ob.h File Reference

Go to the source code of this file.

Classes
struct	_OBJECT_HANDLE_INFORMATION
struct	_OBJECT_DUMP_CONTROL
struct	_OBJECT_TYPE_INITIALIZER
struct	_OBJECT_TYPE
struct	_OBJECT_DIRECTORY
struct	_OBJECT_DIRECTORY_ENTRY
struct	_OBJECT_SYMBOLIC_LINK
struct	_DEVICE_MAP
struct	_OBJECT_HANDLE_COUNT_ENTRY
struct	_OBJECT_HANDLE_COUNT_DATABASE
struct	_OBJECT_CREATE_INFORMATION
struct	_OBJECT_HEADER
struct	_OBJECT_HEADER_QUOTA_INFO
struct	_OBJECT_HEADER_HANDLE_INFO
struct	_OBJECT_HEADER_NAME_INFO
struct	_OBJECT_HEADER_CREATOR_INFO
Defines
#define	NUMBER_HASH_BUCKETS   37
#define	OB_FLAG_NEW_OBJECT   0x01
#define	OB_FLAG_KERNEL_OBJECT   0x02
#define	OB_FLAG_CREATOR_INFO   0x04
#define	OB_FLAG_EXCLUSIVE_OBJECT   0x08
#define	OB_FLAG_PERMANENT_OBJECT   0x10
#define	OB_FLAG_DEFAULT_SECURITY_QUOTA   0x20
#define	OB_FLAG_SINGLE_HANDLE_ENTRY   0x40
#define	OBJECT_TO_OBJECT_HEADER(o)   CONTAINING_RECORD( (o), OBJECT_HEADER, Body )
#define	OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(oh)
#define	OBJECT_HEADER_TO_QUOTA_INFO(oh)
#define	OBJECT_HEADER_TO_HANDLE_INFO(oh)
#define	OBJECT_HEADER_TO_NAME_INFO(oh)
#define	OBJECT_HEADER_TO_CREATOR_INFO(oh)
#define	ObDereferenceObject(a)   ObfDereferenceObject(a)
#define	ObReferenceObject(Object)
Typedefs
typedef _OBJECT_HANDLE_INFORMATION	OBJECT_HANDLE_INFORMATION
typedef _OBJECT_HANDLE_INFORMATION *	POBJECT_HANDLE_INFORMATION
typedef _OBJECT_DUMP_CONTROL	OB_DUMP_CONTROL
typedef _OBJECT_DUMP_CONTROL *	POB_DUMP_CONTROL
typedef VOID(*	OB_DUMP_METHOD )(IN PVOID Object, IN POB_DUMP_CONTROL Control OPTIONAL)
typedef enum _OB_OPEN_REASON	OB_OPEN_REASON
typedef VOID(*	OB_OPEN_METHOD )(IN OB_OPEN_REASON OpenReason, IN PEPROCESS Process OPTIONAL, IN PVOID Object, IN ACCESS_MASK GrantedAccess, IN ULONG HandleCount)
typedef BOOLEAN(*	OB_OKAYTOCLOSE_METHOD )(IN PEPROCESS Process OPTIONAL, IN PVOID Object, IN HANDLE Handle)
typedef VOID(*	OB_CLOSE_METHOD )(IN PEPROCESS Process OPTIONAL, IN PVOID Object, IN ACCESS_MASK GrantedAccess, IN ULONG ProcessHandleCount, IN ULONG SystemHandleCount)
typedef VOID(*	OB_DELETE_METHOD )(IN PVOID Object)
typedef NTSTATUS(*	OB_PARSE_METHOD )(IN PVOID ParseObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING CompleteName, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *Object)
typedef NTSTATUS(*	OB_SECURITY_METHOD )(IN PVOID Object, IN SECURITY_OPERATION_CODE OperationCode, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG CapturedLength, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
typedef NTSTATUS(*	OB_QUERYNAME_METHOD )(IN PVOID Object, IN BOOLEAN HasObjectName, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength)
typedef _OBJECT_TYPE_INITIALIZER	OBJECT_TYPE_INITIALIZER
typedef _OBJECT_TYPE_INITIALIZER *	POBJECT_TYPE_INITIALIZER
typedef _OBJECT_TYPE	OBJECT_TYPE
typedef _OBJECT_TYPE *	POBJECT_TYPE
typedef _OBJECT_DIRECTORY	OBJECT_DIRECTORY
typedef _OBJECT_DIRECTORY *	POBJECT_DIRECTORY
typedef _OBJECT_DIRECTORY_ENTRY	OBJECT_DIRECTORY_ENTRY
typedef _OBJECT_DIRECTORY_ENTRY *	POBJECT_DIRECTORY_ENTRY
typedef _OBJECT_SYMBOLIC_LINK	OBJECT_SYMBOLIC_LINK
typedef _OBJECT_SYMBOLIC_LINK *	POBJECT_SYMBOLIC_LINK
typedef _DEVICE_MAP	DEVICE_MAP
typedef _DEVICE_MAP *	PDEVICE_MAP
typedef _OBJECT_HANDLE_COUNT_ENTRY	OBJECT_HANDLE_COUNT_ENTRY
typedef _OBJECT_HANDLE_COUNT_ENTRY *	POBJECT_HANDLE_COUNT_ENTRY
typedef _OBJECT_HANDLE_COUNT_DATABASE	OBJECT_HANDLE_COUNT_DATABASE
typedef _OBJECT_HANDLE_COUNT_DATABASE *	POBJECT_HANDLE_COUNT_DATABASE
typedef _OBJECT_CREATE_INFORMATION	OBJECT_CREATE_INFORMATION
typedef _OBJECT_CREATE_INFORMATION *	POBJECT_CREATE_INFORMATION
typedef _OBJECT_HEADER	OBJECT_HEADER
typedef _OBJECT_HEADER *	POBJECT_HEADER
typedef _OBJECT_HEADER_QUOTA_INFO	OBJECT_HEADER_QUOTA_INFO
typedef _OBJECT_HEADER_QUOTA_INFO *	POBJECT_HEADER_QUOTA_INFO
typedef _OBJECT_HEADER_HANDLE_INFO	OBJECT_HEADER_HANDLE_INFO
typedef _OBJECT_HEADER_HANDLE_INFO *	POBJECT_HEADER_HANDLE_INFO
typedef _OBJECT_HEADER_NAME_INFO	OBJECT_HEADER_NAME_INFO
typedef _OBJECT_HEADER_NAME_INFO *	POBJECT_HEADER_NAME_INFO
typedef _OBJECT_HEADER_CREATOR_INFO	OBJECT_HEADER_CREATOR_INFO
typedef _OBJECT_HEADER_CREATOR_INFO *	POBJECT_HEADER_CREATOR_INFO
Enumerations
enum	_OB_OPEN_REASON {   ObCreateHandle, ObOpenHandle, ObDuplicateHandle, ObInheritHandle,   ObMaxOpenReason }
Functions
BOOLEAN	ObInitSystem (VOID)
NTSTATUS	ObInitProcess (PEPROCESS ParentProcess OPTIONAL, PEPROCESS NewProcess)
VOID	ObInitProcess2 (PEPROCESS NewProcess)
VOID	ObKillProcess (BOOLEAN AcquireLock, PEPROCESS Process)
NTKERNELAPI NTSTATUS	ObCreateObjectType (IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, OUT POBJECT_TYPE *ObjectType)
VOID FASTCALL	ObFreeObjectCreateInfoBuffer (IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
NTKERNELAPI VOID	ObDeleteCapturedInsertInfo (IN PVOID Object)
NTKERNELAPI NTSTATUS	ObCreateObject (IN KPROCESSOR_MODE ProbeMode, IN POBJECT_TYPE ObjectType, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE OwnershipMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectBodySize, IN ULONG PagedPoolCharge, IN ULONG NonPagedPoolCharge, OUT PVOID *Object)
NTKERNELAPI NTSTATUS	ObInsertObject (IN PVOID Object, IN PACCESS_STATE PassedAccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
NTKERNELAPI NTSTATUS	ObReferenceObjectByHandle (IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType OPTIONAL, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
NTKERNELAPI NTSTATUS	ObOpenObjectByName (IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PACCESS_STATE PassedAccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN OUT PVOID ParseContext OPTIONAL, OUT PHANDLE Handle)
NTKERNELAPI NTSTATUS	ObOpenObjectByPointer (IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN POBJECT_TYPE ObjectType OPTIONAL, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
NTSTATUS	ObReferenceObjectByName (IN PUNICODE_STRING ObjectName, IN ULONG Attributes, IN PACCESS_STATE PassedAccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, OUT PVOID *Object)
NTKERNELAPI VOID	ObMakeTemporaryObject (IN PVOID Object)
NTKERNELAPI BOOLEAN	ObFindHandleForObject (IN PEPROCESS Process, IN PVOID Object, IN POBJECT_TYPE ObjectType OPTIONAL, IN POBJECT_HANDLE_INFORMATION MatchCriteria OPTIONAL, OUT PHANDLE Handle)
NTKERNELAPI NTSTATUS	ObReferenceObjectByPointer (IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
NTKERNELAPI VOID FASTCALL	ObfDereferenceObject (IN PVOID Object)
NTSTATUS	ObWaitForSingleObject (IN HANDLE Handle, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL)
NTKERNELAPI NTSTATUS	ObQueryNameString (IN PVOID Object, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength)
NTKERNELAPI ULONG	ObGetObjectPointerCount (IN PVOID Object)
NTSTATUS	ObQueryTypeName (IN PVOID Object, PUNICODE_STRING ObjectTypeName, IN ULONG Length, OUT PULONG ReturnLength)
NTSTATUS	ObQueryTypeInfo (IN POBJECT_TYPE ObjectType, OUT POBJECT_TYPE_INFORMATION ObjectTypeInfo, IN ULONG Length, OUT PULONG ReturnLength)
NTSTATUS	ObDumpObjectByHandle (IN HANDLE Handle, IN POB_DUMP_CONTROL Control OPTIONAL)
NTSTATUS	ObDumpObjectByPointer (IN PVOID Object, IN POB_DUMP_CONTROL Control OPTIONAL)
NTSTATUS	ObSetDeviceMap (IN PEPROCESS TargetProcess, IN HANDLE DirectoryHandle)
NTSTATUS	ObQueryDeviceMapInformation (IN PEPROCESS TargetProcess, OUT PPROCESS_DEVICEMAP_INFORMATION DeviceMapInformation)
VOID	ObInheritDeviceMap (IN PEPROCESS NewProcess, IN PEPROCESS ParentProcess)
VOID	ObDereferenceDeviceMap (IN PEPROCESS Process)
NTSTATUS	ObGetObjectSecurity (IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
VOID	ObReleaseObjectSecurity (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
NTSTATUS	ObAssignObjectSecurityDescriptor (IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
NTSTATUS	ObValidateSecurityQuota (IN PVOID Object, IN ULONG NewSize)
NTKERNELAPI BOOLEAN	ObCheckCreateObjectAccess (IN PVOID DirectoryObject, IN ACCESS_MASK CreateAccess, IN PACCESS_STATE AccessState OPTIONAL, IN PUNICODE_STRING ComponentName, IN BOOLEAN TypeMutexLocked, IN KPROCESSOR_MODE PreviousMode, OUT PNTSTATUS AccessStatus)
NTKERNELAPI BOOLEAN	ObCheckObjectAccess (IN PVOID Object, IN PACCESS_STATE AccessState, IN BOOLEAN TypeMutexLocked, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS AccessStatus)
NTKERNELAPI NTSTATUS	ObAssignSecurity (IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL, IN PVOID Object, IN POBJECT_TYPE ObjectType)
NTSTATUS	ObQueryObjectAuditingByHandle (IN HANDLE Handle, OUT PBOOLEAN GenerateOnClose)
NTSTATUS	ObSetSecurityObjectByPointer (IN PVOID Object, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Variables
PDEVICE_MAP	ObSystemDeviceMap

---

Define Documentation

#define NUMBER_HASH_BUCKETS   37

Definition at line 206 of file ob.h. Referenced by NtQueryDirectoryObject(), and ObpLookupDirectoryEntry().

#define OB_FLAG_CREATOR_INFO   0x04

Definition at line 349 of file ob.h. Referenced by ObpAllocateObject().

#define OB_FLAG_DEFAULT_SECURITY_QUOTA   0x20

Definition at line 352 of file ob.h. Referenced by ObpChargeQuotaForObject(), ObpFreeObject(), and ObValidateSecurityQuota().

#define OB_FLAG_EXCLUSIVE_OBJECT   0x08

Definition at line 350 of file ob.h. Referenced by NtQueryObject(), ObpAllocateObject(), ObpDecrementHandleCount(), ObpIncrementHandleCount(), and ObpIncrementUnnamedHandleCount().

#define OB_FLAG_KERNEL_OBJECT   0x02

Definition at line 348 of file ob.h. Referenced by ObCreateObjectType(), ObInsertObject(), ObpAllocateObject(), and ObpSetHandleAttributes().

#define OB_FLAG_NEW_OBJECT   0x01

Definition at line 347 of file ob.h. Referenced by ObDeleteCapturedInsertInfo(), ObInsertObject(), ObOpenObjectByName(), ObpAllocateObject(), ObpChargeQuotaForObject(), and ObpFreeObject().

#define OB_FLAG_PERMANENT_OBJECT   0x10

Definition at line 351 of file ob.h. Referenced by NtQueryObject(), ObCreateObject(), ObCreateObjectType(), ObMakeTemporaryObject(), ObpAllocateObject(), and ObpDeleteNameCheck().

#define OB_FLAG_SINGLE_HANDLE_ENTRY   0x40

Definition at line 353 of file ob.h. Referenced by ObpAllocateObject(), ObpDecrementHandleCount(), ObpFreeObject(), ObpIncrementHandleDataBase(), and ObpInsertHandleCount().

#define ObDereferenceObject (  a   )     ObfDereferenceObject(a)

Definition at line 494 of file ob.h. Referenced by _GetUserObjectInformation(), _SetUserObjectInformation(), BuildQueryDirectoryIrp(), CcDeleteSharedCacheMap(), CcPerformReadAhead(), CheckAllowForeground(), CmGetSystemDriverList(), CmNotifyRunDown(), CmpCloneControlSet(), CmpDelayedDerefKeys(), CmpDoCreateChild(), CmpDoOpen(), CmpFileRead(), CmpFileWrite(), CmpFreePostBlock(), CmpLinkHiveToMaster(), CmpOpenHiveFiles(), CmpPostApc(), CmpPostApcRunDown(), CmpPostNotify(), CmpSaveBootControlSet(), DestroyProcessInfo(), DeviceClassCDROMNotify(), ExFreePool(), ExFreePoolWithTag(), ExpCreateWorkerThread(), ExpProfileDelete(), ExpTimerApcRoutine(), ExRegisterCallback(), ExReturnPoolQuota(), ExTimerRundown(), ExUnregisterCallback(), FreeWindowStation(), FsRtlAcknowledgeOplockBreak(), FsRtlCancelExclusiveIrp(), FsRtlNotifyVolumeEvent(), FsRtlOpBatchBreakClosePending(), FsRtlOplockBreakToII(), FsRtlOplockBreakToNone(), FsRtlOplockCleanup(), FsRtlPrivateCheckWaitingLocks(), FsRtlPrivateLock(), FsRtlRemoveAndCompleteIrp(), FsRtlUninitializeOplock(), GetDeviceChangeInfo(), GetProcessLuid(), HalpEnableAutomaticDriveLetterAssignment(), HalpIsOldStyleFloppy(), HalpNextMountLetter(), HalpQueryDriveLayout(), HalpQueryPartitionType(), HalpSetMountLetter(), InitiateWin32kCleanup(), IoAttachDevice(), IoCreateDriver(), IoCreateFile(), IoCreateNotificationEvent(), IoCreateSynchronizationEvent(), IoDeleteController(), IoDeleteDriver(), IoFreeDumpStack(), IoGetBootDiskInformation(), IoGetDmaAdapter(), IopAddDevicesToBootDriverWorker(), IopAllocateIrpCleanup(), IopBusCheck(), IopCallDriverAddDevice(), IopCallDriverAddDeviceQueryRoutine(), IopCheckUnloadDriver(), IopCompleteDumpInitialization(), IopCompleteRequest(), IopCompleteUnloadOrDelete(), IopConfigureCrashDump(), IopCreateArcNames(), IopDeleteDevice(), IopDeleteFile(), IopDeleteLegacyKey(), IopDeleteLockedDeviceNode(), IopDereferenceNotify(), IopDestroyDeviceNode(), IopDeviceActionWorker(), IopDriverLoadingFailed(), IopDropIrp(), IopEnumerateDevice(), IopErrorLogThread(), IopExceptionCleanup(), IopFreePoDeviceNotifyListHead(), IopFreeRelationList(), IopGetDriverDeviceListWorker(), IopGetDumpStack(), IopGetLegacyVetoListDrivers(), IopGetRootDevices(), IopGetSetSecurityObject(), IopInitializeBootDrivers(), IopInitializeBuiltinDriver(), IopInitializeSystemDrivers(), IopInvalidateDeviceStateWorker(), IopInvalidateRelationsInList(), IopInvalidateVolumesForDevice(), IopIsAnyDeviceInstanceEnabled(), IopIsDeviceInstanceEnabled(), IopLoadDriver(), IopLockDeviceRemovalRelations(), IopMarkBootPartition(), IopMountVolume(), IopNotifyTargetDeviceChange(), IopOpenLinkOrRenameTarget(), IopOrphanNotification(), IopParseDevice(), IopProcessNewDeviceNode(), IopProcessRelation(), IopProcessSetInterfaceState(), IopProcessWorkItem(), IopQueryXxxInformation(), IopRebalance(), IopRemoveIndirectRelationsFromList(), IopRemoveRelationFromList(), IopReportTargetDeviceChangeAsyncWorker(), IopRequestDeviceEjectWorker(), IopSendMessageToTrackService(), IopSetDeviceSecurityDescriptors(), IopSetEaOrQuotaInformationFile(), IopStartDriverDevices(), IopTrackLink(), IopUnlockDeviceRemovalRelations(), IopXxxControlFile(), IoRegisterPlugPlayNotification(), IoReportDetectedDevice(), IoSetInformation(), IoUnregisterFsRegistrationChange(), IovpAssertNewRequest(), IovpAssertNonLegacyDevice(), IovpCallDriver1(), IovpCallDriver2(), IovpDeleteDevice(), IovpExamineDevObjForwarding(), IovpStopObRefMonitoring(), IovpThrowBogusSynchronousIrp(), IovpThrowChaffAtStartedPdoStack(), IoWriteErrorLogEntry(), IsRestricted(), KdUpdateTimeSlipEvent(), LockObjectAssignment(), LpcExitThread(), LpcpCopyRequestData(), LpcpCreatePort(), LpcpDeletePort(), LpcpDestroyPortQueue(), LpcpFreeToPortZone(), LpcRequestWaitReplyPort(), MiLoadImageSection(), MiLoadSystemImage(), MiSegmentDelete(), MiSuperSectionDelete(), MmCreateSection(), MmGetFileNameForSection(), MmSetBankedSection(), MmUnloadSystemImage(), NtAcceptConnectPort(), NtAdjustGroupsToken(), NtAdjustPrivilegesToken(), NtAlertResumeThread(), NtAlertThread(), NtAllocateUserPhysicalPages(), NtAllocateVirtualMemory(), NtAssignProcessToJobObject(), NtCancelIoFile(), NtCancelTimer(), NtClearEvent(), NtClose(), NtCompleteConnectPort(), NtCreateJobObject(), NtCreateKey(), NtCreatePagingFile(), NtCreateProfile(), NtCreateSuperSection(), NtCreateSymbolicLinkObject(), NtDeleteKey(), NtDeleteValueKey(), NtDuplicateObject(), NtDuplicateToken(), NtEnumerateKey(), NtEnumerateValueKey(), NtExtendSection(), NtFilterToken(), NtFlushBuffersFile(), NtFlushInstructionCache(), NtFlushKey(), NtFlushVirtualMemory(), NtFreeUserPhysicalPages(), NtFreeVirtualMemory(), NtGetContextThread(), NtImpersonateAnonymousToken(), NtImpersonateClientOfPort(), NtImpersonateThread(), NtListenChannel(), NtLockFile(), NtLockVirtualMemory(), NtMakeTemporaryObject(), NtMapViewOfSection(), NtMapViewOfSuperSection(), NtNotifyChangeDirectoryFile(), NtNotifyChangeMultipleKeys(), NtOpenChannel(), NtOpenKey(), NtOpenObjectAuditAlarm(), NtOpenProcess(), NtOpenProcessToken(), NtOpenThread(), NtOpenThreadToken(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtPrivilegeObjectAuditAlarm(), NtProtectVirtualMemory(), NtPulseEvent(), NtQueryDirectoryObject(), NtQueryEaFile(), NtQueryEvent(), NtQueryInformationFile(), NtQueryInformationJobObject(), NtQueryInformationPort(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIoCompletion(), NtQueryKey(), NtQueryMultipleValueKey(), NtQueryMutant(), NtQueryObject(), NtQueryOpenSubKeys(), NtQueryQuotaInformationFile(), NtQuerySection(), NtQuerySecurityObject(), NtQuerySemaphore(), NtQuerySymbolicLinkObject(), NtQueryTimer(), NtQueryValueKey(), NtQueryVirtualMemory(), NtQueryVolumeInformationFile(), NtQueueApcThread(), NtReadFile(), NtReadFileScatter(), NtReadVirtualMemory(), NtRegisterThreadTerminatePort(), NtReleaseMutant(), NtReleaseSemaphore(), NtRemoveIoCompletion(), NtReplaceKey(), NtReplyPort(), NtReplyWaitReceivePort(), NtReplyWaitReceivePortEx(), NtReplyWaitReplyPort(), NtReplyWaitSendChannel(), NtRequestPort(), NtRequestWaitReplyPort(), NtResetEvent(), NtRestoreKey(), NtResumeThread(), NtSaveKey(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSendWaitReplyChannel(), NtSetContextThread(), NtSetEaFile(), NtSetEvent(), NtSetHighEventPair(), NtSetHighWaitLowEventPair(), NtSetInformationFile(), NtSetInformationJobObject(), NtSetInformationKey(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), NtSetIoCompletion(), NtSetLowEventPair(), NtSetLowWaitHighEventPair(), NtSetSecurityObject(), NtSetTimer(), NtSetValueKey(), NtSetVolumeInformationFile(), NtSignalAndWaitForSingleObject(), NtStartProfile(), NtStopProfile(), NtSuspendThread(), NtTerminateJobObject(), NtTerminateProcess(), NtTerminateThread(), NtUnloadDriver(), NtUnloadKey(), NtUnlockFile(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtUserBuildHwndList(), NtUserBuildNameList(), NtUserCloseWindowStation(), NtUserGetGuiResources(), NtUserLockWindowStation(), NtUserProcessConnect(), NtUserSetThreadDesktop(), NtUserSetWindowStationUser(), NtUserSwitchDesktop(), NtUserUnlockWindowStation(), NtUserUserHandleGrantAccess(), NtWaitForMultipleObjects(), NtWaitForSingleObject(), NtWaitHighEventPair(), NtWaitLowEventPair(), NtWriteFile(), NtWriteFileGather(), NtWriteVirtualMemory(), ObDereferenceDeviceMap(), ObInsertObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObpDeleteNameCheck(), ObpDeleteSymbolicLinkName(), ObpDestroyTypeArray(), ObpLookupObjectName(), ObpProcessDosDeviceSymbolicLink(), ObSetDeviceMap(), obtest(), ObWaitForSingleObject(), OpenCacheKeyEx(), OpenDeviceReparseIndex(), PsAssignImpersonationToken(), PsEnforceExecutionTimeLimits(), PsOpenTokenOfProcess(), PsOpenTokenOfThread(), PspAssignPrimaryToken(), PspCreateProcess(), PspCreateThread(), PspDeleteThreadSecurity(), PspExitProcess(), PspExitThread(), PspJobClose(), PspJobDelete(), PspProcessDelete(), PspQueryPooledQuotaLimits(), PspQueryQuotaLimits(), PspQueryWorkingSetWatch(), PspReaper(), PspSetPrimaryToken(), PspSetQuotaLimits(), PspTerminateAllProcessesInJob(), PspTerminateProcess(), PspTerminateThreadByPointer(), PspThreadDelete(), PsRestoreImpersonation(), PsRevertToSelf(), RawInputThread(), ReferenceWindowStation(), RegisterForDeviceChangeNotifications(), SeAccessCheckByType(), SeDeassignPrimaryToken(), SeIsChildToken(), SeMakeAnonymousLogonToken(), SeMakeSystemToken(), SepAccessCheckAndAuditAlarm(), SepCreateToken(), SepFilterToken(), SepOpenTokenOfThread(), SmbTraceToClient(), UdfCreateInternalStream(), UdfDeleteInternalStream(), UdfDeleteVcb(), UdfInvalidateVolumes(), UdfMountVolume(), UdfVerifyVolume(), UnlockObjectAssignment(), UserDeleteW32Thread(), UserDereferenceObject(), ValidateHdesk(), ValidateHwinsta(), VdmpDelayIntDpcRoutine(), VdmpDelayInterrupt(), VdmpIsThreadTerminating(), VdmpQueueInterrupt(), VdmpQueueIntNormalRoutine(), VdmQueryDirectoryFile(), Win32KDriverUnload(), Win32kNtUserCleanup(), xxxCloseDesktop(), xxxConsoleControl(), xxxCreateDesktop(), xxxCreateDesktop2(), xxxCreateThreadInfo(), xxxCreateWindowStation(), xxxDesktopThread(), xxxGetThreadDesktop(), xxxInitTerminal(), xxxOpenDesktop(), xxxResolveDesktop(), xxxRestoreCsrssThreadDesktop(), xxxSetCsrssThreadDesktop(), xxxSetInformationThread(), xxxSetProcessWindowStation(), and zzzSetDesktop().

