#include <windef.h>
Include dependency graph for winternl.h:
Go to the source code of this file.
Classes | |
| struct | _STRING |
| struct | _UNICODE_STRING |
| struct | _RTL_USER_PROCESS_PARAMETERS |
| struct | _PEB_LDR_DATA |
| struct | _LDR_DATA_TABLE_ENTRY |
| struct | _PEB |
| struct | _TEB |
| struct | _OBJECT_ATTRIBUTES |
| struct | _IO_STATUS_BLOCK |
| struct | _KEY_VALUE_ENTRY |
| struct | _PROCESS_BASIC_INFORMATION |
| struct | _PUBLIC_OBJECT_BASIC_INFORMATION |
| struct | __PUBLIC_OBJECT_TYPE_INFORMATION |
| struct | _SYSTEM_BASIC_INFORMATION |
| struct | _SYSTEM_PERFORMANCE_INFORMATION |
| struct | _SYSTEM_TIMEOFDAY_INFORMATION |
| struct | _SYSTEM_PROCESS_INFORMATION |
| struct | _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION |
| struct | _SYSTEM_INTERRUPT_INFORMATION |
| struct | _SYSTEM_EXCEPTION_INFORMATION |
| struct | _SYSTEM_REGISTRY_QUOTA_INFORMATION |
| struct | _SYSTEM_LOOKASIDE_INFORMATION |
| struct | _SYSTEM_POLICY_INFORMATION |
| struct | _WINSTATIONINFORMATIONW |
Variables | |
| _In_ OBJECT_INFORMATION_CLASS | ObjectInformationClass |
| _In_ OBJECT_INFORMATION_CLASS _In_ ULONG | ObjectInformationLength |
| _In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG | ReturnLength |
Macro Definition Documentation
◆ _WINTERNL_
| #define _WINTERNL_ |
Definition at line 35 of file winternl.h.
◆ FILE_COMPLETE_IF_OPLOCKED
| #define FILE_COMPLETE_IF_OPLOCKED 0x00000100 |
Definition at line 177 of file winternl.h.
◆ FILE_CREATE
| #define FILE_CREATE 0x00000002 |
Definition at line 209 of file winternl.h.
◆ FILE_CREATE_TREE_CONNECTION
| #define FILE_CREATE_TREE_CONNECTION 0x00000080 |
Definition at line 176 of file winternl.h.
◆ FILE_CREATED
| #define FILE_CREATED 0x00000002 |
Definition at line 196 of file winternl.h.
◆ FILE_DELETE_ON_CLOSE
| #define FILE_DELETE_ON_CLOSE 0x00001000 |
Definition at line 181 of file winternl.h.
◆ FILE_DIRECTORY_FILE
| #define FILE_DIRECTORY_FILE 0x00000001 |
Definition at line 169 of file winternl.h.
◆ FILE_DOES_NOT_EXIST
| #define FILE_DOES_NOT_EXIST 0x00000005 |
Definition at line 199 of file winternl.h.
◆ FILE_EXISTS
| #define FILE_EXISTS 0x00000004 |
Definition at line 198 of file winternl.h.
◆ FILE_MAXIMUM_DISPOSITION
| #define FILE_MAXIMUM_DISPOSITION 0x00000005 |
Definition at line 213 of file winternl.h.
◆ FILE_NO_COMPRESSION
| #define FILE_NO_COMPRESSION 0x00008000 |
Definition at line 184 of file winternl.h.
◆ FILE_NO_EA_KNOWLEDGE
| #define FILE_NO_EA_KNOWLEDGE 0x00000200 |
Definition at line 178 of file winternl.h.
◆ FILE_NO_INTERMEDIATE_BUFFERING
| #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 |
Definition at line 172 of file winternl.h.
◆ FILE_NON_DIRECTORY_FILE
| #define FILE_NON_DIRECTORY_FILE 0x00000040 |
Definition at line 175 of file winternl.h.
◆ FILE_OPEN
| #define FILE_OPEN 0x00000001 |
Definition at line 208 of file winternl.h.
◆ FILE_OPEN_BY_FILE_ID
| #define FILE_OPEN_BY_FILE_ID 0x00002000 |
Definition at line 182 of file winternl.h.
◆ FILE_OPEN_FOR_BACKUP_INTENT
| #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 |
Definition at line 183 of file winternl.h.
◆ FILE_OPEN_FOR_FREE_SPACE_QUERY
| #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000 |
Definition at line 191 of file winternl.h.
◆ FILE_OPEN_IF
| #define FILE_OPEN_IF 0x00000003 |
Definition at line 210 of file winternl.h.
◆ FILE_OPEN_NO_RECALL
| #define FILE_OPEN_NO_RECALL 0x00400000 |
Definition at line 190 of file winternl.h.
◆ FILE_OPEN_REMOTE_INSTANCE
| #define FILE_OPEN_REMOTE_INSTANCE 0x00000400 |
Definition at line 179 of file winternl.h.
◆ FILE_OPEN_REPARSE_POINT
| #define FILE_OPEN_REPARSE_POINT 0x00200000 |
Definition at line 189 of file winternl.h.
◆ FILE_OPEN_REQUIRING_OPLOCK
| #define FILE_OPEN_REQUIRING_OPLOCK 0x00010000 |
Definition at line 186 of file winternl.h.
◆ FILE_OPENED
| #define FILE_OPENED 0x00000001 |
Definition at line 195 of file winternl.h.
◆ FILE_OVERWRITE
| #define FILE_OVERWRITE 0x00000004 |
Definition at line 211 of file winternl.h.
◆ FILE_OVERWRITE_IF
| #define FILE_OVERWRITE_IF 0x00000005 |
Definition at line 212 of file winternl.h.
◆ FILE_OVERWRITTEN
| #define FILE_OVERWRITTEN 0x00000003 |
Definition at line 197 of file winternl.h.
◆ FILE_RANDOM_ACCESS
| #define FILE_RANDOM_ACCESS 0x00000800 |
Definition at line 180 of file winternl.h.
◆ FILE_RESERVE_OPFILTER
| #define FILE_RESERVE_OPFILTER 0x00100000 |
Definition at line 188 of file winternl.h.
◆ FILE_SEQUENTIAL_ONLY
| #define FILE_SEQUENTIAL_ONLY 0x00000004 |
Definition at line 171 of file winternl.h.
◆ FILE_SUPERSEDE
| #define FILE_SUPERSEDE 0x00000000 |
Definition at line 207 of file winternl.h.
◆ FILE_SUPERSEDED
| #define FILE_SUPERSEDED 0x00000000 |
Definition at line 194 of file winternl.h.
◆ FILE_SYNCHRONOUS_IO_ALERT
| #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 |
Definition at line 173 of file winternl.h.
◆ FILE_SYNCHRONOUS_IO_NONALERT
| #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 |
Definition at line 174 of file winternl.h.
◆ FILE_VALID_MAILSLOT_OPTION_FLAGS
| #define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032 |
Definition at line 203 of file winternl.h.
◆ FILE_VALID_OPTION_FLAGS
| #define FILE_VALID_OPTION_FLAGS 0x00ffffff |
Definition at line 201 of file winternl.h.
