#include <ntoskrnl.h>#include <debug.h>
Include dependency graph for query.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Variables | |
| ULONG | PspTraceLevel = 0 |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ NtQueryInformationProcess()
| NTSTATUS NTAPI NtQueryInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _Out_writes_bytes_to_opt_(ProcessInformationLength, *ReturnLength) PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 211 of file query.c.
218{
223
224 PAGED_CODE();
225
226 /* Validate the information class */
228 PsProcessInfoClass,
230 ICIF_PROBE_READ,
231 ProcessInformation,
232 ProcessInformationLength,
233 ReturnLength,
234 NULL,
235 PreviousMode);
237 {
238#if DBG
239 DPRINT1("NtQueryInformationProcess(ProcessInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
240 PspDumpProcessInfoClassName(ProcessInformationClass), Status);
241#endif
243 }
244
246 (ProcessInformationClass == ProcessImageInformation)) &&
248 {
249 /*
250 * Retrieving the process cookie is only allowed for the calling process
251 * itself! XP only allows NtCurrentProcess() as process handles even if
252 * a real handle actually represents the current process.
253 */
255 }
256
257 /* Check the information class */
258 switch (ProcessInformationClass)
259 {
260 /* Basic process information */
262 {
264
266 {
268 break;
269 }
270
271 /* Set the return length */
273
274 /* Reference the process */
277 PsProcessType,
278 PreviousMode,
280 NULL);
282
283 /* Protect writes with SEH */
284 _SEH2_TRY
285 {
286 /* Write all the information from the EPROCESS/KPROCESS */
291 UniqueProcessId;
292 ProcessBasicInfo->InheritedFromUniqueProcessId =
295
296 }
298 {
299 /* Get exception code */
301 }
302 _SEH2_END;
303
304 /* Dereference the process */
306 break;
307 }
308
309 /* Process quota limits */
311 {
312 QUOTA_LIMITS_EX QuotaLimits;
313 BOOLEAN Extended;
314
317 {
319 break;
320 }
321
322 /* Set the return length */
323 Length = ProcessInformationLength;
325
326 /* Reference the process */
329 PsProcessType,
330 PreviousMode,
332 NULL);
334
335 /* Indicate success */
337
339
340 /* Get max/min working set sizes */
341 QuotaLimits.MaximumWorkingSetSize =
343 QuotaLimits.MinimumWorkingSetSize =
345
346 /* Get default time limits */
348
349 /* Is quota block a default one? */
351 {
352 /* Get default pools and pagefile limits */
356 }
357 else
358 {
359 /* Get limits from non-default quota block */
360 QuotaLimits.PagedPoolLimit =
362 QuotaLimits.NonPagedPoolLimit =
364 QuotaLimits.PagefileLimit =
366 }
367
368 /* Get additional information, if needed */
369 if (Extended)
370 {
375
376 /* FIXME: Get the correct information */
377 //QuotaLimits.WorkingSetLimit = (SIZE_T)-1; // Not used on Win2k3, it is set to 0
379 }
380
381 /* Protect writes with SEH */
382 _SEH2_TRY
383 {
385 }
387 {
388 /* Get exception code */
390 }
391 _SEH2_END;
392
393 /* Dereference the process */
395 break;
396 }
397
399 {
401 PROCESS_VALUES ProcessValues;
402
404 {
406 break;
407 }
408
410
411 /* Reference the process */
414 PsProcessType,
415 PreviousMode,
417 NULL);
419
420 /* Query IO counters from the process */
422
423 _SEH2_TRY
424 {
426 }
428 {
429 /* Ignore exception */
430 }
431 _SEH2_END;
432
433 /* Set status to success in any case */
435
436 /* Dereference the process */
438 break;
439 }
440
441 /* Timing */
443 {
446
447 /* Set the return length */
449 {
451 break;
452 }
453
455
456 /* Reference the process */
459 PsProcessType,
460 PreviousMode,
462 NULL);
464
465 /* Protect writes with SEH */
466 _SEH2_TRY
467 {
468 /* Copy time information from EPROCESS/KPROCESS */
474 }
476 {
477 /* Get exception code */
479 }
480 _SEH2_END;
481
482 /* Dereference the process */
484 break;
485 }
486
487 /* Process Debug Port */
489
491 {
493 break;
494 }
495
496 /* Set the return length */
498
499 /* Reference the process */
502 PsProcessType,
503 PreviousMode,
505 NULL);
507
508 /* Protect write with SEH */
509 _SEH2_TRY
510 {
511 /* Return whether or not we have a debug port */
514 }
516 {
517 /* Get exception code */
519 }
520 _SEH2_END;
521
522 /* Dereference the process */
524 break;
525
527 {
528 ULONG HandleCount;
529
531 {
533 break;
534 }
535
536 /* Set the return length*/
538
539 /* Reference the process */
542 PsProcessType,
543 PreviousMode,
545 NULL);
547
548 /* Count the number of handles this process has */
550
551 /* Protect write in SEH */
552 _SEH2_TRY
553 {
554 /* Return the count of handles */
555 *(PULONG)ProcessInformation = HandleCount;
556 }
558 {
559 /* Get the exception code */
561 }
562 _SEH2_END;
563
564 /* Dereference the process */
566 break;
567 }
568
569 /* Session ID for the process */
571 {
573
575 {
577 break;
578 }
579
580 /* Set the return length*/
582
583 /* Reference the process */
586 PsProcessType,
587 PreviousMode,
589 NULL);
591
592 /* Enter SEH for write safety */
593 _SEH2_TRY
594 {
595 /* Write back the Session ID */
597 }
599 {
600 /* Get the exception code */
602 }
603 _SEH2_END;
604
605 /* Dereference the process */
607 break;
608 }
609
610 /* Virtual Memory Statistics */
612 {
614
615 /* Validate the input length */
618 {
620 break;
621 }
622
623 /* Reference the process */
626 PsProcessType,
627 PreviousMode,
629 NULL);
631
632 /* Enter SEH for write safety */
633 _SEH2_TRY
634 {
635 /* Return data from EPROCESS */
647 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
648 //
649
650 /* Set the return length */
651 Length = ProcessInformationLength;
652 }
654 {
655 /* Get the exception code */
657 }
658 _SEH2_END;
659
660 /* Dereference the process */
662 break;
663 }
664
665 /* Hard Error Processing Mode */
667
669 {
671 break;
672 }
673
674 /* Set the return length*/
676
677 /* Reference the process */
680 PsProcessType,
681 PreviousMode,
683 NULL);
685
686 /* Enter SEH for writing back data */
687 _SEH2_TRY
688 {
689 /* Write the current processing mode */
691 DefaultHardErrorProcessing;
692 }
694 {
695 /* Get the exception code */
697 }
698 _SEH2_END;
699
700 /* Dereference the process */
702 break;
703
704 /* Priority Boosting status */
706
708 {
710 break;
711 }
712
713 /* Set the return length */
715
716 /* Reference the process */
719 PsProcessType,
720 PreviousMode,
722 NULL);
724
725 /* Enter SEH for writing back data */
726 _SEH2_TRY
727 {
728 /* Return boost status */
731 }
733 {
734 /* Get the exception code */
736 }
737 _SEH2_END;
738
739 /* Dereference the process */
741 break;
742
743 /* DOS Device Map */
745 {
747
749 {
750 /* Protect read in SEH */
751 _SEH2_TRY
752 {
753 PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
754
756 }
758 {
759 /* Get the exception code */
762 }
763 _SEH2_END;
764
