#include <windef.h>
Include dependency graph for winternl.h:
Go to the source code of this file.
Classes | |
| struct | _STRING |
| struct | _UNICODE_STRING |
| struct | _RTL_USER_PROCESS_PARAMETERS |
| struct | _PEB_LDR_DATA |
| struct | _LDR_DATA_TABLE_ENTRY |
| struct | _PEB |
| struct | _TEB |
| struct | _OBJECT_ATTRIBUTES |
| struct | _IO_STATUS_BLOCK |
| struct | _KEY_VALUE_ENTRY |
| struct | _PROCESS_BASIC_INFORMATION |
| struct | _PUBLIC_OBJECT_BASIC_INFORMATION |
| struct | __PUBLIC_OBJECT_TYPE_INFORMATION |
| struct | _SYSTEM_BASIC_INFORMATION |
| struct | _SYSTEM_PERFORMANCE_INFORMATION |
| struct | _SYSTEM_TIMEOFDAY_INFORMATION |
| struct | _SYSTEM_PROCESS_INFORMATION |
| struct | _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION |
| struct | _SYSTEM_INTERRUPT_INFORMATION |
| struct | _SYSTEM_EXCEPTION_INFORMATION |
| struct | _SYSTEM_REGISTRY_QUOTA_INFORMATION |
| struct | _SYSTEM_LOOKASIDE_INFORMATION |
| struct | _SYSTEM_POLICY_INFORMATION |
| struct | _WINSTATIONINFORMATIONW |
Variables | |
| _In_ OBJECT_INFORMATION_CLASS | ObjectInformationClass |
| _In_ OBJECT_INFORMATION_CLASS _In_ ULONG | ObjectInformationLength |
| _In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG | ReturnLength |
Macro Definition Documentation
◆ _WINTERNL_
| #define _WINTERNL_ |
Definition at line 35 of file winternl.h.
◆ FILE_COMPLETE_IF_OPLOCKED
| #define FILE_COMPLETE_IF_OPLOCKED 0x00000100 |
Definition at line 177 of file winternl.h.
◆ FILE_CREATE
| #define FILE_CREATE 0x00000002 |
Definition at line 209 of file winternl.h.
◆ FILE_CREATE_TREE_CONNECTION
| #define FILE_CREATE_TREE_CONNECTION 0x00000080 |
Definition at line 176 of file winternl.h.
◆ FILE_CREATED
| #define FILE_CREATED 0x00000002 |
Definition at line 196 of file winternl.h.
◆ FILE_DELETE_ON_CLOSE
| #define FILE_DELETE_ON_CLOSE 0x00001000 |
Definition at line 181 of file winternl.h.
◆ FILE_DIRECTORY_FILE
| #define FILE_DIRECTORY_FILE 0x00000001 |
Definition at line 169 of file winternl.h.
◆ FILE_DOES_NOT_EXIST
| #define FILE_DOES_NOT_EXIST 0x00000005 |
Definition at line 199 of file winternl.h.
◆ FILE_EXISTS
| #define FILE_EXISTS 0x00000004 |
Definition at line 198 of file winternl.h.
◆ FILE_MAXIMUM_DISPOSITION
| #define FILE_MAXIMUM_DISPOSITION 0x00000005 |
Definition at line 213 of file winternl.h.
◆ FILE_NO_COMPRESSION
| #define FILE_NO_COMPRESSION 0x00008000 |
Definition at line 184 of file winternl.h.
◆ FILE_NO_EA_KNOWLEDGE
| #define FILE_NO_EA_KNOWLEDGE 0x00000200 |
Definition at line 178 of file winternl.h.
◆ FILE_NO_INTERMEDIATE_BUFFERING
| #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 |
Definition at line 172 of file winternl.h.
◆ FILE_NON_DIRECTORY_FILE
| #define FILE_NON_DIRECTORY_FILE 0x00000040 |
Definition at line 175 of file winternl.h.
◆ FILE_OPEN
| #define FILE_OPEN 0x00000001 |
Definition at line 208 of file winternl.h.
◆ FILE_OPEN_BY_FILE_ID
| #define FILE_OPEN_BY_FILE_ID 0x00002000 |
Definition at line 182 of file winternl.h.
◆ FILE_OPEN_FOR_BACKUP_INTENT
| #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 |
Definition at line 183 of file winternl.h.
◆ FILE_OPEN_FOR_FREE_SPACE_QUERY
| #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000 |
Definition at line 191 of file winternl.h.
◆ FILE_OPEN_IF
| #define FILE_OPEN_IF 0x00000003 |
Definition at line 210 of file winternl.h.
◆ FILE_OPEN_NO_RECALL
| #define FILE_OPEN_NO_RECALL 0x00400000 |
Definition at line 190 of file winternl.h.
◆ FILE_OPEN_REMOTE_INSTANCE
| #define FILE_OPEN_REMOTE_INSTANCE 0x00000400 |
Definition at line 179 of file winternl.h.
◆ FILE_OPEN_REPARSE_POINT
| #define FILE_OPEN_REPARSE_POINT 0x00200000 |
Definition at line 189 of file winternl.h.
◆ FILE_OPEN_REQUIRING_OPLOCK
| #define FILE_OPEN_REQUIRING_OPLOCK 0x00010000 |
Definition at line 186 of file winternl.h.
◆ FILE_OPENED
| #define FILE_OPENED 0x00000001 |
Definition at line 195 of file winternl.h.
◆ FILE_OVERWRITE
| #define FILE_OVERWRITE 0x00000004 |
Definition at line 211 of file winternl.h.
◆ FILE_OVERWRITE_IF
| #define FILE_OVERWRITE_IF 0x00000005 |
Definition at line 212 of file winternl.h.
◆ FILE_OVERWRITTEN
| #define FILE_OVERWRITTEN 0x00000003 |
Definition at line 197 of file winternl.h.
◆ FILE_RANDOM_ACCESS
| #define FILE_RANDOM_ACCESS 0x00000800 |
Definition at line 180 of file winternl.h.
◆ FILE_RESERVE_OPFILTER
| #define FILE_RESERVE_OPFILTER 0x00100000 |
Definition at line 188 of file winternl.h.
◆ FILE_SEQUENTIAL_ONLY
| #define FILE_SEQUENTIAL_ONLY 0x00000004 |
Definition at line 171 of file winternl.h.
◆ FILE_SUPERSEDE
| #define FILE_SUPERSEDE 0x00000000 |
Definition at line 207 of file winternl.h.
◆ FILE_SUPERSEDED
| #define FILE_SUPERSEDED 0x00000000 |
Definition at line 194 of file winternl.h.
◆ FILE_SYNCHRONOUS_IO_ALERT
| #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 |
Definition at line 173 of file winternl.h.
◆ FILE_SYNCHRONOUS_IO_NONALERT
| #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 |
Definition at line 174 of file winternl.h.
◆ FILE_VALID_MAILSLOT_OPTION_FLAGS
| #define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032 |
Definition at line 203 of file winternl.h.
◆ FILE_VALID_OPTION_FLAGS
| #define FILE_VALID_OPTION_FLAGS 0x00ffffff |
Definition at line 201 of file winternl.h.
◆ FILE_VALID_PIPE_OPTION_FLAGS
| #define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032 |
Definition at line 202 of file winternl.h.
◆ FILE_VALID_SET_FLAGS
| #define FILE_VALID_SET_FLAGS 0x00000036 |
Definition at line 204 of file winternl.h.
◆ FILE_WRITE_THROUGH
| #define FILE_WRITE_THROUGH 0x00000002 |
Definition at line 170 of file winternl.h.
◆ InitializeObjectAttributes
Value:
{ \
}
Definition: umtypes.h:184
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
Definition: wdfcommonbuffer.h:97
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
Definition at line 236 of file winternl.h.
◆ INTERNAL_TS_ACTIVE_CONSOLE_ID
Definition at line 164 of file winternl.h.
◆ LOGONID_CURRENT
Definition at line 165 of file winternl.h.
◆ NT_ERROR
Definition at line 59 of file winternl.h.
◆ NT_INFORMATION
Definition at line 51 of file winternl.h.
◆ NT_SUCCESS
◆ NT_WARNING
Definition at line 55 of file winternl.h.
◆ OBJ_CASE_INSENSITIVE
| #define OBJ_CASE_INSENSITIVE 0x00000040L |
Definition at line 228 of file winternl.h.
◆ OBJ_EXCLUSIVE
| #define OBJ_EXCLUSIVE 0x00000020L |
Definition at line 227 of file winternl.h.
◆ OBJ_FORCE_ACCESS_CHECK
| #define OBJ_FORCE_ACCESS_CHECK 0x00000400L |
Definition at line 232 of file winternl.h.
◆ OBJ_INHERIT
| #define OBJ_INHERIT 0x00000002L |
Definition at line 225 of file winternl.h.
◆ OBJ_KERNEL_HANDLE
| #define OBJ_KERNEL_HANDLE 0x00000200L |
Definition at line 231 of file winternl.h.
◆ OBJ_OPENIF
| #define OBJ_OPENIF 0x00000080L |
Definition at line 229 of file winternl.h.
◆ OBJ_OPENLINK
| #define OBJ_OPENLINK 0x00000100L |
Definition at line 230 of file winternl.h.
◆ OBJ_PERMANENT
| #define OBJ_PERMANENT 0x00000010L |
Definition at line 226 of file winternl.h.
◆ OBJ_VALID_ATTRIBUTES
| #define OBJ_VALID_ATTRIBUTES 0x000007F2L |
Definition at line 233 of file winternl.h.
◆ PIO_APC_ROUTINE_DEFINED
| #define PIO_APC_ROUTINE_DEFINED |
Definition at line 299 of file winternl.h.
◆ RtlFillMemory
Definition at line 601 of file winternl.h.
◆ RtlMoveMemory
Definition at line 600 of file winternl.h.
◆ RtlZeroMemory
| #define RtlZeroMemory | ( | Dest, | |
| Length | |||
| ) | RtlFillMemory((Dest),(Length),0) |
Definition at line 602 of file winternl.h.
◆ SERVERNAME_CURRENT
Definition at line 166 of file winternl.h.
Typedef Documentation
◆ ANSI_STRING
| typedef STRING ANSI_STRING |
Definition at line 70 of file winternl.h.
◆ FILE_INFORMATION_CLASS
◆ IO_STATUS_BLOCK
| typedef struct _IO_STATUS_BLOCK IO_STATUS_BLOCK |
◆ KEY_SET_INFORMATION_CLASS
◆ KEY_VALUE_ENTRY
| typedef struct _KEY_VALUE_ENTRY KEY_VALUE_ENTRY |
◆ LDR_DATA_TABLE_ENTRY
◆ OBJECT_ATTRIBUTES
◆ OBJECT_INFORMATION_CLASS
◆ OEM_STRING
| typedef STRING OEM_STRING |
Definition at line 73 of file winternl.h.
◆ PANSI_STRING
| typedef PSTRING PANSI_STRING |
Definition at line 71 of file winternl.h.
◆ PCANSI_STRING
| typedef PSTRING PCANSI_STRING |
Definition at line 72 of file winternl.h.
◆ PCOEM_STRING
| typedef const STRING* PCOEM_STRING |
Definition at line 75 of file winternl.h.
◆ PCSZ
Definition at line 62 of file winternl.h.
◆ PCUNICODE_STRING
| typedef const UNICODE_STRING* PCUNICODE_STRING |
Definition at line 83 of file winternl.h.
◆ PEB
◆ PEB_LDR_DATA
| typedef struct _PEB_LDR_DATA PEB_LDR_DATA |
◆ PIO_APC_ROUTINE
| typedef VOID(NTAPI * PIO_APC_ROUTINE) (_In_ PVOID ApcContext, _In_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG Reserved) |
Definition at line 293 of file winternl.h.
