ReactOS  r76032
obhandle.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for obhandle.c:

Go to the source code of this file.

Macros

#define NDEBUG
 
#define TAG_OB_HANDLE   'dHbO'
 

Functions

PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable (IN PEPROCESS Process)
 
VOID NTAPI ObDereferenceProcessHandleTable (IN PEPROCESS Process)
 
ULONG NTAPI ObGetProcessHandleCount (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle (IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
 
BOOLEAN NTAPI ObpEnumFindHandleProcedure (IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN PVOID Context)
 
POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount (IN POBJECT_HEADER ObjectHeader)
 
NTSTATUS NTAPI ObpIncrementHandleDataBase (IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
 
NTSTATUS NTAPI ObpChargeQuotaForObject (IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
 
NTSTATUS NTAPI ObpValidateAccessMask (IN PACCESS_STATE AccessState)
 
VOID NTAPI ObpDecrementHandleCount (IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
 
NTSTATUS NTAPI ObpCloseHandleTableEntry (IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
 
NTSTATUS NTAPI ObpIncrementHandleCount (IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
 
NTSTATUS NTAPI ObpIncrementUnnamedHandleCount (IN PVOID Object, IN PACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process)
 
NTSTATUS NTAPI ObpCreateUnnamedHandle (IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
 
NTSTATUS NTAPI ObpCreateHandle (IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
 
NTSTATUS NTAPI ObpCloseHandle (IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
 
BOOLEAN NTAPI ObpSetHandleAttributes (IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
 
BOOLEAN NTAPI ObpCloseHandleCallback (IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
 
BOOLEAN NTAPI ObpDuplicateHandleCallback (IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
 
VOID NTAPI ObClearProcessHandleTable (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObInitProcess (IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
 
VOID NTAPI ObKillProcess (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObDuplicateObject (IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI ObOpenObjectByName (IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN OUT PVOID ParseContext, OUT PHANDLE Handle)
 
NTSTATUS NTAPI ObOpenObjectByPointer (IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
 
BOOLEAN NTAPI ObFindHandleForObject (IN PEPROCESS Process, IN PVOID Object, IN POBJECT_TYPE ObjectType, IN POBJECT_HANDLE_INFORMATION HandleInformation, OUT PHANDLE Handle)
 
NTSTATUS NTAPI ObInsertObject (IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
 
NTSTATUS NTAPI ObSetHandleAttributes (IN HANDLE Handle, IN POBJECT_HANDLE_ATTRIBUTE_INFORMATION HandleFlags, IN KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI ObCloseHandle (IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
 
NTSTATUS NTAPI NtClose (IN HANDLE Handle)
 
NTSTATUS NTAPI NtDuplicateObject (IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options)
 
BOOLEAN NTAPI ObIsKernelHandle (IN HANDLE Handle)
 

Variables

PHANDLE_TABLE ObpKernelHandleTable = NULL
 
ULONG ObpAccessProtectCloseBit = MAXIMUM_ALLOWED
 

Macro Definition Documentation

#define NDEBUG

Definition at line 17 of file obhandle.c.

#define TAG_OB_HANDLE   'dHbO'

Definition at line 23 of file obhandle.c.

Referenced by ObpInsertHandleCount().

Function Documentation

NTSTATUS NTAPI NtClose ( IN HANDLE  Handle)

Definition at line 3392 of file obhandle.c.

Referenced by _At_(), _tmain(), AccpCloseObjectHandle(), AddCodepageToRegistry(), BtrfsDeviceAdd::AddDevice(), AddFontsSettingsToRegistry(), AddHotkeySettings(), AddKbLayoutsToRegistry(), BaseComputeProcessDllPath(), BaseGetNamedObjectDirectory(), BaseInitializeStaticServerData(), BasepCopyFileExW(), BasepIsProcessAllowed(), BasepMapFile(), BasepMoveFileDelayed(), BasepNotifyTrackingService(), BasepOpenFileForMove(), BasepSxsCloseHandles(), BaseSrvCleanupVDMResources(), BaseSrvCreatePairWaitHandles(), BaseSrvDestroyConsoleRecord(), BaseSrvDestroyPairWaitHandles(), BaseSrvIsVdmAllowed(), Beep(), CabinetExtractFile(), CallApphelpWithImage(), CallCacheControl(), CheckTokenMembership(), ClientThread(), CloseCabinet(), CloseDefaultKeys(), CloseDevice(), CloseHandle(), closeTcpFile(), CmGetSystemDriverList(), CmInitSystem1(), CmpCreateControlSet(), CmpCreateHardwareProfile(), CmpInitializeHardwareConfiguration(), CmpInitializeMachineDependentConfiguration(), CmpInitializeRegistryNode(), CmpSetSystemValues(), CmpSetupConfigurationTree(), CmpSetVersionData(), CommandDumpSector(), CommandPartInfo(), ConCfgOpenUserSettings(), ConDrvUnpause(), ConnectConsole(), ConnectRegistry(), ConSrvDeleteConsole(), ConSrvInitConsole(), create_classes_root_hkey(), create_key(), create_registry_key(), CreateBaseAcls(), CreateContext(), CreateDirectoryExW(), CreateDirectoryW(), CreateHardLinkW(), CreateIoCompletionPort(), CreateKeyTest(), CreateNestedKey(), CreatePartitionList(), CreatePipe(), CreateProcessInternalW(), CreateRegistryFile(), CreateWindowStationW(), CSR_API(), CSR_SERVER_DLL_INIT(), CsrApiPortInitialize(), CsrCreateRemoteThread(), CsrGetProcessLuid(), CsrpCheckRequestThreads(), CsrpConnectToServer(), CsrProcessRefcountZero(), CsrSbApiRequestThread(), CsrSetProcessSecurity(), CsrSrvCreateSharedSection(), CsrThreadRefcountZero(), DbgUiIssueRemoteBreakin(), DebugActiveProcess(), DebugActiveProcessStop(), DeleteFileW(), DeleteKeyTest(), DeleteValueTest(), DestroyProtoHive(), do_enumeratekey(), DoesFileExist(), DoesPathExist(), DumpRegistryData(), EnumerateKeyTest(), EnumerateValueTest(), EventThread(), ExpandSymbolicLink(), ExpCreateSystemRootLink(), ExpInitializeCallbacks(), Ext2CloseDevice(), find_devices(), FindClose(), FindFirstChangeNotificationW(), FindFirstFileExW(), FindFirstStreamW(), FormatEx2(), FreeConsole(), get_manifest_in_associated_manifest(), get_manifest_in_manifest_file(), get_manifest_in_pe_file(), get_registry_locale_info(), GetComputerIdentifier(), GetComputerNameFromRegistry(), GetCPFileNameFromRegistry(), GetDisplayIdentifier(), GetDllList(), GetDosDevicesProtection(), GetDriveTypeW(), GetFileSecurityW(), GetFileSystem(), GetNTObjectSymbolicLinkTarget(), GetSocketInformation(), GetSourcePaths(), GetTempFileNameW(), GetTimeouts(), GetUserGeoID(), GetVolumeInformationW(), GetVolumeNameForRoot(), GRAPHICS_BUFFER_Destroy(), GRAPHICS_BUFFER_Initialize(), GuiApplyUserSettings(), GuiConsoleShowConsoleProperties(), GuiDeinitFrontEnd(), GuiInit(), GuiInitFrontEnd(), ImpersonateLoggedOnUser(), InfOpenFile(), InfWriteFile(), IniCacheLoad(), IniCacheSave(), InitFunctionPtrs(), InitializeFmIfsOnce(), InitLogPort(), InstallDevice(), InstallDriver(), InstallExt2BootCodeToDisk(), InstallFat12BootCodeToFloppy(), InstallFat16BootCodeToDisk(), InstallFat16BootCodeToFile(), InstallFat32BootCodeToDisk(), InstallFat32BootCodeToFile(), InstallMbrBootCodeToDisk(), IntAllocConsole(), IntAttachConsole(), IntGetCodePageEntry(), IntParseDesktopPath(), IopCreateRootDirectories(), IopInitializePlugPlayServices(), IopMarkBootPartition(), is_mounted_multi_device(), IsAcpiComputer(), IsShimInfrastructureDisabled(), IsThereAValidBootSector(), IsThisARootDirectory(), IsValidLanguageGroup(), keyed_event_thread(), KsecOpenDevice(), LdrOpenImageFileOptionsKey(), LdrpCheckForKnownDll(), LdrpCheckForLoadedDll(), LdrpCreateDllSection(), LdrpInitializeProcess(), LdrpMapDll(), LdrQueryImageFileExecutionOptionsEx(), LdrVerifyImageMatchesChecksum(), ListDirectory(), LoadModule(), LogfBackupFile(), LogfClose(), LogfCreate(), lookup_assembly(), lookup_winsxs(), LsaConnectUntrusted(), LsapCheckLogonProcess(), LsapCloseDbObject(), LsapCloseLsaPort(), LsapCreateDatabaseKeys(), LsapCreateDbObject(), LsapDeleteDbObject(), LsapDeregisterLogonProcess(), LsapEnumLogonSessions(), LsapGetLogonSessionData(), LsapGetObjectAttribute(), LsapIsDatabaseInstalled(), LsapLogonUser(), LsapOpenDbObject(), LsapRegCloseKey(), LsapRegDeleteSubKey(), LsapSetObjectAttribute(), LsarSetSecurityObject(), main(), MoveFileWithProgressW(), MyDeleteFile(), NetUserChangePassword(), NLS_EnumLanguageGroupLocales(), NLS_EnumSystemCodePages(), NLS_EnumSystemLanguageGroups(), NlsInit(), NlsUninit(), NtQueryOpenSubKeys(), ObDuplicateObject(), ObInitSystem(), ObpCreateDosDevicesDirectory(), OpenFile(), OpenWindowStationW(), parse_file(), Phase1InitializationDiscard(), PipGetDriverTagPriority(), BtrfsDeviceAdd::populate_device_tree(), PortThreadRoutine(), PrintProcess(), PrintThreads(), PrivMoveFileIdentityW(), ProcessIdToSessionId(), ProcessLocaleRegistry(), ProtectBootIni(), QueryDosDeviceW(), ReadBlock(), RegCloseKey(), RegCopyTreeW(), RegDeleteKeyExW(), RegDeleteKeyValueW(), RegisterUncProvider(), registry_callback(), RegOverridePredefKey(), RegpCopyTree(), RegReplaceKeyW(), RegRestoreKeyW(), RegSaveKeyW(), RegSetKeyValueA(), RegSetKeyValueW(), RemoveDirectoryW(), ReplaceFileW(), RSetServiceObjectSecurity(), RtlCreateActivationContext(), RtlCreateTimerQueue(), RtlCreateUserSecurityObject(), RtlCreateUserThread(), RtlDefaultNpAcl(), RtlDeleteCriticalSection(), RtlDeleteResource(), RtlDeleteTimer(), RtlDeleteTimerQueueEx(), RtlDeregisterWaitEx(), RtlImpersonateSelf(), RtlInitializeRXact(), RtlNewSecurityGrantedAccess(), RtlpCloseKeyedEvent(), RtlpExecuteIoWorkItem(), RtlpExecuteWorkItem(), RtlpIoWorkerThreadProc(), RtlpIsIoPending(), RtlpStartWorkerThread(), RtlQueryRegistryValues(), RtlQueueWorkItem(), RtlRegisterWait(), RtlReleaseRelativeName(), RtlSetCurrentDirectory_U(), RXactpCommit(), SampRegCloseKey(), SampRegDeleteKey(), SamrSetSecurityObject(), SaveBootSector(), ScmCheckDriver(), ScmConvertToBootPathName(), ScmGetDriverStatus(), SdbCloseDatabase(), SdbDeletePermLayerKeys(), SdbpCloseMemMappedFile(), SdbpGetPermLayersInternal(), SdbpOpenMemMappedFile(), SdbSetPermLayerKeys(), ServerThread(), SetComputerNameToRegistry(), SetDefaultPagefile(), SetFileAttributesW(), SetFileSecurityW(), SetGeoID(), SetInstallPathValue(), SetLocaleInfoW(), SetMountedDeviceValue(), SetRegistryValue(), SetRosSpecificInfo(), SetSocketInformation(), SetupCopyFile(), SetupCreateSingleDirectory(), SetUserGeoID(), SetValueTest1(), SetValueTest2(), SetVolumeLabelW(), SmExecPgm(), SmLookupSubsystem(), SmpAcquirePrivilege(), SmpConfigureObjectDirectories(), SmpCreateDynamicEnvironmentVariables(), SmpCreateVolumeDescriptors(), SmpDeletePagingFile(), SmpDereferenceSubsystem(), SmpExecPgm(), SmpExecuteImage(), SmpExecuteInitialCommand(), SmpGetPagingFileSize(), SmpGetVolumeFreeSpace(), SmpHandleConnectionRequest(), SmpInit(), SmpInitializeDosDevices(), SmpInitializeKnownDllsInternal(), SmpLoadDataFromRegistry(), SmpLoadSubSystem(), SmpProcessFileRenames(), SmpQueryRegistrySosOption(), SmpReleasePrivilege(), SmpSbCreateSession(), SmpTranslateSystemPartitionInformation(), SockCreateOrReferenceAsyncThread(), SpeakerCleanup(), START_TEST(), StartAuthenticationPort(), test1(), test2(), test3(), test5(), test6(), test7(), test9(), Test_ApphelpCheckRunApp(), Test_EmptyFile(), Test_ImageSection(), test_keyed_events(), Test_KeyFullInformation(), Test_KeyNameInformation(), Test_NoLoadSection(), test_NtOpenKey(), Test_PageFileSection(), Test_recv(), TestCreateOpen_(), TH32CreateSnapshotSectionInitialize(), timer_queue_thread_proc(), UnhandledExceptionFilter(), UnprotectBootIni(), UserServerHardError(), VfatFormat(), VfatxFormat(), Wait_thread_proc(), WaitNamedPipeW(), WIN32close(), WinExec(), WritePartitions(), WSHIoctl_GetInterfaceList(), WSPAccept(), WSPBind(), WSPCloseSocket(), WSPConnect(), WSPDuplicateSocket(), WSPEnumNetworkEvents(), WSPEventSelect(), WSPGetPeerName(), WSPGetSockName(), WSPListen(), WSPRecv(), WSPRecvFrom(), WSPSelect(), WSPSend(), WSPSendTo(), WSPShutdown(), WSPSocket(), and CEnumNTDirectory::~CEnumNTDirectory().

3393 {
3394  /* Call the internal API */
3396 }
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:2740
NTSTATUS NTAPI ObpCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:1726
_In_ HANDLE Handle
Definition: extypes.h:390
NTSTATUS NTAPI NtDuplicateObject ( IN HANDLE  SourceProcessHandle,
IN HANDLE  SourceHandle,
IN HANDLE TargetProcessHandle  OPTIONAL,
OUT PHANDLE TargetHandle  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
IN ULONG  Options 
)

Definition at line 3400 of file obhandle.c.

Referenced by BaseSrvCreatePairWaitHandles(), BaseSrvDestroyPairWaitHandles(), ConSrvAllocateConsole(), ConSrvInheritConsole(), CSR_API(), CsrCreateRemoteThread(), DuplicateHandle(), GRAPHICS_BUFFER_Destroy(), GRAPHICS_BUFFER_Initialize(), GuiApplyUserSettings(), GuiConsoleShowConsoleProperties(), GuiInit(), LsapLogonUser(), RtlpIoWorkerThreadProc(), RtlpIsIoPending(), SmpExecPgm(), SmpExecuteInitialCommand(), SmpLoadSubSystem(), SmpSbCreateSession(), and StuffStdHandle().

3407 {
3408  PEPROCESS SourceProcess, TargetProcess, Target;
3409  HANDLE hTarget;
3411  NTSTATUS Status;
3413  "%s - Duplicating handle: %p for %p into %p.\n",
3414  __FUNCTION__,
3415  SourceHandle,
3416  SourceProcessHandle,
3418 
3419  /* Check if we have a target handle */
3420  if ((TargetHandle) && (PreviousMode != KernelMode))
3421  {
3422  /* Enter SEH */
3423  _SEH2_TRY
3424  {
3425  /* Probe the handle and assume failure */
3427  *TargetHandle = NULL;
3428  }
3430  {
3431  /* Return the exception code */
3433  }
3434  _SEH2_END;
3435  }
3436 
3437  /* Now reference the input handle */
3438  Status = ObReferenceObjectByHandle(SourceProcessHandle,
3440  PsProcessType,
3441  PreviousMode,
3442  (PVOID*)&SourceProcess,
3443  NULL);
3444  if (!NT_SUCCESS(Status)) return Status;
3445 
3446  /* Check if got a target handle */
3447  if (TargetProcessHandle)
3448  {
3449  /* Now reference the output handle */
3452  PsProcessType,
3453  PreviousMode,
3454  (PVOID*)&TargetProcess,
3455  NULL);
3456  if (NT_SUCCESS(Status))
3457  {
3458  /* Use this target process */
3459  Target = TargetProcess;
3460  }
3461  else
3462  {
3463  /* No target process */
3464  Target = NULL;
3465  }
3466  }
3467  else
3468  {
3469  /* No target process */
3470  Status = STATUS_SUCCESS;
3471  Target = NULL;
3472  }
3473 
3474  /* Call the internal routine */
3475  Status = ObDuplicateObject(SourceProcess,
3476  SourceHandle,
3477  Target,
3478  &hTarget,
3479  DesiredAccess,
3481  Options,
3482  PreviousMode);
3483 
3484  /* Check if the caller wanted the return handle */
3485  if (TargetHandle)
3486  {
3487  /* Protect the write to user mode */
3488  _SEH2_TRY
3489  {
3490  /* Write the new handle */
3491  *TargetHandle = hTarget;
3492  }
3494  {
3495  /* Otherwise, get the exception code */
3496  Status = _SEH2_GetExceptionCode();
3497  }
3498  _SEH2_END;
3499  }
3500 
3501  /* Dereference the processes */
3503  "%s - Duplicated handle: %p into %p S %lx\n",
3504  __FUNCTION__,
3505  hTarget,
3507  Status);
3508  if (Target) ObDereferenceObject(Target);
3509  ObDereferenceObject(SourceProcess);
3510  return Status;
3511 }
DWORD *typedef PVOID
Definition: winlogon.h:52
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
return STATUS_SUCCESS
Definition: btrfs.c:2664
#define PROCESS_DUP_HANDLE
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:2740
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
_In_ HANDLE SourceHandle
Definition: obfuncs.h:429
IN POBJECT_ATTRIBUTES PortAttributes IN ACCESS_MASK DesiredAccess
Definition: creport.c:28
enum OPTION_FLAGS Options
Definition: stats.c:44
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:388
#define _SEH2_END
Definition: pseh2_64.h:7
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:557
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_In_ HANDLE _In_opt_ HANDLE TargetProcessHandle
Definition: obfuncs.h:429
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_Must_inspect_result_ typedef _In_ ULONG _In_ BOOLEAN Target
Definition: iotypes.h:1067
#define OB_HANDLE_DEBUG
Definition: ob.h:17
Status
Definition: gdiplustypes.h:24
DWORD *typedef HANDLE
Definition: winlogon.h:52
LONG NTSTATUS
Definition: DriverTester.h:11
#define _SEH2_TRY
Definition: pseh2_64.h:5
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
NTSTATUS NTAPI ObDuplicateObject(IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
Definition: obhandle.c:2200
#define __FUNCTION__
Definition: compiler.h:205
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
Definition: obfuncs.h:429
POBJECT_TYPE PsProcessType
Definition: process.c:20
VOID NTAPI ObClearProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 2023 of file obhandle.c.

