#include <umtypes.h>
#include <pstypes.h>

Include dependency graph for psfuncs.h:

This graph shows which files directly or indirectly include this file:

Functions
NTKERNELAPI PVOID NTAPI	PsGetCurrentThreadWin32Thread (VOID)

NTKERNELAPI PVOID NTAPI	PsGetCurrentProcessWin32Process (VOID)

NTKERNELAPI PVOID NTAPI	PsGetProcessWin32Process (_In_ PEPROCESS Process)

NTKERNELAPI NTSTATUS NTAPI	PsSetProcessWin32Process (_Inout_ PEPROCESS Process, _In_opt_ PVOID Win32Process, _In_opt_ PVOID OldWin32Process)

NTKERNELAPI PVOID NTAPI	PsSetThreadWin32Thread (_Inout_ PETHREAD Thread, _In_opt_ PVOID Win32Thread, _In_opt_ PVOID OldWin32Thread)

NTKERNELAPI PVOID NTAPI	PsGetThreadWin32Thread (_In_ PETHREAD Thread)

NTKERNELAPI PVOID NTAPI	PsGetProcessWin32WindowStation (_In_ PEPROCESS Process)

NTKERNELAPI VOID NTAPI	PsSetProcessWindowStation (_Inout_ PEPROCESS Process, _In_opt_ PVOID WindowStation)

NTKERNELAPI PTEB NTAPI	PsGetThreadTeb (_In_ PETHREAD Thread)

NTKERNELAPI HANDLE NTAPI	PsGetThreadId (_In_ PETHREAD Thread)

NTKERNELAPI PEPROCESS NTAPI	PsGetThreadProcess (_In_ PETHREAD Thread)

NTKERNELAPI ULONG NTAPI	PsGetThreadFreezeCount (_In_ PETHREAD Thread)

NTKERNELAPI BOOLEAN NTAPI	PsGetThreadHardErrorsAreDisabled (_In_ PETHREAD Thread)

NTKERNELAPI VOID NTAPI	PsSetThreadHardErrorsAreDisabled (_Inout_ PETHREAD Thread, _In_ BOOLEAN Disabled)

NTKERNELAPI VOID NTAPI	PsEstablishWin32Callouts (_In_ PWIN32_CALLOUTS_FPNS CalloutData)

NTKERNELAPI VOID NTAPI	PsReturnProcessNonPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)

NTKERNELAPI ULONG NTAPI	PsGetCurrentProcessSessionId (VOID)

NTKERNELAPI BOOLEAN NTAPI	PsIsThreadImpersonating (_In_ PETHREAD Thread)

NTKERNELAPI VOID NTAPI	PsRevertThreadToSelf (_Inout_ PETHREAD Thread)

NTKERNELAPI NTSTATUS NTAPI	PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS Process, _Out_ PETHREAD Thread)

BOOLEAN NTAPI	PsIsProtectedProcess (_In_ PEPROCESS Process)

NTKERNELAPI BOOLEAN NTAPI	PsIsSystemProcess (_In_ PEPROCESS Process)

VOID NTAPI	PsSetProcessPriorityByClass (_In_ PEPROCESS Process, _In_ PSPROCESSPRIORITYMODE Type)

HANDLE NTAPI	PsGetProcessInheritedFromUniqueProcessId (_In_ PEPROCESS Process)

NTKERNELAPI NTSTATUS NTAPI	PsGetProcessExitStatus (_In_ PEPROCESS Process)

NTKERNELAPI ULONG NTAPI	PsGetProcessSessionId (_In_ PEPROCESS Process)

NTKERNELAPI BOOLEAN NTAPI	PsGetProcessExitProcessCalled (_In_ PEPROCESS Process)

NTKERNELAPI VOID NTAPI	PsChargePoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)

NTKERNELAPI NTSTATUS NTAPI	PsChargeProcessNonPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)

NTKERNELAPI NTSTATUS NTAPI	PsChargeProcessPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)

NTKERNELAPI NTSTATUS NTAPI	PsChargeProcessPoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)

NTKERNELAPI VOID NTAPI	PsReturnPoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)

NTKERNELAPI VOID NTAPI	PsReturnProcessPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)

NTKERNELAPI PVOID NTAPI	PsGetProcessSecurityPort (_In_ PEPROCESS Process)

NTKERNELAPI NTSTATUS NTAPI	PsSetProcessSecurityPort (_Inout_ PEPROCESS Process, _In_ PVOID SecurityPort)

NTKERNELAPI HANDLE NTAPI	PsGetCurrentThreadProcessId (VOID)

NTSYSCALLAPI NTSTATUS NTAPI	NtAlertResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)

NTSYSCALLAPI NTSTATUS NTAPI	NtApphelpCacheControl (_In_ APPHELPCACHESERVICECLASS Service, _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData)

NTSYSCALLAPI NTSTATUS NTAPI	NtAlertThread (_In_ HANDLE ThreadHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtAssignProcessToJobObject (_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtCreateJobObject (_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)

NTSTATUS NTAPI	NtCreateJobSet (_In_ ULONG NumJob, _In_ PJOB_SET_ARRAY UserJobSet, _In_ ULONG Flags)

NTSYSCALLAPI NTSTATUS NTAPI	NtCreateProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)

NTSYSCALLAPI NTSTATUS NTAPI	NtCreateProcessEx (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ ULONG Flags, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort, _In_ BOOLEAN InJob)

NTSYSCALLAPI NTSTATUS NTAPI	NtCreateThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)

FORCEINLINE struct _TEB *	NtCurrentTeb (VOID)

NTSYSCALLAPI NTSTATUS NTAPI	NtImpersonateThread (_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)

NTSYSCALLAPI NTSTATUS NTAPI	NtIsProcessInJob (_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtOpenProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PCLIENT_ID ClientId)

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)

NTSYSCALLAPI NTSTATUS NTAPI	NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtQueryInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)

NTSYSCALLAPI NTSTATUS NTAPI	NtQueryInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)

NTSYSCALLAPI NTSTATUS NTAPI	NtRegisterThreadTerminatePort (_In_ HANDLE TerminationPort)

NTSYSCALLAPI NTSTATUS NTAPI	NtResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)

NTSYSCALLAPI NTSTATUS NTAPI	NtResumeProcess (_In_ HANDLE ProcessHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtSetInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_bytecount_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength)

NTSYSCALLAPI NTSTATUS NTAPI	NtSetInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)

NTSYSCALLAPI NTSTATUS NTAPI	NtSuspendProcess (_In_ HANDLE ProcessHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtSuspendThread (_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)

NTSYSCALLAPI NTSTATUS NTAPI	NtTerminateProcess (_In_ HANDLE ProcessHandle, _In_ NTSTATUS ExitStatus)

