Main Page | Class Hierarchy | Class List | File List | Class Members | File Members

ps.h

Go to the documentation of this file.
00001 /*++ BUILD Version: 0009    // Increment this if a change has global effects
00002 
00003 Copyright (c) 1989  Microsoft Corporation
00004 
00005 Module Name:
00006 
00007     ps.h
00008 
00009 Abstract:
00010 
00011     This module contains the process structure public data structures and
00012     procedure prototypes to be used within the NT system.
00013 
00014 Author:
00015 
00016     Mark Lucovsky       16-Feb-1989
00017 
00018 Revision History:
00019 
00020 --*/
00021 
00022 #ifndef _PS_
00023 #define _PS_
00024 
00025 //
00026 // Invalid handle table value.
00027 //
00028 
00029 #define PSP_INVALID_ID ((ULONG_PTR)(0x82)<<((sizeof(ULONG_PTR)-1)*8))
00030 
00031 //
00032 // Process Object
00033 //
00034 
00035 //
00036 // Process object body.  A pointer to this structure is returned when a handle
00037 // to a process object is referenced.  This structure contains a process control
00038 // block (PCB) which is the kernel's representation of a process.
00039 //
00040 
00041 #define MEMORY_PRIORITY_BACKGROUND 0
00042 #define MEMORY_PRIORITY_WASFOREGROUND 1
00043 #define MEMORY_PRIORITY_FOREGROUND 2
00044 
00045 typedef struct _MMSUPPORT_FLAGS {
00046     unsigned SessionSpace : 1;
00047     unsigned BeingTrimmed : 1;
00048     unsigned ProcessInSession : 1;
00049     unsigned SessionLeader : 1;
00050     unsigned TrimHard : 1;
00051     unsigned WorkingSetHard : 1;
00052     unsigned WriteWatch : 1;
00053     unsigned Filler : 25;
00054 } MMSUPPORT_FLAGS;
00055 
00056 typedef struct _MMSUPPORT {
00057     LARGE_INTEGER LastTrimTime;
00058     ULONG LastTrimFaultCount;
00059     ULONG PageFaultCount;
00060     ULONG PeakWorkingSetSize;
00061     ULONG WorkingSetSize;
00062     ULONG MinimumWorkingSetSize;
00063     ULONG MaximumWorkingSetSize;
00064     struct _MMWSL *VmWorkingSetList;
00065     LIST_ENTRY WorkingSetExpansionLinks;
00066     UCHAR AllowWorkingSetAdjustment;
00067     BOOLEAN AddressSpaceBeingDeleted;
00068     UCHAR ForegroundSwitchCount;
00069     UCHAR MemoryPriority;
00070 
00071     union {
00072         ULONG LongFlags;
00073         MMSUPPORT_FLAGS Flags;
00074     } u;
00075 
00076     ULONG Claim;
00077     ULONG NextEstimationSlot;
00078     ULONG NextAgingSlot;
00079     ULONG EstimatedAvailable;
00080 
00081     ULONG GrowthSinceLastEstimate;
00082 
00083 } MMSUPPORT;
00084 
00085 typedef MMSUPPORT *PMMSUPPORT;
00086 
00087 //
00088 // Client impersonation information
00089 //
00090 
00091 typedef struct _PS_IMPERSONATION_INFORMATION {
00092     PACCESS_TOKEN Token;
00093     BOOLEAN CopyOnOpen;
00094     BOOLEAN EffectiveOnly;
00095     SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
00096 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
00097 
00098 
00099 //
00100 // Changes to the EPROCESS structure require that you re-run genoff for x86.
00101 // This change is needed because Old debugger references the processes
00102 // debug port. If this is not done then the user-debugger will not work.
00103 // After running genoff, you must re-build ntsd !
00104 //
00105 
00106 typedef struct _EPROCESS_QUOTA_BLOCK {
00107     KSPIN_LOCK QuotaLock;
00108     ULONG ReferenceCount;
00109     SIZE_T QuotaPeakPoolUsage[2];
00110     SIZE_T QuotaPoolUsage[2];
00111     SIZE_T QuotaPoolLimit[2];
00112     SIZE_T PeakPagefileUsage;
00113     SIZE_T PagefileUsage;
00114     SIZE_T PagefileLimit;
00115 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
00116 
00117 #if DEVL
00118 
00119 //
00120 // Pagefault monitoring
00121 //
00122 
00123 typedef struct _PAGEFAULT_HISTORY {
00124     ULONG CurrentIndex;
00125     ULONG MaxIndex;
00126     KSPIN_LOCK SpinLock;
00127     PVOID Reserved;
00128     PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
00129 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
00130 #endif // DEVL
00131 
00132 #define PS_WS_TRIM_FROM_EXE_HEADER        1
00133 #define PS_WS_TRIM_BACKGROUND_ONLY_APP    2
00134 
00135 //
00136 // Wow64 process stucture
00137 //
00138 
00139 typedef struct _WOW64_PROCESS {
00140     PVOID Wow64;
00141 #if defined(_IA64_)
00142     FAST_MUTEX AlternateTableLock;
00143     PULONG AltPermBitmap;
00144     ULONG AltFlags;
00145 #endif
00146 } WOW64_PROCESS, *PWOW64_PROCESS;
00147 
00148 #define PS_SET_BITS(Flags, Flag) \
00149     ExInterlockedSetBits (Flags, Flag)
00150 
00151 #define PS_CLEAR_BITS(Flags, Flag) \
00152     ExInterlockedClearBits (Flags, Flag)
00153 
00154 #define PS_SET_CLEAR_BITS(Flags, sFlag, cFlag) \
00155     ExInterlockedSetClearBits (Flags, sFlag, cFlag)
00156 
00157 //
00158 // Process structure.
