#include <umtypes.h>
#include <pstypes.h>

Include dependency graph for psfuncs.h:

This graph shows which files directly or indirectly include this file:

Functions
NTKERNELAPI PVOID NTAPI	PsGetCurrentThreadWin32Thread (VOID)

NTKERNELAPI PVOID NTAPI	PsGetCurrentProcessWin32Process (VOID)

NTKERNELAPI PVOID NTAPI	PsGetProcessWin32Process (_In_ PEPROCESS Process)

NTKERNELAPI NTSTATUS NTAPI	PsSetProcessWin32Process (_Inout_ PEPROCESS Process, _In_opt_ PVOID Win32Process, _In_opt_ PVOID OldWin32Process)

NTKERNELAPI PVOID NTAPI	PsSetThreadWin32Thread (_Inout_ PETHREAD Thread, _In_opt_ PVOID Win32Thread, _In_opt_ PVOID OldWin32Thread)

NTKERNELAPI PVOID NTAPI	PsGetThreadWin32Thread (_In_ PETHREAD Thread)

NTKERNELAPI PVOID NTAPI	PsGetProcessWin32WindowStation (_In_ PEPROCESS Process)

NTKERNELAPI VOID NTAPI	PsSetProcessWindowStation (_Inout_ PEPROCESS Process, _In_opt_ PVOID WindowStation)

NTKERNELAPI PTEB NTAPI	PsGetThreadTeb (_In_ PETHREAD Thread)

NTKERNELAPI HANDLE NTAPI	PsGetThreadId (_In_ PETHREAD Thread)

NTKERNELAPI PEPROCESS NTAPI	PsGetThreadProcess (_In_ PETHREAD Thread)

NTKERNELAPI ULONG NTAPI	PsGetThreadFreezeCount (_In_ PETHREAD Thread)

NTKERNELAPI BOOLEAN NTAPI	PsGetThreadHardErrorsAreDisabled (_In_ PETHREAD Thread)

NTKERNELAPI VOID NTAPI	PsSetThreadHardErrorsAreDisabled (_Inout_ PETHREAD Thread, _In_ BOOLEAN Disabled)

NTKERNELAPI VOID NTAPI	PsEstablishWin32Callouts (_In_ PWIN32_CALLOUTS_FPNS CalloutData)

NTKERNELAPI VOID NTAPI	PsReturnProcessNonPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)

NTKERNELAPI ULONG NTAPI	PsGetCurrentProcessSessionId (VOID)

NTKERNELAPI BOOLEAN NTAPI	PsIsThreadImpersonating (_In_ PETHREAD Thread)

NTKERNELAPI VOID NTAPI	PsRevertThreadToSelf (_Inout_ PETHREAD Thread)

NTKERNELAPI NTSTATUS NTAPI	PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS Process, _Out_ PETHREAD Thread)

BOOLEAN NTAPI	PsIsProtectedProcess (_In_ PEPROCESS Process)

NTKERNELAPI BOOLEAN NTAPI	PsIsSystemProcess (_In_ PEPROCESS Process)

VOID NTAPI	PsSetProcessPriorityByClass (_In_ PEPROCESS Process, _In_ PSPROCESSPRIORITYMODE Type)

HANDLE NTAPI	PsGetProcessInheritedFromUniqueProcessId (_In_ PEPROCESS Process)

NTKERNELAPI NTSTATUS NTAPI	PsGetProcessExitStatus (_In_ PEPROCESS Process)

NTKERNELAPI ULONG NTAPI	PsGetProcessSessionId (_In_ PEPROCESS Process)

NTKERNELAPI BOOLEAN NTAPI	PsGetProcessExitProcessCalled (_In_ PEPROCESS Process)

NTKERNELAPI VOID NTAPI	PsChargePoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)

NTKERNELAPI NTSTATUS NTAPI	PsChargeProcessNonPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)

NTKERNELAPI NTSTATUS NTAPI	PsChargeProcessPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)

NTKERNELAPI NTSTATUS NTAPI	PsChargeProcessPoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)

NTKERNELAPI VOID NTAPI	PsReturnPoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)

NTKERNELAPI VOID NTAPI	PsReturnProcessPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)

NTKERNELAPI PVOID NTAPI	PsGetProcessSecurityPort (_In_ PEPROCESS Process)

NTKERNELAPI NTSTATUS NTAPI	PsSetProcessSecurityPort (_Inout_ PEPROCESS Process, _In_ PVOID SecurityPort)

NTKERNELAPI HANDLE NTAPI	PsGetCurrentThreadProcessId (VOID)

NTSYSCALLAPI NTSTATUS NTAPI	NtAlertResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)

NTSYSCALLAPI NTSTATUS NTAPI	NtApphelpCacheControl (_In_ APPHELPCACHESERVICECLASS Service, _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData)

NTSYSCALLAPI NTSTATUS NTAPI	NtAlertThread (_In_ HANDLE ThreadHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtAssignProcessToJobObject (_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtCreateJobObject (_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)

NTSTATUS NTAPI	NtCreateJobSet (_In_ ULONG NumJob, _In_ PJOB_SET_ARRAY UserJobSet, _In_ ULONG Flags)

NTSYSCALLAPI NTSTATUS NTAPI	NtCreateProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)

NTSYSCALLAPI NTSTATUS NTAPI	NtCreateProcessEx (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ ULONG Flags, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort, _In_ BOOLEAN InJob)

NTSYSCALLAPI NTSTATUS NTAPI	NtCreateThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)

FORCEINLINE struct _TEB *	NtCurrentTeb (VOID)

NTSYSCALLAPI NTSTATUS NTAPI	NtImpersonateThread (_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)

NTSYSCALLAPI NTSTATUS NTAPI	NtIsProcessInJob (_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtOpenProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PCLIENT_ID ClientId)

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)

NTSYSCALLAPI NTSTATUS NTAPI	NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtQueryInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)

NTSYSCALLAPI NTSTATUS NTAPI	NtQueryInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)

NTSYSCALLAPI NTSTATUS NTAPI	NtRegisterThreadTerminatePort (_In_ HANDLE TerminationPort)

NTSYSCALLAPI NTSTATUS NTAPI	NtResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)

NTSYSCALLAPI NTSTATUS NTAPI	NtResumeProcess (_In_ HANDLE ProcessHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtSetInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_bytecount_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength)

NTSYSCALLAPI NTSTATUS NTAPI	NtSetInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)

NTSYSCALLAPI NTSTATUS NTAPI	NtSuspendProcess (_In_ HANDLE ProcessHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtSuspendThread (_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)

NTSYSCALLAPI NTSTATUS NTAPI	NtTerminateProcess (_In_ HANDLE ProcessHandle, _In_ NTSTATUS ExitStatus)

