ReactOS 0.4.16-dev-289-g096a551
obhandle.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for obhandle.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable (IN PEPROCESS Process)
 
VOID NTAPI ObDereferenceProcessHandleTable (IN PEPROCESS Process)
 
ULONG NTAPI ObGetProcessHandleCount (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle (IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
 
BOOLEAN NTAPI ObpEnumFindHandleProcedure (IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN PVOID Context)
 
POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount (IN POBJECT_HEADER ObjectHeader)
 
NTSTATUS NTAPI ObpIncrementHandleDataBase (IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
 
NTSTATUS NTAPI ObpChargeQuotaForObject (IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
 
NTSTATUS NTAPI ObpValidateAccessMask (IN PACCESS_STATE AccessState)
 
VOID NTAPI ObpDecrementHandleCount (IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
 
NTSTATUS NTAPI ObpCloseHandleTableEntry (IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
 
NTSTATUS NTAPI ObpIncrementHandleCount (IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
 
NTSTATUS NTAPI ObpIncrementUnnamedHandleCount (IN PVOID Object, IN PACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process)
 
NTSTATUS NTAPI ObpCreateUnnamedHandle (IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
 
NTSTATUS NTAPI ObpCreateHandle (IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
 
NTSTATUS NTAPI ObpCloseHandle (IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
 
BOOLEAN NTAPI ObpSetHandleAttributes (IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
 
BOOLEAN NTAPI ObpCloseHandleCallback (IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
 
BOOLEAN NTAPI ObpDuplicateHandleCallback (IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
 
VOID NTAPI ObClearProcessHandleTable (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObInitProcess (IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
 
VOID NTAPI ObKillProcess (IN PEPROCESS Process)
 
NTSTATUS NTAPI ObDuplicateObject (IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI ObOpenObjectByName (IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN OUT PVOID ParseContext, OUT PHANDLE Handle)
 
NTSTATUS NTAPI ObOpenObjectByPointer (IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
 
BOOLEAN NTAPI ObFindHandleForObject (IN PEPROCESS Process, IN PVOID Object, IN POBJECT_TYPE ObjectType, IN POBJECT_HANDLE_INFORMATION HandleInformation, OUT PHANDLE Handle)
 
NTSTATUS NTAPI ObInsertObject (IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
 
NTSTATUS NTAPI ObSetHandleAttributes (IN HANDLE Handle, IN POBJECT_HANDLE_ATTRIBUTE_INFORMATION HandleFlags, IN KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI ObCloseHandle (IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
 
NTSTATUS NTAPI NtClose (IN HANDLE Handle)
 
NTSTATUS NTAPI NtDuplicateObject (IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options)
 
BOOLEAN NTAPI ObIsKernelHandle (IN HANDLE Handle)
 

Variables

PHANDLE_TABLE ObpKernelHandleTable = NULL
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 17 of file obhandle.c.

Function Documentation

◆ NtClose()

NTSTATUS NTAPI NtClose ( IN HANDLE  Handle)

Definition at line 3402 of file obhandle.c.

3403{
3404 /* Call the internal API */
3406}
#define ExGetPreviousMode
Definition: ex.h:140
ULONG Handle
Definition: gdb_input.c:15
NTSTATUS NTAPI ObpCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:1730

Referenced by _At_(), _main(), _tmain(), AccessCheckEmptyMappingTest(), AccessGrantedMultipleObjectsTests(), AccessGrantedNoDaclTests(), AccessGrantedTests(), AccpCloseObjectHandle(), AddCodepageToRegistry(), AddFontsSettingsToRegistry(), AddHotkeySettings(), AddKbLayoutsToRegistry(), AddVolumeToList(), AfdBind(), AfdConnect(), AfdGetInformation(), AfdSend(), AfdSendTo(), AfdSetInformation(), AllocConsole(), BaseComputeProcessDllPath(), BaseGetNamedObjectDirectory(), BaseInitializeStaticServerData(), BasepCopyFileExW(), BasepIsProcessAllowed(), BasepMapFile(), BasepMoveFileDelayed(), BasepNotifyTrackingService(), BasepOpenFileForMove(), BasepSxsCloseHandles(), BaseSrvCleanupVDMResources(), BaseSrvCreatePairWaitHandles(), BaseSrvDestroyConsoleRecord(), BaseSrvDestroyPairWaitHandles(), BaseSrvIsVdmAllowed(), Beep(), CabinetExtractFile(), CallApphelpWithImage(), CallCacheControl(), check_boot_options(), CheckForGlobalDriveLetter(), CheckTokenMembership(), clean_main(), ClientThread(), CloseCabinet(), CloseDefaultKeys(), CloseDevice(), CloseHandle(), CloseIniBootLoaderStore(), closeTcpFile(), CmGetSystemDriverList(), CmInitSystem1(), CmpCreateControlSet(), CmpCreateHardwareProfile(), CmpInitializeHardwareConfiguration(), CmpInitializeMachineDependentConfiguration(), CmpInitializeRegistryNode(), CmpSetSystemValues(), CmpSetupConfigurationTree(), CmpSetVersionData(), CommandDumpSector(), CommandPartInfo(), CON_API(), ConCfgOpenUserSettings(), ConDrvDeinitInputBuffer(), ConnectConsole(), ConnectRegistry(), ConSrvDeleteConsole(), ConSrvInitConsole(), ConvertNtPathToWin32Path(), create_classes_root_hkey(), create_key(), create_registry_key(), CreateBaseAcls(), CreateContext(), CreateDirectoryExW(), CreateDirectoryW(), CreateHardLinkW(), CreateIoCompletionPort(), CreateKeyTest(), CreateNestedKey(), CreatePartitionList(), CreatePipe(), CreateProcessAsUserCommon(), CreateProcessInternalW(), CreateRegistryFile(), CreateRemoteThread(), CreateSymbolicLinkW(), CreateSymLinkKey(), CreateWindowStationW(), CSR_API(), CsrApiPortInitialize(), CsrCreateRemoteThread(), CsrGetProcessLuid(), CsrpCheckRequestThreads(), CsrpConnectToServer(), CsrProcessRefcountZero(), CsrSbApiRequestThread(), CsrSetProcessSecurity(), CsrSrvCreateSharedSection(), CsrThreadRefcountZero(), DbgUiIssueRemoteBreakin(), DebugActiveProcess(), DebugActiveProcessStop(), DeleteFileW(), DeleteKeyTest(), DeleteSymLinkKey(), DeleteValueTest(), DenyAccessTests(), DestroyProtoHive(), DismountVolume(), do_enumeratekey(), DoesPathExist_UStr(), DumpDisk(), DumpPartition(), DumpRegistryData(), EnumerateKeyTest(), EnumerateValueTest(), ExpandSymbolicLink(), ExpCreateSystemRootLink(), ExpInitializeCallbacks(), Ext2CloseDevice(), FindClose(), FindFirstChangeNotificationW(), FindFirstFileExW(), FindFirstStreamW(), FindNTOSInstallations(), FormatEx2(), FreeConsole(), get_manifest_in_associated_manifest(), get_manifest_in_manifest_file(), get_manifest_in_pe_file(), get_registry_locale_info(), get_system_root(), GetCallerLuid(), GetComputerIdentifier(), GetComputerNameFromRegistry(), GetCPFileNameFromRegistry(), GetDeviceInfo_UStr(), GetDiskFreeSpaceExW(), GetDiskFreeSpaceW(), GetDisplayIdentifier(), GetDllList(), GetDosDevicesProtection(), GetDriveTypeW(), GetFileSecurityW(), GetFileSystem(), GetFileSystemName_UStr(), GetNTObjectSymbolicLinkTarget(), GetPhysicalFileSize(), GetRegInt(), GetSocketInformation(), GetSourcePaths(), GetTempFileNameW(), GetTimeouts(), GetToken(), GetTokenProcess(), GetUserGeoID(), GetVolumeInformationW(), GetVolumeNameForRoot(), GrantedAccessTests(), GRAPHICS_BUFFER_Destroy(), GRAPHICS_BUFFER_Initialize(), GuiApplyUserSettings(), GuiConsoleShowConsoleProperties(), GuiDeinitFrontEnd(), GuiInit(), GuiInitFrontEnd(), IcmpCloseHandle(), ImpersonateLoggedOnUser(), InferFileSystem(), InfOpenFile(), InfWriteFile(), IniCacheLoad(), IniCacheSave(), InitFunctionPtrs(), InitializeFmIfsOnce(), InitializeUserModePnpManager(), InitLogPort(), InstallBootCodeToDisk(), InstallBootCodeToFile(), InstallBootManagerAndBootEntries(), InstallDevice(), InstallDriver(), InstallSetupInfFile(), IntAllocConsole(), IntAttachConsole(), IntGetCodePageEntry(), IopCreateRootDirectories(), IopInitializePlugPlayServices(), IopMarkBootPartition(), is_mounted_multi_device(), IsAcpiComputer(), IsShimInfrastructureDisabled(), IsThisARootDirectory(), IsValidLanguageGroup(), IsValidNTOSInstallation(), JapaneseEra_IsFirstYearGannen(), JapaneseEra_Load(), keyed_event_thread(), KsecOpenDevice(), LdrOpenImageFileOptionsKey(), LdrpCheckForKnownDll(), LdrpCheckForLoadedDll(), LdrpCreateDllSection(), LdrpDisableProcessCompatGuidDetection(), LdrpInitializeProcess(), LdrpMapDll(), LdrQueryImageFileExecutionOptionsEx(), LdrVerifyImageMatchesChecksum(), ListDirectory(), LoadModule(), LoadSymbolsRoutine(), LOCALE_InitRegistry(), LogfBackupFile(), LogfClose(), LogfCreate(), lookup_assembly(), lookup_winsxs(), LsaConnectUntrusted(), LsapAddNotification(), LsapCheckLogonProcess(), LsapCloseDbObject(), LsapCloseLsaPort(), LsapCreateDatabaseKeys(), LsapCreateDbObject(), LsapDeleteDbObject(), LsapDeregisterLogonProcess(), LsapEnumLogonSessions(), LsapGetLogonSessionData(), LsapGetObjectAttribute(), LsapIsDatabaseInstalled(), LsapIsTrustedClient(), LsapLogonUser(), LsapOpenDbObject(), LsapRegCloseKey(), LsapRegDeleteSubKey(), LsapRemoveNotification(), LsapSetObjectAttribute(), LsarSetSecurityObject(), main(), MapFile(), MountVolume(), MoveFileWithProgressW(), MyDeleteFile(), NetUserChangePassword(), NLS_EnumLanguageGroupLocales(), NLS_EnumSystemLanguageGroups(), NlsInit(), NlsUninit(), NtQueryOpenSubKeys(), ObDuplicateObject(), ObInitSystem(), ObpCreateDosDevicesDirectory(), OpenAndMapFile(), OpenBootStore_UStr(), OpenFile(), OpenIniBootLoaderStore(), OpenWindowStationW(), nt_handle::operator=(), ParamsValidationTests(), ParamValidationNoObjsList(), parse_file(), Phase1InitializationDiscard(), PipGetDriverTagPriority(), PortThreadRoutine(), PrintProcess(), PrintThreads(), PrivMoveFileIdentityW(), ProcessDisplayRegistry(), ProcessIdToSessionId(), ProcessLocaleRegistry(), QueryDeviceInformation(), QueryDosDeviceW(), QueryTokenImpersonationTests(), QueryTokenIsSandboxInert(), QueryTokenPrivilegesAndGroupsTests(), QueryTokenRestrictedSidsTest(), ReadBlock(), ReadBootCodeFromFile(), RegCleanupRegistry(), RegCloseKey(), RegCopyTreeW(), RegDeleteKeyExW(), RegInitializeRegistry(), RegisterUncProvider(), registry_callback(), RegOverridePredefKey(), RegpCopyTree(), RegReplaceKeyW(), RegRestoreKeyW(), RegSaveKeyW(), RegSetKeyValueA(), RegSetKeyValueW(), RemoveDirectoryW(), ReplaceFileW(), ResolveArcNameNtSymLink(), RSetServiceObjectSecurity(), RtlCreateActivationContext(), RtlCreateTimerQueue(), RtlCreateUserSecurityObject(), RtlCreateUserThread(), RtlDefaultNpAcl(), RtlDeleteCriticalSection(), RtlDeleteResource(), RtlDeleteTimer(), RtlDeleteTimerQueueEx(), RtlDeregisterWaitEx(), RtlImpersonateSelf(), RtlInitializeRXact(), RtlNewSecurityGrantedAccess(), RtlpCloseKeyedEvent(), RtlpExecuteIoWorkItem(), RtlpExecuteWorkItem(), RtlpIoWorkerThreadProc(), RtlpIsIoPending(), RtlpStartWorkerThread(), RtlQueryRegistryValues(), RtlQueueWorkItem(), RtlRegisterWait(), RtlReleaseRelativeName(), RtlSetCurrentDirectory_U(), RXactpCommit(), SampRegCloseKey(), SampRegDeleteKey(), SamrSetSecurityObject(), SaveBootSector(), ScmCheckDriver(), ScmConvertToBootPathName(), ScmGetDriverStatus(), SdbCloseDatabase(), SdbDeletePermLayerKeys(), SdbpCloseMemMappedFile(), SdbpGetPermLayersInternal(), SdbpOpenMemMappedFile(), SdbRegisterDatabaseEx(), SdbSetPermLayerKeys(), SdbUnregisterDatabase(), ServerThread(), SetActiveComputerNameToRegistry(), SetComputerNameToRegistry(), SetDefaultPagefile(), SetFileAttributesW(), SetFileSecurityW(), SetGeoID(), SetLocaleInfoW(), SetMountedDeviceValue(), SetRosSpecificInfo(), SetSocketInformation(), SetupCopyFile(), SetupCreateSingleDirectory(), SetupDeleteFile(), SetupMoveFile(), SetUserGeoID(), SetValueTest1(), SetValueTest2(), SetVolumeLabelW(), ShowFileSystemInfo(), SmExecPgm(), SmExecuteProgram(), SmLookupSubsystem(), SmpAcquirePrivilege(), SmpConfigureObjectDirectories(), SmpCreateDynamicEnvironmentVariables(), SmpCreateVolumeDescriptors(), SmpDeletePagingFile(), SmpDereferenceSubsystem(), SmpExecPgm(), SmpExecuteImage(), SmpExecuteInitialCommand(), SmpGetPagingFileSize(), SmpGetVolumeFreeSpace(), SmpHandleConnectionRequest(), SmpInit(), SmpInitializeDosDevices(), SmpInitializeKnownDllsInternal(), SmpLoadDataFromRegistry(), SmpLoadSubSystem(), SmpProcessFileRenames(), SmpQueryRegistrySosOption(), SmpReleasePrivilege(), SmpSbCreateSession(), SmpStartCsr(), SmpTranslateSystemPartitionInformation(), SockCreateOrReferenceAsyncThread(), SpeakerCleanup(), START_TEST(), StartAuthenticationPort(), TerminateUserModePnpManager(), test1(), test2(), test3(), test5(), test6(), test7(), test9(), Test_ApphelpCheckRunApp(), Test_EmptyFile(), Test_ImageSection(), test_keyed_events(), Test_KeyFullInformation(), Test_KeyNameInformation(), test_mutant(), test_NtOpenKey(), Test_PageFileSection(), Test_RawSize(), Test_recv(), Test_SectionContents(), test_tp_multi_wait(), TestCreateOpen_(), TestSend(), TestSendTo(), TestTcp(), TestUdp(), TH32CreateSnapshotSectionInitialize(), timer_queue_thread_proc(), UnhandledExceptionFilter(), UnMapFile(), UserpFormatMessages(), VfatFormat(), VfatxFormat(), Wait_thread_proc(), WaitNamedPipeW(), WinExec(), WritePartitions(), WSPAccept(), WSPBind(), WSPCloseSocket(), WSPConnect(), WSPDuplicateSocket(), WSPEnumNetworkEvents(), WSPEventSelect(), WSPGetPeerName(), WSPGetSockName(), WSPListen(), WSPRecv(), WSPRecvFrom(), WSPSelect(), WSPSend(), WSPSendTo(), WSPShutdown(), WSPSocket(), CEnumNTDirectory::~CEnumNTDirectory(), mountmgr::~mountmgr(), and nt_handle::~nt_handle().

