psmgr.c File Reference

#include <ntoskrnl.h>
#include <debug.h>

Include dependency graph for psmgr.c:

Go to the source code of this file.

Macros
#define	NDEBUG

Functions
USHORT NTAPI	NameToOrdinal (IN PCHAR Name, IN PVOID DllBase, IN ULONG NumberOfNames, IN PULONG NameTable, IN PUSHORT OrdinalTable)
NTSTATUS NTAPI	LookupEntryPoint (IN PVOID DllBase, IN PCHAR Name, OUT PVOID *EntryPoint)
NTSTATUS NTAPI	PspLookupSystemDllEntryPoint (IN PCHAR Name, IN PVOID *EntryPoint)
NTSTATUS NTAPI	PspLookupKernelUserEntryPoints (VOID)
NTSTATUS NTAPI	PspMapSystemDll (IN PEPROCESS Process, IN PVOID *DllBase, IN BOOLEAN UseLargePages)
NTSTATUS NTAPI	PsLocateSystemDll (VOID)
NTSTATUS NTAPI	PspInitializeSystemDll (VOID)
BOOLEAN NTAPI	PspInitPhase1 (VOID)
BOOLEAN NTAPI	PspInitPhase0 (IN PLOADER_PARAMETER_BLOCK LoaderBlock)
BOOLEAN NTAPI	PsInitSystem (IN PLOADER_PARAMETER_BLOCK LoaderBlock)
BOOLEAN NTAPI	PsGetVersion (OUT PULONG MajorVersion OPTIONAL, OUT PULONG MinorVersion OPTIONAL, OUT PULONG BuildNumber OPTIONAL, OUT PUNICODE_STRING CSDVersion OPTIONAL)

Variables
ULONG	ExpInitializationPhase
PVOID	KeUserPopEntrySListEnd
PVOID	KeUserPopEntrySListFault
PVOID	KeUserPopEntrySListResume
GENERIC_MAPPING	PspProcessMapping
GENERIC_MAPPING	PspThreadMapping
PVOID	PspSystemDllBase
PVOID	PspSystemDllSection
PVOID	PspSystemDllEntryPoint
UNICODE_STRING	PsNtDllPathName
PHANDLE_TABLE	PspCidTable
PEPROCESS	PsInitialSystemProcess = NULL
PEPROCESS	PsIdleProcess = NULL
HANDLE	PspInitialSystemProcessHandle = NULL
ULONG	PsMinimumWorkingSet
ULONG	PsMaximumWorkingSet
struct {
LIST_ENTRY   List
KGUARDED_MUTEX   Lock
}	PspWorkingSetChangeHead
ULONG	PspDefaultPagedLimit
ULONG	PspDefaultNonPagedLimit
ULONG	PspDefaultPagefileLimit
BOOLEAN	PspDoingGiveBacks

Macro Definition Documentation

NDEBUG

#define NDEBUG

Definition at line 12 of file psmgr.c.

Function Documentation

LookupEntryPoint()

NTSTATUS NTAPI LookupEntryPoint	(	IN PVOID	DllBase,
		IN PCHAR	Name,
		OUT PVOID *	EntryPoint
	)

Definition at line 111 of file psmgr.c.

{
    PULONG NameTable;
    PUSHORT OrdinalTable;
    PIMAGE_EXPORT_DIRECTORY ExportDirectory;
    ULONG ExportSize;
    CHAR Buffer[64];
    USHORT Ordinal;
    PULONG ExportTable;
 
    /* Get the export directory */
    ExportDirectory = RtlImageDirectoryEntryToData(DllBase,
                                                   TRUE,
                                                   IMAGE_DIRECTORY_ENTRY_EXPORT,
                                                   &ExportSize);
 
    /* Validate the name and copy it */
    if (strlen(Name) > sizeof(Buffer) - 2) return STATUS_INVALID_PARAMETER;
    strcpy(Buffer, Name);
 
