22 #define TAG_OB_HANDLE 'dHbO' 273 if (!HandleInfo)
return NULL;
283 OldHandleDatabase = &SingleDatabase;
284 OldSize =
sizeof(SingleDatabase);
306 if (!HandleDatabase)
return NULL;
357 *NewProcessHandleCount = 1;
379 *NewProcessHandleCount = 1;
397 *NewProcessHandleCount = ++HandleEntry->
HandleCount;
403 FreeEntry = HandleEntry;
424 *NewProcessHandleCount = 1;
438 ULONG PagedPoolCharge, NonPagedPoolCharge;
458 PagedPoolCharge =
ObjectType->TypeInfo.DefaultPagedPoolCharge;
459 NonPagedPoolCharge =
ObjectType->TypeInfo.DefaultNonPagedPoolCharge;
463 ObjectHeader->QuotaBlockCharged = (
PVOID)1;
464 DPRINT(
"FIXME: Should charge: %lx %lx\n", PagedPoolCharge, NonPagedPoolCharge);
544 "%s - Decrementing count for: %p. HC PC %lx %lx\n",
647 "%s - Decremented count for: %p. HC PC %lx %lx\n",
697 Body = &ObjectHeader->
Body;
700 "%s - Closing handle: %p for %p. HC PC %lx %lx\n",
708 if (
ObjectType->TypeInfo.OkayToCloseProcedure)
729 !(IgnoreHandleProtection))
770 "%s - Closed handle: %p for %p.\n",
831 "%s - Incrementing count for: %p. Reason: %lx. HC PC %lx %lx\n",
871 if ((!(ExclusiveProcess) && (ObjectHeader->
HandleCount)) ||
954 DPRINT1(
"ACCESS_SYSTEM_SECURITY not validated!\n");
1034 if (Total >
ObjectType->HighWaterNumberOfHandles)
1037 ObjectType->HighWaterNumberOfHandles = Total;
1042 "%s - Incremented count for: %p. Reason: %lx HC PC %lx %lx\n",
1106 "%s - Incrementing count for: %p. UNNAMED. HC PC %lx %lx\n",
1133 if ((!(ExclusiveProcess) && (ObjectHeader->
HandleCount)) ||
1160 (
ObjectType->TypeInfo.MaintainHandleCount) &&
1197 if (
ObjectType->TypeInfo.MaintainHandleCount)
1254 if (Total >
ObjectType->HighWaterNumberOfHandles)
1257 ObjectType->HighWaterNumberOfHandles = Total;
1262 "%s - Incremented count for: %p. UNNAMED HC PC %lx %lx\n",
1310 IN ULONG AdditionalReferences,
1331 "%s - Creating handle for: %p. UNNAMED. HC PC %lx %lx\n",
1338 NewEntry.
Object = ObjectHeader;
1355 AttachedToProcess =
TRUE;
1385 if (AdditionalReferences)
1389 AdditionalReferences);
1401 "%s - Handle Properties: [%p-%lx-%lx]\n",
1413 *ReturnedHandle =
Handle;
1416 if ((AdditionalReferences) && (ReturnedObject))
1419 *ReturnedObject =
Object;
1427 "%s - Returning Handle: %p HC PC %lx %lx\n",
1436 if (AdditionalReferences)
1440 -(
LONG)AdditionalReferences);