NTSYSCALLAPI NTSTATUS NTAPI	NtTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)

NTSYSCALLAPI NTSTATUS NTAPI	NtTerminateJobObject (_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)

NTSYSAPI NTSTATUS NTAPI	ZwAlertResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)

NTSYSAPI NTSTATUS NTAPI	ZwAlertThread (_In_ HANDLE ThreadHandle)

NTSYSAPI NTSTATUS NTAPI	ZwAssignProcessToJobObject (_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)

NTSYSAPI NTSTATUS NTAPI	ZwCreateJobObject (_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)

NTSYSAPI NTSTATUS NTAPI	ZwCreateProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)

NTSYSAPI NTSTATUS NTAPI	ZwCreateThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)

NTSYSAPI NTSTATUS NTAPI	ZwImpersonateThread (_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)

NTSYSAPI NTSTATUS NTAPI	ZwIsProcessInJob (_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)

	_IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx(_In_ HANDLE ProcessHandle

NTSYSAPI NTSTATUS NTAPI	ZwOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)

NTSYSAPI NTSTATUS NTAPI	ZwOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)

NTSYSAPI NTSTATUS NTAPI	ZwOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)

NTSYSAPI NTSTATUS NTAPI	ZwQueryInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)

NTSYSAPI NTSTATUS NTAPI	ZwQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)

NTSYSAPI NTSTATUS NTAPI	ZwQueryInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)

NTSYSAPI NTSTATUS NTAPI	ZwRegisterThreadTerminatePort (_In_ HANDLE TerminationPort)

NTSYSAPI NTSTATUS NTAPI	ZwResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)

NTSYSAPI NTSTATUS NTAPI	ZwResumeProcess (_In_ HANDLE ProcessHandle)

NTSYSAPI NTSTATUS NTAPI	ZwSetInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_ PVOID JobInformation, _In_ ULONG JobInformationLength)

NTSYSAPI NTSTATUS NTAPI	ZwSetInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)

_In_ THREADINFOCLASS	_In_reads_bytes_ (ThreadInformationLength) PVOID ThreadInformation

NTSYSAPI NTSTATUS NTAPI	ZwSuspendProcess (_In_ HANDLE ProcessHandle)

NTSYSAPI NTSTATUS NTAPI	ZwSuspendThread (_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)

NTSYSAPI NTSTATUS NTAPI	ZwTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)

NTSYSAPI NTSTATUS NTAPI	ZwTerminateJobObject (_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)

Function Documentation

◆ _In_reads_bytes_()

_In_ THREADINFOCLASS _In_reads_bytes_ ( ThreadInformationLength )

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL )

Definition at line 64 of file Messaging.c.

 {
     PFLT_SERVER_PORT_OBJECT PortObject;
     NTSTATUS Status;
 
     /* The caller must allow at least one connection */
     if (MaxConnections == 0)
     {
         return STATUS_INVALID_PARAMETER;
     }
 
     /* The request must be for a kernel handle */
     if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
     {
         return STATUS_INVALID_PARAMETER;
     }
 
     /*
      * Get rundown protection on the target to stop the owner
      * from unloading whilst this port object is open. It gets
      * removed in the FltpServerPortClose callback
      */
     Status = FltObjectReference(Filter);
     if (!NT_SUCCESS(Status))
     {
         return Status;
     }
 
     /* Create the server port object for this filter */
     Status = ObCreateObject(KernelMode,
                             ServerPortObjectType,
                             ObjectAttributes,
                             KernelMode,
                             NULL,
                             sizeof(FLT_SERVER_PORT_OBJECT),
                             0,
                             0,
                             (PVOID *)&PortObject);
     if (NT_SUCCESS(Status))
     {
         /* Zero out the struct */
         RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
 
         /* Increment the ref count on the target filter */
         FltpObjectPointerReference((PFLT_OBJECT)Filter);
 
         /* Setup the filter port object */
         PortObject->Filter = Filter;
         PortObject->ConnectNotify = ConnectNotifyCallback;
         PortObject->DisconnectNotify = DisconnectNotifyCallback;
         PortObject->MessageNotify = MessageNotifyCallback;
         PortObject->Cookie = ServerPortCookie;
         PortObject->MaxConnections = MaxConnections;
 
         /* Insert the object */
         Status = ObInsertObject(PortObject,
                                 NULL,
                                 STANDARD_RIGHTS_ALL | FILE_READ_DATA,
                                 0,
                                 NULL,
                                 (PHANDLE)ServerPort);
         if (NT_SUCCESS(Status))
         {
             /* Lock the connection list */
             ExAcquireFastMutex(&Filter->ConnectionList.mLock);
 
             /* Add the new port object to the connection list and increment the count */
             InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
             Filter->ConnectionList.mCount++;
 
             /* Unlock the connection list*/
             ExReleaseFastMutex(&Filter->ConnectionList.mLock);
         }
     }
 
     if (!NT_SUCCESS(Status))
     {
         /* Allow the filter to be cleaned up */
         FltObjectDereference(Filter);
     }
 
     return Status;
 }

◆ NtAlertResumeThread()

NTSYSCALLAPI NTSTATUS NTAPI NtAlertResumeThread	(	_In_ HANDLE	ThreadHandle,
		_Out_opt_ PULONG	SuspendCount
	)

◆ NtAlertThread()

NTSYSCALLAPI NTSTATUS NTAPI NtAlertThread ( _In_ HANDLE ThreadHandle )

◆ NtApphelpCacheControl()

NTSYSCALLAPI NTSTATUS NTAPI NtApphelpCacheControl	(	_In_ APPHELPCACHESERVICECLASS	Service,
		_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP	ServiceData
	)

Definition at line 729 of file apphelp.c.

 {
     NTSTATUS Status = STATUS_INVALID_PARAMETER;
     UNICODE_STRING ImageName = { 0 };
     HANDLE Handle = INVALID_HANDLE_VALUE;
 
     if (!ApphelpCacheEnabled)
     {
         DPRINT1("NtApphelpCacheControl: ApphelpCacheEnabled == 0\n");
         return Status;
     }
     switch (Service)
     {
         case ApphelpCacheServiceLookup:
             DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceLookup )\n");
             Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
             if (NT_SUCCESS(Status))
                 Status = ApphelpCacheLookupEntry(&ImageName, Handle);
             break;
         case ApphelpCacheServiceRemove:
             DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceRemove )\n");
             Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
             if (NT_SUCCESS(Status))
                 Status = ApphelpCacheRemoveEntry(&ImageName);
             break;
         case ApphelpCacheServiceUpdate:
             DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceUpdate )\n");
             Status = ApphelpCacheAccessCheck();
             if (NT_SUCCESS(Status))
             {
                 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
                 if (NT_SUCCESS(Status))
                     Status = ApphelpCacheUpdateEntry(&ImageName, Handle);
             }
             break;
         case ApphelpCacheServiceFlush:
             /* FIXME: Check for admin or system here. */
             Status = ApphelpCacheFlush();
             break;
         case ApphelpCacheServiceDump:
             Status = ApphelpCacheDump();
             break;
         case ApphelpDBGReadRegistry:
             DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): flushing cache.\n");
             ApphelpCacheFlush();
             DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): reading cache.\n");
             Status = ApphelpCacheRead() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
             break;
         case ApphelpDBGWriteRegistry:
             DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGWriteRegistry ): writing cache.\n");
             Status = ApphelpCacheWrite() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
             break;
         default:
             DPRINT1("SHIMS: NtApphelpCacheControl( Invalid service requested )\n");
             break;
     }
     if (ImageName.Buffer)
     {
         ApphelpFreeUnicodeString(&ImageName);
     }
     return Status;
 }

