Macros
#define	PsGetCurrentProcess IoGetCurrentProcess

#define	_PSGETCURRENTTHREAD_

Functions
	$if (_WDMDDK_) NTKERNELAPI NTSTATUS NTAPI PsWrapApcWow64Thread(_Inout_ PVOID *ApcContext

	_IRQL_requires_max_ (DISPATCH_LEVEL) FORCEINLINE PETHREAD NTAPI PsGetCurrentThread(VOID)

	$endif (_WDMDDK_) $if(_NTDDK_) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess(_Out_ PHANDLE ProcessHandle

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)

	$endif (_NTDDK_) $if(_NTIFS_) _Must_inspect_result_ _IRQL_requires_max_(APC_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsLookupProcessByProcessId(_In_ HANDLE ProcessId

_Must_inspect_result_	_IRQL_requires_max_ (APC_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsLookupThreadByThreadId(_In_ HANDLE UniqueThreadId
	Probes and locks virtual pages in memory for the specified process.

	$endif (_NTIFS_) $if(_WDMDDK_) _IRQL_requires_max_(APC_LEVEL) _Post_satisfies_(return<=0) _Must_inspect_result_ NTKERNELAPI NTSTATUS NTAPI PsCreateSystemThread(_Out_ PHANDLE ThreadHandle

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE _In_opt_	_When_ (return==0, __drv_aliasesMem) PVOID StartContext)

	_IRQL_requires_max_ (PASSIVE_LEVEL) NTKERNELAPI NTSTATUS NTAPI PsTerminateSystemThread(_In_ NTSTATUS ExitStatus)
	Queries information details about a security descriptor.

NTKERNELAPI HANDLE NTAPI	PsGetCurrentProcessId (VOID)

NTKERNELAPI BOOLEAN NTAPI	PsGetVersion (OUT PULONG MajorVersion OPTIONAL, OUT PULONG MinorVersion OPTIONAL, OUT PULONG BuildNumber OPTIONAL, OUT PUNICODE_STRING CSDVersion OPTIONAL)

NTKERNELAPI PEPROCESS NTAPI	PsGetThreadProcess (_In_ PETHREAD Thread)

NTKERNELAPI NTSTATUS NTAPI	PsRemoveCreateThreadNotifyRoutine (_In_ PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine)

NTKERNELAPI BOOLEAN NTAPI	PsIsSystemThread (_In_ PETHREAD Thread)

NTKERNELAPI PVOID NTAPI	PsGetCurrentThreadTeb (VOID)

NTKERNELAPI BOOLEAN NTAPI	PsSetCurrentThreadPrefetching (IN BOOLEAN Prefetching)

NTKERNELAPI BOOLEAN NTAPI	PsIsCurrentThreadPrefetching (VOID)

NTKERNELAPI NTSTATUS NTAPI	PsSetCreateProcessNotifyRoutineEx (IN PCREATE_PROCESS_NOTIFY_ROUTINE_EX NotifyRoutine, IN BOOLEAN Remove)

Variables
_Inout_ PVOID *	ApcRoutine

_In_ ACCESS_MASK	DesiredAccess

_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES	ObjectAttributes

_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _In_opt_ PCLIENT_ID	ClientId

_Outptr_ PEPROCESS *	Process

_Must_inspect_result_ _Outptr_ PETHREAD *	Thread

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE	ProcessHandle

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE	StartRoutine

_In_ BOOLEAN	Remove

_Out_ PBOOLEAN	CopyOnOpen

_Out_ PBOOLEAN _Out_ PBOOLEAN	EffectiveOnly

_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL	ImpersonationLevel

_Must_inspect_result_ _In_opt_ PACCESS_TOKEN	Token

_Inout_ PSE_IMPERSONATION_STATE	ImpersonationState

_In_ POOL_TYPE	PoolType

_In_ POOL_TYPE _In_ ULONG_PTR	Amount

Macro Definition Documentation

◆ _PSGETCURRENTTHREAD_

#define _PSGETCURRENTTHREAD_

Definition at line 20 of file psfuncs.h.

◆ PsGetCurrentProcess

#define PsGetCurrentProcess IoGetCurrentProcess

Definition at line 17 of file psfuncs.h.

Function Documentation

◆ $endif() [1/3]

$endif ( _NTDDK_ )

Definition at line 559 of file iofuncs.h.

{
    PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
    PriorityInfo->ThreadPriority = 0xffff;
    PriorityInfo->IoPriority = IoPriorityNormal;
    PriorityInfo->PagePriority = 0;
}

◆ $endif() [2/3]

$endif ( _NTIFS_ )

pure virtual

Definition at line 396 of file rtlfuncs.h.

{
  LARGE_INTEGER ret;
  ret.QuadPart = SignedInteger;
  return ret;
}

◆ $endif() [3/3]

$endif ( _WDMDDK_ )

Definition at line 85 of file ke.h.

{
    ULONGLONG Low;
    LONGLONG High;
} NEON128, *PNEON128;

◆ $if()

$if ( _WDMDDK_ )

Kernel definitions for ARM64

Kernel definitions for AMD64

Kernel definitions for ARM

Definition at line 1 of file ke.h.

{
    ULONG Dummy;
} KFLOATING_SAVE, *PKFLOATING_SAVE;

◆ _IRQL_requires_max_() [1/3]

_Must_inspect_result_ _IRQL_requires_max_ ( APC_LEVEL )

Probes and locks virtual pages in memory for the specified process.

