#include <ntoskrnl.h>#include <debug.h>
Include dependency graph for query.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Functions | |
| NTSTATUS NTAPI | PsReferenceProcessFilePointer (IN PEPROCESS Process, OUT PFILE_OBJECT *FileObject) |
| NTSTATUS NTAPI | NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength) |
| NTSTATUS NTAPI | NtSetInformationProcess (IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength) |
| NTSTATUS NTAPI | NtSetInformationThread (IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength) |
| NTSTATUS NTAPI | NtQueryInformationThread (IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL) |
Variables | |
| ULONG | PspTraceLevel = 0 |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ NtQueryInformationProcess()
| NTSTATUS NTAPI NtQueryInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _Out_ PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 59 of file query.c.
65{
70
71 PAGED_CODE();
72
73 /* Verify Information Class validity */
77 ICIF_PROBE_READ,
78 ProcessInformation,
79 ProcessInformationLength,
80 ReturnLength,
81 NULL,
82 PreviousMode);
84 {
85 DPRINT1("NtQueryInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
87 }
88
90 (ProcessInformationClass == ProcessImageInformation)) &&
92 {
93 /*
94 * Retrieving the process cookie is only allowed for the calling process
95 * itself! XP only allows NtCurrentProcess() as process handles even if
96 * a real handle actually represents the current process.
97 */
99 }
100
101 /* Check the information class */
102 switch (ProcessInformationClass)
103 {
104 /* Basic process information */
106 {
108
110 {
112 break;
113 }
114
115 /* Set return length */
117
118 /* Reference the process */
121 PsProcessType,
122 PreviousMode,
124 NULL);
126
127 /* Protect writes with SEH */
128 _SEH2_TRY
129 {
130 /* Write all the information from the EPROCESS/KPROCESS */
135 UniqueProcessId;
136 ProcessBasicInfo->InheritedFromUniqueProcessId =
139
140 }
142 {
143 /* Get exception code */
145 }
146 _SEH2_END;
147
148 /* Dereference the process */
150 break;
151 }
152
153 /* Process quota limits */
155 {
156 QUOTA_LIMITS_EX QuotaLimits;
157 BOOLEAN Extended;
158
161 {
163 break;
164 }
165
166 /* Set return length */
167 Length = ProcessInformationLength;
169
170 /* Reference the process */
173 PsProcessType,
174 PreviousMode,
176 NULL);
178
179 /* Indicate success */
181
183
184 /* Get max/min working set sizes */
185 QuotaLimits.MaximumWorkingSetSize =
187 QuotaLimits.MinimumWorkingSetSize =
189
190 /* Get default time limits */
192
193 /* Is quota block a default one? */
195 {
196 /* Get default pools and pagefile limits */
200 }
201 else
202 {
203 /* Get limits from non-default quota block */
204 QuotaLimits.PagedPoolLimit =
206 QuotaLimits.NonPagedPoolLimit =
208 QuotaLimits.PagefileLimit =
210 }
211
212 /* Get additional information, if needed */
213 if (Extended)
214 {
219
220 /* FIXME: Get the correct information */
221 //QuotaLimits.WorkingSetLimit = (SIZE_T)-1; // Not used on Win2k3, it is set to 0
223 }
224
225 /* Protect writes with SEH */
226 _SEH2_TRY
227 {
229 }
231 {
232 /* Get exception code */
234 }
235 _SEH2_END;
236
237 /* Dereference the process */
239 break;
240 }
241
243 {
245 PROCESS_VALUES ProcessValues;
246
248 {
250 break;
251 }
252
254
255 /* Reference the process */
258 PsProcessType,
259 PreviousMode,
261 NULL);
263
264 /* Query IO counters from the process */
266
267 _SEH2_TRY
268 {
270 }
272 {
273 /* Ignore exception */
274 }
275 _SEH2_END;
276
277 /* Set status to success in any case */
279
280 /* Dereference the process */
282 break;
283 }
284
285 /* Timing */
287 {
290
291 /* Set the return length */
293 {
295 break;
296 }
297
299
300 /* Reference the process */
303 PsProcessType,
304 PreviousMode,
306 NULL);
308
309 /* Protect writes with SEH */
310 _SEH2_TRY
311 {
312 /* Copy time information from EPROCESS/KPROCESS */
318 }
320 {
321 /* Get exception code */
323 }
324 _SEH2_END;
325
326 /* Dereference the process */
328 break;
329 }
330
331 /* Process Debug Port */
333
335 {
337 break;
338 }
339
340 /* Set return length */
342
343 /* Reference the process */
346 PsProcessType,
347 PreviousMode,
349 NULL);
351
352 /* Protect write with SEH */
353 _SEH2_TRY
354 {
355 /* Return whether or not we have a debug port */
358 }
360 {
361 /* Get exception code */
363 }
364 _SEH2_END;
365
366 /* Dereference the process */
368 break;
369
371 {
372 ULONG HandleCount;
373
375 {
377 break;
378 }
379
380 /* Set the return length*/
382
383 /* Reference the process */
386 PsProcessType,
387 PreviousMode,
389 NULL);
391
392 /* Count the number of handles this process has */
394
395 /* Protect write in SEH */
396 _SEH2_TRY
397 {
398 /* Return the count of handles */
399 *(PULONG)ProcessInformation = HandleCount;
400 }
402 {
403 /* Get the exception code */
405 }
406 _SEH2_END;
407
408 /* Dereference the process */
410 break;
411 }
412
413 /* Session ID for the process */
415 {
417
419 {
421 break;
422 }
423
424 /* Set the return length*/
426
427 /* Reference the process */
430 PsProcessType,
431 PreviousMode,
433 NULL);
435
436 /* Enter SEH for write safety */
437 _SEH2_TRY
438 {
439 /* Write back the Session ID */
441 }
443 {
444 /* Get the exception code */
446 }
447 _SEH2_END;
448
449 /* Dereference the process */
451 break;
452 }
453
454 /* Virtual Memory Statistics */
456 {
458
459 /* Validate the input length */
462 {
464 break;
465 }
466
467 /* Reference the process */
470 PsProcessType,
471 PreviousMode,
473 NULL);
475
476 /* Enter SEH for write safety */
477 _SEH2_TRY
478 {
479 /* Return data from EPROCESS */
491 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
492 //
493
494 /* Set the return length */
495 Length = ProcessInformationLength;
496 }
498 {
499 /* Get the exception code */
501 }
502 _SEH2_END;
503
504 /* Dereference the process */
506 break;
507 }
508
509 /* Hard Error Processing Mode */
511
513 {
515 break;
516 }
517
518 /* Set the return length*/
520
521 /* Reference the process */
524 PsProcessType,
525 PreviousMode,
527 NULL);
529
530 /* Enter SEH for writing back data */
