ReactOS 0.4.15-dev-7788-g1ad9096
psfuncs.h File Reference
#include <umtypes.h>
#include <pstypes.h>
Include dependency graph for psfuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadWin32Thread (VOID)
 
NTKERNELAPI PVOID NTAPI PsGetCurrentProcessWin32Process (VOID)
 
NTKERNELAPI PVOID NTAPI PsGetProcessWin32Process (_In_ PEPROCESS Process)
 
NTKERNELAPI NTSTATUS NTAPI PsSetProcessWin32Process (_Inout_ PEPROCESS Process, _In_opt_ PVOID Win32Process, _In_opt_ PVOID OldWin32Process)
 
NTKERNELAPI PVOID NTAPI PsSetThreadWin32Thread (_Inout_ PETHREAD Thread, _In_opt_ PVOID Win32Thread, _In_opt_ PVOID OldWin32Thread)
 
NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread (_In_ PETHREAD Thread)
 
NTKERNELAPI PVOID NTAPI PsGetProcessWin32WindowStation (_In_ PEPROCESS Process)
 
NTKERNELAPI VOID NTAPI PsSetProcessWindowStation (_Inout_ PEPROCESS Process, _In_opt_ PVOID WindowStation)
 
NTKERNELAPI PTEB NTAPI PsGetThreadTeb (_In_ PETHREAD Thread)
 
NTKERNELAPI HANDLE NTAPI PsGetThreadId (_In_ PETHREAD Thread)
 
NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess (_In_ PETHREAD Thread)
 
NTKERNELAPI ULONG NTAPI PsGetThreadFreezeCount (_In_ PETHREAD Thread)
 
NTKERNELAPI BOOLEAN NTAPI PsGetThreadHardErrorsAreDisabled (_In_ PETHREAD Thread)
 
NTKERNELAPI VOID NTAPI PsSetThreadHardErrorsAreDisabled (_Inout_ PETHREAD Thread, _In_ BOOLEAN Disabled)
 
NTKERNELAPI VOID NTAPI PsEstablishWin32Callouts (_In_ PWIN32_CALLOUTS_FPNS CalloutData)
 
NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Returns the non paged quota pool that the process was taking up.
 
NTKERNELAPI ULONG NTAPI PsGetCurrentProcessSessionId (VOID)
 
NTKERNELAPI BOOLEAN NTAPI PsIsThreadImpersonating (_In_ PETHREAD Thread)
 
NTKERNELAPI VOID NTAPI PsRevertThreadToSelf (_Inout_ PETHREAD Thread)
 
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread)
 
BOOLEAN NTAPI PsIsProtectedProcess (_In_ PEPROCESS Process)
 
NTKERNELAPI BOOLEAN NTAPI PsIsSystemProcess (_In_ PEPROCESS Process)
 
VOID NTAPI PsSetProcessPriorityByClass (_In_ PEPROCESS Process, _In_ PSPROCESSPRIORITYMODE Type)
 
HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId (_In_ PEPROCESS Process)
 
NTKERNELAPI NTSTATUS NTAPI PsGetProcessExitStatus (_In_ PEPROCESS Process)
 
NTKERNELAPI ULONG NTAPI PsGetProcessSessionId (_In_ PEPROCESS Process)
 
NTKERNELAPI BOOLEAN NTAPI PsGetProcessExitProcessCalled (_In_ PEPROCESS Process)
 
NTKERNELAPI VOID NTAPI PsChargePoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
 Charges the pool quota of a given process. The kind of pool quota to charge is determined by the PoolType parameter.
 
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Charges the non paged pool quota of a given process.
 
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Charges the paged pool quota of a given process.
 
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
 Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.
 
NTKERNELAPI VOID NTAPI PsReturnPoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
 Returns the pool quota that the process was taking up.
 
NTKERNELAPI VOID NTAPI PsReturnProcessPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Returns the paged pool quota that the process was taking up.
 
NTKERNELAPI PVOID NTAPI PsGetProcessSecurityPort (_In_ PEPROCESS Process)
 
NTKERNELAPI NTSTATUS NTAPI PsSetProcessSecurityPort (_Inout_ PEPROCESS Process, _In_ PVOID SecurityPort)
 
NTKERNELAPI HANDLE NTAPI PsGetCurrentThreadProcessId (VOID)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAlertResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSCALLAPI NTSTATUS NTAPI NtApphelpCacheControl (_In_ APPHELPCACHESERVICECLASS Service, _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAlertThread (_In_ HANDLE ThreadHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAssignProcessToJobObject (_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateJobObject (_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
 
NTSTATUS NTAPI NtCreateJobSet (_In_ ULONG NumJob, _In_ PJOB_SET_ARRAY UserJobSet, _In_ ULONG Flags)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcessEx (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ ULONG Flags, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort, _In_ BOOLEAN InJob)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)
 
FORCEINLINE struct _TEBNtCurrentTeb (VOID)
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateThread (_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
 
NTSYSCALLAPI NTSTATUS NTAPI NtIsProcessInJob (_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PCLIENT_ID ClientId)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 Opens a token that is tied to a thread handle.
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 Opens a token that is tied to a thread handle.
 
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort (_In_ HANDLE TerminationPort)
 
NTSYSCALLAPI NTSTATUS NTAPI NtResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSCALLAPI NTSTATUS NTAPI NtResumeProcess (_In_ HANDLE ProcessHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_bytecount_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSuspendProcess (_In_ HANDLE ProcessHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSuspendThread (_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)
 
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateProcess (_In_ HANDLE ProcessHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateJobObject (_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwAlertResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSAPI NTSTATUS NTAPI ZwAlertThread (_In_ HANDLE ThreadHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwAssignProcessToJobObject (_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateJobObject (_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)
 
NTSYSAPI NTSTATUS NTAPI ZwImpersonateThread (_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
 
NTSYSAPI NTSTATUS NTAPI ZwIsProcessInJob (_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx(_In_ HANDLE ProcessHandle
 Queries information details about a security descriptor.
 
NTSYSAPI NTSTATUS NTAPI ZwOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwRegisterThreadTerminatePort (_In_ HANDLE TerminationPort)
 
NTSYSAPI NTSTATUS NTAPI ZwResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSAPI NTSTATUS NTAPI ZwResumeProcess (_In_ HANDLE ProcessHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_ PVOID JobInformation, _In_ ULONG JobInformationLength)
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
 
_In_ THREADINFOCLASS _In_reads_bytes_ (ThreadInformationLength) PVOID ThreadInformation
 
NTSYSAPI NTSTATUS NTAPI ZwSuspendProcess (_In_ HANDLE ProcessHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwSuspendThread (_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)
 
NTSYSAPI NTSTATUS NTAPI ZwTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwTerminateJobObject (_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)
 

Variables

_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_ ULONG HandleAttributes
 
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
 
_In_ THREADINFOCLASS ThreadInformationClass
 
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
 
_In_ NTSTATUS ExitStatus
 

Function Documentation

◆ _In_reads_bytes_()

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 923 of file Messaging.c.

75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
78
79 /* The caller must allow at least one connection */
80 if (MaxConnections == 0)
81 {
83 }
84
85 /* The request must be for a kernel handle */
86 if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87 {
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
97 if (!NT_SUCCESS(Status))
98 {
99 return Status;
100 }
101
102 /* Create the server port object for this filter */
107 NULL,
109 0,
110 0,
111 (PVOID *)&PortObject);
112 if (NT_SUCCESS(Status))
113 {
114 /* Zero out the struct */
115 RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116
117 /* Increment the ref count on the target filter */
119
120 /* Setup the filter port object */
121 PortObject->Filter = Filter;
125 PortObject->Cookie = ServerPortCookie;
126 PortObject->MaxConnections = MaxConnections;
127
128 /* Insert the object */
129 Status = ObInsertObject(PortObject,
130 NULL,
132 0,
133 NULL,
135 if (NT_SUCCESS(Status))
136 {
137 /* Lock the connection list */
139
140 /* Add the new port object to the connection list and increment the count */
143
144 /* Unlock the connection list*/
146 }
147 }
148
149 if (!NT_SUCCESS(Status))
150 {
151 /* Allow the filter to be cleaned up */
153 }
154
155 return Status;
156}
static const INTERNET_PORT ServerPort
Definition: CWebService.cpp:11
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
LONG NTSTATUS
Definition: precomp.h:26
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define NULL
Definition: types.h:112
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define InsertTailList(ListHead, Entry)
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
Status
Definition: gdiplustypes.h:25
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
static LONG MaxConnections
#define KernelMode
Definition: asm.h:34
#define FILE_READ_DATA
Definition: nt_native.h:628
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121
LIST_ENTRY mList
Definition: fltmgrint.h:56
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

◆ NtAlertResumeThread()

NTSYSCALLAPI NTSTATUS NTAPI NtAlertResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

◆ NtAlertThread()

NTSYSCALLAPI NTSTATUS NTAPI NtAlertThread ( _In_ HANDLE  ThreadHandle)

◆ NtApphelpCacheControl()

NTSYSCALLAPI NTSTATUS NTAPI NtApphelpCacheControl ( _In_ APPHELPCACHESERVICECLASS  Service,
_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP  ServiceData 
)

Definition at line 728 of file apphelp.c.

