main.c File Reference

#include <win32k.h>
#include <napi.h>
#include <debug.h>
#include <kdros.h>

Include dependency graph for main.c:

Go to the source code of this file.

Macros
#define	NDEBUG
#define	NT_ROF(x)
#define	USERLOCK_AND_ROF(x)

Functions
NTSTATUS	ExitProcessCallback (PEPROCESS Process)
NTSTATUS NTAPI	ExitThreadCallback (PETHREAD Thread)
NTSTATUS	GdiProcessCreate (PEPROCESS Process)
NTSTATUS	GdiProcessDestroy (PEPROCESS Process)
NTSTATUS	GdiThreadCreate (PETHREAD Thread)
NTSTATUS	GdiThreadDestroy (PETHREAD Thread)
NTSTATUS	AllocW32Process (IN PEPROCESS Process, OUT PPROCESSINFO *W32Process)
VOID	UserDeleteW32Process (_Pre_notnull_ __drv_freesMem(Mem) PPROCESSINFO ppiCurrent)
NTSTATUS	UserProcessCreate (PEPROCESS Process)
NTSTATUS	UserProcessDestroy (PEPROCESS Process)
NTSTATUS	InitProcessCallback (PEPROCESS Process)
NTSTATUS APIENTRY	Win32kProcessCallback (PEPROCESS Process, BOOLEAN Initialize)
NTSTATUS	AllocW32Thread (IN PETHREAD Thread, OUT PTHREADINFO *W32Thread)
VOID	UserDeleteW32Thread (PTHREADINFO pti)
NTSTATUS	UserThreadCreate (PETHREAD Thread)
NTSTATUS	UserThreadDestroy (PETHREAD Thread)
NTSTATUS NTAPI	InitThreadCallback (PETHREAD Thread)
VOID	UserDisplayNotifyShutdown (PPROCESSINFO ppiCurrent)
NTSTATUS APIENTRY	Win32kThreadCallback (PETHREAD Thread, PSW32THREADCALLOUTTYPE Type)
	_Function_class_ (DRIVER_UNLOAD)
NTSTATUS APIENTRY	DriverEntry (IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)

Variables
HANDLE	hModuleWin
PSERVERINFO	gpsi = NULL
USHORT	gusLanguageID
PPROCESSINFO	ppiScrnSaver
PPROCESSINFO	gppiList = NULL
ULONG_PTR	Win32kSSDT []
UCHAR	Win32kSSPT []
ULONG	Win32kNumberOfSysCalls

Macro Definition Documentation

NDEBUG

#define NDEBUG

Definition at line 12 of file main.c.

NT_ROF

#define NT_ROF

(

x

)

Value:

{ \
    Status = (x); \
    if (!NT_SUCCESS(Status)) \
    { \
        DPRINT1("Failed '%s' (0x%lx)\n", #x, Status); \
        return Status; \
    } \
}

Definition at line 889 of file main.c.

USERLOCK_AND_ROF

#define USERLOCK_AND_ROF

(

x

)

Value:

{                                   \
    UserEnterExclusive();           \
    Status = (x);                   \
    UserLeave();                    \
    if (!NT_SUCCESS(Status))        \
    { \
        DPRINT1("Failed '%s' (0x%lx)\n", #x, Status); \
        return Status; \
    } \
}

Definition at line 900 of file main.c.

Function Documentation

_Function_class_()

_Function_class_

(

DRIVER_UNLOAD

)

Definition at line 878 of file main.c.

{
    // TODO: Do more cleanup!

    ResetCsrApiPort();
    ResetCsrProcess();
}

AllocW32Process()

NTSTATUS AllocW32Process	(	IN PEPROCESS	Process,
		OUT PPROCESSINFO *	W32Process
	)

Definition at line 58 of file main.c.

{
    PPROCESSINFO ppiCurrent;

    TRACE_CH(UserProcess, "In AllocW32Process(0x%p)\n", Process);

    /* Check that we were not called with an already existing Win32 process info */
    ppiCurrent = PsGetProcessWin32Process(Process);
    if (ppiCurrent) return STATUS_SUCCESS;

    /* Allocate a new Win32 process info */
    ppiCurrent = ExAllocatePoolWithTag(NonPagedPool,
                                       sizeof(*ppiCurrent),
                                       USERTAG_PROCESSINFO);
    if (ppiCurrent == NULL)
    {
        ERR_CH(UserProcess, "Failed to allocate ppi for PID:0x%lx\n",
               HandleToUlong(Process->UniqueProcessId));
        return STATUS_NO_MEMORY;
    }

    TRACE_CH(UserProcess, "Allocated ppi 0x%p for PID:0x%lx\n",
             ppiCurrent, HandleToUlong(Process->UniqueProcessId));

    RtlZeroMemory(ppiCurrent, sizeof(*ppiCurrent));

    PsSetProcessWin32Process(Process, ppiCurrent, NULL);
    IntReferenceProcessInfo(ppiCurrent);

    *W32Process = ppiCurrent;
    return STATUS_SUCCESS;
}

Referenced by InitProcessCallback().

AllocW32Thread()

NTSTATUS AllocW32Thread	(	IN PETHREAD	Thread,
		OUT PTHREADINFO *	W32Thread
	)

Definition at line 365 of file main.c.

{
    PTHREADINFO ptiCurrent;

    TRACE_CH(UserThread, "In AllocW32Thread(0x%p)\n", Thread);

    /* Check that we were not called with an already existing Win32 thread info */
    ptiCurrent = PsGetThreadWin32Thread(Thread);
    NT_ASSERT(ptiCurrent == NULL);

    /* Allocate a new Win32 thread info */
    ptiCurrent = ExAllocatePoolWithTag(NonPagedPool,
                                       sizeof(*ptiCurrent),
                                       USERTAG_THREADINFO);
    if (ptiCurrent == NULL)
    {
        ERR_CH(UserThread, "Failed to allocate pti for TID:0x%lx\n",
               HandleToUlong(Thread->Cid.UniqueThread));
        return STATUS_NO_MEMORY;
    }

    TRACE_CH(UserThread, "Allocated pti 0x%p for TID:0x%lx\n",
             ptiCurrent, HandleToUlong(Thread->Cid.UniqueThread));

    RtlZeroMemory(ptiCurrent, sizeof(*ptiCurrent));

    PsSetThreadWin32Thread(Thread, ptiCurrent, NULL);
    ObReferenceObject(Thread);
    IntReferenceThreadInfo(ptiCurrent);

    *W32Thread = ptiCurrent;
    return STATUS_SUCCESS;
}

Referenced by InitThreadCallback().

