#include <ntoskrnl.h>#include <debug.h>
Include dependency graph for query.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Functions | |
| NTSTATUS NTAPI | PsReferenceProcessFilePointer (IN PEPROCESS Process, OUT PFILE_OBJECT *FileObject) |
| NTSTATUS NTAPI | NtQueryInformationProcess (_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength) |
| NTSTATUS NTAPI | NtSetInformationProcess (IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength) |
| NTSTATUS NTAPI | NtSetInformationThread (IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength) |
| NTSTATUS NTAPI | NtQueryInformationThread (IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL) |
Variables | |
| ULONG | PspTraceLevel = 0 |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ NtQueryInformationProcess()
| NTSTATUS NTAPI NtQueryInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _Out_ PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 59 of file query.c.
65{
70 HANDLE DebugPort = 0;
71 PPROCESS_BASIC_INFORMATION ProcessBasicInfo =
72 (PPROCESS_BASIC_INFORMATION)ProcessInformation;
76 ULONG HandleCount;
78 (PPROCESS_SESSION_INFORMATION)ProcessInformation;
84 ULONG_PTR Wow64 = 0;
85 PROCESS_VALUES ProcessValues;
87 PAGED_CODE();
88
89 /* Verify Information Class validity */
93 ICIF_PROBE_READ,
94 ProcessInformation,
95 ProcessInformationLength,
96 ReturnLength,
97 NULL,
98 PreviousMode);
100 {
101 DPRINT1("NtQueryInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
103 }
104
106 (ProcessInformationClass == ProcessImageInformation)) &&
108 {
109 /*
110 * Retrieving the process cookie is only allowed for the calling process
111 * itself! XP only allows NtCurrentProcess() as process handles even if
112 * a real handle actually represents the current process.
113 */
115 }
116
117 /* Check the information class */
118 switch (ProcessInformationClass)
119 {
120 /* Basic process information */
122
124 {
126 break;
127 }
128
129 /* Set return length */
131
132 /* Reference the process */
135 PsProcessType,
136 PreviousMode,
138 NULL);
140
141 /* Protect writes with SEH */
142 _SEH2_TRY
143 {
144 /* Write all the information from the EPROCESS/KPROCESS */
149 UniqueProcessId;
150 ProcessBasicInfo->InheritedFromUniqueProcessId =
153
154 }
156 {
157 /* Get exception code */
159 }
160 _SEH2_END;
161
162 /* Dereference the process */
164 break;
165
166 /* Process quota limits */
168
170 {
172 break;
173 }
174
176
177 /* Reference the process */
180 PsProcessType,
181 PreviousMode,
183 NULL);
185
186 /* Indicate success */
188
189 _SEH2_TRY
190 {
191 /* Set max/min working set sizes */
192 QuotaLimits->MaximumWorkingSetSize =
194 QuotaLimits->MinimumWorkingSetSize =
196
197 /* Set default time limits */
200
201 /* Is quota block a default one? */
203 {
204 /* Set default pools and pagefile limits */
208 }
209 else
210 {
211 /* Get limits from non-default quota block */
212 QuotaLimits->PagedPoolLimit =
214 QuotaLimits->NonPagedPoolLimit =
216 QuotaLimits->PagefileLimit =
218 }
219 }
221 {
222 /* Get exception code */
224 }
225 _SEH2_END;
226
227 /* Dereference the process */
229 break;
230
232
234 {
236 break;
237 }
238
240
241 /* Reference the process */
244 PsProcessType,
245 PreviousMode,
247 NULL);
249
250 /* Query IO counters from the process */
252
253 _SEH2_TRY
254 {
256 }
258 {
259 /* Ignore exception */
260 }
261 _SEH2_END;
262
263 /* Set status to success in any case */
265
266 /* Dereference the process */
268 break;
269
270 /* Timing */
272
273 /* Set the return length */
275 {
277 break;
278 }
279
281
282 /* Reference the process */
285 PsProcessType,
286 PreviousMode,
288 NULL);
290
291 /* Protect writes with SEH */
292 _SEH2_TRY
293 {
294 /* Copy time information from EPROCESS/KPROCESS */
300 }
302 {
303 /* Get exception code */
305 }
306 _SEH2_END;
307
308 /* Dereference the process */
310 break;
311
312 /* Process Debug Port */
314
316 {
318 break;
319 }
320
321 /* Set return length */
323
324 /* Reference the process */
327 PsProcessType,
328 PreviousMode,
330 NULL);
332
333 /* Protect write with SEH */
334 _SEH2_TRY
335 {
336 /* Return whether or not we have a debug port */
339 }
341 {
342 /* Get exception code */
344 }
345 _SEH2_END;
346
347 /* Dereference the process */
349 break;
350
352
354 {
356 break;
357 }
358
359 /* Set the return length*/
361
362 /* Reference the process */
365 PsProcessType,
366 PreviousMode,
368 NULL);
370
371 /* Count the number of handles this process has */
373
374 /* Protect write in SEH */
375 _SEH2_TRY
376 {
377 /* Return the count of handles */
378 *(PULONG)ProcessInformation = HandleCount;
379 }
381 {
382 /* Get the exception code */
384 }
385 _SEH2_END;
386
387 /* Dereference the process */
389 break;
390
391 /* Session ID for the process */
393
395 {
397 break;
398 }
399
400 /* Set the return length*/
402
403 /* Reference the process */
406 PsProcessType,
407 PreviousMode,
409 NULL);
411
412 /* Enter SEH for write safety */
413 _SEH2_TRY
414 {
415 /* Write back the Session ID */
417 }
419 {
420 /* Get the exception code */
422 }
423 _SEH2_END;
424
425 /* Dereference the process */
427 break;
428
429 /* Virtual Memory Statistics */
431
432 /* Validate the input length */
435 {
437 break;
438 }
439
440 /* Reference the process */
443 PsProcessType,
444 PreviousMode,
446 NULL);
448
449 /* Enter SEH for write safety */
450 _SEH2_TRY
451 {
452 /* Return data from EPROCESS */
464 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
465 //
466
467 /* Set the return length */
468 Length = ProcessInformationLength;
469 }
471 {
472 /* Get the exception code */
474 }
475 _SEH2_END;
476
477 /* Dereference the process */
479 break;
480
481 /* Hard Error Processing Mode */
483
485 {
487 break;
488 }
489
490 /* Set the return length*/
492
493 /* Reference the process */
496 PsProcessType,
497 PreviousMode,
499 NULL);
501
502 /* Enter SEH for writing back data */
