obhandle.c File Reference

#include "obp.h"

Go to the source code of this file.

Defines
#define	GENERIC_ACCESS   (GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL)
Functions
NTSTATUS	ObpIncrementHandleDataBase (IN POBJECT_HEADER ObjectHeader, IN PEPROCESS Process, OUT PULONG NewProcessHandleCount)
NTSTATUS	ObpCaptureHandleInformation (IN OUT PSYSTEM_HANDLE_TABLE_ENTRY_INFO *HandleEntryInfo, IN HANDLE UniqueProcessId, IN PVOID HandleTableEntry, IN HANDLE HandleIndex, IN ULONG Length, IN OUT PULONG RequiredLength)
NTSTATUS	NtDuplicateObject (IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options)
NTSTATUS	ObGetHandleInformation (OUT PSYSTEM_HANDLE_INFORMATION HandleInformation, IN ULONG Length, OUT PULONG ReturnLength OPTIONAL)
NTSTATUS	ObpCaptureHandleInformation (IN OUT PSYSTEM_HANDLE_TABLE_ENTRY_INFO *HandleEntryInfo, IN HANDLE UniqueProcessId, IN PHANDLE_TABLE_ENTRY ObjectTableEntry, IN HANDLE HandleIndex, IN ULONG Length, IN OUT PULONG RequiredLength)
POBJECT_HANDLE_COUNT_ENTRY	ObpInsertHandleCount (POBJECT_HEADER ObjectHeader)
NTSTATUS	ObpIncrementHandleCount (OB_OPEN_REASON OpenReason, PEPROCESS Process, PVOID Object, POBJECT_TYPE ObjectType, PACCESS_STATE AccessState OPTIONAL, KPROCESSOR_MODE AccessMode, ULONG Attributes)
NTSTATUS	ObpIncrementUnnamedHandleCount (PACCESS_MASK DesiredAccess, PEPROCESS Process, PVOID Object, POBJECT_TYPE ObjectType, KPROCESSOR_MODE AccessMode, ULONG Attributes)
NTSTATUS	ObpChargeQuotaForObject (IN POBJECT_HEADER ObjectHeader, IN POBJECT_TYPE ObjectType, OUT PBOOLEAN NewObject)
VOID	ObpDecrementHandleCount (PEPROCESS Process, POBJECT_HEADER ObjectHeader, POBJECT_TYPE ObjectType, ACCESS_MASK GrantedAccess)
NTSTATUS	ObpCreateHandle (IN OB_OPEN_REASON OpenReason, IN PVOID Object, IN POBJECT_TYPE ExpectedObjectType OPTIONAL, IN PACCESS_STATE AccessState, IN ULONG ObjectPointerBias OPTIONAL, IN ULONG Attributes, IN BOOLEAN DirectoryLocked, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReferencedNewObject OPTIONAL, OUT PHANDLE Handle)
NTSTATUS	ObpCreateUnnamedHandle (IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias OPTIONAL, IN ULONG Attributes, IN KPROCESSOR_MODE AccessMode, OUT PVOID *ReferencedNewObject OPTIONAL, OUT PHANDLE Handle)
NTSTATUS	ObpValidateDesiredAccess (IN ACCESS_MASK DesiredAccess)
Variables
KMUTANT	ObpInitKillMutant

---

Define Documentation

#define GENERIC_ACCESS   (GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL)

Definition at line 27 of file obhandle.c. Referenced by NtDuplicateObject(), ObpIncrementHandleCount(), ObpIncrementUnnamedHandleCount(), and SeCreateAccessState().

---

Function Documentation

NTSTATUS NtDuplicateObject (  IN HANDLE  SourceProcessHandle, IN HANDLE  SourceHandle, IN HANDLE TargetProcessHandle  OPTIONAL, OUT PHANDLE TargetHandle  OPTIONAL, IN ACCESS_MASK  DesiredAccess, IN ULONG  HandleAttributes, IN ULONG  Options )

