ps.h File Reference

Go to the source code of this file.

Classes

struct _MMSUPPORT_FLAGS

struct _MMSUPPORT

struct _PS_IMPERSONATION_INFORMATION

struct _EPROCESS_QUOTA_BLOCK

struct _WOW64_PROCESS

struct _EPROCESS

struct _ETHREAD

struct _INITIAL_PEB

struct _PS_JOB_TOKEN_FILTER

struct _EJOB

struct _IMAGE_INFO

struct _WIN32_JOBCALLOUT_PARAMETERS

struct _WIN32_POWEREVENT_PARAMETERS

struct _WIN32_POWERSTATE_PARAMETERS

Defines

#define PSP_INVALID_ID   ((ULONG_PTR)(0x82)<<((sizeof(ULONG_PTR)-1)*8))

#define MEMORY_PRIORITY_BACKGROUND   0

#define MEMORY_PRIORITY_WASFOREGROUND   1

#define MEMORY_PRIORITY_FOREGROUND   2

#define PS_WS_TRIM_FROM_EXE_HEADER   1

#define PS_WS_TRIM_BACKGROUND_ONLY_APP   2

#define PS_SET_BITS(Flags, Flag)   ExInterlockedSetBits (Flags, Flag)

#define PS_CLEAR_BITS(Flags, Flag)   ExInterlockedClearBits (Flags, Flag)

#define PS_SET_CLEAR_BITS(Flags, sFlag, cFlag)   ExInterlockedSetClearBits (Flags, sFlag, cFlag)

#define PS_JOB_STATUS_NOT_REALLY_ACTIVE   0x00000001

#define PS_JOB_STATUS_ACCOUNTING_FOLDED   0x00000002

#define PS_JOB_STATUS_NEW_PROCESS_REPORTED   0x00000004

#define PS_JOB_STATUS_EXIT_PROCESS_REPORTED   0x00000008

#define PS_JOB_STATUS_REPORT_COMMIT_CHANGES   0x00000010

#define PS_JOB_STATUS_LAST_REPORT_MEMORY   0x00000020

#define PS_GET_THREAD_CREATE_TIME(Thread)   ((Thread)->CreateTime.QuadPart >> 3)

#define PS_SET_THREAD_CREATE_TIME(Thread, InputCreateTime)   ((Thread)->CreateTime.QuadPart = (InputCreateTime.QuadPart << 3))

#define THREAD_TO_PROCESS(thread)   ((thread)->ThreadsProcess)

#define IS_SYSTEM_THREAD(thread)

#define PsGetCurrentProcess()   (CONTAINING_RECORD(((KeGetCurrentThread())->ApcState.Process),EPROCESS,Pcb))

#define PsGetCurrentThread()   (CONTAINING_RECORD((KeGetCurrentThread()),ETHREAD,Tcb))

#define PsLockProcessSecurityFields()   ExAcquireFastMutex( &PsProcessSecurityLock )

#define PsFreeProcessSecurityFields()   ExReleaseFastMutex( &PsProcessSecurityLock )

#define IMAGE_ADDRESSING_MODE_32BIT   3

#define PsDereferencePrimaryToken(T)   (ObDereferenceObject((T)))

#define PsProcessAuditId(Process)   ((Process)->UniqueProcessId)

#define PsDereferenceImpersonationToken(T)

#define PsIsThreadTerminating(T)   (T)->HasTerminated

Typedefs

typedef _MMSUPPORT_FLAGS MMSUPPORT_FLAGS

typedef _MMSUPPORT MMSUPPORT

typedef MMSUPPORT * PMMSUPPORT

typedef _PS_IMPERSONATION_INFORMATION PS_IMPERSONATION_INFORMATION

typedef _PS_IMPERSONATION_INFORMATION * PPS_IMPERSONATION_INFORMATION

typedef _EPROCESS_QUOTA_BLOCK EPROCESS_QUOTA_BLOCK

typedef _EPROCESS_QUOTA_BLOCK * PEPROCESS_QUOTA_BLOCK

typedef _WOW64_PROCESS WOW64_PROCESS

typedef _WOW64_PROCESS * PWOW64_PROCESS

typedef _EPROCESS EPROCESS

typedef EPROCESS * PEPROCESS

typedef _ETHREAD ETHREAD

typedef ETHREAD * PETHREAD

typedef _INITIAL_PEB INITIAL_PEB

typedef _INITIAL_PEB * PINITIAL_PEB

typedef _PS_JOB_TOKEN_FILTER PS_JOB_TOKEN_FILTER

typedef _PS_JOB_TOKEN_FILTER * PPS_JOB_TOKEN_FILTER

typedef _EJOB EJOB

typedef EJOB * PEJOB

typedef VOID(* PLEGO_NOTIFY_ROUTINE )(PKTHREAD Thread)

typedef VOID(* PCREATE_PROCESS_NOTIFY_ROUTINE )(IN HANDLE ParentId, IN HANDLE ProcessId, IN BOOLEAN Create)

typedef VOID(* PCREATE_THREAD_NOTIFY_ROUTINE )(IN HANDLE ProcessId, IN HANDLE ThreadId, IN BOOLEAN Create)

typedef _IMAGE_INFO IMAGE_INFO

typedef _IMAGE_INFO * PIMAGE_INFO

typedef VOID(* PLOAD_IMAGE_NOTIFY_ROUTINE )(IN PUNICODE_STRING FullImageName, IN HANDLE ProcessId, IN PIMAGE_INFO ImageInfo)

typedef enum _PSLOCKPROCESSMODE PSLOCKPROCESSMODE

typedef NTSTATUS(* PKWIN32_PROCESS_CALLOUT )(IN PEPROCESS Process, IN BOOLEAN Initialize)

typedef enum _PSW32JOBCALLOUTTYPE PSW32JOBCALLOUTTYPE

typedef _WIN32_JOBCALLOUT_PARAMETERS WIN32_JOBCALLOUT_PARAMETERS

typedef _WIN32_JOBCALLOUT_PARAMETERS * PKWIN32_JOBCALLOUT_PARAMETERS

typedef NTSTATUS(* PKWIN32_JOB_CALLOUT )(IN PKWIN32_JOBCALLOUT_PARAMETERS Parm)

typedef enum _PSW32THREADCALLOUTTYPE PSW32THREADCALLOUTTYPE

typedef NTSTATUS(* PKWIN32_THREAD_CALLOUT )(IN PETHREAD Thread, IN PSW32THREADCALLOUTTYPE CalloutType)

typedef enum _PSPOWEREVENTTYPE PSPOWEREVENTTYPE

typedef _WIN32_POWEREVENT_PARAMETERS WIN32_POWEREVENT_PARAMETERS

typedef _WIN32_POWEREVENT_PARAMETERS * PKWIN32_POWEREVENT_PARAMETERS

typedef _WIN32_POWERSTATE_PARAMETERS WIN32_POWERSTATE_PARAMETERS

typedef _WIN32_POWERSTATE_PARAMETERS * PKWIN32_POWERSTATE_PARAMETERS

typedef NTSTATUS(* PKWIN32_POWEREVENT_CALLOUT )(IN PKWIN32_POWEREVENT_PARAMETERS Parm)

typedef NTSTATUS(* PKWIN32_POWERSTATE_CALLOUT )(IN PKWIN32_POWERSTATE_PARAMETERS Parm)

typedef enum _PSPROCESSPRIORITYMODE PSPROCESSPRIORITYMODE

Enumerations

enum _PSLOCKPROCESSMODE { PsLockPollOnTimeout, PsLockReturnTimeout, PsLockWaitForever, PsLockIAmExiting }

enum _PSW32JOBCALLOUTTYPE { PsW32JobCalloutSetInformation, PsW32JobCalloutAddProcess, PsW32JobCalloutTerminate }

enum _PSW32THREADCALLOUTTYPE { PsW32ThreadCalloutInitialize, PsW32ThreadCalloutExit }

enum _PSPOWEREVENTTYPE {
  PsW32FullWake, PsW32EventCode, PsW32PowerPolicyChanged, PsW32SystemPowerState,
  PsW32SystemTime, PsW32DisplayState, PsW32CapabilitiesChanged, PsW32SetStateFailed,
  PsW32GdiOff, PsW32GdiOn
}

enum _PSPROCESSPRIORITYMODE { PsProcessPriorityBackground, PsProcessPriorityForeground, PsProcessPrioritySpinning }

Functions

BOOLEAN PsChangeJobMemoryUsage (SSIZE_T Amount)

VOID PsReportProcessMemoryLimitViolation (VOID)

VOID PsEnforceExecutionTimeLimits (VOID)

BOOLEAN PsInitSystem (IN ULONG Phase, IN PLOADER_PARAMETER_BLOCK LoaderBlock)

NTSTATUS PsLocateSystemDll (VOID)

VOID PsChangeQuantumTable (BOOLEAN ModifyActiveProcesses, ULONG PrioritySeparation)

VOID PsExitSpecialApc (IN PKAPC Apc, IN PKNORMAL_ROUTINE *NormalRoutine, IN PVOID *NormalContext, IN PVOID *SystemArgument1, IN PVOID *SystemArgument2)

NTKERNELAPI NTSTATUS PsCreateSystemThread (OUT PHANDLE ThreadHandle, IN ULONG DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ProcessHandle OPTIONAL, OUT PCLIENT_ID ClientId OPTIONAL, IN PKSTART_ROUTINE StartRoutine, IN PVOID StartContext)

NTKERNELAPI NTSTATUS PsTerminateSystemThread (IN NTSTATUS ExitStatus)

NTSTATUS PsCreateSystemProcess (OUT PHANDLE ProcessHandle, IN ULONG DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL)

ULONG PsSetLegoNotifyRoutine (PLEGO_NOTIFY_ROUTINE LegoNotifyRoutine)

NTSTATUS PsSetCreateProcessNotifyRoutine (IN PCREATE_PROCESS_NOTIFY_ROUTINE NotifyRoutine, IN BOOLEAN Remove)

NTSTATUS PsSetCreateThreadNotifyRoutine (IN PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine)

NTSTATUS PsSetLoadImageNotifyRoutine (IN PLOAD_IMAGE_NOTIFY_ROUTINE NotifyRoutine)

NTSTATUS PsAssignImpersonationToken (IN PETHREAD Thread, IN HANDLE Token)

NTKERNELAPI PACCESS_TOKEN PsReferencePrimaryToken (IN PEPROCESS Process)

NTKERNELAPI PACCESS_TOKEN PsReferenceImpersonationToken (IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)

PACCESS_TOKEN PsReferenceEffectiveToken (IN PETHREAD Thread, OUT PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)

LARGE_INTEGER PsGetProcessExitTime (VOID)

VOID PsCallImageNotifyRoutines (IN PUNICODE_STRING FullImageName, IN HANDLE ProcessId, IN PIMAGE_INFO ImageInfo)

NTSTATUS PsImpersonateClient (IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)

BOOLEAN PsDisableImpersonation (IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)

VOID PsRestoreImpersonation (IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)

NTKERNELAPI VOID PsRevertToSelf (VOID)

NTSTATUS PsOpenTokenOfThread (IN HANDLE ThreadHandle, IN BOOLEAN OpenAsSelf, OUT PACCESS_TOKEN *Token, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)

NTSTATUS PsOpenTokenOfProcess (IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)

NTSTATUS PsOpenTokenOfJob (IN HANDLE JobHandle, OUT PACCESS_TOKEN *Token)

NTSTATUS PsLookupProcessThreadByCid (IN PCLIENT_ID Cid, OUT PEPROCESS *Process OPTIONAL, OUT PETHREAD *Thread)

NTKERNELAPI NTSTATUS PsLookupProcessByProcessId (IN HANDLE ProcessId, OUT PEPROCESS *Process)

NTKERNELAPI NTSTATUS PsLookupThreadByThreadId (IN HANDLE ThreadId, OUT PETHREAD *Thread)

VOID PsChargePoolQuota (IN PEPROCESS Process, IN POOL_TYPE PoolType, IN ULONG_PTR Amount)

VOID PsReturnPoolQuota (IN PEPROCESS Process, IN POOL_TYPE PoolType, IN ULONG_PTR Amount)

VOID PspContextToKframes (OUT PKTRAP_FRAME TrapFrame, OUT PKEXCEPTION_FRAME ExceptionFrame, IN PCONTEXT Context)

VOID PspContextFromKframes (OUT PKTRAP_FRAME TrapFrame, OUT PKEXCEPTION_FRAME ExceptionFrame, IN PCONTEXT Context)

VOID PsReturnSharedPoolQuota (IN PEPROCESS_QUOTA_BLOCK QuotaBlock, IN ULONG_PTR PagedAmount, IN ULONG_PTR NonPagedAmount)

PEPROCESS_QUOTA_BLOCK PsChargeSharedPoolQuota (IN PEPROCESS Process, IN ULONG_PTR PagedAmount, IN ULONG_PTR NonPagedAmount)

NTSTATUS PsLockProcess (IN PEPROCESS Process, IN KPROCESSOR_MODE WaitMode, IN PSLOCKPROCESSMODE LockMode)

VOID PsUnlockProcess (IN PEPROCESS Process)

BOOLEAN PsForwardException (IN PEXCEPTION_RECORD ExceptionRecord, IN BOOLEAN DebugException, IN BOOLEAN SecondChance)

NTKERNELAPI VOID PsEstablishWin32Callouts (IN PKWIN32_PROCESS_CALLOUT ProcessCallout, IN PKWIN32_THREAD_CALLOUT ThreadCallout, IN PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout, IN PKWIN32_POWEREVENT_CALLOUT PowerEventCallout, IN PKWIN32_POWERSTATE_CALLOUT PowerStateCallout, IN PKWIN32_JOB_CALLOUT JobCallout, IN PVOID BatchFlushRoutine)

NTKERNELAPI VOID PsSetProcessPriorityByClass (IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE PriorityMode)

HANDLE PsGetCurrentProcessId (VOID)

HANDLE PsGetCurrentThreadId (VOID)

BOOLEAN PsGetVersion (PULONG MajorVersion OPTIONAL, PULONG MinorVersion OPTIONAL, PULONG BuildNumber OPTIONAL, PUNICODE_STRING CSDVersion OPTIONAL)

Variables

ULONG PsPrioritySeperation

ULONG PsRawPrioritySeparation

LIST_ENTRY PsActiveProcessHead

UNICODE_STRING PsNtDllPathName

PVOID PsSystemDllBase

FAST_MUTEX PsProcessSecurityLock

PEPROCESS PsInitialSystemProcess

PVOID PsNtosImageBase

PVOID PsHalImageBase

LIST_ENTRY PsLoadedModuleList

ERESOURCE PsLoadedModuleResource

LCID PsDefaultSystemLocaleId

LCID PsDefaultThreadLocaleId

LANGID PsDefaultUILanguageId

LANGID PsInstallUILanguageId

PEPROCESS PsIdleProcess

BOOLEAN PsReaperActive

LIST_ENTRY PsReaperListHead

WORK_QUEUE_ITEM PsReaperWorkItem

BOOLEAN PsImageNotifyEnabled

Define Documentation

#define IMAGE_ADDRESSING_MODE_32BIT 3

Definition at line 769 of file ps.h.
Referenced by DbgkCreateThread(), MiLoadSystemImage(), and MiMapViewOfImageSection().

#define IS_SYSTEM_THREAD ( thread )

Value:
(((thread)->Tcb.Teb == NULL) || \ (IS_SYSTEM_ADDRESS((thread)->Tcb.Teb)))

Definition at line 639 of file ps.h.
Referenced by ExpRaiseHardError(), IoIsSystemThread(), NtGetContextThread(), NtQueueApcThread(), NtReplyWaitReceivePort(), NtReplyWaitReceivePortEx(), NtSetContextThread(), NtSetInformationProcess(), NtSetInformationThread(), NtTerminateProcess(), NtTerminateThread(), PsAssignImpersonationToken(), PspExitNormalApc(), PspExitThread(), PspTerminateProcess(), PsTerminateSystemThread(), QueuePowerRequest(), UserCommitDesktopMemory(), UserGetDesktopDC(), VerifierExAcquireFastMutexUnsafe(), VerifierExAcquireResourceExclusive(), VerifierExReleaseFastMutex(), VerifierExReleaseFastMutexUnsafe(), VerifierExReleaseResource(), and xxxSwitchDesktop().

#define MEMORY_PRIORITY_BACKGROUND 0

Definition at line 41 of file ps.h.
Referenced by MmSetMemoryPriorityProcess(), NtSetInformationProcess(), PsChangeQuantumTable(), and PsSetProcessPriorityByClass().

#define MEMORY_PRIORITY_FOREGROUND 2

Definition at line 43 of file ps.h.
Referenced by KiUnwaitThread(), MiCheckProcessTrimCriteria(), MiDetermineWsTrimAmount(), MiDoReplacement(), MiRearrangeWorkingSetExpansionList(), NtSetInformationProcess(), PspApplyJobLimitsToProcess(), and PsSetProcessPriorityByClass().

#define MEMORY_PRIORITY_WASFOREGROUND 1

Definition at line 42 of file ps.h.

#define PS_CLEAR_BITS ( Flags,
Flag ) ExInterlockedClearBits (Flags, Flag)

Definition at line 151 of file ps.h.
Referenced by PsEnforceExecutionTimeLimits().

#define PS_GET_THREAD_CREATE_TIME ( Thread ) ((Thread)->CreateTime.QuadPart >> 3)

Definition at line 341 of file ps.h.
Referenced by ExpCopyThreadInfo(), NtQueryInformationThread(), and PspExitThread().

#define PS_JOB_STATUS_ACCOUNTING_FOLDED 0x00000002

Definition at line 315 of file ps.h.
Referenced by NtQueryInformationJobObject(), NtSetInformationJobObject(), PsEnforceExecutionTimeLimits(), PspAddProcessToJob(), and PspFoldProcessAccountingIntoJob().

#define PS_JOB_STATUS_EXIT_PROCESS_REPORTED 0x00000008

Definition at line 317 of file ps.h.
Referenced by PspExitProcess().

#define PS_JOB_STATUS_LAST_REPORT_MEMORY 0x00000020

Definition at line 319 of file ps.h.
Referenced by NtSetInformationJobObject(), PsChangeJobMemoryUsage(), PsEnforceExecutionTimeLimits(), PspAddProcessToJob(), PspExitProcess(), PspFoldProcessAccountingIntoJob(), and PsReportProcessMemoryLimitViolation().

#define PS_JOB_STATUS_NEW_PROCESS_REPORTED 0x00000004

Definition at line 316 of file ps.h.
Referenced by NtSetInformationJobObject(), PsChangeJobMemoryUsage(), PspAddProcessToJob(), PspCreateThread(), and PsReportProcessMemoryLimitViolation().

#define PS_JOB_STATUS_NOT_REALLY_ACTIVE 0x00000001

Definition at line 314 of file ps.h.
Referenced by NtQueryInformationJobObject(), NtSetInformationJobObject(), PsEnforceExecutionTimeLimits(), PspAddProcessToJob(), PspApplyJobLimitsToProcessSet(), PspCreateThread(), PspExitProcess(), PspExitProcessFromJob(), PspRemoveProcessFromJob(), and PspTerminateAllProcessesInJob().

#define PS_JOB_STATUS_REPORT_COMMIT_CHANGES 0x00000010

Definition at line 318 of file ps.h.
Referenced by MiInsertVad(), MiRemoveVad(), MiReturnPageTablePageCommitment(), MiSetProtectionOnSection(), MmAssignProcessToJob(), MmCleanProcessAddressSpace(), NtAllocateVirtualMemory(), and NtFreeVirtualMemory().

#define PS_SET_BITS ( Flags,
Flag ) ExInterlockedSetBits (Flags, Flag)

Definition at line 148 of file ps.h.
Referenced by PsChangeJobMemoryUsage(), PspAddProcessToJob(), PspCreateThread(), PspExitProcessFromJob(), PspRemoveProcessFromJob(), PspTerminateAllProcessesInJob(), and PsReportProcessMemoryLimitViolation().

#define PS_SET_CLEAR_BITS ( Flags,
sFlag,
cFlag ) ExInterlockedSetClearBits (Flags, sFlag, cFlag)

Definition at line 154 of file ps.h.
Referenced by NtSetInformationJobObject(), PsEnforceExecutionTimeLimits(), PspAddProcessToJob(), PspExitProcess(), and PspFoldProcessAccountingIntoJob().

#define PS_SET_THREAD_CREATE_TIME ( Thread,
InputCreateTime ) ((Thread)->CreateTime.QuadPart = (InputCreateTime.QuadPart << 3))

Definition at line 343 of file ps.h.
Referenced by PspCreateThread().

#define PS_WS_TRIM_BACKGROUND_ONLY_APP 2

Definition at line 133 of file ps.h.
Referenced by PsSetProcessPriorityByClass().

#define PS_WS_TRIM_FROM_EXE_HEADER 1

Definition at line 132 of file ps.h.

