d4/df6/obhandle_8c_source.html

 /*
  * PROJECT:         ReactOS Kernel
  * LICENSE:         GPL - See COPYING in the top level directory
  * FILE:            ntoskrnl/ob/obhandle.c
  * PURPOSE:         Manages all functions related to the Object Manager handle
  *                  implementation, including creating and destroying handles
  *                  and/or handle tables, duplicating objects, and setting the
  *                  permanent or temporary flags.
  * PROGRAMMERS:     Alex Ionescu (alex.ionescu@reactos.org)
  *                  Eric Kohl
  *                  Thomas Weidenmueller (w3seek@reactos.org)
  */

 /* INCLUDES ******************************************************************/

 #include <ntoskrnl.h>
 #define NDEBUG
 #include <debug.h>

 PHANDLE_TABLE ObpKernelHandleTable = NULL;
 ULONG ObpAccessProtectCloseBit = MAXIMUM_ALLOWED;

 #define TAG_OB_HANDLE 'dHbO'

 /* PRIVATE FUNCTIONS *********************************************************/

 PHANDLE_TABLE
 NTAPI
 ObReferenceProcessHandleTable(IN PEPROCESS Process)
 {
     PHANDLE_TABLE HandleTable = NULL;

     /* Lock the process */
     if (ExAcquireRundownProtection(&Process->RundownProtect))
     {
         /* Get the handle table */
         HandleTable = Process->ObjectTable;
         if (!HandleTable)
         {
             /* No table, release the lock */
             ExReleaseRundownProtection(&Process->RundownProtect);
         }
     }

     /* Return the handle table */
     return HandleTable;
 }

 VOID
 NTAPI
 ObDereferenceProcessHandleTable(IN PEPROCESS Process)
 {
     /* Release the process lock */
     ExReleaseRundownProtection(&Process->RundownProtect);
 }

 ULONG
 NTAPI
 ObGetProcessHandleCount(IN PEPROCESS Process)
 {
     ULONG HandleCount;
     PHANDLE_TABLE HandleTable;

     ASSERT(Process);

     /* Ensure the handle table doesn't go away while we use it */
     HandleTable = ObReferenceProcessHandleTable(Process);

     if (HandleTable != NULL)
     {
         /* Count the number of handles the process has */
         HandleCount = HandleTable->HandleCount;

         /* Let the handle table go */
         ObDereferenceProcessHandleTable(Process);
     }
     else
     {
         /* No handle table, no handles */
         HandleCount = 0;
     }

     return HandleCount;
 }

 NTSTATUS
 NTAPI
 ObpReferenceProcessObjectByHandle(IN HANDLE Handle,
                                   IN PEPROCESS Process,
                                   IN PHANDLE_TABLE HandleTable,
                                   IN KPROCESSOR_MODE AccessMode,
                                   OUT PVOID *Object,
                                   OUT POBJECT_HANDLE_INFORMATION HandleInformation,
                                   OUT PACCESS_MASK AuditMask)
 {
     PHANDLE_TABLE_ENTRY HandleEntry;
     POBJECT_HEADER ObjectHeader;
     ACCESS_MASK GrantedAccess;
     ULONG Attributes;
     PETHREAD Thread = PsGetCurrentThread();
     NTSTATUS Status;

     /* Assume failure */
     *Object = NULL;

     /* Check if this is a special handle */
     if (HandleToLong(Handle) < 0)
     {
         /* Check if the caller wants the current process */
         if (Handle == NtCurrentProcess())
         {
             /* Return handle info */
             HandleInformation->HandleAttributes = 0;
             HandleInformation->GrantedAccess = Process->GrantedAccess;

             /* No audit mask */
             *AuditMask = 0;

             /* Reference ourselves */
             ObjectHeader = OBJECT_TO_OBJECT_HEADER(Process);
             InterlockedIncrementSizeT(&ObjectHeader->PointerCount);

             /* Return the pointer */
             *Object = Process;
             ASSERT(*Object != NULL);
             return STATUS_SUCCESS;
         }

         /* Check if the caller wants the current thread */
         if (Handle == NtCurrentThread())
         {
             /* Return handle information */
             HandleInformation->HandleAttributes = 0;
             HandleInformation->GrantedAccess = Thread->GrantedAccess;

             /* Reference ourselves */
             ObjectHeader = OBJECT_TO_OBJECT_HEADER(Thread);
             InterlockedIncrementSizeT(&ObjectHeader->PointerCount);

             /* No audit mask */
             *AuditMask = 0;

             /* Return the pointer */
             *Object = Thread;
             ASSERT(*Object != NULL);
             return STATUS_SUCCESS;
         }

         /* This is a kernel handle... do we have access? */
         if (AccessMode == KernelMode)
         {
             /* Use the kernel handle table and get the actual handle value */
             Handle = ObKernelHandleToHandle(Handle);
             HandleTable = ObpKernelHandleTable;
         }
         else
         {
             /* This is an illegal attempt to access a kernel handle */
             return STATUS_INVALID_HANDLE;
         }
     }

     /* Enter a critical region while we touch the handle table */
     ASSERT(HandleTable != NULL);
     KeEnterCriticalRegion();

     /* Get the handle entry */
     HandleEntry = ExMapHandleToPointer(HandleTable, Handle);
     if (HandleEntry)
     {
         /* Get the object header and validate the type*/
         ObjectHeader = ObpGetHandleObject(HandleEntry);

         /* Get the granted access and validate it */
         GrantedAccess = HandleEntry->GrantedAccess;

         /* Mask out the internal attributes */
         Attributes = HandleEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES;

         /* Fill out the information */
         HandleInformation->HandleAttributes = Attributes;
         HandleInformation->GrantedAccess = GrantedAccess;

         /* No audit mask (FIXME!) */
         *AuditMask = 0;

         /* Return the pointer */
         *Object = &ObjectHeader->Body;

         /* Add a reference */
         InterlockedIncrementSizeT(&ObjectHeader->PointerCount);

         /* Unlock the handle */
         ExUnlockHandleTableEntry(HandleTable, HandleEntry);
         KeLeaveCriticalRegion();

         /* Return success */
         ASSERT(*Object != NULL);
         return STATUS_SUCCESS;
     }
     else
     {
         /* Invalid handle */
         Status = STATUS_INVALID_HANDLE;
     }

     /* Return failure status */
     KeLeaveCriticalRegion();
     return Status;
 }

 BOOLEAN
 NTAPI
 ObpEnumFindHandleProcedure(IN PHANDLE_TABLE_ENTRY HandleEntry,
                            IN HANDLE Handle,
                            IN PVOID Context)
 {
     POBJECT_HEADER ObjectHeader;
     ACCESS_MASK GrantedAccess;
     ULONG HandleAttributes;
     POBP_FIND_HANDLE_DATA FindData = Context;

     /* Get the object header */
     ObjectHeader = ObpGetHandleObject(HandleEntry);

     /* Make sure it's valid and matching */
     if ((FindData->ObjectHeader) && (FindData->ObjectHeader != ObjectHeader))
     {
         /* No match, fail */
         return FALSE;
     }

     /* Now attempt to match the object type */
     if ((FindData->ObjectType) && (FindData->ObjectType != ObjectHeader->Type))
     {
         /* No match, fail */
         return FALSE;
     }

     /* Check if we have extra information */
     if (FindData->HandleInformation)
     {
         /* Get the granted access and attributes */
         GrantedAccess = HandleEntry->GrantedAccess;
         HandleAttributes = HandleEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES;

         /* Attempt to match them */
         if ((FindData->HandleInformation->HandleAttributes != HandleAttributes) ||
             (FindData->HandleInformation->GrantedAccess != GrantedAccess))
         {
             /* No match, fail */
             return FALSE;
         }
     }

     /* We have a match */
     return TRUE;
 }

 POBJECT_HANDLE_COUNT_ENTRY
 NTAPI
 ObpInsertHandleCount(IN POBJECT_HEADER ObjectHeader)
 {
     POBJECT_HEADER_HANDLE_INFO HandleInfo;
     POBJECT_HANDLE_COUNT_ENTRY FreeEntry;
     POBJECT_HANDLE_COUNT_DATABASE HandleDatabase, OldHandleDatabase;
     ULONG i;
     ULONG Size, OldSize;
     OBJECT_HANDLE_COUNT_DATABASE SingleDatabase;
     PAGED_CODE();

     /* Get the handle info */
     HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
     if (!HandleInfo) return NULL;

     /* Check if we only have one entry */
     if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
     {
         /* Fill out the single entry */
         SingleDatabase.CountEntries = 1;
         SingleDatabase.HandleCountEntries[0] = HandleInfo->SingleEntry;

         /* Use this as the old size */
         OldHandleDatabase = &SingleDatabase;
         OldSize = sizeof(SingleDatabase);

         /* Now we'll have two entries, and an entire DB */
         i = 2;
         Size = sizeof(OBJECT_HANDLE_COUNT_DATABASE) +
                ((i - 1) * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
     }
     else
     {
         /* We already have a DB, get the information from it */
         OldHandleDatabase = HandleInfo->HandleCountDatabase;
         i = OldHandleDatabase->CountEntries;
         OldSize = sizeof(OBJECT_HANDLE_COUNT_DATABASE) +
                   ((i - 1) * sizeof(OBJECT_HANDLE_COUNT_ENTRY));

         /* Add 4 more entries */
         i += 4;
         Size = OldSize + (4 * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
     }

     /* Allocate the DB */
     HandleDatabase = ExAllocatePoolWithTag(PagedPool, Size, TAG_OB_HANDLE);
     if (!HandleDatabase) return NULL;

     /* Copy the old database */
     RtlCopyMemory(HandleDatabase, OldHandleDatabase, OldSize);

     /* Check if we he had a single entry before */
     if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
     {
         /* Now we have more */
         ObjectHeader->Flags &= ~OB_FLAG_SINGLE_PROCESS;
     }
     else
     {
         /* Otherwise we had a DB, free it */
         ExFreePoolWithTag(OldHandleDatabase, TAG_OB_HANDLE);
     }

     /* Find the end of the copy and zero out the new data */
     FreeEntry = (PVOID)((ULONG_PTR)HandleDatabase + OldSize);
     RtlZeroMemory(FreeEntry, Size - OldSize);

     /* Set the new information and return the free entry */
     HandleDatabase->CountEntries = i;
     HandleInfo->HandleCountDatabase = HandleDatabase;
     return FreeEntry;
 }

 NTSTATUS
 NTAPI
 ObpIncrementHandleDataBase(IN POBJECT_HEADER ObjectHeader,
                            IN PEPROCESS Process,
                            IN OUT PULONG NewProcessHandleCount)
 {
     POBJECT_HEADER_HANDLE_INFO HandleInfo;
     POBJECT_HANDLE_COUNT_ENTRY HandleEntry, FreeEntry = NULL;
     POBJECT_HANDLE_COUNT_DATABASE HandleDatabase;
     ULONG i;
     PAGED_CODE();

     /* Get the handle info and check if we only have one entry */
     HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
     if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
     {
         /* Check if the entry is free */
         if (!HandleInfo->SingleEntry.HandleCount)
         {
             /* Add ours */
             HandleInfo->SingleEntry.HandleCount = 1;
             HandleInfo->SingleEntry.Process = Process;

             /* Return success and 1 handle */
             *NewProcessHandleCount = 1;
             return STATUS_SUCCESS;
         }
         else if (HandleInfo->SingleEntry.Process == Process)
         {
             /* Busy entry, but same process */
             *NewProcessHandleCount = ++HandleInfo->SingleEntry.HandleCount;
             return STATUS_SUCCESS;
         }
         else
         {
             /* Insert a new entry */
             FreeEntry = ObpInsertHandleCount(ObjectHeader);
             if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
             ASSERT(!FreeEntry->Process);
             ASSERT(!FreeEntry->HandleCount);

             /* Fill it out */
             FreeEntry->Process = Process;
             FreeEntry->HandleCount = 1;

             /* Return success and 1 handle */
             *NewProcessHandleCount = 1;
             return STATUS_SUCCESS;
         }
     }

     /* We have a database instead */
     HandleDatabase = HandleInfo->HandleCountDatabase;
     if (HandleDatabase)
     {
         /* Get the entries and loop them */
         i = HandleDatabase->CountEntries;
         HandleEntry = &HandleDatabase->HandleCountEntries[0];
         while (i)
         {
             /* Check if this is a match */
             if (HandleEntry->Process == Process)
             {
                 /* Found it, get the process handle count */
                 *NewProcessHandleCount = ++HandleEntry->HandleCount;
                 return STATUS_SUCCESS;
             }
             else if (!HandleEntry->HandleCount)
             {
                 /* Found a free entry */
                 FreeEntry = HandleEntry;
             }

             /* Keep looping */
             HandleEntry++;
             i--;
         }

         /* Check if we couldn't find a free entry */
         if (!FreeEntry)
         {
             /* Allocate one */
             FreeEntry = ObpInsertHandleCount(ObjectHeader);
             if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
             ASSERT(!FreeEntry->Process);
             ASSERT(!FreeEntry->HandleCount);
         }

         /* Fill out the entry */
         FreeEntry->Process = Process;
         FreeEntry->HandleCount = 1;
         *NewProcessHandleCount = 1;
     }

     /* Return success if we got here */
     return STATUS_SUCCESS;
 }

 NTSTATUS
 NTAPI
 ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader,
                         IN POBJECT_TYPE ObjectType,
                         OUT PBOOLEAN NewObject)
 {
     POBJECT_HEADER_QUOTA_INFO ObjectQuota;
     ULONG PagedPoolCharge, NonPagedPoolCharge;

     /* Get quota information */
     ObjectQuota = OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader);
     *NewObject = FALSE;

     /* Check if this is a new object */
     if (ObjectHeader->Flags & OB_FLAG_CREATE_INFO)
     {
         /* Remove the flag */
         ObjectHeader->Flags &= ~ OB_FLAG_CREATE_INFO;
         if (ObjectQuota)
         {
             /* We have a quota, get the charges */
             PagedPoolCharge = ObjectQuota->PagedPoolCharge;
             NonPagedPoolCharge = ObjectQuota->NonPagedPoolCharge;
         }
         else
         {
             /* Get it from the object type */
             PagedPoolCharge = ObjectType->TypeInfo.DefaultPagedPoolCharge;
             NonPagedPoolCharge = ObjectType->TypeInfo.DefaultNonPagedPoolCharge;
         }

         /* Charge the quota */
         ObjectHeader->QuotaBlockCharged = (PVOID)1;
         DPRINT("FIXME: Should charge: %lx %lx\n", PagedPoolCharge, NonPagedPoolCharge);
 #if 0
             PsChargeSharedPoolQuota(PsGetCurrentProcess(),
                                     PagedPoolCharge,
                                     NonPagedPoolCharge);
 #endif

         /* Check if we don't have a quota block */
         if (!ObjectHeader->QuotaBlockCharged) return STATUS_QUOTA_EXCEEDED;

         /* Now set the flag */
         *NewObject = TRUE;
     }

     /* Return success */
     return STATUS_SUCCESS;
 }

 NTSTATUS
 NTAPI
 ObpValidateAccessMask(IN PACCESS_STATE AccessState)
 {
     PISECURITY_DESCRIPTOR SecurityDescriptor;

     /* We're only interested if the object for this access state has an SD */
     SecurityDescriptor = AccessState->SecurityDescriptor;
     if (SecurityDescriptor)
     {
         /* Check if the SD has a system ACL but hasn't been granted access to get/set it */
         if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
             !(AccessState->PreviouslyGrantedAccess & ACCESS_SYSTEM_SECURITY))
         {
             /* We're gonna need access */
             AccessState->RemainingDesiredAccess |= ACCESS_SYSTEM_SECURITY;
         }
     }

