#include <ntoskrnl.h>#include <debug.h>
Include dependency graph for query.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Variables | |
| ULONG | PspTraceLevel = 0 |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ NtQueryInformationProcess()
| NTSTATUS NTAPI NtQueryInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _Out_writes_bytes_to_opt_(ProcessInformationLength, *ReturnLength) PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 211 of file query.c.
218{
223
224 PAGED_CODE();
225
226 /* Validate the information class */
228 PsProcessInfoClass,
230 ICIF_PROBE_READ,
231 ProcessInformation,
232 ProcessInformationLength,
233 ReturnLength,
234 NULL,
235 PreviousMode);
237 {
238#if DBG
239 DPRINT1("NtQueryInformationProcess(ProcessInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
240 PspDumpProcessInfoClassName(ProcessInformationClass), Status);
241#endif
243 }
244
246 (ProcessInformationClass == ProcessImageInformation)) &&
248 {
249 /*
250 * Retrieving the process cookie is only allowed for the calling process
251 * itself! XP only allows NtCurrentProcess() as process handles even if
252 * a real handle actually represents the current process.
253 */
255 }
256
257 /* Check the information class */
258 switch (ProcessInformationClass)
259 {
260 /* Basic process information */
262 {
264
266 {
268 break;
269 }
270
271 /* Set the return length */
273
274 /* Reference the process */
277 PsProcessType,
278 PreviousMode,
280 NULL);
282
283 /* Protect writes with SEH */
284 _SEH2_TRY
285 {
286 /* Write all the information from the EPROCESS/KPROCESS */
291 UniqueProcessId;
292 ProcessBasicInfo->InheritedFromUniqueProcessId =
295
296 }
298 {
299 /* Get exception code */
301 }
302 _SEH2_END;
303
304 /* Dereference the process */
306 break;
307 }
308
309 /* Process quota limits */
311 {
312 QUOTA_LIMITS_EX QuotaLimits;
313 BOOLEAN Extended;
314
317 {
319 break;
320 }
321
322 /* Set the return length */
323 Length = ProcessInformationLength;
325
326 /* Reference the process */
329 PsProcessType,
330 PreviousMode,
332 NULL);
334
335 /* Indicate success */
337
339
340 /* Get max/min working set sizes */
341 QuotaLimits.MaximumWorkingSetSize =
343 QuotaLimits.MinimumWorkingSetSize =
345
346 /* Get default time limits */
348
349 /* Is quota block a default one? */
351 {
352 /* Get default pools and pagefile limits */
356 }
357 else
358 {
359 /* Get limits from non-default quota block */
360 QuotaLimits.PagedPoolLimit =
362 QuotaLimits.NonPagedPoolLimit =
364 QuotaLimits.PagefileLimit =
366 }
367
368 /* Get additional information, if needed */
369 if (Extended)
370 {
375
376 /* FIXME: Get the correct information */
377 //QuotaLimits.WorkingSetLimit = (SIZE_T)-1; // Not used on Win2k3, it is set to 0
379 }
380
381 /* Protect writes with SEH */
382 _SEH2_TRY
383 {
385 }
387 {
388 /* Get exception code */
390 }
391 _SEH2_END;
392
393 /* Dereference the process */
395 break;
396 }
397
399 {
401 PROCESS_VALUES ProcessValues;
402
404 {
406 break;
407 }
408
410
411 /* Reference the process */
414 PsProcessType,
415 PreviousMode,
417 NULL);
419
420 /* Query IO counters from the process */
422
423 _SEH2_TRY
424 {
426 }
428 {
429 /* Ignore exception */
430 }
431 _SEH2_END;
432
433 /* Set status to success in any case */
435
436 /* Dereference the process */
438 break;
439 }
440
441 /* Timing */
443 {
446
447 /* Set the return length */
449 {
451 break;
452 }
453
455
456 /* Reference the process */
459 PsProcessType,
460 PreviousMode,
462 NULL);
464
465 /* Protect writes with SEH */
466 _SEH2_TRY
467 {
468 /* Copy time information from EPROCESS/KPROCESS */
474 }
476 {
477 /* Get exception code */
479 }
480 _SEH2_END;
481
482 /* Dereference the process */
484 break;
485 }
486
487 /* Process Debug Port */
489
491 {
493 break;
494 }
495
496 /* Set the return length */
498
499 /* Reference the process */
502 PsProcessType,
503 PreviousMode,
505 NULL);
507
508 /* Protect write with SEH */
509 _SEH2_TRY
510 {
511 /* Return whether or not we have a debug port */
514 }
516 {
517 /* Get exception code */
519 }
520 _SEH2_END;
521
522 /* Dereference the process */
524 break;
525
527 {
529
531 {
533 break;
534 }
535
536 /* Set the return length*/
538
539 /* Reference the process */
542 PsProcessType,
543 PreviousMode,
545 NULL);
547
548 /* Count the number of handles this process has */
550
551 /* Protect write in SEH */
552 _SEH2_TRY
553 {
554 /* Return the count of handles */
556 }
558 {
559 /* Get the exception code */
561 }
562 _SEH2_END;
563
564 /* Dereference the process */
566 break;
567 }
568
569 /* Session ID for the process */
571 {
573
575 {
577 break;
578 }
579
580 /* Set the return length*/
582
583 /* Reference the process */
586 PsProcessType,
587 PreviousMode,
589 NULL);
591
592 /* Enter SEH for write safety */
593 _SEH2_TRY
594 {
595 /* Write back the Session ID */
597 }
599 {
600 /* Get the exception code */
602 }
603 _SEH2_END;
604
605 /* Dereference the process */
607 break;
608 }
609
610 /* Virtual Memory Statistics */
612 {
614
615 /* Validate the input length */
618 {
620 break;
621 }
622
623 /* Reference the process */
626 PsProcessType,
627 PreviousMode,
629 NULL);
631
632 /* Enter SEH for write safety */
633 _SEH2_TRY
634 {
635 /* Return data from EPROCESS */
647 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
648 //
649
650 /* Set the return length */
651 Length = ProcessInformationLength;
652 }
654 {
655 /* Get the exception code */
657 }
658 _SEH2_END;
659
660 /* Dereference the process */
662 break;
663 }
664
665 /* Hard Error Processing Mode */
667
669 {
671 break;
672 }
673
674 /* Set the return length*/
676
677 /* Reference the process */
680 PsProcessType,
681 PreviousMode,
683 NULL);
685
686 /* Enter SEH for writing back data */
687 _SEH2_TRY
688 {
689 /* Write the current processing mode */
691 DefaultHardErrorProcessing;
692 }
694 {
695 /* Get the exception code */
697 }
698 _SEH2_END;
699
700 /* Dereference the process */
702 break;
703
704 /* Priority Boosting status */
706
708 {
710 break;
711 }
712
713 /* Set the return length */
715
716 /* Reference the process */
719 PsProcessType,
720 PreviousMode,
722 NULL);
724
725 /* Enter SEH for writing back data */
726 _SEH2_TRY
727 {
728 /* Return boost status */
731 }
733 {
734 /* Get the exception code */
736 }
737 _SEH2_END;
738
739 /* Dereference the process */
741 break;
742
743 /* DOS Device Map */
745 {
747
749 {
750 /* Protect read in SEH */
751 _SEH2_TRY
752 {
753 PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
754
756 }
758 {
759 /* Get the exception code */
762 }
763 _SEH2_END;
764
765 /* Only one flag is supported and it needs LUID mappings */