    /* Setup name tables */
    NameTable = (PULONG)((ULONG_PTR)DllBase +
                         ExportDirectory->AddressOfNames);
    OrdinalTable = (PUSHORT)((ULONG_PTR)DllBase +
                             ExportDirectory->AddressOfNameOrdinals);
 
    /* Get the ordinal */
    Ordinal = NameToOrdinal(Buffer,
                            DllBase,
                            ExportDirectory->NumberOfNames,
                            NameTable,
                            OrdinalTable);
 
    /* Make sure the ordinal is valid */
    if (Ordinal >= ExportDirectory->NumberOfFunctions)
    {
        /* It's not, fail */
        return STATUS_PROCEDURE_NOT_FOUND;
    }
 
    /* Resolve the address and write it */
    ExportTable = (PULONG)((ULONG_PTR)DllBase +
                           ExportDirectory->AddressOfFunctions);
    *EntryPoint = (PVOID)((ULONG_PTR)DllBase + ExportTable[Ordinal]);
    return STATUS_SUCCESS;
}

Referenced by PspLookupSystemDllEntryPoint().

NameToOrdinal()

USHORT NTAPI NameToOrdinal	(	IN PCHAR	Name,
		IN PVOID	DllBase,
		IN ULONG	NumberOfNames,
		IN PULONG	NameTable,
		IN PUSHORT	OrdinalTable
	)

Definition at line 68 of file psmgr.c.

{
    ULONG Mid;
    LONG Ret;
 
    /* Fail if no names */
    if (!NumberOfNames) return -1;
 
    /* Do binary search */
    Mid = NumberOfNames >> 1;
    Ret = strcmp(Name, (PCHAR)((ULONG_PTR)DllBase + NameTable[Mid]));
 
    /* Check if we found it */
    if (!Ret) return OrdinalTable[Mid];
 
    /* We didn't. Check if we only had one name to check */
    if (NumberOfNames == 1) return -1;
 
    /* Check if we should look up or down */
    if (Ret < 0)
    {
        /* Loop down */
        NumberOfNames = Mid;
    }
    else
    {
        /* Look up, update tables */
        NameTable = &NameTable[Mid + 1];
        OrdinalTable = &OrdinalTable[Mid + 1];
        NumberOfNames -= (Mid - 1);
    }
 
    /* Call us recursively */
    return NameToOrdinal(Name, DllBase, NumberOfNames, NameTable, OrdinalTable);
}

Referenced by LookupEntryPoint(), and NameToOrdinal().

PsGetVersion()

BOOLEAN NTAPI PsGetVersion	(	OUT PULONG MajorVersion	OPTIONAL,
		OUT PULONG MinorVersion	OPTIONAL,
		OUT PULONG BuildNumber	OPTIONAL,
		OUT PUNICODE_STRING CSDVersion	OPTIONAL
	)

Definition at line 658 of file psmgr.c.

{
    if (MajorVersion) *MajorVersion = NtMajorVersion;
    if (MinorVersion) *MinorVersion = NtMinorVersion;
    if (BuildNumber ) *BuildNumber  = NtBuildNumber & 0x3FFF;
 
    if (CSDVersion)
    {
        CSDVersion->Length = CmCSDVersionString.Length;
        CSDVersion->MaximumLength = CmCSDVersionString.MaximumLength;
        CSDVersion->Buffer = CmCSDVersionString.Buffer;
    }
 
    /* Return TRUE if this is a Checked Build */
    return (NtBuildNumber >> 28) == 0xC;
}

PsInitSystem()

BOOLEAN NTAPI PsInitSystem

(

IN PLOADER_PARAMETER_BLOCK

LoaderBlock

)

Definition at line 624 of file psmgr.c.

