ex.c File Reference

#include "precomp.h"

Go to the source code of this file.

Functions

NTSTATUS OpenEffectiveToken (PHANDLE phToken)

NTSTATUS GetProcessLuid (PETHREAD Thread, PLUID LuidProcess)

BOOLEAN IsRestricted (PETHREAD Thread)

NTSTATUS CreateSystemThread (PKSTART_ROUTINE lpThreadAddress, PVOID pvContext, PHANDLE phThread)

NTSTATUS InitSystemThread (PUNICODE_STRING pstrThreadName)

VOID UserRtlRaiseStatus (NTSTATUS Status)

NTSTATUS CommitReadOnlyMemory (HANDLE hSection, PSIZE_T pCommitSize, DWORD dwCommitOffset, int *pdCommit)

PKEVENT CreateKernelEvent (IN EVENT_TYPE Type, IN BOOLEAN State)

VOID LockObjectAssignment (PVOID *pplock, PVOID pobject)

VOID UnlockObjectAssignment (PVOID *pplock)

VOID UserDereferenceObject (PVOID pobj)

NTSTATUS ProtectHandle (IN HANDLE Handle, IN BOOLEAN Protect)

Function Documentation

NTSTATUS CommitReadOnlyMemory ( HANDLE hSection,

PSIZE_T pCommitSize,

DWORD dwCommitOffset,

int * pdCommit

)

Definition at line 278 of file ex.c.
References MmMapViewOfSection(), MmUnmapViewOfSection(), NT_SUCCESS, NTSTATUS(), NULL, PAGE_SIZE, PBYTE, PsGetCurrentProcess, and Status.
Referenced by HMGrowHandleTable(), HMInitHandleTable(), UserCommitDesktopMemory(), and UserCommitSharedMemory().

00283 { 00284 SIZE_T ulViewSize; 00285 LARGE_INTEGER liOffset; 00286 PEPROCESS Process; 00287 PVOID pUserBase, pvt; 00288 NTSTATUS Status; 00289 00290 ulViewSize = 0; 00291 pUserBase = NULL; 00292 liOffset.QuadPart = 0; 00293 Process = PsGetCurrentProcess(); 00294 00295 Status = MmMapViewOfSection( 00296 hSection, 00297 Process, 00298 &pUserBase, 00299 0, 00300 PAGE_SIZE, 00301 &liOffset, 00302 &ulViewSize, 00303 ViewUnmap, 00304 SEC_NO_CHANGE, 00305 PAGE_EXECUTE_READ); 00306 00307 if (NT_SUCCESS(Status)) { 00308 00309 /* 00310 * Commit the memory 00311 */ 00312 pUserBase = pvt = (PVOID)((PBYTE)pUserBase + dwCommitOffset); 00313 00314 Status = ZwAllocateVirtualMemory( 00315 NtCurrentProcess(), 00316 &pUserBase, 00317 0, 00318 pCommitSize, 00319 MEM_COMMIT, 00320 PAGE_EXECUTE_READ); 00321 00322 if (pdCommit) { 00323 *pdCommit = (int)((PBYTE)pUserBase - (PBYTE)pvt); 00324 } 00325 #if DBG 00326 else { 00327 UserAssert(pvt == pUserBase); 00328 } 00329 #endif 00330 00331 MmUnmapViewOfSection(Process, pUserBase); 00332 } 00333 return Status; 00334 }

PKEVENT CreateKernelEvent ( IN EVENT_TYPE Type,

IN BOOLEAN State

)

Definition at line 346 of file ex.c.
References KeInitializeEvent, and NULL.
Referenced by CreateDeviceInfo(), RawInputThread(), RemoteConnect(), UserInitialize(), xxxDesktopThread(), and xxxInitInput().

00349 { 00350 PKEVENT pEvent; 00351 00352 pEvent = UserAllocPoolNonPaged(sizeof(KEVENT), TAG_SYSTEM); 00353 if (pEvent != NULL) { 00354 KeInitializeEvent(pEvent, Type, State); 00355 } 00356 return pEvent; 00357 }

NTSTATUS CreateSystemThread ( PKSTART_ROUTINE lpThreadAddress,

PVOID pvContext,

PHANDLE phThread

)

Definition at line 131 of file ex.c.
References CheckCritOut, gpepCSRSS, KernelMode, NT_SUCCESS, NTSTATUS(), NULL, ObOpenObjectByPointer(), PsCreateSystemThread(), and Status.
Referenced by VideoPortCallout(), xxxInitInput(), and xxxInitTerminal().

