ReactOS  0.4.15-dev-2972-gda2a567
Macros | Functions | Variables
psfuncs.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define PsGetCurrentProcess   IoGetCurrentProcess
 
#define _PSGETCURRENTTHREAD_
 

Functions

 $if (_WDMDDK_) NTKERNELAPI NTSTATUS NTAPI PsWrapApcWow64Thread(_Inout_ PVOID *ApcContext
 
 _IRQL_requires_max_ (DISPATCH_LEVEL) FORCEINLINE PETHREAD NTAPI PsGetCurrentThread(VOID)
 
 $endif (_WDMDDK_) $if(_NTDDK_) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess(_Out_ PHANDLE ProcessHandle
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
 
 $endif (_NTDDK_) $if(_NTIFS_) _Must_inspect_result_ _IRQL_requires_max_(APC_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsLookupProcessByProcessId(_In_ HANDLE ProcessId
 
_Must_inspect_result_ _IRQL_requires_max_ (APC_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsLookupThreadByThreadId(_In_ HANDLE UniqueThreadId
 
 $endif (_NTIFS_) $if(_WDMDDK_) _IRQL_requires_max_(APC_LEVEL) _Post_satisfies_(return<=0) _Must_inspect_result_ NTKERNELAPI NTSTATUS NTAPI PsCreateSystemThread(_Out_ PHANDLE ThreadHandle
 
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE _In_opt_ _When_ (return==0, __drv_aliasesMem) PVOID StartContext)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsTerminateSystemThread(_In_ NTSTATUS ExitStatus)
 
NTKERNELAPI HANDLE NTAPI PsGetCurrentProcessId (VOID)
 
NTKERNELAPI BOOLEAN NTAPI PsGetVersion (OUT PULONG MajorVersion OPTIONAL, OUT PULONG MinorVersion OPTIONAL, OUT PULONG BuildNumber OPTIONAL, OUT PUNICODE_STRING CSDVersion OPTIONAL)
 
NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess (_In_ PETHREAD Thread)
 
NTKERNELAPI NTSTATUS NTAPI PsRemoveCreateThreadNotifyRoutine (_In_ PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine)
 
NTKERNELAPI BOOLEAN NTAPI PsIsSystemThread (_In_ PETHREAD Thread)
 
NTKERNELAPI PVOID NTAPI PsGetCurrentThreadTeb (VOID)
 
NTKERNELAPI BOOLEAN NTAPI PsSetCurrentThreadPrefetching (IN BOOLEAN Prefetching)
 
NTKERNELAPI BOOLEAN NTAPI PsIsCurrentThreadPrefetching (VOID)
 
NTKERNELAPI NTSTATUS NTAPI PsSetCreateProcessNotifyRoutineEx (IN PCREATE_PROCESS_NOTIFY_ROUTINE_EX NotifyRoutine, IN BOOLEAN Remove)
 

Variables

_Inout_ PVOIDApcRoutine
 
_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES ObjectAttributes
 
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _In_opt_ PCLIENT_ID ClientId
 
_Outptr_ PEPROCESSProcess
 
_Must_inspect_result_ _Outptr_ PETHREADThread
 
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE ProcessHandle
 
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE StartRoutine
 
_In_ BOOLEAN Remove
 
_Out_ PBOOLEAN CopyOnOpen
 
_Out_ PBOOLEAN _Out_ PBOOLEAN EffectiveOnly
 
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
 
_Must_inspect_result_ _In_opt_ PACCESS_TOKEN Token
 
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
 
_In_ POOL_TYPE PoolType
 
_In_ POOL_TYPE _In_ ULONG_PTR Amount
 

Macro Definition Documentation

◆ _PSGETCURRENTTHREAD_

#define _PSGETCURRENTTHREAD_

Definition at line 20 of file psfuncs.h.

◆ PsGetCurrentProcess

#define PsGetCurrentProcess   IoGetCurrentProcess

Definition at line 17 of file psfuncs.h.

Function Documentation

◆ $endif() [1/3]

$endif ( _WDMDDK_  )

Definition at line 202 of file ke.h.

226 {
227  ULONGLONG Low;
228  LONGLONG High;
229 } NEON128, *PNEON128;
Low
Definition: strmini.h:380
LONGLONG
int64_t LONGLONG
Definition: typedefs.h:68
ULONGLONG
uint64_t ULONGLONG
Definition: typedefs.h:67
High
Definition: strmini.h:378
NEON128
NEON128
Definition: ke.h:229
PNEON128
* PNEON128
Definition: ke.h:229

◆ $endif() [2/3]

$endif ( _NTDDK_  )

Definition at line 2494 of file iofuncs.h.

2502 {
2503  PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
2504  PriorityInfo->ThreadPriority = 0xffff;
2505  PriorityInfo->IoPriority = IoPriorityNormal;
2506  PriorityInfo->PagePriority = 0;
2507 }
IO_PRIORITY_INFO
struct _IO_PRIORITY_INFO IO_PRIORITY_INFO
PriorityInfo
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD _Inout_ PIO_PRIORITY_INFO PriorityInfo
Definition: fltkernel.h:2652

◆ $endif() [3/3]

$endif ( _NTIFS_  )
pure virtual

Definition at line 2825 of file rtlfuncs.h.

2839 {
2840  LARGE_INTEGER ret;
2841  ret.QuadPart = SignedInteger;
2842  return ret;
2843 }
ret
return ret
Definition: rtlfuncs.h:3090
_LARGE_INTEGER
Definition: typedefs.h:102

◆ $if()

$if ( _WDMDDK_  )

Kernel definitions for AMD64

Kernel definitions for ARM

Definition at line 1 of file ke.h.

31 {
32  ULONG Dummy;
33 } KFLOATING_SAVE, *PKFLOATING_SAVE;
KFLOATING_SAVE
struct _KFLOATING_SAVE KFLOATING_SAVE
PKFLOATING_SAVE
struct _KFLOATING_SAVE * PKFLOATING_SAVE
ULONG
unsigned int ULONG
Definition: retypes.h:1

◆ _IRQL_requires_max_() [1/3]

_IRQL_requires_max_ ( DISPATCH_LEVEL  )

Definition at line 21 of file psfuncs.h.

26 {
27  return (PETHREAD)KeGetCurrentThread();
28 }
_ETHREAD
Definition: pstypes.h:1101
KeGetCurrentThread
#define KeGetCurrentThread
Definition: hal.h:55

◆ _IRQL_requires_max_() [2/3]

_Must_inspect_result_ _IRQL_requires_max_ ( APC_LEVEL  )

Definition at line 197 of file cddata.c.