Referenced by NtTerminateProcess(), and PspTerminateProcess().

2024 {
2028  BOOLEAN AttachedToProcess = FALSE;
2029 
2030  ASSERT(Process);
2031 
2032  /* Ensure the handle table doesn't go away while we use it */
2033  HandleTable = ObReferenceProcessHandleTable(Process);
2034  if (!HandleTable) return;
2035 
2036  /* Attach to the current process if needed */
2037  if (PsGetCurrentProcess() != Process)
2038  {
2039  KeStackAttachProcess(&Process->Pcb, &ApcState);
2040  AttachedToProcess = TRUE;
2041  }
2042 
2043  /* Enter a critical region */
2045 
2046  /* Fill out the context */
2047  Context.AccessMode = UserMode;
2048  Context.HandleTable = HandleTable;
2049 
2050  /* Sweep the handle table to close all handles */
2051  ExSweepHandleTable(HandleTable,
2053  &Context);
2054 
2055  /* Leave the critical region */
2057 
2058  /* Detach if needed */
2059  if (AttachedToProcess)
2060  KeUnstackDetachProcess(&ApcState);
2061 
2062  /* Let the handle table go */
2064 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
#define TRUE
Definition: types.h:120
KAPC_STATE
Definition: ketypes.h:1258
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
PHANDLE_TABLE HandleTable
Definition: ob.h:107
#define FALSE
Definition: types.h:117
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:649
#define PsGetCurrentProcess
Definition: psfuncs.h:17
unsigned char BOOLEAN
#define KeEnterCriticalRegion()
Definition: ke_x.h:83
#define KeLeaveCriticalRegion()
Definition: ke_x.h:114
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:701
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1411
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1192
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
struct tagContext Context
Definition: acpixf.h:1014
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1920
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51
KPROCESSOR_MODE AccessMode
Definition: ob.h:108
NTSTATUS NTAPI ObCloseHandle ( IN HANDLE  Handle,
IN KPROCESSOR_MODE  AccessMode 
)

Definition at line 3369 of file obhandle.c.

Referenced by _IRQL_requires_max_(), CheckDirectorySecurity__(), CheckKeySecurity__(), CmpAddToHiveFileList(), CmpLinkKeyToHive(), CmpRemoveFromHiveFileList(), DbgkCreateThread(), DbgkMapViewOfSection(), DbgkpFreeDebugEvent(), DbgkpOpenHandles(), DbgkpPostFakeModuleMessages(), DbgkpPostFakeThreadMessages(), ExitThreadCallback(), ExpCreateSystemRootLink(), ExpCreateWorkerThread(), ExpInitializeWorkerThreads(), ExpInitNls(), InitThreadCallback(), IntCopyRegistryKey(), IntCreateNewRegistryPath(), IntSetupDeviceSettingsKey(), IoCreateController(), IoCreateDevice(), IoCreateStreamFileObjectEx(), IopDetectResourceConflict(), IopOpenLinkOrRenameTarget(), IopReassignSystemRoot(), IopStoreSystemPartitionInformation(), KernelModeTest(), KmtStartThread(), LpcpCreatePort(), MmCreatePhysicalMemorySection(), NotificationCallback(), NtSecureConnectPort(), NtSetDefaultLocale(), NtSetInformationFile(), NtUserCloseWindowStation(), NtUserCreateDesktop(), PnpRootCreateDevice(), PspCreateProcess(), PspCreateThread(), PspExitThread(), PspInitPhase0(), RawInputThreadMain(), RunTest(), SepRmCommandServerThread(), SepRmCommandServerThreadInit(), SeRmInitPhase1(), START_TEST(), TestAllInformation(), TestConnect(), TestCreateNamedPipe(), TestDuplicate(), TestIoCreateFile(), TestObRootSecurity(), TestPhysicalMemorySection(), TestReadWrite(), TestRelativeNames(), TestSharedCacheMap(), UserModeTest(), UserSetProcessWindowStation(), and xHalIoAssignDriveLetters().

3371 {
3372  /* Call the internal API */
3373  return ObpCloseHandle(Handle, AccessMode);
3374 }
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
NTSTATUS NTAPI ObpCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:1726
_In_ HANDLE Handle
Definition: extypes.h:390
VOID NTAPI ObDereferenceProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 51 of file obhandle.c.

Referenced by ObClearProcessHandleTable(), ObDuplicateObject(), ObFindHandleForObject(), ObGetProcessHandleCount(), and ObInitProcess().

52 {
53  /* Release the process lock */
54  ExReleaseRundownProtection(&Process->RundownProtect);
55 }
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
NTSTATUS NTAPI ObDuplicateObject ( IN PEPROCESS  SourceProcess,
IN HANDLE  SourceHandle,
IN PEPROCESS TargetProcess  OPTIONAL,
IN PHANDLE TargetHandle  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
IN ULONG  Options,
IN KPROCESSOR_MODE  PreviousMode 
)

Definition at line 2200 of file obhandle.c.

Referenced by DbgkpOpenHandles(), and NtDuplicateObject().

2208 {
2209  HANDLE_TABLE_ENTRY NewHandleEntry;
2210  BOOLEAN AttachedToProcess = FALSE;
2211  PVOID SourceObject;
2212  POBJECT_HEADER ObjectHeader;
2214  HANDLE NewHandle;
2216  NTSTATUS Status;
2217  ACCESS_MASK TargetAccess, SourceAccess;
2220  AUX_ACCESS_DATA AuxData;
2223  ULONG AuditMask;
2225 
2226  PAGED_CODE();
2228  "%s - Duplicating handle: %p for %p into %p\n",
2229  __FUNCTION__,
2230  SourceHandle,
2231  SourceProcess,
2232  TargetProcess);
2233 
2234  /* Assume failure */
2235  if (TargetHandle) *TargetHandle = NULL;
2236 
2237  /* Check if we're not duplicating the same access */
2238  if (!(Options & DUPLICATE_SAME_ACCESS))
2239  {
2240  /* Validate the desired access */
2241  Status = STATUS_SUCCESS; //ObpValidateDesiredAccess(DesiredAccess);
2242  if (!NT_SUCCESS(Status)) return Status;
2243  }
2244 
2245  /* Reference the object table */
2246  HandleTable = ObReferenceProcessHandleTable(SourceProcess);
2247  if (!HandleTable) return STATUS_PROCESS_IS_TERMINATING;
2248 
2249  /* Reference the process object */
2251  SourceProcess,
2252  HandleTable,
2253  PreviousMode,
2254  &SourceObject,
2255  &HandleInformation,
2256  &AuditMask);
2257  if (!NT_SUCCESS(Status))
2258  {
2259  /* Fail */
2260  ObDereferenceProcessHandleTable(SourceProcess);
2261  return Status;
2262  }
2263  else
2264  {
2265  /* Check if we have to don't have to audit object close */
2266  if (!(HandleInformation.HandleAttributes & OBJ_AUDIT_OBJECT_CLOSE))
2267  {
2268  /* Then there is no audit mask */
2269  AuditMask = 0;
2270  }
2271  }
2272 
2273  /* Check if there's no target process */
2274  if (!TargetProcess)
2275  {
2276  /* Check if the caller wanted actual duplication */
2278  {
2279  /* Invalid request */
2280  Status = STATUS_INVALID_PARAMETER;
2281  }
2282  else
2283  {
2284  /* Otherwise, do the attach */
2285  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2286 
2287  /* Close the handle and detach */
2289  KeUnstackDetachProcess(&ApcState);
2290  }
2291 
2292  /* Return */
2293  ObDereferenceProcessHandleTable(SourceProcess);
2294  ObDereferenceObject(SourceObject);
2295  return Status;
2296  }
2297 
2298  /* Create a kernel handle if asked, but only in the system process */
2299  if (PreviousMode == KernelMode &&
2301  TargetProcess == PsInitialSystemProcess)
2302  {
2303  KernelHandle = TRUE;
2304  }
2305 
2306  /* Get the target handle table */
2307  HandleTable = ObReferenceProcessHandleTable(TargetProcess);
2308  if (!HandleTable)
2309  {
2310  /* Check if the caller wanted us to close the handle */
2312  {
2313  /* Do the attach */
2314  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2315 
2316  /* Close the handle and detach */
2318  KeUnstackDetachProcess(&ApcState);
2319  }
2320 
2321  /* Return */
2322  ObDereferenceProcessHandleTable(SourceProcess);
2323  ObDereferenceObject(SourceObject);
2325  }
2326 
2327  /* Get the source access */
2328  SourceAccess = HandleInformation.GrantedAccess;
2329 
2330  /* Check if we're not in the target process */
2331  if (TargetProcess != PsGetCurrentProcess())
2332  {
2333  /* Attach to it */
2334  KeStackAttachProcess(&TargetProcess->Pcb, &ApcState);
2335  AttachedToProcess = TRUE;
2336  }
2337 
2338  /* Check if we're duplicating the attributes */
2340  {
2341  /* Duplicate them */
2342  HandleAttributes = HandleInformation.HandleAttributes;
2343  }
2344  else
2345  {
2346  /* Don't allow caller to bypass auditing */
2347  HandleAttributes |= HandleInformation.HandleAttributes &
2349  }
2350 
2351  /* Check if we're duplicating the access */
2352  if (Options & DUPLICATE_SAME_ACCESS) DesiredAccess = SourceAccess;
2353 
2354  /* Get object data */
2355  ObjectHeader = OBJECT_TO_OBJECT_HEADER(SourceObject);
2356  ObjectType = ObjectHeader->Type;
2357 
2358  /* Fill out the entry */
2359  RtlZeroMemory(&NewHandleEntry, sizeof(HANDLE_TABLE_ENTRY));
2360  NewHandleEntry.Object = ObjectHeader;
2361  NewHandleEntry.ObAttributes |= (HandleAttributes & OBJ_HANDLE_ATTRIBUTES);
2362 
2363  /* Check if we're using a generic mask */
2365  {
2366  /* Map it */
2368  &ObjectType->TypeInfo.GenericMapping);
2369  }
2370 
2371  /* Set the target access, always propagate ACCESS_SYSTEM_SECURITY */
2372  TargetAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
2374  NewHandleEntry.GrantedAccess = TargetAccess;
2375 
2376  /* Check if we're asking for new access */
2377  if (TargetAccess & ~SourceAccess)
2378  {
2379  /* We are. We need the security procedure to validate this */
2381  {
2382  /* Use our built-in access state */
2383  PassedAccessState = &AccessState;
2384  Status = SeCreateAccessState(&AccessState,
2385  &AuxData,
2386  TargetAccess,
2387  &ObjectType->TypeInfo.GenericMapping);
2388  }
2389  else
2390  {
2391  /* Otherwise we can't allow this privilege elevation */
2392  Status = STATUS_ACCESS_DENIED;
2393  }
2394  }
2395  else
2396  {
2397  /* We don't need an access state */
2398  Status = STATUS_SUCCESS;
2399  }
2400 
2401  /* Make sure the access state was created OK */
2402  if (NT_SUCCESS(Status))
2403  {
2404  /* Add a new handle */
2405  Status = ObpIncrementHandleCount(SourceObject,
2406  PassedAccessState,
2407  PreviousMode,
2411  }
2412 
2413  /* Check if we were attached */
2414  if (AttachedToProcess)
2415  {
2416  /* We can safely detach now */
2417  KeUnstackDetachProcess(&ApcState);
2418  AttachedToProcess = FALSE;
2419  }
2420 
2421  /* Check if we have to close the source handle */
2423  {
2424  /* Attach and close */
2425  KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2427  KeUnstackDetachProcess(&ApcState);
2428  }
2429 
2430  /* Check if we had an access state */
2431  if (PassedAccessState) SeDeleteAccessState(PassedAccessState);
2432 
2433  /* Now check if incrementing actually failed */
2434  if (!NT_SUCCESS(Status))
2435  {
2436  /* Dereference handle tables */
2437  ObDereferenceProcessHandleTable(SourceProcess);
2438  ObDereferenceProcessHandleTable(TargetProcess);
2439 
2440  /* Dereference the source object */
2441  ObDereferenceObject(SourceObject);
2442  return Status;
2443  }
2444 
2445  /* Now create the handle */
2446  NewHandle = ExCreateHandle(HandleTable, &NewHandleEntry);
2447  if (!NewHandle)
2448  {
2449  /* Undo the increment */
2450  ObpDecrementHandleCount(SourceObject,
2451  TargetProcess,
2452  TargetAccess,
2453  ObjectType);
2454 
2455  /* Deference the object and set failure status */
2456  ObDereferenceObject(SourceObject);
2458  }
2459 
2460  /* Mark it as a kernel handle if requested */
2461  if (KernelHandle)
2462  {
2463  NewHandle = ObMarkHandleAsKernelHandle(NewHandle);
2464  }
2465 
2466  /* Return the handle */
2468 
2469  /* Dereference handle tables */
2470  ObDereferenceProcessHandleTable(SourceProcess);
2471  ObDereferenceProcessHandleTable(TargetProcess);
2472 
2473  /* Return status */
2475  "%s - Duplicated handle: %p for %p into %p. Source: %p HC PC %lx %lx\n",
2476  __FUNCTION__,
2477  NewHandle,
2478  SourceProcess,
2479  TargetProcess,
2480  SourceObject,
2481  ObjectHeader->PointerCount,
2482  ObjectHeader->HandleCount);
2483  return Status;
2484 }
DWORD *typedef PVOID
Definition: winlogon.h:52
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define DUPLICATE_CLOSE_SOURCE
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
#define TRUE
Definition: types.h:120
NTSTATUS NTAPI SeCreateAccessState(IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:435
KAPC_STATE
Definition: ketypes.h:1258
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
HANDLE KernelHandle
Definition: legacy.c:24
ULONG_PTR ObAttributes
Definition: extypes.h:600
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
return STATUS_SUCCESS
Definition: btrfs.c:2664
struct _ACPI_EFI_FILE_HANDLE ** NewHandle
Definition: acefiex.h:335
#define GENERIC_ACCESS
Definition: wlx.c:26
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
LONG PointerCount
Definition: obtypes.h:481
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
_In_ HANDLE SourceHandle
Definition: obfuncs.h:429
IN POBJECT_ATTRIBUTES PortAttributes IN ACCESS_MASK DesiredAccess
Definition: creport.c:28
enum OPTION_FLAGS Options
Definition: stats.c:44
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:787
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
#define DUPLICATE_SAME_ACCESS
ACCESS_MASK GrantedAccess
Definition: iotypes.h:158
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:649
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:808
LONG HandleCount
Definition: obtypes.h:484
smooth NULL
Definition: ftsmooth.c:557
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:527
unsigned char BOOLEAN
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:75
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3392
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:488
ULONG GrantedAccess
Definition: extypes.h:606
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:139
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define PAGED_CODE()
Definition: video.h:57
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle(IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
Definition: obhandle.c:88
#define OB_HANDLE_DEBUG
Definition: ob.h:17
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
Status
Definition: gdiplustypes.h:24
DWORD *typedef HANDLE
Definition: winlogon.h:52
LONG NTSTATUS
Definition: DriverTester.h:11
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:701
OB_SECURITY_METHOD SecurityProcedure
Definition: obtypes.h:371
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1411
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
VOID NTAPI SeDeleteAccessState(IN PACCESS_STATE AccessState)
Definition: access.c:456
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
PVOID Object
Definition: extypes.h:599
#define __FUNCTION__
Definition: compiler.h:205
POBJECT_TYPE Type
Definition: obtypes.h:487
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
ObjectType
Definition: metafile.c:278
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
Definition: obfuncs.h:429
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
BOOLEAN NTAPI ObFindHandleForObject ( IN PEPROCESS  Process,
IN PVOID  Object,
IN POBJECT_TYPE  ObjectType,
IN POBJECT_HANDLE_INFORMATION  HandleInformation,
OUT PHANDLE  Handle 
)

Definition at line 2846 of file obhandle.c.

Referenced by IntGetDesktopObjectHandle(), and IntParseDesktopPath().