00159 //
00160 // If you remove a field from this structure, please also
00161 // remove the reference to it from within the kernel debugger
00162 // (nt\private\sdktools\ntsd\ntkext.c)
00163 //
00164 
00165 typedef struct _EPROCESS {
00166     KPROCESS Pcb;
00167     NTSTATUS ExitStatus;
00168     KEVENT LockEvent;
00169     ULONG LockCount;
00170     LARGE_INTEGER CreateTime;
00171     LARGE_INTEGER ExitTime;
00172     PKTHREAD LockOwner;
00173 
00174     HANDLE UniqueProcessId;
00175 
00176     LIST_ENTRY ActiveProcessLinks;
00177 
00178     //
00179     // Quota Fields
00180     //
00181 
00182     SIZE_T QuotaPeakPoolUsage[2];
00183     SIZE_T QuotaPoolUsage[2];
00184 
00185     SIZE_T PagefileUsage;
00186     SIZE_T CommitCharge;
00187     SIZE_T PeakPagefileUsage;
00188 
00189     //
00190     // VmCounters
00191     //
00192 
00193     SIZE_T PeakVirtualSize;
00194     SIZE_T VirtualSize;
00195 
00196     MMSUPPORT Vm;
00197     LIST_ENTRY SessionProcessLinks;
00198 
00199     PVOID DebugPort;
00200     PVOID ExceptionPort;
00201     PHANDLE_TABLE ObjectTable;
00202 
00203     //
00204     // Security
00205     //
00206 
00207     PACCESS_TOKEN Token;         // This field must never be null
00208 
00209     //
00210 
00211     FAST_MUTEX WorkingSetLock;
00212     PFN_NUMBER WorkingSetPage;
00213     BOOLEAN ProcessOutswapEnabled;
00214     BOOLEAN ProcessOutswapped;
00215     UCHAR AddressSpaceInitialized;
00216     BOOLEAN AddressSpaceDeleted;
00217     FAST_MUTEX AddressCreationLock;
00218     KSPIN_LOCK HyperSpaceLock;
00219     struct _ETHREAD *ForkInProgress;
00220     USHORT VmOperation;
00221     UCHAR ForkWasSuccessful;
00222     UCHAR MmAgressiveWsTrimMask;
00223     PKEVENT VmOperationEvent;
00224     PVOID PaeTop;
00225     ULONG LastFaultCount;
00226     ULONG ModifiedPageCount;
00227     PVOID VadRoot;
00228     PVOID VadHint;
00229     PVOID CloneRoot;
00230     PFN_NUMBER NumberOfPrivatePages;
00231     PFN_NUMBER NumberOfLockedPages;
00232     USHORT NextPageColor;
00233     BOOLEAN ExitProcessCalled;
00234 
00235     //
00236     // Used by Debug Subsystem
00237     //
00238 
00239     BOOLEAN CreateProcessReported;
00240     HANDLE SectionHandle;
00241 
00242     //
00243     // Peb
00244     //
00245 
00246     PPEB Peb;
00247     PVOID SectionBaseAddress;
00248 
00249     PEPROCESS_QUOTA_BLOCK QuotaBlock;
00250     NTSTATUS LastThreadExitStatus;
00251     PPAGEFAULT_HISTORY WorkingSetWatch;
00252     HANDLE Win32WindowStation;
00253     HANDLE InheritedFromUniqueProcessId;
00254     ACCESS_MASK GrantedAccess;
00255     ULONG DefaultHardErrorProcessing;
00256     PVOID LdtInformation;
00257     PVOID VadFreeHint;
00258     PVOID VdmObjects;
00259     PVOID DeviceMap;
00260 
00261     //
00262     // Id of the Hydra session in which this process is running
00263     //
00264 
00265     ULONG SessionId;
00266 
00267     LIST_ENTRY PhysicalVadList;
00268     union {
00269         HARDWARE_PTE PageDirectoryPte;
00270         ULONGLONG Filler;
00271     };
00272     ULONG PaePageDirectoryPage;
00273     UCHAR ImageFileName[ 16 ];
00274     ULONG VmTrimFaultValue;
00275     BOOLEAN SetTimerResolution;
00276     UCHAR PriorityClass;
00277     union {
00278         struct {
00279             UCHAR SubSystemMinorVersion;
00280             UCHAR SubSystemMajorVersion;
00281         };
00282         USHORT SubSystemVersion;
00283     };
00284     PVOID Win32Process;
00285     struct _EJOB *Job;
00286     ULONG JobStatus;
00287     LIST_ENTRY JobLinks;
00288     PVOID LockedPagesList;
00289 
00290     //
00291     // Used by rdr/security for authentication