#define OBJECT_HEADER_TO_CREATOR_INFO (  oh   )

Value: ((POBJECT_HEADER_CREATOR_INFO) \ (((oh)->Flags & OB_FLAG_CREATOR_INFO) == 0 ? NULL : ((PCHAR)(oh) - sizeof(OBJECT_HEADER_CREATOR_INFO)))) Definition at line 371 of file ob.h. Referenced by ObCreateObjectType(), ObpDecrementHandleCount(), ObpFreeObject(), ObpIncrementHandleCount(), ObpIncrementUnnamedHandleCount(), and ObpRemoveObjectRoutine().

#define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS (  oh   )

Value: ((oh->Flags & OB_FLAG_EXCLUSIVE_OBJECT) == 0 ? \ NULL : (((POBJECT_HEADER_QUOTA_INFO)((PCHAR)(oh) - (oh)->QuotaInfoOffset))->ExclusiveProcess)) Definition at line 358 of file ob.h. Referenced by ObpIncrementHandleCount(), and ObpIncrementUnnamedHandleCount().

#define OBJECT_HEADER_TO_HANDLE_INFO (  oh   )

Value: ((POBJECT_HEADER_HANDLE_INFO) \ ((oh)->HandleInfoOffset == 0 ? NULL : ((PCHAR)(oh) - (oh)->HandleInfoOffset))) Definition at line 365 of file ob.h. Referenced by ObpDecrementHandleCount(), ObpFreeObject(), ObpIncrementHandleDataBase(), and ObpInsertHandleCount().

#define OBJECT_HEADER_TO_NAME_INFO (  oh   )

Value: ((POBJECT_HEADER_NAME_INFO) \ ((oh)->NameInfoOffset == 0 ? NULL : ((PCHAR)(oh) - (oh)->NameInfoOffset))) Definition at line 368 of file ob.h. Referenced by _BuildNameList(), IovpStartObRefMonitoring(), IovpStopObRefMonitoring(), NtQueryDirectoryObject(), NtQueryObject(), ObEnumerateObjectsByType(), ObfDereferenceObject(), ObInitSystem(), ObInsertObject(), ObpCreateSymbolicLinkName(), ObpDeleteNameCheck(), ObpFreeObject(), ObpInsertDirectoryEntry(), ObpLookupDirectoryEntry(), ObpLookupObjectName(), ObpProcessDosDeviceSymbolicLink(), ObpRemoveObjectRoutine(), ObQueryNameString(), and xxxCreateWindowStation().

#define OBJECT_HEADER_TO_QUOTA_INFO (  oh   )

Value: ((POBJECT_HEADER_QUOTA_INFO) \ ((oh)->QuotaInfoOffset == 0 ? NULL : ((PCHAR)(oh) - (oh)->QuotaInfoOffset))) Definition at line 362 of file ob.h. Referenced by NtQueryObject(), ObGetObjectInformation(), ObpChargeQuotaForObject(), ObpDecrementHandleCount(), ObpFreeObject(), ObpIncrementHandleCount(), ObpIncrementUnnamedHandleCount(), and ObValidateSecurityQuota().

#define OBJECT_TO_OBJECT_HEADER (  o   )     CONTAINING_RECORD( (o), OBJECT_HEADER, Body )

Definition at line 355 of file ob.h. Referenced by _BuildNameList(), _GetUserObjectInformation(), _LockWindowStation(), _SetUserObjectInformation(), DestroyWindowStation(), DumpConvInfo(), FreeDesktop(), FreeWindowStation(), IoCreateStreamFileObjectLite(), IovpStartObRefMonitoring(), IovpStopObRefMonitoring(), LockObjectAssignment(), MapDesktop(), NtDuplicateObject(), NtQueryDirectoryObject(), NtQueryObject(), NtQuerySecurityObject(), NtSignalAndWaitForSingleObject(), NtWaitForSingleObject(), ObAssignObjectSecurityDescriptor(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObDeleteCapturedInsertInfo(), ObfDereferenceObject(), ObFindHandleForObject(), ObfReferenceObject(), ObGetObjectPointerCount(), ObGetObjectSecurity(), ObInsertObject(), ObMakeTemporaryObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), ObpCreateHandle(), ObpCreateSymbolicLinkName(), ObpCreateUnnamedHandle(), ObpDeleteNameCheck(), ObpFreeObject(), ObpIncrementHandleCount(), ObpIncrementUnnamedHandleCount(), ObpInsertDirectoryEntry(), ObpLookupDirectoryEntry(), ObpLookupObjectName(), ObpProcessDosDeviceSymbolicLink(), ObpReferenceSecurityDescriptor(), ObpRemoveObjectRoutine(), ObQueryNameString(), ObQueryTypeName(), ObReferenceObjectByHandle(), ObReferenceObjectByPointer(), ObSetSecurityDescriptorInfo(), ObSetSecurityObjectByPointer(), ObValidateSecurityQuota(), ObWaitForSingleObject(), OkayToCloseDesktop(), OkayToCloseWindowStation(), ParseDesktop(), ParseWindowStation(), UnlockObjectAssignment(), UnmapDesktop(), xxxCreateDesktop2(), and xxxCreateWindowStation().

#define ObReferenceObject (  Object   )

Value: { \ POBJECT_HEADER ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object); \ InterlockedIncrement(&ObjectHeader->PointerCount); \ } Definition at line 514 of file ob.h. Referenced by CcInitializeCacheMap(), CcScheduleReadAhead(), ExAllocatePoolWithQuota(), ExAllocatePoolWithQuotaTag(), ExRegisterCallback(), ExTimerRundown(), FsRtlPrivateCheckWaitingLocks(), FsRtlPrivateLock(), FsRtlRequestExclusiveOplock(), FsRtlRequestOplockII(), InitiateWin32kCleanup(), IoBuildPoDeviceNotifyList(), IoCreateDevice(), IoGetAttachedDeviceReference(), IopAddRelationToList(), IopAllocateErrorLogEntry(), IopBusCheck(), IopCloseFile(), IopDeleteLockedDeviceNode(), IopDeviceActionWorker(), IopDeviceObjectFromDeviceInstance(), IopEnumerateDevice(), IopGetDeviceAttachmentBaseRef(), IopGetDevicePDO(), IopGetFileName(), IopGetSetObjectId(), IopGetSetSecurityObject(), IopGetVolumeId(), IopInitializeBootDrivers(), IopInitializeDeviceInstanceKey(), IopLoadBootFilterDriver(), IopLockDeviceRemovalRelations(), IopMarkBootPartition(), IopMountVolume(), IopNotifyTargetDeviceChange(), IopParseDevice(), IopPnPDispatch(), IopProcessRelation(), IopQueryXxxInformation(), IopQueueDeviceWorkItem(), IopRequestDeviceAction(), IopSetDeviceSecurityDescriptors(), IopSetRemoteLink(), IopTestForReconfiguration(), IoQueueWorkItem(), IoRegisterFsRegistrationChange(), IoReportDetectedDevice(), IoReportTargetDeviceChangeAsynchronous(), IoSetInformation(), IovpGetDeviceAttachedTo(), IovpGetLowestDevice(), IovpStartObRefMonitoring(), LockObjectAssignment(), LpcpCreatePort(), LpcRequestWaitReplyPort(), MiCheckPageFilePath(), MiLoadImageSection(), MmCreateSection(), NtAcceptConnectPort(), NtAssignProcessToJobObject(), NtImpersonateClientOfPort(), NtOpenThreadToken(), NtQueryInformationJobObject(), NtQueryVirtualMemory(), NtReplyPort(), NtReplyWaitReceivePort(), NtReplyWaitReceivePortEx(), NtReplyWaitReplyPort(), NtReplyWaitSendChannel(), NtRequestPort(), NtRequestWaitReplyPort(), NtSecureConnectPort(), NtSendWaitReplyChannel(), ObCreateObjectType(), ObpCreateTypeArray(), ObpDeleteSymbolicLinkName(), ObpLookupObjectName(), ObpProcessDosDeviceSymbolicLink(), ParseDesktop(), ParseWindowStation(), PsEnforceExecutionTimeLimits(), PsImpersonateClient(), PsLookupProcessByProcessId(), PsLookupProcessThreadByCid(), PsLookupThreadByThreadId(), PsOpenTokenOfJobObject(), PspApplyJobLimitsToProcessSet(), PspCreateProcess(), PspCreateThread(), PspTerminateAllProcessesInJob(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), PsReferencePrimaryToken(), SeAssignPrimaryToken(), SeCreateClientSecurityFromSubjectContext(), SeExchangePrimaryToken(), SepRmCommandServerThreadInit(), UdfInitializeVcb(), UdfMountVolume(), UdfVerifyVolume(), VdmpDelayInterrupt(), xxxCreateWindowStation(), and xxxInitTerminal().

---

Typedef Documentation

typedef struct _DEVICE_MAP DEVICE_MAP

typedef VOID(* OB_CLOSE_METHOD)(IN PEPROCESS Process OPTIONAL, IN PVOID Object, IN ACCESS_MASK GrantedAccess, IN ULONG ProcessHandleCount, IN ULONG SystemHandleCount)

Definition at line 95 of file ob.h.

typedef VOID(* OB_DELETE_METHOD)(IN PVOID Object)

Definition at line 103 of file ob.h.

typedef struct _OBJECT_DUMP_CONTROL OB_DUMP_CONTROL

typedef VOID(* OB_DUMP_METHOD)(IN PVOID Object, IN POB_DUMP_CONTROL Control OPTIONAL)

Definition at line 67 of file ob.h.

typedef BOOLEAN(* OB_OKAYTOCLOSE_METHOD)(IN PEPROCESS Process OPTIONAL, IN PVOID Object, IN HANDLE Handle)

Definition at line 89 of file ob.h.

typedef VOID(* OB_OPEN_METHOD)(IN OB_OPEN_REASON OpenReason, IN PEPROCESS Process OPTIONAL, IN PVOID Object, IN ACCESS_MASK GrantedAccess, IN ULONG HandleCount)

Definition at line 81 of file ob.h.

typedef enum _OB_OPEN_REASON OB_OPEN_REASON

Referenced by MapDesktop(), ObInsertObject(), and ObOpenObjectByName().

typedef NTSTATUS(* OB_PARSE_METHOD)(IN PVOID ParseObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING CompleteName, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *Object)

Definition at line 107 of file ob.h. Referenced by IopCreateObjectTypes(), and ObpLookupObjectName().

typedef NTSTATUS(* OB_QUERYNAME_METHOD)(IN PVOID Object, IN BOOLEAN HasObjectName, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength)

Definition at line 131 of file ob.h. Referenced by IopCreateObjectTypes().

typedef NTSTATUS(* OB_SECURITY_METHOD)(IN PVOID Object, IN SECURITY_OPERATION_CODE OperationCode, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG CapturedLength, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)

Definition at line 120 of file ob.h. Referenced by IopCreateObjectTypes().

typedef struct _OBJECT_CREATE_INFORMATION OBJECT_CREATE_INFORMATION

typedef struct _OBJECT_DIRECTORY OBJECT_DIRECTORY

typedef struct _OBJECT_DIRECTORY_ENTRY OBJECT_DIRECTORY_ENTRY

typedef struct _OBJECT_HANDLE_COUNT_DATABASE OBJECT_HANDLE_COUNT_DATABASE

typedef struct _OBJECT_HANDLE_COUNT_ENTRY OBJECT_HANDLE_COUNT_ENTRY

typedef struct _OBJECT_HANDLE_INFORMATION OBJECT_HANDLE_INFORMATION

Referenced by zzzSetDesktop().

typedef struct _OBJECT_HEADER OBJECT_HEADER

typedef struct _OBJECT_HEADER_CREATOR_INFO OBJECT_HEADER_CREATOR_INFO

typedef struct _OBJECT_HEADER_HANDLE_INFO OBJECT_HEADER_HANDLE_INFO

typedef struct _OBJECT_HEADER_NAME_INFO OBJECT_HEADER_NAME_INFO

typedef struct _OBJECT_HEADER_QUOTA_INFO OBJECT_HEADER_QUOTA_INFO

typedef struct _OBJECT_SYMBOLIC_LINK OBJECT_SYMBOLIC_LINK

typedef struct _OBJECT_TYPE OBJECT_TYPE

Referenced by ObCreateObjectType().

typedef struct _OBJECT_TYPE_INITIALIZER OBJECT_TYPE_INITIALIZER

Referenced by ExpInitializeCallbacks().

typedef struct _DEVICE_MAP * PDEVICE_MAP

typedef struct _OBJECT_DUMP_CONTROL * POB_DUMP_CONTROL

typedef struct _OBJECT_CREATE_INFORMATION * POBJECT_CREATE_INFORMATION

typedef struct _OBJECT_DIRECTORY * POBJECT_DIRECTORY

typedef struct _OBJECT_DIRECTORY_ENTRY * POBJECT_DIRECTORY_ENTRY

typedef struct _OBJECT_HANDLE_COUNT_DATABASE * POBJECT_HANDLE_COUNT_DATABASE

typedef struct _OBJECT_HANDLE_COUNT_ENTRY * POBJECT_HANDLE_COUNT_ENTRY

typedef struct _OBJECT_HANDLE_INFORMATION * POBJECT_HANDLE_INFORMATION

Referenced by xxxUserFindHandleForObject().

typedef struct _OBJECT_HEADER * POBJECT_HEADER

typedef struct _OBJECT_HEADER_CREATOR_INFO * POBJECT_HEADER_CREATOR_INFO

typedef struct _OBJECT_HEADER_HANDLE_INFO * POBJECT_HEADER_HANDLE_INFO

typedef struct _OBJECT_HEADER_NAME_INFO * POBJECT_HEADER_NAME_INFO

typedef struct _OBJECT_HEADER_QUOTA_INFO * POBJECT_HEADER_QUOTA_INFO

typedef struct _OBJECT_SYMBOLIC_LINK * POBJECT_SYMBOLIC_LINK

typedef struct _OBJECT_TYPE * POBJECT_TYPE

typedef struct _OBJECT_TYPE_INITIALIZER * POBJECT_TYPE_INITIALIZER

---

Enumeration Type Documentation

enum _OB_OPEN_REASON

Enumeration values: ObCreateHandle  ObOpenHandle  ObDuplicateHandle  ObInheritHandle  ObMaxOpenReason  Definition at line 72 of file ob.h. { ObCreateHandle, ObOpenHandle, ObDuplicateHandle, ObInheritHandle, ObMaxOpenReason } OB_OPEN_REASON;

---

Function Documentation

NTSTATUS ObAssignObjectSecurityDescriptor (  IN PVOID  Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor  OPTIONAL, IN POOL_TYPE  PoolType )