2851 {
2852  OBP_FIND_HANDLE_DATA FindData;
2853  BOOLEAN Result = FALSE;
2854  PVOID ObjectTable;
2855 
2856  /* Make sure we have an object table */
2857  ObjectTable = ObReferenceProcessHandleTable(Process);
2858  if (ObjectTable)
2859  {
2860  /* Check if we have an object */
2861  if (Object)
2862  {
2863  /* Set its header */
2865  }
2866  else
2867  {
2868  /* Otherwise, no object to match*/
2869  FindData.ObjectHeader = NULL;
2870  }
2871 
2872  /* Set other information */
2873  FindData.ObjectType = ObjectType;
2875 
2876  /* Enumerate the handle table */
2877  if (ExEnumHandleTable(Process->ObjectTable,
2879  &FindData,
2880  Handle))
2881  {
2882  /* Set success */
2883  Result = TRUE;
2884  }
2885 
2886  /* Let go of the table */
2888  }
2889 
2890  /* Return the result */
2891  return Result;
2892 }
DWORD *typedef PVOID
Definition: winlogon.h:52
POBJECT_HEADER ObjectHeader
Definition: ob.h:113
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
#define TRUE
Definition: types.h:120
POBJECT_TYPE ObjectType
Definition: ob.h:114
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define FALSE
Definition: types.h:117
smooth NULL
Definition: ftsmooth.c:557
POBJECT_HANDLE_INFORMATION HandleInformation
Definition: ob.h:115
_In_ HANDLE Handle
Definition: extypes.h:390
unsigned char BOOLEAN
BOOLEAN NTAPI ObpEnumFindHandleProcedure(IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:214
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
static IUnknown Object
Definition: main.c:512
BOOLEAN NTAPI ExEnumHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_ENUM_HANDLE_CALLBACK EnumHandleProcedure, IN OUT PVOID Context, OUT PHANDLE EnumHandle OPTIONAL)
Definition: handle.c:1231
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
ObjectType
Definition: metafile.c:278
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51
ULONG NTAPI ObGetProcessHandleCount ( IN PEPROCESS  Process)

Definition at line 59 of file obhandle.c.

Referenced by NtQueryInformationProcess(), and QSI_DEF().

60 {
61  ULONG HandleCount;
63 
64  ASSERT(Process);
65 
66  /* Ensure the handle table doesn't go away while we use it */
68 
69  if (HandleTable != NULL)
70  {
71  /* Count the number of handles the process has */
72  HandleCount = HandleTable->HandleCount;
73 
74  /* Let the handle table go */
76  }
77  else
78  {
79  /* No handle table, no handles */
80  HandleCount = 0;
81  }
82 
83  return HandleCount;
84 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
smooth NULL
Definition: ftsmooth.c:557
LONG HandleCount
Definition: extypes.h:644
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
unsigned int ULONG
Definition: retypes.h:1
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51
NTSTATUS NTAPI ObInitProcess ( IN PEPROCESS Parent  OPTIONAL,
IN PEPROCESS  Process 
)

Definition at line 2086 of file obhandle.c.

Referenced by PspCreateProcess().

2088 {
2089  PHANDLE_TABLE ParentTable, ObjectTable;
2090 
2091  /* Check for a parent */
2092  if (Parent)
2093  {
2094  /* Reference the parent's table */
2095  ParentTable = ObReferenceProcessHandleTable(Parent);
2096  if (!ParentTable) return STATUS_PROCESS_IS_TERMINATING;
2097 
2098  /* Duplicate it */
2099  ObjectTable = ExDupHandleTable(Process,
2100  ParentTable,
2102  OBJ_INHERIT);
2103  }
2104  else
2105  {
2106  /* Otherwise just create a new table */
2107  ParentTable = NULL;
2108  ObjectTable = ExCreateHandleTable(Process);
2109  }
2110 
2111  /* Make sure we have a table */
2112  if (ObjectTable)
2113  {
2114  /* Associate it */
2115  Process->ObjectTable = ObjectTable;
2116 
2117  /* Check for auditing */
2119  {
2120  /* FIXME: TODO */
2121  DPRINT1("Need auditing!\n");
2122  }
2123 
2124  /* Get rid of the old table now */
2125  if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2126 
2127  /* We are done */
2128  return STATUS_SUCCESS;
2129  }
2130  else
2131  {
2132  /* Fail */
2133  Process->ObjectTable = NULL;
2134  if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2136  }
2137 }
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
return STATUS_SUCCESS
Definition: btrfs.c:2664
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:718
smooth NULL
Definition: ftsmooth.c:557
PHANDLE_TABLE NTAPI ExDupHandleTable(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PEX_DUPLICATE_HANDLE_CALLBACK DupHandleProcedure, IN ULONG_PTR Mask)
Definition: handle.c:1032
#define OBJ_INHERIT
Definition: winternl.h:225
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:488
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
Definition: handle.c:761
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
BOOLEAN NTAPI ObpDuplicateHandleCallback(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: obhandle.c:1956
BOOLEAN NTAPI SeDetailedAuditingWithToken(IN PTOKEN Token)
Definition: audit.c:25
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51
NTSTATUS NTAPI ObInsertObject ( IN PVOID  Object,
IN PACCESS_STATE AccessState  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  ObjectPointerBias,
OUT PVOID *NewObject  OPTIONAL,
OUT PHANDLE  Handle 
)

Definition at line 2925 of file obhandle.c.

Referenced by _IRQL_requires_max_(), CmpCreateRegistryRoot(), ExCreateCallback(), HalpDmaAllocateChildAdapter(), IoCreateController(), IoCreateDevice(), IoCreateStreamFileObjectEx(), IopCreateDriver(), LpcpCreatePort(), MmCreatePhysicalMemorySection(), NtCreateDebugObject(), NtCreateDirectoryObject(), NtCreateEvent(), NtCreateEventPair(), NtCreateIoCompletion(), NtCreateJobObject(), NtCreateMutant(), NtCreateProfile(), NtCreateSection(), NtCreateSemaphore(), NtCreateSymbolicLinkObject(), NtCreateTimer(), NtDuplicateToken(), NtOpenThreadTokenEx(), NtSecureConnectPort(), NtUserCreateWindowStation(), ObtCreateObjects(), PspCreateProcess(), PspCreateThread(), SepCreateToken(), SepInitializationPhase1(), and SeSubProcessToken().

2931 {
2932  POBJECT_CREATE_INFORMATION ObjectCreateInfo;
2933  POBJECT_HEADER ObjectHeader;
2936  PVOID InsertObject;
2937  PSECURITY_DESCRIPTOR ParentDescriptor = NULL;
2938  BOOLEAN SdAllocated = FALSE;
2939  POBJECT_HEADER_NAME_INFO ObjectNameInfo;
2941  ACCESS_STATE LocalAccessState;
2942  AUX_ACCESS_DATA AuxData;
2943  OB_OPEN_REASON OpenReason;
2945  NTSTATUS Status = STATUS_SUCCESS, RealStatus;
2946  BOOLEAN IsNewObject;
2947  PAGED_CODE();
2948 
2949  /* Get the Header */
2950  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
2951 
2952  /* Detect invalid insert */
2953  if (!(ObjectHeader->Flags & OB_FLAG_CREATE_INFO))
2954  {
2955  /* Display warning and break into debugger */
2956  DPRINT1("OB: Attempting to insert existing object %p\n", Object);
2957  DbgBreakPoint();
2958 
2959  /* Allow debugger to continue */
2961  return STATUS_INVALID_PARAMETER;
2962  }
2963 
2964  /* Get the create and name info, as well as the object type */
2965  ObjectCreateInfo = ObjectHeader->ObjectCreateInfo;
2966  ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
2967  ObjectType = ObjectHeader->Type;
2968  ObjectName = NULL;
2969 
2970  /* Check if this is an named object */
2971  if ((ObjectNameInfo) && (ObjectNameInfo->Name.Buffer))
2972  {
2973  /* Get the object name */
2974  ObjectName = &ObjectNameInfo->Name;
2975  }
2976 
2977  /* Sanity check */
2978  ASSERT((Handle) ||
2979  ((ObjectPointerBias == 0) &&
2980  (ObjectName == NULL) &&
2981  (ObjectType->TypeInfo.SecurityRequired) &&
2982  (NewObject == NULL)));
2983 
2984  /* Check if the object is unnamed and also doesn't have security */
2985  PreviousMode = KeGetPreviousMode();
2986  if (!(ObjectType->TypeInfo.SecurityRequired) && !(ObjectName))
2987  {
2988  /* Assume failure */
2989  *Handle = NULL;
2990  ObjectHeader->ObjectCreateInfo = NULL;
2991 
2992  /* Create the handle */
2993  Status = ObpCreateUnnamedHandle(Object,
2994  DesiredAccess,
2995  ObjectPointerBias + 1,
2996  ObjectCreateInfo->Attributes,
2997  PreviousMode,
2998  NewObject,
2999  Handle);
3000 
3001  /* Free the create information */
3002  ObpFreeObjectCreateInformation(ObjectCreateInfo);
3003 
3004  /* Release the object name information */
3005  ObpDereferenceNameInfo(ObjectNameInfo);
3006 
3007  /* Remove the extra keep-alive reference */
3009 
3010  /* Return */
3012  "%s - returning Object with PC S: %lx %lx\n",
3013  __FUNCTION__,
3014  ObjectHeader->PointerCount,
3015  Status);
3016  return Status;
3017  }
3018 
3019  /* Check if we didn't get an access state */
3020  if (!AccessState)
3021  {
3022  /* Use our built-in access state */
3023  AccessState = &LocalAccessState;
3024  Status = SeCreateAccessState(&LocalAccessState,
3025  &AuxData,
3026  DesiredAccess,
3027  &ObjectType->TypeInfo.GenericMapping);
3028  if (!NT_SUCCESS(Status))
3029  {
3030  /* Fail */
3031  ObpDereferenceNameInfo(ObjectNameInfo);
3033  return Status;
3034  }
3035  }
3036 
3037  /* Save the security descriptor */
3038  AccessState->SecurityDescriptor = ObjectCreateInfo->SecurityDescriptor;
3039 
3040  /* Validate the access mask */
3042  if (!NT_SUCCESS(Status))
3043  {
3044  /* Fail */
3045  ObpDereferenceNameInfo(ObjectNameInfo);
3047  return Status;
3048  }
3049 
3050  /* Setup a lookup context */
3051  ObpInitializeLookupContext(&Context);
3052  InsertObject = Object;
3053  OpenReason = ObCreateHandle;
3054 
3055  /* Check if the object is named */
3056  if (ObjectName)
3057  {
3058  /* Look it up */
3059  Status = ObpLookupObjectName(ObjectCreateInfo->RootDirectory,
3060  ObjectName,
3061  ObjectCreateInfo->Attributes,
3062  ObjectType,
3063  (ObjectHeader->Flags & OB_FLAG_KERNEL_MODE) ?
3064  KernelMode : UserMode,
3065  ObjectCreateInfo->ParseContext,
3066  ObjectCreateInfo->SecurityQos,
3067  Object,
3068  AccessState,
3069  &Context,
3070  &InsertObject);
3071 
3072  /* Check if we found an object that doesn't match the one requested */
3073  if ((NT_SUCCESS(Status)) && (InsertObject) && (Object != InsertObject))
3074  {
3075  /* This means we're opening an object, not creating a new one */
3076  OpenReason = ObOpenHandle;
3077 
3078  /* Make sure the caller said it's OK to do this */
3079  if (ObjectCreateInfo->Attributes & OBJ_OPENIF)
3080  {
3081  /* He did, but did he want this type? */
3082  if (ObjectType != OBJECT_TO_OBJECT_HEADER(InsertObject)->Type)
3083  {
3084  /* Wrong type, so fail */
3085  Status = STATUS_OBJECT_TYPE_MISMATCH;
3086  }
3087  else
3088  {
3089  /* Right type, so warn */
3090  Status = STATUS_OBJECT_NAME_EXISTS;
3091  }
3092  }
3093  else
3094  {
3095  /* Check if this was a symbolic link */
3096  if (OBJECT_TO_OBJECT_HEADER(InsertObject)->Type ==
3098  {
3099  /* Dereference it */
3100  ObDereferenceObject(InsertObject);
3101  }
3102 
3103  /* Caller wanted to create a new object, fail */
3105  }
3106  }
3107 
3108  /* Check if anything until now failed */
3109  if (!NT_SUCCESS(Status))
3110  {
3111  /* Cleanup after lookup */
3112  ObpReleaseLookupContext(&Context);
3113 
3114  /* Remove query reference that we added */
3115  ObpDereferenceNameInfo(ObjectNameInfo);
3116 
3117  /* Dereference the object and delete the access state */
3119  if (AccessState == &LocalAccessState)
3120  {
3121  /* We used a local one; delete it */
3123  }
3124 
3125  /* Return failure code */
3126  return Status;
3127  }
3128  else
3129  {
3130  /* Check if this is a symbolic link */
3131  if (ObjectType == ObSymbolicLinkType)
3132  {
3133  /* Create the internal name */
3135  }
3136  }
3137  }
3138 
3139  /* Now check if this object is being created */
3140  if (InsertObject == Object)
3141  {
3142  /* Check if it's named or forces security */
3143  if ((ObjectName) || (ObjectType->TypeInfo.SecurityRequired))
3144  {
3145  /* Make sure it's inserted into an object directory */
3146  if ((ObjectNameInfo) && (ObjectNameInfo->Directory))
3147  {
3148  /* Get the current descriptor */
3149  ObGetObjectSecurity(ObjectNameInfo->Directory,
3150  &ParentDescriptor,
3151  &SdAllocated);
3152  }
3153 
3154  /* Now assign it */
3155  Status = ObAssignSecurity(AccessState,
3156  ParentDescriptor,
3157  Object,
3158  ObjectType);
3159 
3160  /* Check if we captured one */
3161  if (ParentDescriptor)
3162  {
3163  /* We did, release it */
3164  ObReleaseObjectSecurity(ParentDescriptor, SdAllocated);
3165  }
3166  else if (NT_SUCCESS(Status))
3167  {
3168  /* Other we didn't, but we were able to use the current SD */
3170  ObjectCreateInfo->ProbeMode,
3171  TRUE);
3172 
3173  /* Clear the current one */
3174  AccessState->SecurityDescriptor =
3175  ObjectCreateInfo->SecurityDescriptor = NULL;
3176  }
3177  }
3178 
3179  /* Check if anything until now failed */
3180  if (!NT_SUCCESS(Status))
3181  {
3182  /* Check if the directory was added */
3183  if (Context.DirectoryLocked)
3184  {
3185  /* Weird case where we need to do a manual delete */
3186  DPRINT1("Unhandled path\n");
3187  ASSERT(FALSE);
3188  }
3189 
3190  /* Cleanup the lookup */
3191  ObpReleaseLookupContext(&Context);
3192 
3193  /* Remove query reference that we added */
3194  ObpDereferenceNameInfo(ObjectNameInfo);
3195 
3196  /* Dereference the object and delete the access state */
3198  if (AccessState == &LocalAccessState)
3199  {
3200  /* We used a local one; delete it */
3202  }
3203 
3204  /* Return failure code */
3205  ASSERT(FALSE);
3206  return Status;
3207  }
3208  }
3209 
3210  /* Save the actual status until here */
3211  RealStatus = Status;
3212 
3213  /* Check if caller wants us to create a handle */
3214  ObjectHeader->ObjectCreateInfo = NULL;
3215  if (Handle)
3216  {
3217  /* Create the handle */
3218  Status = ObpCreateHandle(OpenReason,
3219  InsertObject,
3220  NULL,
3221  AccessState,
3222  ObjectPointerBias + 1,
3223  ObjectCreateInfo->Attributes,
3224  &Context,
3225  PreviousMode,
3226  NewObject,
3227  Handle);
3228  if (!NT_SUCCESS(Status))
3229  {
3230  /* If the object had a name, backout everything */
3231  if (ObjectName) ObpDeleteNameCheck(Object);
3232 
3233  /* Return the status of the failure */
3234  *Handle = NULL;
3235  RealStatus = Status;
3236  }
3237 
3238  /* Remove a query reference */
3239  ObpDereferenceNameInfo(ObjectNameInfo);
3240 
3241  /* Remove the extra keep-alive reference */
3243  }
3244  else
3245  {
3246  /* Otherwise, lock the object */
3247  ObpAcquireObjectLock(ObjectHeader);
3248 
3249  /* And charge quota for the process to make it appear as used */
3250  RealStatus = ObpChargeQuotaForObject(ObjectHeader,
3251  ObjectType,
3252  &IsNewObject);
3253 
3254  /* Release the lock */
3255  ObpReleaseObjectLock(ObjectHeader);
3256 
3257  /* Check if we failed and dereference the object if so */
3258  if (!NT_SUCCESS(RealStatus)) ObDereferenceObject(Object);
3259  }
3260 
3261  /* We can delete the Create Info now */
3262  ObpFreeObjectCreateInformation(ObjectCreateInfo);
3263 
3264  /* Check if we created our own access state and delete it if so */
3265  if (AccessState == &LocalAccessState) SeDeleteAccessState(AccessState);
3266 
3267  /* Return status code */
3269  "%s - returning Object with PC RS/S: %lx %lx %lx\n",
3270  __FUNCTION__,
3271  OBJECT_TO_OBJECT_HEADER(Object)->PointerCount,
3272  RealStatus, Status);
3273  return RealStatus;
3274 }
DWORD *typedef PVOID
Definition: winlogon.h:52
#define STATUS_OBJECT_NAME_COLLISION
Definition: udferr_usr.h:150
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
NTSTATUS NTAPI ObAssignSecurity(IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
Definition: obsecure.c:550
#define TRUE
Definition: types.h:120
NTSTATUS NTAPI SeCreateAccessState(IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:435
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
Type
Definition: Type.h:6
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS NTAPI ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
Definition: obhandle.c:434
return STATUS_SUCCESS
Definition: btrfs.c:2664
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
#define KeGetPreviousMode()
Definition: ketypes.h:1081
#define STATUS_OBJECT_NAME_EXISTS
Definition: ntstatus.h:114
UNICODE_STRING Name
Definition: obtypes.h:433
LONG PointerCount
Definition: obtypes.h:481
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
IN POBJECT_ATTRIBUTES PortAttributes IN ACCESS_MASK DesiredAccess
Definition: creport.c:28
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
void DbgBreakPoint()
Definition: mach.c:558
NTSTATUS NTAPI ObpCreateHandle(IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1494
KPROCESSOR_MODE ProbeMode
Definition: obtypes.h:340
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:766
BOOLEAN DirectoryLocked
Definition: obtypes.h:510
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
#define OBJ_OPENIF
Definition: winternl.h:229
#define FALSE
Definition: types.h:117
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
smooth NULL
Definition: ftsmooth.c:557
FORCEINLINE VOID ObpFreeObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:392
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:344
UCHAR Flags
Definition: obtypes.h:491
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
_In_ HANDLE Handle
Definition: extypes.h:390
unsigned char BOOLEAN
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define STATUS_OBJECT_TYPE_MISMATCH
Definition: ntstatus.h:259
NTSTATUS NTAPI ObpCreateUnnamedHandle(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1309
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
NTSTATUS NTAPI ObpValidateAccessMask(IN PACCESS_STATE AccessState)
Definition: obhandle.c:485
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
#define PAGED_CODE()
Definition: video.h:57
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
static IUnknown Object
Definition: main.c:512
VOID NTAPI ObpCreateSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
Definition: oblink.c:184
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define OB_FLAG_CREATE_INFO
Definition: obtypes.h:97
PSECURITY_QUALITY_OF_SERVICE SecurityQos
Definition: obtypes.h:345
#define OB_HANDLE_DEBUG
Definition: ob.h:17
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
#define OB_FLAG_KERNEL_MODE
Definition: obtypes.h:98
Status
Definition: gdiplustypes.h:24
enum _OB_OPEN_REASON OB_OPEN_REASON
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:255
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:221
LONG NTSTATUS
Definition: DriverTester.h:11
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
VOID NTAPI SeDeleteAccessState(IN PACCESS_STATE AccessState)
Definition: access.c:456
#define DPRINT1
Definition: precomp.h:8
struct tagContext Context
Definition: acpixf.h:1014
POBJECT_TYPE ObSymbolicLinkType
Definition: oblink.c:18
#define __FUNCTION__
Definition: compiler.h:205
POBJECT_TYPE Type
Definition: obtypes.h:487
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71
ObjectType
Definition: metafile.c:278
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
Definition: obname.c:261
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
POBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: obtypes.h:494
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG ObjectPointerBias
Definition: obfuncs.h:71
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
Definition: obname.c:358
BOOLEAN NTAPI ObIsKernelHandle ( IN HANDLE  Handle)