00292     //
00293 
00294     PVOID SecurityPort ;              
00295     PWOW64_PROCESS Wow64Process;
00296 
00297     LARGE_INTEGER ReadOperationCount;
00298     LARGE_INTEGER WriteOperationCount;
00299     LARGE_INTEGER OtherOperationCount;
00300     LARGE_INTEGER ReadTransferCount;
00301     LARGE_INTEGER WriteTransferCount;
00302     LARGE_INTEGER OtherTransferCount;
00303 
00304     SIZE_T CommitChargeLimit;
00305     SIZE_T CommitChargePeak;
00306 
00307     LIST_ENTRY ThreadListHead;
00308 
00309     PRTL_BITMAP VadPhysicalPagesBitMap;
00310     ULONG_PTR VadPhysicalPages;
00311     KSPIN_LOCK AweLock;
00312 } EPROCESS;
00313 
00314 #define PS_JOB_STATUS_NOT_REALLY_ACTIVE      0x00000001
00315 #define PS_JOB_STATUS_ACCOUNTING_FOLDED      0x00000002
00316 #define PS_JOB_STATUS_NEW_PROCESS_REPORTED   0x00000004
00317 #define PS_JOB_STATUS_EXIT_PROCESS_REPORTED  0x00000008
00318 #define PS_JOB_STATUS_REPORT_COMMIT_CHANGES  0x00000010
00319 #define PS_JOB_STATUS_LAST_REPORT_MEMORY     0x00000020
00320 
00321 typedef EPROCESS *PEPROCESS;
00322 
00323 
00324 //
00325 // Thread Object
00326 //
00327 // Thread object body.  A pointer to this structure is returned when a handle
00328 // to a thread object is referenced.  This structure contains a thread control
00329 // block (TCB) which is the kernel's representation of a thread.
00330 //
00331 // If you remove a field from this structure, please also
00332 // remove the reference to it from within the kernel debugger
00333 // (nt\private\sdktools\ntsd\ntkext.c)
00334 //
00335 
00336 //
00337 // The upper 4 bits of the CreateTime should be zero on initialization so
00338 // that the shift doesn't destroy anything.
00339 //
00340 
00341 #define PS_GET_THREAD_CREATE_TIME(Thread) ((Thread)->CreateTime.QuadPart >> 3)
00342 
00343 #define PS_SET_THREAD_CREATE_TIME(Thread, InputCreateTime) \
00344             ((Thread)->CreateTime.QuadPart = (InputCreateTime.QuadPart << 3))
00345 
00346 typedef struct _ETHREAD {
00347     KTHREAD Tcb;
00348     union {
00349 
00350         //
00351         // The fact that this is a union means that all accesses to CreateTime
00352         // must be sanitized using the two macros above.
00353         //
00354 
00355         LARGE_INTEGER CreateTime;
00356     
00357         //
00358         // These fields are accessed only by the owning thread, but can be
00359         // accessed from within a special kernel APC so IRQL protection must
00360         // be applied.
00361         //
00362     
00363         struct {
00364             unsigned NestedFaultCount : 2;
00365             unsigned ApcNeeded : 1;
00366         };
00367     };
00368 
00369     union {
00370         LARGE_INTEGER ExitTime;
00371         LIST_ENTRY LpcReplyChain;
00372     };
00373     union {
00374         NTSTATUS ExitStatus;
00375         PVOID OfsChain;
00376     };
00377 
00378     //
00379     // Registry
00380     //
00381 
00382     LIST_ENTRY PostBlockList;
00383     LIST_ENTRY TerminationPortList;     // also used as reaper links
00384 
00385     KSPIN_LOCK ActiveTimerListLock;
00386     LIST_ENTRY ActiveTimerListHead;
00387 
00388     CLIENT_ID Cid;
00389 
00390     //
00391     // Lpc
00392     //
00393 
00394     KSEMAPHORE LpcReplySemaphore;
00395     PVOID LpcReplyMessage;          // -> Message that contains the reply
00396     ULONG LpcReplyMessageId;        // MessageId this thread is waiting for reply to
00397 
00398     //
00399     // Security
00400     //
00401     //
00402     //    Client - If non null, indicates the thread is impersonating
00403     //        a client.