◆ FILE_VALID_PIPE_OPTION_FLAGS
| #define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032 |
Definition at line 202 of file winternl.h.
◆ FILE_VALID_SET_FLAGS
| #define FILE_VALID_SET_FLAGS 0x00000036 |
Definition at line 204 of file winternl.h.
◆ FILE_WRITE_THROUGH
| #define FILE_WRITE_THROUGH 0x00000002 |
Definition at line 170 of file winternl.h.
◆ InitializeObjectAttributes
Value:
{ \
}
Definition: umtypes.h:184
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
Definition: wdfcommonbuffer.h:97
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
Definition at line 236 of file winternl.h.
◆ INTERNAL_TS_ACTIVE_CONSOLE_ID
Definition at line 164 of file winternl.h.
◆ LOGONID_CURRENT
Definition at line 165 of file winternl.h.
◆ NT_ERROR
Definition at line 59 of file winternl.h.
◆ NT_INFORMATION
Definition at line 51 of file winternl.h.
◆ NT_SUCCESS
◆ NT_WARNING
Definition at line 55 of file winternl.h.
◆ OBJ_CASE_INSENSITIVE
| #define OBJ_CASE_INSENSITIVE 0x00000040L |
Definition at line 228 of file winternl.h.
◆ OBJ_EXCLUSIVE
| #define OBJ_EXCLUSIVE 0x00000020L |
Definition at line 227 of file winternl.h.
◆ OBJ_FORCE_ACCESS_CHECK
| #define OBJ_FORCE_ACCESS_CHECK 0x00000400L |
Definition at line 232 of file winternl.h.
◆ OBJ_INHERIT
| #define OBJ_INHERIT 0x00000002L |
Definition at line 225 of file winternl.h.
◆ OBJ_KERNEL_HANDLE
| #define OBJ_KERNEL_HANDLE 0x00000200L |
Definition at line 231 of file winternl.h.
◆ OBJ_OPENIF
| #define OBJ_OPENIF 0x00000080L |
Definition at line 229 of file winternl.h.
◆ OBJ_OPENLINK
| #define OBJ_OPENLINK 0x00000100L |
Definition at line 230 of file winternl.h.
◆ OBJ_PERMANENT
| #define OBJ_PERMANENT 0x00000010L |
Definition at line 226 of file winternl.h.
◆ OBJ_VALID_ATTRIBUTES
| #define OBJ_VALID_ATTRIBUTES 0x000007F2L |
Definition at line 233 of file winternl.h.
◆ PIO_APC_ROUTINE_DEFINED
| #define PIO_APC_ROUTINE_DEFINED |
Definition at line 299 of file winternl.h.
◆ RtlFillMemory
Definition at line 603 of file winternl.h.
◆ RtlMoveMemory
Definition at line 602 of file winternl.h.
◆ RtlZeroMemory
| #define RtlZeroMemory | ( | Dest, | |
| Length | |||
| ) | RtlFillMemory((Dest),(Length),0) |
Definition at line 604 of file winternl.h.
◆ SERVERNAME_CURRENT
Definition at line 166 of file winternl.h.
Typedef Documentation
◆ ANSI_STRING
| typedef STRING ANSI_STRING |
Definition at line 70 of file winternl.h.
◆ FILE_INFORMATION_CLASS
◆ IO_STATUS_BLOCK
| typedef struct _IO_STATUS_BLOCK IO_STATUS_BLOCK |
◆ KEY_SET_INFORMATION_CLASS
◆ KEY_VALUE_ENTRY
| typedef struct _KEY_VALUE_ENTRY KEY_VALUE_ENTRY |
◆ LDR_DATA_TABLE_ENTRY
◆ OBJECT_ATTRIBUTES
◆ OBJECT_INFORMATION_CLASS
◆ OEM_STRING
| typedef STRING OEM_STRING |
Definition at line 73 of file winternl.h.
◆ PANSI_STRING
| typedef PSTRING PANSI_STRING |
Definition at line 71 of file winternl.h.
◆ PCANSI_STRING
| typedef PSTRING PCANSI_STRING |
Definition at line 72 of file winternl.h.
◆ PCOEM_STRING
| typedef const STRING* PCOEM_STRING |
Definition at line 75 of file winternl.h.
◆ PCSZ
Definition at line 62 of file winternl.h.
◆ PCUNICODE_STRING
| typedef const UNICODE_STRING* PCUNICODE_STRING |
Definition at line 83 of file winternl.h.
◆ PEB
◆ PEB_LDR_DATA
| typedef struct _PEB_LDR_DATA PEB_LDR_DATA |
◆ PIO_APC_ROUTINE
| typedef VOID(NTAPI * PIO_APC_ROUTINE) (_In_ PVOID ApcContext, _In_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG Reserved) |
Definition at line 293 of file winternl.h.
◆ PIO_STATUS_BLOCK
| typedef struct _IO_STATUS_BLOCK * PIO_STATUS_BLOCK |
◆ PKEY_VALUE_ENTRY
| typedef struct _KEY_VALUE_ENTRY * PKEY_VALUE_ENTRY |
◆ PLDR_DATA_TABLE_ENTRY
| typedef struct _LDR_DATA_TABLE_ENTRY * PLDR_DATA_TABLE_ENTRY |
◆ POBJECT_ATTRIBUTES
| typedef struct _OBJECT_ATTRIBUTES * POBJECT_ATTRIBUTES |
◆ POEM_STRING
| typedef PSTRING POEM_STRING |
Definition at line 74 of file winternl.h.
◆ PPEB
◆ PPEB_LDR_DATA
| typedef struct _PEB_LDR_DATA * PPEB_LDR_DATA |
◆ PPROCESS_BASIC_INFORMATION
◆ PPS_POST_PROCESS_INIT_ROUTINE
Definition at line 118 of file winternl.h.
◆ PPUBLIC_OBJECT_BASIC_INFORMATION
◆ PPUBLIC_OBJECT_TYPE_INFORMATION
◆ PROCESS_BASIC_INFORMATION
◆ PROCESSINFOCLASS
| typedef enum _PROCESSINFOCLASS PROCESSINFOCLASS |
◆ PRTL_USER_PROCESS_PARAMETERS
◆ PSTRING
◆ PSYSTEM_BASIC_INFORMATION
◆ PSYSTEM_EXCEPTION_INFORMATION
◆ PSYSTEM_INTERRUPT_INFORMATION
◆ PSYSTEM_LOOKASIDE_INFORMATION
◆ PSYSTEM_PERFORMANCE_INFORMATION
◆ PSYSTEM_POLICY_INFORMATION
◆ PSYSTEM_PROCESS_INFORMATION
◆ PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
| typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION * PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION |
◆ PSYSTEM_REGISTRY_QUOTA_INFORMATION
◆ PSYSTEM_TIMEOFDAY_INFORMATION
◆ PTEB
◆ PUBLIC_OBJECT_BASIC_INFORMATION
◆ PUBLIC_OBJECT_TYPE_INFORMATION
◆ PUNICODE_STRING
| typedef struct _UNICODE_STRING * PUNICODE_STRING |
◆ PWINSTATIONINFORMATIONW
◆ PWINSTATIONQUERYINFORMATIONW
| typedef BOOLEAN(WINAPI * PWINSTATIONQUERYINFORMATIONW) (HANDLE, ULONG, WINSTATIONINFOCLASS, PVOID, ULONG, PULONG) |
Definition at line 586 of file winternl.h.