Definition at line 3515 of file obhandle.c.

3516 {
3517  /* Use the inlined version. We know we are in kernel mode. */
3519 }
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:64
_In_ HANDLE Handle
Definition: extypes.h:390
VOID NTAPI ObKillProcess ( IN PEPROCESS  Process)

Definition at line 2156 of file obhandle.c.

Referenced by PspDeleteProcess(), and PspExitThread().

2157 {
2160  BOOLEAN HardErrors;
2161  PAGED_CODE();
2162 
2163  /* Wait for process rundown and then complete it */
2164  ExWaitForRundownProtectionRelease(&Process->RundownProtect);
2165  ExRundownCompleted(&Process->RundownProtect);
2166 
2167  /* Get the object table */
2168  HandleTable = Process->ObjectTable;
2169  if (!HandleTable) return;
2170 
2171  /* Disable hard errors while we close handles */
2172  HardErrors = IoSetThreadHardErrorMode(FALSE);
2173 
2174  /* Enter a critical region */
2176 
2177  /* Fill out the context */
2178  Context.AccessMode = KernelMode;
2179  Context.HandleTable = HandleTable;
2180 
2181  /* Sweep the handle table to close all handles */
2182  ExSweepHandleTable(HandleTable,
2184  &Context);
2185  ASSERT(HandleTable->HandleCount == 0);
2186 
2187  /* Leave the critical region */
2189 
2190  /* Re-enable hard errors */
2191  IoSetThreadHardErrorMode(HardErrors);
2192 
2193  /* Destroy the object table */
2194  Process->ObjectTable = NULL;
2195  ExDestroyHandleTable(HandleTable, NULL);
2196 }
NTKERNELAPI VOID FASTCALL ExRundownCompleted(_Out_ PEX_RUNDOWN_REF RunRef)
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
VOID NTAPI ExDestroyHandleTable(IN PHANDLE_TABLE HandleTable, IN PVOID DestroyHandleProcedure OPTIONAL)
Definition: handle.c:923
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
PHANDLE_TABLE HandleTable
Definition: ob.h:107
#define FALSE
Definition: types.h:117
smooth NULL
Definition: ftsmooth.c:557
NTKERNELAPI VOID FASTCALL ExWaitForRundownProtectionRelease(_Inout_ PEX_RUNDOWN_REF RunRef)
LONG HandleCount
Definition: extypes.h:644
unsigned char BOOLEAN
#define PAGED_CODE()
Definition: video.h:57
BOOLEAN NTAPI IoSetThreadHardErrorMode(IN BOOLEAN HardErrorEnabled)
Definition: error.c:707
#define KeEnterCriticalRegion()
Definition: ke_x.h:83
#define KeLeaveCriticalRegion()
Definition: ke_x.h:114
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1192
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
struct tagContext Context
Definition: acpixf.h:1014
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1920
KPROCESSOR_MODE AccessMode
Definition: ob.h:108
NTSTATUS NTAPI ObOpenObjectByName ( IN POBJECT_ATTRIBUTES  ObjectAttributes,
IN POBJECT_TYPE  ObjectType,
IN KPROCESSOR_MODE  AccessMode,
IN PACCESS_STATE  PassedAccessState,
IN ACCESS_MASK  DesiredAccess,
IN OUT PVOID  ParseContext,
OUT PHANDLE  Handle 
)

Definition at line 2522 of file obhandle.c.

Referenced by CmLoadKey(), CmpLinkHiveToMaster(), CreateGreenFdo(), ExCreateCallback(), GetObjectType(), IntParseDesktopPath(), IoFastQueryNetworkAttributes(), IopCreateFile(), IopQueryAttributesFile(), NtCreateKey(), NtDeleteFile(), NtOpenDirectoryObject(), NtOpenEvent(), NtOpenEventPair(), NtOpenIoCompletion(), NtOpenJobObject(), NtOpenKey(), NtOpenMutant(), NtOpenProcess(), NtOpenSection(), NtOpenSemaphore(), NtOpenSymbolicLinkObject(), NtOpenThread(), NtOpenTimer(), NtQueryOpenSubKeys(), NtUnloadKey2(), NtUserCreateDesktop(), NtUserCreateWindowStation(), NtUserOpenDesktop(), NtUserOpenWindowStation(), ObtCreateObjectTypes(), and START_TEST().

2529 {
2530  PVOID Object = NULL;
2532  NTSTATUS Status, Status2;
2533  POBJECT_HEADER ObjectHeader;
2535  OB_OPEN_REASON OpenReason;
2536  POB_TEMP_BUFFER TempBuffer;
2537  PAGED_CODE();
2538 
2539  /* Assume failure */
2540  *Handle = NULL;
2541 
2542  /* Check if we didn't get any Object Attributes */
2543  if (!ObjectAttributes)
2544  {
2545  /* Fail with special status code */
2546  return STATUS_INVALID_PARAMETER;
2547  }
2548 
2549  /* Allocate the temporary buffer */
2550  TempBuffer = ExAllocatePoolWithTag(NonPagedPool,
2551  sizeof(OB_TEMP_BUFFER),
2553  if (!TempBuffer) return STATUS_INSUFFICIENT_RESOURCES;
2554 
2555  /* Capture all the info */
2557  AccessMode,
2558  AccessMode,
2559  TRUE,
2560  &TempBuffer->ObjectCreateInfo,
2561  &ObjectName);
2562  if (!NT_SUCCESS(Status))
2563  {
2564  /* Fail */
2566  return Status;
2567  }
2568 
2569  /* Check if we didn't get an access state */
2570  if (!PassedAccessState)
2571  {
2572  /* Try to get the generic mapping if we can */
2573  if (ObjectType) GenericMapping = &ObjectType->TypeInfo.GenericMapping;
2574 
2575  /* Use our built-in access state */
2576  PassedAccessState = &TempBuffer->LocalAccessState;
2577  Status = SeCreateAccessState(&TempBuffer->LocalAccessState,
2578  &TempBuffer->AuxData,
2579  DesiredAccess,
2580  GenericMapping);
2581  if (!NT_SUCCESS(Status)) goto Quickie;
2582  }
2583 
2584  /* Get the security descriptor */
2585  if (TempBuffer->ObjectCreateInfo.SecurityDescriptor)
2586  {
2587  /* Save it in the access state */
2590  }
2591 
2592  /* Validate the access mask */
2594  if (!NT_SUCCESS(Status))
2595  {
2596  /* Cleanup after lookup */
2597  ObpReleaseLookupContext(&TempBuffer->LookupContext);
2598  goto Cleanup;
2599  }
2600 
2601  /* Now do the lookup */
2602  Status = ObpLookupObjectName(TempBuffer->ObjectCreateInfo.RootDirectory,
2603  &ObjectName,
2604  TempBuffer->ObjectCreateInfo.Attributes,
2605  ObjectType,
2606  AccessMode,
2607  ParseContext,
2608  TempBuffer->ObjectCreateInfo.SecurityQos,
2609  NULL,
2611  &TempBuffer->LookupContext,
2612  &Object);
2613  if (!NT_SUCCESS(Status))
2614  {
2615  /* Cleanup after lookup */
2616  ObpReleaseLookupContext(&TempBuffer->LookupContext);
2617  goto Cleanup;
2618  }
2619 
2620  /* Check if this object has create information */
2621  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
2622  if (ObjectHeader->Flags & OB_FLAG_CREATE_INFO)
2623  {
2624  /* Then we are creating a new handle */
2625  OpenReason = ObCreateHandle;
2626 
2627  /* Check if we still have create info */
2628  if (ObjectHeader->ObjectCreateInfo)
2629  {
2630  /* Free it */
2631  ObpFreeObjectCreateInformation(ObjectHeader->
2632  ObjectCreateInfo);
2633  ObjectHeader->ObjectCreateInfo = NULL;
2634  }
2635  }
2636  else
2637  {
2638  /* Otherwise, we are merely opening it */
2639  OpenReason = ObOpenHandle;
2640  }
2641 
2642  /* Check if we have invalid object attributes */
2643  if (ObjectHeader->Type->TypeInfo.InvalidAttributes &
2644  TempBuffer->ObjectCreateInfo.Attributes)
2645  {
2646  /* Set failure code */
2647  Status = STATUS_INVALID_PARAMETER;
2648 
2649  /* Cleanup after lookup */
2650  ObpReleaseLookupContext(&TempBuffer->LookupContext);
2651 
2652  /* Dereference the object */
2653  ObDereferenceObject(Object);
2654  }
2655  else
2656  {
2657  /* Create the actual handle now */
2658  Status2 = ObpCreateHandle(OpenReason,
2659  Object,
2660  ObjectType,
2662  0,
2663  TempBuffer->ObjectCreateInfo.Attributes,
2664  &TempBuffer->LookupContext,
2665  AccessMode,
2666  NULL,
2667  Handle);
2668  if (!NT_SUCCESS(Status2))
2669  {
2670  ObDereferenceObject(Object);
2671  Status = Status2;
2672  }
2673  }
2674 
2675 Cleanup:
2676  /* Delete the access state */
2677  if (PassedAccessState == &TempBuffer->LocalAccessState)
2678  {
2680  }
2681 
2682 Quickie:
2683  /* Release the object attributes and temporary buffer */
2685  if (ObjectName.Buffer) ObpFreeObjectNameBuffer(&ObjectName);
2687 
2688  /* Return status */
2690  "%s - returning Object %p with PC S: %lx %lx\n",
2691  __FUNCTION__,
2692  Object,
2693  Object ? OBJECT_TO_OBJECT_HEADER(Object)->PointerCount : -1,
2694  Status);
2695  return Status;
2696 }
DWORD *typedef PVOID
Definition: winlogon.h:52
#define TAG_OB_TEMP_STORAGE
Definition: ob.h:150
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: setypes.h:207
#define TRUE
Definition: types.h:120
NTSTATUS NTAPI SeCreateAccessState(IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:435
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
OBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: ob.h:154
VOID NTAPI ObpFreeObjectNameBuffer(IN PUNICODE_STRING Name)
Definition: oblife.c:347
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71
FORCEINLINE VOID ObpReleaseObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:296
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
IN POBJECT_ATTRIBUTES PortAttributes IN ACCESS_MASK DesiredAccess
Definition: creport.c:28
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
NTSTATUS NTAPI ObpCreateHandle(IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1494
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
smooth NULL
Definition: ftsmooth.c:557
FORCEINLINE VOID ObpFreeObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:392
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:344
UCHAR Flags
Definition: obtypes.h:491
_In_ HANDLE Handle
Definition: extypes.h:390
ACCESS_STATE LocalAccessState
Definition: ob.h:153
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
NTSTATUS NTAPI ObpValidateAccessMask(IN PACCESS_STATE AccessState)
Definition: obhandle.c:485
#define PAGED_CODE()
Definition: video.h:57
static IUnknown Object
Definition: main.c:512
#define OB_FLAG_CREATE_INFO
Definition: obtypes.h:97
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSECURITY_QUALITY_OF_SERVICE SecurityQos
Definition: obtypes.h:345
#define OB_HANDLE_DEBUG
Definition: ob.h:17
static const WCHAR Cleanup[]
Definition: register.c:65
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
AUX_ACCESS_DATA AuxData
Definition: ob.h:156
Status
Definition: gdiplustypes.h:24
enum _OB_OPEN_REASON OB_OPEN_REASON
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:255
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
LONG NTSTATUS
Definition: DriverTester.h:11
NTSTATUS NTAPI ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
Definition: oblife.c:456
OBP_LOOKUP_CONTEXT LookupContext
Definition: ob.h:155
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
VOID NTAPI SeDeleteAccessState(IN PACCESS_STATE AccessState)
Definition: access.c:456
#define __FUNCTION__
Definition: compiler.h:205
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1097
POBJECT_TYPE Type
Definition: obtypes.h:487
ObjectType
Definition: metafile.c:278
POBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: obtypes.h:494
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
Definition: obname.c:358
NTSTATUS NTAPI ObOpenObjectByPointer ( IN PVOID  Object,
IN ULONG  HandleAttributes,
IN PACCESS_STATE  PassedAccessState,
IN ACCESS_MASK  DesiredAccess,
IN POBJECT_TYPE  ObjectType,
IN KPROCESSOR_MODE  AccessMode,
OUT PHANDLE  Handle 
)

Definition at line 2732 of file obhandle.c.

Referenced by AfdBindSocket(), DbgkOpenProcessDebugPort(), DbgkpOpenHandles(), IntGetDesktopObjectHandle(), NtOpenProcess(), NtOpenProcessTokenEx(), NtOpenThread(), NtOpenThreadTokenEx(), NtUserOpenInputDesktop(), SerenumDetectLegacyDevice(), SerenumDetectPnpDevice(), SermouseDetectLegacyDevice(), START_TEST(), and WmipOpenGuidObject().

2739 {
2741  NTSTATUS Status;
2743  AUX_ACCESS_DATA AuxData;
2744  PAGED_CODE();
2745 
2746  /* Assume failure */
2747  *Handle = NULL;
2748 
2749  /* Reference the object */
2751  0,
2752  ObjectType,
2753  AccessMode);
2754  if (!NT_SUCCESS(Status)) return Status;
2755 
2756  /* Get the Header Info */
2757  Header = OBJECT_TO_OBJECT_HEADER(Object);
2758 
2759  /* Check if we didn't get an access state */
2760  if (!PassedAccessState)
2761  {
2762  /* Use our built-in access state */
2764  Status = SeCreateAccessState(&AccessState,
2765  &AuxData,
2766  DesiredAccess,
2767  &Header->Type->TypeInfo.GenericMapping);
2768  if (!NT_SUCCESS(Status))
2769  {
2770  /* Fail */
2772  return Status;
2773  }
2774  }
2775 
2776  /* Check if we have invalid object attributes */
2778  {
2779  /* Delete the access state */
2780  if (PassedAccessState == &AccessState)
2781  {
2783  }
2784 
2785  /* Dereference the object */
2787  return STATUS_INVALID_PARAMETER;
2788  }
2789 
2790  /* Create the handle */
2791  Status = ObpCreateHandle(ObOpenHandle,
2792  Object,
2793  ObjectType,
2795  0,
2797  NULL,
2798  AccessMode,
2799  NULL,
2800  Handle);
2801  if (!NT_SUCCESS(Status)) ObDereferenceObject(Object);
2802 
2803  /* Delete the access state */
2804  if (PassedAccessState == &AccessState)
2805  {
2807  }
2808 
2809  /* Return */
2811  "%s - returning Object with PC S: %lx %lx\n",
2812  __FUNCTION__,
2813  OBJECT_TO_OBJECT_HEADER(Object)->PointerCount,
2814  Status);
2815  return Status;
2816 }
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
NTSTATUS NTAPI SeCreateAccessState(IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:435
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
IN POBJECT_ATTRIBUTES PortAttributes IN ACCESS_MASK DesiredAccess
Definition: creport.c:28
NTSTATUS NTAPI ObpCreateHandle(IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1494
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
Definition: Header.h:8
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
smooth NULL
Definition: ftsmooth.c:557
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
Definition: obref.c:275
_In_ HANDLE Handle
Definition: extypes.h:390
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
#define PAGED_CODE()
Definition: video.h:57
static IUnknown Object
Definition: main.c:512
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define OB_HANDLE_DEBUG
Definition: ob.h:17
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
Status
Definition: gdiplustypes.h:24
LONG NTSTATUS
Definition: DriverTester.h:11
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
VOID NTAPI SeDeleteAccessState(IN PACCESS_STATE AccessState)
Definition: access.c:456
#define __FUNCTION__
Definition: compiler.h:205
POBJECT_TYPE Type
Definition: obtypes.h:487
ObjectType
Definition: metafile.c:278
NTSTATUS NTAPI ObpChargeQuotaForObject ( IN POBJECT_HEADER  ObjectHeader,
IN POBJECT_TYPE  ObjectType,
OUT PBOOLEAN  NewObject 
)

Definition at line 434 of file obhandle.c.

