#include <ntoskrnl.h>
#include <debug.h>

Include dependency graph for obref.c:

Macros
#define	NDEBUG

Functions
BOOLEAN FASTCALL	ObReferenceObjectSafe (IN PVOID Object)

VOID NTAPI	ObpDeferObjectDeletion (IN POBJECT_HEADER Header)

LONG FASTCALL	ObReferenceObjectEx (IN PVOID Object, IN LONG Count)

LONG FASTCALL	ObDereferenceObjectEx (IN PVOID Object, IN LONG Count)

VOID FASTCALL	ObInitializeFastReference (IN PEX_FAST_REF FastRef, IN PVOID Object OPTIONAL)

PVOID FASTCALL	ObFastReferenceObjectLocked (IN PEX_FAST_REF FastRef)

PVOID FASTCALL	ObFastReferenceObject (IN PEX_FAST_REF FastRef)

VOID FASTCALL	ObFastDereferenceObject (IN PEX_FAST_REF FastRef, IN PVOID Object)

PVOID FASTCALL	ObFastReplaceObject (IN PEX_FAST_REF FastRef, PVOID Object)

LONG_PTR FASTCALL	ObfReferenceObject (IN PVOID Object)

LONG_PTR FASTCALL	ObfDereferenceObject (IN PVOID Object)

VOID NTAPI	ObDereferenceObjectDeferDelete (IN PVOID Object)

VOID NTAPI	ObDereferenceObject (IN PVOID Object)

NTSTATUS NTAPI	ObReferenceObjectByPointer (IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)

NTSTATUS NTAPI	ObReferenceObjectByName (IN PUNICODE_STRING ObjectPath, IN ULONG Attributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, OUT PVOID *ObjectPtr)

NTSTATUS NTAPI	ObReferenceObjectByHandle (IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)

Macro Definition Documentation

#define NDEBUG

Definition at line 15 of file obref.c.

Function Documentation

VOID NTAPI ObDereferenceObject ( IN PVOID Object )

Definition at line 267 of file obref.c.