731{
735
737 {
738 DPRINT1("NtApphelpCacheControl: ApphelpCacheEnabled == 0\n");
739 return Status;
740 }
741 switch (Service)
742 {
744 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceLookup )\n");
745 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
746 if (NT_SUCCESS(Status))
748 break;
750 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceRemove )\n");
751 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
752 if (NT_SUCCESS(Status))
754 break;
756 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceUpdate )\n");
758 if (NT_SUCCESS(Status))
759 {
760 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
761 if (NT_SUCCESS(Status))
763 }
764 break;
766 /* FIXME: Check for admin or system here. */
768 break;
771 break;
773 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): flushing cache.\n");
775 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): reading cache.\n");
777 break;
779 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGWriteRegistry ): writing cache.\n");
781 break;
782 default:
783 DPRINT1("SHIMS: NtApphelpCacheControl( Invalid service requested )\n");
784 break;
785 }
786 if (ImageName.Buffer)
787 {
789 }
790 return Status;
791}
#define DPRINT1
Definition: precomp.h:8
ULONG Handle
Definition: gdb_input.c:15
@ ApphelpDBGReadRegistry
Definition: pstypes.h:979
@ ApphelpCacheServiceLookup
Definition: pstypes.h:973
@ ApphelpCacheServiceRemove
Definition: pstypes.h:974
@ ApphelpCacheServiceUpdate
Definition: pstypes.h:975
@ ApphelpCacheServiceDump
Definition: pstypes.h:977
@ ApphelpDBGWriteRegistry
Definition: pstypes.h:980
@ ApphelpCacheServiceFlush
Definition: pstypes.h:976
static const char * ImageName
Definition: image.c:34
NTSTATUS ApphelpCacheDump(VOID)
Definition: apphelp.c:703
BOOLEAN ApphelpCacheWrite(VOID)
Definition: apphelp.c:362
static BOOLEAN ApphelpCacheEnabled
Definition: apphelp.c:29
NTSTATUS ApphelpCacheFlush(VOID)
Definition: apphelp.c:688
#define INVALID_HANDLE_VALUE
Definition: apphelp.c:44
BOOLEAN ApphelpCacheRead(VOID)
Definition: apphelp.c:306
NTSTATUS ApphelpCacheRemoveEntry(_In_ PUNICODE_STRING ImageName)
Definition: apphelp.c:587
VOID ApphelpFreeUnicodeString(_Inout_ PUNICODE_STRING String)
Definition: apphelp.c:161
NTSTATUS ApphelpCacheUpdateEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:616
NTSTATUS ApphelpValidateData(_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData, _Out_ PUNICODE_STRING ImageName, _Out_ PHANDLE ImageHandle)
Definition: apphelp.c:474
NTSTATUS ApphelpCacheAccessCheck(VOID)
Definition: apphelp.c:602
NTSTATUS ApphelpCacheLookupEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:531
@ Service
Definition: ntsecapi.h:292
#define STATUS_SUCCESS
Definition: shellext.h:65
#define STATUS_NOT_FOUND
Definition: shellext.h:72
#define DPRINT
Definition: sndvol32.h:71

Referenced by BaseDumpAppcompatCache(), BaseFlushAppcompatCache(), BasepShimCacheRemoveEntry(), BasepShimCacheSearch(), and CallApphelp().

◆ NtAssignProcessToJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtAssignProcessToJobObject ( _In_ HANDLE  JobHandle,
_In_ HANDLE  ProcessHandle 
)

◆ NtCreateJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateJobObject ( _Out_ PHANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes 
)

◆ NtCreateJobSet()

NTSTATUS NTAPI NtCreateJobSet ( _In_ ULONG  NumJob,
_In_ PJOB_SET_ARRAY  UserJobSet,
_In_ ULONG  Flags 
)

◆ NtCreateProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcess ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ParentProcess,
_In_ BOOLEAN  InheritObjectTable,
_In_opt_ HANDLE  SectionHandle,
_In_opt_ HANDLE  DebugPort,
_In_opt_ HANDLE  ExceptionPort 
)

◆ NtCreateProcessEx()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcessEx ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ParentProcess,
_In_ ULONG  Flags,
_In_opt_ HANDLE  SectionHandle,
_In_opt_ HANDLE  DebugPort,
_In_opt_ HANDLE  ExceptionPort,
_In_ BOOLEAN  InJob 
)

◆ NtCreateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ProcessHandle,
_Out_ PCLIENT_ID  ClientId,
_In_ PCONTEXT  ThreadContext,
_In_ PINITIAL_TEB  UserStack,
_In_ BOOLEAN  CreateSuspended 
)

◆ NtCurrentTeb()

FORCEINLINE struct _TEB * NtCurrentTeb ( VOID  )

Definition at line 420 of file psfuncs.h.

421{
422#if defined(_M_IX86)
423 return (struct _TEB *)__readfsdword(0x18);
424#elif defined (_M_AMD64)
425 return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self));
426#elif defined (_M_ARM)
427 // return (struct _TEB *)KeGetPcr()->Used_Self;
428 return (struct _TEB *)(ULONG_PTR)_MoveFromCoprocessor(CP15_TPIDRURW);
429#elif defined (_M_ARM64)
430 //UNIMPLEMENTED;
431 return 0;
432// #elif defined(_M_PPC)
433// return (struct _TEB *)_read_teb_dword(0x18);
434#else
435#error Unsupported architecture
436#endif
437}
#define ULONG_PTR
Definition: config.h:101
PPC_QUAL unsigned long __readfsdword(const unsigned long Offset)
Definition: intrin_ppc.h:382
#define CP15_TPIDRURW
Definition: ketypes.h:131
Definition: compat.h:836
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255

◆ NtImpersonateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateThread ( _In_ HANDLE  ThreadHandle,
_In_ HANDLE  ThreadToImpersonate,
_In_ PSECURITY_QUALITY_OF_SERVICE  SecurityQualityOfService 
)

◆ NtIsProcessInJob()

NTSYSCALLAPI NTSTATUS NTAPI NtIsProcessInJob ( _In_ HANDLE  ProcessHandle,
_In_opt_ HANDLE  JobHandle 
)

◆ NtOpenProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_opt_ PCLIENT_ID  ClientId 
)

◆ NtOpenProcessToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenThread()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ PCLIENT_ID  ClientId 
)

◆ NtOpenThreadToken()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_Out_ PHANDLE  TokenHandle 
)

Opens a token that is tied to a thread handle.

Parameters
[out]ThreadHandleThread handle where the token is about to be opened.
[in]DesiredAccessThe request access right for the token.
[in]OpenAsSelfIf set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead.
[out]TokenHandleThe opened token handle returned to the caller for use.
Returns
See NtOpenThreadTokenEx.

Definition at line 2474 of file token.c.

2479{
2480 return NtOpenThreadTokenEx(ThreadHandle, DesiredAccess, OpenAsSelf, 0,
2481 TokenHandle);
2482}
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2331
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
Definition: zwfuncs.h:700

◆ NtOpenThreadTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

Opens a token that is tied to a thread handle.

Parameters
[out]ThreadHandleThread handle where the token is about to be opened.
[in]DesiredAccessThe request access right for the token.
[in]OpenAsSelfIf set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead.
[in]HandleAttributesHandle attributes for the opened thread token handle.
[out]TokenHandleThe opened token handle returned to the caller for use.
Returns
Returns STATUS_SUCCESS if the function has successfully opened the thread token. STATUS_CANT_OPEN_ANONYMOUS is returned if a token has SecurityAnonymous as impersonation level and we cannot open it. A failure NTSTATUS code is returned otherwise.

Definition at line 2331 of file token.c.

