ReactOS  0.4.15-dev-5446-g3f3714b
Functions | Variables
psfuncs.h File Reference
#include <umtypes.h>
#include <pstypes.h>
Include dependency graph for psfuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadWin32Thread (VOID)
 
NTKERNELAPI PVOID NTAPI PsGetCurrentProcessWin32Process (VOID)
 
NTKERNELAPI PVOID NTAPI PsGetProcessWin32Process (_In_ PEPROCESS Process)
 
NTKERNELAPI NTSTATUS NTAPI PsSetProcessWin32Process (_Inout_ PEPROCESS Process, _In_opt_ PVOID Win32Process, _In_opt_ PVOID OldWin32Process)
 
NTKERNELAPI PVOID NTAPI PsSetThreadWin32Thread (_Inout_ PETHREAD Thread, _In_opt_ PVOID Win32Thread, _In_opt_ PVOID OldWin32Thread)
 
NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread (_In_ PETHREAD Thread)
 
NTKERNELAPI PVOID NTAPI PsGetProcessWin32WindowStation (_In_ PEPROCESS Process)
 
NTKERNELAPI VOID NTAPI PsSetProcessWindowStation (_Inout_ PEPROCESS Process, _In_opt_ PVOID WindowStation)
 
NTKERNELAPI PTEB NTAPI PsGetThreadTeb (_In_ PETHREAD Thread)
 
NTKERNELAPI HANDLE NTAPI PsGetThreadId (_In_ PETHREAD Thread)
 
NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess (_In_ PETHREAD Thread)
 
NTKERNELAPI ULONG NTAPI PsGetThreadFreezeCount (_In_ PETHREAD Thread)
 
NTKERNELAPI BOOLEAN NTAPI PsGetThreadHardErrorsAreDisabled (_In_ PETHREAD Thread)
 
NTKERNELAPI VOID NTAPI PsSetThreadHardErrorsAreDisabled (_Inout_ PETHREAD Thread, _In_ BOOLEAN Disabled)
 
NTKERNELAPI VOID NTAPI PsEstablishWin32Callouts (_In_ PWIN32_CALLOUTS_FPNS CalloutData)
 
NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Returns the non paged quota pool that the process was taking up. More...
 
NTKERNELAPI ULONG NTAPI PsGetCurrentProcessSessionId (VOID)
 
NTKERNELAPI BOOLEAN NTAPI PsIsThreadImpersonating (_In_ PETHREAD Thread)
 
NTKERNELAPI VOID NTAPI PsRevertThreadToSelf (_Inout_ PETHREAD Thread)
 
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread)
 
BOOLEAN NTAPI PsIsProtectedProcess (_In_ PEPROCESS Process)
 
NTKERNELAPI BOOLEAN NTAPI PsIsSystemProcess (_In_ PEPROCESS Process)
 
VOID NTAPI PsSetProcessPriorityByClass (_In_ PEPROCESS Process, _In_ PSPROCESSPRIORITYMODE Type)
 
HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId (_In_ PEPROCESS Process)
 
NTKERNELAPI NTSTATUS NTAPI PsGetProcessExitStatus (_In_ PEPROCESS Process)
 
NTKERNELAPI ULONG NTAPI PsGetProcessSessionId (_In_ PEPROCESS Process)
 
NTKERNELAPI BOOLEAN NTAPI PsGetProcessExitProcessCalled (_In_ PEPROCESS Process)
 
NTKERNELAPI VOID NTAPI PsChargePoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
 Charges the pool quota of a given process. The kind of pool quota to charge is determined by the PoolType parameter. More...
 
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Charges the non paged pool quota of a given process. More...
 
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Charges the paged pool quota of a given process. More...
 
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
 Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter. More...
 
NTKERNELAPI VOID NTAPI PsReturnPoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
 Returns the pool quota that the process was taking up. More...
 
NTKERNELAPI VOID NTAPI PsReturnProcessPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Returns the paged pool quota that the process was taking up. More...
 
NTKERNELAPI PVOID NTAPI PsGetProcessSecurityPort (_In_ PEPROCESS Process)
 
NTKERNELAPI NTSTATUS NTAPI PsSetProcessSecurityPort (_Inout_ PEPROCESS Process, _In_ PVOID SecurityPort)
 
NTKERNELAPI HANDLE NTAPI PsGetCurrentThreadProcessId (VOID)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAlertResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSCALLAPI NTSTATUS NTAPI NtApphelpCacheControl (_In_ APPHELPCACHESERVICECLASS Service, _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAlertThread (_In_ HANDLE ThreadHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAssignProcessToJobObject (_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateJobObject (_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
 
NTSTATUS NTAPI NtCreateJobSet (_In_ ULONG NumJob, _In_ PJOB_SET_ARRAY UserJobSet, _In_ ULONG Flags)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcessEx (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ ULONG Flags, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort, _In_ BOOLEAN InJob)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)
 
FORCEINLINE struct _TEBNtCurrentTeb (VOID)
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateThread (_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
 
NTSYSCALLAPI NTSTATUS NTAPI NtIsProcessInJob (_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PCLIENT_ID ClientId)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 Opens a token that is tied to a thread handle. More...
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 Opens a token that is tied to a thread handle. More...
 
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort (_In_ HANDLE TerminationPort)
 
NTSYSCALLAPI NTSTATUS NTAPI NtResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSCALLAPI NTSTATUS NTAPI NtResumeProcess (_In_ HANDLE ProcessHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_bytecount_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSuspendProcess (_In_ HANDLE ProcessHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSuspendThread (_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)
 
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateProcess (_In_ HANDLE ProcessHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateJobObject (_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwAlertResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSAPI NTSTATUS NTAPI ZwAlertThread (_In_ HANDLE ThreadHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwAssignProcessToJobObject (_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateJobObject (_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)
 
NTSYSAPI NTSTATUS NTAPI ZwImpersonateThread (_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
 
NTSYSAPI NTSTATUS NTAPI ZwIsProcessInJob (_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx(_In_ HANDLE ProcessHandle
 Queries information details about a security descriptor. More...
 
NTSYSAPI NTSTATUS NTAPI ZwOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwRegisterThreadTerminatePort (_In_ HANDLE TerminationPort)
 
NTSYSAPI NTSTATUS NTAPI ZwResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSAPI NTSTATUS NTAPI ZwResumeProcess (_In_ HANDLE ProcessHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_ PVOID JobInformation, _In_ ULONG JobInformationLength)
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
 
_In_ THREADINFOCLASS _In_reads_bytes_ (ThreadInformationLength) PVOID ThreadInformation
 
NTSYSAPI NTSTATUS NTAPI ZwSuspendProcess (_In_ HANDLE ProcessHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwSuspendThread (_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)
 
NTSYSAPI NTSTATUS NTAPI ZwTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwTerminateJobObject (_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)
 

Variables

_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_ ULONG HandleAttributes
 
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
 
_In_ THREADINFOCLASS ThreadInformationClass
 
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
 
_In_ NTSTATUS ExitStatus
 

Function Documentation

◆ _In_reads_bytes_()

_In_ THREADINFOCLASS _In_reads_bytes_ ( ThreadInformationLength  )

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
77  NTSTATUS Status;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
82  return STATUS_INVALID_PARAMETER;
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
88  return STATUS_INVALID_PARAMETER;
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
96  Status = FltObjectReference(Filter);
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
103  Status = ObCreateObject(KernelMode,
104  ServerPortObjectType,
105  ObjectAttributes,
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
118  FltpObjectPointerReference((PFLT_OBJECT)Filter);
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
123  PortObject->DisconnectNotify = DisconnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
131  STANDARD_RIGHTS_ALL | FILE_READ_DATA,
132  0,
133  NULL,
134  (PHANDLE)ServerPort);
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
138  ExAcquireFastMutex(&Filter->ConnectionList.mLock);
139 
140  /* Add the new port object to the connection list and increment the count */
141  InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
142  Filter->ConnectionList.mCount++;
143 
144  /* Unlock the connection list*/
145  ExReleaseFastMutex(&Filter->ConnectionList.mLock);
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
152  FltObjectDereference(Filter);
153  }
154 
155  return Status;
156 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
ServerPort
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::ConnectNotify
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
FltObjectDereference
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_FLT_MUTEX_LIST_HEAD::mCount
ULONG mCount
Definition: fltmgrint.h:57
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
ExReleaseFastMutex
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
FltpObjectPointerReference
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
_FLT_MUTEX_LIST_HEAD::mList
LIST_ENTRY mList
Definition: fltmgrint.h:56
Filter
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
FILE_READ_DATA
#define FILE_READ_DATA
Definition: nt_native.h:628
ObCreateObject
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:951
Status
Status
Definition: gdiplustypes.h:24
_FLT_SERVER_PORT_OBJECT::Cookie
PVOID Cookie
Definition: fltmgrint.h:195
ServerPortObjectType
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
_FLT_OBJECT
Definition: fltmgrint.h:25
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DisconnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::MaxConnections
LONG MaxConnections
Definition: fltmgrint.h:198
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
ConnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT
Definition: fltmgrint.h:188
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
STANDARD_RIGHTS_ALL
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
ExAcquireFastMutex
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
FltObjectReference
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
ServerPortCookie
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::Filter
PFLT_FILTER Filter
Definition: fltmgrint.h:194
NULL
#define NULL
Definition: types.h:112
_FLT_MUTEX_LIST_HEAD::mLock
FAST_MUTEX mLock
Definition: fltmgrint.h:55
_FLT_SERVER_PORT_OBJECT::MessageNotify
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
_FLT_SERVER_PORT_OBJECT::FilterLink
LIST_ENTRY FilterLink
Definition: fltmgrint.h:190
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
MaxConnections
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::DisconnectNotify
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
MessageNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1872
_FLT_FILTER::ConnectionList
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ NtAlertResumeThread()

NTSYSCALLAPI NTSTATUS NTAPI NtAlertResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

◆ NtAlertThread()

NTSYSCALLAPI NTSTATUS NTAPI NtAlertThread ( _In_ HANDLE  ThreadHandle)

◆ NtApphelpCacheControl()

NTSYSCALLAPI NTSTATUS NTAPI NtApphelpCacheControl ( _In_ APPHELPCACHESERVICECLASS  Service,
_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP  ServiceData 
)

Definition at line 728 of file apphelp.c.

731 {
732  NTSTATUS Status = STATUS_INVALID_PARAMETER;
733  UNICODE_STRING ImageName = { 0 };
734  HANDLE Handle = INVALID_HANDLE_VALUE;
735 
736  if (!ApphelpCacheEnabled)
737  {
738  DPRINT1("NtApphelpCacheControl: ApphelpCacheEnabled == 0\n");
739  return Status;
740  }
741  switch (Service)
742  {
743  case ApphelpCacheServiceLookup:
744  DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceLookup )\n");
745  Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
746  if (NT_SUCCESS(Status))
747  Status = ApphelpCacheLookupEntry(&ImageName, Handle);
748  break;
749  case ApphelpCacheServiceRemove:
750  DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceRemove )\n");
751  Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
752  if (NT_SUCCESS(Status))
753  Status = ApphelpCacheRemoveEntry(&ImageName);
754  break;
755  case ApphelpCacheServiceUpdate:
756  DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceUpdate )\n");
757  Status = ApphelpCacheAccessCheck();
758  if (NT_SUCCESS(Status))
759  {
760  Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
761  if (NT_SUCCESS(Status))
762  Status = ApphelpCacheUpdateEntry(&ImageName, Handle);
763  }
764  break;
765  case ApphelpCacheServiceFlush:
766  /* FIXME: Check for admin or system here. */
767  Status = ApphelpCacheFlush();
768  break;
769  case ApphelpCacheServiceDump:
770  Status = ApphelpCacheDump();
771  break;
772  case ApphelpDBGReadRegistry:
773  DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): flushing cache.\n");
774  ApphelpCacheFlush();
775  DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): reading cache.\n");
776  Status = ApphelpCacheRead() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
777  break;
778  case ApphelpDBGWriteRegistry:
779  DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGWriteRegistry ): writing cache.\n");
780  Status = ApphelpCacheWrite() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
781  break;
782  default:
783  DPRINT1("SHIMS: NtApphelpCacheControl( Invalid service requested )\n");
784  break;
785  }
786  if (ImageName.Buffer)
787  {
788  ApphelpFreeUnicodeString(&ImageName);
789  }
790  return Status;
791 }
ApphelpCacheDump
NTSTATUS ApphelpCacheDump(VOID)
Definition: apphelp.c:703
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: apphelp.c:44
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ApphelpCacheUpdateEntry
NTSTATUS ApphelpCacheUpdateEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:616
ApphelpCacheRead
BOOLEAN ApphelpCacheRead(VOID)
Definition: apphelp.c:306
ApphelpFreeUnicodeString
VOID ApphelpFreeUnicodeString(_Inout_ PUNICODE_STRING String)
Definition: apphelp.c:161
ApphelpCacheWrite
BOOLEAN ApphelpCacheWrite(VOID)
Definition: apphelp.c:362
Status
Status
Definition: gdiplustypes.h:24
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
ApphelpCacheAccessCheck
NTSTATUS ApphelpCacheAccessCheck(VOID)
Definition: apphelp.c:602
ApphelpCacheEnabled
static BOOLEAN ApphelpCacheEnabled
Definition: apphelp.c:29
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ImageName
static const char * ImageName
Definition: image.c:34
_UNICODE_STRING
Definition: env_spec_w32.h:368
ApphelpValidateData
NTSTATUS ApphelpValidateData(_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData, _Out_ PUNICODE_STRING ImageName, _Out_ PHANDLE ImageHandle)
Definition: apphelp.c:474
DPRINT1
#define DPRINT1
Definition: precomp.h:8
Handle
_In_ HANDLE Handle
Definition: extypes.h:390
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
DPRINT
#define DPRINT
Definition: sndvol32.h:71
ApphelpCacheRemoveEntry
NTSTATUS ApphelpCacheRemoveEntry(_In_ PUNICODE_STRING ImageName)
Definition: apphelp.c:587
ApphelpCacheFlush
NTSTATUS ApphelpCacheFlush(VOID)
Definition: apphelp.c:688
ApphelpCacheLookupEntry
NTSTATUS ApphelpCacheLookupEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:531

Referenced by BaseDumpAppcompatCache(), BaseFlushAppcompatCache(), and CallApphelp().