{
    /* Check the initialization phase */
    switch (ExpInitializationPhase)
    {
    case 0:
 
        /* Do Phase 0 */
        return PspInitPhase0(LoaderBlock);
 
    case 1:
 
        /* Do Phase 1 */
        return PspInitPhase1();
 
    default:
 
        /* Don't know any other phase! Bugcheck! */
        KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
                     1,
                     ExpInitializationPhase,
                     0,
                     0);
        return FALSE;
    }
}

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

PsLocateSystemDll()

NTSTATUS NTAPI PsLocateSystemDll

(

VOID

)

Definition at line 279 of file psmgr.c.

{
    OBJECT_ATTRIBUTES ObjectAttributes;
    IO_STATUS_BLOCK IoStatusBlock;
    HANDLE FileHandle, SectionHandle;
    NTSTATUS Status;
    ULONG_PTR HardErrorParameters;
    ULONG HardErrorResponse;
 
    /* Locate and open NTDLL to determine ImageBase and LdrStartup */
    InitializeObjectAttributes(&ObjectAttributes,
                               &PsNtDllPathName,
                               0,
                               NULL,
                               NULL);
    Status = ZwOpenFile(&FileHandle,
                        FILE_READ_ACCESS,
                        &ObjectAttributes,
                        &IoStatusBlock,
                        FILE_SHARE_READ,
                        0);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 2, 0, 0);
    }
 
    /* Check if the image is valid */
    Status = MmCheckSystemImage(FileHandle, TRUE);
    if (Status == STATUS_IMAGE_CHECKSUM_MISMATCH)
    {
        /* Raise a hard error */
        HardErrorParameters = (ULONG_PTR)&PsNtDllPathName;
        NtRaiseHardError(Status,
                         1,
                         1,
                         &HardErrorParameters,
                         OptionOk,
                         &HardErrorResponse);
        return Status;
    }
 
    /* Create a section for NTDLL */
    Status = ZwCreateSection(&SectionHandle,
                             SECTION_ALL_ACCESS,
                             NULL,
                             NULL,
                             PAGE_EXECUTE,
                             SEC_IMAGE,
                             FileHandle);
    ZwClose(FileHandle);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 3, 0, 0);
    }
 
    /* Reference the Section */
    Status = ObReferenceObjectByHandle(SectionHandle,
                                       SECTION_ALL_ACCESS,
                                       MmSectionObjectType,
                                       KernelMode,
                                       (PVOID*)&PspSystemDllSection,
                                       NULL);
    ZwClose(SectionHandle);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 4, 0, 0);
    }
 
    /* Map it */
    Status = PspMapSystemDll(PsGetCurrentProcess(), &PspSystemDllBase, FALSE);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 5, 0, 0);
    }
 
    /* Return status */
    return Status;
}

Referenced by IoInitSystem().

PspInitializeSystemDll()

NTSTATUS NTAPI PspInitializeSystemDll

(

VOID

)

Definition at line 365 of file psmgr.c.

{
    NTSTATUS Status;
 
    /* Get user-mode startup thunk */
    Status = PspLookupSystemDllEntryPoint("LdrInitializeThunk",
                                          &PspSystemDllEntryPoint);
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 7, 0, 0);
    }
 
    /* Get all the other entrypoints */
    Status = PspLookupKernelUserEntryPoints();
    if (!NT_SUCCESS(Status))
    {
        /* Failed, bugcheck */
        KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED, Status, 8, 0, 0);
    }
 
    /* Let KD know we are done */
    KdUpdateDataBlock();
 
    /* Return status */
    return Status;
}

Referenced by PspInitPhase1().

PspInitPhase0()

BOOLEAN NTAPI PspInitPhase0

(

IN PLOADER_PARAMETER_BLOCK

LoaderBlock

)

Definition at line 406 of file psmgr.c.