Definition at line 1183 of file obse.c. References NT_SUCCESS, NTSTATUS(), NULL, OBJECT_TO_OBJECT_HEADER, ObpLogSecurityDescriptor(), PAGED_CODE, and Status. Referenced by CmpSecurityMethod(), SeDefaultObjectMethod(), SeMakeAnonymousLogonToken(), and SeMakeSystemToken(). : Takes a pointer to an object and sets the SecurityDescriptor field in the object's header. Arguments: Object - Supplies a pointer to the object SecurityDescriptor - Supplies a pointer to the security descriptor to be assigned to the object. This pointer may be null if there is no security on the object. PoolType - Supplies the type of pool memory used to allocate the security descriptor. This field is currently ignored. Return Value: An appropriate NTSTATUS value. --*/ { NTSTATUS Status; PSECURITY_DESCRIPTOR OutputSecurityDescriptor; PAGED_CODE(); // // If the security descriptor isn't supplied then we set the // object header's security descriptor to null and return // to our caller // if (!ARGUMENT_PRESENT(SecurityDescriptor)) { OBJECT_TO_OBJECT_HEADER( Object )->SecurityDescriptor = NULL; return( STATUS_SUCCESS ); } // // Log the new security descriptor into our security database and // get back the real security descriptor to use // Status = ObpLogSecurityDescriptor( SecurityDescriptor, &OutputSecurityDescriptor ); // // If we've been successful so far then set the object's // security descriptor to the newly allocated one. // if (NT_SUCCESS(Status)) { OBJECT_TO_OBJECT_HEADER( Object )->SecurityDescriptor = OutputSecurityDescriptor; } // // And return to our caller // return( Status ); }

NTKERNELAPI NTSTATUS ObAssignSecurity (  IN PACCESS_STATE  AccessState, IN PSECURITY_DESCRIPTOR ParentDescriptor  OPTIONAL, IN PVOID  Object, IN POBJECT_TYPE  ObjectType )

Definition at line 1574 of file obse.c. References AssignSecurityDescriptor, NT_SUCCESS, NTSTATUS(), NULL, ObpBeginTypeSpecificCallOut, ObpDirectoryObjectType, ObpEndTypeSpecificCallOut, PAGED_CODE, PagedPool, SeAssignSecurity(), SeDeassignSecurity(), and Status. Referenced by ObInsertObject(), and xxxCreateDesktop2(). : This routine will assign a security descriptor to a newly created object. It assumes that the AccessState parameter contains a captured security descriptor. Arguments: AccessState - The AccessState containing the security information for this object creation. ParentDescriptor - The security descriptor from the parent object, if available. Object - A pointer to the object being created. ObjectType - Supplies the type of object being created. Return Value: STATUS_SUCCESS - indicates the operation was successful. STATUS_INVALID_OWNER - The owner SID provided as the owner of the target security descriptor is not one the caller is authorized to assign as the owner of an object. STATUS_PRIVILEGE_NOT_HELD - The caller does not have the privilege necessary to explicitly assign the specified system ACL. SeSecurityPrivilege privilege is needed to explicitly assign system ACLs to objects. --*/ { PSECURITY_DESCRIPTOR NewDescriptor = NULL; NTSTATUS Status; KIRQL SaveIrql; PAGED_CODE(); // // SeAssignSecurity will construct the final version // of the security descriptor // Status = SeAssignSecurity( ParentDescriptor, AccessState->SecurityDescriptor, &NewDescriptor, (BOOLEAN)(ObjectType == ObpDirectoryObjectType), &AccessState->SubjectSecurityContext, &ObjectType->TypeInfo.GenericMapping, PagedPool ); if (!NT_SUCCESS( Status )) { return( Status ); } ObpBeginTypeSpecificCallOut( SaveIrql ); // // Now invoke the security method callback to finish // the assignment. // Status = (*ObjectType->TypeInfo.SecurityProcedure)( Object, AssignSecurityDescriptor, NULL, NewDescriptor, NULL, NULL, PagedPool, &ObjectType->TypeInfo.GenericMapping ); ObpEndTypeSpecificCallOut( SaveIrql, "Security", ObjectType, Object ); if (!NT_SUCCESS( Status )) { // // The attempt to assign the security descriptor to the object // failed. Free the space used by the new security descriptor. // SeDeassignSecurity( &NewDescriptor ); } // // And return to our caller // return( Status ); }

NTKERNELAPI BOOLEAN ObCheckCreateObjectAccess (  IN PVOID  DirectoryObject, IN ACCESS_MASK  CreateAccess, IN PACCESS_STATE AccessState  OPTIONAL, IN PUNICODE_STRING  ComponentName, IN BOOLEAN  TypeMutexLocked, IN KPROCESSOR_MODE  PreviousMode, OUT PNTSTATUS  AccessStatus )

Definition at line 983 of file obse.c. References FALSE, _OBJECT_TYPE_INITIALIZER::GenericMapping, NT_SUCCESS, NTSTATUS(), NULL, ObGetObjectSecurity(), OBJECT_TO_OBJECT_HEADER, ObpEnterObjectTypeMutex, ObpLeaveObjectTypeMutex, ObReleaseObjectSecurity(), PAGED_CODE, SeAccessCheck(), SeAppendPrivileges(), SeCreateObjectAuditAlarm(), SeFreePrivileges(), SeLockSubjectContext(), SeUnlockSubjectContext(), Status, TRUE, _OBJECT_HEADER::Type, and _OBJECT_TYPE::TypeInfo. Referenced by ObpLookupObjectName(), and xxxCreateDesktop2(). : This routine checks to see if we are allowed to create an object in the given directory, and performs auditing as appropriate. Arguments: DirectoryObject - The directory object being examined. CreateAccess - The access mask corresponding to create access for this directory type. AccessState - Checks for traverse access will typically be incidental to some other access attempt. Information on the current state of that access attempt is required so that the constituent access attempts may be associated with each other in the audit log. ComponentName - Pointer to a Unicode string containing the name of the object being created. TypeMutexLocked - Indicates whether the type mutex for this object's type is locked. The type mutex is used to protect the object's security descriptor from being modified while it is being accessed. PreviousMode - The previous processor mode. AccessStatus - Pointer to a variable to return the status code of the access attempt. In the case of failure this status code must be propagated back to the user. Return Value: BOOLEAN - TRUE if access is allowed and FALSE otherwise. AccessStatus contains the status code to be passed back to the caller. It is not correct to simply pass back STATUS_ACCESS_DENIED, since this will have to change with the advent of mandatory access control. --*/ { BOOLEAN AccessAllowed; ACCESS_MASK GrantedAccess = 0; PSECURITY_DESCRIPTOR SecurityDescriptor; BOOLEAN MemoryAllocated; NTSTATUS Status; POBJECT_HEADER ObjectHeader; POBJECT_TYPE ObjectType; PPRIVILEGE_SET Privileges = NULL; BOOLEAN AuditPerformed = FALSE; PAGED_CODE(); // // Map the object body to its object header and corresponding // object type // ObjectHeader = OBJECT_TO_OBJECT_HEADER( DirectoryObject ); ObjectType = ObjectHeader->Type; // // If the caller didn't lock the object type down then // we'll do it now // if (!TypeMutexLocked) { ObpEnterObjectTypeMutex( ObjectType ); } // // Obtain the object's security descriptor and make it was // successful // Status = ObGetObjectSecurity( DirectoryObject, &SecurityDescriptor, &MemoryAllocated ); if (!NT_SUCCESS( Status )) { if (!TypeMutexLocked) { ObpLeaveObjectTypeMutex( ObjectType ); } *AccessStatus = Status; return( FALSE ); } // // lock the caller's tokens until after auditing has been // performed. // SeLockSubjectContext( &AccessState->SubjectSecurityContext ); // // if we have a security descriptor then do an access // check to see if access is allowed and set in the // privileges if necessary // if (SecurityDescriptor != NULL) { AccessAllowed = SeAccessCheck( SecurityDescriptor, &AccessState->SubjectSecurityContext, TRUE, // Tokens are locked CreateAccess, 0, &Privileges, &ObjectType->TypeInfo.GenericMapping, PreviousMode, &GrantedAccess, AccessStatus ); if (Privileges != NULL) { Status = SeAppendPrivileges( AccessState, Privileges ); SeFreePrivileges( Privileges ); } // // This is wrong, but leave for reference. // // if (AccessAllowed) { // // AccessState->PreviouslyGrantedAccess |= GrantedAccess; // AccessState->RemainingDesiredAccess &= ~GrantedAccess; // } // #if 0 SeCreateObjectAuditAlarm( &AccessState->OperationID, DirectoryObject, ComponentName, SecurityDescriptor, &AccessState->SubjectSecurityContext, CreateAccess, AccessState->PrivilegesUsed, AccessAllowed, &AuditPerformed, PreviousMode ); if ( AuditPerformed ) { AccessState->AuditHandleCreation = TRUE; } #endif } else { // // At this point there is not a security descriptor // so we'll assume access is allowed // AccessAllowed = TRUE; } // // Free the caller's token and if the caller didn't have the // object type locked we need to free it. // SeUnlockSubjectContext( &AccessState->SubjectSecurityContext ); if (!TypeMutexLocked) { ObpLeaveObjectTypeMutex( ObjectType ); } // // Finally free the security descriptor // and return to our caller // ObReleaseObjectSecurity( SecurityDescriptor, MemoryAllocated ); return( AccessAllowed ); }

NTKERNELAPI BOOLEAN ObCheckObjectAccess (  IN PVOID  Object, IN PACCESS_STATE  AccessState, IN BOOLEAN  TypeMutexLocked, IN KPROCESSOR_MODE  AccessMode, OUT PNTSTATUS  AccessStatus )

NTKERNELAPI NTSTATUS ObCreateObject (  IN KPROCESSOR_MODE  ProbeMode, IN POBJECT_TYPE  ObjectType, IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL, IN KPROCESSOR_MODE  OwnershipMode, IN OUT PVOID ParseContext  OPTIONAL, IN ULONG  ObjectBodySize, IN ULONG  PagedPoolCharge, IN ULONG  NonPagedPoolCharge, OUT PVOID *  Object )

Definition at line 55 of file obcreate.c. References _OBJECT_CREATE_INFORMATION::Attributes, _OBJECT_HEADER::Body, FALSE, _OBJECT_HEADER::Flags, _OBJECT_CREATE_INFORMATION::NonPagedPoolCharge, NT_SUCCESS, NTSTATUS(), NULL, OB_FLAG_PERMANENT_OBJECT, ObjectAttributes, ObpAllocateObject(), ObpAllocateObjectCreateInfoBuffer, ObpCaptureObjectCreateInformation(), ObpFreeObject(), ObpFreeObjectCreateInfoBuffer, ObpFreeObjectNameBuffer(), ObpReleaseObjectCreateInformation, PAGED_CODE, _OBJECT_CREATE_INFORMATION::PagedPoolCharge, SeCreatePermanentPrivilege, SeSinglePrivilegeCheck(), and Status. Referenced by CmpCreateRegistryRoot(), CmpDoCreateChild(), CmpDoOpen(), ExCreateCallback(), IoCreateController(), IoCreateDevice(), IoCreateDriver(), IoCreateStreamFileObject(), IoCreateStreamFileObjectLite(), IopInitializeAttributesAndCreateObject(), IopLoadDriver(), IopParseDevice(), LpcpCreatePort(), MiSectionInitialization(), MmCreateSection(), NtAcceptConnectPort(), NtCreateChannel(), NtCreateDirectoryObject(), NtCreateEvent(), NtCreateEventPair(), NtCreateIoCompletion(), NtCreateJobObject(), NtCreateMutant(), NtCreateProfile(), NtCreateSemaphore(), NtCreateSuperSection(), NtCreateSymbolicLinkObject(), NtCreateTimer(), NtOpenChannel(), NtSecureConnectPort(), obtest(), PspCreateProcess(), PspCreateThread(), SepCreateToken(), SepDuplicateToken(), SepFilterToken(), xxxCreateDesktop2(), and xxxCreateWindowStation(). : This functions allocates space for an NT Object from either Paged or NonPaged pool. It captures the optional name and SECURITY_DESCRIPTOR parameters for later use when the object is inserted into an object table. No quota is charged at this time. That occurs when the object is inserted into an object table. Arguments: ProbeMode - The processor mode to consider when doing a probe of the input parameters ObjectType - A pointer of the type returned by ObCreateObjectType that gives the type of object being created. ObjectAttributes - Optionally supplies the attributes of the object being created (such as its name) OwnershipMode - The processor mode of who is going to own the object ParseContext - Ignored ObjectBodySize - Number of bytes to allocate for the object body. The object body immediately follows the object header in memory and are part of a single allocation. PagedPoolCharge - Supplies the amount of paged pool to charge for the object. If zero is specified then the default charge for the object type is used. NonPagedPoolCharge - Supplies the amount of nonpaged pool to charge for the object. If zero is specified then the default charge for the object type is used. Object - Receives a pointer to the newly created object Return Value: Following errors can occur: - invalid object type - insufficient memory --*/ { UNICODE_STRING CapturedObjectName; POBJECT_CREATE_INFORMATION ObjectCreateInfo; POBJECT_HEADER ObjectHeader; NTSTATUS Status; PAGED_CODE(); // // Allocate a buffer to capture the object creation information. // ObjectCreateInfo = ObpAllocateObjectCreateInfoBuffer(); if (ObjectCreateInfo == NULL) { Status = STATUS_INSUFFICIENT_RESOURCES; } else { // // Capture the object attributes, quality of service, and object // name, if specified. Otherwise, initialize the captured object // name, the security quality of service, and the create attributes // to default values. // Status = ObpCaptureObjectCreateInformation( ObjectType, ProbeMode, ObjectAttributes, &CapturedObjectName, ObjectCreateInfo, FALSE ); if (NT_SUCCESS(Status)) { // // If the creation attributes are invalid, then return an error // status. // if (ObjectType->TypeInfo.InvalidAttributes & ObjectCreateInfo->Attributes) { Status = STATUS_INVALID_PARAMETER; } else { // // Set the paged and nonpaged pool quota charges for the // object allocation. // if (PagedPoolCharge == 0) { PagedPoolCharge = ObjectType->TypeInfo.DefaultPagedPoolCharge; } if (NonPagedPoolCharge == 0) { NonPagedPoolCharge = ObjectType->TypeInfo.DefaultNonPagedPoolCharge; } ObjectCreateInfo->PagedPoolCharge = PagedPoolCharge; ObjectCreateInfo->NonPagedPoolCharge = NonPagedPoolCharge; // // Allocate and initialize the object. // Status = ObpAllocateObject( ObjectCreateInfo, OwnershipMode, ObjectType, &CapturedObjectName, ObjectBodySize, &ObjectHeader ); if (NT_SUCCESS(Status)) { // // If a permanent object is being created, then check if // the caller has the appropriate privilege. // *Object = &ObjectHeader->Body; if (ObjectHeader->Flags & OB_FLAG_PERMANENT_OBJECT) { if (!SeSinglePrivilegeCheck( SeCreatePermanentPrivilege, ProbeMode)) { ObpFreeObject(*Object); Status = STATUS_PRIVILEGE_NOT_HELD; } } // // Here is the only successful path out of this module but // this path can also return privilege not held. // return Status; } } // // An error path, free the create information. // ObpReleaseObjectCreateInformation(ObjectCreateInfo); if (CapturedObjectName.Buffer != NULL) { ObpFreeObjectNameBuffer(&CapturedObjectName); } } // // An error path, free object creation information buffer. // ObpFreeObjectCreateInfoBuffer(ObjectCreateInfo); } // // An error path // return Status; }

NTKERNELAPI NTSTATUS ObCreateObjectType (  IN PUNICODE_STRING  TypeName, IN POBJECT_TYPE_INITIALIZER  ObjectTypeInitializer, IN PSECURITY_DESCRIPTOR SecurityDescriptor  OPTIONAL, OUT POBJECT_TYPE *  ObjectType )