254 {
255  THREAD_CONTEXT ThreadContext = {0};
256  PIRP_CONTEXT IrpContext = NULL;
257  BOOLEAN Wait;
258 
259 #ifdef CD_SANITY
260  PVOID PreviousTopLevel;
261 #endif
262 
263  NTSTATUS Status;
264 
265 #if DBG
266 
267  KIRQL SaveIrql = KeGetCurrentIrql();
268 
269 #endif
270 
271  ASSERT_OPTIONAL_IRP( Irp );
272 
273  UNREFERENCED_PARAMETER( DeviceObject );
274 
275  FsRtlEnterFileSystem();
276 
277 #ifdef CD_SANITY
278  PreviousTopLevel = IoGetTopLevelIrp();
279 #endif
280 
281  //
282  // Loop until this request has been completed or posted.
283  //
284 
285  do {
286 
287  //
288  // Use a try-except to handle the exception cases.
289  //
290 
291  _SEH2_TRY {
292 
293  //
294  // If the IrpContext is NULL then this is the first pass through
295  // this loop.
296  //
297 
298  if (IrpContext == NULL) {
299 
300  //
301  // Decide if this request is waitable an allocate the IrpContext.
302  // If the file object in the stack location is NULL then this
303  // is a mount which is always waitable. Otherwise we look at
304  // the file object flags.
305  //
306 
307  if (IoGetCurrentIrpStackLocation( Irp )->FileObject == NULL) {
308 
309  Wait = TRUE;
310 
311  } else {
312 
313  Wait = CanFsdWait( Irp );
314  }
315 
316  IrpContext = CdCreateIrpContext( Irp, Wait );
317 
318  //
319  // Update the thread context information.
320  //
321 
322  CdSetThreadContext( IrpContext, &ThreadContext );
323 
324 #ifdef CD_SANITY
325  NT_ASSERT( !CdTestTopLevel ||
326  SafeNodeType( IrpContext->TopLevel ) == CDFS_NTC_IRP_CONTEXT );
327 #endif
328 
329  //
330  // Otherwise cleanup the IrpContext for the retry.
331  //
332 
333  } else {
334 
335  //
336  // Set the MORE_PROCESSING flag to make sure the IrpContext
337  // isn't inadvertently deleted here. Then cleanup the
338  // IrpContext to perform the retry.
339  //
340 
341  SetFlag( IrpContext->Flags, IRP_CONTEXT_FLAG_MORE_PROCESSING );
342  CdCleanupIrpContext( IrpContext, FALSE );
343  }
344 
345  //
346  // Case on the major irp code.
347  //
348 
349  switch (IrpContext->MajorFunction) {
350 
351  case IRP_MJ_CREATE :
352 
353  Status = CdCommonCreate( IrpContext, Irp );
354  break;
355 
356  case IRP_MJ_CLOSE :
357 
358  Status = CdCommonClose( IrpContext, Irp );
359  break;
360 
361  case IRP_MJ_READ :
362 
363  //
364  // If this is an Mdl complete request, don't go through
365  // common read.
366  //
367 
368  if (FlagOn( IrpContext->MinorFunction, IRP_MN_COMPLETE )) {
369 
370  Status = CdCompleteMdl( IrpContext, Irp );
371 
372  } else {
373 
374  Status = CdCommonRead( IrpContext, Irp );
375  }
376 
377  break;
378 
379  case IRP_MJ_WRITE :
380 
381  Status = CdCommonWrite( IrpContext, Irp );
382  break;
383 
384  case IRP_MJ_QUERY_INFORMATION :
385 
386  Status = CdCommonQueryInfo( IrpContext, Irp );
387  break;
388 
389  case IRP_MJ_SET_INFORMATION :
390 
391  Status = CdCommonSetInfo( IrpContext, Irp );
392  break;
393 
394  case IRP_MJ_QUERY_VOLUME_INFORMATION :
395 
396  Status = CdCommonQueryVolInfo( IrpContext, Irp );
397  break;
398 
399  case IRP_MJ_DIRECTORY_CONTROL :
400 
401  Status = CdCommonDirControl( IrpContext, Irp );
402  break;
403 
404  case IRP_MJ_FILE_SYSTEM_CONTROL :
405 
406  Status = CdCommonFsControl( IrpContext, Irp );
407  break;
408 
409  case IRP_MJ_DEVICE_CONTROL :
410 
411  Status = CdCommonDevControl( IrpContext, Irp );
412  break;
413 
414  case IRP_MJ_LOCK_CONTROL :
415 
416  Status = CdCommonLockControl( IrpContext, Irp );
417  break;
418 
419  case IRP_MJ_CLEANUP :
420 
421  Status = CdCommonCleanup( IrpContext, Irp );
422  break;
423 
424  case IRP_MJ_PNP :
425 
426  Status = CdCommonPnp( IrpContext, Irp );
427  break;
428 
429  case IRP_MJ_SHUTDOWN :
430 
431  Status = CdCommonShutdown( IrpContext, Irp );
432  break;
433 
434  default :
435 
436  Status = STATUS_INVALID_DEVICE_REQUEST;
437  CdCompleteRequest( IrpContext, Irp, Status );
438  }
439 
440  } _SEH2_EXCEPT( CdExceptionFilter( IrpContext, _SEH2_GetExceptionInformation() )) {
441 
442  Status = CdProcessException( IrpContext, Irp, _SEH2_GetExceptionCode() );
443  } _SEH2_END;
444 
445  } while (Status == STATUS_CANT_WAIT);
446 
447 #ifdef CD_SANITY
448  NT_ASSERT( !CdTestTopLevel ||
449  (PreviousTopLevel == IoGetTopLevelIrp()) );
450 #endif
451 
452  FsRtlExitFileSystem();
453 
454  NT_ASSERT( SaveIrql == KeGetCurrentIrql( ));
455 
456  return Status;
457 }
KeGetCurrentIrql
#define KeGetCurrentIrql()
Definition: env_spec_w32.h:706
CdSetThreadContext
VOID CdSetThreadContext(_Inout_ PIRP_CONTEXT IrpContext, _In_ PTHREAD_CONTEXT ThreadContext)
Definition: cddata.c:981
IRP_MJ_CREATE
#define IRP_MJ_CREATE
Definition: rdpdr.c:44
FsRtlEnterFileSystem
#define FsRtlEnterFileSystem
FsRtlExitFileSystem
#define FsRtlExitFileSystem
IRP_MJ_SHUTDOWN
#define IRP_MJ_SHUTDOWN
TRUE
#define TRUE
Definition: types.h:120
UNREFERENCED_PARAMETER
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317
IRP_CONTEXT_FLAG_MORE_PROCESSING
#define IRP_CONTEXT_FLAG_MORE_PROCESSING
Definition: cdstruc.h:1214
Wait
_In_ WDFDPC _In_ BOOLEAN Wait
Definition: wdfdpc.h:167
SafeNodeType
#define SafeNodeType(Ptr)
Definition: nodetype.h:54
IRP_MJ_PNP
#define IRP_MJ_PNP
Definition: cdrw_usr.h:52
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
STATUS_INVALID_DEVICE_REQUEST
#define STATUS_INVALID_DEVICE_REQUEST
Definition: udferr_usr.h:138
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
IRP_MN_COMPLETE
#define IRP_MN_COMPLETE
Definition: iotypes.h:4420
KIRQL
UCHAR KIRQL
Definition: env_spec_w32.h:591
DeviceObject
_In_ PDEVICE_OBJECT DeviceObject
Definition: wdfdevice.h:2055
FALSE
#define FALSE
Definition: types.h:117
Irp
_In_ PIRP Irp
Definition: csq.h:116
CdCompleteRequest
VOID CdCompleteRequest(_Inout_opt_ PIRP_CONTEXT IrpContext, _Inout_opt_ PIRP Irp, _In_ NTSTATUS Status)
Definition: cddata.c:914
_THREAD_CONTEXT
Definition: cdstruc.h:1363
_SEH2_GetExceptionInformation
#define _SEH2_GetExceptionInformation()
Definition: pseh2_64.h:164
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
IRP_MJ_QUERY_VOLUME_INFORMATION
#define IRP_MJ_QUERY_VOLUME_INFORMATION
Definition: rdpdr.c:50
IRP_MJ_DIRECTORY_CONTROL
#define IRP_MJ_DIRECTORY_CONTROL
Definition: rdpdr.c:51
FileObject
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:547
IRP_CONTEXT
Definition: usbstor.h:96
Status
Status
Definition: gdiplustypes.h:24
IRP_MJ_FILE_SYSTEM_CONTROL
#define IRP_MJ_FILE_SYSTEM_CONTROL
IoGetTopLevelIrp
PIRP NTAPI IoGetTopLevelIrp(VOID)
Definition: irp.c:1843
CanFsdWait
#define CanFsdWait(I)
Definition: cdprocs.h:2001
CdCompleteMdl
NTSTATUS CdCompleteMdl(_In_ PIRP_CONTEXT IrpContext, _Inout_ PIRP Irp)
Definition: cachesup.c:411
IRP_MJ_CLOSE
#define IRP_MJ_CLOSE
Definition: rdpdr.c:45
CdCommonDevControl
NTSTATUS CdCommonDevControl(_Inout_ PIRP_CONTEXT IrpContext, _Inout_ PIRP Irp)
Definition: devctrl.c:46
FlagOn
#define FlagOn(_F, _SF)
Definition: ext2fs.h:179
IoGetCurrentIrpStackLocation
__drv_aliasesMem FORCEINLINE PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(_In_ PIRP Irp)
Definition: iofuncs.h:2793
SetFlag
#define SetFlag(_F, _SF)
Definition: ext2fs.h:187
_SEH2_END
_SEH2_END
Definition: create.c:4400
CdExceptionFilter
LONG CdExceptionFilter(_Inout_ PIRP_CONTEXT IrpContext, _In_ PEXCEPTION_POINTERS ExceptionPointer)
Definition: cddata.c:525
ASSERT_OPTIONAL_IRP
#define ASSERT_OPTIONAL_IRP(I)
Definition: cddata.h:251
NULL
#define NULL
Definition: types.h:112
CdCleanupIrpContext
VOID CdCleanupIrpContext(_In_ PIRP_CONTEXT IrpContext, _In_ BOOLEAN Post)
Definition: strucsup.c:1733
CdCommonLockControl
NTSTATUS CdCommonLockControl(_Inout_ PIRP_CONTEXT IrpContext, _Inout_ PIRP Irp)
Definition: lockctrl.c:35
CDFS_NTC_IRP_CONTEXT
#define CDFS_NTC_IRP_CONTEXT
Definition: nodetype.h:34
IRP_MJ_LOCK_CONTROL
#define IRP_MJ_LOCK_CONTROL
Definition: rdpdr.c:53
IRP_MJ_READ
#define IRP_MJ_READ
Definition: rdpdr.c:46
IRP_MJ_CLEANUP
#define IRP_MJ_CLEANUP
IRP_MJ_SET_INFORMATION
#define IRP_MJ_SET_INFORMATION
Definition: rdpdr.c:49
IRP_MJ_WRITE
#define IRP_MJ_WRITE
Definition: rdpdr.c:47
IRP_MJ_QUERY_INFORMATION
#define IRP_MJ_QUERY_INFORMATION
Definition: rdpdr.c:48
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
CdCreateIrpContext
_Ret_valid_ PIRP_CONTEXT CdCreateIrpContext(_In_ PIRP Irp, _In_ BOOLEAN Wait)
Definition: strucsup.c:1573
IRP_MJ_DEVICE_CONTROL
#define IRP_MJ_DEVICE_CONTROL
Definition: rdpdr.c:52
STATUS_CANT_WAIT
#define STATUS_CANT_WAIT
Definition: ntstatus.h:452
NT_ASSERT
#define NT_ASSERT
Definition: rtlfuncs.h:3310

◆ _IRQL_requires_max_() [3/3]