Referenced by ObInsertObject(), ObpIncrementHandleCount(), and ObpIncrementUnnamedHandleCount().

437 {
438  POBJECT_HEADER_QUOTA_INFO ObjectQuota;
439  ULONG PagedPoolCharge, NonPagedPoolCharge;
440 
441  /* Get quota information */
442  ObjectQuota = OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader);
443  *NewObject = FALSE;
444 
445  /* Check if this is a new object */
446  if (ObjectHeader->Flags & OB_FLAG_CREATE_INFO)
447  {
448  /* Remove the flag */
449  ObjectHeader->Flags &= ~ OB_FLAG_CREATE_INFO;
450  if (ObjectQuota)
451  {
452  /* We have a quota, get the charges */
453  PagedPoolCharge = ObjectQuota->PagedPoolCharge;
454  NonPagedPoolCharge = ObjectQuota->NonPagedPoolCharge;
455  }
456  else
457  {
458  /* Get it from the object type */
459  PagedPoolCharge = ObjectType->TypeInfo.DefaultPagedPoolCharge;
460  NonPagedPoolCharge = ObjectType->TypeInfo.DefaultNonPagedPoolCharge;
461  }
462 
463  /* Charge the quota */
464  ObjectHeader->QuotaBlockCharged = (PVOID)1;
465  DPRINT("FIXME: Should charge: %lx %lx\n", PagedPoolCharge, NonPagedPoolCharge);
466 #if 0
467  PsChargeSharedPoolQuota(PsGetCurrentProcess(),
468  PagedPoolCharge,
469  NonPagedPoolCharge);
470 #endif
471 
472  /* Check if we don't have a quota block */
473  if (!ObjectHeader->QuotaBlockCharged) return STATUS_QUOTA_EXCEEDED;
474 
475  /* Now set the flag */
476  *NewObject = TRUE;
477  }
478 
479  /* Return success */
480  return STATUS_SUCCESS;
481 }
DWORD *typedef PVOID
Definition: winlogon.h:52
#define TRUE
Definition: types.h:120
#define STATUS_QUOTA_EXCEEDED
Definition: ntstatus.h:290
return STATUS_SUCCESS
Definition: btrfs.c:2664
#define FALSE
Definition: types.h:117
#define PsGetCurrentProcess
Definition: psfuncs.h:17
void DPRINT(...)
Definition: polytest.cpp:61
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
Definition: obtypes.h:122
#define OB_FLAG_CREATE_INFO
Definition: obtypes.h:97
unsigned int ULONG
Definition: retypes.h:1
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71
ObjectType
Definition: metafile.c:278
NTSTATUS NTAPI ObpCloseHandle ( IN HANDLE  Handle,
IN KPROCESSOR_MODE  AccessMode 
)

Definition at line 1726 of file obhandle.c.

Referenced by NtClose(), and ObCloseHandle().

1728 {
1730  BOOLEAN AttachedToProcess = FALSE;
1732  PHANDLE_TABLE_ENTRY HandleTableEntry;
1733  NTSTATUS Status;
1735  PAGED_CODE();
1737  "%s - Closing handle: %p\n", __FUNCTION__, Handle);
1738 
1739  if (AccessMode == KernelMode && Handle == (HANDLE)-1)
1740  return STATUS_INVALID_HANDLE;
1741 
1742  /* Check if we're dealing with a kernel handle */
1744  {
1745  /* Use the kernel table and convert the handle */
1746  HandleTable = ObpKernelHandleTable;
1748 
1749  /* Check if we're not in the system process */
1750  if (Process != PsInitialSystemProcess)
1751  {
1752  /* Attach to the system process */
1754  AttachedToProcess = TRUE;
1755  }
1756  }
1757  else
1758  {
1759  /* Use the process's handle table */
1760  HandleTable = Process->ObjectTable;
1761  }
1762 
1763  /* Enter a critical region to protect handle access */
1765 
1766  /* Get the handle entry */
1767  HandleTableEntry = ExMapHandleToPointer(HandleTable, Handle);
1768  if (HandleTableEntry)
1769  {
1770  /* Now close the entry */
1771  Status = ObpCloseHandleTableEntry(HandleTable,
1772  HandleTableEntry,
1773  Handle,
1774  AccessMode,
1775  FALSE);
1776 
1777  /* We can quit the critical region now */
1779 
1780  /* Detach and return success */
1781  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1782  }
1783  else
1784  {
1785  /* We failed, quit the critical region */
1787 
1788  /* Detach */
1789  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1790 
1791  /* Check if we have a valid handle that's not the process or thread */
1792  if ((Handle) &&
1793  (Handle != NtCurrentProcess()) &&
1794  (Handle != NtCurrentThread()))
1795  {
1796  /* Check if we came from user mode */
1797  if (AccessMode != KernelMode)
1798  {
1799  /* Check if we have no debug port */
1800  if (Process->DebugPort)
1801  {
1802  /* Make sure we're not attached */
1803  if (!KeIsAttachedProcess())
1804  {
1805  /* Raise an exception */
1807  }
1808  }
1809  }
1810  else
1811  {
1812  /* This is kernel mode. Check if we're exiting */
1814  (Process->Peb))
1815  {
1816  /* Check if the debugger is enabled */
1817  if (KdDebuggerEnabled)
1818  {
1819  /* Bugcheck */
1820  KeBugCheckEx(INVALID_KERNEL_HANDLE, (ULONG_PTR)Handle, 1, 0, 0);
1821  }
1822  }
1823  }
1824  }
1825 
1826  /* Set invalid status */
1827  Status = STATUS_INVALID_HANDLE;
1828  }
1829 
1830  /* Return status */
1832  "%s - Closed handle: %p S: %lx\n",
1833  __FUNCTION__, Handle, Status);
1834  return Status;
1835 }
DWORD *typedef PVOID
Definition: winlogon.h:52
#define TRUE
Definition: types.h:120
KAPC_STATE
Definition: ketypes.h:1258
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
Definition: handle.c:1006
#define NtCurrentThread()
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:64
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:231
uint32_t ULONG_PTR
Definition: typedefs.h:63
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:649
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
BOOLEAN NTAPI KeIsAttachedProcess(VOID)
Definition: procobj.c:638
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
struct _PEB * Peb
Definition: pstypes.h:1276
BOOLEAN KdDebuggerEnabled
Definition: kdmain.c:16
#define NtCurrentProcess()
Definition: nt_native.h:1657
_In_ HANDLE Handle
Definition: extypes.h:390
unsigned char BOOLEAN
NTSTATUS NTAPI ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
Definition: obhandle.c:682
#define PAGED_CODE()
Definition: video.h:57
#define KeEnterCriticalRegion()
Definition: ke_x.h:83
#define OB_HANDLE_DEBUG
Definition: ob.h:17
KPROCESS Pcb
Definition: pstypes.h:1194
Status
Definition: gdiplustypes.h:24
NTSTATUS NTAPI KeRaiseUserException(IN NTSTATUS ExceptionCode)
Definition: except.c:393
PHANDLE_TABLE ObjectTable
Definition: pstypes.h:1218
DWORD *typedef HANDLE
Definition: winlogon.h:52
LONG NTSTATUS
Definition: DriverTester.h:11
#define KeLeaveCriticalRegion()
Definition: ke_x.h:114
PVOID DebugPort
Definition: pstypes.h:1207
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:701
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1411
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define __FUNCTION__
Definition: compiler.h:205
#define ObKernelHandleToHandle(Handle)
Definition: ob.h:73
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
Definition: thread.c:868
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:90
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
BOOLEAN NTAPI ObpCloseHandleCallback ( IN PHANDLE_TABLE_ENTRY  HandleTableEntry,
IN HANDLE  Handle,
IN PVOID  Context 
)

Definition at line 1920 of file obhandle.c.

Referenced by ObClearProcessHandleTable(), and ObKillProcess().

1923 {
1925 
1926  /* Simply decrement the handle count */
1927  ObpCloseHandleTableEntry(CloseContext->HandleTable,
1928  HandleTableEntry,
1929  Handle,
1930  CloseContext->AccessMode,
1931  TRUE);
1932  return TRUE;
1933 }
#define TRUE
Definition: types.h:120
PHANDLE_TABLE HandleTable
Definition: ob.h:107
struct _OBP_CLOSE_HANDLE_CONTEXT * POBP_CLOSE_HANDLE_CONTEXT
_In_ HANDLE Handle
Definition: extypes.h:390
NTSTATUS NTAPI ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
Definition: obhandle.c:682
KPROCESSOR_MODE AccessMode
Definition: ob.h:108
NTSTATUS NTAPI ObpCloseHandleTableEntry ( IN PHANDLE_TABLE  HandleTable,
IN PHANDLE_TABLE_ENTRY  HandleEntry,
IN HANDLE  Handle,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  IgnoreHandleProtection 
)

Definition at line 682 of file obhandle.c.

Referenced by ObpCloseHandle(), and ObpCloseHandleCallback().

687 {
688  PVOID Body;
690  POBJECT_HEADER ObjectHeader;
692  KIRQL CalloutIrql;
693  PAGED_CODE();
694 
695  /* Get the object data */
696  ObjectHeader = ObpGetHandleObject(HandleEntry);
697  ObjectType = ObjectHeader->Type;
698  Body = &ObjectHeader->Body;
699  GrantedAccess = HandleEntry->GrantedAccess;
701  "%s - Closing handle: %p for %p. HC PC %lx %lx\n",
702  __FUNCTION__,
703  Handle,
704  Body,
705  ObjectHeader->HandleCount,
706  ObjectHeader->PointerCount);
707 
708  /* Check if the object has an Okay To Close procedure */
709  if (ObjectType->TypeInfo.OkayToCloseProcedure)
710  {
711  /* Call it and check if it's not letting us close it */
712  ObpCalloutStart(&CalloutIrql);
714  Body,
715  Handle,
716  AccessMode))
717  {
718  /* Fail */
719  ObpCalloutEnd(CalloutIrql, "NtClose", ObjectType, Body);
722  }
723 
724  /* Success, validate callout retrn */
725  ObpCalloutEnd(CalloutIrql, "NtClose", ObjectType, Body);
726  }
727 
728  /* The callback allowed us to close it, but does the handle itself? */
729  if ((HandleEntry->ObAttributes & OBJ_PROTECT_CLOSE) &&
730  !(IgnoreHandleProtection))
731  {
732  /* It doesn't, are we from user mode? */
733  if (AccessMode != KernelMode)
734  {
735  /* We are! Unlock the entry */
737 
738  /* Make sure we have a debug port */
739  if (PsGetCurrentProcess()->DebugPort)
740  {
741  /* Raise an exception */
743  }
744  else
745  {
746  /* Return the error instead */
748  }
749  }
750  else
751  {
752  /* Otherwise, bugcheck the OS */
753  KeBugCheckEx(INVALID_KERNEL_HANDLE, (ULONG_PTR)Handle, 0, 0, 0);
754  }
755  }
756 
757  /* Destroy and unlock the handle entry */
758  ExDestroyHandle(HandleTable, Handle, HandleEntry);
759 
760  /* Now decrement the handle count */
763  GrantedAccess,
764  ObjectType);
765 
766  /* Dereference the object as well */
767  ObDereferenceObject(Body);
768 
769  /* Return to caller */
771  "%s - Closed handle: %p for %p.\n",
772  __FUNCTION__,
773  Handle,
774  Body);
775  return STATUS_SUCCESS;
776 }
DWORD *typedef PVOID
Definition: winlogon.h:52
BOOLEAN NTAPI ExDestroyHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PHANDLE_TABLE_ENTRY HandleTableEntry OPTIONAL)
Definition: handle.c:944
OB_OKAYTOCLOSE_METHOD OkayToCloseProcedure
Definition: obtypes.h:373
return STATUS_SUCCESS
Definition: btrfs.c:2664
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
LONG PointerCount
Definition: obtypes.h:481
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:883
uint32_t ULONG_PTR
Definition: typedefs.h:63
UCHAR KIRQL
Definition: env_spec_w32.h:591
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
#define PsGetCurrentProcess
Definition: psfuncs.h:17
LONG HandleCount
Definition: obtypes.h:484
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:429
#define ObpGetHandleObject(x)
Definition: ob.h:81
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:527
_In_ HANDLE Handle
Definition: extypes.h:390
#define PAGED_CODE()
Definition: video.h:57
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:437
#define OB_HANDLE_DEBUG
Definition: ob.h:17
#define STATUS_HANDLE_NOT_CLOSABLE
Definition: ntstatus.h:683
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
#define OBJ_PROTECT_CLOSE
Definition: ob.h:49
NTSTATUS NTAPI KeRaiseUserException(IN NTSTATUS ExceptionCode)
Definition: except.c:393
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
#define __FUNCTION__
Definition: compiler.h:205
POBJECT_TYPE Type
Definition: obtypes.h:487
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ObjectType
Definition: metafile.c:278
ULONG ACCESS_MASK
Definition: nt_native.h:40
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:90
NTSTATUS NTAPI ObpCreateHandle ( IN OB_OPEN_REASON  OpenReason,
IN PVOID  Object,
IN POBJECT_TYPE Type  OPTIONAL,
IN PACCESS_STATE  AccessState,
IN ULONG  AdditionalReferences,
IN ULONG  HandleAttributes,
IN POBP_LOOKUP_CONTEXT  Context,
IN KPROCESSOR_MODE  AccessMode,
OUT PVOID ReturnedObject,
OUT PHANDLE  ReturnedHandle 
)

Definition at line 1494 of file obhandle.c.

Referenced by ObInsertObject(), ObOpenObjectByName(), and ObOpenObjectByPointer().