◆ RTL_USER_PROCESS_PARAMETERS
◆ STRING
◆ SYSTEM_BASIC_INFORMATION
◆ SYSTEM_EXCEPTION_INFORMATION
◆ SYSTEM_INFORMATION_CLASS
◆ SYSTEM_INTERRUPT_INFORMATION
◆ SYSTEM_LOOKASIDE_INFORMATION
◆ SYSTEM_PERFORMANCE_INFORMATION
◆ SYSTEM_POLICY_INFORMATION
◆ SYSTEM_PROCESS_INFORMATION
◆ SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
◆ SYSTEM_REGISTRY_QUOTA_INFORMATION
◆ SYSTEM_TIMEOFDAY_INFORMATION
◆ TEB
◆ THREADINFOCLASS
| typedef enum _THREADINFOCLASS THREADINFOCLASS |
◆ UNICODE_STRING
| typedef struct _UNICODE_STRING UNICODE_STRING |
◆ WINSTATIONINFOCLASS
◆ WINSTATIONINFORMATIONW
Enumeration Type Documentation
◆ _FILE_INFORMATION_CLASS
Definition at line 159 of file winternl.h.
160{
161 FileDirectoryInformation = 1
162} FILE_INFORMATION_CLASS;
enum _FILE_INFORMATION_CLASS FILE_INFORMATION_CLASS
◆ _KEY_SET_INFORMATION_CLASS
Definition at line 372 of file winternl.h.
373{
enum _KEY_SET_INFORMATION_CLASS KEY_SET_INFORMATION_CLASS
◆ _OBJECT_INFORMATION_CLASS
Definition at line 441 of file winternl.h.
442{
443 ObjectBasicInformation = 0,
444 ObjectTypeInformation = 2
445} OBJECT_INFORMATION_CLASS;
enum _OBJECT_INFORMATION_CLASS OBJECT_INFORMATION_CLASS
◆ _PROCESSINFOCLASS
Definition at line 394 of file winternl.h.
395{
396 ProcessBasicInformation = 0,
397 ProcessDebugPort = 7,
398 ProcessWow64Information = 26,
399 ProcessImageFileName = 27,
400 ProcessBreakOnTermination = 29
401} PROCESSINFOCLASS;
enum _PROCESSINFOCLASS PROCESSINFOCLASS
◆ _SYSTEM_INFORMATION_CLASS
Definition at line 474 of file winternl.h.
475{
476 SystemBasicInformation = 0,
477 SystemPerformanceInformation = 2,
478 SystemTimeOfDayInformation = 3,
479 SystemProcessInformation = 5,
481 SystemInterruptInformation = 23,
482 SystemExceptionInformation = 33,
483 SystemRegistryQuotaInformation = 37,
484 SystemLookasideInformation = 45,
485 SystemPolicyInformation = 134,
486} SYSTEM_INFORMATION_CLASS;
@ SystemProcessorPerformanceInformation
Definition: winternl.h:480
enum _SYSTEM_INFORMATION_CLASS SYSTEM_INFORMATION_CLASS
◆ _THREADINFOCLASS
Definition at line 424 of file winternl.h.
◆ _WINSTATIONINFOCLASS
| Enumerator | |
|---|---|
| WinStationInformation | |
| WinStationInformation | |
Definition at line 573 of file winternl.h.
574{
575 WinStationInformation = 8
576} WINSTATIONINFOCLASS;
enum _WINSTATIONINFOCLASS WINSTATIONINFOCLASS
Function Documentation
◆ _IRQL_requires_max_()
| _IRQL_requires_max_ | ( | PASSIVE_LEVEL | ) |
Queries information details about a security descriptor.
Computes the quota size of a security descriptor.
Assigns a security descriptor for a new object.
An extended function that assigns a security descriptor for a new object.
Frees a security descriptor.
An extended function that sets new information data to a security descriptor.
Modifies some information data about a security descriptor.
- Parameters
-
[in] SecurityInformation Security information details to be queried from a security descriptor. [out] SecurityDescriptor The returned security descriptor with security information data. [in,out] Length The returned length of a security descriptor. [in,out] ObjectsSecurityDescriptor The returned object security descriptor.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- See SeSetSecurityDescriptorInfoEx.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] AutoInheritFlags Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
- Parameters
-
[in] SecurityDescriptor A security descriptor to be freed from memory.
- Returns
- Returns STATUS_SUCCESS.
- Parameters
-
[in] _ParentDescriptor A security descriptor of the parent object that is being created. [in] _ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] ObjectType The type of the new object. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] AutoInheritFlags Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
- Parameters
-
[in] ParentDescriptor A security descriptor of the parent object that is being created. [in] ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- See SeAssignSecurityEx.
- Parameters
-
[in] SecurityDescriptor A security descriptor. [out] QuotaInfoSize The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
- Returns
- Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.
Definition at line 923 of file Messaging.c.
75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
78
79 /* The caller must allow at least one connection */
81 {
83 }
84
85 /* The request must be for a kernel handle */
87 {
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
98 {
100 }
101
102 /* Create the server port object for this filter */
104 ServerPortObjectType,
105 ObjectAttributes,
106 KernelMode,
107 NULL,
109 0,
110 0,
111 (PVOID *)&PortObject);
113 {
114 /* Zero out the struct */
116
117 /* Increment the ref count on the target filter */
119
120 /* Setup the filter port object */
127
128 /* Insert the object */
130 NULL,
132 0,
133 NULL,
136 {
137 /* Lock the connection list */
139
140 /* Add the new port object to the connection list and increment the count */
143
144 /* Unlock the connection list*/
146 }
147 }
148
150 {
151 /* Allow the filter to be cleaned up */
153 }
154
156}
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
Definition: nsiface.idl:2307
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
Definition: fltmgrint.h:26
Definition: fltmgrint.h:189
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
◆ _Out_range_()
| _Out_range_ | ( | 0 | ) |
◆ _Out_writes_bytes_opt_()
| _In_ OBJECT_INFORMATION_CLASS _Out_writes_bytes_opt_ | ( | ObjectInformationLength | ) |
◆ _Return_type_success_()
| typedef _Return_type_success_ | ( | return >= | 0 | ) |
◆ _When_()
|
pure virtual |
◆ NtClose()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtClose | ( | _In_ HANDLE | Handle | ) |
◆ NtCreateFile()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile | ( | _Out_ PHANDLE | FileHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _Out_ PIO_STATUS_BLOCK | IoStatusBlock, | ||
| _In_opt_ PLARGE_INTEGER | AllocationSize, | ||
| _In_ ULONG | FileAttributes, | ||
| _In_ ULONG | ShareAccess, | ||
| _In_ ULONG | CreateDisposition, | ||
| _In_ ULONG | CreateOptions, | ||
| _In_reads_bytes_opt_(EaLength) PVOID | EaBuffer, | ||
| _In_ ULONG | EaLength | ||
| ) |