2337{
2339 HANDLE hToken;
2340 PTOKEN Token;
2346 BOOLEAN RestoreImpersonation = FALSE;
2347
2348 PAGED_CODE();
2349
2351
2352 /* Ensure that we can give the handle to the caller */
2353 if (PreviousMode != KernelMode)
2354 {
2355 _SEH2_TRY
2356 {
2358 }
2360 {
2361 /* Return the exception code */
2363 }
2364 _SEH2_END;
2365 }
2366
2367 /* Validate object attributes */
2369
2370 /*
2371 * At first open the thread token for information access and verify
2372 * that the token associated with the thread is valid.
2373 */
2376 NULL);
2377 if (!NT_SUCCESS(Status))
2378 {
2379 DPRINT1("Failed to reference the object thread (Status 0x%lx)\n", Status);
2380 return Status;
2381 }
2382
2383 /* Reference the token from the thread */
2386 if (Token == NULL)
2387 {
2388 DPRINT("Failed to reference the thread's impersonation token, thread has no token\n");
2390 return STATUS_NO_TOKEN;
2391 }
2392
2393 /* Ensure the token has no anonymous security */
2395 {
2396 DPRINT1("The thread token has anonymous security, can't open it\n");
2400 }
2401
2402 /* Revert to self if OpenAsSelf is specified */
2403 if (OpenAsSelf)
2404 {
2405 RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(),
2407 }
2408
2409 /* Call the private function to do the job */
2411 ThreadHandle,
2412 Token,
2416 CopyOnOpen,
2419 &hToken);
2420
2421 /* Restore the impersonation back if needed */
2422 if (RestoreImpersonation)
2423 {
2425 }
2426
2427 /* Dereference the access token and the associated thread */
2430
2431 if (!NT_SUCCESS(Status))
2432 {
2433 DPRINT1("Failed to open the thread's token (Status 0x%lx)\n", Status);
2434 return Status;
2435 }
2436
2437 /* Give the opened token handle to the caller */
2438 _SEH2_TRY
2439 {
2440 *TokenHandle = hToken;
2441 }
2443 {
2445 }
2446 _SEH2_END;
2447
2448 return Status;
2449}
#define PAGED_CODE()
unsigned char BOOLEAN
#define FALSE
Definition: types.h:117
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define ExGetPreviousMode
Definition: ex.h:140
#define _SEH2_END
Definition: filesup.c:22
#define _SEH2_TRY
Definition: filesup.c:19
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define THREAD_QUERY_INFORMATION
Definition: pstypes.h:149
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
@ SecurityAnonymous
Definition: lsa.idl:55
#define PsDereferenceImpersonationToken(T)
Definition: imports.h:298
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:433
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:410
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:937
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:987
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:871
POBJECT_TYPE PsThreadType
Definition: thread.c:20
static NTSTATUS SepOpenThreadToken(_In_ PETHREAD Thread, _In_ HANDLE ThreadHandle, _In_ PTOKEN ThreadToken, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _In_ BOOLEAN EffectiveOnly, _In_ BOOLEAN CopyOnOpen, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PHANDLE OpenedTokenHandle)
Internal private function that returns an opened handle of an access token associated with a thread.
Definition: token.c:1170
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360
#define STATUS_CANT_OPEN_ANONYMOUS
Definition: ntstatus.h:402
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:162
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ObDereferenceObject
Definition: obfuncs.h:203
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
Definition: psfuncs.h:189
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103

◆ NtQueryInformationJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_Out_bytecap_(JobInformationLength) PVOID  JobInformation,
_In_ ULONG  JobInformationLength,
_Out_ PULONG  ReturnLength 
)

◆ NtQueryInformationProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_Out_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Definition at line 59 of file query.c.

