Include dependency graph for psfuncs.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Function Documentation
◆ _In_reads_bytes_()
| _In_ THREADINFOCLASS _In_reads_bytes_ | ( | ThreadInformationLength | ) |
◆ _IRQL_requires_max_()
| _IRQL_requires_max_ | ( | PASSIVE_LEVEL | ) |
Queries information details about a security descriptor.
Computes the quota size of a security descriptor.
Assigns a security descriptor for a new object.
An extended function that assigns a security descriptor for a new object.
Frees a security descriptor.
An extended function that sets new information data to a security descriptor.
Modifies some information data about a security descriptor.
- Parameters
-
[in] SecurityInformation Security information details to be queried from a security descriptor. [out] SecurityDescriptor The returned security descriptor with security information data. [in,out] Length The returned length of a security descriptor. [in,out] ObjectsSecurityDescriptor The returned object security descriptor.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- See SeSetSecurityDescriptorInfoEx.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] AutoInheritFlags Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
- Parameters
-
[in] SecurityDescriptor A security descriptor to be freed from memory.
- Returns
- Returns STATUS_SUCCESS.
- Parameters
-
[in] _ParentDescriptor A security descriptor of the parent object that is being created. [in] _ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] ObjectType The type of the new object. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] AutoInheritFlags Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
- Parameters
-
[in] ParentDescriptor A security descriptor of the parent object that is being created. [in] ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- See SeAssignSecurityEx.
- Parameters
-
[in] SecurityDescriptor A security descriptor. [out] QuotaInfoSize The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
- Returns
- Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.
Definition at line 923 of file Messaging.c.
75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
78
79 /* The caller must allow at least one connection */
81 {
83 }
84
85 /* The request must be for a kernel handle */
87 {
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
98 {
100 }
101
102 /* Create the server port object for this filter */
104 ServerPortObjectType,
105 ObjectAttributes,
106 KernelMode,
107 NULL,
109 0,
110 0,
111 (PVOID *)&PortObject);
113 {
114 /* Zero out the struct */
116
117 /* Increment the ref count on the target filter */
119
120 /* Setup the filter port object */
127
128 /* Insert the object */
130 NULL,
132 0,
133 NULL,
136 {
137 /* Lock the connection list */
139
140 /* Add the new port object to the connection list and increment the count */
143
144 /* Unlock the connection list*/
146 }
147 }
148
150 {
151 /* Allow the filter to be cleaned up */
153 }
154
156}
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
Definition: nsiface.idl:2307
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
Definition: fltmgrint.h:26
Definition: fltmgrint.h:189
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
◆ NtAlertResumeThread()
| NTSYSCALLAPI NTSTATUS NTAPI NtAlertResumeThread | ( | _In_ HANDLE | ThreadHandle, |
| _Out_opt_ PULONG | SuspendCount | ||
| ) |
◆ NtAlertThread()
| NTSYSCALLAPI NTSTATUS NTAPI NtAlertThread | ( | _In_ HANDLE | ThreadHandle | ) |
◆ NtApphelpCacheControl()
| NTSYSCALLAPI NTSTATUS NTAPI NtApphelpCacheControl | ( | _In_ APPHELPCACHESERVICECLASS | Service, |
| _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP | ServiceData | ||
| ) |
Definition at line 728 of file apphelp.c.
731{
735
737 {
740 }
742 {
748 break;
754 break;
759 {
763 }
764 break;
766 /* FIXME: Check for admin or system here. */
768 break;
771 break;
774 ApphelpCacheFlush();
777 break;
781 break;
782 default:
784 break;
785 }
787 {
789 }
791}
NTSTATUS ApphelpCacheRemoveEntry(_In_ PUNICODE_STRING ImageName)
Definition: apphelp.c:587
VOID ApphelpFreeUnicodeString(_Inout_ PUNICODE_STRING String)
Definition: apphelp.c:161
NTSTATUS ApphelpCacheUpdateEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:616
NTSTATUS ApphelpValidateData(_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData, _Out_ PUNICODE_STRING ImageName, _Out_ PHANDLE ImageHandle)
Definition: apphelp.c:474
NTSTATUS ApphelpCacheLookupEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:531
Definition: env_spec_w32.h:368
Referenced by BaseDumpAppcompatCache(), BaseFlushAppcompatCache(), BasepShimCacheRemoveEntry(), BasepShimCacheSearch(), and CallApphelp().
◆ NtAssignProcessToJobObject()
| NTSYSCALLAPI NTSTATUS NTAPI NtAssignProcessToJobObject | ( | _In_ HANDLE | JobHandle, |
| _In_ HANDLE | ProcessHandle | ||
| ) |
◆ NtCreateJobObject()
| NTSYSCALLAPI NTSTATUS NTAPI NtCreateJobObject | ( | _Out_ PHANDLE | JobHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes | ||
| ) |
◆ NtCreateJobSet()
| NTSTATUS NTAPI NtCreateJobSet | ( | _In_ ULONG | NumJob, |
| _In_ PJOB_SET_ARRAY | UserJobSet, | ||
| _In_ ULONG | Flags | ||
| ) |
◆ NtCreateProcess()
| NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcess | ( | _Out_ PHANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ HANDLE | ParentProcess, | ||
| _In_ BOOLEAN | InheritObjectTable, | ||
| _In_opt_ HANDLE | SectionHandle, | ||
| _In_opt_ HANDLE | DebugPort, | ||
| _In_opt_ HANDLE | ExceptionPort | ||
| ) |
◆ NtCreateProcessEx()
| NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcessEx | ( | _Out_ PHANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ HANDLE | ParentProcess, | ||
| _In_ ULONG | Flags, | ||
| _In_opt_ HANDLE | SectionHandle, | ||
| _In_opt_ HANDLE | DebugPort, | ||
| _In_opt_ HANDLE | ExceptionPort, | ||
| _In_ BOOLEAN | InJob | ||
| ) |
◆ NtCreateThread()
| NTSYSCALLAPI NTSTATUS NTAPI NtCreateThread | ( | _Out_ PHANDLE | ThreadHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ HANDLE | ProcessHandle, | ||
| _Out_ PCLIENT_ID | ClientId, | ||
| _In_ PCONTEXT | ThreadContext, | ||
| _In_ PINITIAL_TEB | UserStack, | ||
| _In_ BOOLEAN | CreateSuspended | ||
| ) |
◆ NtCurrentTeb()
| FORCEINLINE struct _TEB * NtCurrentTeb | ( | VOID | ) |
Definition at line 420 of file psfuncs.h.
421{
422#if defined(_M_IX86)
424#elif defined (_M_AMD64)
426#elif defined (_M_ARM)
427 // return (struct _TEB *)KeGetPcr()->Used_Self;
429#elif defined (_M_ARM64)
431// #elif defined(_M_PPC)
432// return (struct _TEB *)_read_teb_dword(0x18);
433#else
434#error Unsupported architecture
435#endif
436}
PPC_QUAL unsigned long __readfsdword(const unsigned long Offset)
Definition: intrin_ppc.h:382
Definition: compat.h:710
Definition: compat.h:836
◆ NtImpersonateThread()
| NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ HANDLE | ThreadToImpersonate, | ||
| _In_ PSECURITY_QUALITY_OF_SERVICE | SecurityQualityOfService | ||
| ) |
◆ NtIsProcessInJob()
| NTSYSCALLAPI NTSTATUS NTAPI NtIsProcessInJob | ( | _In_ HANDLE | ProcessHandle, |
| _In_opt_ HANDLE | JobHandle | ||
| ) |
◆ NtOpenProcess()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess | ( | _Out_ PHANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_opt_ PCLIENT_ID | ClientId | ||
| ) |
◆ NtOpenProcessToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken | ( | _In_ HANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
◆ NtOpenThread()
| NTSYSCALLAPI NTSTATUS NTAPI NtOpenThread | ( | _Out_ PHANDLE | ThreadHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ PCLIENT_ID | ClientId | ||
| ) |
◆ NtOpenThreadToken()
| NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken | ( | _In_ HANDLE | ThreadHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ BOOLEAN | OpenAsSelf, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
Opens a token that is tied to a thread handle.
- Parameters
-
[out] ThreadHandle Thread handle where the token is about to be opened. [in] DesiredAccess The request access right for the token. [in] OpenAsSelf If set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead. [out] TokenHandle The opened token handle returned to the caller for use.
- Returns
- See NtOpenThreadTokenEx.
Definition at line 2475 of file token.c.
2480{
2482 TokenHandle);
2483}
NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2332
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2664
◆ NtOpenThreadTokenEx()
| NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx | ( | _In_ HANDLE | ThreadHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ BOOLEAN | OpenAsSelf, | ||
| _In_ ULONG | HandleAttributes, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
Opens a token that is tied to a thread handle.
- Parameters
-
[out] ThreadHandle Thread handle where the token is about to be opened. [in] DesiredAccess The request access right for the token. [in] OpenAsSelf If set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead. [in] HandleAttributes Handle attributes for the opened thread token handle. [out] TokenHandle The opened token handle returned to the caller for use.
- Returns
- Returns STATUS_SUCCESS if the function has successfully opened the thread token. STATUS_CANT_OPEN_ANONYMOUS is returned if a token has SecurityAnonymous as impersonation level and we cannot open it. A failure NTSTATUS code is returned otherwise.
Definition at line 2332 of file token.c.
2338{
2340 HANDLE hToken;
2348
2349 PAGED_CODE();
2350
2352
2353 /* Ensure that we can give the handle to the caller */
2355 {
2356 _SEH2_TRY
2357 {
2359 }
2361 {
2362 /* Return the exception code */
2364 }
2365 _SEH2_END;
2366 }
2367
2368 /* Validate object attributes */
2370
2371 /*
2372 * At first open the thread token for information access and verify
2373 * that the token associated with the thread is valid.
2374 */
2377 NULL);
2379 {
2382 }
2383
2384 /* Reference the token from the thread */
2386 &ImpersonationLevel);
2388 {
2392 }
2393
2394 /* Ensure the token has no anonymous security */
2396 {
2401 }
2402
2403 /* Revert to self if OpenAsSelf is specified */
2405 {
2407 &ImpersonationState);
2408 }
2409
2410 /* Call the private function to do the job */
2412 ThreadHandle,
2413 Token,
2414 DesiredAccess,
2415 HandleAttributes,
2416 EffectiveOnly,
2417 CopyOnOpen,
2418 ImpersonationLevel,
2419 PreviousMode,
2420 &hToken);
2421
2422 /* Restore the impersonation back if needed */
2423 if (RestoreImpersonation)
2424 {
2426 }
2427
2428 /* Dereference the access token and the associated thread */
2431
2433 {
2436 }
2437
2438 /* Give the opened token handle to the caller */
2439 _SEH2_TRY
2440 {
2441 *TokenHandle = hToken;
2442 }
2444 {
2446 }
2447 _SEH2_END;
2448
2450}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
Definition: tokenizer.hpp:28
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:433
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:410
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:937
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:987
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:871
static NTSTATUS SepOpenThreadToken(_In_ PETHREAD Thread, _In_ HANDLE ThreadHandle, _In_ PTOKEN ThreadToken, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _In_ BOOLEAN EffectiveOnly, _In_ BOOLEAN CopyOnOpen, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PHANDLE OpenedTokenHandle)
Internal private function that returns an opened handle of an access token associated with a thread.
Definition: token.c:1170
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: pstypes.h:1191
Definition: setypes.h:115
Definition: setypes.h:216
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:157
◆ NtQueryInformationJobObject()
| NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationJobObject | ( | _In_ HANDLE | JobHandle, |
| _In_ JOBOBJECTINFOCLASS | JobInformationClass, | ||
| _Out_bytecap_(JobInformationLength) PVOID | JobInformation, | ||
| _In_ ULONG | JobInformationLength, | ||
| _Out_ PULONG | ReturnLength | ||
| ) |
◆ NtQueryInformationProcess()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _Out_writes_bytes_to_opt_(ProcessInformationLength, *ReturnLength) PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 211 of file query.c.
