This graph shows which files directly or indirectly include this file:

Macros
#define	PsGetCurrentProcess IoGetCurrentProcess

#define	_PSGETCURRENTTHREAD_

Functions
	$if (_WDMDDK_) NTKERNELAPI NTSTATUS NTAPI PsWrapApcWow64Thread(_Inout_ PVOID *ApcContext

	_IRQL_requires_max_ (DISPATCH_LEVEL) FORCEINLINE PETHREAD NTAPI PsGetCurrentThread(VOID)

	$endif (_WDMDDK_) $if(_NTDDK_) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess(_Out_ PHANDLE ProcessHandle

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)

	$endif (_NTDDK_) $if(_NTIFS_) _Must_inspect_result_ _IRQL_requires_max_(APC_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsLookupProcessByProcessId(_In_ HANDLE ProcessId

_Must_inspect_result_	_IRQL_requires_max_ (APC_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsLookupThreadByThreadId(_In_ HANDLE UniqueThreadId

	$endif (_NTIFS_) $if(_WDMDDK_) _IRQL_requires_max_(APC_LEVEL) _Post_satisfies_(return<=0) _Must_inspect_result_ NTKERNELAPI NTSTATUS NTAPI PsCreateSystemThread(_Out_ PHANDLE ThreadHandle

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE _In_opt_	_When_ (return==0, __drv_aliasesMem) PVOID StartContext)

	_IRQL_requires_max_ (PASSIVE_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsTerminateSystemThread(_In_ NTSTATUS ExitStatus)
	Queries information details about a security descriptor. More...

NTKERNELAPI HANDLE NTAPI	PsGetCurrentProcessId (VOID)

NTKERNELAPI BOOLEAN NTAPI	PsGetVersion (OUT PULONG MajorVersion OPTIONAL, OUT PULONG MinorVersion OPTIONAL, OUT PULONG BuildNumber OPTIONAL, OUT PUNICODE_STRING CSDVersion OPTIONAL)

NTKERNELAPI PEPROCESS NTAPI	PsGetThreadProcess (_In_ PETHREAD Thread)

NTKERNELAPI NTSTATUS NTAPI	PsRemoveCreateThreadNotifyRoutine (_In_ PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine)

NTKERNELAPI BOOLEAN NTAPI	PsIsSystemThread (_In_ PETHREAD Thread)

NTKERNELAPI PVOID NTAPI	PsGetCurrentThreadTeb (VOID)

NTKERNELAPI BOOLEAN NTAPI	PsSetCurrentThreadPrefetching (IN BOOLEAN Prefetching)

NTKERNELAPI BOOLEAN NTAPI	PsIsCurrentThreadPrefetching (VOID)

NTKERNELAPI NTSTATUS NTAPI	PsSetCreateProcessNotifyRoutineEx (IN PCREATE_PROCESS_NOTIFY_ROUTINE_EX NotifyRoutine, IN BOOLEAN Remove)

Variables
_Inout_ PVOID *	ApcRoutine

_In_ ACCESS_MASK	DesiredAccess

_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES	ObjectAttributes

_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _In_opt_ PCLIENT_ID	ClientId

_Outptr_ PEPROCESS *	Process

_Must_inspect_result_ _Outptr_ PETHREAD *	Thread

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE	ProcessHandle

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE	StartRoutine

_In_ BOOLEAN	Remove

_Out_ PBOOLEAN	CopyOnOpen

_Out_ PBOOLEAN _Out_ PBOOLEAN	EffectiveOnly

_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL	ImpersonationLevel

_Must_inspect_result_ _In_opt_ PACCESS_TOKEN	Token

_Inout_ PSE_IMPERSONATION_STATE	ImpersonationState

_In_ POOL_TYPE	PoolType

_In_ POOL_TYPE _In_ ULONG_PTR	Amount

Macro Definition Documentation

◆ _PSGETCURRENTTHREAD_

#define _PSGETCURRENTTHREAD_

Definition at line 20 of file psfuncs.h.

◆ PsGetCurrentProcess

#define PsGetCurrentProcess IoGetCurrentProcess

Definition at line 17 of file psfuncs.h.

Function Documentation

◆ $endif() [1/3]

$endif ( _WDMDDK_ )

Definition at line 202 of file ke.h.

 {
     ULONGLONG Low;
     LONGLONG High;
 } NEON128, *PNEON128;

◆ $endif() [2/3]

$endif ( _NTDDK_ )

Definition at line 2494 of file iofuncs.h.

 {
     PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
     PriorityInfo->ThreadPriority = 0xffff;
     PriorityInfo->IoPriority = IoPriorityNormal;
     PriorityInfo->PagePriority = 0;
 }

◆ $endif() [3/3]

$endif ( _NTIFS_ )

pure virtual

Definition at line 2825 of file rtlfuncs.h.

 {
   LARGE_INTEGER ret;
   ret.QuadPart = SignedInteger;
   return ret;
 }

◆ $if()

$if ( _WDMDDK_ )

Kernel definitions for ARM64

Kernel definitions for AMD64

Kernel definitions for ARM

Definition at line 1 of file ke.h.