     /* This can't fail */
     return STATUS_SUCCESS;
 }

 /*++
 * @name ObpDecrementHandleCount
 *
 *     The ObpDecrementHandleCount routine <FILLMEIN>
 *
 * @param ObjectBody
 *        <FILLMEIN>.
 *
 * @param Process
 *        <FILLMEIN>.
 *
 * @param GrantedAccess
 *        <FILLMEIN>.
 *
 * @return None.
 *
 * @remarks None.
 *
 *--*/
 VOID
 NTAPI
 ObpDecrementHandleCount(IN PVOID ObjectBody,
                         IN PEPROCESS Process,
                         IN ACCESS_MASK GrantedAccess,
                         IN POBJECT_TYPE ObjectType)
 {
     POBJECT_HEADER ObjectHeader;
     LONG SystemHandleCount, ProcessHandleCount;
     LONG NewCount;
     KIRQL CalloutIrql;
     POBJECT_HEADER_HANDLE_INFO HandleInfo;
     POBJECT_HANDLE_COUNT_ENTRY HandleEntry;
     POBJECT_HANDLE_COUNT_DATABASE HandleDatabase;
     ULONG i;
     PAGED_CODE();

     /* Get the object type and header */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(ObjectBody);
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Decrementing count for: %p. HC PC %lx %lx\n",
             __FUNCTION__,
             ObjectBody,
             ObjectHeader->HandleCount,
             ObjectHeader->PointerCount);

     /* Lock the object */
     ObpAcquireObjectLock(ObjectHeader);

     /* Set default counts */
     SystemHandleCount = ObjectHeader->HandleCount;
     ProcessHandleCount = 0;

     /* Decrement the handle count */
     NewCount = InterlockedDecrementSizeT(&ObjectHeader->HandleCount);

     /* Check if we're out of handles and this was an exclusive object */
     if (!(NewCount) && (ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
     {
         /* Clear the exclusive flag */
         OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = NULL;
     }

     /* Is the object type keeping track of handles? */
     if (ObjectType->TypeInfo.MaintainHandleCount)
     {
         /* Get handle information */
         HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);

         /* Check if there's only a single entry */
         if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
         {
             /* It should be us */
             ASSERT(HandleInfo->SingleEntry.Process == Process);
             ASSERT(HandleInfo->SingleEntry.HandleCount > 0);

             /* Get the handle counts */
             ProcessHandleCount = HandleInfo->SingleEntry.HandleCount--;
             HandleEntry = &HandleInfo->SingleEntry;
         }
         else
         {
             /* Otherwise, get the database */
             HandleDatabase = HandleInfo->HandleCountDatabase;
             if (HandleDatabase)
             {
                 /* Get the entries and loop them */
                 i = HandleDatabase->CountEntries;
                 HandleEntry = &HandleDatabase->HandleCountEntries[0];
                 while (i)
                 {
                     /* Check if this is a match */
                     if ((HandleEntry->HandleCount) &&
                         (HandleEntry->Process == Process))
                     {
                         /* Found it, get the process handle count */
                         ProcessHandleCount = HandleEntry->HandleCount--;
                         break;
                     }

                     /* Keep looping */
                     HandleEntry++;
                     i--;
                 }
             }
             else
             {
                 /* No database, so no entry */
                 HandleEntry = NULL;
             }
         }

         /* Check if this is the last handle */
         if (ProcessHandleCount == 1)
         {
             /* Then clear the entry */
             HandleEntry->Process = NULL;
             HandleEntry->HandleCount = 0;
         }
     }

     /* Release the lock */
     ObpReleaseObjectLock(ObjectHeader);

     /* Check if we have a close procedure */
     if (ObjectType->TypeInfo.CloseProcedure)
     {
         /* Call it */
         ObpCalloutStart(&CalloutIrql);
         ObjectType->TypeInfo.CloseProcedure(Process,
                                             ObjectBody,
                                             GrantedAccess,
                                             ProcessHandleCount,
                                             SystemHandleCount);
         ObpCalloutEnd(CalloutIrql, "Close", ObjectType, ObjectBody);
     }

     /* Check if we should delete the object */
     ObpDeleteNameCheck(ObjectBody);

     /* Decrease the total number of handles for this type */
     InterlockedDecrement((PLONG)&ObjectType->TotalNumberOfHandles);
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Decremented count for: %p. HC PC %lx %lx\n",
             __FUNCTION__,
             ObjectBody,
             ObjectHeader->HandleCount,
             ObjectHeader->PointerCount);
 }

 /*++
 * @name ObpCloseHandleTableEntry
 *
 *     The ObpCloseHandleTableEntry routine <FILLMEIN>
 *
 * @param HandleTable
 *        <FILLMEIN>.
 *
 * @param HandleEntry
 *        <FILLMEIN>.
 *
 * @param Handle
 *        <FILLMEIN>.
 *
 * @param AccessMode
 *        <FILLMEIN>.
 *
 * @param IgnoreHandleProtection
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable,
                          IN PHANDLE_TABLE_ENTRY HandleEntry,
                          IN HANDLE Handle,
                          IN KPROCESSOR_MODE AccessMode,
                          IN BOOLEAN IgnoreHandleProtection)
 {
     PVOID Body;
     POBJECT_TYPE ObjectType;
     POBJECT_HEADER ObjectHeader;
     ACCESS_MASK GrantedAccess;
     KIRQL CalloutIrql;
     PAGED_CODE();

     /* Get the object data */
     ObjectHeader = ObpGetHandleObject(HandleEntry);
     ObjectType = ObjectHeader->Type;
     Body = &ObjectHeader->Body;
     GrantedAccess = HandleEntry->GrantedAccess;
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Closing handle: %p for %p. HC PC %lx %lx\n",
             __FUNCTION__,
             Handle,
             Body,
             ObjectHeader->HandleCount,
             ObjectHeader->PointerCount);

     /* Check if the object has an Okay To Close procedure */
     if (ObjectType->TypeInfo.OkayToCloseProcedure)
     {
         /* Call it and check if it's not letting us close it */
         ObpCalloutStart(&CalloutIrql);
         if (!ObjectType->TypeInfo.OkayToCloseProcedure(PsGetCurrentProcess(),
                                                        Body,
                                                        Handle,
                                                        AccessMode))
         {
             /* Fail */
             ObpCalloutEnd(CalloutIrql, "NtClose", ObjectType, Body);
             ExUnlockHandleTableEntry(HandleTable, HandleEntry);
             return STATUS_HANDLE_NOT_CLOSABLE;
         }

         /* Success, validate callout retrn */
         ObpCalloutEnd(CalloutIrql, "NtClose", ObjectType, Body);
     }

     /* The callback allowed us to close it, but does the handle itself? */
     if ((HandleEntry->ObAttributes & OBJ_PROTECT_CLOSE) &&
         !(IgnoreHandleProtection))
     {
         /* It doesn't, are we from user mode? */
         if (AccessMode != KernelMode)
         {
             /* We are! Unlock the entry */
             ExUnlockHandleTableEntry(HandleTable, HandleEntry);

             /* Make sure we have a debug port */
             if (PsGetCurrentProcess()->DebugPort)
             {
                 /* Raise an exception */
                 return KeRaiseUserException(STATUS_HANDLE_NOT_CLOSABLE);
             }
             else
             {
                 /* Return the error instead */
                 return STATUS_HANDLE_NOT_CLOSABLE;
             }
         }
         else
         {
             /* Otherwise, bugcheck the OS */
             KeBugCheckEx(INVALID_KERNEL_HANDLE, (ULONG_PTR)Handle, 0, 0, 0);
         }
     }

     /* Destroy and unlock the handle entry */
     ExDestroyHandle(HandleTable, Handle, HandleEntry);

     /* Now decrement the handle count */
     ObpDecrementHandleCount(Body,
                             PsGetCurrentProcess(),
                             GrantedAccess,
                             ObjectType);

     /* Dereference the object as well */
     ObDereferenceObject(Body);

     /* Return to caller */
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Closed handle: %p for %p.\n",
             __FUNCTION__,
             Handle,
             Body);
     return STATUS_SUCCESS;
 }

 /*++
 * @name ObpIncrementHandleCount
 *
 *     The ObpIncrementHandleCount routine <FILLMEIN>
 *
 * @param Object
 *        <FILLMEIN>.
 *
 * @param AccessState
 *        <FILLMEIN>.
 *
 * @param AccessMode
 *        <FILLMEIN>.
 *
 * @param HandleAttributes
 *        <FILLMEIN>.
 *
 * @param Process
 *        <FILLMEIN>.
 *
 * @param OpenReason
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObpIncrementHandleCount(IN PVOID Object,
                         IN PACCESS_STATE AccessState OPTIONAL,
                         IN KPROCESSOR_MODE AccessMode,
                         IN ULONG HandleAttributes,
                         IN PEPROCESS Process,
                         IN OB_OPEN_REASON OpenReason)
 {
     POBJECT_HEADER ObjectHeader;
     POBJECT_TYPE ObjectType;
     ULONG ProcessHandleCount;
     NTSTATUS Status;
     PEPROCESS ExclusiveProcess;
     BOOLEAN Exclusive = FALSE, NewObject;
     POBJECT_HEADER_CREATOR_INFO CreatorInfo;
     KIRQL CalloutIrql;
     KPROCESSOR_MODE ProbeMode;
     ULONG Total;
     POBJECT_HEADER_NAME_INFO NameInfo;
     PAGED_CODE();

     /* Get the object header and type */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
     ObjectType = ObjectHeader->Type;
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Incrementing count for: %p. Reason: %lx. HC PC %lx %lx\n",
             __FUNCTION__,
             Object,
             OpenReason,
             ObjectHeader->HandleCount,
             ObjectHeader->PointerCount);

     /* Check if caller is forcing user mode */
     if (HandleAttributes & OBJ_FORCE_ACCESS_CHECK)
     {
         /* Force it */
         ProbeMode = UserMode;
     }
     else
     {
         /* Keep original setting */
         ProbeMode = AccessMode;
     }

     /* Lock the object */
     ObpAcquireObjectLock(ObjectHeader);

     /* Charge quota and remove the creator info flag */
     Status = ObpChargeQuotaForObject(ObjectHeader, ObjectType, &NewObject);
     if (!NT_SUCCESS(Status)) return Status;

     /* Check if the open is exclusive */
     if (HandleAttributes & OBJ_EXCLUSIVE)
     {
         /* Check if the object allows this, or if the inherit flag was given */
         if ((HandleAttributes & OBJ_INHERIT) ||
             !(ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
         {
             /* Incorrect attempt */
             Status = STATUS_INVALID_PARAMETER;
             goto Quickie;
         }

         /* Check if we have access to it */
         ExclusiveProcess = OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader);
         if ((!(ExclusiveProcess) && (ObjectHeader->HandleCount)) ||
             ((ExclusiveProcess) && (ExclusiveProcess != PsGetCurrentProcess())))
         {
             /* This isn't the right process */
             Status = STATUS_ACCESS_DENIED;
             goto Quickie;
         }

         /* Now you got exclusive access */
         Exclusive = TRUE;
     }
     else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE) &&
              (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader)))
     {
         /* Caller didn't want exclusive access, but the object is exclusive */
         Status = STATUS_ACCESS_DENIED;
         goto Quickie;
     }

     /* Check for exclusive kernel object */
     NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
     if ((NameInfo) && (NameInfo->QueryReferences & OB_FLAG_KERNEL_EXCLUSIVE) &&
         (ProbeMode != KernelMode))
     {
         /* Caller is not kernel, but the object is kernel exclusive */
         Status = STATUS_ACCESS_DENIED;
         goto Quickie;
     }

     /*
      * Check if this is an object that went from 0 handles back to existence,
      * but doesn't have an open procedure, only a close procedure. This means
      * that it will never realize that the object is back alive, so we must
      * fail the request.
      */
     if (!(ObjectHeader->HandleCount) &&
         !(NewObject) &&
         (ObjectType->TypeInfo.MaintainHandleCount) &&
         !(ObjectType->TypeInfo.OpenProcedure) &&
         (ObjectType->TypeInfo.CloseProcedure))
     {
         /* Fail */
         Status = STATUS_UNSUCCESSFUL;
         goto Quickie;
     }

     /* Check if we're opening an existing handle */
     if ((OpenReason == ObOpenHandle) ||
         ((OpenReason == ObDuplicateHandle) && (AccessState)))
     {
         /* Validate the caller's access to this object */
         if (!ObCheckObjectAccess(Object,
                                  AccessState,
                                  TRUE,
                                  ProbeMode,
                                  &Status))
         {
             /* Access was denied, so fail */
             goto Quickie;
         }
     }
     else if (OpenReason == ObCreateHandle)
     {
         /* Convert MAXIMUM_ALLOWED to GENERIC_ALL */
         if (AccessState->RemainingDesiredAccess & MAXIMUM_ALLOWED)
         {
             /* Mask out MAXIMUM_ALLOWED and stick GENERIC_ALL instead */
             AccessState->RemainingDesiredAccess &= ~MAXIMUM_ALLOWED;
             AccessState->RemainingDesiredAccess |= GENERIC_ALL;
         }

         /* Check if we have to map the GENERIC mask */
         if (AccessState->RemainingDesiredAccess & GENERIC_ACCESS)
         {
             /* Map it to the correct access masks */
             RtlMapGenericMask(&AccessState->RemainingDesiredAccess,
                               &ObjectType->TypeInfo.GenericMapping);
         }

         /* Check if the caller is trying to access system security */
         if (AccessState->RemainingDesiredAccess & ACCESS_SYSTEM_SECURITY)
         {
             /* FIXME: TODO */
             DPRINT1("ACCESS_SYSTEM_SECURITY not validated!\n");
         }
     }

     /* Check if this is an exclusive handle */
     if (Exclusive)
     {
         /* Save the owner process */
         OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process;
     }

     /* Increase the handle count */
     InterlockedIncrementSizeT(&ObjectHeader->HandleCount);
     ProcessHandleCount = 0;

     /* Check if we have a handle database */
     if (ObjectType->TypeInfo.MaintainHandleCount)
     {
         /* Increment the handle database */
         Status = ObpIncrementHandleDataBase(ObjectHeader,
                                             Process,
                                             &ProcessHandleCount);
         if (!NT_SUCCESS(Status))
         {
             /* FIXME: This should never happen for now */
             DPRINT1("Unhandled case\n");
             ASSERT(FALSE);
             goto Quickie;
         }
     }

     /* Release the lock */
     ObpReleaseObjectLock(ObjectHeader);

     /* Check if we have an open procedure */
     Status = STATUS_SUCCESS;
     if (ObjectType->TypeInfo.OpenProcedure)
     {
         /* Call it */
         ObpCalloutStart(&CalloutIrql);
         Status = ObjectType->TypeInfo.OpenProcedure(OpenReason,
                                                     Process,
                                                     Object,
                                                     AccessState ?
                                                     AccessState->
                                                     PreviouslyGrantedAccess :
                                                     0,
                                                     ProcessHandleCount);
         ObpCalloutEnd(CalloutIrql, "Open", ObjectType, Object);

         /* Check if the open procedure failed */
         if (!NT_SUCCESS(Status))
         {
             /* FIXME: This should never happen for now */
             DPRINT1("Unhandled case\n");
             ASSERT(FALSE);
             return Status;
         }
     }

     /* Check if this is a create operation */
     if (OpenReason == ObCreateHandle)
     {
         /* Check if we have creator info */
         CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(ObjectHeader);
         if (CreatorInfo)
         {
             /* We do, acquire the lock */
             ObpEnterObjectTypeMutex(ObjectType);

             /* Insert us on the list */
             InsertTailList(&ObjectType->TypeList, &CreatorInfo->TypeList);

             /* Release the lock */
             ObpLeaveObjectTypeMutex(ObjectType);
         }
     }

     /* Increase total number of handles */
     Total = InterlockedIncrement((PLONG)&ObjectType->TotalNumberOfHandles);
     if (Total > ObjectType->HighWaterNumberOfHandles)
     {
         /* Fixup count */
         ObjectType->HighWaterNumberOfHandles = Total;
     }

     /* Trace call and return */
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Incremented count for: %p. Reason: %lx HC PC %lx %lx\n",
             __FUNCTION__,
             Object,
             OpenReason,
             ObjectHeader->HandleCount,
             ObjectHeader->PointerCount);
     return Status;