531 _SEH2_TRY
532 {
533 /* Write the current processing mode */
535 DefaultHardErrorProcessing;
536 }
538 {
539 /* Get the exception code */
541 }
542 _SEH2_END;
543
544 /* Dereference the process */
546 break;
547
548 /* Priority Boosting status */
550
552 {
554 break;
555 }
556
557 /* Set the return length */
559
560 /* Reference the process */
563 PsProcessType,
564 PreviousMode,
566 NULL);
568
569 /* Enter SEH for writing back data */
570 _SEH2_TRY
571 {
572 /* Return boost status */
575 }
577 {
578 /* Get the exception code */
580 }
581 _SEH2_END;
582
583 /* Dereference the process */
585 break;
586
587 /* DOS Device Map */
589 {
591
593 {
594 /* Protect read in SEH */
595 _SEH2_TRY
596 {
597 PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
598
600 }
602 {
603 /* Get the exception code */
606 }
607 _SEH2_END;
608
609 /* Only one flag is supported and it needs LUID mappings */
611 !ObIsLUIDDeviceMapsEnabled())
612 {
614 break;
615 }
616 }
617 else
618 {
619 /* This has to be the size of the Query union field for x64 compatibility! */
621 {
623 break;
624 }
625
626 /* No flags for standard call */
627 Flags = 0;
628 }
629
630 /* Set the return length */
631 Length = ProcessInformationLength;
632
633 /* Reference the process */
636 PsProcessType,
637 PreviousMode,
639 NULL);
641
642 /* Query the device map information */
644 ProcessInformation,
645 Flags);
646
647 /* Dereference the process */
649 break;
650 }
651
652 /* Priority class */
654 {
656
658 {
660 break;
661 }
662
663 /* Set the return length*/
665
666 /* Reference the process */
669 PsProcessType,
670 PreviousMode,
672 NULL);
674
675 /* Enter SEH for writing back data */
676 _SEH2_TRY
677 {
678 /* Return current priority class */
681 }
683 {
684 /* Get the exception code */
686 }
687 _SEH2_END;
688
689 /* Dereference the process */
691 break;
692 }
693
695 {
697
698 /* Reference the process */
701 PsProcessType,
702 PreviousMode,
704 NULL);
706
707 /* Get the image path */
710 {
711 /* Set return length */
714
715 /* Make sure it's large enough */
717 {
718 /* Enter SEH to protect write */
719 _SEH2_TRY
720 {
721 /* Copy it */
722 RtlCopyMemory(ProcessInformation,
723 ImageName,
724 Length);
725
726 /* Update pointer */
727 ((PUNICODE_STRING)ProcessInformation)->Buffer =
729 }
731 {
732 /* Get the exception code */
734 }
735 _SEH2_END;
736 }
737 else
738 {
739 /* Buffer too small */
741 }
742
743 /* Free the image path */
745 }
746 /* Dereference the process */
748 break;
749 }
750
752
754 {
756 break;
757 }
758
759 /* Set the return length*/
761
762 /* Reference the process */
765 PsProcessType,
766 PreviousMode,
768 NULL);
770
771 /* Enter SEH for writing back data */
772 _SEH2_TRY
773 {
774 /* Return the debug flag state */
776 }
778 {
779 /* Get the exception code */
781 }
782 _SEH2_END;
783
784 /* Dereference the process */
786 break;
787
789
791 {
793 break;
794 }
795
796 /* Set the return length */
798
799 /* Reference the process */
802 PsProcessType,
803 PreviousMode,
805 NULL);
807
808 /* Enter SEH for writing back data */
809 _SEH2_TRY
810 {
811 /* Return the BreakOnTermination state */
813 }
815 {
816 /* Get the exception code */
818 }
819 _SEH2_END;
820
821 /* Dereference the process */
823 break;
824
825 /* Per-process security cookie */
827 {
829
831 {
832 /* Length size wrong, bail out */
834 break;
835 }
836
837 /* Get the current process and cookie */
841 {
842 LARGE_INTEGER SystemTime;
843 ULONG NewCookie;
844 PKPRCB Prcb;
845
846 /* Generate a new cookie */
847 KeQuerySystemTime(&SystemTime);
848 Prcb = KeGetCurrentPrcb();
851
852 /* Set the new cookie or return the current one */
854 NewCookie,
855 Cookie);
857
858 /* Set return length */
860 }
861
862 /* Indicate success */
864
865 /* Enter SEH to protect write */
866 _SEH2_TRY
867 {
868 /* Write back the cookie */
870 }
872 {
873 /* Get the exception code */
875 }
876 _SEH2_END;
877 break;
878 }
879
881
883 {
884 /* Break out */
886 break;
887 }
888
889 /* Set the length required and validate it */
891
892 /* Enter SEH to protect write */
893 _SEH2_TRY
894 {
896 }
898 {
899 /* Get the exception code */
901 }
902 _SEH2_END;
903
904 /* Indicate success */
906 break;
907
909 {
910 HANDLE DebugPort = 0;
911
913 {
915 break;
916 }
917
918 /* Set the return length */
920
921 /* Reference the process */
924 PsProcessType,
925 PreviousMode,
927 NULL);
929
930 /* Get the debug port */
932
933 /* Let go of the process */
935
936 /* Protect write in SEH */
937 _SEH2_TRY
938 {
939 /* Return debug port's handle */
940 *(PHANDLE)ProcessInformation = DebugPort;
941 }
943 {
944 /* Get the exception code */
946 }
947 _SEH2_END;
948 break;
949 }
950
954 break;
955
957
959 {
961 break;
962 }
963
964 /* Set the return length */
966
967 /* Indicate success */
969
970 /* Protect write in SEH */
971 _SEH2_TRY
972 {
973 /* Query Ob */
975 }
977 {
978 /* Get the exception code */
980 }
981 _SEH2_END;
982 break;
983
985
987 {
989 break;
990 }
991
992 /* Set the return length */
994
995 /* Reference the process */
998 PsProcessType,
999 PreviousMode,
1001 NULL);
1003
1004 /* Protect write in SEH */
1005 _SEH2_TRY
1006 {
1007 /* Return if the flag is set */
1009 }
1011 {
1012 /* Get the exception code */
1014 }
1015 _SEH2_END;
1016
1017 /* Dereference the process */
1019 break;
1020
1022 {
1023 ULONG_PTR Wow64 = 0;
1024
1026 {
1028 break;
1029 }
1030
1031 /* Set return length */
1033
1034 /* Reference the process */
1037 PsProcessType,
1038 PreviousMode,
1040 NULL);
1042
1043 /* Make sure the process isn't dying */
1045 {
1046 /* Get the WOW64 process structure */
1047#ifdef _WIN64
1049#else
1050 Wow64 = 0;
1051#endif
1052 /* Release the lock */
1054 }
1055
1056 /* Protect write with SEH */
1057 _SEH2_TRY
1058 {
1059 /* Return whether or not we have a debug port */
1060 *(PULONG_PTR)ProcessInformation = Wow64;
1061 }
1063 {
1064 /* Get exception code */
1066 }
1067 _SEH2_END;
1068
1069 /* Dereference the process */
1071 break;
1072 }
1073
1075 {
1076 ULONG ExecuteOptions = 0;
1077
1079 {
1081 break;
1082 }
1083
1084 /* Set return length */
1086
1088 {
1090 }
1091
1092 /* Get the options */
1095 {
