ReactOS 0.4.16-dev-282-g4d0a26d
psfuncs.h File Reference

Go to the source code of this file.

Macros

#define PsGetCurrentProcess   IoGetCurrentProcess
 
#define _PSGETCURRENTTHREAD_
 

Functions

 $if (_WDMDDK_) NTKERNELAPI NTSTATUS NTAPI PsWrapApcWow64Thread(_Inout_ PVOID *ApcContext
 
 _IRQL_requires_max_ (DISPATCH_LEVEL) FORCEINLINE PETHREAD NTAPI PsGetCurrentThread(VOID)
 
 $endif (_WDMDDK_) $if(_NTDDK_) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess(_Out_ PHANDLE ProcessHandle
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
 
 $endif (_NTDDK_) $if(_NTIFS_) _Must_inspect_result_ _IRQL_requires_max_(APC_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsLookupProcessByProcessId(_In_ HANDLE ProcessId
 
_Must_inspect_result_ _IRQL_requires_max_ (APC_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsLookupThreadByThreadId(_In_ HANDLE UniqueThreadId
 Probes and locks virtual pages in memory for the specified process.
 
 $endif (_NTIFS_) $if(_WDMDDK_) _IRQL_requires_max_(APC_LEVEL) _Post_satisfies_(return<=0) _Must_inspect_result_ NTKERNELAPI NTSTATUS NTAPI PsCreateSystemThread(_Out_ PHANDLE ThreadHandle
 
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE _In_opt_ _When_ (return==0, __drv_aliasesMem) PVOID StartContext)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsTerminateSystemThread(_In_ NTSTATUS ExitStatus)
 Queries information details about a security descriptor.
 
NTKERNELAPI HANDLE NTAPI PsGetCurrentProcessId (VOID)
 
NTKERNELAPI BOOLEAN NTAPI PsGetVersion (OUT PULONG MajorVersion OPTIONAL, OUT PULONG MinorVersion OPTIONAL, OUT PULONG BuildNumber OPTIONAL, OUT PUNICODE_STRING CSDVersion OPTIONAL)
 
NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess (_In_ PETHREAD Thread)
 
NTKERNELAPI NTSTATUS NTAPI PsRemoveCreateThreadNotifyRoutine (_In_ PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine)
 
NTKERNELAPI BOOLEAN NTAPI PsIsSystemThread (_In_ PETHREAD Thread)
 
NTKERNELAPI PVOID NTAPI PsGetCurrentThreadTeb (VOID)
 
NTKERNELAPI BOOLEAN NTAPI PsSetCurrentThreadPrefetching (IN BOOLEAN Prefetching)
 
NTKERNELAPI BOOLEAN NTAPI PsIsCurrentThreadPrefetching (VOID)
 
NTKERNELAPI NTSTATUS NTAPI PsSetCreateProcessNotifyRoutineEx (IN PCREATE_PROCESS_NOTIFY_ROUTINE_EX NotifyRoutine, IN BOOLEAN Remove)
 

Variables

_Inout_ PVOIDApcRoutine
 
_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES ObjectAttributes
 
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _In_opt_ PCLIENT_ID ClientId
 
_Outptr_ PEPROCESSProcess
 
_Must_inspect_result_ _Outptr_ PETHREADThread
 
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE ProcessHandle
 
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE StartRoutine
 
_In_ BOOLEAN Remove
 
_Out_ PBOOLEAN CopyOnOpen
 
_Out_ PBOOLEAN _Out_ PBOOLEAN EffectiveOnly
 
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
 
_Must_inspect_result_ _In_opt_ PACCESS_TOKEN Token
 
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
 
_In_ POOL_TYPE PoolType
 
_In_ POOL_TYPE _In_ ULONG_PTR Amount
 

Macro Definition Documentation

◆ _PSGETCURRENTTHREAD_

#define _PSGETCURRENTTHREAD_

Definition at line 20 of file psfuncs.h.

◆ PsGetCurrentProcess

#define PsGetCurrentProcess   IoGetCurrentProcess

Definition at line 17 of file psfuncs.h.

Function Documentation

◆ $endif() [1/3]

$endif ( _NTDDK_  )

Definition at line 559 of file iofuncs.h.

2502{
2503 PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
2504 PriorityInfo->ThreadPriority = 0xffff;
2505 PriorityInfo->IoPriority = IoPriorityNormal;
2506 PriorityInfo->PagePriority = 0;
2507}
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD _Inout_ PIO_PRIORITY_INFO PriorityInfo
Definition: fltkernel.h:2654
struct _IO_PRIORITY_INFO IO_PRIORITY_INFO
@ IoPriorityNormal
Definition: iotypes.h:1233

◆ $endif() [2/3]

$endif ( _NTIFS_  )
pure virtual

Definition at line 396 of file rtlfuncs.h.

2856{
2858 ret.QuadPart = SignedInteger;
2859 return ret;
2860}
return ret
Definition: rtlfuncs.h:3107

◆ $endif() [3/3]

$endif ( _WDMDDK_  )

Definition at line 85 of file ke.h.

226{
229} NEON128, *PNEON128;
NEON128
Definition: ke.h:229
* PNEON128
Definition: ke.h:229
@ High
Definition: strmini.h:378
@ Low
Definition: strmini.h:380
int64_t LONGLONG
Definition: typedefs.h:68
uint64_t ULONGLONG
Definition: typedefs.h:67

◆ $if()

$if ( _WDMDDK_  )

Kernel definitions for ARM64

Kernel definitions for AMD64

Kernel definitions for ARM

Definition at line 1 of file ke.h.

31{
32 ULONG Dummy;
KFLOATING_SAVE
Definition: ke.h:33
* PKFLOATING_SAVE
Definition: ke.h:33
uint32_t ULONG
Definition: typedefs.h:59

◆ _IRQL_requires_max_() [1/3]

_Must_inspect_result_ _IRQL_requires_max_ ( APC_LEVEL  )

Probes and locks virtual pages in memory for the specified process.

Parameters
[in,out]MemoryDescriptorListMemory Descriptor List (MDL) containing the buffer to be probed and locked.
[in]ProcessThe process for which the buffer should be probed and locked.
[in]AccessModeAccess mode for probing the pages. Can be KernelMode or UserMode.
[in]LockOperationThe type of the probing and locking operation. Can be IoReadAccess, IoWriteAccess or IoModifyAccess.
Returns
Nothing.
See also
MmProbeAndLockPages
Remarks
Must be called at IRQL <= APC_LEVEL

Probes and locks virtual pages in memory for the specified process.

Frees previously reserved amount of memory in system virtual address space.