 Quickie:
     /* Release lock and return */
     ObpReleaseObjectLock(ObjectHeader);
     return Status;
 }

 /*++
 * @name ObpIncrementUnnamedHandleCount
 *
 *     The ObpIncrementUnnamedHandleCount routine <FILLMEIN>
 *
 * @param Object
 *        <FILLMEIN>.
 *
 * @param AccessState
 *        <FILLMEIN>.
 *
 * @param AccessMode
 *        <FILLMEIN>.
 *
 * @param HandleAttributes
 *        <FILLMEIN>.
 *
 * @param Process
 *        <FILLMEIN>.
 *
 * @param OpenReason
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObpIncrementUnnamedHandleCount(IN PVOID Object,
                                IN PACCESS_MASK DesiredAccess,
                                IN KPROCESSOR_MODE AccessMode,
                                IN ULONG HandleAttributes,
                                IN PEPROCESS Process)
 {
     POBJECT_HEADER ObjectHeader;
     POBJECT_TYPE ObjectType;
     ULONG ProcessHandleCount;
     NTSTATUS Status;
     PEPROCESS ExclusiveProcess;
     BOOLEAN Exclusive = FALSE, NewObject;
     POBJECT_HEADER_CREATOR_INFO CreatorInfo;
     KIRQL CalloutIrql;
     ULONG Total;

     /* Get the object header and type */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
     ObjectType = ObjectHeader->Type;
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Incrementing count for: %p. UNNAMED. HC PC %lx %lx\n",
             __FUNCTION__,
             Object,
             ObjectHeader->HandleCount,
             ObjectHeader->PointerCount);

     /* Lock the object */
     ObpAcquireObjectLock(ObjectHeader);

     /* Charge quota and remove the creator info flag */
     Status = ObpChargeQuotaForObject(ObjectHeader, ObjectType, &NewObject);
     if (!NT_SUCCESS(Status)) return Status;

     /* Check if the open is exclusive */
     if (HandleAttributes & OBJ_EXCLUSIVE)
     {
         /* Check if the object allows this, or if the inherit flag was given */
         if ((HandleAttributes & OBJ_INHERIT) ||
             !(ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
         {
             /* Incorrect attempt */
             Status = STATUS_INVALID_PARAMETER;
             goto Quickie;
         }

         /* Check if we have access to it */
         ExclusiveProcess = OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader);
         if ((!(ExclusiveProcess) && (ObjectHeader->HandleCount)) ||
             ((ExclusiveProcess) && (ExclusiveProcess != PsGetCurrentProcess())))
         {
             /* This isn't the right process */
             Status = STATUS_ACCESS_DENIED;
             goto Quickie;
         }

         /* Now you got exclusive access */
         Exclusive = TRUE;
     }
     else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE) &&
              (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader)))
     {
         /* Caller didn't want exclusive access, but the object is exclusive */
         Status = STATUS_ACCESS_DENIED;
         goto Quickie;
     }

     /*
      * Check if this is an object that went from 0 handles back to existence,
      * but doesn't have an open procedure, only a close procedure. This means
      * that it will never realize that the object is back alive, so we must
      * fail the request.
      */
     if (!(ObjectHeader->HandleCount) &&
         !(NewObject) &&
         (ObjectType->TypeInfo.MaintainHandleCount) &&
         !(ObjectType->TypeInfo.OpenProcedure) &&
         (ObjectType->TypeInfo.CloseProcedure))
     {
         /* Fail */
         Status = STATUS_UNSUCCESSFUL;
         goto Quickie;
     }

     /* Convert MAXIMUM_ALLOWED to GENERIC_ALL */
     if (*DesiredAccess & MAXIMUM_ALLOWED)
     {
         /* Mask out MAXIMUM_ALLOWED and stick GENERIC_ALL instead */
         *DesiredAccess &= ~MAXIMUM_ALLOWED;
         *DesiredAccess |= GENERIC_ALL;
     }

     /* Check if we have to map the GENERIC mask */
     if (*DesiredAccess & GENERIC_ACCESS)
     {
         /* Map it to the correct access masks */
         RtlMapGenericMask(DesiredAccess,
                           &ObjectType->TypeInfo.GenericMapping);
     }

     /* Check if this is an exclusive handle */
     if (Exclusive)
     {
         /* Save the owner process */
         OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process;
     }

     /* Increase the handle count */
     InterlockedIncrementSizeT(&ObjectHeader->HandleCount);
     ProcessHandleCount = 0;

     /* Check if we have a handle database */
     if (ObjectType->TypeInfo.MaintainHandleCount)
     {
         /* Increment the handle database */
         Status = ObpIncrementHandleDataBase(ObjectHeader,
                                             Process,
                                             &ProcessHandleCount);
         if (!NT_SUCCESS(Status))
         {
             /* FIXME: This should never happen for now */
             DPRINT1("Unhandled case\n");
             ASSERT(FALSE);
             goto Quickie;
         }
     }

     /* Release the lock */
     ObpReleaseObjectLock(ObjectHeader);

     /* Check if we have an open procedure */
     Status = STATUS_SUCCESS;
     if (ObjectType->TypeInfo.OpenProcedure)
     {
         /* Call it */
         ObpCalloutStart(&CalloutIrql);
         Status = ObjectType->TypeInfo.OpenProcedure(ObCreateHandle,
                                                     Process,
                                                     Object,
                                                     *DesiredAccess,
                                                     ProcessHandleCount);
         ObpCalloutEnd(CalloutIrql, "Open", ObjectType, Object);

         /* Check if the open procedure failed */
         if (!NT_SUCCESS(Status))
         {
             /* FIXME: This should never happen for now */
             DPRINT1("Unhandled case\n");
             ASSERT(FALSE);
             return Status;
         }
     }

     /* Check if we have creator info */
     CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(ObjectHeader);
     if (CreatorInfo)
     {
         /* We do, acquire the lock */
         ObpEnterObjectTypeMutex(ObjectType);

         /* Insert us on the list */
         InsertTailList(&ObjectType->TypeList, &CreatorInfo->TypeList);

         /* Release the lock */
         ObpLeaveObjectTypeMutex(ObjectType);
     }

     /* Increase total number of handles */
     Total = InterlockedIncrement((PLONG)&ObjectType->TotalNumberOfHandles);
     if (Total > ObjectType->HighWaterNumberOfHandles)
     {
         /* Fixup count */
         ObjectType->HighWaterNumberOfHandles = Total;
     }

     /* Trace call and return */
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Incremented count for: %p. UNNAMED HC PC %lx %lx\n",
             __FUNCTION__,
             Object,
             ObjectHeader->HandleCount,
             ObjectHeader->PointerCount);
     return Status;

 Quickie:
     /* Release lock and return */
     ObpReleaseObjectLock(ObjectHeader);
     return Status;
 }

 /*++
 * @name ObpCreateUnnamedHandle
 *
 *     The ObpCreateUnnamedHandle routine <FILLMEIN>
 *
 * @param Object
 *        <FILLMEIN>.
 *
 * @param DesiredAccess
 *        <FILLMEIN>.
 *
 * @param AdditionalReferences
 *        <FILLMEIN>.
 *
 * @param HandleAttributes
 *        <FILLMEIN>.
 *
 * @param AccessMode
 *        <FILLMEIN>.
 *
 * @param ReturnedObject
 *        <FILLMEIN>.
 *
 * @param ReturnedHandle
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObpCreateUnnamedHandle(IN PVOID Object,
                        IN ACCESS_MASK DesiredAccess,
                        IN ULONG AdditionalReferences,
                        IN ULONG HandleAttributes,
                        IN KPROCESSOR_MODE AccessMode,
                        OUT PVOID *ReturnedObject,
                        OUT PHANDLE ReturnedHandle)
 {
     HANDLE_TABLE_ENTRY NewEntry;
     POBJECT_HEADER ObjectHeader;
     HANDLE Handle;
     KAPC_STATE ApcState;
     BOOLEAN AttachedToProcess = FALSE, KernelHandle = FALSE;
     PVOID HandleTable;
     NTSTATUS Status;
     ACCESS_MASK GrantedAccess;
     POBJECT_TYPE ObjectType;
     PAGED_CODE();

     /* Get the object header and type */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
     ObjectType = ObjectHeader->Type;
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Creating handle for: %p. UNNAMED. HC PC %lx %lx\n",
             __FUNCTION__,
             Object,
             ObjectHeader->HandleCount,
             ObjectHeader->PointerCount);

     /* Save the object header */
     NewEntry.Object = ObjectHeader;

     /* Mask out the internal attributes */
     NewEntry.ObAttributes |= HandleAttributes & OBJ_HANDLE_ATTRIBUTES;

     /* Check if this is a kernel handle */
     if (HandleAttributes & OBJ_KERNEL_HANDLE)
     {
         /* Set the handle table */
         HandleTable = ObpKernelHandleTable;
         KernelHandle = TRUE;

         /* Check if we're not in the system process */
         if (PsGetCurrentProcess() != PsInitialSystemProcess)
         {
             /* Attach to the system process */
             KeStackAttachProcess(&PsInitialSystemProcess->Pcb, &ApcState);
             AttachedToProcess = TRUE;
         }
     }
     else
     {
         /* Get the current handle table */
         HandleTable = PsGetCurrentProcess()->ObjectTable;
     }

     /* Increment the handle count */
     Status = ObpIncrementUnnamedHandleCount(Object,
                                             &DesiredAccess,
                                             AccessMode,
                                             HandleAttributes,
                                             PsGetCurrentProcess());
     if (!NT_SUCCESS(Status))
     {
         /*
          * We failed (meaning security failure, according to NT Internals)
          * detach and return
          */
         if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
         return Status;
     }

     /* Remove what's not in the valid access mask */
     GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
                                      ACCESS_SYSTEM_SECURITY);

     /* Handle extra references */
     if (AdditionalReferences)
     {
         /* Add them to the header */
         InterlockedExchangeAddSizeT(&ObjectHeader->PointerCount,
                                     AdditionalReferences);
     }

     /* Save the access mask */
     NewEntry.GrantedAccess = GrantedAccess;

     /*
      * Create the actual handle. We'll need to do this *after* calling
      * ObpIncrementHandleCount to make sure that Object Security is valid
      * (specified in Gl00my documentation on Ob)
      */
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Handle Properties: [%p-%lx-%lx]\n",
             __FUNCTION__,
             NewEntry.Object, NewEntry.ObAttributes & 3, NewEntry.GrantedAccess);
     Handle = ExCreateHandle(HandleTable, &NewEntry);

     /* Make sure we got a handle */
     if (Handle)
     {
         /* Check if this was a kernel handle */
         if (KernelHandle) Handle = ObMarkHandleAsKernelHandle(Handle);

         /* Return handle and object */
         *ReturnedHandle = Handle;

         /* Return the new object only if caller wanted it biased */
         if ((AdditionalReferences) && (ReturnedObject))
         {
             /* Return it */
             *ReturnedObject = Object;
         }

         /* Detach if needed */
         if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);

         /* Trace and return */
         OBTRACE(OB_HANDLE_DEBUG,
                 "%s - Returning Handle: %p HC PC %lx %lx\n",
                 __FUNCTION__,
                 Handle,
                 ObjectHeader->HandleCount,
                 ObjectHeader->PointerCount);
         return STATUS_SUCCESS;
     }

     /* Handle extra references */
     if (AdditionalReferences)
     {
         /* Dereference it as many times as required */
         InterlockedExchangeAddSizeT(&ObjectHeader->PointerCount,
                                     -(LONG)AdditionalReferences);
     }

     /* Decrement the handle count and detach */
     ObpDecrementHandleCount(&ObjectHeader->Body,
                             PsGetCurrentProcess(),
                             GrantedAccess,
                             ObjectType);

     /* Detach and fail */
     if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
     return STATUS_INSUFFICIENT_RESOURCES;
 }

 /*++
 * @name ObpCreateHandle
 *
 *     The ObpCreateHandle routine <FILLMEIN>
 *
 * @param OpenReason
 *        <FILLMEIN>.
 *
 * @param Object
 *        <FILLMEIN>.
 *
 * @param Type
 *        <FILLMEIN>.
 *
 * @param AccessState
 *        <FILLMEIN>.
 *
 * @param AdditionalReferences
 *        <FILLMEIN>.
 *
 * @param HandleAttributes
 *        <FILLMEIN>.
 *
 * @param AccessMode
 *        <FILLMEIN>.
 *
 * @param ReturnedObject
 *        <FILLMEIN>.
 *
 * @param ReturnedHandle
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks Cleans up the Lookup Context on return.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObpCreateHandle(IN OB_OPEN_REASON OpenReason,
                 IN PVOID Object,
                 IN POBJECT_TYPE Type OPTIONAL,
                 IN PACCESS_STATE AccessState,
                 IN ULONG AdditionalReferences,
                 IN ULONG HandleAttributes,
                 IN POBP_LOOKUP_CONTEXT Context,
                 IN KPROCESSOR_MODE AccessMode,
                 OUT PVOID *ReturnedObject,
                 OUT PHANDLE ReturnedHandle)
 {
     HANDLE_TABLE_ENTRY NewEntry;
     POBJECT_HEADER ObjectHeader;
     HANDLE Handle;
     KAPC_STATE ApcState;
     BOOLEAN AttachedToProcess = FALSE, KernelHandle = FALSE;
     POBJECT_TYPE ObjectType;
     PVOID HandleTable;
     NTSTATUS Status;
     ACCESS_MASK DesiredAccess, GrantedAccess;
     PAUX_ACCESS_DATA AuxData;
     PAGED_CODE();

     /* Get the object header and type */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
     ObjectType = ObjectHeader->Type;
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Creating handle for: %p. Reason: %lx. HC PC %lx %lx\n",
             __FUNCTION__,
             Object,
             OpenReason,
             ObjectHeader->HandleCount,
             ObjectHeader->PointerCount);

     /* Check if the types match */
     if ((Type) && (ObjectType != Type))
     {
         /* They don't, cleanup */
         if (Context) ObpReleaseLookupContext(Context);
         return STATUS_OBJECT_TYPE_MISMATCH;
     }

     /* Save the object header */
     NewEntry.Object = ObjectHeader;

     /* Check if this is a kernel handle */
     if (HandleAttributes & OBJ_KERNEL_HANDLE)
     {
         /* Set the handle table */
         HandleTable = ObpKernelHandleTable;
         KernelHandle = TRUE;

         /* Check if we're not in the system process */
         if (PsGetCurrentProcess() != PsInitialSystemProcess)
         {
             /* Attach to the system process */
             KeStackAttachProcess(&PsInitialSystemProcess->Pcb, &ApcState);
             AttachedToProcess = TRUE;
         }
     }
     else
     {
         /* Get the current handle table */
         HandleTable = PsGetCurrentProcess()->ObjectTable;
     }

     /* Increment the handle count */
     Status = ObpIncrementHandleCount(Object,
                                      AccessState,
                                      AccessMode,
                                      HandleAttributes,
                                      PsGetCurrentProcess(),
                                      OpenReason);
     if (!NT_SUCCESS(Status))
     {
         /*
          * We failed (meaning security failure, according to NT Internals)
          * detach and return
          */
         if (Context) ObpReleaseLookupContext(Context);
         if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
         return Status;
     }

     /* Check if we are doing audits on close */
     if (AccessState->GenerateOnClose)
     {
         /* Force the attribute on */
         HandleAttributes |= OBJ_AUDIT_OBJECT_CLOSE;
     }

     /* Mask out the internal attributes */
     NewEntry.ObAttributes |= (HandleAttributes & OBJ_HANDLE_ATTRIBUTES);

     /* Get the original desired access */
     DesiredAccess = AccessState->RemainingDesiredAccess |
                     AccessState->PreviouslyGrantedAccess;

     /* Remove what's not in the valid access mask */
     GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
                                      ACCESS_SYSTEM_SECURITY);

     /* Update the value in the access state */
     AccessState->PreviouslyGrantedAccess = GrantedAccess;

     /* Get the auxiliary data */
     AuxData = AccessState->AuxData;

