ReactOS 0.4.16-dev-732-g2d1144a
psfuncs.h File Reference

Go to the source code of this file.

Macros

#define PsGetCurrentProcess   IoGetCurrentProcess
 
#define _PSGETCURRENTTHREAD_
 

Functions

 $if (_WDMDDK_) NTKERNELAPI NTSTATUS NTAPI PsWrapApcWow64Thread(_Inout_ PVOID *ApcContext
 
 _IRQL_requires_max_ (DISPATCH_LEVEL) FORCEINLINE PETHREAD NTAPI PsGetCurrentThread(VOID)
 
 $endif (_WDMDDK_) $if(_NTDDK_) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess(_Out_ PHANDLE ProcessHandle
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
 
 $endif (_NTDDK_) $if(_NTIFS_) _Must_inspect_result_ _IRQL_requires_max_(APC_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsLookupProcessByProcessId(_In_ HANDLE ProcessId
 
_Must_inspect_result_ _IRQL_requires_max_ (APC_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsLookupThreadByThreadId(_In_ HANDLE UniqueThreadId
 Probes and locks virtual pages in memory for the specified process.
 
 $endif (_NTIFS_) $if(_WDMDDK_) _IRQL_requires_max_(APC_LEVEL) _Post_satisfies_(return<=0) _Must_inspect_result_ NTKERNELAPI NTSTATUS NTAPI PsCreateSystemThread(_Out_ PHANDLE ThreadHandle
 
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE _In_opt_ _When_ (return==0, __drv_aliasesMem) PVOID StartContext)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsTerminateSystemThread(_In_ NTSTATUS ExitStatus)
 Queries information details about a security descriptor.
 
NTKERNELAPI HANDLE NTAPI PsGetCurrentProcessId (VOID)
 
NTKERNELAPI BOOLEAN NTAPI PsGetVersion (OUT PULONG MajorVersion OPTIONAL, OUT PULONG MinorVersion OPTIONAL, OUT PULONG BuildNumber OPTIONAL, OUT PUNICODE_STRING CSDVersion OPTIONAL)
 
NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess (_In_ PETHREAD Thread)
 
NTKERNELAPI NTSTATUS NTAPI PsRemoveCreateThreadNotifyRoutine (_In_ PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine)
 
NTKERNELAPI BOOLEAN NTAPI PsIsSystemThread (_In_ PETHREAD Thread)
 
NTKERNELAPI PVOID NTAPI PsGetCurrentThreadTeb (VOID)
 
NTKERNELAPI BOOLEAN NTAPI PsSetCurrentThreadPrefetching (IN BOOLEAN Prefetching)
 
NTKERNELAPI BOOLEAN NTAPI PsIsCurrentThreadPrefetching (VOID)
 
NTKERNELAPI NTSTATUS NTAPI PsSetCreateProcessNotifyRoutineEx (IN PCREATE_PROCESS_NOTIFY_ROUTINE_EX NotifyRoutine, IN BOOLEAN Remove)
 

Variables

_Inout_ PVOIDApcRoutine
 
_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES ObjectAttributes
 
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _In_opt_ PCLIENT_ID ClientId
 
_Outptr_ PEPROCESSProcess
 
_Must_inspect_result_ _Outptr_ PETHREADThread
 
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE ProcessHandle
 
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE StartRoutine
 
_In_ BOOLEAN Remove
 
_Out_ PBOOLEAN CopyOnOpen
 
_Out_ PBOOLEAN _Out_ PBOOLEAN EffectiveOnly
 
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
 
_Must_inspect_result_ _In_opt_ PACCESS_TOKEN Token
 
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
 
_In_ POOL_TYPE PoolType
 
_In_ POOL_TYPE _In_ ULONG_PTR Amount
 

Macro Definition Documentation

◆ _PSGETCURRENTTHREAD_

#define _PSGETCURRENTTHREAD_

Definition at line 20 of file psfuncs.h.

◆ PsGetCurrentProcess

#define PsGetCurrentProcess   IoGetCurrentProcess

Definition at line 17 of file psfuncs.h.

Function Documentation

◆ $endif() [1/3]

$endif ( _NTDDK_  )

Definition at line 559 of file iofuncs.h.

2502{
2503 PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
2504 PriorityInfo->ThreadPriority = 0xffff;
2505 PriorityInfo->IoPriority = IoPriorityNormal;
2506 PriorityInfo->PagePriority = 0;
2507}
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD _Inout_ PIO_PRIORITY_INFO PriorityInfo
Definition: fltkernel.h:2654
struct _IO_PRIORITY_INFO IO_PRIORITY_INFO
@ IoPriorityNormal
Definition: iotypes.h:1233

◆ $endif() [2/3]

$endif ( _NTIFS_  )
pure virtual

Definition at line 396 of file rtlfuncs.h.

2856{
2858 ret.QuadPart = SignedInteger;
2859 return ret;
2860}
return ret
Definition: rtlfuncs.h:3107

◆ $endif() [3/3]

$endif ( _WDMDDK_  )

Definition at line 85 of file ke.h.

226{
229} NEON128, *PNEON128;
NEON128
Definition: ke.h:229
* PNEON128
Definition: ke.h:229
@ High
Definition: strmini.h:378
@ Low
Definition: strmini.h:380
int64_t LONGLONG
Definition: typedefs.h:68
uint64_t ULONGLONG
Definition: typedefs.h:67

◆ $if()

$if ( _WDMDDK_  )

Kernel definitions for ARM64

Kernel definitions for AMD64

Kernel definitions for ARM

Definition at line 1 of file ke.h.

31{
32 ULONG Dummy;
KFLOATING_SAVE
Definition: ke.h:33
* PKFLOATING_SAVE
Definition: ke.h:33
uint32_t ULONG
Definition: typedefs.h:59

◆ _IRQL_requires_max_() [1/3]

_Must_inspect_result_ _IRQL_requires_max_ ( APC_LEVEL  )

Probes and locks virtual pages in memory for the specified process.

Parameters
[in,out]MemoryDescriptorListMemory Descriptor List (MDL) containing the buffer to be probed and locked.
[in]ProcessThe process for which the buffer should be probed and locked.
[in]AccessModeAccess mode for probing the pages. Can be KernelMode or UserMode.
[in]LockOperationThe type of the probing and locking operation. Can be IoReadAccess, IoWriteAccess or IoModifyAccess.
Returns
Nothing.
See also
MmProbeAndLockPages
Remarks
Must be called at IRQL <= APC_LEVEL

Probes and locks virtual pages in memory for the specified process.

Frees previously reserved amount of memory in system virtual address space.