Definition at line 69 of file obtype.c. References _OBJECT_HEADER::Body, _OBJECT_TYPE_INITIALIZER::DefaultNonPagedPoolCharge, _OBJECT_TYPE::DefaultObject, _OBJECT_TYPE_INITIALIZER::DefaultPagedPoolCharge, Event(), ExAllocatePoolWithTag, ExFreePool(), ExInitializeResourceLite(), _OBJECT_HEADER::Flags, _OBJECT_TYPE::Index, KernelMode, L, _OBJECT_TYPE_INITIALIZER::MaintainTypeList, _OBJECT_TYPE::Mutex, _OBJECT_TYPE::Name, NonPagedPool, NT_SUCCESS, NtGlobalFlag, NTSTATUS(), NULL, OB_FLAG_KERNEL_OBJECT, OB_FLAG_PERMANENT_OBJECT, OBJECT_HEADER_TO_CREATOR_INFO, OBJECT_TYPE, OBP_MAX_DEFINED_OBJECT_TYPES, ObpAllocateObject(), ObpDefaultObject, ObpEnterObjectTypeMutex, ObpEnterRootDirectoryMutex, ObpInsertDirectoryEntry(), ObpLeaveObjectTypeMutex, ObpLeaveRootDirectoryMutex, ObpLookupDirectoryEntry(), ObpObjectTypes, ObpTypeDirectoryObject, ObpTypeObjectType, ObpValidateIrql, ObReferenceObject, PagedPool, POOL_TYPE, _OBJECT_TYPE_INITIALIZER::PoolType, RtlCopyUnicodeString(), RtlUnicodeStringToAnsiString(), _OBJECT_TYPE_INITIALIZER::SecurityProcedure, SeDefaultObjectMethod(), Status, _OBJECT_TYPE::TotalNumberOfObjects, TRUE, _OBJECT_HEADER::Type, _OBJECT_TYPE::TypeInfo, _OBJECT_TYPE::TypeList, _OBJECT_HEADER_CREATOR_INFO::TypeList, _OBJECT_TYPE_INITIALIZER::UseDefaultObject, and _OBJECT_TYPE_INITIALIZER::ValidAccessMask. Referenced by CmpCreateObjectTypes(), ExpEventInitialization(), ExpEventPairInitialization(), ExpInitializeCallbacks(), ExpMutantInitialization(), ExpProfileInitialization(), ExpSemaphoreInitialization(), ExpTimerInitialization(), ExpWin32Initialization(), IopCreateObjectTypes(), LpcInitSystem(), MiSectionInitialization(), MiSuperSectionInitialization(), ObInitSystem(), obtest(), PspInitPhase0(), and SepTokenInitialization(). : This routine creates a new object type. Arguments: TypeName - Supplies the name of the new object type ObjectTypeInitializer - Supplies a object initialization structure. This structure denotes the default object behavior including callbacks. SecurityDescriptor - Currently ignored ObjectType - Receives a pointer to the newly created object type. Return Value: An appropriate NTSTATUS value. --*/ { POOL_TYPE PoolType; POBJECT_HEADER_CREATOR_INFO CreatorInfo; POBJECT_HEADER NewObjectTypeHeader; POBJECT_TYPE NewObjectType; ULONG i; UNICODE_STRING ObjectName; PWCH s; NTSTATUS Status; ULONG StandardHeaderCharge; ObpValidateIrql( "ObCreateObjectType" ); // // Return an error if invalid type attributes or no type name specified. // No type name is okay if the type directory object does not exist // yet (see init.c). // PoolType = ObjectTypeInitializer->PoolType; if ((!TypeName) || (!TypeName->Length) || (TypeName->Length % sizeof( WCHAR )) || (ObjectTypeInitializer == NULL) || (ObjectTypeInitializer->InvalidAttributes & ~OBJ_VALID_ATTRIBUTES) || (ObjectTypeInitializer->Length != sizeof( *ObjectTypeInitializer )) || (ObjectTypeInitializer->MaintainHandleCount && (ObjectTypeInitializer->OpenProcedure == NULL && ObjectTypeInitializer->CloseProcedure == NULL )) || ((!ObjectTypeInitializer->UseDefaultObject) && (PoolType != NonPagedPool))) { return( STATUS_INVALID_PARAMETER ); } // // Make sure that the type name does not contain an // path name separator // s = TypeName->Buffer; i = TypeName->Length / sizeof( WCHAR ); while (i--) { if (*s++ == OBJ_NAME_PATH_SEPARATOR) { return( STATUS_OBJECT_NAME_INVALID ); } } // // See if TypeName string already exists in the \ObjectTypes directory // Return an error if it does. Otherwise add the name to the directory. // Note that there may not necessarily be a type directory. // if (ObpTypeDirectoryObject) { ObpEnterRootDirectoryMutex(); if (ObpLookupDirectoryEntry( ObpTypeDirectoryObject, TypeName, OBJ_CASE_INSENSITIVE )) { ObpLeaveRootDirectoryMutex(); return( STATUS_OBJECT_NAME_COLLISION ); } } // // Allocate a buffer for the type name and then // copy over the name // ObjectName.Buffer = ExAllocatePoolWithTag( PagedPool, (ULONG)TypeName->MaximumLength, 'mNbO' ); if (ObjectName.Buffer == NULL) { if (ObpTypeDirectoryObject) ObpLeaveRootDirectoryMutex(); return STATUS_INSUFFICIENT_RESOURCES; } ObjectName.MaximumLength = TypeName->MaximumLength; RtlCopyUnicodeString( &ObjectName, TypeName ); // // Allocate memory for the object // Status = ObpAllocateObject( NULL, KernelMode, ObpTypeObjectType, &ObjectName, sizeof( OBJECT_TYPE ), &NewObjectTypeHeader ); if (!NT_SUCCESS( Status )) { if (ObpTypeDirectoryObject) ObpLeaveRootDirectoryMutex(); ExFreePool(ObjectName.Buffer); return( Status ); } // // Initialize the create attributes, object ownership. parse context, // and object body pointer. // // N.B. This is required since these fields are not initialized. // NewObjectTypeHeader->Flags |= OB_FLAG_KERNEL_OBJECT | OB_FLAG_PERMANENT_OBJECT; NewObjectType = (POBJECT_TYPE)&NewObjectTypeHeader->Body; NewObjectType->Name = ObjectName; // // The following call zeros out the number of handles and objects // field plus high water marks // RtlZeroMemory( &NewObjectType->TotalNumberOfObjects, FIELD_OFFSET( OBJECT_TYPE, TypeInfo ) - FIELD_OFFSET( OBJECT_TYPE, TotalNumberOfObjects )); // // If there is not a type object type yet then this must be // that type (i.e., type object type must be the first object type // ever created. Consequently we'll need to setup some self // referencing pointers. // if (!ObpTypeObjectType) { ObpTypeObjectType = NewObjectType; NewObjectTypeHeader->Type = ObpTypeObjectType; NewObjectType->TotalNumberOfObjects = 1; #ifdef POOL_TAGGING NewObjectType->Key = 'TjbO'; } else { // // Otherwise this is not the type object type so we'll // try and generate a tag for the new object type provided // pool tagging is turned on. // ANSI_STRING AnsiName; if (NT_SUCCESS( RtlUnicodeStringToAnsiString( &AnsiName, TypeName, TRUE ) )) { for (i=3; i>=AnsiName.Length; i--) { AnsiName.Buffer[ i ] = ' '; } NewObjectType->Key = *(PULONG)AnsiName.Buffer; ExFreePool( AnsiName.Buffer ); } else { NewObjectType->Key = *(PULONG)TypeName->Buffer; } #endif //POOL_TAGGING } // // Continue initializing the new object type fields // NewObjectType->TypeInfo = *ObjectTypeInitializer; NewObjectType->TypeInfo.PoolType = PoolType; if (NtGlobalFlag & FLG_MAINTAIN_OBJECT_TYPELIST) { NewObjectType->TypeInfo.MaintainTypeList = TRUE; } // // Whack quotas passed in so that headers are properly charged // // Quota for object name is charged independently // StandardHeaderCharge = sizeof( OBJECT_HEADER ) + sizeof( OBJECT_HEADER_NAME_INFO ) + (ObjectTypeInitializer->MaintainHandleCount ? sizeof( OBJECT_HEADER_HANDLE_INFO ) : 0 ); if ( PoolType == NonPagedPool ) { NewObjectType->TypeInfo.DefaultNonPagedPoolCharge += StandardHeaderCharge; } else { NewObjectType->TypeInfo.DefaultPagedPoolCharge += StandardHeaderCharge; } // // If there is not an object type specific security procedure then set // the default one supplied by Se. // if (ObjectTypeInitializer->SecurityProcedure == NULL) { NewObjectType->TypeInfo.SecurityProcedure = SeDefaultObjectMethod; } // // Initialize the object type lock and its list of objects created // of this type // ExInitializeResourceLite( &NewObjectType->Mutex ); InitializeListHead( &NewObjectType->TypeList ); // // If we are to use the default object (meaning that we'll have our // private event as our default object) then the type must allow // synchronize and we'll set the default object // if (NewObjectType->TypeInfo.UseDefaultObject) { NewObjectType->TypeInfo.ValidAccessMask |= SYNCHRONIZE; NewObjectType->DefaultObject = &ObpDefaultObject; // // Otherwise if this is the type file object then we'll put // in the offset to the event of a file object. // // **** What a hack // } else if (ObjectName.Length == 8 && !wcscmp( ObjectName.Buffer, L"File" )) { NewObjectType->DefaultObject = ULongToPtr( FIELD_OFFSET( FILE_OBJECT, Event ) ); // // If this is a waitable port, set the offset to the event in the // waitableport object. Another hack // } else if ( ObjectName.Length == 24 && !wcscmp( ObjectName.Buffer, L"WaitablePort")) { NewObjectType->DefaultObject = ULongToPtr( FIELD_OFFSET( LPCP_PORT_OBJECT, WaitEvent ) ); // // Otherwise indicate that there isn't a default object to wait // on // } else { NewObjectType->DefaultObject = NULL; } // // Lock down the type object type and if there is a creator info // record then insert this object on that list // ObpEnterObjectTypeMutex( ObpTypeObjectType ); CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO( NewObjectTypeHeader ); if (CreatorInfo != NULL) { InsertTailList( &ObpTypeObjectType->TypeList, &CreatorInfo->TypeList ); } // // Store a pointer to this new object type in the // global object types array. We'll use the index from // the type object type number of objects count // NewObjectType->Index = ObpTypeObjectType->TotalNumberOfObjects; if (NewObjectType->Index < OBP_MAX_DEFINED_OBJECT_TYPES) { ObpObjectTypes[ NewObjectType->Index - 1 ] = NewObjectType; } // // Unlock the type object type lock // ObpLeaveObjectTypeMutex( ObpTypeObjectType ); // // Lastly if there is not a directory object type yet then the following // code will actually drop through and set the output object type // and return success. // // Otherwise, there is a directory object type and we try to insert the // new type into the directory. If this succeeds then we'll reference // the directory type object, unlock the root directory, set the // output type and return success // if (!ObpTypeDirectoryObject || ObpInsertDirectoryEntry( ObpTypeDirectoryObject, NewObjectType )) { if (ObpTypeDirectoryObject) { ObReferenceObject( ObpTypeDirectoryObject ); } if (ObpTypeDirectoryObject) { ObpLeaveRootDirectoryMutex(); } *ObjectType = NewObjectType; return( STATUS_SUCCESS ); } else { // // Otherwise there is a directory object type and // the insertion failed. So release the root directory // and return failure to our caller. // ObpLeaveRootDirectoryMutex(); return( STATUS_INSUFFICIENT_RESOURCES ); } }

NTKERNELAPI VOID ObDeleteCapturedInsertInfo (  IN PVOID  Object  )

Definition at line 713 of file obcreate.c. References _OBJECT_HEADER::Flags, NULL, OB_FLAG_NEW_OBJECT, OBJECT_TO_OBJECT_HEADER, _OBJECT_HEADER::ObjectCreateInfo, ObpFreeObjectCreateInformation, and PAGED_CODE. Referenced by CcInitializeCacheMap(), SepCreateClientSecurity(), and SepCreateToken(). : This function frees the creation information that could be pointed at by the object header. Arguments: Object - Supplies the object being modified Return Value: None. --*/ { POBJECT_HEADER ObjectHeader; PAGED_CODE(); // // Get the address of the object header and free the object create // information object if the object is being created. // ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object); if (ObjectHeader->Flags & OB_FLAG_NEW_OBJECT) { if (ObjectHeader->ObjectCreateInfo != NULL) { ObpFreeObjectCreateInformation(ObjectHeader->ObjectCreateInfo); ObjectHeader->ObjectCreateInfo = NULL; } } return; }

VOID ObDereferenceDeviceMap (  IN PEPROCESS  Process  )

Definition at line 416 of file obdevmap.c. References _OBJECT_DIRECTORY::DeviceMap, _DEVICE_MAP::DosDevicesDirectory, ExFreePool(), NULL, ObDereferenceObject, ObpDeviceMapLock, and _DEVICE_MAP::ReferenceCount. Referenced by ObSetDeviceMap(), and PspProcessDelete(). : This function is called at process tear down time to decrement the reference count on a device map. When the reference count goes to zero, it means no more processes are using this, so it can be freed and the reference on the associated object directory can be released. Arguments: Process - Process being destroyed. Return Value: None. --*/ { PDEVICE_MAP DeviceMap; KIRQL OldIrql; // // Grab the device map and then we only have work to do // it there is one // DeviceMap = Process->DeviceMap; if (DeviceMap != NULL) { // // To dereference the device map we need to null out the // processes device map pointer, and decrement its ref count // If the ref count goes to zero we can free up the memory // and dereference the dos device directory object // ExAcquireSpinLock( &ObpDeviceMapLock, &OldIrql ); Process->DeviceMap = NULL; DeviceMap->ReferenceCount--; if (DeviceMap->ReferenceCount == 0) { DeviceMap->DosDevicesDirectory->DeviceMap = NULL; ExReleaseSpinLock( &ObpDeviceMapLock, OldIrql ); ObDereferenceObject( DeviceMap->DosDevicesDirectory ); ExFreePool( DeviceMap ); } else { ExReleaseSpinLock( &ObpDeviceMapLock, OldIrql ); } } // // And return to our caller // return; }

NTSTATUS ObDumpObjectByHandle (  IN HANDLE  Handle, IN POB_DUMP_CONTROL Control  OPTIONAL )

NTSTATUS ObDumpObjectByPointer (  IN PVOID  Object, IN POB_DUMP_CONTROL Control  OPTIONAL )

NTKERNELAPI VOID FASTCALL ObfDereferenceObject (  IN PVOID  Object  )

Definition at line 1124 of file obref.c. References APC_LEVEL, ASSERT, CriticalWorkQueue, ExInitializeWorkItem, ExQueueWorkItem(), FALSE, _LPCP_PORT_OBJECT::Flags, _OBJECT_HEADER::HandleCount, LpcpAcquireLpcpLock, LpcPortObjectType, LpcpReleaseLpcpLock, LpcWaitablePortObjectType, NonPagedPool, NULL, OBJECT_HEADER_TO_NAME_INFO, OBJECT_TO_OBJECT_HEADER, ObpDecrPointerCountWithResult, ObpLock, ObpProcessRemoveObjectQueue(), ObpRemoveObjectQueue, ObpRemoveObjectRoutine(), ObpRemoveObjectWorkItem, ObpRemoveQueueActive, PASSIVE_LEVEL, _OBJECT_TYPE_INITIALIZER::PoolType, PORT_DELETED, _OBJECT_HEADER::SEntry, TRUE, _OBJECT_HEADER::Type, and _OBJECT_TYPE::TypeInfo. Referenced by ObDereferenceObject(). : This routine decrments the refernce count of the specified object and does whatever cleanup there is if the count goes to zero. Arguments: Object - Supplies a pointer to the body of the object being dereferenced Return Value: None. --*/ { POBJECT_HEADER ObjectHeader; POBJECT_TYPE ObjectType; KIRQL OldIrql; BOOLEAN StartWorkerThread; PLPCP_PORT_OBJECT Port = NULL; #if DBG POBJECT_HEADER_NAME_INFO NameInfo; #endif // // Translate a pointer to the object body to a pointer to the object // header. // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); #if DBG NameInfo = OBJECT_HEADER_TO_NAME_INFO( ObjectHeader ); if (NameInfo) { InterlockedDecrement(&NameInfo->DbgDereferenceCount) ; } #endif // // Decrement the point count and if the result is now then // there is extra work to do // ObjectType = ObjectHeader->Type; if ( (ObjectType == LpcPortObjectType) || (ObjectType == LpcWaitablePortObjectType) ) { Port = Object; LpcpAcquireLpcpLock(); } if (ObpDecrPointerCountWithResult( ObjectHeader )) { // // Find out the level we're at and the object type // OldIrql = KeGetCurrentIrql(); ASSERT(ObjectHeader->HandleCount == 0); if (Port != NULL) { Port->Flags |= PORT_DELETED; Port = NULL; LpcpReleaseLpcpLock(); } // // If we're at the passive level then go ahead and delete the // object now. Or if we're at APC level and object say's we're // allocated out of paged pool then also go ahead and delete // the object right now. // if ((OldIrql == PASSIVE_LEVEL) || ((OldIrql == APC_LEVEL) && ((ObjectType != NULL) && (ObjectType->TypeInfo.PoolType != NonPagedPool)))) { ObpRemoveObjectRoutine( Object ); return; } else { // // Objects can't be deleted from an IRQL above APC_LEVEL. // Nonpaged objects can't be deleted from APC_LEVEL. // So queue the delete operation. // ASSERT((ObjectHeader->Type == NULL) || (ObjectHeader->Type->TypeInfo.PoolType == NonPagedPool)); // // Lock the work queue, enqueue the new work item, and if the // work queue is not active then make it active, indicate that // we need to start the worker thread, and unlock the work // queue. // ExAcquireSpinLock( &ObpLock, &OldIrql ); PushEntryList((PSINGLE_LIST_ENTRY)&ObpRemoveObjectQueue, (PSINGLE_LIST_ENTRY)&ObjectHeader->SEntry ); if (!ObpRemoveQueueActive) { ObpRemoveQueueActive = TRUE; StartWorkerThread = TRUE; } else { StartWorkerThread = FALSE; } #if 0 if (StartWorkerThread) { KdPrint(( "OB: %08x Starting ObpProcessRemoveObjectQueue thread.\n", Object )); } else { KdPrint(( "OB: %08x Queued to ObpProcessRemoveObjectQueue thread.\n", Object )); } #endif // 1 ExReleaseSpinLock( &ObpLock, OldIrql ); // // If we have to start the worker thread then go ahead // and enqueue the work item // if (StartWorkerThread) { ExInitializeWorkItem( &ObpRemoveObjectWorkItem, ObpProcessRemoveObjectQueue, NULL ); ExQueueWorkItem( &ObpRemoveObjectWorkItem, CriticalWorkQueue ); } } } if ( Port != NULL ) { LpcpReleaseLpcpLock(); } return; }

NTKERNELAPI BOOLEAN ObFindHandleForObject (  IN PEPROCESS  Process, IN PVOID  Object, IN POBJECT_TYPE ObjectType  OPTIONAL, IN POBJECT_HANDLE_INFORMATION MatchCriteria  OPTIONAL, OUT PHANDLE  Handle )

VOID FASTCALL ObFreeObjectCreateInfoBuffer (  IN POBJECT_CREATE_INFORMATION  ObjectCreateInfo  )

Definition at line 1279 of file obcreate.c. References ObpFreeObjectCreateInfoBuffer. Referenced by IoCreateStreamFileObjectLite(). 01285 : 01286 01287 This function frees a create information buffer. Called from IO component 01288 01289 N.B. This function is nonpageable. 01290 01291 Arguments: 01292 01293 ObjectCreateInfo - Supplies a pointer to a create information buffer. 01294 01295 Return Value: 01296 01297 None. 01298 01299 --*/ 01300 01301 { 01302 ObpFreeObjectCreateInfoBuffer( ObjectCreateInfo ); 01303 01304 return; 01305 } }

NTKERNELAPI ULONG ObGetObjectPointerCount (  IN PVOID  Object  )

Definition at line 58 of file obref.c. References OBJECT_TO_OBJECT_HEADER, and PAGED_CODE. Referenced by PsEnforceExecutionTimeLimits(), PspApplyJobLimitsToProcessSet(), and PspTerminateAllProcessesInJob(). : This routine returns the current pointer count for a specified object. Arguments: Object - Pointer to the object whose pointer count is to be returned. Return Value: The current pointer count for the specified object is returned. Note: This function cannot be made a macro, since fields in the thread object move from release to release, so this must remain a full function. --*/ { PAGED_CODE(); // // Simply return the current pointer count for the object. // return OBJECT_TO_OBJECT_HEADER( Object )->PointerCount; }

NTSTATUS ObGetObjectSecurity (  IN PVOID  Object, OUT PSECURITY_DESCRIPTOR *  SecurityDescriptor, OUT PBOOLEAN  MemoryAllocated )

Definition at line 1258 of file obse.c. References ExAllocatePoolWithTag, ExFreePool(), FALSE, _OBJECT_TYPE_INITIALIZER::GenericMapping, NT_SUCCESS, NTSTATUS(), NULL, OBJECT_TO_OBJECT_HEADER, ObpBeginTypeSpecificCallOut, ObpCentralizedSecurity, ObpEndTypeSpecificCallOut, ObpReferenceSecurityDescriptor(), PAGED_CODE, PagedPool, _OBJECT_TYPE_INITIALIZER::PoolType, QuerySecurityDescriptor, _OBJECT_HEADER::SecurityDescriptor, _OBJECT_TYPE_INITIALIZER::SecurityProcedure, Status, TRUE, _OBJECT_HEADER::Type, and _OBJECT_TYPE::TypeInfo. Referenced by ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObInsertObject(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), ObpProcessDosDeviceSymbolicLink(), PspCreateProcess(), PspCreateThread(), and PspSetPrimaryToken(). : Given an object, this routine will find its security descriptor. It will do this by calling the object's security method. It is possible for an object not to have a security descriptor at all. Unnamed objects such as events that can only be referenced by a handle are an example of an object that does not have a security descriptor. Arguments: Object - Supplies the object body being queried. SecurityDescriptor - Returns a pointer to the object's security descriptor. MemoryAllocated - indicates whether we had to allocate pool memory to hold the security descriptor or not. This should be passed back into ObReleaseObjectSecurity. Return Value: STATUS_SUCCESS - The operation was successful. Note that the operation may be successful and still return a NULL security descriptor. STATUS_INSUFFICIENT_RESOURCES - Insufficient memory was available to satisfy the request. --*/ { SECURITY_INFORMATION SecurityInformation; ULONG Length = 0; NTSTATUS Status; POBJECT_TYPE ObjectType; POBJECT_HEADER ObjectHeader; KIRQL SaveIrql; PAGED_CODE(); // // Map the object body to its object header and corresponding // object type // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); ObjectType = ObjectHeader->Type; // // If the object is one that uses the default object method, // its security descriptor is contained in ob's security // descriptor cache. // // Reference it so that it doesn't go away out from under us. // if (ObpCentralizedSecurity(ObjectType)) { *SecurityDescriptor = ObpReferenceSecurityDescriptor( Object ); *MemoryAllocated = FALSE; return( STATUS_SUCCESS ); } // // Request a complete security descriptor // SecurityInformation = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION; // // Call the security method with Length = 0 to find out // how much memory we need to store the final result. // // Note that the ObjectsSecurityDescriptor parameter is NULL, // because we expect whoever is on the other end of this call // to find the security descriptor for us. We pass in a pool // type to keep the compiler happy, it will not be used for a // query operation. // ObpBeginTypeSpecificCallOut( SaveIrql ); Status = (*ObjectType->TypeInfo.SecurityProcedure)( Object, QuerySecurityDescriptor, &SecurityInformation, *SecurityDescriptor, &Length, &ObjectHeader->SecurityDescriptor, // not used ObjectType->TypeInfo.PoolType, &ObjectType->TypeInfo.GenericMapping ); ObpEndTypeSpecificCallOut( SaveIrql, "Security", ObjectType, Object ); if (Status != STATUS_BUFFER_TOO_SMALL) { return( Status ); } // // Now that we know how large the security descriptor is we // can allocate space for it // *SecurityDescriptor = ExAllocatePoolWithTag( PagedPool, Length, 'qSbO' ); if (*SecurityDescriptor == NULL) { return( STATUS_INSUFFICIENT_RESOURCES ); } *MemoryAllocated = TRUE; // // The security method will return an absolute format // security descriptor that just happens to be in a self // contained buffer (not to be confused with a self-relative // security descriptor). // ObpBeginTypeSpecificCallOut( SaveIrql ); Status = (*ObjectType->TypeInfo.SecurityProcedure)( Object, QuerySecurityDescriptor, &SecurityInformation, *SecurityDescriptor, &Length, &ObjectHeader->SecurityDescriptor, ObjectType->TypeInfo.PoolType, &ObjectType->TypeInfo.GenericMapping ); ObpEndTypeSpecificCallOut( SaveIrql, "Security", ObjectType, Object ); if (!NT_SUCCESS( Status )) { ExFreePool( *SecurityDescriptor ); *MemoryAllocated = FALSE; } return( Status ); }