503 _SEH2_TRY
504 {
505 /* Write the current processing mode */
507 DefaultHardErrorProcessing;
508 }
510 {
511 /* Get the exception code */
513 }
514 _SEH2_END;
515
516 /* Dereference the process */
518 break;
519
520 /* Priority Boosting status */
522
524 {
526 break;
527 }
528
529 /* Set the return length */
531
532 /* Reference the process */
535 PsProcessType,
536 PreviousMode,
538 NULL);
540
541 /* Enter SEH for writing back data */
542 _SEH2_TRY
543 {
544 /* Return boost status */
547 }
549 {
550 /* Get the exception code */
552 }
553 _SEH2_END;
554
555 /* Dereference the process */
557 break;
558
559 /* DOS Device Map */
561
563 {
564 /* Protect read in SEH */
565 _SEH2_TRY
566 {
567 PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
568
570 }
572 {
573 /* Get the exception code */
576 }
577 _SEH2_END;
578
579 /* Only one flag is supported and it needs LUID mappings */
581 !ObIsLUIDDeviceMapsEnabled())
582 {
584 break;
585 }
586 }
587 else
588 {
589 /* This has to be the size of the Query union field for x64 compatibility! */
591 {
593 break;
594 }
595
596 /* No flags for standard call */
597 Flags = 0;
598 }
599
600 /* Set the return length */
601 Length = ProcessInformationLength;
602
603 /* Reference the process */
606 PsProcessType,
607 PreviousMode,
609 NULL);
611
612 /* Query the device map information */
614 ProcessInformation,
615 Flags);
616
617 /* Dereference the process */
619 break;
620
621 /* Priority class */
623
625 {
627 break;
628 }
629
630 /* Set the return length*/
632
633 /* Reference the process */
636 PsProcessType,
637 PreviousMode,
639 NULL);
641
642 /* Enter SEH for writing back data */
643 _SEH2_TRY
644 {
645 /* Return current priority class */
648 }
650 {
651 /* Get the exception code */
653 }
654 _SEH2_END;
655
656 /* Dereference the process */
658 break;
659
661
662 /* Reference the process */
665 PsProcessType,
666 PreviousMode,
668 NULL);
670
671 /* Get the image path */
674 {
675 /* Set return length */
678
679 /* Make sure it's large enough */
681 {
682 /* Enter SEH to protect write */
683 _SEH2_TRY
684 {
685 /* Copy it */
686 RtlCopyMemory(ProcessInformation,
687 ImageName,
688 Length);
689
690 /* Update pointer */
691 ((PUNICODE_STRING)ProcessInformation)->Buffer =
693 }
695 {
696 /* Get the exception code */
698 }
699 _SEH2_END;
700 }
701 else
702 {
703 /* Buffer too small */
705 }
706
707 /* Free the image path */
709 }
710 /* Dereference the process */
712 break;
713
715
717 {
719 break;
720 }
721
722 /* Set the return length*/
724
725 /* Reference the process */
728 PsProcessType,
729 PreviousMode,
731 NULL);
733
734 /* Enter SEH for writing back data */
735 _SEH2_TRY
736 {
737 /* Return the debug flag state */
739 }
741 {
742 /* Get the exception code */
744 }
745 _SEH2_END;
746
747 /* Dereference the process */
749 break;
750
752
754 {
756 break;
757 }
758
759 /* Set the return length */
761
762 /* Reference the process */
765 PsProcessType,
766 PreviousMode,
768 NULL);
770
771 /* Enter SEH for writing back data */
772 _SEH2_TRY
773 {
774 /* Return the BreakOnTermination state */
776 }
778 {
779 /* Get the exception code */
781 }
782 _SEH2_END;
783
784 /* Dereference the process */
786 break;
787
788 /* Per-process security cookie */
790
792 {
793 /* Length size wrong, bail out */
795 break;
796 }
797
798 /* Get the current process and cookie */
802 {
803 LARGE_INTEGER SystemTime;
804 ULONG NewCookie;
805 PKPRCB Prcb;
806
807 /* Generate a new cookie */
808 KeQuerySystemTime(&SystemTime);
809 Prcb = KeGetCurrentPrcb();
812
813 /* Set the new cookie or return the current one */
815 NewCookie,
816 Cookie);
818
819 /* Set return length */
821 }
822
823 /* Indicate success */
825
826 /* Enter SEH to protect write */
827 _SEH2_TRY
828 {
829 /* Write back the cookie */
831 }
833 {
834 /* Get the exception code */
836 }
837 _SEH2_END;
838 break;
839
841
843 {
844 /* Break out */
846 break;
847 }
848
849 /* Set the length required and validate it */
851
852 /* Enter SEH to protect write */
853 _SEH2_TRY
854 {
856 }
858 {
859 /* Get the exception code */
861 }
862 _SEH2_END;
863
864 /* Indicate success */
866 break;
867
869
871 {
873 break;
874 }
875
876 /* Set the return length */
878
879 /* Reference the process */
882 PsProcessType,
883 PreviousMode,
885 NULL);
887
888 /* Get the debug port */
890
891 /* Let go of the process */
893
894 /* Protect write in SEH */
895 _SEH2_TRY
896 {
897 /* Return debug port's handle */
898 *(PHANDLE)ProcessInformation = DebugPort;
899 }
901 {
902 /* Get the exception code */
904 }
905 _SEH2_END;
906 break;
907
911 break;
912
914
916 {
918 break;
919 }
920
921 /* Set the return length */
923
924 /* Indicate success */
926
927 /* Protect write in SEH */
928 _SEH2_TRY
929 {
930 /* Query Ob */
932 }
934 {
935 /* Get the exception code */
937 }
938 _SEH2_END;
939 break;
940
942
944 {
946 break;
947 }
948
949 /* Set the return length */
951
952 /* Reference the process */
955 PsProcessType,
956 PreviousMode,
958 NULL);
960
961 /* Protect write in SEH */
962 _SEH2_TRY
963 {
964 /* Return if the flag is set */
966 }
968 {
969 /* Get the exception code */
971 }
972 _SEH2_END;
973
974 /* Dereference the process */
976 break;
977
979
981 {
983 break;
984 }
985
986 /* Set return length */
988
989 /* Reference the process */
992 PsProcessType,
993 PreviousMode,
995 NULL);
997
998 /* Make sure the process isn't dying */
1000 {
1001 /* Get the WOW64 process structure */
1002#ifdef _WIN64
1004#else
1005 Wow64 = 0;
1006#endif
1007 /* Release the lock */
1009 }
1010
1011 /* Protect write with SEH */
1012 _SEH2_TRY
1013 {
1014 /* Return whether or not we have a debug port */
1015 *(PULONG_PTR)ProcessInformation = Wow64;
1016 }
1018 {
1019 /* Get exception code */
1021 }
1022 _SEH2_END;
1023
1024 /* Dereference the process */
1026 break;
1027
1029
1031 {
1033 break;
1034 }
1035
1036 /* Set return length */
1038