     /* Handle extra references */
     if (AdditionalReferences)
     {
         /* Add them to the header */
         InterlockedExchangeAddSizeT(&ObjectHeader->PointerCount,
                                     AdditionalReferences);
     }

     /* Now we can release the object */
     if (Context) ObpReleaseLookupContext(Context);

     /* Save the access mask */
     NewEntry.GrantedAccess = GrantedAccess;

     /*
      * Create the actual handle. We'll need to do this *after* calling
      * ObpIncrementHandleCount to make sure that Object Security is valid
      * (specified in Gl00my documentation on Ob)
      */
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Handle Properties: [%p-%lx-%lx]\n",
             __FUNCTION__,
             NewEntry.Object, NewEntry.ObAttributes & 3, NewEntry.GrantedAccess);
     Handle = ExCreateHandle(HandleTable, &NewEntry);

     /* Make sure we got a handle */
     if (Handle)
     {
         /* Check if this was a kernel handle */
         if (KernelHandle) Handle = ObMarkHandleAsKernelHandle(Handle);

         /* Return it */
         *ReturnedHandle = Handle;

         /* Check if we need to generate on audit */
         if (AccessState->GenerateAudit)
         {
             /* Audit the handle creation */
             //SeAuditHandleCreation(AccessState, Handle);
         }

         /* Check if this was a create */
         if (OpenReason == ObCreateHandle)
         {
             /* Check if we need to audit the privileges */
             if ((AuxData->PrivilegeSet) &&
                 (AuxData->PrivilegeSet->PrivilegeCount))
             {
                 /* Do the audit */
 #if 0
                 SePrivilegeObjectAuditAlarm(Handle,
                                             &AccessState->
                                             SubjectSecurityContext,
                                             GrantedAccess,
                                             AuxData->PrivilegeSet,
                                             TRUE,
                                             ExGetPreviousMode());
 #endif
             }
         }

         /* Return the new object only if caller wanted it biased */
         if ((AdditionalReferences) && (ReturnedObject))
         {
             /* Return it */
             *ReturnedObject = Object;
         }

         /* Detach if needed */
         if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);

         /* Trace and return */
         OBTRACE(OB_HANDLE_DEBUG,
                 "%s - Returning Handle: %p HC PC %lx %lx\n",
                 __FUNCTION__,
                 Handle,
                 ObjectHeader->HandleCount,
                 ObjectHeader->PointerCount);
         return STATUS_SUCCESS;
     }

     /* Decrement the handle count and detach */
     ObpDecrementHandleCount(&ObjectHeader->Body,
                             PsGetCurrentProcess(),
                             GrantedAccess,
                             ObjectType);

     /* Handle extra references */
     if (AdditionalReferences)
     {
         /* Check how many extra references were added */
         if (AdditionalReferences > 1)
         {
             /* Dereference it many times */
             InterlockedExchangeAddSizeT(&ObjectHeader->PointerCount,
                                         -(LONG)(AdditionalReferences - 1));
         }

         /* Dereference the object one last time */
         ObDereferenceObject(Object);
     }

     /* Detach if necessary and fail */
     if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
     return STATUS_INSUFFICIENT_RESOURCES;
 }

 /*++
 * @name ObpCloseHandle
 *
 *     The ObpCloseHandle routine <FILLMEIN>
 *
 * @param Handle
 *        <FILLMEIN>.
 *
 * @param AccessMode
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObpCloseHandle(IN HANDLE Handle,
                IN KPROCESSOR_MODE AccessMode)
 {
     PVOID HandleTable;
     BOOLEAN AttachedToProcess = FALSE;
     KAPC_STATE ApcState;
     PHANDLE_TABLE_ENTRY HandleTableEntry;
     NTSTATUS Status;
     PEPROCESS Process = PsGetCurrentProcess();
     PAGED_CODE();
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Closing handle: %p\n", __FUNCTION__, Handle);

     if (AccessMode == KernelMode && Handle == (HANDLE)-1)
         return STATUS_INVALID_HANDLE;

     /* Check if we're dealing with a kernel handle */
     if (ObpIsKernelHandle(Handle, AccessMode))
     {
         /* Use the kernel table and convert the handle */
         HandleTable = ObpKernelHandleTable;
         Handle = ObKernelHandleToHandle(Handle);

         /* Check if we're not in the system process */
         if (Process != PsInitialSystemProcess)
         {
             /* Attach to the system process */
             KeStackAttachProcess(&PsInitialSystemProcess->Pcb, &ApcState);
             AttachedToProcess = TRUE;
         }
     }
     else
     {
         /* Use the process's handle table */
         HandleTable = Process->ObjectTable;
     }

     /* Enter a critical region to protect handle access */
     KeEnterCriticalRegion();

     /* Get the handle entry */
     HandleTableEntry = ExMapHandleToPointer(HandleTable, Handle);
     if (HandleTableEntry)
     {
         /* Now close the entry */
         Status = ObpCloseHandleTableEntry(HandleTable,
                                           HandleTableEntry,
                                           Handle,
                                           AccessMode,
                                           FALSE);

         /* We can quit the critical region now */
         KeLeaveCriticalRegion();

         /* Detach and return success */
         if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
     }
     else
     {
         /* We failed, quit the critical region */
         KeLeaveCriticalRegion();

         /* Detach */
         if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);

         /* Check if we have a valid handle that's not the process or thread */
         if ((Handle) &&
             (Handle != NtCurrentProcess()) &&
             (Handle != NtCurrentThread()))
         {
             /* Check if we came from user mode */
             if (AccessMode != KernelMode)
             {
                 /* Check if we have no debug port */
                 if (Process->DebugPort)
                 {
                     /* Make sure we're not attached */
                     if (!KeIsAttachedProcess())
                     {
                         /* Raise an exception */
                         return KeRaiseUserException(STATUS_INVALID_HANDLE);
                     }
                 }
             }
             else
             {
                 /* This is kernel mode. Check if we're exiting */
                 if (!(PsIsThreadTerminating(PsGetCurrentThread())) &&
                     (Process->Peb))
                 {
                     /* Check if the debugger is enabled */
                     if (KdDebuggerEnabled)
                     {
                         /* Bugcheck */
                         KeBugCheckEx(INVALID_KERNEL_HANDLE, (ULONG_PTR)Handle, 1, 0, 0);
                     }
                 }
             }
         }

         /* Set invalid status */
         Status = STATUS_INVALID_HANDLE;
     }

     /* Return status */
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Closed handle: %p S: %lx\n",
             __FUNCTION__, Handle, Status);
     return Status;
 }

 /*++
 * @name ObpSetHandleAttributes
 *
 *     The ObpSetHandleAttributes routine <FILLMEIN>
 *
 * @param HandleTableEntry
 *        <FILLMEIN>.
 *
 * @param Context
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 BOOLEAN
 NTAPI
 ObpSetHandleAttributes(IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry,
                        IN ULONG_PTR Context)
 {
     POBP_SET_HANDLE_ATTRIBUTES_CONTEXT SetHandleInfo = (PVOID)Context;
     POBJECT_HEADER ObjectHeader = ObpGetHandleObject(HandleTableEntry);

     /* Check if making the handle inheritable */
     if (SetHandleInfo->Information.Inherit)
     {
         /* Check if inheriting is not supported for this object */
         if (ObjectHeader->Type->TypeInfo.InvalidAttributes & OBJ_INHERIT)
         {
             /* Fail without changing anything */
             return FALSE;
         }

         /* Set the flag */
         HandleTableEntry->ObAttributes |= OBJ_INHERIT;
     }
     else
     {
         /* Otherwise this implies we're removing the flag */
         HandleTableEntry->ObAttributes &= ~OBJ_INHERIT;
     }

     /* Check if making the handle protected */
     if (SetHandleInfo->Information.ProtectFromClose)
     {
         /* Set the flag */
         HandleTableEntry->GrantedAccess |= ObpAccessProtectCloseBit;
     }
     else
     {
         /* Otherwise, remove it */
         HandleTableEntry->GrantedAccess &= ~ObpAccessProtectCloseBit;
     }

     /* Return success */
     return TRUE;
 }

 /*++
 * @name ObpCloseHandleCallback
 *
 *     The ObpCloseHandleCallback routine <FILLMEIN>
 *
 * @param HandleTable
 *        <FILLMEIN>.
 *
 * @param Object
 *        <FILLMEIN>.
 *
 * @param GrantedAccess
 *        <FILLMEIN>.
 *
 * @param Context
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 BOOLEAN
 NTAPI
 ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry,
                        IN HANDLE Handle,
                        IN PVOID Context)
 {
     POBP_CLOSE_HANDLE_CONTEXT CloseContext = (POBP_CLOSE_HANDLE_CONTEXT)Context;

     /* Simply decrement the handle count */
     ObpCloseHandleTableEntry(CloseContext->HandleTable,
                              HandleTableEntry,
                              Handle,
                              CloseContext->AccessMode,
                              TRUE);
     return TRUE;
 }

 /*++
 * @name ObpDuplicateHandleCallback
 *
 *     The ObpDuplicateHandleCallback routine <FILLMEIN>
 *
 * @param HandleTable
 *        <FILLMEIN>.
 *
 * @param HandleTableEntry
 *        <FILLMEIN>.
 *
 * @param Context
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 BOOLEAN
 NTAPI
 ObpDuplicateHandleCallback(IN PEPROCESS Process,
                            IN PHANDLE_TABLE HandleTable,
                            IN PHANDLE_TABLE_ENTRY OldEntry,
                            IN PHANDLE_TABLE_ENTRY HandleTableEntry)
 {
     POBJECT_HEADER ObjectHeader;
     BOOLEAN Ret = FALSE;
     ACCESS_STATE AccessState;
     NTSTATUS Status;
     PAGED_CODE();

     /* Make sure that the handle is inheritable */
     Ret = (HandleTableEntry->ObAttributes & OBJ_INHERIT) != 0;
     if (Ret)
     {
         /* Get the object header */
         ObjectHeader = ObpGetHandleObject(HandleTableEntry);

         /* Increment the pointer count */
         InterlockedIncrementSizeT(&ObjectHeader->PointerCount);

         /* Release the handle lock */
         ExUnlockHandleTableEntry(HandleTable, OldEntry);

         /* Setup the access state */
         AccessState.PreviouslyGrantedAccess = HandleTableEntry->GrantedAccess;

         /* Call the shared routine for incrementing handles */
         Status = ObpIncrementHandleCount(&ObjectHeader->Body,
                                          &AccessState,
                                          KernelMode,
                                          HandleTableEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES,
                                          Process,
                                          ObInheritHandle);
         if (!NT_SUCCESS(Status))
         {
             /* Return failure */
             ObDereferenceObject(&ObjectHeader->Body);
             Ret = FALSE;
         }
     }
     else
     {
         /* Release the handle lock */
         ExUnlockHandleTableEntry(HandleTable, OldEntry);
     }

     /* Return duplication result */
     return Ret;
 }

 /*++
 * @name ObClearProcessHandleTable
 *
 *     The ObClearProcessHandleTable routine clears the handle table
 *     of the given process.
 *
 * @param Process
 *        The process of which the handle table should be cleared.
 *
 * @return None.
 *
 * @remarks None.
 *
 *--*/
 VOID
 NTAPI
 ObClearProcessHandleTable(IN PEPROCESS Process)
 {
     PHANDLE_TABLE HandleTable;
     OBP_CLOSE_HANDLE_CONTEXT Context;
     KAPC_STATE ApcState;
     BOOLEAN AttachedToProcess = FALSE;

     ASSERT(Process);

     /* Ensure the handle table doesn't go away while we use it */
     HandleTable = ObReferenceProcessHandleTable(Process);
     if (!HandleTable) return;

     /* Attach to the current process if needed */
     if (PsGetCurrentProcess() != Process)
     {
         KeStackAttachProcess(&Process->Pcb, &ApcState);
         AttachedToProcess = TRUE;
     }

     /* Enter a critical region */
     KeEnterCriticalRegion();

     /* Fill out the context */
     Context.AccessMode = UserMode;
     Context.HandleTable = HandleTable;

     /* Sweep the handle table to close all handles */
     ExSweepHandleTable(HandleTable,
                        ObpCloseHandleCallback,
                        &Context);

     /* Leave the critical region */
     KeLeaveCriticalRegion();

     /* Detach if needed */
     if (AttachedToProcess)
         KeUnstackDetachProcess(&ApcState);

     /* Let the handle table go */
     ObDereferenceProcessHandleTable(Process);
 }

 /*++
 * @name ObInitProcess
 *
 *     The ObInitProcess routine initializes the handle table for the process
 *     to be initialized, by either creating a new one or duplicating it from
 *     the parent process.
 *
 * @param Parent
 *        A parent process (optional).
 *
 * @param Process
 *        The process to initialize.
 *
 * @return Success or failure.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObInitProcess(IN PEPROCESS Parent OPTIONAL,
               IN PEPROCESS Process)
 {
     PHANDLE_TABLE ParentTable, ObjectTable;

     /* Check for a parent */
     if (Parent)
     {
         /* Reference the parent's table */
         ParentTable = ObReferenceProcessHandleTable(Parent);
         if (!ParentTable) return STATUS_PROCESS_IS_TERMINATING;

         /* Duplicate it */
         ObjectTable = ExDupHandleTable(Process,
                                        ParentTable,
                                        ObpDuplicateHandleCallback,
                                        OBJ_INHERIT);
     }
     else
     {
         /* Otherwise just create a new table */
         ParentTable = NULL;
         ObjectTable = ExCreateHandleTable(Process);
     }

     /* Make sure we have a table */
     if (ObjectTable)
     {
         /* Associate it */
         Process->ObjectTable = ObjectTable;

         /* Check for auditing */
         if (SeDetailedAuditingWithToken(NULL))
         {
             /* FIXME: TODO */
             DPRINT1("Need auditing!\n");
         }

         /* Get rid of the old table now */
         if (ParentTable) ObDereferenceProcessHandleTable(Parent);

         /* We are done */
         return STATUS_SUCCESS;
     }
     else
     {
         /* Fail */
         Process->ObjectTable = NULL;
         if (ParentTable) ObDereferenceProcessHandleTable(Parent);
         return STATUS_INSUFFICIENT_RESOURCES;
     }
 }

 /*++
 * @name ObKillProcess
 *
 *     The ObKillProcess routine performs rundown operations on the process,
 *     then clears and destroys its handle table.
 *
 * @param Process
 *        The process to be killed.
 *
 * @return None.
 *
 * @remarks Called by the Object Manager cleanup code (kernel)
 *          when a process is to be destroyed.
 *
 *--*/
 VOID
 NTAPI
 ObKillProcess(IN PEPROCESS Process)
 {
     PHANDLE_TABLE HandleTable;
     OBP_CLOSE_HANDLE_CONTEXT Context;
     BOOLEAN HardErrors;
     PAGED_CODE();

     /* Wait for process rundown and then complete it */
     ExWaitForRundownProtectionRelease(&Process->RundownProtect);
     ExRundownCompleted(&Process->RundownProtect);

     /* Get the object table */
     HandleTable = Process->ObjectTable;
     if (!HandleTable) return;

     /* Disable hard errors while we close handles */
     HardErrors = IoSetThreadHardErrorMode(FALSE);

     /* Enter a critical region */
     KeEnterCriticalRegion();

     /* Fill out the context */
     Context.AccessMode = KernelMode;
     Context.HandleTable = HandleTable;

     /* Sweep the handle table to close all handles */
     ExSweepHandleTable(HandleTable,
                        ObpCloseHandleCallback,
                        &Context);
     ASSERT(HandleTable->HandleCount == 0);

     /* Leave the critical region */
     KeLeaveCriticalRegion();

     /* Re-enable hard errors */
     IoSetThreadHardErrorMode(HardErrors);

     /* Destroy the object table */
     Process->ObjectTable = NULL;
     ExDestroyHandleTable(HandleTable, NULL);
 }

