#include <ntoskrnl.h>#include <debug.h>
Include dependency graph for kill.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Variables | |
| LIST_ENTRY | PspReaperListHead = { NULL, NULL } |
| WORK_QUEUE_ITEM | PspReaperWorkItem |
| LARGE_INTEGER | ShortTime = {{-10 * 100 * 1000, -1}} |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ NtRegisterThreadTerminatePort()
Definition at line 1342 of file kill.c.
1343{
1345 PTERMINATION_PORT TerminationPort;
1346 PVOID TerminationLpcPort;
1348 PAGED_CODE();
1350
1351 /* Get the Port */
1353 PORT_ALL_ACCESS,
1354 LpcPortObjectType,
1355 KeGetPreviousMode(),
1356 &TerminationLpcPort,
1357 NULL);
1359
1360 /* Allocate the Port and make sure it suceeded */
1363 '=TsP');
1364 if(TerminationPort)
1365 {
1366 /* Associate the Port */
1368 TerminationPort->Port = TerminationLpcPort;
1371
1372 /* Return success */
1374 }
1375
1376 /* Dereference and Fail */
1377 ObDereferenceObject(TerminationLpcPort);
1379}
Definition: nsiface.idl:2307
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: pstypes.h:1102
Definition: pstypes.h:1079
Referenced by CsrNewThread().
◆ NtTerminateProcess()
Definition at line 1161 of file kill.c.
1163{
1167 BOOLEAN KillByHandle;
1168 PAGED_CODE();
1171
1172 /* Were we passed a process handle? */
1174 {
1175 /* Yes we were, use it */
1176 KillByHandle = TRUE;
1177 }
1178 else
1179 {
1180 /* We weren't... we assume this is suicide */
1181 KillByHandle = FALSE;
1183 }
1184
1185 /* Get the Process Object */
1187 PROCESS_TERMINATE,
1188 PsProcessType,
1189 KeGetPreviousMode(),
1191 NULL);
1193
1194 /* Check if this is a Critical Process, and Bugcheck */
1196 {
1197 /* Break to debugger */
1199 Process,
1200 Process->ImageFileName);
1201 }
1202
1203 /* Lock the Process */
1205 {
1206 /* Failed to lock, fail */
1209 }
1210
1211 /* Set the delete flag, unless the process is comitting suicide */
1213
1214 /* Get the first thread */
1218 {
1219 /* We know we have at least a thread */
1221
1222 /* Loop and kill the others */
1223 do
1224 {
1225 /* Ensure it's not ours*/
1227 {
1228 /* Kill it */
1230 }
1231
1232 /* Move to the next thread */
1235 }
1236
1237 /* Unlock the process */
1239
1240 /* Check if we are killing ourselves */
1242 {
1243 /* Also make sure the caller gave us our handle */
1244 if (KillByHandle)
1245 {
1246 /* Dereference the process */
1248
1249 /* Terminate ourselves */
1251 }
1252 }
1254 {
1255 /* Disable debugging on this process */
1257 }
1258
1259 /* Check if there was nothing to terminate, or if we have a Debug Port */
1261 ((Process->DebugPort) && (KillByHandle)))
1262 {
1263 /* Clear the handle table */
1265
1266 /* Return status now */
1268 }
1269
1270 /* Decrease the reference count we added */
1272
1273 /* Return status */
1275}
NTSTATUS NTAPI DbgkClearProcessDebugObject(IN PEPROCESS Process, IN PDEBUG_OBJECT SourceDebugObject OPTIONAL)
Definition: dbgkobj.c:1410
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
VOID NTAPI PspCatchCriticalBreak(IN PCHAR Message, IN PVOID ProcessOrThread, IN PCHAR ImageName)
Definition: kill.c:27
NTSTATUS NTAPI PspTerminateThreadByPointer(IN PETHREAD Thread, IN NTSTATUS ExitStatus, IN BOOLEAN bSelf)
Definition: kill.c:988
VOID NTAPI ObClearProcessHandleTable(IN PEPROCESS Process)
Definition: obhandle.c:2027
PETHREAD NTAPI PsGetNextProcessThread(IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
Definition: process.c:75
Definition: pstypes.h:1261
◆ NtTerminateThread()
Definition at line 1279 of file kill.c.