Parameters

[in,out]	MemoryDescriptorList	Memory Descriptor List (MDL) containing the buffer to be probed and locked.
[in]	Process	The process for which the buffer should be probed and locked.
[in]	AccessMode	Access mode for probing the pages. Can be KernelMode or UserMode.
[in]	LockOperation	The type of the probing and locking operation. Can be IoReadAccess, IoWriteAccess or IoModifyAccess.

Returns: Nothing.

See also: MmProbeAndLockPages

Remarks: Must be called at IRQL <= APC_LEVEL

Probes and locks virtual pages in memory for the specified process.

Frees previously reserved amount of memory in system virtual address space.

Parameters

[in]	NumberOfBytes	Size, in bytes, of memory to reserve.
[in]	PoolTag	Pool Tag identifying the buffer. Usually consists from 4 characters in reversed order.

Returns: A pointer to the 1st memory block of the reserved buffer in case of success, NULL otherwise.

Remarks: Must be called at IRQL <= APC_LEVEL

Parameters

[in]	BaseAddress	A pointer to the 1st memory block of the reserved buffer.
[in]	PoolTag	Pool Tag identifying the buffer. Usually consists from 4 characters in reversed order.

Returns: Nothing.

See also: MmAllocateMappingAddress

Remarks: Must be called at IRQL <= APC_LEVEL

Definition at line 37 of file cddata.c.

{
    THREAD_CONTEXT ThreadContext = {0};
    PIRP_CONTEXT IrpContext = NULL;
    BOOLEAN Wait;
 
#ifdef CD_SANITY
    PVOID PreviousTopLevel;
#endif
 
    NTSTATUS Status;
 
#if DBG
 
    KIRQL SaveIrql = KeGetCurrentIrql();
 
#endif
 
    ASSERT_OPTIONAL_IRP( Irp );
 
    UNREFERENCED_PARAMETER( DeviceObject );
 
    FsRtlEnterFileSystem();
 
#ifdef CD_SANITY
    PreviousTopLevel = IoGetTopLevelIrp();
#endif
 
    //
    //  Loop until this request has been completed or posted.
    //
 
    do {
 
        //
        //  Use a try-except to handle the exception cases.
        //
 
        _SEH2_TRY {
 
            //
            //  If the IrpContext is NULL then this is the first pass through
            //  this loop.
            //
 
            if (IrpContext == NULL) {
 
                //
                //  Decide if this request is waitable an allocate the IrpContext.
                //  If the file object in the stack location is NULL then this
                //  is a mount which is always waitable.  Otherwise we look at
                //  the file object flags.
                //
 
                if (IoGetCurrentIrpStackLocation( Irp )->FileObject == NULL) {
 
                    Wait = TRUE;
 
                } else {
 
                    Wait = CanFsdWait( Irp );
                }
 
                IrpContext = CdCreateIrpContext( Irp, Wait );
 
                //
                //  Update the thread context information.
                //
 
                CdSetThreadContext( IrpContext, &ThreadContext );
 
#ifdef CD_SANITY
                NT_ASSERT( !CdTestTopLevel ||
                        SafeNodeType( IrpContext->TopLevel ) == CDFS_NTC_IRP_CONTEXT );
#endif
 
            //
            //  Otherwise cleanup the IrpContext for the retry.
            //
 
            } else {
 
                //
                //  Set the MORE_PROCESSING flag to make sure the IrpContext
                //  isn't inadvertently deleted here.  Then cleanup the
                //  IrpContext to perform the retry.
                //
 
                SetFlag( IrpContext->Flags, IRP_CONTEXT_FLAG_MORE_PROCESSING );
                CdCleanupIrpContext( IrpContext, FALSE );
            }
 
            //
            //  Case on the major irp code.
            //
 
            switch (IrpContext->MajorFunction) {
 
            case IRP_MJ_CREATE :
 
                Status = CdCommonCreate( IrpContext, Irp );
                break;
 
            case IRP_MJ_CLOSE :
 
                Status = CdCommonClose( IrpContext, Irp );
                break;
 
            case IRP_MJ_READ :
 
                //
                //  If this is an Mdl complete request, don't go through
                //  common read.
                //
 
                if (FlagOn( IrpContext->MinorFunction, IRP_MN_COMPLETE )) {
 
                    Status = CdCompleteMdl( IrpContext, Irp );
 
                } else {
 
                    Status = CdCommonRead( IrpContext, Irp );
                }
 
                break;
 
            case IRP_MJ_WRITE :
 
                Status = CdCommonWrite( IrpContext, Irp );
                break;
 
            case IRP_MJ_QUERY_INFORMATION :
 
                Status = CdCommonQueryInfo( IrpContext, Irp );
                break;
 
            case IRP_MJ_SET_INFORMATION :
 
                Status = CdCommonSetInfo( IrpContext, Irp );
                break;
 
            case IRP_MJ_QUERY_VOLUME_INFORMATION :
 
                Status = CdCommonQueryVolInfo( IrpContext, Irp );
                break;
 
            case IRP_MJ_DIRECTORY_CONTROL :
 
                Status = CdCommonDirControl( IrpContext, Irp );
                break;
 
            case IRP_MJ_FILE_SYSTEM_CONTROL :
 
                Status = CdCommonFsControl( IrpContext, Irp );
                break;
 
            case IRP_MJ_DEVICE_CONTROL :
 
                Status = CdCommonDevControl( IrpContext, Irp );
                break;
 
            case IRP_MJ_LOCK_CONTROL :
 
                Status = CdCommonLockControl( IrpContext, Irp );
                break;
 
            case IRP_MJ_CLEANUP :
 