◆ NtAssignProcessToJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtAssignProcessToJobObject ( _In_ HANDLE  JobHandle,
_In_ HANDLE  ProcessHandle 
)

◆ NtCreateJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateJobObject ( _Out_ PHANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes 
)

◆ NtCreateJobSet()

NTSTATUS NTAPI NtCreateJobSet ( _In_ ULONG  NumJob,
_In_ PJOB_SET_ARRAY  UserJobSet,
_In_ ULONG  Flags 
)

◆ NtCreateProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcess ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ParentProcess,
_In_ BOOLEAN  InheritObjectTable,
_In_opt_ HANDLE  SectionHandle,
_In_opt_ HANDLE  DebugPort,
_In_opt_ HANDLE  ExceptionPort 
)

◆ NtCreateProcessEx()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcessEx ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ParentProcess,
_In_ ULONG  Flags,
_In_opt_ HANDLE  SectionHandle,
_In_opt_ HANDLE  DebugPort,
_In_opt_ HANDLE  ExceptionPort,
_In_ BOOLEAN  InJob 
)

◆ NtCreateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ProcessHandle,
_Out_ PCLIENT_ID  ClientId,
_In_ PCONTEXT  ThreadContext,
_In_ PINITIAL_TEB  UserStack,
_In_ BOOLEAN  CreateSuspended 
)

◆ NtCurrentTeb()

FORCEINLINE struct _TEB* NtCurrentTeb ( VOID  )

Definition at line 420 of file psfuncs.h.

421 {
422 #if defined(_M_IX86)
423  return (PTEB)__readfsdword(0x18);
424 #elif defined (_M_AMD64)
425  return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self));
426 #elif defined (_M_ARM)
427  return (struct _TEB *)KeGetPcr()->Used_Self;
428 #endif
429 }
KeGetPcr
#define KeGetPcr()
Definition: ke.h:26
__readfsdword
PPC_QUAL unsigned long __readfsdword(const unsigned long Offset)
Definition: intrin_ppc.h:382
_NT_TIB
Definition: compat.h:710
_TEB
Definition: compat.h:835
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255

Referenced by __declspec(), __wine_pop_frame(), __wine_push_frame(), _NtCurrentTeb(), AbortDoc(), actctx_init(), AVrfInitializeVerifier(), AvrfpResolveThunks(), BaseCreateThreadPoolThread(), BaseGetNamedObjectDirectory(), Basep8BitStringToStaticUnicodeString(), BasepComputeProcessPath(), BasepLoadLibraryAsDatafile(), BaseSrvBSMThread(), BaseThreadStartup(), BuildUserModeWindowStationName(), CallMsgFilterA(), CallMsgFilterW(), CallNamedPipeA(), CloseAllProcessHandles(), COM_CurrentInfo(), COM_TlsDestroy(), CompareStringA(), ConvertFiberToThread(), ConvertThreadToFiberEx(), CountHandlers(), CreatePipe(), CreateProcessInternalW(), CreateRemoteThread(), CSR_API(), CsrApiHandleConnectionRequest(), CsrApiRequestThread(), CsrClientCallServer(), CsrConnectToUser(), CsrIdentifyAlertableThread(), CsrInitializeProcessStructure(), CsrValidateMessageBuffer(), DbgkMapViewOfSection(), DbgUiConnectToDbg(), DbgUiContinue(), DbgUiDebugActiveProcess(), DbgUiGetThreadDebugObject(), DbgUiSetThreadDebugObject(), DbgUiStopDebugging(), DbgUiWaitStateChange(), DefineDosDeviceA(), DeleteFiber(), DllMain(), doChild(), ElfChangeNotify(), EndDoc(), EngGetLastError(), EngSetLastError(), ExitThread(), extfmt_default_dbg_vlog(), ExtTextOutW(), FatalAppExitA(), FilenameA2W(), find_entry(), find_entry_language(), find_query_actctx(), FlsAlloc(), FlsGetValue(), FlsSetValue(), GdiAllocBatchCommand(), GdiDeleteBrushOrPen(), GdiDllInitialize(), GdiProcessSetup(), GdiQueryTable(), GdiSetLastError(), get_base_dir(), get_or_create_threaddata(), GetBinaryTypeA(), GetCurrentDirectoryA(), GetCurrentProcessId(), GetCurrentThreadId(), GetLastError(), GetModuleHandleA(), GetTeb(), GetTempFileNameW(), GetThreadLocale(), GetW32ThreadInfo(), GetWindowThreadProcessId(), GuiConsoleInputThread(), hash_basename(), hGetPEBHandle(), Imm32CheckImcProcess(), Imm32CurrentPti(), Imm32IsCrossProcessAccess(), ImmDllInitialize(), InitThreadCallback(), IntAddSynthesizedFormats(), IntEndPage(), InternalAddAtom(), InternalFindAtom(), IntGetCurrentDC(), IntGetCurrentDcData(), IntGetCurrentDispatchTable(), IntGetCurrentICDPrivate(), IntGetCurrentRC(), IntGetImeHotKeyLanguageScore(), IntMakeCurrent(), IntNotifyWinEvent(), IntSetCurrentDispatchTable(), IntSetCurrentICDPrivate(), IntSetThreadDesktop(), IsGUIThread(), IsThreadAFiber(), IsWinEventHookInstalled(), KiRaiseUserExceptionDispatcher(), KiSystemCallHandler(), KiSystemServiceHandler(), LCMapStringA(), ldr_notify_callback1(), ldr_notify_callback_dll_main(), ldr_notify_callback_fail(), LdrLoadDll(), LdrpAllocateTls(), LdrpFreeTls(), LdrpInit(), LdrpInitializeProcess(), LdrpInitializeThread(), LdrpInitSecurityCookie(), LdrpLoadImportModule(), LdrpMakeCookie(), LdrpMapDll(), LdrpRunInitializeRoutines(), LdrpUpdateLoadCount3(), LdrShutdownProcess(), LdrShutdownThread(), LdrUnlockLoaderLock(), load_gl_funcs(), Main(), MyGdiQueryTable(), NlsInit(), NtGdiFlushUserBatch(), NtUserSetWindowsHookAW(), OffsetViewportOrgEx(), OffsetWindowOrgEx(), ok_fls_(), PolyPatBlt(), PostMessageA(), PostMessageW(), PsConvertToGuiThread(), PspUserThreadStartup(), QueryDosDeviceA(), RemoveHandles(), rosfmt_default_dbg_vlog(), RtlAcquirePrivilege(), RtlAcquireResourceExclusive(), RtlAcquireResourceShared(), RtlActivateActivationContext(), RtlActivateActivationContextUnsafeFast(), RtlApplicationVerifierStop(), RtlConvertSharedToExclusive(), RtlCreateActivationContext(), RtlDeactivateActivationContext(), RtlDeactivateActivationContextUnsafeFast(), RtlEnterCriticalSection(), RtlExitUserThread(), RtlFindActivationContextSectionGuid(), RtlFindActivationContextSectionString(), RtlFreeThreadActivationContextStack(), RtlGetActiveActivationContext(), RtlGetCriticalSectionRecursionCount(), RtlGetFrame(), RtlGetLastNtStatus(), RtlGetLastWin32Error(), RtlGetThreadErrorMode(), RtlInitializeCriticalSectionAndSpinCount(), RtlIsActivationContextActive(), RtlIsCriticalSectionLockedByThread(), RtlIsThreadWithinLoaderCallout(), RtlLeaveCriticalSection(), RtlNtStatusToDosError(), RtlpCaptureStackLimits(), RtlpClearInDbgPrint(), RtlpDphProcessStartupInitialization(), RtlpFreeDebugInfo(), RtlPopFrame(), RtlpPageHeapCreate(), RtlpPageHeapDestroy(), RtlpSetInDbgPrint(), RtlPushFrame(), RtlpWaitForCriticalSection(), RtlQueryProcessDebugInformation(), RtlSetLastWin32Error(), RtlSetLastWin32ErrorAndNtStatusFromNtStatus(), RtlSetThreadErrorMode(), RtlTryEnterCriticalSection(), ScControlService(), ScServiceMainStubA(), ScServiceMainStubW(), service_main(), SetConsoleInputExeNameA(), SetGraphicsMode(), SetLastError(), SetMapperFlags(), SetPolyFillMode(), SetROP2(), SetTextCharacterExtra(), SetTextJustification(), SetThreadLocale(), SetThreadStackGuarantee(), SetThreadUILanguage(), SetViewportExtEx(), SetViewportOrgEx(), SetWindowExtEx(), SetWindowOrgEx(), SetWindowsHookA(), SetWindowsHookW(), SockEnterApiFast(), START_TEST(), StartPage(), TerminateThread(), test_CP_ThreadLang(), test_HashLinks(), test_import_resolution(), test_InMemoryOrderModuleList(), test_query_object(), test_RemoveDirectoryA(), test_RemoveDirectoryW(), test_RtlThreadErrorMode(), TestWindowProcess(), TlsAlloc(), TlsGetValue(), TlsSetValue(), UnhandledExceptionFilter(), UpdateColors(), UserDbgAssertThreadInfo(), UserSetLastError(), VdmDispatchBop(), VdmDispatchPageFault(), VdmpGetVdmTib(), Win32kThreadCallback(), wined3d_cs_create(), winefmt_default_dbg_vlog(), and WTSQuerySessionInformationW().

◆ NtImpersonateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateThread ( _In_ HANDLE  ThreadHandle,
_In_ HANDLE  ThreadToImpersonate,
_In_ PSECURITY_QUALITY_OF_SERVICE  SecurityQualityOfService 
)

◆ NtIsProcessInJob()

NTSYSCALLAPI NTSTATUS NTAPI NtIsProcessInJob ( _In_ HANDLE  ProcessHandle,
_In_opt_ HANDLE  JobHandle 
)

◆ NtOpenProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_opt_ PCLIENT_ID  ClientId 
)

◆ NtOpenProcessToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenThread()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ PCLIENT_ID  ClientId 
)

◆ NtOpenThreadToken()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_Out_ PHANDLE  TokenHandle 
)

Opens a token that is tied to a thread handle.

Parameters
[out]ThreadHandleThread handle where the token is about to be opened.
[in]DesiredAccessThe request access right for the token.
[in]OpenAsSelfIf set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead.
[out]TokenHandleThe opened token handle returned to the caller for use.
Returns
See NtOpenThreadTokenEx.

Definition at line 2281 of file token.c.

2286 {
2287  return NtOpenThreadTokenEx(ThreadHandle, DesiredAccess, OpenAsSelf, 0,
2288  TokenHandle);
2289 }
NtOpenThreadTokenEx
NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2079
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
OpenAsSelf
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
Definition: zwfuncs.h:699

◆ NtOpenThreadTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

Opens a token that is tied to a thread handle.

Parameters
[out]ThreadHandleThread handle where the token is about to be opened.
[in]DesiredAccessThe request access right for the token.
[in]OpenAsSelfIf set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead.
[in]HandleAttributesHandle attributes for the opened thread token handle.
[out]TokenHandleThe opened token handle returned to the caller for use.
Returns
Returns STATUS_SUCCESS if the function has successfully opened the thread token. STATUS_CANT_OPEN_ANONYMOUS is returned if a token has SecurityAnonymous as impersonation level and we cannot open it. A failure NTSTATUS code is returned otherwise.

Definition at line 2079 of file token.c.