00135 { 00136 NTSTATUS Status; 00137 OBJECT_ATTRIBUTES Obja; 00138 HANDLE hProcess; 00139 00140 CheckCritOut(); 00141 00142 InitializeObjectAttributes(&Obja, 00143 NULL, 00144 0, 00145 NULL, 00146 NULL); 00147 00148 /* 00149 * On WinFrame WIN32K.SYS is in WINSTATION SPACE. We can not 00150 * allow any system threads to access WIN32K.SYS since 00151 * this space is not mapped into the system process. 00152 * 00153 * We need to access the CSRSS 00154 * process regardless of who our caller is. IE: We could be called from 00155 * a CSRSS client who does not have a handle to the CSRSS process in 00156 * its handle table. 00157 */ 00158 UserAssert(gpepCSRSS != NULL); 00159 00160 Status = ObOpenObjectByPointer( 00161 gpepCSRSS, 00162 0, 00163 NULL, 00164 PROCESS_CREATE_THREAD, 00165 NULL, 00166 KernelMode, 00167 &hProcess); 00168 00169 if (!NT_SUCCESS(Status)) { 00170 return Status; 00171 } 00172 00173 UserAssert(hProcess != NULL); 00174 00175 Status = PsCreateSystemThread( 00176 phThread, 00177 THREAD_ALL_ACCESS, 00178 &Obja, 00179 hProcess, 00180 NULL, 00181 lpThreadAddress, 00182 pvContext); 00183 00184 ZwClose(hProcess); 00185 00186 return Status; 00187 }

NTSTATUS GetProcessLuid ( PETHREAD Thread,

PLUID LuidProcess

)

Definition at line 50 of file ex.c.
References NTSTATUS(), NULL, ObDereferenceObject, PsGetCurrentThread, PsReferenceImpersonationToken(), PsReferencePrimaryToken(), SeQueryAuthenticationIdToken(), Status, and _ETHREAD::ThreadsProcess.
Referenced by EndShutdown(), InitiateShutdown(), InitPreviousUserString(), NtUserCreateWindowStation(), NtUserOpenWindowStation(), NtUserPostThreadMessage(), OpenDesktopCompletion(), xxxCreateDesktop2(), xxxInitProcessInfo(), xxxResolveDesktop(), and xxxUpdatePerUserAccessPackSettings().

00054 { 00055 PACCESS_TOKEN UserToken = NULL; 00056 BOOLEAN fCopyOnOpen; 00057 BOOLEAN fEffectiveOnly; 00058 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 00059 NTSTATUS Status; 00060 00061 if (Thread == NULL) 00062 Thread = PsGetCurrentThread(); 00063 00064 // 00065 // Check for a thread token first 00066 // 00067 00068 UserToken = PsReferenceImpersonationToken(Thread, 00069 &fCopyOnOpen, &fEffectiveOnly, &ImpersonationLevel); 00070 00071 if (UserToken == NULL) { 00072 00073 // 00074 // No thread token, go to the process 00075 // 00076 00077 UserToken = PsReferencePrimaryToken(Thread->ThreadsProcess); 00078 if (UserToken == NULL) 00079 return STATUS_NO_TOKEN; 00080 } 00081 00082 Status = SeQueryAuthenticationIdToken(UserToken, LuidProcess); 00083 00084 // 00085 // We're finished with the token 00086 // 00087 00088 ObDereferenceObject(UserToken); 00089 00090 return Status; 00091 }

NTSTATUS InitSystemThread ( PUNICODE_STRING pstrThreadName )

Definition at line 191 of file ex.c.
References CheckCritOut, ClearAppStarting(), EnterCrit, LeaveCrit, NT_SUCCESS, NTSTATUS(), NULL, tagTHREADINFO::ppi, PsGetCurrentThread, tagTHREADINFO::pstrAppName, PtiCurrentShared, Status, _ETHREAD::ThreadsProcess, TRUE, ValidateThreadSessionId, _EPROCESS::Win32Process, and xxxCreateThreadInfo().
Referenced by RawInputThread(), VideoPortCalloutThread(), and xxxDesktopThread().