765 /* Only one flag is supported and it needs LUID mappings */
767 !ObIsLUIDDeviceMapsEnabled())
768 {
770 break;
771 }
772 }
773 else
774 {
775 /* This has to be the size of the Query union field for x64 compatibility! */
777 {
779 break;
780 }
781
782 /* No flags for standard call */
783 Flags = 0;
784 }
785
786 /* Set the return length */
787 Length = ProcessInformationLength;
788
789 /* Reference the process */
792 PsProcessType,
793 PreviousMode,
795 NULL);
797
798 /* Query the device map information */
800 ProcessInformation,
801 Flags);
802
803 /* Dereference the process */
805 break;
806 }
807
808 /* Priority class */
810 {
812
814 {
816 break;
817 }
818
819 /* Set the return length*/
821
822 /* Reference the process */
825 PsProcessType,
826 PreviousMode,
828 NULL);
830
831 /* Enter SEH for writing back data */
832 _SEH2_TRY
833 {
834 /* Return current priority class */
837 }
839 {
840 /* Get the exception code */
842 }
843 _SEH2_END;
844
845 /* Dereference the process */
847 break;
848 }
849
851 {
853
854 /* Reference the process */
857 PsProcessType,
858 PreviousMode,
860 NULL);
862
863 /* Get the image path */
866 {
867 /* Set the return length */
870
871 /* Make sure it's large enough */
873 {
874 /* Enter SEH to protect write */
875 _SEH2_TRY
876 {
877 /* Copy it */
878 RtlCopyMemory(ProcessInformation,
879 ImageName,
880 Length);
881
882 /* Update pointer */
883 ((PUNICODE_STRING)ProcessInformation)->Buffer =
885 }
887 {
888 /* Get the exception code */
890 }
891 _SEH2_END;
892 }
893 else
894 {
895 /* Buffer too small */
897 }
898
899 /* Free the image path */
901 }
902 /* Dereference the process */
904 break;
905 }
906
907#if (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
909 {
912
913 /* Reference the process */
916 PsProcessType,
917 PreviousMode,
919 NULL);
921 {
922 break;
923 }
924
925 /* Get the image path */
929 {
930 break;
931 }
935 {
936 break;
937 }
938
939 /* Determine return length and output */
942 {
943 _SEH2_TRY
944 {
949 {
952 ObjectNameInformation->Name.Buffer,
953 ObjectNameInformation->Name.MaximumLength);
954 }
955 else
956 {
959 }
960 }
962 {
964 }
965 _SEH2_END;
966 }
967 else
968 {
970 }
972
973 break;
974 }
975#endif /* (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA) */
976
978
980 {
982 break;
983 }
984
985 /* Set the return length*/
987
988 /* Reference the process */
991 PsProcessType,
992 PreviousMode,
994 NULL);
996
997 /* Enter SEH for writing back data */
998 _SEH2_TRY
999 {
1000 /* Return the debug flag state */
1002 }
1004 {
1005 /* Get the exception code */
1007 }
1008 _SEH2_END;
1009
1010 /* Dereference the process */
1012 break;
1013
1015
1017 {
1019 break;
1020 }
1021
1022 /* Set the return length */
1024
1025 /* Reference the process */
1028 PsProcessType,
1029 PreviousMode,
1031 NULL);
1033
1034 /* Enter SEH for writing back data */
1035 _SEH2_TRY
1036 {
1037 /* Return the BreakOnTermination state */
1039 }
1041 {
1042 /* Get the exception code */
1044 }
1045 _SEH2_END;
1046
1047 /* Dereference the process */
1049 break;
1050
1051 /* Per-process security cookie */
1053 {
1055
1057 {
1058 /* Length size wrong, bail out */
1060 break;
1061 }
1062
1063 /* Get the current process and cookie */
1067 {
1068 LARGE_INTEGER SystemTime;
1069 ULONG NewCookie;
1070 PKPRCB Prcb;
1071
1072 /* Generate a new cookie */
1073 KeQuerySystemTime(&SystemTime);
1074 Prcb = KeGetCurrentPrcb();
1077
1078 /* Set the new cookie or return the current one */
1080 NewCookie,
1081 Cookie);
1083
1084 /* Set the return length */
1086 }
1087
1088 /* Indicate success */
1090
1091 /* Enter SEH to protect write */
1092 _SEH2_TRY
1093 {
1094 /* Write back the cookie */
1096 }
1098 {
1099 /* Get the exception code */
1101 }
1102 _SEH2_END;
1103 break;
1104 }
1105
1107
1109 {
1110 /* Break out */
1112 break;
1113 }
1114
1115 /* Set the length required and validate it */
1117
1118 /* Indicate success */
1120
1121 /* Enter SEH to protect write */
1122 _SEH2_TRY
1123 {
1125 }
1127 {
1128 /* Get the exception code */
1130 }
1131 _SEH2_END;
1132 break;
1133
1135 {
1137
1139 {
1141 break;
1142 }
1143
1144 /* Set the return length */
1146
1147 /* Reference the process */
1150 PsProcessType,
1151 PreviousMode,
1153 NULL);
1155
1156 /* Get the debug port. Continue even if this fails. */
1158
1159 /* Let go of the process */
1161
1162 /* Protect write in SEH */
1163 _SEH2_TRY
1164 {
1165 /* Return debug port's handle */
1166 *(PHANDLE)ProcessInformation = DebugPort;
1167 }
1169 {
1170 if (DebugPort)
1172
1173 /* Get the exception code.
1174 * Note: This overwrites any previous failure status. */
1176 }
1177 _SEH2_END;
1178 break;
1179 }
1180
1184 break;
1185
1187
1189 {
1191 break;
1192 }
1193
1194 /* Set the return length */
1196
1197 /* Indicate success */
1199
1200 /* Protect write in SEH */
1201 _SEH2_TRY
1202 {
1203 /* Query Ob */
1205 }
1207 {
1208 /* Get the exception code */
1210 }
1211 _SEH2_END;
1212 break;
1213
1215
1217 {
1219 break;
1220 }
1221
1222 /* Set the return length */
1224
1225 /* Reference the process */
1228 PsProcessType,
1229 PreviousMode,
1231 NULL);
1233
1234 /* Protect write in SEH */
1235 _SEH2_TRY
1236 {
1237 /* Return if the flag is set */
1239 }
1241 {
1242 /* Get the exception code */
1244 }
1245 _SEH2_END;
1246
1247 /* Dereference the process */
1249 break;
1250
1252 {
1253 ULONG_PTR Wow64 = 0;
1254
1256 {
1258 break;
1259 }
1260
1261 /* Set the return length */
1263
1264 /* Reference the process */
1267 PsProcessType,
1268 PreviousMode,
1270 NULL);
1272
1273#ifdef _WIN64
1274 /* Make sure the process isn't dying */
1276 {
1277 /* Get the WOW64 process structure */
1279 /* Release the lock */
1281 }
1282#endif
1283
1284 /* Dereference the process */
1286
1287 /* Protect write with SEH */
1288 _SEH2_TRY
1289 {
1290 /* Return the Wow64 process information */
1291 *(PULONG_PTR)ProcessInformation = Wow64;
1292 }
1294 {
1295 /* Get exception code */
1297 }
1298 _SEH2_END;
1299 break;
1300 }
1301
1303 {
1304 ULONG ExecuteOptions = 0;
1305
1307 {
1309 break;
1310 }
1311
1312 /* Set the return length */
1314
1316 {
1318 break;
1319 }
1320
1321 /* Get the options */
1324 {
1325 /* Protect write with SEH */
1326 _SEH2_TRY
1327 {
1328 /* Return them */
1329 *(PULONG)ProcessInformation = ExecuteOptions;
1330 }
1332 {
1333 /* Get exception code */
1335 }
1336 _SEH2_END;
1337 }
1338 break;
1339 }
1340
1344 break;
1345
1349 break;
1350
1354 break;
1355
1356 /* Not supported by Server 2003 */
1357 default:
1358#if DBG
1360#endif
1362 }
1363
1364 /* Check if caller wants the return length and if there is one */
1366 {
1367 /* Protect write with SEH */
1368 _SEH2_TRY
1369 {
1371 }
1373 {
1374 /* Get exception code.
