37 Section =
Process->SectionObject;
95 ProcessInformationLength,
101 DPRINT1(
"NtQueryInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n",
Status, ProcessInformationClass);
118 switch (ProcessInformationClass)
233 if (ProcessInformationLength !=
sizeof(
IO_COUNTERS))
315 if (ProcessInformationLength !=
sizeof(
HANDLE))
353 if (ProcessInformationLength !=
sizeof(
ULONG))
378 *(
PULONG)ProcessInformation = HandleCount;
433 if ((ProcessInformationLength !=
sizeof(
VM_COUNTERS)) &&
468 Length = ProcessInformationLength;
484 if (ProcessInformationLength !=
sizeof(
ULONG))
507 DefaultHardErrorProcessing;
523 if (ProcessInformationLength !=
sizeof(
ULONG))
601 Length = ProcessInformationLength;
680 if (
Length <= ProcessInformationLength)
716 if (ProcessInformationLength !=
sizeof(
ULONG))
738 *(
PULONG)ProcessInformation =
Process->NoDebugInherit ? 0 : 1;
753 if (ProcessInformationLength !=
sizeof(
ULONG))
791 if (ProcessInformationLength !=
sizeof(
ULONG))
811 SystemTime.
u.LowPart ^ SystemTime.
u.HighPart;
870 if (ProcessInformationLength !=
sizeof(
HANDLE))
898 *(
PHANDLE)ProcessInformation = DebugPort;
909 DPRINT1(
"Handle tracing Not implemented: %lx\n", ProcessInformationClass);
915 if (ProcessInformationLength !=
sizeof(
ULONG))
943 if (ProcessInformationLength !=
sizeof(
ULONG))
980 if (ProcessInformationLength !=
sizeof(
ULONG_PTR))
1030 if (ProcessInformationLength !=
sizeof(
ULONG))
1052 *(
PULONG)ProcessInformation = ExecuteOptions;
1064 DPRINT1(
"VDM/16-bit not implemented: %lx\n", ProcessInformationClass);
1069 DPRINT1(
"WS Watch Not implemented: %lx\n", ProcessInformationClass);
1074 DPRINT1(
"Pool limits Not implemented: %lx\n", ProcessInformationClass);
1080 DPRINT1(
"Unsupported info class: %lx\n", ProcessInformationClass);
1108 IN ULONG ProcessInformationLength)
1120 PVOID ExceptionPort;
1124 UCHAR MemoryPriority = 0;
1126 ULONG DefaultHardErrorMode = 0;
1127 ULONG DebugFlags = 0, EnableFixup = 0, Boost = 0;
1128 ULONG NoExecute = 0, VdmPower = 0;
1139 ProcessInformationLength,
1143 DPRINT1(
"NtSetInformationProcess(): Information verification class failed! (Status -> 0x%lx, ProcessInformationClass -> %lx)\n",
Status, ProcessInformationClass);
1170 switch (ProcessInformationClass)
1175 if (ProcessInformationLength !=
sizeof(
ULONG))
1185 VdmPower = *(
PULONG)ProcessInformation;
1200 DPRINT1(
"Need TCB privilege\n");
1219 if (ProcessInformationLength !=
sizeof(
HANDLE))
1229 PortHandle = *(
PHANDLE)ProcessInformation;
1252 (
PVOID)&ExceptionPort,
1300 if (ProcessInformationLength !=
sizeof(
ULONG))
1309 DefaultHardErrorMode = *(
PULONG)ProcessInformation;
1320 Process->DefaultHardErrorProcessing = DefaultHardErrorMode;
1366 #if 0 // OLD AND DEPRECATED CODE!!!! 1467 DPRINT1(
"Privilege to change priority to realtime lacking\n");
1475 DPRINT1(
"Jobs not yet supported\n");
1523 if (ProcessInformationLength !=
sizeof(
KPRIORITY))
1532 BasePriority = *(
KPRIORITY*)ProcessInformation;
1544 if (BasePriority & 0x80000000)
1547 BasePriority &= ~0x80000000;
1562 if (BasePriority >
Process->Pcb.BasePriority)
1571 DPRINT1(
"Privilege to change priority from %lx to %lx lacking\n", BasePriority,
Process->Pcb.BasePriority);
1587 if (ProcessInformationLength !=