#define PsDereferenceImpersonationToken ( T )

Value:
{if (ARGUMENT_PRESENT(T)) { \ (ObDereferenceObject((T))); \ } else { \ ; \ } \ }

Definition at line 840 of file ps.h.
Referenced by PsImpersonateClient(), PsOpenTokenOfThread(), SepCreateClientSecurity(), SepOpenTokenOfThread(), and SeReleaseSubjectContext().

#define PsDereferencePrimaryToken ( T ) (ObDereferenceObject((T)))

Definition at line 810 of file ps.h.
Referenced by NtOpenThreadToken(), NtSecureConnectPort(), NtSetInformationProcess(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), SeIsChildToken(), SeIsChildTokenByPointer(), SepCreateClientSecurity(), SeReleaseSubjectContext(), and SeSubProcessToken().

#define PsFreeProcessSecurityFields ( ) ExReleaseFastMutex( &PsProcessSecurityLock )

Definition at line 661 of file ps.h.
Referenced by NtAssignProcessToJobObject(), PsDisableImpersonation(), PsImpersonateClient(), PspAssignPrimaryToken(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), PsReferencePrimaryToken(), and PsRevertToSelf().

#define PsGetCurrentProcess ( ) (CONTAINING_RECORD(((KeGetCurrentThread())->ApcState.Process),EPROCESS,Pcb))

Definition at line 643 of file ps.h.
Referenced by _LoadCursorsAndIcons(), _RegisterHotKey(), BuildQueryDirectoryIrp(), CcInitializeCacheManager(), CheckHandleInUse(), CheckWinstaWriteAttributesAccess(), CmInitSystem1(), CmNotifyRunDown(), CmpCreateRegistryRoot(), CmpDoCreateChild(), CmpDoOpen(), CmpPostApc(), CmpPostApcRunDown(), CommitReadOnlyMemory(), DbgkCreateThread(), DbgkExitProcess(), DbgkExitThread(), DbgkForwardException(), DbgkMapViewOfSection(), DbgkpResumeProcess(), DbgkpSendApiMessage(), DbgkpSuspendProcess(), DbgkUnMapViewOfSection(), ExAllocatePoolWithQuota(), ExAllocatePoolWithQuotaTag(), ExpAllocateHandleTable(), ExpMutantInitialization(), ExpRaiseHardError(), FastGetProfileStringW(), InitializePool(), IoGetCurrentProcess(), IopChainDereferenceComplete(), IopCloseFile(), IopWriteTriageDump(), Ke386CallBios(), KeFlushEntireTb(), KeFlushMultipleTb(), KeFlushSingleTb(), KeIA32GetGdtEntryThread(), KeIA32SetIoAccessMap(), KeIA32SetLdtProcess(), KeUserModeCallback(), Ki386VdmDispatchIo(), Ki386VdmDispatchStringIo(), KiDispatchException(), KiMemoryFault(), LpcpCopyRequestData(), LpcpCreatePort(), LpcpDeletePort(), LpcpFindDataInfoMessage(), LpcpFreeDataInfoMessage(), LpcpSaveDataInfoMessage(), LpcRequestPort(), LpcRequestWaitReplyPort(), MiAddValidPageToWorkingSet(), MiAttachSession(), MiCheckForUserStackOverflow(), MiCloneProcessAddressSpace(), MiCompleteProtoPteFault(), MiCopyOnWrite(), MiDeletePageTablesForPhysicalRange(), MiDeleteVirtualAddresses(), MiDereferenceSession(), MiDetachSession(), MiDoMappedCopy(), MiDoPoolCopy(), MiEliminateWorkingSetEntry(), MiEmptyWorkingSet(), MiFindEmptyAddressRange(), MiFindImageSectionObject(), MiFlushTbAndCapture(), MiGetPageForHeader(), MiGetWorkingSetInfo(), MiGetWritablePagesInSection(), MiGrowWsleHash(), MiInitMachineDependent(), MiInsertImageSectionObject(), MiInsertPageInList(), MiInsertVad(), MiInsertWsle(), MiLoadImageSection(), MiLoadSystemImage(), MiLocateAddress(), MiMapLockedPagesInUserSpace(), MiRemoveUserPhysicalPagesVad(), MiRemoveVad(), MiRemoveWorkingSetPages(), MiSegmentDelete(), MiSessionAddProcess(), MiSessionRemoveProcess(), MiSessionWideReserveImageAddress(), MiUnmapLockedPagesInUserSpace(), MiUpdateWsle(), MmAccessFault(), MmAdjustWorkingSetSize(), MmAllowWorkingSetExpansion(), MmAssignProcessToJob(), MmCleanProcessAddressSpace(), MmCopyVirtualMemory(), MmCreateProcessAddressSpace(), MmEnforceWorkingSetLimit(), MmFlushVirtualMemory(), MmInitSystem(), MmMapUserAddressesToPage(), MmMapViewInSessionSpace(), MmMapViewOfSection(), MmProbeAndLockPages(), MmProbeAndLockProcessPages(), MmSecureVirtualMemory(), MmSessionCreate(), MmSessionDelete(), MmSessionSetUnloadAddress(), MmSetMemoryPriorityProcess(), MmUnmapViewInSessionSpace(), MmUnmapViewOfSection(), MmUnsecureVirtualMemory(), MmWorkingSetManager(), NtAcceptConnectPort(), NtAllocateUserPhysicalPages(), NtAllocateVirtualMemory(), NtAreMappedFilesTheSame(), NtClose(), NtCreateChannel(), NtCreateJobObject(), NtDuplicateObject(), NtFreeUserPhysicalPages(), NtFreeVirtualMemory(), NtLoadDriver(), NtLockFile(), NtMapUserPhysicalPages(), NtMapUserPhysicalPagesScatter(), NtMapViewOfSection(), NtNotifyChangeMultipleKeys(), NtOpenChannel(), NtOpenObjectAuditAlarm(), NtProtectVirtualMemory(), NtQueryInformationFile(), NtQueryInformationJobObject(), NtQueryQuotaInformationFile(), NtQueryVirtualMemory(), NtQueryVolumeInformationFile(), NtReadFileScatter(), NtReadVirtualMemory(), NtReplyPort(), NtReplyWaitReceivePort(), NtReplyWaitReceivePortEx(), NtReplyWaitReplyPort(), NtRequestPort(), NtRequestWaitReplyPort(), NtSecureConnectPort(), NtSetDefaultHardErrorPort(), NtSetEvent(), NtSetInformationFile(), NtSetInformationObject(), NtSetInformationProcess(), NtSetInformationThread(), NtSetLdtEntries(), NtSetVolumeInformationFile(), NtTerminateProcess(), NtTerminateThread(), NtUnloadDriver(), NtUnlockFile(), NtUserInitialize(), NtUserSetThreadDesktop(), NtWaitForMultipleObjects(), NtWriteFileGather(), NtWriteVirtualMemory(), ObInitSystem(), ObpAllocateObject(), ObpChargeQuotaForObject(), ObpCreateHandle(), ObpCreateUnnamedHandle(), ObpIncrementHandleCount(), ObpIncrementUnnamedHandleCount(), ObpLookupObjectName(), ObpProcessDosDeviceSymbolicLink(), ObReferenceObjectByHandle(), ObSetDeviceMap(), OpenCacheKeyEx(), PsAssignImpersonationToken(), PsChangeJobMemoryUsage(), PsConvertToGuiThread(), PsGetProcessExitTime(), PsLocateSystemDll(), PspCreateProcess(), PspExitThread(), PspInitPhase0(), PspTerminateProcess(), PspUserThreadStartup(), PsReportProcessMemoryLimitViolation(), PsWatchWorkingSet(), ResetSharedDesktops(), SeCaptureSubjectContext(), SeIsChildToken(), SeIsChildTokenByPointer(), SepAccessCheckAndAuditAlarm(), SepAdtCloseObjectAuditAlarm(), SepAdtDeleteObjectAuditAlarm(), SepAdtHandleAuditAlarm(), SepInitializationPhase0(), SepRmCommandServerThreadInit(), SetHandleInUse(), SmbTraceCompleteRdr(), SmbTraceCompleteSrv(), SmbTraceDisconnect(), SmbTraceStart(), SmbTraceStop(), SmbTraceToClient(), UserCommitDesktopMemory(), UserCommitSharedMemory(), UserCreateHeap(), UserGlobalAtomTableCallout(), VdmDispatchInterrupts(), VdmpDelayIntApcRoutine(), VdmpDelayInterrupt(), VdmpInitialize(), VdmpPrinterInitialize(), VdmpQueueIntApcRoutine(), VdmpQueueInterrupt(), VdmpQueueIntNormalRoutine(), Win32UserInitialize(), xxxCreateDesktop2(), xxxCreateWindowStation(), xxxGetInputDesktop(), xxxGetThreadDesktop(), xxxInternalActivateKeyboardLayout(), xxxResolveDesktop(), xxxSetProcessWindowStation(), and zzzClipCursor().

#define PsGetCurrentThread ( ) (CONTAINING_RECORD((KeGetCurrentThread()),ETHREAD,Tcb))

Definition at line 645 of file ps.h.
Referenced by _ImpersonateDdeClientWindow(), _RegisterTasklist(), BuildQueryDirectoryIrp(), CcCopyRead(), CcFastCopyRead(), CcMapAndCopy(), CcMapAndRead(), CcMapData(), CcMdlRead(), CcPerformReadAhead(), CcSetValidData(), CheckClipboardAccess(), CloseDevice(), CmpNotifyChangeKey(), DbgkCreateThread(), DbgkExitProcess(), DbgkExitThread(), DbgkForwardException(), DbgkMapViewOfSection(), DbgkUnMapViewOfSection(), DeviceNotify(), ExAcquireResourceExclusiveLite(), ExAcquireResourceSharedLite(), ExAcquireSharedStarveExclusive(), ExAcquireSharedWaitForExclusive(), ExAllocatePool(), ExConvertExclusiveToSharedLite(), ExDebugLogEvent(), ExFreePool(), ExIsResourceAcquiredExclusiveLite(), ExIsResourceAcquiredSharedLite(), ExpAcquireResourceExclusiveLite(), ExpRaiseHardError(), ExpTimerApcRoutine(), ExpWorkerThread(), ExReleaseResourceLite(), ExSetResourceOwnerPointer(), ExTimerRundown(), ExTryToAcquireResourceExclusiveLite(), FsRtlCopyRead(), FsRtlCopyWrite(), FsRtlGetFileSize(), FsRtlMdlReadDev(), FsRtlPrepareMdlWriteDev(), FsRtlSetFileSize(), FsRtlStackOverflowRead(), FsRtlWorkerThread(), FullScreenCleanup(), GetProcessLuid(), InitiateShutdown(), InitSystemThread(), IoAsynchronousPageWrite(), IoBuildAsynchronousFsdRequest(), IoBuildDeviceIoControlRequest(), IoCancelFileOpen(), IoCancelThreadIo(), IoGetInitialStack(), IoGetTopLevelIrp(), IoPageRead(), IopAsynchronousCall(), IopCloseFile(), IopCompleteRequest(), IopDeleteFile(), IopDisassociateThreadIrp(), IopEjectDevice(), IopFilterResourceRequirementsCall(), IopGetFileName(), IopGetSetSecurityObject(), IopMountVolume(), IopParseDevice(), IopQueryXxxInformation(), IopSetEaOrQuotaInformationFile(), IopSynchronousCall(), IopUpdateOtherOperationCount(), IopUpdateOtherTransferCount(), IopUpdateReadOperationCount(), IopUpdateReadTransferCount(), IopUpdateWriteOperationCount(), IopUpdateWriteTransferCount(), IopWriteTriageDump(), IopXxxControlFile(), IoRaiseInformationalHardError(), IoRetryIrpCompletions(), IoSetInformation(), IoSetThreadHardErrorMode(), IoSetTopLevelIrp(), IoSynchronousPageWrite(), IoVerifyVolume(), IovpAllocateIrp1(), IovpCallDriver1(), IovpCallDriver2(), IovpThrowBogusSynchronousIrp(), KeIA32SetLdtProcess(), LpcpCreatePort(), LpcpDeletePort(), LpcRequestPort(), LpcRequestWaitReplyPort(), MESSAGECALL(), MiAddWorkingSetPage(), MiAddWsleHash(), MiAllocatePoolPages(), MiCheckForUserStackOverflow(), MiCheckPageFilePath(), MiCloneProcessAddressSpace(), MiCompleteProtoPteFault(), MiCopyOnWrite(), MiDereferenceSegmentThread(), MiDispatchFault(), MiEmptyAllWorkingSets(), MiEmptyWorkingSet(), MiEnsureAvailablePageOrWait(), MiGetInPageSupportBlock(), MiInsertConflictInList(), MiLockCode(), MiMakeSpecialPoolPagable(), MiMappedPageWriter(), MiModifiedPageWriter(), MiResolveDemandZeroFault(), MiResolveMappedFileFault(), MiResolvePageFileFault(), MiResolveTransitionFault(), MiSessionCommitPageTables(), MiUpdateWsle(), MmAccessFault(), MmCheckCachedPageState(), MmCopyToCachedPage(), MmFlushSection(), MmFreeSpecialPool(), MmGrowKernelStack(), MmIsRecursiveIoFault(), MmProbeAndLockPages(), MmResourcesAvailable(), MmTrimAllSystemPagableMemory(), MmWorkingSetManager(), NtAcceptConnectPort(), NtCancelIoFile(), NtClose(), NtFlushBuffersFile(), NtGetContextThread(), NtLockFile(), NtNotifyChangeDirectoryFile(), NtOpenThreadToken(), NtQueryEaFile(), NtQueryInformationFile(), NtQueryInformationThread(), NtQueryQuotaInformationFile(), NtQueryVolumeInformationFile(), NtReadFile(), NtReadFileScatter(), NtRegisterThreadTerminatePort(), NtReplyPort(), NtReplyWaitReceivePort(), NtReplyWaitReceivePortEx(), NtReplyWaitReplyPort(), NtRequestPort(), NtRequestWaitReplyPort(), NtSecureConnectPort(), NtSetContextThread(), NtSetEaFile(), NtSetInformationFile(), NtSetInformationThread(), NtSetTimer(), NtSetVolumeInformationFile(), NtSuspendThread(), NtTerminateProcess(), NtTerminateThread(), NtUnlockFile(), NtWriteFile(), NtWriteFileGather(), ObInitSystem(), ObReferenceObjectByHandle(), OpenDevice(), PsConvertToGuiThread(), PsGetCurrentProcessId(), PsGetCurrentThreadId(), PsLockProcess(), PsOpenTokenOfThread(), PspCreateThread(), PspExitNormalApc(), PspExitThread(), PspGetSetContextApc(), PspGetSetContextSpecialApc(), PspGetSetContextSpecialApcMain(), PspNullSpecialApc(), PspSystemThreadStartup(), PspTerminateThreadByPointer(), PspUserThreadStartup(), PsRevertToSelf(), PsTerminateSystemThread(), QueuePowerRequest(), RegisterForDeviceChangeNotifications(), SeCaptureSubjectContext(), SeImpersonateClientEx(), SepDeReferenceLogonSession(), SepInitializationPhase0(), SepOpenTokenOfThread(), SepReferenceLogonSession(), StartDeviceRead(), UdfProcessException(), UnregisterForDeviceChangeNotifications(), UserCommitDesktopMemory(), UserGetDesktopDC(), UserGlobalAtomTableCallout(), UserInitialize(), VdmpInitialize(), VdmpQueueIntApcRoutine(), VdmpQueueIntNormalRoutine(), VdmpStartExecution(), VdmQueryDirectoryFile(), VerifierExAcquireFastMutexUnsafe(), VerifierExAcquireResourceExclusive(), VerifierExReleaseFastMutex(), VerifierExReleaseFastMutexUnsafe(), VerifierExReleaseResource(), xxxDesktopWndProc(), xxxDestroyWindow(), xxxGetThreadDesktop(), xxxHkCallHook(), xxxMakeWindowForegroundWithState(), xxxSendMessageEx(), xxxSetProcessWindowStation(), xxxSleepTask(), xxxSnapWindow(), and xxxSwitchDesktop().

#define PsIsThreadTerminating ( T ) (T)->HasTerminated

Definition at line 875 of file ps.h.
Referenced by NtClose(), PtiFromThreadId(), VdmpIsThreadTerminating(), VdmpQueueIntApcRoutine(), and xxxSleepTask().

#define PsLockProcessSecurityFields ( ) ExAcquireFastMutex( &PsProcessSecurityLock )

Definition at line 654 of file ps.h.
Referenced by NtAssignProcessToJobObject(), PsDisableImpersonation(), PsImpersonateClient(), PspAssignPrimaryToken(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), PsReferencePrimaryToken(), and PsRevertToSelf().

#define PSP_INVALID_ID ((ULONG_PTR)(0x82)<<((sizeof(ULONG_PTR)-1)*8))

Definition at line 29 of file ps.h.
Referenced by PsLookupProcessByProcessId(), PsLookupProcessThreadByCid(), PsLookupThreadByThreadId(), PspCreateThread(), and PspExitThread().

#define PsProcessAuditId ( Process ) ((Process)->UniqueProcessId)

Definition at line 814 of file ps.h.
Referenced by NtOpenObjectAuditAlarm(), SeAuditHandleDuplication(), SeAuditProcessExit(), SeCaptureSubjectContext(), SepAccessCheckAndAuditAlarm(), SepAdtCloseObjectAuditAlarm(), SepAdtDeleteObjectAuditAlarm(), and SepAdtHandleAuditAlarm().

#define THREAD_TO_PROCESS ( thread ) ((thread)->ThreadsProcess)

Definition at line 638 of file ps.h.
Referenced by FsRtlNotifyFullChangeDirectory(), InitiateShutdown(), IoGetRequestorProcess(), IoGetRequestorSessionId(), IopUpdateOtherOperationCount(), IopUpdateOtherTransferCount(), IopUpdateReadOperationCount(), IopUpdateReadTransferCount(), IopUpdateWriteOperationCount(), IopUpdateWriteTransferCount(), IoThreadToProcess(), LpcpCopyRequestData(), LpcRequestWaitReplyPort(), NtAcceptConnectPort(), NtQueryInformationThread(), NtReplyPort(), NtReplyWaitReceivePort(), NtReplyWaitReceivePortEx(), NtReplyWaitReplyPort(), NtRequestWaitReplyPort(), NtSetInformationThread(), NtTerminateThread(), PsAssignImpersonationToken(), PsLookupProcessThreadByCid(), PspExitThread(), PspQueryDescriptorThread(), PspReaper(), PspThreadDelete(), PsReferenceEffectiveToken(), xxxMinMaximize(), xxxSetProcessWindowStation(), and zzzSetWindowsHookEx().