1281{
1285 PAGED_CODE();
1288
1289 /* Handle the special NULL case */
1290 if (!ThreadHandle)
1291 {
1292 /* Check if we're the only thread left */
1294 {
1295 /* This is invalid */
1297 }
1298
1299 /* Terminate us directly */
1300 goto TerminateSelf;
1301 }
1303 {
1304TerminateSelf:
1305 /* Terminate this thread */
1307 ExitStatus,
1308 TRUE);
1309 }
1310
1311 /* We are terminating another thread, get the Thread Object */
1313 THREAD_TERMINATE,
1314 PsThreadType,
1315 KeGetPreviousMode(),
1317 NULL);
1319
1320 /* Check to see if we're running in the same thread */
1322 {
1323 /* Terminate it */
1325
1326 /* Dereference the Thread and return */
1328 }
1329 else
1330 {
1331 /* Dereference the thread and terminate ourselves */
1333 goto TerminateSelf;
1334 }
1335
1336 /* Return status */
1338}
#define NtCurrentThread()
Referenced by _main(), BaseSrvBSMThread(), CreateRemoteThread(), CsrApiRequestThread(), CsrpCheckRequestThreads(), ExitThread(), InitializeUserModePnpManager(), PnpEventThread(), RtlExitUserThread(), RtlpExitThread(), TerminateThread(), TerminateUserModePnpManager(), and wWinMain().
◆ PsExitSpecialApc()
| VOID NTAPI PsExitSpecialApc | ( | IN PKAPC | Apc, |
| IN OUT PKNORMAL_ROUTINE * | NormalRoutine, | ||
| IN OUT PVOID * | NormalContext, | ||
| IN OUT PVOID * | SystemArgument1, | ||
| IN OUT PVOID * | SystemArgument2 | ||
| ) |
Definition at line 922 of file kill.c.
927{
929 PAGED_CODE();
932
933 /* Don't do anything unless we are in User-Mode */
934 if (Apc->SystemArgument2)
935 {
936 /* Free the APC */
938 PspExitApcRundown(Apc);
939
940 /* Terminate the Thread */
942 }
943}
_In_opt_ PVOID _In_opt_ PVOID _In_opt_ PVOID SystemArgument2
Definition: ketypes.h:677
Referenced by PspExitNormalApc(), and PspTerminateThreadByPointer().
◆ PspCatchCriticalBreak()
Definition at line 27 of file kill.c.
30{
33 PAGED_CODE();
34
35 /* Check if a debugger is enabled */
37 {
38 /* Print out the message */
40 do
41 {
42 /* If a debugger isn't present, don't prompt */
44
45 /* A debugger is active, prompt for action */
48 {
49 /* Break */
50 case 'B': case 'b':
51 DbgBreakPoint();
52 /* Fall through */
53
54 /* Ignore: Handle it */
55 case 'I': case 'i':
57
58 /* Unrecognized: Prompt again */
59 default:
60 break;
61 }
63 }
64
65 /* Did we ultimately handle this? */
67 {
68 /* We didn't, bugcheck */
69 KeBugCheckEx(CRITICAL_OBJECT_TERMINATION,
71 (ULONG_PTR)ProcessOrThread,
74 }
75}
Definition: Header.h:9
NTSYSAPI void WINAPI DbgBreakPoint(void)
NTSYSAPI ULONG NTAPI DbgPrompt(_In_z_ PCCH Prompt, _Out_writes_bytes_(MaximumResponseLength) PCH Response, _In_ ULONG MaximumResponseLength)
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108
Definition: ketypes.h:2023
_In_ WDFIOTARGET _In_ _Strict_type_match_ WDF_IO_TARGET_SENT_IO_ACTION Action
Definition: wdfiotarget.h:510
Referenced by NtTerminateProcess(), PspExitThread(), PspTerminateProcess(), and PspTerminateThreadByPointer().
◆ PspDeleteProcess()
Definition at line 253 of file kill.c.