◆ NtDuplicateObject()

NTSTATUS NTAPI NtDuplicateObject ( IN HANDLE  SourceProcessHandle,
IN HANDLE  SourceHandle,
IN HANDLE TargetProcessHandle  OPTIONAL,
OUT PHANDLE TargetHandle  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
IN ULONG  Options 
)

Definition at line 3410 of file obhandle.c.

3417{
3418 PEPROCESS SourceProcess, TargetProcess, Target;
3419 HANDLE hTarget;
3423 "%s - Duplicating handle: %p for %p into %p.\n",
3426 SourceProcessHandle,
3428
3429 /* Check if we have a target handle */
3430 if ((TargetHandle) && (PreviousMode != KernelMode))
3431 {
3432 /* Enter SEH */
3433 _SEH2_TRY
3434 {
3435 /* Probe the handle and assume failure */
3437 *TargetHandle = NULL;
3438 }
3440 {
3441 /* Return the exception code */
3443 }
3444 _SEH2_END;
3445 }
3446
3447 /* Now reference the input handle */
3448 Status = ObReferenceObjectByHandle(SourceProcessHandle,
3452 (PVOID*)&SourceProcess,
3453 NULL);
3454 if (!NT_SUCCESS(Status)) return Status;
3455
3456 /* Check if got a target handle */
3458 {
3459 /* Now reference the output handle */
3464 (PVOID*)&TargetProcess,
3465 NULL);
3466 if (NT_SUCCESS(Status))
3467 {
3468 /* Use this target process */
3469 Target = TargetProcess;
3470 }
3471 else
3472 {
3473 /* No target process */
3474 Target = NULL;
3475 }
3476 }
3477 else
3478 {
3479 /* No target process */
3481 Target = NULL;
3482 }
3483
3484 /* Call the internal routine */
3485 Status = ObDuplicateObject(SourceProcess,
3487 Target,
3488 &hTarget,
3491 Options,
3492 PreviousMode);
3493
3494 /* Check if the caller wanted the return handle */
3495 if (TargetHandle)
3496 {
3497 /* Protect the write to user mode */
3498 _SEH2_TRY
3499 {
3500 /* Write the new handle */
3501 *TargetHandle = hTarget;
3502 }
3504 {
3505 /* Otherwise, get the exception code */
3507 }
3508 _SEH2_END;
3509 }
3510
3511 /* Dereference the processes */
3513 "%s - Duplicated handle: %p into %p S %lx\n",
3515 hTarget,
3517 Status);
3519 ObDereferenceObject(SourceProcess);
3520 return Status;
3521}
LONG NTSTATUS
Definition: precomp.h:26
#define NULL
Definition: types.h:112
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
#define __FUNCTION__
Definition: types.h:116
Status
Definition: gdiplustypes.h:25
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define PROCESS_DUP_HANDLE
#define KernelMode
Definition: asm.h:34
_In_ HANDLE SourceHandle
Definition: obfuncs.h:429
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
Definition: obfuncs.h:431
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:433
_In_ HANDLE _In_opt_ HANDLE TargetProcessHandle
Definition: obfuncs.h:430
POBJECT_TYPE PsProcessType
Definition: process.c:20
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
#define OB_HANDLE_DEBUG
Definition: ob.h:17
NTSTATUS NTAPI ObDuplicateObject(IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
Definition: obhandle.c:2204
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:66
#define _SEH2_END
Definition: pseh2_64.h:155
#define _SEH2_TRY
Definition: pseh2_64.h:55
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
#define STATUS_SUCCESS
Definition: shellext.h:65
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ PWDFDEVICE_INIT _In_ PWDF_REMOVE_LOCK_OPTIONS Options
Definition: wdfdevice.h:3534
_In_ WDFIOTARGET Target
Definition: wdfrequest.h:306
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103

Referenced by BaseSrvCreatePairWaitHandles(), BaseSrvDestroyPairWaitHandles(), ConSrvAllocateConsole(), ConSrvInheritConsole(), CSR_API(), CsrCreateRemoteThread(), DuplicateHandle(), GRAPHICS_BUFFER_Destroy(), GRAPHICS_BUFFER_Initialize(), GuiApplyUserSettings(), GuiConsoleShowConsoleProperties(), GuiInit(), LsapAddNotification(), LsapLogonUser(), RtlpIoWorkerThreadProc(), RtlpIsIoPending(), SmpExecPgm(), SmpExecuteInitialCommand(), SmpLoadSubSystem(), SmpSbCreateSession(), START_TEST(), and StuffStdHandle().

◆ ObClearProcessHandleTable()

VOID NTAPI ObClearProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 2027 of file obhandle.c.

2028{
2032 BOOLEAN AttachedToProcess = FALSE;
2033
2034 ASSERT(Process);
2035
2036 /* Ensure the handle table doesn't go away while we use it */
2038 if (!HandleTable) return;
2039
2040 /* Attach to the current process if needed */
2042 {
2044 AttachedToProcess = TRUE;
2045 }
2046
2047 /* Enter a critical region */
2049
2050 /* Fill out the context */
2051 Context.AccessMode = UserMode;
2052 Context.HandleTable = HandleTable;
2053
2054 /* Sweep the handle table to close all handles */
2057 &Context);
2058
2059 /* Leave the critical region */
2061
2062 /* Detach if needed */
2063 if (AttachedToProcess)
2065
2066 /* Let the handle table go */
2068}
unsigned char BOOLEAN
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
#define ASSERT(a)
Definition: mode.c:44
#define UserMode
Definition: asm.h:35
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1232
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1765
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:48
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1924
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:26
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
KAPC_STATE
Definition: ketypes.h:1409
#define PsGetCurrentProcess
Definition: psfuncs.h:17

Referenced by NtTerminateProcess(), and PspTerminateProcess().

◆ ObCloseHandle()

NTSTATUS NTAPI ObCloseHandle ( IN HANDLE  Handle,
IN KPROCESSOR_MODE  AccessMode 
)

Definition at line 3379 of file obhandle.c.

3381{
3382 /* Call the internal API */
3384}
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396

Referenced by _IRQL_requires_max_(), CheckDirectorySecurity__(), CheckKeySecurity__(), CmpAddToHiveFileList(), CmpLinkKeyToHive(), CmpRemoveFromHiveFileList(), DbgkCreateThread(), DbgkMapViewOfSection(), DbgkpFreeDebugEvent(), DbgkpOpenHandles(), DbgkpPostFakeModuleMessages(), DbgkpPostFakeThreadMessages(), DisplayBootBitmap(), ExitThreadCallback(), ExpCreateSystemRootLink(), ExpCreateWorkerThread(), ExpInitializeWorkerThreads(), ExpInitNls(), InitThreadCallback(), IntCopyRegistryKey(), IntCreateDesktop(), IntCreateNewRegistryPath(), IntLoadRegistryParameters(), IntResolveDesktop(), IntSetupDeviceSettingsKey(), IntVideoPortInbvCleanup(), IoCreateController(), IoCreateDevice(), IoCreateStreamFileObjectEx(), IopDetectResourceConflict(), IopOpenLinkOrRenameTarget(), IopReassignSystemRoot(), IopStoreSystemPartitionInformation(), KernelModeTest(), KmtStartThread(), LpcpCreatePort(), MmCreatePhysicalMemorySection(), NotificationCallback(), NtLoadKeyEx(), NtSaveKeyEx(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSetDefaultLocale(), NtSetInformationFile(), NtUnloadKey2(), NtUserCloseDesktop(), NtUserCloseWindowStation(), NtUserResolveDesktop(), PnpRootCreateDevice(), PspCreateProcess(), PspCreateThread(), PspExitThread(), PspInitPhase0(), RawInputThreadMain(), RunTest(), ScrInbvCleanup(), SepRmCommandServerThread(), SepRmCommandServerThreadInit(), SeRmInitPhase1(), START_TEST(), TestAllInformation(), TestConnect(), TestCreateNamedPipe(), TestDuplicate(), TestIoCreateFile(), TestObRootSecurity(), TestPhysicalMemorySection(), TestReadWrite(), TestRelativeNames(), TestSharedCacheMap(), UserModeTest(), and UserSetProcessWindowStation().

◆ ObDereferenceProcessHandleTable()

VOID NTAPI ObDereferenceProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 48 of file obhandle.c.

49{
50 /* Release the process lock */
51 ExReleaseRundownProtection(&Process->RundownProtect);
52}
#define ExReleaseRundownProtection
Definition: ex.h:136

Referenced by ObClearProcessHandleTable(), ObDuplicateObject(), ObFindHandleForObject(), ObGetProcessHandleCount(), and ObInitProcess().

◆ ObDuplicateObject()

NTSTATUS NTAPI ObDuplicateObject ( IN PEPROCESS  SourceProcess,
IN HANDLE  SourceHandle,
IN PEPROCESS TargetProcess  OPTIONAL,
IN PHANDLE TargetHandle  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  HandleAttributes,
IN ULONG  Options,
IN KPROCESSOR_MODE  PreviousMode 
)

Definition at line 2204 of file obhandle.c.

2212{
2213 HANDLE_TABLE_ENTRY NewHandleEntry;
2214 BOOLEAN AttachedToProcess = FALSE;
2215 PVOID SourceObject;
2216 POBJECT_HEADER ObjectHeader;
2218 HANDLE NewHandle;
2221 ACCESS_MASK TargetAccess, SourceAccess;
2224 AUX_ACCESS_DATA AuxData;
2227 ULONG AuditMask;
2229
2230 PAGED_CODE();
2232 "%s - Duplicating handle: %p for %p into %p\n",
2235 SourceProcess,
2236 TargetProcess);
2237
2238 /* Assume failure */
2240
2241 /* Check if we're not duplicating the same access */
2243 {
2244 /* Validate the desired access */
2245 Status = STATUS_SUCCESS; //ObpValidateDesiredAccess(DesiredAccess);
2246 if (!NT_SUCCESS(Status)) return Status;
2247 }
2248
2249 /* Reference the object table */
2252
2253 /* Reference the process object */
2255 SourceProcess,
2258 &SourceObject,
2260 &AuditMask);
2261 if (!NT_SUCCESS(Status))
2262 {
2263 /* Fail */
2264 ObDereferenceProcessHandleTable(SourceProcess);
2265 return Status;
2266 }
2267 else
2268 {
2269 /* Check if we have to don't have to audit object close */
2270 if (!(HandleInformation.HandleAttributes & OBJ_AUDIT_OBJECT_CLOSE))
2271 {
2272 /* Then there is no audit mask */
2273 AuditMask = 0;
2274 }
2275 }
2276
2277 /* Check if there's no target process */
2278 if (!TargetProcess)
2279 {
2280 /* Check if the caller wanted actual duplication */
2282 {
2283 /* Invalid request */
2285 }
2286 else
2287 {
2288 /* Otherwise, do the attach */
2289 KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2290
2291 /* Close the handle and detach */
2294 }
2295
2296 /* Return */
2297 ObDereferenceProcessHandleTable(SourceProcess);
2298 ObDereferenceObject(SourceObject);
2299 return Status;
2300 }
2301
2302 /* Create a kernel handle if asked, but only in the system process */
2303 if (PreviousMode == KernelMode &&
2305 TargetProcess == PsInitialSystemProcess)
2306 {
2308 }
2309
2310 /* Get the target handle table */
2312 if (!HandleTable)
2313 {
2314 /* Check if the caller wanted us to close the handle */
2316 {
2317 /* Do the attach */
2318 KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2319
2320 /* Close the handle and detach */
2323 }
2324
2325 /* Return */
2326 ObDereferenceProcessHandleTable(SourceProcess);
2327 ObDereferenceObject(SourceObject);
2329 }
2330
2331 /* Get the source access */
2332 SourceAccess = HandleInformation.GrantedAccess;
2333
2334 /* Check if we're not in the target process */
2335 if (TargetProcess != PsGetCurrentProcess())
2336 {
2337 /* Attach to it */
2338 KeStackAttachProcess(&TargetProcess->Pcb, &ApcState);
2339 AttachedToProcess = TRUE;
2340 }
2341
2342 /* Check if we're duplicating the attributes */
2344 {
2345 /* Duplicate them */
2346 HandleAttributes = HandleInformation.HandleAttributes;
2347 }
2348 else
2349 {
2350 /* Don't allow caller to bypass auditing */
2351 HandleAttributes |= HandleInformation.HandleAttributes &
2353 }
2354
2355 /* Check if we're duplicating the access */
2356 if (Options & DUPLICATE_SAME_ACCESS) DesiredAccess = SourceAccess;
2357
2358 /* Get object data */
2359 ObjectHeader = OBJECT_TO_OBJECT_HEADER(SourceObject);
2360 ObjectType = ObjectHeader->Type;
2361
2362 /* Fill out the entry */
2363 RtlZeroMemory(&NewHandleEntry, sizeof(HANDLE_TABLE_ENTRY));
2364 NewHandleEntry.Object = ObjectHeader;
2366
2367 /* Check if we're using a generic mask */
2369 {
2370 /* Map it */
2372 &ObjectType->TypeInfo.GenericMapping);
2373 }
2374
2375 /* Set the target access, always propagate ACCESS_SYSTEM_SECURITY */
2376 TargetAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
2378 NewHandleEntry.GrantedAccess = TargetAccess;
2379
2380 /* Check if we're asking for new access */
2381 if (TargetAccess & ~SourceAccess)
2382 {
2383 /* We are. We need the security procedure to validate this */
2384 if (ObjectType->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
2385 {
2386 /* Use our built-in access state */
2389 &AuxData,
2390 TargetAccess,
2391 &ObjectType->TypeInfo.GenericMapping);
2392 }
2393 else
2394 {
2395 /* Otherwise we can't allow this privilege elevation */
2397 }
2398 }
2399 else
2400 {
2401 /* We don't need an access state */
2403 }
2404
2405 /* Make sure the access state was created OK */
2406 if (NT_SUCCESS(Status))
2407 {
2408 /* Add a new handle */
2409 Status = ObpIncrementHandleCount(SourceObject,
2415 }
2416
2417 /* Check if we were attached */
2418 if (AttachedToProcess)
2419 {
2420 /* We can safely detach now */
2422 AttachedToProcess = FALSE;
2423 }
2424
2425 /* Check if we have to close the source handle */
2427 {
2428 /* Attach and close */
2429 KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2432 }
2433
2434 /* Check if we had an access state */
2436
2437 /* Now check if incrementing actually failed */
2438 if (!NT_SUCCESS(Status))
2439 {
2440 /* Dereference handle tables */
2441 ObDereferenceProcessHandleTable(SourceProcess);
2442 ObDereferenceProcessHandleTable(TargetProcess);
2443
2444 /* Dereference the source object */
2445 ObDereferenceObject(SourceObject);
2446 return Status;
2447 }
2448
2449 if (NewHandleEntry.ObAttributes & OBJ_PROTECT_CLOSE)
2450 {
2451 NewHandleEntry.ObAttributes &= ~OBJ_PROTECT_CLOSE;
2452 NewHandleEntry.GrantedAccess |= ObpAccessProtectCloseBit;
2453 }
2454
2455 /* Now create the handle */
2456 NewHandle = ExCreateHandle(HandleTable, &NewHandleEntry);
2457 if (!NewHandle)
2458 {
2459 /* Undo the increment */
2460 ObpDecrementHandleCount(SourceObject,
2461 TargetProcess,
2462 TargetAccess,
2463 ObjectType);
2464
2465 /* Deference the object and set failure status */
2466 ObDereferenceObject(SourceObject);
2468 }
2469
2470 /* Mark it as a kernel handle if requested */
2471 if (KernelHandle)
2472 {
2473 NewHandle = ObMarkHandleAsKernelHandle(NewHandle);
2474 }
2475
2476 /* Return the handle */
2477 if (TargetHandle) *TargetHandle = NewHandle;
2478
2479 /* Dereference handle tables */
2480 ObDereferenceProcessHandleTable(SourceProcess);
2481 ObDereferenceProcessHandleTable(TargetProcess);
2482
2483 /* Return status */
2485 "%s - Duplicated handle: %p for %p into %p. Source: %p HC PC %lx %lx\n",
2487 NewHandle,
2488 SourceProcess,
2489 TargetProcess,
2490 SourceObject,
2491 ObjectHeader->PointerCount,
2492 ObjectHeader->HandleCount);
2493 return Status;
2494}
#define PAGED_CODE()
#define OBJ_PROTECT_CLOSE
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:134
#define GENERIC_ACCESS
Definition: security.c:35
HANDLE KernelHandle
Definition: legacy.c:24
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
ObjectType
Definition: metafile.c:81
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153
@ ObDuplicateHandle
Definition: obtypes.h:143
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:827
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:150
NTSTATUS NTAPI SeCreateAccessState(_Out_ PACCESS_STATE AccessState, _Out_ __drv_aliasesMem PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
Creates an access state.
Definition: access.c:121
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:502
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
#define ObpAccessProtectCloseBit
Definition: ob.h:59
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:85
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:530
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle(IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
Definition: obhandle.c:85
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:811
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
Definition: extypes.h:596
PVOID Object
Definition: extypes.h:599
ULONG GrantedAccess
Definition: extypes.h:606
ULONG_PTR ObAttributes
Definition: extypes.h:600
LONG_PTR HandleCount
Definition: obtypes.h:490
LONG_PTR PointerCount
Definition: obtypes.h:487
POBJECT_TYPE Type
Definition: obtypes.h:493
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
uint32_t ULONG
Definition: typedefs.h:59
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:44
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71
#define DUPLICATE_SAME_ACCESS
#define DUPLICATE_CLOSE_SOURCE
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417