1375 * Note: This overwrites any previous failure status. */
1377 }
1378 _SEH2_END;
1379 }
1380
1382}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
struct _UNICODE_STRING UNICODE_STRING
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
struct _VM_COUNTERS * PVM_COUNTERS
struct _VM_COUNTERS_EX VM_COUNTERS_EX
#define QUOTA_LIMITS_HARDWS_MIN_DISABLE
struct _IO_COUNTERS IO_COUNTERS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
#define QUOTA_LIMITS_HARDWS_MAX_DISABLE
struct _QUOTA_LIMITS_EX QUOTA_LIMITS_EX
#define QUOTA_LIMITS_HARDWS_MAX_ENABLE
#define QUOTA_LIMITS_HARDWS_MIN_ENABLE
struct _IO_COUNTERS * PIO_COUNTERS
Definition: nsiface.idl:2307
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1617
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2653
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
NTSTATUS NTAPI IoQueryFileDosDeviceName(IN PFILE_OBJECT FileObject, OUT POBJECT_NAME_INFORMATION *ObjectNameInformation)
Definition: file.c:3664
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
NTSTATUS NTAPI PsReferenceProcessFilePointer(_In_ PEPROCESS Process, _Outptr_ PFILE_OBJECT *FileObject)
Definition: query.c:24
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: pstypes.h:1350
Definition: pstypes.h:82
Definition: winternl.h:2373
Definition: ketypes.h:654
Definition: nt_native.h:1272
Definition: winternl.h:404
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:362
Definition: pstypes.h:392
Definition: pstypes.h:380
Definition: pstypes.h:1039
Definition: pstypes.h:405
Definition: ke.h:45
Definition: pstypes.h:67
Definition: lsa.idl:286
Definition: mmtypes.h:340
Definition: mmdrv.h:130
Definition: env_spec_w32.h:368
Definition: winternl.h:3130
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:3138
Definition: typedefs.h:103
struct _LARGE_INTEGER::@2479 u
Referenced by _main(), BaseInitializeStaticServerData(), check_live_target(), CheckRemoteDebuggerPresent(), CON_API_NOCONSOLE(), EmptyWorkingSet(), EnumProcessModules(), FindModule(), get_shiminfo(), getCommandLineFromProcess(), GetDriveTypeW(), GetErrorMode(), GetExitCodeProcess(), GetLogicalDrives(), GetPriorityClass(), GetProcessAffinityMask(), GetProcessExecutablePath(), GetProcessHandleCount(), GetProcessId(), GetProcessImageFileNameA(), GetProcessImageFileNameW(), GetProcessIoCounters(), GetProcessMemoryInfo(), GetProcessPriorityBoost(), GetProcessTimes(), GetProcessVersion(), GetProcessWorkingSetSizeEx(), GetSourcePaths(), GetWsChanges(), GlobalMemoryStatusEx(), init_module_iterator(), init_module_iterator_wow64(), InitFunctionPtrs(), Is64BitSystem(), IsCriticalProcess(), IsWow64Process(), PerfDataGetCommandLine(), PrintProcess(), ProcessIdToSessionId(), PsaEnumerateProcessModules(), QueryFlag(), QueryFullProcessImageNameW(), QueryProcessCycleTime(), QuerySetProcessValidator(), RtlpQueryRemoteProcessModules(), SmpApiLoop(), SmpCreateVolumeDescriptors(), SmpGetProcessMuSessionId(), Test_ProcessBasicInformation(), Test_ProcessPriorityClassAlignment(), Test_ProcessQuotaLimits(), Test_ProcessQuotaLimitsEx(), Test_ProcessTimes(), Test_ProcessWx86Information(), UnhandledExceptionFilter(), UserpGetClientFileName(), wmain(), and Wow64QueryFlag().
◆ NtQueryInformationThread()
| NTSTATUS NTAPI NtQueryInformationThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ THREADINFOCLASS | ThreadInformationClass, | ||
| _Out_writes_bytes_to_opt_(ThreadInformationLength, *ReturnLength) PVOID | ThreadInformation, | ||
| _In_ ULONG | ThreadInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 2881 of file query.c.
2888{
2892 ULONG Access;
2894 PTHREAD_BASIC_INFORMATION ThreadBasicInfo =
2895 (PTHREAD_BASIC_INFORMATION)ThreadInformation;
2898 ULONG ThreadTerminated;
2899 PAGED_CODE();
2900
2901 /* Validate the information class */
2903 PsThreadInfoClass,
2905 ICIF_PROBE_READ,
2906 ThreadInformation,
2907 ThreadInformationLength,
2908 ReturnLength,
2909 NULL,
2910 PreviousMode);
2912 {
2913#if DBG
2914 DPRINT1("NtQueryInformationThread(ThreadInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
2916#endif
2918 }
2919
2920 /* Check what class this is */
2921 Access = THREAD_QUERY_INFORMATION;
2922
2923 /* Check what kind of information class this is */
2925 {
2926 /* Basic thread information */
2928
2929 /* Set the return length */
2931
2933 {
2935 break;
2936 }
2937
2938 /* Reference the thread */
2940 Access,
2941 PsThreadType,
2942 PreviousMode,
2944 NULL);
2946 break;
2947
2948 /* Protect writes with SEH */
2949 _SEH2_TRY
2950 {
2951 /* Write all the information from the ETHREAD/KTHREAD */
2958 }
2960 {
2961 /* Get exception code */
2963 }
2964 _SEH2_END;
2965
2966 /* Dereference the thread */
2968 break;
2969
2970 /* Thread time information */
2972
2973 /* Set the return length */
2975
2977 {
2979 break;
2980 }
2981
2982 /* Reference the thread */
2984 Access,
2985 PsThreadType,
2986 PreviousMode,
2988 NULL);
2990 break;
2991
2992 /* Protect writes with SEH */
2993 _SEH2_TRY
2994 {
2995 /* Copy time information from ETHREAD/KTHREAD */
2999
3000 /* Exit time is in a union and only valid on actual exit! */
3002 {
3004 }
3005 else
3006 {
3008 }
3009 }
3011 {
3012 /* Get exception code */
3014 }
3015 _SEH2_END;
3016
3017 /* Dereference the thread */
3019 break;
3020
3022
3023 /* Set the return length*/
3025
3027 {
3029 break;
3030 }
3031
3032 /* Reference the thread */
3034 Access,
3035 PsThreadType,
3036 PreviousMode,
3038 NULL);
3040 break;
3041
3042 /* Protect write with SEH */
3043 _SEH2_TRY
3044 {
3045 /* Return the Win32 Start Address */
3047 }
3049 {
3050 /* Get exception code */
3052 }
3053 _SEH2_END;
3054
3055 /* Dereference the thread */
3057 break;
3058
3060
3061 /* Set the return length*/
3063
3065 {
3067 break;
3068 }
3069
3070 /* Reference the thread */
3072 Access,
3073 PsThreadType,
3074 PreviousMode,
3076 NULL);
3078 break;
3079
3080 /* Protect write with SEH */
3081 _SEH2_TRY
3082 {
3083 /* FIXME */
3084 (*(PLARGE_INTEGER)ThreadInformation).QuadPart = 0;
3085 }
3087 {
3088 /* Get exception code */
3090 }
3091 _SEH2_END;
3092
3093 /* Dereference the thread */
3095 break;
3096
3098
3099 /* Set the return length*/
3101
3103 {
3105 break;
3106 }
3107
3108 /* Reference the thread */
3110 Access,
3111 PsThreadType,
3112 PreviousMode,
3114 NULL);
3116 break;
