev-5608-gafb953a
Macros | Functions
process.c File Reference
#include <rtl.h>
#include <debug.h>
Include dependency graph for process.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

NTSTATUS NTAPI RtlpMapFile (PUNICODE_STRING ImageFileName, ULONG Attributes, PHANDLE Section)
 
NTSTATUS NTAPI RtlpInitEnvironment (HANDLE ProcessHandle, PPEB Peb, PRTL_USER_PROCESS_PARAMETERS ProcessParameters)
 
NTSTATUS NTAPI RtlCreateUserProcess (IN PUNICODE_STRING ImageFileName, IN ULONG Attributes, IN OUT PRTL_USER_PROCESS_PARAMETERS ProcessParameters, IN PSECURITY_DESCRIPTOR ProcessSecurityDescriptor OPTIONAL, IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor OPTIONAL, IN HANDLE ParentProcess OPTIONAL, IN BOOLEAN InheritHandles, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, OUT PRTL_USER_PROCESS_INFORMATION ProcessInfo)
 
PVOID NTAPI RtlEncodePointer (IN PVOID Pointer)
 
PVOID NTAPI RtlDecodePointer (IN PVOID Pointer)
 
PVOID NTAPI RtlEncodeSystemPointer (IN PVOID Pointer)
 
PVOID NTAPI RtlDecodeSystemPointer (IN PVOID Pointer)
 
NTSTATUS __cdecl RtlSetProcessIsCritical (IN BOOLEAN NewValue, OUT PBOOLEAN OldValue OPTIONAL, IN BOOLEAN NeedBreaks)
 
ULONG NTAPI RtlGetCurrentProcessorNumber (VOID)
 
 _IRQL_requires_max_ (APC_LEVEL)
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 15 of file process.c.

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( APC_LEVEL  )

Definition at line 497 of file process.c.

501 {
502  /* Get the current PEB */
503  PPEB Peb = RtlGetCurrentPeb();
504  if (Peb == NULL)
505  {
506  /* Default to Server 2003 */
507  return _WIN32_WINNT_WS03;
508  }
509 
510  /* Calculate OS version from PEB fields */
511  return (Peb->OSMajorVersion << 8) | Peb->OSMinorVersion;
512 }
Peb
PPEB Peb
Definition: dllmain.c:27
_WIN32_WINNT_WS03
#define _WIN32_WINNT_WS03
Definition: sdkddkver.h:23
RtlGetCurrentPeb
PPEB NTAPI RtlGetCurrentPeb(VOID)
Definition: libsupp.c:63
_PEB::OSMinorVersion
ULONG OSMinorVersion
Definition: ntddk_ex.h:301
_PEB
Definition: btrfs_drv.h:1907
NULL
#define NULL
Definition: types.h:112
_PEB::OSMajorVersion
ULONG OSMajorVersion
Definition: ntddk_ex.h:300

◆ RtlCreateUserProcess()

NTSTATUS NTAPI RtlCreateUserProcess ( IN PUNICODE_STRING  ImageFileName,
IN ULONG  Attributes,
IN OUT PRTL_USER_PROCESS_PARAMETERS  ProcessParameters,
IN PSECURITY_DESCRIPTOR ProcessSecurityDescriptor  OPTIONAL,
IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor  OPTIONAL,
IN HANDLE ParentProcess  OPTIONAL,
IN BOOLEAN  InheritHandles,
IN HANDLE DebugPort  OPTIONAL,
IN HANDLE ExceptionPort  OPTIONAL,
OUT PRTL_USER_PROCESS_INFORMATION  ProcessInfo 
)

Definition at line 194 of file process.c.

