#include <ntoskrnl.h>
#include <debug.h>

Include dependency graph for obref.c:

Macros
#define	NDEBUG

Functions
BOOLEAN FASTCALL	ObReferenceObjectSafe (IN PVOID Object)

VOID NTAPI	ObpDeferObjectDeletion (IN POBJECT_HEADER Header)

LONG FASTCALL	ObReferenceObjectEx (IN PVOID Object, IN LONG Count)

LONG FASTCALL	ObDereferenceObjectEx (IN PVOID Object, IN LONG Count)

VOID FASTCALL	ObInitializeFastReference (IN PEX_FAST_REF FastRef, IN PVOID Object OPTIONAL)

PVOID FASTCALL	ObFastReferenceObjectLocked (IN PEX_FAST_REF FastRef)

PVOID FASTCALL	ObFastReferenceObject (IN PEX_FAST_REF FastRef)

VOID FASTCALL	ObFastDereferenceObject (IN PEX_FAST_REF FastRef, IN PVOID Object)

PVOID FASTCALL	ObFastReplaceObject (IN PEX_FAST_REF FastRef, PVOID Object)

NTSTATUS NTAPI	ObReferenceFileObjectForWrite (IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode, OUT PFILE_OBJECT *FileObject, OUT POBJECT_HANDLE_INFORMATION HandleInformation)

LONG_PTR FASTCALL	ObfReferenceObject (IN PVOID Object)

LONG_PTR FASTCALL	ObfDereferenceObject (IN PVOID Object)

VOID NTAPI	ObDereferenceObjectDeferDelete (IN PVOID Object)

VOID NTAPI	ObDereferenceObject (IN PVOID Object)

NTSTATUS NTAPI	ObReferenceObjectByPointer (IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)

NTSTATUS NTAPI	ObReferenceObjectByName (IN PUNICODE_STRING ObjectPath, IN ULONG Attributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, OUT PVOID *ObjectPtr)

NTSTATUS NTAPI	ObReferenceObjectByHandle (IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)

Variables
ULONG	ObpAccessProtectCloseBit

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 15 of file obref.c.

Function Documentation

◆ ObDereferenceObject()

VOID NTAPI ObDereferenceObject ( IN PVOID Object )

Definition at line 375 of file obref.c.