Referenced by BaseDumpAppcompatCache(), BaseFlushAppcompatCache(), and CallApphelp().

◆ NtAssignProcessToJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtAssignProcessToJobObject	(	_In_ HANDLE	JobHandle,
		_In_ HANDLE	ProcessHandle
	)

◆ NtCreateJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateJobObject	(	_Out_ PHANDLE	JobHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes
	)

◆ NtCreateJobSet()

NTSTATUS NTAPI NtCreateJobSet	(	_In_ ULONG	NumJob,
		_In_ PJOB_SET_ARRAY	UserJobSet,
		_In_ ULONG	Flags
	)

◆ NtCreateProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcess	(	_Out_ PHANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ HANDLE	ParentProcess,
		_In_ BOOLEAN	InheritObjectTable,
		_In_opt_ HANDLE	SectionHandle,
		_In_opt_ HANDLE	DebugPort,
		_In_opt_ HANDLE	ExceptionPort
	)

◆ NtCreateProcessEx()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcessEx	(	_Out_ PHANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ HANDLE	ParentProcess,
		_In_ ULONG	Flags,
		_In_opt_ HANDLE	SectionHandle,
		_In_opt_ HANDLE	DebugPort,
		_In_opt_ HANDLE	ExceptionPort,
		_In_ BOOLEAN	InJob
	)

◆ NtCreateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateThread	(	_Out_ PHANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ HANDLE	ProcessHandle,
		_Out_ PCLIENT_ID	ClientId,
		_In_ PCONTEXT	ThreadContext,
		_In_ PINITIAL_TEB	UserStack,
		_In_ BOOLEAN	CreateSuspended
	)

◆ NtCurrentTeb()

FORCEINLINE struct _TEB* NtCurrentTeb ( VOID )

Definition at line 420 of file psfuncs.h.

 {
 #if defined(_M_IX86)
     return (PTEB)__readfsdword(0x18);
 #elif defined (_M_AMD64)
     return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self));
 #elif defined (_M_ARM)
     return (struct _TEB *)KeGetPcr()->Used_Self;
 #endif
 }

Referenced by __declspec(), __wine_pop_frame(), __wine_push_frame(), _NtCurrentTeb(), AbortDoc(), actctx_init(), AVrfInitializeVerifier(), AvrfpResolveThunks(), BaseCreateThreadPoolThread(), BaseGetNamedObjectDirectory(), Basep8BitStringToStaticUnicodeString(), BasepComputeProcessPath(), BasepLoadLibraryAsDatafile(), BaseSrvBSMThread(), BuildUserModeWindowStationName(), CallMsgFilterA(), CallMsgFilterW(), CallNamedPipeA(), CloseAllProcessHandles(), COM_CurrentInfo(), COM_TlsDestroy(), CompareStringA(), ConvertFiberToThread(), ConvertThreadToFiberEx(), CountHandlers(), CreatePipe(), CreateProcessInternalW(), CreateRemoteThread(), CSR_API(), CsrApiHandleConnectionRequest(), CsrApiRequestThread(), CsrClientCallServer(), CsrConnectToUser(), CsrIdentifyAlertableThread(), CsrInitializeProcessStructure(), CsrValidateMessageBuffer(), DbgkMapViewOfSection(), DbgUiConnectToDbg(), DbgUiContinue(), DbgUiDebugActiveProcess(), DbgUiGetThreadDebugObject(), DbgUiSetThreadDebugObject(), DbgUiStopDebugging(), DbgUiWaitStateChange(), DefineDosDeviceA(), DeleteFiber(), DllMain(), doChild(), ElfChangeNotify(), EndDoc(), EngGetLastError(), EngSetLastError(), ExitThread(), extfmt_default_dbg_vlog(), ExtTextOutW(), FatalAppExitA(), FilenameA2W(), find_entry(), find_entry_language(), find_query_actctx(), FlsAlloc(), FlsGetValue(), FlsSetValue(), GdiAllocBatchCommand(), GdiDeleteBrushOrPen(), GdiDllInitialize(), GdiProcessSetup(), GdiQueryTable(), GdiSetLastError(), get_base_dir(), get_or_create_threaddata(), GetBinaryTypeA(), GetCurrentDirectoryA(), GetCurrentProcessId(), GetCurrentThreadId(), GetLastError(), GetModuleHandleA(), GetTeb(), GetTempFileNameW(), GetThreadLocale(), GetUserObjectSecurity(), GetW32ThreadInfo(), GetWindowThreadProcessId(), GuiConsoleInputThread(), hash_basename(), hGetPEBHandle(), InitThreadCallback(), IntAddSynthesizedFormats(), IntEndPage(), InternalAddAtom(), InternalFindAtom(), IntGetCurrentDC(), IntGetCurrentDcData(), IntGetCurrentDispatchTable(), IntGetCurrentICDPrivate(), IntGetCurrentRC(), IntMakeCurrent(), IntNotifyWinEvent(), IntSetCurrentDispatchTable(), IntSetCurrentICDPrivate(), IntSetThreadDesktop(), IsGUIThread(), IsThreadAFiber(), IsWinEventHookInstalled(), KiRaiseUserExceptionDispatcher(), KiSystemCallHandler(), KiSystemServiceHandler(), LCMapStringA(), ldr_notify_callback1(), ldr_notify_callback_dll_main(), ldr_notify_callback_fail(), LdrLoadDll(), LdrpAllocateTls(), LdrpFreeTls(), LdrpInit(), LdrpInitializeProcess(), LdrpInitializeThread(), LdrpInitSecurityCookie(), LdrpLoadImportModule(), LdrpMakeCookie(), LdrpMapDll(), LdrpRunInitializeRoutines(), LdrpUpdateLoadCount3(), LdrShutdownProcess(), LdrShutdownThread(), LdrUnlockLoaderLock(), load_gl_funcs(), Main(), MyGdiQueryTable(), NlsInit(), NtGdiFlushUserBatch(), NtUserSetWindowsHookAW(), OffsetViewportOrgEx(), OffsetWindowOrgEx(), ok_fls_(), PolyPatBlt(), PostMessageA(), PostMessageW(), PsConvertToGuiThread(), PspUserThreadStartup(), QueryDosDeviceA(), RemoveHandles(), rosfmt_default_dbg_vlog(), RtlAcquirePrivilege(), RtlAcquireResourceExclusive(), RtlAcquireResourceShared(), RtlActivateActivationContext(), RtlActivateActivationContextUnsafeFast(), RtlApplicationVerifierStop(), RtlConvertSharedToExclusive(), RtlCreateActivationContext(), RtlDeactivateActivationContext(), RtlDeactivateActivationContextUnsafeFast(), RtlEnterCriticalSection(), RtlExitUserThread(), RtlFindActivationContextSectionGuid(), RtlFindActivationContextSectionString(), RtlFreeThreadActivationContextStack(), RtlGetActiveActivationContext(), RtlGetCriticalSectionRecursionCount(), RtlGetFrame(), RtlGetLastNtStatus(), RtlGetLastWin32Error(), RtlGetThreadErrorMode(), RtlInitializeCriticalSectionAndSpinCount(), RtlIsActivationContextActive(), RtlIsCriticalSectionLockedByThread(), RtlIsThreadWithinLoaderCallout(), RtlLeaveCriticalSection(), RtlNtStatusToDosError(), RtlpCaptureStackLimits(), RtlpClearInDbgPrint(), RtlpDphProcessStartupInitialization(), RtlpFreeDebugInfo(), RtlPopFrame(), RtlpPageHeapCreate(), RtlpPageHeapDestroy(), RtlpSetInDbgPrint(), RtlPushFrame(), RtlpWaitForCriticalSection(), RtlQueryProcessDebugInformation(), RtlSetLastWin32Error(), RtlSetLastWin32ErrorAndNtStatusFromNtStatus(), RtlSetThreadErrorMode(), RtlTryEnterCriticalSection(), ScControlService(), ScServiceMainStubA(), ScServiceMainStubW(), service_main(), SetConsoleInputExeNameA(), SetGraphicsMode(), SetLastError(), SetMapperFlags(), SetPolyFillMode(), SetROP2(), SetTextCharacterExtra(), SetTextJustification(), SetThreadLocale(), SetThreadStackGuarantee(), SetThreadUILanguage(), SetUserObjectSecurity(), SetViewportExtEx(), SetViewportOrgEx(), SetWindowExtEx(), SetWindowOrgEx(), SetWindowsHookA(), SetWindowsHookW(), SockEnterApiFast(), START_TEST(), StartPage(), TerminateThread(), test_HashLinks(), test_import_resolution(), test_InMemoryOrderModuleList(), test_query_object(), test_RemoveDirectoryA(), test_RemoveDirectoryW(), test_RtlThreadErrorMode(), TestWindowProcess(), TlsAlloc(), TlsGetValue(), TlsSetValue(), UnhandledExceptionFilter(), UpdateColors(), UserDbgAssertThreadInfo(), UserSetLastError(), VdmDispatchBop(), VdmDispatchPageFault(), VdmpGetVdmTib(), Win32kThreadCallback(), wined3d_cs_create(), winefmt_default_dbg_vlog(), and WTSQuerySessionInformationW().