1040 {
1042 }
1043
1044 /* Get the options */
1047 {
1048 /* Protect write with SEH */
1049 _SEH2_TRY
1050 {
1051 /* Return them */
1052 *(PULONG)ProcessInformation = ExecuteOptions;
1053 }
1055 {
1056 /* Get exception code */
1058 }
1059 _SEH2_END;
1060 }
1061 break;
1062
1066 break;
1067
1071 break;
1072
1076 break;
1077
1078 /* Not supported by Server 2003 */
1079 default:
1082 }
1083
1084 /* Protect write with SEH */
1085 _SEH2_TRY
1086 {
1087 /* Check if caller wanted return length */
1089 }
1091 {
1092 /* Get exception code */
1094 }
1095 _SEH2_END;
1096
1098}
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
struct _VM_COUNTERS_ * PVM_COUNTERS
struct _IO_COUNTERS IO_COUNTERS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
struct _IO_COUNTERS * PIO_COUNTERS
Definition: nsiface.idl:2307
struct _QUOTA_LIMITS QUOTA_LIMITS
struct _QUOTA_LIMITS * PQUOTA_LIMITS
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1811
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2579
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: pstypes.h:1261
Definition: pstypes.h:82
Definition: winternl.h:1059
Definition: ketypes.h:561
Definition: winternl.h:402
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:340
Definition: pstypes.h:370
Definition: pstypes.h:358
Definition: pstypes.h:955
Definition: pstypes.h:383
Definition: ke.h:45
Definition: lsa.idl:286
Definition: mmtypes.h:337
Definition: mmdrv.h:130
Definition: env_spec_w32.h:368
Definition: pstypes.h:105
Definition: winternl.h:1604
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:1612
Definition: typedefs.h:103
struct _LARGE_INTEGER::@2272 u
Referenced by _main(), BaseInitializeStaticServerData(), check_live_target(), CheckRemoteDebuggerPresent(), CON_API_NOCONSOLE(), EmptyWorkingSet(), EnumProcessModules(), FindModule(), get_shiminfo(), GetDriveTypeW(), GetErrorMode(), GetExitCodeProcess(), GetLogicalDrives(), GetPriorityClass(), GetProcessAffinityMask(), GetProcessExecutablePath(), GetProcessHandleCount(), GetProcessId(), GetProcessImageFileNameA(), GetProcessImageFileNameW(), GetProcessIoCounters(), GetProcessMemoryInfo(), GetProcessPriorityBoost(), GetProcessTimes(), GetProcessVersion(), GetProcessWorkingSetSizeEx(), GetSourcePaths(), GetWsChanges(), GlobalMemoryStatusEx(), InitFunctionPtrs(), Is64BitSystem(), IsCriticalProcess(), IsWow64Process(), PerfDataGetCommandLine(), PrintProcess(), ProcessIdToSessionId(), PsaEnumerateProcessModules(), QueryFlag(), QueryFullProcessImageNameW(), QuerySetProcessValidator(), RtlpQueryRemoteProcessModules(), SmpApiLoop(), SmpCreateVolumeDescriptors(), SmpGetProcessMuSessionId(), Test_ProcessPriorityClassAlignment(), Test_ProcessTimes(), Test_ProcessWx86Information(), UnhandledExceptionFilter(), UserpGetClientFileName(), wmain(), and Wow64QueryFlag().
◆ NtQueryInformationThread()
| NTSTATUS NTAPI NtQueryInformationThread | ( | IN HANDLE | ThreadHandle, |
| IN THREADINFOCLASS | ThreadInformationClass, | ||
| OUT PVOID | ThreadInformation, | ||
| IN ULONG | ThreadInformationLength, | ||
| OUT PULONG ReturnLength | OPTIONAL | ||
| ) |
Definition at line 2624 of file query.c.
2629{
2633 ULONG Access;
2635 PTHREAD_BASIC_INFORMATION ThreadBasicInfo =
2636 (PTHREAD_BASIC_INFORMATION)ThreadInformation;
2639 ULONG ThreadTerminated;
2640 PAGED_CODE();
2641
2642 /* Verify Information Class validity */
2644 PsThreadInfoClass,
2646 ICIF_PROBE_READ,
2647 ThreadInformation,
2648 ThreadInformationLength,
2649 ReturnLength,
2650 NULL,
2651 PreviousMode);
2653 {
2654 DPRINT1("NtQueryInformationThread(): Information verification class failed! (Status -> 0x%lx , ThreadInformationClass -> %lx)\n", Status, ThreadInformationClass);
2656 }
2657
2658 /* Check what class this is */
2659 Access = THREAD_QUERY_INFORMATION;
2660
2661 /* Check what kind of information class this is */
2663 {
2664 /* Basic thread information */
2666
2667 /* Set return length */
2669
2671 {
2673 break;
2674 }
2675
2676 /* Reference the process */
2678 Access,
2679 PsThreadType,
2680 PreviousMode,
2682 NULL);
2684 break;
2685
2686 /* Protect writes with SEH */
2687 _SEH2_TRY
2688 {
2689 /* Write all the information from the ETHREAD/KTHREAD */
2696 }
2698 {
2699 /* Get exception code */
2701 }
2702 _SEH2_END;
2703
2704 /* Dereference the thread */
2706 break;
2707
2708 /* Thread time information */
2710
2711 /* Set the return length */
2713
2715 {
2717 break;
2718 }
2719
2720 /* Reference the process */
2722 Access,
2723 PsThreadType,
2724 PreviousMode,
2726 NULL);
2728 break;
2729
2730 /* Protect writes with SEH */
2731 _SEH2_TRY
2732 {
2733 /* Copy time information from ETHREAD/KTHREAD */
2737
2738 /* Exit time is in a union and only valid on actual exit! */
2740 {
2742 }
2743 else
2744 {
2746 }
2747 }
2749 {
2750 /* Get exception code */
2752 }
2753 _SEH2_END;
2754
2755 /* Dereference the thread */
2757 break;
2758
2760
2761 /* Set the return length*/
2763
2765 {
2767 break;
2768 }
2769
2770 /* Reference the process */
2772 Access,
2773 PsThreadType,
2774 PreviousMode,
2776 NULL);
2778 break;
2779
2780 /* Protect write with SEH */
2781 _SEH2_TRY
2782 {
2783 /* Return the Win32 Start Address */
2785 }
2787 {
2788 /* Get exception code */
2790 }
2791 _SEH2_END;
2792
2793 /* Dereference the thread */
2795 break;
2796
2798
2799 /* Set the return length*/
2801
2803 {
2805 break;
2806 }
2807
2808 /* Reference the process */
2810 Access,
2811 PsThreadType,
2812 PreviousMode,
2814 NULL);
2816 break;
2817
2818 /* Protect write with SEH */
2819 _SEH2_TRY
2820 {
2821 /* FIXME */
2822 (*(PLARGE_INTEGER)ThreadInformation).QuadPart = 0;
2823 }
2825 {
2826 /* Get exception code */
2828 }
2829 _SEH2_END;
2830
2831 /* Dereference the thread */
2833 break;
2834
2836
2837 /* Set the return length*/
2839
2841 {
2843 break;
2844 }
2845
2846 /* Reference the process */
2848 Access,
2849 PsThreadType,
2850 PreviousMode,
2852 NULL);
2854 break;