65{
69 ULONG Length = 0;
70 HANDLE DebugPort = 0;
71 PPROCESS_BASIC_INFORMATION ProcessBasicInfo =
72 (PPROCESS_BASIC_INFORMATION)ProcessInformation;
73 PKERNEL_USER_TIMES ProcessTime = (PKERNEL_USER_TIMES)ProcessInformation;
74 ULONG UserTime, KernelTime;
75 PPROCESS_PRIORITY_CLASS PsPriorityClass = (PPROCESS_PRIORITY_CLASS)ProcessInformation;
76 ULONG HandleCount;
78 (PPROCESS_SESSION_INFORMATION)ProcessInformation;
79 PVM_COUNTERS VmCounters = (PVM_COUNTERS)ProcessInformation;
80 PIO_COUNTERS IoCounters = (PIO_COUNTERS)ProcessInformation;
81 PQUOTA_LIMITS QuotaLimits = (PQUOTA_LIMITS)ProcessInformation;
83 ULONG Cookie, ExecuteOptions = 0;
84 ULONG_PTR Wow64 = 0;
85 PROCESS_VALUES ProcessValues;
87 PAGED_CODE();
88
89 /* Verify Information Class validity */
90 Status = DefaultQueryInfoBufferCheck(ProcessInformationClass,
94 ProcessInformation,
95 ProcessInformationLength,
97 NULL,
99 if (!NT_SUCCESS(Status))
100 {
101 DPRINT1("NtQueryInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
102 return Status;
103 }
104
105 if (((ProcessInformationClass == ProcessCookie) ||
106 (ProcessInformationClass == ProcessImageInformation)) &&
108 {
109 /*
110 * Retrieving the process cookie is only allowed for the calling process
111 * itself! XP only allows NtCurrentProcess() as process handles even if
112 * a real handle actually represents the current process.
113 */
115 }
116
117 /* Check the information class */
118 switch (ProcessInformationClass)
119 {
120 /* Basic process information */
122
123 if (ProcessInformationLength != sizeof(PROCESS_BASIC_INFORMATION))
124 {
126 break;
127 }
128
129 /* Set return length */
131
132 /* Reference the process */
137 (PVOID*)&Process,
138 NULL);
139 if (!NT_SUCCESS(Status)) break;
140
141 /* Protect writes with SEH */
143 {
144 /* Write all the information from the EPROCESS/KPROCESS */
145 ProcessBasicInfo->ExitStatus = Process->ExitStatus;
146 ProcessBasicInfo->PebBaseAddress = Process->Peb;
147 ProcessBasicInfo->AffinityMask = Process->Pcb.Affinity;
148 ProcessBasicInfo->UniqueProcessId = (ULONG_PTR)Process->
149 UniqueProcessId;
150 ProcessBasicInfo->InheritedFromUniqueProcessId =
151 (ULONG_PTR)Process->InheritedFromUniqueProcessId;
152 ProcessBasicInfo->BasePriority = Process->Pcb.BasePriority;
153
154 }
156 {
157 /* Get exception code */
159 }
160 _SEH2_END;
161
162 /* Dereference the process */
164 break;
165
166 /* Process quota limits */
168
169 if (ProcessInformationLength != sizeof(QUOTA_LIMITS))
170 {
172 break;
173 }
174
175 Length = sizeof(QUOTA_LIMITS);
176
177 /* Reference the process */
182 (PVOID*)&Process,
183 NULL);
184 if (!NT_SUCCESS(Status)) break;
185
186 /* Indicate success */
188
190 {
191 /* Set max/min working set sizes */
192 QuotaLimits->MaximumWorkingSetSize =
193 Process->Vm.MaximumWorkingSetSize << PAGE_SHIFT;
194 QuotaLimits->MinimumWorkingSetSize =
195 Process->Vm.MinimumWorkingSetSize << PAGE_SHIFT;
196
197 /* Set default time limits */
198 QuotaLimits->TimeLimit.LowPart = MAXULONG;
199 QuotaLimits->TimeLimit.HighPart = MAXULONG;
200
201 /* Is quota block a default one? */
202 if (Process->QuotaBlock == &PspDefaultQuotaBlock)
203 {
204 /* Set default pools and pagefile limits */
205 QuotaLimits->PagedPoolLimit = (SIZE_T)-1;
206 QuotaLimits->NonPagedPoolLimit = (SIZE_T)-1;
207 QuotaLimits->PagefileLimit = (SIZE_T)-1;
208 }
209 else
210 {
211 /* Get limits from non-default quota block */
212 QuotaLimits->PagedPoolLimit =
213 Process->QuotaBlock->QuotaEntry[PsPagedPool].Limit;
214 QuotaLimits->NonPagedPoolLimit =
215 Process->QuotaBlock->QuotaEntry[PsNonPagedPool].Limit;
216 QuotaLimits->PagefileLimit =
217 Process->QuotaBlock->QuotaEntry[PsPageFile].Limit;
218 }
219 }
221 {
222 /* Get exception code */
224 }
225 _SEH2_END;
226
227 /* Dereference the process */
229 break;
230
232
233 if (ProcessInformationLength != sizeof(IO_COUNTERS))
234 {
236 break;
237 }
238
239 Length = sizeof(IO_COUNTERS);
240
241 /* Reference the process */
246 (PVOID*)&Process,
247 NULL);
248 if (!NT_SUCCESS(Status)) break;
249
250 /* Query IO counters from the process */
251 KeQueryValuesProcess(&Process->Pcb, &ProcessValues);
252
254 {
255 RtlCopyMemory(IoCounters, &ProcessValues.IoInfo, sizeof(IO_COUNTERS));
256 }
258 {
259 /* Ignore exception */
260 }
261 _SEH2_END;
262
263 /* Set status to success in any case */
265
266 /* Dereference the process */
268 break;
269
270 /* Timing */
271 case ProcessTimes:
272
273 /* Set the return length */
274 if (ProcessInformationLength != sizeof(KERNEL_USER_TIMES))
275 {
277 break;
278 }
279
280 Length = sizeof(KERNEL_USER_TIMES);
281
282 /* Reference the process */
287 (PVOID*)&Process,
288 NULL);
289 if (!NT_SUCCESS(Status)) break;
290
291 /* Protect writes with SEH */
293 {
294 /* Copy time information from EPROCESS/KPROCESS */
295 KernelTime = KeQueryRuntimeProcess(&Process->Pcb, &UserTime);
296 ProcessTime->CreateTime = Process->CreateTime;
298 ProcessTime->KernelTime.QuadPart = (LONGLONG)KernelTime * KeMaximumIncrement;
299 ProcessTime->ExitTime = Process->ExitTime;
300 }
302 {
303 /* Get exception code */
305 }
306 _SEH2_END;
307
308 /* Dereference the process */
310 break;
311
312 /* Process Debug Port */
313 case ProcessDebugPort:
314
315 if (ProcessInformationLength != sizeof(HANDLE))
316 {
318 break;
319 }
320
321 /* Set return length */
322 Length = sizeof(HANDLE);
323
324 /* Reference the process */
329 (PVOID*)&Process,
330 NULL);
331 if (!NT_SUCCESS(Status)) break;
332
333 /* Protect write with SEH */
335 {
336 /* Return whether or not we have a debug port */
337 *(PHANDLE)ProcessInformation = (Process->DebugPort ?
338 (HANDLE)-1 : NULL);
339 }
341 {
342 /* Get exception code */
344 }
345 _SEH2_END;
346
347 /* Dereference the process */
349 break;
350
352
353 if (ProcessInformationLength != sizeof(ULONG))
354 {
356 break;
357 }
358
359 /* Set the return length*/
360 Length = sizeof(ULONG);
361
362 /* Reference the process */
367 (PVOID*)&Process,
368 NULL);
369 if (!NT_SUCCESS(Status)) break;
370
371 /* Count the number of handles this process has */
372 HandleCount = ObGetProcessHandleCount(Process);
373
374 /* Protect write in SEH */
376 {
377 /* Return the count of handles */
378 *(PULONG)ProcessInformation = HandleCount;
379 }
381 {
382 /* Get the exception code */
384 }
385 _SEH2_END;
386
387 /* Dereference the process */
389 break;
390
391 /* Session ID for the process */
393
394 if (ProcessInformationLength != sizeof(PROCESS_SESSION_INFORMATION))
395 {
397 break;
398 }
399
400 /* Set the return length*/
402
403 /* Reference the process */
408 (PVOID*)&Process,
409 NULL);
410 if (!NT_SUCCESS(Status)) break;
411
412 /* Enter SEH for write safety */
414 {
415 /* Write back the Session ID */
417 }
419 {
420 /* Get the exception code */
422 }
423 _SEH2_END;
424
425 /* Dereference the process */
427 break;
428
429 /* Virtual Memory Statistics */
431
432 /* Validate the input length */
433 if ((ProcessInformationLength != sizeof(VM_COUNTERS)) &&
434 (ProcessInformationLength != sizeof(VM_COUNTERS_EX)))
435 {
437 break;
438 }
439
440 /* Reference the process */
445 (PVOID*)&Process,
446 NULL);
447 if (!NT_SUCCESS(Status)) break;
448
449 /* Enter SEH for write safety */
451 {
452 /* Return data from EPROCESS */
453 VmCounters->PeakVirtualSize = Process->PeakVirtualSize;
454 VmCounters->VirtualSize = Process->VirtualSize;
455 VmCounters->PageFaultCount = Process->Vm.PageFaultCount;
456 VmCounters->PeakWorkingSetSize = Process->Vm.PeakWorkingSetSize;
457 VmCounters->WorkingSetSize = Process->Vm.WorkingSetSize;
458 VmCounters->QuotaPeakPagedPoolUsage = Process->QuotaPeak[PsPagedPool];
459 VmCounters->QuotaPagedPoolUsage = Process->QuotaUsage[PsPagedPool];
460 VmCounters->QuotaPeakNonPagedPoolUsage = Process->QuotaPeak[PsNonPagedPool];
461 VmCounters->QuotaNonPagedPoolUsage = Process->QuotaUsage[PsNonPagedPool];
462 VmCounters->PagefileUsage = Process->QuotaUsage[PsPageFile] << PAGE_SHIFT;
463 VmCounters->PeakPagefileUsage = Process->QuotaPeak[PsPageFile] << PAGE_SHIFT;
464 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
465 //
466
467 /* Set the return length */
468 Length = ProcessInformationLength;
469 }
471 {
472 /* Get the exception code */
474 }
475 _SEH2_END;
476
477 /* Dereference the process */
479 break;
480
481 /* Hard Error Processing Mode */
483
484 if (ProcessInformationLength != sizeof(ULONG))
485 {
487 break;
488 }
489
490 /* Set the return length*/
491 Length = sizeof(ULONG);
492
493 /* Reference the process */
498 (PVOID*)&Process,
499 NULL);
500 if (!NT_SUCCESS(Status)) break;
501
502 /* Enter SEH for writing back data */
504 {
505 /* Write the current processing mode */
506 *(PULONG)ProcessInformation = Process->
507 DefaultHardErrorProcessing;
508 }
510 {
511 /* Get the exception code */
513 }
514 _SEH2_END;
515
516 /* Dereference the process */
518 break;
519
520 /* Priority Boosting status */
522
523 if (ProcessInformationLength != sizeof(ULONG))
524 {
526 break;
527 }
528
529 /* Set the return length */
530 Length = sizeof(ULONG);
531
532 /* Reference the process */
537 (PVOID*)&Process,
538 NULL);
539 if (!NT_SUCCESS(Status)) break;
540
541 /* Enter SEH for writing back data */
543 {
544 /* Return boost status */
545 *(PULONG)ProcessInformation = Process->Pcb.DisableBoost ?
546 TRUE : FALSE;
547 }
549 {
550 /* Get the exception code */
552 }
553 _SEH2_END;
554
555 /* Dereference the process */
557 break;
558
559 /* DOS Device Map */
560 case ProcessDeviceMap:
561
562 if (ProcessInformationLength == sizeof(PROCESS_DEVICEMAP_INFORMATION_EX))
563 {
564 /* Protect read in SEH */
566 {
567 PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
568
569 Flags = DeviceMapEx->Flags;
570 }
572 {
573 /* Get the exception code */
575 _SEH2_YIELD(break);
576 }
577 _SEH2_END;
578
579 /* Only one flag is supported and it needs LUID mappings */
580 if ((Flags & ~PROCESS_LUID_DOSDEVICES_ONLY) != 0 ||
582 {
584 break;
585 }
586 }
587 else
588 {
589 /* This has to be the size of the Query union field for x64 compatibility! */
590 if (ProcessInformationLength != RTL_FIELD_SIZE(PROCESS_DEVICEMAP_INFORMATION, Query))
591 {
593 break;
594 }
595
596 /* No flags for standard call */
597 Flags = 0;
598 }
599
600 /* Set the return length */
601 Length = ProcessInformationLength;
602
603 /* Reference the process */
608 (PVOID*)&Process,
609 NULL);
610 if (!NT_SUCCESS(Status)) break;
611
612 /* Query the device map information */
614 ProcessInformation,
615 Flags);
616
617 /* Dereference the process */
619 break;
620
621 /* Priority class */
623
624 if (ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS))
625 {
627 break;
628 }
629
630 /* Set the return length*/
632
633 /* Reference the process */
638 (PVOID*)&Process,
639 NULL);
640 if (!NT_SUCCESS(Status)) break;
641
642 /* Enter SEH for writing back data */
644 {
645 /* Return current priority class */
646 PsPriorityClass->PriorityClass = Process->PriorityClass;
647 PsPriorityClass->Foreground = FALSE;
648 }
650 {
651 /* Get the exception code */
653 }
654 _SEH2_END;
655
656 /* Dereference the process */
658 break;
659
661
662 /* Reference the process */
667 (PVOID*)&Process,
668 NULL);
669 if (!NT_SUCCESS(Status)) break;
670
671 /* Get the image path */
673 if (NT_SUCCESS(Status))
674 {
675 /* Set return length */
676 Length = ImageName->MaximumLength +
678
679 /* Make sure it's large enough */
680 if (Length <= ProcessInformationLength)
681 {
682 /* Enter SEH to protect write */
684 {
685 /* Copy it */
686 RtlCopyMemory(ProcessInformation,
687 ImageName,
688 Length);
689
690 /* Update pointer */
691 ((PUNICODE_STRING)ProcessInformation)->Buffer =
692 (PWSTR)((PUNICODE_STRING)ProcessInformation + 1);
693 }
695 {
696 /* Get the exception code */
