ReactOS 0.4.16-dev-1531-gd958a24
Functions | Variables
psfuncs.h File Reference
#include <umtypes.h>
#include <pstypes.h>
Include dependency graph for psfuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadWin32Thread (VOID)
 
NTKERNELAPI PVOID NTAPI PsGetCurrentProcessWin32Process (VOID)
 
NTKERNELAPI PVOID NTAPI PsGetProcessWin32Process (_In_ PEPROCESS Process)
 
NTKERNELAPI NTSTATUS NTAPI PsSetProcessWin32Process (_Inout_ PEPROCESS Process, _In_opt_ PVOID Win32Process, _In_opt_ PVOID OldWin32Process)
 
NTKERNELAPI PVOID NTAPI PsSetThreadWin32Thread (_Inout_ PETHREAD Thread, _In_opt_ PVOID Win32Thread, _In_opt_ PVOID OldWin32Thread)
 
NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread (_In_ PETHREAD Thread)
 
NTKERNELAPI PVOID NTAPI PsGetProcessWin32WindowStation (_In_ PEPROCESS Process)
 
NTKERNELAPI VOID NTAPI PsSetProcessWindowStation (_Inout_ PEPROCESS Process, _In_opt_ PVOID WindowStation)
 
NTKERNELAPI PTEB NTAPI PsGetThreadTeb (_In_ PETHREAD Thread)
 
NTKERNELAPI HANDLE NTAPI PsGetThreadId (_In_ PETHREAD Thread)
 
NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess (_In_ PETHREAD Thread)
 
NTKERNELAPI ULONG NTAPI PsGetThreadFreezeCount (_In_ PETHREAD Thread)
 
NTKERNELAPI BOOLEAN NTAPI PsGetThreadHardErrorsAreDisabled (_In_ PETHREAD Thread)
 
NTKERNELAPI VOID NTAPI PsSetThreadHardErrorsAreDisabled (_Inout_ PETHREAD Thread, _In_ BOOLEAN Disabled)
 
NTKERNELAPI VOID NTAPI PsEstablishWin32Callouts (_In_ PWIN32_CALLOUTS_FPNS CalloutData)
 
NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Returns the non paged quota pool that the process was taking up.
 
NTKERNELAPI ULONG NTAPI PsGetCurrentProcessSessionId (VOID)
 
NTKERNELAPI BOOLEAN NTAPI PsIsThreadImpersonating (_In_ PETHREAD Thread)
 
NTKERNELAPI VOID NTAPI PsRevertThreadToSelf (_Inout_ PETHREAD Thread)
 
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread)
 
BOOLEAN NTAPI PsIsProtectedProcess (_In_ PEPROCESS Process)
 
NTKERNELAPI BOOLEAN NTAPI PsIsSystemProcess (_In_ PEPROCESS Process)
 
VOID NTAPI PsSetProcessPriorityByClass (_In_ PEPROCESS Process, _In_ PSPROCESSPRIORITYMODE Type)
 
HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId (_In_ PEPROCESS Process)
 
NTKERNELAPI NTSTATUS NTAPI PsGetProcessExitStatus (_In_ PEPROCESS Process)
 
NTKERNELAPI ULONG NTAPI PsGetProcessSessionId (_In_ PEPROCESS Process)
 
NTKERNELAPI BOOLEAN NTAPI PsGetProcessExitProcessCalled (_In_ PEPROCESS Process)
 
NTKERNELAPI VOID NTAPI PsChargePoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
 Charges the pool quota of a given process. The kind of pool quota to charge is determined by the PoolType parameter.
 
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Charges the non paged pool quota of a given process.
 
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Charges the paged pool quota of a given process.
 
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
 Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.
 
NTKERNELAPI VOID NTAPI PsReturnPoolQuota (_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
 Returns the pool quota that the process was taking up.
 
NTKERNELAPI VOID NTAPI PsReturnProcessPagedPoolQuota (_In_ PEPROCESS Process, _In_ SIZE_T Amount)
 Returns the paged pool quota that the process was taking up.
 
NTKERNELAPI PVOID NTAPI PsGetProcessSecurityPort (_In_ PEPROCESS Process)
 
NTKERNELAPI NTSTATUS NTAPI PsSetProcessSecurityPort (_Inout_ PEPROCESS Process, _In_ PVOID SecurityPort)
 
NTKERNELAPI HANDLE NTAPI PsGetCurrentThreadProcessId (VOID)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAlertResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSCALLAPI NTSTATUS NTAPI NtApphelpCacheControl (_In_ APPHELPCACHESERVICECLASS Service, _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAlertThread (_In_ HANDLE ThreadHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAssignProcessToJobObject (_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateJobObject (_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
 
NTSTATUS NTAPI NtCreateJobSet (_In_ ULONG NumJob, _In_ PJOB_SET_ARRAY UserJobSet, _In_ ULONG Flags)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcessEx (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ ULONG Flags, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort, _In_ BOOLEAN InJob)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)
 
FORCEINLINE struct _TEBNtCurrentTeb (VOID)
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateThread (_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
 
NTSYSCALLAPI NTSTATUS NTAPI NtIsProcessInJob (_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PCLIENT_ID ClientId)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 Opens a token that is tied to a thread handle.
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 Opens a token that is tied to a thread handle.
 
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort (_In_ HANDLE TerminationPort)
 
NTSYSCALLAPI NTSTATUS NTAPI NtResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSCALLAPI NTSTATUS NTAPI NtResumeProcess (_In_ HANDLE ProcessHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_bytecount_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSuspendProcess (_In_ HANDLE ProcessHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSuspendThread (_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)
 
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateProcess (_In_ HANDLE ProcessHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSCALLAPI NTSTATUS NTAPI NtTerminateJobObject (_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwAlertResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSAPI NTSTATUS NTAPI ZwAlertThread (_In_ HANDLE ThreadHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwAssignProcessToJobObject (_In_ HANDLE JobHandle, _In_ HANDLE ProcessHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateJobObject (_Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateProcess (_Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ BOOLEAN InheritObjectTable, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ProcessHandle, _Out_ PCLIENT_ID ClientId, _In_ PCONTEXT ThreadContext, _In_ PINITIAL_TEB UserStack, _In_ BOOLEAN CreateSuspended)
 
NTSYSAPI NTSTATUS NTAPI ZwImpersonateThread (_In_ HANDLE ThreadHandle, _In_ HANDLE ThreadToImpersonate, _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
 
NTSYSAPI NTSTATUS NTAPI ZwIsProcessInJob (_In_ HANDLE ProcessHandle, _In_opt_ HANDLE JobHandle)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx(_In_ HANDLE ProcessHandle
 Queries information details about a security descriptor.
 
NTSYSAPI NTSTATUS NTAPI ZwOpenThread (_Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PCLIENT_ID ClientId)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _Out_bytecap_(JobInformationLength) PVOID JobInformation, _In_ ULONG JobInformationLength, _Out_ PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_ PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwRegisterThreadTerminatePort (_In_ HANDLE TerminationPort)
 
NTSYSAPI NTSTATUS NTAPI ZwResumeThread (_In_ HANDLE ThreadHandle, _Out_opt_ PULONG SuspendCount)
 
NTSYSAPI NTSTATUS NTAPI ZwResumeProcess (_In_ HANDLE ProcessHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationJobObject (_In_ HANDLE JobHandle, _In_ JOBOBJECTINFOCLASS JobInformationClass, _In_ PVOID JobInformation, _In_ ULONG JobInformationLength)
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
 
_In_ THREADINFOCLASS _In_reads_bytes_ (ThreadInformationLength) PVOID ThreadInformation
 
NTSYSAPI NTSTATUS NTAPI ZwSuspendProcess (_In_ HANDLE ProcessHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwSuspendThread (_In_ HANDLE ThreadHandle, _In_ PULONG PreviousSuspendCount)
 
NTSYSAPI NTSTATUS NTAPI ZwTerminateThread (_In_ HANDLE ThreadHandle, _In_ NTSTATUS ExitStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwTerminateJobObject (_In_ HANDLE JobHandle, _In_ NTSTATUS ExitStatus)
 

Variables

_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_ ULONG HandleAttributes
 
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
 
_In_ THREADINFOCLASS ThreadInformationClass
 
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
 
_In_ NTSTATUS ExitStatus
 

Function Documentation

◆ _In_reads_bytes_()

_In_ THREADINFOCLASS _In_reads_bytes_ ( ThreadInformationLength  )

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 923 of file Messaging.c.

75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
77 NTSTATUS Status;
78
79 /* The caller must allow at least one connection */
80 if (MaxConnections == 0)
81 {
82 return STATUS_INVALID_PARAMETER;
83 }
84
85 /* The request must be for a kernel handle */
86 if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87 {
88 return STATUS_INVALID_PARAMETER;
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
96 Status = FltObjectReference(Filter);
97 if (!NT_SUCCESS(Status))
98 {
99 return Status;
100 }
101
102 /* Create the server port object for this filter */
103 Status = ObCreateObject(KernelMode,
104 ServerPortObjectType,
105 ObjectAttributes,
106 KernelMode,
107 NULL,
108 sizeof(FLT_SERVER_PORT_OBJECT),
109 0,
110 0,
111 (PVOID *)&PortObject);
112 if (NT_SUCCESS(Status))
113 {
114 /* Zero out the struct */
115 RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116
117 /* Increment the ref count on the target filter */
118 FltpObjectPointerReference((PFLT_OBJECT)Filter);
119
120 /* Setup the filter port object */
121 PortObject->Filter = Filter;
122 PortObject->ConnectNotify = ConnectNotifyCallback;
123 PortObject->DisconnectNotify = DisconnectNotifyCallback;
124 PortObject->MessageNotify = MessageNotifyCallback;
125 PortObject->Cookie = ServerPortCookie;
126 PortObject->MaxConnections = MaxConnections;
127
128 /* Insert the object */
129 Status = ObInsertObject(PortObject,
130 NULL,
131 STANDARD_RIGHTS_ALL | FILE_READ_DATA,
132 0,
133 NULL,
134 (PHANDLE)ServerPort);
135 if (NT_SUCCESS(Status))
136 {
137 /* Lock the connection list */
138 ExAcquireFastMutex(&Filter->ConnectionList.mLock);
139
140 /* Add the new port object to the connection list and increment the count */
141 InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
142 Filter->ConnectionList.mCount++;
143
144 /* Unlock the connection list*/
145 ExReleaseFastMutex(&Filter->ConnectionList.mLock);
146 }
147 }
148
149 if (!NT_SUCCESS(Status))
150 {
151 /* Allow the filter to be cleaned up */
152 FltObjectDereference(Filter);
153 }
154
155 return Status;
156}
ServerPort
static const INTERNET_PORT ServerPort
Definition: CWebService.cpp:11
ServerPortObjectType
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
FltObjectDereference
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
FltObjectReference
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
NULL
#define NULL
Definition: types.h:112
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
Filter
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
MessageNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
ConnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
ServerPortCookie
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
DisconnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
FltpObjectPointerReference
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
Status
Status
Definition: gdiplustypes.h:25
ExAcquireFastMutex
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
ExReleaseFastMutex
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
MaxConnections
static LONG MaxConnections
Definition: kmtest_fsminifilter.c:48
KernelMode
#define KernelMode
Definition: asm.h:38
FILE_READ_DATA
#define FILE_READ_DATA
Definition: nt_native.h:628
STANDARD_RIGHTS_ALL
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
ObCreateObject
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
_FLT_FILTER::ConnectionList
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121
_FLT_MUTEX_LIST_HEAD::mCount
ULONG mCount
Definition: fltmgrint.h:57
_FLT_MUTEX_LIST_HEAD::mList
LIST_ENTRY mList
Definition: fltmgrint.h:56
_FLT_MUTEX_LIST_HEAD::mLock
FAST_MUTEX mLock
Definition: fltmgrint.h:55
_FLT_OBJECT
Definition: fltmgrint.h:26
_FLT_SERVER_PORT_OBJECT
Definition: fltmgrint.h:189
_FLT_SERVER_PORT_OBJECT::MaxConnections
LONG MaxConnections
Definition: fltmgrint.h:198
_FLT_SERVER_PORT_OBJECT::Cookie
PVOID Cookie
Definition: fltmgrint.h:195
_FLT_SERVER_PORT_OBJECT::DisconnectNotify
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
_FLT_SERVER_PORT_OBJECT::FilterLink
LIST_ENTRY FilterLink
Definition: fltmgrint.h:190
_FLT_SERVER_PORT_OBJECT::MessageNotify
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
_FLT_SERVER_PORT_OBJECT::Filter
PFLT_FILTER Filter
Definition: fltmgrint.h:194
_FLT_SERVER_PORT_OBJECT::ConnectNotify
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

◆ NtAlertResumeThread()

NTSYSCALLAPI NTSTATUS NTAPI NtAlertResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

◆ NtAlertThread()

NTSYSCALLAPI NTSTATUS NTAPI NtAlertThread ( _In_ HANDLE  ThreadHandle)

◆ NtApphelpCacheControl()

NTSYSCALLAPI NTSTATUS NTAPI NtApphelpCacheControl ( _In_ APPHELPCACHESERVICECLASS  Service,
_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP  ServiceData 
)

Definition at line 728 of file apphelp.c.