◆ PIO_STATUS_BLOCK
| typedef struct _IO_STATUS_BLOCK * PIO_STATUS_BLOCK |
◆ PKEY_VALUE_ENTRY
| typedef struct _KEY_VALUE_ENTRY * PKEY_VALUE_ENTRY |
◆ PLDR_DATA_TABLE_ENTRY
| typedef struct _LDR_DATA_TABLE_ENTRY * PLDR_DATA_TABLE_ENTRY |
◆ POBJECT_ATTRIBUTES
| typedef struct _OBJECT_ATTRIBUTES * POBJECT_ATTRIBUTES |
◆ POEM_STRING
| typedef PSTRING POEM_STRING |
Definition at line 74 of file winternl.h.
◆ PPEB
◆ PPEB_LDR_DATA
| typedef struct _PEB_LDR_DATA * PPEB_LDR_DATA |
◆ PPROCESS_BASIC_INFORMATION
◆ PPS_POST_PROCESS_INIT_ROUTINE
Definition at line 118 of file winternl.h.
◆ PPUBLIC_OBJECT_BASIC_INFORMATION
◆ PPUBLIC_OBJECT_TYPE_INFORMATION
◆ PROCESS_BASIC_INFORMATION
◆ PROCESSINFOCLASS
| typedef enum _PROCESSINFOCLASS PROCESSINFOCLASS |
◆ PRTL_USER_PROCESS_PARAMETERS
◆ PSTRING
◆ PSYSTEM_BASIC_INFORMATION
◆ PSYSTEM_EXCEPTION_INFORMATION
◆ PSYSTEM_INTERRUPT_INFORMATION
◆ PSYSTEM_LOOKASIDE_INFORMATION
◆ PSYSTEM_PERFORMANCE_INFORMATION
◆ PSYSTEM_POLICY_INFORMATION
◆ PSYSTEM_PROCESS_INFORMATION
◆ PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
| typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION * PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION |
◆ PSYSTEM_REGISTRY_QUOTA_INFORMATION
◆ PSYSTEM_TIMEOFDAY_INFORMATION
◆ PTEB
◆ PUBLIC_OBJECT_BASIC_INFORMATION
◆ PUBLIC_OBJECT_TYPE_INFORMATION
◆ PUNICODE_STRING
| typedef struct _UNICODE_STRING * PUNICODE_STRING |
◆ PWINSTATIONINFORMATIONW
◆ PWINSTATIONQUERYINFORMATIONW
| typedef BOOLEAN(WINAPI * PWINSTATIONQUERYINFORMATIONW) (HANDLE, ULONG, WINSTATIONINFOCLASS, PVOID, ULONG, PULONG) |
Definition at line 584 of file winternl.h.
◆ RTL_USER_PROCESS_PARAMETERS
◆ STRING
◆ SYSTEM_BASIC_INFORMATION
◆ SYSTEM_EXCEPTION_INFORMATION
◆ SYSTEM_INFORMATION_CLASS
◆ SYSTEM_INTERRUPT_INFORMATION
◆ SYSTEM_LOOKASIDE_INFORMATION
◆ SYSTEM_PERFORMANCE_INFORMATION
◆ SYSTEM_POLICY_INFORMATION
◆ SYSTEM_PROCESS_INFORMATION
◆ SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
◆ SYSTEM_REGISTRY_QUOTA_INFORMATION
◆ SYSTEM_TIMEOFDAY_INFORMATION
◆ TEB
◆ THREADINFOCLASS
| typedef enum _THREADINFOCLASS THREADINFOCLASS |
◆ UNICODE_STRING
| typedef struct _UNICODE_STRING UNICODE_STRING |
◆ WINSTATIONINFOCLASS
◆ WINSTATIONINFORMATIONW
Enumeration Type Documentation
◆ _FILE_INFORMATION_CLASS
Definition at line 159 of file winternl.h.
160{
161 FileDirectoryInformation = 1
162} FILE_INFORMATION_CLASS;
enum _FILE_INFORMATION_CLASS FILE_INFORMATION_CLASS
◆ _KEY_SET_INFORMATION_CLASS
Definition at line 372 of file winternl.h.
373{
enum _KEY_SET_INFORMATION_CLASS KEY_SET_INFORMATION_CLASS
◆ _OBJECT_INFORMATION_CLASS
Definition at line 439 of file winternl.h.
440{
441 ObjectBasicInformation = 0,
442 ObjectTypeInformation = 2
443} OBJECT_INFORMATION_CLASS;
enum _OBJECT_INFORMATION_CLASS OBJECT_INFORMATION_CLASS
◆ _PROCESSINFOCLASS
Definition at line 394 of file winternl.h.
395{
396 ProcessBasicInformation = 0,
397 ProcessDebugPort = 7,
398 ProcessWow64Information = 26,
399 ProcessImageFileName = 27,
400 ProcessBreakOnTermination = 29
401} PROCESSINFOCLASS;
enum _PROCESSINFOCLASS PROCESSINFOCLASS
◆ _SYSTEM_INFORMATION_CLASS
Definition at line 472 of file winternl.h.
473{
474 SystemBasicInformation = 0,
475 SystemPerformanceInformation = 2,
476 SystemTimeOfDayInformation = 3,
477 SystemProcessInformation = 5,
479 SystemInterruptInformation = 23,
480 SystemExceptionInformation = 33,
481 SystemRegistryQuotaInformation = 37,
482 SystemLookasideInformation = 45,
483 SystemPolicyInformation = 134,
484} SYSTEM_INFORMATION_CLASS;
@ SystemProcessorPerformanceInformation
Definition: winternl.h:478
enum _SYSTEM_INFORMATION_CLASS SYSTEM_INFORMATION_CLASS
◆ _THREADINFOCLASS
Definition at line 423 of file winternl.h.
◆ _WINSTATIONINFOCLASS
| Enumerator | |
|---|---|
| WinStationInformation | |
| WinStationInformation | |
Definition at line 571 of file winternl.h.