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
77  NTSTATUS Status;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
82  return STATUS_INVALID_PARAMETER;
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
88  return STATUS_INVALID_PARAMETER;
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
96  Status = FltObjectReference(Filter);
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
103  Status = ObCreateObject(KernelMode,
104  ServerPortObjectType,
105  ObjectAttributes,
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
118  FltpObjectPointerReference((PFLT_OBJECT)Filter);
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
123  PortObject->DisconnectNotify = DisconnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
131  STANDARD_RIGHTS_ALL | FILE_READ_DATA,
132  0,
133  NULL,
134  (PHANDLE)ServerPort);
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
138  ExAcquireFastMutex(&Filter->ConnectionList.mLock);
139 
140  /* Add the new port object to the connection list and increment the count */
141  InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
142  Filter->ConnectionList.mCount++;
143 
144  /* Unlock the connection list*/
145  ExReleaseFastMutex(&Filter->ConnectionList.mLock);
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
152  FltObjectDereference(Filter);
153  }
154 
155  return Status;
156 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
ServerPort
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::ConnectNotify
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
FltObjectDereference
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_FLT_MUTEX_LIST_HEAD::mCount
ULONG mCount
Definition: fltmgrint.h:57
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
ExReleaseFastMutex
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
FltpObjectPointerReference
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
_FLT_MUTEX_LIST_HEAD::mList
LIST_ENTRY mList
Definition: fltmgrint.h:56
Filter
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
FILE_READ_DATA
#define FILE_READ_DATA
Definition: nt_native.h:628
ObCreateObject
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
Status
Status
Definition: gdiplustypes.h:24
_FLT_SERVER_PORT_OBJECT::Cookie
PVOID Cookie
Definition: fltmgrint.h:195
ServerPortObjectType
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
_FLT_OBJECT
Definition: fltmgrint.h:25
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DisconnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::MaxConnections
LONG MaxConnections
Definition: fltmgrint.h:198
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
ConnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT
Definition: fltmgrint.h:188
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
STANDARD_RIGHTS_ALL
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
ExAcquireFastMutex
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
FltObjectReference
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
ServerPortCookie
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::Filter
PFLT_FILTER Filter
Definition: fltmgrint.h:194
NULL
#define NULL
Definition: types.h:112
_FLT_MUTEX_LIST_HEAD::mLock
FAST_MUTEX mLock
Definition: fltmgrint.h:55
_FLT_SERVER_PORT_OBJECT::MessageNotify
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
_FLT_SERVER_PORT_OBJECT::FilterLink
LIST_ENTRY FilterLink
Definition: fltmgrint.h:190
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
MaxConnections
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::DisconnectNotify
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
MessageNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1872
_FLT_FILTER::ConnectionList
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _When_()

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE _In_opt_ _When_ ( return  = =0,
__drv_aliasesMem   
)

◆ NtQueryInformationProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_Out_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Definition at line 59 of file query.c.