204 {
205  NTSTATUS Status;
206  HANDLE hSection;
207  PROCESS_BASIC_INFORMATION ProcessBasicInfo;
208  OBJECT_ATTRIBUTES ObjectAttributes;
209  UNICODE_STRING DebugString = RTL_CONSTANT_STRING(L"\\WindowsSS");
210  DPRINT("RtlCreateUserProcess: %wZ\n", ImageFileName);
211 
212  /* Map and Load the File */
213  Status = RtlpMapFile(ImageFileName,
214  Attributes,
215  &hSection);
216  if (!NT_SUCCESS(Status))
217  {
218  DPRINT1("Could not map process image\n");
219  return Status;
220  }
221 
222  /* Clean out the current directory handle if we won't use it */
223  if (!InheritHandles) ProcessParameters->CurrentDirectory.Handle = NULL;
224 
225  /* Use us as parent if none other specified */
226  if (!ParentProcess) ParentProcess = NtCurrentProcess();
227 
228  /* Initialize the Object Attributes */
229  InitializeObjectAttributes(&ObjectAttributes,
230  NULL,
231  0,
232  NULL,
233  ProcessSecurityDescriptor);
234 
235  /*
236  * If FLG_ENABLE_CSRDEBUG is used, then CSRSS is created under the
237  * watch of WindowsSS
238  */
239  if ((RtlGetNtGlobalFlags() & FLG_ENABLE_CSRDEBUG) &&
240  (wcsstr(ImageFileName->Buffer, L"csrss")))
241  {
242  ObjectAttributes.ObjectName = &DebugString;
243  }
244 
245  /* Create Kernel Process Object */
246  Status = ZwCreateProcess(&ProcessInfo->ProcessHandle,
247  PROCESS_ALL_ACCESS,
248  &ObjectAttributes,
249  ParentProcess,
250  InheritHandles,
251  hSection,
252  DebugPort,
253  ExceptionPort);
254  if (!NT_SUCCESS(Status))
255  {
256  DPRINT1("Could not create Kernel Process Object\n");
257  ZwClose(hSection);
258  return Status;
259  }
260 
261  /* Get some information on the image */
262  Status = ZwQuerySection(hSection,
263  SectionImageInformation,
264  &ProcessInfo->ImageInformation,
265  sizeof(SECTION_IMAGE_INFORMATION),
266  NULL);
267  if (!NT_SUCCESS(Status))
268  {
269  DPRINT1("Could not query Section Info\n");
270  ZwClose(ProcessInfo->ProcessHandle);
271  ZwClose(hSection);
272  return Status;
273  }
274 
275  /* Get some information about the process */
276  Status = ZwQueryInformationProcess(ProcessInfo->ProcessHandle,
277  ProcessBasicInformation,
278  &ProcessBasicInfo,
279  sizeof(ProcessBasicInfo),
280  NULL);
281  if (!NT_SUCCESS(Status))
282  {
283  DPRINT1("Could not query Process Info\n");
284  ZwClose(ProcessInfo->ProcessHandle);
285  ZwClose(hSection);
286  return Status;
287  }
288 
289  /* Duplicate the standard handles */
290  Status = STATUS_SUCCESS;
291  _SEH2_TRY
292  {
293  if (ProcessParameters->StandardInput)
294  {
295  Status = ZwDuplicateObject(ParentProcess,
296  ProcessParameters->StandardInput,
297  ProcessInfo->ProcessHandle,
298  &ProcessParameters->StandardInput,
299  0,
300  0,
301  DUPLICATE_SAME_ACCESS |
302  DUPLICATE_SAME_ATTRIBUTES);
303  if (!NT_SUCCESS(Status))
304  {
305  _SEH2_LEAVE;
306  }
307  }
308 
309  if (ProcessParameters->StandardOutput)
310  {
311  Status = ZwDuplicateObject(ParentProcess,
312  ProcessParameters->StandardOutput,
313  ProcessInfo->ProcessHandle,
314  &ProcessParameters->StandardOutput,
315  0,
316  0,
317  DUPLICATE_SAME_ACCESS |
318  DUPLICATE_SAME_ATTRIBUTES);
319  if (!NT_SUCCESS(Status))
320  {
321  _SEH2_LEAVE;
322  }
323  }
324 
325  if (ProcessParameters->StandardError)
326  {
327  Status = ZwDuplicateObject(ParentProcess,
328  ProcessParameters->StandardError,
329  ProcessInfo->ProcessHandle,
330  &ProcessParameters->StandardError,
331  0,
332  0,
333  DUPLICATE_SAME_ACCESS |
334  DUPLICATE_SAME_ATTRIBUTES);
335  if (!NT_SUCCESS(Status))
336  {
337  _SEH2_LEAVE;
338  }
339  }
340  }
341  _SEH2_FINALLY
342  {
343  if (!NT_SUCCESS(Status))
344  {
345  ZwClose(ProcessInfo->ProcessHandle);
346  ZwClose(hSection);
347  }
348  }
349  _SEH2_END;
350 
351  if (!NT_SUCCESS(Status))
352  return Status;