3117
3118 /* Protect write with SEH */
3119 _SEH2_TRY
3120 {
3121 /* Return whether or not we are the last thread */
3124 &Thread->ThreadsProcess->
3125 ThreadListHead) ?
3127 }
3129 {
3130 /* Get exception code */
3132 }
3133 _SEH2_END;
3134
3135 /* Dereference the thread */
3137 break;
3138
3140
3141 /* Set the return length*/
3143
3145 {
3147 break;
3148 }
3149
3150 /* Reference the thread */
3152 Access,
3153 PsThreadType,
3154 PreviousMode,
3156 NULL);
3158 break;
3159
3160 /* Raise the IRQL to protect the IRP list */
3162
3163 /* Protect write with SEH */
3164 _SEH2_TRY
3165 {
3166 /* Check if the IRP list is empty or not */
3168 }
3170 {
3171 /* Get exception code */
3173 }
3174 _SEH2_END;
3175
3176 /* Lower IRQL back */
3178
3179 /* Dereference the thread */
3181 break;
3182
3183 /* LDT and GDT information */
3185
3186#if defined(_X86_)
3187 /* Reference the thread */
3189 Access,
3190 PsThreadType,
3191 PreviousMode,
3193 NULL);
3195 break;
3196
3197 /* Call the worker routine */
3199 ThreadInformation,
3200 ThreadInformationLength,
3201 ReturnLength);
3202
3203 /* Dereference the thread */
3205#else
3206 /* Only implemented on x86 */
3208#endif
3209 break;
3210
3212
3213 /* Set the return length*/
3215
3217 {
3219 break;
3220 }
3221
3222 /* Reference the thread */
3224 Access,
3225 PsThreadType,
3226 PreviousMode,
3228 NULL);
3230 break;
3231
3232 _SEH2_TRY
3233 {
3235 }
3237 {
3239 }
3240 _SEH2_END;
3241
3242 /* Dereference the thread */
3244 break;
3245
3247
3248 /* Set the return length */
3250
3252 {
3254 break;
3255 }
3256
3257 /* Reference the thread */
3259 Access,
3260 PsThreadType,
3261 PreviousMode,
3263 NULL);
3265 break;
3266
3267 _SEH2_TRY
3268 {
3270 }
3272 {
3274 }
3275 _SEH2_END;
3276
3277 /* Dereference the thread */
3279 break;
3280
3282
3283 /* Set the return length*/
3285
3287 {
3289 break;
3290 }
3291
3292 /* Reference the thread */
3294 Access,
3295 PsThreadType,
3296 PreviousMode,
3298 NULL);
3300 break;
3301
3303
3304 _SEH2_TRY
3305 {
3306 *(PULONG)ThreadInformation = ThreadTerminated ? 1 : 0;
3307 }
3309 {
3311 }
3312 _SEH2_END;
3313
3314 /* Dereference the thread */
3316 break;
3317
3318 /* Anything else */
3319 default:
3320 /* Not yet implemented */
3321#if DBG
3323#endif
3325 }
3326
3327 /* Protect write with SEH */
3328 _SEH2_TRY
3329 {
3330 /* Check if caller wanted return length */
3332 }
3334 {
3335 /* Get exception code */
3337 }
3338 _SEH2_END;
3339
3341}
struct _THREAD_BASIC_INFORMATION THREAD_BASIC_INFORMATION
struct _THREAD_BASIC_INFORMATION * PTHREAD_BASIC_INFORMATION
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
Definition: psfuncs.h:844
LONG NTAPI KeQueryBasePriorityThread(IN PKTHREAD Thread)
Definition: thrdobj.c:52
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
Definition: thread.c:868
NTSTATUS NTAPI PspQueryDescriptorThread(IN PETHREAD Thread, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
Definition: psldt.c:43
Definition: pstypes.h:1191
Definition: compat.h:926
union _LARGE_INTEGER LARGE_INTEGER
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
Definition: kefuncs.h:778
Referenced by CreateRemoteThread(), CsrCreateProcess(), CsrCreateRemoteThread(), CsrCreateThread(), CsrInsertThread(), CsrSbCreateSession(), DbgUiConvertStateChangeStructure(), ExitThread(), fetch_thread_info(), GetExitCodeThread(), GetProcessIdOfThread(), GetThreadDescription(), GetThreadGroupAffinity(), GetThreadId(), GetThreadIdealProcessorEx(), GetThreadIOPendingFlag(), GetThreadPriority(), GetThreadPriorityBoost(), GetThreadSelectorEntry(), GetThreadTimes(), i386_stack_walk(), init_funcs(), InitFunctionPtrs(), PrintThreads(), QuerySetThreadValidator(), RtlFreeUserThreadStack(), RtlpIsIoPending(), SetThreadAffinityMask(), TerminateThread(), and Test_ThreadBasicInformationClass().
◆ NtSetInformationProcess()
| NTSTATUS NTAPI NtSetInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _In_reads_bytes_(ProcessInformationLength) PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength | ||
| ) |
Definition at line 1389 of file query.c.