Referenced by DbgkpOpenHandles(), and NtDuplicateObject().

◆ ObFindHandleForObject()

BOOLEAN NTAPI ObFindHandleForObject ( IN PEPROCESS  Process,
IN PVOID  Object,
IN POBJECT_TYPE  ObjectType,
IN POBJECT_HANDLE_INFORMATION  HandleInformation,
OUT PHANDLE  Handle 
)

Definition at line 2856 of file obhandle.c.

2861{
2862 OBP_FIND_HANDLE_DATA FindData;
2864 PVOID ObjectTable;
2865
2866 /* Make sure we have an object table */
2868 if (ObjectTable)
2869 {
2870 /* Check if we have an object */
2871 if (Object)
2872 {
2873 /* Set its header */
2875 }
2876 else
2877 {
2878 /* Otherwise, no object to match*/
2879 FindData.ObjectHeader = NULL;
2880 }
2881
2882 /* Set other information */
2883 FindData.ObjectType = ObjectType;
2885
2886 /* Enumerate the handle table */
2887 if (ExEnumHandleTable(Process->ObjectTable,
2889 &FindData,
2890 Handle))
2891 {
2892 /* Set success */
2893 Result = TRUE;
2894 }
2895
2896 /* Let go of the table */
2898 }
2899
2900 /* Return the result */
2901 return Result;
2902}
BOOLEAN NTAPI ExEnumHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_ENUM_HANDLE_CALLBACK EnumHandleProcedure, IN OUT PVOID Context, OUT PHANDLE EnumHandle OPTIONAL)
Definition: handle.c:1271
BOOLEAN NTAPI ObpEnumFindHandleProcedure(IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:211
POBJECT_HANDLE_INFORMATION HandleInformation
Definition: ob.h:125
POBJECT_TYPE ObjectType
Definition: ob.h:124
POBJECT_HEADER ObjectHeader
Definition: ob.h:123
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409

Referenced by IntGetDesktopObjectHandle(), and IntResolveDesktop().

◆ ObGetProcessHandleCount()

ULONG NTAPI ObGetProcessHandleCount ( IN PEPROCESS  Process)

Definition at line 56 of file obhandle.c.

57{
58 ULONG HandleCount;
60
62
63 /* Ensure the handle table doesn't go away while we use it */
65
66 if (HandleTable != NULL)
67 {
68 /* Count the number of handles the process has */
69 HandleCount = HandleTable->HandleCount;
70
71 /* Let the handle table go */
73 }
74 else
75 {
76 /* No handle table, no handles */
77 HandleCount = 0;
78 }
79
80 return HandleCount;
81}

Referenced by NtQueryInformationProcess(), and QSI_DEF().

◆ ObInitProcess()

NTSTATUS NTAPI ObInitProcess ( IN PEPROCESS Parent  OPTIONAL,
IN PEPROCESS  Process 
)

Definition at line 2090 of file obhandle.c.

2092{
2093 PHANDLE_TABLE ParentTable, ObjectTable;
2094
2095 /* Check for a parent */
2096 if (Parent)
2097 {
2098 /* Reference the parent's table */
2100 if (!ParentTable) return STATUS_PROCESS_IS_TERMINATING;
2101
2102 /* Duplicate it */
2103 ObjectTable = ExDupHandleTable(Process,
2104 ParentTable,
2106 OBJ_INHERIT);
2107 }
2108 else
2109 {
2110 /* Otherwise just create a new table */
2111 ParentTable = NULL;
2112 ObjectTable = ExCreateHandleTable(Process);
2113 }
2114
2115 /* Make sure we have a table */
2116 if (ObjectTable)
2117 {
2118 /* Associate it */
2119 Process->ObjectTable = ObjectTable;
2120
2121 /* Check for auditing */
2123 {
2124 /* FIXME: TODO */
2125 DPRINT1("Need auditing!\n");
2126 }
2127
2128 /* Get rid of the old table now */
2129 if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2130
2131 /* We are done */
2132 return STATUS_SUCCESS;
2133 }
2134 else
2135 {
2136 /* Fail */
2137 Process->ObjectTable = NULL;
2138 if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2140 }
2141}
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:732
#define DPRINT1
Definition: precomp.h:8
#define OBJ_INHERIT
Definition: winternl.h:225
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
Definition: handle.c:801
PHANDLE_TABLE NTAPI ExDupHandleTable(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PEX_DUPLICATE_HANDLE_CALLBACK DupHandleProcedure, IN ULONG_PTR Mask)
Definition: handle.c:1072
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
Definition: audit.c:34
BOOLEAN NTAPI ObpDuplicateHandleCallback(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: obhandle.c:1960

Referenced by PspCreateProcess().

◆ ObInsertObject()

NTSTATUS NTAPI ObInsertObject ( IN PVOID  Object,
IN PACCESS_STATE AccessState  OPTIONAL,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  ObjectPointerBias,
OUT PVOID *NewObject  OPTIONAL,
OUT PHANDLE  Handle 
)

Definition at line 2935 of file obhandle.c.

2941{
2942 POBJECT_CREATE_INFORMATION ObjectCreateInfo;
2943 POBJECT_HEADER ObjectHeader;
2946 PVOID InsertObject;
2947 PSECURITY_DESCRIPTOR ParentDescriptor = NULL;
2948 BOOLEAN SdAllocated = FALSE;
2949 POBJECT_HEADER_NAME_INFO ObjectNameInfo;
2951 ACCESS_STATE LocalAccessState;
2952 AUX_ACCESS_DATA AuxData;
2953 OB_OPEN_REASON OpenReason;
2955 NTSTATUS Status = STATUS_SUCCESS, RealStatus;
2956 BOOLEAN IsNewObject;
2957 PAGED_CODE();
2958
2959 /* Get the Header */
2960 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
2961
2962 /* Detect invalid insert */
2963 if (!(ObjectHeader->Flags & OB_FLAG_CREATE_INFO))
2964 {
2965 /* Display warning and break into debugger */
2966 DPRINT1("OB: Attempting to insert existing object %p\n", Object);
2967 DbgBreakPoint();
2968
2969 /* Allow debugger to continue */
2972 }
2973
2974 /* Get the create and name info, as well as the object type */
2975 ObjectCreateInfo = ObjectHeader->ObjectCreateInfo;
2976 ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
2977 ObjectType = ObjectHeader->Type;
2978 ObjectName = NULL;
2979
2980 /* Check if this is an named object */
2981 if ((ObjectNameInfo) && (ObjectNameInfo->Name.Buffer))
2982 {
2983 /* Get the object name */
2984 ObjectName = &ObjectNameInfo->Name;
2985 }
2986
2987 /* Sanity check */
2988 ASSERT((Handle) ||
2989 ((ObjectPointerBias == 0) &&
2990 (ObjectName == NULL) &&
2991 (ObjectType->TypeInfo.SecurityRequired) &&
2992 (NewObject == NULL)));
2993
2994 /* Check if the object is unnamed and also doesn't have security */
2996 if (!(ObjectType->TypeInfo.SecurityRequired) && !(ObjectName))
2997 {
2998 /* Assume failure */
2999 *Handle = NULL;
3000 ObjectHeader->ObjectCreateInfo = NULL;
3001
3002 /* Create the handle */
3006 ObjectCreateInfo->Attributes,
3008 NewObject,
3009 Handle);
3010
3011 /* Free the create information */
3012 ObpFreeObjectCreateInformation(ObjectCreateInfo);
3013
3014 /* Release the object name information */
3015 ObpDereferenceNameInfo(ObjectNameInfo);
3016
3017 /* Remove the extra keep-alive reference */
3019
3020 /* Return */
3022 "%s - returning Object with PC S: %lx %lx\n",
3024 ObjectHeader->PointerCount,
3025 Status);
3026 return Status;
3027 }
3028
3029 /* Check if we didn't get an access state */
3030 if (!AccessState)
3031 {
3032 /* Use our built-in access state */
3033 AccessState = &LocalAccessState;
3034 Status = SeCreateAccessState(&LocalAccessState,
3035 &AuxData,
3037 &ObjectType->TypeInfo.GenericMapping);
3038 if (!NT_SUCCESS(Status))
3039 {
3040 /* Fail */
3041 ObpDereferenceNameInfo(ObjectNameInfo);
3043 return Status;
3044 }
3045 }
3046
3047 /* Save the security descriptor */
3048 AccessState->SecurityDescriptor = ObjectCreateInfo->SecurityDescriptor;
3049
3050 /* Validate the access mask */
3052 if (!NT_SUCCESS(Status))
3053 {
3054 /* Fail */
3055 ObpDereferenceNameInfo(ObjectNameInfo);
3057 return Status;
3058 }
3059
3060 /* Setup a lookup context */
3062 InsertObject = Object;
3063 OpenReason = ObCreateHandle;
3064
3065 /* Check if the object is named */
3066 if (ObjectName)
3067 {
3068 /* Look it up */
3069 Status = ObpLookupObjectName(ObjectCreateInfo->RootDirectory,
3070 ObjectName,
3071 ObjectCreateInfo->Attributes,
3072 ObjectType,
3073 (ObjectHeader->Flags & OB_FLAG_KERNEL_MODE) ?
3075 ObjectCreateInfo->ParseContext,
3076 ObjectCreateInfo->SecurityQos,
3077 Object,
3079 &Context,
3080 &InsertObject);
3081
3082 /* Check if we found an object that doesn't match the one requested */
3083 if ((NT_SUCCESS(Status)) && (InsertObject) && (Object != InsertObject))
3084 {
3085 /* This means we're opening an object, not creating a new one */
3086 OpenReason = ObOpenHandle;
3087
3088 /* Make sure the caller said it's OK to do this */
3089 if (ObjectCreateInfo->Attributes & OBJ_OPENIF)
3090 {
3091 /* He did, but did he want this type? */
3092 if (ObjectType != OBJECT_TO_OBJECT_HEADER(InsertObject)->Type)
3093 {
3094 /* Wrong type, so fail */
3096 }
3097 else
3098 {
3099 /* Right type, so warn */
3101 }
3102 }
3103 else
3104 {
3105 /* Check if this was a symbolic link */
3106 if (OBJECT_TO_OBJECT_HEADER(InsertObject)->Type ==
3108 {
3109 /* Dereference it */
3110 ObDereferenceObject(InsertObject);
3111 }
3112
3113 /* Caller wanted to create a new object, fail */
3115 }
3116 }
3117
3118 /* Check if anything until now failed */
3119 if (!NT_SUCCESS(Status))
3120 {
3121 /* Cleanup after lookup */
3123
3124 /* Remove query reference that we added */
3125 ObpDereferenceNameInfo(ObjectNameInfo);
3126
3127 /* Dereference the object and delete the access state */
3129 if (AccessState == &LocalAccessState)
3130 {
3131 /* We used a local one; delete it */
3133 }
3134
3135 /* Return failure code */
3136 return Status;
3137 }
3138 else
3139 {
3140 /* Check if this is a symbolic link */
3142 {
3143 /* Create the internal name */
3145 }
3146 }
3147 }
3148
3149 /* Now check if this object is being created */
3150 if (InsertObject == Object)
3151 {
3152 /* Check if it's named or forces security */
3153 if ((ObjectName) || (ObjectType->TypeInfo.SecurityRequired))
3154 {
3155 /* Make sure it's inserted into an object directory */
3156 if ((ObjectNameInfo) && (ObjectNameInfo->Directory))
3157 {
3158 /* Get the current descriptor */
3159 ObGetObjectSecurity(ObjectNameInfo->Directory,
3160 &ParentDescriptor,
3161 &SdAllocated);
3162 }
3163
3164 /* Now assign it */
3166 ParentDescriptor,
3167 Object,
3168 ObjectType);
3169
3170 /* Check if we captured one */
3171 if (ParentDescriptor)
3172 {
3173 /* We did, release it */
3174 ObReleaseObjectSecurity(ParentDescriptor, SdAllocated);
3175 }
3176 else if (NT_SUCCESS(Status))
3177 {
3178 /* Other we didn't, but we were able to use the current SD */
3180 ObjectCreateInfo->ProbeMode,
3181 TRUE);
3182
3183 /* Clear the current one */
3184 AccessState->SecurityDescriptor =
3185 ObjectCreateInfo->SecurityDescriptor = NULL;
3186 }
3187 }
3188
3189 /* Check if anything until now failed */
3190 if (!NT_SUCCESS(Status))
3191 {
3192 /* Check if the directory was added */
3193 if (Context.DirectoryLocked)
3194 {
3195 /* Weird case where we need to do a manual delete */
3196 DPRINT1("Unhandled path\n");
3197 ASSERT(FALSE);
3198 }
3199
3200 /* Cleanup the lookup */
3202
3203 /* Remove query reference that we added */
3204 ObpDereferenceNameInfo(ObjectNameInfo);
3205
3206 /* Dereference the object and delete the access state */
3208 if (AccessState == &LocalAccessState)
3209 {
3210 /* We used a local one; delete it */
3212 }
3213
3214 /* Return failure code */
3215 ASSERT(FALSE);
3216 return Status;
3217 }
3218 }
3219
3220 /* Save the actual status until here */
3221 RealStatus = Status;
3222
3223 /* Check if caller wants us to create a handle */
3224 ObjectHeader->ObjectCreateInfo = NULL;
3225 if (Handle)
3226 {
3227 /* Create the handle */
3228 Status = ObpCreateHandle(OpenReason,
3229 InsertObject,
3230 NULL,
3233 ObjectCreateInfo->Attributes,
3234 &Context,
3236 NewObject,
3237 Handle);
3238 if (!NT_SUCCESS(Status))
3239 {
3240 /* If the object had a name, backout everything */
3242
3243 /* Return the status of the failure */
3244 *Handle = NULL;
3245 RealStatus = Status;
3246 }
3247
3248 /* Remove a query reference */
3249 ObpDereferenceNameInfo(ObjectNameInfo);
3250
3251 /* Remove the extra keep-alive reference */
3253 }
3254 else
3255 {
3256 /* Otherwise, lock the object */
3257 ObpAcquireObjectLock(ObjectHeader);
3258
3259 /* And charge quota for the process to make it appear as used */
3260 RealStatus = ObpChargeQuotaForObject(ObjectHeader,
3261 ObjectType,
3262 &IsNewObject);
3263
3264 /* Release the lock */
3265 ObpReleaseObjectLock(ObjectHeader);
3266
3267 /* Check if we failed and dereference the object if so */
3268 if (!NT_SUCCESS(RealStatus)) ObDereferenceObject(Object);
3269 }
3270
3271 /* We can delete the Create Info now */
3272 ObpFreeObjectCreateInformation(ObjectCreateInfo);
3273
3274 /* Check if we created our own access state and delete it if so */
3275 if (AccessState == &LocalAccessState) SeDeleteAccessState(AccessState);
3276
3277 /* Return status code */
3279 "%s - returning Object with PC RS/S: %lx %lx %lx\n",
3281 OBJECT_TO_OBJECT_HEADER(Object)->PointerCount,
3282 RealStatus, Status);
3283 return RealStatus;
3284}
#define ObpSymbolicLinkObjectType
Definition: ObTypes.c:119
Type
Definition: Type.h:7
#define STATUS_OBJECT_TYPE_MISMATCH
Definition: d3dkmdt.h:46
#define OBJ_OPENIF
Definition: winternl.h:229
NTSYSAPI void WINAPI DbgBreakPoint(void)
#define KeGetPreviousMode()
Definition: ketypes.h:1115
#define OB_FLAG_CREATE_INFO
Definition: obtypes.h:97
#define OB_FLAG_KERNEL_MODE
Definition: obtypes.h:98
@ ObOpenHandle
Definition: obtypes.h:142
@ ObCreateHandle
Definition: obtypes.h:141
enum _OB_OPEN_REASON OB_OPEN_REASON
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
#define STATUS_OBJECT_NAME_EXISTS
Definition: ntstatus.h:114
VOID NTAPI ObpCreateSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
Definition: oblink.c:334
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
Definition: obname.c:301
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
Definition: obname.c:446
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Initializes a new object directory lookup context. Used for lookup operations (insertions/deletions) ...
Definition: ob_x.h:258
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Releases an initialized object directory lookup context. Unlocks it if necessary, and dereferences th...
Definition: ob_x.h:323
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
FORCEINLINE VOID ObpFreeObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:460
NTSTATUS NTAPI ObpCreateHandle(IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1497
NTSTATUS NTAPI ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
Definition: obhandle.c:431
NTSTATUS NTAPI ObpCreateUnnamedHandle(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1312
NTSTATUS NTAPI ObpValidateAccessMask(IN PACCESS_STATE AccessState)
Definition: obhandle.c:488
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
NTSTATUS NTAPI ObAssignSecurity(IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
Definition: obsecure.c:550
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:344
KPROCESSOR_MODE ProbeMode
Definition: obtypes.h:340
PSECURITY_QUALITY_OF_SERVICE SecurityQos
Definition: obtypes.h:345
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
UNICODE_STRING Name
Definition: obtypes.h:433
UCHAR Flags
Definition: obtypes.h:497
POBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: obtypes.h:500
#define STATUS_OBJECT_NAME_COLLISION
Definition: udferr_usr.h:150
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG ObjectPointerBias
Definition: obfuncs.h:73
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:74