Parameters
[in]NumberOfBytesSize, in bytes, of memory to reserve.
[in]PoolTagPool Tag identifying the buffer. Usually consists from 4 characters in reversed order.
Returns
A pointer to the 1st memory block of the reserved buffer in case of success, NULL otherwise.
Remarks
Must be called at IRQL <= APC_LEVEL
Parameters
[in]BaseAddressA pointer to the 1st memory block of the reserved buffer.
[in]PoolTagPool Tag identifying the buffer. Usually consists from 4 characters in reversed order.
Returns
Nothing.
See also
MmAllocateMappingAddress
Remarks
Must be called at IRQL <= APC_LEVEL

Definition at line 37 of file cddata.c.

254{
255 THREAD_CONTEXT ThreadContext = {0};
256 PIRP_CONTEXT IrpContext = NULL;
258
259#ifdef CD_SANITY
260 PVOID PreviousTopLevel;
261#endif
262
264
265#if DBG
266
267 KIRQL SaveIrql = KeGetCurrentIrql();
268
269#endif
270
272
274
276
277#ifdef CD_SANITY
278 PreviousTopLevel = IoGetTopLevelIrp();
279#endif
280
281 //
282 // Loop until this request has been completed or posted.
283 //
284
285 do {
286
287 //
288 // Use a try-except to handle the exception cases.
289 //
290
291 _SEH2_TRY {
292
293 //
294 // If the IrpContext is NULL then this is the first pass through
295 // this loop.
296 //
297
298 if (IrpContext == NULL) {
299
300 //
301 // Decide if this request is waitable an allocate the IrpContext.
302 // If the file object in the stack location is NULL then this
303 // is a mount which is always waitable. Otherwise we look at
304 // the file object flags.
305 //
306
308
309 Wait = TRUE;
310
311 } else {
312
313 Wait = CanFsdWait( Irp );
314 }
315
316 IrpContext = CdCreateIrpContext( Irp, Wait );
317
318 //
319 // Update the thread context information.
320 //
321
322 CdSetThreadContext( IrpContext, &ThreadContext );
323
324#ifdef CD_SANITY
325 NT_ASSERT( !CdTestTopLevel ||
326 SafeNodeType( IrpContext->TopLevel ) == CDFS_NTC_IRP_CONTEXT );
327#endif
328
329 //
330 // Otherwise cleanup the IrpContext for the retry.
331 //
332
333 } else {
334
335 //
336 // Set the MORE_PROCESSING flag to make sure the IrpContext
337 // isn't inadvertently deleted here. Then cleanup the
338 // IrpContext to perform the retry.
339 //
340
341 SetFlag( IrpContext->Flags, IRP_CONTEXT_FLAG_MORE_PROCESSING );
342 CdCleanupIrpContext( IrpContext, FALSE );
343 }
344
345 //
346 // Case on the major irp code.
347 //
348
349 switch (IrpContext->MajorFunction) {
350
351 case IRP_MJ_CREATE :
352
353 Status = CdCommonCreate( IrpContext, Irp );
354 break;
355
356 case IRP_MJ_CLOSE :
357
358 Status = CdCommonClose( IrpContext, Irp );
359 break;
360
361 case IRP_MJ_READ :
362
363 //
364 // If this is an Mdl complete request, don't go through
365 // common read.
366 //
367
368 if (FlagOn( IrpContext->MinorFunction, IRP_MN_COMPLETE )) {
369
370 Status = CdCompleteMdl( IrpContext, Irp );
371
372 } else {
373
374 Status = CdCommonRead( IrpContext, Irp );
375 }
376
377 break;
378
379 case IRP_MJ_WRITE :
380
381 Status = CdCommonWrite( IrpContext, Irp );
382 break;
383
385
386 Status = CdCommonQueryInfo( IrpContext, Irp );
387 break;
388
390
391 Status = CdCommonSetInfo( IrpContext, Irp );
392 break;
393
395
396 Status = CdCommonQueryVolInfo( IrpContext, Irp );
397 break;
398
400
401 Status = CdCommonDirControl( IrpContext, Irp );
402 break;
403
405
406 Status = CdCommonFsControl( IrpContext, Irp );
407 break;
408
410
411 Status = CdCommonDevControl( IrpContext, Irp );
412 break;
413
415
416 Status = CdCommonLockControl( IrpContext, Irp );
417 break;
418
419 case IRP_MJ_CLEANUP :
420
421 Status = CdCommonCleanup( IrpContext, Irp );
422 break;
423
424 case IRP_MJ_PNP :
425
426 Status = CdCommonPnp( IrpContext, Irp );
427 break;
428
429 case IRP_MJ_SHUTDOWN :
430
431 Status = CdCommonShutdown( IrpContext, Irp );
432 break;
433
434 default :
435
437 CdCompleteRequest( IrpContext, Irp, Status );
438 }
439
441
442 Status = CdProcessException( IrpContext, Irp, _SEH2_GetExceptionCode() );
443 } _SEH2_END;
444
445 } while (Status == STATUS_CANT_WAIT);
446
447#ifdef CD_SANITY
448 NT_ASSERT( !CdTestTopLevel ||
449 (PreviousTopLevel == IoGetTopLevelIrp()) );
450#endif
451
453
454 NT_ASSERT( SaveIrql == KeGetCurrentIrql( ));
455
456 return Status;
457}
static PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(PIRP Irp)
unsigned char BOOLEAN
LONG NTSTATUS
Definition: precomp.h:26
VOID CdCompleteRequest(_Inout_opt_ PIRP_CONTEXT IrpContext, _Inout_opt_ PIRP Irp, _In_ NTSTATUS Status)
Definition: cddata.c:914
LONG CdExceptionFilter(_Inout_ PIRP_CONTEXT IrpContext, _In_ PEXCEPTION_POINTERS ExceptionPointer)
Definition: cddata.c:525
VOID CdSetThreadContext(_Inout_ PIRP_CONTEXT IrpContext, _In_ PTHREAD_CONTEXT ThreadContext)
Definition: cddata.c:981
#define ASSERT_OPTIONAL_IRP(I)
Definition: cddata.h:251
NTSTATUS CdCompleteMdl(_In_ PIRP_CONTEXT IrpContext, _Inout_ PIRP Irp)
Definition: cachesup.c:411
VOID CdCleanupIrpContext(_In_ PIRP_CONTEXT IrpContext, _In_ BOOLEAN Post)
Definition: strucsup.c:1733
#define CanFsdWait(I)
Definition: cdprocs.h:2001
NTSTATUS CdCommonLockControl(_Inout_ PIRP_CONTEXT IrpContext, _Inout_ PIRP Irp)
Definition: lockctrl.c:35
NTSTATUS CdCommonDevControl(_Inout_ PIRP_CONTEXT IrpContext, _Inout_ PIRP Irp)
Definition: devctrl.c:46
_Ret_valid_ PIRP_CONTEXT CdCreateIrpContext(_In_ PIRP Irp, _In_ BOOLEAN Wait)
Definition: strucsup.c:1573
#define IRP_MJ_PNP
Definition: cdrw_usr.h:52
#define IRP_CONTEXT_FLAG_MORE_PROCESSING
Definition: cdstruc.h:1214
_In_ PIRP Irp
Definition: csq.h:116
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define CDFS_NTC_IRP_CONTEXT
Definition: nodetype.h:34
#define SafeNodeType(Ptr)
Definition: nodetype.h:54
UCHAR KIRQL
Definition: env_spec_w32.h:591
#define KeGetCurrentIrql()
Definition: env_spec_w32.h:706
#define SetFlag(_F, _SF)
Definition: ext2fs.h:187
#define FlagOn(_F, _SF)
Definition: ext2fs.h:179
#define FsRtlEnterFileSystem
#define FsRtlExitFileSystem
Status
Definition: gdiplustypes.h:25
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:325
PIRP NTAPI IoGetTopLevelIrp(VOID)
Definition: irp.c:1843
#define STATUS_CANT_WAIT
Definition: ntstatus.h:452
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:66
#define _SEH2_GetExceptionInformation()
Definition: pseh2_64.h:164
#define _SEH2_END
Definition: pseh2_64.h:155
#define _SEH2_TRY
Definition: pseh2_64.h:55
#define IRP_MJ_DIRECTORY_CONTROL
Definition: rdpdr.c:51
#define IRP_MJ_CLOSE
Definition: rdpdr.c:45
#define IRP_MJ_READ
Definition: rdpdr.c:46
#define IRP_MJ_DEVICE_CONTROL
Definition: rdpdr.c:52
#define IRP_MJ_QUERY_VOLUME_INFORMATION
Definition: rdpdr.c:50
#define IRP_MJ_LOCK_CONTROL
Definition: rdpdr.c:53
#define IRP_MJ_WRITE
Definition: rdpdr.c:47
#define IRP_MJ_SET_INFORMATION
Definition: rdpdr.c:49
#define IRP_MJ_CREATE
Definition: rdpdr.c:44
#define IRP_MJ_QUERY_INFORMATION
Definition: rdpdr.c:48
#define STATUS_INVALID_DEVICE_REQUEST
Definition: udferr_usr.h:138
_In_ PDEVICE_OBJECT DeviceObject
Definition: wdfdevice.h:2055
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:550
_In_ WDFDPC _In_ BOOLEAN Wait
Definition: wdfdpc.h:170
#define IRP_MN_COMPLETE
Definition: iotypes.h:4420
#define IRP_MJ_FILE_SYSTEM_CONTROL
#define IRP_MJ_SHUTDOWN
#define IRP_MJ_CLEANUP
#define NT_ASSERT
Definition: rtlfuncs.h:3327