Referenced by _Function_class_(), _Success_(), add_device(), AdvancedErrorChecks(), AfdAccept(), AfdCloseSocket(), AfdEnumEvents(), AfdEventSelect(), BasicBehaviorChecks(), BehaviorChecks(), BuildDesktopNameList(), Bus_GetDeviceCapabilities(), calc_thread(), CcpDereferenceCache(), CcpMapData(), CcpReadAhead(), CcpUnmapCache(), CcRosDeleteFileCache(), CcUninitializeCacheMap(), CdCreateInternalStream(), CdDeleteInternalStream(), CdDeleteVcb(), CdfsFCBInitializeCache(), CdfsMountVolume(), CdInvalidateVolumes(), CdMountVolume(), CdReMountOldVcb(), CdRomCreateDeviceObject(), CdUnload(), CdVerifyVolume(), ClassCreateDeviceObject(), ClasspFailurePredict(), CmBattUnload(), CmGetSystemDriverList(), CmpCreateRegistryRoot(), CmpDoCreateChild(), CmpDoOpen(), CmpIsHiveAlreadyLoaded(), CmpOpenHiveFiles(), co_HOOK_CallHooks(), co_IntRegisterLogonProcess(), co_UserCreateWindowEx(), CompBattAddNewBattery(), CompBattRemoveBattery(), Control(), create_snapshot(), CreateGreenFdo(), CreateMixerPinAndSetFormat(), DbgkClearProcessDebugObject(), DbgkOpenProcessDebugPort(), DbgkpCloseObject(), DbgkpFreeDebugEvent(), DbgkpPostFakeProcessCreateMessages(), DbgkpPostFakeThreadMessages(), DbgkpQueueMessage(), DbgkpSetProcessDebugObject(), DecrementGdiHandleCount(), DestroyPortDriver(), disk_arrival(), DiskCreateFdo(), DiskDeviceControl(), DiskSendFailurePredictIoctl(), DispTdiAssociateAddress(), DriverEntry(), DriverUnload(), EngFreeModule(), EngFreeSectionMem(), EngUnmapEvent(), ExFreePoolWithTag(), ExitThreadCallback(), ExpCreateWorkerThread(), ExpDebuggerWorker(), ExpDeleteProfile(), ExpWorkerThreadBalanceManager(), ExRegisterCallback(), ExReturnPoolQuota(), Ext2DestroyVcb(), Ext2FloppyFlush(), Ext2InitializeVcb(), Ext2InvalidateVolumes(), Ext2MountVolume(), Ext2TearDownStream(), ExUnregisterCallback(), FatiCommonClose(), FatUninitializeVcb(), FFSFloppyFlush(), FFSFreeVcb(), FFSInvalidateVolumes(), find_device_from_uuid(), finish_removing_device(), FinishThread(), FltpEnumerateFileSystemVolumes(), FltpGetBaseDeviceObjectName(), FltpIsAttachedToDevice(), flush_thread(), FsRtlNotifyVolumeEvent(), FsRtlTest_StartTest(), GetDeviceId(), GetProcessLuid(), GreenQueryBusRelations(), GspQuery(), GspQueryThreadStatus(), GspSetThread(), HalGetAdapter(), HalPutDmaAdapter(), i8042SendHookWorkItem(), IKsPin_PinMasterClock(), IncrementGdiHandleCount(), InitGdiHandleTable(), InitializeCmdEventInfo(), IntAllowSetForegroundWindow(), IntDesktopObjectDelete(), IntDesktopObjectParse(), IntFreeDesktopHeap(), IntGdiAddFontResource(), IntSetThreadDesktop(), IntTID2PTI(), IntUnmapDesktopView(), invalidate_volumes(), IoAttachDevice(), IoCompletion(), IoCreateDevice(), IoCreateStreamFileObjectEx(), IoDeleteController(), IoDeleteDriver(), IoFreeErrorLogEntry(), IoGetBootDiskInformation(), IopActionInitChildServices(), IopAttachFilterDriversCallback(), IopCancelRemoveDeviceRelations(), IopCleanupAfterException(), IopCleanupFailedIrp(), IopCleanupIrp(), IopCompleteRequest(), IopCreateArcNamesCd(), IopCreateArcNamesDisk(), IopCreateDriver(), IopCreateEvent(), IopCreateFile(), IopDeleteDevice(), IopDeleteFile(), IopDeviceFsIoControl(), IopDeviceRelationsWorker(), IopDeviceStatus(), IopEnumerateDevice(), IopGetDeviceDepth(), IopGetDeviceProperty(), IopGetDeviceRelations(), IopGetFileInformation(), IopGetInterfaceDeviceList(), IopGetRelatedDevice(), IopGetSetSecurityObject(), IopInitializeBootDrivers(), IopInitializeBuiltinDriver(), IopInitializeDevice(), IopInitiatePnpIrp(), IopLoadUnloadDriver(), IopLogWorker(), IopMarkBootPartition(), IopMountVolume(), IopOpenLinkOrRenameTarget(), IopParseDevice(), IopQueryRemoveDeviceRelations(), IopReportTargetDeviceChangeAsyncWorker(), IopResetDevice(), IopSendRemoveDevice(), IopSetDeviceSecurityDescriptors(), IopShutdownBaseFileSystems(), IopSynchronousCall(), IopUnloadDevice(), IopUnloadDriver(), IopUnloadSafeCompletion(), IopWorkItemCallback(), IoRegisterPlugPlayNotification(), IoSetDeviceInterfaceState(), IoShutdownSystem(), IoUnregisterFsRegistrationChange(), IoUnregisterPlugPlayNotification(), IoUnregisterShutdownNotification(), IoVolumeDeviceToDosName(), IoWMIQueryAllData(), IsFtVolume(), IssueUniqueIdChangeNotify(), IssueUniqueIdChangeNotifyWorker(), IsThreadSuspended(), KdbpAttachToProcess(), KdbpAttachToThread(), KdbpCmdProc(), KdbpCmdThread(), KdbpReleaseFileForSymbols(), KdbpSymLoadModuleSymbols(), KdpGdbEnterDebuggerException(), KernelModeTest(), KmtFinishThread(), KsDiscardEvent(), load_chunk_root(), LpcpCopyRequestData(), LpcpCreatePort(), LpcpDeletePort(), LpcpDestroyPortQueue(), LpcpFreeToPortZone(), LpcRequestPort(), LpcRequestWaitReplyPort(), MiQueryMemoryBasicInformation(), MiQueryMemorySectionName(), MmCreateArm3Section(), MmCreateCacheSection(), MmCreateDataFileSection(), MmCreateImageSection(), MmCreatePageFileSection(), MmCreatePhysicalMemorySection(), MmCreateSection(), MmFinalizeSegment(), MmGetFileNameForAddress(), MmLoadSystemImage(), MmPageOutPhysicalAddress(), MmpDeleteSection(), MmpPageOutPhysicalAddress(), MmQuitNextSession(), MmUnloadSystemImage(), MmUnmapViewOfSegment(), mount_vol(), MountMgrNotifyNameChange(), MountMgrVolumeMountPointChanged(), MupCloseUncProvider(), MupDereferenceCcb(), nfs41_DeleteConnection(), NpCancelWaiter(), NpCancelWaitQueueIrp(), NpDeleteEventTableEntry(), NpFreeClientSecurityContext(), NpTimerDispatch(), NtAcceptConnectPort(), NtAccessCheck(), NtAdjustPrivilegesToken(), NtAlertResumeThread(), NtAlertThread(), NtAllocateVirtualMemory(), NtAssignProcessToJobObject(), NtCancelIoFile(), NtClearEvent(), NtCompareTokens(), NtCompleteConnectPort(), NtCreateJobObject(), NtCreatePagingFile(), NtCreateProfile(), NtCreateSymbolicLinkObject(), NtDebugActiveProcess(), NtDebugContinue(), NtDeleteKey(), NtDeleteValueKey(), NtDuplicateObject(), NtDuplicateToken(), NtEnumerateKey(), NtEnumerateValueKey(), NtExtendSection(), NtFlushBuffersFile(), NtFlushInstructionCache(), NtFlushKey(), NtFlushVirtualMemory(), NtFreeVirtualMemory(), NtfsFCBInitializeCache(), NtGetContextThread(), NtGetWriteWatch(), NtImpersonateClientOfPort(), NtImpersonateThread(), NtIsProcessInJob(), NtLoadKeyEx(), NtLockFile(), NtLockVirtualMemory(), NtMakePermanentObject(), NtMakeTemporaryObject(), NtMapViewOfSection(), NtNotifyChangeDirectoryFile(), NtOpenObjectAuditAlarm(), NtOpenProcess(), NtOpenProcessTokenEx(), NtOpenThread(), NtOpenThreadTokenEx(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtProtectVirtualMemory(), NtPulseEvent(), NtQueryDirectoryFile(), NtQueryDirectoryObject(), NtQueryEvent(), NtQueryInformationFile(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIoCompletion(), NtQueryKey(), NtQueryMutant(), NtQueryObject(), NtQueryOpenSubKeys(), NtQuerySection(), NtQuerySecurityObject(), NtQuerySemaphore(), NtQuerySymbolicLinkObject(), NtQueryTimer(), NtQueryValueKey(), NtQueryVolumeInformationFile(), NtQueueApcThread(), NtReadFile(), NtReadVirtualMemory(), NtRegisterThreadTerminatePort(), NtReleaseMutant(), NtReleaseSemaphore(), NtRemoveIoCompletion(), NtRemoveProcessDebug(), NtReplyPort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), NtResetEvent(), NtResetWriteWatch(), NtResumeProcess(), NtResumeThread(), NtSaveKeyEx(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSetContextThread(), NtSetEvent(), NtSetEventBoostPriority(), NtSetHighEventPair(), NtSetHighWaitLowEventPair(), NtSetInformationDebugObject(), NtSetInformationFile(), NtSetInformationObject(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), NtSetIoCompletion(), NtSetLowEventPair(), NtSetLowWaitHighEventPair(), NtSetSecurityObject(), NtSetValueKey(), NtSetVolumeInformationFile(), NtSignalAndWaitForSingleObject(), NtStartProfile(), NtStopProfile(), NtSuspendProcess(), NtSuspendThread(), NtTerminateJobObject(), NtTerminateProcess(), NtTerminateThread(), NtUnloadKey2(), NtUnlockFile(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtUserBuildHwndList(), NtUserChangeClipboardChain(), NtUserCloseDesktop(), NtUserCloseWindowStation(), NtUserConsoleControl(), NtUserCountClipboardFormats(), NtUserCreateDesktop(), NtUserCreateWindowStation(), NtUserGetClipboardData(), NtUserGetClipboardOwner(), NtUserGetClipboardSequenceNumber(), NtUserGetClipboardViewer(), NtUserGetGuiResources(), NtUserGetGUIThreadInfo(), NtUserGetObjectInformation(), NtUserGetOpenClipboardWindow(), NtUserGetPriorityClipboardFormat(), NtUserGetThreadDesktop(), NtUserIsClipboardFormatAvailable(), NtUserLockWindowStation(), NtUserPostThreadMessage(), NtUserProcessConnect(), NtUserQueryInformationThread(), NtUserResolveDesktop(), NtUserSetClipboardViewer(), NtUserSetInformationThread(), NtUserSetShellWindowEx(), NtUserSetWindowsHookEx(), NtUserSetWindowStationUser(), NtUserSetWinEventHook(), NtUserSwitchDesktop(), NtUserUnlockWindowStation(), NtUserWaitForInputIdle(), NtWaitForDebugEvent(), NtWaitForMultipleObjects(), NtWaitForSingleObject(), NtWaitHighEventPair(), NtWaitLowEventPair(), NtWriteFile(), NtWriteVirtualMemory(), ObDereferenceDeviceMap(), ObDuplicateObject(), ObFastDereferenceObject(), ObfDereferenceDeviceMap(), ObInsertObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObpCloseHandleTableEntry(), ObpCreateDeviceMap(), ObpCreateHandle(), ObpDeleteNameCheck(), ObpDuplicateHandleCallback(), ObpLookupEntryDirectory(), ObpLookupObjectName(), ObpReleaseLookupContextObject(), ObtClose(), PageFileBehaviorChecks(), PatchKeyboardDriver(), PciGetDeviceCapabilities(), PciQueryForPciBusInterface(), PciSendIoctl(), Pin_fnDeviceIoControl(), Pin_fnWrite(), PopAddRemoveSysCapsCallback(), PopQuerySystemPowerStateTraverse(), PopRequestPowerIrpCompletion(), PopSetSystemPowerState(), PopSetSystemPowerStateTraverse(), PoRequestPowerIrp(), PoRequestShutdownWait(), PsAssignImpersonationToken(), PsDereferenceImpersonationToken(), PsDereferencePrimaryToken(), PsGetNextProcess(), PsGetNextProcessThread(), PsOpenTokenOfProcess(), PspAssignPrimaryToken(), PspCreateProcess(), PspCreateThread(), PspDeleteJob(), PspDeleteProcess(), PspDeleteThread(), PspDeleteThreadSecurity(), PspExitProcess(), PspExitThread(), PspReapRoutine(), PspSetPrimaryToken(), PspSetQuotaLimits(), PsRestoreImpersonation(), PsRevertThreadToSelf(), QSI_DEF(), QueryDeviceInformation(), QuerySuggestedLinkName(), RawInputThreadMain(), RawMountVolume(), RawUnload(), ReconcileThisDatabaseWithMasterWorker(), RegisterForTargetDeviceNotification(), ResetCsrApiPort(), ResetCsrProcess(), RfsdFloppyFlush(), RfsdFreeVcb(), RfsdInvalidateVolumes(), RxpWorkerThreadDispatcher(), RxUnregisterMinirdr(), ScsiClassClaimDevice(), SearchForLegacyDrivers(), SeCreateClientSecurity(), SeCreateClientSecurityFromSubjectContext(), SeDeassignPrimaryToken(), SeLocateProcessImageName(), SendLinkCreated(), SendLinkDeleted(), SendOnlineNotification(), SepAccessCheckAndAuditAlarm(), SepCreateToken(), SepDuplicateToken(), START_TEST(), SysAudio_Shutdown(), SystemProcessTest(), TdiCloseDevice(), test_vol(), TestCreateSection(), TestEventConcurrent(), TestIoCreateFile(), TestLowerDeviceKernelAPI(), TestObjectTypes(), TestObRootSecurity(), TestPhysicalMemorySection(), TestProviderInfo(), TestReference(), TestSharedCacheMap(), TestSymlinks(), TestTcpConnect(), UDFCheckOtherFSByName(), UDFCommonDeviceControl(), UDFInvalidateVolumes(), uninit(), Unload(), UnlockHandles(), USBH_FdoQueryBusRelations(), USBPORT_IsCompanionController(), USBPORT_QueryPciBusInterface(), UserClipboardFreeWindow(), UserClipboardRelease(), UserCloseClipboard(), UserCreateHeap(), UserCreateMenu(), UserDeleteW32Process(), UserEmptyClipboard(), UserEnumClipboardFormats(), UserGetShellWindow(), UserOpenClipboard(), UserSetClipboardData(), UserSetProcessWindowStation(), VerifyEventWaitable(), VfatCleanupFile(), VfatDismountVolume(), vfatFCBInitializeCacheFromVolume(), VfatMount(), VfatSetRenameInformation(), WdmAudControlCloseMixer(), WdmAudControlDeviceState(), WdmAudControlOpenMixer(), WdmAudFrameSize(), WdmAudResetStream(), WmipOpenGuidForEvents(), WmipRegisterGuids(), and xHalQueryDriveLayout().

