12 #define _OB_DEBUG_ 0x00 17 #define OB_HANDLE_DEBUG 0x01 18 #define OB_NAMESPACE_DEBUG 0x02 19 #define OB_SECURITY_DEBUG 0x04 20 #define OB_REFERENCE_DEBUG 0x08 21 #define OB_CALLBACK_DEBUG 0x10 27 #ifdef NEW_DEBUG_SYSTEM_IMPLEMENTED // enable when Debug Filters are implemented 28 #define OBTRACE DbgPrintEx 30 #define OBTRACE(x, ...) \ 31 if (x & ObpTraceLevel) DbgPrint(__VA_ARGS__) 34 #define OBTRACE(x, fmt, ...) DPRINT(fmt, ##__VA_ARGS__) 40 #define GENERIC_ACCESS \ 49 #define OBJ_PROTECT_CLOSE 0x01 51 #define OBJ_AUDIT_OBJECT_CLOSE 0x04 52 #define OBJ_HANDLE_ATTRIBUTES (OBJ_PROTECT_CLOSE |\ 54 OBJ_AUDIT_OBJECT_CLOSE) 60 #define KERNEL_HANDLE_FLAG 0xFFFFFFFF80000000ULL 62 #define KERNEL_HANDLE_FLAG 0x80000000 64 #define ObpIsKernelHandle(Handle, ProcessorMode) \ 65 ((((ULONG_PTR)(Handle) & KERNEL_HANDLE_FLAG) == KERNEL_HANDLE_FLAG) && \ 66 ((ProcessorMode) == KernelMode) && \ 67 ((Handle) != NtCurrentProcess()) && \ 68 ((Handle) != NtCurrentThread())) 73 #define ObKernelHandleToHandle(Handle) \ 74 (HANDLE)((ULONG_PTR)(Handle) & ~KERNEL_HANDLE_FLAG) 75 #define ObMarkHandleAsKernelHandle(Handle) \ 76 (HANDLE)((ULONG_PTR)(Handle) | KERNEL_HANDLE_FLAG) 81 #define ObpGetHandleObject(x) \ 82 ((POBJECT_HEADER)((ULONG_PTR)x->Object & ~OBJ_HANDLE_ATTRIBUTES)) 87 #define ObpGetHeaderForSd(x) \ 88 CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, SecurityDescriptor) 93 #define ObpGetHeaderForEntry(x) \ 94 CONTAINING_RECORD((x), SECURITY_DESCRIPTOR_HEADER, Link) 150 #define TAG_OB_TEMP_STORAGE 'tSbO' VOID NTAPI ObpDeleteSymbolicLink(IN PVOID ObjectBody)
VOID NTAPI ObKillProcess(IN PEPROCESS Process)
POBJECT_HEADER ObjectHeader
PHANDLE_TABLE NTAPI ObReferenceProcessHandleTable(IN PEPROCESS Process)
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
BOOLEAN NTAPI ObpCheckObjectReference(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
_Must_inspect_result_ typedef _In_ PVOID Unused
struct _OB_TEMP_BUFFER * POB_TEMP_BUFFER
struct _OB_SD_CACHE_LIST * POB_SD_CACHE_LIST
OBJECT_HANDLE_ATTRIBUTE_INFORMATION Information
BOOLEAN NTAPI ObpSetHandleAttributes(IN OUT PHANDLE_TABLE_ENTRY HandleTableEntry, IN ULONG_PTR Context)
KPROCESSOR_MODE PreviousMode
WORK_QUEUE_ITEM ObpReaperWorkItem
ULONG ObpLUIDDeviceMapsEnabled
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
OBJECT_CREATE_INFORMATION ObjectCreateInfo
struct _ULARGE_INTEGER ULARGE_INTEGER
WCHAR ObpUnsecureGlobalNamesBuffer[128]
NTSTATUS NTAPI ObReferenceFileObjectForWrite(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, OUT PFILE_OBJECT *FileObject, OUT POBJECT_HANDLE_INFORMATION HandleInformation)
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
VOID NTAPI ObpFreeObjectNameBuffer(IN PUNICODE_STRING Name)
LONG FASTCALL ObReferenceObjectEx(IN PVOID Object, IN LONG Count)
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
PVOID FASTCALL ObFastReferenceObject(IN PEX_FAST_REF FastRef)
INIT_FUNCTION NTSTATUS NTAPI ObpInitSdCache(VOID)
static HANDLE DirectoryHandle
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
