271 if (!HandleInfo)
return NULL;
281 OldHandleDatabase = &SingleDatabase;
282 OldSize =
sizeof(SingleDatabase);
304 if (!HandleDatabase)
return NULL;
355 *NewProcessHandleCount = 1;
377 *NewProcessHandleCount = 1;
395 *NewProcessHandleCount = ++HandleEntry->
HandleCount;
401 FreeEntry = HandleEntry;
422 *NewProcessHandleCount = 1;
436 ULONG PagedPoolCharge, NonPagedPoolCharge;
457 PagedPoolCharge =
ObjectType->TypeInfo.DefaultPagedPoolCharge;
458 NonPagedPoolCharge =
ObjectType->TypeInfo.DefaultNonPagedPoolCharge;
548 "%s - Decrementing count for: %p. HC PC %lx %lx\n",
651 "%s - Decremented count for: %p. HC PC %lx %lx\n",
701 Body = &ObjectHeader->
Body;
704 "%s - Closing handle: %p for %p. HC PC %lx %lx\n",
712 if (
ObjectType->TypeInfo.OkayToCloseProcedure)
733 !(IgnoreHandleProtection))
774 "%s - Closed handle: %p for %p.\n",
835 "%s - Incrementing count for: %p. Reason: %lx. HC PC %lx %lx\n",
875 if ((!(ExclusiveProcess) && (ObjectHeader->
HandleCount)) ||
958 DPRINT1(
"ACCESS_SYSTEM_SECURITY not validated!\n");
1038 if (Total >
ObjectType->HighWaterNumberOfHandles)
1041 ObjectType->HighWaterNumberOfHandles = Total;
1046 "%s - Incremented count for: %p. Reason: %lx HC PC %lx %lx\n",
1110 "%s - Incrementing count for: %p. UNNAMED. HC PC %lx %lx\n",
1137 if ((!(ExclusiveProcess) && (ObjectHeader->
HandleCount)) ||
1164 (
ObjectType->TypeInfo.MaintainHandleCount) &&
1201 if (
ObjectType->TypeInfo.MaintainHandleCount)
1258 if (Total >
ObjectType->HighWaterNumberOfHandles)
1261 ObjectType->HighWaterNumberOfHandles = Total;
1266 "%s - Incremented count for: %p. UNNAMED HC PC %lx %lx\n",
1314 IN ULONG AdditionalReferences,
1335 "%s - Creating handle for: %p. UNNAMED. HC PC %lx %lx\n",
1342 NewEntry.
Object = ObjectHeader;
1359 AttachedToProcess =
TRUE;
1389 if (AdditionalReferences)
1393 AdditionalReferences);
1405 "%s - Handle Properties: [%p-%lx-%lx]\n",
1417 *ReturnedHandle =
Handle;
1420 if ((AdditionalReferences) && (ReturnedObject))
1423 *ReturnedObject =
Object;
1431 "%s - Returning Handle: %p HC PC %lx %lx\n",
1440 if (AdditionalReferences)
1444 -(
LONG)AdditionalReferences);
1501 IN ULONG AdditionalReferences,
1524 "%s - Creating handle for: %p. Reason: %lx. HC PC %lx %lx\n",
1540 NewEntry.
Object = ObjectHeader;
1554 AttachedToProcess =
TRUE;
1606 if (AdditionalReferences)
1610 AdditionalReferences);
1625 "%s - Handle Properties: [%p-%lx-%lx]\n",
1637 *ReturnedHandle =
Handle;
1667 if ((AdditionalReferences) && (ReturnedObject))
1670 *ReturnedObject =
Object;
1678 "%s - Returning Handle: %p HC PC %lx %lx\n",
1693 if (AdditionalReferences)
1696 if (AdditionalReferences > 1)
1700 -(
LONG)(AdditionalReferences - 1));
1758 AttachedToProcess =
TRUE;
1772 if (HandleTableEntry)
1836 "%s - Closed handle: %p S: %lx\n",
1972 Ret = (HandleTableEntry->ObAttributes &
OBJ_INHERIT) != 0;
1985 AccessState.PreviouslyGrantedAccess = HandleTableEntry->GrantedAccess;
2044 AttachedToProcess =
TRUE;
2063 if (AttachedToProcess)
2119 Process->ObjectTable = ObjectTable;
2232 "%s - Duplicating handle: %p for %p into %p\n",
2339 AttachedToProcess =
TRUE;
2364 NewHandleEntry.
Object = ObjectHeader;
2381 if (TargetAccess & ~SourceAccess)
2418 if (AttachedToProcess)
2422 AttachedToProcess =
FALSE;
2485 "%s - Duplicated handle: %p for %p into %p. Source: %p HC PC %lx %lx\n",
2700 "%s - returning Object %p with PC S: %lx %lx\n",
2777 &
Header->Type->TypeInfo.GenericMapping);
2821 "%s - returning Object with PC S: %lx %lx\n",
2966 DPRINT1(
"OB: Attempting to insert existing object %p\n",
Object);
2981 if ((ObjectNameInfo) && (ObjectNameInfo->
Name.
Buffer))
3022 "%s - returning Object with PC S: %lx %lx\n",
3150 if (InsertObject ==
Object)
3156 if ((ObjectNameInfo) && (ObjectNameInfo->
Directory))
3171 if (ParentDescriptor)
3279 "%s - returning Object with PC RS/S: %lx %lx %lx\n",
3330 AttachedToSystemProcess =
TRUE;
3341 SetHandleAttributesContext.
Information = *HandleFlags;
3347 (
ULONG_PTR)&SetHandleAttributesContext);
3350 if (AttachedToSystemProcess)
3423 "%s - Duplicating handle: %p for %p into %p.\n",
3426 SourceProcessHandle,
3452 (
PVOID*)&SourceProcess,
3464 (
PVOID*)&TargetProcess,
3513 "%s - Duplicated handle: %p into %p S %lx\n",
NTSTATUS NTAPI ObOpenObjectByName(IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN OUT PVOID ParseContext, OUT PHANDLE Handle)
#define STATUS_OBJECT_NAME_COLLISION
PPRIVILEGE_SET PrivilegeSet
POBJECT_HEADER ObjectHeader
BOOLEAN KdDebuggerEnabled
#define TAG_OB_TEMP_STORAGE
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
NTSTATUS NTAPI ObAssignSecurity(IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
PSECURITY_DESCRIPTOR SecurityDescriptor
#define DUPLICATE_CLOSE_SOURCE
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
#define STATUS_INSUFFICIENT_RESOURCES
OBJECT_HANDLE_ATTRIBUTE_INFORMATION Information
#define STATUS_QUOTA_EXCEEDED
BOOLEAN NTAPI ExDestroyHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PHANDLE_TABLE_ENTRY HandleTableEntry OPTIONAL)
KPROCESSOR_MODE PreviousMode
NTKERNELAPI VOID FASTCALL ExRundownCompleted(_Out_ PEX_RUNDOWN_REF RunRef)
#define ACCESS_SYSTEM_SECURITY
#define PsGetCurrentThread()
NTSTATUS NTAPI ObSetHandleAttributes(IN HANDLE Handle, IN POBJECT_HANDLE_ATTRIBUTE_INFORMATION HandleFlags, IN KPROCESSOR_MODE PreviousMode)
BOOLEAN NTAPI ObFindHandleForObject(IN PEPROCESS Process, IN PVOID Object, IN POBJECT_TYPE ObjectType, IN POBJECT_HANDLE_INFORMATION HandleInformation, OUT PHANDLE Handle)
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
BOOLEAN NTAPI ObIsKernelHandle(IN HANDLE Handle)
#define OBJECT_HEADER_TO_HANDLE_INFO(h)
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
#define STATUS_INVALID_PARAMETER
OBJECT_CREATE_INFORMATION ObjectCreateInfo
NTSTATUS NTAPI ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
VOID NTAPI ObpFreeObjectNameBuffer(IN PUNICODE_STRING Name)
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
VOID NTAPI ExDestroyHandleTable(IN PHANDLE_TABLE HandleTable, IN PVOID DestroyHandleProcedure OPTIONAL)
#define KeGetPreviousMode()
#define STATUS_OBJECT_NAME_EXISTS
#define NtCurrentThread()
#define ExAcquireRundownProtection
_Inout_opt_ PACCESS_STATE PassedAccessState
FORCEINLINE VOID ObpReleaseObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
#define OB_FLAG_SINGLE_PROCESS
IN PVOID IN PVOID IN USHORT IN USHORT Size
_Must_inspect_result_ _In_ _In_ ULONG ProbeMode
#define OBJECT_HEADER_TO_NAME_INFO(h)
#define ObpIsKernelHandle(Handle, ProcessorMode)
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
NTSTATUS NTAPI ObpIncrementUnnamedHandleCount(IN PVOID Object, IN PACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process)
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
GENERIC_MAPPING GenericMapping
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
#define InsertTailList(ListHead, Entry)
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
NTSTATUS NTAPI ObpCreateHandle(IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
#define OBJ_KERNEL_HANDLE