Typedef Documentation

typedef struct _EJOB EJOB

Referenced by NtCreateJobObject().

typedef struct _EPROCESS EPROCESS

Referenced by PspCreateProcess().

typedef struct _EPROCESS_QUOTA_BLOCK EPROCESS_QUOTA_BLOCK

typedef struct _ETHREAD ETHREAD

Referenced by PspCreateThread().

typedef struct _IMAGE_INFO IMAGE_INFO

Referenced by DbgkCreateThread().

typedef struct _INITIAL_PEB INITIAL_PEB

Referenced by PspCreateProcess().

typedef struct _MMSUPPORT MMSUPPORT

typedef struct _MMSUPPORT_FLAGS MMSUPPORT_FLAGS

typedef VOID(* PCREATE_PROCESS_NOTIFY_ROUTINE)(IN HANDLE ParentId, IN HANDLE ProcessId, IN BOOLEAN Create)

Definition at line 724 of file ps.h.

typedef VOID(* PCREATE_THREAD_NOTIFY_ROUTINE)(IN HANDLE ProcessId, IN HANDLE ThreadId, IN BOOLEAN Create)

Definition at line 738 of file ps.h.

typedef EJOB* PEJOB

Definition at line 566 of file ps.h.

typedef EPROCESS* PEPROCESS

Definition at line 321 of file ps.h.

typedef struct _EPROCESS_QUOTA_BLOCK * PEPROCESS_QUOTA_BLOCK

Referenced by MiChargePageFileQuota().

typedef ETHREAD* PETHREAD

Definition at line 456 of file ps.h.

typedef struct _IMAGE_INFO * PIMAGE_INFO

Referenced by PsCallImageNotifyRoutines().

typedef struct _INITIAL_PEB * PINITIAL_PEB

typedef NTSTATUS(* PKWIN32_JOB_CALLOUT)(IN PKWIN32_JOBCALLOUT_PARAMETERS Parm)

Definition at line 1075 of file ps.h.

typedef struct _WIN32_JOBCALLOUT_PARAMETERS * PKWIN32_JOBCALLOUT_PARAMETERS

Referenced by UserJobCallout().

typedef NTSTATUS(* PKWIN32_POWEREVENT_CALLOUT)(IN PKWIN32_POWEREVENT_PARAMETERS Parm)

Definition at line 1119 of file ps.h.

typedef struct _WIN32_POWEREVENT_PARAMETERS * PKWIN32_POWEREVENT_PARAMETERS

Referenced by QueuePowerRequest().

typedef NTSTATUS(* PKWIN32_POWERSTATE_CALLOUT)(IN PKWIN32_POWERSTATE_PARAMETERS Parm)

Definition at line 1125 of file ps.h.

typedef struct _WIN32_POWERSTATE_PARAMETERS * PKWIN32_POWERSTATE_PARAMETERS

Referenced by UserPowerStateCallout().

typedef NTSTATUS(* PKWIN32_PROCESS_CALLOUT)(IN PEPROCESS Process, IN BOOLEAN Initialize)

Definition at line 1054 of file ps.h.

typedef NTSTATUS(* PKWIN32_THREAD_CALLOUT)(IN PETHREAD Thread, IN PSW32THREADCALLOUTTYPE CalloutType)

Definition at line 1087 of file ps.h.

typedef VOID(* PLEGO_NOTIFY_ROUTINE)(PKTHREAD Thread)

Definition at line 709 of file ps.h.

typedef VOID(* PLOAD_IMAGE_NOTIFY_ROUTINE)(IN PUNICODE_STRING FullImageName, IN HANDLE ProcessId,IN PIMAGE_INFO ImageInfo)

Definition at line 773 of file ps.h.
Referenced by PsSetLoadImageNotifyRoutine().

typedef MMSUPPORT* PMMSUPPORT

Definition at line 85 of file ps.h.
Referenced by MiLockCode().

typedef struct _PS_IMPERSONATION_INFORMATION * PPS_IMPERSONATION_INFORMATION

typedef struct _PS_JOB_TOKEN_FILTER * PPS_JOB_TOKEN_FILTER

typedef struct _PS_IMPERSONATION_INFORMATION PS_IMPERSONATION_INFORMATION

typedef struct _PS_JOB_TOKEN_FILTER PS_JOB_TOKEN_FILTER

Referenced by PspCaptureTokenFilter().

typedef enum _PSLOCKPROCESSMODE PSLOCKPROCESSMODE

Referenced by PsLockProcess().

typedef enum _PSPOWEREVENTTYPE PSPOWEREVENTTYPE

Referenced by xxxUserPowerEventCalloutWorker().

typedef enum _PSPROCESSPRIORITYMODE PSPROCESSPRIORITYMODE

typedef enum _PSW32JOBCALLOUTTYPE PSW32JOBCALLOUTTYPE

Referenced by UserJobCallout().

typedef enum _PSW32THREADCALLOUTTYPE PSW32THREADCALLOUTTYPE

typedef struct _WOW64_PROCESS * PWOW64_PROCESS

Referenced by MmInitializeProcessAddressSpace().

typedef struct _WIN32_JOBCALLOUT_PARAMETERS WIN32_JOBCALLOUT_PARAMETERS

typedef struct _WIN32_POWEREVENT_PARAMETERS WIN32_POWEREVENT_PARAMETERS

typedef struct _WIN32_POWERSTATE_PARAMETERS WIN32_POWERSTATE_PARAMETERS

typedef struct _WOW64_PROCESS WOW64_PROCESS

Referenced by MmInitializeProcessAddressSpace().

Enumeration Type Documentation

enum _PSLOCKPROCESSMODE

Enumeration values:

PsLockPollOnTimeout

PsLockReturnTimeout

PsLockWaitForever

PsLockIAmExiting

Definition at line 1021 of file ps.h.

01021 { 01022 PsLockPollOnTimeout, 01023 PsLockReturnTimeout, 01024 PsLockWaitForever, 01025 PsLockIAmExiting 01026 } PSLOCKPROCESSMODE;

enum _PSPOWEREVENTTYPE

Enumeration values:

PsW32FullWake

PsW32EventCode

PsW32PowerPolicyChanged

PsW32SystemPowerState

PsW32SystemTime

PsW32DisplayState

PsW32CapabilitiesChanged

PsW32SetStateFailed

PsW32GdiOff

PsW32GdiOn

Definition at line 1092 of file ps.h.

01092 { 01093 PsW32FullWake, 01094 PsW32EventCode, 01095 PsW32PowerPolicyChanged, 01096 PsW32SystemPowerState, 01097 PsW32SystemTime, 01098 PsW32DisplayState, 01099 PsW32CapabilitiesChanged, 01100 PsW32SetStateFailed, 01101 PsW32GdiOff, 01102 PsW32GdiOn 01103 } PSPOWEREVENTTYPE;

enum _PSPROCESSPRIORITYMODE

Enumeration values:

PsProcessPriorityBackground

PsProcessPriorityForeground

PsProcessPrioritySpinning

Definition at line 1142 of file ps.h.

01142 { 01143 PsProcessPriorityBackground, 01144 PsProcessPriorityForeground, 01145 PsProcessPrioritySpinning 01146 } PSPROCESSPRIORITYMODE;

enum _PSW32JOBCALLOUTTYPE

Enumeration values:

PsW32JobCalloutSetInformation

PsW32JobCalloutAddProcess

PsW32JobCalloutTerminate

Definition at line 1060 of file ps.h.

01060 { 01061 PsW32JobCalloutSetInformation, 01062 PsW32JobCalloutAddProcess, 01063 PsW32JobCalloutTerminate 01064 } PSW32JOBCALLOUTTYPE;

enum _PSW32THREADCALLOUTTYPE

Enumeration values:

PsW32ThreadCalloutInitialize

PsW32ThreadCalloutExit

Definition at line 1080 of file ps.h.

01080 { 01081 PsW32ThreadCalloutInitialize, 01082 PsW32ThreadCalloutExit 01083 } PSW32THREADCALLOUTTYPE;

Function Documentation

NTSTATUS PsAssignImpersonationToken ( IN PETHREAD Thread,

IN HANDLE Token

)

Definition at line 1483 of file ps/security.c.
References FALSE, Filter, IS_SYSTEM_THREAD, KeAttachProcess(), KeDetachProcess(), KPROCESSOR_MODE, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), _EPROCESS::Pcb, PsGetCurrentProcess, PsImpersonateClient(), SeFastFilterToken(), SeTokenImpersonationLevel(), SeTokenIsAdmin(), SeTokenIsRestricted(), SeTokenObjectType, SeTokenType(), Status, THREAD_TO_PROCESS, Token, and TRUE.
Referenced by NtSetInformationThread().

01490 : 01491 01492 This function performs the security portions of establishing an 01493 impersonation token. This routine is expected to be used only in 01494 the case where the subject has asked for impersonation explicitly 01495 providing an impersonation token. Other services are provided for 01496 use by communication session layers that need to establish an 01497 impersonation on a server's behalf. 01498 01499 It is expected that the proper access to the thread object has already 01500 been established. 01501 01502 The following rules apply: 01503 01504 1) The caller must have TOKEN_IMPERSONATE access to the token 01505 for any action to be taken. 01506 01507 2) If the token may NOT be used for impersonation (e.g., not an 01508 impersonation token) no action is taken. 01509 01510 3) Otherwise, any existing impersonation token is dereferenced and 01511 the new token is established as the impersonation token. 01512 01513 01514 01515 Arguments: 01516 01517 Thread - A pointer to the thread whose impersonation token is being 01518 set. 01519 01520 Token - The handle value of the token to be assigned as the impersonation 01521 token. If this value is NULL, then current impersonation (if any) 01522 is terminated and no new impersonation is established. 01523 01524 01525 Return Value: 01526 01527 STATUS_SUCCESS - Indicates the primary token has been successfully 01528 replaced. 01529 01530 STATUS_BAD_TOKEN_TYPE - Indicates the token is not of type 01531 TokenImpersonation. 01532 01533 Other status may be returned when attempting to reference the token 01534 object. 01535 01536 --*/ 01537 01538 { 01539 NTSTATUS 01540 Status; 01541 01542 PACCESS_TOKEN 01543 NewToken, NewerToken ; 01544 01545 KPROCESSOR_MODE 01546 PreviousMode; 01547 01548 SECURITY_IMPERSONATION_LEVEL 01549 ImpersonationLevel; 01550 01551 PPS_JOB_TOKEN_FILTER Filter ; 01552 01553 PEPROCESS ThreadProcess; 01554 BOOLEAN AttachedToProcess = FALSE; 01555 01556 PreviousMode = KeGetPreviousMode(); 01557 01558 if (!ARGUMENT_PRESENT(Token)) { 01559 01560 NewToken = NULL; 01561 01562 // 01563 // Don't care what value ImpersonationLevel has, it won't 01564 // be used. 01565 // 01566 01567 } else { 01568 01569 // 01570 // Reference the specified token for TOKEN_IMPERSONATE access 01571 // 01572 01573 Status = ObReferenceObjectByHandle ( 01574 Token, 01575 TOKEN_IMPERSONATE, 01576 SeTokenObjectType(), 01577 PreviousMode, 01578 (PVOID *)&NewToken, 01579 NULL 01580 ); 01581 01582 if ( !NT_SUCCESS(Status) ) { 01583 return Status; 01584 } 01585 01586 // 01587 // Make sure the token is an impersonation token. 01588 // 01589 01590 if (SeTokenType( NewToken ) != TokenImpersonation ) { 01591 ObDereferenceObject( NewToken ); 01592 return STATUS_BAD_TOKEN_TYPE; 01593 } 01594 01595 if ( Thread->ThreadsProcess->Job ) { 01596 01597 if ( ( Thread->ThreadsProcess->Job->SecurityLimitFlags & JOB_OBJECT_SECURITY_NO_ADMIN ) && 01598 ( SeTokenIsAdmin( NewToken ) ) ) { 01599 01600 ObDereferenceObject( NewToken ); 01601 01602 return STATUS_ACCESS_DENIED ; 01603 01604 } 01605 01606 if ( ( Thread->ThreadsProcess->Job->SecurityLimitFlags & JOB_OBJECT_SECURITY_RESTRICTED_TOKEN ) && 01607 ( !SeTokenIsRestricted( NewToken ) ) ) 01608 { 01609 ObDereferenceObject( NewToken ); 01610 01611 return STATUS_ACCESS_DENIED ; 01612 } 01613 01614 if ( Thread->ThreadsProcess->Job->Filter ) 01615 { 01616 // 01617 // Filter installed. Need to create a restricted token 01618 // dynamically. 01619 // 01620 Filter = Thread->ThreadsProcess->Job->Filter ; 01621 01622 Status = SeFastFilterToken( 01623 NewToken, 01624 PreviousMode, 01625 0, 01626 Filter->CapturedGroupCount, 01627 Filter->CapturedGroups, 01628 Filter->CapturedPrivilegeCount, 01629 Filter->CapturedPrivileges, 01630 Filter->CapturedSidCount, 01631 Filter->CapturedSids, 01632 Filter->CapturedSidsLength, 01633 &NewerToken ); 01634 01635 ObDereferenceObject( NewToken ); 01636 01637 if ( NT_SUCCESS( Status ) ) 01638 { 01639 NewToken = NewerToken ; 01640 } 01641 else 01642 { 01643 return Status ; 01644 } 01645 01646 01647 } 01648 } 01649 01650 ImpersonationLevel = SeTokenImpersonationLevel( NewToken ); 01651 } 01652 01653 // 01654 // The rest can be done by PsImpersonateClient. 01655 // 01656 // PsImpersonateClient will reference the passed token 01657 // on success. 01658 // 01659 01660 Status = PsImpersonateClient( 01661 Thread, 01662 NewToken, 01663 FALSE, // CopyOnOpen 01664 FALSE, //EffectiveOnly 01665 ImpersonationLevel 01666 ); 01667 01668 01669 // 01670 // dereference the passed token, if there is one. 01671 // 01672 // Note that if PsImpersonateClient failed, this will 01673 // be the final dereference of NewToken/NewerToken, 01674 // and it will be freed. 01675 // 01676 01677 if (ARGUMENT_PRESENT(NewToken)) { 01678 ObDereferenceObject( NewToken ); 01679 } 01680 01681 if (NT_SUCCESS( Status )) { 01682 01683 // 01684 // Indicate that 'Thread' has started to do impersonation. 01685 // This info is useful for GetUserDefaultLCID() 01686 // 01687 01688 if (!IS_SYSTEM_THREAD(Thread)) { 01689 01690 ThreadProcess = THREAD_TO_PROCESS(Thread); 01691 01692 if ( PsGetCurrentProcess() != ThreadProcess ) { 01693 KeAttachProcess( &ThreadProcess->Pcb ); 01694 AttachedToProcess = TRUE; 01695 } 01696 01697 if (ARGUMENT_PRESENT(NewToken)) { 01698 ((PTEB)(Thread->Tcb.Teb))->ImpersonationLocale = (LCID)-1; 01699 ((PTEB)(Thread->Tcb.Teb))->IsImpersonating = 1; 01700 } else { 01701 ((PTEB)(Thread->Tcb.Teb))->ImpersonationLocale = (LCID) 0; 01702 ((PTEB)(Thread->Tcb.Teb))->IsImpersonating = 0; 01703 } 01704 01705 if (AttachedToProcess) { 01706 KeDetachProcess(); 01707 } 01708 } 01709 } 01710 01711 return Status; 01712 } }

VOID PsCallImageNotifyRoutines ( IN PUNICODE_STRING FullImageName,

IN HANDLE ProcessId,

IN PIMAGE_INFO ImageInfo

)

Definition at line 2396 of file ps/create.c.
References NULL, PAGED_CODE, PIMAGE_INFO, PsImageNotifyEnabled, PSP_MAX_LOAD_IMAGE_NOTIFY, and PspLoadImageNotifyRoutine.
Referenced by DbgkCreateThread(), MiLoadSystemImage(), and MiMapViewOfImageSection().

02403 : 02404 02405 This function actually calls the registered image notify functions (on behalf) 02406 of mapview.c and sysload.c 02407 02408 Arguments: 02409 02410 FullImageName - The name of the image being loaded 02411 02412 ProcessId - The process that the image is being loaded into (0 for driver loads) 02413 02414 ImageInfo - Various flags for the image 02415 02416 Return Value: 02417 02418 None. 02419 02420 --*/ 02421 02422 { 02423 int i; 02424 02425 PAGED_CODE(); 02426 02427 if ( PsImageNotifyEnabled ) { 02428 for (i=0; i<PSP_MAX_LOAD_IMAGE_NOTIFY; i++) { 02429 if (PspLoadImageNotifyRoutine[i] != NULL) { 02430 (*PspLoadImageNotifyRoutine[i])( 02431 (PUNICODE_STRING) FullImageName, 02432 ProcessId, 02433 ImageInfo 02434 ); 02435 } 02436 } 02437 } 02438 } }

BOOLEAN PsChangeJobMemoryUsage ( SSIZE_T Amount )

Definition at line 2823 of file psjob.c.
References _EPROCESS::CommitCharge, _EJOB::CompletionKey, _EJOB::CompletionPort, _EJOB::CurrentJobMemoryUsed, ExAcquireFastMutexUnsafe(), ExReleaseFastMutexUnsafe(), FALSE, IoSetIoCompletion(), _EPROCESS::Job, _EJOB::JobMemoryLimit, _EPROCESS::JobStatus, KeEnterCriticalRegion, KeLeaveCriticalRegion, _EJOB::LimitFlags, _EJOB::MemoryLimitsLock, _EJOB::PeakJobMemoryUsed, _EJOB::PeakProcessMemoryUsed, PS_JOB_STATUS_LAST_REPORT_MEMORY, PS_JOB_STATUS_NEW_PROCESS_REPORTED, PS_SET_BITS, PsGetCurrentProcess, TRUE, and _EPROCESS::UniqueProcessId.
Referenced by MiInsertVad(), MiRemoveVad(), MiReturnPageTablePageCommitment(), MiSetProtectionOnSection(), MmAssignProcessToJob(), MmCleanProcessAddressSpace(), NtAllocateVirtualMemory(), and NtFreeVirtualMemory().

02826 { 02827 PEPROCESS Process; 02828 PEJOB Job; 02829 SIZE_T CurrentJobMemoryUsed; 02830 BOOLEAN ReturnValue; 02831 02832 ReturnValue = TRUE; 02833 Process = PsGetCurrentProcess(); 02834 Job = Process->Job; 02835 if ( Job ) { 02836 // 02837 // This routine can be called while hoolding the process lock (during 02838 // teb deletion... So instead of using the job lock, we must use the 02839 // memory limits lock. The lock order is always (job lock followed by 02840 // process lock. The memory limits lock never nests or calls other 02841 // code while held. It can be grapped while holding the job lock, or the process 02842 // lock. 02843 // 02844 KeEnterCriticalRegion(); 02845 ExAcquireFastMutexUnsafe(&Job->MemoryLimitsLock); 02846 02847 CurrentJobMemoryUsed = Job->CurrentJobMemoryUsed + Amount; 02848 02849 if ( Job->LimitFlags & JOB_OBJECT_LIMIT_JOB_MEMORY && 02850 CurrentJobMemoryUsed > Job->JobMemoryLimit ) { 02851 CurrentJobMemoryUsed = Job->CurrentJobMemoryUsed; 02852 ReturnValue = FALSE; 02853 02854 02855 02856 // 02857 // Tell the job port that commit has been exceeded, and process id x 02858 // was the one that hit it. 02859 // 02860 02861 if ( Job->CompletionPort 02862 && Process->UniqueProcessId 02863 && (Process->JobStatus & PS_JOB_STATUS_NEW_PROCESS_REPORTED) 02864 && (Process->JobStatus & PS_JOB_STATUS_LAST_REPORT_MEMORY) == 0) { 02865 02866 PS_SET_BITS (&Process->JobStatus, PS_JOB_STATUS_LAST_REPORT_MEMORY); 02867 IoSetIoCompletion( 02868 Job->CompletionPort, 02869 Job->CompletionKey, 02870 (PVOID)Process->UniqueProcessId, 02871 STATUS_SUCCESS, 02872 JOB_OBJECT_MSG_JOB_MEMORY_LIMIT, 02873 TRUE 02874 ); 02875 02876 } 02877 } 02878 02879 if ( ReturnValue ) { 02880 // 02881 // update current and peak counters 02882 // 02883 Job->CurrentJobMemoryUsed = CurrentJobMemoryUsed; 02884 if ( CurrentJobMemoryUsed > Job->PeakJobMemoryUsed ) { 02885 Job->PeakJobMemoryUsed = CurrentJobMemoryUsed; 02886 } 02887 02888 if ( Process->CommitCharge + Amount > Job->PeakProcessMemoryUsed ) { 02889 Job->PeakProcessMemoryUsed = Process->CommitCharge + Amount; 02890 } 02891 } 02892 ExReleaseFastMutexUnsafe(&Job->MemoryLimitsLock); 02893 KeLeaveCriticalRegion(); 02894 } 02895 02896 return ReturnValue; 02897 }

VOID PsChangeQuantumTable ( BOOLEAN ModifyActiveProcesses,

ULONG PrioritySeparation

)

Definition at line 878 of file psinit.c.
References FALSE, _EPROCESS::Job, MEMORY_PRIORITY_BACKGROUND, _MMSUPPORT::MemoryPriority, MmIsThisAnNtAsSystem(), _EPROCESS::Pcb, _EPROCESS::PriorityClass, PsActiveProcessHead, PspActiveProcessMutex, PspFixedQuantums, PspForegroundQuantum, PspJobSchedulingClasses, PsPrioritySeperation, PspUseJobSchedulingClasses, PspVariableQuantums, _EJOB::SchedulingClass, THREAD_QUANTUM, _KPROCESS::ThreadQuantum, TRUE, and _EPROCESS::Vm.
Referenced by NtSetSystemInformation(), and PspInitPhase0().