00193 { 00194 PETHREAD pEThread; 00195 PEPROCESS Process; 00196 PTHREADINFO pti; 00197 NTSTATUS Status; 00198 00199 CheckCritOut(); 00200 00201 pEThread = PsGetCurrentThread(); 00202 Process = pEThread->ThreadsProcess; 00203 00204 ValidateThreadSessionId(pEThread); 00205 00206 /* 00207 * check to see if process is already set, if not, we 00208 * need to set it up as well 00209 */ 00210 if (Process->Win32Process == NULL) { 00211 Status = W32pProcessCallout(Process, TRUE); 00212 if (!NT_SUCCESS(Status)) { 00213 return Status; 00214 } 00215 } 00216 00217 /* 00218 * We have the W32 process (or don't need one). Now get the thread data 00219 * and the kernel stack 00220 */ 00221 Status = AllocateW32Thread(pEThread); 00222 if (!NT_SUCCESS(Status)) { 00223 return Status; 00224 } 00225 00226 EnterCrit(); 00227 00228 /* 00229 * Allocate a pti for this thread 00230 * 00231 * Flag this as a system thread 00232 */ 00233 Status = xxxCreateThreadInfo(pEThread, TRUE); 00234 if (!NT_SUCCESS(Status)) { 00235 FreeW32Thread(pEThread); 00236 LeaveCrit(); 00237 return Status; 00238 } 00239 00240 pti = PtiCurrentShared(); 00241 if (pstrThreadName) { 00242 if (pti->pstrAppName != NULL) 00243 UserFreePool(pti->pstrAppName); 00244 pti->pstrAppName = UserAllocPoolWithQuota(sizeof(UNICODE_STRING) + 00245 pstrThreadName->Length + sizeof(WCHAR), TAG_TEXT); 00246 if (pti->pstrAppName != NULL) { 00247 pti->pstrAppName->Buffer = (PWCHAR)(pti->pstrAppName + 1); 00248 RtlCopyMemory(pti->pstrAppName->Buffer, pstrThreadName->Buffer, 00249 pstrThreadName->Length); 00250 pti->pstrAppName->Buffer[pstrThreadName->Length / sizeof(WCHAR)] = 0; 00251 pti->pstrAppName->MaximumLength = pstrThreadName->Length + sizeof(WCHAR); 00252 pti->pstrAppName->Length = pstrThreadName->Length; 00253 } 00254 } 00255 00256 /* 00257 * Need to clear the W32PF_APPSTARTING bit so that windows created by 00258 * the RIT don't cause the cursor to change to the app starting 00259 * cursor. 00260 */ 00261 if ((pti->ppi != NULL) && (pti->ppi->W32PF_Flags & W32PF_APPSTARTING)) { 00262 ClearAppStarting(pti->ppi); 00263 } 00264 00265 LeaveCrit(); 00266 00267 return STATUS_SUCCESS; 00268 }

BOOLEAN IsRestricted ( PETHREAD Thread )

Definition at line 95 of file ex.c.
References FALSE, NULL, ObDereferenceObject, PsReferenceImpersonationToken(), PsReferencePrimaryToken(), SeTokenIsRestricted(), and _ETHREAD::ThreadsProcess.

00098 { 00099 PACCESS_TOKEN UserToken; 00100 BOOLEAN fCopyOnOpen; 00101 BOOLEAN fEffectiveOnly; 00102 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 00103 BOOLEAN fRestricted = FALSE; 00104 00105 /* 00106 * Check for a thread token first. 00107 */ 00108 UserToken = PsReferenceImpersonationToken(Thread, 00109 &fCopyOnOpen, &fEffectiveOnly, &ImpersonationLevel); 00110 00111 /* 00112 * If no thread token, go to the process. 00113 */ 00114 if (UserToken == NULL) { 00115 UserToken = PsReferencePrimaryToken(Thread->ThreadsProcess); 00116 } 00117 00118 /* 00119 * If we got a token, is it restricted? 00120 */ 00121 if (UserToken != NULL) { 00122 fRestricted = SeTokenIsRestricted(UserToken); 00123 ObDereferenceObject(UserToken); 00124 } 00125 00126 return fRestricted; 00127 }

VOID LockObjectAssignment ( PVOID * pplock,

PVOID pobject

)

Definition at line 368 of file ex.c.
References ExDesktopObjectType, FALSE, LogDesktop, NULL, ObDereferenceObject, OBJECT_TO_OBJECT_HEADER, ObReferenceObject, TRUE, and VOID().

00376 { 00377 PVOID pobjectOld; 00378 00379 /* 00380 * Save old object to dereference AFTER the new object is 00381 * referenced. This will avoid problems with relocking 00382 * the same object. 00383 */ 00384 pobjectOld = *pplock; 00385 00386 /* 00387 * Reference the new object. 00388 */ 00389 if (pobject != NULL) { 00390 ObReferenceObject(pobject); 00391 #ifdef LOGDESKTOPLOCKS 00392 if (OBJECT_TO_OBJECT_HEADER(pobject)->Type == *ExDesktopObjectType) { 00393 LogDesktop(pobject, tag, TRUE, extra); 00394 } 00395 #endif 00396 } 00397 *pplock = pobject; 00398 00399 /* 00400 * Dereference the old object 00401 */ 00402 if (pobjectOld != NULL) { 00403 #ifdef LOGDESKTOPLOCKS 00404 if (OBJECT_TO_OBJECT_HEADER(pobjectOld)->Type == *ExDesktopObjectType) { 00405 LogDesktop(pobjectOld, tag, FALSE, extra); 00406 } 00407 #endif 00408 ObDereferenceObject(pobjectOld); 00409 } 00410 }

NTSTATUS OpenEffectiveToken ( PHANDLE phToken )

Definition at line 17 of file ex.c.
References NT_SUCCESS, NTSTATUS(), Status, and TRUE.
Referenced by _UserTestForWinStaAccess(), and xxxConnectService().