767 !ObIsLUIDDeviceMapsEnabled())
768 {
770 break;
771 }
772 }
773 else
774 {
775 /* This has to be the size of the Query union field for x64 compatibility! */
777 {
779 break;
780 }
781
782 /* No flags for standard call */
783 Flags = 0;
784 }
785
786 /* Set the return length */
787 Length = ProcessInformationLength;
788
789 /* Reference the process */
792 PsProcessType,
793 PreviousMode,
795 NULL);
797
798 /* Query the device map information */
800 ProcessInformation,
801 Flags);
802
803 /* Dereference the process */
805 break;
806 }
807
808 /* Priority class */
810 {
812
814 {
816 break;
817 }
818
819 /* Set the return length*/
821
822 /* Reference the process */
825 PsProcessType,
826 PreviousMode,
828 NULL);
830
831 /* Enter SEH for writing back data */
832 _SEH2_TRY
833 {
834 /* Return current priority class */
837 }
839 {
840 /* Get the exception code */
842 }
843 _SEH2_END;
844
845 /* Dereference the process */
847 break;
848 }
849
851 {
853
854 /* Reference the process */
857 PsProcessType,
858 PreviousMode,
860 NULL);
862
863 /* Get the image path */
866 {
867 /* Set the return length */
870
871 /* Make sure it's large enough */
873 {
874 /* Enter SEH to protect write */
875 _SEH2_TRY
876 {
877 /* Copy it */
878 RtlCopyMemory(ProcessInformation,
879 ImageName,
880 Length);
881
882 /* Update pointer */
883 ((PUNICODE_STRING)ProcessInformation)->Buffer =
885 }
887 {
888 /* Get the exception code */
890 }
891 _SEH2_END;
892 }
893 else
894 {
895 /* Buffer too small */
897 }
898
899 /* Free the image path */
901 }
902 /* Dereference the process */
904 break;
905 }
906
907#if (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
909 {
912
913 /* Reference the process */
915 // FIXME: Use PROCESS_QUERY_LIMITED_INFORMATION when implemented
917 PsProcessType,
918 PreviousMode,
920 NULL);
922 {
923 break;
924 }
925
926 /* Get the image path */
930 {
931 break;
932 }
936 {
937 break;
938 }
939
940 /* Determine return length and output */
943 {
944 _SEH2_TRY
945 {
950 {
953 ObjectNameInformation->Name.Buffer,
954 ObjectNameInformation->Name.MaximumLength);
955 }
956 else
957 {
960 }
961 }
963 {
965 }
966 _SEH2_END;
967 }
968 else
969 {
971 }
973
974 break;
975 }
976#endif /* (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA) */
977
979
981 {
983 break;
984 }
985
986 /* Set the return length*/
988
989 /* Reference the process */
992 PsProcessType,
993 PreviousMode,
995 NULL);
997
998 /* Enter SEH for writing back data */
999 _SEH2_TRY
1000 {
1001 /* Return the debug flag state */
1003 }
1005 {
1006 /* Get the exception code */
1008 }
1009 _SEH2_END;
1010
1011 /* Dereference the process */
1013 break;
1014
1016
1018 {
1020 break;
1021 }
1022
1023 /* Set the return length */
1025
1026 /* Reference the process */
1029 PsProcessType,
1030 PreviousMode,
1032 NULL);
1034
1035 /* Enter SEH for writing back data */
1036 _SEH2_TRY
1037 {
1038 /* Return the BreakOnTermination state */
1040 }
1042 {
1043 /* Get the exception code */
1045 }
1046 _SEH2_END;
1047
1048 /* Dereference the process */
1050 break;
1051
1052 /* Per-process security cookie */
1054 {
1056
1058 {
1059 /* Length size wrong, bail out */
1061 break;
1062 }
1063
1064 /* Get the current process and cookie */
1068 {
1069 LARGE_INTEGER SystemTime;
1070 ULONG NewCookie;
1071 PKPRCB Prcb;
1072
1073 /* Generate a new cookie */
1074 KeQuerySystemTime(&SystemTime);
1075 Prcb = KeGetCurrentPrcb();
1078
1079 /* Set the new cookie or return the current one */
1081 NewCookie,
1082 Cookie);
1084
1085 /* Set the return length */
1087 }
1088
1089 /* Indicate success */
1091
1092 /* Enter SEH to protect write */
1093 _SEH2_TRY
1094 {
1095 /* Write back the cookie */
1097 }
1099 {
1100 /* Get the exception code */
1102 }
1103 _SEH2_END;
1104 break;
1105 }
1106
1108
1110 {
1111 /* Break out */
1113 break;
1114 }
1115
1116 /* Set the length required and validate it */
1118
1119 /* Indicate success */
1121
1122 /* Enter SEH to protect write */
1123 _SEH2_TRY
1124 {
1126 }
1128 {
1129 /* Get the exception code */
1131 }
1132 _SEH2_END;
1133 break;
1134
1136 {
1138
1140 {
1142 break;
1143 }
1144
1145 /* Set the return length */
1147
1148 /* Reference the process */
1151 PsProcessType,
1152 PreviousMode,
1154 NULL);
1156
1157 /* Get the debug port. Continue even if this fails. */
1159
1160 /* Let go of the process */
1162
1163 /* Protect write in SEH */
1164 _SEH2_TRY
1165 {
1166 /* Return debug port's handle */
1167 *(PHANDLE)ProcessInformation = DebugPort;
1168 }
1170 {
1171 if (DebugPort)
1173
1174 /* Get the exception code.
1175 * Note: This overwrites any previous failure status. */
1177 }
1178 _SEH2_END;
1179 break;
1180 }
1181
1185 break;
1186
1188
1190 {
1192 break;
1193 }
1194
1195 /* Set the return length */
1197
1198 /* Indicate success */
1200
1201 /* Protect write in SEH */
1202 _SEH2_TRY
1203 {
1204 /* Query Ob */
1206 }
1208 {
1209 /* Get the exception code */
1211 }
1212 _SEH2_END;
1213 break;
1214
1216
1218 {
1220 break;
1221 }
1222
1223 /* Set the return length */
1225
1226 /* Reference the process */
1229 PsProcessType,
1230 PreviousMode,
1232 NULL);
1234
1235 /* Protect write in SEH */
1236 _SEH2_TRY
1237 {
1238 /* Return if the flag is set */
1240 }
1242 {
1243 /* Get the exception code */
1245 }
1246 _SEH2_END;
1247
1248 /* Dereference the process */
1250 break;
1251
1253 {
1254 ULONG_PTR Wow64 = 0;
1255
1257 {
1259 break;
1260 }
1261
1262 /* Set the return length */
1264
1265 /* Reference the process */
1268 PsProcessType,
1269 PreviousMode,
1271 NULL);
1273
1274#ifdef _WIN64
1275 /* Make sure the process isn't dying */
1277 {
1278 /* Get the WOW64 process structure */
1280 /* Release the lock */
1282 }
1283#endif
1284
1285 /* Dereference the process */
1287
1288 /* Protect write with SEH */
1289 _SEH2_TRY
1290 {
1291 /* Return the Wow64 process information */
1292 *(PULONG_PTR)ProcessInformation = Wow64;
1293 }
1295 {
1296 /* Get exception code */
1298 }
1299 _SEH2_END;
1300 break;
1301 }
1302
1304 {
1305 ULONG ExecuteOptions = 0;
1306
1308 {
1310 break;
1311 }
1312
1313 /* Set the return length */
1315
1317 {
1319 break;
1320 }
1321
1322 /* Get the options */
1325 {
1326 /* Protect write with SEH */
1327 _SEH2_TRY
1328 {
1329 /* Return them */
1330 *(PULONG)ProcessInformation = ExecuteOptions;
1331 }
1333 {
1334 /* Get exception code */
1336 }
1337 _SEH2_END;
1338 }
1339 break;
1340 }
1341
1345 break;
1346
1350 break;
1351
1355 break;
1356
1357 /* Not supported by Server 2003 */
1358 default:
1359#if DBG
1361#endif
1363 }
1364
1365 /* Check if caller wants the return length and if there is one */
1367 {
1368 /* Protect write with SEH */
1369 _SEH2_TRY
1370 {
1372 }
1374 {
1375 /* Get exception code.