◆ NtDeviceIoControlFile()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile | ( | _In_ HANDLE | FileHandle, |
| _In_opt_ HANDLE | Event, | ||
| _In_opt_ PIO_APC_ROUTINE | ApcRoutine, | ||
| _In_opt_ PVOID | ApcContext, | ||
| _Out_ PIO_STATUS_BLOCK | IoStatusBlock, | ||
| _In_ ULONG | IoControlCode, | ||
| _In_reads_bytes_opt_(InputBufferLength) PVOID | InputBuffer, | ||
| _In_ ULONG | InputBufferLength, | ||
| _Out_writes_bytes_opt_(OutputBufferLength) PVOID | OutputBuffer, | ||
| _In_ ULONG | OutputBufferLength | ||
| ) |
◆ NtNotifyChangeMultipleKeys()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtNotifyChangeMultipleKeys | ( | _In_ HANDLE | MasterKeyHandle, |
| _In_opt_ ULONG | Count, | ||
| _In_reads_opt_(Count) OBJECT_ATTRIBUTES | SubordinateObjects[], | ||
| _In_opt_ HANDLE | Event, | ||
| _In_opt_ PIO_APC_ROUTINE | ApcRoutine, | ||
| _In_opt_ PVOID | ApcContext, | ||
| _Out_ PIO_STATUS_BLOCK | IoStatusBlock, | ||
| _In_ ULONG | CompletionFilter, | ||
| _In_ BOOLEAN | WatchTree, | ||
| _Out_writes_bytes_opt_(BufferSize) PVOID | Buffer, | ||
| _In_ ULONG | BufferSize, | ||
| _In_ BOOLEAN | Asynchronous | ||
| ) |
◆ NtOpenFile()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile | ( | _Out_ PHANDLE | FileHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _Out_ PIO_STATUS_BLOCK | IoStatusBlock, | ||
| _In_ ULONG | ShareAccess, | ||
| _In_ ULONG | OpenOptions | ||
| ) |
◆ NtQueryInformationProcess()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess | ( | _In_ HANDLE | ProcessHandle, |
| _In_ PROCESSINFOCLASS | ProcessInformationClass, | ||
| _Out_writes_bytes_to_opt_(ProcessInformationLength, *ReturnLength) PVOID | ProcessInformation, | ||
| _In_ ULONG | ProcessInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 211 of file query.c.
218{
223
224 PAGED_CODE();
225
226 /* Validate the information class */
228 PsProcessInfoClass,
230 ICIF_PROBE_READ,
231 ProcessInformation,
232 ProcessInformationLength,
233 ReturnLength,
234 NULL,
235 PreviousMode);
237 {
238#if DBG
239 DPRINT1("NtQueryInformationProcess(ProcessInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
240 PspDumpProcessInfoClassName(ProcessInformationClass), Status);
241#endif
243 }
244
246 (ProcessInformationClass == ProcessImageInformation)) &&
248 {
249 /*
250 * Retrieving the process cookie is only allowed for the calling process
251 * itself! XP only allows NtCurrentProcess() as process handles even if
252 * a real handle actually represents the current process.
253 */
255 }
256
257 /* Check the information class */
258 switch (ProcessInformationClass)
259 {
260 /* Basic process information */
262 {
264
266 {
268 break;
269 }
270
271 /* Set the return length */
273
274 /* Reference the process */
277 PsProcessType,
278 PreviousMode,
280 NULL);
282
283 /* Protect writes with SEH */
284 _SEH2_TRY
285 {
286 /* Write all the information from the EPROCESS/KPROCESS */
291 UniqueProcessId;
292 ProcessBasicInfo->InheritedFromUniqueProcessId =
295
296 }
298 {
299 /* Get exception code */
301 }
302 _SEH2_END;
303
304 /* Dereference the process */
306 break;
307 }
308
309 /* Process quota limits */
311 {
312 QUOTA_LIMITS_EX QuotaLimits;
313 BOOLEAN Extended;
314
317 {
319 break;
320 }
321
322 /* Set the return length */
323 Length = ProcessInformationLength;
325
326 /* Reference the process */
329 PsProcessType,
330 PreviousMode,
332 NULL);
334
335 /* Indicate success */
337
339
340 /* Get max/min working set sizes */
341 QuotaLimits.MaximumWorkingSetSize =
343 QuotaLimits.MinimumWorkingSetSize =
345
346 /* Get default time limits */
348
349 /* Is quota block a default one? */
351 {
352 /* Get default pools and pagefile limits */
356 }
357 else
358 {
359 /* Get limits from non-default quota block */
360 QuotaLimits.PagedPoolLimit =
362 QuotaLimits.NonPagedPoolLimit =
364 QuotaLimits.PagefileLimit =
366 }
367
368 /* Get additional information, if needed */
369 if (Extended)
370 {
375
376 /* FIXME: Get the correct information */
377 //QuotaLimits.WorkingSetLimit = (SIZE_T)-1; // Not used on Win2k3, it is set to 0
379 }
380
381 /* Protect writes with SEH */
382 _SEH2_TRY
383 {
385 }
387 {
388 /* Get exception code */
390 }
391 _SEH2_END;
392
393 /* Dereference the process */
395 break;
396 }
397
399 {
401 PROCESS_VALUES ProcessValues;
402
404 {
406 break;
407 }
408
410
411 /* Reference the process */
414 PsProcessType,
415 PreviousMode,
417 NULL);
419
420 /* Query IO counters from the process */
422
423 _SEH2_TRY
424 {
426 }
428 {
429 /* Ignore exception */
430 }
431 _SEH2_END;
432
433 /* Set status to success in any case */
435
436 /* Dereference the process */
438 break;
439 }
440
441 /* Timing */
443 {
446
447 /* Set the return length */
449 {
451 break;
452 }
453
455
456 /* Reference the process */
459 PsProcessType,
460 PreviousMode,
462 NULL);
464
465 /* Protect writes with SEH */
466 _SEH2_TRY
467 {
468 /* Copy time information from EPROCESS/KPROCESS */
474 }
476 {
477 /* Get exception code */
479 }
480 _SEH2_END;
481
482 /* Dereference the process */
484 break;
485 }
486
487 /* Process Debug Port */
489
491 {
493 break;
494 }
495
496 /* Set the return length */
498
499 /* Reference the process */
502 PsProcessType,
503 PreviousMode,
505 NULL);
507
508 /* Protect write with SEH */
509 _SEH2_TRY
510 {
511 /* Return whether or not we have a debug port */
514 }
516 {
517 /* Get exception code */
519 }
520 _SEH2_END;
521
522 /* Dereference the process */
524 break;
525
527 {
528 ULONG HandleCount;
529
531 {
533 break;
534 }
535
536 /* Set the return length*/
538
539 /* Reference the process */
542 PsProcessType,
543 PreviousMode,
545 NULL);
547
548 /* Count the number of handles this process has */
550
551 /* Protect write in SEH */
552 _SEH2_TRY
553 {
554 /* Return the count of handles */
555 *(PULONG)ProcessInformation = HandleCount;
556 }
558 {
559 /* Get the exception code */
561 }
562 _SEH2_END;
563
564 /* Dereference the process */
566 break;
567 }
568
569 /* Session ID for the process */
571 {
573
575 {
577 break;
578 }
579
580 /* Set the return length*/
582
583 /* Reference the process */
586 PsProcessType,
587 PreviousMode,
589 NULL);
591
592 /* Enter SEH for write safety */
593 _SEH2_TRY
594 {
595 /* Write back the Session ID */
597 }
599 {
600 /* Get the exception code */
602 }