218{
223
224 PAGED_CODE();
225
226 /* Validate the information class */
228 PsProcessInfoClass,
230 ICIF_PROBE_READ,
231 ProcessInformation,
232 ProcessInformationLength,
233 ReturnLength,
234 NULL,
235 PreviousMode);
237 {
238#if DBG
239 DPRINT1("NtQueryInformationProcess(ProcessInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
240 PspDumpProcessInfoClassName(ProcessInformationClass), Status);
241#endif
243 }
244
246 (ProcessInformationClass == ProcessImageInformation)) &&
248 {
249 /*
250 * Retrieving the process cookie is only allowed for the calling process
251 * itself! XP only allows NtCurrentProcess() as process handles even if
252 * a real handle actually represents the current process.
253 */
255 }
256
257 /* Check the information class */
258 switch (ProcessInformationClass)
259 {
260 /* Basic process information */
262 {
264
266 {
268 break;
269 }
270
271 /* Set the return length */
273
274 /* Reference the process */
277 PsProcessType,
278 PreviousMode,
280 NULL);
282
283 /* Protect writes with SEH */
284 _SEH2_TRY
285 {
286 /* Write all the information from the EPROCESS/KPROCESS */
291 UniqueProcessId;
292 ProcessBasicInfo->InheritedFromUniqueProcessId =
295
296 }
298 {
299 /* Get exception code */
301 }
302 _SEH2_END;
303
304 /* Dereference the process */
306 break;
307 }
308
309 /* Process quota limits */
311 {
312 QUOTA_LIMITS_EX QuotaLimits;
313 BOOLEAN Extended;
314
317 {
319 break;
320 }
321
322 /* Set the return length */
323 Length = ProcessInformationLength;
325
326 /* Reference the process */
329 PsProcessType,
330 PreviousMode,
332 NULL);
334
335 /* Indicate success */
337
339
340 /* Get max/min working set sizes */
341 QuotaLimits.MaximumWorkingSetSize =
343 QuotaLimits.MinimumWorkingSetSize =
345
346 /* Get default time limits */
348
349 /* Is quota block a default one? */
351 {
352 /* Get default pools and pagefile limits */
356 }
357 else
358 {
359 /* Get limits from non-default quota block */
360 QuotaLimits.PagedPoolLimit =
362 QuotaLimits.NonPagedPoolLimit =
364 QuotaLimits.PagefileLimit =
366 }
367
368 /* Get additional information, if needed */
369 if (Extended)
370 {
375
376 /* FIXME: Get the correct information */
377 //QuotaLimits.WorkingSetLimit = (SIZE_T)-1; // Not used on Win2k3, it is set to 0
379 }
380
381 /* Protect writes with SEH */
382 _SEH2_TRY
383 {
385 }
387 {
388 /* Get exception code */
390 }
391 _SEH2_END;
392
393 /* Dereference the process */
395 break;
396 }
397
399 {
401 PROCESS_VALUES ProcessValues;
402
404 {
406 break;
407 }
408
410
411 /* Reference the process */
414 PsProcessType,
415 PreviousMode,
417 NULL);
419
420 /* Query IO counters from the process */
422
423 _SEH2_TRY
424 {
426 }
428 {
429 /* Ignore exception */
430 }
431 _SEH2_END;
432
433 /* Set status to success in any case */
435
436 /* Dereference the process */
438 break;
439 }
440
441 /* Timing */
443 {
446
447 /* Set the return length */
449 {
451 break;
452 }
453
455
456 /* Reference the process */
459 PsProcessType,
460 PreviousMode,
462 NULL);
464
465 /* Protect writes with SEH */
466 _SEH2_TRY
467 {
468 /* Copy time information from EPROCESS/KPROCESS */
474 }
476 {
477 /* Get exception code */
479 }
480 _SEH2_END;
481
482 /* Dereference the process */
484 break;
485 }
486
487 /* Process Debug Port */
489
491 {
493 break;
494 }
495
496 /* Set the return length */
498
499 /* Reference the process */
502 PsProcessType,
503 PreviousMode,
505 NULL);
507
508 /* Protect write with SEH */
509 _SEH2_TRY
510 {
511 /* Return whether or not we have a debug port */
514 }
516 {
517 /* Get exception code */
519 }
520 _SEH2_END;
521
522 /* Dereference the process */
524 break;
525
527 {
528 ULONG HandleCount;
529
531 {
533 break;
534 }
535
536 /* Set the return length*/
538
539 /* Reference the process */
542 PsProcessType,
543 PreviousMode,
545 NULL);
547
548 /* Count the number of handles this process has */
550
551 /* Protect write in SEH */
552 _SEH2_TRY
553 {
554 /* Return the count of handles */
555 *(PULONG)ProcessInformation = HandleCount;
556 }
558 {
559 /* Get the exception code */
561 }
562 _SEH2_END;
563
564 /* Dereference the process */
566 break;
567 }
568
569 /* Session ID for the process */
571 {
573
575 {
577 break;
578 }
579
580 /* Set the return length*/
582
583 /* Reference the process */
586 PsProcessType,
587 PreviousMode,
589 NULL);
591
592 /* Enter SEH for write safety */
593 _SEH2_TRY
594 {
595 /* Write back the Session ID */
597 }
599 {
600 /* Get the exception code */
602 }
603 _SEH2_END;
604
605 /* Dereference the process */
607 break;
608 }
609
610 /* Virtual Memory Statistics */
612 {
614
615 /* Validate the input length */
618 {
620 break;
621 }
622
623 /* Reference the process */
626 PsProcessType,
627 PreviousMode,
629 NULL);
631
632 /* Enter SEH for write safety */
633 _SEH2_TRY
634 {
635 /* Return data from EPROCESS */
647 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
648 //
649
650 /* Set the return length */
651 Length = ProcessInformationLength;
652 }
654 {
655 /* Get the exception code */
657 }
658 _SEH2_END;
659
660 /* Dereference the process */
662 break;
663 }
664
665 /* Hard Error Processing Mode */
667
669 {
671 break;
672 }
673
674 /* Set the return length*/
676
677 /* Reference the process */
680 PsProcessType,
681 PreviousMode,
683 NULL);
685
686 /* Enter SEH for writing back data */
687 _SEH2_TRY
688 {
689 /* Write the current processing mode */
691 DefaultHardErrorProcessing;
692 }
694 {
695 /* Get the exception code */
697 }
698 _SEH2_END;
699
700 /* Dereference the process */
702 break;
703
704 /* Priority Boosting status */
706
708 {
710 break;
711 }
712
713 /* Set the return length */
715
716 /* Reference the process */
719 PsProcessType,
720 PreviousMode,
722 NULL);
724
725 /* Enter SEH for writing back data */
726 _SEH2_TRY
727 {
728 /* Return boost status */
731 }
733 {
734 /* Get the exception code */
736 }
737 _SEH2_END;
738
739 /* Dereference the process */
741 break;
742
743 /* DOS Device Map */
745 {
747
749 {
750 /* Protect read in SEH */
751 _SEH2_TRY
752 {
753 PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
754
756 }
758 {
759 /* Get the exception code */
762 }
763 _SEH2_END;
764
765 /* Only one flag is supported and it needs LUID mappings */
767 !ObIsLUIDDeviceMapsEnabled())
768 {
770 break;
771 }
772 }
773 else
774 {
775 /* This has to be the size of the Query union field for x64 compatibility! */
777 {
779 break;
780 }
781
782 /* No flags for standard call */
783 Flags = 0;
784 }
785
786 /* Set the return length */
787 Length = ProcessInformationLength;
788
789 /* Reference the process */
792 PsProcessType,
793 PreviousMode,
795 NULL);
797
798 /* Query the device map information */
800 ProcessInformation,
801 Flags);
802
803 /* Dereference the process */
805 break;
806 }
807
808 /* Priority class */
810 {
812
814 {
816 break;
817 }
818
819 /* Set the return length*/
821
822 /* Reference the process */
825 PsProcessType,
826 PreviousMode,
828 NULL);
830
831 /* Enter SEH for writing back data */
832 _SEH2_TRY
833 {
834 /* Return current priority class */
837 }
839 {
840 /* Get the exception code */
842 }
843 _SEH2_END;
844
845 /* Dereference the process */
847 break;
848 }
849
851 {
853
854 /* Reference the process */
857 PsProcessType,
858 PreviousMode,
860 NULL);
862
863 /* Get the image path */
866 {
867 /* Set the return length */
870
871 /* Make sure it's large enough */
873 {
874 /* Enter SEH to protect write */
875 _SEH2_TRY
876 {
877 /* Copy it */
878 RtlCopyMemory(ProcessInformation,
879 ImageName,
880 Length);
881
882 /* Update pointer */
883 ((PUNICODE_STRING)ProcessInformation)->Buffer =
885 }
887 {
888 /* Get the exception code */
890 }
891 _SEH2_END;
892 }
893 else
894 {
895 /* Buffer too small */
897 }
898
899 /* Free the image path */
901 }
902 /* Dereference the process */
904 break;
905 }
906
907#if (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
909 {
912
913 /* Reference the process */
916 PsProcessType,
917 PreviousMode,
919 NULL);
921 {
922 break;
923 }
924
925 /* Get the image path */
929 {
930 break;
931 }
935 {
936 break;
937 }
938
939 /* Determine return length and output */
942 {
943 _SEH2_TRY
944 {
949 {
952 ObjectNameInformation->Name.Buffer,
953 ObjectNameInformation->Name.MaximumLength);
954 }
955 else
956 {
959 }
960 }
962 {
964 }
965 _SEH2_END;
966 }
967 else
968 {
970 }
972
973 break;
974 }
975#endif /* (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA) */
976
978
980 {
982 break;
983 }
984
985 /* Set the return length*/
987
988 /* Reference the process */
991 PsProcessType,
992 PreviousMode,
994 NULL);
996
997 /* Enter SEH for writing back data */
998 _SEH2_TRY
999 {
1000 /* Return the debug flag state */
1002 }
1004 {
1005 /* Get the exception code */
1007 }
1008 _SEH2_END;
1009
1010 /* Dereference the process */
1012 break;
1013
1015
1017 {
1019 break;
1020 }
1021
1022 /* Set the return length */
1024
1025 /* Reference the process */
1028 PsProcessType,
1029 PreviousMode,
1031 NULL);
1033
1034 /* Enter SEH for writing back data */
1035 _SEH2_TRY
1036 {
1037 /* Return the BreakOnTermination state */
1039 }
1041 {
1042 /* Get the exception code */
1044 }
1045 _SEH2_END;
1046
1047 /* Dereference the process */
1049 break;
1050
1051 /* Per-process security cookie */
1053 {
1055
1057 {
1058 /* Length size wrong, bail out */
1060 break;
1061 }
1062
1063 /* Get the current process and cookie */
1067 {
1068 LARGE_INTEGER SystemTime;
1069 ULONG NewCookie;
1070 PKPRCB Prcb;
1071
1072 /* Generate a new cookie */
1073 KeQuerySystemTime(&SystemTime);
1074 Prcb = KeGetCurrentPrcb();
1077
1078 /* Set the new cookie or return the current one */
1080 NewCookie,
1081 Cookie);
1083
1084 /* Set the return length */
1086 }
1087
1088 /* Indicate success */
1090
1091 /* Enter SEH to protect write */
1092 _SEH2_TRY
1093 {
1094 /* Write back the cookie */
1096 }
1098 {
1099 /* Get the exception code */
1101 }
1102 _SEH2_END;
1103 break;
1104 }
1105
1107
1109 {
1110 /* Break out */
1112 break;
1113 }
1114
1115 /* Set the length required and validate it */
1117
1118 /* Indicate success */
1120
1121 /* Enter SEH to protect write */
1122 _SEH2_TRY
1123 {
1125 }
1127 {
1128 /* Get the exception code */
1130 }
1131 _SEH2_END;
1132 break;
1133
1135 {
1137
1139 {
1141 break;
1142 }
1143
1144 /* Set the return length */
1146
1147 /* Reference the process */
1150 PsProcessType,
1151 PreviousMode,
1153 NULL);
1155
1156 /* Get the debug port. Continue even if this fails. */
1158
1159 /* Let go of the process */
1161
1162 /* Protect write in SEH */
1163 _SEH2_TRY
1164 {
1165 /* Return debug port's handle */
1166 *(PHANDLE)ProcessInformation = DebugPort;
1167 }
1169 {
1170 if (DebugPort)
1172
1173 /* Get the exception code.
