ReactOS 0.4.17-dev-444-g71ee754
obhandle.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS Kernel
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: ntoskrnl/ob/obhandle.c
5 * PURPOSE: Manages all functions related to the Object Manager handle
6 * implementation, including creating and destroying handles
7 * and/or handle tables, duplicating objects, and setting the
8 * permanent or temporary flags.
9 * PROGRAMMERS: Alex Ionescu (alex.ionescu@reactos.org)
10 * Eric Kohl
11 * Thomas Weidenmueller (w3seek@reactos.org)
12 */
13
14/* INCLUDES ******************************************************************/
15
16#include <ntoskrnl.h>
17#define NDEBUG
18#include <debug.h>
19
21
22/* PRIVATE FUNCTIONS *********************************************************/
23
27{
29
30 /* Lock the process */
31 if (ExAcquireRundownProtection(&Process->RundownProtect))
32 {
33 /* Get the handle table */
34 HandleTable = Process->ObjectTable;
35 if (!HandleTable)
36 {
37 /* No table, release the lock */
38 ExReleaseRundownProtection(&Process->RundownProtect);
39 }
40 }
41
42 /* Return the handle table */
43 return HandleTable;
44}
45
46VOID
49{
50 /* Release the process lock */
51 ExReleaseRundownProtection(&Process->RundownProtect);
52}
53
57{
60
62
63 /* Ensure the handle table doesn't go away while we use it */
65
66 if (HandleTable != NULL)
67 {
68 /* Count the number of handles the process has */
69 HandleCount = HandleTable->HandleCount;
70
71 /* Let the handle table go */
73 }
74 else
75 {
76 /* No handle table, no handles */
77 HandleCount = 0;
78 }
79
80 return HandleCount;
81}
82
91 OUT PACCESS_MASK AuditMask)
92{
93 PHANDLE_TABLE_ENTRY HandleEntry;
94 POBJECT_HEADER ObjectHeader;
99
100 /* Assume failure */
101 *Object = NULL;
102
103 /* Check if this is a special handle */
104 if (HandleToLong(Handle) < 0)
105 {
106 /* Check if the caller wants the current process */
107 if (Handle == NtCurrentProcess())
108 {
109 /* Return handle info */
110 HandleInformation->HandleAttributes = 0;
111 HandleInformation->GrantedAccess = Process->GrantedAccess;
112
113 /* No audit mask */
114 *AuditMask = 0;
115
116 /* Reference ourselves */
117 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Process);
119
120 /* Return the pointer */
121 *Object = Process;
122 ASSERT(*Object != NULL);
123 return STATUS_SUCCESS;
124 }
125
126 /* Check if the caller wants the current thread */
127 if (Handle == NtCurrentThread())
128 {
129 /* Return handle information */
130 HandleInformation->HandleAttributes = 0;
131 HandleInformation->GrantedAccess = Thread->GrantedAccess;
132
133 /* Reference ourselves */
134 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Thread);
136
137 /* No audit mask */
138 *AuditMask = 0;
139
140 /* Return the pointer */
141 *Object = Thread;
142 ASSERT(*Object != NULL);
143 return STATUS_SUCCESS;
144 }
145
146 /* This is a kernel handle... do we have access? */
147 if (AccessMode == KernelMode)
148 {
149 /* Use the kernel handle table and get the actual handle value */
152 }
153 else
154 {
155 /* This is an illegal attempt to access a kernel handle */
157 }
158 }
159
160 /* Enter a critical region while we touch the handle table */
163
164 /* Get the handle entry */
166 if (HandleEntry)
167 {
168 /* Get the object header and validate the type*/
169 ObjectHeader = ObpGetHandleObject(HandleEntry);
170
171 /* Get the granted access and validate it */
172 GrantedAccess = HandleEntry->GrantedAccess;
173
174 /* Mask out the internal attributes */
176
177 /* Fill out the information */
178 HandleInformation->HandleAttributes = Attributes;
179 HandleInformation->GrantedAccess = GrantedAccess;
180
181 /* No audit mask (FIXME!) */
182 *AuditMask = 0;
183
184 /* Return the pointer */
185 *Object = &ObjectHeader->Body;
186
187 /* Add a reference */
189
190 /* Unlock the handle */
193
194 /* Return success */
195 ASSERT(*Object != NULL);
196 return STATUS_SUCCESS;
197 }
198 else
199 {
200 /* Invalid handle */
202 }
203
204 /* Return failure status */
206 return Status;
207}
208
210NTAPI
214{
215 POBJECT_HEADER ObjectHeader;
219
220 /* Get the object header */
221 ObjectHeader = ObpGetHandleObject(HandleEntry);
222
223 /* Make sure it's valid and matching */
224 if ((FindData->ObjectHeader) && (FindData->ObjectHeader != ObjectHeader))
225 {
226 /* No match, fail */
227 return FALSE;
228 }
229
230 /* Now attempt to match the object type */
231 if ((FindData->ObjectType) && (FindData->ObjectType != ObjectHeader->Type))
232 {
233 /* No match, fail */
234 return FALSE;
235 }
236
237 /* Check if we have extra information */
238 if (FindData->HandleInformation)
239 {
240 /* Get the granted access and attributes */
241 GrantedAccess = HandleEntry->GrantedAccess;
242 HandleAttributes = HandleEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES;
243
244 /* Attempt to match them */
247 {
248 /* No match, fail */
249 return FALSE;
250 }
251 }
252
253 /* We have a match */
254 return TRUE;
255}
256
258NTAPI
260{
263 POBJECT_HANDLE_COUNT_DATABASE HandleDatabase, OldHandleDatabase;
264 ULONG i;
265 ULONG Size, OldSize;
266 OBJECT_HANDLE_COUNT_DATABASE SingleDatabase;
267 PAGED_CODE();
268
269 /* Get the handle info */
270 HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
271 if (!HandleInfo) return NULL;
272
273 /* Check if we only have one entry */
274 if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
275 {
276 /* Fill out the single entry */
277 SingleDatabase.CountEntries = 1;
278 SingleDatabase.HandleCountEntries[0] = HandleInfo->SingleEntry;
279
280 /* Use this as the old size */
281 OldHandleDatabase = &SingleDatabase;
282 OldSize = sizeof(SingleDatabase);
283
284 /* Now we'll have two entries, and an entire DB */
285 i = 2;
287 ((i - 1) * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
288 }
289 else
290 {
291 /* We already have a DB, get the information from it */
292 OldHandleDatabase = HandleInfo->HandleCountDatabase;
293 i = OldHandleDatabase->CountEntries;
294 OldSize = sizeof(OBJECT_HANDLE_COUNT_DATABASE) +
295 ((i - 1) * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
296
297 /* Add 4 more entries */
298 i += 4;
299 Size = OldSize + (4 * sizeof(OBJECT_HANDLE_COUNT_ENTRY));
300 }
301
302 /* Allocate the DB */
304 if (!HandleDatabase) return NULL;
305
306 /* Copy the old database */
307 RtlCopyMemory(HandleDatabase, OldHandleDatabase, OldSize);
308
309 /* Check if we he had a single entry before */
310 if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
311 {
312 /* Now we have more */
313 ObjectHeader->Flags &= ~OB_FLAG_SINGLE_PROCESS;
314 }
315 else
316 {
317 /* Otherwise we had a DB, free it */
318 ExFreePoolWithTag(OldHandleDatabase, TAG_OB_HANDLE);
319 }
320
321 /* Find the end of the copy and zero out the new data */
322 FreeEntry = (PVOID)((ULONG_PTR)HandleDatabase + OldSize);
323 RtlZeroMemory(FreeEntry, Size - OldSize);
324
325 /* Set the new information and return the free entry */
326 HandleDatabase->CountEntries = i;
327 HandleInfo->HandleCountDatabase = HandleDatabase;
328 return FreeEntry;
329}
330
332NTAPI
335 IN OUT PULONG NewProcessHandleCount)
336{
338 POBJECT_HANDLE_COUNT_ENTRY HandleEntry, FreeEntry = NULL;
339 POBJECT_HANDLE_COUNT_DATABASE HandleDatabase;
340 ULONG i;
341 PAGED_CODE();
342
343 /* Get the handle info and check if we only have one entry */
344 HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
345 if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
346 {
347 /* Check if the entry is free */
348 if (!HandleInfo->SingleEntry.HandleCount)
349 {
350 /* Add ours */
351 HandleInfo->SingleEntry.HandleCount = 1;
352 HandleInfo->SingleEntry.Process = Process;
353
354 /* Return success and 1 handle */
355 *NewProcessHandleCount = 1;
356 return STATUS_SUCCESS;
357 }
358 else if (HandleInfo->SingleEntry.Process == Process)
359 {
360 /* Busy entry, but same process */
361 *NewProcessHandleCount = ++HandleInfo->SingleEntry.HandleCount;
362 return STATUS_SUCCESS;
363 }
364 else
365 {
366 /* Insert a new entry */
367 FreeEntry = ObpInsertHandleCount(ObjectHeader);
368 if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
369 ASSERT(!FreeEntry->Process);
370 ASSERT(!FreeEntry->HandleCount);
371
372 /* Fill it out */
373 FreeEntry->Process = Process;
374 FreeEntry->HandleCount = 1;
375
376 /* Return success and 1 handle */
377 *NewProcessHandleCount = 1;
378 return STATUS_SUCCESS;
379 }
380 }
381
382 /* We have a database instead */
383 HandleDatabase = HandleInfo->HandleCountDatabase;
384 if (HandleDatabase)
385 {
386 /* Get the entries and loop them */
387 i = HandleDatabase->CountEntries;
388 HandleEntry = &HandleDatabase->HandleCountEntries[0];
389 while (i)
390 {
391 /* Check if this is a match */
392 if (HandleEntry->Process == Process)
393 {
394 /* Found it, get the process handle count */
395 *NewProcessHandleCount = ++HandleEntry->HandleCount;
396 return STATUS_SUCCESS;
397 }
398 else if (!HandleEntry->HandleCount)
399 {
400 /* Found a free entry */
401 FreeEntry = HandleEntry;
402 }
403
404 /* Keep looping */
405 HandleEntry++;
406 i--;
407 }
408
409 /* Check if we couldn't find a free entry */
410 if (!FreeEntry)
411 {
412 /* Allocate one */
413 FreeEntry = ObpInsertHandleCount(ObjectHeader);
414 if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
415 ASSERT(!FreeEntry->Process);
416 ASSERT(!FreeEntry->HandleCount);
417 }
418
419 /* Fill out the entry */
420 FreeEntry->Process = Process;
421 FreeEntry->HandleCount = 1;
422 *NewProcessHandleCount = 1;
423 }
424
425 /* Return success if we got here */
426 return STATUS_SUCCESS;
427}
428
430NTAPI
434{
435 POBJECT_HEADER_QUOTA_INFO ObjectQuota;
436 ULONG PagedPoolCharge, NonPagedPoolCharge;
437
438 /* Get quota information */
439 ObjectQuota = OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader);
440 *NewObject = FALSE;
441
442 /* Check if this is a new object */
443 if (ObjectHeader->Flags & OB_FLAG_CREATE_INFO)
444 {
445 /* Remove the flag */
446 ObjectHeader->Flags &= ~ OB_FLAG_CREATE_INFO;
447 if (ObjectQuota)
448 {
449 /* We have a quota, get the charges */
450 PagedPoolCharge = ObjectQuota->PagedPoolCharge +
451 ObjectQuota->SecurityDescriptorCharge;
452 NonPagedPoolCharge = ObjectQuota->NonPagedPoolCharge;
453 }
454 else
455 {
456 /* Get it from the object type */
457 PagedPoolCharge = ObjectType->TypeInfo.DefaultPagedPoolCharge;
458 NonPagedPoolCharge = ObjectType->TypeInfo.DefaultNonPagedPoolCharge;
459 }
460
461 /* Is this the system process? */
463 {
464 /* It is, don't do anything */
465 ObjectHeader->QuotaBlockCharged = OBP_SYSTEM_PROCESS_QUOTA;
466 }
467 else
468 {
469 /* Charge the quota */
470 ObjectHeader->QuotaBlockCharged = PsChargeSharedPoolQuota(PsGetCurrentProcess(),
471 PagedPoolCharge,
472 NonPagedPoolCharge);
473 }
474
475 /* Check if we don't have a quota block */
476 if (!ObjectHeader->QuotaBlockCharged) return STATUS_QUOTA_EXCEEDED;
477
478 /* Now set the flag */
479 *NewObject = TRUE;
480 }
481
482 /* Return success */
483 return STATUS_SUCCESS;
484}
485
487NTAPI
489{
491
492 /* We're only interested if the object for this access state has an SD */
493 SecurityDescriptor = AccessState->SecurityDescriptor;
495 {
496 /* Check if the SD has a system ACL but hasn't been granted access to get/set it */
497 if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
498 !(AccessState->PreviouslyGrantedAccess & ACCESS_SYSTEM_SECURITY))
499 {
500 /* We're gonna need access */
501 AccessState->RemainingDesiredAccess |= ACCESS_SYSTEM_SECURITY;
502 }
503 }
504
505 /* This can't fail */
506 return STATUS_SUCCESS;
507}
508
509/*++
510* @name ObpDecrementHandleCount
511*
512* The ObpDecrementHandleCount routine <FILLMEIN>
513*
514* @param ObjectBody
515* <FILLMEIN>.
516*
517* @param Process
518* <FILLMEIN>.
519*
520* @param GrantedAccess
521* <FILLMEIN>.
522*
523* @return None.
524*
525* @remarks None.