NTSTATUS NTAPI ObQueryDeviceMapInformation(IN PEPROCESS Process, OUT PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, IN ULONG Flags)
BOOLEAN NTAPI ObpCheckTraverseAccess(IN PVOID Object, IN ACCESS_MASK TraverseAccess, IN PACCESS_STATE AccessState OPTIONAL, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
struct _OBP_FIND_HANDLE_DATA * POBP_FIND_HANDLE_DATA
GENERAL_LOOKASIDE ObpCreateInfoLookasideList
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
ALIGNEDNAME ObpDosDevicesShortNameRoot
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
VOID NTAPI ObpDeleteObjectType(IN PVOID Object)
enum OPTION_FLAGS Options
POBJECT_DIRECTORY ObpRootDirectoryObject
VOID FASTCALL ObpSetPermanentObject(IN PVOID ObjectBody, IN BOOLEAN Permanent)
INIT_FUNCTION BOOLEAN NTAPI ObInitSystem(VOID)
PHANDLE_TABLE HandleTable
BOOLEAN FASTCALL ObReferenceObjectSafe(IN PVOID Object)
struct LOOKASIDE_ALIGN _GENERAL_LOOKASIDE GENERAL_LOOKASIDE
ALIGNEDNAME ObpDosDevicesShortNamePrefix
_Must_inspect_result_ _In_ ULONG Flags
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
struct _SECURITY_DESCRIPTOR_HEADER SECURITY_DESCRIPTOR_HEADER
VOID NTAPI ObDereferenceProcessHandleTable(IN PEPROCESS Process)
struct _OBP_CLOSE_HANDLE_CONTEXT * POBP_CLOSE_HANDLE_CONTEXT
NTSTATUS NTAPI ObSetDirectoryDeviceMap(OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
VOID NTAPI ObpDeleteObject(IN PVOID Object, IN BOOLEAN CalledFromWorkerThread)
POBJECT_TYPE ObpDirectoryObjectType
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
GENERAL_LOOKASIDE ObpNameBufferLookasideList
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
NTSTATUS NTAPI ObSetSecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
VOID NTAPI ObpReapObject(IN PVOID Unused)
POBJECT_HANDLE_INFORMATION HandleInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
PHANDLE_TABLE ObpKernelHandleTable
struct _SECURITY_DESCRIPTOR_HEADER * PSECURITY_DESCRIPTOR_HEADER
_Inout_ PFILE_OBJECT FileObject
BOOLEAN NTAPI ObpInsertEntryDirectory(IN POBJECT_DIRECTORY Parent, IN POBP_LOOKUP_CONTEXT Context, IN POBJECT_HEADER ObjectHeader)
_In_ KPROCESSOR_MODE PreviousMode
ACCESS_STATE LocalAccessState
struct _OB_TEMP_BUFFER OB_TEMP_BUFFER
volatile PVOID ObpReaperList
VOID NTAPI ObFreeObjectCreateInfoBuffer(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
ULONG ObpObjectSecurityMode
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
DWORD * PSECURITY_INFORMATION
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
_In_ ULONG _In_ ULONG _In_ ULONG Length
VOID NTAPI ObpCreateSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
UNICODE_STRING ObpDosDevicesShortName
BOOLEAN NTAPI ObCheckCreateObjectAccess(IN PVOID Object, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState, IN PUNICODE_STRING ComponentName, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
PSECURITY_DESCRIPTOR NTAPI ObpReferenceSecurityDescriptor(IN POBJECT_HEADER ObjectHeader)
PVOID NTAPI ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context)
POBJECT_TYPE ObpTypeObjectType
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
BOOLEAN IoCountOperations
VOID NTAPI ObShutdownSystem(VOID)