                Status = CdCommonCleanup( IrpContext, Irp );
                break;
 
            case IRP_MJ_PNP :
 
                Status = CdCommonPnp( IrpContext, Irp );
                break;
 
            case IRP_MJ_SHUTDOWN :
 
                Status = CdCommonShutdown( IrpContext, Irp );
                break;
 
            default :
 
                Status = STATUS_INVALID_DEVICE_REQUEST;
                CdCompleteRequest( IrpContext, Irp, Status );
            }
 
        } _SEH2_EXCEPT( CdExceptionFilter( IrpContext, _SEH2_GetExceptionInformation() )) {
 
            Status = CdProcessException( IrpContext, Irp, _SEH2_GetExceptionCode() );
        } _SEH2_END;
 
    } while (Status == STATUS_CANT_WAIT);
 
#ifdef CD_SANITY
    NT_ASSERT( !CdTestTopLevel ||
            (PreviousTopLevel == IoGetTopLevelIrp()) );
#endif
 
    FsRtlExitFileSystem();
 
    NT_ASSERT( SaveIrql == KeGetCurrentIrql( ));
 
    return Status;
}

◆ _IRQL_requires_max_() [2/3]

_IRQL_requires_max_ ( DISPATCH_LEVEL )

Definition at line 21 of file psfuncs.h.

{
  return (PETHREAD)KeGetCurrentThread();
}

◆ _IRQL_requires_max_() [3/3]

_IRQL_requires_max_ ( PASSIVE_LEVEL )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters

[in]	SecurityInformation	Security information details to be queried from a security descriptor.
[out]	SecurityDescriptor	The returned security descriptor with security information data.
[in,out]	Length	The returned length of a security descriptor.
[in,out]	ObjectsSecurityDescriptor	The returned object security descriptor.

Returns: Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.

Parameters

[in]	Object	If specified, the function will use this arbitrary object that points to an object security descriptor.
[in]	SecurityInformation	Security information details to be set.
[in]	SecurityDescriptor	A security descriptor where its info is to be changed.
[in,out]	ObjectsSecurityDescriptor	The returned pointer to security descriptor objects.
[in]	PoolType	Pool type for the new security descriptor to allocate.
[in]	GenericMapping	The generic mapping of access rights masks.

Returns: See SeSetSecurityDescriptorInfoEx.

Parameters

[in]	Object	If specified, the function will use this arbitrary object that points to an object security descriptor.
[in]	SecurityInformation	Security information details to be set.
[in]	SecurityDescriptor	A security descriptor where its info is to be changed.
[in,out]	ObjectsSecurityDescriptor	The returned pointer to security descriptor objects.
[in]	AutoInheritFlags	Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]	PoolType	Pool type for the new security descriptor to allocate.
[in]	GenericMapping	The generic mapping of access rights masks.

Returns: Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.

Parameters

[in] SecurityDescriptor A security descriptor to be freed from memory.

Returns: Returns STATUS_SUCCESS.

Parameters

[in]	_ParentDescriptor	A security descriptor of the parent object that is being created.
[in]	_ExplicitDescriptor	An explicit security descriptor that is applied to a new object.
[out]	NewDescriptor	The new allocated security descriptor.
[in]	ObjectType	The type of the new object.
[in]	IsDirectoryObject	Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]	AutoInheritFlags	Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]	SubjectContext	Security subject context of the new object.
[in]	GenericMapping	Generic mapping of access mask rights.
[in]	PoolType	This parameter is unused.

Returns: Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.

Parameters

[in]	ParentDescriptor	A security descriptor of the parent object that is being created.
[in]	ExplicitDescriptor	An explicit security descriptor that is applied to a new object.
[out]	NewDescriptor	The new allocated security descriptor.
[in]	IsDirectoryObject	Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]	SubjectContext	Security subject context of the new object.
[in]	GenericMapping	Generic mapping of access mask rights.
[in]	PoolType	This parameter is unused.

Returns: See SeAssignSecurityEx.

Parameters

[in]	SecurityDescriptor	A security descriptor.
[out]	QuotaInfoSize	The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.

Returns: Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 923 of file Messaging.c.

{
    PFLT_SERVER_PORT_OBJECT PortObject;
    NTSTATUS Status;
 
    /* The caller must allow at least one connection */
    if (MaxConnections == 0)
    {
        return STATUS_INVALID_PARAMETER;
    }
 
    /* The request must be for a kernel handle */
    if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
    {
        return STATUS_INVALID_PARAMETER;
    }
 
    /*
     * Get rundown protection on the target to stop the owner
     * from unloading whilst this port object is open. It gets
     * removed in the FltpServerPortClose callback
     */
    Status = FltObjectReference(Filter);
    if (!NT_SUCCESS(Status))
    {
        return Status;
    }
 
    /* Create the server port object for this filter */
    Status = ObCreateObject(KernelMode,
                            ServerPortObjectType,
                            ObjectAttributes,
                            KernelMode,
                            NULL,
                            sizeof(FLT_SERVER_PORT_OBJECT),
                            0,
                            0,
                            (PVOID *)&PortObject);
    if (NT_SUCCESS(Status))
    {
        /* Zero out the struct */
        RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
 
        /* Increment the ref count on the target filter */
        FltpObjectPointerReference((PFLT_OBJECT)Filter);
 
        /* Setup the filter port object */
        PortObject->Filter = Filter;
        PortObject->ConnectNotify = ConnectNotifyCallback;
        PortObject->DisconnectNotify = DisconnectNotifyCallback;
        PortObject->MessageNotify = MessageNotifyCallback;
        PortObject->Cookie = ServerPortCookie;
        PortObject->MaxConnections = MaxConnections;
 