526*
527*--*/
528VOID
529NTAPI
534{
535 POBJECT_HEADER ObjectHeader;
536 LONG SystemHandleCount, ProcessHandleCount;
537 LONG NewCount;
538 KIRQL CalloutIrql;
540 POBJECT_HANDLE_COUNT_ENTRY HandleEntry;
541 POBJECT_HANDLE_COUNT_DATABASE HandleDatabase;
542 ULONG i;
543 PAGED_CODE();
544
545 /* Get the object type and header */
546 ObjectHeader = OBJECT_TO_OBJECT_HEADER(ObjectBody);
548 "%s - Decrementing count for: %p. HC PC %lx %lx\n",
550 ObjectBody,
551 ObjectHeader->HandleCount,
552 ObjectHeader->PointerCount);
553
554 /* Lock the object */
555 ObpAcquireObjectLock(ObjectHeader);
556
557 /* Set default counts */
558 SystemHandleCount = ObjectHeader->HandleCount;
560
561 /* Decrement the handle count */
562 NewCount = InterlockedDecrementSizeT(&ObjectHeader->HandleCount);
563
564 /* Check if we're out of handles and this was an exclusive object */
565 if (!(NewCount) && (ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
566 {
567 /* Clear the exclusive flag */
568 OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = NULL;
569 }
570
571 /* Is the object type keeping track of handles? */
572 if (ObjectType->TypeInfo.MaintainHandleCount)
573 {
574 /* Get handle information */
575 HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader);
576
577 /* Check if there's only a single entry */
578 if (ObjectHeader->Flags & OB_FLAG_SINGLE_PROCESS)
579 {
580 /* It should be us */
581 ASSERT(HandleInfo->SingleEntry.Process == Process);
582 ASSERT(HandleInfo->SingleEntry.HandleCount > 0);
583
584 /* Get the handle counts */
586 HandleEntry = &HandleInfo->SingleEntry;
587 }
588 else
589 {
590 /* Otherwise, get the database */
591 HandleDatabase = HandleInfo->HandleCountDatabase;
592 if (HandleDatabase)
593 {
594 /* Get the entries and loop them */
595 i = HandleDatabase->CountEntries;
596 HandleEntry = &HandleDatabase->HandleCountEntries[0];
597 while (i)
598 {
599 /* Check if this is a match */
600 if ((HandleEntry->HandleCount) &&
601 (HandleEntry->Process == Process))
602 {
603 /* Found it, get the process handle count */
604 ProcessHandleCount = HandleEntry->HandleCount--;
605 break;
606 }
607
608 /* Keep looping */
609 HandleEntry++;
610 i--;
611 }
612 }
613 else
614 {
615 /* No database, so no entry */
616 HandleEntry = NULL;
617 }
618 }
619
620 /* Check if this is the last handle */
621 if (ProcessHandleCount == 1)
622 {
623 /* Then clear the entry */
624 HandleEntry->Process = NULL;
625 HandleEntry->HandleCount = 0;
626 }
627 }
628
629 /* Release the lock */
630 ObpReleaseObjectLock(ObjectHeader);
631
632 /* Check if we have a close procedure */
633 if (ObjectType->TypeInfo.CloseProcedure)
634 {
635 /* Call it */
636 ObpCalloutStart(&CalloutIrql);
637 ObjectType->TypeInfo.CloseProcedure(Process,
638 ObjectBody,
641 SystemHandleCount);
642 ObpCalloutEnd(CalloutIrql, "Close", ObjectType, ObjectBody);
643 }
644
645 /* Check if we should delete the object */
646 ObpDeleteNameCheck(ObjectBody);
647
648 /* Decrease the total number of handles for this type */
649 InterlockedDecrement((PLONG)&ObjectType->TotalNumberOfHandles);
651 "%s - Decremented count for: %p. HC PC %lx %lx\n",
653 ObjectBody,
654 ObjectHeader->HandleCount,
655 ObjectHeader->PointerCount);
656}
657
658/*++
659* @name ObpCloseHandleTableEntry
660*
661* The ObpCloseHandleTableEntry routine <FILLMEIN>
662*
663* @param HandleTable
664* <FILLMEIN>.
665*
666* @param HandleEntry
667* <FILLMEIN>.
668*
669* @param Handle
670* <FILLMEIN>.
671*
672* @param AccessMode
673* <FILLMEIN>.
674*
675* @param IgnoreHandleProtection
676* <FILLMEIN>.
677*
678* @return <FILLMEIN>.
679*
680* @remarks None.
681*
682*--*/
684NTAPI
686 IN PHANDLE_TABLE_ENTRY HandleEntry,
689 IN BOOLEAN IgnoreHandleProtection)
690{
691 PVOID Body;
693 POBJECT_HEADER ObjectHeader;
695 KIRQL CalloutIrql;
696 PAGED_CODE();
697
698 /* Get the object data */
699 ObjectHeader = ObpGetHandleObject(HandleEntry);
700 ObjectType = ObjectHeader->Type;
701 Body = &ObjectHeader->Body;
702 GrantedAccess = HandleEntry->GrantedAccess;
704 "%s - Closing handle: %p for %p. HC PC %lx %lx\n",
706 Handle,
707 Body,
708 ObjectHeader->HandleCount,
709 ObjectHeader->PointerCount);
710
711 /* Check if the object has an Okay To Close procedure */
712 if (ObjectType->TypeInfo.OkayToCloseProcedure)
713 {
714 /* Call it and check if it's not letting us close it */
715 ObpCalloutStart(&CalloutIrql);
716 if (!ObjectType->TypeInfo.OkayToCloseProcedure(PsGetCurrentProcess(),
717 Body,
718 Handle,
719 AccessMode))
720 {
721 /* Fail */
722 ObpCalloutEnd(CalloutIrql, "NtClose", ObjectType, Body);
725 }
726
727 /* Success, validate callout retrn */
728 ObpCalloutEnd(CalloutIrql, "NtClose", ObjectType, Body);
729 }
730
731 /* The callback allowed us to close it, but does the handle itself? */
732 if ((HandleEntry->GrantedAccess & ObpAccessProtectCloseBit) &&
733 !(IgnoreHandleProtection))
734 {
735 /* It doesn't, are we from user mode? */
736 if (AccessMode != KernelMode)
737 {
738 /* We are! Unlock the entry */
740
741 /* Make sure we have a debug port */
742 if (PsGetCurrentProcess()->DebugPort)
743 {
744 /* Raise an exception */
746 }
747 else
748 {
749 /* Return the error instead */
751 }
752 }
753 else
754 {
755 /* Otherwise, bugcheck the OS */
756 KeBugCheckEx(INVALID_KERNEL_HANDLE, (ULONG_PTR)Handle, 0, 0, 0);
757 }
758 }
759
760 /* Destroy and unlock the handle entry */
761 ExDestroyHandle(HandleTable, Handle, HandleEntry);
762
763 /* Now decrement the handle count */
767 ObjectType);
768
769 /* Dereference the object as well */
771
772 /* Return to caller */
774 "%s - Closed handle: %p for %p.\n",
776 Handle,
777 Body);
778 return STATUS_SUCCESS;
779}
780
781/*++
782* @name ObpIncrementHandleCount
783*
784* The ObpIncrementHandleCount routine <FILLMEIN>
785*
786* @param Object
787* <FILLMEIN>.
788*
789* @param AccessState
790* <FILLMEIN>.
791*
792* @param AccessMode
793* <FILLMEIN>.
794*
795* @param HandleAttributes
796* <FILLMEIN>.
797*
798* @param Process
799* <FILLMEIN>.
800*
801* @param OpenReason
802* <FILLMEIN>.
803*
804* @return <FILLMEIN>.
805*
806* @remarks None.
807*
808*--*/
810NTAPI
816 IN OB_OPEN_REASON OpenReason)
817{
818 POBJECT_HEADER ObjectHeader;
822 PEPROCESS ExclusiveProcess;
824 POBJECT_HEADER_CREATOR_INFO CreatorInfo;
825 KIRQL CalloutIrql;
827 ULONG Total;
829 PAGED_CODE();
830
831 /* Get the object header and type */
832 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
833 ObjectType = ObjectHeader->Type;
835 "%s - Incrementing count for: %p. Reason: %lx. HC PC %lx %lx\n",
837 Object,
838 OpenReason,
839 ObjectHeader->HandleCount,
840 ObjectHeader->PointerCount);
841
842 /* Check if caller is forcing user mode */
844 {
845 /* Force it */
847 }
848 else
849 {
850 /* Keep original setting */
852 }
853
854 /* Lock the object */
855 ObpAcquireObjectLock(ObjectHeader);
856
857 /* Charge quota and remove the creator info flag */
859 if (!NT_SUCCESS(Status)) return Status;
860
861 /* Check if the open is exclusive */
863 {
864 /* Check if the object allows this, or if the inherit flag was given */
866 !(ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
867 {
868 /* Incorrect attempt */
870 goto Quickie;
871 }
872
873 /* Check if we have access to it */
874 ExclusiveProcess = OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader);
875 if ((!(ExclusiveProcess) && (ObjectHeader->HandleCount)) ||
876 ((ExclusiveProcess) && (ExclusiveProcess != PsGetCurrentProcess())))
877 {
878 /* This isn't the right process */
880 goto Quickie;
881 }
882
883 /* Now you got exclusive access */
884 Exclusive = TRUE;
885 }
886 else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE) &&
888 {
889 /* Caller didn't want exclusive access, but the object is exclusive */
891 goto Quickie;
892 }
893
894 /* Check for exclusive kernel object */
895 NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
896 if ((NameInfo) && (NameInfo->QueryReferences & OB_FLAG_KERNEL_EXCLUSIVE) &&
898 {
899 /* Caller is not kernel, but the object is kernel exclusive */
901 goto Quickie;
902 }
903
904 /*
905 * Check if this is an object that went from 0 handles back to existence,
906 * but doesn't have an open procedure, only a close procedure. This means
907 * that it will never realize that the object is back alive, so we must
908 * fail the request.
909 */
910 if (!(ObjectHeader->HandleCount) &&
911 !(NewObject) &&
912 (ObjectType->TypeInfo.MaintainHandleCount) &&
913 !(ObjectType->TypeInfo.OpenProcedure) &&
914 (ObjectType->TypeInfo.CloseProcedure))
915 {
916 /* Fail */
918 goto Quickie;
919 }
920
921 /* Check if we're opening an existing handle */
922 if ((OpenReason == ObOpenHandle) ||
923 ((OpenReason == ObDuplicateHandle) && (AccessState)))
924 {
925 /* Validate the caller's access to this object */
928 TRUE,
929 ProbeMode,
930 &Status))
931 {
932 /* Access was denied, so fail */
933 goto Quickie;
934 }
935 }
936 else if (OpenReason == ObCreateHandle)
937 {
938 /* Convert MAXIMUM_ALLOWED to GENERIC_ALL */
939 if (AccessState->RemainingDesiredAccess & MAXIMUM_ALLOWED)
940 {
941 /* Mask out MAXIMUM_ALLOWED and stick GENERIC_ALL instead */
942 AccessState->RemainingDesiredAccess &= ~MAXIMUM_ALLOWED;
943 AccessState->RemainingDesiredAccess |= GENERIC_ALL;
944 }
945
946 /* Check if we have to map the GENERIC mask */
947 if (AccessState->RemainingDesiredAccess & GENERIC_ACCESS)
948 {
949 /* Map it to the correct access masks */
950 RtlMapGenericMask(&AccessState->RemainingDesiredAccess,
951 &ObjectType->TypeInfo.GenericMapping);
952 }
953
954 /* Check if the caller is trying to access system security */
955 if (AccessState->RemainingDesiredAccess & ACCESS_SYSTEM_SECURITY)
956 {
957 /* FIXME: TODO */
958 DPRINT1("ACCESS_SYSTEM_SECURITY not validated!\n");
959 }
960 }
961
962 /* Check if this is an exclusive handle */
963 if (Exclusive)
964 {
965 /* Save the owner process */
966 OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process;
967 }
968
969 /* Increase the handle count */
972
973 /* Check if we have a handle database */
974 if (ObjectType->TypeInfo.MaintainHandleCount)
975 {
976 /* Increment the handle database */
977 Status = ObpIncrementHandleDataBase(ObjectHeader,
978 Process,
980 if (!NT_SUCCESS(Status))
981 {
982 /* FIXME: This should never happen for now */
983 DPRINT1("Unhandled case\n");
984 ASSERT(FALSE);
985 goto Quickie;
986 }
987 }
988
989 /* Release the lock */
990 ObpReleaseObjectLock(ObjectHeader);
991
992 /* Check if we have an open procedure */
994 if (ObjectType->TypeInfo.OpenProcedure)
995 {
996 /* Call it */
997 ObpCalloutStart(&CalloutIrql);
998 Status = ObjectType->TypeInfo.OpenProcedure(OpenReason,
999 Process,
1000 Object,
1001 AccessState ?
1002 AccessState->
1004 0,
1006 ObpCalloutEnd(CalloutIrql, "Open", ObjectType, Object);
1007
1008 /* Check if the open procedure failed */
1009 if (!NT_SUCCESS(Status))
1010 {
1011 /* FIXME: This should never happen for now */
1012 DPRINT1("Unhandled case\n");
1013 ASSERT(FALSE);
1014 return Status;
1015 }
1016 }
1017
1018 /* Check if this is a create operation */
1019 if (OpenReason == ObCreateHandle)
1020 {
1021 /* Check if we have creator info */
1022 CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(ObjectHeader);
1023 if (CreatorInfo)
1024 {
1025 /* We do, acquire the lock */
1027
1028 /* Insert us on the list */
1029 InsertTailList(&ObjectType->TypeList, &CreatorInfo->TypeList);
1030
1031 /* Release the lock */
1033 }
1034 }
1035
1036 /* Increase total number of handles */
1037 Total = InterlockedIncrement((PLONG)&ObjectType->TotalNumberOfHandles);
1038 if (Total > ObjectType->HighWaterNumberOfHandles)
1039 {
1040 /* Fixup count */
1041 ObjectType->HighWaterNumberOfHandles = Total;
1042 }
1043
1044 /* Trace call and return */
1046 "%s - Incremented count for: %p. Reason: %lx HC PC %lx %lx\n",
1048 Object,
1049 OpenReason,
1050 ObjectHeader->HandleCount,
1051 ObjectHeader->PointerCount);
1052 return Status;
1053
1054Quickie:
1055 /* Release lock and return */
1056 ObpReleaseObjectLock(ObjectHeader);
1057 return Status;
1058}
1059
1060/*++
1061* @name ObpIncrementUnnamedHandleCount
1062*
1063* The ObpIncrementUnnamedHandleCount routine <FILLMEIN>
1064*
1065* @param Object
1066* <FILLMEIN>.
