#include <ntoskrnl.h>#include <debug.h>
Include dependency graph for kill.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Variables | |
| LIST_ENTRY | PspReaperListHead = { NULL, NULL } |
| WORK_QUEUE_ITEM | PspReaperWorkItem |
| LARGE_INTEGER | ShortTime = {{-10 * 100 * 1000, -1}} |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ NtRegisterThreadTerminatePort()
Definition at line 1350 of file kill.c.
1351{
1353 PTERMINATION_PORT TerminationPort;
1354 PVOID TerminationLpcPort;
1356 PAGED_CODE();
1358
1359 /* Get the Port */
1361 PORT_ALL_ACCESS,
1362 LpcPortObjectType,
1363 KeGetPreviousMode(),
1364 &TerminationLpcPort,
1365 NULL);
1367
1368 /* Allocate the Port and make sure it suceeded */
1371 '=TsP');
1372 if(TerminationPort)
1373 {
1374 /* Associate the Port */
1376 TerminationPort->Port = TerminationLpcPort;
1379
1380 /* Return success */
1382 }
1383
1384 /* Dereference and Fail */
1385 ObDereferenceObject(TerminationLpcPort);
1387}
Definition: nsiface.idl:2307
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: pstypes.h:1191
Definition: pstypes.h:1168
Referenced by CsrNewThread().
◆ NtTerminateProcess()
Definition at line 1169 of file kill.c.
1171{
1175 BOOLEAN KillByHandle;
1176 PAGED_CODE();
1179
1180 /* Were we passed a process handle? */
1182 {
1183 /* Yes we were, use it */
1184 KillByHandle = TRUE;
1185 }
1186 else
1187 {
1188 /* We weren't... we assume this is suicide */
1189 KillByHandle = FALSE;
1191 }
1192
1193 /* Get the Process Object */
1195 PROCESS_TERMINATE,
1196 PsProcessType,
1197 KeGetPreviousMode(),
1199 NULL);
1201
1202 /* Check if this is a Critical Process, and Bugcheck */
1204 {
1205 /* Break to debugger */
1207 Process,
1208 Process->ImageFileName);
1209 }
1210
1211 /* Lock the Process */
1213 {
1214 /* Failed to lock, fail */
1217 }
1218
1219 /* Set the delete flag, unless the process is comitting suicide */
1221
1222 /* Get the first thread */
1226 {
1227 /* We know we have at least a thread */
1229
1230 /* Loop and kill the others */
1231 do
1232 {
1233 /* Ensure it's not ours*/
1235 {
1236 /* Kill it */
1238 }
1239
1240 /* Move to the next thread */
1243 }
1244
1245 /* Unlock the process */
1247
1248 /* Check if we are killing ourselves */
1250 {
1251 /* Also make sure the caller gave us our handle */
1252 if (KillByHandle)
1253 {
1254 /* Dereference the process */
1256
1257 /* Terminate ourselves */
1259 }
1260 }
1262 {
1263 /* Disable debugging on this process */
1265 }
1266
1267 /* Check if there was nothing to terminate, or if we have a Debug Port */
1269 ((Process->DebugPort) && (KillByHandle)))
1270 {
1271 /* Clear the handle table */
1273
1274 /* Return status now */
1276 }
1277
1278 /* Decrease the reference count we added */
1280
1281 /* Return status */
1283}
NTSTATUS NTAPI DbgkClearProcessDebugObject(IN PEPROCESS Process, IN PDEBUG_OBJECT SourceDebugObject OPTIONAL)
Definition: dbgkobj.c:1410
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
VOID NTAPI PspCatchCriticalBreak(IN PCHAR Message, IN PVOID ProcessOrThread, IN PCHAR ImageName)
Definition: kill.c:27
NTSTATUS NTAPI PspTerminateThreadByPointer(IN PETHREAD Thread, IN NTSTATUS ExitStatus, IN BOOLEAN bSelf)
Definition: kill.c:996
VOID NTAPI ObClearProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:2027
PETHREAD NTAPI PsGetNextProcessThread(IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
Definition: process.c:75
Definition: pstypes.h:1355
◆ NtTerminateThread()
Definition at line 1287 of file kill.c.