        /* Insert the object */
        Status = ObInsertObject(PortObject,
                                NULL,
                                STANDARD_RIGHTS_ALL | FILE_READ_DATA,
                                0,
                                NULL,
                                (PHANDLE)ServerPort);
        if (NT_SUCCESS(Status))
        {
            /* Lock the connection list */
            ExAcquireFastMutex(&Filter->ConnectionList.mLock);
 
            /* Add the new port object to the connection list and increment the count */
            InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
            Filter->ConnectionList.mCount++;
 
            /* Unlock the connection list*/
            ExReleaseFastMutex(&Filter->ConnectionList.mLock);
        }
    }
 
    if (!NT_SUCCESS(Status))
    {
        /* Allow the filter to be cleaned up */
        FltObjectDereference(Filter);
    }
 
    return Status;
}

◆ _When_()

_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE _In_opt_ _When_	(	return	= `=0`,
		__drv_aliasesMem
	)

◆ NtQueryInformationProcess()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess	(	_In_ HANDLE	ProcessHandle,
		_In_ PROCESSINFOCLASS	ProcessInformationClass,
		_Out_ PVOID	ProcessInformation,
		_In_ ULONG	ProcessInformationLength,
		_Out_opt_ PULONG	ReturnLength
	)

Definition at line 59 of file query.c.

{
    PEPROCESS Process;
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
    NTSTATUS Status;
    ULONG Length = 0;
 
    PAGED_CODE();
 
    /* Verify Information Class validity */
    Status = DefaultQueryInfoBufferCheck(ProcessInformationClass,
                                         PsProcessInfoClass,
                                         RTL_NUMBER_OF(PsProcessInfoClass),
                                         ICIF_PROBE_READ,
                                         ProcessInformation,
                                         ProcessInformationLength,
                                         ReturnLength,
                                         NULL,
                                         PreviousMode);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("NtQueryInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
        return Status;
    }
 
    if (((ProcessInformationClass == ProcessCookie) ||
         (ProcessInformationClass == ProcessImageInformation)) &&
        (ProcessHandle != NtCurrentProcess()))
    {
        /*
         * Retrieving the process cookie is only allowed for the calling process
         * itself! XP only allows NtCurrentProcess() as process handles even if
         * a real handle actually represents the current process.
         */
        return STATUS_INVALID_PARAMETER;
    }
 
    /* Check the information class */
    switch (ProcessInformationClass)
    {
        /* Basic process information */
        case ProcessBasicInformation:
        {
            PPROCESS_BASIC_INFORMATION ProcessBasicInfo = (PPROCESS_BASIC_INFORMATION)ProcessInformation;
 
            if (ProcessInformationLength != sizeof(PROCESS_BASIC_INFORMATION))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set return length */
            Length = sizeof(PROCESS_BASIC_INFORMATION);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Protect writes with SEH */
            _SEH2_TRY
            {
                /* Write all the information from the EPROCESS/KPROCESS */
                ProcessBasicInfo->ExitStatus = Process->ExitStatus;
                ProcessBasicInfo->PebBaseAddress = Process->Peb;
                ProcessBasicInfo->AffinityMask = Process->Pcb.Affinity;
                ProcessBasicInfo->UniqueProcessId = (ULONG_PTR)Process->
                                                    UniqueProcessId;
                ProcessBasicInfo->InheritedFromUniqueProcessId =
                    (ULONG_PTR)Process->InheritedFromUniqueProcessId;
                ProcessBasicInfo->BasePriority = Process->Pcb.BasePriority;
 
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
        }
 
        /* Process quota limits */
        case ProcessQuotaLimits:
        {
            QUOTA_LIMITS_EX QuotaLimits;
            BOOLEAN Extended;
 
            if (ProcessInformationLength != sizeof(QUOTA_LIMITS) &&
                ProcessInformationLength != sizeof(QUOTA_LIMITS_EX))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set return length */
            Length = ProcessInformationLength;
            Extended = (Length == sizeof(QUOTA_LIMITS_EX));
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Indicate success */
            Status = STATUS_SUCCESS;
 
            RtlZeroMemory(&QuotaLimits, sizeof(QuotaLimits));
 
            /* Get max/min working set sizes */
            QuotaLimits.MaximumWorkingSetSize =
                Process->Vm.MaximumWorkingSetSize << PAGE_SHIFT;
            QuotaLimits.MinimumWorkingSetSize =
                Process->Vm.MinimumWorkingSetSize << PAGE_SHIFT;
 
            /* Get default time limits */
            QuotaLimits.TimeLimit.QuadPart = -1LL;
 
            /* Is quota block a default one? */
            if (Process->QuotaBlock == &PspDefaultQuotaBlock)
            {
                /* Get default pools and pagefile limits */
                QuotaLimits.PagedPoolLimit = (SIZE_T)-1;
                QuotaLimits.NonPagedPoolLimit = (SIZE_T)-1;
                QuotaLimits.PagefileLimit = (SIZE_T)-1;
            }
            else
            {
                /* Get limits from non-default quota block */
                QuotaLimits.PagedPoolLimit =
                    Process->QuotaBlock->QuotaEntry[PsPagedPool].Limit;
                QuotaLimits.NonPagedPoolLimit =
                    Process->QuotaBlock->QuotaEntry[PsNonPagedPool].Limit;
                QuotaLimits.PagefileLimit =
                    Process->QuotaBlock->QuotaEntry[PsPageFile].Limit;
            }
 