 {
     /* Call the fastcall function */
     ObfDereferenceObject(Object);
 }

Referenced by _Function_class_(), _Requires_lock_held_(), _Success_(), add_device(), add_volume_device(), AdvancedErrorChecks(), AfdAccept(), AfdCloseSocket(), AfdEnumEvents(), AfdEventSelect(), BasicBehaviorChecks(), BehaviorChecks(), BuildDesktopNameList(), Bus_GetDeviceCapabilities(), CcpDereferenceCache(), CcPerformReadAhead(), CcpMapData(), CcpReadAhead(), CcpUnmapCache(), CcRosDeleteFileCache(), CcRosInitializeFileCache(), CcUninitializeCacheMap(), CdCreateInternalStream(), CdDeleteInternalStream(), CdDeleteVcb(), CdReMountOldVcb(), CdRomCreateDeviceObject(), CdUnload(), check_system_root(), ClassCreateDeviceObject(), ClasspFailurePredict(), CleanupTest(), CloseClientPort(), CmBattUnload(), CmGetSystemDriverList(), CmpConvertHandleToKernelHandle(), CmpCreateRegistryRoot(), CmpDoCreateChild(), CmpDoOpen(), CmpIsHiveAlreadyLoaded(), CmpOpenHiveFiles(), co_HOOK_CallHooks(), co_IntRegisterLogonProcess(), co_UserCreateWindowEx(), CompBattAddNewBattery(), CompBattRemoveBattery(), Control(), create_snapshot(), CreateClientPort(), CreateGreenFdo(), CreateMixerPinAndSetFormat(), DbgkClearProcessDebugObject(), DbgkOpenProcessDebugPort(), DbgkpCloseObject(), DbgkpFreeDebugEvent(), DbgkpPostFakeProcessCreateMessages(), DbgkpPostFakeThreadMessages(), DbgkpQueueMessage(), DbgkpSetProcessDebugObject(), DecrementGdiHandleCount(), DestroyPortDriver(), disk_arrival(), DiskCreateFdo(), DiskDeviceControl(), DiskSendFailurePredictIoctl(), DispTdiAssociateAddress(), do_shutdown(), DriverEntry(), DriverUnload(), duplicate_extents(), EngFreeModule(), EngFreeSectionMem(), EngUnmapEvent(), ExFreePoolWithTag(), ExitThreadCallback(), ExpCreateWorkerThread(), ExpDebuggerWorker(), ExpDeleteProfile(), ExpWorkerThreadBalanceManager(), ExRegisterCallback(), ExReturnPoolQuota(), ExShutdownSystem(), Ext2DestroyVcb(), Ext2FloppyFlush(), Ext2InitializeVcb(), Ext2InvalidateVolumes(), Ext2MountVolume(), Ext2TearDownStream(), ExUnregisterCallback(), FatCloseEaFile(), FatDeferredFlush(), FatDeleteVcb(), FatExplicitDeviceAccessGranted(), FatOpenEaFile(), FatSetRenameInfo(), FatTearDownVcb(), FFSFloppyFlush(), FFSFreeVcb(), FFSInvalidateVolumes(), finish_removing_device(), FinishThread(), FltpClientPortDelete(), FltpDetachFromFileSystemDevice(), FltpEnumerateFileSystemVolumes(), FltpGetBaseDeviceObjectName(), FltpIsAttachedToDevice(), FltpSetupCommunicationObjects(), FsRtlAcknowledgeOplockBreak(), FsRtlCancelExclusiveIrp(), FsRtlNotifyVolumeEvent(), FsRtlOpBatchBreakClosePending(), FsRtlOplockBreakToII(), FsRtlOplockBreakToNone(), FsRtlOplockCleanup(), FsRtlRemoveAndCompleteIrp(), FsRtlTest_StartTest(), FsRtlUninitializeOplock(), get_device_pnp_name_guid(), GetDeviceId(), GetProcessLuid(), GreenQueryBusRelations(), GspQuery(), GspQueryThreadStatus(), GspSetThread(), HalGetAdapter(), HalpDeleteMountLetter(), HalpEnableAutomaticDriveLetterAssignment(), HalpIsOldStyleFloppy(), HalpNextMountLetter(), HalpQueryDriveLayout(), HalpQueryPartitionType(), HalpSetMountLetter(), HalPutDmaAdapter(), i8042SendHookWorkItem(), IKsPin_PinMasterClock(), IncrementGdiHandleCount(), InitGdiHandleTable(), InitializeCmdEventInfo(), IntAllowSetForegroundWindow(), IntCreateDesktop(), IntCreateWindowStation(), IntDesktopObjectDelete(), IntDesktopObjectParse(), IntFreeDesktopHeap(), IntGdiAddFontResourceEx(), IntResolveDesktop(), IntSetThreadDesktop(), IntTID2PTI(), IntUnmapDesktopView(), IntVideoPortDispatchDeviceControl(), IntVideoPortDispatchOpen(), invalidate_volumes(), IoAttachDevice(), IoCompletion(), IoCreateDevice(), IoCreateStreamFileObjectEx(), IoDeleteController(), IoDeleteDriver(), IoFreeErrorLogEntry(), IoGetBootDiskInformation(), IopActionInitChildServices(), IopAttachFilterDriversCallback(), IopCancelRemoveDeviceRelations(), IopCleanupAfterException(), IopCleanupFailedIrp(), IopCleanupIrp(), IopCompleteRequest(), IopComputeHarddiskDerangements(), IopCreateArcNamesCd(), IopCreateArcNamesDisk(), IopCreateDriver(), IopCreateEvent(), IopCreateFile(), IopDeleteDevice(), IopDeleteFile(), IopDeviceActionWorker(), IopDeviceFsIoControl(), IopDeviceStatus(), IopEnumerateDevice(), IopGetDeviceDepth(), IopGetDeviceProperty(), IopGetDeviceRelations(), IopGetDriverPathInformation(), IopGetFileInformation(), IopGetInterfaceDeviceList(), IopGetRelatedDevice(), IopGetSetSecurityObject(), IopInitializeBootDrivers(), IopInitializeBuiltinDriver(), IopInitializeDevice(), IopInitiatePnpIrp(), IopLoadUnloadDriver(), IopLogWorker(), IopMarkBootPartition(), IopMountVolume(), IopOpenLinkOrRenameTarget(), IopParseDevice(), IopPnpEnumerateDevice(), IopQueryRemoveDeviceRelations(), IopReportTargetDeviceChangeAsyncWorker(), IopResetDevice(), IopSendRemoveDevice(), IopSetDeviceSecurityDescriptors(), IopShutdownBaseFileSystems(), IopSynchronousCall(), IopTraverseDeviceTreeNode(), IopUnloadDevice(), IopUnloadDriver(), IopUnloadSafeCompletion(), IopUnlockFileObject(), IopWorkItemCallback(), IoRegisterPlugPlayNotification(), IoSetDeviceInterfaceState(), IoShutdownSystem(), IoUnregisterFsRegistrationChange(), IoUnregisterPlugPlayNotification(), IoUnregisterShutdownNotification(), IoVolumeDeviceToDosName(), IoWMIQueryAllData(), IsaPdoOnRepeaterComplete(), IsFtVolume(), IssueUniqueIdChangeNotify(), IssueUniqueIdChangeNotifyWorker(), KdbpAttachToProcess(), KdbpAttachToThread(), KdbpCmdProc(), KdbpCmdThread(), KdbpReleaseFileForSymbols(), KdbpSymLoadModuleSymbols(), KdpGdbEnterDebuggerException(), KernelModeTest(), KmtFinishThread(), KsDiscardEvent(), LpcpCopyRequestData(), LpcpCreatePort(), LpcpDeletePort(), LpcpDestroyPortQueue(), LpcpFreeToPortZone(), LpcRequestPort(), LpcRequestWaitReplyPort(), MiQueryMemoryBasicInformation(), MiQueryMemorySectionName(), MmCreateArm3Section(), MmCreateCacheSection(), MmCreateDataFileSection(), MmCreateImageSection(), MmCreatePageFileSection(), MmCreatePhysicalMemorySection(), MmCreateSection(), MmFinalizeSegment(), MmGetFileNameForAddress(), MmLoadSystemImage(), MmPageOutPhysicalAddress(), MmpDeleteSection(), MmpPageOutPhysicalAddress(), MmQuitNextSession(), MmShutdownSystem(), MmUnloadSystemImage(), MmUnmapViewOfSegment(), mount_vol(), MountMgrNotifyNameChange(), MountMgrVolumeMountPointChanged(), MupCloseUncProvider(), MupDereferenceCcb(), nfs41_DeleteConnection(), NpCancelWaiter(), NpCancelWaitQueueIrp(), NpDeleteEventTableEntry(), NpFreeClientSecurityContext(), NpTimerDispatch(), NtAcceptConnectPort(), NtAccessCheck(), NtAdjustPrivilegesToken(), NtAlertResumeThread(), NtAlertThread(), NtAllocateVirtualMemory(), NtAssignProcessToJobObject(), NtCancelIoFile(), NtClearEvent(), NtCompareTokens(), NtCompleteConnectPort(), NtCreateJobObject(), NtCreatePagingFile(), NtCreateProfile(), NtCreateSymbolicLinkObject(), NtDebugActiveProcess(), NtDebugContinue(), NtDeleteKey(), NtDeleteValueKey(), NtDuplicateObject(), NtDuplicateToken(), NtEnumerateKey(), NtEnumerateValueKey(), NtExtendSection(), NtFlushBuffersFile(), NtFlushInstructionCache(), NtFlushKey(), NtFlushVirtualMemory(), NtFreeVirtualMemory(), NtfsFCBInitializeCache(), NtGetContextThread(), NtGetWriteWatch(), NtImpersonateClientOfPort(), NtImpersonateThread(), NtIsProcessInJob(), NtLoadKeyEx(), NtLockFile(), NtLockVirtualMemory(), NtMakePermanentObject(), NtMakeTemporaryObject(), NtMapViewOfSection(), NtNotifyChangeDirectoryFile(), NtOpenObjectAuditAlarm(), NtOpenProcess(), NtOpenProcessTokenEx(), NtOpenThread(), NtOpenThreadTokenEx(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtProtectVirtualMemory(), NtPulseEvent(), NtQueryDirectoryFile(), NtQueryDirectoryObject(), NtQueryEvent(), NtQueryInformationFile(), NtQueryInformationJobObject(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIoCompletion(), NtQueryKey(), NtQueryMutant(), NtQueryObject(), NtQueryOpenSubKeys(), NtQuerySection(), NtQuerySecurityObject(), NtQuerySemaphore(), NtQuerySymbolicLinkObject(), NtQueryTimer(), NtQueryValueKey(), NtQueryVolumeInformationFile(), NtQueueApcThreadEx(), NtReadFile(), NtReadVirtualMemory(), NtRegisterThreadTerminatePort(), NtReleaseMutant(), NtReleaseSemaphore(), NtRemoveIoCompletion(), NtRemoveProcessDebug(), NtReplyPort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), NtResetEvent(), NtResetWriteWatch(), NtResumeProcess(), NtResumeThread(), NtSaveKeyEx(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSetContextThread(), NtSetEvent(), NtSetEventBoostPriority(), NtSetHighEventPair(), NtSetHighWaitLowEventPair(), NtSetInformationDebugObject(), NtSetInformationFile(), NtSetInformationJobObject(), NtSetInformationObject(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), NtSetIoCompletion(), NtSetLowEventPair(), NtSetLowWaitHighEventPair(), NtSetSecurityObject(), NtSetValueKey(), NtSetVolumeInformationFile(), NtSignalAndWaitForSingleObject(), NtStartProfile(), NtStopProfile(), NtSuspendProcess(), NtSuspendThread(), NtTerminateJobObject(), NtTerminateProcess(), NtTerminateThread(), NtUnloadKey2(), NtUnlockFile(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtUserBuildHwndList(), NtUserChangeClipboardChain(), NtUserCloseDesktop(), NtUserCloseWindowStation(), NtUserConsoleControl(), NtUserCountClipboardFormats(), NtUserGetClipboardData(), NtUserGetClipboardOwner(), NtUserGetClipboardSequenceNumber(), NtUserGetClipboardViewer(), NtUserGetGuiResources(), NtUserGetObjectInformation(), NtUserGetOpenClipboardWindow(), NtUserGetPriorityClipboardFormat(), NtUserGetThreadDesktop(), NtUserIsClipboardFormatAvailable(), NtUserLockWindowStation(), NtUserPostThreadMessage(), NtUserProcessConnect(), NtUserQueryInformationThread(), NtUserResolveDesktop(), NtUserSetClipboardViewer(), NtUserSetInformationThread(), NtUserSetShellWindowEx(), NtUserSetWindowsHookEx(), NtUserSetWindowStationUser(), NtUserSetWinEventHook(), NtUserSwitchDesktop(), NtUserUnlockWindowStation(), NtUserWaitForInputIdle(), NtWaitForDebugEvent(), NtWaitForMultipleObjects(), NtWaitForSingleObject(), NtWaitHighEventPair(), NtWaitLowEventPair(), NtWriteFile(), NtWriteVirtualMemory(), ObDuplicateObject(), ObFastDereferenceObject(), ObfDereferenceDeviceMap(), ObInsertObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObpCloseHandleTableEntry(), ObpCreateHandle(), ObpDeleteNameCheck(), ObpDuplicateHandleCallback(), ObpLookupEntryDirectory(), ObpLookupObjectName(), ObpProcessDosDeviceSymbolicLink(), ObpReferenceDeviceMap(), ObpReleaseLookupContextObject(), ObpSetCurrentProcessDeviceMap(), ObSetDeviceMap(), ObSetDirectoryDeviceMap(), ObtClose(), PageFileBehaviorChecks(), PatchKeyboardDriver(), PciGetDeviceCapabilities(), PciQueryForPciBusInterface(), PciSendIoctl(), Pin_fnDeviceIoControl(), Pin_fnWrite(), PopAddRemoveSysCapsCallback(), PopProcessShutDownLists(), PopQuerySystemPowerStateTraverse(), PopRequestPowerIrpCompletion(), PopSetSystemPowerState(), PopSetSystemPowerStateTraverse(), PoRequestPowerIrp(), PoRequestShutdownWait(), probe_volume(), PsAssignImpersonationToken(), PsDereferenceImpersonationToken(), PsDereferencePrimaryToken(), PsGetNextProcess(), PsGetNextProcessThread(), PsOpenTokenOfProcess(), PspAssignPrimaryToken(), PspCreateProcess(), PspCreateThread(), PspDeleteJob(), PspDeleteProcess(), PspDeleteThread(), PspDeleteThreadSecurity(), PspExitProcess(), PspExitThread(), PspReapRoutine(), PspSetPrimaryToken(), PspSetQuotaLimits(), PsRestoreImpersonation(), PsRevertThreadToSelf(), QSI_DEF(), QueryDeviceInformation(), QuerySuggestedLinkName(), RawCheckForDismount(), RawInputThreadMain(), RawMountVolume(), RawUnload(), read_registry(), ReconcileThisDatabaseWithMasterWorker(), RegisterForTargetDeviceNotification(), remove_volume_child(), ReportToMountMgr(), ResetCsrApiPort(), ResetCsrProcess(), RfsdFloppyFlush(), RfsdFreeVcb(), RfsdInvalidateVolumes(), RxpWorkerThreadDispatcher(), RxUnregisterMinirdr(), ScsiClassClaimDevice(), SearchForLegacyDrivers(), SeCreateClientSecurity(), SeCreateClientSecurityFromSubjectContext(), SeDeassignPrimaryToken(), SeLocateProcessImageName(), send_subvol(), SendLinkCreated(), SendLinkDeleted(), SendOnlineNotification(), SepAccessCheckAndAuditAlarm(), SepCleanupLUIDDeviceMapDirectory(), SepCreateToken(), SepDuplicateToken(), START_TEST(), still_has_superblock(), SysAudio_Shutdown(), SystemProcessTest(), TdiCloseDevice(), TestCreateSection(), TestEventConcurrent(), TestIoCreateFile(), TestIoVolumeDeviceToDosName(), TestLowerDeviceKernelAPI(), TestObjectTypes(), TestObRootSecurity(), TestPhysicalMemorySection(), TestProviderInfo(), TestReference(), TestSharedCacheMap(), TestSymlinks(), TestTcpConnect(), UDFCheckOtherFSByName(), UDFCommonDeviceControl(), UDFInvalidateVolumes(), uninit(), Unload(), UnlockHandles(), USBH_FdoQueryBusRelations(), USBPORT_IsCompanionController(), USBPORT_QueryPciBusInterface(), UserClipboardFreeWindow(), UserClipboardRelease(), UserCloseClipboard(), UserCreateHeap(), UserCreateMenu(), UserDeleteW32Process(), UserDeleteW32Thread(), UserEmptyClipboard(), UserEnumClipboardFormats(), UserGetShellWindow(), UserOpenClipboard(), UserSetClipboardData(), UserSetProcessWindowStation(), VerifyEventWaitable(), VfatCheckForDismount(), VfatCleanupFile(), VfatCommonCloseFile(), vfatFCBInitializeCacheFromVolume(), VfatMount(), vfatReleaseFCB(), VfatSetRenameInformation(), VfdCreateDevice(), VfdDeleteDevice(), VfdOpenImage(), ViDeleteDevice(), ViEjectMedia(), volume_arrival(), WdmAudCloseAllMixers(), WdmAudControlCloseMixer(), WdmAudControlDeviceState(), WdmAudControlOpenMixer(), WdmAudFrameSize(), WdmAudResetStream(), WmipOpenGuidForEvents(), WmipOpenGuidObject(), and WmipRegisterGuids().