572{
573 WinStationInformation = 8
574} WINSTATIONINFOCLASS;
enum _WINSTATIONINFOCLASS WINSTATIONINFOCLASS
Function Documentation
◆ _IRQL_requires_max_()
| _IRQL_requires_max_ | ( | PASSIVE_LEVEL | ) |
Queries information details about a security descriptor.
Computes the quota size of a security descriptor.
Assigns a security descriptor for a new object.
An extended function that assigns a security descriptor for a new object.
Frees a security descriptor.
An extended function that sets new information data to a security descriptor.
Modifies some information data about a security descriptor.
- Parameters
-
[in] SecurityInformation Security information details to be queried from a security descriptor. [out] SecurityDescriptor The returned security descriptor with security information data. [in,out] Length The returned length of a security descriptor. [in,out] ObjectsSecurityDescriptor The returned object security descriptor.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- See SeSetSecurityDescriptorInfoEx.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] AutoInheritFlags Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
- Parameters
-
[in] SecurityDescriptor A security descriptor to be freed from memory.
- Returns
- Returns STATUS_SUCCESS.
- Parameters
-
[in] _ParentDescriptor A security descriptor of the parent object that is being created. [in] _ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] ObjectType The type of the new object. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] AutoInheritFlags Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
- Parameters
-
[in] ParentDescriptor A security descriptor of the parent object that is being created. [in] ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- See SeAssignSecurityEx.
- Parameters
-
[in] SecurityDescriptor A security descriptor. [out] QuotaInfoSize The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
- Returns
- Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.
Definition at line 923 of file Messaging.c.
75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
78
79 /* The caller must allow at least one connection */
81 {
83 }
84
85 /* The request must be for a kernel handle */
87 {
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
98 {
100 }
101
102 /* Create the server port object for this filter */
104 ServerPortObjectType,
105 ObjectAttributes,
106 KernelMode,
107 NULL,
109 0,
110 0,
111 (PVOID *)&PortObject);
113 {
114 /* Zero out the struct */
116
117 /* Increment the ref count on the target filter */
119
120 /* Setup the filter port object */
127
128 /* Insert the object */
130 NULL,
132 0,
133 NULL,
136 {
137 /* Lock the connection list */
139
140 /* Add the new port object to the connection list and increment the count */
143
144 /* Unlock the connection list*/
146 }
147 }
148
150 {
151 /* Allow the filter to be cleaned up */
153 }
154
156}
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
Definition: nsiface.idl:2307
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
Definition: fltmgrint.h:26
Definition: fltmgrint.h:189
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
◆ _Out_range_()
| _Out_range_ | ( | 0 | ) |
◆ _Out_writes_bytes_opt_()
| _In_ OBJECT_INFORMATION_CLASS _Out_writes_bytes_opt_ | ( | ObjectInformationLength | ) |
◆ _Return_type_success_()
| typedef _Return_type_success_ | ( | return >= | 0 | ) |
◆ _When_()
|
pure virtual |
◆ NtClose()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtClose | ( | _In_ HANDLE | Handle | ) |
◆ NtCreateFile()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile | ( | _Out_ PHANDLE | FileHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _Out_ PIO_STATUS_BLOCK | IoStatusBlock, | ||
| _In_opt_ PLARGE_INTEGER | AllocationSize, | ||
| _In_ ULONG | FileAttributes, | ||
| _In_ ULONG | ShareAccess, | ||
| _In_ ULONG | CreateDisposition, | ||
| _In_ ULONG | CreateOptions, | ||
| _In_reads_bytes_opt_(EaLength) PVOID | EaBuffer, | ||
| _In_ ULONG | EaLength | ||
| ) |
◆ NtDeviceIoControlFile()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile | ( | _In_ HANDLE | FileHandle, |
| _In_opt_ HANDLE | Event, | ||
| _In_opt_ PIO_APC_ROUTINE | ApcRoutine, | ||
| _In_opt_ PVOID | ApcContext, | ||
| _Out_ PIO_STATUS_BLOCK | IoStatusBlock, | ||
| _In_ ULONG | IoControlCode, | ||
| _In_reads_bytes_opt_(InputBufferLength) PVOID | InputBuffer, | ||
| _In_ ULONG | InputBufferLength, | ||
| _Out_writes_bytes_opt_(OutputBufferLength) PVOID | OutputBuffer, | ||
| _In_ ULONG | OutputBufferLength | ||
| ) |
◆ NtNotifyChangeMultipleKeys()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtNotifyChangeMultipleKeys | ( | _In_ HANDLE | MasterKeyHandle, |
| _In_opt_ ULONG | Count, | ||
| _In_reads_opt_(Count) OBJECT_ATTRIBUTES | SubordinateObjects[], | ||
| _In_opt_ HANDLE | Event, | ||
| _In_opt_ PIO_APC_ROUTINE | ApcRoutine, | ||
| _In_opt_ PVOID | ApcContext, | ||
| _Out_ PIO_STATUS_BLOCK | IoStatusBlock, | ||
| _In_ ULONG | CompletionFilter, | ||
| _In_ BOOLEAN | WatchTree, | ||
| _Out_writes_bytes_opt_(BufferSize) PVOID | Buffer, | ||
| _In_ ULONG | BufferSize, | ||
| _In_ BOOLEAN | Asynchronous | ||
| ) |
◆ NtOpenFile()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile | ( | _Out_ PHANDLE | FileHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _Out_ PIO_STATUS_BLOCK | IoStatusBlock, | ||
| _In_ ULONG | ShareAccess, | ||
| _In_ ULONG | OpenOptions | ||
| ) |
◆ NtQueryInformationProcess()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _Out_ PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 59 of file query.c.
65{
70
71 PAGED_CODE();
72
73 /* Validate the information class */
77 ICIF_PROBE_READ,
78 ProcessInformation,
79 ProcessInformationLength,
80 ReturnLength,
81 NULL,
82 PreviousMode);
84 {
85 DPRINT1("NtQueryInformationProcess(ProcessInformationClass: %lu): Class validation failed! (Status: 0x%lx)\n",
86 ProcessInformationClass, Status);
88 }
89
91 (ProcessInformationClass == ProcessImageInformation)) &&
93 {
94 /*
95 * Retrieving the process cookie is only allowed for the calling process
96 * itself! XP only allows NtCurrentProcess() as process handles even if
97 * a real handle actually represents the current process.