1289{
1293 PAGED_CODE();
1296
1297 /* Handle the special NULL case */
1298 if (!ThreadHandle)
1299 {
1300 /* Check if we're the only thread left */
1302 {
1303 /* This is invalid */
1305 }
1306
1307 /* Terminate us directly */
1308 goto TerminateSelf;
1309 }
1311 {
1312TerminateSelf:
1313 /* Terminate this thread */
1315 ExitStatus,
1316 TRUE);
1317 }
1318
1319 /* We are terminating another thread, get the Thread Object */
1321 THREAD_TERMINATE,
1322 PsThreadType,
1323 KeGetPreviousMode(),
1325 NULL);
1327
1328 /* Check to see if we're running in the same thread */
1330 {
1331 /* Terminate it */
1333
1334 /* Dereference the Thread and return */
1336 }
1337 else
1338 {
1339 /* Dereference the thread and terminate ourselves */
1341 goto TerminateSelf;
1342 }
1343
1344 /* Return status */
1346}
Referenced by _main(), BaseSrvBSMThread(), CreateRemoteThread(), CsrApiRequestThread(), CsrpCheckRequestThreads(), DummyThread(), ExitThread(), InitializeUserModePnpManager(), PnpEventThread(), RtlExitUserThread(), RtlpExitThread(), TerminateThread(), TerminateUserModePnpManager(), Test_ThreadHideFromDebuggerClass(), Test_ThreadNameInformation(), and wWinMain().
◆ PsExitSpecialApc()
| VOID NTAPI PsExitSpecialApc | ( | IN PKAPC | Apc, |
| IN OUT PKNORMAL_ROUTINE * | NormalRoutine, | ||
| IN OUT PVOID * | NormalContext, | ||
| IN OUT PVOID * | SystemArgument1, | ||
| IN OUT PVOID * | SystemArgument2 | ||
| ) |
Definition at line 930 of file kill.c.
935{
937 PAGED_CODE();
940
941 /* Don't do anything unless we are in User-Mode */
942 if (Apc->SystemArgument2)
943 {
944 /* Free the APC */
946 PspExitApcRundown(Apc);
947
948 /* Terminate the Thread */
950 }
951}
_In_opt_ PVOID _In_opt_ PVOID _In_opt_ PVOID SystemArgument2
Definition: ketypes.h:741
Referenced by PspExitNormalApc(), and PspTerminateThreadByPointer().
◆ PspCatchCriticalBreak()
Definition at line 27 of file kill.c.
30{
33 PAGED_CODE();
34
35 /* Check if a debugger is enabled */
37 {
38 /* Print out the message */
40 do
41 {
42 /* If a debugger isn't present, don't prompt */
44
45 /* A debugger is active, prompt for action */
48 {
49 /* Break */
50 case 'B': case 'b':
51 DbgBreakPoint();
52 /* Fall through */
53
54 /* Ignore: Handle it */
55 case 'I': case 'i':
57
58 /* Unrecognized: Prompt again */
59 default:
60 break;
61 }
63 }
64
65 /* Did we ultimately handle this? */
67 {
68 /* We didn't, bugcheck */
69 KeBugCheckEx(CRITICAL_OBJECT_TERMINATION,
71 (ULONG_PTR)ProcessOrThread,
74 }
75}
DECLSPEC_NORETURN VOID NTAPI KeBugCheckEx(IN ULONG BugCheckCode, IN ULONG_PTR BugCheckParameter1, IN ULONG_PTR BugCheckParameter2, IN ULONG_PTR BugCheckParameter3, IN ULONG_PTR BugCheckParameter4)
Definition: debug.c:485
Definition: Header.h:9
NTSYSAPI ULONG NTAPI DbgPrompt(_In_z_ PCCH Prompt, _Out_writes_bytes_(MaximumResponseLength) PCH Response, _In_ ULONG MaximumResponseLength)
Definition: ketypes.h:2211
_In_ WDFIOTARGET _In_ _Strict_type_match_ WDF_IO_TARGET_SENT_IO_ACTION Action
Definition: wdfiotarget.h:510
NTSYSAPI void WINAPI DbgBreakPoint(void)
Referenced by NtTerminateProcess(), PspExitThread(), PspTerminateProcess(), and PspTerminateThreadByPointer().
◆ PspDeleteProcess()
Definition at line 253 of file kill.c.
