12#define _OB_DEBUG_ 0x00
17#define OB_HANDLE_DEBUG 0x01
18#define OB_NAMESPACE_DEBUG 0x02
19#define OB_SECURITY_DEBUG 0x04
20#define OB_REFERENCE_DEBUG 0x08
21#define OB_CALLBACK_DEBUG 0x10
27#ifdef NEW_DEBUG_SYSTEM_IMPLEMENTED
28#define OBTRACE DbgPrintEx
30#define OBTRACE(x, ...) \
31 if (x & ObpTraceLevel) DbgPrint(__VA_ARGS__)
34#define OBTRACE(x, fmt, ...) DPRINT(fmt, ##__VA_ARGS__)
40#define GENERIC_ACCESS \
49#define OBJ_PROTECT_CLOSE 0x01
51#define OBJ_AUDIT_OBJECT_CLOSE 0x04
52#define OBJ_HANDLE_ATTRIBUTES (OBJ_PROTECT_CLOSE |\
54 OBJ_AUDIT_OBJECT_CLOSE)
59#define ObpAccessProtectCloseBit 0x02000000L
64#define OBP_SYSTEM_PROCESS_QUOTA ((PEPROCESS_QUOTA_BLOCK)(ULONG_PTR)1)
70#define KERNEL_HANDLE_FLAG 0xFFFFFFFF80000000ULL
72#define KERNEL_HANDLE_FLAG 0x80000000
74#define ObpIsKernelHandle(Handle, ProcessorMode) \
75 ((((ULONG_PTR)(Handle) & KERNEL_HANDLE_FLAG) == KERNEL_HANDLE_FLAG) && \
76 ((ProcessorMode) == KernelMode) && \
77 ((Handle) != NtCurrentProcess()) && \
78 ((Handle) != NtCurrentThread()))
83#define ObKernelHandleToHandle(Handle) \
84 (HANDLE)((ULONG_PTR)(Handle) & ~KERNEL_HANDLE_FLAG)
85#define ObMarkHandleAsKernelHandle(Handle) \
86 (HANDLE)((ULONG_PTR)(Handle) | KERNEL_HANDLE_FLAG)
91#define ObpGetHandleObject(x) \
92 ((POBJECT_HEADER)((ULONG_PTR)x->Object & ~OBJ_HANDLE_ATTRIBUTES))
97#define ObpGetHeaderForSd(x) \
98 CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, SecurityDescriptor)
103#define ObpGetHeaderForEntry(x) \
104 CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, Link)
160#define TAG_OB_TEMP_STORAGE 'tSbO'
static HANDLE DirectoryHandle
static GENERIC_MAPPING GenericMapping
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
_Inout_ PFCB _Inout_ PUNICODE_STRING RemainingName
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
static const WCHAR SymbolicLink[]
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
struct _ULARGE_INTEGER ULARGE_INTEGER
DWORD * PSECURITY_INFORMATION
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
_In_ ULONG _In_ ULONG _In_ ULONG Length
volatile PVOID ObpReaperList
NTSTATUS NTAPI ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
PDEVICE_MAP NTAPI ObpReferenceDeviceMap(VOID)
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
VOID NTAPI ObpReapObject(IN PVOID Unused)
NTSTATUS NTAPI ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
VOID NTAPI ObKillProcess(IN PEPROCESS Process)
BOOLEAN NTAPI ObpCheckTraverseAccess(IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
ALIGNEDNAME ObpDosDevicesShortNamePrefix
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
VOID NTAPI ObInheritDeviceMap(IN PEPROCESS Parent, IN PEPROCESS Process)
BOOLEAN IoCountOperations
POBJECT_DIRECTORY ObpTypeDirectoryObject
PVOID FASTCALL ObFastReferenceObject(IN PEX_FAST_REF FastRef)
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor(IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
POBJECT_TYPE ObpSymbolicLinkObjectType
BOOLEAN NTAPI ObpSetHandleAttributes(IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
NTSTATUS NTAPI ObSetDirectoryDeviceMap(OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
NTSTATUS NTAPI ObpCaptureObjectName(IN PUNICODE_STRING CapturedName, IN PUNICODE_STRING ObjectName, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN AllocateFromLookaside)
struct _OBP_SET_HANDLE_ATTRIBUTES_CONTEXT * POBP_SET_HANDLE_ATTRIBUTES_CONTEXT
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor(IN POBJECT_HEADER ObjectHeader)
UNICODE_STRING ObpDosDevicesShortName
POBJECT_TYPE ObpTypeObjectType
VOID NTAPI ObpDeleteObjectType(IN PVOID Object)
VOID NTAPI ObDereferenceDeviceMap(IN PEPROCESS Process)
VOID FASTCALL ObpSetPermanentObject(IN PVOID ObjectBody, IN BOOLEAN Permanent)
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
struct _OB_TEMP_BUFFER OB_TEMP_BUFFER
POBJECT_TYPE ObpDirectoryObjectType
PHANDLE_TABLE ObpKernelHandleTable
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
VOID NTAPI ObFreeObjectCreateInfoBuffer(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
