ReactOS  0.4.15-dev-4570-g4f8bbd1
obhandle.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for obhandle.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable (IN PEPROCESS Process)
 
VOID NTAPI ObDereferenceProcessHandleTable (IN PEPROCESS Process)
 
ULONG NTAPI ObGetProcessHandleCount (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle (IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
 
BOOLEAN NTAPI ObpEnumFindHandleProcedure (IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN PVOID Context)
 
POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount (IN POBJECT_HEADER ObjectHeader)
 
NTSTATUS NTAPI ObpIncrementHandleDataBase (IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
 
NTSTATUS NTAPI ObpChargeQuotaForObject (IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
 
NTSTATUS NTAPI ObpValidateAccessMask (IN PACCESS_STATE AccessState)
 
VOID NTAPI ObpDecrementHandleCount (IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
 
NTSTATUS NTAPI ObpCloseHandleTableEntry (IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
 
NTSTATUS NTAPI ObpIncrementHandleCount (IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
 
NTSTATUS NTAPI ObpIncrementUnnamedHandleCount (IN PVOID Object, IN PACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process)
 
NTSTATUS NTAPI ObpCreateUnnamedHandle (IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
 
NTSTATUS NTAPI ObpCreateHandle (IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
 
NTSTATUS NTAPI ObpCloseHandle (IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
 
BOOLEAN NTAPI ObpSetHandleAttributes (IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
 
BOOLEAN NTAPI ObpCloseHandleCallback (IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
 
BOOLEAN NTAPI ObpDuplicateHandleCallback (IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
 
VOID NTAPI ObClearProcessHandleTable (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObInitProcess (IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
 
VOID NTAPI ObKillProcess (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObDuplicateObject (IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI ObOpenObjectByName (IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN OUT PVOID ParseContext, OUT PHANDLE Handle)
 
NTSTATUS NTAPI ObOpenObjectByPointer (IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
 
BOOLEAN NTAPI ObFindHandleForObject (IN PEPROCESS Process, IN PVOID Object, IN POBJECT_TYPE ObjectType, IN POBJECT_HANDLE_INFORMATION HandleInformation, OUT PHANDLE Handle)
 
NTSTATUS NTAPI ObInsertObject (IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
 
NTSTATUS NTAPI ObSetHandleAttributes (IN HANDLE Handle, IN POBJECT_HANDLE_ATTRIBUTE_INFORMATION HandleFlags, IN KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI ObCloseHandle (IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
 
NTSTATUS NTAPI NtClose (IN HANDLE Handle)
 
NTSTATUS NTAPI NtDuplicateObject (IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options)
 
BOOLEAN NTAPI ObIsKernelHandle (IN HANDLE Handle)
 

Variables

PHANDLE_TABLE ObpKernelHandleTable = NULL
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 17 of file obhandle.c.

Function Documentation

◆ NtClose()

NTSTATUS NTAPI NtClose ( IN HANDLE  Handle)

Definition at line 3401 of file obhandle.c.

3402 {
3403  /* Call the internal API */
3405 }
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3063
NTSTATUS NTAPI ObpCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:1729
_In_ HANDLE Handle
Definition: extypes.h:390

Referenced by _At_(), _main(), _tmain(), AccpCloseObjectHandle(), AddCodepageToRegistry(), AddFontsSettingsToRegistry(), AddHotkeySettings(), AddKbLayoutsToRegistry(), AddPartitionToDisk(), AfdBind(), AfdConnect(), AfdGetInformation(), AfdSend(), AfdSendTo(), AfdSetInformation(), AllocConsole(), BaseComputeProcessDllPath(), BaseGetNamedObjectDirectory(), BaseInitializeStaticServerData(), BasepCopyFileExW(), BasepIsProcessAllowed(), BasepMapFile(), BasepMoveFileDelayed(), BasepNotifyTrackingService(), BasepOpenFileForMove(), BasepSxsCloseHandles(), BaseSrvCleanupVDMResources(), BaseSrvCreatePairWaitHandles(), BaseSrvDestroyConsoleRecord(), BaseSrvDestroyPairWaitHandles(), BaseSrvIsVdmAllowed(), Beep(), CabinetExtractFile(), CallApphelpWithImage(), CallCacheControl(), check_boot_options(), CheckForGlobalDriveLetter(), CheckTokenMembership(), ClientThread(), CloseCabinet(), CloseDefaultKeys(), CloseDevice(), CloseHandle(), CloseIniBootLoaderStore(), closeTcpFile(), CmGetSystemDriverList(), CmInitSystem1(), CmpCreateControlSet(), CmpCreateHardwareProfile(), CmpInitializeHardwareConfiguration(), CmpInitializeMachineDependentConfiguration(), CmpInitializeRegistryNode(), CmpSetSystemValues(), CmpSetupConfigurationTree(), CmpSetVersionData(), CommandDumpSector(), CommandPartInfo(), CON_API(), ConCfgOpenUserSettings(), ConDrvDeinitInputBuffer(), ConnectConsole(), ConnectRegistry(), ConSrvDeleteConsole(), ConSrvInitConsole(), ConvertNtPathToWin32Path(), create_classes_root_hkey(), create_key(), create_registry_key(), CreateBaseAcls(), CreateContext(), CreateDirectoryExW(), CreateDirectoryW(), CreateHardLinkW(), CreateIoCompletionPort(), CreateKeyTest(), CreateNestedKey(), CreatePartitionList(), CreatePipe(), CreateProcessAsUserCommon(), CreateProcessInternalW(), CreateRegistryFile(), CreateRemoteThread(), CreateSymbolicLinkW(), CreateSymLinkKey(), CreateWindowStationW(), CSR_API(), CsrApiPortInitialize(), CsrCreateRemoteThread(), CsrGetProcessLuid(), CsrpCheckRequestThreads(), CsrpConnectToServer(), CsrProcessRefcountZero(), CsrSbApiRequestThread(), CsrSetProcessSecurity(), CsrSrvCreateSharedSection(), CsrThreadRefcountZero(), DbgUiIssueRemoteBreakin(), DebugActiveProcess(), DebugActiveProcessStop(), DeleteFileW(), DeleteKeyTest(), DeleteSymLinkKey(), DeleteValueTest(), DestroyProtoHive(), DismountVolume(), do_enumeratekey(), DoesPathExist(), DumpDisk(), DumpPartition(), DumpRegistryData(), EnumerateKeyTest(), EnumerateValueTest(), ExpandSymbolicLink(), ExpCreateSystemRootLink(), ExpInitializeCallbacks(), Ext2CloseDevice(), FindClose(), FindFirstChangeNotificationW(), FindFirstFileExW(), FindFirstStreamW(), FindNTOSInstallations(), FormatEx2(), FreeConsole(), get_manifest_in_associated_manifest(), get_manifest_in_manifest_file(), get_manifest_in_pe_file(), get_registry_locale_info(), get_system_root(), GetCallerLuid(), GetComputerIdentifier(), GetComputerNameFromRegistry(), GetCPFileNameFromRegistry(), GetDiskFreeSpaceExW(), GetDiskFreeSpaceW(), GetDisplayIdentifier(), GetDllList(), GetDosDevicesProtection(), GetDriveTypeW(), GetFileSecurityW(), GetFileSystem(), GetFileSystemName_UStr(), GetNTObjectSymbolicLinkTarget(), GetPhysicalFileSize(), GetRegInt(), GetSocketInformation(), GetSourcePaths(), GetTempFileNameW(), GetTimeouts(), GetUserGeoID(), GetVolumeInformationW(), GetVolumeNameForRoot(), GRAPHICS_BUFFER_Destroy(), GRAPHICS_BUFFER_Initialize(), GuiApplyUserSettings(), GuiConsoleShowConsoleProperties(), GuiDeinitFrontEnd(), GuiInit(), GuiInitFrontEnd(), IcmpCloseHandle(), ImpersonateLoggedOnUser(), InferFileSystem(), InfOpenFile(), InfWriteFile(), IniCacheLoad(), IniCacheSave(), InitFunctionPtrs(), InitializeFmIfsOnce(), InitializeUserModePnpManager(), InitLogPort(), InstallBootCodeToDisk(), InstallBootCodeToFile(), InstallDevice(), InstallDriver(), InstallSetupInfFile(), IntAllocConsole(), IntAttachConsole(), IntGetCodePageEntry(), IopCreateRootDirectories(), IopInitializePlugPlayServices(), IopMarkBootPartition(), is_mounted_multi_device(), IsAcpiComputer(), IsShimInfrastructureDisabled(), IsThisARootDirectory(), IsValidLanguageGroup(), IsValidNTOSInstallation(), JapaneseEra_IsFirstYearGannen(), JapaneseEra_Load(), keyed_event_thread(), KsecOpenDevice(), LdrOpenImageFileOptionsKey(), LdrpCheckForKnownDll(), LdrpCheckForLoadedDll(), LdrpCreateDllSection(), LdrpDisableProcessCompatGuidDetection(), LdrpInitializeProcess(), LdrpMapDll(), LdrQueryImageFileExecutionOptionsEx(), LdrVerifyImageMatchesChecksum(), ListDirectory(), LoadModule(), LoadSymbolsRoutine(), LogfBackupFile(), LogfClose(), LogfCreate(), lookup_assembly(), lookup_winsxs(), LsaConnectUntrusted(), LsapAddNotification(), LsapCheckLogonProcess(), LsapCloseDbObject(), LsapCloseLsaPort(), LsapCreateDatabaseKeys(), LsapCreateDbObject(), LsapDeleteDbObject(), LsapDeregisterLogonProcess(), LsapEnumLogonSessions(), LsapGetLogonSessionData(), LsapGetObjectAttribute(), LsapIsDatabaseInstalled(), LsapIsTrustedClient(), LsapLogonUser(), LsapOpenDbObject(), LsapRegCloseKey(), LsapRegDeleteSubKey(), LsapRemoveNotification(), LsapSetObjectAttribute(), LsarSetSecurityObject(), main(), MoveFileWithProgressW(), MyDeleteFile(), NetUserChangePassword(), NLS_EnumLanguageGroupLocales(), NLS_EnumSystemCodePages(), NLS_EnumSystemLanguageGroups(), NlsInit(), NlsUninit(), NtQueryOpenSubKeys(), ObDuplicateObject(), ObInitSystem(), ObpCreateDosDevicesDirectory(), OpenAndMapFile(), OpenBootStore_UStr(), OpenFile(), OpenWindowStationW(), nt_handle::operator=(), parse_file(), Phase1InitializationDiscard(), PipGetDriverTagPriority(), PortThreadRoutine(), PrintProcess(), PrintThreads(), PrivMoveFileIdentityW(), ProcessDisplayRegistry(), ProcessIdToSessionId(), ProcessLocaleRegistry(), QueryDosDeviceW(), ReadBlock(), ReadBootCodeFromFile(), RegCleanupRegistry(), RegCloseKey(), RegCopyTreeW(), RegDeleteKeyExW(), RegDeleteKeyValueW(), RegInitializeRegistry(), RegisterUncProvider(), registry_callback(), RegOverridePredefKey(), RegpCopyTree(), RegReplaceKeyW(), RegRestoreKeyW(), RegSaveKeyW(), RegSetKeyValueA(), RegSetKeyValueW(), RemoveDirectoryW(), ReplaceFileW(), ResolveArcNameNtSymLink(), RSetServiceObjectSecurity(), RtlCreateActivationContext(), RtlCreateTimerQueue(), RtlCreateUserSecurityObject(), RtlCreateUserThread(), RtlDefaultNpAcl(), RtlDeleteCriticalSection(), RtlDeleteResource(), RtlDeleteTimer(), RtlDeleteTimerQueueEx(), RtlDeregisterWaitEx(), RtlImpersonateSelf(), RtlInitializeRXact(), RtlNewSecurityGrantedAccess(), RtlpCloseKeyedEvent(), RtlpExecuteIoWorkItem(), RtlpExecuteWorkItem(), RtlpIoWorkerThreadProc(), RtlpIsIoPending(), RtlpStartWorkerThread(), RtlQueryRegistryValues(), RtlQueueWorkItem(), RtlRegisterWait(), RtlReleaseRelativeName(), RtlSetCurrentDirectory_U(), RXactpCommit(), SampRegCloseKey(), SampRegDeleteKey(), SamrSetSecurityObject(), SaveBootSector(), ScmCheckDriver(), ScmConvertToBootPathName(), ScmGetDriverStatus(), SdbCloseDatabase(), SdbDeletePermLayerKeys(), SdbpCloseMemMappedFile(), SdbpGetPermLayersInternal(), SdbpOpenMemMappedFile(), SdbRegisterDatabaseEx(), SdbSetPermLayerKeys(), SdbUnregisterDatabase(), ServerThread(), SetActiveComputerNameToRegistry(), SetComputerNameToRegistry(), SetDefaultPagefile(), SetFileAttributesW(), SetFileSecurityW(), SetGeoID(), SetLocaleInfoW(), SetMountedDeviceValue(), SetRosSpecificInfo(), SetSocketInformation(), SetupCopyFile(), SetupCreateSingleDirectory(), SetupDeleteFile(), SetupMoveFile(), SetUserGeoID(), SetValueTest1(), SetValueTest2(), SetVolumeLabelW(), SmExecPgm(), SmLookupSubsystem(), SmpAcquirePrivilege(), SmpConfigureObjectDirectories(), SmpCreateDynamicEnvironmentVariables(), SmpCreateVolumeDescriptors(), SmpDeletePagingFile(), SmpDereferenceSubsystem(), SmpExecPgm(), SmpExecuteImage(), SmpExecuteInitialCommand(), SmpGetPagingFileSize(), SmpGetVolumeFreeSpace(), SmpHandleConnectionRequest(), SmpInit(), SmpInitializeDosDevices(), SmpInitializeKnownDllsInternal(), SmpLoadDataFromRegistry(), SmpLoadSubSystem(), SmpProcessFileRenames(), SmpQueryRegistrySosOption(), SmpReleasePrivilege(), SmpSbCreateSession(), SmpStartCsr(), SmpTranslateSystemPartitionInformation(), SockCreateOrReferenceAsyncThread(), SpeakerCleanup(), START_TEST(), StartAuthenticationPort(), TerminateUserModePnpManager(), test1(), test2(), test3(), test5(), test6(), test7(), test9(), Test_ApphelpCheckRunApp(), Test_EmptyFile(), Test_ImageSection(), test_keyed_events(), Test_KeyFullInformation(), Test_KeyNameInformation(), test_mutant(), test_NtOpenKey(), Test_PageFileSection(), Test_RawSize(), Test_recv(), Test_SectionContents(), test_tp_multi_wait(), TestCreateOpen_(), TestSend(), TestSendTo(), TestTcp(), TestUdp(), TH32CreateSnapshotSectionInitialize(), timer_queue_thread_proc(), UnhandledExceptionFilter(), UnMapFile(), UserpFormatMessages(), VfatFormat(), VfatxFormat(), Wait_thread_proc(), WaitNamedPipeW(), WinExec(), WritePartitions(), WSHIoctl_GetInterfaceList(), WSPAccept(), WSPBind(), WSPCloseSocket(), WSPConnect(), WSPDuplicateSocket(), WSPEnumNetworkEvents(), WSPEventSelect(), WSPGetPeerName(), WSPGetSockName(), WSPListen(), WSPRecv(), WSPRecvFrom(), WSPSelect(), WSPSend(), WSPSendTo(), WSPShutdown(), WSPSocket(), CEnumNTDirectory::~CEnumNTDirectory(), mountmgr::~mountmgr(), and nt_handle::~nt_handle().

◆ NtDuplicateObject()

NTSTATUS NTAPI NtDuplicateObject ( IN HANDLE  SourceProcessHandle,
IN HANDLE  SourceHandle,
IN HANDLE TargetProcessHandle  OPTIONAL,
OUT PHANDLE TargetHandle  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
IN ULONG  Options 
)

Definition at line 3409 of file obhandle.c.