254{
257 PAGED_CODE();
260
261 /* Check if it has an Active Process Link */
263 {
264 /* Remove it from the Active List */
270 }
271
272 /* Check for Auditing information */
274 {
275 /* Free it */
277 TAG_SEPA);
279 }
280
281 /* Check if we have a job */
283 {
284 /* Remove the process from the job */
286
287 /* Dereference it */
290 }
291
292 /* Increase the stack count */
293 Process->Pcb.StackCount++;
294
295 /* Check if we have a debug port */
297 {
298 /* Deference the Debug Port */
301 }
302
303 /* Check if we have an exception port */
305 {
306 /* Deference the Exception Port */
309 }
310
311 /* Check if we have a section object */
313 {
314 /* Deference the Section Object */
317 }
318
319#if defined(_X86_)
320 /* Clean Ldt and Vdm objects */
323#endif
324
325 /* Delete the Object Table */
327 {
328 /* Attach to the process */
330
331 /* Kill the Object Info */
333
334 /* Detach */
336 }
337
338 /* Check if we have an address space, and clean it */
340 {
341 /* Attach to the process */
343
344 /* Clean the Address Space */
346
347 /* Detach */
349
350 /* Completely delete the Address Space */
352 }
353
354 /* See if we have a PID */
356 {
357 /* Delete the PID */
359 {
360 /* Something wrong happened, bugcheck */
361 KeBugCheck(CID_HANDLE_DELETION);
362 }
363 }
364
365 /* Cleanup security information */
367
368 /* Check if we have kept information on the Working Set */
370 {
371 /* Free it */
373
374 /* And return the quota it was taking up */
376 }
377
378 /* Dereference the Device Map */
380
381 /*
382 * Dereference the quota block, the function
383 * will invoke a quota block cleanup if the
384 * block itself is no longer used by anybody.
385 */
387}
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
BOOLEAN NTAPI ExDestroyHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PHANDLE_TABLE_ENTRY HandleTableEntry OPTIONAL)
Definition: handle.c:984
VOID NTAPI MmDeleteProcessAddressSpace(IN PEPROCESS Process)
Definition: procsup.c:1357
VOID NTAPI PspExitProcess(IN BOOLEAN LastThread, IN PEPROCESS Process)
Definition: kill.c:1083
VOID NTAPI ObDereferenceDeviceMap(IN PEPROCESS Process)
Definition: devicemap.c:456
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
VOID NTAPI PspRemoveProcessFromJob(IN PEPROCESS Process, IN PEJOB Job)
Definition: job.c:138
VOID NTAPI PspDereferenceQuotaBlock(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock)
De-references a quota block when quotas have been returned back because of an object de-allocation or...
Definition: quota.c:553
VOID NTAPI PspDeleteProcessSecurity(IN PEPROCESS Process)
Definition: security.c:30
VOID NTAPI PsReturnProcessNonPagedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Returns the non paged quota pool that the process was taking up.
Definition: quota.c:938
Referenced by PspInitPhase0().
◆ PspDeleteThread()
Definition at line 391 of file kill.c.
392{
395 PAGED_CODE();
399
400 /* Check if we have a stack */
402 {
403 /* Release it */
406 }
407
408 /* Check if we have a CID Handle */
410 {
411 /* Delete the CID Handle */
413 {
414 /* Something wrong happened, bugcheck */
415 KeBugCheck(CID_HANDLE_DELETION);
416 }
417 }
418
419 /* Cleanup impersonation information */
421
422 /* Free the thread name if set */
424 {
427 }
428
429 /* Make sure the thread was inserted, before continuing */
431 return;
432
433 /* Check if the thread list is valid */
435 {
436 /* Lock the thread's process */
437 KeEnterCriticalRegion();
439
440 /* Remove us from the list */
442
443 /* Release the lock */
445 KeLeaveCriticalRegion();
446 }
447
448 /* Dereference the Process */
450}
FORCEINLINE VOID ExAcquirePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1039
FORCEINLINE VOID ExReleasePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1255
VOID NTAPI MmDeleteKernelStack(PVOID Stack, BOOLEAN GuiStack)
VOID NTAPI PspDeleteThreadSecurity(IN PETHREAD Thread)
Definition: security.c:46
Referenced by PspInitPhase0().
◆ PspExitApcRundown()
Definition at line 157 of file kill.c.