353 
354  /* Create Process Environment */
355  Status = RtlpInitEnvironment(ProcessInfo->ProcessHandle,
356  ProcessBasicInfo.PebBaseAddress,
357  ProcessParameters);
358  if (!NT_SUCCESS(Status))
359  {
360  DPRINT1("Could not Create Process Environment\n");
361  ZwClose(ProcessInfo->ProcessHandle);
362  ZwClose(hSection);
363  return Status;
364  }
365 
366  /* Create the first Thread */
367  Status = RtlCreateUserThread(ProcessInfo->ProcessHandle,
368  ThreadSecurityDescriptor,
369  TRUE,
370  ProcessInfo->ImageInformation.ZeroBits,
371  ProcessInfo->ImageInformation.MaximumStackSize,
372  ProcessInfo->ImageInformation.CommittedStackSize,
373  ProcessInfo->ImageInformation.TransferAddress,
374  ProcessBasicInfo.PebBaseAddress,
375  &ProcessInfo->ThreadHandle,
376  &ProcessInfo->ClientId);
377  if (!NT_SUCCESS(Status))
378  {
379  DPRINT1("Could not Create Thread\n");
380  ZwClose(ProcessInfo->ProcessHandle);
381  ZwClose(hSection); /* Don't try to optimize this on top! */
382  return Status;
383  }
384 
385  /* Close the Section Handle and return */
386  ZwClose(hSection);
387  return STATUS_SUCCESS;
388 }
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
RtlpMapFile
NTSTATUS NTAPI RtlpMapFile(PUNICODE_STRING ImageFileName, ULONG Attributes, PHANDLE Section)
Definition: process.c:22
PROCESS_ALL_ACCESS
#define PROCESS_ALL_ACCESS
Definition: nt_native.h:1324
TRUE
#define TRUE
Definition: types.h:120
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
wcsstr
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
ZwClose
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
FLG_ENABLE_CSRDEBUG
#define FLG_ENABLE_CSRDEBUG
Definition: pstypes.h:72
_SEH2_END
_SEH2_END
Definition: create.c:4400
_PROCESS_BASIC_INFORMATION::PebBaseAddress
PPEB PebBaseAddress
Definition: winternl.h:404
L
#define L(x)
Definition: ntvdm.h:50
DUPLICATE_SAME_ACCESS
#define DUPLICATE_SAME_ACCESS
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
_PROCESS_BASIC_INFORMATION
Definition: winternl.h:401
Status
Status
Definition: gdiplustypes.h:24
ZwQueryInformationProcess
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
RtlCreateUserThread
NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(_In_ PVOID ThreadContext, _Out_ HANDLE *OutThreadHandle, _Reserved_ PVOID Reserved1, _Reserved_ PVOID Reserved2, _Reserved_ PVOID Reserved3, _Reserved_ PVOID Reserved4, _Reserved_ PVOID Reserved5, _Reserved_ PVOID Reserved6, _Reserved_ PVOID Reserved7, _Reserved_ PVOID Reserved8)
_SEH2_FINALLY
_SEH2_FINALLY
Definition: create.c:4371
_UNICODE_STRING
Definition: env_spec_w32.h:368
DUPLICATE_SAME_ATTRIBUTES
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
ZwQuerySection
NTSYSAPI NTSTATUS NTAPI ZwQuerySection(_In_ HANDLE SectionHandle, _In_ SECTION_INFORMATION_CLASS SectionInformationClass, _Out_ PVOID SectionInformation, _In_ SIZE_T Length, _Out_opt_ PSIZE_T ResultLength)
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
DebugString
CCHAR DebugString[256]
Definition: cmdline.c:22
ZwCreateProcess
NTSYSAPI NTSTATUS NTAPI ZwCreateProcess(_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_SEH2_LEAVE
#define _SEH2_LEAVE
Definition: filesup.c:20
DPRINT
#define DPRINT
Definition: sndvol32.h:71
RtlpInitEnvironment
NTSTATUS NTAPI RtlpInitEnvironment(HANDLE ProcessHandle, PPEB Peb, PRTL_USER_PROCESS_PARAMETERS ProcessParameters)
Definition: process.c:70
_SECTION_IMAGE_INFORMATION
Definition: mmtypes.h:336
hSection
_In_ const BITMAPINFO _In_ UINT _In_opt_ HANDLE hSection
Definition: wingdi.h:3239
RtlGetNtGlobalFlags
ULONG NTAPI RtlGetNtGlobalFlags(VOID)
Definition: libsupp.c:93
Attributes
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
Definition: wdfcommonbuffer.h:97
RTL_CONSTANT_STRING
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14