 {
     /* Call the fastcall function */
     ObfDereferenceObject(Object);
 }

VOID NTAPI ObDereferenceObjectDeferDelete ( IN PVOID Object )

Definition at line 252 of file obref.c.

Referenced by CmpDoCreateChild(), CmpFlushNotifiesOnKeyBodyList(), IopCompleteRequest(), and ObpDereferenceNameInfo().

 {
     POBJECT_HEADER Header = OBJECT_TO_OBJECT_HEADER(Object);
 
     /* Check whether the object can now be deleted. */
     if (!InterlockedDecrement(&Header->PointerCount))
     {
         /* Add us to the deferred deletion list */
         ObpDeferObjectDeletion(Header);
     }
 }

LONG FASTCALL ObDereferenceObjectEx	(	IN PVOID	Object,
		IN LONG	Count
	)

Definition at line 88 of file obref.c.

Referenced by ExpTimerApcKernelRoutine(), ExTimerRundown(), NtCancelTimer(), NtSetTimer(), ObFastReferenceObject(), ObFastReplaceObject(), and PspCreateThread().

 {
     POBJECT_HEADER Header;
     LONG NewCount;
 
     /* Extract the object header */
     Header = OBJECT_TO_OBJECT_HEADER(Object);
 
     /* Check whether the object can now be deleted. */
     NewCount = InterlockedExchangeAdd(&Header->PointerCount, -Count) - Count;
     if (!NewCount) ObpDeferObjectDeletion(Header);
 
     /* Return the current count */
     return NewCount;
 }

VOID FASTCALL ObFastDereferenceObject	(	IN PEX_FAST_REF	FastRef,
		IN PVOID	Object
	)

Definition at line 167 of file obref.c.

Referenced by NtOpenThreadTokenEx(), PspCreateProcess(), PspCreateThread(), PspExitThread(), PspInitializeProcessSecurity(), PspSetPrimaryToken(), SeIsTokenChild(), and SeReleaseSubjectContext().

 {
     /* Release a fast reference. If this failed, use the slow path */
     if (!ExReleaseFastReference(FastRef, Object)) ObDereferenceObject(Object);
 }

PVOID FASTCALL ObFastReferenceObject ( IN PEX_FAST_REF FastRef )

Definition at line 132 of file obref.c.

Referenced by PsReferenceEffectiveToken(), and PsReferencePrimaryToken().

 {
     EX_FAST_REF OldValue;
     ULONG_PTR Count;
     PVOID Object;
 
     /* Reference the object and get it pointer */
     OldValue = ExAcquireFastReference(FastRef);
     Object = ExGetObjectFastReference(OldValue);
 
     /* Check how many references are left */
     Count = ExGetCountFastReference(OldValue);
 
     /* Check if the reference count is over 1 */
     if (Count > 1) return Object;
 
     /* Check if the reference count has reached 0 */
     if (!Count) return NULL;
 
     /* Otherwise, reference the object 7 times */
     ObReferenceObjectEx(Object, MAX_FAST_REFS);
     
     /* Now update the reference count */
     if (!ExInsertFastReference(FastRef, Object))
     {
         /* We failed: completely dereference the object */
         ObDereferenceObjectEx(Object, MAX_FAST_REFS);
     }
 
     /* Return the Object */
     return Object;
 }

PVOID FASTCALL ObFastReferenceObjectLocked ( IN PEX_FAST_REF FastRef )

Definition at line 119 of file obref.c.

Referenced by PsReferenceEffectiveToken(), and PsReferencePrimaryToken().

 {
     PVOID Object;
     EX_FAST_REF OldValue = *FastRef;
 
     /* Get the object and reference it slowly */
     Object = ExGetObjectFastReference(OldValue);
     if (Object) ObReferenceObject(Object);
     return Object;
 }

PVOID FASTCALL ObFastReplaceObject	(	IN PEX_FAST_REF	FastRef,
		PVOID	Object
	)

Definition at line 176 of file obref.c.

 {
     EX_FAST_REF OldValue;
     PVOID OldObject;
     ULONG Count;
 
     /* Check if we were given an object and reference it 7 times */
     if (Object) ObReferenceObjectEx(Object, MAX_FAST_REFS);
     
     /* Do the swap */
     OldValue = ExSwapFastReference(FastRef, Object);
     OldObject = ExGetObjectFastReference(OldValue);
     
     /* Check if we had an active object and dereference it */
     Count = ExGetCountFastReference(OldValue);
     if ((OldObject) && (Count)) ObDereferenceObjectEx(OldObject, Count);
 
     /* Return the old object */
     return OldObject;
 }

LONG_PTR FASTCALL ObfDereferenceObject ( IN PVOID Object )

Definition at line 212 of file obref.c.