Referenced by PsExitSpecialApc(), PspExitNormalApc(), and PspTerminateThreadByPointer().
◆ PspExitNormalApc()
| VOID NTAPI PspExitNormalApc | ( | IN PVOID | NormalContext, |
| IN PVOID | SystemArgument1, | ||
| IN PVOID | SystemArgument2 | ||
| ) |
Definition at line 955 of file kill.c.
958{
961 PAGED_CODE();
963
964 /* This should never happen */
966
967 /* If we're here, this is not a System Thread, so kill it from User-Mode */
968 KeInitializeApc(Apc,
971 PsExitSpecialApc,
972 PspExitApcRundown,
973 PspExitNormalApc,
974 UserMode,
975 NormalContext);
976
977 /* Now insert the APC with the User-Mode Flag */
979 Apc,
981 2)))
982 {
983 /* Failed to insert, free the APC */
984 PspExitApcRundown(Apc);
985 }
986
987 /* Set the APC Pending flag */
989}
BOOLEAN NTAPI KeInsertQueueApc(IN PKAPC Apc, IN PVOID SystemArgument1, IN PVOID SystemArgument2, IN KPRIORITY PriorityBoost)
Definition: apc.c:735
VOID NTAPI KeInitializeApc(IN PKAPC Apc, IN PKTHREAD Thread, IN KAPC_ENVIRONMENT TargetEnvironment, IN PKKERNEL_ROUTINE KernelRoutine, IN PKRUNDOWN_ROUTINE RundownRoutine OPTIONAL, IN PKNORMAL_ROUTINE NormalRoutine, IN KPROCESSOR_MODE Mode, IN PVOID Context)
Definition: apc.c:651
VOID NTAPI PspExitNormalApc(IN PVOID NormalContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2)
Definition: kill.c:955
VOID NTAPI PsExitSpecialApc(IN PKAPC Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine, IN OUT PVOID *NormalContext, IN OUT PVOID *SystemArgument1, IN OUT PVOID *SystemArgument2)
Definition: kill.c:930
Definition: ketypes.h:599
struct _KAPC * PKAPC
Referenced by PspExitNormalApc(), and PspTerminateThreadByPointer().
◆ PspExitProcess()
Definition at line 1083 of file kill.c.
1085{
1086 ULONG Actual;
1087 PAGED_CODE();
1091
1092 /* Set Process Exit flag */
1094
1095 /* Check if we are the last thread */
1097 {
1098 /* Notify the WMI Process Callback */
1099 //WmiTraceProcess(Process, FALSE);
1100
1101 /* Run the Notification Routines */
1103 }
1104
1105 /* Cleanup the power state */
1107
1108 /* Clear the security port */
1110 {
1111 /* So we don't double-dereference */
1113 }
1115 {
1116 /* Dereference it */
1119 }
1120
1121 /* Check if we are the last thread */
1123 {
1124 /* Check if we have to set the Timer Resolution */
1126 {
1127 /* Set it to default */
1129 }
1130
1131 /* Check if we are part of a Job that has a completion port */
1133 {
1134 /* FIXME: Check job status code and do I/O completion if needed */
1135 }
1136
1137 /* FIXME: Notify the Prefetcher */
1138 }
1139 else
1140 {
1141 /* Clear process' address space here */
1143 }
1144}
NTSYSAPI NTSTATUS NTAPI ZwSetTimerResolution(_In_ ULONG RequestedResolution, _In_ BOOLEAN SetOrUnset, _Out_ PULONG ActualResolution)
VOID NTAPI MmCleanProcessAddressSpace(IN PEPROCESS Process)
Definition: procsup.c:1263
VOID NTAPI PopCleanupPowerState(IN PPOWER_STATE PowerState)
Definition: power.c:164
FORCEINLINE VOID PspRunCreateProcessNotifyRoutines(IN PEPROCESS CurrentProcess, IN BOOLEAN Create)
Definition: ps_x.h:62
Definition: ntpoapi.h:56
Referenced by PspDeleteProcess(), and PspExitThread().
◆ PspExitThread()
Definition at line 458 of file kill.c.