◆ RtlDecodePointer()

PVOID NTAPI RtlDecodePointer ( IN PVOID  Pointer)

Definition at line 419 of file process.c.

420 {
421  return RtlEncodePointer(Pointer);
422 }
RtlEncodePointer
PVOID NTAPI RtlEncodePointer(IN PVOID Pointer)
Definition: process.c:395

◆ RtlDecodeSystemPointer()

PVOID NTAPI RtlDecodeSystemPointer ( IN PVOID  Pointer)

Definition at line 439 of file process.c.

440 {
441  return RtlEncodeSystemPointer(Pointer);
442 }
RtlEncodeSystemPointer
PVOID NTAPI RtlEncodeSystemPointer(IN PVOID Pointer)
Definition: process.c:429

Referenced by BaseCheckRunApp(), LdrpInitializeProcess(), LdrpLoadDll(), LdrpLoadShimEngine(), LdrShutdownProcess(), and LdrUnloadDll().

◆ RtlEncodePointer()

PVOID NTAPI RtlEncodePointer ( IN PVOID  Pointer)

Definition at line 395 of file process.c.

396 {
397  ULONG Cookie;
398  NTSTATUS Status;
399 
400  Status = ZwQueryInformationProcess(NtCurrentProcess(),
401  ProcessCookie,
402  &Cookie,
403  sizeof(Cookie),
404  NULL);
405  if(!NT_SUCCESS(Status))
406  {
407  DPRINT1("Failed to receive the process cookie! Status: 0x%lx\n", Status);
408  return Pointer;
409  }
410 
411  return (PVOID)((ULONG_PTR)Pointer ^ Cookie);
412 }
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
Status
Status
Definition: gdiplustypes.h:24
ZwQueryInformationProcess
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
Cookie
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
Definition: cmfuncs.h:13
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
ULONG
unsigned int ULONG
Definition: retypes.h:1
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101

Referenced by RtlDecodePointer().

◆ RtlEncodeSystemPointer()

PVOID NTAPI RtlEncodeSystemPointer ( IN PVOID  Pointer)

Definition at line 429 of file process.c.

430 {
431  return (PVOID)((ULONG_PTR)Pointer ^ SharedUserData->Cookie);
432 }
SharedUserData
#define SharedUserData
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101

Referenced by BaseInitApphelp(), LdrpGetShimEngineInterface(), and RtlDecodeSystemPointer().

◆ RtlGetCurrentProcessorNumber()

ULONG NTAPI RtlGetCurrentProcessorNumber ( VOID  )

Definition at line 491 of file process.c.

492 {
493  /* Forward to kernel */
494  return NtGetCurrentProcessorNumber();
495 }
NtGetCurrentProcessorNumber
ULONG NTAPI NtGetCurrentProcessorNumber(VOID)
Definition: sysinfo.c:3053

◆ RtlpInitEnvironment()

NTSTATUS NTAPI RtlpInitEnvironment ( HANDLE  ProcessHandle,
PPEB  Peb,
PRTL_USER_PROCESS_PARAMETERS  ProcessParameters 
)

Definition at line 70 of file process.c.