NTSYSCALLAPI NTSTATUS NTAPI	NtTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)

NTSYSCALLAPI NTSTATUS NTAPI	NtTerminateJobObject (_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)

NTSYSAPI NTSTATUS NTAPI	ZwAlertResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)

NTSYSAPI NTSTATUS NTAPI	ZwAlertThread (_In_ HANDLE ThreadHandle)

NTSYSAPI NTSTATUS NTAPI	ZwAssignProcessToJobObject (_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)

NTSYSAPI NTSTATUS NTAPI	ZwCreateJobObject (_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)

NTSYSAPI NTSTATUS NTAPI	ZwCreateProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)

NTSYSAPI NTSTATUS NTAPI	ZwCreateThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)

NTSYSAPI NTSTATUS NTAPI	ZwImpersonateThread (_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)

NTSYSAPI NTSTATUS NTAPI	ZwIsProcessInJob (_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)

	_IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx(_In_ HANDLE ProcessHandle

NTSYSAPI NTSTATUS NTAPI	ZwOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)

NTSYSAPI NTSTATUS NTAPI	ZwOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)

NTSYSAPI NTSTATUS NTAPI	ZwOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)

NTSYSAPI NTSTATUS NTAPI	ZwQueryInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)

NTSYSAPI NTSTATUS NTAPI	ZwQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)

NTSYSAPI NTSTATUS NTAPI	ZwQueryInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)

NTSYSAPI NTSTATUS NTAPI	ZwRegisterThreadTerminatePort (_In_ HANDLE TerminationPort)

NTSYSAPI NTSTATUS NTAPI	ZwResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)

NTSYSAPI NTSTATUS NTAPI	ZwResumeProcess (_In_ HANDLE ProcessHandle)

NTSYSAPI NTSTATUS NTAPI	ZwSetInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_ PVOID JobInformation, _In_ ULONG JobInformationLength)

NTSYSAPI NTSTATUS NTAPI	ZwSetInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)

_In_ THREADINFOCLASS	_In_reads_bytes_ (ThreadInformationLength) PVOID ThreadInformation

NTSYSAPI NTSTATUS NTAPI	ZwSuspendProcess (_In_ HANDLE ProcessHandle)

NTSYSAPI NTSTATUS NTAPI	ZwSuspendThread (_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)

NTSYSAPI NTSTATUS NTAPI	ZwTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)

NTSYSAPI NTSTATUS NTAPI	ZwTerminateJobObject (_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)

Function Documentation

◆ _In_reads_bytes_()

_In_ THREADINFOCLASS _In_reads_bytes_ ( ThreadInformationLength )

Referenced by NtCurrentTeb().

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL )

Definition at line 64 of file Messaging.c.

Referenced by NtCurrentTeb().

 {
     PFLT_SERVER_PORT_OBJECT PortObject;
     NTSTATUS Status;
 
     /* The caller must allow at least one connection */
     if (MaxConnections == 0)
     {
         return STATUS_INVALID_PARAMETER;
     }
 
     /* The request must be for a kernel handle */
     if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
     {
         return STATUS_INVALID_PARAMETER;
     }
 
     /*
      * Get rundown protection on the target to stop the owner
      * from unloading whilst this port object is open. It gets
      * removed in the FltpServerPortClose callback
      */
     Status = FltObjectReference(Filter);
     if (!NT_SUCCESS(Status))
     {
         return Status;
     }
 
     /* Create the server port object for this filter */
     Status = ObCreateObject(KernelMode,
                             ServerPortObjectType,
                             ObjectAttributes,
                             KernelMode,
                             NULL,
                             sizeof(FLT_SERVER_PORT_OBJECT),
                             0,
                             0,
                             (PVOID *)&PortObject);
     if (NT_SUCCESS(Status))
     {
         /* Zero out the struct */
         RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
 
         /* Increment the ref count on the target filter */
         FltpObjectPointerReference((PFLT_OBJECT)Filter);
 
         /* Setup the filter port object */
         PortObject->Filter = Filter;
         PortObject->ConnectNotify = ConnectNotifyCallback;
         PortObject->DisconnectNotify = DisconnectNotifyCallback;
         PortObject->MessageNotify = MessageNotifyCallback;
         PortObject->Cookie = ServerPortCookie;
         PortObject->MaxConnections = MaxConnections;
 
         /* Insert the object */
         Status = ObInsertObject(PortObject,
                                 NULL,
                                 STANDARD_RIGHTS_ALL | FILE_READ_DATA,
                                 0,
                                 NULL,
                                 (PHANDLE)ServerPort);
         if (NT_SUCCESS(Status))
         {
             /* Lock the connection list */
             ExAcquireFastMutex(&Filter->ConnectionList.mLock);
 
             /* Add the new port object to the connection list and increment the count */
             InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
             Filter->ConnectionList.mCount++;
 
             /* Unlock the connection list*/
             ExReleaseFastMutex(&Filter->ConnectionList.mLock);
         }
     }
 
     if (!NT_SUCCESS(Status))
     {
         /* Allow the filter to be cleaned up */
         FltObjectDereference(Filter);
     }
 
     return Status;
 }

◆ NtAlertResumeThread()

NTSYSCALLAPI NTSTATUS NTAPI NtAlertResumeThread	(	_In_ HANDLE	ThreadHandle,
		_Out_opt_ PULONG	SuspendCount
	)

◆ NtAlertThread()

NTSYSCALLAPI NTSTATUS NTAPI NtAlertThread ( _In_ HANDLE ThreadHandle )

◆ NtApphelpCacheControl()

NTSYSCALLAPI NTSTATUS NTAPI NtApphelpCacheControl	(	_In_ APPHELPCACHESERVICECLASS	Service,
		_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP	ServiceData
	)

Definition at line 729 of file apphelp.c.

Referenced by CallApphelp().