1067*
1068* @param AccessState
1069* <FILLMEIN>.
1070*
1071* @param AccessMode
1072* <FILLMEIN>.
1073*
1074* @param HandleAttributes
1075* <FILLMEIN>.
1076*
1077* @param Process
1078* <FILLMEIN>.
1079*
1080* @param OpenReason
1081* <FILLMEIN>.
1082*
1083* @return <FILLMEIN>.
1084*
1085* @remarks None.
1086*
1087*--*/
1089NTAPI
1095{
1096 POBJECT_HEADER ObjectHeader;
1100 PEPROCESS ExclusiveProcess;
1102 POBJECT_HEADER_CREATOR_INFO CreatorInfo;
1103 KIRQL CalloutIrql;
1104 ULONG Total;
1105
1106 /* Get the object header and type */
1107 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1108 ObjectType = ObjectHeader->Type;
1110 "%s - Incrementing count for: %p. UNNAMED. HC PC %lx %lx\n",
1112 Object,
1113 ObjectHeader->HandleCount,
1114 ObjectHeader->PointerCount);
1115
1116 /* Lock the object */
1117 ObpAcquireObjectLock(ObjectHeader);
1118
1119 /* Charge quota and remove the creator info flag */
1121 if (!NT_SUCCESS(Status)) return Status;
1122
1123 /* Check if the open is exclusive */
1125 {
1126 /* Check if the object allows this, or if the inherit flag was given */
1127 if ((HandleAttributes & OBJ_INHERIT) ||
1128 !(ObjectHeader->Flags & OB_FLAG_EXCLUSIVE))
1129 {
1130 /* Incorrect attempt */
1132 goto Quickie;
1133 }
1134
1135 /* Check if we have access to it */
1136 ExclusiveProcess = OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader);
1137 if ((!(ExclusiveProcess) && (ObjectHeader->HandleCount)) ||
1138 ((ExclusiveProcess) && (ExclusiveProcess != PsGetCurrentProcess())))
1139 {
1140 /* This isn't the right process */
1142 goto Quickie;
1143 }
1144
1145 /* Now you got exclusive access */
1146 Exclusive = TRUE;
1147 }
1148 else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE) &&
1149 (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader)))
1150 {
1151 /* Caller didn't want exclusive access, but the object is exclusive */
1153 goto Quickie;
1154 }
1155
1156 /*
1157 * Check if this is an object that went from 0 handles back to existence,
1158 * but doesn't have an open procedure, only a close procedure. This means
1159 * that it will never realize that the object is back alive, so we must
1160 * fail the request.
1161 */
1162 if (!(ObjectHeader->HandleCount) &&
1163 !(NewObject) &&
1164 (ObjectType->TypeInfo.MaintainHandleCount) &&
1165 !(ObjectType->TypeInfo.OpenProcedure) &&
1166 (ObjectType->TypeInfo.CloseProcedure))
1167 {
1168 /* Fail */
1170 goto Quickie;
1171 }
1172
1173 /* Convert MAXIMUM_ALLOWED to GENERIC_ALL */
1175 {
1176 /* Mask out MAXIMUM_ALLOWED and stick GENERIC_ALL instead */
1177 *DesiredAccess &= ~MAXIMUM_ALLOWED;
1179 }
1180
1181 /* Check if we have to map the GENERIC mask */
1183 {
1184 /* Map it to the correct access masks */
1186 &ObjectType->TypeInfo.GenericMapping);
1187 }
1188
1189 /* Check if this is an exclusive handle */
1190 if (Exclusive)
1191 {
1192 /* Save the owner process */
1193 OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process;
1194 }
1195
1196 /* Increase the handle count */
1197 InterlockedIncrementSizeT(&ObjectHeader->HandleCount);
1199
1200 /* Check if we have a handle database */
1201 if (ObjectType->TypeInfo.MaintainHandleCount)
1202 {
1203 /* Increment the handle database */
1204 Status = ObpIncrementHandleDataBase(ObjectHeader,
1205 Process,
1207 if (!NT_SUCCESS(Status))
1208 {
1209 /* FIXME: This should never happen for now */
1210 DPRINT1("Unhandled case\n");
1211 ASSERT(FALSE);
1212 goto Quickie;
1213 }
1214 }
1215
1216 /* Release the lock */
1217 ObpReleaseObjectLock(ObjectHeader);
1218
1219 /* Check if we have an open procedure */
1221 if (ObjectType->TypeInfo.OpenProcedure)
1222 {
1223 /* Call it */
1224 ObpCalloutStart(&CalloutIrql);
1225 Status = ObjectType->TypeInfo.OpenProcedure(ObCreateHandle,
1226 Process,
1227 Object,
1230 ObpCalloutEnd(CalloutIrql, "Open", ObjectType, Object);
1231
1232 /* Check if the open procedure failed */
1233 if (!NT_SUCCESS(Status))
1234 {
1235 /* FIXME: This should never happen for now */
1236 DPRINT1("Unhandled case\n");
1237 ASSERT(FALSE);
1238 return Status;
1239 }
1240 }
1241
1242 /* Check if we have creator info */
1243 CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO(ObjectHeader);
1244 if (CreatorInfo)
1245 {
1246 /* We do, acquire the lock */
1248
1249 /* Insert us on the list */
1250 InsertTailList(&ObjectType->TypeList, &CreatorInfo->TypeList);
1251
1252 /* Release the lock */
1254 }
1255
1256 /* Increase total number of handles */
1257 Total = InterlockedIncrement((PLONG)&ObjectType->TotalNumberOfHandles);
1258 if (Total > ObjectType->HighWaterNumberOfHandles)
1259 {
1260 /* Fixup count */
1261 ObjectType->HighWaterNumberOfHandles = Total;
1262 }
1263
1264 /* Trace call and return */
1266 "%s - Incremented count for: %p. UNNAMED HC PC %lx %lx\n",
1268 Object,
1269 ObjectHeader->HandleCount,
1270 ObjectHeader->PointerCount);
1271 return Status;
1272
1273Quickie:
1274 /* Release lock and return */
1275 ObpReleaseObjectLock(ObjectHeader);
1276 return Status;
1277}
1278
1279/*++
1280* @name ObpCreateUnnamedHandle
1281*
1282* The ObpCreateUnnamedHandle routine <FILLMEIN>
1283*
1284* @param Object
1285* <FILLMEIN>.
1286*
1287* @param DesiredAccess
1288* <FILLMEIN>.
1289*
1290* @param AdditionalReferences
1291* <FILLMEIN>.
1292*
1293* @param HandleAttributes
1294* <FILLMEIN>.
1295*
1296* @param AccessMode
1297* <FILLMEIN>.
1298*
1299* @param ReturnedObject
1300* <FILLMEIN>.
1301*
1302* @param ReturnedHandle
1303* <FILLMEIN>.
1304*
1305* @return <FILLMEIN>.
1306*
1307* @remarks None.
1308*
1309*--*/
1311NTAPI
1314 IN ULONG AdditionalReferences,
1317 OUT PVOID *ReturnedObject,
1318 OUT PHANDLE ReturnedHandle)
1319{
1320 HANDLE_TABLE_ENTRY NewEntry;
1321 POBJECT_HEADER ObjectHeader;
1322 HANDLE Handle;
1324 BOOLEAN AttachedToProcess = FALSE, KernelHandle = FALSE;
1329 PAGED_CODE();
1330
1331 /* Get the object header and type */
1332 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1333 ObjectType = ObjectHeader->Type;
1335 "%s - Creating handle for: %p. UNNAMED. HC PC %lx %lx\n",
1337 Object,
1338 ObjectHeader->HandleCount,
1339 ObjectHeader->PointerCount);
1340
1341 /* Save the object header */
1342 NewEntry.Object = ObjectHeader;
1343
1344 /* Mask out the internal attributes */
1346
1347 /* Check if this is a kernel handle */
1349 {
1350 /* Set the handle table */
1353
1354 /* Check if we're not in the system process */
1356 {
1357 /* Attach to the system process */
1359 AttachedToProcess = TRUE;
1360 }
1361 }
1362 else
1363 {
1364 /* Get the current handle table */
1365 HandleTable = PsGetCurrentProcess()->ObjectTable;
1366 }
1367
1368 /* Increment the handle count */
1371 AccessMode,
1374 if (!NT_SUCCESS(Status))
1375 {
1376 /*
1377 * We failed (meaning security failure, according to NT Internals)
1378 * detach and return
1379 */
1380 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1381 return Status;
1382 }
1383
1384 /* Remove what's not in the valid access mask */
1385 GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
1387
1388 /* Handle extra references */
1389 if (AdditionalReferences)
1390 {
1391 /* Add them to the header */
1393 AdditionalReferences);
1394 }
1395
1396 /* Save the access mask */
1397 NewEntry.GrantedAccess = GrantedAccess;
1398
1399 /*
1400 * Create the actual handle. We'll need to do this *after* calling
1401 * ObpIncrementHandleCount to make sure that Object Security is valid
1402 * (specified in Gl00my documentation on Ob)
1403 */
1405 "%s - Handle Properties: [%p-%lx-%lx]\n",
1407 NewEntry.Object, NewEntry.ObAttributes & 3, NewEntry.GrantedAccess);
1408 Handle = ExCreateHandle(HandleTable, &NewEntry);
1409
1410 /* Make sure we got a handle */
1411 if (Handle)
1412 {
1413 /* Check if this was a kernel handle */
1415
1416 /* Return handle and object */
1417 *ReturnedHandle = Handle;
1418
1419 /* Return the new object only if caller wanted it biased */
1420 if ((AdditionalReferences) && (ReturnedObject))
1421 {
1422 /* Return it */
1423 *ReturnedObject = Object;
1424 }
1425
1426 /* Detach if needed */
1427 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1428
1429 /* Trace and return */
1431 "%s - Returning Handle: %p HC PC %lx %lx\n",
1433 Handle,
1434 ObjectHeader->HandleCount,
1435 ObjectHeader->PointerCount);
1436 return STATUS_SUCCESS;
1437 }
1438
1439 /* Handle extra references */
1440 if (AdditionalReferences)
1441 {
1442 /* Dereference it as many times as required */
1444 -(LONG)AdditionalReferences);
1445 }
1446
1447 /* Decrement the handle count and detach */
1448 ObpDecrementHandleCount(&ObjectHeader->Body,
1451 ObjectType);
1452
1453 /* Detach and fail */
1454 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1456}
1457
1458/*++
1459* @name ObpCreateHandle
1460*
1461* The ObpCreateHandle routine <FILLMEIN>
1462*
1463* @param OpenReason
1464* <FILLMEIN>.
1465*
1466* @param Object
1467* <FILLMEIN>.
1468*
1469* @param Type
1470* <FILLMEIN>.
1471*
1472* @param AccessState
1473* <FILLMEIN>.
1474*
1475* @param AdditionalReferences
1476* <FILLMEIN>.
1477*
1478* @param HandleAttributes
1479* <FILLMEIN>.
1480*
1481* @param AccessMode
1482* <FILLMEIN>.
1483*
1484* @param ReturnedObject
1485* <FILLMEIN>.
1486*
1487* @param ReturnedHandle
1488* <FILLMEIN>.
1489*
1490* @return <FILLMEIN>.
1491*
1492* @remarks Cleans up the Lookup Context on return.