3416 {
3417  PEPROCESS SourceProcess, TargetProcess, Target;
3418  HANDLE hTarget;
3420  NTSTATUS Status;
3422  "%s - Duplicating handle: %p for %p into %p.\n",
3423  __FUNCTION__,
3424  SourceHandle,
3425  SourceProcessHandle,
3427 
3428  /* Check if we have a target handle */
3429  if ((TargetHandle) && (PreviousMode != KernelMode))
3430  {
3431  /* Enter SEH */
3432  _SEH2_TRY
3433  {
3434  /* Probe the handle and assume failure */
3436  *TargetHandle = NULL;
3437  }
3439  {
3440  /* Return the exception code */
3442  }
3443  _SEH2_END;
3444  }
3445 
3446  /* Now reference the input handle */
3447  Status = ObReferenceObjectByHandle(SourceProcessHandle,
3449  PsProcessType,
3450  PreviousMode,
3451  (PVOID*)&SourceProcess,
3452  NULL);
3453  if (!NT_SUCCESS(Status)) return Status;
3454 
3455  /* Check if got a target handle */
3456  if (TargetProcessHandle)
3457  {
3458  /* Now reference the output handle */
3461  PsProcessType,
3462  PreviousMode,
3463  (PVOID*)&TargetProcess,
3464  NULL);
3465  if (NT_SUCCESS(Status))
3466  {
3467  /* Use this target process */
3468  Target = TargetProcess;
3469  }
3470  else
3471  {
3472  /* No target process */
3473  Target = NULL;
3474  }
3475  }
3476  else
3477  {
3478  /* No target process */
3480  Target = NULL;
3481  }
3482 
3483  /* Call the internal routine */
3484  Status = ObDuplicateObject(SourceProcess,
3485  SourceHandle,
3486  Target,
3487  &hTarget,
3488  DesiredAccess,
3490  Options,
3491  PreviousMode);
3492 
3493  /* Check if the caller wanted the return handle */
3494  if (TargetHandle)
3495  {
3496  /* Protect the write to user mode */
3497  _SEH2_TRY
3498  {
3499  /* Write the new handle */
3500  *TargetHandle = hTarget;
3501  }
3503  {
3504  /* Otherwise, get the exception code */
3506  }
3507  _SEH2_END;
3508  }
3509 
3510  /* Dereference the processes */
3512  "%s - Duplicated handle: %p into %p S %lx\n",
3513  __FUNCTION__,
3514  hTarget,
3516  Status);
3518  ObDereferenceObject(SourceProcess);
3519  return Status;
3520 }
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3063
_In_ HANDLE SourceHandle
Definition: obfuncs.h:429
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define PROCESS_DUP_HANDLE
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_In_ PWDFDEVICE_INIT _In_ PWDF_REMOVE_LOCK_OPTIONS Options
Definition: wdfdevice.h:3531
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_In_ HANDLE _In_opt_ HANDLE TargetProcessHandle
Definition: obfuncs.h:429
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define OB_HANDLE_DEBUG
Definition: ob.h:17
_SEH2_END
Definition: create.c:4400
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
#define NULL
Definition: types.h:112
NTSTATUS NTAPI ObDuplicateObject(IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
Definition: obhandle.c:2203
_In_ WDFIOTARGET Target
Definition: wdfrequest.h:306
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define __FUNCTION__
Definition: types.h:112
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
Definition: obfuncs.h:429
POBJECT_TYPE PsProcessType
Definition: process.c:20

Referenced by BaseSrvCreatePairWaitHandles(), BaseSrvDestroyPairWaitHandles(), ConSrvAllocateConsole(), ConSrvInheritConsole(), CSR_API(), CsrCreateRemoteThread(), DuplicateHandle(), GRAPHICS_BUFFER_Destroy(), GRAPHICS_BUFFER_Initialize(), GuiApplyUserSettings(), GuiConsoleShowConsoleProperties(), GuiInit(), LsapAddNotification(), LsapLogonUser(), RtlpIoWorkerThreadProc(), RtlpIsIoPending(), SmpExecPgm(), SmpExecuteInitialCommand(), SmpLoadSubSystem(), SmpSbCreateSession(), START_TEST(), and StuffStdHandle().

◆ ObClearProcessHandleTable()

VOID NTAPI ObClearProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 2026 of file obhandle.c.

2027 {
2031  BOOLEAN AttachedToProcess = FALSE;
2032 
2033  ASSERT(Process);
2034 
2035  /* Ensure the handle table doesn't go away while we use it */
2037  if (!HandleTable) return;
2038 
2039  /* Attach to the current process if needed */
2040  if (PsGetCurrentProcess() != Process)
2041  {
2043  AttachedToProcess = TRUE;
2044  }
2045 
2046  /* Enter a critical region */
2048 
2049  /* Fill out the context */
2050  Context.AccessMode = UserMode;
2051  Context.HandleTable = HandleTable;
2052 
2053  /* Sweep the handle table to close all handles */
2056  &Context);
2057 
2058  /* Leave the critical region */
2060 
2061  /* Detach if needed */
2062  if (AttachedToProcess)
2064 
2065  /* Let the handle table go */
2067 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:26
KAPC_STATE
Definition: ketypes.h:1285
#define TRUE
Definition: types.h:120
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
#define FALSE
Definition: types.h:117
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
#define PsGetCurrentProcess
Definition: psfuncs.h:17
unsigned char BOOLEAN
#define ASSERT(a)
Definition: mode.c:44
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1700
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1226
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
struct tagContext Context
Definition: acpixf.h:1034
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1923
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:48

Referenced by NtTerminateProcess(), and PspTerminateProcess().

◆ ObCloseHandle()

NTSTATUS NTAPI ObCloseHandle ( IN HANDLE  Handle,
IN KPROCESSOR_MODE  AccessMode 
)

Definition at line 3378 of file obhandle.c.

3380 {
3381  /* Call the internal API */
3382  return ObpCloseHandle(Handle, AccessMode);
3383 }
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
NTSTATUS NTAPI ObpCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:1729
_In_ HANDLE Handle
Definition: extypes.h:390

Referenced by _IRQL_requires_max_(), CheckDirectorySecurity__(), CheckKeySecurity__(), CmpAddToHiveFileList(), CmpLinkKeyToHive(), CmpRemoveFromHiveFileList(), DbgkCreateThread(), DbgkMapViewOfSection(), DbgkpFreeDebugEvent(), DbgkpOpenHandles(), DbgkpPostFakeModuleMessages(), DbgkpPostFakeThreadMessages(), DisplayBootBitmap(), ExitThreadCallback(), ExpCreateSystemRootLink(), ExpCreateWorkerThread(), ExpInitializeWorkerThreads(), ExpInitNls(), InitThreadCallback(), IntCopyRegistryKey(), IntCreateDesktop(), IntCreateNewRegistryPath(), IntLoadRegistryParameters(), IntResolveDesktop(), IntSetupDeviceSettingsKey(), IntVideoPortInbvCleanup(), IoCreateController(), IoCreateDevice(), IoCreateStreamFileObjectEx(), IopDetectResourceConflict(), IopOpenLinkOrRenameTarget(), IopReassignSystemRoot(), IopStoreSystemPartitionInformation(), KernelModeTest(), KmtStartThread(), LpcpCreatePort(), MmCreatePhysicalMemorySection(), NotificationCallback(), NtLoadKeyEx(), NtSaveKeyEx(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSetDefaultLocale(), NtSetInformationFile(), NtUnloadKey2(), NtUserCloseDesktop(), NtUserCloseWindowStation(), NtUserResolveDesktop(), PnpRootCreateDevice(), PspCreateProcess(), PspCreateThread(), PspExitThread(), PspInitPhase0(), RawInputThreadMain(), RunTest(), ScrInbvCleanup(), SepRmCommandServerThread(), SepRmCommandServerThreadInit(), SeRmInitPhase1(), START_TEST(), TestAllInformation(), TestConnect(), TestCreateNamedPipe(), TestDuplicate(), TestIoCreateFile(), TestObRootSecurity(), TestPhysicalMemorySection(), TestReadWrite(), TestRelativeNames(), TestSharedCacheMap(), UserModeTest(), and UserSetProcessWindowStation().

◆ ObDereferenceProcessHandleTable()

VOID NTAPI ObDereferenceProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 48 of file obhandle.c.

49 {
50  /* Release the process lock */
51  ExReleaseRundownProtection(&Process->RundownProtect);
52 }
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219

Referenced by ObClearProcessHandleTable(), ObDuplicateObject(), ObFindHandleForObject(), ObGetProcessHandleCount(), and ObInitProcess().

◆ ObDuplicateObject()

NTSTATUS NTAPI ObDuplicateObject ( IN PEPROCESS  SourceProcess,
IN HANDLE  SourceHandle,
IN PEPROCESS TargetProcess  OPTIONAL,
IN PHANDLE TargetHandle  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
IN ULONG  Options,
IN KPROCESSOR_MODE  PreviousMode 
)

Definition at line 2203 of file obhandle.c.

2211 {
2212  HANDLE_TABLE_ENTRY NewHandleEntry;
2213  BOOLEAN AttachedToProcess = FALSE;
2214  PVOID SourceObject;
2215  POBJECT_HEADER ObjectHeader;
2217  HANDLE NewHandle;
2219  NTSTATUS Status;
2220  ACCESS_MASK TargetAccess, SourceAccess;
2223  AUX_ACCESS_DATA AuxData;
2226  ULONG AuditMask;
2228 
2229  PAGED_CODE();
2231  "%s - Duplicating handle: %p for %p into %p\n",
2232  __FUNCTION__,
2233  SourceHandle,
2234  SourceProcess,
2235  TargetProcess);
2236 
2237  /* Assume failure */
2238  if (TargetHandle) *TargetHandle = NULL;
2239 
2240  /* Check if we're not duplicating the same access */
2241  if (!(Options & DUPLICATE_SAME_ACCESS))
2242  {
2243  /* Validate the desired access */
2244  Status = STATUS_SUCCESS; //ObpValidateDesiredAccess(DesiredAccess);
2245  if (!NT_SUCCESS(Status)) return Status;
2246  }
2247 
2248  /* Reference the object table */
2249  HandleTable = ObReferenceProcessHandleTable(SourceProcess);
2251 
2252  /* Reference the process object */
2254  SourceProcess,
2255  HandleTable,
2256  PreviousMode,
2257  &SourceObject,
2259  &AuditMask);
2260  if (!NT_SUCCESS(Status))
2261  {
2262  /* Fail */
2263  ObDereferenceProcessHandleTable(SourceProcess);
2264  return Status;
2265  }
2266  else
2267  {
2268  /* Check if we have to don't have to audit object close */
2269  if (!(HandleInformation.HandleAttributes & OBJ_AUDIT_OBJECT_CLOSE))
2270  {
2271  /* Then there is no audit mask */
2272  AuditMask = 0;
2273  }
2274  }
2275 
2276  /* Check if there's no target process */
2277  if (!TargetProcess)
2278  {
2279  /* Check if the caller wanted actual duplication */
2281  {
2282  /* Invalid request */
2284  }
2285  else
2286  {
2287  /* Otherwise, do the attach */
2288  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2289 
2290  /* Close the handle and detach */
2293  }
2294 
2295  /* Return */
2296  ObDereferenceProcessHandleTable(SourceProcess);
2297  ObDereferenceObject(SourceObject);
2298  return Status;
2299  }
2300 
2301  /* Create a kernel handle if asked, but only in the system process */
2302  if (PreviousMode == KernelMode &&
2304  TargetProcess == PsInitialSystemProcess)
2305  {
2306  KernelHandle = TRUE;
2307  }
2308 
2309  /* Get the target handle table */
2310  HandleTable = ObReferenceProcessHandleTable(TargetProcess);
2311  if (!HandleTable)
2312  {
2313  /* Check if the caller wanted us to close the handle */
2315  {
2316  /* Do the attach */
2317  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2318 
2319  /* Close the handle and detach */
2322  }
2323 
2324  /* Return */
2325  ObDereferenceProcessHandleTable(SourceProcess);
2326  ObDereferenceObject(SourceObject);
2328  }
2329 
2330  /* Get the source access */
2331  SourceAccess = HandleInformation.GrantedAccess;
2332 
2333  /* Check if we're not in the target process */
2334  if (TargetProcess != PsGetCurrentProcess())
2335  {
2336  /* Attach to it */
2337  KeStackAttachProcess(&TargetProcess->Pcb, &ApcState);
2338  AttachedToProcess = TRUE;
2339  }
2340 
2341  /* Check if we're duplicating the attributes */
2343  {
2344  /* Duplicate them */
2345  HandleAttributes = HandleInformation.HandleAttributes;
2346  }
2347  else
2348  {
2349  /* Don't allow caller to bypass auditing */
2350  HandleAttributes |= HandleInformation.HandleAttributes &
2352  }
2353 
2354  /* Check if we're duplicating the access */
2355  if (Options & DUPLICATE_SAME_ACCESS) DesiredAccess = SourceAccess;
2356 
2357  /* Get object data */
2358  ObjectHeader = OBJECT_TO_OBJECT_HEADER(SourceObject);
2359  ObjectType = ObjectHeader->Type;
2360 
2361  /* Fill out the entry */
2362  RtlZeroMemory(&NewHandleEntry, sizeof(HANDLE_TABLE_ENTRY));
2363  NewHandleEntry.Object = ObjectHeader;
2364  NewHandleEntry.ObAttributes |= (HandleAttributes & OBJ_HANDLE_ATTRIBUTES);
2365 
2366  /* Check if we're using a generic mask */
2368  {
2369  /* Map it */
2371  &ObjectType->TypeInfo.GenericMapping);
2372  }
2373 
2374  /* Set the target access, always propagate ACCESS_SYSTEM_SECURITY */
2375  TargetAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
2377  NewHandleEntry.GrantedAccess = TargetAccess;
2378 
2379  /* Check if we're asking for new access */
2380  if (TargetAccess & ~SourceAccess)
2381  {
2382  /* We are. We need the security procedure to validate this */
2383  if (ObjectType->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
2384  {
2385  /* Use our built-in access state */
2388  &AuxData,
2389  TargetAccess,
2390  &ObjectType->TypeInfo.GenericMapping);
2391  }
2392  else
2393  {
2394  /* Otherwise we can't allow this privilege elevation */
2396  }
2397  }
2398  else
2399  {
2400  /* We don't need an access state */
2402  }
2403 
2404  /* Make sure the access state was created OK */
2405  if (NT_SUCCESS(Status))
2406  {
2407  /* Add a new handle */
2408  Status = ObpIncrementHandleCount(SourceObject,
2410  PreviousMode,
2414  }
2415 
2416  /* Check if we were attached */
2417  if (AttachedToProcess)
2418  {
2419  /* We can safely detach now */
2421  AttachedToProcess = FALSE;
2422  }
2423 
2424  /* Check if we have to close the source handle */
2426  {
2427  /* Attach and close */
2428  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2431  }
2432 
2433  /* Check if we had an access state */
2435 
2436  /* Now check if incrementing actually failed */
2437  if (!NT_SUCCESS(Status))
2438  {
2439  /* Dereference handle tables */
2440  ObDereferenceProcessHandleTable(SourceProcess);
2441  ObDereferenceProcessHandleTable(TargetProcess);
2442 
2443  /* Dereference the source object */
2444  ObDereferenceObject(SourceObject);
2445  return Status;
2446  }
2447 
2448  if (NewHandleEntry.ObAttributes & OBJ_PROTECT_CLOSE)
2449  {
2450  NewHandleEntry.ObAttributes &= ~OBJ_PROTECT_CLOSE;
2451  NewHandleEntry.GrantedAccess |= ObpAccessProtectCloseBit;
2452  }
2453 
2454  /* Now create the handle */
2455  NewHandle = ExCreateHandle(HandleTable, &NewHandleEntry);
2456  if (!NewHandle)
2457  {
2458  /* Undo the increment */
2459  ObpDecrementHandleCount(SourceObject,
2460  TargetProcess,
2461  TargetAccess,
2462  ObjectType);
2463 
2464  /* Deference the object and set failure status */
2465  ObDereferenceObject(SourceObject);
2467  }
2468 
2469  /* Mark it as a kernel handle if requested */
2470  if (KernelHandle)
2471  {
2472  NewHandle = ObMarkHandleAsKernelHandle(NewHandle);
2473  }
2474 
2475  /* Return the handle */
2476  if (TargetHandle) *TargetHandle = NewHandle;
2477 
2478  /* Dereference handle tables */
2479  ObDereferenceProcessHandleTable(SourceProcess);
2480  ObDereferenceProcessHandleTable(TargetProcess);
2481 
2482  /* Return status */
2484  "%s - Duplicated handle: %p for %p into %p. Source: %p HC PC %lx %lx\n",
2485  __FUNCTION__,
2486  NewHandle,
2487  SourceProcess,
2488  TargetProcess,
2489  SourceObject,
2490  ObjectHeader->PointerCount,
2491  ObjectHeader->HandleCount);
2492  return Status;
2493 }
ObjectType
Definition: metafile.c:80
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define DUPLICATE_CLOSE_SOURCE
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:26
KAPC_STATE
Definition: ketypes.h:1285
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LONG_PTR HandleCount
Definition: obtypes.h:490
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
HANDLE KernelHandle
Definition: legacy.c:24
ULONG_PTR ObAttributes
Definition: extypes.h:600
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
_In_ HANDLE SourceHandle
Definition: obfuncs.h:429
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:671
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
NTSTATUS NTAPI SeCreateAccessState(_Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
Creates an access state.
Definition: access.c:642
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:821
#define OBJ_PROTECT_CLOSE
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
#define DUPLICATE_SAME_ACCESS
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:810
unsigned char BOOLEAN
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:529
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_In_ PWDFDEVICE_INIT _In_ PWDF_REMOVE_LOCK_OPTIONS Options
Definition: wdfdevice.h:3531
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:85
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3401
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:502
ULONG GrantedAccess
Definition: extypes.h:606
#define ObDereferenceObject
Definition: obfuncs.h:203
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:139
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle(IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
Definition: obhandle.c:85
#define OB_HANDLE_DEBUG
Definition: ob.h:17
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1700
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
LONG_PTR PointerCount
Definition: obtypes.h:487
#define NULL
Definition: types.h:112
#define GENERIC_ACCESS
Definition: security.c:35
#define ObpAccessProtectCloseBit
Definition: ob.h:59
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
PVOID Object
Definition: extypes.h:599
#define STATUS_SUCCESS
Definition: shellext.h:65
POBJECT_TYPE Type
Definition: obtypes.h:493
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:48
#define __FUNCTION__
Definition: types.h:112
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
Definition: obfuncs.h:429
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
#define PAGED_CODE()

Referenced by DbgkpOpenHandles(), and NtDuplicateObject().