603 _SEH2_END;
604
605 /* Dereference the process */
607 break;
608 }
609
610 /* Virtual Memory Statistics */
612 {
614
615 /* Validate the input length */
618 {
620 break;
621 }
622
623 /* Reference the process */
626 PsProcessType,
627 PreviousMode,
629 NULL);
631
632 /* Enter SEH for write safety */
633 _SEH2_TRY
634 {
635 /* Return data from EPROCESS */
647 //VmCounters->PrivateUsage = Process->CommitCharge << PAGE_SHIFT;
648 //
649
650 /* Set the return length */
651 Length = ProcessInformationLength;
652 }
654 {
655 /* Get the exception code */
657 }
658 _SEH2_END;
659
660 /* Dereference the process */
662 break;
663 }
664
665 /* Hard Error Processing Mode */
667
669 {
671 break;
672 }
673
674 /* Set the return length*/
676
677 /* Reference the process */
680 PsProcessType,
681 PreviousMode,
683 NULL);
685
686 /* Enter SEH for writing back data */
687 _SEH2_TRY
688 {
689 /* Write the current processing mode */
691 DefaultHardErrorProcessing;
692 }
694 {
695 /* Get the exception code */
697 }
698 _SEH2_END;
699
700 /* Dereference the process */
702 break;
703
704 /* Priority Boosting status */
706
708 {
710 break;
711 }
712
713 /* Set the return length */
715
716 /* Reference the process */
719 PsProcessType,
720 PreviousMode,
722 NULL);
724
725 /* Enter SEH for writing back data */
726 _SEH2_TRY
727 {
728 /* Return boost status */
731 }
733 {
734 /* Get the exception code */
736 }
737 _SEH2_END;
738
739 /* Dereference the process */
741 break;
742
743 /* DOS Device Map */
745 {
747
749 {
750 /* Protect read in SEH */
751 _SEH2_TRY
752 {
753 PPROCESS_DEVICEMAP_INFORMATION_EX DeviceMapEx = ProcessInformation;
754
756 }
758 {
759 /* Get the exception code */
762 }
763 _SEH2_END;
764
765 /* Only one flag is supported and it needs LUID mappings */
767 !ObIsLUIDDeviceMapsEnabled())
768 {
770 break;
771 }
772 }
773 else
774 {
775 /* This has to be the size of the Query union field for x64 compatibility! */
777 {
779 break;
780 }
781
782 /* No flags for standard call */
783 Flags = 0;
784 }
785
786 /* Set the return length */
787 Length = ProcessInformationLength;
788
789 /* Reference the process */
792 PsProcessType,
793 PreviousMode,
795 NULL);
797
798 /* Query the device map information */
800 ProcessInformation,
801 Flags);
802
803 /* Dereference the process */
805 break;
806 }
807
808 /* Priority class */
810 {
812
814 {
816 break;
817 }
818
819 /* Set the return length*/
821
822 /* Reference the process */
825 PsProcessType,
826 PreviousMode,
828 NULL);
830
831 /* Enter SEH for writing back data */
832 _SEH2_TRY
833 {
834 /* Return current priority class */
837 }
839 {
840 /* Get the exception code */
842 }
843 _SEH2_END;
844
845 /* Dereference the process */
847 break;
848 }
849
851 {
853
854 /* Reference the process */
857 PsProcessType,
858 PreviousMode,
860 NULL);
862
863 /* Get the image path */
866 {
867 /* Set the return length */
870
871 /* Make sure it's large enough */
873 {
874 /* Enter SEH to protect write */
875 _SEH2_TRY
876 {
877 /* Copy it */
878 RtlCopyMemory(ProcessInformation,
879 ImageName,
880 Length);
881
882 /* Update pointer */
883 ((PUNICODE_STRING)ProcessInformation)->Buffer =
885 }
887 {
888 /* Get the exception code */
890 }
891 _SEH2_END;
892 }
893 else
894 {
895 /* Buffer too small */
897 }
898
899 /* Free the image path */
901 }
902 /* Dereference the process */
904 break;
905 }
906
907#if (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
909 {
912
913 /* Reference the process */
916 PsProcessType,
917 PreviousMode,
919 NULL);
921 {
922 break;
923 }
924
925 /* Get the image path */
929 {
930 break;
931 }
935 {
936 break;
937 }
938
939 /* Determine return length and output */
942 {
943 _SEH2_TRY
944 {
949 {
952 ObjectNameInformation->Name.Buffer,
953 ObjectNameInformation->Name.MaximumLength);
954 }
955 else
956 {
959 }
960 }
962 {
964 }
965 _SEH2_END;
966 }
967 else
968 {
970 }
972
973 break;
974 }
975#endif /* (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA) */
976
978
980 {
982 break;
983 }
984
985 /* Set the return length*/
987
988 /* Reference the process */
991 PsProcessType,
992 PreviousMode,
994 NULL);
996
997 /* Enter SEH for writing back data */
998 _SEH2_TRY
999 {
1000 /* Return the debug flag state */
1002 }
1004 {
1005 /* Get the exception code */
1007 }
1008 _SEH2_END;
1009
1010 /* Dereference the process */
1012 break;
1013
1015
1017 {
1019 break;
1020 }
1021
1022 /* Set the return length */
1024
1025 /* Reference the process */
1028 PsProcessType,
1029 PreviousMode,
1031 NULL);
1033
1034 /* Enter SEH for writing back data */
1035 _SEH2_TRY
1036 {
1037 /* Return the BreakOnTermination state */
1039 }
1041 {
1042 /* Get the exception code */
1044 }
1045 _SEH2_END;
1046
1047 /* Dereference the process */
1049 break;
1050
1051 /* Per-process security cookie */
1053 {
1055
1057 {
1058 /* Length size wrong, bail out */
1060 break;
1061 }
1062
1063 /* Get the current process and cookie */
1067 {
1068 LARGE_INTEGER SystemTime;
1069 ULONG NewCookie;
1070 PKPRCB Prcb;
1071
1072 /* Generate a new cookie */
1073 KeQuerySystemTime(&SystemTime);
1074 Prcb = KeGetCurrentPrcb();
1077
1078 /* Set the new cookie or return the current one */
1080 NewCookie,
1081 Cookie);
1083
1084 /* Set the return length */
1086 }
1087
1088 /* Indicate success */
1090
1091 /* Enter SEH to protect write */
1092 _SEH2_TRY
1093 {
1094 /* Write back the cookie */
1096 }
1098 {
1099 /* Get the exception code */
1101 }
1102 _SEH2_END;
1103 break;
1104 }
1105
1107
1109 {
1110 /* Break out */
1112 break;
1113 }
1114
1115 /* Set the length required and validate it */
1117
1118 /* Indicate success */
1120
1121 /* Enter SEH to protect write */
1122 _SEH2_TRY
1123 {
1125 }
1127 {
1128 /* Get the exception code */
1130 }
1131 _SEH2_END;
1132 break;
1133
1135 {
1137
1139 {
1141 break;
1142 }
1143
1144 /* Set the return length */
1146
1147 /* Reference the process */
1150 PsProcessType,
1151 PreviousMode,
1153 NULL);
1155
1156 /* Get the debug port. Continue even if this fails. */
1158
1159 /* Let go of the process */
1161
1162 /* Protect write in SEH */
1163 _SEH2_TRY
1164 {
1165 /* Return debug port's handle */
1166 *(PHANDLE)ProcessInformation = DebugPort;
1167 }
1169 {
1170 if (DebugPort)
1172
1173 /* Get the exception code.