1376 * Note: This overwrites any previous failure status. */
1378 }
1379 _SEH2_END;
1380 }
1381
1383}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
struct _UNICODE_STRING UNICODE_STRING
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
#define QUOTA_LIMITS_HARDWS_MIN_DISABLE
struct _IO_COUNTERS IO_COUNTERS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
#define QUOTA_LIMITS_HARDWS_MAX_DISABLE
struct _QUOTA_LIMITS_EX QUOTA_LIMITS_EX
#define QUOTA_LIMITS_HARDWS_MAX_ENABLE
#define QUOTA_LIMITS_HARDWS_MIN_ENABLE
struct _IO_COUNTERS * PIO_COUNTERS
Definition: nsiface.idl:2307
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1620
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2653
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
NTSTATUS NTAPI IoQueryFileDosDeviceName(IN PFILE_OBJECT FileObject, OUT POBJECT_NAME_INFORMATION *ObjectNameInformation)
Definition: file.c:3661
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
NTSTATUS NTAPI PsReferenceProcessFilePointer(_In_ PEPROCESS Process, _Outptr_ PFILE_OBJECT *FileObject)
Definition: query.c:24
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
Definition: pstypes.h:1350
Definition: pstypes.h:82
Definition: winternl.h:2373
Definition: ketypes.h:654
Definition: nt_native.h:1272
Definition: winternl.h:404
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:362
Definition: pstypes.h:392
Definition: pstypes.h:380
Definition: pstypes.h:1034
Definition: pstypes.h:405
Definition: ke.h:45
Definition: pstypes.h:67
Definition: lsa.idl:286
Definition: mmtypes.h:340
Definition: mmdrv.h:130
Definition: env_spec_w32.h:368
Definition: winternl.h:3130
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:3138
Definition: typedefs.h:103
struct _LARGE_INTEGER::@2500 u
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
struct _VM_COUNTERS * PVM_COUNTERS
struct _VM_COUNTERS_EX VM_COUNTERS_EX
Referenced by _main(), BaseInitializeStaticServerData(), check_live_target(), CheckRemoteDebuggerPresent(), CON_API_NOCONSOLE(), EmptyWorkingSet(), EnumProcessModules(), FindModule(), get_shiminfo(), getCommandLineFromProcess(), GetDriveTypeW(), GetErrorMode(), GetExitCodeProcess(), GetLogicalDrives(), GetPriorityClass(), GetProcessAffinityMask(), GetProcessExecutablePath(), GetProcessHandleCount(), GetProcessId(), GetProcessImageFileNameA(), GetProcessImageFileNameW(), GetProcessIoCounters(), GetProcessMemoryInfo(), GetProcessPriorityBoost(), GetProcessTimes(), GetProcessVersion(), GetProcessWorkingSetSizeEx(), GetSourcePaths(), GetWsChanges(), GlobalMemoryStatusEx(), init_module_iterator(), init_module_iterator_wow64(), Is64BitSystem(), IsCriticalProcess(), IsWow64Process(), PerfDataGetCommandLine(), PrintProcess(), ProcessIdToSessionId(), PsaEnumerateProcessModules(), QueryFlag(), QueryFullProcessImageNameW(), QueryProcessCycleTime(), QuerySetProcessValidator(), RtlpQueryRemoteProcessModules(), SmpApiLoop(), SmpCreateVolumeDescriptors(), SmpGetProcessMuSessionId(), test_affinity(), test_amd64_shared_info(), test_dead_process(), test_debuggee_dbgport(), test_exec_memory_writes(), test_GlobalMemoryStatus(), test_mapprotection(), test_nt_wow64(), test_NtGetCurrentProcessorNumber(), test_peb_teb(), test_process_id(), test_process_machine(), Test_ProcessBasicInformation(), Test_ProcessPriorityClassAlignment(), Test_ProcessQuotaLimits(), Test_ProcessQuotaLimitsEx(), Test_ProcessTimes(), Test_ProcessWx86Information(), test_query_process(), test_query_process_basic(), test_query_process_debug_flags(), test_query_process_debug_object_handle(), test_query_process_debug_port(), test_query_process_handlecount(), test_query_process_image_file_name(), test_query_process_image_info(), test_query_process_io(), test_query_process_priority(), test_query_process_quota_limits(), test_query_process_times(), test_query_process_vm(), test_query_process_wow64(), test_redirection(), test_section_access(), test_wow64_shared_info(), UnhandledExceptionFilter(), UserpGetClientFileName(), wmain(), and Wow64QueryFlag().
◆ NtQueryInformationThread()
| NTSTATUS NTAPI NtQueryInformationThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ THREADINFOCLASS | ThreadInformationClass, | ||
| _Out_writes_bytes_to_opt_(ThreadInformationLength, *ReturnLength) PVOID | ThreadInformation, | ||
| _In_ ULONG | ThreadInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 2985 of file query.c.
2992{
2996 ULONG Access;
2998
2999 PAGED_CODE();
3000
3001 /* Validate the information class */
3003 PsThreadInfoClass,
3005 ICIF_PROBE_READ,
3006 ThreadInformation,
3007 ThreadInformationLength,
3008 ReturnLength,
3009 NULL,
3010 PreviousMode);
3012 {
3013#if DBG
3014 DPRINT1("NtQueryInformationThread(ThreadInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
3016#endif
3018 }
3019
3020 /* Check what class this is */
3021 Access = THREAD_QUERY_INFORMATION;
3022
3023 /* Check what kind of information class this is */
3025 {
3026 /* Basic thread information */
3028 {
3029 PTHREAD_BASIC_INFORMATION ThreadBasicInfo =
3030 (PTHREAD_BASIC_INFORMATION)ThreadInformation;
3031
3032 /* Set the return length */
3034
3036 {
3038 break;
3039 }
3040
3041 /* Reference the thread */
3043 Access,
3044 PsThreadType,
3045 PreviousMode,
3047 NULL);
3049 break;
3050
3051 /* Protect writes with SEH */
3052 _SEH2_TRY
3053 {
3054 /* Write all the information from the ETHREAD/KTHREAD */
3061 }
3063 {
3064 /* Get exception code */
3066 }
3067 _SEH2_END;
3068
3069 /* Dereference the thread */
3071 break;
3072 }
3073
3074 /* Thread time information */
3076 {
3078
3079 /* Set the return length */
3081
3083 {
3085 break;
3086 }
3087
3088 /* Reference the thread */
3090 Access,
3091 PsThreadType,
3092 PreviousMode,
3094 NULL);
3096 break;
3097
3098 /* Protect writes with SEH */
3099 _SEH2_TRY
3100 {
3101 /* Copy time information from ETHREAD/KTHREAD */
3105
3106 /* Exit time is in a union and only valid on actual exit! */
3108 {
3110 }
3111 else
3112 {
3114 }
3115 }
3117 {
3118 /* Get exception code */
3120 }
3121 _SEH2_END;
3122
3123 /* Dereference the thread */
3125 break;
3126 }
3127
3129 {
3130 /* Set the return length*/
3132
3134 {
3136 break;
3137 }
3138
3139 /* Reference the thread */
3141 Access,
3142 PsThreadType,
3143 PreviousMode,
3145 NULL);
3147 break;
3148
3149 /* Protect write with SEH */
3150 _SEH2_TRY
3151 {
3152 /* Return the Win32 Start Address */
3154 }
3156 {
3157 /* Get exception code */
3159 }
3160 _SEH2_END;
3161
3162 /* Dereference the thread */
3164 break;
3165 }
3166
3168 {
3169 /* Set the return length*/
3171
3173 {
3175 break;
3176 }
3177
3178 /* Reference the thread */
3180 Access,
3181 PsThreadType,
3182 PreviousMode,
3184 NULL);
3186 break;
3187
3188 /* Protect write with SEH */
3189 _SEH2_TRY
3190 {
3191 /* FIXME */
3192 (*(PLARGE_INTEGER)ThreadInformation).QuadPart = 0;
3193 }
3195 {
3196 /* Get exception code */
3198 }
3199 _SEH2_END;
3200
3201 /* Dereference the thread */
3203 break;
3204 }
3205
3207 {
3208 /* Set the return length*/
3210
3212 {
3214 break;
3215 }
3216
3217 /* Reference the thread */
3219 Access,
3220 PsThreadType,
3221 PreviousMode,
3223 NULL);
3225 break;