◆ ObFindHandleForObject()

BOOLEAN NTAPI ObFindHandleForObject ( IN PEPROCESS  Process,
IN PVOID  Object,
IN POBJECT_TYPE  ObjectType,
IN POBJECT_HANDLE_INFORMATION  HandleInformation,
OUT PHANDLE  Handle 
)

Definition at line 2855 of file obhandle.c.

2860 {
2861  OBP_FIND_HANDLE_DATA FindData;
2862  BOOLEAN Result = FALSE;
2863  PVOID ObjectTable;
2864 
2865  /* Make sure we have an object table */
2866  ObjectTable = ObReferenceProcessHandleTable(Process);
2867  if (ObjectTable)
2868  {
2869  /* Check if we have an object */
2870  if (Object)
2871  {
2872  /* Set its header */
2874  }
2875  else
2876  {
2877  /* Otherwise, no object to match*/
2878  FindData.ObjectHeader = NULL;
2879  }
2880 
2881  /* Set other information */
2882  FindData.ObjectType = ObjectType;
2884 
2885  /* Enumerate the handle table */
2886  if (ExEnumHandleTable(Process->ObjectTable,
2888  &FindData,
2889  Handle))
2890  {
2891  /* Set success */
2892  Result = TRUE;
2893  }
2894 
2895  /* Let go of the table */
2897  }
2898 
2899  /* Return the result */
2900  return Result;
2901 }
POBJECT_HEADER ObjectHeader
Definition: ob.h:123
ObjectType
Definition: metafile.c:80
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:26
POBJECT_TYPE ObjectType
Definition: ob.h:124
#define TRUE
Definition: types.h:120
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
POBJECT_HANDLE_INFORMATION HandleInformation
Definition: ob.h:125
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
BOOLEAN NTAPI ObpEnumFindHandleProcedure(IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:211
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
BOOLEAN NTAPI ExEnumHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_ENUM_HANDLE_CALLBACK EnumHandleProcedure, IN OUT PVOID Context, OUT PHANDLE EnumHandle OPTIONAL)
Definition: handle.c:1265
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_In_ HANDLE Handle
Definition: extypes.h:390
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:48

Referenced by IntGetDesktopObjectHandle(), and IntResolveDesktop().

◆ ObGetProcessHandleCount()

ULONG NTAPI ObGetProcessHandleCount ( IN PEPROCESS  Process)

Definition at line 56 of file obhandle.c.

57 {
58  ULONG HandleCount;
60 
61  ASSERT(Process);
62 
63  /* Ensure the handle table doesn't go away while we use it */
65 
66  if (HandleTable != NULL)
67  {
68  /* Count the number of handles the process has */
69  HandleCount = HandleTable->HandleCount;
70 
71  /* Let the handle table go */
73  }
74  else
75  {
76  /* No handle table, no handles */
77  HandleCount = 0;
78  }
79 
80  return HandleCount;
81 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:26
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
#define ASSERT(a)
Definition: mode.c:44
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
unsigned int ULONG
Definition: retypes.h:1
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:48

Referenced by NtQueryInformationProcess(), and QSI_DEF().

◆ ObInitProcess()

NTSTATUS NTAPI ObInitProcess ( IN PEPROCESS Parent  OPTIONAL,
IN PEPROCESS  Process 
)

Definition at line 2089 of file obhandle.c.

2091 {
2092  PHANDLE_TABLE ParentTable, ObjectTable;
2093 
2094  /* Check for a parent */
2095  if (Parent)
2096  {
2097  /* Reference the parent's table */
2098  ParentTable = ObReferenceProcessHandleTable(Parent);
2099  if (!ParentTable) return STATUS_PROCESS_IS_TERMINATING;
2100 
2101  /* Duplicate it */
2102  ObjectTable = ExDupHandleTable(Process,
2103  ParentTable,
2105  OBJ_INHERIT);
2106  }
2107  else
2108  {
2109  /* Otherwise just create a new table */
2110  ParentTable = NULL;
2111  ObjectTable = ExCreateHandleTable(Process);
2112  }
2113 
2114  /* Make sure we have a table */
2115  if (ObjectTable)
2116  {
2117  /* Associate it */
2118  Process->ObjectTable = ObjectTable;
2119 
2120  /* Check for auditing */
2122  {
2123  /* FIXME: TODO */
2124  DPRINT1("Need auditing!\n");
2125  }
2126 
2127  /* Get rid of the old table now */
2128  if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2129 
2130  /* We are done */
2131  return STATUS_SUCCESS;
2132  }
2133  else
2134  {
2135  /* Fail */
2136  Process->ObjectTable = NULL;
2137  if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2139  }
2140 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:26
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:728
PHANDLE_TABLE NTAPI ExDupHandleTable(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PEX_DUPLICATE_HANDLE_CALLBACK DupHandleProcedure, IN ULONG_PTR Mask)
Definition: handle.c:1066
#define OBJ_INHERIT
Definition: winternl.h:225
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:502
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
Definition: handle.c:795
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
BOOLEAN NTAPI ObpDuplicateHandleCallback(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: obhandle.c:1959
#define STATUS_SUCCESS
Definition: shellext.h:65
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:48
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
Definition: audit.c:34

Referenced by PspCreateProcess().

◆ ObInsertObject()

NTSTATUS NTAPI ObInsertObject ( IN PVOID  Object,
IN PACCESS_STATE AccessState  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  ObjectPointerBias,
OUT PVOID *NewObject  OPTIONAL,
OUT PHANDLE  Handle 
)

Definition at line 2934 of file obhandle.c.

2940 {
2941  POBJECT_CREATE_INFORMATION ObjectCreateInfo;
2942  POBJECT_HEADER ObjectHeader;
2945  PVOID InsertObject;
2946  PSECURITY_DESCRIPTOR ParentDescriptor = NULL;
2947  BOOLEAN SdAllocated = FALSE;
2948  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
2950  ACCESS_STATE LocalAccessState;
2951  AUX_ACCESS_DATA AuxData;
2952  OB_OPEN_REASON OpenReason;
2954  NTSTATUS Status = STATUS_SUCCESS, RealStatus;
2955  BOOLEAN IsNewObject;
2956  PAGED_CODE();
2957 
2958  /* Get the Header */
2959  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
2960 
2961  /* Detect invalid insert */
2962  if (!(ObjectHeader->Flags & OB_FLAG_CREATE_INFO))
2963  {
2964  /* Display warning and break into debugger */
2965  DPRINT1("OB: Attempting to insert existing object %p\n", Object);
2966  DbgBreakPoint();
2967 
2968  /* Allow debugger to continue */
2970  return STATUS_INVALID_PARAMETER;
2971  }
2972 
2973  /* Get the create and name info, as well as the object type */
2974  ObjectCreateInfo = ObjectHeader->ObjectCreateInfo;
2975  ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
2976  ObjectType = ObjectHeader->Type;
2977  ObjectName = NULL;
2978 
2979  /* Check if this is an named object */
2980  if ((ObjectNameInfo) && (ObjectNameInfo->Name.Buffer))
2981  {
2982  /* Get the object name */
2983  ObjectName = &ObjectNameInfo->Name;
2984  }
2985 
2986  /* Sanity check */
2987  ASSERT((Handle) ||
2988  ((ObjectPointerBias == 0) &&
2989  (ObjectName == NULL) &&
2990  (ObjectType->TypeInfo.SecurityRequired) &&
2991  (NewObject == NULL)));
2992 
2993  /* Check if the object is unnamed and also doesn't have security */
2995  if (!(ObjectType->TypeInfo.SecurityRequired) && !(ObjectName))
2996  {
2997  /* Assume failure */
2998  *Handle = NULL;
2999  ObjectHeader->ObjectCreateInfo = NULL;
3000 
3001  /* Create the handle */
3003  DesiredAccess,
3004  ObjectPointerBias + 1,
3005  ObjectCreateInfo->Attributes,
3006  PreviousMode,
3007  NewObject,
3008  Handle);
3009 
3010  /* Free the create information */
3011  ObpFreeObjectCreateInformation(ObjectCreateInfo);
3012 
3013  /* Release the object name information */
3014  ObpDereferenceNameInfo(ObjectNameInfo);
3015 
3016  /* Remove the extra keep-alive reference */
3018 
3019  /* Return */
3021  "%s - returning Object with PC S: %lx %lx\n",
3022  __FUNCTION__,
3023  ObjectHeader->PointerCount,
3024  Status);
3025  return Status;
3026  }
3027 
3028  /* Check if we didn't get an access state */
3029  if (!AccessState)
3030  {
3031  /* Use our built-in access state */
3032  AccessState = &LocalAccessState;
3033  Status = SeCreateAccessState(&LocalAccessState,
3034  &AuxData,
3035  DesiredAccess,
3036  &ObjectType->TypeInfo.GenericMapping);
3037  if (!NT_SUCCESS(Status))
3038  {
3039  /* Fail */
3040  ObpDereferenceNameInfo(ObjectNameInfo);
3042  return Status;
3043  }
3044  }
3045 
3046  /* Save the security descriptor */
3047  AccessState->SecurityDescriptor = ObjectCreateInfo->SecurityDescriptor;
3048 
3049  /* Validate the access mask */
3051  if (!NT_SUCCESS(Status))
3052  {
3053  /* Fail */
3054  ObpDereferenceNameInfo(ObjectNameInfo);
3056  return Status;
3057  }
3058 
3059  /* Setup a lookup context */
3061  InsertObject = Object;
3062  OpenReason = ObCreateHandle;
3063 
3064  /* Check if the object is named */
3065  if (ObjectName)
3066  {
3067  /* Look it up */
3068  Status = ObpLookupObjectName(ObjectCreateInfo->RootDirectory,
3069  ObjectName,
3070  ObjectCreateInfo->Attributes,
3071  ObjectType,
3072  (ObjectHeader->Flags & OB_FLAG_KERNEL_MODE) ?
3073  KernelMode : UserMode,
3074  ObjectCreateInfo->ParseContext,
3075  ObjectCreateInfo->SecurityQos,
3076  Object,
3077  AccessState,
3078  &Context,
3079  &InsertObject);
3080 
3081  /* Check if we found an object that doesn't match the one requested */
3082  if ((NT_SUCCESS(Status)) && (InsertObject) && (Object != InsertObject))
3083  {
3084  /* This means we're opening an object, not creating a new one */
3085  OpenReason = ObOpenHandle;
3086 
3087  /* Make sure the caller said it's OK to do this */
3088  if (ObjectCreateInfo->Attributes & OBJ_OPENIF)
3089  {
3090  /* He did, but did he want this type? */
3091  if (ObjectType != OBJECT_TO_OBJECT_HEADER(InsertObject)->Type)
3092  {
3093  /* Wrong type, so fail */
3095  }
3096  else
3097  {
3098  /* Right type, so warn */
3100  }
3101  }
3102  else
3103  {
3104  /* Check if this was a symbolic link */
3105  if (OBJECT_TO_OBJECT_HEADER(InsertObject)->Type ==
3107  {
3108  /* Dereference it */
3109  ObDereferenceObject(InsertObject);
3110  }
3111 
3112  /* Caller wanted to create a new object, fail */
3114  }
3115  }
3116 
3117  /* Check if anything until now failed */
3118  if (!NT_SUCCESS(Status))
3119  {
3120  /* Cleanup after lookup */
3122 
3123  /* Remove query reference that we added */
3124  ObpDereferenceNameInfo(ObjectNameInfo);
3125 
3126  /* Dereference the object and delete the access state */
3128  if (AccessState == &LocalAccessState)
3129  {
3130  /* We used a local one; delete it */
3132  }
3133 
3134  /* Return failure code */
3135  return Status;
3136  }
3137  else
3138  {
3139  /* Check if this is a symbolic link */
3141  {
3142  /* Create the internal name */
3144  }
3145  }
3146  }
3147 
3148  /* Now check if this object is being created */
3149  if (InsertObject == Object)
3150  {
3151  /* Check if it's named or forces security */
3152  if ((ObjectName) || (ObjectType->TypeInfo.SecurityRequired))
3153  {
3154  /* Make sure it's inserted into an object directory */
3155  if ((ObjectNameInfo) && (ObjectNameInfo->Directory))
3156  {
3157  /* Get the current descriptor */
3158  ObGetObjectSecurity(ObjectNameInfo->Directory,
3159  &ParentDescriptor,
3160  &SdAllocated);
3161  }
3162 
3163  /* Now assign it */
3165  ParentDescriptor,
3166  Object,
3167  ObjectType);
3168 
3169  /* Check if we captured one */
3170  if (ParentDescriptor)
3171  {
3172  /* We did, release it */
3173  ObReleaseObjectSecurity(ParentDescriptor, SdAllocated);
3174  }
3175  else if (NT_SUCCESS(Status))
3176  {
3177  /* Other we didn't, but we were able to use the current SD */
3179  ObjectCreateInfo->ProbeMode,
3180  TRUE);
3181 
3182  /* Clear the current one */
3183  AccessState->SecurityDescriptor =
3184  ObjectCreateInfo->SecurityDescriptor = NULL;
3185  }
3186  }
3187 
3188  /* Check if anything until now failed */
3189  if (!NT_SUCCESS(Status))
3190  {
3191  /* Check if the directory was added */
3192  if (Context.DirectoryLocked)
3193  {
3194  /* Weird case where we need to do a manual delete */
3195  DPRINT1("Unhandled path\n");
3196  ASSERT(FALSE);
3197  }
3198 
3199  /* Cleanup the lookup */
3201 
3202  /* Remove query reference that we added */
3203  ObpDereferenceNameInfo(ObjectNameInfo);
3204 
3205  /* Dereference the object and delete the access state */
3207  if (AccessState == &LocalAccessState)
3208  {
3209  /* We used a local one; delete it */
3211  }
3212 
3213  /* Return failure code */
3214  ASSERT(FALSE);
3215  return Status;
3216  }
3217  }
3218 
3219  /* Save the actual status until here */
3220  RealStatus = Status;
3221 
3222  /* Check if caller wants us to create a handle */
3223  ObjectHeader->ObjectCreateInfo = NULL;
3224  if (Handle)
3225  {
3226  /* Create the handle */
3227  Status = ObpCreateHandle(OpenReason,
3228  InsertObject,
3229  NULL,
3230  AccessState,
3231  ObjectPointerBias + 1,
3232  ObjectCreateInfo->Attributes,
3233  &Context,
3234  PreviousMode,
3235  NewObject,
3236  Handle);
3237  if (!NT_SUCCESS(Status))
3238  {
3239  /* If the object had a name, backout everything */
3241 
3242  /* Return the status of the failure */
3243  *Handle = NULL;
3244  RealStatus = Status;
3245  }
3246 
3247  /* Remove a query reference */
3248  ObpDereferenceNameInfo(ObjectNameInfo);
3249 
3250  /* Remove the extra keep-alive reference */
3252  }
3253  else
3254  {
3255  /* Otherwise, lock the object */
3256  ObpAcquireObjectLock(ObjectHeader);
3257 
3258  /* And charge quota for the process to make it appear as used */
3259  RealStatus = ObpChargeQuotaForObject(ObjectHeader,
3260  ObjectType,
3261  &IsNewObject);
3262 
3263  /* Release the lock */
3264  ObpReleaseObjectLock(ObjectHeader);
3265 
3266  /* Check if we failed and dereference the object if so */
3267  if (!NT_SUCCESS(RealStatus)) ObDereferenceObject(Object);
3268  }
3269 
3270  /* We can delete the Create Info now */
3271  ObpFreeObjectCreateInformation(ObjectCreateInfo);
3272 
3273  /* Check if we created our own access state and delete it if so */
3274  if (AccessState == &LocalAccessState) SeDeleteAccessState(AccessState);
3275 
3276  /* Return status code */
3278  "%s - returning Object with PC RS/S: %lx %lx %lx\n",
3279  __FUNCTION__,
3280  OBJECT_TO_OBJECT_HEADER(Object)->PointerCount,
3281  RealStatus, Status);
3282  return RealStatus;
3283 }
#define STATUS_OBJECT_NAME_COLLISION
Definition: udferr_usr.h:150
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
ObjectType
Definition: metafile.c:80
NTSTATUS NTAPI ObAssignSecurity(IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
Definition: obsecure.c:550
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS NTAPI ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
Definition: obhandle.c:431
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
#define KeGetPreviousMode()
Definition: ketypes.h:1108
#define STATUS_OBJECT_NAME_EXISTS
Definition: ntstatus.h:114
LONG NTSTATUS
Definition: precomp.h:26
UNICODE_STRING Name
Definition: obtypes.h:433
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:671
NTSTATUS NTAPI ObpCreateHandle(IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1496
#define OBJ_OPENIF
Definition: winternl.h:229
KPROCESSOR_MODE ProbeMode
Definition: obtypes.h:340
NTSTATUS NTAPI SeCreateAccessState(_Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
Creates an access state.
Definition: access.c:642
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FALSE
Definition: types.h:117
VOID NTAPI DbgBreakPoint(VOID)
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
FORCEINLINE VOID ObpFreeObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:460
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:344
UCHAR Flags
Definition: obtypes.h:497
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define STATUS_OBJECT_TYPE_MISMATCH
Definition: ntstatus.h:273
NTSTATUS NTAPI ObpCreateUnnamedHandle(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1311
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI ObpValidateAccessMask(IN PACCESS_STATE AccessState)
Definition: obhandle.c:487
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
#define ObDereferenceObject
Definition: obfuncs.h:203
Type
Definition: Type.h:6
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
VOID NTAPI ObpCreateSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
Definition: oblink.c:334
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define OB_FLAG_CREATE_INFO
Definition: obtypes.h:97
PSECURITY_QUALITY_OF_SERVICE SecurityQos
Definition: obtypes.h:345
#define OB_HANDLE_DEBUG
Definition: ob.h:17
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
#define OB_FLAG_KERNEL_MODE
Definition: obtypes.h:98
enum _OB_OPEN_REASON OB_OPEN_REASON
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Releases an initialized object directory lookup context. Unlocks it if necessary, and dereferences th...
Definition: ob_x.h:323
#define ObpSymbolicLinkObjectType
Definition: ObTypes.c:124
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Initializes a new object directory lookup context. Used for lookup operations (insertions/deletions) ...
Definition: ob_x.h:258
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
LONG_PTR PointerCount
Definition: obtypes.h:487
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
_In_ HANDLE Handle
Definition: extypes.h:390
struct tagContext Context
Definition: acpixf.h:1034
#define STATUS_SUCCESS
Definition: shellext.h:65
POBJECT_TYPE Type
Definition: obtypes.h:493
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
Definition: obname.c:301
#define __FUNCTION__
Definition: types.h:112
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
POBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: obtypes.h:500
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG ObjectPointerBias
Definition: obfuncs.h:71
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
Definition: obname.c:446
#define PAGED_CODE()