Referenced by DriverEntry(), FltpClientPortDelete(), FltpDetachFromFileSystemDevice(), FltpSetupCommunicationObjects(), ObDereferenceObject(), PopProcessShutDownLists(), RawCheckForDismount(), VfatCheckForDismount(), and WmipOpenGuidObject().

 {
     POBJECT_HEADER Header;
     LONG_PTR OldCount;
 
     /* Extract the object header */
     Header = OBJECT_TO_OBJECT_HEADER(Object);
 
     if (Header->PointerCount < Header->HandleCount)
     {
         DPRINT1("Misbehaving object: %wZ\n", &Header->Type->Name);
         return Header->PointerCount;
     }
 
     /* Check whether the object can now be deleted. */
     OldCount = InterlockedDecrement(&Header->PointerCount);
     if (!OldCount)
     {
         /* Sanity check */
         ASSERT(Header->HandleCount == 0);
 
         /* Check if APCs are still active */
         if (!KeAreAllApcsDisabled())
         {
             /* Remove the object */
             ObpDeleteObject(Object, FALSE);
         }
         else
         {
             /* Add us to the deferred deletion list */
             ObpDeferObjectDeletion(Header);
         }
     }
 
     /* Return the old count */
     return OldCount;
 }

LONG_PTR FASTCALL ObfReferenceObject ( IN PVOID Object )

Definition at line 202 of file obref.c.

 {
     ASSERT(Object);
 
     /* Get the header and increment the reference count */
     return InterlockedIncrement(&OBJECT_TO_OBJECT_HEADER(Object)->PointerCount);
 }

VOID FASTCALL ObInitializeFastReference	(	IN PEX_FAST_REF	FastRef,
		IN PVOID Object	OPTIONAL
	)

Definition at line 107 of file obref.c.

Referenced by PspInitializeProcessSecurity(), SeAssignPrimaryToken(), and SepInitializationPhase0().

 {
     /* Check if we were given an object and reference it 7 times */
     if (Object) ObReferenceObjectEx(Object, MAX_FAST_REFS);
     
     /* Setup the fast reference */
     ExInitializeFastReference(FastRef, Object);
 }

VOID NTAPI ObpDeferObjectDeletion ( IN POBJECT_HEADER Header )

Definition at line 53 of file obref.c.

Referenced by ObDereferenceObjectDeferDelete(), ObDereferenceObjectEx(), and ObfDereferenceObject().

 {
     PVOID Entry;
 
     /* Loop while trying to update the list */
     do
     {
         /* Get the current entry */
         Entry = ObpReaperList;
 
         /* Link our object to the list */
         Header->NextToFree = Entry;
 
         /* Update the list */
     } while (InterlockedCompareExchangePointer(&ObpReaperList,
                                                Header,
                                                Entry) != Entry);
 
     /* Queue the work item if needed */
     if (!Entry) ExQueueWorkItem(&ObpReaperWorkItem, CriticalWorkQueue);
 }

NTSTATUS NTAPI ObReferenceObjectByHandle	(	IN HANDLE	Handle,
		IN ACCESS_MASK	DesiredAccess,
		IN POBJECT_TYPE	ObjectType,
		IN KPROCESSOR_MODE	AccessMode,
		OUT PVOID *	Object,
		OUT POBJECT_HANDLE_INFORMATION HandleInformation	OPTIONAL
	)

Definition at line 388 of file obref.c.