3226
3227 /* Protect write with SEH */
3228 _SEH2_TRY
3229 {
3230 /* Return whether or not we are the last thread */
3233 &Thread->ThreadsProcess->
3234 ThreadListHead) ?
3236 }
3238 {
3239 /* Get exception code */
3241 }
3242 _SEH2_END;
3243
3244 /* Dereference the thread */
3246 break;
3247 }
3248
3250 {
3252
3253 /* Set the return length*/
3255
3257 {
3259 break;
3260 }
3261
3262 /* Reference the thread */
3264 Access,
3265 PsThreadType,
3266 PreviousMode,
3268 NULL);
3270 break;
3271
3272 /* Raise the IRQL to protect the IRP list */
3274
3275 /* Protect write with SEH */
3276 _SEH2_TRY
3277 {
3278 /* Check if the IRP list is empty or not */
3280 }
3282 {
3283 /* Get exception code */
3285 }
3286 _SEH2_END;
3287
3288 /* Lower IRQL back */
3290
3291 /* Dereference the thread */
3293 break;
3294 }
3295
3296 /* LDT and GDT information */
3298 {
3299#if defined(_X86_)
3300 /* Reference the thread */
3302 Access,
3303 PsThreadType,
3304 PreviousMode,
3306 NULL);
3308 break;
3309
3310 /* Call the worker routine */
3312 ThreadInformation,
3313 ThreadInformationLength,
3314 ReturnLength);
3315
3316 /* Dereference the thread */
3318#else
3319 /* Only implemented on x86 */
3321#endif
3322 break;
3323 }
3324
3326 {
3327 /* Set the return length*/
3329
3331 {
3333 break;
3334 }
3335
3336 /* Reference the thread */
3338 Access,
3339 PsThreadType,
3340 PreviousMode,
3342 NULL);
3344 break;
3345
3346 _SEH2_TRY
3347 {
3349 }
3351 {
3353 }
3354 _SEH2_END;
3355
3356 /* Dereference the thread */
3358 break;
3359 }
3360
3361#if (NTDDI_VERSION >= NTDDI_VISTA)
3363 {
3364 /* Set the return length */
3366
3368 {
3370 break;
3371 }
3372
3373 /* Reference the thread */
3375 Access,
3376 PsThreadType,
3377 PreviousMode,
3379 NULL);
3381 break;
3382
3383 /* Protect write with SEH */
3384 _SEH2_TRY
3385 {
3387 }
3389 {
3390 /* Get exception code */
3392 }
3393 _SEH2_END;
3394
3395 /* Dereference the thread */
3397 break;
3398 }
3399#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
3400
3402 {
3403 /* Set the return length */
3405
3407 {
3409 break;
3410 }
3411
3412 /* Reference the thread */
3414 Access,
3415 PsThreadType,
3416 PreviousMode,
3418 NULL);
3420 break;
3421
3422 _SEH2_TRY
3423 {
3425 }
3427 {
3429 }
3430 _SEH2_END;
3431
3432 /* Dereference the thread */
3434 break;
3435 }
3436
3438 {
3439 ULONG ThreadTerminated;
3440
3441 /* Set the return length*/
3443
3445 {
3447 break;
3448 }
3449
3450 /* Reference the thread */
3452 Access,
3453 PsThreadType,
3454 PreviousMode,
3456 NULL);
3458 break;
3459
3461
3462 _SEH2_TRY
3463 {
3464 *(PULONG)ThreadInformation = ThreadTerminated ? 1 : 0;
3465 }
3467 {
3469 }
3470 _SEH2_END;
3471
3472 /* Dereference the thread */
3474 break;
3475 }
3476
3477#if (NTDDI_VERSION >= NTDDI_WIN10_RS1) || defined(__REACTOS__)
3479 {
3480 PUNICODE_STRING ThreadName;
3481
3482 /* Reference the thread */
3484 // FIXME: Use THREAD_QUERY_LIMITED_INFORMATION when implemented
3485 THREAD_QUERY_INFORMATION,
3486 PsThreadType,
3487 PreviousMode,
3489 NULL);
3491 break;
3492
3494
3496
3497 /* Set the return length (REMARK: We only
3498 * consider Length instead of MaximumLength) */
3502 {
3506 /* As on Windows, and *not* STATUS_INFO_LENGTH_MISMATCH */
3507 break;
3508 }
3509
3510 /* Protect writes with SEH */
3511 _SEH2_TRY
3512 {
3513 PTHREAD_NAME_INFORMATION NameInfo =
3514 (PTHREAD_NAME_INFORMATION)ThreadInformation;
3516 {
3521 ThreadName->Buffer,
3522 ThreadName->Length);
3523 }
3524 else
3525 {
3527 }
3528 }
3530 {
3531 /* Get exception code */
3533 }
3534 _SEH2_END;
3535
3537
3538 /* Dereference the thread */
3540 break;
3541 }
3542#endif /* (NTDDI_VERSION >= NTDDI_WIN10_RS1) || defined(__REACTOS__) */
3543
3544 /* Anything else */
3545 default:
3546 /* Not yet implemented */
3547#if DBG
3549#endif
3551 }
3552
3553 /* Protect write with SEH */
3554 _SEH2_TRY
3555 {
3556 /* Check if caller wanted return length */
3558 }
3560 {
3561 /* Get exception code */
3563 }
3564 _SEH2_END;
3565
3567}
struct _THREAD_BASIC_INFORMATION THREAD_BASIC_INFORMATION
struct _THREAD_BASIC_INFORMATION * PTHREAD_BASIC_INFORMATION
struct _THREAD_NAME_INFORMATION * PTHREAD_NAME_INFORMATION
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
Definition: psfuncs.h:844
LONG NTAPI KeQueryBasePriorityThread(IN PKTHREAD Thread)
Definition: thrdobj.c:52
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
Definition: thread.c:868
FORCEINLINE VOID PspUnlockThreadSecurityShared(IN PETHREAD Thread)
Definition: ps_x.h:166
FORCEINLINE VOID PspLockThreadSecurityShared(IN PETHREAD Thread)
Definition: ps_x.h:155
NTSTATUS NTAPI PspQueryDescriptorThread(IN PETHREAD Thread, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
Definition: psldt.c:43
Definition: pstypes.h:1186
Definition: compat.h:926
Definition: pstypes.h:1084
union _LARGE_INTEGER LARGE_INTEGER
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
Definition: kefuncs.h:778
Referenced by CreateRemoteThread(), CsrCreateProcess(), CsrCreateRemoteThread(), CsrCreateThread(), CsrInsertThread(), CsrSbCreateSession(), DbgUiConvertStateChangeStructure(), DoThreadNameTest(), ExitThread(), fetch_thread_info(), GetExitCodeThread(), GetProcessIdOfThread(), GetThreadDescription(), GetThreadGroupAffinity(), GetThreadId(), GetThreadIdealProcessorEx(), GetThreadIOPendingFlag(), GetThreadPriority(), GetThreadPriorityBoost(), GetThreadSelectorEntry(), GetThreadTimes(), i386_stack_walk(), init_funcs(), InitFunctionPtrs(), ntGetThreadName(), PrintThreads(), QuerySetThreadValidator(), RtlFreeUserThreadStack(), RtlpIsIoPending(), SetThreadAffinityMask(), TerminateThread(), test_dbg_hidden_thread_creation(), test_HideFromDebugger(), test_peb_teb(), test_process_machine(), Test_ThreadBasicInformationClass(), test_ThreadEnableAlignmentFaultFixup(), Test_ThreadHideFromDebuggerClass(), and test_tls_links().
◆ NtSetInformationProcess()
| NTSTATUS NTAPI NtSetInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _In_reads_bytes_(ProcessInformationLength) PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength | ||
| ) |
Definition at line 1390 of file query.c.