1394{
1397 ACCESS_MASK Access;
1403 PROCESS_PRIORITY_CLASS PriorityClass = {0};
1404 PROCESS_FOREGROUND_BACKGROUND Foreground = {0};
1405 PVOID ExceptionPort;
1406 ULONG Break;
1408 KPRIORITY BasePriority = 0;
1409 UCHAR MemoryPriority = 0;
1410 BOOLEAN DisableBoost = 0;
1411 ULONG DefaultHardErrorMode = 0;
1412 ULONG DebugFlags = 0, EnableFixup = 0, Boost = 0;
1413 ULONG NoExecute = 0, VdmPower = 0;
1417 PAGED_CODE();
1418
1419 /* Validate the information class */
1421 PsProcessInfoClass,
1423 ProcessInformation,
1424 ProcessInformationLength,
1425 PreviousMode);
1427 {
1428#if DBG
1429 DPRINT1("NtSetInformationProcess(ProcessInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
1430 PspDumpProcessInfoClassName(ProcessInformationClass), Status);
1431#endif
1433 }
1434
1435 /* Check what class this is */
1436 Access = PROCESS_SET_INFORMATION;
1438 {
1439 /* Setting the Session ID needs a special mask */
1440 Access |= PROCESS_SET_SESSIONID;
1441 }
1443 {
1444 /* Setting the exception port needs a special mask */
1445 Access |= PROCESS_SUSPEND_RESUME;
1446 }
1447
1448 /* Reference the process */
1450 Access,
1451 PsProcessType,
1452 PreviousMode,
1454 NULL);
1456
1457 /* Check what kind of information class this is */
1458 switch (ProcessInformationClass)
1459 {
1461
1462 /* Check buffer length */
1464 {
1466 break;
1467 }
1468
1469 /* Use SEH for capture */
1470 _SEH2_TRY
1471 {
1472 /* Capture the boolean */
1473 VdmPower = *(PULONG)ProcessInformation;
1474 }
1476 {
1477 /* Get the exception code */
1480 }
1481 _SEH2_END;
1482
1483 /* Getting VDM powers requires the SeTcbPrivilege */
1485 {
1486 /* We don't hold the privilege, bail out */
1489 break;
1490 }
1491
1492 /* Set or clear the flag */
1493 if (VdmPower)
1494 {
1496 }
1497 else
1498 {
1500 }
1501 break;
1502
1503 /* Error/Exception Port */
1505
1506 /* Check buffer length */
1508 {
1510 break;
1511 }
1512
1513 /* Use SEH for capture */
1514 _SEH2_TRY
1515 {
1516 /* Capture the handle */
1517 PortHandle = *(PHANDLE)ProcessInformation;
1518 }
1520 {
1521 /* Get the exception code */
1524 }
1525 _SEH2_END;
1526
1527 /* Setting the error port requires the SeTcbPrivilege */
1529 {
1530 /* We don't hold the privilege, bail out */
1532 break;
1533 }
1534
1535 /* Get the LPC Port */
1537 0,
1538 LpcPortObjectType,
1539 PreviousMode,
1540 (PVOID)&ExceptionPort,
1541 NULL);
1543
1544 /* Change the pointer */
1546 ExceptionPort,
1547 NULL))
1548 {
1549 /* We already had one, fail */
1550 ObDereferenceObject(ExceptionPort);
1552 }
1553 break;
1554
1555 /* Security Token */
1557
1558 /* Check buffer length */
1560 {
1562 break;
1563 }
1564
1565 /* Use SEH for capture */
1566 _SEH2_TRY
1567 {
1568 /* Save the token handle */
1570 Token;
1571 }
1573 {
1574 /* Get the exception code */
1577 }
1578 _SEH2_END;
1579
1580 /* Assign the actual token */
1582 break;
1583
1584 /* Hard error processing */
1586
1587 /* Check buffer length */
1589 {
1591 break;
1592 }
1593
1594 /* Enter SEH for direct buffer read */
1595 _SEH2_TRY
1596 {
1597 DefaultHardErrorMode = *(PULONG)ProcessInformation;
1598 }
1600 {
1601 /* Get exception code */
1604 }
1605 _SEH2_END;
1606
1607 /* Set the mode */
1608 Process->DefaultHardErrorProcessing = DefaultHardErrorMode;
1609
1610 /* Call Ke for the update */
1612 {
1614 }
1615 else
1616 {
1618 }
1620 break;
1621
1622 /* Session ID */
1624
1625 /* Check buffer length */
1627 {
1629 break;
1630 }
1631
1632 /* Enter SEH for capture */
1633 _SEH2_TRY
1634 {
1635 /* Capture the caller's buffer */
1637 }
1639 {
1640 /* Get the exception code */
1643 }
1644 _SEH2_END;
1645
1646 /* Setting the session id requires the SeTcbPrivilege */
1648 {
1649 /* We don't hold the privilege, bail out */
1651 break;
1652 }
1653
1654 /*
1655 * Since we cannot change the session ID of the given
1656 * process anymore because it is set once and for all
1657 * at process creation time and because it is stored
1658 * inside the Process->Session structure managed by MM,
1659 * we fake changing it: we just return success if the
1660 * user-defined value is the same as the session ID of
1661 * the process, and otherwise we fail.
1662 */
1664 {
1666 }
1667 else
1668 {
1670 }
1671
1672 break;
1673
1675
1676 /* Check buffer length */
1678 {
1680 break;
1681 }
1682
1683 /* Enter SEH for capture */
1684 _SEH2_TRY
1685 {
1686 /* Capture the caller's buffer */
1687 PriorityClass = *(PPROCESS_PRIORITY_CLASS)ProcessInformation;
1688 }
1690 {
1691 /* Return the exception code */
1694 }
1695 _SEH2_END;
1696
1697 /* Check for invalid PriorityClass value */
1699 {
1701 break;
1702 }
1703
1706 {
1707 /* Check the privilege */
1709 ProcessHandle,
1710 PROCESS_SET_INFORMATION,
1711 PreviousMode);
1713 {
1717 }
1718 }
1719
1720 /* Check if we have a job */
1722 {
1724 }
1725
1726 /* Set process priority class */
1728
1729 /* Set process priority mode (foreground or background) */
1731 PriorityClass.Foreground ?
1732 PsProcessPriorityForeground :
1733 PsProcessPriorityBackground);
1735 break;
1736
1738
1739 /* Check buffer length */
1741 {
1743 break;
1744 }
1745
1746 /* Enter SEH for capture */
1747 _SEH2_TRY
1748 {
1749 /* Capture the caller's buffer */
1750 Foreground = *(PPROCESS_FOREGROUND_BACKGROUND)ProcessInformation;
1751 }
1753 {
1754 /* Return the exception code */
1757 }
1758 _SEH2_END;