00019 { 00020 NTSTATUS Status; 00021 00022 /* 00023 * Open the client's token. 00024 */ 00025 Status = ZwOpenThreadToken( 00026 NtCurrentThread(), 00027 TOKEN_QUERY, 00028 (BOOLEAN)TRUE, // OpenAsSelf 00029 phToken 00030 ); 00031 if (Status == STATUS_NO_TOKEN) { 00032 00033 /* 00034 * Client wasn't impersonating anyone. Open its process token. 00035 */ 00036 Status = ZwOpenProcessToken( 00037 NtCurrentProcess(), 00038 TOKEN_QUERY, 00039 phToken 00040 ); 00041 } 00042 00043 if (!NT_SUCCESS(Status)) { 00044 RIPMSG1(RIP_WARNING, "Can't open client's token! - Status = %lx", Status); 00045 } 00046 return Status; 00047 }

NTSTATUS ProtectHandle ( IN HANDLE Handle,

IN BOOLEAN Protect

)

Definition at line 464 of file ex.c.
References Handle, NT_SUCCESS, NTSTATUS(), NULL, and Status.
Referenced by RtlInitializeCriticalSectionAndSpinCount(), RtlpCreateCriticalSectionSem(), xxxCreateThreadInfo(), and xxxDestroyThreadInfo().

00467 { 00468 OBJECT_HANDLE_FLAG_INFORMATION HandleInfo; 00469 NTSTATUS Status; 00470 00471 Status = ZwQueryObject( 00472 Handle, 00473 ObjectHandleFlagInformation, 00474 &HandleInfo, 00475 sizeof(HandleInfo), 00476 NULL); 00477 if (NT_SUCCESS(Status)) { 00478 HandleInfo.ProtectFromClose = Protect; 00479 00480 Status = ZwSetInformationObject( 00481 Handle, 00482 ObjectHandleFlagInformation, 00483 &HandleInfo, 00484 sizeof(HandleInfo)); 00485 } 00486 00487 return Status; 00488 }

VOID UnlockObjectAssignment ( PVOID * pplock )

Definition at line 421 of file ex.c.
References ExDesktopObjectType, FALSE, LogDesktop, NULL, ObDereferenceObject, OBJECT_TO_OBJECT_HEADER, and VOID().

00428 { 00429 if (*pplock != NULL) { 00430 #ifdef LOGDESKTOPLOCKS 00431 if (OBJECT_TO_OBJECT_HEADER(*pplock)->Type == *ExDesktopObjectType) { 00432 LogDesktop(*pplock, tag, FALSE, extra); 00433 } 00434 #endif 00435 ObDereferenceObject(*pplock); 00436 *pplock = NULL; 00437 } 00438 }

VOID UserDereferenceObject ( PVOID pobj )

Definition at line 448 of file ex.c.
References ObDereferenceObject, and VOID().

00450 { 00451 ObDereferenceObject(pobj); 00452 }

VOID UserRtlRaiseStatus ( NTSTATUS Status )

Definition at line 271 of file ex.c.
References ExRaiseStatus(), and Status.

00273 { 00274 ExRaiseStatus(Status); 00275 }

Generated on Sat May 15 19:43:33 2004 for test by

1.3.7


Functions
NTSTATUS	OpenEffectiveToken (PHANDLE phToken)
NTSTATUS	GetProcessLuid (PETHREAD Thread, PLUID LuidProcess)
BOOLEAN	IsRestricted (PETHREAD Thread)
NTSTATUS	CreateSystemThread (PKSTART_ROUTINE lpThreadAddress, PVOID pvContext, PHANDLE phThread)
NTSTATUS	InitSystemThread (PUNICODE_STRING pstrThreadName)
VOID	UserRtlRaiseStatus (NTSTATUS Status)
NTSTATUS	CommitReadOnlyMemory (HANDLE hSection, PSIZE_T pCommitSize, DWORD dwCommitOffset, int *pdCommit)
PKEVENT	CreateKernelEvent (IN EVENT_TYPE Type, IN BOOLEAN State)
VOID	LockObjectAssignment (PVOID *pplock, PVOID pobject)
VOID	UnlockObjectAssignment (PVOID *pplock)
VOID	UserDereferenceObject (PVOID pobj)
NTSTATUS	ProtectHandle (IN HANDLE Handle, IN BOOLEAN Protect)