DriverEntry()

NTSTATUS APIENTRY DriverEntry	(	IN PDRIVER_OBJECT	DriverObject,
		IN PUNICODE_STRING	RegistryPath
	)

Definition at line 920 of file main.c.

{
    NTSTATUS Status;
    BOOLEAN Result;
    WIN32_CALLOUTS_FPNS CalloutData = {0};
    PVOID GlobalUserHeapBase = NULL;

    /*
     * Register user mode call interface
     * (system service table index = 1)
     */
    Result = KeAddSystemServiceTable(Win32kSSDT,
                                     NULL,
                                     Win32kNumberOfSysCalls,
                                     Win32kSSPT,
                                     1);
    if (Result == FALSE)
    {
        DPRINT1("Adding system services failed!\n");
        return STATUS_UNSUCCESSFUL;
    }

    hModuleWin = MmPageEntireDriver(DriverEntry);
    DPRINT("Win32k hInstance 0x%p!\n", hModuleWin);

    DriverObject->DriverUnload = DriverUnload;

    /* Register Object Manager Callbacks */
    CalloutData.ProcessCallout = Win32kProcessCallback;
    CalloutData.ThreadCallout = Win32kThreadCallback;
    // CalloutData.GlobalAtomTableCallout = NULL;
    // CalloutData.PowerEventCallout = NULL;
    // CalloutData.PowerStateCallout = NULL;
    // CalloutData.JobCallout = NULL;
    CalloutData.BatchFlushRoutine = NtGdiFlushUserBatch;
    CalloutData.DesktopOpenProcedure = IntDesktopObjectOpen;
    CalloutData.DesktopOkToCloseProcedure = IntDesktopOkToClose;
    CalloutData.DesktopCloseProcedure = IntDesktopObjectClose;
    CalloutData.DesktopDeleteProcedure = IntDesktopObjectDelete;
    CalloutData.WindowStationOkToCloseProcedure = IntWinStaOkToClose;
    // CalloutData.WindowStationCloseProcedure = NULL;
    CalloutData.WindowStationDeleteProcedure = IntWinStaObjectDelete;
    CalloutData.WindowStationParseProcedure = IntWinStaObjectParse;
    // CalloutData.WindowStationOpenProcedure = NULL;

    /* Register our per-process and per-thread structures. */
    PsEstablishWin32Callouts(&CalloutData);

    /* Register service hook callbacks */
#if DBG && defined(KDBG)
    KdSystemDebugControl('CsoR', DbgPreServiceHook, ID_Win32PreServiceHook, 0, 0, 0, 0);
    KdSystemDebugControl('CsoR', DbgPostServiceHook, ID_Win32PostServiceHook, 0, 0, 0, 0);
#endif

    /* Create the global USER heap */
    GlobalUserHeap = UserCreateHeap(&GlobalUserHeapSection,
                                    &GlobalUserHeapBase,
                                    1 * 1024 * 1024); /* FIXME: 1 MB for now... */
    if (GlobalUserHeap == NULL)
    {
        DPRINT1("Failed to initialize the global heap!\n");
        return STATUS_UNSUCCESSFUL;
    }

    /* Init the global user lock */
    ExInitializeResourceLite(&UserLock);

    /* Lock while we use the heap (UserHeapAlloc asserts on this) */
    UserEnterExclusive();

    /* Allocate global server info structure */
    gpsi = UserHeapAlloc(sizeof(*gpsi));
    UserLeave();
    if (!gpsi)
    {
        DPRINT1("Failed allocate server info structure!\n");
        return STATUS_UNSUCCESSFUL;
    }

    RtlZeroMemory(gpsi, sizeof(*gpsi));
    DPRINT("Global Server Data -> %p\n", gpsi);

    NT_ROF(InitGdiHandleTable());
    NT_ROF(InitPaletteImpl());

    /* Create stock objects, ie. precreated objects commonly
       used by win32 applications */
    CreateStockObjects();
    CreateSysColorObjects();

    NT_ROF(InitBrushImpl());
    NT_ROF(InitPDEVImpl());
    NT_ROF(InitLDEVImpl());
    NT_ROF(InitDeviceImpl());
    NT_ROF(InitDcImpl());
    USERLOCK_AND_ROF(InitUserImpl());
    NT_ROF(InitWindowStationImpl());
    NT_ROF(InitDesktopImpl());
    NT_ROF(InitInputImpl());
    NT_ROF(InitKeyboardImpl());
    NT_ROF(MsqInitializeImpl());
    NT_ROF(InitTimerImpl());
    NT_ROF(InitDCEImpl());

    gusLanguageID = UserGetLanguageID();

    /* Initialize FreeType library */
    if (!InitFontSupport())
    {
        DPRINT1("Unable to initialize font support\n");
        return Status;
    }

    return STATUS_SUCCESS;
}

ExitProcessCallback()

NTSTATUS ExitProcessCallback

(

PEPROCESS

Process

)

Definition at line 296 of file main.c.