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
#define STATUS_INVALID_HANDLE
BOOLEAN NTAPI ExChangeHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PEX_CHANGE_HANDLE_CALLBACK ChangeRoutine, IN ULONG_PTR Context)
PHANDLE_TABLE HandleTable
NTSTATUS NTAPI SeCreateAccessState(_Inout_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
Creates an access state.
#define OBJECT_TO_OBJECT_HEADER(o)
struct _OBJECT_HANDLE_COUNT_ENTRY OBJECT_HANDLE_COUNT_ENTRY
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
#define OBJ_PROTECT_CLOSE
#define OBJ_AUDIT_OBJECT_CLOSE
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
#define DUPLICATE_SAME_ACCESS
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
PEPROCESS PsInitialSystemProcess
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
VOID NTAPI DbgBreakPoint(VOID)
#define InterlockedIncrementSizeT(a)
struct _OBP_CLOSE_HANDLE_CONTEXT * POBP_CLOSE_HANDLE_CONTEXT
#define PROCESS_DUP_HANDLE
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
BOOLEAN NTAPI KeIsAttachedProcess(VOID)
#define PsGetCurrentProcess
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
#define ObpGetHandleObject(x)
POBJECT_HANDLE_INFORMATION HandleInformation
FORCEINLINE VOID ObpFreeObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
BOOLEAN NTAPI ObpSetHandleAttributes(IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
NTKERNELAPI VOID FASTCALL ExWaitForRundownProtectionRelease(_Inout_ PEX_RUNDOWN_REF RunRef)
#define OB_FLAG_EXCLUSIVE
NTSTATUS NTAPI ObpCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
#define NtCurrentProcess()
struct _EPROCESS * Process
PHANDLE_TABLE NTAPI ExDupHandleTable(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PEX_DUPLICATE_HANDLE_CALLBACK DupHandleProcedure, IN ULONG_PTR Mask)
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
_In_ KPROCESSOR_MODE PreviousMode
#define STATUS_OBJECT_TYPE_MISMATCH
BOOLEAN NTAPI ObpEnumFindHandleProcedure(IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN PVOID Context)
_In_ PWDFDEVICE_INIT _In_ PWDF_REMOVE_LOCK_OPTIONS Options
#define ObMarkHandleAsKernelHandle(Handle)
NTSTATUS NTAPI ObpCreateUnnamedHandle(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
OBJECT_HANDLE_COUNT_ENTRY SingleEntry
ACCESS_STATE LocalAccessState
NTSTATUS NTAPI ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
#define NT_SUCCESS(StatCode)
NTSTATUS NTAPI ObpValidateAccessMask(IN PACCESS_STATE AccessState)
#define EXCEPTION_EXECUTE_HANDLER
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
#define STATUS_PROCESS_IS_TERMINATING
#define ObDereferenceObject
static OB_SECURITY_METHOD SeDefaultObjectMethod
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
__in PWDFDEVICE_INIT __in BOOLEAN Exclusive
NTSTATUS NTAPI ObInitProcess(IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
#define ProbeForWriteHandle(Ptr)
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
_In_ HANDLE _In_opt_ HANDLE TargetProcessHandle
#define STATUS_ACCESS_DENIED
VOID NTAPI ObpCreateSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
#define STATUS_UNSUCCESSFUL
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
#define OB_FLAG_CREATE_INFO
#define ExAllocatePoolWithTag(hernya, size, tag)
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle(IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
#define InterlockedExchangeAddSizeT(a, b)
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
#define OBJ_FORCE_ACCESS_CHECK
#define InterlockedDecrement
NTSTATUS NTAPI ObpIncrementHandleDataBase(IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
BOOLEAN NTAPI IoSetThreadHardErrorMode(IN BOOLEAN HardErrorEnabled)
#define KeEnterCriticalRegion()
VOID NTAPI SePrivilegeObjectAuditAlarm(_In_ HANDLE Handle, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE CurrentMode)
Raises an audit with alarm notification message when an object tries to acquire this privilege.