1493*
1494*--*/
1496NTAPI
1498 IN PVOID Object,
1501 IN ULONG AdditionalReferences,
1505 OUT PVOID *ReturnedObject,
1506 OUT PHANDLE ReturnedHandle)
1507{
1508 HANDLE_TABLE_ENTRY NewEntry;
1509 POBJECT_HEADER ObjectHeader;
1510 HANDLE Handle;
1512 BOOLEAN AttachedToProcess = FALSE, KernelHandle = FALSE;
1517 PAUX_ACCESS_DATA AuxData;
1518 PAGED_CODE();
1519
1520 /* Get the object header and type */
1521 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
1522 ObjectType = ObjectHeader->Type;
1524 "%s - Creating handle for: %p. Reason: %lx. HC PC %lx %lx\n",
1526 Object,
1527 OpenReason,
1528 ObjectHeader->HandleCount,
1529 ObjectHeader->PointerCount);
1530
1531 /* Check if the types match */
1532 if ((Type) && (ObjectType != Type))
1533 {
1534 /* They don't, cleanup */
1537 }
1538
1539 /* Save the object header */
1540 NewEntry.Object = ObjectHeader;
1541
1542 /* Check if this is a kernel handle */
1544 {
1545 /* Set the handle table */
1548
1549 /* Check if we're not in the system process */
1551 {
1552 /* Attach to the system process */
1554 AttachedToProcess = TRUE;
1555 }
1556 }
1557 else
1558 {
1559 /* Get the current handle table */
1560 HandleTable = PsGetCurrentProcess()->ObjectTable;
1561 }
1562
1563 /* Increment the handle count */
1566 AccessMode,
1569 OpenReason);
1570 if (!NT_SUCCESS(Status))
1571 {
1572 /*
1573 * We failed (meaning security failure, according to NT Internals)
1574 * detach and return
1575 */
1577 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1578 return Status;
1579 }
1580
1581 /* Check if we are doing audits on close */
1582 if (AccessState->GenerateOnClose)
1583 {
1584 /* Force the attribute on */
1586 }
1587
1588 /* Mask out the internal attributes */
1590
1591 /* Get the original desired access */
1592 DesiredAccess = AccessState->RemainingDesiredAccess |
1593 AccessState->PreviouslyGrantedAccess;
1594
1595 /* Remove what's not in the valid access mask */
1596 GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
1598
1599 /* Update the value in the access state */
1600 AccessState->PreviouslyGrantedAccess = GrantedAccess;
1601
1602 /* Get the auxiliary data */
1603 AuxData = AccessState->AuxData;
1604
1605 /* Handle extra references */
1606 if (AdditionalReferences)
1607 {
1608 /* Add them to the header */
1610 AdditionalReferences);
1611 }
1612
1613 /* Now we can release the object */
1615
1616 /* Save the access mask */
1617 NewEntry.GrantedAccess = GrantedAccess;
1618
1619 /*
1620 * Create the actual handle. We'll need to do this *after* calling
1621 * ObpIncrementHandleCount to make sure that Object Security is valid
1622 * (specified in Gl00my documentation on Ob)
1623 */
1625 "%s - Handle Properties: [%p-%lx-%lx]\n",
1627 NewEntry.Object, NewEntry.ObAttributes & 3, NewEntry.GrantedAccess);
1628 Handle = ExCreateHandle(HandleTable, &NewEntry);
1629
1630 /* Make sure we got a handle */
1631 if (Handle)
1632 {
1633 /* Check if this was a kernel handle */
1635
1636 /* Return it */
1637 *ReturnedHandle = Handle;
1638
1639 /* Check if we need to generate on audit */
1640 if (AccessState->GenerateAudit)
1641 {
1642 /* Audit the handle creation */
1643 //SeAuditHandleCreation(AccessState, Handle);
1644 }
1645
1646 /* Check if this was a create */
1647 if (OpenReason == ObCreateHandle)
1648 {
1649 /* Check if we need to audit the privileges */
1650 if ((AuxData->PrivilegesUsed) &&
1651 (AuxData->PrivilegesUsed->PrivilegeCount))
1652 {
1653 /* Do the audit */
1654#if 0
1656 &AccessState->
1659 AuxData->PrivilegesUsed,
1660 TRUE,
1662#endif
1663 }
1664 }
1665
1666 /* Return the new object only if caller wanted it biased */
1667 if ((AdditionalReferences) && (ReturnedObject))
1668 {
1669 /* Return it */
1670 *ReturnedObject = Object;
1671 }
1672
1673 /* Detach if needed */
1674 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1675
1676 /* Trace and return */
1678 "%s - Returning Handle: %p HC PC %lx %lx\n",
1680 Handle,
1681 ObjectHeader->HandleCount,
1682 ObjectHeader->PointerCount);
1683 return STATUS_SUCCESS;
1684 }
1685
1686 /* Decrement the handle count and detach */
1687 ObpDecrementHandleCount(&ObjectHeader->Body,
1690 ObjectType);
1691
1692 /* Handle extra references */
1693 if (AdditionalReferences)
1694 {
1695 /* Check how many extra references were added */
1696 if (AdditionalReferences > 1)
1697 {
1698 /* Dereference it many times */
1700 -(LONG)(AdditionalReferences - 1));
1701 }
1702
1703 /* Dereference the object one last time */
1705 }
1706
1707 /* Detach if necessary and fail */
1708 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1710}
1711
1712/*++
1713* @name ObpCloseHandle
1714*
1715* The ObpCloseHandle routine <FILLMEIN>
1716*
1717* @param Handle
1718* <FILLMEIN>.
1719*
1720* @param AccessMode
1721* <FILLMEIN>.
1722*
1723* @return <FILLMEIN>.
1724*
1725* @remarks None.
1726*
1727*--*/
1729NTAPI
1732{
1734 BOOLEAN AttachedToProcess = FALSE;
1736 PHANDLE_TABLE_ENTRY HandleTableEntry;
1739 PAGED_CODE();
1741 "%s - Closing handle: %p\n", __FUNCTION__, Handle);
1742
1743 if (AccessMode == KernelMode && Handle == (HANDLE)-1)
1744 return STATUS_INVALID_HANDLE;
1745
1746 /* Check if we're dealing with a kernel handle */
1748 {
1749 /* Use the kernel table and convert the handle */
1752
1753 /* Check if we're not in the system process */
1755 {
1756 /* Attach to the system process */
1758 AttachedToProcess = TRUE;
1759 }
1760 }
1761 else
1762 {
1763 /* Use the process's handle table */
1764 HandleTable = Process->ObjectTable;
1765 }
1766
1767 /* Enter a critical region to protect handle access */
1769
1770 /* Get the handle entry */
1771 HandleTableEntry = ExMapHandleToPointer(HandleTable, Handle);
1772 if (HandleTableEntry)
1773 {
1774 /* Now close the entry */
1776 HandleTableEntry,
1777 Handle,
1778 AccessMode,
1779 FALSE);
1780
1781 /* We can quit the critical region now */
1783
1784 /* Detach and return success */
1785 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1786 }
1787 else
1788 {
1789 /* We failed, quit the critical region */
1791
1792 /* Detach */
1793 if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
1794
1795 /* Check if we have a valid handle that's not the process or thread */
1796 if ((Handle) &&
1797 (Handle != NtCurrentProcess()) &&
1798 (Handle != NtCurrentThread()))
1799 {
1800 /* Check if we came from user mode */
1801 if (AccessMode != KernelMode)
1802 {
1803 /* Check if we have no debug port */
1804 if (Process->DebugPort)
1805 {
1806 /* Make sure we're not attached */
1807 if (!KeIsAttachedProcess())
1808 {
1809 /* Raise an exception */
1811 }
1812 }
1813 }
1814 else
1815 {
1816 /* This is kernel mode. Check if we're exiting */
1818 (Process->Peb))
1819 {
1820 /* Check if the debugger is enabled */
1822 {
1823 /* Bugcheck */
1824 KeBugCheckEx(INVALID_KERNEL_HANDLE, (ULONG_PTR)Handle, 1, 0, 0);
1825 }
1826 }
1827 }
1828 }
1829
1830 /* Set invalid status */
1832 }
1833
1834 /* Return status */
1836 "%s - Closed handle: %p S: %lx\n",
1838 return Status;
1839}
1840
1870static BOOLEAN
1871NTAPI
1873 _Inout_ PHANDLE_TABLE_ENTRY HandleTableEntry,
1875{
1877
1878 /* Define the handle inheritance, using the OBJ_INHERIT attribute */
1879 if (SetHandleInfo->Information.Inherit)
1880 {
1881 /* If inheritance is not supported for this object,
1882 * fail without changing anything */
1883 POBJECT_HEADER ObjectHeader = ObpGetHandleObject(HandleTableEntry);
1884 if (ObjectHeader->Type->TypeInfo.InvalidAttributes & OBJ_INHERIT)
1885 return FALSE;
1886
1887 HandleTableEntry->ObAttributes |= OBJ_INHERIT;
1888 }
1889 else
1890 {
1891 HandleTableEntry->ObAttributes &= ~OBJ_INHERIT;
1892 }
1893
1894 /* Define the handle protection, using the protect-from-close bit */
1895 if (SetHandleInfo->Information.ProtectFromClose)
1896 HandleTableEntry->GrantedAccess |= ObpAccessProtectCloseBit;
1897 else
1898 HandleTableEntry->GrantedAccess &= ~ObpAccessProtectCloseBit;
1899
1900 return TRUE;
1901}
1902
1903/*++
1904* @name ObpCloseHandleCallback
1905*
1906* The ObpCloseHandleCallback routine <FILLMEIN>
1907*
1908* @param HandleTable
1909* <FILLMEIN>.
1910*
1911* @param Object
1912* <FILLMEIN>.
1913*
1914* @param GrantedAccess
1915* <FILLMEIN>.
1916*
1917* @param Context
1918* <FILLMEIN>.
1919*
1920* @return <FILLMEIN>.
1921*
1922* @remarks None.
1923*
1924*--*/
1925BOOLEAN
1926NTAPI
1930{
1932
1933 /* Simply decrement the handle count */
1935 HandleTableEntry,
1936 Handle,
1937 CloseContext->AccessMode,
1938 TRUE);
1939 return TRUE;
1940}
1941
1942/*++
1943* @name ObpDuplicateHandleCallback
1944*
1945* The ObpDuplicateHandleCallback routine <FILLMEIN>
1946*
1947* @param HandleTable
1948* <FILLMEIN>.
1949*
1950* @param HandleTableEntry
1951* <FILLMEIN>.
1952*
1953* @param Context
1954* <FILLMEIN>.
1955*
1956* @return <FILLMEIN>.
1957*
1958* @remarks None.
1959*
1960*--*/
1961BOOLEAN
1962NTAPI
1965 IN PHANDLE_TABLE_ENTRY OldEntry,
1966 IN PHANDLE_TABLE_ENTRY HandleTableEntry)
1967{
1968 POBJECT_HEADER ObjectHeader;
1969 BOOLEAN Ret = FALSE;
1972 PAGED_CODE();
1973
1974 /* Make sure that the handle is inheritable */
1975 Ret = (HandleTableEntry->ObAttributes & OBJ_INHERIT) != 0;
1976 if (Ret)
1977 {
1978 /* Get the object header */
1979 ObjectHeader = ObpGetHandleObject(HandleTableEntry);
1980
1981 /* Increment the pointer count */
1983
1984 /* Release the handle lock */
1986
1987 /* Setup the access state */
1988 AccessState.PreviouslyGrantedAccess = HandleTableEntry->GrantedAccess;
1989
1990 /* Call the shared routine for incrementing handles */
1991 Status = ObpIncrementHandleCount(&ObjectHeader->Body,
1992 &AccessState,
1993 KernelMode,
1994 HandleTableEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES,
1995 Process,
1997 if (!NT_SUCCESS(Status))
1998 {
1999 /* Return failure */
2000 ObDereferenceObject(&ObjectHeader->Body);
2001 Ret = FALSE;
2002 }
2003 }
2004 else
2005 {
2006 /* Release the handle lock */
2008 }
2009
2010 /* Return duplication result */
2011 return Ret;
2012}
2013
2014/*++
2015* @name ObClearProcessHandleTable
2016*
2017* The ObClearProcessHandleTable routine clears the handle table
2018* of the given process.
2019*
2020* @param Process
2021* The process of which the handle table should be cleared.
2022*
2023* @return None.
2024*
2025* @remarks None.
2026*
2027*--*/
2028VOID
2029NTAPI
2031{
2035 BOOLEAN AttachedToProcess = FALSE;
2036
2037 ASSERT(Process);
2038
2039 /* Ensure the handle table doesn't go away while we use it */
2041 if (!HandleTable) return;
2042
2043 /* Attach to the current process if needed */
2045 {
2047 AttachedToProcess = TRUE;
2048 }
2049
2050 /* Enter a critical region */
2052
2053 /* Fill out the context */
2054 Context.AccessMode = UserMode;
2055 Context.HandleTable = HandleTable;
2056
2057 /* Sweep the handle table to close all handles */
2060 &Context);
2061
2062 /* Leave the critical region */
2064
2065 /* Detach if needed */
2066 if (AttachedToProcess)
2068
2069 /* Let the handle table go */
2071}
2072
2073/*++
2074* @name ObInitProcess
2075*
2076* The ObInitProcess routine initializes the handle table for the process
2077* to be initialized, by either creating a new one or duplicating it from
2078* the parent process.
2079*
2080* @param Parent
2081* A parent process (optional).
2082*
2083* @param Process
2084* The process to initialize.
2085*
2086* @return Success or failure.
2087*
2088* @remarks None.
2089*
2090*--*/
2092NTAPI
2095{
2096 PHANDLE_TABLE ParentTable, ObjectTable;
2097
2098 /* Check for a parent */
2099 if (Parent)
2100 {
2101 /* Reference the parent's table */
2103 if (!ParentTable) return STATUS_PROCESS_IS_TERMINATING;
2104
2105 /* Duplicate it */
2106 ObjectTable = ExDupHandleTable(Process,
2107 ParentTable,
2109 OBJ_INHERIT);
2110 }
2111 else
2112 {
2113 /* Otherwise just create a new table */
2114 ParentTable = NULL;
2115 ObjectTable = ExCreateHandleTable(Process);
2116 }
2117
2118 /* Make sure we have a table */
2119 if (ObjectTable)
2120 {
2121 /* Associate it */
2122 Process->ObjectTable = ObjectTable;
2123
2124 /* Check for auditing */
2126 {
2127 /* FIXME: TODO */
2128 DPRINT1("Need auditing!\n");
2129 }
2130
2131 /* Get rid of the old table now */
2132 if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2133
2134 /* We are done */
2135 return STATUS_SUCCESS;
2136 }
2137 else
2138 {
2139 /* Fail */
2140 Process->ObjectTable = NULL;
2141 if (ParentTable) ObDereferenceProcessHandleTable(Parent);
2143 }
2144}
2145
2146/*++
2147* @name ObKillProcess
2148*
2149* The ObKillProcess routine performs rundown operations on the process,
2150* then clears and destroys its handle table.