1096 /* Protect write with SEH */
1097 _SEH2_TRY
1098 {
1099 /* Return them */
1100 *(PULONG)ProcessInformation = ExecuteOptions;
1101 }
1103 {
1104 /* Get exception code */
1106 }
1107 _SEH2_END;
1108 }
1109 break;
1110 }
1111
1115 break;
1116
1120 break;
1121
1125 break;
1126
1127 /* Not supported by Server 2003 */
1128 default:
1131 }
1132
1133 /* Protect write with SEH */
1134 _SEH2_TRY
1135 {
1136 /* Check if caller wanted return length */
1138 }
1140 {
1141 /* Get exception code */
1143 }
1144 _SEH2_END;
1145
1147}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
struct _VM_COUNTERS_ * PVM_COUNTERS
#define QUOTA_LIMITS_HARDWS_MIN_DISABLE
struct _IO_COUNTERS IO_COUNTERS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
#define QUOTA_LIMITS_HARDWS_MAX_DISABLE
struct _QUOTA_LIMITS_EX QUOTA_LIMITS_EX
#define QUOTA_LIMITS_HARDWS_MAX_ENABLE
#define QUOTA_LIMITS_HARDWS_MIN_ENABLE
struct _VM_COUNTERS_EX VM_COUNTERS_EX
struct _IO_COUNTERS * PIO_COUNTERS
Definition: nsiface.idl:2307
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1615
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2653
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: pstypes.h:1262
Definition: pstypes.h:82
Definition: winternl.h:1059
Definition: ketypes.h:649
Definition: winternl.h:402
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:340
Definition: pstypes.h:370
Definition: pstypes.h:358
Definition: pstypes.h:956
Definition: pstypes.h:383
Definition: ke.h:45
Definition: pstypes.h:67
Definition: lsa.idl:286
Definition: mmtypes.h:340
Definition: mmdrv.h:130
Definition: env_spec_w32.h:368
Definition: winternl.h:1604
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:1612
Definition: typedefs.h:103
struct _LARGE_INTEGER::@2348 u
Referenced by _main(), BaseInitializeStaticServerData(), check_live_target(), CheckRemoteDebuggerPresent(), CON_API_NOCONSOLE(), EmptyWorkingSet(), EnumProcessModules(), FindModule(), get_shiminfo(), getCommandLineFromProcess(), GetDriveTypeW(), GetErrorMode(), GetExitCodeProcess(), GetLogicalDrives(), GetPriorityClass(), GetProcessAffinityMask(), GetProcessExecutablePath(), GetProcessHandleCount(), GetProcessId(), GetProcessImageFileNameA(), GetProcessImageFileNameW(), GetProcessIoCounters(), GetProcessMemoryInfo(), GetProcessPriorityBoost(), GetProcessTimes(), GetProcessVersion(), GetProcessWorkingSetSizeEx(), GetSourcePaths(), GetWsChanges(), GlobalMemoryStatusEx(), InitFunctionPtrs(), Is64BitSystem(), IsCriticalProcess(), IsWow64Process(), PerfDataGetCommandLine(), PrintProcess(), ProcessIdToSessionId(), PsaEnumerateProcessModules(), QueryFlag(), QueryFullProcessImageNameW(), QuerySetProcessValidator(), RtlpQueryRemoteProcessModules(), SmpApiLoop(), SmpCreateVolumeDescriptors(), SmpGetProcessMuSessionId(), Test_ProcessBasicInformation(), Test_ProcessPriorityClassAlignment(), Test_ProcessQuotaLimits(), Test_ProcessQuotaLimitsEx(), Test_ProcessTimes(), Test_ProcessWx86Information(), UnhandledExceptionFilter(), UserpGetClientFileName(), wmain(), and Wow64QueryFlag().
◆ NtQueryInformationThread()
| NTSTATUS NTAPI NtQueryInformationThread | ( | IN HANDLE | ThreadHandle, |
| IN THREADINFOCLASS | ThreadInformationClass, | ||
| OUT PVOID | ThreadInformation, | ||
| IN ULONG | ThreadInformationLength, | ||
| OUT PULONG ReturnLength | OPTIONAL | ||
| ) |
Definition at line 2673 of file query.c.
2678{
2682 ULONG Access;
2684 PTHREAD_BASIC_INFORMATION ThreadBasicInfo =
2685 (PTHREAD_BASIC_INFORMATION)ThreadInformation;
2688 ULONG ThreadTerminated;
2689 PAGED_CODE();
2690
2691 /* Verify Information Class validity */
2693 PsThreadInfoClass,
2695 ICIF_PROBE_READ,
2696 ThreadInformation,
2697 ThreadInformationLength,
2698 ReturnLength,
2699 NULL,
2700 PreviousMode);
2702 {
2703 DPRINT1("NtQueryInformationThread(): Information verification class failed! (Status -> 0x%lx , ThreadInformationClass -> %lx)\n", Status, ThreadInformationClass);
2705 }
2706
2707 /* Check what class this is */
2708 Access = THREAD_QUERY_INFORMATION;
2709
2710 /* Check what kind of information class this is */
2712 {
2713 /* Basic thread information */
2715
2716 /* Set return length */
2718
2720 {
2722 break;
2723 }
2724
2725 /* Reference the process */
2727 Access,
2728 PsThreadType,
2729 PreviousMode,
2731 NULL);
2733 break;
2734
2735 /* Protect writes with SEH */
2736 _SEH2_TRY
2737 {
2738 /* Write all the information from the ETHREAD/KTHREAD */
2745 }
2747 {
2748 /* Get exception code */
2750 }
2751 _SEH2_END;
2752
2753 /* Dereference the thread */
2755 break;
2756
2757 /* Thread time information */
2759
2760 /* Set the return length */
2762
2764 {
2766 break;
2767 }
2768
2769 /* Reference the process */
2771 Access,
2772 PsThreadType,
2773 PreviousMode,
2775 NULL);
2777 break;
2778
2779 /* Protect writes with SEH */
2780 _SEH2_TRY
2781 {
2782 /* Copy time information from ETHREAD/KTHREAD */
2786
2787 /* Exit time is in a union and only valid on actual exit! */
2789 {
2791 }
2792 else
2793 {
2795 }
2796 }
2798 {
2799 /* Get exception code */
2801 }
2802 _SEH2_END;
2803
2804 /* Dereference the thread */
2806 break;
2807
2809
2810 /* Set the return length*/
2812
2814 {
2816 break;
2817 }
2818
2819 /* Reference the process */
2821 Access,
2822 PsThreadType,
2823 PreviousMode,
2825 NULL);
2827 break;
2828
2829 /* Protect write with SEH */
2830 _SEH2_TRY
2831 {
2832 /* Return the Win32 Start Address */
2834 }
2836 {
2837 /* Get exception code */
2839 }
2840 _SEH2_END;
2841
2842 /* Dereference the thread */
2844 break;
2845
2847
2848 /* Set the return length*/
2850
2852 {
2854 break;
2855 }
2856
2857 /* Reference the process */
2859 Access,
2860 PsThreadType,
2861 PreviousMode,
2863 NULL);
2865 break;
2866
2867 /* Protect write with SEH */
2868 _SEH2_TRY
2869 {
2870 /* FIXME */
2871 (*(PLARGE_INTEGER)ThreadInformation).QuadPart = 0;
2872 }
2874 {
2875 /* Get exception code */
2877 }
2878 _SEH2_END;
2879
2880 /* Dereference the thread */
2882 break;
2883
2885
2886 /* Set the return length*/
2888
2890 {
2892 break;
2893 }
2894
2895 /* Reference the process */
2897 Access,
2898 PsThreadType,
2899 PreviousMode,
2901 NULL);
2903 break;