698 }
699 _SEH2_END;
700 }
701 else
702 {
703 /* Buffer too small */
705 }
706
707 /* Free the image path */
709 }
710 /* Dereference the process */
712 break;
713
715
716 if (ProcessInformationLength != sizeof(ULONG))
717 {
719 break;
720 }
721
722 /* Set the return length*/
723 Length = sizeof(ULONG);
724
725 /* Reference the process */
730 (PVOID*)&Process,
731 NULL);
732 if (!NT_SUCCESS(Status)) break;
733
734 /* Enter SEH for writing back data */
736 {
737 /* Return the debug flag state */
738 *(PULONG)ProcessInformation = Process->NoDebugInherit ? 0 : 1;
739 }
741 {
742 /* Get the exception code */
744 }
745 _SEH2_END;
746
747 /* Dereference the process */
749 break;
750
752
753 if (ProcessInformationLength != sizeof(ULONG))
754 {
756 break;
757 }
758
759 /* Set the return length */
760 Length = sizeof(ULONG);
761
762 /* Reference the process */
767 (PVOID*)&Process,
768 NULL);
769 if (!NT_SUCCESS(Status)) break;
770
771 /* Enter SEH for writing back data */
773 {
774 /* Return the BreakOnTermination state */
775 *(PULONG)ProcessInformation = Process->BreakOnTermination;
776 }
778 {
779 /* Get the exception code */
781 }
782 _SEH2_END;
783
784 /* Dereference the process */
786 break;
787
788 /* Per-process security cookie */
789 case ProcessCookie:
790
791 if (ProcessInformationLength != sizeof(ULONG))
792 {
793 /* Length size wrong, bail out */
795 break;
796 }
797
798 /* Get the current process and cookie */
800 Cookie = Process->Cookie;
801 if (!Cookie)
802 {
803 LARGE_INTEGER SystemTime;
804 ULONG NewCookie;
805 PKPRCB Prcb;
806
807 /* Generate a new cookie */
808 KeQuerySystemTime(&SystemTime);
809 Prcb = KeGetCurrentPrcb();
810 NewCookie = Prcb->KeSystemCalls ^ Prcb->InterruptTime ^
811 SystemTime.u.LowPart ^ SystemTime.u.HighPart;
812
813 /* Set the new cookie or return the current one */
815 NewCookie,
816 Cookie);
817 if (!Cookie) Cookie = NewCookie;
818
819 /* Set return length */
820 Length = sizeof(ULONG);
821 }
822
823 /* Indicate success */
825
826 /* Enter SEH to protect write */
828 {
829 /* Write back the cookie */
830 *(PULONG)ProcessInformation = Cookie;
831 }
833 {
834 /* Get the exception code */
836 }
837 _SEH2_END;
838 break;
839
841
842 if (ProcessInformationLength != sizeof(SECTION_IMAGE_INFORMATION))
843 {
844 /* Break out */
846 break;
847 }
848
849 /* Set the length required and validate it */
851
852 /* Enter SEH to protect write */
854 {
856 }
858 {
859 /* Get the exception code */
861 }
862 _SEH2_END;
863
864 /* Indicate success */
866 break;
867
869
870 if (ProcessInformationLength != sizeof(HANDLE))
871 {
873 break;
874 }
875
876 /* Set the return length */
877 Length = sizeof(HANDLE);
878
879 /* Reference the process */
884 (PVOID*)&Process,
885 NULL);
886 if (!NT_SUCCESS(Status)) break;
887
888 /* Get the debug port */
890
891 /* Let go of the process */
893
894 /* Protect write in SEH */
896 {
897 /* Return debug port's handle */
898 *(PHANDLE)ProcessInformation = DebugPort;
899 }
901 {
902 /* Get the exception code */
904 }
905 _SEH2_END;
906 break;
907
909 DPRINT1("Handle tracing Not implemented: %lx\n", ProcessInformationClass);
911 break;
912
914
915 if (ProcessInformationLength != sizeof(ULONG))
916 {
918 break;
919 }
920
921 /* Set the return length */
922 Length = sizeof(ULONG);
923
924 /* Indicate success */
926
927 /* Protect write in SEH */
929 {
930 /* Query Ob */
931 *(PULONG)ProcessInformation = ObIsLUIDDeviceMapsEnabled();
932 }
934 {
935 /* Get the exception code */
937 }
938 _SEH2_END;
939 break;
940
942
943 if (ProcessInformationLength != sizeof(ULONG))
944 {
946 break;
947 }
948
949 /* Set the return length */
950 Length = sizeof(ULONG);
951
952 /* Reference the process */
957 (PVOID*)&Process,
958 NULL);
959 if (!NT_SUCCESS(Status)) break;
960
961 /* Protect write in SEH */
963 {
964 /* Return if the flag is set */
965 *(PULONG)ProcessInformation = (ULONG)Process->VdmAllowed;
966 }
968 {
969 /* Get the exception code */
971 }
972 _SEH2_END;
973
974 /* Dereference the process */
976 break;
977
979
980 if (ProcessInformationLength != sizeof(ULONG_PTR))
981 {
983 break;
984 }
985
986 /* Set return length */
987 Length = sizeof(ULONG_PTR);
988
989 /* Reference the process */
994 (PVOID*)&Process,
995 NULL);
996 if (!NT_SUCCESS(Status)) break;
997
998 /* Make sure the process isn't dying */
999 if (ExAcquireRundownProtection(&Process->RundownProtect))
1000 {
1001 /* Get the WOW64 process structure */
1002#ifdef _WIN64
1003 Wow64 = (ULONG_PTR)Process->Wow64Process;
1004#else
1005 Wow64 = 0;
1006#endif
1007 /* Release the lock */
1008 ExReleaseRundownProtection(&Process->RundownProtect);
1009 }
1010
1011 /* Protect write with SEH */
1012 _SEH2_TRY
1013 {
1014 /* Return whether or not we have a debug port */
1015 *(PULONG_PTR)ProcessInformation = Wow64;
1016 }
1018 {
1019 /* Get exception code */
1021 }
1022 _SEH2_END;
1023
1024 /* Dereference the process */
1026 break;
1027
1029
1030 if (ProcessInformationLength != sizeof(ULONG))
1031 {
1033 break;
1034 }
1035
1036 /* Set return length */
1037 Length = sizeof(ULONG);
1038
1040 {
1042 }
1043
1044 /* Get the options */
1045 Status = MmGetExecuteOptions(&ExecuteOptions);
1046 if (NT_SUCCESS(Status))
1047 {
1048 /* Protect write with SEH */
1049 _SEH2_TRY
1050 {
1051 /* Return them */
1052 *(PULONG)ProcessInformation = ExecuteOptions;
1053 }
1055 {
1056 /* Get exception code */
1058 }
1059 _SEH2_END;
1060 }
1061 break;
1062
1064 DPRINT1("VDM/16-bit not implemented: %lx\n", ProcessInformationClass);
1066 break;
1067
1069 DPRINT1("WS Watch Not implemented: %lx\n", ProcessInformationClass);
1071 break;
1072
1074 DPRINT1("Pool limits Not implemented: %lx\n", ProcessInformationClass);
1076 break;
1077
1078 /* Not supported by Server 2003 */
1079 default:
1080 DPRINT1("Unsupported info class: %lx\n", ProcessInformationClass);
1082 }
1083
1084 /* Protect write with SEH */
1085 _SEH2_TRY
1086 {
1087 /* Check if caller wanted return length */
1088 if ((ReturnLength) && (Length)) *ReturnLength = Length;
1089 }
1091 {
1092 /* Get exception code */
1094 }
1095 _SEH2_END;
1096
1097 return Status;
1098}
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended)
Definition: query.c:292
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
#define TRUE
Definition: types.h:120
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:43
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
#define PAGE_SHIFT
Definition: env_spec_w32.h:45
#define KeQuerySystemTime(t)
Definition: env_spec_w32.h:570
#define ExReleaseRundownProtection
Definition: ex.h:136
#define ExAcquireRundownProtection
Definition: ex.h:135
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
#define ICIF_PROBE_READ
Definition: icif.h:25
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
#define PROCESS_QUERY_INFORMATION
Definition: pstypes.h:166
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
@ PsNonPagedPool
Definition: pstypes.h:1021
@ PsPageFile
Definition: pstypes.h:1023
@ PsPagedPool
Definition: pstypes.h:1022
@ ProcessDebugPort
Definition: winternl.h:395
@ ProcessBreakOnTermination
Definition: winternl.h:398
@ ProcessBasicInformation
Definition: winternl.h:394
@ ProcessWow64Information
Definition: winternl.h:396
@ ProcessImageFileName
Definition: winternl.h:397
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
@ ProcessLUIDDeviceMapsEnabled
Definition: winternl.h:884
@ ProcessWx86Information
Definition: winternl.h:875
@ ProcessDebugFlags
Definition: winternl.h:887
@ ProcessSessionInformation
Definition: winternl.h:880
@ ProcessVmCounters
Definition: winternl.h:859
@ ProcessPriorityClass
Definition: winternl.h:874
@ ProcessPriorityBoost
Definition: winternl.h:878
@ ProcessImageInformation
Definition: winternl.h:892
@ ProcessExecuteFlags
Definition: winternl.h:889
@ ProcessCookie
Definition: winternl.h:891
@ ProcessPooledUsageAndLimits
Definition: winternl.h:870
@ ProcessIoCounters
Definition: winternl.h:858
@ ProcessDefaultHardErrorMode
Definition: winternl.h:868
@ ProcessDeviceMap
Definition: winternl.h:879
@ ProcessQuotaLimits
Definition: winternl.h:857
@ ProcessHandleTracing
Definition: winternl.h:888
@ ProcessTimes
Definition: winternl.h:860
@ ProcessDebugObjectHandle
Definition: winternl.h:886
@ ProcessWorkingSetWatch
Definition: winternl.h:871
@ ProcessLdtInformation
Definition: winternl.h:866
@ ProcessHandleCount
Definition: winternl.h:876
struct _VM_COUNTERS_ * PVM_COUNTERS
#define PROCESS_LUID_DOSDEVICES_ONLY
Definition: pstypes.h:228
struct _IO_COUNTERS IO_COUNTERS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
struct _IO_COUNTERS * PIO_COUNTERS
#define InterlockedCompareExchange
Definition: interlocked.h:104
#define RTL_FIELD_SIZE(type, field)
Definition: kdb_expr.c:86
struct _QUOTA_LIMITS QUOTA_LIMITS
struct _QUOTA_LIMITS * PQUOTA_LIMITS
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
Definition: ketypes.h:1148
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
#define NtCurrentProcess()
Definition: nt_native.h:1657
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1811
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2653
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
ULONG KeMaximumIncrement
Definition: clock.c:20
POBJECT_TYPE PsProcessType
Definition: process.c:20
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:239
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
Definition: devicemap.c:662
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
long LONG
Definition: pedump.c:60
EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock
Definition: quota.c:16
static const INFORMATION_CLASS_INFO PsProcessInfoClass[]
Definition: ps_i.h:15
LARGE_INTEGER UserTime
Definition: winternl.h:1063
LARGE_INTEGER CreateTime
Definition: winternl.h:1060
LARGE_INTEGER KernelTime
Definition: winternl.h:1062
LARGE_INTEGER ExitTime
Definition: winternl.h:1061
ULONG InterruptTime
Definition: ketypes.h:806
ULONG KeSystemCalls
Definition: ketypes.h:717
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:340
IO_COUNTERS IoInfo
Definition: ke.h:48
INT64 MaximumWorkingSetSize
Definition: lsa.idl:290
INT64 NonPagedPoolLimit
Definition: lsa.idl:288
LARGE_INTEGER TimeLimit
Definition: lsa.idl:292
INT64 MinimumWorkingSetSize
Definition: lsa.idl:289
INT64 PagefileLimit
Definition: lsa.idl:291
INT64 PagedPoolLimit
Definition: lsa.idl:287
SIZE_T QuotaPeakPagedPoolUsage
Definition: winternl.h:1610
SIZE_T PeakWorkingSetSize
Definition: winternl.h:1608
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:1612
SIZE_T VirtualSize
Definition: winternl.h:1606
SIZE_T PeakPagefileUsage
Definition: winternl.h:1615
SIZE_T QuotaNonPagedPoolUsage
Definition: winternl.h:1613
SIZE_T PagefileUsage
Definition: winternl.h:1614
SIZE_T PeakVirtualSize
Definition: winternl.h:1605
SIZE_T QuotaPagedPoolUsage
Definition: winternl.h:1611
SIZE_T WorkingSetSize
Definition: winternl.h:1609
ULONG PageFaultCount
Definition: winternl.h:1607
#define TAG_SEPA
Definition: tag.h:156
uint16_t * PWSTR
Definition: typedefs.h:56
#define MAXULONG
Definition: typedefs.h:251
uint32_t * PULONG_PTR
Definition: typedefs.h:65
uint32_t * PULONG
Definition: typedefs.h:59
int64_t LONGLONG
Definition: typedefs.h:68
PVOID HANDLE
Definition: typedefs.h:73
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
uint32_t ULONG_PTR
Definition: typedefs.h:65
uint32_t ULONG
Definition: typedefs.h:59
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
LONGLONG QuadPart
Definition: typedefs.h:114
struct _LARGE_INTEGER::@2290 u
ULONG LowPart
Definition: typedefs.h:106
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
Definition: cmfuncs.h:14
_Out_ PULONG UserTime
Definition: kefuncs.h:759
#define PsGetCurrentProcess
Definition: psfuncs.h:17