65 {
66  PEPROCESS Process;
67  KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
68  NTSTATUS Status;
69  ULONG Length = 0;
70  HANDLE DebugPort = 0;
71  PPROCESS_BASIC_INFORMATION ProcessBasicInfo =
72  (PPROCESS_BASIC_INFORMATION)ProcessInformation;
73  PKERNEL_USER_TIMES ProcessTime = (PKERNEL_USER_TIMES)ProcessInformation;
74  ULONG UserTime, KernelTime;
75  PPROCESS_PRIORITY_CLASS PsPriorityClass = (PPROCESS_PRIORITY_CLASS)ProcessInformation;
76  ULONG HandleCount;
77  PPROCESS_SESSION_INFORMATION SessionInfo =
78  (PPROCESS_SESSION_INFORMATION)ProcessInformation;
79  PVM_COUNTERS VmCounters = (PVM_COUNTERS)ProcessInformation;
80  PIO_COUNTERS IoCounters = (PIO_COUNTERS)ProcessInformation;
81  PQUOTA_LIMITS QuotaLimits = (PQUOTA_LIMITS)ProcessInformation;
82  PUNICODE_STRING ImageName;
83  ULONG Cookie, ExecuteOptions = 0;
84  ULONG_PTR Wow64 = 0;
85  PROCESS_VALUES ProcessValues;
86  ULONG Flags;
87  PAGED_CODE();
88 
89  /* Verify Information Class validity */
90  Status = DefaultQueryInfoBufferCheck(ProcessInformationClass,
91  PsProcessInfoClass,
92  RTL_NUMBER_OF(PsProcessInfoClass),
93  ProcessInformation,
94  ProcessInformationLength,
95  ReturnLength,
96  NULL,
97  PreviousMode,
98  FALSE);
99  if (!NT_SUCCESS(Status))
100  {
101  DPRINT1("NtQueryInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
102  return Status;
103  }
104 
105  if (((ProcessInformationClass == ProcessCookie) ||
106  (ProcessInformationClass == ProcessImageInformation)) &&
107  (ProcessHandle != NtCurrentProcess()))
108  {
109  /*
110  * Retrieving the process cookie is only allowed for the calling process
111  * itself! XP only allows NtCurrentProcess() as process handles even if
112  * a real handle actually represents the current process.
113  */
114  return STATUS_INVALID_PARAMETER;
115  }
116 
117  /* Check the information class */
118  switch (ProcessInformationClass)
119  {
120  /* Basic process information */
121  case ProcessBasicInformation:
122 
123  if (ProcessInformationLength != sizeof(PROCESS_BASIC_INFORMATION))
124  {
125  Status = STATUS_INFO_LENGTH_MISMATCH;
126  break;
127  }
128 
129  /* Set return length */
130  Length = sizeof(PROCESS_BASIC_INFORMATION);
131 
132  /* Reference the process */
133  Status = ObReferenceObjectByHandle(ProcessHandle,
134  PROCESS_QUERY_INFORMATION,
135  PsProcessType,
136  PreviousMode,
137  (PVOID*)&Process,
138  NULL);
139  if (!NT_SUCCESS(Status)) break;
140 
141  /* Protect writes with SEH */
142  _SEH2_TRY
143  {
144  /* Write all the information from the EPROCESS/KPROCESS */
145  ProcessBasicInfo->ExitStatus = Process->ExitStatus;
146  ProcessBasicInfo->PebBaseAddress = Process->Peb;
147  ProcessBasicInfo->AffinityMask = Process->Pcb.Affinity;
148  ProcessBasicInfo->UniqueProcessId = (ULONG_PTR)Process->
149  UniqueProcessId;
150  ProcessBasicInfo->InheritedFromUniqueProcessId =
151  (ULONG_PTR)Process->InheritedFromUniqueProcessId;
152  ProcessBasicInfo->BasePriority = Process->Pcb.BasePriority;
153 
154  }
155  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
156  {
157  /* Get exception code */
158  Status = _SEH2_GetExceptionCode();
159  }
160  _SEH2_END;
161 
162  /* Dereference the process */
163  ObDereferenceObject(Process);
164  break;
165 
166  /* Process quota limits */
167  case ProcessQuotaLimits:
168 
169  if (ProcessInformationLength != sizeof(QUOTA_LIMITS))
170  {
171  Status = STATUS_INFO_LENGTH_MISMATCH;
172  break;
173  }
174 
175  Length = sizeof(QUOTA_LIMITS);
176 
177  /* Reference the process */
178  Status = ObReferenceObjectByHandle(ProcessHandle,
179  PROCESS_QUERY_INFORMATION,
180  PsProcessType,
181  PreviousMode,
182  (PVOID*)&Process,
183  NULL);
184  if (!NT_SUCCESS(Status)) break;
185 
186  /* Indicate success */
187  Status = STATUS_SUCCESS;
188 
189  _SEH2_TRY
190  {
191  /* Set max/min working set sizes */
192  QuotaLimits->MaximumWorkingSetSize =
193  Process->Vm.MaximumWorkingSetSize << PAGE_SHIFT;
194  QuotaLimits->MinimumWorkingSetSize =
195  Process->Vm.MinimumWorkingSetSize << PAGE_SHIFT;
196 
197  /* Set default time limits */
198  QuotaLimits->TimeLimit.LowPart = MAXULONG;
199  QuotaLimits->TimeLimit.HighPart = MAXULONG;
200 
201  /* Is quota block a default one? */
202  if (Process->QuotaBlock == &PspDefaultQuotaBlock)
203  {
204  /* Set default pools and pagefile limits */
205  QuotaLimits->PagedPoolLimit = (SIZE_T)-1;
206  QuotaLimits->NonPagedPoolLimit = (SIZE_T)-1;
207  QuotaLimits->PagefileLimit = (SIZE_T)-1;
208  }
209  else
210  {
211  /* Get limits from non-default quota block */
212  QuotaLimits->PagedPoolLimit =
213  Process->QuotaBlock->QuotaEntry[PagedPool].Limit;
214  QuotaLimits->NonPagedPoolLimit =
215  Process->QuotaBlock->QuotaEntry[NonPagedPool].Limit;
216  QuotaLimits->PagefileLimit =
217  Process->QuotaBlock->QuotaEntry[2].Limit;
218  }
219  }
220  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
221  {
222  /* Get exception code */
223  Status = _SEH2_GetExceptionCode();
224  }
225  _SEH2_END;
226 
227  /* Dereference the process */
228  ObDereferenceObject(Process);
229  break;
230 
231  case ProcessIoCounters:
232 
233  if (ProcessInformationLength != sizeof(IO_COUNTERS))
234  {
235  Status = STATUS_INFO_LENGTH_MISMATCH;
236  break;
237  }
238 
239  Length = sizeof(IO_COUNTERS);
240 
241  /* Reference the process */
242  Status = ObReferenceObjectByHandle(ProcessHandle,
243  PROCESS_QUERY_INFORMATION,
244  PsProcessType,
245  PreviousMode,
246  (PVOID*)&Process,
247  NULL);
248  if (!NT_SUCCESS(Status)) break;
249 
250  /* Query IO counters from the process */
251  KeQueryValuesProcess(&Process->Pcb, &ProcessValues);
252 
253  _SEH2_TRY
254  {
255  RtlCopyMemory(IoCounters, &ProcessValues.IoInfo, sizeof(IO_COUNTERS));
256  }
257  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
258  {
259  /* Ignore exception */
260  }
261  _SEH2_END;
262 
263  /* Set status to success in any case */
264  Status = STATUS_SUCCESS;
265 
266  /* Dereference the process */
267  ObDereferenceObject(Process);
268  break;
269 
270  /* Timing */
271  case ProcessTimes:
272 
273  /* Set the return length */
274  if (ProcessInformationLength != sizeof(KERNEL_USER_TIMES))
275  {
276  Status = STATUS_INFO_LENGTH_MISMATCH;
277  break;
278  }
279 
280  Length = sizeof(KERNEL_USER_TIMES);
281 
282  /* Reference the process */
283  Status = ObReferenceObjectByHandle(ProcessHandle,
284  PROCESS_QUERY_INFORMATION,
285  PsProcessType,
286  PreviousMode,
287  (PVOID*)&Process,
288  NULL);
289  if (!NT_SUCCESS(Status)) break;
290 
291  /* Protect writes with SEH */
292  _SEH2_TRY
293  {
294  /* Copy time information from EPROCESS/KPROCESS */
295  KernelTime = KeQueryRuntimeProcess(&Process->Pcb, &UserTime);
296  ProcessTime->CreateTime = Process->CreateTime;
297  ProcessTime->UserTime.QuadPart = (LONGLONG)UserTime * KeMaximumIncrement;
298  ProcessTime->KernelTime.QuadPart = (LONGLONG)KernelTime * KeMaximumIncrement;
299  ProcessTime->ExitTime = Process->ExitTime;
300  }
301  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
302  {
303  /* Get exception code */
304  Status = _SEH2_GetExceptionCode();
305  }
306  _SEH2_END;
307 
308  /* Dereference the process */
309  ObDereferenceObject(Process);
310  break;
311 
312  /* Process Debug Port */
313  case ProcessDebugPort:
314 
315  if (ProcessInformationLength != sizeof(HANDLE))
316  {
317  Status = STATUS_INFO_LENGTH_MISMATCH;
318  break;
319  }
320 
321  /* Set return length */
322  Length = sizeof(HANDLE);
323 
324  /* Reference the process */
325  Status = ObReferenceObjectByHandle(ProcessHandle,
326  PROCESS_QUERY_INFORMATION,
327  PsProcessType,
328  PreviousMode,
329  (PVOID*)&Process,
330  NULL);
331  if (!NT_SUCCESS(Status)) break;
332 
333  /* Protect write with SEH */
334  _SEH2_TRY
335  {
336  /* Return whether or not we have a debug port */
337  *(PHANDLE)ProcessInformation = (Process->DebugPort ?
338  (HANDLE)-1 : NULL);
339  }
340  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
341  {
342  /* Get exception code */
343  Status = _SEH2_GetExceptionCode();
344  }
345  _SEH2_END;
346 
347  /* Dereference the process */
348  ObDereferenceObject(Process);
349  break;
350 
351  case ProcessHandleCount:
352 
353  if (ProcessInformationLength != sizeof(ULONG))
354  {
355  Status = STATUS_INFO_LENGTH_MISMATCH;
356  break;
357  }
358 
359  /* Set the return length*/
360  Length = sizeof(ULONG);
361 
362  /* Reference the process */
363  Status = ObReferenceObjectByHandle(ProcessHandle,
364  PROCESS_QUERY_INFORMATION,
365  PsProcessType,
366  PreviousMode,
367  (PVOID*)&Process,
368  NULL);
369  if (!NT_SUCCESS(Status)) break;
370 
371  /* Count the number of handles this process has */
372  HandleCount = ObGetProcessHandleCount(Process);
373 
374  /* Protect write in SEH */
375  _SEH2_TRY
376  {
377  /* Return the count of handles */
378  *(PULONG)ProcessInformation = HandleCount;
379  }
380  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
381  {
382  /* Get the exception code */
383  Status = _SEH2_GetExceptionCode();
384  }
385  _SEH2_END;
386 
387  /* Dereference the process */
388  ObDereferenceObject(Process);
389  break;
390 
391  /* Session ID for the process */
392  case ProcessSessionInformation:
393 
394  if (ProcessInformationLength != sizeof(PROCESS_SESSION_INFORMATION))
395  {
396  Status = STATUS_INFO_LENGTH_MISMATCH;
397  break;
398  }
399 
400  /* Set the return length*/
401  Length = sizeof(PROCESS_SESSION_INFORMATION);
402 
403  /* Reference the process */
404  Status = ObReferenceObjectByHandle(ProcessHandle,
405  PROCESS_QUERY_INFORMATION,
406  PsProcessType,
407  PreviousMode,
408  (PVOID*)&Process,
409  NULL);
410  if (!NT_SUCCESS(Status)) break;
411 
412  /* Enter SEH for write safety */
413  _SEH2_TRY
414  {
415  /* Write back the Session ID */
416  SessionInfo->SessionId = PsGetProcessSessionId(Process);
417  }
418  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
419  {
420  /* Get the exception code */
421  Status = _SEH2_GetExceptionCode();
422  }
423  _SEH2_END;
424 
425  /* Dereference the process */
426  ObDereferenceObject(Process);
427  break;
428 
429  /* Virtual Memory Statistics */
430  case ProcessVmCounters:
431 
432  /* Validate the input length */
433  if ((ProcessInformationLength != sizeof(VM_COUNTERS)) &&
434  (ProcessInformationLength != sizeof(VM_COUNTERS_EX)))
435  {
436  Status = STATUS_INFO_LENGTH_MISMATCH;
437  break;
438  }
439 
440  /* Reference the process */
441  Status = ObReferenceObjectByHandle(ProcessHandle,
442  PROCESS_QUERY_INFORMATION,
443  PsProcessType,
444  PreviousMode,
445  (PVOID*)&Process,
446  NULL);
447  if (!NT_SUCCESS(Status)) break;
448 
449  /* Enter SEH for write safety */
450  _SEH2_TRY
451  {
452  /* Return data from EPROCESS */
453  VmCounters->PeakVirtualSize = Process->PeakVirtualSize;
454  VmCounters->VirtualSize = Process->VirtualSize;
455  VmCounters->PageFaultCount = Process->Vm.PageFaultCount;
456  VmCounters->PeakWorkingSetSize = Process->Vm.PeakWorkingSetSize;
457  VmCounters->WorkingSetSize = Process->Vm.WorkingSetSize;
458  VmCounters->QuotaPeakPagedPoolUsage = Process->QuotaPeak[PsPagedPool];
459  VmCounters->QuotaPagedPoolUsage = Process->QuotaUsage[PsPagedPool];
460  VmCounters->QuotaPeakNonPagedPoolUsage = Process->QuotaPeak[PsNonPagedPool];
461  VmCounters->QuotaNonPagedPoolUsage = Process->QuotaUsage[PsNonPagedPool];
462  VmCounters->PagefileUsage = Process->QuotaUsage[PsPageFile] << PAGE_SHIFT;
463  VmCounters->PeakPagefileUsage = Process->QuotaPeak[PsPageFile] << PAGE_SHIFT;
464  //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
465  //
466 
467  /* Set the return length */
468  Length = ProcessInformationLength;
469  }
470  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
471  {
472  /* Get the exception code */
473  Status = _SEH2_GetExceptionCode();
474  }
475  _SEH2_END;
476 
477  /* Dereference the process */
478  ObDereferenceObject(Process);
479  break;
480 
481  /* Hard Error Processing Mode */
482  case ProcessDefaultHardErrorMode:
483 
484  if (ProcessInformationLength != sizeof(ULONG))
485  {
486  Status = STATUS_INFO_LENGTH_MISMATCH;
487  break;
488  }
489 
490  /* Set the return length*/