2904
2905 /* Protect write with SEH */
2906 _SEH2_TRY
2907 {
2908 /* Return whether or not we are the last thread */
2911 &Thread->ThreadsProcess->
2912 ThreadListHead) ?
2914 }
2916 {
2917 /* Get exception code */
2919 }
2920 _SEH2_END;
2921
2922 /* Dereference the thread */
2924 break;
2925
2927
2928 /* Set the return length*/
2930
2932 {
2934 break;
2935 }
2936
2937 /* Reference the process */
2939 Access,
2940 PsThreadType,
2941 PreviousMode,
2943 NULL);
2945 break;
2946
2947 /* Raise the IRQL to protect the IRP list */
2949
2950 /* Protect write with SEH */
2951 _SEH2_TRY
2952 {
2953 /* Check if the IRP list is empty or not */
2955 }
2957 {
2958 /* Get exception code */
2960 }
2961 _SEH2_END;
2962
2963 /* Lower IRQL back */
2965
2966 /* Dereference the thread */
2968 break;
2969
2970 /* LDT and GDT information */
2972
2973#if defined(_X86_)
2974 /* Reference the process */
2976 Access,
2977 PsThreadType,
2978 PreviousMode,
2980 NULL);
2982 break;
2983
2984 /* Call the worker routine */
2986 ThreadInformation,
2987 ThreadInformationLength,
2988 ReturnLength);
2989
2990 /* Dereference the thread */
2992#else
2993 /* Only implemented on x86 */
2995#endif
2996 break;
2997
2999
3000 /* Set the return length*/
3002
3004 {
3006 break;
3007 }
3008
3009 /* Reference the process */
3011 Access,
3012 PsThreadType,
3013 PreviousMode,
3015 NULL);
3017 break;
3018
3019 _SEH2_TRY
3020 {
3022 }
3024 {
3026 }
3027 _SEH2_END;
3028
3029 /* Dereference the thread */
3031 break;
3032
3034
3035 /* Set the return length*/
3037
3039 {
3041 break;
3042 }
3043
3044 /* Reference the process */
3046 Access,
3047 PsThreadType,
3048 PreviousMode,
3050 NULL);
3052 break;
3053
3055
3056 _SEH2_TRY
3057 {
3058 *(PULONG)ThreadInformation = ThreadTerminated ? 1 : 0;
3059 }
3061 {
3063 }
3064 _SEH2_END;
3065
3066 /* Dereference the thread */
3068 break;
3069
3070 /* Anything else */
3071 default:
3072
3073 /* Not yet implemented */
3076 }
3077
3078 /* Protect write with SEH */
3079 _SEH2_TRY
3080 {
3081 /* Check if caller wanted return length */
3083 }
3085 {
3086 /* Get exception code */
3088 }
3089 _SEH2_END;
3090
3092}
struct _THREAD_BASIC_INFORMATION THREAD_BASIC_INFORMATION
struct _THREAD_BASIC_INFORMATION * PTHREAD_BASIC_INFORMATION
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
Definition: psfuncs.h:843
LONG NTAPI KeQueryBasePriorityThread(IN PKTHREAD Thread)
Definition: thrdobj.c:52
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
Definition: thread.c:868
NTSTATUS NTAPI PspQueryDescriptorThread(IN PETHREAD Thread, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
Definition: psldt.c:43
Definition: pstypes.h:1103
Definition: compat.h:926
union _LARGE_INTEGER LARGE_INTEGER
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
Definition: kefuncs.h:778
Referenced by CreateRemoteThread(), CsrCreateProcess(), CsrCreateRemoteThread(), CsrCreateThread(), CsrInsertThread(), CsrSbCreateSession(), DbgUiConvertStateChangeStructure(), ExitThread(), fetch_thread_info(), GetExitCodeThread(), GetProcessIdOfThread(), GetThreadId(), GetThreadIOPendingFlag(), GetThreadPriority(), GetThreadPriorityBoost(), GetThreadSelectorEntry(), GetThreadTimes(), i386_stack_walk(), init_funcs(), InitFunctionPtrs(), PrintThreads(), QuerySetThreadValidator(), RtlFreeUserThreadStack(), RtlpIsIoPending(), SetThreadAffinityMask(), TerminateThread(), and Test_ThreadBasicInformationClass().
◆ NtSetInformationProcess()
| NTSTATUS NTAPI NtSetInformationProcess | ( | IN HANDLE | ProcessHandle, |
| IN PROCESSINFOCLASS | ProcessInformationClass, | ||
| IN PVOID | ProcessInformation, | ||
| IN ULONG | ProcessInformationLength | ||
| ) |
Definition at line 1154 of file query.c.
1158{
1161 ACCESS_MASK Access;
1167 PROCESS_PRIORITY_CLASS PriorityClass = {0};
1168 PROCESS_FOREGROUND_BACKGROUND Foreground = {0};
1169 PVOID ExceptionPort;
1170 ULONG Break;
1172 KPRIORITY BasePriority = 0;
1173 UCHAR MemoryPriority = 0;
1174 BOOLEAN DisableBoost = 0;
1175 ULONG DefaultHardErrorMode = 0;
1176 ULONG DebugFlags = 0, EnableFixup = 0, Boost = 0;
1177 ULONG NoExecute = 0, VdmPower = 0;
1181 PAGED_CODE();
1182
1183 /* Verify Information Class validity */
1185 PsProcessInfoClass,
1187 ProcessInformation,
1188 ProcessInformationLength,
1189 PreviousMode);
1191 {
1192 DPRINT1("NtSetInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
1194 }
1195
1196 /* Check what class this is */
1197 Access = PROCESS_SET_INFORMATION;
1199 {
1200 /* Setting the Session ID needs a special mask */
1201 Access |= PROCESS_SET_SESSIONID;
1202 }
1204 {
1205 /* Setting the exception port needs a special mask */
1206 Access |= PROCESS_SUSPEND_RESUME;
1207 }
1208
1209 /* Reference the process */
1211 Access,
1212 PsProcessType,
1213 PreviousMode,
1215 NULL);
1217
1218 /* Check what kind of information class this is */