1174 * Note: This overwrites any previous failure status. */
1176 }
1177 _SEH2_END;
1178 break;
1179 }
1180
1184 break;
1185
1187
1189 {
1191 break;
1192 }
1193
1194 /* Set the return length */
1196
1197 /* Indicate success */
1199
1200 /* Protect write in SEH */
1201 _SEH2_TRY
1202 {
1203 /* Query Ob */
1205 }
1207 {
1208 /* Get the exception code */
1210 }
1211 _SEH2_END;
1212 break;
1213
1215
1217 {
1219 break;
1220 }
1221
1222 /* Set the return length */
1224
1225 /* Reference the process */
1228 PsProcessType,
1229 PreviousMode,
1231 NULL);
1233
1234 /* Protect write in SEH */
1235 _SEH2_TRY
1236 {
1237 /* Return if the flag is set */
1239 }
1241 {
1242 /* Get the exception code */
1244 }
1245 _SEH2_END;
1246
1247 /* Dereference the process */
1249 break;
1250
1252 {
1253 ULONG_PTR Wow64 = 0;
1254
1256 {
1258 break;
1259 }
1260
1261 /* Set the return length */
1263
1264 /* Reference the process */
1267 PsProcessType,
1268 PreviousMode,
1270 NULL);
1272
1273#ifdef _WIN64
1274 /* Make sure the process isn't dying */
1276 {
1277 /* Get the WOW64 process structure */
1279 /* Release the lock */
1281 }
1282#endif
1283
1284 /* Dereference the process */
1286
1287 /* Protect write with SEH */
1288 _SEH2_TRY
1289 {
1290 /* Return the Wow64 process information */
1291 *(PULONG_PTR)ProcessInformation = Wow64;
1292 }
1294 {
1295 /* Get exception code */
1297 }
1298 _SEH2_END;
1299 break;
1300 }
1301
1303 {
1304 ULONG ExecuteOptions = 0;
1305
1307 {
1309 break;
1310 }
1311
1312 /* Set the return length */
1314
1316 {
1318 break;
1319 }
1320
1321 /* Get the options */
1324 {
1325 /* Protect write with SEH */
1326 _SEH2_TRY
1327 {
1328 /* Return them */
1329 *(PULONG)ProcessInformation = ExecuteOptions;
1330 }
1332 {
1333 /* Get exception code */
1335 }
1336 _SEH2_END;
1337 }
1338 break;
1339 }
1340
1344 break;
1345
1349 break;
1350
1354 break;
1355
1356 /* Not supported by Server 2003 */
1357 default:
1358#if DBG
1360#endif
1362 }
1363
1364 /* Check if caller wants the return length and if there is one */
1366 {
1367 /* Protect write with SEH */
1368 _SEH2_TRY
1369 {
1371 }
1373 {
1374 /* Get exception code.
1375 * Note: This overwrites any previous failure status. */
1377 }
1378 _SEH2_END;
1379 }
1380
1382}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
Definition: dbgkobj.c:1526
struct _UNICODE_STRING UNICODE_STRING
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
struct _VM_COUNTERS * PVM_COUNTERS
struct _VM_COUNTERS_EX VM_COUNTERS_EX
#define QUOTA_LIMITS_HARDWS_MIN_DISABLE
struct _IO_COUNTERS IO_COUNTERS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
#define QUOTA_LIMITS_HARDWS_MAX_DISABLE
struct _QUOTA_LIMITS_EX QUOTA_LIMITS_EX
#define QUOTA_LIMITS_HARDWS_MAX_ENABLE
#define QUOTA_LIMITS_HARDWS_MIN_ENABLE
struct _IO_COUNTERS * PIO_COUNTERS
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
Definition: procobj.c:860
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
Definition: procobj.c:525
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
Definition: section.c:1617
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
Definition: pagfault.c:2653
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
Definition: probe.h:219
NTSTATUS NTAPI IoQueryFileDosDeviceName(IN PFILE_OBJECT FileObject, OUT POBJECT_NAME_INFORMATION *ObjectNameInformation)
Definition: file.c:3664
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
Definition: process.c:1163
NTSTATUS NTAPI PsReferenceProcessFilePointer(_In_ PEPROCESS Process, _Outptr_ PFILE_OBJECT *FileObject)
Definition: query.c:24
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
Definition: audit.c:199
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
Definition: obhandle.c:56
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
Definition: devicemap.c:539
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: pstypes.h:1350
Definition: pstypes.h:82
Definition: winternl.h:2373
Definition: ketypes.h:654
Definition: nt_native.h:1272
Definition: winternl.h:404
ULONG_PTR InheritedFromUniqueProcessId
Definition: pstypes.h:362
Definition: pstypes.h:392
Definition: pstypes.h:380
Definition: pstypes.h:1039
Definition: pstypes.h:405
Definition: ke.h:45
Definition: pstypes.h:67
Definition: lsa.idl:286
Definition: mmtypes.h:340
Definition: mmdrv.h:130
Definition: env_spec_w32.h:368
Definition: winternl.h:3130
SIZE_T QuotaPeakNonPagedPoolUsage
Definition: winternl.h:3138
Definition: typedefs.h:103
struct _LARGE_INTEGER::@2479 u
◆ NtQueryInformationThread()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread | ( | _In_ HANDLE | ThreadHandle, |
| _In_ THREADINFOCLASS | ThreadInformationClass, | ||
| _Out_writes_bytes_to_opt_(ThreadInformationLength, *ReturnLength) PVOID | ThreadInformation, | ||
| _In_ ULONG | ThreadInformationLength, | ||
| _Out_opt_ PULONG | ReturnLength | ||
| ) |
Definition at line 2881 of file query.c.