00882 { 00883 00884 PEPROCESS Process; 00885 PLIST_ENTRY NextProcess; 00886 ULONG QuantumIndex; 00887 PSCHAR QuantumTableBase; 00888 00889 // 00890 // extract priority seperation value 00891 // 00892 switch ( PrioritySeparation & PROCESS_PRIORITY_SEPARATION_MASK ) { 00893 case 3: 00894 PsPrioritySeperation = PROCESS_PRIORITY_SEPARATION_MAX; 00895 break; 00896 default: 00897 PsPrioritySeperation = PrioritySeparation & PROCESS_PRIORITY_SEPARATION_MASK; 00898 break; 00899 } 00900 00901 // 00902 // determine if we are using fixed or variable quantums 00903 // 00904 switch ( PrioritySeparation & PROCESS_QUANTUM_VARIABLE_MASK ) { 00905 case PROCESS_QUANTUM_VARIABLE_VALUE: 00906 QuantumTableBase = PspVariableQuantums; 00907 break; 00908 00909 case PROCESS_QUANTUM_FIXED_VALUE: 00910 QuantumTableBase = PspFixedQuantums; 00911 break; 00912 00913 case PROCESS_QUANTUM_VARIABLE_DEF: 00914 default: 00915 if ( MmIsThisAnNtAsSystem() ) { 00916 QuantumTableBase = PspFixedQuantums; 00917 } 00918 else { 00919 QuantumTableBase = PspVariableQuantums; 00920 } 00921 break; 00922 } 00923 00924 // 00925 // determine if we are using long or short 00926 // 00927 switch ( PrioritySeparation & PROCESS_QUANTUM_LONG_MASK ) { 00928 case PROCESS_QUANTUM_LONG_VALUE: 00929 QuantumTableBase = QuantumTableBase + 3; 00930 break; 00931 00932 case PROCESS_QUANTUM_SHORT_VALUE: 00933 break; 00934 00935 case PROCESS_QUANTUM_LONG_DEF: 00936 default: 00937 if ( MmIsThisAnNtAsSystem() ) { 00938 QuantumTableBase = QuantumTableBase + 3; 00939 } 00940 break; 00941 } 00942 00943 // 00944 // Job Scheduling classes are ONLY meaningful if long fixed quantums 00945 // are selected. In practice, this means stock NTS configurations 00946 // 00947 if ( QuantumTableBase == &PspFixedQuantums[3] ) { 00948 PspUseJobSchedulingClasses = TRUE; 00949 } 00950 else { 00951 PspUseJobSchedulingClasses = FALSE; 00952 } 00953 00954 RtlCopyMemory(PspForegroundQuantum,QuantumTableBase,sizeof(PspForegroundQuantum)); 00955 00956 if (ModifyActiveProcesses) { 00957 00958 ExAcquireFastMutex(&PspActiveProcessMutex); 00959 00960 NextProcess = PsActiveProcessHead.Flink; 00961 00962 while (NextProcess != &PsActiveProcessHead) { 00963 Process = CONTAINING_RECORD(NextProcess, 00964 EPROCESS, 00965 ActiveProcessLinks); 00966 00967 if ( Process->Vm.MemoryPriority == MEMORY_PRIORITY_BACKGROUND ) { 00968 QuantumIndex = 0; 00969 } 00970 else { 00971 QuantumIndex = PsPrioritySeperation; 00972 } 00973 if ( Process->PriorityClass != PROCESS_PRIORITY_CLASS_IDLE ) { 00974 00975 // 00976 // If the process is contained within a JOB, AND we are 00977 // running Fixed, Long Quantums, use the quantum associated 00978 // with the Job's scheduling class 00979 // 00980 if ( Process->Job && PspUseJobSchedulingClasses ) { 00981 Process->Pcb.ThreadQuantum = PspJobSchedulingClasses[Process->Job->SchedulingClass]; 00982 } 00983 else { 00984 Process->Pcb.ThreadQuantum = PspForegroundQuantum[QuantumIndex]; 00985 } 00986 } 00987 else { 00988 Process->Pcb.ThreadQuantum = THREAD_QUANTUM; 00989 } 00990 NextProcess = NextProcess->Flink; 00991 } 00992 ExReleaseFastMutex(&PspActiveProcessMutex); 00993 } 00994 }

VOID PsChargePoolQuota ( IN PEPROCESS Process,

IN POOL_TYPE PoolType,

IN ULONG_PTR Amount

)

PEPROCESS_QUOTA_BLOCK PsChargeSharedPoolQuota ( IN PEPROCESS Process,

IN ULONG_PTR PagedAmount,

IN ULONG_PTR NonPagedAmount

)

NTSTATUS PsCreateSystemProcess ( OUT PHANDLE ProcessHandle,

IN ULONG DesiredAccess,

IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL

)

NTKERNELAPI NTSTATUS PsCreateSystemThread ( OUT PHANDLE ThreadHandle,

IN ULONG DesiredAccess,

IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,

IN HANDLE ProcessHandle OPTIONAL,

OUT PCLIENT_ID ClientId OPTIONAL,

IN PKSTART_ROUTINE StartRoutine,

IN PVOID StartContext

)

BOOLEAN PsDisableImpersonation ( IN PETHREAD Thread,

IN PSE_IMPERSONATION_STATE ImpersonationState

)

Definition at line 888 of file ps/security.c.
References ASSERT, _PS_IMPERSONATION_INFORMATION::CopyOnOpen, _PS_IMPERSONATION_INFORMATION::EffectiveOnly, FALSE, _PS_IMPERSONATION_INFORMATION::ImpersonationLevel, NULL, PsFreeProcessSecurityFields, PsLockProcessSecurityFields, ThreadObject, _PS_IMPERSONATION_INFORMATION::Token, and TRUE.
Referenced by NtOpenThreadToken(), PsOpenTokenOfThread(), and SepOpenTokenOfThread().

00895 : 00896 00897 This routine temporarily disables the impersonation of a thread. 00898 The impersonation state is saved for quick replacement later. The 00899 impersonation token is left referenced and a pointer to it is held 00900 in the IMPERSONATION_STATE data structure. 00901 00902 PsRestoreImpersonation() must be used after this routine is called. 00903 00904 00905 00906 Arguments: 00907 00908 Thread - points to the thread whose impersonation (if any) is to 00909 be temporarily disabled. 00910 00911 ImpersonationState - receives the current impersonation information, 00912 including a pointer to the impersonation token. 00913 00914 00915 Return Value: 00916 00917 TRUE - Indicates the impersonation state has been saved and the 00918 impersonation has been temporarily disabled. 00919 00920 FALSE - Indicates the specified thread was not impersonating a client. 00921 No action has been taken. 00922 00923 --*/ 00924 00925 { 00926 00927 00928 PPS_IMPERSONATION_INFORMATION 00929 OldClient; 00930 00931 ASSERT( Thread->Tcb.Header.Type == ThreadObject ); 00932 00933 // 00934 // Lock the process security fields 00935 // 00936 00937 PsLockProcessSecurityFields(); 00938 00939 // 00940 // Capture the impersonation information (if there is any). 00941 // 00942 00943 if ( Thread->ActiveImpersonationInfo ) { 00944 00945 OldClient = Thread->ImpersonationInfo; 00946 ImpersonationState->Level = OldClient->ImpersonationLevel; 00947 ImpersonationState->EffectiveOnly = OldClient->EffectiveOnly; 00948 ImpersonationState->CopyOnOpen = OldClient->CopyOnOpen; 00949 ImpersonationState->Token = OldClient->Token; 00950 } else { 00951 00952 // 00953 // Not impersonating. Just make up some values. 00954 // The NULL for the token indicates we aren't impersonating. 00955 // 00956 00957 OldClient = NULL; 00958 ImpersonationState->Level = SecurityAnonymous; 00959 ImpersonationState->EffectiveOnly = FALSE; 00960 ImpersonationState->CopyOnOpen = FALSE; 00961 ImpersonationState->Token = NULL; 00962 } 00963 00964 // 00965 // Clear the Client field to indicate the thread is not impersonating. 00966 // 00967 00968 Thread->ActiveImpersonationInfo = FALSE; 00969 00970 00971 // 00972 // Release the security fields 00973 // 00974 00975 PsFreeProcessSecurityFields(); 00976 00977 00978 if ( OldClient ) { 00979 00980 return TRUE; 00981 00982 } else { 00983 return FALSE; 00984 } 00985 00986 }

VOID PsEnforceExecutionTimeLimits ( VOID )

Definition at line 2396 of file psjob.c.
References _EJOB::ActiveProcesses, _EJOB::CompletionKey, _EJOB::CompletionPort, _EJOB::EndOfJobTimeAction, _EJOB::Event, ExAcquireResourceExclusive, ExReleaseResource, FALSE, IoSetIoCompletion(), _EJOB::JobLock, _EPROCESS::JobStatus, KeMaximumIncrement, KeSetEvent(), _EJOB::LimitFlags, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObGetObjectPointerCount(), ObReferenceObject, _EPROCESS::Pcb, _EJOB::PerJobUserTimeLimit, _EJOB::PerProcessUserTimeLimit, _EJOB::ProcessListHead, PS_CLEAR_BITS, PS_JOB_STATUS_ACCOUNTING_FOLDED, PS_JOB_STATUS_LAST_REPORT_MEMORY, PS_JOB_STATUS_NOT_REALLY_ACTIVE, PS_SET_CLEAR_BITS, PsLockReturnTimeout, PspFoldProcessAccountingIntoJob(), PspJobList, PspJobListLock, PspTerminateAllProcessesInJob(), PspTerminateProcess(), _EJOB::ThisPeriodTotalUserTime, _EJOB::TotalTerminatedProcesses, _EPROCESS::UniqueProcessId, and _KPROCESS::UserTime.
Referenced by KeBalanceSetManager().

02399 { 02400 PLIST_ENTRY NextJob; 02401 PLIST_ENTRY NextProcess; 02402 LARGE_INTEGER RunningJobTime; 02403 LARGE_INTEGER ProcessTime; 02404 PEJOB Job; 02405 PEPROCESS Process; 02406 NTSTATUS st; 02407 02408 ExAcquireFastMutex(&PspJobListLock); 02409 02410 // 02411 // Look at each job. If time limits are set for the job, then enforce them 02412 // 02413 NextJob = PspJobList.Flink; 02414 while ( NextJob != &PspJobList ) { 02415 Job = (PEJOB)(CONTAINING_RECORD(NextJob,EJOB,JobLinks)); 02416 if ( Job->LimitFlags & (JOB_OBJECT_LIMIT_PROCESS_TIME | JOB_OBJECT_LIMIT_JOB_TIME) ) { 02417 02418 // 02419 // Job looks like a candidate for time enforcing. Need to get the 02420 // job lock to be sure, but we don't want to hang waiting for the 02421 // job lock, so skip the job until next time around if we need to 02422 // 02423 // 02424 02425 if ( ExAcquireResourceExclusive(&Job->JobLock, FALSE) ) { 02426 02427 if ( Job->LimitFlags & (JOB_OBJECT_LIMIT_PROCESS_TIME | JOB_OBJECT_LIMIT_JOB_TIME) ) { 02428 02429 // 02430 // Job is setup for time limits 02431 // 02432 02433 RunningJobTime.QuadPart = Job->ThisPeriodTotalUserTime.QuadPart; 02434 02435 NextProcess = Job->ProcessListHead.Flink; 02436 02437 while ( NextProcess != &Job->ProcessListHead) { 02438 02439 Process = (PEPROCESS)(CONTAINING_RECORD(NextProcess,EPROCESS,JobLinks)); 02440 02441 ProcessTime.QuadPart = UInt32x32To64(Process->Pcb.UserTime,KeMaximumIncrement); 02442 02443 if ( !(Process->JobStatus & PS_JOB_STATUS_ACCOUNTING_FOLDED) ) { 02444 RunningJobTime.QuadPart += ProcessTime.QuadPart; 02445 } 02446 02447 if ( Job->LimitFlags & JOB_OBJECT_LIMIT_PROCESS_TIME ) { 02448 if ( ProcessTime.QuadPart > Job->PerProcessUserTimeLimit.QuadPart ) { 02449 02450 // 02451 // Process Time Limit has been exceeded. 02452 // 02453 // Reference the process. Assert that it is not in its 02454 // delete routine. If all is OK, then nuke and dereferece 02455 // the process 02456 // 02457 02458 ObReferenceObject(Process); 02459 02460 // 02461 // Avoid double delete since process could be in delete routine during the above ref 02462 // 02463 if ( ObGetObjectPointerCount(Process) > 1 ) { 02464 02465 if ( !(Process->JobStatus & PS_JOB_STATUS_NOT_REALLY_ACTIVE) ) { 02466 if ( PspTerminateProcess(Process,ERROR_NOT_ENOUGH_QUOTA,PsLockReturnTimeout) == STATUS_SUCCESS ) { 02467 02468 Job->TotalTerminatedProcesses++; 02469 PS_SET_CLEAR_BITS (&Process->JobStatus, 02470 PS_JOB_STATUS_NOT_REALLY_ACTIVE, 02471 PS_JOB_STATUS_LAST_REPORT_MEMORY); 02472 Job->ActiveProcesses--; 02473 02474 if ( Job->CompletionPort ) { 02475 IoSetIoCompletion( 02476 Job->CompletionPort, 02477 Job->CompletionKey, 02478 (PVOID)Process->UniqueProcessId, 02479 STATUS_SUCCESS, 02480 JOB_OBJECT_MSG_END_OF_PROCESS_TIME, 02481 FALSE 02482 ); 02483 } 02484 PspFoldProcessAccountingIntoJob(Job,Process); 02485 02486 } 02487 } 02488 ObDereferenceObject(Process); 02489 } 02490 } 02491 } 02492 02493 NextProcess = NextProcess->Flink; 02494 } 02495 if ( Job->LimitFlags & JOB_OBJECT_LIMIT_JOB_TIME ) { 02496 if ( RunningJobTime.QuadPart > Job->PerJobUserTimeLimit.QuadPart ) { 02497 02498 // 02499 // Job Time Limit has been exceeded. 02500 // 02501 // Perform the appropriate action 02502 // 02503 02504 switch ( Job->EndOfJobTimeAction ) { 02505 02506 case JOB_OBJECT_TERMINATE_AT_END_OF_JOB: 02507 if ( PspTerminateAllProcessesInJob(Job,ERROR_NOT_ENOUGH_QUOTA,PsLockReturnTimeout) ) { 02508 if ( Job->ActiveProcesses == 0 ) { 02509 KeSetEvent(&Job->Event,0,FALSE); 02510 if ( Job->CompletionPort ) { 02511 PS_CLEAR_BITS (&Process->JobStatus, PS_JOB_STATUS_LAST_REPORT_MEMORY); 02512 IoSetIoCompletion( 02513 Job->CompletionPort, 02514 Job->CompletionKey, 02515 NULL, 02516 STATUS_SUCCESS, 02517 JOB_OBJECT_MSG_END_OF_JOB_TIME, 02518 FALSE 02519 ); 02520 } 02521 } 02522 } 02523 break; 02524 02525 case JOB_OBJECT_POST_AT_END_OF_JOB: 02526 02527 if ( Job->CompletionPort ) { 02528 PS_CLEAR_BITS (&Process->JobStatus, PS_JOB_STATUS_LAST_REPORT_MEMORY); 02529 st = IoSetIoCompletion( 02530 Job->CompletionPort, 02531 Job->CompletionKey, 02532 NULL, 02533 STATUS_SUCCESS, 02534 JOB_OBJECT_MSG_END_OF_JOB_TIME, 02535 FALSE 02536 ); 02537 if ( NT_SUCCESS(st) ) { 02538 02539 // 02540 // Clear job level time limit 02541 // 02542 02543 Job->LimitFlags &= ~JOB_OBJECT_LIMIT_JOB_TIME; 02544 Job->PerJobUserTimeLimit.QuadPart = 0; 02545 } 02546 } 02547 else { 02548 if ( PspTerminateAllProcessesInJob(Job,ERROR_NOT_ENOUGH_QUOTA,PsLockReturnTimeout) ) { 02549 if ( Job->ActiveProcesses == 0 ) { 02550 KeSetEvent(&Job->Event,0,FALSE); 02551 } 02552 } 02553 } 02554 break; 02555 } 02556 } 02557 02558 } 02559 02560 } 02561 ExReleaseResource(&Job->JobLock); 02562 } 02563 } 02564 NextJob = NextJob->Flink; 02565 } 02566 ExReleaseFastMutex(&PspJobListLock); 02567 }

NTKERNELAPI VOID PsEstablishWin32Callouts ( IN PKWIN32_PROCESS_CALLOUT ProcessCallout,

IN PKWIN32_THREAD_CALLOUT ThreadCallout,

IN PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout,

IN PKWIN32_POWEREVENT_CALLOUT PowerEventCallout,

IN PKWIN32_POWERSTATE_CALLOUT PowerStateCallout,

IN PKWIN32_JOB_CALLOUT JobCallout,

IN PVOID BatchFlushRoutine

)

Definition at line 3855 of file psquery.c.
References ExGlobalAtomTableCallout, KeGdiFlushUserBatch, PAGED_CODE, PGDI_BATCHFLUSH_ROUTINE, PopEventCallout, PopStateCallout, PspW32JobCallout, PspW32ProcessCallout, and PspW32ThreadCallout.

03867 : 03868 03869 This function is used by the Win32 kernel mode component to 03870 register callout functions for process/thread init/deinit functions 03871 and to report the sizes of the structures. 03872 03873 Arguments: 03874 03875 ProcessCallout - Supplies the address of the function to be called when 03876 a process is either created or deleted. 03877 03878 ThreadCallout - Supplies the address of the function to be called when 03879 a thread is either created or deleted. 03880 03881 GlobalAtomTableCallout - Supplies the address of the function to be called 03882 to get the correct global atom table for the current process 03883 03884 PowerEventCallout - Supplies the address of a function to be called when 03885 a power event occurs. 03886 03887 PowerStateCallout - Supplies the address of a function to be called when 03888 the power state changes. 03889 03890 JobCallout - Supplies the address of a function to be called when 03891 the job state changes or a process is assigned to a job. 03892 03893 BatchFlushRoutine - Supplies the address of the function to be called 03894 03895 Return Value: 03896 03897 None. 03898 03899 --*/ 03900 03901 { 03902 PAGED_CODE(); 03903 03904 PspW32ProcessCallout = ProcessCallout; 03905 PspW32ThreadCallout = ThreadCallout; 03906 ExGlobalAtomTableCallout = GlobalAtomTableCallout; 03907 KeGdiFlushUserBatch = (PGDI_BATCHFLUSH_ROUTINE)BatchFlushRoutine; 03908 PopEventCallout = PowerEventCallout; 03909 PopStateCallout = PowerStateCallout; 03910 PspW32JobCallout = JobCallout; 03911 // PoSetSystemState(ES_SYSTEM_REQUIRED); 03912 }

VOID PsExitSpecialApc ( IN PKAPC Apc,

IN PKNORMAL_ROUTINE * NormalRoutine,

IN PVOID * NormalContext,

IN PVOID * SystemArgument1,

IN PVOID * SystemArgument2

)

Definition at line 603 of file psdelete.c.
References ExFreePool(), NTSTATUS(), PAGED_CODE, and PspExitThread().
Referenced by KiInsertQueueApc(), KiSuspendThread(), PspExitNormalApc(), and PspTerminateThreadByPointer().

00611 { 00612 NTSTATUS ExitStatus; 00613 00614 PAGED_CODE(); 00615 00616 UNREFERENCED_PARAMETER(NormalRoutine); 00617 UNREFERENCED_PARAMETER(NormalContext); 00618 UNREFERENCED_PARAMETER(SystemArgument1); 00619 UNREFERENCED_PARAMETER(SystemArgument2); 00620 00621 if ( Apc->SystemArgument2 ) { 00622 ExitStatus = (NTSTATUS)((LONG_PTR)Apc->NormalContext); 00623 ExFreePool(Apc); 00624 PspExitThread(ExitStatus); 00625 } 00626 00627 }

BOOLEAN PsForwardException ( IN PEXCEPTION_RECORD ExceptionRecord,

IN BOOLEAN DebugException,

IN BOOLEAN SecondChance

)

HANDLE PsGetCurrentProcessId ( VOID )

Definition at line 2306 of file ps/create.c.
References PsGetCurrentThread.
Referenced by SeAuditHandleCreation().

02307 { 02308 return PsGetCurrentThread()->Cid.UniqueProcess; 02309 }

HANDLE PsGetCurrentThreadId ( VOID )

Definition at line 2312 of file ps/create.c.
References PsGetCurrentThread.

02313 { 02314 return PsGetCurrentThread()->Cid.UniqueThread; 02315 }

LARGE_INTEGER PsGetProcessExitTime ( VOID )

Definition at line 1539 of file psdelete.c.
References PAGED_CODE, and PsGetCurrentProcess.

01545 : 01546 01547 This routine returns the exit time for the current process. 01548 01549 Arguments: 01550 01551 None. 01552 01553 Return Value: 01554 01555 The function value is the exit time for the current process. 01556 01557 Note: 01558 01559 This routine assumes that the caller wants an error log entry within the 01560 bounds of the maximum size. 01561 01562 --*/ 01563 01564 { 01565 PAGED_CODE(); 01566 01567 // 01568 // Simply return the exit time for this process. 01569 // 01570 01571 return PsGetCurrentProcess()->ExitTime; 01572 }

BOOLEAN PsGetVersion ( PULONG MajorVersion OPTIONAL,

PULONG MinorVersion OPTIONAL,

PULONG BuildNumber OPTIONAL,

PUNICODE_STRING CSDVersion OPTIONAL

)

Definition at line 2318 of file ps/create.c.
References CmCSDVersionString, NtBuildNumber, NtMajorVersion, and NtMinorVersion.

02324 { 02325 if (ARGUMENT_PRESENT(MajorVersion)) { 02326 *MajorVersion = NtMajorVersion; 02327 } 02328 02329 if (ARGUMENT_PRESENT(MinorVersion)) { 02330 *MinorVersion = NtMinorVersion; 02331 } 02332 02333 if (ARGUMENT_PRESENT(BuildNumber)) { 02334 *BuildNumber = NtBuildNumber & 0x3FFF; 02335 } 02336 02337 if (ARGUMENT_PRESENT(CSDVersion)) { 02338 *CSDVersion = CmCSDVersionString; 02339 } 02340 return (NtBuildNumber >> 28) == 0xC; 02341 }

NTSTATUS PsImpersonateClient ( IN PETHREAD Thread,

IN PACCESS_TOKEN Token,

IN BOOLEAN CopyOnOpen,

IN BOOLEAN EffectiveOnly,

IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel

)

Definition at line 650 of file ps/security.c.
References ASSERT, _PS_IMPERSONATION_INFORMATION::CopyOnOpen, _PS_IMPERSONATION_INFORMATION::EffectiveOnly, ExAllocatePoolWithTag, FALSE, Filter, _PS_IMPERSONATION_INFORMATION::ImpersonationLevel, KernelMode, NT_SUCCESS, NTSTATUS(), NULL, ObReferenceObject, PagedPool, PsDereferenceImpersonationToken, PsFreeProcessSecurityFields, PsLockProcessSecurityFields, SeFastFilterToken(), SeTokenIsAdmin(), SeTokenIsRestricted(), Status, ThreadObject, Token, _PS_IMPERSONATION_INFORMATION::Token, and TRUE.
Referenced by NtImpersonateAnonymousToken(), NtOpenThreadToken(), PsAssignImpersonationToken(), PsRestoreImpersonation(), and SeImpersonateClientEx().