◆ NtImpersonateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateThread	(	_In_ HANDLE	ThreadHandle,
		_In_ HANDLE	ThreadToImpersonate,
		_In_ PSECURITY_QUALITY_OF_SERVICE	SecurityQualityOfService
	)

◆ NtIsProcessInJob()

NTSYSCALLAPI NTSTATUS NTAPI NtIsProcessInJob	(	_In_ HANDLE	ProcessHandle,
		_In_opt_ HANDLE	JobHandle
	)

◆ NtOpenProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess	(	_Out_ PHANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_opt_ PCLIENT_ID	ClientId
	)

◆ NtOpenProcessToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken	(	_In_ HANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_Out_ PHANDLE	TokenHandle
	)

◆ NtOpenThread()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThread	(	_Out_ PHANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ PCLIENT_ID	ClientId
	)

◆ NtOpenThreadToken()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken	(	_In_ HANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ BOOLEAN	OpenAsSelf,
		_Out_ PHANDLE	TokenHandle
	)

◆ NtOpenThreadTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx	(	_In_ HANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ BOOLEAN	OpenAsSelf,
		_In_ ULONG	HandleAttributes,
		_Out_ PHANDLE	TokenHandle
	)

◆ NtQueryInformationJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationJobObject	(	_In_ HANDLE	JobHandle,
		_In_ JOBOBJECTINFOCLASS	JobInformationClass,
		_Out_bytecap_(JobInformationLength) PVOID	JobInformation,
		_In_ ULONG	JobInformationLength,
		_Out_ PULONG	ReturnLength
	)

◆ NtQueryInformationProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ PROCESSINFOCLASS	ProcessInformationClass,
		_Out_ PVOID	ProcessInformation,
		_In_ ULONG	ProcessInformationLength,
		_Out_opt_ PULONG	ReturnLength
	)

◆ NtQueryInformationThread()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread	(	_In_ HANDLE	ThreadHandle,
		_In_ THREADINFOCLASS	ThreadInformationClass,
		_Out_ PVOID	ThreadInformation,
		_In_ ULONG	ThreadInformationLength,
		_Out_opt_ PULONG	ReturnLength
	)

◆ NtRegisterThreadTerminatePort()

NTSYSCALLAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort ( _In_ HANDLE TerminationPort )

◆ NtResumeProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtResumeProcess ( _In_ HANDLE ProcessHandle )

◆ NtResumeThread()

NTSYSCALLAPI NTSTATUS NTAPI NtResumeThread	(	_In_ HANDLE	ThreadHandle,
		_Out_opt_ PULONG	SuspendCount
	)

◆ NtSetInformationJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationJobObject	(	_In_ HANDLE	JobHandle,
		_In_ JOBOBJECTINFOCLASS	JobInformationClass,
		_In_bytecount_(JobInformationLength) PVOID	JobInformation,
		_In_ ULONG	JobInformationLength
	)

◆ NtSetInformationProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ PROCESSINFOCLASS	ProcessInformationClass,
		_In_ PVOID	ProcessInformation,
		_In_ ULONG	ProcessInformationLength
	)

◆ NtSetInformationThread()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread	(	_In_ HANDLE	ThreadHandle,
		_In_ THREADINFOCLASS	ThreadInformationClass,
		_In_reads_bytes_(ThreadInformationLength) PVOID	ThreadInformation,
		_In_ ULONG	ThreadInformationLength
	)