 {
     NTSTATUS Status = STATUS_INVALID_PARAMETER;
     UNICODE_STRING ImageName = { 0 };
     HANDLE Handle = INVALID_HANDLE_VALUE;
 
     if (!ApphelpCacheEnabled)
     {
         DPRINT1("NtApphelpCacheControl: ApphelpCacheEnabled == 0\n");
         return Status;
     }
     switch (Service)
     {
         case ApphelpCacheServiceLookup:
             DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceLookup )\n");
             Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
             if (NT_SUCCESS(Status))
                 Status = ApphelpCacheLookupEntry(&ImageName, Handle);
             break;
         case ApphelpCacheServiceRemove:
             DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceRemove )\n");
             Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
             if (NT_SUCCESS(Status))
                 Status = ApphelpCacheRemoveEntry(&ImageName);
             break;
         case ApphelpCacheServiceUpdate:
             DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceUpdate )\n");
             Status = ApphelpCacheAccessCheck();
             if (NT_SUCCESS(Status))
             {
                 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
                 if (NT_SUCCESS(Status))
                     Status = ApphelpCacheUpdateEntry(&ImageName, Handle);
             }
             break;
         case ApphelpCacheServiceFlush:
             Status = ApphelpCacheFlush();
             break;
         case ApphelpCacheServiceDump:
             Status = ApphelpCacheDump();
             break;
         case ApphelpDBGReadRegistry:
             DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): flushing cache.\n");
             ApphelpCacheFlush();
             DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): reading cache.\n");
             Status = ApphelpCacheRead() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
             break;
         case ApphelpDBGWriteRegistry:
             DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGWriteRegistry ): writing cache.\n");
             Status = ApphelpCacheWrite() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
             break;
         default:
             DPRINT1("SHIMS: NtApphelpCacheControl( Invalid service requested )\n");
             break;
     }
     if (ImageName.Buffer)
     {
         ApphelpFreeUnicodeString(&ImageName);
     }
     return Status;
 }

◆ NtAssignProcessToJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtAssignProcessToJobObject	(	_In_ HANDLE	JobHandle,
		_In_ HANDLE	ProcessHandle
	)

◆ NtCreateJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateJobObject	(	_Out_ PHANDLE	JobHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes
	)

◆ NtCreateJobSet()

NTSTATUS NTAPI NtCreateJobSet	(	_In_ ULONG	NumJob,
		_In_ PJOB_SET_ARRAY	UserJobSet,
		_In_ ULONG	Flags
	)

◆ NtCreateProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcess	(	_Out_ PHANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ HANDLE	ParentProcess,
		_In_ BOOLEAN	InheritObjectTable,
		_In_opt_ HANDLE	SectionHandle,
		_In_opt_ HANDLE	DebugPort,
		_In_opt_ HANDLE	ExceptionPort
	)

◆ NtCreateProcessEx()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcessEx	(	_Out_ PHANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ HANDLE	ParentProcess,
		_In_ ULONG	Flags,
		_In_opt_ HANDLE	SectionHandle,
		_In_opt_ HANDLE	DebugPort,
		_In_opt_ HANDLE	ExceptionPort,
		_In_ BOOLEAN	InJob
	)

◆ NtCreateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateThread	(	_Out_ PHANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ HANDLE	ProcessHandle,
		_Out_ PCLIENT_ID	ClientId,
		_In_ PCONTEXT	ThreadContext,
		_In_ PINITIAL_TEB	UserStack,
		_In_ BOOLEAN	CreateSuspended
	)

◆ NtCurrentTeb()

FORCEINLINE struct _TEB* NtCurrentTeb ( VOID )

Definition at line 420 of file psfuncs.h.

Referenced by __declspec(), __wine_pop_frame(), __wine_push_frame(), _NtCurrentTeb(), AbortDoc(), actctx_init(), AVrfInitializeVerifier(), AvrfpResolveThunks(), BaseCreateStack(), BaseCreateThreadPoolThread(), BaseGetNamedObjectDirectory(), Basep8BitStringToStaticUnicodeString(), BasepComputeProcessPath(), BasepLoadLibraryAsDatafile(), BuildUserModeWindowStationName(), CallMsgFilterA(), CallMsgFilterW(), CallNamedPipeA(), CloseAllProcessHandles(), COM_CurrentInfo(), COM_TlsDestroy(), CompareStringA(), ConvertFiberToThread(), ConvertThreadToFiberEx(), CountHandlers(), CreatePipe(), CreateProcessInternalW(), CSR_API(), CsrApiHandleConnectionRequest(), CsrApiRequestThread(), CsrClientCallServer(), CsrConnectToUser(), CsrIdentifyAlertableThread(), CsrInitializeProcessStructure(), CsrValidateMessageBuffer(), DbgkMapViewOfSection(), DbgUiConnectToDbg(), DbgUiContinue(), DbgUiDebugActiveProcess(), DbgUiGetThreadDebugObject(), DbgUiSetThreadDebugObject(), DbgUiStopDebugging(), DbgUiWaitStateChange(), DeleteFiber(), DllMain(), doChild(), ElfChangeNotify(), EndDoc(), EngGetLastError(), EngSetLastError(), ExitThread(), extfmt_default_dbg_vlog(), ExtSelectClipRgn(), FatalAppExitA(), FilenameA2W(), find_entry(), find_entry_language(), find_query_actctx(), FlsAlloc(), FlsGetValue(), FlsSetValue(), GdiAllocBatchCommand(), GdiDeleteBrushOrPen(), GdiDllInitialize(), GdiProcessSetup(), GdiQueryTable(), GdiSetLastError(), get_base_dir(), get_or_create_threaddata(), GetBinaryTypeA(), GetCurrentDirectoryA(), GetCurrentProcessId(), GetCurrentThreadId(), GetLastError(), GetModuleHandleA(), GetTeb(), GetTempFileNameW(), GetThreadLocale(), GetUserObjectSecurity(), GetW32ThreadInfo(), GetWindowThreadProcessId(), GuiConsoleInputThread(), hash_basename(), hGetPEBHandle(), InitThreadCallback(), IntAddSynthesizedFormats(), IntEndPage(), InternalAddAtom(), InternalFindAtom(), IntGetCurrentDC(), IntGetCurrentDcData(), IntGetCurrentDispatchTable(), IntGetCurrentICDPrivate(), IntGetCurrentRC(), IntMakeCurrent(), IntNotifyWinEvent(), IntSetCurrentDispatchTable(), IntSetCurrentICDPrivate(), IntSetThreadDesktop(), IsGUIThread(), IsThreadAFiber(), IsWinEventHookInstalled(), KiRaiseUserExceptionDispatcher(), KiSystemServiceHandler(), LCMapStringA(), ldr_notify_callback1(), ldr_notify_callback_dll_main(), ldr_notify_callback_fail(), LdrLoadDll(), LdrpAllocateTls(), LdrpFreeTls(), LdrpInit(), LdrpInitializeProcess(), LdrpInitializeThread(), LdrpInitSecurityCookie(), LdrpLoadImportModule(), LdrpMakeCookie(), LdrpMapDll(), LdrpRunInitializeRoutines(), LdrpUpdateLoadCount3(), LdrShutdownProcess(), LdrShutdownThread(), LdrUnlockLoaderLock(), load_gl_funcs(), Main(), MyGdiQueryTable(), NlsInit(), NtGdiFlushUserBatch(), NtUserSetWindowsHookAW(), OffsetViewportOrgEx(), OffsetWindowOrgEx(), ok_fls_(), PostMessageA(), PostMessageW(), PsConvertToGuiThread(), PspUserThreadStartup(), RemoveHandles(), RemoveTailList(), rosfmt_default_dbg_vlog(), RtlAcquirePrivilege(), RtlAcquireResourceExclusive(), RtlAcquireResourceShared(), RtlActivateActivationContext(), RtlActivateActivationContextUnsafeFast(), RtlApplicationVerifierStop(), RtlConvertSharedToExclusive(), RtlCreateActivationContext(), RtlDeactivateActivationContext(), RtlDeactivateActivationContextUnsafeFast(), RtlEnterCriticalSection(), RtlExitUserThread(), RtlFindActivationContextSectionGuid(), RtlFindActivationContextSectionString(), RtlFreeThreadActivationContextStack(), RtlGetActiveActivationContext(), RtlGetCriticalSectionRecursionCount(), RtlGetFrame(), RtlGetLastNtStatus(), RtlGetLastWin32Error(), RtlGetThreadErrorMode(), RtlInitializeCriticalSectionAndSpinCount(), RtlIsActivationContextActive(), RtlIsCriticalSectionLockedByThread(), RtlIsThreadWithinLoaderCallout(), RtlLeaveCriticalSection(), RtlNtStatusToDosError(), RtlpCaptureStackLimits(), RtlpClearInDbgPrint(), RtlpDphProcessStartupInitialization(), RtlpFreeDebugInfo(), RtlPopFrame(), RtlpPageHeapCreate(), RtlpPageHeapDestroy(), RtlpSetInDbgPrint(), RtlPushFrame(), RtlpWaitForCriticalSection(), RtlQueryProcessDebugInformation(), RtlSecureZeroMemory(), RtlSetLastWin32Error(), RtlSetLastWin32ErrorAndNtStatusFromNtStatus(), RtlSetThreadErrorMode(), RtlTryEnterCriticalSection(), RtlWalkFrameChain(), service_main(), SetConsoleInputExeNameA(), SetGraphicsMode(), SetLastError(), SetMapperFlags(), SetPolyFillMode(), SetROP2(), SetTextCharacterExtra(), SetTextJustification(), SetThreadLocale(), SetThreadUILanguage(), SetUserObjectSecurity(), SetViewportExtEx(), SetWindowExtEx(), SetWindowOrgEx(), SetWindowsHookA(), SetWindowsHookW(), SockEnterApiFast(), START_TEST(), StartPage(), TerminateThread(), test_GetThreadExitCode(), test_HashLinks(), test_import_resolution(), test_InMemoryOrderModuleList(), test_query_object(), test_RemoveDirectoryA(), test_RemoveDirectoryW(), test_RtlThreadErrorMode(), test_write_watch(), TestWindowProcess(), TlsAlloc(), TlsGetValue(), TlsSetValue(), UnhandledExceptionFilter(), UpdateColors(), UserDbgAssertThreadInfo(), UserSetLastError(), vDbgPrintExWithPrefixInternal(), VdmDispatchBop(), VdmDispatchPageFault(), VdmpGetVdmTib(), Win32kThreadCallback(), wined3d_cs_create(), and winefmt_default_dbg_vlog().