Definition at line 163 of file obhandle.c. References ASSERT, AUX_ACCESS_DATA, _HANDLE_TABLE_ENTRY::CreatorBackTraceIndex, EXCEPTION_EXECUTE_HANDLER, ExCreateHandle(), Executive, FALSE, _ACCESS_STATE::GenerateOnClose, GENERIC_ACCESS, _OBJECT_TYPE_INITIALIZER::GenericMapping, _HANDLE_TABLE_ENTRY::GrantedAccess, _OBJECT_HANDLE_INFORMATION::GrantedAccess, _HANDLE_TABLE_ENTRY::GrantedAccessIndex, _OBJECT_HANDLE_INFORMATION::HandleAttributes, KeAttachProcess(), KeDetachProcess(), KeEnterCriticalRegion, KeLeaveCriticalRegion, KeReleaseMutant(), KernelMode, KeWaitForSingleObject(), KPROCESSOR_MODE, NT_SUCCESS, NtClose(), NtGlobalFlag, NTSTATUS(), NULL, _HANDLE_TABLE_ENTRY::ObAttributes, ObDereferenceObject, ObDuplicateHandle, OBJ_AUDIT_OBJECT_CLOSE, OBJ_HANDLE_ATTRIBUTES, _HANDLE_TABLE_ENTRY::Object, OBJECT_TO_OBJECT_HEADER, ObpDecrementHandleCount(), ObpGetObjectTable, ObpIncrementHandleCount(), ObpInitKillMutant, ObpValidateDesiredAccess(), ObReferenceObjectByHandle(), ProbeForWriteHandle, PsGetCurrentProcess, PsProcessType, RtlMapGenericMask(), SeAuditHandleCreation(), SeAuditHandleDuplication(), SeCreateAccessState(), _OBJECT_TYPE_INITIALIZER::SecurityProcedure, SeDefaultObjectMethod(), SeDeleteAccessState(), SeDetailedAuditing, Status, TRUE, _OBJECT_HEADER::Type, _OBJECT_TYPE::TypeInfo, and _OBJECT_TYPE_INITIALIZER::ValidAccessMask. Referenced by AllocateConsole(), ConsoleClientShutdown(), InitWindowsStuff(), PropertiesDlgShow(), PropertiesUpdate(), RtlpChangeQueryDebugBufferTarget(), RtlpIOWorkerThread(), RtlpWaitThread(), RtlpWorkerThread(), SepServerWaitForNextConnect(), SrvConsoleNotifyLastClose(), SrvRegisterConsoleVDM(), SrvSetConsoleCP(), SrvSetConsoleDisplayMode(), and TestTokenCreate(). : This function creates a handle that is a duplicate of the specified source handle. The source handle is evaluated in the context of the specified source process. The calling process must have PROCESS_DUP_HANDLE access to the source process. The duplicate handle is created with the specified attributes and desired access. The duplicate handle is created in the handle table of the specified target process. The calling process must have PROCESS_DUP_HANDLE access to the target process. Arguments: SourceProcessHandle - Supplies a handle to the source process for the handle being duplicated SourceHandle - Supplies the handle being duplicated TargetProcessHandle - Optionally supplies a handle to the target process that is to receive the new handle TargetHandle - Optionally returns a the new duplicated handle DesiredAccess - Desired access for the new handle HandleAttributes - Desired attributes for the new handle Options - Duplication options that control things like close source, same access, and same attributes. Return Value: TBS --*/ { KPROCESSOR_MODE PreviousMode; NTSTATUS Status; PVOID SourceObject; POBJECT_HEADER ObjectHeader; POBJECT_TYPE ObjectType; PEPROCESS SourceProcess; PEPROCESS TargetProcess; BOOLEAN Attached; PVOID ObjectTable; HANDLE_TABLE_ENTRY ObjectTableEntry; OBJECT_HANDLE_INFORMATION HandleInformation; HANDLE NewHandle; ACCESS_STATE AccessState; AUX_ACCESS_DATA AuxData; ACCESS_MASK SourceAccess; ACCESS_MASK TargetAccess; PACCESS_STATE PassedAccessState = NULL; // // Get previous processor mode and probe output arguments if necessary. // PreviousMode = KeGetPreviousMode(); if (ARGUMENT_PRESENT( TargetHandle ) && (PreviousMode != KernelMode)) { try { ProbeForWriteHandle( TargetHandle ); } except( EXCEPTION_EXECUTE_HANDLER ) { return( GetExceptionCode() ); } } // // If the caller is not asking for the same access then // validate the access they are requesting doesn't contain // any bad bits // if (!(Options & DUPLICATE_SAME_ACCESS)) { Status = ObpValidateDesiredAccess( DesiredAccess ); if (!NT_SUCCESS( Status )) { return( Status ); } } // // The Attached variable indicates if we needed to // attach to the source process because it was not the // current process. // Attached = FALSE; // // Given the input source process handle get a pointer // to the source process object // Status = ObReferenceObjectByHandle( SourceProcessHandle, PROCESS_DUP_HANDLE, PsProcessType, PreviousMode, (PVOID *)&SourceProcess, NULL ); if (!NT_SUCCESS( Status )) { return Status; } // // Lock down access to the process object tables // KeEnterCriticalRegion(); KeWaitForSingleObject( &ObpInitKillMutant, Executive, KernelMode, FALSE, NULL ); // // Make sure the source process has an object table still // if ( SourceProcess->ObjectTable == NULL ) { KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); KeLeaveCriticalRegion(); ObDereferenceObject( SourceProcess ); return STATUS_PROCESS_IS_TERMINATING; } // // If the specified source process is not the current process, attach // to the specified source process. Then after we reference the object // we can detach from the process. // if (PsGetCurrentProcess() != SourceProcess) { KeAttachProcess( &SourceProcess->Pcb ); Attached = TRUE; } // // The the input source handle get a pointer to the // source object itself, then detach from the process // if necessary and check if we were given a good // source handle. // Status = ObReferenceObjectByHandle( SourceHandle, 0, (POBJECT_TYPE)NULL, PreviousMode, &SourceObject, &HandleInformation ); if (Attached) { KeDetachProcess(); Attached = FALSE; } if (!NT_SUCCESS( Status )) { KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); KeLeaveCriticalRegion(); ObDereferenceObject( SourceProcess ); return( Status ); } // // We are all done if no target process handle was specified. // This is practially a noop because the only really end result // could be that we've closed the source handle. // if (!ARGUMENT_PRESENT( TargetProcessHandle )) { // // If no TargetProcessHandle, then only possible option is to close // the source handle in the context of the source process. // if (!(Options & DUPLICATE_CLOSE_SOURCE)) { Status = STATUS_INVALID_PARAMETER; } if (Options & DUPLICATE_CLOSE_SOURCE) { KeAttachProcess( &SourceProcess->Pcb ); NtClose( SourceHandle ); KeDetachProcess(); } KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); KeLeaveCriticalRegion(); ObDereferenceObject( SourceObject ); ObDereferenceObject( SourceProcess ); return( Status ); } SourceAccess = HandleInformation.GrantedAccess; // // At this point the caller did specify for a target process // So from the target process handle get a pointer to the // target process object. // Status = ObReferenceObjectByHandle( TargetProcessHandle, PROCESS_DUP_HANDLE, PsProcessType, PreviousMode, (PVOID *)&TargetProcess, NULL ); // // If we cannot get the traget process object then close the // source down if requsted, cleanup and return to our caller // if (!NT_SUCCESS( Status )) { if (Options & DUPLICATE_CLOSE_SOURCE) { KeAttachProcess( &SourceProcess->Pcb ); NtClose( SourceHandle ); KeDetachProcess(); } KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); KeLeaveCriticalRegion(); ObDereferenceObject( SourceObject ); ObDereferenceObject( SourceProcess ); return( Status ); } // // Make sure the target process has not exited // if ( TargetProcess->ObjectTable == NULL ) { if (Options & DUPLICATE_CLOSE_SOURCE) { KeAttachProcess( &SourceProcess->Pcb ); NtClose( SourceHandle ); KeDetachProcess(); } KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); KeLeaveCriticalRegion(); ObDereferenceObject( SourceObject ); ObDereferenceObject( SourceProcess ); ObDereferenceObject( TargetProcess ); return STATUS_PROCESS_IS_TERMINATING; } // // If the specified target process is not the current process, attach // to the specified target process. // if (PsGetCurrentProcess() != TargetProcess) { KeAttachProcess( &TargetProcess->Pcb ); Attached = TRUE; } // // Construct the proper desired access and attributes for the new handle // if (Options & DUPLICATE_SAME_ACCESS) { DesiredAccess = SourceAccess; } if (Options & DUPLICATE_SAME_ATTRIBUTES) { HandleAttributes = HandleInformation.HandleAttributes; } else { // // Always propogate auditing information. // HandleAttributes |= HandleInformation.HandleAttributes & OBJ_AUDIT_OBJECT_CLOSE; } // // Get the object header for the source object // ObjectHeader = OBJECT_TO_OBJECT_HEADER( SourceObject ); ObjectType = ObjectHeader->Type; ObjectTableEntry.Object = ObjectHeader; ObjectTableEntry.ObAttributes |= (HandleAttributes & OBJ_HANDLE_ATTRIBUTES); // // If any of the generic access bits are specified then map those to more // specific access bits // if ((DesiredAccess & GENERIC_ACCESS) != 0) { RtlMapGenericMask( &DesiredAccess, &ObjectType->TypeInfo.GenericMapping ); } // // Make sure to preserve ACCESS_SYSTEM_SECURITY, which most likely is not // found in the ValidAccessMask // TargetAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask | ACCESS_SYSTEM_SECURITY); // // If the access requested for the target is a superset of the // access allowed in the source, perform full AVR. If it is a // subset or equal, do not perform any access validation. // // Do not allow superset access if object type has a private security // method, as there is no means to call them in this case to do the // access check. // // If the AccessState is not passed to ObpIncrementHandleCount // there will be no AVR. // if (TargetAccess & ~SourceAccess) { if (ObjectType->TypeInfo.SecurityProcedure == SeDefaultObjectMethod) { Status = SeCreateAccessState( &AccessState, &AuxData, TargetAccess, // DesiredAccess &ObjectType->TypeInfo.GenericMapping ); PassedAccessState = &AccessState; } else { Status = STATUS_ACCESS_DENIED; } } else { // // Do not perform AVR // PassedAccessState = NULL; Status = STATUS_SUCCESS; } // // Increment the new handle count and get a pointer to // the target processes object table // if ( NT_SUCCESS( Status )) { Status = ObpIncrementHandleCount( ObDuplicateHandle, PsGetCurrentProcess(), // this is already the target process SourceObject, ObjectType, PassedAccessState, PreviousMode, HandleAttributes ); ObjectTable = ObpGetObjectTable(); ASSERT(ObjectTable); } if (Attached) { KeDetachProcess(); Attached = FALSE; } if (Options & DUPLICATE_CLOSE_SOURCE) { KeAttachProcess( &SourceProcess->Pcb ); NtClose( SourceHandle ); KeDetachProcess(); } if (!NT_SUCCESS( Status )) { if (PassedAccessState != NULL) { SeDeleteAccessState( PassedAccessState ); } KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); KeLeaveCriticalRegion(); ObDereferenceObject( SourceObject ); ObDereferenceObject( SourceProcess ); ObDereferenceObject( TargetProcess ); return( Status ); } if ((PassedAccessState != NULL) && (PassedAccessState->GenerateOnClose == TRUE)) { // // If we performed AVR opening the handle, then mark the handle as needing // auditing when it's closed. // ObjectTableEntry.ObAttributes |= OBJ_AUDIT_OBJECT_CLOSE; } #if i386 && !FPO if (NtGlobalFlag & FLG_KERNEL_STACK_TRACE_DB) { ObjectTableEntry.GrantedAccessIndex = ObpComputeGrantedAccessIndex( TargetAccess ); ObjectTableEntry.CreatorBackTraceIndex = RtlLogStackBackTrace(); } else { ObjectTableEntry.GrantedAccess = TargetAccess; } #else ObjectTableEntry.GrantedAccess = TargetAccess; #endif // i386 && !FPO // // Now that we've constructed a new object table entry for the duplicated handle // we need to add it to the object table of the target process NewHandle = ExCreateHandle( ObjectTable, &ObjectTableEntry ); if (NewHandle) { // // We have a new handle to audit the creation of the new handle if // AVR was done. And set the optional output handle variable. Note // that if we reach here the status variable is already a success // if (PassedAccessState != NULL) { SeAuditHandleCreation( PassedAccessState, NewHandle ); } if (SeDetailedAuditing && (ObjectTableEntry.ObAttributes & OBJ_AUDIT_OBJECT_CLOSE)) { SeAuditHandleDuplication( SourceHandle, NewHandle, SourceProcess, TargetProcess ); } if (ARGUMENT_PRESENT( TargetHandle )) { try { *TargetHandle = NewHandle; } except( EXCEPTION_EXECUTE_HANDLER ) { // // Fall through, since we cannot undo what we have done. // } } } else { // // We didn't get a new handle to decrement the handle count dereference // the necessary objects, set the optional output variable and indicate // why we're failing // ObpDecrementHandleCount( TargetProcess, ObjectHeader, ObjectType, TargetAccess ); ObDereferenceObject( SourceObject ); if (ARGUMENT_PRESENT( TargetHandle )) { try { *TargetHandle = (HANDLE)NULL; } except( EXCEPTION_EXECUTE_HANDLER ) { // // Fall through so we can return the correct status. // } } Status = STATUS_INSUFFICIENT_RESOURCES; } // // Cleanup from our selfs and then return to our caller // if (PassedAccessState != NULL) { SeDeleteAccessState( PassedAccessState ); } KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); KeLeaveCriticalRegion(); ObDereferenceObject( SourceProcess ); ObDereferenceObject( TargetProcess ); return( Status ); }

NTSTATUS ObGetHandleInformation (  OUT PSYSTEM_HANDLE_INFORMATION  HandleInformation, IN ULONG  Length, OUT PULONG ReturnLength  OPTIONAL )

Definition at line 745 of file obhandle.c. References ExSnapShotHandleTables(), NTSTATUS(), ObpCaptureHandleInformation(), PAGED_CODE, and Status. Referenced by ExpGetHandleInformation(). : This routine returns information about the specified handle. Arguments: HandleInformation - Supplies an array of handle information structures to fill in Length - Supplies the length the handle information array in bytes ReturnLength - Receives the number of bytes used by this call Return Value: An appropriate status value --*/ { NTSTATUS Status; ULONG RequiredLength; PAGED_CODE(); RequiredLength = FIELD_OFFSET( SYSTEM_HANDLE_INFORMATION, Handles ); if (Length < RequiredLength) { return( STATUS_INFO_LENGTH_MISMATCH ); } HandleInformation->NumberOfHandles = 0; // // For every handle in every handle table we'll be calling // our callback routine // Status = ExSnapShotHandleTables( ObpCaptureHandleInformation, HandleInformation, Length, &RequiredLength ); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = RequiredLength; } return( Status ); }