◆ _IRQL_requires_max_() [2/3]

_IRQL_requires_max_ ( DISPATCH_LEVEL  )

Definition at line 21 of file psfuncs.h.

26{
28}
#define KeGetCurrentThread
Definition: hal.h:55

◆ _IRQL_requires_max_() [3/3]

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 923 of file Messaging.c.

75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
78
79 /* The caller must allow at least one connection */
80 if (MaxConnections == 0)
81 {
83 }
84
85 /* The request must be for a kernel handle */
86 if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87 {
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
97 if (!NT_SUCCESS(Status))
98 {
99 return Status;
100 }
101
102 /* Create the server port object for this filter */
107 NULL,
109 0,
110 0,
111 (PVOID *)&PortObject);
112 if (NT_SUCCESS(Status))
113 {
114 /* Zero out the struct */
115 RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116
117 /* Increment the ref count on the target filter */
119
120 /* Setup the filter port object */
121 PortObject->Filter = Filter;
125 PortObject->Cookie = ServerPortCookie;
126 PortObject->MaxConnections = MaxConnections;
127
128 /* Insert the object */
129 Status = ObInsertObject(PortObject,
130 NULL,
132 0,
133 NULL,
135 if (NT_SUCCESS(Status))
136 {
137 /* Lock the connection list */
139
140 /* Add the new port object to the connection list and increment the count */
143
144 /* Unlock the connection list*/
146 }
147 }
148
149 if (!NT_SUCCESS(Status))
150 {
151 /* Allow the filter to be cleaned up */
153 }
154
155 return Status;
156}
static const INTERNET_PORT ServerPort
Definition: CWebService.cpp:11
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
#define InsertTailList(ListHead, Entry)
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
static LONG MaxConnections
#define KernelMode
Definition: asm.h:34
#define FILE_READ_DATA
Definition: nt_native.h:628
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121
LIST_ENTRY mList
Definition: fltmgrint.h:56
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

◆ _When_()

◆ NtQueryInformationProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess ( _In_ HANDLE  ProcessHandle,
_In_ PROCESSINFOCLASS  ProcessInformationClass,
_Out_ PVOID  ProcessInformation,
_In_ ULONG  ProcessInformationLength,
_Out_opt_ PULONG  ReturnLength 
)

Definition at line 59 of file query.c.