459{
460 CLIENT_DIED_MSG TerminationMsg;
462 PTEB Teb;
463 PEPROCESS CurrentProcess;
465 PVOID DeallocationStack;
466 SIZE_T Dummy;
468 PTERMINATION_PORT TerminationPort, NextPort;
469 PLIST_ENTRY FirstEntry, CurrentEntry;
470 PKAPC Apc;
471 PTOKEN PrimaryToken;
472 PAGED_CODE();
474
475 /* Get the Current Thread and Process */
477 CurrentProcess = Thread->ThreadsProcess;
479
480 /* Can't terminate a thread if it attached another process */
482 {
483 /* Bugcheck */
484 KeBugCheckEx(INVALID_PROCESS_ATTACH_ATTEMPT,
485 (ULONG_PTR)CurrentProcess,
489 }
490
491 /* Lower to Passive Level */
493
494 /* Can't be a worker thread */
496 {
497 /* Bugcheck */
498 KeBugCheckEx(ACTIVE_EX_WORKER_THREAD_TERMINATION,
500 0,
501 0,
502 0);
503 }
504
505 /* Can't have pending APCs */
507 {
508 /* Bugcheck */
509 KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
510 0,
512 0,
513 1);
514 }
515
516 /* Lock the thread */
518
519 /* Cleanup the power state */
521
522 /* Call the WMI Callback for Threads */
523 //WmiTraceThread(Thread, NULL, FALSE);
524
525 /* Run Thread Notify Routines before we desintegrate the thread */
527
528 /* Lock the Process before we modify its thread entries */
529 KeEnterCriticalRegion();
531
532 /* Decrease the active thread count, and check if it's 0 */
534 {
535 /* Set the delete flag */
537
538 /* Remember we are last */
539 Last = TRUE;
540
541 /* Check if this termination is due to the thread dying */
543 {
544 /* Check if the last thread was pending */
546 {
547 /* Use the last exit status */
548 CurrentProcess->ExitStatus = CurrentProcess->
549 LastThreadExitStatus;
550 }
551 }
552 else
553 {
554 /* Just a normal exit, write the code */
556 }
557
558 /* Loop all the current threads */
559 FirstEntry = &CurrentProcess->ThreadListHead;
560 CurrentEntry = FirstEntry->Flink;
561 while (FirstEntry != CurrentEntry)
562 {
563 /* Get the thread on the list */
564 OtherThread = CONTAINING_RECORD(CurrentEntry,
565 ETHREAD,
566 ThreadListEntry);
567
568 /* Check if it's a thread that's still alive */
571 (ObReferenceObjectSafe(OtherThread)))
572 {
573 /* It's a live thread and we referenced it, unlock process */
575 KeLeaveCriticalRegion();
576
577 /* Wait on the thread */
578 KeWaitForSingleObject(OtherThread,
579 Executive,
580 KernelMode,
581 FALSE,
582 NULL);
583
584 /* Check if we had a previous thread to dereference */
586
587 /* Remember the thread and re-lock the process */
588 PreviousThread = OtherThread;
589 KeEnterCriticalRegion();
591 }
592
593 /* Go to the next thread */
594 CurrentEntry = CurrentEntry->Flink;
595 }
596 }
598 {
599 /* Write down the exit status of the last thread to get killed */
601 }
602
603 /* Unlock the Process */
605 KeLeaveCriticalRegion();
606
607 /* Check if we had a previous thread to dereference */
609
610 /* Check if the process has a debug port and if this is a user thread */
612 {
613 /* Notify the Debug API. */
616 }
617
618 /* Check if this is a Critical Thread */
620 {
621 /* Break to debugger */
623 Thread,
624 CurrentProcess->ImageFileName);
625 }
626
627 /* Check if it's the last thread and this is a Critical Process */
629 {
630 /* Check if a debugger is here to handle this */
632 {
633 /* Break to debugger */
635 CurrentProcess,
636 CurrentProcess->ImageFileName);
637 }
638 else
639 {
640 /* Bugcheck, we can't allow this */
641 KeBugCheckEx(CRITICAL_PROCESS_DIED,
642 (ULONG_PTR)CurrentProcess,
643 0,
644 0,
645 0);
646 }
647 }
648
649 /* Sanity check */
651
652 /* Process the Termination Ports */
654 if (TerminationPort)
655 {
656 /* Setup the message header */
657 TerminationMsg.h.u2.ZeroInit = 0;
662
663 /* Loop each port */
664 do
665 {
666 /* Save the Create Time */
668
669 /* Loop trying to send message */
671 {
672 /* Send the LPC Message */
674 &TerminationMsg.h);
677 {
678 /* Wait a bit and try again */
680 continue;
681 }
682 break;
683 }
684
685 /* Dereference this LPC Port */
687
688 /* Move to the next one */
689 NextPort = TerminationPort->Next;
690
691 /* Free the Termination Port Object */
693
694 /* Keep looping as long as there is a port */
695 TerminationPort = NextPort;
696 } while (TerminationPort);
697 }
699 (Thread->DeadThread)) ||
700 !(Thread->DeadThread))
701 {
702 /*
703 * This case is special and deserves some extra comments. What
704 * basically happens here is that this thread doesn't have a termination
705 * port, which means that it died before being fully created. Since we
706 * still have to notify an LPC Server, we'll use the exception port,
707 * which we know exists. However, we need to know how far the thread
708 * actually got created. We have three possibilities:
709 *
710 * - NtCreateThread returned an error really early: DeadThread is set.