VOID ObInheritDeviceMap (  IN PEPROCESS  NewProcess, IN PEPROCESS  ParentProcess )

Definition at line 343 of file obdevmap.c. References NULL, ObpDeviceMapLock, ObSystemDeviceMap, and _DEVICE_MAP::ReferenceCount. Referenced by PspCreateProcess(). : This function is called at process initialization time to inherit the device map for a process. If no parent process, then inherits from the system device map. Arguments: NewProcess - Supplies the process being initialized that needs a new dos device map ParentProcess - - Optionally specifies the parent process whose device map we inherit. This process if specified must have a device map Return Value: None. --*/ { PDEVICE_MAP DeviceMap; KIRQL OldIrql; // // If we are called with a parent process then grab its device map // otherwise grab the system wide device map and check that is does // exist // if (ParentProcess) { DeviceMap = ParentProcess->DeviceMap; } else { // // Note: WindowStation guys may want a callout here to get the // device map to use for this case. // DeviceMap = ObSystemDeviceMap; if (DeviceMap == NULL) { return; } } // // With the device map bumps its reference count and add it to the // new process // ExAcquireSpinLock( &ObpDeviceMapLock, &OldIrql ); DeviceMap->ReferenceCount++; NewProcess->DeviceMap = DeviceMap; ExReleaseSpinLock( &ObpDeviceMapLock, OldIrql ); return; }

NTSTATUS ObInitProcess (  PEPROCESS ParentProcess  OPTIONAL, PEPROCESS  NewProcess )

Definition at line 815 of file obinit.c. References ExCreateHandleTable(), ExDupHandleTable(), Executive, ExEnumHandleTable(), FALSE, KeEnterCriticalRegion, KeLeaveCriticalRegion, KeReleaseMutant(), KernelMode, KeWaitForSingleObject(), MaxPoolType, NULL, ObAuditInheritedHandleProcedure(), ObDupHandleProcedure(), _EPROCESS::ObjectTable, ObpInitKillMutant, _SE_PROCESS_AUDIT_INFO::Parent, _SE_PROCESS_AUDIT_INFO::Process, SE_PROCESS_AUDIT_INFO, and SeDetailedAuditing. Referenced by PspCreateProcess(). : This function initializes a process object table. If the ParentProcess is specified, then all object handles with the OBJ_INHERIT attribute are copied from the parent object table to the new process' object table. The HandleCount field of each object copied is incremented by one. Both object table mutexes remained locked for the duration of the copy operation. Arguments: ParentProcess - optional pointer to a process object that is the parent process to inherit object handles from. NewProcess - pointer to the process object being initialized. Return Value: Status code. The following errors can occur: - insufficient memory --*/ { PHANDLE_TABLE OldObjectTable; PHANDLE_TABLE NewObjectTable; ULONG PoolCharges[ MaxPoolType ]; SE_PROCESS_AUDIT_INFO ProcessAuditInfo; RtlZeroMemory( PoolCharges, sizeof( PoolCharges ) ); // // If we have a parent process then we need to lock it down // check that it is not going away and then make a copy // of its handle table. If there isn't a parent then // we'll start with an empty handle table. // if (ARGUMENT_PRESENT( ParentProcess )) { KeEnterCriticalRegion(); KeWaitForSingleObject( &ObpInitKillMutant, Executive, KernelMode, FALSE, NULL ); OldObjectTable = ParentProcess->ObjectTable; if ( !OldObjectTable ) { KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); KeLeaveCriticalRegion(); return STATUS_PROCESS_IS_TERMINATING; } NewObjectTable = ExDupHandleTable( NewProcess, OldObjectTable, ObDupHandleProcedure ); } else { OldObjectTable = NULL; NewObjectTable = ExCreateHandleTable( NewProcess ); } // // Check that we really have a new handle table otherwise // we must be out of resources // if (NewObjectTable) { // // Set the new processes object table and if we are // auditing then enumerate the new table calling // the audit procedure // NewProcess->ObjectTable = NewObjectTable; if ( SeDetailedAuditing ) { ProcessAuditInfo.Process = NewProcess; ProcessAuditInfo.Parent = ParentProcess; ExEnumHandleTable( NewObjectTable, ObAuditInheritedHandleProcedure, (PVOID)&ProcessAuditInfo, (PHANDLE)NULL ); } // // Free the old table if it exists and then // return our caller // if ( OldObjectTable ) { KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); KeLeaveCriticalRegion(); } return( STATUS_SUCCESS ); } else { // // We're out of resources to null out the new object table field, // unlock the old object table, and tell our caller that this // didn't work // NewProcess->ObjectTable = NULL; if ( OldObjectTable ) { KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); KeLeaveCriticalRegion(); } return( STATUS_INSUFFICIENT_RESOURCES ); } }

VOID ObInitProcess2 (  PEPROCESS  NewProcess  )

Definition at line 953 of file obinit.c. References ExSetHandleTableOrder, _EPROCESS::ObjectTable, and _EPROCESS::SubSystemVersion. Referenced by PspCreateProcess(). : This function is called after an image file has been mapped into the address space of a newly created process. Allows the object manager to set LIFO/FIFO ordering for handle allocation based on the SubSystemVersion number in the image. Arguments: NewProcess - pointer to the process object being initialized. Return Value: None. --*/ { // // Set LIFO ordering of handles for images <= SubSystemVersion 3.50 // if (NewProcess->ObjectTable) { ExSetHandleTableOrder( NewProcess->ObjectTable, (BOOLEAN)(NewProcess->SubSystemVersion <= 0x332) ); } return; }

BOOLEAN ObInitSystem (  VOID   )

Definition at line 117 of file obinit.c. References ASSERT, _OBJECT_HEADER::Body, _OBJECT_HEADER_NAME_INFO::Directory, ExAllocatePoolWithTag, ExCreateHandleTable(), ExInitializeNPagedLookasideList(), ExInitializeResourceLite(), FALSE, Index, InitializationPhase, KeGetCurrentPrcb, KeInitializeEvent, KeInitializeMutant(), KeInitializeSpinLock(), KeNumberProcessors, KernelMode, KiProcessorBlock, _NPAGED_LOOKASIDE_LIST::L, L, LookasideCreateInfoList, LookasideNameBufferList, MM_SYSTEMSIZE, MmIsThisAnNtAsSystem(), MmLargeSystem, MmQuerySystemSize(), _OBJECT_HEADER_NAME_INFO::Name, NonPagedPool, NPAGED_LOOKASIDE_LIST, NT_SUCCESS, NtClose(), NtCreateDirectoryObject(), NTSTATUS(), NULL, ObCreateObjectType(), OBJECT_HEADER_TO_NAME_INFO, OBJECT_NAME_BUFFER_SIZE, ObjectAttributes, ObpAuditBaseDirectories, ObpAuditBaseObjects, ObpCreateDosDevicesDirectory(), ObpCreateInfoLookasideList, ObpDefaultObject, ObpDeleteSymbolicLink(), ObpDeviceMapLock, ObpDirectoryMapping, ObpDirectoryObjectType, ObpEnterRootDirectoryMutex, ObpInitKillMutant, ObpInitSecurityDescriptorCache(), ObpInsertDirectoryEntry(), ObpKernelHandleTable, ObpLeaveRootDirectoryMutex, ObpLock, ObpLookupDirectoryEntry(), ObpNameBufferLookasideList, ObpParseSymbolicLink(), ObpRemoveObjectQueue, ObpRootDirectoryMutex, ObpRootDirectoryObject, ObpSymbolicLinkMapping, ObpSymbolicLinkObjectType, ObpTypeDirectoryObject, ObpTypeMapping, ObpTypeObjectType, ObReferenceObjectByHandle(), PAGE_SIZE, PagedPool, _EPROCESS_QUOTA_BLOCK::PagefileLimit, PsGetCurrentProcess, PsGetCurrentThread, PspDefaultQuotaBlock, _EPROCESS_QUOTA_BLOCK::QuotaLock, _EPROCESS_QUOTA_BLOCK::QuotaPoolLimit, _EPROCESS_QUOTA_BLOCK::ReferenceCount, RtlAddAuditAccessAce(), RtlCreateAcl(), RtlCreateSecurityDescriptor(), RtlGetAce(), RtlInitUnicodeString(), RtlSetDaclSecurityDescriptor(), RtlSetSaclSecurityDescriptor(), SeLengthSid, SePublicDefaultUnrestrictedDacl, SePublicDefaultUnrestrictedSd, SeWorldSid, Status, TRUE, _OBJECT_TYPE::TypeList, and USHORT. : This function performs the system initialization for the object manager. The object manager data structures are self describing with the exception of the root directory, the type object type and the directory object type. The initialization code then constructs these objects by hand to get the ball rolling. Arguments: None. Return Value: TRUE if successful and FALSE if an error occurred. The following errors can occur: - insufficient memory --*/ { USHORT CreateInfoMaxDepth; USHORT NameBufferMaxDepth; ULONG RegionSegmentSize; OBJECT_TYPE_INITIALIZER ObjectTypeInitializer; UNICODE_STRING TypeTypeName; UNICODE_STRING SymbolicLinkTypeName; UNICODE_STRING DosDevicesDirectoryName; UNICODE_STRING DirectoryTypeName; UNICODE_STRING RootDirectoryName; UNICODE_STRING TypeDirectoryName; NTSTATUS Status; OBJECT_ATTRIBUTES ObjectAttributes; HANDLE RootDirectoryHandle; HANDLE TypeDirectoryHandle; PLIST_ENTRY Next, Head; POBJECT_HEADER ObjectTypeHeader; POBJECT_HEADER_CREATOR_INFO CreatorInfo; POBJECT_HEADER_NAME_INFO NameInfo; MM_SYSTEMSIZE SystemSize; SECURITY_DESCRIPTOR AuditSd; PSECURITY_DESCRIPTOR EffectiveSd; PACL AuditAllAcl; UCHAR AuditAllBuffer[250]; // Ample room for the ACL ULONG AuditAllLength; PACE_HEADER Ace; PNPAGED_LOOKASIDE_LIST Lookaside; ULONG Index; PKPRCB Prcb; // // Determine the the size of the object creation and the name buffer // lookaside lists. // SystemSize = MmQuerySystemSize(); if (SystemSize == MmLargeSystem) { if (MmIsThisAnNtAsSystem()) { CreateInfoMaxDepth = 64; NameBufferMaxDepth = 32; } else { CreateInfoMaxDepth = 32; NameBufferMaxDepth = 16; } } else { CreateInfoMaxDepth = 3; NameBufferMaxDepth = 3; } // // PHASE 0 Initialization // if (InitializationPhase == 0) { // // Initialize the object creation lookaside list. // ExInitializeNPagedLookasideList( &ObpCreateInfoLookasideList, NULL, NULL, 0, sizeof(OBJECT_CREATE_INFORMATION), 'iCbO', CreateInfoMaxDepth ); // // Initialize the name buffer lookaside list. // ExInitializeNPagedLookasideList( &ObpNameBufferLookasideList, NULL, NULL, 0, OBJECT_NAME_BUFFER_SIZE, 'mNbO', NameBufferMaxDepth ); // // Initialize the system create info and name buffer lookaside lists // for the current processor. // // N.B. Temporarily during the initialization of the system both // lookaside list pointers in the processor block point to // the same lookaside list structure. Later in initialization // another lookaside list structure is allocated and filled // for the per processor list. // Prcb = KeGetCurrentPrcb(); Prcb->PPLookasideList[LookasideCreateInfoList].L = &ObpCreateInfoLookasideList; Prcb->PPLookasideList[LookasideCreateInfoList].P = &ObpCreateInfoLookasideList; Prcb->PPLookasideList[LookasideNameBufferList].L = &ObpNameBufferLookasideList; Prcb->PPLookasideList[LookasideNameBufferList].P = &ObpNameBufferLookasideList; // // Initialize the object removal queue listhead. // ObpRemoveObjectQueue = NULL; // // Initialize security descriptor cache // ObpInitSecurityDescriptorCache(); KeInitializeMutant( &ObpInitKillMutant, FALSE ); KeInitializeEvent( &ObpDefaultObject, NotificationEvent, TRUE ); KeInitializeSpinLock( &ObpLock ); PsGetCurrentProcess()->GrantedAccess = PROCESS_ALL_ACCESS; PsGetCurrentThread()->GrantedAccess = THREAD_ALL_ACCESS; KeInitializeSpinLock( &ObpDeviceMapLock ); // // Initialize the quota block and have the eprocess structure // point to it. // KeInitializeSpinLock(&PspDefaultQuotaBlock.QuotaLock); PspDefaultQuotaBlock.ReferenceCount = 1; PspDefaultQuotaBlock.QuotaPoolLimit[PagedPool] = (ULONG)-1; PspDefaultQuotaBlock.QuotaPoolLimit[NonPagedPool] = (ULONG)-1; PspDefaultQuotaBlock.PagefileLimit = (ULONG)-1; PsGetCurrentProcess()->QuotaBlock = &PspDefaultQuotaBlock; // // Initialize the handle table for the system process and also the global // kernel handle table // PsGetCurrentProcess()->ObjectTable = ExCreateHandleTable( NULL ); ObpKernelHandleTable = ExCreateHandleTable( NULL ); // // Create an object type for the "Type" object. This is the start of // of the object types and goes in the ObpTypeDirectoryObject. // RtlZeroMemory( &ObjectTypeInitializer, sizeof( ObjectTypeInitializer ) ); ObjectTypeInitializer.Length = sizeof( ObjectTypeInitializer ); ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK; ObjectTypeInitializer.PoolType = NonPagedPool; RtlInitUnicodeString( &TypeTypeName, L"Type" ); ObjectTypeInitializer.ValidAccessMask = OBJECT_TYPE_ALL_ACCESS; ObjectTypeInitializer.GenericMapping = ObpTypeMapping; ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof( OBJECT_TYPE ); ObjectTypeInitializer.MaintainTypeList = TRUE; ObjectTypeInitializer.UseDefaultObject = TRUE; ObCreateObjectType( &TypeTypeName, &ObjectTypeInitializer, (PSECURITY_DESCRIPTOR)NULL, &ObpTypeObjectType ); // // Create the object type for the "Directory" object. // RtlInitUnicodeString( &DirectoryTypeName, L"Directory" ); ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof( OBJECT_DIRECTORY ); ObjectTypeInitializer.ValidAccessMask = DIRECTORY_ALL_ACCESS; ObjectTypeInitializer.GenericMapping = ObpDirectoryMapping; ObjectTypeInitializer.UseDefaultObject = FALSE; ObjectTypeInitializer.MaintainTypeList = FALSE; ObCreateObjectType( &DirectoryTypeName, &ObjectTypeInitializer, (PSECURITY_DESCRIPTOR)NULL, &ObpDirectoryObjectType ); // // Create the object type for the "SymbolicLink" object. // RtlInitUnicodeString( &SymbolicLinkTypeName, L"SymbolicLink" ); ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof( OBJECT_SYMBOLIC_LINK ); ObjectTypeInitializer.ValidAccessMask = SYMBOLIC_LINK_ALL_ACCESS; ObjectTypeInitializer.GenericMapping = ObpSymbolicLinkMapping; ObjectTypeInitializer.DeleteProcedure = ObpDeleteSymbolicLink; ObjectTypeInitializer.ParseProcedure = ObpParseSymbolicLink; ObCreateObjectType( &SymbolicLinkTypeName, &ObjectTypeInitializer, (PSECURITY_DESCRIPTOR)NULL, &ObpSymbolicLinkObjectType ); // // Initialize the resource that protects the object name space directory structure // ExInitializeResourceLite( &ObpRootDirectoryMutex ); #if i386 && !FPO // // Initialize the cached granted access structure. These variables are used // in place of the access mask in the object table entry. // ObpCurCachedGrantedAccessIndex = 0; ObpMaxCachedGrantedAccessIndex = PAGE_SIZE / sizeof( ACCESS_MASK ); ObpCachedGrantedAccesses = ExAllocatePoolWithTag( NonPagedPool, PAGE_SIZE, 'gAbO' ); #endif // i386 && !FPO } // End of Phase 0 Initialization  // // PHASE 1 Initialization // if (InitializationPhase == 1) { // // Initialize the per processor nonpaged lookaside lists and descriptors. // for (Index = 0; Index < (ULONG)KeNumberProcessors; Index += 1) { Prcb = KiProcessorBlock[Index]; // // Initialize the create information per processor lookaside pointers. // Prcb->PPLookasideList[LookasideCreateInfoList].L = &ObpCreateInfoLookasideList; Lookaside = (PNPAGED_LOOKASIDE_LIST)ExAllocatePoolWithTag( NonPagedPool, sizeof(NPAGED_LOOKASIDE_LIST), 'ICbO'); if (Lookaside != NULL) { ExInitializeNPagedLookasideList( Lookaside, NULL, NULL, 0, sizeof(OBJECT_CREATE_INFORMATION), 'ICbO', CreateInfoMaxDepth ); } else { Lookaside = &ObpCreateInfoLookasideList; } Prcb->PPLookasideList[LookasideCreateInfoList].P = Lookaside; // // Initialize the name buffer per processor lookaside pointers. // Prcb->PPLookasideList[LookasideNameBufferList].L = &ObpNameBufferLookasideList; Lookaside = (PNPAGED_LOOKASIDE_LIST)ExAllocatePoolWithTag( NonPagedPool, sizeof(NPAGED_LOOKASIDE_LIST), 'MNbO'); if (Lookaside != NULL) { ExInitializeNPagedLookasideList( Lookaside, NULL, NULL, 0, OBJECT_NAME_BUFFER_SIZE, 'MNbO', NameBufferMaxDepth); } else { Lookaside = &ObpNameBufferLookasideList; } Prcb->PPLookasideList[LookasideNameBufferList].P = Lookaside; } EffectiveSd = SePublicDefaultUnrestrictedSd; // // This code is only executed if base auditing is turned on. // if ((ObpAuditBaseDirectories != 0) || (ObpAuditBaseObjects != 0)) { // // build an SACL to audit // AuditAllAcl = (PACL)AuditAllBuffer; AuditAllLength = (ULONG)sizeof(ACL) + ((ULONG)sizeof(SYSTEM_AUDIT_ACE)) + SeLengthSid(SeWorldSid); ASSERT( sizeof(AuditAllBuffer) > AuditAllLength ); Status = RtlCreateAcl( AuditAllAcl, AuditAllLength, ACL_REVISION2); ASSERT( NT_SUCCESS(Status) ); Status = RtlAddAuditAccessAce ( AuditAllAcl, ACL_REVISION2, GENERIC_ALL, SeWorldSid, TRUE, TRUE ); //Audit success and failure ASSERT( NT_SUCCESS(Status) ); Status = RtlGetAce( AuditAllAcl, 0, (PVOID)&Ace ); ASSERT( NT_SUCCESS(Status) ); if (ObpAuditBaseDirectories != 0) { Ace->AceFlags |= (CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE); } if (ObpAuditBaseObjects != 0) { Ace->AceFlags |= (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | INHERIT_ONLY_ACE); } // // Now create a security descriptor that looks just like // the public default, but has auditing in it as well. // EffectiveSd = (PSECURITY_DESCRIPTOR)&AuditSd; Status = RtlCreateSecurityDescriptor( EffectiveSd, SECURITY_DESCRIPTOR_REVISION1 ); ASSERT( NT_SUCCESS(Status) ); Status = RtlSetDaclSecurityDescriptor( EffectiveSd, TRUE, // DaclPresent SePublicDefaultUnrestrictedDacl, FALSE ); // DaclDefaulted ASSERT( NT_SUCCESS(Status) ); Status = RtlSetSaclSecurityDescriptor( EffectiveSd, TRUE, // DaclPresent AuditAllAcl, FALSE ); // DaclDefaulted ASSERT( NT_SUCCESS(Status) ); } // // We only need to use the EffectiveSd on the root. The SACL // will be inherited by all other objects. // // // Create an directory object for the root directory // RtlInitUnicodeString( &RootDirectoryName, L"\\" ); InitializeObjectAttributes( &ObjectAttributes, &RootDirectoryName, OBJ_CASE_INSENSITIVE | OBJ_PERMANENT, NULL, EffectiveSd ); Status = NtCreateDirectoryObject( &RootDirectoryHandle, DIRECTORY_ALL_ACCESS, &ObjectAttributes ); if (!NT_SUCCESS( Status )) { return( FALSE ); } Status = ObReferenceObjectByHandle( RootDirectoryHandle, 0, ObpDirectoryObjectType, KernelMode, (PVOID *)&ObpRootDirectoryObject, NULL ); if (!NT_SUCCESS( Status )) { return( FALSE ); } Status = NtClose( RootDirectoryHandle ); if (!NT_SUCCESS( Status )) { return( FALSE ); } // // Create an directory object for the directory of object types // RtlInitUnicodeString( &TypeDirectoryName, L"\\ObjectTypes" ); InitializeObjectAttributes( &ObjectAttributes, &TypeDirectoryName, OBJ_CASE_INSENSITIVE | OBJ_PERMANENT, NULL, NULL ); Status = NtCreateDirectoryObject( &TypeDirectoryHandle, DIRECTORY_ALL_ACCESS, &ObjectAttributes ); if (!NT_SUCCESS( Status )) { return( FALSE ); } Status = ObReferenceObjectByHandle( TypeDirectoryHandle, 0, ObpDirectoryObjectType, KernelMode, (PVOID *)&ObpTypeDirectoryObject, NULL ); if (!NT_SUCCESS( Status )) { return( FALSE ); } Status = NtClose( TypeDirectoryHandle ); if (!NT_SUCCESS( Status )) { return( FALSE ); } // // Lock the object directory name space // ObpEnterRootDirectoryMutex(); // // For every object type that has already been created we will // insert it in the type directory. We do this looking down the // linked list of type objects and for every one that has a name // and isn't already in a directory we'll look the name up and // then put it in the directory. Be sure to skip the first // entry in the type object types lists. // Head = &ObpTypeObjectType->TypeList; Next = Head->Flink; while (Next != Head) { // // Right after the creator info is the object header. Get\ // the object header and then see if there is a name // CreatorInfo = CONTAINING_RECORD( Next, OBJECT_HEADER_CREATOR_INFO, TypeList ); ObjectTypeHeader = (POBJECT_HEADER)(CreatorInfo+1); NameInfo = OBJECT_HEADER_TO_NAME_INFO( ObjectTypeHeader ); // // Check if we have a name and we're not in a directory // if ((NameInfo != NULL) && (NameInfo->Directory == NULL)) { if (!ObpLookupDirectoryEntry( ObpTypeDirectoryObject, &NameInfo->Name, OBJ_CASE_INSENSITIVE )) { ObpInsertDirectoryEntry( ObpTypeDirectoryObject, &ObjectTypeHeader->Body ); } } Next = Next->Flink; } // // Unlock the object directory name space // ObpLeaveRootDirectoryMutex(); // // Create \DosDevices object directory for drive letters and Win32 device names // Status = ObpCreateDosDevicesDirectory(); if (!NT_SUCCESS( Status )) { return FALSE; } } return TRUE; }