 NTSTATUS
 NTAPI
 ObDuplicateObject(IN PEPROCESS SourceProcess,
                   IN HANDLE SourceHandle,
                   IN PEPROCESS TargetProcess OPTIONAL,
                   IN PHANDLE TargetHandle OPTIONAL,
                   IN ACCESS_MASK DesiredAccess,
                   IN ULONG HandleAttributes,
                   IN ULONG Options,
                   IN KPROCESSOR_MODE PreviousMode)
 {
     HANDLE_TABLE_ENTRY NewHandleEntry;
     BOOLEAN AttachedToProcess = FALSE;
     PVOID SourceObject;
     POBJECT_HEADER ObjectHeader;
     POBJECT_TYPE ObjectType;
     HANDLE NewHandle;
     KAPC_STATE ApcState;
     NTSTATUS Status;
     ACCESS_MASK TargetAccess, SourceAccess;
     ACCESS_STATE AccessState;
     PACCESS_STATE PassedAccessState = NULL;
     AUX_ACCESS_DATA AuxData;
     PHANDLE_TABLE HandleTable;
     OBJECT_HANDLE_INFORMATION HandleInformation;
     ULONG AuditMask;
     BOOLEAN KernelHandle = FALSE;

     PAGED_CODE();
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Duplicating handle: %p for %p into %p\n",
             __FUNCTION__,
             SourceHandle,
             SourceProcess,
             TargetProcess);

     /* Assume failure */
     if (TargetHandle) *TargetHandle = NULL;

     /* Check if we're not duplicating the same access */
     if (!(Options & DUPLICATE_SAME_ACCESS))
     {
         /* Validate the desired access */
         Status = STATUS_SUCCESS; //ObpValidateDesiredAccess(DesiredAccess);
         if (!NT_SUCCESS(Status)) return Status;
     }

     /* Reference the object table */
     HandleTable = ObReferenceProcessHandleTable(SourceProcess);
     if (!HandleTable) return STATUS_PROCESS_IS_TERMINATING;

     /* Reference the process object */
     Status = ObpReferenceProcessObjectByHandle(SourceHandle,
                                                SourceProcess,
                                                HandleTable,
                                                PreviousMode,
                                                &SourceObject,
                                                &HandleInformation,
                                                &AuditMask);
     if (!NT_SUCCESS(Status))
     {
         /* Fail */
         ObDereferenceProcessHandleTable(SourceProcess);
         return Status;
     }
     else
     {
         /* Check if we have to don't have to audit object close */
         if (!(HandleInformation.HandleAttributes & OBJ_AUDIT_OBJECT_CLOSE))
         {
             /* Then there is no audit mask */
             AuditMask = 0;
         }
     }

     /* Check if there's no target process */
     if (!TargetProcess)
     {
         /* Check if the caller wanted actual duplication */
         if (!(Options & DUPLICATE_CLOSE_SOURCE))
         {
             /* Invalid request */
             Status = STATUS_INVALID_PARAMETER;
         }
         else
         {
             /* Otherwise, do the attach */
             KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);

             /* Close the handle and detach */
             NtClose(SourceHandle);
             KeUnstackDetachProcess(&ApcState);
         }

         /* Return */
         ObDereferenceProcessHandleTable(SourceProcess);
         ObDereferenceObject(SourceObject);
         return Status;
     }

     /* Create a kernel handle if asked, but only in the system process */
     if (PreviousMode == KernelMode &&
         HandleAttributes & OBJ_KERNEL_HANDLE &&
         TargetProcess == PsInitialSystemProcess)
     {
         KernelHandle = TRUE;
     }

     /* Get the target handle table */
     HandleTable = ObReferenceProcessHandleTable(TargetProcess);
     if (!HandleTable)
     {
         /* Check if the caller wanted us to close the handle */
         if (Options & DUPLICATE_CLOSE_SOURCE)
         {
             /* Do the attach */
             KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);

             /* Close the handle and detach */
             NtClose(SourceHandle);
             KeUnstackDetachProcess(&ApcState);
         }

         /* Return */
         ObDereferenceProcessHandleTable(SourceProcess);
         ObDereferenceObject(SourceObject);
         return STATUS_PROCESS_IS_TERMINATING;
     }

     /* Get the source access */
     SourceAccess = HandleInformation.GrantedAccess;

     /* Check if we're not in the target process */
     if (TargetProcess != PsGetCurrentProcess())
     {
         /* Attach to it */
         KeStackAttachProcess(&TargetProcess->Pcb, &ApcState);
         AttachedToProcess = TRUE;
     }

     /* Check if we're duplicating the attributes */
     if (Options & DUPLICATE_SAME_ATTRIBUTES)
     {
         /* Duplicate them */
         HandleAttributes = HandleInformation.HandleAttributes;
     }
     else
     {
         /* Don't allow caller to bypass auditing */
         HandleAttributes |= HandleInformation.HandleAttributes &
                             OBJ_AUDIT_OBJECT_CLOSE;
     }

     /* Check if we're duplicating the access */
     if (Options & DUPLICATE_SAME_ACCESS) DesiredAccess = SourceAccess;

     /* Get object data */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(SourceObject);
     ObjectType = ObjectHeader->Type;

     /* Fill out the entry */
     RtlZeroMemory(&NewHandleEntry, sizeof(HANDLE_TABLE_ENTRY));
     NewHandleEntry.Object = ObjectHeader;
     NewHandleEntry.ObAttributes |= (HandleAttributes & OBJ_HANDLE_ATTRIBUTES);

     /* Check if we're using a generic mask */
     if (DesiredAccess & GENERIC_ACCESS)
     {
         /* Map it */
         RtlMapGenericMask(&DesiredAccess,
                           &ObjectType->TypeInfo.GenericMapping);
     }

     /* Set the target access, always propagate ACCESS_SYSTEM_SECURITY */
     TargetAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
                                     ACCESS_SYSTEM_SECURITY);
     NewHandleEntry.GrantedAccess = TargetAccess;

     /* Check if we're asking for new access */
     if (TargetAccess & ~SourceAccess)
     {
         /* We are. We need the security procedure to validate this */
         if (ObjectType->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
         {
             /* Use our built-in access state */
             PassedAccessState = &AccessState;
             Status = SeCreateAccessState(&AccessState,
                                          &AuxData,
                                          TargetAccess,
                                          &ObjectType->TypeInfo.GenericMapping);
         }
         else
         {
             /* Otherwise we can't allow this privilege elevation */
             Status = STATUS_ACCESS_DENIED;
         }
     }
     else
     {
         /* We don't need an access state */
         Status = STATUS_SUCCESS;
     }

     /* Make sure the access state was created OK */
     if (NT_SUCCESS(Status))
     {
         /* Add a new handle */
         Status = ObpIncrementHandleCount(SourceObject,
                                          PassedAccessState,
                                          PreviousMode,
                                          HandleAttributes,
                                          PsGetCurrentProcess(),
                                          ObDuplicateHandle);
     }

     /* Check if we were attached */
     if (AttachedToProcess)
     {
         /* We can safely detach now */
         KeUnstackDetachProcess(&ApcState);
         AttachedToProcess = FALSE;
     }

     /* Check if we have to close the source handle */
     if (Options & DUPLICATE_CLOSE_SOURCE)
     {
         /* Attach and close */
         KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
         NtClose(SourceHandle);
         KeUnstackDetachProcess(&ApcState);
     }

     /* Check if we had an access state */
     if (PassedAccessState) SeDeleteAccessState(PassedAccessState);

     /* Now check if incrementing actually failed */
     if (!NT_SUCCESS(Status))
     {
         /* Dereference handle tables */
         ObDereferenceProcessHandleTable(SourceProcess);
         ObDereferenceProcessHandleTable(TargetProcess);

         /* Dereference the source object */
         ObDereferenceObject(SourceObject);
         return Status;
     }

     if (NewHandleEntry.ObAttributes & OBJ_PROTECT_CLOSE)
     {
         NewHandleEntry.ObAttributes &= ~OBJ_PROTECT_CLOSE;
         NewHandleEntry.GrantedAccess |= ObpAccessProtectCloseBit;
     }

     /* Now create the handle */
     NewHandle = ExCreateHandle(HandleTable, &NewHandleEntry);
     if (!NewHandle)
     {
         /* Undo the increment */
         ObpDecrementHandleCount(SourceObject,
                                 TargetProcess,
                                 TargetAccess,
                                 ObjectType);

         /* Deference the object and set failure status */
         ObDereferenceObject(SourceObject);
         Status = STATUS_INSUFFICIENT_RESOURCES;
     }

     /* Mark it as a kernel handle if requested */
     if (KernelHandle)
     {
         NewHandle = ObMarkHandleAsKernelHandle(NewHandle);
     }

     /* Return the handle */
     if (TargetHandle) *TargetHandle = NewHandle;

     /* Dereference handle tables */
     ObDereferenceProcessHandleTable(SourceProcess);
     ObDereferenceProcessHandleTable(TargetProcess);

     /* Return status */
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Duplicated handle: %p for %p into %p. Source: %p HC PC %lx %lx\n",
             __FUNCTION__,
             NewHandle,
             SourceProcess,
             TargetProcess,
             SourceObject,
             ObjectHeader->PointerCount,
             ObjectHeader->HandleCount);
     return Status;
 }

 /* PUBLIC FUNCTIONS *********************************************************/

 /*++
 * @name ObOpenObjectByName
 * @implemented NT4
 *
 *     The ObOpenObjectByName routine <FILLMEIN>
 *
 * @param ObjectAttributes
 *        <FILLMEIN>.
 *
 * @param ObjectType
 *        <FILLMEIN>.
 *
 * @param AccessMode
 *        <FILLMEIN>.
 *
 * @param PassedAccessState
 *        <FILLMEIN>.
 *
 * @param DesiredAccess
 *        <FILLMEIN>.
 *
 * @param ParseContext
 *        <FILLMEIN>.
 *
 * @param Handle
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObOpenObjectByName(IN POBJECT_ATTRIBUTES ObjectAttributes,
                    IN POBJECT_TYPE ObjectType,
                    IN KPROCESSOR_MODE AccessMode,
                    IN PACCESS_STATE PassedAccessState,
                    IN ACCESS_MASK DesiredAccess,
                    IN OUT PVOID ParseContext,
                    OUT PHANDLE Handle)
 {
     PVOID Object = NULL;
     UNICODE_STRING ObjectName;
     NTSTATUS Status, Status2;
     POBJECT_HEADER ObjectHeader;
     PGENERIC_MAPPING GenericMapping = NULL;
     OB_OPEN_REASON OpenReason;
     POB_TEMP_BUFFER TempBuffer;
     PAGED_CODE();

     /* Assume failure */
     *Handle = NULL;

     /* Check if we didn't get any Object Attributes */
     if (!ObjectAttributes)
     {
         /* Fail with special status code */
         return STATUS_INVALID_PARAMETER;
     }

     /* Allocate the temporary buffer */
     TempBuffer = ExAllocatePoolWithTag(NonPagedPool,
                                        sizeof(OB_TEMP_BUFFER),
                                        TAG_OB_TEMP_STORAGE);
     if (!TempBuffer) return STATUS_INSUFFICIENT_RESOURCES;

     /* Capture all the info */
     Status = ObpCaptureObjectCreateInformation(ObjectAttributes,
                                                AccessMode,
                                                AccessMode,
                                                TRUE,
                                                &TempBuffer->ObjectCreateInfo,
                                                &ObjectName);
     if (!NT_SUCCESS(Status))
     {
         /* Fail */
         ExFreePoolWithTag(TempBuffer, TAG_OB_TEMP_STORAGE);
         return Status;
     }

     /* Check if we didn't get an access state */
     if (!PassedAccessState)
     {
         /* Try to get the generic mapping if we can */
         if (ObjectType) GenericMapping = &ObjectType->TypeInfo.GenericMapping;

         /* Use our built-in access state */
         PassedAccessState = &TempBuffer->LocalAccessState;
         Status = SeCreateAccessState(&TempBuffer->LocalAccessState,
                                      &TempBuffer->AuxData,
                                      DesiredAccess,
                                      GenericMapping);
         if (!NT_SUCCESS(Status)) goto Quickie;
     }

     /* Get the security descriptor */
     if (TempBuffer->ObjectCreateInfo.SecurityDescriptor)
     {
         /* Save it in the access state */
         PassedAccessState->SecurityDescriptor =
             TempBuffer->ObjectCreateInfo.SecurityDescriptor;
     }

     /* Validate the access mask */
     Status = ObpValidateAccessMask(PassedAccessState);
     if (!NT_SUCCESS(Status))
     {
         /* Cleanup after lookup */
         ObpReleaseLookupContext(&TempBuffer->LookupContext);
         goto Cleanup;
     }

     /* Now do the lookup */
     Status = ObpLookupObjectName(TempBuffer->ObjectCreateInfo.RootDirectory,
                                  &ObjectName,
                                  TempBuffer->ObjectCreateInfo.Attributes,
                                  ObjectType,
                                  AccessMode,
                                  ParseContext,
                                  TempBuffer->ObjectCreateInfo.SecurityQos,
                                  NULL,
                                  PassedAccessState,
                                  &TempBuffer->LookupContext,
                                  &Object);
     if (!NT_SUCCESS(Status))
     {
         /* Cleanup after lookup */
         ObpReleaseLookupContext(&TempBuffer->LookupContext);
         goto Cleanup;
     }

     /* Check if this object has create information */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
     if (ObjectHeader->Flags & OB_FLAG_CREATE_INFO)
     {
         /* Then we are creating a new handle */
         OpenReason = ObCreateHandle;

         /* Check if we still have create info */
         if (ObjectHeader->ObjectCreateInfo)
         {
             /* Free it */
             ObpFreeObjectCreateInformation(ObjectHeader->
                                                 ObjectCreateInfo);
             ObjectHeader->ObjectCreateInfo = NULL;
         }
     }
     else
     {
         /* Otherwise, we are merely opening it */
         OpenReason = ObOpenHandle;
     }

     /* Check if we have invalid object attributes */
     if (ObjectHeader->Type->TypeInfo.InvalidAttributes &
         TempBuffer->ObjectCreateInfo.Attributes)
     {
         /* Set failure code */
         Status = STATUS_INVALID_PARAMETER;

         /* Cleanup after lookup */
         ObpReleaseLookupContext(&TempBuffer->LookupContext);

         /* Dereference the object */
         ObDereferenceObject(Object);
     }
     else
     {
         /* Create the actual handle now */
         Status2 = ObpCreateHandle(OpenReason,
                                   Object,
                                   ObjectType,
                                   PassedAccessState,
                                   0,
                                   TempBuffer->ObjectCreateInfo.Attributes,
                                   &TempBuffer->LookupContext,
                                   AccessMode,
                                   NULL,
                                   Handle);
         if (!NT_SUCCESS(Status2))
         {
             ObDereferenceObject(Object);
             Status = Status2;
         }
     }

 Cleanup:
     /* Delete the access state */
     if (PassedAccessState == &TempBuffer->LocalAccessState)
     {
         SeDeleteAccessState(PassedAccessState);
     }

 Quickie:
     /* Release the object attributes and temporary buffer */
     ObpReleaseObjectCreateInformation(&TempBuffer->ObjectCreateInfo);
     if (ObjectName.Buffer) ObpFreeObjectNameBuffer(&ObjectName);
     ExFreePoolWithTag(TempBuffer, TAG_OB_TEMP_STORAGE);

     /* Return status */
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - returning Object %p with PC S: %lx %lx\n",
             __FUNCTION__,
             Object,
             Object ? OBJECT_TO_OBJECT_HEADER(Object)->PointerCount : -1,
             Status);
     return Status;
 }

 /*++
 * @name ObOpenObjectByPointer
 * @implemented NT4
 *
 *     The ObOpenObjectByPointer routine <FILLMEIN>
 *
 * @param Object
 *        <FILLMEIN>.
 *
 * @param HandleAttributes
 *        <FILLMEIN>.
 *
 * @param PassedAccessState
 *        <FILLMEIN>.
 *
 * @param DesiredAccess
 *        <FILLMEIN>.
 *
 * @param ObjectType
 *        <FILLMEIN>.
 *
 * @param AccessMode
 *        <FILLMEIN>.
 *
 * @param Handle
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObOpenObjectByPointer(IN PVOID Object,
                       IN ULONG HandleAttributes,
                       IN PACCESS_STATE PassedAccessState,
                       IN ACCESS_MASK DesiredAccess,
                       IN POBJECT_TYPE ObjectType,
                       IN KPROCESSOR_MODE AccessMode,
                       OUT PHANDLE Handle)
 {
     POBJECT_HEADER Header;
     NTSTATUS Status;
     ACCESS_STATE AccessState;
     AUX_ACCESS_DATA AuxData;
     PAGED_CODE();