#define STATUS_HANDLE_NOT_CLOSABLE
VOID NTAPI ObClearProcessHandleTable(IN PEPROCESS Process)
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]
BOOLEAN NTAPI ExEnumHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_ENUM_HANDLE_CALLBACK EnumHandleProcedure, IN OUT PVOID Context, OUT PHANDLE EnumHandle OPTIONAL)
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
static const WCHAR Cleanup[]
OBJECT_TYPE_INITIALIZER TypeInfo
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
#define OB_FLAG_KERNEL_MODE
enum _OB_OPEN_REASON OB_OPEN_REASON
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Releases an initialized object directory lookup context. Unlocks it if necessary, and dereferences th...
NTSTATUS NTAPI KeRaiseUserException(IN NTSTATUS ExceptionCode)
static GENERIC_MAPPING GenericMapping
BOOLEAN NTAPI ObCheckObjectAccess(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
#define ObpSymbolicLinkObjectType
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Initializes a new object directory lookup context. Used for lookup operations (insertions/deletions) ...
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
#define KeLeaveCriticalRegion()
#define InterlockedIncrement
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
PEPROCESS_QUOTA_BLOCK NTAPI PsChargeSharedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T AmountToChargePaged, _In_ SIZE_T AmountToChargeNonPaged)
Charges the shared (paged and non paged) pool quotas. The function is used exclusively by the Object ...
NTSTATUS NTAPI ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
OBP_LOOKUP_CONTEXT LookupContext
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
#define DUPLICATE_SAME_ATTRIBUTES
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
_Out_ PKAPC_STATE ApcState
#define OBTRACE(x, fmt,...)
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
NTSTATUS NTAPI ObDuplicateObject(IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
struct tagContext Context
NTSTATUS NTAPI NtDuplicateObject(IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
#define OBP_SYSTEM_PROCESS_QUOTA
#define ObpAccessProtectCloseBit
ACCESS_MASK * PACCESS_MASK
#define RtlZeroMemory(Destination, Length)
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
BOOLEAN NTAPI ObpDuplicateHandleCallback(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
#define RtlCopyMemory(Destination, Source, Length)
VOID NTAPI ObKillProcess(IN PEPROCESS Process)
#define _SEH2_EXCEPT(...)
#define InterlockedDecrementSizeT(a)
#define _SEH2_GetExceptionCode()
#define _SEH2_YIELD(__stmt)
#define ObKernelHandleToHandle(Handle)
#define OBJ_HANDLE_ATTRIBUTES
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
#define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h)
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
#define ExFreePoolWithTag(_P, _T)
POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount(IN POBJECT_HEADER ObjectHeader)
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
#define OB_FLAG_KERNEL_EXCLUSIVE
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
POBJECT_TYPE PsProcessType
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
KPROCESSOR_MODE AccessMode
PHANDLE_TABLE ObpKernelHandleTable
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG ObjectPointerBias
struct _OBJECT_HANDLE_COUNT_DATABASE OBJECT_HANDLE_COUNT_DATABASE
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
PULONG MinorVersion OPTIONAL
1.8.15