NTKERNELAPI NTSTATUS ObInsertObject (  IN PVOID  Object, IN PACCESS_STATE PassedAccessState  OPTIONAL, IN ACCESS_MASK DesiredAccess  OPTIONAL, IN ULONG  ObjectPointerBias, OUT PVOID *NewObject  OPTIONAL, OUT PHANDLE  Handle )

VOID ObKillProcess (  BOOLEAN  AcquireLock, PEPROCESS  Process )

Definition at line 1022 of file obinit.c. References ExDestroyHandleTable(), Executive, FALSE, IoSetThreadHardErrorMode(), KeEnterCriticalRegion, KeLeaveCriticalRegion, KeReleaseMutant(), KernelMode, KeWaitForSingleObject(), NULL, ObDestroyHandleProcedure(), _EPROCESS::ObjectTable, ObpInitKillMutant, ObpValidateIrql, and PAGED_CODE. Referenced by PspCreateProcess(), PspExitProcess(), and PspExitThread(). : This function is called whenever a process is destroyed. It loops over the process' object table and closes all the handles. Arguments: AcquireLock - TRUE if there are other pointers to this process and therefore this operation needs to be synchronized. False if this is being called from the Process delete routine and therefore this is the only pointer to the process. Process - Pointer to the process that is being destroyed. Return Value: None. --*/ { PVOID ObjectTable; BOOLEAN PreviousIOHardError; PAGED_CODE(); ObpValidateIrql( "ObKillProcess" ); // // Check if we need to get the lock // if (AcquireLock) { KeEnterCriticalRegion(); KeWaitForSingleObject( &ObpInitKillMutant, Executive, KernelMode, FALSE, NULL ); } // // If the process does NOT have an object table, return // ObjectTable = Process->ObjectTable; if (ObjectTable != NULL) { PreviousIOHardError = IoSetThreadHardErrorMode(FALSE); // // For each valid entry in the object table, close the handle // that points to that entry. // ExDestroyHandleTable( ObjectTable, ObDestroyHandleProcedure ); Process->ObjectTable = NULL; IoSetThreadHardErrorMode( PreviousIOHardError ); } // // Release the lock // if (AcquireLock) { KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); KeLeaveCriticalRegion(); } // // And return to our caller // return; }

NTKERNELAPI VOID ObMakeTemporaryObject (  IN PVOID  Object  )

Definition at line 484 of file obclose.c. References FALSE, _OBJECT_HEADER::Flags, OB_FLAG_PERMANENT_OBJECT, OBJECT_TO_OBJECT_HEADER, ObpDeleteNameCheck(), and PAGED_CODE. Referenced by IoCreateDriver(), IoDeleteDevice(), IopCompleteUnloadOrDelete(), IopInitializeBootDrivers(), IopInitializeBuiltinDriver(), IopLoadDriver(), NtMakeTemporaryObject(), and NtUnloadDriver(). : This routine removes the name of the object from its parent directory. The object is only removed if it has a non zero handle count and a name. Otherwise the object is simply made non permanent Arguments: Object - Supplies the object being modified Return Value: None. --*/ { POBJECT_HEADER ObjectHeader; PAGED_CODE(); ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); ObjectHeader->Flags &= ~OB_FLAG_PERMANENT_OBJECT; ObpDeleteNameCheck( Object, FALSE ); return; }

NTKERNELAPI NTSTATUS ObOpenObjectByName (  IN POBJECT_ATTRIBUTES  ObjectAttributes, IN POBJECT_TYPE  ObjectType, IN KPROCESSOR_MODE  AccessMode, IN OUT PACCESS_STATE PassedAccessState  OPTIONAL, IN ACCESS_MASK DesiredAccess  OPTIONAL, IN OUT PVOID ParseContext  OPTIONAL, OUT PHANDLE  Handle )

NTKERNELAPI NTSTATUS ObOpenObjectByPointer (  IN PVOID  Object, IN ULONG  HandleAttributes, IN PACCESS_STATE PassedAccessState  OPTIONAL, IN ACCESS_MASK DesiredAccess  OPTIONAL, IN POBJECT_TYPE ObjectType  OPTIONAL, IN KPROCESSOR_MODE  AccessMode, OUT PHANDLE  Handle )

Definition at line 367 of file obref.c. References FALSE, _OBJECT_TYPE_INITIALIZER::GenericMapping, Handle, _OBJECT_TYPE_INITIALIZER::InvalidAttributes, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, OBJECT_TO_OBJECT_HEADER, ObOpenHandle, ObpCreateHandle(), ObpValidateIrql, ObReferenceObjectByPointer(), PAGED_CODE, SeCreateAccessState(), SeDeleteAccessState(), Status, _OBJECT_HEADER::Type, and _OBJECT_TYPE::TypeInfo. Referenced by CreateSystemThread(), IopInvalidateVolumesForDevice(), NtCreatePagingFile(), NtOpenProcess(), NtOpenProcessToken(), NtOpenThread(), NtOpenThreadToken(), NtUserOpenInputDesktop(), obtest(), UserBeep(), xxxCreateDisconnectDesktop(), xxxCreateWindowStation(), xxxResolveDesktop(), xxxSetCsrssThreadDesktop(), and xxxSwitchDesktop(). : This routine opens an object referenced by a pointer. Arguments: Object - A pointer to the object being opened. HandleAttributes - The desired attributes for the handle, such as OBJ_INHERIT, OBJ_PERMANENT, OBJ_EXCLUSIVE, OBJ_CASE_INSENSITIVE, OBJ_OPENIF, and OBJ_OPENLINK PassedAccessState - Supplies an optional pointer to the current access status describing already granted access types, the privileges used to get them, and any access types yet to be granted. DesiredAcess - Supplies the desired access to the object. ObjectType - Supplies the type of the object being opened AccessMode - Supplies the processor mode of the access. Handle - Supplies a pointer to a variable that receives the handle value. Return Value: An appropriate NTSTATUS value --*/ { NTSTATUS Status; HANDLE NewHandle; POBJECT_HEADER ObjectHeader; ACCESS_STATE LocalAccessState; PACCESS_STATE AccessState = NULL; AUX_ACCESS_DATA AuxData; PAGED_CODE(); ObpValidateIrql( "ObOpenObjectByPointer" ); // // First increment the pointer count for the object. This routine // also checks the object types // Status = ObReferenceObjectByPointer( Object, 0, ObjectType, AccessMode ); if (NT_SUCCESS( Status )) { // // Get the object header for the input object body // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); // // If the caller did not pass in an access state then // we will create a new one based on the desired access // and the object types generic mapping // if (!ARGUMENT_PRESENT( PassedAccessState )) { Status = SeCreateAccessState( &LocalAccessState, &AuxData, DesiredAccess, &ObjectHeader->Type->TypeInfo.GenericMapping ); if (!NT_SUCCESS( Status )) { ObDereferenceObject( Object ); return(Status); } AccessState = &LocalAccessState; // // Otherwise the caller did specify an access state so // we use the one passed in. // } else { AccessState = PassedAccessState; } // // Make sure the caller is asking for handle attributes that are // valid for the given object type // if (ObjectHeader->Type->TypeInfo.InvalidAttributes & HandleAttributes) { if (AccessState == &LocalAccessState) { SeDeleteAccessState( AccessState ); } ObDereferenceObject( Object ); return( STATUS_INVALID_PARAMETER ); } // // We've referenced the object and have an access state to give // the new handle so now create a new handle for the object. // Status = ObpCreateHandle( ObOpenHandle, Object, ObjectType, AccessState, 0, HandleAttributes, FALSE, AccessMode, (PVOID *)NULL, &NewHandle ); if (!NT_SUCCESS( Status )) { ObDereferenceObject( Object ); } } // // If we successfully opened by object and created a new handle // then set the output variable correctly // if (NT_SUCCESS( Status )) { *Handle = NewHandle; } else { *Handle = NULL; } // // Check if we used our own access state and now need to cleanup // if (AccessState == &LocalAccessState) { SeDeleteAccessState( AccessState ); } // // And return to our caller // return( Status ); }

NTSTATUS ObQueryDeviceMapInformation (  IN PEPROCESS  TargetProcess, OUT PPROCESS_DEVICEMAP_INFORMATION  DeviceMapInformation )

Definition at line 236 of file obdevmap.c. References _DEVICE_MAP::DriveMap, EXCEPTION_EXECUTE_HANDLER, NTSTATUS(), NULL, ObpDeviceMapLock, ObSystemDeviceMap, and Status. Referenced by NtQueryInformationProcess(). : This function queries information from the device map associated with the specified process. The returned information contains a bit map indicating which drive letters are defined in the associated object directory, along with an array of drive types that give the type of each drive letter. Arguments: TargetProcess - Specifies the target process to retreive the device map from. If not specified then we return the global default device map DeviceMapInformation - Specifies the location where to store the results. Return Value: Returns one of the following status codes: STATUS_SUCCESS - normal, successful completion. STATUS_END_OF_FILE - The specified process was not associated with a device map. STATUS_ACCESS_VIOLATION - The DeviceMapInformation buffer pointer value specified an invalid address. --*/ { NTSTATUS Status; PDEVICE_MAP DeviceMap; KIRQL OldIrql; PROCESS_DEVICEMAP_INFORMATION LocalMapInformation; // // Check if the caller gave us a target process and if not then use // the globally defined one // if (ARGUMENT_PRESENT( TargetProcess )) { DeviceMap = TargetProcess->DeviceMap; } else { DeviceMap = ObSystemDeviceMap; } // // If we do not have a device map then we'll return an error otherwise // we simply copy over the device map structure (bitmap and drive type // array) into the output buffer // if (DeviceMap == NULL) { Status = STATUS_END_OF_FILE; } else { Status = STATUS_SUCCESS; // // First, while using a spinlock to protect the device map from // going away we will make local copy of the information. // ExAcquireSpinLock( &ObpDeviceMapLock, &OldIrql ); RtlMoveMemory( &LocalMapInformation.Query, &DeviceMap->DriveMap, sizeof( DeviceMapInformation->Query )); ExReleaseSpinLock( &ObpDeviceMapLock, OldIrql ); // // Now we can copy the information to the caller buffer using // a try-except to guard against the output buffer changing. // Note that the caller must have already probed the buffer // for write. // try { RtlMoveMemory( &DeviceMapInformation->Query, &LocalMapInformation.Query, sizeof( DeviceMapInformation->Query )); } except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); } } return Status; }

NTKERNELAPI NTSTATUS ObQueryNameString (  IN PVOID  Object, OUT POBJECT_NAME_INFORMATION  ObjectNameInfo, IN ULONG  Length, OUT PULONG  ReturnLength )

Definition at line 713 of file obquery.c. References _OBJECT_HEADER_NAME_INFO::Directory, EXCEPTION_EXECUTE_HANDLER, _OBJECT_HEADER_NAME_INFO::Name, NTSTATUS(), NULL, OBJECT_HEADER_TO_NAME_INFO, OBJECT_TO_OBJECT_HEADER, OBP_MISSING_NAME_LITERAL, OBP_MISSING_NAME_LITERAL_SIZE, ObpBeginTypeSpecificCallOut, ObpEndTypeSpecificCallOut, ObpEnterRootDirectoryMutex, ObpLeaveRootDirectoryMutex, ObpRootDirectoryObject, PAGED_CODE, _OBJECT_TYPE_INITIALIZER::QueryNameProcedure, Status, String, _OBJECT_HEADER::Type, _OBJECT_TYPE::TypeInfo, and USHORT. Referenced by CcWriteBehind(), IoGetDeviceProperty(), IopBuildCmResourceList(), IopCaptureObjectName(), IopErrorLogThread(), IopQueryName(), IopRaiseHardError(), MmGetFileNameForSection(), NtQueryObject(), NtQueryVirtualMemory(), ObGetObjectInformation(), and SepQueryNameString(). : This routine processes a query of an object's name information Arguments: Object - Supplies the object being queried ObjectNameInfo - Supplies the buffer to store the name string information Length - Specifies the length, in bytes, of the original object name info buffer. ReturnLength - Contains the number of bytes already used up in the object name info. On return this receives an updated byte count. (Length minus ReturnLength) is really now many bytes are left in the output buffer. The buffer supplied to this call may actually be offset within the original users buffer Return Value: An appropriate status value --*/ { NTSTATUS Status; POBJECT_HEADER ObjectHeader; POBJECT_HEADER_NAME_INFO NameInfo; POBJECT_HEADER ObjectDirectoryHeader; POBJECT_DIRECTORY ObjectDirectory; ULONG NameInfoSize; PUNICODE_STRING String; PWCH StringBuffer; ULONG NameSize; PAGED_CODE(); // // Get the object header and name info record if it exists // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); NameInfo = OBJECT_HEADER_TO_NAME_INFO( ObjectHeader ); // // If the object type has a query name callback routine then // that is how we get the name // if (ObjectHeader->Type->TypeInfo.QueryNameProcedure != NULL) { try { KIRQL SaveIrql; ObpBeginTypeSpecificCallOut( SaveIrql ); ObpEndTypeSpecificCallOut( SaveIrql, "Query", ObjectHeader->Type, Object ); Status = (*ObjectHeader->Type->TypeInfo.QueryNameProcedure)( Object, (BOOLEAN)((NameInfo != NULL) && (NameInfo->Name.Length != 0)), ObjectNameInfo, Length, ReturnLength ); } except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); } return( Status ); } // // Otherwise, the object type does not specify a query name // procedure so we get to do the work. The first thing // to check is if the object doesn't even have a name. If // object doesn't have a name then we'll return an empty name // info structure. // if ((NameInfo == NULL) || (NameInfo->Name.Buffer == NULL)) { // // Compute the length of our return buffer, set the output // if necessary and make sure the supplied buffer is large // enough // NameInfoSize = sizeof( OBJECT_NAME_INFORMATION ); try { *ReturnLength = NameInfoSize; } except( EXCEPTION_EXECUTE_HANDLER ) { return( GetExceptionCode() ); } if (Length < NameInfoSize) { return( STATUS_INFO_LENGTH_MISMATCH ); } // // Initialize the output buffer to be an empty string // and then return to our caller // try { ObjectNameInfo->Name.Length = 0; ObjectNameInfo->Name.MaximumLength = 0; ObjectNameInfo->Name.Buffer = NULL; } except( EXCEPTION_EXECUTE_HANDLER ) { // // Fall through, since we cannot undo what we have done. // // **** This should probably get the exception code and return // that value // } return( STATUS_SUCCESS ); } // // First lock the directory mutex to stop before we chase stuff down // ObpEnterRootDirectoryMutex(); try { // // The object does have a name but now see if this is // just the root directory object in which case the name size // is only the "\" character // if (Object == ObpRootDirectoryObject) { NameSize = sizeof( OBJ_NAME_PATH_SEPARATOR ); } else { // // The named object is not the root so for every directory // working out way up we'll add its size to the name keeping // track of "\" characters inbetween each component. We first // start with the object name itself and then move on to // the directories // ObjectDirectory = NameInfo->Directory; NameSize = sizeof( OBJ_NAME_PATH_SEPARATOR ) + NameInfo->Name.Length; // // While we are not at the root we'll keep moving up // while ((ObjectDirectory != ObpRootDirectoryObject) && (ObjectDirectory)) { // // Get the name information for this directory // ObjectDirectoryHeader = OBJECT_TO_OBJECT_HEADER( ObjectDirectory ); NameInfo = OBJECT_HEADER_TO_NAME_INFO( ObjectDirectoryHeader ); if ((NameInfo != NULL) && (NameInfo->Directory != NULL)) { // // This directory has a name so add it to the accomulated // size and move up the tree // NameSize += sizeof( OBJ_NAME_PATH_SEPARATOR ) + NameInfo->Name.Length; ObjectDirectory = NameInfo->Directory; } else { // // This directory does not have a name so we'll give it // the "..." name and stop the loop // NameSize += sizeof( OBJ_NAME_PATH_SEPARATOR ) + OBP_MISSING_NAME_LITERAL_SIZE; break; } } } // // At this point NameSize is the number of bytes we need to store the // name of the object from the root down. The total buffer size we are // going to need will include this size, plus object name information // structure, plus an ending null character // NameInfoSize = NameSize + sizeof( OBJECT_NAME_INFORMATION ) + sizeof( UNICODE_NULL ); // // Set the output size and make sure the supplied buffer is large enough // to hold the information // try { *ReturnLength = NameInfoSize; } except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); leave; } if (Length < NameInfoSize) { Status = STATUS_INFO_LENGTH_MISMATCH; leave; } // // **** the following IF isn't necessary because name info size is // already guaranteed to be nonzero from about 23 lines above // if (NameInfoSize != 0) { // // Set the String buffer to point to the byte right after the // last byte in the output string. This following logic actually // fills in the buffer backwards working from the name back to the // root // StringBuffer = (PWCH)ObjectNameInfo; StringBuffer = (PWCH)((PCH)StringBuffer + NameInfoSize); NameInfo = OBJECT_HEADER_TO_NAME_INFO( ObjectHeader ); try { // // Terminate the string with a null and backup one unicode // character // *--StringBuffer = UNICODE_NULL; // // If the object in question is not the root directory // then we are going to put its name in the string buffer // When we finally reach the root directory we'll append on // the final "\" // if (Object != ObpRootDirectoryObject) { // // Add in the objects name // String = &NameInfo->Name; StringBuffer = (PWCH)((PCH)StringBuffer - String->Length); RtlMoveMemory( StringBuffer, String->Buffer, String->Length ); // // While we are not at the root directory we'll keep // moving up // ObjectDirectory = NameInfo->Directory; while ((ObjectDirectory != ObpRootDirectoryObject) && (ObjectDirectory)) { // // Get the name information for this directory // ObjectDirectoryHeader = OBJECT_TO_OBJECT_HEADER( ObjectDirectory ); NameInfo = OBJECT_HEADER_TO_NAME_INFO( ObjectDirectoryHeader ); // // Tack on the "\" between the last name we added and // this new name // *--StringBuffer = OBJ_NAME_PATH_SEPARATOR; // // Preappend the directory name, if it has one, and // move up to the next directory. // if ((NameInfo != NULL) && (NameInfo->Directory != NULL)) { String = &NameInfo->Name; StringBuffer = (PWCH)((PCH)StringBuffer - String->Length); RtlMoveMemory( StringBuffer, String->Buffer, String->Length ); ObjectDirectory = NameInfo->Directory; } else { // // The directory is nameless so use the "..." for // its name and break out of the loop // StringBuffer = (PWCH)((PCH)StringBuffer - OBP_MISSING_NAME_LITERAL_SIZE); RtlMoveMemory( StringBuffer, OBP_MISSING_NAME_LITERAL, OBP_MISSING_NAME_LITERAL_SIZE ); break; } } } // // Tack on the "\" for the root directory and then set the // output unicode string variable to have the right size // and point to the right spot. // *--StringBuffer = OBJ_NAME_PATH_SEPARATOR; ObjectNameInfo->Name.Length = (USHORT)NameSize; ObjectNameInfo->Name.MaximumLength = (USHORT)(NameSize+sizeof( UNICODE_NULL )); ObjectNameInfo->Name.Buffer = StringBuffer; } except( EXCEPTION_EXECUTE_HANDLER ) { // // Fall through, since we cannot undo what we have done. // // **** This should probably get the exception code and return // that value // } } Status = STATUS_SUCCESS; } finally { ObpLeaveRootDirectoryMutex(); } return Status; }