98 */
100 }
101
102 /* Check the information class */
103 switch (ProcessInformationClass)
104 {
105 /* Basic process information */
107 {
109
111 {
113 break;
114 }
115
116 /* Set the return length */
118
119 /* Reference the process */
122 PsProcessType,
123 PreviousMode,
125 NULL);
127
128 /* Protect writes with SEH */
129 _SEH2_TRY
130 {
131 /* Write all the information from the EPROCESS/KPROCESS */
136 UniqueProcessId;
137 ProcessBasicInfo->InheritedFromUniqueProcessId =
140
141 }
143 {
144 /* Get exception code */
146 }
147 _SEH2_END;
148
149 /* Dereference the process */
151 break;
152 }
153
154 /* Process quota limits */
156 {
157 QUOTA_LIMITS_EX QuotaLimits;
158 BOOLEAN Extended;
159
162 {
164 break;
165 }
166
167 /* Set the return length */
168 Length = ProcessInformationLength;
170
171 /* Reference the process */
174 PsProcessType,
175 PreviousMode,
177 NULL);
179
180 /* Indicate success */
182
184
185 /* Get max/min working set sizes */
186 QuotaLimits.MaximumWorkingSetSize =
188 QuotaLimits.MinimumWorkingSetSize =
190
191 /* Get default time limits */
193
194 /* Is quota block a default one? */
196 {
197 /* Get default pools and pagefile limits */
201 }
202 else
203 {
204 /* Get limits from non-default quota block */
205 QuotaLimits.PagedPoolLimit =
207 QuotaLimits.NonPagedPoolLimit =
209 QuotaLimits.PagefileLimit =
211 }
212
213 /* Get additional information, if needed */
214 if (Extended)
215 {
220
221 /* FIXME: Get the correct information */
222 //QuotaLimits.WorkingSetLimit = (SIZE_T)-1; // Not used on Win2k3, it is set to 0
224 }
225
226 /* Protect writes with SEH */
227 _SEH2_TRY
228 {
230 }
232 {
233 /* Get exception code */
235 }
236 _SEH2_END;
237
238 /* Dereference the process */
240 break;
241 }
242
244 {
246 PROCESS_VALUES ProcessValues;
247
249 {
251 break;
252 }
253
255
256 /* Reference the process */
259 PsProcessType,
260 PreviousMode,
262 NULL);
264
265 /* Query IO counters from the process */
267
268 _SEH2_TRY
269 {
271 }
273 {
274 /* Ignore exception */
275 }
276 _SEH2_END;
277
278 /* Set status to success in any case */
280
281 /* Dereference the process */
283 break;
284 }
285
286 /* Timing */
288 {
291
292 /* Set the return length */
294 {
296 break;
297 }
298
300
301 /* Reference the process */
304 PsProcessType,
305 PreviousMode,
307 NULL);
309
310 /* Protect writes with SEH */
311 _SEH2_TRY
312 {
313 /* Copy time information from EPROCESS/KPROCESS */
319 }
321 {
322 /* Get exception code */
324 }
325 _SEH2_END;
326
327 /* Dereference the process */
329 break;
330 }
331
332 /* Process Debug Port */
334
336 {
338 break;
339 }
340
341 /* Set the return length */
343
344 /* Reference the process */
347 PsProcessType,
348 PreviousMode,
350 NULL);
352
353 /* Protect write with SEH */
354 _SEH2_TRY
355 {
356 /* Return whether or not we have a debug port */
359 }
361 {
362 /* Get exception code */
364 }
365 _SEH2_END;
366
367 /* Dereference the process */
369 break;
370
372 {
373 ULONG HandleCount;
374
376 {
378 break;
379 }
380
381 /* Set the return length*/
383
384 /* Reference the process */
387 PsProcessType,
388 PreviousMode,
390 NULL);
392
393 /* Count the number of handles this process has */
395
396 /* Protect write in SEH */
397 _SEH2_TRY
398 {
399 /* Return the count of handles */
400 *(PULONG)ProcessInformation = HandleCount;
401 }
403 {
404 /* Get the exception code */
406 }
407 _SEH2_END;
408
409 /* Dereference the process */
411 break;
412 }
413
414 /* Session ID for the process */
416 {
418
420 {
422 break;
423 }
424
425 /* Set the return length*/
427
428 /* Reference the process */
431 PsProcessType,
432 PreviousMode,
434 NULL);
436
437 /* Enter SEH for write safety */
438 _SEH2_TRY
439 {
440 /* Write back the Session ID */
442 }
444 {
445 /* Get the exception code */
447 }
448 _SEH2_END;
449
450 /* Dereference the process */
452 break;
453 }
454
455 /* Virtual Memory Statistics */
457 {
459
460 /* Validate the input length */
463 {
465 break;
466 }
467
468 /* Reference the process */
471 PsProcessType,
472 PreviousMode,
474 NULL);
476
477 /* Enter SEH for write safety */
478 _SEH2_TRY
479 {
480 /* Return data from EPROCESS */
492 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
493 //
494
495 /* Set the return length */
496 Length = ProcessInformationLength;
497 }
499 {
500 /* Get the exception code */
502 }
503 _SEH2_END;
504
505 /* Dereference the process */
507 break;
508 }
509
510 /* Hard Error Processing Mode */
512
514 {
516 break;
517 }
518
519 /* Set the return length*/
521
522 /* Reference the process */
525 PsProcessType,
526 PreviousMode,
528 NULL);
530
531 /* Enter SEH for writing back data */
532 _SEH2_TRY
533 {
534 /* Write the current processing mode */
536 DefaultHardErrorProcessing;
537 }
539 {
540 /* Get the exception code */
542 }
543 _SEH2_END;
544
545 /* Dereference the process */
547 break;
548
549 /* Priority Boosting status */
551
553 {
555 break;
556 }
557
558 /* Set the return length */
560