731{
732 NTSTATUS Status = STATUS_INVALID_PARAMETER;
733 UNICODE_STRING ImageName = { 0 };
734 HANDLE Handle = INVALID_HANDLE_VALUE;
735
736 if (!ApphelpCacheEnabled)
737 {
738 DPRINT1("NtApphelpCacheControl: ApphelpCacheEnabled == 0\n");
739 return Status;
740 }
741 switch (Service)
742 {
743 case ApphelpCacheServiceLookup:
744 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceLookup )\n");
745 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
746 if (NT_SUCCESS(Status))
747 Status = ApphelpCacheLookupEntry(&ImageName, Handle);
748 break;
749 case ApphelpCacheServiceRemove:
750 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceRemove )\n");
751 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
752 if (NT_SUCCESS(Status))
753 Status = ApphelpCacheRemoveEntry(&ImageName);
754 break;
755 case ApphelpCacheServiceUpdate:
756 DPRINT("SHIMS: NtApphelpCacheControl( ApphelpCacheServiceUpdate )\n");
757 Status = ApphelpCacheAccessCheck();
758 if (NT_SUCCESS(Status))
759 {
760 Status = ApphelpValidateData(ServiceData, &ImageName, &Handle);
761 if (NT_SUCCESS(Status))
762 Status = ApphelpCacheUpdateEntry(&ImageName, Handle);
763 }
764 break;
765 case ApphelpCacheServiceFlush:
766 /* FIXME: Check for admin or system here. */
767 Status = ApphelpCacheFlush();
768 break;
769 case ApphelpCacheServiceDump:
770 Status = ApphelpCacheDump();
771 break;
772 case ApphelpDBGReadRegistry:
773 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): flushing cache.\n");
774 ApphelpCacheFlush();
775 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGReadRegistry ): reading cache.\n");
776 Status = ApphelpCacheRead() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
777 break;
778 case ApphelpDBGWriteRegistry:
779 DPRINT1("SHIMS: NtApphelpCacheControl( ApphelpDBGWriteRegistry ): writing cache.\n");
780 Status = ApphelpCacheWrite() ? STATUS_SUCCESS : STATUS_NOT_FOUND;
781 break;
782 default:
783 DPRINT1("SHIMS: NtApphelpCacheControl( Invalid service requested )\n");
784 break;
785 }
786 if (ImageName.Buffer)
787 {
788 ApphelpFreeUnicodeString(&ImageName);
789 }
790 return Status;
791}
DPRINT1
#define DPRINT1
Definition: precomp.h:8
Handle
ULONG Handle
Definition: gdb_input.c:15
ApphelpDBGReadRegistry
@ ApphelpDBGReadRegistry
Definition: pstypes.h:980
ApphelpCacheServiceLookup
@ ApphelpCacheServiceLookup
Definition: pstypes.h:974
ApphelpCacheServiceRemove
@ ApphelpCacheServiceRemove
Definition: pstypes.h:975
ApphelpCacheServiceUpdate
@ ApphelpCacheServiceUpdate
Definition: pstypes.h:976
ApphelpCacheServiceDump
@ ApphelpCacheServiceDump
Definition: pstypes.h:978
ApphelpDBGWriteRegistry
@ ApphelpDBGWriteRegistry
Definition: pstypes.h:981
ApphelpCacheServiceFlush
@ ApphelpCacheServiceFlush
Definition: pstypes.h:977
ImageName
static const char * ImageName
Definition: image.c:34
ApphelpCacheDump
NTSTATUS ApphelpCacheDump(VOID)
Definition: apphelp.c:703
ApphelpCacheWrite
BOOLEAN ApphelpCacheWrite(VOID)
Definition: apphelp.c:362
ApphelpCacheEnabled
static BOOLEAN ApphelpCacheEnabled
Definition: apphelp.c:29
ApphelpCacheFlush
NTSTATUS ApphelpCacheFlush(VOID)
Definition: apphelp.c:688
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: apphelp.c:44
ApphelpCacheRead
BOOLEAN ApphelpCacheRead(VOID)
Definition: apphelp.c:306
ApphelpCacheRemoveEntry
NTSTATUS ApphelpCacheRemoveEntry(_In_ PUNICODE_STRING ImageName)
Definition: apphelp.c:587
ApphelpFreeUnicodeString
VOID ApphelpFreeUnicodeString(_Inout_ PUNICODE_STRING String)
Definition: apphelp.c:161
ApphelpCacheUpdateEntry
NTSTATUS ApphelpCacheUpdateEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:616
ApphelpValidateData
NTSTATUS ApphelpValidateData(_In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData, _Out_ PUNICODE_STRING ImageName, _Out_ PHANDLE ImageHandle)
Definition: apphelp.c:474
ApphelpCacheAccessCheck
NTSTATUS ApphelpCacheAccessCheck(VOID)
Definition: apphelp.c:602
ApphelpCacheLookupEntry
NTSTATUS ApphelpCacheLookupEntry(_In_ PUNICODE_STRING ImageName, _In_ HANDLE ImageHandle)
Definition: apphelp.c:531
Service
@ Service
Definition: ntsecapi.h:292
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
DPRINT
#define DPRINT
Definition: sndvol32.h:73
_UNICODE_STRING
Definition: env_spec_w32.h:368

Referenced by BaseDumpAppcompatCache(), BaseFlushAppcompatCache(), BasepShimCacheRemoveEntry(), BasepShimCacheSearch(), and CallApphelp().

◆ NtAssignProcessToJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtAssignProcessToJobObject ( _In_ HANDLE  JobHandle,
_In_ HANDLE  ProcessHandle 
)

◆ NtCreateJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateJobObject ( _Out_ PHANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes 
)

◆ NtCreateJobSet()

NTSTATUS NTAPI NtCreateJobSet ( _In_ ULONG  NumJob,
_In_ PJOB_SET_ARRAY  UserJobSet,
_In_ ULONG  Flags 
)

◆ NtCreateProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcess ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ParentProcess,
_In_ BOOLEAN  InheritObjectTable,
_In_opt_ HANDLE  SectionHandle,
_In_opt_ HANDLE  DebugPort,
_In_opt_ HANDLE  ExceptionPort 
)

◆ NtCreateProcessEx()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcessEx ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ParentProcess,
_In_ ULONG  Flags,
_In_opt_ HANDLE  SectionHandle,
_In_opt_ HANDLE  DebugPort,
_In_opt_ HANDLE  ExceptionPort,
_In_ BOOLEAN  InJob 
)

◆ NtCreateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtCreateThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ProcessHandle,
_Out_ PCLIENT_ID  ClientId,
_In_ PCONTEXT  ThreadContext,
_In_ PINITIAL_TEB  UserStack,
_In_ BOOLEAN  CreateSuspended 
)

◆ NtCurrentTeb()

FORCEINLINE struct _TEB * NtCurrentTeb ( VOID  )

Definition at line 420 of file psfuncs.h.

421{
422#if defined(_M_IX86)
423 return (struct _TEB *)__readfsdword(0x18);
424#elif defined (_M_AMD64)
425 return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self));
426#elif defined (_M_ARM)
427 // return (struct _TEB *)KeGetPcr()->Used_Self;
428 return (struct _TEB *)(ULONG_PTR)_MoveFromCoprocessor(CP15_TPIDRURW);
429#elif defined (_M_ARM64)
430 //UNIMPLEMENTED;
431 return 0;
432// #elif defined(_M_PPC)
433// return (struct _TEB *)_read_teb_dword(0x18);
434#else
435#error Unsupported architecture
436#endif
437}
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
__readfsdword
PPC_QUAL unsigned long __readfsdword(const unsigned long Offset)
Definition: intrin_ppc.h:382
CP15_TPIDRURW
#define CP15_TPIDRURW
Definition: ketypes.h:131
_NT_TIB
Definition: compat.h:710
_TEB
Definition: compat.h:836
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255

◆ NtImpersonateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateThread ( _In_ HANDLE  ThreadHandle,
_In_ HANDLE  ThreadToImpersonate,
_In_ PSECURITY_QUALITY_OF_SERVICE  SecurityQualityOfService 
)

◆ NtIsProcessInJob()

NTSYSCALLAPI NTSTATUS NTAPI NtIsProcessInJob ( _In_ HANDLE  ProcessHandle,
_In_opt_ HANDLE  JobHandle 
)

◆ NtOpenProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_opt_ PCLIENT_ID  ClientId 
)

◆ NtOpenProcessToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenThread()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ PCLIENT_ID  ClientId 
)

◆ NtOpenThreadToken()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_Out_ PHANDLE  TokenHandle 
)

Opens a token that is tied to a thread handle.

Parameters
[out]ThreadHandleThread handle where the token is about to be opened.
[in]DesiredAccessThe request access right for the token.
[in]OpenAsSelfIf set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead.
[out]TokenHandleThe opened token handle returned to the caller for use.
Returns
See NtOpenThreadTokenEx.

Definition at line 2474 of file token.c.

2479{
2480 return NtOpenThreadTokenEx(ThreadHandle, DesiredAccess, OpenAsSelf, 0,
2481 TokenHandle);
2482}
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
NtOpenThreadTokenEx
NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2331
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
OpenAsSelf
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
Definition: zwfuncs.h:700

◆ NtOpenThreadTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

Opens a token that is tied to a thread handle.

Parameters
[out]ThreadHandleThread handle where the token is about to be opened.
[in]DesiredAccessThe request access right for the token.
[in]OpenAsSelfIf set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead.
[in]HandleAttributesHandle attributes for the opened thread token handle.
[out]TokenHandleThe opened token handle returned to the caller for use.
Returns
Returns STATUS_SUCCESS if the function has successfully opened the thread token. STATUS_CANT_OPEN_ANONYMOUS is returned if a token has SecurityAnonymous as impersonation level and we cannot open it. A failure NTSTATUS code is returned otherwise.

Definition at line 2331 of file token.c.

2337{
2338 PETHREAD Thread;
2339 HANDLE hToken;
2340 PTOKEN Token;
2341 BOOLEAN CopyOnOpen, EffectiveOnly;
2342 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
2343 SE_IMPERSONATION_STATE ImpersonationState;
2344 KPROCESSOR_MODE PreviousMode;
2345 NTSTATUS Status;
2346 BOOLEAN RestoreImpersonation = FALSE;
2347
2348 PAGED_CODE();
2349
2350 PreviousMode = ExGetPreviousMode();
2351
2352 /* Ensure that we can give the handle to the caller */
2353 if (PreviousMode != KernelMode)
2354 {
2355 _SEH2_TRY
2356 {
2357 ProbeForWriteHandle(TokenHandle);
2358 }
2359 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2360 {
2361 /* Return the exception code */
2362 _SEH2_YIELD(return _SEH2_GetExceptionCode());
2363 }
2364 _SEH2_END;
2365 }
2366
2367 /* Validate object attributes */
2368 HandleAttributes = ObpValidateAttributes(HandleAttributes, PreviousMode);
2369
2370 /*
2371 * At first open the thread token for information access and verify
2372 * that the token associated with the thread is valid.
2373 */
2374 Status = ObReferenceObjectByHandle(ThreadHandle, THREAD_QUERY_INFORMATION,
2375 PsThreadType, PreviousMode, (PVOID*)&Thread,
2376 NULL);
2377 if (!NT_SUCCESS(Status))
2378 {
2379 DPRINT1("Failed to reference the object thread (Status 0x%lx)\n", Status);
2380 return Status;
2381 }
2382
2383 /* Reference the token from the thread */
2384 Token = PsReferenceImpersonationToken(Thread, &CopyOnOpen, &EffectiveOnly,
2385 &ImpersonationLevel);
2386 if (Token == NULL)
2387 {
2388 DPRINT("Failed to reference the thread's impersonation token, thread has no token\n");
2389 ObDereferenceObject(Thread);
2390 return STATUS_NO_TOKEN;
2391 }
2392
2393 /* Ensure the token has no anonymous security */
2394 if (ImpersonationLevel == SecurityAnonymous)
2395 {
2396 DPRINT1("The thread token has anonymous security, can't open it\n");
2397 PsDereferenceImpersonationToken(Token);
2398 ObDereferenceObject(Thread);
2399 return STATUS_CANT_OPEN_ANONYMOUS;
2400 }
2401
2402 /* Revert to self if OpenAsSelf is specified */
2403 if (OpenAsSelf)
2404 {
2405 RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(),
2406 &ImpersonationState);
2407 }
2408
2409 /* Call the private function to do the job */
2410 Status = SepOpenThreadToken(Thread,
2411 ThreadHandle,
2412 Token,
2413 DesiredAccess,
2414 HandleAttributes,
2415 EffectiveOnly,
2416 CopyOnOpen,
2417 ImpersonationLevel,
2418 PreviousMode,
2419 &hToken);
2420
2421 /* Restore the impersonation back if needed */
2422 if (RestoreImpersonation)
2423 {
2424 PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState);
2425 }
2426
2427 /* Dereference the access token and the associated thread */
2428 ObDereferenceObject(Token);
2429 ObDereferenceObject(Thread);
2430
2431 if (!NT_SUCCESS(Status))
2432 {
2433 DPRINT1("Failed to open the thread's token (Status 0x%lx)\n", Status);
2434 return Status;
2435 }
2436
2437 /* Give the opened token handle to the caller */
2438 _SEH2_TRY
2439 {
2440 *TokenHandle = hToken;
2441 }
2442 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2443 {
2444 Status = _SEH2_GetExceptionCode();
2445 }
2446 _SEH2_END;
2447
2448 return Status;
2449}
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_EvalMethod.c:87
PreviousMode
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
FALSE
#define FALSE
Definition: types.h:117
PsGetCurrentThread
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
ExGetPreviousMode
#define ExGetPreviousMode
Definition: ex.h:143
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
THREAD_QUERY_INFORMATION
#define THREAD_QUERY_INFORMATION
Definition: pstypes.h:150
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
SECURITY_IMPERSONATION_LEVEL
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
SecurityAnonymous
@ SecurityAnonymous
Definition: lsa.idl:55
PsDereferenceImpersonationToken
#define PsDereferenceImpersonationToken(T)
Definition: imports.h:298
HandleAttributes
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:433
EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:410
PsDisableImpersonation
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:937
PsRestoreImpersonation
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:987
PsReferenceImpersonationToken
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:871
PsThreadType
POBJECT_TYPE PsThreadType
Definition: thread.c:20
SepOpenThreadToken
static NTSTATUS SepOpenThreadToken(_In_ PETHREAD Thread, _In_ HANDLE ThreadHandle, _In_ PTOKEN ThreadToken, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _In_ BOOLEAN EffectiveOnly, _In_ BOOLEAN CopyOnOpen, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PHANDLE OpenedTokenHandle)
Internal private function that returns an opened handle of an access token associated with a thread.
Definition: token.c:1170
STATUS_NO_TOKEN
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360
STATUS_CANT_OPEN_ANONYMOUS
#define STATUS_CANT_OPEN_ANONYMOUS
Definition: ntstatus.h:402
ObpValidateAttributes
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:181
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:82
_SEH2_END
#define _SEH2_END
Definition: pseh2_64.h:171
_SEH2_TRY
#define _SEH2_TRY
Definition: pseh2_64.h:71
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:184
ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_ETHREAD
Definition: pstypes.h:1103
_SE_IMPERSONATION_STATE
Definition: setypes.h:115
_TOKEN
Definition: setypes.h:216
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
CopyOnOpen
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
ImpersonationState
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
Definition: psfuncs.h:189
ImpersonationLevel
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156

◆ NtQueryInformationJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_Out_bytecap_(JobInformationLength) PVOID  JobInformation,
_In_ ULONG  JobInformationLength,
_Out_ PULONG  ReturnLength 
)

◆ NtQueryInformationProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_Out_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Definition at line 59 of file query.c.