1174 * Note: This overwrites any previous failure status. */
1176 }
1177 _SEH2_END;
1178 break;
1179 }
1180
1184 break;
1185
1187
1189 {
1191 break;
1192 }
1193
1194 /* Set the return length */
1196
1197 /* Indicate success */
1199
1200 /* Protect write in SEH */
1201 _SEH2_TRY
1202 {
1203 /* Query Ob */
1205 }
1207 {
1208 /* Get the exception code */
1210 }
1211 _SEH2_END;
1212 break;
1213
1215
1217 {
1219 break;
1220 }
1221
1222 /* Set the return length */
1224
1225 /* Reference the process */
1228 PsProcessType,
1229 PreviousMode,
1231 NULL);
1233
1234 /* Protect write in SEH */
1235 _SEH2_TRY
1236 {
1237 /* Return if the flag is set */
1239 }
1241 {
1242 /* Get the exception code */
1244 }
1245 _SEH2_END;
1246
1247 /* Dereference the process */
1249 break;
1250
1252 {
1253 ULONG_PTR Wow64 = 0;
1254
1256 {
1258 break;
1259 }
1260
1261 /* Set the return length */
1263
1264 /* Reference the process */
1267 PsProcessType,
1268 PreviousMode,
1270 NULL);
1272
1273#ifdef _WIN64
1274 /* Make sure the process isn't dying */
1276 {
1277 /* Get the WOW64 process structure */
1279 /* Release the lock */
1281 }
1282#endif
1283
1284 /* Dereference the process */
1286
1287 /* Protect write with SEH */
1288 _SEH2_TRY
1289 {
1290 /* Return the Wow64 process information */
1291 *(PULONG_PTR)ProcessInformation = Wow64;
1292 }
1294 {
1295 /* Get exception code */
1297 }
1298 _SEH2_END;
1299 break;
1300 }
1301
1303 {
1304 ULONG ExecuteOptions = 0;
1305
1307 {
1309 break;
1310 }
1311
1312 /* Set the return length */
1314
1316 {
1318 break;
1319 }
1320
1321 /* Get the options */
1324 {
1325 /* Protect write with SEH */
1326 _SEH2_TRY
1327 {
1328 /* Return them */
1329 *(PULONG)ProcessInformation = ExecuteOptions;
1330 }
1332 {
1333 /* Get exception code */
1335 }
1336 _SEH2_END;
1337 }
1338 break;
1339 }
1340
1344 break;
1345
1349 break;
1350
1354 break;
1355
1356 /* Not supported by Server 2003 */
1357 default:
1358#if DBG
1360#endif
1362 }
1363
1364 /* Check if caller wants the return length and if there is one */
1366 {
1367 /* Protect write with SEH */
1368 _SEH2_TRY
1369 {
1371 }
1373 {
1374 /* Get exception code.
1375 * Note: This overwrites any previous failure status. */
1377 }
1378 _SEH2_END;
1379 }
1380
1382}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
struct _UNICODE_STRING UNICODE_STRING
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
struct _VM_COUNTERS * PVM_COUNTERS
struct _VM_COUNTERS_EX VM_COUNTERS_EX
#define QUOTA_LIMITS_HARDWS_MIN_DISABLE
struct _IO_COUNTERS IO_COUNTERS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
#define QUOTA_LIMITS_HARDWS_MAX_DISABLE
struct _QUOTA_LIMITS_EX QUOTA_LIMITS_EX
#define QUOTA_LIMITS_HARDWS_MAX_ENABLE
#define QUOTA_LIMITS_HARDWS_MIN_ENABLE
struct _IO_COUNTERS * PIO_COUNTERS
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1617
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2653
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
NTSTATUS NTAPI IoQueryFileDosDeviceName(IN PFILE_OBJECT FileObject, OUT POBJECT_NAME_INFORMATION *ObjectNameInformation)
Definition: file.c:3664
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
NTSTATUS NTAPI PsReferenceProcessFilePointer(_In_ PEPROCESS Process, _Outptr_ PFILE_OBJECT *FileObject)
Definition: query.c:24
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
Definition: pstypes.h:1350
Definition: pstypes.h:82
Definition: winternl.h:2373
Definition: ketypes.h:654
Definition: nt_native.h:1272
Definition: winternl.h:404
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:362
Definition: pstypes.h:392
Definition: pstypes.h:380
Definition: pstypes.h:1039
Definition: pstypes.h:405
Definition: ke.h:45
Definition: pstypes.h:67
Definition: lsa.idl:286
Definition: mmtypes.h:340
Definition: mmdrv.h:130
Definition: winternl.h:3130
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:3138
Definition: typedefs.h:103
struct _LARGE_INTEGER::@2479 u
◆ NtQueryInformationThread()
| NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ THREADINFOCLASS | ThreadInformationClass, | ||
| _Out_writes_bytes_to_opt_(ThreadInformationLength, *ReturnLength) PVOID | ThreadInformation, | ||
| _In_ ULONG | ThreadInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 2881 of file query.c.
2888{
2892 ULONG Access;
2894 PTHREAD_BASIC_INFORMATION ThreadBasicInfo =
2895 (PTHREAD_BASIC_INFORMATION)ThreadInformation;
2898 ULONG ThreadTerminated;
2899 PAGED_CODE();
2900
2901 /* Validate the information class */
2903 PsThreadInfoClass,
2905 ICIF_PROBE_READ,
2906 ThreadInformation,
2907 ThreadInformationLength,
2908 ReturnLength,
2909 NULL,
2910 PreviousMode);
2912 {
2913#if DBG
2914 DPRINT1("NtQueryInformationThread(ThreadInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
2916#endif
2918 }
2919
2920 /* Check what class this is */
2921 Access = THREAD_QUERY_INFORMATION;
2922
2923 /* Check what kind of information class this is */
2925 {
2926 /* Basic thread information */
2928
2929 /* Set the return length */
2931
2933 {
2935 break;
2936 }
2937
2938 /* Reference the thread */
2940 Access,
2941 PsThreadType,
2942 PreviousMode,
2944 NULL);
2946 break;
2947
2948 /* Protect writes with SEH */
2949 _SEH2_TRY
2950 {
2951 /* Write all the information from the ETHREAD/KTHREAD */
2958 }
2960 {
2961 /* Get exception code */
2963 }
2964 _SEH2_END;
2965
2966 /* Dereference the thread */
2968 break;
2969
2970 /* Thread time information */
2972
2973 /* Set the return length */
2975
2977 {
2979 break;
2980 }
2981
2982 /* Reference the thread */
2984 Access,
2985 PsThreadType,
2986 PreviousMode,
2988 NULL);
2990 break;
2991
2992 /* Protect writes with SEH */
2993 _SEH2_TRY
2994 {
2995 /* Copy time information from ETHREAD/KTHREAD */
2999
3000 /* Exit time is in a union and only valid on actual exit! */
3002 {
3004 }
3005 else
3006 {
3008 }
3009 }
3011 {
3012 /* Get exception code */
3014 }
3015 _SEH2_END;
3016
3017 /* Dereference the thread */
3019 break;
3020
3022
3023 /* Set the return length*/
3025
3027 {
3029 break;
3030 }
3031
3032 /* Reference the thread */
3034 Access,
3035 PsThreadType,
3036 PreviousMode,
3038 NULL);
3040 break;
3041
3042 /* Protect write with SEH */
3043 _SEH2_TRY
3044 {
3045 /* Return the Win32 Start Address */
3047 }
3049 {
3050 /* Get exception code */
3052 }
3053 _SEH2_END;
3054
3055 /* Dereference the thread */
3057 break;
3058
3060
3061 /* Set the return length*/
3063
3065 {
3067 break;
3068 }
3069
3070 /* Reference the thread */
3072 Access,
3073 PsThreadType,
3074 PreviousMode,
3076 NULL);
3078 break;
3079
3080 /* Protect write with SEH */
3081 _SEH2_TRY
3082 {
3083 /* FIXME */
3084 (*(PLARGE_INTEGER)ThreadInformation).QuadPart = 0;
3085 }
3087 {
3088 /* Get exception code */
3090 }
3091 _SEH2_END;
3092
3093 /* Dereference the thread */
3095 break;
3096
3098
3099 /* Set the return length*/
3101
3103 {
3105 break;
3106 }
3107
3108 /* Reference the thread */
3110 Access,
3111 PsThreadType,
3112 PreviousMode,
3114 NULL);
3116 break;