 {
     ULONG Dummy;
 } KFLOATING_SAVE, *PKFLOATING_SAVE;

◆ _IRQL_requires_max_() [1/3]

_IRQL_requires_max_ ( DISPATCH_LEVEL )

Definition at line 21 of file psfuncs.h.

 {
   return (PETHREAD)KeGetCurrentThread();
 }

◆ _IRQL_requires_max_() [2/3]

_Must_inspect_result_ _IRQL_requires_max_ ( APC_LEVEL )

Definition at line 197 of file cddata.c.

 {
     THREAD_CONTEXT ThreadContext = {0};
     PIRP_CONTEXT IrpContext = NULL;
     BOOLEAN Wait;
 
 #ifdef CD_SANITY
     PVOID PreviousTopLevel;
 #endif
 
     NTSTATUS Status;
 
 #if DBG
 
     KIRQL SaveIrql = KeGetCurrentIrql();
 
 #endif
 
     ASSERT_OPTIONAL_IRP( Irp );
 
     UNREFERENCED_PARAMETER( DeviceObject );
 
     FsRtlEnterFileSystem();
 
 #ifdef CD_SANITY
     PreviousTopLevel = IoGetTopLevelIrp();
 #endif
 
     //
     //  Loop until this request has been completed or posted.
     //
 
     do {
 
         //
         //  Use a try-except to handle the exception cases.
         //
 
         _SEH2_TRY {
 
             //
             //  If the IrpContext is NULL then this is the first pass through
             //  this loop.
             //
 
             if (IrpContext == NULL) {
 
                 //
                 //  Decide if this request is waitable an allocate the IrpContext.
                 //  If the file object in the stack location is NULL then this
                 //  is a mount which is always waitable.  Otherwise we look at
                 //  the file object flags.
                 //
 
                 if (IoGetCurrentIrpStackLocation( Irp )->FileObject == NULL) {
 
                     Wait = TRUE;
 
                 } else {
 
                     Wait = CanFsdWait( Irp );
                 }
 
                 IrpContext = CdCreateIrpContext( Irp, Wait );
 
                 //
                 //  Update the thread context information.
                 //
 
                 CdSetThreadContext( IrpContext, &ThreadContext );
 
 #ifdef CD_SANITY
                 NT_ASSERT( !CdTestTopLevel ||
                         SafeNodeType( IrpContext->TopLevel ) == CDFS_NTC_IRP_CONTEXT );
 #endif
 
             //
             //  Otherwise cleanup the IrpContext for the retry.
             //
 
             } else {
 
                 //
                 //  Set the MORE_PROCESSING flag to make sure the IrpContext
                 //  isn't inadvertently deleted here.  Then cleanup the
                 //  IrpContext to perform the retry.
                 //
 
                 SetFlag( IrpContext->Flags, IRP_CONTEXT_FLAG_MORE_PROCESSING );
                 CdCleanupIrpContext( IrpContext, FALSE );
             }
 
             //
             //  Case on the major irp code.
             //
 
             switch (IrpContext->MajorFunction) {
 
             case IRP_MJ_CREATE :
 
                 Status = CdCommonCreate( IrpContext, Irp );
                 break;
 
             case IRP_MJ_CLOSE :
 
                 Status = CdCommonClose( IrpContext, Irp );
                 break;
 
             case IRP_MJ_READ :
 
                 //
                 //  If this is an Mdl complete request, don't go through
                 //  common read.
                 //
 
                 if (FlagOn( IrpContext->MinorFunction, IRP_MN_COMPLETE )) {
 
                     Status = CdCompleteMdl( IrpContext, Irp );
 
                 } else {
 
                     Status = CdCommonRead( IrpContext, Irp );
                 }
 
                 break;
 
             case IRP_MJ_WRITE :
 
                 Status = CdCommonWrite( IrpContext, Irp );
                 break;
 
             case IRP_MJ_QUERY_INFORMATION :
 
                 Status = CdCommonQueryInfo( IrpContext, Irp );
                 break;
 
             case IRP_MJ_SET_INFORMATION :
 
                 Status = CdCommonSetInfo( IrpContext, Irp );
                 break;
 
             case IRP_MJ_QUERY_VOLUME_INFORMATION :
 
                 Status = CdCommonQueryVolInfo( IrpContext, Irp );
                 break;
 
             case IRP_MJ_DIRECTORY_CONTROL :
 
                 Status = CdCommonDirControl( IrpContext, Irp );
                 break;
 
             case IRP_MJ_FILE_SYSTEM_CONTROL :
 
                 Status = CdCommonFsControl( IrpContext, Irp );
                 break;
 
             case IRP_MJ_DEVICE_CONTROL :
 
                 Status = CdCommonDevControl( IrpContext, Irp );
                 break;
 
             case IRP_MJ_LOCK_CONTROL :
 
                 Status = CdCommonLockControl( IrpContext, Irp );
                 break;
 
             case IRP_MJ_CLEANUP :
 
                 Status = CdCommonCleanup( IrpContext, Irp );
                 break;
 
             case IRP_MJ_PNP :
 
                 Status = CdCommonPnp( IrpContext, Irp );
                 break;
 
             case IRP_MJ_SHUTDOWN :
 
                 Status = CdCommonShutdown( IrpContext, Irp );
                 break;
 
             default :
 