 {
 #if defined(_M_IX86)
     return (PTEB)__readfsdword(0x18);
 #elif defined (_M_AMD64)
     return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self));
 #elif defined (_M_ARM)
     return (struct _TEB *)KeGetPcr()->Used_Self;
 #endif
 }

◆ NtImpersonateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateThread	(	_In_ HANDLE	ThreadHandle,
		_In_ HANDLE	ThreadToImpersonate,
		_In_ PSECURITY_QUALITY_OF_SERVICE	SecurityQualityOfService
	)

Referenced by NtCurrentTeb().

◆ NtIsProcessInJob()

NTSYSCALLAPI NTSTATUS NTAPI NtIsProcessInJob	(	_In_ HANDLE	ProcessHandle,
		_In_opt_ HANDLE	JobHandle
	)

Referenced by NtCurrentTeb().

◆ NtOpenProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess	(	_Out_ PHANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_opt_ PCLIENT_ID	ClientId
	)

Referenced by _IRQL_requires_max_(), and NtCurrentTeb().

◆ NtOpenProcessToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken	(	_In_ HANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_Out_ PHANDLE	TokenHandle
	)

Referenced by NtCurrentTeb().

◆ NtOpenThread()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThread	(	_Out_ PHANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ PCLIENT_ID	ClientId
	)

Referenced by NtCurrentTeb().

◆ NtOpenThreadToken()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken	(	_In_ HANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ BOOLEAN	OpenAsSelf,
		_Out_ PHANDLE	TokenHandle
	)

Referenced by NtCurrentTeb().

◆ NtOpenThreadTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx	(	_In_ HANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ BOOLEAN	OpenAsSelf,
		_In_ ULONG	HandleAttributes,
		_Out_ PHANDLE	TokenHandle
	)

Referenced by NtCurrentTeb().

◆ NtQueryInformationJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationJobObject	(	_In_ HANDLE	JobHandle,
		_In_ JOBOBJECTINFOCLASS	JobInformationClass,
		_Out_bytecap_(JobInformationLength) PVOID	JobInformation,
		_In_ ULONG	JobInformationLength,
		_Out_ PULONG	ReturnLength
	)

Referenced by NtCurrentTeb().

◆ NtQueryInformationProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ PROCESSINFOCLASS	ProcessInformationClass,
		_Out_ PVOID	ProcessInformation,
		_In_ ULONG	ProcessInformationLength,
		_Out_opt_ PULONG	ReturnLength
	)

Referenced by NtCurrentTeb().

◆ NtQueryInformationThread()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread	(	_In_ HANDLE	ThreadHandle,
		_In_ THREADINFOCLASS	ThreadInformationClass,
		_Out_ PVOID	ThreadInformation,
		_In_ ULONG	ThreadInformationLength,
		_Out_opt_ PULONG	ReturnLength
	)

Referenced by NtCurrentTeb().

◆ NtRegisterThreadTerminatePort()

NTSYSCALLAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort ( _In_ HANDLE TerminationPort )

Referenced by NtCurrentTeb().

◆ NtResumeProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtResumeProcess ( _In_ HANDLE ProcessHandle )

Referenced by NtCurrentTeb().

◆ NtResumeThread()

NTSYSCALLAPI NTSTATUS NTAPI NtResumeThread	(	_In_ HANDLE	ThreadHandle,
		_Out_opt_ PULONG	SuspendCount
	)

Referenced by NtCurrentTeb().

◆ NtSetInformationJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationJobObject	(	_In_ HANDLE	JobHandle,
		_In_ JOBOBJECTINFOCLASS	JobInformationClass,
		_In_bytecount_(JobInformationLength) PVOID	JobInformation,
		_In_ ULONG	JobInformationLength
	)

Referenced by NtCurrentTeb().