Referenced by _IRQL_requires_max_(), CmpCreateRegistryRoot(), CreateClientPort(), ExCreateCallback(), HalpDmaAllocateChildAdapter(), IntCreateWindowStation(), IoCreateController(), IoCreateDevice(), IoCreateDriver(), IoCreateStreamFileObjectEx(), IopInitializeDriverModule(), LpcpCreatePort(), MmCreatePhysicalMemorySection(), NtCreateDebugObject(), NtCreateDirectoryObject(), NtCreateEvent(), NtCreateEventPair(), NtCreateIoCompletion(), NtCreateJobObject(), NtCreateMutant(), NtCreateProfile(), NtCreateSection(), NtCreateSemaphore(), NtCreateSymbolicLinkObject(), NtCreateTimer(), NtDuplicateToken(), NtFilterToken(), NtOpenThreadTokenEx(), NtSecureConnectPort(), ObtCreateObjects(), PspCreateProcess(), PspCreateThread(), SeFilterToken(), SepCreateToken(), SepInitializationPhase1(), and SeSubProcessToken().

◆ ObIsKernelHandle()

BOOLEAN NTAPI ObIsKernelHandle ( IN HANDLE  Handle)

Definition at line 3524 of file obhandle.c.

3525 {
3526  /* Use the inlined version. We know we are in kernel mode. */
3528 }
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:74
_In_ HANDLE Handle
Definition: extypes.h:390

◆ ObKillProcess()

VOID NTAPI ObKillProcess ( IN PEPROCESS  Process)

Definition at line 2159 of file obhandle.c.

2160 {
2163  BOOLEAN HardErrors;
2164  PAGED_CODE();
2165 
2166  /* Wait for process rundown and then complete it */
2167  ExWaitForRundownProtectionRelease(&Process->RundownProtect);
2168  ExRundownCompleted(&Process->RundownProtect);
2169 
2170  /* Get the object table */
2171  HandleTable = Process->ObjectTable;
2172  if (!HandleTable) return;
2173 
2174  /* Disable hard errors while we close handles */
2175  HardErrors = IoSetThreadHardErrorMode(FALSE);
2176 
2177  /* Enter a critical region */
2179 
2180  /* Fill out the context */
2181  Context.AccessMode = KernelMode;
2182  Context.HandleTable = HandleTable;
2183 
2184  /* Sweep the handle table to close all handles */
2187  &Context);
2188  ASSERT(HandleTable->HandleCount == 0);
2189 
2190  /* Leave the critical region */
2192 
2193  /* Re-enable hard errors */
2194  IoSetThreadHardErrorMode(HardErrors);
2195 
2196  /* Destroy the object table */
2197  Process->ObjectTable = NULL;
2199 }
NTKERNELAPI VOID FASTCALL ExRundownCompleted(_Out_ PEX_RUNDOWN_REF RunRef)
VOID NTAPI ExDestroyHandleTable(IN PHANDLE_TABLE HandleTable, IN PVOID DestroyHandleProcedure OPTIONAL)
Definition: handle.c:957
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
NTKERNELAPI VOID FASTCALL ExWaitForRundownProtectionRelease(_Inout_ PEX_RUNDOWN_REF RunRef)
#define ASSERT(a)
Definition: mode.c:44
BOOLEAN NTAPI IoSetThreadHardErrorMode(IN BOOLEAN HardErrorEnabled)
Definition: error.c:726
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
#define NULL
Definition: types.h:112
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1226
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
struct tagContext Context
Definition: acpixf.h:1034
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1923
#define PAGED_CODE()

Referenced by PspDeleteProcess(), and PspExitThread().

◆ ObOpenObjectByName()

NTSTATUS NTAPI ObOpenObjectByName ( IN POBJECT_ATTRIBUTES  ObjectAttributes,
IN POBJECT_TYPE  ObjectType,
IN KPROCESSOR_MODE  AccessMode,
IN PACCESS_STATE  PassedAccessState,
IN ACCESS_MASK  DesiredAccess,
IN OUT PVOID  ParseContext,
OUT PHANDLE  Handle 
)

Definition at line 2531 of file obhandle.c.

2538 {
2539  PVOID Object = NULL;
2541  NTSTATUS Status, Status2;
2542  POBJECT_HEADER ObjectHeader;
2544  OB_OPEN_REASON OpenReason;
2545  POB_TEMP_BUFFER TempBuffer;
2546  PAGED_CODE();
2547 
2548  /* Assume failure */
2549  *Handle = NULL;
2550 
2551  /* Check if we didn't get any Object Attributes */
2552  if (!ObjectAttributes)
2553  {
2554  /* Fail with special status code */
2555  return STATUS_INVALID_PARAMETER;
2556  }
2557 
2558  /* Allocate the temporary buffer */
2559  TempBuffer = ExAllocatePoolWithTag(NonPagedPool,
2560  sizeof(OB_TEMP_BUFFER),
2562  if (!TempBuffer) return STATUS_INSUFFICIENT_RESOURCES;
2563 
2564  /* Capture all the info */
2566  AccessMode,
2567  AccessMode,
2568  TRUE,
2569  &TempBuffer->ObjectCreateInfo,
2570  &ObjectName);
2571  if (!NT_SUCCESS(Status))
2572  {
2573  /* Fail */
2575  return Status;
2576  }
2577 
2578  /* Check if we didn't get an access state */
2579  if (!PassedAccessState)
2580  {
2581  /* Try to get the generic mapping if we can */
2582  if (ObjectType) GenericMapping = &ObjectType->TypeInfo.GenericMapping;
2583 
2584  /* Use our built-in access state */
2585  PassedAccessState = &TempBuffer->LocalAccessState;
2587  &TempBuffer->AuxData,
2588  DesiredAccess,
2589  GenericMapping);
2590  if (!NT_SUCCESS(Status)) goto Quickie;
2591  }
2592 
2593  /* Get the security descriptor */
2594  if (TempBuffer->ObjectCreateInfo.SecurityDescriptor)
2595  {
2596  /* Save it in the access state */
2599  }
2600 
2601  /* Validate the access mask */
2603  if (!NT_SUCCESS(Status))
2604  {
2605  /* Cleanup after lookup */
2606  ObpReleaseLookupContext(&TempBuffer->LookupContext);
2607  goto Cleanup;
2608  }
2609 
2610  /* Now do the lookup */
2612  &ObjectName,
2613  TempBuffer->ObjectCreateInfo.Attributes,
2614  ObjectType,
2615  AccessMode,
2616  ParseContext,
2617  TempBuffer->ObjectCreateInfo.SecurityQos,
2618  NULL,
2620  &TempBuffer->LookupContext,
2621  &Object);
2622  if (!NT_SUCCESS(Status))
2623  {
2624  /* Cleanup after lookup */
2625  ObpReleaseLookupContext(&TempBuffer->LookupContext);
2626  goto Cleanup;
2627  }
2628 
2629  /* Check if this object has create information */
2630  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
2631  if (ObjectHeader->Flags & OB_FLAG_CREATE_INFO)
2632  {
2633  /* Then we are creating a new handle */
2634  OpenReason = ObCreateHandle;
2635 
2636  /* Check if we still have create info */
2637  if (ObjectHeader->ObjectCreateInfo)
2638  {
2639  /* Free it */
2640  ObpFreeObjectCreateInformation(ObjectHeader->
2641  ObjectCreateInfo);
2642  ObjectHeader->ObjectCreateInfo = NULL;
2643  }
2644  }
2645  else
2646  {
2647  /* Otherwise, we are merely opening it */
2648  OpenReason = ObOpenHandle;
2649  }
2650 
2651  /* Check if we have invalid object attributes */
2652  if (ObjectHeader->Type->TypeInfo.InvalidAttributes &
2653  TempBuffer->ObjectCreateInfo.Attributes)
2654  {
2655  /* Set failure code */
2657 
2658  /* Cleanup after lookup */
2659  ObpReleaseLookupContext(&TempBuffer->LookupContext);
2660 
2661  /* Dereference the object */
2663  }
2664  else
2665  {
2666  /* Create the actual handle now */
2667  Status2 = ObpCreateHandle(OpenReason,
2668  Object,
2669  ObjectType,
2671  0,
2672  TempBuffer->ObjectCreateInfo.Attributes,
2673  &TempBuffer->LookupContext,
2674  AccessMode,
2675  NULL,
2676  Handle);
2677  if (!NT_SUCCESS(Status2))
2678  {
2680  Status = Status2;
2681  }
2682  }
2683 
2684 Cleanup:
2685  /* Delete the access state */
2686  if (PassedAccessState == &TempBuffer->LocalAccessState)
2687  {
2689  }
2690 
2691 Quickie:
2692  /* Release the object attributes and temporary buffer */
2696 
2697  /* Return status */
2699  "%s - returning Object %p with PC S: %lx %lx\n",
2700  __FUNCTION__,
2701  Object,
2702  Object ? OBJECT_TO_OBJECT_HEADER(Object)->PointerCount : -1,
2703  Status);
2704  return Status;
2705 }
#define TAG_OB_TEMP_STORAGE
Definition: ob.h:160
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
ObjectType
Definition: metafile.c:80
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: setypes.h:235
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
OBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: ob.h:164
VOID NTAPI ObpFreeObjectNameBuffer(IN PUNICODE_STRING Name)
Definition: oblife.c:346
LONG NTSTATUS
Definition: precomp.h:26
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71
FORCEINLINE VOID ObpReleaseObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:364
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:671
NTSTATUS NTAPI ObpCreateHandle(IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1496
NTSTATUS NTAPI SeCreateAccessState(_Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
Creates an access state.
Definition: access.c:642
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
FORCEINLINE VOID ObpFreeObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:460
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:344
UCHAR Flags
Definition: obtypes.h:497
Status
Definition: gdiplustypes.h:24
ACCESS_STATE LocalAccessState
Definition: ob.h:163
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI ObpValidateAccessMask(IN PACCESS_STATE AccessState)
Definition: obhandle.c:487
#define ObDereferenceObject
Definition: obfuncs.h:203
#define OB_FLAG_CREATE_INFO
Definition: obtypes.h:97
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSECURITY_QUALITY_OF_SERVICE SecurityQos
Definition: obtypes.h:345
#define OB_HANDLE_DEBUG
Definition: ob.h:17
static const WCHAR Cleanup[]
Definition: register.c:80
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
AUX_ACCESS_DATA AuxData
Definition: ob.h:166
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
enum _OB_OPEN_REASON OB_OPEN_REASON
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Releases an initialized object directory lookup context. Unlocks it if necessary, and dereferences th...
Definition: ob_x.h:323
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTSTATUS NTAPI ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
Definition: oblife.c:455
OBP_LOOKUP_CONTEXT LookupContext
Definition: ob.h:165
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
#define NULL
Definition: types.h:112
_In_ HANDLE Handle
Definition: extypes.h:390
POBJECT_TYPE Type
Definition: obtypes.h:493
#define __FUNCTION__
Definition: types.h:112
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
POBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: obtypes.h:500
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
Definition: obname.c:446
#define PAGED_CODE()

Referenced by CmLoadKey(), CmpLinkHiveToMaster(), CreateGreenFdo(), ExCreateCallback(), GetObjectType(), IntCreateDesktop(), IntCreateWindowStation(), IntResolveDesktop(), IoFastQueryNetworkAttributes(), IopCreateFile(), IopQueryAttributesFile(), NtCreateKey(), NtDeleteFile(), NtOpenDirectoryObject(), NtOpenEvent(), NtOpenEventPair(), NtOpenIoCompletion(), NtOpenJobObject(), NtOpenKey(), NtOpenMutant(), NtOpenProcess(), NtOpenSection(), NtOpenSemaphore(), NtOpenSymbolicLinkObject(), NtOpenThread(), NtOpenTimer(), NtQueryOpenSubKeys(), NtUnloadKey2(), NtUserOpenDesktop(), NtUserOpenWindowStation(), ObtCreateObjectTypes(), and START_TEST().