2085 {
2086  PETHREAD Thread;
2087  HANDLE hToken;
2088  PTOKEN Token, NewToken = NULL, PrimaryToken;
2089  BOOLEAN CopyOnOpen, EffectiveOnly;
2090  SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
2091  SE_IMPERSONATION_STATE ImpersonationState;
2092  OBJECT_ATTRIBUTES ObjectAttributes;
2093  SECURITY_DESCRIPTOR SecurityDescriptor;
2094  PACL Dacl = NULL;
2095  KPROCESSOR_MODE PreviousMode;
2096  NTSTATUS Status;
2097  BOOLEAN RestoreImpersonation = FALSE;
2098 
2099  PAGED_CODE();
2100 
2101  PreviousMode = ExGetPreviousMode();
2102 
2103  if (PreviousMode != KernelMode)
2104  {
2105  _SEH2_TRY
2106  {
2107  ProbeForWriteHandle(TokenHandle);
2108  }
2109  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2110  {
2111  /* Return the exception code */
2112  _SEH2_YIELD(return _SEH2_GetExceptionCode());
2113  }
2114  _SEH2_END;
2115  }
2116 
2117  /* Validate object attributes */
2118  HandleAttributes = ObpValidateAttributes(HandleAttributes, PreviousMode);
2119 
2120  /*
2121  * At first open the thread token for information access and verify
2122  * that the token associated with thread is valid.
2123  */
2124 
2125  Status = ObReferenceObjectByHandle(ThreadHandle, THREAD_QUERY_INFORMATION,
2126  PsThreadType, PreviousMode, (PVOID*)&Thread,
2127  NULL);
2128  if (!NT_SUCCESS(Status))
2129  {
2130  return Status;
2131  }
2132 
2133  Token = PsReferenceImpersonationToken(Thread, &CopyOnOpen, &EffectiveOnly,
2134  &ImpersonationLevel);
2135  if (Token == NULL)
2136  {
2137  ObDereferenceObject(Thread);
2138  return STATUS_NO_TOKEN;
2139  }
2140 
2141  if (ImpersonationLevel == SecurityAnonymous)
2142  {
2143  PsDereferenceImpersonationToken(Token);
2144  ObDereferenceObject(Thread);
2145  return STATUS_CANT_OPEN_ANONYMOUS;
2146  }
2147 
2148  /*
2149  * Revert to self if OpenAsSelf is specified.
2150  */
2151 
2152  if (OpenAsSelf)
2153  {
2154  RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(),
2155  &ImpersonationState);
2156  }
2157 
2158  if (CopyOnOpen)
2159  {
2160  PrimaryToken = PsReferencePrimaryToken(Thread->ThreadsProcess);
2161 
2162  Status = SepCreateImpersonationTokenDacl(Token, PrimaryToken, &Dacl);
2163 
2164  ObFastDereferenceObject(&Thread->ThreadsProcess->Token, PrimaryToken);
2165 
2166  if (NT_SUCCESS(Status))
2167  {
2168  if (Dacl)
2169  {
2170  Status = RtlCreateSecurityDescriptor(&SecurityDescriptor,
2171  SECURITY_DESCRIPTOR_REVISION);
2172  if (!NT_SUCCESS(Status))
2173  {
2174  DPRINT1("NtOpenThreadTokenEx(): Failed to create a security descriptor (Status 0x%lx)\n", Status);
2175  }
2176 
2177  Status = RtlSetDaclSecurityDescriptor(&SecurityDescriptor, TRUE, Dacl,
2178  FALSE);
2179  if (!NT_SUCCESS(Status))
2180  {
2181  DPRINT1("NtOpenThreadTokenEx(): Failed to set a DACL to the security descriptor (Status 0x%lx)\n", Status);
2182  }
2183  }
2184 
2185  InitializeObjectAttributes(&ObjectAttributes, NULL, HandleAttributes,
2186  NULL, Dacl ? &SecurityDescriptor : NULL);
2187 
2188  Status = SepDuplicateToken(Token, &ObjectAttributes, EffectiveOnly,
2189  TokenImpersonation, ImpersonationLevel,
2190  KernelMode, &NewToken);
2191  if (!NT_SUCCESS(Status))
2192  {
2193  DPRINT1("NtOpenThreadTokenEx(): Failed to duplicate the token (Status 0x%lx)\n", Status);
2194  }
2195 
2196  ObReferenceObject(NewToken);
2197  Status = ObInsertObject(NewToken, NULL, DesiredAccess, 0, NULL,
2198  &hToken);
2199  if (!NT_SUCCESS(Status))
2200  {
2201  DPRINT1("NtOpenThreadTokenEx(): Failed to insert the token object (Status 0x%lx)\n", Status);
2202  }
2203  }
2204  else
2205  {
2206  DPRINT1("NtOpenThreadTokenEx(): Failed to impersonate token from DACL (Status 0x%lx)\n", Status);
2207  }
2208  }
2209  else
2210  {
2211  Status = ObOpenObjectByPointer(Token, HandleAttributes,
2212  NULL, DesiredAccess, SeTokenObjectType,
2213  PreviousMode, &hToken);
2214  if (!NT_SUCCESS(Status))
2215  {
2216  DPRINT1("NtOpenThreadTokenEx(): Failed to open the object (Status 0x%lx)\n", Status);
2217  }
2218  }
2219 
2220  if (Dacl) ExFreePoolWithTag(Dacl, TAG_ACL);
2221 
2222  if (RestoreImpersonation)
2223  {
2224  PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState);
2225  }
2226 
2227  ObDereferenceObject(Token);
2228 
2229  if (NT_SUCCESS(Status) && CopyOnOpen)
2230  {
2231  Status = PsImpersonateClient(Thread, NewToken, FALSE, EffectiveOnly, ImpersonationLevel);
2232  if (!NT_SUCCESS(Status))
2233  {
2234  DPRINT1("NtOpenThreadTokenEx(): Failed to impersonate the client (Status 0x%lx)\n", Status);
2235  }
2236  }
2237 
2238  if (NewToken) ObDereferenceObject(NewToken);
2239 
2240  ObDereferenceObject(Thread);
2241 
2242  if (NT_SUCCESS(Status))
2243  {
2244  _SEH2_TRY
2245  {
2246  *TokenHandle = hToken;
2247  }
2248  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2249  {
2250  Status = _SEH2_GetExceptionCode();
2251  }
2252  _SEH2_END;
2253  }
2254 
2255  return Status;
2256 }
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
PsImpersonateClient
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:610
HandleAttributes
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
ImpersonationState
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
Definition: psfuncs.h:189
PsGetCurrentThread
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
TRUE
#define TRUE
Definition: types.h:120
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_ACL
Definition: ms-dtyp.idl:293
STATUS_CANT_OPEN_ANONYMOUS
#define STATUS_CANT_OPEN_ANONYMOUS
Definition: ntstatus.h:402
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
CopyOnOpen
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3062
RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
_SEH2_END
_SEH2_END
Definition: create.c:4400
ObOpenObjectByPointer
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
Definition: obhandle.c:2742
RtlSetDaclSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
FALSE
#define FALSE
Definition: types.h:117
SECURITY_IMPERSONATION_LEVEL
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
PsRestoreImpersonation
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:965
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_ETHREAD
Definition: pstypes.h:1101
PsDisableImpersonation
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:915
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
ImpersonationLevel
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
STATUS_NO_TOKEN
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
PsThreadType
POBJECT_TYPE PsThreadType
Definition: thread.c:20
PsReferencePrimaryToken
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
_SE_IMPERSONATION_STATE
Definition: setypes.h:115
PsReferenceImpersonationToken
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:849
ObpValidateAttributes
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22
TAG_ACL
#define TAG_ACL
Definition: tag.h:151
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
ObFastDereferenceObject
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
ObReferenceObject
#define ObReferenceObject
Definition: obfuncs.h:204
THREAD_QUERY_INFORMATION
#define THREAD_QUERY_INFORMATION
Definition: pstypes.h:149
OpenAsSelf
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
Definition: zwfuncs.h:699
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
_TOKEN
Definition: setypes.h:215
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
SepDuplicateToken
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:471
SepCreateImpersonationTokenDacl
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Allocates a discretionary access control list based on certain properties of a regular and primary ac...
Definition: acl.c:277
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89
PsDereferenceImpersonationToken
VOID NTAPI PsDereferenceImpersonationToken(IN PACCESS_TOKEN ImpersonationToken)
Definition: security.c:888

◆ NtQueryInformationJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_Out_bytecap_(JobInformationLength) PVOID  JobInformation,
_In_ ULONG  JobInformationLength,
_Out_ PULONG  ReturnLength 
)

◆ NtQueryInformationProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_Out_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Definition at line 59 of file query.c.