2855
2856 /* Protect write with SEH */
2857 _SEH2_TRY
2858 {
2859 /* Return whether or not we are the last thread */
2862 &Thread->ThreadsProcess->
2863 ThreadListHead) ?
2865 }
2867 {
2868 /* Get exception code */
2870 }
2871 _SEH2_END;
2872
2873 /* Dereference the thread */
2875 break;
2876
2878
2879 /* Set the return length*/
2881
2883 {
2885 break;
2886 }
2887
2888 /* Reference the process */
2890 Access,
2891 PsThreadType,
2892 PreviousMode,
2894 NULL);
2896 break;
2897
2898 /* Raise the IRQL to protect the IRP list */
2900
2901 /* Protect write with SEH */
2902 _SEH2_TRY
2903 {
2904 /* Check if the IRP list is empty or not */
2906 }
2908 {
2909 /* Get exception code */
2911 }
2912 _SEH2_END;
2913
2914 /* Lower IRQL back */
2916
2917 /* Dereference the thread */
2919 break;
2920
2921 /* LDT and GDT information */
2923
2924#if defined(_X86_)
2925 /* Reference the process */
2927 Access,
2928 PsThreadType,
2929 PreviousMode,
2931 NULL);
2933 break;
2934
2935 /* Call the worker routine */
2937 ThreadInformation,
2938 ThreadInformationLength,
2939 ReturnLength);
2940
2941 /* Dereference the thread */
2943#else
2944 /* Only implemented on x86 */
2946#endif
2947 break;
2948
2950
2951 /* Set the return length*/
2953
2955 {
2957 break;
2958 }
2959
2960 /* Reference the process */
2962 Access,
2963 PsThreadType,
2964 PreviousMode,
2966 NULL);
2968 break;
2969
2970 _SEH2_TRY
2971 {
2973 }
2975 {
2977 }
2978 _SEH2_END;
2979
2980 /* Dereference the thread */
2982 break;
2983
2985
2986 /* Set the return length*/
2988
2990 {
2992 break;
2993 }
2994
2995 /* Reference the process */
2997 Access,
2998 PsThreadType,
2999 PreviousMode,
3001 NULL);
3003 break;
3004
3006
3007 _SEH2_TRY
3008 {
3009 *(PULONG)ThreadInformation = ThreadTerminated ? 1 : 0;
3010 }
3012 {
3014 }
3015 _SEH2_END;
3016
3017 /* Dereference the thread */
3019 break;
3020
3021 /* Anything else */
3022 default:
3023
3024 /* Not yet implemented */
3027 }
3028
3029 /* Protect write with SEH */
3030 _SEH2_TRY
3031 {
3032 /* Check if caller wanted return length */
3034 }
3036 {
3037 /* Get exception code */
3039 }
3040 _SEH2_END;
3041
3043}
struct _THREAD_BASIC_INFORMATION THREAD_BASIC_INFORMATION
struct _THREAD_BASIC_INFORMATION * PTHREAD_BASIC_INFORMATION
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
Definition: psfuncs.h:835
LONG NTAPI KeQueryBasePriorityThread(IN PKTHREAD Thread)
Definition: thrdobj.c:61
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
Definition: thread.c:868
NTSTATUS NTAPI PspQueryDescriptorThread(IN PETHREAD Thread, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
Definition: psldt.c:43
Definition: pstypes.h:1102
Definition: compat.h:926
union _LARGE_INTEGER LARGE_INTEGER
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
Definition: kefuncs.h:792
Referenced by CreateRemoteThread(), CsrCreateProcess(), CsrCreateRemoteThread(), CsrCreateThread(), CsrInsertThread(), CsrSbCreateSession(), DbgUiConvertStateChangeStructure(), ExitThread(), fetch_thread_info(), GetExitCodeThread(), GetProcessIdOfThread(), GetThreadId(), GetThreadIOPendingFlag(), GetThreadPriority(), GetThreadPriorityBoost(), GetThreadSelectorEntry(), GetThreadTimes(), i386_stack_walk(), init_funcs(), InitFunctionPtrs(), PrintThreads(), QuerySetThreadValidator(), RtlFreeUserThreadStack(), RtlpIsIoPending(), SetThreadAffinityMask(), TerminateThread(), and Test_ThreadBasicInformationClass().
◆ NtSetInformationProcess()
| NTSTATUS NTAPI NtSetInformationProcess | ( | IN HANDLE | ProcessHandle, |
| IN PROCESSINFOCLASS | ProcessInformationClass, | ||
| IN PVOID | ProcessInformation, | ||
| IN ULONG | ProcessInformationLength | ||
| ) |
Definition at line 1105 of file query.c.
1109{
1112 ACCESS_MASK Access;
1118 PROCESS_PRIORITY_CLASS PriorityClass = {0};
1119 PROCESS_FOREGROUND_BACKGROUND Foreground = {0};
1120 PVOID ExceptionPort;
1121 ULONG Break;
1123 KPRIORITY BasePriority = 0;
1124 UCHAR MemoryPriority = 0;
1125 BOOLEAN DisableBoost = 0;
1126 ULONG DefaultHardErrorMode = 0;
1127 ULONG DebugFlags = 0, EnableFixup = 0, Boost = 0;
1128 ULONG NoExecute = 0, VdmPower = 0;
1130 PLIST_ENTRY Next;
1132 PAGED_CODE();
1133
1134 /* Verify Information Class validity */
1136 PsProcessInfoClass,
1138 ProcessInformation,
1139 ProcessInformationLength,
1140 PreviousMode);
1142 {
1143 DPRINT1("NtSetInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n", Status, ProcessInformationClass);
1145 }
1146
1147 /* Check what class this is */
1148 Access = PROCESS_SET_INFORMATION;
1150 {
1151 /* Setting the Session ID needs a special mask */
1152 Access |= PROCESS_SET_SESSIONID;
1153 }
1155 {
1156 /* Setting the exception port needs a special mask */
1157 Access |= PROCESS_SUSPEND_RESUME;
1158 }
1159
1160 /* Reference the process */
1162 Access,
1163 PsProcessType,
1164 PreviousMode,
1166 NULL);
1168
1169 /* Check what kind of information class this is */
1170 switch (ProcessInformationClass)
1171 {
1173
1174 /* Check buffer length */
1176 {
1178 break;
1179 }
1180
1181 /* Use SEH for capture */
1182 _SEH2_TRY
1183 {
1184 /* Capture the boolean */
1185 VdmPower = *(PULONG)ProcessInformation;
1186 }
1188 {
1189 /* Get the exception code */
1192 }
1193 _SEH2_END;
1194
1195 /* Getting VDM powers requires the SeTcbPrivilege */
1197 {
1198 /* We don't hold the privilege, bail out */
1201 break;
1202 }
1203
1204 /* Set or clear the flag */
1205 if (VdmPower)
1206 {
1208 }
1209 else
1210 {
1212 }
1213 break;
1214
1215 /* Error/Exception Port */
1217
1218 /* Check buffer length */
1220 {
1222 break;
1223 }
1224
1225 /* Use SEH for capture */
1226 _SEH2_TRY
1227 {
1228 /* Capture the handle */
1229 PortHandle = *(PHANDLE)ProcessInformation;
1230 }
1232 {
1233 /* Get the exception code */
1236 }
1237 _SEH2_END;
1238
1239 /* Setting the error port requires the SeTcbPrivilege */
1241 {
1242 /* We don't hold the privilege, bail out */
1244 break;
1245 }
1246
1247 /* Get the LPC Port */
1249 0,
1250 LpcPortObjectType,
1251 PreviousMode,
1252 (PVOID)&ExceptionPort,
1253 NULL);
1255
1256 /* Change the pointer */
1258 ExceptionPort,
1259 NULL))
1260 {
1261 /* We already had one, fail */
1262 ObDereferenceObject(ExceptionPort);
1264 }
1265 break;
1266
1267 /* Security Token */
1269
1270 /* Check buffer length */
1272 {
1274 break;
1275 }
1276
1277 /* Use SEH for capture */
1278 _SEH2_TRY
1279 {
1280 /* Save the token handle */
1282 Token;
1283 }
1285 {
1286 /* Get the exception code */
1289 }
1290 _SEH2_END;
1291
1292 /* Assign the actual token */
1294 break;
1295
1296 /* Hard error processing */
1298
1299 /* Check buffer length */
1301 {
1303 break;
1304 }
1305
1306 /* Enter SEH for direct buffer read */
1307 _SEH2_TRY
1308 {
1309 DefaultHardErrorMode = *(PULONG)ProcessInformation;
1310 }
1312 {
1313 /* Get exception code */
1316 }
1317 _SEH2_END;
1318
1319 /* Set the mode */
1320 Process->DefaultHardErrorProcessing = DefaultHardErrorMode;
1321
1322 /* Call Ke for the update */
1324 {
1326 }
1327 else
1328 {
1330 }
1332 break;
1333
1334 /* Session ID */
1336
1337 /* Check buffer length */
1339 {
1341 break;
1342 }
1343
1344 /* Enter SEH for capture */
1345 _SEH2_TRY
1346 {
1347 /* Capture the caller's buffer */
1349 }
1351 {
1352 /* Get the exception code */
1355 }
1356 _SEH2_END;
1357
1358 /* Setting the session id requires the SeTcbPrivilege */
1360 {
1361 /* We don't hold the privilege, bail out */
1363 break;
1364 }
1365
1366#if 0 // OLD AND DEPRECATED CODE!!!!