◆ ObDereferenceObjectDeferDelete()

VOID NTAPI ObDereferenceObjectDeferDelete ( IN PVOID Object )

Definition at line 360 of file obref.c.

 {
     POBJECT_HEADER Header = OBJECT_TO_OBJECT_HEADER(Object);
 
     /* Check whether the object can now be deleted. */
     if (!InterlockedDecrementSizeT(&Header->PointerCount))
     {
         /* Add us to the deferred deletion list */
         ObpDeferObjectDeletion(Header);
     }
 }

Referenced by CmpDoCreateChild(), CmpFlushNotifiesOnKeyBodyList(), IopCompleteRequest(), and ObpDereferenceNameInfo().

◆ ObDereferenceObjectEx()

LONG FASTCALL ObDereferenceObjectEx	(	IN PVOID	Object,
		IN LONG	Count
	)

Definition at line 90 of file obref.c.

 {
     POBJECT_HEADER Header;
     LONG_PTR NewCount;
 
     /* Extract the object header */
     Header = OBJECT_TO_OBJECT_HEADER(Object);
 
     /* Check whether the object can now be deleted. */
     NewCount = InterlockedExchangeAddSizeT(&Header->PointerCount, -Count) - Count;
     if (!NewCount) ObpDeferObjectDeletion(Header);
 
     /* Return the current count */
     return NewCount;
 }

Referenced by ExpTimerApcKernelRoutine(), ExTimerRundown(), NtCancelTimer(), NtSetTimer(), ObFastReferenceObject(), ObFastReplaceObject(), and PspCreateThread().

◆ ObFastDereferenceObject()

VOID FASTCALL ObFastDereferenceObject	(	IN PEX_FAST_REF	FastRef,
		IN PVOID	Object
	)

Definition at line 169 of file obref.c.

 {
     /* Release a fast reference. If this failed, use the slow path */
     if (!ExReleaseFastReference(FastRef, Object)) ObDereferenceObject(Object);
 }

Referenced by NtOpenThreadTokenEx(), PspCreateProcess(), PspCreateThread(), PspExitThread(), PspInitializeProcessSecurity(), PspSetPrimaryToken(), SeIsTokenChild(), SeIsTokenSibling(), and SeReleaseSubjectContext().

◆ ObFastReferenceObject()

PVOID FASTCALL ObFastReferenceObject ( IN PEX_FAST_REF FastRef )

Definition at line 134 of file obref.c.

 {
     EX_FAST_REF OldValue;
     ULONG_PTR Count;
     PVOID Object;
 
     /* Reference the object and get it pointer */
     OldValue = ExAcquireFastReference(FastRef);
     Object = ExGetObjectFastReference(OldValue);
 
     /* Check how many references are left */
     Count = ExGetCountFastReference(OldValue);
 
     /* Check if the reference count is over 1 */
     if (Count > 1) return Object;
 
     /* Check if the reference count has reached 0 */
     if (!Count) return NULL;
 
     /* Otherwise, reference the object 7 times */
     ObReferenceObjectEx(Object, MAX_FAST_REFS);
 
     /* Now update the reference count */
     if (!ExInsertFastReference(FastRef, Object))
     {
         /* We failed: completely dereference the object */
         ObDereferenceObjectEx(Object, MAX_FAST_REFS);
     }
 
     /* Return the Object */
     return Object;
 }

Referenced by PsReferenceEffectiveToken(), and PsReferencePrimaryToken().

◆ ObFastReferenceObjectLocked()

PVOID FASTCALL ObFastReferenceObjectLocked ( IN PEX_FAST_REF FastRef )

Definition at line 121 of file obref.c.

 {
     PVOID Object;
     EX_FAST_REF OldValue = *FastRef;
 
     /* Get the object and reference it slowly */
     Object = ExGetObjectFastReference(OldValue);
     if (Object) ObReferenceObject(Object);
     return Object;
 }

Referenced by PsReferenceEffectiveToken(), and PsReferencePrimaryToken().

◆ ObFastReplaceObject()

PVOID FASTCALL ObFastReplaceObject	(	IN PEX_FAST_REF	FastRef,
		PVOID	Object
	)

Definition at line 178 of file obref.c.

 {
     EX_FAST_REF OldValue;
     PVOID OldObject;
     ULONG Count;
 
     /* Check if we were given an object and reference it 7 times */
     if (Object) ObReferenceObjectEx(Object, MAX_FAST_REFS);
 
     /* Do the swap */
     OldValue = ExSwapFastReference(FastRef, Object);
     OldObject = ExGetObjectFastReference(OldValue);
 
     /* Check if we had an active object and dereference it */
     Count = ExGetCountFastReference(OldValue);
     if ((OldObject) && (Count)) ObDereferenceObjectEx(OldObject, Count);
 
     /* Return the old object */
     return OldObject;
 }

◆ ObfDereferenceObject()

LONG_PTR FASTCALL ObfDereferenceObject ( IN PVOID Object )

Definition at line 320 of file obref.c.

 {
     POBJECT_HEADER Header;
     LONG_PTR NewCount;
 
     /* Extract the object header */
     Header = OBJECT_TO_OBJECT_HEADER(Object);
 
     if (Header->PointerCount < Header->HandleCount)
     {
         DPRINT1("Misbehaving object: %wZ\n", &Header->Type->Name);
         return Header->PointerCount;
     }
 
     /* Check whether the object can now be deleted. */
     NewCount = InterlockedDecrementSizeT(&Header->PointerCount);
     if (!NewCount)
     {
         /* Sanity check */
         ASSERT(Header->HandleCount == 0);
 
         /* Check if APCs are still active */
         if (!KeAreAllApcsDisabled())
         {
             /* Remove the object */
             ObpDeleteObject(Object, FALSE);
         }
         else
         {
             /* Add us to the deferred deletion list */
             ObpDeferObjectDeletion(Header);
         }
     }
 
     /* Return the new count */
     return NewCount;
 }

Referenced by ObDereferenceObject().