1759
1760 /* Set process priority mode (foreground or background) */
1762 Foreground.Foreground ?
1763 PsProcessPriorityForeground :
1764 PsProcessPriorityBackground);
1766 break;
1767
1769
1770 /* Validate input length */
1772 {
1774 break;
1775 }
1776
1777 /* Enter SEH for direct buffer read */
1778 _SEH2_TRY
1779 {
1780 BasePriority = *(KPRIORITY*)ProcessInformation;
1781 }
1783 {
1784 /* Get exception code */
1785 Break = 0;
1788 }
1789 _SEH2_END;
1790
1791 /* Extract the memory priority out of there */
1792 if (BasePriority & 0x80000000)
1793 {
1794 MemoryPriority = MEMORY_PRIORITY_FOREGROUND;
1795 BasePriority &= ~0x80000000;
1796 }
1797 else
1798 {
1799 MemoryPriority = MEMORY_PRIORITY_BACKGROUND;
1800 }
1801
1802 /* Validate the number */
1804 {
1807 }
1808
1809 /* Check if the new base is higher */
1811 {
1813 ProcessHandle,
1814 PROCESS_SET_INFORMATION,
1815 PreviousMode);
1817 {
1819 DPRINT1("Privilege to change priority from %lx to %lx lacking\n", Process->Pcb.BasePriority, BasePriority);
1821 }
1822 }
1823
1824 /* Call Ke */
1826
1827 /* Now set the memory priority */
1830 break;
1831
1833
1834 /* Validate input length */
1836 {
1838 break;
1839 }
1840
1841 /* Enter SEH for direct buffer read */
1842 _SEH2_TRY
1843 {
1844 Boost = *(PULONG)ProcessInformation;
1845 }
1847 {
1848 /* Get exception code */
1849 Break = 0;
1852 }
1853 _SEH2_END;
1854
1855 /* Make sure the process isn't dying */
1857 {
1858 /* Lock it */
1859 KeEnterCriticalRegion();
1861
1862 /* Loop the threads */
1866 {
1867 /* Call Ke for the thread */
1870 }
1871
1872 /* Release the lock and rundown */
1874 KeLeaveCriticalRegion();
1876
1877 /* Set success code */
1879 }
1880 else
1881 {
1882 /* Avoid race conditions */
1884 }
1885 break;
1886
1888
1889 /* Check buffer length */
1891 {
1893 break;
1894 }
1895
1896 /* Enter SEH for direct buffer read */
1897 _SEH2_TRY
1898 {
1899 Break = *(PULONG)ProcessInformation;
1900 }
1902 {
1903 /* Get exception code */
1904 Break = 0;
1907 }
1908 _SEH2_END;
1909
1910 /* Setting 'break on termination' requires the SeDebugPrivilege */
1912 {
1913 /* We don't hold the privilege, bail out */
1915 break;
1916 }
1917
1918 /* Set or clear the flag */
1919 if (Break)
1920 {
1922 }
1923 else
1924 {
1926 }
1927
1928 break;
1929
1931
1932 /* Check buffer length */
1934 {
1936 break;
1937 }
1938
1939 /* Enter SEH for direct buffer read */
1940 _SEH2_TRY
1941 {
1943 }
1945 {
1946 /* Get exception code */
1947 Break = 0;
1950 }
1951 _SEH2_END;
1952
1953 /* Make sure it's valid for the CPUs present */
1956 {
1958 break;
1959 }
1960
1961 /* Check if it's within job affinity limits */
1963 {
1964 /* Not yet implemented */
1965 UNIMPLEMENTED;
1967 break;
1968 }
1969
1970 /* Make sure the process isn't dying */
1972 {
1973 /* Lock it */
1974 KeEnterCriticalRegion();
1976
1977 /* Call Ke to do the work */
1979
1980 /* Release the lock and rundown */
1982 KeLeaveCriticalRegion();
1984
1985 /* Set success code */
1987 }
1988 else
1989 {
1990 /* Avoid race conditions */
1992 }
1993 break;
1994
1995 /* Priority Boosting status */
1997
1998 /* Validate input length */
2000 {
2002 break;
2003 }
2004
2005 /* Enter SEH for direct buffer read */
2006 _SEH2_TRY
2007 {
2008 DisableBoost = *(PBOOLEAN)ProcessInformation;
2009 }
2011 {
2012 /* Get exception code */
2013 Break = 0;
2016 }
2017 _SEH2_END;
2018
2019 /* Make sure the process isn't dying */
2021 {
2022 /* Lock it */
2023 KeEnterCriticalRegion();
2025
2026 /* Call Ke to do the work */
2028
2029 /* Loop the threads too */
2033 {
2034 /* Call Ke for the thread */
2037 }
2038
2039 /* Release the lock and rundown */
2041 KeLeaveCriticalRegion();
2043
2044 /* Set success code */
2046 }
2047 else
2048 {
2049 /* Avoid race conditions */
2051 }
2052 break;
2053
2055
2056 /* Check buffer length */
2058 {
2060 break;
2061 }
2062
2063 /* Enter SEH for direct buffer read */
2064 _SEH2_TRY
2065 {
2066 DebugFlags = *(PULONG)ProcessInformation;
2067 }
2069 {
2070 /* Get exception code */
2073 }
2074 _SEH2_END;
2075
2076 /* Set the mode */
2077 if (DebugFlags & ~1)
2078 {
2080 }
2081 else
2082 {
2083 if (DebugFlags & 1)
2084 {
2086 }
2087 else
2088 {
2090 }
2091 }
2092
2093 /* Done */
2095 break;
2096
2098
2099 /* Check buffer length */
2101 {
2103 break;
2104 }
2105
2106 /* Enter SEH for direct buffer read */
2107 _SEH2_TRY
2108 {
2109 EnableFixup = *(PULONG)ProcessInformation;
2110 }
2112 {
2113 /* Get exception code */
2116 }
2117 _SEH2_END;
2118
2119 /* Set the mode */
2120 if (EnableFixup)
2121 {
2123 }
2124 else
2125 {
2126 Process->DefaultHardErrorProcessing &= ~SEM_NOALIGNMENTFAULTEXCEPT;
2127 }
2128
2129 /* Call Ke for the update */
2132 break;
2133
2135
2136 /* Only TCB can do this */
2138 {
2139 /* We don't hold the privilege, bail out */
2142 break;
2143 }
2144
2145 /* Only supported on x86 */
2146#if defined (_X86_)
2147 Ke386SetIOPL();
2148#elif defined(_M_AMD64)
2149 /* On x64 this function isn't implemented.
2150 On Windows 2003 it returns success.
2151 On Vista+ it returns STATUS_NOT_IMPLEMENTED. */
2153 (RtlRosGetAppcompatVersion() > _WIN32_WINNT_WS03))
2154 {
2156 }
2157#else
2159#endif
2160 /* Done */
2161 break;
2162
2164
2165 /* Check buffer length */
2167 {
2169 break;
2170 }
2171
2173 {
2175 break;
2176 }
2177
2178 /* Enter SEH for direct buffer read */
2179 _SEH2_TRY
2180 {
2181 NoExecute = *(PULONG)ProcessInformation;
2182 }
2184 {
2185 /* Get exception code */
2188 }
2189 _SEH2_END;
2190
2191 /* Call Mm for the update */
2193 break;
2194
2196
2197 /* Check buffer length */
2199 {
2201 break;
2202 }
2203
2204 /* Use SEH for capture */
2205 _SEH2_TRY
2206 {
2207 /* Capture the handle */
2209 }
2211 {
2212 /* Get the exception code */
2215 }
2216 _SEH2_END;
2217
2218 /* Call Ob to set the device map */
2220 break;
2221
2222
2223 /* We currently don't implement any of these */
2229 break;
2230
2232
2234 1,
2235 ProcessInformation,
2236 ProcessInformationLength,
2237 PreviousMode);
2238 break;
2239
2243 break;
2244
2248 break;
2249
2250 /* Anything else is invalid */
2251 default:
2252#if DBG
2253 DPRINT1("Invalid Server 2003 Info Class: %s\n", PspDumpProcessInfoClassName(ProcessInformationClass));
2254#endif
2256 }
2257
2258 /* Dereference and return status */
2261}
Definition: tokenizer.hpp:28
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1108
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1216
#define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL
Definition: pstypes.h:113
struct _PROCESS_FOREGROUND_BACKGROUND * PPROCESS_FOREGROUND_BACKGROUND
#define LOW_PRIORITY
#define HIGH_PRIORITY
#define InterlockedCompareExchangePointer
Definition: interlocked.h:144
struct _PROCESS_ACCESS_TOKEN * PPROCESS_ACCESS_TOKEN
KAFFINITY NTAPI KeSetAffinityProcess(IN PKPROCESS Process, IN KAFFINITY Affinity)
Definition: procobj.c:265
BOOLEAN NTAPI KeSetDisableBoostProcess(IN PKPROCESS Process, IN BOOLEAN Disable)
Definition: procobj.c:331
BOOLEAN NTAPI KeSetDisableBoostThread(IN OUT PKTHREAD Thread, IN BOOLEAN Disable)
Definition: thrdobj.c:86
BOOLEAN NTAPI KeSetAutoAlignmentProcess(IN PKPROCESS Process, IN BOOLEAN Enable)
Definition: procobj.c:313
VOID NTAPI KeBoostPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Increment)
Definition: thrdobj.c:220
KPRIORITY NTAPI KeSetPriorityAndQuantumProcess(IN PKPROCESS Process, IN KPRIORITY Priority, IN UCHAR Quantum OPTIONAL)
Definition: procobj.c:349
NTSTATUS NTAPI MmSetExecuteOptions(IN ULONG ExecuteOptions)
Definition: pagfault.c:2695
NTSTATUS NTAPI MmSetMemoryPriorityProcess(IN PEPROCESS Process, IN UCHAR MemoryPriority)
Definition: procsup.c:487
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
Definition: probe.h:70
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
Definition: priv.c:803
VOID NTAPI PsSetProcessPriorityByClass(IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE Type)
Definition: process.c:1325
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
Definition: devicemap.c:24
NTSTATUS NTAPI PspSetPrimaryToken(IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
Definition: security.c:215
NTSTATUS NTAPI PspSetQuotaLimits(_In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode)
This function adjusts the working set limits of a process and sets up new quota limits when necessary...