1367
1368 /* FIXME - update the session id for the process token */
1369 //Status = PsLockProcess(Process, FALSE);
1371
1372 /* Write the session ID in the EPROCESS */
1374
1375 /* Check if the process also has a PEB */
1377 {
1378 /*
1379 * Attach to the process to make sure we're in the right
1380 * context to access the PEB structure
1381 */
1383
1384 /* Enter SEH for write to user-mode PEB */
1385 _SEH2_TRY
1386 {
1387 /* Write the session ID */
1389 }
1391 {
1392 /* Get exception code */
1394 }
1395 _SEH2_END;
1396
1397 /* Detach from the process */
1398 KeDetachProcess();
1399 }
1400
1401 /* Unlock the process */
1402 //PsUnlockProcess(Process);
1403
1404#endif
1405
1406 /*
1407 * Since we cannot change the session ID of the given
1408 * process anymore because it is set once and for all
1409 * at process creation time and because it is stored
1410 * inside the Process->Session structure managed by MM,
1411 * we fake changing it: we just return success if the
1412 * user-defined value is the same as the session ID of
1413 * the process, and otherwise we fail.
1414 */
1416 {
1418 }
1419 else
1420 {
1422 }
1423
1424 break;
1425
1427
1428 /* Check buffer length */
1430 {
1432 break;
1433 }
1434
1435 /* Enter SEH for capture */
1436 _SEH2_TRY
1437 {
1438 /* Capture the caller's buffer */
1439 PriorityClass = *(PPROCESS_PRIORITY_CLASS)ProcessInformation;
1440 }
1442 {
1443 /* Return the exception code */
1446 }
1447 _SEH2_END;
1448
1449 /* Check for invalid PriorityClass value */
1451 {
1453 break;
1454 }
1455
1458 {
1459 /* Check the privilege */
1461 ProcessHandle,
1462 PROCESS_SET_INFORMATION,
1463 PreviousMode);
1465 {
1469 }
1470 }
1471
1472 /* Check if we have a job */
1474 {
1476 }
1477
1478 /* Set process priority class */
1480
1481 /* Set process priority mode (foreground or background) */
1483 PriorityClass.Foreground ?
1484 PsProcessPriorityForeground :
1485 PsProcessPriorityBackground);
1487 break;
1488
1490
1491 /* Check buffer length */
1493 {
1495 break;
1496 }
1497
1498 /* Enter SEH for capture */
1499 _SEH2_TRY
1500 {
1501 /* Capture the caller's buffer */
1502 Foreground = *(PPROCESS_FOREGROUND_BACKGROUND)ProcessInformation;
1503 }
1505 {
1506 /* Return the exception code */
1509 }
1510 _SEH2_END;
1511
1512 /* Set process priority mode (foreground or background) */
1514 Foreground.Foreground ?
1515 PsProcessPriorityForeground :
1516 PsProcessPriorityBackground);
1518 break;
1519
1521
1522 /* Validate input length */
1524 {
1526 break;
1527 }
1528
1529 /* Enter SEH for direct buffer read */
1530 _SEH2_TRY
1531 {
1532 BasePriority = *(KPRIORITY*)ProcessInformation;
1533 }
1535 {
1536 /* Get exception code */
1537 Break = 0;
1540 }
1541 _SEH2_END;
1542
1543 /* Extract the memory priority out of there */
1544 if (BasePriority & 0x80000000)
1545 {
1546 MemoryPriority = MEMORY_PRIORITY_FOREGROUND;
1547 BasePriority &= ~0x80000000;
1548 }
1549 else
1550 {
1551 MemoryPriority = MEMORY_PRIORITY_BACKGROUND;
1552 }
1553
1554 /* Validate the number */
1556 {
1559 }
1560
1561 /* Check if the new base is higher */
1563 {
1565 ProcessHandle,
1566 PROCESS_SET_INFORMATION,
1567 PreviousMode);
1569 {
1571 DPRINT1("Privilege to change priority from %lx to %lx lacking\n", BasePriority, Process->Pcb.BasePriority);
1573 }
1574 }
1575
1576 /* Call Ke */
1578
1579 /* Now set the memory priority */
1582 break;
1583
1585
1586 /* Validate input length */
1588 {
1590 break;
1591 }
1592
1593 /* Enter SEH for direct buffer read */
1594 _SEH2_TRY
1595 {
1596 Boost = *(PULONG)ProcessInformation;
1597 }
1599 {
1600 /* Get exception code */
1601 Break = 0;
1604 }
1605 _SEH2_END;
1606
1607 /* Make sure the process isn't dying */
1609 {
1610 /* Lock it */
1611 KeEnterCriticalRegion();
1613
1614 /* Loop the threads */
1616 Next != &Process->ThreadListHead;
1617 Next = Next->Flink)
1618 {
1619 /* Call Ke for the thread */
1622 }
1623
1624 /* Release the lock and rundown */
1626 KeLeaveCriticalRegion();
1628
1629 /* Set success code */
1631 }
1632 else
1633 {
1634 /* Avoid race conditions */
1636 }
1637 break;
1638
1640
1641 /* Check buffer length */
1643 {
1645 break;
1646 }
1647
1648 /* Enter SEH for direct buffer read */
1649 _SEH2_TRY
1650 {
1651 Break = *(PULONG)ProcessInformation;
1652 }
1654 {
1655 /* Get exception code */
1656 Break = 0;
1659 }
1660 _SEH2_END;
1661
1662 /* Setting 'break on termination' requires the SeDebugPrivilege */
1664 {
1665 /* We don't hold the privilege, bail out */
1667 break;
1668 }
1669
1670 /* Set or clear the flag */
1671 if (Break)
1672 {
1674 }
1675 else
1676 {
1678 }
1679
1680 break;
1681
1683
1684 /* Check buffer length */
1686 {
1688 break;
1689 }
1690
1691 /* Enter SEH for direct buffer read */
1692 _SEH2_TRY
1693 {
1695 }
1697 {
1698 /* Get exception code */
1699 Break = 0;
1702 }
1703 _SEH2_END;
1704
1705 /* Make sure it's valid for the CPUs present */
1708 {
1710 break;
1711 }
1712
1713 /* Check if it's within job affinity limits */
1715 {
1716 /* Not yet implemented */
1717 UNIMPLEMENTED;
1719 break;
1720 }
1721
1722 /* Make sure the process isn't dying */
1724 {
1725 /* Lock it */
1726 KeEnterCriticalRegion();
1728
1729 /* Call Ke to do the work */
1731
1732 /* Release the lock and rundown */
1734 KeLeaveCriticalRegion();
1736