NTSTATUS ObpCaptureHandleInformation (  IN OUT PSYSTEM_HANDLE_TABLE_ENTRY_INFO *  HandleEntryInfo, IN HANDLE  UniqueProcessId, IN PHANDLE_TABLE_ENTRY  ObjectTableEntry, IN HANDLE  HandleIndex, IN ULONG  Length, IN OUT PULONG  RequiredLength )

Definition at line 807 of file obhandle.c. References _OBJECT_HEADER::Body, _OBJECT_TYPE::Index, NtGlobalFlag, NTSTATUS(), OBJ_HANDLE_ATTRIBUTES, Status, _OBJECT_HEADER::Type, and USHORT. : This is the callback routine of ObGetHandleInformation Arguments: HandleEntryInfo - Supplies a pointer to the output buffer to receive the handle information UniqueProcessId - Supplies the process id of the caller ObjectTableEntry - Supplies the handle table entry that is being captured HandleIndex - Supplies the index for the preceding handle table entry Length - Specifies the length, in bytes, of the original user buffer RequiredLength - Specifies the length, in bytes, that has already been used in the buffer to store information. On return this receives the updated number of bytes being used. Note that the HandleEntryInfo does not necessarily point to the start of the original user buffer. It will have been offset by the feed-in RequiredLength value. Return Value: An appropriate status value --*/ { NTSTATUS Status; POBJECT_HEADER ObjectHeader; // // Figure out who much size we really need to contain this extra record // and then check that it fits. // *RequiredLength += sizeof( SYSTEM_HANDLE_TABLE_ENTRY_INFO ); if (Length < *RequiredLength) { Status = STATUS_INFO_LENGTH_MISMATCH; } else { // // Get the object header from the table entry and then copy over the information // ObjectHeader = (POBJECT_HEADER)(((ULONG_PTR)(ObjectTableEntry->Object)) & ~OBJ_HANDLE_ATTRIBUTES); (*HandleEntryInfo)->UniqueProcessId = (USHORT)((ULONG_PTR)UniqueProcessId); (*HandleEntryInfo)->HandleAttributes = (UCHAR)(ObjectTableEntry->ObAttributes & OBJ_HANDLE_ATTRIBUTES); (*HandleEntryInfo)->ObjectTypeIndex = (UCHAR)(ObjectHeader->Type->Index); (*HandleEntryInfo)->HandleValue = (USHORT)((ULONG_PTR)(HandleIndex)); (*HandleEntryInfo)->Object = &ObjectHeader->Body; (*HandleEntryInfo)->CreatorBackTraceIndex = 0; #if i386 && !FPO if (NtGlobalFlag & FLG_KERNEL_STACK_TRACE_DB) { (*HandleEntryInfo)->CreatorBackTraceIndex = ObjectTableEntry->CreatorBackTraceIndex; (*HandleEntryInfo)->GrantedAccess = ObpTranslateGrantedAccessIndex( ObjectTableEntry->GrantedAccessIndex ); } else { (*HandleEntryInfo)->GrantedAccess = ObjectTableEntry->GrantedAccess; } #else (*HandleEntryInfo)->GrantedAccess = ObjectTableEntry->GrantedAccess; #endif // i386 && !FPO (*HandleEntryInfo)++; Status = STATUS_SUCCESS; } return( Status ); }

NTSTATUS ObpCaptureHandleInformation (  IN OUT PSYSTEM_HANDLE_TABLE_ENTRY_INFO *  HandleEntryInfo, IN HANDLE  UniqueProcessId, IN PVOID  HandleTableEntry, IN HANDLE  HandleIndex, IN ULONG  Length, IN OUT PULONG  RequiredLength )

Referenced by ObGetHandleInformation().

NTSTATUS ObpChargeQuotaForObject (  IN POBJECT_HEADER  ObjectHeader, IN POBJECT_TYPE  ObjectType, OUT PBOOLEAN  NewObject )

Definition at line 1861 of file obhandle.c. References FALSE, _OBJECT_HEADER_QUOTA_INFO::NonPagedPoolCharge, NULL, OB_FLAG_DEFAULT_SECURITY_QUOTA, OB_FLAG_NEW_OBJECT, OBJECT_HEADER_TO_QUOTA_INFO, _OBJECT_HEADER_QUOTA_INFO::PagedPoolCharge, PsChargeSharedPoolQuota(), PsGetCurrentProcess, SE_DEFAULT_SECURITY_QUOTA, _OBJECT_HEADER_QUOTA_INFO::SecurityDescriptorCharge, and TRUE. Referenced by ObpIncrementHandleCount(), and ObpIncrementUnnamedHandleCount(). : This routine charges quota against the current process for the new object Arguments: ObjectHeader - Supplies a pointer to the new object being charged for ObjectType - Supplies the type of the new object NewObject - Returns true if the object is really new and false otherwise Return Value: An appropriate status value --*/ { POBJECT_HEADER_QUOTA_INFO QuotaInfo; ULONG NonPagedPoolCharge; ULONG PagedPoolCharge; // // Get a pointer to the quota block for this object // QuotaInfo = OBJECT_HEADER_TO_QUOTA_INFO( ObjectHeader ); *NewObject = FALSE; // // If the object is new then we have work to do otherwise // we'll return with NewObject set to false // if (ObjectHeader->Flags & OB_FLAG_NEW_OBJECT) { // // Say the object now isn't new // ObjectHeader->Flags &= ~OB_FLAG_NEW_OBJECT; // // If there does exist a quota info structure for this // object then calculate what our charge should be from // the information stored in that structure // if (QuotaInfo != NULL) { PagedPoolCharge = QuotaInfo->PagedPoolCharge + QuotaInfo->SecurityDescriptorCharge; NonPagedPoolCharge = QuotaInfo->NonPagedPoolCharge; } else { // // There isn't any quota information so we're on our own // Paged pool charge is the default for the object plus // the security descriptor if present. Nonpaged pool charge // is the default for the object. // PagedPoolCharge = ObjectType->TypeInfo.DefaultPagedPoolCharge; if (ObjectHeader->SecurityDescriptor != NULL) { ObjectHeader->Flags |= OB_FLAG_DEFAULT_SECURITY_QUOTA; PagedPoolCharge += SE_DEFAULT_SECURITY_QUOTA; } NonPagedPoolCharge = ObjectType->TypeInfo.DefaultNonPagedPoolCharge; } // // Now charge for the quota and make sure it succeeds // ObjectHeader->QuotaBlockCharged = (PVOID)PsChargeSharedPoolQuota( PsGetCurrentProcess(), PagedPoolCharge, NonPagedPoolCharge ); if (ObjectHeader->QuotaBlockCharged == NULL) { return STATUS_QUOTA_EXCEEDED; } *NewObject = TRUE; } return STATUS_SUCCESS; }

NTSTATUS ObpCreateHandle (  IN OB_OPEN_REASON  OpenReason, IN PVOID  Object, IN POBJECT_TYPE ExpectedObjectType  OPTIONAL, IN PACCESS_STATE  AccessState, IN ULONG ObjectPointerBias  OPTIONAL, IN ULONG  Attributes, IN BOOLEAN  DirectoryLocked, IN KPROCESSOR_MODE  AccessMode, OUT PVOID *ReferencedNewObject  OPTIONAL, OUT PHANDLE  Handle )