1395{
1398 ACCESS_MASK Access;
1404 PROCESS_PRIORITY_CLASS PriorityClass = {0};
1405 PROCESS_FOREGROUND_BACKGROUND Foreground = {0};
1406 PVOID ExceptionPort;
1407 ULONG Break;
1409 KPRIORITY BasePriority = 0;
1410 UCHAR MemoryPriority = 0;
1411 BOOLEAN DisableBoost = 0;
1412 ULONG DefaultHardErrorMode = 0;
1413 ULONG DebugFlags = 0, EnableFixup = 0, Boost = 0;
1414 ULONG NoExecute = 0, VdmPower = 0;
1418 PAGED_CODE();
1419
1420 /* Validate the information class */
1422 PsProcessInfoClass,
1424 ProcessInformation,
1425 ProcessInformationLength,
1426 PreviousMode);
1428 {
1429#if DBG
1430 DPRINT1("NtSetInformationProcess(ProcessInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
1431 PspDumpProcessInfoClassName(ProcessInformationClass), Status);
1432#endif
1434 }
1435
1436 /* Check what class this is */
1437 Access = PROCESS_SET_INFORMATION;
1439 {
1440 /* Setting the Session ID needs a special mask */
1441 Access |= PROCESS_SET_SESSIONID;
1442 }
1444 {
1445 /* Setting the exception port needs a special mask */
1446 Access |= PROCESS_SUSPEND_RESUME;
1447 }
1448
1449 /* Reference the process */
1451 Access,
1452 PsProcessType,
1453 PreviousMode,
1455 NULL);
1457
1458 /* Check what kind of information class this is */
1459 switch (ProcessInformationClass)
1460 {
1462
1463 /* Check buffer length */
1465 {
1467 break;
1468 }
1469
1470 /* Use SEH for capture */
1471 _SEH2_TRY
1472 {
1473 /* Capture the boolean */
1474 VdmPower = *(PULONG)ProcessInformation;
1475 }
1477 {
1478 /* Get the exception code */
1481 }
1482 _SEH2_END;
1483
1484 /* Getting VDM powers requires the SeTcbPrivilege */
1486 {
1487 /* We don't hold the privilege, bail out */
1490 break;
1491 }
1492
1493 /* Set or clear the flag */
1494 if (VdmPower)
1495 {
1497 }
1498 else
1499 {
1501 }
1502 break;
1503
1504 /* Error/Exception Port */
1506
1507 /* Check buffer length */
1509 {
1511 break;
1512 }
1513
1514 /* Use SEH for capture */
1515 _SEH2_TRY
1516 {
1517 /* Capture the handle */
1518 PortHandle = *(PHANDLE)ProcessInformation;
1519 }
1521 {
1522 /* Get the exception code */
1525 }
1526 _SEH2_END;
1527
1528 /* Setting the error port requires the SeTcbPrivilege */
1530 {
1531 /* We don't hold the privilege, bail out */
1533 break;
1534 }
1535
1536 /* Get the LPC Port */
1538 0,
1539 LpcPortObjectType,
1540 PreviousMode,
1541 (PVOID)&ExceptionPort,
1542 NULL);
1544
1545 /* Change the pointer */
1547 ExceptionPort,
1548 NULL))
1549 {
1550 /* We already had one, fail */
1551 ObDereferenceObject(ExceptionPort);
1553 }
1554 break;
1555
1556 /* Security Token */
1558
1559 /* Check buffer length */
1561 {
1563 break;
1564 }
1565
1566 /* Use SEH for capture */
1567 _SEH2_TRY
1568 {
1569 /* Save the token handle */
1571 Token;
1572 }
1574 {
1575 /* Get the exception code */
1578 }
1579 _SEH2_END;
1580
1581 /* Assign the actual token */
1583 break;
1584
1585 /* Hard error processing */
1587
1588 /* Check buffer length */
1590 {
1592 break;
1593 }
1594
1595 /* Enter SEH for direct buffer read */
1596 _SEH2_TRY
1597 {
1598 DefaultHardErrorMode = *(PULONG)ProcessInformation;
1599 }
1601 {
1602 /* Get exception code */
1605 }
1606 _SEH2_END;
1607
1608 /* Set the mode */
1609 Process->DefaultHardErrorProcessing = DefaultHardErrorMode;
1610
1611 /* Call Ke for the update */
1613 {
1615 }
1616 else
1617 {
1619 }
1621 break;
1622
1623 /* Session ID */
1625
1626 /* Check buffer length */
1628 {
1630 break;
1631 }
1632
1633 /* Enter SEH for capture */
1634 _SEH2_TRY
1635 {
1636 /* Capture the caller's buffer */
1638 }
1640 {
1641 /* Get the exception code */
1644 }
1645 _SEH2_END;
1646
1647 /* Setting the session id requires the SeTcbPrivilege */
1649 {
1650 /* We don't hold the privilege, bail out */
1652 break;
1653 }
1654
1655 /*
1656 * Since we cannot change the session ID of the given
1657 * process anymore because it is set once and for all
1658 * at process creation time and because it is stored
1659 * inside the Process->Session structure managed by MM,
1660 * we fake changing it: we just return success if the
1661 * user-defined value is the same as the session ID of
1662 * the process, and otherwise we fail.
1663 */
1665 {
1667 }
1668 else
1669 {
1671 }
1672
1673 break;
1674
1676
1677 /* Check buffer length */
1679 {
1681 break;
1682 }
1683
1684 /* Enter SEH for capture */
1685 _SEH2_TRY
1686 {
1687 /* Capture the caller's buffer */
1688 PriorityClass = *(PPROCESS_PRIORITY_CLASS)ProcessInformation;
1689 }
1691 {
1692 /* Return the exception code */
1695 }
1696 _SEH2_END;
1697
1698 /* Check for invalid PriorityClass value */
1700 {
1702 break;
1703 }
1704
1707 {
1708 /* Check the privilege */
1710 ProcessHandle,
1711 PROCESS_SET_INFORMATION,
1712 PreviousMode);
1714 {
1718 }
1719 }
1720
1721 /* Check if we have a job */
1723 {
1725 }
1726
1727 /* Set process priority class */
1729
1730 /* Set process priority mode (foreground or background) */
1732 PriorityClass.Foreground ?
1733 PsProcessPriorityForeground :
1734 PsProcessPriorityBackground);
1736 break;
1737
1739
1740 /* Check buffer length */
1742 {
1744 break;
1745 }
1746
1747 /* Enter SEH for capture */
1748 _SEH2_TRY
1749 {
1750 /* Capture the caller's buffer */
1751 Foreground = *(PPROCESS_FOREGROUND_BACKGROUND)ProcessInformation;
1752 }
1754 {
1755 /* Return the exception code */
1758 }
1759 _SEH2_END;