1219 switch (ProcessInformationClass)
1220 {
1222
1223 /* Check buffer length */
1225 {
1227 break;
1228 }
1229
1230 /* Use SEH for capture */
1231 _SEH2_TRY
1232 {
1233 /* Capture the boolean */
1234 VdmPower = *(PULONG)ProcessInformation;
1235 }
1237 {
1238 /* Get the exception code */
1241 }
1242 _SEH2_END;
1243
1244 /* Getting VDM powers requires the SeTcbPrivilege */
1246 {
1247 /* We don't hold the privilege, bail out */
1250 break;
1251 }
1252
1253 /* Set or clear the flag */
1254 if (VdmPower)
1255 {
1257 }
1258 else
1259 {
1261 }
1262 break;
1263
1264 /* Error/Exception Port */
1266
1267 /* Check buffer length */
1269 {
1271 break;
1272 }
1273
1274 /* Use SEH for capture */
1275 _SEH2_TRY
1276 {
1277 /* Capture the handle */
1278 PortHandle = *(PHANDLE)ProcessInformation;
1279 }
1281 {
1282 /* Get the exception code */
1285 }
1286 _SEH2_END;
1287
1288 /* Setting the error port requires the SeTcbPrivilege */
1290 {
1291 /* We don't hold the privilege, bail out */
1293 break;
1294 }
1295
1296 /* Get the LPC Port */
1298 0,
1299 LpcPortObjectType,
1300 PreviousMode,
1301 (PVOID)&ExceptionPort,
1302 NULL);
1304
1305 /* Change the pointer */
1307 ExceptionPort,
1308 NULL))
1309 {
1310 /* We already had one, fail */
1311 ObDereferenceObject(ExceptionPort);
1313 }
1314 break;
1315
1316 /* Security Token */
1318
1319 /* Check buffer length */
1321 {
1323 break;
1324 }
1325
1326 /* Use SEH for capture */
1327 _SEH2_TRY
1328 {
1329 /* Save the token handle */
1331 Token;
1332 }
1334 {
1335 /* Get the exception code */
1338 }
1339 _SEH2_END;
1340
1341 /* Assign the actual token */
1343 break;
1344
1345 /* Hard error processing */
1347
1348 /* Check buffer length */
1350 {
1352 break;
1353 }
1354
1355 /* Enter SEH for direct buffer read */
1356 _SEH2_TRY
1357 {
1358 DefaultHardErrorMode = *(PULONG)ProcessInformation;
1359 }
1361 {
1362 /* Get exception code */
1365 }
1366 _SEH2_END;
1367
1368 /* Set the mode */
1369 Process->DefaultHardErrorProcessing = DefaultHardErrorMode;
1370
1371 /* Call Ke for the update */
1373 {
1375 }
1376 else
1377 {
1379 }
1381 break;
1382
1383 /* Session ID */
1385
1386 /* Check buffer length */
1388 {
1390 break;
1391 }
1392
1393 /* Enter SEH for capture */
1394 _SEH2_TRY
1395 {
1396 /* Capture the caller's buffer */
1398 }
1400 {
1401 /* Get the exception code */
1404 }
1405 _SEH2_END;
1406
1407 /* Setting the session id requires the SeTcbPrivilege */
1409 {
1410 /* We don't hold the privilege, bail out */
1412 break;
1413 }
1414
1415#if 0 // OLD AND DEPRECATED CODE!!!!
1416
1417 /* FIXME - update the session id for the process token */
1418 //Status = PsLockProcess(Process, FALSE);
1420
1421 /* Write the session ID in the EPROCESS */
1423
1424 /* Check if the process also has a PEB */
1426 {
1427 /*
1428 * Attach to the process to make sure we're in the right
1429 * context to access the PEB structure
1430 */
1432
1433 /* Enter SEH for write to user-mode PEB */
1434 _SEH2_TRY
1435 {
1436 /* Write the session ID */
1438 }
1440 {
1441 /* Get exception code */
1443 }
1444 _SEH2_END;
1445
1446 /* Detach from the process */
1447 KeDetachProcess();
1448 }
1449
1450 /* Unlock the process */
1451 //PsUnlockProcess(Process);
1452
1453#endif
1454
1455 /*
1456 * Since we cannot change the session ID of the given
1457 * process anymore because it is set once and for all
1458 * at process creation time and because it is stored
1459 * inside the Process->Session structure managed by MM,
1460 * we fake changing it: we just return success if the
1461 * user-defined value is the same as the session ID of
1462 * the process, and otherwise we fail.
1463 */
1465 {
1467 }
1468 else
1469 {
1471 }
1472
1473 break;
1474
1476
1477 /* Check buffer length */
1479 {
1481 break;
1482 }
1483
1484 /* Enter SEH for capture */
1485 _SEH2_TRY
1486 {
1487 /* Capture the caller's buffer */
1488 PriorityClass = *(PPROCESS_PRIORITY_CLASS)ProcessInformation;
1489 }
1491 {
1492 /* Return the exception code */
1495 }
1496 _SEH2_END;
1497
1498 /* Check for invalid PriorityClass value */
1500 {
1502 break;
1503 }
1504
1507 {
1508 /* Check the privilege */
1510 ProcessHandle,
1511 PROCESS_SET_INFORMATION,
1512 PreviousMode);
1514 {
1518 }
1519 }
1520
1521 /* Check if we have a job */
1523 {
1525 }
1526
1527 /* Set process priority class */
1529
1530 /* Set process priority mode (foreground or background) */
1532 PriorityClass.Foreground ?
1533 PsProcessPriorityForeground :
1534 PsProcessPriorityBackground);
1536 break;
1537
1539
1540 /* Check buffer length */
1542 {
1544 break;
1545 }
1546
1547 /* Enter SEH for capture */
1548 _SEH2_TRY
1549 {
1550 /* Capture the caller's buffer */
1551 Foreground = *(PPROCESS_FOREGROUND_BACKGROUND)ProcessInformation;
1552 }
1554 {
1555 /* Return the exception code */
1558 }
1559 _SEH2_END;