Referenced by _IRQL_requires_max_(), CmpCreateRegistryRoot(), CreateClientPort(), ExCreateCallback(), HalpDmaAllocateChildAdapter(), IntCreateWindowStation(), IoCreateController(), IoCreateDevice(), IoCreateDriver(), IoCreateStreamFileObjectEx(), IopInitializeDriverModule(), LpcpCreatePort(), MmCreatePhysicalMemorySection(), NtCreateDebugObject(), NtCreateDirectoryObject(), NtCreateEvent(), NtCreateEventPair(), NtCreateIoCompletion(), NtCreateJobObject(), NtCreateMutant(), NtCreateProfile(), NtCreateSection(), NtCreateSemaphore(), NtCreateSymbolicLinkObject(), NtCreateTimer(), NtDuplicateToken(), NtFilterToken(), NtSecureConnectPort(), ObtCreateObjects(), PspCreateProcess(), PspCreateThread(), SeFilterToken(), SepCreateToken(), SepInitializationPhase1(), SepOpenThreadToken(), and SeSubProcessToken().

◆ ObIsKernelHandle()

BOOLEAN NTAPI ObIsKernelHandle ( IN HANDLE  Handle)

Definition at line 3525 of file obhandle.c.

3526{
3527 /* Use the inlined version. We know we are in kernel mode. */
3529}
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:74

◆ ObKillProcess()

VOID NTAPI ObKillProcess ( IN PEPROCESS  Process)

Definition at line 2160 of file obhandle.c.

2161{
2164 BOOLEAN HardErrors;
2165 PAGED_CODE();
2166
2167 /* Wait for process rundown and then complete it */
2169 ExRundownCompleted(&Process->RundownProtect);
2170
2171 /* Get the object table */
2172 HandleTable = Process->ObjectTable;
2173 if (!HandleTable) return;
2174
2175 /* Disable hard errors while we close handles */
2176 HardErrors = IoSetThreadHardErrorMode(FALSE);
2177
2178 /* Enter a critical region */
2180
2181 /* Fill out the context */
2182 Context.AccessMode = KernelMode;
2183 Context.HandleTable = HandleTable;
2184
2185 /* Sweep the handle table to close all handles */
2188 &Context);
2189 ASSERT(HandleTable->HandleCount == 0);
2190
2191 /* Leave the critical region */
2193
2194 /* Re-enable hard errors */
2195 IoSetThreadHardErrorMode(HardErrors);
2196
2197 /* Destroy the object table */
2198 Process->ObjectTable = NULL;
2200}
#define ExWaitForRundownProtectionRelease
Definition: ex.h:138
#define ExRundownCompleted
Definition: ex.h:139
VOID NTAPI ExDestroyHandleTable(IN PHANDLE_TABLE HandleTable, IN PVOID DestroyHandleProcedure OPTIONAL)
Definition: handle.c:963
BOOLEAN NTAPI IoSetThreadHardErrorMode(IN BOOLEAN HardErrorEnabled)
Definition: error.c:726

Referenced by PspDeleteProcess(), and PspExitThread().

◆ ObOpenObjectByName()

NTSTATUS NTAPI ObOpenObjectByName ( IN POBJECT_ATTRIBUTES  ObjectAttributes,
IN POBJECT_TYPE  ObjectType,
IN KPROCESSOR_MODE  AccessMode,
IN PACCESS_STATE  PassedAccessState,
IN ACCESS_MASK  DesiredAccess,
IN OUT PVOID  ParseContext,
OUT PHANDLE  Handle 
)

Definition at line 2532 of file obhandle.c.

2539{
2540 PVOID Object = NULL;
2542 NTSTATUS Status, Status2;
2543 POBJECT_HEADER ObjectHeader;
2545 OB_OPEN_REASON OpenReason;
2546 POB_TEMP_BUFFER TempBuffer;
2547 PAGED_CODE();
2548
2549 /* Assume failure */
2550 *Handle = NULL;
2551
2552 /* Check if we didn't get any Object Attributes */
2553 if (!ObjectAttributes)
2554 {
2555 /* Fail with special status code */
2557 }
2558
2559 /* Allocate the temporary buffer */
2561 sizeof(OB_TEMP_BUFFER),
2563 if (!TempBuffer) return STATUS_INSUFFICIENT_RESOURCES;
2564
2565 /* Capture all the info */
2567 AccessMode,
2568 AccessMode,
2569 TRUE,
2570 &TempBuffer->ObjectCreateInfo,
2571 &ObjectName);
2572 if (!NT_SUCCESS(Status))
2573 {
2574 /* Fail */
2576 return Status;
2577 }
2578
2579 /* Check if we didn't get an access state */
2580 if (!PassedAccessState)
2581 {
2582 /* Try to get the generic mapping if we can */
2583 if (ObjectType) GenericMapping = &ObjectType->TypeInfo.GenericMapping;
2584
2585 /* Use our built-in access state */
2586 PassedAccessState = &TempBuffer->LocalAccessState;
2588 &TempBuffer->AuxData,
2591 if (!NT_SUCCESS(Status)) goto Quickie;
2592 }
2593
2594 /* Get the security descriptor */
2595 if (TempBuffer->ObjectCreateInfo.SecurityDescriptor)
2596 {
2597 /* Save it in the access state */
2600 }
2601
2602 /* Validate the access mask */
2604 if (!NT_SUCCESS(Status))
2605 {
2606 /* Cleanup after lookup */
2608 goto Cleanup;
2609 }
2610
2611 /* Now do the lookup */
2613 &ObjectName,
2614 TempBuffer->ObjectCreateInfo.Attributes,
2615 ObjectType,
2616 AccessMode,
2617 ParseContext,
2618 TempBuffer->ObjectCreateInfo.SecurityQos,
2619 NULL,
2621 &TempBuffer->LookupContext,
2622 &Object);
2623 if (!NT_SUCCESS(Status))
2624 {
2625 /* Cleanup after lookup */
2627 goto Cleanup;
2628 }
2629
2630 /* Check if this object has create information */
2631 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
2632 if (ObjectHeader->Flags & OB_FLAG_CREATE_INFO)
2633 {
2634 /* Then we are creating a new handle */
2635 OpenReason = ObCreateHandle;
2636
2637 /* Check if we still have create info */
2638 if (ObjectHeader->ObjectCreateInfo)
2639 {
2640 /* Free it */
2641 ObpFreeObjectCreateInformation(ObjectHeader->
2642 ObjectCreateInfo);
2643 ObjectHeader->ObjectCreateInfo = NULL;
2644 }
2645 }
2646 else
2647 {
2648 /* Otherwise, we are merely opening it */
2649 OpenReason = ObOpenHandle;
2650 }
2651
2652 /* Check if we have invalid object attributes */
2653 if (ObjectHeader->Type->TypeInfo.InvalidAttributes &
2654 TempBuffer->ObjectCreateInfo.Attributes)
2655 {
2656 /* Set failure code */
2658
2659 /* Cleanup after lookup */
2661
2662 /* Dereference the object */
2664 }
2665 else
2666 {
2667 /* Create the actual handle now */
2668 Status2 = ObpCreateHandle(OpenReason,
2669 Object,
2670 ObjectType,
2672 0,
2673 TempBuffer->ObjectCreateInfo.Attributes,
2674 &TempBuffer->LookupContext,
2675 AccessMode,
2676 NULL,
2677 Handle);
2678 if (!NT_SUCCESS(Status2))
2679 {
2681 Status = Status2;
2682 }
2683 }
2684
2685Cleanup:
2686 /* Delete the access state */
2687 if (PassedAccessState == &TempBuffer->LocalAccessState)
2688 {
2690 }
2691
2692Quickie:
2693 /* Release the object attributes and temporary buffer */
2697
2698 /* Return status */
2700 "%s - returning Object %p with PC S: %lx %lx\n",
2702 Object,
2703 Object ? OBJECT_TO_OBJECT_HEADER(Object)->PointerCount : -1,
2704 Status);
2705 return Status;
2706}
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
static const WCHAR Cleanup[]
Definition: register.c:80
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define NonPagedPool
Definition: env_spec_w32.h:307
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
NTSTATUS NTAPI ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
Definition: oblife.c:455
#define TAG_OB_TEMP_STORAGE
Definition: ob.h:160
VOID NTAPI ObpFreeObjectNameBuffer(IN PUNICODE_STRING Name)
Definition: oblife.c:346
FORCEINLINE VOID ObpReleaseObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:364
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: setypes.h:235
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
OBP_LOOKUP_CONTEXT LookupContext
Definition: ob.h:165
OBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: ob.h:164
AUX_ACCESS_DATA AuxData
Definition: ob.h:166
ACCESS_STATE LocalAccessState
Definition: ob.h:163

Referenced by CmLoadKey(), CmpLinkHiveToMaster(), CreateGreenFdo(), ExCreateCallback(), GetObjectType(), IntCreateDesktop(), IntCreateWindowStation(), IntResolveDesktop(), IoFastQueryNetworkAttributes(), IopCreateFile(), IopQueryAttributesFile(), NtCreateKey(), NtDeleteFile(), NtOpenDirectoryObject(), NtOpenEvent(), NtOpenEventPair(), NtOpenIoCompletion(), NtOpenJobObject(), NtOpenKey(), NtOpenMutant(), NtOpenProcess(), NtOpenSection(), NtOpenSemaphore(), NtOpenSymbolicLinkObject(), NtOpenThread(), NtOpenTimer(), NtQueryOpenSubKeys(), NtUnloadKey2(), NtUserOpenDesktop(), NtUserOpenWindowStation(), ObtCreateObjectTypes(), and START_TEST().