Definition at line 2160 of file obhandle.c. References _HANDLE_TABLE_ENTRY::CreatorBackTraceIndex, EncodeKernelHandle, ExCreateHandle(), FALSE, _HANDLE_TABLE_ENTRY::GrantedAccess, _HANDLE_TABLE_ENTRY::GrantedAccessIndex, Handle, KernelMode, KeStackAttachProcess(), KeUnstackDetachProcess(), NT_SUCCESS, NtGlobalFlag, NTSTATUS(), NULL, _HANDLE_TABLE_ENTRY::ObAttributes, ObCreateHandle, OBJ_AUDIT_OBJECT_CLOSE, OBJ_HANDLE_ATTRIBUTES, _HANDLE_TABLE_ENTRY::Object, OBJECT_TO_OBJECT_HEADER, ObpDecrementHandleCount(), ObpDecrPointerCount, ObpGetObjectTable, ObpIncrementHandleCount(), ObpIncrPointerCount, ObpKernelHandleTable, ObpLeaveRootDirectoryMutex, ObpValidateIrql, PAGED_CODE, PAUX_ACCESS_DATA, _EPROCESS::Pcb, _AUX_ACCESS_DATA::PrivilegesUsed, PsGetCurrentProcess, PsInitialSystemProcess, SeAuditHandleCreation(), SePrivilegeObjectAuditAlarm(), Status, TRUE, _OBJECT_HEADER::Type, _OBJECT_TYPE::TypeInfo, and _OBJECT_TYPE_INITIALIZER::ValidAccessMask. Referenced by ObInsertObject(), ObOpenObjectByName(), and ObOpenObjectByPointer(). : This function creates a new handle to an existing object Arguments: OpenReason - The reason why we are doing this work Object - A pointer to the body of the new object ExpectedObjectType - Optionally Supplies the object type that the caller is expecting AccessState - Supplies the access state for the handle requested by the caller ObjectPointerBias - Optionally supplies a count of addition increments we do to the pointer count for the object Attributes - Desired attributes for the handle DirectoryLocked - Indicates if the root directory mutex is already held AccessMode - Supplies the mode of the requestor. ReferencedNewObject - Optionally receives a pointer to the body of the new object Handle - Receives the new handle value Return Value: An appropriate status value --*/ { NTSTATUS Status; POBJECT_HEADER ObjectHeader; POBJECT_TYPE ObjectType; PVOID ObjectTable; HANDLE_TABLE_ENTRY ObjectTableEntry; HANDLE NewHandle; ACCESS_MASK DesiredAccess; ACCESS_MASK GrantedAccess; ULONG BiasCount; BOOLEAN AttachedToProcess = FALSE; BOOLEAN KernelHandle = FALSE; KAPC_STATE ApcState; PAGED_CODE(); ObpValidateIrql( "ObpCreateHandle" ); // // Merge both the remaining desired access and the currently // granted access states into one mask // // **** why is this being done here and then later in the this // same routine. // DesiredAccess = AccessState->RemainingDesiredAccess | AccessState->PreviouslyGrantedAccess; // // Get a pointer to the object header and object type // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); ObjectType = ObjectHeader->Type; // // If the object type isn't what was expected then // return an error to our caller, but first see if // we should release the directory mutex // if ((ARGUMENT_PRESENT( ExpectedObjectType )) && (ObjectType != ExpectedObjectType )) { if (DirectoryLocked) { ObpLeaveRootDirectoryMutex(); } return( STATUS_OBJECT_TYPE_MISMATCH ); } // // Set the first ulong of the object table entry to point // back to the object header // ObjectTableEntry.Object = ObjectHeader; // // Now get a pointer to the object table for either the current process // of the kernel handle table // if ((Attributes & OBJ_KERNEL_HANDLE) && (AccessMode == KernelMode)) { ObjectTable = ObpKernelHandleTable; KernelHandle = TRUE; // // Go to the system process if we have to // if (PsGetCurrentProcess() != PsInitialSystemProcess) { KeStackAttachProcess (&PsInitialSystemProcess->Pcb, &ApcState); AttachedToProcess = TRUE; } } else { ObjectTable = ObpGetObjectTable(); } // // ObpIncrementHandleCount will perform access checking on the // object being opened as appropriate. // Status = ObpIncrementHandleCount( OpenReason, PsGetCurrentProcess(), Object, ObjectType, AccessState, AccessMode, Attributes ); if (AccessState->GenerateOnClose) { Attributes |= OBJ_AUDIT_OBJECT_CLOSE; } // // Or in some low order bits into the first ulong of the object // table entry // ObjectTableEntry.ObAttributes |= (Attributes & OBJ_HANDLE_ATTRIBUTES); // // Merge both the remaining desired access and the currently // granted access states into one mask and then compute // the granted access // DesiredAccess = AccessState->RemainingDesiredAccess | AccessState->PreviouslyGrantedAccess; GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask | ACCESS_SYSTEM_SECURITY ); // // Unlock the directory if it is locked and make sure // we've been successful so far // if (DirectoryLocked) { ObpLeaveRootDirectoryMutex(); } if (!NT_SUCCESS( Status )) { // // If we are attached to the system process then return // back to our caller // if (AttachedToProcess) { KeUnstackDetachProcess(&ApcState); AttachedToProcess = FALSE; } return( Status ); } // // Bias the pointer count if that is what the caller wanted // if (ARGUMENT_PRESENT( (PVOID)(ULONG_PTR)ObjectPointerBias )) { BiasCount = ObjectPointerBias; while (BiasCount--) { ObpIncrPointerCount( ObjectHeader ); } } // // Set the granted access mask in the object table entry (second ulong) // #if i386 && !FPO if (NtGlobalFlag & FLG_KERNEL_STACK_TRACE_DB) { ObjectTableEntry.GrantedAccessIndex = ObpComputeGrantedAccessIndex( GrantedAccess ); ObjectTableEntry.CreatorBackTraceIndex = RtlLogStackBackTrace(); } else { ObjectTableEntry.GrantedAccess = GrantedAccess; } #else ObjectTableEntry.GrantedAccess = GrantedAccess; #endif // i386 && !FPO // // Add this new object table entry to the object table for the process // NewHandle = ExCreateHandle( ObjectTable, &ObjectTableEntry ); // // If we didn't get a handle then cleanup after ourselves and return // the error to our caller // if (NewHandle == NULL) { if (ARGUMENT_PRESENT( (PVOID)(ULONG_PTR)ObjectPointerBias )) { BiasCount = ObjectPointerBias; while (BiasCount--) { ObpDecrPointerCount( ObjectHeader ); } } ObpDecrementHandleCount( PsGetCurrentProcess(), ObjectHeader, ObjectType, GrantedAccess ); // // If we are attached to the system process then return // back to our caller // if (AttachedToProcess) { KeUnstackDetachProcess(&ApcState); AttachedToProcess = FALSE; } return( STATUS_INSUFFICIENT_RESOURCES ); } // // We have a new Ex style handle now make it an ob style handle and also // adjust for the kernel handle by setting the sign bit in the handle // value // if (KernelHandle) { NewHandle = EncodeKernelHandle( NewHandle ); } *Handle = NewHandle; // // If requested, generate audit messages to indicate that a new handle // has been allocated. // // This is the final security operation in the creation/opening of the // object. // if ( AccessState->GenerateAudit ) { SeAuditHandleCreation( AccessState, *Handle ); } if (OpenReason == ObCreateHandle) { PAUX_ACCESS_DATA AuxData = AccessState->AuxData; if ( ( AuxData->PrivilegesUsed != NULL) && (AuxData->PrivilegesUsed->PrivilegeCount > 0) ) { SePrivilegeObjectAuditAlarm( *Handle, &AccessState->SubjectSecurityContext, GrantedAccess, AuxData->PrivilegesUsed, TRUE, KeGetPreviousMode() ); } } // // If the caller had a pointer bias and wanted the new reference object // then return that value // if ((ARGUMENT_PRESENT( (PVOID)(ULONG_PTR)ObjectPointerBias )) && (ARGUMENT_PRESENT( ReferencedNewObject ))) { *ReferencedNewObject = Object; } // // If we are attached to the system process then return // back to our caller // if (AttachedToProcess) { KeUnstackDetachProcess(&ApcState); AttachedToProcess = FALSE; } // // And return to our caller // return( STATUS_SUCCESS ); }

NTSTATUS ObpCreateUnnamedHandle (  IN PVOID  Object, IN ACCESS_MASK  DesiredAccess, IN ULONG ObjectPointerBias  OPTIONAL, IN ULONG  Attributes, IN KPROCESSOR_MODE  AccessMode, OUT PVOID *ReferencedNewObject  OPTIONAL, OUT PHANDLE  Handle )