1560
1561 /* Set process priority mode (foreground or background) */
1563 Foreground.Foreground ?
1564 PsProcessPriorityForeground :
1565 PsProcessPriorityBackground);
1567 break;
1568
1570
1571 /* Validate input length */
1573 {
1575 break;
1576 }
1577
1578 /* Enter SEH for direct buffer read */
1579 _SEH2_TRY
1580 {
1581 BasePriority = *(KPRIORITY*)ProcessInformation;
1582 }
1584 {
1585 /* Get exception code */
1586 Break = 0;
1589 }
1590 _SEH2_END;
1591
1592 /* Extract the memory priority out of there */
1593 if (BasePriority & 0x80000000)
1594 {
1595 MemoryPriority = MEMORY_PRIORITY_FOREGROUND;
1596 BasePriority &= ~0x80000000;
1597 }
1598 else
1599 {
1600 MemoryPriority = MEMORY_PRIORITY_BACKGROUND;
1601 }
1602
1603 /* Validate the number */
1605 {
1608 }
1609
1610 /* Check if the new base is higher */
1612 {
1614 ProcessHandle,
1615 PROCESS_SET_INFORMATION,
1616 PreviousMode);
1618 {
1620 DPRINT1("Privilege to change priority from %lx to %lx lacking\n", BasePriority, Process->Pcb.BasePriority);
1622 }
1623 }
1624
1625 /* Call Ke */
1627
1628 /* Now set the memory priority */
1631 break;
1632
1634
1635 /* Validate input length */
1637 {
1639 break;
1640 }
1641
1642 /* Enter SEH for direct buffer read */
1643 _SEH2_TRY
1644 {
1645 Boost = *(PULONG)ProcessInformation;
1646 }
1648 {
1649 /* Get exception code */
1650 Break = 0;
1653 }
1654 _SEH2_END;
1655
1656 /* Make sure the process isn't dying */
1658 {
1659 /* Lock it */
1660 KeEnterCriticalRegion();
1662
1663 /* Loop the threads */
1667 {
1668 /* Call Ke for the thread */
1671 }
1672
1673 /* Release the lock and rundown */
1675 KeLeaveCriticalRegion();
1677
1678 /* Set success code */
1680 }
1681 else
1682 {
1683 /* Avoid race conditions */
1685 }
1686 break;
1687
1689
1690 /* Check buffer length */
1692 {
1694 break;
1695 }
1696
1697 /* Enter SEH for direct buffer read */
1698 _SEH2_TRY
1699 {
1700 Break = *(PULONG)ProcessInformation;
1701 }
1703 {
1704 /* Get exception code */
1705 Break = 0;
1708 }
1709 _SEH2_END;
1710
1711 /* Setting 'break on termination' requires the SeDebugPrivilege */
1713 {
1714 /* We don't hold the privilege, bail out */
1716 break;
1717 }
1718
1719 /* Set or clear the flag */
1720 if (Break)
1721 {
1723 }
1724 else
1725 {
1727 }
1728
1729 break;
1730
1732
1733 /* Check buffer length */
1735 {
1737 break;
1738 }
1739
1740 /* Enter SEH for direct buffer read */
1741 _SEH2_TRY
1742 {
1744 }
1746 {
1747 /* Get exception code */
1748 Break = 0;
1751 }
1752 _SEH2_END;
1753
1754 /* Make sure it's valid for the CPUs present */
1757 {
1759 break;
1760 }
1761
1762 /* Check if it's within job affinity limits */
1764 {
1765 /* Not yet implemented */
1766 UNIMPLEMENTED;
1768 break;
1769 }
1770
1771 /* Make sure the process isn't dying */
1773 {
1774 /* Lock it */
1775 KeEnterCriticalRegion();
1777
1778 /* Call Ke to do the work */
1780
1781 /* Release the lock and rundown */
1783 KeLeaveCriticalRegion();
1785
1786 /* Set success code */
1788 }
1789 else
1790 {
1791 /* Avoid race conditions */
1793 }
1794 break;
1795
1796 /* Priority Boosting status */
1798
1799 /* Validate input length */
1801 {
1803 break;
1804 }
1805
1806 /* Enter SEH for direct buffer read */
1807 _SEH2_TRY
1808 {
1809 DisableBoost = *(PBOOLEAN)ProcessInformation;
1810 }
1812 {
1813 /* Get exception code */
1814 Break = 0;
1817 }
1818 _SEH2_END;
1819
1820 /* Make sure the process isn't dying */
1822 {
1823 /* Lock it */
1824 KeEnterCriticalRegion();
1826
1827 /* Call Ke to do the work */
1829
1830 /* Loop the threads too */
1834 {
1835 /* Call Ke for the thread */
1838 }
1839
1840 /* Release the lock and rundown */
1842 KeLeaveCriticalRegion();
1844
1845 /* Set success code */
1847 }
1848 else
1849 {
1850 /* Avoid race conditions */
1852 }
1853 break;
1854
1856
1857 /* Check buffer length */
1859 {
1861 break;
1862 }
1863
1864 /* Enter SEH for direct buffer read */
1865 _SEH2_TRY
1866 {
1867 DebugFlags = *(PULONG)ProcessInformation;
1868 }
1870 {
1871 /* Get exception code */
1874 }
1875 _SEH2_END;
1876
1877 /* Set the mode */
1878 if (DebugFlags & ~1)
1879 {
1881 }
1882 else
1883 {
1884 if (DebugFlags & 1)
1885 {
1887 }
1888 else
1889 {
1891 }
1892 }
1893
1894 /* Done */
1896 break;
1897
1899
1900 /* Check buffer length */
1902 {
1904 break;
1905 }
1906
1907 /* Enter SEH for direct buffer read */
1908 _SEH2_TRY
1909 {
1910 EnableFixup = *(PULONG)ProcessInformation;
1911 }
1913 {
1914 /* Get exception code */
1917 }
1918 _SEH2_END;
1919
1920 /* Set the mode */
1921 if (EnableFixup)
1922 {
1924 }
1925 else
1926 {
1927 Process->DefaultHardErrorProcessing &= ~SEM_NOALIGNMENTFAULTEXCEPT;
1928 }
1929
1930 /* Call Ke for the update */
1933 break;
1934
1936
1937 /* Only TCB can do this */
1939 {
1940 /* We don't hold the privilege, bail out */
1943 break;
1944 }
1945
1946 /* Only supported on x86 */
1947#if defined (_X86_)
1948 Ke386SetIOPL();
1949#elif defined(_M_AMD64)
1950 /* On x64 this function isn't implemented.
1951 On Windows 2003 it returns success.
1952 On Vista+ it returns STATUS_NOT_IMPLEMENTED. */
1954 (RtlRosGetAppcompatVersion() > _WIN32_WINNT_WS03))
1955 {
1957 }
1958#else
1960#endif
1961 /* Done */
1962 break;
1963
1965
1966 /* Check buffer length */
1968 {
1970 break;
1971 }
1972
1974 {
1976 break;
1977 }
1978
1979 /* Enter SEH for direct buffer read */
1980 _SEH2_TRY
1981 {
1982 NoExecute = *(PULONG)ProcessInformation;
1983 }
1985 {
1986 /* Get exception code */
1989 }
1990 _SEH2_END;
1991
1992 /* Call Mm for the update */
1994 break;
1995
1997
1998 /* Check buffer length */
2000 {
2002 break;
2003 }
2004
2005 /* Use SEH for capture */
2006 _SEH2_TRY
2007 {
2008 /* Capture the handle */
2010 }
2012 {
2013 /* Get the exception code */
2016 }
2017 _SEH2_END;
2018
2019 /* Call Ob to set the device map */
2021 break;
2022
2023
2024 /* We currently don't implement any of these */
2030 break;
2031
2033
2035 1,
2036 ProcessInformation,
2037 ProcessInformationLength,
2038 PreviousMode);
2039 break;
2040
2044 break;
2045
2049 break;
2050
2051 /* Anything else is invalid */
2052 default:
2055 }
2056
2057 /* Dereference and return status */
2060}
Definition: tokenizer.hpp:28
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1108
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1216
#define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL
Definition: pstypes.h:113
struct _PROCESS_FOREGROUND_BACKGROUND * PPROCESS_FOREGROUND_BACKGROUND
struct _PROCESS_ACCESS_TOKEN * PPROCESS_ACCESS_TOKEN
#define LOW_PRIORITY
#define HIGH_PRIORITY
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
KAFFINITY NTAPI KeSetAffinityProcess(IN PKPROCESS Process, IN KAFFINITY Affinity)
Definition: procobj.c:265
BOOLEAN NTAPI KeSetDisableBoostProcess(IN PKPROCESS Process, IN BOOLEAN Disable)
Definition: procobj.c:331
BOOLEAN NTAPI KeSetDisableBoostThread(IN OUT PKTHREAD Thread, IN BOOLEAN Disable)
Definition: thrdobj.c:86
BOOLEAN NTAPI KeSetAutoAlignmentProcess(IN PKPROCESS Process, IN BOOLEAN Enable)
Definition: procobj.c:313
VOID NTAPI KeBoostPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Increment)
Definition: thrdobj.c:220
KPRIORITY NTAPI KeSetPriorityAndQuantumProcess(IN PKPROCESS Process, IN KPRIORITY Priority, IN UCHAR Quantum OPTIONAL)
Definition: procobj.c:349
NTSTATUS NTAPI MmSetExecuteOptions(IN ULONG ExecuteOptions)
Definition: pagfault.c:2695
NTSTATUS NTAPI MmSetMemoryPriorityProcess(IN PEPROCESS Process, IN UCHAR MemoryPriority)
Definition: procsup.c:487
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
Definition: probe.h:70
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
Definition: priv.c:803
VOID NTAPI PsSetProcessPriorityByClass(IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE Type)
Definition: process.c:1325
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
Definition: devicemap.c:24
NTSTATUS NTAPI PspSetPrimaryToken(IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
Definition: security.c:215
NTSTATUS NTAPI PspSetQuotaLimits(_In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode)
This function adjusts the working set limits of a process and sets up new quota limits when necessary...