◆ NtSuspendProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtSuspendProcess ( _In_ HANDLE ProcessHandle )

◆ NtSuspendThread()

NTSYSCALLAPI NTSTATUS NTAPI NtSuspendThread	(	_In_ HANDLE	ThreadHandle,
		_In_ PULONG	PreviousSuspendCount
	)

◆ NtTerminateJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateJobObject	(	_In_ HANDLE	JobHandle,
		_In_ NTSTATUS	ExitStatus
	)

◆ NtTerminateProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ NTSTATUS	ExitStatus
	)

◆ NtTerminateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateThread	(	_In_ HANDLE	ThreadHandle,
		_In_ NTSTATUS	ExitStatus
	)

◆ PsChargePoolQuota()

NTKERNELAPI VOID NTAPI PsChargePoolQuota	(	_In_ PEPROCESS	Process,
		_In_ POOL_TYPE	PoolType,
		_In_ SIZE_T	Amount
	)

◆ PsChargeProcessNonPagedPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ SIZE_T	Amount
	)

◆ PsChargeProcessPagedPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPagedPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ SIZE_T	Amount
	)

◆ PsChargeProcessPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ POOL_TYPE	PoolType,
		_In_ SIZE_T	Amount
	)

◆ PsEstablishWin32Callouts()

NTKERNELAPI VOID NTAPI PsEstablishWin32Callouts ( _In_ PWIN32_CALLOUTS_FPNS CalloutData )

◆ PsGetCurrentProcessSessionId()

NTKERNELAPI ULONG NTAPI PsGetCurrentProcessSessionId ( VOID )

Definition at line 1133 of file process.c.

 {
     return MmGetSessionId(PsGetCurrentProcess());
 }

Referenced by ExpWin32SessionCallout(), IntCreateDesktop(), IntDestroyMenuObject(), NtSetInformationObject(), NtUserSwitchDesktop(), ObpLookupObjectName(), and VideoPortUseDeviceInSession().

◆ PsGetCurrentProcessWin32Process()

NTKERNELAPI PVOID NTAPI PsGetCurrentProcessWin32Process ( VOID )

Definition at line 1183 of file process.c.

 {
     return PsGetCurrentProcess()->Win32Process;
 }

Referenced by _Function_class_(), CheckWinstaAttributeAccess(), co_IntGraphicsCheck(), co_IntSetParent(), co_IntSetWindowLongPtr(), co_IntUserManualGuiCheck(), co_UserDestroyWindow(), DC_bAllocDcAttr(), DC_vFreeDcAttr(), DecrementCurrentProcessGdiHandleCount(), DesktopHeapAddressToUser(), DesktopHeapGetUserDelta(), GDI_CleanupForProcess(), GetBrushAttrPool(), GetControlColor(), GetFontFamilyInfoForSubstitutes(), GetW32ProcessInfo(), handle_internal_message(), IdlePing(), IdlePong(), IncrementCurrentProcessGdiHandleCount(), IntAllowSetForegroundWindow(), IntGdiAddFontMemResource(), IntGdiCleanupPrivateFontsForProcess(), IntGdiLoadFontsFromMemory(), IntGdiRemoveFontMemResource(), IntGdiSetRegionOwner(), IntGetFontFamilyInfo(), IntLoadHookModule(), IntLoadSystenIcons(), IntLockSetForegroundWindow(), IntMapDesktopView(), IntUnmapDesktopView(), IntWinStaOkToClose(), NtUserCallHwndParam(), NtUserCallOneParam(), NtUserDestroyCursor(), NtUserFindExistingCursorIcon(), NtUserGetComboBoxInfo(), NtUserGetListBoxInfo(), NtUserSetSystemCursor(), NtUserSetWindowFNID(), REGION_bAllocRgnAttr(), REGION_vCleanup(), TextIntRealizeFont(), UserDbgAssertThreadInfo(), UserGetDCEx(), UserGetProcessWindowStation(), UserHeapAddressToUser(), UserSetProcessWindowStation(), UserSystemParametersInfo(), and UserUnregisterUserApiHook().

◆ PsGetCurrentThreadProcessId()

NTKERNELAPI HANDLE NTAPI PsGetCurrentThreadProcessId ( VOID )

Definition at line 755 of file thread.c.

 {
     return PsGetCurrentThread()->Cid.UniqueProcess;
 }

Referenced by intDdCreateDirectDrawLocal().

◆ PsGetCurrentThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadWin32Thread ( VOID )

Definition at line 805 of file thread.c.