Parameters
[in]NumberOfBytesSize, in bytes, of memory to reserve.
[in]PoolTagPool Tag identifying the buffer. Usually consists from 4 characters in reversed order.
Returns
A pointer to the 1st memory block of the reserved buffer in case of success, NULL otherwise.
Remarks
Must be called at IRQL <= APC_LEVEL
Parameters
[in]BaseAddressA pointer to the 1st memory block of the reserved buffer.
[in]PoolTagPool Tag identifying the buffer. Usually consists from 4 characters in reversed order.
Returns
Nothing.
See also
MmAllocateMappingAddress
Remarks
Must be called at IRQL <= APC_LEVEL

Definition at line 37 of file cddata.c.

254{
255 THREAD_CONTEXT ThreadContext = {0};
256 PIRP_CONTEXT IrpContext = NULL;
258
259#ifdef CD_SANITY
260 PVOID PreviousTopLevel;
261#endif
262
264
265#if DBG
266
267 KIRQL SaveIrql = KeGetCurrentIrql();
268
269#endif
270
272
274
276
277#ifdef CD_SANITY
278 PreviousTopLevel = IoGetTopLevelIrp();
279#endif
280
281 //
282 // Loop until this request has been completed or posted.
283 //
284
285 do {
286
287 //
288 // Use a try-except to handle the exception cases.
289 //
290
291 _SEH2_TRY {
292
293 //
294 // If the IrpContext is NULL then this is the first pass through
295 // this loop.
296 //
297
298 if (IrpContext == NULL) {
299
300 //
301 // Decide if this request is waitable an allocate the IrpContext.
302 // If the file object in the stack location is NULL then this
303 // is a mount which is always waitable. Otherwise we look at
304 // the file object flags.
305 //
306
308
309 Wait = TRUE;
310
311 } else {
312
313 Wait = CanFsdWait( Irp );
314 }
315
316 IrpContext = CdCreateIrpContext( Irp, Wait );
317
318 //
319 // Update the thread context information.
320 //
321
322 CdSetThreadContext( IrpContext, &ThreadContext );
323
324#ifdef CD_SANITY
325 NT_ASSERT( !CdTestTopLevel ||
326 SafeNodeType( IrpContext->TopLevel ) == CDFS_NTC_IRP_CONTEXT );
327#endif
328
329 //
330 // Otherwise cleanup the IrpContext for the retry.
331 //
332
333 } else {
334
335 //
336 // Set the MORE_PROCESSING flag to make sure the IrpContext
337 // isn't inadvertently deleted here. Then cleanup the
338 // IrpContext to perform the retry.
339 //
340
341 SetFlag( IrpContext->Flags, IRP_CONTEXT_FLAG_MORE_PROCESSING );
342 CdCleanupIrpContext( IrpContext, FALSE );
343 }
344
345 //
346 // Case on the major irp code.
347 //
348
349 switch (IrpContext->MajorFunction) {
350
351 case IRP_MJ_CREATE :
352
353 Status = CdCommonCreate( IrpContext, Irp );
354 break;
355
356 case IRP_MJ_CLOSE :
357
358 Status = CdCommonClose( IrpContext, Irp );
359 break;
360
361 case IRP_MJ_READ :
362
363 //
364 // If this is an Mdl complete request, don't go through
365 // common read.
366 //
367
368 if (FlagOn( IrpContext->MinorFunction, IRP_MN_COMPLETE )) {
369
370 Status = CdCompleteMdl( IrpContext, Irp );
371
372 } else {
373
374 Status = CdCommonRead( IrpContext, Irp );
375 }
376
377 break;
378
379 case IRP_MJ_WRITE :
380
381 Status = CdCommonWrite( IrpContext, Irp );
382 break;
383
385
386 Status = CdCommonQueryInfo( IrpContext, Irp );
387 break;
388
390
391 Status = CdCommonSetInfo( IrpContext, Irp );
392 break;
393
395
396 Status = CdCommonQueryVolInfo( IrpContext, Irp );
397 break;
398
400
401 Status = CdCommonDirControl( IrpContext, Irp );
402 break;
403
405
406 Status = CdCommonFsControl( IrpContext, Irp );
407 break;
408
410
411 Status = CdCommonDevControl( IrpContext, Irp );
412 break;
413
415
416 Status = CdCommonLockControl( IrpContext, Irp );
417 break;
418
419 case IRP_MJ_CLEANUP :
420
421 Status = CdCommonCleanup( IrpContext, Irp );
422 break;
423
424 case IRP_MJ_PNP :
425
426 Status = CdCommonPnp( IrpContext, Irp );
427 break;
428
429 case IRP_MJ_SHUTDOWN :
430
431 Status = CdCommonShutdown( IrpContext, Irp );
432 break;
433
434 default :
435
437 CdCompleteRequest( IrpContext, Irp, Status );
438 }
439
441
442 Status = CdProcessException( IrpContext, Irp, _SEH2_GetExceptionCode() );
443 } _SEH2_END;
444
445 } while (Status == STATUS_CANT_WAIT);
446
447#ifdef CD_SANITY
448 NT_ASSERT( !CdTestTopLevel ||
449 (PreviousTopLevel == IoGetTopLevelIrp()) );
450#endif
451
453
454 NT_ASSERT( SaveIrql == KeGetCurrentIrql( ));
455
456 return Status;
457}
static PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(PIRP Irp)
unsigned char BOOLEAN
LONG NTSTATUS
Definition: precomp.h:26
VOID CdCompleteRequest(_Inout_opt_ PIRP_CONTEXT IrpContext, _Inout_opt_ PIRP Irp, _In_ NTSTATUS Status)
Definition: cddata.c:914
LONG CdExceptionFilter(_Inout_ PIRP_CONTEXT IrpContext, _In_ PEXCEPTION_POINTERS ExceptionPointer)
Definition: cddata.c:525
VOID CdSetThreadContext(_Inout_ PIRP_CONTEXT IrpContext, _In_ PTHREAD_CONTEXT ThreadContext)
Definition: cddata.c:981
#define ASSERT_OPTIONAL_IRP(I)
Definition: cddata.h:251
NTSTATUS CdCompleteMdl(_In_ PIRP_CONTEXT IrpContext, _Inout_ PIRP Irp)
Definition: cachesup.c:411
VOID CdCleanupIrpContext(_In_ PIRP_CONTEXT IrpContext, _In_ BOOLEAN Post)
Definition: strucsup.c:1733
#define CanFsdWait(I)
Definition: cdprocs.h:2001
NTSTATUS CdCommonLockControl(_Inout_ PIRP_CONTEXT IrpContext, _Inout_ PIRP Irp)
Definition: lockctrl.c:35
NTSTATUS CdCommonDevControl(_Inout_ PIRP_CONTEXT IrpContext, _Inout_ PIRP Irp)
Definition: devctrl.c:46
_Ret_valid_ PIRP_CONTEXT CdCreateIrpContext(_In_ PIRP Irp, _In_ BOOLEAN Wait)
Definition: strucsup.c:1573
#define IRP_MJ_PNP
Definition: cdrw_usr.h:52
#define IRP_CONTEXT_FLAG_MORE_PROCESSING
Definition: cdstruc.h:1214
_In_ PIRP Irp
Definition: csq.h:116
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define CDFS_NTC_IRP_CONTEXT
Definition: nodetype.h:34
#define SafeNodeType(Ptr)
Definition: nodetype.h:54
UCHAR KIRQL
Definition: env_spec_w32.h:591
#define KeGetCurrentIrql()
Definition: env_spec_w32.h:706
#define SetFlag(_F, _SF)
Definition: ext2fs.h:187
#define FlagOn(_F, _SF)
Definition: ext2fs.h:179
#define FsRtlEnterFileSystem
#define FsRtlExitFileSystem
Status
Definition: gdiplustypes.h:25
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:325
PIRP NTAPI IoGetTopLevelIrp(VOID)
Definition: irp.c:1843
#define STATUS_CANT_WAIT
Definition: ntstatus.h:452
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:66
#define _SEH2_GetExceptionInformation()
Definition: pseh2_64.h:164
#define _SEH2_END
Definition: pseh2_64.h:155
#define _SEH2_TRY
Definition: pseh2_64.h:55
#define IRP_MJ_DIRECTORY_CONTROL
Definition: rdpdr.c:51
#define IRP_MJ_CLOSE
Definition: rdpdr.c:45
#define IRP_MJ_READ
Definition: rdpdr.c:46
#define IRP_MJ_DEVICE_CONTROL
Definition: rdpdr.c:52
#define IRP_MJ_QUERY_VOLUME_INFORMATION
Definition: rdpdr.c:50
#define IRP_MJ_LOCK_CONTROL
Definition: rdpdr.c:53
#define IRP_MJ_WRITE
Definition: rdpdr.c:47
#define IRP_MJ_SET_INFORMATION
Definition: rdpdr.c:49
#define IRP_MJ_CREATE
Definition: rdpdr.c:44
#define IRP_MJ_QUERY_INFORMATION
Definition: rdpdr.c:48
#define STATUS_INVALID_DEVICE_REQUEST
Definition: udferr_usr.h:138
_In_ PDEVICE_OBJECT DeviceObject
Definition: wdfdevice.h:2055
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:550
_In_ WDFDPC _In_ BOOLEAN Wait
Definition: wdfdpc.h:170
#define IRP_MN_COMPLETE
Definition: iotypes.h:4420
#define IRP_MJ_FILE_SYSTEM_CONTROL
#define IRP_MJ_SHUTDOWN
#define IRP_MJ_CLEANUP
#define NT_ASSERT
Definition: rtlfuncs.h:3327