                 Status = STATUS_INVALID_DEVICE_REQUEST;
                 CdCompleteRequest( IrpContext, Irp, Status );
             }
 
         } _SEH2_EXCEPT( CdExceptionFilter( IrpContext, _SEH2_GetExceptionInformation() )) {
 
             Status = CdProcessException( IrpContext, Irp, _SEH2_GetExceptionCode() );
         } _SEH2_END;
 
     } while (Status == STATUS_CANT_WAIT);
 
 #ifdef CD_SANITY
     NT_ASSERT( !CdTestTopLevel ||
             (PreviousTopLevel == IoGetTopLevelIrp()) );
 #endif
 
     FsRtlExitFileSystem();
 
     NT_ASSERT( SaveIrql == KeGetCurrentIrql( ));
 
     return Status;
 }

◆ _IRQL_requires_max_() [3/3]

_IRQL_requires_max_ ( PASSIVE_LEVEL )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters

[in]	SecurityInformation	Security information details to be queried from a security descriptor.
[out]	SecurityDescriptor	The returned security descriptor with security information data.
[in,out]	Length	The returned length of a security descriptor.
[in,out]	ObjectsSecurityDescriptor	The returned object security descriptor.

Returns: Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.

Parameters

[in]	Object	If specified, the function will use this arbitrary object that points to an object security descriptor.
[in]	SecurityInformation	Security information details to be set.
[in]	SecurityDescriptor	A security descriptor where its info is to be changed.
[in,out]	ObjectsSecurityDescriptor	The returned pointer to security descriptor objects.
[in]	PoolType	Pool type for the new security descriptor to allocate.
[in]	GenericMapping	The generic mapping of access rights masks.

Returns: See SeSetSecurityDescriptorInfoEx.

Parameters

[in]	Object	If specified, the function will use this arbitrary object that points to an object security descriptor.
[in]	SecurityInformation	Security information details to be set.
[in]	SecurityDescriptor	A security descriptor where its info is to be changed.
[in,out]	ObjectsSecurityDescriptor	The returned pointer to security descriptor objects.
[in]	AutoInheritFlags	Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]	PoolType	Pool type for the new security descriptor to allocate.
[in]	GenericMapping	The generic mapping of access rights masks.

Returns: Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.

Parameters

[in] SecurityDescriptor A security descriptor to be freed from memory.

Returns: Returns STATUS_SUCCESS.

Parameters

[in]	_ParentDescriptor	A security descriptor of the parent object that is being created.
[in]	_ExplicitDescriptor	An explicit security descriptor that is applied to a new object.
[out]	NewDescriptor	The new allocated security descriptor.
[in]	ObjectType	The type of the new object.
[in]	IsDirectoryObject	Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]	AutoInheritFlags	Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]	SubjectContext	Security subject context of the new object.
[in]	GenericMapping	Generic mapping of access mask rights.
[in]	PoolType	This parameter is unused.

Returns: Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.

Parameters

[in]	ParentDescriptor	A security descriptor of the parent object that is being created.
[in]	ExplicitDescriptor	An explicit security descriptor that is applied to a new object.
[out]	NewDescriptor	The new allocated security descriptor.
[in]	IsDirectoryObject	Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]	SubjectContext	Security subject context of the new object.
[in]	GenericMapping	Generic mapping of access mask rights.
[in]	PoolType	This parameter is unused.

Returns: See SeAssignSecurityEx.

Parameters

[in]	SecurityDescriptor	A security descriptor.
[out]	QuotaInfoSize	The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.

Returns: Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 64 of file Messaging.c.

 {
     PFLT_SERVER_PORT_OBJECT PortObject;
     NTSTATUS Status;
 
     /* The caller must allow at least one connection */
     if (MaxConnections == 0)
     {
         return STATUS_INVALID_PARAMETER;
     }
 
     /* The request must be for a kernel handle */
     if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
     {
         return STATUS_INVALID_PARAMETER;
     }
 
     /*
      * Get rundown protection on the target to stop the owner
      * from unloading whilst this port object is open. It gets
      * removed in the FltpServerPortClose callback
      */
     Status = FltObjectReference(Filter);
     if (!NT_SUCCESS(Status))
     {
         return Status;
     }
 
     /* Create the server port object for this filter */
     Status = ObCreateObject(KernelMode,
                             ServerPortObjectType,
                             ObjectAttributes,
                             KernelMode,
                             NULL,
                             sizeof(FLT_SERVER_PORT_OBJECT),
                             0,
                             0,
                             (PVOID *)&PortObject);
     if (NT_SUCCESS(Status))
     {
         /* Zero out the struct */
         RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
 
         /* Increment the ref count on the target filter */
         FltpObjectPointerReference((PFLT_OBJECT)Filter);
 
         /* Setup the filter port object */
         PortObject->Filter = Filter;
         PortObject->ConnectNotify = ConnectNotifyCallback;
         PortObject->DisconnectNotify = DisconnectNotifyCallback;
         PortObject->MessageNotify = MessageNotifyCallback;
         PortObject->Cookie = ServerPortCookie;
         PortObject->MaxConnections = MaxConnections;
 