1497 IN ULONG AdditionalReferences,
1520 "%s - Creating handle for: %p. Reason: %lx. HC PC %lx %lx\n",
1536 NewEntry.
Object = ObjectHeader;
1550 AttachedToProcess =
TRUE;
1602 if (AdditionalReferences)
1606 AdditionalReferences);
1621 "%s - Handle Properties: [%p-%lx-%lx]\n",
1633 *ReturnedHandle =
Handle;
1663 if ((AdditionalReferences) && (ReturnedObject))
1666 *ReturnedObject =
Object;
1674 "%s - Returning Handle: %p HC PC %lx %lx\n",
1689 if (AdditionalReferences)
1692 if (AdditionalReferences > 1)
1696 -(
LONG)(AdditionalReferences - 1));
1754 AttachedToProcess =
TRUE;
1768 if (HandleTableEntry)
1832 "%s - Closed handle: %p S: %lx\n",
1968 Ret = (HandleTableEntry->ObAttributes &
OBJ_INHERIT) != 0;
1981 AccessState.PreviouslyGrantedAccess = HandleTableEntry->GrantedAccess;
2040 AttachedToProcess =
TRUE;
2059 if (AttachedToProcess)
2115 Process->ObjectTable = ObjectTable;
2228 "%s - Duplicating handle: %p for %p into %p\n",
2335 AttachedToProcess =
TRUE;
2360 NewHandleEntry.
Object = ObjectHeader;
2377 if (TargetAccess & ~SourceAccess)
2414 if (AttachedToProcess)
2418 AttachedToProcess =
FALSE;
2481 "%s - Duplicated handle: %p for %p into %p. Source: %p HC PC %lx %lx\n",
2696 "%s - returning Object %p with PC S: %lx %lx\n",
2773 &
Header->Type->TypeInfo.GenericMapping);
2817 "%s - returning Object with PC S: %lx %lx\n",
2962 DPRINT1(
"OB: Attempting to insert existing object %p\n",
Object);
2977 if ((ObjectNameInfo) && (ObjectNameInfo->
Name.
Buffer))
3018 "%s - returning Object with PC S: %lx %lx\n",
3146 if (InsertObject ==
Object)
3152 if ((ObjectNameInfo) && (ObjectNameInfo->
Directory))
3167 if (ParentDescriptor)
3275 "%s - returning Object with PC RS/S: %lx %lx %lx\n",
3326 AttachedToSystemProcess =
TRUE;
3337 SetHandleAttributesContext.
Information = *HandleFlags;
3343 (
ULONG_PTR)&SetHandleAttributesContext);
3346 if (AttachedToSystemProcess)
3419 "%s - Duplicating handle: %p for %p into %p.\n",
3422 SourceProcessHandle,
3448 (
PVOID*)&SourceProcess,
3460 (
PVOID*)&TargetProcess,
3509 "%s - Duplicated handle: %p into %p S %lx\n",
NTSTATUS NTAPI ObOpenObjectByName(IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN OUT PVOID ParseContext, OUT PHANDLE Handle)
#define STATUS_OBJECT_NAME_COLLISION
PPRIVILEGE_SET PrivilegeSet
POBJECT_HEADER ObjectHeader
BOOLEAN KdDebuggerEnabled
#define TAG_OB_TEMP_STORAGE
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
NTSTATUS NTAPI ObAssignSecurity(IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
PSECURITY_DESCRIPTOR SecurityDescriptor
#define DUPLICATE_CLOSE_SOURCE
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
NTSTATUS NTAPI SeCreateAccessState(IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
#define STATUS_INSUFFICIENT_RESOURCES
OBJECT_HANDLE_ATTRIBUTE_INFORMATION Information
#define STATUS_QUOTA_EXCEEDED
BOOLEAN NTAPI ExDestroyHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PHANDLE_TABLE_ENTRY HandleTableEntry OPTIONAL)
KPROCESSOR_MODE PreviousMode
NTKERNELAPI VOID FASTCALL ExRundownCompleted(_Out_ PEX_RUNDOWN_REF RunRef)
#define ACCESS_SYSTEM_SECURITY
#define PsGetCurrentThread()
NTSTATUS NTAPI ObSetHandleAttributes(IN HANDLE Handle, IN POBJECT_HANDLE_ATTRIBUTE_INFORMATION HandleFlags, IN KPROCESSOR_MODE PreviousMode)
BOOLEAN NTAPI ObFindHandleForObject(IN PEPROCESS Process, IN PVOID Object, IN POBJECT_TYPE ObjectType, IN POBJECT_HANDLE_INFORMATION HandleInformation, OUT PHANDLE Handle)
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
BOOLEAN NTAPI ObIsKernelHandle(IN HANDLE Handle)
#define OBJECT_HEADER_TO_HANDLE_INFO(h)
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
#define STATUS_INVALID_PARAMETER
OBJECT_CREATE_INFORMATION ObjectCreateInfo
NTSTATUS NTAPI ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
VOID NTAPI ObpFreeObjectNameBuffer(IN PUNICODE_STRING Name)
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