73 {
74  NTSTATUS Status;
75  PVOID BaseAddress = NULL;
76  SIZE_T EnviroSize;
77  SIZE_T Size;
78  PWCHAR Environment = NULL;
79  DPRINT("RtlpInitEnvironment(ProcessHandle: %p, Peb: %p Params: %p)\n",
80  ProcessHandle, Peb, ProcessParameters);
81 
82  /* Give the caller 1MB if he requested it */
83  if (ProcessParameters->Flags & RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB)
84  {
85  /* Give 1MB starting at 0x4 */
86  BaseAddress = (PVOID)4;
87  EnviroSize = (1024 * 1024) - 256;
88  Status = ZwAllocateVirtualMemory(ProcessHandle,
89  &BaseAddress,
90  0,
91  &EnviroSize,
92  MEM_RESERVE,
93  PAGE_READWRITE);
94  if (!NT_SUCCESS(Status))
95  {
96  DPRINT1("Failed to reserve 1MB of space\n");
97  return Status;
98  }
99  }
100 
101  /* Find the end of the Enviroment Block */
102  if ((Environment = (PWCHAR)ProcessParameters->Environment))
103  {
104  while (*Environment++) while (*Environment++);
105 
106  /* Calculate the size of the block */
107  EnviroSize = (ULONG)((ULONG_PTR)Environment -
108  (ULONG_PTR)ProcessParameters->Environment);
109 
110  /* Allocate and Initialize new Environment Block */
111  Size = EnviroSize;
112  Status = ZwAllocateVirtualMemory(ProcessHandle,
113  &BaseAddress,
114  0,
115  &Size,
116  MEM_RESERVE | MEM_COMMIT,
117  PAGE_READWRITE);
118  if (!NT_SUCCESS(Status))
119  {
120  DPRINT1("Failed to allocate Environment Block\n");
121  return Status;
122  }
123 
124  /* Write the Environment Block */
125  ZwWriteVirtualMemory(ProcessHandle,
126  BaseAddress,
127  ProcessParameters->Environment,
128  EnviroSize,
129  NULL);
130 
131  /* Save pointer */
132  ProcessParameters->Environment = BaseAddress;
133  }
134 
135  /* Now allocate space for the Parameter Block */
136  BaseAddress = NULL;
137  Size = ProcessParameters->MaximumLength;
138  Status = ZwAllocateVirtualMemory(ProcessHandle,
139  &BaseAddress,
140  0,
141  &Size,
142  MEM_COMMIT,
143  PAGE_READWRITE);
144  if (!NT_SUCCESS(Status))
145  {
146  DPRINT1("Failed to allocate Parameter Block\n");
147  return Status;
148  }
149 
150  /* Write the Parameter Block */
151  Status = ZwWriteVirtualMemory(ProcessHandle,
152  BaseAddress,
153  ProcessParameters,
154  ProcessParameters->Length,
155  NULL);
156  if (!NT_SUCCESS(Status))
157  {
158  DPRINT1("Failed to write the Parameter Block\n");
159  return Status;
160  }
161 
162  /* Write pointer to Parameter Block */
163  Status = ZwWriteVirtualMemory(ProcessHandle,
164  &Peb->ProcessParameters,
165  &BaseAddress,
166  sizeof(BaseAddress),
167  NULL);
168  if (!NT_SUCCESS(Status))
169  {
170  DPRINT1("Failed to write pointer to Parameter Block\n");
171  return Status;
172  }
173 
174  /* Return */
175  return STATUS_SUCCESS;
176 }
Environment
PVOID PVOID PWCHAR PVOID Environment
Definition: env.c:47
_RTL_USER_PROCESS_PARAMETERS::Length
ULONG Length
Definition: rtltypes.h:1532
Peb
PPEB Peb
Definition: dllmain.c:27
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Size
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56
_PEB::ProcessParameters
PRTL_USER_PROCESS_PARAMETERS ProcessParameters
Definition: btrfs_drv.h:1913
MEM_COMMIT
#define MEM_COMMIT
Definition: nt_native.h:1313
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
MEM_RESERVE
#define MEM_RESERVE
Definition: nt_native.h:1314
_RTL_USER_PROCESS_PARAMETERS::MaximumLength
ULONG MaximumLength
Definition: rtltypes.h:1531
ZwWriteVirtualMemory
NTSYSAPI NTSTATUS NTAPI ZwWriteVirtualMemory(_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ PVOID Buffer, _In_ SIZE_T NumberOfBytesToWrite, _Out_opt_ PSIZE_T NumberOfBytesWritten)
Status
Status
Definition: gdiplustypes.h:24
BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB
#define RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB
Definition: rtltypes.h:46
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_RTL_USER_PROCESS_PARAMETERS::Flags
ULONG Flags
Definition: rtltypes.h:1533
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
ULONG
static ULONG
Definition: process.c:83
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
PVOID
static PVOID
Definition: process.c:83
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
_RTL_USER_PROCESS_PARAMETERS::Environment
PWSTR Environment
Definition: rtltypes.h:1544
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
DPRINT
#define DPRINT
Definition: sndvol32.h:71
ProcessHandle
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1304

Referenced by RtlCreateUserProcess().

◆ RtlpMapFile()

NTSTATUS NTAPI RtlpMapFile ( PUNICODE_STRING  ImageFileName,
ULONG  Attributes,
PHANDLE  Section 
)

Definition at line 22 of file process.c.