◆ _IRQL_requires_max_() [2/3]

_IRQL_requires_max_ ( DISPATCH_LEVEL  )

Definition at line 21 of file psfuncs.h.

26{
28}
#define KeGetCurrentThread
Definition: hal.h:55

◆ _IRQL_requires_max_() [3/3]

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 923 of file Messaging.c.

75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
78
79 /* The caller must allow at least one connection */
80 if (MaxConnections == 0)
81 {
83 }
84
85 /* The request must be for a kernel handle */
86 if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87 {
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
97 if (!NT_SUCCESS(Status))
98 {
99 return Status;
100 }
101
102 /* Create the server port object for this filter */
107 NULL,
109 0,
110 0,
111 (PVOID *)&PortObject);
112 if (NT_SUCCESS(Status))
113 {
114 /* Zero out the struct */
115 RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116
117 /* Increment the ref count on the target filter */
119
120 /* Setup the filter port object */
121 PortObject->Filter = Filter;
125 PortObject->Cookie = ServerPortCookie;
126 PortObject->MaxConnections = MaxConnections;
127
128 /* Insert the object */
129 Status = ObInsertObject(PortObject,
130 NULL,
132 0,
133 NULL,
135 if (NT_SUCCESS(Status))
136 {
137 /* Lock the connection list */
139
140 /* Add the new port object to the connection list and increment the count */
143
144 /* Unlock the connection list*/
146 }
147 }
148
149 if (!NT_SUCCESS(Status))
150 {
151 /* Allow the filter to be cleaned up */
153 }
154
155 return Status;
156}
static const INTERNET_PORT ServerPort
Definition: CWebService.cpp:11
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
#define InsertTailList(ListHead, Entry)
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
static LONG MaxConnections
#define KernelMode
Definition: asm.h:38
#define FILE_READ_DATA
Definition: nt_native.h:628
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121
LIST_ENTRY mList
Definition: fltmgrint.h:56
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

◆ _When_()

◆ NtQueryInformationProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_Out_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Definition at line 59 of file query.c.