VOID NTAPI ExDestroyHandleTable(IN PHANDLE_TABLE HandleTable, IN PVOID DestroyHandleProcedure OPTIONAL)
#define KeGetPreviousMode()
#define STATUS_OBJECT_NAME_EXISTS
#define NtCurrentThread()
#define ExAcquireRundownProtection
_Inout_opt_ PACCESS_STATE PassedAccessState
FORCEINLINE VOID ObpReleaseObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
#define OB_FLAG_SINGLE_PROCESS
IN PVOID IN PVOID IN USHORT IN USHORT Size
_Must_inspect_result_ _In_ _In_ ULONG ProbeMode
#define OBJECT_HEADER_TO_NAME_INFO(h)
#define ObpIsKernelHandle(Handle, ProcessorMode)
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
NTSTATUS NTAPI ObpIncrementUnnamedHandleCount(IN PVOID Object, IN PACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process)
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
GENERIC_MAPPING GenericMapping
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
#define InsertTailList(ListHead, Entry)
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
NTSTATUS NTAPI ObpCreateHandle(IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
#define OBJ_KERNEL_HANDLE
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
#define STATUS_INVALID_HANDLE
BOOLEAN NTAPI ExChangeHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PEX_CHANGE_HANDLE_CALLBACK ChangeRoutine, IN ULONG_PTR Context)
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
PHANDLE_TABLE HandleTable
#define OBJECT_TO_OBJECT_HEADER(o)
struct _OBJECT_HANDLE_COUNT_ENTRY OBJECT_HANDLE_COUNT_ENTRY
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
#define OBJ_PROTECT_CLOSE
#define OBJ_AUDIT_OBJECT_CLOSE
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
#define DUPLICATE_SAME_ACCESS
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
PEPROCESS PsInitialSystemProcess
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
#define InterlockedIncrementSizeT(a)
struct _OBP_CLOSE_HANDLE_CONTEXT * POBP_CLOSE_HANDLE_CONTEXT
#define PROCESS_DUP_HANDLE
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
BOOLEAN NTAPI KeIsAttachedProcess(VOID)
#define PsGetCurrentProcess
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
#define ObpGetHandleObject(x)
POBJECT_HANDLE_INFORMATION HandleInformation
FORCEINLINE VOID ObpFreeObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
BOOLEAN NTAPI ObpSetHandleAttributes(IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
NTKERNELAPI VOID FASTCALL ExWaitForRundownProtectionRelease(_Inout_ PEX_RUNDOWN_REF RunRef)
#define OB_FLAG_EXCLUSIVE
NTSTATUS NTAPI ObpCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
#define NtCurrentProcess()
struct _EPROCESS * Process
PHANDLE_TABLE NTAPI ExDupHandleTable(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PEX_DUPLICATE_HANDLE_CALLBACK DupHandleProcedure, IN ULONG_PTR Mask)
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
_In_ KPROCESSOR_MODE PreviousMode
#define STATUS_OBJECT_TYPE_MISMATCH
BOOLEAN NTAPI ObpEnumFindHandleProcedure(IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN PVOID Context)
_In_ PWDFDEVICE_INIT _In_ PWDF_REMOVE_LOCK_OPTIONS Options
#define ObMarkHandleAsKernelHandle(Handle)
NTSTATUS NTAPI ObpCreateUnnamedHandle(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
OBJECT_HANDLE_COUNT_ENTRY SingleEntry
ACCESS_STATE LocalAccessState
NTSTATUS NTAPI ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
#define NT_SUCCESS(StatCode)
NTSTATUS NTAPI ObpValidateAccessMask(IN PACCESS_STATE AccessState)
#define EXCEPTION_EXECUTE_HANDLER
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
#define STATUS_PROCESS_IS_TERMINATING
#define ObDereferenceObject
static OB_SECURITY_METHOD SeDefaultObjectMethod
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
__in PWDFDEVICE_INIT __in BOOLEAN Exclusive
NTSTATUS NTAPI ObInitProcess(IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
#define ProbeForWriteHandle(Ptr)