◆ ObOpenObjectByPointer()

NTSTATUS NTAPI ObOpenObjectByPointer ( IN PVOID  Object,
IN ULONG  HandleAttributes,
IN PACCESS_STATE  PassedAccessState,
IN ACCESS_MASK  DesiredAccess,
IN POBJECT_TYPE  ObjectType,
IN KPROCESSOR_MODE  AccessMode,
OUT PHANDLE  Handle 
)

Definition at line 2741 of file obhandle.c.

2748 {
2750  NTSTATUS Status;
2752  AUX_ACCESS_DATA AuxData;
2753  PAGED_CODE();
2754 
2755  /* Assume failure */
2756  *Handle = NULL;
2757 
2758  /* Reference the object */
2760  0,
2761  ObjectType,
2762  AccessMode);
2763  if (!NT_SUCCESS(Status)) return Status;
2764 
2765  /* Get the Header Info */
2767 
2768  /* Check if we didn't get an access state */
2769  if (!PassedAccessState)
2770  {
2771  /* Use our built-in access state */
2774  &AuxData,
2775  DesiredAccess,
2776  &Header->Type->TypeInfo.GenericMapping);
2777  if (!NT_SUCCESS(Status))
2778  {
2779  /* Fail */
2781  return Status;
2782  }
2783  }
2784 
2785  /* Check if we have invalid object attributes */
2786  if (Header->Type->TypeInfo.InvalidAttributes & HandleAttributes)
2787  {
2788  /* Delete the access state */
2790  {
2792  }
2793 
2794  /* Dereference the object */
2796  return STATUS_INVALID_PARAMETER;
2797  }
2798 
2799  /* Create the handle */
2801  Object,
2802  ObjectType,
2804  0,
2806  NULL,
2807  AccessMode,
2808  NULL,
2809  Handle);
2811 
2812  /* Delete the access state */
2814  {
2816  }
2817 
2818  /* Return */
2820  "%s - returning Object with PC S: %lx %lx\n",
2821  __FUNCTION__,
2822  OBJECT_TO_OBJECT_HEADER(Object)->PointerCount,
2823  Status);
2824  return Status;
2825 }
ObjectType
Definition: metafile.c:80
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:671
NTSTATUS NTAPI ObpCreateHandle(IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1496
NTSTATUS NTAPI SeCreateAccessState(_Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
Creates an access state.
Definition: access.c:642
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
Definition: Header.h:8
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
Definition: obref.c:381
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define OB_HANDLE_DEBUG
Definition: ob.h:17
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
#define NULL
Definition: types.h:112
_In_ HANDLE Handle
Definition: extypes.h:390
#define __FUNCTION__
Definition: types.h:112
#define PAGED_CODE()

Referenced by AfdBindSocket(), CmpConvertHandleToKernelHandle(), DbgkOpenProcessDebugPort(), DbgkpOpenHandles(), IntGetDesktopObjectHandle(), IntResolveDesktop(), NtOpenProcess(), NtOpenProcessTokenEx(), NtOpenThread(), NtOpenThreadTokenEx(), RawInputThreadMain(), SerenumDetectLegacyDevice(), SerenumDetectPnpDevice(), SermouseDetectLegacyDevice(), START_TEST(), UserOpenInputDesktop(), and WmipOpenGuidObject().

◆ ObpChargeQuotaForObject()

NTSTATUS NTAPI ObpChargeQuotaForObject ( IN POBJECT_HEADER  ObjectHeader,
IN POBJECT_TYPE  ObjectType,
OUT PBOOLEAN  NewObject 
)

Definition at line 431 of file obhandle.c.

434 {
435  POBJECT_HEADER_QUOTA_INFO ObjectQuota;
436  ULONG PagedPoolCharge, NonPagedPoolCharge;
437 
438  /* Get quota information */
439  ObjectQuota = OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader);
440  *NewObject = FALSE;
441 
442  /* Check if this is a new object */
443  if (ObjectHeader->Flags & OB_FLAG_CREATE_INFO)
444  {
445  /* Remove the flag */
446  ObjectHeader->Flags &= ~ OB_FLAG_CREATE_INFO;
447  if (ObjectQuota)
448  {
449  /* We have a quota, get the charges */
450  PagedPoolCharge = ObjectQuota->PagedPoolCharge;
451  NonPagedPoolCharge = ObjectQuota->NonPagedPoolCharge;
452  }
453  else
454  {
455  /* Get it from the object type */
456  PagedPoolCharge = ObjectType->TypeInfo.DefaultPagedPoolCharge;
457  NonPagedPoolCharge = ObjectType->TypeInfo.DefaultNonPagedPoolCharge;
458  }
459 
460  /* Is this the system process? */
462  {
463  /* It is, don't do anything */
464  ObjectHeader->QuotaBlockCharged = OBP_SYSTEM_PROCESS_QUOTA;
465  }
466  else
467  {
468  /* Charge the quota */
469  ObjectHeader->QuotaBlockCharged = PsChargeSharedPoolQuota(PsGetCurrentProcess(),
470  PagedPoolCharge,
471  NonPagedPoolCharge);
472  }
473 
474  /* Check if we don't have a quota block */
475  if (!ObjectHeader->QuotaBlockCharged) return STATUS_QUOTA_EXCEEDED;
476 
477  /* Now set the flag */
478  *NewObject = TRUE;
479  }
480 
481  /* Return success */
482  return STATUS_SUCCESS;
483 }
ObjectType
Definition: metafile.c:80
#define STATUS_QUOTA_EXCEEDED
Definition: ntstatus.h:304
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
#define PsGetCurrentProcess
Definition: psfuncs.h:17
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
Definition: obtypes.h:122
#define OB_FLAG_CREATE_INFO
Definition: obtypes.h:97
PEPROCESS_QUOTA_BLOCK NTAPI PsChargeSharedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T AmountToChargePaged, _In_ SIZE_T AmountToChargeNonPaged)
Charges the shared (paged and non paged) pool quotas. The function is used exclusively by the Object ...
Definition: quota.c:674
#define OBP_SYSTEM_PROCESS_QUOTA
Definition: ob.h:64
unsigned int ULONG
Definition: retypes.h:1
#define STATUS_SUCCESS
Definition: shellext.h:65
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71

Referenced by ObInsertObject(), ObpIncrementHandleCount(), and ObpIncrementUnnamedHandleCount().

◆ ObpCloseHandle()

NTSTATUS NTAPI ObpCloseHandle ( IN HANDLE  Handle,
IN KPROCESSOR_MODE  AccessMode 
)

Definition at line 1729 of file obhandle.c.

1731 {
1733  BOOLEAN AttachedToProcess = FALSE;
1735  PHANDLE_TABLE_ENTRY HandleTableEntry;
1736  NTSTATUS Status;
1738  PAGED_CODE();
1740  "%s - Closing handle: %p\n", __FUNCTION__, Handle);
1741 
1742  if (AccessMode == KernelMode && Handle == (HANDLE)-1)
1743  return STATUS_INVALID_HANDLE;
1744 
1745  /* Check if we're dealing with a kernel handle */
1747  {
1748  /* Use the kernel table and convert the handle */
1751 
1752  /* Check if we're not in the system process */
1754  {
1755  /* Attach to the system process */
1757  AttachedToProcess = TRUE;
1758  }
1759  }
1760  else
1761  {
1762  /* Use the process's handle table */
1763  HandleTable = Process->ObjectTable;
1764  }
1765 
1766  /* Enter a critical region to protect handle access */
1768 
1769  /* Get the handle entry */
1770  HandleTableEntry = ExMapHandleToPointer(HandleTable, Handle);
1771  if (HandleTableEntry)
1772  {
1773  /* Now close the entry */
1775  HandleTableEntry,
1776  Handle,
1777  AccessMode,
1778  FALSE);
1779 
1780  /* We can quit the critical region now */
1782 
1783  /* Detach and return success */
1784  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1785  }
1786  else
1787  {
1788  /* We failed, quit the critical region */
1790 
1791  /* Detach */
1792  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1793 
1794  /* Check if we have a valid handle that's not the process or thread */
1795  if ((Handle) &&
1796  (Handle != NtCurrentProcess()) &&
1797  (Handle != NtCurrentThread()))
1798  {
1799  /* Check if we came from user mode */
1800  if (AccessMode != KernelMode)
1801  {
1802  /* Check if we have no debug port */
1803  if (Process->DebugPort)
1804  {
1805  /* Make sure we're not attached */
1806  if (!KeIsAttachedProcess())
1807  {
1808  /* Raise an exception */
1810  }
1811  }
1812  }
1813  else
1814  {
1815  /* This is kernel mode. Check if we're exiting */
1817  (Process->Peb))
1818  {
1819  /* Check if the debugger is enabled */
1820  if (KdDebuggerEnabled)
1821  {
1822  /* Bugcheck */
1823  KeBugCheckEx(INVALID_KERNEL_HANDLE, (ULONG_PTR)Handle, 1, 0, 0);
1824  }
1825  }
1826  }
1827  }
1828 
1829  /* Set invalid status */
1831  }
1832 
1833  /* Return status */
1835  "%s - Closed handle: %p S: %lx\n",
1837  return Status;
1838 }
BOOLEAN KdDebuggerEnabled
Definition: kddata.c:83
KAPC_STATE
Definition: ketypes.h:1285
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define TRUE
Definition: types.h:120
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
Definition: handle.c:1040
LONG NTSTATUS
Definition: precomp.h:26
#define NtCurrentThread()
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:74
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
BOOLEAN NTAPI KeIsAttachedProcess(VOID)
Definition: procobj.c:693
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
unsigned char BOOLEAN
#define NtCurrentProcess()
Definition: nt_native.h:1657
Status
Definition: gdiplustypes.h:24
NTSTATUS NTAPI ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
Definition: obhandle.c:684
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
#define OB_HANDLE_DEBUG
Definition: ob.h:17
KPROCESS Pcb
Definition: pstypes.h:1262
NTSTATUS NTAPI KeRaiseUserException(IN NTSTATUS ExceptionCode)
Definition: except.c:397
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1700
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_In_ HANDLE Handle
Definition: extypes.h:390
#define ObKernelHandleToHandle(Handle)
Definition: ob.h:83
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
Definition: thread.c:868
#define __FUNCTION__
Definition: types.h:112
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
#define PAGED_CODE()

Referenced by NtClose(), and ObCloseHandle().

◆ ObpCloseHandleCallback()

BOOLEAN NTAPI ObpCloseHandleCallback ( IN PHANDLE_TABLE_ENTRY  HandleTableEntry,
IN HANDLE  Handle,
IN PVOID  Context 
)

Definition at line 1923 of file obhandle.c.

1926 {
1928 
1929  /* Simply decrement the handle count */
1930  ObpCloseHandleTableEntry(CloseContext->HandleTable,
1931  HandleTableEntry,
1932  Handle,
1933  CloseContext->AccessMode,
1934  TRUE);
1935  return TRUE;
1936 }
#define TRUE
Definition: types.h:120
PHANDLE_TABLE HandleTable
Definition: ob.h:117
struct _OBP_CLOSE_HANDLE_CONTEXT * POBP_CLOSE_HANDLE_CONTEXT
NTSTATUS NTAPI ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
Definition: obhandle.c:684
_In_ HANDLE Handle
Definition: extypes.h:390
KPROCESSOR_MODE AccessMode
Definition: ob.h:118

Referenced by ObClearProcessHandleTable(), and ObKillProcess().

◆ ObpCloseHandleTableEntry()

NTSTATUS NTAPI ObpCloseHandleTableEntry ( IN PHANDLE_TABLE  HandleTable,
IN PHANDLE_TABLE_ENTRY  HandleEntry,
IN HANDLE  Handle,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  IgnoreHandleProtection 
)

Definition at line 684 of file obhandle.c.

689 {
690  PVOID Body;
692  POBJECT_HEADER ObjectHeader;
694  KIRQL CalloutIrql;
695  PAGED_CODE();
696 
697  /* Get the object data */
698  ObjectHeader = ObpGetHandleObject(HandleEntry);
699  ObjectType = ObjectHeader->Type;
700  Body = &ObjectHeader->Body;
701  GrantedAccess = HandleEntry->GrantedAccess;
703  "%s - Closing handle: %p for %p. HC PC %lx %lx\n",
704  __FUNCTION__,
705  Handle,
706  Body,
707  ObjectHeader->HandleCount,
708  ObjectHeader->PointerCount);
709 
710  /* Check if the object has an Okay To Close procedure */
711  if (ObjectType->TypeInfo.OkayToCloseProcedure)
712  {
713  /* Call it and check if it's not letting us close it */
714  ObpCalloutStart(&CalloutIrql);
715  if (!ObjectType->TypeInfo.OkayToCloseProcedure(PsGetCurrentProcess(),
716  Body,
717  Handle,
718  AccessMode))
719  {
720  /* Fail */
721  ObpCalloutEnd(CalloutIrql, "NtClose", ObjectType, Body);
724  }
725 
726  /* Success, validate callout retrn */
727  ObpCalloutEnd(CalloutIrql, "NtClose", ObjectType, Body);
728  }
729 
730  /* The callback allowed us to close it, but does the handle itself? */
731  if ((HandleEntry->GrantedAccess & ObpAccessProtectCloseBit) &&
732  !(IgnoreHandleProtection))
733  {
734  /* It doesn't, are we from user mode? */
735  if (AccessMode != KernelMode)
736  {
737  /* We are! Unlock the entry */
739 
740  /* Make sure we have a debug port */
741  if (PsGetCurrentProcess()->DebugPort)
742  {
743  /* Raise an exception */
745  }
746  else
747  {
748  /* Return the error instead */
750  }
751  }
752  else
753  {
754  /* Otherwise, bugcheck the OS */
755  KeBugCheckEx(INVALID_KERNEL_HANDLE, (ULONG_PTR)Handle, 0, 0, 0);
756  }
757  }
758 
759  /* Destroy and unlock the handle entry */
760  ExDestroyHandle(HandleTable, Handle, HandleEntry);
761 
762  /* Now decrement the handle count */
766  ObjectType);
767 
768  /* Dereference the object as well */
769  ObDereferenceObject(Body);
770 
771  /* Return to caller */
773  "%s - Closed handle: %p for %p.\n",
774  __FUNCTION__,
775  Handle,
776  Body);
777  return STATUS_SUCCESS;
778 }
ObjectType
Definition: metafile.c:80
BOOLEAN NTAPI ExDestroyHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PHANDLE_TABLE_ENTRY HandleTableEntry OPTIONAL)
Definition: handle.c:978
LONG_PTR HandleCount
Definition: obtypes.h:490
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:917
uint32_t ULONG_PTR
Definition: typedefs.h:65
UCHAR KIRQL
Definition: env_spec_w32.h:591
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define PsGetCurrentProcess
Definition: psfuncs.h:17
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:497
#define ObpGetHandleObject(x)
Definition: ob.h:91
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:529
#define ObDereferenceObject
Definition: obfuncs.h:203
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505
#define OB_HANDLE_DEBUG
Definition: ob.h:17
#define STATUS_HANDLE_NOT_CLOSABLE
Definition: ntstatus.h:697
NTSTATUS NTAPI KeRaiseUserException(IN NTSTATUS ExceptionCode)
Definition: except.c:397
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
LONG_PTR PointerCount
Definition: obtypes.h:487
_In_ HANDLE Handle
Definition: extypes.h:390
#define ObpAccessProtectCloseBit
Definition: ob.h:59
#define STATUS_SUCCESS
Definition: shellext.h:65
POBJECT_TYPE Type
Definition: obtypes.h:493
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
#define __FUNCTION__
Definition: types.h:112
ULONG ACCESS_MASK
Definition: nt_native.h:40
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
#define PAGED_CODE()

Referenced by ObpCloseHandle(), and ObpCloseHandleCallback().