◆ NtQueryInformationThread()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ THREADINFOCLASS  ThreadInformationClass,
_Out_ PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

◆ NtRegisterThreadTerminatePort()

NTSYSCALLAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort ( _In_ HANDLE  TerminationPort)

◆ NtResumeProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtResumeProcess ( _In_ HANDLE  ProcessHandle)

◆ NtResumeThread()

NTSYSCALLAPI NTSTATUS NTAPI NtResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

◆ NtSetInformationJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_In_bytecount_(JobInformationLength) PVOID  JobInformation,
_In_ ULONG  JobInformationLength 
)

◆ NtSetInformationProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_In_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength 
)

◆ NtSetInformationThread()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ THREADINFOCLASS  ThreadInformationClass,
_In_reads_bytes_(ThreadInformationLength) PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength 
)

◆ NtSuspendProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtSuspendProcess ( _In_ HANDLE  ProcessHandle)

◆ NtSuspendThread()

NTSYSCALLAPI NTSTATUS NTAPI NtSuspendThread ( _In_ HANDLE  ThreadHandle,
_In_ PULONG  PreviousSuspendCount 
)

◆ NtTerminateJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateJobObject ( _In_ HANDLE  JobHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ NtTerminateProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateProcess ( _In_ HANDLE  ProcessHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ NtTerminateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateThread ( _In_ HANDLE  ThreadHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ PsChargePoolQuota()

NTKERNELAPI VOID NTAPI PsChargePoolQuota ( _In_ PEPROCESS  Process,
_In_ POOL_TYPE  PoolType,
_In_ SIZE_T  Amount 
)

Charges the pool quota of a given process. The kind of pool quota to charge is determined by the PoolType parameter.

Parameters
[in]ProcessThe process which quota is to be charged.
[in]PoolTypeThe pool type to choose to charge quotas (e.g. PagedPool or NonPagedPool).
[in]AmountThe amount of quotas to charge into a process.
Returns
Nothing.
Remarks
The function raises an exception if STATUS_QUOTA_EXCEEDED status code is returned. Callers are responsible on their own to handle the raised exception.

Definition at line 775 of file quota.c.

779{
782
783 /* Don't do anything for the system process */
784 if (Process == PsInitialSystemProcess) return;
785
786 /* Charge the usage */
789}
#define KeGetCurrentIrql()
Definition: env_spec_w32.h:706
#define DISPATCH_LEVEL
Definition: env_spec_w32.h:696
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
Definition: fsrtlfuncs.h:551
#define ASSERT(a)
Definition: mode.c:44
#define ExRaiseStatus
Definition: ntoskrnl.h:114
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
NTSTATUS NTAPI PsChargeProcessPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.
Definition: quota.c:872
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815

Referenced by FsRtlCancelNotify(), and FsRtlNotifyFilterReportChange().

◆ PsChargeProcessNonPagedPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Charges the non paged pool quota of a given process.

Parameters
[in]ProcessThe process which non paged quota is to be charged.
[in]AmountThe amount of quotas to charge into a process.
Returns
Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.

Definition at line 811 of file quota.c.

814{
815 /* Call the general function */
817}
#define NonPagedPool
Definition: env_spec_w32.h:307

Referenced by MiCreatePebOrTeb(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), and START_TEST().

◆ PsChargeProcessPagedPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Charges the paged pool quota of a given process.

Parameters
[in]ProcessThe process which paged quota is to be charged.
[in]AmountThe amount of quotas to charge into a process.
Returns
Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.

Definition at line 839 of file quota.c.

842{
843 /* Call the general function */
845}
#define PagedPool
Definition: env_spec_w32.h:308

Referenced by ExpAllocateHandleTable(), ExpAllocateTablePagedPool(), ExpAllocateTablePagedPoolNoZero(), and START_TEST().

◆ PsChargeProcessPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota ( _In_ PEPROCESS  Process,
_In_ POOL_TYPE  PoolType,
_In_ SIZE_T  Amount 
)

Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.

Parameters
[in]ProcessThe process which quota is to be charged.
[in]PoolTypeThe type of quota pool to charge (e.g. PagedPool or NonPagedPool).
[in]AmountThe amount of quotas to charge into a process.
Returns
Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.

Definition at line 872 of file quota.c.

876{
877 /* Don't do anything for the system process */
879
881 Process->QuotaBlock,
883 Amount);
884}
#define PAGED_POOL_MASK
Definition: mm.h:118
NTSTATUS NTAPI PspChargeProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota charging, necessary for export...
Definition: quota.c:195

Referenced by ExAllocatePoolWithQuotaTag(), PsChargePoolQuota(), PsChargeProcessNonPagedPoolQuota(), and PsChargeProcessPagedPoolQuota().