◆ ObOpenObjectByPointer()

NTSTATUS NTAPI ObOpenObjectByPointer ( IN PVOID  Object,
IN ULONG  HandleAttributes,
IN PACCESS_STATE  PassedAccessState,
IN ACCESS_MASK  DesiredAccess,
IN POBJECT_TYPE  ObjectType,
IN KPROCESSOR_MODE  AccessMode,
OUT PHANDLE  Handle 
)

Definition at line 2742 of file obhandle.c.

2749{
2753 AUX_ACCESS_DATA AuxData;
2754 PAGED_CODE();
2755
2756 /* Assume failure */
2757 *Handle = NULL;
2758
2759 /* Reference the object */
2761 0,
2762 ObjectType,
2763 AccessMode);
2764 if (!NT_SUCCESS(Status)) return Status;
2765
2766 /* Get the Header Info */
2768
2769 /* Check if we didn't get an access state */
2770 if (!PassedAccessState)
2771 {
2772 /* Use our built-in access state */
2775 &AuxData,
2777 &Header->Type->TypeInfo.GenericMapping);
2778 if (!NT_SUCCESS(Status))
2779 {
2780 /* Fail */
2782 return Status;
2783 }
2784 }
2785
2786 /* Check if we have invalid object attributes */
2787 if (Header->Type->TypeInfo.InvalidAttributes & HandleAttributes)
2788 {
2789 /* Delete the access state */
2791 {
2793 }
2794
2795 /* Dereference the object */
2798 }
2799
2800 /* Create the handle */
2802 Object,
2803 ObjectType,
2805 0,
2807 NULL,
2808 AccessMode,
2809 NULL,
2810 Handle);
2812
2813 /* Delete the access state */
2815 {
2817 }
2818
2819 /* Return */
2821 "%s - returning Object with PC S: %lx %lx\n",
2823 OBJECT_TO_OBJECT_HEADER(Object)->PointerCount,
2824 Status);
2825 return Status;
2826}
Definition: Header.h:9
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
Definition: obref.c:381

Referenced by AfdBindSocket(), CmpConvertHandleToKernelHandle(), DbgkOpenProcessDebugPort(), DbgkpOpenHandles(), IntGetDesktopObjectHandle(), IntResolveDesktop(), NtOpenProcess(), NtOpenProcessTokenEx(), NtOpenThread(), RawInputThreadMain(), SepOpenThreadToken(), SerenumDetectLegacyDevice(), SerenumDetectPnpDevice(), SermouseDetectLegacyDevice(), START_TEST(), UserOpenInputDesktop(), and WmipOpenGuidObject().

◆ ObpChargeQuotaForObject()

NTSTATUS NTAPI ObpChargeQuotaForObject ( IN POBJECT_HEADER  ObjectHeader,
IN POBJECT_TYPE  ObjectType,
OUT PBOOLEAN  NewObject 
)

Definition at line 431 of file obhandle.c.

434{
435 POBJECT_HEADER_QUOTA_INFO ObjectQuota;
436 ULONG PagedPoolCharge, NonPagedPoolCharge;
437
438 /* Get quota information */
439 ObjectQuota = OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader);
440 *NewObject = FALSE;
441
442 /* Check if this is a new object */
443 if (ObjectHeader->Flags & OB_FLAG_CREATE_INFO)
444 {
445 /* Remove the flag */
446 ObjectHeader->Flags &= ~ OB_FLAG_CREATE_INFO;
447 if (ObjectQuota)
448 {
449 /* We have a quota, get the charges */
450 PagedPoolCharge = ObjectQuota->PagedPoolCharge +
451 ObjectQuota->SecurityDescriptorCharge;
452 NonPagedPoolCharge = ObjectQuota->NonPagedPoolCharge;
453 }
454 else
455 {
456 /* Get it from the object type */
457 PagedPoolCharge = ObjectType->TypeInfo.DefaultPagedPoolCharge;
458 NonPagedPoolCharge = ObjectType->TypeInfo.DefaultNonPagedPoolCharge;
459 }
460
461 /* Is this the system process? */
463 {
464 /* It is, don't do anything */
465 ObjectHeader->QuotaBlockCharged = OBP_SYSTEM_PROCESS_QUOTA;
466 }
467 else
468 {
469 /* Charge the quota */
470 ObjectHeader->QuotaBlockCharged = PsChargeSharedPoolQuota(PsGetCurrentProcess(),
471 PagedPoolCharge,
472 NonPagedPoolCharge);
473 }
474
475 /* Check if we don't have a quota block */
476 if (!ObjectHeader->QuotaBlockCharged) return STATUS_QUOTA_EXCEEDED;
477
478 /* Now set the flag */
479 *NewObject = TRUE;
480 }
481
482 /* Return success */
483 return STATUS_SUCCESS;
484}
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
Definition: obtypes.h:122
#define STATUS_QUOTA_EXCEEDED
Definition: ntstatus.h:304
#define OBP_SYSTEM_PROCESS_QUOTA
Definition: ob.h:64
PEPROCESS_QUOTA_BLOCK NTAPI PsChargeSharedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T AmountToChargePaged, _In_ SIZE_T AmountToChargeNonPaged)
Charges the shared (paged and non paged) pool quotas. The function is used exclusively by the Object ...
Definition: quota.c:674

Referenced by ObInsertObject(), ObpIncrementHandleCount(), and ObpIncrementUnnamedHandleCount().

◆ ObpCloseHandle()

NTSTATUS NTAPI ObpCloseHandle ( IN HANDLE  Handle,
IN KPROCESSOR_MODE  AccessMode 
)

Definition at line 1730 of file obhandle.c.

1732{
1734 BOOLEAN AttachedToProcess = FALSE;
1736 PHANDLE_TABLE_ENTRY HandleTableEntry;
1739 PAGED_CODE();
1741 "%s - Closing handle: %p\n", __FUNCTION__, Handle);
1742
1743 if (AccessMode == KernelMode && Handle == (HANDLE)-1)
1744 return STATUS_INVALID_HANDLE;
1745
1746 /* Check if we're dealing with a kernel handle */
1748 {
1749 /* Use the kernel table and convert the handle */
1752
1753 /* Check if we're not in the system process */
1755 {
1756 /* Attach to the system process */
1758 AttachedToProcess = TRUE;
1759 }
1760 }
1761 else
1762 {
1763 /* Use the process's handle table */
1764 HandleTable = Process->ObjectTable;
1765 }
1766
1767 /* Enter a critical region to protect handle access */
1769
1770 /* Get the handle entry */
1771 HandleTableEntry = ExMapHandleToPointer(HandleTable, Handle);
1772 if (HandleTableEntry)
1773 {
1774 /* Now close the entry */
1776 HandleTableEntry,
1777 Handle,
1778 AccessMode,
1779 FALSE);
1780
1781 /* We can quit the critical region now */
1783
1784 /* Detach and return success */
1785 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1786 }
1787 else
1788 {
1789 /* We failed, quit the critical region */
1791
1792 /* Detach */
1793 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1794
1795 /* Check if we have a valid handle that's not the process or thread */
1796 if ((Handle) &&
1797 (Handle != NtCurrentProcess()) &&
1798 (Handle != NtCurrentThread()))
1799 {
1800 /* Check if we came from user mode */
1801 if (AccessMode != KernelMode)
1802 {
1803 /* Check if we have no debug port */
1804 if (Process->DebugPort)
1805 {
1806 /* Make sure we're not attached */
1807 if (!KeIsAttachedProcess())
1808 {
1809 /* Raise an exception */
1811 }
1812 }
1813 }
1814 else
1815 {
1816 /* This is kernel mode. Check if we're exiting */
1818 (Process->Peb))
1819 {
1820 /* Check if the debugger is enabled */
1822 {
1823 /* Bugcheck */
1824 KeBugCheckEx(INVALID_KERNEL_HANDLE, (ULONG_PTR)Handle, 1, 0, 0);
1825 }
1826 }
1827 }
1828 }
1829
1830 /* Set invalid status */
1832 }
1833
1834 /* Return status */
1836 "%s - Closed handle: %p S: %lx\n",
1838 return Status;
1839}
#define STATUS_INVALID_HANDLE
Definition: d3dkmdt.h:40
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
BOOLEAN KdDebuggerEnabled
Definition: kddata.c:82
#define NtCurrentProcess()
Definition: nt_native.h:1657
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
Definition: handle.c:1046
NTSTATUS NTAPI KeRaiseUserException(IN NTSTATUS ExceptionCode)
Definition: except.c:413
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
Definition: thread.c:868
#define ObKernelHandleToHandle(Handle)
Definition: ob.h:83
NTSTATUS NTAPI ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
Definition: obhandle.c:685
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
BOOLEAN NTAPI KeIsAttachedProcess(VOID)
Definition: procobj.c:693
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
KPROCESS Pcb
Definition: pstypes.h:1263
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define NtCurrentThread()

Referenced by NtClose(), and ObCloseHandle().

◆ ObpCloseHandleCallback()

BOOLEAN NTAPI ObpCloseHandleCallback ( IN PHANDLE_TABLE_ENTRY  HandleTableEntry,
IN HANDLE  Handle,
IN PVOID  Context 
)

Definition at line 1924 of file obhandle.c.

1927{
1929
1930 /* Simply decrement the handle count */
1932 HandleTableEntry,
1933 Handle,
1934 CloseContext->AccessMode,
1935 TRUE);
1936 return TRUE;
1937}
struct _OBP_CLOSE_HANDLE_CONTEXT * POBP_CLOSE_HANDLE_CONTEXT
PHANDLE_TABLE HandleTable
Definition: ob.h:117
KPROCESSOR_MODE AccessMode
Definition: ob.h:118

Referenced by ObClearProcessHandleTable(), and ObKillProcess().

◆ ObpCloseHandleTableEntry()

NTSTATUS NTAPI ObpCloseHandleTableEntry ( IN PHANDLE_TABLE  HandleTable,
IN PHANDLE_TABLE_ENTRY  HandleEntry,
IN HANDLE  Handle,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  IgnoreHandleProtection 
)

Definition at line 685 of file obhandle.c.

690{
691 PVOID Body;
693 POBJECT_HEADER ObjectHeader;
695 KIRQL CalloutIrql;
696 PAGED_CODE();
697
698 /* Get the object data */
699 ObjectHeader = ObpGetHandleObject(HandleEntry);
700 ObjectType = ObjectHeader->Type;
701 Body = &ObjectHeader->Body;
702 GrantedAccess = HandleEntry->GrantedAccess;
704 "%s - Closing handle: %p for %p. HC PC %lx %lx\n",
706 Handle,
707 Body,
708 ObjectHeader->HandleCount,
709 ObjectHeader->PointerCount);
710
711 /* Check if the object has an Okay To Close procedure */
712 if (ObjectType->TypeInfo.OkayToCloseProcedure)
713 {
714 /* Call it and check if it's not letting us close it */
715 ObpCalloutStart(&CalloutIrql);
716 if (!ObjectType->TypeInfo.OkayToCloseProcedure(PsGetCurrentProcess(),
717 Body,
718 Handle,
719 AccessMode))
720 {
721 /* Fail */
722 ObpCalloutEnd(CalloutIrql, "NtClose", ObjectType, Body);
725 }
726
727 /* Success, validate callout retrn */
728 ObpCalloutEnd(CalloutIrql, "NtClose", ObjectType, Body);
729 }
730
731 /* The callback allowed us to close it, but does the handle itself? */
732 if ((HandleEntry->GrantedAccess & ObpAccessProtectCloseBit) &&
733 !(IgnoreHandleProtection))
734 {
735 /* It doesn't, are we from user mode? */
736 if (AccessMode != KernelMode)
737 {
738 /* We are! Unlock the entry */
740
741 /* Make sure we have a debug port */
742 if (PsGetCurrentProcess()->DebugPort)
743 {
744 /* Raise an exception */
746 }
747 else
748 {
749 /* Return the error instead */
751 }
752 }
753 else
754 {
755 /* Otherwise, bugcheck the OS */
756 KeBugCheckEx(INVALID_KERNEL_HANDLE, (ULONG_PTR)Handle, 0, 0, 0);
757 }
758 }
759
760 /* Destroy and unlock the handle entry */
761 ExDestroyHandle(HandleTable, Handle, HandleEntry);
762
763 /* Now decrement the handle count */
767 ObjectType);
768
769 /* Dereference the object as well */
771
772 /* Return to caller */
774 "%s - Closed handle: %p for %p.\n",
776 Handle,
777 Body);
778 return STATUS_SUCCESS;
779}
UCHAR KIRQL
Definition: env_spec_w32.h:591
BOOLEAN NTAPI ExDestroyHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PHANDLE_TABLE_ENTRY HandleTableEntry OPTIONAL)
Definition: handle.c:984
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:923
#define STATUS_HANDLE_NOT_CLOSABLE
Definition: ntstatus.h:697
#define ObpGetHandleObject(x)
Definition: ob.h:91
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:497
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20

Referenced by ObpCloseHandle(), and ObpCloseHandleCallback().

◆ ObpCreateHandle()

NTSTATUS NTAPI ObpCreateHandle ( IN OB_OPEN_REASON  OpenReason,
IN PVOID  Object,
IN POBJECT_TYPE Type  OPTIONAL,
IN PACCESS_STATE  AccessState,
IN ULONG  AdditionalReferences,
IN ULONG  HandleAttributes,
IN POBP_LOOKUP_CONTEXT  Context,
IN KPROCESSOR_MODE  AccessMode,
OUT PVOID ReturnedObject,
OUT PHANDLE  ReturnedHandle 
)

Definition at line 1497 of file obhandle.c.