65{
69 ULONG Length = 0;
70 HANDLE DebugPort = 0;
71 PPROCESS_BASIC_INFORMATION ProcessBasicInfo =
72 (PPROCESS_BASIC_INFORMATION)ProcessInformation;
73 PKERNEL_USER_TIMES ProcessTime = (PKERNEL_USER_TIMES)ProcessInformation;
74 ULONG UserTime, KernelTime;
75 PPROCESS_PRIORITY_CLASS PsPriorityClass = (PPROCESS_PRIORITY_CLASS)ProcessInformation;
76 ULONG HandleCount;
78 (PPROCESS_SESSION_INFORMATION)ProcessInformation;
79 PVM_COUNTERS VmCounters = (PVM_COUNTERS)ProcessInformation;
80 PIO_COUNTERS IoCounters = (PIO_COUNTERS)ProcessInformation;
81 PQUOTA_LIMITS QuotaLimits = (PQUOTA_LIMITS)ProcessInformation;
83 ULONG Cookie, ExecuteOptions = 0;
84 ULONG_PTR Wow64 = 0;
85 PROCESS_VALUES ProcessValues;
87 PAGED_CODE();
88
89 /* Verify Information Class validity */
90 Status = DefaultQueryInfoBufferCheck(ProcessInformationClass,
94 ProcessInformation,
95 ProcessInformationLength,
97 NULL,
99 if (!NT_SUCCESS(Status))
100 {
101 DPRINT1("NtQueryInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
102 return Status;
103 }
104
105 if (((ProcessInformationClass == ProcessCookie) ||
106 (ProcessInformationClass == ProcessImageInformation)) &&
108 {
109 /*
110 * Retrieving the process cookie is only allowed for the calling process
111 * itself! XP only allows NtCurrentProcess() as process handles even if
112 * a real handle actually represents the current process.
113 */
115 }
116
117 /* Check the information class */
118 switch (ProcessInformationClass)
119 {
120 /* Basic process information */
122
123 if (ProcessInformationLength != sizeof(PROCESS_BASIC_INFORMATION))
124 {
126 break;
127 }
128
129 /* Set return length */
131
132 /* Reference the process */
137 (PVOID*)&Process,
138 NULL);
139 if (!NT_SUCCESS(Status)) break;
140
141 /* Protect writes with SEH */
143 {
144 /* Write all the information from the EPROCESS/KPROCESS */
145 ProcessBasicInfo->ExitStatus = Process->ExitStatus;
146 ProcessBasicInfo->PebBaseAddress = Process->Peb;
147 ProcessBasicInfo->AffinityMask = Process->Pcb.Affinity;
148 ProcessBasicInfo->UniqueProcessId = (ULONG_PTR)Process->
149 UniqueProcessId;
150 ProcessBasicInfo->InheritedFromUniqueProcessId =
151 (ULONG_PTR)Process->InheritedFromUniqueProcessId;
152 ProcessBasicInfo->BasePriority = Process->Pcb.BasePriority;
153
154 }
156 {
157 /* Get exception code */
159 }
160 _SEH2_END;
161
162 /* Dereference the process */
164 break;
165
166 /* Process quota limits */
168
169 if (ProcessInformationLength != sizeof(QUOTA_LIMITS))
170 {
172 break;
173 }
174
175 Length = sizeof(QUOTA_LIMITS);
176
177 /* Reference the process */
182 (PVOID*)&Process,
183 NULL);
184 if (!NT_SUCCESS(Status)) break;
185
186 /* Indicate success */
188
190 {
191 /* Set max/min working set sizes */
192 QuotaLimits->MaximumWorkingSetSize =
193 Process->Vm.MaximumWorkingSetSize << PAGE_SHIFT;
194 QuotaLimits->MinimumWorkingSetSize =
195 Process->Vm.MinimumWorkingSetSize << PAGE_SHIFT;
196
197 /* Set default time limits */
198 QuotaLimits->TimeLimit.LowPart = MAXULONG;
199 QuotaLimits->TimeLimit.HighPart = MAXULONG;
200
201 /* Is quota block a default one? */
202 if (Process->QuotaBlock == &PspDefaultQuotaBlock)
203 {
204 /* Set default pools and pagefile limits */
205 QuotaLimits->PagedPoolLimit = (SIZE_T)-1;
206 QuotaLimits->NonPagedPoolLimit = (SIZE_T)-1;
207 QuotaLimits->PagefileLimit = (SIZE_T)-1;
208 }
209 else
210 {
211 /* Get limits from non-default quota block */
212 QuotaLimits->PagedPoolLimit =
213 Process->QuotaBlock->QuotaEntry[PsPagedPool].Limit;
214 QuotaLimits->NonPagedPoolLimit =
215 Process->QuotaBlock->QuotaEntry[PsNonPagedPool].Limit;
216 QuotaLimits->PagefileLimit =
217 Process->QuotaBlock->QuotaEntry[PsPageFile].Limit;
218 }
219 }
221 {
222 /* Get exception code */
224 }
225 _SEH2_END;
226
227 /* Dereference the process */
229 break;
230
232
233 if (ProcessInformationLength != sizeof(IO_COUNTERS))
234 {
236 break;
237 }
238
239 Length = sizeof(IO_COUNTERS);
240
241 /* Reference the process */
246 (PVOID*)&Process,
247 NULL);
248 if (!NT_SUCCESS(Status)) break;
249
250 /* Query IO counters from the process */
251 KeQueryValuesProcess(&Process->Pcb, &ProcessValues);
252
254 {
255 RtlCopyMemory(IoCounters, &ProcessValues.IoInfo, sizeof(IO_COUNTERS));
256 }
258 {
259 /* Ignore exception */
260 }
261 _SEH2_END;
262
263 /* Set status to success in any case */
265
266 /* Dereference the process */
268 break;
269
270 /* Timing */
271 case ProcessTimes:
272
273 /* Set the return length */
274 if (ProcessInformationLength != sizeof(KERNEL_USER_TIMES))
275 {
277 break;
278 }
279
280 Length = sizeof(KERNEL_USER_TIMES);
281
282 /* Reference the process */
287 (PVOID*)&Process,
288 NULL);
289 if (!NT_SUCCESS(Status)) break;
290
291 /* Protect writes with SEH */
293 {
294 /* Copy time information from EPROCESS/KPROCESS */
295 KernelTime = KeQueryRuntimeProcess(&Process->Pcb, &UserTime);
296 ProcessTime->CreateTime = Process->CreateTime;
298 ProcessTime->KernelTime.QuadPart = (LONGLONG)KernelTime * KeMaximumIncrement;
299 ProcessTime->ExitTime = Process->ExitTime;
300 }
302 {
303 /* Get exception code */
305 }
306 _SEH2_END;
307
308 /* Dereference the process */
310 break;
311
312 /* Process Debug Port */
313 case ProcessDebugPort:
314
315 if (ProcessInformationLength != sizeof(HANDLE))
316 {
318 break;
319 }
320
321 /* Set return length */
322 Length = sizeof(HANDLE);
323
324 /* Reference the process */
329 (PVOID*)&Process,
330 NULL);
331 if (!NT_SUCCESS(Status)) break;
332
333 /* Protect write with SEH */
335 {
336 /* Return whether or not we have a debug port */
337 *(PHANDLE)ProcessInformation = (Process->DebugPort ?
338 (HANDLE)-1 : NULL);
339 }
341 {
342 /* Get exception code */
344 }
345 _SEH2_END;
346
347 /* Dereference the process */
349 break;
350
352
353 if (ProcessInformationLength != sizeof(ULONG))
354 {
356 break;
357 }
358
359 /* Set the return length*/
360 Length = sizeof(ULONG);
361
362 /* Reference the process */
367 (PVOID*)&Process,
368 NULL);
369 if (!NT_SUCCESS(Status)) break;
370
371 /* Count the number of handles this process has */
372 HandleCount = ObGetProcessHandleCount(Process);
373
374 /* Protect write in SEH */
376 {
377 /* Return the count of handles */
378 *(PULONG)ProcessInformation = HandleCount;
379 }
381 {
382 /* Get the exception code */
384 }
385 _SEH2_END;
386
387 /* Dereference the process */
389 break;
390
391 /* Session ID for the process */
393
394 if (ProcessInformationLength != sizeof(PROCESS_SESSION_INFORMATION))
395 {
397 break;
398 }
399
400 /* Set the return length*/
402
403 /* Reference the process */
408 (PVOID*)&Process,
409 NULL);
410 if (!NT_SUCCESS(Status)) break;
411
412 /* Enter SEH for write safety */
414 {
415 /* Write back the Session ID */
417 }
419 {
420 /* Get the exception code */
422 }
423 _SEH2_END;
424
425 /* Dereference the process */
427 break;
428
429 /* Virtual Memory Statistics */
431
432 /* Validate the input length */
433 if ((ProcessInformationLength != sizeof(VM_COUNTERS)) &&
434 (ProcessInformationLength != sizeof(VM_COUNTERS_EX)))
435 {
437 break;
438 }
439
440 /* Reference the process */
445 (PVOID*)&Process,
446 NULL);
447 if (!NT_SUCCESS(Status)) break;
448
449 /* Enter SEH for write safety */
451 {
452 /* Return data from EPROCESS */
453 VmCounters->PeakVirtualSize = Process->PeakVirtualSize;
454 VmCounters->VirtualSize = Process->VirtualSize;
455 VmCounters->PageFaultCount = Process->Vm.PageFaultCount;
456 VmCounters->PeakWorkingSetSize = Process->Vm.PeakWorkingSetSize;
457 VmCounters->WorkingSetSize = Process->Vm.WorkingSetSize;
458 VmCounters->QuotaPeakPagedPoolUsage = Process->QuotaPeak[PsPagedPool];
459 VmCounters->QuotaPagedPoolUsage = Process->QuotaUsage[PsPagedPool];
460 VmCounters->QuotaPeakNonPagedPoolUsage = Process->QuotaPeak[PsNonPagedPool];
461 VmCounters->QuotaNonPagedPoolUsage = Process->QuotaUsage[PsNonPagedPool];
462 VmCounters->PagefileUsage = Process->QuotaUsage[PsPageFile] << PAGE_SHIFT;