561 /* Reference the process */
564 PsProcessType,
565 PreviousMode,
567 NULL);
569
570 /* Enter SEH for writing back data */
571 _SEH2_TRY
572 {
573 /* Return boost status */
576 }
578 {
579 /* Get the exception code */
581 }
582 _SEH2_END;
583
584 /* Dereference the process */
586 break;
587
588 /* DOS Device Map */
590 {
592
594 {
595 /* Protect read in SEH */
596 _SEH2_TRY
597 {
598 PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
599
601 }
603 {
604 /* Get the exception code */
607 }
608 _SEH2_END;
609
610 /* Only one flag is supported and it needs LUID mappings */
612 !ObIsLUIDDeviceMapsEnabled())
613 {
615 break;
616 }
617 }
618 else
619 {
620 /* This has to be the size of the Query union field for x64 compatibility! */
622 {
624 break;
625 }
626
627 /* No flags for standard call */
628 Flags = 0;
629 }
630
631 /* Set the return length */
632 Length = ProcessInformationLength;
633
634 /* Reference the process */
637 PsProcessType,
638 PreviousMode,
640 NULL);
642
643 /* Query the device map information */
645 ProcessInformation,
646 Flags);
647
648 /* Dereference the process */
650 break;
651 }
652
653 /* Priority class */
655 {
657
659 {
661 break;
662 }
663
664 /* Set the return length*/
666
667 /* Reference the process */
670 PsProcessType,
671 PreviousMode,
673 NULL);
675
676 /* Enter SEH for writing back data */
677 _SEH2_TRY
678 {
679 /* Return current priority class */
682 }
684 {
685 /* Get the exception code */
687 }
688 _SEH2_END;
689
690 /* Dereference the process */
692 break;
693 }
694
696 {
698
699 /* Reference the process */
702 PsProcessType,
703 PreviousMode,
705 NULL);
707
708 /* Get the image path */
711 {
712 /* Set the return length */
715
716 /* Make sure it's large enough */
718 {
719 /* Enter SEH to protect write */
720 _SEH2_TRY
721 {
722 /* Copy it */
723 RtlCopyMemory(ProcessInformation,
724 ImageName,
725 Length);
726
727 /* Update pointer */
728 ((PUNICODE_STRING)ProcessInformation)->Buffer =
730 }
732 {
733 /* Get the exception code */
735 }
736 _SEH2_END;
737 }
738 else
739 {
740 /* Buffer too small */
742 }
743
744 /* Free the image path */
746 }
747 /* Dereference the process */
749 break;
750 }
751
752#if (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
754 {
757
758 /* Reference the process */
761 PsProcessType,
762 PreviousMode,
764 NULL);
766 {
767 break;
768 }
769
770 /* Get the image path */
774 {
775 break;
776 }
780 {
781 break;
782 }
783
784 /* Determine return length and output */
787 {
788 _SEH2_TRY
789 {
794 {
797 ObjectNameInformation->Name.Buffer,
798 ObjectNameInformation->Name.MaximumLength);
799 }
800 else
801 {
804 }
805 }
807 {
809 }
810 _SEH2_END;
811 }
812 else
813 {
815 }
817
818 break;
819 }
820#endif /* (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA) */
821
823
825 {
827 break;
828 }
829
830 /* Set the return length*/
832
833 /* Reference the process */
836 PsProcessType,
837 PreviousMode,
839 NULL);
841
842 /* Enter SEH for writing back data */
843 _SEH2_TRY
844 {
845 /* Return the debug flag state */
847 }
849 {
850 /* Get the exception code */
852 }
853 _SEH2_END;
854
855 /* Dereference the process */
857 break;
858
860
862 {
864 break;
865 }
866
867 /* Set the return length */
869
870 /* Reference the process */
873 PsProcessType,
874 PreviousMode,
876 NULL);
878
879 /* Enter SEH for writing back data */
880 _SEH2_TRY
881 {
882 /* Return the BreakOnTermination state */
884 }
886 {
887 /* Get the exception code */
889 }
890 _SEH2_END;
891
892 /* Dereference the process */
894 break;
895
896 /* Per-process security cookie */
898 {
900
902 {
903 /* Length size wrong, bail out */
905 break;
906 }
907
908 /* Get the current process and cookie */
912 {
913 LARGE_INTEGER SystemTime;
914 ULONG NewCookie;
915 PKPRCB Prcb;
916
917 /* Generate a new cookie */
918 KeQuerySystemTime(&SystemTime);
919 Prcb = KeGetCurrentPrcb();
922
923 /* Set the new cookie or return the current one */
925 NewCookie,
926 Cookie);
928
929 /* Set the return length */
931 }
932
933 /* Indicate success */
935
936 /* Enter SEH to protect write */
937 _SEH2_TRY
938 {
939 /* Write back the cookie */
941 }
943 {
944 /* Get the exception code */
946 }
947 _SEH2_END;
948 break;
949 }
950
952
954 {
955 /* Break out */
957 break;
958 }
959
960 /* Set the length required and validate it */
962
963 /* Indicate success */
965
966 /* Enter SEH to protect write */
967 _SEH2_TRY
968 {
970 }
972 {
973 /* Get the exception code */
975 }
976 _SEH2_END;
977 break;
978
980 {
982
984 {
986 break;
987 }
988
989 /* Set the return length */
991
992 /* Reference the process */
995 PsProcessType,
996 PreviousMode,
998 NULL);
1000
1001 /* Get the debug port. Continue even if this fails. */
1003
1004 /* Let go of the process */
1006
1007 /* Protect write in SEH */
1008 _SEH2_TRY
1009 {
1010 /* Return debug port's handle */
1011 *(PHANDLE)ProcessInformation = DebugPort;
1012 }
1014 {
1015 if (DebugPort)
1017
1018 /* Get the exception code.