254{
257 PAGED_CODE();
260
261 /* Check if it has an Active Process Link */
263 {
264 /* Remove it from the Active List */
270 }
271
272 /* Check for Auditing information */
274 {
275 /* Free it */
277 TAG_SEPA);
279 }
280
281 /* Check if we have a job */
283 {
284 /* Remove the process from the job */
286
287 /* Dereference it */
290 }
291
292 /* Increase the stack count */
293 Process->Pcb.StackCount++;
294
295 /* Check if we have a debug port */
297 {
298 /* Deference the Debug Port */
301 }
302
303 /* Check if we have an exception port */
305 {
306 /* Deference the Exception Port */
309 }
310
311 /* Check if we have a section object */
313 {
314 /* Deference the Section Object */
317 }
318
319#if defined(_X86_)
320 /* Clean Ldt and Vdm objects */
323#endif
324
325 /* Delete the Object Table */
327 {
328 /* Attach to the process */
330
331 /* Kill the Object Info */
333
334 /* Detach */
336 }
337
338 /* Check if we have an address space, and clean it */
340 {
341 /* Attach to the process */
343
344 /* Clean the Address Space */
346
347 /* Detach */
349
350 /* Completely delete the Address Space */
352 }
353
354 /* See if we have a PID */
356 {
357 /* Delete the PID */
359 {
360 /* Something wrong happened, bugcheck */
361 KeBugCheck(CID_HANDLE_DELETION);
362 }
363 }
364
365 /* Cleanup security information */
367
368 /* Check if we have kept information on the Working Set */
370 {
371 /* Free it */
373
374 /* And return the quota it was taking up */
376 }
377
378 /* Dereference the Device Map */
380
381 /*
382 * Dereference the quota block, the function
383 * will invoke a quota block cleanup if the
384 * block itself is no longer used by anybody.
385 */
387}
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
BOOLEAN NTAPI ExDestroyHandle(IN PHANDLE_TABLE HandleTable, IN HANDLE Handle, IN PHANDLE_TABLE_ENTRY HandleTableEntry OPTIONAL)
Definition: handle.c:984
VOID NTAPI MmDeleteProcessAddressSpace(IN PEPROCESS Process)
Definition: procsup.c:1366
VOID NTAPI PspExitProcess(IN BOOLEAN LastThread, IN PEPROCESS Process)
Definition: kill.c:1075
VOID NTAPI ObDereferenceDeviceMap(IN PEPROCESS Process)
Definition: devicemap.c:456
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
Definition: procobj.c:704
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
Definition: procobj.c:756
VOID NTAPI PspRemoveProcessFromJob(IN PEPROCESS Process, IN PEJOB Job)
Definition: job.c:138
VOID NTAPI PspDereferenceQuotaBlock(_In_opt_ PEPROCESS Process, _In_ PEPROCESS_QUOTA_BLOCK QuotaBlock)
De-references a quota block when quotas have been returned back because of an object de-allocation or...
Definition: quota.c:553
VOID NTAPI PspDeleteProcessSecurity(IN PEPROCESS Process)
Definition: security.c:30
VOID NTAPI PsReturnProcessNonPagedPoolQuota(_In_ PEPROCESS Process, _In_ SIZE_T Amount)
Returns the non paged quota pool that the process was taking up.
Definition: quota.c:938
Referenced by PspInitPhase0().
◆ PspDeleteThread()
Definition at line 391 of file kill.c.
392{
395 PAGED_CODE();
399
400 /* Check if we have a stack */
402 {
403 /* Release it */
406 }
407
408 /* Check if we have a CID Handle */
410 {
411 /* Delete the CID Handle */
413 {
414 /* Something wrong happened, bugcheck */
415 KeBugCheck(CID_HANDLE_DELETION);
416 }
417 }
418
419 /* Cleanup impersionation information */
421
422 /* Make sure the thread was inserted, before continuing */
424
425 /* Check if the thread list is valid */
427 {
428 /* Lock the thread's process */
429 KeEnterCriticalRegion();
431
432 /* Remove us from the list */
434
435 /* Release the lock */
437 KeLeaveCriticalRegion();
438 }
439
440 /* Dereference the Process */
442}
FORCEINLINE VOID ExAcquirePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1035
FORCEINLINE VOID ExReleasePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1251
VOID NTAPI MmDeleteKernelStack(PVOID Stack, BOOLEAN GuiStack)
VOID NTAPI PspDeleteThreadSecurity(IN PETHREAD Thread)
Definition: security.c:46
Referenced by PspInitPhase0().
◆ PspExitApcRundown()
Definition at line 157 of file kill.c.