◆ ObfReferenceObject()

LONG_PTR FASTCALL ObfReferenceObject ( IN PVOID Object )

Definition at line 310 of file obref.c.

 {
     ASSERT(Object);
 
     /* Get the header and increment the reference count */
     return InterlockedIncrementSizeT(&OBJECT_TO_OBJECT_HEADER(Object)->PointerCount);
 }

◆ ObInitializeFastReference()

VOID FASTCALL ObInitializeFastReference	(	IN PEX_FAST_REF	FastRef,
		IN PVOID Object	OPTIONAL
	)

Definition at line 109 of file obref.c.

 {
     /* Check if we were given an object and reference it 7 times */
     if (Object) ObReferenceObjectEx(Object, MAX_FAST_REFS);
 
     /* Setup the fast reference */
     ExInitializeFastReference(FastRef, Object);
 }

Referenced by PspInitializeProcessSecurity(), SeAssignPrimaryToken(), and SepInitializationPhase0().

◆ ObpDeferObjectDeletion()

VOID NTAPI ObpDeferObjectDeletion ( IN POBJECT_HEADER Header )

Definition at line 55 of file obref.c.

 {
     PVOID Entry;
 
     /* Loop while trying to update the list */
     do
     {
         /* Get the current entry */
         Entry = ObpReaperList;
 
         /* Link our object to the list */
         Header->NextToFree = Entry;
 
         /* Update the list */
     } while (InterlockedCompareExchangePointer(&ObpReaperList,
                                                Header,
                                                Entry) != Entry);
 
     /* Queue the work item if needed */
     if (!Entry) ExQueueWorkItem(&ObpReaperWorkItem, CriticalWorkQueue);
 }

Referenced by ObDereferenceObjectDeferDelete(), ObDereferenceObjectEx(), and ObfDereferenceObject().

◆ ObReferenceFileObjectForWrite()

NTSTATUS NTAPI ObReferenceFileObjectForWrite	(	IN HANDLE	Handle,
		IN KPROCESSOR_MODE	AccessMode,
		OUT PFILE_OBJECT *	FileObject,
		OUT POBJECT_HANDLE_INFORMATION	HandleInformation
	)

Definition at line 202 of file obref.c.

 {
     NTSTATUS Status;
     PHANDLE_TABLE HandleTable;
     POBJECT_HEADER ObjectHeader;
     PHANDLE_TABLE_ENTRY HandleEntry;
     ACCESS_MASK GrantedAccess, DesiredAccess;
 
     /* Assume failure */
     *FileObject = NULL;
 
     /* Check if this is a special handle */
     if (HandleToLong(Handle) < 0)
     {
         /* Make sure we have a valid kernel handle */
         if (AccessMode != KernelMode || Handle == NtCurrentProcess() || Handle == NtCurrentThread())
         {
             return STATUS_INVALID_HANDLE;
         }
 
         /* Use the kernel handle table and get the actual handle value */
         Handle = ObKernelHandleToHandle(Handle);
         HandleTable = ObpKernelHandleTable;
     }
     else
     {
         /* Otherwise use this process's handle table */
         HandleTable = PsGetCurrentProcess()->ObjectTable;
     }
 
     ASSERT(HandleTable != NULL);
     KeEnterCriticalRegion();
 
     /* Get the handle entry */
     HandleEntry = ExMapHandleToPointer(HandleTable, Handle);
     if (HandleEntry)
     {
         /* Get the object header and validate the type*/
         ObjectHeader = ObpGetHandleObject(HandleEntry);
 
         /* Get the desired access from the file object */
         if (!NT_SUCCESS(IoComputeDesiredAccessFileObject((PFILE_OBJECT)&ObjectHeader->Body,
                         &DesiredAccess)))
         {
             Status = STATUS_OBJECT_TYPE_MISMATCH;
         }
         else
         {
             /* Extract the granted access from the handle entry */
             if (BooleanFlagOn(NtGlobalFlag, FLG_KERNEL_STACK_TRACE_DB))
             {
                 /* FIXME: Translate granted access */
                 GrantedAccess = HandleEntry->GrantedAccess;
             }
             else
             {
                 GrantedAccess = HandleEntry->GrantedAccess & ~ObpAccessProtectCloseBit;
             }
 
             /* FIXME: Get handle information for audit */
 
             HandleInformation->GrantedAccess = GrantedAccess;
 
             /* FIXME: Get handle attributes */
             HandleInformation->HandleAttributes = 0;
 
             /* Do granted and desired access match? */
             if (GrantedAccess & DesiredAccess)
             {
                 /* FIXME: Audit access if required */
 
                 /* Reference the object directly since we have its header */
                 InterlockedIncrementSizeT(&ObjectHeader->PointerCount);
 
                 /* Unlock the handle */
                 ExUnlockHandleTableEntry(HandleTable, HandleEntry);
                 KeLeaveCriticalRegion();
 
                 *FileObject = (PFILE_OBJECT)&ObjectHeader->Body;
 
                 /* Return success */
                 ASSERT(*FileObject != NULL);
                 return STATUS_SUCCESS;
             }
 
             /* No match, deny write access */
             Status = STATUS_ACCESS_DENIED;
 
             ExUnlockHandleTableEntry(HandleTable, HandleEntry);
         }
     }
     else
     {
         Status = STATUS_INVALID_HANDLE;
     }
 
     /* Return failure status */
     KeLeaveCriticalRegion();
     return Status;
 }

Referenced by NtWriteFile().

◆ ObReferenceObjectByHandle()

NTSTATUS NTAPI ObReferenceObjectByHandle	(	IN HANDLE	Handle,
		IN ACCESS_MASK	DesiredAccess,
		IN POBJECT_TYPE	ObjectType,
		IN KPROCESSOR_MODE	AccessMode,
		OUT PVOID *	Object,
		OUT POBJECT_HANDLE_INFORMATION HandleInformation	OPTIONAL
	)

Definition at line 496 of file obref.c.