00404     //
00405 
00406     ULONG PerformanceCountLow;
00407     PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
00408 
00409 
00410     //
00411     // Io
00412     //
00413 
00414     LIST_ENTRY IrpList;
00415 
00416     //
00417     //  File Systems
00418     //
00419 
00420     ULONG_PTR TopLevelIrp;  // either NULL, an Irp or a flag defined in FsRtl.h
00421     struct _DEVICE_OBJECT *DeviceToVerify;
00422 
00423     //
00424     // Mm
00425     //
00426 
00427     ULONG ReadClusterSize;
00428     BOOLEAN ForwardClusterOnly;
00429     BOOLEAN DisablePageFaultClustering;
00430 
00431     BOOLEAN DeadThread;
00432     BOOLEAN HideFromDebugger;
00433 
00434     ULONG HasTerminated;
00435 
00436     //
00437     // Client/server
00438     //
00439 
00440     ACCESS_MASK GrantedAccess;
00441     PEPROCESS ThreadsProcess;
00442     PVOID StartAddress;
00443     union {
00444         PVOID Win32StartAddress;
00445         ULONG LpcReceivedMessageId;
00446     };
00447     BOOLEAN LpcExitThreadCalled;
00448     BOOLEAN HardErrorsAreDisabled;
00449     BOOLEAN LpcReceivedMsgIdValid;
00450     BOOLEAN ActiveImpersonationInfo;
00451     LONG PerformanceCountHigh;
00452 
00453     LIST_ENTRY ThreadListEntry;
00454 
00455 } ETHREAD;
00456 typedef ETHREAD *PETHREAD;
00457 
00458 //
00459 // Initial PEB
00460 //
00461 
00462 typedef struct _INITIAL_PEB {
00463     BOOLEAN InheritedAddressSpace;      // These four fields cannot change unless the
00464     BOOLEAN ReadImageFileExecOptions;   //
00465     BOOLEAN BeingDebugged;              //
00466     BOOLEAN SpareBool;                  //
00467     HANDLE Mutant;                      // PEB structure is also updated.
00468 } INITIAL_PEB, *PINITIAL_PEB;
00469 
00470 typedef struct _PS_JOB_TOKEN_FILTER {
00471     ULONG CapturedSidCount ;
00472     PSID_AND_ATTRIBUTES CapturedSids ;
00473     ULONG CapturedSidsLength ;
00474 
00475     ULONG CapturedGroupCount ;
00476     PSID_AND_ATTRIBUTES CapturedGroups ;
00477     ULONG CapturedGroupsLength ;
00478 
00479     ULONG CapturedPrivilegeCount ;
00480     PLUID_AND_ATTRIBUTES CapturedPrivileges ;
00481     ULONG CapturedPrivilegesLength ;
00482 } PS_JOB_TOKEN_FILTER, * PPS_JOB_TOKEN_FILTER ;
00483 
00484 //
00485 // Job Object
00486 //
00487 typedef struct _EJOB {
00488     KEVENT Event;
00489     LIST_ENTRY JobLinks;
00490     LIST_ENTRY ProcessListHead;
00491     ERESOURCE JobLock;
00492 
00493     //
00494     // Accounting Info
00495     //
00496 
00497     LARGE_INTEGER TotalUserTime;
00498     LARGE_INTEGER TotalKernelTime;
00499     LARGE_INTEGER ThisPeriodTotalUserTime;
00500     LARGE_INTEGER ThisPeriodTotalKernelTime;
00501     ULONG TotalPageFaultCount;
00502     ULONG TotalProcesses;
00503     ULONG ActiveProcesses;
00504     ULONG TotalTerminatedProcesses;
00505 
00506     //
00507     // Limitable Attributes
00508     //
00509 
00510     LARGE_INTEGER PerProcessUserTimeLimit;
00511     LARGE_INTEGER PerJobUserTimeLimit;
00512     ULONG LimitFlags;
00513     SIZE_T MinimumWorkingSetSize;
00514     SIZE_T MaximumWorkingSetSize;
00515     ULONG ActiveProcessLimit;
00516     KAFFINITY Affinity;
00517     UCHAR PriorityClass;
00518 
00519     //
00520     // UI restrictions
00521     //
00522 
00523     ULONG UIRestrictionsClass;
00524 
00525     //
00526     // Security Limitations:  write once, read always
00527     //
00528 
00529     ULONG SecurityLimitFlags ;
00530     PACCESS_TOKEN Token ;
00531     PPS_JOB_TOKEN_FILTER Filter ;
00532 
00533     //
00534     // End Of Job Time Limit
00535     //
00536 
00537     ULONG EndOfJobTimeAction;
00538     PVOID CompletionPort;
00539     PVOID CompletionKey;
00540 
00541     ULONG SessionId;
00542 
00543     ULONG SchedulingClass;
00544 
00545     ULONGLONG ReadOperationCount;
00546     ULONGLONG WriteOperationCount;
00547     ULONGLONG OtherOperationCount;
00548     ULONGLONG ReadTransferCount;
00549     ULONGLONG WriteTransferCount;
00550     ULONGLONG OtherTransferCount;
00551 
00552     //
00553     // Extended Limits
00554     //
00555 
00556     IO_COUNTERS IoInfo;         // not used yet
00557     SIZE_T ProcessMemoryLimit;
00558     SIZE_T JobMemoryLimit;