491  Length = sizeof(ULONG);
492 
493  /* Reference the process */
494  Status = ObReferenceObjectByHandle(ProcessHandle,
495  PROCESS_QUERY_INFORMATION,
496  PsProcessType,
497  PreviousMode,
498  (PVOID*)&Process,
499  NULL);
500  if (!NT_SUCCESS(Status)) break;
501 
502  /* Enter SEH for writing back data */
503  _SEH2_TRY
504  {
505  /* Write the current processing mode */
506  *(PULONG)ProcessInformation = Process->
507  DefaultHardErrorProcessing;
508  }
509  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
510  {
511  /* Get the exception code */
512  Status = _SEH2_GetExceptionCode();
513  }
514  _SEH2_END;
515 
516  /* Dereference the process */
517  ObDereferenceObject(Process);
518  break;
519 
520  /* Priority Boosting status */
521  case ProcessPriorityBoost:
522 
523  if (ProcessInformationLength != sizeof(ULONG))
524  {
525  Status = STATUS_INFO_LENGTH_MISMATCH;
526  break;
527  }
528 
529  /* Set the return length */
530  Length = sizeof(ULONG);
531 
532  /* Reference the process */
533  Status = ObReferenceObjectByHandle(ProcessHandle,
534  PROCESS_QUERY_INFORMATION,
535  PsProcessType,
536  PreviousMode,
537  (PVOID*)&Process,
538  NULL);
539  if (!NT_SUCCESS(Status)) break;
540 
541  /* Enter SEH for writing back data */
542  _SEH2_TRY
543  {
544  /* Return boost status */
545  *(PULONG)ProcessInformation = Process->Pcb.DisableBoost ?
546  TRUE : FALSE;
547  }
548  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
549  {
550  /* Get the exception code */
551  Status = _SEH2_GetExceptionCode();
552  }
553  _SEH2_END;
554 
555  /* Dereference the process */
556  ObDereferenceObject(Process);
557  break;
558 
559  /* DOS Device Map */
560  case ProcessDeviceMap:
561 
562  if (ProcessInformationLength == sizeof(PROCESS_DEVICEMAP_INFORMATION_EX))
563  {
564  /* Protect read in SEH */
565  _SEH2_TRY
566  {
567  PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
568 
569  Flags = DeviceMapEx->Flags;
570  }
571  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
572  {
573  /* Get the exception code */
574  Status = _SEH2_GetExceptionCode();
575  _SEH2_YIELD(break);
576  }
577  _SEH2_END;
578 
579  /* Only one flag is supported and it needs LUID mappings */
580  if ((Flags & ~PROCESS_LUID_DOSDEVICES_ONLY) != 0 ||
581  !ObIsLUIDDeviceMapsEnabled())
582  {
583  Status = STATUS_INVALID_PARAMETER;
584  break;
585  }
586  }
587  else
588  {
589  /* This has to be the size of the Query union field for x64 compatibility! */
590  if (ProcessInformationLength != RTL_FIELD_SIZE(PROCESS_DEVICEMAP_INFORMATION, Query))
591  {
592  Status = STATUS_INFO_LENGTH_MISMATCH;
593  break;
594  }
595 
596  /* No flags for standard call */
597  Flags = 0;
598  }
599 
600  /* Set the return length */
601  Length = ProcessInformationLength;
602 
603  /* Reference the process */
604  Status = ObReferenceObjectByHandle(ProcessHandle,
605  PROCESS_QUERY_INFORMATION,
606  PsProcessType,
607  PreviousMode,
608  (PVOID*)&Process,
609  NULL);
610  if (!NT_SUCCESS(Status)) break;
611 
612  /* Query the device map information */
613  Status = ObQueryDeviceMapInformation(Process,
614  ProcessInformation,
615  Flags);
616 
617  /* Dereference the process */
618  ObDereferenceObject(Process);
619  break;
620 
621  /* Priority class */
622  case ProcessPriorityClass:
623 
624  if (ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS))
625  {
626  Status = STATUS_INFO_LENGTH_MISMATCH;
627  break;
628  }
629 
630  /* Set the return length*/
631  Length = sizeof(PROCESS_PRIORITY_CLASS);
632 
633  /* Reference the process */
634  Status = ObReferenceObjectByHandle(ProcessHandle,
635  PROCESS_QUERY_INFORMATION,
636  PsProcessType,
637  PreviousMode,
638  (PVOID*)&Process,
639  NULL);
640  if (!NT_SUCCESS(Status)) break;
641 
642  /* Enter SEH for writing back data */
643  _SEH2_TRY
644  {
645  /* Return current priority class */
646  PsPriorityClass->PriorityClass = Process->PriorityClass;
647  PsPriorityClass->Foreground = FALSE;
648  }
649  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
650  {
651  /* Get the exception code */
652  Status = _SEH2_GetExceptionCode();
653  }
654  _SEH2_END;
655 
656  /* Dereference the process */
657  ObDereferenceObject(Process);
658  break;
659 
660  case ProcessImageFileName:
661 
662  /* Reference the process */
663  Status = ObReferenceObjectByHandle(ProcessHandle,
664  PROCESS_QUERY_INFORMATION,
665  PsProcessType,
666  PreviousMode,
667  (PVOID*)&Process,
668  NULL);
669  if (!NT_SUCCESS(Status)) break;
670 
671  /* Get the image path */
672  Status = SeLocateProcessImageName(Process, &ImageName);
673  if (NT_SUCCESS(Status))
674  {
675  /* Set return length */
676  Length = ImageName->MaximumLength +
677  sizeof(OBJECT_NAME_INFORMATION);
678 
679  /* Make sure it's large enough */
680  if (Length <= ProcessInformationLength)
681  {
682  /* Enter SEH to protect write */
683  _SEH2_TRY
684  {
685  /* Copy it */
686  RtlCopyMemory(ProcessInformation,
687  ImageName,
688  Length);
689 
690  /* Update pointer */
691  ((PUNICODE_STRING)ProcessInformation)->Buffer =
692  (PWSTR)((PUNICODE_STRING)ProcessInformation + 1);
693  }
694  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
695  {
696  /* Get the exception code */
697  Status = _SEH2_GetExceptionCode();
698  }
699  _SEH2_END;
700  }
701  else
702  {
703  /* Buffer too small */
704  Status = STATUS_INFO_LENGTH_MISMATCH;
705  }
706 
707  /* Free the image path */
708  ExFreePoolWithTag(ImageName, TAG_SEPA);
709  }
710  /* Dereference the process */
711  ObDereferenceObject(Process);
712  break;
713 
714  case ProcessDebugFlags:
715 
716  if (ProcessInformationLength != sizeof(ULONG))
717  {
718  Status = STATUS_INFO_LENGTH_MISMATCH;
719  break;
720  }
721 
722  /* Set the return length*/
723  Length = sizeof(ULONG);
724 
725  /* Reference the process */
726  Status = ObReferenceObjectByHandle(ProcessHandle,
727  PROCESS_QUERY_INFORMATION,
728  PsProcessType,
729  PreviousMode,
730  (PVOID*)&Process,
731  NULL);
732  if (!NT_SUCCESS(Status)) break;
733 
734  /* Enter SEH for writing back data */
735  _SEH2_TRY
736  {
737  /* Return the debug flag state */
738  *(PULONG)ProcessInformation = Process->NoDebugInherit ? 0 : 1;
739  }
740  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
741  {
742  /* Get the exception code */
743  Status = _SEH2_GetExceptionCode();
744  }
745  _SEH2_END;
746 
747  /* Dereference the process */
748  ObDereferenceObject(Process);
749  break;
750 
751  case ProcessBreakOnTermination:
752 
753  if (ProcessInformationLength != sizeof(ULONG))
754  {
755  Status = STATUS_INFO_LENGTH_MISMATCH;
756  break;
757  }
758 
759  /* Set the return length */
760  Length = sizeof(ULONG);
761 
762  /* Reference the process */
763  Status = ObReferenceObjectByHandle(ProcessHandle,
764  PROCESS_QUERY_INFORMATION,
765  PsProcessType,
766  PreviousMode,
767  (PVOID*)&Process,
768  NULL);
769  if (!NT_SUCCESS(Status)) break;
770 
771  /* Enter SEH for writing back data */
772  _SEH2_TRY
773  {
774  /* Return the BreakOnTermination state */
775  *(PULONG)ProcessInformation = Process->BreakOnTermination;
776  }
777  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
778  {
779  /* Get the exception code */
780  Status = _SEH2_GetExceptionCode();
781  }
782  _SEH2_END;
783 
784  /* Dereference the process */
785  ObDereferenceObject(Process);
786  break;
787 
788  /* Per-process security cookie */
789  case ProcessCookie:
790 
791  if (ProcessInformationLength != sizeof(ULONG))
792  {
793  /* Length size wrong, bail out */
794  Status = STATUS_INFO_LENGTH_MISMATCH;
795  break;
796  }
797 
798  /* Get the current process and cookie */
799  Process = PsGetCurrentProcess();
800  Cookie = Process->Cookie;
801  if (!Cookie)
802  {
803  LARGE_INTEGER SystemTime;
804  ULONG NewCookie;
805  PKPRCB Prcb;
806 
807  /* Generate a new cookie */
808  KeQuerySystemTime(&SystemTime);
809  Prcb = KeGetCurrentPrcb();
810  NewCookie = Prcb->KeSystemCalls ^ Prcb->InterruptTime ^
811  SystemTime.u.LowPart ^ SystemTime.u.HighPart;
812 
813  /* Set the new cookie or return the current one */
814  Cookie = InterlockedCompareExchange((LONG*)&Process->Cookie,
815  NewCookie,
816  Cookie);
817  if (!Cookie) Cookie = NewCookie;
818 
819  /* Set return length */
820  Length = sizeof(ULONG);
821  }
822 
823  /* Indicate success */
824  Status = STATUS_SUCCESS;
825 
826  /* Enter SEH to protect write */
827  _SEH2_TRY
828  {
829  /* Write back the cookie */
830  *(PULONG)ProcessInformation = Cookie;
831  }
832  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
833  {
834  /* Get the exception code */
835  Status = _SEH2_GetExceptionCode();
836  }
837  _SEH2_END;
838  break;
839 
840  case ProcessImageInformation:
841 
842  if (ProcessInformationLength != sizeof(SECTION_IMAGE_INFORMATION))
843  {
844  /* Break out */
845  Status = STATUS_INFO_LENGTH_MISMATCH;
846  break;
847  }
848 
849  /* Set the length required and validate it */
850  Length = sizeof(SECTION_IMAGE_INFORMATION);
851 
852  /* Enter SEH to protect write */
853  _SEH2_TRY
854  {
855  MmGetImageInformation((PSECTION_IMAGE_INFORMATION)ProcessInformation);
856  }
857  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
858  {
859  /* Get the exception code */
860  Status = _SEH2_GetExceptionCode();
861  }
862  _SEH2_END;
863 
864  /* Indicate success */
865  Status = STATUS_SUCCESS;
866  break;
867 
868  case ProcessDebugObjectHandle:
869 
870  if (ProcessInformationLength != sizeof(HANDLE))
871  {
872  Status = STATUS_INFO_LENGTH_MISMATCH;
873  break;
874  }
875 
876  /* Set the return length */
877  Length = sizeof(HANDLE);
878 
879  /* Reference the process */
880  Status = ObReferenceObjectByHandle(ProcessHandle,
881  PROCESS_QUERY_INFORMATION,
882  PsProcessType,
883  PreviousMode,
884  (PVOID*)&Process,
885  NULL);
886  if (!NT_SUCCESS(Status)) break;
887 
888  /* Get the debug port */
889  Status = DbgkOpenProcessDebugPort(Process, PreviousMode, &DebugPort);
890 
891  /* Let go of the process */
892  ObDereferenceObject(Process);
893 
894  /* Protect write in SEH */
895  _SEH2_TRY
896  {
897  /* Return debug port's handle */
898  *(PHANDLE)ProcessInformation = DebugPort;
899  }
900  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
901  {
902  /* Get the exception code */
903  Status = _SEH2_GetExceptionCode();
904  }
905  _SEH2_END;
906  break;
907 
908  case ProcessHandleTracing:
909  DPRINT1("Handle tracing Not implemented: %lx\n", ProcessInformationClass);
910  Status = STATUS_NOT_IMPLEMENTED;
911  break;
912 
913  case ProcessLUIDDeviceMapsEnabled:
914 
915  if (ProcessInformationLength != sizeof(ULONG))
916  {
917  Status = STATUS_INFO_LENGTH_MISMATCH;
918  break;
919  }
920 
921  /* Set the return length */
922  Length = sizeof(ULONG);
923 
924  /* Indicate success */
925  Status = STATUS_SUCCESS;
926 
927  /* Protect write in SEH */
928  _SEH2_TRY
929  {
930  /* Query Ob */
931  *(PULONG)ProcessInformation = ObIsLUIDDeviceMapsEnabled();
932  }
933  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
934  {
935  /* Get the exception code */
936  Status = _SEH2_GetExceptionCode();
937  }
938  _SEH2_END;
939  break;
940 
941  case ProcessWx86Information:
942 
943  if (ProcessInformationLength != sizeof(ULONG))
944  {
945  Status = STATUS_INFO_LENGTH_MISMATCH;
946  break;
947  }
948 
949  /* Set the return length */
950  Length = sizeof(ULONG);
951 
952  /* Reference the process */
953  Status = ObReferenceObjectByHandle(ProcessHandle,
954  PROCESS_QUERY_INFORMATION,
955  PsProcessType,
956  PreviousMode,
957  (PVOID*)&Process,
958  NULL);
959  if (!NT_SUCCESS(Status)) break;
960 
961  /* Protect write in SEH */
962  _SEH2_TRY
963  {
964  /* Return if the flag is set */
965  *(PULONG)ProcessInformation = (ULONG)Process->VdmAllowed;
966  }
967  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
968  {
969  /* Get the exception code */
970  Status = _SEH2_GetExceptionCode();
971  }
972  _SEH2_END;
973 
974  /* Dereference the process */
975  ObDereferenceObject(Process);
976  break;
977 
978  case ProcessWow64Information:
979 
980  if (ProcessInformationLength != sizeof(ULONG_PTR))
981  {