 {
     PHANDLE_TABLE_ENTRY HandleEntry;
     POBJECT_HEADER ObjectHeader;
     ACCESS_MASK GrantedAccess;
     ULONG Attributes;
     PEPROCESS CurrentProcess;
     PVOID HandleTable;
     PETHREAD CurrentThread;
     NTSTATUS Status;
     PAGED_CODE();
 
     /* Assume failure */
     *Object = NULL;
 
     /* Check if this is a special handle */
     if (HandleToLong(Handle) < 0)
     {
         /* Check if this is the current process */
         if (Handle == NtCurrentProcess())
         {
             /* Check if this is the right object type */
             if ((ObjectType == PsProcessType) || !(ObjectType))
             {
                 /* Get the current process and granted access */
                 CurrentProcess = PsGetCurrentProcess();
                 GrantedAccess = CurrentProcess->GrantedAccess;
 
                 /* Validate access */
                 /* ~GrantedAccess = RefusedAccess.*/
                 /* ~GrantedAccess & DesiredAccess = list of refused bits. */
                 /* !(~GrantedAccess & DesiredAccess) == TRUE means ALL requested rights are granted */
                 if ((AccessMode == KernelMode) ||
                     !(~GrantedAccess & DesiredAccess))
                 {
                     /* Check if the caller wanted handle information */
                     if (HandleInformation)
                     {
                         /* Return it */
                         HandleInformation->HandleAttributes = 0;
                         HandleInformation->GrantedAccess = GrantedAccess;
                     }
 
                     /* Reference ourselves */
                     ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentProcess);
                     InterlockedExchangeAddSizeT(&ObjectHeader->PointerCount, 1);
 
                     /* Return the pointer */
                     *Object = CurrentProcess;
                     ASSERT(*Object != NULL);
                     Status = STATUS_SUCCESS;
                 }
                 else
                 {
                     /* Access denied */
                     Status = STATUS_ACCESS_DENIED;
                 }
             }
             else
             {
                 /* The caller used this special handle value with a non-process type */
                 Status = STATUS_OBJECT_TYPE_MISMATCH;
             }
 
             /* Return the status */
             return Status;
         }
         else if (Handle == NtCurrentThread())
         {
             /* Check if this is the right object type */
             if ((ObjectType == PsThreadType) || !(ObjectType))
             {
                 /* Get the current process and granted access */
                 CurrentThread = PsGetCurrentThread();
                 GrantedAccess = CurrentThread->GrantedAccess;
 
                 /* Validate access */
                 /* ~GrantedAccess = RefusedAccess.*/
                 /* ~GrantedAccess & DesiredAccess = list of refused bits. */
                 /* !(~GrantedAccess & DesiredAccess) == TRUE means ALL requested rights are granted */
                 if ((AccessMode == KernelMode) ||
                     !(~GrantedAccess & DesiredAccess))
                 {
                     /* Check if the caller wanted handle information */
                     if (HandleInformation)
                     {
                         /* Return it */
                         HandleInformation->HandleAttributes = 0;
                         HandleInformation->GrantedAccess = GrantedAccess;
                     }
 
                     /* Reference ourselves */
                     ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentThread);
                     InterlockedExchangeAddSizeT(&ObjectHeader->PointerCount, 1);
 
                     /* Return the pointer */
                     *Object = CurrentThread;
                     ASSERT(*Object != NULL);
                     Status = STATUS_SUCCESS;
                 }
                 else
                 {
                     /* Access denied */
                     Status = STATUS_ACCESS_DENIED;
                 }
             }
             else
             {
                 /* The caller used this special handle value with a non-process type */
                 Status = STATUS_OBJECT_TYPE_MISMATCH;
             }
 
             /* Return the status */
             return Status;
         }
         else if (AccessMode == KernelMode)
         {
             /* Use the kernel handle table and get the actual handle value */
             Handle = ObKernelHandleToHandle(Handle);
             HandleTable = ObpKernelHandleTable;
         }
         else
         {
             /* Invalid access, fail */
             return STATUS_INVALID_HANDLE;
         }
     }
     else
     {
         /* Otherwise use this process's handle table */
         HandleTable = PsGetCurrentProcess()->ObjectTable;
     }
 
     /* Enter a critical region while we touch the handle table */
     ASSERT(HandleTable != NULL);
     KeEnterCriticalRegion();
 
     /* Get the handle entry */
     HandleEntry = ExMapHandleToPointer(HandleTable, Handle);
     if (HandleEntry)
     {
         /* Get the object header and validate the type*/
         ObjectHeader = ObpGetHandleObject(HandleEntry);
         if (!(ObjectType) || (ObjectType == ObjectHeader->Type))
         {
             /* Get the granted access and validate it */
             GrantedAccess = HandleEntry->GrantedAccess;
 
             /* Validate access */
             /* ~GrantedAccess = RefusedAccess.*/
             /* ~GrantedAccess & DesiredAccess = list of refused bits. */
             /* !(~GrantedAccess & DesiredAccess) == TRUE means ALL requested rights are granted */
             if ((AccessMode == KernelMode) ||
                 !(~GrantedAccess & DesiredAccess))
             {
                 /* Reference the object directly since we have its header */
                 InterlockedIncrementSizeT(&ObjectHeader->PointerCount);
 
                 /* Mask out the internal attributes */
                 Attributes = HandleEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES;
 
                 /* Check if the caller wants handle information */
                 if (HandleInformation)
                 {
                     /* Fill out the information */
                     HandleInformation->HandleAttributes = Attributes;
                     HandleInformation->GrantedAccess = GrantedAccess;
                 }
 
                 /* Return the pointer */
                 *Object = &ObjectHeader->Body;
 
                 /* Unlock the handle */
                 ExUnlockHandleTableEntry(HandleTable, HandleEntry);
                 KeLeaveCriticalRegion();
 
                 /* Return success */
                 ASSERT(*Object != NULL);
                 return STATUS_SUCCESS;
             }
             else
             {
                 /* Requested access failed */
                 DPRINT("Rights not granted: %x\n", ~GrantedAccess & DesiredAccess);
                 Status = STATUS_ACCESS_DENIED;
             }
         }
         else
         {
             /* Invalid object type */
             Status = STATUS_OBJECT_TYPE_MISMATCH;
         }
 
         /* Unlock the entry */
         ExUnlockHandleTableEntry(HandleTable, HandleEntry);
     }
     else
     {
         /* Invalid handle */
         Status = STATUS_INVALID_HANDLE;
     }
 
     /* Return failure status */
     KeLeaveCriticalRegion();
     *Object = NULL;
     return Status;
 }