1760
1761 /* Set process priority mode (foreground or background) */
1763 Foreground.Foreground ?
1764 PsProcessPriorityForeground :
1765 PsProcessPriorityBackground);
1767 break;
1768
1770
1771 /* Validate input length */
1773 {
1775 break;
1776 }
1777
1778 /* Enter SEH for direct buffer read */
1779 _SEH2_TRY
1780 {
1781 BasePriority = *(KPRIORITY*)ProcessInformation;
1782 }
1784 {
1785 /* Get exception code */
1786 Break = 0;
1789 }
1790 _SEH2_END;
1791
1792 /* Extract the memory priority out of there */
1793 if (BasePriority & 0x80000000)
1794 {
1795 MemoryPriority = MEMORY_PRIORITY_FOREGROUND;
1796 BasePriority &= ~0x80000000;
1797 }
1798 else
1799 {
1800 MemoryPriority = MEMORY_PRIORITY_BACKGROUND;
1801 }
1802
1803 /* Validate the number */
1805 {
1808 }
1809
1810 /* Check if the new base is higher */
1812 {
1814 ProcessHandle,
1815 PROCESS_SET_INFORMATION,
1816 PreviousMode);
1818 {
1820 DPRINT1("Privilege to change priority from %lx to %lx lacking\n", Process->Pcb.BasePriority, BasePriority);
1822 }
1823 }
1824
1825 /* Call Ke */
1827
1828 /* Now set the memory priority */
1831 break;
1832
1834
1835 /* Validate input length */
1837 {
1839 break;
1840 }
1841
1842 /* Enter SEH for direct buffer read */
1843 _SEH2_TRY
1844 {
1845 Boost = *(PULONG)ProcessInformation;
1846 }
1848 {
1849 /* Get exception code */
1850 Break = 0;
1853 }
1854 _SEH2_END;
1855
1856 /* Make sure the process isn't dying */
1858 {
1859 /* Lock it */
1860 KeEnterCriticalRegion();
1862
1863 /* Loop the threads */
1867 {
1868 /* Call Ke for the thread */
1871 }
1872
1873 /* Release the lock and rundown */
1875 KeLeaveCriticalRegion();
1877
1878 /* Set success code */
1880 }
1881 else
1882 {
1883 /* Avoid race conditions */
1885 }
1886 break;
1887
1889
1890 /* Check buffer length */
1892 {
1894 break;
1895 }
1896
1897 /* Enter SEH for direct buffer read */
1898 _SEH2_TRY
1899 {
1900 Break = *(PULONG)ProcessInformation;
1901 }
1903 {
1904 /* Get exception code */
1905 Break = 0;
1908 }
1909 _SEH2_END;
1910
1911 /* Setting 'break on termination' requires the SeDebugPrivilege */
1913 {
1914 /* We don't hold the privilege, bail out */
1916 break;
1917 }
1918
1919 /* Set or clear the flag */
1920 if (Break)
1921 {
1923 }
1924 else
1925 {
1927 }
1928
1929 break;
1930
1932
1933 /* Check buffer length */
1935 {
1937 break;
1938 }
1939
1940 /* Enter SEH for direct buffer read */
1941 _SEH2_TRY
1942 {
1944 }
1946 {
1947 /* Get exception code */
1948 Break = 0;
1951 }
1952 _SEH2_END;
1953
1954 /* Make sure it's valid for the CPUs present */
1957 {
1959 break;
1960 }
1961
1962 /* Check if it's within job affinity limits */
1964 {
1965 /* Not yet implemented */
1966 UNIMPLEMENTED;
1968 break;
1969 }
1970
1971 /* Make sure the process isn't dying */
1973 {
1974 /* Lock it */
1975 KeEnterCriticalRegion();
1977
1978 /* Call Ke to do the work */
1980
1981 /* Release the lock and rundown */
1983 KeLeaveCriticalRegion();
1985
1986 /* Set success code */
1988 }
1989 else
1990 {
1991 /* Avoid race conditions */
1993 }
1994 break;
1995
1996 /* Priority Boosting status */
1998
1999 /* Validate input length */
2001 {
2003 break;
2004 }
2005
2006 /* Enter SEH for direct buffer read */
2007 _SEH2_TRY
2008 {
2009 DisableBoost = *(PBOOLEAN)ProcessInformation;
2010 }
2012 {
2013 /* Get exception code */
2014 Break = 0;
2017 }
2018 _SEH2_END;
2019
2020 /* Make sure the process isn't dying */
2022 {
2023 /* Lock it */
2024 KeEnterCriticalRegion();
2026
2027 /* Call Ke to do the work */
2029
2030 /* Loop the threads too */
2034 {
2035 /* Call Ke for the thread */
2038 }
2039
2040 /* Release the lock and rundown */
2042 KeLeaveCriticalRegion();
2044
2045 /* Set success code */
2047 }
2048 else
2049 {
2050 /* Avoid race conditions */
2052 }
2053 break;
2054
2056
2057 /* Check buffer length */
2059 {
2061 break;
2062 }
2063
2064 /* Enter SEH for direct buffer read */
2065 _SEH2_TRY
2066 {
2067 DebugFlags = *(PULONG)ProcessInformation;
2068 }
2070 {
2071 /* Get exception code */
2074 }
2075 _SEH2_END;
2076
2077 /* Set the mode */
2078 if (DebugFlags & ~1)
2079 {
2081 }
2082 else
2083 {
2084 if (DebugFlags & 1)
2085 {
2087 }
2088 else
2089 {
2091 }
2092 }
2093
2094 /* Done */
2096 break;
2097
2099
2100 /* Check buffer length */
2102 {
2104 break;
2105 }
2106
2107 /* Enter SEH for direct buffer read */
2108 _SEH2_TRY
2109 {
2110 EnableFixup = *(PULONG)ProcessInformation;
2111 }
2113 {
2114 /* Get exception code */
2117 }
2118 _SEH2_END;
2119
2120 /* Set the mode */
2121 if (EnableFixup)
2122 {
2124 }
2125 else
2126 {
2127 Process->DefaultHardErrorProcessing &= ~SEM_NOALIGNMENTFAULTEXCEPT;
2128 }
2129
2130 /* Call Ke for the update */
2133 break;
2134
2136
2137 /* Only TCB can do this */
2139 {
2140 /* We don't hold the privilege, bail out */
2143 break;
2144 }
2145
2146 /* Only supported on x86 */
2147#if defined (_X86_)
2148 Ke386SetIOPL();
2149#elif defined(_M_AMD64)
2150 /* On x64 this function isn't implemented.
2151 On Windows 2003 it returns success.
2152 On Vista+ it returns STATUS_NOT_IMPLEMENTED. */
2154 (RtlRosGetAppcompatVersion() > _WIN32_WINNT_WS03))
2155 {
2157 }
2158#else
2160#endif
2161 /* Done */
2162 break;
2163
2165
2166 /* Check buffer length */
2168 {
2170 break;
2171 }
2172
2174 {
2176 break;
2177 }
2178
2179 /* Enter SEH for direct buffer read */
2180 _SEH2_TRY
2181 {
2182 NoExecute = *(PULONG)ProcessInformation;
2183 }
2185 {
2186 /* Get exception code */
2189 }
2190 _SEH2_END;
2191
2192 /* Call Mm for the update */
2194 break;
2195
2197
2198 /* Check buffer length */
2200 {
2202 break;
2203 }
2204
2205 /* Use SEH for capture */
2206 _SEH2_TRY
2207 {
2208 /* Capture the handle */
2210 }
2212 {
2213 /* Get the exception code */
2216 }
2217 _SEH2_END;
2218
2219 /* Call Ob to set the device map */
2221 break;
2222
2223
2224 /* We currently don't implement any of these */
2230 break;
2231
2233
2235 1,
2236 ProcessInformation,
2237 ProcessInformationLength,
2238 PreviousMode);
2239 break;
2240
2244 break;
2245
2249 break;
2250
2251 /* Anything else is invalid */
2252 default:
2253#if DBG
2254 DPRINT1("Invalid Server 2003 Info Class: %s\n", PspDumpProcessInfoClassName(ProcessInformationClass));
2255#endif
2257 }
2258
2259 /* Dereference and return status */
2262}
Definition: tokenizer.hpp:28
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1108
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1216
#define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL
Definition: pstypes.h:108
struct _PROCESS_FOREGROUND_BACKGROUND * PPROCESS_FOREGROUND_BACKGROUND
#define LOW_PRIORITY
#define HIGH_PRIORITY
#define InterlockedCompareExchangePointer
Definition: interlocked.h:144
struct _PROCESS_ACCESS_TOKEN * PPROCESS_ACCESS_TOKEN
KAFFINITY NTAPI KeSetAffinityProcess(IN PKPROCESS Process, IN KAFFINITY Affinity)
Definition: procobj.c:265
BOOLEAN NTAPI KeSetDisableBoostProcess(IN PKPROCESS Process, IN BOOLEAN Disable)
Definition: procobj.c:331
BOOLEAN NTAPI KeSetDisableBoostThread(IN OUT PKTHREAD Thread, IN BOOLEAN Disable)
Definition: thrdobj.c:86
BOOLEAN NTAPI KeSetAutoAlignmentProcess(IN PKPROCESS Process, IN BOOLEAN Enable)
Definition: procobj.c:313
VOID NTAPI KeBoostPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Increment)
Definition: thrdobj.c:220
KPRIORITY NTAPI KeSetPriorityAndQuantumProcess(IN PKPROCESS Process, IN KPRIORITY Priority, IN UCHAR Quantum OPTIONAL)
Definition: procobj.c:349
NTSTATUS NTAPI MmSetExecuteOptions(IN ULONG ExecuteOptions)
Definition: pagfault.c:2695
NTSTATUS NTAPI MmSetMemoryPriorityProcess(IN PEPROCESS Process, IN UCHAR MemoryPriority)
Definition: procsup.c:487
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
Definition: probe.h:70
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
Definition: priv.c:803
VOID NTAPI PsSetProcessPriorityByClass(IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE Type)
Definition: process.c:1325
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
Definition: devicemap.c:24
NTSTATUS NTAPI PspSetPrimaryToken(IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
Definition: security.c:215
NTSTATUS NTAPI PspSetQuotaLimits(_In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode)
This function adjusts the working set limits of a process and sets up new quota limits when necessary...