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
_In_ HANDLE _In_opt_ HANDLE TargetProcessHandle
#define STATUS_ACCESS_DENIED
VOID NTAPI ObpCreateSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
#define STATUS_UNSUCCESSFUL
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
#define OB_FLAG_CREATE_INFO
#define ExAllocatePoolWithTag(hernya, size, tag)
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle(IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
#define InterlockedExchangeAddSizeT(a, b)
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
#define OBJ_FORCE_ACCESS_CHECK
#define InterlockedDecrement
NTSTATUS NTAPI ObpIncrementHandleDataBase(IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
BOOLEAN NTAPI IoSetThreadHardErrorMode(IN BOOLEAN HardErrorEnabled)
#define KeEnterCriticalRegion()
#define STATUS_HANDLE_NOT_CLOSABLE
VOID NTAPI ObClearProcessHandleTable(IN PEPROCESS Process)
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]
BOOLEAN NTAPI ExEnumHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_ENUM_HANDLE_CALLBACK EnumHandleProcedure, IN OUT PVOID Context, OUT PHANDLE EnumHandle OPTIONAL)
static const WCHAR Cleanup[]
OBJECT_TYPE_INITIALIZER TypeInfo
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
#define OB_FLAG_KERNEL_MODE
enum _OB_OPEN_REASON OB_OPEN_REASON
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
NTSTATUS NTAPI KeRaiseUserException(IN NTSTATUS ExceptionCode)
static GENERIC_MAPPING GenericMapping
BOOLEAN NTAPI ObCheckObjectAccess(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
#define ObpSymbolicLinkObjectType
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
#define KeLeaveCriticalRegion()
#define InterlockedIncrement
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
NTSTATUS NTAPI ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
OBP_LOOKUP_CONTEXT LookupContext
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
#define DUPLICATE_SAME_ATTRIBUTES
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
_Out_ PKAPC_STATE ApcState
#define OBTRACE(x, fmt,...)
VOID NTAPI SeDeleteAccessState(IN PACCESS_STATE AccessState)
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
NTSTATUS NTAPI ObDuplicateObject(IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
struct tagContext Context
VOID NTAPI SePrivilegeObjectAuditAlarm(IN HANDLE Handle, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE CurrentMode)
NTSTATUS NTAPI NtDuplicateObject(IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
#define ObpAccessProtectCloseBit
ACCESS_MASK * PACCESS_MASK
#define RtlZeroMemory(Destination, Length)
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
BOOLEAN NTAPI ObpDuplicateHandleCallback(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
#define RtlCopyMemory(Destination, Source, Length)
VOID NTAPI ObKillProcess(IN PEPROCESS Process)
#define _SEH2_EXCEPT(...)
#define InterlockedDecrementSizeT(a)
#define ExFreePoolWithTag(_P, _T)
#define _SEH2_GetExceptionCode()
#define _SEH2_YIELD(__stmt)
#define ObKernelHandleToHandle(Handle)
BOOLEAN NTAPI SeDetailedAuditingWithToken(IN PTOKEN Token)
#define OBJ_HANDLE_ATTRIBUTES
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
#define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h)
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount(IN POBJECT_HEADER ObjectHeader)
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
#define OB_FLAG_KERNEL_EXCLUSIVE
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
POBJECT_TYPE PsProcessType
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
KPROCESSOR_MODE AccessMode
PHANDLE_TABLE ObpKernelHandleTable
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG ObjectPointerBias
struct _OBJECT_HANDLE_COUNT_DATABASE OBJECT_HANDLE_COUNT_DATABASE
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
PULONG MinorVersion OPTIONAL
1.8.15