Referenced by _IRQL_requires_max_(), _Success_(), add_device(), AdvancedErrorChecks(), AfdAccept(), AfdEnumEvents(), AfdEventSelect(), BasicBehaviorChecks(), BehaviorChecks(), BroadcastOpen(), CdInvalidateVolumes(), CmGetSystemDriverList(), CmpCreateEvent(), CmpCreateRegistryRoot(), CmpIsHiveAlreadyLoaded(), CmpLinkHiveToMaster(), CompBattGetDeviceObjectPointer(), Control(), create_snapshot(), CreateGreenFdo(), CreateMixerPinAndSetFormat(), DispTdiAssociateAddress(), DriverEntry(), EngMapEvent(), ExCreateCallback(), ExpCreateWorkerThread(), ExpInitializeWorkerThreads(), ExpInitNls(), Ext2InvalidateVolumes(), FFSInvalidateVolumes(), FsRtlTest_OpenTestDirectory(), FsRtlTest_OpenTestFile(), GetObjectType(), IKsPin_PinMasterClock(), InitCsrApiPort(), InitThreadCallback(), IntValidateDesktopHandle(), IntValidateWindowStationHandle(), invalidate_volumes(), IopCreateDriver(), IopCreateEvent(), IopDeviceFsIoControl(), IopGetDeviceObjectPointer(), IopMarkBootPartition(), IopOpenLinkOrRenameTarget(), KdbpSymLoadModuleSymbols(), KernelModeTest(), KmtStartThread(), KspEnableEvent(), LockHandles(), LpcpCopyRequestData(), MiCreateMemoryEvent(), MiQueryMemoryBasicInformation(), MiQueryMemorySectionName(), MmCreateArm3Section(), MmCreateSection(), MmLoadSystemImage(), MountMgrVolumeMountPointChanged(), nfs41_DeleteConnection(), NtAccessCheck(), NtAdjustPrivilegesToken(), NtAlertResumeThread(), NtAlertThread(), NtAllocateVirtualMemory(), NtAssignProcessToJobObject(), NtCancelIoFile(), NtCancelTimer(), NtClearEvent(), NtCompareTokens(), NtCompleteConnectPort(), NtCreatePagingFile(), NtCreateProfile(), NtDebugActiveProcess(), NtDebugContinue(), NtDeleteKey(), NtDeleteValueKey(), NtDuplicateObject(), NtDuplicateToken(), NtEnumerateKey(), NtEnumerateValueKey(), NtExtendSection(), NtFlushBuffersFile(), NtFlushInstructionCache(), NtFlushKey(), NtFlushVirtualMemory(), NtFreeVirtualMemory(), NtGetContextThread(), NtGetWriteWatch(), NtImpersonateClientOfPort(), NtImpersonateThread(), NtIsProcessInJob(), NtLoadKeyEx(), NtLockFile(), NtLockVirtualMemory(), NtMakePermanentObject(), NtMakeTemporaryObject(), NtMapViewOfSection(), NtNotifyChangeDirectoryFile(), NtOpenObjectAuditAlarm(), NtOpenThreadTokenEx(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtProtectVirtualMemory(), NtPulseEvent(), NtQueryDirectoryFile(), NtQueryDirectoryObject(), NtQueryEvent(), NtQueryInformationFile(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIoCompletion(), NtQueryKey(), NtQueryMutant(), NtQueryObject(), NtQueryOpenSubKeys(), NtQuerySection(), NtQuerySecurityObject(), NtQuerySemaphore(), NtQuerySymbolicLinkObject(), NtQueryTimer(), NtQueryValueKey(), NtQueryVolumeInformationFile(), NtQueueApcThread(), NtReadFile(), NtReadVirtualMemory(), NtRegisterThreadTerminatePort(), NtReleaseMutant(), NtReleaseSemaphore(), NtRemoveIoCompletion(), NtRemoveProcessDebug(), NtReplyPort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), NtResetEvent(), NtResetWriteWatch(), NtResumeProcess(), NtResumeThread(), NtSaveKeyEx(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSetContextThread(), NtSetDefaultHardErrorPort(), NtSetEvent(), NtSetEventBoostPriority(), NtSetHighEventPair(), NtSetHighWaitLowEventPair(), NtSetInformationDebugObject(), NtSetInformationFile(), NtSetInformationObject(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), NtSetIoCompletion(), NtSetLowEventPair(), NtSetLowWaitHighEventPair(), NtSetSecurityObject(), NtSetTimer(), NtSetValueKey(), NtSetVolumeInformationFile(), NtSignalAndWaitForSingleObject(), NtStartProfile(), NtStopProfile(), NtSuspendProcess(), NtSuspendThread(), NtTerminateJobObject(), NtTerminateProcess(), NtTerminateThread(), NtUnloadKey2(), NtUnlockFile(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtUserConsoleControl(), NtUserCreateDesktop(), NtUserGetGuiResources(), NtUserGetObjectInformation(), NtUserGetThreadDesktop(), NtUserProcessConnect(), NtUserQueryInformationThread(), NtUserResolveDesktop(), NtUserSetInformationThread(), NtUserWaitForInputIdle(), NtWaitForDebugEvent(), NtWaitForSingleObject(), NtWaitHighEventPair(), NtWaitLowEventPair(), NtWriteFile(), NtWriteVirtualMemory(), ObInitSystem(), ObpCreateDeviceMap(), ObpLookupObjectName(), ObtCreateObjectTypes(), OpenDevice(), OpenInputDevice(), PageFileBehaviorChecks(), Pin_fnDeviceIoControl(), Pin_fnWrite(), PopAddRemoveSysCapsCallback(), PsAssignImpersonationToken(), PsLocateSystemDll(), PsOpenTokenOfProcess(), PspAssignPrimaryToken(), PspCreateProcess(), PspCreateThread(), PspInitPhase0(), PspSetPrimaryToken(), RegisterUncProvider(), RfsdInvalidateVolumes(), SepAccessCheckAndAuditAlarm(), START_TEST(), StartThread(), SystemProcessTest(), TdiOpenDevice(), TdiUnload(), TestEventConcurrent(), TestIoCreateFile(), TestObRootSecurity(), TestProviderInfo(), TestReference(), TestSharedCacheMap(), TestSymlinks(), TestTcpConnect(), UDFCommonDeviceControl(), UDFInvalidateVolumes(), VerifyEventWaitable(), VfatSetRenameInformation(), WdmAudControlDeviceState(), WdmAudControlOpenMixer(), WdmAudFrameSize(), WdmAudOpenSysAudioDevices(), WdmAudReadWrite(), and WdmAudResetStream().

 {
     PHANDLE_TABLE_ENTRY HandleEntry;
     POBJECT_HEADER ObjectHeader;
     ACCESS_MASK GrantedAccess;
     ULONG Attributes;
     PEPROCESS CurrentProcess;
     PVOID HandleTable;
     PETHREAD CurrentThread;
     NTSTATUS Status;
     PAGED_CODE();
 
     /* Assume failure */
     *Object = NULL;
 
     /* Check if this is a special handle */
     if (HandleToLong(Handle) < 0)
     {
         /* Check if this is the current process */
         if (Handle == NtCurrentProcess())
         {
             /* Check if this is the right object type */
             if ((ObjectType == PsProcessType) || !(ObjectType))
             {
                 /* Get the current process and granted access */
                 CurrentProcess = PsGetCurrentProcess();
                 GrantedAccess = CurrentProcess->GrantedAccess;
 
                 /* Validate access */
                 /* ~GrantedAccess = RefusedAccess.*/
                 /* ~GrantedAccess & DesiredAccess = list of refused bits. */
                 /* !(~GrantedAccess & DesiredAccess) == TRUE means ALL requested rights are granted */
                 if ((AccessMode == KernelMode) ||
                     !(~GrantedAccess & DesiredAccess))
                 {
                     /* Check if the caller wanted handle information */
                     if (HandleInformation)
                     {
                         /* Return it */
                         HandleInformation->HandleAttributes = 0;
                         HandleInformation->GrantedAccess = GrantedAccess;
                     }
 