65{
69 ULONG Length = 0;
70
71 PAGED_CODE();
72
73 /* Verify Information Class validity */
74 Status = DefaultQueryInfoBufferCheck(ProcessInformationClass,
78 ProcessInformation,
79 ProcessInformationLength,
81 NULL,
83 if (!NT_SUCCESS(Status))
84 {
85 DPRINT1("NtQueryInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
86 return Status;
87 }
88
89 if (((ProcessInformationClass == ProcessCookie) ||
90 (ProcessInformationClass == ProcessImageInformation)) &&
92 {
93 /*
94 * Retrieving the process cookie is only allowed for the calling process
95 * itself! XP only allows NtCurrentProcess() as process handles even if
96 * a real handle actually represents the current process.
97 */
99 }
100
101 /* Check the information class */
102 switch (ProcessInformationClass)
103 {
104 /* Basic process information */
106 {
107 PPROCESS_BASIC_INFORMATION ProcessBasicInfo = (PPROCESS_BASIC_INFORMATION)ProcessInformation;
108
109 if (ProcessInformationLength != sizeof(PROCESS_BASIC_INFORMATION))
110 {
112 break;
113 }
114
115 /* Set return length */
117
118 /* Reference the process */
123 (PVOID*)&Process,
124 NULL);
125 if (!NT_SUCCESS(Status)) break;
126
127 /* Protect writes with SEH */
129 {
130 /* Write all the information from the EPROCESS/KPROCESS */
131 ProcessBasicInfo->ExitStatus = Process->ExitStatus;
132 ProcessBasicInfo->PebBaseAddress = Process->Peb;
133 ProcessBasicInfo->AffinityMask = Process->Pcb.Affinity;
134 ProcessBasicInfo->UniqueProcessId = (ULONG_PTR)Process->
135 UniqueProcessId;
136 ProcessBasicInfo->InheritedFromUniqueProcessId =
137 (ULONG_PTR)Process->InheritedFromUniqueProcessId;
138 ProcessBasicInfo->BasePriority = Process->Pcb.BasePriority;
139
140 }
142 {
143 /* Get exception code */
145 }
146 _SEH2_END;
147
148 /* Dereference the process */
150 break;
151 }
152
153 /* Process quota limits */
155 {
156 QUOTA_LIMITS_EX QuotaLimits;
157 BOOLEAN Extended;
158
159 if (ProcessInformationLength != sizeof(QUOTA_LIMITS) &&
160 ProcessInformationLength != sizeof(QUOTA_LIMITS_EX))
161 {
163 break;
164 }
165
166 /* Set return length */
167 Length = ProcessInformationLength;
168 Extended = (Length == sizeof(QUOTA_LIMITS_EX));
169
170 /* Reference the process */
175 (PVOID*)&Process,
176 NULL);
177 if (!NT_SUCCESS(Status)) break;
178
179 /* Indicate success */
181
182 RtlZeroMemory(&QuotaLimits, sizeof(QuotaLimits));
183
184 /* Get max/min working set sizes */
185 QuotaLimits.MaximumWorkingSetSize =
186 Process->Vm.MaximumWorkingSetSize << PAGE_SHIFT;
187 QuotaLimits.MinimumWorkingSetSize =
188 Process->Vm.MinimumWorkingSetSize << PAGE_SHIFT;
189
190 /* Get default time limits */
191 QuotaLimits.TimeLimit.QuadPart = -1LL;
192
193 /* Is quota block a default one? */
194 if (Process->QuotaBlock == &PspDefaultQuotaBlock)
195 {
196 /* Get default pools and pagefile limits */
197 QuotaLimits.PagedPoolLimit = (SIZE_T)-1;
198 QuotaLimits.NonPagedPoolLimit = (SIZE_T)-1;
199 QuotaLimits.PagefileLimit = (SIZE_T)-1;
200 }
201 else
202 {
203 /* Get limits from non-default quota block */
204 QuotaLimits.PagedPoolLimit =
205 Process->QuotaBlock->QuotaEntry[PsPagedPool].Limit;
206 QuotaLimits.NonPagedPoolLimit =
207 Process->QuotaBlock->QuotaEntry[PsNonPagedPool].Limit;
208 QuotaLimits.PagefileLimit =
209 Process->QuotaBlock->QuotaEntry[PsPageFile].Limit;
210 }
211
212 /* Get additional information, if needed */
213 if (Extended)
214 {
215 QuotaLimits.Flags |= (Process->Vm.Flags.MaximumWorkingSetHard ?
217 QuotaLimits.Flags |= (Process->Vm.Flags.MinimumWorkingSetHard ?
219
220 /* FIXME: Get the correct information */
221 //QuotaLimits.WorkingSetLimit = (SIZE_T)-1; // Not used on Win2k3, it is set to 0
222 QuotaLimits.CpuRateLimit.RateData = 0;
223 }
224
225 /* Protect writes with SEH */
227 {
228 RtlCopyMemory(ProcessInformation, &QuotaLimits, Length);
229 }
231 {
232 /* Get exception code */
234 }
235 _SEH2_END;
236
237 /* Dereference the process */
239 break;
240 }
241
243 {
244 PIO_COUNTERS IoCounters = (PIO_COUNTERS)ProcessInformation;
245 PROCESS_VALUES ProcessValues;
246
247 if (ProcessInformationLength != sizeof(IO_COUNTERS))
248 {
250 break;
251 }
252
253 Length = sizeof(IO_COUNTERS);
254
255 /* Reference the process */
260 (PVOID*)&Process,
261 NULL);
262 if (!NT_SUCCESS(Status)) break;
263
264 /* Query IO counters from the process */
265 KeQueryValuesProcess(&Process->Pcb, &ProcessValues);
266
268 {
269 RtlCopyMemory(IoCounters, &ProcessValues.IoInfo, sizeof(IO_COUNTERS));
270 }
272 {
273 /* Ignore exception */
274 }
275 _SEH2_END;
276
277 /* Set status to success in any case */
279
280 /* Dereference the process */
282 break;
283 }
284
285 /* Timing */
286 case ProcessTimes:
287 {
288 PKERNEL_USER_TIMES ProcessTime = (PKERNEL_USER_TIMES)ProcessInformation;
289 ULONG UserTime, KernelTime;
290
291 /* Set the return length */
292 if (ProcessInformationLength != sizeof(KERNEL_USER_TIMES))
293 {
295 break;
296 }
297
298 Length = sizeof(KERNEL_USER_TIMES);
299
300 /* Reference the process */
305 (PVOID*)&Process,
306 NULL);
307 if (!NT_SUCCESS(Status)) break;
308
309 /* Protect writes with SEH */
311 {
312 /* Copy time information from EPROCESS/KPROCESS */
313 KernelTime = KeQueryRuntimeProcess(&Process->Pcb, &UserTime);
314 ProcessTime->CreateTime = Process->CreateTime;
316 ProcessTime->KernelTime.QuadPart = (LONGLONG)KernelTime * KeMaximumIncrement;
317 ProcessTime->ExitTime = Process->ExitTime;
318 }
320 {
321 /* Get exception code */
323 }
324 _SEH2_END;
325
326 /* Dereference the process */
328 break;
329 }
330
331 /* Process Debug Port */
332 case ProcessDebugPort:
333
334 if (ProcessInformationLength != sizeof(HANDLE))
335 {
337 break;
338 }
339
340 /* Set return length */
341 Length = sizeof(HANDLE);
342
343 /* Reference the process */
348 (PVOID*)&Process,
349 NULL);
350 if (!NT_SUCCESS(Status)) break;
351
352 /* Protect write with SEH */
354 {
355 /* Return whether or not we have a debug port */
356 *(PHANDLE)ProcessInformation = (Process->DebugPort ?
357 (HANDLE)-1 : NULL);
358 }
360 {
361 /* Get exception code */
363 }
364 _SEH2_END;
365
366 /* Dereference the process */
368 break;
369
371 {
372 ULONG HandleCount;
373
374 if (ProcessInformationLength != sizeof(ULONG))
375 {
377 break;
378 }
379
380 /* Set the return length*/
381 Length = sizeof(ULONG);
382
383 /* Reference the process */
388 (PVOID*)&Process,
389 NULL);
390 if (!NT_SUCCESS(Status)) break;
391
392 /* Count the number of handles this process has */
393 HandleCount = ObGetProcessHandleCount(Process);
394
395 /* Protect write in SEH */
397 {
398 /* Return the count of handles */
399 *(PULONG)ProcessInformation = HandleCount;
400 }
402 {
403 /* Get the exception code */
405 }
406 _SEH2_END;
407
408 /* Dereference the process */
410 break;
411 }
412
413 /* Session ID for the process */
415 {
417
418 if (ProcessInformationLength != sizeof(PROCESS_SESSION_INFORMATION))
419 {
421 break;
422 }
423
424 /* Set the return length*/
426
427 /* Reference the process */
432 (PVOID*)&Process,
433 NULL);
434 if (!NT_SUCCESS(Status)) break;
435
436 /* Enter SEH for write safety */
438 {
439 /* Write back the Session ID */
441 }
443 {
444 /* Get the exception code */
446 }
447 _SEH2_END;
448
449 /* Dereference the process */
451 break;
452 }
453
454 /* Virtual Memory Statistics */
456 {
457 PVM_COUNTERS VmCounters = (PVM_COUNTERS)ProcessInformation;
458
459 /* Validate the input length */
460 if ((ProcessInformationLength != sizeof(VM_COUNTERS)) &&
461 (ProcessInformationLength != sizeof(VM_COUNTERS_EX)))
462 {
464 break;
465 }
466
467 /* Reference the process */
472 (PVOID*)&Process,
473 NULL);
474 if (!NT_SUCCESS(Status)) break;
475
476 /* Enter SEH for write safety */
478 {
479 /* Return data from EPROCESS */
480 VmCounters->PeakVirtualSize = Process->PeakVirtualSize;
481 VmCounters->VirtualSize = Process->VirtualSize;
482 VmCounters->PageFaultCount = Process->Vm.PageFaultCount;
483 VmCounters->PeakWorkingSetSize = Process->Vm.PeakWorkingSetSize;
484 VmCounters->WorkingSetSize = Process->Vm.WorkingSetSize;
485 VmCounters->QuotaPeakPagedPoolUsage = Process->QuotaPeak[PsPagedPool];
486 VmCounters->QuotaPagedPoolUsage = Process->QuotaUsage[PsPagedPool];
487 VmCounters->QuotaPeakNonPagedPoolUsage = Process->QuotaPeak[PsNonPagedPool];