sizeof(
ULONG))
1596 Boost = *(
PULONG)ProcessInformation;
1615 for (Next =
Process->ThreadListHead.Flink;
1616 Next != &
Process->ThreadListHead;
1642 if (ProcessInformationLength !=
sizeof(
ULONG))
1651 Break = *(
PULONG)ProcessInformation;
1685 if (ProcessInformationLength !=
sizeof(
KAFFINITY))
1751 if (ProcessInformationLength !=
sizeof(
ULONG))
1760 DisableBoost = *(
PBOOLEAN)ProcessInformation;
1782 for (Next =
Process->ThreadListHead.Flink;
1783 Next != &
Process->ThreadListHead;
1809 if (ProcessInformationLength !=
sizeof(
ULONG))
1818 DebugFlags = *(
PULONG)ProcessInformation;
1829 if (DebugFlags & ~1)
1852 if (ProcessInformationLength !=
sizeof(
BOOLEAN))
1861 EnableFixup = *(
PULONG)ProcessInformation;
1892 DPRINT1(
"Need TCB to set IOPL\n");
1900 #elif defined(_M_AMD64) 1918 if (ProcessInformationLength !=
sizeof(
ULONG))
1933 NoExecute = *(
PULONG)ProcessInformation;
1950 if (ProcessInformationLength !=
sizeof(
HANDLE))
1979 DPRINT1(
"VDM/16-bit Request not implemented: %lx\n", ProcessInformationClass);
1988 ProcessInformationLength,
1993 DPRINT1(
"WS watch not implemented\n");
1998 DPRINT1(
"Handle tracing not implemented\n");
2004 DPRINT1(
"Invalid Server 2003 Info Class: %lx\n", ProcessInformationClass);
2036 PVOID *ExpansionSlots;
2352 IdealProcessor = *(
PULONG_PTR)ThreadInformation;
2382 (
CCHAR)IdealProcessor);
2412 DisableBoost = *(
PULONG_PTR)ThreadInformation;
2492 Teb = ProcThread->
Tcb.
Teb;
2541 Break = *(
PULONG)ThreadInformation;
2639 ULONG ThreadTerminated;
2860 *(
PULONG)ThreadInformation = ((
Thread->ThreadsProcess->
2862 &
Thread->ThreadsProcess->
2987 Length =
sizeof(ThreadTerminated);
3009 *(
PULONG)ThreadInformation = ThreadTerminated ? 1 : 0;
#define KeQuerySystemTime(t)
struct _THREAD_BASIC_INFORMATION THREAD_BASIC_INFORMATION
#define MAXIMUM_PROCESSORS
BOOLEAN NTAPI KeSetDisableBoostThread(IN OUT PKTHREAD Thread, IN BOOLEAN Disable)
#define RTL_FIELD_SIZE(type, field)
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
PFILE_OBJECT NTAPI MmGetFileObjectForSection(IN PVOID Section)
#define PspClearProcessFlag(Process, Flag)
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
struct _VM_COUNTERS_ * PVM_COUNTERS
#define STATUS_PRIVILEGE_NOT_HELD
#define PSF_BREAK_ON_TERMINATION_BIT
_In_ ULONG _In_ ULONG _In_ ULONG Length
KAFFINITY NTAPI KeSetAffinityProcess(IN PKPROCESS Process, IN KAFFINITY Affinity)
#define STATUS_INFO_LENGTH_MISMATCH
#define _WIN32_WINNT_WS03
#define PsGetCurrentThread()
BOOLEAN NTAPI KeSetAutoAlignmentProcess(IN PKPROCESS Process, IN BOOLEAN Enable)
#define PspClearCrossThreadFlag(Thread, Flag)
KAFFINITY NTAPI KeSetAffinityThread(IN PKTHREAD Thread, IN KAFFINITY Affinity)
#define PROCESS_QUERY_INFORMATION
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
const LUID SeDebugPrivilege
#define SEM_NOALIGNMENTFAULTEXCEPT
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
#define STATUS_INVALID_PARAMETER
BOOLEAN NTAPI KeSetDisableBoostProcess(IN PKPROCESS Process, IN BOOLEAN Disable)
#define TLS_EXPANSION_SLOTS
SIZE_T QuotaPagedPoolUsage
#define THREAD_SET_INFORMATION
#define THREAD_BASE_PRIORITY_MAX
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
struct _PROCESS_ACCESS_TOKEN * PPROCESS_ACCESS_TOKEN