◆ ObpCreateHandle()

NTSTATUS NTAPI ObpCreateHandle ( IN OB_OPEN_REASON  OpenReason,
IN PVOID  Object,
IN POBJECT_TYPE Type  OPTIONAL,
IN PACCESS_STATE  AccessState,
IN ULONG  AdditionalReferences,
IN ULONG  HandleAttributes,
IN POBP_LOOKUP_CONTEXT  Context,
IN KPROCESSOR_MODE  AccessMode,
OUT PVOID ReturnedObject,
OUT PHANDLE  ReturnedHandle 
)

Definition at line 1496 of file obhandle.c.

1506 {
1507  HANDLE_TABLE_ENTRY NewEntry;
1508  POBJECT_HEADER ObjectHeader;
1509  HANDLE Handle;
1511  BOOLEAN AttachedToProcess = FALSE, KernelHandle = FALSE;
1514  NTSTATUS Status;
1516  PAUX_ACCESS_DATA AuxData;
1517  PAGED_CODE();
1518 
1519  /* Get the object header and type */
1520  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1521  ObjectType = ObjectHeader->Type;
1523  "%s - Creating handle for: %p. Reason: %lx. HC PC %lx %lx\n",
1524  __FUNCTION__,
1525  Object,
1526  OpenReason,
1527  ObjectHeader->HandleCount,
1528  ObjectHeader->PointerCount);
1529 
1530  /* Check if the types match */
1531  if ((Type) && (ObjectType != Type))
1532  {
1533  /* They don't, cleanup */
1536  }
1537 
1538  /* Save the object header */
1539  NewEntry.Object = ObjectHeader;
1540 
1541  /* Check if this is a kernel handle */
1543  {
1544  /* Set the handle table */
1546  KernelHandle = TRUE;
1547 
1548  /* Check if we're not in the system process */
1550  {
1551  /* Attach to the system process */
1553  AttachedToProcess = TRUE;
1554  }
1555  }
1556  else
1557  {
1558  /* Get the current handle table */
1559  HandleTable = PsGetCurrentProcess()->ObjectTable;
1560  }
1561 
1562  /* Increment the handle count */
1564  AccessState,
1565  AccessMode,
1568  OpenReason);
1569  if (!NT_SUCCESS(Status))
1570  {
1571  /*
1572  * We failed (meaning security failure, according to NT Internals)
1573  * detach and return
1574  */
1576  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1577  return Status;
1578  }
1579 
1580  /* Check if we are doing audits on close */
1581  if (AccessState->GenerateOnClose)
1582  {
1583  /* Force the attribute on */
1585  }
1586 
1587  /* Mask out the internal attributes */
1589 
1590  /* Get the original desired access */
1591  DesiredAccess = AccessState->RemainingDesiredAccess |
1592  AccessState->PreviouslyGrantedAccess;
1593 
1594  /* Remove what's not in the valid access mask */
1595  GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
1597 
1598  /* Update the value in the access state */
1599  AccessState->PreviouslyGrantedAccess = GrantedAccess;
1600 
1601  /* Get the auxiliary data */
1602  AuxData = AccessState->AuxData;
1603 
1604  /* Handle extra references */
1605  if (AdditionalReferences)
1606  {
1607  /* Add them to the header */
1609  AdditionalReferences);
1610  }
1611 
1612  /* Now we can release the object */
1614 
1615  /* Save the access mask */
1616  NewEntry.GrantedAccess = GrantedAccess;
1617 
1618  /*
1619  * Create the actual handle. We'll need to do this *after* calling
1620  * ObpIncrementHandleCount to make sure that Object Security is valid
1621  * (specified in Gl00my documentation on Ob)
1622  */
1624  "%s - Handle Properties: [%p-%lx-%lx]\n",
1625  __FUNCTION__,
1626  NewEntry.Object, NewEntry.ObAttributes & 3, NewEntry.GrantedAccess);
1627  Handle = ExCreateHandle(HandleTable, &NewEntry);
1628 
1629  /* Make sure we got a handle */
1630  if (Handle)
1631  {
1632  /* Check if this was a kernel handle */
1634 
1635  /* Return it */
1636  *ReturnedHandle = Handle;
1637 
1638  /* Check if we need to generate on audit */
1639  if (AccessState->GenerateAudit)
1640  {
1641  /* Audit the handle creation */
1642  //SeAuditHandleCreation(AccessState, Handle);
1643  }
1644 
1645  /* Check if this was a create */
1646  if (OpenReason == ObCreateHandle)
1647  {
1648  /* Check if we need to audit the privileges */
1649  if ((AuxData->PrivilegeSet) &&
1650  (AuxData->PrivilegeSet->PrivilegeCount))
1651  {
1652  /* Do the audit */
1653 #if 0
1655  &AccessState->
1657  GrantedAccess,
1658  AuxData->PrivilegeSet,
1659  TRUE,
1660  ExGetPreviousMode());
1661 #endif
1662  }
1663  }
1664 
1665  /* Return the new object only if caller wanted it biased */
1666  if ((AdditionalReferences) && (ReturnedObject))
1667  {
1668  /* Return it */
1669  *ReturnedObject = Object;
1670  }
1671 
1672  /* Detach if needed */
1673  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1674 
1675  /* Trace and return */
1677  "%s - Returning Handle: %p HC PC %lx %lx\n",
1678  __FUNCTION__,
1679  Handle,
1680  ObjectHeader->HandleCount,
1681  ObjectHeader->PointerCount);
1682  return STATUS_SUCCESS;
1683  }
1684 
1685  /* Decrement the handle count and detach */
1686  ObpDecrementHandleCount(&ObjectHeader->Body,
1688  GrantedAccess,
1689  ObjectType);
1690 
1691  /* Handle extra references */
1692  if (AdditionalReferences)
1693  {
1694  /* Check how many extra references were added */
1695  if (AdditionalReferences > 1)
1696  {
1697  /* Dereference it many times */
1699  -(LONG)(AdditionalReferences - 1));
1700  }
1701 
1702  /* Dereference the object one last time */
1704  }
1705 
1706  /* Detach if necessary and fail */
1707  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1709 }
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:258
ObjectType
Definition: metafile.c:80
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
KAPC_STATE
Definition: ketypes.h:1285
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LONG_PTR HandleCount
Definition: obtypes.h:490
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
HANDLE KernelHandle
Definition: legacy.c:24
ULONG_PTR ObAttributes
Definition: extypes.h:600
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3063
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:821
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
long LONG
Definition: pedump.c:60
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:810
unsigned char BOOLEAN
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:529
$ULONG PrivilegeCount
Definition: setypes.h:86
Status
Definition: gdiplustypes.h:24
#define STATUS_OBJECT_TYPE_MISMATCH
Definition: ntstatus.h:273
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:85
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ULONG GrantedAccess
Definition: extypes.h:606
#define ObDereferenceObject
Definition: obfuncs.h:203
Type
Definition: Type.h:6
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define InterlockedExchangeAddSizeT(a, b)
Definition: interlocked.h:196
#define OB_HANDLE_DEBUG
Definition: ob.h:17
VOID NTAPI SePrivilegeObjectAuditAlarm(_In_ HANDLE Handle, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE CurrentMode)
Raises an audit with alarm notification message when an object tries to acquire this privilege.
Definition: audit.c:1422
KPROCESS Pcb
Definition: pstypes.h:1262
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Releases an initialized object directory lookup context. Unlocks it if necessary, and dereferences th...
Definition: ob_x.h:323
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1700
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
LONG_PTR PointerCount
Definition: obtypes.h:487
_In_ HANDLE Handle
Definition: extypes.h:390
PVOID Object
Definition: extypes.h:599
#define STATUS_SUCCESS
Definition: shellext.h:65
POBJECT_TYPE Type
Definition: obtypes.h:493
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
#define __FUNCTION__
Definition: types.h:112
ULONG ACCESS_MASK
Definition: nt_native.h:40
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
#define PAGED_CODE()
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: sefuncs.h:13

Referenced by ObInsertObject(), ObOpenObjectByName(), and ObOpenObjectByPointer().

◆ ObpCreateUnnamedHandle()

NTSTATUS NTAPI ObpCreateUnnamedHandle ( IN PVOID  Object,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  AdditionalReferences,
IN ULONG  HandleAttributes,
IN KPROCESSOR_MODE  AccessMode,
OUT PVOID ReturnedObject,
OUT PHANDLE  ReturnedHandle 
)

Definition at line 1311 of file obhandle.c.

1318 {
1319  HANDLE_TABLE_ENTRY NewEntry;
1320  POBJECT_HEADER ObjectHeader;
1321  HANDLE Handle;
1323  BOOLEAN AttachedToProcess = FALSE, KernelHandle = FALSE;
1325  NTSTATUS Status;
1328  PAGED_CODE();
1329 
1330  /* Get the object header and type */
1331  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1332  ObjectType = ObjectHeader->Type;
1334  "%s - Creating handle for: %p. UNNAMED. HC PC %lx %lx\n",
1335  __FUNCTION__,
1336  Object,
1337  ObjectHeader->HandleCount,
1338  ObjectHeader->PointerCount);
1339 
1340  /* Save the object header */
1341  NewEntry.Object = ObjectHeader;
1342 
1343  /* Mask out the internal attributes */
1345 
1346  /* Check if this is a kernel handle */
1348  {
1349  /* Set the handle table */
1351  KernelHandle = TRUE;
1352 
1353  /* Check if we're not in the system process */
1355  {
1356  /* Attach to the system process */
1358  AttachedToProcess = TRUE;
1359  }
1360  }
1361  else
1362  {
1363  /* Get the current handle table */
1364  HandleTable = PsGetCurrentProcess()->ObjectTable;
1365  }
1366 
1367  /* Increment the handle count */
1369  &DesiredAccess,
1370  AccessMode,
1373  if (!NT_SUCCESS(Status))
1374  {
1375  /*
1376  * We failed (meaning security failure, according to NT Internals)
1377  * detach and return
1378  */
1379  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1380  return Status;
1381  }
1382 
1383  /* Remove what's not in the valid access mask */
1384  GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
1386 
1387  /* Handle extra references */
1388  if (AdditionalReferences)
1389  {
1390  /* Add them to the header */
1392  AdditionalReferences);
1393  }
1394 
1395  /* Save the access mask */
1396  NewEntry.GrantedAccess = GrantedAccess;
1397 
1398  /*
1399  * Create the actual handle. We'll need to do this *after* calling
1400  * ObpIncrementHandleCount to make sure that Object Security is valid
1401  * (specified in Gl00my documentation on Ob)
1402  */
1404  "%s - Handle Properties: [%p-%lx-%lx]\n",
1405  __FUNCTION__,
1406  NewEntry.Object, NewEntry.ObAttributes & 3, NewEntry.GrantedAccess);
1407  Handle = ExCreateHandle(HandleTable, &NewEntry);
1408 
1409  /* Make sure we got a handle */
1410  if (Handle)
1411  {
1412  /* Check if this was a kernel handle */
1414 
1415  /* Return handle and object */
1416  *ReturnedHandle = Handle;
1417 
1418  /* Return the new object only if caller wanted it biased */
1419  if ((AdditionalReferences) && (ReturnedObject))
1420  {
1421  /* Return it */
1422  *ReturnedObject = Object;
1423  }
1424 
1425  /* Detach if needed */
1426  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1427 
1428  /* Trace and return */
1430  "%s - Returning Handle: %p HC PC %lx %lx\n",
1431  __FUNCTION__,
1432  Handle,
1433  ObjectHeader->HandleCount,
1434  ObjectHeader->PointerCount);
1435  return STATUS_SUCCESS;
1436  }
1437 
1438  /* Handle extra references */
1439  if (AdditionalReferences)
1440  {
1441  /* Dereference it as many times as required */
1443  -(LONG)AdditionalReferences);
1444  }
1445 
1446  /* Decrement the handle count and detach */
1447  ObpDecrementHandleCount(&ObjectHeader->Body,
1449  GrantedAccess,
1450  ObjectType);
1451 
1452  /* Detach and fail */
1453  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1455 }
ObjectType
Definition: metafile.c:80
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
KAPC_STATE
Definition: ketypes.h:1285
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LONG_PTR HandleCount
Definition: obtypes.h:490
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
HANDLE KernelHandle
Definition: legacy.c:24
ULONG_PTR ObAttributes
Definition: extypes.h:600
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
NTSTATUS NTAPI ObpIncrementUnnamedHandleCount(IN PVOID Object, IN PACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process)
Definition: obhandle.c:1089
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:821
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
long LONG
Definition: pedump.c:60
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
unsigned char BOOLEAN
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:529
Status
Definition: gdiplustypes.h:24
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:85
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ULONG GrantedAccess
Definition: extypes.h:606
#define InterlockedExchangeAddSizeT(a, b)
Definition: interlocked.h:196
#define OB_HANDLE_DEBUG
Definition: ob.h:17
KPROCESS Pcb
Definition: pstypes.h:1262
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1700
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
LONG_PTR PointerCount
Definition: obtypes.h:487
_In_ HANDLE Handle
Definition: extypes.h:390
PVOID Object
Definition: extypes.h:599
#define STATUS_SUCCESS
Definition: shellext.h:65
POBJECT_TYPE Type
Definition: obtypes.h:493
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
#define __FUNCTION__
Definition: types.h:112
ULONG ACCESS_MASK
Definition: nt_native.h:40
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
#define PAGED_CODE()

Referenced by ObInsertObject().

◆ ObpDecrementHandleCount()

VOID NTAPI ObpDecrementHandleCount ( IN PVOID  ObjectBody,
IN PEPROCESS  Process,
IN ACCESS_MASK  GrantedAccess,
IN POBJECT_TYPE  ObjectType 
)

Definition at line 529 of file obhandle.c.

533 {
534  POBJECT_HEADER ObjectHeader;
535  LONG SystemHandleCount, ProcessHandleCount;
536  LONG NewCount;
537  KIRQL CalloutIrql;
538  POBJECT_HEADER_HANDLE_INFO HandleInfo;
539  POBJECT_HANDLE_COUNT_ENTRY HandleEntry;
540  POBJECT_HANDLE_COUNT_DATABASE HandleDatabase;
541  ULONG i;
542  PAGED_CODE();
543 
544  /* Get the object type and header */
545  ObjectHeader = OBJECT_TO_OBJECT_HEADER(ObjectBody);
547  "%s - Decrementing count for: %p. HC PC %lx %lx\n",
548  __FUNCTION__,
549  ObjectBody,
550  ObjectHeader->HandleCount,
551  ObjectHeader->PointerCount);
552 
553  /* Lock the object */
554  ObpAcquireObjectLock(ObjectHeader);
555 
556  /* Set default counts */
557  SystemHandleCount = ObjectHeader->HandleCount;
558  ProcessHandleCount = 0;
559 
560  /* Decrement the handle count */
561  NewCount = InterlockedDecrementSizeT(&ObjectHeader->HandleCount);
562 
563  /* Check if we're out of handles and this was an exclusive object */
564  if (!(NewCount) && (ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
565  {
566  /* Clear the exclusive flag */
567  OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = NULL;
568  }
569 
570  /* Is the object type keeping track of handles? */
571  if (ObjectType->TypeInfo.MaintainHandleCount)
572  {
573  /* Get handle information */
574  HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
575 
576  /* Check if there's only a single entry */
577  if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
578  {
579  /* It should be us */
580  ASSERT(HandleInfo->SingleEntry.Process == Process);
581  ASSERT(HandleInfo->SingleEntry.HandleCount > 0);
582 
583  /* Get the handle counts */
585  HandleEntry = &HandleInfo->SingleEntry;
586  }
587  else
588  {
589  /* Otherwise, get the database */
590  HandleDatabase = HandleInfo->HandleCountDatabase;
591  if (HandleDatabase)
592  {
593  /* Get the entries and loop them */
594  i = HandleDatabase->CountEntries;
595  HandleEntry = &HandleDatabase->HandleCountEntries[0];
596  while (i)
597  {
598  /* Check if this is a match */
599  if ((HandleEntry->HandleCount) &&
600  (HandleEntry->Process == Process))
601  {
602  /* Found it, get the process handle count */
603  ProcessHandleCount = HandleEntry->HandleCount--;
604  break;
605  }
606 
607  /* Keep looping */
608  HandleEntry++;
609  i--;
610  }
611  }
612  else
613  {
614  /* No database, so no entry */
615  HandleEntry = NULL;
616  }
617  }
618 
619  /* Check if this is the last handle */
620  if (ProcessHandleCount == 1)
621  {
622  /* Then clear the entry */
623  HandleEntry->Process = NULL;
624  HandleEntry->HandleCount = 0;
625  }
626  }
627 
628  /* Release the lock */
629  ObpReleaseObjectLock(ObjectHeader);
630 
631  /* Check if we have a close procedure */
632  if (ObjectType->TypeInfo.CloseProcedure)
633  {
634  /* Call it */
635  ObpCalloutStart(&CalloutIrql);
636  ObjectType->TypeInfo.CloseProcedure(Process,
637  ObjectBody,
640  SystemHandleCount);
641  ObpCalloutEnd(CalloutIrql, "Close", ObjectType, ObjectBody);
642  }
643 
644  /* Check if we should delete the object */
645  ObpDeleteNameCheck(ObjectBody);
646 
647  /* Decrease the total number of handles for this type */
648  InterlockedDecrement((PLONG)&ObjectType->TotalNumberOfHandles);
650  "%s - Decremented count for: %p. HC PC %lx %lx\n",
651  __FUNCTION__,
652  ObjectBody,
653  ObjectHeader->HandleCount,
654  ObjectHeader->PointerCount);
655 }
ObjectType
Definition: metafile.c:80
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
LONG_PTR HandleCount
Definition: obtypes.h:490
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
Definition: obtypes.h:458
#define OBJECT_HEADER_TO_HANDLE_INFO(h)
Definition: obtypes.h:118
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
#define OB_FLAG_SINGLE_PROCESS
Definition: obtypes.h:103
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
UCHAR KIRQL
Definition: env_spec_w32.h:591
long LONG
Definition: pedump.c:60
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:497
ULONG HandleCount
Definition: obtypes.h:445
UCHAR Flags
Definition: obtypes.h:497
#define OB_FLAG_EXCLUSIVE
Definition: obtypes.h:100
struct _EPROCESS * Process
Definition: obtypes.h:444
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
Definition: obtypes.h:122
OBJECT_HANDLE_COUNT_ENTRY SingleEntry
Definition: obtypes.h:459
#define ASSERT(a)
Definition: mode.c:44
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505
#define InterlockedDecrement
Definition: armddk.h:52
#define OB_HANDLE_DEBUG
Definition: ob.h:17
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]
Definition: obtypes.h:451
Definition: obtypes.h:442
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
LONG_PTR PointerCount
Definition: obtypes.h:487
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
unsigned int ULONG
Definition: retypes.h:1
#define InterlockedDecrementSizeT(a)
Definition: interlocked.h:153
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
Definition: obname.c:301
#define __FUNCTION__
Definition: types.h:112
signed int * PLONG
Definition: retypes.h:5
#define PAGED_CODE()