{
    PPROCESSINFO ppiCurrent, *pppi;

    /* Get the Win32 Process */
    ppiCurrent = PsGetProcessWin32Process(Process);
    ASSERT(ppiCurrent);
    ASSERT(ppiCurrent->peProcess == Process);

    TRACE_CH(UserProcess, "Destroying ppi 0x%p\n", ppiCurrent);
    ppiCurrent->W32PF_flags |= W32PF_TERMINATED;

    /* Remove it from the list */
    pppi = &gppiList;
    while (*pppi != NULL && *pppi != ppiCurrent)
    {
        pppi = &(*pppi)->ppiNext;
    }
    ASSERT(*pppi == ppiCurrent);
    *pppi = ppiCurrent->ppiNext;

    /* Cleanup GDI info */
    GdiProcessDestroy(Process);

    /* Cleanup USER info */
    UserProcessDestroy(Process);

    /* The process is dying */
    PsSetProcessWin32Process(Process, NULL, ppiCurrent);
    ppiCurrent->peProcess = NULL;

    /* Finally, dereference */
    IntDereferenceProcessInfo(ppiCurrent);

    return STATUS_SUCCESS;
}

Referenced by InitProcessCallback(), and Win32kProcessCallback().

ExitThreadCallback()

NTSTATUS NTAPI ExitThreadCallback

(

PETHREAD

Thread

)

Definition at line 687 of file main.c.

{
    PTHREADINFO *ppti;
    PSINGLE_LIST_ENTRY psle;
    PPROCESSINFO ppiCurrent;
    PEPROCESS Process;
    PTHREADINFO ptiCurrent;

    Process = Thread->ThreadsProcess;

    /* Get the Win32 Thread */
    ptiCurrent = PsGetThreadWin32Thread(Thread);
    ASSERT(ptiCurrent);

    TRACE_CH(UserThread, "Destroying pti 0x%p eThread 0x%p\n", ptiCurrent, Thread);

    ptiCurrent->TIF_flags |= TIF_INCLEANUP;
    ptiCurrent->pClientInfo->dwTIFlags = ptiCurrent->TIF_flags;

    ppiCurrent = ptiCurrent->ppi;
    ASSERT(ppiCurrent);

    IsRemoveAttachThread(ptiCurrent);

    ptiCurrent->TIF_flags |= TIF_DONTATTACHQUEUE;
    ptiCurrent->pClientInfo->dwTIFlags = ptiCurrent->TIF_flags;

    UserCloseClipboard();

    /* Decrement thread count and check if its 0 */
    ppiCurrent->cThreads--;

    if (ptiCurrent->TIF_flags & TIF_GUITHREADINITIALIZED)
    {
        /* Do now some process cleanup that requires a valid win32 thread */
        if (ptiCurrent->ppi->cThreads == 0)
        {
            /* Check if we have registered the user api hook */
            if (ptiCurrent->ppi == ppiUahServer)
            {
                /* Unregister the api hook */
                UserUnregisterUserApiHook();
            }

            /* Notify logon application to restart shell if needed */
            if (ptiCurrent->pDeskInfo)
            {
                if (ptiCurrent->pDeskInfo->ppiShellProcess == ppiCurrent)
                {
                    DWORD ExitCode = PsGetProcessExitStatus(Process);

                   TRACE_CH(UserProcess, "Shell process is exiting (%lu)\n", ExitCode);

                    UserPostMessage(hwndSAS,
                                    WM_LOGONNOTIFY,
                                    LN_SHELL_EXITED,
                                    ExitCode);

                    ptiCurrent->pDeskInfo->ppiShellProcess = NULL;
                }
            }
        }

        DceFreeThreadDCE(ptiCurrent);
        DestroyTimersForThread(ptiCurrent);
        KeSetEvent(ptiCurrent->pEventQueueServer, IO_NO_INCREMENT, FALSE);
        UnregisterThreadHotKeys(ptiCurrent);

        if (!UserDestroyObjectsForOwner(gHandleTable, ptiCurrent))
        {
            DPRINT1("Failed to delete objects belonging to thread %p. This is VERY BAD!.\n", ptiCurrent);
            ASSERT(FALSE);
            return STATUS_UNSUCCESSFUL;
        }

        if (ppiCurrent && ppiCurrent->ptiList == ptiCurrent && !ptiCurrent->ptiSibling &&
            ppiCurrent->W32PF_flags & W32PF_CLASSESREGISTERED)
        {
            TRACE_CH(UserThread, "DestroyProcessClasses\n");
            /* no process windows should exist at this point, or the function will assert! */
            DestroyProcessClasses(ppiCurrent);
            ppiCurrent->W32PF_flags &= ~W32PF_CLASSESREGISTERED;
        }

        IntBlockInput(ptiCurrent, FALSE);
        IntCleanupThreadCallbacks(ptiCurrent);

        /* cleanup user object references stack */
        psle = PopEntryList(&ptiCurrent->ReferencesList);
        while (psle)
        {
            PUSER_REFERENCE_ENTRY ref = CONTAINING_RECORD(psle, USER_REFERENCE_ENTRY, Entry);
            TRACE_CH(UserThread, "thread clean: remove reference obj 0x%p\n",ref->obj);
            UserDereferenceObject(ref->obj);

            psle = PopEntryList(&ptiCurrent->ReferencesList);
        }
    }

    if (ptiCurrent->cEnterCount)
    {
       KeSetKernelStackSwapEnable(TRUE);
       ptiCurrent->cEnterCount = 0;
    }

    /* Find the THREADINFO in the PROCESSINFO's list */
    ppti = &ppiCurrent->ptiList;
    while (*ppti != NULL && *ppti != ptiCurrent)
    {
        ppti = &((*ppti)->ptiSibling);
    }

    /* we must have found it */
    ASSERT(*ppti == ptiCurrent);

    /* Remove it from the list */
    *ppti = ptiCurrent->ptiSibling;

    if (ptiCurrent->KeyboardLayout)
        UserDereferenceObject(ptiCurrent->KeyboardLayout);

    if (gptiForeground == ptiCurrent)
    {
//       IntNotifyWinEvent(EVENT_OBJECT_FOCUS, NULL, OBJID_CLIENT, CHILDID_SELF, 0);
//       IntNotifyWinEvent(EVENT_SYSTEM_FOREGROUND, NULL, OBJID_WINDOW, CHILDID_SELF, 0);

       gptiForeground = NULL;
    }

    /* Restore display mode when we are the last thread, and we changed the display mode */
    if (ppiCurrent->cThreads == 0)
        UserDisplayNotifyShutdown(ppiCurrent);