Definition: quota.c:1045
STDMETHOD() Next(THIS_ ULONG celt, IAssociationElement *pElement, ULONG *pceltFetched) PURE
Definition: typedefs.h:120
Definition: pstypes.h:146
Definition: pstypes.h:965
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
Definition: halfuncs.h:174
Referenced by _main(), CreateProcessInternalW(), CSR_API(), CsrCreateProcess(), CsrpSetDefaultProcessHardErrorMode(), CsrSbCreateSession(), CsrSetBackgroundPriority(), CsrSetForegroundPriority(), CsrSetToNormalPriority(), CsrSetToShutdownPriority(), EmptyWorkingSet(), InitFunctionPtrs(), InitializeProcessForWsWatch(), InsertTokenToProcessCommon(), LdrpInitializeProcess(), QuerySetProcessValidator(), SetErrorMode(), SetPriorityClass(), SetProcessAffinityMask(), SetProcessPriorityBoost(), SetProcessWorkingSetSizeEx(), SmpInit(), SmpSbCreateSession(), SmpSetProcessMuSessionId(), Test_ProcBasePriorityClass(), Test_ProcessWx86InformationClass(), Test_ProcForegroundBackgroundClass(), and Test_ProcRaisePriorityClass().
◆ NtSetInformationThread()
| NTSTATUS NTAPI NtSetInformationThread | ( | IN HANDLE | ThreadHandle, |
| IN THREADINFOCLASS | ThreadInformationClass, | ||
| IN PVOID | ThreadInformation, | ||
| IN ULONG | ThreadInformationLength | ||
| ) |
Definition at line 2067 of file query.c.
2071{
2080 ULONG_PTR DisableBoost = 0;
2081 ULONG_PTR IdealProcessor = 0;
2082 ULONG_PTR Break = 0;
2083 PTEB Teb;
2085 PVOID *ExpansionSlots;
2086 PETHREAD ProcThread;
2088 PAGED_CODE();
2089
2090 /* Verify Information Class validity */
2092 PsThreadInfoClass,
2094 ThreadInformation,
2095 ThreadInformationLength,
2096 PreviousMode);
2098 {
2099 DPRINT1("NtSetInformationThread(): Information verification class failed! (Status -> 0x%lx, ThreadInformationClass -> %lx)\n", Status, ThreadInformationClass);
2101 }
2102
2103 /* Check what kind of information class this is */
2105 {
2106 /* Thread priority */
2108
2109 /* Check buffer length */
2111 {
2113 break;
2114 }
2115
2116 /* Use SEH for capture */
2117 _SEH2_TRY
2118 {
2119 /* Get the priority */
2121 }
2123 {
2124 /* Get the exception code */
2127 }
2128 _SEH2_END;
2129
2130 /* Validate it */
2133 {
2134 /* Fail */
2136 break;
2137 }
2138
2139 /* Check for the required privilege */
2141 {
2143 ThreadHandle,
2144 THREAD_SET_INFORMATION,
2145 PreviousMode);
2147 {
2150 }
2151 }
2152
2153 /* Reference the thread */
2155 THREAD_SET_INFORMATION,
2156 PsThreadType,
2157 PreviousMode,
2159 NULL);
2161 break;
2162
2163 /* Set the priority */
2165
2166 /* Dereference the thread */
2168 break;
2169
2171
2172 /* Check buffer length */
2174 {
2176 break;
2177 }
2178
2179 /* Use SEH for capture */
2180 _SEH2_TRY
2181 {
2182 /* Get the priority */
2184 }
2186 {
2187 /* Get the exception code */
2190 }
2191 _SEH2_END;
2192
2193 /* Validate it */
2196 {
2197 /* These ones are OK */
2200 {
2201 /* Check if the process is real time */
2204 {
2205 /* It isn't, fail */
2207 break;
2208 }
2209 }
2210 }
2211
2212 /* Reference the thread */
2214 THREAD_SET_INFORMATION,
2215 PsThreadType,
2216 PreviousMode,
2218 NULL);
2220 break;
2221
2222 /* Set the base priority */
2224
2225 /* Dereference the thread */
2227 break;
2228
2230
2231 /* Check buffer length */
2233 {
2235 break;
2236 }
2237
2238 /* Use SEH for capture */
2239 _SEH2_TRY
2240 {
2241 /* Get the priority */
2243 }
2245 {
2246 /* Get the exception code */
2249 }
2250 _SEH2_END;
2251
2252 /* Validate it */
2254 {
2255 /* Fail */
2257 break;
2258 }
2259
2260 /* Reference the thread */
2262 THREAD_SET_INFORMATION,
2263 PsThreadType,
2264 PreviousMode,
2266 NULL);
2268 break;
2269
2270 /* Get the process */
2272
2273 /* Try to acquire rundown */
2275 {
2276 /* Lock it */
2277 KeEnterCriticalRegion();
2279
2280 /* Combine masks */
2283 {
2284 /* Fail */
2286 }
2287 else
2288 {
2289 /* Set the affinity */
2291 }
2292
2293 /* Release the lock and rundown */
2295 KeLeaveCriticalRegion();
2297 }
2298 else
2299 {
2300 /* Too late */
2302 }
2303
2304 /* Dereference the thread */
2306 break;
2307
2309
2310 /* Check buffer length */
2312 {
2314 break;
2315 }
2316
2317 /* Use SEH for capture */
2318 _SEH2_TRY
2319 {
2320 /* Save the token handle */
2322 }
2324 {
2325 /* Get the exception code */
2328 }
2329 _SEH2_END;
2330
2331 /* Reference the thread */
2333 THREAD_SET_THREAD_TOKEN,
2334 PsThreadType,
2335 PreviousMode,
2337 NULL);
2339 break;
2340
2341 /* Assign the actual token */
2343
2344 /* Dereference the thread */
2346 break;
2347
2349
2350 /* Check buffer length */
2352 {
2354 break;
2355 }
2356
2357 /* Use SEH for capture */
2358 _SEH2_TRY
2359 {
2360 /* Get the priority */
2362 }
2364 {
2365 /* Get the exception code */
2368 }
2369 _SEH2_END;
2370
2371 /* Reference the thread */
2373 THREAD_SET_INFORMATION,
2374 PsThreadType,
2375 PreviousMode,
2377 NULL);
2379 break;
2380
2381 /* Set the address */
2383
2384 /* Dereference the thread */
2386 break;
2387
2389
2390 /* Check buffer length */
2392 {
2394 break;
2395 }
2396
2397 /* Use SEH for capture */
2398 _SEH2_TRY
2399 {
2400 /* Get the priority */
2401 IdealProcessor = *(PULONG_PTR)ThreadInformation;
2402 }
2404 {