Definition: quota.c:1045
STDMETHOD() Next(THIS_ ULONG celt, IAssociationElement *pElement, ULONG *pceltFetched) PURE
Definition: typedefs.h:120
Definition: ntddk.h:9
Definition: pstypes.h:1043
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
Definition: halfuncs.h:174
Referenced by _main(), CreateProcessInternalW(), CSR_API(), CsrCreateProcess(), CsrpSetDefaultProcessHardErrorMode(), CsrSbCreateSession(), CsrSetBackgroundPriority(), CsrSetForegroundPriority(), CsrSetToNormalPriority(), CsrSetToShutdownPriority(), EmptyWorkingSet(), InitFunctionPtrs(), InitializeProcessForWsWatch(), InsertTokenToProcessCommon(), LdrpInitializeProcess(), QuerySetProcessValidator(), SetErrorMode(), SetPriorityClass(), SetProcessAffinityMask(), SetProcessInformation(), SetProcessPriorityBoost(), SetProcessWorkingSetSizeEx(), SmpInit(), SmpSbCreateSession(), SmpSetProcessMuSessionId(), test_exec_memory_writes(), Test_ProcBasePriorityClass(), test_process_instrumentation_callback(), Test_ProcessWx86InformationClass(), Test_ProcForegroundBackgroundClass(), and Test_ProcRaisePriorityClass().
◆ NtSetInformationThread()
| NTSTATUS NTAPI NtSetInformationThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ THREADINFOCLASS | ThreadInformationClass, | ||
| _In_reads_bytes_(ThreadInformationLength) PVOID | ThreadInformation, | ||
| _In_ ULONG | ThreadInformationLength | ||
| ) |
Definition at line 2269 of file query.c.
2274{
2280 PTEB Teb;
2281
2282 PAGED_CODE();
2283
2284 /* Validate the information class */
2286 PsThreadInfoClass,
2288 ThreadInformation,
2289 ThreadInformationLength,
2290 PreviousMode);
2292 {
2293#if DBG
2294 DPRINT1("NtSetInformationThread(ThreadInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
2296#endif
2298 }
2299
2300 /* Check what kind of information class this is */
2302 {
2303 /* Thread priority */
2305 {
2306 /* Check buffer length */
2308 {
2310 break;
2311 }
2312
2313 /* Use SEH for capture */
2314 _SEH2_TRY
2315 {
2316 /* Get the priority */
2318 }
2320 {
2321 /* Get the exception code */
2324 }
2325 _SEH2_END;
2326
2327 /* Validate it */
2330 {
2331 /* Fail */
2333 break;
2334 }
2335
2336 /* Check for the required privilege */
2338 {
2341 ThreadHandle,
2342 THREAD_SET_INFORMATION,
2343 PreviousMode);
2345 {
2348 }
2349 }
2350
2351 /* Reference the thread */
2353 THREAD_SET_INFORMATION,
2354 PsThreadType,
2355 PreviousMode,
2357 NULL);
2359 break;
2360
2361 /* Set the priority */
2363
2364 /* Dereference the thread */
2366 break;
2367 }
2368
2370 {
2371 /* Check buffer length */
2373 {
2375 break;
2376 }
2377
2378 /* Use SEH for capture */
2379 _SEH2_TRY
2380 {
2381 /* Get the priority */
2383 }
2385 {
2386 /* Get the exception code */
2389 }
2390 _SEH2_END;
2391
2392 /* Validate it */
2395 {
2396 /* These ones are OK */
2399 {
2400 /* Check if the process is real time */
2403 {
2404 /* It isn't, fail */
2406 break;
2407 }
2408 }
2409 }
2410
2411 /* Reference the thread */
2413 THREAD_SET_INFORMATION,
2414 PsThreadType,
2415 PreviousMode,
2417 NULL);
2419 break;
2420
2421 /* Set the base priority */
2423
2424 /* Dereference the thread */
2426 break;
2427 }
2428
2430 {
2432
2433 /* Check buffer length */
2435 {
2437 break;
2438 }
2439
2440 /* Use SEH for capture */
2441 _SEH2_TRY
2442 {
2443 /* Get the priority */
2445 }
2447 {
2448 /* Get the exception code */
2451 }
2452 _SEH2_END;
2453
2454 /* Validate it */
2456 {
2457 /* Fail */
2459 break;
2460 }
2461
2462 /* Reference the thread */
2464 THREAD_SET_INFORMATION,
2465 PsThreadType,
2466 PreviousMode,
2468 NULL);
2470 break;
2471
2472 /* Get the process */
2474
2475 /* Try to acquire rundown */
2477 {
2478 /* Lock it */
2479 KeEnterCriticalRegion();
2481
2482 /* Combine masks */
2485 {
2486 /* Fail */
2488 }
2489 else
2490 {
2491 /* Set the affinity */
2493 }
2494
2495 /* Release the lock and rundown */
2497 KeLeaveCriticalRegion();
2499 }
2500 else
2501 {
2502 /* Too late */
2504 }
2505
2506 /* Dereference the thread */
2508 break;
2509 }
2510
2512 {
2514
2515 /* Check buffer length */
2517 {
2519 break;
2520 }
2521
2522 /* Use SEH for capture */
2523 _SEH2_TRY
2524 {
2525 /* Save the token handle */
2527 }
2529 {
2530 /* Get the exception code */
2533 }
2534 _SEH2_END;
2535
2536 /* Reference the thread */
2538 THREAD_SET_THREAD_TOKEN,
2539 PsThreadType,
2540 PreviousMode,
2542 NULL);
2544 break;
2545
2546 /* Assign the actual token */
2548
2549 /* Dereference the thread */
2551 break;
2552 }
2553
2555 {
2557
2558 /* Check buffer length */
2560 {
2562 break;
2563 }
2564
2565 /* Use SEH for capture */
2566 _SEH2_TRY
2567 {
2568 /* Get the priority */
2570 }
2572 {
2573 /* Get the exception code */
2576 }
2577 _SEH2_END;
2578
2579 /* Reference the thread */
2581 THREAD_SET_INFORMATION,
2582 PsThreadType,
2583 PreviousMode,
2585 NULL);
2587 break;
2588
2589 /* Set the address */
2591
2592 /* Dereference the thread */
2594 break;
2595 }
2596
2598 {
2599 ULONG_PTR IdealProcessor;
2600
2601 /* Check buffer length */
2603 {
2605 break;
2606 }
2607
2608 /* Use SEH for capture */
2609 _SEH2_TRY
2610 {
2611 /* Get the priority */
2612 IdealProcessor = *(PULONG_PTR)ThreadInformation;
2613 }
2615 {
2616 /* Get the exception code */
2619 }
2620 _SEH2_END;
2621
2622 /* Validate it */
2624 {
2625 /* Fail */
2627 break;
2628 }
2629
2630 /* Reference the thread */
2632 THREAD_SET_INFORMATION,
2633 PsThreadType,
2634 PreviousMode,
2636 NULL);
2638 break;
2639
2640 /* Set the ideal */
2642 (CCHAR)IdealProcessor);
2643
2644 /* Get the TEB and protect the thread */
2647 {
2648 /* Save the ideal processor */
2650
2651 /* Release rundown protection */
2653 }
2654
2655 /* Dereference the thread */
2657 break;
2658 }
2659
2661 {
2662 ULONG_PTR DisableBoost;
2663
2664 /* Check buffer length */
2666 {
2668 break;
2669 }
2670
2671 /* Use SEH for capture */
2672 _SEH2_TRY
2673 {
2674 /* Get the priority */
2675 DisableBoost = *(PULONG_PTR)ThreadInformation;
2676 }
2678 {
2679 /* Get the exception code */
2682 }
2683 _SEH2_END;
2684
2685 /* Reference the thread */
2687 THREAD_SET_INFORMATION,
2688 PsThreadType,
2689 PreviousMode,
2691 NULL);
2693 break;
2694
2695 /* Call the kernel */
2697
2698 /* Dereference the thread */
2700 break;
2701 }
2702
2704 {