◆ NtSetInformationProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ PROCESSINFOCLASS	ProcessInformationClass,
		_In_ PVOID	ProcessInformation,
		_In_ ULONG	ProcessInformationLength
	)

Referenced by NtCurrentTeb().

◆ NtSetInformationThread()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread	(	_In_ HANDLE	ThreadHandle,
		_In_ THREADINFOCLASS	ThreadInformationClass,
		_In_reads_bytes_(ThreadInformationLength) PVOID	ThreadInformation,
		_In_ ULONG	ThreadInformationLength
	)

Referenced by NtCurrentTeb().

◆ NtSuspendProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtSuspendProcess ( _In_ HANDLE ProcessHandle )

Referenced by NtCurrentTeb().

◆ NtSuspendThread()

NTSYSCALLAPI NTSTATUS NTAPI NtSuspendThread	(	_In_ HANDLE	ThreadHandle,
		_In_ PULONG	PreviousSuspendCount
	)

Referenced by NtCurrentTeb().

◆ NtTerminateJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateJobObject	(	_In_ HANDLE	JobHandle,
		_In_ NTSTATUS	ExitStatus
	)

Referenced by NtCurrentTeb().

◆ NtTerminateProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ NTSTATUS	ExitStatus
	)

Referenced by NtCurrentTeb().

◆ NtTerminateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateThread	(	_In_ HANDLE	ThreadHandle,
		_In_ NTSTATUS	ExitStatus
	)

Referenced by NtCurrentTeb().

◆ PsChargePoolQuota()

NTKERNELAPI VOID NTAPI PsChargePoolQuota	(	_In_ PEPROCESS	Process,
		_In_ POOL_TYPE	PoolType,
		_In_ SIZE_T	Amount
	)

◆ PsChargeProcessNonPagedPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ SIZE_T	Amount
	)

◆ PsChargeProcessPagedPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPagedPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ SIZE_T	Amount
	)

◆ PsChargeProcessPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ POOL_TYPE	PoolType,
		_In_ SIZE_T	Amount
	)

◆ PsEstablishWin32Callouts()

NTKERNELAPI VOID NTAPI PsEstablishWin32Callouts ( _In_ PWIN32_CALLOUTS_FPNS CalloutData )

◆ PsGetCurrentProcessSessionId()

NTKERNELAPI ULONG NTAPI PsGetCurrentProcessSessionId ( VOID )

Definition at line 1133 of file process.c.

Referenced by ExpWin32SessionCallout(), IntCreateDesktop(), IntDestroyMenuObject(), NtSetInformationObject(), NtUserSwitchDesktop(), ObpLookupObjectName(), and VideoPortUseDeviceInSession().

 {
     return MmGetSessionId(PsGetCurrentProcess());
 }

◆ PsGetCurrentProcessWin32Process()

NTKERNELAPI PVOID NTAPI PsGetCurrentProcessWin32Process ( VOID )

Definition at line 1183 of file process.c.

Referenced by _Function_class_(), CheckWinstaAttributeAccess(), co_IntGraphicsCheck(), co_IntSetParent(), co_IntSetWindowLongPtr(), co_IntUserManualGuiCheck(), co_UserDestroyWindow(), DC_bAllocDcAttr(), DC_vFreeDcAttr(), DecrementCurrentProcessGdiHandleCount(), DesktopHeapAddressToUser(), DesktopHeapGetUserDelta(), FindFaceNameInLists(), GDI_CleanupForProcess(), GetBrushAttrPool(), GetControlColor(), GetW32ProcessInfo(), handle_internal_message(), IdlePing(), IdlePong(), IncrementCurrentProcessGdiHandleCount(), IntAllowSetForegroundWindow(), IntGdiAddFontMemResource(), IntGdiCleanupPrivateFontsForProcess(), IntGdiLoadFontsFromMemory(), IntGdiRemoveFontMemResource(), IntGdiSetRegionOwner(), IntLoadHookModule(), IntLoadSystenIcons(), IntLockSetForegroundWindow(), IntMapDesktopView(), IntUnmapDesktopView(), IntWinStaOkToClose(), NtGdiGetFontFamilyInfo(), NtUserCallHwndParam(), NtUserCallOneParam(), NtUserDestroyCursor(), NtUserFindExistingCursorIcon(), NtUserGetComboBoxInfo(), NtUserGetListBoxInfo(), NtUserSetSystemCursor(), NtUserSetWindowFNID(), REGION_bAllocRgnAttr(), REGION_vCleanup(), SharedFace_Release(), TextIntRealizeFont(), UserDbgAssertThreadInfo(), UserGetDCEx(), UserGetProcessWindowStation(), UserHeapAddressToUser(), UserSetProcessWindowStation(), UserSystemParametersInfo(), and UserUnregisterUserApiHook().

 {
     return PsGetCurrentProcess()->Win32Process;
 }

◆ PsGetCurrentThreadProcessId()

NTKERNELAPI HANDLE NTAPI PsGetCurrentThreadProcessId ( VOID )

Definition at line 755 of file thread.c.

Referenced by intDdCreateDirectDrawLocal().

 {
     return PsGetCurrentThread()->Cid.UniqueProcess;
 }

◆ PsGetCurrentThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadWin32Thread ( VOID )

Definition at line 805 of file thread.c.