1019 * Note: This overwrites any previous failure status. */
1021 }
1022 _SEH2_END;
1023 break;
1024 }
1025
1029 break;
1030
1032
1034 {
1036 break;
1037 }
1038
1039 /* Set the return length */
1041
1042 /* Indicate success */
1044
1045 /* Protect write in SEH */
1046 _SEH2_TRY
1047 {
1048 /* Query Ob */
1050 }
1052 {
1053 /* Get the exception code */
1055 }
1056 _SEH2_END;
1057 break;
1058
1060
1062 {
1064 break;
1065 }
1066
1067 /* Set the return length */
1069
1070 /* Reference the process */
1073 PsProcessType,
1074 PreviousMode,
1076 NULL);
1078
1079 /* Protect write in SEH */
1080 _SEH2_TRY
1081 {
1082 /* Return if the flag is set */
1084 }
1086 {
1087 /* Get the exception code */
1089 }
1090 _SEH2_END;
1091
1092 /* Dereference the process */
1094 break;
1095
1097 {
1098 ULONG_PTR Wow64 = 0;
1099
1101 {
1103 break;
1104 }
1105
1106 /* Set the return length */
1108
1109 /* Reference the process */
1112 PsProcessType,
1113 PreviousMode,
1115 NULL);
1117
1118#ifdef _WIN64
1119 /* Make sure the process isn't dying */
1121 {
1122 /* Get the WOW64 process structure */
1124 /* Release the lock */
1126 }
1127#endif
1128
1129 /* Dereference the process */
1131
1132 /* Protect write with SEH */
1133 _SEH2_TRY
1134 {
1135 /* Return the Wow64 process information */
1136 *(PULONG_PTR)ProcessInformation = Wow64;
1137 }
1139 {
1140 /* Get exception code */
1142 }
1143 _SEH2_END;
1144 break;
1145 }
1146
1148 {
1149 ULONG ExecuteOptions = 0;
1150
1152 {
1154 break;
1155 }
1156
1157 /* Set the return length */
1159
1161 {
1163 break;
1164 }
1165
1166 /* Get the options */
1169 {
1170 /* Protect write with SEH */
1171 _SEH2_TRY
1172 {
1173 /* Return them */
1174 *(PULONG)ProcessInformation = ExecuteOptions;
1175 }
1177 {
1178 /* Get exception code */
1180 }
1181 _SEH2_END;
1182 }
1183 break;
1184 }
1185
1189 break;
1190
1194 break;
1195
1199 break;
1200
1201 /* Not supported by Server 2003 */
1202 default:
1205 }
1206
1207 /* Check if caller wants the return length and if there is one */
1209 {
1210 /* Protect write with SEH */
1211 _SEH2_TRY
1212 {
1214 }
1216 {
1217 /* Get exception code.
1218 * Note: This overwrites any previous failure status. */
1220 }
1221 _SEH2_END;
1222 }
1223
1225}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
struct _UNICODE_STRING UNICODE_STRING
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
struct _VM_COUNTERS * PVM_COUNTERS
struct _VM_COUNTERS_EX VM_COUNTERS_EX
#define QUOTA_LIMITS_HARDWS_MIN_DISABLE
struct _IO_COUNTERS IO_COUNTERS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
#define QUOTA_LIMITS_HARDWS_MAX_DISABLE
struct _QUOTA_LIMITS_EX QUOTA_LIMITS_EX
#define QUOTA_LIMITS_HARDWS_MAX_ENABLE
#define QUOTA_LIMITS_HARDWS_MIN_ENABLE
struct _IO_COUNTERS * PIO_COUNTERS
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1617
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2653
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
NTSTATUS NTAPI IoQueryFileDosDeviceName(IN PFILE_OBJECT FileObject, OUT POBJECT_NAME_INFORMATION *ObjectNameInformation)
Definition: file.c:3664
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
NTSTATUS NTAPI PsReferenceProcessFilePointer(IN PEPROCESS Process, OUT PFILE_OBJECT *FileObject)
Definition: query.c:24
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: pstypes.h:1307
Definition: pstypes.h:82
Definition: winternl.h:2373
Definition: ketypes.h:654
Definition: nt_native.h:1272
Definition: winternl.h:404
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:362
Definition: pstypes.h:392
Definition: pstypes.h:380
Definition: pstypes.h:1001
Definition: pstypes.h:405
Definition: ke.h:45
Definition: pstypes.h:67
Definition: lsa.idl:286
Definition: mmtypes.h:340
Definition: mmdrv.h:130
Definition: env_spec_w32.h:368
Definition: winternl.h:3130
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:3138
Definition: typedefs.h:103
struct _LARGE_INTEGER::@2475 u
◆ NtQueryInformationThread()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ THREADINFOCLASS | ThreadInformationClass, | ||
| _Out_ PVOID | ThreadInformation, | ||
| _In_ ULONG | ThreadInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
◆ NtQueryMultipleValueKey()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryMultipleValueKey | ( | _In_ HANDLE | KeyHandle, |
| _Inout_updates_(EntryCount) PKEY_VALUE_ENTRY | ValueEntries, | ||
| _In_ ULONG | EntryCount, | ||
| _Out_writes_bytes_ *BufferLength PVOID | ValueBuffer, | ||
| _Inout_ PULONG | BufferLength, | ||
| _Out_opt_ PULONG | RequiredBufferLength | ||
| ) |
◆ NtQuerySystemInformation()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemInformation | ( | _In_ SYSTEM_INFORMATION_CLASS | SystemInformationClass, |
| _Out_ PVOID | SystemInformation, | ||
| _In_ ULONG | InformationLength, | ||
| _Out_opt_ PULONG | ResultLength | ||
| ) |
◆ NtQuerySystemTime()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemTime | ( | _Out_ PLARGE_INTEGER | SystemTime | ) |
◆ NtRenameKey()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtRenameKey | ( | _In_ HANDLE | KeyHandle, |
| _In_ PUNICODE_STRING | NewName | ||
| ) |
◆ NtSetInformationKey()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationKey | ( | _In_ HANDLE | KeyHandle, |
| _In_ _Strict_type_match_ KEY_SET_INFORMATION_CLASS | KeySetInformationClass, | ||
| _In_reads_bytes_(KeySetInformationLength) PVOID | KeySetInformation, | ||
| _In_ ULONG | KeySetInformationLength | ||
| ) |
◆ NtWaitForSingleObject()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWaitForSingleObject | ( | _In_ HANDLE | Object, |
| _In_ BOOLEAN | Alertable, | ||
| _In_opt_ PLARGE_INTEGER | Timeout | ||
| ) |
◆ RtlAnsiStringToUnicodeString()
| NTSTATUS NTAPI RtlAnsiStringToUnicodeString | ( | PUNICODE_STRING | DestinationString, |
| PCANSI_STRING | SourceString, | ||
| BOOLEAN | AllocateDestinationString | ||
| ) |
◆ RtlCharToInteger()
Definition at line 261 of file unicode.c.