488 VmCounters->QuotaNonPagedPoolUsage = Process->QuotaUsage[PsNonPagedPool];
489 VmCounters->PagefileUsage = Process->QuotaUsage[PsPageFile] << PAGE_SHIFT;
490 VmCounters->PeakPagefileUsage = Process->QuotaPeak[PsPageFile] << PAGE_SHIFT;
491 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
492 //
493
494 /* Set the return length */
495 Length = ProcessInformationLength;
496 }
498 {
499 /* Get the exception code */
501 }
502 _SEH2_END;
503
504 /* Dereference the process */
506 break;
507 }
508
509 /* Hard Error Processing Mode */
511
512 if (ProcessInformationLength != sizeof(ULONG))
513 {
515 break;
516 }
517
518 /* Set the return length*/
519 Length = sizeof(ULONG);
520
521 /* Reference the process */
526 (PVOID*)&Process,
527 NULL);
528 if (!NT_SUCCESS(Status)) break;
529
530 /* Enter SEH for writing back data */
532 {
533 /* Write the current processing mode */
534 *(PULONG)ProcessInformation = Process->
535 DefaultHardErrorProcessing;
536 }
538 {
539 /* Get the exception code */
541 }
542 _SEH2_END;
543
544 /* Dereference the process */
546 break;
547
548 /* Priority Boosting status */
550
551 if (ProcessInformationLength != sizeof(ULONG))
552 {
554 break;
555 }
556
557 /* Set the return length */
558 Length = sizeof(ULONG);
559
560 /* Reference the process */
565 (PVOID*)&Process,
566 NULL);
567 if (!NT_SUCCESS(Status)) break;
568
569 /* Enter SEH for writing back data */
571 {
572 /* Return boost status */
573 *(PULONG)ProcessInformation = Process->Pcb.DisableBoost ?
574 TRUE : FALSE;
575 }
577 {
578 /* Get the exception code */
580 }
581 _SEH2_END;
582
583 /* Dereference the process */
585 break;
586
587 /* DOS Device Map */
588 case ProcessDeviceMap:
589 {
590 ULONG Flags;
591
592 if (ProcessInformationLength == sizeof(PROCESS_DEVICEMAP_INFORMATION_EX))
593 {
594 /* Protect read in SEH */
596 {
597 PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
598
599 Flags = DeviceMapEx->Flags;
600 }
602 {
603 /* Get the exception code */
605 _SEH2_YIELD(break);
606 }
607 _SEH2_END;
608
609 /* Only one flag is supported and it needs LUID mappings */
610 if ((Flags & ~PROCESS_LUID_DOSDEVICES_ONLY) != 0 ||
612 {
614 break;
615 }
616 }
617 else
618 {
619 /* This has to be the size of the Query union field for x64 compatibility! */
620 if (ProcessInformationLength != RTL_FIELD_SIZE(PROCESS_DEVICEMAP_INFORMATION, Query))
621 {
623 break;
624 }
625
626 /* No flags for standard call */
627 Flags = 0;
628 }
629
630 /* Set the return length */
631 Length = ProcessInformationLength;
632
633 /* Reference the process */
638 (PVOID*)&Process,
639 NULL);
640 if (!NT_SUCCESS(Status)) break;
641
642 /* Query the device map information */
644 ProcessInformation,
645 Flags);
646
647 /* Dereference the process */
649 break;
650 }
651
652 /* Priority class */
654 {
655 PPROCESS_PRIORITY_CLASS PsPriorityClass = (PPROCESS_PRIORITY_CLASS)ProcessInformation;
656
657 if (ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS))
658 {
660 break;
661 }
662
663 /* Set the return length*/
665
666 /* Reference the process */
671 (PVOID*)&Process,
672 NULL);
673 if (!NT_SUCCESS(Status)) break;
674
675 /* Enter SEH for writing back data */
677 {
678 /* Return current priority class */
679 PsPriorityClass->PriorityClass = Process->PriorityClass;
680 PsPriorityClass->Foreground = FALSE;
681 }
683 {
684 /* Get the exception code */
686 }
687 _SEH2_END;
688
689 /* Dereference the process */
691 break;
692 }
693
695 {
697
698 /* Reference the process */
703 (PVOID*)&Process,
704 NULL);
705 if (!NT_SUCCESS(Status)) break;
706
707 /* Get the image path */
709 if (NT_SUCCESS(Status))
710 {
711 /* Set return length */
712 Length = ImageName->MaximumLength +
714
715 /* Make sure it's large enough */
716 if (Length <= ProcessInformationLength)
717 {
718 /* Enter SEH to protect write */
720 {
721 /* Copy it */
722 RtlCopyMemory(ProcessInformation,
723 ImageName,
724 Length);
725
726 /* Update pointer */
727 ((PUNICODE_STRING)ProcessInformation)->Buffer =
728 (PWSTR)((PUNICODE_STRING)ProcessInformation + 1);
729 }
731 {
732 /* Get the exception code */
734 }
735 _SEH2_END;
736 }
737 else
738 {
739 /* Buffer too small */
741 }
742
743 /* Free the image path */
745 }
746 /* Dereference the process */
748 break;
749 }
750
752
753 if (ProcessInformationLength != sizeof(ULONG))
754 {
756 break;
757 }
758
759 /* Set the return length*/
760 Length = sizeof(ULONG);
761
762 /* Reference the process */
767 (PVOID*)&Process,
768 NULL);
769 if (!NT_SUCCESS(Status)) break;
770
771 /* Enter SEH for writing back data */
773 {
774 /* Return the debug flag state */
775 *(PULONG)ProcessInformation = Process->NoDebugInherit ? 0 : 1;
776 }
778 {
779 /* Get the exception code */
781 }
782 _SEH2_END;
783
784 /* Dereference the process */
786 break;
787
789
790 if (ProcessInformationLength != sizeof(ULONG))
791 {
793 break;
794 }
795
796 /* Set the return length */
797 Length = sizeof(ULONG);
798
799 /* Reference the process */
804 (PVOID*)&Process,
805 NULL);
806 if (!NT_SUCCESS(Status)) break;
807
808 /* Enter SEH for writing back data */
810 {
811 /* Return the BreakOnTermination state */
812 *(PULONG)ProcessInformation = Process->BreakOnTermination;
813 }
815 {
816 /* Get the exception code */
818 }
819 _SEH2_END;
820
821 /* Dereference the process */
823 break;
824
825 /* Per-process security cookie */
826 case ProcessCookie:
827 {
829
830 if (ProcessInformationLength != sizeof(ULONG))
831 {
832 /* Length size wrong, bail out */
834 break;
835 }
836
837 /* Get the current process and cookie */
839 Cookie = Process->Cookie;
840 if (!Cookie)
841 {
842 LARGE_INTEGER SystemTime;
843 ULONG NewCookie;
844 PKPRCB Prcb;
845
846 /* Generate a new cookie */
847 KeQuerySystemTime(&SystemTime);
848 Prcb = KeGetCurrentPrcb();
849 NewCookie = Prcb->KeSystemCalls ^ Prcb->InterruptTime ^
850 SystemTime.u.LowPart ^ SystemTime.u.HighPart;
851
852 /* Set the new cookie or return the current one */
854 NewCookie,
855 Cookie);
856 if (!Cookie) Cookie = NewCookie;
857
858 /* Set return length */
859 Length = sizeof(ULONG);
860 }
861
862 /* Indicate success */
864
865 /* Enter SEH to protect write */
867 {
868 /* Write back the cookie */
869 *(PULONG)ProcessInformation = Cookie;
870 }
872 {
873 /* Get the exception code */
875 }
876 _SEH2_END;
877 break;
878 }
879
881
882 if (ProcessInformationLength != sizeof(SECTION_IMAGE_INFORMATION))
883 {
884 /* Break out */
886 break;
887 }
888
889 /* Set the length required and validate it */
891
892 /* Enter SEH to protect write */
894 {
896 }
898 {
899 /* Get the exception code */
901 }
902 _SEH2_END;
903
904 /* Indicate success */
906 break;
907
909 {
910 HANDLE DebugPort = 0;
911
912 if (ProcessInformationLength != sizeof(HANDLE))
913 {
915 break;
916 }
917
918 /* Set the return length */
919 Length = sizeof(HANDLE);
920
921 /* Reference the process */
926 (PVOID*)&Process,
927 NULL);
928 if (!NT_SUCCESS(Status)) break;
929
930 /* Get the debug port */
932
933 /* Let go of the process */
935
936 /* Protect write in SEH */
938 {
939 /* Return debug port's handle */
940 *(PHANDLE)ProcessInformation = DebugPort;
941 }
943 {
944 /* Get the exception code */
946 }
947 _SEH2_END;
948 break;
949 }
950
952 DPRINT1("Handle tracing Not implemented: %lx\n", ProcessInformationClass);
954 break;
955
957
958 if (ProcessInformationLength != sizeof(ULONG))
959 {
961 break;
962 }
963
964 /* Set the return length */
965 Length = sizeof(ULONG);
966
967 /* Indicate success */
969
970 /* Protect write in SEH */
972 {
973 /* Query Ob */
974 *(PULONG)ProcessInformation = ObIsLUIDDeviceMapsEnabled();
975 }
977 {
978 /* Get the exception code */
980 }
981 _SEH2_END;
982 break;
983
985
986 if (ProcessInformationLength != sizeof(ULONG))
987 {
989 break;
990 }
991
992 /* Set the return length */
993 Length = sizeof(ULONG);
994
995 /* Reference the process */
1000 (PVOID*)&Process,
1001 NULL);
1002 if (!NT_SUCCESS(Status)) break;
1003
1004 /* Protect write in SEH */
1005 _SEH2_TRY
1006 {
1007 /* Return if the flag is set */
1008 *(PULONG)ProcessInformation = (ULONG)Process->VdmAllowed;
1009 }
1011 {
1012 /* Get the exception code */
1014 }
1015 _SEH2_END;
1016
1017 /* Dereference the process */
1019 break;
1020
1022 {