{
    NTSTATUS Status;
    OBJECT_ATTRIBUTES ObjectAttributes;
    HANDLE SysThreadHandle;
    PETHREAD SysThread;
    MM_SYSTEMSIZE SystemSize;
    UNICODE_STRING Name;
    OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
    ULONG i;
 
    /* Get the system size */
    SystemSize = MmQuerySystemSize();
 
    /* Setup some memory options */
    PspDefaultPagefileLimit = -1;
    switch (SystemSize)
    {
        /* Medimum systems */
        case MmMediumSystem:
 
            /* Increase the WS sizes a bit */
            PsMinimumWorkingSet += 10;
            PsMaximumWorkingSet += 100;
 
        /* Large systems */
        case MmLargeSystem:
 
            /* Increase the WS sizes a bit more */
            PsMinimumWorkingSet += 30;
            PsMaximumWorkingSet += 300;
 
        /* Small and other systems */
        default:
            break;
    }
 
    /* Setup callbacks */
    for (i = 0; i < PSP_MAX_CREATE_THREAD_NOTIFY; i++)
    {
        ExInitializeCallBack(&PspThreadNotifyRoutine[i]);
    }
    for (i = 0; i < PSP_MAX_CREATE_PROCESS_NOTIFY; i++)
    {
        ExInitializeCallBack(&PspProcessNotifyRoutine[i]);
    }
    for (i = 0; i < PSP_MAX_LOAD_IMAGE_NOTIFY; i++)
    {
        ExInitializeCallBack(&PspLoadImageNotifyRoutine[i]);
    }
 
    /* Setup the quantum table */
    PsChangeQuantumTable(FALSE, PsRawPrioritySeparation);
 
    /* Set quota settings */
    if (!PspDefaultPagedLimit) PspDefaultPagedLimit = 0;
    if (!PspDefaultNonPagedLimit) PspDefaultNonPagedLimit = 0;
    if (!(PspDefaultNonPagedLimit) && !(PspDefaultPagedLimit))
    {
        /* Enable give-backs */
        PspDoingGiveBacks = TRUE;
    }
    else
    {
        /* Disable them */
        PspDoingGiveBacks = FALSE;
    }
 
    /* Now multiply limits by 1MB */
    PspDefaultPagedLimit <<= 20;
    PspDefaultNonPagedLimit <<= 20;
    if (PspDefaultPagefileLimit != MAXULONG) PspDefaultPagefileLimit <<= 20;
 
    /* Initialize the Active Process List */
    InitializeListHead(&PsActiveProcessHead);
    KeInitializeGuardedMutex(&PspActiveProcessMutex);
 
    /* Get the idle process */
    PsIdleProcess = PsGetCurrentProcess();
 
    /* Setup the locks */
    PsIdleProcess->ProcessLock.Value = 0;
    ExInitializeRundownProtection(&PsIdleProcess->RundownProtect);
 
    /* Initialize the thread list */
    InitializeListHead(&PsIdleProcess->ThreadListHead);
 
    /* Clear kernel time */
    PsIdleProcess->Pcb.KernelTime = 0;
 
    /* Initialize Object Initializer */
    RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
    ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
    ObjectTypeInitializer.InvalidAttributes = OBJ_PERMANENT |
                                              OBJ_EXCLUSIVE |
                                              OBJ_OPENIF;
    ObjectTypeInitializer.PoolType = NonPagedPool;
    ObjectTypeInitializer.SecurityRequired = TRUE;
 
    /* Initialize the Process type */
    RtlInitUnicodeString(&Name, L"Process");
    ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(EPROCESS);
    ObjectTypeInitializer.GenericMapping = PspProcessMapping;
    ObjectTypeInitializer.ValidAccessMask = PROCESS_ALL_ACCESS;
    ObjectTypeInitializer.DeleteProcedure = PspDeleteProcess;
    ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &PsProcessType);
 
    /*  Initialize the Thread type  */
    RtlInitUnicodeString(&Name, L"Thread");
    ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
    ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(ETHREAD);
    ObjectTypeInitializer.GenericMapping = PspThreadMapping;
    ObjectTypeInitializer.ValidAccessMask = THREAD_ALL_ACCESS;
    ObjectTypeInitializer.DeleteProcedure = PspDeleteThread;
    ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &PsThreadType);
 