 {
     return PsGetCurrentThread()->Tcb.Win32Thread;
 }

Referenced by AllocateUserMessage(), CaretSystemTimerProc(), co_HOOK_CallHooks(), co_IntCallHookProc(), co_IntCallSentMessageCallback(), co_IntCallWindowProc(), co_IntClientLoadLibrary(), co_IntClientThreadSetup(), co_IntFixCaret(), co_IntGetPeekMessage(), co_IntLoadDefaultCursors(), co_IntLoadSysMenuTemplate(), co_IntPaintWindows(), co_IntPeekMessage(), co_IntProcessKeyboardMessage(), co_IntProcessMouseMessage(), co_IntSendActivateMessages(), co_IntSendMessageTimeoutSingle(), co_IntSendMessageWithCallBack(), co_IntSetActiveWindow(), co_IntSetCaretPos(), co_IntSetForegroundAndFocusWindow(), co_IntWaitMessage(), co_MsqDispatchOneSentMessage(), co_MsqReplyMessage(), co_MsqSendMessage(), co_MsqSendMessageAsync(), co_UserDestroyWindow(), co_UserHideCaret(), co_UserSetCapture(), co_UserSetFocus(), co_UserShowCaret(), co_WinPosSearchChildren(), co_WinPosSetWindowPos(), co_WinPosShowWindow(), DECREASE_THREAD_LOCK_COUNT(), DefWndDoSizeMove(), DefWndStartSizeMove(), DesktopHeapGetUserDelta(), DesktopThreadMain(), GetW32ThreadInfo(), handle_internal_message(), IdlePing(), INCREASE_THREAD_LOCK_COUNT(), IntAddAtom(), IntCallWndProc(), IntCallWndProcRet(), IntCbAllocateMemory(), IntCbFreeMemory(), IntCreateDesktop(), IntDeactivateWindow(), IntDefWindowProc(), IntDeRegisterShellHookWindow(), IntDesktopOkToClose(), IntDispatchMessage(), IntDrawScrollBar(), IntGetAndReferenceClass(), IntGetAtomName(), IntGetCapture(), IntGetCurrentThreadDesktopWindow(), IntGetNextHook(), IntGetQueueStatus(), IntGetThreadDesktopWindow(), IntGetThreadFocusWindow(), IntInitMessagePumpHook(), IntInvalidateWindows(), IntIsClipboardOpenByMe(), IntMsqClearWakeMask(), IntMsqSetWakeMask(), IntNotifyWinEvent(), IntQueryTrackMouseEvent(), IntRegisterShellHookWindow(), IntReleaseCapture(), IntRemoveHook(), IntSendDestroyMsg(), IntSendSyncPaint(), IntSetThreadDesktop(), IntSetTimer(), IntTrackMouseEvent(), IntTrackPopupMenuEx(), IntTranslateKbdMessage(), IntUnhookWindowsHook(), IntUninitMessagePumpHook(), IntUserSetActiveWindow(), MENU_DoNextMenu(), MENU_InitTracking(), MENU_TrackMenu(), MsqGetMessageExtraInfo(), MsqSetMessageExtraInfo(), NtUserActivateKeyboardLayout(), NtUserBlockInput(), NtUserCallNoParam(), NtUserCallOneParam(), NtUserCallTwoParam(), NtUserCreateAcceleratorTable(), NtUserCreateCaret(), NtUserGetCaretPos(), NtUserGetGUIThreadInfo(), NtUserGetKeyboardLayoutName(), NtUserGetKeyboardState(), NtUserGetKeyNameText(), NtUserGetThreadState(), NtUserLoadKeyboardLayoutEx(), NtUserLockWorkStation(), NtUserMapVirtualKeyEx(), NtUserSendInput(), NtUserSetKeyboardState(), NtUserSetThreadState(), NtUserSetWindowsHookEx(), NtUserSetWinEventHook(), NtUserToUnicodeEx(), NtUserValidateTimerCallback(), NtUserVkKeyScanEx(), NtUserWaitForInputIdle(), PostTimerMessages(), UserDbgAssertThreadInfo(), UserDerefObjectCo(), UserDestroyMenu(), UserEnterExclusive(), UserGetActiveWindow(), UserGetCPD(), UserGetKeyboardLayout(), UserGetKeyState(), UserGhostThreadEntry(), UserInitialize(), UserOpenClipboard(), UserOpenInputDesktop(), UserRefObjectCo(), UserRegisterHotKey(), UserRegisterUserApiHook(), UserSendKeyboardInput(), UserSendMouseInput(), UserSetActiveWindow(), UserSetCursor(), UserShowCursor(), and UserUnregisterUserApiHook().

◆ PsGetProcessExitProcessCalled()

NTKERNELAPI BOOLEAN NTAPI PsGetProcessExitProcessCalled ( _In_ PEPROCESS Process )

◆ PsGetProcessExitStatus()

NTKERNELAPI NTSTATUS NTAPI PsGetProcessExitStatus ( _In_ PEPROCESS Process )

◆ PsGetProcessInheritedFromUniqueProcessId()

HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId ( _In_ PEPROCESS Process )

◆ PsGetProcessSecurityPort()

NTKERNELAPI PVOID NTAPI PsGetProcessSecurityPort ( _In_ PEPROCESS Process )

◆ PsGetProcessSessionId()

NTKERNELAPI ULONG NTAPI PsGetProcessSessionId ( _In_ PEPROCESS Process )

◆ PsGetProcessWin32Process()

NTKERNELAPI PVOID NTAPI PsGetProcessWin32Process ( _In_ PEPROCESS Process )

◆ PsGetProcessWin32WindowStation()

NTKERNELAPI PVOID NTAPI PsGetProcessWin32WindowStation ( _In_ PEPROCESS Process )

◆ PsGetThreadFreezeCount()

NTKERNELAPI ULONG NTAPI PsGetThreadFreezeCount ( _In_ PETHREAD Thread )

◆ PsGetThreadHardErrorsAreDisabled()

NTKERNELAPI BOOLEAN NTAPI PsGetThreadHardErrorsAreDisabled ( _In_ PETHREAD Thread )

◆ PsGetThreadId()

NTKERNELAPI HANDLE NTAPI PsGetThreadId ( _In_ PETHREAD Thread )

◆ PsGetThreadProcess()

NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess ( _In_ PETHREAD Thread )

◆ PsGetThreadTeb()

NTKERNELAPI PTEB NTAPI PsGetThreadTeb ( _In_ PETHREAD Thread )

◆ PsGetThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread ( _In_ PETHREAD Thread )

◆ PsIsProtectedProcess()

BOOLEAN NTAPI PsIsProtectedProcess ( _In_ PEPROCESS Process )

◆ PsIsSystemProcess()

NTKERNELAPI BOOLEAN NTAPI PsIsSystemProcess ( _In_ PEPROCESS Process )

◆ PsIsThreadImpersonating()

NTKERNELAPI BOOLEAN NTAPI PsIsThreadImpersonating ( _In_ PETHREAD Thread )

◆ PsLookupProcessThreadByCid()

NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid	(	_In_ PCLIENT_ID	Cid,
		_Out_opt_ PEPROCESS *	Process,
		_Out_ PETHREAD *	Thread
	)

◆ PsReturnPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ POOL_TYPE	PoolType,
		_In_ SIZE_T	Amount
	)

◆ PsReturnProcessNonPagedPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ SIZE_T	Amount
	)

◆ PsReturnProcessPagedPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnProcessPagedPoolQuota	(	_In_ PEPROCESS	Process,
		_In_ SIZE_T	Amount
	)

◆ PsRevertThreadToSelf()

NTKERNELAPI VOID NTAPI PsRevertThreadToSelf ( _Inout_ PETHREAD Thread )

◆ PsSetProcessPriorityByClass()

VOID NTAPI PsSetProcessPriorityByClass	(	_In_ PEPROCESS	Process,
		_In_ PSPROCESSPRIORITYMODE	Type
	)

◆ PsSetProcessSecurityPort()

NTKERNELAPI NTSTATUS NTAPI PsSetProcessSecurityPort	(	_Inout_ PEPROCESS	Process,
		_In_ PVOID	SecurityPort
	)

◆ PsSetProcessWin32Process()

NTKERNELAPI NTSTATUS NTAPI PsSetProcessWin32Process	(	_Inout_ PEPROCESS	Process,
		_In_opt_ PVOID	Win32Process,
		_In_opt_ PVOID	OldWin32Process
	)

Definition at line 1257 of file process.c.