1023 ULONG_PTR Wow64 = 0;
1024
1025 if (ProcessInformationLength != sizeof(ULONG_PTR))
1026 {
1028 break;
1029 }
1030
1031 /* Set return length */
1032 Length = sizeof(ULONG_PTR);
1033
1034 /* Reference the process */
1039 (PVOID*)&Process,
1040 NULL);
1041 if (!NT_SUCCESS(Status)) break;
1042
1043 /* Make sure the process isn't dying */
1044 if (ExAcquireRundownProtection(&Process->RundownProtect))
1045 {
1046 /* Get the WOW64 process structure */
1047#ifdef _WIN64
1048 Wow64 = (ULONG_PTR)Process->Wow64Process;
1049#else
1050 Wow64 = 0;
1051#endif
1052 /* Release the lock */
1053 ExReleaseRundownProtection(&Process->RundownProtect);
1054 }
1055
1056 /* Protect write with SEH */
1057 _SEH2_TRY
1058 {
1059 /* Return whether or not we have a debug port */
1060 *(PULONG_PTR)ProcessInformation = Wow64;
1061 }
1063 {
1064 /* Get exception code */
1066 }
1067 _SEH2_END;
1068
1069 /* Dereference the process */
1071 break;
1072 }
1073
1075 {
1076 ULONG ExecuteOptions = 0;
1077
1078 if (ProcessInformationLength != sizeof(ULONG))
1079 {
1081 break;
1082 }
1083
1084 /* Set return length */
1085 Length = sizeof(ULONG);
1086
1088 {
1090 }
1091
1092 /* Get the options */
1093 Status = MmGetExecuteOptions(&ExecuteOptions);
1094 if (NT_SUCCESS(Status))
1095 {
1096 /* Protect write with SEH */
1097 _SEH2_TRY
1098 {
1099 /* Return them */
1100 *(PULONG)ProcessInformation = ExecuteOptions;
1101 }
1103 {
1104 /* Get exception code */
1106 }
1107 _SEH2_END;
1108 }
1109 break;
1110 }
1111
1113 DPRINT1("VDM/16-bit not implemented: %lx\n", ProcessInformationClass);
1115 break;
1116
1118 DPRINT1("WS Watch Not implemented: %lx\n", ProcessInformationClass);
1120 break;
1121
1123 DPRINT1("Pool limits Not implemented: %lx\n", ProcessInformationClass);
1125 break;
1126
1127 /* Not supported by Server 2003 */
1128 default:
1129 DPRINT1("Unsupported info class: %lx\n", ProcessInformationClass);
1131 }
1132
1133 /* Protect write with SEH */
1134 _SEH2_TRY
1135 {
1136 /* Check if caller wanted return length */
1137 if ((ReturnLength) && (Length)) *ReturnLength = Length;
1138 }
1140 {
1141 /* Get exception code */
1143 }
1144 _SEH2_END;
1145
1146 return Status;
1147}
#define PAGED_CODE()
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
#define DPRINT1
Definition: precomp.h:8
BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended)
Definition: query.c:292
#define STATUS_NOT_IMPLEMENTED
Definition: d3dkmdt.h:42
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
#define ULONG_PTR
Definition: config.h:101
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
#define PAGE_SHIFT
Definition: env_spec_w32.h:45
#define KeQuerySystemTime(t)
Definition: env_spec_w32.h:570
#define ExReleaseRundownProtection
Definition: ex.h:139
#define ExGetPreviousMode
Definition: ex.h:143
#define ExAcquireRundownProtection
Definition: ex.h:138
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
#define ICIF_PROBE_READ
Definition: icif.h:25
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
#define PROCESS_QUERY_INFORMATION
Definition: pstypes.h:167
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
@ PsNonPagedPool
Definition: pstypes.h:1022
@ PsPageFile
Definition: pstypes.h:1024
@ PsPagedPool
Definition: pstypes.h:1023
@ ProcessDebugPort
Definition: winternl.h:395
@ ProcessBreakOnTermination
Definition: winternl.h:398
@ ProcessBasicInformation
Definition: winternl.h:394
@ ProcessWow64Information
Definition: winternl.h:396
@ ProcessImageFileName
Definition: winternl.h:397
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
@ ProcessLUIDDeviceMapsEnabled
Definition: winternl.h:884
@ ProcessWx86Information
Definition: winternl.h:875
@ ProcessDebugFlags
Definition: winternl.h:887
@ ProcessSessionInformation
Definition: winternl.h:880
@ ProcessVmCounters
Definition: winternl.h:859
@ ProcessPriorityClass
Definition: winternl.h:874
@ ProcessPriorityBoost
Definition: winternl.h:878
@ ProcessImageInformation
Definition: winternl.h:892
@ ProcessExecuteFlags
Definition: winternl.h:889
@ ProcessCookie
Definition: winternl.h:891
@ ProcessPooledUsageAndLimits
Definition: winternl.h:870
@ ProcessIoCounters
Definition: winternl.h:858
@ ProcessDefaultHardErrorMode
Definition: winternl.h:868
@ ProcessDeviceMap
Definition: winternl.h:879
@ ProcessQuotaLimits
Definition: winternl.h:857
@ ProcessHandleTracing
Definition: winternl.h:888
@ ProcessTimes
Definition: winternl.h:860
@ ProcessDebugObjectHandle
Definition: winternl.h:886
@ ProcessWorkingSetWatch
Definition: winternl.h:871
@ ProcessLdtInformation
Definition: winternl.h:866
@ ProcessHandleCount
Definition: winternl.h:876
struct _VM_COUNTERS_ * PVM_COUNTERS
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
#define QUOTA_LIMITS_HARDWS_MIN_DISABLE
#define PROCESS_LUID_DOSDEVICES_ONLY
Definition: pstypes.h:228
struct _IO_COUNTERS IO_COUNTERS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
#define QUOTA_LIMITS_HARDWS_MAX_DISABLE
struct _QUOTA_LIMITS_EX QUOTA_LIMITS_EX
#define QUOTA_LIMITS_HARDWS_MAX_ENABLE
#define QUOTA_LIMITS_HARDWS_MIN_ENABLE
struct _VM_COUNTERS_EX VM_COUNTERS_EX
struct _IO_COUNTERS * PIO_COUNTERS
#define InterlockedCompareExchange
Definition: interlocked.h:104
#define RTL_FIELD_SIZE(type, field)
Definition: kdb_expr.c:86
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
static const char * ImageName
Definition: image.c:34
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
Definition: ketypes.h:1182
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
#define NtCurrentProcess()
Definition: nt_native.h:1657
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1615
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2653
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
ULONG KeMaximumIncrement
Definition: clock.c:20
POBJECT_TYPE PsProcessType
Definition: process.c:20
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
Definition: devicemap.c:662
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
long LONG
Definition: pedump.c:60
EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock
Definition: quota.c:16
static const INFORMATION_CLASS_INFO PsProcessInfoClass[]
Definition: ps_i.h:15
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define STATUS_SUCCESS
Definition: shellext.h:65
LARGE_INTEGER UserTime
Definition: winternl.h:1063
LARGE_INTEGER CreateTime
Definition: winternl.h:1060
LARGE_INTEGER KernelTime
Definition: winternl.h:1062
LARGE_INTEGER ExitTime
Definition: winternl.h:1061
ULONG InterruptTime
Definition: ketypes.h:829
ULONG KeSystemCalls
Definition: ketypes.h:740
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:340
IO_COUNTERS IoInfo
Definition: ke.h:48
SIZE_T MaximumWorkingSetSize
Definition: pstypes.h:71
SIZE_T PagedPoolLimit
Definition: pstypes.h:68
SIZE_T PagefileLimit
Definition: pstypes.h:72
LARGE_INTEGER TimeLimit
Definition: pstypes.h:73
RATE_QUOTA_LIMIT CpuRateLimit
Definition: pstypes.h:79
SIZE_T NonPagedPoolLimit
Definition: pstypes.h:69
SIZE_T MinimumWorkingSetSize
Definition: pstypes.h:70
SIZE_T QuotaPeakPagedPoolUsage
Definition: winternl.h:1610
SIZE_T PeakWorkingSetSize
Definition: winternl.h:1608
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:1612
SIZE_T VirtualSize
Definition: winternl.h:1606
SIZE_T PeakPagefileUsage
Definition: winternl.h:1615
SIZE_T QuotaNonPagedPoolUsage
Definition: winternl.h:1613
SIZE_T PagefileUsage
Definition: winternl.h:1614
SIZE_T PeakVirtualSize
Definition: winternl.h:1605
SIZE_T QuotaPagedPoolUsage
Definition: winternl.h:1611
SIZE_T WorkingSetSize
Definition: winternl.h:1609
ULONG PageFaultCount
Definition: winternl.h:1607
#define TAG_SEPA
Definition: tag.h:155
uint16_t * PWSTR
Definition: typedefs.h:56
uint32_t * PULONG_PTR
Definition: typedefs.h:65
uint32_t * PULONG
Definition: typedefs.h:59
PVOID HANDLE
Definition: typedefs.h:73
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
struct _LARGE_INTEGER::@2307 u
LONGLONG QuadPart
Definition: typedefs.h:114
ULONG RateData
Definition: pstypes.h:60
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
Definition: cmfuncs.h:14
_Out_ PULONG UserTime
Definition: kefuncs.h:759
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ObDereferenceObject
Definition: obfuncs.h:203
#define PsGetCurrentProcess
Definition: psfuncs.h:17