1504 {
1505  HANDLE_TABLE_ENTRY NewEntry;
1506  POBJECT_HEADER ObjectHeader;
1507  HANDLE Handle;
1509  BOOLEAN AttachedToProcess = FALSE, KernelHandle = FALSE;
1512  NTSTATUS Status;
1514  PAUX_ACCESS_DATA AuxData;
1515  PAGED_CODE();
1516 
1517  /* Get the object header and type */
1518  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1519  ObjectType = ObjectHeader->Type;
1521  "%s - Creating handle for: %p. Reason: %lx. HC PC %lx %lx\n",
1522  __FUNCTION__,
1523  Object,
1524  OpenReason,
1525  ObjectHeader->HandleCount,
1526  ObjectHeader->PointerCount);
1527 
1528  /* Check if the types match */
1529  if ((Type) && (ObjectType != Type))
1530  {
1531  /* They don't, cleanup */
1534  }
1535 
1536  /* Save the object header */
1537  NewEntry.Object = ObjectHeader;
1538 
1539  /* Check if this is a kernel handle */
1541  {
1542  /* Set the handle table */
1543  HandleTable = ObpKernelHandleTable;
1544  KernelHandle = TRUE;
1545 
1546  /* Check if we're not in the system process */
1548  {
1549  /* Attach to the system process */
1551  AttachedToProcess = TRUE;
1552  }
1553  }
1554  else
1555  {
1556  /* Get the current handle table */
1557  HandleTable = PsGetCurrentProcess()->ObjectTable;
1558  }
1559 
1560  /* Increment the handle count */
1562  AccessState,
1563  AccessMode,
1566  OpenReason);
1567  if (!NT_SUCCESS(Status))
1568  {
1569  /*
1570  * We failed (meaning security failure, according to NT Internals)
1571  * detach and return
1572  */
1574  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1575  return Status;
1576  }
1577 
1578  /* Check if we are doing audits on close */
1579  if (AccessState->GenerateOnClose)
1580  {
1581  /* Force the attribute on */
1583  }
1584 
1585  /* Mask out the internal attributes */
1587 
1588  /* Get the original desired access */
1589  DesiredAccess = AccessState->RemainingDesiredAccess |
1590  AccessState->PreviouslyGrantedAccess;
1591 
1592  /* Remove what's not in the valid access mask */
1593  GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
1595 
1596  /* Update the value in the access state */
1597  AccessState->PreviouslyGrantedAccess = GrantedAccess;
1598 
1599  /* Get the auxiliary data */
1600  AuxData = AccessState->AuxData;
1601 
1602  /* Handle extra references */
1603  if (AdditionalReferences)
1604  {
1605  /* Add them to the header */
1606  InterlockedExchangeAdd(&ObjectHeader->PointerCount, AdditionalReferences);
1607  }
1608 
1609  /* Now we can release the object */
1611 
1612  /* Save the access mask */
1613  NewEntry.GrantedAccess = GrantedAccess;
1614 
1615  /*
1616  * Create the actual handle. We'll need to do this *after* calling
1617  * ObpIncrementHandleCount to make sure that Object Security is valid
1618  * (specified in Gl00my documentation on Ob)
1619  */
1621  "%s - Handle Properties: [%p-%lx-%lx]\n",
1622  __FUNCTION__,
1623  NewEntry.Object, NewEntry.ObAttributes & 3, NewEntry.GrantedAccess);
1624  Handle = ExCreateHandle(HandleTable, &NewEntry);
1625 
1626  /* Make sure we got a handle */
1627  if (Handle)
1628  {
1629  /* Check if this was a kernel handle */
1630  if (KernelHandle) Handle = ObMarkHandleAsKernelHandle(Handle);
1631 
1632  /* Return it */
1633  *ReturnedHandle = Handle;
1634 
1635  /* Check if we need to generate on audit */
1636  if (AccessState->GenerateAudit)
1637  {
1638  /* Audit the handle creation */
1639  //SeAuditHandleCreation(AccessState, Handle);
1640  }
1641 
1642  /* Check if this was a create */
1643  if (OpenReason == ObCreateHandle)
1644  {
1645  /* Check if we need to audit the privileges */
1646  if ((AuxData->PrivilegeSet) &&
1647  (AuxData->PrivilegeSet->PrivilegeCount))
1648  {
1649  /* Do the audit */
1650 #if 0
1652  &AccessState->
1654  GrantedAccess,
1655  AuxData->PrivilegeSet,
1656  TRUE,
1657  ExGetPreviousMode());
1658 #endif
1659  }
1660  }
1661 
1662  /* Return the new object only if caller wanted it biased */
1663  if ((AdditionalReferences) && (ReturnedObject))
1664  {
1665  /* Return it */
1666  *ReturnedObject = Object;
1667  }
1668 
1669  /* Detach if needed */
1670  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1671 
1672  /* Trace and return */
1674  "%s - Returning Handle: %p HC PC %lx %lx\n",
1675  __FUNCTION__,
1676  Handle,
1677  ObjectHeader->HandleCount,
1678  ObjectHeader->PointerCount);
1679  return STATUS_SUCCESS;
1680  }
1681 
1682  /* Decrement the handle count and detach */
1683  ObpDecrementHandleCount(&ObjectHeader->Body,
1685  GrantedAccess,
1686  ObjectType);
1687 
1688  /* Handle extra references */
1689  if (AdditionalReferences)
1690  {
1691  /* Check how many extra references were added */
1692  if (AdditionalReferences > 1)
1693  {
1694  /* Dereference it many times */
1695  InterlockedExchangeAdd(&ObjectHeader->PointerCount,
1696  -(LONG)(AdditionalReferences - 1));
1697  }
1698 
1699  /* Dereference the object one last time */
1701  }
1702 
1703  /* Detach if necessary and fail */
1704  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1706 }
DWORD *typedef PVOID
Definition: winlogon.h:52
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:187
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define TRUE
Definition: types.h:120
KAPC_STATE
Definition: ketypes.h:1258
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
Type
Definition: Type.h:6
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
HANDLE KernelHandle
Definition: legacy.c:24
ULONG_PTR ObAttributes
Definition: extypes.h:600
return STATUS_SUCCESS
Definition: btrfs.c:2664
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:2740
LONG PointerCount
Definition: obtypes.h:481
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
IN POBJECT_ATTRIBUTES PortAttributes IN ACCESS_MASK DesiredAccess
Definition: creport.c:28
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:787
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:649
long LONG
Definition: pedump.c:60
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:808
LONG HandleCount
Definition: obtypes.h:484
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:527
#define InterlockedExchangeAdd
Definition: interlocked.h:181
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ HANDLE Handle
Definition: extypes.h:390
unsigned char BOOLEAN
#define STATUS_OBJECT_TYPE_MISMATCH
Definition: ntstatus.h:259
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:75
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
ULONG GrantedAccess
Definition: extypes.h:606
#define PAGED_CODE()
Definition: video.h:57
static IUnknown Object
Definition: main.c:512
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define OB_HANDLE_DEBUG
Definition: ob.h:17
KPROCESS Pcb
Definition: pstypes.h:1194
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
Status
Definition: gdiplustypes.h:24
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:255
DWORD *typedef HANDLE
Definition: winlogon.h:52
LONG NTSTATUS
Definition: DriverTester.h:11
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:701
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1411
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
VOID NTAPI SePrivilegeObjectAuditAlarm(IN HANDLE Handle, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE CurrentMode)
Definition: audit.c:845
PVOID Object
Definition: extypes.h:599
#define __FUNCTION__
Definition: compiler.h:205
POBJECT_TYPE Type
Definition: obtypes.h:487
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ObjectType
Definition: metafile.c:278
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
ULONG ACCESS_MASK
Definition: nt_native.h:40
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: sefuncs.h:13
NTSTATUS NTAPI ObpCreateUnnamedHandle ( IN PVOID  Object,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  AdditionalReferences,
IN ULONG  HandleAttributes,
IN KPROCESSOR_MODE  AccessMode,
OUT PVOID ReturnedObject,
OUT PHANDLE  ReturnedHandle 
)

Definition at line 1309 of file obhandle.c.

Referenced by ObInsertObject().

1316 {
1317  HANDLE_TABLE_ENTRY NewEntry;
1318  POBJECT_HEADER ObjectHeader;
1319  HANDLE Handle;
1321  BOOLEAN AttachedToProcess = FALSE, KernelHandle = FALSE;
1323  NTSTATUS Status;
1326  PAGED_CODE();
1327 
1328  /* Get the object header and type */
1329  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1330  ObjectType = ObjectHeader->Type;
1332  "%s - Creating handle for: %p. UNNAMED. HC PC %lx %lx\n",
1333  __FUNCTION__,
1334  Object,
1335  ObjectHeader->HandleCount,
1336  ObjectHeader->PointerCount);
1337 
1338  /* Save the object header */
1339  NewEntry.Object = ObjectHeader;
1340 
1341  /* Mask out the internal attributes */
1343 
1344  /* Check if this is a kernel handle */
1346  {
1347  /* Set the handle table */
1348  HandleTable = ObpKernelHandleTable;
1349  KernelHandle = TRUE;
1350 
1351  /* Check if we're not in the system process */
1353  {
1354  /* Attach to the system process */
1356  AttachedToProcess = TRUE;
1357  }
1358  }
1359  else
1360  {
1361  /* Get the current handle table */
1362  HandleTable = PsGetCurrentProcess()->ObjectTable;
1363  }
1364 
1365  /* Increment the handle count */
1367  &DesiredAccess,
1368  AccessMode,
1371  if (!NT_SUCCESS(Status))
1372  {
1373  /*
1374  * We failed (meaning security failure, according to NT Internals)
1375  * detach and return
1376  */
1377  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1378  return Status;
1379  }
1380 
1381  /* Remove what's not in the valid access mask */
1382  GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
1384 
1385  /* Handle extra references */
1386  if (AdditionalReferences)
1387  {
1388  /* Add them to the header */
1389  InterlockedExchangeAdd(&ObjectHeader->PointerCount,
1390  AdditionalReferences);
1391  }
1392 
1393  /* Save the access mask */
1394  NewEntry.GrantedAccess = GrantedAccess;
1395 
1396  /*
1397  * Create the actual handle. We'll need to do this *after* calling
1398  * ObpIncrementHandleCount to make sure that Object Security is valid
1399  * (specified in Gl00my documentation on Ob)
1400  */
1402  "%s - Handle Properties: [%p-%lx-%lx]\n",
1403  __FUNCTION__,
1404  NewEntry.Object, NewEntry.ObAttributes & 3, NewEntry.GrantedAccess);
1405  Handle = ExCreateHandle(HandleTable, &NewEntry);
1406 
1407  /* Make sure we got a handle */
1408  if (Handle)
1409  {
1410  /* Check if this was a kernel handle */
1411  if (KernelHandle) Handle = ObMarkHandleAsKernelHandle(Handle);
1412 
1413  /* Return handle and object */
1414  *ReturnedHandle = Handle;
1415 
1416  /* Return the new object only if caller wanted it biased */
1417  if ((AdditionalReferences) && (ReturnedObject))
1418  {
1419  /* Return it */
1420  *ReturnedObject = Object;
1421  }
1422 
1423  /* Detach if needed */
1424  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1425 
1426  /* Trace and return */
1428  "%s - Returning Handle: %p HC PC %lx %lx\n",
1429  __FUNCTION__,
1430  Handle,
1431  ObjectHeader->HandleCount,
1432  ObjectHeader->PointerCount);
1433  return STATUS_SUCCESS;
1434  }
1435 
1436  /* Handle extra references */
1437  if (AdditionalReferences)
1438  {
1439  /* Dereference it as many times as required */
1440  InterlockedExchangeAdd(&ObjectHeader->PointerCount,
1441  -(LONG)AdditionalReferences);
1442  }
1443 
1444  /* Decrement the handle count and detach */
1445  ObpDecrementHandleCount(&ObjectHeader->Body,
1447  GrantedAccess,
1448  ObjectType);
1449 
1450  /* Detach and fail */
1451  if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1453 }
DWORD *typedef PVOID
Definition: winlogon.h:52
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define TRUE
Definition: types.h:120
KAPC_STATE
Definition: ketypes.h:1258
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
HANDLE KernelHandle
Definition: legacy.c:24
ULONG_PTR ObAttributes
Definition: extypes.h:600
return STATUS_SUCCESS
Definition: btrfs.c:2664
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
LONG PointerCount
Definition: obtypes.h:481
NTSTATUS NTAPI ObpIncrementUnnamedHandleCount(IN PVOID Object, IN PACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process)
Definition: obhandle.c:1087
IN POBJECT_ATTRIBUTES PortAttributes IN ACCESS_MASK DesiredAccess
Definition: creport.c:28
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:787
#define FALSE
Definition: types.h:117
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:649
long LONG
Definition: pedump.c:60
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
#define PsGetCurrentProcess
Definition: psfuncs.h:17
Definition: extypes.h:595
LONG HandleCount
Definition: obtypes.h:484
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:527
#define InterlockedExchangeAdd
Definition: interlocked.h:181
_In_ HANDLE Handle
Definition: extypes.h:390
unsigned char BOOLEAN
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:75
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
ULONG GrantedAccess
Definition: extypes.h:606
#define PAGED_CODE()
Definition: video.h:57
static IUnknown Object
Definition: main.c:512
#define OB_HANDLE_DEBUG
Definition: ob.h:17
KPROCESS Pcb
Definition: pstypes.h:1194
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
Status
Definition: gdiplustypes.h:24
DWORD *typedef HANDLE
Definition: winlogon.h:52
LONG NTSTATUS
Definition: DriverTester.h:11
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:701
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1411
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
PVOID Object
Definition: extypes.h:599
#define __FUNCTION__
Definition: compiler.h:205
POBJECT_TYPE Type
Definition: obtypes.h:487
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ObjectType
Definition: metafile.c:278
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
ULONG ACCESS_MASK
Definition: nt_native.h:40
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
VOID NTAPI ObpDecrementHandleCount ( IN PVOID  ObjectBody,
IN PEPROCESS  Process,
IN ACCESS_MASK  GrantedAccess,
IN POBJECT_TYPE  ObjectType 
)

Definition at line 527 of file obhandle.c.

Referenced by ObDuplicateObject(), ObpCloseHandleTableEntry(), ObpCreateHandle(), and ObpCreateUnnamedHandle().

531 {
532  POBJECT_HEADER ObjectHeader;
533  LONG SystemHandleCount, ProcessHandleCount;
534  LONG NewCount;
535  KIRQL CalloutIrql;
536  POBJECT_HEADER_HANDLE_INFO HandleInfo;
537  POBJECT_HANDLE_COUNT_ENTRY HandleEntry;
538  POBJECT_HANDLE_COUNT_DATABASE HandleDatabase;
539  ULONG i;
540  PAGED_CODE();
541 
542  /* Get the object type and header */
543  ObjectHeader = OBJECT_TO_OBJECT_HEADER(ObjectBody);
545  "%s - Decrementing count for: %p. HC PC %lx %lx\n",
546  __FUNCTION__,
547  ObjectBody,
548  ObjectHeader->HandleCount,
549  ObjectHeader->PointerCount);
550 
551  /* Lock the object */
552  ObpAcquireObjectLock(ObjectHeader);
553 
554  /* Set default counts */
555  SystemHandleCount = ObjectHeader->HandleCount;
556  ProcessHandleCount = 0;
557 
558  /* Decrement the handle count */
559  NewCount = InterlockedDecrement(&ObjectHeader->HandleCount);
560 
561  /* Check if we're out of handles and this was an exclusive object */
562  if (!(NewCount) && (ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
563  {
564  /* Clear the exclusive flag */
565  OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = NULL;
566  }
567 
568  /* Is the object type keeping track of handles? */
569  if (ObjectType->TypeInfo.MaintainHandleCount)
570  {
571  /* Get handle information */
572  HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
573 
574  /* Check if there's only a single entry */
575  if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
576  {
577  /* It should be us */
578  ASSERT(HandleInfo->SingleEntry.Process == Process);
579  ASSERT(HandleInfo->SingleEntry.HandleCount > 0);
580 
581  /* Get the handle counts */
582  ProcessHandleCount = HandleInfo->SingleEntry.HandleCount--;
583  HandleEntry = &HandleInfo->SingleEntry;
584  }
585  else
586  {
587  /* Otherwise, get the database */
588  HandleDatabase = HandleInfo->HandleCountDatabase;
589  if (HandleDatabase)
590  {
591  /* Get the entries and loop them */
592  i = HandleDatabase->CountEntries;
593  HandleEntry = &HandleDatabase->HandleCountEntries[0];
594  while (i)
595  {
596  /* Check if this is a match */
597  if ((HandleEntry->HandleCount) &&
598  (HandleEntry->Process == Process))
599  {
600  /* Found it, get the process handle count */
601  ProcessHandleCount = HandleEntry->HandleCount--;
602  break;
603  }
604 
605  /* Keep looping */
606  HandleEntry++;
607  i--;
608  }
609  }
610  else
611  {
612  /* No database, so no entry */
613  HandleEntry = NULL;
614  }
615  }
616 
617  /* Check if this is the last handle */
618  if (ProcessHandleCount == 1)
619  {
620  /* Then clear the entry */
621  HandleEntry->Process = NULL;
622  HandleEntry->HandleCount = 0;
623  }
624  }
625 
626  /* Release the lock */
627  ObpReleaseObjectLock(ObjectHeader);
628 
629  /* Check if we have a close procedure */
630  if (ObjectType->TypeInfo.CloseProcedure)
631  {
632  /* Call it */
633  ObpCalloutStart(&CalloutIrql);
634  ObjectType->TypeInfo.CloseProcedure(Process,
635  ObjectBody,
637  ProcessHandleCount,
638  SystemHandleCount);
639  ObpCalloutEnd(CalloutIrql, "Close", ObjectType, ObjectBody);
640  }
641 
642  /* Check if we should delete the object */
643  ObpDeleteNameCheck(ObjectBody);
644 
645  /* Decrease the total number of handles for this type */
646  InterlockedDecrement((PLONG)&ObjectType->TotalNumberOfHandles);
648  "%s - Decremented count for: %p. HC PC %lx %lx\n",
649  __FUNCTION__,
650  ObjectBody,
651  ObjectHeader->HandleCount,
652  ObjectHeader->PointerCount);
653 }
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
Definition: obtypes.h:455
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
#define OBJECT_HEADER_TO_HANDLE_INFO(h)
Definition: obtypes.h:118
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
#define OB_FLAG_SINGLE_PROCESS
Definition: obtypes.h:103
LONG PointerCount
Definition: obtypes.h:481
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
UCHAR KIRQL
Definition: env_spec_w32.h:591
GLenum GLclampf GLint i
Definition: glfuncs.h:14
long LONG
Definition: pedump.c:60
LONG HandleCount
Definition: obtypes.h:484
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:429
smooth NULL
Definition: ftsmooth.c:557
ULONG HandleCount
Definition: obtypes.h:442
UCHAR Flags
Definition: obtypes.h:491
#define OB_FLAG_EXCLUSIVE
Definition: obtypes.h:100
struct _EPROCESS * Process
Definition: obtypes.h:441
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
Definition: obtypes.h:122
OBJECT_HANDLE_COUNT_ENTRY SingleEntry
Definition: obtypes.h:456
#define PAGED_CODE()
Definition: video.h:57
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:437
#define InterlockedDecrement
Definition: armddk.h:52
#define OB_HANDLE_DEBUG
Definition: ob.h:17
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]
Definition: obtypes.h:448
Definition: obtypes.h:439
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
unsigned int ULONG
Definition: retypes.h:1
#define __FUNCTION__
Definition: compiler.h:205
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ObjectType
Definition: metafile.c:278
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
Definition: obname.c:261
signed int * PLONG
Definition: retypes.h:5
BOOLEAN NTAPI ObpDuplicateHandleCallback ( IN PEPROCESS  Process,
IN PHANDLE_TABLE  HandleTable,
IN PHANDLE_TABLE_ENTRY  OldEntry,
IN PHANDLE_TABLE_ENTRY  HandleTableEntry 
)

Definition at line 1956 of file obhandle.c.

Referenced by ObInitProcess().