2405 /* Get the exception code */
2408 }
2409 _SEH2_END;
2410
2411 /* Validate it */
2413 {
2414 /* Fail */
2416 break;
2417 }
2418
2419 /* Reference the thread */
2421 THREAD_SET_INFORMATION,
2422 PsThreadType,
2423 PreviousMode,
2425 NULL);
2427 break;
2428
2429 /* Set the ideal */
2431 (CCHAR)IdealProcessor);
2432
2433 /* Get the TEB and protect the thread */
2436 {
2437 /* Save the ideal processor */
2439
2440 /* Release rundown protection */
2442 }
2443
2444 /* Dereference the thread */
2446 break;
2447
2449
2450 /* Check buffer length */
2452 {
2454 break;
2455 }
2456
2457 /* Use SEH for capture */
2458 _SEH2_TRY
2459 {
2460 /* Get the priority */
2461 DisableBoost = *(PULONG_PTR)ThreadInformation;
2462 }
2464 {
2465 /* Get the exception code */
2468 }
2469 _SEH2_END;
2470
2471 /* Reference the thread */
2473 THREAD_SET_INFORMATION,
2474 PsThreadType,
2475 PreviousMode,
2477 NULL);
2479 break;
2480
2481 /* Call the kernel */
2483
2484 /* Dereference the thread */
2486 break;
2487
2489
2490 /* Check buffer length */
2492 {
2494 break;
2495 }
2496
2497 /* Use SEH for capture */
2498 _SEH2_TRY
2499 {
2500 /* Get the priority */
2502 }
2504 {
2505 /* Get the exception code */
2508 }
2509 _SEH2_END;
2510
2511 /* Reference the thread */
2513 THREAD_SET_INFORMATION,
2514 PsThreadType,
2515 PreviousMode,
2517 NULL);
2519 break;
2520
2521 /* This is only valid for the current thread */
2523 {
2524 /* Fail */
2527 break;
2528 }
2529
2530 /* Get the process */
2532
2533 /* Loop the threads */
2535 while (ProcThread)
2536 {
2537 /* Acquire rundown */
2539 {
2540 /* Get the TEB */
2542 if (Teb)
2543 {
2544 /* Check if we're in the expansion range */
2546 {
2548 TLS_EXPANSION_SLOTS) - 1)
2549 {
2550 /* Check if we have expansion slots */
2551 ExpansionSlots = Teb->TlsExpansionSlots;
2552 if (ExpansionSlots)
2553 {
2554 /* Clear the index */
2556 }
2557 }
2558 }
2559 else
2560 {
2561 /* Clear the index */
2563 }
2564 }
2565
2566 /* Release rundown */
2568 }
2569
2570 /* Go to the next thread */
2572 }
2573
2574 /* Dereference the thread */
2576 break;
2577
2579
2580 /* Check buffer length */
2582 {
2584 break;
2585 }
2586
2587 /* Enter SEH for direct buffer read */
2588 _SEH2_TRY
2589 {
2590 Break = *(PULONG)ThreadInformation;
2591 }
2593 {
2594 /* Get exception code */
2595 Break = 0;
2598 }
2599 _SEH2_END;
2600
2601 /* Setting 'break on termination' requires the SeDebugPrivilege */
2603 {
2604 /* We don't hold the privilege, bail out */
2606 break;
2607 }
2608
2609 /* Reference the thread */
2611 THREAD_SET_INFORMATION,
2612 PsThreadType,
2613 PreviousMode,
2615 NULL);
2617 break;
2618
2619 /* Set or clear the flag */
2620 if (Break)
2621 {
2623 }
2624 else
2625 {
2627 }
2628
2629 /* Dereference the thread */
2631 break;
2632
2634
2635 /* Check buffer length */
2637 {
2639 break;
2640 }
2641
2642 /* Reference the thread */
2644 THREAD_SET_INFORMATION,
2645 PsThreadType,
2646 PreviousMode,
2648 NULL);
2650 break;
2651
2652 /* Set the flag */
2654
2655 /* Dereference the thread */
2657 break;
2658
2659 default:
2660 /* We don't implement it yet */
2663 }
2664
2666}
#define LOW_REALTIME_PRIORITY
NTSTATUS NTAPI PsAssignImpersonationToken(IN PETHREAD Thread, IN HANDLE TokenHandle)
Definition: security.c:502
PETHREAD NTAPI PsGetNextProcessThread(IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
Definition: process.c:75
Definition: compat.h:836
UCHAR NTAPI KeSetIdealProcessorThread(IN PKTHREAD Thread, IN UCHAR Processor)
Definition: thrdobj.c:1066
LONG NTAPI KeSetBasePriorityThread(IN PKTHREAD Thread, IN LONG Increment)
Definition: thrdobj.c:1176
KPRIORITY NTAPI KeSetPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Priority)
Definition: thrdobj.c:1319
KAFFINITY NTAPI KeSetAffinityThread(IN PKTHREAD Thread, IN KAFFINITY Affinity)
Definition: thrdobj.c:1295
_In_ WDFINTERRUPT _In_ WDF_INTERRUPT_POLICY _In_ WDF_INTERRUPT_PRIORITY Priority
Definition: wdfinterrupt.h:655
Referenced by BaseGetNamedObjectDirectory(), BaseProcessStartup(), CreateProcessAsUserCommon(), CsrRevertToSelf(), ImpersonateLoggedOnUser(), init_funcs(), InitFunctionPtrs(), InitializeDeviceData(), MiInitBalancerThread(), NpGetUserNamep(), QuerySetThreadValidator(), RevertToSelf(), RtlpExecuteIoWorkItem(), RtlpExecuteWorkItem(), set_thread_name(), SetThreadAffinityMask(), SetThreadIdealProcessor(), SetThreadPriority(), SetThreadPriorityBoost(), SetThreadToken(), START_TEST(), Test_ThreadPriorityClass(), and TlsFree().
◆ PsReferenceProcessFilePointer()
| NTSTATUS NTAPI PsReferenceProcessFilePointer | ( | IN PEPROCESS | Process, |
| OUT PFILE_OBJECT * | FileObject | ||
| ) |
Definition at line 24 of file query.c.
26{
27 PSECTION Section;
28 PAGED_CODE();
29
30 /* Lock the process */
32 {
34 }
35
36 /* Get the section */
37 Section = Process->SectionObject;
38 if (Section)
39 {
40 /* Get the file object and reference it */
43 }
44
45 /* Release the protection */
47
48 /* Return status */
50}
PFILE_OBJECT NTAPI MmGetFileObjectForSection(IN PVOID Section)
Definition: section.c:1541
Definition: mmtypes.h:810
Referenced by SeLocateProcessImageName().