65{
66 PEPROCESS Process;
67 KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
68 NTSTATUS Status;
69 ULONG Length = 0;
70
71 PAGED_CODE();
72
73 /* Verify Information Class validity */
74 Status = DefaultQueryInfoBufferCheck(ProcessInformationClass,
75 PsProcessInfoClass,
76 RTL_NUMBER_OF(PsProcessInfoClass),
77 ICIF_PROBE_READ,
78 ProcessInformation,
79 ProcessInformationLength,
80 ReturnLength,
81 NULL,
82 PreviousMode);
83 if (!NT_SUCCESS(Status))
84 {
85 DPRINT1("NtQueryInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
86 return Status;
87 }
88
89 if (((ProcessInformationClass == ProcessCookie) ||
90 (ProcessInformationClass == ProcessImageInformation)) &&
91 (ProcessHandle != NtCurrentProcess()))
92 {
93 /*
94 * Retrieving the process cookie is only allowed for the calling process
95 * itself! XP only allows NtCurrentProcess() as process handles even if
96 * a real handle actually represents the current process.
97 */
98 return STATUS_INVALID_PARAMETER;
99 }
100
101 /* Check the information class */
102 switch (ProcessInformationClass)
103 {
104 /* Basic process information */
105 case ProcessBasicInformation:
106 {
107 PPROCESS_BASIC_INFORMATION ProcessBasicInfo = (PPROCESS_BASIC_INFORMATION)ProcessInformation;
108
109 if (ProcessInformationLength != sizeof(PROCESS_BASIC_INFORMATION))
110 {
111 Status = STATUS_INFO_LENGTH_MISMATCH;
112 break;
113 }
114
115 /* Set return length */
116 Length = sizeof(PROCESS_BASIC_INFORMATION);
117
118 /* Reference the process */
119 Status = ObReferenceObjectByHandle(ProcessHandle,
120 PROCESS_QUERY_INFORMATION,
121 PsProcessType,
122 PreviousMode,
123 (PVOID*)&Process,
124 NULL);
125 if (!NT_SUCCESS(Status)) break;
126
127 /* Protect writes with SEH */
128 _SEH2_TRY
129 {
130 /* Write all the information from the EPROCESS/KPROCESS */
131 ProcessBasicInfo->ExitStatus = Process->ExitStatus;
132 ProcessBasicInfo->PebBaseAddress = Process->Peb;
133 ProcessBasicInfo->AffinityMask = Process->Pcb.Affinity;
134 ProcessBasicInfo->UniqueProcessId = (ULONG_PTR)Process->
135 UniqueProcessId;
136 ProcessBasicInfo->InheritedFromUniqueProcessId =
137 (ULONG_PTR)Process->InheritedFromUniqueProcessId;
138 ProcessBasicInfo->BasePriority = Process->Pcb.BasePriority;
139
140 }
141 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
142 {
143 /* Get exception code */
144 Status = _SEH2_GetExceptionCode();
145 }
146 _SEH2_END;
147
148 /* Dereference the process */
149 ObDereferenceObject(Process);
150 break;
151 }
152
153 /* Process quota limits */
154 case ProcessQuotaLimits:
155 {
156 QUOTA_LIMITS_EX QuotaLimits;
157 BOOLEAN Extended;
158
159 if (ProcessInformationLength != sizeof(QUOTA_LIMITS) &&
160 ProcessInformationLength != sizeof(QUOTA_LIMITS_EX))
161 {
162 Status = STATUS_INFO_LENGTH_MISMATCH;
163 break;
164 }
165
166 /* Set return length */
167 Length = ProcessInformationLength;
168 Extended = (Length == sizeof(QUOTA_LIMITS_EX));
169
170 /* Reference the process */
171 Status = ObReferenceObjectByHandle(ProcessHandle,
172 PROCESS_QUERY_INFORMATION,
173 PsProcessType,
174 PreviousMode,
175 (PVOID*)&Process,
176 NULL);
177 if (!NT_SUCCESS(Status)) break;
178
179 /* Indicate success */
180 Status = STATUS_SUCCESS;
181
182 RtlZeroMemory(&QuotaLimits, sizeof(QuotaLimits));
183
184 /* Get max/min working set sizes */
185 QuotaLimits.MaximumWorkingSetSize =
186 Process->Vm.MaximumWorkingSetSize << PAGE_SHIFT;
187 QuotaLimits.MinimumWorkingSetSize =
188 Process->Vm.MinimumWorkingSetSize << PAGE_SHIFT;
189
190 /* Get default time limits */
191 QuotaLimits.TimeLimit.QuadPart = -1LL;
192
193 /* Is quota block a default one? */
194 if (Process->QuotaBlock == &PspDefaultQuotaBlock)
195 {
196 /* Get default pools and pagefile limits */
197 QuotaLimits.PagedPoolLimit = (SIZE_T)-1;
198 QuotaLimits.NonPagedPoolLimit = (SIZE_T)-1;
199 QuotaLimits.PagefileLimit = (SIZE_T)-1;
200 }
201 else
202 {
203 /* Get limits from non-default quota block */
204 QuotaLimits.PagedPoolLimit =
205 Process->QuotaBlock->QuotaEntry[PsPagedPool].Limit;
206 QuotaLimits.NonPagedPoolLimit =
207 Process->QuotaBlock->QuotaEntry[PsNonPagedPool].Limit;
208 QuotaLimits.PagefileLimit =
209 Process->QuotaBlock->QuotaEntry[PsPageFile].Limit;
210 }
211
212 /* Get additional information, if needed */
213 if (Extended)
214 {
215 QuotaLimits.Flags |= (Process->Vm.Flags.MaximumWorkingSetHard ?
216 QUOTA_LIMITS_HARDWS_MAX_ENABLE : QUOTA_LIMITS_HARDWS_MAX_DISABLE);
217 QuotaLimits.Flags |= (Process->Vm.Flags.MinimumWorkingSetHard ?
218 QUOTA_LIMITS_HARDWS_MIN_ENABLE : QUOTA_LIMITS_HARDWS_MIN_DISABLE);
219
220 /* FIXME: Get the correct information */
221 //QuotaLimits.WorkingSetLimit = (SIZE_T)-1; // Not used on Win2k3, it is set to 0
222 QuotaLimits.CpuRateLimit.RateData = 0;
223 }
224
225 /* Protect writes with SEH */
226 _SEH2_TRY
227 {
228 RtlCopyMemory(ProcessInformation, &QuotaLimits, Length);
229 }
230 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
231 {
232 /* Get exception code */
233 Status = _SEH2_GetExceptionCode();
234 }
235 _SEH2_END;
236
237 /* Dereference the process */
238 ObDereferenceObject(Process);
239 break;
240 }
241
242 case ProcessIoCounters:
243 {
244 PIO_COUNTERS IoCounters = (PIO_COUNTERS)ProcessInformation;
245 PROCESS_VALUES ProcessValues;
246
247 if (ProcessInformationLength != sizeof(IO_COUNTERS))
248 {
249 Status = STATUS_INFO_LENGTH_MISMATCH;
250 break;
251 }
252
253 Length = sizeof(IO_COUNTERS);
254
255 /* Reference the process */
256 Status = ObReferenceObjectByHandle(ProcessHandle,
257 PROCESS_QUERY_INFORMATION,
258 PsProcessType,
259 PreviousMode,
260 (PVOID*)&Process,
261 NULL);
262 if (!NT_SUCCESS(Status)) break;
263
264 /* Query IO counters from the process */
265 KeQueryValuesProcess(&Process->Pcb, &ProcessValues);
266
267 _SEH2_TRY
268 {
269 RtlCopyMemory(IoCounters, &ProcessValues.IoInfo, sizeof(IO_COUNTERS));
270 }
271 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
272 {
273 /* Ignore exception */
274 }
275 _SEH2_END;
276
277 /* Set status to success in any case */
278 Status = STATUS_SUCCESS;
279
280 /* Dereference the process */
281 ObDereferenceObject(Process);
282 break;
283 }
284
285 /* Timing */
286 case ProcessTimes:
287 {
288 PKERNEL_USER_TIMES ProcessTime = (PKERNEL_USER_TIMES)ProcessInformation;
289 ULONG UserTime, KernelTime;
290
291 /* Set the return length */
292 if (ProcessInformationLength != sizeof(KERNEL_USER_TIMES))
293 {
294 Status = STATUS_INFO_LENGTH_MISMATCH;
295 break;
296 }
297
298 Length = sizeof(KERNEL_USER_TIMES);
299
300 /* Reference the process */
301 Status = ObReferenceObjectByHandle(ProcessHandle,
302 PROCESS_QUERY_INFORMATION,
303 PsProcessType,
304 PreviousMode,
305 (PVOID*)&Process,
306 NULL);
307 if (!NT_SUCCESS(Status)) break;
308
309 /* Protect writes with SEH */
310 _SEH2_TRY
311 {
312 /* Copy time information from EPROCESS/KPROCESS */
313 KernelTime = KeQueryRuntimeProcess(&Process->Pcb, &UserTime);
314 ProcessTime->CreateTime = Process->CreateTime;
315 ProcessTime->UserTime.QuadPart = (LONGLONG)UserTime * KeMaximumIncrement;
316 ProcessTime->KernelTime.QuadPart = (LONGLONG)KernelTime * KeMaximumIncrement;
317 ProcessTime->ExitTime = Process->ExitTime;
318 }
319 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
320 {
321 /* Get exception code */
322 Status = _SEH2_GetExceptionCode();
323 }
324 _SEH2_END;
325
326 /* Dereference the process */
327 ObDereferenceObject(Process);
328 break;
329 }
330
331 /* Process Debug Port */
332 case ProcessDebugPort:
333
334 if (ProcessInformationLength != sizeof(HANDLE))
335 {
336 Status = STATUS_INFO_LENGTH_MISMATCH;
337 break;
338 }
339
340 /* Set return length */
341 Length = sizeof(HANDLE);
342
343 /* Reference the process */
344 Status = ObReferenceObjectByHandle(ProcessHandle,
345 PROCESS_QUERY_INFORMATION,
346 PsProcessType,
347 PreviousMode,
348 (PVOID*)&Process,
349 NULL);
350 if (!NT_SUCCESS(Status)) break;
351
352 /* Protect write with SEH */
353 _SEH2_TRY
354 {
355 /* Return whether or not we have a debug port */
356 *(PHANDLE)ProcessInformation = (Process->DebugPort ?
357 (HANDLE)-1 : NULL);
358 }
359 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
360 {
361 /* Get exception code */
362 Status = _SEH2_GetExceptionCode();
363 }
364 _SEH2_END;
365
366 /* Dereference the process */
367 ObDereferenceObject(Process);
368 break;
369
370 case ProcessHandleCount:
371 {
372 ULONG HandleCount;
373
374 if (ProcessInformationLength != sizeof(ULONG))
375 {
376 Status = STATUS_INFO_LENGTH_MISMATCH;
377 break;
378 }
379
380 /* Set the return length*/
381 Length = sizeof(ULONG);
382
383 /* Reference the process */
384 Status = ObReferenceObjectByHandle(ProcessHandle,
385 PROCESS_QUERY_INFORMATION,
386 PsProcessType,
387 PreviousMode,
388 (PVOID*)&Process,
389 NULL);
390 if (!NT_SUCCESS(Status)) break;
391
392 /* Count the number of handles this process has */
393 HandleCount = ObGetProcessHandleCount(Process);
394
395 /* Protect write in SEH */
396 _SEH2_TRY
397 {
398 /* Return the count of handles */
399 *(PULONG)ProcessInformation = HandleCount;
400 }
401 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
402 {
403 /* Get the exception code */
404 Status = _SEH2_GetExceptionCode();
405 }
406 _SEH2_END;
407
408 /* Dereference the process */
409 ObDereferenceObject(Process);
410 break;
411 }
412
413 /* Session ID for the process */
414 case ProcessSessionInformation:
415 {
416 PPROCESS_SESSION_INFORMATION SessionInfo = (PPROCESS_SESSION_INFORMATION)ProcessInformation;
417
418 if (ProcessInformationLength != sizeof(PROCESS_SESSION_INFORMATION))
419 {
420 Status = STATUS_INFO_LENGTH_MISMATCH;
421 break;
422 }
423
424 /* Set the return length*/
425 Length = sizeof(PROCESS_SESSION_INFORMATION);
426
427 /* Reference the process */
428 Status = ObReferenceObjectByHandle(ProcessHandle,
429 PROCESS_QUERY_INFORMATION,
430 PsProcessType,
431 PreviousMode,
432 (PVOID*)&Process,
433 NULL);
434 if (!NT_SUCCESS(Status)) break;
435
436 /* Enter SEH for write safety */
437 _SEH2_TRY
438 {
439 /* Write back the Session ID */
440 SessionInfo->SessionId = PsGetProcessSessionId(Process);
441 }
442 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
443 {
444 /* Get the exception code */
445 Status = _SEH2_GetExceptionCode();
446 }
447 _SEH2_END;
448
449 /* Dereference the process */
450 ObDereferenceObject(Process);
451 break;
452 }
453
454 /* Virtual Memory Statistics */
455 case ProcessVmCounters:
456 {
457 PVM_COUNTERS VmCounters = (PVM_COUNTERS)ProcessInformation;
458
459 /* Validate the input length */
460 if ((ProcessInformationLength != sizeof(VM_COUNTERS)) &&
461 (ProcessInformationLength != sizeof(VM_COUNTERS_EX)))
462 {
463 Status = STATUS_INFO_LENGTH_MISMATCH;
464 break;
465 }
466
467 /* Reference the process */
468 Status = ObReferenceObjectByHandle(ProcessHandle,
469 PROCESS_QUERY_INFORMATION,
470 PsProcessType,
471 PreviousMode,
472 (PVOID*)&Process,
473 NULL);
474 if (!NT_SUCCESS(Status)) break;
475
476 /* Enter SEH for write safety */
477 _SEH2_TRY
478 {
479 /* Return data from EPROCESS */
480 VmCounters->PeakVirtualSize = Process->PeakVirtualSize;
481 VmCounters->VirtualSize = Process->VirtualSize;
482 VmCounters->PageFaultCount = Process->Vm.PageFaultCount;
483 VmCounters->PeakWorkingSetSize = Process->Vm.PeakWorkingSetSize;
484 VmCounters->WorkingSetSize = Process->Vm.WorkingSetSize;
485 VmCounters->QuotaPeakPagedPoolUsage = Process->QuotaPeak[PsPagedPool];
486 VmCounters->QuotaPagedPoolUsage = Process->QuotaUsage[PsPagedPool];
487 VmCounters->QuotaPeakNonPagedPoolUsage = Process->QuotaPeak[PsNonPagedPool];
488 VmCounters->QuotaNonPagedPoolUsage = Process->QuotaUsage[PsNonPagedPool];
489 VmCounters->PagefileUsage = Process->QuotaUsage[PsPageFile] << PAGE_SHIFT;
490 VmCounters->PeakPagefileUsage = Process->QuotaPeak[PsPageFile] << PAGE_SHIFT;
491 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
492 //
493
494 /* Set the return length */
495 Length = ProcessInformationLength;
496 }
497 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
498 {
499 /* Get the exception code */
500 Status = _SEH2_GetExceptionCode();
501 }
502 _SEH2_END;
503
504 /* Dereference the process */
505 ObDereferenceObject(Process);
506 break;
507 }
508
509 /* Hard Error Processing Mode */
510 case ProcessDefaultHardErrorMode:
511
512 if (ProcessInformationLength != sizeof(ULONG))
513 {
514 Status = STATUS_INFO_LENGTH_MISMATCH;
515 break;
516 }
517
518 /* Set the return length*/
519 Length = sizeof(ULONG);
520
521 /* Reference the process */
522 Status = ObReferenceObjectByHandle(ProcessHandle,
523 PROCESS_QUERY_INFORMATION,
524 PsProcessType,
525 PreviousMode,
526 (PVOID*)&Process,
527 NULL);
528 if (!NT_SUCCESS(Status)) break;
529
530 /* Enter SEH for writing back data */
531 _SEH2_TRY
532 {
533 /* Write the current processing mode */
534 *(PULONG)ProcessInformation = Process->
535 DefaultHardErrorProcessing;
536 }
537 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
538 {
539 /* Get the exception code */
540 Status = _SEH2_GetExceptionCode();
541 }
542 _SEH2_END;
543
544 /* Dereference the process */
545 ObDereferenceObject(Process);
546 break;
547
548 /* Priority Boosting status */
549 case ProcessPriorityBoost:
550
551 if (ProcessInformationLength != sizeof(ULONG))
552 {
553 Status = STATUS_INFO_LENGTH_MISMATCH;
554 break;
555 }
556
557 /* Set the return length */
558 Length = sizeof(ULONG);
559
560 /* Reference the process */
561 Status = ObReferenceObjectByHandle(ProcessHandle,
562 PROCESS_QUERY_INFORMATION,
563 PsProcessType,
564 PreviousMode,
565 (PVOID*)&Process,
566 NULL);
567 if (!NT_SUCCESS(Status)) break;
568
569 /* Enter SEH for writing back data */
570 _SEH2_TRY
571 {