982  Status = STATUS_INFO_LENGTH_MISMATCH;
983  break;
984  }
985 
986  /* Set return length */
987  Length = sizeof(ULONG_PTR);
988 
989  /* Reference the process */
990  Status = ObReferenceObjectByHandle(ProcessHandle,
991  PROCESS_QUERY_INFORMATION,
992  PsProcessType,
993  PreviousMode,
994  (PVOID*)&Process,
995  NULL);
996  if (!NT_SUCCESS(Status)) break;
997 
998  /* Make sure the process isn't dying */
999  if (ExAcquireRundownProtection(&Process->RundownProtect))
1000  {
1001  /* Get the WOW64 process structure */
1002 #ifdef _WIN64
1003  Wow64 = (ULONG_PTR)Process->Wow64Process;
1004 #else
1005  Wow64 = 0;
1006 #endif
1007  /* Release the lock */
1008  ExReleaseRundownProtection(&Process->RundownProtect);
1009  }
1010 
1011  /* Protect write with SEH */
1012  _SEH2_TRY
1013  {
1014  /* Return whether or not we have a debug port */
1015  *(PULONG_PTR)ProcessInformation = Wow64;
1016  }
1017  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1018  {
1019  /* Get exception code */
1020  Status = _SEH2_GetExceptionCode();
1021  }
1022  _SEH2_END;
1023 
1024  /* Dereference the process */
1025  ObDereferenceObject(Process);
1026  break;
1027 
1028  case ProcessExecuteFlags:
1029 
1030  if (ProcessInformationLength != sizeof(ULONG))
1031  {
1032  Status = STATUS_INFO_LENGTH_MISMATCH;
1033  break;
1034  }
1035 
1036  /* Set return length */
1037  Length = sizeof(ULONG);
1038 
1039  if (ProcessHandle != NtCurrentProcess())
1040  {
1041  return STATUS_INVALID_PARAMETER;
1042  }
1043 
1044  /* Get the options */
1045  Status = MmGetExecuteOptions(&ExecuteOptions);
1046  if (NT_SUCCESS(Status))
1047  {
1048  /* Protect write with SEH */
1049  _SEH2_TRY
1050  {
1051  /* Return them */
1052  *(PULONG)ProcessInformation = ExecuteOptions;
1053  }
1054  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1055  {
1056  /* Get exception code */
1057  Status = _SEH2_GetExceptionCode();
1058  }
1059  _SEH2_END;
1060  }
1061  break;
1062 
1063  case ProcessLdtInformation:
1064  DPRINT1("VDM/16-bit not implemented: %lx\n", ProcessInformationClass);
1065  Status = STATUS_NOT_IMPLEMENTED;
1066  break;
1067 
1068  case ProcessWorkingSetWatch:
1069  DPRINT1("WS Watch Not implemented: %lx\n", ProcessInformationClass);
1070  Status = STATUS_NOT_IMPLEMENTED;
1071  break;
1072 
1073  case ProcessPooledUsageAndLimits:
1074  DPRINT1("Pool limits Not implemented: %lx\n", ProcessInformationClass);
1075  Status = STATUS_NOT_IMPLEMENTED;
1076  break;
1077 
1078  /* Not supported by Server 2003 */
1079  default:
1080  DPRINT1("Unsupported info class: %lx\n", ProcessInformationClass);
1081  Status = STATUS_INVALID_INFO_CLASS;
1082  }
1083 
1084  /* Protect write with SEH */
1085  _SEH2_TRY
1086  {
1087  /* Check if caller wanted return length */
1088  if ((ReturnLength) && (Length)) *ReturnLength = Length;
1089  }
1090  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1091  {
1092  /* Get exception code */
1093  Status = _SEH2_GetExceptionCode();
1094  }
1095  _SEH2_END;
1096 
1097  return Status;
1098 }
_QUOTA_LIMITS::TimeLimit
LARGE_INTEGER TimeLimit
Definition: lsa.idl:292
KeQuerySystemTime
#define KeQuerySystemTime(t)
Definition: env_spec_w32.h:570
_PROCESS_DEVICEMAP_INFORMATION_EX::Flags
ULONG Flags
Definition: pstypes.h:380
_PROCESS_BASIC_INFORMATION::ExitStatus
NTSTATUS ExitStatus
Definition: pstypes.h:335
KeMaximumIncrement
ULONG KeMaximumIncrement
Definition: clock.c:20
RTL_FIELD_SIZE
#define RTL_FIELD_SIZE(type, field)
Definition: kdb_expr.c:84
ReturnLength
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
_VM_COUNTERS_::PeakVirtualSize
SIZE_T PeakVirtualSize
Definition: winternl.h:1605
_QUOTA_LIMITS::NonPagedPoolLimit
INT64 NonPagedPoolLimit
Definition: lsa.idl:288
PAGE_SHIFT
#define PAGE_SHIFT
Definition: env_spec_w32.h:45
PVM_COUNTERS
struct _VM_COUNTERS_ * PVM_COUNTERS
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
_PROCESS_BASIC_INFORMATION::BasePriority
KPRIORITY BasePriority
Definition: pstypes.h:338
_QUOTA_LIMITS::PagefileLimit
INT64 PagefileLimit
Definition: lsa.idl:291
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
_KPRCB::InterruptTime
ULONG InterruptTime
Definition: ketypes.h:740
_VM_COUNTERS_::PeakPagefileUsage
SIZE_T PeakPagefileUsage
Definition: winternl.h:1615
PROCESS_QUERY_INFORMATION
#define PROCESS_QUERY_INFORMATION
Definition: pstypes.h:166
ObQueryDeviceMapInformation
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
ExReleaseRundownProtection
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
TRUE
#define TRUE
Definition: types.h:120
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
_VM_COUNTERS_::QuotaPagedPoolUsage
SIZE_T QuotaPagedPoolUsage
Definition: winternl.h:1611
_LARGE_INTEGER::u
struct _LARGE_INTEGER::@2270 u
_VM_COUNTERS_EX
Definition: pstypes.h:105
SeLocateProcessImageName
NTSTATUS NTAPI SeLocateProcessImageName(IN PEPROCESS Process, OUT PUNICODE_STRING *ProcessImageName)
Definition: audit.c:122
KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_KERNEL_USER_TIMES::UserTime
LARGE_INTEGER UserTime
Definition: winternl.h:1063
KeGetCurrentPrcb
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
Definition: ketypes.h:1079
ExAcquireRundownProtection
#define ExAcquireRundownProtection
Definition: ex.h:133
_PROCESS_VALUES
Definition: ke.h:44
_VM_COUNTERS_::PagefileUsage
SIZE_T PagefileUsage
Definition: winternl.h:1614
_VM_COUNTERS_::QuotaPeakPagedPoolUsage
SIZE_T QuotaPeakPagedPoolUsage
Definition: winternl.h:1610
InterlockedCompareExchange
#define InterlockedCompareExchange
Definition: interlocked.h:104
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
_EPROCESS
Definition: pstypes.h:1260
_PROCESS_PRIORITY_CLASS::PriorityClass
UCHAR PriorityClass
Definition: pstypes.h:957
_VM_COUNTERS_::VirtualSize
SIZE_T VirtualSize
Definition: winternl.h:1606
_PROCESS_VALUES::IoInfo
IO_COUNTERS IoInfo
Definition: ke.h:48
_KERNEL_USER_TIMES
Definition: winternl.h:1059
DefaultQueryInfoBufferCheck
static __inline NTSTATUS DefaultQueryInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, PULONG ReturnLength, PULONG_PTR ReturnLengthPtr, KPROCESSOR_MODE PreviousMode, BOOLEAN CompleteProbing)
Definition: probe.h:59
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
_VM_COUNTERS_::QuotaPeakNonPagedPoolUsage
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:1612
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
_KERNEL_USER_TIMES::ExitTime
LARGE_INTEGER ExitTime
Definition: winternl.h:1061
_VM_COUNTERS_::PageFaultCount
ULONG PageFaultCount
Definition: winternl.h:1607
QUOTA_LIMITS
struct _QUOTA_LIMITS QUOTA_LIMITS
_PROCESS_BASIC_INFORMATION::PebBaseAddress
PPEB PebBaseAddress
Definition: winternl.h:404
STATUS_NOT_IMPLEMENTED
return STATUS_NOT_IMPLEMENTED
Definition: fxdriverapium.cpp:241
_PROCESS_DEVICEMAP_INFORMATION
Definition: pstypes.h:358
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
MmGetImageInformation
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1808
FALSE
#define FALSE
Definition: types.h:117
LONG
long LONG
Definition: pedump.c:60
PspDefaultQuotaBlock
EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock
Definition: quota.c:17
_QUOTA_LIMITS::PagedPoolLimit
INT64 PagedPoolLimit
Definition: lsa.idl:287
ObGetProcessHandleCount
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:58
PQUOTA_LIMITS
struct _QUOTA_LIMITS * PQUOTA_LIMITS
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17
PROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
MmGetExecuteOptions
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2572
_IO_COUNTERS
Definition: pstypes.h:82
OBJECT_NAME_INFORMATION
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
_VM_COUNTERS_::QuotaNonPagedPoolUsage
SIZE_T QuotaNonPagedPoolUsage
Definition: winternl.h:1613
PKERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
_LARGE_INTEGER::HighPart
LONG HighPart
Definition: typedefs.h:107
DbgkOpenProcessDebugPort
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
_PROCESS_BASIC_INFORMATION::InheritedFromUniqueProcessId
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:340
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
UserTime
_Out_ PULONG UserTime
Definition: kefuncs.h:771
_PROCESS_BASIC_INFORMATION
Definition: winternl.h:401
Status
Status
Definition: gdiplustypes.h:24
LONGLONG
int64_t LONGLONG
Definition: typedefs.h:68
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PPROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
KeQueryValuesProcess
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_KERNEL_USER_TIMES::CreateTime
LARGE_INTEGER CreateTime
Definition: winternl.h:1060
Cookie
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
Definition: cmfuncs.h:13
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
HANDLE
PVOID HANDLE
Definition: typedefs.h:73
_KPRCB::KeSystemCalls
ULONG KeSystemCalls
Definition: ketypes.h:651
Query
BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended)
Definition: query.c:292
_QUOTA_LIMITS
Definition: lsa.idl:286
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
SECTION_IMAGE_INFORMATION
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
PPROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
ImageName
static const char * ImageName
Definition: image.c:34
STATUS_INVALID_INFO_CLASS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
_PROCESS_PRIORITY_CLASS
Definition: pstypes.h:954
PROCESS_LUID_DOSDEVICES_ONLY
#define PROCESS_LUID_DOSDEVICES_ONLY
Definition: pstypes.h:228
_KPRCB
Definition: ketypes.h:559
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
_LARGE_INTEGER::LowPart
ULONG LowPart
Definition: typedefs.h:106
_QUOTA_LIMITS::MinimumWorkingSetSize
INT64 MinimumWorkingSetSize
Definition: lsa.idl:289
MAXULONG
#define MAXULONG
Definition: typedefs.h:251
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
_VM_COUNTERS_::WorkingSetSize
SIZE_T WorkingSetSize
Definition: winternl.h:1609
_UNICODE_STRING
Definition: env_spec_w32.h:368
_SEH2_END
_SEH2_END
Definition: create.c:4400
_PROCESS_BASIC_INFORMATION::UniqueProcessId
ULONG_PTR UniqueProcessId
Definition: winternl.h:406
PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
RTL_NUMBER_OF
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
KeQueryRuntimeProcess
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
PULONG
unsigned int * PULONG
Definition: retypes.h:1
NULL
#define NULL
Definition: types.h:112
_QUOTA_LIMITS::MaximumWorkingSetSize
INT64 MaximumWorkingSetSize
Definition: lsa.idl:290
PUNICODE_STRING
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
IO_COUNTERS
struct _IO_COUNTERS IO_COUNTERS
_LARGE_INTEGER
Definition: typedefs.h:102
DPRINT1
#define DPRINT1
Definition: precomp.h:8
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_SessionInfo
Definition: mmdrv.h:129
ULONG
unsigned int ULONG
Definition: retypes.h:1
PsGetProcessSessionId
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
PULONG_PTR
uint32_t * PULONG_PTR
Definition: typedefs.h:65
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
TAG_SEPA
#define TAG_SEPA
Definition: tag.h:191
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_VM_COUNTERS_::PeakWorkingSetSize
SIZE_T PeakWorkingSetSize
Definition: winternl.h:1608
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
PROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
ProcessHandle
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
_PROCESS_PRIORITY_CLASS::Foreground
BOOLEAN Foreground
Definition: pstypes.h:956
_VM_COUNTERS_
Definition: winternl.h:1604
_SECTION_IMAGE_INFORMATION
Definition: mmtypes.h:336
ObIsLUIDDeviceMapsEnabled
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
Definition: devicemap.c:662
_KERNEL_USER_TIMES::KernelTime
LARGE_INTEGER KernelTime
Definition: winternl.h:1062
_PROCESS_SESSION_INFORMATION
Definition: pstypes.h:383
PsProcessType
POBJECT_TYPE PsProcessType
Definition: process.c:20
_PROCESS_BASIC_INFORMATION::AffinityMask
ULONG_PTR AffinityMask
Definition: pstypes.h:337
PsProcessInfoClass
static const INFORMATION_CLASS_INFO PsProcessInfoClass[]
Definition: ps_i.h:15
_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89
PIO_COUNTERS
struct _IO_COUNTERS * PIO_COUNTERS
_PROCESS_DEVICEMAP_INFORMATION_EX
Definition: pstypes.h:370