3117
3118 /* Protect write with SEH */
3119 _SEH2_TRY
3120 {
3121 /* Return whether or not we are the last thread */
3124 &Thread->ThreadsProcess->
3125 ThreadListHead) ?
3127 }
3129 {
3130 /* Get exception code */
3132 }
3133 _SEH2_END;
3134
3135 /* Dereference the thread */
3137 break;
3138
3140
3141 /* Set the return length*/
3143
3145 {
3147 break;
3148 }
3149
3150 /* Reference the thread */
3152 Access,
3153 PsThreadType,
3154 PreviousMode,
3156 NULL);
3158 break;
3159
3160 /* Raise the IRQL to protect the IRP list */
3162
3163 /* Protect write with SEH */
3164 _SEH2_TRY
3165 {
3166 /* Check if the IRP list is empty or not */
3168 }
3170 {
3171 /* Get exception code */
3173 }
3174 _SEH2_END;
3175
3176 /* Lower IRQL back */
3178
3179 /* Dereference the thread */
3181 break;
3182
3183 /* LDT and GDT information */
3185
3186#if defined(_X86_)
3187 /* Reference the thread */
3189 Access,
3190 PsThreadType,
3191 PreviousMode,
3193 NULL);
3195 break;
3196
3197 /* Call the worker routine */
3199 ThreadInformation,
3200 ThreadInformationLength,
3201 ReturnLength);
3202
3203 /* Dereference the thread */
3205#else
3206 /* Only implemented on x86 */
3208#endif
3209 break;
3210
3212
3213 /* Set the return length*/
3215
3217 {
3219 break;
3220 }
3221
3222 /* Reference the thread */
3224 Access,
3225 PsThreadType,
3226 PreviousMode,
3228 NULL);
3230 break;
3231
3232 _SEH2_TRY
3233 {
3235 }
3237 {
3239 }
3240 _SEH2_END;
3241
3242 /* Dereference the thread */
3244 break;
3245
3247
3248 /* Set the return length */
3250
3252 {
3254 break;
3255 }
3256
3257 /* Reference the thread */
3259 Access,
3260 PsThreadType,
3261 PreviousMode,
3263 NULL);
3265 break;
3266
3267 _SEH2_TRY
3268 {
3270 }
3272 {
3274 }
3275 _SEH2_END;
3276
3277 /* Dereference the thread */
3279 break;
3280
3282
3283 /* Set the return length*/
3285
3287 {
3289 break;
3290 }
3291
3292 /* Reference the thread */
3294 Access,
3295 PsThreadType,
3296 PreviousMode,
3298 NULL);
3300 break;
3301
3303
3304 _SEH2_TRY
3305 {
3306 *(PULONG)ThreadInformation = ThreadTerminated ? 1 : 0;
3307 }
3309 {
3311 }
3312 _SEH2_END;
3313
3314 /* Dereference the thread */
3316 break;
3317
3318 /* Anything else */
3319 default:
3320 /* Not yet implemented */
3321#if DBG
3323#endif
3325 }
3326
3327 /* Protect write with SEH */
3328 _SEH2_TRY
3329 {
3330 /* Check if caller wanted return length */
3332 }
3334 {
3335 /* Get exception code */
3337 }
3338 _SEH2_END;
3339
3341}
struct _THREAD_BASIC_INFORMATION THREAD_BASIC_INFORMATION
struct _THREAD_BASIC_INFORMATION * PTHREAD_BASIC_INFORMATION
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
Definition: psfuncs.h:844
LONG NTAPI KeQueryBasePriorityThread(IN PKTHREAD Thread)
Definition: thrdobj.c:52
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
Definition: thread.c:868
NTSTATUS NTAPI PspQueryDescriptorThread(IN PETHREAD Thread, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
Definition: psldt.c:43
Definition: compat.h:926
union _LARGE_INTEGER LARGE_INTEGER
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
Definition: kefuncs.h:778
◆ NtRegisterThreadTerminatePort()
| NTSYSCALLAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort | ( | _In_ HANDLE | TerminationPort | ) |
◆ NtResumeProcess()
| NTSYSCALLAPI NTSTATUS NTAPI NtResumeProcess | ( | _In_ HANDLE | ProcessHandle | ) |
◆ NtResumeThread()
| NTSYSCALLAPI NTSTATUS NTAPI NtResumeThread | ( | _In_ HANDLE | ThreadHandle, |
| _Out_opt_ PULONG | SuspendCount | ||
| ) |
◆ NtSetInformationJobObject()
| NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationJobObject | ( | _In_ HANDLE | JobHandle, |
| _In_ JOBOBJECTINFOCLASS | JobInformationClass, | ||
| _In_bytecount_(JobInformationLength) PVOID | JobInformation, | ||
| _In_ ULONG | JobInformationLength | ||
| ) |
◆ NtSetInformationProcess()
| NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _In_reads_bytes_(ProcessInformationLength) PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength | ||
| ) |
Definition at line 1389 of file query.c.
1394{
1397 ACCESS_MASK Access;
1403 PROCESS_PRIORITY_CLASS PriorityClass = {0};
1404 PROCESS_FOREGROUND_BACKGROUND Foreground = {0};
1405 PVOID ExceptionPort;
1406 ULONG Break;
1408 KPRIORITY BasePriority = 0;
1409 UCHAR MemoryPriority = 0;
1410 BOOLEAN DisableBoost = 0;
1411 ULONG DefaultHardErrorMode = 0;
1412 ULONG DebugFlags = 0, EnableFixup = 0, Boost = 0;
1413 ULONG NoExecute = 0, VdmPower = 0;
1417 PAGED_CODE();
1418
1419 /* Validate the information class */
1421 PsProcessInfoClass,
1423 ProcessInformation,
1424 ProcessInformationLength,
1425 PreviousMode);
1427 {
1428#if DBG
1429 DPRINT1("NtSetInformationProcess(ProcessInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
1430 PspDumpProcessInfoClassName(ProcessInformationClass), Status);
1431#endif
1433 }
1434
1435 /* Check what class this is */
1436 Access = PROCESS_SET_INFORMATION;
1438 {
1439 /* Setting the Session ID needs a special mask */
1440 Access |= PROCESS_SET_SESSIONID;
1441 }
1443 {
1444 /* Setting the exception port needs a special mask */
1445 Access |= PROCESS_SUSPEND_RESUME;
1446 }
1447
1448 /* Reference the process */
1450 Access,
1451 PsProcessType,
1452 PreviousMode,
1454 NULL);
1456
1457 /* Check what kind of information class this is */
1458 switch (ProcessInformationClass)
1459 {
1461
1462 /* Check buffer length */
1464 {
1466 break;
1467 }
1468
1469 /* Use SEH for capture */
1470 _SEH2_TRY
1471 {
1472 /* Capture the boolean */
1473 VdmPower = *(PULONG)ProcessInformation;
1474 }
1476 {
1477 /* Get the exception code */
1480 }
1481 _SEH2_END;
1482
1483 /* Getting VDM powers requires the SeTcbPrivilege */
1485 {
1486 /* We don't hold the privilege, bail out */
1489 break;
1490 }
1491
1492 /* Set or clear the flag */
1493 if (VdmPower)
1494 {
1496 }
1497 else
1498 {
1500 }
1501 break;
1502
1503 /* Error/Exception Port */
1505
1506 /* Check buffer length */
1508 {
1510 break;
1511 }
1512
1513 /* Use SEH for capture */
1514 _SEH2_TRY
1515 {
1516 /* Capture the handle */
1517 PortHandle = *(PHANDLE)ProcessInformation;
1518 }
1520 {
1521 /* Get the exception code */
1524 }
1525 _SEH2_END;
1526
1527 /* Setting the error port requires the SeTcbPrivilege */
1529 {
1530 /* We don't hold the privilege, bail out */
1532 break;
1533 }
1534
1535 /* Get the LPC Port */
1537 0,
1538 LpcPortObjectType,
1539 PreviousMode,
1540 (PVOID)&ExceptionPort,
1541 NULL);
1543
1544 /* Change the pointer */
1546 ExceptionPort,
1547 NULL))
1548 {
1549 /* We already had one, fail */
1550 ObDereferenceObject(ExceptionPort);
1552 }
1553 break;
1554
1555 /* Security Token */
1557
1558 /* Check buffer length */
1560 {
1562 break;
1563 }
1564
1565 /* Use SEH for capture */
1566 _SEH2_TRY
1567 {
1568 /* Save the token handle */
1570 Token;
1571 }
1573 {
1574 /* Get the exception code */
1577 }
1578 _SEH2_END;
1579
1580 /* Assign the actual token */
1582 break;
1583
1584 /* Hard error processing */
1586
1587 /* Check buffer length */
1589 {
1591 break;
1592 }
1593
1594 /* Enter SEH for direct buffer read */
1595 _SEH2_TRY
1596 {
1597 DefaultHardErrorMode = *(PULONG)ProcessInformation;
1598 }
1600 {
1601 /* Get exception code */
1604 }
1605 _SEH2_END;
1606
1607 /* Set the mode */
1608 Process->DefaultHardErrorProcessing = DefaultHardErrorMode;
1609
1610 /* Call Ke for the update */
1612 {
1614 }
1615 else
1616 {
1618 }
1620 break;
1621
1622 /* Session ID */
1624
1625 /* Check buffer length */
1627 {
1629 break;
1630 }
1631
1632 /* Enter SEH for capture */
1633 _SEH2_TRY
1634 {
1635 /* Capture the caller's buffer */
1637 }
1639 {
1640 /* Get the exception code */
1643 }
1644 _SEH2_END;
1645
1646 /* Setting the session id requires the SeTcbPrivilege */
1648 {
1649 /* We don't hold the privilege, bail out */
1651 break;
1652 }
1653
1654 /*
1655 * Since we cannot change the session ID of the given
1656 * process anymore because it is set once and for all
1657 * at process creation time and because it is stored
1658 * inside the Process->Session structure managed by MM,
1659 * we fake changing it: we just return success if the
1660 * user-defined value is the same as the session ID of
1661 * the process, and otherwise we fail.
1662 */
1664 {
1666 }
1667 else
1668 {
1670 }
1671
1672 break;
1673
1675
1676 /* Check buffer length */
1678 {
1680 break;
1681 }
1682
1683 /* Enter SEH for capture */
1684 _SEH2_TRY
1685 {
1686 /* Capture the caller's buffer */
1687 PriorityClass = *(PPROCESS_PRIORITY_CLASS)ProcessInformation;
1688 }
1690 {
1691 /* Return the exception code */
1694 }
1695 _SEH2_END;
1696
1697 /* Check for invalid PriorityClass value */
1699 {
1701 break;
1702 }
1703
1706 {
1707 /* Check the privilege */
1709 ProcessHandle,
1710 PROCESS_SET_INFORMATION,
1711 PreviousMode);
1713 {
1717 }
1718 }
1719
1720 /* Check if we have a job */
1722 {
1724 }
1725
1726 /* Set process priority class */
1728
1729 /* Set process priority mode (foreground or background) */
1731 PriorityClass.Foreground ?
1732 PsProcessPriorityForeground :
1733 PsProcessPriorityBackground);
1735 break;
1736
1738
1739 /* Check buffer length */
1741 {
1743 break;
1744 }
1745
1746 /* Enter SEH for capture */
1747 _SEH2_TRY
1748 {
1749 /* Capture the caller's buffer */
1750 Foreground = *(PPROCESS_FOREGROUND_BACKGROUND)ProcessInformation;
1751 }
1753 {
1754 /* Return the exception code */
1757 }
1758 _SEH2_END;