    // Fixes CORE-6384 & CORE-7030.
/*    if (ptiLastInput == ptiCurrent)
    {
       if (!ppiCurrent->ptiList)
          ptiLastInput = gptiForeground;
       else
          ptiLastInput = ppiCurrent->ptiList;
       ERR_CH(UserThread, "DTI: ptiLastInput is Cleared!!\n");
    }
*/
    TRACE_CH(UserThread, "Freeing pti 0x%p\n", ptiCurrent);

    IntSetThreadDesktop(NULL, TRUE);

    if (ptiCurrent->hEventQueueClient != NULL)
    {
       ObCloseHandle(ptiCurrent->hEventQueueClient, UserMode);
       ObDereferenceObject(ptiCurrent->pEventQueueServer);
    }
    ptiCurrent->hEventQueueClient = NULL;

    /* The thread is dying */
    PsSetThreadWin32Thread(Thread /*ptiCurrent->pEThread*/, NULL, ptiCurrent);

    /* Dereference the THREADINFO */
    IntDereferenceThreadInfo(ptiCurrent);

    return STATUS_SUCCESS;
}

Referenced by InitThreadCallback(), and Win32kThreadCallback().

GdiProcessCreate()

NTSTATUS GdiProcessCreate

(

PEPROCESS

Process

)

Definition at line 18 of file init.c.

{
    PPROCESSINFO ppiCurrent = PsGetProcessWin32Process(Process);
    ASSERT(ppiCurrent);

    InitializeListHead(&ppiCurrent->PrivateFontListHead);
    InitializeListHead(&ppiCurrent->PrivateMemFontListHead);
    ppiCurrent->PrivateMemFontHandleCount = 0;
    ExInitializeFastMutex(&ppiCurrent->PrivateFontListLock);

    InitializeListHead(&ppiCurrent->GDIBrushAttrFreeList);
    InitializeListHead(&ppiCurrent->GDIDcAttrFreeList);

    /* Map the GDI handle table to user land */
    Process->Peb->GdiSharedHandleTable = GDI_MapHandleTable(Process);
    Process->Peb->GdiDCAttributeList = GDI_BATCH_LIMIT;

    /* Create pools for GDI object attributes */
    ppiCurrent->pPoolDcAttr = GdiPoolCreate(sizeof(DC_ATTR), 'acdG');
    ppiCurrent->pPoolBrushAttr = GdiPoolCreate(sizeof(BRUSH_ATTR), 'arbG');
    ppiCurrent->pPoolRgnAttr = GdiPoolCreate(sizeof(RGN_ATTR), 'agrG');
    ASSERT(ppiCurrent->pPoolDcAttr);
    ASSERT(ppiCurrent->pPoolBrushAttr);
    ASSERT(ppiCurrent->pPoolRgnAttr);

    return STATUS_SUCCESS;
}

Referenced by InitProcessCallback().

GdiProcessDestroy()

NTSTATUS GdiProcessDestroy

(

PEPROCESS

Process

)

Definition at line 47 of file init.c.

{
    PPROCESSINFO ppiCurrent = PsGetProcessWin32Process(Process);
    ASSERT(ppiCurrent);
    ASSERT(ppiCurrent->peProcess == Process);

    IntGdiCleanupPrivateFontsForProcess();

    /* And GDI ones too */
    GDI_CleanupForProcess(Process);

    /* So we can now free the pools */
    GdiPoolDestroy(ppiCurrent->pPoolDcAttr);
    GdiPoolDestroy(ppiCurrent->pPoolBrushAttr);
    GdiPoolDestroy(ppiCurrent->pPoolRgnAttr);

    return STATUS_SUCCESS;
}

Referenced by ExitProcessCallback().

GdiThreadCreate()

NTSTATUS GdiThreadCreate

(

PETHREAD

Thread

)

Definition at line 68 of file init.c.

{
    return STATUS_SUCCESS;
}

GdiThreadDestroy()

NTSTATUS GdiThreadDestroy

(

PETHREAD

Thread

)

Definition at line 74 of file init.c.

{
    return STATUS_SUCCESS;
}

InitProcessCallback()

NTSTATUS InitProcessCallback

(

PEPROCESS

Process

)

Definition at line 223 of file main.c.

{
    NTSTATUS Status;
    PPROCESSINFO ppiCurrent;
    PVOID KernelMapping = NULL, UserMapping = NULL;

    /* We might be called with an already allocated win32 process */
    ppiCurrent = PsGetProcessWin32Process(Process);
    if (ppiCurrent != NULL)
    {
        /* There is no more to do for us (this is a success code!) */
        return STATUS_ALREADY_WIN32;
    }
    // if (ppiCurrent->W32PF_flags & W32PF_PROCESSCONNECTED)
        // return STATUS_ALREADY_WIN32;

    /* Allocate a new Win32 process info */
    Status = AllocW32Process(Process, &ppiCurrent);
    if (!NT_SUCCESS(Status))
    {
        ERR_CH(UserProcess, "Failed to allocate ppi for PID:0x%lx\n",
               HandleToUlong(Process->UniqueProcessId));
        return Status;
    }

#if DBG
    DbgInitDebugChannels();
#if defined(KDBG)
    KdRosRegisterCliCallback(DbgGdiKdbgCliCallback);
#endif
#endif

    /* Map the global user heap into the process */
    Status = MapGlobalUserHeap(Process, &KernelMapping, &UserMapping);
    if (!NT_SUCCESS(Status))
    {
        TRACE_CH(UserProcess, "Failed to map the global heap! 0x%x\n", Status);
        goto error;
    }

    TRACE_CH(UserProcess, "InitProcessCallback -- We have KernelMapping 0x%p and UserMapping 0x%p with delta = 0x%x\n",
           KernelMapping, UserMapping, (ULONG_PTR)KernelMapping - (ULONG_PTR)UserMapping);

    /* Initialize USER process info */
    Status = UserProcessCreate(Process);
    if (!NT_SUCCESS(Status))
    {
        ERR_CH(UserProcess, "UserProcessCreate failed, Status 0x%08lx\n", Status);
        goto error;
    }

    /* Initialize GDI process info */
    Status = GdiProcessCreate(Process);
    if (!NT_SUCCESS(Status))
    {
        ERR_CH(UserProcess, "GdiProcessCreate failed, Status 0x%08lx\n", Status);
        goto error;
    }

    /* Add the process to the global list */
    ppiCurrent->ppiNext = gppiList;
    gppiList = ppiCurrent;

    return STATUS_SUCCESS;

error:
    ERR_CH(UserProcess, "InitProcessCallback failed! Freeing ppi 0x%p for PID:0x%lx\n",
           ppiCurrent, HandleToUlong(Process->UniqueProcessId));
    ExitProcessCallback(Process);
    return Status;
}

Referenced by Win32kProcessCallback().