572 /* Return boost status */
573 *(PULONG)ProcessInformation = Process->Pcb.DisableBoost ?
574 TRUE : FALSE;
575 }
576 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
577 {
578 /* Get the exception code */
579 Status = _SEH2_GetExceptionCode();
580 }
581 _SEH2_END;
582
583 /* Dereference the process */
584 ObDereferenceObject(Process);
585 break;
586
587 /* DOS Device Map */
588 case ProcessDeviceMap:
589 {
590 ULONG Flags;
591
592 if (ProcessInformationLength == sizeof(PROCESS_DEVICEMAP_INFORMATION_EX))
593 {
594 /* Protect read in SEH */
595 _SEH2_TRY
596 {
597 PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
598
599 Flags = DeviceMapEx->Flags;
600 }
601 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
602 {
603 /* Get the exception code */
604 Status = _SEH2_GetExceptionCode();
605 _SEH2_YIELD(break);
606 }
607 _SEH2_END;
608
609 /* Only one flag is supported and it needs LUID mappings */
610 if ((Flags & ~PROCESS_LUID_DOSDEVICES_ONLY) != 0 ||
611 !ObIsLUIDDeviceMapsEnabled())
612 {
613 Status = STATUS_INVALID_PARAMETER;
614 break;
615 }
616 }
617 else
618 {
619 /* This has to be the size of the Query union field for x64 compatibility! */
620 if (ProcessInformationLength != RTL_FIELD_SIZE(PROCESS_DEVICEMAP_INFORMATION, Query))
621 {
622 Status = STATUS_INFO_LENGTH_MISMATCH;
623 break;
624 }
625
626 /* No flags for standard call */
627 Flags = 0;
628 }
629
630 /* Set the return length */
631 Length = ProcessInformationLength;
632
633 /* Reference the process */
634 Status = ObReferenceObjectByHandle(ProcessHandle,
635 PROCESS_QUERY_INFORMATION,
636 PsProcessType,
637 PreviousMode,
638 (PVOID*)&Process,
639 NULL);
640 if (!NT_SUCCESS(Status)) break;
641
642 /* Query the device map information */
643 Status = ObQueryDeviceMapInformation(Process,
644 ProcessInformation,
645 Flags);
646
647 /* Dereference the process */
648 ObDereferenceObject(Process);
649 break;
650 }
651
652 /* Priority class */
653 case ProcessPriorityClass:
654 {
655 PPROCESS_PRIORITY_CLASS PsPriorityClass = (PPROCESS_PRIORITY_CLASS)ProcessInformation;
656
657 if (ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS))
658 {
659 Status = STATUS_INFO_LENGTH_MISMATCH;
660 break;
661 }
662
663 /* Set the return length*/
664 Length = sizeof(PROCESS_PRIORITY_CLASS);
665
666 /* Reference the process */
667 Status = ObReferenceObjectByHandle(ProcessHandle,
668 PROCESS_QUERY_INFORMATION,
669 PsProcessType,
670 PreviousMode,
671 (PVOID*)&Process,
672 NULL);
673 if (!NT_SUCCESS(Status)) break;
674
675 /* Enter SEH for writing back data */
676 _SEH2_TRY
677 {
678 /* Return current priority class */
679 PsPriorityClass->PriorityClass = Process->PriorityClass;
680 PsPriorityClass->Foreground = FALSE;
681 }
682 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
683 {
684 /* Get the exception code */
685 Status = _SEH2_GetExceptionCode();
686 }
687 _SEH2_END;
688
689 /* Dereference the process */
690 ObDereferenceObject(Process);
691 break;
692 }
693
694 case ProcessImageFileName:
695 {
696 PUNICODE_STRING ImageName;
697
698 /* Reference the process */
699 Status = ObReferenceObjectByHandle(ProcessHandle,
700 PROCESS_QUERY_INFORMATION,
701 PsProcessType,
702 PreviousMode,
703 (PVOID*)&Process,
704 NULL);
705 if (!NT_SUCCESS(Status)) break;
706
707 /* Get the image path */
708 Status = SeLocateProcessImageName(Process, &ImageName);
709 if (NT_SUCCESS(Status))
710 {
711 /* Set return length */
712 Length = ImageName->MaximumLength +
713 sizeof(OBJECT_NAME_INFORMATION);
714
715 /* Make sure it's large enough */
716 if (Length <= ProcessInformationLength)
717 {
718 /* Enter SEH to protect write */
719 _SEH2_TRY
720 {
721 /* Copy it */
722 RtlCopyMemory(ProcessInformation,
723 ImageName,
724 Length);
725
726 /* Update pointer */
727 ((PUNICODE_STRING)ProcessInformation)->Buffer =
728 (PWSTR)((PUNICODE_STRING)ProcessInformation + 1);
729 }
730 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
731 {
732 /* Get the exception code */
733 Status = _SEH2_GetExceptionCode();
734 }
735 _SEH2_END;
736 }
737 else
738 {
739 /* Buffer too small */
740 Status = STATUS_INFO_LENGTH_MISMATCH;
741 }
742
743 /* Free the image path */
744 ExFreePoolWithTag(ImageName, TAG_SEPA);
745 }
746 /* Dereference the process */
747 ObDereferenceObject(Process);
748 break;
749 }
750
751#if (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
752 case ProcessImageFileNameWin32:
753 {
754 PFILE_OBJECT FileObject;
755 POBJECT_NAME_INFORMATION ObjectNameInformation;
756
757 /* Reference the process */
758 Status = ObReferenceObjectByHandle(ProcessHandle,
759 PROCESS_QUERY_INFORMATION, // FIXME: Use PROCESS_QUERY_LIMITED_INFORMATION if implemented
760 PsProcessType,
761 PreviousMode,
762 (PVOID*)&Process,
763 NULL);
764 if (!NT_SUCCESS(Status))
765 {
766 break;
767 }
768
769 /* Get the image path */
770 Status = PsReferenceProcessFilePointer(Process, &FileObject);
771 ObDereferenceObject(Process);
772 if (!NT_SUCCESS(Status))
773 {
774 break;
775 }
776 Status = IoQueryFileDosDeviceName(FileObject, &ObjectNameInformation);
777 ObDereferenceObject(FileObject);
778 if (!NT_SUCCESS(Status))
779 {
780 break;
781 }
782
783 /* Determine return length and output */
784 Length = sizeof(UNICODE_STRING) + ObjectNameInformation->Name.MaximumLength;
785 if (Length <= ProcessInformationLength)
786 {
787 _SEH2_TRY
788 {
789 PUNICODE_STRING ImageName = (PUNICODE_STRING)ProcessInformation;
790 ImageName->Length = ObjectNameInformation->Name.Length;
791 ImageName->MaximumLength = ObjectNameInformation->Name.MaximumLength;
792 if (ObjectNameInformation->Name.MaximumLength)
793 {
794 ImageName->Buffer = (PWSTR)(ImageName + 1);
795 RtlCopyMemory(ImageName->Buffer,
796 ObjectNameInformation->Name.Buffer,
797 ObjectNameInformation->Name.MaximumLength);
798 }
799 else
800 {
801 ASSERT(ImageName->Length == 0);
802 ImageName->Buffer = NULL;
803 }
804 }
805 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
806 {
807 Status = _SEH2_GetExceptionCode();
808 }
809 _SEH2_END;
810 }
811 else
812 {
813 Status = STATUS_INFO_LENGTH_MISMATCH;
814 }
815 ExFreePool(ObjectNameInformation);
816
817 break;
818 }
819#endif /* (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA) */
820
821 case ProcessDebugFlags:
822
823 if (ProcessInformationLength != sizeof(ULONG))
824 {
825 Status = STATUS_INFO_LENGTH_MISMATCH;
826 break;
827 }
828
829 /* Set the return length*/
830 Length = sizeof(ULONG);
831
832 /* Reference the process */
833 Status = ObReferenceObjectByHandle(ProcessHandle,
834 PROCESS_QUERY_INFORMATION,
835 PsProcessType,
836 PreviousMode,
837 (PVOID*)&Process,
838 NULL);
839 if (!NT_SUCCESS(Status)) break;
840
841 /* Enter SEH for writing back data */
842 _SEH2_TRY
843 {
844 /* Return the debug flag state */
845 *(PULONG)ProcessInformation = Process->NoDebugInherit ? 0 : 1;
846 }
847 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
848 {
849 /* Get the exception code */
850 Status = _SEH2_GetExceptionCode();
851 }
852 _SEH2_END;
853
854 /* Dereference the process */
855 ObDereferenceObject(Process);
856 break;
857
858 case ProcessBreakOnTermination:
859
860 if (ProcessInformationLength != sizeof(ULONG))
861 {
862 Status = STATUS_INFO_LENGTH_MISMATCH;
863 break;
864 }
865
866 /* Set the return length */
867 Length = sizeof(ULONG);
868
869 /* Reference the process */
870 Status = ObReferenceObjectByHandle(ProcessHandle,
871 PROCESS_QUERY_INFORMATION,
872 PsProcessType,
873 PreviousMode,
874 (PVOID*)&Process,
875 NULL);
876 if (!NT_SUCCESS(Status)) break;
877
878 /* Enter SEH for writing back data */
879 _SEH2_TRY
880 {
881 /* Return the BreakOnTermination state */
882 *(PULONG)ProcessInformation = Process->BreakOnTermination;
883 }
884 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
885 {
886 /* Get the exception code */
887 Status = _SEH2_GetExceptionCode();
888 }
889 _SEH2_END;
890
891 /* Dereference the process */
892 ObDereferenceObject(Process);
893 break;
894
895 /* Per-process security cookie */
896 case ProcessCookie:
897 {
898 ULONG Cookie;
899
900 if (ProcessInformationLength != sizeof(ULONG))
901 {
902 /* Length size wrong, bail out */
903 Status = STATUS_INFO_LENGTH_MISMATCH;
904 break;
905 }
906
907 /* Get the current process and cookie */
908 Process = PsGetCurrentProcess();
909 Cookie = Process->Cookie;
910 if (!Cookie)
911 {
912 LARGE_INTEGER SystemTime;
913 ULONG NewCookie;
914 PKPRCB Prcb;
915
916 /* Generate a new cookie */
917 KeQuerySystemTime(&SystemTime);
918 Prcb = KeGetCurrentPrcb();
919 NewCookie = Prcb->KeSystemCalls ^ Prcb->InterruptTime ^
920 SystemTime.u.LowPart ^ SystemTime.u.HighPart;
921
922 /* Set the new cookie or return the current one */
923 Cookie = InterlockedCompareExchange((LONG*)&Process->Cookie,
924 NewCookie,
925 Cookie);
926 if (!Cookie) Cookie = NewCookie;
927
928 /* Set return length */
929 Length = sizeof(ULONG);
930 }
931
932 /* Indicate success */
933 Status = STATUS_SUCCESS;
934
935 /* Enter SEH to protect write */
936 _SEH2_TRY
937 {
938 /* Write back the cookie */
939 *(PULONG)ProcessInformation = Cookie;
940 }
941 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
942 {
943 /* Get the exception code */
944 Status = _SEH2_GetExceptionCode();
945 }
946 _SEH2_END;
947 break;
948 }
949
950 case ProcessImageInformation:
951
952 if (ProcessInformationLength != sizeof(SECTION_IMAGE_INFORMATION))
953 {
954 /* Break out */
955 Status = STATUS_INFO_LENGTH_MISMATCH;
956 break;
957 }
958
959 /* Set the length required and validate it */
960 Length = sizeof(SECTION_IMAGE_INFORMATION);
961
962 /* Indicate success */
963 Status = STATUS_SUCCESS;
964
965 /* Enter SEH to protect write */
966 _SEH2_TRY
967 {
968 MmGetImageInformation((PSECTION_IMAGE_INFORMATION)ProcessInformation);
969 }
970 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
971 {
972 /* Get the exception code */
973 Status = _SEH2_GetExceptionCode();
974 }
975 _SEH2_END;
976 break;
977
978 case ProcessDebugObjectHandle:
979 {
980 HANDLE DebugPort = NULL;
981
982 if (ProcessInformationLength != sizeof(HANDLE))
983 {
984 Status = STATUS_INFO_LENGTH_MISMATCH;
985 break;
986 }
987
988 /* Set the return length */
989 Length = sizeof(HANDLE);
990
991 /* Reference the process */
992 Status = ObReferenceObjectByHandle(ProcessHandle,
993 PROCESS_QUERY_INFORMATION,
994 PsProcessType,
995 PreviousMode,
996 (PVOID*)&Process,
997 NULL);
998 if (!NT_SUCCESS(Status)) break;
999
1000 /* Get the debug port. Continue even if this fails. */
1001 Status = DbgkOpenProcessDebugPort(Process, PreviousMode, &DebugPort);
1002
1003 /* Let go of the process */
1004 ObDereferenceObject(Process);
1005
1006 /* Protect write in SEH */
1007 _SEH2_TRY
1008 {
1009 /* Return debug port's handle */
1010 *(PHANDLE)ProcessInformation = DebugPort;
1011 }
1012 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1013 {
1014 if (DebugPort)
1015 ObCloseHandle(DebugPort, PreviousMode);
1016
1017 /* Get the exception code.
1018 * Note: This overwrites any previous failure status. */
1019 Status = _SEH2_GetExceptionCode();
1020 }
1021 _SEH2_END;
1022 break;
1023 }
1024
1025 case ProcessHandleTracing:
1026 DPRINT1("Handle tracing Not implemented: %lx\n", ProcessInformationClass);
1027 Status = STATUS_NOT_IMPLEMENTED;
1028 break;
1029
1030 case ProcessLUIDDeviceMapsEnabled:
1031
1032 if (ProcessInformationLength != sizeof(ULONG))
1033 {
1034 Status = STATUS_INFO_LENGTH_MISMATCH;
1035 break;
1036 }
1037
1038 /* Set the return length */
1039 Length = sizeof(ULONG);
1040
1041 /* Indicate success */
1042 Status = STATUS_SUCCESS;
1043
1044 /* Protect write in SEH */
1045 _SEH2_TRY
1046 {
1047 /* Query Ob */
1048 *(PULONG)ProcessInformation = ObIsLUIDDeviceMapsEnabled();
1049 }
1050 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1051 {
1052 /* Get the exception code */
1053 Status = _SEH2_GetExceptionCode();
1054 }
1055 _SEH2_END;
1056 break;
1057
1058 case ProcessWx86Information:
1059
1060 if (ProcessInformationLength != sizeof(ULONG))
1061 {
1062 Status = STATUS_INFO_LENGTH_MISMATCH;
1063 break;
1064 }
1065
1066 /* Set the return length */
1067 Length = sizeof(ULONG);
1068
1069 /* Reference the process */
1070 Status = ObReferenceObjectByHandle(ProcessHandle,
1071 PROCESS_QUERY_INFORMATION,
1072 PsProcessType,
1073 PreviousMode,
1074 (PVOID*)&Process,
1075 NULL);
1076 if (!NT_SUCCESS(Status)) break;
1077
1078 /* Protect write in SEH */
1079 _SEH2_TRY
1080 {
1081 /* Return if the flag is set */
1082 *(PULONG)ProcessInformation = (ULONG)Process->VdmAllowed;
1083 }
1084 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1085 {
1086 /* Get the exception code */
1087 Status = _SEH2_GetExceptionCode();
1088 }
1089 _SEH2_END;
1090
1091 /* Dereference the process */
1092 ObDereferenceObject(Process);
1093 break;
1094
1095 case ProcessWow64Information:
1096 {
1097 ULONG_PTR Wow64 = 0;
1098
1099 if (ProcessInformationLength != sizeof(ULONG_PTR))
1100 {
1101 Status = STATUS_INFO_LENGTH_MISMATCH;
1102 break;
1103 }
1104
1105 /* Set return length */
1106 Length = sizeof(ULONG_PTR);
1107
1108 /* Reference the process */
1109 Status = ObReferenceObjectByHandle(ProcessHandle,
1110 PROCESS_QUERY_INFORMATION,
1111 PsProcessType,
1112 PreviousMode,
1113 (PVOID*)&Process,
1114 NULL);
1115 if (!NT_SUCCESS(Status)) break;
1116
1117#ifdef _WIN64
1118 /* Make sure the process isn't dying */
1119 if (ExAcquireRundownProtection(&Process->RundownProtect))
1120 {
1121 /* Get the WOW64 process structure */
1122 Wow64 = (ULONG_PTR)Process->Wow64Process;
1123 /* Release the lock */
1124 ExReleaseRundownProtection(&Process->RundownProtect);
1125 }
1126#endif
1127
1128 /* Dereference the process */
1129 ObDereferenceObject(Process);
1130