65 {
66  PEPROCESS Process;
67  KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
68  NTSTATUS Status;
69  ULONG Length = 0;
70  HANDLE DebugPort = 0;
71  PPROCESS_BASIC_INFORMATION ProcessBasicInfo =
72  (PPROCESS_BASIC_INFORMATION)ProcessInformation;
73  PKERNEL_USER_TIMES ProcessTime = (PKERNEL_USER_TIMES)ProcessInformation;
74  ULONG UserTime, KernelTime;
75  PPROCESS_PRIORITY_CLASS PsPriorityClass = (PPROCESS_PRIORITY_CLASS)ProcessInformation;
76  ULONG HandleCount;
77  PPROCESS_SESSION_INFORMATION SessionInfo =
78  (PPROCESS_SESSION_INFORMATION)ProcessInformation;
79  PVM_COUNTERS VmCounters = (PVM_COUNTERS)ProcessInformation;
80  PIO_COUNTERS IoCounters = (PIO_COUNTERS)ProcessInformation;
81  PQUOTA_LIMITS QuotaLimits = (PQUOTA_LIMITS)ProcessInformation;
82  PUNICODE_STRING ImageName;
83  ULONG Cookie, ExecuteOptions = 0;
84  ULONG_PTR Wow64 = 0;
85  PROCESS_VALUES ProcessValues;
86  ULONG Flags;
87  PAGED_CODE();
88 
89  /* Verify Information Class validity */
90  Status = DefaultQueryInfoBufferCheck(ProcessInformationClass,
91  PsProcessInfoClass,
92  RTL_NUMBER_OF(PsProcessInfoClass),
93  ICIF_PROBE_READ,
94  ProcessInformation,
95  ProcessInformationLength,
96  ReturnLength,
97  NULL,
98  PreviousMode);
99  if (!NT_SUCCESS(Status))
100  {
101  DPRINT1("NtQueryInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
102  return Status;
103  }
104 
105  if (((ProcessInformationClass == ProcessCookie) ||
106  (ProcessInformationClass == ProcessImageInformation)) &&
107  (ProcessHandle != NtCurrentProcess()))
108  {
109  /*
110  * Retrieving the process cookie is only allowed for the calling process
111  * itself! XP only allows NtCurrentProcess() as process handles even if
112  * a real handle actually represents the current process.
113  */
114  return STATUS_INVALID_PARAMETER;
115  }
116 
117  /* Check the information class */
118  switch (ProcessInformationClass)
119  {
120  /* Basic process information */
121  case ProcessBasicInformation:
122 
123  if (ProcessInformationLength != sizeof(PROCESS_BASIC_INFORMATION))
124  {
125  Status = STATUS_INFO_LENGTH_MISMATCH;
126  break;
127  }
128 
129  /* Set return length */
130  Length = sizeof(PROCESS_BASIC_INFORMATION);
131 
132  /* Reference the process */
133  Status = ObReferenceObjectByHandle(ProcessHandle,
134  PROCESS_QUERY_INFORMATION,
135  PsProcessType,
136  PreviousMode,
137  (PVOID*)&Process,
138  NULL);
139  if (!NT_SUCCESS(Status)) break;
140 
141  /* Protect writes with SEH */
142  _SEH2_TRY
143  {
144  /* Write all the information from the EPROCESS/KPROCESS */
145  ProcessBasicInfo->ExitStatus = Process->ExitStatus;
146  ProcessBasicInfo->PebBaseAddress = Process->Peb;
147  ProcessBasicInfo->AffinityMask = Process->Pcb.Affinity;
148  ProcessBasicInfo->UniqueProcessId = (ULONG_PTR)Process->
149  UniqueProcessId;
150  ProcessBasicInfo->InheritedFromUniqueProcessId =
151  (ULONG_PTR)Process->InheritedFromUniqueProcessId;
152  ProcessBasicInfo->BasePriority = Process->Pcb.BasePriority;
153 
154  }
155  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
156  {
157  /* Get exception code */
158  Status = _SEH2_GetExceptionCode();
159  }
160  _SEH2_END;
161 
162  /* Dereference the process */
163  ObDereferenceObject(Process);
164  break;
165 
166  /* Process quota limits */
167  case ProcessQuotaLimits:
168 
169  if (ProcessInformationLength != sizeof(QUOTA_LIMITS))
170  {
171  Status = STATUS_INFO_LENGTH_MISMATCH;
172  break;
173  }
174 
175  Length = sizeof(QUOTA_LIMITS);
176 
177  /* Reference the process */
178  Status = ObReferenceObjectByHandle(ProcessHandle,
179  PROCESS_QUERY_INFORMATION,
180  PsProcessType,
181  PreviousMode,
182  (PVOID*)&Process,
183  NULL);
184  if (!NT_SUCCESS(Status)) break;
185 
186  /* Indicate success */
187  Status = STATUS_SUCCESS;
188 
189  _SEH2_TRY
190  {
191  /* Set max/min working set sizes */
192  QuotaLimits->MaximumWorkingSetSize =
193  Process->Vm.MaximumWorkingSetSize << PAGE_SHIFT;
194  QuotaLimits->MinimumWorkingSetSize =
195  Process->Vm.MinimumWorkingSetSize << PAGE_SHIFT;
196 
197  /* Set default time limits */
198  QuotaLimits->TimeLimit.LowPart = MAXULONG;
199  QuotaLimits->TimeLimit.HighPart = MAXULONG;
200 
201  /* Is quota block a default one? */
202  if (Process->QuotaBlock == &PspDefaultQuotaBlock)
203  {
204  /* Set default pools and pagefile limits */
205  QuotaLimits->PagedPoolLimit = (SIZE_T)-1;
206  QuotaLimits->NonPagedPoolLimit = (SIZE_T)-1;
207  QuotaLimits->PagefileLimit = (SIZE_T)-1;
208  }
209  else
210  {
211  /* Get limits from non-default quota block */
212  QuotaLimits->PagedPoolLimit =
213  Process->QuotaBlock->QuotaEntry[PsPagedPool].Limit;
214  QuotaLimits->NonPagedPoolLimit =
215  Process->QuotaBlock->QuotaEntry[PsNonPagedPool].Limit;
216  QuotaLimits->PagefileLimit =
217  Process->QuotaBlock->QuotaEntry[PsPageFile].Limit;
218  }
219  }
220  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
221  {
222  /* Get exception code */
223  Status = _SEH2_GetExceptionCode();
224  }
225  _SEH2_END;
226 
227  /* Dereference the process */
228  ObDereferenceObject(Process);
229  break;
230 
231  case ProcessIoCounters:
232 
233  if (ProcessInformationLength != sizeof(IO_COUNTERS))
234  {
235  Status = STATUS_INFO_LENGTH_MISMATCH;
236  break;
237  }
238 
239  Length = sizeof(IO_COUNTERS);
240 
241  /* Reference the process */
242  Status = ObReferenceObjectByHandle(ProcessHandle,
243  PROCESS_QUERY_INFORMATION,
244  PsProcessType,
245  PreviousMode,
246  (PVOID*)&Process,
247  NULL);
248  if (!NT_SUCCESS(Status)) break;
249 
250  /* Query IO counters from the process */
251  KeQueryValuesProcess(&Process->Pcb, &ProcessValues);
252 
253  _SEH2_TRY
254  {
255  RtlCopyMemory(IoCounters, &ProcessValues.IoInfo, sizeof(IO_COUNTERS));
256  }
257  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
258  {
259  /* Ignore exception */
260  }
261  _SEH2_END;
262 
263  /* Set status to success in any case */
264  Status = STATUS_SUCCESS;
265 
266  /* Dereference the process */
267  ObDereferenceObject(Process);
268  break;
269 
270  /* Timing */
271  case ProcessTimes:
272 
273  /* Set the return length */
274  if (ProcessInformationLength != sizeof(KERNEL_USER_TIMES))
275  {
276  Status = STATUS_INFO_LENGTH_MISMATCH;
277  break;
278  }
279 
280  Length = sizeof(KERNEL_USER_TIMES);
281 
282  /* Reference the process */
283  Status = ObReferenceObjectByHandle(ProcessHandle,
284  PROCESS_QUERY_INFORMATION,
285  PsProcessType,
286  PreviousMode,
287  (PVOID*)&Process,
288  NULL);
289  if (!NT_SUCCESS(Status)) break;
290 
291  /* Protect writes with SEH */
292  _SEH2_TRY
293  {
294  /* Copy time information from EPROCESS/KPROCESS */
295  KernelTime = KeQueryRuntimeProcess(&Process->Pcb, &UserTime);
296  ProcessTime->CreateTime = Process->CreateTime;
297  ProcessTime->UserTime.QuadPart = (LONGLONG)UserTime * KeMaximumIncrement;
298  ProcessTime->KernelTime.QuadPart = (LONGLONG)KernelTime * KeMaximumIncrement;
299  ProcessTime->ExitTime = Process->ExitTime;
300  }
301  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
302  {
303  /* Get exception code */
304  Status = _SEH2_GetExceptionCode();
305  }
306  _SEH2_END;
307 
308  /* Dereference the process */
309  ObDereferenceObject(Process);
310  break;
311 
312  /* Process Debug Port */
313  case ProcessDebugPort:
314 
315  if (ProcessInformationLength != sizeof(HANDLE))
316  {
317  Status = STATUS_INFO_LENGTH_MISMATCH;
318  break;
319  }
320 
321  /* Set return length */
322  Length = sizeof(HANDLE);
323 
324  /* Reference the process */
325  Status = ObReferenceObjectByHandle(ProcessHandle,
326  PROCESS_QUERY_INFORMATION,
327  PsProcessType,
328  PreviousMode,
329  (PVOID*)&Process,
330  NULL);
331  if (!NT_SUCCESS(Status)) break;
332 
333  /* Protect write with SEH */
334  _SEH2_TRY
335  {
336  /* Return whether or not we have a debug port */
337  *(PHANDLE)ProcessInformation = (Process->DebugPort ?
338  (HANDLE)-1 : NULL);
339  }
340  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
341  {
342  /* Get exception code */
343  Status = _SEH2_GetExceptionCode();
344  }
345  _SEH2_END;
346 
347  /* Dereference the process */
348  ObDereferenceObject(Process);
349  break;
350 
351  case ProcessHandleCount:
352 
353  if (ProcessInformationLength != sizeof(ULONG))
354  {
355  Status = STATUS_INFO_LENGTH_MISMATCH;
356  break;
357  }
358 
359  /* Set the return length*/
360  Length = sizeof(ULONG);
361 
362  /* Reference the process */
363  Status = ObReferenceObjectByHandle(ProcessHandle,
364  PROCESS_QUERY_INFORMATION,
365  PsProcessType,
366  PreviousMode,
367  (PVOID*)&Process,
368  NULL);
369  if (!NT_SUCCESS(Status)) break;
370 
371  /* Count the number of handles this process has */
372  HandleCount = ObGetProcessHandleCount(Process);
373 
374  /* Protect write in SEH */
375  _SEH2_TRY
376  {
377  /* Return the count of handles */
378  *(PULONG)ProcessInformation = HandleCount;
379  }
380  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
381  {
382  /* Get the exception code */
383  Status = _SEH2_GetExceptionCode();
384  }
385  _SEH2_END;
386 
387  /* Dereference the process */
388  ObDereferenceObject(Process);
389  break;
390 
391  /* Session ID for the process */
392  case ProcessSessionInformation:
393 
394  if (ProcessInformationLength != sizeof(PROCESS_SESSION_INFORMATION))
395  {
396  Status = STATUS_INFO_LENGTH_MISMATCH;
397  break;
398  }
399 
400  /* Set the return length*/
401  Length = sizeof(PROCESS_SESSION_INFORMATION);
402 
403  /* Reference the process */
404  Status = ObReferenceObjectByHandle(ProcessHandle,
405  PROCESS_QUERY_INFORMATION,
406  PsProcessType,
407  PreviousMode,
408  (PVOID*)&Process,
409  NULL);
410  if (!NT_SUCCESS(Status)) break;
411 
412  /* Enter SEH for write safety */
413  _SEH2_TRY
414  {
415  /* Write back the Session ID */
416  SessionInfo->SessionId = PsGetProcessSessionId(Process);
417  }
418  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
419  {
420  /* Get the exception code */
421  Status = _SEH2_GetExceptionCode();
422  }
423  _SEH2_END;
424 
425  /* Dereference the process */
426  ObDereferenceObject(Process);
427  break;
428 
429  /* Virtual Memory Statistics */
430  case ProcessVmCounters:
431 
432  /* Validate the input length */
433  if ((ProcessInformationLength != sizeof(VM_COUNTERS)) &&
434  (ProcessInformationLength != sizeof(VM_COUNTERS_EX)))
435  {
436  Status = STATUS_INFO_LENGTH_MISMATCH;
437  break;
438  }
439 
440  /* Reference the process */
441  Status = ObReferenceObjectByHandle(ProcessHandle,
442  PROCESS_QUERY_INFORMATION,
443  PsProcessType,
444  PreviousMode,
445  (PVOID*)&Process,
446  NULL);
447  if (!NT_SUCCESS(Status)) break;
448 
449  /* Enter SEH for write safety */
450  _SEH2_TRY
451  {
452  /* Return data from EPROCESS */
453  VmCounters->PeakVirtualSize = Process->PeakVirtualSize;
454  VmCounters->VirtualSize = Process->VirtualSize;
455  VmCounters->PageFaultCount = Process->Vm.PageFaultCount;
456  VmCounters->PeakWorkingSetSize = Process->Vm.PeakWorkingSetSize;
457  VmCounters->WorkingSetSize = Process->Vm.WorkingSetSize;
458  VmCounters->QuotaPeakPagedPoolUsage = Process->QuotaPeak[PsPagedPool];
459  VmCounters->QuotaPagedPoolUsage = Process->QuotaUsage[PsPagedPool];
460  VmCounters->QuotaPeakNonPagedPoolUsage = Process->QuotaPeak[PsNonPagedPool];
461  VmCounters->QuotaNonPagedPoolUsage = Process->QuotaUsage[PsNonPagedPool];
462  VmCounters->PagefileUsage = Process->QuotaUsage[PsPageFile] << PAGE_SHIFT;
463  VmCounters->PeakPagefileUsage = Process->QuotaPeak[PsPageFile] << PAGE_SHIFT;
464  //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
465  //
466 
467  /* Set the return length */
468  Length = ProcessInformationLength;
469  }
470  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
471  {
472  /* Get the exception code */
473  Status = _SEH2_GetExceptionCode();
474  }
475  _SEH2_END;
476 
477  /* Dereference the process */
478  ObDereferenceObject(Process);
479  break;
480 
481  /* Hard Error Processing Mode */
482  case ProcessDefaultHardErrorMode:
483 
484  if (ProcessInformationLength != sizeof(ULONG))
485  {
486  Status = STATUS_INFO_LENGTH_MISMATCH;
487  break;
488  }
489 
490  /* Set the return length*/
491  Length = sizeof(ULONG);
492 
493  /* Reference the process */
494  Status = ObReferenceObjectByHandle(ProcessHandle,
495  PROCESS_QUERY_INFORMATION,
496  PsProcessType,
497  PreviousMode,
498  (PVOID*)&Process,
499  NULL);
500  if (!NT_SUCCESS(Status)) break;
501 
502  /* Enter SEH for writing back data */
503  _SEH2_TRY
504  {
505  /* Write the current processing mode */
506  *(PULONG)ProcessInformation = Process->
507  DefaultHardErrorProcessing;
508  }
509  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
510  {
511  /* Get the exception code */
512  Status = _SEH2_GetExceptionCode();
513  }
514  _SEH2_END;
515 
516  /* Dereference the process */
517  ObDereferenceObject(Process);
518  break;
519 
520  /* Priority Boosting status */
521  case ProcessPriorityBoost:
522 
523  if (ProcessInformationLength != sizeof(ULONG))
524  {
525  Status = STATUS_INFO_LENGTH_MISMATCH;
526  break;
527  }
528 
529  /* Set the return length */
530  Length = sizeof(ULONG);
531 
532  /* Reference the process */
533  Status = ObReferenceObjectByHandle(ProcessHandle,
534  PROCESS_QUERY_INFORMATION,
535  PsProcessType,
536  PreviousMode,
537  (PVOID*)&Process,
538  NULL);
539  if (!NT_SUCCESS(Status)) break;
540 
541  /* Enter SEH for writing back data */
542  _SEH2_TRY
543  {
544  /* Return boost status */
545  *(PULONG)ProcessInformation = Process->Pcb.DisableBoost ?
546  TRUE : FALSE;
547  }
548  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
549  {
550  /* Get the exception code */
551  Status = _SEH2_GetExceptionCode();
552  }
553  _SEH2_END;
554 
555  /* Dereference the process */
556  ObDereferenceObject(Process);
557  break;
558 
559  /* DOS Device Map */
560  case ProcessDeviceMap:
561 
562  if (ProcessInformationLength == sizeof(PROCESS_DEVICEMAP_INFORMATION_EX))
563  {
564  /* Protect read in SEH */
565  _SEH2_TRY
566  {
567  PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
568 
569  Flags = DeviceMapEx->Flags;
570  }
571  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
572  {
573  /* Get the exception code */
574  Status = _SEH2_GetExceptionCode();
575  _SEH2_YIELD(break);
576  }
577  _SEH2_END;
578 
579  /* Only one flag is supported and it needs LUID mappings */
580  if ((Flags & ~PROCESS_LUID_DOSDEVICES_ONLY) != 0 ||
581  !ObIsLUIDDeviceMapsEnabled())
582  {
583  Status = STATUS_INVALID_PARAMETER;
584  break;
585  }
586  }
587  else
588  {
589  /* This has to be the size of the Query union field for x64 compatibility! */
590  if (ProcessInformationLength != RTL_FIELD_SIZE(PROCESS_DEVICEMAP_INFORMATION, Query))
591  {
592  Status = STATUS_INFO_LENGTH_MISMATCH;
593  break;
594  }
595 
596  /* No flags for standard call */
597  Flags = 0;
598  }
599 
600  /* Set the return length */
601  Length = ProcessInformationLength;
602 
603  /* Reference the process */
604  Status = ObReferenceObjectByHandle(ProcessHandle,
605  PROCESS_QUERY_INFORMATION,
606  PsProcessType,
607  PreviousMode,
608  (PVOID*)&Process,
609  NULL);
610  if (!NT_SUCCESS(Status)) break;
611 
612  /* Query the device map information */
613  Status = ObQueryDeviceMapInformation(Process,
614  ProcessInformation,
615  Flags);
616 
617  /* Dereference the process */
618  ObDereferenceObject(Process);
619  break;
620 
621  /* Priority class */
622  case ProcessPriorityClass:
623 
624  if (ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS))
625  {
626  Status = STATUS_INFO_LENGTH_MISMATCH;
627  break;
628  }
629 
630  /* Set the return length*/
631  Length = sizeof(PROCESS_PRIORITY_CLASS);
632 
633  /* Reference the process */
634  Status = ObReferenceObjectByHandle(ProcessHandle,
635  PROCESS_QUERY_INFORMATION,
636  PsProcessType,
637  PreviousMode,
638  (PVOID*)&Process,
639  NULL);
640  if (!NT_SUCCESS(Status)) break;
641 
642  /* Enter SEH for writing back data */
643  _SEH2_TRY
644  {
645  /* Return current priority class */
646  PsPriorityClass->PriorityClass = Process->PriorityClass;
647  PsPriorityClass->Foreground = FALSE;
648  }
649  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
650  {
651  /* Get the exception code */
652  Status = _SEH2_GetExceptionCode();
653  }
654  _SEH2_END;
655 
656  /* Dereference the process */
657  ObDereferenceObject(Process);
658  break;
659 
660  case ProcessImageFileName:
661 
662  /* Reference the process */
663  Status = ObReferenceObjectByHandle(ProcessHandle,
664  PROCESS_QUERY_INFORMATION,
665  PsProcessType,
666  PreviousMode,
667  (PVOID*)&Process,
668  NULL);
669  if (!NT_SUCCESS(Status)) break;
670 
671  /* Get the image path */
672  Status = SeLocateProcessImageName(Process, &ImageName);
673  if (NT_SUCCESS(Status))
674  {
675  /* Set return length */
676  Length = ImageName->MaximumLength +
677  sizeof(OBJECT_NAME_INFORMATION);
678 
679  /* Make sure it's large enough */
680  if (Length <= ProcessInformationLength)
681  {
682  /* Enter SEH to protect write */
683  _SEH2_TRY
684  {
685  /* Copy it */
686  RtlCopyMemory(ProcessInformation,
687  ImageName,
688  Length);
689 
690  /* Update pointer */
691  ((PUNICODE_STRING)ProcessInformation)->Buffer =
692  (PWSTR)((PUNICODE_STRING)ProcessInformation + 1);
693  }
694  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
695  {
696  /* Get the exception code */
697  Status = _SEH2_GetExceptionCode();
698  }
699  _SEH2_END;
700  }
701  else
702  {
703  /* Buffer too small */
704  Status = STATUS_INFO_LENGTH_MISMATCH;
705  }
706 
707  /* Free the image path */
708  ExFreePoolWithTag(ImageName, TAG_SEPA);
709  }
710  /* Dereference the process */
711  ObDereferenceObject(Process);
712  break;
713 
714  case ProcessDebugFlags:
715 
716  if (ProcessInformationLength != sizeof(ULONG))
717  {
718  Status = STATUS_INFO_LENGTH_MISMATCH;
719  break;
720  }
721 
722  /* Set the return length*/
723  Length = sizeof(ULONG);
724 
725  /* Reference the process */
726  Status = ObReferenceObjectByHandle(ProcessHandle,
727  PROCESS_QUERY_INFORMATION,
728  PsProcessType,
729  PreviousMode,
730  (PVOID*)&Process,
731  NULL);