00660 : 00661 00662 This routine sets up the specified thread so that it is impersonating 00663 the specified client. This will result in the reference count of the 00664 token representing the client being incremented to reflect the new 00665 reference. 00666 00667 If the thread is currently impersonating a client, that token will be 00668 dereferenced. 00669 00670 00671 00672 Arguments: 00673 00674 Thread - points to the thread which is going to impersonate a client. 00675 00676 Token - Points to the token to be assigned as the impersonation token. 00677 This does NOT have to be a TokenImpersonation type token. This 00678 allows direct reference of client process's primary tokens. 00679 00680 CopyOnOpen - If TRUE, indicates the token is considered to be private 00681 by the assigner and should be copied if opened. For example, a 00682 session layer may be using a token to represent a client's context. 00683 If the session is trying to synchronize the context of the client, 00684 then user mode code should not be given direct access to the session 00685 layer's token. 00686 00687 Basically, session layers should always specify TRUE for this, while 00688 tokens assigned by the server itself (handle based) should specify 00689 FALSE. 00690 00691 00692 EffectiveOnly - Is a boolean value to be assigned as the 00693 Thread->ImpersonationInfo->EffectiveOnly field value for the 00694 impersonation. A value of FALSE indicates the server is allowed 00695 to enable currently disabled groups and privileges. 00696 00697 ImpersonationLevel - Is the impersonation level that the server is allowed 00698 to access the token with. 00699 00700 00701 Return Value: 00702 00703 STATUS_SUCCESS - Indicates the call completed successfully. 00704 00705 00706 --*/ 00707 00708 { 00709 00710 PPS_IMPERSONATION_INFORMATION 00711 NewClient; 00712 00713 PACCESS_TOKEN 00714 OldToken; 00715 00716 PACCESS_TOKEN NewerToken ; 00717 NTSTATUS Status ; 00718 PPS_JOB_TOKEN_FILTER Filter ; 00719 BOOLEAN DontRefToken = FALSE ; 00720 00721 ASSERT( Thread->Tcb.Header.Type == ThreadObject ); 00722 00723 00724 // 00725 // Lock the process security fields 00726 // 00727 00728 PsLockProcessSecurityFields(); 00729 00730 00731 if (!ARGUMENT_PRESENT(Token)) { 00732 00733 // 00734 // This is a request to revert to self. 00735 // Clean up any client information. 00736 // 00737 00738 if ( Thread->ActiveImpersonationInfo ) { 00739 00740 OldToken = Thread->ImpersonationInfo->Token; 00741 Thread->ActiveImpersonationInfo = FALSE; 00742 } else { 00743 OldToken = NULL; 00744 } 00745 00746 } else { 00747 00748 // 00749 // Check if we're allowed to impersonate based on the job 00750 // restrictions: 00751 // 00752 00753 Status = STATUS_SUCCESS ; 00754 00755 if ( Thread->ThreadsProcess->Job ) { 00756 00757 if ( ( Thread->ThreadsProcess->Job->SecurityLimitFlags & JOB_OBJECT_SECURITY_NO_ADMIN ) && 00758 ( SeTokenIsAdmin( Token ) ) ) { 00759 00760 Status = STATUS_ACCESS_DENIED ; 00761 00762 } 00763 00764 if ( ( Thread->ThreadsProcess->Job->SecurityLimitFlags & JOB_OBJECT_SECURITY_RESTRICTED_TOKEN ) && 00765 ( !SeTokenIsRestricted( Token ) ) ) 00766 { 00767 Status = STATUS_ACCESS_DENIED ; 00768 } 00769 00770 if ( Thread->ThreadsProcess->Job->Filter ) 00771 { 00772 // 00773 // Filter installed. Need to create a restricted token 00774 // dynamically. 00775 // 00776 Filter = Thread->ThreadsProcess->Job->Filter ; 00777 00778 Status = SeFastFilterToken( 00779 Token, 00780 KernelMode, 00781 0, 00782 Filter->CapturedGroupCount, 00783 Filter->CapturedGroups, 00784 Filter->CapturedPrivilegeCount, 00785 Filter->CapturedPrivileges, 00786 Filter->CapturedSidCount, 00787 Filter->CapturedSids, 00788 Filter->CapturedSidsLength, 00789 &NewerToken ); 00790 00791 if ( NT_SUCCESS( Status ) ) 00792 { 00793 DontRefToken = TRUE ; 00794 00795 Token = NewerToken ; 00796 } 00797 00798 } 00799 } 00800 00801 if ( !NT_SUCCESS( Status ) ) 00802 { 00803 PsFreeProcessSecurityFields(); 00804 00805 return Status ; 00806 } 00807 00808 // 00809 // If we are already impersonating someone, 00810 // use the already allocated block. This avoids 00811 // an alloc and a free. 00812 // 00813 00814 if ( Thread->ActiveImpersonationInfo ) { 00815 00816 // 00817 // capture the old token pointer. 00818 // We'll dereference it after unlocking the security fields. 00819 // 00820 00821 OldToken = Thread->ImpersonationInfo->Token; 00822 NewClient = Thread->ImpersonationInfo; 00823 00824 } else { 00825 00826 OldToken = NULL; 00827 00828 if ( Thread->ImpersonationInfo ) { 00829 NewClient = Thread->ImpersonationInfo; 00830 } else { 00831 00832 // 00833 // Allocate and set up the Client block 00834 // 00835 00836 NewClient = (PPS_IMPERSONATION_INFORMATION)ExAllocatePoolWithTag( 00837 PagedPool, 00838 sizeof(PS_IMPERSONATION_INFORMATION), 00839 'mIsP'); 00840 00841 if (NewClient == NULL) { 00842 00843 PsFreeProcessSecurityFields(); 00844 00845 return STATUS_NO_MEMORY ; 00846 00847 } 00848 00849 Thread->ImpersonationInfo = NewClient; 00850 } 00851 } 00852 00853 NewClient->ImpersonationLevel = ImpersonationLevel; 00854 NewClient->EffectiveOnly = EffectiveOnly; 00855 NewClient->CopyOnOpen = CopyOnOpen; 00856 NewClient->Token = Token; 00857 Thread->ActiveImpersonationInfo = TRUE; 00858 00859 if ( !DontRefToken ) 00860 { 00861 ObReferenceObject(NewClient->Token); 00862 } 00863 } 00864 00865 // 00866 // Release the security fields 00867 // 00868 00869 PsFreeProcessSecurityFields(); 00870 00871 00872 // 00873 // Free the old client token, if necessary. 00874 // 00875 00876 if (ARGUMENT_PRESENT( OldToken )) { 00877 00878 PsDereferenceImpersonationToken( OldToken ); 00879 } 00880 00881 00882 return STATUS_SUCCESS ; 00883 00884 }

BOOLEAN PsInitSystem ( IN ULONG Phase,

IN PLOADER_PARAMETER_BLOCK LoaderBlock

)

Definition at line 138 of file psinit.c.
References InitializationPhase, KeBugCheck(), PspInitPhase0(), and PspInitPhase1().

00145 : 00146 00147 This function fermorms process structure initialization. 00148 It is called during phase 0 and phase 1 initialization. Its 00149 function is to dispatch to the appropriate phase initialization 00150 routine. 00151 00152 Arguments: 00153 00154 Phase - Supplies the initialization phase number. 00155 00156 LoaderBlock - Supplies a pointer to a loader parameter block. 00157 00158 Return Value: 00159 00160 TRUE - Initialization succeeded. 00161 00162 FALSE - Initialization failed. 00163 00164 --*/ 00165 00166 { 00167 00168 switch ( InitializationPhase ) { 00169 00170 case 0 : 00171 return PspInitPhase0(LoaderBlock); 00172 case 1 : 00173 return PspInitPhase1(LoaderBlock); 00174 default: 00175 KeBugCheck(UNEXPECTED_INITIALIZATION_CALL); 00176 } 00177 return 0; // Not reachable, quiet compiler 00178 }

NTSTATUS PsLocateSystemDll ( VOID )

Definition at line 525 of file psinit.c.
References DbgPrint, _SYSTEM_DLL::DllBase, File, KeBugCheckEx(), KernelMode, L, MmCheckSystemImage(), MmSectionObjectType, NT_SUCCESS, NtRaiseHardError(), NTSTATUS(), NULL, ObjectAttributes, ObReferenceObjectByHandle(), PsGetCurrentProcess, PsNtDllPathName, PspMapSystemDll(), PspSystemDll, PsSystemDllBase, PsSystemDllDllBase, RtlAllocateStringRoutine, RtlCopyUnicodeString(), RtlInitUnicodeString(), _SYSTEM_DLL::Section, and ZwOpenFile().
Referenced by IoInitSystem().

00531 : 00532 00533 This function locates the system dll and creates a section for the 00534 DLL and maps it into the system process. 00535 00536 Arguments: 00537 00538 None. 00539 00540 Return Value: 00541 00542 TRUE - Initialization was successful. 00543 00544 FALSE - Initialization Failed. 00545 00546 --*/ 00547 00548 { 00549 00550 HANDLE File; 00551 HANDLE Section; 00552 NTSTATUS st; 00553 UNICODE_STRING DllPathName; 00554 WCHAR PathBuffer[DOS_MAX_PATH_LENGTH]; 00555 OBJECT_ATTRIBUTES ObjectAttributes; 00556 IO_STATUS_BLOCK IoStatus; 00557 00558 // 00559 // Initialize the system DLL 00560 // 00561 00562 DllPathName.Length = 0; 00563 DllPathName.Buffer = PathBuffer; 00564 DllPathName.MaximumLength = 256; 00565 RtlInitUnicodeString(&DllPathName,L"\\SystemRoot\\System32\\ntdll.dll"); 00566 InitializeObjectAttributes( 00567 &ObjectAttributes, 00568 &DllPathName, 00569 OBJ_CASE_INSENSITIVE, 00570 NULL, 00571 NULL 00572 ); 00573 00574 st = ZwOpenFile( 00575 &File, 00576 SYNCHRONIZE | FILE_EXECUTE, 00577 &ObjectAttributes, 00578 &IoStatus, 00579 FILE_SHARE_READ, 00580 0 00581 ); 00582 00583 if (!NT_SUCCESS(st)) { 00584 00585 #if DBG 00586 DbgPrint("PS: PsLocateSystemDll - NtOpenFile( NTDLL.DLL ) failed. Status == %lx\n", 00587 st 00588 ); 00589 #endif 00590 KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED,st,2,0,0); 00591 return st; 00592 } 00593 00594 st = MmCheckSystemImage(File); 00595 if ( st == STATUS_IMAGE_CHECKSUM_MISMATCH ) { 00596 ULONG_PTR ErrorParameters; 00597 ULONG ErrorResponse; 00598 00599 // 00600 // Hard error time. A driver is corrupt. 00601 // 00602 00603 ErrorParameters = (ULONG_PTR)&DllPathName; 00604 00605 NtRaiseHardError( 00606 st, 00607 1, 00608 1, 00609 &ErrorParameters, 00610 OptionOk, 00611 &ErrorResponse 00612 ); 00613 return st; 00614 } 00615 00616 00617 PsNtDllPathName.MaximumLength = DllPathName.Length + sizeof( WCHAR ); 00618 PsNtDllPathName.Length = 0; 00619 PsNtDllPathName.Buffer = RtlAllocateStringRoutine( PsNtDllPathName.MaximumLength ); 00620 RtlCopyUnicodeString( &PsNtDllPathName, &DllPathName ); 00621 00622 st = ZwCreateSection( 00623 &Section, 00624 SECTION_ALL_ACCESS, 00625 NULL, 00626 0, 00627 PAGE_EXECUTE, 00628 SEC_IMAGE, 00629 File 00630 ); 00631 ZwClose( File ); 00632 00633 if (!NT_SUCCESS(st)) { 00634 #if DBG 00635 DbgPrint("PS: PsLocateSystemDll: NtCreateSection Status == %lx\n",st); 00636 #endif 00637 KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED,st,3,0,0); 00638 return st; 00639 } 00640 00641 // 00642 // Now that we have the section, reference it, store its address in the 00643 // PspSystemDll and then close handle to the section. 00644 // 00645 00646 st = ObReferenceObjectByHandle( 00647 Section, 00648 SECTION_ALL_ACCESS, 00649 MmSectionObjectType, 00650 KernelMode, 00651 &PspSystemDll.Section, 00652 NULL 00653 ); 00654 00655 ZwClose(Section); 00656 00657 if ( !NT_SUCCESS(st) ) { 00658 KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED,st,4,0,0); 00659 return st; 00660 } 00661 00662 // 00663 // Map the system dll into the user part of the address space 00664 // 00665 00666 st = PspMapSystemDll(PsGetCurrentProcess(),&PspSystemDll.DllBase); 00667 PsSystemDllDllBase = PspSystemDll.DllBase; 00668 00669 if ( !NT_SUCCESS(st) ) { 00670 KeBugCheckEx(PROCESS1_INITIALIZATION_FAILED,st,5,0,0); 00671 return st; 00672 } 00673 PsSystemDllBase = PspSystemDll.DllBase; 00674 00675 return STATUS_SUCCESS; 00676 }

NTSTATUS PsLockProcess ( IN PEPROCESS Process,

IN KPROCESSOR_MODE WaitMode,

IN PSLOCKPROCESSMODE LockMode

)

Definition at line 1966 of file ps/create.c.
References ExAcquireFastMutexUnsafe(), Executive, ExReleaseFastMutexUnsafe(), FALSE, _KTHREAD::FreezeCount, KeClearEvent, KeEnterCriticalRegion, KeGetCurrentThread, KeLeaveCriticalRegion, KeReadStateProcess(), _KTHREAD::KernelApcDisable, KernelMode, KeSetEvent(), KeWaitForSingleObject(), NTSTATUS(), NULL, PAGED_CODE, PsGetCurrentThread, PsLockIAmExiting, PSLOCKPROCESSMODE, PsLockReturnTimeout, PsLockWaitForever, PspProcessLockMutex, PsUnlockProcess(), Status, _ETHREAD::Tcb, TRUE, and UserMode.
Referenced by DbgkCreateThread(), DbgkpResumeProcess(), DbgkpSuspendProcess(), NtAssignProcessToJobObject(), NtSetInformationProcess(), NtSetInformationThread(), NtTerminateProcess(), NtTerminateThread(), PspApplyJobLimitsToProcess(), PspCreateThread(), PspExitThread(), and PspTerminateProcess().

01974 : 01975 01976 This function is used to lock the process from create/delete and to 01977 freeze threads from entering/exiting the process. 01978 01979 Arguments: 01980 01981 Process - Pointer to the process to lock 01982 01983 WaitMode - Supplies the processor mode to issue the wait under 01984 01985 LockMode - The type of lock to attempt 01986 01987 PsLockPollOnTimeout - Use a timeout and poll for the lock 01988 bailing if the process exits. 01989 01990 PsLockReturnTimeout - Do not poll, just timeout wait and 01991 return if you can not get the lock. 01992 01993 PsLockWaitForever - Wait without a timeout 01994 01995 01996 Return Value: 01997 01998 STATUS_SUCCESS - You got the lock, you must call PsUnlocProcess later on 01999 02000 STATUS_TIMEOUT - You requested PsLockReturnTimeout, and the lock was not available 02001 02002 STATUS_PROCESS_IS_TERMINATING - The process you are trying to lock is terminating 02003 02004 --*/ 02005 02006 { 02007 02008 LARGE_INTEGER DueTime; 02009 NTSTATUS Status; 02010 PLARGE_INTEGER Timeout; 02011 PETHREAD Thread; 02012 PSLOCKPROCESSMODE LocalLockMode; 02013 BOOLEAN WaitSuccess; 02014 02015 PAGED_CODE(); 02016 02017 LocalLockMode = LockMode; 02018 if ( LockMode == PsLockIAmExiting ) { 02019 LocalLockMode = PsLockWaitForever; 02020 } 02021 02022 Thread = PsGetCurrentThread(); 02023 02024 retry: 02025 // 02026 // Acquire process lock fast mutex to synchronize access to the ownership, 02027 // lock count, and synchronization event of the specified process. 02028 // 02029 02030 KeEnterCriticalRegion(); 02031 02032 ExAcquireFastMutexUnsafe(&PspProcessLockMutex); 02033 02034 // 02035 // Check if the process lock can be acquired. 02036 // 02037 02038 if (Process->LockCount != 1) { 02039 02040 // 02041 // The process lock is currently owned. 02042 // 02043 // If the lock mode is return timeout, then release the process lock 02044 // fast mutex and return timeout. Otherwise, set the timout value, 02045 // decrement the lock count, release the process lock fast mutex, and 02046 // wait for the process event. 02047 // 02048 02049 if (LocalLockMode == PsLockReturnTimeout) { 02050 ExReleaseFastMutexUnsafe(&PspProcessLockMutex); 02051 KeLeaveCriticalRegion(); 02052 return STATUS_TIMEOUT; 02053 02054 } else { 02055 02056 // 02057 // If the lock mode is not wait forever, then set the timeout 02058 // value to one second. Otherwise set the timeout to forever. 02059 // 02060 02061 if (LocalLockMode != PsLockWaitForever) { 02062 DueTime.QuadPart = - 10 * 1000 * 1000; 02063 Timeout = &DueTime; 02064 02065 } else { 02066 Timeout = NULL; 02067 } 02068 02069 // 02070 // Decrement the lock count and loop waiting for the process to 02071 // terminate or the lock to be granted. 02072 // 02073 02074 Process->LockCount -= 1; 02075 do { 02076 02077 WaitSuccess = FALSE; 02078 // 02079 // If the specified process has exited, then set the 02080 // completion status and exit the loop. 02081 // 02082 02083 if (Process->ExitTime.QuadPart != 0 && LocalLockMode != PsLockWaitForever) { 02084 Status = STATUS_PROCESS_IS_TERMINATING; 02085 break; 02086 } 02087 02088 // 02089 // Release the process lock fast mutex and wait for the 02090 // lock to be granted or time out to occur. 02091 // 02092 02093 ExReleaseFastMutexUnsafe(&PspProcessLockMutex); 02094 rewait: 02095 Status = KeWaitForSingleObject(&Process->LockEvent, 02096 Executive, 02097 WaitMode, 02098 FALSE, 02099 Timeout); 02100 02101 // 02102 // If waitmode is user-mode, then we can pop out of the wait with 02103 // status_user_apc. If callers are using PsLockWaitForever, they 02104 // don't expect this API to return without holding the lock, so 02105 // we need to re-execute the wait. Only place waitforever is used 02106 // in conjunction with UserMode is exit where all we want to do 02107 // with user-mode is allow our stack to swap, not service an exitapc 02108 // 02109 if ( Status == STATUS_USER_APC 02110 && WaitMode == UserMode 02111 && LocalLockMode == PsLockWaitForever ) { 02112 WaitMode = KernelMode; 02113 goto rewait; 02114 } 02115 02116 // 02117 // Reacquire the process lock fast mutex and continue the 02118 // loop if timeout has occured. 02119 // 02120 // 02121 02122 ExAcquireFastMutexUnsafe(&PspProcessLockMutex); 02123 02124 // 02125 // If the specified process has exited, then set the 02126 // completion status and exit the loop. This test needs 02127 // to be repeated so we catch the non-timed out wait 02128 // case where the process terminated and the lock was released 02129 // during the wait period 02130 // 02131 02132 if ( Process->ExitTime.QuadPart != 0 02133 && LocalLockMode != PsLockWaitForever ) { 02134 02135 if ( Status == STATUS_SUCCESS ) { 02136 // 02137 // We came out of the wait due to someone setting the 02138 // event. Since we are now going to bail, 02139 // we need to set the event to pass ownership on to someone else. 02140 // 02141 WaitSuccess = TRUE; 02142 } 02143 Status = STATUS_PROCESS_IS_TERMINATING; 02144 break; 02145 } 02146 02147 } while (Status == STATUS_TIMEOUT); 02148 02149 // 02150 // If the completion status is success, then the lock has been 02151 // granted and the owner is set. Otherwise, a user APC is pending 02152 // or the process has terminated and the lock request should be 02153 // dropped. 02154 // 02155 02156 if (Status != STATUS_SUCCESS) { 02157 Status = STATUS_PROCESS_IS_TERMINATING; 02158 Process->LockCount += 1; 02159 02160 if ( Process->LockCount == 1 ) { 02161 // 02162 // No one else is involved with the lock. We were granted owner 02163 // ship. We need to make sure the event is NOT signalled 02164 // 02165 // Is doesn't matter if we bail in this case due to a successful 02166 // wait, timeout. A lock count of 1 is the initial state 02167 // of a free lock. 02168 02169 KeClearEvent(&Process->LockEvent); 02170 } else { 02171 02172 // 02173 // A LockCount !=1 means that others are involved 02174 // in the lock. We requested ownership of the lock 02175 // by decrementing lockcount. 02176 // 02177 // We were granted ownership IF our wait was satisfied. 02178 // Since we are bailing, we need to pass this ownership along 02179 // to the next waiter. 02180 // 02181 // If we were not granted ownership (wait timed out, or we 02182 // bailed before the wait) then we don't have to do anything 02183 // more than increment the lock count 02184 // 02185 02186 if ( WaitSuccess ) { 02187 KeSetEvent(&Process->LockEvent, 0, FALSE); 02188 } 02189 } 02190 02191 } else { 02192 Process->LockOwner = KeGetCurrentThread(); 02193 } 02194 } 02195 02196 } else { 02197 02198 // 02199 // The process lock is not currently owned. 02200 // 02201 // If the lock mode is not wait forever and the process has already 02202 // terminated, then set the completion status to process terminating. 02203 // Otherwise, decrement the lock count, set the lock owner, and set 02204 // the completion status to success. 02205 // 02206 02207 if ((LocalLockMode != PsLockWaitForever) && 02208 ( (Process->ExitTime.QuadPart != 0 || KeReadStateProcess(&Process->Pcb) != FALSE) ) 02209 ) { 02210 Status = STATUS_PROCESS_IS_TERMINATING; 02211 02212 } else { 02213 Process->LockCount -= 1; 02214 Process->LockOwner = KeGetCurrentThread(); 02215 Status = STATUS_SUCCESS; 02216 } 02217 } 02218 02219 // 02220 // Release the process lock fast mutex and return the completion 02221 // status. 02222 // 02223 02224 ExReleaseFastMutexUnsafe(&PspProcessLockMutex); 02225 02226 if (Status != STATUS_SUCCESS) { 02227 KeLeaveCriticalRegion(); 02228 } else { 02229 02230 // 02231 // We don't want to be "frozen" with the process lock held, so now 02232 // that we own the lock, check to see if we have a pending freeze count, 02233 // and if we do and dropping the lock will help, then drop it 02234 // 02235 02236 if ((LockMode != PsLockIAmExiting) && 02237 (Thread->Tcb.FreezeCount != 0) && 02238 (Thread->Tcb.KernelApcDisable == (ULONG) -1) ) { 02239 PsUnlockProcess(Process); 02240 goto retry; 02241 } 02242 } 02243 02244 return Status; 02245 }