    /*  Initialize the Job type  */
    RtlInitUnicodeString(&Name, L"Job");
    ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
    ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(EJOB);
    ObjectTypeInitializer.GenericMapping = PspJobMapping;
    ObjectTypeInitializer.InvalidAttributes = 0;
    ObjectTypeInitializer.ValidAccessMask = JOB_OBJECT_ALL_ACCESS;
    ObjectTypeInitializer.DeleteProcedure = PspDeleteJob;
    ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &PsJobType);
 
    /* Initialize job structures external to this file */
    PspInitializeJobStructures();
 
    /* Initialize the Working Set data */
    InitializeListHead(&PspWorkingSetChangeHead.List);
    KeInitializeGuardedMutex(&PspWorkingSetChangeHead.Lock);
 
    /* Create the CID Handle table */
    PspCidTable = ExCreateHandleTable(NULL);
    if (!PspCidTable) return FALSE;
 
    /* FIXME: Initialize LDT/VDM support */
 
    /* Setup the reaper */
    ExInitializeWorkItem(&PspReaperWorkItem, PspReapRoutine, NULL);
 
    /* Set the boot access token */
    PspBootAccessToken = (PTOKEN)(PsIdleProcess->Token.Value & ~MAX_FAST_REFS);
 
    /* Setup default object attributes */
    InitializeObjectAttributes(&ObjectAttributes,
                               NULL,
                               0,
                               NULL,
                               NULL);
 
    /* Create the Initial System Process */
    Status = PspCreateProcess(&PspInitialSystemProcessHandle,
                              PROCESS_ALL_ACCESS,
                              &ObjectAttributes,
                              0,
                              FALSE,
                              0,
                              0,
                              0,
                              FALSE);
    if (!NT_SUCCESS(Status)) return FALSE;
 
    /* Get a reference to it */
    ObReferenceObjectByHandle(PspInitialSystemProcessHandle,
                              0,
                              PsProcessType,
                              KernelMode,
                              (PVOID*)&PsInitialSystemProcess,
                              NULL);
 
    /* Copy the process names */
    strcpy(PsIdleProcess->ImageFileName, "Idle");
    strcpy(PsInitialSystemProcess->ImageFileName, "System");
 
    /* Allocate a structure for the audit name */
    PsInitialSystemProcess->SeAuditProcessCreationInfo.ImageFileName =
        ExAllocatePoolWithTag(PagedPool,
                              sizeof(OBJECT_NAME_INFORMATION),
                              TAG_SEPA);
    if (!PsInitialSystemProcess->SeAuditProcessCreationInfo.ImageFileName)
    {
        /* Allocation failed */
        return FALSE;
    }
 
    /* Zero it */
    RtlZeroMemory(PsInitialSystemProcess->
                  SeAuditProcessCreationInfo.ImageFileName,
                  sizeof(OBJECT_NAME_INFORMATION));
 
    /* Setup the system initialization thread */
    Status = PsCreateSystemThread(&SysThreadHandle,
                                  THREAD_ALL_ACCESS,
                                  &ObjectAttributes,
                                  0,
                                  NULL,
                                  Phase1Initialization,
                                  LoaderBlock);
    if (!NT_SUCCESS(Status)) return FALSE;
 
    /* Create a handle to it */
    ObReferenceObjectByHandle(SysThreadHandle,
                              0,
                              PsThreadType,
                              KernelMode,
                              (PVOID*)&SysThread,
                              NULL);
    ObCloseHandle(SysThreadHandle, KernelMode);
 
    /* Return success */
    return TRUE;
}

Referenced by PsInitSystem().

PspInitPhase1()

BOOLEAN NTAPI PspInitPhase1

(

VOID

)

Definition at line 396 of file psmgr.c.