Referenced by _main(), BaseInitializeStaticServerData(), check_live_target(), CheckRemoteDebuggerPresent(), CON_API_NOCONSOLE(), EmptyWorkingSet(), EnumProcessModules(), FindModule(), get_shiminfo(), getCommandLineFromProcess(), GetDriveTypeW(), GetErrorMode(), GetExitCodeProcess(), GetLogicalDrives(), GetPriorityClass(), GetProcessAffinityMask(), GetProcessExecutablePath(), GetProcessHandleCount(), GetProcessId(), GetProcessImageFileNameA(), GetProcessImageFileNameW(), GetProcessIoCounters(), GetProcessMemoryInfo(), GetProcessPriorityBoost(), GetProcessTimes(), GetProcessVersion(), GetProcessWorkingSetSizeEx(), GetSourcePaths(), GetWsChanges(), GlobalMemoryStatusEx(), InitFunctionPtrs(), Is64BitSystem(), IsCriticalProcess(), IsWow64Process(), PerfDataGetCommandLine(), PrintProcess(), ProcessIdToSessionId(), PsaEnumerateProcessModules(), QueryFlag(), QueryFullProcessImageNameW(), QuerySetProcessValidator(), RtlpQueryRemoteProcessModules(), SmpApiLoop(), SmpCreateVolumeDescriptors(), SmpGetProcessMuSessionId(), Test_ProcessBasicInformation(), Test_ProcessPriorityClassAlignment(), Test_ProcessQuotaLimits(), Test_ProcessQuotaLimitsEx(), Test_ProcessTimes(), Test_ProcessWx86Information(), UnhandledExceptionFilter(), UserpGetClientFileName(), wmain(), and Wow64QueryFlag().