     /* Assume failure */
     *Handle = NULL;

     /* Reference the object */
     Status = ObReferenceObjectByPointer(Object,
                                         0,
                                         ObjectType,
                                         AccessMode);
     if (!NT_SUCCESS(Status)) return Status;

     /* Get the Header Info */
     Header = OBJECT_TO_OBJECT_HEADER(Object);

     /* Check if we didn't get an access state */
     if (!PassedAccessState)
     {
         /* Use our built-in access state */
         PassedAccessState = &AccessState;
         Status = SeCreateAccessState(&AccessState,
                                      &AuxData,
                                      DesiredAccess,
                                      &Header->Type->TypeInfo.GenericMapping);
         if (!NT_SUCCESS(Status))
         {
             /* Fail */
             ObDereferenceObject(Object);
             return Status;
         }
     }

     /* Check if we have invalid object attributes */
     if (Header->Type->TypeInfo.InvalidAttributes & HandleAttributes)
     {
         /* Delete the access state */
         if (PassedAccessState == &AccessState)
         {
             SeDeleteAccessState(PassedAccessState);
         }

         /* Dereference the object */
         ObDereferenceObject(Object);
         return STATUS_INVALID_PARAMETER;
     }

     /* Create the handle */
     Status = ObpCreateHandle(ObOpenHandle,
                              Object,
                              ObjectType,
                              PassedAccessState,
                              0,
                              HandleAttributes,
                              NULL,
                              AccessMode,
                              NULL,
                              Handle);
     if (!NT_SUCCESS(Status)) ObDereferenceObject(Object);

     /* Delete the access state */
     if (PassedAccessState == &AccessState)
     {
         SeDeleteAccessState(PassedAccessState);
     }

     /* Return */
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - returning Object with PC S: %lx %lx\n",
             __FUNCTION__,
             OBJECT_TO_OBJECT_HEADER(Object)->PointerCount,
             Status);
     return Status;
 }

 /*++
 * @name ObFindHandleForObject
 * @implemented NT4
 *
 *     The ObFindHandleForObject routine <FILLMEIN>
 *
 * @param Process
 *        <FILLMEIN>.
 *
 * @param Object
 *        <FILLMEIN>.
 *
 * @param ObjectType
 *        <FILLMEIN>.
 *
 * @param HandleInformation
 *        <FILLMEIN>.
 *
 * @param HandleReturn
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 BOOLEAN
 NTAPI
 ObFindHandleForObject(IN PEPROCESS Process,
                       IN PVOID Object,
                       IN POBJECT_TYPE ObjectType,
                       IN POBJECT_HANDLE_INFORMATION HandleInformation,
                       OUT PHANDLE Handle)
 {
     OBP_FIND_HANDLE_DATA FindData;
     BOOLEAN Result = FALSE;
     PVOID ObjectTable;

     /* Make sure we have an object table */
     ObjectTable = ObReferenceProcessHandleTable(Process);
     if (ObjectTable)
     {
         /* Check if we have an object */
         if (Object)
         {
             /* Set its header */
             FindData.ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
         }
         else
         {
             /* Otherwise, no object to match*/
             FindData.ObjectHeader = NULL;
         }

         /* Set other information */
         FindData.ObjectType = ObjectType;
         FindData.HandleInformation = HandleInformation;

         /* Enumerate the handle table */
         if (ExEnumHandleTable(Process->ObjectTable,
                               ObpEnumFindHandleProcedure,
                               &FindData,
                               Handle))
         {
             /* Set success */
             Result = TRUE;
         }

         /* Let go of the table */
         ObDereferenceProcessHandleTable(Process);
     }

     /* Return the result */
     return Result;
 }

 /*++
 * @name ObInsertObject
 * @implemented NT4
 *
 *     The ObInsertObject routine <FILLMEIN>
 *
 * @param Object
 *        <FILLMEIN>.
 *
 * @param PassedAccessState
 *        <FILLMEIN>.
 *
 * @param DesiredAccess
 *        <FILLMEIN>.
 *
 * @param AdditionalReferences
 *        <FILLMEIN>.
 *
 * @param ReferencedObject
 *        <FILLMEIN>.
 *
 * @param Handle
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObInsertObject(IN PVOID Object,
                IN PACCESS_STATE AccessState OPTIONAL,
                IN ACCESS_MASK DesiredAccess,
                IN ULONG ObjectPointerBias,
                OUT PVOID *NewObject OPTIONAL,
                OUT PHANDLE Handle)
 {
     POBJECT_CREATE_INFORMATION ObjectCreateInfo;
     POBJECT_HEADER ObjectHeader;
     POBJECT_TYPE ObjectType;
     PUNICODE_STRING ObjectName;
     PVOID InsertObject;
     PSECURITY_DESCRIPTOR ParentDescriptor = NULL;
     BOOLEAN SdAllocated = FALSE;
     POBJECT_HEADER_NAME_INFO ObjectNameInfo;
     OBP_LOOKUP_CONTEXT Context;
     ACCESS_STATE LocalAccessState;
     AUX_ACCESS_DATA AuxData;
     OB_OPEN_REASON OpenReason;
     KPROCESSOR_MODE PreviousMode;
     NTSTATUS Status = STATUS_SUCCESS, RealStatus;
     BOOLEAN IsNewObject;
     PAGED_CODE();

     /* Get the Header */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);

     /* Detect invalid insert */
     if (!(ObjectHeader->Flags & OB_FLAG_CREATE_INFO))
     {
         /* Display warning and break into debugger */
         DPRINT1("OB: Attempting to insert existing object %p\n", Object);
         DbgBreakPoint();

         /* Allow debugger to continue */
         ObDereferenceObject(Object);
         return STATUS_INVALID_PARAMETER;
     }

     /* Get the create and name info, as well as the object type */
     ObjectCreateInfo = ObjectHeader->ObjectCreateInfo;
     ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
     ObjectType = ObjectHeader->Type;
     ObjectName = NULL;

     /* Check if this is an named object */
     if ((ObjectNameInfo) && (ObjectNameInfo->Name.Buffer))
     {
         /* Get the object name */
         ObjectName = &ObjectNameInfo->Name;
     }

     /* Sanity check */
     ASSERT((Handle) ||
            ((ObjectPointerBias == 0) &&
             (ObjectName == NULL) &&
             (ObjectType->TypeInfo.SecurityRequired) &&
             (NewObject == NULL)));

     /* Check if the object is unnamed and also doesn't have security */
     PreviousMode = KeGetPreviousMode();
     if (!(ObjectType->TypeInfo.SecurityRequired) && !(ObjectName))
     {
         /* Assume failure */
         *Handle = NULL;
         ObjectHeader->ObjectCreateInfo = NULL;

         /* Create the handle */
         Status = ObpCreateUnnamedHandle(Object,
                                         DesiredAccess,
                                         ObjectPointerBias + 1,
                                         ObjectCreateInfo->Attributes,
                                         PreviousMode,
                                         NewObject,
                                         Handle);

         /* Free the create information */
         ObpFreeObjectCreateInformation(ObjectCreateInfo);

         /* Release the object name information */
         ObpDereferenceNameInfo(ObjectNameInfo);

         /* Remove the extra keep-alive reference */
         ObDereferenceObject(Object);

         /* Return */
         OBTRACE(OB_HANDLE_DEBUG,
                 "%s - returning Object with PC S: %lx %lx\n",
                 __FUNCTION__,
                 ObjectHeader->PointerCount,
                 Status);
         return Status;
     }

     /* Check if we didn't get an access state */
     if (!AccessState)
     {
         /* Use our built-in access state */
         AccessState = &LocalAccessState;
         Status = SeCreateAccessState(&LocalAccessState,
                                      &AuxData,
                                      DesiredAccess,
                                      &ObjectType->TypeInfo.GenericMapping);
         if (!NT_SUCCESS(Status))
         {
             /* Fail */
             ObpDereferenceNameInfo(ObjectNameInfo);
             ObDereferenceObject(Object);
             return Status;
         }
     }

     /* Save the security descriptor */
     AccessState->SecurityDescriptor = ObjectCreateInfo->SecurityDescriptor;

     /* Validate the access mask */
     Status = ObpValidateAccessMask(AccessState);
     if (!NT_SUCCESS(Status))
     {
         /* Fail */
         ObpDereferenceNameInfo(ObjectNameInfo);
         ObDereferenceObject(Object);
         return Status;
     }

     /* Setup a lookup context */
     ObpInitializeLookupContext(&Context);
     InsertObject = Object;
     OpenReason = ObCreateHandle;

     /* Check if the object is named */
     if (ObjectName)
     {
         /* Look it up */
         Status = ObpLookupObjectName(ObjectCreateInfo->RootDirectory,
                                      ObjectName,
                                      ObjectCreateInfo->Attributes,
                                      ObjectType,
                                      (ObjectHeader->Flags & OB_FLAG_KERNEL_MODE) ?
                                      KernelMode : UserMode,
                                      ObjectCreateInfo->ParseContext,
                                      ObjectCreateInfo->SecurityQos,
                                      Object,
                                      AccessState,
                                      &Context,
                                      &InsertObject);

         /* Check if we found an object that doesn't match the one requested */
         if ((NT_SUCCESS(Status)) && (InsertObject) && (Object != InsertObject))
         {
             /* This means we're opening an object, not creating a new one */
             OpenReason = ObOpenHandle;

             /* Make sure the caller said it's OK to do this */
             if (ObjectCreateInfo->Attributes & OBJ_OPENIF)
             {
                 /* He did, but did he want this type? */
                 if (ObjectType != OBJECT_TO_OBJECT_HEADER(InsertObject)->Type)
                 {
                     /* Wrong type, so fail */
                     Status = STATUS_OBJECT_TYPE_MISMATCH;
                 }
                 else
                 {
                     /* Right type, so warn */
                     Status = STATUS_OBJECT_NAME_EXISTS;
                 }
             }
             else
             {
                 /* Check if this was a symbolic link */
                 if (OBJECT_TO_OBJECT_HEADER(InsertObject)->Type ==
                     ObpSymbolicLinkObjectType)
                 {
                     /* Dereference it */
                     ObDereferenceObject(InsertObject);
                 }

                 /* Caller wanted to create a new object, fail */
                 Status = STATUS_OBJECT_NAME_COLLISION;
             }
         }

         /* Check if anything until now failed */
         if (!NT_SUCCESS(Status))
         {
             /* Cleanup after lookup */
             ObpReleaseLookupContext(&Context);

             /* Remove query reference that we added */
             ObpDereferenceNameInfo(ObjectNameInfo);

             /* Dereference the object and delete the access state */
             ObDereferenceObject(Object);
             if (AccessState == &LocalAccessState)
             {
                 /* We used a local one; delete it */
                 SeDeleteAccessState(AccessState);
             }

             /* Return failure code */
             return Status;
         }
         else
         {
             /* Check if this is a symbolic link */
             if (ObjectType == ObpSymbolicLinkObjectType)
             {
                 /* Create the internal name */
                 ObpCreateSymbolicLinkName(Object);
             }
         }
     }

     /* Now check if this object is being created */
     if (InsertObject == Object)
     {
         /* Check if it's named or forces security */
         if ((ObjectName) || (ObjectType->TypeInfo.SecurityRequired))
         {
             /* Make sure it's inserted into an object directory */
             if ((ObjectNameInfo) && (ObjectNameInfo->Directory))
             {
                 /* Get the current descriptor */
                 ObGetObjectSecurity(ObjectNameInfo->Directory,
                                     &ParentDescriptor,
                                     &SdAllocated);
             }

             /* Now assign it */
             Status = ObAssignSecurity(AccessState,
                                       ParentDescriptor,
                                       Object,
                                       ObjectType);

             /* Check if we captured one */
             if (ParentDescriptor)
             {
                 /* We did, release it */
                 ObReleaseObjectSecurity(ParentDescriptor, SdAllocated);
             }
             else if (NT_SUCCESS(Status))
             {
                 /* Other we didn't, but we were able to use the current SD */
                 SeReleaseSecurityDescriptor(ObjectCreateInfo->SecurityDescriptor,
                                             ObjectCreateInfo->ProbeMode,
                                             TRUE);

                 /* Clear the current one */
                 AccessState->SecurityDescriptor =
                 ObjectCreateInfo->SecurityDescriptor = NULL;
             }
         }

         /* Check if anything until now failed */
         if (!NT_SUCCESS(Status))
         {
             /* Check if the directory was added */
             if (Context.DirectoryLocked)
             {
                 /* Weird case where we need to do a manual delete */
                 DPRINT1("Unhandled path\n");
                 ASSERT(FALSE);
             }

             /* Cleanup the lookup */
             ObpReleaseLookupContext(&Context);

             /* Remove query reference that we added */
             ObpDereferenceNameInfo(ObjectNameInfo);

             /* Dereference the object and delete the access state */
             ObDereferenceObject(Object);
             if (AccessState == &LocalAccessState)
             {
                 /* We used a local one; delete it */
                 SeDeleteAccessState(AccessState);
             }

             /* Return failure code */
             ASSERT(FALSE);
             return Status;
         }
     }

     /* Save the actual status until here */
     RealStatus = Status;

     /* Check if caller wants us to create a handle */
     ObjectHeader->ObjectCreateInfo = NULL;
     if (Handle)
     {
         /* Create the handle */
         Status = ObpCreateHandle(OpenReason,
                                  InsertObject,
                                  NULL,
                                  AccessState,
                                  ObjectPointerBias + 1,
                                  ObjectCreateInfo->Attributes,
                                  &Context,
                                  PreviousMode,
                                  NewObject,
                                  Handle);
         if (!NT_SUCCESS(Status))
         {
             /* If the object had a name, backout everything */
             if (ObjectName) ObpDeleteNameCheck(Object);

             /* Return the status of the failure */
             *Handle = NULL;
             RealStatus = Status;
         }

         /* Remove a query reference */
         ObpDereferenceNameInfo(ObjectNameInfo);

         /* Remove the extra keep-alive reference */
         ObDereferenceObject(Object);
     }
     else
     {
         /* Otherwise, lock the object */
         ObpAcquireObjectLock(ObjectHeader);

         /* And charge quota for the process to make it appear as used */
         RealStatus = ObpChargeQuotaForObject(ObjectHeader,
                                              ObjectType,
                                              &IsNewObject);

         /* Release the lock */
         ObpReleaseObjectLock(ObjectHeader);

         /* Check if we failed and dereference the object if so */
         if (!NT_SUCCESS(RealStatus)) ObDereferenceObject(Object);
     }

     /* We can delete the Create Info now */
     ObpFreeObjectCreateInformation(ObjectCreateInfo);

     /* Check if we created our own access state and delete it if so */
     if (AccessState == &LocalAccessState) SeDeleteAccessState(AccessState);

     /* Return status code */
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - returning Object with PC RS/S: %lx %lx %lx\n",
             __FUNCTION__,
             OBJECT_TO_OBJECT_HEADER(Object)->PointerCount,
             RealStatus, Status);
     return RealStatus;
 }

 /*++
 * @name ObSetHandleAttributes
 * @implemented NT5.1
 *
 *     The ObSetHandleAttributes routine <FILLMEIN>
 *
 * @param Handle
 *        <FILLMEIN>.
 *
 * @param HandleFlags
 *        <FILLMEIN>.
 *
 * @param PreviousMode
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObSetHandleAttributes(IN HANDLE Handle,
                       IN POBJECT_HANDLE_ATTRIBUTE_INFORMATION HandleFlags,
                       IN KPROCESSOR_MODE PreviousMode)
 {
     OBP_SET_HANDLE_ATTRIBUTES_CONTEXT SetHandleAttributesContext;
     BOOLEAN Result, AttachedToSystemProcess = FALSE;
     PHANDLE_TABLE HandleTable;
     KAPC_STATE ApcState;
     PAGED_CODE();