Definition: quota.c:1045
STDMETHOD() Next(THIS_ ULONG celt, IAssociationElement *pElement, ULONG *pceltFetched) PURE
Definition: typedefs.h:120
Definition: ntddk.h:9
Definition: pstypes.h:1048
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
Definition: halfuncs.h:174
Referenced by _main(), CreateProcessInternalW(), CSR_API(), CsrCreateProcess(), CsrpSetDefaultProcessHardErrorMode(), CsrSbCreateSession(), CsrSetBackgroundPriority(), CsrSetForegroundPriority(), CsrSetToNormalPriority(), CsrSetToShutdownPriority(), EmptyWorkingSet(), InitFunctionPtrs(), InitializeProcessForWsWatch(), InsertTokenToProcessCommon(), LdrpInitializeProcess(), QuerySetProcessValidator(), SetErrorMode(), SetPriorityClass(), SetProcessAffinityMask(), SetProcessInformation(), SetProcessPriorityBoost(), SetProcessWorkingSetSizeEx(), SmpInit(), SmpSbCreateSession(), SmpSetProcessMuSessionId(), Test_ProcBasePriorityClass(), Test_ProcessWx86InformationClass(), Test_ProcForegroundBackgroundClass(), and Test_ProcRaisePriorityClass().
◆ NtSetInformationThread()
| NTSTATUS NTAPI NtSetInformationThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ THREADINFOCLASS | ThreadInformationClass, | ||
| _In_reads_bytes_(ThreadInformationLength) PVOID | ThreadInformation, | ||
| _In_ ULONG | ThreadInformationLength | ||
| ) |
Definition at line 2268 of file query.c.
2273{
2282 ULONG_PTR DisableBoost = 0;
2283 ULONG_PTR IdealProcessor = 0;
2284 ULONG_PTR Break = 0;
2285 PTEB Teb;
2287 PVOID *ExpansionSlots;
2288 PETHREAD ProcThread;
2290 PAGED_CODE();
2291
2292 /* Validate the information class */
2294 PsThreadInfoClass,
2296 ThreadInformation,
2297 ThreadInformationLength,
2298 PreviousMode);
2300 {
2301#if DBG
2302 DPRINT1("NtSetInformationThread(ThreadInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
2304#endif
2306 }
2307
2308 /* Check what kind of information class this is */
2310 {
2311 /* Thread priority */
2313
2314 /* Check buffer length */
2316 {
2318 break;
2319 }
2320
2321 /* Use SEH for capture */
2322 _SEH2_TRY
2323 {
2324 /* Get the priority */
2326 }
2328 {
2329 /* Get the exception code */
2332 }
2333 _SEH2_END;
2334
2335 /* Validate it */
2338 {
2339 /* Fail */
2341 break;
2342 }
2343
2344 /* Check for the required privilege */
2346 {
2348 ThreadHandle,
2349 THREAD_SET_INFORMATION,
2350 PreviousMode);
2352 {
2355 }
2356 }
2357
2358 /* Reference the thread */
2360 THREAD_SET_INFORMATION,
2361 PsThreadType,
2362 PreviousMode,
2364 NULL);
2366 break;
2367
2368 /* Set the priority */
2370
2371 /* Dereference the thread */
2373 break;
2374
2376
2377 /* Check buffer length */
2379 {
2381 break;
2382 }
2383
2384 /* Use SEH for capture */
2385 _SEH2_TRY
2386 {
2387 /* Get the priority */
2389 }
2391 {
2392 /* Get the exception code */
2395 }
2396 _SEH2_END;
2397
2398 /* Validate it */
2401 {
2402 /* These ones are OK */
2405 {
2406 /* Check if the process is real time */
2409 {
2410 /* It isn't, fail */
2412 break;
2413 }
2414 }
2415 }
2416
2417 /* Reference the thread */
2419 THREAD_SET_INFORMATION,
2420 PsThreadType,
2421 PreviousMode,
2423 NULL);
2425 break;
2426
2427 /* Set the base priority */
2429
2430 /* Dereference the thread */
2432 break;
2433
2435
2436 /* Check buffer length */
2438 {
2440 break;
2441 }
2442
2443 /* Use SEH for capture */
2444 _SEH2_TRY
2445 {
2446 /* Get the priority */
2448 }
2450 {
2451 /* Get the exception code */
2454 }
2455 _SEH2_END;
2456
2457 /* Validate it */
2459 {
2460 /* Fail */
2462 break;
2463 }
2464
2465 /* Reference the thread */
2467 THREAD_SET_INFORMATION,
2468 PsThreadType,
2469 PreviousMode,
2471 NULL);
2473 break;
2474
2475 /* Get the process */
2477
2478 /* Try to acquire rundown */
2480 {
2481 /* Lock it */
2482 KeEnterCriticalRegion();
2484
2485 /* Combine masks */
2488 {
2489 /* Fail */
2491 }
2492 else
2493 {
2494 /* Set the affinity */
2496 }
2497
2498 /* Release the lock and rundown */
2500 KeLeaveCriticalRegion();
2502 }
2503 else
2504 {
2505 /* Too late */
2507 }
2508
2509 /* Dereference the thread */
2511 break;
2512
2514
2515 /* Check buffer length */
2517 {
2519 break;
2520 }
2521
2522 /* Use SEH for capture */
2523 _SEH2_TRY
2524 {
2525 /* Save the token handle */
2527 }
2529 {
2530 /* Get the exception code */
2533 }
2534 _SEH2_END;
2535
2536 /* Reference the thread */
2538 THREAD_SET_THREAD_TOKEN,
2539 PsThreadType,
2540 PreviousMode,
2542 NULL);
2544 break;
2545
2546 /* Assign the actual token */
2548
2549 /* Dereference the thread */
2551 break;
2552
2554
2555 /* Check buffer length */
2557 {
2559 break;
2560 }
2561
2562 /* Use SEH for capture */
2563 _SEH2_TRY
2564 {
2565 /* Get the priority */
2567 }
2569 {
2570 /* Get the exception code */
2573 }
2574 _SEH2_END;
2575
2576 /* Reference the thread */
2578 THREAD_SET_INFORMATION,
2579 PsThreadType,
2580 PreviousMode,
2582 NULL);
2584 break;
2585
2586 /* Set the address */
2588
2589 /* Dereference the thread */
2591 break;
2592
2594
2595 /* Check buffer length */
2597 {
2599 break;
2600 }
2601
2602 /* Use SEH for capture */
2603 _SEH2_TRY
2604 {
2605 /* Get the priority */
2606 IdealProcessor = *(PULONG_PTR)ThreadInformation;
2607 }
2609 {
2610 /* Get the exception code */
2613 }
2614 _SEH2_END;
2615