{
    /* Initialize the System DLL and return status of operation */
    if (!NT_SUCCESS(PspInitializeSystemDll())) return FALSE;
    return TRUE;
}

Referenced by PsInitSystem().

PspLookupKernelUserEntryPoints()

NTSTATUS NTAPI PspLookupKernelUserEntryPoints

(

VOID

)

Definition at line 173 of file psmgr.c.

{
    NTSTATUS Status;
 
    /* Get user-mode APC trampoline */
    Status = PspLookupSystemDllEntryPoint("KiUserApcDispatcher",
                                          &KeUserApcDispatcher);
    if (!NT_SUCCESS(Status)) return Status;
 
    /* Get user-mode exception dispatcher */
    Status = PspLookupSystemDllEntryPoint("KiUserExceptionDispatcher",
                                          &KeUserExceptionDispatcher);
    if (!NT_SUCCESS(Status)) return Status;
 
    /* Get user-mode callback dispatcher */
    Status = PspLookupSystemDllEntryPoint("KiUserCallbackDispatcher",
                                          &KeUserCallbackDispatcher);
    if (!NT_SUCCESS(Status)) return Status;
 
    /* Get user-mode exception raise trampoline */
    Status = PspLookupSystemDllEntryPoint("KiRaiseUserExceptionDispatcher",
                                          &KeRaiseUserExceptionDispatcher);
    if (!NT_SUCCESS(Status)) return Status;
 
    /* Get user-mode SLIST exception functions for page fault rollback race hack */
    Status = PspLookupSystemDllEntryPoint("ExpInterlockedPopEntrySListEnd",
                                          &KeUserPopEntrySListEnd);
    if (!NT_SUCCESS(Status)) { DPRINT1("this not found\n"); return Status; }
    Status = PspLookupSystemDllEntryPoint("ExpInterlockedPopEntrySListFault",
                                          &KeUserPopEntrySListFault);
    if (!NT_SUCCESS(Status)) { DPRINT1("this not found\n"); return Status; }
    Status = PspLookupSystemDllEntryPoint("ExpInterlockedPopEntrySListResume",
                                          &KeUserPopEntrySListResume);
    if (!NT_SUCCESS(Status)) { DPRINT1("this not found\n"); return Status; }
 
    /* On x86, there are multiple ways to do a system call, find the right stubs */
#if defined(_X86_)
    /* Check if this is a machine that supports SYSENTER */
    if (KeFeatureBits & KF_FAST_SYSCALL)
    {
        /* Get user-mode sysenter stub */
        SharedUserData->SystemCall = (PsNtosImageBase >> (PAGE_SHIFT + 1));
        Status = PspLookupSystemDllEntryPoint("KiFastSystemCall",
                                              (PVOID)&SharedUserData->
                                              SystemCall);
        if (!NT_SUCCESS(Status)) return Status;
 
        /* Get user-mode sysenter return stub */
        Status = PspLookupSystemDllEntryPoint("KiFastSystemCallRet",
                                              (PVOID)&SharedUserData->
                                              SystemCallReturn);
        if (!NT_SUCCESS(Status)) return Status;
    }
    else
    {
        /* Get the user-mode interrupt stub */
        Status = PspLookupSystemDllEntryPoint("KiIntSystemCall",
                                              (PVOID)&SharedUserData->
                                              SystemCall);
        if (!NT_SUCCESS(Status)) return Status;
    }
 
    /* Set the test instruction */
    SharedUserData->TestRetInstruction = 0xC3;
#endif
 
    /* Return the status */
    return Status;
}

Referenced by PspInitializeSystemDll().

PspLookupSystemDllEntryPoint()

NTSTATUS NTAPI PspLookupSystemDllEntryPoint	(	IN PCHAR	Name,
		IN PVOID *	EntryPoint
	)

Definition at line 163 of file psmgr.c.