2151*
2152* @param Process
2153* The process to be killed.
2154*
2155* @return None.
2156*
2157* @remarks Called by the Object Manager cleanup code (kernel)
2158* when a process is to be destroyed.
2159*
2160*--*/
2161VOID
2162NTAPI
2164{
2167 BOOLEAN HardErrors;
2168 PAGED_CODE();
2169
2170 /* Wait for process rundown and then complete it */
2172 ExRundownCompleted(&Process->RundownProtect);
2173
2174 /* Get the object table */
2175 HandleTable = Process->ObjectTable;
2176 if (!HandleTable) return;
2177
2178 /* Disable hard errors while we close handles */
2179 HardErrors = IoSetThreadHardErrorMode(FALSE);
2180
2181 /* Enter a critical region */
2183
2184 /* Fill out the context */
2185 Context.AccessMode = KernelMode;
2186 Context.HandleTable = HandleTable;
2187
2188 /* Sweep the handle table to close all handles */
2191 &Context);
2192 ASSERT(HandleTable->HandleCount == 0);
2193
2194 /* Leave the critical region */
2196
2197 /* Re-enable hard errors */
2198 IoSetThreadHardErrorMode(HardErrors);
2199
2200 /* Destroy the object table */
2201 Process->ObjectTable = NULL;
2203}
2204
2206NTAPI
2209 IN PEPROCESS TargetProcess OPTIONAL,
2215{
2216 HANDLE_TABLE_ENTRY NewHandleEntry;
2217 BOOLEAN AttachedToProcess = FALSE;
2218 PVOID SourceObject;
2219 POBJECT_HEADER ObjectHeader;
2221 HANDLE NewHandle;
2224 ACCESS_MASK TargetAccess, SourceAccess;
2227 AUX_ACCESS_DATA AuxData;
2230 ULONG AuditMask;
2232
2233 PAGED_CODE();
2235 "%s - Duplicating handle: %p for %p into %p\n",
2238 SourceProcess,
2239 TargetProcess);
2240
2241 /* Assume failure */
2243
2244 /* Check if we're not duplicating the same access */
2246 {
2247 /* Validate the desired access */
2248 Status = STATUS_SUCCESS; //ObpValidateDesiredAccess(DesiredAccess);
2249 if (!NT_SUCCESS(Status)) return Status;
2250 }
2251
2252 /* Reference the object table */
2255
2256 /* Reference the process object */
2258 SourceProcess,
2261 &SourceObject,
2263 &AuditMask);
2264 if (!NT_SUCCESS(Status))
2265 {
2266 /* Fail */
2267 ObDereferenceProcessHandleTable(SourceProcess);
2268 return Status;
2269 }
2270 else
2271 {
2272 /* Check if we have to don't have to audit object close */
2273 if (!(HandleInformation.HandleAttributes & OBJ_AUDIT_OBJECT_CLOSE))
2274 {
2275 /* Then there is no audit mask */
2276 AuditMask = 0;
2277 }
2278 }
2279
2280 /* Check if there's no target process */
2281 if (!TargetProcess)
2282 {
2283 /* Check if the caller wanted actual duplication */
2285 {
2286 /* Invalid request */
2288 }
2289 else
2290 {
2291 /* Otherwise, do the attach */
2292 KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2293
2294 /* Close the handle and detach */
2297 }
2298
2299 /* Return */
2300 ObDereferenceProcessHandleTable(SourceProcess);
2301 ObDereferenceObject(SourceObject);
2302 return Status;
2303 }
2304
2305 /* Create a kernel handle if asked, but only in the system process */
2306 if (PreviousMode == KernelMode &&
2308 TargetProcess == PsInitialSystemProcess)
2309 {
2311 }
2312
2313 /* Get the target handle table */
2315 if (!HandleTable)
2316 {
2317 /* Check if the caller wanted us to close the handle */
2319 {
2320 /* Do the attach */
2321 KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2322
2323 /* Close the handle and detach */
2326 }
2327
2328 /* Return */
2329 ObDereferenceProcessHandleTable(SourceProcess);
2330 ObDereferenceObject(SourceObject);
2332 }
2333
2334 /* Get the source access */
2335 SourceAccess = HandleInformation.GrantedAccess;
2336
2337 /* Check if we're not in the target process */
2338 if (TargetProcess != PsGetCurrentProcess())
2339 {
2340 /* Attach to it */
2341 KeStackAttachProcess(&TargetProcess->Pcb, &ApcState);
2342 AttachedToProcess = TRUE;
2343 }
2344
2345 /* Check if we're duplicating the attributes */
2347 {
2348 /* Duplicate them */
2349 HandleAttributes = HandleInformation.HandleAttributes;
2350 }
2351 else
2352 {
2353 /* Don't allow caller to bypass auditing */
2354 HandleAttributes |= HandleInformation.HandleAttributes &
2356 }
2357
2358 /* Check if we're duplicating the access */
2359 if (Options & DUPLICATE_SAME_ACCESS) DesiredAccess = SourceAccess;
2360
2361 /* Get object data */
2362 ObjectHeader = OBJECT_TO_OBJECT_HEADER(SourceObject);
2363 ObjectType = ObjectHeader->Type;
2364
2365 /* Fill out the entry */
2366 RtlZeroMemory(&NewHandleEntry, sizeof(HANDLE_TABLE_ENTRY));
2367 NewHandleEntry.Object = ObjectHeader;
2369
2370 /* Check if we're using a generic mask */
2372 {
2373 /* Map it */
2375 &ObjectType->TypeInfo.GenericMapping);
2376 }
2377
2378 /* Set the target access, always propagate ACCESS_SYSTEM_SECURITY */
2379 TargetAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask |
2381 NewHandleEntry.GrantedAccess = TargetAccess;
2382
2383 /* Check if we're asking for new access */
2384 if (TargetAccess & ~SourceAccess)
2385 {
2386 /* We are. We need the security procedure to validate this */
2387 if (ObjectType->TypeInfo.SecurityProcedure == SeDefaultObjectMethod)
2388 {
2389 /* Use our built-in access state */
2392 &AuxData,
2393 TargetAccess,
2394 &ObjectType->TypeInfo.GenericMapping);
2395 }
2396 else
2397 {
2398 /* Otherwise we can't allow this privilege elevation */
2400 }
2401 }
2402 else
2403 {
2404 /* We don't need an access state */
2406 }
2407
2408 /* Make sure the access state was created OK */
2409 if (NT_SUCCESS(Status))
2410 {
2411 /* Add a new handle */
2412 Status = ObpIncrementHandleCount(SourceObject,
2418 }
2419
2420 /* Check if we were attached */
2421 if (AttachedToProcess)
2422 {
2423 /* We can safely detach now */
2425 AttachedToProcess = FALSE;
2426 }
2427
2428 /* Check if we have to close the source handle */
2430 {
2431 /* Attach and close */
2432 KeStackAttachProcess(&SourceProcess->Pcb, &ApcState);
2435 }
2436
2437 /* Check if we had an access state */
2439
2440 /* Now check if incrementing actually failed */
2441 if (!NT_SUCCESS(Status))
2442 {
2443 /* Dereference handle tables */
2444 ObDereferenceProcessHandleTable(SourceProcess);
2445 ObDereferenceProcessHandleTable(TargetProcess);
2446
2447 /* Dereference the source object */
2448 ObDereferenceObject(SourceObject);
2449 return Status;
2450 }
2451
2452 if (NewHandleEntry.ObAttributes & OBJ_PROTECT_CLOSE)
2453 {
2454 NewHandleEntry.ObAttributes &= ~OBJ_PROTECT_CLOSE;
2455 NewHandleEntry.GrantedAccess |= ObpAccessProtectCloseBit;
2456 }
2457
2458 /* Now create the handle */
2459 NewHandle = ExCreateHandle(HandleTable, &NewHandleEntry);
2460 if (!NewHandle)
2461 {
2462 /* Undo the increment */
2463 ObpDecrementHandleCount(SourceObject,
2464 TargetProcess,
2465 TargetAccess,
2466 ObjectType);
2467
2468 /* Deference the object and set failure status */
2469 ObDereferenceObject(SourceObject);
2471 }
2472
2473 /* Mark it as a kernel handle if requested */
2474 if (KernelHandle)
2475 {
2476 NewHandle = ObMarkHandleAsKernelHandle(NewHandle);
2477 }
2478
2479 /* Return the handle */
2480 if (TargetHandle) *TargetHandle = NewHandle;
2481
2482 /* Dereference handle tables */
2483 ObDereferenceProcessHandleTable(SourceProcess);
2484 ObDereferenceProcessHandleTable(TargetProcess);
2485
2486 /* Return status */
2488 "%s - Duplicated handle: %p for %p into %p. Source: %p HC PC %lx %lx\n",
2490 NewHandle,
2491 SourceProcess,
2492 TargetProcess,
2493 SourceObject,
2494 ObjectHeader->PointerCount,
2495 ObjectHeader->HandleCount);
2496 return Status;
2497}
2498
2499/* PUBLIC FUNCTIONS *********************************************************/
2500
2501/*++
2502* @name ObOpenObjectByName
2503* @implemented NT4
2504*
2505* The ObOpenObjectByName routine <FILLMEIN>
2506*
2507* @param ObjectAttributes
2508* <FILLMEIN>.
2509*
2510* @param ObjectType
2511* <FILLMEIN>.
2512*
2513* @param AccessMode
2514* <FILLMEIN>.
2515*
2516* @param PassedAccessState
2517* <FILLMEIN>.
2518*
2519* @param DesiredAccess
2520* <FILLMEIN>.
2521*
2522* @param ParseContext
2523* <FILLMEIN>.
2524*
2525* @param Handle
2526* <FILLMEIN>.
2527*
2528* @return <FILLMEIN>.
2529*
2530* @remarks None.
2531*
2532*--*/
2534NTAPI
2540 IN OUT PVOID ParseContext,
2542{
2543 PVOID Object = NULL;
2545 NTSTATUS Status, Status2;
2546 POBJECT_HEADER ObjectHeader;
2548 OB_OPEN_REASON OpenReason;
2549 POB_TEMP_BUFFER TempBuffer;
2550 PAGED_CODE();
2551
2552 /* Assume failure */
2553 *Handle = NULL;
2554
2555 /* Check if we didn't get any Object Attributes */
2556 if (!ObjectAttributes)
2557 {
2558 /* Fail with special status code */
2560 }
2561
2562 /* Allocate the temporary buffer */
2564 sizeof(OB_TEMP_BUFFER),
2566 if (!TempBuffer) return STATUS_INSUFFICIENT_RESOURCES;
2567
2568 /* Capture all the info */
2570 AccessMode,
2571 AccessMode,
2572 TRUE,
2573 &TempBuffer->ObjectCreateInfo,
2574 &ObjectName);
2575 if (!NT_SUCCESS(Status))
2576 {
2577 /* Fail */
2579 return Status;
2580 }
2581
2582 /* Check if we didn't get an access state */
2583 if (!PassedAccessState)
2584 {
2585 /* Try to get the generic mapping if we can */
2586 if (ObjectType) GenericMapping = &ObjectType->TypeInfo.GenericMapping;
2587
2588 /* Use our built-in access state */
2589 PassedAccessState = &TempBuffer->LocalAccessState;
2591 &TempBuffer->AuxData,
2594 if (!NT_SUCCESS(Status)) goto Quickie;
2595 }
2596
2597 /* Get the security descriptor */
2598 if (TempBuffer->ObjectCreateInfo.SecurityDescriptor)
2599 {
2600 /* Save it in the access state */
2603 }
2604
2605 /* Validate the access mask */
2607 if (!NT_SUCCESS(Status))
2608 {
2609 /* Cleanup after lookup */
2611 goto Cleanup;
2612 }
2613
2614 /* Now do the lookup */
2616 &ObjectName,
2617 TempBuffer->ObjectCreateInfo.Attributes,
2618 ObjectType,
2619 AccessMode,
2620 ParseContext,
2621 TempBuffer->ObjectCreateInfo.SecurityQos,
2622 NULL,
2624 &TempBuffer->LookupContext,
2625 &Object);
2626 if (!NT_SUCCESS(Status))
2627 {
2628 /* Cleanup after lookup */
2630 goto Cleanup;
2631 }
2632
2633 /* Check if this object has create information */
2634 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
2635 if (ObjectHeader->Flags & OB_FLAG_CREATE_INFO)
2636 {
2637 /* Then we are creating a new handle */
2638 OpenReason = ObCreateHandle;
2639
2640 /* Check if we still have create info */
2641 if (ObjectHeader->ObjectCreateInfo)
2642 {
2643 /* Free it */
2644 ObpFreeObjectCreateInformation(ObjectHeader->
2645 ObjectCreateInfo);
2646 ObjectHeader->ObjectCreateInfo = NULL;
2647 }
2648 }
2649 else
2650 {
2651 /* Otherwise, we are merely opening it */
2652 OpenReason = ObOpenHandle;
2653 }
2654
2655 /* Check if we have invalid object attributes */
2656 if (ObjectHeader->Type->TypeInfo.InvalidAttributes &
2657 TempBuffer->ObjectCreateInfo.Attributes)
2658 {
2659 /* Set failure code */
2661
2662 /* Cleanup after lookup */
2664
2665 /* Dereference the object */
2667 }
2668 else
2669 {
2670 /* Create the actual handle now */
2671 Status2 = ObpCreateHandle(OpenReason,
2672 Object,
2673 ObjectType,
2675 0,
2676 TempBuffer->ObjectCreateInfo.Attributes,
2677 &TempBuffer->LookupContext,
2678 AccessMode,
2679 NULL,
2680 Handle);
2681 if (!NT_SUCCESS(Status2))
2682 {
2684 Status = Status2;
2685 }
2686 }
2687
2688Cleanup:
2689 /* Delete the access state */
2690 if (PassedAccessState == &TempBuffer->LocalAccessState)
2691 {
2693 }
2694
2695Quickie:
2696 /* Release the object attributes and temporary buffer */
2700
2701 /* Return status */
2703 "%s - returning Object %p with PC S: %lx %lx\n",
2705 Object,
2706 Object ? OBJECT_TO_OBJECT_HEADER(Object)->PointerCount : -1,
2707 Status);
2708 return Status;
2709}
2710
2711/*++
2712* @name ObOpenObjectByPointer
2713* @implemented NT4
2714*
2715* The ObOpenObjectByPointer routine <FILLMEIN>
2716*
2717* @param Object
2718* <FILLMEIN>.