732  if (!NT_SUCCESS(Status)) break;
733 
734  /* Enter SEH for writing back data */
735  _SEH2_TRY
736  {
737  /* Return the debug flag state */
738  *(PULONG)ProcessInformation = Process->NoDebugInherit ? 0 : 1;
739  }
740  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
741  {
742  /* Get the exception code */
743  Status = _SEH2_GetExceptionCode();
744  }
745  _SEH2_END;
746 
747  /* Dereference the process */
748  ObDereferenceObject(Process);
749  break;
750 
751  case ProcessBreakOnTermination:
752 
753  if (ProcessInformationLength != sizeof(ULONG))
754  {
755  Status = STATUS_INFO_LENGTH_MISMATCH;
756  break;
757  }
758 
759  /* Set the return length */
760  Length = sizeof(ULONG);
761 
762  /* Reference the process */
763  Status = ObReferenceObjectByHandle(ProcessHandle,
764  PROCESS_QUERY_INFORMATION,
765  PsProcessType,
766  PreviousMode,
767  (PVOID*)&Process,
768  NULL);
769  if (!NT_SUCCESS(Status)) break;
770 
771  /* Enter SEH for writing back data */
772  _SEH2_TRY
773  {
774  /* Return the BreakOnTermination state */
775  *(PULONG)ProcessInformation = Process->BreakOnTermination;
776  }
777  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
778  {
779  /* Get the exception code */
780  Status = _SEH2_GetExceptionCode();
781  }
782  _SEH2_END;
783 
784  /* Dereference the process */
785  ObDereferenceObject(Process);
786  break;
787 
788  /* Per-process security cookie */
789  case ProcessCookie:
790 
791  if (ProcessInformationLength != sizeof(ULONG))
792  {
793  /* Length size wrong, bail out */
794  Status = STATUS_INFO_LENGTH_MISMATCH;
795  break;
796  }
797 
798  /* Get the current process and cookie */
799  Process = PsGetCurrentProcess();
800  Cookie = Process->Cookie;
801  if (!Cookie)
802  {
803  LARGE_INTEGER SystemTime;
804  ULONG NewCookie;
805  PKPRCB Prcb;
806 
807  /* Generate a new cookie */
808  KeQuerySystemTime(&SystemTime);
809  Prcb = KeGetCurrentPrcb();
810  NewCookie = Prcb->KeSystemCalls ^ Prcb->InterruptTime ^
811  SystemTime.u.LowPart ^ SystemTime.u.HighPart;
812 
813  /* Set the new cookie or return the current one */
814  Cookie = InterlockedCompareExchange((LONG*)&Process->Cookie,
815  NewCookie,
816  Cookie);
817  if (!Cookie) Cookie = NewCookie;
818 
819  /* Set return length */
820  Length = sizeof(ULONG);
821  }
822 
823  /* Indicate success */
824  Status = STATUS_SUCCESS;
825 
826  /* Enter SEH to protect write */
827  _SEH2_TRY
828  {
829  /* Write back the cookie */
830  *(PULONG)ProcessInformation = Cookie;
831  }
832  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
833  {
834  /* Get the exception code */
835  Status = _SEH2_GetExceptionCode();
836  }
837  _SEH2_END;
838  break;
839 
840  case ProcessImageInformation:
841 
842  if (ProcessInformationLength != sizeof(SECTION_IMAGE_INFORMATION))
843  {
844  /* Break out */
845  Status = STATUS_INFO_LENGTH_MISMATCH;
846  break;
847  }
848 
849  /* Set the length required and validate it */
850  Length = sizeof(SECTION_IMAGE_INFORMATION);
851 
852  /* Enter SEH to protect write */
853  _SEH2_TRY
854  {
855  MmGetImageInformation((PSECTION_IMAGE_INFORMATION)ProcessInformation);
856  }
857  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
858  {
859  /* Get the exception code */
860  Status = _SEH2_GetExceptionCode();
861  }
862  _SEH2_END;
863 
864  /* Indicate success */
865  Status = STATUS_SUCCESS;
866  break;
867 
868  case ProcessDebugObjectHandle:
869 
870  if (ProcessInformationLength != sizeof(HANDLE))
871  {
872  Status = STATUS_INFO_LENGTH_MISMATCH;
873  break;
874  }
875 
876  /* Set the return length */
877  Length = sizeof(HANDLE);
878 
879  /* Reference the process */
880  Status = ObReferenceObjectByHandle(ProcessHandle,
881  PROCESS_QUERY_INFORMATION,
882  PsProcessType,
883  PreviousMode,
884  (PVOID*)&Process,
885  NULL);
886  if (!NT_SUCCESS(Status)) break;
887 
888  /* Get the debug port */
889  Status = DbgkOpenProcessDebugPort(Process, PreviousMode, &DebugPort);
890 
891  /* Let go of the process */
892  ObDereferenceObject(Process);
893 
894  /* Protect write in SEH */
895  _SEH2_TRY
896  {
897  /* Return debug port's handle */
898  *(PHANDLE)ProcessInformation = DebugPort;
899  }
900  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
901  {
902  /* Get the exception code */
903  Status = _SEH2_GetExceptionCode();
904  }
905  _SEH2_END;
906  break;
907 
908  case ProcessHandleTracing:
909  DPRINT1("Handle tracing Not implemented: %lx\n", ProcessInformationClass);
910  Status = STATUS_NOT_IMPLEMENTED;
911  break;
912 
913  case ProcessLUIDDeviceMapsEnabled:
914 
915  if (ProcessInformationLength != sizeof(ULONG))
916  {
917  Status = STATUS_INFO_LENGTH_MISMATCH;
918  break;
919  }
920 
921  /* Set the return length */
922  Length = sizeof(ULONG);
923 
924  /* Indicate success */
925  Status = STATUS_SUCCESS;
926 
927  /* Protect write in SEH */
928  _SEH2_TRY
929  {
930  /* Query Ob */
931  *(PULONG)ProcessInformation = ObIsLUIDDeviceMapsEnabled();
932  }
933  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
934  {
935  /* Get the exception code */
936  Status = _SEH2_GetExceptionCode();
937  }
938  _SEH2_END;
939  break;
940 
941  case ProcessWx86Information:
942 
943  if (ProcessInformationLength != sizeof(ULONG))
944  {
945  Status = STATUS_INFO_LENGTH_MISMATCH;
946  break;
947  }
948 
949  /* Set the return length */
950  Length = sizeof(ULONG);
951 
952  /* Reference the process */
953  Status = ObReferenceObjectByHandle(ProcessHandle,
954  PROCESS_QUERY_INFORMATION,
955  PsProcessType,
956  PreviousMode,
957  (PVOID*)&Process,
958  NULL);
959  if (!NT_SUCCESS(Status)) break;
960 
961  /* Protect write in SEH */
962  _SEH2_TRY
963  {
964  /* Return if the flag is set */
965  *(PULONG)ProcessInformation = (ULONG)Process->VdmAllowed;
966  }
967  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
968  {
969  /* Get the exception code */
970  Status = _SEH2_GetExceptionCode();
971  }
972  _SEH2_END;
973 
974  /* Dereference the process */
975  ObDereferenceObject(Process);
976  break;
977 
978  case ProcessWow64Information:
979 
980  if (ProcessInformationLength != sizeof(ULONG_PTR))
981  {
982  Status = STATUS_INFO_LENGTH_MISMATCH;
983  break;
984  }
985 
986  /* Set return length */
987  Length = sizeof(ULONG_PTR);
988 
989  /* Reference the process */
990  Status = ObReferenceObjectByHandle(ProcessHandle,
991  PROCESS_QUERY_INFORMATION,
992  PsProcessType,
993  PreviousMode,
994  (PVOID*)&Process,
995  NULL);
996  if (!NT_SUCCESS(Status)) break;
997 
998  /* Make sure the process isn't dying */
999  if (ExAcquireRundownProtection(&Process->RundownProtect))
1000  {
1001  /* Get the WOW64 process structure */
1002 #ifdef _WIN64
1003  Wow64 = (ULONG_PTR)Process->Wow64Process;
1004 #else
1005  Wow64 = 0;
1006 #endif
1007  /* Release the lock */
1008  ExReleaseRundownProtection(&Process->RundownProtect);
1009  }
1010 
1011  /* Protect write with SEH */
1012  _SEH2_TRY
1013  {
1014  /* Return whether or not we have a debug port */
1015  *(PULONG_PTR)ProcessInformation = Wow64;
1016  }
1017  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1018  {
1019  /* Get exception code */
1020  Status = _SEH2_GetExceptionCode();
1021  }
1022  _SEH2_END;
1023 
1024  /* Dereference the process */
1025  ObDereferenceObject(Process);
1026  break;
1027 
1028  case ProcessExecuteFlags:
1029 
1030  if (ProcessInformationLength != sizeof(ULONG))
1031  {
1032  Status = STATUS_INFO_LENGTH_MISMATCH;
1033  break;
1034  }
1035 
1036  /* Set return length */
1037  Length = sizeof(ULONG);
1038 
1039  if (ProcessHandle != NtCurrentProcess())
1040  {
1041  return STATUS_INVALID_PARAMETER;
1042  }
1043 
1044  /* Get the options */
1045  Status = MmGetExecuteOptions(&ExecuteOptions);
1046  if (NT_SUCCESS(Status))
1047  {
1048  /* Protect write with SEH */
1049  _SEH2_TRY
1050  {
1051  /* Return them */
1052  *(PULONG)ProcessInformation = ExecuteOptions;
1053  }
1054  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1055  {
1056  /* Get exception code */
1057  Status = _SEH2_GetExceptionCode();
1058  }
1059  _SEH2_END;
1060  }
1061  break;
1062 
1063  case ProcessLdtInformation:
1064  DPRINT1("VDM/16-bit not implemented: %lx\n", ProcessInformationClass);
1065  Status = STATUS_NOT_IMPLEMENTED;
1066  break;
1067 
1068  case ProcessWorkingSetWatch:
1069  DPRINT1("WS Watch Not implemented: %lx\n", ProcessInformationClass);
1070  Status = STATUS_NOT_IMPLEMENTED;
1071  break;
1072 
1073  case ProcessPooledUsageAndLimits:
1074  DPRINT1("Pool limits Not implemented: %lx\n", ProcessInformationClass);
1075  Status = STATUS_NOT_IMPLEMENTED;
1076  break;
1077 
1078  /* Not supported by Server 2003 */
1079  default:
1080  DPRINT1("Unsupported info class: %lx\n", ProcessInformationClass);
1081  Status = STATUS_INVALID_INFO_CLASS;
1082  }
1083 
1084  /* Protect write with SEH */
1085  _SEH2_TRY
1086  {
1087  /* Check if caller wanted return length */
1088  if ((ReturnLength) && (Length)) *ReturnLength = Length;
1089  }
1090  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1091  {
1092  /* Get exception code */
1093  Status = _SEH2_GetExceptionCode();
1094  }
1095  _SEH2_END;
1096 
1097  return Status;
1098 }
_QUOTA_LIMITS::TimeLimit
LARGE_INTEGER TimeLimit
Definition: lsa.idl:292
_LARGE_INTEGER::u
struct _LARGE_INTEGER::@2253 u
KeQuerySystemTime
#define KeQuerySystemTime(t)
Definition: env_spec_w32.h:570
_PROCESS_DEVICEMAP_INFORMATION_EX::Flags
ULONG Flags
Definition: pstypes.h:380
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
_PROCESS_BASIC_INFORMATION::ExitStatus
NTSTATUS ExitStatus
Definition: pstypes.h:335
KeMaximumIncrement
ULONG KeMaximumIncrement
Definition: clock.c:20
RTL_FIELD_SIZE
#define RTL_FIELD_SIZE(type, field)
Definition: kdb_expr.c:84
ReturnLength
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
_VM_COUNTERS_::PeakVirtualSize
SIZE_T PeakVirtualSize
Definition: winternl.h:1605
_QUOTA_LIMITS::NonPagedPoolLimit
INT64 NonPagedPoolLimit
Definition: lsa.idl:288
PAGE_SHIFT
#define PAGE_SHIFT
Definition: env_spec_w32.h:45
SeLocateProcessImageName
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
PVM_COUNTERS
struct _VM_COUNTERS_ * PVM_COUNTERS
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
_PROCESS_BASIC_INFORMATION::BasePriority
KPRIORITY BasePriority
Definition: pstypes.h:338
_QUOTA_LIMITS::PagefileLimit
INT64 PagefileLimit
Definition: lsa.idl:291
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
_KPRCB::InterruptTime
ULONG InterruptTime
Definition: ketypes.h:741
_VM_COUNTERS_::PeakPagefileUsage
SIZE_T PeakPagefileUsage
Definition: winternl.h:1615
PROCESS_QUERY_INFORMATION
#define PROCESS_QUERY_INFORMATION
Definition: pstypes.h:166
ObQueryDeviceMapInformation
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
ExReleaseRundownProtection
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
TRUE
#define TRUE
Definition: types.h:120
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
_VM_COUNTERS_::QuotaPagedPoolUsage
SIZE_T QuotaPagedPoolUsage
Definition: winternl.h:1611
_VM_COUNTERS_EX
Definition: pstypes.h:105
KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_KERNEL_USER_TIMES::UserTime
LARGE_INTEGER UserTime
Definition: winternl.h:1063
KeGetCurrentPrcb
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
Definition: ketypes.h:1080
ExAcquireRundownProtection
#define ExAcquireRundownProtection
Definition: ex.h:133
_PROCESS_VALUES
Definition: ke.h:44
_VM_COUNTERS_::PagefileUsage
SIZE_T PagefileUsage
Definition: winternl.h:1614
_VM_COUNTERS_::QuotaPeakPagedPoolUsage
SIZE_T QuotaPeakPagedPoolUsage
Definition: winternl.h:1610
InterlockedCompareExchange
#define InterlockedCompareExchange
Definition: interlocked.h:104
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3062
_EPROCESS
Definition: pstypes.h:1260
_PROCESS_PRIORITY_CLASS::PriorityClass
UCHAR PriorityClass
Definition: pstypes.h:957
_VM_COUNTERS_::VirtualSize
SIZE_T VirtualSize
Definition: winternl.h:1606
_PROCESS_VALUES::IoInfo
IO_COUNTERS IoInfo
Definition: ke.h:48
_SEH2_END
_SEH2_END
Definition: create.c:4400
_KERNEL_USER_TIMES
Definition: winternl.h:1059
_VM_COUNTERS_::QuotaPeakNonPagedPoolUsage
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:1612
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
_KERNEL_USER_TIMES::ExitTime
LARGE_INTEGER ExitTime
Definition: winternl.h:1061
_VM_COUNTERS_::PageFaultCount
ULONG PageFaultCount
Definition: winternl.h:1607
QUOTA_LIMITS
struct _QUOTA_LIMITS QUOTA_LIMITS
_PROCESS_BASIC_INFORMATION::PebBaseAddress
PPEB PebBaseAddress
Definition: winternl.h:404
STATUS_NOT_IMPLEMENTED
return STATUS_NOT_IMPLEMENTED
Definition: fxdriverapium.cpp:241
_PROCESS_DEVICEMAP_INFORMATION
Definition: pstypes.h:358
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
MmGetImageInformation
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1811
FALSE
#define FALSE
Definition: types.h:117
LONG
long LONG
Definition: pedump.c:60
PspDefaultQuotaBlock
EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock
Definition: quota.c:16
_QUOTA_LIMITS::PagedPoolLimit
INT64 PagedPoolLimit
Definition: lsa.idl:287
ObGetProcessHandleCount
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
PQUOTA_LIMITS
struct _QUOTA_LIMITS * PQUOTA_LIMITS
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17
PROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
MmGetExecuteOptions
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2579
_IO_COUNTERS
Definition: pstypes.h:82
OBJECT_NAME_INFORMATION
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
_VM_COUNTERS_::QuotaNonPagedPoolUsage
SIZE_T QuotaNonPagedPoolUsage
Definition: winternl.h:1613
PKERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
_LARGE_INTEGER::HighPart
LONG HighPart
Definition: typedefs.h:107
DbgkOpenProcessDebugPort
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
_PROCESS_BASIC_INFORMATION::InheritedFromUniqueProcessId
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:340
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
UserTime
_Out_ PULONG UserTime
Definition: kefuncs.h:773
_PROCESS_BASIC_INFORMATION
Definition: winternl.h:401
Status
Status
Definition: gdiplustypes.h:24
LONGLONG
int64_t LONGLONG
Definition: typedefs.h:68
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PPROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
KeQueryValuesProcess
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_KERNEL_USER_TIMES::CreateTime
LARGE_INTEGER CreateTime
Definition: winternl.h:1060
Cookie
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
Definition: cmfuncs.h:13
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
HANDLE
PVOID HANDLE
Definition: typedefs.h:73
_KPRCB::KeSystemCalls
ULONG KeSystemCalls
Definition: ketypes.h:652
Query
BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended)
Definition: query.c:292
_QUOTA_LIMITS
Definition: lsa.idl:286
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
SECTION_IMAGE_INFORMATION
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
DefaultQueryInfoBufferCheck
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
PPROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
ImageName
static const char * ImageName
Definition: image.c:34
STATUS_INVALID_INFO_CLASS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
_PROCESS_PRIORITY_CLASS
Definition: pstypes.h:954
PROCESS_LUID_DOSDEVICES_ONLY
#define PROCESS_LUID_DOSDEVICES_ONLY
Definition: pstypes.h:228
_KPRCB
Definition: ketypes.h:560
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
_LARGE_INTEGER::LowPart
ULONG LowPart
Definition: typedefs.h:106
_QUOTA_LIMITS::MinimumWorkingSetSize
INT64 MinimumWorkingSetSize
Definition: lsa.idl:289
MAXULONG
#define MAXULONG
Definition: typedefs.h:251
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
_VM_COUNTERS_::WorkingSetSize
SIZE_T WorkingSetSize
Definition: winternl.h:1609
_UNICODE_STRING
Definition: env_spec_w32.h:368
_PROCESS_BASIC_INFORMATION::UniqueProcessId
ULONG_PTR UniqueProcessId
Definition: winternl.h:406
PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
RTL_NUMBER_OF
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
KeQueryRuntimeProcess
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
PULONG
unsigned int * PULONG
Definition: retypes.h:1
NULL
#define NULL
Definition: types.h:112
_QUOTA_LIMITS::MaximumWorkingSetSize
INT64 MaximumWorkingSetSize
Definition: lsa.idl:290
PUNICODE_STRING
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
IO_COUNTERS
struct _IO_COUNTERS IO_COUNTERS
_LARGE_INTEGER
Definition: typedefs.h:102
DPRINT1
#define DPRINT1
Definition: precomp.h:8
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_SessionInfo
Definition: mmdrv.h:129
ULONG
unsigned int ULONG
Definition: retypes.h:1
PsGetProcessSessionId
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
PULONG_PTR
uint32_t * PULONG_PTR
Definition: typedefs.h:65
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
TAG_SEPA
#define TAG_SEPA
Definition: tag.h:156
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_VM_COUNTERS_::PeakWorkingSetSize
SIZE_T PeakWorkingSetSize
Definition: winternl.h:1608
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
PROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
ProcessHandle
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
_PROCESS_PRIORITY_CLASS::Foreground
BOOLEAN Foreground
Definition: pstypes.h:956
_VM_COUNTERS_
Definition: winternl.h:1604
_SECTION_IMAGE_INFORMATION
Definition: mmtypes.h:336
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
ObIsLUIDDeviceMapsEnabled
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
Definition: devicemap.c:662
_KERNEL_USER_TIMES::KernelTime
LARGE_INTEGER KernelTime
Definition: winternl.h:1062
_PROCESS_SESSION_INFORMATION
Definition: pstypes.h:383
PsProcessType
POBJECT_TYPE PsProcessType
Definition: process.c:20
ICIF_PROBE_READ
#define ICIF_PROBE_READ
Definition: icif.h:25
_PROCESS_BASIC_INFORMATION::AffinityMask
ULONG_PTR AffinityMask
Definition: pstypes.h:337
PsProcessInfoClass
static const INFORMATION_CLASS_INFO PsProcessInfoClass[]
Definition: ps_i.h:15
_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89
PIO_COUNTERS
struct _IO_COUNTERS * PIO_COUNTERS
_PROCESS_DEVICEMAP_INFORMATION_EX
Definition: pstypes.h:370