Referenced by AllocateUserMessage(), CaretSystemTimerProc(), co_HOOK_CallHooks(), co_IntCallHookProc(), co_IntCallSentMessageCallback(), co_IntCallWindowProc(), co_IntClientLoadLibrary(), co_IntClientThreadSetup(), co_IntFixCaret(), co_IntGetPeekMessage(), co_IntLoadDefaultCursors(), co_IntLoadSysMenuTemplate(), co_IntPaintWindows(), co_IntPeekMessage(), co_IntProcessKeyboardMessage(), co_IntProcessMouseMessage(), co_IntSendActivateMessages(), co_IntSendMessageTimeoutSingle(), co_IntSendMessageWithCallBack(), co_IntSetActiveWindow(), co_IntSetCaretPos(), co_IntSetForegroundAndFocusWindow(), co_IntWaitMessage(), co_MsqDispatchOneSentMessage(), co_MsqReplyMessage(), co_MsqSendMessage(), co_MsqSendMessageAsync(), co_UserDestroyWindow(), co_UserHideCaret(), co_UserSetCapture(), co_UserSetFocus(), co_UserShowCaret(), co_WinPosSearchChildren(), co_WinPosSetWindowPos(), co_WinPosShowWindow(), DECREASE_THREAD_LOCK_COUNT(), DefWndDoSizeMove(), DefWndStartSizeMove(), DesktopHeapGetUserDelta(), DesktopThreadMain(), GetW32ThreadInfo(), handle_internal_message(), IdlePing(), INCREASE_THREAD_LOCK_COUNT(), IntAddAtom(), IntCallWndProc(), IntCallWndProcRet(), IntCbAllocateMemory(), IntCbFreeMemory(), IntCreateDesktop(), IntDeactivateWindow(), IntDefWindowProc(), IntDeRegisterShellHookWindow(), IntDesktopOkToClose(), IntDispatchMessage(), IntDrawScrollBar(), IntGetAndReferenceClass(), IntGetAtomName(), IntGetCapture(), IntGetCurrentThreadDesktopWindow(), IntGetNextHook(), IntGetQueueStatus(), IntGetThreadDesktopWindow(), IntGetThreadFocusWindow(), IntInitMessagePumpHook(), IntInvalidateWindows(), IntIsClipboardOpenByMe(), IntMsqClearWakeMask(), IntMsqSetWakeMask(), IntNotifyWinEvent(), IntQueryTrackMouseEvent(), IntRegisterShellHookWindow(), IntReleaseCapture(), IntSendDestroyMsg(), IntSendSyncPaint(), IntSetThreadDesktop(), IntSetTimer(), IntTrackMouseEvent(), IntTrackPopupMenuEx(), IntTranslateKbdMessage(), IntUnhookWindowsHook(), IntUninitMessagePumpHook(), IntUserSetActiveWindow(), MENU_DoNextMenu(), MENU_InitTracking(), MENU_TrackMenu(), MsqGetMessageExtraInfo(), MsqSetMessageExtraInfo(), NtUserActivateKeyboardLayout(), NtUserBlockInput(), NtUserCallNoParam(), NtUserCallOneParam(), NtUserCallTwoParam(), NtUserCreateAcceleratorTable(), NtUserCreateCaret(), NtUserGetCaretPos(), NtUserGetKeyboardLayoutName(), NtUserGetKeyboardState(), NtUserGetKeyNameText(), NtUserGetThreadState(), NtUserLoadKeyboardLayoutEx(), NtUserLockWorkStation(), NtUserMapVirtualKeyEx(), NtUserSendInput(), NtUserSetKeyboardState(), NtUserSetThreadState(), NtUserSetWindowsHookEx(), NtUserSetWinEventHook(), NtUserToUnicodeEx(), NtUserValidateTimerCallback(), NtUserVkKeyScanEx(), NtUserWaitForInputIdle(), PostTimerMessages(), UserDbgAssertThreadInfo(), UserDerefObjectCo(), UserDestroyMenu(), UserEnterExclusive(), UserGetActiveWindow(), UserGetCPD(), UserGetKeyboardLayout(), UserGetKeyState(), UserInitialize(), UserOpenClipboard(), UserRefObjectCo(), UserRegisterHotKey(), UserRegisterUserApiHook(), UserSendKeyboardInput(), UserSendMouseInput(), UserSetActiveWindow(), UserSetCursor(), UserShowCursor(), and UserUnregisterUserApiHook().

 {
     return PsGetCurrentThread()->Tcb.Win32Thread;
 }

◆ PsGetProcessExitProcessCalled()

NTKERNELAPI BOOLEAN NTAPI PsGetProcessExitProcessCalled ( _In_ PEPROCESS Process )

◆ PsGetProcessExitStatus()

NTKERNELAPI NTSTATUS NTAPI PsGetProcessExitStatus ( _In_ PEPROCESS Process )

◆ PsGetProcessInheritedFromUniqueProcessId()

HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId ( _In_ PEPROCESS Process )

◆ PsGetProcessSecurityPort()

NTKERNELAPI PVOID NTAPI PsGetProcessSecurityPort ( _In_ PEPROCESS Process )

◆ PsGetProcessSessionId()

NTKERNELAPI ULONG NTAPI PsGetProcessSessionId ( _In_ PEPROCESS Process )

◆ PsGetProcessWin32Process()

NTKERNELAPI PVOID NTAPI PsGetProcessWin32Process ( _In_ PEPROCESS Process )

◆ PsGetProcessWin32WindowStation()

NTKERNELAPI PVOID NTAPI PsGetProcessWin32WindowStation ( _In_ PEPROCESS Process )

◆ PsGetThreadFreezeCount()

NTKERNELAPI ULONG NTAPI PsGetThreadFreezeCount ( _In_ PETHREAD Thread )

◆ PsGetThreadHardErrorsAreDisabled()

NTKERNELAPI BOOLEAN NTAPI PsGetThreadHardErrorsAreDisabled ( _In_ PETHREAD Thread )

◆ PsGetThreadId()

NTKERNELAPI HANDLE NTAPI PsGetThreadId ( _In_ PETHREAD Thread )

◆ PsGetThreadProcess()

NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess ( _In_ PETHREAD Thread )

◆ PsGetThreadTeb()

NTKERNELAPI PTEB NTAPI PsGetThreadTeb ( _In_ PETHREAD Thread )

◆ PsGetThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread ( _In_ PETHREAD Thread )

◆ PsIsProtectedProcess()

BOOLEAN NTAPI PsIsProtectedProcess ( _In_ PEPROCESS Process )

◆ PsIsSystemProcess()

NTKERNELAPI BOOLEAN NTAPI PsIsSystemProcess ( _In_ PEPROCESS Process )

◆ PsIsThreadImpersonating()

NTKERNELAPI BOOLEAN NTAPI PsIsThreadImpersonating ( _In_ PETHREAD Thread )

◆ PsLookupProcessThreadByCid()

NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid	(	_In_ PCLIENT_ID	Cid,
		_Out_opt_ PEPROCESS *	Process,
		_Out_ PETHREAD *	Thread
	)

◆ PsReturnPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ POOL_TYPE	PoolType,
		_In_ SIZE_T	Amount
	)

◆ PsReturnProcessNonPagedPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ SIZE_T	Amount
	)

◆ PsReturnProcessPagedPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnProcessPagedPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ SIZE_T	Amount
	)

◆ PsRevertThreadToSelf()

NTKERNELAPI VOID NTAPI PsRevertThreadToSelf ( _Inout_ PETHREAD Thread )

◆ PsSetProcessPriorityByClass()

VOID NTAPI PsSetProcessPriorityByClass	(	_In_ PEPROCESS	Process,
		_In_ PSPROCESSPRIORITYMODE	Type
	)

◆ PsSetProcessSecurityPort()

NTKERNELAPI NTSTATUS NTAPI PsSetProcessSecurityPort	(	_Inout_ PEPROCESS	Process,
		_In_ PVOID	SecurityPort
	)

◆ PsSetProcessWin32Process()

NTKERNELAPI NTSTATUS NTAPI PsSetProcessWin32Process	(	_Inout_ PEPROCESS	Process,
		_In_opt_ PVOID	Win32Process,
		_In_opt_ PVOID	OldWin32Process
	)

Definition at line 1257 of file process.c.