◆ PsGetCurrentProcessId()

◆ PsGetCurrentThreadTeb()

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadTeb ( VOID  )

Definition at line 785 of file thread.c.

786{
787 return PsGetCurrentThread()->Tcb.Teb;
788}
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81

Referenced by FileOpenAddress().

◆ PsGetThreadProcess()

NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess ( _In_ PETHREAD  Thread)

◆ PsGetVersion()

NTKERNELAPI BOOLEAN NTAPI PsGetVersion ( OUT PULONG MajorVersion  OPTIONAL,
OUT PULONG MinorVersion  OPTIONAL,
OUT PULONG BuildNumber  OPTIONAL,
OUT PUNICODE_STRING CSDVersion  OPTIONAL 
)

Definition at line 566 of file psmgr.c.

570{
573 if (BuildNumber ) *BuildNumber = NtBuildNumber & 0x3FFF;
574
575 if (CSDVersion)
576 {
577 CSDVersion->Length = CmCSDVersionString.Length;
578 CSDVersion->MaximumLength = CmCSDVersionString.MaximumLength;
579 CSDVersion->Buffer = CmCSDVersionString.Buffer;
580 }
581
582 /* Return TRUE if this is a Checked Build */
583 return (NtBuildNumber >> 28) == 0xC;
584}
ULONG BuildNumber
Definition: ros_glue.cpp:6
ULONG MajorVersion
Definition: ros_glue.cpp:4
ULONG MinorVersion
Definition: ros_glue.cpp:5
ULONG NtMajorVersion
Definition: init.c:45
ULONG NtMinorVersion
Definition: init.c:46
UNICODE_STRING CmCSDVersionString
Definition: init.c:62
ULONG NtBuildNumber
Definition: init.c:50
USHORT MaximumLength
Definition: env_spec_w32.h:370

◆ PsIsCurrentThreadPrefetching()

NTKERNELAPI BOOLEAN NTAPI PsIsCurrentThreadPrefetching ( VOID  )

◆ PsIsSystemThread()

NTKERNELAPI BOOLEAN NTAPI PsIsSystemThread ( _In_ PETHREAD  Thread)

◆ PsRemoveCreateThreadNotifyRoutine()

NTKERNELAPI NTSTATUS NTAPI PsRemoveCreateThreadNotifyRoutine ( _In_ PCREATE_THREAD_NOTIFY_ROUTINE  NotifyRoutine)

◆ PsSetCreateProcessNotifyRoutineEx()

NTKERNELAPI NTSTATUS NTAPI PsSetCreateProcessNotifyRoutineEx ( IN PCREATE_PROCESS_NOTIFY_ROUTINE_EX  NotifyRoutine,
IN BOOLEAN  Remove 
)

◆ PsSetCurrentThreadPrefetching()

NTKERNELAPI BOOLEAN NTAPI PsSetCurrentThreadPrefetching ( IN BOOLEAN  Prefetching)

Variable Documentation

◆ Amount

Definition at line 212 of file psfuncs.h.

◆ ApcRoutine

_Inout_ PVOID* ApcRoutine

Definition at line 11 of file psfuncs.h.

◆ ClientId

◆ CopyOnOpen

◆ DesiredAccess

Definition at line 40 of file psfuncs.h.

◆ EffectiveOnly

Definition at line 155 of file psfuncs.h.

◆ ImpersonationLevel

◆ ImpersonationState

_In_ PSE_IMPERSONATION_STATE ImpersonationState

Definition at line 189 of file psfuncs.h.

Referenced by NtOpenThreadTokenEx(), PsDisableImpersonation(), and PsRestoreImpersonation().

◆ ObjectAttributes

Definition at line 41 of file psfuncs.h.

◆ PoolType

◆ Process

_Outptr_ PEPROCESS* Process

Definition at line 64 of file psfuncs.h.

◆ ProcessHandle

Definition at line 89 of file psfuncs.h.

◆ Remove

◆ StartRoutine

◆ Thread

Definition at line 73 of file psfuncs.h.

◆ Token

Definition at line 178 of file psfuncs.h.