     /* Check if this is a kernel handle */
     if (ObpIsKernelHandle(Handle, PreviousMode))
     {
         /* Use the kernel table and convert the handle */
         HandleTable = ObpKernelHandleTable;
         Handle = ObKernelHandleToHandle(Handle);

         /* Check if we're not in the system process */
         if (PsGetCurrentProcess() != PsInitialSystemProcess)
         {
             /* Attach to the system process */
             KeStackAttachProcess(&PsInitialSystemProcess->Pcb, &ApcState);
             AttachedToSystemProcess = TRUE;
         }
     }
     else
     {
         /* Get the current process' handle table */
         HandleTable = PsGetCurrentProcess()->ObjectTable;
     }

     /* Initialize the handle attribute context */
     SetHandleAttributesContext.PreviousMode = PreviousMode;
     SetHandleAttributesContext.Information = *HandleFlags;

     /* Invoke the ObpSetHandleAttributes callback */
     Result = ExChangeHandle(HandleTable,
                             Handle,
                             ObpSetHandleAttributes,
                             (ULONG_PTR)&SetHandleAttributesContext);

     /* Did we attach to the system process? */
     if (AttachedToSystemProcess)
     {
         /* Detach from it */
         KeUnstackDetachProcess(&ApcState);
     }

     /* Return the result as an NTSTATUS value */
     return Result ? STATUS_SUCCESS : STATUS_ACCESS_DENIED;
 }

 /*++
 * @name ObCloseHandle
 * @implemented NT5.1
 *
 *     The ObCloseHandle routine <FILLMEIN>
 *
 * @param Handle
 *        <FILLMEIN>.
 *
 * @param AccessMode
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 ObCloseHandle(IN HANDLE Handle,
               IN KPROCESSOR_MODE AccessMode)
 {
     /* Call the internal API */
     return ObpCloseHandle(Handle, AccessMode);
 }

 /*++
 * @name NtClose
 * @implemented NT4
 *
 *     The NtClose routine <FILLMEIN>
 *
 * @param Handle
 *        <FILLMEIN>.
 *
 * @return <FILLMEIN>.
 *
 * @remarks None.
 *
 *--*/
 NTSTATUS
 NTAPI
 NtClose(IN HANDLE Handle)
 {
     /* Call the internal API */
     return ObpCloseHandle(Handle, ExGetPreviousMode());
 }

 NTSTATUS
 NTAPI
 NtDuplicateObject(IN HANDLE SourceProcessHandle,
                   IN HANDLE SourceHandle,
                   IN HANDLE TargetProcessHandle OPTIONAL,
                   OUT PHANDLE TargetHandle OPTIONAL,
                   IN ACCESS_MASK DesiredAccess,
                   IN ULONG HandleAttributes,
                   IN ULONG Options)
 {
     PEPROCESS SourceProcess, TargetProcess, Target;
     HANDLE hTarget;
     KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
     NTSTATUS Status;
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Duplicating handle: %p for %p into %p.\n",
             __FUNCTION__,
             SourceHandle,
             SourceProcessHandle,
             TargetProcessHandle);

     /* Check if we have a target handle */
     if ((TargetHandle) && (PreviousMode != KernelMode))
     {
         /* Enter SEH */
         _SEH2_TRY
         {
             /* Probe the handle and assume failure */
             ProbeForWriteHandle(TargetHandle);
             *TargetHandle = NULL;
         }
         _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
         {
             /* Return the exception code */
             _SEH2_YIELD(return _SEH2_GetExceptionCode());
         }
         _SEH2_END;
     }

     /* Now reference the input handle */
     Status = ObReferenceObjectByHandle(SourceProcessHandle,
                                        PROCESS_DUP_HANDLE,
                                        PsProcessType,
                                        PreviousMode,
                                        (PVOID*)&SourceProcess,
                                        NULL);
     if (!NT_SUCCESS(Status)) return Status;

     /* Check if got a target handle */
     if (TargetProcessHandle)
     {
         /* Now reference the output handle */
         Status = ObReferenceObjectByHandle(TargetProcessHandle,
                                            PROCESS_DUP_HANDLE,
                                            PsProcessType,
                                            PreviousMode,
                                            (PVOID*)&TargetProcess,
                                            NULL);
         if (NT_SUCCESS(Status))
         {
             /* Use this target process */
             Target = TargetProcess;
         }
         else
         {
             /* No target process */
             Target = NULL;
         }
     }
     else
     {
         /* No target process */
         Status = STATUS_SUCCESS;
         Target = NULL;
     }

     /* Call the internal routine */
     Status = ObDuplicateObject(SourceProcess,
                                SourceHandle,
                                Target,
                                &hTarget,
                                DesiredAccess,
                                HandleAttributes,
                                Options,
                                PreviousMode);

     /* Check if the caller wanted the return handle */
     if (TargetHandle)
     {
         /* Protect the write to user mode */
         _SEH2_TRY
         {
             /* Write the new handle */
             *TargetHandle = hTarget;
         }
         _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
         {
             /* Otherwise, get the exception code */
             Status = _SEH2_GetExceptionCode();
         }
         _SEH2_END;
     }

     /* Dereference the processes */
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Duplicated handle: %p into %p S %lx\n",
             __FUNCTION__,
             hTarget,
             TargetProcessHandle,
             Status);
     if (Target) ObDereferenceObject(Target);
     ObDereferenceObject(SourceProcess);
     return Status;
 }

 BOOLEAN
 NTAPI
 ObIsKernelHandle(IN HANDLE Handle)
 {
     /* Use the inlined version. We know we are in kernel mode. */
     return ObpIsKernelHandle(Handle, KernelMode);
 }

 /* EOF */
_OBJECT_HEADER_QUOTA_INFO
Definition: obtypes.h:471

_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301

ObOpenObjectByName
NTSTATUS NTAPI ObOpenObjectByName(IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN OUT PVOID ParseContext, OUT PHANDLE Handle)
Definition: obhandle.c:2529

STATUS_OBJECT_NAME_COLLISION
#define STATUS_OBJECT_NAME_COLLISION
Definition: udferr_usr.h:150

_OBJECT_HEADER_NAME_INFO::Directory
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432

_AUX_ACCESS_DATA::PrivilegeSet
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:187

_OBP_FIND_HANDLE_DATA::ObjectHeader
POBJECT_HEADER ObjectHeader
Definition: ob.h:113

_OBJECT_HANDLE_COUNT_DATABASE::CountEntries
ULONG CountEntries
Definition: obtypes.h:450

Context
Definition: compobj.c:4703

MAXIMUM_ALLOWED
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83

TAG_OB_TEMP_STORAGE
#define TAG_OB_TEMP_STORAGE
Definition: ob.h:150

ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35

ObjectType
ObjectType
Definition: metafile.c:80

ObAssignSecurity
NTSTATUS NTAPI ObAssignSecurity(IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
Definition: obsecure.c:550

HandleAttributes
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429

IN
#define IN
Definition: typedefs.h:38

SE_SACL_PRESENT
#define SE_SACL_PRESENT
Definition: setypes.h:769

_ACCESS_STATE::SecurityDescriptor
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: setypes.h:207

DUPLICATE_CLOSE_SOURCE
#define DUPLICATE_CLOSE_SOURCE

GENERIC_ALL
#define GENERIC_ALL
Definition: nt_native.h:92

ObReferenceProcessHandleTable
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:29

TRUE
#define TRUE
Definition: types.h:120

ObpAccessProtectCloseBit
ULONG ObpAccessProtectCloseBit
Definition: obhandle.c:21

RtlCopyMemory
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)

SeCreateAccessState
NTSTATUS NTAPI SeCreateAccessState(IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:439

KAPC_STATE
KAPC_STATE
Definition: ketypes.h:1273

NonPagedPool
Definition: ketypes.h:866

ObpAcquireObjectLock
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48

STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158

_OBP_SET_HANDLE_ATTRIBUTES_CONTEXT::Information
OBJECT_HANDLE_ATTRIBUTE_INFORMATION Information
Definition: ob.h:102

STATUS_QUOTA_EXCEEDED
#define STATUS_QUOTA_EXCEEDED
Definition: ntstatus.h:290

ExDestroyHandle
BOOLEAN NTAPI ExDestroyHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PHANDLE_TABLE_ENTRY HandleTableEntry OPTIONAL)
Definition: handle.c:948

_OBP_FIND_HANDLE_DATA::ObjectType
POBJECT_TYPE ObjectType
Definition: ob.h:114

Type
Type
Definition: Type.h:6

_OBJECT_HEADER::HandleCount
LONG_PTR HandleCount
Definition: obtypes.h:490

_OBP_SET_HANDLE_ATTRIBUTES_CONTEXT::PreviousMode
KPROCESSOR_MODE PreviousMode
Definition: ob.h:101

ExRundownCompleted
NTKERNELAPI VOID FASTCALL ExRundownCompleted(_Out_ PEX_RUNDOWN_REF RunRef)

ACCESS_SYSTEM_SECURITY
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77

PsGetCurrentThread
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81

ObSetHandleAttributes
NTSTATUS NTAPI ObSetHandleAttributes(IN HANDLE Handle, IN POBJECT_HANDLE_ATTRIBUTE_INFORMATION HandleFlags, IN KPROCESSOR_MODE PreviousMode)
Definition: obhandle.c:3305

_OBJECT_CREATE_INFORMATION::RootDirectory
HANDLE RootDirectory
Definition: obtypes.h:338

ObDuplicateHandle
Definition: obtypes.h:143

ObFindHandleForObject
BOOLEAN NTAPI ObFindHandleForObject(IN PEPROCESS Process, IN PVOID Object, IN POBJECT_TYPE ObjectType, IN POBJECT_HANDLE_INFORMATION HandleInformation, OUT PHANDLE Handle)
Definition: obhandle.c:2853

_OBJECT_HEADER_HANDLE_INFO::HandleCountDatabase
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
Definition: obtypes.h:458

KernelHandle
HANDLE KernelHandle
Definition: legacy.c:24

_HANDLE_TABLE_ENTRY::ObAttributes
ULONG_PTR ObAttributes
Definition: extypes.h:600

_OBJECT_CREATE_INFORMATION::Attributes
ULONG Attributes
Definition: obtypes.h:337

ExReleaseRundownProtection
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)

ObIsKernelHandle
BOOLEAN NTAPI ObIsKernelHandle(IN HANDLE Handle)
Definition: obhandle.c:3522

OBJECT_HEADER_TO_HANDLE_INFO
#define OBJECT_HEADER_TO_HANDLE_INFO(h)
Definition: obtypes.h:118

_OBJECT_ATTRIBUTES
Definition: umtypes.h:181

SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182

STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

_OB_TEMP_BUFFER::ObjectCreateInfo
OBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: ob.h:154

ObpChargeQuotaForObject
NTSTATUS NTAPI ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
Definition: obhandle.c:434

ExMapHandleToPointer
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
Definition: handle.c:1010

ObpFreeObjectNameBuffer
VOID NTAPI ObpFreeObjectNameBuffer(IN PUNICODE_STRING Name)
Definition: oblife.c:347

ObpReleaseObjectLock
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84

_OBJECT_HANDLE_INFORMATION
Definition: iotypes.h:156

ExDestroyHandleTable
VOID NTAPI ExDestroyHandleTable(IN PHANDLE_TABLE HandleTable, IN PVOID DestroyHandleProcedure OPTIONAL)
Definition: handle.c:927

ObInheritHandle
Definition: obtypes.h:144

KeGetPreviousMode
#define KeGetPreviousMode()
Definition: ketypes.h:1081

STATUS_OBJECT_NAME_EXISTS
#define STATUS_OBJECT_NAME_EXISTS
Definition: ntstatus.h:114

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

NtCurrentThread
#define NtCurrentThread()

ExAcquireRundownProtection
#define ExAcquireRundownProtection
Definition: ex.h:130

_OBJECT_HEADER_NAME_INFO::Name
UNICODE_STRING Name
Definition: obtypes.h:433

GENERIC_ACCESS
#define GENERIC_ACCESS
Definition: wlx.c:26

PassedAccessState
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71

ObpReleaseObjectCreateInformation
FORCEINLINE VOID ObpReleaseObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:296

OB_FLAG_SINGLE_PROCESS
#define OB_FLAG_SINGLE_PROCESS
Definition: obtypes.h:103

ProbeMode
_Must_inspect_result_ _In_ _In_ ULONG ProbeMode
Definition: mmfuncs.h:562

OBJECT_HEADER_TO_NAME_INFO
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114

ObpIsKernelHandle
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:64

ObCreateHandle
Definition: obtypes.h:141

HandleTable
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83

ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:2966

ObpIncrementUnnamedHandleCount
NTSTATUS NTAPI ObpIncrementUnnamedHandleCount(IN PVOID Object, IN PACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process)
Definition: obhandle.c:1087

ObGetProcessHandleCount
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:59

_EPROCESS
Definition: pstypes.h:1191

ObDereferenceObject
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375

_OBJECT_TYPE
Definition: obtypes.h:379

KernelMode
Definition: ketypes.h:11

_AUX_ACCESS_DATA::GenericMapping
GENERIC_MAPPING GenericMapping
Definition: setypes.h:188

_OBJECT_HEADER::Body
QUAD Body
Definition: obtypes.h:504

Parent
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:716

_OBP_SET_HANDLE_ATTRIBUTES_CONTEXT
Definition: ob.h:99

SourceHandle
_In_ HANDLE SourceHandle
Definition: obfuncs.h:429

ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62

InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003

ObOpenObjectByPointer
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
Definition: obhandle.c:2739

DbgBreakPoint
void DbgBreakPoint()
Definition: mach.c:558

Options
enum OPTION_FLAGS Options
Definition: stats.c:44

ObpCreateHandle
NTSTATUS NTAPI ObpCreateHandle(IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1494

ExUnlockHandleTableEntry
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:887

STATUS_INVALID_HANDLE
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:231

ExChangeHandle
BOOLEAN NTAPI ExChangeHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PEX_CHANGE_HANDLE_CALLBACK ChangeRoutine, IN ULONG_PTR Context)
Definition: handle.c:1153

PAGED_CODE
#define PAGED_CODE()
Definition: video.h:57

_OBJECT_CREATE_INFORMATION::ProbeMode
KPROCESSOR_MODE ProbeMode
Definition: obtypes.h:340

SeReleaseSecurityDescriptor
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:766

_OBP_CLOSE_HANDLE_CONTEXT::HandleTable
PHANDLE_TABLE HandleTable
Definition: ob.h:107

_SEH2_TRY
_SEH2_TRY
Definition: create.c:4250

ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:63

ProcessHandleCount
Definition: winternl.h:876

OBJECT_TO_OBJECT_HEADER
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111

OBJECT_HANDLE_COUNT_ENTRY
struct _OBJECT_HANDLE_COUNT_ENTRY OBJECT_HANDLE_COUNT_ENTRY

ExCreateHandle
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:791

KIRQL
UCHAR KIRQL
Definition: env_spec_w32.h:591

OBJ_PROTECT_CLOSE
#define OBJ_PROTECT_CLOSE
Definition: NtDuplicateObject.c:10

OBJ_OPENIF
#define OBJ_OPENIF
Definition: winternl.h:229

_OBJECT_HANDLE_ATTRIBUTE_INFORMATION
Definition: obtypes.h:270

i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248

OBJ_AUDIT_OBJECT_CLOSE
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51

OBJ_FORCE_ACCESS_CHECK
#define OBJ_FORCE_ACCESS_CHECK
Definition: winternl.h:232

ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496

DUPLICATE_SAME_ACCESS
#define DUPLICATE_SAME_ACCESS

_OBJECT_HANDLE_INFORMATION::GrantedAccess
ACCESS_MASK GrantedAccess
Definition: iotypes.h:158

NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117

PsInitialSystemProcess
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50

KeStackAttachProcess
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:701

Header
Definition: Header.h:8

InterlockedIncrementSizeT
#define InterlockedIncrementSizeT(a)
Definition: interlocked.h:220