Referenced by AllocW32Process(), and ExitProcessCallback().

 {
     NTSTATUS Status;
 
     /* Assume success */
     Status = STATUS_SUCCESS;
 
     /* Lock the process */
     KeEnterCriticalRegion();
     ExAcquirePushLockExclusive(&Process->ProcessLock);
 
     /* Check if we set a new win32 process */
     if (Win32Process != NULL)
     {
         /* Check if the process is in the right state */
         if (((Process->Flags & PSF_PROCESS_DELETE_BIT) == 0) &&
             (Process->Win32Process == NULL))
         {
             /* Set the new win32 process */
             Process->Win32Process = Win32Process;
         }
         else
         {
             /* Otherwise fail */
             Status = STATUS_PROCESS_IS_TERMINATING;
         }
     }
     else
     {
         /* Reset the win32 process, did the caller specify the correct old value? */
         if (Process->Win32Process == OldWin32Process)
         {
             /* Yes, so reset the win32 process to NULL */
             Process->Win32Process = NULL;
         }
         else
         {
             /* Otherwise fail */
             Status = STATUS_UNSUCCESSFUL;
         }
     }
 
     /* Unlock the process */
     ExReleasePushLockExclusive(&Process->ProcessLock);
     KeLeaveCriticalRegion();
 
     return Status;
 }

◆ PsSetProcessWindowStation()

NTKERNELAPI VOID NTAPI PsSetProcessWindowStation	(	_Inout_ PEPROCESS	Process,
		_In_opt_ PVOID	WindowStation
	)

◆ PsSetThreadHardErrorsAreDisabled()

NTKERNELAPI VOID NTAPI PsSetThreadHardErrorsAreDisabled	(	_Inout_ PETHREAD	Thread,
		_In_ BOOLEAN	Disabled
	)

◆ PsSetThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsSetThreadWin32Thread	(	_Inout_ PETHREAD	Thread,
		_In_opt_ PVOID	Win32Thread,
		_In_opt_ PVOID	OldWin32Thread
	)

◆ ZwAlertResumeThread()

NTSYSAPI NTSTATUS NTAPI ZwAlertResumeThread	(	_In_ HANDLE	ThreadHandle,
		_Out_opt_ PULONG	SuspendCount
	)

Referenced by NtCurrentTeb().

◆ ZwAlertThread()

NTSYSAPI NTSTATUS NTAPI ZwAlertThread ( _In_ HANDLE ThreadHandle )

Referenced by NtCurrentTeb().

◆ ZwAssignProcessToJobObject()

NTSYSAPI NTSTATUS NTAPI ZwAssignProcessToJobObject	(	_In_ HANDLE	JobHandle,
		_In_ HANDLE	ProcessHandle
	)

Referenced by NtCurrentTeb().

◆ ZwCreateJobObject()

NTSYSAPI NTSTATUS NTAPI ZwCreateJobObject	(	_Out_ PHANDLE	JobHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes
	)

Referenced by NtCurrentTeb().

◆ ZwCreateProcess()

NTSYSAPI NTSTATUS NTAPI ZwCreateProcess	(	_Out_ PHANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ HANDLE	ParentProcess,
		_In_ BOOLEAN	InheritObjectTable,
		_In_opt_ HANDLE	SectionHandle,
		_In_opt_ HANDLE	DebugPort,
		_In_opt_ HANDLE	ExceptionPort
	)

Referenced by NtCurrentTeb(), and RtlCreateUserProcess().

◆ ZwCreateThread()

NTSYSAPI NTSTATUS NTAPI ZwCreateThread	(	_Out_ PHANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ HANDLE	ProcessHandle,
		_Out_ PCLIENT_ID	ClientId,
		_In_ PCONTEXT	ThreadContext,
		_In_ PINITIAL_TEB	UserStack,
		_In_ BOOLEAN	CreateSuspended
	)

Referenced by NtCurrentTeb(), and RtlCreateUserThread().

◆ ZwImpersonateThread()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateThread	(	_In_ HANDLE	ThreadHandle,
		_In_ HANDLE	ThreadToImpersonate,
		_In_ PSECURITY_QUALITY_OF_SERVICE	SecurityQualityOfService
	)

Referenced by NtCurrentTeb().

◆ ZwIsProcessInJob()

NTSYSAPI NTSTATUS NTAPI ZwIsProcessInJob	(	_In_ HANDLE	ProcessHandle,
		_In_opt_ HANDLE	JobHandle
	)

Referenced by NtCurrentTeb().

◆ ZwOpenThread()

NTSYSAPI NTSTATUS NTAPI ZwOpenThread	(	_Out_ PHANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ PCLIENT_ID	ClientId
	)

◆ ZwOpenThreadToken()

NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken	(	_In_ HANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ BOOLEAN	OpenAsSelf,
		_Out_ PHANDLE	TokenHandle
	)

Referenced by RtlAdjustPrivilege(), and RtlpOpenThreadToken().

◆ ZwOpenThreadTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx	(	_In_ HANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ BOOLEAN	OpenAsSelf,
		_In_ ULONG	HandleAttributes,
		_Out_ PHANDLE	TokenHandle
	)

Referenced by RtlFormatCurrentUserKeyPath().

◆ ZwQueryInformationJobObject()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationJobObject	(	_In_ HANDLE	JobHandle,
		_In_ JOBOBJECTINFOCLASS	JobInformationClass,
		_Out_bytecap_(JobInformationLength) PVOID	JobInformation,
		_In_ ULONG	JobInformationLength,
		_Out_ PULONG	ReturnLength
	)

◆ ZwQueryInformationProcess()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ PROCESSINFOCLASS	ProcessInformationClass,
		_Out_ PVOID	ProcessInformation,
		_In_ ULONG	ProcessInformationLength,
		_Out_opt_ PULONG	ReturnLength
	)

Referenced by create_stream(), lie_about_fs_type(), RtlCreateUserProcess(), RtlEncodePointer(), and RtlSetProcessIsCritical().

◆ ZwQueryInformationThread()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread	(	_In_ HANDLE	ThreadHandle,
		_In_ THREADINFOCLASS	ThreadInformationClass,
		_Out_ PVOID	ThreadInformation,
		_In_ ULONG	ThreadInformationLength,
		_Out_opt_ PULONG	ReturnLength
	)

Referenced by RtlSetThreadIsCritical().

◆ ZwRegisterThreadTerminatePort()

NTSYSAPI NTSTATUS NTAPI ZwRegisterThreadTerminatePort ( _In_ HANDLE TerminationPort )

◆ ZwResumeProcess()

NTSYSAPI NTSTATUS NTAPI ZwResumeProcess ( _In_ HANDLE ProcessHandle )

◆ ZwResumeThread()

NTSYSAPI NTSTATUS NTAPI ZwResumeThread	(	_In_ HANDLE	ThreadHandle,
		_Out_opt_ PULONG	SuspendCount
	)

Referenced by ExpLoadInitialProcess().