struct _OB_SD_CACHE_LIST OB_SD_CACHE_LIST
VOID NTAPI ObDereferenceDeviceMap(IN PEPROCESS Process)
NTSTATUS NTAPI ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
static GENERIC_MAPPING GenericMapping
BOOLEAN NTAPI ObCheckObjectAccess(IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus)
VOID NTAPI ObClearProcessHandleTable(IN PEPROCESS Process)
VOID NTAPI ObpDeleteSymbolicLinkName(IN POBJECT_SYMBOLIC_LINK SymbolicLink)
_Must_inspect_result_ _In_ USHORT _In_ PHIDP_PREPARSED_DATA _Out_writes_to_ LengthAttributes PHIDP_EXTENDED_ATTRIBUTES Attributes
NTSTATUS NTAPI ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, IN KPROCESSOR_MODE CreatorMode, IN BOOLEAN AllocateFromLookaside, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName)
OBP_LOOKUP_CONTEXT LookupContext
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
struct _OBP_SET_HANDLE_ATTRIBUTES_CONTEXT OBP_SET_HANDLE_ATTRIBUTES_CONTEXT
struct _OBP_SET_HANDLE_ATTRIBUTES_CONTEXT * POBP_SET_HANDLE_ATTRIBUTES_CONTEXT
NTSTATUS NTAPI ObpParseSymbolicLink(IN PVOID ParsedObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING FullPath, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *NextObject)
LONG FASTCALL ObDereferenceObjectEx(IN PVOID Object, IN LONG Count)
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor(IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
POBJECT_TYPE ObpSymbolicLinkObjectType
INIT_FUNCTION NTSTATUS NTAPI ObpCreateDosDevicesDirectory(VOID)
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
base for all directory entries
PVOID FASTCALL ObFastReferenceObjectLocked(IN PEX_FAST_REF FastRef)
NTSTATUS NTAPI ObInitProcess(IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Process)
struct _OBP_CLOSE_HANDLE_CONTEXT OBP_CLOSE_HANDLE_CONTEXT
ULONG ObpLUIDDeviceMapsDisabled
NTSTATUS NTAPI ObDuplicateObject(IN PEPROCESS SourceProcess, IN HANDLE SourceHandle, IN PEPROCESS TargetProcess OPTIONAL, IN PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options, IN KPROCESSOR_MODE PreviousMode)
NTSTATUS NTAPI ObpCaptureObjectName(IN PUNICODE_STRING CapturedName, IN PUNICODE_STRING ObjectName, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN AllocateFromLookaside)
ULONG ObpUnsecureGlobalNamesLength
PDEVICE_MAP NTAPI ObpReferenceDeviceMap(VOID)
KGUARDED_MUTEX ObpDeviceMapLock
struct _OBP_FIND_HANDLE_DATA OBP_FIND_HANDLE_DATA
VOID NTAPI ObpDeleteNameCheck(IN PVOID Object)
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE TargetHandle
VOID NTAPI ObInheritDeviceMap(IN PEPROCESS Parent, IN PEPROCESS Process)
KPROCESSOR_MODE AccessMode
BOOLEAN NTAPI ObpDeleteEntryDirectory(IN POBP_LOOKUP_CONTEXT Context)
static const WCHAR SymbolicLink[]
POBJECT_DIRECTORY ObpTypeDirectoryObject
NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, IN OUT PUNICODE_STRING ObjectName, IN ULONG Attributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, IN PVOID InsertObject OPTIONAL, IN OUT PACCESS_STATE AccessState, OUT POBP_LOOKUP_CONTEXT LookupContext, OUT PVOID *FoundObject)
_Inout_ PFCB _Inout_ PUNICODE_STRING RemainingName
PULONG MinorVersion OPTIONAL
1.8.15