         /* Insert the object */
         Status = ObInsertObject(PortObject,
                                 NULL,
                                 STANDARD_RIGHTS_ALL | FILE_READ_DATA,
                                 0,
                                 NULL,
                                 (PHANDLE)ServerPort);
         if (NT_SUCCESS(Status))
         {
             /* Lock the connection list */
             ExAcquireFastMutex(&Filter->ConnectionList.mLock);
 
             /* Add the new port object to the connection list and increment the count */
             InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
             Filter->ConnectionList.mCount++;
 
             /* Unlock the connection list*/
             ExReleaseFastMutex(&Filter->ConnectionList.mLock);
         }
     }
 
     if (!NT_SUCCESS(Status))
     {
         /* Allow the filter to be cleaned up */
         FltObjectDereference(Filter);
     }
 
     return Status;
 }

◆ _When_()

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE _In_opt_ _When_	(	return	= `=0`,
		__drv_aliasesMem
	)

◆ NtQueryInformationProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ PROCESSINFOCLASS	ProcessInformationClass,
		_Out_ PVOID	ProcessInformation,
		_In_ ULONG	ProcessInformationLength,
		_Out_opt_ PULONG	ReturnLength
	)

Definition at line 59 of file query.c.

 {
     PEPROCESS Process;
     KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
     NTSTATUS Status;
     ULONG Length = 0;
     HANDLE DebugPort = 0;
     PPROCESS_BASIC_INFORMATION ProcessBasicInfo =
         (PPROCESS_BASIC_INFORMATION)ProcessInformation;
     PKERNEL_USER_TIMES ProcessTime = (PKERNEL_USER_TIMES)ProcessInformation;
     ULONG UserTime, KernelTime;
     PPROCESS_PRIORITY_CLASS PsPriorityClass = (PPROCESS_PRIORITY_CLASS)ProcessInformation;
     ULONG HandleCount;
     PPROCESS_SESSION_INFORMATION SessionInfo =
         (PPROCESS_SESSION_INFORMATION)ProcessInformation;
     PVM_COUNTERS VmCounters = (PVM_COUNTERS)ProcessInformation;
     PIO_COUNTERS IoCounters = (PIO_COUNTERS)ProcessInformation;
     PQUOTA_LIMITS QuotaLimits = (PQUOTA_LIMITS)ProcessInformation;
     PUNICODE_STRING ImageName;
     ULONG Cookie, ExecuteOptions = 0;
     ULONG_PTR Wow64 = 0;
     PROCESS_VALUES ProcessValues;
     ULONG Flags;
     PAGED_CODE();
 
     /* Verify Information Class validity */
     Status = DefaultQueryInfoBufferCheck(ProcessInformationClass,
                                          PsProcessInfoClass,
                                          RTL_NUMBER_OF(PsProcessInfoClass),
                                          ICIF_PROBE_READ,
                                          ProcessInformation,
                                          ProcessInformationLength,
                                          ReturnLength,
                                          NULL,
                                          PreviousMode);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("NtQueryInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
         return Status;
     }
 
     if (((ProcessInformationClass == ProcessCookie) ||
          (ProcessInformationClass == ProcessImageInformation)) &&
         (ProcessHandle != NtCurrentProcess()))
     {
         /*
          * Retrieving the process cookie is only allowed for the calling process
          * itself! XP only allows NtCurrentProcess() as process handles even if
          * a real handle actually represents the current process.
          */
         return STATUS_INVALID_PARAMETER;
     }
 
     /* Check the information class */
     switch (ProcessInformationClass)
     {
         /* Basic process information */
         case ProcessBasicInformation:
 
             if (ProcessInformationLength != sizeof(PROCESS_BASIC_INFORMATION))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set return length */
             Length = sizeof(PROCESS_BASIC_INFORMATION);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Protect writes with SEH */
             _SEH2_TRY
             {
                 /* Write all the information from the EPROCESS/KPROCESS */
                 ProcessBasicInfo->ExitStatus = Process->ExitStatus;
                 ProcessBasicInfo->PebBaseAddress = Process->Peb;
                 ProcessBasicInfo->AffinityMask = Process->Pcb.Affinity;
                 ProcessBasicInfo->UniqueProcessId = (ULONG_PTR)Process->
                                                     UniqueProcessId;
                 ProcessBasicInfo->InheritedFromUniqueProcessId =
                     (ULONG_PTR)Process->InheritedFromUniqueProcessId;
                 ProcessBasicInfo->BasePriority = Process->Pcb.BasePriority;
 
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         /* Process quota limits */
         case ProcessQuotaLimits:
 
             if (ProcessInformationLength != sizeof(QUOTA_LIMITS))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             Length = sizeof(QUOTA_LIMITS);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Indicate success */
             Status = STATUS_SUCCESS;
 
             _SEH2_TRY
             {
                 /* Set max/min working set sizes */
                 QuotaLimits->MaximumWorkingSetSize =
                         Process->Vm.MaximumWorkingSetSize << PAGE_SHIFT;
                 QuotaLimits->MinimumWorkingSetSize =
                         Process->Vm.MinimumWorkingSetSize << PAGE_SHIFT;
 
                 /* Set default time limits */
                 QuotaLimits->TimeLimit.LowPart = MAXULONG;
                 QuotaLimits->TimeLimit.HighPart = MAXULONG;
 