2719*
2720* @param HandleAttributes
2721* <FILLMEIN>.
2722*
2723* @param PassedAccessState
2724* <FILLMEIN>.
2725*
2726* @param DesiredAccess
2727* <FILLMEIN>.
2728*
2729* @param ObjectType
2730* <FILLMEIN>.
2731*
2732* @param AccessMode
2733* <FILLMEIN>.
2734*
2735* @param Handle
2736* <FILLMEIN>.
2737*
2738* @return <FILLMEIN>.
2739*
2740* @remarks None.
2741*
2742*--*/
2744NTAPI
2752{
2756 AUX_ACCESS_DATA AuxData;
2757 PAGED_CODE();
2758
2759 /* Assume failure */
2760 *Handle = NULL;
2761
2762 /* Reference the object */
2764 0,
2765 ObjectType,
2766 AccessMode);
2767 if (!NT_SUCCESS(Status)) return Status;
2768
2769 /* Get the Header Info */
2771
2772 /* Check if we didn't get an access state */
2773 if (!PassedAccessState)
2774 {
2775 /* Use our built-in access state */
2778 &AuxData,
2780 &Header->Type->TypeInfo.GenericMapping);
2781 if (!NT_SUCCESS(Status))
2782 {
2783 /* Fail */
2785 return Status;
2786 }
2787 }
2788
2789 /* Check if we have invalid object attributes */
2790 if (Header->Type->TypeInfo.InvalidAttributes & HandleAttributes)
2791 {
2792 /* Delete the access state */
2794 {
2796 }
2797
2798 /* Dereference the object */
2801 }
2802
2803 /* Create the handle */
2805 Object,
2806 ObjectType,
2808 0,
2810 NULL,
2811 AccessMode,
2812 NULL,
2813 Handle);
2815
2816 /* Delete the access state */
2818 {
2820 }
2821
2822 /* Return */
2824 "%s - returning Object with PC S: %lx %lx\n",
2826 OBJECT_TO_OBJECT_HEADER(Object)->PointerCount,
2827 Status);
2828 return Status;
2829}
2830
2831/*++
2832* @name ObFindHandleForObject
2833* @implemented NT4
2834*
2835* The ObFindHandleForObject routine <FILLMEIN>
2836*
2837* @param Process
2838* <FILLMEIN>.
2839*
2840* @param Object
2841* <FILLMEIN>.
2842*
2843* @param ObjectType
2844* <FILLMEIN>.
2845*
2846* @param HandleInformation
2847* <FILLMEIN>.
2848*
2849* @param HandleReturn
2850* <FILLMEIN>.
2851*
2852* @return <FILLMEIN>.
2853*
2854* @remarks None.
2855*
2856*--*/
2857BOOLEAN
2858NTAPI
2860 IN PVOID Object,
2864{
2865 OBP_FIND_HANDLE_DATA FindData;
2867 PVOID ObjectTable;
2868
2869 /* Make sure we have an object table */
2871 if (ObjectTable)
2872 {
2873 /* Check if we have an object */
2874 if (Object)
2875 {
2876 /* Set its header */
2878 }
2879 else
2880 {
2881 /* Otherwise, no object to match*/
2882 FindData.ObjectHeader = NULL;
2883 }
2884
2885 /* Set other information */
2886 FindData.ObjectType = ObjectType;
2888
2889 /* Enumerate the handle table */
2890 if (ExEnumHandleTable(Process->ObjectTable,
2892 &FindData,
2893 Handle))
2894 {
2895 /* Set success */
2896 Result = TRUE;
2897 }
2898
2899 /* Let go of the table */
2901 }
2902
2903 /* Return the result */
2904 return Result;
2905}
2906
2907/*++
2908* @name ObInsertObject
2909* @implemented NT4
2910*
2911* The ObInsertObject routine <FILLMEIN>
2912*
2913* @param Object
2914* <FILLMEIN>.
2915*
2916* @param PassedAccessState
2917* <FILLMEIN>.
2918*
2919* @param DesiredAccess
2920* <FILLMEIN>.
2921*
2922* @param AdditionalReferences
2923* <FILLMEIN>.
2924*
2925* @param ReferencedObject
2926* <FILLMEIN>.
2927*
2928* @param Handle
2929* <FILLMEIN>.
2930*
2931* @return <FILLMEIN>.
2932*
2933* @remarks None.
2934*
2935*--*/
2937NTAPI
2944{
2945 POBJECT_CREATE_INFORMATION ObjectCreateInfo;
2946 POBJECT_HEADER ObjectHeader;
2949 PVOID InsertObject;
2950 PSECURITY_DESCRIPTOR ParentDescriptor = NULL;
2951 BOOLEAN SdAllocated = FALSE;
2952 POBJECT_HEADER_NAME_INFO ObjectNameInfo;
2954 ACCESS_STATE LocalAccessState;
2955 AUX_ACCESS_DATA AuxData;
2956 OB_OPEN_REASON OpenReason;
2958 NTSTATUS Status = STATUS_SUCCESS, RealStatus;
2959 BOOLEAN IsNewObject;
2960 PAGED_CODE();
2961
2962 /* Get the Header */
2963 ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
2964
2965 /* Detect invalid insert */
2966 if (!(ObjectHeader->Flags & OB_FLAG_CREATE_INFO))
2967 {
2968 /* Display warning and break into debugger */
2969 DPRINT1("OB: Attempting to insert existing object %p\n", Object);
2970 DbgBreakPoint();
2971
2972 /* Allow debugger to continue */
2975 }
2976
2977 /* Get the create and name info, as well as the object type */
2978 ObjectCreateInfo = ObjectHeader->ObjectCreateInfo;
2979 ObjectNameInfo = ObpReferenceNameInfo(ObjectHeader);
2980 ObjectType = ObjectHeader->Type;
2981 ObjectName = NULL;
2982
2983 /* Check if this is an named object */
2984 if ((ObjectNameInfo) && (ObjectNameInfo->Name.Buffer))
2985 {
2986 /* Get the object name */
2987 ObjectName = &ObjectNameInfo->Name;
2988 }
2989
2990 /* Sanity check */
2991 ASSERT((Handle) ||
2992 ((ObjectPointerBias == 0) &&
2993 (ObjectName == NULL) &&
2994 (ObjectType->TypeInfo.SecurityRequired) &&
2995 (NewObject == NULL)));
2996
2997 /* Check if the object is unnamed and also doesn't have security */
2999 if (!(ObjectType->TypeInfo.SecurityRequired) && !(ObjectName))
3000 {
3001 /* Assume failure */
3002 *Handle = NULL;
3003 ObjectHeader->ObjectCreateInfo = NULL;
3004
3005 /* Create the handle */
3009 ObjectCreateInfo->Attributes,
3011 NewObject,
3012 Handle);
3013
3014 /* Free the create information */
3015 ObpFreeObjectCreateInformation(ObjectCreateInfo);
3016
3017 /* Release the object name information */
3018 ObpDereferenceNameInfo(ObjectNameInfo);
3019
3020 /* Remove the extra keep-alive reference */
3022
3023 /* Return */
3025 "%s - returning Object with PC S: %lx %lx\n",
3027 ObjectHeader->PointerCount,
3028 Status);
3029 return Status;
3030 }
3031
3032 /* Check if we didn't get an access state */
3033 if (!AccessState)
3034 {
3035 /* Use our built-in access state */
3036 AccessState = &LocalAccessState;
3037 Status = SeCreateAccessState(&LocalAccessState,
3038 &AuxData,
3040 &ObjectType->TypeInfo.GenericMapping);
3041 if (!NT_SUCCESS(Status))
3042 {
3043 /* Fail */
3044 ObpDereferenceNameInfo(ObjectNameInfo);
3046 return Status;
3047 }
3048 }
3049
3050 /* Save the security descriptor */
3051 AccessState->SecurityDescriptor = ObjectCreateInfo->SecurityDescriptor;
3052
3053 /* Validate the access mask */
3055 if (!NT_SUCCESS(Status))
3056 {
3057 /* Fail */
3058 ObpDereferenceNameInfo(ObjectNameInfo);
3060 return Status;
3061 }
3062
3063 /* Setup a lookup context */
3065 InsertObject = Object;
3066 OpenReason = ObCreateHandle;
3067
3068 /* Check if the object is named */
3069 if (ObjectName)
3070 {
3071 /* Look it up */
3072 Status = ObpLookupObjectName(ObjectCreateInfo->RootDirectory,
3073 ObjectName,
3074 ObjectCreateInfo->Attributes,
3075 ObjectType,
3076 (ObjectHeader->Flags & OB_FLAG_KERNEL_MODE) ?
3078 ObjectCreateInfo->ParseContext,
3079 ObjectCreateInfo->SecurityQos,
3080 Object,
3082 &Context,
3083 &InsertObject);
3084
3085 /* Check if we found an object that doesn't match the one requested */
3086 if ((NT_SUCCESS(Status)) && (InsertObject) && (Object != InsertObject))
3087 {
3088 /* This means we're opening an object, not creating a new one */
3089 OpenReason = ObOpenHandle;
3090
3091 /* Make sure the caller said it's OK to do this */
3092 if (ObjectCreateInfo->Attributes & OBJ_OPENIF)
3093 {
3094 /* He did, but did he want this type? */
3095 if (ObjectType != OBJECT_TO_OBJECT_HEADER(InsertObject)->Type)
3096 {
3097 /* Wrong type, so fail */
3099 }
3100 else
3101 {
3102 /* Right type, so warn */
3104 }
3105 }
3106 else
3107 {
3108 /* Check if this was a symbolic link */
3109 if (OBJECT_TO_OBJECT_HEADER(InsertObject)->Type ==
3111 {
3112 /* Dereference it */
3113 ObDereferenceObject(InsertObject);
3114 }
3115
3116 /* Caller wanted to create a new object, fail */
3118 }
3119 }
3120
3121 /* Check if anything until now failed */
3122 if (!NT_SUCCESS(Status))
3123 {
3124 /* Cleanup after lookup */
3126
3127 /* Remove query reference that we added */
3128 ObpDereferenceNameInfo(ObjectNameInfo);
3129
3130 /* Dereference the object and delete the access state */
3132 if (AccessState == &LocalAccessState)
3133 {
3134 /* We used a local one; delete it */
3136 }
3137
3138 /* Return failure code */
3139 return Status;
3140 }
3141 else
3142 {
3143 /* Check if this is a symbolic link */
3145 {
3146 /* Create the internal name */
3148 }
3149 }
3150 }
3151
3152 /* Now check if this object is being created */
3153 if (InsertObject == Object)
3154 {
3155 /* Check if it's named or forces security */
3156 if ((ObjectName) || (ObjectType->TypeInfo.SecurityRequired))
3157 {
3158 /* Make sure it's inserted into an object directory */
3159 if ((ObjectNameInfo) && (ObjectNameInfo->Directory))
3160 {
3161 /* Get the current descriptor */
3162 ObGetObjectSecurity(ObjectNameInfo->Directory,
3163 &ParentDescriptor,
3164 &SdAllocated);
3165 }
3166
3167 /* Now assign it */
3169 ParentDescriptor,
3170 Object,
3171 ObjectType);
3172
3173 /* Check if we captured one */
3174 if (ParentDescriptor)
3175 {
3176 /* We did, release it */
3177 ObReleaseObjectSecurity(ParentDescriptor, SdAllocated);
3178 }
3179 else if (NT_SUCCESS(Status))
3180 {
3181 /* Other we didn't, but we were able to use the current SD */
3183 ObjectCreateInfo->ProbeMode,
3184 TRUE);
3185
3186 /* Clear the current one */
3187 AccessState->SecurityDescriptor =
3188 ObjectCreateInfo->SecurityDescriptor = NULL;
3189 }
3190 }
3191
3192 /* Check if anything until now failed */
3193 if (!NT_SUCCESS(Status))
3194 {
3195 /* Check if the directory was added */
3196 if (Context.DirectoryLocked)
3197 {
3198 /* Weird case where we need to do a manual delete */
3199 DPRINT1("Unhandled path\n");
3200 ASSERT(FALSE);
3201 }
3202
3203 /* Cleanup the lookup */
3205
3206 /* Remove query reference that we added */
3207 ObpDereferenceNameInfo(ObjectNameInfo);
3208
3209 /* Dereference the object and delete the access state */
3211 if (AccessState == &LocalAccessState)
3212 {
3213 /* We used a local one; delete it */
3215 }
3216
3217 /* Return failure code */
3218 ASSERT(FALSE);
3219 return Status;
3220 }
3221 }
3222
3223 /* Save the actual status until here */
3224 RealStatus = Status;
3225
3226 /* Check if caller wants us to create a handle */
3227 ObjectHeader->ObjectCreateInfo = NULL;
3228 if (Handle)
3229 {
3230 /* Create the handle */
3231 Status = ObpCreateHandle(OpenReason,
3232 InsertObject,
3233 NULL,
3236 ObjectCreateInfo->Attributes,
3237 &Context,
3239 NewObject,
3240 Handle);
3241 if (!NT_SUCCESS(Status))
3242 {
3243 /* If the object had a name, backout everything */
3245
3246 /* Return the status of the failure */
3247 *Handle = NULL;
3248 RealStatus = Status;
3249 }
3250
3251 /* Remove a query reference */
3252 ObpDereferenceNameInfo(ObjectNameInfo);
3253
3254 /* Remove the extra keep-alive reference */
3256 }
3257 else
3258 {
3259 /* Otherwise, lock the object */
3260 ObpAcquireObjectLock(ObjectHeader);
3261
3262 /* And charge quota for the process to make it appear as used */
3263 RealStatus = ObpChargeQuotaForObject(ObjectHeader,
3264 ObjectType,
3265 &IsNewObject);
3266
3267 /* Release the lock */
3268 ObpReleaseObjectLock(ObjectHeader);
3269
3270 /* Check if we failed and dereference the object if so */
3271 if (!NT_SUCCESS(RealStatus)) ObDereferenceObject(Object);
3272 }
3273
3274 /* We can delete the Create Info now */
3275 ObpFreeObjectCreateInformation(ObjectCreateInfo);
3276
3277 /* Check if we created our own access state and delete it if so */
3278 if (AccessState == &LocalAccessState) SeDeleteAccessState(AccessState);
3279
3280 /* Return status code */
3282 "%s - returning Object with PC RS/S: %lx %lx %lx\n",
3284 OBJECT_TO_OBJECT_HEADER(Object)->PointerCount,
3285 RealStatus, Status);
3286 return RealStatus;
3287}
3288
3317NTAPI
3322{
3323 OBP_SET_HANDLE_ATTRIBUTES_CONTEXT SetHandleAttributesContext;
3324 BOOLEAN Result, AttachedToProcess = FALSE;
3327
3328 PAGED_CODE();
3329
3330 /* Check if this is a kernel handle */
3332 {
3333 /* Use the kernel table and convert the handle */
3336
3337 /* Check if we're not in the system process */
3339 {
3340 /* Attach to the system process */
3342 AttachedToProcess = TRUE;
3343 }
3344 }
3345 else
3346 {
3347 /* Get the current process' handle table */
3348 HandleTable = PsGetCurrentProcess()->ObjectTable;
3349 }
3350
3351 /* Initialize the handle attribute context */
3352 SetHandleAttributesContext.PreviousMode = PreviousMode;
3353 SetHandleAttributesContext.Information = *HandleFlags;
3354
3355 /* Invoke the ObpSetHandleAttributes callback */
3357 Handle,
3359 (ULONG_PTR)&SetHandleAttributesContext);
3360
3361 /* Detach from the system process if needed */
3362 if (AttachedToProcess)
3364
3365 /* Return the result as an NTSTATUS value */
3367}
3368
3369/*++
3370* @name ObCloseHandle
3371* @implemented NT5.1
3372*
3373* The ObCloseHandle routine <FILLMEIN>
3374*
3375* @param Handle
3376* <FILLMEIN>.