Referenced by _main(), BaseInitializeStaticServerData(), check_live_target(), CheckRemoteDebuggerPresent(), CON_API_NOCONSOLE(), EmptyWorkingSet(), EnumProcessModules(), FindModule(), get_shiminfo(), GetDriveTypeW(), GetErrorMode(), GetExitCodeProcess(), GetLogicalDrives(), GetPriorityClass(), GetProcessAffinityMask(), GetProcessHandleCount(), GetProcessId(), GetProcessImageFileNameA(), GetProcessImageFileNameW(), GetProcessIoCounters(), GetProcessMemoryInfo(), GetProcessPriorityBoost(), GetProcessTimes(), GetProcessVersion(), GetProcessWorkingSetSizeEx(), GetSourcePaths(), GetWsChanges(), GlobalMemoryStatusEx(), InitFunctionPtrs(), Is64BitSystem(), IsCriticalProcess(), IsWow64Process(), PerfDataGetCommandLine(), PrintProcess(), ProcessIdToSessionId(), PsaEnumerateProcessModules(), QueryFlag(), QueryFullProcessImageNameW(), QuerySetProcessValidator(), RtlpQueryRemoteProcessModules(), SmpApiLoop(), SmpCreateVolumeDescriptors(), SmpGetProcessMuSessionId(), Test_ProcessPriorityClassAlignment(), Test_ProcessTimes(), Test_ProcessWx86Information(), UnhandledExceptionFilter(), UserpGetClientFileName(), and Wow64QueryFlag().