Definition at line 2507 of file obhandle.c. References _HANDLE_TABLE_ENTRY::CreatorBackTraceIndex, EncodeKernelHandle, ExCreateHandle(), FALSE, _HANDLE_TABLE_ENTRY::GrantedAccess, _HANDLE_TABLE_ENTRY::GrantedAccessIndex, Handle, KernelMode, KeStackAttachProcess(), KeUnstackDetachProcess(), NT_SUCCESS, NtGlobalFlag, NTSTATUS(), NULL, _HANDLE_TABLE_ENTRY::ObAttributes, OBJ_HANDLE_ATTRIBUTES, _HANDLE_TABLE_ENTRY::Object, OBJECT_TO_OBJECT_HEADER, ObpDecrementHandleCount(), ObpDecrPointerCount, ObpGetObjectTable, ObpIncrementUnnamedHandleCount(), ObpIncrPointerCount, ObpKernelHandleTable, ObpValidateIrql, PAGED_CODE, _EPROCESS::Pcb, PsGetCurrentProcess, PsInitialSystemProcess, Status, TRUE, _OBJECT_HEADER::Type, _OBJECT_TYPE::TypeInfo, and _OBJECT_TYPE_INITIALIZER::ValidAccessMask. Referenced by ObInsertObject(). : This function creates a new unnamed handle for an existing object Arguments: Object - A pointer to the body of the new object DesiredAccess - Supplies the access mask being requsted ObjectPointerBias - Optionally supplies a count of addition increments we do to the pointer count for the object Attributes - Desired attributes for the handle AccessMode - Supplies the mode of the requestor. ReferencedNewObject - Optionally receives a pointer to the body of the new object Handle - Receives the new handle value Return Value: An appropriate status value --*/ { NTSTATUS Status; POBJECT_HEADER ObjectHeader; POBJECT_TYPE ObjectType; PVOID ObjectTable; HANDLE_TABLE_ENTRY ObjectTableEntry; HANDLE NewHandle; ULONG BiasCount; ACCESS_MASK GrantedAccess; BOOLEAN AttachedToProcess = FALSE; BOOLEAN KernelHandle = FALSE; KAPC_STATE ApcState; PAGED_CODE(); ObpValidateIrql( "ObpCreateUnnamedHandle" ); // // Get the object header and type for the new object // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); ObjectType = ObjectHeader->Type; // // Set the first ulong of the object table entry to point // to the object header and then or in the low order attribute // bits // ObjectTableEntry.Object = ObjectHeader; ObjectTableEntry.ObAttributes |= (Attributes & OBJ_HANDLE_ATTRIBUTES); // // Now get a pointer to the object table for either the current process // of the kernel handle table // if ((Attributes & OBJ_KERNEL_HANDLE) && (AccessMode == KernelMode)) { ObjectTable = ObpKernelHandleTable; KernelHandle = TRUE; // // Go to the system process if we have to // if (PsGetCurrentProcess() != PsInitialSystemProcess) { KeStackAttachProcess (&PsInitialSystemProcess->Pcb, &ApcState); AttachedToProcess = TRUE; } } else { ObjectTable = ObpGetObjectTable(); } // // Increment the handle count, this routine also does the access // check if necessary // Status = ObpIncrementUnnamedHandleCount( &DesiredAccess, PsGetCurrentProcess(), Object, ObjectType, AccessMode, Attributes ); GrantedAccess = DesiredAccess & (ObjectType->TypeInfo.ValidAccessMask | ACCESS_SYSTEM_SECURITY ); if (!NT_SUCCESS( Status )) { // // If we are attached to the system process then return // back to our caller // if (AttachedToProcess) { KeUnstackDetachProcess(&ApcState); AttachedToProcess = FALSE; } return( Status ); } // // Bias the pointer count if that is what the caller wanted // if (ARGUMENT_PRESENT( (PVOID)(ULONG_PTR)ObjectPointerBias )) { BiasCount = ObjectPointerBias; while (BiasCount--) { ObpIncrPointerCount( ObjectHeader ); } } // // Set the granted access mask in the object table entry (second ulong) // #if i386 && !FPO if (NtGlobalFlag & FLG_KERNEL_STACK_TRACE_DB) { ObjectTableEntry.GrantedAccessIndex = ObpComputeGrantedAccessIndex( GrantedAccess ); ObjectTableEntry.CreatorBackTraceIndex = RtlLogStackBackTrace(); } else { ObjectTableEntry.GrantedAccess = GrantedAccess; } #else ObjectTableEntry.GrantedAccess = GrantedAccess; #endif // i386 && !FPO // // Add this new object table entry to the object table for the process // NewHandle = ExCreateHandle( ObjectTable, &ObjectTableEntry ); // // If we didn't get a handle then cleanup after ourselves and return // the error to our caller // if (NewHandle == NULL) { if (ARGUMENT_PRESENT( (PVOID)(ULONG_PTR)ObjectPointerBias )) { BiasCount = ObjectPointerBias; while (BiasCount--) { ObpDecrPointerCount( ObjectHeader ); } } ObpDecrementHandleCount( PsGetCurrentProcess(), ObjectHeader, ObjectType, GrantedAccess ); // // If we are attached to the system process then return // back to our caller // if (AttachedToProcess) { KeUnstackDetachProcess(&ApcState); AttachedToProcess = FALSE; } return( STATUS_INSUFFICIENT_RESOURCES ); } // // We have a new Ex style handle now make it an ob style handle and also // adjust for the kernel handle by setting the sign bit in the handle // value // if (KernelHandle) { NewHandle = EncodeKernelHandle( NewHandle ); } *Handle = NewHandle; // // If the caller had a pointer bias and wanted the new reference object // then return that value // if ((ARGUMENT_PRESENT( (PVOID)(ULONG_PTR)ObjectPointerBias )) && (ARGUMENT_PRESENT( ReferencedNewObject ))) { *ReferencedNewObject = Object; } // // If we are attached to the system process then return // back to our caller // if (AttachedToProcess) { KeUnstackDetachProcess(&ApcState); AttachedToProcess = FALSE; } return( STATUS_SUCCESS ); }

VOID ObpDecrementHandleCount (  PEPROCESS  Process, POBJECT_HEADER  ObjectHeader, POBJECT_TYPE  ObjectType, ACCESS_MASK  GrantedAccess )

Definition at line 1967 of file obhandle.c. References ASSERT, _OBJECT_HEADER::Body, _OBJECT_TYPE_INITIALIZER::CloseProcedure, _OBJECT_HANDLE_COUNT_DATABASE::CountEntries, FALSE, _OBJECT_HEADER::Flags, _OBJECT_HEADER::HandleCount, _OBJECT_HANDLE_COUNT_ENTRY::HandleCount, _OBJECT_HEADER_HANDLE_INFO::HandleCountDataBase, _OBJECT_HANDLE_COUNT_DATABASE::HandleCountEntries, _OBJECT_TYPE_INITIALIZER::MaintainHandleCount, NULL, OB_FLAG_EXCLUSIVE_OBJECT, OB_FLAG_SINGLE_HANDLE_ENTRY, OBJECT_HEADER_TO_CREATOR_INFO, OBJECT_HEADER_TO_HANDLE_INFO, OBJECT_HEADER_TO_QUOTA_INFO, ObpBeginTypeSpecificCallOut, ObpDecrHandleCount, ObpDeleteNameCheck(), ObpEndTypeSpecificCallOut, ObpEnterObjectTypeMutex, ObpLeaveObjectTypeMutex, PAGED_CODE, _OBJECT_HANDLE_COUNT_ENTRY::Process, _OBJECT_HEADER_HANDLE_INFO::SingleEntry, _OBJECT_TYPE::TotalNumberOfHandles, TRUE, _OBJECT_TYPE::TypeInfo, and _OBJECT_HEADER_CREATOR_INFO::TypeList. Referenced by NtClose(), NtDuplicateObject(), ObpCreateHandle(), and ObpCreateUnnamedHandle(). : This procedure decrements the handle count for the specified object Arguments: Process - Supplies the process where the handle existed ObjectHeader - Supplies a pointer to the object header for the object ObjectType - Supplies a type of the object GrantedAccess - Supplies the current access mask to the object Return Value: None. --*/ { POBJECT_HEADER_HANDLE_INFO HandleInfo; POBJECT_HANDLE_COUNT_DATABASE HandleCountDataBase; POBJECT_HANDLE_COUNT_ENTRY HandleCountEntry; POBJECT_HEADER_CREATOR_INFO CreatorInfo; PVOID Object; ULONG CountEntries; ULONG ProcessHandleCount; ULONG SystemHandleCount; BOOLEAN HandleCountIsZero; PAGED_CODE(); ObpEnterObjectTypeMutex( ObjectType ); Object = (PVOID)&ObjectHeader->Body; SystemHandleCount = ObjectHeader->HandleCount; ProcessHandleCount = 0; // // Decrement the handle count and it was one and it // was an exclusive object then zero out the exclusive // process // HandleCountIsZero = ObpDecrHandleCount( ObjectHeader ); if ( HandleCountIsZero && (ObjectHeader->Flags & OB_FLAG_EXCLUSIVE_OBJECT)) { OBJECT_HEADER_TO_QUOTA_INFO( ObjectHeader )->ExclusiveProcess = NULL; } if ( HandleCountIsZero ) { CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO( ObjectHeader ); // // If there is a creator info record and we are on the list // for the object type then remove this object from the list // if (CreatorInfo != NULL && !IsListEmpty( &CreatorInfo->TypeList )) { RemoveEntryList( &CreatorInfo->TypeList ); InitializeListHead( &CreatorInfo->TypeList ); } } // // If the object maintains a handle count database then // search through the handle database and decrement // the necessary information // if (ObjectType->TypeInfo.MaintainHandleCount) { HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO( ObjectHeader ); // // Check if there is a single handle entry, then it better // be ours // if (ObjectHeader->Flags & OB_FLAG_SINGLE_HANDLE_ENTRY) { ASSERT(HandleInfo->SingleEntry.Process == Process); ASSERT(HandleInfo->SingleEntry.HandleCount > 0); ProcessHandleCount = HandleInfo->SingleEntry.HandleCount--; HandleCountEntry = &HandleInfo->SingleEntry; } else { // // Otherwise search the database for a process match // HandleCountDataBase = HandleInfo->HandleCountDataBase; if (HandleCountDataBase != NULL) { CountEntries = HandleCountDataBase->CountEntries; HandleCountEntry = &HandleCountDataBase->HandleCountEntries[ 0 ]; while (CountEntries) { if ((HandleCountEntry->HandleCount != 0) && (HandleCountEntry->Process == Process)) { ProcessHandleCount = HandleCountEntry->HandleCount--; break; } HandleCountEntry++; CountEntries--; } } } // // Now if the process is giving up all handles to the object // then zero out the handle count entry. For a single handle // entry this is just the single entry in the header handle info // structure // if (ProcessHandleCount == 1) { HandleCountEntry->Process = NULL; HandleCountEntry->HandleCount = 0; } } // // If the Object Type has a Close Procedure, then release the type // mutex before calling it, and then call ObpDeleteNameCheck without // the mutex held. // if (ObjectType->TypeInfo.CloseProcedure) { KIRQL SaveIrql; ObpLeaveObjectTypeMutex( ObjectType ); ObpBeginTypeSpecificCallOut( SaveIrql ); (*ObjectType->TypeInfo.CloseProcedure)( Process, Object, GrantedAccess, ProcessHandleCount, SystemHandleCount ); ObpEndTypeSpecificCallOut( SaveIrql, "Close", ObjectType, Object ); ObpDeleteNameCheck( Object, FALSE ); } else { // // If there is no Close Procedure, then just call ObpDeleteNameCheck // with the mutex held. // // The following call will release the type mutex // ObpDeleteNameCheck( Object, TRUE ); } ObpEnterObjectTypeMutex( ObjectType ); ObjectType->TotalNumberOfHandles -= 1; ObpLeaveObjectTypeMutex( ObjectType ); return; }