3377*
3378* @param AccessMode
3379* <FILLMEIN>.
3380*
3381* @return <FILLMEIN>.
3382*
3383* @remarks None.
3384*
3385*--*/
3387NTAPI
3390{
3391 /* Call the internal API */
3393}
3394
3395/*++
3396* @name NtClose
3397* @implemented NT4
3398*
3399* The NtClose routine <FILLMEIN>
3400*
3401* @param Handle
3402* <FILLMEIN>.
3403*
3404* @return <FILLMEIN>.
3405*
3406* @remarks None.
3407*
3408*--*/
3410NTAPI
3412{
3413 /* Call the internal API */
3415}
3416
3418NTAPI
3419NtDuplicateObject(IN HANDLE SourceProcessHandle,
3426{
3427 PEPROCESS SourceProcess, TargetProcess, Target;
3428 HANDLE hTarget;
3432 "%s - Duplicating handle: %p for %p into %p.\n",
3435 SourceProcessHandle,
3437
3438 /* Check if we have a target handle */
3439 if ((TargetHandle) && (PreviousMode != KernelMode))
3440 {
3441 /* Enter SEH */
3442 _SEH2_TRY
3443 {
3444 /* Probe the handle and assume failure */
3446 *TargetHandle = NULL;
3447 }
3449 {
3450 /* Return the exception code */
3452 }
3453 _SEH2_END;
3454 }
3455
3456 /* Now reference the input handle */
3457 Status = ObReferenceObjectByHandle(SourceProcessHandle,
3461 (PVOID*)&SourceProcess,
3462 NULL);
3463 if (!NT_SUCCESS(Status)) return Status;
3464
3465 /* Check if got a target handle */
3467 {
3468 /* Now reference the output handle */
3473 (PVOID*)&TargetProcess,
3474 NULL);
3475 if (NT_SUCCESS(Status))
3476 {
3477 /* Use this target process */
3478 Target = TargetProcess;
3479 }
3480 else
3481 {
3482 /* No target process */
3483 Target = NULL;
3484 }
3485 }
3486 else
3487 {
3488 /* No target process */
3490 Target = NULL;
3491 }
3492
3493 /* Call the internal routine */
3494 Status = ObDuplicateObject(SourceProcess,
3496 Target,
3497 &hTarget,
3500 Options,
3501 PreviousMode);
3502
3503 /* Check if the caller wanted the return handle */
3504 if (TargetHandle)
3505 {
3506 /* Protect the write to user mode */
3507 _SEH2_TRY
3508 {
3509 /* Write the new handle */
3510 *TargetHandle = hTarget;
3511 }
3513 {
3514 /* Otherwise, get the exception code */
3516 }
3517 _SEH2_END;
3518 }
3519
3520 /* Dereference the processes */
3522 "%s - Duplicated handle: %p into %p S %lx\n",
3524 hTarget,
3526 Status);
3528 ObDereferenceObject(SourceProcess);
3529 return Status;
3530}
3531
3532BOOLEAN
3533NTAPI
3535{
3536 /* Use the inlined version. We know we are in kernel mode. */
3538}
3539
3540/* EOF */
#define PAGED_CODE()
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
#define OBJ_PROTECT_CLOSE
static OB_SECURITY_METHOD SeDefaultObjectMethod
Definition: ObTypes.c:134
#define ObpSymbolicLinkObjectType
Definition: ObTypes.c:119
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
Type
Definition: Type.h:7
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:732
unsigned char BOOLEAN
Definition: actypes.h:127
#define InterlockedIncrement
Definition: armddk.h:53
#define InterlockedDecrement
Definition: armddk.h:52
LONG NTSTATUS
Definition: precomp.h:26
#define DPRINT1
Definition: precomp.h:8
#define GENERIC_ACCESS
Definition: security.c:35
#define HandleToLong(h)
Definition: basetsd.h:74
DECLSPEC_NORETURN VOID NTAPI KeBugCheckEx(IN ULONG BugCheckCode, IN ULONG_PTR BugCheckParameter1, IN ULONG_PTR BugCheckParameter2, IN ULONG_PTR BugCheckParameter3, IN ULONG_PTR BugCheckParameter4)
Definition: debug.c:485
Definition: Header.h:9
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define STATUS_INVALID_HANDLE
Definition: d3dkmdt.h:40
#define STATUS_OBJECT_TYPE_MISMATCH
Definition: d3dkmdt.h:46
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
HANDLE KernelHandle
Definition: legacy.c:24
static const WCHAR Cleanup[]
Definition: register.c:80
#define __FUNCTION__
Definition: types.h:116
#define InsertTailList(ListHead, Entry)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
UCHAR KIRQL
Definition: env_spec_w32.h:591
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define NonPagedPool
Definition: env_spec_w32.h:307
#define PagedPool
Definition: env_spec_w32.h:308
#define ExWaitForRundownProtectionRelease
Definition: ex.h:141
#define ExReleaseRundownProtection
Definition: ex.h:139
#define ExGetPreviousMode
Definition: ex.h:143
#define ExRundownCompleted
Definition: ex.h:142
#define ExAcquireRundownProtection
Definition: ex.h:138
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
__in PWDFDEVICE_INIT __in BOOLEAN Exclusive
ULONG Handle
Definition: gdb_input.c:15
Status
Definition: gdiplustypes.h:24
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
static XMS_HANDLE HandleTable[XMS_MAX_HANDLES]
Definition: himem.c:83
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
#define PROCESS_DUP_HANDLE
#define InterlockedDecrementSizeT(a)
Definition: interlocked.h:168
#define InterlockedExchangeAddSizeT(a, b)
Definition: interlocked.h:211
#define InterlockedIncrementSizeT(a)
Definition: interlocked.h:235
BOOLEAN KdDebuggerEnabled
Definition: kddata.c:82
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
#define ASSERT(a)
Definition: mode.c:44
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
ObjectType
Definition: metafile.c:88
#define KeGetPreviousMode()
Definition: ketypes.h:1115
#define KernelMode
Definition: asm.h:38
#define UserMode
Definition: asm.h:39
_In_ HANDLE SourceHandle
Definition: obfuncs.h:438
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
Definition: obfuncs.h:440
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:442
_In_ HANDLE _In_opt_ HANDLE TargetProcessHandle
Definition: obfuncs.h:439
#define OBJECT_HEADER_TO_HANDLE_INFO(h)
Definition: obtypes.h:118
#define OB_FLAG_SINGLE_PROCESS
Definition: obtypes.h:103
#define OB_FLAG_EXCLUSIVE
Definition: obtypes.h:100
#define OB_FLAG_KERNEL_EXCLUSIVE
Definition: obtypes.h:109
#define OBJECT_HEADER_TO_CREATOR_INFO(h)
Definition: obtypes.h:126
#define OB_FLAG_CREATE_INFO
Definition: obtypes.h:97
#define OBJECT_HEADER_TO_NAME_INFO(h)
Definition: obtypes.h:114
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153
#define OBJECT_HEADER_TO_QUOTA_INFO(h)
Definition: obtypes.h:122
#define OB_FLAG_KERNEL_MODE
Definition: obtypes.h:98
struct _OBJECT_HANDLE_COUNT_ENTRY OBJECT_HANDLE_COUNT_ENTRY
#define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h)
Definition: obtypes.h:131
@ ObOpenHandle
Definition: obtypes.h:142
@ ObCreateHandle
Definition: obtypes.h:141
@ ObInheritHandle
Definition: obtypes.h:144
@ ObDuplicateHandle
Definition: obtypes.h:143
struct _OBJECT_HANDLE_COUNT_DATABASE OBJECT_HANDLE_COUNT_DATABASE
#define OBJECT_TO_OBJECT_HEADER(o)
Definition: obtypes.h:111
enum _OB_OPEN_REASON OB_OPEN_REASON
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
#define _Inout_
Definition: no_sal2.h:162
#define _In_
Definition: no_sal2.h:158
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define NtCurrentProcess()
Definition: nt_native.h:1660
#define GENERIC_ALL
Definition: nt_native.h:92
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
VOID NTAPI ExSweepHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_SWEEP_HANDLE_CALLBACK EnumHandleProcedure, IN PVOID Context)
Definition: handle.c:1232
BOOLEAN NTAPI ExChangeHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PEX_CHANGE_HANDLE_CALLBACK ChangeRoutine, IN ULONG_PTR Context)
Definition: handle.c:1189
BOOLEAN NTAPI ExEnumHandleTable(IN PHANDLE_TABLE HandleTable, IN PEX_ENUM_HANDLE_CALLBACK EnumHandleProcedure, IN OUT PVOID Context, OUT PHANDLE EnumHandle OPTIONAL)
Definition: handle.c:1271
HANDLE NTAPI ExCreateHandle(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:827
PHANDLE_TABLE NTAPI ExCreateHandleTable(IN PEPROCESS Process OPTIONAL)
Definition: handle.c:801
BOOLEAN NTAPI ExDestroyHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PHANDLE_TABLE_ENTRY HandleTableEntry OPTIONAL)
Definition: handle.c:984
VOID NTAPI ExDestroyHandleTable(IN PHANDLE_TABLE HandleTable, IN PVOID DestroyHandleProcedure OPTIONAL)
Definition: handle.c:963
PHANDLE_TABLE_ENTRY NTAPI ExMapHandleToPointer(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle)
Definition: handle.c:1046
VOID NTAPI ExUnlockHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: handle.c:923
PHANDLE_TABLE NTAPI ExDupHandleTable(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PEX_DUPLICATE_HANDLE_CALLBACK DupHandleProcedure, IN ULONG_PTR Mask)
Definition: handle.c:1072
_Out_ PKAPC_STATE ApcState
Definition: mm.h:1769
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
Definition: audit.c:34
BOOLEAN NTAPI IoSetThreadHardErrorMode(IN BOOLEAN HardErrorEnabled)
Definition: error.c:726
NTSTATUS NTAPI KeRaiseUserException(IN NTSTATUS ExceptionCode)
Definition: except.c:413
POBJECT_TYPE PsProcessType
Definition: process.c:20
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
Definition: thread.c:868
VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:150
NTSTATUS NTAPI SeCreateAccessState(_Out_ PACCESS_STATE AccessState, _Out_ __drv_aliasesMem PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
Creates an access state.