                 /* Is quota block a default one? */
                 if (Process->QuotaBlock == &PspDefaultQuotaBlock)
                 {
                     /* Set default pools and pagefile limits */
                     QuotaLimits->PagedPoolLimit = (SIZE_T)-1;
                     QuotaLimits->NonPagedPoolLimit = (SIZE_T)-1;
                     QuotaLimits->PagefileLimit = (SIZE_T)-1;
                 }
                 else
                 {
                     /* Get limits from non-default quota block */
                     QuotaLimits->PagedPoolLimit =
                         Process->QuotaBlock->QuotaEntry[PsPagedPool].Limit;
                     QuotaLimits->NonPagedPoolLimit =
                         Process->QuotaBlock->QuotaEntry[PsNonPagedPool].Limit;
                     QuotaLimits->PagefileLimit =
                         Process->QuotaBlock->QuotaEntry[PsPageFile].Limit;
                 }
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         case ProcessIoCounters:
 
             if (ProcessInformationLength != sizeof(IO_COUNTERS))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             Length = sizeof(IO_COUNTERS);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Query IO counters from the process */
             KeQueryValuesProcess(&Process->Pcb, &ProcessValues);
 
             _SEH2_TRY
             {
                 RtlCopyMemory(IoCounters, &ProcessValues.IoInfo, sizeof(IO_COUNTERS));
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Ignore exception */
             }
             _SEH2_END;
 
             /* Set status to success in any case */
             Status = STATUS_SUCCESS;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         /* Timing */
         case ProcessTimes:
 
             /* Set the return length */
             if (ProcessInformationLength != sizeof(KERNEL_USER_TIMES))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             Length = sizeof(KERNEL_USER_TIMES);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Protect writes with SEH */
             _SEH2_TRY
             {
                 /* Copy time information from EPROCESS/KPROCESS */
                 KernelTime = KeQueryRuntimeProcess(&Process->Pcb, &UserTime);
                 ProcessTime->CreateTime = Process->CreateTime;
                 ProcessTime->UserTime.QuadPart = (LONGLONG)UserTime * KeMaximumIncrement;
                 ProcessTime->KernelTime.QuadPart = (LONGLONG)KernelTime * KeMaximumIncrement;
                 ProcessTime->ExitTime = Process->ExitTime;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         /* Process Debug Port */
         case ProcessDebugPort:
 
             if (ProcessInformationLength != sizeof(HANDLE))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set return length */
             Length = sizeof(HANDLE);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Protect write with SEH */
             _SEH2_TRY
             {
                 /* Return whether or not we have a debug port */
                 *(PHANDLE)ProcessInformation = (Process->DebugPort ?
                                                 (HANDLE)-1 : NULL);
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         case ProcessHandleCount:
 
             if (ProcessInformationLength != sizeof(ULONG))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set the return length*/
             Length = sizeof(ULONG);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Count the number of handles this process has */
             HandleCount = ObGetProcessHandleCount(Process);
 
             /* Protect write in SEH */
             _SEH2_TRY
             {
                 /* Return the count of handles */
                 *(PULONG)ProcessInformation = HandleCount;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         /* Session ID for the process */
         case ProcessSessionInformation:
 
             if (ProcessInformationLength != sizeof(PROCESS_SESSION_INFORMATION))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set the return length*/
             Length = sizeof(PROCESS_SESSION_INFORMATION);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Enter SEH for write safety */
             _SEH2_TRY
             {
                 /* Write back the Session ID */
                 SessionInfo->SessionId = PsGetProcessSessionId(Process);
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         /* Virtual Memory Statistics */
         case ProcessVmCounters:
 
             /* Validate the input length */
             if ((ProcessInformationLength != sizeof(VM_COUNTERS)) &&
                 (ProcessInformationLength != sizeof(VM_COUNTERS_EX)))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Enter SEH for write safety */
             _SEH2_TRY
             {
                 /* Return data from EPROCESS */
                 VmCounters->PeakVirtualSize = Process->PeakVirtualSize;
                 VmCounters->VirtualSize = Process->VirtualSize;
                 VmCounters->PageFaultCount = Process->Vm.PageFaultCount;
                 VmCounters->PeakWorkingSetSize = Process->Vm.PeakWorkingSetSize;
                 VmCounters->WorkingSetSize = Process->Vm.WorkingSetSize;
                 VmCounters->QuotaPeakPagedPoolUsage = Process->QuotaPeak[PsPagedPool];
                 VmCounters->QuotaPagedPoolUsage = Process->QuotaUsage[PsPagedPool];
                 VmCounters->QuotaPeakNonPagedPoolUsage = Process->QuotaPeak[PsNonPagedPool];
                 VmCounters->QuotaNonPagedPoolUsage = Process->QuotaUsage[PsNonPagedPool];
                 VmCounters->PagefileUsage = Process->QuotaUsage[PsPageFile] << PAGE_SHIFT;
                 VmCounters->PeakPagefileUsage = Process->QuotaPeak[PsPageFile] << PAGE_SHIFT;
                 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
                 //
 