711 * - NtCreateThread managed to create the thread: DeadThread is off.
712 * - NtCreateThread was creating the thread (with DeadThread set,
713 * but the thread got killed prematurely: STATUS_THREAD_IS_TERMINATING
714 * is our exit code.)
715 *
716 * For the 2 & 3rd scenarios, the thread has been created far enough to
717 * warrant notification to the LPC Server.
718 */
719
720 /* Setup the message header */
721 TerminationMsg.h.u2.ZeroInit = 0;
726
727 /* Make sure the process has an exception port */
728 if (CurrentProcess->ExceptionPort)
729 {
730 /* Save the Create Time */
732
733 /* Loop trying to send message */
735 {
736 /* Send the LPC Message */
738 &TerminationMsg.h);
741 {
742 /* Wait a bit and try again */
744 continue;
745 }
746 break;
747 }
748 }
749 }
750
751 /* Rundown Win32 Thread if there is one */
753 PsW32ThreadCalloutExit);
754
755 /* If we are the last thread and have a W32 Process */
757 {
758 /* Run it down too */
760 }
761
762 /* Make sure Stack Swap is enabled */
764 {
765 /* Stack swap really shouldn't be disabled during exit! */
766 KeBugCheckEx(KERNEL_STACK_LOCKED_AT_EXIT, 0, 0, 0, 0);
767 }
768
769 /* Cancel I/O for the thread. */
771
772 /* Rundown Timers */
773 ExTimerRundown();
774
775 /* FIXME: Rundown Registry Notifications (NtChangeNotify)
776 CmNotifyRunDown(Thread); */
777
778 /* Rundown Mutexes */
779 KeRundownThread();
780
781 /* Check if we have a TEB */
783 if (Teb)
784 {
785 /* Check if the thread is still alive */
787 {
788 /* Check if we need to free its stack */
789 if (Teb->FreeStackOnTermination)
790 {
791 /* Set the TEB's Deallocation Stack as the Base Address */
792 Dummy = 0;
793 DeallocationStack = Teb->DeallocationStack;
794
795 /* Free the Thread's Stack */
796 ZwFreeVirtualMemory(NtCurrentProcess(),
797 &DeallocationStack,
798 &Dummy,
799 MEM_RELEASE);
800 }
801
802 /* Free the debug handle */
804 UserMode);
805 }
806
807 /* Decommit the TEB */
808 MmDeleteTeb(CurrentProcess, Teb);
810 }
811
812 /* Free LPC Data */
814
815 /* Save the exit status and exit time */
818
819 /* Sanity check */
821
822 /* Check if this is the final thread or not */
823 if (Last)
824 {
825 /* Set the process exit time */
827
828 /* Exit the process */
830
831 /* Get the process token and check if we need to audit */
832 PrimaryToken = PsReferencePrimaryToken(CurrentProcess);
834 {
835 /* Audit the exit */
836 SeAuditProcessExit(CurrentProcess);
837 }
838
839 /* Dereference the process token */
841
842 /* Check if this is a VDM Process and rundown the VDM DPCs if so */
844
845 /* Kill the process in the Object Manager */
846 ObKillProcess(CurrentProcess);
847
848 /* Check if we have a section object */
850 {
851 /* Dereference and clear the Section Object */
854 }
855
856 /* Check if the process is part of a job */
858 {
859 /* Remove the process from the job */
861 }
862 }
863
864 /* Disable APCs */
865 KeEnterCriticalRegion();
866
867 /* Disable APC queueing, force a resumption */
870
871 /* Re-enable APCs */
872 KeLeaveCriticalRegion();
873
874 /* Flush the User APCs */
876 if (FirstEntry)
877 {
878 /* Start with the first entry */
879 CurrentEntry = FirstEntry;
880 do
881 {
882 /* Get the APC */