POBP_CLOSE_HANDLE_CONTEXT
struct _OBP_CLOSE_HANDLE_CONTEXT * POBP_CLOSE_HANDLE_CONTEXT

_OBJECT_HANDLE_ATTRIBUTE_INFORMATION::ProtectFromClose
BOOLEAN ProtectFromClose
Definition: obtypes.h:273

LONG
long LONG
Definition: pedump.c:60

FALSE
Definition: jmorecfg.h:365

_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371

PROCESS_DUP_HANDLE
#define PROCESS_DUP_HANDLE

_OBJECT_HANDLE_COUNT_DATABASE
Definition: obtypes.h:448

AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396

KeIsAttachedProcess
BOOLEAN NTAPI KeIsAttachedProcess(VOID)
Definition: procobj.c:690

_OBJECT_HEADER_CREATOR_INFO::TypeList
LIST_ENTRY TypeList
Definition: obtypes.h:465

PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17

_HANDLE_TABLE_ENTRY
Definition: extypes.h:595

EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85

ObReleaseObjectSecurity
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709

ObpIncrementHandleCount
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:808

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

ObpCalloutStart
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:429

NULL
smooth NULL
Definition: ftsmooth.c:416

ObpGetHandleObject
#define ObpGetHandleObject(x)
Definition: ob.h:81

_OBP_FIND_HANDLE_DATA::HandleInformation
POBJECT_HANDLE_INFORMATION HandleInformation
Definition: ob.h:115

ObpFreeObjectCreateInformation
FORCEINLINE VOID ObpFreeObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:392

KdDebuggerEnabled
BOOLEAN KdDebuggerEnabled
Definition: kdmain.c:16

Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426

OBJ_EXCLUSIVE
#define OBJ_EXCLUSIVE
Definition: winternl.h:227

DPRINT
void DPRINT(...)
Definition: polytest.cpp:61

_OBJECT_CREATE_INFORMATION::SecurityDescriptor
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:344

_OBJECT_HANDLE_COUNT_ENTRY::HandleCount
ULONG HandleCount
Definition: obtypes.h:445

_ETHREAD
Definition: pstypes.h:1032

ObpDecrementHandleCount
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:527

ObpSetHandleAttributes
BOOLEAN NTAPI ObpSetHandleAttributes(IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
Definition: obhandle.c:1856

_OBJECT_HEADER::Flags
UCHAR Flags
Definition: obtypes.h:497

ObReferenceObjectByPointer
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
Definition: obref.c:383

ExWaitForRundownProtectionRelease
NTKERNELAPI VOID FASTCALL ExWaitForRundownProtectionRelease(_Inout_ PEX_RUNDOWN_REF RunRef)

PVOID
void * PVOID
Definition: retypes.h:9

OB_FLAG_EXCLUSIVE
#define OB_FLAG_EXCLUSIVE
Definition: obtypes.h:100

_OBJECT_HEADER_NAME_INFO::QueryReferences
ULONG QueryReferences
Definition: obtypes.h:434

ObpCloseHandle
NTSTATUS NTAPI ObpCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:1727

_OBJECT_HEADER_CREATOR_INFO
Definition: obtypes.h:463

_PRIVILEGE_SET::PrivilegeCount
$ULONG PrivilegeCount
Definition: setypes.h:86

ObGetObjectSecurity
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611

NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657

_OBJECT_HANDLE_COUNT_ENTRY::Process
struct _EPROCESS * Process
Definition: obtypes.h:444

ExDupHandleTable
PHANDLE_TABLE NTAPI ExDupHandleTable(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PEX_DUPLICATE_HANDLE_CALLBACK DupHandleProcedure, IN ULONG_PTR Mask)
Definition: handle.c:1036

Handle
_In_ HANDLE Handle
Definition: extypes.h:390

OBJECT_HEADER_TO_QUOTA_INFO
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
Definition: obtypes.h:122

PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103

STATUS_OBJECT_TYPE_MISMATCH
#define STATUS_OBJECT_TYPE_MISMATCH
Definition: ntstatus.h:259

ObpEnumFindHandleProcedure
BOOLEAN NTAPI ObpEnumFindHandleProcedure(IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:214

ObMarkHandleAsKernelHandle
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:75

_ACCESS_STATE
Definition: setypes.h:196

ObpCreateUnnamedHandle
NTSTATUS NTAPI ObpCreateUnnamedHandle(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1309

_OBP_FIND_HANDLE_DATA
Definition: ob.h:111

_OBJECT_HEADER_HANDLE_INFO::SingleEntry
OBJECT_HANDLE_COUNT_ENTRY SingleEntry
Definition: obtypes.h:459

_OB_TEMP_BUFFER::LocalAccessState
ACCESS_STATE LocalAccessState
Definition: ob.h:153

_OBJECT_HEADER_QUOTA_INFO::NonPagedPoolCharge
ULONG NonPagedPoolCharge
Definition: obtypes.h:474

_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8

ObpCloseHandleTableEntry
NTSTATUS NTAPI ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
Definition: obhandle.c:682

NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399

_GENERIC_MAPPING
Definition: nt_native.h:564

UserMode
Definition: ketypes.h:12

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32

ObpValidateAccessMask
NTSTATUS NTAPI ObpValidateAccessMask(IN PACCESS_STATE AccessState)
Definition: obhandle.c:485

ObpReferenceNameInfo
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102

OBJ_INHERIT
#define OBJ_INHERIT
Definition: winternl.h:225

STATUS_PROCESS_IS_TERMINATING
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:488

_HANDLE_TABLE_ENTRY::GrantedAccess
ULONG GrantedAccess
Definition: extypes.h:606

SeDefaultObjectMethod
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:139

ObpEnterObjectTypeMutex
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:272

ObInitProcess
NTSTATUS NTAPI ObInitProcess(IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
Definition: obhandle.c:2087

_OBJECT_HANDLE_ATTRIBUTE_INFORMATION::Inherit
BOOLEAN Inherit
Definition: obtypes.h:272

_OBJECT_CREATE_INFORMATION::ParseContext
PVOID ParseContext
Definition: obtypes.h:339

ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43

ExCreateHandleTable
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
Definition: handle.c:765

Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653

HandleInformation
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40

TargetProcessHandle
_In_ HANDLE _In_opt_ HANDLE TargetProcessHandle
Definition: obfuncs.h:429

STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145

KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7

Target
_Must_inspect_result_ typedef _In_ ULONG _In_ BOOLEAN Target
Definition: iotypes.h:1067

Object
static IUnknown Object
Definition: main.c:512

ObpCreateSymbolicLinkName
VOID NTAPI ObpCreateSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
Definition: oblink.c:184

ASSERT
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)

STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132

AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414

OB_FLAG_CREATE_INFO
#define OB_FLAG_CREATE_INFO
Definition: obtypes.h:97

ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350

_OBJECT_CREATE_INFORMATION
Definition: obtypes.h:335

ObpReferenceProcessObjectByHandle
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle(IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
Definition: obhandle.c:88

PBOOLEAN
char * PBOOLEAN
Definition: retypes.h:11

_OBJECT_CREATE_INFORMATION::SecurityQos
PSECURITY_QUALITY_OF_SERVICE SecurityQos
Definition: obtypes.h:345

ObCloseHandle
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3376

ObpLeaveObjectTypeMutex
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:284

InterlockedExchangeAddSizeT
#define InterlockedExchangeAddSizeT(a, b)
Definition: interlocked.h:196

ObpCalloutEnd
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:437

InterlockedDecrement
#define InterlockedDecrement
Definition: armddk.h:52

ObpIncrementHandleDataBase
NTSTATUS NTAPI ObpIncrementHandleDataBase(IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
Definition: obhandle.c:336

PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:414

IoSetThreadHardErrorMode
BOOLEAN NTAPI IoSetThreadHardErrorMode(IN BOOLEAN HardErrorEnabled)
Definition: error.c:707

KeEnterCriticalRegion
#define KeEnterCriticalRegion()
Definition: ke_x.h:83

OB_HANDLE_DEBUG
#define OB_HANDLE_DEBUG
Definition: ob.h:17

STATUS_HANDLE_NOT_CLOSABLE
#define STATUS_HANDLE_NOT_CLOSABLE
Definition: ntstatus.h:683

ObClearProcessHandleTable
VOID NTAPI ObClearProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:2024

_EPROCESS::Pcb
KPROCESS Pcb
Definition: pstypes.h:1193

_OBJECT_HANDLE_COUNT_DATABASE::HandleCountEntries
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]
Definition: obtypes.h:451

ExEnumHandleTable
BOOLEAN NTAPI ExEnumHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_ENUM_HANDLE_CALLBACK EnumHandleProcedure, IN OUT PVOID Context, OUT PHANDLE EnumHandle OPTIONAL)
Definition: handle.c:1235

_OBJECT_HEADER_HANDLE_INFO
Definition: obtypes.h:454

Size
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359

Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80

_OBJECT_TYPE::TypeInfo
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390

_OB_TEMP_BUFFER
Definition: ob.h:151

_OB_TEMP_BUFFER::AuxData
AUX_ACCESS_DATA AuxData
Definition: ob.h:156

PagedPool
Definition: ketypes.h:867

OB_FLAG_KERNEL_MODE
#define OB_FLAG_KERNEL_MODE
Definition: obtypes.h:98

Status
Status
Definition: gdiplustypes.h:24

OB_OPEN_REASON
enum _OB_OPEN_REASON OB_OPEN_REASON

ObpReleaseLookupContext
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:255

KeRaiseUserException
NTSTATUS NTAPI KeRaiseUserException(IN NTSTATUS ExceptionCode)
Definition: except.c:393

_OBJECT_HEADER_NAME_INFO
Definition: obtypes.h:430

ObOpenHandle
Definition: obtypes.h:142

GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11

ObCheckObjectAccess
BOOLEAN NTAPI ObCheckObjectAccess(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
Definition: obsecure.c:441

_UNICODE_STRING
Definition: env_spec_w32.h:368

_AUX_ACCESS_DATA
Definition: setypes.h:185

Attributes
_Must_inspect_result_ _In_ USHORT _In_ PHIDP_PREPARSED_DATA _Out_writes_to_ LengthAttributes PHIDP_EXTENDED_ATTRIBUTES Attributes
Definition: hidpi.h:348

_SEH2_END
_SEH2_END
Definition: create.c:4424

ObpSymbolicLinkObjectType
#define ObpSymbolicLinkObjectType
Definition: ObTypes.c:124

ObpInitializeLookupContext
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Definition: ob_x.h:221

ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932

_OBJECT_HANDLE_COUNT_ENTRY
Definition: obtypes.h:442

KeLeaveCriticalRegion
#define KeLeaveCriticalRegion()
Definition: ke_x.h:114

InterlockedIncrement
#define InterlockedIncrement
Definition: armddk.h:53

_HANDLE_TABLE
Definition: extypes.h:616

ObpCaptureObjectCreateInformation
NTSTATUS NTAPI ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
Definition: oblife.c:456

_OB_TEMP_BUFFER::LookupContext
OBP_LOOKUP_CONTEXT LookupContext
Definition: ob.h:155

KeUnstackDetachProcess
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:753

DUPLICATE_SAME_ATTRIBUTES
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153

DesiredAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157

OBJECT_HEADER_TO_CREATOR_INFO
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
Definition: obtypes.h:126

ApcState
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1484

OBTRACE
#define OBTRACE(x, fmt,...)
Definition: ob.h:34

SeDeleteAccessState
VOID NTAPI SeDeleteAccessState(IN PACCESS_STATE AccessState)
Definition: access.c:460

PULONG
unsigned int * PULONG
Definition: retypes.h:1

_OBJECT_HEADER::PointerCount
LONG_PTR PointerCount
Definition: obtypes.h:487

ExSweepHandleTable
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1196

_OBJECT_HEADER_QUOTA_INFO::PagedPoolCharge
ULONG PagedPoolCharge
Definition: obtypes.h:473

ObDuplicateObject
NTSTATUS NTAPI ObDuplicateObject(IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
Definition: obhandle.c:2201

TAG_OB_HANDLE
#define TAG_OB_HANDLE
Definition: obhandle.c:23

DPRINT1
#define DPRINT1
Definition: precomp.h:8

_OBP_CLOSE_HANDLE_CONTEXT
Definition: ob.h:105

Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219

SePrivilegeObjectAuditAlarm
VOID NTAPI SePrivilegeObjectAuditAlarm(IN HANDLE Handle, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE CurrentMode)
Definition: audit.c:845

NtDuplicateObject
NTSTATUS NTAPI NtDuplicateObject(IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options)
Definition: obhandle.c:3407

_OBJECT_HANDLE_INFORMATION::HandleAttributes
ULONG HandleAttributes
Definition: iotypes.h:157

OUT
#define OUT
Definition: typedefs.h:39

PreviouslyGrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
Definition: sefuncs.h:13

Context
struct tagContext Context
Definition: acpixf.h:1012

ULONG
unsigned int ULONG
Definition: retypes.h:1

PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41

RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261

ObpCloseHandleCallback
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1921

_HANDLE_TABLE_ENTRY::Object
PVOID Object
Definition: extypes.h:599

ObpDuplicateHandleCallback
BOOLEAN NTAPI ObpDuplicateHandleCallback(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: obhandle.c:1957

ObKillProcess
VOID NTAPI ObKillProcess(IN PEPROCESS Process)
Definition: obhandle.c:2157

_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6

InterlockedDecrementSizeT
#define InterlockedDecrementSizeT(a)
Definition: interlocked.h:153

ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099

_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12

ObKernelHandleToHandle
#define ObKernelHandleToHandle(Handle)
Definition: ob.h:73

SeDetailedAuditingWithToken
BOOLEAN NTAPI SeDetailedAuditingWithToken(IN PTOKEN Token)
Definition: audit.c:25

void
Definition: nsiface.idl:2306

_OBJECT_HEADER::Type
POBJECT_TYPE Type
Definition: obtypes.h:493

OBJ_HANDLE_ATTRIBUTES
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52

GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13

PsIsThreadTerminating
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
Definition: thread.c:868

NewObject
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71

OBJECT_HEADER_TO_EXCLUSIVE_PROCESS
#define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h)
Definition: obtypes.h:131

STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:2725

_OBJECT_TYPE_INITIALIZER::InvalidAttributes
ULONG InvalidAttributes
Definition: obtypes.h:357

ObpDeleteNameCheck
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
Definition: obname.c:264

ObDereferenceProcessHandleTable
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:51

__FUNCTION__
#define __FUNCTION__
Definition: types.h:112

PLONG
signed int * PLONG
Definition: retypes.h:5

ObpInsertHandleCount
POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount(IN POBJECT_HEADER ObjectHeader)
Definition: obhandle.c:262

_OBP_LOOKUP_CONTEXT
Definition: obtypes.h:510

OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231

ObpDereferenceNameInfo
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143

OB_FLAG_KERNEL_EXCLUSIVE
#define OB_FLAG_KERNEL_EXCLUSIVE
Definition: obtypes.h:109

TargetHandle
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
Definition: obfuncs.h:429

PsProcessType
POBJECT_TYPE PsProcessType
Definition: process.c:20

ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40

_OBJECT_HEADER::ObjectCreateInfo
POBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: obtypes.h:500

KeBugCheckEx
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:107

_OBP_CLOSE_HANDLE_CONTEXT::AccessMode
KPROCESSOR_MODE AccessMode
Definition: ob.h:108

_OBJECT_HEADER
Definition: obtypes.h:485

ObpKernelHandleTable
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20

RtlMapGenericMask
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)

ObjectPointerBias
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG ObjectPointerBias
Definition: obfuncs.h:71

OBJECT_HANDLE_COUNT_DATABASE
struct _OBJECT_HANDLE_COUNT_DATABASE OBJECT_HANDLE_COUNT_DATABASE

ObpLookupObjectName
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
Definition: obname.c:411

HandleToLong
#define HandleToLong(h)
Definition: basetsd.h:80

SubjectSecurityContext
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: sefuncs.h:13

OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68