                 /* Set the return length */
                 Length = ProcessInformationLength;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         /* Hard Error Processing Mode */
         case ProcessDefaultHardErrorMode:
 
             if (ProcessInformationLength != sizeof(ULONG))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set the return length*/
             Length = sizeof(ULONG);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Enter SEH for writing back data */
             _SEH2_TRY
             {
                 /* Write the current processing mode */
                 *(PULONG)ProcessInformation = Process->
                                               DefaultHardErrorProcessing;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         /* Priority Boosting status */
         case ProcessPriorityBoost:
 
             if (ProcessInformationLength != sizeof(ULONG))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set the return length */
             Length = sizeof(ULONG);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Enter SEH for writing back data */
             _SEH2_TRY
             {
                 /* Return boost status */
                 *(PULONG)ProcessInformation = Process->Pcb.DisableBoost ?
                                               TRUE : FALSE;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         /* DOS Device Map */
         case ProcessDeviceMap:
 
             if (ProcessInformationLength == sizeof(PROCESS_DEVICEMAP_INFORMATION_EX))
             {
                 /* Protect read in SEH */
                 _SEH2_TRY
                 {
                     PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
 
                     Flags = DeviceMapEx->Flags;
                 }
                 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                 {
                     /* Get the exception code */
                     Status = _SEH2_GetExceptionCode();
                     _SEH2_YIELD(break);
                 }
                 _SEH2_END;
 
                 /* Only one flag is supported and it needs LUID mappings */
                 if ((Flags & ~PROCESS_LUID_DOSDEVICES_ONLY) != 0 ||
                     !ObIsLUIDDeviceMapsEnabled())
                 {
                     Status = STATUS_INVALID_PARAMETER;
                     break;
                 }
             }
             else
             {
                 /* This has to be the size of the Query union field for x64 compatibility! */
                 if (ProcessInformationLength != RTL_FIELD_SIZE(PROCESS_DEVICEMAP_INFORMATION, Query))
                 {
                     Status = STATUS_INFO_LENGTH_MISMATCH;
                     break;
                 }
 
                 /* No flags for standard call */
                 Flags = 0;
             }
 
             /* Set the return length */
             Length = ProcessInformationLength;
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Query the device map information */
             Status = ObQueryDeviceMapInformation(Process,
                                                  ProcessInformation,
                                                  Flags);
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         /* Priority class */
         case ProcessPriorityClass:
 
             if (ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set the return length*/
             Length = sizeof(PROCESS_PRIORITY_CLASS);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Enter SEH for writing back data */
             _SEH2_TRY
             {
                 /* Return current priority class */
                 PsPriorityClass->PriorityClass = Process->PriorityClass;
                 PsPriorityClass->Foreground = FALSE;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         case ProcessImageFileName:
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Get the image path */
             Status = SeLocateProcessImageName(Process, &ImageName);
             if (NT_SUCCESS(Status))
             {
                 /* Set return length */
                 Length = ImageName->MaximumLength +
                          sizeof(OBJECT_NAME_INFORMATION);
 
                 /* Make sure it's large enough */
                 if (Length <= ProcessInformationLength)
                 {
                     /* Enter SEH to protect write */
                     _SEH2_TRY
                     {
                         /* Copy it */
                         RtlCopyMemory(ProcessInformation,
                                       ImageName,
                                       Length);
 
                         /* Update pointer */
                         ((PUNICODE_STRING)ProcessInformation)->Buffer =
                             (PWSTR)((PUNICODE_STRING)ProcessInformation + 1);
                    }
                     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                     {
                         /* Get the exception code */
                         Status = _SEH2_GetExceptionCode();
                     }
                     _SEH2_END;
                 }
                 else
                 {
                     /* Buffer too small */
                     Status = STATUS_INFO_LENGTH_MISMATCH;
                 }
 
                 /* Free the image path */
                 ExFreePoolWithTag(ImageName, TAG_SEPA);
             }
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         case ProcessDebugFlags:
 
             if (ProcessInformationLength != sizeof(ULONG))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set the return length*/
             Length = sizeof(ULONG);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Enter SEH for writing back data */
             _SEH2_TRY
             {
                 /* Return the debug flag state */
                 *(PULONG)ProcessInformation = Process->NoDebugInherit ? 0 : 1;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         case ProcessBreakOnTermination:
 
             if (ProcessInformationLength != sizeof(ULONG))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set the return length */
             Length = sizeof(ULONG);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Enter SEH for writing back data */
             _SEH2_TRY
             {
                 /* Return the BreakOnTermination state */
                 *(PULONG)ProcessInformation = Process->BreakOnTermination;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         /* Per-process security cookie */
         case ProcessCookie:
 
             if (ProcessInformationLength != sizeof(ULONG))
             {
                 /* Length size wrong, bail out */
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Get the current process and cookie */
             Process = PsGetCurrentProcess();
             Cookie = Process->Cookie;
             if (!Cookie)
             {
                 LARGE_INTEGER SystemTime;
                 ULONG NewCookie;
                 PKPRCB Prcb;
 
                 /* Generate a new cookie */
                 KeQuerySystemTime(&SystemTime);
                 Prcb = KeGetCurrentPrcb();
                 NewCookie = Prcb->KeSystemCalls ^ Prcb->InterruptTime ^
                             SystemTime.u.LowPart ^ SystemTime.u.HighPart;
 