NTSTATUS ObpIncrementHandleCount (  OB_OPEN_REASON  OpenReason, PEPROCESS  Process, PVOID  Object, POBJECT_TYPE  ObjectType, PACCESS_STATE AccessState  OPTIONAL, KPROCESSOR_MODE  AccessMode, ULONG  Attributes )

Definition at line 1232 of file obhandle.c. References _OBJECT_TYPE_INITIALIZER::CloseProcedure, EXCEPTION_EXECUTE_HANDLER, FALSE, _OBJECT_HEADER::Flags, GENERIC_ACCESS, _OBJECT_TYPE_INITIALIZER::GenericMapping, _OBJECT_HEADER::HandleCount, _OBJECT_TYPE::HighWaterNumberOfHandles, _OBJECT_TYPE_INITIALIZER::MaintainHandleCount, NT_SUCCESS, NTSTATUS(), NULL, OB_FLAG_EXCLUSIVE_OBJECT, ObCheckObjectAccess(), ObCreateHandle, ObDuplicateHandle, OBJECT_HEADER_TO_CREATOR_INFO, OBJECT_HEADER_TO_EXCLUSIVE_PROCESS, OBJECT_HEADER_TO_QUOTA_INFO, OBJECT_TO_OBJECT_HEADER, ObOpenHandle, ObpBeginTypeSpecificCallOut, ObpChargeQuotaForObject(), ObpDecrHandleCount, ObpEndTypeSpecificCallOut, ObpEnterObjectTypeMutex, ObpIncrementHandleDataBase(), ObpIncrHandleCount, ObpLeaveObjectTypeMutex, ObpValidateIrql, _OBJECT_TYPE_INITIALIZER::OpenProcedure, PAGED_CODE, PsGetCurrentProcess, RtlMapGenericMask(), SeAppendPrivileges(), SePrivilegeCheck(), SePrivilegedServiceAuditAlarm(), SeSecurityPrivilege, Status, _OBJECT_TYPE::TotalNumberOfHandles, TRUE, _OBJECT_TYPE::TypeInfo, _OBJECT_TYPE::TypeList, _OBJECT_HEADER_CREATOR_INFO::TypeList, and VOID(). Referenced by NtDuplicateObject(), ObDupHandleProcedure(), and ObpCreateHandle(). : Increments the count of number of handles to the given object. If the object is being opened or created, access validation and auditing will be performed as appropriate. Arguments: OpenReason - Supplies the reason the handle count is being incremented. Process - Pointer to the process in which the new handle will reside. Object - Supplies a pointer to the body of the object. ObjectType - Supplies the type of the object. AccessState - Optional parameter supplying the current accumulated security information describing the attempt to access the object. AccessMode - Supplies the mode of the requestor. Attributes - Desired attributes for the handle Return Value: An appropriate status value --*/ { NTSTATUS Status; ULONG ProcessHandleCount; BOOLEAN ExclusiveHandle; POBJECT_HEADER_CREATOR_INFO CreatorInfo; POBJECT_HEADER_QUOTA_INFO QuotaInfo; POBJECT_HEADER ObjectHeader; BOOLEAN HasPrivilege = FALSE; PRIVILEGE_SET Privileges; BOOLEAN NewObject; BOOLEAN HoldObjectTypeMutex = FALSE; PAGED_CODE(); ObpValidateIrql( "ObpIncrementHandleCount" ); // // Get a pointer to the object header // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); // // Charge the user quota for the object // Status = ObpChargeQuotaForObject( ObjectHeader, ObjectType, &NewObject ); if (!NT_SUCCESS( Status )) { return Status; } ObpEnterObjectTypeMutex( ObjectType ); HoldObjectTypeMutex = TRUE; try { ExclusiveHandle = FALSE; // // Check if the caller wants exlusive access and if so then // make sure the attributes and header flags match up correctly // if (Attributes & OBJ_EXCLUSIVE) { if ((Attributes & OBJ_INHERIT) || ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE_OBJECT) == 0)) { Status = STATUS_INVALID_PARAMETER; leave; } if (((OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader) == NULL) && (ObjectHeader->HandleCount != 0)) || ((OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader) != NULL) && (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader) != PsGetCurrentProcess()))) { Status = STATUS_ACCESS_DENIED; leave; } ExclusiveHandle = TRUE; // // The user doesn't want exclusive access so now check to make sure // the attriutes and header flags match up correctly // } else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE_OBJECT) && (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader) != NULL)) { Status = STATUS_ACCESS_DENIED; leave; } // // If handle count going from zero to one for an existing object that // maintains a handle count database, but does not have an open procedure // just a close procedure, then fail the call as they are trying to // reopen an object by pointer and the close procedure will not know // that the object has been 'recreated' // if ((ObjectHeader->HandleCount == 0) && (!NewObject) && (ObjectType->TypeInfo.MaintainHandleCount) && (ObjectType->TypeInfo.OpenProcedure == NULL) && (ObjectType->TypeInfo.CloseProcedure != NULL)) { Status = STATUS_UNSUCCESSFUL; leave; } if ((OpenReason == ObOpenHandle) || ((OpenReason == ObDuplicateHandle) && ARGUMENT_PRESENT(AccessState))) { // // Perform Access Validation to see if we can open this // (already existing) object. // if (!ObCheckObjectAccess( Object, AccessState, TRUE, AccessMode, &Status )) { leave; } } else if ((OpenReason == ObCreateHandle)) { // // We are creating a new instance of this object type. // A total of three audit messages may be generated: // // 1 - Audit the attempt to create an instance of this // object type. // // 2 - Audit the successful creation. // // 3 - Audit the allocation of the handle. // // // At this point, the RemainingDesiredAccess field in // the AccessState may still contain either Generic access // types, or MAXIMUM_ALLOWED. We will map the generics // and substitute GenericAll for MAXIMUM_ALLOWED. // if ( AccessState->RemainingDesiredAccess & MAXIMUM_ALLOWED ) { AccessState->RemainingDesiredAccess &= ~MAXIMUM_ALLOWED; AccessState->RemainingDesiredAccess |= GENERIC_ALL; } if ((GENERIC_ACCESS & AccessState->RemainingDesiredAccess) != 0) { RtlMapGenericMask( &AccessState->RemainingDesiredAccess, &ObjectType->TypeInfo.GenericMapping ); } // // Since we are creating the object, we can give any access the caller // wants. The only exception is ACCESS_SYSTEM_SECURITY, which requires // a privilege. // if ( AccessState->RemainingDesiredAccess & ACCESS_SYSTEM_SECURITY ) { // // We could use SeSinglePrivilegeCheck here, but it // captures the subject context again, and we don't // want to do that in this path for performance reasons. // Privileges.PrivilegeCount = 1; Privileges.Control = PRIVILEGE_SET_ALL_NECESSARY; Privileges.Privilege[0].Luid = SeSecurityPrivilege; Privileges.Privilege[0].Attributes = 0; HasPrivilege = SePrivilegeCheck( &Privileges, &AccessState->SubjectSecurityContext, KeGetPreviousMode() ); if (!HasPrivilege) { SePrivilegedServiceAuditAlarm ( NULL, &AccessState->SubjectSecurityContext, &Privileges, FALSE ); Status = STATUS_PRIVILEGE_NOT_HELD; leave; } AccessState->RemainingDesiredAccess &= ~ACCESS_SYSTEM_SECURITY; AccessState->PreviouslyGrantedAccess |= ACCESS_SYSTEM_SECURITY; (VOID) SeAppendPrivileges( AccessState, &Privileges ); } // // Get the objects creator info block and insert it on the // global list of objects for that type // CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO( ObjectHeader ); if (CreatorInfo != NULL) { InsertTailList( &ObjectType->TypeList, &CreatorInfo->TypeList ); } } if (ExclusiveHandle) { OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process; } ObpIncrHandleCount( ObjectHeader ); ProcessHandleCount = 0; // // If the object type wants us to keep try of the handle counts // then call our routine to do the work // if (ObjectType->TypeInfo.MaintainHandleCount) { Status = ObpIncrementHandleDataBase( ObjectHeader, Process, &ProcessHandleCount ); if (!NT_SUCCESS(Status)) { // BUG BUG, We probably need more backout than this, NeillC ObpDecrHandleCount( ObjectHeader ); leave; } } // // Set our preliminary status now to success because // the call to the open procedure might change this // Status = STATUS_SUCCESS; // // If the object type has an open procedure // then invoke that procedure // if (ObjectType->TypeInfo.OpenProcedure != NULL) { KIRQL SaveIrql; // // Leave the object type mutex when call the OpenProcedure. If an exception // while OpenProcedure the HoldObjectTypeMutex disable leaving the mutex // on finally block // ObpLeaveObjectTypeMutex( ObjectType ); HoldObjectTypeMutex = FALSE; ObpBeginTypeSpecificCallOut( SaveIrql ); try { (*ObjectType->TypeInfo.OpenProcedure)( OpenReason, Process, Object, AccessState ? AccessState->PreviouslyGrantedAccess : 0, ProcessHandleCount ); } except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); } ObpEndTypeSpecificCallOut( SaveIrql, "Open", ObjectType, Object ); // // Hold back the object type mutex and set the HoldObjectTypeMutex variable // to allow releasing the mutex while leaving this procedure // ObpEnterObjectTypeMutex( ObjectType ); HoldObjectTypeMutex = TRUE; if (!NT_SUCCESS(Status)) { (VOID)ObpDecrHandleCount( ObjectHeader ); leave; } } // // Do some simple bookkeeping for the handle counts // and then return to our caller // ObjectType->TotalNumberOfHandles += 1; if (ObjectType->TotalNumberOfHandles > ObjectType->HighWaterNumberOfHandles) { ObjectType->HighWaterNumberOfHandles = ObjectType->TotalNumberOfHandles; } } finally { if ( HoldObjectTypeMutex ) { ObpLeaveObjectTypeMutex( ObjectType ); } } return( Status ); }