{
    /* Call the LDR Routine */
    return LookupEntryPoint(PspSystemDllBase, Name, EntryPoint);
}

Referenced by PspInitializeSystemDll(), and PspLookupKernelUserEntryPoints().

PspMapSystemDll()

NTSTATUS NTAPI PspMapSystemDll	(	IN PEPROCESS	Process,
		IN PVOID *	DllBase,
		IN BOOLEAN	UseLargePages
	)

Definition at line 245 of file psmgr.c.

{
    NTSTATUS Status;
    LARGE_INTEGER Offset = {{0, 0}};
    SIZE_T ViewSize = 0;
    PVOID ImageBase = 0;
 
    /* Map the System DLL */
    Status = MmMapViewOfSection(PspSystemDllSection,
                                Process,
                                (PVOID*)&ImageBase,
                                0,
                                0,
                                &Offset,
                                &ViewSize,
                                ViewShare,
                                0,
                                PAGE_READWRITE);
    if (Status != STATUS_SUCCESS)
    {
        /* Normalize status code */
        Status = STATUS_CONFLICTING_ADDRESSES;
    }
 
    /* Write the image base and return status */
    if (DllBase) *DllBase = ImageBase;
    return Status;
}

Referenced by PsLocateSystemDll().

Variable Documentation

ExpInitializationPhase

ULONG ExpInitializationPhase

extern

Definition at line 68 of file init.c.

Referenced by PsInitSystem().

KeUserPopEntrySListEnd

PVOID KeUserPopEntrySListEnd

Definition at line 17 of file psmgr.c.

Referenced by PspLookupKernelUserEntryPoints().

KeUserPopEntrySListFault

PVOID KeUserPopEntrySListFault

Definition at line 18 of file psmgr.c.

Referenced by KiCheckForSListFault(), and PspLookupKernelUserEntryPoints().

KeUserPopEntrySListResume

PVOID KeUserPopEntrySListResume

Definition at line 19 of file psmgr.c.

Referenced by KiCheckForSListFault(), and PspLookupKernelUserEntryPoints().

List

LIST_ENTRY List

Definition at line 57 of file psmgr.c.

Lock

KGUARDED_MUTEX Lock

Definition at line 58 of file psmgr.c.

PsIdleProcess

PEPROCESS PsIdleProcess = NULL

Definition at line 51 of file psmgr.c.

Referenced by MmInitSystem(), PopGracefulShutdown(), PspInitPhase0(), PspShutdownProcessManager(), and QSI_DEF().

PsInitialSystemProcess

PEPROCESS PsInitialSystemProcess = NULL

Definition at line 50 of file psmgr.c.

Referenced by ExAllocatePoolWithQuotaTag(), ExSwapinWorkerThreads(), IopDoLoadUnloadDriver(), IopLoadUnloadDriverWorker(), MiLoadImageSection(), MmCheckSystemImage(), MmPageOutPhysicalAddress(), NtDebugActiveProcess(), NtSetInformationObject(), NtSetSystemPowerState(), ObDuplicateObject(), ObpAllocateObject(), ObpChargeQuotaForObject(), ObpCloseHandle(), ObpCreateHandle(), ObpCreateUnnamedHandle(), ObSetHandleAttributes(), PopGracefulShutdown(), PsChargePoolQuota(), PsChargeProcessPageFileQuota(), PsChargeProcessPoolQuota(), PsCreateSystemThread(), PsIsSystemProcess(), PspChargeProcessQuotaSpecifiedPool(), PspCreateProcess(), PspCreateThread(), PspInitPhase0(), PspReturnProcessQuotaSpecifiedPool(), PspShutdownProcessManager(), PsReturnPoolQuota(), PsReturnProcessNonPagedPoolQuota(), PsReturnProcessPagedPoolQuota(), PsReturnProcessPageFileQuota(), SepCleanupLUIDDeviceMapDirectory(), and START_TEST().