Referenced by PsExitSpecialApc(), PspExitNormalApc(), and PspTerminateThreadByPointer().
◆ PspExitNormalApc()
| VOID NTAPI PspExitNormalApc | ( | IN PVOID | NormalContext, |
| IN PVOID | SystemArgument1, | ||
| IN PVOID | SystemArgument2 | ||
| ) |
Definition at line 947 of file kill.c.
950{
953 PAGED_CODE();
955
956 /* This should never happen */
958
959 /* If we're here, this is not a System Thread, so kill it from User-Mode */
960 KeInitializeApc(Apc,
963 PsExitSpecialApc,
964 PspExitApcRundown,
965 PspExitNormalApc,
966 UserMode,
967 NormalContext);
968
969 /* Now insert the APC with the User-Mode Flag */
971 Apc,
973 2)))
974 {
975 /* Failed to insert, free the APC */
976 PspExitApcRundown(Apc);
977 }
978
979 /* Set the APC Pending flag */
981}
BOOLEAN NTAPI KeInsertQueueApc(IN PKAPC Apc, IN PVOID SystemArgument1, IN PVOID SystemArgument2, IN KPRIORITY PriorityBoost)
Definition: apc.c:735
VOID NTAPI KeInitializeApc(IN PKAPC Apc, IN PKTHREAD Thread, IN KAPC_ENVIRONMENT TargetEnvironment, IN PKKERNEL_ROUTINE KernelRoutine, IN PKRUNDOWN_ROUTINE RundownRoutine OPTIONAL, IN PKNORMAL_ROUTINE NormalRoutine, IN KPROCESSOR_MODE Mode, IN PVOID Context)
Definition: apc.c:651
VOID NTAPI PspExitNormalApc(IN PVOID NormalContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2)
Definition: kill.c:947
VOID NTAPI PsExitSpecialApc(IN PKAPC Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine, IN OUT PVOID *NormalContext, IN OUT PVOID *SystemArgument1, IN OUT PVOID *SystemArgument2)
Definition: kill.c:922
Definition: ketypes.h:535
struct _KAPC * PKAPC
Referenced by PspExitNormalApc(), and PspTerminateThreadByPointer().
◆ PspExitProcess()
Definition at line 1075 of file kill.c.
1077{
1078 ULONG Actual;
1079 PAGED_CODE();
1083
1084 /* Set Process Exit flag */
1086
1087 /* Check if we are the last thread */
1089 {
1090 /* Notify the WMI Process Callback */
1091 //WmiTraceProcess(Process, FALSE);
1092
1093 /* Run the Notification Routines */
1095 }
1096
1097 /* Cleanup the power state */
1099
1100 /* Clear the security port */
1102 {
1103 /* So we don't double-dereference */
1105 }
1107 {
1108 /* Dereference it */
1111 }
1112
1113 /* Check if we are the last thread */
1115 {
1116 /* Check if we have to set the Timer Resolution */
1118 {
1119 /* Set it to default */
1121 }
1122
1123 /* Check if we are part of a Job that has a completion port */
1125 {
1126 /* FIXME: Check job status code and do I/O completion if needed */
1127 }
1128
1129 /* FIXME: Notify the Prefetcher */
1130 }
1131 else
1132 {
1133 /* Clear process' address space here */
1135 }
1136}
NTSYSAPI NTSTATUS NTAPI ZwSetTimerResolution(_In_ ULONG RequestedResolution, _In_ BOOLEAN SetOrUnset, _Out_ PULONG ActualResolution)
VOID NTAPI MmCleanProcessAddressSpace(IN PEPROCESS Process)
Definition: procsup.c:1267
VOID NTAPI PopCleanupPowerState(IN PPOWER_STATE PowerState)
Definition: power.c:164
FORCEINLINE VOID PspRunCreateProcessNotifyRoutines(IN PEPROCESS CurrentProcess, IN BOOLEAN Create)
Definition: ps_x.h:62
Definition: ntpoapi.h:56
Referenced by PspDeleteProcess(), and PspExitThread().
◆ PspExitThread()
Definition at line 450 of file kill.c.