1737 /* Set success code */
1739 }
1740 else
1741 {
1742 /* Avoid race conditions */
1744 }
1745 break;
1746
1747 /* Priority Boosting status */
1749
1750 /* Validate input length */
1752 {
1754 break;
1755 }
1756
1757 /* Enter SEH for direct buffer read */
1758 _SEH2_TRY
1759 {
1760 DisableBoost = *(PBOOLEAN)ProcessInformation;
1761 }
1763 {
1764 /* Get exception code */
1765 Break = 0;
1768 }
1769 _SEH2_END;
1770
1771 /* Make sure the process isn't dying */
1773 {
1774 /* Lock it */
1775 KeEnterCriticalRegion();
1777
1778 /* Call Ke to do the work */
1780
1781 /* Loop the threads too */
1783 Next != &Process->ThreadListHead;
1784 Next = Next->Flink)
1785 {
1786 /* Call Ke for the thread */
1789 }
1790
1791 /* Release the lock and rundown */
1793 KeLeaveCriticalRegion();
1795
1796 /* Set success code */
1798 }
1799 else
1800 {
1801 /* Avoid race conditions */
1803 }
1804 break;
1805
1807
1808 /* Check buffer length */
1810 {
1812 break;
1813 }
1814
1815 /* Enter SEH for direct buffer read */
1816 _SEH2_TRY
1817 {
1818 DebugFlags = *(PULONG)ProcessInformation;
1819 }
1821 {
1822 /* Get exception code */
1825 }
1826 _SEH2_END;
1827
1828 /* Set the mode */
1829 if (DebugFlags & ~1)
1830 {
1832 }
1833 else
1834 {
1835 if (DebugFlags & 1)
1836 {
1838 }
1839 else
1840 {
1842 }
1843 }
1844
1845 /* Done */
1847 break;
1848
1850
1851 /* Check buffer length */
1853 {
1855 break;
1856 }
1857
1858 /* Enter SEH for direct buffer read */
1859 _SEH2_TRY
1860 {
1861 EnableFixup = *(PULONG)ProcessInformation;
1862 }
1864 {
1865 /* Get exception code */
1868 }
1869 _SEH2_END;
1870
1871 /* Set the mode */
1872 if (EnableFixup)
1873 {
1875 }
1876 else
1877 {
1878 Process->DefaultHardErrorProcessing &= ~SEM_NOALIGNMENTFAULTEXCEPT;
1879 }
1880
1881 /* Call Ke for the update */
1884 break;
1885
1887
1888 /* Only TCB can do this */
1890 {
1891 /* We don't hold the privilege, bail out */
1894 break;
1895 }
1896
1897 /* Only supported on x86 */
1898#if defined (_X86_)
1899 Ke386SetIOPL();
1900#elif defined(_M_AMD64)
1901 /* On x64 this function isn't implemented.
1902 On Windows 2003 it returns success.
1903 On Vista+ it returns STATUS_NOT_IMPLEMENTED. */
1905 (RtlRosGetAppcompatVersion() > _WIN32_WINNT_WS03))
1906 {
1908 }
1909#else
1911#endif
1912 /* Done */
1913 break;
1914
1916
1917 /* Check buffer length */
1919 {
1921 break;
1922 }
1923
1925 {
1927 break;
1928 }
1929
1930 /* Enter SEH for direct buffer read */
1931 _SEH2_TRY
1932 {
1933 NoExecute = *(PULONG)ProcessInformation;
1934 }
1936 {
1937 /* Get exception code */
1940 }
1941 _SEH2_END;
1942
1943 /* Call Mm for the update */
1945 break;
1946
1948
1949 /* Check buffer length */
1951 {
1953 break;
1954 }
1955
1956 /* Use SEH for capture */
1957 _SEH2_TRY
1958 {
1959 /* Capture the handle */
1961 }
1963 {
1964 /* Get the exception code */
1967 }
1968 _SEH2_END;
1969
1970 /* Call Ob to set the device map */
1972 break;
1973
1974
1975 /* We currently don't implement any of these */
1981 break;
1982
1984
1986 1,
1987 ProcessInformation,
1988 ProcessInformationLength,
1989 PreviousMode);
1990 break;
1991
1995 break;
1996
2000 break;
2001
2002 /* Anything else is invalid */
2003 default:
2006 }
2007
2008 /* Dereference and return status */
2011}
Definition: tokenizer.hpp:28
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1104
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1212
#define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL
Definition: pstypes.h:112
struct _PROCESS_FOREGROUND_BACKGROUND * PPROCESS_FOREGROUND_BACKGROUND
struct _PROCESS_ACCESS_TOKEN * PPROCESS_ACCESS_TOKEN
#define LOW_PRIORITY
#define HIGH_PRIORITY
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
KAFFINITY NTAPI KeSetAffinityProcess(IN PKPROCESS Process, IN KAFFINITY Affinity)
Definition: procobj.c:265
BOOLEAN NTAPI KeSetDisableBoostProcess(IN PKPROCESS Process, IN BOOLEAN Disable)
Definition: procobj.c:331
BOOLEAN NTAPI KeSetDisableBoostThread(IN OUT PKTHREAD Thread, IN BOOLEAN Disable)
Definition: thrdobj.c:95
BOOLEAN NTAPI KeSetAutoAlignmentProcess(IN PKPROCESS Process, IN BOOLEAN Enable)
Definition: procobj.c:313
VOID NTAPI KeBoostPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Increment)
Definition: thrdobj.c:229
KPRIORITY NTAPI KeSetPriorityAndQuantumProcess(IN PKPROCESS Process, IN KPRIORITY Priority, IN UCHAR Quantum OPTIONAL)
Definition: procobj.c:349
NTSTATUS NTAPI MmSetExecuteOptions(IN ULONG ExecuteOptions)
Definition: pagfault.c:2621
NTSTATUS NTAPI MmSetMemoryPriorityProcess(IN PEPROCESS Process, IN UCHAR MemoryPriority)
Definition: procsup.c:486
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
Definition: probe.h:70
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
Definition: priv.c:803
VOID NTAPI PsSetProcessPriorityByClass(IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE Type)
Definition: process.c:1325
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
Definition: devicemap.c:24
NTSTATUS NTAPI PspSetPrimaryToken(IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
Definition: security.c:215
NTSTATUS NTAPI PspSetQuotaLimits(_In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode)
This function adjusts the working set limits of a process and sets up new quota limits when necessary...