1507{
1508 HANDLE_TABLE_ENTRY NewEntry;
1509 POBJECT_HEADER ObjectHeader;
1510 HANDLE Handle;
1512 BOOLEAN AttachedToProcess = FALSE, KernelHandle = FALSE;
1517 PAUX_ACCESS_DATA AuxData;
1518 PAGED_CODE();
1519
1520 /* Get the object header and type */
1521 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1522 ObjectType = ObjectHeader->Type;
1524 "%s - Creating handle for: %p. Reason: %lx. HC PC %lx %lx\n",
1526 Object,
1527 OpenReason,
1528 ObjectHeader->HandleCount,
1529 ObjectHeader->PointerCount);
1530
1531 /* Check if the types match */
1532 if ((Type) && (ObjectType != Type))
1533 {
1534 /* They don't, cleanup */
1537 }
1538
1539 /* Save the object header */
1540 NewEntry.Object = ObjectHeader;
1541
1542 /* Check if this is a kernel handle */
1544 {
1545 /* Set the handle table */
1548
1549 /* Check if we're not in the system process */
1551 {
1552 /* Attach to the system process */
1554 AttachedToProcess = TRUE;
1555 }
1556 }
1557 else
1558 {
1559 /* Get the current handle table */
1560 HandleTable = PsGetCurrentProcess()->ObjectTable;
1561 }
1562
1563 /* Increment the handle count */
1566 AccessMode,
1569 OpenReason);
1570 if (!NT_SUCCESS(Status))
1571 {
1572 /*
1573 * We failed (meaning security failure, according to NT Internals)
1574 * detach and return
1575 */
1577 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1578 return Status;
1579 }
1580
1581 /* Check if we are doing audits on close */
1582 if (AccessState->GenerateOnClose)
1583 {
1584 /* Force the attribute on */
1586 }
1587
1588 /* Mask out the internal attributes */
1590
1591 /* Get the original desired access */
1592 DesiredAccess = AccessState->RemainingDesiredAccess |
1593 AccessState->PreviouslyGrantedAccess;
1594
1595 /* Remove what's not in the valid access mask */
1596 GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
1598
1599 /* Update the value in the access state */
1600 AccessState->PreviouslyGrantedAccess = GrantedAccess;
1601
1602 /* Get the auxiliary data */
1603 AuxData = AccessState->AuxData;
1604
1605 /* Handle extra references */
1606 if (AdditionalReferences)
1607 {
1608 /* Add them to the header */
1610 AdditionalReferences);
1611 }
1612
1613 /* Now we can release the object */
1615
1616 /* Save the access mask */
1617 NewEntry.GrantedAccess = GrantedAccess;
1618
1619 /*
1620 * Create the actual handle. We'll need to do this *after* calling
1621 * ObpIncrementHandleCount to make sure that Object Security is valid
1622 * (specified in Gl00my documentation on Ob)
1623 */
1625 "%s - Handle Properties: [%p-%lx-%lx]\n",
1627 NewEntry.Object, NewEntry.ObAttributes & 3, NewEntry.GrantedAccess);
1628 Handle = ExCreateHandle(HandleTable, &NewEntry);
1629
1630 /* Make sure we got a handle */
1631 if (Handle)
1632 {
1633 /* Check if this was a kernel handle */
1635
1636 /* Return it */
1637 *ReturnedHandle = Handle;
1638
1639 /* Check if we need to generate on audit */
1640 if (AccessState->GenerateAudit)
1641 {
1642 /* Audit the handle creation */
1643 //SeAuditHandleCreation(AccessState, Handle);
1644 }
1645
1646 /* Check if this was a create */
1647 if (OpenReason == ObCreateHandle)
1648 {
1649 /* Check if we need to audit the privileges */
1650 if ((AuxData->PrivilegesUsed) &&
1651 (AuxData->PrivilegesUsed->PrivilegeCount))
1652 {
1653 /* Do the audit */
1654#if 0
1656 &AccessState->
1659 AuxData->PrivilegesUsed,
1660 TRUE,
1662#endif
1663 }
1664 }
1665
1666 /* Return the new object only if caller wanted it biased */
1667 if ((AdditionalReferences) && (ReturnedObject))
1668 {
1669 /* Return it */
1670 *ReturnedObject = Object;
1671 }
1672
1673 /* Detach if needed */
1674 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1675
1676 /* Trace and return */
1678 "%s - Returning Handle: %p HC PC %lx %lx\n",
1680 Handle,
1681 ObjectHeader->HandleCount,
1682 ObjectHeader->PointerCount);
1683 return STATUS_SUCCESS;
1684 }
1685
1686 /* Decrement the handle count and detach */
1687 ObpDecrementHandleCount(&ObjectHeader->Body,
1690 ObjectType);
1691
1692 /* Handle extra references */
1693 if (AdditionalReferences)
1694 {
1695 /* Check how many extra references were added */
1696 if (AdditionalReferences > 1)
1697 {
1698 /* Dereference it many times */
1700 -(LONG)(AdditionalReferences - 1));
1701 }
1702
1703 /* Dereference the object one last time */
1705 }
1706
1707 /* Detach if necessary and fail */
1708 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1710}
#define InterlockedExchangeAddSizeT(a, b)
Definition: interlocked.h:196
VOID NTAPI SePrivilegeObjectAuditAlarm(_In_ HANDLE Handle, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE CurrentMode)
Raises an audit with alarm notification message when an object tries to acquire this privilege.
Definition: audit.c:1321
long LONG
Definition: pedump.c:60
PPRIVILEGE_SET PrivilegesUsed
Definition: setypes.h:258
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: sefuncs.h:13

Referenced by ObInsertObject(), ObOpenObjectByName(), and ObOpenObjectByPointer().

◆ ObpCreateUnnamedHandle()

NTSTATUS NTAPI ObpCreateUnnamedHandle ( IN PVOID  Object,
IN ACCESS_MASK  DesiredAccess,
IN ULONG  AdditionalReferences,
IN ULONG  HandleAttributes,
IN KPROCESSOR_MODE  AccessMode,
OUT PVOID ReturnedObject,
OUT PHANDLE  ReturnedHandle 
)

Definition at line 1312 of file obhandle.c.

1319{
1320 HANDLE_TABLE_ENTRY NewEntry;
1321 POBJECT_HEADER ObjectHeader;
1322 HANDLE Handle;
1324 BOOLEAN AttachedToProcess = FALSE, KernelHandle = FALSE;
1329 PAGED_CODE();
1330
1331 /* Get the object header and type */
1332 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1333 ObjectType = ObjectHeader->Type;
1335 "%s - Creating handle for: %p. UNNAMED. HC PC %lx %lx\n",
1337 Object,
1338 ObjectHeader->HandleCount,
1339 ObjectHeader->PointerCount);
1340
1341 /* Save the object header */
1342 NewEntry.Object = ObjectHeader;
1343
1344 /* Mask out the internal attributes */
1346
1347 /* Check if this is a kernel handle */
1349 {
1350 /* Set the handle table */
1353
1354 /* Check if we're not in the system process */
1356 {
1357 /* Attach to the system process */
1359 AttachedToProcess = TRUE;
1360 }
1361 }
1362 else
1363 {
1364 /* Get the current handle table */
1365 HandleTable = PsGetCurrentProcess()->ObjectTable;
1366 }
1367
1368 /* Increment the handle count */
1371 AccessMode,
1374 if (!NT_SUCCESS(Status))
1375 {
1376 /*
1377 * We failed (meaning security failure, according to NT Internals)
1378 * detach and return
1379 */
1380 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1381 return Status;
1382 }
1383
1384 /* Remove what's not in the valid access mask */
1385 GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
1387
1388 /* Handle extra references */
1389 if (AdditionalReferences)
1390 {
1391 /* Add them to the header */
1393 AdditionalReferences);
1394 }
1395
1396 /* Save the access mask */
1397 NewEntry.GrantedAccess = GrantedAccess;
1398
1399 /*
1400 * Create the actual handle. We'll need to do this *after* calling
1401 * ObpIncrementHandleCount to make sure that Object Security is valid
1402 * (specified in Gl00my documentation on Ob)
1403 */
1405 "%s - Handle Properties: [%p-%lx-%lx]\n",
1407 NewEntry.Object, NewEntry.ObAttributes & 3, NewEntry.GrantedAccess);
1408 Handle = ExCreateHandle(HandleTable, &NewEntry);
1409
1410 /* Make sure we got a handle */
1411 if (Handle)
1412 {
1413 /* Check if this was a kernel handle */
1415
1416 /* Return handle and object */
1417 *ReturnedHandle = Handle;
1418
1419 /* Return the new object only if caller wanted it biased */
1420 if ((AdditionalReferences) && (ReturnedObject))
1421 {
1422 /* Return it */
1423 *ReturnedObject = Object;
1424 }
1425
1426 /* Detach if needed */
1427 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1428
1429 /* Trace and return */
1431 "%s - Returning Handle: %p HC PC %lx %lx\n",
1433 Handle,
1434 ObjectHeader->HandleCount,
1435 ObjectHeader->PointerCount);
1436 return STATUS_SUCCESS;
1437 }
1438
1439 /* Handle extra references */
1440 if (AdditionalReferences)
1441 {
1442 /* Dereference it as many times as required */
1444 -(LONG)AdditionalReferences);
1445 }
1446
1447 /* Decrement the handle count and detach */
1448 ObpDecrementHandleCount(&ObjectHeader->Body,
1451 ObjectType);
1452
1453 /* Detach and fail */
1454 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1456}
NTSTATUS NTAPI ObpIncrementUnnamedHandleCount(IN PVOID Object, IN PACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process)
Definition: obhandle.c:1090

Referenced by ObInsertObject().

◆ ObpDecrementHandleCount()

VOID NTAPI ObpDecrementHandleCount ( IN PVOID  ObjectBody,
IN PEPROCESS  Process,
IN ACCESS_MASK  GrantedAccess,
IN POBJECT_TYPE  ObjectType 
)

Definition at line 530 of file obhandle.c.

534{
535 POBJECT_HEADER ObjectHeader;
536 LONG SystemHandleCount, ProcessHandleCount;
537 LONG NewCount;
538 KIRQL CalloutIrql;
540 POBJECT_HANDLE_COUNT_ENTRY HandleEntry;
541 POBJECT_HANDLE_COUNT_DATABASE HandleDatabase;
542 ULONG i;
543 PAGED_CODE();
544
545 /* Get the object type and header */
546 ObjectHeader = OBJECT_TO_OBJECT_HEADER(ObjectBody);
548 "%s - Decrementing count for: %p. HC PC %lx %lx\n",
550 ObjectBody,
551 ObjectHeader->HandleCount,
552 ObjectHeader->PointerCount);
553
554 /* Lock the object */
555 ObpAcquireObjectLock(ObjectHeader);
556
557 /* Set default counts */
558 SystemHandleCount = ObjectHeader->HandleCount;
560
561 /* Decrement the handle count */
562 NewCount = InterlockedDecrementSizeT(&ObjectHeader->HandleCount);
563
564 /* Check if we're out of handles and this was an exclusive object */
565 if (!(NewCount) && (ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
566 {
567 /* Clear the exclusive flag */
568 OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = NULL;
569 }
570
571 /* Is the object type keeping track of handles? */
572 if (ObjectType->TypeInfo.MaintainHandleCount)
573 {
574 /* Get handle information */
575 HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
576
577 /* Check if there's only a single entry */
578 if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
579 {
580 /* It should be us */
581 ASSERT(HandleInfo->SingleEntry.Process == Process);
582 ASSERT(HandleInfo->SingleEntry.HandleCount > 0);
583
584 /* Get the handle counts */
586 HandleEntry = &HandleInfo->SingleEntry;
587 }
588 else
589 {
590 /* Otherwise, get the database */
591 HandleDatabase = HandleInfo->HandleCountDatabase;
592 if (HandleDatabase)
593 {
594 /* Get the entries and loop them */
595 i = HandleDatabase->CountEntries;
596 HandleEntry = &HandleDatabase->HandleCountEntries[0];
597 while (i)
598 {
599 /* Check if this is a match */
600 if ((HandleEntry->HandleCount) &&
601 (HandleEntry->Process == Process))
602 {
603 /* Found it, get the process handle count */
604 ProcessHandleCount = HandleEntry->HandleCount--;
605 break;
606 }
607
608 /* Keep looping */
609 HandleEntry++;
610 i--;
611 }
612 }
613 else
614 {
615 /* No database, so no entry */
616 HandleEntry = NULL;
617 }
618 }
619
620 /* Check if this is the last handle */
621 if (ProcessHandleCount == 1)
622 {
623 /* Then clear the entry */
624 HandleEntry->Process = NULL;
625 HandleEntry->HandleCount = 0;
626 }
627 }
628
629 /* Release the lock */
630 ObpReleaseObjectLock(ObjectHeader);
631
632 /* Check if we have a close procedure */
633 if (ObjectType->TypeInfo.CloseProcedure)
634 {
635 /* Call it */
636 ObpCalloutStart(&CalloutIrql);
637 ObjectType->TypeInfo.CloseProcedure(Process,
638 ObjectBody,
641 SystemHandleCount);
642 ObpCalloutEnd(CalloutIrql, "Close", ObjectType, ObjectBody);
643 }
644
645 /* Check if we should delete the object */
646 ObpDeleteNameCheck(ObjectBody);
647
648 /* Decrease the total number of handles for this type */
649 InterlockedDecrement((PLONG)&ObjectType->TotalNumberOfHandles);
651 "%s - Decremented count for: %p. HC PC %lx %lx\n",
653 ObjectBody,
654 ObjectHeader->HandleCount,
655 ObjectHeader->PointerCount);
656}
#define InterlockedDecrement
Definition: armddk.h:52
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
@ ProcessHandleCount
Definition: winternl.h:876
#define InterlockedDecrementSizeT(a)
Definition: interlocked.h:153
#define OBJECT_HEADER_TO_HANDLE_INFO(h)
Definition: obtypes.h:118
#define OB_FLAG_SINGLE_PROCESS
Definition: obtypes.h:103
#define OB_FLAG_EXCLUSIVE
Definition: obtypes.h:100
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]
Definition: obtypes.h:451
Definition: obtypes.h:443
ULONG HandleCount
Definition: obtypes.h:445
struct _EPROCESS * Process
Definition: obtypes.h:444
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
Definition: obtypes.h:458
OBJECT_HANDLE_COUNT_ENTRY SingleEntry
Definition: obtypes.h:459
int32_t * PLONG
Definition: typedefs.h:58

Referenced by ObDuplicateObject(), ObpCloseHandleTableEntry(), ObpCreateHandle(), and ObpCreateUnnamedHandle().

◆ ObpDuplicateHandleCallback()

BOOLEAN NTAPI ObpDuplicateHandleCallback ( IN PEPROCESS  Process,
IN PHANDLE_TABLE  HandleTable,
IN PHANDLE_TABLE_ENTRY  OldEntry,
IN PHANDLE_TABLE_ENTRY  HandleTableEntry 
)

Definition at line 1960 of file obhandle.c.

1964{
1965 POBJECT_HEADER ObjectHeader;
1966 BOOLEAN Ret = FALSE;
1969 PAGED_CODE();
1970
1971 /* Make sure that the handle is inheritable */
1972 Ret = (HandleTableEntry->ObAttributes & OBJ_INHERIT) != 0;
1973 if (Ret)
1974 {
1975 /* Get the object header */
1976 ObjectHeader = ObpGetHandleObject(HandleTableEntry);
1977
1978 /* Increment the pointer count */
1980
1981 /* Release the handle lock */
1983
1984 /* Setup the access state */
1985 AccessState.PreviouslyGrantedAccess = HandleTableEntry->GrantedAccess;
1986
1987 /* Call the shared routine for incrementing handles */
1988 Status = ObpIncrementHandleCount(&ObjectHeader->Body,
1989 &AccessState,
1990 KernelMode,
1991 HandleTableEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES,
1992 Process,
1994 if (!NT_SUCCESS(Status))
1995 {
1996 /* Return failure */
1997 ObDereferenceObject(&ObjectHeader->Body);
1998 Ret = FALSE;
1999 }
2000 }
2001 else
2002 {
2003 /* Release the handle lock */
2005 }
2006
2007 /* Return duplication result */
2008 return Ret;
2009}
#define InterlockedIncrementSizeT(a)
Definition: interlocked.h:220
@ ObInheritHandle
Definition: obtypes.h:144

Referenced by ObInitProcess().