NTSTATUS ObQueryObjectAuditingByHandle (  IN HANDLE  Handle, OUT PBOOLEAN  GenerateOnClose )

Definition at line 1319 of file obquery.c. References ExMapHandleToPointer(), ExUnlockHandleTableEntry(), FALSE, Handle, KeEnterCriticalRegion, KeLeaveCriticalRegion, NTSTATUS(), NULL, _HANDLE_TABLE_ENTRY::ObAttributes, OBJ_AUDIT_OBJECT_CLOSE, ObpGetObjectTable, ObpValidateIrql, PAGED_CODE, Status, and TRUE. : This routine tells the caller if the indicated handle will generate an audit if it is closed Arguments: Handle - Supplies the handle being queried GenerateOnClose - Receives TRUE if the handle will generate an audit if closed and FALSE otherwise Return Value: An appropriate status value --*/ { PHANDLE_TABLE ObjectTable; PHANDLE_TABLE_ENTRY ObjectTableEntry; PVOID Object; ULONG CapturedGrantedAccess; ULONG CapturedAttributes; NTSTATUS Status; PAGED_CODE(); // // Protect ourselves from being interrupted while we hold a handle table // entry lock // KeEnterCriticalRegion(); try { ObpValidateIrql( "ObQueryObjectAuditingByHandle" ); // // For the current process we'll grab its object table and // then get the object table entry // ObjectTable = ObpGetObjectTable(); ObjectTableEntry = ExMapHandleToPointer( ObjectTable, Handle ); // // If we were given a valid handle we'll look at the attributes // stored in the object table entry to decide if we generate // an audit on close // if (ObjectTableEntry != NULL) { CapturedAttributes = ObjectTableEntry->ObAttributes; if (CapturedAttributes & OBJ_AUDIT_OBJECT_CLOSE) { *GenerateOnClose = TRUE; } else { *GenerateOnClose = FALSE; } ExUnlockHandleTableEntry( ObjectTable, ObjectTableEntry ); Status = STATUS_SUCCESS; } else { Status = STATUS_INVALID_HANDLE; } } finally { KeLeaveCriticalRegion(); } return Status; }

NTSTATUS ObQueryTypeInfo (  IN POBJECT_TYPE  ObjectType, OUT POBJECT_TYPE_INFORMATION  ObjectTypeInfo, IN ULONG  Length, OUT PULONG  ReturnLength )

Definition at line 1216 of file obquery.c. References ALIGN_UP, EXCEPTION_EXECUTE_HANDLER, NTSTATUS(), and Status. Referenced by NtQueryObject(). : This routine processes the query for object type information Arguments: Object - Supplies a pointer to the object type being queried ObjectTypeInfo - Supplies the buffer to store the type information Length - Specifies the length, in bytes, of the object type information buffer ReturnLength - Contains the number of bytes already used up in the object type information buffer. On return this receives an updated byte count (Length minus ReturnLength) is really now many bytes are left in the output buffer. The buffer supplied to this call may actually be offset within the original users buffer Return Value: An appropriate status value --*/ { NTSTATUS Status; try { // // The total number of bytes needed for this query includes the // object type information structure plus the name of the type // rounded up to a ulong boundary // *ReturnLength += sizeof( *ObjectTypeInfo ) + ALIGN_UP( ObjectType->Name.MaximumLength, ULONG ); // // Make sure the buffer is large enough for this information and // then fill in the record // if (Length < *ReturnLength) { Status = STATUS_INFO_LENGTH_MISMATCH; } else { ObjectTypeInfo->TotalNumberOfObjects = ObjectType->TotalNumberOfObjects; ObjectTypeInfo->TotalNumberOfHandles = ObjectType->TotalNumberOfHandles; ObjectTypeInfo->HighWaterNumberOfObjects = ObjectType->HighWaterNumberOfObjects; ObjectTypeInfo->HighWaterNumberOfHandles = ObjectType->HighWaterNumberOfHandles; ObjectTypeInfo->InvalidAttributes = ObjectType->TypeInfo.InvalidAttributes; ObjectTypeInfo->GenericMapping = ObjectType->TypeInfo.GenericMapping; ObjectTypeInfo->ValidAccessMask = ObjectType->TypeInfo.ValidAccessMask; ObjectTypeInfo->SecurityRequired = ObjectType->TypeInfo.SecurityRequired; ObjectTypeInfo->MaintainHandleCount = ObjectType->TypeInfo.MaintainHandleCount; ObjectTypeInfo->PoolType = ObjectType->TypeInfo.PoolType; ObjectTypeInfo->DefaultPagedPoolCharge = ObjectType->TypeInfo.DefaultPagedPoolCharge; ObjectTypeInfo->DefaultNonPagedPoolCharge = ObjectType->TypeInfo.DefaultNonPagedPoolCharge; // // The type name goes right after this structure. We cannot use // rtl routine like RtlCopyUnicodeString that might use the local // memory to keep state, because this is the user buffer and it // could be changing by user // ObjectTypeInfo->TypeName.Buffer = (PWSTR)(ObjectTypeInfo+1); ObjectTypeInfo->TypeName.Length = ObjectType->Name.Length; ObjectTypeInfo->TypeName.MaximumLength = ObjectType->Name.MaximumLength; RtlMoveMemory( (PWSTR)(ObjectTypeInfo+1), ObjectType->Name.Buffer, ObjectType->Name.Length ); ((PWSTR)(ObjectTypeInfo+1))[ ObjectType->Name.Length/sizeof(WCHAR) ] = UNICODE_NULL; Status = STATUS_SUCCESS; } } except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); } return Status; }

NTSTATUS ObQueryTypeName (  IN PVOID  Object, PUNICODE_STRING  ObjectTypeName, IN ULONG  Length, OUT PULONG  ReturnLength )

Definition at line 1082 of file obquery.c. References EXCEPTION_EXECUTE_HANDLER, _OBJECT_TYPE::Name, OBJECT_TO_OBJECT_HEADER, PAGED_CODE, String, _OBJECT_HEADER::Type, and USHORT. Referenced by ObGetObjectInformation(), and SepQueryTypeString(). : This routine processes a query of an object's type name Arguments: Object - Supplies the object being queried ObjectTypeName - Supplies the buffer to store the type name string information Length - Specifies the length, in bytes, of the object type name buffer ReturnLength - Contains the number of bytes already used up in the object type name buffer. On return this receives an updated byte count (Length minus ReturnLength) is really now many bytes are left in the output buffer. The buffer supplied to this call may actually be offset within the original users buffer Return Value: An appropriate status value --*/ { POBJECT_TYPE ObjectType; POBJECT_HEADER ObjectHeader; ULONG TypeNameSize; PUNICODE_STRING String; PWCH StringBuffer; ULONG NameSize; PAGED_CODE(); // // From the object get its object type and from that get the size of // the object type name. The total size for we need for the output // buffer must fit the name, a terminating null, and a preceding // unicode string structure // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); ObjectType = ObjectHeader->Type; NameSize = ObjectType->Name.Length; TypeNameSize = NameSize + sizeof( UNICODE_NULL ) + sizeof( UNICODE_STRING ); // // Update the number of bytes we need and make sure the output buffer is // large enough // // **** to be consistent with all our callers and other routines in // this module this should probably be a "+=" and not just "=" // try { *ReturnLength = TypeNameSize; } except( EXCEPTION_EXECUTE_HANDLER ) { return( GetExceptionCode() ); } if (Length < TypeNameSize) { return( STATUS_INFO_LENGTH_MISMATCH ); } // // **** this IF is probably not needed because of the earlier computation // of type name size // if (TypeNameSize != 0) { // // Set string buffer to point to the one byte beyond the // buffer that we're going to fill in // StringBuffer = (PWCH)ObjectTypeName; StringBuffer = (PWCH)((PCH)StringBuffer + TypeNameSize); String = &ObjectType->Name; try { // // Tack on the terminating null character and copy over // the type name // *--StringBuffer = UNICODE_NULL; StringBuffer = (PWCH)((PCH)StringBuffer - String->Length); RtlMoveMemory( StringBuffer, String->Buffer, String->Length ); // // Now set the preceding unicode string to have the right // lengths and to point to this buffer // ObjectTypeName->Length = (USHORT)NameSize; ObjectTypeName->MaximumLength = (USHORT)(NameSize+sizeof( UNICODE_NULL )); ObjectTypeName->Buffer = StringBuffer; } except( EXCEPTION_EXECUTE_HANDLER ) { // // Fall through, since we cannot undo what we have done. // } } return( STATUS_SUCCESS ); }

NTKERNELAPI NTSTATUS ObReferenceObjectByHandle (  IN HANDLE  Handle, IN ACCESS_MASK  DesiredAccess, IN POBJECT_TYPE ObjectType  OPTIONAL, IN KPROCESSOR_MODE  AccessMode, OUT PVOID *  Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation  OPTIONAL )

Definition at line 542 of file obref.c. References ASSERT, _OBJECT_HEADER::Body, DecodeKernelHandle, ExMapHandleToPointer(), ExUnlockHandleTableEntry(), FALSE, _EPROCESS::GrantedAccess, _ETHREAD::GrantedAccess, _HANDLE_TABLE_ENTRY::GrantedAccess, _HANDLE_TABLE_ENTRY::GrantedAccessIndex, Handle, IsKernelHandle, KeDetachProcess(), KeEnterCriticalRegion, KeLeaveCriticalRegion, KernelMode, NtGlobalFlag, NTSTATUS(), NULL, _HANDLE_TABLE_ENTRY::ObAttributes, OBJ_HANDLE_ATTRIBUTES, _HANDLE_TABLE_ENTRY::Object, OBJECT_TO_OBJECT_HEADER, ObpGetObjectTable, ObpIncrPointerCount, ObpKernelHandleTable, ObpValidateIrql, PsGetCurrentProcess, PsGetCurrentThread, PsProcessType, PsThreadType, SeComputeDeniedAccesses, Status, TRUE, and _OBJECT_HEADER::Type. Referenced by _GetUserObjectInformation(), _SetUserObjectInformation(), BuildQueryDirectoryIrp(), CmGetSystemDriverList(), CmpCloneControlSet(), CmpCloneHwProfile(), CmpCreateEvent(), CmpCreateRegistryRoot(), CmpLinkHiveToMaster(), CmpSaveBootControlSet(), ExCreateCallback(), ExpCreateWorkerThread(), InitializeMediaChange(), InitializePowerRequestList(), IoAttachDevice(), IoCreateDriver(), IoCreateNotificationEvent(), IoCreateSynchronizationEvent(), IoGetDeviceObjectPointer(), IoInitSystem(), IopCompleteDumpInitialization(), IopConfigureCrashDump(), IopConnectLinkTrackingPort(), IopGetDumpStack(), IopInitializeBuiltinDriver(), IopLoadDriver(), IopMarkBootPartition(), IopOpenLinkOrRenameTarget(), IopReferenceDriverObjectByName(), IopSetEaOrQuotaInformationFile(), IopTrackLink(), IopXxxControlFile(), MiLoadSystemImage(), MmCreateSection(), MmGetFileNameForSection(), MmSetBankedSection(), NtAcceptConnectPort(), NtAdjustGroupsToken(), NtAdjustPrivilegesToken(), NtAlertResumeThread(), NtAlertThread(), NtAllocateUserPhysicalPages(), NtAllocateVirtualMemory(), NtAssignProcessToJobObject(), NtCancelIoFile(), NtCancelTimer(), NtClearEvent(), NtCreateKey(), NtCreatePagingFile(), NtCreateProfile(), NtCreateSuperSection(), NtDeleteKey(), NtDeleteValueKey(), NtDuplicateObject(), NtDuplicateToken(), NtEnumerateKey(), NtEnumerateValueKey(), NtExtendSection(), NtFilterToken(), NtFlushBuffersFile(), NtFlushInstructionCache(), NtFlushKey(), NtFlushVirtualMemory(), NtFreeUserPhysicalPages(), NtFreeVirtualMemory(), NtGetContextThread(), NtImpersonateAnonymousToken(), NtImpersonateThread(), NtListenChannel(), NtLockFile(), NtLockVirtualMemory(), NtMakeTemporaryObject(), NtMapViewOfSection(), NtMapViewOfSuperSection(), NtNotifyChangeDirectoryFile(), NtNotifyChangeMultipleKeys(), NtOpenKey(), NtOpenObjectAuditAlarm(), NtOpenThreadToken(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtPrivilegeObjectAuditAlarm(), NtProtectVirtualMemory(), NtPulseEvent(), NtQueryDirectoryObject(), NtQueryEaFile(), NtQueryEvent(), NtQueryInformationFile(), NtQueryInformationJobObject(), NtQueryInformationPort(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIoCompletion(), NtQueryKey(), NtQueryMultipleValueKey(), NtQueryMutant(), NtQueryObject(), NtQueryOpenSubKeys(), NtQueryQuotaInformationFile(), NtQuerySection(), NtQuerySecurityObject(), NtQuerySemaphore(), NtQuerySymbolicLinkObject(), NtQueryTimer(), NtQueryValueKey(), NtQueryVirtualMemory(), NtQueryVolumeInformationFile(), NtQueueApcThread(), NtReadFile(), NtReadFileScatter(), NtReadVirtualMemory(), NtRegisterThreadTerminatePort(), NtReleaseMutant(), NtReleaseSemaphore(), NtRemoveIoCompletion(), NtReplaceKey(), NtReplyWaitReceivePort(), NtReplyWaitReceivePortEx(), NtResetEvent(), NtRestoreKey(), NtResumeThread(), NtSaveKey(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSendWaitReplyChannel(), NtSetContextThread(), NtSetDefaultHardErrorPort(), NtSetEaFile(), NtSetEvent(), NtSetHighEventPair(), NtSetHighWaitLowEventPair(), NtSetInformationFile(), NtSetInformationJobObject(), NtSetInformationKey(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), NtSetIoCompletion(), NtSetLowEventPair(), NtSetLowWaitHighEventPair(), NtSetSecurityObject(), NtSetSystemInformation(), NtSetTimer(), NtSetValueKey(), NtSetVolumeInformationFile(), NtSignalAndWaitForSingleObject(), NtStartProfile(), NtStopProfile(), NtSuspendThread(), NtTerminateJobObject(), NtTerminateProcess(), NtTerminateThread(), NtUnloadDriver(), NtUnloadKey(), NtUnlockFile(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtUserGetGuiResources(), NtUserProcessConnect(), NtUserUserHandleGrantAccess(), NtWaitForSingleObject(), NtWaitHighEventPair(), NtWaitLowEventPair(), NtWriteFile(), NtWriteFileGather(), NtWriteVirtualMemory(), ObInitSystem(), ObpLookupObjectName(), ObSetDeviceMap(), obtest(), ObWaitForSingleObject(), OpenCacheKeyEx(), PsAssignImpersonationToken(), PsLocateSystemDll(), PsOpenTokenOfJobObject(), PsOpenTokenOfProcess(), PsOpenTokenOfThread(), PspAssignPrimaryToken(), PspCreateProcess(), PspCreateThread(), PspInitPhase0(), PspQueryPooledQuotaLimits(), PspQueryQuotaLimits(), PspQueryWorkingSetWatch(), PspSetPrimaryToken(), PspSetQuotaLimits(), RawInputThread(), ReferenceWindowStation(), RegisterForDeviceChangeNotifications(), RemoteConnect(), SeAccessCheckByType(), SeFilterToken(), SeIsChildToken(), SepAccessCheckAndAuditAlarm(), SepOpenTokenOfThread(), SetInformationProcess(), SmbTraceToClient(), UdfInvalidateVolumes(), ValidateHdesk(), ValidateHwinsta(), VdmpDelayInterrupt(), VdmpQueueInterrupt(), VdmpQueueIntNormalRoutine(), VdmQueryDirectoryFile(), WaitOnPseudoEvent(), xxxCloseDesktop(), xxxConsoleControl(), xxxCreateDesktop(), xxxCreateDisconnectDesktop(), xxxCreateThreadInfo(), xxxCreateWindowStation(), xxxGetThreadDesktop(), xxxHardErrorControl(), xxxInitTerminal(), xxxOpenDesktop(), xxxQueryInformationThread(), xxxRegisterUserHungAppHandlers(), xxxResolveDesktop(), xxxSetInformationThread(), xxxSetProcessWindowStation(), and zzzSetDesktop(). : Given a handle to an object this routine returns a pointer to the body of the object with proper ref counts Arguments: Handle - Supplies a handle to the object being referenced. It can also be the result of NtCurrentProcess or NtCurrentThread DesiredAccess - Supplies the access being requested by the caller ObjectType - Optionally supplies the type of the object we are expecting AccessMode - Supplies the processor mode of the access Object - Receives a pointer to the object body if the operation is successful HandleInformation - Optionally receives information regarding the input handle. Return Value: An appropriate NTSTATUS value --*/ { ACCESS_MASK GrantedAccess; PHANDLE_TABLE HandleTable; POBJECT_HEADER ObjectHeader; PHANDLE_TABLE_ENTRY ObjectTableEntry; PEPROCESS Process; NTSTATUS Status; PETHREAD Thread; BOOLEAN AttachedToProcess = FALSE; ObpValidateIrql("ObReferenceObjectByHandle"); // // Protect ourselves from being interrupted while we hold a handle table // entry lock // KeEnterCriticalRegion(); try { // // If the handle is equal to the current process handle and the object // type is NULL or type process, then attempt to translate a handle to // the current process. Otherwise, check if the handle is the current // thread handle. // if (Handle == NtCurrentProcess()) { if ((ObjectType == PsProcessType) || (ObjectType == NULL)) { Process = PsGetCurrentProcess(); GrantedAccess = Process->GrantedAccess; if ((SeComputeDeniedAccesses(GrantedAccess, DesiredAccess) == 0) || (AccessMode == KernelMode)) { ObjectHeader = OBJECT_TO_OBJECT_HEADER(Process); if (ARGUMENT_PRESENT(HandleInformation)) { HandleInformation->GrantedAccess = GrantedAccess; HandleInformation->HandleAttributes = 0; } ObpIncrPointerCount(ObjectHeader); *Object = Process; ASSERT( *Object != NULL ); Status = STATUS_SUCCESS; leave; } else { Status = STATUS_ACCESS_DENIED; } } else { Status = STATUS_OBJECT_TYPE_MISMATCH; } // // If the handle is equal to the current thread handle and the object // type is NULL or type thread, then attempt to translate a handle to // the current thread. Otherwise, the we'll try and translate the // handle // } else if (Handle == NtCurrentThread()) { if ((ObjectType == PsThreadType) || (ObjectType == NULL)) { Thread = PsGetCurrentThread(); GrantedAccess = Thread->GrantedAccess; if ((SeComputeDeniedAccesses(GrantedAccess, DesiredAccess) == 0) || (AccessMode == KernelMode)) { ObjectHeader = OBJECT_TO_OBJECT_HEADER(Thread); if (ARGUMENT_PRESENT(HandleInformation)) { HandleInformation->GrantedAccess = GrantedAccess; HandleInformation->HandleAttributes = 0; } ObpIncrPointerCount(ObjectHeader); *Object = Thread; ASSERT( *Object != NULL ); Status = STATUS_SUCCESS; leave; } else { Status = STATUS_ACCESS_DENIED; } } else { Status = STATUS_OBJECT_TYPE_MISMATCH; } // // Otherwise the handle is not a built in value. It must be an index // into a handle table. // } else { #if DBG // // On checked builds, check that if the Kernel handle bit is set, // then we're coming from Kernel mode. We should probably fail the // call if bit set && !Kmode // // We know we're NOT a builtin handle at this point // ASSERT((Handle < 0) ? (AccessMode == KernelMode) : TRUE); #endif // // First get a pointer to either the processes handle table or the // global kernel handle table. If it is the kernel handle then we // need to clear the handle bit and attach to the system process // if (IsKernelHandle( Handle, AccessMode )) { // // Make the handle look like a regular handle // Handle = DecodeKernelHandle( Handle ); // // The global kernel handle table // HandleTable = ObpKernelHandleTable; } else { HandleTable = ObpGetObjectTable(); } ASSERT(HandleTable != NULL); // // Translate the specified handle to an object table index. // ObjectTableEntry = ExMapHandleToPointer( HandleTable, Handle ); // // Make sure the object table entry really does exist // if (ObjectTableEntry != NULL) { ObjectHeader = (POBJECT_HEADER)(((ULONG_PTR)(ObjectTableEntry->Object)) & ~OBJ_HANDLE_ATTRIBUTES); if ((ObjectHeader->Type == ObjectType) || (ObjectType == NULL)) { #if i386 && !FPO if (NtGlobalFlag & FLG_KERNEL_STACK_TRACE_DB) { if ((AccessMode != KernelMode) || ARGUMENT_PRESENT(HandleInformation)) { GrantedAccess = ObpTranslateGrantedAccessIndex( ObjectTableEntry->GrantedAccessIndex ); } } else { GrantedAccess = ObjectTableEntry->GrantedAccess; } #else GrantedAccess = ObjectTableEntry->GrantedAccess; #endif // i386 && !FPO if ((SeComputeDeniedAccesses(GrantedAccess, DesiredAccess) == 0) || (AccessMode == KernelMode)) { // // Access to the object is allowed. Return the handle // information is requested, increment the object // pointer count, unlock the handle table and return // a success status. // // Note that this is the only successful return path // out of this routine if the user did not specify // the current process or current thread in the input // handle. // if (ARGUMENT_PRESENT(HandleInformation)) { HandleInformation->GrantedAccess = GrantedAccess; HandleInformation->HandleAttributes = ObjectTableEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES; } ObpIncrPointerCount(ObjectHeader); *Object = &ObjectHeader->Body; ASSERT( *Object != NULL ); ExUnlockHandleTableEntry( HandleTable, ObjectTableEntry ); Status = STATUS_SUCCESS; leave; } else { Status = STATUS_ACCESS_DENIED; } } else { Status = STATUS_OBJECT_TYPE_MISMATCH; } ExUnlockHandleTableEntry( HandleTable, ObjectTableEntry ); } else { Status = STATUS_INVALID_HANDLE; } } // // If we are attached to the system process then return // back to our caller // if (AttachedToProcess) { KeDetachProcess(); } // // No handle translation is possible. Set the object address to NULL // and return an error status. // *Object = NULL; } finally { KeLeaveCriticalRegion(); } return Status; }