 {
     NTSTATUS Status;
 
     /* Assume success */
     Status = STATUS_SUCCESS;
 
     /* Lock the process */
     KeEnterCriticalRegion();
     ExAcquirePushLockExclusive(&Process->ProcessLock);
 
     /* Check if we set a new win32 process */
     if (Win32Process != NULL)
     {
         /* Check if the process is in the right state */
         if (((Process->Flags & PSF_PROCESS_DELETE_BIT) == 0) &&
             (Process->Win32Process == NULL))
         {
             /* Set the new win32 process */
             Process->Win32Process = Win32Process;
         }
         else
         {
             /* Otherwise fail */
             Status = STATUS_PROCESS_IS_TERMINATING;
         }
     }
     else
     {
         /* Reset the win32 process, did the caller specify the correct old value? */
         if (Process->Win32Process == OldWin32Process)
         {
             /* Yes, so reset the win32 process to NULL */
             Process->Win32Process = NULL;
         }
         else
         {
             /* Otherwise fail */
             Status = STATUS_UNSUCCESSFUL;
         }
     }
 
     /* Unlock the process */
     ExReleasePushLockExclusive(&Process->ProcessLock);
     KeLeaveCriticalRegion();
 
     return Status;
 }

Referenced by AllocW32Process(), and ExitProcessCallback().

◆ PsSetProcessWindowStation()

NTKERNELAPI VOID NTAPI PsSetProcessWindowStation	(	_Inout_ PEPROCESS	Process,
		_In_opt_ PVOID	WindowStation
	)

◆ PsSetThreadHardErrorsAreDisabled()

NTKERNELAPI VOID NTAPI PsSetThreadHardErrorsAreDisabled	(	_Inout_ PETHREAD	Thread,
		_In_ BOOLEAN	Disabled
	)

◆ PsSetThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsSetThreadWin32Thread	(	_Inout_ PETHREAD	Thread,
		_In_opt_ PVOID	Win32Thread,
		_In_opt_ PVOID	OldWin32Thread
	)

◆ ZwAlertResumeThread()

NTSYSAPI NTSTATUS NTAPI ZwAlertResumeThread	(	_In_ HANDLE	ThreadHandle,
		_Out_opt_ PULONG	SuspendCount
	)

◆ ZwAlertThread()

NTSYSAPI NTSTATUS NTAPI ZwAlertThread ( _In_ HANDLE ThreadHandle )

◆ ZwAssignProcessToJobObject()

NTSYSAPI NTSTATUS NTAPI ZwAssignProcessToJobObject	(	_In_ HANDLE	JobHandle,
		_In_ HANDLE	ProcessHandle
	)

◆ ZwCreateJobObject()

NTSYSAPI NTSTATUS NTAPI ZwCreateJobObject	(	_Out_ PHANDLE	JobHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes
	)

◆ ZwCreateProcess()

NTSYSAPI NTSTATUS NTAPI ZwCreateProcess	(	_Out_ PHANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ HANDLE	ParentProcess,
		_In_ BOOLEAN	InheritObjectTable,
		_In_opt_ HANDLE	SectionHandle,
		_In_opt_ HANDLE	DebugPort,
		_In_opt_ HANDLE	ExceptionPort
	)

Referenced by RtlCreateUserProcess().

◆ ZwCreateThread()

NTSYSAPI NTSTATUS NTAPI ZwCreateThread	(	_Out_ PHANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ HANDLE	ProcessHandle,
		_Out_ PCLIENT_ID	ClientId,
		_In_ PCONTEXT	ThreadContext,
		_In_ PINITIAL_TEB	UserStack,
		_In_ BOOLEAN	CreateSuspended
	)

Referenced by RtlCreateUserThread().

◆ ZwImpersonateThread()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateThread	(	_In_ HANDLE	ThreadHandle,
		_In_ HANDLE	ThreadToImpersonate,
		_In_ PSECURITY_QUALITY_OF_SERVICE	SecurityQualityOfService
	)

◆ ZwIsProcessInJob()

NTSYSAPI NTSTATUS NTAPI ZwIsProcessInJob	(	_In_ HANDLE	ProcessHandle,
		_In_opt_ HANDLE	JobHandle
	)

◆ ZwOpenThread()

NTSYSAPI NTSTATUS NTAPI ZwOpenThread	(	_Out_ PHANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ PCLIENT_ID	ClientId
	)

◆ ZwOpenThreadToken()

NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken	(	_In_ HANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ BOOLEAN	OpenAsSelf,
		_Out_ PHANDLE	TokenHandle
	)

Referenced by RtlAdjustPrivilege(), and RtlpOpenThreadToken().

◆ ZwOpenThreadTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx	(	_In_ HANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ BOOLEAN	OpenAsSelf,
		_In_ ULONG	HandleAttributes,
		_Out_ PHANDLE	TokenHandle
	)

Referenced by RtlFormatCurrentUserKeyPath().

◆ ZwQueryInformationJobObject()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationJobObject	(	_In_ HANDLE	JobHandle,
		_In_ JOBOBJECTINFOCLASS	JobInformationClass,
		_Out_bytecap_(JobInformationLength) PVOID	JobInformation,
		_In_ ULONG	JobInformationLength,
		_Out_ PULONG	ReturnLength
	)

◆ ZwQueryInformationProcess()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ PROCESSINFOCLASS	ProcessInformationClass,
		_Out_ PVOID	ProcessInformation,
		_In_ ULONG	ProcessInformationLength,
		_Out_opt_ PULONG	ReturnLength
	)

Referenced by lie_about_fs_type(), RtlCreateUserProcess(), RtlEncodePointer(), RtlSetProcessIsCritical(), and START_TEST().

◆ ZwQueryInformationThread()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread	(	_In_ HANDLE	ThreadHandle,
		_In_ THREADINFOCLASS	ThreadInformationClass,
		_Out_ PVOID	ThreadInformation,
		_In_ ULONG	ThreadInformationLength,
		_Out_opt_ PULONG	ReturnLength
	)

Referenced by RtlSetThreadIsCritical().

◆ ZwRegisterThreadTerminatePort()

NTSYSAPI NTSTATUS NTAPI ZwRegisterThreadTerminatePort ( _In_ HANDLE TerminationPort )

◆ ZwResumeProcess()

NTSYSAPI NTSTATUS NTAPI ZwResumeProcess ( _In_ HANDLE ProcessHandle )

◆ ZwResumeThread()

NTSYSAPI NTSTATUS NTAPI ZwResumeThread	(	_In_ HANDLE	ThreadHandle,
		_Out_opt_ PULONG	SuspendCount
	)

Referenced by ExpLoadInitialProcess().

◆ ZwSetInformationJobObject()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationJobObject	(	_In_ HANDLE	JobHandle,
		_In_ JOBOBJECTINFOCLASS	JobInformationClass,
		_In_ PVOID	JobInformation,
		_In_ ULONG	JobInformationLength
	)

◆ ZwSetInformationProcess()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ PROCESSINFOCLASS	ProcessInformationClass,
		_In_ PVOID	ProcessInformation,
		_In_ ULONG	ProcessInformationLength
	)

Referenced by LdrpInitializeProcess(), and RtlSetProcessIsCritical().