Definition: quota.c:1045
Definition: typedefs.h:120
Definition: pstypes.h:146
Definition: pstypes.h:964
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
Definition: halfuncs.h:174
Referenced by _main(), CreateProcessInternalW(), CSR_API(), CsrCreateProcess(), CsrpSetDefaultProcessHardErrorMode(), CsrSbCreateSession(), CsrSetBackgroundPriority(), CsrSetForegroundPriority(), CsrSetToNormalPriority(), CsrSetToShutdownPriority(), EmptyWorkingSet(), InitFunctionPtrs(), InitializeProcessForWsWatch(), InsertTokenToProcessCommon(), LdrpInitializeProcess(), QuerySetProcessValidator(), SetErrorMode(), SetPriorityClass(), SetProcessAffinityMask(), SetProcessPriorityBoost(), SetProcessWorkingSetSizeEx(), SmpInit(), SmpSbCreateSession(), SmpSetProcessMuSessionId(), Test_ProcBasePriorityClass(), Test_ProcessWx86InformationClass(), Test_ProcForegroundBackgroundClass(), and Test_ProcRaisePriorityClass().
◆ NtSetInformationThread()
| NTSTATUS NTAPI NtSetInformationThread | ( | IN HANDLE | ThreadHandle, |
| IN THREADINFOCLASS | ThreadInformationClass, | ||
| IN PVOID | ThreadInformation, | ||
| IN ULONG | ThreadInformationLength | ||
| ) |
Definition at line 2018 of file query.c.
2022{
2031 ULONG_PTR DisableBoost = 0;
2032 ULONG_PTR IdealProcessor = 0;
2033 ULONG_PTR Break = 0;
2034 PTEB Teb;
2036 PVOID *ExpansionSlots;
2037 PETHREAD ProcThread;
2039 PAGED_CODE();
2040
2041 /* Verify Information Class validity */
2043 PsThreadInfoClass,
2045 ThreadInformation,
2046 ThreadInformationLength,
2047 PreviousMode);
2049 {
2050 DPRINT1("NtSetInformationThread(): Information verification class failed! (Status -> 0x%lx, ThreadInformationClass -> %lx)\n", Status, ThreadInformationClass);
2052 }
2053
2054 /* Check what kind of information class this is */
2056 {
2057 /* Thread priority */
2059
2060 /* Check buffer length */
2062 {
2064 break;
2065 }
2066
2067 /* Use SEH for capture */
2068 _SEH2_TRY
2069 {
2070 /* Get the priority */
2072 }
2074 {
2075 /* Get the exception code */
2078 }
2079 _SEH2_END;
2080
2081 /* Validate it */
2084 {
2085 /* Fail */
2087 break;
2088 }
2089
2090 /* Check for the required privilege */
2092 {
2094 ThreadHandle,
2095 THREAD_SET_INFORMATION,
2096 PreviousMode);
2098 {
2101 }
2102 }
2103
2104 /* Reference the thread */
2106 THREAD_SET_INFORMATION,
2107 PsThreadType,
2108 PreviousMode,
2110 NULL);
2112 break;
2113
2114 /* Set the priority */
2116
2117 /* Dereference the thread */
2119 break;
2120
2122
2123 /* Check buffer length */
2125 {
2127 break;
2128 }
2129
2130 /* Use SEH for capture */
2131 _SEH2_TRY
2132 {
2133 /* Get the priority */
2135 }
2137 {
2138 /* Get the exception code */
2141 }
2142 _SEH2_END;
2143
2144 /* Validate it */
2147 {
2148 /* These ones are OK */
2151 {
2152 /* Check if the process is real time */
2155 {
2156 /* It isn't, fail */
2158 break;
2159 }
2160 }
2161 }
2162
2163 /* Reference the thread */
2165 THREAD_SET_INFORMATION,
2166 PsThreadType,
2167 PreviousMode,
2169 NULL);
2171 break;
2172
2173 /* Set the base priority */
2175
2176 /* Dereference the thread */
2178 break;
2179
2181
2182 /* Check buffer length */
2184 {
2186 break;
2187 }
2188
2189 /* Use SEH for capture */
2190 _SEH2_TRY
2191 {
2192 /* Get the priority */
2194 }
2196 {
2197 /* Get the exception code */
2200 }
2201 _SEH2_END;
2202
2203 /* Validate it */
2205 {
2206 /* Fail */
2208 break;
2209 }
2210
2211 /* Reference the thread */
2213 THREAD_SET_INFORMATION,
2214 PsThreadType,
2215 PreviousMode,
2217 NULL);
2219 break;
2220
2221 /* Get the process */
2223
2224 /* Try to acquire rundown */
2226 {
2227 /* Lock it */
2228 KeEnterCriticalRegion();
2230
2231 /* Combine masks */
2234 {
2235 /* Fail */
2237 }
2238 else
2239 {
2240 /* Set the affinity */
2242 }
2243
2244 /* Release the lock and rundown */
2246 KeLeaveCriticalRegion();
2248 }
2249 else
2250 {
2251 /* Too late */
2253 }
2254
2255 /* Dereference the thread */
2257 break;
2258
2260
2261 /* Check buffer length */
2263 {
2265 break;
2266 }
2267
2268 /* Use SEH for capture */
2269 _SEH2_TRY
2270 {
2271 /* Save the token handle */
2273 }
2275 {
2276 /* Get the exception code */
2279 }
2280 _SEH2_END;
2281
2282 /* Reference the thread */
2284 THREAD_SET_THREAD_TOKEN,
2285 PsThreadType,
2286 PreviousMode,
2288 NULL);
2290 break;
2291
2292 /* Assign the actual token */
2294
2295 /* Dereference the thread */
2297 break;
2298
2300
2301 /* Check buffer length */
2303 {
2305 break;
2306 }
2307
2308 /* Use SEH for capture */
2309 _SEH2_TRY
2310 {
2311 /* Get the priority */
2313 }
2315 {
2316 /* Get the exception code */
2319 }
2320 _SEH2_END;
2321
2322 /* Reference the thread */
2324 THREAD_SET_INFORMATION,
2325 PsThreadType,
2326 PreviousMode,
2328 NULL);
2330 break;
2331
2332 /* Set the address */
2334
2335 /* Dereference the thread */
2337 break;
2338
2340
2341 /* Check buffer length */
2343 {
2345 break;
2346 }
2347
2348 /* Use SEH for capture */
2349 _SEH2_TRY
2350 {
2351 /* Get the priority */
2352 IdealProcessor = *(PULONG_PTR)ThreadInformation;
2353 }
2355 {
2356 /* Get the exception code */