◆ PsEstablishWin32Callouts()

NTKERNELAPI VOID NTAPI PsEstablishWin32Callouts ( _In_ PWIN32_CALLOUTS_FPNS  CalloutData)

◆ PsGetCurrentProcessSessionId()

NTKERNELAPI ULONG NTAPI PsGetCurrentProcessSessionId ( VOID  )

◆ PsGetCurrentProcessWin32Process()

◆ PsGetCurrentThreadProcessId()

NTKERNELAPI HANDLE NTAPI PsGetCurrentThreadProcessId ( VOID  )

Definition at line 755 of file thread.c.

756{
757 return PsGetCurrentThread()->Cid.UniqueProcess;
758}

Referenced by intDdCreateDirectDrawLocal().

◆ PsGetCurrentThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadWin32Thread ( VOID  )

Definition at line 805 of file thread.c.

806{
807 return PsGetCurrentThread()->Tcb.Win32Thread;
808}

Referenced by AllocateUserMessage(), CaretSystemTimerProc(), co_HOOK_CallHooks(), co_IntActivateKeyboardLayout(), co_IntCallHookProc(), co_IntCallSentMessageCallback(), co_IntCallWindowProc(), co_IntClientLoadLibrary(), co_IntClientThreadSetup(), co_IntCreateDefaultImeWindow(), co_IntFixCaret(), co_IntGetPeekMessage(), co_IntLoadDefaultCursors(), co_IntLoadKeyboardLayoutEx(), co_IntLoadSysMenuTemplate(), co_IntPaintWindows(), co_IntPeekMessage(), co_IntProcessKeyboardMessage(), co_IntProcessMouseMessage(), co_IntSendActivateMessages(), co_IntSendMessageTimeoutSingle(), co_IntSendMessageWithCallBack(), co_IntSetActiveWindow(), co_IntSetCaretPos(), co_IntSetForegroundAndFocusWindow(), co_IntWaitMessage(), co_MsqDispatchOneSentMessage(), co_MsqReplyMessage(), co_MsqSendMessage(), co_MsqSendMessageAsync(), co_UserDestroyWindow(), co_UserHideCaret(), co_UserSetCapture(), co_UserSetFocus(), co_UserShowCaret(), co_WinPosSearchChildren(), co_WinPosSetWindowPos(), co_WinPosShowWindow(), DECREASE_THREAD_LOCK_COUNT(), DefWndDoSizeMove(), DefWndStartSizeMove(), DesktopHeapGetUserDelta(), DesktopThreadMain(), GetW32ThreadInfo(), handle_internal_message(), IdlePing(), INCREASE_THREAD_LOCK_COUNT(), IntAddAtom(), IntCallWndProc(), IntCallWndProcRet(), IntCbAllocateMemory(), IntCbFreeMemory(), IntCreateDesktop(), IntDeactivateWindow(), IntDefWindowProc(), IntDeRegisterShellHookWindow(), IntDesktopOkToClose(), IntDestroyOwnedWindows(), IntDispatchMessage(), IntDrawScrollBar(), IntGetAndReferenceClass(), IntGetAtomName(), IntGetCapture(), IntGetCurrentThreadDesktopWindow(), IntGetImeCompatFlags(), IntGetNextHook(), IntGetQueueStatus(), IntGetThreadDesktopWindow(), IntGetThreadFocusWindow(), IntInitMessagePumpHook(), IntInvalidateWindows(), IntIsClipboardOpenByMe(), IntMsqClearWakeMask(), IntMsqSetWakeMask(), IntNotifyImeShowStatus(), IntNotifyWinEvent(), IntQueryTrackMouseEvent(), IntRegisterShellHookWindow(), IntReleaseCapture(), IntRemoveHook(), IntSendDestroyMsg(), IntSendSyncPaint(), IntSetThreadDesktop(), IntSetTimer(), IntTrackMouseEvent(), IntTrackPopupMenuEx(), IntTranslateKbdMessage(), IntUnhookWindowsHook(), IntUninitMessagePumpHook(), IntUserSetActiveWindow(), MENU_DoNextMenu(), MENU_InitTracking(), MENU_TrackMenu(), MsqGetMessageExtraInfo(), MsqSetMessageExtraInfo(), NtUserBlockInput(), NtUserCallNoParam(), NtUserCallOneParam(), NtUserCallTwoParam(), NtUserCreateAcceleratorTable(), NtUserCreateCaret(), NtUserGetAppImeLevel(), NtUserGetCaretPos(), NtUserGetGUIThreadInfo(), NtUserGetKeyboardLayoutName(), NtUserGetKeyboardState(), NtUserGetKeyNameText(), NtUserGetThreadState(), NtUserLockWorkStation(), NtUserMapVirtualKeyEx(), NtUserQueryWindow(), NtUserSendInput(), NtUserSetAppImeLevel(), NtUserSetKeyboardState(), NtUserSetThreadState(), NtUserSetWindowsHookEx(), NtUserSetWinEventHook(), NtUserToUnicodeEx(), NtUserValidateTimerCallback(), NtUserVkKeyScanEx(), NtUserWaitForInputIdle(), PostTimerMessages(), UserCreateInputContext(), UserDbgAssertThreadInfo(), UserDerefObjectCo(), UserDestroyMenu(), UserEnterExclusive(), UserGetActiveWindow(), UserGetCPD(), UserGetKeyboardLayout(), UserGetKeyState(), UserGhostThreadEntry(), UserInitialize(), UserOpenClipboard(), UserOpenInputDesktop(), UserRefObjectCo(), UserRegisterHotKey(), UserRegisterUserApiHook(), UserSendKeyboardInput(), UserSendMouseInput(), UserSetActiveWindow(), UserSetCursor(), UserShowCursor(), and UserUnregisterUserApiHook().

◆ PsGetProcessExitProcessCalled()

NTKERNELAPI BOOLEAN NTAPI PsGetProcessExitProcessCalled ( _In_ PEPROCESS  Process)

◆ PsGetProcessExitStatus()

NTKERNELAPI NTSTATUS NTAPI PsGetProcessExitStatus ( _In_ PEPROCESS  Process)

◆ PsGetProcessInheritedFromUniqueProcessId()

HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId ( _In_ PEPROCESS  Process)

◆ PsGetProcessSecurityPort()

NTKERNELAPI PVOID NTAPI PsGetProcessSecurityPort ( _In_ PEPROCESS  Process)

◆ PsGetProcessSessionId()

NTKERNELAPI ULONG NTAPI PsGetProcessSessionId ( _In_ PEPROCESS  Process)

◆ PsGetProcessWin32Process()

NTKERNELAPI PVOID NTAPI PsGetProcessWin32Process ( _In_ PEPROCESS  Process)

◆ PsGetProcessWin32WindowStation()

NTKERNELAPI PVOID NTAPI PsGetProcessWin32WindowStation ( _In_ PEPROCESS  Process)

◆ PsGetThreadFreezeCount()

NTKERNELAPI ULONG NTAPI PsGetThreadFreezeCount ( _In_ PETHREAD  Thread)

◆ PsGetThreadHardErrorsAreDisabled()

NTKERNELAPI BOOLEAN NTAPI PsGetThreadHardErrorsAreDisabled ( _In_ PETHREAD  Thread)

◆ PsGetThreadId()

NTKERNELAPI HANDLE NTAPI PsGetThreadId ( _In_ PETHREAD  Thread)

◆ PsGetThreadProcess()

NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess ( _In_ PETHREAD  Thread)

◆ PsGetThreadTeb()

NTKERNELAPI PTEB NTAPI PsGetThreadTeb ( _In_ PETHREAD  Thread)

◆ PsGetThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread ( _In_ PETHREAD  Thread)

◆ PsIsProtectedProcess()

BOOLEAN NTAPI PsIsProtectedProcess ( _In_ PEPROCESS  Process)

◆ PsIsSystemProcess()

NTKERNELAPI BOOLEAN NTAPI PsIsSystemProcess ( _In_ PEPROCESS  Process)

◆ PsIsThreadImpersonating()

NTKERNELAPI BOOLEAN NTAPI PsIsThreadImpersonating ( _In_ PETHREAD  Thread)

◆ PsLookupProcessThreadByCid()

NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid ( _In_ PCLIENT_ID  Cid,
_Out_opt_ PEPROCESS Process,
_Out_ PETHREAD Thread 
)

◆ PsReturnPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnPoolQuota ( _In_ PEPROCESS  Process,
_In_ POOL_TYPE  PoolType,
_In_ SIZE_T  Amount 
)

Returns the pool quota that the process was taking up.

Parameters
[in]ProcessThe process which quota is to be returned.
[in]PoolTypeThe type of quota pool to return (e.g. PagedPool or NonPagedPool).
[in]AmountThe amount of quotas to return from a process.
Returns
Nothing.

Definition at line 907 of file quota.c.

911{
912 /* Don't do anything for the system process */
913 if (Process == PsInitialSystemProcess) return;
914
916 Process->QuotaBlock,
918 Amount);
919}
VOID NTAPI PspReturnProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota returning. It returns (takes a...
Definition: quota.c:345

Referenced by ExFreePoolWithTag(), ExReturnPoolQuota(), PsReturnProcessNonPagedPoolQuota(), and PsReturnProcessPagedPoolQuota().

◆ PsReturnProcessNonPagedPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Returns the non paged quota pool that the process was taking up.

Parameters
[in]ProcessThe process which non paged quota is to be returned.
[in]AmountThe amount of quotas to return from a process.
Returns
Nothing.

Definition at line 938 of file quota.c.

941{
942 /* Don't do anything for the system process */
943 if (Process == PsInitialSystemProcess) return;
944
946}
VOID NTAPI PsReturnPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Returns the pool quota that the process was taking up.
Definition: quota.c:907

Referenced by MiCreatePebOrTeb(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), MiUnmapLockedPagesInUserSpace(), MiUnmapViewOfSection(), MmCleanProcessAddressSpace(), MmDeleteTeb(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), PspDeleteProcess(), and START_TEST().

◆ PsReturnProcessPagedPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnProcessPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Returns the paged pool quota that the process was taking up.

Parameters
[in]ProcessThe process which paged pool quota is to be returned.
[in]AmountThe amount of quotas to return from a process.
Returns
Nothing.

Definition at line 965 of file quota.c.

968{
969 /* Don't do anything for the system process */
970 if (Process == PsInitialSystemProcess) return;
971
973}

Referenced by ExpAllocateHandleTable(), ExpFreeHandleTable(), ExpFreeTablePagedPool(), FsRtlCancelNotify(), FsRtlNotifyCleanup(), FsRtlNotifyCompleteIrp(), FsRtlNotifyFilterReportChange(), and START_TEST().

◆ PsRevertThreadToSelf()

NTKERNELAPI VOID NTAPI PsRevertThreadToSelf ( _Inout_ PETHREAD  Thread)

◆ PsSetProcessPriorityByClass()

VOID NTAPI PsSetProcessPriorityByClass ( _In_ PEPROCESS  Process,
_In_ PSPROCESSPRIORITYMODE  Type 
)

◆ PsSetProcessSecurityPort()

NTKERNELAPI NTSTATUS NTAPI PsSetProcessSecurityPort ( _Inout_ PEPROCESS  Process,
_In_ PVOID  SecurityPort 
)

◆ PsSetProcessWin32Process()

NTKERNELAPI NTSTATUS NTAPI PsSetProcessWin32Process ( _Inout_ PEPROCESS  Process,
_In_opt_ PVOID  Win32Process,
_In_opt_ PVOID  OldWin32Process 
)

Definition at line 1257 of file process.c.

1261{
1263
1264 /* Assume success */
1266
1267 /* Lock the process */
1269 ExAcquirePushLockExclusive(&Process->ProcessLock);
1270
1271 /* Check if we set a new win32 process */
1272 if (Win32Process != NULL)
1273 {
1274 /* Check if the process is in the right state */
1275 if (((Process->Flags & PSF_PROCESS_DELETE_BIT) == 0) &&
1276 (Process->Win32Process == NULL))
1277 {
1278 /* Set the new win32 process */
1279 Process->Win32Process = Win32Process;
1280 }
1281 else
1282 {
1283 /* Otherwise fail */
1285 }
1286 }
1287 else
1288 {
1289 /* Reset the win32 process, did the caller specify the correct old value? */
1290 if (Process->Win32Process == OldWin32Process)
1291 {
1292 /* Yes, so reset the win32 process to NULL */
1293 Process->Win32Process = NULL;
1294 }
1295 else
1296 {
1297 /* Otherwise fail */
1299 }
1300 }
1301
1302 /* Unlock the process */
1303 ExReleasePushLockExclusive(&Process->ProcessLock);
1305
1306 return Status;
1307}
FORCEINLINE VOID ExAcquirePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1036
FORCEINLINE VOID ExReleasePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1252
#define PSF_PROCESS_DELETE_BIT
Definition: pstypes.h:276
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:502
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132

Referenced by AllocW32Process(), and ExitProcessCallback().

◆ PsSetProcessWindowStation()

NTKERNELAPI VOID NTAPI PsSetProcessWindowStation ( _Inout_ PEPROCESS  Process,
_In_opt_ PVOID  WindowStation 
)

◆ PsSetThreadHardErrorsAreDisabled()

NTKERNELAPI VOID NTAPI PsSetThreadHardErrorsAreDisabled ( _Inout_ PETHREAD  Thread,
_In_ BOOLEAN  Disabled 
)

◆ PsSetThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsSetThreadWin32Thread ( _Inout_ PETHREAD  Thread,
_In_opt_ PVOID  Win32Thread,
_In_opt_ PVOID  OldWin32Thread 
)

◆ ZwAlertResumeThread()

NTSYSAPI NTSTATUS NTAPI ZwAlertResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

◆ ZwAlertThread()

NTSYSAPI NTSTATUS NTAPI ZwAlertThread ( _In_ HANDLE  ThreadHandle)

◆ ZwAssignProcessToJobObject()

NTSYSAPI NTSTATUS NTAPI ZwAssignProcessToJobObject ( _In_ HANDLE  JobHandle,
_In_ HANDLE  ProcessHandle 
)

◆ ZwCreateJobObject()

NTSYSAPI NTSTATUS NTAPI ZwCreateJobObject ( _Out_ PHANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes 
)

◆ ZwCreateProcess()

NTSYSAPI NTSTATUS NTAPI ZwCreateProcess ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ParentProcess,
_In_ BOOLEAN  InheritObjectTable,
_In_opt_ HANDLE  SectionHandle,
_In_opt_ HANDLE  DebugPort,
_In_opt_ HANDLE  ExceptionPort 
)

Referenced by RtlCreateUserProcess().

◆ ZwCreateThread()

NTSYSAPI NTSTATUS NTAPI ZwCreateThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ProcessHandle,
_Out_ PCLIENT_ID  ClientId,
_In_ PCONTEXT  ThreadContext,
_In_ PINITIAL_TEB  UserStack,
_In_ BOOLEAN  CreateSuspended 
)

Referenced by RtlCreateUserThread().

◆ ZwImpersonateThread()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateThread ( _In_ HANDLE  ThreadHandle,
_In_ HANDLE  ThreadToImpersonate,
_In_ PSECURITY_QUALITY_OF_SERVICE  SecurityQualityOfService 
)

◆ ZwIsProcessInJob()

NTSYSAPI NTSTATUS NTAPI ZwIsProcessInJob ( _In_ HANDLE  ProcessHandle,
_In_opt_ HANDLE  JobHandle 
)

◆ ZwOpenThread()

NTSYSAPI NTSTATUS NTAPI ZwOpenThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ PCLIENT_ID  ClientId 
)

◆ ZwOpenThreadToken()

NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_Out_ PHANDLE  TokenHandle 
)

◆ ZwOpenThreadTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ ZwQueryInformationJobObject()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_Out_bytecap_(JobInformationLength) PVOID  JobInformation,
_In_ ULONG  JobInformationLength,
_Out_ PULONG  ReturnLength 
)

◆ ZwQueryInformationProcess()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_Out_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

◆ ZwQueryInformationThread()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ THREADINFOCLASS  ThreadInformationClass,
_Out_ PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Referenced by RtlSetThreadIsCritical().

◆ ZwRegisterThreadTerminatePort()

NTSYSAPI NTSTATUS NTAPI ZwRegisterThreadTerminatePort ( _In_ HANDLE  TerminationPort)

◆ ZwResumeProcess()

NTSYSAPI NTSTATUS NTAPI ZwResumeProcess ( _In_ HANDLE  ProcessHandle)

◆ ZwResumeThread()

NTSYSAPI NTSTATUS NTAPI ZwResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

Referenced by ExpLoadInitialProcess().

◆ ZwSetInformationJobObject()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_In_ PVOID  JobInformation,
_In_ ULONG  JobInformationLength 
)

◆ ZwSetInformationProcess()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_In_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength 
)

Referenced by RtlSetProcessIsCritical().

◆ ZwSuspendProcess()

NTSYSAPI NTSTATUS NTAPI ZwSuspendProcess ( _In_ HANDLE  ProcessHandle)

◆ ZwSuspendThread()

NTSYSAPI NTSTATUS NTAPI ZwSuspendThread ( _In_ HANDLE  ThreadHandle,
_In_ PULONG  PreviousSuspendCount 
)

◆ ZwTerminateJobObject()

NTSYSAPI NTSTATUS NTAPI ZwTerminateJobObject ( _In_ HANDLE  JobHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ ZwTerminateThread()

NTSYSAPI NTSTATUS NTAPI ZwTerminateThread ( _In_ HANDLE  ThreadHandle,
_In_ NTSTATUS  ExitStatus 
)

Referenced by RtlAssert().

Variable Documentation

◆ DesiredAccess

Definition at line 723 of file psfuncs.h.

◆ ExitStatus

◆ HandleAttributes

_In_ ACCESS_MASK _In_ ULONG HandleAttributes

Definition at line 724 of file psfuncs.h.

◆ ThreadInformationClass

◆ ThreadInformationLength

◆ TokenHandle