1759
1760 /* Set process priority mode (foreground or background) */
1762 Foreground.Foreground ?
1763 PsProcessPriorityForeground :
1764 PsProcessPriorityBackground);
1766 break;
1767
1769
1770 /* Validate input length */
1772 {
1774 break;
1775 }
1776
1777 /* Enter SEH for direct buffer read */
1778 _SEH2_TRY
1779 {
1780 BasePriority = *(KPRIORITY*)ProcessInformation;
1781 }
1783 {
1784 /* Get exception code */
1785 Break = 0;
1788 }
1789 _SEH2_END;
1790
1791 /* Extract the memory priority out of there */
1792 if (BasePriority & 0x80000000)
1793 {
1794 MemoryPriority = MEMORY_PRIORITY_FOREGROUND;
1795 BasePriority &= ~0x80000000;
1796 }
1797 else
1798 {
1799 MemoryPriority = MEMORY_PRIORITY_BACKGROUND;
1800 }
1801
1802 /* Validate the number */
1804 {
1807 }
1808
1809 /* Check if the new base is higher */
1811 {
1813 ProcessHandle,
1814 PROCESS_SET_INFORMATION,
1815 PreviousMode);
1817 {
1819 DPRINT1("Privilege to change priority from %lx to %lx lacking\n", Process->Pcb.BasePriority, BasePriority);
1821 }
1822 }
1823
1824 /* Call Ke */
1826
1827 /* Now set the memory priority */
1830 break;
1831
1833
1834 /* Validate input length */
1836 {
1838 break;
1839 }
1840
1841 /* Enter SEH for direct buffer read */
1842 _SEH2_TRY
1843 {
1844 Boost = *(PULONG)ProcessInformation;
1845 }
1847 {
1848 /* Get exception code */
1849 Break = 0;
1852 }
1853 _SEH2_END;
1854
1855 /* Make sure the process isn't dying */
1857 {
1858 /* Lock it */
1859 KeEnterCriticalRegion();
1861
1862 /* Loop the threads */
1866 {
1867 /* Call Ke for the thread */
1870 }
1871
1872 /* Release the lock and rundown */
1874 KeLeaveCriticalRegion();
1876
1877 /* Set success code */
1879 }
1880 else
1881 {
1882 /* Avoid race conditions */
1884 }
1885 break;
1886
1888
1889 /* Check buffer length */
1891 {
1893 break;
1894 }
1895
1896 /* Enter SEH for direct buffer read */
1897 _SEH2_TRY
1898 {
1899 Break = *(PULONG)ProcessInformation;
1900 }
1902 {
1903 /* Get exception code */
1904 Break = 0;
1907 }
1908 _SEH2_END;
1909
1910 /* Setting 'break on termination' requires the SeDebugPrivilege */
1912 {
1913 /* We don't hold the privilege, bail out */
1915 break;
1916 }
1917
1918 /* Set or clear the flag */
1919 if (Break)
1920 {
1922 }
1923 else
1924 {
1926 }
1927
1928 break;
1929
1931
1932 /* Check buffer length */
1934 {
1936 break;
1937 }
1938
1939 /* Enter SEH for direct buffer read */
1940 _SEH2_TRY
1941 {
1943 }
1945 {
1946 /* Get exception code */
1947 Break = 0;
1950 }
1951 _SEH2_END;
1952
1953 /* Make sure it's valid for the CPUs present */
1956 {
1958 break;
1959 }
1960
1961 /* Check if it's within job affinity limits */
1963 {
1964 /* Not yet implemented */
1965 UNIMPLEMENTED;
1967 break;
1968 }
1969
1970 /* Make sure the process isn't dying */
1972 {
1973 /* Lock it */
1974 KeEnterCriticalRegion();
1976
1977 /* Call Ke to do the work */
1979
1980 /* Release the lock and rundown */
1982 KeLeaveCriticalRegion();
1984
1985 /* Set success code */
1987 }
1988 else
1989 {
1990 /* Avoid race conditions */
1992 }
1993 break;
1994
1995 /* Priority Boosting status */
1997
1998 /* Validate input length */
2000 {
2002 break;
2003 }
2004
2005 /* Enter SEH for direct buffer read */
2006 _SEH2_TRY
2007 {
2008 DisableBoost = *(PBOOLEAN)ProcessInformation;
2009 }
2011 {
2012 /* Get exception code */
2013 Break = 0;
2016 }
2017 _SEH2_END;
2018
2019 /* Make sure the process isn't dying */
2021 {
2022 /* Lock it */
2023 KeEnterCriticalRegion();
2025
2026 /* Call Ke to do the work */
2028
2029 /* Loop the threads too */
2033 {
2034 /* Call Ke for the thread */
2037 }
2038
2039 /* Release the lock and rundown */
2041 KeLeaveCriticalRegion();
2043
2044 /* Set success code */
2046 }
2047 else
2048 {
2049 /* Avoid race conditions */
2051 }
2052 break;
2053
2055
2056 /* Check buffer length */
2058 {
2060 break;
2061 }
2062
2063 /* Enter SEH for direct buffer read */
2064 _SEH2_TRY
2065 {
2066 DebugFlags = *(PULONG)ProcessInformation;
2067 }
2069 {
2070 /* Get exception code */
2073 }
2074 _SEH2_END;
2075
2076 /* Set the mode */
2077 if (DebugFlags & ~1)
2078 {
2080 }
2081 else
2082 {
2083 if (DebugFlags & 1)
2084 {
2086 }
2087 else
2088 {
2090 }
2091 }
2092
2093 /* Done */
2095 break;
2096
2098
2099 /* Check buffer length */
2101 {
2103 break;
2104 }
2105
2106 /* Enter SEH for direct buffer read */
2107 _SEH2_TRY
2108 {
2109 EnableFixup = *(PULONG)ProcessInformation;
2110 }
2112 {
2113 /* Get exception code */
2116 }
2117 _SEH2_END;
2118
2119 /* Set the mode */
2120 if (EnableFixup)
2121 {
2123 }
2124 else
2125 {
2126 Process->DefaultHardErrorProcessing &= ~SEM_NOALIGNMENTFAULTEXCEPT;
2127 }
2128
2129 /* Call Ke for the update */
2132 break;
2133
2135
2136 /* Only TCB can do this */
2138 {
2139 /* We don't hold the privilege, bail out */
2142 break;
2143 }
2144
2145 /* Only supported on x86 */
2146#if defined (_X86_)
2147 Ke386SetIOPL();
2148#elif defined(_M_AMD64)
2149 /* On x64 this function isn't implemented.
2150 On Windows 2003 it returns success.
2151 On Vista+ it returns STATUS_NOT_IMPLEMENTED. */
2153 (RtlRosGetAppcompatVersion() > _WIN32_WINNT_WS03))
2154 {
2156 }
2157#else
2159#endif
2160 /* Done */
2161 break;
2162
2164
2165 /* Check buffer length */
2167 {
2169 break;
2170 }
2171
2173 {
2175 break;
2176 }
2177
2178 /* Enter SEH for direct buffer read */
2179 _SEH2_TRY
2180 {
2181 NoExecute = *(PULONG)ProcessInformation;
2182 }
2184 {
2185 /* Get exception code */
2188 }
2189 _SEH2_END;
2190
2191 /* Call Mm for the update */
2193 break;
2194
2196
2197 /* Check buffer length */
2199 {
2201 break;
2202 }
2203
2204 /* Use SEH for capture */
2205 _SEH2_TRY
2206 {
2207 /* Capture the handle */
2209 }
2211 {
2212 /* Get the exception code */
2215 }
2216 _SEH2_END;
2217
2218 /* Call Ob to set the device map */
2220 break;
2221
2222
2223 /* We currently don't implement any of these */
2229 break;
2230
2232
2234 1,
2235 ProcessInformation,
2236 ProcessInformationLength,
2237 PreviousMode);
2238 break;
2239
2243 break;
2244
2248 break;
2249
2250 /* Anything else is invalid */
2251 default:
2252#if DBG
2253 DPRINT1("Invalid Server 2003 Info Class: %s\n", PspDumpProcessInfoClassName(ProcessInformationClass));
2254#endif
2256 }
2257
2258 /* Dereference and return status */
2261}
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1108
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1216
#define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL
Definition: pstypes.h:113
struct _PROCESS_FOREGROUND_BACKGROUND * PPROCESS_FOREGROUND_BACKGROUND
#define LOW_PRIORITY
#define HIGH_PRIORITY
#define InterlockedCompareExchangePointer
Definition: interlocked.h:144
struct _PROCESS_ACCESS_TOKEN * PPROCESS_ACCESS_TOKEN
KAFFINITY NTAPI KeSetAffinityProcess(IN PKPROCESS Process, IN KAFFINITY Affinity)
Definition: procobj.c:265
BOOLEAN NTAPI KeSetDisableBoostProcess(IN PKPROCESS Process, IN BOOLEAN Disable)
Definition: procobj.c:331
BOOLEAN NTAPI KeSetDisableBoostThread(IN OUT PKTHREAD Thread, IN BOOLEAN Disable)
Definition: thrdobj.c:86
BOOLEAN NTAPI KeSetAutoAlignmentProcess(IN PKPROCESS Process, IN BOOLEAN Enable)
Definition: procobj.c:313
VOID NTAPI KeBoostPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Increment)
Definition: thrdobj.c:220
KPRIORITY NTAPI KeSetPriorityAndQuantumProcess(IN PKPROCESS Process, IN KPRIORITY Priority, IN UCHAR Quantum OPTIONAL)
Definition: procobj.c:349
NTSTATUS NTAPI MmSetExecuteOptions(IN ULONG ExecuteOptions)
Definition: pagfault.c:2695
NTSTATUS NTAPI MmSetMemoryPriorityProcess(IN PEPROCESS Process, IN UCHAR MemoryPriority)
Definition: procsup.c:487
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
Definition: probe.h:70
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
Definition: priv.c:803
VOID NTAPI PsSetProcessPriorityByClass(IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE Type)
Definition: process.c:1325
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
Definition: devicemap.c:24
NTSTATUS NTAPI PspSetPrimaryToken(IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
Definition: security.c:215
NTSTATUS NTAPI PspSetQuotaLimits(_In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode)
This function adjusts the working set limits of a process and sets up new quota limits when necessary...
Definition: quota.c:1045
STDMETHOD() Next(THIS_ ULONG celt, IAssociationElement *pElement, ULONG *pceltFetched) PURE
Definition: typedefs.h:120
Definition: ntddk.h:9
Definition: pstypes.h:1048
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
Definition: halfuncs.h:174
Referenced by _main(), CreateProcessInternalW(), CSR_API(), CsrCreateProcess(), CsrpSetDefaultProcessHardErrorMode(), CsrSbCreateSession(), CsrSetBackgroundPriority(), CsrSetForegroundPriority(), CsrSetToNormalPriority(), CsrSetToShutdownPriority(), EmptyWorkingSet(), InitFunctionPtrs(), InitializeProcessForWsWatch(), InsertTokenToProcessCommon(), LdrpInitializeProcess(), QuerySetProcessValidator(), SetErrorMode(), SetPriorityClass(), SetProcessAffinityMask(), SetProcessInformation(), SetProcessPriorityBoost(), SetProcessWorkingSetSizeEx(), SmpInit(), SmpSbCreateSession(), SmpSetProcessMuSessionId(), Test_ProcBasePriorityClass(), Test_ProcessWx86InformationClass(), Test_ProcForegroundBackgroundClass(), and Test_ProcRaisePriorityClass().
◆ NtSetInformationThread()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ THREADINFOCLASS | ThreadInformationClass, | ||
| _In_reads_bytes_(ThreadInformationLength) PVOID | ThreadInformation, | ||
| _In_ ULONG | ThreadInformationLength | ||
| ) |
Definition at line 2268 of file query.c.