1960 {
1961  POBJECT_HEADER ObjectHeader;
1962  BOOLEAN Ret = FALSE;
1964  NTSTATUS Status;
1965  PAGED_CODE();
1966 
1967  /* Make sure that the handle is inheritable */
1968  Ret = (HandleTableEntry->ObAttributes & OBJ_INHERIT) != 0;
1969  if (Ret)
1970  {
1971  /* Get the object header */
1972  ObjectHeader = ObpGetHandleObject(HandleTableEntry);
1973 
1974  /* Increment the pointer count */
1975  InterlockedIncrement(&ObjectHeader->PointerCount);
1976 
1977  /* Release the handle lock */
1979 
1980  /* Setup the access state */
1981  AccessState.PreviouslyGrantedAccess = HandleTableEntry->GrantedAccess;
1982 
1983  /* Call the shared routine for incrementing handles */
1984  Status = ObpIncrementHandleCount(&ObjectHeader->Body,
1985  &AccessState,
1986  KernelMode,
1987  HandleTableEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES,
1988  Process,
1989  ObInheritHandle);
1990  if (!NT_SUCCESS(Status))
1991  {
1992  /* Return failure */
1993  ObDereferenceObject(&ObjectHeader->Body);
1994  Ret = FALSE;
1995  }
1996  }
1997  else
1998  {
1999  /* Release the handle lock */
2001  }
2002 
2003  /* Return duplication result */
2004  return Ret;
2005 }
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
LONG PointerCount
Definition: obtypes.h:481
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:267
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:883
#define FALSE
Definition: types.h:117
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:808
#define ObpGetHandleObject(x)
Definition: ob.h:81
unsigned char BOOLEAN
ACCESS_MASK PreviouslyGrantedAccess
Definition: setypes.h:204
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
#define OBJ_INHERIT
Definition: winternl.h:225
#define PAGED_CODE()
Definition: video.h:57
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
Status
Definition: gdiplustypes.h:24
LONG NTSTATUS
Definition: DriverTester.h:11
#define InterlockedIncrement
Definition: armddk.h:53
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
BOOLEAN NTAPI ObpEnumFindHandleProcedure ( IN PHANDLE_TABLE_ENTRY  HandleEntry,
IN HANDLE  Handle,
IN PVOID  Context 
)

Definition at line 214 of file obhandle.c.

Referenced by ObFindHandleForObject().

217 {
218  POBJECT_HEADER ObjectHeader;
221  POBP_FIND_HANDLE_DATA FindData = Context;
222 
223  /* Get the object header */
224  ObjectHeader = ObpGetHandleObject(HandleEntry);
225 
226  /* Make sure it's valid and matching */
227  if ((FindData->ObjectHeader) && (FindData->ObjectHeader != ObjectHeader))
228  {
229  /* No match, fail */
230  return FALSE;
231  }
232 
233  /* Now attempt to match the object type */
234  if ((FindData->ObjectType) && (FindData->ObjectType != ObjectHeader->Type))
235  {
236  /* No match, fail */
237  return FALSE;
238  }
239 
240  /* Check if we have extra information */
241  if (FindData->HandleInformation)
242  {
243  /* Get the granted access and attributes */
244  GrantedAccess = HandleEntry->GrantedAccess;
245  HandleAttributes = HandleEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES;
246 
247  /* Attempt to match them */
248  if ((FindData->HandleInformation->HandleAttributes != HandleAttributes) ||
249  (FindData->HandleInformation->GrantedAccess != GrantedAccess))
250  {
251  /* No match, fail */
252  return FALSE;
253  }
254  }
255 
256  /* We have a match */
257  return TRUE;
258 }
POBJECT_HEADER ObjectHeader
Definition: ob.h:113
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define TRUE
Definition: types.h:120
POBJECT_TYPE ObjectType
Definition: ob.h:114
ACCESS_MASK GrantedAccess
Definition: iotypes.h:158
#define FALSE
Definition: types.h:117
#define ObpGetHandleObject(x)
Definition: ob.h:81
POBJECT_HANDLE_INFORMATION HandleInformation
Definition: ob.h:115
struct tagContext Context
Definition: acpixf.h:1014
unsigned int ULONG
Definition: retypes.h:1
POBJECT_TYPE Type
Definition: obtypes.h:487
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSTATUS NTAPI ObpIncrementHandleCount ( IN PVOID  Object,
IN PACCESS_STATE AccessState  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN ULONG  HandleAttributes,
IN PEPROCESS  Process,
IN OB_OPEN_REASON  OpenReason 
)

Definition at line 808 of file obhandle.c.

Referenced by ObDuplicateObject(), ObpCreateHandle(), and ObpDuplicateHandleCallback().

814 {
815  POBJECT_HEADER ObjectHeader;
819  PEPROCESS ExclusiveProcess;
820  BOOLEAN Exclusive = FALSE, NewObject;
821  POBJECT_HEADER_CREATOR_INFO CreatorInfo;
822  KIRQL CalloutIrql;
824  ULONG Total;
825  POBJECT_HEADER_NAME_INFO NameInfo;
826  PAGED_CODE();
827 
828  /* Get the object header and type */
829  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
830  ObjectType = ObjectHeader->Type;
832  "%s - Incrementing count for: %p. Reason: %lx. HC PC %lx %lx\n",
833  __FUNCTION__,
834  Object,
835  OpenReason,
836  ObjectHeader->HandleCount,
837  ObjectHeader->PointerCount);
838 
839  /* Check if caller is forcing user mode */
841  {
842  /* Force it */
843  ProbeMode = UserMode;
844  }
845  else
846  {
847  /* Keep original setting */
848  ProbeMode = AccessMode;
849  }
850 
851  /* Lock the object */
852  ObpAcquireObjectLock(ObjectHeader);
853 
854  /* Charge quota and remove the creator info flag */
855  Status = ObpChargeQuotaForObject(ObjectHeader, ObjectType, &NewObject);
856  if (!NT_SUCCESS(Status)) return Status;
857 
858  /* Check if the open is exclusive */
860  {
861  /* Check if the object allows this, or if the inherit flag was given */
862  if ((HandleAttributes & OBJ_INHERIT) ||
863  !(ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
864  {
865  /* Incorrect attempt */
866  Status = STATUS_INVALID_PARAMETER;
867  goto Quickie;
868  }
869 
870  /* Check if we have access to it */
871  ExclusiveProcess = OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader);
872  if ((!(ExclusiveProcess) && (ObjectHeader->HandleCount)) ||
873  ((ExclusiveProcess) && (ExclusiveProcess != PsGetCurrentProcess())))
874  {
875  /* This isn't the right process */
876  Status = STATUS_ACCESS_DENIED;
877  goto Quickie;
878  }
879 
880  /* Now you got exclusive access */
881  Exclusive = TRUE;
882  }
883  else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE) &&
884  (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader)))
885  {
886  /* Caller didn't want exclusive access, but the object is exclusive */
887  Status = STATUS_ACCESS_DENIED;
888  goto Quickie;
889  }
890 
891  /* Check for exclusive kernel object */
892  NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
893  if ((NameInfo) && (NameInfo->QueryReferences & OB_FLAG_KERNEL_EXCLUSIVE) &&
894  (ProbeMode != KernelMode))
895  {
896  /* Caller is not kernel, but the object is kernel exclusive */
897  Status = STATUS_ACCESS_DENIED;
898  goto Quickie;
899  }
900 
901  /*
902  * Check if this is an object that went from 0 handles back to existence,
903  * but doesn't have an open procedure, only a close procedure. This means
904  * that it will never realize that the object is back alive, so we must
905  * fail the request.
906  */
907  if (!(ObjectHeader->HandleCount) &&
908  !(NewObject) &&
909  (ObjectType->TypeInfo.MaintainHandleCount) &&
910  !(ObjectType->TypeInfo.OpenProcedure) &&
911  (ObjectType->TypeInfo.CloseProcedure))
912  {
913  /* Fail */
914  Status = STATUS_UNSUCCESSFUL;
915  goto Quickie;
916  }
917 
918  /* Check if we're opening an existing handle */
919  if ((OpenReason == ObOpenHandle) ||
920  ((OpenReason == ObDuplicateHandle) && (AccessState)))
921  {
922  /* Validate the caller's access to this object */
924  AccessState,
925  TRUE,
926  ProbeMode,
927  &Status))
928  {
929  /* Access was denied, so fail */
930  goto Quickie;
931  }
932  }
933  else if (OpenReason == ObCreateHandle)
934  {
935  /* Convert MAXIMUM_ALLOWED to GENERIC_ALL */
936  if (AccessState->RemainingDesiredAccess & MAXIMUM_ALLOWED)
937  {
938  /* Mask out MAXIMUM_ALLOWED and stick GENERIC_ALL instead */
939  AccessState->RemainingDesiredAccess &= ~MAXIMUM_ALLOWED;
940  AccessState->RemainingDesiredAccess |= GENERIC_ALL;
941  }
942 
943  /* Check if we have to map the GENERIC mask */
944  if (AccessState->RemainingDesiredAccess & GENERIC_ACCESS)
945  {
946  /* Map it to the correct access masks */
947  RtlMapGenericMask(&AccessState->RemainingDesiredAccess,
948  &ObjectType->TypeInfo.GenericMapping);
949  }
950 
951  /* Check if the caller is trying to access system security */
952  if (AccessState->RemainingDesiredAccess & ACCESS_SYSTEM_SECURITY)
953  {
954  /* FIXME: TODO */
955  DPRINT1("ACCESS_SYSTEM_SECURITY not validated!\n");
956  }
957  }
958 
959  /* Check if this is an exclusive handle */
960  if (Exclusive)
961  {
962  /* Save the owner process */
963  OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process;
964  }
965 
966  /* Increase the handle count */
967  InterlockedIncrement(&ObjectHeader->HandleCount);
968  ProcessHandleCount = 0;
969 
970  /* Check if we have a handle database */
971  if (ObjectType->TypeInfo.MaintainHandleCount)
972  {
973  /* Increment the handle database */
974  Status = ObpIncrementHandleDataBase(ObjectHeader,
975  Process,
976  &ProcessHandleCount);
977  if (!NT_SUCCESS(Status))
978  {
979  /* FIXME: This should never happen for now */
980  DPRINT1("Unhandled case\n");
981  ASSERT(FALSE);
982  goto Quickie;
983  }
984  }
985 
986  /* Release the lock */
987  ObpReleaseObjectLock(ObjectHeader);
988 
989  /* Check if we have an open procedure */
990  Status = STATUS_SUCCESS;
991  if (ObjectType->TypeInfo.OpenProcedure)
992  {
993  /* Call it */
994  ObpCalloutStart(&CalloutIrql);
995  Status = ObjectType->TypeInfo.OpenProcedure(OpenReason,
996  Process,
997  Object,
998  AccessState ?
999  AccessState->
1001  0,
1002  ProcessHandleCount);
1003  ObpCalloutEnd(CalloutIrql, "Open", ObjectType, Object);
1004 
1005  /* Check if the open procedure failed */
1006  if (!NT_SUCCESS(Status))
1007  {
1008  /* FIXME: This should never happen for now */
1009  DPRINT1("Unhandled case\n");
1010  ASSERT(FALSE);
1011  return Status;
1012  }
1013  }
1014 
1015  /* Check if this is a create operation */
1016  if (OpenReason == ObCreateHandle)
1017  {
1018  /* Check if we have creator info */
1019  CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(ObjectHeader);
1020  if (CreatorInfo)
1021  {
1022  /* We do, acquire the lock */
1023  ObpEnterObjectTypeMutex(ObjectType);
1024 
1025  /* Insert us on the list */
1026  InsertTailList(&ObjectType->TypeList, &CreatorInfo->TypeList);
1027 
1028  /* Release the lock */
1029  ObpLeaveObjectTypeMutex(ObjectType);
1030  }
1031  }
1032 
1033  /* Increase total number of handles */
1034  Total = InterlockedIncrement((PLONG)&ObjectType->TotalNumberOfHandles);
1035  if (Total > ObjectType->HighWaterNumberOfHandles)
1036  {
1037  /* Fixup count */
1038  ObjectType->HighWaterNumberOfHandles = Total;
1039  }
1040 
1041  /* Trace call and return */
1043  "%s - Incremented count for: %p. Reason: %lx HC PC %lx %lx\n",
1044  __FUNCTION__,
1045  Object,
1046  OpenReason,
1047  ObjectHeader->HandleCount,
1048  ObjectHeader->PointerCount);
1049  return Status;
1050 
1051 Quickie:
1052  /* Release lock and return */
1053  ObpReleaseObjectLock(ObjectHeader);
1054  return Status;
1055 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define GENERIC_ALL
Definition: nt_native.h:92
#define TRUE
Definition: types.h:120
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS NTAPI ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
Definition: obhandle.c:434
return STATUS_SUCCESS
Definition: btrfs.c:2664
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
#define GENERIC_ACCESS
Definition: wlx.c:26
_Must_inspect_result_ _In_ _In_ ULONG ProbeMode
Definition: mmfuncs.h:562
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
LONG PointerCount
Definition: obtypes.h:481
#define InsertTailList(ListHead, Entry)
ULONG TotalNumberOfHandles
Definition: obtypes.h:387
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
UCHAR KIRQL
Definition: env_spec_w32.h:591
#define OBJ_FORCE_ACCESS_CHECK
Definition: winternl.h:232
#define FALSE
Definition: types.h:117
BOOLEAN MaintainHandleCount
Definition: obtypes.h:361
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
#define PsGetCurrentProcess
Definition: psfuncs.h:17
LONG HandleCount
Definition: obtypes.h:484
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:429
#define OBJ_EXCLUSIVE
Definition: winternl.h:227
UCHAR Flags
Definition: obtypes.h:491
OB_CLOSE_METHOD CloseProcedure
Definition: obtypes.h:368
#define OB_FLAG_EXCLUSIVE
Definition: obtypes.h:100
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
Definition: obtypes.h:122
unsigned char BOOLEAN
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
#define OBJ_INHERIT
Definition: winternl.h:225
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:272
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define PAGED_CODE()
Definition: video.h:57
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
static IUnknown Object
Definition: main.c:512
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:284
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:437
OB_OPEN_METHOD OpenProcedure
Definition: obtypes.h:367
NTSTATUS NTAPI ObpIncrementHandleDataBase(IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
Definition: obhandle.c:336
#define OB_HANDLE_DEBUG
Definition: ob.h:17
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
ULONG HighWaterNumberOfHandles
Definition: obtypes.h:389
Status
Definition: gdiplustypes.h:24
BOOLEAN NTAPI ObCheckObjectAccess(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
Definition: obsecure.c:441
LONG NTSTATUS
Definition: DriverTester.h:11
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
#define InterlockedIncrement
Definition: armddk.h:53
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
Definition: obtypes.h:126
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
Definition: sefuncs.h:13
unsigned int ULONG
Definition: retypes.h:1
#define __FUNCTION__
Definition: compiler.h:205
POBJECT_TYPE Type
Definition: obtypes.h:487
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71
#define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h)
Definition: obtypes.h:131
LIST_ENTRY TypeList
Definition: obtypes.h:382
ObjectType
Definition: metafile.c:278
signed int * PLONG
Definition: retypes.h:5
#define OB_FLAG_KERNEL_EXCLUSIVE
Definition: obtypes.h:109
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI ObpIncrementHandleDataBase ( IN POBJECT_HEADER  ObjectHeader,
IN PEPROCESS  Process,
IN OUT PULONG  NewProcessHandleCount 
)

Definition at line 336 of file obhandle.c.

Referenced by ObpIncrementHandleCount(), and ObpIncrementUnnamedHandleCount().

339 {
340  POBJECT_HEADER_HANDLE_INFO HandleInfo;
341  POBJECT_HANDLE_COUNT_ENTRY HandleEntry, FreeEntry = NULL;
342  POBJECT_HANDLE_COUNT_DATABASE HandleDatabase;
343  ULONG i;
344  PAGED_CODE();
345 
346  /* Get the handle info and check if we only have one entry */
347  HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
348  if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
349  {
350  /* Check if the entry is free */
351  if (!HandleInfo->SingleEntry.HandleCount)
352  {
353  /* Add ours */
354  HandleInfo->SingleEntry.HandleCount = 1;
355  HandleInfo->SingleEntry.Process = Process;
356 
357  /* Return success and 1 handle */
358  *NewProcessHandleCount = 1;
359  return STATUS_SUCCESS;
360  }
361  else if (HandleInfo->SingleEntry.Process == Process)
362  {
363  /* Busy entry, but same process */
364  *NewProcessHandleCount = ++HandleInfo->SingleEntry.HandleCount;
365  return STATUS_SUCCESS;
366  }
367  else
368  {
369  /* Insert a new entry */
370  FreeEntry = ObpInsertHandleCount(ObjectHeader);
371  if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
372  ASSERT(!FreeEntry->Process);
373  ASSERT(!FreeEntry->HandleCount);
374 
375  /* Fill it out */
376  FreeEntry->Process = Process;
377  FreeEntry->HandleCount = 1;
378 
379  /* Return success and 1 handle */
380  *NewProcessHandleCount = 1;
381  return STATUS_SUCCESS;
382  }
383  }
384 
385  /* We have a database instead */
386  HandleDatabase = HandleInfo->HandleCountDatabase;
387  if (HandleDatabase)
388  {
389  /* Get the entries and loop them */
390  i = HandleDatabase->CountEntries;
391  HandleEntry = &HandleDatabase->HandleCountEntries[0];
392  while (i)
393  {
394  /* Check if this is a match */
395  if (HandleEntry->Process == Process)
396  {
397  /* Found it, get the process handle count */
398  *NewProcessHandleCount = ++HandleEntry->HandleCount;
399  return STATUS_SUCCESS;
400  }
401  else if (!HandleEntry->HandleCount)
402  {
403  /* Found a free entry */
404  FreeEntry = HandleEntry;
405  }
406 
407  /* Keep looping */
408  HandleEntry++;
409  i--;
410  }
411 
412  /* Check if we couldn't find a free entry */
413  if (!FreeEntry)
414  {
415  /* Allocate one */
416  FreeEntry = ObpInsertHandleCount(ObjectHeader);
417  if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
418  ASSERT(!FreeEntry->Process);
419  ASSERT(!FreeEntry->HandleCount);
420  }
421 
422  /* Fill out the entry */
423  FreeEntry->Process = Process;
424  FreeEntry->HandleCount = 1;
425  *NewProcessHandleCount = 1;
426  }
427 
428  /* Return success if we got here */
429  return STATUS_SUCCESS;
430 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
Definition: obtypes.h:455
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
#define OBJECT_HEADER_TO_HANDLE_INFO(h)
Definition: obtypes.h:118
return STATUS_SUCCESS
Definition: btrfs.c:2664
#define OB_FLAG_SINGLE_PROCESS
Definition: obtypes.h:103
GLenum GLclampf GLint i
Definition: glfuncs.h:14
smooth NULL
Definition: ftsmooth.c:557
ULONG HandleCount
Definition: obtypes.h:442
struct _EPROCESS * Process
Definition: obtypes.h:441
OBJECT_HANDLE_COUNT_ENTRY SingleEntry
Definition: obtypes.h:456
#define PAGED_CODE()
Definition: video.h:57
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]
Definition: obtypes.h:448
Definition: obtypes.h:439
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
unsigned int ULONG
Definition: retypes.h:1
POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount(IN POBJECT_HEADER ObjectHeader)
Definition: obhandle.c:262
NTSTATUS NTAPI ObpIncrementUnnamedHandleCount ( IN PVOID  Object,
IN PACCESS_MASK  DesiredAccess,
IN KPROCESSOR_MODE  AccessMode,
IN ULONG  HandleAttributes,
IN PEPROCESS  Process 
)

Definition at line 1087 of file obhandle.c.