NTKERNELAPI NTSTATUS PsLookupProcessByProcessId ( IN HANDLE ProcessId,

OUT PEPROCESS * Process

)

Definition at line 94 of file pscid.c.
References ExMapHandleToPointer(), ExUnlockHandleTableEntry(), _EPROCESS::GrantedAccess, _KPROCESS::Header, NTSTATUS(), NULL, _HANDLE_TABLE_ENTRY::Object, ObReferenceObject, _EPROCESS::Pcb, ProcessObject, PSP_INVALID_ID, PspCidTable, Status, and _DISPATCHER_HEADER::Type.
Referenced by LpcpGetCreatorName(), and NtOpenProcess().

00101 : 00102 00103 This function accepts the process id of a process and returns a 00104 referenced pointer to the process. 00105 00106 Arguments: 00107 00108 ProcessId - Specifies the Process ID of the process. 00109 00110 Process - Returns a referenced pointer to the process specified by the 00111 process id. 00112 00113 Return Value: 00114 00115 STATUS_SUCCESS - A process was located based on the contents of 00116 the process id. 00117 00118 STATUS_INVALID_PARAMETER - The process was not found. 00119 00120 --*/ 00121 00122 { 00123 00124 PHANDLE_TABLE_ENTRY CidEntry; 00125 PEPROCESS lProcess; 00126 NTSTATUS Status; 00127 00128 CidEntry = ExMapHandleToPointer(PspCidTable, ProcessId); 00129 Status = STATUS_INVALID_PARAMETER; 00130 if (CidEntry != NULL) { 00131 lProcess = (PEPROCESS)CidEntry->Object; 00132 if (lProcess != (PEPROCESS)PSP_INVALID_ID && lProcess->Pcb.Header.Type == ProcessObject && lProcess->GrantedAccess ) { 00133 ObReferenceObject(lProcess); 00134 *Process = lProcess; 00135 Status = STATUS_SUCCESS; 00136 } 00137 00138 ExUnlockHandleTableEntry(PspCidTable, CidEntry); 00139 } 00140 00141 return Status; 00142 }

NTSTATUS PsLookupProcessThreadByCid ( IN PCLIENT_ID Cid,

OUT PEPROCESS *Process OPTIONAL,

OUT PETHREAD * Thread

)

Definition at line 27 of file pscid.c.
References _ETHREAD::Cid, ExMapHandleToPointer(), ExUnlockHandleTableEntry(), _ETHREAD::GrantedAccess, _KTHREAD::Header, NTSTATUS(), NULL, _HANDLE_TABLE_ENTRY::Object, ObReferenceObject, PSP_INVALID_ID, PspCidTable, Status, _ETHREAD::Tcb, THREAD_TO_PROCESS, ThreadObject, and _DISPATCHER_HEADER::Type.
Referenced by LpcpCopyRequestData(), LpcRequestWaitReplyPort(), NtAcceptConnectPort(), NtImpersonateClientOfPort(), NtOpenProcess(), NtOpenThread(), NtReplyPort(), NtReplyWaitReceivePort(), NtReplyWaitReceivePortEx(), NtReplyWaitReplyPort(), NtRequestWaitReplyPort(), and VdmpIsThreadTerminating().

00035 : 00036 00037 This function accepts The Client ID of a thread, and returns a 00038 referenced pointer to the thread, and possibly a referenced pointer 00039 to the process. 00040 00041 Arguments: 00042 00043 Cid - Specifies the Client ID of the thread. 00044 00045 Process - If specified, returns a referenced pointer to the process 00046 specified in the Cid. 00047 00048 Thread - Returns a referenced pointer to the thread specified in the 00049 Cid. 00050 00051 Return Value: 00052 00053 STATUS_SUCCESS - A process and thread were located based on the contents 00054 of the Cid. 00055 00056 STATUS_INVALID_CID - The specified Cid is invalid. 00057 00058 --*/ 00059 00060 { 00061 00062 PHANDLE_TABLE_ENTRY CidEntry; 00063 PETHREAD lThread; 00064 NTSTATUS Status; 00065 00066 CidEntry = ExMapHandleToPointer(PspCidTable, Cid->UniqueThread); 00067 Status = STATUS_INVALID_CID; 00068 if (CidEntry != NULL) { 00069 lThread = (PETHREAD)CidEntry->Object; 00070 if ((lThread != (PETHREAD)PSP_INVALID_ID) && 00071 ( 00072 lThread->Tcb.Header.Type == ThreadObject && 00073 lThread->Cid.UniqueProcess == Cid->UniqueProcess && 00074 lThread->GrantedAccess 00075 ) ) { 00076 if (ARGUMENT_PRESENT(Process)) { 00077 *Process = THREAD_TO_PROCESS(lThread); 00078 ObReferenceObject(*Process); 00079 } 00080 00081 ObReferenceObject(lThread); 00082 *Thread = lThread; 00083 Status = STATUS_SUCCESS; 00084 } 00085 00086 ExUnlockHandleTableEntry(PspCidTable, CidEntry); 00087 } 00088 00089 return Status; 00090 }

NTKERNELAPI NTSTATUS PsLookupThreadByThreadId ( IN HANDLE ThreadId,

OUT PETHREAD * Thread

)

Definition at line 146 of file pscid.c.
References ExMapHandleToPointer(), ExUnlockHandleTableEntry(), _ETHREAD::GrantedAccess, _KTHREAD::Header, NTSTATUS(), NULL, _HANDLE_TABLE_ENTRY::Object, ObReferenceObject, PSP_INVALID_ID, PspCidTable, Status, _ETHREAD::Tcb, ThreadObject, and _DISPATCHER_HEADER::Type.
Referenced by NtOpenThread().

00153 : 00154 00155 This function accepts the thread id of a thread and returns a 00156 referenced pointer to the thread. 00157 00158 Arguments: 00159 00160 ThreadId - Specifies the Thread ID of the thread. 00161 00162 Thread - Returns a referenced pointer to the thread specified by the 00163 thread id. 00164 00165 Return Value: 00166 00167 STATUS_SUCCESS - A thread was located based on the contents of 00168 the thread id. 00169 00170 STATUS_INVALID_PARAMETER - The thread was not found. 00171 00172 --*/ 00173 00174 { 00175 00176 PHANDLE_TABLE_ENTRY CidEntry; 00177 PETHREAD lThread; 00178 NTSTATUS Status; 00179 00180 CidEntry = ExMapHandleToPointer(PspCidTable, ThreadId); 00181 Status = STATUS_INVALID_PARAMETER; 00182 if (CidEntry != NULL) { 00183 lThread = (PETHREAD)CidEntry->Object; 00184 if (lThread != (PETHREAD)PSP_INVALID_ID && lThread->Tcb.Header.Type == ThreadObject && lThread->GrantedAccess ) { 00185 00186 ObReferenceObject(lThread); 00187 *Thread = lThread; 00188 Status = STATUS_SUCCESS; 00189 } 00190 00191 ExUnlockHandleTableEntry(PspCidTable, CidEntry); 00192 } 00193 00194 return Status; 00195 } }

NTSTATUS PsOpenTokenOfJob ( IN HANDLE JobHandle,

OUT PACCESS_TOKEN * Token

)

NTSTATUS PsOpenTokenOfProcess ( IN HANDLE ProcessHandle,

OUT PACCESS_TOKEN * Token

)

Definition at line 492 of file ps/security.c.
References KPROCESSOR_MODE, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PsProcessType, PsReferencePrimaryToken(), and Status.
Referenced by NtOpenProcessToken().

00499 : 00500 00501 This function does the process specific processing of 00502 an NtOpenProcessToken() service. 00503 00504 The service validates that the handle has appropriate access 00505 to referenced process. If so, it goes on to reference the 00506 primary token object to prevent it from going away while the 00507 rest of the NtOpenProcessToken() request is processed. 00508 00509 NOTE: If this call completes successfully, the caller is responsible 00510 for decrementing the reference count of the target token. 00511 This must be done using the PsDereferencePrimaryToken() API. 00512 00513 Arguments: 00514 00515 ProcessHandle - Supplies a handle to a process object whose primary 00516 token is to be opened. 00517 00518 Token - If successful, receives a pointer to the process's token 00519 object. 00520 00521 Return Value: 00522 00523 STATUS_SUCCESS - Indicates the call completed successfully. 00524 00525 status may also be any value returned by an attemp the reference 00526 the process object for PROCESS_QUERY_INFORMATION access. 00527 00528 --*/ 00529 00530 { 00531 00532 NTSTATUS 00533 Status; 00534 00535 PEPROCESS 00536 Process; 00537 00538 KPROCESSOR_MODE 00539 PreviousMode; 00540 00541 00542 PreviousMode = KeGetPreviousMode(); 00543 00544 // 00545 // Make sure the handle grants the appropriate access to the specified 00546 // process. 00547 // 00548 00549 Status = ObReferenceObjectByHandle( 00550 ProcessHandle, 00551 PROCESS_QUERY_INFORMATION, 00552 PsProcessType, 00553 PreviousMode, 00554 (PVOID *)&Process, 00555 NULL 00556 ); 00557 00558 if (!NT_SUCCESS(Status)) { 00559 00560 return Status; 00561 00562 } 00563 00564 // 00565 // Reference the primary token 00566 // (This takes care of gaining exlusive access to the process 00567 // security fields for us) 00568 // 00569 00570 (*Token) = PsReferencePrimaryToken( Process ); 00571 00572 00573 00574 // 00575 // Done with the process object 00576 // 00577 00578 ObDereferenceObject( Process ); 00579 00580 return STATUS_SUCCESS; 00581 00582 00583 }

NTSTATUS PsOpenTokenOfThread ( IN HANDLE ThreadHandle,

IN BOOLEAN OpenAsSelf,

OUT PACCESS_TOKEN * Token,

OUT PBOOLEAN CopyOnOpen,

OUT PBOOLEAN EffectiveOnly,

OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel

)

Definition at line 326 of file ps/security.c.
References FALSE, KPROCESSOR_MODE, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PsDereferenceImpersonationToken, PsDisableImpersonation(), PsGetCurrentThread, PsReferenceImpersonationToken(), PsRestoreImpersonation(), PsThreadType, Status, ThreadHandle, and Token.

00337 : 00338 00339 This function does the thread specific processing of 00340 an NtOpenThreadToken() service. 00341 00342 The service validates that the handle has appropriate access 00343 to reference the thread. If so, it goes on to increment 00344 the reference count of the token object to prevent it from 00345 going away while the rest of the NtOpenThreadToken() request 00346 is processed. 00347 00348 NOTE: If this call completes successfully, the caller is responsible 00349 for decrementing the reference count of the target token. 00350 This must be done using PsDereferenceImpersonationToken(). 00351 00352 Arguments: 00353 00354 ThreadHandle - Supplies a handle to a thread object. 00355 00356 OpenAsSelf - Is a boolean value indicating whether the access should 00357 be made using the calling thread's current security context, which 00358 may be that of a client (if impersonating), or using the caller's 00359 process-level security context. A value of FALSE indicates the 00360 caller's current context should be used un-modified. A value of 00361 TRUE indicates the request should be fulfilled using the process 00362 level security context. 00363 00364 Token - If successful, receives a pointer to the thread's token 00365 object. 00366 00367 CopyOnOpen - The current value of the Thread->Client->CopyOnOpen field. 00368 00369 EffectiveOnly - The current value of the Thread->Client->EffectiveOnly field. 00370 00371 ImpersonationLevel - The current value of the Thread->Client->ImpersonationLevel 00372 field. 00373 00374 Return Value: 00375 00376 STATUS_SUCCESS - Indicates the call completed successfully. 00377 00378 STATUS_NO_TOKEN - Indicates the referenced thread is not currently 00379 impersonating a client. 00380 00381 STATUS_CANT_OPEN_ANONYMOUS - Indicates the client requested anonymous 00382 impersonation level. An anonymous token can not be openned. 00383 00384 status may also be any value returned by an attemp the reference 00385 the thread object for THREAD_QUERY_INFORMATION access. 00386 00387 --*/ 00388 00389 { 00390 00391 NTSTATUS 00392 Status; 00393 00394 PETHREAD 00395 Thread; 00396 00397 KPROCESSOR_MODE 00398 PreviousMode; 00399 00400 SE_IMPERSONATION_STATE 00401 DisabledImpersonationState; 00402 00403 BOOLEAN 00404 RestoreImpersonationState = FALSE; 00405 00406 PreviousMode = KeGetPreviousMode(); 00407 00408 00409 00410 // 00411 // Disable impersonation if necessary 00412 // 00413 00414 if (OpenAsSelf) { 00415 RestoreImpersonationState = PsDisableImpersonation( 00416 PsGetCurrentThread(), 00417 &DisabledImpersonationState 00418 ); 00419 } 00420 00421 // 00422 // Make sure the handle grants the appropriate access to the specified 00423 // thread. 00424 // 00425 00426 Status = ObReferenceObjectByHandle( 00427 ThreadHandle, 00428 THREAD_QUERY_INFORMATION, 00429 PsThreadType, 00430 PreviousMode, 00431 (PVOID *)&Thread, 00432 NULL 00433 ); 00434 00435 00436 00437 00438 if (RestoreImpersonationState) { 00439 PsRestoreImpersonation( 00440 PsGetCurrentThread(), 00441 &DisabledImpersonationState 00442 ); 00443 } 00444 00445 if (!NT_SUCCESS(Status)) { 00446 return Status; 00447 } 00448 00449 // 00450 // Reference the impersonation token, if there is one 00451 // 00452 00453 (*Token) = PsReferenceImpersonationToken( Thread, 00454 CopyOnOpen, 00455 EffectiveOnly, 00456 ImpersonationLevel 00457 ); 00458 00459 00460 // 00461 // dereference the target thread. 00462 // 00463 00464 ObDereferenceObject( Thread ); 00465 00466 // 00467 // Make sure there is a token 00468 // 00469 00470 if ((*Token) == NULL) { 00471 return STATUS_NO_TOKEN; 00472 } 00473 00474 // 00475 // Make sure the ImpersonationLevel is high enough to allow 00476 // the token to be openned. 00477 // 00478 00479 if ((*ImpersonationLevel) <= SecurityAnonymous) { 00480 PsDereferenceImpersonationToken( (*Token) ); 00481 (*Token) = NULL; 00482 return STATUS_CANT_OPEN_ANONYMOUS; 00483 } 00484 00485 00486 return STATUS_SUCCESS; 00487 00488 }

VOID PspContextFromKframes ( OUT PKTRAP_FRAME TrapFrame,

OUT PKEXCEPTION_FRAME ExceptionFrame,

IN PCONTEXT Context

)

VOID PspContextToKframes ( OUT PKTRAP_FRAME TrapFrame,

OUT PKEXCEPTION_FRAME ExceptionFrame,

IN PCONTEXT Context

)

PACCESS_TOKEN PsReferenceEffectiveToken ( IN PETHREAD Thread,

OUT PTOKEN_TYPE TokenType,

OUT PBOOLEAN EffectiveOnly,

OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel

)

Definition at line 208 of file ps/security.c.
References ASSERT, FALSE, ObReferenceObject, PsFreeProcessSecurityFields, PsLockProcessSecurityFields, THREAD_TO_PROCESS, ThreadObject, and Token.
Referenced by SeCreateClientSecurity().

00217 : 00218 00219 This function returns a pointer to the effective token of a thread. The 00220 effective token of a thread is the thread's impersonation token if it has 00221 one. Otherwise, it is the primary token of the thread's process. 00222 00223 The reference count of the effective token is incremented to protect 00224 the pointer returned. 00225 00226 If the thread is impersonating a client, then the impersonation level 00227 is also returned. 00228 00229 Either PsDereferenceImpersonationToken() (for an impersonation token) or 00230 PsDereferencePrimaryToken() (for a primary token) must be called to 00231 decrement the token's reference count when the pointer is no longer 00232 needed. 00233 00234 00235 Arguments: 00236 00237 Thread - Supplies the address of the thread whose effective token 00238 is to be referenced. 00239 00240 TokenType - Receives the type of the effective token. If the thread 00241 is currently impersonating a client, then this will be 00242 TokenImpersonation. Othwerwise, it will be TokenPrimary. 00243 00244 EffectiveOnly - If the token type is TokenImpersonation, then this 00245 receives the value of the client thread's Thread->Client->EffectiveOnly field. 00246 Otherwise, it is set to FALSE. 00247 00248 ImpersonationLevel - The current value of the Thread->Client->ImpersonationLevel 00249 field for an impersonation token and is not set for a primary token. 00250 00251 Return Value: 00252 00253 A pointer to the specified thread's effective token. 00254 00255 --*/ 00256 00257 { 00258 PACCESS_TOKEN 00259 Token; 00260 00261 ASSERT( Thread->Tcb.Header.Type == ThreadObject ); 00262 00263 // 00264 // Lock the process security fields. 00265 // 00266 00267 PsLockProcessSecurityFields(); 00268 00269 // 00270 // Grab the current impersonation token pointer value 00271 // 00272 00273 00274 if ( Thread->ActiveImpersonationInfo ) { 00275 00276 Token = Thread->ImpersonationInfo->Token; 00277 00278 // 00279 // Return the thread's impersonation level, etc. 00280 // 00281 00282 (*TokenType) = TokenImpersonation; 00283 (*EffectiveOnly) = Thread->ImpersonationInfo->EffectiveOnly; 00284 (*ImpersonationLevel) = Thread->ImpersonationInfo->ImpersonationLevel; 00285 00286 00287 00288 } else { 00289 00290 // 00291 // Get the thread's primary token if it wasn't impersonating a client. 00292 // 00293 00294 Token = THREAD_TO_PROCESS(Thread)->Token; 00295 00296 00297 // 00298 // Only the TokenType and CopyOnOpen OUT parameters are 00299 // returned for a primary token. 00300 // 00301 00302 (*TokenType) = TokenPrimary; 00303 (*EffectiveOnly) = FALSE; 00304 00305 } 00306 00307 // 00308 // Increment the reference count of the token to protect our 00309 // pointer. 00310 // 00311 00312 ObReferenceObject(Token); 00313 00314 // 00315 // Release the security fields. 00316 // 00317 00318 PsFreeProcessSecurityFields(); 00319 00320 00321 return Token; 00322 00323 }

NTKERNELAPI PACCESS_TOKEN PsReferenceImpersonationToken ( IN PETHREAD Thread,

OUT PBOOLEAN CopyOnOpen,

OUT PBOOLEAN EffectiveOnly,

OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel

)

Definition at line 97 of file ps/security.c.
References ASSERT, NULL, ObReferenceObject, PsFreeProcessSecurityFields, PsLockProcessSecurityFields, ThreadObject, and Token.
Referenced by GetProcessLuid(), IsRestricted(), PsOpenTokenOfThread(), SeCaptureSubjectContext(), and SepOpenTokenOfThread().