Referenced by _IRQL_requires_max_(), _Success_(), add_device(), AdvancedErrorChecks(), AfdAccept(), AfdEnumEvents(), AfdEventSelect(), BasicBehaviorChecks(), BehaviorChecks(), BroadcastOpen(), CmGetSystemDriverList(), CmpConvertHandleToKernelHandle(), CmpCreateEvent(), CmpCreateRegistryRoot(), CmpIsHiveAlreadyLoaded(), CmpLinkHiveToMaster(), CompBattGetDeviceObjectPointer(), Control(), create_snapshot(), CreateGreenFdo(), CreateMixerPinAndSetFormat(), DispTdiAssociateAddress(), DriverEntry(), duplicate_extents(), EngMapEvent(), ExCreateCallback(), ExpCreateWorkerThread(), ExpInitializeWorkerThreads(), ExpInitNls(), Ext2InvalidateVolumes(), FFSInvalidateVolumes(), FsRtlTest_OpenTestDirectory(), FsRtlTest_OpenTestFile(), GetObjectType(), IKsPin_PinMasterClock(), InitCsrApiPort(), InitThreadCallback(), IntCreateDesktop(), IntGdiAddFontResourceEx(), IntResolveDesktop(), IntValidateDesktopHandle(), IntValidateWindowStationHandle(), invalidate_volumes(), IopCreateDriver(), IopCreateEvent(), IopDeviceFsIoControl(), IopGetDeviceObjectPointer(), IopMarkBootPartition(), IopOpenLinkOrRenameTarget(), KdbpSymLoadModuleSymbols(), KernelModeTest(), KmtStartThread(), KspEnableEvent(), LockHandles(), LpcpCopyRequestData(), MiCreateMemoryEvent(), MiQueryMemoryBasicInformation(), MiQueryMemorySectionName(), MmCreateArm3Section(), MmCreateSection(), MmLoadSystemImage(), MountMgrVolumeMountPointChanged(), nfs41_DeleteConnection(), NtAccessCheck(), NtAdjustPrivilegesToken(), NtAlertResumeThread(), NtAlertThread(), NtAllocateVirtualMemory(), NtAssignProcessToJobObject(), NtCancelIoFile(), NtCancelTimer(), NtClearEvent(), NtCompareTokens(), NtCompleteConnectPort(), NtCreatePagingFile(), NtCreateProfile(), NtDebugActiveProcess(), NtDebugContinue(), NtDeleteKey(), NtDeleteValueKey(), NtDuplicateObject(), NtDuplicateToken(), NtEnumerateKey(), NtEnumerateValueKey(), NtExtendSection(), NtFlushBuffersFile(), NtFlushInstructionCache(), NtFlushKey(), NtFlushVirtualMemory(), NtFreeVirtualMemory(), NtGetContextThread(), NtGetWriteWatch(), NtImpersonateClientOfPort(), NtImpersonateThread(), NtIsProcessInJob(), NtLoadKeyEx(), NtLockFile(), NtLockVirtualMemory(), NtMakePermanentObject(), NtMakeTemporaryObject(), NtMapViewOfSection(), NtNotifyChangeDirectoryFile(), NtOpenObjectAuditAlarm(), NtOpenThreadTokenEx(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtProtectVirtualMemory(), NtPulseEvent(), NtQueryDirectoryFile(), NtQueryDirectoryObject(), NtQueryEvent(), NtQueryInformationFile(), NtQueryInformationJobObject(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIoCompletion(), NtQueryKey(), NtQueryMutant(), NtQueryObject(), NtQueryOpenSubKeys(), NtQuerySection(), NtQuerySecurityObject(), NtQuerySemaphore(), NtQuerySymbolicLinkObject(), NtQueryTimer(), NtQueryValueKey(), NtQueryVolumeInformationFile(), NtQueueApcThreadEx(), NtReadFile(), NtReadVirtualMemory(), NtRegisterThreadTerminatePort(), NtReleaseMutant(), NtReleaseSemaphore(), NtRemoveIoCompletion(), NtRemoveProcessDebug(), NtReplyPort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), NtResetEvent(), NtResetWriteWatch(), NtResumeProcess(), NtResumeThread(), NtSaveKeyEx(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSetContextThread(), NtSetDefaultHardErrorPort(), NtSetEvent(), NtSetEventBoostPriority(), NtSetHighEventPair(), NtSetHighWaitLowEventPair(), NtSetInformationDebugObject(), NtSetInformationFile(), NtSetInformationJobObject(), NtSetInformationObject(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), NtSetIoCompletion(), NtSetLowEventPair(), NtSetLowWaitHighEventPair(), NtSetSecurityObject(), NtSetTimer(), NtSetValueKey(), NtSetVolumeInformationFile(), NtSignalAndWaitForSingleObject(), NtStartProfile(), NtStopProfile(), NtSuspendProcess(), NtSuspendThread(), NtTerminateJobObject(), NtTerminateProcess(), NtTerminateThread(), NtUnloadKey2(), NtUnlockFile(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtUserConsoleControl(), NtUserGetGuiResources(), NtUserGetObjectInformation(), NtUserGetThreadDesktop(), NtUserProcessConnect(), NtUserQueryInformationThread(), NtUserResolveDesktop(), NtUserSetInformationThread(), NtUserWaitForInputIdle(), NtWaitForDebugEvent(), NtWaitForSingleObject(), NtWaitHighEventPair(), NtWaitLowEventPair(), NtWriteFile(), NtWriteVirtualMemory(), ObInitSystem(), ObpLookupObjectName(), ObSetDeviceMap(), ObSetDirectoryDeviceMap(), ObtCreateObjectTypes(), OpenDevice(), OpenInputDevice(), PageFileBehaviorChecks(), Pin_fnDeviceIoControl(), Pin_fnWrite(), PopAddRemoveSysCapsCallback(), PsAssignImpersonationToken(), PsLocateSystemDll(), PsOpenTokenOfProcess(), PspAssignPrimaryToken(), PspCreateProcess(), PspCreateThread(), PspInitPhase0(), PspSetPrimaryToken(), RegisterUncProvider(), RfsdInvalidateVolumes(), send_subvol(), SepAccessCheckAndAuditAlarm(), START_TEST(), StartThread(), SystemProcessTest(), TdiOpenDevice(), TdiUnload(), TestEventConcurrent(), TestIoCreateFile(), TestObRootSecurity(), TestProviderInfo(), TestReference(), TestSharedCacheMap(), TestSymlinks(), TestTcpConnect(), UDFCommonDeviceControl(), UDFInvalidateVolumes(), UserSetProcessWindowStation(), VerifyEventWaitable(), VfatSetRenameInformation(), VfdCreateDevice(), VfdOpenImage(), ViMountImage(), WdmAudControlDeviceState(), WdmAudControlOpenMixer(), WdmAudFrameSize(), WdmAudOpenSysAudioDevices(), WdmAudReadWrite(), and WdmAudResetStream().