Definition: access.c:121
VOID NTAPI SePrivilegeObjectAuditAlarm(_In_ HANDLE Handle, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE CurrentMode)
Raises an audit with alarm notification message when an object tries to acquire this privilege.
Definition: audit.c:1321
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
#define STATUS_QUOTA_EXCEEDED
Definition: ntstatus.h:398
#define STATUS_OBJECT_NAME_EXISTS
Definition: ntstatus.h:189
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:596
#define STATUS_HANDLE_NOT_CLOSABLE
Definition: ntstatus.h:819
NTSTATUS NTAPI ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
Definition: oblife.c:455
#define OBJ_HANDLE_ATTRIBUTES
Definition: ob.h:52
#define OBTRACE(x, fmt,...)
Definition: ob.h:34
#define OBP_SYSTEM_PROCESS_QUOTA
Definition: ob.h:64
#define ObpIsKernelHandle(Handle, ProcessorMode)
Definition: ob.h:74
VOID NTAPI ObpCreateSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
Definition: oblink.c:334
#define ObpGetHandleObject(x)
Definition: ob.h:91
BOOLEAN NTAPI ObCheckObjectAccess(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
Definition: obsecure.c:441
struct _OBP_CLOSE_HANDLE_CONTEXT * POBP_CLOSE_HANDLE_CONTEXT
#define ObKernelHandleToHandle(Handle)
Definition: ob.h:83
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
Definition: obname.c:301
#define ObpAccessProtectCloseBit
Definition: ob.h:59
#define TAG_OB_TEMP_STORAGE
Definition: ob.h:160
VOID NTAPI ObpFreeObjectNameBuffer(IN PUNICODE_STRING Name)
Definition: oblife.c:346
#define ObMarkHandleAsKernelHandle(Handle)
Definition: ob.h:85
#define OB_HANDLE_DEBUG
Definition: ob.h:17
#define OBJ_AUDIT_OBJECT_CLOSE
Definition: ob.h:51
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
Definition: obname.c:446
FORCEINLINE VOID ObpAcquireObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:48
FORCEINLINE VOID ObpInitializeLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Initializes a new object directory lookup context. Used for lookup operations (insertions/deletions) ...
Definition: ob_x.h:258
FORCEINLINE VOID ObpReleaseObjectLock(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:84
FORCEINLINE VOID ObpLeaveObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:352
FORCEINLINE VOID ObpDereferenceNameInfo(IN POBJECT_HEADER_NAME_INFO HeaderNameInfo)
Definition: ob_x.h:143
FORCEINLINE VOID ObpCalloutStart(IN PKIRQL CalloutIrql)
Definition: ob_x.h:497
FORCEINLINE VOID ObpReleaseObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:364
FORCEINLINE VOID ObpReleaseLookupContext(IN POBP_LOOKUP_CONTEXT Context)
Releases an initialized object directory lookup context. Unlocks it if necessary, and dereferences th...
Definition: ob_x.h:323
FORCEINLINE VOID ObpCalloutEnd(IN KIRQL CalloutIrql, IN PCHAR Procedure, IN POBJECT_TYPE ObjectType, IN PVOID Object)
Definition: ob_x.h:505
FORCEINLINE POBJECT_HEADER_NAME_INFO ObpReferenceNameInfo(IN POBJECT_HEADER ObjectHeader)
Definition: ob_x.h:102
FORCEINLINE VOID ObpEnterObjectTypeMutex(IN POBJECT_TYPE ObjectType)
Definition: ob_x.h:340
FORCEINLINE VOID ObpFreeObjectCreateInformation(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
Definition: ob_x.h:460
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
NTSTATUS NTAPI ObpIncrementUnnamedHandleCount(IN PVOID Object, IN PACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process)
Definition: obhandle.c:1090
BOOLEAN NTAPI ObIsKernelHandle(IN HANDLE Handle)
Definition: obhandle.c:3534
NTSTATUS NTAPI ObpCreateHandle(IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE Type OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN POBP_LOOKUP_CONTEXT Context, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1497
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3388
VOID NTAPI ObKillProcess(IN PEPROCESS Process)
Definition: obhandle.c:2163
NTSTATUS NTAPI ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN IgnoreHandleProtection)
Definition: obhandle.c:685
BOOLEAN NTAPI ObpEnumFindHandleProcedure(IN PHANDLE_TABLE_ENTRY HandleEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:211
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:48
static BOOLEAN NTAPI ObpSetHandleAttributes(_Inout_ PHANDLE_TABLE_ENTRY HandleTableEntry, _In_ ULONG_PTR Context)
Internal callback used by ObSetHandleAttributes(). Updates the attributes of a handle given by its ha...
Definition: obhandle.c:1872
NTSTATUS NTAPI ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
Definition: obhandle.c:431
POBJECT_HANDLE_COUNT_ENTRY NTAPI ObpInsertHandleCount(IN POBJECT_HEADER ObjectHeader)
Definition: obhandle.c:259
NTSTATUS NTAPI ObpCreateUnnamedHandle(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN ULONG AdditionalReferences, IN ULONG HandleAttributes, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReturnedObject, OUT PHANDLE ReturnedHandle)
Definition: obhandle.c:1312
PHANDLE_TABLE ObpKernelHandleTable
Definition: obhandle.c:20
VOID NTAPI ObpDecrementHandleCount(IN PVOID ObjectBody, IN PEPROCESS Process, IN ACCESS_MASK GrantedAccess, IN POBJECT_TYPE ObjectType)
Definition: obhandle.c:530
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2938
NTSTATUS NTAPI ObpReferenceProcessObjectByHandle(IN HANDLE Handle, IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation, OUT PACCESS_MASK AuditMask)
Definition: obhandle.c:85
BOOLEAN NTAPI ObpCloseHandleCallback(IN PHANDLE_TABLE_ENTRY HandleTableEntry, IN HANDLE Handle, IN PVOID Context)
Definition: obhandle.c:1927
NTSTATUS NTAPI ObpCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:1730
NTSTATUS NTAPI ObDuplicateObject(IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
Definition: obhandle.c:2207
NTSTATUS NTAPI ObpValidateAccessMask(IN PACCESS_STATE AccessState)
Definition: obhandle.c:488
VOID NTAPI ObClearProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:2030
NTSTATUS NTAPI NtDuplicateObject(IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options)
Definition: obhandle.c:3419
BOOLEAN NTAPI ObFindHandleForObject(IN PEPROCESS Process, IN PVOID Object, IN POBJECT_TYPE ObjectType, IN POBJECT_HANDLE_INFORMATION HandleInformation, OUT PHANDLE Handle)
Definition: obhandle.c:2859
NTSTATUS NTAPI ObpIncrementHandleCount(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN ULONG HandleAttributes, IN PEPROCESS Process, IN OB_OPEN_REASON OpenReason)
Definition: obhandle.c:811
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3411
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:26
BOOLEAN NTAPI ObpDuplicateHandleCallback(IN PEPROCESS Process, IN PHANDLE_TABLE HandleTable, IN PHANDLE_TABLE_ENTRY OldEntry, IN PHANDLE_TABLE_ENTRY HandleTableEntry)
Definition: obhandle.c:1963
NTSTATUS NTAPI ObpIncrementHandleDataBase(IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, IN OUT PULONG NewProcessHandleCount)
Definition: obhandle.c:333
NTSTATUS NTAPI ObSetHandleAttributes(_In_ HANDLE Handle, _In_ POBJECT_HANDLE_ATTRIBUTE_INFORMATION HandleFlags, _In_ KPROCESSOR_MODE PreviousMode)
Sets the attributes (inheritable and protect-from-close) of an existing object handle.
Definition: obhandle.c:3318
NTSTATUS NTAPI ObInitProcess(IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
Definition: obhandle.c:2093
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
Definition: obhandle.c:2745
NTSTATUS NTAPI ObOpenObjectByName(IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN OUT PVOID ParseContext, OUT PHANDLE Handle)
Definition: obhandle.c:2535
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:493
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
Definition: obref.c:380
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
NTSTATUS NTAPI ObAssignSecurity(IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type)
Definition: obsecure.c:550
long LONG
Definition: pedump.c:60
BOOLEAN NTAPI KeIsAttachedProcess(VOID)
Definition: procobj.c:693
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
PEPROCESS_QUOTA_BLOCK NTAPI PsChargeSharedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T AmountToChargePaged, _In_ SIZE_T AmountToChargeNonPaged)
Charges the shared (paged and non paged) pool quotas. The function is used exclusively by the Object ...
Definition: quota.c:674
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
#define OBJ_OPENIF
Definition: winternl.h:229
#define OBJ_FORCE_ACCESS_CHECK
Definition: winternl.h:232
#define OBJ_INHERIT
Definition: winternl.h:225
#define OBJ_EXCLUSIVE
Definition: winternl.h:227
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:204
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:104
#define _SEH2_END
Definition: pseh2_64.h:194
#define _SEH2_TRY
Definition: pseh2_64.h:93
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:207
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
#define STATUS_SUCCESS
Definition: shellext.h:65
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
_In_ PVOID Context
Definition: storport.h:2269
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: setypes.h:235
GENERIC_MAPPING GenericMapping
Definition: setypes.h:259
PPRIVILEGE_SET PrivilegesUsed
Definition: setypes.h:258
KPROCESS Pcb
Definition: pstypes.h:1350
Definition: extypes.h:767
PVOID Object
Definition: extypes.h:770
ULONG GrantedAccess
Definition: extypes.h:777
ULONG_PTR ObAttributes
Definition: extypes.h:771
PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: obtypes.h:344
KPROCESSOR_MODE ProbeMode
Definition: obtypes.h:340
PSECURITY_QUALITY_OF_SERVICE SecurityQos
Definition: obtypes.h:345
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]
Definition: obtypes.h:451
Definition: obtypes.h:443
ULONG HandleCount
Definition: obtypes.h:445
struct _EPROCESS * Process
Definition: obtypes.h:444
ACCESS_MASK GrantedAccess
Definition: iotypes.h:181
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
Definition: obtypes.h:458
OBJECT_HANDLE_COUNT_ENTRY SingleEntry
Definition: obtypes.h:459
POBJECT_DIRECTORY Directory
Definition: obtypes.h:432
UNICODE_STRING Name
Definition: obtypes.h:433
UCHAR Flags
Definition: obtypes.h:497
LONG_PTR HandleCount
Definition: obtypes.h:490
LONG_PTR PointerCount
Definition: obtypes.h:487
POBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: obtypes.h:500
POBJECT_TYPE Type
Definition: obtypes.h:493
OBJECT_TYPE_INITIALIZER TypeInfo
Definition: obtypes.h:390
PHANDLE_TABLE HandleTable
Definition: ob.h:117
KPROCESSOR_MODE AccessMode
Definition: ob.h:118
POBJECT_HANDLE_INFORMATION HandleInformation
Definition: ob.h:125
POBJECT_TYPE ObjectType
Definition: ob.h:124
POBJECT_HEADER ObjectHeader
Definition: ob.h:123
OBJECT_HANDLE_ATTRIBUTE_INFORMATION Information
Definition: ob.h:112
KPROCESSOR_MODE PreviousMode
Definition: ob.h:111
OBP_LOOKUP_CONTEXT LookupContext
Definition: ob.h:165
OBJECT_CREATE_INFORMATION ObjectCreateInfo
Definition: ob.h:164
AUX_ACCESS_DATA AuxData
Definition: ob.h:166
ACCESS_STATE LocalAccessState
Definition: ob.h:163
$ULONG PrivilegeCount
Definition: setypes.h:86
#define TAG_OB_HANDLE
Definition: tag.h:126
uint32_t * PULONG
Definition: typedefs.h:59
unsigned char * PBOOLEAN
Definition: typedefs.h:53
#define NTAPI
Definition: typedefs.h:36
void * PVOID
Definition: typedefs.h:50
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define IN
Definition: typedefs.h:39
int32_t * PLONG
Definition: typedefs.h:58
uint32_t ULONG
Definition: typedefs.h:59
#define OUT
Definition: typedefs.h:40
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
#define STATUS_OBJECT_NAME_COLLISION
Definition: udferr_usr.h:150
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
static ULONG HandleCount
Definition: uefidisk.c:67
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2664
_In_ PWDFDEVICE_INIT _In_ PWDF_REMOVE_LOCK_OPTIONS Options
Definition: wdfdevice.h:3540
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4539
_In_ WDFIOTARGET Target
Definition: wdfrequest.h:306
NTSYSAPI void WINAPI DbgBreakPoint(void)
@ ProcessHandleCount
Definition: winternl.h:1902
#define NtCurrentThread()
Definition: winternl.h:5372
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
KAPC_STATE
Definition: ketypes.h:1727
_Must_inspect_result_ _In_ _In_ ULONG ProbeMode
Definition: mmfuncs.h:561
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:44
#define ObDereferenceObject
Definition: obfuncs.h:203
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG ObjectPointerBias
Definition: obfuncs.h:73
_Inout_opt_ PACCESS_STATE PassedAccessState
Definition: obfuncs.h:71
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:74
#define DUPLICATE_SAME_ACCESS
#define DUPLICATE_CLOSE_SOURCE
#define PsGetCurrentProcess
Definition: psfuncs.h:17
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
Definition: sefuncs.h:16
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
Definition: sefuncs.h:13
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20
#define SE_SACL_PRESENT
Definition: setypes.h:835