InitThreadCallback()

NTSTATUS NTAPI InitThreadCallback

(

PETHREAD

Thread

)

Definition at line 448 of file main.c.

{
    PEPROCESS Process;
    PCLIENTINFO pci;
    PTHREADINFO ptiCurrent;
    int i;
    NTSTATUS Status = STATUS_SUCCESS;
    PTEB pTeb;
    PRTL_USER_PROCESS_PARAMETERS ProcessParams;

    Process = Thread->ThreadsProcess;

    pTeb = NtCurrentTeb();
    ASSERT(pTeb);

    ProcessParams = pTeb->ProcessEnvironmentBlock->ProcessParameters;

    /* Allocate a new Win32 thread info */
    Status = AllocW32Thread(Thread, &ptiCurrent);
    if (!NT_SUCCESS(Status))
    {
        ERR_CH(UserThread, "Failed to allocate pti for TID:0x%lx\n",
               HandleToUlong(Thread->Cid.UniqueThread));
        return Status;
    }

    /* Initialize the THREADINFO */
    ptiCurrent->pEThread = Thread;
    ptiCurrent->ppi = PsGetProcessWin32Process(Process);
    IntReferenceProcessInfo(ptiCurrent->ppi);
    pTeb->Win32ThreadInfo = ptiCurrent;
    ptiCurrent->pClientInfo = (PCLIENTINFO)pTeb->Win32ClientInfo;
    ptiCurrent->pcti = &ptiCurrent->cti;

    /* Mark the process as having threads */
    ptiCurrent->ppi->W32PF_flags |= W32PF_THREADCONNECTED;

    InitializeListHead(&ptiCurrent->WindowListHead);
    InitializeListHead(&ptiCurrent->W32CallbackListHead);
    InitializeListHead(&ptiCurrent->PostedMessagesListHead);
    InitializeListHead(&ptiCurrent->SentMessagesListHead);
    InitializeListHead(&ptiCurrent->PtiLink);
    for (i = 0; i < NB_HOOKS; i++)
    {
        InitializeListHead(&ptiCurrent->aphkStart[i]);
    }
    ptiCurrent->ptiSibling = ptiCurrent->ppi->ptiList;
    ptiCurrent->ppi->ptiList = ptiCurrent;
    ptiCurrent->ppi->cThreads++;

    ptiCurrent->hEventQueueClient = NULL;
    Status = ZwCreateEvent(&ptiCurrent->hEventQueueClient, EVENT_ALL_ACCESS,
                            NULL, SynchronizationEvent, FALSE);
    if (!NT_SUCCESS(Status))
    {
        ERR_CH(UserThread, "Event creation failed, Status 0x%08x.\n", Status);
        goto error;
    }
    Status = ObReferenceObjectByHandle(ptiCurrent->hEventQueueClient, 0,
                                       *ExEventObjectType, UserMode,
                                       (PVOID*)&ptiCurrent->pEventQueueServer, NULL);
    if (!NT_SUCCESS(Status))
    {
        ERR_CH(UserThread, "Failed referencing the event object, Status 0x%08x.\n", Status);
        ObCloseHandle(ptiCurrent->hEventQueueClient, UserMode);
        ptiCurrent->hEventQueueClient = NULL;
        goto error;
    }

    ptiCurrent->pcti->timeLastRead = EngGetTickCount32();

    ptiCurrent->MessageQueue = MsqCreateMessageQueue(ptiCurrent);
    if (ptiCurrent->MessageQueue == NULL)
    {
        ERR_CH(UserThread, "Failed to allocate message loop\n");
        Status = STATUS_NO_MEMORY;
        goto error;
    }

    ptiCurrent->KeyboardLayout = W32kGetDefaultKeyLayout();
    if (ptiCurrent->KeyboardLayout)
        UserReferenceObject(ptiCurrent->KeyboardLayout);

    ptiCurrent->TIF_flags &= ~TIF_INCLEANUP;

    // FIXME: Flag SYSTEM threads with... TIF_SYSTEMTHREAD !!

    /* CSRSS threads have some special features */
    if (Process == gpepCSRSS || !gpepCSRSS)
        ptiCurrent->TIF_flags = TIF_CSRSSTHREAD | TIF_DONTATTACHQUEUE;

    /* Initialize the CLIENTINFO */
    pci = (PCLIENTINFO)pTeb->Win32ClientInfo;
    RtlZeroMemory(pci, sizeof(*pci));
    pci->ppi = ptiCurrent->ppi;
    pci->fsHooks = ptiCurrent->fsHooks;
    pci->dwTIFlags = ptiCurrent->TIF_flags;
    if (ptiCurrent->KeyboardLayout)
    {
        pci->hKL = ptiCurrent->KeyboardLayout->hkl;
        pci->CodePage = ptiCurrent->KeyboardLayout->CodePage;
    }