Referenced by ObDuplicateObject(), ObpCloseHandleTableEntry(), ObpCreateHandle(), and ObpCreateUnnamedHandle().

◆ ObpDuplicateHandleCallback()

BOOLEAN NTAPI ObpDuplicateHandleCallback ( IN PEPROCESS  Process,
IN PHANDLE_TABLE  HandleTable,
IN PHANDLE_TABLE_ENTRY  OldEntry,
IN PHANDLE_TABLE_ENTRY  HandleTableEntry 
)

Definition at line 1959 of file obhandle.c.

1963 {
1964  POBJECT_HEADER ObjectHeader;
1965  BOOLEAN Ret = FALSE;
1967  NTSTATUS Status;
1968  PAGED_CODE();
1969 
1970  /* Make sure that the handle is inheritable */
1971  Ret = (HandleTableEntry->ObAttributes & OBJ_INHERIT) != 0;
1972  if (Ret)
1973  {
1974  /* Get the object header */
1975  ObjectHeader = ObpGetHandleObject(HandleTableEntry);
1976 
1977  /* Increment the pointer count */
1978  InterlockedIncrementSizeT(&ObjectHeader->PointerCount);
1979 
1980  /* Release the handle lock */
1982 
1983  /* Setup the access state */
1984  AccessState.PreviouslyGrantedAccess = HandleTableEntry->GrantedAccess;
1985 
1986  /* Call the shared routine for incrementing handles */
1987  Status = ObpIncrementHandleCount(&ObjectHeader->Body,
1988  &AccessState,
1989  KernelMode,
1990  HandleTableEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES,
1991  Process,
1992  ObInheritHandle);
1993  if (!NT_SUCCESS(Status))
1994  {
1995  /* Return failure */
1996  ObDereferenceObject(&ObjectHeader->Body);
1997  Ret = FALSE;
1998  }
1999  }
2000  else
2001  {
2002  /* Release the handle lock */
2004  }
2005 
2006  /* Return duplication result */
2007  return Ret;
2008 }
LONG NTSTATUS
Definition: precomp.h:26
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:917
#define FALSE
Definition: types.h:117
#define InterlockedIncrementSizeT(a)
Definition: interlocked.h:220
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:810
unsigned char BOOLEAN
#define ObpGetHandleObject(x)
Definition: ob.h:91
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define OBJ_INHERIT
Definition: winternl.h:225
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
LONG_PTR PointerCount
Definition: obtypes.h:487
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
#define PAGED_CODE()

Referenced by ObInitProcess().

◆ ObpEnumFindHandleProcedure()

BOOLEAN NTAPI ObpEnumFindHandleProcedure ( IN PHANDLE_TABLE_ENTRY  HandleEntry,
IN HANDLE  Handle,
IN PVOID  Context 
)

Definition at line 211 of file obhandle.c.

214 {
215  POBJECT_HEADER ObjectHeader;
218  POBP_FIND_HANDLE_DATA FindData = Context;
219 
220  /* Get the object header */
221  ObjectHeader = ObpGetHandleObject(HandleEntry);
222 
223  /* Make sure it's valid and matching */
224  if ((FindData->ObjectHeader) && (FindData->ObjectHeader != ObjectHeader))
225  {
226  /* No match, fail */
227  return FALSE;
228  }
229 
230  /* Now attempt to match the object type */
231  if ((FindData->ObjectType) && (FindData->ObjectType != ObjectHeader->Type))
232  {
233  /* No match, fail */
234  return FALSE;
235  }
236 
237  /* Check if we have extra information */
238  if (FindData->HandleInformation)
239  {
240  /* Get the granted access and attributes */
241  GrantedAccess = HandleEntry->GrantedAccess;
242  HandleAttributes = HandleEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES;
243 
244  /* Attempt to match them */
247  {
248  /* No match, fail */
249  return FALSE;
250  }
251  }
252 
253  /* We have a match */
254  return TRUE;
255 }
POBJECT_HEADER ObjectHeader
Definition: ob.h:123
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
POBJECT_TYPE ObjectType
Definition: ob.h:124
#define TRUE
Definition: types.h:120
ACCESS_MASK GrantedAccess
Definition: iotypes.h:181
#define FALSE
Definition: types.h:117
#define ObpGetHandleObject(x)
Definition: ob.h:91
POBJECT_HANDLE_INFORMATION HandleInformation
Definition: ob.h:125
struct tagContext Context
Definition: acpixf.h:1034
unsigned int ULONG
Definition: retypes.h:1
POBJECT_TYPE Type
Definition: obtypes.h:493
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40

Referenced by ObFindHandleForObject().

◆ ObpIncrementHandleCount()

NTSTATUS NTAPI ObpIncrementHandleCount ( IN PVOID  Object,
IN PACCESS_STATE AccessState  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN ULONG  HandleAttributes,
IN PEPROCESS  Process,
IN OB_OPEN_REASON  OpenReason 
)

Definition at line 810 of file obhandle.c.

816 {
817  POBJECT_HEADER ObjectHeader;
821  PEPROCESS ExclusiveProcess;
823  POBJECT_HEADER_CREATOR_INFO CreatorInfo;
824  KIRQL CalloutIrql;
826  ULONG Total;
827  POBJECT_HEADER_NAME_INFO NameInfo;
828  PAGED_CODE();
829 
830  /* Get the object header and type */
831  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
832  ObjectType = ObjectHeader->Type;
834  "%s - Incrementing count for: %p. Reason: %lx. HC PC %lx %lx\n",
835  __FUNCTION__,
836  Object,
837  OpenReason,
838  ObjectHeader->HandleCount,
839  ObjectHeader->PointerCount);
840 
841  /* Check if caller is forcing user mode */
843  {
844  /* Force it */
846  }
847  else
848  {
849  /* Keep original setting */
851  }
852 
853  /* Lock the object */
854  ObpAcquireObjectLock(ObjectHeader);
855 
856  /* Charge quota and remove the creator info flag */
858  if (!NT_SUCCESS(Status)) return Status;
859 
860  /* Check if the open is exclusive */
862  {
863  /* Check if the object allows this, or if the inherit flag was given */
864  if ((HandleAttributes & OBJ_INHERIT) ||
865  !(ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
866  {
867  /* Incorrect attempt */
869  goto Quickie;
870  }
871 
872  /* Check if we have access to it */
873  ExclusiveProcess = OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader);
874  if ((!(ExclusiveProcess) && (ObjectHeader->HandleCount)) ||
875  ((ExclusiveProcess) && (ExclusiveProcess != PsGetCurrentProcess())))
876  {
877  /* This isn't the right process */
879  goto Quickie;
880  }
881 
882  /* Now you got exclusive access */
883  Exclusive = TRUE;
884  }
885  else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE) &&
886  (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader)))
887  {
888  /* Caller didn't want exclusive access, but the object is exclusive */
890  goto Quickie;
891  }
892 
893  /* Check for exclusive kernel object */
894  NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
895  if ((NameInfo) && (NameInfo->QueryReferences & OB_FLAG_KERNEL_EXCLUSIVE) &&
896  (ProbeMode != KernelMode))
897  {
898  /* Caller is not kernel, but the object is kernel exclusive */
900  goto Quickie;
901  }
902 
903  /*
904  * Check if this is an object that went from 0 handles back to existence,
905  * but doesn't have an open procedure, only a close procedure. This means
906  * that it will never realize that the object is back alive, so we must
907  * fail the request.
908  */
909  if (!(ObjectHeader->HandleCount) &&
910  !(NewObject) &&
911  (ObjectType->TypeInfo.MaintainHandleCount) &&
912  !(ObjectType->TypeInfo.OpenProcedure) &&
913  (ObjectType->TypeInfo.CloseProcedure))
914  {
915  /* Fail */
917  goto Quickie;
918  }
919 
920  /* Check if we're opening an existing handle */
921  if ((OpenReason == ObOpenHandle) ||
922  ((OpenReason == ObDuplicateHandle) && (AccessState)))
923  {
924  /* Validate the caller's access to this object */
926  AccessState,
927  TRUE,
928  ProbeMode,
929  &Status))
930  {
931  /* Access was denied, so fail */
932  goto Quickie;
933  }
934  }
935  else if (OpenReason == ObCreateHandle)
936  {
937  /* Convert MAXIMUM_ALLOWED to GENERIC_ALL */
938  if (AccessState->RemainingDesiredAccess & MAXIMUM_ALLOWED)
939  {
940  /* Mask out MAXIMUM_ALLOWED and stick GENERIC_ALL instead */
941  AccessState->RemainingDesiredAccess &= ~MAXIMUM_ALLOWED;
942  AccessState->RemainingDesiredAccess |= GENERIC_ALL;
943  }
944 
945  /* Check if we have to map the GENERIC mask */
946  if (AccessState->RemainingDesiredAccess & GENERIC_ACCESS)
947  {
948  /* Map it to the correct access masks */
949  RtlMapGenericMask(&AccessState->RemainingDesiredAccess,
950  &ObjectType->TypeInfo.GenericMapping);
951  }
952 
953  /* Check if the caller is trying to access system security */
954  if (AccessState->RemainingDesiredAccess & ACCESS_SYSTEM_SECURITY)
955  {
956  /* FIXME: TODO */
957  DPRINT1("ACCESS_SYSTEM_SECURITY not validated!\n");
958  }
959  }
960 
961  /* Check if this is an exclusive handle */
962  if (Exclusive)
963  {
964  /* Save the owner process */
965  OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process;
966  }
967 
968  /* Increase the handle count */
969  InterlockedIncrementSizeT(&ObjectHeader->HandleCount);
970  ProcessHandleCount = 0;
971 
972  /* Check if we have a handle database */
973  if (ObjectType->TypeInfo.MaintainHandleCount)
974  {
975  /* Increment the handle database */
976  Status = ObpIncrementHandleDataBase(ObjectHeader,
977  Process,
979  if (!NT_SUCCESS(Status))
980  {
981  /* FIXME: This should never happen for now */
982  DPRINT1("Unhandled case\n");
983  ASSERT(FALSE);
984  goto Quickie;
985  }
986  }
987 
988  /* Release the lock */
989  ObpReleaseObjectLock(ObjectHeader);
990 
991  /* Check if we have an open procedure */
993  if (ObjectType->TypeInfo.OpenProcedure)
994  {
995  /* Call it */
996  ObpCalloutStart(&CalloutIrql);
997  Status = ObjectType->TypeInfo.OpenProcedure(OpenReason,
998  Process,
999  Object,
1000  AccessState ?
1001  AccessState->
1003  0,
1005  ObpCalloutEnd(CalloutIrql, "Open", ObjectType, Object);
1006 
1007  /* Check if the open procedure failed */
1008  if (!NT_SUCCESS(Status))
1009  {
1010  /* FIXME: This should never happen for now */
1011  DPRINT1("Unhandled case\n");
1012  ASSERT(FALSE);
1013  return Status;
1014  }
1015  }
1016 
1017  /* Check if this is a create operation */
1018  if (OpenReason == ObCreateHandle)
1019  {
1020  /* Check if we have creator info */
1021  CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(ObjectHeader);
1022  if (CreatorInfo)
1023  {
1024  /* We do, acquire the lock */
1026 
1027  /* Insert us on the list */
1028  InsertTailList(&ObjectType->TypeList, &CreatorInfo->TypeList);
1029 
1030  /* Release the lock */
1032  }
1033  }
1034 
1035  /* Increase total number of handles */
1036  Total = InterlockedIncrement((PLONG)&ObjectType->TotalNumberOfHandles);
1037  if (Total > ObjectType->HighWaterNumberOfHandles)
1038  {
1039  /* Fixup count */
1040  ObjectType->HighWaterNumberOfHandles = Total;
1041  }
1042 
1043  /* Trace call and return */
1045  "%s - Incremented count for: %p. Reason: %lx HC PC %lx %lx\n",
1046  __FUNCTION__,
1047  Object,
1048  OpenReason,
1049  ObjectHeader->HandleCount,
1050  ObjectHeader->PointerCount);
1051  return Status;
1052 
1053 Quickie:
1054  /* Release lock and return */
1055  ObpReleaseObjectLock(ObjectHeader);
1056  return Status;
1057 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
ObjectType
Definition: metafile.c:80
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define GENERIC_ALL
Definition: nt_native.h:92
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
LONG_PTR HandleCount
Definition: obtypes.h:490
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS NTAPI ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
Definition: obhandle.c:431
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
LONG NTSTATUS
Definition: precomp.h:26
_Must_inspect_result_ _In_ _In_ ULONG ProbeMode
Definition: mmfuncs.h:561
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
#define InsertTailList(ListHead, Entry)
#define OBJ_EXCLUSIVE
Definition: winternl.h:227
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
UCHAR KIRQL
Definition: env_spec_w32.h:591
#define FALSE
Definition: types.h:117
#define InterlockedIncrementSizeT(a)
Definition: interlocked.h:220
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define PsGetCurrentProcess
Definition: psfuncs.h:17
unsigned char BOOLEAN
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:497
UCHAR Flags
Definition: obtypes.h:497
#define OB_FLAG_EXCLUSIVE
Definition: obtypes.h:100
Status
Definition: gdiplustypes.h:24
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
Definition: obtypes.h:122
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define OBJ_INHERIT
Definition: winternl.h:225
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:340
__in PWDFDEVICE_INIT __in BOOLEAN Exclusive
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:352
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505
#define OBJ_FORCE_ACCESS_CHECK
Definition: winternl.h:232
NTSTATUS NTAPI ObpIncrementHandleDataBase(IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
Definition: obhandle.c:333
#define OB_HANDLE_DEBUG
Definition: ob.h:17
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
BOOLEAN NTAPI ObCheckObjectAccess(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
Definition: obsecure.c:441
#define InterlockedIncrement
Definition: armddk.h:53
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
Definition: obtypes.h:126
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
LONG_PTR PointerCount
Definition: obtypes.h:487
#define GENERIC_ACCESS
Definition: security.c:35
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
Definition: sefuncs.h:13
unsigned int ULONG
Definition: retypes.h:1
#define STATUS_SUCCESS
Definition: shellext.h:65
POBJECT_TYPE Type
Definition: obtypes.h:493
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71
#define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h)
Definition: obtypes.h:131
#define __FUNCTION__
Definition: types.h:112
signed int * PLONG
Definition: retypes.h:5
#define OB_FLAG_KERNEL_EXCLUSIVE
Definition: obtypes.h:109
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
#define PAGED_CODE()

Referenced by ObDuplicateObject(), ObpCreateHandle(), and ObpDuplicateHandleCallback().