                 /* Set the new cookie or return the current one */
                 Cookie = InterlockedCompareExchange((LONG*)&Process->Cookie,
                                                     NewCookie,
                                                     Cookie);
                 if (!Cookie) Cookie = NewCookie;
 
                 /* Set return length */
                 Length = sizeof(ULONG);
             }
 
             /* Indicate success */
             Status = STATUS_SUCCESS;
 
             /* Enter SEH to protect write */
             _SEH2_TRY
             {
                 /* Write back the cookie */
                 *(PULONG)ProcessInformation = Cookie;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
             break;
 
         case ProcessImageInformation:
 
             if (ProcessInformationLength != sizeof(SECTION_IMAGE_INFORMATION))
             {
                 /* Break out */
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set the length required and validate it */
             Length = sizeof(SECTION_IMAGE_INFORMATION);
 
             /* Enter SEH to protect write */
             _SEH2_TRY
             {
                 MmGetImageInformation((PSECTION_IMAGE_INFORMATION)ProcessInformation);
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Indicate success */
             Status = STATUS_SUCCESS;
             break;
 
         case ProcessDebugObjectHandle:
 
             if (ProcessInformationLength != sizeof(HANDLE))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set the return length */
             Length = sizeof(HANDLE);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Get the debug port */
             Status = DbgkOpenProcessDebugPort(Process, PreviousMode, &DebugPort);
 
             /* Let go of the process */
             ObDereferenceObject(Process);
 
             /* Protect write in SEH */
             _SEH2_TRY
             {
                 /* Return debug port's handle */
                 *(PHANDLE)ProcessInformation = DebugPort;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
             break;
 
         case ProcessHandleTracing:
             DPRINT1("Handle tracing Not implemented: %lx\n", ProcessInformationClass);
             Status = STATUS_NOT_IMPLEMENTED;
             break;
 
         case ProcessLUIDDeviceMapsEnabled:
 
             if (ProcessInformationLength != sizeof(ULONG))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set the return length */
             Length = sizeof(ULONG);
 
             /* Indicate success */
             Status = STATUS_SUCCESS;
 
             /* Protect write in SEH */
             _SEH2_TRY
             {
                 /* Query Ob */
                 *(PULONG)ProcessInformation = ObIsLUIDDeviceMapsEnabled();
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
             break;
 
         case ProcessWx86Information:
 
             if (ProcessInformationLength != sizeof(ULONG))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set the return length */
             Length = sizeof(ULONG);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Protect write in SEH */
             _SEH2_TRY
             {
                 /* Return if the flag is set */
                 *(PULONG)ProcessInformation = (ULONG)Process->VdmAllowed;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get the exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         case ProcessWow64Information:
 
             if (ProcessInformationLength != sizeof(ULONG_PTR))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set return length */
             Length = sizeof(ULONG_PTR);
 
             /* Reference the process */
             Status = ObReferenceObjectByHandle(ProcessHandle,
                                                PROCESS_QUERY_INFORMATION,
                                                PsProcessType,
                                                PreviousMode,
                                                (PVOID*)&Process,
                                                NULL);
             if (!NT_SUCCESS(Status)) break;
 
             /* Make sure the process isn't dying */
             if (ExAcquireRundownProtection(&Process->RundownProtect))
             {
                 /* Get the WOW64 process structure */
 #ifdef _WIN64
                 Wow64 = (ULONG_PTR)Process->Wow64Process;
 #else
                 Wow64 = 0;
 #endif
                 /* Release the lock */
                 ExReleaseRundownProtection(&Process->RundownProtect);
             }
 
             /* Protect write with SEH */
             _SEH2_TRY
             {
                 /* Return whether or not we have a debug port */
                 *(PULONG_PTR)ProcessInformation = Wow64;
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
                 /* Get exception code */
                 Status = _SEH2_GetExceptionCode();
             }
             _SEH2_END;
 
             /* Dereference the process */
             ObDereferenceObject(Process);
             break;
 
         case ProcessExecuteFlags:
 
             if (ProcessInformationLength != sizeof(ULONG))
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
             }
 
             /* Set return length */
             Length = sizeof(ULONG);
 
             if (ProcessHandle != NtCurrentProcess())
             {
                 return STATUS_INVALID_PARAMETER;
             }
 
             /* Get the options */
             Status = MmGetExecuteOptions(&ExecuteOptions);
             if (NT_SUCCESS(Status))
             {
                 /* Protect write with SEH */
                 _SEH2_TRY
                 {
                     /* Return them */
                     *(PULONG)ProcessInformation = ExecuteOptions;
                 }
                 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                 {
                     /* Get exception code */
                     Status = _SEH2_GetExceptionCode();
                 }
                 _SEH2_END;
             }
             break;
 
         case ProcessLdtInformation:
             DPRINT1("VDM/16-bit not implemented: %lx\n", ProcessInformationClass);
             Status = STATUS_NOT_IMPLEMENTED;
             break;
 
         case ProcessWorkingSetWatch:
             DPRINT1("WS Watch Not implemented: %lx\n", ProcessInformationClass);
             Status = STATUS_NOT_IMPLEMENTED;
             break;
 
         case ProcessPooledUsageAndLimits:
             DPRINT1("Pool limits Not implemented: %lx\n", ProcessInformationClass);
             Status = STATUS_NOT_IMPLEMENTED;
             break;
 