2888{
2892 ULONG Access;
2894 PTHREAD_BASIC_INFORMATION ThreadBasicInfo =
2895 (PTHREAD_BASIC_INFORMATION)ThreadInformation;
2898 ULONG ThreadTerminated;
2899 PAGED_CODE();
2900
2901 /* Validate the information class */
2903 PsThreadInfoClass,
2905 ICIF_PROBE_READ,
2906 ThreadInformation,
2907 ThreadInformationLength,
2908 ReturnLength,
2909 NULL,
2910 PreviousMode);
2912 {
2913#if DBG
2914 DPRINT1("NtQueryInformationThread(ThreadInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
2916#endif
2918 }
2919
2920 /* Check what class this is */
2921 Access = THREAD_QUERY_INFORMATION;
2922
2923 /* Check what kind of information class this is */
2925 {
2926 /* Basic thread information */
2928
2929 /* Set the return length */
2931
2933 {
2935 break;
2936 }
2937
2938 /* Reference the thread */
2940 Access,
2941 PsThreadType,
2942 PreviousMode,
2944 NULL);
2946 break;
2947
2948 /* Protect writes with SEH */
2949 _SEH2_TRY
2950 {
2951 /* Write all the information from the ETHREAD/KTHREAD */
2958 }
2960 {
2961 /* Get exception code */
2963 }
2964 _SEH2_END;
2965
2966 /* Dereference the thread */
2968 break;
2969
2970 /* Thread time information */
2972
2973 /* Set the return length */
2975
2977 {
2979 break;
2980 }
2981
2982 /* Reference the thread */
2984 Access,
2985 PsThreadType,
2986 PreviousMode,
2988 NULL);
2990 break;
2991
2992 /* Protect writes with SEH */
2993 _SEH2_TRY
2994 {
2995 /* Copy time information from ETHREAD/KTHREAD */
2999
3000 /* Exit time is in a union and only valid on actual exit! */
3002 {
3004 }
3005 else
3006 {
3008 }
3009 }
3011 {
3012 /* Get exception code */
3014 }
3015 _SEH2_END;
3016
3017 /* Dereference the thread */
3019 break;
3020
3022
3023 /* Set the return length*/
3025
3027 {
3029 break;
3030 }
3031
3032 /* Reference the thread */
3034 Access,
3035 PsThreadType,
3036 PreviousMode,
3038 NULL);
3040 break;
3041
3042 /* Protect write with SEH */
3043 _SEH2_TRY
3044 {
3045 /* Return the Win32 Start Address */
3047 }
3049 {
3050 /* Get exception code */
3052 }
3053 _SEH2_END;
3054
3055 /* Dereference the thread */
3057 break;
3058
3060
3061 /* Set the return length*/
3063
3065 {
3067 break;
3068 }
3069
3070 /* Reference the thread */
3072 Access,
3073 PsThreadType,
3074 PreviousMode,
3076 NULL);
3078 break;
3079
3080 /* Protect write with SEH */
3081 _SEH2_TRY
3082 {
3083 /* FIXME */
3084 (*(PLARGE_INTEGER)ThreadInformation).QuadPart = 0;
3085 }
3087 {
3088 /* Get exception code */
3090 }
3091 _SEH2_END;
3092
3093 /* Dereference the thread */
3095 break;
3096
3098
3099 /* Set the return length*/
3101
3103 {
3105 break;
3106 }
3107
3108 /* Reference the thread */
3110 Access,
3111 PsThreadType,
3112 PreviousMode,
3114 NULL);
3116 break;
3117
3118 /* Protect write with SEH */
3119 _SEH2_TRY
3120 {
3121 /* Return whether or not we are the last thread */
3124 &Thread->ThreadsProcess->
3125 ThreadListHead) ?
3127 }
3129 {
3130 /* Get exception code */
3132 }
3133 _SEH2_END;
3134
3135 /* Dereference the thread */
3137 break;
3138
3140
3141 /* Set the return length*/
3143
3145 {
3147 break;
3148 }
3149
3150 /* Reference the thread */
3152 Access,
3153 PsThreadType,
3154 PreviousMode,
3156 NULL);
3158 break;
3159
3160 /* Raise the IRQL to protect the IRP list */
3162
3163 /* Protect write with SEH */
3164 _SEH2_TRY
3165 {
3166 /* Check if the IRP list is empty or not */
3168 }
3170 {
3171 /* Get exception code */
3173 }
3174 _SEH2_END;
3175
3176 /* Lower IRQL back */
3178
3179 /* Dereference the thread */
3181 break;
3182
3183 /* LDT and GDT information */
3185
3186#if defined(_X86_)
3187 /* Reference the thread */
3189 Access,
3190 PsThreadType,
3191 PreviousMode,
3193 NULL);
3195 break;
3196
3197 /* Call the worker routine */
3199 ThreadInformation,
3200 ThreadInformationLength,
3201 ReturnLength);
3202
3203 /* Dereference the thread */
3205#else
3206 /* Only implemented on x86 */
3208#endif
3209 break;
3210
3212
3213 /* Set the return length*/
3215
3217 {
3219 break;
3220 }
3221
3222 /* Reference the thread */
3224 Access,
3225 PsThreadType,
3226 PreviousMode,
3228 NULL);
3230 break;
3231
3232 _SEH2_TRY
3233 {
3235 }
3237 {
3239 }
3240 _SEH2_END;
3241
3242 /* Dereference the thread */
3244 break;
3245
3247
3248 /* Set the return length */
3250
3252 {
3254 break;
3255 }
3256
3257 /* Reference the thread */
3259 Access,
3260 PsThreadType,
3261 PreviousMode,
3263 NULL);
3265 break;
3266
3267 _SEH2_TRY
3268 {
3270 }
3272 {
3274 }
3275 _SEH2_END;
3276
3277 /* Dereference the thread */
3279 break;
3280
3282
3283 /* Set the return length*/
3285
3287 {
3289 break;
3290 }
3291
3292 /* Reference the thread */
3294 Access,
3295 PsThreadType,
3296 PreviousMode,
3298 NULL);
3300 break;
3301
3303
3304 _SEH2_TRY
3305 {
3306 *(PULONG)ThreadInformation = ThreadTerminated ? 1 : 0;
3307 }
3309 {
3311 }
3312 _SEH2_END;
3313
3314 /* Dereference the thread */
3316 break;
3317
3318 /* Anything else */
3319 default:
3320 /* Not yet implemented */
3321#if DBG
3323#endif
3325 }
3326
3327 /* Protect write with SEH */
3328 _SEH2_TRY
3329 {
3330 /* Check if caller wanted return length */
3332 }
3334 {
3335 /* Get exception code */
3337 }
3338 _SEH2_END;
3339
3341}
struct _THREAD_BASIC_INFORMATION THREAD_BASIC_INFORMATION
struct _THREAD_BASIC_INFORMATION * PTHREAD_BASIC_INFORMATION
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
Definition: psfuncs.h:844
LONG NTAPI KeQueryBasePriorityThread(IN PKTHREAD Thread)
Definition: thrdobj.c:52
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
Definition: thread.c:868
NTSTATUS NTAPI PspQueryDescriptorThread(IN PETHREAD Thread, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
Definition: psldt.c:43
Definition: pstypes.h:1191
Definition: compat.h:926
union _LARGE_INTEGER LARGE_INTEGER
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
Definition: kefuncs.h:778
Referenced by CreateRemoteThread(), CsrCreateProcess(), CsrCreateRemoteThread(), CsrCreateThread(), CsrInsertThread(), CsrSbCreateSession(), DbgUiConvertStateChangeStructure(), ExitThread(), fetch_thread_info(), GetExitCodeThread(), GetProcessIdOfThread(), GetThreadDescription(), GetThreadGroupAffinity(), GetThreadId(), GetThreadIdealProcessorEx(), GetThreadIOPendingFlag(), GetThreadPriority(), GetThreadPriorityBoost(), GetThreadSelectorEntry(), GetThreadTimes(), i386_stack_walk(), init_funcs(), InitFunctionPtrs(), PrintThreads(), QuerySetThreadValidator(), RtlFreeUserThreadStack(), RtlpIsIoPending(), SetThreadAffinityMask(), TerminateThread(), and Test_ThreadBasicInformationClass().