◆ NtQueryInformationThread()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ THREADINFOCLASS  ThreadInformationClass,
_Out_ PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

◆ NtRegisterThreadTerminatePort()

NTSYSCALLAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort ( _In_ HANDLE  TerminationPort)

◆ NtResumeProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtResumeProcess ( _In_ HANDLE  ProcessHandle)

◆ NtResumeThread()

NTSYSCALLAPI NTSTATUS NTAPI NtResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

◆ NtSetInformationJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_In_bytecount_(JobInformationLength) PVOID  JobInformation,
_In_ ULONG  JobInformationLength 
)

◆ NtSetInformationProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_In_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength 
)

◆ NtSetInformationThread()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ THREADINFOCLASS  ThreadInformationClass,
_In_reads_bytes_(ThreadInformationLength) PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength 
)

◆ NtSuspendProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtSuspendProcess ( _In_ HANDLE  ProcessHandle)

◆ NtSuspendThread()

NTSYSCALLAPI NTSTATUS NTAPI NtSuspendThread ( _In_ HANDLE  ThreadHandle,
_In_ PULONG  PreviousSuspendCount 
)

◆ NtTerminateJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateJobObject ( _In_ HANDLE  JobHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ NtTerminateProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateProcess ( _In_ HANDLE  ProcessHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ NtTerminateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateThread ( _In_ HANDLE  ThreadHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ PsChargePoolQuota()

NTKERNELAPI VOID NTAPI PsChargePoolQuota ( _In_ PEPROCESS  Process,
_In_ POOL_TYPE  PoolType,
_In_ SIZE_T  Amount 
)

Charges the pool quota of a given process. The kind of pool quota to charge is determined by the PoolType parameter.

Parameters
[in]ProcessThe process which quota is to be charged.
[in]PoolTypeThe pool type to choose to charge quotas (e.g. PagedPool or NonPagedPool).
[in]AmountThe amount of quotas to charge into a process.
Returns
Nothing.
Remarks
The function raises an exception if STATUS_QUOTA_EXCEEDED status code is returned. Callers are responsible on their own to handle the raised exception.

Definition at line 775 of file quota.c.

779 {
780  NTSTATUS Status;
781  ASSERT(KeGetCurrentIrql() < DISPATCH_LEVEL);
782 
783  /* Don't do anything for the system process */
784  if (Process == PsInitialSystemProcess) return;
785 
786  /* Charge the usage */
787  Status = PsChargeProcessPoolQuota(Process, PoolType, Amount);
788  if (!NT_SUCCESS(Status)) ExRaiseStatus(Status);
789 }
KeGetCurrentIrql
#define KeGetCurrentIrql()
Definition: env_spec_w32.h:706
Amount
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
Definition: fsrtlfuncs.h:550
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ExRaiseStatus
#define ExRaiseStatus
Definition: ntoskrnl.h:108
PsInitialSystemProcess
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
Status
Status
Definition: gdiplustypes.h:24
ASSERT
#define ASSERT(a)
Definition: mode.c:44
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DISPATCH_LEVEL
#define DISPATCH_LEVEL
Definition: env_spec_w32.h:696
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
PsChargeProcessPoolQuota
NTSTATUS NTAPI PsChargeProcessPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.
Definition: quota.c:872

Referenced by FsRtlCancelNotify(), and FsRtlNotifyFilterReportChange().

◆ PsChargeProcessNonPagedPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Charges the non paged pool quota of a given process.

Parameters
[in]ProcessThe process which non paged quota is to be charged.
[in]AmountThe amount of quotas to charge into a process.
Returns
Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.

Definition at line 811 of file quota.c.

814 {
815  /* Call the general function */
816  return PsChargeProcessPoolQuota(Process, NonPagedPool, Amount);
817 }
Amount
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
Definition: fsrtlfuncs.h:550
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
PsChargeProcessPoolQuota
NTSTATUS NTAPI PsChargeProcessPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.
Definition: quota.c:872

Referenced by MiCreatePebOrTeb(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), and START_TEST().

◆ PsChargeProcessPagedPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Charges the paged pool quota of a given process.

Parameters
[in]ProcessThe process which paged quota is to be charged.
[in]AmountThe amount of quotas to charge into a process.
Returns
Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.