Referenced by ObpCreateUnnamedHandle().

1092 {
1093  POBJECT_HEADER ObjectHeader;
1096  NTSTATUS Status;
1097  PEPROCESS ExclusiveProcess;
1098  BOOLEAN Exclusive = FALSE, NewObject;
1099  POBJECT_HEADER_CREATOR_INFO CreatorInfo;
1100  KIRQL CalloutIrql;
1101  ULONG Total;
1102 
1103  /* Get the object header and type */
1104  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1105  ObjectType = ObjectHeader->Type;
1107  "%s - Incrementing count for: %p. UNNAMED. HC PC %lx %lx\n",
1108  __FUNCTION__,
1109  Object,
1110  ObjectHeader->HandleCount,
1111  ObjectHeader->PointerCount);
1112 
1113  /* Lock the object */
1114  ObpAcquireObjectLock(ObjectHeader);
1115 
1116  /* Charge quota and remove the creator info flag */
1117  Status = ObpChargeQuotaForObject(ObjectHeader, ObjectType, &NewObject);
1118  if (!NT_SUCCESS(Status)) return Status;
1119 
1120  /* Check if the open is exclusive */
1122  {
1123  /* Check if the object allows this, or if the inherit flag was given */
1124  if ((HandleAttributes & OBJ_INHERIT) ||
1125  !(ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
1126  {
1127  /* Incorrect attempt */
1128  Status = STATUS_INVALID_PARAMETER;
1129  goto Quickie;
1130  }
1131 
1132  /* Check if we have access to it */
1133  ExclusiveProcess = OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader);
1134  if ((!(ExclusiveProcess) && (ObjectHeader->HandleCount)) ||
1135  ((ExclusiveProcess) && (ExclusiveProcess != PsGetCurrentProcess())))
1136  {
1137  /* This isn't the right process */
1138  Status = STATUS_ACCESS_DENIED;
1139  goto Quickie;
1140  }
1141 
1142  /* Now you got exclusive access */
1143  Exclusive = TRUE;
1144  }
1145  else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE) &&
1146  (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader)))
1147  {
1148  /* Caller didn't want exclusive access, but the object is exclusive */
1149  Status = STATUS_ACCESS_DENIED;
1150  goto Quickie;
1151  }
1152 
1153  /*
1154  * Check if this is an object that went from 0 handles back to existence,
1155  * but doesn't have an open procedure, only a close procedure. This means
1156  * that it will never realize that the object is back alive, so we must
1157  * fail the request.
1158  */
1159  if (!(ObjectHeader->HandleCount) &&
1160  !(NewObject) &&
1161  (ObjectType->TypeInfo.MaintainHandleCount) &&
1162  !(ObjectType->TypeInfo.OpenProcedure) &&
1163  (ObjectType->TypeInfo.CloseProcedure))
1164  {
1165  /* Fail */
1166  Status = STATUS_UNSUCCESSFUL;
1167  goto Quickie;
1168  }
1169 
1170  /* Convert MAXIMUM_ALLOWED to GENERIC_ALL */
1172  {
1173  /* Mask out MAXIMUM_ALLOWED and stick GENERIC_ALL instead */
1174  *DesiredAccess &= ~MAXIMUM_ALLOWED;
1176  }
1177 
1178  /* Check if we have to map the GENERIC mask */
1180  {
1181  /* Map it to the correct access masks */
1183  &ObjectType->TypeInfo.GenericMapping);
1184  }
1185 
1186  /* Check if this is an exclusive handle */
1187  if (Exclusive)
1188  {
1189  /* Save the owner process */
1190  OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process;
1191  }
1192 
1193  /* Increase the handle count */
1194  InterlockedIncrement(&ObjectHeader->HandleCount);
1195  ProcessHandleCount = 0;
1196 
1197  /* Check if we have a handle database */
1198  if (ObjectType->TypeInfo.MaintainHandleCount)
1199  {
1200  /* Increment the handle database */
1201  Status = ObpIncrementHandleDataBase(ObjectHeader,
1202  Process,
1203  &ProcessHandleCount);
1204  if (!NT_SUCCESS(Status))
1205  {
1206  /* FIXME: This should never happen for now */
1207  DPRINT1("Unhandled case\n");
1208  ASSERT(FALSE);
1209  goto Quickie;
1210  }
1211  }
1212 
1213  /* Release the lock */
1214  ObpReleaseObjectLock(ObjectHeader);
1215 
1216  /* Check if we have an open procedure */
1217  Status = STATUS_SUCCESS;
1218  if (ObjectType->TypeInfo.OpenProcedure)
1219  {
1220  /* Call it */
1221  ObpCalloutStart(&CalloutIrql);
1222  Status = ObjectType->TypeInfo.OpenProcedure(ObCreateHandle,
1223  Process,
1224  Object,
1225  *DesiredAccess,
1226  ProcessHandleCount);
1227  ObpCalloutEnd(CalloutIrql, "Open", ObjectType, Object);
1228 
1229  /* Check if the open procedure failed */
1230  if (!NT_SUCCESS(Status))
1231  {
1232  /* FIXME: This should never happen for now */
1233  DPRINT1("Unhandled case\n");
1234  ASSERT(FALSE);
1235  return Status;
1236  }
1237  }
1238 
1239  /* Check if we have creator info */
1240  CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(ObjectHeader);
1241  if (CreatorInfo)
1242  {
1243  /* We do, acquire the lock */
1244  ObpEnterObjectTypeMutex(ObjectType);
1245 
1246  /* Insert us on the list */
1247  InsertTailList(&ObjectType->TypeList, &CreatorInfo->TypeList);
1248 
1249  /* Release the lock */
1250  ObpLeaveObjectTypeMutex(ObjectType);
1251  }
1252 
1253  /* Increase total number of handles */
1254  Total = InterlockedIncrement((PLONG)&ObjectType->TotalNumberOfHandles);
1255  if (Total > ObjectType->HighWaterNumberOfHandles)
1256  {
1257  /* Fixup count */
1258  ObjectType->HighWaterNumberOfHandles = Total;
1259  }
1260 
1261  /* Trace call and return */
1263  "%s - Incremented count for: %p. UNNAMED HC PC %lx %lx\n",
1264  __FUNCTION__,
1265  Object,
1266  ObjectHeader->HandleCount,
1267  ObjectHeader->PointerCount);
1268  return Status;
1269 
1270 Quickie:
1271  /* Release lock and return */
1272  ObpReleaseObjectLock(ObjectHeader);
1273  return Status;
1274 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
#define GENERIC_ALL
Definition: nt_native.h:92
#define TRUE
Definition: types.h:120
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS NTAPI ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
Definition: obhandle.c:434
return STATUS_SUCCESS
Definition: btrfs.c:2664
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
#define GENERIC_ACCESS
Definition: wlx.c:26
LONG PointerCount
Definition: obtypes.h:481
IN POBJECT_ATTRIBUTES PortAttributes IN ACCESS_MASK DesiredAccess
Definition: creport.c:28
#define InsertTailList(ListHead, Entry)
ULONG TotalNumberOfHandles
Definition: obtypes.h:387
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
UCHAR KIRQL
Definition: env_spec_w32.h:591
#define FALSE
Definition: types.h:117
BOOLEAN MaintainHandleCount
Definition: obtypes.h:361
#define PsGetCurrentProcess
Definition: psfuncs.h:17
LONG HandleCount
Definition: obtypes.h:484
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:429
#define OBJ_EXCLUSIVE
Definition: winternl.h:227
UCHAR Flags
Definition: obtypes.h:491
OB_CLOSE_METHOD CloseProcedure
Definition: obtypes.h:368
#define OB_FLAG_EXCLUSIVE
Definition: obtypes.h:100
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
Definition: obtypes.h:122
unsigned char BOOLEAN
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
#define OBJ_INHERIT
Definition: winternl.h:225
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:272
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
static IUnknown Object
Definition: main.c:512
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:284
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:437
OB_OPEN_METHOD OpenProcedure
Definition: obtypes.h:367
NTSTATUS NTAPI ObpIncrementHandleDataBase(IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
Definition: obhandle.c:336
#define OB_HANDLE_DEBUG
Definition: ob.h:17
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
ULONG HighWaterNumberOfHandles
Definition: obtypes.h:389
Status
Definition: gdiplustypes.h:24
LONG NTSTATUS
Definition: DriverTester.h:11
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
#define InterlockedIncrement
Definition: armddk.h:53
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
Definition: obtypes.h:126
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
unsigned int ULONG
Definition: retypes.h:1
#define __FUNCTION__
Definition: compiler.h:205
POBJECT_TYPE Type
Definition: obtypes.h:487
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71
#define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h)
Definition: obtypes.h:131
LIST_ENTRY TypeList
Definition: obtypes.h:382
ObjectType
Definition: metafile.c:278
signed int * PLONG
Definition: retypes.h:5
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount ( IN POBJECT_HEADER  ObjectHeader)

Definition at line 262 of file obhandle.c.

Referenced by ObpIncrementHandleDataBase().

263 {
264  POBJECT_HEADER_HANDLE_INFO HandleInfo;
265  POBJECT_HANDLE_COUNT_ENTRY FreeEntry;
266  POBJECT_HANDLE_COUNT_DATABASE HandleDatabase, OldHandleDatabase;
267  ULONG i;
268  ULONG Size, OldSize;
269  OBJECT_HANDLE_COUNT_DATABASE SingleDatabase;
270  PAGED_CODE();
271 
272  /* Get the handle info */
273  HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
274  if (!HandleInfo) return NULL;
275 
276  /* Check if we only have one entry */
277  if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
278  {
279  /* Fill out the single entry */
280  SingleDatabase.CountEntries = 1;
281  SingleDatabase.HandleCountEntries[0] = HandleInfo->SingleEntry;
282 
283  /* Use this as the old size */
284  OldHandleDatabase = &SingleDatabase;
285  OldSize = sizeof(SingleDatabase);
286 
287  /* Now we'll have two entries, and an entire DB */
288  i = 2;
289  Size = sizeof(OBJECT_HANDLE_COUNT_DATABASE) +
290  ((i - 1) * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
291  }
292  else
293  {
294  /* We already have a DB, get the information from it */
295  OldHandleDatabase = HandleInfo->HandleCountDatabase;
296  i = OldHandleDatabase->CountEntries;
297  OldSize = sizeof(OBJECT_HANDLE_COUNT_DATABASE) +
298  ((i - 1) * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
299 
300  /* Add 4 more entries */
301  i += 4;
302  Size = OldSize + (4 * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
303  }
304 
305  /* Allocate the DB */
306  HandleDatabase = ExAllocatePoolWithTag(PagedPool, Size, TAG_OB_HANDLE);
307  if (!HandleDatabase) return NULL;
308 
309  /* Copy the old database */
310  RtlCopyMemory(HandleDatabase, OldHandleDatabase, OldSize);
311 
312  /* Check if we he had a single entry before */
313  if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
314  {
315  /* Now we have more */
316  ObjectHeader->Flags &= ~OB_FLAG_SINGLE_PROCESS;
317  }
318  else
319  {
320  /* Otherwise we had a DB, free it */
321  ExFreePoolWithTag(OldHandleDatabase, TAG_OB_HANDLE);
322  }
323 
324  /* Find the end of the copy and zero out the new data */
325  FreeEntry = (PVOID)((ULONG_PTR)HandleDatabase + OldSize);
326  RtlZeroMemory(FreeEntry, Size - OldSize);
327 
328  /* Set the new information and return the free entry */
329  HandleDatabase->CountEntries = i;
330  HandleInfo->HandleCountDatabase = HandleDatabase;
331  return FreeEntry;
332 }
DWORD *typedef PVOID
Definition: winlogon.h:52
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
Definition: obtypes.h:455
#define OBJECT_HEADER_TO_HANDLE_INFO(h)
Definition: obtypes.h:118
#define OB_FLAG_SINGLE_PROCESS
Definition: obtypes.h:103
uint32_t ULONG_PTR
Definition: typedefs.h:63
struct _OBJECT_HANDLE_COUNT_ENTRY OBJECT_HANDLE_COUNT_ENTRY
GLenum GLclampf GLint i
Definition: glfuncs.h:14
smooth NULL
Definition: ftsmooth.c:557
UINTN Size
Definition: acefiex.h:555
OBJECT_HANDLE_COUNT_ENTRY SingleEntry
Definition: obtypes.h:456
#define PAGED_CODE()
Definition: video.h:57
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]
Definition: obtypes.h:448
Definition: obtypes.h:439
#define TAG_OB_HANDLE
Definition: obhandle.c:23
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1097
struct _OBJECT_HANDLE_COUNT_DATABASE OBJECT_HANDLE_COUNT_DATABASE
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle ( IN HANDLE  Handle,
IN PEPROCESS  Process,
IN PHANDLE_TABLE  HandleTable,
IN KPROCESSOR_MODE  AccessMode,
OUT PVOID Object,
OUT POBJECT_HANDLE_INFORMATION  HandleInformation,
OUT PACCESS_MASK  AuditMask 
)

Definition at line 88 of file obhandle.c.

Referenced by ObDuplicateObject().

95 {
96  PHANDLE_TABLE_ENTRY HandleEntry;
97  POBJECT_HEADER ObjectHeader;
102 
103  /* Assume failure */
104  *Object = NULL;
105 
106  /* Check if this is a special handle */
107  if (HandleToLong(Handle) < 0)
108  {
109  /* Check if the caller wants the current process */
110  if (Handle == NtCurrentProcess())
111  {
112  /* Return handle info */
113  HandleInformation->HandleAttributes = 0;
114  HandleInformation->GrantedAccess = Process->GrantedAccess;
115 
116  /* No audit mask */
117  *AuditMask = 0;
118 
119  /* Reference ourselves */
120  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Process);
121  InterlockedIncrement(&ObjectHeader->PointerCount);
122 
123  /* Return the pointer */
124  *Object = Process;
125  ASSERT(*Object != NULL);
126  return STATUS_SUCCESS;
127  }
128 
129  /* Check if the caller wants the current thread */
130  if (Handle == NtCurrentThread())
131  {
132  /* Return handle information */
133  HandleInformation->HandleAttributes = 0;
134  HandleInformation->GrantedAccess = Thread->GrantedAccess;
135 
136  /* Reference ourselves */
137  ObjectHeader = OBJECT_TO_OBJECT_HEADER(Thread);
138  InterlockedExchangeAdd(&ObjectHeader->PointerCount, 1);
139 
140  /* No audit mask */
141  *AuditMask = 0;
142 
143  /* Return the pointer */
144  *Object = Thread;
145  ASSERT(*Object != NULL);
146  return STATUS_SUCCESS;
147  }
148 
149  /* This is a kernel handle... do we have access? */
150  if (AccessMode == KernelMode)
151  {
152  /* Use the kernel handle table and get the actual handle value */
155  }
156  else
157  {
158  /* This is an illegal attempt to access a kernel handle */
159  return STATUS_INVALID_HANDLE;
160  }
161  }
162 
163  /* Enter a critical region while we touch the handle table */
164  ASSERT(HandleTable != NULL);
166 
167  /* Get the handle entry */
168  HandleEntry = ExMapHandleToPointer(HandleTable, Handle);
169  if (HandleEntry)
170  {
171  /* Get the object header and validate the type*/
172  ObjectHeader = ObpGetHandleObject(HandleEntry);
173 
174  /* Get the granted access and validate it */
175  GrantedAccess = HandleEntry->GrantedAccess;
176 
177  /* Mask out the internal attributes */
178  Attributes = HandleEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES;
179 
180  /* Fill out the information */
181  HandleInformation->HandleAttributes = Attributes;
182  HandleInformation->GrantedAccess = GrantedAccess;
183 
184  /* No audit mask (FIXME!) */
185  *AuditMask = 0;
186 
187  /* Return the pointer */
188  *Object = &ObjectHeader->Body;
189 
190  /* Add a reference */
191  InterlockedExchangeAdd(&ObjectHeader->PointerCount, 1);
192 
193  /* Unlock the handle */
196 
197  /* Return success */
198  ASSERT(*Object != NULL);
199  return STATUS_SUCCESS;
200  }
201  else
202  {
203  /* Invalid handle */
204  Status = STATUS_INVALID_HANDLE;
205  }
206 
207  /* Return failure status */
209  return Status;
210 }
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
ULONG_PTR ObAttributes
Definition: extypes.h:600
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel)?(CompletionRoutine!=NULL):TRUE)
return STATUS_SUCCESS
Definition: btrfs.c:2664
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
Definition: handle.c:1006
#define NtCurrentThread()
static EMS_HANDLE HandleTable[EMS_MAX_HANDLES]
Definition: emsdrv.c:40
LONG PointerCount
Definition: obtypes.h:481