            /* Get additional information, if needed */
            if (Extended)
            {
                QuotaLimits.Flags |= (Process->Vm.Flags.MaximumWorkingSetHard ?
                    QUOTA_LIMITS_HARDWS_MAX_ENABLE : QUOTA_LIMITS_HARDWS_MAX_DISABLE);
                QuotaLimits.Flags |= (Process->Vm.Flags.MinimumWorkingSetHard ?
                    QUOTA_LIMITS_HARDWS_MIN_ENABLE : QUOTA_LIMITS_HARDWS_MIN_DISABLE);
 
                /* FIXME: Get the correct information */
                //QuotaLimits.WorkingSetLimit = (SIZE_T)-1; // Not used on Win2k3, it is set to 0
                QuotaLimits.CpuRateLimit.RateData = 0;
            }
 
            /* Protect writes with SEH */
            _SEH2_TRY
            {
                RtlCopyMemory(ProcessInformation, &QuotaLimits, Length);
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
        }
 
        case ProcessIoCounters:
        {
            PIO_COUNTERS IoCounters = (PIO_COUNTERS)ProcessInformation;
            PROCESS_VALUES ProcessValues;
 
            if (ProcessInformationLength != sizeof(IO_COUNTERS))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            Length = sizeof(IO_COUNTERS);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Query IO counters from the process */
            KeQueryValuesProcess(&Process->Pcb, &ProcessValues);
 
            _SEH2_TRY
            {
                RtlCopyMemory(IoCounters, &ProcessValues.IoInfo, sizeof(IO_COUNTERS));
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Ignore exception */
            }
            _SEH2_END;
 
            /* Set status to success in any case */
            Status = STATUS_SUCCESS;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
        }
 
        /* Timing */
        case ProcessTimes:
        {
            PKERNEL_USER_TIMES ProcessTime = (PKERNEL_USER_TIMES)ProcessInformation;
            ULONG UserTime, KernelTime;
 
            /* Set the return length */
            if (ProcessInformationLength != sizeof(KERNEL_USER_TIMES))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            Length = sizeof(KERNEL_USER_TIMES);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Protect writes with SEH */
            _SEH2_TRY
            {
                /* Copy time information from EPROCESS/KPROCESS */
                KernelTime = KeQueryRuntimeProcess(&Process->Pcb, &UserTime);
                ProcessTime->CreateTime = Process->CreateTime;
                ProcessTime->UserTime.QuadPart = (LONGLONG)UserTime * KeMaximumIncrement;
                ProcessTime->KernelTime.QuadPart = (LONGLONG)KernelTime * KeMaximumIncrement;
                ProcessTime->ExitTime = Process->ExitTime;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
        }
 
        /* Process Debug Port */
        case ProcessDebugPort:
 
            if (ProcessInformationLength != sizeof(HANDLE))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set return length */
            Length = sizeof(HANDLE);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Protect write with SEH */
            _SEH2_TRY
            {
                /* Return whether or not we have a debug port */
                *(PHANDLE)ProcessInformation = (Process->DebugPort ?
                                                (HANDLE)-1 : NULL);
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
 
        case ProcessHandleCount:
        {
            ULONG HandleCount;
 
            if (ProcessInformationLength != sizeof(ULONG))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set the return length*/
            Length = sizeof(ULONG);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Count the number of handles this process has */
            HandleCount = ObGetProcessHandleCount(Process);
 
            /* Protect write in SEH */
            _SEH2_TRY
            {
                /* Return the count of handles */
                *(PULONG)ProcessInformation = HandleCount;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
        }
 
        /* Session ID for the process */
        case ProcessSessionInformation:
        {
            PPROCESS_SESSION_INFORMATION SessionInfo = (PPROCESS_SESSION_INFORMATION)ProcessInformation;
 
            if (ProcessInformationLength != sizeof(PROCESS_SESSION_INFORMATION))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set the return length*/
            Length = sizeof(PROCESS_SESSION_INFORMATION);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Enter SEH for write safety */
            _SEH2_TRY
            {
                /* Write back the Session ID */
                SessionInfo->SessionId = PsGetProcessSessionId(Process);
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
        }
 
        /* Virtual Memory Statistics */
        case ProcessVmCounters:
        {
            PVM_COUNTERS VmCounters = (PVM_COUNTERS)ProcessInformation;
 
            /* Validate the input length */
            if ((ProcessInformationLength != sizeof(VM_COUNTERS)) &&
                (ProcessInformationLength != sizeof(VM_COUNTERS_EX)))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Enter SEH for write safety */
            _SEH2_TRY
            {
                /* Return data from EPROCESS */
                VmCounters->PeakVirtualSize = Process->PeakVirtualSize;
                VmCounters->VirtualSize = Process->VirtualSize;
                VmCounters->PageFaultCount = Process->Vm.PageFaultCount;
                VmCounters->PeakWorkingSetSize = Process->Vm.PeakWorkingSetSize;
                VmCounters->WorkingSetSize = Process->Vm.WorkingSetSize;
                VmCounters->QuotaPeakPagedPoolUsage = Process->QuotaPeak[PsPagedPool];
                VmCounters->QuotaPagedPoolUsage = Process->QuotaUsage[PsPagedPool];
                VmCounters->QuotaPeakNonPagedPoolUsage = Process->QuotaPeak[PsNonPagedPool];
                VmCounters->QuotaNonPagedPoolUsage = Process->QuotaUsage[PsNonPagedPool];
                VmCounters->PagefileUsage = Process->QuotaUsage[PsPageFile] << PAGE_SHIFT;
                VmCounters->PeakPagefileUsage = Process->QuotaPeak[PsPageFile] << PAGE_SHIFT;
                //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
                //
 