00559     SIZE_T PeakProcessMemoryUsed;
00560     SIZE_T PeakJobMemoryUsed;
00561     SIZE_T CurrentJobMemoryUsed;
00562 
00563     FAST_MUTEX MemoryLimitsLock;
00564 
00565 } EJOB;
00566 typedef EJOB *PEJOB;
00567 
00568 
00569 //
00570 // Global Variables
00571 //
00572 
00573 extern ULONG PsPrioritySeperation;
00574 extern ULONG PsRawPrioritySeparation;
00575 extern LIST_ENTRY PsActiveProcessHead;
00576 extern UNICODE_STRING PsNtDllPathName;
00577 extern PVOID PsSystemDllBase;
00578 extern FAST_MUTEX PsProcessSecurityLock;
00579 extern PEPROCESS PsInitialSystemProcess;
00580 extern PVOID PsNtosImageBase;
00581 extern PVOID PsHalImageBase;
00582 extern LIST_ENTRY PsLoadedModuleList;
00583 extern ERESOURCE PsLoadedModuleResource;
00584 extern LCID PsDefaultSystemLocaleId;
00585 extern LCID PsDefaultThreadLocaleId;
00586 extern LANGID PsDefaultUILanguageId;
00587 extern LANGID PsInstallUILanguageId;
00588 extern PEPROCESS PsIdleProcess;
00589 extern BOOLEAN PsReaperActive;
00590 extern LIST_ENTRY PsReaperListHead;
00591 extern WORK_QUEUE_ITEM PsReaperWorkItem;
00592 
00593 BOOLEAN
00594 PsChangeJobMemoryUsage(
00595     SSIZE_T Amount
00596     );
00597 
00598 VOID
00599 PsReportProcessMemoryLimitViolation(
00600     VOID
00601     );
00602 
00603 #if DEVL
00604 #define THREAD_HIT_SLOTS 750
00605 extern ULONG PsThreadHits[THREAD_HIT_SLOTS];
00606 VOID
00607 PsThreadHit(
00608     IN PETHREAD Thread
00609     );
00610 #endif // DEVL
00611 
00612 VOID
00613 PsEnforceExecutionTimeLimits(
00614     VOID
00615     );
00616 
00617 BOOLEAN
00618 PsInitSystem (
00619     IN ULONG Phase,
00620     IN PLOADER_PARAMETER_BLOCK LoaderBlock
00621     );
00622 
00623 NTSTATUS
00624 PsLocateSystemDll (
00625     VOID
00626     );
00627 
00628 VOID
00629 PsChangeQuantumTable(
00630     BOOLEAN ModifyActiveProcesses,
00631     ULONG PrioritySeparation
00632     );
00633 
00634 //
00635 // Get Gurrent Prototypes
00636 //
00637 
00638 #define THREAD_TO_PROCESS(thread) ((thread)->ThreadsProcess)
00639 #define IS_SYSTEM_THREAD(thread)                                    \
00640             (((thread)->Tcb.Teb == NULL) ||                         \
00641             (IS_SYSTEM_ADDRESS((thread)->Tcb.Teb)))
00642 
00643 #define PsGetCurrentProcess() (CONTAINING_RECORD(((KeGetCurrentThread())->ApcState.Process),EPROCESS,Pcb))
00644 
00645 #define PsGetCurrentThread() (CONTAINING_RECORD((KeGetCurrentThread()),ETHREAD,Tcb))
00646 
00647 
00648 
00649 //
00650 // VOID
00651 // PsLockProcessSecurityFields(VOID)
00652 //
00653 
00654 #define PsLockProcessSecurityFields( ) ExAcquireFastMutex( &PsProcessSecurityLock )
00655 
00656 //
00657 // VOID
00658 // PsFreeProcessSecurityFields(VOID);
00659 //
00660 
00661 #define PsFreeProcessSecurityFields( ) ExReleaseFastMutex( &PsProcessSecurityLock )
00662 
00663 //
00664 // Exit special kernel mode APC routine.
00665 //
00666 
00667 VOID
00668 PsExitSpecialApc(
00669     IN PKAPC Apc,
00670     IN PKNORMAL_ROUTINE *NormalRoutine,
00671     IN PVOID *NormalContext,
00672     IN PVOID *SystemArgument1,
00673     IN PVOID *SystemArgument2
00674     );
00675 
00676 // begin_ntddk begin_wdm begin_nthal begin_ntifs
00677 //
00678 // System Thread and Process Creation and Termination
00679 //
00680 
00681 NTKERNELAPI
00682 NTSTATUS
00683 PsCreateSystemThread(
00684     OUT PHANDLE ThreadHandle,
00685     IN ULONG DesiredAccess,
00686     IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
00687     IN HANDLE ProcessHandle OPTIONAL,
00688     OUT PCLIENT_ID ClientId OPTIONAL,
00689     IN PKSTART_ROUTINE StartRoutine,
00690     IN PVOID StartContext
00691     );
00692 
00693 NTKERNELAPI
00694 NTSTATUS
00695 PsTerminateSystemThread(
00696     IN NTSTATUS ExitStatus
00697     );
00698 
00699 // end_ntddk end_wdm end_nthal end_ntifs
00700 
00701 NTSTATUS
00702 PsCreateSystemProcess(
00703     OUT PHANDLE ProcessHandle,
00704     IN ULONG DesiredAccess,
00705     IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
00706     );
00707 
00708 typedef
00709 VOID (*PLEGO_NOTIFY_ROUTINE)(
00710     PKTHREAD Thread
00711     );
00712 
00713 ULONG
00714 PsSetLegoNotifyRoutine(
00715     PLEGO_NOTIFY_ROUTINE LegoNotifyRoutine
00716     );