1131 /* Protect write with SEH */
1132 _SEH2_TRY
1133 {
1134 /* Return the Wow64 process information */
1135 *(PULONG_PTR)ProcessInformation = Wow64;
1136 }
1137 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1138 {
1139 /* Get exception code */
1140 Status = _SEH2_GetExceptionCode();
1141 }
1142 _SEH2_END;
1143 break;
1144 }
1145
1146 case ProcessExecuteFlags:
1147 {
1148 ULONG ExecuteOptions = 0;
1149
1150 if (ProcessInformationLength != sizeof(ULONG))
1151 {
1152 Status = STATUS_INFO_LENGTH_MISMATCH;
1153 break;
1154 }
1155
1156 /* Set return length */
1157 Length = sizeof(ULONG);
1158
1159 if (ProcessHandle != NtCurrentProcess())
1160 {
1161 Status = STATUS_INVALID_PARAMETER;
1162 break;
1163 }
1164
1165 /* Get the options */
1166 Status = MmGetExecuteOptions(&ExecuteOptions);
1167 if (NT_SUCCESS(Status))
1168 {
1169 /* Protect write with SEH */
1170 _SEH2_TRY
1171 {
1172 /* Return them */
1173 *(PULONG)ProcessInformation = ExecuteOptions;
1174 }
1175 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1176 {
1177 /* Get exception code */
1178 Status = _SEH2_GetExceptionCode();
1179 }
1180 _SEH2_END;
1181 }
1182 break;
1183 }
1184
1185 case ProcessLdtInformation:
1186 DPRINT1("VDM/16-bit not implemented: %lx\n", ProcessInformationClass);
1187 Status = STATUS_NOT_IMPLEMENTED;
1188 break;
1189
1190 case ProcessWorkingSetWatch:
1191 DPRINT1("WS Watch Not implemented: %lx\n", ProcessInformationClass);
1192 Status = STATUS_NOT_IMPLEMENTED;
1193 break;
1194
1195 case ProcessPooledUsageAndLimits:
1196 DPRINT1("Pool limits Not implemented: %lx\n", ProcessInformationClass);
1197 Status = STATUS_NOT_IMPLEMENTED;
1198 break;
1199
1200 /* Not supported by Server 2003 */
1201 default:
1202 DPRINT1("Unsupported info class: %lx\n", ProcessInformationClass);
1203 Status = STATUS_INVALID_INFO_CLASS;
1204 }
1205
1206 /* Check if caller wants the return length and if there is one */
1207 if (ReturnLength != NULL && Length != 0)
1208 {
1209 /* Protect write with SEH */
1210 _SEH2_TRY
1211 {
1212 *ReturnLength = Length;
1213 }
1214 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1215 {
1216 /* Get exception code.
1217 * Note: This overwrites any previous failure status. */
1218 Status = _SEH2_GetExceptionCode();
1219 }
1220 _SEH2_END;
1221 }
1222
1223 return Status;
1224}
ObjectNameInformation
@ ObjectNameInformation
Definition: DriverTester.h:55
ReturnLength
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
RTL_NUMBER_OF
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
Query
BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended)
Definition: query.c:292
ProcessDebugPort
@ ProcessDebugPort
Definition: cicbase.cpp:64
ProcessBreakOnTermination
@ ProcessBreakOnTermination
Definition: cicbase.cpp:67
ProcessBasicInformation
@ ProcessBasicInformation
Definition: cicbase.cpp:63
ProcessWow64Information
@ ProcessWow64Information
Definition: cicbase.cpp:65
ProcessImageFileName
@ ProcessImageFileName
Definition: cicbase.cpp:66
STATUS_NOT_IMPLEMENTED
#define STATUS_NOT_IMPLEMENTED
Definition: d3dkmdt.h:42
DbgkOpenProcessDebugPort
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
TRUE
#define TRUE
Definition: types.h:120
PUNICODE_STRING
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
PAGE_SHIFT
#define PAGE_SHIFT
Definition: env_spec_w32.h:45
KeQuerySystemTime
#define KeQuerySystemTime(t)
Definition: env_spec_w32.h:570
ExFreePool
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
UNICODE_STRING
struct _UNICODE_STRING UNICODE_STRING
ExReleaseRundownProtection
#define ExReleaseRundownProtection
Definition: ex.h:139
ExAcquireRundownProtection
#define ExAcquireRundownProtection
Definition: ex.h:138
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
ICIF_PROBE_READ
#define ICIF_PROBE_READ
Definition: icif.h:25
PROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
PROCESS_QUERY_INFORMATION
#define PROCESS_QUERY_INFORMATION
Definition: pstypes.h:167
PPROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
PsNonPagedPool
@ PsNonPagedPool
Definition: pstypes.h:1022
PsPageFile
@ PsPageFile
Definition: pstypes.h:1024
PsPagedPool
@ PsPagedPool
Definition: pstypes.h:1023
PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
PROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
PKERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
ProcessLUIDDeviceMapsEnabled
@ ProcessLUIDDeviceMapsEnabled
Definition: winternl.h:1910
ProcessWx86Information
@ ProcessWx86Information
Definition: winternl.h:1901
ProcessDebugFlags
@ ProcessDebugFlags
Definition: winternl.h:1913
ProcessSessionInformation
@ ProcessSessionInformation
Definition: winternl.h:1906
ProcessVmCounters
@ ProcessVmCounters
Definition: winternl.h:1885
ProcessPriorityClass
@ ProcessPriorityClass
Definition: winternl.h:1900
ProcessPriorityBoost
@ ProcessPriorityBoost
Definition: winternl.h:1904
ProcessImageInformation
@ ProcessImageInformation
Definition: winternl.h:1919
ProcessExecuteFlags
@ ProcessExecuteFlags
Definition: winternl.h:1916
ProcessCookie
@ ProcessCookie
Definition: winternl.h:1918
ProcessPooledUsageAndLimits
@ ProcessPooledUsageAndLimits
Definition: winternl.h:1896
ProcessIoCounters
@ ProcessIoCounters
Definition: winternl.h:1884
ProcessImageFileNameWin32
@ ProcessImageFileNameWin32
Definition: winternl.h:1925
ProcessDefaultHardErrorMode
@ ProcessDefaultHardErrorMode
Definition: winternl.h:1894
ProcessDeviceMap
@ ProcessDeviceMap
Definition: winternl.h:1905
ProcessQuotaLimits
@ ProcessQuotaLimits
Definition: winternl.h:1883
ProcessHandleTracing
@ ProcessHandleTracing
Definition: winternl.h:1914
ProcessTimes
@ ProcessTimes
Definition: winternl.h:1886
ProcessDebugObjectHandle
@ ProcessDebugObjectHandle
Definition: winternl.h:1912
ProcessWorkingSetWatch
@ ProcessWorkingSetWatch
Definition: winternl.h:1897
ProcessLdtInformation
@ ProcessLdtInformation
Definition: winternl.h:1892
ProcessHandleCount
@ ProcessHandleCount
Definition: winternl.h:1902
PVM_COUNTERS
struct _VM_COUNTERS * PVM_COUNTERS
VM_COUNTERS_EX
struct _VM_COUNTERS_EX VM_COUNTERS_EX
QUOTA_LIMITS_HARDWS_MIN_DISABLE
#define QUOTA_LIMITS_HARDWS_MIN_DISABLE
PROCESS_LUID_DOSDEVICES_ONLY
#define PROCESS_LUID_DOSDEVICES_ONLY
Definition: pstypes.h:228
IO_COUNTERS
struct _IO_COUNTERS IO_COUNTERS
PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
PPROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
QUOTA_LIMITS_HARDWS_MAX_DISABLE
#define QUOTA_LIMITS_HARDWS_MAX_DISABLE
QUOTA_LIMITS_EX
struct _QUOTA_LIMITS_EX QUOTA_LIMITS_EX
QUOTA_LIMITS_HARDWS_MAX_ENABLE
#define QUOTA_LIMITS_HARDWS_MAX_ENABLE
QUOTA_LIMITS_HARDWS_MIN_ENABLE
#define QUOTA_LIMITS_HARDWS_MIN_ENABLE
PIO_COUNTERS
struct _IO_COUNTERS * PIO_COUNTERS
InterlockedCompareExchange
#define InterlockedCompareExchange
Definition: interlocked.h:119
RTL_FIELD_SIZE
#define RTL_FIELD_SIZE(type, field)
Definition: kdb_expr.c:86
if
if(dx< 0)
Definition: linetemp.h:194
ASSERT
#define ASSERT(a)
Definition: mode.c:44
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
KeGetCurrentPrcb
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
Definition: ketypes.h:1187
ProcessHandle
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
SECTION_IMAGE_INFORMATION
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
OBJECT_NAME_INFORMATION
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
KeQueryRuntimeProcess
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
KeQueryValuesProcess
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
MmGetImageInformation
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1617
MmGetExecuteOptions
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2653
DefaultQueryInfoBufferCheck
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
IoQueryFileDosDeviceName
NTSTATUS NTAPI IoQueryFileDosDeviceName(IN PFILE_OBJECT FileObject, OUT POBJECT_NAME_INFORMATION *ObjectNameInformation)
Definition: file.c:3664
KeMaximumIncrement
ULONG KeMaximumIncrement
Definition: clock.c:20
PsProcessType
POBJECT_TYPE PsProcessType
Definition: process.c:20
PsGetProcessSessionId
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
PsReferenceProcessFilePointer
NTSTATUS NTAPI PsReferenceProcessFilePointer(IN PEPROCESS Process, OUT PFILE_OBJECT *FileObject)
Definition: query.c:24
SeLocateProcessImageName
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
STATUS_INVALID_INFO_CLASS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
ObGetProcessHandleCount
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
ObIsLUIDDeviceMapsEnabled
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
Definition: devicemap.c:662
ObQueryDeviceMapInformation
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
ObCloseHandle
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
LONG
long LONG
Definition: pedump.c:60
PspDefaultQuotaBlock
EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock
Definition: quota.c:16
PsProcessInfoClass
static const INFORMATION_CLASS_INFO PsProcessInfoClass[]
Definition: ps_i.h:15
_EPROCESS
Definition: pstypes.h:1262
_IO_COUNTERS
Definition: pstypes.h:82
_KERNEL_USER_TIMES
Definition: winternl.h:2373
_KERNEL_USER_TIMES::UserTime
LARGE_INTEGER UserTime
Definition: winternl.h:2377
_KERNEL_USER_TIMES::CreateTime
LARGE_INTEGER CreateTime
Definition: winternl.h:2374
_KERNEL_USER_TIMES::KernelTime
LARGE_INTEGER KernelTime
Definition: winternl.h:2376
_KERNEL_USER_TIMES::ExitTime
LARGE_INTEGER ExitTime
Definition: winternl.h:2375
_KPRCB
Definition: ketypes.h:654
_KPRCB::InterruptTime
ULONG InterruptTime
Definition: ketypes.h:834
_KPRCB::KeSystemCalls
ULONG KeSystemCalls
Definition: ketypes.h:745
_OBJECT_NAME_INFORMATION
Definition: nt_native.h:1269
_PROCESS_BASIC_INFORMATION
Definition: winternl.h:402
_PROCESS_BASIC_INFORMATION::PebBaseAddress
PPEB PebBaseAddress
Definition: winternl.h:404
_PROCESS_BASIC_INFORMATION::AffinityMask
ULONG_PTR AffinityMask
Definition: pstypes.h:359
_PROCESS_BASIC_INFORMATION::InheritedFromUniqueProcessId
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:362
_PROCESS_BASIC_INFORMATION::ExitStatus
NTSTATUS ExitStatus
Definition: pstypes.h:357
_PROCESS_BASIC_INFORMATION::BasePriority
KPRIORITY BasePriority
Definition: pstypes.h:360
_PROCESS_BASIC_INFORMATION::UniqueProcessId
ULONG_PTR UniqueProcessId
Definition: winternl.h:406
_PROCESS_DEVICEMAP_INFORMATION_EX
Definition: pstypes.h:392
_PROCESS_DEVICEMAP_INFORMATION_EX::Flags
ULONG Flags
Definition: pstypes.h:402
_PROCESS_DEVICEMAP_INFORMATION
Definition: pstypes.h:380
_PROCESS_PRIORITY_CLASS
Definition: pstypes.h:956
_PROCESS_PRIORITY_CLASS::PriorityClass
UCHAR PriorityClass
Definition: pstypes.h:958
_PROCESS_PRIORITY_CLASS::Foreground
BOOLEAN Foreground
Definition: pstypes.h:957
_PROCESS_SESSION_INFORMATION
Definition: pstypes.h:405
_PROCESS_VALUES
Definition: ke.h:45
_PROCESS_VALUES::IoInfo
IO_COUNTERS IoInfo
Definition: ke.h:48
_QUOTA_LIMITS_EX
Definition: pstypes.h:67
_QUOTA_LIMITS_EX::MaximumWorkingSetSize
SIZE_T MaximumWorkingSetSize
Definition: pstypes.h:71
_QUOTA_LIMITS_EX::PagedPoolLimit
SIZE_T PagedPoolLimit
Definition: pstypes.h:68
_QUOTA_LIMITS_EX::PagefileLimit
SIZE_T PagefileLimit
Definition: pstypes.h:72
_QUOTA_LIMITS_EX::Flags
ULONG Flags
Definition: pstypes.h:78
_QUOTA_LIMITS_EX::TimeLimit
LARGE_INTEGER TimeLimit
Definition: pstypes.h:73
_QUOTA_LIMITS_EX::CpuRateLimit
RATE_QUOTA_LIMIT CpuRateLimit
Definition: pstypes.h:79
_QUOTA_LIMITS_EX::NonPagedPoolLimit
SIZE_T NonPagedPoolLimit
Definition: pstypes.h:69
_QUOTA_LIMITS_EX::MinimumWorkingSetSize
SIZE_T MinimumWorkingSetSize
Definition: pstypes.h:70
_QUOTA_LIMITS
Definition: lsa.idl:286
_SECTION_IMAGE_INFORMATION
Definition: mmtypes.h:340
_SessionInfo
Definition: mmdrv.h:130
_VM_COUNTERS
Definition: winternl.h:3130
_VM_COUNTERS::PeakWorkingSetSize
SIZE_T PeakWorkingSetSize
Definition: winternl.h:3134
_VM_COUNTERS::PeakPagefileUsage
SIZE_T PeakPagefileUsage
Definition: winternl.h:3141
_VM_COUNTERS::PageFaultCount
ULONG PageFaultCount
Definition: winternl.h:3133
_VM_COUNTERS::QuotaPagedPoolUsage
SIZE_T QuotaPagedPoolUsage
Definition: winternl.h:3137
_VM_COUNTERS::QuotaPeakPagedPoolUsage
SIZE_T QuotaPeakPagedPoolUsage
Definition: winternl.h:3136
_VM_COUNTERS::QuotaPeakNonPagedPoolUsage
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:3138
_VM_COUNTERS::PeakVirtualSize
SIZE_T PeakVirtualSize
Definition: winternl.h:3131
_VM_COUNTERS::VirtualSize
SIZE_T VirtualSize
Definition: winternl.h:3132
_VM_COUNTERS::QuotaNonPagedPoolUsage
SIZE_T QuotaNonPagedPoolUsage
Definition: winternl.h:3139
_VM_COUNTERS::WorkingSetSize
SIZE_T WorkingSetSize
Definition: winternl.h:3135
_VM_COUNTERS::PagefileUsage
SIZE_T PagefileUsage
Definition: winternl.h:3140
TAG_SEPA
#define TAG_SEPA
Definition: tag.h:155
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
PULONG_PTR
uint32_t * PULONG_PTR
Definition: typedefs.h:65
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
LONGLONG
int64_t LONGLONG
Definition: typedefs.h:68
HANDLE
PVOID HANDLE
Definition: typedefs.h:73
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG
uint32_t ULONG
Definition: typedefs.h:59
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
_LARGE_INTEGER
Definition: typedefs.h:103
_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114
_LARGE_INTEGER::u
struct _LARGE_INTEGER::@2474 u
_RATE_QUOTA_LIMIT::RateData
ULONG RateData
Definition: pstypes.h:60
FileObject
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:550
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
Cookie
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
Definition: cmfuncs.h:14
PFILE_OBJECT
* PFILE_OBJECT
Definition: iotypes.h:1998
UserTime
_Out_ PULONG UserTime
Definition: kefuncs.h:759
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17