NTSTATUS ObpIncrementHandleDataBase (  IN POBJECT_HEADER  ObjectHeader, IN PEPROCESS  Process, OUT PULONG  NewProcessHandleCount )

Definition at line 1058 of file obhandle.c. References _OBJECT_HANDLE_COUNT_DATABASE::CountEntries, _OBJECT_HANDLE_COUNT_ENTRY::HandleCount, _OBJECT_HEADER_HANDLE_INFO::HandleCountDataBase, _OBJECT_HANDLE_COUNT_DATABASE::HandleCountEntries, NULL, OB_FLAG_SINGLE_HANDLE_ENTRY, OBJECT_HEADER_TO_HANDLE_INFO, ObpInsertHandleCount(), PAGED_CODE, _OBJECT_HANDLE_COUNT_ENTRY::Process, and _OBJECT_HEADER_HANDLE_INFO::SingleEntry. Referenced by ObpIncrementHandleCount(), and ObpIncrementUnnamedHandleCount(). : This function increments the handle count database associated with the specified object for a specified process. Arguments: ObjectHeader - Supplies a pointer to the object. Process - Supplies a pointer to the process whose handle count is to be updated. NewProcessHandleCount - Supplies a pointer to a variable that receives the new handle count for the process. Return Value: An appropriate status value --*/ { POBJECT_HEADER_HANDLE_INFO HandleInfo; POBJECT_HANDLE_COUNT_DATABASE HandleCountDataBase; POBJECT_HANDLE_COUNT_ENTRY HandleCountEntry; POBJECT_HANDLE_COUNT_ENTRY FreeHandleCountEntry; ULONG CountEntries; ULONG ProcessHandleCount; PAGED_CODE(); // // Translate the object header to the handle information. // HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader); // // Check if the object has space for only a single handle // if (ObjectHeader->Flags & OB_FLAG_SINGLE_HANDLE_ENTRY) { // // If the single handle isn't in use then set the entry // and tell the caller there is only one handle // if (HandleInfo->SingleEntry.HandleCount == 0) { *NewProcessHandleCount = 1; HandleInfo->SingleEntry.HandleCount = 1; HandleInfo->SingleEntry.Process = Process; return STATUS_SUCCESS; // // If the single entry is for the same process as specified // then increment the count and we're done // } else if (HandleInfo->SingleEntry.Process == Process) { *NewProcessHandleCount = ++HandleInfo->SingleEntry.HandleCount; return STATUS_SUCCESS; // // Finally we have a object with a single handle entry already // in use, so we need to grow the handle database before // we can set this new value // } else { FreeHandleCountEntry = ObpInsertHandleCount( ObjectHeader ); if (FreeHandleCountEntry == NULL) { return STATUS_INSUFFICIENT_RESOURCES; } FreeHandleCountEntry->Process = Process; FreeHandleCountEntry->HandleCount = 1; *NewProcessHandleCount = 1; return STATUS_SUCCESS; } } // // The object does not contain a single entry, therefore we're // assuming it already has a handle count database // // // **** HandleInfo should first be checked for null // HandleCountDataBase = HandleInfo->HandleCountDataBase; FreeHandleCountEntry = NULL; // // **** can we with success if the database is null // if (HandleCountDataBase != NULL) { // // Get the number of entries and a pointer to the first one // in the handle database // CountEntries = HandleCountDataBase->CountEntries; HandleCountEntry = &HandleCountDataBase->HandleCountEntries[ 0 ]; // // For each entry in the handle database check for a process // match and if so then increment the handle count and return // to our caller. Otherwise if the entry is free then remember // it so we can store to it later // while (CountEntries) { if (HandleCountEntry->Process == Process) { *NewProcessHandleCount = ++HandleCountEntry->HandleCount; return STATUS_SUCCESS; } else if (HandleCountEntry->HandleCount == 0) { FreeHandleCountEntry = HandleCountEntry; } ++HandleCountEntry; --CountEntries; } // // If we did not find a free handle entry then we have to grow the // handle database before we can set this new value // if (FreeHandleCountEntry == NULL) { FreeHandleCountEntry = ObpInsertHandleCount( ObjectHeader ); if (FreeHandleCountEntry == NULL) { return(STATUS_INSUFFICIENT_RESOURCES); } } FreeHandleCountEntry->Process = Process; FreeHandleCountEntry->HandleCount = 1; *NewProcessHandleCount = 1; } return STATUS_SUCCESS; }

NTSTATUS ObpIncrementUnnamedHandleCount (  PACCESS_MASK  DesiredAccess, PEPROCESS  Process, PVOID  Object, POBJECT_TYPE  ObjectType, KPROCESSOR_MODE  AccessMode, ULONG  Attributes )