2706 PETHREAD ProcThread;
2707
2708 /* Check buffer length */
2710 {
2712 break;
2713 }
2714
2715 /* Use SEH for capture */
2716 _SEH2_TRY
2717 {
2718 /* Get the priority */
2720 }
2722 {
2723 /* Get the exception code */
2726 }
2727 _SEH2_END;
2728
2729 /* Reference the thread */
2731 THREAD_SET_INFORMATION,
2732 PsThreadType,
2733 PreviousMode,
2735 NULL);
2737 break;
2738
2739 /* This is only valid for the current thread */
2741 {
2742 /* Fail */
2745 break;
2746 }
2747
2748 /* Get the process */
2750
2751 /* Loop the threads */
2753 while (ProcThread)
2754 {
2755 /* Acquire rundown */
2757 {
2758 /* Get the TEB */
2760 if (Teb)
2761 {
2762 /* Check if we're in the expansion range */
2764 {
2766 TLS_EXPANSION_SLOTS) - 1)
2767 {
2768 /* Check if we have expansion slots */
2770 if (ExpansionSlots)
2771 {
2772 /* Clear the index */
2774 }
2775 }
2776 }
2777 else
2778 {
2779 /* Clear the index */
2781 }
2782 }
2783
2784 /* Release rundown */
2786 }
2787
2788 /* Go to the next thread */
2790 }
2791
2792 /* Dereference the thread */
2794 break;
2795 }
2796
2798 {
2799 ULONG Break;
2800
2801 /* Check buffer length */
2803 {
2805 break;
2806 }
2807
2808 /* Enter SEH for direct buffer read */
2809 _SEH2_TRY
2810 {
2811 Break = *(PULONG)ThreadInformation;
2812 }
2814 {
2815 /* Get exception code */
2816 Break = 0;
2819 }
2820 _SEH2_END;
2821
2822 /* Setting 'break on termination' requires the SeDebugPrivilege */
2824 {
2825 /* We don't hold the privilege, bail out */
2827 break;
2828 }
2829
2830 /* Reference the thread */
2832 THREAD_SET_INFORMATION,
2833 PsThreadType,
2834 PreviousMode,
2836 NULL);
2838 break;
2839
2840 /* Set or clear the flag */
2841 if (Break)
2842 {
2844 }
2845 else
2846 {
2848 }
2849
2850 /* Dereference the thread */
2852 break;
2853 }
2854
2856 {
2857 /* Check buffer length */
2859 {
2861 break;
2862 }
2863
2864 /* Reference the thread */
2866 THREAD_SET_INFORMATION,
2867 PsThreadType,
2868 PreviousMode,
2870 NULL);
2872 break;
2873
2874 /* Set the flag */
2876
2877 /* Dereference the thread */
2879 break;
2880 }
2881
2882#if (NTDDI_VERSION >= NTDDI_WIN10_RS1) || defined(__REACTOS__)
2884 {
2885 UNICODE_STRING CapturedThreadName;
2886 PUNICODE_STRING NewThreadName;
2887
2888 /* Check buffer length */
2890 {
2892 break;
2893 }
2894
2895 /* Reference the thread.
2896 * NOTE: Win10+ uses THREAD_SET_LIMITED_INFORMATION instead;
2897 * however some tools misuse thread names to perform suspicious
2898 * operations; therefore we try to mess with these by requiring
2899 * a bit more of access rights. */
2901 THREAD_SET_INFORMATION,
2902 PsThreadType,
2903 PreviousMode,
2905 NULL);
2907 break;
2908
2909 /* Probe and capture the thread name */
2911 PreviousMode,
2912 (PUNICODE_STRING)ThreadInformation);
2914 {
2916 break;
2917 }
2918
2919 /* Allocate a new buffer only if the thread name isn't empty
2920 * (REMARK: We only consider Length instead of MaximumLength).
2921 * If empty, just reset the thread name pointer to NULL instead
2922 * of allocating an empty UNICODE_STRING. */
2923 NewThreadName = NULL;
2925 {
2929 if (!NewThreadName)
2930 {
2932 }
2933 else
2934 {
2935 /* Copy the new thread name */
2936 NewThreadName->Length =
2940 CapturedThreadName.Buffer,
2941 CapturedThreadName.Length);
2942 }
2943 }
2944
2945 /* Free the captured string */
2947
2948 /* Replace the original thread name with the new one */
2950 {
2951 PUNICODE_STRING OldThreadName;
2956
2957 /* Free the old thread name */
2958 if (OldThreadName)
2960 }
2961
2962 /* Dereference the thread */
2964 break;
2965 }
2966#endif /* (NTDDI_VERSION >= NTDDI_WIN10_RS1) || defined(__REACTOS__) */
2967
2968 /* Anything else */
2969 default:
2970 /* Not yet implemented */
2971#if DBG
2973#endif
2975 }
2976
2978}
#define LOW_REALTIME_PRIORITY
NTSTATUS NTAPI PsAssignImpersonationToken(IN PETHREAD Thread, IN HANDLE TokenHandle)
Definition: security.c:502
PETHREAD NTAPI PsGetNextProcessThread(IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
Definition: process.c:75
FORCEINLINE VOID PspLockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:177
FORCEINLINE VOID PspUnlockThreadSecurityExclusive(IN PETHREAD Thread)
Definition: ps_x.h:188
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
Definition: compat.h:836
UCHAR NTAPI KeSetIdealProcessorThread(IN PKTHREAD Thread, IN UCHAR Processor)
Definition: thrdobj.c:1066
LONG NTAPI KeSetBasePriorityThread(IN PKTHREAD Thread, IN LONG Increment)
Definition: thrdobj.c:1157
KPRIORITY NTAPI KeSetPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Priority)
Definition: thrdobj.c:1300
KAFFINITY NTAPI KeSetAffinityThread(IN PKTHREAD Thread, IN KAFFINITY Affinity)
Definition: thrdobj.c:1276
_In_ WDFINTERRUPT _In_ WDF_INTERRUPT_POLICY _In_ WDF_INTERRUPT_PRIORITY Priority
Definition: wdfinterrupt.h:655
Referenced by BaseGetNamedObjectDirectory(), BaseProcessStartup(), CreateProcessAsUserCommon(), CsrRevertToSelf(), DoThreadNameTest(), exec_write_handler(), ImpersonateLoggedOnUser(), init_funcs(), InitFunctionPtrs(), InitializeDeviceData(), MiInitBalancerThread(), NpGetUserNamep(), QuerySetThreadValidator(), RevertToSelf(), RtlpExecuteIoWorkItem(), RtlpExecuteWorkItem(), set_thread_name(), SetThreadAffinityMask(), SetThreadDescription(), SetThreadGroupAffinity(), SetThreadIdealProcessor(), SetThreadInformation(), SetThreadPriority(), SetThreadPriorityBoost(), SetThreadToken(), START_TEST(), test_exec_memory_writes(), test_object_permanence(), test_thread_description(), Test_ThreadHideFromDebuggerClass(), Test_ThreadPriorityClass(), and TlsFree().
◆ PsReferenceProcessFilePointer()
| NTSTATUS NTAPI PsReferenceProcessFilePointer | ( | _In_ PEPROCESS | Process, |
| _Outptr_ PFILE_OBJECT * | FileObject | ||
| ) |
Definition at line 24 of file query.c.
27{
28 PSECTION Section;
29 PAGED_CODE();
30
31 /* Lock the process */
33 {
35 }
36
37 /* Get the section */
38 Section = Process->SectionObject;
39 if (Section)
40 {
41 /* Get the file object and reference it */
44 }
45
46 /* Release the protection */
48
49 /* Return status */
51}
PFILE_OBJECT NTAPI MmGetFileObjectForSection(IN PVOID Section)
Definition: section.c:1543
Definition: mmtypes.h:810
Referenced by NtQueryInformationProcess(), and SeLocateProcessImageName().