451{
452 CLIENT_DIED_MSG TerminationMsg;
454 PTEB Teb;
455 PEPROCESS CurrentProcess;
457 PVOID DeallocationStack;
458 SIZE_T Dummy;
460 PTERMINATION_PORT TerminationPort, NextPort;
461 PLIST_ENTRY FirstEntry, CurrentEntry;
462 PKAPC Apc;
463 PTOKEN PrimaryToken;
464 PAGED_CODE();
466
467 /* Get the Current Thread and Process */
469 CurrentProcess = Thread->ThreadsProcess;
471
472 /* Can't terminate a thread if it attached another process */
474 {
475 /* Bugcheck */
476 KeBugCheckEx(INVALID_PROCESS_ATTACH_ATTEMPT,
477 (ULONG_PTR)CurrentProcess,
481 }
482
483 /* Lower to Passive Level */
485
486 /* Can't be a worker thread */
488 {
489 /* Bugcheck */
490 KeBugCheckEx(ACTIVE_EX_WORKER_THREAD_TERMINATION,
492 0,
493 0,
494 0);
495 }
496
497 /* Can't have pending APCs */
499 {
500 /* Bugcheck */
501 KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
502 0,
504 0,
505 1);
506 }
507
508 /* Lock the thread */
510
511 /* Cleanup the power state */
513
514 /* Call the WMI Callback for Threads */
515 //WmiTraceThread(Thread, NULL, FALSE);
516
517 /* Run Thread Notify Routines before we desintegrate the thread */
519
520 /* Lock the Process before we modify its thread entries */
521 KeEnterCriticalRegion();
523
524 /* Decrease the active thread count, and check if it's 0 */
526 {
527 /* Set the delete flag */
529
530 /* Remember we are last */
531 Last = TRUE;
532
533 /* Check if this termination is due to the thread dying */
535 {
536 /* Check if the last thread was pending */
538 {
539 /* Use the last exit status */
540 CurrentProcess->ExitStatus = CurrentProcess->
541 LastThreadExitStatus;
542 }
543 }
544 else
545 {
546 /* Just a normal exit, write the code */
548 }
549
550 /* Loop all the current threads */
551 FirstEntry = &CurrentProcess->ThreadListHead;
552 CurrentEntry = FirstEntry->Flink;
553 while (FirstEntry != CurrentEntry)
554 {
555 /* Get the thread on the list */
556 OtherThread = CONTAINING_RECORD(CurrentEntry,
557 ETHREAD,
558 ThreadListEntry);
559
560 /* Check if it's a thread that's still alive */
563 (ObReferenceObjectSafe(OtherThread)))
564 {
565 /* It's a live thread and we referenced it, unlock process */
567 KeLeaveCriticalRegion();
568
569 /* Wait on the thread */
570 KeWaitForSingleObject(OtherThread,
571 Executive,
572 KernelMode,
573 FALSE,
574 NULL);
575
576 /* Check if we had a previous thread to dereference */
578
579 /* Remember the thread and re-lock the process */
580 PreviousThread = OtherThread;
581 KeEnterCriticalRegion();
583 }
584
585 /* Go to the next thread */
586 CurrentEntry = CurrentEntry->Flink;
587 }
588 }
590 {
591 /* Write down the exit status of the last thread to get killed */
593 }
594
595 /* Unlock the Process */
597 KeLeaveCriticalRegion();
598
599 /* Check if we had a previous thread to dereference */
601
602 /* Check if the process has a debug port and if this is a user thread */
604 {
605 /* Notify the Debug API. */
608 }
609
610 /* Check if this is a Critical Thread */
612 {
613 /* Break to debugger */
615 Thread,
616 CurrentProcess->ImageFileName);
617 }
618
619 /* Check if it's the last thread and this is a Critical Process */
621 {
622 /* Check if a debugger is here to handle this */
624 {
625 /* Break to debugger */
627 CurrentProcess,
628 CurrentProcess->ImageFileName);
629 }
630 else
631 {
632 /* Bugcheck, we can't allow this */
633 KeBugCheckEx(CRITICAL_PROCESS_DIED,
634 (ULONG_PTR)CurrentProcess,
635 0,
636 0,
637 0);
638 }
639 }
640
641 /* Sanity check */
643
644 /* Process the Termination Ports */
646 if (TerminationPort)
647 {
648 /* Setup the message header */
649 TerminationMsg.h.u2.ZeroInit = 0;
654
655 /* Loop each port */
656 do
657 {
658 /* Save the Create Time */
660
661 /* Loop trying to send message */
663 {
664 /* Send the LPC Message */
666 &TerminationMsg.h);
669 {
670 /* Wait a bit and try again */
672 continue;
673 }
674 break;
675 }
676
677 /* Dereference this LPC Port */
679
680 /* Move to the next one */
681 NextPort = TerminationPort->Next;
682
683 /* Free the Termination Port Object */
685
686 /* Keep looping as long as there is a port */
687 TerminationPort = NextPort;
688 } while (TerminationPort);
689 }
691 (Thread->DeadThread)) ||
692 !(Thread->DeadThread))
693 {
694 /*
695 * This case is special and deserves some extra comments. What
696 * basically happens here is that this thread doesn't have a termination
697 * port, which means that it died before being fully created. Since we
698 * still have to notify an LPC Server, we'll use the exception port,
699 * which we know exists. However, we need to know how far the thread
700 * actually got created. We have three possibilities:
701 *
702 * - NtCreateThread returned an error really early: DeadThread is set.