                     /* Reference ourselves */
                     ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentProcess);
                     InterlockedExchangeAdd(&ObjectHeader->PointerCount, 1);
 
                     /* Return the pointer */
                     *Object = CurrentProcess;
                     ASSERT(*Object != NULL);
                     Status = STATUS_SUCCESS;
                 }
                 else
                 {
                     /* Access denied */
                     Status = STATUS_ACCESS_DENIED;
                 }
             }
             else
             {
                 /* The caller used this special handle value with a non-process type */
                 Status = STATUS_OBJECT_TYPE_MISMATCH;
             }
 
             /* Return the status */
             return Status;
         }
         else if (Handle == NtCurrentThread())
         {
             /* Check if this is the right object type */
             if ((ObjectType == PsThreadType) || !(ObjectType))
             {
                 /* Get the current process and granted access */
                 CurrentThread = PsGetCurrentThread();
                 GrantedAccess = CurrentThread->GrantedAccess;
 
                 /* Validate access */
                 /* ~GrantedAccess = RefusedAccess.*/
                 /* ~GrantedAccess & DesiredAccess = list of refused bits. */
                 /* !(~GrantedAccess & DesiredAccess) == TRUE means ALL requested rights are granted */
                 if ((AccessMode == KernelMode) ||
                     !(~GrantedAccess & DesiredAccess))
                 {
                     /* Check if the caller wanted handle information */
                     if (HandleInformation)
                     {
                         /* Return it */
                         HandleInformation->HandleAttributes = 0;
                         HandleInformation->GrantedAccess = GrantedAccess;
                     }
 
                     /* Reference ourselves */
                     ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentThread);
                     InterlockedExchangeAdd(&ObjectHeader->PointerCount, 1);
 
                     /* Return the pointer */
                     *Object = CurrentThread;
                     ASSERT(*Object != NULL);
                     Status = STATUS_SUCCESS;
                 }
                 else
                 {
                     /* Access denied */
                     Status = STATUS_ACCESS_DENIED;
                 }
             }
             else
             {
                 /* The caller used this special handle value with a non-process type */
                 Status = STATUS_OBJECT_TYPE_MISMATCH;
             }
 
             /* Return the status */
             return Status;
         }
         else if (AccessMode == KernelMode)
         {
             /* Use the kernel handle table and get the actual handle value */
             Handle = ObKernelHandleToHandle(Handle);
             HandleTable = ObpKernelHandleTable;
         }
         else
         {
             /* Invalid access, fail */
             return STATUS_INVALID_HANDLE;
         }
     }
     else
     {
         /* Otherwise use this process's handle table */
         HandleTable = PsGetCurrentProcess()->ObjectTable;
     }
 
     /* Enter a critical region while we touch the handle table */
     ASSERT(HandleTable != NULL);
     KeEnterCriticalRegion();
 
     /* Get the handle entry */
     HandleEntry = ExMapHandleToPointer(HandleTable, Handle);
     if (HandleEntry)
     {
         /* Get the object header and validate the type*/
         ObjectHeader = ObpGetHandleObject(HandleEntry);
         if (!(ObjectType) || (ObjectType == ObjectHeader->Type))
         {
             /* Get the granted access and validate it */
             GrantedAccess = HandleEntry->GrantedAccess;
 
             /* Validate access */
             /* ~GrantedAccess = RefusedAccess.*/
             /* ~GrantedAccess & DesiredAccess = list of refused bits. */
             /* !(~GrantedAccess & DesiredAccess) == TRUE means ALL requested rights are granted */
             if ((AccessMode == KernelMode) ||
                 !(~GrantedAccess & DesiredAccess))
             {
                 /* Reference the object directly since we have its header */
                 InterlockedIncrement(&ObjectHeader->PointerCount);
 
                 /* Mask out the internal attributes */
                 Attributes = HandleEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES;
 
                 /* Check if the caller wants handle information */
                 if (HandleInformation)
                 {
                     /* Fill out the information */
                     HandleInformation->HandleAttributes = Attributes;
                     HandleInformation->GrantedAccess = GrantedAccess;
                 }
 
                 /* Return the pointer */
                 *Object = &ObjectHeader->Body;
 
                 /* Unlock the handle */
                 ExUnlockHandleTableEntry(HandleTable, HandleEntry);
                 KeLeaveCriticalRegion();
 
                 /* Return success */
                 ASSERT(*Object != NULL);
                 return STATUS_SUCCESS;
             }
             else
             {
                 /* Requested access failed */
                 DPRINT("Rights not granted: %x\n", ~GrantedAccess & DesiredAccess);
                 Status = STATUS_ACCESS_DENIED;
             }
         }
         else
         {
             /* Invalid object type */
             Status = STATUS_OBJECT_TYPE_MISMATCH;
         }
 
         /* Unlock the entry */
         ExUnlockHandleTableEntry(HandleTable, HandleEntry);
     }
     else
     {
         /* Invalid handle */
         Status = STATUS_INVALID_HANDLE;
     }
 
     /* Return failure status */
     KeLeaveCriticalRegion();
     *Object = NULL;
     return Status;
 }

NTSTATUS NTAPI ObReferenceObjectByName	(	IN PUNICODE_STRING	ObjectPath,
		IN ULONG	Attributes,
		IN PACCESS_STATE	PassedAccessState,
		IN ACCESS_MASK	DesiredAccess,
		IN POBJECT_TYPE	ObjectType,
		IN KPROCESSOR_MODE	AccessMode,
		IN OUT PVOID	ParseContext,
		OUT PVOID *	ObjectPtr
	)

Definition at line 303 of file obref.c.