Definition at line 1587 of file obhandle.c. References _OBJECT_TYPE_INITIALIZER::CloseProcedure, EXCEPTION_EXECUTE_HANDLER, FALSE, _OBJECT_HEADER::Flags, GENERIC_ACCESS, _OBJECT_TYPE_INITIALIZER::GenericMapping, _OBJECT_HEADER::HandleCount, _OBJECT_TYPE::HighWaterNumberOfHandles, _OBJECT_TYPE_INITIALIZER::MaintainHandleCount, NT_SUCCESS, NTSTATUS(), NULL, OB_FLAG_EXCLUSIVE_OBJECT, ObCreateHandle, OBJECT_HEADER_TO_CREATOR_INFO, OBJECT_HEADER_TO_EXCLUSIVE_PROCESS, OBJECT_HEADER_TO_QUOTA_INFO, OBJECT_TO_OBJECT_HEADER, ObpBeginTypeSpecificCallOut, ObpChargeQuotaForObject(), ObpDecrHandleCount, ObpEndTypeSpecificCallOut, ObpEnterObjectTypeMutex, ObpIncrementHandleDataBase(), ObpIncrHandleCount, ObpLeaveObjectTypeMutex, ObpValidateIrql, _OBJECT_TYPE_INITIALIZER::OpenProcedure, PAGED_CODE, PsGetCurrentProcess, RtlMapGenericMask(), Status, _OBJECT_TYPE::TotalNumberOfHandles, TRUE, _OBJECT_TYPE::TypeInfo, _OBJECT_TYPE::TypeList, _OBJECT_HEADER_CREATOR_INFO::TypeList, and VOID(). Referenced by ObpCreateUnnamedHandle(). : Increments the count of number of handles to the given object. Arguments: Desired Access - Supplies the desired access to the object and receives the assign access mask Process - Pointer to the process in which the new handle will reside. Object - Supplies a pointer to the body of the object. ObjectType - Supplies the type of the object. AccessMode - Supplies the mode of the requestor. Attributes - Desired attributes for the handle Return Value: An appropriate status value --*/ { NTSTATUS Status; BOOLEAN ExclusiveHandle; POBJECT_HEADER_CREATOR_INFO CreatorInfo; POBJECT_HEADER_QUOTA_INFO QuotaInfo; POBJECT_HEADER ObjectHeader; BOOLEAN NewObject; ULONG ProcessHandleCount; BOOLEAN HoldObjectTypeMutex = FALSE; PAGED_CODE(); ObpValidateIrql( "ObpIncrementUnnamedHandleCount" ); // // Get a pointer to the object header // ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object ); // // Charge the user quota for the object // Status = ObpChargeQuotaForObject( ObjectHeader, ObjectType, &NewObject ); if (!NT_SUCCESS( Status )) { return Status; } ObpEnterObjectTypeMutex( ObjectType ); HoldObjectTypeMutex = TRUE; try { ExclusiveHandle = FALSE; // // Check if the caller wants exlusive access and if so then // make sure the attributes and header flags match up correctly // if (Attributes & OBJ_EXCLUSIVE) { if ((Attributes & OBJ_INHERIT) || ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE_OBJECT) == 0)) { Status = STATUS_INVALID_PARAMETER; leave; } if (((OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader) == NULL) && (ObjectHeader->HandleCount != 0)) || ((OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader) != NULL) && (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader) != PsGetCurrentProcess()))) { Status = STATUS_ACCESS_DENIED; leave; } ExclusiveHandle = TRUE; // // The user doesn't want exclusive access so now check to make sure // the attriutes and header flags match up correctly // } else if ((ObjectHeader->Flags & OB_FLAG_EXCLUSIVE_OBJECT) && (OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(ObjectHeader) != NULL)) { Status = STATUS_ACCESS_DENIED; leave; } // // If handle count going from zero to one for an existing object that // maintains a handle count database, but does not have an open procedure // just a close procedure, then fail the call as they are trying to // reopen an object by pointer and the close procedure will not know // that the object has been 'recreated' // if ((ObjectHeader->HandleCount == 0) && (!NewObject) && (ObjectType->TypeInfo.MaintainHandleCount) && (ObjectType->TypeInfo.OpenProcedure == NULL) && (ObjectType->TypeInfo.CloseProcedure != NULL)) { Status = STATUS_UNSUCCESSFUL; leave; } // // If the user asked for the maximum allowed then remove the bit and // or in generic all access // if ( *DesiredAccess & MAXIMUM_ALLOWED ) { *DesiredAccess &= ~MAXIMUM_ALLOWED; *DesiredAccess |= GENERIC_ALL; } // If the user asked for any generic bit then translate it to // someone more appropriate for the object type // if ((GENERIC_ACCESS & *DesiredAccess) != 0) { RtlMapGenericMask( DesiredAccess, &ObjectType->TypeInfo.GenericMapping ); } // // Get a pointer to the creator info block for the object and insert // it on the global list of object for that type // CreatorInfo = OBJECT_HEADER_TO_CREATOR_INFO( ObjectHeader ); if (CreatorInfo != NULL) { InsertTailList( &ObjectType->TypeList, &CreatorInfo->TypeList ); } if (ExclusiveHandle) { OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader)->ExclusiveProcess = Process; } ObpIncrHandleCount( ObjectHeader ); ProcessHandleCount = 0; // // If the object type wants us to keep try of the handle counts // then call our routine to do the work // if (ObjectType->TypeInfo.MaintainHandleCount) { Status = ObpIncrementHandleDataBase( ObjectHeader, Process, &ProcessHandleCount ); if (!NT_SUCCESS(Status)) { // BUG BUG, We probably need more backout than this, NeillC ObpDecrHandleCount( ObjectHeader ); leave; } } // // Set our preliminary status now to success because // the call to the open procedure might change this // Status = STATUS_SUCCESS; // // If the object type has an open procedure // then invoke that procedure // if (ObjectType->TypeInfo.OpenProcedure != NULL) { KIRQL SaveIrql; // // Leave the object type mutex when call the OpenProcedure. If an exception // while OpenProcedure the HoldObjectTypeMutex disable leaving the mutex // on finally block // ObpLeaveObjectTypeMutex( ObjectType ); HoldObjectTypeMutex = FALSE; ObpBeginTypeSpecificCallOut( SaveIrql ); try { (*ObjectType->TypeInfo.OpenProcedure)( ObCreateHandle, Process, Object, *DesiredAccess, ProcessHandleCount ); } except( EXCEPTION_EXECUTE_HANDLER ) { Status = GetExceptionCode(); } ObpEndTypeSpecificCallOut( SaveIrql, "Open", ObjectType, Object ); // // Hold back the object type mutex and set the HoldObjectTypeMutex variable // to allow releasing the mutex while leaving this procedure // ObpEnterObjectTypeMutex( ObjectType ); HoldObjectTypeMutex = TRUE; if (!NT_SUCCESS(Status)) { (VOID)ObpDecrHandleCount( ObjectHeader ); leave; } } // // Do some simple bookkeeping for the handle counts // and then return to our caller // ObjectType->TotalNumberOfHandles += 1; if (ObjectType->TotalNumberOfHandles > ObjectType->HighWaterNumberOfHandles) { ObjectType->HighWaterNumberOfHandles = ObjectType->TotalNumberOfHandles; } } finally { if ( HoldObjectTypeMutex ) { ObpLeaveObjectTypeMutex( ObjectType ); } } return( Status ); }

POBJECT_HANDLE_COUNT_ENTRY ObpInsertHandleCount (  POBJECT_HEADER  ObjectHeader  )

Definition at line 908 of file obhandle.c. References _OBJECT_HANDLE_COUNT_DATABASE::CountEntries, ExAllocatePoolWithTag, ExFreePool(), _OBJECT_HEADER::Flags, _OBJECT_HEADER_HANDLE_INFO::HandleCountDataBase, _OBJECT_HANDLE_COUNT_DATABASE::HandleCountEntries, NULL, OB_FLAG_SINGLE_HANDLE_ENTRY, OBJECT_HEADER_TO_HANDLE_INFO, PAGED_CODE, PagedPool, and _OBJECT_HEADER_HANDLE_INFO::SingleEntry. Referenced by ObpIncrementHandleDataBase(). : This function will increase the size of the handle database stored in the handle information of an object header. If necessary it will allocate new and free old handle databases. This routine should not be called if there is already free space in the handle table. Arguments: ObjectHeader - The object whose handle count is being incremented Return Value: The pointer to the next free handle count entry within the handle database. --*/ { POBJECT_HEADER_HANDLE_INFO HandleInfo; POBJECT_HANDLE_COUNT_DATABASE OldHandleCountDataBase; POBJECT_HANDLE_COUNT_DATABASE NewHandleCountDataBase; POBJECT_HANDLE_COUNT_ENTRY FreeHandleCountEntry; ULONG CountEntries; ULONG OldSize; ULONG NewSize; OBJECT_HANDLE_COUNT_DATABASE SingleEntryDataBase; PAGED_CODE(); // // Check if the object has any handle information // HandleInfo = OBJECT_HEADER_TO_HANDLE_INFO(ObjectHeader); if (HandleInfo == NULL) { return NULL; } // // The object does have some handle information. If it has // a single handle entry then we'll construct a local dummy // handle count database and come up with a new data base for // storing two entries. // if (ObjectHeader->Flags & OB_FLAG_SINGLE_HANDLE_ENTRY) { SingleEntryDataBase.CountEntries = 1; SingleEntryDataBase.HandleCountEntries[0] = HandleInfo->SingleEntry; OldHandleCountDataBase = &SingleEntryDataBase; OldSize = sizeof( SingleEntryDataBase ); CountEntries = 2; NewSize = sizeof(OBJECT_HANDLE_COUNT_DATABASE) + ((CountEntries - 1) * sizeof( OBJECT_HANDLE_COUNT_ENTRY )); } else { // // The object already has multiple handles so we reference the // current handle database, and compute a new size bumped by four // OldHandleCountDataBase = HandleInfo->HandleCountDataBase; CountEntries = OldHandleCountDataBase->CountEntries; OldSize = sizeof(OBJECT_HANDLE_COUNT_DATABASE) + ((CountEntries - 1) * sizeof( OBJECT_HANDLE_COUNT_ENTRY)); CountEntries += 4; NewSize = sizeof(OBJECT_HANDLE_COUNT_DATABASE) + ((CountEntries - 1) * sizeof( OBJECT_HANDLE_COUNT_ENTRY)); } // // Now allocate pool for the new handle database. // NewHandleCountDataBase = ExAllocatePoolWithTag(PagedPool, NewSize,'dHbO'); if (NewHandleCountDataBase == NULL) { return NULL; } // // Copy over the old database. Note that this might just copy our // local dummy entry for the single entry case // RtlMoveMemory(NewHandleCountDataBase, OldHandleCountDataBase, OldSize); // // If the previous mode was a single entry then remove that // indication otherwise free up with previous handle database // if (ObjectHeader->Flags & OB_FLAG_SINGLE_HANDLE_ENTRY) { ObjectHeader->Flags &= ~OB_FLAG_SINGLE_HANDLE_ENTRY; } else { ExFreePool( OldHandleCountDataBase ); } // // Find the end of the new database that is used and zero out // the memory // FreeHandleCountEntry = (POBJECT_HANDLE_COUNT_ENTRY)((PCHAR)NewHandleCountDataBase + OldSize); RtlZeroMemory(FreeHandleCountEntry, NewSize - OldSize); // // Set the new database to the proper entry count and put it // all in the object // NewHandleCountDataBase->CountEntries = CountEntries; HandleInfo->HandleCountDataBase = NewHandleCountDataBase; // // And return to our caller // return FreeHandleCountEntry; }

NTSTATUS ObpValidateDesiredAccess (  IN ACCESS_MASK  DesiredAccess  )

Definition at line 2752 of file obhandle.c. Referenced by NtDuplicateObject(). : This routine checks the input desired access mask to see that some invalid bits are not set. The invalid bits are the top two reserved bits and the top three standard rights bits. See \nt\public\sdk\inc\ntseapi.h for more details. Arguments: DesiredAccess - Supplies the mask being checked Return Value: STATUS_ACCESS_DENIED if one or more of the wrongs bits are set and STATUS_SUCCESS otherwise --*/ { if (DesiredAccess & 0x0CE00000) { return( STATUS_ACCESS_DENIED ); } else { return( STATUS_SUCCESS ); } }

---

Variable Documentation

KMUTANT ObpInitKillMutant

Definition at line 34 of file obhandle.c. Referenced by NtDuplicateObject(), NtQueryInformationProcess(), ObFindHandleForObject(), ObInitProcess(), ObInitSystem(), and ObKillProcess().

---