703 * - NtCreateThread managed to create the thread: DeadThread is off.
704 * - NtCreateThread was creating the thread (with DeadThread set,
705 * but the thread got killed prematurely: STATUS_THREAD_IS_TERMINATING
706 * is our exit code.)
707 *
708 * For the 2 & 3rd scenarios, the thread has been created far enough to
709 * warrant notification to the LPC Server.
710 */
711
712 /* Setup the message header */
713 TerminationMsg.h.u2.ZeroInit = 0;
718
719 /* Make sure the process has an exception port */
720 if (CurrentProcess->ExceptionPort)
721 {
722 /* Save the Create Time */
724
725 /* Loop trying to send message */
727 {
728 /* Send the LPC Message */
730 &TerminationMsg.h);
733 {
734 /* Wait a bit and try again */
736 continue;
737 }
738 break;
739 }
740 }
741 }
742
743 /* Rundown Win32 Thread if there is one */
745 PsW32ThreadCalloutExit);
746
747 /* If we are the last thread and have a W32 Process */
749 {
750 /* Run it down too */
752 }
753
754 /* Make sure Stack Swap is enabled */
756 {
757 /* Stack swap really shouldn't be disabled during exit! */
758 KeBugCheckEx(KERNEL_STACK_LOCKED_AT_EXIT, 0, 0, 0, 0);
759 }
760
761 /* Cancel I/O for the thread. */
763
764 /* Rundown Timers */
765 ExTimerRundown();
766
767 /* FIXME: Rundown Registry Notifications (NtChangeNotify)
768 CmNotifyRunDown(Thread); */
769
770 /* Rundown Mutexes */
771 KeRundownThread();
772
773 /* Check if we have a TEB */
775 if (Teb)
776 {
777 /* Check if the thread is still alive */
779 {
780 /* Check if we need to free its stack */
781 if (Teb->FreeStackOnTermination)
782 {
783 /* Set the TEB's Deallocation Stack as the Base Address */
784 Dummy = 0;
785 DeallocationStack = Teb->DeallocationStack;
786
787 /* Free the Thread's Stack */
788 ZwFreeVirtualMemory(NtCurrentProcess(),
789 &DeallocationStack,
790 &Dummy,
791 MEM_RELEASE);
792 }
793
794 /* Free the debug handle */
796 UserMode);
797 }
798
799 /* Decommit the TEB */
800 MmDeleteTeb(CurrentProcess, Teb);
802 }
803
804 /* Free LPC Data */
806
807 /* Save the exit status and exit time */
810
811 /* Sanity check */
813
814 /* Check if this is the final thread or not */
815 if (Last)
816 {
817 /* Set the process exit time */
819
820 /* Exit the process */
822
823 /* Get the process token and check if we need to audit */
824 PrimaryToken = PsReferencePrimaryToken(CurrentProcess);
826 {
827 /* Audit the exit */
828 SeAuditProcessExit(CurrentProcess);
829 }
830
831 /* Dereference the process token */
833
834 /* Check if this is a VDM Process and rundown the VDM DPCs if so */
836
837 /* Kill the process in the Object Manager */
838 ObKillProcess(CurrentProcess);
839
840 /* Check if we have a section object */
842 {
843 /* Dereference and clear the Section Object */
846 }
847
848 /* Check if the process is part of a job */
850 {
851 /* Remove the process from the job */
853 }
854 }
855
856 /* Disable APCs */
857 KeEnterCriticalRegion();
858
859 /* Disable APC queueing, force a resumption */
862
863 /* Re-enable APCs */
864 KeLeaveCriticalRegion();
865
866 /* Flush the User APCs */
868 if (FirstEntry)
869 {
870 /* Start with the first entry */
871 CurrentEntry = FirstEntry;
872 do
873 {
874 /* Get the APC */