00717 
00718 
00719 
00720 // begin_ntifs begin_ntddk
00721 
00722 typedef
00723 VOID
00724 (*PCREATE_PROCESS_NOTIFY_ROUTINE)(
00725     IN HANDLE ParentId,
00726     IN HANDLE ProcessId,
00727     IN BOOLEAN Create
00728     );
00729 
00730 NTSTATUS
00731 PsSetCreateProcessNotifyRoutine(
00732     IN PCREATE_PROCESS_NOTIFY_ROUTINE NotifyRoutine,
00733     IN BOOLEAN Remove
00734     );
00735 
00736 typedef
00737 VOID
00738 (*PCREATE_THREAD_NOTIFY_ROUTINE)(
00739     IN HANDLE ProcessId,
00740     IN HANDLE ThreadId,
00741     IN BOOLEAN Create
00742     );
00743 
00744 NTSTATUS
00745 PsSetCreateThreadNotifyRoutine(
00746     IN PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine
00747     );
00748 
00749 //
00750 // Structures for Load Image Notify
00751 //
00752 
00753 typedef struct _IMAGE_INFO {
00754     union {
00755         ULONG Properties;
00756         struct {
00757             ULONG ImageAddressingMode  : 8;  // code addressing mode
00758             ULONG SystemModeImage      : 1;  // system mode image
00759             ULONG ImageMappedToAllPids : 1;  // image mapped into all processes
00760             ULONG Reserved             : 22;
00761         };
00762     };
00763     PVOID       ImageBase;
00764     ULONG       ImageSelector;
00765     SIZE_T      ImageSize;
00766     ULONG       ImageSectionNumber;
00767 } IMAGE_INFO, *PIMAGE_INFO;
00768 
00769 #define IMAGE_ADDRESSING_MODE_32BIT     3
00770 
00771 typedef
00772 VOID
00773 (*PLOAD_IMAGE_NOTIFY_ROUTINE)(
00774     IN PUNICODE_STRING FullImageName,
00775     IN HANDLE ProcessId,                // pid into which image is being mapped
00776     IN PIMAGE_INFO ImageInfo
00777     );
00778 
00779 NTSTATUS
00780 PsSetLoadImageNotifyRoutine(
00781     IN PLOAD_IMAGE_NOTIFY_ROUTINE NotifyRoutine
00782     );
00783 // end_ntddk end_ntifs
00784 
00785 // begin_ntsrv
00786 //
00787 // Security Support
00788 //
00789 
00790 NTSTATUS
00791 PsAssignImpersonationToken(
00792     IN PETHREAD Thread,
00793     IN HANDLE Token
00794     );
00795 
00796 NTKERNELAPI
00797 PACCESS_TOKEN
00798 PsReferencePrimaryToken(
00799     IN PEPROCESS Process
00800     );
00801 
00802 // end_ntsrv
00803 // begin_ntifs
00804 //
00805 // VOID
00806 // PsDereferencePrimaryToken(
00807 //    IN PACCESS_TOKEN PrimaryToken
00808 //    );
00809 //
00810 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
00811 
00812 // end_ntifs
00813 
00814 #define PsProcessAuditId(Process)    ((Process)->UniqueProcessId)
00815 
00816 NTKERNELAPI
00817 PACCESS_TOKEN
00818 PsReferenceImpersonationToken(
00819     IN PETHREAD Thread,
00820     OUT PBOOLEAN CopyOnOpen,
00821     OUT PBOOLEAN EffectiveOnly,
00822     OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
00823     );
00824 
00825 PACCESS_TOKEN
00826 PsReferenceEffectiveToken(
00827     IN PETHREAD Thread,
00828     OUT PTOKEN_TYPE TokenType,
00829     OUT PBOOLEAN EffectiveOnly,
00830     OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
00831     );
00832 
00833 // begin_ntifs
00834 //
00835 // VOID
00836 // PsDereferenceImpersonationToken(
00837 //    In PACCESS_TOKEN ImpersonationToken
00838 //    );
00839 //
00840 #define PsDereferenceImpersonationToken(T)                                          \
00841             {if (ARGUMENT_PRESENT(T)) {                                       \
00842                 (ObDereferenceObject((T)));                                   \
00843              } else {                                                         \
00844                 ;                                                             \
00845              }                                                                \
00846             }
00847 
00848 LARGE_INTEGER
00849 PsGetProcessExitTime(
00850     VOID
00851     );
00852 
00853 // end_ntifs
00854 #if defined(_NTDDK_) || defined(_NTIFS_)
00855 
00856 // begin_ntifs
00857 BOOLEAN
00858 PsIsThreadTerminating(
00859     IN PETHREAD Thread
00860     );
00861 
00862 // end_ntifs
00863 
00864 #else
00865 
00866 //
00867 // BOOLEAN
00868 // PsIsThreadTerminating(
00869 //   IN PETHREAD Thread
00870 //   )
00871 //
00872 //  Returns TRUE if thread is in the process of terminating.