463 VmCounters->PeakPagefileUsage = Process->QuotaPeak[PsPageFile] << PAGE_SHIFT;
464 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
465 //
466
467 /* Set the return length */
468 Length = ProcessInformationLength;
469 }
471 {
472 /* Get the exception code */
474 }
475 _SEH2_END;
476
477 /* Dereference the process */
479 break;
480
481 /* Hard Error Processing Mode */
483
484 if (ProcessInformationLength != sizeof(ULONG))
485 {
487 break;
488 }
489
490 /* Set the return length*/
491 Length = sizeof(ULONG);
492
493 /* Reference the process */
498 (PVOID*)&Process,
499 NULL);
500 if (!NT_SUCCESS(Status)) break;
501
502 /* Enter SEH for writing back data */
504 {
505 /* Write the current processing mode */
506 *(PULONG)ProcessInformation = Process->
507 DefaultHardErrorProcessing;
508 }
510 {
511 /* Get the exception code */
513 }
514 _SEH2_END;
515
516 /* Dereference the process */
518 break;
519
520 /* Priority Boosting status */
522
523 if (ProcessInformationLength != sizeof(ULONG))
524 {
526 break;
527 }
528
529 /* Set the return length */
530 Length = sizeof(ULONG);
531
532 /* Reference the process */
537 (PVOID*)&Process,
538 NULL);
539 if (!NT_SUCCESS(Status)) break;
540
541 /* Enter SEH for writing back data */
543 {
544 /* Return boost status */
545 *(PULONG)ProcessInformation = Process->Pcb.DisableBoost ?
546 TRUE : FALSE;
547 }
549 {
550 /* Get the exception code */
552 }
553 _SEH2_END;
554
555 /* Dereference the process */
557 break;
558
559 /* DOS Device Map */
560 case ProcessDeviceMap:
561
562 if (ProcessInformationLength == sizeof(PROCESS_DEVICEMAP_INFORMATION_EX))
563 {
564 /* Protect read in SEH */
566 {
567 PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
568
569 Flags = DeviceMapEx->Flags;
570 }
572 {
573 /* Get the exception code */
575 _SEH2_YIELD(break);
576 }
577 _SEH2_END;
578
579 /* Only one flag is supported and it needs LUID mappings */
580 if ((Flags & ~PROCESS_LUID_DOSDEVICES_ONLY) != 0 ||
582 {
584 break;
585 }
586 }
587 else
588 {
589 /* This has to be the size of the Query union field for x64 compatibility! */
590 if (ProcessInformationLength != RTL_FIELD_SIZE(PROCESS_DEVICEMAP_INFORMATION, Query))
591 {
593 break;
594 }
595
596 /* No flags for standard call */
597 Flags = 0;
598 }
599
600 /* Set the return length */
601 Length = ProcessInformationLength;
602
603 /* Reference the process */
608 (PVOID*)&Process,
609 NULL);
610 if (!NT_SUCCESS(Status)) break;
611
612 /* Query the device map information */
614 ProcessInformation,
615 Flags);
616
617 /* Dereference the process */
619 break;
620
621 /* Priority class */
623
624 if (ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS))
625 {
627 break;
628 }
629
630 /* Set the return length*/
632
633 /* Reference the process */
638 (PVOID*)&Process,
639 NULL);
640 if (!NT_SUCCESS(Status)) break;
641
642 /* Enter SEH for writing back data */
644 {
645 /* Return current priority class */
646 PsPriorityClass->PriorityClass = Process->PriorityClass;
647 PsPriorityClass->Foreground = FALSE;
648 }
650 {
651 /* Get the exception code */
653 }
654 _SEH2_END;
655
656 /* Dereference the process */
658 break;
659
661
662 /* Reference the process */
667 (PVOID*)&Process,
668 NULL);
669 if (!NT_SUCCESS(Status)) break;
670
671 /* Get the image path */
673 if (NT_SUCCESS(Status))
674 {
675 /* Set return length */
676 Length = ImageName->MaximumLength +
678
679 /* Make sure it's large enough */
680 if (Length <= ProcessInformationLength)
681 {
682 /* Enter SEH to protect write */
684 {
685 /* Copy it */
686 RtlCopyMemory(ProcessInformation,
687 ImageName,
688 Length);
689
690 /* Update pointer */
691 ((PUNICODE_STRING)ProcessInformation)->Buffer =
692 (PWSTR)((PUNICODE_STRING)ProcessInformation + 1);
693 }
695 {
696 /* Get the exception code */
698 }
699 _SEH2_END;
700 }
701 else
702 {
703 /* Buffer too small */
705 }
706
707 /* Free the image path */
709 }
710 /* Dereference the process */
712 break;
713
715
716 if (ProcessInformationLength != sizeof(ULONG))
717 {
719 break;
720 }
721
722 /* Set the return length*/
723 Length = sizeof(ULONG);
724
725 /* Reference the process */
730 (PVOID*)&Process,
731 NULL);
732 if (!NT_SUCCESS(Status)) break;
733
734 /* Enter SEH for writing back data */
736 {
737 /* Return the debug flag state */
738 *(PULONG)ProcessInformation = Process->NoDebugInherit ? 0 : 1;
739 }
741 {
742 /* Get the exception code */
744 }
745 _SEH2_END;
746
747 /* Dereference the process */
749 break;
750
752
753 if (ProcessInformationLength != sizeof(ULONG))
754 {
756 break;
757 }
758
759 /* Set the return length */
760 Length = sizeof(ULONG);
761
762 /* Reference the process */
767 (PVOID*)&Process,
768 NULL);
769 if (!NT_SUCCESS(Status)) break;
770
771 /* Enter SEH for writing back data */
773 {
774 /* Return the BreakOnTermination state */
775 *(PULONG)ProcessInformation = Process->BreakOnTermination;
776 }
778 {
779 /* Get the exception code */
781 }
782 _SEH2_END;
783
784 /* Dereference the process */
786 break;
787
788 /* Per-process security cookie */
789 case ProcessCookie:
790
791 if (ProcessInformationLength != sizeof(ULONG))
792 {
793 /* Length size wrong, bail out */
795 break;
796 }
797
798 /* Get the current process and cookie */
800 Cookie = Process->Cookie;
801 if (!Cookie)
802 {
803 LARGE_INTEGER SystemTime;
804 ULONG NewCookie;
805 PKPRCB Prcb;
806
807 /* Generate a new cookie */
808 KeQuerySystemTime(&SystemTime);
809 Prcb = KeGetCurrentPrcb();
810 NewCookie = Prcb->KeSystemCalls ^ Prcb->InterruptTime ^
811 SystemTime.u.LowPart ^ SystemTime.u.HighPart;
812
813 /* Set the new cookie or return the current one */
815 NewCookie,
816 Cookie);
817 if (!Cookie) Cookie = NewCookie;
818
819 /* Set return length */
820 Length = sizeof(ULONG);
821 }
822
823 /* Indicate success */
825
826 /* Enter SEH to protect write */
828 {
829 /* Write back the cookie */
830 *(PULONG)ProcessInformation = Cookie;
831 }
833 {
834 /* Get the exception code */
836 }
837 _SEH2_END;
838 break;
839
841
842 if (ProcessInformationLength != sizeof(SECTION_IMAGE_INFORMATION))
843 {
844 /* Break out */
846 break;
847 }
848
849 /* Set the length required and validate it */
851
852 /* Enter SEH to protect write */
854 {
856 }
858 {
859 /* Get the exception code */
861 }
862 _SEH2_END;
863
864 /* Indicate success */
866 break;
867
869
870 if (ProcessInformationLength != sizeof(HANDLE))
871 {
873 break;
874 }
875
876 /* Set the return length */
877 Length = sizeof(HANDLE);
878
879 /* Reference the process */
884 (PVOID*)&Process,
885 NULL);
886 if (!NT_SUCCESS(Status)) break;
887
888 /* Get the debug port */
890
891 /* Let go of the process */
893
894 /* Protect write in SEH */
896 {
897 /* Return debug port's handle */
898 *(PHANDLE)ProcessInformation = DebugPort;
899 }
901 {
902 /* Get the exception code */
904 }
905 _SEH2_END;
906 break;
907
909 DPRINT1("Handle tracing Not implemented: %lx\n", ProcessInformationClass);
911 break;
912
914
915 if (ProcessInformationLength != sizeof(ULONG))
916 {
918 break;
919 }
920
921 /* Set the return length */
922 Length = sizeof(ULONG);
923
924 /* Indicate success */
926
927 /* Protect write in SEH */
929 {
930 /* Query Ob */
931 *(PULONG)ProcessInformation = ObIsLUIDDeviceMapsEnabled();
932 }
934 {
935 /* Get the exception code */
937 }
938 _SEH2_END;
939 break;
940
942
943 if (ProcessInformationLength != sizeof(ULONG))
944 {
946 break;
947 }
948
949 /* Set the return length */
950 Length = sizeof(ULONG);
951
952 /* Reference the process */
957 (PVOID*)&Process,
958 NULL);
959 if (!NT_SUCCESS(Status)) break;
960
961 /* Protect write in SEH */
963 {
964 /* Return if the flag is set */
965 *(PULONG)ProcessInformation = (ULONG)Process->VdmAllowed;
966 }
968 {
969 /* Get the exception code */
971 }
972 _SEH2_END;
973
974 /* Dereference the process */
976 break;
977
979
980 if (ProcessInformationLength != sizeof(ULONG_PTR))
981 {
983 break;
984 }
985
986 /* Set return length */
987 Length = sizeof(ULONG_PTR);