         /* Not supported by Server 2003 */
         default:
             DPRINT1("Unsupported info class: %lx\n", ProcessInformationClass);
             Status = STATUS_INVALID_INFO_CLASS;
     }
 
     /* Protect write with SEH */
     _SEH2_TRY
     {
         /* Check if caller wanted return length */
         if ((ReturnLength) && (Length)) *ReturnLength = Length;
     }
     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
     {
         /* Get exception code */
         Status = _SEH2_GetExceptionCode();
     }
     _SEH2_END;
 
     return Status;
 }

Referenced by _main(), BaseInitializeStaticServerData(), check_live_target(), CheckRemoteDebuggerPresent(), CON_API_NOCONSOLE(), EmptyWorkingSet(), EnumProcessModules(), FindModule(), get_shiminfo(), GetDriveTypeW(), GetErrorMode(), GetExitCodeProcess(), GetLogicalDrives(), GetPriorityClass(), GetProcessAffinityMask(), GetProcessExecutablePath(), GetProcessHandleCount(), GetProcessId(), GetProcessImageFileNameA(), GetProcessImageFileNameW(), GetProcessIoCounters(), GetProcessMemoryInfo(), GetProcessPriorityBoost(), GetProcessTimes(), GetProcessVersion(), GetProcessWorkingSetSizeEx(), GetSourcePaths(), GetWsChanges(), GlobalMemoryStatusEx(), InitFunctionPtrs(), Is64BitSystem(), IsCriticalProcess(), IsWow64Process(), PerfDataGetCommandLine(), PrintProcess(), ProcessIdToSessionId(), PsaEnumerateProcessModules(), QueryFlag(), QueryFullProcessImageNameW(), QuerySetProcessValidator(), RtlpQueryRemoteProcessModules(), SmpApiLoop(), SmpCreateVolumeDescriptors(), SmpGetProcessMuSessionId(), Test_ProcessPriorityClassAlignment(), Test_ProcessTimes(), Test_ProcessWx86Information(), UnhandledExceptionFilter(), UserpGetClientFileName(), wmain(), and Wow64QueryFlag().

◆ PsGetCurrentProcessId()

NTKERNELAPI HANDLE NTAPI PsGetCurrentProcessId ( VOID )

Definition at line 1123 of file process.c.

 {
     return (HANDLE)PsGetCurrentProcess()->UniqueProcessId;
 }

Referenced by CheckWinstaAttributeAccess(), CmpCreateRegistryRoot(), CmpDoCreateChild(), CmpDoOpen(), CreateProcessNotifyRoutine(), CreateThreadNotifyRoutine(), DbgP(), DdHmgAlloc(), DesktopWindowProc(), DispEchoRequest(), ENTRY_ReferenceEntryByHandle(), ExpLoadBootSymbols(), FileOpenAddress(), FltpCreate(), GDI_CleanupForProcess(), GDIOBJ_ConvertFromStockObj(), GDIOBJ_hInsertObject(), GDIOBJ_vDereferenceObject(), GDIOBJ_vSetObjectOwner(), GreGetObjectOwner(), handle_gdb_read_mem(), handle_gdb_write_mem(), IntCreateWindowStation(), IntWinStaObjectDelete(), KdInitSystem(), KsecGatherEntropyData(), LpcpDeletePort(), MmLoadSystemImage(), MmUnloadSystemImage(), NtUserGetThreadState(), NtUserLockWindowStation(), NtUserSetLogonNotifyWindow(), NtUserSetWindowStationUser(), NtUserSwitchDesktop(), NtUserUnlockWindowStation(), ObpAllocateObject(), print_error(), ReadMemorySendHandler(), SepCreateToken(), SepDuplicateToken(), SepPerformTokenFiltering(), VerifyObjectOwner(), and WriteMemorySendHandler().

◆ PsGetCurrentThreadTeb()

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadTeb ( VOID )

Definition at line 785 of file thread.c.

 {
     return PsGetCurrentThread()->Tcb.Teb;
 }

Referenced by FileOpenAddress().

◆ PsGetThreadProcess()

NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess ( _In_ PETHREAD Thread )

◆ PsGetVersion()

NTKERNELAPI BOOLEAN NTAPI PsGetVersion	(	OUT PULONG MajorVersion	OPTIONAL,
		OUT PULONG MinorVersion	OPTIONAL,
		OUT PULONG BuildNumber	OPTIONAL,
		OUT PUNICODE_STRING CSDVersion	OPTIONAL
	)

Definition at line 658 of file psmgr.c.

 {
     if (MajorVersion) *MajorVersion = NtMajorVersion;
     if (MinorVersion) *MinorVersion = NtMinorVersion;
     if (BuildNumber ) *BuildNumber  = NtBuildNumber & 0x3FFF;
 
     if (CSDVersion)
     {
         CSDVersion->Length = CmCSDVersionString.Length;
         CSDVersion->MaximumLength = CmCSDVersionString.MaximumLength;
         CSDVersion->Buffer = CmCSDVersionString.Buffer;
     }
 
     /* Return TRUE if this is a Checked Build */
     return (NtBuildNumber >> 28) == 0xC;
 }