00873 //
00874 
00875 #define PsIsThreadTerminating(T)                                            \
00876     (T)->HasTerminated
00877 
00878 #endif
00879 
00880 extern BOOLEAN PsImageNotifyEnabled;
00881 
00882 VOID
00883 PsCallImageNotifyRoutines(
00884     IN PUNICODE_STRING FullImageName,
00885     IN HANDLE ProcessId,                // pid into which image is being mapped
00886     IN PIMAGE_INFO ImageInfo
00887     );
00888 
00889 NTSTATUS
00890 PsImpersonateClient(
00891     IN PETHREAD Thread,
00892     IN PACCESS_TOKEN Token,
00893     IN BOOLEAN CopyOnOpen,
00894     IN BOOLEAN EffectiveOnly,
00895     IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
00896     );
00897 
00898 // begin_ntsrv
00899 
00900 BOOLEAN
00901 PsDisableImpersonation(
00902     IN PETHREAD Thread,
00903     IN PSE_IMPERSONATION_STATE ImpersonationState
00904     );
00905 
00906 VOID
00907 PsRestoreImpersonation(
00908     IN PETHREAD Thread,
00909     IN PSE_IMPERSONATION_STATE ImpersonationState
00910     );
00911 
00912 // end_ntsrv
00913 
00914 NTKERNELAPI
00915 VOID
00916 PsRevertToSelf(
00917     VOID
00918     );
00919 
00920 
00921 NTSTATUS
00922 PsOpenTokenOfThread(
00923     IN HANDLE ThreadHandle,
00924     IN BOOLEAN OpenAsSelf,
00925     OUT PACCESS_TOKEN *Token,
00926     OUT PBOOLEAN CopyOnOpen,
00927     OUT PBOOLEAN EffectiveOnly,
00928     OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
00929     );
00930 
00931 NTSTATUS
00932 PsOpenTokenOfProcess(
00933     IN HANDLE ProcessHandle,
00934     OUT PACCESS_TOKEN *Token
00935     );
00936 
00937 NTSTATUS
00938 PsOpenTokenOfJob(
00939     IN HANDLE JobHandle,
00940     OUT PACCESS_TOKEN * Token
00941     );
00942 
00943 //
00944 // Cid
00945 //
00946 
00947 NTSTATUS
00948 PsLookupProcessThreadByCid(
00949     IN PCLIENT_ID Cid,
00950     OUT PEPROCESS *Process OPTIONAL,
00951     OUT PETHREAD *Thread
00952     );
00953 
00954 NTKERNELAPI
00955 NTSTATUS
00956 PsLookupProcessByProcessId(
00957     IN HANDLE ProcessId,
00958     OUT PEPROCESS *Process
00959     );
00960 
00961 NTKERNELAPI
00962 NTSTATUS
00963 PsLookupThreadByThreadId(
00964     IN HANDLE ThreadId,
00965     OUT PETHREAD *Thread
00966     );
00967 
00968 // begin_ntifs
00969 //
00970 // Quota Operations
00971 //
00972 
00973 VOID
00974 PsChargePoolQuota(
00975     IN PEPROCESS Process,
00976     IN POOL_TYPE PoolType,
00977     IN ULONG_PTR Amount
00978     );
00979 
00980 VOID
00981 PsReturnPoolQuota(
00982     IN PEPROCESS Process,
00983     IN POOL_TYPE PoolType,
00984     IN ULONG_PTR Amount
00985     );
00986 // end_ntifs
00987 
00988 //
00989 // Context Management
00990 //
00991 
00992 VOID
00993 PspContextToKframes(
00994     OUT PKTRAP_FRAME TrapFrame,
00995     OUT PKEXCEPTION_FRAME ExceptionFrame,
00996     IN PCONTEXT Context
00997     );
00998 
00999 VOID
01000 PspContextFromKframes(
01001     OUT PKTRAP_FRAME TrapFrame,
01002     OUT PKEXCEPTION_FRAME ExceptionFrame,
01003     IN PCONTEXT Context
01004     );
01005 
01006 VOID
01007 PsReturnSharedPoolQuota(
01008     IN PEPROCESS_QUOTA_BLOCK QuotaBlock,
01009     IN ULONG_PTR PagedAmount,
01010     IN ULONG_PTR NonPagedAmount
01011     );
01012 
01013 PEPROCESS_QUOTA_BLOCK
01014 PsChargeSharedPoolQuota(
01015     IN PEPROCESS Process,
01016     IN ULONG_PTR PagedAmount,
01017     IN ULONG_PTR NonPagedAmount
01018     );
01019 
01020 
01021 typedef enum _PSLOCKPROCESSMODE {
01022     PsLockPollOnTimeout,
01023     PsLockReturnTimeout,
01024     PsLockWaitForever,
01025     PsLockIAmExiting
01026 } PSLOCKPROCESSMODE;
01027 
01028 NTSTATUS
01029 PsLockProcess(
01030     IN PEPROCESS Process,
01031     IN KPROCESSOR_MODE WaitMode,
01032     IN PSLOCKPROCESSMODE LockMode
01033     );
01034 
01035 VOID
01036 PsUnlockProcess(
01037     IN PEPROCESS Process
01038     );
01039 
01040 
01041 //