                /* Set the return length */
                Length = ProcessInformationLength;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
        }
 
        /* Hard Error Processing Mode */
        case ProcessDefaultHardErrorMode:
 
            if (ProcessInformationLength != sizeof(ULONG))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set the return length*/
            Length = sizeof(ULONG);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Enter SEH for writing back data */
            _SEH2_TRY
            {
                /* Write the current processing mode */
                *(PULONG)ProcessInformation = Process->
                                              DefaultHardErrorProcessing;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
 
        /* Priority Boosting status */
        case ProcessPriorityBoost:
 
            if (ProcessInformationLength != sizeof(ULONG))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set the return length */
            Length = sizeof(ULONG);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Enter SEH for writing back data */
            _SEH2_TRY
            {
                /* Return boost status */
                *(PULONG)ProcessInformation = Process->Pcb.DisableBoost ?
                                              TRUE : FALSE;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
 
        /* DOS Device Map */
        case ProcessDeviceMap:
        {
            ULONG Flags;
 
            if (ProcessInformationLength == sizeof(PROCESS_DEVICEMAP_INFORMATION_EX))
            {
                /* Protect read in SEH */
                _SEH2_TRY
                {
                    PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
 
                    Flags = DeviceMapEx->Flags;
                }
                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                {
                    /* Get the exception code */
                    Status = _SEH2_GetExceptionCode();
                    _SEH2_YIELD(break);
                }
                _SEH2_END;
 
                /* Only one flag is supported and it needs LUID mappings */
                if ((Flags & ~PROCESS_LUID_DOSDEVICES_ONLY) != 0 ||
                    !ObIsLUIDDeviceMapsEnabled())
                {
                    Status = STATUS_INVALID_PARAMETER;
                    break;
                }
            }
            else
            {
                /* This has to be the size of the Query union field for x64 compatibility! */
                if (ProcessInformationLength != RTL_FIELD_SIZE(PROCESS_DEVICEMAP_INFORMATION, Query))
                {
                    Status = STATUS_INFO_LENGTH_MISMATCH;
                    break;
                }
 
                /* No flags for standard call */
                Flags = 0;
            }
 
            /* Set the return length */
            Length = ProcessInformationLength;
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Query the device map information */
            Status = ObQueryDeviceMapInformation(Process,
                                                 ProcessInformation,
                                                 Flags);
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
        }
 
        /* Priority class */
        case ProcessPriorityClass:
        {
            PPROCESS_PRIORITY_CLASS PsPriorityClass = (PPROCESS_PRIORITY_CLASS)ProcessInformation;
 
            if (ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set the return length*/
            Length = sizeof(PROCESS_PRIORITY_CLASS);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Enter SEH for writing back data */
            _SEH2_TRY
            {
                /* Return current priority class */
                PsPriorityClass->PriorityClass = Process->PriorityClass;
                PsPriorityClass->Foreground = FALSE;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
        }
 
        case ProcessImageFileName:
        {
            PUNICODE_STRING ImageName;
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Get the image path */
            Status = SeLocateProcessImageName(Process, &ImageName);
            if (NT_SUCCESS(Status))
            {
                /* Set return length */
                Length = ImageName->MaximumLength +
                         sizeof(OBJECT_NAME_INFORMATION);
 
                /* Make sure it's large enough */
                if (Length <= ProcessInformationLength)
                {
                    /* Enter SEH to protect write */
                    _SEH2_TRY
                    {
                        /* Copy it */
                        RtlCopyMemory(ProcessInformation,
                                      ImageName,
                                      Length);
 
                        /* Update pointer */
                        ((PUNICODE_STRING)ProcessInformation)->Buffer =
                            (PWSTR)((PUNICODE_STRING)ProcessInformation + 1);
                   }
                    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                    {
                        /* Get the exception code */
                        Status = _SEH2_GetExceptionCode();
                    }
                    _SEH2_END;
                }
                else
                {
                    /* Buffer too small */
                    Status = STATUS_INFO_LENGTH_MISMATCH;
                }
 
                /* Free the image path */
                ExFreePoolWithTag(ImageName, TAG_SEPA);
            }
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
        }
 
        case ProcessDebugFlags:
 
            if (ProcessInformationLength != sizeof(ULONG))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set the return length*/
            Length = sizeof(ULONG);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Enter SEH for writing back data */
            _SEH2_TRY
            {
                /* Return the debug flag state */
                *(PULONG)ProcessInformation = Process->NoDebugInherit ? 0 : 1;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
 
        case ProcessBreakOnTermination:
 
            if (ProcessInformationLength != sizeof(ULONG))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set the return length */
            Length = sizeof(ULONG);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Enter SEH for writing back data */
            _SEH2_TRY
            {
                /* Return the BreakOnTermination state */
                *(PULONG)ProcessInformation = Process->BreakOnTermination;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
 
        /* Per-process security cookie */
        case ProcessCookie:
        {
            ULONG Cookie;
 
            if (ProcessInformationLength != sizeof(ULONG))
            {
                /* Length size wrong, bail out */
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Get the current process and cookie */
            Process = PsGetCurrentProcess();
            Cookie = Process->Cookie;
            if (!Cookie)
            {
                LARGE_INTEGER SystemTime;
                ULONG NewCookie;
                PKPRCB Prcb;
 