988
989 /* Reference the process */
994 (PVOID*)&Process,
995 NULL);
996 if (!NT_SUCCESS(Status)) break;
997
998 /* Make sure the process isn't dying */
999 if (ExAcquireRundownProtection(&Process->RundownProtect))
1000 {
1001 /* Get the WOW64 process structure */
1002#ifdef _WIN64
1003 Wow64 = (ULONG_PTR)Process->Wow64Process;
1004#else
1005 Wow64 = 0;
1006#endif
1007 /* Release the lock */
1008 ExReleaseRundownProtection(&Process->RundownProtect);
1009 }
1010
1011 /* Protect write with SEH */
1012 _SEH2_TRY
1013 {
1014 /* Return whether or not we have a debug port */
1015 *(PULONG_PTR)ProcessInformation = Wow64;
1016 }
1018 {
1019 /* Get exception code */
1021 }
1022 _SEH2_END;
1023
1024 /* Dereference the process */
1026 break;
1027
1029
1030 if (ProcessInformationLength != sizeof(ULONG))
1031 {
1033 break;
1034 }
1035
1036 /* Set return length */
1037 Length = sizeof(ULONG);
1038
1040 {
1042 }
1043
1044 /* Get the options */
1045 Status = MmGetExecuteOptions(&ExecuteOptions);
1046 if (NT_SUCCESS(Status))
1047 {
1048 /* Protect write with SEH */
1049 _SEH2_TRY
1050 {
1051 /* Return them */
1052 *(PULONG)ProcessInformation = ExecuteOptions;
1053 }
1055 {
1056 /* Get exception code */
1058 }
1059 _SEH2_END;
1060 }
1061 break;
1062
1064 DPRINT1("VDM/16-bit not implemented: %lx\n", ProcessInformationClass);
1066 break;
1067
1069 DPRINT1("WS Watch Not implemented: %lx\n", ProcessInformationClass);
1071 break;
1072
1074 DPRINT1("Pool limits Not implemented: %lx\n", ProcessInformationClass);
1076 break;
1077
1078 /* Not supported by Server 2003 */
1079 default:
1080 DPRINT1("Unsupported info class: %lx\n", ProcessInformationClass);
1082 }
1083
1084 /* Protect write with SEH */
1085 _SEH2_TRY
1086 {
1087 /* Check if caller wanted return length */
1088 if ((ReturnLength) && (Length)) *ReturnLength = Length;
1089 }
1091 {
1092 /* Get exception code */
1094 }
1095 _SEH2_END;
1096
1097 return Status;
1098}
#define PAGED_CODE()
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
#define DPRINT1
Definition: precomp.h:8
BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended)
Definition: query.c:292
#define STATUS_NOT_IMPLEMENTED
Definition: d3dkmdt.h:42
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
#define ULONG_PTR
Definition: config.h:101
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:43
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
#define PAGE_SHIFT
Definition: env_spec_w32.h:45
#define KeQuerySystemTime(t)
Definition: env_spec_w32.h:570
#define ExReleaseRundownProtection
Definition: ex.h:136
#define ExGetPreviousMode
Definition: ex.h:140
#define ExAcquireRundownProtection
Definition: ex.h:135
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
#define ICIF_PROBE_READ
Definition: icif.h:25
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
#define PROCESS_QUERY_INFORMATION
Definition: pstypes.h:167
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
@ PsNonPagedPool
Definition: pstypes.h:1022
@ PsPageFile
Definition: pstypes.h:1024
@ PsPagedPool
Definition: pstypes.h:1023
@ ProcessDebugPort
Definition: winternl.h:395
@ ProcessBreakOnTermination
Definition: winternl.h:398
@ ProcessBasicInformation
Definition: winternl.h:394
@ ProcessWow64Information
Definition: winternl.h:396
@ ProcessImageFileName
Definition: winternl.h:397
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
@ ProcessLUIDDeviceMapsEnabled
Definition: winternl.h:884
@ ProcessWx86Information
Definition: winternl.h:875
@ ProcessDebugFlags
Definition: winternl.h:887
@ ProcessSessionInformation
Definition: winternl.h:880
@ ProcessVmCounters
Definition: winternl.h:859
@ ProcessPriorityClass
Definition: winternl.h:874
@ ProcessPriorityBoost
Definition: winternl.h:878
@ ProcessImageInformation
Definition: winternl.h:892
@ ProcessExecuteFlags
Definition: winternl.h:889
@ ProcessCookie
Definition: winternl.h:891
@ ProcessPooledUsageAndLimits
Definition: winternl.h:870
@ ProcessIoCounters
Definition: winternl.h:858
@ ProcessDefaultHardErrorMode
Definition: winternl.h:868
@ ProcessDeviceMap
Definition: winternl.h:879
@ ProcessQuotaLimits
Definition: winternl.h:857
@ ProcessHandleTracing
Definition: winternl.h:888
@ ProcessTimes
Definition: winternl.h:860
@ ProcessDebugObjectHandle
Definition: winternl.h:886
@ ProcessWorkingSetWatch
Definition: winternl.h:871
@ ProcessLdtInformation
Definition: winternl.h:866
@ ProcessHandleCount
Definition: winternl.h:876
struct _VM_COUNTERS_ * PVM_COUNTERS
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define PROCESS_LUID_DOSDEVICES_ONLY
Definition: pstypes.h:228
struct _IO_COUNTERS IO_COUNTERS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
struct _IO_COUNTERS * PIO_COUNTERS
#define InterlockedCompareExchange
Definition: interlocked.h:104
#define RTL_FIELD_SIZE(type, field)
Definition: kdb_expr.c:86
struct _QUOTA_LIMITS QUOTA_LIMITS
struct _QUOTA_LIMITS * PQUOTA_LIMITS
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
static const char * ImageName
Definition: image.c:34
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
Definition: ketypes.h:1150
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
#define NtCurrentProcess()
Definition: nt_native.h:1657
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1615
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2653
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
ULONG KeMaximumIncrement
Definition: clock.c:20
POBJECT_TYPE PsProcessType
Definition: process.c:20
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
Definition: devicemap.c:662
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
long LONG
Definition: pedump.c:60
EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock
Definition: quota.c:16
static const INFORMATION_CLASS_INFO PsProcessInfoClass[]
Definition: ps_i.h:15
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define STATUS_SUCCESS
Definition: shellext.h:65
LARGE_INTEGER UserTime
Definition: winternl.h:1063
LARGE_INTEGER CreateTime
Definition: winternl.h:1060
LARGE_INTEGER KernelTime
Definition: winternl.h:1062
LARGE_INTEGER ExitTime
Definition: winternl.h:1061
ULONG InterruptTime
Definition: ketypes.h:809
ULONG KeSystemCalls
Definition: ketypes.h:720
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:340
IO_COUNTERS IoInfo
Definition: ke.h:48
INT64 MaximumWorkingSetSize
Definition: lsa.idl:290
INT64 NonPagedPoolLimit
Definition: lsa.idl:288
LARGE_INTEGER TimeLimit
Definition: lsa.idl:292
INT64 MinimumWorkingSetSize
Definition: lsa.idl:289
INT64 PagefileLimit
Definition: lsa.idl:291
INT64 PagedPoolLimit
Definition: lsa.idl:287
SIZE_T QuotaPeakPagedPoolUsage
Definition: winternl.h:1610
SIZE_T PeakWorkingSetSize
Definition: winternl.h:1608
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:1612
SIZE_T VirtualSize
Definition: winternl.h:1606
SIZE_T PeakPagefileUsage
Definition: winternl.h:1615
SIZE_T QuotaNonPagedPoolUsage
Definition: winternl.h:1613
SIZE_T PagefileUsage
Definition: winternl.h:1614
SIZE_T PeakVirtualSize
Definition: winternl.h:1605
SIZE_T QuotaPagedPoolUsage
Definition: winternl.h:1611
SIZE_T WorkingSetSize
Definition: winternl.h:1609
ULONG PageFaultCount
Definition: winternl.h:1607
#define TAG_SEPA
Definition: tag.h:156
uint16_t * PWSTR
Definition: typedefs.h:56
#define MAXULONG
Definition: typedefs.h:251
uint32_t * PULONG_PTR
Definition: typedefs.h:65
uint32_t * PULONG
Definition: typedefs.h:59
PVOID HANDLE
Definition: typedefs.h:73
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
LONGLONG QuadPart
Definition: typedefs.h:114
struct _LARGE_INTEGER::@2302 u
ULONG LowPart
Definition: typedefs.h:106
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
Definition: cmfuncs.h:14
_Out_ PULONG UserTime
Definition: kefuncs.h:759
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ObDereferenceObject
Definition: obfuncs.h:203
#define PsGetCurrentProcess
Definition: psfuncs.h:17
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103