PsMaximumWorkingSet

ULONG PsMaximumWorkingSet

Definition at line 54 of file psmgr.c.

Referenced by PspInitPhase0().

PsMinimumWorkingSet

ULONG PsMinimumWorkingSet

Definition at line 54 of file psmgr.c.

Referenced by PspCreateProcess(), and PspInitPhase0().

PsNtDllPathName

UNICODE_STRING PsNtDllPathName

Initial value:

=
    RTL_CONSTANT_STRING(L"\\SystemRoot\\System32\\ntdll.dll")

Definition at line 45 of file psmgr.c.

Referenced by DbgkCreateThread(), and PsLocateSystemDll().

PspCidTable

PHANDLE_TABLE PspCidTable

Definition at line 48 of file psmgr.c.

Referenced by PsLookupProcessByProcessId(), PsLookupProcessThreadByCid(), PsLookupThreadByThreadId(), PspCreateProcess(), PspCreateThread(), PspDeleteProcess(), PspDeleteThread(), and PspInitPhase0().

PspDefaultNonPagedLimit

ULONG PspDefaultNonPagedLimit

Definition at line 60 of file psmgr.c.

Referenced by PspInitPhase0().

PspDefaultPagedLimit

ULONG PspDefaultPagedLimit

Definition at line 60 of file psmgr.c.

Referenced by PspInitPhase0().

PspDefaultPagefileLimit

ULONG PspDefaultPagefileLimit

Definition at line 60 of file psmgr.c.

Referenced by PspInitPhase0().

PspDoingGiveBacks

BOOLEAN PspDoingGiveBacks

Definition at line 61 of file psmgr.c.

Referenced by PspInitPhase0().

PspInitialSystemProcessHandle

HANDLE PspInitialSystemProcessHandle = NULL

Definition at line 52 of file psmgr.c.

Referenced by PspInitPhase0().

PspProcessMapping

GENERIC_MAPPING PspProcessMapping

Initial value:

=
{
    STANDARD_RIGHTS_READ    | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
    STANDARD_RIGHTS_WRITE   | PROCESS_CREATE_PROCESS    | PROCESS_CREATE_THREAD   |
    PROCESS_VM_OPERATION    | PROCESS_VM_WRITE          | PROCESS_DUP_HANDLE      |
    PROCESS_TERMINATE       | PROCESS_SET_QUOTA         | PROCESS_SET_INFORMATION |
    PROCESS_SUSPEND_RESUME,
    STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE,
    PROCESS_ALL_ACCESS
}

Definition at line 21 of file psmgr.c.

Referenced by PspInitPhase0().

PspSystemDllBase

PVOID PspSystemDllBase

Definition at line 41 of file psmgr.c.

Referenced by DbgkCreateThread(), PsLocateSystemDll(), PspLookupSystemDllEntryPoint(), and PspUserThreadStartup().

PspSystemDllEntryPoint

PVOID PspSystemDllEntryPoint

Definition at line 43 of file psmgr.c.

Referenced by PspInitializeSystemDll(), and PspUserThreadStartup().

PspSystemDllSection

PVOID PspSystemDllSection

Definition at line 42 of file psmgr.c.

Referenced by PsLocateSystemDll(), and PspMapSystemDll().

PspThreadMapping

GENERIC_MAPPING PspThreadMapping

Initial value:

=
{
    STANDARD_RIGHTS_READ    | THREAD_GET_CONTEXT      | THREAD_QUERY_INFORMATION,
    STANDARD_RIGHTS_WRITE   | THREAD_TERMINATE        | THREAD_SUSPEND_RESUME    |
    THREAD_ALERT            | THREAD_SET_INFORMATION  | THREAD_SET_CONTEXT,
    STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE,
    THREAD_ALL_ACCESS
}

Definition at line 32 of file psmgr.c.

Referenced by PspInitPhase0().

struct { ... } PspWorkingSetChangeHead

Referenced by PspInitPhase0().