2273{
2282 ULONG_PTR DisableBoost = 0;
2283 ULONG_PTR IdealProcessor = 0;
2284 ULONG_PTR Break = 0;
2285 PTEB Teb;
2287 PVOID *ExpansionSlots;
2288 PETHREAD ProcThread;
2290 PAGED_CODE();
2291
2292 /* Validate the information class */
2294 PsThreadInfoClass,
2296 ThreadInformation,
2297 ThreadInformationLength,
2298 PreviousMode);
2300 {
2301#if DBG
2302 DPRINT1("NtSetInformationThread(ThreadInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
2304#endif
2306 }
2307
2308 /* Check what kind of information class this is */
2310 {
2311 /* Thread priority */
2313
2314 /* Check buffer length */
2316 {
2318 break;
2319 }
2320
2321 /* Use SEH for capture */
2322 _SEH2_TRY
2323 {
2324 /* Get the priority */
2326 }
2328 {
2329 /* Get the exception code */
2332 }
2333 _SEH2_END;
2334
2335 /* Validate it */
2338 {
2339 /* Fail */
2341 break;
2342 }
2343
2344 /* Check for the required privilege */
2346 {
2348 ThreadHandle,
2349 THREAD_SET_INFORMATION,
2350 PreviousMode);
2352 {
2355 }
2356 }
2357
2358 /* Reference the thread */
2360 THREAD_SET_INFORMATION,
2361 PsThreadType,
2362 PreviousMode,
2364 NULL);
2366 break;
2367
2368 /* Set the priority */
2370
2371 /* Dereference the thread */
2373 break;
2374
2376
2377 /* Check buffer length */
2379 {
2381 break;
2382 }
2383
2384 /* Use SEH for capture */
2385 _SEH2_TRY
2386 {
2387 /* Get the priority */
2389 }
2391 {
2392 /* Get the exception code */
2395 }
2396 _SEH2_END;
2397
2398 /* Validate it */
2401 {
2402 /* These ones are OK */
2405 {
2406 /* Check if the process is real time */
2409 {
2410 /* It isn't, fail */
2412 break;
2413 }
2414 }
2415 }
2416
2417 /* Reference the thread */
2419 THREAD_SET_INFORMATION,
2420 PsThreadType,
2421 PreviousMode,
2423 NULL);
2425 break;
2426
2427 /* Set the base priority */
2429
2430 /* Dereference the thread */
2432 break;
2433
2435
2436 /* Check buffer length */
2438 {
2440 break;
2441 }
2442
2443 /* Use SEH for capture */
2444 _SEH2_TRY
2445 {
2446 /* Get the priority */
2448 }
2450 {
2451 /* Get the exception code */
2454 }
2455 _SEH2_END;
2456
2457 /* Validate it */
2459 {
2460 /* Fail */
2462 break;
2463 }
2464
2465 /* Reference the thread */
2467 THREAD_SET_INFORMATION,
2468 PsThreadType,
2469 PreviousMode,
2471 NULL);
2473 break;
2474
2475 /* Get the process */
2477
2478 /* Try to acquire rundown */
2480 {
2481 /* Lock it */
2482 KeEnterCriticalRegion();
2484
2485 /* Combine masks */
2488 {
2489 /* Fail */
2491 }
2492 else
2493 {
2494 /* Set the affinity */
2496 }
2497
2498 /* Release the lock and rundown */
2500 KeLeaveCriticalRegion();
2502 }
2503 else
2504 {
2505 /* Too late */
2507 }
2508
2509 /* Dereference the thread */
2511 break;
2512
2514
2515 /* Check buffer length */
2517 {
2519 break;
2520 }
2521
2522 /* Use SEH for capture */
2523 _SEH2_TRY
2524 {
2525 /* Save the token handle */
2527 }
2529 {
2530 /* Get the exception code */
2533 }
2534 _SEH2_END;
2535
2536 /* Reference the thread */
2538 THREAD_SET_THREAD_TOKEN,
2539 PsThreadType,
2540 PreviousMode,
2542 NULL);
2544 break;
2545
2546 /* Assign the actual token */
2548
2549 /* Dereference the thread */
2551 break;
2552
2554
2555 /* Check buffer length */
2557 {
2559 break;
2560 }
2561
2562 /* Use SEH for capture */
2563 _SEH2_TRY
2564 {
2565 /* Get the priority */
2567 }
2569 {
2570 /* Get the exception code */
2573 }
2574 _SEH2_END;
2575
2576 /* Reference the thread */
2578 THREAD_SET_INFORMATION,
2579 PsThreadType,
2580 PreviousMode,
2582 NULL);
2584 break;
2585
2586 /* Set the address */
2588
2589 /* Dereference the thread */
2591 break;
2592
2594
2595 /* Check buffer length */
2597 {
2599 break;
2600 }
2601
2602 /* Use SEH for capture */
2603 _SEH2_TRY
2604 {
2605 /* Get the priority */
2606 IdealProcessor = *(PULONG_PTR)ThreadInformation;
2607 }
2609 {
2610 /* Get the exception code */
2613 }
2614 _SEH2_END;
2615
2616 /* Validate it */
2618 {
2619 /* Fail */
2621 break;
2622 }
2623
2624 /* Reference the thread */
2626 THREAD_SET_INFORMATION,
2627 PsThreadType,
2628 PreviousMode,
2630 NULL);
2632 break;
2633
2634 /* Set the ideal */
2636 (CCHAR)IdealProcessor);
2637
2638 /* Get the TEB and protect the thread */
2641 {
2642 /* Save the ideal processor */
2644
2645 /* Release rundown protection */
2647 }
2648
2649 /* Dereference the thread */
2651 break;
2652
2654
2655 /* Check buffer length */
2657 {
2659 break;
2660 }
2661
2662 /* Use SEH for capture */
2663 _SEH2_TRY
2664 {
2665 /* Get the priority */
2666 DisableBoost = *(PULONG_PTR)ThreadInformation;
2667 }
2669 {
2670 /* Get the exception code */
2673 }
2674 _SEH2_END;
2675
2676 /* Reference the thread */
2678 THREAD_SET_INFORMATION,
2679 PsThreadType,
2680 PreviousMode,
2682 NULL);
2684 break;
2685
2686 /* Call the kernel */
2688
2689 /* Dereference the thread */
2691 break;
2692
2694
2695 /* Check buffer length */
2697 {
2699 break;
2700 }
2701
2702 /* Use SEH for capture */
2703 _SEH2_TRY
2704 {
2705 /* Get the priority */
2707 }
2709 {
2710 /* Get the exception code */
2713 }
2714 _SEH2_END;
2715
2716 /* Reference the thread */
2718 THREAD_SET_INFORMATION,
2719 PsThreadType,
2720 PreviousMode,
2722 NULL);
2724 break;
2725
2726 /* This is only valid for the current thread */
2728 {
2729 /* Fail */
2732 break;
2733 }
2734
2735 /* Get the process */
2737
2738 /* Loop the threads */
2740 while (ProcThread)
2741 {
2742 /* Acquire rundown */
2744 {
2745 /* Get the TEB */
2747 if (Teb)
2748 {
2749 /* Check if we're in the expansion range */
2751 {
2753 TLS_EXPANSION_SLOTS) - 1)
2754 {
2755 /* Check if we have expansion slots */
2756 ExpansionSlots = Teb->TlsExpansionSlots;
2757 if (ExpansionSlots)
2758 {
2759 /* Clear the index */
2761 }
2762 }
2763 }
2764 else
2765 {
2766 /* Clear the index */
2768 }
2769 }
2770
2771 /* Release rundown */
2773 }
2774
2775 /* Go to the next thread */
2777 }
2778
2779 /* Dereference the thread */
2781 break;
2782
2784
2785 /* Check buffer length */
2787 {
2789 break;
2790 }
2791
2792 /* Enter SEH for direct buffer read */
2793 _SEH2_TRY
2794 {
2795 Break = *(PULONG)ThreadInformation;
2796 }
2798 {
2799 /* Get exception code */
2800 Break = 0;
2803 }
2804 _SEH2_END;
2805
2806 /* Setting 'break on termination' requires the SeDebugPrivilege */
2808 {
2809 /* We don't hold the privilege, bail out */
2811 break;
2812 }
2813
2814 /* Reference the thread */
2816 THREAD_SET_INFORMATION,
2817 PsThreadType,
2818 PreviousMode,
2820 NULL);
2822 break;
2823
2824 /* Set or clear the flag */
2825 if (Break)
2826 {
2828 }
2829 else
2830 {
2832 }
2833
2834 /* Dereference the thread */
2836 break;
2837
2839
2840 /* Check buffer length */
2842 {
2844 break;
2845 }
2846
2847 /* Reference the thread */
2849 THREAD_SET_INFORMATION,
2850 PsThreadType,
2851 PreviousMode,
2853 NULL);
2855 break;
2856
2857 /* Set the flag */
2859
2860 /* Dereference the thread */
2862 break;
2863
2864 /* Anything else */
2865 default:
2866 /* Not yet implemented */
2867#if DBG
2869#endif
2871 }
2872
2874}
#define LOW_REALTIME_PRIORITY
NTSTATUS NTAPI PsAssignImpersonationToken(IN PETHREAD Thread, IN HANDLE TokenHandle)
Definition: security.c:502
PETHREAD NTAPI PsGetNextProcessThread(IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
Definition: process.c:75
UCHAR NTAPI KeSetIdealProcessorThread(IN PKTHREAD Thread, IN UCHAR Processor)
Definition: thrdobj.c:1066
LONG NTAPI KeSetBasePriorityThread(IN PKTHREAD Thread, IN LONG Increment)
Definition: thrdobj.c:1157
KPRIORITY NTAPI KeSetPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Priority)
Definition: thrdobj.c:1300
KAFFINITY NTAPI KeSetAffinityThread(IN PKTHREAD Thread, IN KAFFINITY Affinity)
Definition: thrdobj.c:1276
_In_ WDFINTERRUPT _In_ WDF_INTERRUPT_POLICY _In_ WDF_INTERRUPT_PRIORITY Priority
Definition: wdfinterrupt.h:655
◆ NtSuspendProcess()
| NTSYSCALLAPI NTSTATUS NTAPI NtSuspendProcess | ( | _In_ HANDLE | ProcessHandle | ) |
◆ NtSuspendThread()
| NTSYSCALLAPI NTSTATUS NTAPI NtSuspendThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ PULONG | PreviousSuspendCount | ||
| ) |
◆ NtTerminateJobObject()
| NTSYSCALLAPI NTSTATUS NTAPI NtTerminateJobObject | ( | _In_ HANDLE | JobHandle, |
| _In_ NTSTATUS | ExitStatus | ||
| ) |
◆ NtTerminateProcess()
| NTSYSCALLAPI NTSTATUS NTAPI NtTerminateProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ NTSTATUS | ExitStatus | ||
| ) |
◆ NtTerminateThread()
| NTSYSCALLAPI NTSTATUS NTAPI NtTerminateThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ NTSTATUS | ExitStatus | ||
| ) |
◆ PsChargePoolQuota()
| NTKERNELAPI VOID NTAPI PsChargePoolQuota | ( | _In_ PEPROCESS | Process, |
| _In_ POOL_TYPE | PoolType, | ||
| _In_ SIZE_T | Amount | ||
| ) |
Charges the pool quota of a given process. The kind of pool quota to charge is determined by the PoolType parameter.
- Parameters
-
[in] Process The process which quota is to be charged. [in] PoolType The pool type to choose to charge quotas (e.g. PagedPool or NonPagedPool). [in] Amount The amount of quotas to charge into a process.
- Returns
- Nothing.
- Remarks
- The function raises an exception if STATUS_QUOTA_EXCEEDED status code is returned. Callers are responsible on their own to handle the raised exception.
Definition at line 775 of file quota.c.
779{
782
783 /* Don't do anything for the system process */
785
786 /* Charge the usage */
789}
NTSTATUS NTAPI PsChargeProcessPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.
Definition: quota.c:872
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3821
Referenced by FsRtlCancelNotify(), and FsRtlNotifyFilterReportChange().
◆ PsChargeProcessNonPagedPoolQuota()
| NTKERNELAPI NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota | ( | _In_ PEPROCESS | Process, |
| _In_ SIZE_T | Amount | ||
| ) |
Charges the non paged pool quota of a given process.
- Parameters
-
[in] Process The process which non paged quota is to be charged. [in] Amount The amount of quotas to charge into a process.
- Returns
- Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.
Definition at line 811 of file quota.c.
814{
815 /* Call the general function */
817}
Referenced by MiCreatePebOrTeb(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), and START_TEST().
◆ PsChargeProcessPagedPoolQuota()
| NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPagedPoolQuota | ( | _In_ PEPROCESS | Process, |
| _In_ SIZE_T | Amount | ||
| ) |
Charges the paged pool quota of a given process.
- Parameters
-
[in] Process The process which paged quota is to be charged. [in] Amount The amount of quotas to charge into a process.
- Returns
- Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.
Definition at line 839 of file quota.c.
842{
843 /* Call the general function */
845}
Referenced by ExpAllocateHandleTable(), ExpAllocateTablePagedPool(), ExpAllocateTablePagedPoolNoZero(), and START_TEST().
◆ PsChargeProcessPoolQuota()
| NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota | ( | _In_ PEPROCESS | Process, |
| _In_ POOL_TYPE | PoolType, | ||
| _In_ SIZE_T | Amount | ||
| ) |
Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.
- Parameters
-
[in] Process The process which quota is to be charged. [in] PoolType The type of quota pool to charge (e.g. PagedPool or NonPagedPool). [in] Amount The amount of quotas to charge into a process.
- Returns
- Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.
Definition at line 872 of file quota.c.
876{
877 /* Don't do anything for the system process */
879
881 Process->QuotaBlock,
883 Amount);
884}
NTSTATUS NTAPI PspChargeProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota charging, necessary for export...