2616 /* Validate it */
2618 {
2619 /* Fail */
2621 break;
2622 }
2623
2624 /* Reference the thread */
2626 THREAD_SET_INFORMATION,
2627 PsThreadType,
2628 PreviousMode,
2630 NULL);
2632 break;
2633
2634 /* Set the ideal */
2636 (CCHAR)IdealProcessor);
2637
2638 /* Get the TEB and protect the thread */
2641 {
2642 /* Save the ideal processor */
2644
2645 /* Release rundown protection */
2647 }
2648
2649 /* Dereference the thread */
2651 break;
2652
2654
2655 /* Check buffer length */
2657 {
2659 break;
2660 }
2661
2662 /* Use SEH for capture */
2663 _SEH2_TRY
2664 {
2665 /* Get the priority */
2666 DisableBoost = *(PULONG_PTR)ThreadInformation;
2667 }
2669 {
2670 /* Get the exception code */
2673 }
2674 _SEH2_END;
2675
2676 /* Reference the thread */
2678 THREAD_SET_INFORMATION,
2679 PsThreadType,
2680 PreviousMode,
2682 NULL);
2684 break;
2685
2686 /* Call the kernel */
2688
2689 /* Dereference the thread */
2691 break;
2692
2694
2695 /* Check buffer length */
2697 {
2699 break;
2700 }
2701
2702 /* Use SEH for capture */
2703 _SEH2_TRY
2704 {
2705 /* Get the priority */
2707 }
2709 {
2710 /* Get the exception code */
2713 }
2714 _SEH2_END;
2715
2716 /* Reference the thread */
2718 THREAD_SET_INFORMATION,
2719 PsThreadType,
2720 PreviousMode,
2722 NULL);
2724 break;
2725
2726 /* This is only valid for the current thread */
2728 {
2729 /* Fail */
2732 break;
2733 }
2734
2735 /* Get the process */
2737
2738 /* Loop the threads */
2740 while (ProcThread)
2741 {
2742 /* Acquire rundown */
2744 {
2745 /* Get the TEB */
2747 if (Teb)
2748 {
2749 /* Check if we're in the expansion range */
2751 {
2753 TLS_EXPANSION_SLOTS) - 1)
2754 {
2755 /* Check if we have expansion slots */
2756 ExpansionSlots = Teb->TlsExpansionSlots;
2757 if (ExpansionSlots)
2758 {
2759 /* Clear the index */
2761 }
2762 }
2763 }
2764 else
2765 {
2766 /* Clear the index */
2768 }
2769 }
2770
2771 /* Release rundown */
2773 }
2774
2775 /* Go to the next thread */
2777 }
2778
2779 /* Dereference the thread */
2781 break;
2782
2784
2785 /* Check buffer length */
2787 {
2789 break;
2790 }
2791
2792 /* Enter SEH for direct buffer read */
2793 _SEH2_TRY
2794 {
2795 Break = *(PULONG)ThreadInformation;
2796 }
2798 {
2799 /* Get exception code */
2800 Break = 0;
2803 }
2804 _SEH2_END;
2805
2806 /* Setting 'break on termination' requires the SeDebugPrivilege */
2808 {
2809 /* We don't hold the privilege, bail out */
2811 break;
2812 }
2813
2814 /* Reference the thread */
2816 THREAD_SET_INFORMATION,
2817 PsThreadType,
2818 PreviousMode,
2820 NULL);
2822 break;
2823
2824 /* Set or clear the flag */
2825 if (Break)
2826 {
2828 }
2829 else
2830 {
2832 }
2833
2834 /* Dereference the thread */
2836 break;
2837
2839
2840 /* Check buffer length */
2842 {
2844 break;
2845 }
2846
2847 /* Reference the thread */
2849 THREAD_SET_INFORMATION,
2850 PsThreadType,
2851 PreviousMode,
2853 NULL);
2855 break;
2856
2857 /* Set the flag */
2859
2860 /* Dereference the thread */
2862 break;
2863
2864 /* Anything else */
2865 default:
2866 /* Not yet implemented */
2867#if DBG
2869#endif
2871 }
2872
2874}
#define LOW_REALTIME_PRIORITY
NTSTATUS NTAPI PsAssignImpersonationToken(IN PETHREAD Thread, IN HANDLE TokenHandle)
Definition: security.c:502
PETHREAD NTAPI PsGetNextProcessThread(IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
Definition: process.c:75
Definition: compat.h:836
UCHAR NTAPI KeSetIdealProcessorThread(IN PKTHREAD Thread, IN UCHAR Processor)
Definition: thrdobj.c:1066
LONG NTAPI KeSetBasePriorityThread(IN PKTHREAD Thread, IN LONG Increment)
Definition: thrdobj.c:1157
KPRIORITY NTAPI KeSetPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Priority)
Definition: thrdobj.c:1300
KAFFINITY NTAPI KeSetAffinityThread(IN PKTHREAD Thread, IN KAFFINITY Affinity)
Definition: thrdobj.c:1276
_In_ WDFINTERRUPT _In_ WDF_INTERRUPT_POLICY _In_ WDF_INTERRUPT_PRIORITY Priority
Definition: wdfinterrupt.h:655
Referenced by BaseGetNamedObjectDirectory(), BaseProcessStartup(), CreateProcessAsUserCommon(), CsrRevertToSelf(), ImpersonateLoggedOnUser(), init_funcs(), InitFunctionPtrs(), InitializeDeviceData(), MiInitBalancerThread(), NpGetUserNamep(), QuerySetThreadValidator(), RevertToSelf(), RtlpExecuteIoWorkItem(), RtlpExecuteWorkItem(), set_thread_name(), SetThreadAffinityMask(), SetThreadDescription(), SetThreadGroupAffinity(), SetThreadIdealProcessor(), SetThreadInformation(), SetThreadPriority(), SetThreadPriorityBoost(), SetThreadToken(), START_TEST(), Test_ThreadPriorityClass(), and TlsFree().
◆ PsReferenceProcessFilePointer()
| NTSTATUS NTAPI PsReferenceProcessFilePointer | ( | _In_ PEPROCESS | Process, |
| _Outptr_ PFILE_OBJECT * | FileObject | ||
| ) |
Definition at line 24 of file query.c.
27{
28 PSECTION Section;
29 PAGED_CODE();
30
31 /* Lock the process */
33 {
35 }
36
37 /* Get the section */
38 Section = Process->SectionObject;
39 if (Section)
40 {
41 /* Get the file object and reference it */
44 }
45
46 /* Release the protection */
48
49 /* Return status */
51}
PFILE_OBJECT NTAPI MmGetFileObjectForSection(IN PVOID Section)
Definition: section.c:1540
Definition: mmtypes.h:810
Referenced by NtQueryInformationProcess(), and SeLocateProcessImageName().