NTSTATUS ObReferenceObjectByName (  IN PUNICODE_STRING  ObjectName, IN ULONG  Attributes, IN PACCESS_STATE PassedAccessState  OPTIONAL, IN ACCESS_MASK DesiredAccess  OPTIONAL, IN POBJECT_TYPE  ObjectType, IN KPROCESSOR_MODE  AccessMode, IN OUT PVOID ParseContext  OPTIONAL, OUT PVOID *  Object )

NTKERNELAPI NTSTATUS ObReferenceObjectByPointer (  IN PVOID  Object, IN ACCESS_MASK  DesiredAccess, IN POBJECT_TYPE  ObjectType, IN KPROCESSOR_MODE  AccessMode )

Definition at line 1022 of file obref.c. References KernelMode, OBJECT_TO_OBJECT_HEADER, ObpIncrPointerCount, ObpSymbolicLinkObjectType, and _OBJECT_HEADER::Type. Referenced by IoRegisterPlugPlayNotification(), NtImpersonateAnonymousToken(), ObOpenObjectByPointer(), ObpLookupObjectName(), ObpParseSymbolicLink(), obtest(), ParseAProc(), RawInputThread(), VdmpDelayInterrupt(), xxxDesktopThread(), and xxxSetCsrssThreadDesktop(). : This routine adds another reference count to an object denoted by a pointer to the object body Arguments: Object - Supplies a pointer to the object being referenced DesiredAccess - Specifies the desired access for the reference ObjectType - Specifies the object type according to the caller AccessMode - Supplies the processor mode of the access Return Value: STATUS_SUCCESS if successful and STATUS_OBJECT_TYPE_MISMATCH otherwise --*/ { POBJECT_HEADER ObjectHeader; // // Translate the pointer to the object body to a pointer to the // object header // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); // // If the specified object type does not match and either the caller is // not kernel mode or it is not a symbolic link object then it is an // error // if ((ObjectHeader->Type != ObjectType) && (AccessMode != KernelMode || ObjectType == ObpSymbolicLinkObjectType)) { return( STATUS_OBJECT_TYPE_MISMATCH ); } // // Otherwise increment the pointer count and return success to // our caller // ObpIncrPointerCount( ObjectHeader ); return( STATUS_SUCCESS ); }

VOID ObReleaseObjectSecurity (  IN PSECURITY_DESCRIPTOR  SecurityDescriptor, IN BOOLEAN  MemoryAllocated )

Definition at line 1418 of file obse.c. References ExFreePool(), NULL, ObpDereferenceSecurityDescriptor(), and PAGED_CODE. Referenced by ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObInsertObject(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), ObpProcessDosDeviceSymbolicLink(), PspCreateProcess(), PspCreateThread(), and PspSetPrimaryToken(). : This function will free up any memory associated with a queried security descriptor. This undoes the function ObGetObjectSecurity Arguments: SecurityDescriptor - Supplies a pointer to the security descriptor to be freed. MemoryAllocated - Supplies whether or not we should free the memory pointed to by SecurityDescriptor. Return Value: None. --*/ { PAGED_CODE(); // // Check if there is a security descriptor to actually free // if ( SecurityDescriptor != NULL ) { // // If ObGetObjectSecurity allocated memory then we // need to free it. Otherwise what the earlier routine did // was reference the object to keep the security descriptor // to keep it from going away // if (MemoryAllocated) { ExFreePool( SecurityDescriptor ); } else { ObpDereferenceSecurityDescriptor( SecurityDescriptor ); } } }

NTSTATUS ObSetDeviceMap (  IN PEPROCESS  TargetProcess, IN HANDLE  DirectoryHandle )

Definition at line 30 of file obdevmap.c. References _OBJECT_DIRECTORY::DeviceMap, _EPROCESS::DeviceMap, DirectoryHandle, ExAllocatePoolWithTag, Handle, NonPagedPool, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceDeviceMap(), ObDereferenceObject, ObpDeviceMapLock, ObpDirectoryObjectType, ObReferenceObjectByHandle(), ObSystemDeviceMap, PAGED_CODE, PsGetCurrentProcess, _DEVICE_MAP::ReferenceCount, and Status. Referenced by NtSetInformationProcess(), and ObpCreateDosDevicesDirectory(). : This function sets the device map for the specified process, using the specified object directory. A device map is a structure associated with an object directory and a process. When the object manager sees a references to a name beginning with \??\ or just \??, then it follows the device map object in the calling process's EPROCESS structure to get to the object directory to use for that reference. This allows multiple virtual \?? object directories on a per process basis. The WindowStation logic will use this functionality to allocate devices unique to each WindowStation. Arguments: TargetProcess - Specifies the target process to associate the device map with. If null then the current process is used and the directory becomes the system default dos device map. DirectoryHandle - Specifies the object directory to associate with the device map. Return Value: Returns one of the following status codes: STATUS_SUCCESS - normal, successful completion. STATUS_SHARING_VIOLATION - The specified object directory is already associated with a device map. STATUS_INSUFFICIENT_RESOURCES - Unable to allocate pool for the device map data structure; STATUS_ACCESS_DENIED - Caller did not have DIRECTORY_TRAVERSE access to the specified object directory. --*/ { NTSTATUS Status; POBJECT_DIRECTORY DosDevicesDirectory; PDEVICE_MAP DeviceMap; PVOID Object; HANDLE Handle; KIRQL OldIrql; PAGED_CODE(); // // Reference the object directory handle and see if it is already // associated with a device map structure. If so, fail this call. // Status = ObReferenceObjectByHandle( DirectoryHandle, DIRECTORY_TRAVERSE, ObpDirectoryObjectType, KeGetPreviousMode(), &DosDevicesDirectory, NULL ); if (!NT_SUCCESS( Status )) { return( Status ); } // // Capture the device map // ExAcquireSpinLock( &ObpDeviceMapLock, &OldIrql ); DeviceMap = DosDevicesDirectory->DeviceMap; // // Check if the directory already has a dos device map // if (DeviceMap != NULL) { // // Test if the DeviceMap is about to delete and has the // ReferenceCount 0 // if (DeviceMap->ReferenceCount != 0) { // // We have a dos device map, so setup the target process to be either // what the caller specified or the current process // PEPROCESS Target = TargetProcess; if (Target == NULL) { Target = PsGetCurrentProcess(); } // // If the current process already has the exact same dos device map // then everything is already done and nothing left for us to do. // if (Target->DeviceMap == DeviceMap) { ExReleaseSpinLock( &ObpDeviceMapLock, OldIrql ); ObDereferenceObject( DosDevicesDirectory ); return Status; } // // Add a new reference before releasing the spinlock // to make sure nobody will release the devicemap while // we try to attach to the process. // DeviceMap->ReferenceCount++; ExReleaseSpinLock( &ObpDeviceMapLock, OldIrql ); // // We can dereference the target processes device map because it // no longer will have it's old dos device map. // ObDereferenceDeviceMap ( Target ); // // Now setup the new device map that we were feed in. We lock it // bump its ref count, make the targe process point to it, unlock it, // and return to our caller // ExAcquireSpinLock( &ObpDeviceMapLock, &OldIrql ); Target->DeviceMap = DeviceMap; ExReleaseSpinLock( &ObpDeviceMapLock, OldIrql ); ObDereferenceObject( DosDevicesDirectory ); return Status; } } ExReleaseSpinLock( &ObpDeviceMapLock, OldIrql ); // // The input directory does not have a dos device map. so we'll // allocate and initialize a new device map structure. // DeviceMap = ExAllocatePoolWithTag( NonPagedPool, sizeof( *DeviceMap ), 'mDbO' ); if (DeviceMap == NULL) { ObDereferenceObject( DosDevicesDirectory ); Status = STATUS_INSUFFICIENT_RESOURCES; } else { RtlZeroMemory( DeviceMap, sizeof( *DeviceMap ) ); DeviceMap->ReferenceCount = 1; DeviceMap->DosDevicesDirectory = DosDevicesDirectory; DosDevicesDirectory->DeviceMap = DeviceMap; // // If the caller specified a target process then remove the // processes device map if in use and replace it with the new // one, otherwise set this new device map to the system wide one // and put it into the current process // if (TargetProcess != NULL) { ObDereferenceDeviceMap ( TargetProcess ); TargetProcess->DeviceMap = DeviceMap; } else { ObSystemDeviceMap = DeviceMap; ObDereferenceDeviceMap ( PsGetCurrentProcess() ); PsGetCurrentProcess()->DeviceMap = DeviceMap; } } return( Status ); }

NTSTATUS ObSetSecurityObjectByPointer (  IN PVOID  Object, IN SECURITY_INFORMATION  SecurityInformation, IN PSECURITY_DESCRIPTOR  SecurityDescriptor )

Definition at line 174 of file obse.c. References ASSERT, _OBJECT_TYPE_INITIALIZER::GenericMapping, NTSTATUS(), NULL, OBJECT_TO_OBJECT_HEADER, PAGED_CODE, _OBJECT_TYPE_INITIALIZER::PoolType, _OBJECT_HEADER::SecurityDescriptor, _OBJECT_TYPE_INITIALIZER::SecurityProcedure, SetSecurityDescriptor, Status, _OBJECT_HEADER::Type, and _OBJECT_TYPE::TypeInfo. Referenced by IopChangeDeviceObjectFromRegistryProperties(), IopSetSecurityObjectFromRegistry(), and NtSetSecurityObject(). : This routine is used to invoke an object's security routine. It is used to set the object's security state. This routine is accessible only to the kernel and assumes that all necessary validation of parameters has been done by the caller. Arguments: Object - Supplies the pointer for the object being modified SecurityInformation - Indicates the type of information we are interested in setting. e.g., owner, group, dacl, or sacl. SecurityDescriptor - Supplies the security descriptor for the object being modified. Return Value: An appropriate NTSTATUS value --*/ { NTSTATUS Status; POBJECT_HEADER ObjectHeader; POBJECT_TYPE ObjectType; PAGED_CODE(); // DbgPrint("ObSetSecurityObjectByPointer called for object %#08lx with info " // "%x and descriptor %#08lx\n", // Object, SecurityInformation, SecurityDescriptor); // // Map the object body to an object header and the corresponding // object type // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); ObjectType = ObjectHeader->Type; // // Make sure the passed security descriptor is really there. // ASSERT(ARGUMENT_PRESENT( SecurityDescriptor )); // // Now invoke the security procedure call back to set the security // descriptor for the object // Status = (ObjectType->TypeInfo.SecurityProcedure) ( Object, SetSecurityDescriptor, &SecurityInformation, SecurityDescriptor, NULL, &ObjectHeader->SecurityDescriptor, ObjectType->TypeInfo.PoolType, &ObjectType->TypeInfo.GenericMapping ); // DbgPrint("ObSetSecurityObjectByPointer: object security routine returned " // "%#08lx\n", Status); return( Status ); }

NTSTATUS ObValidateSecurityQuota (  IN PVOID  Object, IN ULONG  NewSize )

Definition at line 1473 of file obse.c. References _OBJECT_HEADER::Flags, NULL, OB_FLAG_DEFAULT_SECURITY_QUOTA, OBJECT_HEADER_TO_QUOTA_INFO, OBJECT_TO_OBJECT_HEADER, PAGED_CODE, SE_DEFAULT_SECURITY_QUOTA, and _OBJECT_HEADER_QUOTA_INFO::SecurityDescriptorCharge. Referenced by RtlpSetSecurityObject(). : This routine will check to see if the new security information is larger than is allowed by the object's pre-allocated quota. Arguments: Object - Supplies a pointer to the object whose information is to be modified. NewSize - Supplies the size of the proposed new security information. Return Value: STATUS_SUCCESS - New size is within alloted quota. STATUS_QUOTA_EXCEEDED - The desired adjustment would have exceeded the permitted security quota for this object. --*/ { POBJECT_HEADER ObjectHeader; POBJECT_HEADER_QUOTA_INFO QuotaInfo; PAGED_CODE(); // // Map the object body to its object header and corresponding // quota information block // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); QuotaInfo = OBJECT_HEADER_TO_QUOTA_INFO( ObjectHeader ); // // If there isn't any quota info and the new size is greater // then the default security quota then if the object uses // the default value then we've exceeded quota otherwise // let the caller get the quota // if ((QuotaInfo == NULL) && (NewSize > SE_DEFAULT_SECURITY_QUOTA)) { if (!(ObjectHeader->Flags & OB_FLAG_DEFAULT_SECURITY_QUOTA)) { // // Should really charge quota here. // return( STATUS_SUCCESS ); } return( STATUS_QUOTA_EXCEEDED ); // // If the quota is not null and the new size is greater than the // allowed quota charge then if the charge is zero we grant the // request otherwise we've exceeded quota. // // **** this logic seems wierd // } else if ((QuotaInfo != NULL) && (NewSize > QuotaInfo->SecurityDescriptorCharge)) { if (QuotaInfo->SecurityDescriptorCharge == 0) { // // Should really charge quota here. // // QuotaInfo->SecurityDescriptorCharge = SeComputeSecurityQuota( NewSize ); return( STATUS_SUCCESS ); } return( STATUS_QUOTA_EXCEEDED ); // // Otherwise we have two cases. (1) there isn't any quota info but // the size is within limits or (2) there is a quota info block and // the size is within the specified security descriptor charge so // return success to our caller // } else { return( STATUS_SUCCESS ); } }

NTSTATUS ObWaitForSingleObject (  IN HANDLE  Handle, IN BOOLEAN  Alertable, IN PLARGE_INTEGER Timeout  OPTIONAL )

Definition at line 837 of file obwait.c. References _OBJECT_TYPE::DefaultObject, EXCEPTION_EXECUTE_HANDLER, FALSE, Handle, KernelMode, KeWaitForSingleObject(), NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, OBJECT_TO_OBJECT_HEADER, ObReferenceObjectByHandle(), PAGED_CODE, Status, _OBJECT_HEADER::Type, and UserRequest. 00845 : 00846 00847 Please refer to NtWaitForSingleObject 00848 00849 Arguments: 00850 00851 Handle - Supplies the handle for the wait object. 00852 00853 Alertable - Supplies a boolean value that specifies whether the wait 00854 is alertable. 00855 00856 Timeout - Supplies an pointer to an absolute or relative time over 00857 which the wait is to occur. 00858 00859 Return Value: 00860 00861 The wait completion status. A value of STATUS_TIMEOUT is returned if a 00862 timeout occurred. A value of STATUS_SUCCESS is returned if the specified 00863 object satisfied the wait. A value of STATUS_ALERTED is returned if the 00864 wait was aborted to deliver an alert to the current thread. A value of 00865 STATUS_USER_APC is returned if the wait was aborted to deliver a user 00866 APC to the current thread. 00867 00868 --*/ 00869 00870 { 00871 POBJECT_HEADER ObjectHeader; 00872 PVOID Object; 00873 NTSTATUS Status; 00874 PVOID WaitObject; 00875 00876 PAGED_CODE(); 00877 00878 // 00879 // Get a referenced pointer to the specified object with synchronize 00880 // access. 00881 // 00882 00883 Status = ObReferenceObjectByHandle( Handle, 00884 SYNCHRONIZE, 00885 (POBJECT_TYPE)NULL, 00886 KernelMode, 00887 &Object, 00888 NULL ); 00889 00890 // 00891 // If access is granted, then check to determine if the specified object 00892 // can be waited on. 00893 // 00894 00895 if (NT_SUCCESS( Status ) != FALSE) { 00896 00897 ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); 00898 00899 if ((LONG_PTR)ObjectHeader->Type->DefaultObject < 0) { 00900 00901 WaitObject = (PVOID)ObjectHeader->Type->DefaultObject; 00902 00903 } else { 00904 00905 WaitObject = (PVOID)((PCHAR)Object + (ULONG_PTR)ObjectHeader->Type->DefaultObject); 00906 } 00907 00908 // 00909 // Protect the wait call just in case KeWait decides 00910 // to raise For example, a mutant level is exceeded 00911 // 00912 00913 try { 00914 00915 Status = KeWaitForSingleObject( WaitObject, 00916 UserRequest, 00917 KernelMode, 00918 Alertable, 00919 Timeout ); 00920 00921 } except(EXCEPTION_EXECUTE_HANDLER) { 00922 00923 Status = GetExceptionCode(); 00924 } 00925 00926 ObDereferenceObject(Object); 00927 } 00928 00929 return Status; 00930 } }

---

Variable Documentation

PDEVICE_MAP ObSystemDeviceMap

Definition at line 249 of file ob.h. Referenced by ObInheritDeviceMap(), ObQueryDeviceMapInformation(), and ObSetDeviceMap().

---