◆ NtQueryInformationThread()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ THREADINFOCLASS  ThreadInformationClass,
_Out_ PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

◆ NtRegisterThreadTerminatePort()

NTSYSCALLAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort ( _In_ HANDLE  TerminationPort)

◆ NtResumeProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtResumeProcess ( _In_ HANDLE  ProcessHandle)

◆ NtResumeThread()

NTSYSCALLAPI NTSTATUS NTAPI NtResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

◆ NtSetInformationJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_In_bytecount_(JobInformationLength) PVOID  JobInformation,
_In_ ULONG  JobInformationLength 
)

◆ NtSetInformationProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_In_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength 
)

◆ NtSetInformationThread()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ THREADINFOCLASS  ThreadInformationClass,
_In_reads_bytes_(ThreadInformationLength) PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength 
)

◆ NtSuspendProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtSuspendProcess ( _In_ HANDLE  ProcessHandle)

◆ NtSuspendThread()

NTSYSCALLAPI NTSTATUS NTAPI NtSuspendThread ( _In_ HANDLE  ThreadHandle,
_In_ PULONG  PreviousSuspendCount 
)

◆ NtTerminateJobObject()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateJobObject ( _In_ HANDLE  JobHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ NtTerminateProcess()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateProcess ( _In_ HANDLE  ProcessHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ NtTerminateThread()

NTSYSCALLAPI NTSTATUS NTAPI NtTerminateThread ( _In_ HANDLE  ThreadHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ PsChargePoolQuota()

NTKERNELAPI VOID NTAPI PsChargePoolQuota ( _In_ PEPROCESS  Process,
_In_ POOL_TYPE  PoolType,
_In_ SIZE_T  Amount 
)

Charges the pool quota of a given process. The kind of pool quota to charge is determined by the PoolType parameter.

Parameters
[in]ProcessThe process which quota is to be charged.
[in]PoolTypeThe pool type to choose to charge quotas (e.g. PagedPool or NonPagedPool).
[in]AmountThe amount of quotas to charge into a process.
Returns
Nothing.
Remarks
The function raises an exception if STATUS_QUOTA_EXCEEDED status code is returned. Callers are responsible on their own to handle the raised exception.

Definition at line 775 of file quota.c.

779{
780 NTSTATUS Status;
781 ASSERT(KeGetCurrentIrql() < DISPATCH_LEVEL);
782
783 /* Don't do anything for the system process */
784 if (Process == PsInitialSystemProcess) return;
785
786 /* Charge the usage */
787 Status = PsChargeProcessPoolQuota(Process, PoolType, Amount);
788 if (!NT_SUCCESS(Status)) ExRaiseStatus(Status);
789}
KeGetCurrentIrql
#define KeGetCurrentIrql()
Definition: env_spec_w32.h:706
DISPATCH_LEVEL
#define DISPATCH_LEVEL
Definition: env_spec_w32.h:696
Amount
_Must_inspect_result_ _In_ LONGLONG _In_ LONGLONG Amount
Definition: fsrtlfuncs.h:551
ExRaiseStatus
#define ExRaiseStatus
Definition: ntoskrnl.h:114
PsInitialSystemProcess
PEPROCESS PsInitialSystemProcess
Definition: psmgr.c:50
PsChargeProcessPoolQuota
NTSTATUS NTAPI PsChargeProcessPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.
Definition: quota.c:872
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815

Referenced by FsRtlCancelNotify(), and FsRtlNotifyFilterReportChange().

◆ PsChargeProcessNonPagedPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Charges the non paged pool quota of a given process.

Parameters
[in]ProcessThe process which non paged quota is to be charged.
[in]AmountThe amount of quotas to charge into a process.
Returns
Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.

Definition at line 811 of file quota.c.

814{
815 /* Call the general function */
816 return PsChargeProcessPoolQuota(Process, NonPagedPool, Amount);
817}
NonPagedPool
#define NonPagedPool
Definition: env_spec_w32.h:307

Referenced by MiCreatePebOrTeb(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), and START_TEST().

◆ PsChargeProcessPagedPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Charges the paged pool quota of a given process.

Parameters
[in]ProcessThe process which paged quota is to be charged.
[in]AmountThe amount of quotas to charge into a process.
Returns
Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.

Definition at line 839 of file quota.c.

842{
843 /* Call the general function */
844 return PsChargeProcessPoolQuota(Process, PagedPool, Amount);
845}
PagedPool
#define PagedPool
Definition: env_spec_w32.h:308

Referenced by ExpAllocateHandleTable(), ExpAllocateTablePagedPool(), ExpAllocateTablePagedPoolNoZero(), and START_TEST().

◆ PsChargeProcessPoolQuota()

NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota ( _In_ PEPROCESS  Process,
_In_ POOL_TYPE  PoolType,
_In_ SIZE_T  Amount 
)

Charges the process' quota pool. The type of quota to be charged depends upon the PoolType parameter.

Parameters
[in]ProcessThe process which quota is to be charged.
[in]PoolTypeThe type of quota pool to charge (e.g. PagedPool or NonPagedPool).
[in]AmountThe amount of quotas to charge into a process.
Returns
Returns STATUS_SUCCESS if quota charing has suceeded, STATUS_QUOTA_EXCEEDED is returned otherwise to indicate the caller attempted to charge quotas over the limits.

Definition at line 872 of file quota.c.

876{
877 /* Don't do anything for the system process */
878 if (Process == PsInitialSystemProcess) return STATUS_SUCCESS;
879
880 return PspChargeProcessQuotaSpecifiedPool(Process,
881 Process->QuotaBlock,
882 (PoolType & PAGED_POOL_MASK),
883 Amount);
884}
PAGED_POOL_MASK
#define PAGED_POOL_MASK
Definition: mm.h:116
PspChargeProcessQuotaSpecifiedPool
NTSTATUS NTAPI PspChargeProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota charging, necessary for export...
Definition: quota.c:195

Referenced by ExAllocatePoolWithQuotaTag(), PsChargePoolQuota(), PsChargeProcessNonPagedPoolQuota(), and PsChargeProcessPagedPoolQuota().

◆ PsEstablishWin32Callouts()

NTKERNELAPI VOID NTAPI PsEstablishWin32Callouts ( _In_ PWIN32_CALLOUTS_FPNS  CalloutData)

◆ PsGetCurrentProcessSessionId()

NTKERNELAPI ULONG NTAPI PsGetCurrentProcessSessionId ( VOID  )

Definition at line 1133 of file process.c.

1134{
1135 return MmGetSessionId(PsGetCurrentProcess());
1136}
MmGetSessionId
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
Definition: session.c:179

Referenced by ExpWin32SessionCallout(), IntCreateDesktop(), IntDestroyMenuObject(), NtSetInformationObject(), NtUserSwitchDesktop(), ObpLookupObjectName(), and VideoPortUseDeviceInSession().

◆ PsGetCurrentProcessWin32Process()

NTKERNELAPI PVOID NTAPI PsGetCurrentProcessWin32Process ( VOID  )

Definition at line 1183 of file process.c.

1184{
1185 return PsGetCurrentProcess()->Win32Process;
1186}

Referenced by _Function_class_(), CheckWinstaAttributeAccess(), co_IntGraphicsCheck(), co_IntSetParent(), co_IntSetWindowLongPtr(), co_IntUserManualGuiCheck(), co_UserDestroyWindow(), DC_bAllocDcAttr(), DC_vFreeDcAttr(), DecrementCurrentProcessGdiHandleCount(), DesktopHeapAddressToUser(), DesktopHeapGetUserDelta(), FontLink_PrepareFontInfo(), GDI_CleanupForProcess(), GetBrushAttrPool(), GetControlColor(), GetFontFamilyInfoForSubstitutes(), GetW32ProcessInfo(), handle_internal_message(), IdlePing(), IdlePong(), IncrementCurrentProcessGdiHandleCount(), IntAllowSetForegroundWindow(), IntFixWindowCoordinates(), IntGdiAddFontMemResource(), IntGdiCleanupPrivateFontsForProcess(), IntGdiLoadFontsFromMemory(), IntGdiRemoveFontMemResource(), IntGdiSetRegionOwner(), IntGetFontFamilyInfo(), IntLoadHookModule(), IntLoadSystenIcons(), IntLockSetForegroundWindow(), IntMapDesktopView(), IntUnmapDesktopView(), IntWinStaOkToClose(), NtUserCallHwndParam(), NtUserCallOneParam(), NtUserDestroyCursor(), NtUserFindExistingCursorIcon(), NtUserGetComboBoxInfo(), NtUserGetListBoxInfo(), NtUserSetSystemCursor(), NtUserSetWindowFNID(), REGION_bAllocRgnAttr(), REGION_vCleanup(), TextIntRealizeFont(), UserDbgAssertThreadInfo(), UserGetDCEx(), UserGetProcessWindowStation(), UserHeapAddressToUser(), UserSetProcessWindowStation(), UserSystemParametersInfo(), and UserUnregisterUserApiHook().

◆ PsGetCurrentThreadProcessId()

NTKERNELAPI HANDLE NTAPI PsGetCurrentThreadProcessId ( VOID  )

Definition at line 755 of file thread.c.

756{
757 return PsGetCurrentThread()->Cid.UniqueProcess;
758}

Referenced by intDdCreateDirectDrawLocal().

◆ PsGetCurrentThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadWin32Thread ( VOID  )

Definition at line 805 of file thread.c.

806{
807 return PsGetCurrentThread()->Tcb.Win32Thread;
808}

Referenced by AllocateUserMessage(), CaretSystemTimerProc(), co_HOOK_CallHooks(), co_IntActivateKeyboardLayout(), co_IntCallHookProc(), co_IntCallSentMessageCallback(), co_IntCallWindowProc(), co_IntClientLoadLibrary(), co_IntClientThreadSetup(), co_IntCreateDefaultImeWindow(), co_IntFixCaret(), co_IntGetPeekMessage(), co_IntLoadDefaultCursors(), co_IntLoadSysMenuTemplate(), co_IntPaintWindows(), co_IntPeekMessage(), co_IntProcessKeyboardMessage(), co_IntProcessMouseMessage(), co_IntSendActivateMessages(), co_IntSendMessageTimeoutSingle(), co_IntSendMessageWithCallBack(), co_IntSetActiveWindow(), co_IntSetCaretPos(), co_IntSetForegroundAndFocusWindow(), co_IntWaitMessage(), co_MsqDispatchOneSentMessage(), co_MsqReplyMessage(), co_MsqSendMessage(), co_MsqSendMessageAsync(), co_UserDestroyWindow(), co_UserHideCaret(), co_UserSetCapture(), co_UserSetFocus(), co_UserShowCaret(), co_WinPosSearchChildren(), co_WinPosSetWindowPos(), co_WinPosShowWindow(), DECREASE_THREAD_LOCK_COUNT(), DefWndDoSizeMove(), DefWndStartSizeMove(), DesktopHeapGetUserDelta(), DesktopThreadMain(), GetW32ThreadInfo(), handle_internal_message(), IdlePing(), INCREASE_THREAD_LOCK_COUNT(), IntAddAtom(), IntCallWndProc(), IntCallWndProcRet(), IntCbAllocateMemory(), IntCbFreeMemory(), IntCreateDesktop(), IntDeactivateWindow(), IntDefWindowProc(), IntDeRegisterShellHookWindow(), IntDesktopOkToClose(), IntDestroyOwnedWindows(), IntDispatchMessage(), IntDrawScrollBar(), IntGetAndReferenceClass(), IntGetAtomName(), IntGetCapture(), IntGetCurrentThreadDesktopWindow(), IntGetImeCompatFlags(), IntGetNextHook(), IntGetQueueStatus(), IntGetThreadDesktopWindow(), IntGetThreadFocusWindow(), IntInitMessagePumpHook(), IntInvalidateWindows(), IntIsClipboardOpenByMe(), IntMsqClearWakeMask(), IntMsqSetWakeMask(), IntNotifyImeShowStatus(), IntNotifyWinEvent(), IntQueryTrackMouseEvent(), IntRegisterShellHookWindow(), IntReleaseCapture(), IntRemoveHook(), IntSendDestroyMsg(), IntSendSyncPaint(), IntSetThreadDesktop(), IntSetTimer(), IntTrackMouseEvent(), IntTrackPopupMenuEx(), IntTranslateKbdMessage(), IntUnhookWindowsHook(), IntUninitMessagePumpHook(), IntUserSetActiveWindow(), MENU_DoNextMenu(), MENU_InitTracking(), MENU_TrackMenu(), MsqGetMessageExtraInfo(), MsqSetMessageExtraInfo(), NtUserBlockInput(), NtUserCallNoParam(), NtUserCallOneParam(), NtUserCallTwoParam(), NtUserCreateAcceleratorTable(), NtUserCreateCaret(), NtUserGetAppImeLevel(), NtUserGetCaretPos(), NtUserGetGUIThreadInfo(), NtUserGetKeyboardLayoutName(), NtUserGetKeyboardState(), NtUserGetKeyNameText(), NtUserGetThreadState(), NtUserLockWorkStation(), NtUserMapVirtualKeyEx(), NtUserQueryWindow(), NtUserSendInput(), NtUserSetAppImeLevel(), NtUserSetKeyboardState(), NtUserSetThreadState(), NtUserSetWindowsHookEx(), NtUserSetWinEventHook(), NtUserToUnicodeEx(), NtUserValidateTimerCallback(), NtUserVkKeyScanEx(), NtUserWaitForInputIdle(), PostTimerMessages(), UserCreateInputContext(), UserDbgAssertThreadInfo(), UserDerefObjectCo(), UserDestroyMenu(), UserEnterExclusive(), UserGetActiveWindow(), UserGetCPD(), UserGetKeyboardLayout(), UserGetKeyState(), UserGhostThreadEntry(), UserInitialize(), UserOpenClipboard(), UserOpenInputDesktop(), UserRefObjectCo(), UserRegisterHotKey(), UserRegisterUserApiHook(), UserSendKeyboardInput(), UserSendMouseInput(), UserSetActiveWindow(), UserSetCursor(), UserShowCursor(), and UserUnregisterUserApiHook().

◆ PsGetProcessExitProcessCalled()

NTKERNELAPI BOOLEAN NTAPI PsGetProcessExitProcessCalled ( _In_ PEPROCESS  Process)

◆ PsGetProcessExitStatus()

NTKERNELAPI NTSTATUS NTAPI PsGetProcessExitStatus ( _In_ PEPROCESS  Process)

◆ PsGetProcessInheritedFromUniqueProcessId()

HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId ( _In_ PEPROCESS  Process)

◆ PsGetProcessSecurityPort()

NTKERNELAPI PVOID NTAPI PsGetProcessSecurityPort ( _In_ PEPROCESS  Process)

◆ PsGetProcessSessionId()

NTKERNELAPI ULONG NTAPI PsGetProcessSessionId ( _In_ PEPROCESS  Process)

◆ PsGetProcessWin32Process()

NTKERNELAPI PVOID NTAPI PsGetProcessWin32Process ( _In_ PEPROCESS  Process)

◆ PsGetProcessWin32WindowStation()

NTKERNELAPI PVOID NTAPI PsGetProcessWin32WindowStation ( _In_ PEPROCESS  Process)

◆ PsGetThreadFreezeCount()

NTKERNELAPI ULONG NTAPI PsGetThreadFreezeCount ( _In_ PETHREAD  Thread)

◆ PsGetThreadHardErrorsAreDisabled()

NTKERNELAPI BOOLEAN NTAPI PsGetThreadHardErrorsAreDisabled ( _In_ PETHREAD  Thread)

◆ PsGetThreadId()

NTKERNELAPI HANDLE NTAPI PsGetThreadId ( _In_ PETHREAD  Thread)

◆ PsGetThreadProcess()

NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess ( _In_ PETHREAD  Thread)

◆ PsGetThreadTeb()

NTKERNELAPI PTEB NTAPI PsGetThreadTeb ( _In_ PETHREAD  Thread)

◆ PsGetThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread ( _In_ PETHREAD  Thread)

◆ PsIsProtectedProcess()

BOOLEAN NTAPI PsIsProtectedProcess ( _In_ PEPROCESS  Process)

◆ PsIsSystemProcess()

NTKERNELAPI BOOLEAN NTAPI PsIsSystemProcess ( _In_ PEPROCESS  Process)

◆ PsIsThreadImpersonating()

NTKERNELAPI BOOLEAN NTAPI PsIsThreadImpersonating ( _In_ PETHREAD  Thread)

◆ PsLookupProcessThreadByCid()

NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid ( _In_ PCLIENT_ID  Cid,
_Out_opt_ PEPROCESS Process,
_Out_ PETHREAD Thread 
)

◆ PsReturnPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnPoolQuota ( _In_ PEPROCESS  Process,
_In_ POOL_TYPE  PoolType,
_In_ SIZE_T  Amount 
)

Returns the pool quota that the process was taking up.

Parameters
[in]ProcessThe process which quota is to be returned.
[in]PoolTypeThe type of quota pool to return (e.g. PagedPool or NonPagedPool).
[in]AmountThe amount of quotas to return from a process.
Returns
Nothing.

Definition at line 907 of file quota.c.

911{
912 /* Don't do anything for the system process */
913 if (Process == PsInitialSystemProcess) return;
914
915 PspReturnProcessQuotaSpecifiedPool(Process,
916 Process->QuotaBlock,
917 (PoolType & PAGED_POOL_MASK),
918 Amount);
919}
PspReturnProcessQuotaSpecifiedPool
VOID NTAPI PspReturnProcessQuotaSpecifiedPool(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock, _In_ PS_QUOTA_TYPE QuotaType, _In_ SIZE_T Amount)
Internal kernel function that provides the bulk logic of process quota returning. It returns (takes a...
Definition: quota.c:345

Referenced by ExFreePoolWithTag(), ExReturnPoolQuota(), PsReturnProcessNonPagedPoolQuota(), and PsReturnProcessPagedPoolQuota().

◆ PsReturnProcessNonPagedPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Returns the non paged quota pool that the process was taking up.

Parameters
[in]ProcessThe process which non paged quota is to be returned.
[in]AmountThe amount of quotas to return from a process.
Returns
Nothing.

Definition at line 938 of file quota.c.

941{
942 /* Don't do anything for the system process */
943 if (Process == PsInitialSystemProcess) return;
944
945 PsReturnPoolQuota(Process, NonPagedPool, Amount);
946}
PsReturnPoolQuota
VOID NTAPI PsReturnPoolQuota(_In_ PEPROCESS Process, _In_ POOL_TYPE PoolType, _In_ SIZE_T Amount)
Returns the pool quota that the process was taking up.
Definition: quota.c:907

Referenced by MiCreatePebOrTeb(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), MiUnmapLockedPagesInUserSpace(), MiUnmapViewOfSection(), MmCleanProcessAddressSpace(), MmDeleteTeb(), NtAllocateVirtualMemory(), NtFreeVirtualMemory(), PspDeleteProcess(), and START_TEST().

◆ PsReturnProcessPagedPoolQuota()

NTKERNELAPI VOID NTAPI PsReturnProcessPagedPoolQuota ( _In_ PEPROCESS  Process,
_In_ SIZE_T  Amount 
)

Returns the paged pool quota that the process was taking up.

Parameters
[in]ProcessThe process which paged pool quota is to be returned.
[in]AmountThe amount of quotas to return from a process.
Returns
Nothing.

Definition at line 965 of file quota.c.

968{
969 /* Don't do anything for the system process */
970 if (Process == PsInitialSystemProcess) return;
971
972 PsReturnPoolQuota(Process, PagedPool, Amount);
973}

Referenced by ExpAllocateHandleTable(), ExpFreeHandleTable(), ExpFreeTablePagedPool(), FsRtlCancelNotify(), FsRtlNotifyCleanup(), FsRtlNotifyCompleteIrp(), FsRtlNotifyFilterReportChange(), and START_TEST().

◆ PsRevertThreadToSelf()

NTKERNELAPI VOID NTAPI PsRevertThreadToSelf ( _Inout_ PETHREAD  Thread)

◆ PsSetProcessPriorityByClass()

VOID NTAPI PsSetProcessPriorityByClass ( _In_ PEPROCESS  Process,
_In_ PSPROCESSPRIORITYMODE  Type 
)

◆ PsSetProcessSecurityPort()

NTKERNELAPI NTSTATUS NTAPI PsSetProcessSecurityPort ( _Inout_ PEPROCESS  Process,
_In_ PVOID  SecurityPort 
)

◆ PsSetProcessWin32Process()

NTKERNELAPI NTSTATUS NTAPI PsSetProcessWin32Process ( _Inout_ PEPROCESS  Process,
_In_opt_ PVOID  Win32Process,
_In_opt_ PVOID  OldWin32Process 
)

Definition at line 1257 of file process.c.

1261{
1262 NTSTATUS Status;
1263
1264 /* Assume success */
1265 Status = STATUS_SUCCESS;
1266
1267 /* Lock the process */
1268 KeEnterCriticalRegion();
1269 ExAcquirePushLockExclusive(&Process->ProcessLock);
1270
1271 /* Check if we set a new win32 process */
1272 if (Win32Process != NULL)
1273 {
1274 /* Check if the process is in the right state */
1275 if (((Process->Flags & PSF_PROCESS_DELETE_BIT) == 0) &&
1276 (Process->Win32Process == NULL))
1277 {
1278 /* Set the new win32 process */
1279 Process->Win32Process = Win32Process;
1280 }
1281 else
1282 {
1283 /* Otherwise fail */
1284 Status = STATUS_PROCESS_IS_TERMINATING;
1285 }
1286 }
1287 else
1288 {
1289 /* Reset the win32 process, did the caller specify the correct old value? */
1290 if (Process->Win32Process == OldWin32Process)
1291 {
1292 /* Yes, so reset the win32 process to NULL */
1293 Process->Win32Process = NULL;
1294 }
1295 else
1296 {
1297 /* Otherwise fail */
1298 Status = STATUS_UNSUCCESSFUL;
1299 }
1300 }
1301
1302 /* Unlock the process */
1303 ExReleasePushLockExclusive(&Process->ProcessLock);
1304 KeLeaveCriticalRegion();
1305
1306 return Status;
1307}
ExAcquirePushLockExclusive
FORCEINLINE VOID ExAcquirePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1039
ExReleasePushLockExclusive
FORCEINLINE VOID ExReleasePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1255
PSF_PROCESS_DELETE_BIT
#define PSF_PROCESS_DELETE_BIT
Definition: pstypes.h:277
KeLeaveCriticalRegion
#define KeLeaveCriticalRegion()
Definition: ke_x.h:119
KeEnterCriticalRegion
#define KeEnterCriticalRegion()
Definition: ke_x.h:88
STATUS_PROCESS_IS_TERMINATING
#define STATUS_PROCESS_IS_TERMINATING
Definition: ntstatus.h:502
STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132

Referenced by AllocW32Process(), and ExitProcessCallback().

◆ PsSetProcessWindowStation()

NTKERNELAPI VOID NTAPI PsSetProcessWindowStation ( _Inout_ PEPROCESS  Process,
_In_opt_ PVOID  WindowStation 
)

◆ PsSetThreadHardErrorsAreDisabled()

NTKERNELAPI VOID NTAPI PsSetThreadHardErrorsAreDisabled ( _Inout_ PETHREAD  Thread,
_In_ BOOLEAN  Disabled 
)

◆ PsSetThreadWin32Thread()

NTKERNELAPI PVOID NTAPI PsSetThreadWin32Thread ( _Inout_ PETHREAD  Thread,
_In_opt_ PVOID  Win32Thread,
_In_opt_ PVOID  OldWin32Thread 
)

◆ ZwAlertResumeThread()

NTSYSAPI NTSTATUS NTAPI ZwAlertResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

◆ ZwAlertThread()

NTSYSAPI NTSTATUS NTAPI ZwAlertThread ( _In_ HANDLE  ThreadHandle)

◆ ZwAssignProcessToJobObject()

NTSYSAPI NTSTATUS NTAPI ZwAssignProcessToJobObject ( _In_ HANDLE  JobHandle,
_In_ HANDLE  ProcessHandle 
)

◆ ZwCreateJobObject()

NTSYSAPI NTSTATUS NTAPI ZwCreateJobObject ( _Out_ PHANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes 
)

◆ ZwCreateProcess()

NTSYSAPI NTSTATUS NTAPI ZwCreateProcess ( _Out_ PHANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ParentProcess,
_In_ BOOLEAN  InheritObjectTable,
_In_opt_ HANDLE  SectionHandle,
_In_opt_ HANDLE  DebugPort,
_In_opt_ HANDLE  ExceptionPort 
)

Referenced by RtlCreateUserProcess().

◆ ZwCreateThread()

NTSYSAPI NTSTATUS NTAPI ZwCreateThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ HANDLE  ProcessHandle,
_Out_ PCLIENT_ID  ClientId,
_In_ PCONTEXT  ThreadContext,
_In_ PINITIAL_TEB  UserStack,
_In_ BOOLEAN  CreateSuspended 
)

Referenced by RtlCreateUserThread().

◆ ZwImpersonateThread()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateThread ( _In_ HANDLE  ThreadHandle,
_In_ HANDLE  ThreadToImpersonate,
_In_ PSECURITY_QUALITY_OF_SERVICE  SecurityQualityOfService 
)

◆ ZwIsProcessInJob()

NTSYSAPI NTSTATUS NTAPI ZwIsProcessInJob ( _In_ HANDLE  ProcessHandle,
_In_opt_ HANDLE  JobHandle 
)

◆ ZwOpenThread()

NTSYSAPI NTSTATUS NTAPI ZwOpenThread ( _Out_ PHANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ PCLIENT_ID  ClientId 
)

◆ ZwOpenThreadToken()

NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_Out_ PHANDLE  TokenHandle 
)

Referenced by IntGetCurrentAccessToken(), RtlAdjustPrivilege(), and RtlpOpenThreadToken().

◆ ZwOpenThreadTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

Referenced by RtlFormatCurrentUserKeyPath().

◆ ZwQueryInformationJobObject()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_Out_bytecap_(JobInformationLength) PVOID  JobInformation,
_In_ ULONG  JobInformationLength,
_Out_ PULONG  ReturnLength 
)

◆ ZwQueryInformationProcess()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_Out_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Referenced by lie_about_fs_type(), RtlCreateUserProcess(), RtlEncodePointer(), RtlSetProcessIsCritical(), and START_TEST().

◆ ZwQueryInformationThread()

NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ THREADINFOCLASS  ThreadInformationClass,
_Out_ PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Referenced by RtlSetThreadIsCritical().

◆ ZwRegisterThreadTerminatePort()

NTSYSAPI NTSTATUS NTAPI ZwRegisterThreadTerminatePort ( _In_ HANDLE  TerminationPort)

◆ ZwResumeProcess()

NTSYSAPI NTSTATUS NTAPI ZwResumeProcess ( _In_ HANDLE  ProcessHandle)

◆ ZwResumeThread()

NTSYSAPI NTSTATUS NTAPI ZwResumeThread ( _In_ HANDLE  ThreadHandle,
_Out_opt_ PULONG  SuspendCount 
)

Referenced by ExpLoadInitialProcess().

◆ ZwSetInformationJobObject()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationJobObject ( _In_ HANDLE  JobHandle,
_In_ JOBOBJECTINFOCLASS  JobInformationClass,
_In_ PVOID  JobInformation,
_In_ ULONG  JobInformationLength 
)

◆ ZwSetInformationProcess()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_In_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength 
)

Referenced by RtlSetProcessIsCritical().

◆ ZwSuspendProcess()

NTSYSAPI NTSTATUS NTAPI ZwSuspendProcess ( _In_ HANDLE  ProcessHandle)

◆ ZwSuspendThread()

NTSYSAPI NTSTATUS NTAPI ZwSuspendThread ( _In_ HANDLE  ThreadHandle,
_In_ PULONG  PreviousSuspendCount 
)

◆ ZwTerminateJobObject()

NTSYSAPI NTSTATUS NTAPI ZwTerminateJobObject ( _In_ HANDLE  JobHandle,
_In_ NTSTATUS  ExitStatus 
)

◆ ZwTerminateThread()

NTSYSAPI NTSTATUS NTAPI ZwTerminateThread ( _In_ HANDLE  ThreadHandle,
_In_ NTSTATUS  ExitStatus 
)

Referenced by RtlAssert().

Variable Documentation

◆ DesiredAccess

_In_ ACCESS_MASK DesiredAccess

Definition at line 723 of file psfuncs.h.

◆ ExitStatus

_In_ NTSTATUS ExitStatus

Definition at line 866 of file psfuncs.h.

Referenced by BaseExitThreadPoolThread(), BaseSrvBSMThread(), CdfsChkdsk(), ChkdskEx(), CsrDereferenceNtSession(), DbgkExitProcess(), DbgkExitThread(), Ext2Chkdsk(), NtfsChkdsk(), NtTerminateJobObject(), NtTerminateProcess(), NtTerminateThread(), PspExitThread(), PspTerminateProcess(), PspTerminateThreadByPointer(), PsTerminateProcess(), PsTerminateSystemThread(), RtlpExitThread(), test_query_process_basic(), VfatChkdsk(), and VfatxChkdsk().

◆ HandleAttributes

_In_ ACCESS_MASK _In_ ULONG HandleAttributes

Definition at line 724 of file psfuncs.h.

◆ ThreadInformationClass

_In_ THREADINFOCLASS ThreadInformationClass

Definition at line 840 of file psfuncs.h.

Referenced by NtQueryInformationThread(), NtSetInformationThread(), NtUserQueryInformationThread(), and NtUserSetInformationThread().

◆ ThreadInformationLength

_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength

Definition at line 842 of file psfuncs.h.

Referenced by NtQueryInformationThread(), NtSetInformationThread(), NtUserSetInformationThread(), and PspQueryDescriptorThread().

◆ TokenHandle

_In_ ACCESS_MASK _In_ BOOLEAN _In_ ULONG _Out_ PHANDLE TokenHandle

Definition at line 725 of file psfuncs.h.

Referenced by AdjustTokenGroups(), AdjustTokenPrivileges(), BasepReplaceProcessThreadTokens(), CreateDefaultProcessSecurityCommon(), CreateProcessInternalW(), DuplicateTokenAsEffective(), GetCallerLuid(), GetSiteSidFromToken(), GetTokenInformation(), IntGetCurrentAccessToken(), IsPrivilegeEnabled(), IsTokenRestricted(), LogonUserExW(), LsapIsTrustedClient(), LsapLogonUser(), LsarSetSecurityObject(), MyLogonUser(), NtAdjustGroupsToken(), NtAdjustPrivilegesToken(), NtCreateToken(), NtOpenProcessToken(), NtOpenProcessTokenEx(), NtOpenThreadToken(), NtOpenThreadTokenEx(), NtQueryInformationToken(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), OpenProcessToken(), OpenThreadToken(), PsAssignImpersonationToken(), PspSetPrimaryToken(), RtlAdjustPrivilege(), RtlCreateUserSecurityObject(), RtlDefaultNpAcl(), RtlFormatCurrentUserKeyPath(), RtlpGetImpersonationToken(), RtlpOpenThreadToken(), RtlRemovePrivileges(), SamrSetSecurityObject(), SepCreateToken(), SepOpenThreadToken(), SetThreadToken(), SetTokenInformation(), SHTestTokenMembership(), and START_TEST().