    /* Need to pass the user Startup Information to the current process. */
    if ( ProcessParams )
    {
       if ( ptiCurrent->ppi->usi.cb == 0 )      // Not initialized yet.
       {
          if ( ProcessParams->WindowFlags != 0 ) // Need window flags set.
          {
             ptiCurrent->ppi->usi.cb          = sizeof(USERSTARTUPINFO);
             ptiCurrent->ppi->usi.dwX         = ProcessParams->StartingX;
             ptiCurrent->ppi->usi.dwY         = ProcessParams->StartingY;
             ptiCurrent->ppi->usi.dwXSize     = ProcessParams->CountX;
             ptiCurrent->ppi->usi.dwYSize     = ProcessParams->CountY;
             ptiCurrent->ppi->usi.dwFlags     = ProcessParams->WindowFlags;
             ptiCurrent->ppi->usi.wShowWindow = (WORD)ProcessParams->ShowWindowFlags;
          }
       }
    }

    /*
     * Assign a default window station and desktop to the process.
     * Do not try to open a desktop or window station before the very first
     * (interactive) window station has been created by Winlogon.
     */
    if (!(ptiCurrent->TIF_flags & (TIF_SYSTEMTHREAD | TIF_CSRSSTHREAD)) &&
        ptiCurrent->ppi->hdeskStartup == NULL &&
        InputWindowStation != NULL)
    {
        HWINSTA hWinSta = NULL;
        HDESK hDesk = NULL;
        UNICODE_STRING DesktopPath;
        PDESKTOP pdesk;

        /*
         * Inherit the thread desktop and process window station (if not yet inherited)
         * from the process startup info structure. See documentation of CreateProcess().
         */
        Status = STATUS_UNSUCCESSFUL;
        if (ProcessParams && ProcessParams->DesktopInfo.Length > 0)
        {
            Status = IntSafeCopyUnicodeStringTerminateNULL(&DesktopPath, &ProcessParams->DesktopInfo);
        }
        if (!NT_SUCCESS(Status))
        {
            RtlInitUnicodeString(&DesktopPath, NULL);
        }

        Status = IntResolveDesktop(Process,
                                   &DesktopPath,
                                   !!(ProcessParams->WindowFlags & STARTF_INHERITDESKTOP),
                                   &hWinSta,
                                   &hDesk);

        if (DesktopPath.Buffer)
            ExFreePoolWithTag(DesktopPath.Buffer, TAG_STRING);

        if (!NT_SUCCESS(Status))
        {
            ERR_CH(UserThread, "Failed to assign default desktop and winsta to process\n");
            goto error;
        }

        if (!UserSetProcessWindowStation(hWinSta))
        {
            Status = STATUS_UNSUCCESSFUL;
            ERR_CH(UserThread, "Failed to set initial process winsta\n");
            goto error;
        }

        /* Validate the new desktop */
        Status = IntValidateDesktopHandle(hDesk, UserMode, 0, &pdesk);
        if (!NT_SUCCESS(Status))
        {
            ERR_CH(UserThread, "Failed to validate initial desktop handle\n");
            goto error;
        }

        /* Store the parsed desktop as the initial desktop */
        ASSERT(ptiCurrent->ppi->hdeskStartup == NULL);
        ASSERT(Process->UniqueProcessId != gpidLogon);
        ptiCurrent->ppi->hdeskStartup = hDesk;
        ptiCurrent->ppi->rpdeskStartup = pdesk;
    }

    if (ptiCurrent->ppi->hdeskStartup != NULL)
    {
        if (!IntSetThreadDesktop(ptiCurrent->ppi->hdeskStartup, FALSE))
        {
            ERR_CH(UserThread, "Failed to set thread desktop\n");
            Status = STATUS_UNSUCCESSFUL;
            goto error;
        }
    }

    /* Mark the thread as fully initialized */
    ptiCurrent->TIF_flags |= TIF_GUITHREADINITIALIZED;

    if (!(ptiCurrent->ppi->W32PF_flags & (W32PF_ALLOWFOREGROUNDACTIVATE | W32PF_APPSTARTING)) &&
         (gptiForeground && gptiForeground->ppi == ptiCurrent->ppi ))
    {
        ptiCurrent->TIF_flags |= TIF_ALLOWFOREGROUNDACTIVATE;
    }
    ptiCurrent->pClientInfo->dwTIFlags = ptiCurrent->TIF_flags;

    /* Last things to do only if we are not a SYSTEM or CSRSS thread */
    if (!(ptiCurrent->TIF_flags & (TIF_SYSTEMTHREAD | TIF_CSRSSTHREAD)))
    {
        /* Callback to User32 Client Thread Setup */
        TRACE_CH(UserThread, "Call co_IntClientThreadSetup...\n");
        Status = co_IntClientThreadSetup();
        if (!NT_SUCCESS(Status))
        {
            ERR_CH(UserThread, "ClientThreadSetup failed with Status 0x%08lx\n", Status);
            goto error;
        }
        TRACE_CH(UserThread, "co_IntClientThreadSetup succeeded!\n");
    }
    else
    {
        TRACE_CH(UserThread, "co_IntClientThreadSetup cannot be called...\n");
    }

    TRACE_CH(UserThread, "UserCreateW32Thread pti 0x%p\n", ptiCurrent);
    return STATUS_SUCCESS;

error:
    ERR_CH(UserThread, "InitThreadCallback failed! Freeing pti 0x%p for TID:0x%lx\n",
           ptiCurrent, HandleToUlong(Thread->Cid.UniqueThread));
    ExitThreadCallback(Thread);
    return Status;
}

Referenced by Win32kThreadCallback().

UserDeleteW32Process()

VOID UserDeleteW32Process

(

_Pre_notnull_ __drv_freesMem(Mem) PPROCESSINFO

ppiCurrent

)

Definition at line 96 of file main.c.

{
    if (ppiCurrent->InputIdleEvent)
    {
        /* Free the allocated memory */
        ExFreePoolWithTag(ppiCurrent->InputIdleEvent, USERTAG_EVENT);
    }

    /* Close the startup desktop */
    if (ppiCurrent->rpdeskStartup)
        ObDereferenceObject(ppiCurrent->rpdeskStartup);

#if DBG
    if (DBG_IS_CHANNEL_ENABLED(ppiCurrent, DbgChUserObj, WARN_LEVEL))
    {
        TRACE_PPI(ppiCurrent, UserObj, "Dumping user handles now that process info %p is gets freed.\n", ppiCurrent);
        DbgUserDumpHandleTable();
    }
#endif

    /* Free the PROCESSINFO */
    ExFreePoolWithTag(ppiCurrent, USERTAG_PROCESSINFO);
}

UserDeleteW32Thread()

VOID UserDeleteW32Thread

(

PTHREADINFO

pti

)

Definition at line 404 of file main.c.