◆ ObpIncrementHandleDataBase()

NTSTATUS NTAPI ObpIncrementHandleDataBase ( IN POBJECT_HEADER  ObjectHeader,
IN PEPROCESS  Process,
IN OUT PULONG  NewProcessHandleCount 
)

Definition at line 333 of file obhandle.c.

336 {
337  POBJECT_HEADER_HANDLE_INFO HandleInfo;
338  POBJECT_HANDLE_COUNT_ENTRY HandleEntry, FreeEntry = NULL;
339  POBJECT_HANDLE_COUNT_DATABASE HandleDatabase;
340  ULONG i;
341  PAGED_CODE();
342 
343  /* Get the handle info and check if we only have one entry */
344  HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
345  if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
346  {
347  /* Check if the entry is free */
348  if (!HandleInfo->SingleEntry.HandleCount)
349  {
350  /* Add ours */
351  HandleInfo->SingleEntry.HandleCount = 1;
352  HandleInfo->SingleEntry.Process = Process;
353 
354  /* Return success and 1 handle */
355  *NewProcessHandleCount = 1;
356  return STATUS_SUCCESS;
357  }
358  else if (HandleInfo->SingleEntry.Process == Process)
359  {
360  /* Busy entry, but same process */
361  *NewProcessHandleCount = ++HandleInfo->SingleEntry.HandleCount;
362  return STATUS_SUCCESS;
363  }
364  else
365  {
366  /* Insert a new entry */
367  FreeEntry = ObpInsertHandleCount(ObjectHeader);
368  if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
369  ASSERT(!FreeEntry->Process);
370  ASSERT(!FreeEntry->HandleCount);
371 
372  /* Fill it out */
373  FreeEntry->Process = Process;
374  FreeEntry->HandleCount = 1;
375 
376  /* Return success and 1 handle */
377  *NewProcessHandleCount = 1;
378  return STATUS_SUCCESS;
379  }
380  }
381 
382  /* We have a database instead */
383  HandleDatabase = HandleInfo->HandleCountDatabase;
384  if (HandleDatabase)
385  {
386  /* Get the entries and loop them */
387  i = HandleDatabase->CountEntries;
388  HandleEntry = &HandleDatabase->HandleCountEntries[0];
389  while (i)
390  {
391  /* Check if this is a match */
392  if (HandleEntry->Process == Process)
393  {
394  /* Found it, get the process handle count */
395  *NewProcessHandleCount = ++HandleEntry->HandleCount;
396  return STATUS_SUCCESS;
397  }
398  else if (!HandleEntry->HandleCount)
399  {
400  /* Found a free entry */
401  FreeEntry = HandleEntry;
402  }
403 
404  /* Keep looping */
405  HandleEntry++;
406  i--;
407  }
408 
409  /* Check if we couldn't find a free entry */
410  if (!FreeEntry)
411  {
412  /* Allocate one */
413  FreeEntry = ObpInsertHandleCount(ObjectHeader);
414  if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
415  ASSERT(!FreeEntry->Process);
416  ASSERT(!FreeEntry->HandleCount);
417  }
418 
419  /* Fill out the entry */
420  FreeEntry->Process = Process;
421  FreeEntry->HandleCount = 1;
422  *NewProcessHandleCount = 1;
423  }
424 
425  /* Return success if we got here */
426  return STATUS_SUCCESS;
427 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
Definition: obtypes.h:458
#define OBJECT_HEADER_TO_HANDLE_INFO(h)
Definition: obtypes.h:118
#define OB_FLAG_SINGLE_PROCESS
Definition: obtypes.h:103
ULONG HandleCount
Definition: obtypes.h:445
struct _EPROCESS * Process
Definition: obtypes.h:444
OBJECT_HANDLE_COUNT_ENTRY SingleEntry
Definition: obtypes.h:459
#define ASSERT(a)
Definition: mode.c:44
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]
Definition: obtypes.h:451
Definition: obtypes.h:442
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
unsigned int ULONG
Definition: retypes.h:1
#define STATUS_SUCCESS
Definition: shellext.h:65
POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount(IN POBJECT_HEADER ObjectHeader)
Definition: obhandle.c:259
#define PAGED_CODE()

Referenced by ObpIncrementHandleCount(), and ObpIncrementUnnamedHandleCount().

◆ ObpIncrementUnnamedHandleCount()

NTSTATUS NTAPI ObpIncrementUnnamedHandleCount ( IN PVOID  Object,
IN PACCESS_MASK  DesiredAccess,
IN KPROCESSOR_MODE  AccessMode,
IN ULONG  HandleAttributes,
IN PEPROCESS  Process 
)

Definition at line 1089 of file obhandle.c.

1094 {
1095  POBJECT_HEADER ObjectHeader;
1098  NTSTATUS Status;
1099  PEPROCESS ExclusiveProcess;
1101  POBJECT_HEADER_CREATOR_INFO CreatorInfo;
1102  KIRQL CalloutIrql;
1103  ULONG Total;
1104 
1105  /* Get the object header and type */
1106  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1107  ObjectType = ObjectHeader->Type;
1109  "%s - Incrementing count for: %p. UNNAMED. HC PC %lx %lx\n",
1110  __FUNCTION__,
1111  Object,
1112  ObjectHeader->HandleCount,
1113  ObjectHeader->PointerCount);
1114 
1115  /* Lock the object */
1116  ObpAcquireObjectLock(ObjectHeader);
1117 
1118  /* Charge quota and remove the creator info flag */
1120  if (!NT_SUCCESS(Status)) return Status;
1121 
1122  /* Check if the open is exclusive */
1124  {
1125  /* Check if the object allows this, or if the inherit flag was given */
1126  if ((HandleAttributes & OBJ_INHERIT) ||
1127  !(ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
1128  {
1129  /* Incorrect attempt */
1131  goto Quickie;
1132  }
1133 
1134  /* Check if we have access to it */
1135  ExclusiveProcess = OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader);
1136  if ((!(ExclusiveProcess) && (ObjectHeader->HandleCount)) ||
1137  ((ExclusiveProcess) && (ExclusiveProcess != PsGetCurrentProcess())))
1138  {
1139  /* This isn't the right process */
1141  goto Quickie;
1142  }
1143 
1144  /* Now you got exclusive access */
1145  Exclusive = TRUE;
1146  }
1147  else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE) &&
1148  (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader)))
1149  {
1150  /* Caller didn't want exclusive access, but the object is exclusive */
1152  goto Quickie;
1153  }
1154 
1155  /*
1156  * Check if this is an object that went from 0 handles back to existence,
1157  * but doesn't have an open procedure, only a close procedure. This means
1158  * that it will never realize that the object is back alive, so we must
1159  * fail the request.
1160  */
1161  if (!(ObjectHeader->HandleCount) &&
1162  !(NewObject) &&
1163  (ObjectType->TypeInfo.MaintainHandleCount) &&
1164  !(ObjectType->TypeInfo.OpenProcedure) &&
1165  (ObjectType->TypeInfo.CloseProcedure))
1166  {
1167  /* Fail */
1169  goto Quickie;
1170  }
1171 
1172  /* Convert MAXIMUM_ALLOWED to GENERIC_ALL */
1174  {
1175  /* Mask out MAXIMUM_ALLOWED and stick GENERIC_ALL instead */
1178  }
1179 
1180  /* Check if we have to map the GENERIC mask */
1182  {
1183  /* Map it to the correct access masks */
1185  &ObjectType->TypeInfo.GenericMapping);
1186  }
1187 
1188  /* Check if this is an exclusive handle */
1189  if (Exclusive)
1190  {
1191  /* Save the owner process */
1192  OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process;
1193  }
1194 
1195  /* Increase the handle count */
1196  InterlockedIncrementSizeT(&ObjectHeader->HandleCount);
1197  ProcessHandleCount = 0;
1198 
1199  /* Check if we have a handle database */
1200  if (ObjectType->TypeInfo.MaintainHandleCount)
1201  {
1202  /* Increment the handle database */
1203  Status = ObpIncrementHandleDataBase(ObjectHeader,
1204  Process,
1206  if (!NT_SUCCESS(Status))
1207  {
1208  /* FIXME: This should never happen for now */
1209  DPRINT1("Unhandled case\n");
1210  ASSERT(FALSE);
1211  goto Quickie;
1212  }
1213  }
1214 
1215  /* Release the lock */
1216  ObpReleaseObjectLock(ObjectHeader);
1217 
1218  /* Check if we have an open procedure */
1220  if (ObjectType->TypeInfo.OpenProcedure)
1221  {
1222  /* Call it */
1223  ObpCalloutStart(&CalloutIrql);
1224  Status = ObjectType->TypeInfo.OpenProcedure(ObCreateHandle,
1225  Process,
1226  Object,
1227  *DesiredAccess,
1229  ObpCalloutEnd(CalloutIrql, "Open", ObjectType, Object);
1230 
1231  /* Check if the open procedure failed */
1232  if (!NT_SUCCESS(Status))
1233  {
1234  /* FIXME: This should never happen for now */
1235  DPRINT1("Unhandled case\n");
1236  ASSERT(FALSE);
1237  return Status;
1238  }
1239  }
1240 
1241  /* Check if we have creator info */
1242  CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(ObjectHeader);
1243  if (CreatorInfo)
1244  {
1245  /* We do, acquire the lock */
1247 
1248  /* Insert us on the list */
1249  InsertTailList(&ObjectType->TypeList, &CreatorInfo->TypeList);
1250 
1251  /* Release the lock */
1253  }
1254 
1255  /* Increase total number of handles */
1256  Total = InterlockedIncrement((PLONG)&ObjectType->TotalNumberOfHandles);
1257  if (Total > ObjectType->HighWaterNumberOfHandles)
1258  {
1259  /* Fixup count */
1260  ObjectType->HighWaterNumberOfHandles = Total;
1261  }
1262 
1263  /* Trace call and return */
1265  "%s - Incremented count for: %p. UNNAMED HC PC %lx %lx\n",
1266  __FUNCTION__,
1267  Object,
1268  ObjectHeader->HandleCount,
1269  ObjectHeader->PointerCount);
1270  return Status;
1271 
1272 Quickie:
1273  /* Release lock and return */
1274  ObpReleaseObjectLock(ObjectHeader);
1275  return Status;
1276 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
ObjectType
Definition: metafile.c:80
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define GENERIC_ALL
Definition: nt_native.h:92
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
LONG_PTR HandleCount
Definition: obtypes.h:490
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS NTAPI ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
Definition: obhandle.c:431
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
LONG NTSTATUS
Definition: precomp.h:26
#define InsertTailList(ListHead, Entry)
#define OBJ_EXCLUSIVE
Definition: winternl.h:227
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
UCHAR KIRQL
Definition: env_spec_w32.h:591
#define FALSE
Definition: types.h:117
#define InterlockedIncrementSizeT(a)
Definition: interlocked.h:220
#define PsGetCurrentProcess
Definition: psfuncs.h:17
unsigned char BOOLEAN
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:497
UCHAR Flags
Definition: obtypes.h:497
#define OB_FLAG_EXCLUSIVE
Definition: obtypes.h:100
Status
Definition: gdiplustypes.h:24
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
Definition: obtypes.h:122
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define OBJ_INHERIT
Definition: winternl.h:225
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:340
__in PWDFDEVICE_INIT __in BOOLEAN Exclusive
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:352
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505
NTSTATUS NTAPI ObpIncrementHandleDataBase(IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
Definition: obhandle.c:333
#define OB_HANDLE_DEBUG
Definition: ob.h:17
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
#define InterlockedIncrement
Definition: armddk.h:53
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
Definition: obtypes.h:126
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
LONG_PTR PointerCount
Definition: obtypes.h:487
#define GENERIC_ACCESS
Definition: security.c:35
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
unsigned int ULONG
Definition: retypes.h:1
#define STATUS_SUCCESS
Definition: shellext.h:65
POBJECT_TYPE Type
Definition: obtypes.h:493
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71
#define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h)
Definition: obtypes.h:131
#define __FUNCTION__
Definition: types.h:112
signed int * PLONG
Definition: retypes.h:5
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)

Referenced by ObpCreateUnnamedHandle().

◆ ObpInsertHandleCount()

POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount ( IN POBJECT_HEADER  ObjectHeader)

Definition at line 259 of file obhandle.c.

260 {
261  POBJECT_HEADER_HANDLE_INFO HandleInfo;
262  POBJECT_HANDLE_COUNT_ENTRY FreeEntry;
263  POBJECT_HANDLE_COUNT_DATABASE HandleDatabase, OldHandleDatabase;
264  ULONG i;
265  ULONG Size, OldSize;
266  OBJECT_HANDLE_COUNT_DATABASE SingleDatabase;
267  PAGED_CODE();
268 
269  /* Get the handle info */
270  HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
271  if (!HandleInfo) return NULL;
272 
273  /* Check if we only have one entry */
274  if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
275  {
276  /* Fill out the single entry */
277  SingleDatabase.CountEntries = 1;
278  SingleDatabase.HandleCountEntries[0] = HandleInfo->SingleEntry;
279 
280  /* Use this as the old size */
281  OldHandleDatabase = &SingleDatabase;
282  OldSize = sizeof(SingleDatabase);
283 
284  /* Now we'll have two entries, and an entire DB */
285  i = 2;
287  ((i - 1) * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
288  }
289  else
290  {
291  /* We already have a DB, get the information from it */
292  OldHandleDatabase = HandleInfo->HandleCountDatabase;
293  i = OldHandleDatabase->CountEntries;
294  OldSize = sizeof(OBJECT_HANDLE_COUNT_DATABASE) +
295  ((i - 1) * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
296 
297  /* Add 4 more entries */
298  i += 4;
299  Size = OldSize + (4 * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
300  }
301 
302  /* Allocate the DB */
304  if (!HandleDatabase) return NULL;
305 
306  /* Copy the old database */
307  RtlCopyMemory(HandleDatabase, OldHandleDatabase, OldSize);
308 
309  /* Check if we he had a single entry before */
310  if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
311  {
312  /* Now we have more */
313  ObjectHeader->Flags &= ~OB_FLAG_SINGLE_PROCESS;
314  }
315  else
316  {
317  /* Otherwise we had a DB, free it */
318  ExFreePoolWithTag(OldHandleDatabase, TAG_OB_HANDLE);
319  }
320 
321  /* Find the end of the copy and zero out the new data */
322  FreeEntry = (PVOID)((ULONG_PTR)HandleDatabase + OldSize);
323  RtlZeroMemory(FreeEntry, Size - OldSize);
324 
325  /* Set the new information and return the free entry */
326  HandleDatabase->CountEntries = i;
327  HandleInfo->HandleCountDatabase = HandleDatabase;
328  return FreeEntry;
329 }
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
Definition: obtypes.h:458
#define OBJECT_HEADER_TO_HANDLE_INFO(h)
Definition: obtypes.h:118
#define OB_FLAG_SINGLE_PROCESS
Definition: obtypes.h:103
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
uint32_t ULONG_PTR
Definition: typedefs.h:65
struct _OBJECT_HANDLE_COUNT_ENTRY OBJECT_HANDLE_COUNT_ENTRY
void * PVOID
Definition: retypes.h:9
#define TAG_OB_HANDLE
Definition: tag.h:121
OBJECT_HANDLE_COUNT_ENTRY SingleEntry
Definition: obtypes.h:459
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]
Definition: obtypes.h:451
Definition: obtypes.h:442
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099