                /* Generate a new cookie */
                KeQuerySystemTime(&SystemTime);
                Prcb = KeGetCurrentPrcb();
                NewCookie = Prcb->KeSystemCalls ^ Prcb->InterruptTime ^
                            SystemTime.u.LowPart ^ SystemTime.u.HighPart;
 
                /* Set the new cookie or return the current one */
                Cookie = InterlockedCompareExchange((LONG*)&Process->Cookie,
                                                    NewCookie,
                                                    Cookie);
                if (!Cookie) Cookie = NewCookie;
 
                /* Set return length */
                Length = sizeof(ULONG);
            }
 
            /* Indicate success */
            Status = STATUS_SUCCESS;
 
            /* Enter SEH to protect write */
            _SEH2_TRY
            {
                /* Write back the cookie */
                *(PULONG)ProcessInformation = Cookie;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
            break;
        }
 
        case ProcessImageInformation:
 
            if (ProcessInformationLength != sizeof(SECTION_IMAGE_INFORMATION))
            {
                /* Break out */
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set the length required and validate it */
            Length = sizeof(SECTION_IMAGE_INFORMATION);
 
            /* Enter SEH to protect write */
            _SEH2_TRY
            {
                MmGetImageInformation((PSECTION_IMAGE_INFORMATION)ProcessInformation);
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Indicate success */
            Status = STATUS_SUCCESS;
            break;
 
        case ProcessDebugObjectHandle:
        {
            HANDLE DebugPort = 0;
 
            if (ProcessInformationLength != sizeof(HANDLE))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set the return length */
            Length = sizeof(HANDLE);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Get the debug port */
            Status = DbgkOpenProcessDebugPort(Process, PreviousMode, &DebugPort);
 
            /* Let go of the process */
            ObDereferenceObject(Process);
 
            /* Protect write in SEH */
            _SEH2_TRY
            {
                /* Return debug port's handle */
                *(PHANDLE)ProcessInformation = DebugPort;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
            break;
        }
 
        case ProcessHandleTracing:
            DPRINT1("Handle tracing Not implemented: %lx\n", ProcessInformationClass);
            Status = STATUS_NOT_IMPLEMENTED;
            break;
 
        case ProcessLUIDDeviceMapsEnabled:
 
            if (ProcessInformationLength != sizeof(ULONG))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set the return length */
            Length = sizeof(ULONG);
 
            /* Indicate success */
            Status = STATUS_SUCCESS;
 
            /* Protect write in SEH */
            _SEH2_TRY
            {
                /* Query Ob */
                *(PULONG)ProcessInformation = ObIsLUIDDeviceMapsEnabled();
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
            break;
 
        case ProcessWx86Information:
 
            if (ProcessInformationLength != sizeof(ULONG))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set the return length */
            Length = sizeof(ULONG);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Protect write in SEH */
            _SEH2_TRY
            {
                /* Return if the flag is set */
                *(PULONG)ProcessInformation = (ULONG)Process->VdmAllowed;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
 
        case ProcessWow64Information:
        {
            ULONG_PTR Wow64 = 0;
 
            if (ProcessInformationLength != sizeof(ULONG_PTR))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set return length */
            Length = sizeof(ULONG_PTR);
 
            /* Reference the process */
            Status = ObReferenceObjectByHandle(ProcessHandle,
                                               PROCESS_QUERY_INFORMATION,
                                               PsProcessType,
                                               PreviousMode,
                                               (PVOID*)&Process,
                                               NULL);
            if (!NT_SUCCESS(Status)) break;
 
            /* Make sure the process isn't dying */
            if (ExAcquireRundownProtection(&Process->RundownProtect))
            {
                /* Get the WOW64 process structure */
#ifdef _WIN64
                Wow64 = (ULONG_PTR)Process->Wow64Process;
#else
                Wow64 = 0;
#endif
                /* Release the lock */
                ExReleaseRundownProtection(&Process->RundownProtect);
            }
 
            /* Protect write with SEH */
            _SEH2_TRY
            {
                /* Return whether or not we have a debug port */
                *(PULONG_PTR)ProcessInformation = Wow64;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get exception code */
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            /* Dereference the process */
            ObDereferenceObject(Process);
            break;
        }
 
        case ProcessExecuteFlags:
        {
            ULONG ExecuteOptions = 0;
 
            if (ProcessInformationLength != sizeof(ULONG))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Set return length */
            Length = sizeof(ULONG);
 
            if (ProcessHandle != NtCurrentProcess())
            {
                return STATUS_INVALID_PARAMETER;
            }
 
            /* Get the options */
            Status = MmGetExecuteOptions(&ExecuteOptions);
            if (NT_SUCCESS(Status))
            {
                /* Protect write with SEH */
                _SEH2_TRY
                {
                    /* Return them */
                    *(PULONG)ProcessInformation = ExecuteOptions;
                }
                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                {
                    /* Get exception code */
                    Status = _SEH2_GetExceptionCode();
                }
                _SEH2_END;
            }
            break;
        }
 
        case ProcessLdtInformation:
            DPRINT1("VDM/16-bit not implemented: %lx\n", ProcessInformationClass);
            Status = STATUS_NOT_IMPLEMENTED;
            break;
 
        case ProcessWorkingSetWatch:
            DPRINT1("WS Watch Not implemented: %lx\n", ProcessInformationClass);
            Status = STATUS_NOT_IMPLEMENTED;
            break;
 
        case ProcessPooledUsageAndLimits:
            DPRINT1("Pool limits Not implemented: %lx\n", ProcessInformationClass);
            Status = STATUS_NOT_IMPLEMENTED;
            break;
 