◆ PsGetCurrentProcessId()

NTKERNELAPI HANDLE NTAPI PsGetCurrentProcessId ( VOID  )

Definition at line 1123 of file process.c.

1124 {
1125  return (HANDLE)PsGetCurrentProcess()->UniqueProcessId;
1126 }
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17

Referenced by CheckWinstaAttributeAccess(), CmpCreateRegistryRoot(), CmpDoCreateChild(), CmpDoOpen(), CreateProcessNotifyRoutine(), CreateThreadNotifyRoutine(), DbgP(), DdHmgAlloc(), DesktopWindowProc(), DispEchoRequest(), ENTRY_ReferenceEntryByHandle(), ExpLoadBootSymbols(), FileOpenAddress(), FltpCreate(), GDI_CleanupForProcess(), GDIOBJ_hInsertObject(), GDIOBJ_vDereferenceObject(), GDIOBJ_vSetObjectOwner(), GreGetObjectOwner(), handle_gdb_read_mem(), handle_gdb_write_mem(), IntCreateWindowStation(), IntWinStaObjectDelete(), KdInitSystem(), KsecGatherEntropyData(), LpcpDeletePort(), MmLoadSystemImage(), MmUnloadSystemImage(), NtUserLockWindowStation(), NtUserSetLogonNotifyWindow(), NtUserSetWindowStationUser(), NtUserSwitchDesktop(), NtUserUnlockWindowStation(), ObpAllocateObject(), print_error(), ReadMemorySendHandler(), VerifyObjectOwner(), and WriteMemorySendHandler().

◆ PsGetCurrentThreadTeb()

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadTeb ( VOID  )

Definition at line 785 of file thread.c.

786 {
787  return PsGetCurrentThread()->Tcb.Teb;
788 }
PsGetCurrentThread
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81

Referenced by FileOpenAddress().

◆ PsGetThreadProcess()

NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess ( _In_ PETHREAD  Thread)

◆ PsGetVersion()

NTKERNELAPI BOOLEAN NTAPI PsGetVersion ( OUT PULONG MajorVersion  OPTIONAL,
OUT PULONG MinorVersion  OPTIONAL,
OUT PULONG BuildNumber  OPTIONAL,
OUT PUNICODE_STRING CSDVersion  OPTIONAL 
)

Definition at line 658 of file psmgr.c.

662 {
663  if (MajorVersion) *MajorVersion = NtMajorVersion;
664  if (MinorVersion) *MinorVersion = NtMinorVersion;
665  if (BuildNumber ) *BuildNumber = NtBuildNumber & 0x3FFF;
666 
667  if (CSDVersion)
668  {
669  CSDVersion->Length = CmCSDVersionString.Length;
670  CSDVersion->MaximumLength = CmCSDVersionString.MaximumLength;
671  CSDVersion->Buffer = CmCSDVersionString.Buffer;
672  }
673 
674  /* Return TRUE if this is a Checked Build */
675  return (NtBuildNumber >> 28) == 0xC;
676 }
MinorVersion
ULONG MinorVersion
Definition: ros_glue.cpp:5
MajorVersion
ULONG MajorVersion
Definition: ros_glue.cpp:4
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
NtMajorVersion
ULONG NtMajorVersion
Definition: init.c:43
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
NtMinorVersion
ULONG NtMinorVersion
Definition: init.c:44
NtBuildNumber
ULONG NtBuildNumber
Definition: init.c:48
CmCSDVersionString
UNICODE_STRING CmCSDVersionString
Definition: init.c:60
BuildNumber
ULONG BuildNumber
Definition: ros_glue.cpp:6

◆ PsIsCurrentThreadPrefetching()

NTKERNELAPI BOOLEAN NTAPI PsIsCurrentThreadPrefetching ( VOID  )

◆ PsIsSystemThread()

NTKERNELAPI BOOLEAN NTAPI PsIsSystemThread ( _In_ PETHREAD  Thread)

◆ PsRemoveCreateThreadNotifyRoutine()

NTKERNELAPI NTSTATUS NTAPI PsRemoveCreateThreadNotifyRoutine ( _In_ PCREATE_THREAD_NOTIFY_ROUTINE  NotifyRoutine)

◆ PsSetCreateProcessNotifyRoutineEx()

NTKERNELAPI NTSTATUS NTAPI PsSetCreateProcessNotifyRoutineEx ( IN PCREATE_PROCESS_NOTIFY_ROUTINE_EX  NotifyRoutine,
IN BOOLEAN  Remove 
)

◆ PsSetCurrentThreadPrefetching()

NTKERNELAPI BOOLEAN NTAPI PsSetCurrentThreadPrefetching ( IN BOOLEAN  Prefetching)

Variable Documentation

◆ Amount

_Must_inspect_result_ _In_ POOL_TYPE _In_ ULONG_PTR Amount

Definition at line 211 of file psfuncs.h.

◆ ApcRoutine

_Inout_ PVOID* ApcRoutine

Definition at line 11 of file psfuncs.h.

◆ ClientId

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID ClientId

Definition at line 40 of file psfuncs.h.

◆ CopyOnOpen

_Must_inspect_result_ _In_opt_ PACCESS_TOKEN _In_ BOOLEAN CopyOnOpen

Definition at line 154 of file psfuncs.h.

Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), PsImpersonateClient(), PsReferenceImpersonationToken(), and SeCaptureSubjectContextEx().

◆ DesiredAccess

_In_ ULONG DesiredAccess

Definition at line 40 of file psfuncs.h.

◆ EffectiveOnly

_Must_inspect_result_ _In_opt_ PACCESS_TOKEN _In_ BOOLEAN _In_ BOOLEAN EffectiveOnly

Definition at line 154 of file psfuncs.h.

◆ ImpersonationLevel

_Must_inspect_result_ _In_opt_ PACCESS_TOKEN _In_ BOOLEAN _In_ BOOLEAN _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel

Definition at line 154 of file psfuncs.h.

Referenced by DuplicateToken(), DuplicateTokenEx(), GetProcessLuid(), FxRequest::Impersonate(), ImpersonateSelf(), make_impersonation_token(), NtCloseObjectAuditAlarm(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), PsAssignImpersonationToken(), PsImpersonateClient(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), RtlImpersonateSelf(), SeCreateClientSecurity(), SepCreateClientSecurity(), SepCreateToken(), SeTokenCanImpersonate(), test_ImpersonateNamedPipeClient(), and test_token_attr().

◆ ImpersonationState

_In_ PSE_IMPERSONATION_STATE ImpersonationState

Definition at line 189 of file psfuncs.h.

Referenced by NtOpenThreadTokenEx(), PsDisableImpersonation(), and PsRestoreImpersonation().

◆ ObjectAttributes

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes

Definition at line 40 of file psfuncs.h.

◆ PoolType

_Must_inspect_result_ _In_ POOL_TYPE PoolType

Definition at line 211 of file psfuncs.h.

◆ Process

_Outptr_ PEPROCESS* Process

Definition at line 64 of file psfuncs.h.

◆ ProcessHandle

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE ProcessHandle

Definition at line 87 of file psfuncs.h.

◆ Remove

int Remove

Definition at line 110 of file psfuncs.h.

Referenced by ApphelpCacheUpdateEntry(), co_MsqPeekHardwareMessage(), DECLARE_INTERFACE_(), CIconWatcher::GetListEntry(), MsqPeekMessage(), PsSetCreateProcessNotifyRoutine(), and RtlpCoalesceFreeBlocks().

◆ StartRoutine

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE StartRoutine

Definition at line 87 of file psfuncs.h.

Referenced by InitThreadDataEx(), KeInitializeThread(), KeInitThread(), KiInitializeContextThread(), KiThreadStartup(), KmtStartThread(), PsCreateSystemThread(), PspCreateThread(), PspSystemThreadStartup(), PspUserThreadStartup(), and RtlpStartWorkerThread().

◆ Thread

_Must_inspect_result_ _Outptr_ PETHREAD* Thread

Definition at line 73 of file psfuncs.h.

◆ Token

_In_opt_ HANDLE Token

Definition at line 178 of file psfuncs.h.