Referenced by _main(), BaseInitializeStaticServerData(), check_live_target(), CheckRemoteDebuggerPresent(), CON_API_NOCONSOLE(), EmptyWorkingSet(), EnumProcessModules(), FindModule(), get_shiminfo(), getCommandLineFromProcess(), GetDriveTypeW(), GetErrorMode(), GetExitCodeProcess(), GetLogicalDrives(), GetPriorityClass(), GetProcessAffinityMask(), GetProcessExecutablePath(), GetProcessHandleCount(), GetProcessId(), GetProcessImageFileNameA(), GetProcessImageFileNameW(), GetProcessIoCounters(), GetProcessMemoryInfo(), GetProcessPriorityBoost(), GetProcessTimes(), GetProcessVersion(), GetProcessWorkingSetSizeEx(), GetSourcePaths(), GetWsChanges(), GlobalMemoryStatusEx(), InitFunctionPtrs(), Is64BitSystem(), IsCriticalProcess(), IsWow64Process(), PerfDataGetCommandLine(), PrintProcess(), ProcessIdToSessionId(), PsaEnumerateProcessModules(), QueryFlag(), QueryFullProcessImageNameW(), QuerySetProcessValidator(), RtlpQueryRemoteProcessModules(), SmpApiLoop(), SmpCreateVolumeDescriptors(), SmpGetProcessMuSessionId(), Test_ProcessPriorityClassAlignment(), Test_ProcessTimes(), Test_ProcessWx86Information(), UnhandledExceptionFilter(), UserpGetClientFileName(), wmain(), and Wow64QueryFlag().