00106 : 00107 00108 This function returns a pointer to the impersonation token of a thread. 00109 The reference count of that impersonation token is incremented to protect 00110 the pointer returned. 00111 00112 If the thread is not currently impersonating a client, then a null pointer 00113 is returned. 00114 00115 If the thread is impersonating a client, then information about the 00116 means of impersonation are also returned (ImpersonationLevel). 00117 00118 If a non-null value is returned, then PsDereferenceImpersonationToken() 00119 must be called to decrement the token's reference count when the pointer 00120 is no longer needed. 00121 00122 00123 Arguments: 00124 00125 Thread - Supplies the address of the thread whose impersonation token 00126 is to be referenced. 00127 00128 CopyOnOpen - The current value of the Thread->ImpersonationInfo->CopyOnOpen field. 00129 00130 EffectiveOnly - The current value of the Thread->ImpersonationInfo->EffectiveOnly field. 00131 00132 ImpersonationLevel - The current value of the Thread->ImpersonationInfo->ImpersonationLevel 00133 field. 00134 00135 Return Value: 00136 00137 A pointer to the specified thread's impersonation token. 00138 00139 If the thread is not currently impersonating a client, then NULL is 00140 returned. 00141 00142 --*/ 00143 00144 { 00145 PACCESS_TOKEN 00146 Token; 00147 00148 ASSERT( Thread->Tcb.Header.Type == ThreadObject ); 00149 // 00150 // before going through the lock overhead just look to see if it is 00151 // null. There is no race. Grabbing the lock is not needed until 00152 // we decide to use the token at which point we re check to see it 00153 // it is null. 00154 // This check saves about 300 instructions. 00155 // 00156 00157 if ( !Thread->ActiveImpersonationInfo ) { 00158 return NULL; 00159 } 00160 00161 00162 // 00163 // Lock the process security fields. 00164 // 00165 00166 PsLockProcessSecurityFields(); 00167 00168 // 00169 // Grab the current token pointer value 00170 // 00171 00172 00173 if ( Thread->ActiveImpersonationInfo ) { 00174 00175 // 00176 // Return the thread's impersonation level, etc. 00177 // 00178 00179 Token = Thread->ImpersonationInfo->Token; 00180 (*ImpersonationLevel) = Thread->ImpersonationInfo->ImpersonationLevel; 00181 (*CopyOnOpen) = Thread->ImpersonationInfo->CopyOnOpen; 00182 (*EffectiveOnly) = Thread->ImpersonationInfo->EffectiveOnly; 00183 00184 00185 // 00186 // Increment the reference count of the token to protect our 00187 // pointer. 00188 // 00189 00190 ObReferenceObject(Token); 00191 00192 } else { 00193 Token = NULL; 00194 } 00195 00196 00197 // 00198 // Release the security fields. 00199 // 00200 00201 PsFreeProcessSecurityFields(); 00202 00203 return Token; 00204 00205 }

NTKERNELAPI PACCESS_TOKEN PsReferencePrimaryToken ( IN PEPROCESS Process )

Definition at line 28 of file ps/security.c.
References ASSERT, ObReferenceObject, ProcessObject, PsFreeProcessSecurityFields, PsLockProcessSecurityFields, and Token.
Referenced by CheckAllowForeground(), GetProcessLuid(), IsRestricted(), NtOpenThreadToken(), NtSecureConnectPort(), NtSetInformationProcess(), PsOpenTokenOfProcess(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), SeCaptureSubjectContext(), SeIsChildToken(), SeIsChildTokenByPointer(), and SeSubProcessToken().

00034 : 00035 00036 This function returns a pointer to the primary token of a process. 00037 The reference count of that primary token is incremented to protect 00038 the pointer returned. 00039 00040 When the pointer is no longer needed, it should be freed using 00041 PsDereferencePrimaryToken(). 00042 00043 00044 Arguments: 00045 00046 Process - Supplies the address of the process whose primary token 00047 is to be referenced. 00048 00049 Return Value: 00050 00051 A pointer to the specified process's primary token. 00052 00053 --*/ 00054 00055 { 00056 PACCESS_TOKEN 00057 Token; 00058 00059 ASSERT( Process->Pcb.Header.Type == ProcessObject ); 00060 00061 // 00062 // For performance sake, we may want to change this to use 00063 // an executive interlocked add routine in the future. 00064 // 00065 00066 00067 // 00068 // Lock the process security fields. 00069 // 00070 00071 PsLockProcessSecurityFields(); 00072 00073 // 00074 // Grab the current token pointer value 00075 // 00076 00077 Token = Process->Token; 00078 00079 // 00080 // Increment the reference count of the primary token to protect our 00081 // pointer. 00082 // 00083 00084 ObReferenceObject(Token); 00085 00086 // 00087 // Release the process security fields 00088 // 00089 00090 PsFreeProcessSecurityFields(); 00091 00092 return Token; 00093 00094 }

VOID PsReportProcessMemoryLimitViolation ( VOID )

Definition at line 2901 of file psjob.c.
References _EJOB::CompletionKey, _EJOB::CompletionPort, ExAcquireFastMutexUnsafe(), ExReleaseFastMutexUnsafe(), IoSetIoCompletion(), _EPROCESS::Job, _EPROCESS::JobStatus, KeEnterCriticalRegion, KeLeaveCriticalRegion, _EJOB::LimitFlags, _EJOB::MemoryLimitsLock, PS_JOB_STATUS_LAST_REPORT_MEMORY, PS_JOB_STATUS_NEW_PROCESS_REPORTED, PS_SET_BITS, PsGetCurrentProcess, TRUE, and _EPROCESS::UniqueProcessId.
Referenced by MiInsertVad(), MiSetProtectionOnSection(), and NtAllocateVirtualMemory().

02904 { 02905 PEPROCESS Process; 02906 PEJOB Job; 02907 02908 Process = PsGetCurrentProcess(); 02909 Job = Process->Job; 02910 if ( Job && (Job->LimitFlags & JOB_OBJECT_LIMIT_PROCESS_MEMORY) ) { 02911 KeEnterCriticalRegion(); 02912 ExAcquireFastMutexUnsafe(&Job->MemoryLimitsLock); 02913 02914 // 02915 // Tell the job port that commit has been exceeded, and process id x 02916 // was the one that hit it. 02917 // 02918 02919 if ( Job->CompletionPort 02920 && Process->UniqueProcessId 02921 && (Process->JobStatus & PS_JOB_STATUS_NEW_PROCESS_REPORTED) 02922 && (Process->JobStatus & PS_JOB_STATUS_LAST_REPORT_MEMORY) == 0) { 02923 02924 PS_SET_BITS (&Process->JobStatus, PS_JOB_STATUS_LAST_REPORT_MEMORY); 02925 IoSetIoCompletion( 02926 Job->CompletionPort, 02927 Job->CompletionKey, 02928 (PVOID)Process->UniqueProcessId, 02929 STATUS_SUCCESS, 02930 JOB_OBJECT_MSG_PROCESS_MEMORY_LIMIT, 02931 TRUE 02932 ); 02933 02934 } 02935 ExReleaseFastMutexUnsafe(&Job->MemoryLimitsLock); 02936 KeLeaveCriticalRegion(); 02937 02938 } 02939 }

VOID PsRestoreImpersonation ( IN PETHREAD Thread,

IN PSE_IMPERSONATION_STATE ImpersonationState

)

Definition at line 990 of file ps/security.c.
References ObDereferenceObject, and PsImpersonateClient().
Referenced by NtOpenThreadToken(), PsOpenTokenOfThread(), and SepOpenTokenOfThread().

00997 : 00998 00999 This routine restores an impersonation that has been temporarily disabled 01000 using PsDisableImpersonation(). 01001 01002 Notice that if this routine finds the thread is already impersonating 01003 (again), then restoring the temporarily disabled impersonation will cause 01004 the current impersonation to be abandoned. 01005 01006 01007 01008 Arguments: 01009 01010 Thread - points to the thread whose impersonation is to be restored. 01011 01012 ImpersontionState - receives the current impersontion information, 01013 including a pointer ot the impersonation token. 01014 01015 01016 Return Value: 01017 01018 TRUE - Indicates the impersonation state has been saved and the 01019 impersonation has been temporarily disabled. 01020 01021 FALSE - Indicates the specified thread was not impersonating a client. 01022 No action has been taken. 01023 01024 --*/ 01025 01026 { 01027 01028 01029 // 01030 // The processing for restore is identical to that for Impersonation, 01031 // except that the token's reference count will be incremented (and 01032 // so we need to do one dereference). 01033 01034 PsImpersonateClient( 01035 Thread, 01036 ImpersonationState->Token, 01037 ImpersonationState->CopyOnOpen, 01038 ImpersonationState->EffectiveOnly, 01039 ImpersonationState->Level 01040 ); 01041 01042 01043 ObDereferenceObject( ImpersonationState->Token ); 01044 01045 return; 01046 01047 }

VOID PsReturnPoolQuota ( IN PEPROCESS Process,

IN POOL_TYPE PoolType,

IN ULONG_PTR Amount

)

VOID PsReturnSharedPoolQuota ( IN PEPROCESS_QUOTA_BLOCK QuotaBlock,

IN ULONG_PTR PagedAmount,

IN ULONG_PTR NonPagedAmount

)

NTKERNELAPI VOID PsRevertToSelf ( VOID )

NTSTATUS PsSetCreateProcessNotifyRoutine ( IN PCREATE_PROCESS_NOTIFY_ROUTINE NotifyRoutine,

IN BOOLEAN Remove

)

Definition at line 1691 of file ps/create.c.
References NULL, PSP_MAX_CREATE_PROCESS_NOTIFY, PspCreateProcessNotifyRoutine, and PspCreateProcessNotifyRoutineCount.

01698 : 01699 01700 This function allows an installable file system to hook into process 01701 creation and deletion to track those events against their own internal 01702 data structures. 01703 01704 Arguments: 01705 01706 NotifyRoutine - Supplies the address of a routine which is called at 01707 process creation and deletion. The routine is passed the unique Id 01708 of the created or deleted process and the parent process if it was 01709 created with the inherit handles option. If it was created without 01710 the inherit handle options, then the parent process Id will be NULL. 01711 The third parameter passed to the notify routine is TRUE if the process 01712 is being created and FALSE if it is being deleted. 01713 01714 The callout for creation happens just after the first thread in the 01715 process has been created. The callout for deletion happens after the 01716 last thread in a process has terminated and the address space is about 01717 to be deleted. It is possible to get a deletion call without a creation 01718 call if the pathological case where a process is created and deleted 01719 without a thread ever being created. 01720 01721 Remove - FALSE specifies to install the callout and TRUE specifies to 01722 remove the callout that mat 01723 01724 Return Value: 01725 01726 STATUS_SUCCESS if successful, and STATUS_INVALID_PARAMETER if not. 01727 01728 --*/ 01729 01730 { 01731 01732 ULONG i; 01733 01734 for (i=0; i < PSP_MAX_CREATE_PROCESS_NOTIFY; i++) { 01735 if (Remove) { 01736 if (PspCreateProcessNotifyRoutine[i] == NotifyRoutine) { 01737 PspCreateProcessNotifyRoutine[i] = NULL; 01738 PspCreateProcessNotifyRoutineCount -= 1; 01739 return STATUS_SUCCESS; 01740 } 01741 01742 } else { 01743 if (PspCreateProcessNotifyRoutine[i] == NULL) { 01744 PspCreateProcessNotifyRoutine[i] = NotifyRoutine; 01745 PspCreateProcessNotifyRoutineCount += 1; 01746 return STATUS_SUCCESS; 01747 } 01748 } 01749 } 01750 01751 return Remove ? STATUS_PROCEDURE_NOT_FOUND : STATUS_INVALID_PARAMETER; 01752 }

NTSTATUS PsSetCreateThreadNotifyRoutine ( IN PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine )

Definition at line 1755 of file ps/create.c.
References NTSTATUS(), NULL, PSP_MAX_CREATE_THREAD_NOTIFY, PspCreateThreadNotifyRoutine, PspCreateThreadNotifyRoutineCount, and Status.

01761 : 01762 01763 This function allows an installable file system to hook into thread 01764 creation and deletion to track those events against their own internal 01765 data structures. 01766 01767 Arguments: 01768 01769 NotifyRoutine - Supplies the address of the routine which is called at 01770 thread creation and deletion. The routine is passed the unique Id 01771 of the created or deleted thread and the unique Id of the containing 01772 process. The third parameter passed to the notify routine is TRUE if 01773 the thread is being created and FALSE if it is being deleted. 01774 01775 Return Value: 01776 01777 STATUS_SUCCESS if successful, and STATUS_INSUFFICIENT_RESOURCES if not. 01778 01779 --*/ 01780 01781 { 01782 01783 ULONG i; 01784 NTSTATUS Status; 01785 01786 Status = STATUS_INSUFFICIENT_RESOURCES; 01787 for (i = 0; i < PSP_MAX_CREATE_THREAD_NOTIFY; i += 1) { 01788 if (PspCreateThreadNotifyRoutine[i] == NULL) { 01789 PspCreateThreadNotifyRoutine[i] = NotifyRoutine; 01790 PspCreateThreadNotifyRoutineCount += 1; 01791 Status = STATUS_SUCCESS; 01792 break; 01793 } 01794 } 01795 01796 return Status; 01797 }

ULONG PsSetLegoNotifyRoutine ( PLEGO_NOTIFY_ROUTINE LegoNotifyRoutine )

Definition at line 45 of file psdelete.c.
References PAGED_CODE, and PspLegoNotifyRoutine.

00048 { 00049 PAGED_CODE(); 00050 00051 PspLegoNotifyRoutine = LegoNotifyRoutine; 00052 00053 return FIELD_OFFSET(KTHREAD,LegoData); 00054 }

NTSTATUS PsSetLoadImageNotifyRoutine ( IN PLOAD_IMAGE_NOTIFY_ROUTINE NotifyRoutine )

Definition at line 2344 of file ps/create.c.
References NTSTATUS(), NULL, PAGED_CODE, PLOAD_IMAGE_NOTIFY_ROUTINE, PsImageNotifyEnabled, PSP_MAX_LOAD_IMAGE_NOTIFY, PspLoadImageNotifyRoutine, PspLoadImageNotifyRoutineCount, Status, and TRUE.

02350 : 02351 02352 This function allows a device driver to get notified for 02353 image loads. The notify is issued for both kernel and user 02354 mode image loads system-wide. 02355 02356 Arguments: 02357 02358 NotifyRoutine - Supplies the address of a routine which is called at 02359 image load. The routine is passed information describing the 02360 image being loaded. 02361 02362 The callout for creation happens just after the image is loaded 02363 into memory but before executiona of the image. 02364 02365 Remove - FALSE specifies to install the callout and TRUE specifies to 02366 remove the callout that mat 02367 02368 Return Value: 02369 02370 STATUS_SUCCESS if successful, and STATUS_INVALID_PARAMETER if not. 02371 02372 --*/ 02373 02374 { 02375 02376 ULONG i; 02377 NTSTATUS Status; 02378 02379 PAGED_CODE(); 02380 02381 Status = STATUS_INSUFFICIENT_RESOURCES; 02382 for (i=0; i < PSP_MAX_LOAD_IMAGE_NOTIFY; i++) { 02383 if (PspLoadImageNotifyRoutine[i] == NULL) { 02384 PspLoadImageNotifyRoutine[i] = NotifyRoutine; 02385 PspLoadImageNotifyRoutineCount += 1; 02386 Status = STATUS_SUCCESS; 02387 PsImageNotifyEnabled = TRUE; 02388 break; 02389 } 02390 } 02391 02392 return Status; 02393 }

NTKERNELAPI VOID PsSetProcessPriorityByClass ( IN PEPROCESS Process,

IN PSPROCESSPRIORITYMODE PriorityMode

)

Definition at line 3916 of file psquery.c.
References KeSetPriorityProcess(), MEMORY_PRIORITY_BACKGROUND, MEMORY_PRIORITY_FOREGROUND, MmSetMemoryPriorityProcess(), PAGED_CODE, PS_WS_TRIM_BACKGROUND_ONLY_APP, PspForegroundQuantum, PspJobSchedulingClasses, PspPriorityTable, PsPrioritySeperation, PsProcessPriorityForeground, PsProcessPrioritySpinning, PspUseJobSchedulingClasses, and THREAD_QUANTUM.
Referenced by NtSetInformationProcess(), PspApplyJobLimitsToProcess(), PspCreateProcess(), and SetForegroundPriorityProcess().

03920 { 03921 KPRIORITY BasePriority; 03922 UCHAR MemoryPriority; 03923 ULONG QuantumIndex; 03924 03925 PAGED_CODE(); 03926 03927 03928 BasePriority = PspPriorityTable[Process->PriorityClass]; 03929 03930 03931 if ( PriorityMode == PsProcessPriorityForeground ) { 03932 QuantumIndex = PsPrioritySeperation; 03933 MemoryPriority = MEMORY_PRIORITY_FOREGROUND; 03934 #if defined(_X86_) 03935 Process->MmAgressiveWsTrimMask &= ~PS_WS_TRIM_BACKGROUND_ONLY_APP; 03936 #endif // _X86_ 03937 } 03938 else { 03939 QuantumIndex = 0; 03940 MemoryPriority = MEMORY_PRIORITY_BACKGROUND; 03941 } 03942 03943 if ( Process->PriorityClass != PROCESS_PRIORITY_CLASS_IDLE ) { 03944 if ( Process->Job && PspUseJobSchedulingClasses ) { 03945 Process->Pcb.ThreadQuantum = PspJobSchedulingClasses[Process->Job->SchedulingClass]; 03946 } 03947 else { 03948 Process->Pcb.ThreadQuantum = PspForegroundQuantum[QuantumIndex]; 03949 } 03950 } 03951 else { 03952 Process->Pcb.ThreadQuantum = THREAD_QUANTUM; 03953 } 03954 03955 KeSetPriorityProcess(&Process->Pcb,BasePriority); 03956 if ( PriorityMode != PsProcessPrioritySpinning ) { 03957 MmSetMemoryPriorityProcess(Process, MemoryPriority); 03958 } 03959 }

NTKERNELAPI NTSTATUS PsTerminateSystemThread ( IN NTSTATUS ExitStatus )

Definition at line 546 of file psdelete.c.
References _ETHREAD::HasTerminated, IS_SYSTEM_THREAD, PsGetCurrentThread, PspExitThread(), and TRUE.
Referenced by SmbTraceThreadEntry(), and xxxDesktopThread().

00552 : 00553 00554 This function causes the current thread, which must be a system 00555 thread, to terminate. 00556 00557 Arguments: 00558 00559 ExitStatus - Supplies the exit status associated with the thread. 00560 00561 Return Value: 00562 00563 None. 00564 00565 --*/ 00566 00567 { 00568 PETHREAD Thread = PsGetCurrentThread(); 00569 00570 if ( !IS_SYSTEM_THREAD(Thread) ) { 00571 return STATUS_INVALID_PARAMETER; 00572 } 00573 00574 Thread->HasTerminated = TRUE; 00575 PspExitThread(ExitStatus); 00576 }

VOID PsUnlockProcess ( IN PEPROCESS Process )

Definition at line 2250 of file ps/create.c.
References ExAcquireFastMutexUnsafe(), ExReleaseFastMutexUnsafe(), FALSE, KeLeaveCriticalRegion, KeSetEvent(), NULL, PAGED_CODE, and PspProcessLockMutex.
Referenced by DbgkCreateThread(), DbgkpResumeProcess(), DbgkpSuspendProcess(), NtAssignProcessToJobObject(), NtSetInformationProcess(), NtSetInformationThread(), NtTerminateProcess(), NtTerminateThread(), PsLockProcess(), PspApplyJobLimitsToProcess(), PspCreateThread(), PspExitThread(), and PspTerminateProcess().

02256 : 02257 02258 This function is the opposite of a successful call to PsLockProcess. It 02259 simply releases the createdelete lock for a process. 02260 02261 Arguments: 02262 02263 Process - Supplies the address of the process whose create/delete 02264 lock is to be released. 02265 02266 Return Value: 02267 02268 None. 02269 02270 --*/ 02271 02272 { 02273 02274 PAGED_CODE(); 02275 02276 // 02277 // Acquire process lock fast mutex to synchronize access to the ownership, 02278 // lock count, and synchronization event of the specified process. 02279 // 02280 02281 ExAcquireFastMutexUnsafe(&PspProcessLockMutex); 02282 02283 // 02284 // Increment the lock count and clear the lock owner. If the lock count 02285 // is less than one, then set the lock event. 02286 // 02287 02288 Process->LockCount += 1; 02289 Process->LockOwner = NULL; 02290 if (Process->LockCount != 1) { 02291 KeSetEvent(&Process->LockEvent, 0, FALSE); 02292 } 02293 02294 // 02295 // Release the process lock fast mutex and return. 02296 // 02297 02298 02299 ExReleaseFastMutexUnsafe(&PspProcessLockMutex); 02300 KeLeaveCriticalRegion(); 02301 return; 02302 }

Variable Documentation

LIST_ENTRY PsActiveProcessHead

Definition at line 575 of file ps.h.
Referenced by ExpGetProcessInformation(), IoWriteCrashDump(), MiCheckForCrashDump(), PsChangeQuantumTable(), PspCreateProcess(), and PspInitPhase0().