EX_RUNDOWN_REF RundownProtect
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
#define ExAcquireRundownProtection
VOID NTAPI Ke386SetIOPL(VOID)
static HANDLE DirectoryHandle
SIZE_T QuotaPeakPagedPoolUsage
#define InterlockedCompareExchange
#define LOW_REALTIME_PRIORITY
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
LONG NTAPI KeSetBasePriorityThread(IN PKTHREAD Thread, IN LONG Increment)
#define PROCESS_SUSPEND_RESUME
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
#define THREAD_SET_THREAD_TOKEN
SIZE_T QuotaPeakNonPagedPoolUsage
NTSTATUS NTAPI PspQueryDescriptorThread(IN PETHREAD Thread, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
NTSTATUS NTAPI PspSetQuotaLimits(_In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode)
This function adjusts the working set limits of a process and sets up new quota limits when necessary...
VOID NTAPI KeBoostPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Increment)
struct _QUOTA_LIMITS QUOTA_LIMITS
return STATUS_NOT_IMPLEMENTED
enum _PROCESSINFOCLASS PROCESSINFOCLASS
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
#define InterlockedCompareExchangePointer
_In_ THREADINFOCLASS ThreadInformationClass
struct _QUOTA_LIMITS * PQUOTA_LIMITS
BOOLEAN NTAPI KeReadStateThread(IN PKTHREAD Thread)
#define PsGetCurrentProcess
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
NTSTATUS NTAPI PspSetPrimaryToken(IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
SIZE_T QuotaNonPagedPoolUsage
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
#define CT_HIDE_FROM_DEBUGGER_BIT
NTSTATUS NTAPI NtSetInformationThread(IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength)
#define CT_BREAK_ON_TERMINATION_BIT
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
struct _THREAD_BASIC_INFORMATION * PTHREAD_BASIC_INFORMATION
#define NtCurrentProcess()
POBJECT_TYPE LpcPortObjectType
#define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
struct _LIST_ENTRY * Flink
_In_ KPROCESSOR_MODE PreviousMode
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
#define THREAD_BASE_PRIORITY_LOWRT
_Must_inspect_result_ _In_ ULONG Flags
#define PROCESS_PRIORITY_CLASS_REALTIME
struct _PROCESS_FOREGROUND_BACKGROUND * PPROCESS_FOREGROUND_BACKGROUND
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
#define NT_SUCCESS(StatCode)
#define EXCEPTION_EXECUTE_HANDLER
#define PSF_NO_DEBUG_INHERIT_BIT
#define THREAD_BASE_PRIORITY_IDLE
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
#define STATUS_PROCESS_IS_TERMINATING
#define ObDereferenceObject
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
#define MEMORY_PRIORITY_BACKGROUND
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
#define STATUS_ACCESS_DENIED
BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended)
NTSTATUS NTAPI PsReferenceProcessFilePointer(IN PEPROCESS Process, OUT PFILE_OBJECT *FileObject)
NTSTATUS NTAPI NtQueryInformationThread(IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
struct _LARGE_INTEGER::@2249 u
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
#define STATUS_UNSUCCESSFUL
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
PETHREAD NTAPI PsGetNextProcessThread(IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