◆ NtQueryMultipleValueKey()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryMultipleValueKey | ( | _In_ HANDLE | KeyHandle, |
| _Inout_updates_(EntryCount) PKEY_VALUE_ENTRY | ValueEntries, | ||
| _In_ ULONG | EntryCount, | ||
| _Out_writes_bytes_ *BufferLength PVOID | ValueBuffer, | ||
| _Inout_ PULONG | BufferLength, | ||
| _Out_opt_ PULONG | RequiredBufferLength | ||
| ) |
◆ NtQuerySystemInformation()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemInformation | ( | _In_ SYSTEM_INFORMATION_CLASS | SystemInformationClass, |
| _Out_ PVOID | SystemInformation, | ||
| _In_ ULONG | InformationLength, | ||
| _Out_opt_ PULONG | ResultLength | ||
| ) |
◆ NtQuerySystemTime()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemTime | ( | _Out_ PLARGE_INTEGER | SystemTime | ) |
◆ NtRenameKey()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtRenameKey | ( | _In_ HANDLE | KeyHandle, |
| _In_ PUNICODE_STRING | NewName | ||
| ) |
◆ NtSetInformationKey()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationKey | ( | _In_ HANDLE | KeyHandle, |
| _In_ _Strict_type_match_ KEY_SET_INFORMATION_CLASS | KeySetInformationClass, | ||
| _In_reads_bytes_(KeySetInformationLength) PVOID | KeySetInformation, | ||
| _In_ ULONG | KeySetInformationLength | ||
| ) |
◆ NtWaitForSingleObject()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWaitForSingleObject | ( | _In_ HANDLE | Object, |
| _In_ BOOLEAN | Alertable, | ||
| _In_opt_ PLARGE_INTEGER | Timeout | ||
| ) |
◆ RtlAnsiStringToUnicodeString()
| NTSTATUS NTAPI RtlAnsiStringToUnicodeString | ( | PUNICODE_STRING | DestinationString, |
| PCANSI_STRING | SourceString, | ||
| BOOLEAN | AllocateDestinationString | ||
| ) |
◆ RtlCharToInteger()
Definition at line 261 of file unicode.c.
265{
266 CHAR chCurrent;
268 ULONG RunningTotal = 0;
269 char bMinus = 0;
270
271 /* skip leading whitespaces */
273
274 /* Check for +/- */
276 {
277 str++;
278 }
280 {
281 bMinus = 1;
282 str++;
283 }
284
285 /* base = 0 means autobase */
287 {
288 base = 10;
289
291 {
293 {
294 str += 2;
295 base = 2;
296 }
298 {
299 str += 2;
300 base = 8;
301 }
303 {
304 str += 2;
305 base = 16;
306 }
307 }
308 }
310 {
312 }
313
315
317 {
318 chCurrent = *str;
319
320 if (chCurrent >= '0' && chCurrent <= '9')
321 {
323 }
324 else if (chCurrent >= 'A' && chCurrent <= 'Z')
325 {
327 }
328 else if (chCurrent >= 'a' && chCurrent <= 'z')
329 {
331 }
332 else
333 {
334 digit = -1;
335 }
336
338
340 str++;
341 }
342
343 *value = bMinus ? (0 - RunningTotal) : RunningTotal;
345}
Definition: uninitialized_test.cpp:81
Definition: pdh_main.c:96
◆ RtlConvertSidToUnicodeString()
| NTSTATUS NTAPI RtlConvertSidToUnicodeString | ( | PUNICODE_STRING | UnicodeString, |
| PSID | Sid, | ||
| BOOLEAN | AllocateDestinationString | ||
| ) |
◆ RtlFreeAnsiString()
| VOID NTAPI RtlFreeAnsiString | ( | PANSI_STRING | AnsiString | ) |
◆ RtlFreeOemString()
| VOID NTAPI RtlFreeOemString | ( | POEM_STRING | OemString | ) |
◆ RtlFreeUnicodeString()
| VOID NTAPI RtlFreeUnicodeString | ( | PUNICODE_STRING | UnicodeString | ) |
◆ RtlInitAnsiString()
| VOID NTAPI RtlInitAnsiString | ( | PANSI_STRING | DestinationString, |
| PCSZ | SourceString | ||
| ) |
◆ RtlInitString()
◆ RtlInitUnicodeString()
| VOID NTAPI RtlInitUnicodeString | ( | PUNICODE_STRING | DestinationString, |
| PCWSTR | SourceString | ||
| ) |
◆ RtlIsNameLegalDOS8Dot3()
| BOOLEAN NTAPI RtlIsNameLegalDOS8Dot3 | ( | _In_ PUNICODE_STRING | Name, |
| _Inout_opt_ POEM_STRING | OemName, | ||
| _Inout_opt_ PBOOLEAN | NameContainsSpaces | ||
| ) |
◆ RtlLocalTimeToSystemTime()
| NTSTATUS NTAPI RtlLocalTimeToSystemTime | ( | IN PLARGE_INTEGER | LocalTime, |
| _Out_ PLARGE_INTEGER | SystemTime | ||
| ) |
Referenced by LocalFileTimeToFileTime(), and SetLocalTime().
◆ RtlTimeToSecondsSince1970()
| BOOLEAN NTAPI RtlTimeToSecondsSince1970 | ( | PLARGE_INTEGER | Time, |
| PULONG | ElapsedSeconds | ||
| ) |
Referenced by _fstat64(), _tstat64(), BuildUserInfoBuffer(), create_bad_block_inode(), ElfReportEventA(), ElfReportEventW(), ext2_flush(), ext2_initialize_sb(), ext2_mkdir(), Ext2LinuxTime(), GetPasswordAge(), GetTimeInSeconds(), LogfReportEvent(), LogfWriteRecord(), NetrRemoteTOD(), NetrServerStatisticsGet(), NetrWorkstationStatisticsGet(), ParseDate(), and ProcessPortMessage().
◆ RtlUnicodeStringToAnsiString()
| NTSTATUS NTAPI RtlUnicodeStringToAnsiString | ( | PANSI_STRING | DestinationString, |
| PCUNICODE_STRING | SourceString, | ||
| BOOLEAN | AllocateDestinationString | ||
| ) |
◆ RtlUnicodeStringToOemString()
| NTSTATUS NTAPI RtlUnicodeStringToOemString | ( | POEM_STRING | DestinationString, |
| PCUNICODE_STRING | SourceString, | ||
| BOOLEAN | AllocateDestinationString | ||
| ) |
◆ RtlUnicodeToMultiByteSize()
| NTSTATUS NTAPI RtlUnicodeToMultiByteSize | ( | _Out_ PULONG | BytesInMultiByteString, |
| _In_reads_bytes_(BytesInUnicodeString) PWCH | UnicodeString, | ||
| _In_ ULONG | BytesInUnicodeString | ||
| ) |
◆ RtlUniform()
Variable Documentation
◆ ObjectInformationClass
| _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass |
Definition at line 469 of file winternl.h.
◆ ObjectInformationLength
| _In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength |
Definition at line 471 of file winternl.h.
◆ ReturnLength
Definition at line 472 of file winternl.h.