LCID PsDefaultSystemLocaleId

Definition at line 584 of file ps.h.
Referenced by CmGetSystemControlValues(), CmpCreatePerfKeys(), IopProcessNewDeviceNode(), LdrpSearchResourceSection_U(), NtQueryDefaultLocale(), and NtSetDefaultLocale().

LCID PsDefaultThreadLocaleId

Definition at line 585 of file ps.h.
Referenced by CmGetSystemControlValues(), NtQueryDefaultLocale(), NtSetDefaultLocale(), and PspUserThreadStartup().

LANGID PsDefaultUILanguageId

Definition at line 586 of file ps.h.
Referenced by CmGetSystemControlValues().

PVOID PsHalImageBase

Definition at line 581 of file ps.h.

PEPROCESS PsIdleProcess

Definition at line 588 of file ps.h.
Referenced by ExpGetProcessInformation(), NtQuerySystemInformation(), and PspInitPhase0().

BOOLEAN PsImageNotifyEnabled

Definition at line 880 of file ps.h.
Referenced by DbgkCreateThread(), MiLoadSystemImage(), MiMapViewOfImageSection(), PsCallImageNotifyRoutines(), and PsSetLoadImageNotifyRoutine().

PEPROCESS PsInitialSystemProcess

Definition at line 579 of file ps.h.
Referenced by ExAllocatePoolWithQuotaTag(), IopChainDereferenceComplete(), MiCheckForCrashDump(), MiLoadSystemImage(), MiMapViewOfImageSection(), NtClose(), NtCreatePagingFile(), NtLoadDriver(), NtSetInformationObject(), NtUnloadDriver(), NtWaitForMultipleObjects(), ObpCreateHandle(), ObpCreateUnnamedHandle(), PsChargePoolQuota(), PsChargeSharedPoolQuota(), PsCreateSystemThread(), PspCreateProcess(), PspCreateThread(), PspInitPhase0(), and PsReturnPoolQuota().

LANGID PsInstallUILanguageId

Definition at line 587 of file ps.h.
Referenced by CmGetSystemControlValues(), LdrpSearchResourceSection_U(), NtQueryDefaultUILanguage(), and NtQueryInstallUILanguage().

LIST_ENTRY PsLoadedModuleList

Definition at line 582 of file ps.h.
Referenced by CmpCreateHwProfileFriendlyName(), IopDriverCorrectnessAddressToFileHeader(), IopGetLoadedDriverInfo(), IopInitializeBootLogging(), IopInitializeBuiltinDriver(), IopLoadDriver(), IopWriteDriverList(), IoWriteCrashDump(), KdpGetVersion(), KeDumpMachineState(), KiPcToFileHeader(), MiBuildImportsForBootDrivers(), MiCheckForCrashDump(), MiDereferenceImports(), MiEnablePagingTheExecutive(), MiFindInitializationCode(), MiGetHighestPteConsumer(), MiInitializeLoadedModuleList(), MiLoadSystemImage(), MiLookupDataTableEntry(), MiLookupPsLoadedModule(), MiResolveImageReferences(), MiSnapThunk(), MmGetSystemRoutineAddress(), MmInitSystem(), MmSetKernelDumpRange(), MmUnloadSystemImage(), NtQuerySystemInformation(), and RtlPcToFileHeader().

ERESOURCE PsLoadedModuleResource

Definition at line 583 of file ps.h.
Referenced by IopInitializeBootLogging(), IopLoadDriver(), MiEnablePagingTheExecutive(), MiFindInitializationCode(), MiInitializeLoadedModuleList(), MiLoadSystemImage(), MiLookupDataTableEntry(), MiLookupPsLoadedModule(), MiMapViewOfImageSection(), MmGetSectionRange(), MmGetSystemRoutineAddress(), MmInitSystem(), MmLockPagableDataSection(), MmUnloadSystemImage(), NtQuerySystemInformation(), and NtSystemDebugControl().

UNICODE_STRING PsNtDllPathName

Definition at line 576 of file ps.h.
Referenced by DbgkCreateThread(), and PsLocateSystemDll().

PVOID PsNtosImageBase

Definition at line 580 of file ps.h.
Referenced by KdpGetVersion(), KiInitializeKernel(), and MiInitializeLoadedModuleList().

ULONG PsPrioritySeperation

Definition at line 573 of file ps.h.
Referenced by KiUnwaitThread(), PsChangeQuantumTable(), and PsSetProcessPriorityByClass().

FAST_MUTEX PsProcessSecurityLock

Definition at line 578 of file ps.h.
Referenced by PspInitPhase0().

ULONG PsRawPrioritySeparation

Definition at line 574 of file ps.h.
Referenced by PspInitPhase0().

BOOLEAN PsReaperActive

Definition at line 589 of file ps.h.
Referenced by KeTerminateThread(), and PspReaper().

LIST_ENTRY PsReaperListHead

Definition at line 590 of file ps.h.
Referenced by KeTerminateThread(), PspInitPhase0(), and PspReaper().

WORK_QUEUE_ITEM PsReaperWorkItem

Definition at line 591 of file ps.h.
Referenced by KeTerminateThread(), and PspInitPhase0().

PVOID PsSystemDllBase

Definition at line 577 of file ps.h.
Referenced by DbgkCreateThread(), and PsLocateSystemDll().

Generated on Sat May 15 19:45:21 2004 for test by

1.3.7


Classes
struct	_MMSUPPORT_FLAGS
struct	_MMSUPPORT
struct	_PS_IMPERSONATION_INFORMATION
struct	_EPROCESS_QUOTA_BLOCK
struct	_WOW64_PROCESS
struct	_EPROCESS
struct	_ETHREAD
struct	_INITIAL_PEB
struct	_PS_JOB_TOKEN_FILTER
struct	_EJOB
struct	_IMAGE_INFO
struct	_WIN32_JOBCALLOUT_PARAMETERS
struct	_WIN32_POWEREVENT_PARAMETERS
struct	_WIN32_POWERSTATE_PARAMETERS
Defines
#define	PSP_INVALID_ID ((ULONG_PTR)(0x82)<<((sizeof(ULONG_PTR)-1)*8))
#define	MEMORY_PRIORITY_BACKGROUND 0
#define	MEMORY_PRIORITY_WASFOREGROUND 1
#define	MEMORY_PRIORITY_FOREGROUND 2
#define	PS_WS_TRIM_FROM_EXE_HEADER 1
#define	PS_WS_TRIM_BACKGROUND_ONLY_APP 2
#define	PS_SET_BITS(Flags, Flag) ExInterlockedSetBits (Flags, Flag)
#define	PS_CLEAR_BITS(Flags, Flag) ExInterlockedClearBits (Flags, Flag)
#define	PS_SET_CLEAR_BITS(Flags, sFlag, cFlag) ExInterlockedSetClearBits (Flags, sFlag, cFlag)
#define	PS_JOB_STATUS_NOT_REALLY_ACTIVE 0x00000001
#define	PS_JOB_STATUS_ACCOUNTING_FOLDED 0x00000002
#define	PS_JOB_STATUS_NEW_PROCESS_REPORTED 0x00000004
#define	PS_JOB_STATUS_EXIT_PROCESS_REPORTED 0x00000008
#define	PS_JOB_STATUS_REPORT_COMMIT_CHANGES 0x00000010
#define	PS_JOB_STATUS_LAST_REPORT_MEMORY 0x00000020
#define	PS_GET_THREAD_CREATE_TIME(Thread) ((Thread)->CreateTime.QuadPart >> 3)
#define	PS_SET_THREAD_CREATE_TIME(Thread, InputCreateTime) ((Thread)->CreateTime.QuadPart = (InputCreateTime.QuadPart << 3))
#define	THREAD_TO_PROCESS(thread) ((thread)->ThreadsProcess)
#define	IS_SYSTEM_THREAD(thread)
#define	PsGetCurrentProcess() (CONTAINING_RECORD(((KeGetCurrentThread())->ApcState.Process),EPROCESS,Pcb))
#define	PsGetCurrentThread() (CONTAINING_RECORD((KeGetCurrentThread()),ETHREAD,Tcb))
#define	PsLockProcessSecurityFields() ExAcquireFastMutex( &PsProcessSecurityLock )
#define	PsFreeProcessSecurityFields() ExReleaseFastMutex( &PsProcessSecurityLock )
#define	IMAGE_ADDRESSING_MODE_32BIT 3
#define	PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
#define	PsProcessAuditId(Process) ((Process)->UniqueProcessId)
#define	PsDereferenceImpersonationToken(T)
#define	PsIsThreadTerminating(T) (T)->HasTerminated
Typedefs
typedef _MMSUPPORT_FLAGS	MMSUPPORT_FLAGS
typedef _MMSUPPORT	MMSUPPORT
typedef MMSUPPORT *	PMMSUPPORT
typedef _PS_IMPERSONATION_INFORMATION	PS_IMPERSONATION_INFORMATION
typedef _PS_IMPERSONATION_INFORMATION *	PPS_IMPERSONATION_INFORMATION
typedef _EPROCESS_QUOTA_BLOCK	EPROCESS_QUOTA_BLOCK
typedef _EPROCESS_QUOTA_BLOCK *	PEPROCESS_QUOTA_BLOCK
typedef _WOW64_PROCESS	WOW64_PROCESS
typedef _WOW64_PROCESS *	PWOW64_PROCESS
typedef _EPROCESS	EPROCESS
typedef EPROCESS *	PEPROCESS
typedef _ETHREAD	ETHREAD
typedef ETHREAD *	PETHREAD
typedef _INITIAL_PEB	INITIAL_PEB
typedef _INITIAL_PEB *	PINITIAL_PEB
typedef _PS_JOB_TOKEN_FILTER	PS_JOB_TOKEN_FILTER
typedef _PS_JOB_TOKEN_FILTER *	PPS_JOB_TOKEN_FILTER
typedef _EJOB	EJOB
typedef EJOB *	PEJOB
typedef VOID(*	PLEGO_NOTIFY_ROUTINE )(PKTHREAD Thread)
typedef VOID(*	PCREATE_PROCESS_NOTIFY_ROUTINE )(IN HANDLE ParentId, IN HANDLE ProcessId, IN BOOLEAN Create)
typedef VOID(*	PCREATE_THREAD_NOTIFY_ROUTINE )(IN HANDLE ProcessId, IN HANDLE ThreadId, IN BOOLEAN Create)
typedef _IMAGE_INFO	IMAGE_INFO
typedef _IMAGE_INFO *	PIMAGE_INFO
typedef VOID(*	PLOAD_IMAGE_NOTIFY_ROUTINE )(IN PUNICODE_STRING FullImageName, IN HANDLE ProcessId, IN PIMAGE_INFO ImageInfo)
typedef enum _PSLOCKPROCESSMODE	PSLOCKPROCESSMODE
typedef NTSTATUS(*	PKWIN32_PROCESS_CALLOUT )(IN PEPROCESS Process, IN BOOLEAN Initialize)
typedef enum _PSW32JOBCALLOUTTYPE	PSW32JOBCALLOUTTYPE
typedef _WIN32_JOBCALLOUT_PARAMETERS	WIN32_JOBCALLOUT_PARAMETERS
typedef _WIN32_JOBCALLOUT_PARAMETERS *	PKWIN32_JOBCALLOUT_PARAMETERS
typedef NTSTATUS(*	PKWIN32_JOB_CALLOUT )(IN PKWIN32_JOBCALLOUT_PARAMETERS Parm)
typedef enum _PSW32THREADCALLOUTTYPE	PSW32THREADCALLOUTTYPE
typedef NTSTATUS(*	PKWIN32_THREAD_CALLOUT )(IN PETHREAD Thread, IN PSW32THREADCALLOUTTYPE CalloutType)
typedef enum _PSPOWEREVENTTYPE	PSPOWEREVENTTYPE
typedef _WIN32_POWEREVENT_PARAMETERS	WIN32_POWEREVENT_PARAMETERS
typedef _WIN32_POWEREVENT_PARAMETERS *	PKWIN32_POWEREVENT_PARAMETERS
typedef _WIN32_POWERSTATE_PARAMETERS	WIN32_POWERSTATE_PARAMETERS
typedef _WIN32_POWERSTATE_PARAMETERS *	PKWIN32_POWERSTATE_PARAMETERS
typedef NTSTATUS(*	PKWIN32_POWEREVENT_CALLOUT )(IN PKWIN32_POWEREVENT_PARAMETERS Parm)
typedef NTSTATUS(*	PKWIN32_POWERSTATE_CALLOUT )(IN PKWIN32_POWERSTATE_PARAMETERS Parm)
typedef enum _PSPROCESSPRIORITYMODE	PSPROCESSPRIORITYMODE
Enumerations
enum	_PSLOCKPROCESSMODE { PsLockPollOnTimeout, PsLockReturnTimeout, PsLockWaitForever, PsLockIAmExiting }
enum	_PSW32JOBCALLOUTTYPE { PsW32JobCalloutSetInformation, PsW32JobCalloutAddProcess, PsW32JobCalloutTerminate }
enum	_PSW32THREADCALLOUTTYPE { PsW32ThreadCalloutInitialize, PsW32ThreadCalloutExit }
enum	_PSPOWEREVENTTYPE { PsW32FullWake, PsW32EventCode, PsW32PowerPolicyChanged, PsW32SystemPowerState, PsW32SystemTime, PsW32DisplayState, PsW32CapabilitiesChanged, PsW32SetStateFailed, PsW32GdiOff, PsW32GdiOn }
enum	_PSPROCESSPRIORITYMODE { PsProcessPriorityBackground, PsProcessPriorityForeground, PsProcessPrioritySpinning }
Functions
BOOLEAN	PsChangeJobMemoryUsage (SSIZE_T Amount)
VOID	PsReportProcessMemoryLimitViolation (VOID)
VOID	PsEnforceExecutionTimeLimits (VOID)
BOOLEAN	PsInitSystem (IN ULONG Phase, IN PLOADER_PARAMETER_BLOCK LoaderBlock)
NTSTATUS	PsLocateSystemDll (VOID)
VOID	PsChangeQuantumTable (BOOLEAN ModifyActiveProcesses, ULONG PrioritySeparation)
VOID	PsExitSpecialApc (IN PKAPC Apc, IN PKNORMAL_ROUTINE NormalRoutine, IN PVOID NormalContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2)
NTKERNELAPI NTSTATUS	PsCreateSystemThread (OUT PHANDLE ThreadHandle, IN ULONG DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ProcessHandle OPTIONAL, OUT PCLIENT_ID ClientId OPTIONAL, IN PKSTART_ROUTINE StartRoutine, IN PVOID StartContext)
NTKERNELAPI NTSTATUS	PsTerminateSystemThread (IN NTSTATUS ExitStatus)
NTSTATUS	PsCreateSystemProcess (OUT PHANDLE ProcessHandle, IN ULONG DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL)
ULONG	PsSetLegoNotifyRoutine (PLEGO_NOTIFY_ROUTINE LegoNotifyRoutine)
NTSTATUS	PsSetCreateProcessNotifyRoutine (IN PCREATE_PROCESS_NOTIFY_ROUTINE NotifyRoutine, IN BOOLEAN Remove)
NTSTATUS	PsSetCreateThreadNotifyRoutine (IN PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine)
NTSTATUS	PsSetLoadImageNotifyRoutine (IN PLOAD_IMAGE_NOTIFY_ROUTINE NotifyRoutine)
NTSTATUS	PsAssignImpersonationToken (IN PETHREAD Thread, IN HANDLE Token)
NTKERNELAPI PACCESS_TOKEN	PsReferencePrimaryToken (IN PEPROCESS Process)
NTKERNELAPI PACCESS_TOKEN	PsReferenceImpersonationToken (IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
PACCESS_TOKEN	PsReferenceEffectiveToken (IN PETHREAD Thread, OUT PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
LARGE_INTEGER	PsGetProcessExitTime (VOID)
VOID	PsCallImageNotifyRoutines (IN PUNICODE_STRING FullImageName, IN HANDLE ProcessId, IN PIMAGE_INFO ImageInfo)
NTSTATUS	PsImpersonateClient (IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
BOOLEAN	PsDisableImpersonation (IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
VOID	PsRestoreImpersonation (IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
NTKERNELAPI VOID	PsRevertToSelf (VOID)
NTSTATUS	PsOpenTokenOfThread (IN HANDLE ThreadHandle, IN BOOLEAN OpenAsSelf, OUT PACCESS_TOKEN *Token, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
NTSTATUS	PsOpenTokenOfProcess (IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)
NTSTATUS	PsOpenTokenOfJob (IN HANDLE JobHandle, OUT PACCESS_TOKEN *Token)
NTSTATUS	PsLookupProcessThreadByCid (IN PCLIENT_ID Cid, OUT PEPROCESS Process OPTIONAL, OUT PETHREAD Thread)
NTKERNELAPI NTSTATUS	PsLookupProcessByProcessId (IN HANDLE ProcessId, OUT PEPROCESS *Process)
NTKERNELAPI NTSTATUS	PsLookupThreadByThreadId (IN HANDLE ThreadId, OUT PETHREAD *Thread)
VOID	PsChargePoolQuota (IN PEPROCESS Process, IN POOL_TYPE PoolType, IN ULONG_PTR Amount)
VOID	PsReturnPoolQuota (IN PEPROCESS Process, IN POOL_TYPE PoolType, IN ULONG_PTR Amount)
VOID	PspContextToKframes (OUT PKTRAP_FRAME TrapFrame, OUT PKEXCEPTION_FRAME ExceptionFrame, IN PCONTEXT Context)
VOID	PspContextFromKframes (OUT PKTRAP_FRAME TrapFrame, OUT PKEXCEPTION_FRAME ExceptionFrame, IN PCONTEXT Context)
VOID	PsReturnSharedPoolQuota (IN PEPROCESS_QUOTA_BLOCK QuotaBlock, IN ULONG_PTR PagedAmount, IN ULONG_PTR NonPagedAmount)
PEPROCESS_QUOTA_BLOCK	PsChargeSharedPoolQuota (IN PEPROCESS Process, IN ULONG_PTR PagedAmount, IN ULONG_PTR NonPagedAmount)
NTSTATUS	PsLockProcess (IN PEPROCESS Process, IN KPROCESSOR_MODE WaitMode, IN PSLOCKPROCESSMODE LockMode)
VOID	PsUnlockProcess (IN PEPROCESS Process)
BOOLEAN	PsForwardException (IN PEXCEPTION_RECORD ExceptionRecord, IN BOOLEAN DebugException, IN BOOLEAN SecondChance)
NTKERNELAPI VOID	PsEstablishWin32Callouts (IN PKWIN32_PROCESS_CALLOUT ProcessCallout, IN PKWIN32_THREAD_CALLOUT ThreadCallout, IN PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout, IN PKWIN32_POWEREVENT_CALLOUT PowerEventCallout, IN PKWIN32_POWERSTATE_CALLOUT PowerStateCallout, IN PKWIN32_JOB_CALLOUT JobCallout, IN PVOID BatchFlushRoutine)
NTKERNELAPI VOID	PsSetProcessPriorityByClass (IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE PriorityMode)
HANDLE	PsGetCurrentProcessId (VOID)
HANDLE	PsGetCurrentThreadId (VOID)
BOOLEAN	PsGetVersion (PULONG MajorVersion OPTIONAL, PULONG MinorVersion OPTIONAL, PULONG BuildNumber OPTIONAL, PUNICODE_STRING CSDVersion OPTIONAL)
Variables
ULONG	PsPrioritySeperation
ULONG	PsRawPrioritySeparation
LIST_ENTRY	PsActiveProcessHead
UNICODE_STRING	PsNtDllPathName
PVOID	PsSystemDllBase
FAST_MUTEX	PsProcessSecurityLock
PEPROCESS	PsInitialSystemProcess
PVOID	PsNtosImageBase
PVOID	PsHalImageBase
LIST_ENTRY	PsLoadedModuleList
ERESOURCE	PsLoadedModuleResource
LCID	PsDefaultSystemLocaleId
LCID	PsDefaultThreadLocaleId
LANGID	PsDefaultUILanguageId
LANGID	PsInstallUILanguageId
PEPROCESS	PsIdleProcess
BOOLEAN	PsReaperActive
LIST_ENTRY	PsReaperListHead
WORK_QUEUE_ITEM	PsReaperWorkItem
BOOLEAN	PsImageNotifyEnabled