        /* Not supported by Server 2003 */
        default:
            DPRINT1("Unsupported info class: %lx\n", ProcessInformationClass);
            Status = STATUS_INVALID_INFO_CLASS;
    }
 
    /* Protect write with SEH */
    _SEH2_TRY
    {
        /* Check if caller wanted return length */
        if ((ReturnLength) && (Length)) *ReturnLength = Length;
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        /* Get exception code */
        Status = _SEH2_GetExceptionCode();
    }
    _SEH2_END;
 
    return Status;
}

Referenced by _main(), BaseInitializeStaticServerData(), check_live_target(), CheckRemoteDebuggerPresent(), CON_API_NOCONSOLE(), EmptyWorkingSet(), EnumProcessModules(), FindModule(), get_shiminfo(), getCommandLineFromProcess(), GetDriveTypeW(), GetErrorMode(), GetExitCodeProcess(), GetLogicalDrives(), GetPriorityClass(), GetProcessAffinityMask(), GetProcessExecutablePath(), GetProcessHandleCount(), GetProcessId(), GetProcessImageFileNameA(), GetProcessImageFileNameW(), GetProcessIoCounters(), GetProcessMemoryInfo(), GetProcessPriorityBoost(), GetProcessTimes(), GetProcessVersion(), GetProcessWorkingSetSizeEx(), GetSourcePaths(), GetWsChanges(), GlobalMemoryStatusEx(), init_module_iterator(), init_module_iterator_wow64(), InitFunctionPtrs(), Is64BitSystem(), IsCriticalProcess(), IsWow64Process(), PerfDataGetCommandLine(), PrintProcess(), ProcessIdToSessionId(), PsaEnumerateProcessModules(), QueryFlag(), QueryFullProcessImageNameW(), QueryProcessCycleTime(), QuerySetProcessValidator(), RtlpQueryRemoteProcessModules(), SmpApiLoop(), SmpCreateVolumeDescriptors(), SmpGetProcessMuSessionId(), Test_ProcessBasicInformation(), Test_ProcessPriorityClassAlignment(), Test_ProcessQuotaLimits(), Test_ProcessQuotaLimitsEx(), Test_ProcessTimes(), Test_ProcessWx86Information(), UnhandledExceptionFilter(), UserpGetClientFileName(), wmain(), and Wow64QueryFlag().

◆ PsGetCurrentProcessId()

NTKERNELAPI HANDLE NTAPI PsGetCurrentProcessId ( VOID )

Definition at line 1123 of file process.c.

{
    return (HANDLE)PsGetCurrentProcess()->UniqueProcessId;
}

Referenced by CheckWinstaAttributeAccess(), CmpCreateRegistryRoot(), CmpDoCreateChild(), CmpDoOpen(), CODE_SEG(), CreateProcessNotifyRoutine(), CreateThreadNotifyRoutine(), DbgP(), DdHmgAlloc(), DesktopWindowProc(), DispEchoRequest(), ENTRY_ReferenceEntryByHandle(), FileOpenAddress(), FltpCreate(), GDI_CleanupForProcess(), GDIOBJ_ConvertFromStockObj(), GDIOBJ_hInsertObject(), GDIOBJ_vDereferenceObject(), GDIOBJ_vSetObjectOwner(), GreGetObjectOwner(), handle_gdb_read_mem(), handle_gdb_write_mem(), IntCreateWindowStation(), IntWinStaObjectDelete(), KdInitSystem(), KsecGatherEntropyData(), LpcpDeletePort(), MmLoadSystemImage(), MmUnloadSystemImage(), NtUserGetThreadState(), NtUserLockWindowStation(), NtUserSetLogonNotifyWindow(), NtUserSetWindowStationUser(), NtUserSwitchDesktop(), NtUserUnlockWindowStation(), ObpAllocateObject(), print_error(), ReadMemorySendHandler(), SepCreateToken(), SepDuplicateToken(), SepPerformTokenFiltering(), VerifyObjectOwner(), and WriteMemorySendHandler().

◆ PsGetCurrentThreadTeb()

NTKERNELAPI PVOID NTAPI PsGetCurrentThreadTeb ( VOID )

Definition at line 785 of file thread.c.

{
    return PsGetCurrentThread()->Tcb.Teb;
}

Referenced by FileOpenAddress().

◆ PsGetThreadProcess()

NTKERNELAPI PEPROCESS NTAPI PsGetThreadProcess ( _In_ PETHREAD Thread )

◆ PsGetVersion()

NTKERNELAPI BOOLEAN NTAPI PsGetVersion	(	OUT PULONG MajorVersion	OPTIONAL,
		OUT PULONG MinorVersion	OPTIONAL,
		OUT PULONG BuildNumber	OPTIONAL,
		OUT PUNICODE_STRING CSDVersion	OPTIONAL
	)

Definition at line 566 of file psmgr.c.

{
    if (MajorVersion) *MajorVersion = NtMajorVersion;
    if (MinorVersion) *MinorVersion = NtMinorVersion;
    if (BuildNumber ) *BuildNumber  = NtBuildNumber & 0x3FFF;
 
    if (CSDVersion)
    {
        CSDVersion->Length = CmCSDVersionString.Length;
        CSDVersion->MaximumLength = CmCSDVersionString.MaximumLength;
        CSDVersion->Buffer = CmCSDVersionString.Buffer;
    }
 
    /* Return TRUE if this is a Checked Build */
    return (NtBuildNumber >> 28) == 0xC;
}