◆ ObpEnumFindHandleProcedure()

BOOLEAN NTAPI ObpEnumFindHandleProcedure ( IN PHANDLE_TABLE_ENTRY  HandleEntry,
IN HANDLE  Handle,
IN PVOID  Context 
)

Definition at line 211 of file obhandle.c.

214{
215 POBJECT_HEADER ObjectHeader;
219
220 /* Get the object header */
221 ObjectHeader = ObpGetHandleObject(HandleEntry);
222
223 /* Make sure it's valid and matching */
224 if ((FindData->ObjectHeader) && (FindData->ObjectHeader != ObjectHeader))
225 {
226 /* No match, fail */
227 return FALSE;
228 }
229
230 /* Now attempt to match the object type */
231 if ((FindData->ObjectType) && (FindData->ObjectType != ObjectHeader->Type))
232 {
233 /* No match, fail */
234 return FALSE;
235 }
236
237 /* Check if we have extra information */
238 if (FindData->HandleInformation)
239 {
240 /* Get the granted access and attributes */
241 GrantedAccess = HandleEntry->GrantedAccess;
242 HandleAttributes = HandleEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES;
243
244 /* Attempt to match them */
247 {
248 /* No match, fail */
249 return FALSE;
250 }
251 }
252
253 /* We have a match */
254 return TRUE;
255}
ACCESS_MASK GrantedAccess
Definition: iotypes.h:181

Referenced by ObFindHandleForObject().

◆ ObpIncrementHandleCount()

NTSTATUS NTAPI ObpIncrementHandleCount ( IN PVOID  Object,
IN PACCESS_STATE AccessState  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN ULONG  HandleAttributes,
IN PEPROCESS  Process,
IN OB_OPEN_REASON  OpenReason 
)

Definition at line 811 of file obhandle.c.

817{
818 POBJECT_HEADER ObjectHeader;
822 PEPROCESS ExclusiveProcess;
824 POBJECT_HEADER_CREATOR_INFO CreatorInfo;
825 KIRQL CalloutIrql;
827 ULONG Total;
829 PAGED_CODE();
830
831 /* Get the object header and type */
832 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
833 ObjectType = ObjectHeader->Type;
835 "%s - Incrementing count for: %p. Reason: %lx. HC PC %lx %lx\n",
837 Object,
838 OpenReason,
839 ObjectHeader->HandleCount,
840 ObjectHeader->PointerCount);
841
842 /* Check if caller is forcing user mode */
844 {
845 /* Force it */
847 }
848 else
849 {
850 /* Keep original setting */
852 }
853
854 /* Lock the object */
855 ObpAcquireObjectLock(ObjectHeader);
856
857 /* Charge quota and remove the creator info flag */
859 if (!NT_SUCCESS(Status)) return Status;
860
861 /* Check if the open is exclusive */
863 {
864 /* Check if the object allows this, or if the inherit flag was given */
866 !(ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
867 {
868 /* Incorrect attempt */
870 goto Quickie;
871 }
872
873 /* Check if we have access to it */
874 ExclusiveProcess = OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader);
875 if ((!(ExclusiveProcess) && (ObjectHeader->HandleCount)) ||
876 ((ExclusiveProcess) && (ExclusiveProcess != PsGetCurrentProcess())))
877 {
878 /* This isn't the right process */
880 goto Quickie;
881 }
882
883 /* Now you got exclusive access */
884 Exclusive = TRUE;
885 }
886 else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE) &&
888 {
889 /* Caller didn't want exclusive access, but the object is exclusive */
891 goto Quickie;
892 }
893
894 /* Check for exclusive kernel object */
895 NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
896 if ((NameInfo) && (NameInfo->QueryReferences & OB_FLAG_KERNEL_EXCLUSIVE) &&
898 {
899 /* Caller is not kernel, but the object is kernel exclusive */
901 goto Quickie;
902 }
903
904 /*
905 * Check if this is an object that went from 0 handles back to existence,
906 * but doesn't have an open procedure, only a close procedure. This means
907 * that it will never realize that the object is back alive, so we must
908 * fail the request.
909 */
910 if (!(ObjectHeader->HandleCount) &&
911 !(NewObject) &&
912 (ObjectType->TypeInfo.MaintainHandleCount) &&
913 !(ObjectType->TypeInfo.OpenProcedure) &&
914 (ObjectType->TypeInfo.CloseProcedure))
915 {
916 /* Fail */
918 goto Quickie;
919 }
920
921 /* Check if we're opening an existing handle */
922 if ((OpenReason == ObOpenHandle) ||
923 ((OpenReason == ObDuplicateHandle) && (AccessState)))
924 {
925 /* Validate the caller's access to this object */
928 TRUE,
929 ProbeMode,
930 &Status))
931 {
932 /* Access was denied, so fail */
933 goto Quickie;
934 }
935 }
936 else if (OpenReason == ObCreateHandle)
937 {
938 /* Convert MAXIMUM_ALLOWED to GENERIC_ALL */
939 if (AccessState->RemainingDesiredAccess & MAXIMUM_ALLOWED)
940 {
941 /* Mask out MAXIMUM_ALLOWED and stick GENERIC_ALL instead */
942 AccessState->RemainingDesiredAccess &= ~MAXIMUM_ALLOWED;
943 AccessState->RemainingDesiredAccess |= GENERIC_ALL;
944 }
945
946 /* Check if we have to map the GENERIC mask */
947 if (AccessState->RemainingDesiredAccess & GENERIC_ACCESS)
948 {
949 /* Map it to the correct access masks */
950 RtlMapGenericMask(&AccessState->RemainingDesiredAccess,
951 &ObjectType->TypeInfo.GenericMapping);
952 }
953
954 /* Check if the caller is trying to access system security */
955 if (AccessState->RemainingDesiredAccess & ACCESS_SYSTEM_SECURITY)
956 {
957 /* FIXME: TODO */
958 DPRINT1("ACCESS_SYSTEM_SECURITY not validated!\n");
959 }
960 }
961
962 /* Check if this is an exclusive handle */
963 if (Exclusive)
964 {
965 /* Save the owner process */
966 OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process;
967 }
968
969 /* Increase the handle count */
972
973 /* Check if we have a handle database */
974 if (ObjectType->TypeInfo.MaintainHandleCount)
975 {
976 /* Increment the handle database */
977 Status = ObpIncrementHandleDataBase(ObjectHeader,
978 Process,
980 if (!NT_SUCCESS(Status))
981 {
982 /* FIXME: This should never happen for now */
983 DPRINT1("Unhandled case\n");
984 ASSERT(FALSE);
985 goto Quickie;
986 }
987 }
988
989 /* Release the lock */
990 ObpReleaseObjectLock(ObjectHeader);
991
992 /* Check if we have an open procedure */
994 if (ObjectType->TypeInfo.OpenProcedure)
995 {
996 /* Call it */
997 ObpCalloutStart(&CalloutIrql);
998 Status = ObjectType->TypeInfo.OpenProcedure(OpenReason,
999 Process,
1000 Object,
1001 AccessState ?
1002 AccessState->
1004 0,
1006 ObpCalloutEnd(CalloutIrql, "Open", ObjectType, Object);
1007
1008 /* Check if the open procedure failed */
1009 if (!NT_SUCCESS(Status))
1010 {
1011 /* FIXME: This should never happen for now */
1012 DPRINT1("Unhandled case\n");
1013 ASSERT(FALSE);
1014 return Status;
1015 }
1016 }
1017
1018 /* Check if this is a create operation */
1019 if (OpenReason == ObCreateHandle)
1020 {
1021 /* Check if we have creator info */
1022 CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(ObjectHeader);
1023 if (CreatorInfo)
1024 {
1025 /* We do, acquire the lock */
1027
1028 /* Insert us on the list */
1029 InsertTailList(&ObjectType->TypeList, &CreatorInfo->TypeList);
1030
1031 /* Release the lock */
1033 }
1034 }
1035
1036 /* Increase total number of handles */
1037 Total = InterlockedIncrement((PLONG)&ObjectType->TotalNumberOfHandles);
1038 if (Total > ObjectType->HighWaterNumberOfHandles)
1039 {
1040 /* Fixup count */
1041 ObjectType->HighWaterNumberOfHandles = Total;
1042 }
1043
1044 /* Trace call and return */
1046 "%s - Incremented count for: %p. Reason: %lx HC PC %lx %lx\n",
1048 Object,
1049 OpenReason,
1050 ObjectHeader->HandleCount,
1051 ObjectHeader->PointerCount);
1052 return Status;
1053
1054Quickie:
1055 /* Release lock and return */
1056 ObpReleaseObjectLock(ObjectHeader);
1057 return Status;
1058}
#define InterlockedIncrement
Definition: armddk.h:53
#define InsertTailList(ListHead, Entry)
__in PWDFDEVICE_INIT __in BOOLEAN Exclusive
#define OBJ_FORCE_ACCESS_CHECK
Definition: winternl.h:232
#define OBJ_EXCLUSIVE
Definition: winternl.h:227
#define OB_FLAG_KERNEL_EXCLUSIVE
Definition: obtypes.h:109
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
Definition: obtypes.h:126
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
#define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h)
Definition: obtypes.h:131
#define GENERIC_ALL
Definition: nt_native.h:92
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
BOOLEAN NTAPI ObCheckObjectAccess(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
Definition: obsecure.c:441
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:352
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:340
NTSTATUS NTAPI ObpIncrementHandleDataBase(IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
Definition: obhandle.c:333
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
_Must_inspect_result_ _In_ _In_ ULONG ProbeMode
Definition: mmfuncs.h:561
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
Definition: sefuncs.h:16

Referenced by ObDuplicateObject(), ObpCreateHandle(), and ObpDuplicateHandleCallback().

◆ ObpIncrementHandleDataBase()

NTSTATUS NTAPI ObpIncrementHandleDataBase ( IN POBJECT_HEADER  ObjectHeader,
IN PEPROCESS  Process,
IN OUT PULONG  NewProcessHandleCount 
)

Definition at line 333 of file obhandle.c.

336{
338 POBJECT_HANDLE_COUNT_ENTRY HandleEntry, FreeEntry = NULL;
339 POBJECT_HANDLE_COUNT_DATABASE HandleDatabase;
340 ULONG i;
341 PAGED_CODE();
342
343 /* Get the handle info and check if we only have one entry */
344 HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
345 if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
346 {
347 /* Check if the entry is free */
348 if (!HandleInfo->SingleEntry.HandleCount)
349 {
350 /* Add ours */
351 HandleInfo->SingleEntry.HandleCount = 1;
352 HandleInfo->SingleEntry.Process = Process;
353
354 /* Return success and 1 handle */
355 *NewProcessHandleCount = 1;
356 return STATUS_SUCCESS;
357 }
358 else if (HandleInfo->SingleEntry.Process == Process)
359 {
360 /* Busy entry, but same process */
361 *NewProcessHandleCount = ++HandleInfo->SingleEntry.HandleCount;
362 return STATUS_SUCCESS;
363 }
364 else
365 {
366 /* Insert a new entry */
367 FreeEntry = ObpInsertHandleCount(ObjectHeader);
368 if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
369 ASSERT(!FreeEntry->Process);
370 ASSERT(!FreeEntry->HandleCount);
371
372 /* Fill it out */
373 FreeEntry->Process = Process;
374 FreeEntry->HandleCount = 1;
375
376 /* Return success and 1 handle */
377 *NewProcessHandleCount = 1;
378 return STATUS_SUCCESS;
379 }
380 }
381
382 /* We have a database instead */
383 HandleDatabase = HandleInfo->HandleCountDatabase;
384 if (HandleDatabase)
385 {
386 /* Get the entries and loop them */
387 i = HandleDatabase->CountEntries;
388 HandleEntry = &HandleDatabase->HandleCountEntries[0];
389 while (i)
390 {
391 /* Check if this is a match */
392 if (HandleEntry->Process == Process)
393 {
394 /* Found it, get the process handle count */
395 *NewProcessHandleCount = ++HandleEntry->HandleCount;
396 return STATUS_SUCCESS;
397 }
398 else if (!HandleEntry->HandleCount)
399 {
400 /* Found a free entry */
401 FreeEntry = HandleEntry;
402 }
403
404 /* Keep looping */
405 HandleEntry++;
406 i--;
407 }
408
409 /* Check if we couldn't find a free entry */
410 if (!FreeEntry)
411 {
412 /* Allocate one */
413 FreeEntry = ObpInsertHandleCount(ObjectHeader);
414 if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
415 ASSERT(!FreeEntry->Process);
416 ASSERT(!FreeEntry->HandleCount);
417 }
418
419 /* Fill out the entry */
420 FreeEntry->Process = Process;
421 FreeEntry->HandleCount = 1;
422 *NewProcessHandleCount = 1;
423 }
424
425 /* Return success if we got here */
426 return STATUS_SUCCESS;
427}
POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount(IN POBJECT_HEADER ObjectHeader)
Definition: obhandle.c:259

Referenced by ObpIncrementHandleCount(), and ObpIncrementUnnamedHandleCount().

◆ ObpIncrementUnnamedHandleCount()

NTSTATUS NTAPI ObpIncrementUnnamedHandleCount ( IN PVOID  Object,
IN PACCESS_MASK  DesiredAccess,
IN KPROCESSOR_MODE  AccessMode,
IN ULONG  HandleAttributes,
IN PEPROCESS  Process 
)

Definition at line 1090 of file obhandle.c.