265{
266 CHAR chCurrent;
268 ULONG RunningTotal = 0;
269 char bMinus = 0;
270
271 /* skip leading whitespaces */
273
274 /* Check for +/- */
276 {
277 str++;
278 }
280 {
281 bMinus = 1;
282 str++;
283 }
284
285 /* base = 0 means autobase */
287 {
288 base = 10;
289
291 {
293 {
294 str += 2;
295 base = 2;
296 }
298 {
299 str += 2;
300 base = 8;
301 }
303 {
304 str += 2;
305 base = 16;
306 }
307 }
308 }
310 {
312 }
313
315
317 {
318 chCurrent = *str;
319
320 if (chCurrent >= '0' && chCurrent <= '9')
321 {
323 }
324 else if (chCurrent >= 'A' && chCurrent <= 'Z')
325 {
327 }
328 else if (chCurrent >= 'a' && chCurrent <= 'z')
329 {
331 }
332 else
333 {
334 digit = -1;
335 }
336
338
340 str++;
341 }
342
343 *value = bMinus ? (0 - RunningTotal) : RunningTotal;
345}
Definition: uninitialized_test.cpp:81
Definition: pdh_main.c:96
◆ RtlConvertSidToUnicodeString()
| NTSTATUS NTAPI RtlConvertSidToUnicodeString | ( | PUNICODE_STRING | UnicodeString, |
| PSID | Sid, | ||
| BOOLEAN | AllocateDestinationString | ||
| ) |
◆ RtlFreeAnsiString()
| VOID NTAPI RtlFreeAnsiString | ( | PANSI_STRING | AnsiString | ) |
◆ RtlFreeOemString()
| VOID NTAPI RtlFreeOemString | ( | POEM_STRING | OemString | ) |
◆ RtlFreeUnicodeString()
| VOID NTAPI RtlFreeUnicodeString | ( | PUNICODE_STRING | UnicodeString | ) |
◆ RtlInitAnsiString()
| VOID NTAPI RtlInitAnsiString | ( | PANSI_STRING | DestinationString, |
| PCSZ | SourceString | ||
| ) |
◆ RtlInitString()
◆ RtlInitUnicodeString()
| VOID NTAPI RtlInitUnicodeString | ( | PUNICODE_STRING | DestinationString, |
| PCWSTR | SourceString | ||
| ) |
◆ RtlIsNameLegalDOS8Dot3()
| BOOLEAN NTAPI RtlIsNameLegalDOS8Dot3 | ( | _In_ PUNICODE_STRING | Name, |
| _Inout_opt_ POEM_STRING | OemName, | ||
| _Inout_opt_ PBOOLEAN | NameContainsSpaces | ||
| ) |
◆ RtlLocalTimeToSystemTime()
| NTSTATUS NTAPI RtlLocalTimeToSystemTime | ( | IN PLARGE_INTEGER | LocalTime, |
| _Out_ PLARGE_INTEGER | SystemTime | ||
| ) |
Referenced by LocalFileTimeToFileTime(), and SetLocalTime().
◆ RtlTimeToSecondsSince1970()
| BOOLEAN NTAPI RtlTimeToSecondsSince1970 | ( | PLARGE_INTEGER | Time, |
| PULONG | ElapsedSeconds | ||
| ) |
Referenced by _fstat64(), _tstat64(), BuildUserInfoBuffer(), create_bad_block_inode(), ElfReportEventA(), ElfReportEventW(), ext2_flush(), ext2_initialize_sb(), ext2_mkdir(), Ext2LinuxTime(), GetPasswordAge(), GetTimeInSeconds(), LogfReportEvent(), LogfWriteRecord(), NetrRemoteTOD(), NetrServerStatisticsGet(), NetrWorkstationStatisticsGet(), ParseDate(), and ProcessPortMessage().
◆ RtlUnicodeStringToAnsiString()
| NTSTATUS NTAPI RtlUnicodeStringToAnsiString | ( | PANSI_STRING | DestinationString, |
| PCUNICODE_STRING | SourceString, | ||
| BOOLEAN | AllocateDestinationString | ||
| ) |
◆ RtlUnicodeStringToOemString()
| NTSTATUS NTAPI RtlUnicodeStringToOemString | ( | POEM_STRING | DestinationString, |
| PCUNICODE_STRING | SourceString, | ||
| BOOLEAN | AllocateDestinationString | ||
| ) |
◆ RtlUnicodeToMultiByteSize()
| NTSTATUS NTAPI RtlUnicodeToMultiByteSize | ( | _Out_ PULONG | BytesInMultiByteString, |
| _In_reads_bytes_(BytesInUnicodeString) PWCH | UnicodeString, | ||
| _In_ ULONG | BytesInUnicodeString | ||
| ) |
◆ RtlUniform()
Variable Documentation
◆ ObjectInformationClass
| _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass |
Definition at line 467 of file winternl.h.
◆ ObjectInformationLength
| _In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength |
Definition at line 469 of file winternl.h.
◆ ReturnLength
Definition at line 470 of file winternl.h.