876
877 /* Move to the next one */
878 CurrentEntry = CurrentEntry->Flink;
879
880 /* Rundown the APC or de-allocate it */
881 if (Apc->RundownRoutine)
882 {
883 /* Call its own routine */
884 Apc->RundownRoutine(Apc);
885 }
886 else
887 {
888 /* Do it ourselves */
889 ExFreePool(Apc);
890 }
891 }
892 while (CurrentEntry != FirstEntry);
893 }
894
895 /* Clean address space if this was the last thread */
897
898 /* Call the Lego routine */
900
901 /* Flush the APC queue, which should be empty */
904 {
905 /* Bugcheck time */
906 KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
907 (ULONG_PTR)FirstEntry,
909 KeGetCurrentIrql(),
910 0);
911 }
912
913 /* Signal the process if this was the last thread */
915
916 /* Terminate the Thread from the Scheduler */
917 KeTerminateThread(0);
918}
#define KeWaitForSingleObject(pEvt, foo, a, b, c)
Definition: env_spec_w32.h:478
ULONG NTAPI KeSetProcess(struct _KPROCESS *Process, KPRIORITY Increment, BOOLEAN InWait)
PLIST_ENTRY NTAPI KeFlushQueueApc(IN PKTHREAD Thread, IN KPROCESSOR_MODE PreviousMode)
Definition: apc.c:793
VOID NTAPI MmDeleteTeb(struct _EPROCESS *Process, PTEB Teb)
VOID NTAPI SeAuditProcessExit(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be terminated.
Definition: audit.c:77
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
Definition: audit.c:34
NTSTATUS NTAPI LpcRequestPort(IN PVOID PortObject, IN PPORT_MESSAGE LpcMessage)
Definition: send.c:22
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
VOID NTAPI PspExitProcessFromJob(IN PEJOB Job, IN PEPROCESS Process)
Definition: job.c:146
FORCEINLINE VOID PspRunCreateThreadNotifyRoutines(IN PETHREAD CurrentThread, IN BOOLEAN Create)
Definition: ps_x.h:40
Definition: lpctypes.h:268
Definition: typedefs.h:120
Definition: winternl.h:1746
Definition: compat.h:836
Definition: setypes.h:216
Referenced by PsExitSpecialApc(), and PspTerminateThreadByPointer().
◆ PspIsProcessExiting()
Definition at line 1068 of file kill.c.
Referenced by MmpPageOutPhysicalAddress().
◆ PspReapRoutine()
Definition at line 167 of file kill.c.
168{
169 PSINGLE_LIST_ENTRY NextEntry;
172
173 /* Start main loop */
174 do
175 {
176 /* Write magic value and return the next entry to process */
178 (PVOID)1);
180
181 /* Start inner loop */
182 do
183 {
184 /* Get the first Thread Entry */
186
187 /* Delete this entry's kernel stack */
191
192 /* Move to the next entry */
193 NextEntry = NextEntry->Next;
194
195 /* Dereference this thread */
198
199 /* Remove magic value, keep looping if it got changed */
201 NULL,
203}
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
Definition: compobj.c:4795
Definition: ntbasedef.h:628
Referenced by PspInitPhase0().
◆ PspShutdownProcessManager()
Definition at line 135 of file kill.c.
136{
138
139 /* Loop every process */
142 {
143 /* Make sure this isn't the idle or initial process */
145 {
146 /* Kill it */
148 }
149
150 /* Get the next process */
152 }
153}
NTSTATUS NTAPI PspTerminateProcess(IN PEPROCESS Process, IN NTSTATUS ExitStatus)
Definition: kill.c:79
PEPROCESS NTAPI PsGetNextProcess(IN PEPROCESS OldProcess OPTIONAL)
Definition: process.c:128
◆ PspTerminateProcess()
Definition at line 79 of file kill.c.