Referenced by IopGetDriverObject(), IopUnloadDriver(), NtSecureConnectPort(), ObtClose(), and TestReference().

 {
     PVOID Object = NULL;
     UNICODE_STRING ObjectName;
     NTSTATUS Status;
     OBP_LOOKUP_CONTEXT Context;
     AUX_ACCESS_DATA AuxData;
     ACCESS_STATE AccessState;
     PAGED_CODE();
 
     /* Fail quickly */
     if (!ObjectPath) return STATUS_OBJECT_NAME_INVALID;
 
     /* Capture the name */
     Status = ObpCaptureObjectName(&ObjectName, ObjectPath, AccessMode, TRUE);
     if (!NT_SUCCESS(Status)) return Status;
 
     /* We also need a valid name after capture */
     if (!ObjectName.Length) return STATUS_OBJECT_NAME_INVALID;
 
     /* Check if we didn't get an access state */
     if (!PassedAccessState)
     {
         /* Use our built-in access state */
         PassedAccessState = &AccessState;
         Status = SeCreateAccessState(&AccessState,
                                      &AuxData,
                                      DesiredAccess,
                                      &ObjectType->TypeInfo.GenericMapping);
         if (!NT_SUCCESS(Status)) goto Quickie;
     }
 
     /* Find the object */
     *ObjectPtr = NULL;
     Status = ObpLookupObjectName(NULL,
                                  &ObjectName,
                                  Attributes,
                                  ObjectType,
                                  AccessMode,
                                  ParseContext,
                                  NULL,
                                  NULL,
                                  PassedAccessState,
                                  &Context,
                                  &Object);
 
     /* Cleanup after lookup */
     ObpReleaseLookupContext(&Context);
 
     /* Check if the lookup succeeded */
     if (NT_SUCCESS(Status))
     {
         /* Check if access is allowed */
         if (ObpCheckObjectReference(Object,
                                     PassedAccessState,
                                     FALSE,
                                     AccessMode,
                                     &Status))
         {
             /* Return the object */
             *ObjectPtr = Object;
         }
     }
 
     /* Free the access state */
     if (PassedAccessState == &AccessState)
     {
         SeDeleteAccessState(PassedAccessState);
     }
 
 Quickie:
     /* Free the captured name if we had one, and return status */
     ObpFreeObjectNameBuffer(&ObjectName);
     return Status;
 }

NTSTATUS NTAPI ObReferenceObjectByPointer	(	IN PVOID	Object,
		IN ACCESS_MASK	DesiredAccess,
		IN POBJECT_TYPE	ObjectType,
		IN KPROCESSOR_MODE	AccessMode
	)

Definition at line 275 of file obref.c.

Referenced by CcRosInitializeFileCache(), ClassRetrieveDeviceRelations(), co_UserCreateWindowEx(), DriverEntry(), HalpDmaAllocateChildAdapter(), IoWMIQueryAllData(), MmPageOutPhysicalAddress(), ObOpenObjectByPointer(), ObpLookupObjectName(), ObpParseSymbolicLink(), RxpWorkerThreadDispatcher(), RxSpinUpRequestsDispatcher(), ScsiClassClaimDevice(), and TestReference().

 {
     POBJECT_HEADER Header;
 
     /* Get the header */
     Header = OBJECT_TO_OBJECT_HEADER(Object);
 
     /*
      * Validate object type if the call is for UserMode.
      * NOTE: Unless it's a symbolic link (Caz Yokoyama [MSFT])
      */
     if ((Header->Type != ObjectType) && ((AccessMode != KernelMode) ||
         (ObjectType == ObSymbolicLinkType)))
     {
         /* Invalid type */
         return STATUS_OBJECT_TYPE_MISMATCH;
     }
 
     /* Increment the reference count and return success */
     InterlockedIncrement(&Header->PointerCount);
     return STATUS_SUCCESS;
 }

LONG FASTCALL ObReferenceObjectEx	(	IN PVOID	Object,
		IN LONG	Count
	)

Definition at line 77 of file obref.c.

Referenced by ObFastReferenceObject(), ObFastReplaceObject(), ObInitializeFastReference(), and PspCreateThread().

 {
     /* Increment the reference count and return the count now */
     return InterlockedExchangeAdd(&OBJECT_TO_OBJECT_HEADER(Object)->
                                   PointerCount,
                                   Count) + Count;
 }

BOOLEAN FASTCALL ObReferenceObjectSafe ( IN PVOID Object )

Definition at line 22 of file obref.c.

Referenced by _Function_class_(), CmpFlushNotifiesOnKeyBodyList(), NtImpersonateClientOfPort(), NtRequestPort(), PsGetNextProcess(), PsGetNextProcessThread(), PsLookupProcessByProcessId(), PsLookupProcessThreadByCid(), PsLookupThreadByThreadId(), and PspExitThread().

 {
     POBJECT_HEADER ObjectHeader;
     LONG OldValue, NewValue;
 
     /* Get the object header */
     ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
 
     /* Get the current reference count and fail if it's zero */
     OldValue = ObjectHeader->PointerCount;
     if (!OldValue) return FALSE;
 
     /* Start reference loop */
     do
     {
         /* Increase the reference count */
         NewValue = InterlockedCompareExchange(&ObjectHeader->PointerCount,
                                               OldValue + 1,
                                               OldValue);
         if (OldValue == NewValue) return TRUE;
 
         /* Keep looping */
         OldValue = NewValue;
     } while (OldValue);
 
     /* If we got here, then the reference count is now 0 */
     return FALSE;
 }

Macros

Functions

Macro Definition Documentation

Function Documentation