◆ ZwSetInformationJobObject()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationJobObject	(	_In_ HANDLE	JobHandle,
		_In_ JOBOBJECTINFOCLASS	JobInformationClass,
		_In_ PVOID	JobInformation,
		_In_ ULONG	JobInformationLength
	)

◆ ZwSetInformationProcess()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ PROCESSINFOCLASS	ProcessInformationClass,
		_In_ PVOID	ProcessInformation,
		_In_ ULONG	ProcessInformationLength
	)

Referenced by LdrpInitializeProcess(), and RtlSetProcessIsCritical().

◆ ZwSuspendProcess()

NTSYSAPI NTSTATUS NTAPI ZwSuspendProcess ( _In_ HANDLE ProcessHandle )

◆ ZwSuspendThread()

NTSYSAPI NTSTATUS NTAPI ZwSuspendThread	(	_In_ HANDLE	ThreadHandle,
		_In_ PULONG	PreviousSuspendCount
	)

◆ ZwTerminateJobObject()

NTSYSAPI NTSTATUS NTAPI ZwTerminateJobObject	(	_In_ HANDLE	JobHandle,
		_In_ NTSTATUS	ExitStatus
	)

◆ ZwTerminateThread()

NTSYSAPI NTSTATUS NTAPI ZwTerminateThread	(	_In_ HANDLE	ThreadHandle,
		_In_ NTSTATUS	ExitStatus
	)

Referenced by RtlAssert().

Variable Documentation

◆ DesiredAccess

_In_ ACCESS_MASK DesiredAccess

Definition at line 715 of file psfuncs.h.

Referenced by NtCurrentTeb().

◆ ExitStatus

_In_ NTSTATUS ExitStatus

Definition at line 861 of file psfuncs.h.

Referenced by DbgkExitProcess(), DbgkExitThread(), NtCurrentTeb(), PspExitThread(), and test_query_process_basic().

◆ HandleAttributes

_In_ ACCESS_MASK _In_ ULONG HandleAttributes

Definition at line 715 of file psfuncs.h.

Referenced by NtCurrentTeb().

◆ ThreadInformationClass

_In_ THREADINFOCLASS ThreadInformationClass

Definition at line 834 of file psfuncs.h.

Referenced by NtCurrentTeb().

◆ ThreadInformationLength

_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength

Definition at line 837 of file psfuncs.h.

Referenced by NtCurrentTeb().

◆ TokenHandle

_In_ ACCESS_MASK _In_ BOOLEAN _In_ ULONG _Out_ PHANDLE TokenHandle

Definition at line 715 of file psfuncs.h.

Referenced by CreateProcessInternalW(), LogonUserExW(), LsapLogonUser(), LsarSetSecurityObject(), MyLogonUser(), NtCurrentTeb(), NtSetInformationProcess(), NtSetInformationThread(), PspSetPrimaryToken(), RtlAdjustPrivilege(), RtlCreateUserSecurityObject(), RtlDefaultNpAcl(), RtlFormatCurrentUserKeyPath(), SamrSetSecurityObject(), and START_TEST().

Variables
_In_ ACCESS_MASK	DesiredAccess

_In_ ACCESS_MASK _In_ ULONG	HandleAttributes

_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE	TokenHandle

_In_ THREADINFOCLASS	ThreadInformationClass

_In_ THREADINFOCLASS _In_ ULONG	ThreadInformationLength

_In_ NTSTATUS	ExitStatus

Functions

Variables

Function Documentation

◆ _In_reads_bytes_()

◆ _IRQL_requires_max_()

◆ NtAlertResumeThread()

◆ NtAlertThread()

◆ NtApphelpCacheControl()

◆ NtAssignProcessToJobObject()

◆ NtCreateJobObject()

◆ NtCreateJobSet()

◆ NtCreateProcess()

◆ NtCreateProcessEx()

◆ NtCreateThread()

◆ NtCurrentTeb()

◆ NtImpersonateThread()

◆ NtIsProcessInJob()

◆ NtOpenProcess()

◆ NtOpenProcessToken()

◆ NtOpenThread()

◆ NtOpenThreadToken()

◆ NtOpenThreadTokenEx()

◆ NtQueryInformationJobObject()

◆ NtQueryInformationProcess()

◆ NtQueryInformationThread()

◆ NtRegisterThreadTerminatePort()

◆ NtResumeProcess()

◆ NtResumeThread()

◆ NtSetInformationJobObject()

◆ NtSetInformationProcess()

◆ NtSetInformationThread()

◆ NtSuspendProcess()

◆ NtSuspendThread()

◆ NtTerminateJobObject()

◆ NtTerminateProcess()

◆ NtTerminateThread()

◆ PsChargePoolQuota()

◆ PsChargeProcessNonPagedPoolQuota()

◆ PsChargeProcessPagedPoolQuota()

◆ PsChargeProcessPoolQuota()

◆ PsEstablishWin32Callouts()

◆ PsGetCurrentProcessSessionId()

◆ PsGetCurrentProcessWin32Process()

◆ PsGetCurrentThreadProcessId()

◆ PsGetCurrentThreadWin32Thread()

◆ PsGetProcessExitProcessCalled()

◆ PsGetProcessExitStatus()

◆ PsGetProcessInheritedFromUniqueProcessId()

◆ PsGetProcessSecurityPort()

◆ PsGetProcessSessionId()

◆ PsGetProcessWin32Process()

◆ PsGetProcessWin32WindowStation()

◆ PsGetThreadFreezeCount()

◆ PsGetThreadHardErrorsAreDisabled()

◆ PsGetThreadId()

◆ PsGetThreadProcess()

◆ PsGetThreadTeb()

◆ PsGetThreadWin32Thread()

◆ PsIsProtectedProcess()

◆ PsIsSystemProcess()

◆ PsIsThreadImpersonating()

◆ PsLookupProcessThreadByCid()

◆ PsReturnPoolQuota()

◆ PsReturnProcessNonPagedPoolQuota()

◆ PsReturnProcessPagedPoolQuota()

◆ PsRevertThreadToSelf()

◆ PsSetProcessPriorityByClass()

◆ PsSetProcessSecurityPort()

◆ PsSetProcessWin32Process()

◆ PsSetProcessWindowStation()

◆ PsSetThreadHardErrorsAreDisabled()

◆ PsSetThreadWin32Thread()

◆ ZwAlertResumeThread()

◆ ZwAlertThread()

◆ ZwAssignProcessToJobObject()

◆ ZwCreateJobObject()

◆ ZwCreateProcess()

◆ ZwCreateThread()

◆ ZwImpersonateThread()

◆ ZwIsProcessInJob()