Definition at line 839 of file quota.c.

842 {
843  /* Call the general function */
844  return PsChargeProcessPoolQuota(Process, PagedPool, Amount);
845 }
Amount
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
Definition: fsrtlfuncs.h:550
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
PsChargeProcessPoolQuota
NTSTATUS NTAPI PsChargeProcessPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.
Definition: quota.c:872

Referenced by ExpAllocateHandleTable(), ExpAllocateTablePagedPool(), ExpAllocateTablePagedPoolNoZero(), and START_TEST().

◆ PsChargeProcessPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota ( _In_ PEPROCESS  Process,
_In_ POOL_TYPE  PoolType,
_In_ SIZE_T  Amount 
)

Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.

Parameters
[in]ProcessThe process which quota is to be charged.
[in]PoolTypeThe type of quota pool to charge (e.g. PagedPool or NonPagedPool).
[in]AmountThe amount of quotas to charge into a process.
Returns
Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.

Definition at line 872 of file quota.c.

876 {
877  /* Don't do anything for the system process */
878  if (Process == PsInitialSystemProcess) return STATUS_SUCCESS;
879 
880  return PspChargeProcessQuotaSpecifiedPool(Process,
881  Process->QuotaBlock,
882  (PoolType & PAGED_POOL_MASK),
883  Amount);
884 }
Amount
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
Definition: fsrtlfuncs.h:550
PAGED_POOL_MASK
#define PAGED_POOL_MASK
Definition: mm.h:118
PsInitialSystemProcess
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
PspChargeProcessQuotaSpecifiedPool
NTSTATUS NTAPI PspChargeProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota charging, necessary for export...
Definition: quota.c:195
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by ExAllocatePoolWithQuotaTag(), PsChargePoolQuota(), PsChargeProcessNonPagedPoolQuota(), and PsChargeProcessPagedPoolQuota().

◆ PsEstablishWin32Callouts()

NTKERNELAPI VOID NTAPI PsEstablishWin32Callouts ( _In_ PWIN32_CALLOUTS_FPNS  CalloutData)

◆ PsGetCurrentProcessSessionId()

NTKERNELAPI ULONG NTAPI PsGetCurrentProcessSessionId ( VOID  )

Definition at line 1133 of file process.c.

1134 {
1135  return MmGetSessionId(PsGetCurrentProcess());
1136 }
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17
MmGetSessionId
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
Definition: session.c:179

Referenced by ExpWin32SessionCallout(), IntCreateDesktop(), IntDestroyMenuObject(), NtSetInformationObject(), NtUserSwitchDesktop(), ObpLookupObjectName(), and VideoPortUseDeviceInSession().

◆ PsGetCurrentProcessWin32Process()

NTKERNELAPI PVOID NTAPI PsGetCurrentProcessWin32Process ( VOID  )

Definition at line 1183 of file process.c.

1184 {
1185  return PsGetCurrentProcess()->Win32Process;
1186 }
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17

Referenced by _Function_class_(), CheckWinstaAttributeAccess(), co_IntGraphicsCheck(), co_IntSetParent(), co_IntSetWindowLongPtr(), co_IntUserManualGuiCheck(), co_UserDestroyWindow(), DC_bAllocDcAttr(), DC_vFreeDcAttr(), DecrementCurrentProcessGdiHandleCount(), DesktopHeapAddressToUser(), DesktopHeapGetUserDelta(), GDI_CleanupForProcess(), GetBrushAttrPool(), GetControlColor(), GetFontFamilyInfoForSubstitutes(), GetW32ProcessInfo(), handle_internal_message(), IdlePing(), IdlePong(), IncrementCurrentProcessGdiHandleCount(), IntAllowSetForegroundWindow(), IntGdiAddFontMemResource(), IntGdiCleanupPrivateFontsForProcess(), IntGdiLoadFontsFromMemory(), IntGdiRemoveFontMemResource(), IntGdiSetRegionOwner(), IntGetFontFamilyInfo(), IntLoadHookModule(), IntLoadSystenIcons(), IntLockSetForegroundWindow(), IntMapDesktopView(), IntUnmapDesktopView(), IntWinStaOkToClose(), NtUserCallHwndParam(), NtUserCallOneParam(), NtUserDestroyCursor(), NtUserFindExistingCursorIcon(), NtUserGetComboBoxInfo(), NtUserGetListBoxInfo(), NtUserSetSystemCursor(), NtUserSetWindowFNID(), REGION_bAllocRgnAttr(), REGION_vCleanup(), TextIntRealizeFont(), UserDbgAssertThreadInfo(), UserGetDCEx(), UserGetProcessWindowStation(), UserHeapAddressToUser(), UserSetProcessWindowStation(), UserSystemParametersInfo(), and UserUnregisterUserApiHook().

◆ PsGetCurrentThreadProcessId()

NTKERNELAPI HANDLE NTAPI PsGetCurrentThreadProcessId ( VOID  )

Definition at line 755 of file thread.c.

756 {
757  return PsGetCurrentThread()->Cid.UniqueProcess;
758 }
PsGetCurrentThread
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81

Referenced by intDdCreateDirectDrawLocal().

◆ PsGetCurrentThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadWin32Thread ( VOID  )

Definition at line 805 of file thread.c.

806 {
807  return PsGetCurrentThread()->Tcb.Win32Thread;
808 }
PsGetCurrentThread
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81

Referenced by AllocateUserMessage(), CaretSystemTimerProc(), co_HOOK_CallHooks(), co_IntActivateKeyboardLayout(), co_IntCallHookProc(), co_IntCallSentMessageCallback(), co_IntCallWindowProc(), co_IntClientLoadLibrary(), co_IntClientThreadSetup(), co_IntCreateDefaultImeWindow(), co_IntFixCaret(), co_IntGetPeekMessage(), co_IntLoadDefaultCursors(), co_IntLoadSysMenuTemplate(), co_IntPaintWindows(), co_IntPeekMessage(), co_IntProcessKeyboardMessage(), co_IntProcessMouseMessage(), co_IntSendActivateMessages(), co_IntSendMessageTimeoutSingle(), co_IntSendMessageWithCallBack(), co_IntSetActiveWindow(), co_IntSetCaretPos(), co_IntSetForegroundAndFocusWindow(), co_IntWaitMessage(), co_MsqDispatchOneSentMessage(), co_MsqReplyMessage(), co_MsqSendMessage(), co_MsqSendMessageAsync(), co_UserDestroyWindow(), co_UserHideCaret(), co_UserSetCapture(), co_UserSetFocus(), co_UserShowCaret(), co_WinPosSearchChildren(), co_WinPosSetWindowPos(), co_WinPosShowWindow(), DECREASE_THREAD_LOCK_COUNT(), DefWndDoSizeMove(), DefWndStartSizeMove(), DesktopHeapGetUserDelta(), DesktopThreadMain(), GetW32ThreadInfo(), handle_internal_message(), IdlePing(), INCREASE_THREAD_LOCK_COUNT(), IntAddAtom(), IntCallWndProc(), IntCallWndProcRet(), IntCbAllocateMemory(), IntCbFreeMemory(), IntCreateDesktop(), IntDeactivateWindow(), IntDefWindowProc(), IntDeRegisterShellHookWindow(), IntDesktopOkToClose(), IntDestroyOwnedWindows(), IntDispatchMessage(), IntDrawScrollBar(), IntGetAndReferenceClass(), IntGetAtomName(), IntGetCapture(), IntGetCurrentThreadDesktopWindow(), IntGetImeCompatFlags(), IntGetNextHook(), IntGetQueueStatus(), IntGetThreadDesktopWindow(), IntGetThreadFocusWindow(), IntInitMessagePumpHook(), IntInvalidateWindows(), IntIsClipboardOpenByMe(), IntMsqClearWakeMask(), IntMsqSetWakeMask(), IntNotifyImeShowStatus(), IntNotifyWinEvent(), IntQueryTrackMouseEvent(), IntRegisterShellHookWindow(), IntReleaseCapture(), IntRemoveHook(), IntSendDestroyMsg(), IntSendSyncPaint(), IntSetThreadDesktop(), IntSetTimer(), IntTrackMouseEvent(), IntTrackPopupMenuEx(), IntTranslateKbdMessage(), IntUnhookWindowsHook(), IntUninitMessagePumpHook(), IntUserSetActiveWindow(), MENU_DoNextMenu(), MENU_InitTracking(), MENU_TrackMenu(), MsqGetMessageExtraInfo(), MsqSetMessageExtraInfo(), NtUserBlockInput(), NtUserCallNoParam(), NtUserCallOneParam(), NtUserCallTwoParam(), NtUserCreateAcceleratorTable(), NtUserCreateCaret(), NtUserGetAppImeLevel(), NtUserGetCaretPos(), NtUserGetGUIThreadInfo(), NtUserGetKeyboardLayoutName(), NtUserGetKeyboardState(), NtUserGetKeyNameText(), NtUserGetThreadState(), NtUserLoadKeyboardLayoutEx(), NtUserLockWorkStation(), NtUserMapVirtualKeyEx(), NtUserQueryWindow(), NtUserSendInput(), NtUserSetAppImeLevel(), NtUserSetKeyboardState(), NtUserSetThreadState(), NtUserSetWindowsHookEx(), NtUserSetWinEventHook(), NtUserToUnicodeEx(), NtUserValidateTimerCallback(), NtUserVkKeyScanEx(), NtUserWaitForInputIdle(), PostTimerMessages(), UserCreateInputContext(), UserDbgAssertThreadInfo(), UserDerefObjectCo(), UserDestroyMenu(), UserEnterExclusive(), UserGetActiveWindow(), UserGetCPD(), UserGetKeyboardLayout(), UserGetKeyState(), UserGhostThreadEntry(), UserInitialize(), UserOpenClipboard(), UserOpenInputDesktop(), UserRefObjectCo(), UserRegisterHotKey(), UserRegisterUserApiHook(), UserSendKeyboardInput(), UserSendMouseInput(), UserSetActiveWindow(), UserSetCursor(), UserShowCursor(), and UserUnregisterUserApiHook().

◆ PsGetProcessExitProcessCalled()

NTKERNELAPI BOOLEAN NTAPI PsGetProcessExitProcessCalled ( _In_ PEPROCESS  Process)

◆ PsGetProcessExitStatus()

NTKERNELAPI NTSTATUS NTAPI PsGetProcessExitStatus ( _In_ PEPROCESS  Process)

◆ PsGetProcessInheritedFromUniqueProcessId()

HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId ( _In_ PEPROCESS  Process)

◆ PsGetProcessSecurityPort()

NTKERNELAPI PVOID NTAPI PsGetProcessSecurityPort ( _In_ PEPROCESS  Process)

◆ PsGetProcessSessionId()

NTKERNELAPI ULONG NTAPI PsGetProcessSessionId ( _In_ PEPROCESS  Process)

◆ PsGetProcessWin32Process()

NTKERNELAPI PVOID NTAPI PsGetProcessWin32Process ( _In_ PEPROCESS  Process)

◆ PsGetProcessWin32WindowStation()

NTKERNELAPI PVOID NTAPI PsGetProcessWin32WindowStation ( _In_ PEPROCESS  Process)

◆ PsGetThreadFreezeCount()

NTKERNELAPI ULONG NTAPI PsGetThreadFreezeCount ( _In_ PETHREAD  Thread)

◆ PsGetThreadHardErrorsAreDisabled()

NTKERNELAPI BOOLEAN NTAPI PsGetThreadHardErrorsAreDisabled ( _In_ PETHREAD  Thread)

◆ PsGetThreadId()

NTKERNELAPI HANDLE NTAPI PsGetThreadId ( _In_ PETHREAD  Thread)

◆ PsGetThreadProcess()

NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess ( _In_ PETHREAD  Thread)

◆ PsGetThreadTeb()

NTKERNELAPI PTEB NTAPI PsGetThreadTeb ( _In_ PETHREAD  Thread)

◆ PsGetThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread ( _In_ PETHREAD  Thread)

◆ PsIsProtectedProcess()

BOOLEAN NTAPI PsIsProtectedProcess ( _In_ PEPROCESS  Process)

◆ PsIsSystemProcess()

NTKERNELAPI BOOLEAN NTAPI PsIsSystemProcess ( _In_ PEPROCESS  Process)

◆ PsIsThreadImpersonating()

NTKERNELAPI BOOLEAN NTAPI PsIsThreadImpersonating ( _In_ PETHREAD  Thread)

◆ PsLookupProcessThreadByCid()

NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid ( _In_ PCLIENT_ID  Cid,
_Out_opt_ PEPROCESS Process,
_Out_ PETHREAD Thread 
)

◆ PsReturnPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnPoolQuota ( _In_ PEPROCESS  Process,
_In_ POOL_TYPE  PoolType,
_In_ SIZE_T  Amount 
)

Returns the pool quota that the process was taking up.

Parameters
[in]ProcessThe process which quota is to be returned.
[in]PoolTypeThe type of quota pool to return (e.g. PagedPool or NonPagedPool).
[in]AmountThe amount of quotas to return from a process.
Returns
Nothing.

Definition at line 907 of file quota.c.