81{
84 PAGED_CODE();
88
89 /* Check if this is a Critical Process */
91 {
92 /* Break to debugger */
94 Process,
95 Process->ImageFileName);
96 }
97
98 /* Set the delete flag */
100
101 /* Get the first thread */
104 {
105 /* Kill it */
108
109 /* We had at least one thread, so termination is OK */
111 }
112
113 /* Check if there was nothing to terminate or if we have a debug port */
115 {
116 /* Clear the handle table anyway */
118 }
119
120 /* Return status */
122}
Referenced by PspShutdownProcessManager(), and PsTerminateProcess().
◆ PspTerminateThreadByPointer()
| NTSTATUS NTAPI PspTerminateThreadByPointer | ( | IN PETHREAD | Thread, |
| IN NTSTATUS | ExitStatus, | ||
| IN BOOLEAN | bSelf | ||
| ) |
Definition at line 988 of file kill.c.
991{
992 PKAPC Apc;
995 PAGED_CODE();
998
999 /* Check if this is a Critical Thread, and Bugcheck */
1001 {
1002 /* Break to debugger */
1004 Thread,
1005 Thread->ThreadsProcess->ImageFileName);
1006 }
1007
1008 /* Check if we are already inside the thread */
1010 {
1011 /* This should only happen at passive */
1013
1014 /* Mark it as terminated */
1016
1017 /* Directly terminate the thread */
1019 }
1020
1021 /* This shouldn't be a system thread */
1023
1024 /* Allocate the APC */
1027
1028 /* Set the Terminated Flag */
1030
1031 /* Set it, and check if it was already set while we were running */
1033 CT_TERMINATED_BIT))
1034 {
1035 /* Initialize a Kernel Mode APC to Kill the Thread */
1036 KeInitializeApc(Apc,
1038 OriginalApcEnvironment,
1039 PsExitSpecialApc,
1040 PspExitApcRundown,
1041 PspExitNormalApc,
1042 KernelMode,
1044
1045 /* Insert it into the APC Queue */
1047 {
1048 /* The APC was already in the queue, fail */
1050 }
1051 else
1052 {
1053 /* Forcefully resume the thread and return */
1056 }
1057 }
1058
1059 /* We failed, free the APC */
1061
1062 /* Return Status */
1064}
Referenced by NtTerminateProcess(), NtTerminateThread(), PspSystemThreadStartup(), PspTerminateProcess(), PspUserThreadStartup(), and PsTerminateSystemThread().
◆ PsTerminateProcess()
Definition at line 126 of file kill.c.
Referenced by DbgkpCloseObject(), and ExpDebuggerWorker().
◆ PsTerminateSystemThread()
Definition at line 1145 of file kill.c.
1146{
1148
1149 /* Make sure this is a system thread */
1151
1152 /* Terminate it for real */
1154}
Referenced by _Function_class_(), ExpWorkerThreadBalanceManager(), ExpWorkerThreadEntryPoint(), Ext2bhReaperThread(), Ext2FcbReaperThread(), Ext2McbReaperThread(), InbvRotationThread(), KeyboardDeviceWorker(), LwipThreadMain(), MonitorThread(), Mx::MxTerminateCurrentThread(), RxpWorkerThreadDispatcher(), RxSpinUpRequestsDispatcher(), SermouseDeviceWorker(), sys_arch_mbox_fetch(), sys_arch_sem_wait(), SystemProcessTestWorker(), SystemProcessWorker(), TdiReceiveThread(), TdiSendThread(), FxSystemThread::Thread(), USBPORT_WorkerThread(), and VfdDeviceThread().
Variable Documentation
◆ PspReaperListHead
| LIST_ENTRY PspReaperListHead = { NULL, NULL } |
Definition at line 19 of file kill.c.
Referenced by KeTerminateThread(), and PspReapRoutine().
◆ PspReaperWorkItem
| WORK_QUEUE_ITEM PspReaperWorkItem |
Definition at line 20 of file kill.c.
Referenced by KeTerminateThread(), and PspInitPhase0().
◆ ShortTime
| LARGE_INTEGER ShortTime = {{-10 * 100 * 1000, -1}} |
Definition at line 21 of file kill.c.
Referenced by PspExitThread().