struct _SECURITY_DESCRIPTOR_HEADER * PSECURITY_DESCRIPTOR_HEADER
LONG FASTCALL ObDereferenceObjectEx(IN PVOID Object, IN LONG Count)
BOOLEAN NTAPI ObpDeleteEntryDirectory(IN POBP_LOOKUP_CONTEXT Context)
BOOLEAN NTAPI ObInitSystem(VOID)
BOOLEAN FASTCALL ObReferenceObjectSafe(IN PVOID Object)
BOOLEAN NTAPI ObpCheckObjectReference(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
NTSTATUS NTAPI ObSetSecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
WCHAR ObpUnsecureGlobalNamesBuffer[128]
VOID NTAPI ObpDeleteSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
NTSTATUS NTAPI ObDuplicateObject(IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
NTSTATUS NTAPI ObpCreateDosDevicesDirectory(VOID)
PVOID NTAPI ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
KGUARDED_MUTEX ObpDeviceMapLock
ULONG ObpUnsecureGlobalNamesLength
struct _OBP_FIND_HANDLE_DATA OBP_FIND_HANDLE_DATA
struct _OBP_FIND_HANDLE_DATA * POBP_FIND_HANDLE_DATA
VOID NTAPI ObpCreateSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
VOID NTAPI ObClearProcessHandleTable(IN PEPROCESS Process)
BOOLEAN NTAPI ObpInsertEntryDirectory(IN POBJECT_DIRECTORY Parent, IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_HEADER ObjectHeader)
GENERAL_LOOKASIDE ObpNameBufferLookasideList
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
BOOLEAN NTAPI ObCheckObjectAccess(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
struct _OBP_CLOSE_HANDLE_CONTEXT * POBP_CLOSE_HANDLE_CONTEXT
WORK_QUEUE_ITEM ObpReaperWorkItem
ULONG ObpObjectSecurityMode
BOOLEAN NTAPI ObCheckCreateObjectAccess(IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
NTSTATUS NTAPI ObReferenceFileObjectForWrite(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, OUT PFILE_OBJECT *FileObject, OUT POBJECT_HANDLE_INFORMATION HandleInformation)
struct _OB_TEMP_BUFFER * POB_TEMP_BUFFER
POBJECT_DIRECTORY ObpRootDirectoryObject
VOID NTAPI ObpDeleteObject(IN PVOID Object, IN BOOLEAN CalledFromWorkerThread)
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
NTSTATUS NTAPI ObpParseSymbolicLink(IN PVOID ParsedObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING FullPath, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *NextObject)
ULONG ObpLUIDDeviceMapsEnabled
LONG FASTCALL ObReferenceObjectEx(IN PVOID Object, IN LONG Count)
PVOID FASTCALL ObFastReferenceObjectLocked(IN PEX_FAST_REF FastRef)
GENERAL_LOOKASIDE ObpCreateInfoLookasideList
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
struct _OBP_CLOSE_HANDLE_CONTEXT OBP_CLOSE_HANDLE_CONTEXT
VOID NTAPI ObpFreeObjectNameBuffer(IN PUNICODE_STRING Name)
ULONG ObpLUIDDeviceMapsDisabled
VOID NTAPI ObpDeleteSymbolicLink(IN PVOID ObjectBody)
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
struct _OB_SD_CACHE_LIST OB_SD_CACHE_LIST
ALIGNEDNAME ObpDosDevicesShortNameRoot
struct _OB_SD_CACHE_LIST * POB_SD_CACHE_LIST
struct _OBP_SET_HANDLE_ATTRIBUTES_CONTEXT OBP_SET_HANDLE_ATTRIBUTES_CONTEXT
NTSTATUS NTAPI ObInitProcess(IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
VOID NTAPI ObShutdownSystem(VOID)
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
NTSTATUS NTAPI ObpInitSdCache(VOID)
struct _SECURITY_DESCRIPTOR_HEADER SECURITY_DESCRIPTOR_HEADER
PULONG MinorVersion OPTIONAL
base for all directory entries
PHANDLE_TABLE HandleTable
KPROCESSOR_MODE AccessMode
POBJECT_HANDLE_INFORMATION HandleInformation
POBJECT_HEADER ObjectHeader
OBJECT_HANDLE_ATTRIBUTE_INFORMATION Information
KPROCESSOR_MODE PreviousMode
OBP_LOOKUP_CONTEXT LookupContext
OBJECT_CREATE_INFORMATION ObjectCreateInfo
ACCESS_STATE LocalAccessState
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
_In_ PWDFDEVICE_INIT _In_ PWDF_REMOVE_LOCK_OPTIONS Options
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
_Must_inspect_result_ _In_ ULONG Flags
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
struct LOOKASIDE_ALIGN _GENERAL_LOOKASIDE GENERAL_LOOKASIDE
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
_In_ KPROCESSOR_MODE PreviousMode
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
1.9.6