884
885 /* Move to the next one */
886 CurrentEntry = CurrentEntry->Flink;
887
888 /* Rundown the APC or de-allocate it */
889 if (Apc->RundownRoutine)
890 {
891 /* Call its own routine */
892 Apc->RundownRoutine(Apc);
893 }
894 else
895 {
896 /* Do it ourselves */
897 ExFreePool(Apc);
898 }
899 }
900 while (CurrentEntry != FirstEntry);
901 }
902
903 /* Clean address space if this was the last thread */
905
906 /* Call the Lego routine */
908
909 /* Flush the APC queue, which should be empty */
912 {
913 /* Bugcheck time */
914 KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
915 (ULONG_PTR)FirstEntry,
917 KeGetCurrentIrql(),
918 0);
919 }
920
921 /* Signal the process if this was the last thread */
923
924 /* Terminate the Thread from the Scheduler */
925 KeTerminateThread(0);
926}
#define KeWaitForSingleObject(pEvt, foo, a, b, c)
Definition: env_spec_w32.h:478
ULONG NTAPI KeSetProcess(struct _KPROCESS *Process, KPRIORITY Increment, BOOLEAN InWait)
PLIST_ENTRY NTAPI KeFlushQueueApc(IN PKTHREAD Thread, IN KPROCESSOR_MODE PreviousMode)
Definition: apc.c:793
VOID NTAPI MmDeleteTeb(struct _EPROCESS *Process, PTEB Teb)
VOID NTAPI SeAuditProcessExit(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be terminated.
Definition: audit.c:77
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
Definition: audit.c:34
NTSTATUS NTAPI LpcRequestPort(IN PVOID PortObject, IN PPORT_MESSAGE LpcMessage)
Definition: send.c:22
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
VOID NTAPI PspExitProcessFromJob(IN PEJOB Job, IN PEPROCESS Process)
Definition: job.c:146
FORCEINLINE VOID PspRunCreateThreadNotifyRoutines(IN PETHREAD CurrentThread, IN BOOLEAN Create)
Definition: ps_x.h:40
Definition: lpctypes.h:268
Definition: typedefs.h:120
Definition: winternl.h:3332
Definition: compat.h:836
Definition: setypes.h:216
Referenced by PsExitSpecialApc(), and PspTerminateThreadByPointer().
◆ PspIsProcessExiting()
Definition at line 1076 of file kill.c.
Referenced by MmpPageOutPhysicalAddress().
◆ PspReapRoutine()
Definition at line 167 of file kill.c.
168{
169 PSINGLE_LIST_ENTRY NextEntry;
172
173 /* Start main loop */
174 do
175 {
176 /* Write magic value and return the next entry to process */
178 (PVOID)1);
180
181 /* Start inner loop */
182 do
183 {
184 /* Get the first Thread Entry */
186
187 /* Delete this entry's kernel stack */
191
192 /* Move to the next entry */
193 NextEntry = NextEntry->Next;
194
195 /* Dereference this thread */
198
199 /* Remove magic value, keep looping if it got changed */
201 NULL,
203}
#define InterlockedCompareExchangePointer
Definition: interlocked.h:144
Definition: ntbasedef.h:640
Referenced by PspInitPhase0().
◆ PspShutdownProcessManager()
Definition at line 135 of file kill.c.
136{
138
139 /* Loop every process */
142 {
143 /* Make sure this isn't the idle or initial process */
145 {
146 /* Kill it */
148 }
149
150 /* Get the next process */
152 }
153}
NTSTATUS NTAPI PspTerminateProcess(IN PEPROCESS Process, IN NTSTATUS ExitStatus)
Definition: kill.c:79
PEPROCESS NTAPI PsGetNextProcess(IN PEPROCESS OldProcess OPTIONAL)
Definition: process.c:128
◆ PspTerminateProcess()
Definition at line 79 of file kill.c.