◆ ZwSuspendProcess()

NTSYSAPI NTSTATUS NTAPI ZwSuspendProcess ( _In_ HANDLE ProcessHandle )

◆ ZwSuspendThread()

NTSYSAPI NTSTATUS NTAPI ZwSuspendThread	(	_In_ HANDLE	ThreadHandle,
		_In_ PULONG	PreviousSuspendCount
	)

◆ ZwTerminateJobObject()

NTSYSAPI NTSTATUS NTAPI ZwTerminateJobObject	(	_In_ HANDLE	JobHandle,
		_In_ NTSTATUS	ExitStatus
	)

◆ ZwTerminateThread()

NTSYSAPI NTSTATUS NTAPI ZwTerminateThread	(	_In_ HANDLE	ThreadHandle,
		_In_ NTSTATUS	ExitStatus
	)

Referenced by RtlAssert().

Variable Documentation

◆ DesiredAccess

_In_ ACCESS_MASK DesiredAccess

Definition at line 715 of file psfuncs.h.

◆ ExitStatus

◆ HandleAttributes

_In_ ACCESS_MASK _In_ ULONG HandleAttributes

Definition at line 715 of file psfuncs.h.

◆ ThreadInformationClass

_In_ THREADINFOCLASS ThreadInformationClass

Definition at line 832 of file psfuncs.h.

Referenced by NtQueryInformationThread(), NtSetInformationThread(), NtUserQueryInformationThread(), and NtUserSetInformationThread().

◆ ThreadInformationLength

_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength

Definition at line 835 of file psfuncs.h.

Referenced by NtQueryInformationThread(), NtSetInformationThread(), NtUserSetInformationThread(), and PspQueryDescriptorThread().

◆ TokenHandle

_In_ ACCESS_MASK _In_ BOOLEAN _In_ ULONG _Out_ PHANDLE TokenHandle

Definition at line 715 of file psfuncs.h.

Referenced by AdjustTokenGroups(), AdjustTokenPrivileges(), BasepReplaceProcessThreadTokens(), CreateProcessInternalW(), GetCallerLuid(), GetSiteSidFromToken(), GetTokenInformation(), IsTokenRestricted(), LogonUserExW(), LsapIsTrustedClient(), LsapLogonUser(), LsarSetSecurityObject(), MyLogonUser(), NtAccessCheck(), NtAdjustPrivilegesToken(), NtCreateToken(), NtOpenProcessToken(), NtOpenProcessTokenEx(), NtOpenThreadToken(), NtOpenThreadTokenEx(), NtQueryInformationToken(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), OpenProcessToken(), OpenThreadToken(), PsAssignImpersonationToken(), PspSetPrimaryToken(), RtlAdjustPrivilege(), RtlCreateUserSecurityObject(), RtlDefaultNpAcl(), RtlFormatCurrentUserKeyPath(), RtlpGetImpersonationToken(), RtlpOpenThreadToken(), SamrSetSecurityObject(), SepCreateToken(), SetThreadToken(), SetTokenInformation(), SHTestTokenMembership(), and START_TEST().

Variables
_In_ ACCESS_MASK	DesiredAccess

_In_ ACCESS_MASK _In_ ULONG	HandleAttributes

_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE	TokenHandle

_In_ THREADINFOCLASS	ThreadInformationClass

_In_ THREADINFOCLASS _In_ ULONG	ThreadInformationLength

_In_ NTSTATUS	ExitStatus

Functions

Variables

Function Documentation

◆ _In_reads_bytes_()

◆ _IRQL_requires_max_()

◆ NtAlertResumeThread()

◆ NtAlertThread()

◆ NtApphelpCacheControl()

◆ NtAssignProcessToJobObject()

◆ NtCreateJobObject()

◆ NtCreateJobSet()

◆ NtCreateProcess()

◆ NtCreateProcessEx()

◆ NtCreateThread()

◆ NtCurrentTeb()

◆ NtImpersonateThread()

◆ NtIsProcessInJob()

◆ NtOpenProcess()

◆ NtOpenProcessToken()

◆ NtOpenThread()

◆ NtOpenThreadToken()

◆ NtOpenThreadTokenEx()

◆ NtQueryInformationJobObject()

◆ NtQueryInformationProcess()

◆ NtQueryInformationThread()

◆ NtRegisterThreadTerminatePort()

◆ NtResumeProcess()

◆ NtResumeThread()

◆ NtSetInformationJobObject()

◆ NtSetInformationProcess()

◆ NtSetInformationThread()

◆ NtSuspendProcess()

◆ NtSuspendThread()

◆ NtTerminateJobObject()

◆ NtTerminateProcess()

◆ NtTerminateThread()

◆ PsChargePoolQuota()

◆ PsChargeProcessNonPagedPoolQuota()

◆ PsChargeProcessPagedPoolQuota()

◆ PsChargeProcessPoolQuota()

◆ PsEstablishWin32Callouts()

◆ PsGetCurrentProcessSessionId()

◆ PsGetCurrentProcessWin32Process()

◆ PsGetCurrentThreadProcessId()

◆ PsGetCurrentThreadWin32Thread()

◆ PsGetProcessExitProcessCalled()

◆ PsGetProcessExitStatus()

◆ PsGetProcessInheritedFromUniqueProcessId()

◆ PsGetProcessSecurityPort()

◆ PsGetProcessSessionId()

◆ PsGetProcessWin32Process()

◆ PsGetProcessWin32WindowStation()

◆ PsGetThreadFreezeCount()

◆ PsGetThreadHardErrorsAreDisabled()

◆ PsGetThreadId()

◆ PsGetThreadProcess()

◆ PsGetThreadTeb()

◆ PsGetThreadWin32Thread()

◆ PsIsProtectedProcess()

◆ PsIsSystemProcess()

◆ PsIsThreadImpersonating()

◆ PsLookupProcessThreadByCid()

◆ PsReturnPoolQuota()

◆ PsReturnProcessNonPagedPoolQuota()

◆ PsReturnProcessPagedPoolQuota()

◆ PsRevertThreadToSelf()

◆ PsSetProcessPriorityByClass()

◆ PsSetProcessSecurityPort()

◆ PsSetProcessWin32Process()

◆ PsSetProcessWindowStation()

◆ PsSetThreadHardErrorsAreDisabled()

◆ PsSetThreadWin32Thread()

◆ ZwAlertResumeThread()

◆ ZwAlertThread()

◆ ZwAssignProcessToJobObject()

◆ ZwCreateJobObject()

◆ ZwCreateProcess()

◆ ZwCreateThread()

◆ ZwImpersonateThread()

◆ ZwIsProcessInJob()