911 {
912  /* Don't do anything for the system process */
913  if (Process == PsInitialSystemProcess) return;
914 
915  PspReturnProcessQuotaSpecifiedPool(Process,
916  Process->QuotaBlock,
917  (PoolType & PAGED_POOL_MASK),
918  Amount);
919 }
Amount
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
Definition: fsrtlfuncs.h:550
PAGED_POOL_MASK
#define PAGED_POOL_MASK
Definition: mm.h:118
PsInitialSystemProcess
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
PspReturnProcessQuotaSpecifiedPool
VOID NTAPI PspReturnProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota returning. It returns (takes a...
Definition: quota.c:345
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810

Referenced by ExFreePoolWithTag(), ExReturnPoolQuota(), PsReturnProcessNonPagedPoolQuota(), and PsReturnProcessPagedPoolQuota().

◆ PsReturnProcessNonPagedPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Returns the non paged quota pool that the process was taking up.

Parameters
[in]ProcessThe process which non paged quota is to be returned.
[in]AmountThe amount of quotas to return from a process.
Returns
Nothing.

Definition at line 938 of file quota.c.

941 {
942  /* Don't do anything for the system process */
943  if (Process == PsInitialSystemProcess) return;
944 
945  PsReturnPoolQuota(Process, NonPagedPool, Amount);
946 }
Amount
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
Definition: fsrtlfuncs.h:550
PsReturnPoolQuota
VOID NTAPI PsReturnPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Returns the pool quota that the process was taking up.
Definition: quota.c:907
PsInitialSystemProcess
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219

Referenced by MiCreatePebOrTeb(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), MiUnmapLockedPagesInUserSpace(), MiUnmapViewOfSection(), MmCleanProcessAddressSpace(), MmDeleteTeb(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), PspDeleteProcess(), and START_TEST().

◆ PsReturnProcessPagedPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnProcessPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Returns the paged pool quota that the process was taking up.

Parameters
[in]ProcessThe process which paged pool quota is to be returned.
[in]AmountThe amount of quotas to return from a process.
Returns
Nothing.

Definition at line 965 of file quota.c.

968 {
969  /* Don't do anything for the system process */
970  if (Process == PsInitialSystemProcess) return;
971 
972  PsReturnPoolQuota(Process, PagedPool, Amount);
973 }
Amount
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
Definition: fsrtlfuncs.h:550
PsReturnPoolQuota
VOID NTAPI PsReturnPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Returns the pool quota that the process was taking up.
Definition: quota.c:907
PsInitialSystemProcess
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219

Referenced by ExpAllocateHandleTable(), ExpFreeHandleTable(), ExpFreeTablePagedPool(), FsRtlCancelNotify(), FsRtlNotifyCleanup(), FsRtlNotifyCompleteIrp(), FsRtlNotifyFilterReportChange(), and START_TEST().

◆ PsRevertThreadToSelf()

NTKERNELAPI VOID NTAPI PsRevertThreadToSelf ( _Inout_ PETHREAD  Thread)

◆ PsSetProcessPriorityByClass()

VOID NTAPI PsSetProcessPriorityByClass ( _In_ PEPROCESS  Process,
_In_ PSPROCESSPRIORITYMODE  Type 
)

◆ PsSetProcessSecurityPort()

NTKERNELAPI NTSTATUS NTAPI PsSetProcessSecurityPort ( _Inout_ PEPROCESS  Process,
_In_ PVOID  SecurityPort 
)

◆ PsSetProcessWin32Process()

NTKERNELAPI NTSTATUS NTAPI PsSetProcessWin32Process ( _Inout_ PEPROCESS  Process,
_In_opt_ PVOID  Win32Process,
_In_opt_ PVOID  OldWin32Process 
)

Definition at line 1257 of file process.c.

1261 {
1262  NTSTATUS Status;
1263 
1264  /* Assume success */
1265  Status = STATUS_SUCCESS;
1266 
1267  /* Lock the process */
1268  KeEnterCriticalRegion();
1269  ExAcquirePushLockExclusive(&Process->ProcessLock);
1270 
1271  /* Check if we set a new win32 process */
1272  if (Win32Process != NULL)
1273  {
1274  /* Check if the process is in the right state */
1275  if (((Process->Flags & PSF_PROCESS_DELETE_BIT) == 0) &&
1276  (Process->Win32Process == NULL))
1277  {
1278  /* Set the new win32 process */
1279  Process->Win32Process = Win32Process;
1280  }
1281  else
1282  {
1283  /* Otherwise fail */
1284  Status = STATUS_PROCESS_IS_TERMINATING;
1285  }
1286  }
1287  else
1288  {
1289  /* Reset the win32 process, did the caller specify the correct old value? */
1290  if (Process->Win32Process == OldWin32Process)
1291  {
1292  /* Yes, so reset the win32 process to NULL */
1293  Process->Win32Process = NULL;
1294  }
1295  else
1296  {
1297  /* Otherwise fail */
1298  Status = STATUS_UNSUCCESSFUL;
1299  }
1300  }
1301 
1302  /* Unlock the process */
1303  ExReleasePushLockExclusive(&Process->ProcessLock);
1304  KeLeaveCriticalRegion();
1305 
1306  return Status;
1307 }
ExAcquirePushLockExclusive
FORCEINLINE VOID ExAcquirePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1034
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ExReleasePushLockExclusive
FORCEINLINE VOID ExReleasePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1250
Status
Status
Definition: gdiplustypes.h:24
STATUS_PROCESS_IS_TERMINATING
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:502
PSF_PROCESS_DELETE_BIT
#define PSF_PROCESS_DELETE_BIT
Definition: pstypes.h:276
STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
KeEnterCriticalRegion
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
KeLeaveCriticalRegion
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
NULL
#define NULL
Definition: types.h:112
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by AllocW32Process(), and ExitProcessCallback().

◆ PsSetProcessWindowStation()

NTKERNELAPI VOID NTAPI PsSetProcessWindowStation ( _Inout_ PEPROCESS  Process,
_In_opt_ PVOID  WindowStation 
)

◆ PsSetThreadHardErrorsAreDisabled()

NTKERNELAPI VOID NTAPI PsSetThreadHardErrorsAreDisabled ( _Inout_ PETHREAD  Thread,
_In_ BOOLEAN  Disabled 
)

◆ PsSetThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsSetThreadWin32Thread ( _Inout_ PETHREAD  Thread,
_In_opt_ PVOID  Win32Thread,
_In_opt_ PVOID  OldWin32Thread 
)

◆ ZwAlertResumeThread()

NTSYSAPI NTSTATUS NTAPI ZwAlertResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

◆ ZwAlertThread()

NTSYSAPI NTSTATUS NTAPI ZwAlertThread ( _In_ HANDLE  ThreadHandle)

◆ ZwAssignProcessToJobObject()

NTSYSAPI NTSTATUS NTAPI ZwAssignProcessToJobObject ( _In_ HANDLE  JobHandle,
_In_ HANDLE  ProcessHandle 
)

◆ ZwCreateJobObject()

NTSYSAPI NTSTATUS NTAPI ZwCreateJobObject ( _Out_ PHANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes 
)

◆ ZwCreateProcess()

NTSYSAPI NTSTATUS NTAPI ZwCreateProcess ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ParentProcess,
_In_ BOOLEAN  InheritObjectTable,
_In_opt_ HANDLE  SectionHandle,
_In_opt_ HANDLE  DebugPort,
_In_opt_ HANDLE  ExceptionPort 
)

Referenced by RtlCreateUserProcess().

◆ ZwCreateThread()

NTSYSAPI NTSTATUS NTAPI ZwCreateThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ProcessHandle,
_Out_ PCLIENT_ID  ClientId,
_In_ PCONTEXT  ThreadContext,
_In_ PINITIAL_TEB  UserStack,
_In_ BOOLEAN  CreateSuspended 
)

Referenced by RtlCreateUserThread().

◆ ZwImpersonateThread()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateThread ( _In_ HANDLE  ThreadHandle,
_In_ HANDLE  ThreadToImpersonate,
_In_ PSECURITY_QUALITY_OF_SERVICE  SecurityQualityOfService 
)

◆ ZwIsProcessInJob()

NTSYSAPI NTSTATUS NTAPI ZwIsProcessInJob ( _In_ HANDLE  ProcessHandle,
_In_opt_ HANDLE  JobHandle 
)

◆ ZwOpenThread()

NTSYSAPI NTSTATUS NTAPI ZwOpenThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ PCLIENT_ID  ClientId 
)

◆ ZwOpenThreadToken()

NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_Out_ PHANDLE  TokenHandle 
)

Referenced by IntGetCurrentAccessToken(), RtlAdjustPrivilege(), and RtlpOpenThreadToken().

◆ ZwOpenThreadTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

Referenced by RtlFormatCurrentUserKeyPath().

◆ ZwQueryInformationJobObject()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_Out_bytecap_(JobInformationLength) PVOID  JobInformation,
_In_ ULONG  JobInformationLength,
_Out_ PULONG  ReturnLength 
)

◆ ZwQueryInformationProcess()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_Out_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Referenced by lie_about_fs_type(), RtlCreateUserProcess(), RtlEncodePointer(), RtlSetProcessIsCritical(), and START_TEST().

◆ ZwQueryInformationThread()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ THREADINFOCLASS  ThreadInformationClass,
_Out_ PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Referenced by RtlSetThreadIsCritical().

◆ ZwRegisterThreadTerminatePort()

NTSYSAPI NTSTATUS NTAPI ZwRegisterThreadTerminatePort ( _In_ HANDLE  TerminationPort)

◆ ZwResumeProcess()

NTSYSAPI NTSTATUS NTAPI ZwResumeProcess ( _In_ HANDLE  ProcessHandle)

◆ ZwResumeThread()

NTSYSAPI NTSTATUS NTAPI ZwResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

Referenced by ExpLoadInitialProcess().

◆ ZwSetInformationJobObject()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_In_ PVOID  JobInformation,
_In_ ULONG  JobInformationLength 
)

◆ ZwSetInformationProcess()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_In_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength 
)

Referenced by RtlSetProcessIsCritical().

◆ ZwSuspendProcess()

NTSYSAPI NTSTATUS NTAPI ZwSuspendProcess ( _In_ HANDLE  ProcessHandle)

◆ ZwSuspendThread()

NTSYSAPI NTSTATUS NTAPI ZwSuspendThread ( _In_ HANDLE  ThreadHandle,
_In_ PULONG  PreviousSuspendCount 
)

◆ ZwTerminateJobObject()

NTSYSAPI NTSTATUS NTAPI ZwTerminateJobObject ( _In_ HANDLE  JobHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ ZwTerminateThread()

NTSYSAPI NTSTATUS NTAPI ZwTerminateThread ( _In_ HANDLE  ThreadHandle,
_In_ NTSTATUS  ExitStatus 
)

Referenced by RtlAssert().

Variable Documentation

◆ DesiredAccess

_In_ ACCESS_MASK DesiredAccess

Definition at line 715 of file psfuncs.h.

◆ ExitStatus

_In_ NTSTATUS ExitStatus

Definition at line 859 of file psfuncs.h.

Referenced by BaseExitThreadPoolThread(), BaseSrvBSMThread(), CdfsChkdsk(), ChkdskEx(), CsrDereferenceNtSession(), DbgkExitProcess(), DbgkExitThread(), Ext2Chkdsk(), NtfsChkdsk(), NtTerminateJobObject(), NtTerminateProcess(), NtTerminateThread(), PspExitThread(), PspTerminateProcess(), PspTerminateThreadByPointer(), PsTerminateProcess(), PsTerminateSystemThread(), RtlpExitThread(), test_query_process_basic(), VfatChkdsk(), and VfatxChkdsk().

◆ HandleAttributes

_In_ ACCESS_MASK _In_ ULONG HandleAttributes

Definition at line 715 of file psfuncs.h.

◆ ThreadInformationClass

_In_ THREADINFOCLASS ThreadInformationClass

Definition at line 832 of file psfuncs.h.

Referenced by NtQueryInformationThread(), NtSetInformationThread(), NtUserQueryInformationThread(), and NtUserSetInformationThread().

◆ ThreadInformationLength

_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength

Definition at line 835 of file psfuncs.h.

Referenced by NtQueryInformationThread(), NtSetInformationThread(), NtUserSetInformationThread(), and PspQueryDescriptorThread().

◆ TokenHandle

_In_ ACCESS_MASK _In_ BOOLEAN _In_ ULONG _Out_ PHANDLE TokenHandle

Definition at line 715 of file psfuncs.h.

Referenced by AdjustTokenGroups(), AdjustTokenPrivileges(), BasepReplaceProcessThreadTokens(), CreateDefaultProcessSecurityCommon(), CreateProcessInternalW(), DuplicateTokenAsEffective(), GetCallerLuid(), GetSiteSidFromToken(), GetTokenInformation(), IntGetCurrentAccessToken(), IsPrivilegeEnabled(), IsTokenRestricted(), LogonUserExW(), LsapIsTrustedClient(), LsapLogonUser(), LsarSetSecurityObject(), MyLogonUser(), NtAccessCheck(), NtAdjustGroupsToken(), NtAdjustPrivilegesToken(), NtCreateToken(), NtOpenProcessToken(), NtOpenProcessTokenEx(), NtOpenThreadToken(), NtOpenThreadTokenEx(), NtQueryInformationToken(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), OpenProcessToken(), OpenThreadToken(), PsAssignImpersonationToken(), PspSetPrimaryToken(), RtlAdjustPrivilege(), RtlCreateUserSecurityObject(), RtlDefaultNpAcl(), RtlFormatCurrentUserKeyPath(), RtlpGetImpersonationToken(), RtlpOpenThreadToken(), RtlRemovePrivileges(), SamrSetSecurityObject(), SepCreateToken(), SetThreadToken(), SetTokenInformation(), SHTestTokenMembership(), and START_TEST().