81{
84 PAGED_CODE();
88
89 /* Check if this is a Critical Process */
91 {
92 /* Break to debugger */
94 Process,
95 Process->ImageFileName);
96 }
97
98 /* Set the delete flag */
100
101 /* Get the first thread */
104 {
105 /* Kill it */
108
109 /* We had at least one thread, so termination is OK */
111 }
112
113 /* Check if there was nothing to terminate or if we have a debug port */
115 {
116 /* Clear the handle table anyway */
118 }
119
120 /* Return status */
122}
Referenced by PspShutdownProcessManager(), and PsTerminateProcess().
◆ PspTerminateThreadByPointer()
| NTSTATUS NTAPI PspTerminateThreadByPointer | ( | IN PETHREAD | Thread, |
| IN NTSTATUS | ExitStatus, | ||
| IN BOOLEAN | bSelf | ||
| ) |
Definition at line 996 of file kill.c.
999{
1000 PKAPC Apc;
1003 PAGED_CODE();
1006
1007 /* Check if this is a Critical Thread, and Bugcheck */
1009 {
1010 /* Break to debugger */
1012 Thread,
1013 Thread->ThreadsProcess->ImageFileName);
1014 }
1015
1016 /* Check if we are already inside the thread */
1018 {
1019 /* This should only happen at passive */
1021
1022 /* Mark it as terminated */
1024
1025 /* Directly terminate the thread */
1027 }
1028
1029 /* This shouldn't be a system thread */
1031
1032 /* Allocate the APC */
1035
1036 /* Set the Terminated Flag */
1038
1039 /* Set it, and check if it was already set while we were running */
1041 CT_TERMINATED_BIT))
1042 {
1043 /* Initialize a Kernel Mode APC to Kill the Thread */
1044 KeInitializeApc(Apc,
1046 OriginalApcEnvironment,
1047 PsExitSpecialApc,
1048 PspExitApcRundown,
1049 PspExitNormalApc,
1050 KernelMode,
1052
1053 /* Insert it into the APC Queue */
1055 {
1056 /* The APC was already in the queue, fail */
1058 }
1059 else
1060 {
1061 /* Forcefully resume the thread and return */
1064 }
1065 }
1066
1067 /* We failed, free the APC */
1069
1070 /* Return Status */
1072}
Referenced by NtTerminateProcess(), NtTerminateThread(), PspSystemThreadStartup(), PspTerminateProcess(), PspUserThreadStartup(), and PsTerminateSystemThread().
◆ PsTerminateProcess()
Definition at line 126 of file kill.c.
Referenced by DbgkpCloseObject(), and ExpDebuggerWorker().
◆ PsTerminateSystemThread()
Definition at line 1153 of file kill.c.
1154{
1156
1157 /* Make sure this is a system thread */
1159
1160 /* Terminate it for real */
1162}
Referenced by _Function_class_(), DereferenceSocketsThread(), ExpWorkerThreadBalanceManager(), ExpWorkerThreadEntryPoint(), Ext2bhReaperThread(), Ext2FcbReaperThread(), Ext2McbReaperThread(), InbvRotationThread(), KeyboardDeviceWorker(), LwipThreadMain(), MonitorThread(), Mx::MxTerminateCurrentThread(), RequeueListenThread(), RxpWorkerThreadDispatcher(), RxSpinUpRequestsDispatcher(), SermouseDeviceWorker(), sys_arch_mbox_fetch(), sys_arch_sem_wait(), SystemProcessTestWorker(), SystemProcessWorker(), TdiReceiveThread(), TdiSendThread(), FxSystemThread::Thread(), USBPORT_WorkerThread(), and VfdDeviceThread().
Variable Documentation
◆ PspReaperListHead
| LIST_ENTRY PspReaperListHead = { NULL, NULL } |
Definition at line 19 of file kill.c.
Referenced by KeTerminateThread(), and PspReapRoutine().
◆ PspReaperWorkItem
| WORK_QUEUE_ITEM PspReaperWorkItem |
Definition at line 20 of file kill.c.
Referenced by KeTerminateThread(), and PspInitPhase0().
◆ ShortTime
| LARGE_INTEGER ShortTime = {{-10 * 100 * 1000, -1}} |
Definition at line 21 of file kill.c.
Referenced by PspExitThread().