◆ ObReferenceObjectByName()

NTSTATUS NTAPI ObReferenceObjectByName	(	IN PUNICODE_STRING	ObjectPath,
		IN ULONG	Attributes,
		IN PACCESS_STATE	PassedAccessState,
		IN ACCESS_MASK	DesiredAccess,
		IN POBJECT_TYPE	ObjectType,
		IN KPROCESSOR_MODE	AccessMode,
		IN OUT PVOID	ParseContext,
		OUT PVOID *	ObjectPtr
	)

Definition at line 411 of file obref.c.

 {
     PVOID Object = NULL;
     UNICODE_STRING ObjectName;
     NTSTATUS Status;
     OBP_LOOKUP_CONTEXT Context;
     AUX_ACCESS_DATA AuxData;
     ACCESS_STATE AccessState;
     PAGED_CODE();
 
     /* Fail quickly */
     if (!ObjectPath) return STATUS_OBJECT_NAME_INVALID;
 
     /* Capture the name */
     Status = ObpCaptureObjectName(&ObjectName, ObjectPath, AccessMode, TRUE);
     if (!NT_SUCCESS(Status)) return Status;
 
     /* We also need a valid name after capture */
     if (!ObjectName.Length) return STATUS_OBJECT_NAME_INVALID;
 
     /* Check if we didn't get an access state */
     if (!PassedAccessState)
     {
         /* Use our built-in access state */
         PassedAccessState = &AccessState;
         Status = SeCreateAccessState(&AccessState,
                                      &AuxData,
                                      DesiredAccess,
                                      &ObjectType->TypeInfo.GenericMapping);
         if (!NT_SUCCESS(Status)) goto Quickie;
     }
 
     /* Find the object */
     *ObjectPtr = NULL;
     Status = ObpLookupObjectName(NULL,
                                  &ObjectName,
                                  Attributes,
                                  ObjectType,
                                  AccessMode,
                                  ParseContext,
                                  NULL,
                                  NULL,
                                  PassedAccessState,
                                  &Context,
                                  &Object);
 
     /* Cleanup after lookup */
     ObpReleaseLookupContext(&Context);
 
     /* Check if the lookup succeeded */
     if (NT_SUCCESS(Status))
     {
         /* Check if access is allowed */
         if (ObpCheckObjectReference(Object,
                                     PassedAccessState,
                                     FALSE,
                                     AccessMode,
                                     &Status))
         {
             /* Return the object */
             *ObjectPtr = Object;
         }
     }
 
     /* Free the access state */
     if (PassedAccessState == &AccessState)
     {
         SeDeleteAccessState(PassedAccessState);
     }
 
 Quickie:
     /* Free the captured name if we had one, and return status */
     ObpFreeObjectNameBuffer(&ObjectName);
     return Status;
 }

Referenced by CreateClientPort(), IopGetDriverObject(), IopGetDriverPathInformation(), IopUnloadDriver(), NtSecureConnectPort(), ObtClose(), and TestReference().

◆ ObReferenceObjectByPointer()

NTSTATUS NTAPI ObReferenceObjectByPointer	(	IN PVOID	Object,
		IN ACCESS_MASK	DesiredAccess,
		IN POBJECT_TYPE	ObjectType,
		IN KPROCESSOR_MODE	AccessMode
	)

Definition at line 383 of file obref.c.

 {
     POBJECT_HEADER Header;
 
     /* Get the header */
     Header = OBJECT_TO_OBJECT_HEADER(Object);
 
     /*
      * Validate object type if the call is for UserMode.
      * NOTE: Unless it's a symbolic link (Caz Yokoyama [MSFT])
      */
     if ((Header->Type != ObjectType) && ((AccessMode != KernelMode) ||
         (ObjectType == ObpSymbolicLinkObjectType)))
     {
         /* Invalid type */
         return STATUS_OBJECT_TYPE_MISMATCH;
     }
 
     /* Increment the reference count and return success */
     InterlockedIncrementSizeT(&Header->PointerCount);
     return STATUS_SUCCESS;
 }

Referenced by CcRosInitializeFileCache(), ClassRetrieveDeviceRelations(), co_UserCreateWindowEx(), DriverEntry(), HalpDmaAllocateChildAdapter(), IoWMIQueryAllData(), MmPageOutPhysicalAddress(), ObOpenObjectByPointer(), ObpLookupObjectName(), ObpParseSymbolicLink(), RxpWorkerThreadDispatcher(), RxSpinUpRequestsDispatcher(), ScsiClassClaimDevice(), and TestReference().

◆ ObReferenceObjectEx()

LONG FASTCALL ObReferenceObjectEx	(	IN PVOID	Object,
		IN LONG	Count
	)

Definition at line 79 of file obref.c.

 {
     /* Increment the reference count and return the count now */
     return InterlockedExchangeAddSizeT(&OBJECT_TO_OBJECT_HEADER(Object)->
                                        PointerCount,
                                        Count) + Count;
 }

Referenced by ObFastReferenceObject(), ObFastReplaceObject(), ObInitializeFastReference(), and PspCreateThread().

◆ ObReferenceObjectSafe()

BOOLEAN FASTCALL ObReferenceObjectSafe ( IN PVOID Object )

Definition at line 24 of file obref.c.

 {
     POBJECT_HEADER ObjectHeader;
     LONG_PTR OldValue, NewValue;
 
     /* Get the object header */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
 
     /* Get the current reference count and fail if it's zero */
     OldValue = ObjectHeader->PointerCount;
     if (!OldValue) return FALSE;
 
     /* Start reference loop */
     do
     {
         /* Increase the reference count */
         NewValue = InterlockedCompareExchangeSizeT(&ObjectHeader->PointerCount,
                                                    OldValue + 1,
                                                    OldValue);
         if (OldValue == NewValue) return TRUE;
 
         /* Keep looping */
         OldValue = NewValue;
     } while (OldValue);
 
     /* If we got here, then the reference count is now 0 */
     return FALSE;
 }

Referenced by _Function_class_(), CmpFlushNotifiesOnKeyBodyList(), NtImpersonateClientOfPort(), NtRequestPort(), PsGetNextProcess(), PsGetNextProcessThread(), PsLookupProcessByProcessId(), PsLookupProcessThreadByCid(), PsLookupThreadByThreadId(), PspExitThread(), and SepCleanupLUIDDeviceMapDirectory().

Variable Documentation

◆ ObpAccessProtectCloseBit

ULONG ObpAccessProtectCloseBit

Definition at line 21 of file obhandle.c.

Referenced by ObDuplicateObject(), ObpSetHandleAttributes(), and ObReferenceFileObjectForWrite().

Macros

Functions

Variables