{
   PPROCESSINFO ppi = pti->ppi;

   TRACE_CH(UserThread, "UserDeleteW32Thread pti 0x%p\n",pti);

   /* Free the message queue */
   if (pti->MessageQueue)
   {
      MsqDestroyMessageQueue(pti);
   }

   MsqCleanupThreadMsgs(pti);

   ObDereferenceObject(pti->pEThread);

   ExFreePoolWithTag(pti, USERTAG_THREADINFO);

   IntDereferenceProcessInfo(ppi);

   {
      // Find another queue for mouse cursor.
      MSG msg;
      msg.message = WM_MOUSEMOVE;
      msg.wParam = UserGetMouseButtonsState();
      msg.lParam = MAKELPARAM(gpsi->ptCursor.x, gpsi->ptCursor.y);
      msg.pt = gpsi->ptCursor;
      co_MsqInsertMouseMessage(&msg, 0, 0, TRUE);
   }
}

UserDisplayNotifyShutdown()

VOID UserDisplayNotifyShutdown

(

PPROCESSINFO

ppiCurrent

)

Definition at line 857 of file display.c.

{
    if (ppiCurrent == gpFullscreen)
    {
        UserChangeDisplaySettings(NULL, NULL, 0, NULL);
        if (gpFullscreen)
            ERR("Failed to restore display mode!\n");
    }
}

Referenced by ExitThreadCallback().

UserProcessCreate()

NTSTATUS UserProcessCreate

(

PEPROCESS

Process

)

Definition at line 122 of file main.c.

{
    PPROCESSINFO ppiCurrent = PsGetProcessWin32Process(Process);
    ASSERT(ppiCurrent);

    InitializeListHead(&ppiCurrent->DriverObjListHead);
    ExInitializeFastMutex(&ppiCurrent->DriverObjListLock);

    {
        PKEVENT Event;

        /* Allocate memory for the event structure */
        Event = ExAllocatePoolWithTag(NonPagedPool,
                                      sizeof(*Event),
                                      USERTAG_EVENT);
        if (Event)
        {
            /* Initialize the kernel event */
            KeInitializeEvent(Event,
                              SynchronizationEvent,
                              FALSE);
        }
        else
        {
            /* Out of memory */
            DPRINT("CreateEvent() failed\n");
            KeBugCheck(0);
        }

        /* Set the event */
        ppiCurrent->InputIdleEvent = Event;
        KeInitializeEvent(ppiCurrent->InputIdleEvent, NotificationEvent, FALSE);
    }

    ppiCurrent->peProcess = Process;
    ppiCurrent->W32Pid = HandleToUlong(PsGetProcessId(Process));

    /* Setup process flags */
    ppiCurrent->W32PF_flags |= W32PF_PROCESSCONNECTED;
    if (Process->Peb->ProcessParameters &&
        (Process->Peb->ProcessParameters->WindowFlags & STARTF_SCREENSAVER))
    {
        ppiScrnSaver = ppiCurrent;
        ppiCurrent->W32PF_flags |= W32PF_SCREENSAVER;
    }

    // FIXME: check if this process is allowed.
    ppiCurrent->W32PF_flags |= W32PF_ALLOWFOREGROUNDACTIVATE; // Starting application will get it toggled off.

    return STATUS_SUCCESS;
}

Referenced by InitProcessCallback().

UserProcessDestroy()

NTSTATUS UserProcessDestroy

(

PEPROCESS

Process

)

Definition at line 175 of file main.c.

{
    PPROCESSINFO ppiCurrent = PsGetProcessWin32Process(Process);
    ASSERT(ppiCurrent);

    if (ppiScrnSaver == ppiCurrent)
        ppiScrnSaver = NULL;

    /* Destroy user objects */
    UserDestroyObjectsForOwner(gHandleTable, ppiCurrent);

    TRACE_CH(UserProcess, "Freeing ppi 0x%p\n", ppiCurrent);
#if DBG
    if (DBG_IS_CHANNEL_ENABLED(ppiCurrent, DbgChUserObj, WARN_LEVEL))
    {
        TRACE_CH(UserObj, "Dumping user handles at the end of the process %s (Info %p).\n",
            ppiCurrent->peProcess->ImageFileName, ppiCurrent);
        DbgUserDumpHandleTable();
    }
#endif

    /* Remove it from the list of GUI apps */
    co_IntGraphicsCheck(FALSE);

    /*
     * Deregister logon application automatically
     */
    if (gpidLogon == ppiCurrent->peProcess->UniqueProcessId)
        gpidLogon = 0;

    /* Close the current window station */
    UserSetProcessWindowStation(NULL);

    if (gppiInputProvider == ppiCurrent) gppiInputProvider = NULL;

    if (ppiCurrent->hdeskStartup)
    {
        ZwClose(ppiCurrent->hdeskStartup);
        ppiCurrent->hdeskStartup = NULL;
    }

    /* Clean up the process icon cache */
    IntCleanupCurIconCache(ppiCurrent);

    return STATUS_SUCCESS;
}

Referenced by ExitProcessCallback().

UserThreadCreate()

NTSTATUS UserThreadCreate

(

PETHREAD

Thread

)

Definition at line 436 of file main.c.

{
    return STATUS_SUCCESS;
}

UserThreadDestroy()

NTSTATUS UserThreadDestroy

(

PETHREAD

Thread

)

Definition at line 442 of file main.c.

{
    return STATUS_SUCCESS;
}

Win32kProcessCallback()

NTSTATUS APIENTRY Win32kProcessCallback	(	PEPROCESS	Process,
		BOOLEAN	Initialize
	)

Definition at line 335 of file main.c.