1095{
1096 POBJECT_HEADER ObjectHeader;
1100 PEPROCESS ExclusiveProcess;
1102 POBJECT_HEADER_CREATOR_INFO CreatorInfo;
1103 KIRQL CalloutIrql;
1104 ULONG Total;
1105
1106 /* Get the object header and type */
1107 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1108 ObjectType = ObjectHeader->Type;
1110 "%s - Incrementing count for: %p. UNNAMED. HC PC %lx %lx\n",
1112 Object,
1113 ObjectHeader->HandleCount,
1114 ObjectHeader->PointerCount);
1115
1116 /* Lock the object */
1117 ObpAcquireObjectLock(ObjectHeader);
1118
1119 /* Charge quota and remove the creator info flag */
1121 if (!NT_SUCCESS(Status)) return Status;
1122
1123 /* Check if the open is exclusive */
1125 {
1126 /* Check if the object allows this, or if the inherit flag was given */
1127 if ((HandleAttributes & OBJ_INHERIT) ||
1128 !(ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
1129 {
1130 /* Incorrect attempt */
1132 goto Quickie;
1133 }
1134
1135 /* Check if we have access to it */
1136 ExclusiveProcess = OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader);
1137 if ((!(ExclusiveProcess) && (ObjectHeader->HandleCount)) ||
1138 ((ExclusiveProcess) && (ExclusiveProcess != PsGetCurrentProcess())))
1139 {
1140 /* This isn't the right process */
1142 goto Quickie;
1143 }
1144
1145 /* Now you got exclusive access */
1146 Exclusive = TRUE;
1147 }
1148 else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE) &&
1149 (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader)))
1150 {
1151 /* Caller didn't want exclusive access, but the object is exclusive */
1153 goto Quickie;
1154 }
1155
1156 /*
1157 * Check if this is an object that went from 0 handles back to existence,
1158 * but doesn't have an open procedure, only a close procedure. This means
1159 * that it will never realize that the object is back alive, so we must
1160 * fail the request.
1161 */
1162 if (!(ObjectHeader->HandleCount) &&
1163 !(NewObject) &&
1164 (ObjectType->TypeInfo.MaintainHandleCount) &&
1165 !(ObjectType->TypeInfo.OpenProcedure) &&
1166 (ObjectType->TypeInfo.CloseProcedure))
1167 {
1168 /* Fail */
1170 goto Quickie;
1171 }
1172
1173 /* Convert MAXIMUM_ALLOWED to GENERIC_ALL */
1175 {
1176 /* Mask out MAXIMUM_ALLOWED and stick GENERIC_ALL instead */
1177 *DesiredAccess &= ~MAXIMUM_ALLOWED;
1179 }
1180
1181 /* Check if we have to map the GENERIC mask */
1183 {
1184 /* Map it to the correct access masks */
1186 &ObjectType->TypeInfo.GenericMapping);
1187 }
1188
1189 /* Check if this is an exclusive handle */
1190 if (Exclusive)
1191 {
1192 /* Save the owner process */
1193 OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process;
1194 }
1195
1196 /* Increase the handle count */
1197 InterlockedIncrementSizeT(&ObjectHeader->HandleCount);
1199
1200 /* Check if we have a handle database */
1201 if (ObjectType->TypeInfo.MaintainHandleCount)
1202 {
1203 /* Increment the handle database */
1204 Status = ObpIncrementHandleDataBase(ObjectHeader,
1205 Process,
1207 if (!NT_SUCCESS(Status))
1208 {
1209 /* FIXME: This should never happen for now */
1210 DPRINT1("Unhandled case\n");
1211 ASSERT(FALSE);
1212 goto Quickie;
1213 }
1214 }
1215
1216 /* Release the lock */
1217 ObpReleaseObjectLock(ObjectHeader);
1218
1219 /* Check if we have an open procedure */
1221 if (ObjectType->TypeInfo.OpenProcedure)
1222 {
1223 /* Call it */
1224 ObpCalloutStart(&CalloutIrql);
1225 Status = ObjectType->TypeInfo.OpenProcedure(ObCreateHandle,
1226 Process,
1227 Object,
1230 ObpCalloutEnd(CalloutIrql, "Open", ObjectType, Object);
1231
1232 /* Check if the open procedure failed */
1233 if (!NT_SUCCESS(Status))
1234 {
1235 /* FIXME: This should never happen for now */
1236 DPRINT1("Unhandled case\n");
1237 ASSERT(FALSE);
1238 return Status;
1239 }
1240 }
1241
1242 /* Check if we have creator info */
1243 CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(ObjectHeader);
1244 if (CreatorInfo)
1245 {
1246 /* We do, acquire the lock */
1248
1249 /* Insert us on the list */
1250 InsertTailList(&ObjectType->TypeList, &CreatorInfo->TypeList);
1251
1252 /* Release the lock */
1254 }
1255
1256 /* Increase total number of handles */
1257 Total = InterlockedIncrement((PLONG)&ObjectType->TotalNumberOfHandles);
1258 if (Total > ObjectType->HighWaterNumberOfHandles)
1259 {
1260 /* Fixup count */
1261 ObjectType->HighWaterNumberOfHandles = Total;
1262 }
1263
1264 /* Trace call and return */
1266 "%s - Incremented count for: %p. UNNAMED HC PC %lx %lx\n",
1268 Object,
1269 ObjectHeader->HandleCount,
1270 ObjectHeader->PointerCount);
1271 return Status;
1272
1273Quickie:
1274 /* Release lock and return */
1275 ObpReleaseObjectLock(ObjectHeader);
1276 return Status;
1277}

Referenced by ObpCreateUnnamedHandle().

◆ ObpInsertHandleCount()

POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount ( IN POBJECT_HEADER  ObjectHeader)

Definition at line 259 of file obhandle.c.

260{
263 POBJECT_HANDLE_COUNT_DATABASE HandleDatabase, OldHandleDatabase;
264 ULONG i;
265 ULONG Size, OldSize;
266 OBJECT_HANDLE_COUNT_DATABASE SingleDatabase;
267 PAGED_CODE();
268
269 /* Get the handle info */
270 HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
271 if (!HandleInfo) return NULL;
272
273 /* Check if we only have one entry */
274 if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
275 {
276 /* Fill out the single entry */
277 SingleDatabase.CountEntries = 1;
278 SingleDatabase.HandleCountEntries[0] = HandleInfo->SingleEntry;
279
280 /* Use this as the old size */
281 OldHandleDatabase = &SingleDatabase;
282 OldSize = sizeof(SingleDatabase);
283
284 /* Now we'll have two entries, and an entire DB */
285 i = 2;
287 ((i - 1) * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
288 }
289 else
290 {
291 /* We already have a DB, get the information from it */
292 OldHandleDatabase = HandleInfo->HandleCountDatabase;
293 i = OldHandleDatabase->CountEntries;
294 OldSize = sizeof(OBJECT_HANDLE_COUNT_DATABASE) +
295 ((i - 1) * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
296
297 /* Add 4 more entries */
298 i += 4;
299 Size = OldSize + (4 * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
300 }
301
302 /* Allocate the DB */
304 if (!HandleDatabase) return NULL;
305
306 /* Copy the old database */
307 RtlCopyMemory(HandleDatabase, OldHandleDatabase, OldSize);
308
309 /* Check if we he had a single entry before */
310 if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
311 {
312 /* Now we have more */
313 ObjectHeader->Flags &= ~OB_FLAG_SINGLE_PROCESS;
314 }
315 else
316 {
317 /* Otherwise we had a DB, free it */
318 ExFreePoolWithTag(OldHandleDatabase, TAG_OB_HANDLE);
319 }
320
321 /* Find the end of the copy and zero out the new data */
322 FreeEntry = (PVOID)((ULONG_PTR)HandleDatabase + OldSize);
323 RtlZeroMemory(FreeEntry, Size - OldSize);
324
325 /* Set the new information and return the free entry */
326 HandleDatabase->CountEntries = i;
327 HandleInfo->HandleCountDatabase = HandleDatabase;
328 return FreeEntry;
329}
#define PagedPool
Definition: env_spec_w32.h:308
struct _OBJECT_HANDLE_COUNT_ENTRY OBJECT_HANDLE_COUNT_ENTRY
struct _OBJECT_HANDLE_COUNT_DATABASE OBJECT_HANDLE_COUNT_DATABASE
#define TAG_OB_HANDLE
Definition: tag.h:126
void * PVOID
Definition: typedefs.h:50
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533

Referenced by ObpIncrementHandleDataBase().

◆ ObpReferenceProcessObjectByHandle()

NTSTATUS NTAPI ObpReferenceProcessObjectByHandle ( IN HANDLE  Handle,
IN PEPROCESS  Process,
IN PHANDLE_TABLE  HandleTable,
IN KPROCESSOR_MODE  AccessMode,
OUT PVOID Object,
OUT POBJECT_HANDLE_INFORMATION  HandleInformation,
OUT PACCESS_MASK  AuditMask 
)

Definition at line 85 of file obhandle.c.

92{
93 PHANDLE_TABLE_ENTRY HandleEntry;
94 POBJECT_HEADER ObjectHeader;
99
100 /* Assume failure */
101 *Object = NULL;
102
103 /* Check if this is a special handle */
104 if (HandleToLong(Handle) < 0)
105 {
106 /* Check if the caller wants the current process */
107 if (Handle == NtCurrentProcess())
108 {
109 /* Return handle info */
110 HandleInformation->HandleAttributes = 0;
111 HandleInformation->GrantedAccess = Process->GrantedAccess;
112
113 /* No audit mask */
114 *AuditMask = 0;
115
116 /* Reference ourselves */
117 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Process);
119
120 /* Return the pointer */
121 *Object = Process;
122 ASSERT(*Object != NULL);
123 return STATUS_SUCCESS;
124 }
125
126 /* Check if the caller wants the current thread */
127 if (Handle == NtCurrentThread())
128 {
129 /* Return handle information */
130 HandleInformation->HandleAttributes = 0;
131 HandleInformation->GrantedAccess = Thread->GrantedAccess;
132
133 /* Reference ourselves */
134 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Thread);
136
137 /* No audit mask */
138 *AuditMask = 0;
139
140 /* Return the pointer */
141 *Object = Thread;
142 ASSERT(*Object != NULL);
143 return STATUS_SUCCESS;
144 }
145
146 /* This is a kernel handle... do we have access? */
147 if (AccessMode == KernelMode)
148 {
149 /* Use the kernel handle table and get the actual handle value */
152 }
153 else
154 {
155 /* This is an illegal attempt to access a kernel handle */
157 }
158 }
159
160 /* Enter a critical region while we touch the handle table */
163
164 /* Get the handle entry */
166 if (HandleEntry)
167 {
168 /* Get the object header and validate the type*/
169 ObjectHeader = ObpGetHandleObject(HandleEntry);
170
171 /* Get the granted access and validate it */
172 GrantedAccess = HandleEntry->GrantedAccess;
173
174 /* Mask out the internal attributes */
176
177 /* Fill out the information */
178 HandleInformation->HandleAttributes = Attributes;
179 HandleInformation->GrantedAccess = GrantedAccess;
180
181 /* No audit mask (FIXME!) */
182 *AuditMask = 0;
183
184 /* Return the pointer */
185 *Object = &ObjectHeader->Body;
186
187 /* Add a reference */
189
190 /* Unlock the handle */
193
194 /* Return success */
195 ASSERT(*Object != NULL);
196 return STATUS_SUCCESS;
197 }
198 else
199 {
200 /* Invalid handle */
202 }
203
204 /* Return failure status */
206 return Status;
207}
#define HandleToLong(h)
Definition: basetsd.h:80
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes

Referenced by ObDuplicateObject().

◆ ObpSetHandleAttributes()

BOOLEAN NTAPI ObpSetHandleAttributes ( IN OUT PHANDLE_TABLE_ENTRY  HandleTableEntry,
IN ULONG_PTR  Context 
)

Definition at line 1859 of file obhandle.c.

1861{
1863 POBJECT_HEADER ObjectHeader = ObpGetHandleObject(HandleTableEntry);
1864
1865 /* Check if making the handle inheritable */
1866 if (SetHandleInfo->Information.Inherit)
1867 {
1868 /* Check if inheriting is not supported for this object */
1869 if (ObjectHeader->Type->TypeInfo.InvalidAttributes & OBJ_INHERIT)
1870 {
1871 /* Fail without changing anything */
1872 return FALSE;
1873 }
1874
1875 /* Set the flag */
1876 HandleTableEntry->ObAttributes |= OBJ_INHERIT;
1877 }
1878 else
1879 {
1880 /* Otherwise this implies we're removing the flag */
1881 HandleTableEntry->ObAttributes &= ~OBJ_INHERIT;
1882 }
1883
1884 /* Check if making the handle protected */
1885 if (SetHandleInfo->Information.ProtectFromClose)
1886 {
1887 /* Set the flag */
1888 HandleTableEntry->GrantedAccess |= ObpAccessProtectCloseBit;
1889 }
1890 else
1891 {
1892 /* Otherwise, remove it */
1893 HandleTableEntry->GrantedAccess &= ~ObpAccessProtectCloseBit;
1894 }
1895
1896 /* Return success */
1897 return TRUE;
1898}
OBJECT_HANDLE_ATTRIBUTE_INFORMATION Information
Definition: ob.h:112

Referenced by NtSetInformationObject(), and ObSetHandleAttributes().

◆ ObpValidateAccessMask()

NTSTATUS NTAPI ObpValidateAccessMask ( IN PACCESS_STATE  AccessState)

Definition at line 488 of file obhandle.c.

489{
491
492 /* We're only interested if the object for this access state has an SD */
493 SecurityDescriptor = AccessState->SecurityDescriptor;
495 {
496 /* Check if the SD has a system ACL but hasn't been granted access to get/set it */
497 if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
498 !(AccessState->PreviouslyGrantedAccess & ACCESS_SYSTEM_SECURITY))
499 {
500 /* We're gonna need access */
501 AccessState->RemainingDesiredAccess |= ACCESS_SYSTEM_SECURITY;
502 }
503 }
504
505 /* This can't fail */
506 return STATUS_SUCCESS;
507}
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
#define SE_SACL_PRESENT
Definition: setypes.h:823

Referenced by ObInsertObject(), and ObOpenObjectByName().

◆ ObReferenceProcessHandleTable()

PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable ( IN PEPROCESS  Process)

Definition at line 26 of file obhandle.c.

27{
29
30 /* Lock the process */
31 if (ExAcquireRundownProtection(&Process->RundownProtect))
32 {
33 /* Get the handle table */
34 HandleTable = Process->ObjectTable;
35 if (!HandleTable)
36 {
37 /* No table, release the lock */
38 ExReleaseRundownProtection(&Process->RundownProtect);
39 }
40 }
41
42 /* Return the handle table */
43 return HandleTable;
44}
#define ExAcquireRundownProtection
Definition: ex.h:135

Referenced by ObClearProcessHandleTable(), ObDuplicateObject(), ObFindHandleForObject(), ObGetProcessHandleCount(), and ObInitProcess().

◆ ObSetHandleAttributes()

NTSTATUS NTAPI ObSetHandleAttributes ( IN HANDLE  Handle,
IN POBJECT_HANDLE_ATTRIBUTE_INFORMATION  HandleFlags,
IN KPROCESSOR_MODE  PreviousMode 
)

Definition at line 3308 of file obhandle.c.

3311{
3312 OBP_SET_HANDLE_ATTRIBUTES_CONTEXT SetHandleAttributesContext;
3313 BOOLEAN Result, AttachedToSystemProcess = FALSE;
3316 PAGED_CODE();
3317
3318 /* Check if this is a kernel handle */
3320 {
3321 /* Use the kernel table and convert the handle */
3324
3325 /* Check if we're not in the system process */
3327 {
3328 /* Attach to the system process */
3330 AttachedToSystemProcess = TRUE;
3331 }
3332 }
3333 else
3334 {
3335 /* Get the current process' handle table */
3336 HandleTable = PsGetCurrentProcess()->ObjectTable;
3337 }
3338
3339 /* Initialize the handle attribute context */
3340 SetHandleAttributesContext.PreviousMode = PreviousMode;
3341 SetHandleAttributesContext.Information = *HandleFlags;
3342
3343 /* Invoke the ObpSetHandleAttributes callback */
3345 Handle,
3347 (ULONG_PTR)&SetHandleAttributesContext);
3348
3349 /* Did we attach to the system process? */
3350 if (AttachedToSystemProcess)
3351 {
3352 /* Detach from it */
3354 }
3355
3356 /* Return the result as an NTSTATUS value */
3358}
BOOLEAN NTAPI ExChangeHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PEX_CHANGE_HANDLE_CALLBACK ChangeRoutine, IN ULONG_PTR Context)
Definition: handle.c:1189
BOOLEAN NTAPI ObpSetHandleAttributes(IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
Definition: obhandle.c:1859
KPROCESSOR_MODE PreviousMode
Definition: ob.h:111

Variable Documentation

◆ ObpKernelHandleTable