25 {
26  OBJECT_ATTRIBUTES ObjectAttributes;
27  NTSTATUS Status;
28  HANDLE hFile = NULL;
29  IO_STATUS_BLOCK IoStatusBlock;
30 
31  /* Open the Image File */
32  InitializeObjectAttributes(&ObjectAttributes,
33  ImageFileName,
34  Attributes & (OBJ_CASE_INSENSITIVE | OBJ_INHERIT),
35  NULL,
36  NULL);
37  Status = ZwOpenFile(&hFile,
38  SYNCHRONIZE | FILE_EXECUTE | FILE_READ_DATA,
39  &ObjectAttributes,
40  &IoStatusBlock,
41  FILE_SHARE_DELETE | FILE_SHARE_READ,
42  FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE);
43  if (!NT_SUCCESS(Status))
44  {
45  DPRINT1("Failed to read image file from disk, Status = 0x%08X\n", Status);
46  return Status;
47  }
48 
49  /* Now create a section for this image */
50  Status = ZwCreateSection(Section,
51  SECTION_ALL_ACCESS,
52  NULL,
53  NULL,
54  PAGE_EXECUTE,
55  SEC_IMAGE,
56  hFile);
57  if (!NT_SUCCESS(Status))
58  {
59  DPRINT1("Failed to create section for image file, Status = 0x%08X\n", Status);
60  }
61 
62  ZwClose(hFile);
63  return Status;
64 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
ZwClose
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
FILE_SHARE_READ
#define FILE_SHARE_READ
Definition: compat.h:136
SECTION_ALL_ACCESS
#define SECTION_ALL_ACCESS
Definition: nt_native.h:1293
FILE_READ_DATA
#define FILE_READ_DATA
Definition: nt_native.h:628
PAGE_EXECUTE
#define PAGE_EXECUTE
Definition: nt_native.h:1306
Status
Status
Definition: gdiplustypes.h:24
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
OBJ_INHERIT
#define OBJ_INHERIT
Definition: winternl.h:225
ZwOpenFile
NTSYSAPI NTSTATUS NTAPI ZwOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
FILE_SHARE_DELETE
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
FILE_EXECUTE
#define FILE_EXECUTE
Definition: nt_native.h:642
FILE_NON_DIRECTORY_FILE
#define FILE_NON_DIRECTORY_FILE
Definition: constants.h:492
SYNCHRONIZE
#define SYNCHRONIZE
Definition: nt_native.h:61
hFile
_In_ HANDLE hFile
Definition: mswsock.h:90
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870
IoStatusBlock
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
FILE_SYNCHRONOUS_IO_NONALERT
#define FILE_SYNCHRONOUS_IO_NONALERT
Definition: from_kernel.h:31
SEC_IMAGE
#define SEC_IMAGE
Definition: mmtypes.h:96
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
Attributes
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
Definition: wdfcommonbuffer.h:97

Referenced by RtlCreateUserProcess().

◆ RtlSetProcessIsCritical()

NTSTATUS __cdecl RtlSetProcessIsCritical ( IN BOOLEAN  NewValue,
OUT PBOOLEAN OldValue  OPTIONAL,
IN BOOLEAN  NeedBreaks 
)

Definition at line 453 of file process.c.

456 {
457  ULONG BreakOnTermination;
458 
459  /* Initialize to FALSE */
460  if (OldValue) *OldValue = FALSE;
461 
462  /* Fail, if the critical breaks flag is required but is not set */
463  if ((NeedBreaks) &&
464  !(NtCurrentPeb()->NtGlobalFlag & FLG_ENABLE_SYSTEM_CRIT_BREAKS))
465  {
466  return STATUS_UNSUCCESSFUL;
467  }
468 
469  /* Check if the caller wants the old value */
470  if (OldValue)
471  {
472  /* Query and return the old break on termination flag for the process */
473  ZwQueryInformationProcess(NtCurrentProcess(),
474  ProcessBreakOnTermination,
475  &BreakOnTermination,
476  sizeof(ULONG),
477  NULL);
478  *OldValue = (BOOLEAN)BreakOnTermination;
479  }
480 
481  /* Set the break on termination flag for the process */
482  BreakOnTermination = NewValue;
483  return ZwSetInformationProcess(NtCurrentProcess(),
484  ProcessBreakOnTermination,
485  &BreakOnTermination,
486  sizeof(ULONG));
487 }
FLG_ENABLE_SYSTEM_CRIT_BREAKS
#define FLG_ENABLE_SYSTEM_CRIT_BREAKS
Definition: pstypes.h:78
FALSE
#define FALSE
Definition: types.h:117
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
ZwQueryInformationProcess
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
NtCurrentPeb
#define NtCurrentPeb()
Definition: FLS.c:22
NULL
#define NULL
Definition: types.h:112
BOOLEAN
#define BOOLEAN
Definition: pedump.c:73
ULONG
unsigned int ULONG
Definition: retypes.h:1
NtGlobalFlag
ULONG NtGlobalFlag
Definition: init.c:54
ZwSetInformationProcess
NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)