{
    NTSTATUS Status;

    ASSERT(Process->Peb);

    TRACE_CH(UserProcess, "Win32kProcessCallback -->\n");

    UserEnterExclusive();

    if (Initialize)
    {
        Status = InitProcessCallback(Process);
    }
    else
    {
        Status = ExitProcessCallback(Process);
    }

    UserLeave();

    TRACE_CH(UserProcess, "<-- Win32kProcessCallback\n");

    return Status;
}

Referenced by DriverEntry().

Win32kThreadCallback()

NTSTATUS APIENTRY Win32kThreadCallback	(	PETHREAD	Thread,
		PSW32THREADCALLOUTTYPE	Type
	)

Definition at line 853 of file main.c.

{
    NTSTATUS Status;

    ASSERT(NtCurrentTeb());

    UserEnterExclusive();

    if (Type == PsW32ThreadCalloutInitialize)
    {
        ASSERT(PsGetThreadWin32Thread(Thread) == NULL);
        Status = InitThreadCallback(Thread);
    }
    else // if (Type == PsW32ThreadCalloutExit)
    {
        ASSERT(PsGetThreadWin32Thread(Thread) != NULL);
        Status = ExitThreadCallback(Thread);
    }

    UserLeave();

    return Status;
}

Referenced by DriverEntry().

Variable Documentation

gppiList

PPROCESSINFO gppiList = NULL

Definition at line 31 of file main.c.

Referenced by ExitProcessCallback(), and InitProcessCallback().

gpsi

PSERVERINFO gpsi = NULL

Definition at line 27 of file main.c.

Referenced by alloc_user_entry(), co_IntInitializeDesktopGraphics(), co_IntSendActivateMessages(), co_IntSendMessageTimeout(), co_IntSetCaretPos(), co_IntSetupOBM(), co_IntSetWndIcons(), co_IntShellHookNotify(), co_MsqInsertMouseMessage(), co_MsqSendMessage(), co_UserCreateWindowEx(), co_UserDestroyWindow(), co_UserShowCaret(), co_WinPosSetWindowPos(), CreateSysColorObjects(), DefWndControlColor(), DefWndGetIcon(), DefWndHandleSetCursor(), DefWndSetIcon(), DrawFocusRect(), DriverEntry(), EnumerateCallback(), free_user_entry(), GetLastInputInfo(), GetSysColor(), GetSysColorBrush(), GetSystemMetrics(), InitMetrics(), InitUserAtoms(), IntCoalesceMouseMove(), IntCreateClass(), IntCreateDesktop(), IntCreateWindow(), IntDeactivateWindow(), IntDefWindowProc(), IntDrawState(), IntFlashWindowEx(), IntGetSysColor(), IntGetSysColorBrush(), IntGetWindowContextHelpId(), IntGrayString(), IntImmProcessKey(), IntIsFontRenderingEnabled(), IntIsGhostWindow(), IntLastInputTick(), IntNotifyWinEvent(), IntRealChildWindowFromPoint(), IntRemoveEvent(), IntSetCaretBlinkTime(), IntSetSrvEventMask(), IntSetSysColors(), IntTranslateKbdMessage(), IsDialogMessageW(), IsWinEventHookInstalled(), LoadSystemCursors(), LoadUserApiHook(), MENU_AdjustMenuItemRect(), MENU_CalcItemSize(), MENU_DrawMenuItem(), MENU_DrawScrollArrows(), MENU_EnsureMenuItemVisible(), MENU_InitPopup(), MouseSafetyOnDrawEnd(), NC_IconForWindow(), NotifyWinEvent(), NtUserCallHwnd(), NtUserCallHwndParam(), NtUserCallNoParam(), NtUserCallOneParam(), NtUserCreateCaret(), NtUserGetCaretBlinkTime(), NtUserGetClassName(), NtUserGetComboBoxInfo(), NtUserGetCursorInfo(), NtUserGetListBoxInfo(), NtUserInitializeClientPfnArrays(), NtUserMessageCall(), NtUserNotifyWinEvent(), NtUserProcessConnect(), PostTimerMessages(), ProcessKeyEvent(), RealGetSystemMetrics(), RegisterControlAtoms(), SpiUpdatePerUserSystemParameters(), SystemTimerProc(), UITOOLS_DrawCheckedRect(), UpdatePerUserImmEnabling(), UserAttachThreadInput(), UserChangeDisplaySettings(), UserClipCursor(), UserDeleteW32Thread(), UserDrawWindowFrame(), UserGetSystemMetrics(), UserInitialize(), UserPaintCaption(), UserPostMessage(), UserPostThreadMessage(), UserRegisterUserApiHook(), UserSendMouseInput(), UserSendNotifyMessage(), UserSetCursor(), UserSetCursorPos(), UserShowCursor(), UserUnregisterUserApiHook(), and UserUpdateMonitorSize().

gusLanguageID

USHORT gusLanguageID

Definition at line 29 of file main.c.

Referenced by DriverEntry(), ftGdiGetRasterizerCaps(), GetFontPenalty(), IntGetOutlineTextMetrics(), IntInitFontNames(), MatchFontNames(), and TextIntRealizeFont().

hModuleWin

HANDLE hModuleWin

Definition at line 16 of file main.c.

Referenced by DriverEntry(), and UserRegisterSystemClasses().

ppiScrnSaver

PPROCESSINFO ppiScrnSaver

Definition at line 30 of file main.c.

Referenced by co_IntSetForegroundAndFocusWindow(), DoTheScreenSaver(), UserProcessCreate(), and UserProcessDestroy().

Win32kNumberOfSysCalls

ULONG Win32kNumberOfSysCalls

Definition at line 22 of file napi.h.

Referenced by DriverEntry().

Win32kSSDT

ULONG_PTR Win32kSSDT[]

Definition at line 9 of file napi.h.

Referenced by DriverEntry().

Win32kSSPT

UCHAR Win32kSSPT[]

Definition at line 15 of file napi.h.

Referenced by DriverEntry().