2359 }
2360 _SEH2_END;
2361
2362 /* Validate it */
2364 {
2365 /* Fail */
2367 break;
2368 }
2369
2370 /* Reference the thread */
2372 THREAD_SET_INFORMATION,
2373 PsThreadType,
2374 PreviousMode,
2376 NULL);
2378 break;
2379
2380 /* Set the ideal */
2382 (CCHAR)IdealProcessor);
2383
2384 /* Get the TEB and protect the thread */
2387 {
2388 /* Save the ideal processor */
2390
2391 /* Release rundown protection */
2393 }
2394
2395 /* Dereference the thread */
2397 break;
2398
2400
2401 /* Check buffer length */
2403 {
2405 break;
2406 }
2407
2408 /* Use SEH for capture */
2409 _SEH2_TRY
2410 {
2411 /* Get the priority */
2412 DisableBoost = *(PULONG_PTR)ThreadInformation;
2413 }
2415 {
2416 /* Get the exception code */
2419 }
2420 _SEH2_END;
2421
2422 /* Reference the thread */
2424 THREAD_SET_INFORMATION,
2425 PsThreadType,
2426 PreviousMode,
2428 NULL);
2430 break;
2431
2432 /* Call the kernel */
2434
2435 /* Dereference the thread */
2437 break;
2438
2440
2441 /* Check buffer length */
2443 {
2445 break;
2446 }
2447
2448 /* Use SEH for capture */
2449 _SEH2_TRY
2450 {
2451 /* Get the priority */
2453 }
2455 {
2456 /* Get the exception code */
2459 }
2460 _SEH2_END;
2461
2462 /* Reference the thread */
2464 THREAD_SET_INFORMATION,
2465 PsThreadType,
2466 PreviousMode,
2468 NULL);
2470 break;
2471
2472 /* This is only valid for the current thread */
2474 {
2475 /* Fail */
2478 break;
2479 }
2480
2481 /* Get the process */
2483
2484 /* Loop the threads */
2486 while (ProcThread)
2487 {
2488 /* Acquire rundown */
2490 {
2491 /* Get the TEB */
2493 if (Teb)
2494 {
2495 /* Check if we're in the expansion range */
2497 {
2499 TLS_EXPANSION_SLOTS) - 1)
2500 {
2501 /* Check if we have expansion slots */
2502 ExpansionSlots = Teb->TlsExpansionSlots;
2503 if (ExpansionSlots)
2504 {
2505 /* Clear the index */
2507 }
2508 }
2509 }
2510 else
2511 {
2512 /* Clear the index */
2514 }
2515 }
2516
2517 /* Release rundown */
2519 }
2520
2521 /* Go to the next thread */
2523 }
2524
2525 /* Dereference the thread */
2527 break;
2528
2530
2531 /* Check buffer length */
2533 {
2535 break;
2536 }
2537
2538 /* Enter SEH for direct buffer read */
2539 _SEH2_TRY
2540 {
2541 Break = *(PULONG)ThreadInformation;
2542 }
2544 {
2545 /* Get exception code */
2546 Break = 0;
2549 }
2550 _SEH2_END;
2551
2552 /* Setting 'break on termination' requires the SeDebugPrivilege */
2554 {
2555 /* We don't hold the privilege, bail out */
2557 break;
2558 }
2559
2560 /* Reference the thread */
2562 THREAD_SET_INFORMATION,
2563 PsThreadType,
2564 PreviousMode,
2566 NULL);
2568 break;
2569
2570 /* Set or clear the flag */
2571 if (Break)
2572 {
2574 }
2575 else
2576 {
2578 }
2579
2580 /* Dereference the thread */
2582 break;
2583
2585
2586 /* Check buffer length */
2588 {
2590 break;
2591 }
2592
2593 /* Reference the thread */
2595 THREAD_SET_INFORMATION,
2596 PsThreadType,
2597 PreviousMode,
2599 NULL);
2601 break;
2602
2603 /* Set the flag */
2605
2606 /* Dereference the thread */
2608 break;
2609
2610 default:
2611 /* We don't implement it yet */
2614 }
2615
2617}
#define LOW_REALTIME_PRIORITY
NTSTATUS NTAPI PsAssignImpersonationToken(IN PETHREAD Thread, IN HANDLE TokenHandle)
Definition: security.c:502
PETHREAD NTAPI PsGetNextProcessThread(IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
Definition: process.c:75
Definition: compat.h:836
UCHAR NTAPI KeSetIdealProcessorThread(IN PKTHREAD Thread, IN UCHAR Processor)
Definition: thrdobj.c:1075
LONG NTAPI KeSetBasePriorityThread(IN PKTHREAD Thread, IN LONG Increment)
Definition: thrdobj.c:1184
KPRIORITY NTAPI KeSetPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Priority)
Definition: thrdobj.c:1327
KAFFINITY NTAPI KeSetAffinityThread(IN PKTHREAD Thread, IN KAFFINITY Affinity)
Definition: thrdobj.c:1303
_In_ WDFINTERRUPT _In_ WDF_INTERRUPT_POLICY _In_ WDF_INTERRUPT_PRIORITY Priority
Definition: wdfinterrupt.h:655
Referenced by BaseGetNamedObjectDirectory(), BaseProcessStartup(), CreateProcessAsUserCommon(), CsrRevertToSelf(), ImpersonateLoggedOnUser(), init_funcs(), InitFunctionPtrs(), InitializeDeviceData(), MiInitBalancerThread(), NpGetUserNamep(), QuerySetThreadValidator(), RevertToSelf(), RtlpExecuteIoWorkItem(), RtlpExecuteWorkItem(), SetThreadAffinityMask(), SetThreadIdealProcessor(), SetThreadPriority(), SetThreadPriorityBoost(), SetThreadToken(), START_TEST(), Test_ThreadPriorityClass(), and TlsFree().
◆ PsReferenceProcessFilePointer()
| NTSTATUS NTAPI PsReferenceProcessFilePointer | ( | IN PEPROCESS | Process, |
| OUT PFILE_OBJECT * | FileObject | ||
| ) |
Definition at line 24 of file query.c.
26{
27 PSECTION Section;
28 PAGED_CODE();
29
30 /* Lock the process */
32 {
34 }
35
36 /* Get the section */
37 Section = Process->SectionObject;
38 if (Section)
39 {
40 /* Get the file object and reference it */
43 }
44
45 /* Release the protection */
47
48 /* Return status */
50}
PFILE_OBJECT NTAPI MmGetFileObjectForSection(IN PVOID Section)
Definition: section.c:1737
Definition: mmtypes.h:807
Referenced by SeLocateProcessImageName().