VOID NTAPI KeDetachProcess(VOID)
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
_In_ WDFINTERRUPT _In_ WDF_INTERRUPT_POLICY _In_ WDF_INTERRUPT_PRIORITY Priority
static const char * ImageName
union _LARGE_INTEGER LARGE_INTEGER
POBJECT_TYPE PsThreadType
NTSTATUS NTAPI MmSetExecuteOptions(IN ULONG ExecuteOptions)
#define STATUS_INVALID_INFO_CLASS
#define PROCESS_LUID_DOSDEVICES_ONLY
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
#define PspSetCrossThreadFlag(Thread, Flag)
#define PSF_VDM_ALLOWED_BIT
#define KeEnterCriticalRegion()
NTSTATUS NTAPI PsAssignImpersonationToken(IN PETHREAD Thread, IN HANDLE TokenHandle)
KPRIORITY NTAPI KeSetPriorityAndQuantumProcess(IN PKPROCESS Process, IN KPRIORITY Priority, IN UCHAR Quantum OPTIONAL)
INT64 MinimumWorkingSetSize
KAFFINITY KeActiveProcessors
VOID NTAPI PsSetProcessPriorityByClass(IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE Type)
const LUID SeIncreaseBasePriorityPrivilege
BOOLEAN HasPrivilege(IN PPRIVILEGE_SET Privilege)
#define MEMORY_PRIORITY_FOREGROUND
const LUID SeTcbPrivilege
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
#define KeLeaveCriticalRegion()
#define THREAD_BASE_PRIORITY_MIN
NTSTATUS NTAPI NtSetInformationProcess(IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength)
enum _THREADINFOCLASS THREADINFOCLASS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
KPRIORITY NTAPI KeSetPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Priority)
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
VOID NTAPI KeAttachProcess(IN PKPROCESS Process)
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
NTSTATUS NTAPI MmSetMemoryPriorityProcess(IN PEPROCESS Process, IN UCHAR MemoryPriority)
VOID NTAPI KeRaiseIrql(KIRQL NewIrql, PKIRQL OldIrql)
INT64 MaximumWorkingSetSize
UNICODE_STRING * PUNICODE_STRING
struct _IO_COUNTERS IO_COUNTERS
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
#define PROCESS_SET_SESSIONID
#define ObReferenceObject
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
#define PspSetProcessFlag(Process, Flag)
static LIST_ENTRY ThreadListHead
#define THREAD_QUERY_INFORMATION
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
#define RtlCopyMemory(Destination, Source, Length)
#define PROCESS_SET_INFORMATION
PVOID * TlsExpansionSlots
#define _SEH2_EXCEPT(...)
SIZE_T PeakWorkingSetSize
#define _SEH2_GetExceptionCode()
#define _SEH2_YIELD(__stmt)
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
UCHAR NTAPI KeSetIdealProcessorThread(IN PKTHREAD Thread, IN UCHAR Processor)
VOID NTAPI KeLowerIrql(KIRQL NewIrql)
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
_In_ HANDLE ProcessHandle
static const INFORMATION_CLASS_INFO PsThreadInfoClass[]
#define ExFreePoolWithTag(_P, _T)
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
LONG NTAPI KeQueryBasePriorityThread(IN PKTHREAD Thread)
POBJECT_TYPE PsProcessType
union _LARGE_INTEGER * PLARGE_INTEGER
NTSTATUS NTAPI NtQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
static const INFORMATION_CLASS_INFO PsProcessInfoClass[]
#define TLS_MINIMUM_AVAILABLE
struct _IO_COUNTERS * PIO_COUNTERS
#define STATUS_PORT_ALREADY_SET
PULONG MinorVersion OPTIONAL
1.8.15