Definition: quota.c:195
Referenced by ExAllocatePoolWithQuotaTag(), PsChargePoolQuota(), PsChargeProcessNonPagedPoolQuota(), and PsChargeProcessPagedPoolQuota().
◆ PsEstablishWin32Callouts()
| NTKERNELAPI VOID NTAPI PsEstablishWin32Callouts | ( | _In_ PWIN32_CALLOUTS_FPNS | CalloutData | ) |
◆ PsGetCurrentProcessSessionId()
| NTKERNELAPI ULONG NTAPI PsGetCurrentProcessSessionId | ( | VOID | ) |
Definition at line 1133 of file process.c.
1134{
1136}
Referenced by ExpWin32SessionCallout(), IntCreateDesktop(), IntDestroyMenuObject(), NtSetInformationObject(), NtUserSwitchDesktop(), ObpLookupObjectName(), and VideoPortUseDeviceInSession().
◆ PsGetCurrentProcessWin32Process()
| NTKERNELAPI PVOID NTAPI PsGetCurrentProcessWin32Process | ( | VOID | ) |
Definition at line 1183 of file process.c.
Referenced by _Function_class_(), CheckWinstaAttributeAccess(), co_IntGraphicsCheck(), co_IntSetParent(), co_IntSetWindowLongPtr(), co_IntUserManualGuiCheck(), co_UserDestroyWindow(), DC_bAllocDcAttr(), DC_vFreeDcAttr(), DecrementCurrentProcessGdiHandleCount(), DesktopHeapAddressToUser(), DesktopHeapGetUserDelta(), FontLink_PrepareFontInfo(), GDI_CleanupForProcess(), GetBrushAttrPool(), GetControlColor(), GetFontFamilyInfoForSubstitutes(), GetW32ProcessInfo(), handle_internal_message(), IdlePing(), IdlePong(), IncrementCurrentProcessGdiHandleCount(), IntAllowSetForegroundWindow(), IntFixWindowCoordinates(), IntGdiAddFontMemResource(), IntGdiCleanupPrivateFontsForProcess(), IntGdiLoadFontsFromMemory(), IntGdiRemoveFontMemResource(), IntGdiSetRegionOwner(), IntGetFontFamilyInfo(), IntLoadHookModule(), IntLoadSystenIcons(), IntLockSetForegroundWindow(), IntMapDesktopView(), IntUnmapDesktopView(), IntWinStaOkToClose(), NtUserCallHwndParam(), NtUserCallOneParam(), NtUserDestroyCursor(), NtUserFindExistingCursorIcon(), NtUserGetComboBoxInfo(), NtUserGetListBoxInfo(), NtUserSetSystemCursor(), NtUserSetWindowFNID(), REGION_bAllocRgnAttr(), REGION_vCleanup(), TextIntRealizeFont(), UserDbgAssertThreadInfo(), UserGetDCEx(), UserGetProcessWindowStation(), UserHeapAddressToUser(), UserSetProcessWindowStation(), UserSystemParametersInfo(), and UserUnregisterUserApiHook().
◆ PsGetCurrentThreadProcessId()
| NTKERNELAPI HANDLE NTAPI PsGetCurrentThreadProcessId | ( | VOID | ) |
Definition at line 755 of file thread.c.
Referenced by intDdCreateDirectDrawLocal().
◆ PsGetCurrentThreadWin32Thread()
| NTKERNELAPI PVOID NTAPI PsGetCurrentThreadWin32Thread | ( | VOID | ) |
Definition at line 805 of file thread.c.
Referenced by AllocateUserMessage(), CaretSystemTimerProc(), co_HOOK_CallHooks(), co_IntActivateKeyboardLayout(), co_IntCallHookProc(), co_IntCallSentMessageCallback(), co_IntCallWindowProc(), co_IntClientLoadLibrary(), co_IntClientThreadSetup(), co_IntCreateDefaultImeWindow(), co_IntFixCaret(), co_IntGetPeekMessage(), co_IntLoadDefaultCursors(), co_IntLoadSysMenuTemplate(), co_IntPaintWindows(), co_IntPeekMessage(), co_IntProcessKeyboardMessage(), co_IntProcessMouseMessage(), co_IntSendActivateMessages(), co_IntSendMessageTimeoutSingle(), co_IntSendMessageWithCallBack(), co_IntSetActiveWindow(), co_IntSetCaretPos(), co_IntSetForegroundAndFocusWindow(), co_IntWaitMessage(), co_MsqDispatchOneSentMessage(), co_MsqReplyMessage(), co_MsqSendMessage(), co_MsqSendMessageAsync(), co_UserDestroyWindow(), co_UserHideCaret(), co_UserSetCapture(), co_UserSetFocus(), co_UserShowCaret(), co_WinPosSearchChildren(), co_WinPosSetWindowPos(), co_WinPosShowWindow(), DECREASE_THREAD_LOCK_COUNT(), DefWndDoSizeMove(), DefWndStartSizeMove(), DesktopHeapGetUserDelta(), DesktopThreadMain(), ENTRY_ReferenceEntryByHandle(), GetW32ThreadInfo(), handle_internal_message(), IdlePing(), INCREASE_THREAD_LOCK_COUNT(), IntAddAtom(), IntCallWndProc(), IntCallWndProcRet(), IntCbAllocateMemory(), IntCbFreeMemory(), IntCreateDesktop(), IntDeactivateWindow(), IntDefWindowProc(), IntDeRegisterShellHookWindow(), IntDesktopOkToClose(), IntDestroyOwnedWindows(), IntDispatchMessage(), IntDrawScrollBar(), IntGetAndReferenceClass(), IntGetAtomName(), IntGetCapture(), IntGetCurrentThreadDesktopWindow(), IntGetImeCompatFlags(), IntGetNextHook(), IntGetQueueStatus(), IntGetThreadDesktopWindow(), IntGetThreadFocusWindow(), IntInitMessagePumpHook(), IntInvalidateWindows(), IntIsClipboardOpenByMe(), IntMsqClearWakeMask(), IntMsqSetWakeMask(), IntNotifyImeShowStatus(), IntNotifyWinEvent(), IntQueryTrackMouseEvent(), IntRegisterShellHookWindow(), IntReleaseCapture(), IntRemoveHook(), IntSendDestroyMsg(), IntSendSyncPaint(), IntSetThreadDesktop(), IntSetTimer(), IntTrackMouseEvent(), IntTrackPopupMenuEx(), IntTranslateKbdMessage(), IntUnhookWindowsHook(), IntUninitMessagePumpHook(), IntUserSetActiveWindow(), MENU_DoNextMenu(), MENU_InitTracking(), MENU_TrackMenu(), MsqGetMessageExtraInfo(), MsqSetMessageExtraInfo(), NtUserBlockInput(), NtUserCallNoParam(), NtUserCallOneParam(), NtUserCallTwoParam(), NtUserCreateAcceleratorTable(), NtUserCreateCaret(), NtUserGetAppImeLevel(), NtUserGetCaretPos(), NtUserGetGUIThreadInfo(), NtUserGetKeyboardLayoutName(), NtUserGetKeyboardState(), NtUserGetKeyNameText(), NtUserGetThreadState(), NtUserLockWorkStation(), NtUserMapVirtualKeyEx(), NtUserQueryWindow(), NtUserSendInput(), NtUserSetAppImeLevel(), NtUserSetKeyboardState(), NtUserSetThreadState(), NtUserSetWindowsHookEx(), NtUserSetWinEventHook(), NtUserToUnicodeEx(), NtUserValidateTimerCallback(), NtUserVkKeyScanEx(), NtUserWaitForInputIdle(), PostTimerMessages(), UserCreateInputContext(), UserDbgAssertThreadInfo(), UserDerefObjectCo(), UserDestroyMenu(), UserEnterExclusive(), UserGetActiveWindow(), UserGetCPD(), UserGetKeyboardLayout(), UserGetKeyState(), UserGhostThreadEntry(), UserInitialize(), UserOpenClipboard(), UserOpenInputDesktop(), UserRefObjectCo(), UserRegisterHotKey(), UserRegisterUserApiHook(), UserSendKeyboardInput(), UserSendMouseInput(), UserSetActiveWindow(), UserSetCursor(), UserShowCursor(), and UserUnregisterUserApiHook().
◆ PsGetProcessExitProcessCalled()
| NTKERNELAPI BOOLEAN NTAPI PsGetProcessExitProcessCalled | ( | _In_ PEPROCESS | Process | ) |
◆ PsGetProcessExitStatus()
| NTKERNELAPI NTSTATUS NTAPI PsGetProcessExitStatus | ( | _In_ PEPROCESS | Process | ) |
◆ PsGetProcessInheritedFromUniqueProcessId()
◆ PsGetProcessSecurityPort()
| NTKERNELAPI PVOID NTAPI PsGetProcessSecurityPort | ( | _In_ PEPROCESS | Process | ) |
◆ PsGetProcessSessionId()
| NTKERNELAPI ULONG NTAPI PsGetProcessSessionId | ( | _In_ PEPROCESS | Process | ) |
◆ PsGetProcessWin32Process()
| NTKERNELAPI PVOID NTAPI PsGetProcessWin32Process | ( | _In_ PEPROCESS | Process | ) |
◆ PsGetProcessWin32WindowStation()
| NTKERNELAPI PVOID NTAPI PsGetProcessWin32WindowStation | ( | _In_ PEPROCESS | Process | ) |
◆ PsGetThreadFreezeCount()
| NTKERNELAPI ULONG NTAPI PsGetThreadFreezeCount | ( | _In_ PETHREAD | Thread | ) |
◆ PsGetThreadHardErrorsAreDisabled()
| NTKERNELAPI BOOLEAN NTAPI PsGetThreadHardErrorsAreDisabled | ( | _In_ PETHREAD | Thread | ) |
◆ PsGetThreadId()
| NTKERNELAPI HANDLE NTAPI PsGetThreadId | ( | _In_ PETHREAD | Thread | ) |
◆ PsGetThreadProcess()
| NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess | ( | _In_ PETHREAD | Thread | ) |
◆ PsGetThreadTeb()
| NTKERNELAPI PTEB NTAPI PsGetThreadTeb | ( | _In_ PETHREAD | Thread | ) |
◆ PsGetThreadWin32Thread()
| NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread | ( | _In_ PETHREAD | Thread | ) |
◆ PsIsProtectedProcess()
◆ PsIsSystemProcess()
| NTKERNELAPI BOOLEAN NTAPI PsIsSystemProcess | ( | _In_ PEPROCESS | Process | ) |
◆ PsIsThreadImpersonating()
| NTKERNELAPI BOOLEAN NTAPI PsIsThreadImpersonating | ( | _In_ PETHREAD | Thread | ) |
◆ PsLookupProcessThreadByCid()
| NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid | ( | _In_ PCLIENT_ID | Cid, |
| _Out_opt_ PEPROCESS * | Process, | ||
| _Out_ PETHREAD * | Thread | ||
| ) |
◆ PsReturnPoolQuota()
| NTKERNELAPI VOID NTAPI PsReturnPoolQuota | ( | _In_ PEPROCESS | Process, |
| _In_ POOL_TYPE | PoolType, | ||
| _In_ SIZE_T | Amount | ||
| ) |
Returns the pool quota that the process was taking up.
- Parameters
-
[in] Process The process which quota is to be returned. [in] PoolType The type of quota pool to return (e.g. PagedPool or NonPagedPool). [in] Amount The amount of quotas to return from a process.
- Returns
- Nothing.
Definition at line 907 of file quota.c.
911{
912 /* Don't do anything for the system process */
914
916 Process->QuotaBlock,
918 Amount);
919}
VOID NTAPI PspReturnProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota returning. It returns (takes a...