◆ PsGetCurrentProcessId()

◆ PsGetCurrentThreadTeb()

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadTeb ( VOID  )

Definition at line 785 of file thread.c.

786{
787 return PsGetCurrentThread()->Tcb.Teb;
788}
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81

Referenced by FileOpenAddress().

◆ PsGetThreadProcess()

NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess ( _In_ PETHREAD  Thread)

◆ PsGetVersion()

NTKERNELAPI BOOLEAN NTAPI PsGetVersion ( OUT PULONG MajorVersion  OPTIONAL,
OUT PULONG MinorVersion  OPTIONAL,
OUT PULONG BuildNumber  OPTIONAL,
OUT PUNICODE_STRING CSDVersion  OPTIONAL 
)

Definition at line 566 of file psmgr.c.

570{
573 if (BuildNumber ) *BuildNumber = NtBuildNumber & 0x3FFF;
574
575 if (CSDVersion)
576 {
577 CSDVersion->Length = CmCSDVersionString.Length;
578 CSDVersion->MaximumLength = CmCSDVersionString.MaximumLength;
579 CSDVersion->Buffer = CmCSDVersionString.Buffer;
580 }
581
582 /* Return TRUE if this is a Checked Build */
583 return (NtBuildNumber >> 28) == 0xC;
584}
ULONG BuildNumber
Definition: ros_glue.cpp:6
ULONG MajorVersion
Definition: ros_glue.cpp:4
ULONG MinorVersion
Definition: ros_glue.cpp:5
ULONG NtMajorVersion
Definition: init.c:45
ULONG NtMinorVersion
Definition: init.c:46
UNICODE_STRING CmCSDVersionString
Definition: init.c:62
ULONG NtBuildNumber
Definition: init.c:50
USHORT MaximumLength
Definition: env_spec_w32.h:370

◆ PsIsCurrentThreadPrefetching()

NTKERNELAPI BOOLEAN NTAPI PsIsCurrentThreadPrefetching ( VOID  )

◆ PsIsSystemThread()

NTKERNELAPI BOOLEAN NTAPI PsIsSystemThread ( _In_ PETHREAD  Thread)

◆ PsRemoveCreateThreadNotifyRoutine()

NTKERNELAPI NTSTATUS NTAPI PsRemoveCreateThreadNotifyRoutine ( _In_ PCREATE_THREAD_NOTIFY_ROUTINE  NotifyRoutine)

◆ PsSetCreateProcessNotifyRoutineEx()

NTKERNELAPI NTSTATUS NTAPI PsSetCreateProcessNotifyRoutineEx ( IN PCREATE_PROCESS_NOTIFY_ROUTINE_EX  NotifyRoutine,
IN BOOLEAN  Remove 
)

◆ PsSetCurrentThreadPrefetching()

NTKERNELAPI BOOLEAN NTAPI PsSetCurrentThreadPrefetching ( IN BOOLEAN  Prefetching)

Variable Documentation

◆ Amount

Definition at line 212 of file psfuncs.h.

◆ ApcRoutine

_Inout_ PVOID* ApcRoutine

Definition at line 11 of file psfuncs.h.

◆ ClientId

◆ CopyOnOpen

◆ DesiredAccess

Definition at line 40 of file psfuncs.h.

◆ EffectiveOnly

Definition at line 155 of file psfuncs.h.

◆ ImpersonationLevel

◆ ImpersonationState

_In_ PSE_IMPERSONATION_STATE ImpersonationState

Definition at line 189 of file psfuncs.h.

Referenced by NtOpenThreadTokenEx(), PsDisableImpersonation(), and PsRestoreImpersonation().

◆ ObjectAttributes

Definition at line 41 of file psfuncs.h.

◆ PoolType

◆ Process

_Outptr_ PEPROCESS* Process

Definition at line 64 of file psfuncs.h.

◆ ProcessHandle

Definition at line 89 of file psfuncs.h.

◆ Remove

◆ StartRoutine

◆ Thread

Definition at line 73 of file psfuncs.h.

◆ Token

Definition at line 178 of file psfuncs.h.