01042 // Exception Handling
01043 //
01044 
01045 BOOLEAN
01046 PsForwardException (
01047     IN PEXCEPTION_RECORD ExceptionRecord,
01048     IN BOOLEAN DebugException,
01049     IN BOOLEAN SecondChance
01050     );
01051 
01052 typedef
01053 NTSTATUS
01054 (*PKWIN32_PROCESS_CALLOUT) (
01055     IN PEPROCESS Process,
01056     IN BOOLEAN Initialize
01057     );
01058 
01059 
01060 typedef enum _PSW32JOBCALLOUTTYPE {
01061     PsW32JobCalloutSetInformation,
01062     PsW32JobCalloutAddProcess,
01063     PsW32JobCalloutTerminate
01064 } PSW32JOBCALLOUTTYPE;
01065 
01066 typedef struct _WIN32_JOBCALLOUT_PARAMETERS {
01067     PVOID Job;
01068     PSW32JOBCALLOUTTYPE CalloutType;
01069     IN PVOID Data;
01070 } WIN32_JOBCALLOUT_PARAMETERS, *PKWIN32_JOBCALLOUT_PARAMETERS;
01071 
01072 
01073 typedef
01074 NTSTATUS
01075 (*PKWIN32_JOB_CALLOUT) (
01076     IN PKWIN32_JOBCALLOUT_PARAMETERS Parm
01077      );
01078 
01079 
01080 typedef enum _PSW32THREADCALLOUTTYPE {
01081     PsW32ThreadCalloutInitialize,
01082     PsW32ThreadCalloutExit
01083 } PSW32THREADCALLOUTTYPE;
01084 
01085 typedef
01086 NTSTATUS
01087 (*PKWIN32_THREAD_CALLOUT) (
01088     IN PETHREAD Thread,
01089     IN PSW32THREADCALLOUTTYPE CalloutType
01090     );
01091 
01092 typedef enum _PSPOWEREVENTTYPE {
01093     PsW32FullWake,
01094     PsW32EventCode,
01095     PsW32PowerPolicyChanged,
01096     PsW32SystemPowerState,
01097     PsW32SystemTime,
01098     PsW32DisplayState,
01099     PsW32CapabilitiesChanged,
01100     PsW32SetStateFailed,
01101     PsW32GdiOff,
01102     PsW32GdiOn
01103 } PSPOWEREVENTTYPE;
01104 
01105 typedef struct _WIN32_POWEREVENT_PARAMETERS {
01106     PSPOWEREVENTTYPE EventNumber;
01107     ULONG_PTR Code;
01108 } WIN32_POWEREVENT_PARAMETERS, *PKWIN32_POWEREVENT_PARAMETERS;
01109 
01110 typedef struct _WIN32_POWERSTATE_PARAMETERS {
01111     BOOLEAN Promotion;
01112     POWER_ACTION SystemAction;
01113     SYSTEM_POWER_STATE MinSystemState;
01114     ULONG Flags;
01115 } WIN32_POWERSTATE_PARAMETERS, *PKWIN32_POWERSTATE_PARAMETERS;
01116 
01117 typedef
01118 NTSTATUS
01119 (*PKWIN32_POWEREVENT_CALLOUT) (
01120     IN PKWIN32_POWEREVENT_PARAMETERS Parm
01121     );
01122 
01123 typedef
01124 NTSTATUS
01125 (*PKWIN32_POWERSTATE_CALLOUT) (
01126     IN PKWIN32_POWERSTATE_PARAMETERS Parm
01127     );
01128 
01129 
01130 NTKERNELAPI
01131 VOID
01132 PsEstablishWin32Callouts(
01133     IN PKWIN32_PROCESS_CALLOUT ProcessCallout,
01134     IN PKWIN32_THREAD_CALLOUT ThreadCallout,
01135     IN PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout,
01136     IN PKWIN32_POWEREVENT_CALLOUT PowerEventCallout,
01137     IN PKWIN32_POWERSTATE_CALLOUT PowerStateCallout,
01138     IN PKWIN32_JOB_CALLOUT JobCallout,
01139     IN PVOID BatchFlushRoutine
01140     );
01141 
01142 typedef enum _PSPROCESSPRIORITYMODE {
01143     PsProcessPriorityBackground,
01144     PsProcessPriorityForeground,
01145     PsProcessPrioritySpinning
01146 } PSPROCESSPRIORITYMODE;
01147 
01148 NTKERNELAPI
01149 VOID
01150 PsSetProcessPriorityByClass(
01151     IN PEPROCESS Process,
01152     IN PSPROCESSPRIORITYMODE PriorityMode
01153     );
01154 
01155 #if DEVL
01156 NTSTATUS
01157 PsWatchWorkingSet(
01158     IN NTSTATUS Status,
01159     IN PVOID PcValue,
01160     IN PVOID Va
01161     );
01162 
01163 #endif // DEVL
01164 
01165 // begin_ntddk begin_nthal begin_ntifs
01166 
01167 HANDLE
01168 PsGetCurrentProcessId( VOID );
01169 
01170 HANDLE
01171 PsGetCurrentThreadId( VOID );
01172 
01173 BOOLEAN
01174 PsGetVersion(
01175     PULONG MajorVersion OPTIONAL,
01176     PULONG MinorVersion OPTIONAL,
01177     PULONG BuildNumber OPTIONAL,
01178     PUNICODE_STRING CSDVersion OPTIONAL
01179     );
01180 
01181 // end_ntddk end_nthal end_ntifs
01182 
01183 #endif // _PS_
Generated on Sat May 15 19:41:30 2004 for test by doxygen 1.3.7