Definition: quota.c:345
Referenced by ExFreePoolWithTag(), ExReturnPoolQuota(), PsReturnProcessNonPagedPoolQuota(), and PsReturnProcessPagedPoolQuota().
◆ PsReturnProcessNonPagedPoolQuota()
| NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota | ( | _In_ PEPROCESS | Process, |
| _In_ SIZE_T | Amount | ||
| ) |
Returns the non paged quota pool that the process was taking up.
- Parameters
-
[in] Process The process which non paged quota is to be returned. [in] Amount The amount of quotas to return from a process.
- Returns
- Nothing.
Definition at line 938 of file quota.c.
941{
942 /* Don't do anything for the system process */
944
946}
VOID NTAPI PsReturnPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Returns the pool quota that the process was taking up.
Definition: quota.c:907
Referenced by MiCreatePebOrTeb(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), MiUnmapLockedPagesInUserSpace(), MiUnmapViewOfSection(), MmCleanProcessAddressSpace(), MmDeleteTeb(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), PspDeleteProcess(), and START_TEST().
◆ PsReturnProcessPagedPoolQuota()
Returns the paged pool quota that the process was taking up.
- Parameters
-
[in] Process The process which paged pool quota is to be returned. [in] Amount The amount of quotas to return from a process.
- Returns
- Nothing.
Definition at line 965 of file quota.c.
968{
969 /* Don't do anything for the system process */
971
973}
Referenced by ExpAllocateHandleTable(), ExpFreeHandleTable(), ExpFreeTablePagedPool(), FsRtlCancelNotify(), FsRtlNotifyCleanup(), FsRtlNotifyCompleteIrp(), FsRtlNotifyFilterReportChange(), and START_TEST().
◆ PsRevertThreadToSelf()
| NTKERNELAPI VOID NTAPI PsRevertThreadToSelf | ( | _Inout_ PETHREAD | Thread | ) |
◆ PsSetProcessPriorityByClass()
◆ PsSetProcessSecurityPort()
| NTKERNELAPI NTSTATUS NTAPI PsSetProcessSecurityPort | ( | _Inout_ PEPROCESS | Process, |
| _In_ PVOID | SecurityPort | ||
| ) |
◆ PsSetProcessWin32Process()
| NTKERNELAPI NTSTATUS NTAPI PsSetProcessWin32Process | ( | _Inout_ PEPROCESS | Process, |
| _In_opt_ PVOID | Win32Process, | ||
| _In_opt_ PVOID | OldWin32Process | ||
| ) |
Definition at line 1257 of file process.c.
1261{
1263
1264 /* Assume success */
1266
1267 /* Lock the process */
1268 KeEnterCriticalRegion();
1270
1271 /* Check if we set a new win32 process */
1273 {
1274 /* Check if the process is in the right state */
1277 {
1278 /* Set the new win32 process */
1279 Process->Win32Process = Win32Process;
1280 }
1281 else
1282 {
1283 /* Otherwise fail */
1285 }
1286 }
1287 else
1288 {
1289 /* Reset the win32 process, did the caller specify the correct old value? */
1291 {
1292 /* Yes, so reset the win32 process to NULL */
1294 }
1295 else
1296 {
1297 /* Otherwise fail */
1299 }
1300 }
1301
1302 /* Unlock the process */
1304 KeLeaveCriticalRegion();
1305
1307}
FORCEINLINE VOID ExAcquirePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1039
FORCEINLINE VOID ExReleasePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1255
Referenced by AllocW32Process(), and ExitProcessCallback().
◆ PsSetProcessWindowStation()
| NTKERNELAPI VOID NTAPI PsSetProcessWindowStation | ( | _Inout_ PEPROCESS | Process, |
| _In_opt_ PVOID | WindowStation | ||
| ) |
◆ PsSetThreadHardErrorsAreDisabled()
| NTKERNELAPI VOID NTAPI PsSetThreadHardErrorsAreDisabled | ( | _Inout_ PETHREAD | Thread, |
| _In_ BOOLEAN | Disabled | ||
| ) |
◆ PsSetThreadWin32Thread()
| NTKERNELAPI PVOID NTAPI PsSetThreadWin32Thread | ( | _Inout_ PETHREAD | Thread, |
| _In_opt_ PVOID | Win32Thread, | ||
| _In_opt_ PVOID | OldWin32Thread | ||
| ) |
◆ ZwAlertResumeThread()
| NTSYSAPI NTSTATUS NTAPI ZwAlertResumeThread | ( | _In_ HANDLE | ThreadHandle, |
| _Out_opt_ PULONG | SuspendCount | ||
| ) |
◆ ZwAlertThread()
◆ ZwAssignProcessToJobObject()
| NTSYSAPI NTSTATUS NTAPI ZwAssignProcessToJobObject | ( | _In_ HANDLE | JobHandle, |
| _In_ HANDLE | ProcessHandle | ||
| ) |
◆ ZwCreateJobObject()
| NTSYSAPI NTSTATUS NTAPI ZwCreateJobObject | ( | _Out_ PHANDLE | JobHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes | ||
| ) |
◆ ZwCreateProcess()
| NTSYSAPI NTSTATUS NTAPI ZwCreateProcess | ( | _Out_ PHANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ HANDLE | ParentProcess, | ||
| _In_ BOOLEAN | InheritObjectTable, | ||
| _In_opt_ HANDLE | SectionHandle, | ||
| _In_opt_ HANDLE | DebugPort, | ||
| _In_opt_ HANDLE | ExceptionPort | ||
| ) |
Referenced by RtlCreateUserProcess().
◆ ZwCreateThread()
| NTSYSAPI NTSTATUS NTAPI ZwCreateThread | ( | _Out_ PHANDLE | ThreadHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ HANDLE | ProcessHandle, | ||
| _Out_ PCLIENT_ID | ClientId, | ||
| _In_ PCONTEXT | ThreadContext, | ||
| _In_ PINITIAL_TEB | UserStack, | ||
| _In_ BOOLEAN | CreateSuspended | ||
| ) |
Referenced by RtlCreateUserThread().
◆ ZwImpersonateThread()
| NTSYSAPI NTSTATUS NTAPI ZwImpersonateThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ HANDLE | ThreadToImpersonate, | ||
| _In_ PSECURITY_QUALITY_OF_SERVICE | SecurityQualityOfService | ||
| ) |
◆ ZwIsProcessInJob()
◆ ZwOpenThread()
| NTSYSAPI NTSTATUS NTAPI ZwOpenThread | ( | _Out_ PHANDLE | ThreadHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ PCLIENT_ID | ClientId | ||
| ) |
◆ ZwOpenThreadToken()
| NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken | ( | _In_ HANDLE | ThreadHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ BOOLEAN | OpenAsSelf, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
Referenced by IntGetCurrentAccessToken(), RtlAdjustPrivilege(), and RtlpOpenThreadToken().
◆ ZwOpenThreadTokenEx()
| NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx | ( | _In_ HANDLE | ThreadHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ BOOLEAN | OpenAsSelf, | ||
| _In_ ULONG | HandleAttributes, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
Referenced by RtlFormatCurrentUserKeyPath().
◆ ZwQueryInformationJobObject()
| NTSYSAPI NTSTATUS NTAPI ZwQueryInformationJobObject | ( | _In_ HANDLE | JobHandle, |
| _In_ JOBOBJECTINFOCLASS | JobInformationClass, | ||
| _Out_bytecap_(JobInformationLength) PVOID | JobInformation, | ||
| _In_ ULONG | JobInformationLength, | ||
| _Out_ PULONG | ReturnLength | ||
| ) |
◆ ZwQueryInformationProcess()
| NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _Out_ PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Referenced by lie_about_fs_type(), RtlCreateUserProcess(), RtlEncodePointer(), RtlSetProcessIsCritical(), and START_TEST().
◆ ZwQueryInformationThread()
| NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ THREADINFOCLASS | ThreadInformationClass, | ||
| _Out_ PVOID | ThreadInformation, | ||
| _In_ ULONG | ThreadInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Referenced by RtlSetThreadIsCritical().
◆ ZwRegisterThreadTerminatePort()
◆ ZwResumeProcess()
◆ ZwResumeThread()
Referenced by ExpLoadInitialProcess().
◆ ZwSetInformationJobObject()
| NTSYSAPI NTSTATUS NTAPI ZwSetInformationJobObject | ( | _In_ HANDLE | JobHandle, |
| _In_ JOBOBJECTINFOCLASS | JobInformationClass, | ||
| _In_ PVOID | JobInformation, | ||
| _In_ ULONG | JobInformationLength | ||
| ) |
◆ ZwSetInformationProcess()
| NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _In_ PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength | ||
| ) |
Referenced by RtlSetProcessIsCritical().
◆ ZwSuspendProcess()
◆ ZwSuspendThread()
| NTSYSAPI NTSTATUS NTAPI ZwSuspendThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ PULONG | PreviousSuspendCount | ||
| ) |
◆ ZwTerminateJobObject()
◆ ZwTerminateThread()
Referenced by RtlAssert().
Variable Documentation
◆ DesiredAccess
◆ ExitStatus
Definition at line 867 of file psfuncs.h.
Referenced by BaseExitThreadPoolThread(), BaseSrvBSMThread(), CdfsChkdsk(), ChkdskEx(), CsrDereferenceNtSession(), DbgkExitProcess(), DbgkExitThread(), Ext2Chkdsk(), NtfsChkdsk(), NtTerminateJobObject(), NtTerminateProcess(), NtTerminateThread(), PspExitThread(), PspTerminateProcess(), PspTerminateThreadByPointer(), PsTerminateProcess(), PsTerminateSystemThread(), RtlpExitThread(), test_query_process_basic(), VfatChkdsk(), and VfatxChkdsk().
◆ HandleAttributes
◆ ThreadInformationClass
| _In_ THREADINFOCLASS ThreadInformationClass |
Definition at line 841 of file psfuncs.h.
Referenced by NtQueryInformationThread(), NtSetInformationThread(), NtUserQueryInformationThread(), and NtUserSetInformationThread().
◆ ThreadInformationLength
| _In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength |
Definition at line 843 of file psfuncs.h.
Referenced by NtQueryInformationThread(), NtSetInformationThread(), NtUserSetInformationThread(), and PspQueryDescriptorThread().
◆ TokenHandle
Definition at line 726 of file psfuncs.h.
Referenced by AdjustTokenGroups(), AdjustTokenPrivileges(), BasepReplaceProcessThreadTokens(), CreateDefaultProcessSecurityCommon(), CreateProcessInternalW(), DuplicateTokenAsEffective(), GetCallerLuid(), GetSiteSidFromToken(), GetTokenInformation(), IntGetCurrentAccessToken(), IsPrivilegeEnabled(), IsTokenRestricted(), LogonUserExW(), LsapIsTrustedClient(), LsapLogonUser(), LsarSetSecurityObject(), MyLogonUser(), NtAdjustGroupsToken(), NtAdjustPrivilegesToken(), NtCreateToken(), NtOpenProcessToken(), NtOpenProcessTokenEx(), NtOpenThreadToken(), NtOpenThreadTokenEx(), NtQueryInformationToken(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), OpenProcessToken(), OpenThreadToken(), PsAssignImpersonationToken(), PspSetPrimaryToken(), RtlAdjustPrivilege(), RtlCreateUserSecurityObject(), RtlDefaultNpAcl(), RtlFormatCurrentUserKeyPath(), RtlpGetImpersonationToken(), RtlpOpenThreadToken(), RtlRemovePrivileges(), SamrSetSecurityObject(), SepCreateToken(), SepOpenThreadToken(), SetThreadToken(), SetTokenInformation(), SHTestTokenMembership(), and START_TEST().
